LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 10-17-2013, 03:28 PM   #1
mancha
Member
 
Registered: Aug 2012
Posts: 356

Rep: Reputation: Disabled
[Slackware 14.1rc1]: Some loose ends


Hello. A few requests/suggestions I'd like to summarize before 14.1 releases:

1. Security:

a. yp-tools:
Since my name is associated with the crypt() fix, I'd like to request you re-build using my corrected patch.

b. libtiff
It seems Slackware 14.1 will stay on the 3.9.x branch. In that case I suggest upgrading to tiff 3.9.7 (which addresses CVE-2012-2088, CVE-2012-2113) and applying the following backports I've put together from upstream:

tiff-3.9.7_CVS20130502.diff (sig) addresses CVE-2012-4447, CVE-2012-4564, CVE-2013-1960, CVE-2013-1961
tiff-3.9.7_CVE-2013-4231.diff (sig) addresses CVE-2013-4231
tiff-3.9.7_CVE-2013-4232.diff (sig) addresses CVE-2013-4232
tiff-3.9.7_CVE-2013-4244.diff (sig) addresses CVE-2013-4244

2. Suggested Upgrade:

a. OpenSSH
Upgrading to 6.3p1 would be worthwhile. Aside from bug-fixes, there are some nice new features like download resumption in sftp, proxying through stdin/stdout, and time-based rekeying.

3. Optional Bug-Fixes:

a. util-linux
agetty included in util-linux 2.21.2 doesn't properly filter arrow keys. See this thread for the discussion about the wandering cursor at login and util-linux-2.21.2-fixcursor.diff for my fix.

b. bash
bash 4.2 currently has no support for multibyte characters in ansic_* functions. this means no multi-byte char suport in printf %q, command not found messages, XTRACE output, etc. This thread describes the issue noted with "command not found" and bash-4.2-widechars.diff has the fix.

--mancha

PS You might have noticed my URLs have changed. I've re-organized things into a new project: http://sf.net/projects/mancha. The old project will remain to not break existing links but will not be updated.

Last edited by mancha; 10-17-2013 at 09:15 PM.
 
Old 10-18-2013, 12:42 AM   #2
Chuck56
Member
 
Registered: Dec 2006
Location: Colorado
Distribution: Slackware
Posts: 421

Rep: Reputation: 58
Quote:
Originally Posted by mancha View Post
... It seems Slackware 14.1 will stay on the 3.9.x branch. ...
You mean kernel 3.10.16? Not sure what you mean when you say 3.9.x branch.
 
Old 10-18-2013, 01:49 AM   #3
gmgf
Member
 
Registered: Jun 2012
Location: France
Distribution: Slackware Zenwalk
Posts: 166

Rep: Reputation: Disabled
Hi , Pat, hplip-3.13.10 has a security update also:

http://hplipopensource.com/hplip-web/release_notes.html

(fix for CVE-2013-4325:Insecure Polkit use)
 
Old 10-18-2013, 05:01 AM   #4
Thom1b
Member
 
Registered: Mar 2010
Posts: 70

Rep: Reputation: 30
Quote:
Originally Posted by Chuck56 View Post
You mean kernel 3.10.16? Not sure what you mean when you say 3.9.x branch.
He talked about libtiff, not linux.
 
Old 10-18-2013, 11:37 AM   #5
corvid
LQ Newbie
 
Registered: May 2011
Distribution: Debian
Posts: 16

Rep: Reputation: Disabled
I saw that the libtiff security updates were applied to current and stable last night, but there's been no notification on the slackware-security list.
 
Old 10-18-2013, 04:19 PM   #6
mancha
Member
 
Registered: Aug 2012
Posts: 356

Original Poster
Rep: Reputation: Disabled
@Pat:

Many thanks for the yp-tools rebuild.

BTW, this is shaping into a very impressive release.

--mancha
 
Old 10-19-2013, 03:44 AM   #7
BrZ
Member
 
Registered: Apr 2009
Distribution: Slackware
Posts: 500

Rep: Reputation: 83
Hi mancha,

If you have some spare time, could you please have a look at CVE-2013-2924? I think the fix is here (at the very end) and here from upstream. Can we apply it to icu4c-51_2?

Thanks.
 
Old 10-19-2013, 04:52 AM   #8
mancha
Member
 
Registered: Aug 2012
Posts: 356

Original Poster
Rep: Reputation: Disabled
Hi BrZ.

Your upstream link indeed is the fix for CVE-2013-2924 and applies cleanly to Slackware 14.1rc1's icu4c 51-2.

I've placed the patch here: icu4c-51_2_CVE-2013-2924.diff (sig).

Note: this is fixed in icu4c 52-1 but an upgrade would imply some API changes.

--mancha
 
Old 10-19-2013, 05:56 AM   #9
BrZ
Member
 
Registered: Apr 2009
Distribution: Slackware
Posts: 500

Rep: Reputation: 83
Thanks mancha
 
Old 10-19-2013, 06:04 AM   #10
gmgf
Member
 
Registered: Jun 2012
Location: France
Distribution: Slackware Zenwalk
Posts: 166

Rep: Reputation: Disabled
Thanks, Pat, for hplip
 
Old 10-19-2013, 02:37 PM   #11
Paulo2
Member
 
Registered: Aug 2012
Distribution: Slackware current(32) (started with 13.37(32))
Posts: 146

Rep: Reputation: 30
Quote:
Originally Posted by gmgf View Post
Hi , Pat, hplip-3.13.10 has a security update also:

http://hplipopensource.com/hplip-web/release_notes.html

(fix for CVE-2013-4325:Insecure Polkit use)
I'm running hplip 3.13.10 since the pop-up warning, with F4280 (Deskjet all in one F4200 family) and is printing fine

The hplip updates always are ok, they release updates every one or two months.
 
Old 10-19-2013, 04:55 PM   #12
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 875

Rep: Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819
Quote:
Originally Posted by Paulo2 View Post
The hplip updates always are ok
Except for that last one that broke if systemd wasn't installed.
 
Old 10-19-2013, 05:49 PM   #13
Paulo2
Member
 
Registered: Aug 2012
Distribution: Slackware current(32) (started with 13.37(32))
Posts: 146

Rep: Reputation: 30
Quote:
Originally Posted by volkerdi View Post
Except for that last one that broke if systemd wasn't installed.
Is systemd default on Slackware14 full install? I don't know if I have it
I always upgrade hplip to a new version with slackbuild so maybe this is the reason
that my hplip is working.
 
Old 10-19-2013, 06:28 PM   #14
Stuferus
Member
 
Registered: Jun 2013
Location: Germany
Distribution: Slackware
Posts: 143

Rep: Reputation: Disabled
no slackware is still (and hopefully stays forever) sysvinit.. no systemd here..
 
Old 10-19-2013, 06:58 PM   #15
55020
Member
 
Registered: Sep 2009
Location: Yorks. W.R. 167397
Distribution: Slackware
Posts: 415
Blog Entries: 4

Rep: Reputation: 421Reputation: 421Reputation: 421Reputation: 421Reputation: 421
Off topic, sorry, but did we all see this?
I would like to request CVE ids for 4 systemd issues [seclists.org]
I cried real tears
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Slackware boot using kernel 3.2.45 ends up in black screen r41d3n Linux - Kernel 8 05-25-2013 08:38 PM
Attempt to get Slackware Graphical Boot working ends in Segfault. ReaperX7 Slackware 5 10-13-2012 06:34 PM
ktorrent 1.1rc1 anticuchos Linux - Newbie 3 09-11-2005 03:45 AM
Tieing up loose ends on Web Page (Critique needed) johnp General 3 05-14-2004 12:03 AM
anyone tried slack8.1rc1 gui10 Slackware 7 06-04-2002 09:29 AM


All times are GMT -5. The time now is 02:13 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration