| Summary: | a lot of package require an old version of xulrunner | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Vigier <boklm> |
| Component: | Security | Assignee: | D Morgan <dmorganec> |
| Status: | RESOLVED WONTFIX | QA Contact: | |
| Severity: | major | ||
| Priority: | Normal | CC: | anaselli, djmarian4u, luigiwalser |
| Version: | 1 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | CVE: | ||
| Status comment: | |||
|
Description
Nicolas Vigier
2011-10-25 11:34:17 CEST
Nicolas Vigier
2011-10-25 11:34:41 CEST
Blocks:
(none) =>
2934 how to have a list of all the packages that need a rebuild ? Some package that still depend on an old version of xulrunner, and need to be rebuilt :
libgjs0
perl-Gtk2-MozEmbed
gnome-python-gtkmozembed
This one require libxulrunner (no specific version). It needs to be checked if it can really work with any version of xulrunner :
monodevelop
Some package require xulrunner (no specific version), but maybe need to be rebuilt. I'm not sure if they need to be rebuilt, or still work with the latest xulrunner, so it needs to be checked :
eclipse-swt
libproxy-mozjs
vuze
For eclipse-swt, it looks like it really needs a rebuild, and dependencies corrected to require a specific version of xulrunner :
$ ldd /usr/lib64/eclipse/libswt-xulrunner-gtk-3659.so
...
libxul.so => /usr/lib64/xulrunner-6.0.2/libxul.so (0x00007f62b2847000)
libxpcom.so => /usr/lib64/xulrunner-6.0.2/libxpcom.so (0x00007f62b2640000)
...
This list is also a list of packages that need to be checked by QA when xulrunner is updated. This is not the only issue. A new update was recently issued for firefox/xulrunner to 9.0.1, and MageiaUpdate and urpmi --auto-select don't pull in the updated libxulrunner when they pull in firefox. doktor5000 told me on IRC that it will pull it in if you have the xulrunner package installed. CC:
(none) =>
luigiwalser firefox doesn't need xulrunner anymore to work so this is not a bug here Other packages depend on libxulrunner still. i understand better, yes this is the goal of my first question where nicolas answered, i plan to work on this and write a wiki page about firefox updates OK, this makes sense. xulrunner requires libxulrunner = %{version}-%{release} so that's why it pulls it in. If the other packages that depend on libxulrunner are rebuilt, the version of it that they require can be upped, which will also pull it in. Here's a thought: why not just have those packages depend on xulrunner instead of libxulrunner, so it will get pulled in automatically and they won't need to be rebuilt?
i uploaded last monodevelop version, so it's been built. That dependency has been ported by other distros spec file, i will check it better asap. CC:
(none) =>
anaselli
Manuel Hiebel
2012-02-12 14:22:38 CET
Blocks:
2934 =>
(none)
Dan Joita
2012-03-07 11:13:51 CET
CC:
(none) =>
djmarian4u eclipse, gjs, and gnome-python-extras cannot be built against current xulrunner because of API changes, and short of updating them to newer versions (if available), there's nothing we can do about that. Mandriva hasn't rebuilt them since Firefox 3.6.26 either. The best we can do is let users know in our advisories that those packages remain vulnerable.
David Walser
2012-04-22 22:08:35 CEST
Depends on:
4405 =>
(none) Bye bye buggie. Status:
NEW =>
RESOLVED |