Bug 152789

At the time of this writing, Red Hat has only released errata for FC2 (in that
case, Mozilla 1.7.3 packages), not for either RHEL release. And I haven't found
an advisory for FC2 either.

Relevant RH Bugzilla bugs (I think all of these except 133007 have patches
attached to them):
133007: Multiple security issues in Mozilla
133012/133013: javascript link dragging information leak
133014/133015: BMP integer overflows
133016/133017: VCard buffer overflow
133021/133022: javascript clipboard information leakage
133023/133024: "send page" heap based buffer overflow

RH Bugzilla bugs regarding vulnerabilities which were fixed in 1.7.3 but which
were *already* not present in the RHEL Mozilla 1.4.3 packages:
133018/133019: Confusing privilege request dialog

Judging by past history, and information in these Bugzilla reports, the Red Hat
security advisory will likely be posted here once it's done (but it's not here yet):
https://rhn.redhat.com/errata/RHSA-2004-486.html

Since Red Hat seems to be backporting all of these patches, and since they don't
have Mozilla 1.7.3 successfully building for PowerPC yet (i.e. one of the RHEL 3
architectures), I strongly suspect they will be releasing patched Mozilla 1.4.3
packages and not 1.7.3 packages.

Perhaps it will be easiest to wait for the RHEL packages to be released, then
use those as the basis for the FL packages.



------- Additional Comments From barryn 2004-09-23 18:44:11 ----

Actually, it looks like RH Bugzilla #133007 is for Fedora Core 2, not RHEL, for
what that's worth...



------- Additional Comments From barryn 2004-09-28 22:10:17 ----

If I didn't make any mistakes (and I could have), these are the relevant CVE
numbers:

CAN-2004-0902
CAN-2004-0903
CAN-2004-0904
CAN-2004-0905
CAN-2004-0908




------- Additional Comments From dom 2004-09-30 05:01:43 ----

RHEL updates: http://rhn.redhat.com/errata/RHSA-2004-486.html



------- Additional Comments From dom 2004-09-30 13:48:08 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Packages for QA for Red Hat 7.3:

http://www-astro.physics.ox.ac.uk/~dom/legacy/SRPMS/

afed9d3b64824be65bb1d02743c64caddc4e08a2  mozilla-1.4.3-2.1.4.7.legacy.src.rpm
cc02956b18ece6370286c1ba7ed363d3ce7ac022  galeon-1.2.13-5.2.1.7.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD4DBQFBXJsQYzuFKFF44qURAsMaAJdc1F1nIU8yl1yR8zp9A/7aZgYRAKC/lEXP
u5gwMbz2HTWCg1ASvIYJ5A==
=ChtF
-----END PGP SIGNATURE-----




------- Additional Comments From rob.myers.edu 2004-09-30 17:07:26 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


rebuilt mozilla-1.4.3-3.0.4.src.rpm on FC1:

use the same epiphany from http://bugzilla.fedora.us/show_bug.cgi?id=1834

available from http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/

8673d03206193c1d80ca04c9cffd9c4793cd4a04  mozilla-1.4.3-1.fc1.1.legacy.src.rpm
09900ee4627c845b307bf86e359d0cf14ab37c7a  mozilla-1.4.3-1.fc1.1.legacy.i386.rpm
bea58f45ae02ade1b032e69995dcb0061602b27d  mozilla-chat-1.4.3-1.fc1.1.legacy.i386.rpm
491b202f938bb50d79fee42985ef3c94c2b4dedf 
mozilla-debuginfo-1.4.3-1.fc1.1.legacy.i386.rpm
b72dfc6442f702af6af790f2988ba3e2740d1dff 
mozilla-devel-1.4.3-1.fc1.1.legacy.i386.rpm
470150d978e87d50eee6d7c4fefccaf46faf9d71 
mozilla-dom-inspector-1.4.3-1.fc1.1.legacy.i386.rpm
65135d959c7e7228c13d776deb7da894486fd4f9 
mozilla-js-debugger-1.4.3-1.fc1.1.legacy.i386.rpm
23eb43f5d9fd5cdbb0b9e71e47cc5305a6be4bd8  mozilla-mail-1.4.3-1.fc1.1.legacy.i386.rpm
da45f59010ad133f912334adc90c416d6e11ebec  mozilla-nspr-1.4.3-1.fc1.1.legacy.i386.rpm
0f596c281b69a2d035d3eb34a9d8b6eefbcf87f1 
mozilla-nspr-devel-1.4.3-1.fc1.1.legacy.i386.rpm
48ebcdd57c9a0d6937d8cc386e631f1d90f83f75  mozilla-nss-1.4.3-1.fc1.1.legacy.i386.rpm
25a9a920485e793e3c8a49e12c1b9eb3c4b7b4a0 
mozilla-nss-devel-1.4.3-1.fc1.1.legacy.i386.rpm
117a9febf1842228b3b93d15a959925132cd6da9  epiphany-1.0.4-2.1.legacy.src.rpm
022d73446d8de1a055bbe3fe5527272a350c4ee2  epiphany-1.0.4-2.1.legacy.i386.rpm
4b75ba06925d8b01b9708b8b80c9df461467826e 
epiphany-debuginfo-1.0.4-2.1.legacy.i386.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBXMj7tU2XAt1OWnsRAiM9AKDsUXfUO1l9QFeuvsDso2SYHoMz0QCgnf2p
GrHp5FZDq2tfaCGpLNDtuWQ=
=QWJE
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers 2004-10-02 18:11:57 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Did QA on the 7.3 packages:

afed9d3b64824be65bb1d02743c64caddc4e08a2  mozilla-1.4.3-2.1.4.7.legacy.src.rpm
cc02956b18ece6370286c1ba7ed363d3ce7ac022  galeon-1.2.13-5.2.1.7.legacy.src.rpm

- - Spec file is good
- - Source and patches match rh release
- - Build, installs and runs OK

We will have to figure out the release tags once all platforms are built.

+PUBLISH

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBX3wvLMAs/0C4zNoRAgHSAKCRlfQcl4+KfxbiCeEy+rQ8W98YxwCcD1ok
fMLmfbUZfHwT4gqyUl5yul8=
=GMgH
-----END PGP SIGNATURE-----




------- Additional Comments From michal 2004-10-02 18:51:25 ----

> We will have to figure out the release tags once all platforms are built.
"2.1" in names of original sources seems to come from AS2.1 although there
is not a great consistency in that.  :-)  Replacing that part with "7",
or "7.x", or something of that sort should work.  Leaving them as they are
is also not out of the question although tags are getting on a long side.

Indeed mozilla and galeon recompiled from these sources work without any
problems.

As for FC1 I do not have now a system to try but I strongly suspect that
mozilla-1.7.3-0.2.0 from recent FC2 updates would work even without
recompilation.



------- Additional Comments From dom 2004-10-03 02:58:52 ----

I suggest:

rh73: mozilla-1.4.3-2.1.4.7.legacy.src.rpm
rh9 : mozilla-1.4.3-2.1.4.9.legacy.src.rpm
fc1 : mozilla-1.4.3-2.1.4.fc1.legacy.src.rpm



------- Additional Comments From marcdeslauriers 2004-10-03 17:24:04 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I did QA on Rob's mozilla and epiphany packages for FC1:

8673d03206193c1d80ca04c9cffd9c4793cd4a04  mozilla-1.4.3-1.fc1.1.legacy.src.rpm
117a9febf1842228b3b93d15a959925132cd6da9  epiphany-1.0.4-2.1.legacy.src.rpm

- - Source files identical to previous/original releases
- - spec files look good
- - Builds, installs and runs OK

+PUBLISH


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBYMJwLMAs/0C4zNoRAq/yAJ9OE65IT8Ib0vVp9DQzT+y7nKPhvQCgutru
/4S5PHuKYJPqhtld4uUckOs=
=EEbp
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers 2004-10-03 17:33:44 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are packages to QA for rh9:

Changelog:
* Sun Oct 03 2004 Marc Deslauriers <marcdeslauriers>
37:1.4.3-0.9.1.legacy
- - Added backported security fixes from mozilla 1.7.3
 
* Tue Sep 21 2004 John Dalbec <jpdalbec> 37:1.4.3-0.9.0.legacy.2
- - Added BuildRequires: compat-gcc for gcc296 program (%ifarch i386 only).
- - Added BuildRequires: compat-gcc-c++ for g++296 program (%ifarch i386 only).
- - Added BuildRequires: gtk+-devel.
- - Added BuildRequires: ORBit-devel.
- - Added %dir /usr/lib/mozilla to %files.
- - Added /usr/include/mozilla-1.4.3 to %files devel.
 
* Mon Aug 30 2004 Marc Deslauriers <marcdeslauriers>
37:1.4.3-0.9.0.legacy
- - Update to latest 1.4 branch for security fixes.

83fdc71077380f4ce3876780184dc54b56d920ce  mozilla-1.4.3-0.9.1.legacy.i386.rpm
4b756f2bdb0a710693dc826fa83b73491d62fc57  mozilla-1.4.3-0.9.1.legacy.src.rpm
32d2cbb509bec99a8d5972b19c5a47208c74ba93  mozilla-chat-1.4.3-0.9.1.legacy.i386.rpm
299cd9a3850361fe8bcc99273de653694b75ecd7  mozilla-devel-1.4.3-0.9.1.legacy.i386.rpm
aac3828dff8e5ecb3e8cfd86b221a9f777a649a7 
mozilla-dom-inspector-1.4.3-0.9.1.legacy.i386.rpm
7b33c9a56a942e2791c1a0b71cbd096025d128bd 
mozilla-js-debugger-1.4.3-0.9.1.legacy.i386.rpm
64bd10cea56b94ed495064ed239a133aeeb3fb27  mozilla-mail-1.4.3-0.9.1.legacy.i386.rpm
6ab777a7001b6fc945e477ef45313e1a6bd0c849  mozilla-nspr-1.4.3-0.9.1.legacy.i386.rpm
370176c1b1b89fc92570a4fd6f9cd0ff97cb0749 
mozilla-nspr-devel-1.4.3-0.9.1.legacy.i386.rpm
ded4dc9c34eeedf37ff5f8882ee15303afb43fc4  mozilla-nss-1.4.3-0.9.1.legacy.i386.rpm
e854d726b28ffca3955392de6d1e3a58dd7ac14f 
mozilla-nss-devel-1.4.3-0.9.1.legacy.i386.rpm
Same galeon as last time:
d93c9c3771db8158db2ff8b5a29ff24a01780e53  galeon-1.2.13-0.9.1.legacy.i386.rpm
3ebbf0c18142764ce7469adf209b3813bd5b483e  galeon-1.2.13-0.9.1.legacy.src.rpm

http://www.infostrategique.com/linuxrpms/legacy/9/mozilla-1.4.3-0.9.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/mozilla-1.4.3-0.9.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/mozilla-chat-1.4.3-0.9.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/mozilla-devel-1.4.3-0.9.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/mozilla-dom-inspector-1.4.3-0.9.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/mozilla-js-debugger-1.4.3-0.9.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/mozilla-mail-1.4.3-0.9.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/mozilla-nspr-1.4.3-0.9.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/mozilla-nspr-devel-1.4.3-0.9.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/mozilla-nss-1.4.3-0.9.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/mozilla-nss-devel-1.4.3-0.9.1.legacy.i386.rpm
Same galeon as last time:
http://www.infostrategique.com/linuxrpms/legacy/9/galeon-1.2.13-0.9.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/galeon-1.2.13-0.9.1.legacy.src.rpm


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBYMSyLMAs/0C4zNoRArwYAJ0XEEfMfctJZrD1pYFBmjq2/GJ/2wCgqEvm
u+qQpU55IfvxzULD5GSATCs=
=USZm
-----END PGP SIGNATURE-----




------- Additional Comments From dom 2004-10-04 13:55:20 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA for rh9 packages:

4b756f2bdb0a710693dc826fa83b73491d62fc57  mozilla-1.4.3-0.9.1.legacy.src.rpm
3ebbf0c18142764ce7469adf209b3813bd5b483e  galeon-1.2.13-0.9.1.legacy.src.rpm

For mozilla:

- - spec file looks sane
- - patches sane, other sources identical
- - builds fine
- - runs fine

For galeon:

- - spec file looks sane
- - sources identical
- - builds fine

PUBLISH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBYeLPYzuFKFF44qURAvLkAJ9HV9vw1hGBqUXoZjOr+eGU069v7gCfa/4G
LYjcg/aPdsDhTPXAcuSA+pU=
=OuDz
-----END PGP SIGNATURE-----




------- Additional Comments From dom 2004-10-08 01:20:59 ----

Pushed to updates-testing.

http://www.redhat.com/archives/fedora-legacy-list/2004-October/msg00060.html



------- Additional Comments From dom 2004-10-08 02:31:00 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For RH 7.3:

367a2c8360f0e8f984a63da7e3e6ccadc692341c  mozilla-1.4.3-0.7.1.legacy.i386.rpm
3675dc6ec08f513dca4a56b5c26b2632d1d9081e  mozilla-chat-1.4.3-0.7.1.legacy.i386.rpm
7765e5bf8d219a2337396b65e6983c79a44c9d7b  mozilla-devel-1.4.3-0.7.1.legacy.i386.rpm
5e363fe99cbad7745de8e93b2420e7281a08c038 
mozilla-dom-inspector-1.4.3-0.7.1.legacy.i386.rpm
cffefef5b6b67d5e40a4f988503982af9a4cb49b 
mozilla-js-debugger-1.4.3-0.7.1.legacy.i386.rpm
e6d7563bf90f5f6bd4246e2b07097d37ac18e256  mozilla-mail-1.4.3-0.7.1.legacy.i386.rpm
e04ab6de0904386e881541234a8604e6283fbd00  mozilla-nspr-1.4.3-0.7.1.legacy.i386.rpm
a333e23e084b9d59488db7451b991b3775d3c774 
mozilla-nspr-devel-1.4.3-0.7.1.legacy.i386.rpm
0611c836e192bed899e30c261e17736c4a5a1b78  mozilla-nss-1.4.3-0.7.1.legacy.i386.rpm
04789c2b7516018e0fdbae8c0c24edba98a373b7 
mozilla-nss-devel-1.4.3-0.7.1.legacy.i386.rpm
14287024fbe57fc555c5e8fa2736d2a708ae2dc6  galeon-1.2.13-0.7.1.legacy.i386.rpm

- - Packages install fine
- - Mozilla (including browser, mail, chatzilla, composer) and galeon start
  up fine
- - Basic browsing fine
- - VERIFY
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBZogvYzuFKFF44qURAoPKAJ9RH6IgZwtEM5cE3QYxYhhkzQrAuACgvVPI
Q5sl6IZLT06JmOZSoNaKLk8=
=yx0g
-----END PGP SIGNATURE-----




------- Additional Comments From sheltren.edu 2004-10-15 10:40:31 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For the first course, the RH9 packages:

d99fb9b15188b9d58ad67051cd3e3468ac02681c  galeon-1.2.13-0.9.2.legacy.i386.rpm
5623fba5418718a38eb47a334866833d5705f809  mozilla-1.4.3-0.9.1.legacy.i386.rpm
17a567dc4151929cd998fa145631a939edb658ea  mozilla-chat-1.4.3-0.9.1.legacy.i386.rpm
c94427f671fc72f3198c3947feb1a55e14cb285f  mozilla-devel-1.4.3-0.9.1.legacy.i386.rpm
a11eecf474c891edcc64dcb07e85ffef0af17b42 
mozilla-dom-inspector-1.4.3-0.9.1.legacy.i386.rpm
eff086a513ad6a62c64e0f5875c8407e706360ed 
mozilla-js-debugger-1.4.3-0.9.1.legacy.i386.rpm
f11ac30cfc4ef65c0670c381f47b69a342e4db22  mozilla-mail-1.4.3-0.9.1.legacy.i386.rpm
1b69070ca96ef10c60ce7fdb115b730bdf17a5ca  mozilla-nspr-1.4.3-0.9.1.legacy.i386.rpm
aa8c04f0b2d3cefed5222c2940240ecfc3780315 
mozilla-nspr-devel-1.4.3-0.9.1.legacy.i386.rpm
5cf1c268091e7b88732e8efa58d48cf225e70800  mozilla-nss-1.4.3-0.9.1.legacy.i386.rpm
6911b2dc76ef48c309c425bd2b8d620941b5c023 
mozilla-nss-devel-1.4.3-0.9.1.legacy.i386.rpm

Signatures are OK
Packages install OK
Browsing with Mozilla browser works fine, mozilla mail and chat both start up OK
Galeon also starts up and browses web pages OK

RH9 VERIFY++
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFBcDWdKe7MLJjUbNMRAiFIAJ0V3E2EamfJJbjl2CjovEQ5aglZCgCgpItD
x9CoZen3xx72mlUetOqRxJw=
=NcFb
-----END PGP SIGNATURE-----



------- Additional Comments From sheltren.edu 2004-10-15 10:41:34 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

And for dessert, a verify for the FC1 packages:

2f43425bf02823553d958bd9858ba03dbe960e7e  epiphany-1.0.4-2.2.legacy.i386.rpm
346049a0d8835253ee9f97249b0ac834cb664bfc  mozilla-1.4.3-1.fc1.1.legacy.i386.rpm
4898da95488b5fbb6962613c383f42faaf5ff4ba  mozilla-chat-1.4.3-1.fc1.1.legacy.i386.rpm
edc0eeeaf12cc95c4838375c61140c0a12df423b 
mozilla-devel-1.4.3-1.fc1.1.legacy.i386.rpm
871e5ea09920d2844acd74188202c5f99b177bc9 
mozilla-dom-inspector-1.4.3-1.fc1.1.legacy.i386.rpm
75d8796d1e902fa56fc8665850a7027d189bd809 
mozilla-js-debugger-1.4.3-1.fc1.1.legacy.i386.rpm
08a55541cc0062892b4ae7e11f12ea041dfdc5c2  mozilla-mail-1.4.3-1.fc1.1.legacy.i386.rpm
a00c8f63b2ac924794e533582adecd979ca5aebb  mozilla-nspr-1.4.3-1.fc1.1.legacy.i386.rpm
a3e31f50a30ce3bb9d280bbcd0a941c2910534bd 
mozilla-nspr-devel-1.4.3-1.fc1.1.legacy.i386.rpm
df50478720c9430b1e9edbcd96323db6bf15c48b  mozilla-nss-1.4.3-1.fc1.1.legacy.i386.rpm
ebefb845a937bca2c0655f5dd6d43bdf9759a871 
mozilla-nss-devel-1.4.3-1.fc1.1.legacy.i386.rpm

Signatures are OK
Packages install OK
Mozilla, mozilla-mail, and mozilla-chat are working OK

I had some problems with epiphany, I believe due to the fact that it
was unable to find certain mozilla libs:
$ ldd /usr/bin/epiphany-bin
        libgtkembedmoz.so => not found
        libxpcom.so => not found

Also, the /usr/bin/epiphany script is looking in /usr/lib/mozilla-1.4.1 by default,
so running it results in:
$ epiphany
Cannot find mozilla installation directory. Please set MOZILLA_FIVE_HOME to your
mozilla directory

Changing that script to use /usr/lib/mozilla-1.4.3 for the default MOZILLA_HOME
fixes my problem (since the script also sets LD_LIBRARY_PATH, and then the libs
are then found at that point).

So, the FC1 mozilla packages look good to me, but I think epiphany needs work.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFBcDXoKe7MLJjUbNMRAhABAKDGVNq9IgT0HORRlP3i+Kyb6gRdqwCfa5TZ
rPKM3cGm61HEhzLcn1o14qI=
=ImrY
-----END PGP SIGNATURE-----



------- Additional Comments From marcdeslauriers 2004-10-15 11:55:35 ----

Epiphany problem in comment #15 is from building it in mach. Mozilla 1.4.3 must
be manually installed in the mach root before building epiphany. Must use mach -k.



------- Additional Comments From dom 2004-10-15 13:38:34 ----

Or a versioned build-depends, surely.

Will look at this over the weekend.



------- Additional Comments From cra 2004-10-18 19:03:44 ----

Created an attachment (id=888)
warnings and gtk assertion errors from galeon

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Verify for RH 7.3:

8b26049e02b8ba752151edbbda3a7ac13550f419  mozilla-1.4.3-0.7.1.legacy.src.rpm
d21e84f5b3d17317424b521fe5bb6a1771187532  galeon-1.2.13-0.7.1.legacy.src.rpm
367a2c8360f0e8f984a63da7e3e6ccadc692341c  mozilla-1.4.3-0.7.1.legacy.i386.rpm
3675dc6ec08f513dca4a56b5c26b2632d1d9081e 
mozilla-chat-1.4.3-0.7.1.legacy.i386.rpm
7765e5bf8d219a2337396b65e6983c79a44c9d7b 
mozilla-devel-1.4.3-0.7.1.legacy.i386.rpm
5e363fe99cbad7745de8e93b2420e7281a08c038 
mozilla-dom-inspector-1.4.3-0.7.1.legacy.i386.rpm
cffefef5b6b67d5e40a4f988503982af9a4cb49b 
mozilla-js-debugger-1.4.3-0.7.1.legacy.i386.rpm
e6d7563bf90f5f6bd4246e2b07097d37ac18e256 
mozilla-mail-1.4.3-0.7.1.legacy.i386.rpm
e04ab6de0904386e881541234a8604e6283fbd00 
mozilla-nspr-1.4.3-0.7.1.legacy.i386.rpm
a333e23e084b9d59488db7451b991b3775d3c774 
mozilla-nspr-devel-1.4.3-0.7.1.legacy.i386.rpm
0611c836e192bed899e30c261e17736c4a5a1b78 
mozilla-nss-1.4.3-0.7.1.legacy.i386.rpm
04789c2b7516018e0fdbae8c0c24edba98a373b7 
mozilla-nss-devel-1.4.3-0.7.1.legacy.i386.rpm
14287024fbe57fc555c5e8fa2736d2a708ae2dc6  galeon-1.2.13-0.7.1.legacy.i386.rpm

* Packages install fine
* Mozilla Browser, Mail, Chatzilla, Composer appear to work fine
* Printing works from Mozilla Browser
* Galeon works, but spews assertions in the terminal window (see attachment)

This looks like it may be a problem, but I don't use galeon enough to
know if it is par for the course:

** WARNING **: Unable to load module: libpixbufloader-png.so:
libpixbufloader-png.so: cannot open shared
 object file: No such file or directory

I have a copy of that .so in gtk2-2.0.2-4:

/usr/lib/gtk-2.0/2.0.0/loaders/libpixbufloader-png.so

There are a bunch of other libpixbufloader-*.so in
/usr/lib/gdk-pixbuf/loaders, but not the png one.  That may be a problem
with our gdk-pixbuf-0.14.0-9.legacy.1 package.

I wouldn't let galeon hold up the mozilla update, though, so:

* VERIFY
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBdKALw2eg+Um7WIYRAkJZAJ9dTAjP5k49GBM8izROaf3tQLRtqQCgmjpH
QBokL1sYL02FR+aZqZRMcpI=
=NZai
-----END PGP SIGNATURE-----




------- Additional Comments From cra 2004-10-18 19:33:59 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Replying to my comment #18, it is indeed a known problem with
gdk-pixbuf-0.14.0-0.legacy.1 in updates-testing (bug 1371).  I tried the
legacy.2 package from Dave Botsch and all the galeon problems went away.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBdKcWw2eg+Um7WIYRAlimAJ9kKDmO6ytQ2TXYy5wlb3N6DZlgQQCfSoo3
7nZ+fsT5h2FnieLlRl+VOi0=
=+q6e
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers 2004-10-24 03:48:36 ----

New epiphany packages were built for FC1 and are now in updates-testing. This
should resolve problems mentioned in comment 15.

Please re-test and add a VERIFY here.




------- Additional Comments From deisenst 2004-10-26 02:26:55 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I did QA on Marc Deslauriers' FC1 epiphany source package of Oct 23 2004:

8dd0c2479974060a9b4c64e7fb7bb7bfe08bfca0  epiphany-1.0.4-2.4.legacy.src.rpm

 - - Source file epiphany-1.0.4.tar.bz2 identical to the previous version
 - - Package signatures OK
 - - spec file looks fine.
 - - Builds, installs, and runs OK.
 
 +PUBLISH
 	-David Eisenstein 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBfkGbxou1V/j9XZwRAlkuAJsGSoDje6yQvwkwkhgUOU90uV9AKQCfRpw9
I8kH6SV5nSVbOiPFlMU3dRA=
=asFE
-----END PGP SIGNATURE-----




------- Additional Comments From deisenst 2004-10-26 03:58:52 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Verifying FC1 mozilla and epiphany packages in updates-testing:

        SHA1 sum                             Package Name
- - ------------------------------------ 
---------------------------------------------------
5885ec55134e6bffe7be6e0ec527b668e1f8b262  epiphany-1.0.4-2.4.legacy.i386.rpm
346049a0d8835253ee9f97249b0ac834cb664bfc  mozilla-1.4.3-1.fc1.1.legacy.i386.rpm
4898da95488b5fbb6962613c383f42faaf5ff4ba  mozilla-chat-1.4.3-1.fc1.1.legacy.i386.rpm
edc0eeeaf12cc95c4838375c61140c0a12df423b 
mozilla-devel-1.4.3-1.fc1.1.legacy.i386.rpm
871e5ea09920d2844acd74188202c5f99b177bc9 
mozilla-dom-inspector-1.4.3-1.fc1.1.legacy.i386.rpm
75d8796d1e902fa56fc8665850a7027d189bd809 
mozilla-js-debugger-1.4.3-1.fc1.1.legacy.i386.rpm
08a55541cc0062892b4ae7e11f12ea041dfdc5c2  mozilla-mail-1.4.3-1.fc1.1.legacy.i386.rpm
a00c8f63b2ac924794e533582adecd979ca5aebb  mozilla-nspr-1.4.3-1.fc1.1.legacy.i386.rpm
a3e31f50a30ce3bb9d280bbcd0a941c2910534bd 
mozilla-nspr-devel-1.4.3-1.fc1.1.legacy.i386.rpm
df50478720c9430b1e9edbcd96323db6bf15c48b  mozilla-nss-1.4.3-1.fc1.1.legacy.i386.rpm
ebefb845a937bca2c0655f5dd6d43bdf9759a871 
mozilla-nss-devel-1.4.3-1.fc1.1.legacy.i386.rpm
- -
-------------------------------------------------------------------------------------------

 - - Packages' signatures OK
 - - Packages installed OK
 - - Mozilla, Mozilla Mail, Mozilla Chat work fine.
 - - epiphany (from updates-testing) works okay
 - - mozilla-devel works okay; built epiphany (see comment 21) using it.
 - - venkman (mozilla-js-debugger) seems to work - will trace & do breakpoints
 - - mozilla-dom-inspector appears to work

  +VERIFY
		-David Eisenstein
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBflasxou1V/j9XZwRAmuOAJ41mrzG93p2WJoPVWSnkXIfgF1cXQCgocsD
4+6IhJsd7kN4AfwuOkU0yUw=
=mzEG
-----END PGP SIGNATURE-----




------- Additional Comments From deisenst 2004-10-26 04:16:57 ----

Arrgh!  Trying again!  Bad textbox!  Bad!

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Verifying FC1 mozilla and epiphany packages in updates-testing:

5885ec55134e6bffe7be6e0ec527b668e1f8b262  epiphany-1.0.4-2.4.legacy.i386.rpm
346049a0d8835253ee9f97249b0ac834cb664bfc  mozilla-1.4.3-1.fc1.1.legacy.i386.rpm
4898da95488b5fbb6962613c383f42faaf5ff4ba  mozilla-chat-1.4.3-1.fc1.1.legacy.i386.rpm
edc0eeeaf12cc95c4838375c61140c0a12df423b 
mozilla-devel-1.4.3-1.fc1.1.legacy.i386.rpm
871e5ea09920d2844acd74188202c5f99b177bc9 
mozilla-dom-inspector-1.4.3-1.fc1.1.legacy.i386.rpm
75d8796d1e902fa56fc8665850a7027d189bd809 
mozilla-js-debugger-1.4.3-1.fc1.1.legacy.i386.rpm
08a55541cc0062892b4ae7e11f12ea041dfdc5c2  mozilla-mail-1.4.3-1.fc1.1.legacy.i386.rpm
a00c8f63b2ac924794e533582adecd979ca5aebb  mozilla-nspr-1.4.3-1.fc1.1.legacy.i386.rpm
a3e31f50a30ce3bb9d280bbcd0a941c2910534bd 
mozilla-nspr-devel-1.4.3-1.fc1.1.legacy.i386.rpm
df50478720c9430b1e9edbcd96323db6bf15c48b  mozilla-nss-1.4.3-1.fc1.1.legacy.i386.rpm
ebefb845a937bca2c0655f5dd6d43bdf9759a871 
mozilla-nss-devel-1.4.3-1.fc1.1.legacy.i386.rpm

 - - Packages' signatures OK
 - - Packages installed OK
 - - Mozilla, Mozilla Mail, Mozilla Chat work fine.
 - - epiphany (from updates-testing) works okay
 - - mozilla-devel works okay; built epiphany (see comment 21) using it.
 - - venkman (mozilla-js-debugger) seems to work - will trace & do breakpoints
 - - mozilla-dom-inspector appears to work

  +VERIFY
		-David Eisenstein
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBfluExou1V/j9XZwRAoMSAJoC4ySx5GrAFe87g67HCQPXB1uj0ACg17G/
Ji0zLfcIoldpekzKbu5lp7I=
=dnNs
-----END PGP SIGNATURE-----




------- Bug moved to this database by dkl 2005-03-30 18:27 -------

This bug previously known as bug 2089 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2089
Originally filed under the Fedora Legacy product and Package request component.

Attachments:
warnings and gtk assertion errors from galeon
https://bugzilla.fedora.us/attachment.cgi?action=view&id=888

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.