LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

October 2011

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS October 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Flash plugin
From:	jdow <[log in to unmask]>
Reply To:	jdow <[log in to unmask]>
Date:	Thu, 6 Oct 2011 21:06:05 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (106 lines)

On 2011/10/06 17:22, Yasha Karant wrote:
> On 10/06/2011 04:37 PM, Dag Wieers wrote:
>> On Thu, 6 Oct 2011, Yasha Karant wrote:
>>
>>> On 10/06/2011 04:19 PM, Dag Wieers wrote:
>>>> On Thu, 6 Oct 2011, Dr Andrew C Aitchison wrote:
>>>>
>>>> > On Thu, 6 Oct 2011, Dag Wieers wrote:
>>>> > > On Thu, 6 Oct 2011, Dr Andrew C Aitchison wrote:
>>>> > > > On Thu, 6 Oct 2011, Dag Wieers wrote:
>>>> > > > > > RPMforge provides already the (beta) 64bit flash-plugin, so
>>>> > > there's > > no
>>>> > > > > need to wait for it. In this case the 64bit is installed, so
>>>> > > there is > > no
>>>> > > > > reason to install the 32bit. Unless you want to replace the
>>>> 64bit
>>>> > > by > > the
>>>> > > > > 32bit.
>>>> > > > > Hmm. Unless I am using an out of date mirror RPMforge has
>>>> > > > flash-plugin.x86_64 11.0.1.129-0.1.el6.rf rpmforge
>>>> > > > > whereas the adobe-linux-i386 repo has
>>>> > > > flash-plugin.i386 11.0.1.152-release @adobe-linux-i386
>>>> > > > (Build Date: Sat 24 Sep 2011 02:45:27 AM BST).
>>>> > > > > So, why would one replace a 64bit flash-plugin with a 32bit
>>>> one ?
>>>> > > Not so much that I want to - rather that the 32 bit adobe repo was
>>>> > already enabled from when the machine was running SL5 and I have
>>>> > only now looked for the adobe-linux-x86_64 repo.
>>>> > > My real point was that the rpmforge plugin is presumably out of
>>>> > date if the adobe repo has a newer plugin with a higher release
>>>> number.
>>>>
>>>> It's quite hard to release before Adobe.
>>>>
>>>
>>> I realise that except for the Fermilab/CERN staff persons, almost all
>>> of the rest of those maintaining material for SL are unpaid
>>> volunteers. With that stated, what is the
>>> typical/average/median/whatever delay from the Adobe release until the
>>> SL compatible port for the flash plugin?
>>>
>>> In some cases, Adobe adds functionality -- but in most cases it is a
>>> matter of bug and security-hole fixes -- and the sooner one installs a
>>> valid security fix, the better.
>>
>> Do you have proof that this is a security fix. Because I track the RHEL
>> packages and no such update has come through their channels. It seems as
>> if the release was simply their official Flash Player 11 release, rather
>> than a security fix.
>>
>> If it is a security fix, even Red Hat is behind. Somehow I don't believe
>> that, but for you to provide proof of what you state. Thanks.
>>
>
> I use the direct Mozilla (and OpenOffice) distributions and updates. For Firefox
> 7.x (that the Firefox update on Help --> About Firefox reports as up to date), I
> ran an update check on the addons, including plugins using Tools --> Add ons and
> URL https://www.mozilla.org/en-US/plugincheck/ and the following was displayed:
>
> Vulnerable plugins:
> Plugin Icon
> Shockwave Flash
> Shockwave Flash 11.0 r1 Vulnerable (more info)
>
> (11.0.1.129 is what actually is installed)
>
> Thus, although I have been unable to find the vulnerability list (for some
> reason, more info does not give the details but just does nothing), Mozilla
> identifies this plugin as "vulnerable", presumably a security issue.
>
> As a test, I will reload the plugin just in case there is a problem with the
> Mozilla identification and the "vulnerable" warning goes away.
>
> Just did that:
>
> Shockwave Flash
> Shockwave Flash 11.0 r1 11.0.1.0 is now "up to date"
>
> and the actual package was:
>
> flash-plugin-11.0.1.152-release.i386.rpm from macromedia.com
>
> As a test, I restarted Firefox and went to
> http://www.adobe.com/software/flash/about/ that responded that the current Flash
> plugin is functioning ("You have version 11,0,1,152 installed" was displayed).
> Note that I am running IA-32 Firefox on SL 6.1 X86-64, with all necessary
> compatibility (IA-32) libraries installed in a different path than the X86-64
> libraries.
>
> (As to the other respondent, I have read and am familiar with TUV policy in
> https://access.redhat.com/security/updates/backporting/ . I do not necessarily
> agree with this policy.)
>
> Yasha Karant
>

The downside of that direct approach is that the world gets messy when you want
to move to 7 someday. The direct applications of FireFox and Flash might cause
some form of update conflict you'd get to resolve.

Thanks to the person who mentioned the adobe x86_64 repo. I simply copied the
.i386 file and judiciously renamed a couple lines in the new file. Works fine.
I didn't find one when I looked for it.

{^_-}   Joanne

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV