Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1000267 - wordpress contains bundled Flash and Silverlight files
Summary: wordpress contains bundled Flash and Silverlight files
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: wordpress
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Remi Collet
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: WebAssets-BundledBinaries 991791
TreeView+ depends on / blocked
 
Reported: 2013-08-23 04:44 UTC by T.C. Hollingsworth
Modified: 2018-04-11 08:40 UTC (History)
6 users (show)

Fixed In Version: wordpress-3.6-1.fc19
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-09-14 19:04:26 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description T.C. Hollingsworth 2013-08-23 04:44:31 UTC 
This package contains binary files that are typically excuted by the Flash
player or another similar program.

These files are not permitted in Fedora. [1]  Everything we produce needs to
be built from source. [2]

The offending file(s) shipped in this package are:
/usr/share/wordpress/wp-includes/js/plupload/plupload.flash.swf
/usr/share/wordpress/wp-includes/js/plupload/plupload.silverlight.xap
/usr/share/wordpress/wp-includes/js/swfupload/swfupload.swf
/usr/share/wordpress/wp-includes/js/tinymce/plugins/media/moxieplayer.swf

If these files are just a fallback for something that is now supported by modern
web standards like the HTML5 <video> element, please just remove the binaries.

If removing these files would seriously cripple your application, please let me
know so we can figure out a solution.

If you have any questions, please shout.  Thanks!

[1] https://fedoraproject.org/wiki/Packaging:Guidelines#No_inclusion_of_pre-built_binaries_or_libraries
[2] https://lists.fedoraproject.org/pipermail/devel/2013-August/187836.html
Comment 1 Adam Williamson 2013-08-23 08:05:29 UTC 
When it's done, http://koji.fedoraproject.org/koji/taskinfo?taskID=5844538 will be a scratch build of Wordpress 3.6 with the simplest possible approach to this: swfupload is ripped out bodily (with a patch to remove its hooks from script-loader.php), and the other files are wiped with no other changes made. Note that wordpress 3.6 adds a couple *more*, as it adds 'wp-includes/js/mediaelement' as a media player...thingy...which is supposed to present a 'consistent experience' across multiple browsers and media formats by using a Flash or Silverlight player that looks like an HTML5 player when pure HTML5 won't work to play a given format on a given browser.

I'm hoping that plupload and mediaelement will cope intelligently with the plugins not being present and do something sensible instead of falling over; it's rather difficult to tell from the 'source code' since the 'source code' for both is a cryptic set of unreadable minified javascript. plupload should be able to simply fall back to its HTML 4 uploader if the SWF and Silverlight ones aren't there, but there's going to be stuff mediaelement just can't do without the plugins, like serve h.264 to Firefox. I'm not sure why tinymce saw fit to include its own bloody media player yet, but we'd better test whatever it's doing with that too.

I have not tested this at all yet; I'm throwing the scratch build up in case others wish to do so as well as me. (I'm going to bed after this and test it in the morning). You'll need to configure file uploading and try embedding some media in a post with the new [video] and [audio] short tags to test these changes, I think. Christ knows how to test the tinymce one.
Comment 2 Adam Williamson 2013-08-23 23:15:22 UTC 
OK, I think I've now got a build that smoothly handles all the removals. I'm sending it through to 'stable' for Rawhide and F20 and testing for all other releases.
Comment 3 Fedora Update System 2013-08-24 00:23:28 UTC 
wordpress-3.6-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/wordpress-3.6-1.fc19
Comment 4 Fedora Update System 2013-08-24 00:23:37 UTC 
wordpress-3.6-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/wordpress-3.6-1.fc18
Comment 5 Fedora Update System 2013-08-24 00:23:47 UTC 
wordpress-3.6-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/wordpress-3.6-1.el6
Comment 6 Fedora Update System 2013-08-24 18:40:12 UTC 
Package wordpress-3.6-1.el6:
* should fix your issue,
* was pushed to the Fedora EPEL 6 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing wordpress-3.6-1.el6'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11325/wordpress-3.6-1.el6
then log in and leave karma (feedback).
Comment 7 Fedora Update System 2013-09-14 19:04:26 UTC 
wordpress-3.6-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2013-09-15 00:51:02 UTC 
wordpress-3.6-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2013-09-15 00:52:05 UTC 
wordpress-3.6-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.