DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 9th January 2020
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 175
Angry Firefox: Security Advisory 2020-03

solene@, a team member of OpenBSD informs, about the "Mozilla Foundation Security Advisory 2020-03", on Mastodon:

Quote:
Dear #openbsd users, due to Firefox being too complicated to package thanks to Rust and cbindgen (too much work for no volunteer), 6.6-stable won't receive any www/mozilla-firefox update so OpenBSD 6.6 Firefox will stay vulnerable to https://www.mozilla.org/en-US/securi...s/mfsa2020-03/ (exploited in the wild!!)

On the other hand, firefox-esr is still updated so I highly recommend switching to firefox-esr if you are running 6.6-stable.

if you run OpenBSD 6.5, you are late and you should upgrade to 6.6.
Then, please switch to Firefox-ESR, or another browser web!
Reply With Quote
  #2   (View Single Post)  
Old 9th January 2020
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 175
Default

Published on "OpenBSD Journal":

https://www.undeadly.org/cgi?action=...20200109141600

Reply With Quote
  #3   (View Single Post)  
Old 10th January 2020
victorvas victorvas is offline
Real Name: Victor
Linux
 
Join Date: May 2019
Posts: 148
Default

Quote:
Originally Posted by CiotBSD View Post
... please switch to Firefox-ESR, or another browser web!
What is the best Firefox alternative besides Chromium?
Reply With Quote
  #4   (View Single Post)  
Old 10th January 2020
ibara ibara is offline
OpenBSD language porter
 
Join Date: Jan 2014
Posts: 783
Default

Iridium, if that's your thing.
Any of the lightweight Webkit-based browsers are good too.
Reply With Quote
  #5   (View Single Post)  
Old 12th January 2020
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 175
Default

Tonigh, always on Mastodon, solene informs:

Quote:
Update #openbsd 6.6 firefox package can be downloaded at https://perso.pw/f/firefox-72.0.1.tgz if you want to test it

download it and pkg_add -Dunsigned /path/to/firefox-72.0.1.tgz
Dont forget: on stable, it runs without unveil, just only pledge!

----

I confirm: it runs!

Code:
$ doas pkg_add -D unsigned Downloads/firefox-72.0.1.tgz                                                                                                                                      
firefox-69.0.2p0->72.0.1: ok
Running tags: ok
Read shared items: ok
New and changed readme(s):
	/usr/local/share/doc/pkg-readmes/firefox

Last edited by CiotBSD; 12th January 2020 at 10:28 PM.
Reply With Quote
  #6   (View Single Post)  
Old 13th January 2020
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 175
Default

Today, on "OpenBSD Journal", the official maintener comments his decision/intention.

In fact, solene on Mastodon claims help to test her patched version.

In order for his work to be accepted and published for stable, it's necessary to download her day version , to test the correct functioning and especially to give her a feedback. Only at thoses conditions, we're on stable this patched version !!!

If yesterday, you installed, in first delete the package and do again the install, as:
Code:
$ doas pkg_delete firefox
$ cd ~/Downloads
$ ftp https://perso.pw/firefox-72.0.1.tgz
$ doas pkg_add -D unsigned firefox-72.0.1.tgz
sha256 is 63913e85f41017506d66907e07369d4818cc048e5bd46327b9 28a1a43e5a1acc

Thanks for your help!

Last edited by CiotBSD; 13th January 2020 at 10:01 PM.
Reply With Quote
Reply

Tags
advisory, firefox, firefox-esr, openbsd, security

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenSSH Security Advisory: x11fwd.adv J65nko News 0 11th March 2016 02:04 AM
FreeBSD FreeBSD-Security Advisory for SSHD J65nko News 0 5th November 2014 02:57 AM
Security OpenSSH Security Advisory J65nko News 0 9th November 2013 07:57 PM
OpenSSL Security Advisory [24 March 2010] J65nko News 0 29th March 2010 11:12 PM
Upcoming FreeBSD Security Advisory DNAeon FreeBSD Security 3 6th December 2009 04:34 PM


All times are GMT. The time now is 12:03 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick