[#398219] p11 EPERM (try 2) firefox.git=144.0-alt1

Girar awaiter (rauty) girar-builder at altlinux.org
Sat Oct 25 15:17:00 MSK 2025 

https://git.altlinux.org/tasks/398219/logs/events.2.1.log
https://packages.altlinux.org/tasks/398219

2025-Oct-25 12:10:15 :: task #398219 for p11 resumed by rauty:
2025-Oct-25 12:10:15 :: message: Firefox CVE Fixes
#100 build 144.0-alt1 from /people/rauty/packages/firefox.git fetched at 2025-Oct-24 16:56:05
2025-Oct-25 12:10:16 :: [i586] #100 firefox.git 144.0-alt1: build start
2025-Oct-25 12:10:16 :: [aarch64] #100 firefox.git 144.0-alt1: build start
2025-Oct-25 12:10:16 :: [x86_64] #100 firefox.git 144.0-alt1: build start
2025-Oct-25 12:10:42 :: [i586] #100 firefox.git 144.0-alt1: build SKIPPED
2025-Oct-25 12:10:42 :: [x86_64] #100 firefox.git 144.0-alt1: build OK (cached)
2025-Oct-25 12:11:00 :: [aarch64] #100 firefox.git 144.0-alt1: build OK (cached)
2025-Oct-25 12:11:00 :: 100: build check OK (cached)
2025-Oct-25 12:11:01 :: build check OK
2025-Oct-25 12:11:08 :: #100: firefox.git 144.0-alt1: version check OK
2025-Oct-25 12:11:08 :: build version check OK
2025-Oct-25 12:12:49 :: noarch check OK
2025-Oct-25 12:12:51 :: plan: src +1 -1 =19876, aarch64 +3 -3 =34999, x86_64 +3 -3 =35785
#100 firefox 143.0-alt1 -> 144.0-alt1
 Wed Oct 15 2025 Ajrat Makhmutov <rauty at altlinux> 144.0-alt1
 - New version (144.0).
 - Fixes:
   + CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance()
   + CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures
   + CVE-2025-11710: Cross-process information leaked due to malicious IPC messages
   + CVE-2025-11711: Some non-writable Object properties could be modified
   + CVE-2025-11716: Sandboxed iframes allowed links to open in external apps (Android only)
   + CVE-2025-11717: The password edit screen was not hidden in Android card view
   + CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type
 [...]
2025-Oct-25 12:12:51 :: firefox: closes bugs: 56190
2025-Oct-25 12:12:52 :: firefox: fixes vulnerabilities: CVE-2025-11708 CVE-2025-11709 CVE-2025-11710 CVE-2025-11711 CVE-2025-11716 CVE-2025-11717 CVE-2025-11712 CVE-2025-11718 CVE-2025-11713 CVE-2025-11719 CVE-2025-11720 CVE-2025-11714 CVE-2025-11715 CVE-2025-11721 CVE-2025-11152 CVE-2025-11153
2025-Oct-25 12:13:37 :: patched apt indices
2025-Oct-25 12:13:47 :: created next repo
2025-Oct-25 12:14:00 :: duplicate provides check OK
2025-Oct-25 12:14:45 :: dependencies check OK
2025-Oct-25 12:15:25 :: [x86_64 aarch64] ELF symbols check OK
	x86_64: firefox=144.0-alt1 post-install unowned files:
 /usr/share/gnome-shell
 /usr/share/gnome-shell/search-providers
 /usr/share/icons/hicolor/22x22
 /usr/share/icons/hicolor/22x22/apps
 /usr/share/icons/hicolor/24x24
 /usr/share/icons/hicolor/24x24/apps
 /usr/share/icons/hicolor/256x256
 /usr/share/icons/hicolor/256x256/apps
2025-Oct-25 12:15:38 :: [x86_64] #100 firefox: install check OK (cached)
2025-Oct-25 12:15:43 :: [x86_64] #100 firefox-config-privacy: install check OK (cached)
	aarch64: firefox=144.0-alt1 post-install unowned files:
 /usr/share/gnome-shell
 /usr/share/gnome-shell/search-providers
 /usr/share/icons/hicolor/22x22
 /usr/share/icons/hicolor/22x22/apps
 /usr/share/icons/hicolor/24x24
 /usr/share/icons/hicolor/24x24/apps
 /usr/share/icons/hicolor/256x256
 /usr/share/icons/hicolor/256x256/apps
2025-Oct-25 12:15:45 :: [aarch64] #100 firefox: install check OK (cached)
2025-Oct-25 12:15:49 :: [x86_64] #100 firefox-debuginfo: install check OK (cached)
2025-Oct-25 12:15:54 :: [aarch64] #100 firefox-config-privacy: install check OK (cached)
2025-Oct-25 12:16:05 :: [aarch64] #100 firefox-debuginfo: install check OK (cached)
2025-Oct-25 12:16:22 :: [x86_64-i586] generated apt indices
2025-Oct-25 12:16:22 :: [x86_64-i586] created next repo
2025-Oct-25 12:16:33 :: [x86_64-i586] dependencies check OK
2025-Oct-25 12:16:34 :: gears inheritance check OK
2025-Oct-25 12:16:34 :: srpm inheritance check OK
girar-check-perms: access to firefox DENIED for rauty: project `firefox' is not listed in the acl file for repository `p11', and the policy for such projects in `p11' is to deny
check-subtask-perms: #100: firefox: needs approvals from members of @maint and @tester groups
2025-Oct-25 12:16:36 :: acl check FAILED
2025-Oct-25 12:16:48 :: created contents_index files
2025-Oct-25 12:16:57 :: created hash files: aarch64 src x86_64
2025-Oct-25 12:17:00 :: task #398219 for p11 EPERM

More information about the Girar-builder-p11 mailing list