|Summary:||net-libs/xulrunner-188.8.131.52 does not respect LDFLAGS plus installs a redundant dev-libs/nss copy|
|Product:||Gentoo Linux||Reporter:||Doktor Notor <notordoktor>|
|Component:||[OLD] Library||Assignee:||Mozilla Gentoo Team <mozilla>|
|Package list:||Runtime testing required:||---|
|Bug Depends on:|
Description Doktor Notor 2010-03-24 19:13:37 UTC
* QA Notice: Files built without respecting LDFLAGS have been detected * Please include the following list of files in your report: * /usr/lib/xulrunner-1.9.2/libssl3.so * /usr/lib/xulrunner-1.9.2/libsoftokn3.so * /usr/lib/xulrunner-1.9.2/libnss3.so * /usr/lib/xulrunner-1.9.2/libnssckbi.so * /usr/lib/xulrunner-1.9.2/libnssdbm3.so * /usr/lib/xulrunner-1.9.2/libfreebl3.so * /usr/lib/xulrunner-1.9.2/libnssutil3.so * /usr/lib/xulrunner-1.9.2/libsmime3.so
Comment 1 Doktor Notor 2010-03-24 19:35:04 UTC
And on another note, why does this thing bundle entire dev-libs/nss at all?
Comment 2 Rafał Mużyło 2010-03-24 19:48:43 UTC
That's just the thing - it should not. The problem here is that one of the checks is for nss 3.12.6, while the latest in portage is 3.12.5. What's more, for the moment I can't find a tarball of 3.12.6 in any of the obvious places, though it seems it was properly announced about a week ago.
Comment 3 Doktor Notor 2010-03-24 20:04:58 UTC
(In reply to comment #2) > What's more, for the moment I can't find a tarball of 3.12.6 in any of the > obvious places, though it seems it was properly announced about a week ago. That's be more than two weeks ago. http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/67563d451d4a52f6 If it's nowhere to be find and is really requires, can we poke upstream about this bogus announcement instead of installing redundant stuff that will become vulnerable sooner or later? :)
Comment 4 Rafał Mużyło 2010-03-24 20:18:33 UTC
I don't think it's a bogus announcement, it more like a bogus release policy: as its primary target is mozilla/firefox, not other downstream targets and those two (three, if you add thunderbird) carry around the whole tree, separate tarballs don't get proper care.
Comment 5 Doktor Notor 2010-03-24 20:30:41 UTC
Comment 6 Rafał Mużyło 2010-03-24 21:37:07 UTC
Tarball in redhat rpm is too stripped down, one from mandrake did build fine.
Comment 7 Nirbheek Chauhan (RETIRED) 2010-03-24 22:34:00 UTC
This is fixed with 184.108.40.206-r1 by a gentoo bump to 3.12.6 for nss with sources extracted from firefox-3.6.2.source.tar.bz2.
Comment 8 Doktor Notor 2010-03-25 01:07:49 UTC
(In reply to comment #7) > This is fixed with 220.127.116.11-r1 by a gentoo bump to 3.12.6 for nss with sources > extracted from firefox-3.6.2.source.tar.bz2. > Meh... BTW - https://bugzilla.mozilla.org/show_bug.cgi?id=550231: 21 days without any reply and counting. Upstream-- and brown paperbag for them.