[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security update of firefox-esr for Wheezy

On 30/09/16 12:21, Guido Günther wrote:
> Hi Emilio,
> On Sat, Sep 03, 2016 at 12:12:55PM +0200, Emilio Pozuelo Monfort wrote:
>> On 02/09/16 08:39, Guido Günther wrote:
>>> On Fri, Sep 02, 2016 at 01:26:05AM +0200, Emilio Pozuelo Monfort wrote:
>>>> On 08/08/16 10:20, Raphael Hertzog wrote:
>>>>> On Mon, 08 Aug 2016, Emilio Pozuelo Monfort wrote:
>>>>>>> Shall we mark gcc-4.8 as unsupported in wheezy, explaining that its only
>>>>>>> purpose is to enable build of other packages?
>>>>>> That would make sense.
>>>>>> I'll see if I can take a look at this.
>>>>> The problematic part is likely libstdc++. I would expect the new gcc to
>>>>> assume that you have the corresponding libstdc++.
>>>>> Mike once told that Firefox has special code to avoid the increased
>>>>> dependency but that might not be the case of other packages that we might
>>>>> want to build with a newer gcc.
>>>> I had a look at this. Matthias pointed me to gcc-mozilla from Ubuntu, which is
>>>> GCC 4.8.4 shipped in one package. I built that for Wheezy, then built
>>>> firefox_49.0~b1-1 using that. I had to disable PIE, but other than that it built
>>>> fine and seems to work well. So I think we could go this route.
>>>> For GCC at least we need to drop the gfdl bits, and we may want to update to
>>>> 4.8.5, but in general it seems to work well. I was hitting a build failure that
>>>> I could workaround by using an interactive shell. No idea if it's a pbuilder
>>>> problem or what. That would need a little investigation.
>>>> For Firefox, I didn't look much at the PIE issue. I just saw that it fails on a
>>>> simple configure test when enabled, at the linker stage. With pie disabled,
>>>> everything went well.
>>> That sounds great. Did you put the packages somewhere? I don't think we'll
>>> run into any extra issues with Icedove but it might be worth checking
>>> this out before the current ESR versions go EOL.
>> Packages are at https://people.debian.org/~pochu/lts/gcc/
>> gcc-mozilla is the one from [1], but putting it here for convenience (you can't
>> dget from launchpad). Let me know if it works for you or if you have any issues.
> I checked with current icedove and it builds a well when disabling
> PIE. So with your proposed changed (disabling gfdl, updating to the
> latest 4.8 version) we should be good. Are you going to look into this?

Yes, I'll take care of that.


Reply to: