[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#902634: RFS: flashplugin-nonfree/1:3.7+nmu1 [NMU] [RC] -- Adobe Flash Player - browser plugin

Package: sponsorship-requests
Severity: important
Control: block 851066 by -1
Control: block 889804 by -1

Dear mentors,

I'm looking for a sponsor for an NMU of flashplugin-nonfree, which fixes
some old bugs making the downloader unusable since at least January
2017[1]. The maintainer (Bart Martens) has not responded to that bug at
all, nor has anyone replied to the intent to NMU that I posted last week[2].

This upload includes a patch from Gianluigi Tiesi which removes all
references to Bart's people.debian.org page, which has not seen any
updates during his apparent absence. These include tarball checksum and
GPG verification checks via his site that are *removed* since Adobe
doesn't seem to provide them (instead, they rely on HTTPS).

[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851066
[2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851066;msg=127

At the same time, I've also included changes to fix some trivial but
non-RC bugs[3][4].

[3]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862144
[4]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885119

The source of the package is available at mentors[5] as well as Salsa[6]
- note that the current package in unstable never defined a Vcs, so I'm
only using the latter so far as tracking for these fixes.

[5]: https://mentors.debian.net/package/flashplugin-nonfree
[6]: https://salsa.debian.org/jlu-guest/flashplugin-nonfree/

A debdiff (as of writing) is attached, which should be equivalent to the
Salsa diff
https://salsa.debian.org/jlu-guest/flashplugin-nonfree/compare/f9cdfd78a...master

The RFS info:

 * Package name    : flashplugin-nonfree
   Version         : 1:3.7+nmu1
   Upstream Author : Bart Martens <bartm@debian.org>
 * URL             : http://wiki.debian.org/FlashPlayer
 * License         : GPL-2
   Section         : web

Full changelog:

flashplugin-nonfree (1:3.7+nmu1) unstable; urgency=medium

  * Non-maintainer upload.
  * Remove broken references to https://people.debian.org/~bartm/; patch
from
    Gianluigi Tiesi (Closes: #851066, #889804, #884262)
    - This removes checksum verification of the Flash tarballs and PGP
      validation of get-upstream-version.pl, which were previously
provided by
      that site.
    - It also rewrites the upstream version parsing to fetch from Adobe
      directly.
    - Remaining changes to this patch: don't use --no-check-certificate
      with wget
  * Add Recommends: libwebkit2gtk-4.0-37-gtk2. (Closes: #862144)
  * Remove remaining calls to gpg and the dependency on gnupg.
    (Closes: #885119)

 -- James Lu <james@overdrivenetworks.com>  Fri, 22 Jun 2018 16:27:56 -0700

Best,
James

diff -Nru flashplugin-nonfree-3.7/debian/changelog flashplugin-nonfree-3.7+nmu1/debian/changelog
--- flashplugin-nonfree-3.7/debian/changelog	2016-08-03 22:49:06.000000000 -0700
+++ flashplugin-nonfree-3.7+nmu1/debian/changelog	2018-06-22 16:27:56.000000000 -0700
@@ -1,3 +1,21 @@
+flashplugin-nonfree (1:3.7+nmu1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Remove broken references to https://people.debian.org/~bartm/; patch from
+    Gianluigi Tiesi (Closes: #851066, #889804, #884262)
+    - This removes checksum verification of the Flash tarballs and PGP
+      validation of get-upstream-version.pl, which were previously provided by
+      that site.
+    - It also rewrites the upstream version parsing to fetch from Adobe
+      directly.
+    - Remaining changes to this patch: don't use --no-check-certificate
+      with wget
+  * Add Recommends: libwebkit2gtk-4.0-37-gtk2. (Closes: #862144)
+  * Remove remaining calls to gpg and the dependency on gnupg.
+    (Closes: #885119)
+
+ -- James Lu <james@overdrivenetworks.com>  Fri, 22 Jun 2018 16:27:56 -0700
+
 flashplugin-nonfree (1:3.7) unstable; urgency=medium
 
   * update-flashplugin-nonfree: Delete old cached get-upstream-version.pl.
diff -Nru flashplugin-nonfree-3.7/debian/control flashplugin-nonfree-3.7+nmu1/debian/control
--- flashplugin-nonfree-3.7/debian/control	2016-08-03 22:49:06.000000000 -0700
+++ flashplugin-nonfree-3.7+nmu1/debian/control	2018-06-22 15:45:59.000000000 -0700
@@ -8,7 +8,8 @@
 
 Package: flashplugin-nonfree
 Architecture: i386 amd64
-Depends: debconf | debconf-2.0, wget, gnupg | gnupg2, libatk1.0-0, libcairo2, libfontconfig1, libfreetype6, libgcc1, libglib2.0-0, libgtk2.0-0 (>= 2.14), libnspr4, libnss3, libpango1.0-0, libstdc++6, libx11-6, libxext6, libxt6, libcurl3-gnutls, binutils, ${misc:Depends}, ${shlibs:Depends}
+Depends: debconf | debconf-2.0, wget, libatk1.0-0, libcairo2, libfontconfig1, libfreetype6, libgcc1, libglib2.0-0, libgtk2.0-0 (>= 2.14), libnspr4, libnss3, libpango1.0-0, libstdc++6, libx11-6, libxext6, libxt6, libcurl3-gnutls, binutils, ${misc:Depends}, ${shlibs:Depends}
+Recommends: libwebkit2gtk-4.0-37-gtk2
 Pre-Depends: ca-certificates
 Suggests: iceweasel, firefox-esr, konqueror-nsplugins, ttf-mscorefonts-installer, fonts-dejavu, ttf-xfree86-nonfree, flashplugin-nonfree-extrasound [i386], hal-flash
 Conflicts: flashplugin (<< 6), xfs (<< 1:1.0.1-5), flashplayer-mozilla, libflash-mozplugin
diff -Nru flashplugin-nonfree-3.7/update-flashplugin-nonfree flashplugin-nonfree-3.7+nmu1/update-flashplugin-nonfree
--- flashplugin-nonfree-3.7/update-flashplugin-nonfree	2016-08-03 22:49:06.000000000 -0700
+++ flashplugin-nonfree-3.7+nmu1/update-flashplugin-nonfree	2018-06-22 16:27:56.000000000 -0700
@@ -167,10 +167,6 @@
 wgetalways=' -nd -P . '
 wgetprogress=' -v --progress=dot:default '
 
-[ "$verbose" != "yes" ] || echo "importing public key ..."
-gpg -q --homedir "." --import /usr/lib/flashplugin-nonfree/pubkey.asc > /dev/null 2>&1 \
-	|| die_hard_with_a_cleanup "gpg failed to import /usr/lib/flashplugin-nonfree/pubkey.asc"
-
 get_installed_version() {
 
 	installed=`strings /usr/lib/flashplugin-nonfree/libflashplayer.so 2> /dev/null | grep LNX | cut -d ' ' -f 2 | sed -e "s/,/./g"`
@@ -181,51 +177,10 @@
 	arch_wget=i686
 	[ `dpkg --print-architecture` != "amd64" ] || arch_wget=x86_64
 
-	upstream=""
-
-	if [ -f $cachedir/get-upstream-version.pl ]
-	then
-		if [ "`stat --format=%y $cachedir/get-upstream-version.pl`" \< "2016-08-04 09:35" ]
-		then
-			[ "$verbose" != "yes" ] || echo "deleting old $cachedir/get-upstream-version.pl"
-			rm $cachedir/get-upstream-version.pl
-		fi
-	fi
-
-	if [ -f $cachedir/get-upstream-version.pl ]
-	then
-		cp $cachedir/get-upstream-version.pl .
-		upstream=`perl get-upstream-version.pl $arch_wget 2> /dev/null` || true
-
-		if [ "$upstream" = "" ]
-		then
-			rm -f get-upstream-version.pl
-			rm -f $cachedir/get-upstream-version.pl
-		fi
-	fi
-
-	if [ "$upstream" = "" ]
-	then
-		wgetoptions="$wgetquiet $wgetalways"
-		downloadurl=http://people.debian.org/~bartm/flashplugin-nonfree/D5C0FC14/get-upstream-version.pl.gz.pgp
-
-		HOME=/root \
-		wget $wgetoptions $downloadurl \
-			|| die_hard_with_a_cleanup "wget failed to download $downloadurl"
-
-		gpg -q --homedir "." --verify get-upstream-version.pl.gz.pgp 2> /dev/null \
-			|| die_hard_with_a_cleanup "gpg rejected signature of get-upstream-version.pl.gz.pgp"
-		gpg -q --homedir "." < get-upstream-version.pl.gz.pgp > get-upstream-version.pl.gz 2> /dev/null \
-			|| die_hard_with_a_cleanup "gpg rejected signature of get-upstream-version.pl.gz.pgp"
-
-		gunzip get-upstream-version.pl.gz \
-			|| die_hard_with_a_cleanup "failed to gunzip get-upstream-version.pl.gz"
-
-		upstream=`perl get-upstream-version.pl $arch_wget` \
-			|| die_hard_with_a_cleanup "failed to get upstream version"
-
-		cp get-upstream-version.pl $cachedir
-	fi
+	url="https://get.adobe.com/flashplayer/";
+	upstream=`wget --tries=1 --timeout=15 \
+		--user-agent="Mozilla/5.0 (X11; U; Linux $arch_wget; en-us)" \
+		-nv -qO - $url | perl -n -e'/<strong>Version\s+(\d+\.\d+\.\d+\.\d+)<\/strong>/ && print $1'`
 }
 
 remove_extrafiles() {
@@ -287,30 +242,11 @@
 			[ "$fast" != "yes" ] || wgetoptions="$wgetoptions $wgetfast"
 			[ "$verbose" != "yes" ] || echo "wgetoptions=$wgetoptions"
 
-			downloadfile=fp.$upstream.sha512.i386.pgp.asc
-			[ `dpkg --print-architecture` != "amd64" ] || downloadfile=fp.$upstream.sha512.amd64.pgp.asc
-			downloadurl=http://people.debian.org/~bartm/flashplugin-nonfree/D5C0FC14/$downloadfile
-
-			[ "$verbose" != "yes" ] || echo "downloading $downloadurl ..."
-			HOME=/root \
-			wget $wgetoptions $downloadurl \
-				|| die_hard_with_a_cleanup "wget failed to download $downloadurl"
-
-			[ "$verbose" != "yes" ] || echo "verifying PGP $downloadfile ..."
-			gpg -q --homedir "." --verify $downloadfile 2> /dev/null \
-				|| die_hard_with_a_cleanup "gpg rejected signature of $downloadurl"
-			gpg -q --homedir "." < $downloadfile > checksums.txt 2> /dev/null \
-				|| die_hard_with_a_cleanup "gpg rejected signature of $downloadurl"
-
-			downloadfile=`head -n 1 < checksums.txt | cut -c 131-`
-
-			[ "$verbose" != "yes" ] || [ ! -f $cachedir/$downloadfile ] || echo "copying $cachedir/$downloadfile ..."
-			[ ! -f $cachedir/$downloadfile ] || cp -p $cachedir/$downloadfile .
-			[ "$verbose" != "yes" ] || [ ! -f $downloadfile ] || echo "verifying checksum $downloadfile ..."
-			[ ! -f $downloadfile ] || grep $downloadfile checksums.txt | sha512sum -c - > /dev/null 2>&1 || rm -f $downloadfile
-
-			downloaddir=`tail -n 1 < checksums.txt`
-			downloadurl=$downloaddir/$downloadfile
+			# original script use i686 for arch != amd64 adobe use i386
+			[ "$arch_wget" != "i686" ] || arch_wget=i386
+			downloaddir=$upstream
+			downloadfile=flash_player_npapi_linux.$arch_wget.tar.gz
+			downloadurl=https://fpdownload.adobe.com/get/flashplayer/pdc/$downloaddir/$downloadfile
 
 			wgetoptions="$wgetalways $wgetprogress"
 			[ "$quiet" != "yes" ] || wgetoptions="$wgetquiet $wgetalways"
@@ -323,21 +259,14 @@
 			HOME=/root \
 			wget $wgetoptions $downloadurl \
 				|| die_hard_with_a_cleanup "wget failed to download $downloadurl"
-			[ "$verbose" != "yes" ] || echo "verifying checksum $downloadfile ..."
-			grep tar.gz checksums.txt | sha512sum -c - > /dev/null 2>&1 \
-				|| die_hard_with_a_cleanup "sha512sum rejected $downloadfile"
 			[ "$verbose" != "yes" ] || echo "unpacking $downloadfile ..."
 			tar xozf $downloadfile
-			[ "$verbose" != "yes" ] || echo "verifying checksum contents of $downloadfile ..."
-			head -n 2 < checksums.txt | sha512sum -c - > /dev/null 2>&1 \
-				|| die_hard_with_a_cleanup "sha512sum rejected a part of $downloadfile"
 
 			targetdir=/usr/lib/flashplugin-nonfree
-			libflashplayerdotso=`grep "  .*libflashplayer\.so$" checksums.txt | cut -c 131-`
 
-			[ "$verbose" != "yes" ] || echo "moving $libflashplayerdotso to $targetdir ..."
+			[ "$verbose" != "yes" ] || echo "moving $UNPACKDIR/libflashplayer.so to $targetdir ..."
 			rm -f $targetdir/flashplayer.xpt
-			mv -f $libflashplayerdotso $targetdir
+			mv -f $UNPACKDIR/libflashplayer.so $targetdir
 
 			[ "$verbose" != "yes" ] || echo "setting permissions and ownership of $targetdir/libflashplayer.so ..."
 			chown root:root $targetdir/libflashplayer.so
@@ -449,4 +378,3 @@
 do_cleanup
 
 [ "$verbose" != "yes" ] || echo "end of update-flashplugin-nonfree"
-

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: