Summary: | <www-client/firefox-{bin,}-{115.9.1,124.0.1}: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Christopher Fore <csfore> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | major | CC: | halcon, hollyelwirawinnie, mozilla |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/ | ||
Whiteboard: | A2 [stable] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 927661, 928347 | ||
Bug Blocks: |
Description
Christopher Fore
2024-03-22 22:11:01 UTC
*** Bug 927626 has been marked as a duplicate of this bug. *** The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8557d20e509d1492e659aea36f2c12bb9c0691a commit d8557d20e509d1492e659aea36f2c12bb9c0691a Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2024-03-23 17:01:20 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2024-03-23 17:02:44 +0000 www-client/firefox: add 124.0.1 - since an upgrade to profile 23.0 breaks elf-hack=legacy, use elf-hack=relr even with gcc now. "-z,pack-relative-relocs" will be handled later, but it is enabled by the build system's elf-hack=relr already. Bug: https://bugs.gentoo.org/916405 Bug: https://bugs.gentoo.org/927559 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/firefox/Manifest | 100 ++ www-client/firefox/firefox-124.0.1.ebuild | 1421 +++++++++++++++++++++++++++++ 2 files changed, 1521 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62c46990c64099e750d9339d7e0971fbd2f55d3f commit 62c46990c64099e750d9339d7e0971fbd2f55d3f Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2024-03-23 20:47:56 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2024-03-23 20:49:46 +0000 www-client/firefox: add 115.9.1 - with profile 23.0 elf-hack=legacy is broken with gcc. With Firefox-115esr elf-hack=relr isn't available (only in rapid). Solution: Disable build system's elf-hack completely, and add "-z,pack-relative-relocs" manually with gcc. Bug: https://bugs.gentoo.org/916405 Bug: https://bugs.gentoo.org/927559 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/firefox/Manifest | 100 +++ www-client/firefox/firefox-115.9.1.ebuild | 1394 +++++++++++++++++++++++++++++ 2 files changed, 1494 insertions(+) The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b392831019eb177fc3579e62343c251067d0ec8 commit 7b392831019eb177fc3579e62343c251067d0ec8 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2024-03-24 17:37:30 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2024-03-24 17:39:15 +0000 mail-client/thunderbird: handle "-z,pack-relative-relocs" like in ff Closes: https://bugs.gentoo.org/916405 Closes: https://bugs.gentoo.org/927559 Signed-off-by: Joonas Niilola <juippis@gentoo.org> mail-client/thunderbird/thunderbird-115.9.0.ebuild | 28 +++++++--------------- 1 file changed, 8 insertions(+), 20 deletions(-) Woops. (In reply to Larry the Git Cow from comment #4) > The bug has been closed via the following commit(s): > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ https://tiny-fishing.com > ?id=7b392831019eb177fc3579e62343c251067d0ec8 > > commit 7b392831019eb177fc3579e62343c251067d0ec8 > Author: Joonas Niilola <juippis@gentoo.org> > AuthorDate: 2024-03-24 17:37:30 +0000 > Commit: Joonas Niilola <juippis@gentoo.org> > CommitDate: 2024-03-24 17:39:15 +0000 > > mail-client/thunderbird: handle "-z,pack-relative-relocs" like in ff > > Closes: https://bugs.gentoo.org/916405 > Closes: https://bugs.gentoo.org/927559 > Signed-off-by: Joonas Niilola <juippis@gentoo.org> > > mail-client/thunderbird/thunderbird-115.9.0.ebuild | 28 > +++++++--------------- > 1 file changed, 8 insertions(+), 20 deletions(-) Thanks for the source. |