Discussion:
Bug#434844: security update broke xulrunner-xpcom.pc
Rene Engelhard
2007-07-27 06:41:21 UTC
Permalink
Package: libxul-dev
Version: 1.8.0.13~pre070720-0etch1
Severity: grave
Tags: etch security

On my OOo build on etch:

/home/rene/Debian/Pakete/openoffice.org/openoffice.org-2.3.0/ooo-build/build/current/extensions/source/plugin/base
dmake: Executing shell macro: $(PKGCONFIG) $(PKGCONFIG_PREFIX) --cflags
$(PKGCONFIG_MODULES)
Package 'Mozilla Plug-In API' requires 'xulrunner-xpcom =
1.8.0.13~pre070720' but version of XPCOM is 1.8.0.13pre
dmake: Error code 1, while making 'Shell escape'
---* RULES.MK *---

ERROR: Error 65280 occurred while making
/home/rene/Debian/Pakete/openoffice.org/openoffice.org-2.3.0/ooo-build/build/current/extensions/source/plugin/base
make[1]: *** [stamp/build] Fehler 1
make[1]: Leaving directory
`/home/rene/Debian/Pakete/openoffice.org/openoffice.org-2.3.0/ooo-build'
make: *** [debian/stampdir/build] Fehler 2
debuild: fatal error at line 1228:
debian/rules build failed

works with stables xulrunner (1.8.0.11-2).

Regards,

Rene

-- System Information:
Debian Release: 4.0
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-powerpc
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages libxul-dev depends on:
ii libmozjs-dev 1.8.0.13~pre070720-0etch1 Development files for the Mozilla
ii libnspr4-dev 1.8.0.13~pre070720-0etch1 Development files for the NetScape
ii libnss3-dev 1.8.0.13~pre070720-0etch1 Development files for the Network
ii libxul0d 1.8.0.13~pre070720-0etch1 Gecko engine library
ii xulrunner 1.8.0.13~pre070720-0etch1 XUL + XPCOM application runner

libxul-dev recommends no packages.

-- no debconf information
Mike Hommey
2007-07-27 12:06:11 UTC
Permalink
Post by Rene Engelhard
Package: libxul-dev
Version: 1.8.0.13~pre070720-0etch1
Severity: grave
Tags: etch security
/home/rene/Debian/Pakete/openoffice.org/openoffice.org-2.3.0/ooo-build/build/current/extensions/source/plugin/base
dmake: Executing shell macro: $(PKGCONFIG) $(PKGCONFIG_PREFIX) --cflags
$(PKGCONFIG_MODULES)
Package 'Mozilla Plug-In API' requires 'xulrunner-xpcom =
1.8.0.13~pre070720' but version of XPCOM is 1.8.0.13pre
dmake: Error code 1, while making 'Shell escape'
---* RULES.MK *---
ERROR: Error 65280 occurred while making
/home/rene/Debian/Pakete/openoffice.org/openoffice.org-2.3.0/ooo-build/build/current/extensions/source/plugin/base
make[1]: *** [stamp/build] Fehler 1
make[1]: Leaving directory
`/home/rene/Debian/Pakete/openoffice.org/openoffice.org-2.3.0/ooo-build'
make: *** [debian/stampdir/build] Fehler 2
debian/rules build failed
works with stables xulrunner (1.8.0.11-2).
*sigh* one good reason not to change version numbers in security
updates...

Security team, Alex: what do we do with that ? Do we want to wait for
final 1.8.0.13 or fix this now ?

Mike
Alexander Sack
2007-07-27 12:22:10 UTC
Permalink
Post by Mike Hommey
Post by Rene Engelhard
/home/rene/Debian/Pakete/openoffice.org/openoffice.org-2.3.0/ooo-build/build/current/extensions/source/plugin/base
dmake: Executing shell macro: $(PKGCONFIG) $(PKGCONFIG_PREFIX) --cflags
$(PKGCONFIG_MODULES)
Package 'Mozilla Plug-In API' requires 'xulrunner-xpcom =
1.8.0.13~pre070720' but version of XPCOM is 1.8.0.13pre
dmake: Error code 1, while making 'Shell escape'
---* RULES.MK *---
ERROR: Error 65280 occurred while making
/home/rene/Debian/Pakete/openoffice.org/openoffice.org-2.3.0/ooo-build/build/current/extensions/source/plugin/base
make[1]: *** [stamp/build] Fehler 1
make[1]: Leaving directory
`/home/rene/Debian/Pakete/openoffice.org/openoffice.org-2.3.0/ooo-build'
make: *** [debian/stampdir/build] Fehler 2
debian/rules build failed
works with stables xulrunner (1.8.0.11-2).
*sigh* one good reason not to change version numbers in security
updates...
Security team, Alex: what do we do with that ? Do we want to wait for
final 1.8.0.13 or fix this now ?
Fix it asap .. what is the original reason for this btw?
Post by Mike Hommey
Mike
- Alexander
Martin Schulze
2007-07-27 12:50:29 UTC
Permalink
Post by Mike Hommey
Post by Rene Engelhard
/home/rene/Debian/Pakete/openoffice.org/openoffice.org-2.3.0/ooo-build/build/current/extensions/source/plugin/base
dmake: Executing shell macro: $(PKGCONFIG) $(PKGCONFIG_PREFIX) --cflags
$(PKGCONFIG_MODULES)
Package 'Mozilla Plug-In API' requires 'xulrunner-xpcom =
1.8.0.13~pre070720' but version of XPCOM is 1.8.0.13pre
dmake: Error code 1, while making 'Shell escape'
---* RULES.MK *---
ERROR: Error 65280 occurred while making
/home/rene/Debian/Pakete/openoffice.org/openoffice.org-2.3.0/ooo-build/build/current/extensions/source/plugin/base
make[1]: *** [stamp/build] Fehler 1
make[1]: Leaving directory
`/home/rene/Debian/Pakete/openoffice.org/openoffice.org-2.3.0/ooo-build'
make: *** [debian/stampdir/build] Fehler 2
debian/rules build failed
works with stables xulrunner (1.8.0.11-2).
*sigh* one good reason not to change version numbers in security
updates...
Security team, Alex: what do we do with that ? Do we want to wait for
final 1.8.0.13 or fix this now ?
What's the ETA for 1.8.0.13?

Re OOo build on etch, is this the etch package or the sid/lenny package?
Formally, only the etch package needs to continue building.

Regards,

Joey
--
If you come from outside of Finland, you live in wrong country.
-- motd of irc.funet.fi

Please always Cc to me when replying to me on the lists.
Rene Engelhard
2007-07-27 20:44:18 UTC
Permalink
Hi,
Post by Martin Schulze
What's the ETA for 1.8.0.13?
Re OOo build on etch, is this the etch package or the sid/lenny package?
Formally, only the etch package needs to continue building.
Neither. But etchs version also uses libxul-dev and xulrunner-xpcom,
so.. It's not a OOo specific problem anyway, it's just an example of a
broken xulrunner-xpcom.pc breaking builds of anything trying to use it.

Grüße/Regards,

René
--
.''`. René Engelhard -- Debian GNU/Linux Developer
: :' : http://www.debian.org | http://people.debian.org/~rene/
`. `' ***@debian.org | GnuPG-Key ID: 248AEB73
`- Fingerprint: 41FA F208 28D4 7CA5 19BB 7AD9 F859 90B0 248A EB73
Mike Hommey
2007-07-27 16:58:50 UTC
Permalink
Post by Alexander Sack
Post by Mike Hommey
Post by Rene Engelhard
/home/rene/Debian/Pakete/openoffice.org/openoffice.org-2.3.0/ooo-build/build/current/extensions/source/plugin/base
dmake: Executing shell macro: $(PKGCONFIG) $(PKGCONFIG_PREFIX) --cflags
$(PKGCONFIG_MODULES)
Package 'Mozilla Plug-In API' requires 'xulrunner-xpcom =
1.8.0.13~pre070720' but version of XPCOM is 1.8.0.13pre
dmake: Error code 1, while making 'Shell escape'
---* RULES.MK *---
ERROR: Error 65280 occurred while making
/home/rene/Debian/Pakete/openoffice.org/openoffice.org-2.3.0/ooo-build/build/current/extensions/source/plugin/base
make[1]: *** [stamp/build] Fehler 1
make[1]: Leaving directory
`/home/rene/Debian/Pakete/openoffice.org/openoffice.org-2.3.0/ooo-build'
make: *** [debian/stampdir/build] Fehler 2
debian/rules build failed
works with stables xulrunner (1.8.0.11-2).
*sigh* one good reason not to change version numbers in security
updates...
Security team, Alex: what do we do with that ? Do we want to wait for
final 1.8.0.13 or fix this now ?
Fix it asap .. what is the original reason for this btw?
It was a temporary workaround for #413964, which at the time was
supposed to not last very long, and had to change because of #416425.

I guess changing the dependency to a >= one should be enough to be safe
in the future, but I'll do some testing with pkgconfig.

Mike
Mike Hommey
2007-07-30 20:58:14 UTC
Permalink
Post by Mike Hommey
It was a temporary workaround for #413964, which at the time was
supposed to not last very long, and had to change because of #416425.
I guess changing the dependency to a >= one should be enough to be safe
in the future, but I'll do some testing with pkgconfig.
I implemented the proper fix, that should not break for future security
updates, and am currently uploading the corrected package to
security-master. I also added fixes that were already in -0etch2 but
that were dropped because not that important (and because it failed to
build due to the presence of a source tarball in the changes file I
uploaded).

Mike
Debian Bug Tracking System
2007-08-23 06:12:02 UTC
Permalink
Your message dated Thu, 23 Aug 2007 08:08:57 +0200
with message-id <***@glandium.org>
and subject line Bug#434844: security update broke xulrunner-xpcom.pc
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Loading...