Archive for the ‘technical’ Category:

Security update for Shellshock

In the past 24 hours, a security vulnerability has been discovered in a shell interpreter that Raspbmc ships and uses, called Bash. This vulnerability allows command injection which could lead to remote code execution. The risk of your system being exploited is minimal, but it is better to be safe than sorry. I’m currently on vacation, but I got a little time to push this fix.

This fix resolves CVE 2014-6271. There is still another, less severe vulnerability, but a patch has not been issued by Red Hat yet. As soon as it is, I will include this as well.

To get the fix for this vulnerability, please reboot your device. If you have updates on, you will want to turn these on.

If you’d like to check you’re all patched, up you can do so via SSH:

env x='() { :;}; echo This Raspbmc device is vulnerable'  bash -c "echo Testing vulnerability"

If your system is secure, the message ‘This Raspbmc device is vulnerable will not be printed’

Raspbmc’s July update

Raspbmc’s July update brings the following:

  • Fix an issue with the installer on new Model B+ Pis
  • Improve performance for Raspberry Pis with 256MB RAM
    • Default to 720p resolution by default
    • Better buffer handling for these Pis
    • Reserve less memory for kernel
    • Use larger swap file
    • Reserve less memory for GPU
  • Fix a race condition which can occur when loading HiFiBerry and iqAudio sound card modules
  • Improvements to buffer handling
  • Fix for an issue where playing audio can cause the device to reboot
  • Add option for Model B+ devices to boost USB current in Raspbmc Settings (this is useful if you wish to power an external hard drive).
  • Performance improvements by reducing XBMC binary size

OSMC, (Raspbmc’s successor) is well under way. You may have seen that the first test builds are now available here, and the new logo and website are up in an early form. I’ll be taking the success of Raspbmc and bringing it to other platforms, such as CuBox-i, Intel NUC, Hummingboard and various other platforms.

XBMC 13.2 is just around the corner and when that goes final, I’ll have it ready.

To get the update, all you need to do is reboot your Raspberry Pi. If you’re running an XBMC nightly, be sure to switch to ‘xbmc release’ in Raspbmc Settings to get back on the stable build

If you enjoy Raspbmc, and this update, and would like to support continued development (there’s a lot of costs to cover with the OSMC project), you can make a donation here.

Enjoy!

New Raspberry Pi Models

Today, the Raspberry Pi Foundation has announced the Model B+ version of the Raspberry Pi. I thought I’d take a moment to explain the changes to users so they understand what’s new.

  • These new Pis still use the same system on chip (BCM2835) and have the same amount of memory, so there’s no need to upgrade for performance improvements.
  • The devices now feature four USB ports. This is potentially useful if you plug in a lot of devices
  • Improved quality sound out of the analog jack
  • Reduced power consumption (up to 1W), which is just under a third of the Pi’s total power consumption
  • Additional GPIO pins which promises more connectivity
  • micro-SD connectivity instead of a regular sized SD card.

It should be noted however that Raspbmc isn’t abandoning support for 256MB Pis (Model A or B), in the next update (which will arrive shortly), there will be some improvements to the way Gotham runs on the Pi, which is especially beneficial to the limited amount of memory on 256Mb Pis.

Raspbmc should run straight away on these new models, as changes needed to support the hardware were made well in advance.

Thanks

Sam