Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1000263

Summary: python-django-tinymce contains bundled Flash files
Product: [Fedora] Fedora Reporter: T.C. Hollingsworth <tchollingsworth>
Component: python-django-tinymceAssignee: Fedora Infrastructure SIG <infra-sig>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: awilliam, kevin, mrunge, yuwang
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-12-27 21:55:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1000236    

Description T.C. Hollingsworth 2013-08-23 04:37:39 UTC 
This package contains binary files that are typically excuted by the Flash
player or another similar program.

These files are not permitted in Fedora. [1]  Everything we produce needs to
be built from source. [2]

The offending file(s) shipped in this package are:
/usr/lib/python2.7/site-packages/tinymce/media/tiny_mce/plugins/media/moxieplayer.swf
/usr/lib/python2.7/site-packages/tinymce/static/tiny_mce/plugins/media/moxieplayer.swf

If these files are just a fallback for something that is now supported by modern
web standards like the HTML5 <video> element, please just remove the binaries.

If removing these files would seriously cripple your application, please let me
know so we can figure out a solution.

If you have any questions, please shout.  Thanks!

[1] https://fedoraproject.org/wiki/Packaging:Guidelines#No_inclusion_of_pre-built_binaries_or_libraries
[2] https://lists.fedoraproject.org/pipermail/devel/2013-August/187836.html
Comment 1 Yuguang Wang 2013-09-02 08:29:05 UTC 
I'm not the developer, I've submitted an issue regarding this [1].
Hopefully we can get the answer from developer team.

[1] https://github.com/aljosa/django-tinymce/issues/74
Comment 2 T.C. Hollingsworth 2013-09-02 09:42:16 UTC 
Adam Williamson removed it from the main tinymce package and Wordpress with a simple patch to the moxieplayer JS.  See bug 1000266 and https://lists.fedoraproject.org/pipermail/devel/2013-August/188229.html for details.
Comment 3 Matthias Runge 2014-11-17 09:47:04 UTC 
Any progress here?
Comment 4 Yuguang Wang 2014-11-17 11:15:48 UTC 
Apologize for the delay, I had missed the message.

I've had a quick look at Adams's solution, will try to provide another package  when I got enough time, hopefully within this week.

Thanks.
Comment 5 Yuguang Wang 2014-12-08 03:34:13 UTC 
SPEC:
https://yuwang.fedorapeople.org/python-django-tinymce/1.5.3/python-django-tinymce.spec
SRPM:
https://yuwang.fedorapeople.org/python-django-tinymce/1.5.3/python-django-tinymce-1.5.3-1.fc20.src.rpm

And a scrach rpmlint report:
$ rpmlint python-django-tinymce-1.5.3-1.fc20.src.rpm 
python-django-tinymce.src:3: W: mixed-use-of-spaces-and-tabs (spaces: line 3, tab: line 1)
python-django-tinymce.src: W: patch-not-applied Patch0: tinymce-3.5.8-no_moxieplayer.patch
1 packages and 0 specfiles checked; 0 errors, 2 warnings.
Comment 6 Yuguang Wang 2014-12-08 05:22:06 UTC 
Please ignore comment 5, as I noticed Adam Williams has removed the bundle to tinymce in python-django-tinymce-1.5.2-2:

$ rpm -qa | grep tinymce
tinymce-3.5.8-1.fc20.noarch
python-django-tinymce-1.5.2-2.fc20.noarch

$ rpm -ql tinymce | grep "*.swf"
$ rpm -ql python-django-tinymce | grep "*.swf"

Which means since tinymce-3.5.8 and django-tinymce-1.5.2-2,
those binaries were removed.
Comment 7 Jaroslav Reznik 2015-03-03 16:54:50 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
Comment 8 Fedora Admin XMLRPC Client 2016-04-04 20:27:27 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 9 Fedora End Of Life 2016-07-19 10:18:26 UTC 
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.
Comment 10 Adam Williamson 2016-08-19 20:55:33 UTC 
The current package still appears to include moxieplayer:

[root@adam adamw]# dnf repoquery -l python-django-tinymce | grep swf
Failed to synchronize cache for repo 'fedora-phabricator', disabling.
Failed to synchronize cache for repo '_dnf_local', disabling.
/usr/lib/python2.7/site-packages/tinymce/static/tiny_mce/plugins/media/moxieplayer.swf

that's on F25.
Comment 11 Kevin Fenzi 2016-12-27 21:55:24 UTC 
Fixed in python-django-tinymce-2.4.0-1.fc26