Slackware 12.1 ChangeLog :: Wed May 14 17:22:14 CDT 2008

Here are the slackware-current changelog updates:

Wed May 14 17:22:14 CDT 2008
extra/slackpkg/slackpkg-2.70.4-noarch-1.tgz:
Upgraded to slackpkg 2.70.4-noarch-1. This fixes a bug where the “x86”
ARCH was not recognized in a package name, leading to the kernel-headers
package not getting properly upgraded. Thanks to Piter Punk! -:)

Advertisements
Posted in ChangeLogs, Slackware | 1 Comment

Slackware 12.1 ChangeLog :: Wed May 7 16:13:31 CDT 2008

Here are the slackware-current changelog updates:

Wed May 7 16:13:31 CDT 2008
n/php-5.2.6-i486-1.tgz:
Upgraded to PHP 5.2.6.
This version of PHP contains many fixes and enhancements. Some of the fixes
are security related, and the PHP release announcement provides this list:
* Fixed possible stack buffer overflow in the FastCGI SAPI identified by
Andrei Nigmatulin.
* Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
* Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
* Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
* Properly address incomplete multibyte chars inside escapeshellcmd()
identified by Stefan Esser.
* Upgraded bundled PCRE to version 7.6
When last checked, CVE-2008-0599 was not yet open. However, additional
information should become available at this URL:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599
The list reproduced above, as well as additional information about other
fixes in PHP 5.2.6 may be found in the PHP release announcement here:
http://www.php.net/releases/5_2_6.php
xap/mozilla-thunderbird-2.0.0.14-i686-1.tgz:
Upgraded to thunderbird-2.0.0.14.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)

Posted in ChangeLogs, Slackware | 1 Comment

Slackware 12.1 ChangeLog :: Thu May 1 13:36:34 CDT 2008

Here are the slackware-current changelog updates:

Thu May 1 13:36:34 CDT 2008
Slackware 12.1 is released as -stable. 🙂 Again, huge thanks to everybody
who pitched in and helped with bug reports, patches, testing, suggestions,
other comments, and everything else. Without this valuable input, Slackware
would be nowhere near what it is today. Special thanks to the CREW, to the
people developing and testing for slackbuilds.org (where many of Slackware’s
future additions are first built and tested), and to everyone on
linuxquestions.org, various #slackware or ##slackware IRC channels, other
Slackware related web sites, and other places where the community shares their
needs and concerns with the team. On behalf of everyone here, thanks.
We think you’ll enjoy this new release, and hope that you’ll find it to be
much more than 0.1 better than Slackware 12.0. 😉
Have fun! -P.
extra/slackpkg/slackpkg-2.70.3-noarch-2.tgz: Updated the version in the
slackpkg script from 2.70.2 to 2.70.3.

Posted in ChangeLogs, Slackware | 1 Comment

Slack 12.1 out

After 4 release candidates, Slackware 12.1 is finally out.

Posted in Slackware | Leave a comment

Slackware 12.1 ChangeLog :: Wed Apr 30 20:36:48 CDT 2008

Here are the slackware-current changelog updates:

Wed Apr 30 20:36:48 CDT 2008
12.1 RC4. We think this should be the last one.
a/kernel-generic-2.6.24.5-i486-2.tgz: Patched to fix a security issue in
fs/dnotify.c. The use of dnotify (largely replaced by inotify on 2.6.x
systems) could lead to a local DoS, or possibly a local root hole. We said
we wouldn’t make changes now unless something was “critical” — and it seems
we got what we wished for. 😉 This flaw will also be addressed in the
kernels for previous releases as soon as possible. The patch itself may be
found in source/k/linux-2.6.24.5-CVE-2008-1375-patch/.
For additional information (when the CVE candidate is opened), see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375
All the kernel packages below should also be considered security fixes.
(* Security fix *)
a/kernel-generic-smp-2.6.24.5_smp-i686-2.tgz: Patched and recompiled.
a/kernel-huge-2.6.24.5-i486-2.tgz: Patched and recompiled.
a/kernel-huge-smp-2.6.24.5_smp-i686-2.tgz: Patched and recompiled.
a/kernel-modules-2.6.24.5-i486-2.tgz: Patched and recompiled.
a/kernel-modules-smp-2.6.24.5_smp-i686-2.tgz: Patched and recompiled.
d/kernel-headers-2.6.24.5_smp-x86-2.tgz: Rebuilt from a patched source tree.
k/kernel-source-2.6.24.5_smp-noarch-2.tgz: Patched (leaving dnotify.c.orig
for comparison and/or reverting to patch up to a newer kernel later).
l/svgalib_helper-1.9.25_2.6.24.5-i486-2.tgz: Recompiled.
extra/linux-2.6.24.5-nosmp-sdk/: Updated SMP to no-SMP kernel source patch.
extra/slackpkg/slackpkg-2.70.3-noarch-1.tgz: Upgraded to
slackpkg-2.70.3-noarch-1 (release ready). Thanks to Piter Punk! -:)
kernels/huge.s/*: Patched and recompiled.
kernels/hugesmp.s/*: Patched and recompiled.
kernels/speakup.s/*: Patched and recompiled.
isolinux/initrd.img: Rebuilt with newly compiled kernel modules.
usb-and-pxe-installers/: Rebuilt usbboot.img with newly compiled
kernel modules.

Posted in ChangeLogs, Slackware | Leave a comment

Slackware 12.1 ChangeLog :: Mon Apr 28 23:43:55 CDT 2008

Here are the slackware-current changelog updates:

Mon Apr 28 23:43:55 CDT 2008
We’ll call this Slackware 12.1 RC3, and freeze the tree for anything that
isn’t critical. Things seem very stable, so it’s probably a good idea to
save any further upgrades and additions until -current restarts.
a/cups-1.3.7-i486-2.tgz: Applied patch str2790 to fix crash bugs in the PNG
image filter. The issues are not believed to be capable of either a DoS (at
worst, it simply crashes the filter processing the current job and does not
crash the scheduler daemon, which just moves on to the next job in the print
queue), nor arbitrary code execution (data from the image is never stored in
the affected tile array). Still, it seems to be worth fixing here just in
case. The CUPS bug report may be found here:
http://www.cups.org/str.php?L2790
ap/mysql-5.0.51b-i486-1.tgz: Upgraded to mysql-5.0.51b (which appears to be
nothing more than a version bump…)
l/imlib-1.9.15-i486-3.tgz: Patched to fix rendering issues on Intel and
possibly other graphics chipsets. Thanks to Iain Paton.
l/libmtp-0.2.6.1-i486-1.tgz: Upgraded to libmtp-0.2.6.1. The udev rules are
now sed processed during build. Thanks much to Joerg Germeroth. 🙂
l/libpng-1.2.27-i486-1.tgz:
Upgraded to libpng-1.2.27.
This fixes various bugs, the most important of which have to do with the
handling of unknown chunks containing zero-length data. Processing a PNG
image that contains these could cause the application using libpng to crash
(possibly resulting in a denial of service), could potentially expose the
contents of uninitialized memory, or could cause the execution of arbitrary
code as the user running libpng (though it would probably be quite difficult
to cause the execution of attacker-chosen code). We recommend upgrading the
package as soon as possible.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.27-README.txt
(* Security fix *)
x/xf86-input-joystick-1.3.2-i486-1.tgz: Upgraded to xf86-input-joystick-1.3.2.
x/xf86-video-radeonhd-1.2.1-i486-1.tgz: Upgraded to xf86-video-radeonhd-1.2.1.
x/xf86-video-vmware-10.16.1-i486-1.tgz: Upgraded to xf86-video-vmware-10.16.1.
isolinux/initrd.img: Fixed minimum RAM amount in /etc/issue, and made some
edits to other documentation within the installer.
usb-and-pxe-installers/: In usbboot.img, fixed minimum RAM amount in
/etc/issue, and made some edits to other documentation within the installer.

Posted in ChangeLogs, Slackware | 1 Comment

Slackware 12.1 ChangeLog :: Sat Apr 26 16:38:32 CDT 2008

Here are the slackware-current changelog updates:

Sat Apr 26 16:38:32 CDT 2008
x/pixman-0.10.0-i486-4.tgz: Restored MMX optimizations, which should fix the
issues some machines were having with slow Flash playback.
Thanks very much to Zielony for getting me to take a closer look at this. 🙂

Posted in ChangeLogs, Slackware | 1 Comment