SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Firefox ESR 24.4.0 fixes some critical vulnerabilities. I'm trying to debug a failed build as I write.
Mozilla Various
Thank you for alerting us about this. Earlier today I sent Pat an email but let me copy the information here as well.
Mozilla has released the following products:
I'll just quote the security part of the announce:
Code:
CVE-2014-0098 (cve.mitre.org)
Segfaults with truncated cookie logging.
mod_log_config: Prevent segfaults when logging truncated
cookies. Clean up the cookie logging parser to recognize
only the cookie=value pairs, not valueless cookies.
CVE-2013-6438 (cve.mitre.org)
mod_dav: Keep track of length of cdata properly when removing
leading spaces. Eliminates a potential denial of service from
specifically crafted DAV WRITE requests
Sorry for the noise if that's already in the pipe. Anyhow all users of the 2.4 branch are encouraged to upgrade.
PS Compilation went fine on my Slackware 14.0 using the SlackBuild in patches/source/httpd. I just got a warning about Lua 5.1 library not found and mod_lua was not enabled.
Caveat emptor: my Slackware 14.0 is not a clean new system and I didn't look at new options with ./configure --help
Last edited by Didier Spaier; 03-19-2014 at 04:24 PM.
...
PS If you find something interesting re: your failed build, please post it here for our benefit
I'll leave this here hoping it will be useful: in case you want to rebuild firefox >= 28.0b1 or thunderbird >= 28.0b1 you will need to explicitly add "--disable-pulseaudio" to the configure options in the -current SlackBuild or it won't build.
Quote:
Originally Posted by Didier Spaier
I just got a warning about Lua 5.1 library not found and mod_lua was not enabled.
that is optional (also the previous version does like that), so it should be ok
Thank you for alerting us about this. Earlier today I sent Pat an email but let me copy the information here as well.
Mozilla has released the following products:
Mats, thanks for bringing this up. Actually, HarfBuzz is a new and optional dependency of FreeType as of 2.5.3.
FreeType 2.5.3 will build on stock Slackware 14.1 but automatically disables HarfBuzz support when it doesn't
detect a new enough version.
However, building FreeType 2.5.3 requires a modified illadvisederror patch (see note at end), so I've amended my
recommendation for most slackers:
Solution: Rebuild Slackware 14.1 FreeType 2.5.0.1 after applying my CVE-2014-2240+CVE-2014-2241 backport fix (sig).
--mancha
Note: For those wishing to upgrade to FreeType 2.5.3:
Get my FreeType 2.5.3 illadvisederror patch (gzip it or edit the Slackbuild so it applies uncompressed)
Build FreeType 2.5.3 (1st pass with no HarfBuzz support)
Rebuild FreeType 2.5.3 (2nd pass with HarfBuzz support) [OPTIONAL STEP]
Keep in mind lots of things depend on HarfBuzz and FreeType so upgrading these two libs is done at your own risk.
Hmm AlienBOB's LibreOffice 4.2.2 package crashes upon launch with HarfBuzz 0.9.26. Reverting to HarfBuzz 0.9.16 restores functionality. Rebuilding FreeType with the backported fixes seem to be the sane thing to do right now...
curl, Firefox, httpd, nss, openssh, Seamonkey and Thunderbird have been updated according to the latest ChangeLog.
Mats
Yeah, but not for Slackware 14.0. Has support dropped so soon? Won't it compile? What happened? I thought I'd get by with it a couple more months, perhaps until the next release.
Yeah, but not for Slackware 14.0. Has support dropped so soon? Won't it compile? What happened? I thought I'd get by with it a couple more months, perhaps until the next release.
Are you sure? I can see ChangLog updates from 13.0 to -current here: http://slackware.osuosl.org/
curl and openssh are updated for 13.0 to -current only Firefox and Thunderbird are missing in 13.0 and 14.0.
Are you sure? I can see ChangLog updates from 13.0 to -current here: http://slackware.osuosl.org/
curl and openssh are updated for 13.0 to -current only Firefox and Thunderbird are missing in 13.0 and 14.0.
Mats
You're right, of course. I was referring to Firefox and Thunderbird, but was too tired to make myself clear. I just didn't get why those two weren't in the batch. Not trying to be a nagger or anything, just want to understand.
You're right, of course. I was referring to Firefox and Thunderbird, but was too tired to make myself clear. I just didn't get why those two weren't in the batch. Not trying to be a nagger or anything, just want to understand.
I don't know why Firefox 24 ESR and Thunderbird 24 won't compile on 14.0 since I haven't tested myself. Maybe it's a dependency? Can you use Seamonkey 2.25 as a workaround?
Edit:
...Apparently you'll need glibc 2.17 to compile Firefox and Thunderbird 24 or later
Last edited by mats_b_tegner; 03-31-2014 at 07:33 AM.
A vulnerability (CVE-2014-2653) was discovered in the way OpenSSH verifies SSHFP DNS resource records. Under certain
circumstances, specifically when the server provides a host certificate not recognized by the client, the client skips
SSHFP verification regardless of VerifyHostKeyDNS.
Solution: Re-build either OpenSSH 5.9 or OpenSSH 6.6 (the two versions supported by Slackware) after applying my back
ported fixes:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.