Bug 1000263 - python-django-tinymce contains bundled Flash files
python-django-tinymce contains bundled Flash files
Product: Fedora
Classification: Fedora
Component: python-django-tinymce (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Fedora Infrastructure SIG
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks: WebAssets-BundledBinaries
  Show dependency treegraph
Reported: 2013-08-23 00:37 EDT by T.C. Hollingsworth
Modified: 2016-12-27 16:55 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-12-27 16:55:24 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description T.C. Hollingsworth 2013-08-23 00:37:39 EDT
This package contains binary files that are typically excuted by the Flash
player or another similar program.

These files are not permitted in Fedora. [1]  Everything we produce needs to
be built from source. [2]

The offending file(s) shipped in this package are:

If these files are just a fallback for something that is now supported by modern
web standards like the HTML5 <video> element, please just remove the binaries.

If removing these files would seriously cripple your application, please let me
know so we can figure out a solution.

If you have any questions, please shout.  Thanks!

[1] https://fedoraproject.org/wiki/Packaging:Guidelines#No_inclusion_of_pre-built_binaries_or_libraries
[2] https://lists.fedoraproject.org/pipermail/devel/2013-August/187836.html
Comment 1 Yuguang Wang 2013-09-02 04:29:05 EDT
I'm not the developer, I've submitted an issue regarding this [1].
Hopefully we can get the answer from developer team.

[1] https://github.com/aljosa/django-tinymce/issues/74
Comment 2 T.C. Hollingsworth 2013-09-02 05:42:16 EDT
Adam Williamson removed it from the main tinymce package and Wordpress with a simple patch to the moxieplayer JS.  See bug 1000266 and https://lists.fedoraproject.org/pipermail/devel/2013-August/188229.html for details.
Comment 3 Matthias Runge 2014-11-17 04:47:04 EST
Any progress here?
Comment 4 Yuguang Wang 2014-11-17 06:15:48 EST
Apologize for the delay, I had missed the message.

I've had a quick look at Adams's solution, will try to provide another package  when I got enough time, hopefully within this week.

Comment 5 Yuguang Wang 2014-12-07 22:34:13 EST

And a scrach rpmlint report:
$ rpmlint python-django-tinymce-1.5.3-1.fc20.src.rpm 
python-django-tinymce.src:3: W: mixed-use-of-spaces-and-tabs (spaces: line 3, tab: line 1)
python-django-tinymce.src: W: patch-not-applied Patch0: tinymce-3.5.8-no_moxieplayer.patch
1 packages and 0 specfiles checked; 0 errors, 2 warnings.
Comment 6 Yuguang Wang 2014-12-08 00:22:06 EST
Please ignore comment 5, as I noticed Adam Williams has removed the bundle to tinymce in python-django-tinymce-1.5.2-2:

$ rpm -qa | grep tinymce

$ rpm -ql tinymce | grep "*.swf"
$ rpm -ql python-django-tinymce | grep "*.swf"

Which means since tinymce-3.5.8 and django-tinymce-1.5.2-2,
those binaries were removed.
Comment 7 Jaroslav Reznik 2015-03-03 11:54:50 EST
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
Comment 8 Fedora Admin XMLRPC Client 2016-04-04 16:27:27 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 9 Fedora End Of Life 2016-07-19 06:18:26 EDT
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this

Thank you for reporting this bug and we are sorry it could not be fixed.
Comment 10 Adam Williamson 2016-08-19 16:55:33 EDT
The current package still appears to include moxieplayer:

[root@adam adamw]# dnf repoquery -l python-django-tinymce | grep swf
Failed to synchronize cache for repo 'fedora-phabricator', disabling.
Failed to synchronize cache for repo '_dnf_local', disabling.

that's on F25.
Comment 11 Kevin Fenzi 2016-12-27 16:55:24 EST
Fixed in python-django-tinymce-2.4.0-1.fc26

Note You need to log in before you can comment on or make changes to this bug.