640848 – www-client/firefox-57.0.4 version bump

Bug 640848 - www-client/firefox-57.0.4 version bump

Summary: www-client/firefox-57.0.4 version bump

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Mozilla Gentoo Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-12-12 18:49 UTC by Jess Haas
Modified:	2020-12-12 07:01 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jess Haas 2017-12-12 18:49:21 UTC

Version has been bumped to 57.0.2. www-client/firefox-bin also needs to be updated.

Comment 1 Thomas Albers 2017-12-12 19:27:24 UTC

Duplicate of bug #639854

Comment 2 Jess Haas 2017-12-12 19:31:40 UTC

That bug only mentions firefox-57.0.1 which is already in the tree not 57.0.2 which is now available.....

Comment 3 Sven B. 2017-12-12 19:56:33 UTC

(In reply to Jess Haas from comment #2)
> That bug only mentions firefox-57.0.1 which is already in the tree not
> 57.0.2 which is now available.....

57.0.2 only affects Windows, so a version bump is not necessary.

Comment 4 Ulenrich 2018-01-02 07:48:21 UTC

www-client/firefox-57.0.3
Debian~unstable has updated to .3 
Perhaps that is a Linux relevant release.
I did simple version bump without problems.
Compiles and runs.

Comment 5 Ian Stakenvicius (RETIRED) gentoo-dev

2018-01-02 12:29:09 UTC

The change in 57.0.3 is so far as I can tell irrelevant to gentoo's www-client/firefox , as we disable crashreporter at build time (mozilla upstream rejects crash reports from custom builds, which is effectively what you are creating with a www-client/firefox emerge).  I've already bumped the binpkg though as it is relevant for that one.

Comment 6 Ulenrich 2018-01-03 15:54:21 UTC

@Ian very thanks for the info, I should lookup the Changelog before compiling :(

Comment 7 Sven B. 2018-01-04 10:55:50 UTC

On a related note:
With the imminent release of firefox-57.0.4 which might or might not impact linux. 
> https://ftp.mozilla.org/pub/firefox/candidates/57.0.4-candidates/

AFAIK >=icu-59 is not masked anymore. So it could be removed with the next bump.

# Pawel Hajdan jr <phajdan.jr@gentoo.org> (18 Sep 2017)
# Ian Stakenvicius <axs@gentoo.org> (27 Sep 2017)
# Depends on >=icu-59, still masked.
>=www-client/chromium-62.0.3202.9 system-icu
>=www-client/firefox-56.0 system-icu

Comment 8 Sven B. 2018-01-04 11:18:05 UTC

> 
> AFAIK >=icu-59 is not masked anymore. So it could be removed with the next
> bump.
> 

At least in 17.0 profiles; so it could be moved instead.

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e32996811a8ef16d1ba8275930ed4f9e1248c9b8

Comment 9 Frank Krömmelbein 2018-01-04 21:57:05 UTC

57.0.4 was released today with security fixes to address the Meltdown and Spectre timing attacks:
https://www.mozilla.org/en-US/firefox/57.0.4/releasenotes/

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

Comment 10 Ian Stakenvicius (RETIRED) gentoo-dev

2018-01-06 01:29:08 UTC

commit ffa4ef4e9136e1843a19b02ae71305fa1c328ef9
Author: Ian Stakenvicius <axs@gentoo.org>
Date:   Fri Jan 5 12:44:19 2018 -0500

    www-client/firefox: bump to 57.0.4 for Meltdown/Spectre, backport pkcs11 support
    
    57.0.4 mitigates new timing-based attacks (Meltdown and Spectre), for more info
    please see https://www.mozilla.org/en-US/firefox/57.0.4/releasenotes/
    
    Also backported the pkcs11 support from 58 to 57 to support extensions that
    require it, thanks to leio for the patch.
    
    Package-Manager: Portage-2.3.13, Repoman-2.3.3