From owner-freebsd-ports@FreeBSD.ORG  Tue Jun  5 19:44:37 2012
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: ports@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 58B07106566C;
	Tue,  5 Jun 2012 19:44:37 +0000 (UTC)
	(envelope-from beat@FreeBSD.org)
Received: from marvin.chruetertee.ch (marvin.chruetertee.ch [217.150.245.55])
	by mx1.freebsd.org (Postfix) with ESMTP id D76578FC0C;
	Tue,  5 Jun 2012 19:44:36 +0000 (UTC)
Received: from [192.168.1.100] (dynamic-94-247-222-143.catv.glattnet.ch
	[94.247.222.143]) (authenticated bits=0)
	by marvin.chruetertee.ch (8.14.4/8.14.3) with ESMTP id q55JiS7t051612
	(version=TLSv1/SSLv3 cipher=DHE-DSS-AES128-SHA bits=128 verify=NO);
	Tue, 5 Jun 2012 19:44:29 GMT (envelope-from beat@FreeBSD.org)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=us-ascii
From: =?iso-8859-1?Q?Beat_G=E4tzi?= <beat@FreeBSD.org>
In-Reply-To: <20120604234228.GA11802@server.rulingia.com>
Date: Tue, 5 Jun 2012 21:44:28 +0200
Content-Transfer-Encoding: 7bit
Message-Id: <092A0DF4-AA1E-4885-AC5E-D4A0CDC6C566@FreeBSD.org>
References: <20120604234228.GA11802@server.rulingia.com>
To: Peter Jeremy <peter@rulingia.com>
X-Mailer: Apple Mail (2.1278)
Cc: ports@FreeBSD.org, gecko@FreeBSD.org
Subject: Re: www/libxul issues
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jun 2012 19:44:37 -0000

On Jun 5, 2012, at 1:42 AM, Peter Jeremy wrote:
> www/libxul has been broken for some time due to security
> vulnerabilities.  This issue has been highlighted by the recent
> portrevision bump caused by png.  As libxul is based on firefox-3.6
> I presume this brokenness is terminal.  Since libxul is the only
> remaining gecko, this presents an issue for a number of other ports.

We prepared an update for libxul to Firefox 10 ESR and we have 10.0.2 in
our development repository (should be easy to update to 10.0.5) but it
breaks a lot of ports which depends on libxul. Unfortunately we don't have
enough time to work on this at the moment.

Beat

> Looking at the firefox-12 sources, it appears that libxul and
> xulrunner are present (and www/firefox installs two identical
> private copies of libxul.so).  How difficult would it be to either:
> 1) Modify www/libxul to be based on firefox-12 insead of ff3.6?
> 2) Modify www/firefox to (optionally) install libxul publicly?
> 
> For that matter, whilst it's not directly relevant to the subject,
> why does www/firefox install two identical copies of the largest
> file (by an order of magnitude) in the package?
> 
> -- 
> Peter Jeremy