A lot of packages in mageia 1 require an old version of xulrunner or libxulrunner, with security issues. When xulrunner is updated, all packages having a buildrequire on xulrunner should be rebuilt.
Blocks: (none) => 2934
how to have a list of all the packages that need a rebuild ?
Some package that still depend on an old version of xulrunner, and need to be rebuilt : libgjs0 perl-Gtk2-MozEmbed gnome-python-gtkmozembed This one require libxulrunner (no specific version). It needs to be checked if it can really work with any version of xulrunner : monodevelop Some package require xulrunner (no specific version), but maybe need to be rebuilt. I'm not sure if they need to be rebuilt, or still work with the latest xulrunner, so it needs to be checked : eclipse-swt libproxy-mozjs vuze For eclipse-swt, it looks like it really needs a rebuild, and dependencies corrected to require a specific version of xulrunner : $ ldd /usr/lib64/eclipse/libswt-xulrunner-gtk-3659.so ... libxul.so => /usr/lib64/xulrunner-6.0.2/libxul.so (0x00007f62b2847000) libxpcom.so => /usr/lib64/xulrunner-6.0.2/libxpcom.so (0x00007f62b2640000) ...
This list is also a list of packages that need to be checked by QA when xulrunner is updated.
This is not the only issue. A new update was recently issued for firefox/xulrunner to 9.0.1, and MageiaUpdate and urpmi --auto-select don't pull in the updated libxulrunner when they pull in firefox. doktor5000 told me on IRC that it will pull it in if you have the xulrunner package installed.
CC: (none) => luigiwalser
firefox doesn't need xulrunner anymore to work so this is not a bug here
Other packages depend on libxulrunner still.
i understand better, yes this is the goal of my first question where nicolas answered, i plan to work on this and write a wiki page about firefox updates
OK, this makes sense. xulrunner requires libxulrunner = %{version}-%{release} so that's why it pulls it in. If the other packages that depend on libxulrunner are rebuilt, the version of it that they require can be upped, which will also pull it in. Here's a thought: why not just have those packages depend on xulrunner instead of libxulrunner, so it will get pulled in automatically and they won't need to be rebuilt?
i uploaded last monodevelop version, so it's been built. That dependency has been ported by other distros spec file, i will check it better asap.
CC: (none) => anaselli
Blocks: 2934 => (none)Depends on: (none) => 4405
CC: (none) => djmarian4uSummary: A lot of package require an old version of xulrunner => a lot of package require an old version of xulrunner
eclipse, gjs, and gnome-python-extras cannot be built against current xulrunner because of API changes, and short of updating them to newer versions (if available), there's nothing we can do about that. Mandriva hasn't rebuilt them since Firefox 3.6.26 either. The best we can do is let users know in our advisories that those packages remain vulnerable.
Depends on: 4405 => (none)
Bye bye buggie.
Status: NEW => RESOLVEDResolution: (none) => WONTFIX