update-flashplugin won't upgrade to 7.0.68
Bug #60198 reported by
Holger Schletz
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| flashplugin-nonfree (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
Bug Description
Binary package hint: flashplugin-nonfree
I had trouble upgrading to 7.0.68 which was released today.
First, none of the download links worked. I downloaded it manually and used the -l option.
This time the installation aborted with "plugin changed, not trusted". I looked at the script and found that it compared the MD5sums of 2 files to hardcoded values which obviously did'nt match the new version... After commenting out the MD5 checks the update succeeded.
I think using hardcoded values is inappropriate since these are tied to a single upstream version, preventing upgrades without changes to the script. If we have to ignore the MD5sums or replace them with values derived from files from an untrusted source, these checks are fairly useless.
Revision history for this message
| Daniel T Chen (crimsun) wrote | #1 |
| Changed in flashplugin-nonfree: | |
| importance: | Untriaged → Medium |
| status: | Unconfirmed → Rejected |
To post a comment you must log in.
The hardcoded md5sums are intentional to prevent precisely the "tweaks" (which in some cases could be malicious) you made.