Re: Installing FF 52 from pkgsrc: "stable" version instead of nightly

[Ignatios Souvatzis]

On Tue, Mar 14, 2017 at 09:57:12AM +0100, Martin Husemann wrote:
> On Tue, Mar 14, 2017 at 01:16:35AM +0700, Robert Elz wrote:
> > A Vague memory from the distant past suggests that the thing to try
> > is to move aside the .mozilla directory, and allow the new firefox
> > to start in a completely clean environment.
> 
> Yes, this is a generic "firefox shows strange symptoms" debuggin advice.
> 
> Alternatively you can run: firefox -P
> and create a brand new profile for testing. If that works better, something
> in your old profile is broken.

AND: remove and rebuild your fontconfig related directories.

> Also testin without any plugins/addons is always a good idea.

Another tip: I think I've needed to manipulate the stack limits in the
past, to make firefox run. Too big stack was bad, because threading 
allocated multiple versions of it. Don't know if this is still
relevant - my current login.conf on a related machine has stacksize-cur=4M

-is

Re: Installing FF 52 from pkgsrc: "stable" version instead of nightly

[Martin Husemann]

On Tue, Mar 14, 2017 at 01:16:35AM +0700, Robert Elz wrote:
> A Vague memory from the distant past suggests that the thing to try
> is to move aside the .mozilla directory, and allow the new firefox
> to start in a completely clean environment.

Yes, this is a generic "firefox shows strange symptoms" debuggin advice.

Alternatively you can run: firefox -P
and create a brand new profile for testing. If that works better, something
in your old profile is broken.

Also testin without any plugins/addons is always a good idea.

Martin

Re: Installing FF 52 from pkgsrc: "stable" version instead of nightly

[Cág]

Marco Beishuizen wrote:

> I'm experiencing the same problems on the ESR versions. So I'm guessing 
> it's a specific i386 problem and not a version problem. It's also not a 
> recent problem but happening for several months now.

I recall the same thing on the first day after building FF45 (on amd64); it
doesn't appear anymore for some reason. No data corruption, just core
dumps.

--
Cág

Re: Installing FF 52 from pkgsrc: "stable" version instead of nightly

[Robert Elz]

A Vague memory from the distant past suggests that the thing to try
is to move aside the .mozilla directory, and allow the new firefox
to start in a completely clean environment.

I kind of recall that continuous startup problems, which only affect some
users, tend to be related to data somewhere in there (I have no idea which
data) something isn't the way the new version expects it, and all kinds
of problems ensue.

If your old version is still working, you should probably have it export
everything possible that you can first (bookmarks, etc) so that if the
new one works in a clean environment you can import as much of what
you'd hope to retain as possibble.

Of course, this might all be a red herring, so don't destroy the old
.mozilla directory, just move it, so it coudl be replaced if this turns
out not to be the problem (also so that it can be replaced if you decide
to revert to the old version.)

kre

Re: Installing FF 52 from pkgsrc: "stable" version instead of nightly

[scole_mail]

"J. Lewis Muir"  writes:
>
> Do you actually use that version for everyday use?  According to [1],
> there are many security vulnerabilities that have been fixed since
> Firefox 47, and I would bet many of those vulnerabilities exist in
> Firefox 47.  That's OK to you?
>

Yes, I use it everyday.  It's not ok to me, but I realize the security
risk and feel there aren't other good browser options.

I also realize NetBSD is a volunteer project, and I'm not trying to
denigrate anyone, but there are lots of other vulnerabilities in stable
pkgsrc now.

At the moment, I've got about ~270 packages installed with about 100
different vulnerabilities, so having a few for a working firefox doesn't
seem like a big deal.

Kind Regards


>lintpkgsrc  -i 
Scan Makefiles: ..
Bogus: ${DISTNAME:tl:S/_pl//}-0.1 (from 
/usr/pkgsrc/devel/calltree-perl/Makefile)

Bogus: ${KBUILDNAME:tl}-0.1.9998.8.2814.25 (from 
/usr/pkgsrc/devel/kbuild/Makefile)
14960 packages
Version mismatch: 'firefox' 47.0.1 vs 50.1.0


Installed vulnerable packages:
Package jpeg-9b has a multiple-vulnerabilities vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3616
Package jasper-1.900.29nb1 has a unspecified vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9560
Package jasper-1.900.29nb1 has a denial-of-service vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5498
Package jasper-1.900.29nb1 has a denial-of-service vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5499
Package jasper-1.900.29nb1 has a denial-of-service vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5500
Package jasper-1.900.29nb1 has a denial-of-service vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5501
Package jasper-1.900.29nb1 has a denial-of-service vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5502
Package jasper-1.900.29nb1 has a denial-of-service vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5503
Package jasper-1.900.29nb1 has a denial-of-service vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5504
Package openjpeg-2.1.2 has a null-pointer-bug vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9114
Package openjpeg-2.1.2 has a denial-of-service vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9117
Package openjpeg-2.1.2 has a denial-of-service vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9115
Package openjpeg-2.1.2 has a buffer-overflow vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9118
Package openjpeg-2.1.2 has a null-pointer-bug vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9113
Package openjpeg-2.1.2 has a null-pointer-bug vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9116
Package openjpeg-2.1.2 has a floating-point-exception vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9112
Package libarchive-3.2.1nb2 has a denial-of-service vulnerability, see 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5601
Package libarchive-3.2.1nb2 has a denial-of-service vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8689
Package libarchive-3.2.1nb2 has a denial-of-service vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8687
Package libarchive-3.2.1nb2 has a denial-of-service vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8688
Package pcre-8.39 has a denial-of-service vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6004
Package policykit-0.9nb20 has a integer-overflow vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4625
Package policykit-0.9nb20 has a denial-of-service vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3218
Package policykit-0.9nb20 has a privilege-escalation vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3255
Package policykit-0.9nb20 has a denial-of-service vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3256
Package zziplib-0.13.59 has a denial-of-service vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5974
Package zziplib-0.13.59 has a denial-of-service vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5975
Package zziplib-0.13.59 has a denial-of-service vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5976
Package zziplib-0.13.59 has a denial-of-service vulnerability, see 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5977
Package zziplib-0.13.59 has a denial-of-service 

Re: Installing FF 52 from pkgsrc: "stable" version instead of nightly

[Onno van der Linden]

On Mon, Mar 13, 2017 at 05:11:59PM +0100, Marco Beishuizen wrote:
> On Mon, 13 Mar 2017, the wise co...@sdf.org wrote:
> 
> > Mozilla maintains an 'Extended Support Release' which has security fixes
> > backported to it, so it will be a better choice for such cases.
> > Currently, it is www/firefox45 - it is updated whenever www/firefox is,
> > containing fixes for the same vulnerabilities. Soon firefox52 (current
> > non-ESR version) will become ESR.
> 
> I'm experiencing the same problems on the ESR versions. So I'm guessing it's
> a specific i386 problem and not a version problem. It's also not a recent
> problem but happening for several months now.

FWIW, I'm running current on a pretty old (Asus P4B533, P4 2.26GHz 2Gb mem)
machine. Had one (known) problem with FF 51 that created coredumps
at exit time. That bug is fixed in FF 52. Another problem with
certain recent FF versions (the ones after FF 45 where gfx.xrender.enabled
changed to false by default) was that when visiting a site with huge
images the xorg process suddenly got to (and stayed at) 80% CPU or so.

At the moment both FF 45 (compiled with GTK2) and FF 52 (compiled with GTK3)
work fine for me on everything I throw at it.

Onno

Re: Installing FF 52 from pkgsrc: "stable" version instead of nightly

[Marco Beishuizen]

On Mon, 13 Mar 2017, the wise co...@sdf.org wrote:

Mozilla maintains an 'Extended Support Release' which has security fixes 
backported to it, so it will be a better choice for such cases. 
Currently, it is www/firefox45 - it is updated whenever www/firefox is, 
containing fixes for the same vulnerabilities. Soon firefox52 (current 
non-ESR version) will become ESR.


I'm experiencing the same problems on the ESR versions. So I'm guessing 
it's a specific i386 problem and not a version problem. It's also not a 
recent problem but happening for several months now.


Regards,
Marco

--
... a thing called Ethics, whose nature was confusing but if you had it you
were a High-Class Realtor and if you hadn't you were a shyster, a piker and
a fly-by-night.  These virtues awakened Confidence and enabled you to handle
Bigger Propositions.  But they didn't imply that you were to be impractical
and refuse to take twice the value for a house if a buyer was such an idiot
that he didn't force you down on the asking price.
-- Sinclair Lewis, "Babbitt"

Re: Installing FF 52 from pkgsrc: "stable" version instead of nightly

[Marco Beishuizen]

On Mon, 13 Mar 2017, the wise Martin Husemann wrote:

If anyone has receipes to easily make it crash, please send-pr! 
Debugging often is simple, if you can reproduce it.


I'll fire off an i386 build with debug info tonight...


I'm unable to pinpoint the problem because FF crashes on every site it 
opens and after a few seconds of use, even on the preferences and add-ons 
windows.


Regards,
Marco

--
TO THOSE OF YOU WHO DESIRE IT, I GRANT YOU MADRAK'S BLESSING:

Insofar as I may be heard by anything, which may or may not care
what I say, I ask, if it matters, that you be forgiven for anything you
may have done or failed to do which requires forgiveness.
Conversely, if not forgiveness but something else be required
to insure any possible benefit for which you may be eligible after the
destruction of your body, I ask that this, whatever it may be, be granted
or withheld, as the case may be, in such a manner as to insure your
receiving said benefit.
I ask this in my capacity as your elected intermediary between
yourself and that which may have an interest in the matter of your receiving
as much as it is possible for you to receive of this thing, and which may
in some way be influenced by this ceremony.
Amen.
-- Roger Zelazny, "Creatures of Light and Darkness", 1969

Re: Installing FF 52 from pkgsrc: "stable" version instead of nightly

[coypu]

On Mon, Mar 13, 2017 at 10:24:44AM -0500, J. Lewis Muir wrote:
> On 03/11, scole_mail wrote:
> > Marco Beishuizen  writes:
> > >
> > > It's on NetBSD/i386 7.0.2.
> > 
> > I guess I've also been having that same issue on i386 for awhile.  The
> > last stable version that worked for me was firefox-47.0.1 which was in
> > pkgsrc-2016Q2 I believe.  So I've been using that version.
> 
> Do you actually use that version for everyday use?  According to [1],
> there are many security vulnerabilities that have been fixed since
> Firefox 47, and I would bet many of those vulnerabilities exist in
> Firefox 47.  That's OK to you?

Mozilla maintains an 'Extended Support Release' which has security
fixes backported to it, so it will be a better choice for such cases.
Currently, it is www/firefox45 - it is updated whenever www/firefox is,
containing fixes for the same vulnerabilities.
Soon firefox52 (current non-ESR version) will become ESR.

Re: Installing FF 52 from pkgsrc: "stable" version instead of nightly

[Martin Husemann]

If anyone has receipes to easily make it crash, please send-pr!
Debugging often is simple, if you can reproduce it.

I'll fire off an i386 build with debug info tonight...

Martin

Re: Installing FF 52 from pkgsrc: "stable" version instead of nightly

[coypu]

On Sat, Mar 11, 2017 at 06:19:55PM -0800, scole_mail wrote:
> Marco Beishuizen  writes:
> >
> > It's on NetBSD/i386 7.0.2.
> 
> I guess I've also been having that same issue on i386 for awhile.  The
> last stable version that worked for me was firefox-47.0.1 which was in
> pkgsrc-2016Q2 I believe.  So I've been using that version.

Possibly unrelated but was the cause of similar issues in the past:
things having stack unaligned on i386 only and needing -mstackrealign
(especially things with human-written asm, and a lot of video decoding
stuff like ffmpeg3 is like that).

I'm not sure if it's kind enough to let you know it's dying with SIGBUS.

I'd blindly apply -mstackrealign to everything to see if it helps (via
/etc/mk.conf)

Re: Installing FF 52 from pkgsrc: "stable" version instead of nightly

[scole_mail]

Marco Beishuizen  writes:
>
> It's on NetBSD/i386 7.0.2.

I guess I've also been having that same issue on i386 for awhile.  The
last stable version that worked for me was firefox-47.0.1 which was in
pkgsrc-2016Q2 I believe.  So I've been using that version.

I think these are the commands I used to roll back to that version and
rebuild it with pkgsrc=pkgsrc-2016Q4, and firefox=pkgsrc-2016Q2

 cd .../pkgsrc/www/firefox
 cvs -q update -dP -r pkgsrc-2016Q2
 bmake install
 bmake clean
 # revert sources back to pkgsrc-2016Q4
 cvs -q update -dP -r pkgsrc-2016Q4

I don't know if this method will work if you are using current pkgsrc.

Thanks

Re: Installing FF 52 from pkgsrc: "stable" version instead of nightly

[Marco Beishuizen]

On Sat, 11 Mar 2017, the wise Martin Husemann wrote:



On what architecture is that?



It's on NetBSD/i386 7.0.2.

--
This is the LAST time I take travel suggestions from Ray Bradbury!

Re: Installing FF 52 from pkgsrc: "stable" version instead of nightly

[Martin Husemann]

On Sat, Mar 11, 2017 at 10:24:00PM +0100, Marco Beishuizen wrote:
> Unfortunately just as crashy as before (segmentation fault on random sites,
> and in preferences and add-ons tabs). Switching to another browser for now.

On what architecture is that?

Martin

Re: Installing FF 52 from pkgsrc: "stable" version instead of nightly

[Marco Beishuizen]

On Sat, 11 Mar 2017, the wise Martin Husemann wrote:


On Sat, Mar 11, 2017 at 09:06:03PM +0100, Marco Beishuizen wrote:
I'm rebuilding it as we speak with the suggested option so I'm hoping 
that it's a bit more than just a logo thing.


No, it is just the logo.


Unfortunately just as crashy as before (segmentation fault on random 
sites, and in preferences and add-ons tabs). Switching to another browser 
for now.


Regards,
Marco

--
We are all born charming, fresh and spontaneous and must be civilized
before we are fit to participate in society.
-- Judith Martin, "Miss Manners' Guide to Excruciatingly
   Correct Behaviour"

Re: Installing FF 52 from pkgsrc: "stable" version instead of nightly

[Martin Husemann]

On Sat, Mar 11, 2017 at 09:06:03PM +0100, Marco Beishuizen wrote:
> I'm rebuilding it as we speak with the suggested option so I'm hoping that
> it's a bit more than just a logo thing.

No, it is just the logo.

Martin

Re: Installing FF 52 from pkgsrc: "stable" version instead of nightly

[Marco Beishuizen]

On Sat, 11 Mar 2017, the wise co...@sdf.org wrote:

To add to what jak said, it is the stable version. It just lacks the 
trademarked Mozilla stuff like their logo.


There was some drama in the past which resulted in this being a build 
option, you can read about it here: 
https://en.wikipedia.org/wiki/Mozilla_software_rebranded_by_Debian#Firefox_issue_resolution


I thought the nightly version is some kind of development/testing version.

The reason for my question is that the version in pkgsrc is really very 
unstable and crashes for no appearent reason. So next step was to test the 
official "release" version of FF.


I'm rebuilding it as we speak with the suggested option so I'm hoping that 
it's a bit more than just a logo thing.


Thanks for the help anyway and I'll be back when it's finished building 
(NetBSD on a not very fast laptop).


Regards,
Marco

--
Ubi non accusator, ibi non judex.
(Where there is no police, there is no speed limit.)
-- Roman Law, trans. Petr Beckmann (1971)

Re: Installing FF 52 from pkgsrc: "stable" version instead of nightly

[Jonathan A. Kollasch]

On Sat, Mar 11, 2017 at 05:12:19PM +0100, Marco Beishuizen wrote:
> Hi,
> 
> Installing FF from /usr/pkgsrc/www/firefox always results in the
> "nightly" version of FF. But I want the regular stable/release
> version. How do I do that?
> 
> Even installing the esr version results in a nightly version.

You'd need to build yourself with PKG_DEFAULT_OPTIONS+=official-mozilla-branding

Jonathan Kollasch

Installing FF 52 from pkgsrc: "stable" version instead of nightly

[Marco Beishuizen]

Hi,

Installing FF from /usr/pkgsrc/www/firefox always results in the "nightly" 
version of FF. But I want the regular stable/release version. How do I do 
that?


Even installing the esr version results in a nightly version.

Regards,
Marco

--
Boys are beyond the range of anybody's sure understanding, at least
when they are between the ages of 18 months and 90 years.
-- James Thurber