Action required for 3.23 testers

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Action required for 3.23 testers

Michael Catanzaro-2
Hi,

If you're testing 3.23 or have ever run 3.23 on your machine, then some
manual intervention is required. If you're building from git master,
pull the latest code, build it, and then run this command:

$ ephy-profile-migrator -d 11

If you're testing an actual 3.23 release, then run that command after
you get your next regular update (3.23.5 or 3.23.90, whatever I wind up
 calling it).

The ephy-profile-migrator binary will be in $(pkglibexecdir), which is
usually /usr/libexec/epiphany, /usr/lib64/epiphany, /usr/x86-linux-
gnu/epiphany, libexecdir under your jhbuild prefix... something like
that. Make sure you do *not* run the version in /usr/bin, since we
don't install it there anymore; that would be the ephy-profile-migrator
provided by an older version of Epiphany. You have to be sure to run
the latest profile migrator or it won't work.

This command will go through your stored passwords and change the
associated URIs from http:// to https://. Previously, we saved
passwords per-domain, ignoring protocol by normalizing https:// to http
://, but this was a big security problem. So after migrating, your old
passwords will only be available to secure sites. If you have passwords
you had saved and want to use on insecure sites, you'll have to enter
them manually once (you can look them up in the preferences dialog, of
course) and then they will be remembered again.

If you've run a 3.23 release in the past but have switched back to
3.22, run this instead:

rm ~/.config/epiphany/.migrated

which is overkill, but will ensure you get migrated properly when you
upgrade to 3.23/3.24 in the future. If you don't take action, all your
old passwords will remain vulnerable to a password sweep attack. See
[1] for details.

Users who only ever ran stable releases will be migrated automatically;
the reason manual intervention is required is our profile migrator only
understands a sequential series of migration steps and does not expect
new migration steps to be inserted before old ones, but this one has to
be inserted before the migrators added in 3.23 because we need to
backport it to stable releases.

Sorry for the inconvenience,

Michael

[1] https://bugzilla.gnome.org/show_bug.cgi?id=752738
_______________________________________________
epiphany-list mailing list
[hidden email]
https://mail.gnome.org/mailman/listinfo/epiphany-list
Loading...