Bug 28457

Summary: Flash-player-plugin refuses to work after 2021-01-21
Product: Mageia Reporter: Markus Robert Keßler <mandrake>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED WONTFIX QA Contact:
Severity: normal    
Priority: Normal CC: guillaume.bedot, lewyssmith, luigiwalser, mageia
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: flash-player-plugin-32.0.0.465-1.mga7.nonfree.src.rpm CVE:
Status comment:

Description Markus Robert Keßler 2021-02-26 20:44:18 CET 
Description of problem:

Adobe has built in a "kill-switch" into their flash player plugin.
So, firefox with mentioned plugin, as well as chromium browser no longer work now.

Adobe claim that there can be created some kind of exception list, but it would be better to patch the plugin to have generic solution.

See statement here:

    https://support.mozilla.org/en-US/questions/1284192

Thanks for your effort!
Comment 1 Aurelien Oudelet 2021-02-26 20:56:12 CET 
Thanks requesting such support.


We at Mageia have our users in concern.
But Flash technology has been long long advertised to be considered EOL, obsolete and prone to security vulnerabilities.

This is not our right/duty to make change. We do provide a nonfree rpm that is only a wrapper to download on Adobe website this piece of legacy software.

Today, we can't afford it to support it any longer.

Resolution: (none) => WONTFIX
CC: (none) => lewyssmith, luigiwalser
Status: NEW => RESOLVED

Comment 2 Nicolas Lécureuil 2021-02-26 22:08:44 CET 
And in addition there won't be any security fixes anymore from Adobe for Flash.
We can't let our users with such vulnerabilities.

CC: (none) => mageia

Comment 3 David Walser 2021-02-26 22:12:40 CET 
But we do have the lightspark package, which is an open-source implementation of Flash, which can still be used on Mageia.
Comment 4 Lewis Smith 2021-02-27 09:54:14 CET 
Thanks for that encouraging pointer, David. This should have been - maybe is - in the Mageia 8 Release Notes (yes, I see this bug is for M7).

@ Markus : So do try 'lightspark'.
Comment 5 Markus Robert Keßler 2021-02-28 10:16:21 CET 
Hi there,
tried lightspark, though
- it is in "alpha state" (!), see here: https://lightspark.github.io
- the version in mga repo is almost 2 years behind

Anyway, I have tested lightspark against several IP cameras where Flash ( application/x-shockwave-flash ) is needed to display a preview within the admin surface.
It doesn't work, though
    lightspark-mozilla-plugin-0.8.1-4.mga7
    lib64lightspark0-0.8.1-4.mga7
    lightspark-0.8.1-4.mga7
are installed. I just get redirected to Adobe's "end of life" statement page
Comment 6 Lewis Smith 2021-03-02 10:01:00 CET 
Thank you for this feedback.
> lightspark-0.8.1-4.mga7
> the version in mga repo is almost 2 years behind
"The latest released version is 0.8.4.1"
So it is possible that the latest lightspark might work better than what we currently offer. Possible...
I was tempted to re-cast this bug into one requesting that "our lightspark is outdated & does not work"; but think it neater to ask you to please raise a new bug about that. Simply copy your comment 5 above into the new one (so keep this bug open while creating the new one).
Even our M8 version is not current: lightspark-0.8.3-3.mga8; I will make the new bug cover both releases.
Comment 7 Lewis Smith 2021-03-02 10:03:35 CET 
I see you have just done that! Bug 28502.
Comment 8 Guillaume Bedot 2021-03-04 08:11:53 CET 
There is also ruffle https://ruffle.rs , but the plugin is not signed...

CC: (none) => guillaume.bedot