FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Development

 
 
LinkBack Thread Tools
 
Old 04-26-2011, 06:56 PM
Samuli Suominen
 
Default RFC: 24 hour review for >= dev-libs/glib-2.28 stable news item

You have 24 hours to comment on this news item. Sorry to put it so
bluntly but this is required for major security bug (#364973).

See attachment.
Title: Upgrade to GLIB 2.28
Author: GNOME Team <gnome@gentoo.org>
Content-Type: text/plain
Posted: 2011-04-26
Revision: 1
News-Item-Format: 1.0
Display-If-Installed: <dev-libs/glib-2.28

The way of setting default URI handlers has changed since dev-libs/glib-2.28
and above. If you used the GConf registry to set them before, they will now
be ignored.

If you use GNOME, you must upgrade gnome-session and gnome-control-center and
set your default browser/mail-client again.

If you don't use GNOME, you should ensure that the file
~/.local/share/applications/mimeapps.list has the following content:

[Added Associations]
x-scheme-handler/http=$browser_name.desktop;
x-scheme-handler/https=$browser_name.desktop;
x-scheme-handler/mailto=$mailclient_name.desktop;

Replace $browser_name.desktop and $mailclient_name.desktop with the appropriate
file from /usr/share/applications that can handle http/https/mailto URIs.

Please make sure that your browsers and mail clients have been upgraded to the
latest stable versions before doing all this.
 
Old 04-26-2011, 07:58 PM
Alex Alexander
 
Default RFC: 24 hour review for >= dev-libs/glib-2.28 stable news item

On Tue, Apr 26, 2011 at 09:56:06PM +0300, Samuli Suominen wrote:
> You have 24 hours to comment on this news item. Sorry to put it so
> bluntly but this is required for major security bug (#364973).
>
> See attachment.

Should be wrapped at 72 chars, but looks good otherwise, thanks


> Title: Upgrade to GLIB 2.28
> Author: GNOME Team <gnome@gentoo.org>
> Content-Type: text/plain
> Posted: 2011-04-26
> Revision: 1
> News-Item-Format: 1.0
> Display-If-Installed: <dev-libs/glib-2.28
>
> The way of setting default URI handlers has changed since dev-libs/glib-2.28
> and above. If you used the GConf registry to set them before, they will now
> be ignored.
>
> If you use GNOME, you must upgrade gnome-session and gnome-control-center and
> set your default browser/mail-client again.
>
> If you don't use GNOME, you should ensure that the file
> ~/.local/share/applications/mimeapps.list has the following content:
>
> [Added Associations]
> x-scheme-handler/http=$browser_name.desktop;
> x-scheme-handler/https=$browser_name.desktop;
> x-scheme-handler/mailto=$mailclient_name.desktop;
>
> Replace $browser_name.desktop and $mailclient_name.desktop with the appropriate
> file from /usr/share/applications that can handle http/https/mailto URIs.
>
> Please make sure that your browsers and mail clients have been upgraded to the
> latest stable versions before doing all this.


--
Alex Alexander | wired
+ Gentoo Linux Developer
++ www.linuxized.com
 
Old 04-27-2011, 12:11 AM
Alec Warner
 
Default RFC: 24 hour review for >= dev-libs/glib-2.28 stable news item

On Tue, Apr 26, 2011 at 12:58 PM, Alex Alexander <wired@gentoo.org> wrote:
> On Tue, Apr 26, 2011 at 09:56:06PM +0300, Samuli Suominen wrote:
>> You have 24 hours to comment on this news item. *Sorry to put it so
>> bluntly but this is required for major security bug (#364973).
>>
>> See attachment.
>
> Should be wrapped at 72 chars, but looks good otherwise, thanks
>
>
>> Title: Upgrade to GLIB 2.28
>> Author: GNOME Team <gnome@gentoo.org>
>> Content-Type: text/plain
>> Posted: 2011-04-26
>> Revision: 1
>> News-Item-Format: 1.0
>> Display-If-Installed: <dev-libs/glib-2.28
>>
>> The way of setting default URI handlers has changed since dev-libs/glib-2.28
>> and above. If you used the GConf registry to set them before, they will now
>> be ignored.
>>
>> If you use GNOME, you must upgrade gnome-session and gnome-control-center and
>> set your default browser/mail-client again.
>>
>> If you don't use GNOME, you should ensure that the file
>> ~/.local/share/applications/mimeapps.list has the following content:
>>
>> [Added Associations]
>> x-scheme-handler/http=$browser_name.desktop;
>> x-scheme-handler/https=$browser_name.desktop;
>> x-scheme-handler/mailto=$mailclient_name.desktop;
>>
>> Replace $browser_name.desktop and $mailclient_name.desktop with the appropriate
>> file from /usr/share/applications that can handle http/https/mailto URIs.
>>
>> Please make sure that your browsers and mail clients have been upgraded to the
>> latest stable versions before doing all this.

Can you link to the bug in the news item?

>
>
> --
> Alex Alexander | wired
> + Gentoo Linux Developer
> ++ www.linuxized.com
>
 
Old 04-27-2011, 05:23 AM
Nirbheek Chauhan
 
Default RFC: 24 hour review for >= dev-libs/glib-2.28 stable news item

On Wed, Apr 27, 2011 at 5:41 AM, Alec Warner <antarus@gentoo.org> wrote:
> Can you link to the bug in the news item?
>

Hmmm, not sure how relevant the polkit vulnerability is to the news
item. It's supposed to be about setting mimetype handler information;
not to explain the reason why glib is going stable.


--
~Nirbheek Chauhan

Gentoo GNOME+Mozilla Team
 
Old 04-27-2011, 07:46 AM
Duncan
 
Default RFC: 24 hour review for >= dev-libs/glib-2.28 stable news item

Samuli Suominen posted on Tue, 26 Apr 2011 21:56:06 +0300 as excerpted:

> You have 24 hours to comment on this news item. Sorry to put it so
> bluntly but this is required for major security bug (#364973).
>
> See attachment.
> Title: Upgrade to GLIB 2.28 Author: GNOME Team <gnome@gentoo.org>
> Content-Type: text/plain Posted: 2011-04-26 Revision: 1
> News-Item-Format: 1.0 Display-If-Installed: <dev-libs/glib-2.28
>
> The way of setting default URI handlers has changed since
> dev-libs/glib-2.28 and above. If you used the GConf registry to set them
> before, they will now be ignored.
>
> If you use GNOME, you must upgrade gnome-session and
> gnome-control-center and set your default browser/mail-client again.
>
> If you don't use GNOME, you should ensure that the file
> ~/.local/share/applications/mimeapps.list has the following content:
>
> [Added Associations]
> x-scheme-handler/http=$browser_name.desktop;
> x-scheme-handler/https=$browser_name.desktop;
> x-scheme-handler/mailto=$mailclient_name.desktop;
>
> Replace $browser_name.desktop and $mailclient_name.desktop with the
> appropriate file from /usr/share/applications that can handle
> http/https/mailto URIs.
>
> Please make sure that your browsers and mail clients have been upgraded
> to the latest stable versions before doing all this.

This is unclear. Should non-gnome users (I'm a kde user) set this to
prepare for the upgrade, or as a workaround until one actually completes
the upgrade?

The question comes up, because I'm on 2.28.6, which should be above the
threshold for the notice, and I have that file in my home dir, but do NOT
have those entries in it, which the notice appears to imply I should.

Second point: To clarify, you're asking presumably admin users to set
this in their homedir config, right? There's absolutely nothing in the
proposed news item (and no link with it as a further detail) explaining
this rather unprecedented tampering with a user's private homedir config,
nor anything explaining what happens if it isn't done. Should an admin by
arbitrary fiat edit the entries for *ALL* users? Just his own?

If this is intended to be a system level policy edit, why isn't it *AT*
they system level? If there is indeed technical reason to go editing
individual user's homedir configs, then PLEASE make it MUCH CLEARER just
WHICH user configs need to be edited (presumably all of them), and provide
some justification, technical or otherwise, why editing the user config is
the chosen solution.

Note that as I implied above, a further details link is very likely
appropriate, since news items are normally quite brief, serving in many
cases more as an alert to check the details elsewhere than a full
explanation and instructions.

--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
 
Old 04-27-2011, 08:13 AM
Donnie Berkholz
 
Default RFC: 24 hour review for >= dev-libs/glib-2.28 stable news item

On 15:05 Wed 27 Apr , Samuli Suominen wrote:
> The way of setting default URI handlers has changed since
> dev-libs/glib-2.28 and above. If you used the GConf registry to set
> them before, they will now be ignored.

Do you think all our users will even understand what this means? Can you
provide a more plain-English explanation, and give specific examples?
For example:

"The method for setting default applications for specific URI types
(https://, mailto://, etc.) changed in dev-libs/glib-2.28 and newer. If
you previously set them in GConf using the Configuration Editor, they
will now be ignored."

--
Thanks,
Donnie

Donnie Berkholz
Sr. Developer, Gentoo Linux
Blog: http://dberkholz.com
 
Old 04-27-2011, 12:05 PM
Samuli Suominen
 
Default RFC: 24 hour review for >= dev-libs/glib-2.28 stable news item

On 04/26/2011 09:56 PM, Samuli Suominen wrote:
> You have 24 hours to comment on this news item. Sorry to put it so
> bluntly but this is required for major security bug (#364973).
>
> See attachment.

Based on some comments posted here, and IRC, here is an updated news item.

Title: Upgrade to GLIB 2.28
Author: GNOME Team <gnome@gentoo.org>
Content-Type: text/plain
Posted: 2011-04-26
Revision: 1
News-Item-Format: 1.0
Display-If-Installed: <dev-libs/glib-2.28

The way of setting default URI handlers has changed since
dev-libs/glib-2.28 and above. If you used the GConf registry to set
them before, they will now be ignored.

If you use GNOME, you must upgrade gnome-session and
gnome-control-center and set your default browser/mail-client again.

If you don't use GNOME, you should ensure that the file
~/.local/share/applications/mimeapps.list has the following content:

[Added Associations]
x-scheme-handler/http=$browser_name.desktop;
x-scheme-handler/https=$browser_name.desktop;
x-scheme-handler/mailto=$mailclient_name.desktop;

Replace $browser_name.desktop and $mailclient_name.desktop with the
appropriate file from /usr/share/applications that can handle
http/https/mailto URIs.

The system-wide version of the file is often at
/usr/share/applications/defaults.list instead.

Please make sure that your browsers and mail clients have been upgraded
to the latest stable versions before doing all this.

More information about using defaults.list and mimeapps.list at:

http://www.freedesktop.org/wiki/Specifications/mime-actions-spec
 
Old 04-27-2011, 12:17 PM
Samuli Suominen
 
Default RFC: 24 hour review for >= dev-libs/glib-2.28 stable news item

On 04/27/2011 10:46 AM, Duncan wrote:
> Samuli Suominen posted on Tue, 26 Apr 2011 21:56:06 +0300 as excerpted:
>
>> You have 24 hours to comment on this news item. Sorry to put it so
>> bluntly but this is required for major security bug (#364973).
>>
>> See attachment.
>> Title: Upgrade to GLIB 2.28 Author: GNOME Team <gnome@gentoo.org>
>> Content-Type: text/plain Posted: 2011-04-26 Revision: 1
>> News-Item-Format: 1.0 Display-If-Installed: <dev-libs/glib-2.28
>>
>> The way of setting default URI handlers has changed since
>> dev-libs/glib-2.28 and above. If you used the GConf registry to set them
>> before, they will now be ignored.
>>
>> If you use GNOME, you must upgrade gnome-session and
>> gnome-control-center and set your default browser/mail-client again.
>>
>> If you don't use GNOME, you should ensure that the file
>> ~/.local/share/applications/mimeapps.list has the following content:
>>
>> [Added Associations]
>> x-scheme-handler/http=$browser_name.desktop;
>> x-scheme-handler/https=$browser_name.desktop;
>> x-scheme-handler/mailto=$mailclient_name.desktop;
>>
>> Replace $browser_name.desktop and $mailclient_name.desktop with the
>> appropriate file from /usr/share/applications that can handle
>> http/https/mailto URIs.
>>
>> Please make sure that your browsers and mail clients have been upgraded
>> to the latest stable versions before doing all this.
>
> This is unclear. Should non-gnome users (I'm a kde user) set this to
> prepare for the upgrade, or as a workaround until one actually completes
> the upgrade?

It's a permanent thing... I think the item is clear on that... "The
default way has changed", no where implying this would go away or be
temporary, or a workaround

The KDE desktop should set those mime's already, if you have selected
default browser/mailclient from the desktops GUI apps. If not, file a
bug for the KDE people.

> The question comes up, because I'm on 2.28.6, which should be above the
> threshold for the notice, and I have that file in my home dir, but do NOT
> have those entries in it, which the notice appears to imply I should.

The news item is targeted for stable users... presumably ~arch users
know what they are doing. Hence the Display-If-Installed.

>
> Second point: To clarify, you're asking presumably admin users to set
> this in their homedir config, right? There's absolutely nothing in the
> proposed news item (and no link with it as a further detail) explaining
> this rather unprecedented tampering with a user's private homedir config,
> nor anything explaining what happens if it isn't done. Should an admin by
> arbitrary fiat edit the entries for *ALL* users? Just his own?
>
> If this is intended to be a system level policy edit, why isn't it *AT*
> they system level? If there is indeed technical reason to go editing
> individual user's homedir configs, then PLEASE make it MUCH CLEARER just
> WHICH user configs need to be edited (presumably all of them), and provide
> some justification, technical or otherwise, why editing the user config is
> the chosen solution.
>
> Note that as I implied above, a further details link is very likely
> appropriate, since news items are normally quite brief, serving in many
> cases more as an alert to check the details elsewhere than a full
> explanation and instructions.
>

Addressed the system-wide vs. user defined issue in the new draft
(responded to the original post of this thread with it).
Has a link now too.
 
Old 04-27-2011, 12:46 PM
Duncan
 
Default RFC: 24 hour review for >= dev-libs/glib-2.28 stable news item

Samuli Suominen posted on Wed, 27 Apr 2011 15:17:57 +0300 as excerpted:

> On 04/27/2011 10:46 AM, Duncan wrote:
>> Samuli Suominen posted on Tue, 26 Apr 2011 21:56:06 +0300 as excerpted:
>>
>>> You have 24 hours to comment on this news item. Sorry to put it so
>>> bluntly but this is required for major security bug (#364973).
>>
>> This is unclear. Should non-gnome users (I'm a kde user) set this to
>> prepare for the upgrade, or as a workaround until one actually
>> completes the upgrade?
>
> It's a permanent thing... I think the item is clear on that... "The
> default way has changed", no where implying this would go away or be
> temporary, or a workaround

FWIW, yes, the "default way has changed" bit was clear. It simply wasn't
(and remains not in the updated news item itself, but there's a link with
more info now...) immediately clear how the config changes we were being
asked to do related to that... in part because of the user vs. system
question.

But the updated version is all around better.

> The KDE desktop should set those mime's already, if you have selected
> default browser/mailclient from the desktops GUI apps. If not, file a
> bug for the KDE people.

Yes. I found the settings in the system-wide file. I've had no reason to
change them from system defaults, so they weren't in the user config, only
the system config. The new version allows that information to be
discovered far easier. =:^)

> The news item is targeted for stable users... presumably ~arch users
> know what they are doing. Hence the Display-If-Installed.

To the extent that everything seems to be working, yes.

However, in the context of a security bump with instructions for config
entries I don't see, that I don't fully understand the significance of and
with no link to further details, as I suppose most admins, I start asking
questions!

> Addressed the system-wide vs. user defined issue in the new draft
> (responded to the original post of this thread with it).
> Has a link now too.

Indeed. Much /much/ better now. =:^)

Thanks! =:^)

--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
 
Old 04-27-2011, 12:55 PM
Samuli Suominen
 
Default RFC: 24 hour review for >= dev-libs/glib-2.28 stable news item

On 04/27/2011 03:46 PM, Duncan wrote:
> [ .. ]

Just to make it clear: The only relationship this news item has to the
security bump is the fact that the unvulnerable polkit is just needing
newer glib as a dependency for other reasons
 

Thread Tools




All times are GMT. The time now is 10:05 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org