# libxul ,this port is obsolete!



## teo (Dec 16, 2017)

Hello people of ports!


www/libxul  this port is obsolete and gives errors to the dependencies as firefox or palemoon and others, I've already upgraded all the ports. Any solution to install the java/icedtea-web port?


# `cd /usr/ports/java/icedtea-web/ && make config-recursive && make install  clean`

```
.............      ..............       .................
         .............      ..............       .................
usr/bin/sed -i.bak -e 's|^Icon=javaws|Icon=itweb-javaws|'  /usr/ports/java/icedtea-web/work/icedtea-web-1.6.2/*.desktop.in
===>   icedtea-web-1.6.2_3 depends on executable: zip - found
bxul===>   icedtea-web-1.6.2_3 depends on executable: bash - found
===>   icedtea-web-1.6.2_3 depends on executable: gsed - found
===>   icedtea-web-1.6.2_3 depends on file: /usr/local/libdata/pkgconfig/libxul.pc - not found
===>   NOTICE:

This port is deprecated; you may wish to reconsider installing it:

NPAPI are no longer supported.

It is scheduled to be removed on or after 2018-06-20.

===>  libxul-45.9.0_9 has known vulnerabilities:
li-45.9.0_9 is vulnerable:
mozilla -- multiple vulnerabilities
CVE: CVE-2017-7825
               ..................      ...............  .........
               ..................      ...............  .........
libxul-45.9.0_9 is vulnerable:
mozilla -- multiple vulnerabilities
CVE: CVE-2017-7778
CVE: CVE-2017-7768
                ...............       ..............    ..............
                ...............       ..............    ..............

CVE: CVE-2017-5470
WWW: https://vuxml.FreeBSD.org/freebsd/6cec1b0a-da15-467d-8691-1dea392d4c8d.html

1 problem(s) in the installed packages found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update available.
=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'
*** Error code 1

Stop.
make[3]: stopped in /usr/ports/www/libxul
*** Error code 1

Stop.
make[2]: stopped in /usr/ports/www/libxul
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/java/icedtea-web
*** Error code 1

Stop.
make: stopped in /usr/ports/java/icedtea-web
#
```


----------



## talsamon (Dec 16, 2017)

It makes no sense install java/icedtea-web for www/firefox. Firefox does not support NPAPI anymore www/palemoon does.
You can install www/libxul  with `portmaster -m -DDISABLE_VULNERABILITIES www/libxul`  or in the port with`make install clean DISABLE_VULNERABILITIES=yes`.


----------



## teo (Dec 16, 2017)

talsamon said:
			
		

> It makes no sense install www/icedtea-web for www/firefox. Firefox does not support NPAPI anymore www/palemoon does.
> You can install www/libxul  with `portmaster -m -DDISABLE_VULNERABILITIES www/libxul`  or in the port with`make install clean DISABLE_VULNERABILITIES=yes`.



What sense does it make to install www/libxul  which is version 45 of Mozilla and gives problems with other dependencies as explained above?  The message  what visualized is obsolete,   and vulnerabilities to   other system dependencies as quantum firefox oh palemoon and others.


----------



## talsamon (Dec 16, 2017)

Sorry, I don't understand what you want, you asked:


teo said:


> Any solution to install the java/icedtea-web port?


I don't think there is a way install java/icedtea-web without www/libxul.

Edit: (It is with turn `PLUGIN=off`, but then you have no Browser-plugin).


----------



## talsamon (Dec 16, 2017)

Look at this PR 220648.


----------



## teo (Dec 17, 2017)

talsamon said:


> Sorry, I don't understand what you want, you asked:
> 
> I don't think there is a way install java/icedtea-web without www/libxul.
> 
> Edit: (It is with turn `PLUGIN=off`, but then you have no Browser-plugin).



 I just installed  firefox 57.2  (quantum) from the ports  correctly without the obsolete  www/libxul   that gives errors and other dependencies.  The java/icedtea-web port wanted to install it because some sites as online multimedia on the internet depend on that port.


----------



## talsamon (Dec 17, 2017)

You can install www/icedtea-web with pkg.
`pkg info` shows

```
Options        :
   DOCS           : on
   PLUGIN         : on
   RHINO          : off
   TAGSOUP        : off
```

this does not install   www/libxul or firefox-45.9.0esr   (like the port wants to do).

and use an other browser than firefox.


----------



## teo (Dec 17, 2017)

talsamon said:
			
		

> You can install www/icedtea-web with pkg.
> 
> this does not install   www/libxul or firefox-45.9.0esr   (like the port wants to do).
> 
> and use an other browser than firefox.



Hello talsamon!

 I already installed the latest version of Firefox  from ports, and without errors, firefox quantum is flying is like a fast plane.

I can't install that java/icedtea-web port with pkg  because it installs autamatically the obsolete www/libxul port and then to install other packages I have problems with that obsolete port.


----------



## talsamon (Dec 17, 2017)

Fine,  ;-))


----------



## Deleted member 30996 (Dec 17, 2017)

teo said:


> I can't install that java/icedtea-web port with pkg  because it installs autamatically the obsolete www/libxul port...



One more reason to use ports. 

Though it is not ATM, graphics/gimp would be happy to install a vulnerable version of graphics/OpenEXR if you use pkg, too.


----------



## talsamon (Dec 17, 2017)

It is not so: pkg does not install www/libxul and does not install www/firefox-esr. The port tries to install www/firefox-esr.   Pkg could not have other dependencies as the port (If the options are the same, and the pkg and the port have the same  version).
So I guess something with the port is wrong.


```
pkg install icedtea-web
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
   icedtea-web: 1.6.2_3 [FreeBSD]

Number of packages to be installed: 1
```


----------



## talsamon (Dec 17, 2017)

Found it:
If I change the line in the Makefile

```
.for opt in asm chrome chromium ecj epiphany firefox  jacoco midori opera
CONFIGURE_ARGS+=        --without-${opt}
.endfor
to
.for opt in asm chrome chromium ecj epiphany firefox firefox-esr jacoco midori opera
...
```

it installs like the pkg.
Edit: The install of www/firefox-esr should be optional.


----------



## teo (Dec 17, 2017)

Trihexagonal said:
			
		

> One more reason to use ports.
> 
> Though it is not ATM, graphics/gimp would be happy to install a vulnerable version of graphics/OpenEXR if you use pkg, too.



I have  graphics/gimp installed also from ports, fortunately that graphics/OpenEXR port was installed, although in the end I end up giving www/libxul error.


----------



## Deleted member 30996 (Dec 17, 2017)

teo said:


> I have  graphics/gimp installed also from ports, fortunately that graphics/OpenEXR port was installed...



You can deselect the option for graphics/OpenEXR in one of the programs graphics/gimp installs. I watch for it to deselect it but can't think of the port offhand.

It's not vulnerable now but was for a long time. If it becomes so again you can `cd` to the graphics/OpenEXR directory, run `# make deinstall clean` to remove it and graphics/gimp will still work for manipulating images.


----------



## talsamon (Dec 17, 2017)

You can deselect  graphics/OpenEXR in graphics/gegl.


----------

