GNU bug report logs -
#18581
IceCat fails to build on i686 and needs security updates
Previous Next
Reported by: Mark H Weaver <mhw <at> netris.org>
Date: Mon, 29 Sep 2014 06:09:01 UTC
Severity: serious
Done: ludo <at> gnu.org (Ludovic Courtès)
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 18581 in the body.
You can then email your comments to 18581 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org
:
bug#18581
; Package
guix
.
(Mon, 29 Sep 2014 06:09:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Mark H Weaver <mhw <at> netris.org>
:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org
.
(Mon, 29 Sep 2014 06:09:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
The icecat build on i686 broke with the last core-updates merge.
See:
http://hydra.gnu.org/build/96557/log/tail-reload
http://hydra.gnu.org/job/gnu/master/icecat-24.0.i686-linux
Some of the notable updates in that merge include:
glibc-2.20
gnutls-3.2.16
libunistring-0.9.4
libgc-7.4.2
libffi-3.1
Here's a more complete list:
http://hydra.gnu.org/eval/100725#tabs-new
Mark
Information forwarded
to
bug-guix <at> gnu.org
:
bug#18581
; Package
guix
.
(Tue, 30 Sep 2014 17:38:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 18581 <at> debbugs.gnu.org (full text, mbox):
retitle 18581 IceCat fails to build on i686 and needs security updates
severity 18581 serious
thanks
Mark H Weaver <mhw <at> netris.org> writes:
> The icecat build on i686 broke with the last core-updates merge.
> See:
>
> http://hydra.gnu.org/build/96557/log/tail-reload
> http://hydra.gnu.org/job/gnu/master/icecat-24.0.i686-linux
More importantly, the version of IceCat we are using is almost a year
old, with no security updates applied during that time.
We should update to IceCat 31, which is currently available only from
Trisquel, here:
http://devel.trisquel.info/icecat/belenos/pool/main/i/icecat/icecat_31.0+gnu3.tar.gz
We also need security updates applied, notably the recent NSS signature
verification flaw: (CVE-2014-1568)
http://seclists.org/oss-sec/2014/q3/736
https://www.mozilla.org/security/announce/2014/mfsa2014-73.html
There may be other security patches as well. I suggest looking on
mozilla.org for patches to version 31.
Mark
Changed bug title to 'IceCat fails to build on i686 and needs security updates' from 'icecat fails to build on i686'
Request was from
Mark H Weaver <mhw <at> netris.org>
to
control <at> debbugs.gnu.org
.
(Tue, 30 Sep 2014 17:38:02 GMT)
Full text and
rfc822 format available.
Severity set to 'serious' from 'normal'
Request was from
Mark H Weaver <mhw <at> netris.org>
to
control <at> debbugs.gnu.org
.
(Tue, 30 Sep 2014 17:38:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-guix <at> gnu.org
:
bug#18581
; Package
guix
.
(Tue, 30 Sep 2014 18:04:02 GMT)
Full text and
rfc822 format available.
Message #15 received at 18581 <at> debbugs.gnu.org (full text, mbox):
On Tue, Sep 30, 2014 at 01:37:08PM -0400, Mark H Weaver wrote:
> More importantly, the version of IceCat we are using is almost a year
> old, with no security updates applied during that time.
>
> We should update to IceCat 31, which is currently available only from
> Trisquel, here:
This is a problem with the gnuzilla maintenance, which is possibly solved:
https://lists.gnu.org/archive/html/bug-gnuzilla/2014-09/msg00008.html
Although the lack of news since September 11 is not encouraging.
Andreas
Information forwarded
to
bug-guix <at> gnu.org
:
bug#18581
; Package
guix
.
(Tue, 30 Sep 2014 19:59:02 GMT)
Full text and
rfc822 format available.
Message #18 received at 18581 <at> debbugs.gnu.org (full text, mbox):
Andreas Enge <andreas <at> enge.fr> writes:
> On Tue, Sep 30, 2014 at 01:37:08PM -0400, Mark H Weaver wrote:
>> More importantly, the version of IceCat we are using is almost a year
>> old, with no security updates applied during that time.
>>
>> We should update to IceCat 31, which is currently available only from
>> Trisquel, here:
>
> This is a problem with the gnuzilla maintenance, which is possibly solved:
> https://lists.gnu.org/archive/html/bug-gnuzilla/2014-09/msg00008.html
> Although the lack of news since September 11 is not encouraging.
Jason Self spoke to the new IceCat maintainer (Rubén Rodríguez, also the
Trisquel BDFL), and reports that the current plan is to base IceCat on
the Firefox v31 Extended Support Release (ESR), to get security updates
from Mozilla, and also to get the patches from TorBrowser. Rubén says
that he's almost done modifying his scripts for the FF31 ESR, at which
point we should be in good shape.
I also asked on #parabola to find out how they deal with this issue.
Apparently their IceCat is also old and unpatched, but they have scripts
to modify Debian's Iceweasel to comply with the FSDG here:
https://projects.parabola.nu/abslibre.git/tree/libre/iceweasel
We might consider adding this to Guix as well.
Thanks,
Mark
Information forwarded
to
bug-guix <at> gnu.org
:
bug#18581
; Package
guix
.
(Tue, 30 Sep 2014 22:05:02 GMT)
Full text and
rfc822 format available.
Message #21 received at 18581 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Mark H Weaver said:
> I also asked on #parabola to find out how they deal with this issue.
> Apparently their IceCat is also old and unpatched, but they have
> scripts to modify Debian's Iceweasel to comply with the FSDG here:
>
> https://projects.parabola.nu/abslibre.git/tree/libre/iceweasel
>
> We might consider adding this to Guix as well.
Also, Rubén's so-called "helper" script is available to the public. On
the GNUzilla Savannah project [0] hover over Source Code and select
either Use Git or Browse Sources Repository.
[0] http://savannah.gnu.org/projects/gnuzilla
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
ludo <at> gnu.org (Ludovic Courtès)
:
You have taken responsibility.
(Sun, 12 Oct 2014 21:24:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Mark H Weaver <mhw <at> netris.org>
:
bug acknowledged by developer.
(Sun, 12 Oct 2014 21:24:03 GMT)
Full text and
rfc822 format available.
Message #26 received at 18581-done <at> debbugs.gnu.org (full text, mbox):
Both the i686 and the security issues were fixed with the upgrade to
31.1.1 in commit 74c7af9, so closing this bug.
Thanks,
Ludo’.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Mon, 10 Nov 2014 12:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 9 years and 169 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.