Slackware Blog

Here are the slackware-current changelog updates:

Wed Jun 18 14:42:48 CDT 2008
xap/mozilla-firefox-3.0-i686-1.tgz: Upgraded to firefox-3.0.
Congratulations to the Firefox people for the nice improvements, as well as
such an impressive number of first-day downloads. We didn’t put this
out yesterday, figuring it was better to let people download from them…

Here are the slackware-current changelog updates:

Sat Jun 14 11:14:22 CDT 2008
slackware/l/jre-6u10_beta-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard
Edition Runtime Environment Version 6.0 update 10 beta. This is a BETA
VERSION and may contain problems, but it may also fix an issue with CUPS
printing. If this fix is important to you, it may be worth giving this
package a try at your own risk. For now, -current seems like the only prudent
place for this package. Hopefully we will see official 6u10 releases soon.
extra/jdk-6/jdk-6u10_beta-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard
Edition Development Kit Version 6.0 update 10 beta. This is a BETA VERSION
but should fix a problem with CUPS printing. See above.

Here are the slackware-current changelog updates:

Tue May 27 22:12:01 CDT 2008
a/mkinitrd-1.3.2-i486-3.tgz: Initialize RAID earlier so that the combination
of RAID+LUKS+LVM works. Thanks to Eric Hameleers.
xap/rdesktop-1.6.0-i486-1.tgz: Upgraded to rdesktop-1.6.0.
According to the rdesktop ChangeLog, this contains a:
“* Fix for potential vulnerability against compromised/malicious servers
(reported by iDefense)”
This package build also includes the new alsa driver (–with-sound=alsa),
though I couldn’t get local sound redirection. Perhaps it was just my
command line error though, so the driver remains included for testing.
For more information on the security issue, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801
(* Security fix *)
extra/ktorrent/ktorrent-2.2.7-i486-1.tgz: Upgraded to ktorrent-2.2.7.

Here are the slackware-current changelog updates:

Wed May 14 17:22:14 CDT 2008
extra/slackpkg/slackpkg-2.70.4-noarch-1.tgz:
Upgraded to slackpkg 2.70.4-noarch-1. This fixes a bug where the “x86″
ARCH was not recognized in a package name, leading to the kernel-headers
package not getting properly upgraded. Thanks to Piter Punk! -

Here are the slackware-current changelog updates:

Wed May 7 16:13:31 CDT 2008
n/php-5.2.6-i486-1.tgz:
Upgraded to PHP 5.2.6.
This version of PHP contains many fixes and enhancements. Some of the fixes
are security related, and the PHP release announcement provides this list:
* Fixed possible stack buffer overflow in the FastCGI SAPI identified by
Andrei Nigmatulin.
* Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
* Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
* Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
* Properly address incomplete multibyte chars inside escapeshellcmd()
identified by Stefan Esser.
* Upgraded bundled PCRE to version 7.6
When last checked, CVE-2008-0599 was not yet open. However, additional
information should become available at this URL:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599
The list reproduced above, as well as additional information about other
fixes in PHP 5.2.6 may be found in the PHP release announcement here:
http://www.php.net/releases/5_2_6.php
xap/mozilla-thunderbird-2.0.0.14-i686-1.tgz:
Upgraded to thunderbird-2.0.0.14.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)

Here are the slackware-current changelog updates:

Thu May 1 13:36:34 CDT 2008
Slackware 12.1 is released as -stable. Again, huge thanks to everybody
who pitched in and helped with bug reports, patches, testing, suggestions,
other comments, and everything else. Without this valuable input, Slackware
would be nowhere near what it is today. Special thanks to the CREW, to the
people developing and testing for slackbuilds.org (where many of Slackware’s
future additions are first built and tested), and to everyone on
linuxquestions.org, various #slackware or ##slackware IRC channels, other
Slackware related web sites, and other places where the community shares their
needs and concerns with the team. On behalf of everyone here, thanks.
We think you’ll enjoy this new release, and hope that you’ll find it to be
much more than 0.1 better than Slackware 12.0. Have fun! -P.
extra/slackpkg/slackpkg-2.70.3-noarch-2.tgz: Updated the version in the
slackpkg script from 2.70.2 to 2.70.3.

Here are the slackware-current changelog updates:

Wed Apr 30 20:36:48 CDT 2008
12.1 RC4. We think this should be the last one.
a/kernel-generic-2.6.24.5-i486-2.tgz: Patched to fix a security issue in
fs/dnotify.c. The use of dnotify (largely replaced by inotify on 2.6.x
systems) could lead to a local DoS, or possibly a local root hole. We said
we wouldn’t make changes now unless something was “critical” — and it seems
we got what we wished for. This flaw will also be addressed in the
kernels for previous releases as soon as possible. The patch itself may be
found in source/k/linux-2.6.24.5-CVE-2008-1375-patch/.
For additional information (when the CVE candidate is opened), see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375
All the kernel packages below should also be considered security fixes.
(* Security fix *)
a/kernel-generic-smp-2.6.24.5_smp-i686-2.tgz: Patched and recompiled.
a/kernel-huge-2.6.24.5-i486-2.tgz: Patched and recompiled.
a/kernel-huge-smp-2.6.24.5_smp-i686-2.tgz: Patched and recompiled.
a/kernel-modules-2.6.24.5-i486-2.tgz: Patched and recompiled.
a/kernel-modules-smp-2.6.24.5_smp-i686-2.tgz: Patched and recompiled.
d/kernel-headers-2.6.24.5_smp-x86-2.tgz: Rebuilt from a patched source tree.
k/kernel-source-2.6.24.5_smp-noarch-2.tgz: Patched (leaving dnotify.c.orig
for comparison and/or reverting to patch up to a newer kernel later).
l/svgalib_helper-1.9.25_2.6.24.5-i486-2.tgz: Recompiled.
extra/linux-2.6.24.5-nosmp-sdk/: Updated SMP to no-SMP kernel source patch.
extra/slackpkg/slackpkg-2.70.3-noarch-1.tgz: Upgraded to
slackpkg-2.70.3-noarch-1 (release ready). Thanks to Piter Punk! - kernels/huge.s/*: Patched and recompiled.
kernels/hugesmp.s/*: Patched and recompiled.
kernels/speakup.s/*: Patched and recompiled.
isolinux/initrd.img: Rebuilt with newly compiled kernel modules.
usb-and-pxe-installers/: Rebuilt usbboot.img with newly compiled
kernel modules.

Here are the slackware-current changelog updates:

Mon Apr 28 23:43:55 CDT 2008
We’ll call this Slackware 12.1 RC3, and freeze the tree for anything that
isn’t critical. Things seem very stable, so it’s probably a good idea to
save any further upgrades and additions until -current restarts.
a/cups-1.3.7-i486-2.tgz: Applied patch str2790 to fix crash bugs in the PNG
image filter. The issues are not believed to be capable of either a DoS (at
worst, it simply crashes the filter processing the current job and does not
crash the scheduler daemon, which just moves on to the next job in the print
queue), nor arbitrary code execution (data from the image is never stored in
the affected tile array). Still, it seems to be worth fixing here just in
case. The CUPS bug report may be found here:
http://www.cups.org/str.php?L2790
ap/mysql-5.0.51b-i486-1.tgz: Upgraded to mysql-5.0.51b (which appears to be
nothing more than a version bump…)
l/imlib-1.9.15-i486-3.tgz: Patched to fix rendering issues on Intel and
possibly other graphics chipsets. Thanks to Iain Paton.
l/libmtp-0.2.6.1-i486-1.tgz: Upgraded to libmtp-0.2.6.1. The udev rules are
now sed processed during build. Thanks much to Joerg Germeroth. l/libpng-1.2.27-i486-1.tgz:
Upgraded to libpng-1.2.27.
This fixes various bugs, the most important of which have to do with the
handling of unknown chunks containing zero-length data. Processing a PNG
image that contains these could cause the application using libpng to crash
(possibly resulting in a denial of service), could potentially expose the
contents of uninitialized memory, or could cause the execution of arbitrary
code as the user running libpng (though it would probably be quite difficult
to cause the execution of attacker-chosen code). We recommend upgrading the
package as soon as possible.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.27-README.txt
(* Security fix *)
x/xf86-input-joystick-1.3.2-i486-1.tgz: Upgraded to xf86-input-joystick-1.3.2.
x/xf86-video-radeonhd-1.2.1-i486-1.tgz: Upgraded to xf86-video-radeonhd-1.2.1.
x/xf86-video-vmware-10.16.1-i486-1.tgz: Upgraded to xf86-video-vmware-10.16.1.
isolinux/initrd.img: Fixed minimum RAM amount in /etc/issue, and made some
edits to other documentation within the installer.
usb-and-pxe-installers/: In usbboot.img, fixed minimum RAM amount in
/etc/issue, and made some edits to other documentation within the installer.

Here are the slackware-current changelog updates:

Sat Apr 26 16:38:32 CDT 2008
x/pixman-0.10.0-i486-4.tgz: Restored MMX optimizations, which should fix the
issues some machines were having with slow Flash playback.
Thanks very much to Zielony for getting me to take a closer look at this.

Here are the slackware-current changelog updates:

Fri Apr 25 23:09:23 CDT 2008
kde/kdelibs-3.5.9-i486-4.tgz: Patched to fix a security problem.
From the KDE advisory: “If start_kdeinit is installed as setuid root, a
local user might be able to send unix signals to other processes, cause
a denial of service or even possibly execute arbitrary code.”
This issue affects KDE 3.5.5 through KDE 3.5.9.
We recommend upgrading to the new kdelibs package as soon as possible.
For more information, see:
http://www.kde.org/info/security/advisory-20080426-2.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1671
(* Security fix *)
extra/ktorrent/ktorrent-2.2.6-i486-1.tgz: Upgraded to ktorrent-2.2.6.
isolinux/initrd.img: Patched /sbin/probe to look for formatted swap on RAID.
usb-and-pxe-installers/: Patched /sbin/probe in usbboot.img to look for
formatted swap on RAID.