[CentOS] C5: The Firefox ESR 45.1.0 Nighmare

Fri Apr 29 12:22:48 UTC 2016
Johnny Hughes <johnny at centos.org>

On 04/28/2016 10:20 PM, Always Learning wrote:
> On Thu, 2016-04-28 at 22:27 -0400, Jonathan Billings wrote:
>> On Fri, Apr 29, 2016 at 02:23:32AM +0100, Always Learning wrote:
>>> Centos replaced well-running customise Firefox with version ESR 45.1.0
>> Errr... you mean Red Hat released a security update (see
>> https://rhn.redhat.com/errata/RHSA-2016-0695.html), and CentOS
>> rebuilt and released it.
>> What, exactly, would you like the CentOS maintainers to do
>> differently?  Are you volunteering your time to help?
> I would really like to help but I lack the time with many many demands
> on time I don't have.  
> Centos might form a special interests group specifically for the
> existing Firefox ESR browser. Another poster recently stated Mozilla was
> dropping ESR versions which is likely to jeopardise browser stability. 
> Ultimately it would be nice for a Firefox folk removing privacy
> breeches, phoning home, allowing web sites to secretly store data
> (despite options turned-off) and removal of lots of crap unnecessary for
> the vast majority of Enterprise users. It could eliminate the constant
> changes - often apparently just to amuse Firefox developers - which
> users seem to hate.
> When using the yum GUI update notification service, no reasons for
> updates are visible.
> No good issuing a security improvement when, as Johnny replied in
> another posting,
> 	" With respect to CentOS-5, it seems this patch was not
> 	 migrated to the 45.0.1 install:
> 	https://bugzilla.redhat.com/attachment.cgi?id=1025187
> 	from this bugzilla:
> 	https://bugzilla.redhat.com/show_bug.cgi?id=1221368 "
> essential parts were omitted. Perhaps Up-Stream were pre-occupied with
> another fundamental change to the product we know and love ? (well, not
> C7 yet)
> I use Firefox extensively for a multitude of tasks.

OK, when red hat releases a firefox update, we build it.  It is a
rebuild of the upstream code, as is are all other CentOS packages.

So, we will work with the Red Hat maintainer to address any issues, like
we did with the unix plice bug .. BUT .. we will build and release any
source code that is released for RHEL .. that is what CentOS Linux is, a
rebuild of the RHEL Source Code, when it is released.

So, it does not matter if the packages are broken or not.  If the CentOS
team did not make changes that did the breaking, we will not be issueing
fixes UNTIL Red Hat does in the RHEL Source Code.  It the centOS team
did make a branding change, and that change is responsible for breaking
something, we will of course fix that ASAP and release.

In the case of this firefox release, Red Hat has acknowledged they need
to fix it in the RHEL Source Code here:


Therefore, I have made a new temporary version available here, for
people who would opt to get the new version and not wait:


If you want either the 1386 and/or x86_64 versions, please manually
download and install them.

Johnny HUghes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20160429/3f57b5b8/attachment-0003.sig>