Re: Security update of firefox-esr for Wheezy
- To: Guido Günther <firstname.lastname@example.org>, Raphael Hertzog <email@example.com>, Mike Hommey <firstname.lastname@example.org>, Debian LTS <email@example.com>
- Subject: Re: Security update of firefox-esr for Wheezy
- From: Emilio Pozuelo Monfort <firstname.lastname@example.org>
- Date: Sat, 1 Oct 2016 18:36:57 +0200
- Message-id: <[🔎] email@example.com>
- In-reply-to: <firstname.lastname@example.org>
- References: <20160804175028.GA4692@bogon.m.sigxcpu.org> <email@example.com> <firstname.lastname@example.org> <20160807105024.GA7538@bogon.m.sigxcpu.org> <20160807201709.GB25889@home.ouaza.com> <email@example.com> <20160808082013.GA3220@home.ouaza.com> <firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org> <email@example.com>
On 30/09/16 12:21, Guido Günther wrote:
> Hi Emilio,
> On Sat, Sep 03, 2016 at 12:12:55PM +0200, Emilio Pozuelo Monfort wrote:
>> On 02/09/16 08:39, Guido Günther wrote:
>>> On Fri, Sep 02, 2016 at 01:26:05AM +0200, Emilio Pozuelo Monfort wrote:
>>>> On 08/08/16 10:20, Raphael Hertzog wrote:
>>>>> On Mon, 08 Aug 2016, Emilio Pozuelo Monfort wrote:
>>>>>>> Shall we mark gcc-4.8 as unsupported in wheezy, explaining that its only
>>>>>>> purpose is to enable build of other packages?
>>>>>> That would make sense.
>>>>>> I'll see if I can take a look at this.
>>>>> The problematic part is likely libstdc++. I would expect the new gcc to
>>>>> assume that you have the corresponding libstdc++.
>>>>> Mike once told that Firefox has special code to avoid the increased
>>>>> dependency but that might not be the case of other packages that we might
>>>>> want to build with a newer gcc.
>>>> I had a look at this. Matthias pointed me to gcc-mozilla from Ubuntu, which is
>>>> GCC 4.8.4 shipped in one package. I built that for Wheezy, then built
>>>> firefox_49.0~b1-1 using that. I had to disable PIE, but other than that it built
>>>> fine and seems to work well. So I think we could go this route.
>>>> For GCC at least we need to drop the gfdl bits, and we may want to update to
>>>> 4.8.5, but in general it seems to work well. I was hitting a build failure that
>>>> I could workaround by using an interactive shell. No idea if it's a pbuilder
>>>> problem or what. That would need a little investigation.
>>>> For Firefox, I didn't look much at the PIE issue. I just saw that it fails on a
>>>> simple configure test when enabled, at the linker stage. With pie disabled,
>>>> everything went well.
>>> That sounds great. Did you put the packages somewhere? I don't think we'll
>>> run into any extra issues with Icedove but it might be worth checking
>>> this out before the current ESR versions go EOL.
>> Packages are at https://people.debian.org/~pochu/lts/gcc/
>> gcc-mozilla is the one from , but putting it here for convenience (you can't
>> dget from launchpad). Let me know if it works for you or if you have any issues.
> I checked with current icedove and it builds a well when disabling
> PIE. So with your proposed changed (disabling gfdl, updating to the
> latest 4.8 version) we should be good. Are you going to look into this?
Yes, I'll take care of that.