| Summary: | Security issues for iceape fixed in version 2.15 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Christiaan Welvaart <cjw> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | philippedidier, sysadmin-bugs, tmb, wrw105 |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html | ||
| Whiteboard: | MGA2-64-OK mga2-32-OK | ||
| Source RPM: | iceape-2.14.1-1.mga2.src.rpm | CVE: | |
| Status comment: | |||
|
Description
Christiaan Welvaart
2013-01-12 17:37:17 CET
I was unable to find test cases for the security updates upstream through mozilla bugzilla. Testing the opus codec on http://people.xiph.org/~giles/2012/opus/ was successful. Operation on several web sites including flash showed no problems. Mail and chat work as expected. Iceape is showing icedtea-web 1.3.1 plugin in plugin manager, but java testers (e.g. http://www.javatester.org/version.html ) are showing java as disabled. x86_64. CC:
(none) =>
wrw105 Just double checked after an iceape restart - the plugin wasn't originally enabled, but reenabling it and restarting again showed java working, reporting 1.6.0_24. x86_64 working well. Well done Bill. You just need to set the whiteboard keyword.
Bill Wilkinson
2013-01-12 22:05:58 CET
Whiteboard:
(none) =>
MGA2-64-OK MGA2 32 bits
Updating from an everyday used iceape 2.14.1-1 to 2.15-1
Everything went fine : the mail, news and chatzilla configurations are preserved
The mail folders are OK
the previously installed plugins and extensions for the web browser are verified and working
the opus codec is OK and tested
no problem for java ( it was already installed and enabled)
The bundled lightning module (version 2.0b1) and timezone calendar module are proposed to get activated (they were not for previous version of iceape) and work (though the lightning is not yet well localized, and has not yet a working link to a french page )
There's only a cosmetic problem about the global language which is reverted to english (the bundled language packs allow to choose again your native language but you must know where to configure this ... and know enough English to read the menus....) : strangely, these last preferences are lost in prefs.js
user_pref("general.useragent.locale", "fr")
user_pref("intl.accept_languages", "fr,fr-fr,en-us,en")
become
user_pref("general.useragent.locale", "en")
user_pref("intl.accept_languages", "en-us,en")
Many Thanks to Christiaan
I would say it's OK for MGA32 bits (unless the little language problem prevents to validate it)CC:
(none) =>
philippedidier To Christiaan
Sorry : I did a mistake and a wrong diagnostic about language preferences and user interface language...
Tried again with backuped profiles
uninstall iceape 2.15-1
recover the last previous backup profile
install last iceape 2.14.1-1
Everything OK : user interface language is french, prefered browser language is French, language spelling is French with iceape 2.14.1-1
Update to iceape 2.15-1
User interface language is now English and can't be modified .
(/menu/edit/preference/appearance : => no other choice than English)
nevertheless the prefered browser language selected is always French, the language spelling selected is French. but don't work :-(
the prefs.js file is not modified at all.
There's only one way to correct this : disable and enable again the French language pack ( /menu/tools/add-on manager)
and then everything is corrected (/menu/edit/preference/appearance : => french is selected without anything to do)
quit and start again iceape and the user interface is right...
doing this we get a modification in prefs.js :
it is now
user_pref("extensions.bootstrappedAddons", "{\"langpack-fr@seamonkey.mozilla.org\":{\"version\":\"2.15\",\"type\":\"locale\",\"descriptor\":\"/usr/lib/iceape-2.15/extensions/langpack-fr@seamonkey.mozilla.org\"}}");
and it was
user_pref("extensions.bootstrappedAddons", "{\"langpack-fr@seamonkey.mozilla.org\":{\"version\":\"2.14\",\"type\":\"locale\",\"descriptor\":\"/usr/lib/iceape-2.14/extensions/langpack-fr@seamonkey.mozilla.org\"}}");
To summarize :
the bundled langpack has a hard address in user's profile : prefs.js (/usr/lib/iceape-2.14/extensions/langpack-*) and when we update iceape from 2.14 to 2.15 this address is not automatically modified and there is no link to /usr/lib/iceape-2.15/extensions/langpack-*)
(there's no problem with the extensions added in the user profile directory, such as flashgot, adblock ... : their address remain identical)
I don't know how it could be automatically modified in each user profile !
The update needs an advice about this for non English users :
After having updated, you need to disable and reenable your langpack in /menu/tools/add-on manager
besides this little problem (with this simple workaround) the update is OK !
Philippe
Post scriptum Beware of the fact that depending on which news browser you use to follow gmane.linux.mageia.bugs you may have a wrong display of the extract of prefs.js that I provided : the folder name : langpack-fr@seamonkey.mozilla.org\ may become wrongly displayed as a mail address (!!!???) : langpack-fr-fXE7c0Za+ZTWuHeTmpe1rYaCUm+kVXi4@public.gmane.org\ it is correctly displayed when using firefox to read : https://bugs.mageia.org/show_bug.cgi?id=8673 Philippe Post post scriptum :) Definitely unable to correctly display this in a news browser :-( The post scriptum is even worse to read !!!! just can say that I never wanted to write any mail address but only a folder name including an arobase : (@) langpack-frarobaseseamonkey.mozilla.org Thanks Bill and Philippe Validating Advisory & srpms in comment 0 Could sysadmin please push from core/updates_testing to core/updates Thanks! Keywords:
(none) =>
validated_update Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0008 Status:
NEW =>
RESOLVED |