SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
For some reason that didn't work for me, I had to explicitly load the Firefox profile from the command line as above. I tested it by adding:
Code:
blacklist {HOME}/documents
to /etc/firejail/firefox.profile and it was only when supplying the profile to the firejail call that access to ~/documents was denied (by Ctrl-O and browsing to ~/documents in Firefox), but YMMV.
@drgibbon,
I think I see... I'm still learning my way around firejail. I didn't want to edit the global profiles just yet. After reading the manual pages some more, I created the $HOME/.config/firejail directory and copied the firefox.profile there. Then, to try to get a feel for what you are getting at, I added
Code:
blacklist ${HOME}/.config
I get some errors from pango about error loading config from ${HOME}/.config, and can't access ${HOME}/.config with firefox openfile. One issue that I will report to the SBo firejail maintainer is that there is a bug in the build: the sub programs (firemon,ftee,...) are hard coded at $prefix/lib/firejail/ but the SlackBuild moves it to $prefix/lib${LIBDIRSUFFIX}/firejail; breaks running all sub progs on 64 bit install, so --output logging didn't work until I edited the build script.
We might be advised to open another thread about this, if we're going to continue discussing this, so that we don't spam this thread. Unless some suggest to keep it here.
A flaw results in a ServerKeyExchange signature sent by the server not being verified to be in the acceptable client set of
algorithms. That has the effect of allowing MD5 signatures even though they're disabled by default. (GNUTLS-SA-2015-2)
A flaw when decoding crafted certificates with very long DistinguishedName (DN) entries leads to double free, which may
result to a denial of service. (GNUTLS-SA-2015-3)
Recommendation for Slackware-current: Upgrade to GnuTLS 3.3.17.1 (sig). Alternatively, one can upgrade to GnuTLS 3.4.4.1
(sig) though bear in mind moving to 3.4.x will require more work (upgrading and/or rebuilding dependencies and reverse
dependencies).
Mancha, Where does that leave users of SeaMonkey, which hasn't been updated since March? Thanks
Hi cwizardone. I'm afraid I have some bad news. SeaMonkey has several outstanding vulnerabilities and all trees are closed due
to bug #1114876. I don't recommend its usage until that's resolved.
Last edited by mancha; 08-14-2015 at 01:57 PM.
Reason: changed current recommendation 3.3 vs 3.4
I tried upgrading to gnutls-3.4.4, and got the following compilation error:
Code:
In file included from srptool-args.c:43:0:
srptool-args.h:61:3: error: #error option template version mismatches autoopts/options.h header
# error option template version mismatches autoopts/options.h header
^
srptool-args.h:62:3: error: unknown type name 'Choke'
Choke Me.
^
srptool-args.h:62:11: error: expected '=', ',', ';', 'asm' or '__attribute__' before '.' token
Choke Me.
^
srptool-args.h:80:3: warning: data definition has no type or storage class
} teOptIndex;
^
srptool-args.h:80:3: warning: type defaults to 'int' in declaration of 'teOptIndex' [-Wimplicit-int]
srptool-args.c:369:29: error: 'INDEX_OPT_VERSION' undeclared here (not in a function)
{ /* entry idx, value */ INDEX_OPT_VERSION, VALUE_OPT_VERSION,
^
srptool-args.c:383:29: error: 'INDEX_OPT_HELP' undeclared here (not in a function)
{ /* entry idx, value */ INDEX_OPT_HELP, VALUE_OPT_HELP,
^
srptool-args.c:395:29: error: 'INDEX_OPT_MORE_HELP' undeclared here (not in a function)
{ /* entry idx, value */ INDEX_OPT_MORE_HELP, VALUE_OPT_MORE_HELP,
^
srptool-args.c: In function 'doOptDebug':
srptool-args.c:495:1: warning: implicit declaration of function 'VOIDP' [-Wimplicit-function-declaration]
optionShowRange(pOptions, pOptDesc, VOIDP(rng), 1);
^
srptool-args.c:495:1: warning: nested extern declaration of 'VOIDP' [-Wnested-externs]
srptool-args.c:495:37: warning: passing argument 3 of 'optionShowRange' makes pointer from integer without a cast
optionShowRange(pOptions, pOptDesc, VOIDP(rng), 1);
^
In file included from srptool-args.h:49:0,
from srptool-args.c:43:
../src/libopts/autoopts/options.h:1225:13: note: expected 'void *' but argument is of type 'int'
extern void optionShowRange(tOptions*, tOptDesc*, void *, int);
^
srptool-args.c: At top level:
srptool-args.c:429:41: warning: suggest parentheses around arithmetic in operand of '|' [-Wparentheses]
# define OPTPROC_BASE OPTPROC_TRANSLATE | OPTPROC_NXLAT_OPT
^
srptool-args.c:536:7: note: in expansion of macro 'OPTPROC_BASE'
( OPTPROC_BASE
^
srptool-args.c: In function 'AO_gettext':
srptool-args.c:610:19: warning: cast from function call of type 'int' to non-matching type 'char *' [-Wbad-function-cast]
res = (char *)VOIDP(_(pz));
^
srptool-args.c:612:15: warning: cast from function call of type 'int' to non-matching type 'char *' [-Wbad-function-cast]
res = (char *)VOIDP(_(pz));
^
srptool-args.c: In function 'translate_option_strings':
srptool-args.c:651:23: warning: cast from function call of type 'int' to non-matching type 'char **' [-Wbad-function-cast]
char ** ppz = (char**)VOIDP(&(option_xlateable_txt));
^
srptool-args.c:661:19: warning: passing argument 1 of 'coerce_it' makes pointer from integer without a cast
coerce_it(VOIDP(&(opts->pzCopyright)));
^
srptool-args.c:630:13: note: expected 'void **' but argument is of type 'int'
static void coerce_it(void ** s) { *s = AO_gettext(*s);
^
srptool-args.c:662:19: warning: passing argument 1 of 'coerce_it' makes pointer from integer without a cast
coerce_it(VOIDP(&(opts->pzCopyNotice)));
^
srptool-args.c:630:13: note: expected 'void **' but argument is of type 'int'
static void coerce_it(void ** s) { *s = AO_gettext(*s);
^
srptool-args.c:663:19: warning: passing argument 1 of 'coerce_it' makes pointer from integer without a cast
coerce_it(VOIDP(&(opts->pzFullVersion)));
^
srptool-args.c:630:13: note: expected 'void **' but argument is of type 'int'
static void coerce_it(void ** s) { *s = AO_gettext(*s);
^
srptool-args.c:664:19: warning: passing argument 1 of 'coerce_it' makes pointer from integer without a cast
coerce_it(VOIDP(&(opts->pzUsageTitle)));
^
srptool-args.c:630:13: note: expected 'void **' but argument is of type 'int'
static void coerce_it(void ** s) { *s = AO_gettext(*s);
^
srptool-args.c:665:19: warning: passing argument 1 of 'coerce_it' makes pointer from integer without a cast
coerce_it(VOIDP(&(opts->pzExplain)));
^
srptool-args.c:630:13: note: expected 'void **' but argument is of type 'int'
static void coerce_it(void ** s) { *s = AO_gettext(*s);
^
srptool-args.c:666:19: warning: passing argument 1 of 'coerce_it' makes pointer from integer without a cast
coerce_it(VOIDP(&(opts->pzDetail)));
^
srptool-args.c:630:13: note: expected 'void **' but argument is of type 'int'
static void coerce_it(void ** s) { *s = AO_gettext(*s);
^
srptool-args.c:670:27: warning: passing argument 1 of 'coerce_it' makes pointer from integer without a cast
coerce_it(VOIDP(&(od->pzText)));
^
srptool-args.c:630:13: note: expected 'void **' but argument is of type 'int'
static void coerce_it(void ** s) { *s = AO_gettext(*s);
^
srptool-args.c: At top level:
srptool-args.c:42:0: warning: macro "OPTION_CODE_COMPILE" is not used [-Wunused-macros]
#define OPTION_CODE_COMPILE 1
^
I used Slackware64-current's SlackBuild, but apparently something has changed so that it will not compile. What do you suggest?
Mozilla recently released Firefox ESR 38.2 that addresses multiple critical vulnerabilities (CVE-2015-4473, CVE-2015-4474,
CVE-2015-4479, CVE-2015-4480, CVE-2015-4485, CVE-2015-4486, CVE-2015-4493). Additionally, several vulnerabilities rated
high and one rated moderate were fixed.
Recommendation: Slackware 14.1 should upgrade to Firefox ESR 38.2.
Note: Slackware-current is current at Firefox 40.0 (technically, the latest is 40.0.2 but that's only relevant for Windows).
a) There are two dependency packages which will also need to be upgraded to their latest versions: nettle, which is at 3.1.1, and gmp, which nettle depends on, is at 6.0.0 (rename source package to match version number, as the untarred version does *not* have 6.0.0a as the directory name).
a1) Upgrade gmp first, then nettle, then gnutls
b) All three packages (gnutls, nettle, gmp) have -compat32 counterparts, so don't forget to compile those versions as well (if you have multilib on your system, that is).
P.S. mancha, didn't mean to hijack your thread, just wanted to spare users some headaches (the upgrade made for an interesting morning to be sure!)
Last edited by 1337_powerslacker; 08-14-2015 at 08:41 AM.
Reason: Added multilib statement for clarity
P.S. mancha, didn't mean to hijack your thread, just wanted to spare users some headaches (the upgrade made for an interesting morning to be sure!)
Hi mattallmill.
Thanks for the additional details.
I should clarify my approach a bit. My primary focus is providing recommendations for the latest stable release (currently Slackware
14.1). Those recommendations are designed to be self-contained and easy-to-follow for most users as long as they're comfortable
patching/building software.
I've also chosen to provide recommendations for Slackware's development tree (Slackware-current) for the benefit of PV and advanced
users. Those recommendations assume more technical knowledge and therefore might be a bit less detailed.
--mancha
Last edited by mancha; 08-14-2015 at 09:11 AM.
Reason: tidy
I should clarify my approach a bit. My primary focus is providing recommendations for the latest stable release (currently Slackware
14.1). Those recommendations are designed to be self-contained and easy-to-follow for most users as long as they're comfortable
patching/building software.
I've also chosen to provide recommendations for Slackware's development tree (Slackware-current) for the benefit of PV and advanced
users. Those recommendations assume more technical knowledge and therefore might be a bit less detailed.
--mancha
Thanks for the clarification. I didn't know the process.
Last edited by 1337_powerslacker; 08-14-2015 at 12:40 PM.
Reason: Moved question about KDE & gnutls to new thread
Earlier in this thread there was a script quoted that finds programs that are dependent on a specified library. I do not know how accurate it is, but I have used it a number of times with success. For gnutls, this script spits out a long list of binaries that are dependent on gnutls. So I can only assume that building a new version of gnutls requires quite a bit of work when you take into consideration all dependencies.
Here is the script I use:
Code:
#!/bin/sh
if [ "$1" == "" ];
then
echo "Supply a library name please!"
exit 0
fi
for dir in /bin /sbin /usr/bin /usr/sbin; do
find "$dir" -type f -exec sh -c "file '{}' | (grep ELF >/dev/null &&
(ldd '{}' | (grep $1 >/dev/null && echo '{}')))" \;
done
Mozilla recently released Firefox ESR 38.2 that addresses multiple critical vulnerabilities (CVE-2015-4473, CVE-2015-4474,
CVE-2015-4479, CVE-2015-4480, CVE-2015-4485, CVE-2015-4486, CVE-2015-4493). Additionally, several vulnerabilities rated
high and one rated moderate were fixed.
Recommendation: Slackware 14.1 should upgrade to Firefox ESR 38.2.
Note: Slackware-current is current at Firefox 40.0 (technically, the latest is 40.0.2 but that's only relevant for Windows).
--mancha
Firefox is updated for Slackware 14.1 according to the latest ChangeLog.
Distribution: Slackware64-current with "True Multilib" and KDE4Town.
Posts: 9,096
Rep:
Quote:
Originally Posted by mancha
Update 20150814 UTC
P.S. On another note...
Hi cwizardone. I'm afraid I have some bad news. SeaMonkey has several outstanding vulnerabilities and all trees are closed due
to bug #1114876. I don't recommend its usage until that's resolved.
Mancha,
Thanks for the heads up!
Your work is greatly appreciated!
Mozilla has addressed a couple of critical-impact vulnerabilities (including one that can result in remote code execution) and
one high-impact vulnerability in Firefox.
Recommendation: Upgrade to Firefox ESR 38.2.1 or Firefox 40.0.3, asap.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
