[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security update of firefox-esr for Wheezy

Hi Emilio,
On Sat, Sep 03, 2016 at 12:12:55PM +0200, Emilio Pozuelo Monfort wrote:
> On 02/09/16 08:39, Guido Günther wrote:
> > On Fri, Sep 02, 2016 at 01:26:05AM +0200, Emilio Pozuelo Monfort wrote:
> >> On 08/08/16 10:20, Raphael Hertzog wrote:
> >>> On Mon, 08 Aug 2016, Emilio Pozuelo Monfort wrote:
> >>>>> Shall we mark gcc-4.8 as unsupported in wheezy, explaining that its only
> >>>>> purpose is to enable build of other packages?
> >>>>
> >>>> That would make sense.
> >>>>
> >>>> I'll see if I can take a look at this.
> >>>
> >>> The problematic part is likely libstdc++. I would expect the new gcc to
> >>> assume that you have the corresponding libstdc++.
> >>>
> >>> Mike once told that Firefox has special code to avoid the increased
> >>> dependency but that might not be the case of other packages that we might
> >>> want to build with a newer gcc.
> >>
> >> I had a look at this. Matthias pointed me to gcc-mozilla from Ubuntu, which is
> >> GCC 4.8.4 shipped in one package. I built that for Wheezy, then built
> >> firefox_49.0~b1-1 using that. I had to disable PIE, but other than that it built
> >> fine and seems to work well. So I think we could go this route.
> >>
> >> For GCC at least we need to drop the gfdl bits, and we may want to update to
> >> 4.8.5, but in general it seems to work well. I was hitting a build failure that
> >> I could workaround by using an interactive shell. No idea if it's a pbuilder
> >> problem or what. That would need a little investigation.
> >>
> >> For Firefox, I didn't look much at the PIE issue. I just saw that it fails on a
> >> simple configure test when enabled, at the linker stage. With pie disabled,
> >> everything went well.
> > 
> > That sounds great. Did you put the packages somewhere? I don't think we'll
> > run into any extra issues with Icedove but it might be worth checking
> > this out before the current ESR versions go EOL.
> Packages are at https://people.debian.org/~pochu/lts/gcc/
> gcc-mozilla is the one from [1], but putting it here for convenience (you can't
> dget from launchpad). Let me know if it works for you or if you have any issues.

I checked with current icedove and it builds a well when disabling
PIE. So with your proposed changed (disabling gfdl, updating to the
latest 4.8 version) we should be good. Are you going to look into this?

 -- Guido

Reply to: