On 2019-05-11 08:58 -0500, Douglas R. Reno via blfs-dev wrote: > On 5/11/19 1:29 AM, Xi Ruoyao via blfs-dev wrote: > > Hi folks, > > > > Now BLFS is using mozjs-60 package from ftp.gnome.org. But it's the > > "original" > > mozjs-60.1.0 without any update. Arch is now using latest mozjs-60.6.3, > > even > > Ubuntu is using a newer mozjs-60.2.3. > > > > I downloaded Firefox ESR 60.6.3 code and removed everything unrelated to JS > > engine I could find. Then I built and installed mozjs-60.6.3 into my > > system. I > > found my GNOME was broken but I could rebuild Gjs to fix it. > > > > The extracted mozjs-60.6.3 tarball (it's just a Firefox tarball with many > > directories removed) has been uploaded to: > > > > http://www.linuxfromscratch.org/~xry111/mozjs-60.6.3.tar.xz > > > > Now, is it worthy to update mozjs-60 version in BLFS book, following Firefox > > ESR > > 60? > > I honestly think we should keep it the same version. Based off the fact > that GJS needs to be recompiled, I feel it is too much work to implement > because users will install it, most likely not read any warnings, and > then write to the lists. That'll cause extra noise where all we can say > is "FBBG, READ".
I'm not very sure about this. Arch doesn't rebuild gjs for mozjs upgrade and Arch Linux just works fine. Maybe the issue happens because my old BLFS build is "too dirty" (I upgraded ICU-63 to 64 and had to rebuild many packages). I'll test an upgrade after I finish my new BLFS build. > Is there a changelog? if so, can you find any security fixes in there > (look for CVE numbers)? https://github.com/mozilla/gecko-dev/commits/esr60/js It seems there are no security fixes since mozjs-60 release. And if there is a security bug in Firefox ESR I think we'll see it on news. -- Xi Ruoyao <[email protected]> School of Aerospace Science and Technology, Xidian University -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
