markus reichelt | 6 Jul 14:35 2008
Picon

security: slackware patch support

Hi there,

my name is markus, and I am pissed.

I'm sure most of us know about the recent severe vulnerabilites in
firefox 2.x

And once again no official slackware patches are made available. Not
even a word about it. I could have lived with something along the
lines of "we're too busy right now, but please have a look at [this]
message for the time being - official stuff will follow", heck, even
"we're working on it."

Yes, it's vacation time but other distros cope well with that too. IF
YOU NEED HELP WITH SECURITY PATCHES AND ARE SHORT OF HANDS YOU GOTTA
TELL THE COMMUNITY, for christ's sake.

This is not the first time head honchos are slacking a bit too much
to my liking. There's stuff like this that makes me look at other
distros out there, even *BSD. I'm just too fond of loop-AES to let it
all go just yet. 

I've been a happy slackware user for years now, but stuff like this
is pushing me awfully close to the edge. So, in essence, this mess
boils down to the one question:

Is it still worth to advertise Slackware?

[this] = http://groups.google.com/group/alt.os.linux.slackware/browse_thread/thread/1250c3da9c2c36c2

(Continue reading)

NetrixTardis | 6 Jul 17:34 2008

Re: security: slackware patch support

markus reichelt wrote:
> Hi there,
> 
> my name is markus, and I am pissed.
> 
> I'm sure most of us know about the recent severe vulnerabilites in
> firefox 2.x
> 
> And once again no official slackware patches are made available. Not
> even a word about it. I could have lived with something along the
> lines of "we're too busy right now, but please have a look at [this]
> message for the time being - official stuff will follow", heck, even
> "we're working on it."
> 
> Yes, it's vacation time but other distros cope well with that too. IF
> YOU NEED HELP WITH SECURITY PATCHES AND ARE SHORT OF HANDS YOU GOTTA
> TELL THE COMMUNITY, for christ's sake.
> 

There is nothing stopping your from taking the slackbuild of the last 
firefox package, and simply editing it for the lastest version of FF2.
Willy Sudiarto Raharjo | 6 Jul 17:41 2008
Picon

Re: security: slackware patch support


>> I'm sure most of us know about the recent severe vulnerabilites in
>> firefox 2.x
>>
>> And once again no official slackware patches are made available. Not
>> even a word about it. I could have lived with something along the
>> lines of "we're too busy right now, but please have a look at [this]
>> message for the time being - official stuff will follow", heck, even
>> "we're working on it."
>>
>> Yes, it's vacation time but other distros cope well with that too. IF
>> YOU NEED HELP WITH SECURITY PATCHES AND ARE SHORT OF HANDS YOU GOTTA
>> TELL THE COMMUNITY, for christ's sake.
>>
John Crowhurst | 6 Jul 17:53 2008
Picon

Re: security: slackware patch support


On Sun, July 6, 2008 16:41, Willy Sudiarto Raharjo wrote:

>> There is nothing stopping your from taking the slackbuild of the last
>> firefox package, and simply editing it for the lastest version of FF2.
>
> Or since 12.1 is almost identical with -Current as no updates to
> toolchain (yet), you can grab the Firefox 3 packages and it will work
> :)

I think the problem isn't that the latest version of FF3 is available on
current, but the fact the latest version of FF2 or FF3 is not available on
stable.

FF2.0.0.15 fixes critical vulnerabilities in FF2.0.0.14, so supplying the
out of date version could lead the user open to attack from known security
flaws.

--

-- 
John Crowhurst
NetrixTardis | 6 Jul 18:03 2008

Re: security: slackware patch support

John Crowhurst wrote:
> On Sun, July 6, 2008 16:41, Willy Sudiarto Raharjo wrote:
> 
>>> There is nothing stopping your from taking the slackbuild of the last
>>> firefox package, and simply editing it for the lastest version of FF2.
>> Or since 12.1 is almost identical with -Current as no updates to
>> toolchain (yet), you can grab the Firefox 3 packages and it will work
>> :)
> 
> I think the problem isn't that the latest version of FF3 is available on
> current, but the fact the latest version of FF2 or FF3 is not available on
> stable.
> 
> FF2.0.0.15 fixes critical vulnerabilities in FF2.0.0.14, so supplying the
> out of date version could lead the user open to attack from known security
> flaws.
> 

So, grab from -current or take the slackbuild from -current and repack 
mozilla-firefox-2.0.0.15 for 12.1.
John Crowhurst | 6 Jul 18:12 2008
Picon

Re: security: slackware patch support


On Sun, July 6, 2008 17:03, NetrixTardis wrote:
> So, grab from -current or take the slackbuild from -current and repack
> mozilla-firefox-2.0.0.15 for 12.1.

I saw the email more as something that Patrick Volkerding and his team of
maintainers should do themselves and update the ChangeLog.txt file
accordingly.

--

-- 
John Crowhurst
Steven Saner | 7 Jul 07:31 2008

IPsec/L2TP

This is not strictly a slackware question I suppose. I am trying to set up some 
vpn software on a slackware 12.1 host for the purpose of connecting various 
clients. Particularly Mac OSX clients and possibly Win2K/XP clients as well.

I am wanting to do an IPsec tunnel with OpenSWAN, which does appear to be 
working. Then on top of that a L2TP/PPP tunnel. That is the part I'm having 
trouble with. I have been able to compile and install at least 3 different L2TP 
servers (OpenL2TPd, l2tpns, xl2tpd), but I can not seem to get them configured 
right to actually work.

I'm just wondering if anyone on this list has successfully done this and would 
be willing to share some ideas with me.

Thanks.

--

-- 
--------------------------------------------------------------------------
Steven Saner <ssaner <at> pantheranet.com>
Ottavio Caruso | 7 Jul 17:38 2008
Picon

Re: security: slackware patch support

> From: markus reichelt <ml <at> mareichelt.de>
> >
> my name is markus, and I am pissed.

In British English "pissed" means "drunk", maybe you meant "pissed off".

--

-- 
Ottavio Caruso
http://www.pledgebank.com/boycottvista
Picon

Kernel compile

Dear all,

I am a weak spirit.
Not too long (and yet too long) ago, I would use Slackware 10 or 11 -
and frequently rebuild my kernel to make it fit just right, slimming it
to fit into ye olde Slackware goodness. It was good slack.
Now, I have been somewhat derailed by fire-and-forget distributions
where one does not really modify the system. It seems unmanly, so I am
turning back to the real thing.
So there it is, a Slackware 12.1 on an IBM Thinkpad T40. I intend to
compile a 2.6.25.10 kernel - it is (very) fresh, and it features the
Ath5k driver which will make an Atheros card a genuinely good thing.
The basics: I do a menuconfig, make a bzImage, make modules and install
them. Point the bootloader in the right direction. So far, so generic.
Should I then make an rc.modules file? Or is this not necessary? Am I
forgetting something?

Thank you all,
Morten

__
http://syntaktisk.dk
Robby Workman | 13 Jul 17:03 2008
Picon

Re: Kernel compile

Morten Juhl-Johansen Zölde-Fejér wrote:
> Dear all,
> 
> I am a weak spirit.
> Not too long (and yet too long) ago, I would use Slackware 10 or 11 -
> and frequently rebuild my kernel to make it fit just right, slimming it
> to fit into ye olde Slackware goodness. It was good slack.
> Now, I have been somewhat derailed by fire-and-forget distributions
> where one does not really modify the system. It seems unmanly, so I am
> turning back to the real thing.
> So there it is, a Slackware 12.1 on an IBM Thinkpad T40. I intend to
> compile a 2.6.25.10 kernel - it is (very) fresh, and it features the
> Ath5k driver which will make an Atheros card a genuinely good thing.
> The basics: I do a menuconfig, make a bzImage, make modules and install
> them. Point the bootloader in the right direction. So far, so generic.
> Should I then make an rc.modules file? Or is this not necessary? Am I
> forgetting something?

If you look at rc.S, you'll notice that rc.modules.local (if it
exists), is used in lieu of the others.  Since you'll almost surely
want the same modules (if any) loaded with any kernel you use, you'll
probably want to copy the top section of the stock rc.modules-$version
to rc.modules.local and wipe the other files.

Chances are, you won't need any modules to be force-loaded, as udev
handles most of that automatically these days, but you still want
to update module dependencies at boot, hence the need to copy the
top section of the original into rc.modules.local.

I'm attaching a copy of my rc.modules.local to give you a better
(Continue reading)


Gmane