Date: Tue, 5 Jun 2012 21:44:28 +0200 From: =?iso-8859-1?Q?Beat_G=E4tzi?= <beat@FreeBSD.org> To: Peter Jeremy <peter@rulingia.com> Cc: ports@FreeBSD.org, gecko@FreeBSD.org Subject: Re: www/libxul issues Message-ID: <092A0DF4-AA1E-4885-AC5E-D4A0CDC6C566@FreeBSD.org> In-Reply-To: <20120604234228.GA11802@server.rulingia.com> References: <20120604234228.GA11802@server.rulingia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 5, 2012, at 1:42 AM, Peter Jeremy wrote: > www/libxul has been broken for some time due to security > vulnerabilities. This issue has been highlighted by the recent > portrevision bump caused by png. As libxul is based on firefox-3.6 > I presume this brokenness is terminal. Since libxul is the only > remaining gecko, this presents an issue for a number of other ports. We prepared an update for libxul to Firefox 10 ESR and we have 10.0.2 in our development repository (should be easy to update to 10.0.5) but it breaks a lot of ports which depends on libxul. Unfortunately we don't have enough time to work on this at the moment. Beat > Looking at the firefox-12 sources, it appears that libxul and > xulrunner are present (and www/firefox installs two identical > private copies of libxul.so). How difficult would it be to either: > 1) Modify www/libxul to be based on firefox-12 insead of ff3.6? > 2) Modify www/firefox to (optionally) install libxul publicly? > > For that matter, whilst it's not directly relevant to the subject, > why does www/firefox install two identical copies of the largest > file (by an order of magnitude) in the package? > > -- > Peter Jeremy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?092A0DF4-AA1E-4885-AC5E-D4A0CDC6C566>