/srv/irclogs.ubuntu.com/2008/09/30/#ubuntu-mozillateam.txt

fta2crimsun, users are complaining that we still provide the old beta of nonfree flash, do you know why we don't push the last RC ? i've packaged it for myself and the user experience is much better, at least on i386.11:07
asacfta2: can you start midbrowser in intrepid?11:11
fta2i'm at work (hardy) so it can't test right now11:12
fta2btw, my hardy box crashed badly during the night11:13
fta2so much for an lts and stable updates11:14
asacfta2: sure that its software and not hardware problems ;)11:16
gnomefreakwhat is mozillas IRC server? irc.mozilla.org isnt working12:21
armin76Connecting to irc.mozilla.org (63.245.208.159) port 6667...12:21
armin76* Connected. Now logging in...12:21
armin76gnomefreak: ^12:21
gnomefreakarmin76: thanks. let me chekc that against settings12:22
gnomefreakarmin76: thanks i used .net instead of org :(12:24
armin76fail12:26
gnomefreak;) all fixed12:36
gnomefreakbe back12:36
KB1OHYanyone awake?13:30
asacfta_: http://paste.ubuntu.com/52463/14:25
asacso we need more links ;)14:25
gnomefreakanyone know anything about claws-mail?14:57
gnomefreakKB1OHY: we are15:01
gnomefreaksome of us anyway15:01
gnomefreakis it (zero)xKEYID?15:02
gnomefreakor the vowel o15:03
asacgnomefreak: ZERO15:58
gnomefreakasac: thanks16:00
gnomefreaki just intalled these packages not i get update for them? we are talking maybe 10 minutes have past16:02
gnomefreak:( 6 HUNKS failed to apply16:03
gnomefreakasac: you can ignore that email i sent you. its not fucking working16:14
gnomefreak'/win 316:16
asac_gnomefreak: your mail wasnt signed16:46
gnomefreaki know i cant get claws-mail to work with gpg16:46
gnomefreakits starting to piss me off16:46
gnomefreakthanks for checking16:47
asac_np16:49
gnomefreaknot saying much since i cant get sunbird to apply a patch either but i didnt work hard enough on that yet16:50
=== asac_ is now known as asac
gnomefreakok its lunch time and ikm still drinking coffee ill be back after lunch17:13
asack17:27
=== fta_ is now known as fta
ftaasac, i have sm 1.1.12 for intrepid as a security update with 9 MFSA. i guess i'm on myself now?18:30
asacfta: yeah. if you need a helping hand let me know ;)18:48
asacfta: will you push to hardy-security too? jdstrand would be happy to see that happen i guess ;)18:48
ftasm is Maintainer: Ubuntu Mozilla Team, should i still ask for motu's approval?18:49
asacfta: for security updates? no i wouldnt say so18:50
jdstrandfta: for hardy-security, please follow https://wiki.ubuntu.com/SecurityUpdateProcedures#Preparing%20an%20update and ping me for upload18:50
asacfta: at least as long as the packaging didnt receive a major polish ;)18:51
ftanope, just a bump18:51
asacfta: for -security the idea is to just use the diff.gz of latest hardy with the new orig ... e.g. zero packging changes18:52
asacfta: yeah that should work imo18:52
fta!info seamonkey hardy18:52
ubottuseamonkey (source: seamonkey): The Seamonkey Internet Suite. In component universe, is optional. Version 1.1.9+nobinonly-0ubuntu1 (hardy), package size 22 kB, installed size 88 kB18:52
ftawoo, old18:52
asacfta: yeah. that nees thorough testing (not as bad as gutsy iceape though ;))18:55
asacfta: maybe push to a ppa and let me know so i can run it a bit on my hardy system18:55
ftaiceape is from debian, why isn't is merged like everything else?18:55
fta-is+it18:55
asacfta: security is never merged/synched ... main reason is that we dont have a stable target where to sync from (e.g. latest iceape might have changes that doesnt qualify for security updates)18:56
asacfta: but i think we can live with iceape being outdated in gutsy for now ;)18:56
ftafor hardy: http://paste.ubuntu.com/52549/18:57
asacfta: looks good. maybe also reference the USNs fixed in firefox/tbird as applicable18:59
asace.g.18:59
asacNew security upstream release: 1.1.1218:59
asacfixes security issues also announced in USN-XXX-X (ffox) and USN-XXX-X (tbird)19:00
asacwe wont have our own USNs for universe updates ... so its not that important19:00
asacbut might give ubuntu folks that track -security a better idea how to look things up19:00
* asac getting dinner19:03
ftathe USN are not public yet (reserved)19:05
ftai mean cve19:06
jdstrandfta: it doesn't matter. just use what's listed in the MFSAs19:07
jdstrand(and there will be a lot of them for the big jump for hardy)19:08
ftai just have the MSFAs and corresponding CVEs19:08
jdstrandfta: listing the MFSA in the changelog is up to you. listing the CVEs is a requirement for the -security updates. asac has a special case where he refers to the USN. this is acceptable, assuming the language is as he said above19:09
jdstrandfta: so you have a choice to list the CVEs that are referenced in the MFSAs, or to look through the USNs for firefox, et al and refer to those19:10
jdstrandfta: using CVEs is probably more accurate-- I don't know if there are any CVEs that are exclusively seamonkey or firefox/thunderbird19:11
jdstrandfta: if you want to run the changelog by me, feel free to ping me19:13
ftajdstrand, is that enough http://paste.ubuntu.com/52552/ ?19:14
jdstrandfta: while not conforming to what we use in SecurityUpdateProcedures, I think it's acceptable. However, there are probably a bunch of others for 1.1.9->1.1.10 and 1.1.10->1.1.1119:16
ftawell, this one is for intrepid, so just a small hop19:17
jdstrandfta: oh, I thought we were talking about hardy here19:17
jdstrandfta: for intrepid, that is totally fine19:17
ftajdstrand, for 1.1.10, i already have the 4 USNs19:18
lucypherfta : The last FF-3.1 in your ppa have some issues with tabs19:21
ftalucypher, really, i'm using it, i didn't notice anything wrong19:21
ftas/,/?/19:22
lucypherI've also tried to remove .mozilla/firefox-3.1 folder...19:23
sebnerlucypher: I also don't have problems O_o19:23
ftalucypher, what is the problem?19:24
lucypherProbably I've found what was wrong19:26
ftaan addon?19:27
lucypherI had a new tab icon in my toolbar19:27
ftame too, it moved recently19:27
lucypherI had to restore to default toolbar set19:28
fta[reed], ^^19:28
lucypherAnd now it works19:28
ftaobviously not a packaging issue. maybe there's a bug upstream for that19:29
lucypherIt seems that the toolbar icons thing is WIP...19:30
lucypherSo I think isn't useful to file a bug about that at the moment.19:32
lucypherThanks.19:32
ftai update my packages every few days so we'll see19:33
lucypheranyway FF-3.1 is great, first of all in memory usage19:37
* asac reboots19:41
asacgnome bug 55448520:19
ubottuGnome bug 554485 in Profiles "regression: open new tab using keyboard shortcut does not open new tab with profile of parent window" [Normal,Unconfirmed] http://bugzilla.gnome.org/show_bug.cgi?id=55448520:19
asac \o/ ;)20:19
ftadamn, animated svg has been postponed to 3.220:21
ftaasac, i'm still using xterm20:23
asacfta: lucky you ... this bug annoyed me for about 3 month now ;)20:24
asacnobody seems to care ... so either noone uses profiles or noone uses gnome-terminal ;)20:24
ftai like xterm because of the low footprint20:24
asaci gave up on low footprint when i committed to firefox ;)20:25
ftathis is 5 times bigger, not good when you have 30+ like i do20:26
asacgood side effect of fixing this is that i discovered that i can add new chars to the "select" word feature ... now i can select complete firefox package versions with double click again ;)20:26
asacfta: i have a bunch of tabs instead20:26
asaclike two terminal windows with 6 tabs each20:26
ftaI have 7 workspaces, each specialized to different tasks20:27
asacalso multiple tabs and windows appear to live in the same process.20:27
asacfta: yeah. i think you have a much better memory ... or at least willingness to remember what you do where ;)20:28
ftai'd say more habits20:28
asacyeah ... but its kind of investment to become used to habits like that for me20:28
asacwhenever i try, i forget about the idea at some point and then things become even messier20:29
asace.g. when you think you should have something in some terminal/desktop, but then you dont find it ... and later you find it somewhere else :)20:29
crimsunfta: I also have RC2 merged locally, but I'm investigating an nspluginwrapper fix21:08
crimsunfta: I'd rather not have to kludge nspluginwrapper just to have the latest RC21:08
crimsunfta: in the meantime, I certainly wouldn't complain if you wanted to push RC2 into intrepid21:09
crimsunI find RC2 far too unstable to use daily; I use swfdec-mozilla (and libswfdec-0.7-1)21:10
ftai find the current one almost unusable, cpu wise, and ff crasher wise21:10
ftathe rc i'm using now is far better for both21:11
fta10.0.12.10ubuntu1~fta121:11
sebnerfta: +121:11
crimsunfta: it's a complete crasher on amd64 due to nspluginwrapper and internal Flash changes.21:11
crimsunyeah, I've had flashplugin-nonfree_10.0.1.218+10.0.12.10ubuntu1.dsc for some time locally, but again, I don't use it.21:12
crimsungranted, my local versioning is pooched, but whatever :)21:12
fta10.0.1.218+10.0.0.525ubuntu1 was evil on i38621:12
* sebner hopes that the final arrives soon :)21:13
ftasebner, i wouldn't bet on it to be perfect, i expect no changes compared to the rc, unfortunately21:14
sebnerbah21:14
sebnerfta: anyhow. rc > beta what's in the archive21:14
ftai know21:14
ftathat's why i packaged the rc21:15
sebner:)21:15
ftait's not in my ppa as i didn't want to break my 64bit users21:15
sebnerfta: well, I asked asac and we'll have final or rc definately in the archive21:16
crimsunfta: again, if you'd like it in, by all means, please push u-u-s to sponsor an upload.  Please remember to account for https://bugs.edge.launchpad.net/ubuntu/+source/nspluginwrapper/+bug/27228621:16
ubottuLaunchpad bug 272286 in nspluginwrapper "nspluginwrapper 1.1.0 does not support wmode correctly with Flash 10 RC2" [Wishlist,Confirmed]21:16
KB1OHYanyone in here know anything about lightning calendar?21:26
ftajdstrand, is that suitable http://paste.ubuntu.com/52592/ ? with all the info in bug 27643721:46
ubottuBug 276437 on http://launchpad.net/bugs/276437 is private21:46
ftadamn21:46
ftano reason to keep that bug private i guess21:46
fta bug 27643721:47
ubottuLaunchpad bug 276437 in seamonkey "security upgrade of seamonkey 1.1.12" [Undecided,Fix committed] https://launchpad.net/bugs/27643721:47
KB1OHYanyone in here know anything about lightning calendar?21:48
asacKB1OHY: only packaging wise ... and code wise, but not really feature wise21:49
KB1OHYmine updated from 0.8 to 0.9 and now it's completely unusable21:49
asacKB1OHY: thats not our package21:49
asacKB1OHY: go to irc.mozilla.org21:49
asacwe only can support ubuntu packages21:50
ftahm, i should use 1.1.12+nobinonly-0ubuntu0.8.04.1, not 1.1.12+nobinonly-0ubuntu1.8.04.121:59
ftaasac, ^^ ?22:04
asacfta: yes. hardy must be lower than intrepid. i assume intrepid gets ubuntu122:19
ftayep22:19
jdstrandfta: I think the changelog looks good, with a couple of questions:22:20
ftaasac, pushed to my ppa, feel free to try the hardy one, once it's done22:20
Volanssi22:20
jdstrand1) you reference the CVEs in one part and USNs in another-- perhaps you could just reference USNs and not worry about the CVEs (unless there are CVEs not addressed in the USNs that are fixed/not fixed)22:21
Volansops... wrong tab... sorry22:21
jdstrand2) what does 'refresh diverged patch' mean in the context of hardy?22:21
jdstrand3) the fontconfig patch is required to even build seamonkey on hardy correct?22:22
ftajdstrand, 1/ i got the CVE from mozilla, and the USNs are from my previous (1.1.11) security upload in intrepid.22:22
jdstrand4) can you explain the gcc comments? did gcc used need to be changed to build in hardy?22:22
ftajdstrand, 2/ diverged compared to 1.1.9 in hardy22:22
asacjdstrand: diverged: the same patch didnt apply anymore22:23
jdstrandasac: oh- we carried patches for security fixes that have been applied upstream?22:23
ftajdstrand, 4/ we forced gcc 4.2 a long time ago, but in hardy, 4.2 is the default so we dropped it to prefer plain gcc22:24
asacjdstrand: sorry. i just explained diverged. dont know which patch this is about in particular22:24
asacfta: ^^ ?22:24
fta3/ correct22:24
jdstrandI wasn't clear, as both of you answered a question I didn't mean to ask :)22:24
jdstrandfta: what changed in the security patch, and why?22:25
ftaasac,  debian/patches/80_security_build.patch22:25
asacfta: the GCC change is not necessary in hardy ... though shouldnt hurt22:25
asacfta: whats in that patch?22:25
ftajdstrand, just the context (we use a large one)22:25
jdstrandasac, fta: I highly prefer not to make the gcc change, as it does nothing and just introduces a chance for problems22:25
asacyeah.22:26
jdstrandwe are *very* careful selective about -security updates22:26
ftajdstrand, the gcc change has been in the branch for a long while now22:26
jdstrandcareful and selective...22:26
asacfta: the best way is just to start with the current hardy diff.gz on top of the orig22:26
jdstrandfta: I understand, but hardy is released22:26
jdstrandfta: if you want to get non-security fixes in, then it needs to go through SRU, and then -security can pull from -updates22:27
ftai can revert that, no problem22:27
asacfta: i fork the branches when the release is out and dont touch them except for updates22:27
ftaasac, i have 2 branches22:27
asacfta: i think the .hardy branch is a backport branch and not a stable release update branch.22:27
asacfta: you could create a .8.04 for the stable release updates22:27
asacand .hardy for the backports22:27
asacfta: oh22:27
asacfta: so you already did that22:28
ftayes22:28
jdstrandfta: ok, so the entirety of the 80_security_build.patch22:28
jdstrandstill is needed, but just needed to be reapplied to the new codebase22:28
asacfta: can you link that branch to the bug?22:28
jdstrandfta: is that accurate?22:28
ftaasac, sure22:28
asachmm only seamonkey-1.1.dev in ~mozillateam code22:29
ftajdstrand, it's an old security patch from debian/iceape22:29
ftaasac, sure, as in i will22:29
ftai just have 2 hands22:29
jdstrandfta: I'm confused-- it's an old security update that fixes things not already in the new upstream version?22:30
jdstrandfta: perhaps it'll become apparent when I look at the debdiff22:30
asacjdstrand: is there nothing about it in changelog?22:31
jdstrandasac: the changelog says:22:31
jdstrand  * Refresh diverged patch:22:31
jdstrand    - update debian/patches/80_security_build.patch22:31
jdstrandthat isn't chock-full of info ;)22:31
asachmm22:31
asaclet me look at the patch22:31
asacappears to be really old (from iceape/debian times)22:32
asacits introduction is not in changelog at least22:32
ftayes22:32
ftabranch pushed22:32
jdstrandfta: lastly, I recommend rather than listing all those CVEs, that you just add usn-645-1 to your list of USNs22:32
jdstrandfta: to me, it's really an either/or thing22:33
asacjdstrand: yeah. thats a patch from debian22:33
asacjdstrand: its about linking the nss security libs shared instead of static22:33
jdstrandasac: ok, so it had to be massaged to apply/build22:34
jdstrandthat's cool22:34
asacyeah22:34
asacjdstrand: http://bazaar.launchpad.net/%7Emozillateam/seamonkey/seamonkey-1.1.dev/annotate/154?file_id=svn-v2%3A1%40f4e3d8d1-d80b-0410-9133-bbc0d6b0e2e8-iceape%252ftags%252f1.0.6%252d1-debian%252fpatches%252f80_security_build.dpatch22:34
asacmozilla bug 30241622:35
ubottuMozilla bug 302416 in Build "NSS root cert module & fortezza should not be using NSPR static libraries" [Normal,Resolved: fixed] http://bugzilla.mozilla.org/show_bug.cgi?id=30241622:35
asacfta: we can probably drop that patch in intrepid22:36
asacmost likely its only for in-source nss/nspr22:36
asacbut better keep it in the hardy update22:36
ftaasac, well, i don't touch the branches for anything related to nspr&nss as long as your last soname changes are not either pushed or reverted.22:38
asacfta: yeah22:39
asacfta: anyway. the right procedure would have been just to bump changelog in .hardy branch and not merging (or only merging down essential issues)22:40
asacfta: nss i really have to decide soon22:41
asacfta: but in this case its ok. just backout the gcc changes and all should be fine ;)22:42
ftadone22:42
asacjdstrand: is that kind of debdiff helpful? dont you need a new orig as well?22:44
* asac just revealed his bad side of ignorance22:44
jdstrandasac: I'd like the whole source package-- I can do the diffing in this case22:45
jdstrandasac: I can then upload when you guys ping me on testing22:46
ftathe package is get-orig-source ready, it uses uscan from upstream and applies a nobin clean-up script, then repacks22:48
ftayou can trust me and get the tarball from my ppa, or don't trust me and redo it yourself, i won't blame you22:49
fta(but it has to be same for hardy and intrepid)22:50
asacfta: upload the tarball to launchpad22:50
ftain the bug ?22:50
asacfta: yeah22:51
ftaok22:51
asacall pieces: orig. diff.gz + dsc22:51
asacfta: or if orig for intrepid is already in that should be good enough22:51
asacbut then providing a link to the orig.tar.gz would be nice22:51
asacppa link probably works as well.22:51
ftappa expires after a while22:52
asacfta: does it do that still?22:56
asacthought we have endless dailies now ;)22:56
ftahm22:56
asacat lesat celso said to me that we can use it for dailies now22:56
asacnot sure if he said that those expire after a year22:56
ftajdstrand, better ? http://paste.ubuntu.com/52609/22:56
asacbut you are right best is to put that in launchpad bug then i guess22:56
asacfta: there is one MFSA in the middle ;)22:57
ftanope22:57
asacis that because that doesnt have a CVE?22:57
asac- MFSA 2008-26: Buffer length checks in MIME processing22:57
ftayep22:57
asacfta: ok ... maybe use no-CVS (MFSA2008-25): ....22:57
asacjust an idea22:57
ftahttp://www.mozilla.org/security/announce/2008/mfsa2008-26.html22:57
ftaso it's a follow-up of CVE-2008-030422:58
fta    - MFSA 2008-26 (follow-up of CVE-2008-0304): Buffer length checks in MIME processing22:59
ftathat's an awful lot of security fixes22:59
asacjdstrand: how to document followups of CVEs that dont have a CVE on their own?23:01
asacjust CVE-2008-0304(b) ?23:01
jdstrandfta: looks good to me (and yes, that *is* a lot of fixes)23:02
asachttp://www.ubuntu.com/usn/usn-629-1 has:23:03
asac"Mozilla developers audited the MIME handling code looking for similar vulnerabilities to the previously fixed CVE-2008-0304, and changed several function calls to use safer versions of string routines. "23:03
asacso probably fine to document i like that23:03
asacfta: is hardy built?23:03
ftaasac, https://edge.launchpad.net/+builds23:03
ftajust amd6423:04
ftahop, i386 too23:04
asacok i can pick amd6423:04
ftabut i reverted gcc since23:05
asacfta: in which ppa is it? fta?23:05
ftafta23:05
ftaas 1.1.12+nobinonly-0ubuntu0.8.04.1~fta123:05
asacyeah. this reminds me that we need a security PPA soon ;)23:06
asacits hard to keep personal PPAs free from other depends23:07
ftai agree23:07
asacfta: is the nss in the the cluttered one?23:07
ftayes23:07
asachehe23:08
asacok23:08
asacfta: hmm cannot initialize security component23:09
fta?23:09
asacfta: nss doesnt work :/23:10
asace.g. visiting launchpad23:10
ftano problem on intrepid23:10
ftai guess you just picked sm and not nss/nspr for my ppa, right?23:11
ftait's a mess23:11
ftaok, let me repush that to mt, is it nss/nspr free?23:12
asacfta: no ... new nss/nspr was forced in the upgrade (e.g. the proper lower bunds)23:12
asacfta: i will push to asac ... which i only use for security testing23:12
ftaok23:12
asacmozillateam might be cluttered too (we have to clean that up)23:12
ftawait, take the fta2 i just pushed, it's the final one23:12
asacfta: i used the latest branch23:13
asac14823:13
asac* Improve MFSA / CVE descriptions in changelog23:13
asacis that right?23:13
ftaok23:13
asacdum di dum (slow diff.gz)23:15
ftawell, just dget and dput23:16
ftaasac, plz decide quickly for nss, if you revert, i need to rebuild a lot of stuff now23:17
asacfta: yeah. would have been an option ;)23:18
asacfta: concerns me a bit that seamonkey had this issue now :/23:18
asacit was a fresh respin on top23:18
asac(nss)23:19
ftastrange that it's fine on intrepid23:19
asacindeed23:19
asacfta: oops nspr has a .a file ?23:23
asac-rw-r--r-- 1 root root 461752 Sep 25 19:18 /usr/lib/libnspr4.a23:23
asac-rw-r--r-- 1 root root 235920 Sep 25 19:18 /usr/lib/libnspr4.so23:23
fta-rw-r--r-- 1 root root 208848 2008-09-25 21:18 /usr/lib/libnspr4.so23:23
ftalrwxrwxrwx 1 root root     11 2008-09-25 22:08 /usr/lib/libnspr4.so.0d -> libnspr4.so23:23
ftasame on hardy:23:24
fta-rw-r--r-- 1 root root 202000 2008-09-25 21:18 /usr/lib/libnspr4.so23:24
ftalrwxrwxrwx 1 root root     11 2008-09-29 11:46 /usr/lib/libnspr4.so.0d -> libnspr4.so23:24
asac(hardy1)asac@hector:~$ dpkg -S libnspr4.a23:24
asaclibnspr4-dev: /usr/lib/libnspr4.a23:24
ftafta@cube:~ $ dpkg -S libnspr4.a23:24
ftadpkg: *libnspr4.a* not found.23:24
asac-dev package installed?23:24
asacupload finished :/23:25
ftaoh, right, in dev23:26
ftatarball in the bug too23:26
asacfta:23:26
asac        for lib in ssl3 softokn3 smime3 nss3 nspr4 plc4 plds4; do \23:26
asac         dh_link -p$(DEB_MOZ_APPLICATION)-browser usr/lib/lib$$lib.so.0d /usr/lib/$(DEB_MOZ_APPLICATION)/lib$$lib.so ; \23:26
asac        done23:26
asacdont see why it would hurt, but probably would need to be updated after nss transition23:27
ftaafter, yes23:27
ftaso please decide23:27
asacyeah. maybe that linking is the cause for the issues23:29
asacactually so.1d is wrong23:29
asacthat means you need nss-0d installed ... which is outdated23:29
asacfta: yeah ... that was it ;)23:30
asaci had an old nss3-0d package installed23:30
asacso its a bug in seamonkey23:30
ftahm, ok. strange it didn't hurt before23:37
ftain fact no, the .0d was still there as a legacy links23:38
fta-s23:38
ftaasac, why did you have that old nss3-0d?23:40
ftawe have that 0d/1d since last december23:42
asacfta: because nss3-0d doesnt have any .so ... so it doesnt get a lower bound for shlibs23:42
asacfta: well ... i had an old one 3.12.0.3-0ubuntu0.823:42
asacand ~rc2 for the other libs23:42
asacthe links didnt look that bad23:42
asacbut there surealy was one missing or something23:42
ftaso it's not a bug in sm/hardy. just a bad mix of nss on your side23:44
asacfta: its a bug: sm still shps links to 0d links23:47
asacthat shouldnt be the case23:47
asacinstead the .1d whould be used23:47
asacand then this bug wouldnt exist23:47
asacit was just revealed by a bad mix23:47
ftashould i fix that in both branches ???23:47
asacfta: i think in hardy its ok. in intrepid fixing makes sense.23:48
asaclet me see if sm built in ppa23:49
asacstill spinning23:49
asacat least its on CPU23:50

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!