LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 09-27-2014, 12:09 PM   #16
eajam
LQ Newbie
 
Registered: Sep 2014
Posts: 5

Rep: Reputation: Disabled

Maybe I'm missing something here, but does the recent NSS package update fixes the problem with firefox when it was not compiled with the --with-system-nss option, according to its Slackbuild script. Firefox does not make use of any shared NSS shared library BTW. There is also the issue of having the vulnerable NSS share library(ies) under /usr/lib(64)/firefox-32.0/. For other apps that make use of NSS, if you don't have NSS installed, wouldn't you be toasted?
 
Old 09-27-2014, 02:58 PM   #17
moisespedro
Senior Member
 
Registered: Nov 2013
Location: Brazil
Distribution: Slackware
Posts: 1,223

Rep: Reputation: 195Reputation: 195
A bit off topic but I tried downloading all schmatzler's SlackBuilds with the following command and I can't spot what is wrong:

Code:
pedro@slack [~/SlackBuilds] $ for i in firefox gst-libav gst-plugins-bad gst-plugins-base gst-plugins good gst-plugins-ugly gstreamer do; lftp -c 'open http://schmatzler.de/my_slackbuilds/firefox-h264-mp3/SlackBuilds/; mirror $i'                                                                                       
bash: syntax error near unexpected token `lftp'
 
Old 09-27-2014, 03:05 PM   #18
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-14.2.1.2 on Lenovo Thinkpad W520
Posts: 9,238

Rep: Reputation: Disabled
Put the semicolon before the do, not after. You also miss "; done" at the end of the statement.

Last edited by Didier Spaier; 09-27-2014 at 03:06 PM.
 
1 members found this post helpful.
Old 09-27-2014, 03:06 PM   #19
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 7,914

Rep: Reputation: 6584Reputation: 6584Reputation: 6584Reputation: 6584Reputation: 6584Reputation: 6584Reputation: 6584Reputation: 6584Reputation: 6584Reputation: 6584Reputation: 6584
Quote:
Originally Posted by moisespedro View Post
A bit off topic but I tried downloading all schmatzler's SlackBuilds with the following command and I can't spot what is wrong:

Code:
pedro@slack [~/SlackBuilds] $ for i in firefox gst-libav gst-plugins-bad gst-plugins-base gst-plugins good gst-plugins-ugly gstreamer do; lftp -c 'open http://schmatzler.de/my_slackbuilds/firefox-h264-mp3/SlackBuilds/; mirror $i'                                                                                       
bash: syntax error near unexpected token `lftp'
The correct command would be, after several syntax fixes:
Code:
for i in firefox gst-libav gst-plugins-bad gst-plugins-base gst-plugins good gst-plugins-ugly gstreamer ; do lftp -c "open http://schmatzler.de/my_slackbuilds/firefox-h264-mp3/SlackBuilds/; mirror $i" ; done
Eric
 
3 members found this post helpful.
Old 09-27-2014, 03:11 PM   #20
moisespedro
Senior Member
 
Registered: Nov 2013
Location: Brazil
Distribution: Slackware
Posts: 1,223

Rep: Reputation: 195Reputation: 195
Thank you both.
 
Old 09-27-2014, 03:55 PM   #21
mancha
Member
 
Registered: Aug 2012
Posts: 484

Rep: Reputation: Disabled
Quote:
Originally Posted by eajam View Post
Maybe I'm missing something here, but does the recent NSS package update fixes the problem with firefox when it was not compiled with the --with-system-nss option...?
Unfortunately you're not missing anything; you're right. Slackware's Firefox, Seamonkey, and Thunderbird remain vulnerable to the RSA forgery
issue (CVE-2014-1568) because they use their bundled NSS libraries (read my recommendations in this post). Note: this also affects Google's
Chrome browser.

By the way, it's now being called BERserk because of the BER encoding format and because these days Western culture expects sexy names
for high-profile vulnerabilities. You can read a bit about it here.

--mancha
 
Old 09-27-2014, 05:13 PM   #22
schmatzler
Member
 
Registered: Jan 2011
Location: Germany
Distribution: Slackware64 -current + Multilib
Posts: 405

Rep: Reputation: 178Reputation: 178
Quote:
Originally Posted by moisespedro View Post
A bit off topic but I tried downloading all schmatzler's SlackBuilds with the following command
You do realize that there's a link at the top that generates a ZIP file for you? ;-)

Nevertheless, I learned something about lftp. Nice.

Last edited by schmatzler; 09-27-2014 at 05:15 PM.
 
Old 09-27-2014, 06:45 PM   #23
moisespedro
Senior Member
 
Registered: Nov 2013
Location: Brazil
Distribution: Slackware
Posts: 1,223

Rep: Reputation: 195Reputation: 195
Quote:
Originally Posted by schmatzler View Post
You do realize that there's a link at the top that generates a ZIP file for you? ;-)

Nevertheless, I learned something about lftp. Nice.
To be honest I only noticed it later
 
Old 09-27-2014, 08:53 PM   #24
eajam
LQ Newbie
 
Registered: Sep 2014
Posts: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by mancha View Post
Unfortunately you're not missing anything; you're right. Slackware's Firefox, Seamonkey, and Thunderbird remain vulnerable to the RSA forgery
issue (CVE-2014-1568)...

--mancha
I don't know then why weren't they upgraded, which is why I was asking if I had missed anything. I ended up rebuilding the Seamonkey packages, which took a while to compile, and I'm now rebuilding the other ones.
 
Old 09-28-2014, 07:03 AM   #25
eloi
Member
 
Registered: Nov 2010
Posts: 227

Rep: Reputation: 61
Some people, pretending to help, will teach you to "depend on" them. The price of their "easy" alternative, like they sell it, is you'll eventually depend on them like Windows users depend on Microsoft.

Personally I only trust in those that teach me how to solve issues on my own (take in care you'll find three, four of this kind in your life).
 
Old 09-28-2014, 07:15 AM   #26
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 7,914

Rep: Reputation: 6584Reputation: 6584Reputation: 6584Reputation: 6584Reputation: 6584Reputation: 6584Reputation: 6584Reputation: 6584Reputation: 6584Reputation: 6584Reputation: 6584
Quote:
Originally Posted by eloi View Post
Some people, pretending to help, will teach you to "depend on" them. The price of their "easy" alternative, like they sell it, is you'll eventually depend on them like Windows users depend on Microsoft.

Personally I only trust in those that teach me how to solve issues on my own (take in care you'll find three, four of this kind in your life).
How does that make sense in this thread?

Eric
 
Old 09-28-2014, 07:29 AM   #27
eloi
Member
 
Registered: Nov 2010
Posts: 227

Rep: Reputation: 61
Quote:
Originally Posted by Alien Bob View Post
How does that make sense in this thread?
Well, I don't find sense in half of what you say and do, so we're even.
 
Old 09-28-2014, 08:31 AM   #28
ruario
Senior Member
 
Registered: Jan 2011
Location: Oslo, Norway
Distribution: Slackware
Posts: 2,514

Rep: Reputation: 1644Reputation: 1644Reputation: 1644Reputation: 1644Reputation: 1644Reputation: 1644Reputation: 1644Reputation: 1644Reputation: 1644Reputation: 1644Reputation: 1644
Quote:
Originally Posted by eloi View Post
Well, I don't find sense in half of what you say and do, so we're even.
Alien bob asked a valid question. Your reply on the other hand seems to be a straight insult.
 
6 members found this post helpful.
Old 09-28-2014, 09:40 AM   #29
eajam
LQ Newbie
 
Registered: Sep 2014
Posts: 5

Rep: Reputation: Disabled
Although AlienBob is right in asking why was Elio feeling philosophical today on this forum, at the end of it all this is all silly. The question is why weren't the Mozilla packages, excluding the one for NSS, updated? I can build my own packages, thank you very much, but that's besides the point. Who knows, maybe I missed something here. But if, say, Firefox is not dynamically linked to the NSS libraries, plus makes it own set of NSS libraries available, how can the NSS package update solved the problem?

Last edited by eajam; 09-28-2014 at 09:57 AM.
 
Old 09-28-2014, 11:47 AM   #30
samyaza81
LQ Newbie
 
Registered: Sep 2014
Location: Rimini Italia
Distribution: slackware, fedora, pcbsd
Posts: 4

Rep: Reputation: Disabled
there is portable linux version ftp://ftp.mozilla.org/pub/firefox/re...-x86_64/en-GB/
or slackwae current packages http://ftp.osuosl.org/pub/slackware/...0-x86_64-1.txz
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] updating firefox zithromax Linux - Newbie 7 02-24-2012 06:34 AM
Updating FireFox RAH104 Linux - Newbie 3 06-20-2008 06:49 PM
Updating Firefox Virtuality Linux - Newbie 12 05-29-2007 04:41 AM
Help updating Firefox thort Linux - Newbie 9 06-23-2006 07:59 PM
updating firefox dark_negotiator Fedora 2 06-05-2006 01:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration