October 30, 2014

Security Advisory: wget

wget package has been updated and rebuilt in all supported Slackware releases, back to Slackware 13.0 to fix a security vulnerability that could allow an attacker to write outside of the expected directory.

in -current branch, moc is now upgraded to 2.5.0, following a request from LQ

October 24, 2014

Security Advisories: glibc and pidgin

Patrick has released two security updates on both -stable and -current branch. The first update was pidgin and it fixed 5 security vulnerabilities. This update was applied to all -stable releases back to Slackware 13.0. They are now upgraded to Pidgin 2.10.10.

The second update was glibc. This update was only applied to Slackware 14.1 and -current and both have different version number. On 14.1, the glibc was rebuilt to include the patch that fixed several security issues (there are 9 CVEs related to this package), while in -current, Pat (finally) upgraded glibc to 2.20, a big jumping from 2.17 found in Slackware 14.1.

With these update in -current, all the core toolchain (gcc, glibc, and kernel) are set and the fun phase of -current may start in real this time. Normally, glibc was set once for a release and there won't be any changes except for minor upgrade or security fixes only because all applications will be compiled against those combination (mostly glibc and gcc).

Update: glibc were rebuilt with an updated gcc that was patched to fix bug pr61801 since it's causing some applications not working. I tested Google Chrome, but i believe many others will not run either. Google Chrome reported
setresgid: Function not implemented
Could not drop privileges: Function not implemented
Read on socketpair: Success


After updating gcc and glibc, they are working again.

October 19, 2014

MATE Roadmap Updated

Few days ago i saw a discussion on IRC saying that MATE 1.10 will be released soon. I was kinda puzzled as there were lots of item in the TODO list in MATE Roadmap for 1.10. When i checked the Roadmap again, apparently MATE developers pushed GTK+3 support again to future releases (now targetting MATE 1.12) along with other features that didn't make it into MATE 1.10 schedule.

Most of the TODO list for MATE 1.10 have been completed with only 2 left:
  • caja: Plugin system (GSOC 2014)
  • Move all documentation into mate-user-guide 
One of the reason why GTK+3 support is delayed is because they (GTK developers) introduced incompatible changes on every major releases (3.8, 3.10, 3.12, and 3.14), so it's quite hard for MATE developers to support every releases within one version number. So they came up with a decision to release separate package for mate-themes which targets different GTK+3 version, depending on which Linux distribution that are going to use MATE Desktop. You can see the branches in their Github.

Since MATE focused on incremental instead of bigbang changes, i'm hoping that the transition from MATE 1.8 to MATE 1.10 will be smooth. There will be new packages introduced and some packages gets removed. You can check the documentation i provided in Master branch of our MSB project.

There is one package that are going to be removed by upstream, but not yet included in the list of removal package in MSB and that is mate-system-tools. In my opinion, this package can still be used for MATE 1.10 unless no one is using them. Let me know and i will gladly remove it.

October 16, 2014

Poodlebleed Fixes

Slackware has released advisories to several products and i didn't write the previous one so consider this as a cumulative updates :)

The previous update was about Firefox and Thunderbird and it's only released in -current architecture. There are no ESR updates for stable releases anymore.

The second and latest advisories is about openssl which is vulnerable to multiple vulnerabilities, including the latest poodlebleed. If you are running public servers, it's highly recommended to upgrade the openssl packages as soon as possible. Use the above link to test whether your server is still vulnerable or not.

Upgrading openssl packages is not enough as your web server application (apache or nginx or any other products you use) can still fallback SSLv3, so you need to disable it manually. Here's how to do it:
  • nano /etc/httpd/extra/httpd-ssl.conf
  • Change
    SSLProtocol all -SSLv2
    into
    SSLProtocol all -SSLv2 -SSLv3
  • Restart apache
You can also force your browser to disable SSL 3.0. If you use Google Chrome, they already disable it since February. For Firefox, you need to set it manually. Open about:config and enter security.tls.version.min and change it to 1. You can check whether your user-agent is vulnerable or not by visiting this URL: https://www.ssllabs.com/ssltest/viewMyClient.html.

    October 11, 2014

    Run Winbox on Slackware

    Morning Bloggers :)
    i have a little some tutorial, but it's not strange in the ears of IT.
    if you Slackware User you'll find confused for running winbox, if you work on network engineering :)
    first step you must install packet depend on Slackware Machine
    Download this packet so that build and install

    and then Download your winbox on this:

    after Donwload allow automatic updates and install wine mono, wine gecko
    let's see my screenshot:

    I use winbox version 2.2.18, thank's
    may be usefull ;)

    October 05, 2014

    Firefox Rebuilt on x86 only

    Pat has rebuilt mozilla-firefox on current 32 bit architecture only to fix sluggishness problem reported on LQ. This problem was not found on 64 bit, so those two arch will have different build number, but it will be synced again on the next Firefox update which is very close now (it reached Beta 9 at the time this post is written).

    elilo is also upgraded to the latest version in -current.

    October 01, 2014

    Dual GPU di Slackware

    Tulisan ini adalah lanjutan dari tulisan saya sebelumnya tentang #Slackware di mesin #Dell Precision M6800. Kali ini saya ingin bercerita seputar menggunakan Hybrid Graphics milik mesin tersebut di Slackware64-current. Sebelumnya silakan pahami dulu tentang Hybrid Graphics, terutama istilah MUX dan MUXLESS di sini:

    http://xorg.freedesktop.org/wiki/RadeonFeature/#5

    Dell Precision M6800 ini termasuk ke dalam golongan Hybrid Graphics MUX-less. Ada dua adaptor grafis di dalam mesin ini, #Intel dan #AMD:

    September 29, 2014

    Another BASH Update

    Here comes another bash update to fix more security vulnerabilities. This time, a patch from Florian Weimer changes the encoding bash uses for exported functions to avoid clashes with shell variables and to avoid depending only on an environment variable's contents to determine whether or not to interpret it as a shell function. This change causes a backward incompatible break, but most of your scripts should be safe and continue to work as it is, unless you use the affected features. As always, please upgrade ASAP.

    Security Advisory: Firefox, Thunderbird, Seamonkey

    Three security advisories were released this morning for Slackware 14.0, 14.1, and current machines. Seamonkey was released for Slackware 14.0 and newer while the rest were released for 14.1 and newer. The stable releases got ESR release for Firefox, but current will always follow the latest Firefox build available from Mozilla FTP Site.

    September 27, 2014

    Bash Update for CVE-2014-7169 Fix

    Another bash update for all Slackware releases has been pushed by Patrick as the official fix is now available on BASH's FTP site. The new update should fix the CVE-2014-7169 advisory as now i get the correct result after running the same exploit code that i mentioned on the previous blog post. I suggest that you quickly apply the update for your machines as soon as possible as there has been report of many attackers utilizing this vulnerabilities in the wild. The discussion hasn't ended yet, so stay tune for further updates :)

    September 26, 2014

    Second Patch on Bash Bug

    The initial patch to fix the bash vulnerability was not fully fix the problem as Tavis Ormandy found another exploit to bash which lead to another CVE entry to be made : CVE-2014-7169. This new bug can be simply be solved by using a single line of code and it has been applied to all Slackware releases as of today, thanks to Pat quick response on this issue. Hopefully this finally fixed the bash bug.

    Anyway, i can confirmed that the patch worked for Slackware{64}-14.1 (i didn't test other version), but on my desktop -current machine, the same exploit code is still working. Can anyone confirm  this?

    Here's the safe exploit code used:

    env X='() { (a)=>\' sh -c "echo date"; cat echo
    Here's what i got in Slackware-14.1:
    sh: X: line 1: syntax error near unexpected token `='                                                                                                        
    sh: X: line 1: `'
    sh: error importing function definition for `X'
    date
    cat: echo: No such file or directory

    meanwhile this is what i got in my current machine:
    sh: X: line 1: syntax error near unexpected token `='
    sh: X: line 1: `'
    sh: error importing function definition for `X'
    Fri Sep 26 07:30:35 WIB 2014

    In -current, lxc is also upgraded to the latest version as well.

    September 25, 2014

    Two Security Advisories

    There are two security advisories released today and you are advised to upgrade as soon as possible (don't worry, it won't cause problem as in iOS 8.0.1 update yesterday).

    The first update is for bash which is known to be vulnerable due to how they handle environment variables. This bug affects many applications that uses bash scripts on their operations, namely httpd, ssh, dhclient, etc. This update is backported to all supported Slackware releases (13.0 to -current).

    The second update is mozilla-nss which fixed the RSA Signature Forgery vulnerability. This update is applied only to Slackware 14.0 and newer

    September 22, 2014

    [UPDATE] Rebuild Bleachbit on SlackBuild #Slackware

    do you know bleacbit? a little explanation for me, bleachbit is software for cache cleaner like ccleaner on Windows and Clean Master on Android.
    a slackware user become as from, i installed bleachbit on Slackware. but i see bleachbit not update, whereas bleachbit has updated to version 1.4 on SlackBuild has still 1.2 version. where the maintained? :)
    i did not make this ;)
    okay if you Slackware User and use bleachbit for cache cleaner, download source code

    after download, put bleachbit-x.x.tar.bz2 to directory where bleachbit.SlackBuild save
    and then edit bleachbit.SlackBuild, change version 1.2 to 1.4
    "PRGNAM=bleachbit
    VERSION=${VERSION:-1.4}
    BUILD=${BUILD:-1}
    TAG=${TAG:-_SBo}"


    and give permission file bleachbit.SlackBuild then build :)
    # chmod +x bleachbit-x.x.tar.bz2 && ./bleachbit-x.x.tar.bz2

    and then upgrade with this command
    # upgradepkg --install-new /tmp/bleachbit-x.x-noarch-1_SBo.tgz

    you'll now have new bleachbit version :)


    CMIIW :)

    September 18, 2014

    Three Set of KDE Packages Released

    Although KDE has released their KDE 4.14.1, KDE Framework 5, and Plasma 5 source code to public for few days, it doesn't mean that Eric Hamelers didn't notice. In fact, he has prepared the packages and release all of it at the day of the final set (Plasma) released yesterday by announcing it on his blog. Releasing it one by one is possible, but you will have to perform the update process three times, which may be inconvenience. This also gives us time to test the packages and make sure nothing is broken.

    In general, KDE 4.14.1 is a minor update, polishing KDE applications to further improve the translations and provide bug fixes. Most of the efforts are now focused on porting the applications to use Qt5, QML, Framework 5 and Plasma 5. As always, these packages are intended to be installed on top of Slackware-Current machines and please read the README (KDE 4.14.1 and KDE 5).

    The new directory for KDE5 is now changed to 5 (not 5.0.x anymore), so you might want to change the download script if you have one. Otherwise, just use the rsync an you are good to go.

    Get the packages from these mirror sites:
    Kudos to Eric Hameleers and have fun enjoying KDE 4.14.1 and Framework 5 + Plasma 5

    September 10, 2014

    Security Update: seamonkey

    After Firefox and Thunderbird gets updated, seamonkey is following with another security advisory released for Slackware 14.0, 14.1, and -current. All releases gets an update to seamonkey 2.29.

    In -current, the default stock has been raised to 3.14.18, the latest stable kernel maintained by Greg K-H. The ChangeLog is available on kernel.org's site. There has been some minor update on some packages, namely:
    • btrfs-progs: upgraded to 20140909
    • net-snmp: upgraded to 5.7.2.1
    • rdesktop: upgraded to 1.8.2 (request from LQ)

    September 08, 2014

    Install Steam on Slackware 64 bit[Stable,Current]

    setelah saya baca - baca di pos artikelnya MR.Alien :), saya tertarik untuk membuat sebuah postingan di blog saya. :)
    tapi saya lihat hanya untuk versi Slackware 32 bit saja tetapi di lihat lebih detail lagi ternyata bisa juga di install di Slackware 64 bit :)
    langkah yang pertama harus anda install adalah:
    • Pertama anda install terlebih dahulu multilib(compat-32) nya agar compatible ketika kita akan menginstall software 32 bit
    • Setelah itu anda install dulu OpenAL versi 32 bit di mesin 64 bit anda
    • lalu anda install flash player plugins versi 32 bit di mesin Slackware 64 bit anda
    • Have Fun, Arief :)

    Untuk Menginstall software di atas tersebut, silahkan klik link ini
    OpenAL
    flashplayer-plugin
    Multilib
    Nah di sana anda dapat menemukan sesuai dengan versi Slackware Anda
    Thanks ;)

    Source: Eric Hameleers

    September 07, 2014

    slackhat

    GNS3 merupakan sebuah perangkat lunak open source di bawah lisensi GNU GPL (General Public License) yang dapat digunakan untuk melakukan simulasi jaringan secara lebih real dibandingkan dengan packet tracer. Mengapa? tentu saja karena software ini memiliki fitur yang cukup lengkap, seperti tersedianya komponen router yang dapat dikonfigurasi seperti aslinya dan dapat dipilih jenisnya sesuai dengan IOS image yang digunakan. Fitur lainnya yaitu terdapat integrasi dengan software VirtualBox, sehingga kita dapat melakukan simulasi dengan menggunakan Sistem Operasi Virtual yang terinstall pada vbox sekaligus mengimplementasikannya pada suatu jaringan dengan menggunakan routing misalnya.

    GNS3 menggunakan Dynamips sebagai emulator untuk menjalankan Cisco IOS. Selain VirtualBox, GNS3 mendukung QEMU untuk menjalankan komponen Cisco ASA, PIX and IPS. GNS3 juga memiliki fitur untuk mengelola koneksi virtual sehingga dapat terhubung ke jaringan real seperti pada ethernet adapter atau NAT. 

    Setelah instalasi paket GNS3 sempat terjadi masalah pada saat test settings pada VirtualBox. Pesan error yang muncul adalah “failed to load vboxapi”. Untuk mengatasi masalah tersebut, disarankan agar menggunakan VirtualBox versi OSE. Berikut adalah paket-paket yang harus anda install, silahkan download di slackbuilds.org.

    • GNS3
    • VirtualBox OSE
    • vde2
    • xdotool

    dan jangan lupa setelah build dan instalasi, eksekusi command berikut.

    # ln -sf /usr/share/virtualbox/sdk/bindings/xpcom/python/xpcom /usr/lib/python2.7

    setelah itu lakukan reboot.

    Untuk Dynamips, download saja di http://www.gns3.net/dynamips/. Pilih versi Linux dan sesuaikan dengan arsitektur sistem operasi anda (x86 atau x64). 

    Berikut hasil test settings pada Dynamips dan VirtualBox.

    Untuk IOS image-nya silahkan cari sendiri, banyak tuh di om google :twisted:

    Selamat mencoba dan semoga berhasil … :)


    Installing PostGIS From Source on Slackware64

    PostGIS is a spatial database extender for PostgreSQL object-relational database. It adds support for geographic objects allowing location queries to be run in SQL. In effect, PostGIS “spatially enables” the PostgreSQL server, allowing it to be used as a backend spatial database for geographic information systems (GIS).

    PostGIS is a free open source project, licensed under GNU GPLv2.

    In this article, we will discuss about how to install PostGIS on Slackware64. For this purpose, we will use following materials:

    1. Slackware64 14.0
    2. PostgreSQL 9.3.5
    3. GEOS 3.4.2
    4. GDAL 1.11
    5. Proj 4.8.0
    6. JSON-C 0.11
    7. PostGIS 2.1.3

    Obtain Materials

    PostgreSQL is a DBMS which can be freely downloaded from PostgreSQL. Or download the latest version 9.35 here.

    GEOS is Geometry Engine – Open Source, a C++ post of the Java Topology Suite (JTS). To download it, go to GEOS page or download GEOS 3.4.2 from here.

    GDAL is Geospatial Data Abstraction Library. To download it, go to GDAL page or download GDAL 1.11 from here.

    PROJ4 is a cartographic projections library. To download it, go to PROJ4 page or download PROJ 4.8.0 from here.

    JSON-C is a library to read/write JSON objects in C. To downloat it, download JSON-C directly from here.

    Now, our main dish. Download PostGIS from PostGIS page, or download it directly from here.

    In the end of this section, you should have:

    1. postgresql-9.3.5.tar.bz2
    2. geos-3.4.2.tar.bz2
    3. gdal-1.11.0.tar.xz
    4. proj-4.8.0.tar.gz
    5. json-c-0.11.tar.gz
    6. postgis-2.1.3.tar.gz

    Install

    Dependency

    We will install all dependency in this order:

    1. PostgreSQL
    2. GEOS
    3. GDAL
    4. PROJ4
    5. JSON-C

    All the installation procedure will require root privilege.

    Installation of PostgreSQL has been discussed in different article. See here to read it. You can also skip it if you have already installed PostgreSQL.

    Next, install GEOS.

    tar -jxf geos-3.4.2.tar.bz2
    cd geos-3.4.2
    ./configure
    make -j4
    make install

    Next, install GDAL.

    tar -Jxf gdal-1.11.0.tar.xz
    cd gdal-1.11.0
    ./configure
    make -j4
    make install

    Next, install PROJ4.

    tar -zxf proj-4.8.0.tar.gz
    cd proj-4.8.0
    ./configure
    make -j4
    make install

    When building PROJ4, you might encounter error like this:

    jniproj.c:52:26: fatal error: org_proj4_PJ.h: No such file or directory

    To solve it, go to src directory and edit jniproj.c then change this line

    #include "org_proj4_PJ.h"

    to

    #include "org_proj4_Projections.h"

    then resume the installation.

    Next, install JSON-C. There is option to use the JSON-C from their github, but when I try it, it would break as JSON-C has removed some macro and functions. So let’s use it as is.

    tar -zxf json-c-0.11.tar.gz
    cd json-c-0.11
    ./configure
    make -j4
    make install

    Now we are ready to install PostGIS.

    PostGIS

    Installing PostGIS is straightforward.

    tar -zxf postgis-2.1.3.tar.gz
    cd postgis-2.1.3
    ./configure
    make -j4
    make install

    Installation finished. You should have PostGIS installed and ready.

    Configuration

    Enabling PostGIS

    PostGIS is an optional extension that must be enabled in each database you want to use it before you can use it. Installing the software is just the first step. And do not install it in the database called “postgres”.

    Connect to database using psql. Run the following SQL:

    -- Enable PostGIS (includes raster)
    CREATE EXTENSION postgis;
    -- Enable Topology
    CREATE EXTENSION postgis_topology;
    -- fuzzy matching needed for Tiger
    CREATE EXTENSION fuzzystrmatch;
    -- Enable US Tiger Geocoder
    CREATE EXTENSION postgis_tiger_geocoder;

    Example of Spatial SQL

    -- Create table with spatial column
    CREATE TABLE mytable ( 
      id SERIAL PRIMARY KEY,
      geom GEOMETRY(Point, 26910),
      name VARCHAR(128)
    ); 
    
    -- Add a spatial index
    CREATE INDEX mytable_gix
      ON mytable 
      USING GIST (geom); 
    
    -- Add a point
    INSERT INTO mytable (geom) VALUES (
      ST_GeomFromText('POINT(0 0)', 26910)
    );
    
    -- Query for nearby points
    SELECT id, name
    FROM mytable
    WHERE ST_DWithin(
      geom, 
      ST_GeomFromText('POINT(0 0)', 26910),
      1000
    );

    September 05, 2014

    Security Update: Firefox, Thunderbird, and PHP

    Three security advisories were released this morning. They are Firefox, Thunderbird, and PHP. PHP update is backported to Slackware 13.0, while Firefox and Thunderbird updates only applicable to Slackware 14.1 and current.

    Slackware 14.1 will use the ESR version, while current continues to move forward by using the latest version from Mozilla, which is 32 (Firefox) and 31.1.0 (Thunderbird).

    Planet Slackware-ID

    Planet Slackware-ID adalah aggregator dari situs blog para Slacker* Indonesia.
    (*Pengguna Distro Slackware)

    Silakan kirimkan e-mail ke willysr@slackware-id.org apabila blog Anda ingin disertakan pada planet ini.

    Terakhir diupdate: October 30, 2014 03:01 PM GMT.

    Google Groups
    Subscribe to id-slackware
    Email:
    Visit this group

    Subscribe