The officially official Devuan Forum!

You are not logged in.

#1 2019-06-20 22:32:02

nogeek
Member
From: Europe
Registered: 2018-07-15
Posts: 24  

[SOLVED] firefox-esr update

There are two new Versions of firefox-esr because of two bugs one critical and one high:
https://www.mozilla.org/en-US/security/ … sa2019-18/
https://www.mozilla.org/en-US/security/ … sa2019-19/

But a apt update do not get me these versions.
Why?

It is not the first time I have to wait long time before I can upgrade firefox...
That is a high security risc, cause some people need to allow Javascript for banking or something else...

Last edited by nogeek (2019-06-23 03:41:15)


Sorry for my bad english.
-
Paranoia means the fear of something that do not exist. It is not good to have them.
But people with Pronoia are a problem: https://en.wikipedia.org/wiki/Pronoia_(psychology)

Offline

#2 2019-06-20 23:19:12

soohwa
Member
Registered: 2017-08-21
Posts: 6  

Re: [SOLVED] firefox-esr update

Try the old repository :

deb http://auto.mirror.devuan.org/merged jessie main contrib non-free
deb http://auto.mirror.devuan.org/merged jessie-backports main contrib non-free
deb http://auto.mirror.devuan.org/merged jessie-updates main contrib non-free
deb http://auto.mirror.devuan.org/merged jessie-security main contrib non-free
deb http://auto.mirror.devuan.org/merged ascii main contrib non-free
deb http://auto.mirror.devuan.org/merged ascii-backports main contrib non-free
deb http://auto.mirror.devuan.org/merged ascii-updates main contrib non-free
deb http://auto.mirror.devuan.org/merged ascii-security main contrib non-free

Last edited by soohwa (2019-06-20 23:20:37)

Offline

#3 2019-06-20 23:24:18

golinux
Administrator
Registered: 2016-11-25
Posts: 1,766  

Re: [SOLVED] firefox-esr update

OMG!  Not another thread about this . . .

Offline

#4 2019-06-20 23:31:22

soohwa
Member
Registered: 2017-08-21
Posts: 6  

Re: [SOLVED] firefox-esr update

I know, I know, sorry about that but it worked for me.
I really do not want to start a flameware but deb.devuan.org wasn't up-to-date ( about https://www.mozilla.org/en-US/security/ … sa2019-18/ ). Maybe it's the case now.

Last edited by soohwa (2019-06-20 23:35:01)

Offline

#5 2019-06-20 23:31:31

nogeek
Member
From: Europe
Registered: 2018-07-15
Posts: 24  

Re: [SOLVED] firefox-esr update

soohwa wrote:

Try the old repository :

deb http://auto.mirror.devuan.org/merged ascii main contrib non-free
deb http://auto.mirror.devuan.org/merged ascii-backports main contrib non-free
deb http://auto.mirror.devuan.org/merged ascii-updates main contrib non-free
deb http://auto.mirror.devuan.org/merged ascii-security main contrib non-free

This mirror do not work with https, so I won't use it.

golinux wrote:

OMG!  Not another thread about this . . .

Like wich ones before?

UPDATE:
The link did not work, it was search for the word 'firefox' in this forum

Seems like there is no up2date version of firefox in all branches:
https://pkginfo.devuan.org/cgi-bin/d1pk … elease=any
Or is this website out of date and if so why it exists?

BTW:
I am using this repo:
deb https://pkgmaster.devuan.org/merged ascii main
deb https://pkgmaster.devuan.org/merged ascii-security main
deb https://pkgmaster.devuan.org/merged ascii-updates main

Last edited by nogeek (2019-06-21 21:55:51)


Sorry for my bad english.
-
Paranoia means the fear of something that do not exist. It is not good to have them.
But people with Pronoia are a problem: https://en.wikipedia.org/wiki/Pronoia_(psychology)

Offline

#6 2019-06-21 23:06:06

nogeek
Member
From: Europe
Registered: 2018-07-15
Posts: 24  

Re: [SOLVED] firefox-esr update

http://auto.mirror.devuan.org/merged
does not exist anymore, it redirects to
http://packages.roundr.devuan.org/merged
now.
I tried this http-only-shit after I tried all https-mirros from this list:
https://pkgmaster.devuan.org/mirror_list.txt
(btw:https://espejito.fder.edu.uy/devuan does not exist either...)

I runned

apt update -o Acquire::http::AllowRedirect=false

followed by

apt list --upgradable

and got

firefox-esr/stable-security 60.7.1esr-1~deb9u1 amd64 [upgradable from: 60.7.0esr-1~deb9u1]
vim-common/stable-security 2:8.0.0197-4+deb9u2 all [upgradable from: 2:8.0.0197-4+deb9u1]
vim-tiny/stable-security 2:8.0.0197-4+deb9u2 amd64 [upgradable from: 2:8.0.0197-4+deb9u1]
xxd/stable-security 2:8.0.0197-4+deb9u2 amd64 [upgradable from: 2:8.0.0197-4+deb9u1]

So no actual version of firefox either!
I am not an expert, but this is big crap!
I really need firefox, a safe one!

At least: I would never upgrade my system over http...

Last edited by nogeek (2019-06-21 23:10:10)


Sorry for my bad english.
-
Paranoia means the fear of something that do not exist. It is not good to have them.
But people with Pronoia are a problem: https://en.wikipedia.org/wiki/Pronoia_(psychology)

Offline

#7 2019-06-22 00:09:03

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,286  

Re: [SOLVED] firefox-esr update

You found the newest version of firefox-esr that's in stretch/ascii. It's been there a few days. I expect it'll be no more than a few days before the second patch migrates down.
https://security-tracker.debian.org/tra … irefox-esr

There is no firefox in stretch or ascii. Never was, never will be.

Both firefox and firefox-esr are in the unstable branch (sid/ceres) and it looks like they've both been patched.
https://security-tracker.debian.org/tra … ge/firefox

If you need the latest version right away, you can always get it directly from mozilla and just unpack it and run it. That's a more conservative choice than upgrading to ceres.

Offline

#8 2019-06-22 00:45:56

pcalvert
Member
Registered: 2017-05-15
Posts: 50  

Re: [SOLVED] firefox-esr update

I downloaded the Firefox ESR package from here:
https://packages.debian.org/stretch/firefox-esr

Then I installed it using gdebi.

Result:

$ apt policy firefox-esr
firefox-esr:
  Installed: 60.7.1esr-1~deb9u1
  Candidate: 60.7.1esr-1~deb9u1
  Version table:
 *** 60.7.1esr-1~deb9u1 100
        100 /var/lib/dpkg/status
     60.7.0esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii-security/main i386 Packages
     60.6.3esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii-updates/main i386 Packages
     60.6.1esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii/main i386 Packages

Phil


“Property is the fruit of labor; property is desirable; it is a positive good
in the world. That some should be rich shows that others may become
rich, and hence is just encouragement to industry and enterprise.”
— Abraham Lincoln

Offline

#9 2019-06-23 03:00:44

nogeek
Member
From: Europe
Registered: 2018-07-15
Posts: 24  

Re: [SOLVED] firefox-esr update

fsmithred wrote:

If you need the latest version right away, you can always get it directly from mozilla and just unpack it and run it. That's a more conservative choice than upgrading to ceres.

Hey, thanks for your answer.
Yeah I ment a package with the newest security patches (version was the wrong word sorry).
Before you posted this I have had it already downloaded from here:
https://releases.mozilla.org/pub/firefox/releases/

pcalvert wrote:

I downloaded the Firefox ESR package from here:
https://packages.debian.org/stretch/firefox-esr

I now this website, but this link is not the source where you have to download it from, it is here:
http://security.debian.org/debian-secur … ian.tar.xz
http://security.debian.org/debian-secur … _amd64.deb
and this is not https.

Last edited by nogeek (2019-06-23 15:16:53)


Sorry for my bad english.
-
Paranoia means the fear of something that do not exist. It is not good to have them.
But people with Pronoia are a problem: https://en.wikipedia.org/wiki/Pronoia_(psychology)

Offline

#10 2019-06-23 09:16:07

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 340  
Website

Re: [SOLVED] firefox-esr update

nogeek wrote:

this is not https.

Why do you care if your ISP can see which packages you are downloading?

Try

wget https://deb.debian.org/debian-security/pool/updates/main/f/firefox-esr/firefox-esr_60.7.1esr-1~deb9u1_amd64.deb
# dpkg -i firefox-esr_60.7.1esr-1~deb9u1_amd64.deb

Fabricando fit faber

Offline

#11 2019-06-23 11:31:13

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,286  

Re: [SOLVED] firefox-esr update

nogeek wrote:
pcalvert wrote:

I downloaded the Firefox ESR package from here:
https://packages.debian.org/stretch/firefox-esr

I now this website, but this link is not the source where you have to download it from, it is here:
http://security.debian.org/debian-secur … ian.tar.xz
and this is not https.

You just downloaded the source package, which you can use to compile new binaries. I can assure you that you do not want to do that. Try one of these .deb packages instead. You can find these by scrolling down the page that pcalvert linked and selecting the architecture you want.

amd64
http://security.debian.org/debian-secur … _amd64.deb

i386
http://security.debian.org/debian-secur … 1_i386.deb

Offline

#12 2019-06-23 15:15:03

nogeek
Member
From: Europe
Registered: 2018-07-15
Posts: 24  

Re: [SOLVED] firefox-esr update

Head_on_a_Stick wrote:

Why do you care if your ISP can see which packages you are downloading?

https does not only pretend listening, it also pretends Man-in-the-Middle-Attacks.
And even if it only protects me from listening: my ISP do not need to know anything (data economy). ;-)

Head_on_a_Stick wrote:

Try

wget https://deb.debian.org/debian-security/pool/updates/main/f/firefox-esr/firefox-esr_60.7.1esr-1~deb9u1_amd64.deb
# dpkg -i firefox-esr_60.7.1esr-1~deb9u1_amd64.deb

If I would do this I would run:

torsocks wget --https-only --no-cookies foobar

But just as I say above it is not Firefox ESR 60.7.2.
https://www.mozilla.org/en-US/security/ … sa2019-19/

fsmithred wrote:

You just downloaded the source package, [..]

I just posted the wrong link (was tired) but thanks I will correct the other post ;-)

Thank you all for you posts and have a nice day! :-)

Last edited by nogeek (2019-06-23 22:21:56)


Sorry for my bad english.
-
Paranoia means the fear of something that do not exist. It is not good to have them.
But people with Pronoia are a problem: https://en.wikipedia.org/wiki/Pronoia_(psychology)

Offline

#13 2019-06-24 16:11:12

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 340  
Website

Re: [SOLVED] firefox-esr update

v60.7.2 of firefox-esr has just been made available in the Devuan ceres repositories:

https://pkginfo.devuan.org/stage/ceres/ … esr-1.html

I presume it will filter down to the other branches soon.


Fabricando fit faber

Offline

#14 2019-06-24 16:58:36

Dutch_Master
Member
Registered: 2018-05-31
Posts: 105  

Re: [SOLVED] firefox-esr update

Just installed the earlier version (60.7.1) on Ascii. Didn't show up yesterday though.

Online

Board footer