[Talk] Home Edition security updates

Important informations about SolydXK including releases notes, forum rules and other anouncements
User avatar
zerozero
Posts: 5373
Joined: 10 Feb 2013 23:37
Location: West Midlands, England
Contact:

Re: [Talk] Home Edition security updates

Postby zerozero » 09 Oct 2014 06:25

probably the best thing to do, it's uninstallable as-is anyway.
bliss of ignorance

User avatar
grizzler
Posts: 2171
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: [Talk] Home Edition security updates

Postby grizzler » 09 Oct 2014 06:49

OK. I've uploaded a remove.list.
Frank

SolydX EE 64 - tracking Debian Testing

User avatar
grizzler
Posts: 2171
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: [Talk] Home Edition security updates

Postby grizzler » 09 Oct 2014 07:11

And... That didn't work, in spite of the log claiming otherwise.

Arjen? What's up with that?
Frank

SolydX EE 64 - tracking Debian Testing

User avatar
Arjen Balfoort
Site Admin
Posts: 9282
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Re: [Talk] Home Edition security updates

Postby Arjen Balfoort » 09 Oct 2014 07:31

Going to check that...


SolydXK needs you!
Development | Testing | Translations

User avatar
Arjen Balfoort
Site Admin
Posts: 9282
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Re: [Talk] Home Edition security updates

Postby Arjen Balfoort » 09 Oct 2014 07:54

I've re-created your remove.list:

Code: Select all

dbus
dbus-1-dbg
dbus-1-doc
dbus-x11
libdbus-1-3
libdbus-1-dev
If everything goes right, it'll get processed in a couple of minutes...


SolydXK needs you!
Development | Testing | Translations

User avatar
Arjen Balfoort
Site Admin
Posts: 9282
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Re: [Talk] Home Edition security updates

Postby Arjen Balfoort » 09 Oct 2014 08:03

The files were now successfully removed.


SolydXK needs you!
Development | Testing | Translations

nuts2u
Posts: 83
Joined: 03 Nov 2013 21:07

Re: [Talk] Home Edition security updates

Postby nuts2u » 22 Oct 2014 17:49

Just an FYI The latest security patches include the following file which breaks deluge:

libssl1.0.0:amd64

I have it blacklisted in in the UP Manager and locked in Synaptic:

I've included a doc below as a reference.
Attachments
File breaks Deluge.odt
(48.03 KiB) Downloaded 69 times


Liberalism is the art of standing on your head,
then telling everyone around you that they're upside-down.

User avatar
grizzler
Posts: 2171
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: [Talk] Home Edition security updates

Postby grizzler » 22 Oct 2014 18:12

In what way exactly does it break deluge? I'm currently downloading a file from a torrent on a system with that library installed and it works like a charm.
Frank

SolydX EE 64 - tracking Debian Testing

nuts2u
Posts: 83
Joined: 03 Nov 2013 21:07

Re: [Talk] Home Edition security updates

Postby nuts2u » 22 Oct 2014 19:43

Did you restart deluge after you installed the file?


Liberalism is the art of standing on your head,
then telling everyone around you that they're upside-down.

nuts2u
Posts: 83
Joined: 03 Nov 2013 21:07

Re: [Talk] Home Edition security updates

Postby nuts2u » 22 Oct 2014 19:45

Sorry about the short reply above. Hit the submit key without thinking clearly. If you close deluge and shutdown the daemon, when deluge restarts it cannot connect to the local host at 127.0.0.1: (random port number).


Liberalism is the art of standing on your head,
then telling everyone around you that they're upside-down.

User avatar
grizzler
Posts: 2171
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: [Talk] Home Edition security updates

Postby grizzler » 22 Oct 2014 20:10

On this system the library was updated yesterday. I installed deluge (and the daemon) after your first message. I can start and stop deluge as many times as I want, it never fails.
Frank

SolydX EE 64 - tracking Debian Testing

nuts2u
Posts: 83
Joined: 03 Nov 2013 21:07

Re: [Talk] Home Edition security updates

Postby nuts2u » 22 Oct 2014 20:18

Grizzler...you running 64 bit SolydX? I'm gonna install Solydx32 bit in a vm and see if it breaks also.


Liberalism is the art of standing on your head,
then telling everyone around you that they're upside-down.

User avatar
grizzler
Posts: 2171
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: [Talk] Home Edition security updates

Postby grizzler » 22 Oct 2014 20:22

Yes, it's 64 bit.

Edit: tried it on another 64 bit SolydX (a somewhat 'cleaner' VM). No problems there either.
Frank

SolydX EE 64 - tracking Debian Testing

nuts2u
Posts: 83
Joined: 03 Nov 2013 21:07

Re: [Talk] Home Edition security updates

Postby nuts2u » 22 Oct 2014 20:39

Grizzler....this is bizarre to say the least. If I stay at libssl1.0.1i2 deluge works. If I upgrade to libssl1.0.1j2 it cannot connect. Like I said I'm going to try a 32bit SolydX and see if it breaks also.


Liberalism is the art of standing on your head,
then telling everyone around you that they're upside-down.

User avatar
grizzler
Posts: 2171
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: [Talk] Home Edition security updates

Postby grizzler » 22 Oct 2014 20:55

Just installed and tried deluge/deluged in one of the 32 bit SolydX VMs. Same result: no issues.
Frank

SolydX EE 64 - tracking Debian Testing

nuts2u
Posts: 83
Joined: 03 Nov 2013 21:07

Re: [Talk] Home Edition security updates

Postby nuts2u » 22 Oct 2014 21:24

Grizzler...I installed in a VM the Solydx 32 bit from a 102014 iso and updated it with the latest libssl1 file and deluge worked.



I'm gonna install SolydX 64 bit from iso 102014 on my production machine (I have a clonezilla backup) and see what happens. My production machine is from the 072014 iso and deluge worked up until libssl1 was updated yesterday. I do not have any exotic apps on my production box, just the normal programs and security updates.

I'll let you know the outcome shortly.


Liberalism is the art of standing on your head,
then telling everyone around you that they're upside-down.

nuts2u
Posts: 83
Joined: 03 Nov 2013 21:07

Re: [Talk] Home Edition security updates

Postby nuts2u » 23 Oct 2014 05:40

Grizzler...I'm glad to report the issue is resolved on my pc. Somehow or other in the preference menu under item "Interface" the Classic mode was unchecked. Once I checked that box and restarted deluge...it works fine with the libssl1 update in place.

I learn something everyday.


Liberalism is the art of standing on your head,
then telling everyone around you that they're upside-down.

User avatar
grizzler
Posts: 2171
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: [Talk] Home Edition security updates

Postby grizzler » 23 Oct 2014 06:07

nuts2u wrote:Grizzler...I'm glad to report the issue is resolved on my pc. Somehow or other in the preference menu under item "Interface" the Classic mode was unchecked. Once I checked that box and restarted deluge...it works fine with the libssl1 update in place.
Isn't that supposed to be unchecked if you want to use the daemon?

When I was testing things, on one occasion I started the daemon before deluge itself and then got an error message that deluge couldn't start the daemon because it was already running and that I should stop that other incarnation or use the Classic mode (i.e. apparently without the daemon).
I'd never actually used deluge before, so I'm not entirely sure about this of course, but that's what it seemed to mean anyway.
Frank

SolydX EE 64 - tracking Debian Testing

nuts2u
Posts: 83
Joined: 03 Nov 2013 21:07

Re: [Talk] Home Edition security updates

Postby nuts2u » 23 Oct 2014 13:46

Grizzler....you are correct in that unchecking the box allows the daemon to run. That was the issue I was having, in that the updated libssl1.0.1j-1 for some reason broken the connection to the daemon (deluged). I had been running it that way for a long time......but it appears that running deluge in classic mode and not installing and running the daemon works just as well.

So I'm happy that I have to load and run one less service on my pc.


Liberalism is the art of standing on your head,
then telling everyone around you that they're upside-down.

kurotsugi
Posts: 2228
Joined: 09 Jan 2014 00:17

Re: [Official Thread] Home Edition security updates

Postby kurotsugi » 03 Nov 2014 05:05

the security tracker site somehow doesn't list the security update on november. the package tracker said it has security patch:

Code: Select all

Changes:
 wget (1.16-1) unstable; urgency=medium
 .
   * new upstream release from 2014-10-27
     - "Poodle" do not use SSLv3 except explicitely requested (CVE-2014-3566)
   * debian/control: Public Suffix List cookie domain checking via libpsl
     Closes: #766780
   * debian/control: updated Standards-Version to 3.9.6 (no changes needed)
the mailing list also listed wget:

Code: Select all

[SECURITY] [DSA 3062-1] wget security update Luciano Bello
[SECURITY] [DSA 3063-1] quassel security update Luciano Bello
it might be just a problem on the security tracker site.


Return to “News & Anouncements”

Who is online

Users browsing this forum: No registered users and 2 guests