Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 754192 - www-plugins/adobe-flash EOL, last rites
Summary: www-plugins/adobe-flash EOL, last rites
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Desktop Misc. Team
URL:
Whiteboard:
Keywords: PMASKED
Depends on:
Blocks:
 
Reported: 2020-11-12 20:27 UTC by Jonas Stein
Modified: 2021-01-03 12:38 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jonas Stein gentoo-dev 2020-11-12 20:27:34 UTC
https://www.adobe.com/ee/products/flashplayer/end-of-life.html#

"As previously announced in July 2017, Adobe will stop distributing and updating Flash Player after December 31, 2020 (“EOL Date”)"
Comment 1 Larry the Git Cow gentoo-dev 2020-11-12 20:35:43 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2f9d7cd5b01a8e7169f22c1bc230dcf5da62f0cd

commit 2f9d7cd5b01a8e7169f22c1bc230dcf5da62f0cd
Author:     Jonas Stein <jstein@gentoo.org>
AuthorDate: 2020-11-12 20:32:02 +0000
Commit:     Jonas Stein <jstein@gentoo.org>
CommitDate: 2020-11-12 20:35:10 +0000

    profiles: Last rites for www-plugins/adobe-flash
    
    https://www.adobe.com/ee/products/flashplayer/end-of-life.html#
    
    "As previously announced in July 2017, Adobe will stop distributing and
    updating Flash Player after December 31, 2020 (“EOL Date”)"
    
    Bug: https://bugs.gentoo.org/754192
    Signed-off-by: Jonas Stein <jstein@gentoo.org>

 profiles/package.mask | 5 +++++
 1 file changed, 5 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2020-11-12 21:53:35 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb4d4d4773601fc883c25e8675279e4858367a4d

commit cb4d4d4773601fc883c25e8675279e4858367a4d
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2020-11-12 21:52:09 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2020-11-12 21:53:26 +0000

    media-video/kmplayer: Drop dead IUSE=npp to fix CI
    
    Bug: https://bugs.gentoo.org/754192
    Package-Manager: Portage-3.0.1, Repoman-2.3.23
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 media-video/kmplayer/kmplayer-0.12.0b-r4.ebuild | 78 +++++++++++++++++++++++++
 1 file changed, 78 insertions(+)
Comment 3 Martin Dummer 2020-11-26 23:37:12 UTC
Hello,

I do not agree to last-rite adobe flash.
Why?
Because it is necessary in some professional IT use-cases, although adobe does not support or fix flash any more.

Examples:
VMware vSphere vCenter Webclient, the flash variant of the webclients on the vCenter versions 6.0 and 6.5 are the only way to configure some advanced features. 
Some older versions of FNT Command also have exclusively a flash-based webclient.

It is true that this software is shortly outdated, or will become outdated within the next 12-24 months. But in reality, there are many dependencies and reasons which defer updates for months or years. 

I would prefer to PMASK it permanently instead of removing it. DISTFILES would be kept in the gentoo mirrors, even when adobe removes their distfiles from their download servers. The PMASKED message should state that the software is insecure and outdated and only kept for very special usecases. People who really want it can then unmask it.

The same situation was with dev-java/icedtea-web, see bug #711392 - package was vulnerable, but necessary for some business cases.
Comment 4 Sam James archtester gentoo-dev Security 2020-11-26 23:47:49 UTC
(In reply to Martin Dummer from comment #3)
> It is true that this software is shortly outdated, or will become outdated
> within the next 12-24 months. But in reality, there are many dependencies
> and reasons which defer updates for months or years. 
> 

I'm not saying you're _wrong_ but the real solution here is going to be using e.g. Ruffle like archive.org.

Also, browsers will be dropping support for this anyway.

> I would prefer to PMASK it permanently instead of removing it. DISTFILES
> would be kept in the gentoo mirrors, even when adobe removes their distfiles
> from their download servers. The PMASKED message should state that the
> software is insecure and outdated and only kept for very special usecases.
> People who really want it can then unmask it.

This is not possible for Flash for legal reasons:
>RESTRICT="bindist mirror strip"

> 
> The same situation was with dev-java/icedtea-web, see bug #711392 - package
> was vulnerable, but necessary for some business cases.

But there was an alternative around which arrived. In theory, yes, we could mask until there's some viable open source version available in tree though. But we're still at the behest of Adobe wrt when they remove it.
Comment 5 Larry the Git Cow gentoo-dev 2020-12-07 18:19:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/kde-sunset.git/commit/?id=414b4ec32f0940d083387d6ab019f35b61e3ea87

commit 414b4ec32f0940d083387d6ab019f35b61e3ea87
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2020-12-07 14:45:33 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2020-12-07 16:36:31 +0000

    media-video/kmplayer: Drop dead IUSE=npp, adobe-flash EOL
    
    Bug: https://bugs.gentoo.org/754192
    Package-Manager: Portage-3.0.12, Repoman-3.0.2
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 media-video/kmplayer/kmplayer-0.11.5.ebuild | 23 +++--------------------
 media-video/kmplayer/metadata.xml           |  5 +----
 2 files changed, 4 insertions(+), 24 deletions(-)
Comment 6 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2021-01-03 12:36:22 UTC
I can confirm that SRC_URI no longer works.
Comment 7 Larry the Git Cow gentoo-dev 2021-01-03 12:38:08 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=908a680cda72c28e5e5b48da684d64e1048888a6

commit 908a680cda72c28e5e5b48da684d64e1048888a6
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2021-01-03 12:36:47 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2021-01-03 12:38:04 +0000

    www-plugins/adobe-flash: Remove last-rited pkg
    
    Closes: https://bugs.gentoo.org/754192
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 profiles/arch/amd64/package.use.force              |   4 -
 profiles/default/linux/uclibc/package.mask         |   1 -
 profiles/package.mask                              |   6 -
 www-plugins/adobe-flash/Manifest                   |   4 -
 .../adobe-flash/adobe-flash-32.0.0.453.ebuild      | 141 ---------------------
 www-plugins/adobe-flash/files/mms.cfg              | 117 -----------------
 www-plugins/adobe-flash/files/pepper-flash         |   1 -
 www-plugins/adobe-flash/files/pepper-flash-r1      |   1 -
 www-plugins/adobe-flash/metadata.xml               |  12 --
 9 files changed, 287 deletions(-)