Bugzilla – Bug 908597
freshplayerplugin is unsecure, also the newest version!
Last modified: 2014-12-18 14:32:55 UTC
I installed freshplayerplugin from obs://build.opensuse.org/home:scalpel4 and chromium-pepper-flash from obs://build.opensuse.org/home:mik34020. Then I tested with Firefox 34.0.5 in "extras" my plugin, wheter it is actual or not. The result was, that the detected version of shockwaveflash was old and unsecure! "version": "11.9.900.152", in /usr/share/chromium/PepperFlash/manifest.json. So I extracted from google-chrome-stable-39.0.2171.71-1.x86_64.rpm to /opt/google/chrome/Pepperflash the newest version and kopied it into /usr/lib64/chromium. Then I tested again with Firefox 34.0.5 in "extras" my plugin, wheter it is actual or not. The result was again, that the detected version of shockwaveflash was old and unsecure! "version": "11.9.900.152". But in /usr/share/chromium/PepperFlash/manifest.json was now version "version": "15.0.0.239". The Test-side run by adobe showed that the newest version of shockwave-flas was installed. So I tried to compile a new libfreshwrapper-pepperflash.so with git clone https://github.com/i-rinat/freshplayerplugin.git The compilation was easy and brought a new plugin and i copied it into /usr/lib64/browser-plugins. Then I tested again with Firefox 34.0.5 in "extras" my plugin, wheter they are actual or not. The result now was "15.0.0.239"! If there should be an alternative to adobe's old linux-flashplayer it should be a secure one! I'm interested in Your reaction.
this only seem to be in home:user directories currently... security is not looking at those. I am ccing the two users. (FWIW, if its a good idea to have freshplayerplugin in factory it should get submitted.)
Thanks. I did not know, how to come in contact with scalpel4. So I tried this way. The "offical" version comes from packman, so I will try, to send an e-mail to this team.
The packman-point is obsolete.
There are two different systematics for the versionnumbers of chromium-pepper-flash one made by packman and one made by scalpel4. So I became the victim of the Yast-software-update-window. The packman-version seemed to be a very old one, but it wasnt. Sorry for that. But it should be made better, to avoid such misunderstandings.
(In reply to Walther Pelser from comment #4) > There are two different systematics for the versionnumbers of > chromium-pepper-flash one made by packman and one made by scalpel4. So I > became the victim of the Yast-software-update-window. The packman-version > seemed to be a very old one, but it wasnt. Sorry for that. But it should be > made better, to avoid such misunderstandings. Hi Walther, I don't quite understand your problem. freshplayer plugin is being installed into %{_libdir)/browser-plugins and works as a small shim to %{_libdir}/chromium/PepperFlash/libpepflashplayer.so The latter comes from an extra package, e.g. available from packman. The version I build is not being published. My freshplayerplugin package together with packman's chromium-pepper-flash package is definitely working nicely together.
Hallo Michael! Thanks for the answer.! I often use the search-function " /software.opensuse.org/search" to find newer software. There I found a link to home::mik3 4020, when I searched for available packages with "chromium-pepper-flash". This package caused the problems for me, this I had in mind, when I wrote Comment#4. I found your package "freshplayerplugin" at the same way, but there are no problems. It works fine in my Firefox with the packman-package and even with my self-compiled one. (Because the YaST-installation-utility printed that there was a dependency between this two packages, I mentioned them together.) So my comment is for mik3 4020 and I hope he could read it too. And as I wrote before, I didn’t know how to contact him. Your freshplayerplugin should become part of an official repository very soon. It is working better for me than the old npapi-version
I think we found a solution