For rootcerts, do not forget https://hg-edge.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/nssckbi.h

CVE: (none) => CVE-2025-6424, CVE-2025-6425, CVE-2025-6429, CVE-2025-6430
Source RPM: (none) => rootcerts, nss, firefox, firefox-l10n
Whiteboard: (none) => MGA9TOO

Assigning to you, Nicolas, as you normally 'do' Firefox etc.

Assignee: bugsquad => nicolas.salguero

I see all arches of ff built except armv7hl.
And nss and rootcerts.
Have been using x86_64 now for a couple hours OK, more reporting later.

I set it to QA, to get testing rolling.

Like for Bug 34337 - Firefox 128.11, do on armv7hl not ship firefox-l10n packages, unless we manage to build firefox on armv7hl.

CC: (none) => fri
Assignee: nicolas.salguero => qa-bugs
Status comment: (none) => Do on armv7hl not ship firefox-l10n packages, unless we manage to build firefox on armv7hl

Giuseppe the arm fail could be due related to this bug https://github.com/llvm/llvm-project/issues/110374 & PR https://github.com/llvm/llvm-project/pull/109943

CC: (none) => ghibomgx

Created attachment 15029 [details]
Suggested patch for llvm19-suite

Giuseppe I modify the PR patch for llvm19-suite, please test to build in armvh7l

I've not the armv7hl (nor aarch64) local hardware where to test building. I tried to use qemu to emulate it, for instance using:

qemu-system-arm \
        -machine virt \
        -cpu cortex-a15 \
        -smp 2 \
        -m 4096 \
        -accel tcg,thread="multi" \
        -drive if=pflash,format=raw,readonly,file=/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \
        -drive file=./Mageia-8-bananaPro-noDE.img.qcow2 \
        -device ramfb \
        -device cirrus-vga \
        -device ac97 \
        -device usb-ehci \
        -device usb-kbd \
        -device usb-mouse

however the Mageia-8-bananaPro-noDE.img.gz image on mirrors is corrupted and should be regenerated (see bug https://bugs.mageia.org/show_bug.cgi?id=29555, which should be reopened). As alternative it can be emulated (always with qemu) using the aarch64 on a x86_64, then on the aarch64 in qemu run a linux32 chroot of the armv7hl. However this system would be too slow to sustain a complete llvm19-suite building. Another source is this, with using docker, e.g. https://brunocornec.wordpress.com/2019/01/06/creating-a-mageia-armv7hl-docker-image-for-raspberry-3/, but always to be run on a aarch64 (the links of the images no longer works however).

My suggestion is also to try the llvm-suite with your patch, but before bumping it to the latest llvm 19.1.7 (actually it's the 19.1.3) so to include also all the patches that were released in the meanwhile. At this point remains only our BS where to test. To avoid other failing archs build, maybe we can do build attempts on core/backports_testing using ExclusiveArch: armv7hl.

(In reply to Giuseppe Ghibò from comment #6)
> I've not the armv7hl (nor aarch64) local hardware where to test building. I
> tried to use qemu to emulate it, for instance using:
> 
> qemu-system-arm \
>         -machine virt \
>         -cpu cortex-a15 \
>         -smp 2 \
>         -m 4096 \
>         -accel tcg,thread="multi" \
>         -drive
> if=pflash,format=raw,readonly,file=/usr/share/edk2/aarch64/QEMU_EFI-pflash.
> raw \
>         -drive file=./Mageia-8-bananaPro-noDE.img.qcow2 \
>         -device ramfb \
>         -device cirrus-vga \
>         -device ac97 \
>         -device usb-ehci \
>         -device usb-kbd \
>         -device usb-mouse
> 
> however the Mageia-8-bananaPro-noDE.img.gz image on mirrors is corrupted and
> should be regenerated (see bug
> https://bugs.mageia.org/show_bug.cgi?id=29555, which should be reopened). As
> alternative it can be emulated (always with qemu) using the aarch64 on a
> x86_64, then on the aarch64 in qemu run a linux32 chroot of the armv7hl.
> However this system would be too slow to sustain a complete llvm19-suite
> building. Another source is this, with using docker, e.g.
> https://brunocornec.wordpress.com/2019/01/06/creating-a-mageia-armv7hl-
> docker-image-for-raspberry-3/, but always to be run on a aarch64 (the links
> of the images no longer works however).
> 
> My suggestion is also to try the llvm-suite with your patch, but before
> bumping it to the latest llvm 19.1.7 (actually it's the 19.1.3) so to
> include also all the patches that were released in the meanwhile. At this
> point remains only our BS where to test. To avoid other failing archs build,
> maybe we can do build attempts on core/backports_testing using
> ExclusiveArch: armv7hl.
I'm trying now in other system with mock
will be with 19.1.3 , then will try build firefox with
testing
I have to check if tha change done to PR patch is valid for 19.1.7
I'll keep informed of results

Start testing for x86_64 & i586

RPMS:

firefox-128.12.0-1.1.mga9
firefox-af-128.12.0-1.1.mga9
firefox-an-128.12.0-1.1.mga9
firefox-ar-128.12.0-1.1.mga9
firefox-ast-128.12.0-1.1.mga9
firefox-az-128.12.0-1.1.mga9
firefox-be-128.12.0-1.1.mga9
firefox-bg-128.12.0-1.1.mga9
firefox-bn-128.12.0-1.1.mga9
firefox-br-128.12.0-1.1.mga9
firefox-bs-128.12.0-1.1.mga9
firefox-ca-128.12.0-1.1.mga9
firefox-cs-128.12.0-1.1.mga9
firefox-cy-128.12.0-1.1.mga9
firefox-da-128.12.0-1.1.mga9
firefox-de-128.12.0-1.1.mga9
firefox-el-128.12.0-1.1.mga9
firefox-en_CA-128.12.0-1.1.mga9
firefox-en_GB-128.12.0-1.1.mga9
firefox-en_US-128.12.0-1.1.mga9
firefox-eo-128.12.0-1.1.mga9
firefox-es_AR-128.12.0-1.1.mga9
firefox-es_CL-128.12.0-1.1.mga9
firefox-es_ES-128.12.0-1.1.mga9
firefox-es_MX-128.12.0-1.1.mga9
firefox-et-128.12.0-1.1.mga9
firefox-eu-128.12.0-1.1.mga9
firefox-fa-128.12.0-1.1.mga9
firefox-ff-128.12.0-1.1.mga9
firefox-fi-128.12.0-1.1.mga9
firefox-fr-128.12.0-1.1.mga9
firefox-fur-128.12.0-1.1.mga9
firefox-fy_NL-128.12.0-1.1.mga9
firefox-ga_IE-128.12.0-1.1.mga9
firefox-gd-128.12.0-1.1.mga9
firefox-gl-128.12.0-1.1.mga9
firefox-gu_IN-128.12.0-1.1.mga9
firefox-he-128.12.0-1.1.mga9
firefox-hi_IN-128.12.0-1.1.mga9
firefox-hr-128.12.0-1.1.mga9
firefox-hsb-128.12.0-1.1.mga9
firefox-hu-128.12.0-1.1.mga9
firefox-hy_AM-128.12.0-1.1.mga9
firefox-ia-128.12.0-1.1.mga9
firefox-id-128.12.0-1.1.mga9
firefox-is-128.12.0-1.1.mga9
firefox-it-128.12.0-1.1.mga9
firefox-ja-128.12.0-1.1.mga9
firefox-ka-128.12.0-1.1.mga9
firefox-kab-128.12.0-1.1.mga9
firefox-kk-128.12.0-1.1.mga9
firefox-km-128.12.0-1.1.mga9
firefox-kn-128.12.0-1.1.mga9
firefox-ko-128.12.0-1.1.mga9
firefox-lij-128.12.0-1.1.mga9
firefox-lt-128.12.0-1.1.mga9
firefox-lv-128.12.0-1.1.mga9
firefox-mk-128.12.0-1.1.mga9
firefox-mr-128.12.0-1.1.mga9
firefox-ms-128.12.0-1.1.mga9
firefox-my-128.12.0-1.1.mga9
firefox-nb_NO-128.12.0-1.1.mga9
firefox-nl-128.12.0-1.1.mga9
firefox-nn_NO-128.12.0-1.1.mga9
firefox-oc-128.12.0-1.1.mga9
firefox-pa_IN-128.12.0-1.1.mga9
firefox-pl-128.12.0-1.1.mga9
firefox-pt_BR-128.12.0-1.1.mga9
firefox-pt_PT-128.12.0-1.1.mga9
firefox-ro-128.12.0-1.1.mga9
firefox-ru-128.12.0-1.1.mga9
firefox-sc-128.12.0-1.1.mga9
firefox-si-128.12.0-1.1.mga9
firefox-sk-128.12.0-1.1.mga9
firefox-sl-128.12.0-1.1.mga9
firefox-sq-128.12.0-1.1.mga9
firefox-sr-128.12.0-1.1.mga9
firefox-sv_SE-128.12.0-1.1.mga9
firefox-szl-128.12.0-1.1.mga9
firefox-ta-128.12.0-1.1.mga9
firefox-te-128.12.0-1.1.mga9
firefox-tg-128.12.0-1.1.mga9
firefox-th-128.12.0-1.1.mga9
firefox-tl-128.12.0-1.1.mga9
firefox-tr-128.12.0-1.1.mga9
firefox-uk-128.12.0-1.1.mga9
firefox-ur-128.12.0-1.1.mga9
firefox-uz-128.12.0-1.1.mga9
firefox-vi-128.12.0-1.1.mga9
firefox-xh-128.12.0-1.1.mga9
firefox-zh_CN-128.12.0-1.1.mga9
firefox-zh_TW-128.12.0-1.1.mga9

rootcerts-20250613.00-1.mga9
rootcerts-java-20250613.00-1.mga9

lib(64)nss-devel-3.113.0-1.mga9
lib(64)nss-static-devel-3.113.0-1.mga9
lib(64)nss3-3.113.0-1.mga9
nss-3.113.0-1.mga9
nss-doc-3.113.0-1.mga9


SRPMS:
firefox-128.12.0-1.1.mga9.src.rpm
firefox-l10n-128.12.0-1.1.mga9.src.rpm
rootcerts-20250613.00-1.mga9.src.rpm
nss-3.113.0-1.mga9.src.rpm

i586 OK on Thinkpad T43, lxde

Clean update
Swedish localisation
Settings and tabs kept
Listened to pod, did some banking
fetched and viewed pdf
writing this

[ettan@localhost ~]$ inxi -SMCG
System:
  Host: localhost Kernel: 6.6.93-desktop-1.mga9 arch: i686 bits: 32
  Desktop: LXDE v: 0.10.1 Distro: Mageia 9
Machine:
  Type: Laptop System: IBM product: 2668R1G v: ThinkPad T43
    serial: <superuser required>
  Mobo: IBM model: 2668R1G serial: <superuser required> BIOS: IBM
    v: 1YET62WW (1.27 ) date: 05/18/2006
CPU:
  Info: single core model: Intel Pentium M bits: 32 cache: 2 MiB note: check
  Speed (MHz): 800 min/max: 800/1866 core: 1: 800
Graphics:
  Device-1: Advanced Micro Devices [AMD/ATI] RV370/M22 [Mobility Radeon X300]
    driver: radeon v: kernel
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: radeon,v4l dri: r300 gpu: radeon resolution: 1024x768~60Hz
  API: EGL v: 1.4,1.5 drivers: kms_swrast,r300,swrast
    platforms: gbm,x11,surfaceless,device
  API: OpenGL v: 4.5 compat-v: 2.1 vendor: mesa v: 25.0.7 renderer: llvmpipe
    (LLVM 15.0.6 128 bits)

MGA9-64 Plasma on an HP Pavilion 15. No installation issues. Used for about an hour for normal morning activities, no issues yet.

CC: (none) => andrewsfarm

(In reply to Morgan Leijström from comment #3)
> Have been using x86_64 now for a couple hours OK, more reporting later.

Tested several sites on my workstation, two laptops and my wife's laptop, all x86_64, plasma. GPU:s AMD, intel integrated, old nvidia.
Tests include some banking, shops, video, printing, downloading, and Nextcloud server web interface uploading 2GB (each) files.

Gnome, Ryzen, Nvidia

The following 8 packages are going to be installed:

- firefox-128.12.0-1.1.mga9.x86_64
- firefox-en_CA-128.12.0-1.1.mga9.noarch
- firefox-en_GB-128.12.0-1.1.mga9.noarch
- firefox-en_US-128.12.0-1.1.mga9.noarch
- lib64nss3-3.113.0-1.mga9.x86_64
- nss-3.113.0-1.mga9.x86_64
- rootcerts-20250613.00-1.mga9.noarch
- rootcerts-java-20250613.00-1.mga9.noarch

107KB of additional disk space will be used.

 firefox -version
Mozilla Firefox 128.12.0esr


videos play
common sites work
sound works

CC: (none) => brtians1

Hi.

Updated in Mga 9 x86_64 Plasma Kde. No issues for the moment.

Audio and video ok.
Banks ok.
Digital certificates ok.
Spanish translations ok.
Settings and addons ok.

[jose@Prox14Amd ~]$ inxi -SMCG
System:
  Host: Prox14Amd Kernel: 6.6.93-desktop-1.mga9 arch: x86_64 bits: 64
  Desktop: KDE Plasma v: 5.27.10 Distro: Mageia 9
Machine:
  Type: Laptop System: SLIMBOOK product: PROX-AMD5 v: Standard
    serial: <superuser required>
  Mobo: SLIMBOOK model: SLIMBOOK v: Standard serial: <superuser required>
    UEFI: American Megatrends LLC. v: N.1.06GRU07 date: 03/22/2023
CPU:
  Info: 8-core model: AMD Ryzen 7 5700U with Radeon Graphics bits: 64
    type: MT MCP cache: L2: 4 MiB
  Speed (MHz): avg: 400 min/max: 400/4372 cores: 1: 400 2: 400 3: 400 4: 400
    5: 400 6: 400 7: 400 8: 400 9: 400 10: 400 11: 400 12: 400 13: 400 14: 400
    15: 400 16: 400
Graphics:
  Device-1: Advanced Micro Devices [AMD/ATI] Lucienne driver: amdgpu v: kernel
  Device-2: Chicony Integrated IR Camera driver: uvcvideo type: USB
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: amdgpu,v4l dri: radeonsi gpu: amdgpu resolution: 1920x1080~60Hz
  API: OpenGL v: 4.6 vendor: amd mesa v: 25.0.7 renderer: AMD Radeon
    Graphics (radeonsi renoir ACO DRM 3.54 6.6.93-desktop-1.mga9)
  API: EGL Message: EGL data requires eglinfo. Check --recommends.


Greetings!

CC: (none) => Joselp

Even if what I'm doing  fix the arm build
I suggest open other bug if you think in validate this

Keywords: (none) => advisory

Yes lets release
- everything seems good except we do not have armv7hl firefox.

@ Sysadmins:
Do on armv7hl not ship firefox-l10n packages, as there is no new firefox there.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA9-64-OK, MGA9-32-OK
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0201.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

The move of firefox-l10n-128.12.0-1.1.mga9.src.rpm was withheld for armv7hl, so it remains in updates_testing for that arch only.

CC: (none) => dan

(In reply to Dan Fandrich from comment #17)
> The move of firefox-l10n-128.12.0-1.1.mga9.src.rpm was withheld for armv7hl,
> so it remains in updates_testing for that arch only.

Thanks looks like I'm near to fix the arm issue for mageia 9, I yet have to check why fail in cauldron