Re: Security update of firefox-esr for Wheezy
- To: Guido Günther <agx@sigxcpu.org>, Raphael Hertzog <hertzog@debian.org>, Mike Hommey <mh@glandium.org>, Debian LTS <debian-lts@lists.debian.org>
- Subject: Re: Security update of firefox-esr for Wheezy
- From: Emilio Pozuelo Monfort <pochu@debian.org>
- Date: Sat, 1 Oct 2016 18:36:57 +0200
- Message-id: <[🔎] 44067266-94ec-3bf5-0d06-30b00853bcb6@debian.org>
- In-reply-to: <20160930102141.zvtn7gulqclvqnun@bogon.m.sigxcpu.org>
- References: <20160804175028.GA4692@bogon.m.sigxcpu.org> <20160804210229.nzrxjuwmzqpwaskq@glandium.org> <9e42f70e-8b89-9053-95aa-d2bccaefd186@debian.org> <20160807105024.GA7538@bogon.m.sigxcpu.org> <20160807201709.GB25889@home.ouaza.com> <d56bd132-f268-3c53-97ef-61f587ab8ebd@debian.org> <20160808082013.GA3220@home.ouaza.com> <dff175c3-267a-a4ce-232b-9f949201625e@debian.org> <20160902063920.pxmsnxxvwxpxgxry@bogon.m.sigxcpu.org> <a3da515a-c642-4abe-d7a8-f1258a700cd5@debian.org> <20160930102141.zvtn7gulqclvqnun@bogon.m.sigxcpu.org>
On 30/09/16 12:21, Guido Günther wrote:
> Hi Emilio,
> On Sat, Sep 03, 2016 at 12:12:55PM +0200, Emilio Pozuelo Monfort wrote:
>> On 02/09/16 08:39, Guido Günther wrote:
>>> On Fri, Sep 02, 2016 at 01:26:05AM +0200, Emilio Pozuelo Monfort wrote:
>>>> On 08/08/16 10:20, Raphael Hertzog wrote:
>>>>> On Mon, 08 Aug 2016, Emilio Pozuelo Monfort wrote:
>>>>>>> Shall we mark gcc-4.8 as unsupported in wheezy, explaining that its only
>>>>>>> purpose is to enable build of other packages?
>>>>>>
>>>>>> That would make sense.
>>>>>>
>>>>>> I'll see if I can take a look at this.
>>>>>
>>>>> The problematic part is likely libstdc++. I would expect the new gcc to
>>>>> assume that you have the corresponding libstdc++.
>>>>>
>>>>> Mike once told that Firefox has special code to avoid the increased
>>>>> dependency but that might not be the case of other packages that we might
>>>>> want to build with a newer gcc.
>>>>
>>>> I had a look at this. Matthias pointed me to gcc-mozilla from Ubuntu, which is
>>>> GCC 4.8.4 shipped in one package. I built that for Wheezy, then built
>>>> firefox_49.0~b1-1 using that. I had to disable PIE, but other than that it built
>>>> fine and seems to work well. So I think we could go this route.
>>>>
>>>> For GCC at least we need to drop the gfdl bits, and we may want to update to
>>>> 4.8.5, but in general it seems to work well. I was hitting a build failure that
>>>> I could workaround by using an interactive shell. No idea if it's a pbuilder
>>>> problem or what. That would need a little investigation.
>>>>
>>>> For Firefox, I didn't look much at the PIE issue. I just saw that it fails on a
>>>> simple configure test when enabled, at the linker stage. With pie disabled,
>>>> everything went well.
>>>
>>> That sounds great. Did you put the packages somewhere? I don't think we'll
>>> run into any extra issues with Icedove but it might be worth checking
>>> this out before the current ESR versions go EOL.
>>
>> Packages are at https://people.debian.org/~pochu/lts/gcc/
>>
>> gcc-mozilla is the one from [1], but putting it here for convenience (you can't
>> dget from launchpad). Let me know if it works for you or if you have any issues.
>
> I checked with current icedove and it builds a well when disabling
> PIE. So with your proposed changed (disabling gfdl, updating to the
> latest 4.8 version) we should be good. Are you going to look into this?
Yes, I'll take care of that.
Cheers,
Emilio
Reply to: