www/libxul issues
Beat Gätzi
beat at FreeBSD.org
Tue Jun 5 19:44:37 UTC 2012
On Jun 5, 2012, at 1:42 AM, Peter Jeremy wrote:
> www/libxul has been broken for some time due to security
> vulnerabilities. This issue has been highlighted by the recent
> portrevision bump caused by png. As libxul is based on firefox-3.6
> I presume this brokenness is terminal. Since libxul is the only
> remaining gecko, this presents an issue for a number of other ports.
We prepared an update for libxul to Firefox 10 ESR and we have 10.0.2 in
our development repository (should be easy to update to 10.0.5) but it
breaks a lot of ports which depends on libxul. Unfortunately we don't have
enough time to work on this at the moment.
Beat
> Looking at the firefox-12 sources, it appears that libxul and
> xulrunner are present (and www/firefox installs two identical
> private copies of libxul.so). How difficult would it be to either:
> 1) Modify www/libxul to be based on firefox-12 insead of ff3.6?
> 2) Modify www/firefox to (optionally) install libxul publicly?
>
> For that matter, whilst it's not directly relevant to the subject,
> why does www/firefox install two identical copies of the largest
> file (by an order of magnitude) in the package?
>
> --
> Peter Jeremy
More information about the freebsd-ports
mailing list