Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 311167

Summary: net-libs/xulrunner-1.9.2.2 does not respect LDFLAGS plus installs a redundant dev-libs/nss copy
Product: Gentoo Linux Reporter: Doktor Notor <notordoktor>
Component: [OLD] LibraryAssignee: Mozilla Gentoo Team <mozilla>
Status: VERIFIED FIXED    
Severity: QA CC: spatz
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 331933    

Description Doktor Notor 2010-03-24 19:13:37 UTC
* QA Notice: Files built without respecting LDFLAGS have been detected
 *  Please include the following list of files in your report:
 * /usr/lib/xulrunner-1.9.2/libssl3.so
 * /usr/lib/xulrunner-1.9.2/libsoftokn3.so
 * /usr/lib/xulrunner-1.9.2/libnss3.so
 * /usr/lib/xulrunner-1.9.2/libnssckbi.so
 * /usr/lib/xulrunner-1.9.2/libnssdbm3.so
 * /usr/lib/xulrunner-1.9.2/libfreebl3.so
 * /usr/lib/xulrunner-1.9.2/libnssutil3.so
 * /usr/lib/xulrunner-1.9.2/libsmime3.so
Comment 1 Doktor Notor 2010-03-24 19:35:04 UTC
And on another note, why does this thing bundle entire dev-libs/nss at all?
Comment 2 Rafał Mużyło 2010-03-24 19:48:43 UTC
That's just the thing - it should not.

The problem here is that one of the checks is for nss 3.12.6,
while the latest in portage is 3.12.5.

What's more, for the moment I can't find a tarball of 3.12.6 in any of the obvious places, though it seems it was properly announced about a week ago.
Comment 3 Doktor Notor 2010-03-24 20:04:58 UTC
(In reply to comment #2)
> What's more, for the moment I can't find a tarball of 3.12.6 in any of the
> obvious places, though it seems it was properly announced about a week ago.

That's be more than two weeks ago.  

http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/67563d451d4a52f6

If it's nowhere to be find and is really requires, can we poke upstream about this bogus announcement instead of installing redundant stuff that will become vulnerable sooner or later? :)
Comment 4 Rafał Mużyło 2010-03-24 20:18:33 UTC
I don't think it's a bogus announcement,
it more like a bogus release policy:
as its primary target is mozilla/firefox, not other
downstream targets and those two (three, if you add thunderbird)
carry around the whole tree, separate tarballs don't get proper care.
Comment 6 Rafał Mużyło 2010-03-24 21:37:07 UTC
Tarball in redhat rpm is too stripped down,
one from mandrake did build fine.
Comment 7 Nirbheek Chauhan (RETIRED) gentoo-dev 2010-03-24 22:34:00 UTC
This is fixed with 1.9.2.2-r1 by a gentoo bump to 3.12.6 for nss with sources extracted from firefox-3.6.2.source.tar.bz2.
Comment 8 Doktor Notor 2010-03-25 01:07:49 UTC
(In reply to comment #7)
> This is fixed with 1.9.2.2-r1 by a gentoo bump to 3.12.6 for nss with sources
> extracted from firefox-3.6.2.source.tar.bz2.
> 

Meh... BTW - https://bugzilla.mozilla.org/show_bug.cgi?id=550231: 21 days without any reply and counting. Upstream-- and brown paperbag for them.