Main menu:

Sponsoring

Please consider a small donation:

 

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 253 other subscribers

My Favourites

Slackware

Calendar

December 2016
M T W T F S S
« Nov    
 1234
567891011
12131415161718
19202122232425
262728293031  

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

RSS Slackware64-current

Meta

Another glibc multilib update

Barely a week has passed, and we have yet another local root hole in glibc that needed patching. The Slackware ChangeLog said it like this:

a/glibc-solibs-2.12.1-x86_64-3.txz: Rebuilt.
Patched “The GNU C library dynamic linker will dlopen arbitrary DSOs
during setuid loads.” This security issue allows a local attacker to
gain root by specifying an unsafe DSO in the library search path to be
used with a setuid binary in LD_AUDIT mode.
Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
http://seclists.org/fulldisclosure/2010/Oct/344
(* Security fix *)

Of course, I was out of town for a few days when this happened, so it took a little longer to build updated multilib versions for glibc.

But… they are available now for your 64-bit Slackware 13.0, 13.1 and -current. Grab them here: http://slackware.com/~alien/multilib/. If you need guidance, read the README or better even, check out the Wiki page on Slackware multilib.

I hope this is the last hole for a while, it sucks having to rebuild all of this.

Mirrors: http://taper.alienbase.nl/mirrors/people/alien/multilib/ and http://slackware.org.uk/people/alien/multilib/.

Eric

Comments

Comment from Nick Blizzard
Posted: October 30, 2010 at 00:18

Installed in 64-current with no issues. Thanks Eric.

Comment from mickski56
Posted: October 30, 2010 at 00:58

Good in 64_13.0. Thanks for maintaining this.

Comment from Igor
Posted: October 30, 2010 at 03:14

thanks for update multilib Eric.
done by:
./update-multilib.sh
upgradepkg *{,/*}.t?z
(debug)

Comment from Ken Shotswell
Posted: October 31, 2010 at 01:37

Eric,

Since the libwebkit-1.0.so.2.17.7 update I can no longer get the handbrake package to run. When you have a spare minute can you rebuild handbrake toy work with the new version of webkit?

Comment from alienbob
Posted: October 31, 2010 at 14:42

@Ken:
I have no problems running handbrake here. Do you see any errors when running the command “ghb” from the commandline?

Eric

Comment from Ken Shotswell
Posted: October 31, 2010 at 17:40

Eric,,

This is what I’m getting:

shotsy ~/Desktop $ ghb
ghb: error while loading shared libraries: libwebkit-1.0.so.2: cannot open shared object file: No such file or directory

when I run locate libwebkit I get this output:

/usr/lib/libwebkit-1.0.so.2.17.7
/usr/lib/libwebkit-1.0.la
/usr/lib/libwebkit-1.0.so.2
/usr/lib/libwebkit-1.0.so

and the ls -la

shotsy /usr/lib $ ls -la libwebkit*
-rwxr-xr-x 1 root root 2912 2010-10-15 18:05 libwebkit-1.0.la*
lrwxrwxrwx 1 root root 23 2010-10-16 07:41 libwebkit-1.0.so -> libwebkit-1.0.so.2.17.7*
lrwxrwxrwx 1 root root 23 2010-10-16 07:41 libwebkit-1.0.so.2 -> libwebkit-1.0.so.2.17.7*
-rwxr-xr-x 1 root root 14892688 2010-10-15 18:05 libwebkit-1.0.so.2.17.7*

Thanks for your help!

Ken

Comment from Ken Shotswell
Posted: October 31, 2010 at 18:02

Eric,

I figured it out, looks like I picked up some packages from somewhere else. I had to re download and apply

webkitgtk, icu4c, and lib soup from http://connie.slackware.com/~alien/slackbuilds/

now locate libwebkit returns:

shotsy /usr/lib $ locate libwebkit
/usr/lib64/libwebkit-1.0.la
/usr/lib64/libwebkit-1.0.so.2.17.7
/usr/lib64/libwebkit-1.0.so.2
/usr/lib64/libwebkit-1.0.so

Where I got the offending packages is beyond me, these are the repositories I have configure for slaptget:

SOURCE=http://slackware.mirrors.tds.net/pub/slackware/slackware64-current/
SOURCE=http://slackware.org.uk/people/alien/restricted_slackbuilds/
SOURCE=http://connie.slackware.com/~alien/slackbuilds/

# Sources for the testing, extra, and pasture areas – if you use them.
# SOURCE=ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/extra/:PREFERRED
# SOURCE=ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/testing/
# SOURCE=ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/pasture/
SOURCE=http://slackware.mirrors.tds.net/pub/slackware/slackware64-current/extra
SOURCE=http://taper.alienbase.nl/mirrors/slackware/slackware64-current/testing

and all is running again, Thanks

Ken

Write a comment