Why does Firefox stuck in version 84 in Rock?

Hello,

Is there any reason to keep old firefox on Rock channel? Is it secure?
If upgrading firefox is a burden for dev team then why not providing firefox-esr?

Yes.

I don’t know for sure but I would expect that it is less secure.

That is a good question. I’ll bring that up with devs on OM Cooker IRC channel. You and other users can also do this. The more people that ask the more likely something will change.

@travis-82 I’ll try for a bit more explanation for the Firefox situation in OpenMandriva Lx. The following is as I, not a developer, understand things.

@travis-82 I do think the suggestion for OM to use FF ESR releases for Rock is a good one. I did pass that on on OM Cooker IRC channel.

By design OpenMandriva’s stable release, Rock, does not get a lot of updates. That is because once we release it we freeze the tool-chain and system packages except in rare circumstances related to security issues. We used to be able to do better keeping FF and Thunderbird and a few others up to date. Now that is more difficult since Mozilla went to using Cargo/Rust as the language for FF and TBird. There is usually a new version of Cargo/Rust for each new version of FF. Cargo/Rust are a lot of packages, a ton of work, and aren’t used for much of anything else. Also updating them depends on their working with existing compiler and other software which are not updated for Rock. The result is this soon gets to a point where we can’t upgrade Cargo/Rust so FF and TBird versions get stuck in Rock until next release.

If you were to use our Rolling release Firefox 94 is available and Firefox 95 is in main/testing repo so users are welcome and encouraged to try FF 95. Rolling is a better choice for users that attach more importance to more up to date software. I believe it is fair and accurate to say that OM Rolling release has been very stable. OM Lx Rolling is currently also OM Lx 4.3. Rolling is still technically in an experimental stage but that is only because we have not announced it “Officially” yet. My understanding is that the “Official” announcement for Rolling will happen sometime soon after we release OM Lx 4.3 to Rock users.

Rock is purposely designed for users that don’t like so much change and prefer stability over having the latest software.

We have had numerous reports of problems with crashes, and extensions not working with FF 93, 94, and 95. This applies to both packages from Mozilla web site and OM FF packages for whatever that tells us and devs. For me OM FF 95 is working OK so far. For me FF 93 worked OK also, but FF 94 crashed if I tried to open more than two tabs. But it is a fact that other folks in contributor group have had more trouble with these FF versions than I have had.

We have not had any reports of security issues with FF 84 but technically new releases should be more secure.

Edit: It is also true that what OM contributors, developers, ect. are able to do is impacted by our being a small group of all volunteer, part-time, and unpaid folks. The way OM Lx stuff works is if something needs doing someone in the OM Community steps up and does it. If no one steps up to do a given thing then that thing does not get done. Volunteers are welcome.

1 Like

Any user wanting to try Rolling? First it is always better to do a fresh install if you can. Latest Rolling ISO’s are here.

There is an excellent how to for upgrading a Lx 4.2 system to Rolling here. And a shorter how to (for more expert users) here.

@ben79
Thank you for the gentle explanation.

I understand the rationale behind rare updates in Rock. But I think internet browser is a key part of an OS and keeping outdated/insecure browser in repository will put the users in high risk.
Unfortunately I don’t have enough time and knowledge to contribute to packaging team. Also I don’t like to migrate to Rolling as I prefer stability over bleeding edge.
Fortunately nowadays there are some workaround to overcome this issue and small repository of OM. Appimage, nix packages and Bedrock are some methods to obtain packages outside OM repository. However, There is still a warning for dev team, If you can’t or don’t want keep firefox updated then remove it from Rock channel or provide firefox-esr which is a stable release with backported security patches from Mozilla. It needs to regularly updated though, but I don’t think the updating process needs upgrading all of firefox dependencies.

Cheers

Edit: I forgot to mention that I’m using OM because it’s the fastest and cleanest Plasma based distro around. Also it work flawlessly with nouveau which is essential for my work.

I have a multi-boot setup with partitions containing OM Lx Cooker, Rolling, and Rock/Lx 4.2. So I can chose what to use for work.

I am concerned about security also. I am much more concerned about things like ancient kernel and microcode and other system packages than a browser. I only use my OM Lx 4.2 partition for testing and chasing down user problems because of this. I use either Cooker or Rolling for all other work. Cooker is not recommended for average users because there are times when things get broken by the work developers do. To me Rolling is light years a better choice for security overall. Rolling is my “go to” system for work. And it is stable otherwise I would not make this choice.

To be clear, upgrading Firefox for OM Lx 4.2 is a burden but that is not why this does not happen. It simply is not possible due to changes Mozilla has made. If you want to know more about this you need to talk to OpenMandriva developers.

I tried Firefox 91.4 esr in OM Lx 4.2 and it segfaults:

$ /opt/firefox/firefox
Segmentation fault (core dumped)

The previous version of Firefox esr is 78.0 but I have not been able to find where they keep it. If you can find that you can install it easily if you believe that would be better. I will test whether FF 91.4 esr will work in OM Lx 4.3 but I am fairly sure it will. So perhaps we should put in our release notes for users with such concerns that they install the latest FF esr version when the install or upgrade to Lx 4.3? (Meaning install from Mozilla web site for now.)

If you want to change what OpenMandriva developers are doing with Rock you need to talk to them. They are in the OpenMandriva Cooker channel on IRC.

Found FF 78.0 esr here.

So far this does not seem like a good idea. Can’t sign in to FF sync, incessant messages to upgrade to newer version of FF and so forth. But you may have the patience to figure out how to get this to work. I do not.

Looks like this will work just fine in Rolling/OM Lx 4.3 so something for the future for users that need or want this. Of course if you are already using Rolling then the future is now. Edit: Working in Cooker as well.

I downloaded the Linux package from the Firefox page, unzipped it and I have the latest version. There is also the Flatpak version.

I’m running latest Firefox from Arch repo on top of OM thanks to Bedrock technology. :wink:

Thanks @carlosigls . After seeing your post I did some more work and I have Firefox 95 and Firefox ESR 91.4 working in OM Lx 4.2 znver1 hardware system.

My segfault was related to graphics, I was using amdgpu driver for my GPU. When I switched to radeon driver then FF 95 and FF ESR 91.4 work. If it helps anyone else this is my GPU info currently:

$ inxi -G
Graphics:  Device-1: Advanced Micro Devices [AMD/ATI] Oland PRO [Radeon R7 240/340] driver: radeon v: kernel 
           Display: x11 server: OpenMandriva X.org 1.20.10 driver: loaded: ati,radeon unloaded: fbdev,modesetting,vesa 
           resolution: 1920x1080~60Hz 
           OpenGL: renderer: AMD OLAND (DRM 2.50.0 5.11.12-desktop-1omv4002 LLVM 11.0.1) v: 4.5 Mesa 20.3.4

I would recommend this for users of Rock. Use the Firefox Linux package from Mozilla. OM devs will try to keep FF up to date after OM Lx 4.3 is released, (soon I hope), But past experience tells us that at some point they will lose the ability to keep this up to date. Firefox RR (Rapid Release) is the “regular” version of Firefox. FF RR is designed to be updated frequently, so for security reasons it is important to keep it up to date. Alternatively users could use Firefox ESR (Extended Support Release) which does not get the feature updates but does get the security updates.

Thanks to @travis-82 for bringing up this issue which has bothered me for sometime. And thanks to @travis-82 and @carlosigls for the suggestions.

1 Like

You’re welcome, but I think you should put the ESR for the Rock version, it is updated less. And if they don’t want the ESR they can install according to the methods I said.

If users go here and tell developers to package the Firefox ESR version for Rock maybe this will change. It does seem like a good idea to me. If I am the only person asking on IRC that won’t have much impact with devs.

Users could also make a favorable comment in the package request bug report.

OpenMandriva is a Community distribution of Linux with no paid employees. It should not be to much to ask for people in the Community to speak up where it will have an impact. I am specifically asking if people would say something both on OpenMandriva IRC channel and in the package request bug report. A simple “I want this” or “This is really necessary” or similar statements would be very helpful.

1 Like

I’m not sure if it’s the best place to suggest this, mayb I’m too much off topic, but would not SeaMonkey be an alternative to FF ESR, easier to maintain?