Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1000263 - python-django-tinymce contains bundled Flash files
Summary: python-django-tinymce contains bundled Flash files
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: python-django-tinymce
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Fedora Infrastructure SIG
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: WebAssets-BundledBinaries
TreeView+ depends on / blocked
 
Reported: 2013-08-23 04:37 UTC by T.C. Hollingsworth
Modified: 2016-12-27 21:55 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-12-27 21:55:24 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description T.C. Hollingsworth 2013-08-23 04:37:39 UTC 
This package contains binary files that are typically excuted by the Flash
player or another similar program.

These files are not permitted in Fedora. [1]  Everything we produce needs to
be built from source. [2]

The offending file(s) shipped in this package are:
/usr/lib/python2.7/site-packages/tinymce/media/tiny_mce/plugins/media/moxieplayer.swf
/usr/lib/python2.7/site-packages/tinymce/static/tiny_mce/plugins/media/moxieplayer.swf

If these files are just a fallback for something that is now supported by modern
web standards like the HTML5 <video> element, please just remove the binaries.

If removing these files would seriously cripple your application, please let me
know so we can figure out a solution.

If you have any questions, please shout.  Thanks!

[1] https://fedoraproject.org/wiki/Packaging:Guidelines#No_inclusion_of_pre-built_binaries_or_libraries
[2] https://lists.fedoraproject.org/pipermail/devel/2013-August/187836.html
Comment 1 Yuguang Wang 2013-09-02 08:29:05 UTC 
I'm not the developer, I've submitted an issue regarding this [1].
Hopefully we can get the answer from developer team.

[1] https://github.com/aljosa/django-tinymce/issues/74
Comment 2 T.C. Hollingsworth 2013-09-02 09:42:16 UTC 
Adam Williamson removed it from the main tinymce package and Wordpress with a simple patch to the moxieplayer JS.  See bug 1000266 and https://lists.fedoraproject.org/pipermail/devel/2013-August/188229.html for details.
Comment 3 Matthias Runge 2014-11-17 09:47:04 UTC 
Any progress here?
Comment 4 Yuguang Wang 2014-11-17 11:15:48 UTC 
Apologize for the delay, I had missed the message.

I've had a quick look at Adams's solution, will try to provide another package  when I got enough time, hopefully within this week.

Thanks.
Comment 5 Yuguang Wang 2014-12-08 03:34:13 UTC 
SPEC:
https://yuwang.fedorapeople.org/python-django-tinymce/1.5.3/python-django-tinymce.spec
SRPM:
https://yuwang.fedorapeople.org/python-django-tinymce/1.5.3/python-django-tinymce-1.5.3-1.fc20.src.rpm

And a scrach rpmlint report:
$ rpmlint python-django-tinymce-1.5.3-1.fc20.src.rpm 
python-django-tinymce.src:3: W: mixed-use-of-spaces-and-tabs (spaces: line 3, tab: line 1)
python-django-tinymce.src: W: patch-not-applied Patch0: tinymce-3.5.8-no_moxieplayer.patch
1 packages and 0 specfiles checked; 0 errors, 2 warnings.
Comment 6 Yuguang Wang 2014-12-08 05:22:06 UTC 
Please ignore comment 5, as I noticed Adam Williams has removed the bundle to tinymce in python-django-tinymce-1.5.2-2:

$ rpm -qa | grep tinymce
tinymce-3.5.8-1.fc20.noarch
python-django-tinymce-1.5.2-2.fc20.noarch

$ rpm -ql tinymce | grep "*.swf"
$ rpm -ql python-django-tinymce | grep "*.swf"

Which means since tinymce-3.5.8 and django-tinymce-1.5.2-2,
those binaries were removed.
Comment 7 Jaroslav Reznik 2015-03-03 16:54:50 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
Comment 8 Fedora Admin XMLRPC Client 2016-04-04 20:27:27 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 9 Fedora End Of Life 2016-07-19 10:18:26 UTC 
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.
Comment 10 Adam Williamson 2016-08-19 20:55:33 UTC 
The current package still appears to include moxieplayer:

[root@adam adamw]# dnf repoquery -l python-django-tinymce | grep swf
Failed to synchronize cache for repo 'fedora-phabricator', disabling.
Failed to synchronize cache for repo '_dnf_local', disabling.
/usr/lib/python2.7/site-packages/tinymce/static/tiny_mce/plugins/media/moxieplayer.swf

that's on F25.
Comment 11 Kevin Fenzi 2016-12-27 21:55:24 UTC 
Fixed in python-django-tinymce-2.4.0-1.fc26
Note You need to log in before you can comment on or make changes to this bug.