From owner-freebsd-gecko@freebsd.org Thu Apr 27 12:41:45 2017 Return-Path: Delivered-To: freebsd-gecko@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 17363D51ABA for ; Thu, 27 Apr 2017 12:41:45 +0000 (UTC) (envelope-from jbeich@freebsd.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 081F61E24 for ; Thu, 27 Apr 2017 12:41:45 +0000 (UTC) (envelope-from jbeich@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 0787ED51AB9; Thu, 27 Apr 2017 12:41:45 +0000 (UTC) Delivered-To: gecko@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 07392D51AB8 for ; Thu, 27 Apr 2017 12:41:45 +0000 (UTC) (envelope-from jbeich@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DFEC41E22; Thu, 27 Apr 2017 12:41:44 +0000 (UTC) (envelope-from jbeich@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1354) id 0EDFA2B5B; Thu, 27 Apr 2017 12:41:44 +0000 (UTC) From: Jan Beich To: Tommi Pernila Cc: gecko@freebsd.org Subject: Re: FreeBSD ports - Thunderbird and Firefox / Firefox-ESR References: Date: Thu, 27 Apr 2017 14:41:40 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: freebsd-gecko@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Gecko Rendering Engine issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Apr 2017 12:41:45 -0000 Tommi Pernila writes: > I use these ports daily and i compile them with a few custom flags/settings > with poudriere. ( the most notable being DEFAULT_VERSION+=ssl=libressl ) > > So would you need help with testing these? Aren't you already testing? Also, gecko@ ports use NSS instead of (Open|Libre|Boring)SSL. > Also how could I help to get the the latest versions to the ports tree > as fast as possible. By improving FreeBSD support upstream, reporting regressions early. For one, try building Firefox Nightly $ pkg install python27 $ hash git 2>/dev/null || pkg install mercurial $ hg clone https://hg.mozilla.org/mozilla-unified firefox || git clone https://github.com/mozilla/gecko-dev firefox $ cd firefox $ ./mach bootstrap # select Firefox for Desktop $ ./mach build $ ./mach run $ ./mach package or run a build for 12.0-CURRENT amd64 from http://buildbot.rhaalovely.net/builds/ > As most of the updates now days are about security vulnerabilities. Firefox in multiprocess mode supports sandboxing content process, plugins (NPAPI and GMP). This is implemented only for Tier1 platforms. On Tier3 platforms like FreeBSD running Firefox with unpatched vulnerabilities is less secure. https://wiki.mozilla.org/Security/Sandbox https://wiki.freebsd.org/Capsicum > As I'm working in IT security field, so i don't want to get bitten with a > public vulnerability ;) Relying solely on VuXML is a recipe to get bitten e.g., https://security-tracker.debian.org/tracker/source-package/audiofile https://security-tracker.debian.org/tracker/source-package/jasper https://security-tracker.debian.org/tracker/source-package/imagemagick https://security-tracker.debian.org/tracker/source-package/zziplib but the effort to automatically query CVE database seems to have stalled. https://wiki.freebsd.org/Ports/CPE