SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Maybe I'm missing something here, but does the recent NSS package update fixes the problem with firefox when it was not compiled with the --with-system-nss option, according to its Slackbuild script. Firefox does not make use of any shared NSS shared library BTW. There is also the issue of having the vulnerable NSS share library(ies) under /usr/lib(64)/firefox-32.0/. For other apps that make use of NSS, if you don't have NSS installed, wouldn't you be toasted?
A bit off topic but I tried downloading all schmatzler's SlackBuilds with the following command and I can't spot what is wrong:
Code:
pedro@slack [~/SlackBuilds] $ for i in firefox gst-libav gst-plugins-bad gst-plugins-base gst-plugins good gst-plugins-ugly gstreamer do; lftp -c 'open http://schmatzler.de/my_slackbuilds/firefox-h264-mp3/SlackBuilds/; mirror $i'
bash: syntax error near unexpected token `lftp'
The correct command would be, after several syntax fixes:
Code:
for i in firefox gst-libav gst-plugins-bad gst-plugins-base gst-plugins good gst-plugins-ugly gstreamer ; do lftp -c "open http://schmatzler.de/my_slackbuilds/firefox-h264-mp3/SlackBuilds/; mirror $i" ; done
Maybe I'm missing something here, but does the recent NSS package update fixes the problem with firefox when it was not compiled with the --with-system-nss option...?
Unfortunately you're not missing anything; you're right. Slackware's Firefox, Seamonkey, and Thunderbird remain vulnerable to the RSA forgery
issue (CVE-2014-1568) because they use their bundled NSS libraries (read my recommendations in this post). Note: this also affects Google's
Chrome browser.
By the way, it's now being called BERserk because of the BER encoding format and because these days Western culture expects sexy names
for high-profile vulnerabilities. You can read a bit about it here.
Unfortunately you're not missing anything; you're right. Slackware's Firefox, Seamonkey, and Thunderbird remain vulnerable to the RSA forgery
issue (CVE-2014-1568)...
--mancha
I don't know then why weren't they upgraded, which is why I was asking if I had missed anything. I ended up rebuilding the Seamonkey packages, which took a while to compile, and I'm now rebuilding the other ones.
Some people, pretending to help, will teach you to "depend on" them. The price of their "easy" alternative, like they sell it, is you'll eventually depend on them like Windows users depend on Microsoft.
Personally I only trust in those that teach me how to solve issues on my own (take in care you'll find three, four of this kind in your life).
Some people, pretending to help, will teach you to "depend on" them. The price of their "easy" alternative, like they sell it, is you'll eventually depend on them like Windows users depend on Microsoft.
Personally I only trust in those that teach me how to solve issues on my own (take in care you'll find three, four of this kind in your life).
Although AlienBob is right in asking why was Elio feeling philosophical today on this forum, at the end of it all this is all silly. The question is why weren't the Mozilla packages, excluding the one for NSS, updated? I can build my own packages, thank you very much, but that's besides the point. Who knows, maybe I missed something here. But if, say, Firefox is not dynamically linked to the NSS libraries, plus makes it own set of NSS libraries available, how can the NSS package update solved the problem?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.