Bug 32706 - Firefox 115.8
Summary: Firefox 115.8
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: Nicolas Salguero
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on: 32762
Blocks:
  Show dependency treegraph
 
Reported: 2024-01-08 23:14 CET by Marja Van Waes
Modified: 2024-03-01 21:46 CET (History)
9 users (show)

See Also:
Source RPM: rootcerts, nss, firefox, firefox-l10n
CVE: CVE-2023-6856, CVE-2023-6857, CVE-2023-6858, CVE-2023-6859, CVE-2023-6860, CVE-2023-6861, CVE-2023-6862, CVE-2023-6863, CVE-2023-6864, CVE-2023-6865, CVE-2023-6867
Status comment:


Attachments

Description Marja Van Waes 2024-01-08 23:14:51 CET
+++ This bug was initially created as a clone of Bug #32642 +++

Mozilla has released Firefox 115.6 on December 19:
https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/

Security issues fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/

Firefox 115.6 is being tested for Mageia 9, but won't build with python 3.12 in cauldron. See bug#32642, comment#12
Comment 1 Marja Van Waes 2024-01-08 23:24:11 CET
nss-3.96.1-1.mga10 did build, though.

Source RPM: nss firefox firefox-l10n => firefox firefox-l10n

Comment 2 Lewis Smith 2024-01-09 19:44:42 CET
Another one for NicolasS who routinely looks after Firefox.

CC: nicolas.salguero => (none)
Assignee: bugsquad => nicolas.salguero
Whiteboard: (none) => MGA9TOO

Comment 3 Marja Van Waes 2024-01-09 20:39:36 CET
@ Nicolas,

In case you didn't see or receive this mail about Firefox from papoteur:
https://ml.mageia.org/l/arc/dev/2024-01/msg00037.html

It says:

____________________________________________________________

@ns80

I see that the build fails because of imp module not found.

You can replace

import imp

with

import importlib as imp

_____________________________________________________________
Comment 4 papoteur 2024-01-10 11:00:15 CET
(In reply to Marja Van Waes from comment #3)
> @ Nicolas,
> 
> In case you didn't see or receive this mail about Firefox from papoteur:
> https://ml.mageia.org/l/arc/dev/2024-01/msg00037.html
> 
> It says:
> 
> ____________________________________________________________
> 
> @ns80
> 
> I see that the build fails because of imp module not found.
> 
> You can replace
> 
> import imp
> 
> with
> 
> import importlib as imp
> 
> _____________________________________________________________

This is not a tested solution and could be not enough, as importlib is not a one to one substitute to imp.
I found a start of port in their bugzilla, but it is not finished nor merged.
It seems there is a tracker: https://bugzilla.mozilla.org/show_bug.cgi?id=1857515
Comment 5 Morgan Leijström 2024-01-10 17:07:47 CET
Bug for mga9 Firefox is separate Bug 32642
- so Cauldron issues do not hinder the security update for our users.

Whiteboard: MGA9TOO => (none)

Comment 6 Nicolas Salguero 2024-01-24 10:30:07 CET
Mozilla has released Firefox 115.7 on January 23:
https://www.mozilla.org/en-US/firefox/115.7.0/releasenotes/

Security issues fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/

NSS 3.97 seems to have been released on January 22.

Source RPM: firefox firefox-l10n => nss firefox firefox-l10n
Summary: Firefox 115.6 => Firefox 115.7
Depends on: (none) => 32762

Comment 7 Nicolas Salguero 2024-02-21 09:07:51 CET
Mozilla has released Firefox 115.8 on February 20:
https://www.mozilla.org/en-US/firefox/115.8.0/releasenotes/

Security issues fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/

There is also new versions of rootcerts and NSS (3.98, which fixes CVE-2023-5388):
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_98.html

Summary: Firefox 115.7 => Firefox 115.8
Source RPM: nss firefox firefox-l10n => rootcerts, nss, firefox, firefox-l10n

Comment 8 Nicolas Salguero 2024-03-01 21:46:39 CET
The build problem with python 3.12 is solved in version 115.8.0.

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.