[No response on CentOS list, so trying CentOS-devel.]
-------- Forwarded Message -------- Subject: [CentOS] CentOS 7: Missing Thunderbird Updates Date: Mon, 21 Nov 2022 15:33:56 -0500 From: Chris Schanzle via CentOS centos@centos.org Reply-To: Chris Schanzle christopher.schanzle@nist.gov, CentOS mailing list centos@centos.org To: CentOS mailing list centos@centos.org
Hi,
Looks like CentOS 7 hasn't shipped Thunderbird updates for a while. The latest I see in repos is:
Sep 1 15:22 thunderbird-91.13.0-1.el7.centos.x86_64.rpm
Perusing through the RHEL announcements, that was from the RHSA-2022:6169-01 on 2022-08-24. Seems none of the 102.x versions have shipped:
2022-09-26 RHSA-2022:6710-01 thunderbird-102.3.0-3.el7_9.x86_64.rpm
2022-10-18 RHSA-2022:6998-01 thunderbird-102.3.0-4.el7_9.x86_64.rpm
2022-10-25 RHSA-2022:7184-01 thunderbird-102.4.0-1.el7_9.x86_64.rpm
And for completeness, just announced today:
2022-11-21 RHSA-2022:8555-01 thunderbird-102.5.0-2.el7_9.x86_64.rpm
Thanks in advance for efforts to find and clear the blockage!
OK, this is a known issue as seen here:
https://forums.centos.org/viewtopic.php?f=51&t=79706
Seems then that all users of CentOS 7 are at risk if they are using Firefox or Thunderbird on it.
And that's for three months now. Not good.
Dear Red Hat, how can you left us in the rain that way?
Regards, Simon
Thanks for the reference, Simon. [tl;dr: delays due to CentOS folks repeating tremendous effort RH already solved.] While I am grateful for everyone's time and efforts, it is hard to understand why there isn't more technology transfer within RH to the CentOS folks if they're one big happy family. And disappointing there is no communication on this issue here.
With vulnerable internet-interacting apps like Thunderbird and Firefox (possibly others), IMHO CentOS 7 is unsafe for general use. Effectively EOL. I'm sad, but no time for self pity when there's work to replace the OS on our systems...
Thank you, CentOS team. Incredible success for many years - I've enjoyed the ride with you.
On 11/30/22 3:45 AM, Simon Matter wrote:
On 11/30/22 11:41, Chris Schanzle via CentOS-devel wrote:
These (firefox and thunderbird) are now released.
Regardless, these things still need to be built in the CentOS Infrastructure. Just FYI, i had to bootstrap all of the following to make this work:
rust-1.54 rust-1.58 rust-1.62 devtoolset-12 llvm-toolset-12.0 llvm-toolset-13.0 llvm-toolset-14.0
Many of these items needed to be combined together in different buildroots to get different library links.
I also provided the required source packages to other people so they could build this as well since not all the things required to build Firefox/Thunderbird are part of the distribution.
The real bottom line here is that this was not easy to do. It requires MANY things that are newer than the items released in EL7. But once built, it still needs to run on the items included in EL7.
This was much easier to do in both CentOS Stream 8 and CentOS Stream 9 as the toolsets are all part of those distribution. They are not part of the RHEL 7 (so also not part of CentOS Linux 7).
Thanks, Johnny Hughes
On 12/1/22 01:00, Simon Matter wrote:
NOTE: We can not get Firefox/Thunderbird to build on ppc/ppc64 or armhfp right now, it is likely that either it will no longer be supported on these or certainly not until later on. Several of the 'toolsets' that I need are not building cleanly on those arches.
The aarch64 are ppc64le builds are building ok, but still being tested before release.
I was also trying to do all 7 architectures for both of these. Moving forward,it seems that the only ones we can reliably build are x86_64, i686, aarch64 and ppc64le for CentOS Linux 7.
Thanks, Johnny Hughes
Hi Johnny
While we are at it, I saw the following lines in /usr/bin/thunderbird and it looks like %RHEL_ENV_VARS% should be replaced at build time.
Can someone tell me what is there instead on a RHEL system?
Thanks, Simon
... # BEAST fix (rhbz#1005611) NSS_SSL_CBC_RANDOM_IV=${NSS_SSL_CBC_RANDOM_IV-1} export NSS_SSL_CBC_RANDOM_IV
# Linux version specific environment variables %RHEL_ENV_VARS%
exec $MOZ_PROGRAM "$@"
On Fri, Dec 2, 2022 at 8:30 AM Simon Matter simon.matter@invoca.ch wrote:
Nothing, it's the same - it's a leftover after the rebase that will be removed in 102.6 builds (originally reported as https://bugzilla.redhat.com/show_bug.cgi?id=2144637)
Tom
On 12/2/22 01:53, Tomáš Popela wrote:
Basically, because the upstream maintainers of Firefox/Thunderbird are always using newer and newer rust/llvm/clang and other things to build the products .. and because in Enterprise Linux we are trying to support an older set of shared libraries for software development, this means shoehorning things like these two programs into running on the older shared libraries. We need to build them one way and run them on something else.
The RHEL team does a wonderful job of making this happen and as the date from release gets further and further along this becomes harder and harder to do. They deserve a huge amount of credit for making this happen. At least IMHO.
Am 02.12.22 um 16:14 schrieb Johnny Hughes:
Anyone that already got into such dependency hell, knows what kind of trouble this implies. Yep, and a big thank you for you!
I wonder if this can be addressed beforehand. Then its clear that next year Mozilla will start the work on version 115 in May and the ESR release will be GA end of June. So, RH will start shipping the new ESR version in August. These are my personal estimations. Maybe the dependency graph could be elaborated ... not sure if this is feasible.
-- Leon
On 12/2/22 10:38, Leon Fauster via CentOS-devel wrote:
If I had more time, I could probably add more of the toolsets to the CentOS-7 Linux build root as they come along rather than waiting until I need them. It is a SIG that actually builds toolsets, but they also don't do them all and they don't support all the alt arches we release for CentOS-7.
I have tried to do that before, but I usually have more work to do than time and things 'not required for release' tend to make their way to the back burner. Although to be fair, some of these toolsets were not actually released for EL7 mainstream, so neither I or the SIG would have built those anyway.
There were a couple major versions (78 and 91) that used more similar toolsets, this one was a big jump.
If you guys can remind me when Fedora gets a version very close to the next ESR, I can go look at their build logs to see what we need and get started earlier.
Hij Johnny,
On Mon, Dec 5, 2022 at 1:09 PM Johnny Hughes johnny@centos.org wrote:
As a person who is planning and overseeing the whole rebase of Thunderbird and Firefox in RHEL, I can make a note to let you know what toolsets we will start to require when we will work on next year's FF/TB rebase.
Tom
-
Chris Schanzle -
Johnny Hughes -
Leon Fauster -
Patrick Riehecky -
Simon Matter -
Tomáš Popela