From owner-freebsd-ports@FreeBSD.ORG Mon Jun 4 23:42:42 2012 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9879A1065670; Mon, 4 Jun 2012 23:42:42 +0000 (UTC) (envelope-from peter@rulingia.com) Received: from vps.rulingia.com (host-122-100-2-194.octopus.com.au [122.100.2.194]) by mx1.freebsd.org (Postfix) with ESMTP id 2B8688FC14; Mon, 4 Jun 2012 23:42:41 +0000 (UTC) Received: from server.rulingia.com (c220-239-254-65.belrs5.nsw.optusnet.com.au [220.239.254.65]) by vps.rulingia.com (8.14.5/8.14.5) with ESMTP id q54NgZgo077693 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 5 Jun 2012 09:42:35 +1000 (EST) (envelope-from peter@rulingia.com) X-Bogosity: Ham, spamicity=0.000000 Received: from server.rulingia.com (localhost.rulingia.com [127.0.0.1]) by server.rulingia.com (8.14.5/8.14.5) with ESMTP id q54NgS3U093645 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 5 Jun 2012 09:42:28 +1000 (EST) (envelope-from peter@server.rulingia.com) Received: (from peter@localhost) by server.rulingia.com (8.14.5/8.14.5/Submit) id q54NgSHL093624; Tue, 5 Jun 2012 09:42:28 +1000 (EST) (envelope-from peter) Date: Tue, 5 Jun 2012 09:42:28 +1000 From: Peter Jeremy To: ports@freebsd.org, gecko@freebsd.org Message-ID: <20120604234228.GA11802@server.rulingia.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YiEDa0DAkWCtVeE4" Content-Disposition: inline X-PGP-Key: http://www.rulingia.com/keys/peter.pgp User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Subject: www/libxul issues X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jun 2012 23:42:42 -0000 --YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable www/libxul has been broken for some time due to security vulnerabilities. This issue has been highlighted by the recent portrevision bump caused by png. As libxul is based on firefox-3.6 I presume this brokenness is terminal. Since libxul is the only remaining gecko, this presents an issue for a number of other ports. Looking at the firefox-12 sources, it appears that libxul and xulrunner are present (and www/firefox installs two identical private copies of libxul.so). How difficult would it be to either: 1) Modify www/libxul to be based on firefox-12 insead of ff3.6? 2) Modify www/firefox to (optionally) install libxul publicly? For that matter, whilst it's not directly relevant to the subject, why does www/firefox install two identical copies of the largest file (by an order of magnitude) in the package? --=20 Peter Jeremy --YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAk/NR+QACgkQ/opHv/APuIfYHgCgqdpyNpvBJNHC7r3N6ZNgMZd+ piIAn36kE1I6BBr/APJqzoGJWFLULpmN =sJVL -----END PGP SIGNATURE----- --YiEDa0DAkWCtVeE4--