In the latest development version of commons, we get an alert at admin/reports/status that:

"Your getID3 library is insecure! The demos distributed with getID3 contains code which creates a huge security hole. Remove the demos directory (......profiles/drupal_commons/libraries/getid3/demos) from beneath Drupal's directory.""

One question is how to package with Drush make and not include this demos directory. I don't think Drush make can *remove* a downloaded directory from within a library and I don't think that getID3 is distributed without that directory. Hosting our own copy on GitHub seems like an easy, if awkward option.

It also seems like its time to update to getID3 1.9.

CommentFileSizeAuthor
#11 1336886-11.patch313.6 KBjhedstrom
#10 getid3_rm_demos-1336886-10.patch312.76 KBAnonymous (not verified)
#9 getid3-remove-demos-1.9.5.patch312.1 KBAnonymous (not verified)
#8 getid3-remove-demos-1.9.3.patch301.9 KBjanusman
#4 getid3-remove-demos-1.9.1.patch300.95 KBezra-g
#3 id3-remove-demos-1.patch282.32 KBezra-g
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

ezra-g’s picture

ezra-g CreditAttribution: ezra-g commented

Actually, looks like getID3 is GPL 2. Maybe this means we can include it in the Commons repo?

ezra-g’s picture

ezra-g CreditAttribution: ezra-g commented

Nope.

ezra-g’s picture

ezra-g CreditAttribution: ezra-g commented
Title: getid3 library demo directory included » Remove id3 demo directory
Status: Active » Needs review
FileSize
id3-remove-demos-1.patch282.32 KB

Attached is a patch that removes this unwanted directory.

The 1336886-remove-id3-demos-dir branch of Commons modifies drupal_commons.make to use this patch when building Commons.

ezra-g’s picture

ezra-g CreditAttribution: ezra-g commented
FileSize
getid3-remove-demos-1.9.1.patch300.95 KB

Here's an updated patch for getid3 1.9.1

laurentc’s picture

laurentc CreditAttribution: laurentc commented

Cool. The patch is good.

ezra-g’s picture

ezra-g CreditAttribution: ezra-g commented
Category: bug » task
Status: Needs review » Fixed

Thanks for the review. This is committed: http://drupalcode.org/project/commons.git/commitdiff/9c948d3?hp=6c4893e2... .

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

janusman’s picture

janusman CreditAttribution: janusman commented
Version: » 6.x-2.x-dev
FileSize
getid3-remove-demos-1.9.3.patch301.9 KB

Just for reference, adding this patch that removes the demos directory from a newer version of getid3 (1.9.3)

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
FileSize
getid3-remove-demos-1.9.5.patch312.1 KB

Here is a patch for getid3 1.9.5.

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
Issue summary: View changes
FileSize
getid3_rm_demos-1336886-10.patch312.76 KB

Here is a patch to remove demos in 1.9.7.

jhedstrom’s picture

jhedstrom
Primary language English
Location Portland, OR
CreditAttribution: jhedstrom at Phase2 for Workday, Inc. commented
FileSize
1336886-11.patch313.6 KB

This patch is actually used in a drush make test, so I needed to reroll it for 1.9.8. Sorry for the noise.