Mozilla codebase releases 1.8.1.2 and 1.8.0.10

Mike Hommey mh at glandium.org
Sun Feb 25 09:39:46 CET 2007


Hi,

Mozilla has released security updates for its 1.8 and 1.8.0 branches,
respectively 1.8.1.2 (for Firefox 2.0.0.2) and 1.8.0.10 (for Seamonkey
1.0.8, Thunderbird 1.5.0.10).

While on the 1.8 branch, the changes to nspr and nss might not be as
substancial, the changes to the 1.8.0 branch consisted in taking new
upstream versions:

Mozilla version      1.8.0.9      1.8.1.1     1.8.0.10 and 1.8.1.2
NSPR version         4.6.1        4.6.4       4.6.5
NSS version          3.10.2       3.11.4      3.11.5

The changes between minor versions might mostly be security updates,
though I've not have time and probably won't have much to dig into the
code and/or upstream CVS.

So while we're mostly safe with the iceweasel upgrade, we may be going
to introduce new versions of NSPR and NSS if we blindly upgrade to the
latest 1.8.0 branch releases.

While it may not be a huge problem with iceape and icedove, since they
are using their own copies of the libraries, it may be more of a problem
for xulrunner which provides libnss and libnspr for other packages to
build.

I *won't* have time to cherry pick security fixes to make a proper
upload involving less risk for the release, so I'm requesting for help:
- either be allowed to upload these new versions to the archive
- or someone (could be several someones) motivated enough and with a lot
  of spare time could cherry pick the security fixes for nspr and nss
  for incorporation in the 1.8.0 branch.

I'll let the RMs decide whether iceape and icedove upgrades are less
problematic since they don't involve reverse dependencies.

The iceweasel upgrade may only involve security fixes and minor
enhancements, but I've not looked into the changes yet, but I hope Eric
will ;).

The only thing I can tell to reassure you is that NSPR and NSS have
strong ABI stability requirements, since they are used by closed-source
products such as SunOne, so we're probably safe here. OTOH, NSS added
some new stuff (such as libfreebl) that may need some care to not mess
with, especially on xulrunner, but I've had to deal with it with
iceweasel so that's not a big surprise.

Cheers,

Mike




More information about the pkg-mozilla-maintainers mailing list