LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   [Slackware 14.1rc1]: Some loose ends (http://www.linuxquestions.org/questions/slackware-14/%5Bslackware-14-1rc1%5D-some-loose-ends-4175481200/)

mancha 10-17-2013 02:28 PM

[Slackware 14.1rc1]: Some loose ends
 
Hello. A few requests/suggestions I'd like to summarize before 14.1 releases:

1. Security:

a. yp-tools:
Since my name is associated with the crypt() fix, I'd like to request you re-build using my corrected patch.

b. libtiff
It seems Slackware 14.1 will stay on the 3.9.x branch. In that case I suggest upgrading to tiff 3.9.7 (which addresses CVE-2012-2088, CVE-2012-2113) and applying the following backports I've put together from upstream:

tiff-3.9.7_CVS20130502.diff (sig) addresses CVE-2012-4447, CVE-2012-4564, CVE-2013-1960, CVE-2013-1961
tiff-3.9.7_CVE-2013-4231.diff (sig) addresses CVE-2013-4231
tiff-3.9.7_CVE-2013-4232.diff (sig) addresses CVE-2013-4232
tiff-3.9.7_CVE-2013-4244.diff (sig) addresses CVE-2013-4244

2. Suggested Upgrade:

a. OpenSSH
Upgrading to 6.3p1 would be worthwhile. Aside from bug-fixes, there are some nice new features like download resumption in sftp, proxying through stdin/stdout, and time-based rekeying.

3. Optional Bug-Fixes:

a. util-linux
agetty included in util-linux 2.21.2 doesn't properly filter arrow keys. See this thread for the discussion about the wandering cursor at login and util-linux-2.21.2-fixcursor.diff for my fix.

b. bash
bash 4.2 currently has no support for multibyte characters in ansic_* functions. this means no multi-byte char suport in printf %q, command not found messages, XTRACE output, etc. This thread describes the issue noted with "command not found" and bash-4.2-widechars.diff has the fix.

--mancha

PS You might have noticed my URLs have changed. I've re-organized things into a new project: http://sf.net/projects/mancha. The old project will remain to not break existing links but will not be updated.

Chuck56 10-17-2013 11:42 PM

Quote:

Originally Posted by mancha (Post 5047635)
... It seems Slackware 14.1 will stay on the 3.9.x branch. ...

You mean kernel 3.10.16? Not sure what you mean when you say 3.9.x branch.

gmgf 10-18-2013 12:49 AM

Hi , Pat, hplip-3.13.10 has a security update also:

http://hplipopensource.com/hplip-web/release_notes.html

(fix for CVE-2013-4325:Insecure Polkit use)

Thom1b 10-18-2013 04:01 AM

Quote:

Originally Posted by Chuck56 (Post 5047868)
You mean kernel 3.10.16? Not sure what you mean when you say 3.9.x branch.

He talked about libtiff, not linux.

corvid 10-18-2013 10:37 AM

I saw that the libtiff security updates were applied to current and stable last night, but there's been no notification on the slackware-security list.

mancha 10-18-2013 03:19 PM

@Pat:

Many thanks for the yp-tools rebuild.

BTW, this is shaping into a very impressive release.

--mancha

BrZ 10-19-2013 02:44 AM

Hi mancha,

If you have some spare time, could you please have a look at CVE-2013-2924? I think the fix is here (at the very end) and here from upstream. Can we apply it to icu4c-51_2?

Thanks.

mancha 10-19-2013 03:52 AM

Hi BrZ.

Your upstream link indeed is the fix for CVE-2013-2924 and applies cleanly to Slackware 14.1rc1's icu4c 51-2.

I've placed the patch here: icu4c-51_2_CVE-2013-2924.diff (sig).

Note: this is fixed in icu4c 52-1 but an upgrade would imply some API changes.

--mancha

BrZ 10-19-2013 04:56 AM

Thanks mancha :hattip:

gmgf 10-19-2013 05:04 AM

Thanks, Pat, for hplip ;)

Paulo2 10-19-2013 01:37 PM

Quote:

Originally Posted by gmgf (Post 5047894)
Hi , Pat, hplip-3.13.10 has a security update also:

http://hplipopensource.com/hplip-web/release_notes.html

(fix for CVE-2013-4325:Insecure Polkit use)

I'm running hplip 3.13.10 since the pop-up warning, with F4280 (Deskjet all in one F4200 family) and is printing fine:)

The hplip updates always are ok, they release updates every one or two months.

volkerdi 10-19-2013 03:55 PM

Quote:

Originally Posted by Paulo2 (Post 5048705)
The hplip updates always are ok

Except for that last one that broke if systemd wasn't installed.

Paulo2 10-19-2013 04:49 PM

Quote:

Originally Posted by volkerdi (Post 5048743)
Except for that last one that broke if systemd wasn't installed.

Is systemd default on Slackware14 full install? I don't know if I have it :)
I always upgrade hplip to a new version with slackbuild so maybe this is the reason
that my hplip is working.

Stuferus 10-19-2013 05:28 PM

no slackware is still (and hopefully stays forever) sysvinit.. no systemd here.. :D

55020 10-19-2013 05:58 PM

Off topic, sorry, but did we all see this?
I would like to request CVE ids for 4 systemd issues [seclists.org]
I cried real tears :D


All times are GMT -5. The time now is 06:38 PM.