Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
* Mike Hommey ([EMAIL PROTECTED]) wrote: > On Tue, Mar 06, 2007 at 06:05:09PM -0800, Steve Langasek <[EMAIL PROTECTED]> > wrote: > > On Tue, Mar 06, 2007 at 01:38:02PM +0100, Mike Hommey wrote: > > > On Tue, Mar 06, 2007 at 12:13:37PM +0100, Marc 'HE' Brockschmidt wrote: > > > > Eric Dorland <[EMAIL PROTECTED]> writes: > > > > > * Marc 'HE' Brockschmidt ([EMAIL PROTECTED]) wrote: > > > > >> I would love to see an upload to unstable before you start with that > > > > >> work, so that we can get a releasable version of iceweasel into > > > > >> testing soon. If time allows, you can propose a new packages with > > > > >> reorganized/added patches at a later point, but right now, I would > > > > >> like > > > > >> to get big pieces like iceweasel finally ready for release. > > > > > I'll try to roll a new release tonight. > > > > > > This led to #413162 (and friends). Could you please do another upload > > > > fixing only this bug, so that we finally have a version that is > > > > releasable? > > > > > Plus, upstream is going to put up a 2.0.0.3 release fixing regressions > > > introduced in 2.0.0.1 and 2.0.0.2, including a fix on client certificate > > > handling that may be important at least for french people who want to do > > > their tax declaration online using iceweasel. > > > > We really need to be converging on the release at this point. If 2.0.0.3 > > doesn't include any RC fixes, please upload the 2.0.0.2 that you have so > > that we can get iceweasel into a releasable state and consider 2.0.0.3 when > > it's available. I don't think there's any harm in releasing 2.0.0.2+dfsg-3 right now, and then uploading 2.0.0.3 a few days later. I've screwed up the last few releases, so it would be good to make sure the little bugs are all out of the way so when 2.0.0.3 is released it will be a simple drop in. I'm building right now and will upload once it's built. You have approximately an hour to stop me if you really feel this is a bad idea. > Here are the bugs that are fixed in 2.0.0.3, so far: > https://bugzilla.mozilla.org/buglist.cgi?field0-0-0=flagtypes.name&type0-0-0=equals&value0-0-0=blocking1.8.1.3%2B&order=map_assigned_to.login_name,bugs.bug_id > > One is security wise, though I don't see any real critical impact for this... > I'd say #371525, #371576, and #370136 are pretty serious regressions. -- Eric Dorland <[EMAIL PROTECTED]> ICQ: #61138586, Jabber: [EMAIL PROTECTED] 1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6 signature.asc Description: Digital signature
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
On Tue, Mar 06, 2007 at 06:05:09PM -0800, Steve Langasek <[EMAIL PROTECTED]> wrote: > On Tue, Mar 06, 2007 at 01:38:02PM +0100, Mike Hommey wrote: > > On Tue, Mar 06, 2007 at 12:13:37PM +0100, Marc 'HE' Brockschmidt wrote: > > > Eric Dorland <[EMAIL PROTECTED]> writes: > > > > * Marc 'HE' Brockschmidt ([EMAIL PROTECTED]) wrote: > > > >> I would love to see an upload to unstable before you start with that > > > >> work, so that we can get a releasable version of iceweasel into > > > >> testing soon. If time allows, you can propose a new packages with > > > >> reorganized/added patches at a later point, but right now, I would like > > > >> to get big pieces like iceweasel finally ready for release. > > > > I'll try to roll a new release tonight. > > > > This led to #413162 (and friends). Could you please do another upload > > > fixing only this bug, so that we finally have a version that is > > > releasable? > > > Plus, upstream is going to put up a 2.0.0.3 release fixing regressions > > introduced in 2.0.0.1 and 2.0.0.2, including a fix on client certificate > > handling that may be important at least for french people who want to do > > their tax declaration online using iceweasel. > > We really need to be converging on the release at this point. If 2.0.0.3 > doesn't include any RC fixes, please upload the 2.0.0.2 that you have so > that we can get iceweasel into a releasable state and consider 2.0.0.3 when > it's available. Here are the bugs that are fixed in 2.0.0.3, so far: https://bugzilla.mozilla.org/buglist.cgi?field0-0-0=flagtypes.name&type0-0-0=equals&value0-0-0=blocking1.8.1.3%2B&order=map_assigned_to.login_name,bugs.bug_id One is security wise, though I don't see any real critical impact for this... I'd say #371525, #371576, and #370136 are pretty serious regressions. Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
On Tue, Mar 06, 2007 at 01:38:02PM +0100, Mike Hommey wrote: > On Tue, Mar 06, 2007 at 12:13:37PM +0100, Marc 'HE' Brockschmidt wrote: > > Eric Dorland <[EMAIL PROTECTED]> writes: > > > * Marc 'HE' Brockschmidt ([EMAIL PROTECTED]) wrote: > > >> I would love to see an upload to unstable before you start with that > > >> work, so that we can get a releasable version of iceweasel into > > >> testing soon. If time allows, you can propose a new packages with > > >> reorganized/added patches at a later point, but right now, I would like > > >> to get big pieces like iceweasel finally ready for release. > > > I'll try to roll a new release tonight. > > This led to #413162 (and friends). Could you please do another upload > > fixing only this bug, so that we finally have a version that is > > releasable? > Plus, upstream is going to put up a 2.0.0.3 release fixing regressions > introduced in 2.0.0.1 and 2.0.0.2, including a fix on client certificate > handling that may be important at least for french people who want to do > their tax declaration online using iceweasel. We really need to be converging on the release at this point. If 2.0.0.3 doesn't include any RC fixes, please upload the 2.0.0.2 that you have so that we can get iceweasel into a releasable state and consider 2.0.0.3 when it's available. I recognize that bending the freeze guidelines is somewhat unavoidable due to Mozilla upstream's practice of delivering security fixes in a lump sum, but that doesn't mean I'm content to bend those guidelines for other bugs that aren't RC at all. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
On Tue, Mar 06, 2007 at 01:38:02PM +0100, Mike Hommey <[EMAIL PROTECTED]> wrote: > You can find the changelog here: > http://svn.debian.org/wsvn/pkg-mozilla/iceweasel/trunk/debian/changelog?op=file&rev=0&sc=0 FWIW: [EMAIL PROTECTED]:~$ svn diff file:///svn/pkg-mozilla/iceweasel/tags/2.0.0.2+dfsg-2 file:///svn/pkg-mozilla/iceweasel/trunk | filterdiff -x configure -x debian/*.xpm -x debian/*.uu -x debian/*.svg | diffstat browser/base/content/baseMenuOverlay.xul| 13 - browser/base/content/browserconfig.properties |2 configure.in| 12 - debian/about_debian.js | 133 +++ debian/changelog| 67 + debian/control |2 debian/copyright|3 debian/filter-globe.xsl | 21 + debian/homepagereset.js | 133 +++ debian/iceweasel-runner |7 debian/iceweasel.install|5 debian/iceweasel.links |1 debian/rules| 62 +++-- layout/base/nsPresContext.cpp | 141 +++- layout/base/nsPresContext.h | 13 + layout/generic/nsTextTransformer.h |4 modules/libjar/nsJAR.cpp| 12 - modules/libjar/nsJAR.h |5 xpcom/reflect/xptcall/src/md/unix/Makefile.in |6 xpcom/reflect/xptcall/src/md/unix/xptcinvoke_linux_m68k.cpp | 36 +-- xpcom/reflect/xptcall/src/md/unix/xptcstubs_linux_m68k.cpp | 12 - xpcom/typelib/xpidl/xpidl.c |4 22 files changed, 602 insertions(+), 92 deletions(-) The biggest changes are made to nsPresContext* and are from upstream. The next biggest additions are debian/about_debian.js and debian/homepagereset.js, the latter being taken from iceape and the former adding about:README.Debian and about:bugs pages. The rest is easily reviewed. Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
On Tue, Mar 06, 2007 at 12:13:37PM +0100, Marc 'HE' Brockschmidt wrote: > Eric Dorland <[EMAIL PROTECTED]> writes: > > * Marc 'HE' Brockschmidt ([EMAIL PROTECTED]) wrote: > >> I would love to see an upload to unstable before you start with that > >> work, so that we can get a releasable version of iceweasel into > >> testing soon. If time allows, you can propose a new packages with > >> reorganized/added patches at a later point, but right now, I would like > >> to get big pieces like iceweasel finally ready for release. > > I'll try to roll a new release tonight. > > This led to #413162 (and friends). Could you please do another upload > fixing only this bug, so that we finally have a version that is > releasable? This is not going to happen for the following reasons: - There are non filed RC bugs affecting the current iceweasel, which include: - Broken on hppa - Preferred form of modification not provided for tri-licensed logo - Copyright file doesn't include the copyright for the logo - Random crashes when null characters are present in justified text with unknown security consequences - Oudated config.guess and config.sub - There are unmet release goals, which include: - Having a blue globe on the logo - Fix for XUL FastLoad cache corruption on upgrade of jar'ed chrome - Removing links to Firefox release notes - Make the default home page be set to something (missing file) - Unified about page with iceape - Avoid home page to be set to unexisting file when the profile was initially imported from mozilla, which homepage file disappears with transition to iceape. Plus, upstream is going to put up a 2.0.0.3 release fixing regressions introduced in 2.0.0.1 and 2.0.0.2, including a fix on client certificate handling that may be important at least for french people who want to do their tax declaration online using iceweasel. I don't know when this release is going to be done, but I have a 2.0.0.2+dfsg-3 release ready for upload. You can find the changelog here: http://svn.debian.org/wsvn/pkg-mozilla/iceweasel/trunk/debian/changelog?op=file&rev=0&sc=0 It fixes all of the above problems, reverts some modifications that are now useless, and unifies patches with xulrunner and iceape, to ease patch handling for us maintainers (most of the latter are really cosmetic changes, except changes to the xpcom assembly for m68k, which has been applied for a while on iceape and xulrunner, and may fix unreported glitches on this architecture). I'm still waiting to see how fast upstream is going to release 2.0.0.3 to know when I'll upload or if I'll just introduce the client certificate fix in 2.0.0.2+dfsg-3. There is also another random crash bug that could fix a whole lot of the reported crashes that is currently under investigation by Alexander Sack, which I'm also waiting to see if it's going to be fixed soon. Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
Eric Dorland <[EMAIL PROTECTED]> writes: > * Marc 'HE' Brockschmidt ([EMAIL PROTECTED]) wrote: >> I would love to see an upload to unstable before you start with that >> work, so that we can get a releasable version of iceweasel into >> testing soon. If time allows, you can propose a new packages with >> reorganized/added patches at a later point, but right now, I would like >> to get big pieces like iceweasel finally ready for release. > I'll try to roll a new release tonight. This led to #413162 (and friends). Could you please do another upload fixing only this bug, so that we finally have a version that is releasable? Marc -- Fachbegriffe der Informatik - Einfach erklärt 71: Nescafe Der Welt populärster WWW-Browser [tm] (vgl. Java) pgpH0ZqUAhbvL.pgp Description: PGP signature
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
Mike Hommey <[EMAIL PROTECTED]> writes: > Mozilla has released security updates for its 1.8 and 1.8.0 branches, > respectively 1.8.1.2 (for Firefox 2.0.0.2) and 1.8.0.10 (for Seamonkey > 1.0.8, Thunderbird 1.5.0.10). After having a look at xulrunner tonight, I guess it's safe enough to upload this to unstable. There we can watch how its r-deps break, I guess. Marc -- Fachbegriffe der Informatik - Einfach erklärt 128: SAP Sammelstelle Arbeitsloser Physiker (Alexander Schreiber) pgpbyX2owEosH.pgp Description: PGP signature
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
* Marc 'HE' Brockschmidt ([EMAIL PROTECTED]) wrote: > Mike Hommey <[EMAIL PROTECTED]> writes: > [new iceweasel to unstable] > > The fix for #412418 is already in svn. I'm not sure it will happen for > > next upload but I'd like to uniformize the patches applied to all the > > mozilla packages, which I started to do with xulrunner in version > > 1.8.0.10-1, which explains some of the new patches applied to it. These > > new patches on xulrunner were taken from icedove, iceweasel or iceape > > for most of them. I'd like to do the same kind of thing with iceape and > > iceweasel before the release, if we have time for this, which is the > > reason of [1], which needs to be updated with the latest information > > available. > > I would love to see an upload to unstable before you start with that > work, so that we can get a releasable version of iceweasel into > testing soon. If time allows, you can propose a new packages with > reorganized/added patches at a later point, but right now, I would like > to get big pieces like iceweasel finally ready for release. I'll try to roll a new release tonight. -- Eric Dorland <[EMAIL PROTECTED]> ICQ: #61138586, Jabber: [EMAIL PROTECTED] 1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6 signature.asc Description: Digital signature
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
Mike Hommey <[EMAIL PROTECTED]> writes: [new iceweasel to unstable] > The fix for #412418 is already in svn. I'm not sure it will happen for > next upload but I'd like to uniformize the patches applied to all the > mozilla packages, which I started to do with xulrunner in version > 1.8.0.10-1, which explains some of the new patches applied to it. These > new patches on xulrunner were taken from icedove, iceweasel or iceape > for most of them. I'd like to do the same kind of thing with iceape and > iceweasel before the release, if we have time for this, which is the > reason of [1], which needs to be updated with the latest information > available. I would love to see an upload to unstable before you start with that work, so that we can get a releasable version of iceweasel into testing soon. If time allows, you can propose a new packages with reorganized/added patches at a later point, but right now, I would like to get big pieces like iceweasel finally ready for release. Marc -- BOFH #329: Server depressed, needs Prozak pgp2h2SOt9Spr.pgp Description: PGP signature
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
On Wed, Feb 28, 2007 at 11:42:36PM +0100, Mike Hommey <[EMAIL PROTECTED]> wrote: > If you need assistance in the patch reviewing, I can lend a hand and > explain the rationale behind them if necessary. ... for the Debian changes, obviously. Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
On Wed, Feb 28, 2007 at 11:29:13PM +0100, Marc 'HE' Brockschmidt <[EMAIL PROTECTED]> wrote: > Mike Hommey <[EMAIL PROTECTED]> writes: > > Mozilla has released security updates for its 1.8 and 1.8.0 branches, > > respectively 1.8.1.2 (for Firefox 2.0.0.2) and 1.8.0.10 (for Seamonkey > > 1.0.8, Thunderbird 1.5.0.10). > > We [1] have talked a bit about the situation for iceweasel. We are > basically OK with letting the new release in, even if we can't review > the patches (it's what we have learned to expect from mozilla software), > but if we are updating the version in etch, it would be nice to fix > #412418 first. So, would it be OK for you to upload a new version, > including a fix for this bug (and maybe others, if the patches are small > and the problems big)? The fix for #412418 is already in svn. I'm not sure it will happen for next upload but I'd like to uniformize the patches applied to all the mozilla packages, which I started to do with xulrunner in version 1.8.0.10-1, which explains some of the new patches applied to it. These new patches on xulrunner were taken from icedove, iceweasel or iceape for most of them. I'd like to do the same kind of thing with iceape and iceweasel before the release, if we have time for this, which is the reason of [1], which needs to be updated with the latest information available. BTW, I uploaded a new version of xulrunner 1.8.0.10-1 with un-fuzzed patches, and rpath removal on libnss3-tools programs, which also make it lintian clean. It is in my repository[2]. I'll test it some more until tomorrow and will upload to unstable if everything looks fine. If you need assistance in the patch reviewing, I can lend a hand and explain the rationale behind them if necessary. Mike 1. http://web.glandium.org/debian/teams/pkg-mozilla/mozpatches.html It helped identifying what patches should be applied to xulrunner that weren't already, and tracking bugs to send upstream. 2. http://web.glandium.org/debian/repository/unstable/xulrunner_1.8.0.10-1_i386.changes -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
Mike Hommey <[EMAIL PROTECTED]> writes: > Mozilla has released security updates for its 1.8 and 1.8.0 branches, > respectively 1.8.1.2 (for Firefox 2.0.0.2) and 1.8.0.10 (for Seamonkey > 1.0.8, Thunderbird 1.5.0.10). We [1] have talked a bit about the situation for iceweasel. We are basically OK with letting the new release in, even if we can't review the patches (it's what we have learned to expect from mozilla software), but if we are updating the version in etch, it would be nice to fix #412418 first. So, would it be OK for you to upload a new version, including a fix for this bug (and maybe others, if the patches are small and the problems big)? Marc Footnotes: [1] the release team -- BOFH #285: Telecommunications is upgrading. pgpdeJoMlrjMJ.pgp Description: PGP signature
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
On Tue, Feb 27, 2007 at 08:28:51AM +0100, Mike Hommey <[EMAIL PROTECTED]> wrote: > 1. > http://web.glandium.org/debian/repository/unstable/xulrunner_1.8.0.10-1_i386.changes It's even better with the source http://web.glandium.org/debian/repository/unstable/xulrunner_1.8.0.10-1.dsc Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
On Mon, Feb 26, 2007 at 08:46:02AM +0100, Mike Hommey <[EMAIL PROTECTED]> wrote: > On Sun, Feb 25, 2007 at 08:57:19PM -0800, Steve Langasek <[EMAIL PROTECTED]> > wrote: > > On Sun, Feb 25, 2007 at 09:39:46AM +0100, Mike Hommey wrote: > > > I'll let the RMs decide whether iceape and icedove upgrades are less > > > problematic since they don't involve reverse dependencies. > > > > Less problematic, certainly. > > > > Hopefully these updates won't have the problem of past mozilla > > new-upstream-version "security" fixes, where every single file shows up in > > the diff because of cvs keywords? > > Nope, they won't. But FWIW, here is a diffstat of the upstream > differences between 1.8.0.9 and 1.8.0.10 for a xulrunner checkout (which > includes some stuff from icedove and iceape, but not all). The diff > itself is 5MiB. Here[1] is a pre-release of 1.8.0.10-1. I still need to check the dpatches, because some apply with fuzz and I want to be sure it doesn't introduce unintended rules/code. Maybe you could start reviewing the upstream diffs at least and give your opinion. I will try to test these packages today and/or tomorrow, but if in the meanwhile people using reverse dependencies could give it a try (especially for libnss3-0d, which means I'd like feedback from, for instance, evolution or gaim users that make use of SSL/TLS functionalities) Thanks Mike 1. http://web.glandium.org/debian/repository/unstable/xulrunner_1.8.0.10-1_i386.changes -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
On Mon, Feb 26, 2007 at 02:09:59PM +0100, Rik Theys <[EMAIL PROTECTED]> wrote: > Hi, > > RHEL updated seamonkey and seamonkey-nss from 1.0.7 to 1.0.8 and this > caused quite a lot of breakage: evolution no longer started and gaim > crashes. Interesting, considering 1.0.8 is still at release candidate level. > I hope Debian is more carefull with their (mozilla) updates :-). But I'm > quite confident (Debian's QA is good, IMHO RHEL doesn't seem to have a > QA team). I don't know what redhat does when they upgrade their mozilla, but I check most reverse dependencies here. Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
On Mon, Feb 26, 2007 at 02:09:59PM +0100, Rik Theys wrote: > Hi, > > RHEL updated seamonkey and seamonkey-nss from 1.0.7 to 1.0.8 and this > caused quite a lot of breakage: evolution no longer started and gaim > crashes. > Thanks for the info. I think we should double check that those applications still work before moving xulrunner to etch. - Alexander -- GPG messages preferred.| .''`. ** Debian GNU/Linux ** Alexander Sack | : :' : The universal [EMAIL PROTECTED]| `. `' Operating System http://www.asoftsite.org/ | `-http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
Hi, RHEL updated seamonkey and seamonkey-nss from 1.0.7 to 1.0.8 and this caused quite a lot of breakage: evolution no longer started and gaim crashes. I hope Debian is more carefull with their (mozilla) updates :-). But I'm quite confident (Debian's QA is good, IMHO RHEL doesn't seem to have a QA team). Greetings, Rik -- Rik Theys <> Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
* Steve Langasek ([EMAIL PROTECTED]) wrote: > On Sun, Feb 25, 2007 at 09:39:46AM +0100, Mike Hommey wrote: > > I'll let the RMs decide whether iceape and icedove upgrades are less > > problematic since they don't involve reverse dependencies. > > Less problematic, certainly. > > Hopefully these updates won't have the problem of past mozilla > new-upstream-version "security" fixes, where every single file shows up in > the diff because of cvs keywords? I don't think every single file will, but yes, there are a bunch of CVS keyword changes only I believe. -- Eric Dorland <[EMAIL PROTECTED]> ICQ: #61138586, Jabber: [EMAIL PROTECTED] 1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6 signature.asc Description: Digital signature
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
On Sun, Feb 25, 2007 at 08:57:19PM -0800, Steve Langasek <[EMAIL PROTECTED]> wrote: > On Sun, Feb 25, 2007 at 09:39:46AM +0100, Mike Hommey wrote: > > I'll let the RMs decide whether iceape and icedove upgrades are less > > problematic since they don't involve reverse dependencies. > > Less problematic, certainly. > > Hopefully these updates won't have the problem of past mozilla > new-upstream-version "security" fixes, where every single file shows up in > the diff because of cvs keywords? Nope, they won't. But FWIW, here is a diffstat of the upstream differences between 1.8.0.9 and 1.8.0.10 for a xulrunner checkout (which includes some stuff from icedove and iceape, but not all). The diff itself is 5MiB. Mike diffstat.bz2 Description: Binary data
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
On Sun, Feb 25, 2007 at 09:39:46AM +0100, Mike Hommey wrote: > I'll let the RMs decide whether iceape and icedove upgrades are less > problematic since they don't involve reverse dependencies. Less problematic, certainly. Hopefully these updates won't have the problem of past mozilla new-upstream-version "security" fixes, where every single file shows up in the diff because of cvs keywords? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
On Sun, Feb 25, 2007 at 03:56:11PM +0100, Alexander Sack <[EMAIL PROTECTED]> wrote: > > The only thing I can tell to reassure you is that NSPR and NSS have > > strong ABI stability requirements, since they are used by closed-source > > products such as SunOne, so we're probably safe here. OTOH, NSS added > > some new stuff (such as libfreebl) that may need some care to not mess > > with, especially on xulrunner, but I've had to deal with it with > > iceweasel so that's not a big surprise. > > ... I remember discussion about the NSS migration; it was assured that > NSS has hard ABI compatibility requirements. So do we really have > problems with NSS in xulrunner or not? Besides potentially introducing packaging bugs, no. Hopefully, there is still time before the release for the obvious bugs to be caught. Also, the RMs being the ones to review the debdiffs, it's their choice ;) Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla codebase releases 1.8.1.2 and 1.8.0.10
On Sun, Feb 25, 2007 at 09:39:46AM +0100, Mike Hommey wrote: > Hi, > > Mozilla has released security updates for its 1.8 and 1.8.0 branches, > respectively 1.8.1.2 (for Firefox 2.0.0.2) and 1.8.0.10 (for Seamonkey > 1.0.8, Thunderbird 1.5.0.10). > > While on the 1.8 branch, the changes to nspr and nss might not be as > substancial, the changes to the 1.8.0 branch consisted in taking new > upstream versions: > > Mozilla version 1.8.0.9 1.8.1.1 1.8.0.10 and 1.8.1.2 > NSPR version 4.6.14.6.4 4.6.5 > NSS version 3.10.2 3.11.4 3.11.5 For me 4.6.1 and 4.6.5 (nspr) look like from the same branch, while 3.10.2 and 3.11.5 (nss) look different. > > The changes between minor versions might mostly be security updates, > though I've not have time and probably won't have much to dig into the > code and/or upstream CVS. > > So while we're mostly safe with the iceweasel upgrade, we may be going > to introduce new versions of NSPR and NSS if we blindly upgrade to the > latest 1.8.0 branch releases. > > While it may not be a huge problem with iceape and icedove, since they > are using their own copies of the libraries, it may be more of a problem > for xulrunner which provides libnss and libnspr for other packages to > build. > > I *won't* have time to cherry pick security fixes to make a proper > upload involving less risk for the release, so I'm requesting for help: > - either be allowed to upload these new versions to the archive > - or someone (could be several someones) motivated enough and with a lot > of spare time could cherry pick the security fixes for nspr and nss > for incorporation in the 1.8.0 branch. I can't remember anything special about nspr, but the reason why mozilla had to switch to another NSS branch is because they burned themselves by cherry-picking security fixes from the official maintained nss branch. So lets not make the same fault here. > > I'll let the RMs decide whether iceape and icedove upgrades are less > problematic since they don't involve reverse dependencies. > > The iceweasel upgrade may only involve security fixes and minor > enhancements, but I've not looked into the changes yet, but I hope Eric > will ;). > > The only thing I can tell to reassure you is that NSPR and NSS have > strong ABI stability requirements, since they are used by closed-source > products such as SunOne, so we're probably safe here. OTOH, NSS added > some new stuff (such as libfreebl) that may need some care to not mess > with, especially on xulrunner, but I've had to deal with it with > iceweasel so that's not a big surprise. ... I remember discussion about the NSS migration; it was assured that NSS has hard ABI compatibility requirements. So do we really have problems with NSS in xulrunner or not? - Alexander -- GPG messages preferred.| .''`. ** Debian GNU/Linux ** Alexander Sack | : :' : The universal [EMAIL PROTECTED]| `. `' Operating System http://www.asoftsite.org/ | `-http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Mozilla codebase releases 1.8.1.2 and 1.8.0.10
Hi, Mozilla has released security updates for its 1.8 and 1.8.0 branches, respectively 1.8.1.2 (for Firefox 2.0.0.2) and 1.8.0.10 (for Seamonkey 1.0.8, Thunderbird 1.5.0.10). While on the 1.8 branch, the changes to nspr and nss might not be as substancial, the changes to the 1.8.0 branch consisted in taking new upstream versions: Mozilla version 1.8.0.9 1.8.1.1 1.8.0.10 and 1.8.1.2 NSPR version 4.6.14.6.4 4.6.5 NSS version 3.10.2 3.11.4 3.11.5 The changes between minor versions might mostly be security updates, though I've not have time and probably won't have much to dig into the code and/or upstream CVS. So while we're mostly safe with the iceweasel upgrade, we may be going to introduce new versions of NSPR and NSS if we blindly upgrade to the latest 1.8.0 branch releases. While it may not be a huge problem with iceape and icedove, since they are using their own copies of the libraries, it may be more of a problem for xulrunner which provides libnss and libnspr for other packages to build. I *won't* have time to cherry pick security fixes to make a proper upload involving less risk for the release, so I'm requesting for help: - either be allowed to upload these new versions to the archive - or someone (could be several someones) motivated enough and with a lot of spare time could cherry pick the security fixes for nspr and nss for incorporation in the 1.8.0 branch. I'll let the RMs decide whether iceape and icedove upgrades are less problematic since they don't involve reverse dependencies. The iceweasel upgrade may only involve security fixes and minor enhancements, but I've not looked into the changes yet, but I hope Eric will ;). The only thing I can tell to reassure you is that NSPR and NSS have strong ABI stability requirements, since they are used by closed-source products such as SunOne, so we're probably safe here. OTOH, NSS added some new stuff (such as libfreebl) that may need some care to not mess with, especially on xulrunner, but I've had to deal with it with iceweasel so that's not a big surprise. Cheers, Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
