BodhiThis forum is for the discussion of Bodhi Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A security flaw in terminology has been found, CVE-2018-20167. A more complete explanation can be found in the phab report. This has been fixed upstream and I have rebuilt the deb files for BL 5.0.
I haven't had time to look into whether or not it is feasible to backport this patch to earlier versions of Bodhi linux. Note: we usually do not update prior releases of BL repos as we recommend Bodhi users to update to the latest version and simply lack manpower to focus on previous releases. But if I do find it is possible to patch terminology in BL 4.x or even 3.x, I will do so. Just give me some time.
But it is highly recommended Bodhi linux 5.0 users update terminology to the latest version.
Yet another terminology update, seems the security patch broke a key Terminology functionality: clicking on hyperlinks ceased to function. Please update again to Terminology 1.3.2.
thanks ylee. does update and dist-upgrade work to fix this issue? or is there another method to install fixed packages?
yes and yes. lol
update and upgrade is fine, you can also update and simply install terminology. If there is a new version apt-get install will install the latest version no --reinstall option needed. There are other ways but lets leave it at that.
...
I haven't had time to look into whether or not it is feasible to backport this patch to earlier versions of Bodhi linux. Note: we usually do not update prior releases of BL repos as we recommend Bodhi users to update to the latest version and simply lack manpower to focus on previous releases. But if I do find it is possible to patch terminology in BL 4.x or even 3.x, I will do so. Just give me some time.
...
Naively applying this security patch to the code for Terminology in BL 4.5, results in terminology segfaulting on certain operations. I can't use the same version I added to BL 5.0 because BL 4.5 has to old of a version of EFL. Perhaps I could debug this and fix it but I am opting to leave it as is and not update terminology in BL 4.5 for now. I am several days behind now on Bodhi related tasks and I know stefan is waiting for me to update 6 or so deb files for him. So this choice is me rationing what time I have for Bodhi related tasks.
If any Bodhi linux 4.5 users want to pick this problem up and try to solve it, go for it. Email me for more details on what I have tried and what info I have on the segfaults. Other than that I recommend BL 4.5 users to update to 5.0 if possible. If not wither use another terminal or use terminology responsibly and aware of this security bug. The latter is certainly possibly if you understand the nature of this bug.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.