Summary: | emerging mozilla-firefox-bin-1.0.1 does not update firefox to 1.0.1 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | James Bowlin <bowlin> |
Component: | GLSA Errors | Assignee: | Gentoo Security <security> |
Status: | RESOLVED WORKSFORME | ||
Severity: | critical | CC: | mozilla |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
James Bowlin
2005-03-05 08:50:15 UTC
I fixed the problem on my system by doing the following: # emerge -c mozilla-firefox-bin # mv /usr/lib/MozillaFirefox /usr/lib/old.MozillaFire # rm /usr/bin/firefox* # emerge mozilla-firefox-bin Strange... Theorically it downloads and installs the right version... Can someone else reproduce that ? CCing Mozilla team WORKSFORME here Jim, mozilla-firefox-bin wont touch any files in /usr/lib, it installs to /opt, so i guess you had installed mozilla-firefox... Yes, you are right. I had forgotten that I did install mozilla-firefox. I first installed mozilla-firefox-bin-1.0 but then something didn't work right, maybe Java support or something. So I had to fiddle with some USE flags and then I emerged the source code version of firefox. Clearly there is some pilot error here, which is good in the sense that only people who emerge the bin 1.0.1 version with the source code 1.0 version already installed will have this problem. But isn't it still a problem? Should portage require that the user have a perfect memory of all of the packages that have been emerged and the implications these previous packages have on the new packages? I don't think it is right for portage to tell me that the binary of version 1.0.1 is installed and then silently fail to actually upgrade the version of firefox I am using. Wouldn't it be better to either a) actually update the firefox I use or b) give me a warning telling me why it didn't do the update? Probably, but it's no longer a security issue :) Please file another bug (assigned to mozilla team) if you think mozilla-firefox-bin should block mozilla-firefox more effectively. |