Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

flashplayer: 11.2.202.644 -> 24.0.0.186 [Critical security fix] #21337

Merged
merged 3 commits into from Dec 25, 2016
Merged

flashplayer: 11.2.202.644 -> 24.0.0.186 [Critical security fix] #21337

merged 3 commits into from Dec 25, 2016

Conversation

taku0
Copy link
Contributor

@taku0 taku0 commented Dec 21, 2016

Motivation for this change

Critical security fix:
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

The version leaped from 11 to 24.

Things done
  • Tested using sandboxing
    (nix.useSandbox on NixOS,
    or option build-use-sandbox in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

Tested x86_64 version:

Issues:

  • Should we keep the version 11?
  • Is mm.cfg still effective?
  • How to use kcm_adobe_flash_player.so?

@grahamc
Copy link
Member

grahamc commented Dec 21, 2016

I don't know about mm.cfg or kcm_... but we probably shouldn't keep 11 around. Do we need to solve any problems before this gets merged and backported?

@taku0
Copy link
Contributor Author

taku0 commented Dec 21, 2016

As far as I know, it works without any problems. I didn't test advanced features like protected video or video chat.

@grahamc
Copy link
Member

grahamc commented Dec 22, 2016

Sorry for taking so long, @taku0. I'd like to merge this. I think we should delete _11 support, though. Can you test if flashplayer-standalone and the debugger support 24 ok? If yes, I'll merge and backport immediately.

@taku0
Copy link
Contributor Author

taku0 commented Dec 22, 2016

@grahamc added debug versions and standalone versions. The standalone versions are now 64 bit rather than 32 bit.

Bad news: the source URLs of debug versions and standalone versions don't contain version numbers (e.g. https://fpdownload.macromedia.com/pub/flashplayer/updaters/24/flash_player_npapi_linux_debug.x86_64.tar.gz), so that the packages will be broken when Adobe updates the archive files.
Minor problem: standalone versions crash with unhandled SIGSEGV when quitting. For other normal operations, it works fine.

We can merge them anyway.

@zimbatm
Copy link
Member

zimbatm commented Dec 25, 2016
edited

I'm going to remove the flashplayer-11 folder in a subsequent commit

EDIT: see a623ada

@zimbatm zimbatm merged commit f3287b0 into NixOS:master Dec 25, 2016
@vcunat
Copy link
Member

vcunat commented Dec 25, 2016

I assume you've found no reason not to have this in 16.09 as well?

@grahamc
Copy link
Member

grahamc commented Dec 25, 2016 via email

vcunat pushed a commit that referenced this pull request Dec 25, 2016
@taku0 @vcunat
flashplayer: 11.2.202.644 -> 24.0.0.186 [Critical security fix] (#21337)
0042823 
* flashplayer: 11.2.202.644 -> 24.0.0.186

* flashplayer: add debug version

* flashplayer-standalone: 11.2.202.644 -> 24.0.0.186

(cherry picked from commit f3287b0)
@vcunat
Copy link
Member

vcunat commented Dec 25, 2016

Tested on 16.09 on some video and game, and pushed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zimbatm zimbatm zimbatm approved these changes

Assignees
No one assigned
Labels
1.severity: security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@taku0 @grahamc @zimbatm @vcunat