Hi,
[cross-posting not needed I think]
Am 29.09.2010 14:14, schrieb Frederic Crozat:
> Le mercredi 29 septembre 2010 à 14:02 +0200, Wolfgang Rosenauer a
> écrit :
> Probably a stupid question, but have you discussed with other
> distribution maintainers to see how they are handling the move ?
Not stupid at all. And yes, I have talked to Ubuntu and Debian already.
Fedora to go actually.
Status:
Ubuntu already started to do exactly what I want to do. Even more (as
I've been told) they are not inheriting any more system libraries as
upstream does. NSPR, NSS, JPG whatever is apparently statically built
into their Firefox. The reasons were ongoing issues with upstream about
using too old or broken system libraries and (startup) performance.
Debian and Ubuntu never had the split running as smoothly as we did.
My localization packaging and split between xulrunner/firefox was almost
perfect. Debian hasn't had localized xulrunner but only Firefox. We had
both without overlapping packaging. Last I heard was that Debian wants
to keep the split but hasn't yet really looked into the issues I'm
facing already.
AFAIK Fedora also has a different localization packaging using ready
made XPIs from upstream for the locales. Otherwise I'm failing to find
their current package for FF4 (if they have it).
But thanks for the reminder. I guess I'll just contact them all again.
> It might useful to have a "common" way of packaging xulrunner / firefox
> across distributions, which "could" help influence Mozilla in the
> future.
The only reason why Firefox-on-top-of-xulrunner still works somehow is
the work of the distributions. Mozilla doesn't really care and breaks it
very often (not really intentionally but they do not test this setup and
they ignore it for their design plans). I'm really starting to wonder if
it's worth the effort.
Wolfgang
--
To unsubscribe, e-mail: opensuse-factory-mozilla+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-factory-mozilla+help(a)opensuse.org
Hi,
a few years ago I have driven an effort to split the Firefox package in
openSUSE so that Firefox is a pretty small addon based on the xulrunner
packages. We already had a xulrunner package at that time to satisfy
consumers/applications which want to embed Gecko and to be able to run
XUL applications designed to run under xulrunner.
Back then I stripped out almost all duplication from the Firefox package
and based it on xulrunner.
That went fairly well up to Firefox 3.6 now but starting with Firefox 4
Mozilla did some heavy changes to Firefox' extension and chrome system
which makes it very hard to do it as we did. Some things are just
impossible and we would need to configure Firefox differently as
upstream does to keep compatibility with the above app design.
One difference you can notice right now with the Firefox 4 betas I ship
is that localization doesn't work anymore which is one outcome of the
changes.
Another feature (omnijar; performance related) is currently disabled
because it's not possible with our structure.
Because of all the above I'm thinking about taking back that split and
ship Firefox as (almost) static build again.
I don't want to drop the xulrunner packages as they still make sense though.
That also shouldn't be a problem of maintenance since we already had to
keep xulrunner and firefox exactly in sync and built from the same
sources. Basically the only thing which is affected is the size of the
package but I _think_ going from 1MB to 10MB (something like that) will
kill our installation media?
This is more or less just a heads up to give people the chance to raise
their voice or concerns since it might be possible to keep it as it is
with some constraints (and unfortunately some ongoing work to keep up
with upstream).
Any comments?
Wolfgang
--
To unsubscribe, e-mail: opensuse-factory-mozilla+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-factory-mozilla+help(a)opensuse.org
Hello maintainers of Mozilla programs, hello all,
there seems to be a 'known' security related bug (potential Cross-Site
Scripting Attacks) on several versions of Thunderbird and Firefox. Is it
also known to you (pl.)?
Regards
pistazienfresser
http://forums.opensuse.org/english/community/general-chit-chat/445980-secur…
-------- Original Message --------
Subject: Re: Security issues: How do users, maintainers and developers
work together? Second Example: Thunderbird 3.0.6, Firefox 3.6.8
Date: Fri, 10 Sep 2010 08:00:54 GMT
From: pistazienfresser <pistazienfresser(a)no-mx.forums.opensuse.org>
Newsgroups: opensuse.org.no-support.general-chit-chat
References: <pistazienfresser.4h11o0(a)no-mx.forums.opensuse.org>
<Chrysantine.4h14fz(a)no-mx.forums.opensuse.org>
[...]
@ all:
Does anyone how to act to speed up a update related on a (not by
personal experience) know security issue without being able to maintain
by myself?
A fake bugreport?
Opera 10.62 of 2010-09-09 seems to fix no security issues at all.[6]
But how could I speed things up in a case like my Mozilla
Thunderbird 3.0.6 or my Mozilla Firefox 3.6.8?[7][8][9][10]
Regards
pistazienfresser
Footnotes
[1a] http://www.opera.com/support/kb/view/966/
[6]http://www.opera.com/docs/changelogs/unix/1062/
[7]http://www.mozilla.org/security/announce/2010/mfsa2010-49.html
"Title: Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
Impact: Critical
Announced: September 7, 2010
Reporter: Mozilla developers and community
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 3.6.9 Firefox 3.5.12 Thunderbird 3.1.3 Thunderbird
3.0.7 SeaMonkey 2.0.7"
[8] Mozilla Thunderbird Bugs Let Remote Users Conduct Cross-Site
Scripting Attacks, Obtain Potentially Sensitive Information, and Execute
Arbitrary Code SecurityTracker; SecurityTracker URL:
http://securitytracker.com/id?1024403
(2010-09-08)
"Impact: A remote user can create a HTML that, when loaded by the
target user, will execute arbitrary code on the target user's system.
A remote user can access the target user's cookies (including
authentication cookies), if any, associated with the target site, access
data recently submitted by the target user via web form to the site, or
take actions on the site acting as the target user.
A remote user can obtain potentially sensitive information.
Solution: The vendor has issued a fix (3.0.7, 3.1.3).
"
[9] Mozilla Firefox DLL Loading Error Lets Remote Users Execute
Arbitrary Code; SecurityTracker URL:
http://securitytracker.com/id?1024406
(2010-09-08)
[10] Mozilla Firefox Bugs Let Remote Users Conduct Cross-Site Scripting
Attacks, Obtain Potentially Sensitive Information, and Execute Arbitrary
Code, SecurityTracker URL:
http://securitytracker.com/id?1024401
(2010-09-08)
--
To unsubscribe, e-mail: opensuse-factory-mozilla+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-factory-mozilla+help(a)opensuse.org