Upon first startup, Firefox automatically downloads the Cisco's OpenH264 video codec: 1413967331677 GMPInstallManager.simpleCheckAndInstall INFO Last check was: 1413967332 seconds ago, minimum seconds: 86400 1413967331677 GMPInstallManager._getURL INFO Using url: https://aus4.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml 1413967331678 GMPInstallManager._getURL INFO Using url (with replacement): https://aus4.mozilla.org/update/3/GMP/33.0/20141015093046/Linux_x86_64-gcc3/en-US/default/Linux%203.16.4-200.fc20.x86_64%20(GTK%202.24.24)/default/default/update.xml 1413967331679 GMPInstallManager.checkForAddons INFO sending request to: https://aus4.mozilla.org/update/3/GMP/33.0/20141015093046/Linux_x86_64-gcc3/en-US/default/Linux%203.16.4-200.fc20.x86_64%20(GTK%202.24.24)/default/default/update.xml 1413967332575 GMPInstallManager.onLoadXML INFO request completed downloading document 1413967332580 GMPInstallManager.onLoadXML INFO allowNonBuiltIn: false 1413967332601 GMPInstallManager.simpleCheckAndInstall INFO Found 1 addons advertised. 1413967332601 GMPInstallManager.simpleCheckAndInstall INFO Found addon: gmp-gmpopenh264 (isValid: true, isInstalled: false, isOpenH264: true, hashFunction: sha512, hashValue: 737e49f25aace93d470f1a781c69c3cdd0c9db21afe62221fb171d38a31d8a2b55af01a69cd00e7352e7a34aa450b6b85729509f81582379394785b37997a423, size: 385889) 1413967332982 GMPInstallManager.simpleCheckAndInstall INFO Addon installed successfully: gmp-gmpopenh264 (isValid: true, isInstalled: true, isOpenH264: true, hashFunction: sha512, hashValue: 737e49f25aace93d470f1a781c69c3cdd0c9db21afe62221fb171d38a31d8a2b55af01a69cd00e7352e7a34aa450b6b85729509f81582379394785b37997a423, size: 385889) Also see about:plugins. I see three problems with that: 1. The binary was not built on Fedora infrastructure, which is against packaging policy. 2. Cisco's binary license agreement requires that the license is presented to the user, but it is not included in the Licensing Information or End User Rights that come with Firefox. It is linked from the Add-Ons Manager, but not from about:plugins. 3. Cisco's license does not seem to allow commercial use (“uses in which it [receives] remuneration”), which is a restriction on use and incompatible with Fedora's licensing guidelines. Cisco's license is available in Firefox itself and on the web: <chrome://mozapps/content/extensions/OpenH264-license.txt> <http://www.openh264.org/BINARY_LICENSE.txt> I've also reproduced it below. ------------------------------------------------------- About The Cisco-Provided Binary of OpenH264 Video Codec ------------------------------------------------------- Cisco provides this program under the terms of the BSD license. Additionally, this binary is licensed under Cisco’s AVC/H.264 Patent Portfolio License from MPEG LA, at no cost to you, provided that the requirements and conditions shown below in the AVC/H.264 Patent Portfolio sections are met. As with all AVC/H.264 codecs, you may also obtain your own patent license from MPEG LA or from the individual patent owners, or proceed at your own risk. Your rights from Cisco under the BSD license are not affected by this choice. For more information on the OpenH264 binary licensing, please see the OpenH264 FAQ found at http://www.openh264.org/faq.html#binary A corresponding source code to this binary program is available under the same BSD terms, which can be found at http://www.openh264.org ----------- BSD License ----------- Copyright © 2014 Cisco Systems, Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ----------------------------------------- AVC/H.264 Patent Portfolio License Notice ----------------------------------------- The binary form of this Software is distributed by Cisco under the AVC/H.264 Patent Portfolio License from MPEG LA, and is subject to the following requirements, which may or may not be applicable to your use of this software: THIS PRODUCT IS LICENSED UNDER THE AVC PATENT PORTFOLIO LICENSE FOR THE PERSONAL USE OF A CONSUMER OR OTHER USES IN WHICH IT DOES NOT RECEIVE REMUNERATION TO (i) ENCODE VIDEO IN COMPLIANCE WITH THE AVC STANDARD (“AVC VIDEO”) AND/OR (ii) DECODE AVC VIDEO THAT WAS ENCODED BY A CONSUMER ENGAGED IN A PERSONAL ACTIVITY AND/OR WAS OBTAINED FROM A VIDEO PROVIDER LICENSED TO PROVIDE AVC VIDEO. NO LICENSE IS GRANTED OR SHALL BE IMPLIED FOR ANY OTHER USE. ADDITIONAL INFORMATION MAY BE OBTAINED FROM MPEG LA, L.L.C. SEE HTTP://WWW.MPEGLA.COM Accordingly, please be advised that content providers and broadcasters using AVC/H.264 in their service may be required to obtain a separate use license from MPEG LA, referred to as "(b) sublicenses" in the SUMMARY OF AVC/H.264 LICENSE TERMS from MPEG LA found at http://www.openh264.org/mpegla --------------------------------------------- AVC/H.264 Patent Portfolio License Conditions --------------------------------------------- In addition, the Cisco-provided binary of this Software is licensed under Cisco's license from MPEG LA only if the following conditions are met: 1. The Cisco-provided binary is separately downloaded to an end user’s device, and not integrated into or combined with third party software prior to being downloaded to the end user’s device; 2. The end user must have the ability to control (e.g., to enable, disable, or re-enable) the use of the Cisco-provided binary; 3. Third party software, in the location where end users can control the use of the Cisco-provided binary, must display the following text: "OpenH264 Video Codec provided by Cisco Systems, Inc." 4. Any third-party software that makes use of the Cisco-provided binary must reproduce all of the above text, as well as this last condition, in the EULA and/or in another location where licensing information is to be presented to the end user. v1.0
There was a discussion about it on Fesco without any result. We have something in the hands now so we can discuss how to handle it. Feel free to file such ticket there.
(In reply to Martin Stransky from comment #1) > There was a discussion about it on Fesco without any result. We have > something in the hands now so we can discuss how to handle it. Feel free to > file such ticket there. Okay, I filed https://fedorahosted.org/fesco/ticket/1359 .
Can any of the firefox maintainers answer Matts questions in comment #3 of the above ticket? Basically I think we would very much like to have a way to let users download this if they choose, but not to automatically do so for them. Is there a way we can do that?
IMHO the automatic download can be disabled. The problem here is how to enable it when user is willing to use it. So if you believe it's important to disable the automatic download we can do that any time.
(In reply to Martin Stransky from comment #4) > IMHO the automatic download can be disabled. The problem here is how to > enable it when user is willing to use it. So if you believe it's important > to disable the automatic download we can do that any time. Yeah, thats good to know. ;) Further to that however: 1. Can it be disabled in such a way where the user can go and choose to tell it to download now? 2. Can if be disabled in such a way where the user going to a page/loading something that needs it will be prompted to download/install it?
(In reply to Kevin Fenzi from comment #5) > (In reply to Martin Stransky from comment #4) > > IMHO the automatic download can be disabled. The problem here is how to > > enable it when user is willing to use it. So if you believe it's important > > to disable the automatic download we can do that any time. > > Yeah, thats good to know. ;) > > Further to that however: > > 1. Can it be disabled in such a way where the user can go and choose to tell > it to download now? No. > 2. Can if be disabled in such a way where the user going to a page/loading > something that needs it will be prompted to download/install it? No. Any of those changes need extra work, it means to add special patches to GUI (create new dialog boxes and so) and should be reviewed by mozilla developers. We can work with upstream on it but it's a long term goal. Any patches here are welcome.
Thanks for the info. One final question: Would it be possible to disable the automatic download, and have manual steps/documentation on how to manually download/install it? ie, 'fetch this file and install it here' ?
(In reply to Kevin Fenzi from comment #7) > Thanks for the info. > > One final question: > > Would it be possible to disable the automatic download, and have manual > steps/documentation on how to manually download/install it? ie, 'fetch this > file and install it here' ? Yes, I believe so (but not tested, I didn't try so). IMHO You need to download the file and copy to plugin directory. It's similar to flas-plugin installation.
ok. I guess that url to download from could be in docs or discoverable somehow? Thanks.
Just a pointer how Gentoo tackles this issue <https://bugs.gentoo.org/show_bug.cgi?id=525810>.
ok, at today's FESCo meeting we discussed this and: * AGREED: ask firefox maintainers to disable automatic download of OpenH264 plugin (+6,0,1) (nirik, 18:32:04) * nirik will draft a page (nirik, 18:35:28) * AGREED: will keep ticket open a week for interested parties to propose longer term solutions. (+6, 0, 0) (nirik, 18:48:21) Can you please disable the autodownload in all Fedora firefox packages asap? I will work on drafting a page that passes a legal check to manually download/install the plugin for now. Hopefully we can come up with a easier way for users to get the plugin. Thanks!
Okay, we'll disable the autoload. Please note that all users who already updated the package to Firefox 33 already have the video codecs installed.
NOTE: Ypu can check the plugin presence in "about:plugins" tab. It shows "OpenH264 Video Codec provided by Cisco Systems, Inc.".
Build as firefox-33.1-2. You can remove the codec by those steps: 1) cd to your Firefox profile (usually ~.mozilla/firefox/*.default) 2) delete the plugin (rm -rf gmp gmp-gmpopenh264)
firefox-33.1-2.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/firefox-33.1-2.fc20
firefox-33.1-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
This problem still appears present in firefox-33.1-2.fc19. Tried a profile which has not been in use for some time and got this: 1416944541013 GMPInstallManager.simpleCheckAndInstall INFO Last check was: 1416944541 seconds ago, minimum seconds: 86400 1416944541014 GMPInstallManager._getURL INFO Using url: https://aus4.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml 1416944541016 GMPInstallManager._getURL INFO Using url (with replacement): https://aus4.mozilla.org/update/3/GMP/33.1/20141113112934/Linux_x86-gcc3/en-US/default/Linux%203.14.23-100.fc19.i686.PAE%20(GTK%202.24.22)/default/default/update.xml 1416944541017 GMPInstallManager.checkForAddons INFO sending request to: https://aus4.mozilla.org/update/3/GMP/33.1/20141113112934/Linux_x86-gcc3/en-US/default/Linux%203.14.23-100.fc19.i686.PAE%20(GTK%202.24.22)/default/default/update.xml 1416944550873 GMPInstallManager.onLoadXML INFO request completed downloading document 1416944550876 GMPInstallManager.onLoadXML INFO allowNonBuiltIn: false 1416944550886 GMPInstallManager.simpleCheckAndInstall INFO Found 1 addons advertised. 1416944550887 GMPInstallManager.simpleCheckAndInstall INFO Found addon: gmp-gmpopenh264 (isValid: true, isInstalled: false, isOpenH264: true, hashFunction: sha512, hashValue: ef401c8c80f98e2df8942e601ccefb41ba701753ac3b28ca8bfa1830780c27a5a17f488ba689427500555753e332a0849aac82e93ef9178c85b06f6f2d44438f, size: 380918) 1416944570590 GMPInstallManager.simpleCheckAndInstall INFO Addon installed successfully: gmp-gmpopenh264 (isValid: true, isInstalled: true, isOpenH264: true, hashFunction: sha512, hashValue: ef401c8c80f98e2df8942e601ccefb41ba701753ac3b28ca8bfa1830780c27a5a17f488ba689427500555753e332a0849aac82e93ef9178c85b06f6f2d44438f, size: 380918)
Can you please test with a fresh profile? It's possible that you have the download enabled in your recent profile.
same result. $ cfx run Using binary at '/usr/bin/firefox'. (process:7620): GLib-CRITICAL **: g_slice_set_config: assertion `sys_page_size == 0' failed Using profile at '/tmp/tmph5ONsM.mozrunner'. (process:7632): GLib-CRITICAL **: g_slice_set_config: assertion `sys_page_size == 0' failed Fontconfig warning: "/etc/fonts/conf.d/50-user.conf", line 14: reading configurations from ~/.fonts.conf is deprecated. JavaScript strict warning: chrome://global/content/bindings/textbox.xml, line 119: reference to undefined property this.inputField.selectionStart JavaScript strict warning: chrome://browser/content/newtab/newTab.js, line 230: reference to undefined property args[0] 1417036074503 GMPInstallManager.simpleCheckAndInstall INFO Last check was: 1417036075 seconds ago, minimum seconds: 86400 1417036074503 GMPInstallManager._getURL INFO Using url: https://aus4.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml 1417036074504 GMPInstallManager._getURL INFO Using url (with replacement): https://aus4.mozilla.org/update/3/GMP/33.1/20141113112934/Linux_x86-gcc3/en-US/default/Linux%203.14.23-100.fc19.i686.PAE%20(GTK%202.24.22)/default/default/update.xml 1417036074506 GMPInstallManager.checkForAddons INFO sending request to: https://aus4.mozilla.org/update/3/GMP/33.1/20141113112934/Linux_x86-gcc3/en-US/default/Linux%203.14.23-100.fc19.i686.PAE%20(GTK%202.24.22)/default/default/update.xml 1417036077440 GMPInstallManager.onLoadXML INFO request completed downloading document 1417036077441 GMPInstallManager.onLoadXML INFO allowNonBuiltIn: false 1417036077453 GMPInstallManager.simpleCheckAndInstall INFO Found 1 addons advertised. 1417036077453 GMPInstallManager.simpleCheckAndInstall INFO Found addon: gmp-gmpopenh264 (isValid: true, isInstalled: false, isOpenH264: true, hashFunction: sha512, hashValue: ef401c8c80f98e2df8942e601ccefb41ba701753ac3b28ca8bfa1830780c27a5a17f488ba689427500555753e332a0849aac82e93ef9178c85b06f6f2d44438f, size: 380918) 1417036078635 GMPInstallManager.simpleCheckAndInstall INFO Addon installed successfully: gmp-gmpopenh264 (isValid: true, isInstalled: true, isOpenH264: true, hashFunction: sha512, hashValue: ef401c8c80f98e2df8942e601ccefb41ba701753ac3b28ca8bfa1830780c27a5a17f488ba689427500555753e332a0849aac82e93ef9178c85b06f6f2d44438f, size: 380918) Total time: 626.330239 seconds Program terminated successfully.
Is there any upstream ticket for this? I am tempted to create one.
(In reply to Richard Z. from comment #20) > Is there any upstream ticket for this? I am tempted to create one. There is https://bugzilla.mozilla.org/show_bug.cgi?id=1100304 "Cisco's OpenH264 binary blob is downloaded without prompting the user" which I created.
Found https://bugzilla.mozilla.org/show_bug.cgi?id=1044268, seems some more things need to be set: I have added pref("media.gmp-gmpopenh264.autoupdate",false); pref("media.gmp-gmpopenh264.enabled",false); to the previous /usr/lib/firefox/browser/defaults/preferences/firefox-redhat-default-prefs.js and it works as expected now, printing GMPInstallManager.simpleCheckAndInstall INFO Auto-update is off for openh264, aborting check. Apparently the autoupdate still kicked in if the other values were disabled.
Whoever didn't scrub their ~/.mozilla/firefox/*/gmp-gmpopenh264 yet should do it pretty soon: http://tools.cisco.com/security/center/viewAlert.x?alertId=36500
Created attachment 962575 [details] prefs to disable downloading really disable downloading the binary
Thanks!