DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 17th July 2018
therue therue is offline
Port Guard
 
Join Date: Feb 2018
Posts: 21
Default Using the latest version of Firefox?

What would be people's suggestion when it comes to firefox?
I was planning on only installing packages since I'm new to the system, but someone mentioned that browser is one of those exceptions where I should run the more updated version in order to prevent vulnerabilities.

Quote:
The ports tree is tied to OpenBSD's flavors. Do not check out a -current ports tree and expect it to work on a -release or -stable system. If you follow -current, you need both a -current base system and a -current ports tree. Because no intrusive changes are made in -stable, it is possible to use a -stable ports tree on a -release system and vice versa.
My current system is Release + syspatch, as a novice, would you recommend just sticking with the default firefox-59 package or learn how to use ports right away and grab the version available from Stable Ports? (via AnonCVS? since stable ports seems to be only available from this source rather than from mirrors)

Reply With Quote
  #2   (View Single Post)  
Old 17th July 2018
bsd-keith bsd-keith is offline
Real Name: Keith
Open Source Software user
 
Join Date: Jun 2014
Location: Surrey/Hants Border, England
Posts: 344
Default

I have been, & am happy, running the standard packaged Firefox.
__________________
Linux since 1999, & also a BSD user.
Reply With Quote
  #3   (View Single Post)  
Old 17th July 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

At 6.3, Firefox's key risk mitigation on OpenBSD is Write-xor-Execute memory, "W^X". Initial use of OpenBSD's pledge(2) to restrict operations has begun in -current, and will be available with 6.4.

Usually, the -stable version of Firefox is Mozilla's Extended Support Release (ESR). At this writing, that is 60.1.0esr.
Reply With Quote
  #4   (View Single Post)  
Old 17th July 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Adding that Landry Breuil is still creating -stable builds of FF for the community.

This OpenBSD Journal article is from the 6.1 era. The links will need to be adapted to 6.3, but the signify(1) key remains the same.

https://undeadly.org/cgi?action=arti...20170425173917
Reply With Quote
  #5   (View Single Post)  
Old 17th July 2018
fvgit's Avatar
fvgit fvgit is offline
Spikes in tights
 
Join Date: May 2016
Location: perl -MMIME::Base64 -le 'print decode_base64("U2hlcndvb2QgRm9yZXN0")'
Posts: 314
Default

If your main focus is browser security you might also want to consider chrome/iridium.

See Theo's fairly recent comments on Firefox vs Chrome security:

https://marc.info/?l=openbsd-misc&m=152872551609819&w=2
https://marc.info/?l=openbsd-misc&m=152872744210957&w=2
Reply With Quote
  #6   (View Single Post)  
Old 25th September 2018
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 242
Default

Hi,

I am using

Code:
6.3 GENERIC.MP#11 amd64
This thread is from July and this is end of September and I find the default Firefox is still

59.02. Why is it still not upgraded ?

The latest is 62.02.
Reply With Quote
  #7   (View Single Post)  
Old 25th September 2018
fvgit's Avatar
fvgit fvgit is offline
Spikes in tights
 
Join Date: May 2016
Location: perl -MMIME::Base64 -le 'print decode_base64("U2hlcndvb2QgRm9yZXN0")'
Posts: 314
Default

The OpenBSD snapshot mirrors have these:

firefox-esr-60.2.1.tgz
firefox-62.0.2.tgz
Reply With Quote
  #8   (View Single Post)  
Old 25th September 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Originally Posted by bsd007 View Post
Why is it still not upgraded ?
-release packages are never updated. Updates to select ports are made, but -stable packages are left to the community to build, as the project does not have the resources to build them. -stable packages are available from M:Tier as a service. (https://stable.mtier.org)

For firefox, the port maintainer makes -stable packages available, as noted above in my July 17 posting.
Quote:
The latest is 62.02.
And there is a -stable port for it in www/mozilla-firefox. The package is available two ways, from Landry or from M:Tier.
Reply With Quote
  #9   (View Single Post)  
Old 26th September 2018
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 242
Default

Quote:
Originally Posted by fvgit View Post
The OpenBSD snapshot mirrors have these:

firefox-esr-60.2.1.tgz
firefox-62.0.2.tgz
Sorry I am a newbie. How do I install firefox-62.0.2.tgz ?


Quote:
Originally Posted by jggimi View Post
-release packages are never updated. Updates to select ports are made, but -stable packages are left to the community to build, as the project does not have the resources to build them. -stable packages are available from M:Tier as a service. (https://stable.mtier.org)

For firefox, the port maintainer makes -stable packages available, as noted above in my July 17 posting. And there is a -stable port for it in www/mozilla-firefox. The package is available two ways, from Landry or from M:Tier.
Same question how do I install firefox-62.0.2.tgz ?
Reply With Quote
Old 26th September 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I have just checked, and Landry has 60.2.1 as a -stable package for amd64. (There is a -stable port of 62.2 in CVS, 4 days old at this time, but Landry does not yet have a package currently available.) If you want to update to his 60.2:
  • Read post #4 above.
  • Click on the link in the post.
  • Read the article. It is out-of-date, but still very useful.
  • Obtain Landry's signify(1) key, store it in /etc/signify.
  • Change his -stable URL from 6.1 to 6.3 and set this in your $PKG_PATH environment variable. Example: # export PKG_PATH=https://packages.rhaalovely.net/pub/OpenBSD/6.3/packages/amd64/
  • # pkg_add -u firefox
I expect he will be building the 62.2 package as time and resources allow.
Reply With Quote
Old 26th September 2018
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 242
Default

@jggimi
Just one more question. Is it insecure to use FF 59.02 ? If the answer is no I wont bother doing all that.
Reply With Quote
Old 26th September 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

There are 25 CVEs applicable to FF 59.

https://www.cvedetails.com/version-s...&version=59%25
Reply With Quote
Old 26th September 2018
fvgit's Avatar
fvgit fvgit is offline
Spikes in tights
 
Join Date: May 2016
Location: perl -MMIME::Base64 -le 'print decode_base64("U2hlcndvb2QgRm9yZXN0")'
Posts: 314
Default

Quote:
Originally Posted by bsd007 View Post
Sorry I am a newbie. How do I install firefox-62.0.2.tgz ?
You seem to be running 6.3 release, so to use those packages from the mirrors you'd have to upgrade your system to a current snapshot first.

For what it's worth, it is September the 26th. OpenBSD 6.4 is probably receiving its finishing touches as we speak. So I'd assume it'll be right around the corner...
Reply With Quote
Old 26th September 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Originally Posted by fvgit View Post
...so to use those packages from the mirrors you'd have to upgrade your system to a current snapshot first.
For clarity: my advice above included step-by-step instructions to install a -stable package on bsd007's -release system.
You can mix and match -stable and -release packages and systems. This is because -stable and -release packages use identical libraries. By definition, a library bump would not be "stable."

-stable packages are not on the Project mirrors, because the Project does not build them. As noted previously in this thread, M:Tier produces all -stable packages as a service, and Landry Breuil produces Firefox -stable packages, as an add-on to his port maintenance activities.

Separately, -current packages are built from time to time, and stored under "snapshot" package directories and distributed to Project mirrors for the convenience of -current users. They are not built synchronously with OS snapshots, however.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
57th version of Firefox will bring a lot of changes e1-531g News 2 2nd October 2017 09:32 PM
Mozilla wants users to upgrade to latest version of Firefox J65nko News 9 13th November 2011 09:29 PM
Latest Slackware Version, Homage to Mathmaticians and Religious Overtones shep News 6 29th April 2011 09:34 PM
Ports Version associated with FreeBSD version rtwingfield FreeBSD Ports and Packages 4 7th June 2010 11:00 PM
Latest ZFS version available for -CURRENT tanked FreeBSD General 0 30th July 2008 10:06 AM


All times are GMT. The time now is 04:27 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick