* QA Notice: Files built without respecting LDFLAGS have been detected * Please include the following list of files in your report: * /usr/lib/xulrunner-1.9.2/libssl3.so * /usr/lib/xulrunner-1.9.2/libsoftokn3.so * /usr/lib/xulrunner-1.9.2/libnss3.so * /usr/lib/xulrunner-1.9.2/libnssckbi.so * /usr/lib/xulrunner-1.9.2/libnssdbm3.so * /usr/lib/xulrunner-1.9.2/libfreebl3.so * /usr/lib/xulrunner-1.9.2/libnssutil3.so * /usr/lib/xulrunner-1.9.2/libsmime3.so
And on another note, why does this thing bundle entire dev-libs/nss at all?
That's just the thing - it should not. The problem here is that one of the checks is for nss 3.12.6, while the latest in portage is 3.12.5. What's more, for the moment I can't find a tarball of 3.12.6 in any of the obvious places, though it seems it was properly announced about a week ago.
(In reply to comment #2) > What's more, for the moment I can't find a tarball of 3.12.6 in any of the > obvious places, though it seems it was properly announced about a week ago. That's be more than two weeks ago. http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/67563d451d4a52f6 If it's nowhere to be find and is really requires, can we poke upstream about this bogus announcement instead of installing redundant stuff that will become vulnerable sooner or later? :)
I don't think it's a bogus announcement, it more like a bogus release policy: as its primary target is mozilla/firefox, not other downstream targets and those two (three, if you add thunderbird) carry around the whole tree, separate tarballs don't get proper care.
http://ftp.sh.cvut.cz/MIRRORS/fedora/linux/development/source/SRPMS/nss-3.12.6-2.fc14.src.rpm If everything fails :)
Tarball in redhat rpm is too stripped down, one from mandrake did build fine.
This is fixed with 1.9.2.2-r1 by a gentoo bump to 3.12.6 for nss with sources extracted from firefox-3.6.2.source.tar.bz2.
(In reply to comment #7) > This is fixed with 1.9.2.2-r1 by a gentoo bump to 3.12.6 for nss with sources > extracted from firefox-3.6.2.source.tar.bz2. > Meh... BTW - https://bugzilla.mozilla.org/show_bug.cgi?id=550231: 21 days without any reply and counting. Upstream-- and brown paperbag for them.