openSUSE Factory Mozilla September 2010

factory-mozilla@lists.opensuse.org

2 participants
3 discussions

[opensuse-factory-mozilla] Re: [opensuse-factory] xulrunner/firefox split revisited

by Wolfgang Rosenauer

Hi, [cross-posting not needed I think] Am 29.09.2010 14:14, schrieb Frederic Crozat: > Le mercredi 29 septembre 2010 à 14:02 +0200, Wolfgang Rosenauer a > écrit : > Probably a stupid question, but have you discussed with other > distribution maintainers to see how they are handling the move ? Not stupid at all. And yes, I have talked to Ubuntu and Debian already. Fedora to go actually. Status: Ubuntu already started to do exactly what I want to do. Even more (as I've been told) they are not inheriting any more system libraries as upstream does. NSPR, NSS, JPG whatever is apparently statically built into their Firefox. The reasons were ongoing issues with upstream about using too old or broken system libraries and (startup) performance. Debian and Ubuntu never had the split running as smoothly as we did. My localization packaging and split between xulrunner/firefox was almost perfect. Debian hasn't had localized xulrunner but only Firefox. We had both without overlapping packaging. Last I heard was that Debian wants to keep the split but hasn't yet really looked into the issues I'm facing already. AFAIK Fedora also has a different localization packaging using ready made XPIs from upstream for the locales. Otherwise I'm failing to find their current package for FF4 (if they have it). But thanks for the reminder. I guess I'll just contact them all again. > It might useful to have a "common" way of packaging xulrunner / firefox > across distributions, which "could" help influence Mozilla in the > future. The only reason why Firefox-on-top-of-xulrunner still works somehow is the work of the distributions. Mozilla doesn't really care and breaks it very often (not really intentionally but they do not test this setup and they ignore it for their design plans). I'm really starting to wonder if it's worth the effort. Wolfgang -- To unsubscribe, e-mail: opensuse-factory-mozilla+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-factory-mozilla+help(a)opensuse.org

11 years, 7 months

[opensuse-factory-mozilla] xulrunner/firefox split revisited

by Wolfgang Rosenauer

Hi, a few years ago I have driven an effort to split the Firefox package in openSUSE so that Firefox is a pretty small addon based on the xulrunner packages. We already had a xulrunner package at that time to satisfy consumers/applications which want to embed Gecko and to be able to run XUL applications designed to run under xulrunner. Back then I stripped out almost all duplication from the Firefox package and based it on xulrunner. That went fairly well up to Firefox 3.6 now but starting with Firefox 4 Mozilla did some heavy changes to Firefox' extension and chrome system which makes it very hard to do it as we did. Some things are just impossible and we would need to configure Firefox differently as upstream does to keep compatibility with the above app design. One difference you can notice right now with the Firefox 4 betas I ship is that localization doesn't work anymore which is one outcome of the changes. Another feature (omnijar; performance related) is currently disabled because it's not possible with our structure. Because of all the above I'm thinking about taking back that split and ship Firefox as (almost) static build again. I don't want to drop the xulrunner packages as they still make sense though. That also shouldn't be a problem of maintenance since we already had to keep xulrunner and firefox exactly in sync and built from the same sources. Basically the only thing which is affected is the size of the package but I _think_ going from 1MB to 10MB (something like that) will kill our installation media? This is more or less just a heads up to give people the chance to raise their voice or concerns since it might be possible to keep it as it is with some constraints (and unfortunately some ongoing work to keep up with upstream). Any comments? Wolfgang -- To unsubscribe, e-mail: opensuse-factory-mozilla+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-factory-mozilla+help(a)opensuse.org

11 years, 7 months

[opensuse-factory-mozilla] Fwd: Re: Security issues: How do users, maintainers and developers work together? Second Example: Thunderbird 3.0.6, Firefox 3.6.8

by pistazienfresser (see profile)

Hello maintainers of Mozilla programs, hello all, there seems to be a 'known' security related bug (potential Cross-Site Scripting Attacks) on several versions of Thunderbird and Firefox. Is it also known to you (pl.)? Regards pistazienfresser http://forums.opensuse.org/english/community/general-chit-chat/445980-secur… -------- Original Message -------- Subject: Re: Security issues: How do users, maintainers and developers work together? Second Example: Thunderbird 3.0.6, Firefox 3.6.8 Date: Fri, 10 Sep 2010 08:00:54 GMT From: pistazienfresser <pistazienfresser(a)no-mx.forums.opensuse.org> Newsgroups: opensuse.org.no-support.general-chit-chat References: <pistazienfresser.4h11o0(a)no-mx.forums.opensuse.org> <Chrysantine.4h14fz(a)no-mx.forums.opensuse.org> [...] @ all: Does anyone how to act to speed up a update related on a (not by personal experience) know security issue without being able to maintain by myself? A fake bugreport? Opera 10.62 of 2010-09-09 seems to fix no security issues at all.[6] But how could I speed things up in a case like my Mozilla Thunderbird 3.0.6 or my Mozilla Firefox 3.6.8?[7][8][9][10] Regards pistazienfresser Footnotes [1a] http://www.opera.com/support/kb/view/966/ [6]http://www.opera.com/docs/changelogs/unix/1062/ [7]http://www.mozilla.org/security/announce/2010/mfsa2010-49.html "Title: Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12) Impact: Critical Announced: September 7, 2010 Reporter: Mozilla developers and community Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.9 Firefox 3.5.12 Thunderbird 3.1.3 Thunderbird 3.0.7 SeaMonkey 2.0.7" [8] Mozilla Thunderbird Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Obtain Potentially Sensitive Information, and Execute Arbitrary Code SecurityTracker; SecurityTracker URL: http://securitytracker.com/id?1024403 (2010-09-08) "Impact: A remote user can create a HTML that, when loaded by the target user, will execute arbitrary code on the target user's system. A remote user can access the target user's cookies (including authentication cookies), if any, associated with the target site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. A remote user can obtain potentially sensitive information. Solution: The vendor has issued a fix (3.0.7, 3.1.3). " [9] Mozilla Firefox DLL Loading Error Lets Remote Users Execute Arbitrary Code; SecurityTracker URL: http://securitytracker.com/id?1024406 (2010-09-08) [10] Mozilla Firefox Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Obtain Potentially Sensitive Information, and Execute Arbitrary Code, SecurityTracker URL: http://securitytracker.com/id?1024401 (2010-09-08) -- To unsubscribe, e-mail: opensuse-factory-mozilla+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-factory-mozilla+help(a)opensuse.org

11 years, 8 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

openSUSE Factory Mozilla September 2010