Bug 195318 - Replace Mozilla with a supported component
Replace Mozilla with a supported component
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: mozilla (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Christopher Aillon
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-14 15:17 EDT by Bojan Smojver
Modified: 2007-11-30 17:11 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-16 06:13:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Bugzilla 209167 None None None Never

  None (edit)
Description Bojan Smojver 2006-06-14 15:17:39 EDT
Description of problem:

Replace Mozilla with XULRunner as per this:

http://www.redhat.com/archives/fedora-devel-list/2006-June/msg00336.html
Comment 1 Matthias Clasen 2006-06-16 19:50:02 EDT
However, XULrunner will not be ready in time for FC6. According to caillon,
the current XULRunner is a "developer preview" and not suitable for shipping.

If we want gecko 1.8 in the fc6 timeframe (and e.g. epiphany and yelp require
it now), then we need to move seamonkey into core.
Comment 2 Bojan Smojver 2006-06-16 21:05:06 EDT
This is not about FC6. This is about FC5.

At present, Mozilla 1.7.13 is unsupported and it contains security holes which
are affecting Epiphany and any other software that depends on it in a supported
version of FC (i.e. version 5). Either Mozilla needs to be patched to remove
security holes or Seamonkey introduced in its place or the whole thing needs to
be replaced with XULRunner
Comment 3 Bojan Smojver 2006-06-16 21:07:38 EDT
Sorry, one other possibility here: Epiphany and other stuff can also be linked
against FF, of course.
Comment 4 david avery 2006-06-17 01:57:25 EDT
(In reply to comment #3)
> Sorry, one other possibility here: Epiphany and other stuff can also be linked
> against FF, of course.

FF is static linked , and so cannot be linked against
Comment 5 Callum Lerwick 2006-06-17 04:22:43 EDT
Epiphany and Galeon and such support linking against Firefox, so clearly it is
possible. The fedora firefox package is missing a firefox-devel sub package...
Comment 6 Bojan Smojver 2006-06-17 05:36:29 EDT
Regarding comment #4: Even if that's true, it can surely be changed.
Comment 7 Leszek Matok 2006-06-17 06:26:03 EDT
If Bugzilla is a democracy, let me just make my vote and say I'm going to
install SeaMonkey anyhow. Can't it be done for both FF and SeaMonkey to be in
core and provide Gecko to other packages? Both FF 1.5 and SM 1.0 have Gecko 1.8,
both FF 2.0 and SM 1.5 will have Gecko 1.9.

Right now I have Mozilla and SeaMonkey (funny, isn't it?) on my FC5, because
stuff "depend" on Mozilla (but I use most of it with SeaMonkey 1.5a anyhow).
Comment 8 Bojan Smojver 2006-06-18 21:13:26 EDT
Change the summary to reflect the actual request.
Comment 9 Kevin Kofler 2006-06-21 00:02:32 EDT
Firefox is definitely not statically linked in Fedora, try:
ldd /usr/lib/firefox-1.5.0.4/firefox-bin
(/usr/bin/firefox is just a shell script.)
Comment 10 Kai Engert (:kaie) 2006-06-23 18:55:04 EDT
(In reply to comment #7)
> Both FF 1.5 and SM 1.0 have Gecko 1.8,

correct

> both FF 2.0 and SM 1.5 will have Gecko 1.9.

my understanding of current mozilla.org plans, which might be wrong and might
change, is:

FF 2.0 and SM 1.1 will be Gecko 1.8.1

some time in the future FF 3 and SM 1.5 will be Gecko 1.9

> Right now I have Mozilla and SeaMonkey (funny, isn't it?) on my FC5, because
> stuff "depend" on Mozilla (but I use most of it with SeaMonkey 1.5a anyhow).

I think the difficult part is, that Mozilla 1.7.x packages provide the "runtime"
GRE that other apps embed.
When I created the SM package for FE I did not include GRE, because it would
conflict with the one in 1.7.x, and I don't know whether the 1.8 APIs are still
compatible with the 1.7 ones.
Comment 11 Bojan Smojver 2006-06-23 20:58:48 EDT
In relation to this from comment #10:

> When I created the SM package for FE I did not include GRE, because it would
conflict with the one in 1.7.x, and I don't know whether the 1.8 APIs are still
compatible with the 1.7 ones.

This is all well and good, but FC5 is still supported and it will be for some
time. Therefore, all those apps that depend on Mozilla (which is currently
unpatched and contains known security issues) should either be linked against
something else or dropped as unsupported.

Epiphany can be built against FF, according to the authors. As for the rest, I
guess the only way to find out is to read the docs and then try it.

It has now been over 3 weeks since all those security issues have been
disclosed. Time to make some decisions...
Comment 12 Bojan Smojver 2006-06-23 22:36:06 EDT
The whole thing is going to affect RHEL as well, so it's going to be interesting
to see which direction is that going to take...
Comment 13 David Eisenstein 2006-06-24 10:30:58 EDT
My understanding is that Christopher Aillon has been working with a 
community of developers to create backported patches for Mozilla-1.7.13,
because this is the Mozilla used in Red Hat Enterprise Linux at present.
(See Bug #193906.)  I would not doubt that once packages are available
there for 1.7.13, that around the same time, 1.7.13 packages would also
be available for Fedora Core.

My understanding is also that since the Mozilla-1.7.x series is no longer
supported by the Mozilla Foundation, but Seamonkey is being supported as
an app that would appear to have the same features as Mozilla, that RHEL
is moving towards Seamonkey down the road.

I am not sure what the plans are for Fedora Core, but I would imagine that
they would be parallel or similar, since RHEL and Fedora Core have many of
the same developers.

For a some more information, see the discussion thread starting here, in
the fedora-security-list@redhat.com archives:
<http://www.redhat.com/archives/fedora-security-list/2006-June/thread.html#00022>.

Hope this helps.   -David

Comment 14 Bojan Smojver 2006-06-25 19:55:16 EDT
If Christopher is working on patches for 1.7.13, then he can close this bug as
WONTFIX or mark it as duplicate of bug #193906.
Comment 15 Christopher Aillon 2006-07-05 13:59:12 EDT
It is not wontfix and it is not a duplicate of the aforementioned bug.
Comment 16 Michal Jaegermann 2006-08-25 12:49:34 EDT
> It is not wontfix and it is not a duplicate ...

Hm, I for one lost a patience a while ago and replaced mozilla on FC5
with a seamonkey-1.0.4 with a spec file derived from the one used in
updates to RHEL4.  Edits boil down to a emoval of nss and nspr subpackages
and changing a configuration to --with-system-nss and --with-system-nspr.
As opposed to seamonkey packages from extras what I recompiled _replaces_
mozilla packages, and provides various "mozilla..." things, instead of
beeing installable side-by-side.  This clearly requires recompilation
of some other packages (yelp, devhelp, ...), so some libraries in different
locations can be found, but this was not an issue.

FWIW I am running like that for some time and I do not see so far
any ill-effects.  Not informed about the change other users failed to
notice anything unusual. :-)

BTW - doing the same for older distributions, like FC4, requires even
less changes in a spec file.
Comment 17 Bojan Smojver 2006-11-08 21:00:57 EST
I lost track of this. Is the update for FC5 now Seamonkey from Extras?
Comment 18 Michal Jaegermann 2006-11-09 00:54:17 EST
> Is the update for FC5 now Seamonkey from Extras?

Nope. Seamonkey has to be recompiled in the same manner, in principle,
as packages from RHEL to provide, among other things, an executable
called "mozilla" and also mozilla, with a suitably high version, in
"Provides" or various things will break.

Also other packages have to be recompiled as they use mozilla (seamonkey)
supplied libraries.  For sure yelp and devhelp and also, I think,
thunderbird and epiphany.  Probably this is complete list.  In FC6 those
programs depend on 'firefox' instead.

You can surely use seamonkey from extras as a browser instead of your
current mozilla.
Comment 19 David Eisenstein 2006-12-18 16:50:15 EST
I may be trying to compile Seamonkey-1.0.6 for FC5 in the i386 arch.  Is
anyone interested in the output of that?  I could try and post it somewhere
if folks are interested....
Comment 20 Jairo Medina 2007-01-07 08:51:34 EST
Looks like the replacement went ahead, but now seamonkey has disapeared from
FC5, user not knowing what to do can't use seamonkey anymore.

I would think that since seamonkey is replacing mozilla, there should have been
links created or something for mozilla but leaving seamonkey alone.

In my particular case, my seamonkey icons in all my users desktops no longer
work, I had to manually install the other components (mozilla-mail and
mozilla-chat) and now my mail no longer shows anything, no folders no e-mail
accounts, nothing.

I would say this was a bad decision.

Leave seamonkey the way it was before and add new mozilla packages that just
need seamonkey and that create links or something.
Comment 21 David Eisenstein 2007-01-16 06:13:52 EST
It appears that the action has taken place that this bug report requested,
with the release of seamonkey-1.0.7-0.6.fc5, which happened on January 5th --
see Bug #219365 and also the release note by Martin Stransky to the fedora-
package-announce mailing list:
<http://www.redhat.com/archives/fedora-package-announce/2007-January/msg00024.html>.

Although the above announcement doesn't explicitly say it, my impression
is that seamonkey-1.0.7-0.6.fc5 is a mozilla *replacement* and overrides
the FC5 seamonkey that had been maintained in Fedora Extras by Kai Engert.

Note to Jairo:  If you are still having the problem you note in comment #20
of this bug report, I recommend you file a new bug against Seamonkey for
product "Fedora Core"/FC5, when the new "seamonkey" component is available
in Bugzilla to file a bug report against.  (See Bug #222811).

Closing this bug report ERRATA.

Note You need to log in before you can comment on or make changes to this bug.