Bug 1155499
Summary: | firefox: Downloads non-free OpenH264 blob on first start | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Florian Weimer <fweimer> | ||||
Component: | firefox | Assignee: | Martin Stransky <stransky> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 20 | CC: | fweimer, gecko-bugs-nobody, kevin, l_bratch, luke, mcatanzaro+wrong-account-do-not-cc, ppisar, rz, stransky | ||||
Target Milestone: | --- | Flags: | rz:
needinfo-
|
||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | firefox-33.1-2.fc20 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2014-11-13 11:18:28 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Florian Weimer
2014-10-22 09:03:35 UTC
There was a discussion about it on Fesco without any result. We have something in the hands now so we can discuss how to handle it. Feel free to file such ticket there. (In reply to Martin Stransky from comment #1) > There was a discussion about it on Fesco without any result. We have > something in the hands now so we can discuss how to handle it. Feel free to > file such ticket there. Okay, I filed https://fedorahosted.org/fesco/ticket/1359 . Can any of the firefox maintainers answer Matts questions in comment #3 of the above ticket? Basically I think we would very much like to have a way to let users download this if they choose, but not to automatically do so for them. Is there a way we can do that? IMHO the automatic download can be disabled. The problem here is how to enable it when user is willing to use it. So if you believe it's important to disable the automatic download we can do that any time. (In reply to Martin Stransky from comment #4) > IMHO the automatic download can be disabled. The problem here is how to > enable it when user is willing to use it. So if you believe it's important > to disable the automatic download we can do that any time. Yeah, thats good to know. ;) Further to that however: 1. Can it be disabled in such a way where the user can go and choose to tell it to download now? 2. Can if be disabled in such a way where the user going to a page/loading something that needs it will be prompted to download/install it? (In reply to Kevin Fenzi from comment #5) > (In reply to Martin Stransky from comment #4) > > IMHO the automatic download can be disabled. The problem here is how to > > enable it when user is willing to use it. So if you believe it's important > > to disable the automatic download we can do that any time. > > Yeah, thats good to know. ;) > > Further to that however: > > 1. Can it be disabled in such a way where the user can go and choose to tell > it to download now? No. > 2. Can if be disabled in such a way where the user going to a page/loading > something that needs it will be prompted to download/install it? No. Any of those changes need extra work, it means to add special patches to GUI (create new dialog boxes and so) and should be reviewed by mozilla developers. We can work with upstream on it but it's a long term goal. Any patches here are welcome. Thanks for the info. One final question: Would it be possible to disable the automatic download, and have manual steps/documentation on how to manually download/install it? ie, 'fetch this file and install it here' ? (In reply to Kevin Fenzi from comment #7) > Thanks for the info. > > One final question: > > Would it be possible to disable the automatic download, and have manual > steps/documentation on how to manually download/install it? ie, 'fetch this > file and install it here' ? Yes, I believe so (but not tested, I didn't try so). IMHO You need to download the file and copy to plugin directory. It's similar to flas-plugin installation. ok. I guess that url to download from could be in docs or discoverable somehow? Thanks. Just a pointer how Gentoo tackles this issue <https://bugs.gentoo.org/show_bug.cgi?id=525810>. ok, at today's FESCo meeting we discussed this and: * AGREED: ask firefox maintainers to disable automatic download of OpenH264 plugin (+6,0,1) (nirik, 18:32:04) * nirik will draft a page (nirik, 18:35:28) * AGREED: will keep ticket open a week for interested parties to propose longer term solutions. (+6, 0, 0) (nirik, 18:48:21) Can you please disable the autodownload in all Fedora firefox packages asap? I will work on drafting a page that passes a legal check to manually download/install the plugin for now. Hopefully we can come up with a easier way for users to get the plugin. Thanks! Okay, we'll disable the autoload. Please note that all users who already updated the package to Firefox 33 already have the video codecs installed. NOTE: Ypu can check the plugin presence in "about:plugins" tab. It shows "OpenH264 Video Codec provided by Cisco Systems, Inc.". Build as firefox-33.1-2. You can remove the codec by those steps: 1) cd to your Firefox profile (usually ~.mozilla/firefox/*.default) 2) delete the plugin (rm -rf gmp gmp-gmpopenh264) firefox-33.1-2.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/firefox-33.1-2.fc20 firefox-33.1-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. This problem still appears present in firefox-33.1-2.fc19. Tried a profile which has not been in use for some time and got this: 1416944541013 GMPInstallManager.simpleCheckAndInstall INFO Last check was: 1416944541 seconds ago, minimum seconds: 86400 1416944541014 GMPInstallManager._getURL INFO Using url: https://aus4.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml 1416944541016 GMPInstallManager._getURL INFO Using url (with replacement): https://aus4.mozilla.org/update/3/GMP/33.1/20141113112934/Linux_x86-gcc3/en-US/default/Linux%203.14.23-100.fc19.i686.PAE%20(GTK%202.24.22)/default/default/update.xml 1416944541017 GMPInstallManager.checkForAddons INFO sending request to: https://aus4.mozilla.org/update/3/GMP/33.1/20141113112934/Linux_x86-gcc3/en-US/default/Linux%203.14.23-100.fc19.i686.PAE%20(GTK%202.24.22)/default/default/update.xml 1416944550873 GMPInstallManager.onLoadXML INFO request completed downloading document 1416944550876 GMPInstallManager.onLoadXML INFO allowNonBuiltIn: false 1416944550886 GMPInstallManager.simpleCheckAndInstall INFO Found 1 addons advertised. 1416944550887 GMPInstallManager.simpleCheckAndInstall INFO Found addon: gmp-gmpopenh264 (isValid: true, isInstalled: false, isOpenH264: true, hashFunction: sha512, hashValue: ef401c8c80f98e2df8942e601ccefb41ba701753ac3b28ca8bfa1830780c27a5a17f488ba689427500555753e332a0849aac82e93ef9178c85b06f6f2d44438f, size: 380918) 1416944570590 GMPInstallManager.simpleCheckAndInstall INFO Addon installed successfully: gmp-gmpopenh264 (isValid: true, isInstalled: true, isOpenH264: true, hashFunction: sha512, hashValue: ef401c8c80f98e2df8942e601ccefb41ba701753ac3b28ca8bfa1830780c27a5a17f488ba689427500555753e332a0849aac82e93ef9178c85b06f6f2d44438f, size: 380918) Can you please test with a fresh profile? It's possible that you have the download enabled in your recent profile. same result. $ cfx run Using binary at '/usr/bin/firefox'. (process:7620): GLib-CRITICAL **: g_slice_set_config: assertion `sys_page_size == 0' failed Using profile at '/tmp/tmph5ONsM.mozrunner'. (process:7632): GLib-CRITICAL **: g_slice_set_config: assertion `sys_page_size == 0' failed Fontconfig warning: "/etc/fonts/conf.d/50-user.conf", line 14: reading configurations from ~/.fonts.conf is deprecated. JavaScript strict warning: chrome://global/content/bindings/textbox.xml, line 119: reference to undefined property this.inputField.selectionStart JavaScript strict warning: chrome://browser/content/newtab/newTab.js, line 230: reference to undefined property args[0] 1417036074503 GMPInstallManager.simpleCheckAndInstall INFO Last check was: 1417036075 seconds ago, minimum seconds: 86400 1417036074503 GMPInstallManager._getURL INFO Using url: https://aus4.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml 1417036074504 GMPInstallManager._getURL INFO Using url (with replacement): https://aus4.mozilla.org/update/3/GMP/33.1/20141113112934/Linux_x86-gcc3/en-US/default/Linux%203.14.23-100.fc19.i686.PAE%20(GTK%202.24.22)/default/default/update.xml 1417036074506 GMPInstallManager.checkForAddons INFO sending request to: https://aus4.mozilla.org/update/3/GMP/33.1/20141113112934/Linux_x86-gcc3/en-US/default/Linux%203.14.23-100.fc19.i686.PAE%20(GTK%202.24.22)/default/default/update.xml 1417036077440 GMPInstallManager.onLoadXML INFO request completed downloading document 1417036077441 GMPInstallManager.onLoadXML INFO allowNonBuiltIn: false 1417036077453 GMPInstallManager.simpleCheckAndInstall INFO Found 1 addons advertised. 1417036077453 GMPInstallManager.simpleCheckAndInstall INFO Found addon: gmp-gmpopenh264 (isValid: true, isInstalled: false, isOpenH264: true, hashFunction: sha512, hashValue: ef401c8c80f98e2df8942e601ccefb41ba701753ac3b28ca8bfa1830780c27a5a17f488ba689427500555753e332a0849aac82e93ef9178c85b06f6f2d44438f, size: 380918) 1417036078635 GMPInstallManager.simpleCheckAndInstall INFO Addon installed successfully: gmp-gmpopenh264 (isValid: true, isInstalled: true, isOpenH264: true, hashFunction: sha512, hashValue: ef401c8c80f98e2df8942e601ccefb41ba701753ac3b28ca8bfa1830780c27a5a17f488ba689427500555753e332a0849aac82e93ef9178c85b06f6f2d44438f, size: 380918) Total time: 626.330239 seconds Program terminated successfully. Is there any upstream ticket for this? I am tempted to create one. (In reply to Richard Z. from comment #20) > Is there any upstream ticket for this? I am tempted to create one. There is https://bugzilla.mozilla.org/show_bug.cgi?id=1100304 "Cisco's OpenH264 binary blob is downloaded without prompting the user" which I created. Found https://bugzilla.mozilla.org/show_bug.cgi?id=1044268, seems some more things need to be set: I have added pref("media.gmp-gmpopenh264.autoupdate",false); pref("media.gmp-gmpopenh264.enabled",false); to the previous /usr/lib/firefox/browser/defaults/preferences/firefox-redhat-default-prefs.js and it works as expected now, printing GMPInstallManager.simpleCheckAndInstall INFO Auto-update is off for openh264, aborting check. Apparently the autoupdate still kicked in if the other values were disabled. Whoever didn't scrub their ~/.mozilla/firefox/*/gmp-gmpopenh264 yet should do it pretty soon: http://tools.cisco.com/security/center/viewAlert.x?alertId=36500 Created attachment 962575 [details]
prefs to disable downloading
really disable downloading the binary
Thanks! |