update-flashplugin won't upgrade to 7.0.68
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
flashplugin-nonfree (Ubuntu) |
Invalid
|
Medium
|
Unassigned |
Bug Description
Binary package hint: flashplugin-nonfree
I had trouble upgrading to 7.0.68 which was released today.
First, none of the download links worked. I downloaded it manually and used the -l option.
This time the installation aborted with "plugin changed, not trusted". I looked at the script and found that it compared the MD5sums of 2 files to hardcoded values which obviously did'nt match the new version... After commenting out the MD5 checks the update succeeded.
I think using hardcoded values is inappropriate since these are tied to a single upstream version, preventing upgrades without changes to the script. If we have to ignore the MD5sums or replace them with values derived from files from an untrusted source, these checks are fairly useless.
The hardcoded md5sums are intentional to prevent precisely the "tweaks" (which in some cases could be malicious) you made.