Re: Security update of firefox-esr for Wheezy

[Emilio Pozuelo Monfort <pochu@debian.org>]

On 08/08/16 10:20, Raphael Hertzog wrote:
> On Mon, 08 Aug 2016, Emilio Pozuelo Monfort wrote:
>>> Shall we mark gcc-4.8 as unsupported in wheezy, explaining that its only
>>> purpose is to enable build of other packages?
>>
>> That would make sense.
>>
>> I'll see if I can take a look at this.
> 
> The problematic part is likely libstdc++. I would expect the new gcc to
> assume that you have the corresponding libstdc++.
> 
> Mike once told that Firefox has special code to avoid the increased
> dependency but that might not be the case of other packages that we might
> want to build with a newer gcc.

I had a look at this. Matthias pointed me to gcc-mozilla from Ubuntu, which is
GCC 4.8.4 shipped in one package. I built that for Wheezy, then built
firefox_49.0~b1-1 using that. I had to disable PIE, but other than that it built
fine and seems to work well. So I think we could go this route.

For GCC at least we need to drop the gfdl bits, and we may want to update to
4.8.5, but in general it seems to work well. I was hitting a build failure that
I could workaround by using an interactive shell. No idea if it's a pbuilder
problem or what. That would need a little investigation.

For Firefox, I didn't look much at the PIE issue. I just saw that it fails on a
simple configure test when enabled, at the linker stage. With pie disabled,
everything went well.

Cheers,
Emilio