Slackware Blog

Here are the slackware-current changelog updates:

Wed Apr 30 20:36:48 CDT 2008
12.1 RC4. We think this should be the last one.
a/kernel-generic-2.6.24.5-i486-2.tgz: Patched to fix a security issue in
fs/dnotify.c. The use of dnotify (largely replaced by inotify on 2.6.x
systems) could lead to a local DoS, or possibly a local root hole. We said
we wouldn’t make changes now unless something was “critical” — and it seems
we got what we wished for. This flaw will also be addressed in the
kernels for previous releases as soon as possible. The patch itself may be
found in source/k/linux-2.6.24.5-CVE-2008-1375-patch/.
For additional information (when the CVE candidate is opened), see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375
All the kernel packages below should also be considered security fixes.
(* Security fix *)
a/kernel-generic-smp-2.6.24.5_smp-i686-2.tgz: Patched and recompiled.
a/kernel-huge-2.6.24.5-i486-2.tgz: Patched and recompiled.
a/kernel-huge-smp-2.6.24.5_smp-i686-2.tgz: Patched and recompiled.
a/kernel-modules-2.6.24.5-i486-2.tgz: Patched and recompiled.
a/kernel-modules-smp-2.6.24.5_smp-i686-2.tgz: Patched and recompiled.
d/kernel-headers-2.6.24.5_smp-x86-2.tgz: Rebuilt from a patched source tree.
k/kernel-source-2.6.24.5_smp-noarch-2.tgz: Patched (leaving dnotify.c.orig
for comparison and/or reverting to patch up to a newer kernel later).
l/svgalib_helper-1.9.25_2.6.24.5-i486-2.tgz: Recompiled.
extra/linux-2.6.24.5-nosmp-sdk/: Updated SMP to no-SMP kernel source patch.
extra/slackpkg/slackpkg-2.70.3-noarch-1.tgz: Upgraded to
slackpkg-2.70.3-noarch-1 (release ready). Thanks to Piter Punk! - kernels/huge.s/*: Patched and recompiled.
kernels/hugesmp.s/*: Patched and recompiled.
kernels/speakup.s/*: Patched and recompiled.
isolinux/initrd.img: Rebuilt with newly compiled kernel modules.
usb-and-pxe-installers/: Rebuilt usbboot.img with newly compiled
kernel modules.

Here are the slackware-current changelog updates:

Mon Apr 28 23:43:55 CDT 2008
We’ll call this Slackware 12.1 RC3, and freeze the tree for anything that
isn’t critical. Things seem very stable, so it’s probably a good idea to
save any further upgrades and additions until -current restarts.
a/cups-1.3.7-i486-2.tgz: Applied patch str2790 to fix crash bugs in the PNG
image filter. The issues are not believed to be capable of either a DoS (at
worst, it simply crashes the filter processing the current job and does not
crash the scheduler daemon, which just moves on to the next job in the print
queue), nor arbitrary code execution (data from the image is never stored in
the affected tile array). Still, it seems to be worth fixing here just in
case. The CUPS bug report may be found here:
http://www.cups.org/str.php?L2790
ap/mysql-5.0.51b-i486-1.tgz: Upgraded to mysql-5.0.51b (which appears to be
nothing more than a version bump…)
l/imlib-1.9.15-i486-3.tgz: Patched to fix rendering issues on Intel and
possibly other graphics chipsets. Thanks to Iain Paton.
l/libmtp-0.2.6.1-i486-1.tgz: Upgraded to libmtp-0.2.6.1. The udev rules are
now sed processed during build. Thanks much to Joerg Germeroth. l/libpng-1.2.27-i486-1.tgz:
Upgraded to libpng-1.2.27.
This fixes various bugs, the most important of which have to do with the
handling of unknown chunks containing zero-length data. Processing a PNG
image that contains these could cause the application using libpng to crash
(possibly resulting in a denial of service), could potentially expose the
contents of uninitialized memory, or could cause the execution of arbitrary
code as the user running libpng (though it would probably be quite difficult
to cause the execution of attacker-chosen code). We recommend upgrading the
package as soon as possible.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.27-README.txt
(* Security fix *)
x/xf86-input-joystick-1.3.2-i486-1.tgz: Upgraded to xf86-input-joystick-1.3.2.
x/xf86-video-radeonhd-1.2.1-i486-1.tgz: Upgraded to xf86-video-radeonhd-1.2.1.
x/xf86-video-vmware-10.16.1-i486-1.tgz: Upgraded to xf86-video-vmware-10.16.1.
isolinux/initrd.img: Fixed minimum RAM amount in /etc/issue, and made some
edits to other documentation within the installer.
usb-and-pxe-installers/: In usbboot.img, fixed minimum RAM amount in
/etc/issue, and made some edits to other documentation within the installer.

Here are the slackware-current changelog updates:

Sat Apr 26 16:38:32 CDT 2008
x/pixman-0.10.0-i486-4.tgz: Restored MMX optimizations, which should fix the
issues some machines were having with slow Flash playback.
Thanks very much to Zielony for getting me to take a closer look at this.

Here are the slackware-current changelog updates:

Fri Apr 25 23:09:23 CDT 2008
kde/kdelibs-3.5.9-i486-4.tgz: Patched to fix a security problem.
From the KDE advisory: “If start_kdeinit is installed as setuid root, a
local user might be able to send unix signals to other processes, cause
a denial of service or even possibly execute arbitrary code.”
This issue affects KDE 3.5.5 through KDE 3.5.9.
We recommend upgrading to the new kdelibs package as soon as possible.
For more information, see:
http://www.kde.org/info/security/advisory-20080426-2.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1671
(* Security fix *)
extra/ktorrent/ktorrent-2.2.6-i486-1.tgz: Upgraded to ktorrent-2.2.6.
isolinux/initrd.img: Patched /sbin/probe to look for formatted swap on RAID.
usb-and-pxe-installers/: Patched /sbin/probe in usbboot.img to look for
formatted swap on RAID.

Here are the slackware-current changelog updates:

Wed Apr 23 19:42:28 CDT 2008
Not quite yet, but it’s getting closer.
a/aaa_base-12.1.0-noarch-2.tgz: Updated the initial emails.
l/jre-6u6-i586-3.tgz: Adjusted the installation script to fix an issue causing
broken symlinks in /. Thanks to Corrado “Conraid” Franco for the report.
n/wireless-tools-29-i486-3.tgz: Increased the sleep time after bringing up an
interface to 3 seconds, since some of the new drivers need the additional
time to fully initialize. Thanks to bstrik on LQ.
extra/jdk-6/jdk-6u6-i586-3.tgz: Adjusted the installation script to fix an
issue causing broken symlinks in /.
Thanks to Corrado “Conraid” Franco for the report.
isolinux/initrd.img: Fixed (hopefully) the last remaining “12.0″ version
number (this one found in /etc/issue).
Thanks to Franck Barbenoire for spotting it.
usb-and-pxe-installers/: Fixed the “12.0″ version number in usbboot.img.
+————————–+
Mon Apr 21 16:47:32 CDT 2008
We have now reached the Slackware 12.1 RC2 milestone. We’re beyond
updating packages or fixing minor cosmetic bugs at this point (actually, we
had hoped to be past that with RC1, but there were still items in need of
attention). What we have here now has proven to be stable for our testers,
so unless some real showstoppers are found we’ll be releasing this as Slackware
12.1-final soon.
a/glibc-solibs-2.7-i486-10.tgz: Recompiled against Linux 2.6.24.5 headers.
a/glibc-zoneinfo-2.7-noarch-10.tgz: Rebuilt.
a/kernel-generic-2.6.24.5-i486-1.tgz:
Upgraded to Linux 2.6.24.5 uniprocessor generic.s (requires initrd) kernel.
a/kernel-generic-smp-2.6.24.5_smp-i686-1.tgz:
Upgraded to Linux 2.6.24.5 SMP gensmp.s (requires initrd) kernel.
a/kernel-huge-2.6.24.5-i486-1.tgz:
Upgraded to Linux 2.6.24.5 uniprocessor huge.s (full-featured) kernel.
a/kernel-huge-smp-2.6.24.5_smp-i686-1.tgz:
Upgraded to Linux 2.6.24.5 SMP hugesmp.s (full-featured) kernel.
a/kernel-modules-2.6.24.5-i486-1.tgz
Upgraded to Linux 2.6.24.5 uniprocessor kernel modules.
a/kernel-modules-smp-2.6.24.5_smp-i686-1.tgz
Upgraded to Linux 2.6.24.5 SMP kernel modules.
a/pkgtools-12.1.0-noarch-7.tgz: Removed obsolete modem setup script (any
/dev/modem symlink would be wiped out by udev anyway).
ap/lm_sensors-2.10.6-i486-1.tgz: Upgraded to lm_sensors-2.10.6.
d/kernel-headers-2.6.24.5_smp-x86-1.tgz:
Upgraded to Linux 2.6.24.5 SMP kernel headers.
a/mkinitrd-1.3.2-i486-2.tgz: Updated the version numbers in README.initrd
and manpage.
k/kernel-source-2.6.24.5_smp-noarch-1.tgz
Upgraded to Linux 2.6.24.5 SMP kernel source package.
l/glibc-2.7-i486-10.tgz: Recompiled against Linux 2.6.24.5 headers.
l/glibc-i18n-2.7-noarch-10.tgz: Rebuilt.
l/glibc-profile-2.7-i486-10.tgz: Recompiled against Linux 2.6.24.5 headers.
l/jre-6u6-i586-2.tgz: Adjusted installation directory to avoid removing files
from kdebindings. Thanks to Kris Karas for pointing out this collision.
l/svgalib_helper-1.9.25_2.6.24.5-i486-1.tgz: Recompiled for Linux 2.6.24.5.
n/mcabber-0.9.7-i486-1.tgz: Upgraded to mcabber-0.9.7.
xap/xine-lib-1.1.11.1-i686-3.tgz: Recompiled, with –without-speex (we didn’t
ship the speex library in Slackware anyway, but for reference this issue
would be CVE-2008-1686), and with –disable-nosefart (the recently reported
as insecurely demuxed NSF format).
As before in -2, this package fixes the two regressions mentioned in the
release notes for xine-lib-1.1.12:
http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655
Moving to xine-lib-1.1.12 right now doesn’t seem prudent for RC2, as the
diff between 1.1.11.1 and 1.1.12 is many thousands of lines long.
(* Security fix *)
extra/brltty/brltty-3.9-i486-1.tgz: Upgraded to brltty-3.9.
extra/jdk-6/jdk-6u6-i586-2.tgz: Adjusted installation directory to avoid
removing files from kdebindings. Thanks to Kris Karas.
isolinux/initrd.img: Replaced kernel modules with 2.6.24.5 versions.
kernels/huge.s/*: Upgraded to huge.s 2.6.24.5 kernel.
kernels/hugesmp.s/*: Upgraded to hugesmp.s 2.6.24.5 kernel.
kernels/speakup.s/*: Upgraded to speakup.s 2.6.24.5 kernel.
usb-and-pxe-installers/: Replaced kernel modules with 2.6.24.5 versions.
Thanks to Amritpal Bath for writing a new README_RAID document explaining
how to install Slackware using various RAID levels.

Here are the slackware-current changelog updates:

Fri Apr 4 22:08:08 CDT 2008
a/glibc-solibs-2.7-i486-9.tgz: Recompiled.
a/glibc-zoneinfo-2.7-noarch-9.tgz: Rebuilt.
l/glibc-2.7-i486-9.tgz: Recompiled to fix a bad sln symlink (noticed by many,
thanks).
l/glibc-i18n-2.7-noarch-9.tgz: Rebuilt.
l/glibc-profile-2.7-i486-9.tgz: Recompiled.
n/rsync-3.0.1-i486-1.tgz: Upgraded to rsync-3.0.1.
testing/packages/bash-3.2.029-i486-1.tgz: Brought up to patchlevel 029.
Last time we tried this as our main shell, it was still causing problems with
a lot of the scripts out there, but perhaps it will be tried again in the
next development cycle.

Here are the slackware-current changelog updates:

Fri Apr 4 13:47:24 CDT 2008
a/mkinitrd-1.3.2-i486-1.tgz: Patched to fix problems with previous settings
getting overwritten with a plain “mkinitrd”, and added support for non-US
keyboards. Thanks to Eric Hameleers.
d/mercurial-1.0-i486-1.tgz: Upgraded to mercurial-1.0.
l/dbus-python-0.82.4-i486-1.tgz: Added dbus-python-0.82.4, which is needed
for the correct operation of hplip. Thanks to Robby Workman.
n/openssh-5.0p1-i486-1.tgz: Upgraded to openssh-5.0p1.
This version fixes a security issue where local users could hijack forwarded
X connections. Upgrading to the new package is highly recommended.
For more information on this security issue, please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
(* Security fix *)
usb-and-pxe-installers/initrd.img. Removed. Use the initrd.img from isolinux/
as the installer images had become identical. Also see Eric Hameleers’
updated README_PXE.TXT.

Here are the slackware-current changelog updates:

Thu Apr 3 01:16:15 CDT 2008
OK, we’re going to call this Slackware 12.1-rc1, though there is still some
more minor work to do. Please help test! And if we’re missing anything major,
please let me know at volkerdi@slackware.com. Thanks. a/aaa_elflibs-12.1.0-i486-1.tgz: Updated the initial “starter” library package
to the latest versions in -current.
a/cups-1.3.7-i486-1.tgz: Upgraded to cups-1.3.7.
This version of CUPS fixes some buffer overflows in the GIF image filter
and in cgiCompileSearch. Those running CUPS servers should upgrade.
For more information on these security issues, please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373
(* Security fix *)
a/cxxlibs-6.0.9-i486-1.tgz: Upgraded to libstdc++.so.6.0.9 from gcc-4.2.3.
a/mdadm-2.6.4-i486-1.tgz: Upgraded to mdadm-2.6.4.
a/pciutils-2.2.10-i486-1.tgz: Upgraded to pciutils-2.2.10.
a/sysvinit-2.86-i486-6.tgz: Fixed the /sbin/initscript path to match the man
pages. Thanks to Michiel Broek for the patch.
ap/hplip-2.8.4-i486-1.tgz: Upgraded to hplip-2.8.4.
ap/zsh-4.3.6-i486-1.tgz: Upgraded to zsh-4.3.6. Thanks to Haakon Riiser for
alerting me to the new release.
d/gdb-6.8-i486-1.tgz: Upgraded to gdb-6.8.
l/hal-0.5.10-i486-2.tgz: Recompiled with –enable-umount-helper, which allows
non-root users to umount hotplugged devices from the command line.
Thanks to Robby Workman for the suggestion.
l/hal-info-20080317-noarch-1.tgz: Upgraded to hal-info-20080317.
n/bind-9.4.2-i486-1.tgz: Upgraded to bind-9.4.2.
n/wpa_supplicant-0.5.10-i486-1.tgz: Upgraded to wpa_supplicant-0.5.10.
x/wqy-zenhei-font-ttf-0.5.23-noarch-1.tgz: Upgraded to wqy-zenhei-0.5.23.
Thanks to Eric Hameleers for noticing the new release (only linked from the
Chinese version of the development website x/xf86-video-amd-2.7.7.7-i486-1.tgz: Removed. (see below)
x/xf86-video-geode-2.8.0-i486-1.tgz: Upgraded to xf86-video-geode-2.8.0.
This package has been renamed from xf86-video-amd to avoid confusion with
other AMD video products.
x/xf86-video-intel-2.2.1-i486-1.tgz: Reverted to xf86-video-intel-2.2.1. We
suspected that might be needed, given the version number and development
status of the newer driver we tried, but gave it a try anyway. Probably
there will be no more driver updates at this point unless bugs are reported
that newer drivers fix.
xap/pidgin-2.4.1-i486-1.tgz: Upgraded to pidgin-2.4.1.

Here are the slackware-current changelog updates:

Tue Apr 1 02:41:32 CDT 2008
a/acl-2.2.47_1-i486-1.tgz: Upgraded to acl-2.2.47_1.
a/attr-2.4.41_1-i486-1.tgz: Upgraded to attr-2.4.41_1.
a/etc-12.1-noarch-4.tgz: Give the mysql user a /bin/false “shell”.
Thanks to Noel for the suggestion.
a/lilo-22.8-i486-12.tgz: Fixed a bug where liloconfig might not properly
determine the root directory where /boot is found.
a/sysvinit-scripts-1.2-noarch-20.tgz: Fixed a bug in rescan-scsi-bus that was
exposed by the CONFIG_SCSI_MULTI_LUN kernel option (which _should_ also make
rescan-scsi-bus unneccessary). Thanks to Kem Prims for the bug report.
Keep /usr/share/mime’s mime.cache file updated.
a/util-linux-2.12r-i486-6.tgz: Removed. See below.
a/util-linux-ng-2.13.1-i486-1.tgz: Added util-linux-ng-2.13.1, which replaces
the old util-linux package. To install, either use upgradepkg with the “%”
option, or do this: installpkg util-linux-ng-2.13.1-i486-1.tgz ;
removepkg util-linux ; installpkg util-linux-ng-2.13.1-i486-1.tgz
Thanks to Robby Workman for a lot of help with this package update.
a/xfsprogs-2.9.7_1-i486-1.tgz: Upgraded to xfsprogs-2.9.7_1.
ap/alsa-utils-1.0.15-i486-3.tgz: Don’t load the mixer settings until after
the OSS modules have been loaded. Eliminate ‘awk’ usage in rc.alsa, using
sed and tr instead. Thanks to Tomas Matejicek for the patch.
ap/dmapi-2.2.8_1-i486-1.tgz: Upgraded to dmapi-2.2.8_1.
ap/man-pages-2.79-noarch-1.tgz: Upgraded to man-pages-2.79, and retained the
POSIX pthread_* man pages this time. Thanks to Rastislav Stanik.
ap/mysql-5.0.51a-i486-2.tgz: Modified /etc/rc.d/rc.mysqld’s database
installation instructions to take into consideration that the mysql user no
longer has a login shell. In addition, the admin is told to consider locking
the database server down even further (if possible) by using the
mysql_secure_installation utility. Thanks again to Noel.
ap/xfsdump-2.2.48_1-i486-1.tgz: Upgraded to xfsdump-2.2.48_1.
l/libglade-2.6.2-i486-2.tgz: Rebuilt with –libdir=/usr/lib. Without this,
libglade-2.0.la incorrectly inserts ‘/usr/local/lib’ in the .la file.
Thanks to Steve Kennedy for the bug report.
l/libgsf-1.14.8-i486-1.tgz: Upgraded to libgsf-1.14.8.
n/net-tools-1.60-i486-2.tgz: Recompiled with latest Debian patch.
n/nfs-utils-1.1.2-i486-1.tgz: Upgraded to nfs-utils-1.1.2.
n/nmap-4.60-i486-3.tgz: Fixed the build script (third time’s the charm?) to
use DESTDIR and remove the one item (useless, IMHO, within a package system)
that still can’t get DESTDIR right: uninstall_zenmap.
Thanks to Conraid and Mauro Ghisoni for walking me through this one. n/openssh-4.9p1-i486-1.tgz: Upgraded to openssh-4.9p1.
n/wget-1.11.1-i486-1.tgz: Upgraded to wget-1.11.1.
x/scim-1.4.7-i486-5.tgz: Fixed scim.desktop to have more information, and to
place the SCIM startup utility in the “Utilities” menu rather than having it
fall into “Lost & Found”. Thanks to Hon Yuen Kwun for the initial patch.
x/xf86-video-intel-2.2.99.902-i486-1.tgz:
Upgraded to xf86-video-intel-2.2.99.902.
xap/xine-lib-1.1.11.1-i686-1.tgz: Earlier versions of xine-lib suffer from an
integer overflow which may lead to a buffer overflow that could potentially
be used to gain unauthorized access to the machine if a malicious media
file is played back. File types affected this time include .flv, .mov, .rm,
.mve, .mkv, and .cak.
For more information on this security issue, please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482
(* Security fix *)
isolinux/initrd.img: Patched to have /etc/fstab mount /dev/shm.
Updated XFS utilities.
usb-and-pxe-installers/: Patched to have /etc/fstab mount /dev/shm.
Updated XFS utilities.