firefox-3.6.9 and friends

Ken Moffat ken at
Fri Sep 10 16:08:12 PDT 2010

 People who care about security will have noticed this week's
upstream firefox update.  Often, updating an existing system is just
a straightforward recompile.  In this case, I had enough
aggravations that I think it might be worth documenting them.

 Please note that I'm not intending to update the BOOK for the
moment, -ENO_TIME and anyway there are enough guidelines to get
people to look at the mozilla security site.

 Also, I'm using icecat ( ) - this is
the same codebase but with a few things stripped out, so these notes
should still apply to firefox and xulrunner.

1. The minimum sqlite version hasn't changed, but now it needs to be
compiled with SQLITE_SECURE_DELETE.  I picked to try this,
upgrading to the new 2.7 series this soon seems a little adventurous
to me.  Whichever version you choose,
 CFLAGS="$CFLAGS -DSQLITE_SECURE_DELETE" ./configure --your-options
seems to do the job adequately.  I'll note that gentoo also add
 -DSQLITE_CHECK_PAGES -DSQLITE_CORE if they turn on secure delete,
but I've no idea what those settings do, and they don't seem to be
necessary.  As always, YMMV.

2. If you are using system nspr and nss, those need to be updated.
Nspr-4.8.6 and nss-3.12.7, with the existing patches, seem to work.
I'll also note that updating nspr kills any running old version of
the browser, but the ld version can still be restarted.  Weird.

3. For what seems to be a first time in the 3.6 series, libcrmf.a is
needed (very near the end of the build, of course) - this comes from
nss, so in the unlikely event that you later upgrade nss without
upgrading the browser you will still have to rebuild the browser.
... And still some people wonder why static libs scare me to death

das eine Mal als Tragödie, das andere Mal als Farce

More information about the blfs-support mailing list