Bug 225717

Summary: www/palemoon needs official branding disabled
Product: Ports & Packages Reporter: Mark Felder <feld>
Component: Individual Port(s)Assignee: Mark Felder <feld>
Status: Closed FIXED    
Severity: Affects Only Me CC: grahamperrin, lichray, rozhuk.im, tobik
Priority: --- Flags: lichray: maintainer-feedback+
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
new moon lichray: maintainer-approval+

Description Mark Felder freebsd_committer freebsd_triage 2018-02-06 23:19:54 UTC 
License forbids we enable official branding if we don't build with all of their bundled libraries which we do not intend to do.
Comment 1 Ivan Rozhuk 2018-02-06 23:41:48 UTC 
Please, do not remove this port.
Is it possible to static link with bundled libraries?
Comment 2 Mark Felder freebsd_committer freebsd_triage 2018-02-06 23:52:24 UTC 
(In reply to rozhuk.im from comment #1)

Unlikely unless we duplicate all the patches we carry for all of those libraries as well as ensure they get the right configure / build flags that we need. It will not be easy. And then we have no way to track vulnerabilities.

They seem to be open to just disabling branding, but before we can do that I'm disabling distribution of the binaries to prevent any legal action.
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-02-06 23:57:54 UTC 
A commit references this bug:

Author: feld
Date: Tue Feb  6 23:57:31 UTC 2018
New revision: 461119
URL: https://svnweb.freebsd.org/changeset/ports/461119

Log:
  www/palemoon: Update LICENSE_PERMS

  Upstream forbids distribution of this package with their branding unless
  we are able to fully comply with the requirements of building against
  all of the libraries in their tree. This is untenable so we will block
  distribution for now and work on disabling branding.

  PR:		225717
  MFH:		2018Q1

Changes:
  head/www/palemoon/Makefile
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-02-06 23:58:57 UTC 
A commit references this bug:

Author: feld
Date: Tue Feb  6 23:58:04 UTC 2018
New revision: 461120
URL: https://svnweb.freebsd.org/changeset/ports/461120

Log:
  MFH: r461119

  www/palemoon: Update LICENSE_PERMS

  Upstream forbids distribution of this package with their branding unless
  we are able to fully comply with the requirements of building against
  all of the libraries in their tree. This is untenable so we will block
  distribution for now and work on disabling branding.

  PR:		225717

Changes:
_U  branches/2018Q1/
  branches/2018Q1/www/palemoon/Makefile
Comment 5 lichray 2018-02-07 00:03:22 UTC 
Testing removing official branding.
Comment 6 lichray 2018-02-07 00:20:31 UTC 
According to http://www.palemoon.org/redist.shtml 8b, stopping distributing binary makes no difference actually.

According to https://github.com/jasperla/openbsd-wip/issues/86 only trademark is their concern, so I'm taking a look at how the New Moon icon looks.
Comment 7 Ivan Rozhuk 2018-02-07 00:30:49 UTC 
(In reply to Mark Felder from comment #2)

At least nss is mozilla staff, you cant patch it to proper work with palemoon and with ff+thundeburd and other ports.

Vulnerabilities in palemoon in-base libs - should be handled by palemoons devs.

Did you try static linking palemoon and all its in-base libs?
Comment 8 lichray 2018-02-07 00:49:56 UTC 
(In reply to rozhuk.im from comment #7)

If an issue comes, we can switch dependency individually; we have been doing this many times with base nss + ff.
Comment 9 lichray 2018-02-07 03:36:47 UTC 
Created attachment 190377 [details]
new moon
Comment 10 Mark Felder freebsd_committer freebsd_triage 2018-02-11 15:47:19 UTC 
(In reply to lichray from comment #9)

I'm wondering if we should change the name as well to protect ourselves from further threats.
Comment 11 Jan Beich freebsd_committer freebsd_triage 2018-02-16 10:24:30 UTC 
(In reply to Mark Felder from comment #10)
> I'm wondering if we should change the name as well to protect
> ourselves from further threats.

See https://forum.palemoon.org/viewtopic.php?t=18256#p134592
> However, we are not going to force them to rename an already
> established package name (The package not the application) since
> that would be very disruptive to users.
Comment 12 Jan Beich freebsd_committer freebsd_triage 2018-02-17 17:21:13 UTC 
About bundled libs see:

  https://freenode.logbot.info/?ch=palemoon&q=bsd
  https://github.com/MoonchildProductions/Pale-Moon/commit/f26f28a54c3ee47ea1ebe446f679432f935a8c8e
  https://github.com/MoonchildProductions/UXP/commit/0f3e990615adfd42ae9cfbe13a6259cb6a0368c4

In particular:
> 2018-02-06 23:10 NewTobinParadigm: Of course New Moon using system
> libs won't do animated png and won't do camilla cyphers

animated png is supported by --with-system-png via

  $ make showconfig -C /usr/ports/graphics/png
  ===> The following configuration options are available for png-1.6.34:
       APNG=on: Enable Animated PNG support

while "camilla cyphers" isn't but only few users may notice

  https://bugzilla.mozilla.org/show_bug.cgi?id=1211248
  https://bugzilla.mozilla.org/show_bug.cgi?id=940119
  https://github.com/MoonchildProductions/Pale-Moon/commit/ec48ccc34fe6c17ef9ce6437667e325361bd6198
Comment 13 Tobias Kortkamp freebsd_committer freebsd_triage 2018-03-12 10:23:35 UTC 
Mark, is there any reason I shouldn't commit this?  The patch disables
branding which is all we were asked to do AFAICT.
Comment 14 Mark Felder freebsd_committer freebsd_triage 2018-03-17 00:55:55 UTC 
Work distracted me lately. Go for it.
Comment 15 commit-hook freebsd_committer freebsd_triage 2018-03-17 07:25:03 UTC 
A commit references this bug:

Author: tobik
Date: Sat Mar 17 07:24:45 UTC 2018
New revision: 464763
URL: https://svnweb.freebsd.org/changeset/ports/464763

Log:
  www/palemoon: Disable official branding

  PR:		225717

Changes:
  head/www/palemoon/Makefile
Comment 16 Tobias Kortkamp freebsd_committer freebsd_triage 2018-03-17 07:34:07 UTC 
(In reply to Mark Felder from comment #14)
Thanks.