GNU bug report logs - #18581
IceCat fails to build on i686 and needs security updates

Previous Next

Package: guix;

Reported by: Mark H Weaver <mhw <at> netris.org>

Date: Mon, 29 Sep 2014 06:09:01 UTC

Severity: serious

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 18581 in the body.
You can then email your comments to 18581 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#18581; Package guix. (Mon, 29 Sep 2014 06:09:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Mark H Weaver <mhw <at> netris.org>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Mon, 29 Sep 2014 06:09:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Mark H Weaver <mhw <at> netris.org>
To: bug-guix <at> gnu.org
Subject: icecat fails to build on i686
Date: Mon, 29 Sep 2014 02:07:30 -0400

The icecat build on i686 broke with the last core-updates merge.
See:

  http://hydra.gnu.org/build/96557/log/tail-reload
  http://hydra.gnu.org/job/gnu/master/icecat-24.0.i686-linux

Some of the notable updates in that merge include:

  glibc-2.20
  gnutls-3.2.16
  libunistring-0.9.4
  libgc-7.4.2
  libffi-3.1

Here's a more complete list:

  http://hydra.gnu.org/eval/100725#tabs-new

     Mark
Information forwarded to bug-guix <at> gnu.org:
bug#18581; Package guix. (Tue, 30 Sep 2014 17:38:01 GMT) Full text and rfc822 format available.

Message #8 received at 18581 <at> debbugs.gnu.org (full text, mbox):

From: Mark H Weaver <mhw <at> netris.org>
To: 18581 <at> debbugs.gnu.org
Cc: request <at> debbugs.gnu.org
Subject: Re: bug#18581: icecat fails to build on i686
Date: Tue, 30 Sep 2014 13:37:08 -0400

retitle 18581 IceCat fails to build on i686 and needs security updates
severity 18581 serious
thanks

Mark H Weaver <mhw <at> netris.org> writes:
> The icecat build on i686 broke with the last core-updates merge.
> See:
>
>   http://hydra.gnu.org/build/96557/log/tail-reload
>   http://hydra.gnu.org/job/gnu/master/icecat-24.0.i686-linux

More importantly, the version of IceCat we are using is almost a year
old, with no security updates applied during that time.

We should update to IceCat 31, which is currently available only from
Trisquel, here:

  http://devel.trisquel.info/icecat/belenos/pool/main/i/icecat/icecat_31.0+gnu3.tar.gz

We also need security updates applied, notably the recent NSS signature
verification flaw: (CVE-2014-1568)

  http://seclists.org/oss-sec/2014/q3/736
  https://www.mozilla.org/security/announce/2014/mfsa2014-73.html

There may be other security patches as well.  I suggest looking on
mozilla.org for patches to version 31.

      Mark
Changed bug title to 'IceCat fails to build on i686 and needs security updates' from 'icecat fails to build on i686' Request was from Mark H Weaver <mhw <at> netris.org> to control <at> debbugs.gnu.org. (Tue, 30 Sep 2014 17:38:02 GMT) Full text and rfc822 format available.
Severity set to 'serious' from 'normal' Request was from Mark H Weaver <mhw <at> netris.org> to control <at> debbugs.gnu.org. (Tue, 30 Sep 2014 17:38:02 GMT) Full text and rfc822 format available.
Information forwarded to bug-guix <at> gnu.org:
bug#18581; Package guix. (Tue, 30 Sep 2014 18:04:02 GMT) Full text and rfc822 format available.

Message #15 received at 18581 <at> debbugs.gnu.org (full text, mbox):

From: Andreas Enge <andreas <at> enge.fr>
To: Mark H Weaver <mhw <at> netris.org>
Cc: 18581 <at> debbugs.gnu.org
Subject: Re: bug#18581: icecat fails to build on i686
Date: Tue, 30 Sep 2014 20:02:37 +0200

On Tue, Sep 30, 2014 at 01:37:08PM -0400, Mark H Weaver wrote:
> More importantly, the version of IceCat we are using is almost a year
> old, with no security updates applied during that time.
> 
> We should update to IceCat 31, which is currently available only from
> Trisquel, here:

This is a problem with the gnuzilla maintenance, which is possibly solved:
   https://lists.gnu.org/archive/html/bug-gnuzilla/2014-09/msg00008.html
Although the lack of news since September 11 is not encouraging.

Andreas
Information forwarded to bug-guix <at> gnu.org:
bug#18581; Package guix. (Tue, 30 Sep 2014 19:59:02 GMT) Full text and rfc822 format available.

Message #18 received at 18581 <at> debbugs.gnu.org (full text, mbox):

From: Mark H Weaver <mhw <at> netris.org>
To: Andreas Enge <andreas <at> enge.fr>
Cc: 18581 <at> debbugs.gnu.org
Subject: Re: bug#18581: IceCat fails to build on i686 and needs security
 updates
Date: Tue, 30 Sep 2014 15:58:32 -0400

Andreas Enge <andreas <at> enge.fr> writes:

> On Tue, Sep 30, 2014 at 01:37:08PM -0400, Mark H Weaver wrote:
>> More importantly, the version of IceCat we are using is almost a year
>> old, with no security updates applied during that time.
>> 
>> We should update to IceCat 31, which is currently available only from
>> Trisquel, here:
>
> This is a problem with the gnuzilla maintenance, which is possibly solved:
>    https://lists.gnu.org/archive/html/bug-gnuzilla/2014-09/msg00008.html
> Although the lack of news since September 11 is not encouraging.

Jason Self spoke to the new IceCat maintainer (Rubén Rodríguez, also the
Trisquel BDFL), and reports that the current plan is to base IceCat on
the Firefox v31 Extended Support Release (ESR), to get security updates
from Mozilla, and also to get the patches from TorBrowser.  Rubén says
that he's almost done modifying his scripts for the FF31 ESR, at which
point we should be in good shape.

I also asked on #parabola to find out how they deal with this issue.
Apparently their IceCat is also old and unpatched, but they have scripts
to modify Debian's Iceweasel to comply with the FSDG here:

  https://projects.parabola.nu/abslibre.git/tree/libre/iceweasel

We might consider adding this to Guix as well.

     Thanks,
       Mark
Information forwarded to bug-guix <at> gnu.org:
bug#18581; Package guix. (Tue, 30 Sep 2014 22:05:02 GMT) Full text and rfc822 format available.

Message #21 received at 18581 <at> debbugs.gnu.org (full text, mbox):

From: "Jason Self" <jason <at> bluehome.net>
To: 18581 <at> debbugs.gnu.org
Subject: Re: bug#18581: IceCat fails to build on i686 and needs security
 updates
Date: Tue, 30 Sep 2014 15:03:57 -0700 (PDT)

[Message part 1 (text/plain, inline)]
Mark H Weaver said:
> I also asked on #parabola to find out how they deal with this issue.
> Apparently their IceCat is also old and unpatched, but they have
> scripts to modify Debian's Iceweasel to comply with the FSDG here:
>
>   https://projects.parabola.nu/abslibre.git/tree/libre/iceweasel
>
> We might consider adding this to Guix as well.

Also, Rubén's so-called "helper" script is available to the public. On
the GNUzilla Savannah project [0] hover over Source Code and select
either Use Git or Browse Sources Repository.

[0] http://savannah.gnu.org/projects/gnuzilla

[signature.asc (application/pgp-signature, inline)]
Reply sent to ludo <at> gnu.org (Ludovic Courtès):
You have taken responsibility. (Sun, 12 Oct 2014 21:24:02 GMT) Full text and rfc822 format available.
Notification sent to Mark H Weaver <mhw <at> netris.org>:
bug acknowledged by developer. (Sun, 12 Oct 2014 21:24:03 GMT) Full text and rfc822 format available.

Message #26 received at 18581-done <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Mark H Weaver <mhw <at> netris.org>
Cc: 18581-done <at> debbugs.gnu.org
Subject: Re: bug#18581: icecat fails to build on i686
Date: Sun, 12 Oct 2014 23:23:18 +0200

Both the i686 and the security issues were fixed with the upgrade to
31.1.1 in commit 74c7af9, so closing this bug.

Thanks,
Ludo’.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Mon, 10 Nov 2014 12:24:04 GMT) Full text and rfc822 format available.
This bug report was last modified 9 years and 169 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.