Package: firefox
Version: 62.0.3-1
Severity: serious
Justification: Policy ยง2.2.1
Mozilla changed the config options for the openh264 codec. The option
listed in /etc/firefox/firefox.fs (media.gmp-gmpopenh264.enabled) seems
to be no longer in use, instead about:config now lists the options
media.gmp-provider.enabled
media.gmp.decoder.enabled
media.gmp-widevinecdm.enabled
media.gmp.trial-create.enabled
And in addition to libgmpopenh264.so it also downloads and installs into
~/.mozilla a libwidevinecdm.so binary. Its license (contained in the
zip-archive from which it gets installed) reads
> "Google Inc. and its affiliates ("Google") own all legal right, title and
> interest in and to the content decryption module software ("Software") and
> related documentation, including any intellectual property rights in the
> Software. You may not use, modify, sell, or otherwise distribute the Software
> without a separate license agreement with Google. The Software is not open
> source software.
>
> If you are interested in licensing the Software, please contact
> widev...@google.com.
Cf. bug #769716 i believe these automated downloads should be disabled by
default in debian packages.
Thx
-- Package-specific info:
-- Addons package information
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (800, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.4-echse20181124 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages firefox depends on:
ii debianutils 4.8.6
ii fontconfig 2.13.1-2
ii libasound2 1.1.7-1+b1
ii libatk1.0-0 2.30.0-1
ii libc6 2.28-1
ii libcairo-gobject2 1.16.0-1
ii libcairo2 1.16.0-1
ii libdbus-1-3 1.12.10-1
ii libdbus-glib-1-2 0.110-3
ii libevent-2.1-6 2.1.8-stable-4
ii libffi6 3.2.1-9
ii libfontconfig1 2.13.1-2
ii libfreetype6 2.9.1-3
ii libgcc1 1:8.2.0-10
ii libgdk-pixbuf2.0-0 2.38.0+dfsg-6
ii libglib2.0-0 2.58.1-2
ii libgtk-3-0 3.24.1-2
ii libjsoncpp1 1.7.4-3
ii libnspr4 2:4.20-1
ii libnss3 2:3.40-1
ii libpango-1.0-0 1.42.4-4
ii libsqlite3-0 3.26.0-1
ii libstartup-notification0 0.12-5
ii libstdc++6 8.2.0-10
ii libvpx5 1.7.0-3
ii libx11-6 2:1.6.7-1
ii libx11-xcb1 2:1.6.7-1
ii libxcb-shm0 1.13.1-1
ii libxcb1 1.13.1-1
ii libxcomposite1 1:0.4.4-2
ii libxdamage1 1:1.1.4-3
ii libxext6 2:1.3.3-1+b2
ii libxfixes3 1:5.0.3-1
ii libxrender1 1:0.9.10-1
ii libxt6 1:1.1.5-1
ii procps 2:3.3.15-2
ii zlib1g 1:1.2.11.dfsg-1
Versions of packages firefox recommends:
ii libavcodec58 7:4.0.3-1
Versions of packages firefox suggests:
ii fonts-lmodern 2.004.5-5
ii fonts-stix [otf-stix] 1.1.1-4
ii libcanberra0 0.30-6
ii libgssapi-krb5-2 1.16.1-1
ii libgtk2.0-0 2.24.32-3
ii pulseaudio 12.2-2
-- no debconf information
-- debsums errors found:
debsums: package firefox is not installed
