Date: Tue, 5 Jun 2012 09:42:28 +1000 From: Peter Jeremy <peter@rulingia.com> To: ports@freebsd.org, gecko@freebsd.org Subject: www/libxul issues Message-ID: <20120604234228.GA11802@server.rulingia.com>
next in thread | raw e-mail | index | archive | help
--YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable www/libxul has been broken for some time due to security vulnerabilities. This issue has been highlighted by the recent portrevision bump caused by png. As libxul is based on firefox-3.6 I presume this brokenness is terminal. Since libxul is the only remaining gecko, this presents an issue for a number of other ports. Looking at the firefox-12 sources, it appears that libxul and xulrunner are present (and www/firefox installs two identical private copies of libxul.so). How difficult would it be to either: 1) Modify www/libxul to be based on firefox-12 insead of ff3.6? 2) Modify www/firefox to (optionally) install libxul publicly? For that matter, whilst it's not directly relevant to the subject, why does www/firefox install two identical copies of the largest file (by an order of magnitude) in the package? --=20 Peter Jeremy --YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAk/NR+QACgkQ/opHv/APuIfYHgCgqdpyNpvBJNHC7r3N6ZNgMZd+ piIAn36kE1I6BBr/APJqzoGJWFLULpmN =sJVL -----END PGP SIGNATURE----- --YiEDa0DAkWCtVeE4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120604234228.GA11802>