From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-164409-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id A0BD0138CD0
	for <garchives@archives.gentoo.org>; Fri, 22 May 2015 12:43:41 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id DDAADE08AB;
	Fri, 22 May 2015 12:43:34 +0000 (UTC)
Received: from mail-wi0-f174.google.com (mail-wi0-f174.google.com [209.85.212.174])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id AFFCEE0897
	for <gentoo-user@lists.gentoo.org>; Fri, 22 May 2015 12:43:33 +0000 (UTC)
Received: by wicmx19 with SMTP id mx19so39387993wic.0
        for <gentoo-user@lists.gentoo.org>; Fri, 22 May 2015 05:43:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=from:reply-to:to:subject:date:user-agent:references:in-reply-to
         :mime-version:content-type:content-transfer-encoding:message-id;
        bh=GNRAu5/vk0Ou5lXIqJWkbvdXQzwMX41sXNYtW5i6h9s=;
        b=0c2MVLGl0/yHBUJJVJqKTMWAiM26ydRr2o9l6+F3fJ1sCVteYMMNwzBBFUEJpQ9xSY
         pWfROOSImJvM7l/ZdWDvHmDmXR1IdWzwToVhac293Iy1kpp6vu0j8IDFC5mdWIWxRV6J
         Bjkll2JVbx7xQ0lS4X2f9ZAxROWS96YkcpAO1hvvdoggGunJwmo2Yl0HYr8y9JZCBpTA
         T7SFo5kyHLKsOI6n519kJx3x0BaGxwy0axU8SihDkzbFlw4RDTfOJTcKzuZOv5h+tm46
         09orghzkLKePhi1kanZMgaTPSyuwDwrg8alMl8TbqyPm2Ve3PRx1vWkdvHG/A83RI2sU
         S48g==
X-Received: by 10.180.109.6 with SMTP id ho6mr7343919wib.58.1432298612596;
        Fri, 22 May 2015 05:43:32 -0700 (PDT)
Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230])
        by mx.google.com with ESMTPSA id g5sm3028825wjq.6.2015.05.22.05.43.31
        for <gentoo-user@lists.gentoo.org>
        (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Fri, 22 May 2015 05:43:31 -0700 (PDT)
From: Mick <michaelkintzios@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] [~and64] Headsup for google-chrome users
Date: Fri, 22 May 2015 13:43:27 +0100
User-Agent: KMail/1.13.7 (Linux/3.18.12-gentoo; KDE/4.14.3; x86_64; ; )
References: <mjkkkq$ef3$1@ger.gmane.org> <201505221144.17145.michaelkintzios@gmail.com> <555F0E6E.9000408@gmail.com>
In-Reply-To: <555F0E6E.9000408@gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart1774079.K7nfB0kb7Z";
  protocol="application/pgp-signature";
  micalg=pgp-sha256
Content-Transfer-Encoding: 7bit
Message-Id: <201505221343.28556.michaelkintzios@gmail.com>
X-Archives-Salt: 0896abdc-c60e-457c-b248-11db032b5a60
X-Archives-Hash: 299d511b58ea0e1a9b9b3e9a90febb48

--nextPart1774079.K7nfB0kb7Z
Content-Type: Text/Plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable

On Friday 22 May 2015 12:09:34 Alan McKinnon wrote:
> On 22/05/2015 12:44, Mick wrote:
> > On Friday 22 May 2015 09:38:46 Neil Bothwick wrote:
> >> On Fri, 22 May 2015 02:53:17 -0500, Dale wrote:
> >>>> So I'm the 3rd one in row to state that I haven't had any deleterious
> >>>> effects that I noticed.
> >>=20
> >> Make that 4.
> >>=20
> >>> When I first emerge a new kernel, I run make mrproper to get a good
> >>> clean start.
> >>=20
> >> There's no point in that. When you have just emerged the sources, there
> >> is nothing for mrproper to remove.
> >=20
> > So, coming back to the OP, is it advisable to ignore this message:
> No. It's in the ebuild and we assume the ebuild writer had a reason for
> putting it there. The usual reason is that upstream has said their code
> requires an option to be set.
>=20
> Where would you have gotten the idea that ignoring it is good advice?

Because the emerge did not stop to warn me about it, or require me to=20
acknowledge before proceeding.  Furthermore it tells me that bad things may=
=20
happen, but doesn't explain what kind of bad things, referring to a URL if=
=20
space does not allow.  At this stage I am guessing that chromium's sandboxi=
ng=20
mechanism is changed and it now requires a different memory allocation=20
mechanism than what I had previously configured in my kernel.  Having to=20
configure my kernel to get a browser working sounds quite intrusive so I am=
=20
worried some more.

Looking at the changelog and then at bugs referred to there, I eventually=20
arrived at CVE-2015-1252 [1] where the problem is explained:

In any case, I think that something like this should invite user input at t=
he=20
start of the ebuild, rather than at the end?  I haven't figured out yet if =
I=20
will need to reinstall chromium after I have reconfigured my kernel ... in=
=20
which case the warning should definitely come at the start of the ebuild.

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2015-1252

=2D-=20
Regards,
Mick

--nextPart1774079.K7nfB0kb7Z
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAABCAAGBQJVXyRwAAoJELAdA+zwE4YeJvAIAJvjxQ4U+HQQRv/W3ZC5awGq
i/YIxmiwu/sL82mJ/sAKC9Xew+gIkaLyiZRVagHGgZgszIunMOFJFeIT9+TWtzMT
A7WyEmdTMWzWKar7nL4r8Pgs1NHkSXuSeg4tcA4MPeNMxK7Fxo0L5xOZape8W+z6
IswZW+tKmiY/XGxN0CD/5Y0aNq2G+UK/RcX1j0oEctNUXUjayBppnpPymdmfp5bl
yX00PacvOuFkUCHx6xCLH5bkSCxGKPAJE21J31HyDgebEsyjXZMP4DIBJpWn10rO
7mMDFgPEqBXJ3wcbIwwU08IRGBawWZMRplL2pLweWyy29NyPT5ThFWiuzCQQD8g=
=oIaO
-----END PGP SIGNATURE-----

--nextPart1774079.K7nfB0kb7Z--