People who care about security will have noticed this week's upstream firefox update. Often, updating an existing system is just a straightforward recompile. In this case, I had enough aggravations that I think it might be worth documenting them.
Please note that I'm not intending to update the BOOK for the moment, -ENO_TIME and anyway there are enough guidelines to get people to look at the mozilla security site. Also, I'm using icecat ( www.gnu.org/software/gnuzilla/ ) - this is the same codebase but with a few things stripped out, so these notes should still apply to firefox and xulrunner. 1. The minimum sqlite version hasn't changed, but now it needs to be compiled with SQLITE_SECURE_DELETE. I picked 2.6.23.1 to try this, upgrading to the new 2.7 series this soon seems a little adventurous to me. Whichever version you choose, CFLAGS="$CFLAGS -DSQLITE_SECURE_DELETE" ./configure --your-options seems to do the job adequately. I'll note that gentoo also add -DSQLITE_CHECK_PAGES -DSQLITE_CORE if they turn on secure delete, but I've no idea what those settings do, and they don't seem to be necessary. As always, YMMV. 2. If you are using system nspr and nss, those need to be updated. Nspr-4.8.6 and nss-3.12.7, with the existing patches, seem to work. I'll also note that updating nspr kills any running old version of the browser, but the ld version can still be restarted. Weird. 3. For what seems to be a first time in the 3.6 series, libcrmf.a is needed (very near the end of the build, of course) - this comes from nss, so in the unlikely event that you later upgrade nss without upgrading the browser you will still have to rebuild the browser. ... And still some people wonder why static libs scare me to death ;-) ĸen -- das eine Mal als Tragödie, das andere Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
