On Tue, 29 Jan 2013 12:22:47 +0100, Luciano Bello wrote: > Melissa Draper pointed that the embedded copy of flowplayer-core in > Mahara > is affected by http://code.google.com/p/flowplayer-core/issues/detail?id=441
This seems to be fixed in upstream git: https://gitorious.org/mahara/mahara/commits/1.5_STABLE eae381a: "internalmedia/lib.php: Changing flowplayer invocation to only use relative URLs" a small change in php code 89e45be: "flowplayer: Updating flowplayer with custom build to disallow absolute URLs in config parameters" this adds a patched and renamed flowplayer gitorious dies on showing the latter commit, so here we go: #v+ commit 89e45be4688887f80db0df41a1464f35b81a2f45 Author: Aaron Wells <aar...@catalyst.net.nz> AuthorDate: Mon Jan 28 18:50:39 2013 +1300 Commit: Melissa Draper <meli...@catalyst.net.nz> CommitDate: Fri Feb 15 15:28:14 2013 +1300 flowplayer: Updating flowplayer with custom build to disallow absolute URLs in config parameters Also updating to the latest version of flowplayer, and removing all the flowplayer source code files from the Mahara repo and instead referencing the separate github repo they can be DL'ed from. (The only 3 files actually used by flowplayer are flowplayer.swf, flowplayer.controls.swf, and the flowplayer.js file. The rest are only necessary if you want to compile.) The flowplayer GPL license requires that if we modify the source code and redistribute it, we must change the name to something not confusing with flowplayer. See "ADDITIONAL TERM per GPL Section 7", paragraphs 3 & 4. License files that don't apply to our distribution were also removed. Change-Id: I400266f7cfb0e560f6afcede65e10f4db626a43a Signed-off-by: Aaron Wells <aar...@catalyst.net.nz> .../flowplayer/LICENSE_COMMERCIAL.txt | 166 -- .../flowplayer/LICENSE_MULTIDOMAIN.txt | 171 -- .../internalmedia/flowplayer/LICENSE_UNLIMITED.txt | 1 - [tons of removed files] .../artefact/file/blocktype/internalmedia/lib.php | 6 +- .../{flowplayer => mahara-flashplayer}/LICENSE.txt | 0 .../internalmedia/mahara-flashplayer/README.Mahara | 13 + .../{flowplayer => mahara-flashplayer}/README.txt | 0 .../mahara-flashplayer-3.2.6.js} | 0 .../mahara-flashplayer.controls.swf | Bin 0 -> 38336 bytes .../mahara-flashplayer/mahara-flashplayer.swf | Bin 0 -> 125925 bytes #v- I guess adding two binary .swf files is not a really appealing "fix". (Even ignoring the fact that they seem to come without source code.) Considering that mahara - has a very low popcon and no rev-deps - has a history of security problems - looks a bit undermaintained in Debian I suggest to remove the package from the archive. Cheers, gregor -- .''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06 : :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/ `. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe `- NP: Kante: Die Summe der einzelnen Teile
signature.asc
Description: Digital signature
