http://labs.adobe.com/downloads/flashplayer10.html does not seem to be linked to publication of a new "version"; so, it's likely we will need to create a new ebuild, based on http://labs.adobe.com/technologies/flashplayer10/ Thanks.
Would this be in fact a security bug? See, http://lwn.net/Articles/404947/
(In reply to comment #1) > Would this be in fact a security bug? See, http://lwn.net/Articles/404947/ > There is no indication that this release fixes the issues.
Alex: there is - Firefox shows this as Flash 10.2 d161 (no idea about d161 part). BTW. From my quick tests it looks like it's working quite nicely, no errors/crashes/issues so far :)
(In reply to comment #3) > Alex: there is - Firefox shows this as Flash 10.2 d161 (no idea about d161 > part). It's a 10.2 alpha/beta, okay. That doesn't mean that it contains the fix. Adobe have targeted next week for the 10.1 update. If they had the fix in that 10.2 version, why does it take them another week to get it to 10.1? In the event you can find any hard evidence, for instance in an Adobe Advisory, or on Adobe Product Security's blog, please CC security@ again.
from Adobe: > Please uninstall any previous versions of Flash Player before installing this prerelease build So, assuming you will name the ebuild www-plugins/adobe-flash-square, it must block, and be uncompatible with www-plugins/adobe-flash, but still provide flash. Likely we will need to create a virtual ebuild (like for Java).
(In reply to comment #5) > from Adobe: > > Please uninstall any previous versions of Flash Player before installing this prerelease build "emerge -C" will take care of that, what does renaming ebuild has anything to do with this?
We will need two different ebuilds, to let people choose between legacy Flash, and Square taste. Thus, we need them to exclude each other.
(In reply to comment #7) > We will need two different ebuilds, to let people choose between legacy Flash, > and Square taste. Thus, we need them to exclude each other. > umm no .... square is nothing but the codename, it will be drop'd when official release is made.
I have read as much docs as i could: - square is an independant product; so, it can not be installed under the Gentoo name www-plugins/adobe-flash - is must be mutual exclusive with www-plugins/adobe-flash - it requires >=Firefox-3 and >=seamonkey-1.11 http://www.adobe.com/products/flashplayer/systemreqs/index.html - it provides the same functions as the previous releases (at least, this first Square-091510 - wonder why they did not call it 100915 ... - provides the same features as all preceding releases; but futurs squares may not contain features that will be introduced in "in the mean time" releases). - it is some how, a "new start"; so, there is no diff, or change log comparing it to older "releases". Thus, there is no official information about any security concern. This is sad, but i did not find anything. Distribution and licensing problems are explained here: http://www.adobe.com/products/players/fpsh_distribution1.html We need to join the forum to ask about security: http://forums.adobe.com/community/webplayers/flash_player Jory: the tarball name flashplayer_square_p1_64bit_linux_091510 ... really let think that there may be other"versions" of square. See how they published several different 10.1 ... all web pages only refer to 10.1 when actually there have been three different ones ... so, i will answer you: the code name 10.1 had several releases.
full stop with the non sensical bugspam, please. software gets rewritten, people learn to live with it. adobe clearly wont maintain 2 branches of flash for a long time, plus we have SLOTs if required. so I expect next message to be 'resolved, fixed' when the maintainer has time do to it. :)
*** Bug 337581 has been marked as a duplicate of this bug. ***
IMHO, I would consider this a security bug, as it would allow non-multilib users to upgrade from the old, masked, Flash 10.0 release. Also, just to clear up a few things (@ DoubleHP): * The full version is 10.2.161.22 (i.e. 10.2 d161) See: http://www.adobe.com/software/flash/about/ * 091510 (in the file name) is the build release date (09/15/2010) * "Square" is the release code name. Every major version since Flash 6 has had one. In fact, the major releases of most software has one. * AFAIK, Adobe has always recommended uninstalling old versions of Flash before installing new versions. So no change there.
like I said, no need to bugspam here... it's all very clear. thank you. patience is virtue.
Actually I do not really understand why it is a problem for x86. You just can mask it in the x86 profile, under profiles/arch/x86/package.mask or you can mask it in profiles/package.mask and unmask it in the amd64 profile under profiles/arch/amd64/package.mask like they did with the kde version 4.5.1?
How many times I have to repeat it. There is no futher discussion required here. This is not a discussion forum. Stop the useless bugspam. The bump will happen properly soon as the maintainer has the time. If you feel necessary to discuss about it, use: http://forums.gentoo.org/viewtopic-t-844769-highlight-.html
Created attachment 247719 [details] www-plugins/adobe-flash-10.2.161.22.ebuild ebuild, based upon the last 64bit/32bit ebuild that existed and tweaked for Adobe's version numbering
I guess the reference to a specific vulnerability should be removed from the new ebuild. A general warning about Flash's poor security history could be appropriate, though.
Thanks, Jim, for getting an ebuild in portage. Just as a reminder, the amd64 no-multilib profile needs to be updated so it doesn't block 10.2+.
Please bump so we dont need plugin wrapper anymore. Hope "square" support will be os-indipendend and will not cease for x64 archs anymore.
Jim committed the ebuilds, and I've just fixed the profiles so 10.2 is unmasked on 64bit native. The bug should be closed now, I guess. So proceeding.
