./nfo/linux/slackware/slackware-11.0.changelog.inc
Slackware-11.0 ChangeLog Tue, 23 Apr 2024 14:28:50 +0200
slackware.no
Wed Jul 25 02:02:40 UTC 2012
patches/packages/libpng-1.2.50-i486-1_slack11.0.tgz: Upgraded.
Fixed incorrect type (int copy should be png_size_t copy) in png_inflate()
(fixes CVE-2011-3045).
Revised png_set_text_2() to avoid potential memory corruption (fixes
CVE-2011-3048).
Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386
(* Security fix *)
+--------------------------+
Wed Jul 18 05:35:26 UTC 2012
patches/packages/libexif-0.6.21-i486-1_slack11.0.tgz: Upgraded.
This update fixes a number of remotely exploitable issues in libexif
with effects ranging from information leakage to potential remote
code execution.
For more information, see:
http://sourceforge.net/mailarchive/message.php?msg_id=29534027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2845
(* Security fix *)
+--------------------------+
Mon Jun 25 02:32:37 UTC 2012
patches/packages/freetype-2.4.10-i486-1_slack11.0.tgz: Upgraded.
Since freetype-2.4.8 many fixes were made to better handle invalid fonts.
Many of them are vulnerabilities (see CVE-2012-1126 up to CVE-2012-1144
and SA48320) so all users should upgrade.
(* Security fix *)
+--------------------------+
Thu Jun 14 05:02:39 UTC 2012
####################################################################
# NOTICE OF INPENDING EOL (END OF LIFE) FOR OLD SLACKWARE VERSIONS #
# #
# Effective August 1, 2012, security patches will no longer be #
# provided for the following versions of Slackware (which will all #
# be more than 5 years old at that time): #
# Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0. #
# If you are still running these versions you should consider #
# migrating to a newer version (preferably as recent as possible). #
# Alternately, you may make arrangements to handle your own #
# security patches. If for some reason you are unable to upgrade #
# or handle your own security patches, limited security support #
# may be available for a fee. Inquire at security@slackware.com. #
####################################################################
patches/packages/bind-9.7.6_P1-i486-1_slack11.0.tgz: Upgraded.
This release fixes an issue that could crash BIND, leading to a denial of
service. It also fixes the so-called "ghost names attack" whereby a
remote attacker may trigger continued resolvability of revoked domain names.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
IMPORTANT NOTE: This is a upgraded version of BIND, _not_ a patched one.
It is likely to be more strict about the correctness of configuration files.
Care should be taken about deploying this upgrade on production servers to
avoid an unintended interruption of service.
(* Security fix *)
+--------------------------+
Wed May 23 00:14:52 UTC 2012
patches/packages/libxml2-2.6.32-i486-2_slack11.0.tgz: Upgraded.
Patched an off-by-one error in XPointer that could lead to a crash or
possibly the execution of arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
(* Security fix *)
+--------------------------+
Sat May 19 19:03:37 UTC 2012
patches/packages/openssl-0.9.8x-i486-1_slack11.0.tgz: Upgraded.
This is a very minor security fix:
o Fix DTLS record length checking bug CVE-2012-2333
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333
(* Security fix *)
patches/packages/openssl-solibs-0.9.8x-i486-1_slack11.0.tgz: Upgraded.
This is a very minor security fix:
o Fix DTLS record length checking bug CVE-2012-2333
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333
(* Security fix *)
+--------------------------+
Fri Apr 27 01:07:23 UTC 2012
patches/packages/openssl-0.9.8w-i486-1_slack11.0.tgz: Upgraded.
Fixes some potentially exploitable buffer overflows.
Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
(* Security fix *)
patches/packages/openssl-solibs-0.9.8w-i486-1_slack11.0.tgz: Upgraded.
Fixes some potentially exploitable buffer overflows.
Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
(* Security fix *)
+--------------------------+
Mon Apr 23 18:18:31 UTC 2012
patches/packages/openssl-0.9.8v-i486-1_slack11.0.tgz: Upgraded.
Fixes some potentially exploitable buffer overflows.
Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
(* Security fix *)
patches/packages/openssl-solibs-0.9.8v-i486-1_slack11.0.tgz: Upgraded.
Fixes some potentially exploitable buffer overflows.
Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
(* Security fix *)
+--------------------------+
Wed Apr 11 17:16:32 UTC 2012
patches/packages/samba-3.0.37-i486-5_slack11.0.tgz: Rebuilt.
This is a security release in order to address a vulnerability that allows
remote code execution as the "root" user. All sites running a Samba
server should update to the new Samba package and restart Samba.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182
(* Security fix *)
+--------------------------+
Sat Apr 7 21:48:42 UTC 2012
patches/packages/libtiff-3.8.2-i486-5_slack11.0.tgz: Rebuilt.
Patched overflows that could lead to arbitrary code execution when parsing
a malformed image file.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1173
(* Security fix *)
+--------------------------+
Wed Feb 22 18:14:58 UTC 2012
patches/packages/libpng-1.2.47-i486-1_slack11.0.tgz: Upgraded.
All branches of libpng prior to versions 1.5.9, 1.4.9, 1.2.47, and 1.0.57,
respectively, fail to correctly validate a heap allocation in
png_decompress_chunk(), which can lead to a buffer-overrun and the
possibility of execution of hostile code on 32-bit systems.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026
(* Security fix *)
+--------------------------+
Wed Feb 8 01:21:42 UTC 2012
patches/packages/proftpd-1.3.4a-i486-1_slack11.0.tgz: Upgraded.
This update fixes a use-after-free() memory corruption error,
and possibly other unspecified issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130
(* Security fix *)
patches/packages/vsftpd-2.3.5-i486-1_slack11.0.tgz: Upgraded.
Minor version bump, this also works around a hard to trigger heap overflow
in glibc (glibc zoneinfo caching vuln). For there to be any possibility
to trigger the glibc bug within vsftpd, the non-default option
"chroot_local_user" must be set in /etc/vsftpd.conf.
Considered 1) low severity (hard to exploit) and 2) not a vsftpd bug :-)
Nevertheless:
(* Security fix *)
+--------------------------+
Wed Feb 1 23:14:56 UTC 2012
patches/packages/freetype-2.4.8-i486-1_slack11.0.tgz: Upgraded.
Some vulnerabilities in handling CID-keyed PostScript fonts have
been fixed.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3439
(* Security fix *)
patches/packages/openssl-0.9.8t-i486-1_slack11.0.tgz: Upgraded.
This fixes a bug where DTLS applications were not properly supported. This
bug could have allowed remote attackers to cause a denial of service via
unspecified vectors.
CVE-2012-0050 has been assigned to this issue.
For more details see:
http://openssl.org/news/secadv_20120118.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0050
(* Security fix *)
patches/packages/openssl-solibs-0.9.8t-i486-1_slack11.0.tgz: Upgraded.
This fixes a bug where DTLS applications were not properly supported. This
bug could have allowed remote attackers to cause a denial of service via
unspecified vectors.
CVE-2012-0050 has been assigned to this issue.
For more details see:
http://openssl.org/news/secadv_20120118.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0050
(* Security fix *)
+--------------------------+
Thu Nov 17 02:09:25 UTC 2011
patches/packages/bind-9.4_ESV_R5_P1-i486-1_slack11.0.tgz: Upgraded.
--- 9.4-ESV-R5-P1 released ---
3218. [security] Cache lookup could return RRSIG data associated with
nonexistent records, leading to an assertion
failure. [RT #26590]
(* Security fix *)
+--------------------------+
Fri Nov 11 18:58:21 UTC 2011
Good 11-11-11, everyone! Enjoy some fresh time. :)
patches/packages/glibc-zoneinfo-2011i_2011n-noarch-1.tgz: Upgraded.
New upstream homepage: http://www.iana.org/time-zones
+--------------------------+
Thu Aug 25 09:10:45 UTC 2011
extra/php5/php-5.3.8-i486-1_slack11.0.tgz: Upgraded.
Security fixes vs. 5.3.6 (5.3.7 was not usable):
Updated crypt_blowfish to 1.2. (CVE-2011-2483)
Fixed crash in error_log(). Reported by Mateusz Kocielski
Fixed buffer overflow on overlog salt in crypt().
Fixed bug #54939 (File path injection vulnerability in RFC1867
File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)
Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
For those upgrading from PHP 5.2.x, be aware that quite a bit has
changed, and it will very likely not 'drop in', but PHP 5.2.x is not
supported by php.net any longer, so there wasn't a lot of choice
in the matter. We're not able to support a security fork of
PHP 5.2.x here either, so you'll have to just bite the bullet on
this. You'll be better off in the long run. :)
(* Security fix *)
+--------------------------+
Fri Aug 12 23:20:00 UTC 2011
patches/packages/bind-9.4_ESV_R5-i486-1_slack11.0.tgz: Upgraded.
This BIND update addresses a couple of security issues:
* named, set up to be a caching resolver, is vulnerable to a user
querying a domain with very large resource record sets (RRSets)
when trying to negatively cache the response. Due to an off-by-one
error, caching the response could cause named to crash. [RT #24650]
[CVE-2011-1910]
* Change #2912 (see CHANGES) exposed a latent bug in the DNS message
processing code that could allow certain UPDATE requests to crash
named. [RT #24777] [CVE-2011-2464]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
(* Security fix *)
+--------------------------+
Fri Jul 29 18:22:40 UTC 2011
patches/packages/libpng-1.2.46-i486-1_slack11.0.tgz: Upgraded.
Fixed uninitialized memory read in png_format_buffer()
(Bug report by Frank Busse, related to CVE-2004-0421).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421
(* Security fix *)
+--------------------------+
Mon Jun 20 00:49:34 UTC 2011
patches/packages/fetchmail-6.3.20-i486-1_slack11.0.tgz: Upgraded.
This release fixes a denial of service in STARTTLS protocol phases.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1947
http://www.fetchmail.info/fetchmail-SA-2011-01.txt
(* Security fix *)
+--------------------------+
Fri May 27 22:56:00 UTC 2011
patches/packages/bind-9.4_ESV_R4_P1-i486-1_slack11.0.tgz: Upgraded.
This release fixes security issues:
* A large RRSET from a remote authoritative server that results in
the recursive resolver trying to negatively cache the response can
hit an off by one code error in named, resulting in named crashing.
[RT #24650] [CVE-2011-1910]
* Zones that have a DS record in the parent zone but are also listed
in a DLV and won't validate without DLV could fail to validate. [RT
#24631]
For more information, see:
http://www.isc.org/software/bind/advisories/cve-2011-1910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
(* Security fix *)
+--------------------------+
Wed May 25 20:03:16 UTC 2011
patches/packages/apr-1.4.5-i486-1_slack11.0.tgz: Upgraded.
This fixes a possible denial of service due to a problem with a loop in
the new apr_fnmatch() implementation consuming CPU.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928
(* Security fix *)
patches/packages/apr-util-1.3.12-i486-1_slack11.0.tgz: Upgraded.
Fix crash because of NULL cleanup registered by apr_ldap_rebind_init().
+--------------------------+
Fri May 13 20:30:07 UTC 2011
patches/packages/apr-1.4.4-i486-1_slack11.0.tgz: Upgraded.
This fixes a possible denial of service due to an unconstrained, recursive
invocation of apr_fnmatch(). This function has been reimplemented using a
non-recursive algorithm. Thanks to William Rowe.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419
(* Security fix *)
patches/packages/apr-util-1.3.11-i486-1_slack11.0.tgz: Upgraded.
+--------------------------+
Thu Apr 21 03:13:14 UTC 2011
patches/packages/rdesktop-1.6.0-i486-2_slack11.0.tgz: Rebuilt.
Patched a traversal vulnerability (disallow /.. requests).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1595
(* Security fix *)
+--------------------------+
Mon Apr 18 19:59:50 UTC 2011
patches/packages/acl-2.2.50-i486-1_slack11.0.tgz: Upgraded.
Fix the --physical option in setfacl and getfacl to prevent symlink attacks.
Thanks to Martijn Dekker for the notification.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4411
(* Security fix *)
+--------------------------+
Fri Apr 8 06:58:48 UTC 2011
patches/packages/libtiff-3.8.2-i486-4_slack11.0.tgz: Rebuilt.
Patched overflows that could lead to arbitrary code execution when parsing
a malformed image file.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
(* Security fix *)
+--------------------------+
Thu Apr 7 04:07:29 UTC 2011
patches/packages/dhcp-3.1_ESV_R1-i486-1_slack11.0.tgz: Upgraded.
In dhclient, check the data for some string options for reasonableness
before passing it along to the script that interfaces with the OS.
This prevents some possible attacks by a hostile DHCP server.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997
(* Security fix *)
+--------------------------+
Tue Apr 5 05:10:33 UTC 2011
patches/packages/proftpd-1.3.3e-i486-1_slack11.0.tgz: Upgraded.
Fixes CVE-2011-1137 (badly formed SSH messages cause DoS).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1137
(* Security fix *)
+--------------------------+
Mon Feb 28 22:19:08 UTC 2011
patches/packages/samba-3.0.37-i486-4_slack11.0.tgz: Rebuilt.
Fix memory corruption denial of service issue.
For more information, see:
http://www.samba.org/samba/security/CVE-2011-0719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0719
(* Security fix *)
+--------------------------+
Thu Feb 10 21:19:38 UTC 2011
patches/packages/apr-1.3.12-i486-1_slack11.0.tgz: Upgraded.
patches/packages/apr-util-1.3.10-i486-1_slack11.0.tgz: Upgraded.
Fixes a memory leak and DoS in apr_brigade_split_line().
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623
(* Security fix *)
patches/packages/expat-1.95.8-i486-2_slack11.0.tgz: Upgraded.
Fixed various crash and hang bugs.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
(* Security fix *)
patches/packages/openssl-0.9.8r-i486-1_slack11.0.tgz: Upgraded.
This OpenSSL update fixes an "OCSP stapling vulnerability".
For more information, see the included CHANGES and NEWS files, and:
http://www.openssl.org/news/secadv_20110208.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0014
(* Security fix *)
Patched certwatch to work with recent versions of "file".
Thanks to Ulrich Sch?fer and Jan Rafaj.
patches/packages/openssl-solibs-0.9.8r-i486-1_slack11.0.tgz: Upgraded.
(* Security fix *)
patches/packages/sudo-1.7.4p6-i486-1_slack11.0.tgz: Upgraded.
Fix Runas group password checking.
For more information, see the included CHANGES and NEWS files, and:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0010
(* Security fix *)
+--------------------------+
Mon Jan 10 20:03:00 UTC 2011
extra/php5/php-5.2.17-i486-1_slack11.0.tgz: Upgraded.
This update fixes an infinite loop with conversions from string to
double that may result in a denial of service.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4645
(* Security fix *)
+--------------------------+
Fri Dec 24 00:53:19 UTC 2010
extra/php5/php-5.2.16-i486-1_slack11.0.tgz: Upgraded.
This fixes many bugs, including some security issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4150
(* Security fix *)
patches/packages/proftpd-1.3.3d-i486-1_slack11.0.tgz: Upgraded.
This update fixes an unbounded copy operation in sql_prepare_where() that
could be exploited to execute arbitrary code. However, this only affects
servers that use the sql_mod module (which Slackware does not ship), and
in addition the ability to exploit this depends on an SQL injection bug
that was already fixed in proftpd-1.3.2rc2 (this according to upstream).
So in theory, this fix should only be of academic interest.
But in practice, better safe than sorry.
(* Security fix *)
+--------------------------+
Thu Dec 16 18:57:05 UTC 2010
patches/packages/bind-9.4_ESV_R4-i486-1_slack11.0.tgz: Upgraded.
This update fixes some security issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615
(* Security fix *)
+--------------------------+
Tue Dec 7 05:01:53 UTC 2010
patches/packages/openssl-0.9.8q-i486-1_slack11.0.tgz: Upgraded.
This OpenSSL update contains some security related bugfixes.
For more information, see the included CHANGES and NEWS files, and:
http://www.openssl.org/news/secadv_20101202.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4252
(* Security fix *)
patches/packages/openssl-solibs-0.9.8q-i486-1_slack11.0.tgz: Upgraded.
(* Security fix *)
+--------------------------+
Mon Nov 22 04:11:40 UTC 2010
patches/packages/openssl-0.9.8p-i486-1_slack11.0.tgz: Rebuilt.
This OpenSSL update contains some security related bugfixes.
For more information, see the included CHANGES and NEWS files, and:
http://www.openssl.org/news/secadv_20101116.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864
(* Security fix *)
patches/packages/openssl-solibs-0.9.8p-i486-1_slack11.0.tgz: Rebuilt.
(* Security fix *)
+--------------------------+
Sat Nov 20 21:20:27 UTC 2010
patches/packages/xpdf-3.02pl5-i486-1_slack11.0.tgz: Upgraded.
This update fixes security issues that could lead to an
application crash, or execution of arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704
(* Security fix *)
+--------------------------+
Mon Nov 1 23:21:39 UTC 2010
patches/packages/proftpd-1.3.3c-i486-1_slack11.0.tgz: Upgraded.
Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925), which can
allow remote execution of arbitrary code as the user running the
ProFTPD daemon. Thanks to TippingPoint and the Zero Day Initiative (ZDI).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3867
(* Security fix *)
+--------------------------+
Mon Sep 20 18:39:57 UTC 2010
patches/packages/bzip2-1.0.6-i486-1_slack11.0.tgz: Upgraded.
This update fixes an integer overflow that could allow a specially
crafted bzip2 archive to cause a crash (denial of service), or execute
arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405
(* Security fix *)
+--------------------------+
Wed Sep 15 18:51:21 UTC 2010
patches/packages/sudo-1.7.4p4-i486-3_slack11.0.tgz: Rebuilt.
Hi folks, since the patches for old systems (8.1 - 10.2) were briefly
available containing a /var/lib with incorrect permissions, I'm issuing
these again just to be 100% sure that no systems out there will be left
with problems due to that. This should do it (third time's the charm).
+--------------------------+
Wed Sep 15 05:58:55 UTC 2010
patches/packages/sudo-1.7.4p4-i486-2_slack11.0.tgz: Rebuilt.
The last sudo packages accidentally changed the permissions on /var from
755 to 700. This build restores the proper permissions.
Thanks to Petri Kaukasoina for pointing this out.
+--------------------------+
Wed Sep 15 00:41:13 UTC 2010
patches/packages/samba-3.0.37-i486-3_slack11.0.tgz: Upgraded.
This upgrade fixes a buffer overflow in the sid_parse() function.
For more information, see:
http://www.samba.org/samba/security/CVE-2010-3069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3069
(* Security fix *)
patches/packages/sudo-1.7.4p4-i486-1_slack11.0.tgz: Upgraded.
This fixes a flaw that could lead to privilege escalation.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2956
(* Security fix *)
+--------------------------+
Fri Aug 27 00:23:17 UTC 2010
extra/php5/php-5.2.14-i486-1_slack11.0.tgz: Upgraded.
Fixed several security issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1917
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2225
http://www.php-security.org/2010/05/31/mops-2010-060-php-session-serializer-session-data-injection-vulnerability/index.html
http://www.php-security.org/2010/06/25/mops-2010-061-php-splobjectstorage-deserialization-use-after-free-vulnerability/index.html
(* Security fix *)
+--------------------------+
Wed Jun 30 04:51:49 UTC 2010
patches/packages/libtiff-3.8.2-i486-3_slack11.0.tgz: Rebuilt.
This fixes image structure handling bugs that could lead to crashes or
execution of arbitrary code if a specially-crafted TIFF image is loaded.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2067
(* Security fix *)
patches/packages/libpng-1.2.44-i486-1_slack11.0.tgz: Upgraded.
This fixes out-of-bounds memory write bugs that could lead to crashes
or the execution of arbitrary code, and a memory leak bug which could
lead to application crashes.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249
(* Security fix *)
+--------------------------+
Sun Jun 27 04:02:55 UTC 2010
patches/packages/bind-9.4.3_P5-i486-2_slack11.0.tgz: Rebuilt.
At least some of these updates for 2.4.x systems were built under a
2.6.x kernel, and didn't work. Sorry, I think I've fixed the
issue on this end this time. If the previous update did not work
for you, try this one.
+--------------------------+
Fri Jun 25 05:28:02 UTC 2010
patches/packages/bind-9.4.3_P5-i486-1_slack11.0.tgz: Upgraded.
This fixes possible DNS cache poisoning attacks when DNSSEC is enabled
and checking is disabled (CD).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
(* Security fix *)
+--------------------------+
Fri Jun 18 18:09:28 UTC 2010
patches/packages/samba-3.0.37-i486-2_slack11.0.tgz: Rebuilt.
Patched a buffer overflow in smbd that allows remote attackers to cause
a denial of service (memory corruption and daemon crash) or possibly
execute arbitrary code via a crafted field in a packet.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2063
(* Security fix *)
+--------------------------+
Sun May 16 20:01:28 UTC 2010
patches/packages/fetchmail-6.3.17-i486-1_slack11.0.tgz: Upgraded.
A crafted header or POP3 UIDL list could cause a memory leak and crash
leading to a denial of service.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1167
(* Security fix *)
+--------------------------+
Fri Apr 30 01:07:12 UTC 2010
patches/packages/irssi-0.8.15-i486-2_slack11.0.tgz: Rebuilt.
Sorry, the perl modules were a mess in that last build on systems that
don't use a vendor_perl dir. This should work better.
+--------------------------+
Thu Apr 22 19:13:54 UTC 2010
patches/packages/irssi-0.8.15-i486-1_slack11.0.tgz: Upgraded.
From the NEWS file:
- Check if an SSL certificate matches the hostname of the server we are
connecting to.
- Fix crash when checking for fuzzy nick match when not on the channel.
Reported by Aurelien Delaitre (SATE 2009).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1156
(* Security fix *)
+--------------------------+
Tue Apr 20 14:45:24 UTC 2010
patches/packages/sudo-1.7.2p6-i486-1_slack11.0.tgz: Upgraded.
This update fixes security issues that may give a user with permission
to run sudoedit the ability to run arbitrary commands.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1163
http://www.gratisoft.us/sudo/alerts/sudoedit_escalate.html
http://www.gratisoft.us/sudo/alerts/sudoedit_escalate2.html
(* Security fix *)
+--------------------------+
Mon Apr 5 03:06:19 UTC 2010
patches/packages/mozilla-thunderbird-2.0.0.24-i686-1.tgz: Upgraded.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
(* Security fix *)
+--------------------------+
Wed Mar 31 05:05:47 UTC 2010
patches/packages/openssl-0.9.8n-i486-1_slack11.0.tgz: Upgraded.
This OpenSSL update contains some security related bugfixes.
For more information, see the included CHANGES and NEWS files, and:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740
(* Security fix *)
patches/packages/openssl-solibs-0.9.8n-i486-1_slack11.0.tgz: Upgraded.
patches/packages/proftpd-1.3.3-i486-2_slack11.0.tgz: Rebuilt.
Recompiled against openssl-0.9.8n.
patches/packages/seamonkey-1.1.19-i486-1_slack11.0.tgz: Upgraded.
Upgraded to seamonkey-1.1.19.
This release fixes some more security vulnerabilities.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
(* Security fix *)
+--------------------------+
Tue Mar 9 21:31:21 UTC 2010
patches/packages/openssl-0.9.8m-i486-2_slack11.0.tgz: Rebuilt.
patches/packages/openssl-solibs-0.9.8m-i486-2_slack11.0.tgz: Rebuilt.
The OpenSSL package has been patched and recompiled to revert a change that
broke decrypting some files encrypted with previous versions of OpenSSL.
This same fix appears in the latest upstream snapshots.
+--------------------------+
Mon Mar 1 05:02:21 UTC 2010
patches/packages/openssl-0.9.8m-i486-1_slack11.0.tgz: Upgraded.
This OpenSSL update contains some security related bugfixes.
For more information, see the included CHANGES and NEWS files, and:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4355
(* Security fix *)
patches/packages/openssl-solibs-0.9.8m-i486-1_slack11.0.tgz: Upgraded.
patches/packages/proftpd-1.3.3-i486-1_slack11.0.tgz: Upgraded.
+--------------------------+
Sun Jan 24 20:22:46 UTC 2010
extra/php5/php-5.2.12-i486-1_slack11.0.tgz: Upgraded.
This fixes many bugs, including a few security issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4143
(* Security fix *)
+--------------------------+
Thu Dec 10 00:12:58 UTC 2009
patches/packages/ntp-4.2.2p3-i486-3_slack11.0.tgz: Rebuilt.
Prevent a denial-of-service attack involving spoofed mode 7 packets.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
(* Security fix *)
+--------------------------+
Wed Dec 2 20:51:55 UTC 2009
patches/packages/bind-9.4.3_P4-i486-1_slack11.0.tgz: Upgraded.
BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3-P3. It addresses a
potential cache poisoning vulnerability, in which data in the additional
section of a response could be cached without proper DNSSEC validation.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
http://www.kb.cert.org/vuls/id/418861
(* Security fix *)
+--------------------------+
Mon Nov 16 18:56:26 UTC 2009
patches/packages/openssl-0.9.8h-i486-4_slack11.0.tgz: Rebuilt.
Patched to disable SSL renegotiation.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
(* Security fix *)
patches/packages/openssl-solibs-0.9.8h-i486-4_slack11.0.tgz: Rebuilt.
Patched to disable SSL renegotiation.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
(* Security fix *)
+--------------------------+
Wed Oct 28 01:23:19 UTC 2009
patches/packages/xpdf-3.02pl4-i486-1_slack11.0.tgz: Upgraded.
This update fixes several security issues that could lead to an
application crash, or execution of arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609
(* Security fix *)
+--------------------------+
Sat Oct 3 18:19:00 CDT 2009
extra/php5/php-5.2.11-i486-1_slack11.0.tgz:
This release fixes some possible security issues, all of which have
"unknown impact and attack vectors".
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293
(* Security fix *)
patches/packages/samba-3.0.37-i486-1_slack11.0.tgz:
This update fixes the following security issues.
A misconfigured /etc/passwd with no defined home directory could allow
security restrictions to be bypassed.
mount.cifs could allow a local user to read the first line of an arbitrary
file if installed setuid. (On Slackware, it was not installed setuid)
Specially crafted SMB requests could cause a denial of service.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906
(* Security fix *)
+--------------------------+
Mon Sep 7 20:57:44 CDT 2009
patches/packages/seamonkey-1.1.18-i486-1_slack11.0.tgz: Upgraded.
Upgraded to seamonkey-1.1.18.
This release fixes some more security vulnerabilities.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
(* Security fix *)
+--------------------------+
Thu Aug 20 22:12:00 CDT 2009
patches/packages/mozilla-thunderbird-2.0.0.23-i686-1.tgz:
This upgrade fixes a security bug.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
(* Security fix *)
+--------------------------+
Fri Aug 14 13:42:26 CDT 2009
patches/packages/curl-7.15.5-i486-3_slack11.0.tgz:
This update fixes a security issue where a zero byte embedded in an SSL
or TLS certificate could fool cURL into validating the security of a
connection to a system that the certificate was not issued for. It has
been reported that at least one Certificate Authority allowed such
certificates to be issued.
For more information, see:
http://curl.haxx.se/docs/security.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417
(* Security fix *)
+--------------------------+
Fri Aug 7 14:25:03 CDT 2009
patches/packages/samba-3.0.36-i486-1_slack11.0.tgz: Upgraded.
This is a bugfix release.
+--------------------------+
Thu Aug 6 19:07:34 CDT 2009
patches/packages/apr-1.3.8-i486-1_slack11.0.tgz: Upgraded.
Fix overflow in pools and rmm, where size alignment was taking place.
[Matt Lewis <mattlewis@google.com>, Sander Striker]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412
(* Security fix *)
patches/packages/apr-util-1.3.9-i486-1_slack11.0.tgz: Upgraded.
Fix overflow in rmm, where size alignment was taking place.
[Matt Lewis <mattlewis@google.com>, Sander Striker]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412
(* Security fix *)
+--------------------------+
Thu Aug 6 00:48:30 CDT 2009
patches/packages/fetchmail-6.3.11-i486-1_slack11.0.tgz: Upgraded.
This update fixes an SSL NUL prefix impersonation attack through NULs in a
part of a X.509 certificate's CommonName and subjectAltName fields.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666
(* Security fix *)
+--------------------------+
Wed Jul 29 23:10:01 CDT 2009
patches/packages/bind-9.4.3_P3-i486-1_slack11.0.tgz: Upgraded.
This BIND update fixes a security problem where a specially crafted
dynamic update message packet will cause named to exit resulting in
a denial of service.
An active remote exploit is in wide circulation at this time.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696
https://www.isc.org/node/479
(* Security fix *)
+--------------------------+
Tue Jul 14 18:07:41 CDT 2009
patches/packages/dhcp-3.1.2p1-i486-1_slack11.0.tgz: Upgraded.
A stack overflow vulnerability was fixed in dhclient that could allow
remote attackers to execute arbitrary commands as root on the system,
or simply terminate the client, by providing an over-long subnet-mask
option.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692
(* Security fix *)
+--------------------------+
Sat Jul 11 18:29:04 CDT 2009
extra/php5/php-5.2.10-i486-2_slack11.0.tgz:
Rebuilt. Installed the pear.php.net.reg and pecl.php.net.reg files from
php-5.2.9, since the ones installed by php-5.2.10 are broken.
Thanks to Mike Peachey for the bug report.
+--------------------------+
Wed Jul 1 14:37:43 CDT 2009
extra/php5/php-5.2.10-i486-1_slack11.0.tgz: Upgraded.
+--------------------------+
Sat Jun 27 18:54:07 CDT 2009
patches/packages/mozilla-thunderbird-2.0.0.22-i686-1.tgz:
Upgraded to thunderbird-2.0.0.22.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
(* Security fix *)
+--------------------------+
Fri Jun 26 22:05:35 CDT 2009
patches/packages/samba-3.0.35-i486-1_slack11.0.tgz:
This upgrade fixes the following security issue:
o CVE-2009-1888:
In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
data value can potentially affect access control when "dos filemode"
is set to "yes".
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888
(* Security fix *)
+--------------------------+
Wed Jun 24 19:46:28 CDT 2009
patches/packages/seamonkey-1.1.17-i486-1_slack11.0.tgz:
Upgraded to seamonkey-1.1.17.
This release fixes some more security vulnerabilities.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
(* Security fix *)
+--------------------------+
Fri Jun 19 18:22:20 CDT 2009
patches/packages/libpng-1.2.37-i486-1_slack11.0.tgz: Upgraded.
This update fixes a possible security issue. Jeff Phillips discovered an
uninitialized-memory-read bug affecting interlaced images that may have
security implications.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042
(* Security fix *)
+--------------------------+
Fri Jun 19 16:26:49 CDT 2009
patches/packages/ruby-1.8.6_p369-i486-1_slack11.0.tgz: Upgraded.
This fixes a denial of service issue caused by the BigDecimal method
handling large input values improperly that may allow attackers to
crash the interpreter. The issue affects most Rails applications.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904
(* Security fix *)
+--------------------------+
Mon Jun 15 22:14:45 CDT 2009
patches/packages/apr-1.3.5-i486-1_slack11.0.tgz: Upgraded.
patches/packages/apr-util-1.3.7-i486-1_slack11.0.tgz: Upgraded.
Fix underflow in apr_strmatch_precompile.
Fix a denial of service attack against the apr_xml_* interface
using the "billion laughs" entity expansion technique.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955
(* Security fix *)
+--------------------------+
Wed Jun 3 18:09:52 CDT 2009
patches/packages/ntp-4.2.2p3-i486-1_slack11.0.tgz:
Patched a stack-based buffer overflow in the cookedprint function in
ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows arbitrary code
execution by a malicious remote NTP server.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159
(* Security fix *)
+--------------------------+
Thu May 14 18:09:26 CDT 2009
patches/packages/cyrus-sasl-2.1.23-i486-1_slack11.0.tgz:
Upgraded to cyrus-sasl-2.1.23.
This fixes a buffer overflow in the sasl_encode64() function that could lead
to crashes or the execution of arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0688
(* Security fix *)
+--------------------------+
Sat May 9 18:03:41 CDT 2009
patches/packages/xpdf-3.02pl3-i486-1_slack11.0.tgz:
Upgraded to xpdf-3.02pl3.
This update fixes several overflows that may result in crashes or the
execution of arbitrary code as the xpdf user.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183
(* Security fix *)
+--------------------------+
Thu Apr 30 20:56:17 CDT 2009
patches/packages/ruby-1.8.6_p368-i486-1_slack11.0.tgz:
Upgraded to ruby-1.8.6-p368.
This update fixes a DoS in REXML.
For details, see:
http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
(* Security fix *)
+--------------------------+
Mon Apr 20 23:27:45 CDT 2009
patches/packages/udev-097-i486-11_slack11.0.tgz:
This package has been patched to fix a local root hole.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185
(* Security fix *)
+--------------------------+
Mon Apr 13 16:22:12 CDT 2009
patches/packages/seamonkey-1.1.16-i486-1_slack11.0.tgz:
Upgraded to seamonkey-1.1.16.
This release fixes some more security vulnerabilities.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
(* Security fix *)
+--------------------------+
Tue Apr 7 16:59:49 CDT 2009
patches/packages/openssl-0.9.8h-i486-3_slack11.0.tgz: Patched (see below).
patches/packages/openssl-solibs-0.9.8h-i486-3_slack11.0.tgz:
Patched to fix possible crashes as well as a (fairly unlikely) case
where an invalid signature might verify as valid.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
(* Security fix *)
patches/packages/xine-lib-1.1.16.3-i486-1_slack11.0.tgz:
Upgraded to xine-lib-1.1.16.3.
- Fix another possible int overflow in the 4XM demuxer.
(ref. TKADV2009-004, CVE-2009-0385)
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385
(* Security fix *)
extra/php5/php-5.2.9-i486-1_slack11.0.tgz: Upgraded to php-5.2.9.
This update fixes a few security issues:
- Fixed a crash on extract in zip when files or directories entry names
contain a relative path.
- Fixed security issue in imagerotate(), background colour isn't validated
correctly with a non truecolour image. (CVE-2008-5498)
Reported by Hamid Ebadi, APA Laboratory.
- Fixed a segfault when malformed string is passed to json_decode().
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498
(* Security fix *)
+--------------------------+
Tue Mar 24 01:56:10 CDT 2009
patches/packages/lcms-1.18-i486-1_slack11.0.tgz: Upgraded to lcms-1.18.
This update fixes security issues discovered in LittleCMS by Chris Evans.
These flaws could cause program crashes (denial of service) or the execution
of arbitrary code as the user of the lcms-linked program.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0733
(* Security fix *)
patches/packages/mozilla-thunderbird-2.0.0.21-i686-1.tgz:
Upgraded to thunderbird-2.0.0.21.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
(* Security fix *)
patches/packages/seamonkey-1.1.15-i486-1_slack11.0.tgz:
Upgraded to seamonkey-1.1.15.
This release fixes some more security vulnerabilities.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
(* Security fix *)
+--------------------------+
Mon Mar 9 00:04:05 CDT 2009
patches/packages/curl-7.15.5-i486-2_slack11.0.tgz:
Patched curl-7.15.5.
This fixes a security issue where automatic redirection could be made to
follow file:// URLs, reading or writing a local instead of remote file.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037
(* Security fix *)
+--------------------------+
Fri Feb 20 17:20:49 CST 2009
patches/packages/libpng-1.2.35-i486-1_slack11.0.tgz:
Upgraded to libpng-1.2.35.
This fixes multiple memory-corruption vulnerabilities due to a failure to
properly initialize data structures.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt
(* Security fix *)
+--------------------------+
Thu Jan 15 16:48:00 CST 2009
patches/packages/bind-9.3.6_P1-i486-2_slack11.0.tgz:
Recompiled. The -1_slack11.0 package was compiled on a Slackware 11.0
system running a 2.6.x kernel, and this caused problems for machines running
the default 2.4.33.3 kernel. This package should run correctly.
+--------------------------+
Wed Jan 14 20:37:39 CST 2009
patches/packages/bind-9.3.6_P1-i486-1_slack11.0.tgz:
Upgraded to bind-9.3.6-P1.
Fixed checking on return values from OpenSSL's EVP_VerifyFinal and
DSA_do_verify functions to prevent spoofing answers returned from zones using
the DNSKEY algorithms DSA and NSEC3DSA.
For more information, see:
https://www.isc.org/node/373
http://www.ocert.org/advisories/ocert-2008-016.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
(* Security fix *)
patches/packages/ntp-4.2.4p6-i486-1_slack11.0.tgz:
[Sec 1111] Fix incorrect check of EVP_VerifyFinal()'s return value.
For more information, see:
https://lists.ntp.org/pipermail/announce/2009-January/000055.html
http://www.ocert.org/advisories/ocert-2008-016.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
(* Security fix *)
patches/packages/openssl-0.9.8h-i486-2_slack11.0.tgz:
Patched to fix the return value EVP_VerifyFinal, preventing malformed
signatures from being considered good. This flaw could possibly allow a
'man in the middle' attack.
For more information, see:
http://www.openssl.org/news/secadv_20090107.txt
http://www.ocert.org/advisories/ocert-2008-016.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
(* Security fix *)
patches/packages/openssl-solibs-0.9.8h-i486-2_slack11.0.tgz:
Patched to fix the return value EVP_VerifyFinal, preventing malformed
signatures from being considered good. This flaw could possibly allow a
'man in the middle' attack.
For more information, see:
http://www.openssl.org/news/secadv_20090107.txt
http://www.ocert.org/advisories/ocert-2008-016.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
(* Security fix *)
+--------------------------+
Wed Dec 31 11:35:43 CST 2008
patches/packages/mozilla-thunderbird-2.0.0.19-i686-1.tgz:
Upgraded to thunderbird-2.0.0.19.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
(* Security fix *)
+--------------------------+
Fri Dec 26 22:45:51 CST 2008
patches/packages/seamonkey-1.1.14-i486-1_slack11.0.tgz:
Upgraded to seamonkey-1.1.14.
This release fixes some more security vulnerabilities.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
(* Security fix *)
+--------------------------+
Thu Dec 18 12:44:59 CST 2008
patches/packages/mozilla-firefox-2.0.0.20-i686-1.tgz:
Upgraded to firefox-2.0.0.20.
This fixes some security issues:
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox20.html
(* Security fix *)
+--------------------------+
Mon Dec 8 05:15:44 CST 2008
extra/php5/php-5.2.8-i486-1_slack11.0.tgz:
Upgraded to php-5.2.8.
This is a bugfix release that reverts a change that broke magic_quotes_gpc.
+--------------------------+
Fri Dec 5 20:54:22 CST 2008
extra/php5/php-5.2.7-i486-1_slack11.0.tgz:
Upgraded to php-5.2.7.
In addition to improvements and bug fixes, this new version of PHP also
addresses several security issues, including:
Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.
Crash with URI/file..php (filename contains 2 dots). (Fixes CVE-2008-3660).
rfc822.c legacy routine buffer overflow. (Fixes CVE-2008-2829).
Fixed extraction of zip files or directories when the entry name is a
relative path: http://www.sektioneins.de/advisories/SE-2008-06.txt
These are the URLs to get more information:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2666
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660
http://www.sektioneins.de/advisories/SE-2008-06.txt
(* Security fix *)
+--------------------------+
Sat Nov 29 13:37:04 CST 2008
patches/packages/ruby-1.8.6_p287-i486-1_slack11.0.tgz:
Upgraded to ruby-1.8.6-p287.
This fixes several bugs in the previous Ruby update, including a security
issue where the DNS resolver did not randomize the source port and
transaction id sufficiently.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
(* Security fix *)
+--------------------------+
Fri Nov 28 16:27:52 CST 2008
patches/packages/samba-3.0.33-i486-1_slack11.0.tgz:
Upgraded to samba-3.0.33.
This package fixes an important barrier against rogue clients reading from
uninitialized memory (though no proof-of-concept is known to exist).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314
(* Security fix *)
+--------------------------+
Thu Nov 20 18:14:27 CST 2008
patches/packages/mozilla-thunderbird-2.0.0.18-i686-1.tgz:
Upgraded to thunderbird-2.0.0.18.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
(* Security fix *)
+--------------------------+
Wed Nov 19 19:13:12 CST 2008
patches/packages/libxml2-2.6.32-i486-1_slack11.0.tgz:
Upgraded to libxml2-2.6.32 and patched.
This fixes vulnerabilities including denial of service, or possibly the
execution of arbitrary code as the user running a libxml2 linked application
if untrusted XML content is parsed.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226
(* Security fix *)
+--------------------------+
Sat Nov 15 19:22:43 CST 2008
patches/packages/mozilla-firefox-2.0.0.18-i686-1.tgz
Upgraded to firefox-2.0.0.18.
This fixes some security issues:
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox20.html
(* Security fix *)
patches/packages/seamonkey-1.1.13-i486-1_slack11.0.tgz
Upgraded to seamonkey-1.1.13.
This release fixes some more security vulnerabilities.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
(* Security fix *)
+--------------------------+
Mon Oct 13 13:58:21 CDT 2008
patches/packages/glibc-zoneinfo-2.3.6-noarch-11_slack11.0.tgz:
Upgraded to tzdata2008h for the latest world timezone changes.
+--------------------------+
Fri Sep 26 22:38:32 CDT 2008
patches/packages/mozilla-thunderbird-2.0.0.17-i686-1.tgz:
Upgraded to thunderbird-2.0.0.17.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
(* Security fix *)
+--------------------------+
Thu Sep 25 23:24:07 CDT 2008
patches/packages/mozilla-firefox-2.0.0.17-i686-1.tgz:
Upgraded to firefox-2.0.0.17.
This release fixes some more security vulnerabilities.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox20.html
(* Security fix *)
patches/packages/seamonkey-1.1.12-i486-1_slack11.0.tgz:
This release fixes some more security vulnerabilities.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
(* Security fix *)
+--------------------------+
Wed Sep 17 02:28:20 CDT 2008
patches/packages/bind-9.3.5_P2-i486-1_slack11.0.tgz:
Upgraded to bind-9.3.5-P2.
This version has performance gains over bind-9.3.5-P1.
+--------------------------+
Wed Sep 3 19:51:43 CDT 2008
patches/packages/php-4.4.9-i486-1_slack11.0.tgz:
Upgraded to php-4.4.9. This upgrades the bundled PCRE library to fix
security issues, as well as fixing a few other security related bugs.
See the PHP4 ChangeLog for more details:
http://www.php.net/ChangeLog-4.php#4.4.9
Please note: PHP4 has been officially discontinued since last year, and
reached the announced EOL on 2008-08-08. Sites should consider migrating
to a supported release.
(* Security fix *)
+--------------------------+
Mon Sep 1 21:56:29 CDT 2008
patches/packages/samba-3.0.32-i486-1_slack11.0.tgz:
Upgraded to samba-3.0.32. This is a bugfix release. See the WHATSNEW.txt
file in the Samba docs for details on what has changed.
+--------------------------+
Thu Aug 28 22:48:16 CDT 2008
patches/packages/amarok-1.4.10-i486-1_slack11.0.tgz:
Upgraded to amarok-1.4.10. This fixes a security issue in the Magnatune
online music library support which could be used by malicious local users to
overwrite system files. For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699
(* Security fix *)
patches/packages/libgpod-0.6.0-i486-1_slack11.0.tgz:
Upgraded to libgpod-0.6.0. This new version of libgpod is required for
amarok-1.4.10.
+--------------------------+
Mon Aug 4 14:03:01 CDT 2008
patches/packages/python-2.4.5-i486-1_slack11.0.tgz:
Upgraded to 2.4.5 and patched overflows and other security problems.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144
(* Security fix *)
+--------------------------+
Tue Jul 29 13:32:21 CDT 2008
patches/packages/proftpd-1.3.1-i486-1_slack11.0.tgz:
Recompiled against new OpenSSL, since this evidently checks the OpenSSL
version and will only run against the libraries it was compiled against.
A small patch was also added due to changes in the system includes.
Thanks to Martin Schmitz for the info and a pointer to the patch.
+--------------------------+
Mon Jul 28 22:05:06 CDT 2008
patches/packages/fetchmail-6.3.8-i486-1_slack11.0.tgz:
Patched to fix a possible denial of service when "-v -v" options are used.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711
(* Security fix *)
patches/packages/links-2.1-i486-1_slack11.0.tgz:
Upgraded to links-2.1.
Unspecified vulnerability in Links before 2.1, when "only proxies" is
enabled, has unknown impact and attack vectors related to providing
"URLs to external programs."
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3329
(* Security fix *)
patches/packages/mozilla-thunderbird-2.0.0.16-i686-1.tgz:
Upgraded to thunderbird-2.0.0.16.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
(* Security fix *)
patches/packages/openssh-5.1p1-i486-1_slack11.0.tgz:
Upgraded to openssh-5.1p1.
When upgrading OpenSSH, it is VERY IMPORTANT to also upgrade OpenSSL, or
it is possible to be unable to log back into sshd!
patches/packages/openssl-0.9.8h-i486-1_slack11.0.tgz:
Upgraded to OpenSSL 0.9.8h.
The Codenomicon TLS test suite uncovered security bugs in OpenSSL.
If OpenSSL was compiled using non-default options (Slackware's package
is not), then a malicious packet could cause a crash. Also, a malformed
TLS handshake could also lead to a crash.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672
When upgrading OpenSSL, it is VERY IMPORTANT to also upgrade OpenSSH, or
it is possible to be unable to log back into sshd!
(* Security fix *)
patches/packages/openssl-solibs-0.9.8h-i486-1_slack11.0.tgz:
Upgraded to OpenSSL 0.9.8h shared libraries (see above).
(* Security fix *)
patches/packages/vim-7.1.330-i486-1_slack11.0.tgz:
Upgraded to vim-7.1.330. This fixes several security issues related to
the automatic processing of untrusted files.
For more information, see:
http://www.rdancer.org/vulnerablevim.html
(* Security fix *)
patches/packages/vim-gvim-7.1.330-i486-1_slack11.0.tgz:
Upgraded to vim-gvim-7.1.330.
See "vim" above for details.
(* Security fix *)
+--------------------------+
Wed Jul 23 16:27:21 CDT 2008
patches/packages/dnsmasq-2.45-i486-1_slack11.0.tgz:
Upgraded to dnsmasq-2.45.
It was discovered that earlier versions of dnsmasq have DNS cache
weaknesses that are similar to the ones recently discovered in BIND.
This new release minimizes the risk of cache poisoning.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
(* Security fix *)
+--------------------------+
Wed Jul 16 19:28:25 CDT 2008
patches/packages/mozilla-firefox-2.0.0.16-i686-1.tgz:
Upgraded to firefox-2.0.0.16.
This release fixes some more security vulnerabilities.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox20.html
(* Security fix *)
patches/packages/seamonkey-1.1.11-i486-1_slack11.0.tgz:
Upgraded to seamonkey-1.1.11.
This release fixes some more security vulnerabilities.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
(* Security fix *)
+--------------------------+
Wed Jul 9 20:03:57 CDT 2008
patches/packages/bind-9.3.5_P1-i486-1_slack11.0.tgz:
Upgraded to bind-9.3.5-P1.
This upgrade addresses a security flaw known as the CERT VU#800113 DNS Cache
Poisoning Issue. This is the summary of the problem from the BIND site:
"A weakness in the DNS protocol may enable the poisoning of caching
recurive resolvers with spoofed data. DNSSEC is the only full solution.
New versions of BIND provide increased resilience to the attack."
It is suggested that sites that run BIND upgrade to one of the new packages
in order to reduce their exposure to DNS cache poisoning attacks.
For more information, see:
http://www.isc.org/sw/bind/bind-security.php
http://www.kb.cert.org/vuls/id/800113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
(* Security fix *)
patches/packages/mozilla-firefox-2.0.0.15-i686-1.tgz:
Upgraded to firefox-2.0.0.15.
This release closes several possible security vulnerabilities and bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
patches/packages/seamonkey-1.1.10-i486-1_slack11.0.tgz:
Upgraded to seamonkey-1.1.10.
This release closes several possible security vulnerabilities and bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
+--------------------------+
Fri Jun 27 23:17:20 CDT 2008
patches/packages/ruby-1.8.6_p230-i486-1_slack11.0.tgz:
Upgraded to ruby-1.8.6-p230.
This fixes a number of security related bugs in Ruby which could lead to a
denial of service (DoS) condition or allow execution of arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726
(* Security fix *)
+--------------------------+
Wed May 28 19:46:22 CDT 2008
patches/packages/samba-3.0.30-i486-1_slack11.0.tgz:
Upgraded to samba-3.0.30.
This is a security release in order to address CVE-2008-1105 ("Boundary
failure when parsing SMB responses can result in a buffer overrun").
For more information on the security issue, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105
(* Security fix *)
+--------------------------+
Tue May 27 21:53:32 CDT 2008
patches/packages/rdesktop-1.6.0-i486-1_slack11.0.tgz:
Upgraded to rdesktop-1.6.0.
According to the rdesktop ChangeLog, this contains a:
"* Fix for potential vulnerability against compromised/malicious servers
(reported by iDefense)"
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801
(* Security fix *)
+--------------------------+
Wed May 7 15:28:33 CDT 2008
patches/packages/mozilla-thunderbird-2.0.0.14-i686-1.tgz:
Upgraded to thunderbird-2.0.0.14.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
extra/php5/php-5.2.6-i486-1_slack11.0.tgz:
Upgraded to php-5.2.6. PHP4 was standard in Slackware 11.0, which is why
this package is provided "in place" under /extra rather than under /patches
(where upgrade tools might mistakenly grab and install it where it would not
be desirable.)
This version of PHP contains many fixes and enhancements. Some of the fixes
are security related, and the PHP release announcement provides this list:
* Fixed possible stack buffer overflow in the FastCGI SAPI identified by
Andrei Nigmatulin.
* Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
* Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
* Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
* Properly address incomplete multibyte chars inside escapeshellcmd()
identified by Stefan Esser.
* Upgraded bundled PCRE to version 7.6
When last checked, CVE-2008-0599 was not yet open. However, additional
information should become available at this URL:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599
The list reproduced above, as well as additional information about other
fixes in PHP 5.2.6 may be found in the PHP release announcement here:
http://www.php.net/releases/5_2_6.php
(* Security fix *)
+--------------------------+
Mon Apr 28 23:46:17 CDT 2008
patches/packages/libpng-1.2.27-i486-1_slack11.0.tgz:
Upgraded to libpng-1.2.27.
This fixes various bugs, the most important of which have to do with the
handling of unknown chunks containing zero-length data. Processing a PNG
image that contains these could cause the application using libpng to crash
(possibly resulting in a denial of service), could potentially expose the
contents of uninitialized memory, or could cause the execution of arbitrary
code as the user running libpng (though it would probably be quite difficult
to cause the execution of attacker-chosen code). We recommend upgrading the
package as soon as possible.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.27-README.txt
(* Security fix *)
+--------------------------+
Sat Apr 19 23:49:25 CDT 2008
patches/packages/xine-lib-1.1.11.1-i686-3_slack11.0.tgz:
Recompiled, with --without-speex (we didn't ship the speex library in
Slackware anyway, but for reference this issue would be CVE-2008-1686),
and with --disable-nosefart (the recently reported as insecurely
demuxed NSF format). As before in -2, this package fixes the two
regressions mentioned in the release notes for xine-lib-1.1.12:
http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655
(* Security fix *)
+--------------------------+
Thu Apr 17 16:25:55 CDT 2008
patches/packages/mozilla-firefox-2.0.0.14-i686-1.tgz:
Upgraded to firefox-2.0.0.14.
This upgrade fixes a potential security bug.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
+--------------------------+
Tue Apr 8 00:17:36 CDT 2008
patches/packages/xine-lib-1.1.11.1-i686-2_slack11.0.tgz:
Patched to fix playback failure affecting several media formats
accidentally broken in the xine-lib-1.1.11.1 release. Thanks to Diogo Sousa
for pointing me to the new release notes on xinehq.de.
+--------------------------+
Mon Apr 7 02:04:58 CDT 2008
patches/packages/bzip2-1.0.5-i486-1_slack11.0.tgz: Upgraded to bzip2-1.0.5.
Previous versions of bzip2 contained a buffer overread error that could cause
applications linked to libbz2 to crash, resulting in a denial of service.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372
(* Security fix *)
patches/packages/m4-1.4.11-i486-1_slack11.0.tgz: Upgraded to m4-1.4.11.
In addition to bugfixes and enhancements, this version of m4 also fixes two
issues with possible security implications. A minor security fix with the
use of "maketemp" and "mkstemp" -- these are now quoted to prevent the
(rather unlikely) possibility that an unquoted string could match an
existing macro causing operations to be done on the wrong file. Also,
a problem with the '-F' option (introduced with version 1.4) could cause a
core dump or possibly (with certain file names) the execution of arbitrary
code. For more information on these issues, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688
(* Security fix *)
+--------------------------+
Fri Apr 4 12:36:37 CDT 2008
patches/packages/openssh-5.0p1-i486-1_slack11.0.tgz:
Upgraded to openssh-5.0p1.
This version fixes a security issue where local users could hijack forwarded
X connections. Upgrading to the new package is highly recommended.
For more information on this security issue, please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
(* Security fix *)
+--------------------------+
Mon Mar 31 23:33:58 CDT 2008
patches/packages/xine-lib-1.1.11.1-i686-1_slack11.0.tgz:
Upgraded to xine-lib-1.1.11.1.
Earlier versions of xine-lib suffer from an integer overflow which may lead
to a buffer overflow that could potentially be used to gain unauthorized
access to the machine if a malicious media file is played back. File types
affected this time include .flv, .mov, .rm, .mve, .mkv, and .cak.
For more information on this security issue, please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482
(* Security fix *)
+--------------------------+
Sat Mar 29 03:09:17 CDT 2008
patches/packages/mozilla-firefox-2.0.0.13-i686-1.tgz:
Upgraded to firefox-2.0.0.13.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
patches/packages/seamonkey-1.1.9-i486-1_slack11.0.tgz:
Upgraded to seamonkey-1.1.9.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
patches/packages/xine-lib-1.1.11-i686-1_slack11.0.tgz:
Earlier versions of xine-lib suffer from an array index bug that
may have security implications if a malicious RTSP stream is
played. Playback of other media formats is not affected.
If you use RTSP, you should probably upgrade xine-lib.
For more information on the security issue, please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073
(* Security fix *)
+--------------------------+
Sun Mar 2 00:15:53 CST 2008
patches/packages/espgs-8.15.3svn185-i486-3_slack11.0.tgz:
This patched version of ESP Ghostscript fixes a buffer overflow.
For more information on the security issue, please see:
http://scary.beasts.org/security/CESA-2008-001.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0411
Thanks to Chris Evans and Will Drewry of Google Security for their work
on discovering and demonstrating the overflow.
(* Security fix *)
+--------------------------+
Sat Mar 1 15:55:28 CST 2008
patches/packages/mozilla-thunderbird-2.0.0.12-i686-1.tgz:
Upgraded to thunderbird-2.0.0.12.
This update fixes the following security related issues:
MFSA 2008-12: Heap buffer overflow in external MIME bodies
MFSA 2008-05: Directory traversal via chrome: URI
MFSA 2008-03: Privilege escalation, XSS, Remote Code Execution
MFSA 2008-01: Crashes with evidence of memory corruption (rv:1.8.1.12)
For more information, see:
http://www.mozilla.org/security/announce/2008/mfsa2008-12.html
http://www.mozilla.org/security/announce/2008/mfsa2008-05.html
http://www.mozilla.org/security/announce/2008/mfsa2008-03.html
http://www.mozilla.org/security/announce/2008/mfsa2008-01.html
These are the related CVE entries:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413
(* Security fix *)
+--------------------------+
Thu Feb 14 17:37:38 CST 2008
patches/packages/apache-1.3.41-i486-1_slack11.0.tgz:
Upgraded to apache-1.3.41, the last regular release of the
Apache 1.3.x series, and a security bugfix-only release.
For more information about the security issues fixed, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
(* Security fix *)
patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack11.0.tgz:
Upgraded to mod_ssl-2.8.31-1.3.41 to work with apache_1.3.41.
patches/packages/php-4.4.8-i486-1_slack11.0.tgz:
Upgraded to php-4.4.8. This is a security and bugfix release.
More information may be found here:
http://bugs.php.net/43010
This is the last regular release of PHP-4.4.x.
The EOL is scheduled for 2008-08-08.
(* Security fix *)
+--------------------------+
Tue Feb 12 23:07:34 CST 2008
patches/packages/mozilla-firefox-2.0.0.12-i686-1.tgz:
Upgraded to firefox-2.0.0.12.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
patches/packages/seamonkey-1.1.8-i486-1_slack11.0.tgz:
Upgraded to seamonkey-1.1.8.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
+--------------------------+
Mon Dec 31 18:49:52 CST 2007
patches/packages/glibc-zoneinfo-2.3.6-noarch-10_slack11.0.tgz:
Some deja vu. ;-)
Upgraded to tzdata2007k. A new year should be started with the
latest timezone data, so here it is.
Happy holidays, and a happy new year to all! :-)
+--------------------------+
Mon Dec 24 15:54:26 CST 2007
patches/packages/glibc-zoneinfo-2.3.6-noarch-9_slack11.0.tgz:
Upgraded to tzdata2007j. A new year should be started with the
latest timezone data, so here it is.
Happy holidays, and a happy new year to all! :-)
+--------------------------+
Fri Dec 14 18:03:59 CST 2007
patches/packages/mysql-5.0.51-i486-1_slack11.0.tgz:
Upgraded to mysql-5.0.51.
This release fixes several bugs, including some security issues.
However, it also includes a potentially incompatible change, so be sure
to read the release notes before upgrading. It is possible that some
databases will need to be fixed in order to work with this (and future)
releases:
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html
For more information about the security issues fixed, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969
(* Security fix *)
+--------------------------+
Mon Dec 10 12:45:35 CST 2007
patches/packages/samba-3.0.28-i486-1_slack11.0.tgz:
Upgraded to samba-3.0.28.
Samba 3.0.28 is a security release in order to address a boundary failure
in GETDC mailslot processing that can result in a buffer overrun leading
to possible code execution.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015
http://www.samba.org/samba/history/samba-3.0.28.html
http://secunia.com/secunia_research/2007-99/advisory/
(* Security fix *)
+--------------------------+
Mon Dec 3 19:58:51 CST 2007
patches/packages/cairo-1.4.12-i486-1_slack11.0.tgz:
Upgraded to cairo-1.4.12.
This fixes a possible security risk when decoding PNG files that may have
been maliciously tampered with:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5503
(* Security fix *)
patches/packages/samba-3.0.27a-i486-1_slack11.0.tgz:
Upgraded to samba-3.0.27a.
This update fixes a crash bug regression experienced by smbfs clients caused
by the fix for CVE-2007-4572.
+--------------------------+
Sat Dec 1 16:57:18 CST 2007
patches/packages/rsync-2.6.9-i486-1_slack11.0.tgz:
Patched some security bugs.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091
http://lists.samba.org/archive/rsync-announce/2007/000050.html
(* Security fix *)
patches/packages/mozilla-firefox-2.0.0.11-i686-1.tgz: Upgraded to Firefox
2.0.0.11, which fixed a bug introduced by the 2.0.0.10 update in the
<canvas> feature that affected some web pages and extensions.
+--------------------------+
Thu Nov 29 20:19:30 CST 2007
patches/packages/seamonkey-1.1.7-i486-1_slack11.0.tgz:
Upgraded to seamonkey-1.1.7.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
+--------------------------+
Tue Nov 27 16:23:07 CST 2007
patches/packages/mozilla-firefox-2.0.0.10-i686-1.tgz:
Upgraded to firefox-2.0.0.10.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
+--------------------------+
Wed Nov 21 00:55:51 CST 2007
patches/packages/libpng-1.2.23-i486-1_slack11.0.tgz:
Upgraded to libpng-1.2.23.
Previous libpng versions may crash when loading malformed PNG files.
It is not currently known if this vulnerability can be exploited to
execute malicious code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
(* Security fix *)
+--------------------------+
Tue Nov 20 16:49:58 CST 2007
patches/packages/mozilla-thunderbird-2.0.0.9-i686-1.tgz:
Upgraded to thunderbird-2.0.0.9.
This update fixes the following security related issues:
URIs with invalid %-encoding mishandled by Windows (MFSA 2007-36).
Crashes with evidence of memory corruption (MFSA 2007-29).
OK, so the first one obviously does not affect us. :-) The second fix has
to do with the same JavaScript handling problem fixed before in Firefox.
JavaScript is not enabled by default in Thunderbird, and the developers
(at least in MFSA 2007-36) do not recommend turning it on.
For more information, see:
http://www.mozilla.org/security/announce/2007/mfsa2007-36.html
http://www.mozilla.org/security/announce/2007/mfsa2007-29.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339
(* Security fix *)
+--------------------------+
Fri Nov 16 17:22:18 CST 2007
patches/packages/samba-3.0.27-i486-1_slack11.0.tgz:
Upgraded to samba-3.0.27.
Samba 3.0.27 is a security release in order to address a stack buffer
overflow in nmbd's logon request processing, and remote code execution in
Samba's WINS server daemon (nmbd) when processing name registration followed
name query requests.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398
(* Security fix *)
+--------------------------+
Mon Nov 12 01:25:34 CST 2007
patches/packages/kdegraphics-3.5.4-i486-2_slack11.0.tgz:
Patched xpdf related bugs.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
(* Security fix *)
patches/packages/koffice-1.5.2-i486-5_slack11.0.tgz:
Patched xpdf related bugs.
For more information, see:
http://www.kde.org/info/security/advisory-20071107-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
(* Security fix *)
patches/packages/xpdf-3.02pl2-i486-1_slack11.0.tgz:
Upgraded to xpdf-3.02pl2.
The pl2 patch fixes a crash in xpdf.
Some theorize that this could be used to execute arbitrary code if an
untrusted PDF file is opened, but no real-world examples are known (yet).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
(* Security fix *)
+--------------------------+
Sat Nov 10 22:19:02 CST 2007
extra/php5/php-5.2.5-i486-2_slack11.0.tgz:
The security/bug fix update for Slackware 11.0 has been reissued
to fix a zero-length /usr/bin/php-cgi. Thanks to TJ Munro for
pointing this out. We appreciate the fast weekend Q/A. :-)
This package should be installed rather than the previously
released php-5.2.5-i486-1_slack11.0 (unless you do not use
/usr/php/php-cgi in which case either package will do.)
(* Security fix *)
+--------------------------+
Sat Nov 10 15:36:59 CST 2007
patches/packages/mozilla-firefox-2.0.0.9-i686-1.tgz:
Upgraded to firefox-2.0.0.9.
This upgrade improves the stability of Firefox.
For more information, see:
http://developer.mozilla.org/devnews/index.php/2007/11/01/firefox-2009-stability-update-now-available-for-download/
extra/php5/php-5.2.5-i486-1_slack11.0.tgz:
Upgraded to php-5.2.5.
This fixes bugs and security issues.
For more information, see:
http://www.php.net/releases/5_2_5.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887
(* Security fix *)
+--------------------------+
Fri Nov 9 16:34:12 CST 2007
patches/packages/seamonkey-1.1.6-i486-1_slack11.tgz:
Upgraded to SeaMonkey 1.1.6.
This upgrade fixes SeaMonkey's ability to display certain types of web pages.
That's about all we could find about it here:
http://www.mozilla.org/projects/seamonkey/
+--------------------------+
Thu Nov 1 22:03:53 CDT 2007
patches/packages/cups-1.2.11-i486-2_slack12.0.tgz:
Patched cups-1.2.11.
An off-by-one error in ipp.c may allow a remote attacker to crash CUPS
resulting in a denial of service.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351
(* Security fix *)
+--------------------------+
Wed Oct 24 23:02:28 CDT 2007
patches/packages/mozilla-firefox-2.0.0.8-i686-1.tgz:
Upgraded to firefox-2.0.0.8.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
patches/packages/seamonkey-1.1.5-i486-1_slack12.0.tgz:
Upgraded to seamonkey-1.1.5.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
extra/mozilla-2.0.0.6/: Removed. Since the 1.5.0.x branch is no longer
supported, there's little point in leaving it up (at least in /extra...)
+--------------------------+
Wed Oct 10 11:50:50 CDT 2007
patches/packages/glibc-zoneinfo-2.3.6-noarch-8_slack11.0.tgz:
Upgraded to timezone data from tzcode2007h and tzdata2007h.
This contains the latest timezone data from NIST, including some important
changes to daylight savings time in Brasil and New Zealand.
+--------------------------+
Wed Sep 12 15:20:06 CDT 2007
patches/packages/openssh-4.7p1-i486-1_slack11.0.tgz:
Upgraded to openssh-4.7p1.
From the OpenSSH release notes:
"Security bugs resolved in this release: Prevent ssh(1) from using a
trusted X11 cookie if creation of an untrusted cookie fails; found and
fixed by Jan Pechanec."
While it's fair to say that we here at Slackware don't see how this could
be leveraged to compromise a system, a) the OpenSSH people (who presumably
understand the code better) characterize this as a security bug, b) it has
been assigned a CVE entry, and c) OpenSSH is one of the most commonly used
network daemons. Better safe than sorry.
More information should appear here eventually:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
(* Security fix *)
patches/packages/samba-3.0.26a-i486-1_slack11.0.tgz:
Upgraded to samba-3.0.26a.
This fixes a security issue in all Samba 3.0.25 versions:
"Incorrect primary group assignment for domain users using the rfc2307
or sfu winbind nss info plugin."
For more information, see:
http://www.samba.org/samba/security/CVE-2007-4138.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138
(* Security fix *)
extra/php5/php-5.2.4-i486-1_slack11.0.tgz:
Upgraded to php-5.2.4. The PHP announcement says this version fixes over
120 bugs as well as "several low priority security bugs."
Read more about it here:
http://www.php.net/releases/5_2_4.php
(* Security fix *)
+--------------------------+
Sat Aug 18 15:00:32 CDT 2007
patches/packages/tcpdump-3.9.7-i486-1_slack11.0.tgz:
Upgraded to libpcap-0.9.7, tcpdump-3.9.7.
This new version fixes an integer overflow in the BGP dissector which
could possibly allow remote attackers to crash tcpdump or to execute
arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798
(* Security fix *)
+--------------------------+
Fri Aug 10 22:39:13 CDT 2007
patches/packages/gimp-2.2.17-i486-1_slack11.0.tgz:
Upgraded to gimp-2.2.17, which fixes buffer overflows when decoding
certain image types.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949
(* Security fix *)
patches/packages/qt-3.3.8-i486-2_slack11.0.tgz:
Patched to fix several format string bugs.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3388
(* Security fix *)
patches/packages/seamonkey-1.1.4-i486-1_slack11.tgz:
Upgraded to seamonkey-1.1.4.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
patches/packages/xpdf-3.02pl1-i486-1_slack11.0.tgz:
Upgraded to xpdf-3.02pl1. This fixes an integer overflow that could possibly
be leveraged to run arbitrary code if a malicious PDF file is processed.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
(* Security fix *)
+--------------------------+
Fri Aug 3 15:43:35 CDT 2007
patches/packages/mozilla-thunderbird-2.0.0.6-i686-1.tgz:
Upgraded to thunderbird-2.0.0.6.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
+--------------------------+
Wed Aug 1 13:52:51 CDT 2007
extra/mozilla-firefox-2.0.0.6/mozilla-firefox-2.0.0.6-i686-1.tgz:
Upgraded to firefox-2.0.0.6.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
+--------------------------+
Thu Jul 26 15:51:42 CDT 2007
patches/packages/bind-9.3.4_P1-i486-1_slack11.0.tgz:
Upgraded to bind-9.3.4_P1 to fix a security issue.
The query IDs in BIND9 prior to BIND 9.3.4-P1 are cryptographically weak.
For more information on this issue, see:
http://www.isc.org/index.pl?/sw/bind/bind-security.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
(* Security fix *)
+--------------------------+
Tue Jul 24 12:40:16 CDT 2007
patches/packages/mozilla-thunderbird-2.0.0.5-i686-1.tgz:
Upgraded to thunderbird-2.0.0.5. Since Thunderbird shares the browser engine
with Firefox it is susceptible to similar vulnerabilities. This update fixes
the same issues fixed in the recent Firefox patch.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
patches/packages/seamonkey-1.1.3-i486-1_slack11.tgz:
Upgraded to seamonkey-1.1.3. This is presumably a security update, but the
details on the net have been sparse. So far nothing has appeared at the
usual URL, but I would treat this as a security update unless it is announced
as otherwise.
For more information (if/when it appears), see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
+--------------------------+
Thu Jul 19 12:55:48 CDT 2007
extra/mozilla-firefox-2.0.0.5/mozilla-firefox-2.0.0.5-i686-1.tgz:
Upgraded to firefox-2.0.0.5.
This upgrade fixes a couple of minor security bugs. Nobody here is launching
Firefox from Internet Explorer, right? :-)
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
+--------------------------+
Wed Jun 27 01:11:32 CDT 2007
patches/packages/gd-2.0.35-i486-1_slack11.0.tgz:
Upgraded to gd-2.0.35.
This fixes a few possible security issues:
* Possible infinite loop in the PNG reader
* Possible integer overflow in gdImageCreateTrueColor
* Possible crash in gdImageCreateXbm
* Numerous flaws in the GIF reader
(* Security fix *)
+--------------------------+
Wed Jun 13 21:43:03 CDT 2007
patches/packages/libexif-0.6.16-i486-1_slack11.0.tgz:
Upgraded to libexif-0.6.16.
An integer overflow in libexif can crash applications that use the library
on malformed images. The upstream advisory indicates that this flaw could
also be used to execute arbitrary code in the context of the user, but no
exploit is known (by us) to exist among iDefense's researchers or in the
wild. But, as a crash bug and heap overflow one must suppose that the
possibility exists.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168
(* Security fix *)
+--------------------------+
Fri Jun 1 21:50:50 CDT 2007
patches/packages/mozilla-firefox-1.5.0.12-i686-1.tgz:
Upgraded to firefox-1.5.0.12.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
patches/packages/mozilla-thunderbird-1.5.0.12-i686-1.tgz:
Upgraded to thunderbird-1.5.0.12.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
patches/packages/seamonkey-1.1.2-i486-1_slack11.0.tgz:
Upgraded to seamonkey-1.1.2.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
extra/mozilla-firefox-2.0.0.4/mozilla-firefox-2.0.0.4-i686-1.tgz:
Upgraded to firefox-2.0.0.4.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
+--------------------------+
Fri Jun 1 14:56:51 CDT 2007
extra/php5/php-5.2.3-i486-1_slack11.0.tgz:
Upgraded to php-5.2.3.
Here's some basic information about the release from php.net:
"This release continues to improve the security and the stability of the
5.X branch as well as addressing two regressions introduced by the
previous 5.2 releases. These regressions relate to the timeout handling
over non-blocking SSL connections and the lack of HTTP_RAW_POST_DATA in
certain conditions. All users are encouraged to upgrade to this release."
For more complete information, see:
http://www.php.net/releases/5_2_3.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872
(* Security fix *)
+--------------------------+
Fri May 25 11:27:02 CDT 2007
patches/packages/samba-3.0.25a-i486-1_slack11.0.tgz:
Upgraded to samba-3.0.25a. This fixes some major (non-security) bugs in
samba-3.0.25. See the WHATSNEW.txt for details.
+--------------------------+
Wed May 16 16:16:59 CDT 2007
patches/packages/libpng-1.2.18-i486-1_slack11.0.tgz:
Upgraded to libpng-1.2.18.
A grayscale PNG image with a malformed (bad CRC) tRNS chunk will crash some
libpng applications. This vulnerability has been assigned the identifiers
CVE-2007-2445 and CERT VU#684664.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445
(* Security fix *)
+--------------------------+
Mon May 14 18:22:43 CDT 2007
patches/packages/samba-3.0.25-i486-1_slack11.0.tgz:
Upgraded to samba-3.0.25.
Security Fixes included in the Samba 3.0.25 release are:
o CVE-2007-2444
Versions: Samba 3.0.23d - 3.0.25pre2
Local SID/Name translation bug can result in
user privilege elevation
o CVE-2007-2446
Versions: Samba 3.0.0 - 3.0.24
Multiple heap overflows allow remote code execution
o CVE-2007-2447
Versions: Samba 3.0.0 - 3.0.24
Unescaped user input parameters are passed as
arguments to /bin/sh allowing for remote command
execution
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447
(* Security fix *)
+--------------------------+
Mon May 14 16:39:31 CDT 2007
patches/packages/seamonkey-1.1.1-i486-1_slack11.0.tgz:
Upgraded to seamonkey-1.1.1. Removed various symlinks to NSS libraries.
If you plan to rebuild the pidgin package in unsupported/pidgin/stable for
any reason (you shouldn't need to), first upgrade to this package and then
upgradepkg --reinstall the mozilla-nss package.
+--------------------------+
Thu May 10 16:14:34 CDT 2007
testing/packages/bash-3.2.017-i486-1_slack11.0.tgz: Upgraded to bash-3.2.017.
Moved here from /patches/packages. Honestly, I think /testing may be a
better place for bash-3.2 for a while longer -- it's causing trouble with
many old scripts. So, we'll give it a while longer to stabilize and for
scripts to catch up to any syntax changes which may have occured.
+--------------------------+
Tue May 8 22:19:03 CDT 2007
patches/packages/slackpkg-2.60-noarch-1.tgz:
Upgraded to slackpkg-2.60. Thanks to Piter Punk!
+--------------------------+
Mon May 7 21:55:15 CDT 2007
extra/php5/php-5.2.2-i486-1_slack11.0.tgz:
Upgraded to php-5.2.2.
This fixes bugs and improves security.
For more details, see:
http://www.php.net/releases/5_2_2.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
(* Security fix *)
patches/packages/php-4.4.7-i486-1_slack11.0.tgz:
Upgraded to php-4.4.7.
This fixes bugs and improves security.
For more details, see:
http://www.php.net/releases/4_4_7.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
(* Security fix *)
+--------------------------+
Thu May 3 23:02:49 CDT 2007
patches/packages/gnome-icon-theme-2.14.2-noarch-2_slack11.0.tgz:
gnome-icon-theme puts its pkgconfig file in the wrong directory,
which is (was) breaking compiles. Now it is in the right place.
Thanks to Robby Workman for pointing it out.
+--------------------------+
Wed Apr 25 15:19:06 CDT 2007
patches/packages/fontconfig-2.4.2-i486-2_slack11.0.tgz:
Changed the font paths in /etc/fonts/fonts.conf to point to where the
fonts actually are, rather than through a symlink. The symlink
(/usr/X11R6/lib/fonts) *should* be made by the aaa_base package, but
still it's probably best to point to the real location.
Thanks to Zoran Davidovac for the suggestion.
Moved man pages to the proper location and gzipped them.
Created a /var/cache/fontconfig directory.
+--------------------------+
Mon Apr 23 13:32:50 CDT 2007
patches/packages/freetype-2.3.4-i486-2_slack11.0.tgz: Fixed the diffs
for the patented algorithms. Thanks to Eric Hameleers.
+--------------------------+
Fri Apr 20 13:47:39 CDT 2007
patches/packages/x11-6.9.0-i486-14_slack11.0.tgz:
Removed old versions of fc-cache and fc-list.
Somehow a couple of old fontconfig binaries snuck into this package, and
prevent fc-cache from working properly at boot (or any other time).
If you've already installed these upgrades, reinstalling the fontconfig
package will fix the issue. If you do that, there's no need to reinstall
this new x11 package -- it's been fixed so that there's no longer a problem
with the package install order (and because those fc-* binaries didn't
belong there). Sorry for any inconvenience...
Thanks to Petri Kaukasoina for pointing this out.
(* Fix *)
+--------------------------+
Thu Apr 19 18:53:08 CDT 2007
patches/packages/fontconfig-2.4.2-i486-1_slack11.0.tgz:
Upgraded to the fontconfig-2.4.2 to work better with freetype-2.3.4.
patches/packages/freetype-2.3.4-i486-1_slack11.0.tgz:
Fixed an overflow parsing BDF fonts.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
(* Security fix *)
patches/packages/x11-6.9.0-i486-13_slack11.0.tgz:
Recompiled.
patches/packages/x11-devel-6.9.0-i486-13_slack11.0.tgz:
Recompiled.
patches/packages/x11-xdmx-6.9.0-i486-13_slack11.0.tgz:
Recompiled.
patches/packages/x11-xnest-6.9.0-i486-13_slack11.0.tgz:
Recompiled.
patches/packages/x11-xvfb-6.9.0-i486-13_slack11.0.tgz:
Recompiled.
patches/packages/xine-lib-1.1.6-i686-1_slack11.0.tgz:
Upgraded to xine-lib-1.1.6.
This fixes overflows in xine-lib in some little-used media formats in
xine-lib < 1.1.5 and other bugs in xine-lib < 1.1.6. The overflows in
xine-lib < 1.1.5 could definitely cause an application using xine-lib to
crash, and it is theorized that a malicious media file could be made to run
arbitrary code in the context of the user running the application.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246
(* Security fix *)
+--------------------------+
Wed Apr 4 13:25:17 CDT 2007
patches/packages/ktorrent-2.1.3-i486-2_slack11.0.tgz:
Changed --prefix from /usr to /opt/kde.
(Slackware 11.0 still uses that, right? ;-)
Thanks to arny for pointing this out.
patches/packages/qca-tls-1.0-i486-4_slack11.0.tgz:
Recompiled for qt-3.3.8. Sorry to have forgotten about the 3.3.6
plugin location... thanks to Peter Valky for the reminder.
+--------------------------+
Tue Apr 3 15:01:57 CDT 2007
patches/packages/file-4.20-i486-1_slack11.0.tgz:
Upgraded to file-4.20.
This fixes a heap overflow that could allow code to be executed as the
user running file (note that there are many scenarios where file might be
used automatically, such as in virus scanners or spam filters).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
(* Security fix *)
patches/packages/ktorrent-2.1.3-i486-1_slack11.0.tgz:
Upgraded to ktorrent-2.1.3.
A directory traversal vulnerability in torrent.cpp in versions < 2.1.2 may
allow remote attackers to overwrite the ktorrent user's files. A bug in
chunkcounter.cpp in versions < 2.1.2 allows remote attackers to crash
ktorrent and cause heap corruption by the use of an invalid idx value.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385
(* Security fix *)
patches/packages/qt-3.3.8-i486-1_slack11.0.tgz:
Patched an issue where the Qt UTF 8 decoder may in some instances fail to
reject overlong sequences, possibly allowing "/../" path injection or XSS
errors.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
(* Security fix *)
+--------------------------+
Mon Mar 26 20:54:55 CDT 2007
patches/packages/libwpd-0.8.9-i486-1_slack11.0.tgz:
Upgraded to libwpd-0.8.9.
Various overflows may lead to application crashes upon opening a specially
crafted WordPerfect file. This vulnerability could also conceivably be
used by an attacker to execute arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-002
(* Security fix *)
patches/packages/mozilla-firefox-1.5.0.11-i686-1.tgz:
Upgraded to mozilla-firefox-1.5.0.11.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
extra/mozilla-firefox-2.0.0.3/mozilla-firefox-2.0.0.3-i686-1.tgz:
Upgraded to mozilla-firefox-2.0.0.3.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
+--------------------------+
Sat Mar 24 19:08:07 CDT 2007
patches/packages/bash-3.2.015-i486-1_slack11.0.tgz:
Upgraded to bash-3.2 patchlevel 15. This is an optional upgrade
issued due to some problem reports concerning the use of the old-
style backquotes in scripts. For example `ls -l` might fail where
$(ls -l) works (though the real-world examples are more complex
than these, of course. I'd say if you're not having problems with
bash you're better off leaving it alone, but if you're getting an
error like "unexpected EOF looking for matching `", you may wish
to give this package a try.
Thanks much to John Pate for helping with late-night debugging.
+--------------------------+
Sat Mar 17 17:41:43 CDT 2007
Happy St. Patrick's Day!
patches/packages/gaim-1.5.0-i486-3_slack11.0.tgz:
Recompiled against mozilla-nss. Also recompiled the GAIM beta in
the /pub/slackware/unsupported/ directory, if anyone is interested.
patches/packages/mozilla-nss-3.9.2-i486-1_slack11.0.tgz:
Added mozilla-nss to provide a more stable API/ABI for GAIM.
+--------------------------+
Wed Mar 14 19:38:47 CDT 2007
patches/packages/libpng-1.2.16-i486-1_slack11.0.tgz:
Upgraded to libpng-1.2.16. This fixes some problems with the new
ImageMagick package, such as massive memory usage using "convert".
Thanks to Michael Johnson for letting me know about this.
+--------------------------+
Tue Mar 13 18:22:59 CDT 2007
patches/packages/php-4.4.6-i486-1_slack11.0.tgz:
Upgraded to php-4.4.6.
This version of PHP fixes a problem introduced with the last PHP release
where certain applications using "register_globals" may crash.
+--------------------------+
Wed Mar 7 17:57:50 CST 2007
patches/packages/gnupg-1.4.7-i486-1_slack11.0.tgz:
Upgraded to gnupg-1.4.7.
This fixes a security problem that can occur when GnuPG is used incorrectly.
Newer versions attempt to prevent such misuse.
For more information, see:
http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html
(* Security fix *)
patches/packages/x11-6.9.0-i486-12_slack11.0.tgz: Patched.
This update fixes overflows in the dbe and render extensions. This could
possibly be exploited to overwrite parts of memory, possibly allowing
malicious code to execute, or (more likely) causing X to crash.
For information about some of the security fixes, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6103
(* Security fix *)
patches/packages/mozilla-firefox-1.5.0.10-i686-1.tgz:
Upgraded to firefox-1.5.0.10.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
patches/packages/mozilla-thunderbird-1.5.0.10-i686-1.tgz:
Upgraded to thunderbird-1.5.0.10.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
patches/packages/seamonkey-1.0.8-i486-1_slack11.0.tgz:
Upgraded to seamonkey-1.0.8.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
patches/packages/imagemagick-6.3.3_0-i486-1_slack11.0.tgz:
Upgraded to imagemagick-6.3.3-0.
The original fix for PALM image handling has been corrected.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456
(* Security fix *)
extra/mozilla-firefox-2.0.0.2-i686-1.tgz:
Upgraded to firefox-2.0.0.2.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
+--------------------------+
Thu Feb 22 21:13:04 CST 2007
patches/packages/php-4.4.5-i486-1_slack11.0.tgz:
Upgraded to php-4.4.5 which improves stability and security.
For complete details, see http://www.php.net.
For imformation about some of the security fixes, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
(* Security fix *)
extra/php5/php-5.2.1-i486-1_slack11.0.tgz:
Upgraded to php-5.2.1 which improves stability and security.
For imformation about some of the security fixes, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
(* Security fix *)
patches/packages/amarok-1.4.5-i486-1_slack11.0.tgz: Upgraded to
amarok-1.4.5, which fixes the last.fm stream breakage after the
last upgrade to xine-lib.
patches/packages/libgpod-0.4.2-i486-1_slack11.0.tgz: Upgraded to
libgpod-0.4.2. This is needed for the amarok package.
patches/packages/libmtp-0.1.3-i486-1_slack11.0.tgz: Upgraded to
libmtp-0.1.3. This is needed for the amarok package.
+--------------------------+
Sun Feb 18 15:20:36 CST 2007
patches/packages/glibc-zoneinfo-2.3.6-noarch-7_slack11.0.tgz:
Updated with tzdata2007b for impending Daylight Savings Time
changes in the US.
+--------------------------+
Wed Feb 7 12:29:05 CST 2007
patches/packages/samba-3.0.24-i486-1_slack11.0.tgz:
Upgraded to samba-3.0.24. From the WHATSNEW.txt file:
"Important issues addressed in 3.0.24 include:
o Fixes for the following security advisories:
- CVE-2007-0452 (Potential Denial of Service bug in smbd)
- CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
NSS library on Solaris)
- CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)"
Samba is Slackware is vulnerable to the first issue, which can cause smbd
to enter into an infinite loop, disrupting Samba services. Linux is not
vulnerable to the second issue, and Slackware does not ship the afsacl.so
VFS plugin (but it's something to be aware of if you build Samba with
custom options).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454
(* Security fix *)
+--------------------------+
Fri Jan 26 22:46:30 CST 2007
patches/packages/bind-9.3.4-i486-1_slack11.0.tgz:
Upgraded to bind-9.3.4. This update fixes two denial of service
vulnerabilities where an attacker could crash the name server with
specially crafted malformed data.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
(* Security fix *)
+--------------------------+
Wed Jan 24 14:15:07 CST 2007
patches/packages/fetchmail-6.3.6-i486-1_slack11.0.tgz:
Upgraded to fetchmail-6.3.6. This fixes two security issues. First, a bug
introduced in fetchmail-6.3.5 could cause fetchmail to crash. However,
no stable version of Slackware ever shipped fetchmail-6.3.5. Second, a long
standing bug (reported by Isaac Wilcox) could cause fetchmail to send a
password in clear text or omit using TLS even when configured otherwise.
All fetchmail users are encouraged to consider using getmail, or to upgrade
to the new fetchmail packages.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867
(* Security fix *)
+--------------------------+
Sat Dec 23 16:38:26 CST 2006
extra/mozilla-firefox-2.0.0.1/mozilla-firefox-2.0.0.1-i686-1.tgz:
Upgraded to Mozilla Firefox 2.0.0.1.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
patches/packages/mozilla-firefox-1.5.0.9-i686-1.tgz:
Upgraded to firefox-1.5.0.9.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
patches/packages/mozilla-thunderbird-1.5.0.9-i686-1.tgz:
Upgraded to thunderbird-1.5.0.9.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
patches/packages/seamonkey-1.0.7-i486-1_slack11.0.tgz:
Upgraded to seamonkey-1.0.7.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
patches/packages/xine-lib-1.1.3-i686-1_slack11.0.tgz:
Upgraded to xine-lib-1.1.3 which fixes possible security problems
such as a heap overflow in libmms and a buffer overflow in the
Real Media input plugin.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200
(* Security fix *)
+--------------------------+
Wed Dec 6 15:16:06 CST 2006
patches/packages/gnupg-1.4.6-i486-1_slack11.0.tgz:
Upgraded to gnupg-1.4.6. This release fixes a severe and exploitable
bug in earlier versions of gnupg. All gnupg users should update to the
new packages as soon as possible. For details, see the information
concerning CVE-2006-6235 posted on lists.gnupg.org:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html
The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
This update also addresses a more minor security issue possibly
exploitable when GnuPG is used in interactive mode. For more information
about that issue, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
(* Security fix *)
+--------------------------+
Fri Dec 1 15:03:20 CST 2006
patches/packages/libpng-1.2.14-i486-1_slack11.0.tgz:
Upgraded to libpng-1.2.14. This fixes a bug where a specially crafted PNG
file could crash applications that use libpng.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
(* Security fix *)
patches/packages/proftpd-1.3.0a-i486-1_slack11.0.tgz:
Upgraded to proftpd-1.3.0a plus an additional security patch. Several
security issues were found in proftpd that could lead to the execution of
arbitrary code by a remote attacker, including one in mod_tls that does
not require the attacker to be authenticated first.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171
(* Security fix *)
patches/packages/tar-1.16-i486-1_slack11.0.tgz:
Upgraded to tar-1.16.
This fixes an issue where files may be extracted outside of the current
directory, possibly allowing a malicious tar archive, when extracted, to
overwrite any of the user's files (in the case of root, any file on the
system).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
(* Security fix *)
+--------------------------+
Thu Nov 9 18:04:51 CST 2006
extra/mozilla-firefox-2.0/mozilla-firefox-2.0-i686-1.tgz: Moved from /patches,
since it was pointed out that this sets LD_LIBRARY_PATH to use the libraries
in /usr/lib/firefox-2.0/ which aren't compatible with the SeaMonkey libraries
that are used to compile the gxine plugin, breaking it. I'm currently
looking for a workaround for this issue, but meanwhile using firefox-1.5.0.8
with the gxine plugin works just fine. Honestly, I hadn't expected to see
another firefox-1.x release once 2.0 came out or I might not have added it to
Slackware 11.0 after the release...
patches/packages/mozilla-firefox-1.5.0.8-i686-1.tgz:
Upgraded to firefox-1.5.0.8.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
patches/packages/mozilla-thunderbird-1.5.0.8-i686-1.tgz:
Upgraded to thunderbird-1.5.0.8.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
patches/packages/seamonkey-1.0.6-i486-1_slack11.0.tgz:
Upgraded to seamonkey-1.0.6.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
+--------------------------+
Mon Nov 6 21:29:24 CST 2006
patches/packages/bind-9.3.2_P2-i486-1_slack11.0.tgz:
Upgraded to bind-9.3.2-P2. This fixes some security issues related to
previous fixes in OpenSSL. The minimum OpenSSL version was raised to
OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws
in older versions (these patches were already issued for Slackware). If you
have not upgraded yet, get those as well to prevent a potentially exploitable
security problem in named. In addition, the default RSA exponent was changed
from 3 to 65537. RSA keys using exponent 3 (which was previously BIND's
default) will need to be regenerated to protect against the forging
of RRSIGs.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
(* Security fix *)
+--------------------------+
Fri Nov 3 23:17:57 CST 2006
extra/php5/php-5.2.0-i486-1.tgz: Upgraded to php-5.2.0.
This release "includes a large number of new features, bug fixes and security
enhancements." In particular, when the UTF-8 charset is selected there are
buffer overflows in the htmlspecialchars() and htmlentities() that may be
exploited to execute arbitrary code.
More details about the vulnerability may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465
Further details about the release can be found in the release announcement:
http://www.php.net/releases/5_2_0.php
Some syntax has changed since PHP 5.1.x. An upgrading guide may be found at
this location:
http://www.php.net/UPDATE_5_2.txt
This package was placed in /extra rather than /patches to save people from
possible surprises with automated upgrade tools, since users of PHP4 and
PHP 5.1.x applications may need to make some code changes before things will
work again.
(* Security fix *)
patches/packages/php-4.4.4-i486-4_slack11.0.tgz: Patched the UTF-8 overflow.
More details about the vulnerability may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465
(* Security fix *)
patches/packages/screen-4.0.3-i486-1_slack11.0.tgz: Upgraded to screen-4.0.3.
This addresses an issue with the way screen handles UTF-8 character encoding
that could allow screen to be crashed (or possibly code to be executed in the
context of the screen user) if a specially crafted sequence of pseudo-UTF-8
characters are displayed withing a screen session.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573
(* Security fix *)
+--------------------------+
Sat Oct 28 23:52:38 CDT 2006
patches/packages/mozilla-firefox-2.0-i686-1.tgz:
Upgraded to Mozilla Firefox 2.0. This is a completely optional enhanced
feature package update. Usually I'd reserve this space only for security
patches (which this is not), but Firefox 2.0 is just so cool that I couldn't
resist upgrading it, especially with Slackware 11.0 so recently released.
+--------------------------+
Wed Oct 25 15:45:46 CDT 2006
patches/packages/qca-tls-1.0-i486-3_slack11.0.tgz: Rebuilt to place the plugin
in /usr/lib/qt-3.3.7/plugins/crypto/.
patches/packages/qt-3.3.7-i486-1_slack11.0.tgz: Upgraded to qt-x11-free-3.3.7.
This fixes an issue with Qt's handling of pixmap images that causes Qt linked
applications to crash if a specially crafted malicious image is loaded.
Inspection of the code in question makes it seem unlikely that this could
lead to more serious implications (such as arbitrary code execution), but it
is recommended that users upgrade to the new Qt package.
For more information, see:
http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811
(* Security fix *)
+--------------------------+
Sun Oct 1 23:50:53 CDT 2006
Slackware 11.0 is released. Thanks to everyone who helped out and made this
release possible. If I forgot you in the ChangeLog, mea culpa, but you know
who you are, and thanks. :-)
Enjoy! -P.
+--------------------------+
Sun Oct 1 16:45:45 CDT 2006
l/jre-1_5_0_09-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition
Runtime Environment Version 5.0, Release 9.
extra/bittornado/bittornado-0.3.15-noarch-1.tgz:
Upgraded to bittornado-0.3.15.
extra/jdk-1.5.0_09/jdk-1_5_0_09-i586-1.tgz: Upgraded to Java(TM) 2 Platform
Standard Edition Development Kit Version 5.0, Release 9.
+--------------------------+
Sat Sep 30 22:05:20 CDT 2006
extra/linux-smp-2.6.17.13/kernel-modules-smp-2.6.17.13-i686-3.tgz:
This had been named i486 when it's really an i686 arch package.
+--------------------------+
Sat Sep 30 19:35:24 CDT 2006
a/etc-11.0-noarch-2.tgz: Added missing comment marks (#) for distcc ports
in /etc/services. Thanks to Michiel Broek.
n/popa3d-1.0.2-i486-2.tgz: Do better checking of passwd and group to avoid
adding redundant entries to these files. Thanks to Menno Duursma.
n/sendmail-8.13.8-i486-4.tgz: Do better checking of passwd and group to avoid
adding redundant entries to these files. Thanks to Menno Duursma.
n/sendmail-cf-8.13.8-noarch-4.tgz: Rebuilt.
extra/linux-smp-2.6.17.13/kernel-generic-smp-2.6.17.13-i686-3.tgz:
Recompiled to add missing SMP/SMT support.
Thanks to arny for noticing that I'd started with the wrong .config.
extra/linux-smp-2.6.17.13/kernel-headers-smp-2.6.17.13-i386-3.tgz: Rebuilt.
extra/linux-smp-2.6.17.13/kernel-modules-smp-2.6.17.13-i486-3.tgz: Recompiled.
+--------------------------+
Sat Sep 30 01:52:09 CDT 2006
testing/packages/fontconfig-2.4.1-i486-1.tgz: Upgraded to fontconfig-2.4.1.
Thanks to Fr?d?ric L. W. Meunier for pointing this out.
l/shared-mime-info-0.19-i486-1.tgz: Upgraded to shared-mime-info-0.19.
+--------------------------+
Fri Sep 29 23:41:35 CDT 2006
l/libgpod-0.4.0-i486-1.tgz: Upgraded to libgpod-0.4.0. Thanks to Shilo Bacca.
l/pango-1.12.4-i486-1.tgz: Fixed bogus empty GPOS table warning and other
minor bugs.
extra/linux-smp-2.6.17.13/kernel-generic-smp-2.6.17.13-i686-2.tgz:
Rebuilt SMP kernels setting -smp in CONFIG_LOCALVERSION, not EXTRAVERSION.
Thanks to Tom B. for snapping me out of my old-skool ways.
extra/linux-smp-2.6.17.13/kernel-headers-smp-2.6.17.13-i386-2.tgz: Rebuilt.
extra/linux-smp-2.6.17.13/kernel-modules-smp-2.6.17.13-i486-2.tgz: Rebuilt.
testing/packages/iptables-1.3.6-i486-1.tgz: This one appeared too late to be
considered for mainline (not enough test time), but it _should_ be stable.
testing/packages/wpa_supplicant-0.4.9-i486-1.tgz: Added wpa_supplicant-0.4.9.
Thanks to Eric Hameleers for a good head-start on this one.
+--------------------------+
Fri Sep 29 02:10:15 CDT 2006
a/openssl-solibs-0.9.8d-i486-1.tgz: Upgraded to shared libraries from
openssl-0.9.8d. See openssl package update below.
(* Security fix *)
n/openssh-4.4p1-i486-1.tgz: Upgraded to openssh-4.4p1.
This fixes a few security related issues. From the release notes found at
http://www.openssh.com/txt/release-4.4:
* Fix a pre-authentication denial of service found by Tavis Ormandy,
that would cause sshd(8) to spin until the login grace time
expired.
* Fix an unsafe signal hander reported by Mark Dowd. The signal
handler was vulnerable to a race condition that could be exploited
to perform a pre-authentication denial of service. On portable
OpenSSH, this vulnerability could theoretically lead to
pre-authentication remote code execution if GSSAPI authentication
is enabled, but the likelihood of successful exploitation appears
remote.
* On portable OpenSSH, fix a GSSAPI authentication abort that could
be used to determine the validity of usernames on some platforms.
Links to the CVE entries will be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052
After this upgrade, make sure the permissions on /etc/rc.d/rc.sshd are set
the way you want them. Future upgrades will respect the existing permissions
settings. Thanks to Manuel Reimer for pointing out that upgrading openssh
would enable a previously disabled sshd daemon.
Do better checking of passwd, shadow, and group to avoid adding
redundant entries to these files. Thanks to Menno Duursma.
(* Security fix *)
n/openssl-0.9.8d-i486-1.tgz: Upgraded to openssl-0.9.8d.
This fixes a few security related issues:
During the parsing of certain invalid ASN.1 structures an error
condition is mishandled. This can result in an infinite loop which
consumes system memory (CVE-2006-2937). (This issue did not affect
OpenSSL versions prior to 0.9.7)
Thanks to Dr S. N. Henson of Open Network Security and NISCC.
Certain types of public key can take disproportionate amounts of
time to process. This could be used by an attacker in a denial of
service attack (CVE-2006-2940).
Thanks to Dr S. N. Henson of Open Network Security and NISCC.
A buffer overflow was discovered in the SSL_get_shared_ciphers()
utility function. An attacker could send a list of ciphers to an
application that uses this function and overrun a buffer.
(CVE-2006-3738)
Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
A flaw in the SSLv2 client code was discovered. When a client
application used OpenSSL to create an SSLv2 connection to a malicious
server, that server could cause the client to crash (CVE-2006-4343).
Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
Links to the CVE entries will be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
(* Security fix *)
zipslack/zipslack.zip: Rebuilt ZipSlack with new openssl-solibs and
openssh packages.
+--------------------------+
Thu Sep 28 03:33:49 CDT 2006
ap/vorbis-tools-1.1.1-i486-3.tgz: Fixed UTF8 support.
Thanks to Igor Pashev for providing a simple patch from Gene Pavlovsky.
kernels/huge26.s/*: Added support for USB and IEEE1394 storage devices.
kernels/test26.s/*: Added support for USB and IEEE1394 storage devices.
Thanks to Tais M. Hansen for pointing out that these kernels lacked support
for USB storage devices. Using these kernels with udev may cause a few
warnings at boot time as udev attempts to load the already built-in support,
but these seem to be harmless.
+--------------------------+
Tue Sep 26 05:57:52 CDT 2006
a/aaa_base-11.0.0-noarch-2.tgz: Updated the "Welcome to Slackware" email.
Added /media directory, subdirectories, and symbolic links recommended by
the FHS, along with README files to help me understand the difference
between this directory and /mnt. ;-)
a/etc-11.0-noarch-1.tgz: Fixed a bug in /etc/csh.login that caused repeated
use of "csh -l" to duplicate search directories in the $path. Clearly
/etc/csh.login should set the path just as /etc/profile does.
This bug dates back at at least 1997, maybe earlier, so congratulations to
Dimitar Zhekov for winning this release's "smite the oldest bug" award.
Added distcc port to /etc/services. Thanks to Erik Jan Tromp and
Robby Workman for the continual reminders. ;-)
a/pkgtools-11.0.0-i486-4.tgz: Made upgradepkg a little bit more gentle -- if
it is run on a corrupted .tgz it will no longer remove the original package.
Thanks to Ric Anderson for the report.
Added rc.scanluns to the services setup menu.
a/sysvinit-2.84-i486-69.tgz: Fixed path to /sbin/initscript shown in init.8
(again). Thanks to Robby Workman.
Changed rc.S to run rc.serial according to whether the script is executable.
a/util-linux-2.12r-i486-5.tgz: Treat /etc/rc.d/rc.serial (to preserve file
permissions), /etc/serial.conf, and /etc/fdprm as '.new' config files.
ap/lm_sensors-2.10.0-i486-3.tgz: Fixed hardcoded /usr/local paths in
sensors-detect. Thanks to Jakub Jankowski.
kde/kdebase-3.5.4-i486-7.tgz: Patched to fix media:/ URLs in Konqueror without
requiring HAL. Thanks to everyone involved in reporting this issue and
seeing that it was addressed:
http://bugs.kde.org/show_bug.cgi?id=132281
A big thanks to coolo (Stephan Kulow) for coming up with a patch. :-)
zipslack/zipslack.zip: Added ZipSlack.
+--------------------------+
Sat Sep 23 03:45:30 CDT 2006
a/sysvinit-2.84-i486-68.tgz: In rc.M, start rc.hplip if found. Fix the path
to /sbin/initscript shown in init.8. Thanks to Robby Workman.
xap/sane-1.0.18-i486-3.tgz: Added HPLIP backend (hpaio) to dll.conf.
testing/packages/cups-1.2.4/cups-1.2.4-i486-1.tgz: Upgraded to cups-1.2.4.
The web site says that more problems were fixed. I would still approach
this one cautiously, though I'm sure it (or its descendent) will be used
in Slackware 11.1. Unless you have a reason to need this now, I'd wait.
testing/packages/hplip-1.6.9-i486-1.tgz: Added hplip-1.6.9, a complete print,
scan, and fax system for HP devices. This isn't being merged into the AP
series as a replacement for hpijs solely because I'd like to see it get more
testing first. It is working perfectly here. Thanks to Robby Workman for
doing the vast majority of the work on this package. :-)
testing/packages/gutenprint-5.0.0-i486-2.tgz: Don't overwrite GIMP's "print"
plugin -- instead install the plugin as "gutenprint".
Thanks again to Stefano Vesa.
+--------------------------+
Fri Sep 22 01:57:52 CDT 2006
n/portmap-5.0-i486-3.tgz: In rc.rpc, fixed restart function.
Thanks to Grant.
+--------------------------+
Thu Sep 21 04:05:03 CDT 2006
This is still Slackware 11.0 release candidate 5 (for now), and is still the
last release candidate, scout's honor. We are nearly there. :-)
a/devs-2.3.1-noarch-25.tgz: Added /dev/i2c-* devices.
Thanks to Jean Delvare.
Just a reminder on devs, as I've had some email about it. As it stands, devs
is required to boot even if the machine runs a 2.6+ kernel and uses udev.
a/hotplug-2004_09_23-noarch-11.tgz: Don't allow dhcpcd -k to make noise at
shutdown time if dhcpcd is not running (as in cases where it was shut down
manually, or the lease time was infinite).
a/logrotate-3.7.4-i486-1.tgz: Upgraded to logrotate-3.7.4. After reading the
diff -u and doing some test rotations, this seems safe to include for 11.0.
Suggested by Mateus C?sar Gr?ess and Rafal Lorenc.
Rotate /var/log/btmp. Thanks to James Michael Fultz.
a/pkgtools-11.0.0-i486-3.tgz: Stripped /bin/dialog. Thanks to mRgOBLIN for
saving us 18K of hard drive space. :-)
In setup.services, rename rc.portmap to rc.rpc. This is no longer started
by default. Instead you must turn it on (only if you plan on mounting NFS
partitions manually). Otherwise, it will be run regardless of exec perms if
NFS shares or mounts are detected at boot time.
ap/diffstat-1.43-i486-1.tgz: Added Thomas Dickey's diffstat utility.
Suggested by Michael Iatrou.
ap/lm_sensors-2.10.0-i486-2.tgz: Edited slack-desc since the package contains
only the tools for lm_sensors, not the drivers. In the case of the 2.6+
kernel, these are included with the kernel-modules package. For 2.4, the
modules would have to be built by the end user. Also, there is still no
startup script included for this package, but that's something that will be
looked at for the next development cycle. Removed the mkdev.sh after
including the i2c devices in the devs package.
Thanks again to Jean Delvare for the advice, and for his work maintaining
lm_sensors upstream. :-)
n/mailx-12.1-i486-1.tgz: Upgraded to mailx-12.1 from nail-11.25 (renamed).
Thanks to Gerardo Exequiel Pozzi for pointing this out.
n/nfs-utils-1.0.10-i486-3.tgz: Moved rpc.lockd and rpc.statd to /sbin.
Reworked rc.nfsd to make use of the rc.rpc script in "portmap".
n/portmap-5.0-i486-2.tgz: Replaced /etc/rc.d/rc.portmap with /etc/rc.d/rc.rpc.
This script will start rpc.portmap, rpc.lockd, and rpc.statd. All of these
are needed to make proper use of NFS from either the server or client side,
so this approach should be more likely to work out of the box. Note that
nfs-utils will also be required in order to use rc.rpc or NFS, even as a
client. If rc.rpc is needed, another script will run it as long as it is
readable. The only reason to make rc.rpc executable would be to run it at
boot time when there are no shares in /etc/exports and no mounts in
/etc/fstab, but you wish to be able to mount NFS partitions manually.
Thanks to Arno G. Schielke and Cesar Suga for suggesting this idea.
n/tcpip-0.17-i486-39.tgz: Don't allow dhcpcd -k to make noise at shutdown
time if dhcpcd is not running (as in cases where it was shut down manually,
or the lease time was infinite).
Added support in rc.inet1 and rc.inet1.conf for adjustable DHCP_TIMEOUT.
Thanks to Eric Hameleers.
x/ttf-indic-fonts-0.4.7.1-noarch-1.tgz: Added TTF fonts for displaying Indic
scripts. This package supports Bengali, Devanagari, Gujarati, Kannada,
Malayalam, Oriya, Punjabi, Tamil, and Telugu.
For information about fully enabling Indic support (including input), see:
/usr/doc/Linux-HOWTOs/Indic-Fonts-HOWTO.
isolinux/initrd.img: Patched installer's network script to look for
network26.dsk if 2.6.17.13 (huge26.s) is used to boot/install.
Thanks to Piter Punk for work done (long ago) to fix probing for 2.6 modules.
Thanks to Eric Hameleers for helping debug loopback mounts in the installer
when using the 2.6.17.13 (huge26.s) kernel.
NFS installs with the test26.s kernel are not supported by this system,
but should work if you put the module(s) you need on a floppy or otherwise
make them available and load them manually.
isolinux/network26.dsk: Added network26.dsk for NFS installs with huge26.s.
Don't try to put this one on a floppy disk, folks. ;-)
kernels/huge26.s/*: Added built-in NLS (CONFIG_NLS_CODEPAGE_437,
CONFIG_NLS_ISO8859_1, and CONFIG_NLS_UTF8) to allow FAT filesystems to
loopback mount for NFS installs.
kernels/test26.s/*: Added 2.6.18 test26.s kernel.
rootdisks/install.1: Patched installer's network script.
rootdisks/install.2: Rebuilt.
rootdisks/install.zip: Patched installer's network script.
testing/packages/flex-2.5.33-i486-1.tgz: Added flex-2.5.33.
Requested by Alberto Sim?es.
testing/packages/gutenprint-5.0.0-i486-1.tgz: Added gutenprint-5.0.0.
This package was formerly known as "gimp-print", and will likely take the
place of gimp-print in the AP series after going through testing.
Suggested by Stefano Vesa.
testing/packages/linux-2.6.18/kernel-generic-2.6.18-i486-1.tgz:
Added Linux 2.6.18 generic kernel.
testing/packages/linux-2.6.18/kernel-headers-2.6.18-i386-1.tgz:
Added Linux 2.6.18 kernel headers.
testing/packages/linux-2.6.18/kernel-modules-2.6.18-i486-1.tgz
Added Linux 2.6.18 kernel modules.
testing/packages/linux-2.6.18/kernel-source-2.6.18-noarch-1.tgz
Added Linux 2.6.18 kernel source.
+--------------------------+
Tue Sep 19 18:13:09 CDT 2006
l/arts-1.5.4-i486-2.tgz: Patched an annoying bug where audio programs such
as ogg123 would not work unless KDE had been run first. I took several
stabs with me sword at ripping out kdebase's surprise HAL requirement as
well, but the best I could achieve was "Internal Error". Aarrr!!
+--------------------------+
Tue Sep 19 14:07:49 CDT 2006
a/gzip-1.3.5-i486-1.tgz: Upgraded to gzip-1.3.5, and fixed a variety of bugs.
Some of the bugs have possible security implications if gzip or its tools are
fed a carefully constructed malicious archive. Most of these issues were
recently discovered by Tavis Ormandy and the Google Security Team. Thanks
to them, and also to the ALT and Owl developers for cleaning up the patch.
For further details about the issues fixed, please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338
(* Security fix *)
n/procmail-3.22-i486-2.tgz: Added support for large (2GB+) mailboxes.
Thanks to Dominik L. Borkowski.
isolinux/initrd.img: Patched installer to allow splitting a package series
over two or more pieces of optical media. If a package directory contains
a file named README_SPLIT.TXT, then it will be continued on the next disc.
An example of such a file can be found in /isolinux.
Thanks very much to Eric Hameleers for the initial patch and testing!
rootdisks/install.1: Rebuilt.
rootdisks/install.2: Patched to allow a split package series.
rootdisks/install.zip: Patched to allow a split package series.
+--------------------------+
Mon Sep 18 15:18:07 CDT 2006
l/neon-0.25.5-i486-2.tgz: Enabled missing SSL support.
Thanks much to Mircea Baciu!
+--------------------------+
Mon Sep 18 05:33:24 CDT 2006
Slackware 11.0 release candidate 5. This is the last one, scout's honor.
a/aaa_elflibs-11.0.0-i486-9.tgz: Stripped /lib/libbz2.so.1.0.3, added
/lib/libdm.so.0.0.4.
a/bzip2-1.0.3-i486-3.tgz: Stripped /lib/libbz2.so.1.0.3.
ap/espgs-8.15.3svn185-i486-1.tgz: Upgraded to espgs-8.15.3svn185.
OK, I don't like using repo versions at all, much less inserting them at the
last second. But, it seems like par for the course for ghostscript and its
offshoots where there wasn't much choice about shipping 8.15rc4 in Slackware
10.2. In this case, building from svn fixes two critical problems: missing
support for CJK, and not correctly printing Umlauts with certain fonts.
Thanks to Shin-ichi Abe and Matthias Bachert.
If this version of espgs creates new problems that are worse than these,
please let me know as soon as possible. It's tested here and seems stable.
ap/vim-7.0.109-i486-1.tgz: Upgraded to vim-7.0.109.
d/subversion-1.4.0-i486-1.tgz: After a couple convincing assurances that this
was a safe and ABI/API compatible upgrade, I decided to allow this upgrade.
Thanks to Malcolm Rowe and Janusz Dziemidowicz.
l/desktop-file-utils-0.11-i486-1.tgz: Added desktop-file-utils-0.11.
The next XFce will need this freedesktop.org package.
Thanks to Robby Workman for the information.
l/libexif-0.6.13-i486-2.tgz: Fixed libexif.pc includedir.
Thanks to Charles Shannon Hendrix for pointing this out.
l/libtheora-1.0alpha7-i486-1.tgz: Added libtheora-1.0alpha7. This links with
(as far as I know) optional plugins only and is a safe last-second addition.
Furthermore, the Theora team has promised that files encoded with this
version of the codec will always be playable. The format is stable and ready
for production use, so keeping it out of 11.0 due to the "alpha" would be
plain silly. Suggested by Edo Hikmahtiar, and Diogo R.
l/libungif-4.1.4-i486-3.tgz: Added the utilities in /usr/bin, some of which
are used to detect that annoying image spam that's on the rise...
Thanks to Joran Kvalvaag.
l/neon-0.25.5-i486-1.tgz: Added neon package, split from subversion-deps-1.4.0.
x/dejavu-ttf-2.10-noarch-1.tgz: Upgraded to dejavu-ttf-2.10.
xap/vim-gvim-7.0.109-i486-1.tgz: Upgraded to vim-7.0.109.
Once again, this is just an add-on for the VIM package in ap. :-)
xap/xine-lib-1.1.2-i686-2.tgz: Recompiled against libtheora to include the
Theora codec plugin. Theora testsuite passed.
xap/xine-ui-0.99.4-i686-3.tgz: Patched an issue where xine-ui could block
input to Konsole. Thanks to Nuts Mueller.
extra/linux-smp-2.6.17.13/kernel-headers-smp-2.6.17.13-i386-1.tgz:
Fixed slack-desc typo. No actual rebuild, so no -$BUILD bump.
Thanks to David Somero.
isolinux/initrd.img: Fixed swap setup in the "Cancel" or unselecting all swap
partitions case. Thanks to Marcus Moeller.
rootdisks/install.1: Rebuilt.
rootdisks/install.2: Fixed swap setup.
rootdisks/install.zip: Fixed swap setup.
+--------------------------+
Sat Sep 16 23:08:49 CDT 2006
l/libgpod-0.3.2-i486-2.tgz: Added --enable-eject-command and
--enable-unmount-command. Thanks to Kody K.
kde/amarok-1.4.3-i486-4.tgz: Recompiled with a patch to fix non-latin1
playlist corruption by forcing UTF8.
Thanks to guilherme and the kind folks on #amarok.
Added explicit --emable-libgpod. Thanks to Kody K.
kde/kdeutils-3.5.4-i486-2.tgz: Fixed ark crash due to race condition on SMP
machines. Thanks to JaguarWan.
n/rdesktop-1.5.0-i486-1.tgz: Upgraded to rdesktop-1.5.0.
Thanks to Andrew Fuller for pointing it out.
x/x11-6.9.0-i486-11.tgz: Fixed an overflow in CID encoded Type1 font parsing.
For further reference, see:
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740
(* Security fix *)
Also, fixed French Canadian keymap variant. Thanks to Patrice Tremblay.
x/x11-devel-6.9.0-i486-11.tgz: Recompiled.
x/x11-xdmx-6.9.0-i486-11.tgz: Recompiled.
x/x11-xnest-6.9.0-i486-11.tgz: Recompiled.
x/x11-xvfb-6.9.0-i486-11.tgz: Recompiled.
extra/linux-smp-2.6.17.13/kernel-generic-smp-2.6.17.13-i686-1.tgz:
This is an optional kernel with support for SMP (up to 16), dual core
optimizations, and SMT (Hyperthreading). Fully tuned and ready to go.
extra/linux-smp-2.6.17.13/kernel-headers-smp-2.6.17.13-i386-1.tgz
Optional kernel headers. There will only be needed to compile a few things,
such as apps and libraries that use ALSA (it contains the /usr/include/sound
directory that for 2.4.x kernels is supplied in the alsa-driver package).
extra/linux-smp-2.6.17.13/kernel-modules-smp-2.6.17.13-i686-1.tgz:
Kernel modules for Linux 2.6.17.13-smp, including ALSA modules.
These install into /lib/modules/2.6.17.13-smp/.
+--------------------------+
Thu Sep 14 19:41:22 CDT 2006
d/git-1.4.2.1-i486-1.tgz: Upgraded to git-1.4.2.1.
xap/mozilla-firefox-1.5.0.7-i686-1.tgz: Upgraded to firefox-1.5.0.7.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
xap/mozilla-thunderbird-1.5.0.7-i686-1.tgz: Upgraded to thunderbird-1.5.0.7.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
xap/seamonkey-1.0.5-i486-1.tgz: Upgraded to seamonkey-1.0.5.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
+--------------------------+
Thu Sep 14 03:57:37 CDT 2006
a/glibc-solibs-2.3.6-i486-6.tgz: Recompiled.
a/glibc-zoneinfo-2.3.6-noarch-6.tgz: Upgraded to tzcode2006k and tzdata2006k.
Added "ldconfig -r ." to install script. Thanks to Stuart Winter.
a/openssl-solibs-0.9.8b-i486-2.tgz: Patched an issue where it is possible to
forge certain kinds of RSA signatures. The patch is used instead of an
upgrade to openssl-0.9.8c as it was issued later with a corrected fix.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
(* Security fix *)
a/udev-097-i486-10.tgz: If there's no udevd daemon, don't allow rc.udev to
try to start. Thanks to Eugene Crosser.
d/pkgconfig-0.21-i486-3.tgz: Added {curly brackets} around PKG_CONFIG_PATH
in /etc/profile.d/pkgconfig.*. Thanks to R?my Pagniez.
l/glibc-2.3.6-i486-6.tgz: Recompiled against 2.4.33.3 and 2.6.17.13 headers.
(these kernel versions are now "golden" for release)
l/glibc-i18n-2.3.6-noarch-6.tgz: Recompiled.
l/glibc-profile-2.3.6-i486-6.tgz: Recompiled.
n/openssl-0.9.8b-i486-2.tgz: Patched an issue where it is possible to
forge certain kinds of RSA signatures. The patch is used instead of an
upgrade to openssl-0.9.8c as it was issued later with a corrected fix.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
(* Security fix *)
kernels/huge26.s/*: Added NFSv3 support.
+--------------------------+
Tue Sep 12 06:29:32 CDT 2006
a/sysvinit-2.84-i486-67.tgz: Sleep 3 seconds before mounting non-root
partitions. This was a sleep that I'd removed earlier in the devel cycle to
see what it would break (if anything), and the answer is some external hard
drives that take a couple seconds to hotplug. Thanks to Fabio Busatto.
In rc.M, restart udevd when returning from single user mode.
Thanks to James Michael Fultz.
Patched initscript.5 man page to show proper /sbin/initscript path.
Thanks to Robby Workman.
Found another assumption that the kernel has hotplug support in the rc.udev
stop function. Thanks again to Gary Hawco for the original bug report.
a/udev-097-i486-9.tgz: Uncommented dmsetup rule for LVM2 -- it doesn't seem
to hurt anything. Thanks to Dex Filmore.
ap/diffutils-2.8.1-i486-3.tgz: Fixed sdiff.1 man page.
Thanks to James Michael Fultz.
kde/amarok-1.4.3-i486-3.tgz: Recompiled against new libmtp.
l/libmtp-0.0.18-i486-1.tgz: Upgraded to libmtp-0.0.18.
l/libwpd-0.8.6-i486-1.tgz: Upgraded to libwpd-0.8.6.
Thanks to Eugene C. for the CXXFLAGS advice.
n/imapd-4.64-i486-3.tgz: Added missing md5.txt mentioned in the imapd man
page, plus a note about additional (large) documentation in the sources.
The docs directory was also moved to /usr/doc/imapd4.64.
Thanks to Mark Flacy for reminding me about this one.
n/rdesktop-1.4.1-i486-1.tgz: Added rdesktop-1.4.1. Yes, we're in release
candidates, but if this doesn't work at least it is small. :-) I've had
many, many requests, and it is needed by krdc, so that's my rationale.
Oh -- and thanks to everyone for positive feedback on libgpod. I also fixed
the typo in my request for feedback below. I hope that doesn't break too
many ChangeLog parsing scripts...
n/stunnel-4.17-i486-1.tgz: Upgraded to stunnel-4.17.
Thanks to Cal Peake for the notice.
+--------------------------+
Mon Sep 11 02:10:19 CDT 2006
a/module-init-tools-3.2.2-i486-2.tgz: In /etc/modprobe.d/, if there's no
/etc/modprobe.d/modprobe.conf file, try to make a link to ../modprobe.conf.
This will retain legacy support for existing /etc/modprobe.conf files.
Thanks very much to Ivan Kalvatchev for persisting with this bug report
until I finally saw the light of day. :-)
l/libmtp-0.0.16-i486-2.tgz: Fixed hotplug and udev support.
Thanks to Carlos Corbacho for the help on this -- I knew it wasn't
working yet and was hoping someone would step up. Wow, that was fast!
l/libnjb-2.2.5-i486-2.tgz: Fixed hotplug and udev support.
Again, thanks to Carlos Corbacho. Now my NJB3 works. :-)
Anyone have any yea/nay feedback on libgpod and amaroK?
+--------------------------+
Sat Sep 9 14:56:38 CDT 2006
kernels/huge26.s/*: Upgraded huge26.s kernel to 2.6.17.13.
extra/linux-2.6.17.13/kernel-generic-2.6.17.13-i486-1.tgz:
Upgraded to Linux 2.6.17.13 generic kernel.
extra/linux-2.6.17.13/kernel-headers-2.6.17.13-i386-1.tgz:
Upgraded to Linux 2.6.17.13 kernel headers.
extra/linux-2.6.17.13/kernel-modules-2.6.17.13-i486-1.tgz
Upgraded to Linux 2.6.17.13 kernel modules.
extra/linux-2.6.17.13/kernel-source-2.6.17.13-noarch-1.tgz
Upgraded to Linux 2.6.17.13 kernel source.
[ Andrea was asleep when I noticed these, and I didn't want to find out
what happens when one wakes one's sleeping wife and asks her to start
building kernels, so... ]
+--------------------------+
Sat Sep 9 01:18:53 CDT 2006
d/ruby-1.8.4-i486-2.tgz: As it would so happen, ruby-1.8.5 fixes a security
problem, but also breaks a considerable number of things, including Ruby on
Rails (RoR being one of the biggest appeals of Ruby), and other applications
that make interesting use of it. So, for now anyway -- back to 1.8.4.
kde/amarok-1.4.3-i486-2.tgz: This was the only thing that touched the tainted
Ruby. ;-) Seriously, this will all get straightened out, but we have a
release to do. Should we wait for everyone to adopt the new Ruby API/ABI?
Or must it be: "works" / "secure" -- pick one? :-) It's always best to use
the right tool for the job or you can get hurt. Remember shop class?
kde/kdesdk-3.5.4-i486-2.tgz: Recompiled with configure flags that allow the
apr libraries to be found. Thanks to Giacomo Lozito.
y/bsd-games-2.13-i486-8.tgz: "pom" now supports a reasonable number of digits
with a command line option, as noted in the man page. Default behavior has
not been changed (it is still a rounded integer percentage). My own patch
didn't live long enough to see birth in a stable release, but who cares. :-)
Thanks to Eric Hameleers (who loves a good time-waster) for the better patch.
I knew he wouldn't be able to resist this one. ;->
bootdisks/raid.s: Reverted to the old megaraid driver since regaraid2 is
already in the scsi2.s bootdisk.
kernels/huge26.s/*: Fixed USB keyboard support in the installer (at least
tested on CD/DVD media). Thanks to Bruce Hill, Jr. for pointing out that
this was no longer working.
Please note that if you install with this you still need kernel-modules
from /extra, and that there's no alsa-driver for this kernel because it's
all built into kernel-modules and kernel-headers (well, and the kernel :-).
ALSA 1.0.11/12 specifically DO NOT support these newer kernels. Check out
the SUPPORTED_KERNELS file in the alsa-driver source. Feel free to play
with various combinations (many DO work, but without any noticable
improvement to me). I try very hard to not break your sound system, but
I'm already bending the rules with alsa-driver-1.0.11_2.4.33.3...
Also, if you find bugs in stuff I don't ship, contact the appropriate
maintainer too, please. I am not the hg repository for everything I ship.
(I know, I do look remarkably similar ;-)
"Is this the spacecraft assembly building?"
kernels/raid.s/*: Moved from the megaraid2 driver to the old megaraid
driver, after it was pointed out that megaraid2 is already in scsi2.s.
+--------------------------+
Thu Sep 7 22:59:40 CDT 2006
d/ruby-1.8.5-i486-1.tgz: Upgraded to ruby-1.8.5.
Honestly, I'm not sure these next three will help at the moment, but we're
laying some groundwork for later when HAL will take over (and sing "Daisy").
l/libgpod-0.3.2-i486-1.tgz: Added libgpod-0.3.2.
l/libmtp-0.0.16-i486-1.tgz: Added libmtp-0.0.16.
l/libnjb-2.2.5-i486-1.tgz: Added libnjb-2.2.5.
kde/amarok-1.4.3-i486-1.tgz: Upgraded to amarok-1.4.3. Added plugins linked
with libgpod, libmtp, and libnjb. Working status (even with a bit of DYI) is
not known (yet). It might require HAL to make it do anything at all.
n/bind-9.3.2_P1-i486-1.tgz: Upgraded to bind-9.3.2-P1.
This update addresses a denial of service vulnerability.
BIND's CHANGES file says this:
2066. [security] Handle SIG queries gracefully. [RT #16300]
The best discussion I've found is in FreeBSD's advisory, so here's a link:
http://security.FreeBSD.org/advisories/FreeBSD-SA-06:20.bind.asc
Also, fixed some missing man pages. (noticed by Xavier Thomassin -- thanks)
(* Security fix *)
y/bsd-games-2.13-i486-7.tgz: Snipped part of a crufty old patch that wouldn't
apply. Added an (unapplied) patch to make pom give you two more digits of
accuracy. I didn't apply it since it wasn't quite done; it should have the
traditional default (no decimal places) that everyone is used to, and an
arbitrary accuracy selectable with a command line switch. Perhaps it should
be rewritten to use gmp. Oh, and the man page will then need fixing.
Eric? ;-)
+--------------------------+
Sun Sep 3 19:59:47 CDT 2006
a/udev-097-i486-8.tgz: Fixed a missing '[' in rc.udev. Thanks to
guilherme for pointing out the error, and to J., who found the missing
'['. (It had fallen off my desk and ended up under a table)
kernels/System.map: Forgot to gzip a bunch of these. Thanks, Steve'o.
+--------------------------+
Sun Sep 3 01:46:42 CDT 2006
I wasn't planning a Slackware 11.0 release candidate 4, but here we go.
a/kernel-ide-2.4.33.3-i486-1.tgz:
Upgraded to Linux 2.4.33.3 sata.i kernel.
a/kernel-modules-2.4.33.3-i486-1.tgz
Upgraded to Linux 2.4.33.3 kernel modules.
a/udev-097-i486-7.tgz: Make sure /proc/sys/kernel/hotplug exists before
writing to it. Thanks to Gary Hawco for the bug report.
Change log level from "crit" or "err" since udev doesn't support "crit".
Silly me, I saw some mention of syslog levels in the docs and assumed it
supported all of them. At least in unrecognized cases the default is "err"
anyway, so this bug didn't cause ill effects. Accuracy in documentation is,
nevertheless, always a good thing to strive for. (I'm referring here to
my own inaccurate additions to udev.conf...)
Thanks to Chris Vowden for pointing this out.
Don't fail to mount tmpfs on /dev because some other tmpfs mount exists.
Thanks to Ken Milmore for the patch.
Forget standards -- if k3b wants "/dev/writer" then that is good enough
justification for me. Try to make a link to the most full-featured burner.
Thanks to my good friend Dex Filmore.
Relaxed the perms on input events from 600 to 640 so that members of group
root can also read events. Mode 644 was suggested, but wouldn't that let
anyone on the box set up e.g. a keyboard logger? It didn't seem secure to
me, and 640 looks like a decent compromise.
Thanks to Jon Anders Skorpen.
ap/mysql-5.0.24a-i486-1.tgz: Upgraded to mysql-5.0.24a.
Evidently the ABI change in MySQL 5.0.24 was unintentional, so all the
packages that were recompiled before need another recompile. Oh well, maybe
this little exercise has fixed something else we didn't know about. :-)
d/kernel-headers-2.4.33.3-i386-1.tgz:
Upgraded to Linux 2.4.33.3 kernel headers.
d/perl-5.8.8-i486-3.tgz: Recompiled against libmysqlclient.
k/kernel-source-2.4.33.3-noarch-1.tgz
Upgraded to Linux 2.4.33.3 kernel source.
kde/koffice-1.5.2-i486-4.tgz: Recompiled against libmysqlclient.
kde/qt-3.3.6-i486-4.tgz: Recompiled against libmysqlclient.
l/alsa-driver-1.0.11_2.4.33.3-i486-1.tgz: Recompiled for Linux 2.4.33.3.
By the way, I did try ALSA 1.0.12 and noticed that emu10k1 wasn't compiling
for Linux 2.4.33.3. I think we are probably safer sticking with the well
tested ALSA 1.0.11 for the release.
n/bitchx-1.1-i486-5.tgz: Recompiled against libmysqlclient.
n/dhcp-3.0.4-i486-2.tgz: Fixed incorrect man page permissions.
Thanks to Jerome Pinot.
n/iptables-1.3.5-i486-2.tgz: Updated a rather ancient description file.
Thanks to Sean Donner for noticing that. I hope the many folks still
running Linux 2.2.x were adequately warned.
n/php-4.4.4-i486-3.tgz: Recompiled against libmysqlclient.
n/samba-3.0.23c-i486-1.tgz: Upgraded to samba-3.0.23c.
n/sendmail-8.13.8-i486-3.tgz: Recompiled with official patch.
"(2006-08-30) If sendmail is used with -bs and a mail filter (milter) is
configured, an assertion can be triggered. This patch fixes the bug."
Thanks much to Jakub Jankowski for the heads up.
n/sendmail-cf-8.13.8-noarch-3.tgz
extra/ktorrent/ktorrent-2.0.2-i486-1.tgz: Added ktorrent-2.0.2.
Thanks to Erik Jan Tromp for showing me this one. I've always used the
command line BT clients (usually in "screen"), but this is nice, doesn't
require mainline BitTorrent or any non-KDE dependencies, and will work
great for downloading (and seeding) Slackware ISO images. :-)
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.33.3-i486-1.tgz:
Recompiled for Linux 2.4.33.3.
extra/php5/php-5.1.6-i486-2.tgz: Recompiled against libmysqlclient.
bootdisks/*: Upgraded to Linux 2.4.33.3 kernels.
kernels/*: Upgraded to Linux 2.4.33.3 kernels, except the huge.s kernel.
In raid.s, switch from the megaraid to megaraid2 driver. This should
support everything the old driver did and then some. If there are
problems, let me know ASAP. Thanks to Michael Johnson.
isolinux/initrd.img: Upgraded USB/IEEE1394 modules to Linux 2.4.33.3.
Eric Hameleers and I did a bit more work on the NFS installer (in the
install.* rootdisks below, too). Now installing via NFS will attempt
to mount the root of the Slackware tree first, rather than only the
/slackware directory within. This (if successful), allows choosing
a kernel to install later on, just like installing from CD, DVD, or
hard drive. If it doesn't work (perhaps only /slackware is exported)
then the installer will fall back on the traditional behavior.
Thanks to everyone who suggested this idea from time to time, and
thanks to Eric for finally making it happen.
isolinux/network.dsk: Upgraded network modules to Linux 2.4.33.3.
isolinux/pcmcia.dsk: Upgraded pcmcia modules to Linux 2.4.33.3.
rootdisks/install.1: Upgraded USB/IEEE1394 modules to Linux 2.4.33.3.
rootdisks/install.2: Upgraded USB/IEEE1394 modules to Linux 2.4.33.3.
rootdisks/install.zip: Upgraded USB/IEEE1394 modules to Linux 2.4.33.3.
rootdisks/network.dsk: Upgraded network modules to Linux 2.4.33.3.
rootdisks/pcmcia.dsk: Upgraded pcmcia network modules to Linux 2.4.33.3.
I can be off topic here, right?
BIG congratulations to my little sister Jennifer on the birth of her
daughter Abigail Jane. Mazel Tov! :-)
+--------------------------+
Tue Aug 29 06:24:26 CDT 2006
a/util-linux-2.12r-i486-4.tgz: Fixed incorrect permissions on /var/lock.
Thanks to Steven Robson.
f/linux-howtos-20060829-noarch-1.tgz: Updated the HOWTOs again. I guess back
in February this must have been looking ready to release. ;-)
Thanks to Szymczak Artur for noticing the HOWTOs were stale.
x/x11-6.9.0-i486-10.tgz: Reverted the ATI hang patch after problem reports.
If you were helped by the patch it'll be held in /extra for the release so
that hopefully everyone can enjoy a working ATI card. :-)
Thanks again to Mark Canter, as this is a real problem but the patch does
seem to introduce some new issues of its own. It's good to have an
alternate driver just in case, though.
x/x11-devel-6.9.0-i486-10.tgz: Recompiled.
x/x11-xdmx-6.9.0-i486-10.tgz: Recompiled.
x/x11-xnest-6.9.0-i486-10.tgz: Recompiled.
x/x11-xvfb-6.9.0-i486-10.tgz: Recompiled.
extra/slackpkg/slackpkg-2.09-noarch-1.tgz: Upgraded to slackpkg-2.09-noarch-1.
Thanks to Piter Punk.
extra/x11-radeon-patched/x11-radeon-patched-6.9.0-i486-1.tgz:
Here's the patched radeon module from the -9 X.Org Slackware packages.
There's a README file included with it explaining what it is for with
references to a discussion of the issue.
isolinux/initrd.img: Fixed an installer bug where setup would ask which
swap partitions you'd like to use and then conveniently set them all up
for you if you selected at least one. Thanks to DEF.
rootdisks/install.1: Fixed a bug where libraries that were moved to install.2
to make space on install.1 were needed by /bin/mount. Thanks to David Bray.
rootdisks/install.2: Moved a couple of libraries to install.1.
Fixed installer swap bug.
rootdisks/install.zip: Fixed installer swap bug.
+--------------------------+
Sun Aug 27 05:36:53 CDT 2006
ap/vim-7.0.066-i486-2.tgz: Use the default vanilla system vimrc as distributed
with the vim sources. Thanks to J for mentioning that using vim with
'crontab -e' was working fine without any additions to the vimrc.
d/m4-1.4.6-i486-1.tgz: Upgraded to m4-1.4.6.
l/libpng-1.2.12-i486-2.tgz: Recompiled so that libpng.so.* links to libz and
libm. This has been a point of contention for a long time with the PNG folks
maintaining that you shouldn't have to link libpng this way. Well, just
about everyone else builds libpng to link with -lz and -lm automatically,
but I've held my ground along with the PNG team (usually I will defer to
upstream and will send people there with these kinds of requests). Today
Janusz Dziemidowicz pointed out that if you build libpng with ./configure
that now it *is* linking to these. Good enough reason to end this problem
right now. Thanks Janusz, for pointing out that discrepancy and sending in
a patch. :-)
n/irssi-0.8.10a-i486-4.tgz: Removed duplicates and unformatted files from
docs/help directory. Thanks to James Michael Fultz.
x/dejavu-ttf/dejavu-ttf-2.9-noarch-1.tgz: Upgraded to dejavu-ttf-2.9.
Moved from /extra into the X series.
Thanks to the DejaVu team (http://dejavu.sf.net) for the superb work.
x/fontconfig-2.2.3-i486-2.tgz: Patched /etc/fonts.conf to favor the DejaVu
fonts over the Vera ones if they are present on the machine. US English
users should notice only minor (if any) differences with this patch,
but other users could see their language displayed properly out-of-the box
for the first time. :-)
x/x11-6.9.0-i486-9.tgz: Patched a PCF font parsing bug that could crash X.
Fixed the Greek keyboard layout. Thanks to Thanos Kyritsis.
Fixed ATI lockup bugs. Thanks to Mark Canter.
x/x11-devel-6.9.0-i486-9.tgz: Recompiled.
x/x11-xdmx-6.9.0-i486-9.tgz: Recompiled.
x/x11-xnest-6.9.0-i486-9.tgz: Recompiled.
x/x11-xvfb-6.9.0-i486-9.tgz: Recompiled.
xap/seamonkey-1.0.4-i486-3.tgz: Fixed world-writable docs.
Thanks to Piter Punk for pointing those out.
xap/vim-gvim-7.0.066-i486-2.tgz: Recompiled.
extra/lvm2/device-mapper-1.02.09-i486-1.tgz: Upgraded to
device-mapper-1.02.09, moved out of /testing.
extra/lvm2/lvm2-2.02.09-i486-1.tgz: Upgraded to LVM-2.02.09,
moved out of /testing.
extra/php5/php-5.1.6-i486-1.tgz: Upgraded to php-5.1.6,
moved out of /testing.
+--------------------------+
Fri Aug 25 04:35:22 CDT 2006
Here is Slackware 11.0 release candidate 3. I think most of the irresistible
upgrades are in here now, and the bug reports have been mostly handled.
There may still be a few changes, and possibly another release candidate,
but this is pretty close to final with the exception of updating
documentation and building ZipSlack. Thanks very much to everyone who is
helping to test these release candidates -- I think this is going to be a
very up to date and stable release. :-)
a/glibc-solibs-2.3.6-i486-5.tgz: Patched an issue with kernel version parsing
in ld-2.3.6.so that was leading glibc to treat 2.4 kernels with 4 version
parts (such as 2.4.33.2) as if they supported NPTL, leading to a crash
at boot.
a/glibc-zoneinfo-2.3.6-noarch-5.tgz: Updated timezone information from
tzdata2006j.
a/kernel-ide-2.4.33.2-i486-1.tgz: Upgraded to 2.4.33.2 sata.i kernel.
Enabled support for OOM killer and HIGHMEM4G.
a/kernel-modules-2.4.33.2-i486-1.tgz: Upgraded to Linux 2.4.33.2 modules.
a/udev-097-i486-6.tgz: Restore ttyUSB access to members of the tty group.
Thanks to Eugene Crosser.
In rc.udev, ignore lines that start with '#'.
Thanks to Ian Bates.
Removed hostap and hostap_cs dupes from blacklist.
Thanks to giovanni quadriglio.
Patched rc.optical-symlinks to avoid error messages with real SCSI devices
and the SCSI generic driver.
Thanks to Lorenzo Buzzi.
ap/lm_sensors-2.10.0-i486-1.tgz: Added lm_sensors-2.10.0, which contains the
libsensors library that KDE can use for hardware status monitoring.
ap/vim-7.0.066-i486-1.tgz: Upgraded to vim 7.0.066.
Added reasonable default vimrc if none exists. Thanks to Eric Hameleers.
xap/vim-gvim-7.0.066-i486-1.tgz: Upgraded to gvim 7.0.066 (requires vim).
d/kernel-headers-2.4.33.2-i386-1.tgz: Upgraded to Linux 2.4.33.2 headers.
d/perl-5.8.8-i486-2.tgz: Upgraded to DBD-mysql-3.0006 and DBI-1.52.
Eugene Crosser reported that DBD compiled against an older version of
libmysqlclient no longer worked without a recompile. Just to be on the
safe side, everything linked with libmysqlclient is getting recompiled.
d/pkgconfig-0.21-i486-2.tgz: Export PKG_CONFIG_PATH.
k/kernel-source-2.4.33.2-noarch-1.tgz: Upgraded to Linux 2.4.33.2 source.
Enabled support for OOM killer and HIGHMEM4G in default .config.
kde/amarok-1.4.2-i486-1.tgz: Upgraded to amarok-1.4.2.
kde/kdebase-3.5.4-i486-6.tgz: Recompiled to use libsensors with ksysguardd.
Fixed location of kdeglobals, removed font defaults but kept the
anti-aliasing fixes.
kde/koffice-1.5.2-i486-3.tgz: Recompiled against libmysqlclient and libruby.
kde/qt-3.3.6-i486-3.tgz: Recompiled against libmysqlclient, added symlink
in /usr/lib/pkgconfig to qt-mt.pc.
l/alsa-driver-1.0.11_2.4.33.2-i486-1.tgz: Recompiled for Linux 2.4.33.2.
l/glibc-2.3.6-i486-5.tgz: Patched an issue with kernel version parsing in
ld-2.3.6.so that was leading glibc to treat 2.4 kernels with 4 version parts
(such as 2.4.33.2) as if they supported NPTL, leading to a crash at boot.
Added sa_IN and ru_RU.CP1251 locale support.
Updated timezone information from tzdata2006j.
Updated timezone utilities from tzcode2006j.
l/glibc-i18n-2.3.6-noarch-5.tgz: Rebuilt.
Added sa_IN and ru_RU.CP1251 locale support.
l/glibc-profile-2.3.6-i486-5.tgz: Recompiled.
l/libmusicbrainz-2.1.4-i486-1.tgz: Upgraded to libmusicbrainz-2.1.4.
l/libvisual-0.4.0-i486-1.tgz: Added libvisual-0.4.0. Just the library for
now (no plugins), but this should make it much easier to compile and use
audio visualization plugins without having to recompile amaroK.
n/bitchx-1.1-i486-4.tgz: Recompiled against libmysqlclient.
n/openldap-client-2.3.27-i486-1.tgz: Upgraded to openldap-client-2.3.27.
n/php-4.4.4-i486-2.tgz: Recompiled against libmysqlclient.
t/tetex-3.0-i486-4.tgz: Recompiled against new LessTif to stop warnings
from xdvi.
t/tetex-doc-3.0-i486-4.tgz: Rebuilt. Moved info pages to /usr/info.
Thanks to Kris Karas for pointing out the misplaced info pages.
xap/gimp-2.2.13-i486-1.tgz: Upgraded to gimp-2.2.13.
extra/3dfx-glide/*: Removed, as it most likely doesn't work.
extra/k3b/k3b-0.12.17-i486-1.tgz: Upgraded to k3b-0.12.17.
extra/k3b/k3b-i18n-0.12.17-noarch-1.tgz: Upgraded to k3b-i18n-0.12.17.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.33.2-i486-1.tgz:
Recompiled for Linux 2.4.33.2.
extra/slackpkg/slackpkg-2.08-noarch-3.tgz: Upgraded to slackpkg-2.08-noarch-3.
Thanks to Piter Punk.
bootdisks/*: Upgraded to Linux 2.4.33.2 kernels.
isolinux/initrd.img: Upgraded USB/IEEE1394 modules to Linux 2.4.33.2.
isolinux/network.dsk: Upgraded network modules to Linux 2.4.33.2.
isolinux/pcmcia.dsk: Upgraded pcmcia modules to Linux 2.4.33.2.
rootdisks/install.1: Upgraded USB/IEEE1394 modules to Linux 2.4.33.2.
rootdisks/install.2: Upgraded USB/IEEE1394 modules to Linux 2.4.33.2.
rootdisks/install.zip: Upgraded USB/IEEE1394 modules to Linux 2.4.33.2.
rootdisks/network.dsk: Upgraded network modules to Linux 2.4.33.2.
rootdisks/pcmcia.dsk: Upgraded pcmcia network modules to Linux 2.4.33.2.
kernels/*: Upgraded to Linux 2.4.33.2 kernels, except the huge.s kernel.
After much thought and consultation with developers, it has been decided to
move 2.6.17.x out of /testing and into /extra. It runs stable by all reports,
has better wireless support, and is not going to be stale as soon. In
addition, HIGHMEM4G has been enabled. This caused no problems with my old
486 with 24MB (the one I use for compiling KDE ;-), and Tomas Matejicek has
enabled this in SLAX for a long time with no reports of problems, so I
believe it is a safe option (and is needed by many modern machines).
Thanks again to Andrea for building these kernels and packages. :-)
kernels/huge26.s/*: Upgraded huge26.s kernel to 2.6.17.11.
extra/linux-2.6.17.11/kernel-generic-2.6.17.11-i486-1.tgz:
Upgraded to Linux 2.6.17.11 generic kernel.
extra/linux-2.6.17.11/kernel-headers-2.6.17.11-i386-1.tgz:
Upgraded to Linux 2.6.17.11 kernel headers.
extra/linux-2.6.17.11/kernel-modules-2.6.17.11-i486-1.tgz
Upgraded to Linux 2.6.17.11 kernel modules.
Load PC speaker support in rc.modules. Thanks to NetrixTardis.
extra/linux-2.6.17.11/kernel-source-2.6.17.11-noarch-1.tgz
Upgraded to Linux 2.6.17.11 kernel source.
testing/packages/cairo-1.2.4-i486-1.tgz: Added cairo-1.2.4.
testing/packages/fontconfig-2.3.95-i486-1.tgz: Added fontconfig-2.3.95.
testing/packages/php-5.1.5/php-5.1.5-i486-2.tgz: Recompiled against
libmysqlclient.
+--------------------------+
Tue Aug 22 15:10:35 CDT 2006
a/shadow-4.0.3-i486-13.tgz: Fixed deprecated root:bin ownerships.
Thanks to Stuart Winter.
a/util-linux-2.12r-i486-3.tgz: Fixed file permissions and ownerships in
/usr/doc. Thanks to Stuart Winter.
+--------------------------+
Mon Aug 21 14:54:08 CDT 2006
a/udev-097-i486-5.tgz: Fixed check in rc.udev for 2.6.15+ kernel.
Thanks to Richard Fuller for the fix.
+--------------------------+
Sun Aug 20 23:45:58 CDT 2006
a/gpm-1.20.1-i486-2.tgz: Patched to send all non-critical error messages to
the system logs rather than to the console.
a/pkgtools-11.0.0-i486-2.tgz: Merged in some more xorgsetup patches from
Irfan Acar, Daniil Bratashov, and Piter Punk.
a/shadow-4.0.3-i486-12.tgz: Patched for gcc-3.4.x.
Thanks to Dominik L. Borkowski for the patch.
Removed spurious id.1.gz manpage. Thanks to Cal Peake.
Removed obsolete options from the passwd program.
a/sysvinit-2.84-i486-66.tgz: In rc.M, fixed the nohotplug cmdline option.
Thanks to Eric Hameleers.
Sleep for a couple seconds after shutting down dhcpcd in rc.6 to allow time
for various files in /etc to restore themselves. Thanks to Cal Peake.
Don't try to mount usbfs if it's in /proc/mounts already.
a/tar-1.15.1-i486-2.tgz: Patched to be less strict about the option order.
Thanks to Jonathan A. Irwin for sending me a patch from Sergey Poznyakoff.
a/udev-097-i486-4.tgz: Changed default udev log level from err to crit.
Refuse to run udev unless the kernel is 2.6.15+. Thanks to Sean Donner.
a/util-linux-2.12r-i486-2.tgz: Added schedutils-1.5.0 which is apparently due
to be merged into util-linux upstream sometime soon anyway.
Thanks to Jonathan Woithe for the suggestion.
ap/diffutils-2.8.1-i486-2.tgz: Patched a bug in sdiff.
Thanks to James Michael Fultz for the patch and improved build script.
ap/vim-7.0.063-i486-1.tgz: Upgraded to vim 7.0.063.
Removed unpopular libruby dependency. :-)
e/emacs-21.4a-i486-3.tgz: Avoid a package file overlap between Emacs ctags and
Exuberant Ctags. Thanks to Michal Kowalski for pointing it out.
kde/kdebase-3.5.4-i486-5.tgz: Added /opt/kde/share/kdeglobals to set the Vera
fonts with anti-aliasing enabled as the defaults.
xap/seamonkey-1.0.4-i486-2.tgz: Added /usr/lib/seamonkey ->
/usr/lib/seamonkey-1.0.4 symlink. Thanks to Tsomi.
xap/vim-gvim-7.0.063-i486-1.tgz: Upgraded to vim 7.0.063.
Removed unpopular libruby dependency. :-)
extra/checkinstall/checkinstall-1.6.0-i486-2.tgz: Fixed 640 perms on FAQ.
Thanks to Michael Iatrou.
rootdisks/pcmcia.dsk,isolinux/pcmcia.dsk: Added ide-cs module.
Requested by Zack Smith.
+--------------------------+
Sat Aug 19 23:58:27 CDT 2006
This is mostly frozen now unless bugs (or irresistible upgrades) come up, so
I'll call this update Slackware 11.0 release candidate 2. :-)
a/kernel-ide-2.4.33-i486-2.tgz:
Switched to the sata.i kernel which supports both parallel and serial ATA.
a/kernel-modules-2.4.33-i486-2.tgz: Recompiled.
Upgraded to Linux 2.4.33 kernel modules.
d/pkgconfig-0.21-i486-1.tgz: Upgraded to pkg-config-0.21.
Set the PKG_CONFIG_PATH to search in /usr/local/lib/pkgconfig and
/opt/kde/lib/pkgconfig, too. Thanks, Seb!
d/kernel-headers-2.4.33-i386-2.tgz: Rebuilt.
k/kernel-source-2.4.33-noarch-2.tgz:
Updated the default .config to include SATA support.
Oh, and yes I did see 2.4.33.1. Thanks for letting me know ;-), but that
kernel does not seem to be booting here so I'll stick with 2.4.33 for now.
l/alsa-driver-1.0.11_2.4.33-i486-2.tgz: Recompiled.
Upgraded to alsa-driver-1.0.11 compiled for Linux 2.4.33.
bootdisks/sata.i: Rebuilt.
bootdisks/speakup.s: Added SATA support.
kernels/huge26.s/*: Recompiled.
kernels/sata.i/*: Recompiled.
kernels/speakup.s/*: Added SATA support.
kernels/test26.s/*: Upgraded test26.s kernel to 2.6.17.9.
To be consistent, bumped the build number on all of the 2.6.16.27 packages to -5.
extra/linux-2.6.16.27/alsa-driver-1.0.11_2.6.16.27-i486-5.tgz:
Recompiled.
extra/linux-2.6.16.27/kernel-generic-2.6.16.27-i486-5.tgz:
Recompiled.
extra/linux-2.6.16.27/kernel-headers-2.6.16.27-i386-5.tgz:
Rebuilt.
extra/linux-2.6.16.27/kernel-modules-2.6.16.27-i486-5.tgz:
Enabled CONFIG_X86_SPEEDSTEP_RELAXED_CAP_CHECK option so that
Piotr Wierzchowski's Thinkpad will run cooler and use less power. :-)
extra/linux-2.6.16.27/kernel-source-2.6.16.27-noarch-5.tgz:
Rebuilt with CONFIG_X86_SPEEDSTEP_RELAXED_CAP_CHECK=y in .config.
extra/slackpkg/slackpkg-2.08-noarch-2.tgz: Upgraded to slackpkg-2.08-noarch-2.
Thanks to Piter Punk.
testing/packages/linux-2.6.17.9/kernel-generic-2.6.17.9-i486-1.tgz:
Upgraded to Linux 2.6.17.9 generic kernel.
testing/packages/linux-2.6.17.9/kernel-headers-2.6.17.9-i386-1.tgz:
Upgraded to Linux 2.6.17.9 kernel headers.
testing/packages/linux-2.6.17.9/kernel-modules-2.6.17.9-i486-1.tgz
Upgraded to Linux 2.6.17.9 kernel modules.
testing/packages/linux-2.6.17.9/kernel-source-2.6.17.9-noarch-1.tgz
Upgraded to Linux 2.6.17.9 kernel source.
Thanks to Andrea for building the 2.6.17.9 kernels.
rootdisks/install.1: Updated. Thanks to Cal Peake for the idea about how to
improve the setup of swap partitions.
Updated most of the binaries on the installer, but not busybox. It seems
to be working fine, and the idea of messing with it now scares me. ;-)
rootdisks/install.2: Updated.
rootdisks/install.zip: Updated.
rootdisks/network.dsk: Fixed to probe for tg3 cards.
Thanks to Eric Hameleers and Bruce Hill, Jr.
Fixed module probing to work with 2.6 modules. Thanks to Piter Punk.
+--------------------------+
Fri Aug 18 00:20:46 CDT 2006
a/aaa_elflibs-11.0.0-i486-8.tgz: Upgraded to the mm-1.4.2 library, patched
libtiff, upgraded to pcre-6.7 libraries, and included the recompiled
cups-1.1.23 and slang libraries.
a/cups-1.1.23-i486-4.tgz: Fixed broken es and fr man page symlinks.
d/git-1.4.2-i486-1.tgz: Upgraded to git-1.4.2.
kde/kdenetwork-3.5.4-i486-2.tgz: Patched a bug in kopete that could freeze
KDE under certain circumstances. Thanks to JaguarWan and Olivier Goffart.
l/libtiff-3.8.2-i486-2.tgz: Patched vulnerabilities in libtiff which were
found by Tavis Ormandy of the Google Security Team. These issues could
be used to crash programs linked to libtiff or possibly to execute code
as the program's user. A low risk command-line overflow in tiffsplit was
also patched.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465
(* Security fix *)
l/mm-1.4.2-i486-1.tgz: Upgraded to mm-1.4.2.
l/pcre-6.7-i486-1.tgz: Upgraded to pcre-6.7.
l/slang-2.0.6-i486-2.tgz: Fixed uncompressed manpage.
n/php-4.4.4-i486-1.tgz: Upgraded to php-4.4.4.
Some of the security issues fixed in this release include:
* Added missing safe_mode/open_basedir checks inside the error_log(),
file_exists(), imap_open() and imap_reopen() functions.
* Fixed possible open_basedir/safe_mode bypass in cURL extension.
* Fixed a buffer overflow inside sscanf() function.
(* Security fix *)
testing/packages/cups-1.2.2/cups-1.2.2-i486-2.tgz:
Removed /usr/man/man8/disable.8.gz symlink.
testing/packages/php-5.1.5/php-5.1.5-i486-1.tgz:
Upgraded to php-5.1.5.
Some of the security issues fixed in this release include:
* Added missing safe_mode/open_basedir checks inside the error_log(),
file_exists(), imap_open() and imap_reopen() functions.
* Fixed possible open_basedir/safe_mode bypass in cURL extension and on
PHP 5 with realpath cache.
* Fixed a buffer overflow inside sscanf() function.
(* Security fix *)
kernels/sata.i/: Recompiled with Silicon Image PATA support. (there was
a conflict before with this and the Sil SATA driver but it was fixed)
+--------------------------+
Wed Aug 16 19:11:39 CDT 2006
a/aaa_base-11.0.0-noarch-1.tgz: Added /usr/share/info -> ../info symlink.
Bumped /etc/slackware-version number to 11.0.0.
Changed version number (but little else yet) in initial email.
a/hotplug-2004_09_23-noarch-10.tgz: Corrected typo in rc.hotplug.
Thanks to Willy Sudiarto Raharjo.
a/pcmcia-cs-3.2.8-i486-3.tgz: Commented out line in config.opts for old
Webgear wireless card.
chmod 644 /etc/pcmcia/*.opts.
a/pcmciautils-014-i486-2.tgz: Commented out line in config.opts for old
Webgear wireless card.
Moved man pages to /usr/man/man8, compressed with gzip.
a/sysvinit-2.84-i486-65.tgz: Don't run /lib/udev/rc.optical-symlinks in a
login shell, since the bug that required that kludge is now fixed.
a/udev-097-i486-3.tgz: Patched rc.optical-symlinks to be locale friendly.
Thanks to everyone who reported the bug, and to Michiel Broek and
Eric Hameleers for sending in patches.
Updated comments and removed obsolete options in udev.conf.
Thanks to Jakub Jankowski.
Removed /dev/loop0 and /dev/rtc from udev-script-devices.tar.gz.
l/gd-2.0.33-i486-1.tgz: Added gd-2.0.33.
Suggested by Cal Peake.
l/libidn-0.6.5-i486-1.tgz: Upgraded to libidn-0.6.5.
Suggested by Piotr Simon.
n/nfs-utils-1.0.10-i486-2.tgz: On 2.6.x kernels, mount nfsd in rc.nfsd.
Thanks to Piter Punk, Leonardo Roman, and George Iosif for the suggestion.
n/wireless-tools-28-i486-3.tgz: Fixed rc.wireless which contained a few ^M
that broke it. I think I did this saving the patch with my mailer -- sorry
about that.
xap/gnuplot-4.0.0-i486-2.tgz: Recompiled against new gd-2.0.33 package.
Thanks to Michael Iatrou for the suggestion.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.33-i486-1.tgz: Recompiled
kernel modules for Linux 2.4.33.
+--------------------------+
Tue Aug 15 21:45:53 CDT 2006
a/genpower-1.0.5-i486-1.tgz: Upgraded to genpower-1.0.5.
Thanks to Bernd Noessler for letting me know about this -- freshmeat.net
still points to a much older version of genpower.
a/less-394-i486-1.tgz: Upgraded to less-394. Thanks to Haakon Riiser for
suggesting this and confirming that less-394 is an official stable release.
Added RAR support to lesspipe.sh. Thanks to Manolis Tzanidakis.
a/sysvinit-2.84-i486-64.tgz: In rc.M, check better for udev before running
rc.optical-symlinks, and run the script in a login shell which might fix the
error "-bash: let: expression expected" that some people have reported.
Thanks to Michiel Broek for the hint about using a login shell.
ap/mt-st-0.9b-i486-1.tgz: Upgraded to mt-st-0.9b.
Thanks to Stuart Winter.
d/git-1.4.1.1-i486-2.tgz: Replaced hard links with symbolic links, since
Stuart Winter hates hard links. (I hope he doesn't find the other ones! ;-)
Thanks to Stuart Winter for the patch.
kde/kdebase-3.5.4-i486-4.tgz: Patched a bug in ksystraycmd.
Thanks to Dirk Mueller for the patch.
n/wireless-tools-28-i486-2.tgz: Patched rc.wireless for ESSIDs with spaces.
Thanks to Bruneel Micha?l and Eric Hameleers.
xap/imagemagick-6.2.8_8-i486-2.tgz: Reverted to ImageMagick-6.2.8-8 since
the "display" program in ImageMagick-6.2.9-0 crashes.
Thanks to Tomasz Luczak for the bug report.
+--------------------------+
Tue Aug 15 01:20:55 CDT 2006
a/devs-2.3.1-noarch-24.tgz: Added udev-style /dev/md/* devices to save people
who boot between 2.4.x and 2.6.x kernels some trouble.
Thanks to Mircea Baciu for pointing out this possibility.
Note: Upgrading the devs package while running udev will NOT work.
a/sysvinit-2.84-i486-63.tgz: Patched rc.4 to check both /usr/bin and /usr/sbin
for gdm. Thanks to Scott J. Harmon.
Added a warning in rc.S that if you make an rc.modules.local that the other
rc.modules script(s) will not be run.
Don't try to start udev if sysfs and tmpfs are not in the kernel.
Use grep '-q' option instead of '> /dev/null' in many places.
a/udev-097-i486-2.tgz: Don't run rc.udev if tmpfs is not in the kernel.
Thanks to Gunnar Florus Johansen.
ap/sysstat-7.0.0-i486-1.tgz: Added sysstat-7.0.0.
Suggested by grk wng and Jesper Juhl.
n/iproute2-2.6.16_060323-i486-1.tgz: Upgraded to iproute2-2.6.16-060323.
n/nfs-utils-1.0.10-i486-1.tgz: Upgraded to nfs-utils-1.0.10.
t/xfig-3.2.4-i486-1.tgz: Upgraded to xfig-3.2.4.
Thanks to Daniil Bratashov for the initial SlackBuild script.
xap/gimp-2.2.12-i486-3.tgz: Fixed icon path in gimp-2.2.desktop.
Thanks to Nikos Skalkotos for the bug report.
xap/imagemagick-6.2.9_0-i486-1.tgz: Upgraded to imagemagick-6.2.9-0.
extra/slackpkg/slackpkg-2.07-noarch-5.tgz: Upgraded to slackpkg-2.07-noarch-5.
Thanks to Piter Punk.
+--------------------------+
Mon Aug 14 02:23:30 CDT 2006
There are still a few changes yet to happen, but let's call this
Slackware 11.0 release candidate 1. :-)
a/glibc-solibs-2.3.6-i486-4.tgz: Recompiled.
a/glibc-zoneinfo-2.3.6-noarch-4.tgz: Updated to tzcode2006i and tzdata2006g.
a/kernel-ide-2.4.33-i486-1.tgz: Upgraded to Linux 2.4.33 bare.i kernel.
a/kernel-modules-2.4.33-i486-1.tgz: Upgraded to Linux 2.4.33 kernel modules.
a/udev-097-i486-1.tgz: Upgraded to udev-097.
Updated the rc.optical-symlinks script.
Added locking to cdrom-symlinks.sh and nethelper.sh scripts to avoid race
conditions at boot time. Thanks to Piter Punk.
Fixed bugs in rc.udev where the script attempts to mount devpts and usbfs
even if they are already mounted. Thanks to Gunnar Florus Johansen.
d/kernel-headers-2.4.33-i386-1.tgz: Upgraded to Linux 2.4.33 kernel headers.
k/kernel-source-2.4.33-noarch-1.tgz: Upgraded to Linux 2.4.33 kernel source.
l/alsa-driver-1.0.11_2.4.33-i486-1.tgz: Upgraded to alsa-driver compiled
for Linux 2.4.33.
l/glibc-2.3.6-i486-4.tgz: Recompiled against Linux 2.4.33 and 2.6.16.27
kernel headers.
l/glibc-i18n-2.3.6-noarch-4.tgz: Rebuilt.
l/glibc-profile-2.3.6-i486-4.tgz: Recompiled.
l/jre-1_5_0_08-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition
Runtime Environment Version 5.0, Release 8.
n/tcpip-0.17-i486-38.tgz: Upgraded to ethtool-4.
Upgraded to tftp-0.42.
Relinked /bin/ftp with correct libreadline. Thanks to Udo A. Steinberg.
extra/jdk-1.5.0_08/jdk-1_5_0_08-i586-1.tgz: Upgraded to Java(TM) 2
Platform Standard Edition Development Kit Version 5.0, Release 8.
bootdisks/*: Upgraded to Linux 2.4.33 kernels.
isolinux/initrd.img: Upgraded USB/IEEE1394 modules to Linux 2.4.33.
isolinux/network.dsk: Upgraded network modules to Linux 2.4.33.
isolinux/pcmcia.dsk: Upgraded pcmcia modules to Linux 2.4.33.
kernels/*: Upgraded 2.4.x kernels to Linux 2.4.33 kernels.
rootdisks/install.1: Upgraded USB/IEEE1394 modules to Linux 2.4.33.
rootdisks/install.2: Upgraded USB/IEEE1394 modules to Linux 2.4.33.
rootdisks/install.zip: Upgraded USB/IEEE1394 modules to Linux 2.4.33.
rootdisks/network.dsk: Upgraded network modules to Linux 2.4.33.
rootdisks/pcmcia.dsk: Upgraded pcmcia modules to Linux 2.4.33.
+--------------------------+
Sat Aug 12 01:14:17 CDT 2006
a/hotplug-2004_09_23-noarch-9.tgz: Skip rc.hotplug if a new enough udev
is running on a 2.6 kernel. No wonder the boot time didn't seem faster! :-)
a/sysvinit-2.84-i486-62.tgz: If udev hasn't made /dev/cdrom and other symlinks,
call a script from rc.M to make them.
Added support to rc.K and rc.6 for an /etc/rc.d/rc.local_shutdown script.
Thanks to Robert Boucher for the idea.
Rob McGee and others have made similar requests before... thanks to all!
a/udev-096-i486-4.tgz: Generate network card naming rules in
/etc/udev/rules.d/network-devices.rules, but comment them out. I think
these additions are not quite reliable enough in all cases to be the default
for the Slackware 11 release (of course, you have udev occasionally detecting
multiple network cards in a different order, and so on some router machines
these rules will be needed). Or, you could run a 2.4.x kernel. ;-)
If your system is naming network devices strangely you should delete your
existing /etc/udev/rules.d/network-devices.rules and reboot. If that doesn't
do the trick you'll probably need to edit the file.
Instead of having udev make the CD/DVD symlinks, have a new script called
/lib/udev/rc.optical-symlinks do it. If you'd rather use Piter Punk's method
(which works better for hotplugging USB optical drives, for example), then
just comment/uncomment the appropriate rules in /etc/udev/rules.d/udev.rules.
n/whois-4.7.15-i486-1.tgz: Upgraded to whois-4.7.15.
Thanks to Gianluca Varisco for pointing out the new release.
xap/gimp-2.2.12-i486-2.tgz: Fixed broken gimptool man page symlink.
+--------------------------+
Fri Aug 11 03:18:18 CDT 2006
a/aaa_elflibs-11.0.0-i486-7.tgz: Fixed libmm perms and location.
Thanks to Fred Emmott.
Upgraded libmm to 1.4.1.
Reverted to CUPS libraries from 1.1.23.
a/cups-1.1.23-i486-3.tgz: Reverted to cups-1.1.23 due to some applications
needing time to adjust to no longer having access to the private CUPS
functions. ;-) See below for more info.
a/etc-5.1-noarch-13.tgz: Upgraded /etc/services to include IPP (for CUPS) and
other new services. Thanks to Christophe Legras for reminding me to upgrade
this file, and to Two Beans for mailing me a more recent copy.
l/hicolor-icon-theme-0.9-noarch-2.tgz: Fixed slack-desc typo.
Reported by Willy Sudiarto Raharjo.
l/mm-1.4.1-i486-1.tgz: Upgraded to mm-1.4.1.
Looks like libmm was split out of the Apache package just in time. ;-)
n/samba-3.0.23b-i486-2.tgz: Recompiled against CUPS 1.1.23.
n/sendmail-8.13.8-i486-2.tgz: Recompiled with DBROKEN_PTHREAD_SLEEP defined
in site.config.m4, which fixes a problem with libmilter.a that can cause
sendmail milters to be unstable. Thanks to Jan Rafaj for reporting this
bug, the fix, and for testing the problem so throughly.
n/sendmail-cf-8.13.8-noarch-2.tgz: Rebuilt.
n/tcpip-0.17-i486-37.tgz: Removed redundant copy of /etc/services.
testing/packages/cups-1.2.2/cups-1.2.2-i486-1.tgz: It seems as if KDE might
still not be 100% ready for CUPS 1.2.x, so we're going to move this into
/testing again for the release, but by all means use it if it works for you.
It did mostly work here, but the problems with using it with KDE are also
reproducable. Thanks to Thomas Hansl?k for the information. Anyway, I had
my suspicions that *something* was going to have linked with private CUPS
functions or that this might break something in some way, but I also knew
this package would get better testing in slackware/a than in /testing. :-)
So, now we know that it's probably safer to wait on cups-1.2.x.
Thomas also mentioned a workaround -- editing cupsd.conf to comment
out this line:
# Listen /var/run/cups/cups.sock
+--------------------------+
Thu Aug 10 02:07:10 CDT 2006
a/aaa_elflibs-11.0.0-i486-6.tgz: Added libmm.
a/pkgtools-11.0.0-i486-1.tgz: Fixed xwmconfig to only recommend installed
window managers. Thanks to Leandro Toledo.
Merged in patches for xorgsetup to support choosing a keyboard model, layout,
variant, and even automatically configuring a mouse scroll wheel! :-)
Thanks to Ismael Cortes for the patches.
l/gnome-icon-theme-2.14.2-noarch-1.tgz: Added gnome-icon-theme-2.14.2. It
seems that GTK+ applications such as Thunderbird use these, not just GNOME.
l/gtk+2-2.8.20-i486-1.tgz: Upgraded to gtk+-2.8.20.
l/hicolor-icon-theme-0.9-noarch-1.tgz: Added hicolor-icon-theme-0.9.
l/mm-1.4.0-i486-1.tgz: Moved mm library out of the Apache package so that apps
such as the standalone PHP interpreter can use it without installing Apache.
Thanks to Robert Easter for the suggestion.
l/shared-mime-info-0.18-i486-1.tgz: Upgraded to shared-mime-info-0.18.
n/apache-1.3.37-i486-2.tgz: Removed mm-1.4.0 from the build directory and
recompiled against the system mm package. This now depends on having the
mm package from the L series installed.
n/lftp-3.5.4-i486-1.tgz: Upgraded to lftp-3.5.4.
n/sendmail-8.13.8-i486-1.tgz: Upgraded to sendmail-8.13.8.
That's what I get for trying to patch 8.13.7 myself last night. ;-)
n/sendmail-cf-8.13.8-noarch-1.tgz: Upgraded to sendmail-8.13.8 configs.
x/x11-6.9.0-i486-8.tgz: More updates to the i945gm chipset support.
Thanks to Sergio A. Reyes-Peniche.
x/x11-devel-6.9.0-i486-8.tgz: Recompiled and removed fontconfig manpages.
x/x11-xdmx-6.9.0-i486-8.tgz: Recompiled.
x/x11-xnest-6.9.0-i486-8.tgz: Recompiled.
x/x11-xvfb-6.9.0-i486-8.tgz: Recompiled.
xap/sane-1.0.18-i486-2.tgz: Added /etc/udev/rules.d/libsane.rules.
Thanks to David Somero for pointing out this file.
isolinux/initrd.img: Merged in many installer patches from Stuart Winter.
pasture/: Some cleanup...
rootdisks/install.1: Rebuilt with installer patches.
rootdisks/install.2: Rebuilt with installer patches.
rootdisks/install.zip: Rebuilt with installer patches.
rootdisks/network.dsk: Rebuilt with gcc-3.4.6 compiled modules.
rootdisks/pcmcia.dsk: Rebuilt with gcc-3.4.6 compiled modules.
testing/packages/php-5.1.4/php-5.1.4-i486-3.tgz: Recompiled with freetype.
Fixed FastCGI by removing --enable-discard-path from CGI version.
Added pdo_sqlite.so and sqlite.so modules.
+--------------------------+
Wed Aug 9 00:25:53 CDT 2006
a/aaa_elflibs-11.0.0-i486-5.tgz: Added new CUPS libraries.
a/cups-1.2.2-i486-1.tgz: Upgraded to cups-1.2.2.
a/hdparm-6.6-i486-1.tgz: Upgraded to hdparm-6.6.
Suggested by Janusz Dziemidowicz.
a/udev-096-i486-3.tgz: In /etc/modprobe.d/blacklist, change module name from
i810_tco to i8xx_tco. Thanks to Janusz Dziemidowicz.
Piter Punk also wants me to remind everyone that this udev package requires
a 2.6.15+ kernel or it will not work. ;-)
ap/mc-4.6.1-i486-2.tgz: Fixed PHP syntax highlighting.
Thanks to Georgi Chorbadzhiyski for the patch.
n/samba-3.0.23b-i486-1.tgz: Upgraded to samba-3.0.23b.
n/sendmail-8.13.7-i486-2.tgz: Applied two errata patches from sendmail.org.
Thanks to Gerardo Exequiel Pozzi for pointing out these patches.
n/sendmail-cf-8.13.7-noarch-2.tgz: Rebuilt.
x/x11-6.9.0-i486-7.tgz: More updates to the i945gm chipset support.
Thanks to Rapha?l Prevost for the updated patch.
x/x11-devel-6.9.0-i486-7.tgz: Recompiled.
x/x11-xdmx-6.9.0-i486-7.tgz: Recompiled.
x/x11-xnest-6.9.0-i486-7.tgz: Recompiled.
x/x11-xvfb-6.9.0-i486-7.tgz: Recompiled.
+--------------------------+
Tue Aug 8 00:55:52 CDT 2006
a/aaa_elflibs-11.0.0-i486-4.tgz: Added new version of libcurl.
a/etc-5.1-noarch-12.tgz: Patched /etc/profile and /etc/csh.login to fix a bug
where changing to another user with "su - someuser" would produce an error
message such as "/dev/pts/2: Operation not permitted".
Thanks to Menno Duursma for the fix.
a/findutils-4.2.28-i486-1.tgz: Upgraded to findutils-4.2.28.
a/gawk-3.1.5-i486-3.tgz: Patched a fieldwidths bug.
Thanks to Fabiano Caixeta Duarte for a pointer to the patch.
a/lilo-22.7.1-i486-2.tgz: Fixed a typo in liloconfig where installing to the
MBR was mentioned twice. Thanks to Keith McGavin for pointing this out.
a/udev-096-i486-2.tgz: Added the psmouse module to /etc/modprobe.d/blacklist
so that /etc/rc.d/rc.modules can load it using the option "proto=imps".
This change restores the mouse options used in Slackware 10.2. At least on
my machine, the default module options render the mouse completely unusable,
but feel free to remove the module from the blacklist or configure rc.modules
to your liking if this is not the ideal default for your machine.
ap/mdadm-2.5.3-i486-1.tgz: Upgraded to mdadm-2.5.3.
Thanks to James W. Laferriere and Gianluca Varisco for pointing this out.
kde/kdebase-3.5.4-i486-3.tgz: Patched a bug involving external taskbars that
expand as required to fit contents. Thanks to Dirk Mueller for the patch.
n/curl-7.15.5-i486-1.tgz: Upgraded to curl-7.15.5.
Thanks to Gianluca Varisco for suggesting this upgrade.
n/dnsmasq-2.33-i486-1.tgz: Upgraded to dnsmasq-2.33.
Thanks to Gianluca Varisco for suggesting this upgrade.
n/ncftp-3.2.0-i486-2.tgz: Fixed permissions in /usr/bin.
Thanks to many who noticed this mistake. ;-)
n/ntp-4.2.2p3-i486-1.tgz: Upgraded to ntp-4.2.2p3.
Thanks to James W. Laferriere for suggesting this upgrade.
x/x11-6.9.0-i486-6.tgz: Added support for newer revisions of the
i945gm chipset. Thanks to Rapha?l Prevost for the patch.
x/x11-devel-6.9.0-i486-6.tgz: Recompiled.
x/x11-xdmx-6.9.0-i486-6.tgz: Recompiled.
x/x11-xnest-6.9.0-i486-6.tgz: Recompiled.
x/x11-xvfb-6.9.0-i486-6.tgz: Recompiled.
There are a few reports that the newest udev is not friendly to some systems.
Well, that's progress for you -- it isn't always a smooth journey. In most
cases the problems I've heard about could be fixed with a little bit of fine
tuning, such as blacklisting unwanted modules in /etc/modprobe.d/blacklist
and loading the desired replacements in /etc/rc.d/rc.modules. However, in
case either of these older versions of udev worked better for you, they'll
be kept in /extra for a while as alternates. Be aware that new kernels will
soon require the latest udev, though...
extra/udev-alternate-versions/udev-064-i486-2.tgz: Added alternate udev-064.
extra/udev-alternate-versions/udev-071-i486-2.tgz: Added alternate udev-071.
testing/packages/linux-2.6.17.8/kernel-generic-2.6.17.8-i486-1.tgz:
Upgraded to Linux 2.6.17.8 generic kernel.
testing/packages/linux-2.6.17.8/kernel-headers-2.6.17.8-i386-1.tgz:
Upgraded to Linux 2.6.17.8 kernel headers.
testing/packages/linux-2.6.17.8/kernel-modules-2.6.17.8-i486-1.tgz
Upgraded to Linux 2.6.17.8 kernel modules.
testing/packages/linux-2.6.17.8/kernel-source-2.6.17.8-noarch-1.tgz
Upgraded to Linux 2.6.17.8 kernel source.
Thanks again to Andrea Volkerding for building the 2.6.17.8 kernels.
+--------------------------+
Mon Aug 7 01:43:38 CDT 2006
a/pcmciautils-014-i486-1.tgz: Added pcmciautils-014, needed to configure PC
cards on systems running 2.6.x kernels.
a/sysfsutils-2.0.0-i486-2.tgz: Added missing libsysfs.so symlink.
a/sysvinit-2.84-i486-61.tgz: Merged Piter Punk's changes for the new udev.
Please make sure to move all the .new files in /etc/rc.d/ into place for
this to work correctly!
a/udev-096-i486-1.tgz: Upgraded to udev-096.
Thanks to Piter Punk for his great work to get this just exactly perfect.
a/grep-2.5-i486-3.tgz: Improved build script and rebuilt. I considered using
grep-2.5.1a, but found some problem reports concerning it and decided such
an upgrade would be best left for the next -current. There have been no
bug reports here concerning grep-2.5, so I see no reason to fix that which
does not appear to be broken. It's more important to have a known to be
stable grep than it is to have the latest version, IMHO.
a/pciutils-2.2.3-i486-2.tgz: Fixed missing pci/types.h header file.
Thanks to Konrad Rzepecki.
ap/man-pages-2.39-noarch-1.tgz: Upgraded to man-pages-2.39.
n/lftp-3.5.3-i486-1.tgz: Upgraded to lftp-3.5.3.
n/ncftp-3.2.0-i486-1.tgz: Upgraded to ncftp-3.2.0.
n/popa3d-1.0.2-i486-1.tgz: Upgraded to popa3d-1.0.2.
n/vsftpd-2.0.5-i486-1.tgz: Upgraded to vsftpd-2.0.5.
xap/imagemagick-6.2.8_8-i486-1.tgz: Upgraded to ImageMagick-6.2.8-8.
xap/sane-1.0.18-i486-1.tgz: Upgraded to sane-backends-1.0.18.
extra/grub/grub-0.97-i486-2.tgz: Upgraded to grubconfig-1.28.
+--------------------------+
Sat Aug 5 23:22:13 CDT 2006
a/usbutils-0.72-i486-1.tgz: Upgraded to usbutils-0.72, patched to add
back usbmodules since hotplug will need it for as long as the 2.4.x
kernel is supported.
ap/mdadm-2.5.2-i486-1.tgz: Upgraded to mdadm-2.5.2.
ap/mysql-5.0.24-i486-1.tgz: Upgraded to mysql-5.0.24.
Suggested by Willy Sudiarto Raharjo.
l/lesstif-0.95.0-i486-1.tgz: Upgraded to lesstif-0.95.0.
Suggested by Rene Huber.
xap/xpdf-3.01-i486-4.tgz: Fixed a window resizing bug.
Thanks to Luis for the patch.
+--------------------------+
Sat Aug 5 00:42:09 CDT 2006
a/aaa_elflibs-11.0.0-i486-3.tgz: Added new versions of libattr and libacl.
Added lib/libsysfs.so.2.0.0.
a/acl-2.2.39_1-i486-1.tgz: Upgraded to acl-2.2.39-1.
a/attr-2.4.32_1-i486-1.tgz: Upgraded to attr-2.4.32-1.
a/pciutils-2.2.3-i486-1.tgz: Upgraded to pciutils-2.2.3.
Thanks to Eric Hameleers for the encouragement. :-)
a/pcmcia-cs-3.2.8-i486-2.tgz: Patched /etc/rc.d/rc.pcmcia to work with either
pcmcia-cs or pcmciautils.
a/sysfsutils-2.0.0-i486-1.tgz: Added sysfsutils-2.0.0.
Thanks to Piter Punk.
a/xfsprogs-2.8.10_1-i486-1.tgz: Upgraded to xfsprogs-2.8.10-1.
Thanks to Marco Berizzi for pointing out the new XFS programs.
ap/alsa-utils-1.0.11-i486-2.tgz: Fixed uncompressed manpage. Thanks to Seb.
ap/dmapi-2.2.5_1-i486-1.tgz: Upgraded to dmapi-2.2.5-1.
ap/xfsdump-2.2.38_1-i486-1.tgz: Upgraded to xfsdump-2.2.38-1.
kde/kdebase-3.5.4-i486-2.tgz: Patched to fix video redirects in Konqueror.
Thanks to Fr?d?ric L. W. Meunier for the bug report and patch link.
l/freetype-2.1.9-i486-1.tgz: Moved from the X to the L series.
This makes more sense because freetype does not depend on any X11 libraries,
and because PHP has now been built linked to libfreetype.
l/libusb-0.1.12-i486-1.tgz: Upgraded to libusb-0.1.12.
Thanks to Gunnar Florus Johansen and CJ Johnson for the recommendation.
n/links-2.1pre23-i486-1.tgz: Upgraded to links-2.1pre23.
n/php-4.4.3-i486-1.tgz: Upgraded to php-4.4.3.
From the announcement of the release:
The security issues resolved include the following:
* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the
tempnam() function.
* Improved safe_mode check for the error_log() function.
* Fixed cross-site scripting inside the phpinfo() function.
The PHP 4.4.3 release announcement may be found on their web site:
http://www.php.net
NOTE: Slackware's PHP package now requires the freetype library.
(* Security fix *)
xap/xchat-2.6.6-i486-2.tgz: Patched to fix Finnish translation errors.
Thanks to C Johnson for pointing out that there was a new official patch.
extra/linux-2.6.16.27/kernel-modules-2.6.16.27-i486-4.tgz:
Fixed 2.4 kernel detection for loading the apm module.
testing/packages/linux-2.6.17.7/kernel-modules-2.6.17.7-i486-3.tgz:
Fixed 2.4 kernel detection for loading the apm module.
+--------------------------+
Fri Aug 4 02:36:54 CDT 2006
xap/mozilla-firefox-1.5.0.6-i686-1.tgz: Upgraded to firefox-1.5.0.6.
xap/seamonkey-1.0.4-i486-1.tgz: Upgraded to seamonkey-1.0.4.
+--------------------------+
Thu Aug 3 01:26:43 CDT 2006
a/gettext-0.15-i486-1.tgz: Upgraded to gettext-0.15.
Thanks to steveo for noticing that this was missing from the ChangeLog.
a/lilo-22.7.1-i486-1.tgz: Reverted to lilo-22.7.1 after reports from Aaron Lee
and Philip Langdale that versions 22.7.2+ skip the boot menu on some machines.
a/sysvinit-2.84-i486-60.tgz: Fixed rc.S to use /etc/rc.d/rc.modules.local
properly. Bug reported by Dieter Rauschenberger, Ricardo Garc?a, and Luis.
Use "/bin/sh" not "." to start rc.modules.local in case someone uses "exit".
Merged more LVM changes from Cal Peake in rc.S and rc.M, including removing
many uses of "sleep", so if anyone needed those let me know.
ap/at-3.1.10-i486-1.tgz: Upgraded to at-3.1.10. Added missing at_allow.5
manpage. Thanks to James Michael Fultz.
ap/cdparanoia-IIIalpha9.8-i486-2.tgz: Patched to compile with gcc-3.4.6, and
added a batch to the build directory for later that will use the 2.6.x
kernel's SG_IO ioctl. Thanks to Bradley Reed.
d/gettext-tools-0.15-i486-1.tgz: Upgraded to gettext-tools-0.15.
Thanks to steveo for noticing that this was missing from the ChangeLog.
l/arts-1.5.4-i486-1.tgz: Upgraded to arts-1.5.4.
kde/*: Upgraded to KDE 3.5.4. I know I told at least a few people that I
wasn't planning on including this in Slackware 11.0 at the last minute,
and there have been a couple of patches needed for it already.
Please test quickly. :-)
kdei/kde-i18n*: Upgraded kde-i18n packages for KDE 3.5.4.
n/dnsmasq-2.32-i486-2.tgz: Rebuilt after build script fixes from Fred Emmott
(moving the chown -R), and some more from me. Strangely, none of these
fixes seemed to make any difference in the package that was output,
but trust me, the build script is much better now. :-)
n/gnupg-1.4.5-i486-1.tgz: Upgraded to gnupg-1.4.5.
From the gnupg-1.4.5 NEWS file:
* Fixed 2 more possible memory allocation attacks. They are
similar to the problem we fixed with 1.4.4. This bug can easily
be be exploited for a DoS; remote code execution is not entirely
impossible.
(* Security fix *)
+--------------------------+
Tue Aug 1 19:04:52 CDT 2006
a/sysvinit-2.84-i486-59.tgz: In rc.S, give first priority to
"rc.modules.local" if it exists.
Try to shut down OpenLDAP in rc.6. Thanks to Ricardson Williams.
Merged some more LVM fixes into rc.6. Thanks to Cal Peake.
d/autoconf-2.60-noarch-1.tgz: Upgraded to autoconf-2.60.
kde/qca-tls-1.0-i486-2.tgz: Use the actual Qt installation path and not the
/usr/lib/qt symlink or the qca-tls module will be erased if the Qt package
is installed after this one (as happens in a new installation).
Thanks to Richard Fuller for the bug report.
extra/checkinstall/checkinstall-1.6.0-i486-1.tgz:
Upgraded to checkinstall-1.6.0.
testing/packages/lvm2/device-mapper-1.02.08-i486-1.tgz:
Upgraded to device-mapper.1.02.08.
testing/packages/lvm2/lvm2-2.02.07-i486-1.tgz: Upgraded to LVM2.2.02.07.
+--------------------------+
Tue Aug 1 01:11:11 CDT 2006
a/aaa_elflibs-11.0.0-i486-2.tgz: Added /usr/lib/libslang.so.2.0.6.
a/bin-11.0-i486-3.tgz: Removed /sbin/rescan-scsi-bus, which is better packaged
along with the /etc/rc.d/rc.scanluns script in the sysvinit package.
a/sysvinit-2.84-i486-58.tgz: Added symlinks for lastb. Make the install
script create /var/log/btmp if it doesn't already exist.
Thanks to Menno Duursma, Tomas Matejicek, and Gerardo Exequiel Pozzi.
Upgraded to the latest rescan-scsi-bus script.
Thanks to Mircea Baciu for pointing it out.
Use "tac" to deactivate LVM partitions in reverse order.
Thanks to Luigi Genoni.
Make sure usbfs gets mounted if it's in the kernel but hotplug is not used.
Thanks to Cal Peake.
If rc.M sees an executable rc.openldap, start it.
Thanks to Christopher Linnet.
In rc.scanluns, show the command that's being executed.
ap/jed-0.99_18-i486-3.tgz: Relinked against libslang.so.2.0.6. This does
seem to be the path of least resistance. :-)
d/subversion-1.3.2-i486-3.tgz: Rebuilt to fix wrong file ownerships in the
book included in the documentation. Thanks to Philip Lyons.
kde/kdenetwork-3.5.3-i486-3a.tgz: Patched for ICQ protocol changes.
kde/qca-1.0-i486-1.tgz: Added qca-1.0.
kde/qca-tls-1.0-i486-1.tgz: Added qca-tls-1.0. This and the qca package are
needed to support SSL connections with the Jabber(R) protocol in Kopete.
Thanks to Eric Hameleers, Markus Stauffer, and "--==HITMAN==--" for
suggesting the addition of these QCA packages.
l/atk-1.10.3-i486-2.tgz: Fixed slack-desc typo. Thanks to Nick Chorley.
l/slang-2.0.6-i486-1.tgz: Added slang-2.0.6.
l/slang1-1.4.9-i486-1.tgz: Renamed from slang-1.4.9-i486-1.tgz.
n/irssi-0.8.10a-i486-3.tgz: Fixed some strange directory permissions in the
documentation directory. Thanks to J.
tcl/tcl-8.4.13-i486-2.tgz: Added /usr/include/tcl-private/{generic,unix}
headers. Thanks to Sergio Luis for recommending this, as there are some
sources out there that require these header files.
+--------------------------+
Sun Jul 30 19:16:38 CDT 2006
n/samba-3.0.23a-i486-2.tgz: Fixed bad symlink to "using_samba" in the docs.
Thanks to Valentin Avram and William Hunt for reporting this.
ap/jed-0.99_18-i486-2.tgz: Reverted to isearch.sl from jed-0.99_16.
The version shipped in 0.99_18 seems to have problems unless jed is linked
with slang-2, which we're putting off for a little while due to the major
version bump and to let code that uses slang have a little time to catch up.
Thanks to Luigi Genoni for the bug report and fix.
Thanks as well to Petri Kaukasoina who also reported the problem.
ap/mysql-5.0.22-i486-2.tgz: Reverted to MySQL-5.0.22. Evidently MySQL-5.0.23
was never officially released due to bugs, but made it to the mirror sites
anyway. Beat Vontobel's web site has some additional information about this:
http://www.futhark.ch/mysql/148.html
Thanks very much to Jakub Jankowski telling me the deal about 5.0.23.
ap/vim-7.0.042-i486-2.tgz: Upgraded to ctags-5.6.
Thanks to Michael Iatrou for pointing out the new ctags.
Fixed a bug in the build script's patchlevel determination if $CWD contains
a dot. Thanks to Christophe Legras for the bug report and fix.
xap/vim-gvim-7.0.042-i486-2.tgz: Rebuilt. Fixed a bug in the build script's
patchlevel determination. Thanks to Christophe Legras.
Fixed an undefined variable in the vim-gvim build script.
Thanks to Bryan Germann.
+--------------------------+
Sun Jul 30 01:05:56 CDT 2006
a/devs-2.3.1-noarch-23.tgz: Fixed /dev/usb/scanner* group.
Thanks to Niels Kristian Bech Jensen.
Added /dev/fuse device. Thanks to Piter Punk.
Added /dev/mapper/control device.
a/kernel-modules-2.4.32-i486-5.tgz: Applied a patch to fix the X11 direct
rendering support for X.Org versions 6.9.0 and newer.
Thanks to Marin Mitov.
Specify the kernel version in the install script's depmod.
Thanks to Piter Punk.
ap/mysql-5.0.23-i486-1.tgz: Upgraded to mysql-5.0.23.
Suggested by Willy Sudiarto Raharjo.
d/oprofile-0.9.1-i486-2.tgz: Recompiled with gcc-3.4.6.
Thanks to Sunil Amitkumar Janki for pointing out that this was the last
package in Slackware still linked to libstdc++.so.5.
d/subversion-1.3.2-i486-2.tgz: Recompiled against the new apr and apr-util
packages. See below for details.
k/kernel-source-2.4.32-noarch-2.tgz: Applied a patch to fix the X11 direct
rendering support for X.Org versions 6.9.0 and newer.
Thanks to Marin Mitov.
l/alsa-driver-1.0.11_2.4.32-i486-3.tgz: Specify the kernel version in the
install script's depmod. Thanks to Piter Punk.
l/apr-1.2.7-i486-1.tgz: Added apr-1.2.7. This is needed by subversion and
other projects like Apache2. Thanks to Eugene Crosser for the suggestion
and detailed rationale behind not using the apr/apr-util in subversion.
l/apr-util-1.2.7-i486-1.tgz: Added apr-util-1.2.7.
This is needed by subversion and other projects.
n/bind-9.3.2-i486-4.tgz: Recompiled with --enable-threads.
Thanks to Marin Mitov for the suggestion.
xap/gxine-0.5.7-i486-1.tgz: Upgraded to gxine-0.5.7.
xap/imagemagick-6.2.8_7-i486-1.tgz: Upgraded to ImageMagick-6.2.8-7.
bootdisks/*: Prepped bootdisk version numbers.
extra/linux-2.6.16.27/alsa-driver-1.0.11_2.6.16.27-i486-2.tgz: Specify the
kernel version in the install script's depmod. Thanks to Piter Punk.
extra/linux-2.6.16.27/kernel-modules-2.6.16.27-i486-3.tgz: Specify the
kernel version in the install script's depmod. Thanks to Piter Punk.
extra/slackpkg/slackpkg-2.06-noarch-1.tgz: Upgraded to slackpkg-2.06-noarch-1.
Thanks to Piter Punk.
testing/packages/linux-2.6.17.7/kernel-modules-2.6.17.7-i486-2.tgz: Specify
the kernel version in the install script's depmod. Thanks to Piter Punk.
+--------------------------+
Fri Jul 28 17:32:54 CDT 2006
n/apache-1.3.37-i486-1.tgz: Upgraded to apache-1.3.37.
From the announcement on httpd.apache.org:
This version of Apache is security fix release only. An off-by-one flaw
exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3
since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.
The Slackware Security Team feels that the vast majority of installations
will not be configured in a vulnerable way but still suggests upgrading to
the new apache and mod_ssl packages for maximum security.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747
And see Apache's announcement here:
http://www.apache.org/dist/httpd/Announcement1.3.html
(* Security fix *)
n/mod_ssl-2.8.28_1.3.37-i486-1.tgz: Upgraded to mod_ssl-2.8.28-1.3.37.
+--------------------------+
Fri Jul 28 02:28:10 CDT 2006
a/bin-11.0-i486-2.tgz: Updated rescan-scsi-bus for 2.6 kernel compatibility.
Upgraded to eject-2.1.5.
+--------------------------+
Thu Jul 27 16:27:57 CDT 2006
n/nmap-4.11-i486-1.tgz: Upgraded to nmap-4.11.
Suggested by Willy Sudiarto Raharjo.
xap/mozilla-firefox-1.5.0.5-i686-1.tgz: Upgraded to firefox-1.5.0.5.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
xap/mozilla-thunderbird-1.5.0.5-i686-1.tgz: Upgraded to thunderbird-1.5.0.5.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
xap/seamonkey-1.0.3-i486-1.tgz: Upgraded to seamonkey-1.0.3.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
+--------------------------+
Wed Jul 26 20:51:13 CDT 2006
a/aaa_elflibs-11.0.0-i486-1.tgz: Refreshed libraries, added attr and acl.
a/lilo-22.7.2.1-i486-2.tgz: OK, now the patch is actually applied. :-)
Thanks to arny -- I'm evidently too used to using "zcat" for patches.
a/sysvinit-2.84-i486-57.tgz: Merged the following changes:
Try to use a kernel specific rc.modules script if one is found.
Added rc.scanluns to look for devices on non-zero LUNs.
Shut down sshd in rc.6 so connections don't hang;
Thanks to Michael Iatrou and Steven Saner for reporting this issue.
Changed how LVM2 is deactivated in rc.6 (thanks to Cal Peake).
Previously there were problems since / might have already been remounted as
read-only before LVM2 was taken down. Now I suspect there could be problems
if the / is on LVM, so perhaps this is not the optimal solution...
Umount CIFS filesystems in rc.6 (thanks to Jef Oliver).
Umount NFS, SMB, and CIFS filesystems in rc.K;
Thanks to Drew, and to Eric Hameleers for the bug reports.
Fixed chown root:utmp in rc.S to use ':', not '.' (thanks to Adiel Mittmann).
Remove saslauthd.pid (if present) in rc.S (thanks to Andy Preston).
Stop saslauthd properly in rc.6 (thanks to Andy Preston).
Don't shut down networking in rc.6 if / is on NFS (thanks to Luca Fabbro).
Add a one second sleep after starting rc.udev. According to Robby Workman
this is just enough time for some slower devices to activate for mount.
Load rc.keymap in rc.K (thanks to Ignacio Bermejo).
Use "respawn" rather than "wait" for runlevel 4 (thanks to Wayne Marshall).
Don't try to mount sysfs twice in rc.S (thanks to Moo).
d/python-2.4.3-i486-4.tgz: Fixed build script bugs. Thanks to Fred Emmott.
d/ruby-1.8.4-i486-2.tgz: Recompiled with --enable-shared
and --enable-install-doc. Thanks to Fernando Lujan.
xap/fluxbox-1.0rc2-i486-1.tgz: Upgraded to fluxbox-1.0rc2.
Thanks to Andrew Brouwers for letting me know about this.
xap/xchat-2.6.6-i486-1.tgz: Upgraded to xchat-2.6.6. Thanks to CJ Johnson.
+--------------------------+
Wed Jul 26 01:55:38 CDT 2006
a/lilo-22.7.2.1-i486-1.tgz: Upgraded to lilo-22.7.2.1.
Thanks to James W. Laferriere for pointing out the patch.
a/kernel-ide-2.4.32-i486-4.tgz: Fixed gzipped System.map.
a/udev-071-i486-2.tgz: Applied pty patch from Ken Milmore.
Fixed world writable documentation permissions reported by John Jenkins after
a discussion about whether that was really the right course of action. ;-)
Merged IEEE1394 RAW device handling changes from Christian Casteyde.
ap/joe-3.5-i486-1.tgz: Upgraded to joe-3.5.
ap/vim-7.0.042-i486-1.tgz: Upgraded to the latest patchlevel.
Added many extra features.
Thanks to Ricardo Garc?a for requesting omni completion for
vim, which got me thinking about all kinds of ways to improve
this and the (renamed) vim-gvim package. :-)
d/clisp-2.39-i486-1.tgz: Upgraded to clisp-2.39 and libsigsegv-2.4.
d/git-1.4.1.1-i486-1.tgz: Upgraded to git-1.4.1.1.
d/m4-1.4.5-i486-1.tgz: Upgraded to m4-1.4.5.
d/mercurial-0.9.1-i486-1.tgz: Upgraded to mercurial-0.9.1.
d/python-2.4.3-i486-3.tgz: Merged the python, python-demo, and python-tools
packages, bloating the python package by a whopping 2%!
d/ruby-1.8.4-i486-1.tgz: Added Ruby since Amarok needs it...
kde/amarok-1.4.1-i486-1.tgz: Upgraded to amarok-1.4.1.
kde/kdeaccessibility-3.5.3-i486-3.tgz: Recompiled to use libpng.so.3.
kde/kdeaddons-3.5.3-i486-3.tgz: Recompiled to use libpng.so.3.
kde/kdeadmin-3.5.3-i486-3.tgz: Recompiled.
kde/kdeartwork-3.5.3-i486-3.tgz: Recompiled to use libpng.so.3.
kde/kdebase-3.5.3-i486-3.tgz: Recompiled to use libpng.so.3.
kde/kdebindings-3.5.3-i486-3.tgz: Recompiled.
I wasn't able to get the Ruby binding to compile... sorry.
kde/kdeedu-3.5.3-i486-3.tgz: Recompiled.
kde/kdegames-3.5.3-i486-3.tgz: Recompiled.
kde/kdegraphics-3.5.3-i486-3.tgz: Recompiled to use libpng.so.3.
kde/kdelibs-3.5.3-i486-3.tgz: Recompiled to use libpng.so.3.
kde/kdemultimedia-3.5.3-i486-3.tgz: Recompiled to use libpng.so.3.
kde/kdenetwork-3.5.3-i486-3.tgz: Recompiled.
kde/kdepim-3.5.3-i486-3.tgz: Recompiled to use libpng.so.3.
kde/kdesdk-3.5.3-i486-3.tgz: Recompiled.
kde/kdetoys-3.5.3-i486-3.tgz: Recompiled.
kde/kdeutils-3.5.3-i486-3.tgz: Recompiled.
kde/kdevelop-3.3.3-i486-2.tgz: Recompiled.
kde/kdewebdev-3.5.3-i486-3.tgz: Recompiled.
kde/koffice-1.5.2-i486-2.tgz: Recompiled to use libpng.so.3.
kde/qt-3.3.6-i486-2.tgz: Recompiled with a patch by Lars Knoll to fix
Arabic scripts.
l/arts-1.5.3-i486-3.tgz: Recompiled to use libpng.so.3.
l/aspell-0.60.4-i486-1.tgz: Upgraded to aspell-0.60.4.
l/libpng-1.2.12-i486-1.tgz: Upgraded to libpng-1.2.12.
The libpng.so has gone .3 -> .0 -> .3. I'll see what I can do about getting
everything that's linked to .0 relinked with .3, as that's the major library
number Slackware 10.2's libpng.so is using. There is a .0 symlink to keep
any code that was compiled while that was the number working just fine, but
I will recompile a bunch of things mostly for the sake not using this link.
It works either way, but I have an OCD about silly things like this. ;-)
l/libwmf-0.2.8.4-i486-2.tgz: Recompiled to use libpng.so.3.
l/libwmf-docs-0.2.8.4-noarch-2.tgz: Rebuilt.
l/libmusicbrainz-2.1.3-i486-1.tgz: Upgraded to libmusicbrainz-2.1.3.
l/sdl-1.2.11-i486-1.tgz: Upgraded to sdl-1.2.11.
Thanks to Jesper Juhl for the heads-up.
l/libtunepimp-0.4.2-i486-2.tgz: Patched an overflow (CVE-2006-3600).
Yes, there is libtunepimp-0.5.0. Probably less supported by the existing
codebase, and certainly not tested for as long. We will wait for the next
cycle on that, especially as it requires a couple of new dependencies.
(* Security fix *)
(-current only)
n/dhcpcd-2.0.4-i486-2.tgz: Patched to move the pid/config directory back to
/etc/dhcpc, since /var may not yet be mounted when dhcpcd is started.
Issue noted by John Jenkins.
n/links-2.1pre22-i486-2.tgz: Recompiled to use libpng.so.3.
n/mutt-1.4.2.2i-i486-1.tgz: Upgraded to mutt-1.4.2.2i.
This release fixes CVE-2006-3242, a buffer overflow that could be triggered
by a malicious IMAP server.
[Connecting to malicious IMAP servers must be common, right? -- Ed.]
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3242
(* Security fix *)
n/nfs-utils-1.0.9-i486-1.tgz: Upgraded to nfs-utils-1.0.9.
n/php-4.4.2-i486-5.tgz: Recompiled to use libpng.so.3.
n/samba-3.0.23a-i486-1.tgz: Upgraded to samba-3.0.23a.
Removed /sbin/umount.smbfs symlink which was causing problems at shutdown.
Thanks to Robby Workman for the bug report.
t/tetex-3.0-i486-3.tgz: Recompiled against libpng-1.2.12.
t/tetex-doc-3.0-i486-3.tgz: Rebuilt.
x/fontconfig-2.2.3-i486-1.tgz: Split fontconfig into a separate package.
Look, we're modularizing for ease of maintainance! :-)
x/freetype-2.1.9-i486-1.tgz: Split freetype into a separate package.
Patched CVE-2006-1861 linux 2.6.x setuid() related bugs.
(* Security fix *)
x/x11-6.9.0-i486-5.tgz: Rebuilt. Removed fontconfig/freetype files.
Patched some more possible linux 2.6.x setuid() related bugs:
http://lists.freedesktop.org/archives/xorg-announce/2006-June/000100.html
(* Security fix *)
x/x11-devel-6.9.0-i486-5.tgz: Rebuilt. Removed fontconfig/freetype files.
Patched with setuid() usage fixes as described above. Again, this issue
is only vulnerable on certain 2.6 kernels.
(* Security fix *)
x/x11-docs-6.9.0-noarch-5.tgz: Rebuilt. Removed fontconfig/freetype files.
x/x11-docs-html-6.9.0-noarch-5.tgz: Rebuilt.
x/x11-fonts-100dpi-6.9.0-noarch-5.tgz: Rebuilt.
x/x11-fonts-cyrillic-6.9.0-noarch-5.tgz: Rebuilt.
x/x11-fonts-misc-6.9.0-noarch-5.tgz: Rebuilt.
x/x11-fonts-scale-6.9.0-noarch-5.tgz: Rebuilt.
x/x11-xdmx-6.9.0-i486-5.tgz: Rebuilt.
x/x11-xnest-6.9.0-i486-5.tgz: Rebuilt.
x/x11-xvfb-6.9.0-i486-5.tgz: Rebuilt.
xap/gimp-2.2.12-i486-1.tgz: Upgraded to gimp-2.2.12.
This release fixes a security hole in the XCF parser.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3404
(* Security fix *)
xap/imagemagick-6.2.8_4-i486-1.tgz: Upgraded to ImageMagick-6.2.8-4.
xap/seamonkey-1.0.2-i486-2.tgz: Recompiled to use libpng.so.3.
xap/vim-gvim-7.0.042-i486-1.tgz: Renamed from "xvim", now requires the
vim package from the AP series. Shared files have been eliminated.
xap/xine-lib-1.1.2-i686-1.tgz: Upgraded to xine-lib-1.1.2.
According to xinehq.de's announcement:
There are three security fixes:
- CVE-2005-4048: possible buffer overflow in libavcodec (crafted PNGs);
- CVE-2006-2802: possible buffer overflow in the HTTP plugin;
- possible buffer overflow via bad indexes in specially-crafted AVI files.
(* Security fix *)
xap/xsane-0.991-i486-2.tgz: Recompiled to use libpng.so.3.
extra/aspell-word-lists/aspell-*tgz: Rebuilt, with several packages upgraded.
extra/dejavu-ttf/dejavu-ttf-20060720_995-noarch-1.tgz: Added DejaVu fonts.
Thanks to Lukasz Stelmach for the initial build script.
extra/k3b/k3b-0.12.16-i486-2.tgz: Recompiled to use libpng.so.3.
extra/linux-2.6.16.27/kernel-modules-2.6.16.27-i486-2.tgz:
Made a slight adjustment to rc.modules-2.6.16.27 to attempt to silence it
when used on a machine running a 2.4.x kernel and without an activated
parallel port. I don't think it helped (or hurt) though...
kernels/test26.s/*: Upgraded test26.s kernel to 2.6.17.7.
testing/packages/linux-2.6.17.7/kernel-generic-2.6.17.7-i486-1.tgz:
Upgraded to Linux 2.6.17.7 generic kernel.
testing/packages/linux-2.6.17.7/kernel-headers-2.6.17.7-i386-1.tgz:
Upgraded to Linux 2.6.17.7 kernel headers.
testing/packages/linux-2.6.17.7/kernel-modules-2.6.17.7-i486-1.tgz
Upgraded to Linux 2.6.17.7 kernel modules.
testing/packages/linux-2.6.17.7/kernel-source-2.6.17.7-noarch-1.tgz
Upgraded to Linux 2.6.17.7 kernel source.
+--------------------------+
Tue Jul 18 22:37:26 CDT 2006
a/lilo-22.7.2-i486-1.tgz: Upgraded to lilo-22.7.2.
kde/koffice-1.5.2-i486-1.tgz: Upgraded to koffice-1.5.2.
Thanks to the KOffice team who did incredible work on this.
kdei/koffice-l10n-*-noarch-1.tgz:
Upgraded to l10n packages for koffice-1.5.2.
n/samba-3.0.23-i486-2.tgz: Patched a problem in nsswitch/wins.c that
caused crashes in the wins and/or winbind libraries. Thanks to
Mikhail Kshevetskiy for pointing out the issue and offering a
reference to the patch in Samba's source repository.
Thanks again to Andrea for this batch of kernel packages, and also thanks
for compiling all those intermediate kernels that were replaced upstream
and went unreleased in Slackware -current...
Ah, the things that go on here behind the scenes. ;-)
extra/linux-2.6.16.27/alsa-driver-1.0.11_2.6.16.27-i486-1.tgz:
Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.27.
extra/linux-2.6.16.27/kernel-generic-2.6.16.27-i486-1.tgz:
Upgraded to Linux 2.6.16.27 generic kernel.
extra/linux-2.6.16.27/kernel-headers-2.6.16.27-i386-1.tgz:
Upgraded to Linux 2.6.16.27 kernel headers.
extra/linux-2.6.16.27/kernel-modules-2.6.16.27-i486-1.tgz
Upgraded to Linux 2.6.16.27 kernel modules.
extra/linux-2.6.16.27/kernel-source-2.6.16.27-noarch-1.tgz
Upgraded to Linux 2.6.16.27 kernel source.
kernels/huge26.s/*: Upgraded huge26.s kernel to 2.6.16.27.
kernels/test26.s/*: Upgraded test26.s kernel to 2.6.17.6.
testing/packages/linux-2.6.17.6/kernel-generic-2.6.17.6-i486-1.tgz:
Upgraded to Linux 2.6.17.6 generic kernel.
testing/packages/linux-2.6.17.6/kernel-headers-2.6.17.6-i386-1.tgz:
Upgraded to Linux 2.6.17.6 kernel headers.
testing/packages/linux-2.6.17.6/kernel-modules-2.6.17.6-i486-1.tgz
Upgraded to Linux 2.6.17.6 kernel modules.
testing/packages/linux-2.6.17.6/kernel-source-2.6.17.6-noarch-1.tgz
Upgraded to Linux 2.6.17.6 kernel source.
+--------------------------+
Fri Jul 14 18:31:20 CDT 2006
We *are* getting closer to 11.0, friends.
I'm hoping for a larger changeset soon, but this should be fun to play with
for now as I work on the TODO list; merging, compiling, and initial testing.
n/samba-3.0.23-i486-1.tgz: Upgraded to samba-3.0.23.
This fixes a minor memory exhaustion DoS in smbd.
The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403
(* Security fix *)
kernels/huge26.s/*: Upgraded huge26.s kernel to 2.6.16.24.
The name of the big kernel with many built-in options has been changed from
test26.s to huge26.s to reflect that Slackware 11.0 will consider the
2.6.16.x kernel series to be a supported kernel series. However, I'm
probably going to leave the bare.i 2.4.32 kernel as the default kernel (or
perhaps sata.i?) as it has very good performance and probably better security
due to the simpler and longer-tested design. I might apply or at least make
available in the kernel-source package for 2.4.32 a patch to fix direct
rendering with 2.4.x kernels and X.Org 6.9.0 or newer. Since anyone using
Slackware for server use isn't likely to be loading the DRI modules, it's
untouched code on those machines and won't affect server stability (well,
depending on what, if anything, outside of the module is changed in the
kernel). It is probably a safe enough patch to apply. I'd rather ship 100%
vanilla kernels (and might, with the patch "on the side"), but DRI does not
work without the patch past X.Org 6.8.2. Is this enough text here?
Perhaps I should rename this my "ChangeBlog".
Thanks to Andrea Volkerding for compiling these kernel packages: :-)
extra/linux-2.6.16.24/alsa-driver-1.0.11_2.6.16.24-i486-1.tgz:
Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.24.
extra/linux-2.6.16.24/kernel-generic-2.6.16.24-i486-1.tgz:
Upgraded to Linux 2.6.16.24 generic kernel.
extra/linux-2.6.16.24/kernel-headers-2.6.16.24-i386-1.tgz:
Upgraded to Linux 2.6.16.24 kernel headers.
extra/linux-2.6.16.24/kernel-modules-2.6.16.24-i486-1.tgz
Upgraded to Linux 2.6.16.24 kernel modules.
extra/linux-2.6.16.24/kernel-source-2.6.16.24-noarch-1.tgz
Upgraded to Linux 2.6.16.24 kernel source.
testing/packages/linux-2.6.17.4/kernel-generic-2.6.17.4-i486-1.tgz:
Upgraded to Linux 2.6.17.4 generic kernel.
testing/packages/linux-2.6.17.4/kernel-headers-2.6.17.4-i386-1.tgz:
Upgraded to Linux 2.6.17.4 kernel headers.
testing/packages/linux-2.6.17.4/kernel-modules-2.6.17.4-i486-1.tgz
Upgraded to Linux 2.6.17.4 kernel modules.
testing/packages/linux-2.6.17.4/kernel-source-2.6.17.4-noarch-1.tgz
Upgraded to Linux 2.6.17.4 kernel source.
+--------------------------+
Thu Jun 29 02:03:45 CDT 2006
n/ppp-2.4.4-i486-1.tgz: Upgraded to ppp-2.4.4.
n/rp-pppoe-3.8-i486-2.tgz: Recompiled with --enable-plugin.
Thanks to Fr?d?ric L. W. Meunier for the suggestion.
extra/k3b/k3b-0.12.16-i486-1.tgz: Upgraded to k3b-0.12.16.
Thanks to Matthew Johnson for pointing out the new release.
extra/k3b/k3b-i18n-0.12.16-noarch-1.tgz: Upgraded to k3b-i18n-0.12.16.
+--------------------------+
Tue Jun 27 18:18:30 CDT 2006
kde/kdebase-3.5.3-i486-2.tgz: Patched a problem with kdm where it could be
abused to read any file on the system.
The official KDE security advisory may be found here:
http://www.kde.org/info/security/advisory-20060614-1.txt
The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449
(* Security fix *)
Also patched a non-security issue where KDE's screensaver would not activate.
l/arts-1.5.3-i486-2.tgz: Patched to fix a possible exploit if artswrapper is
setuid root (which, by default, it is not) and the system is running a 2.6
kernel. Systems running 2.4 kernels are not affected.
The official KDE security advisory may be found here:
http://www.kde.org/info/security/advisory-20060614-2.txt
The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916
(* Security fix *)
n/gnupg-1.4.4-i486-1.tgz: Upgraded to gnupg-1.4.4.
This version fixes a memory allocation issue that could allow an attacker to
crash GnuPG creating a denial-of-service.
The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082
n/nn-6.7.3-i486-1.tgz: Upgraded to nn-6.7.3.
Thanks to Aaron Hsu for helping with this package.
extra/blackbox-0.70.1/blackbox-0.70.1-i486-1.tgz: Upgraded to blackbox-0.70.1.
extra/ham/xastir-1.8.2-i486-2.tgz: Upgraded to xastir-1.8.2.
Thanks to Arno Verhoeven for the upgraded package.
+--------------------------+
Sun Jun 25 23:59:11 CDT 2006
a/lilo-22.7.1-i486-1.tgz: Upgraded to lilo-22.7.1.
Thanks to George Iosif for reporting that this new LILO version is
needed to boot a Toshiba Tecra S3 laptop.
Thanks to Tomas Matejicek for suggestions on refining the build script.
This version was also suggested as an upgrade by Rene Huber and Grant.
a/procps-3.2.7-i486-1.tgz: Upgraded to procps-3.2.7 and psmisc-22.2.
ap/jed-0.99_18-i486-1.tgz: Upgraded to jed-0.99_18.
ap/sox-12.18.1-i486-1.tgz: Upgraded to sox-12.18.1.
l/mhash-0.9.7-i486-1.tgz: Upgraded to mhash-0.9.7, which should fix
some breakage reported by Bradley Reed.
+--------------------------+
Sun Jun 25 00:46:13 CDT 2006
a/coreutils-5.97-i486-1.tgz: Upgraded to coreutils-5.97.
a/gettext-0.14.6-i486-1.tgz: Upgraded to gettext-0.14.6.
ap/joe-3.4-i486-2.tgz: Fixed permissions on some documentation files.
Thanks to Nathan Black for noticing they were wrong.
ap/mdadm-2.5.1-i486-1.tgz: Upgraded to mdadm-2.5.1.
d/gdb-6.5-i486-1.tgz: Upgraded to gdb-6.5.
d/gettext-tools-0.14.6-i486-1.tgz: Upgraded to gettext-tools-0.14.6.
d/git-1.4.0-i486-1.tgz: Upgraded to git-1.4.0.
Added the man pages.
Thanks to Seb for pointing out the git-manpages archive on kernel.org.
l/gtk+2-2.8.19-i486-1.tgz: Upgraded to gtk+-2.8.19.
Looks like there's a bit more fallout over the PNG -lz debate...
Thanks to Jason A Miller and Giacomo Lozito for reporting the problem
with PNG images and pointing out the needed patch.
testing/packages/php-5.1.4/php-5.1.4-i486-2.tgz: Recompiled with --enable-soap.
Thanks to Aleksandar Jevremovic for the suggestion.
+--------------------------+
Thu Jun 22 23:10:53 CDT 2006
a/e2fsprogs-1.38-i486-2.tgz: Reverted to e2fsprogs-1.38 due to reports of
broken floppy support (e2fsck /dev/fd0). Since there were no bug reports
here regarding e2fsprogs-1.38 (other than it not being the latest version),
I'm reverting to the last known working version to play it safe.
Thanks to Mikhail Zotov for reporting this issue along with an example of
how to easily reproduce it.
n/getmail-4.6.3-noarch-1.tgz: Upgraded to getmail-4.6.3.
kernels/test26.s/*: Upgraded test26.s kernel to 2.6.16.22.
testing/packages/linux-2.6.16.22/alsa-driver-1.0.11_2.6.16.22-i486-1.tgz:
Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.22.
testing/packages/linux-2.6.16.22/kernel-generic-2.6.16.22-i486-1.tgz:
Upgraded to Linux 2.6.16.22 generic kernel.
I hope everyone had plenty of time to test that last kernel. ;-)
testing/packages/linux-2.6.16.22/kernel-headers-2.6.16.22-i386-1.tgz:
Upgraded to Linux 2.6.16.22 kernel headers.
testing/packages/linux-2.6.16.22/kernel-modules-2.6.16.22-i486-1.tgz
Upgraded to Linux 2.6.16.22 kernel modules.
testing/packages/linux-2.6.16.22/kernel-source-2.6.16.22-noarch-1.tgz
Upgraded to Linux 2.6.16.22 kernel source.
+--------------------------+
Thu Jun 22 00:40:30 CDT 2006
l/sdl-1.2.10-i486-3.tgz: Recompiled with --disable-x11-shared to
avoid problems with nVidia's drivers.
Thanks to Giacomo Lozito for reporting this issue.
n/dhcpcd-2.0.4-i486-1.tgz: Switched to dhcpcd version 2.0.4 after
receiving some reports of problems with the latest version. There
were no reports of problems with dhcpcd-2.0.1 here, and it was only
upgraded in order to have the new, shiny version. But, rather than
go all the way back to 2.0.1, we'll try 2.0.4 since one report was
detailed enough to note that 2.0.4 worked while 2.0.6 didn't.
Thanks to christian laubscher, Luca, and Dave Miller for providing
useful data about these problems.
In case anyone upstream is reading this, one of the problems was
dhcpcd failing to work with the DHCP server built into the ZyXEL
Prestige 650H-E1 router, and another issue was that after 2.0.4 it
would no longer work with token ring.
If any of these people have the time to test this new package and
report success or failure, it would be appreciated. :-)
kernels/test26.s/*: Upgraded test26.s kernel to 2.6.16.21.
testing/packages/linux-2.6.16.21/alsa-driver-1.0.11_2.6.16.21-i486-1.tgz:
Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.21.
testing/packages/linux-2.6.16.21/kernel-generic-2.6.16.21-i486-1.tgz:
Upgraded to Linux 2.6.16.21 generic kernel.
testing/packages/linux-2.6.16.21/kernel-headers-2.6.16.21-i386-1.tgz:
Upgraded to Linux 2.6.16.21 kernel headers.
testing/packages/linux-2.6.16.21/kernel-modules-2.6.16.21-i486-1.tgz
Upgraded to Linux 2.6.16.21 kernel modules.
testing/packages/linux-2.6.16.21/kernel-source-2.6.16.21-noarch-1.tgz
Upgraded to Linux 2.6.16.21 kernel source.
+--------------------------+
Mon Jun 19 00:28:53 CDT 2006
xap/xchat-2.6.4-i486-2.tgz: Patched to fix proxy support.
Thanks to Bren and Stefan Misch for pointing out the patch.
+--------------------------+
Thu Jun 15 00:39:04 CDT 2006
a/e2fsprogs-1.39-i486-1.tgz: Upgraded to e2fsprogs-1.39.
ap/man-pages-2.33-noarch-1.tgz: Upgraded to man-pages-2.33.
ap/quota-3.13-i486-1.tgz: Upgraded to quota-3.13.
d/cvs-1.11.22-i486-1.tgz: Upgraded to cvs-1.11.22.
l/fribidi-0.10.7-i486-1.tgz: Upgraded to fribidi-0.10.7.
l/libgsf-1.14.1-i486-1.tgz: Upgraded to libgsf-1.14.1.
l/librsvg-2.14.4-i486-1.tgz: Upgraded to librsvg-2.14.4.
l/libxml2-2.6.26-i486-1.tgz: Upgraded to libxml2-2.6.26.
l/libxslt-1.1.17-i486-1.tgz: Upgraded to libxslt-1.1.17.
l/libwmf-0.2.8.4-i486-1.tgz: Upgraded to libwmf-0.2.8.4.
l/libwmf-docs-0.2.8.4-noarch-1.tgz: Upgraded to libwmf-0.2.8.4 docs.
l/libwpd-0.8.5-i486-1.tgz: Upgraded to libwpd-0.8.5.
This might require a few things to be recompiled, so please report
any compatibility issues here.
l/mhash-0.9.6-i486-1.tgz: Upgraded to mhash-0.9.6.
n/curl-7.15.4-i486-1.tgz: Upgraded to curl-7.15.4.
n/irssi-0.8.10a-i486-2.tgz: Patched to fix a pointer bug that causes irssi
to dump core on exit. Thanks to Andrew Brouwers for the bug report and
pointers to a discussion and patch.
n/lftp-3.4.7-i486-1.tgz: Upgraded to lftp-3.4.7.
n/nmap-4.10-i486-1.tgz: Upgraded to nmap-4.10.
n/ntp-4.2.2-i486-1.tgz: Upgraded to ntp-4.2.2.
n/openldap-client-2.3.24-i486-1.tgz: Upgraded to openldap-2.3.24.
n/sendmail-8.13.7-i486-1.tgz: Upgraded to sendmail-8.13.7.
Fixes a potential denial of service problem caused by excessive recursion
leading to stack exhaustion when attempting delivery of a malformed MIME
message. This crashes sendmail's queue processing daemon, which in turn
can lead to two problems: depending on the settings, these crashed
processes may create coredumps which could fill a drive partition; and
such a malformed message in the queue will cause queue processing to
cease when the message is reached, causing messages that are later in
the queue to not be processed.
Sendmail's complete advisory may be found here:
http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
Sendmail has also provided an FAQ about this issue:
http://www.sendmail.com/security/advisories/SA-200605-01/faq.shtml
The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
(* Security fix *)
n/sendmail-cf-8.13.7-noarch-1.tgz: Upgraded to sendmail-8.13.7 configs.
xap/fluxbox-1.0rc-i486-1.tgz: Upgraded to fluxbox-1.0rc.
I considered using --prefix=/usr here since X.Org will be moving from
/usr/X11R6 to /usr when Slackware absorbs the modular release, but I
think it will be best to wait and make those changes all at once.
This, BTW, will be sometime after the 11.0 release. This current to
stable cycle has already taken too much time (10.2 is in need of
replacement), and introducing changes that might break things at this
point would be foolhardy. Although there's still quite a bit in the
TODO queue here I'm making my steps carefully as -current is very
stable, and I think it should ship as a stable 11.0 soon so that we can
get back to the business of breaking things in -current. :-)
xap/imagemagick-6.2.8_0-i486-1.tgz: Upgraded to ImageMagick-6.2.8-0.
xap/xchat-2.6.4-i486-1.tgz: Upgraded to xchat-2.6.4.
xap/xsane-0.991-i486-1.tgz: Upgraded to xsane-0.991.
Thanks to Nicolas Friedli for pointing out that I'd had this source
ready to compile in source/xap/xsane for a couple of months. :-)
+--------------------------+
Mon Jun 12 07:46:26 CDT 2006
d/doxygen-1.4.7-i486-1.tgz: Touched/resynced as this package got mangled
in upload somehow. Thanks to Marin Mitov for pointing this out.
+--------------------------+
Sun Jun 11 17:27:32 CDT 2006
d/doxygen-1.4.7-i486-1.tgz: Upgraded to doxygen-1.4.7.
kde/amarok-1.4.0a-i486-1.tgz: Upgraded to amarok-1.4.0a.
Thanks to Steven Robson for pointing out the stealth re-release.
l/sdl-1.2.10-i486-2.tgz: Fixed the ./configure options so that SDL does not
use dlopen() to link to the shared graphics libraries, as dlopen() wasn't
working with the new PNG library. Thanks to Fran?ois Cojean and
Rapha?l Prevost for bug report and patch.
n/bootp-2.4.3-i486-2.tgz: Patched to work with 2.6.x kernels.
Thanks to Simon Munton.
n/dhcpcd-2.0.6-i486-1.tgz: Upgraded to dhcpcd-2.0.6.
Moved /etc/dhcpc/dhcpcd.exe to /etc/dhcpc/dhcpcd.exe-sample to prevent
error messages in the log files. The sources install this as non-
executable, and there's little reason that I can see to use it in its
default form as it only puts redundant information in the logs.
It might be a useful stub for some other purpose though...
Thanks to David Houlden and Luis for reporting the issue.
n/dnsmasq-2.32-i486-1.tgz: Upgraded to dnsmasq-2.32.
extra/slackpkg/slackpkg-2.05-noarch-7.tgz: Upgraded to slackpkg-2.05-noarch-7.
Thanks to Piter Punk.
+--------------------------+
Thu Jun 8 00:11:35 CDT 2006
a/acl-2.2.34-i486-1.tgz: Moved from AP series since so many binaries require
this (or will). Made acl an ADD (required) package in the tagfile.
a/attr-2.4.28-i486-1.tgz: Moved from AP series since so many binaries require
this (or will). Made attr an ADD (required) package in the tagfile.
d/mercurial-0.9-i486-2.tgz: Fixed missing man pages. (thanks to Seb)
d/python-2.4.3-i486-2.tgz: Rebuilt with --enable-ipv6.
I don't know if this option actually does anything, but it can't hurt. ;-)
Suggested by Lukasz Stelmach.
d/python-demo-2.4.3-noarch-2.tgz: Rebuilt.
d/python-tools-2.4.3-noarch-2.tgz: Rebuilt.
n/samba-3.0.22-i486-2.tgz: Recompiled with --with-acl-support=yes.
Suggested by Ricardson Williams.
+--------------------------+
Mon Jun 5 18:57:15 CDT 2006
a/jfsutils-1.1.11-i486-1.tgz: Upgraded to jfsutils-1.1.11.
n/apache-1.3.36-i486-1.tgz: Upgraded to apache-1.3.36.
n/mod_ssl-2.8.27_1.3.36-i486-1.tgz: Upgraded to mod_ssl-2.8.27-1.3.36.
kernels/test26.s/*: Upgraded test26.s kernel to 2.6.16.20.
testing/packages/linux-2.6.16.20/alsa-driver-1.0.11_2.6.16.20-i486-1.tgz:
Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.20.
testing/packages/linux-2.6.16.20/kernel-generic-2.6.16.20-i486-1.tgz:
Upgraded to Linux 2.6.16.20 generic kernel.
testing/packages/linux-2.6.16.20/kernel-headers-2.6.16.20-i386-1.tgz:
Upgraded to Linux 2.6.16.20 kernel headers.
testing/packages/linux-2.6.16.20/kernel-modules-2.6.16.20-i486-1.tgz
Upgraded to Linux 2.6.16.20 kernel modules.
testing/packages/linux-2.6.16.20/kernel-source-2.6.16.20-noarch-1.tgz
Upgraded to Linux 2.6.16.20 kernel source.
+--------------------------+
Sun Jun 4 22:17:14 CDT 2006
a/sharutils-4.6.3-i486-1.tgz: Upgraded to sharutils-4.6.3.
ap/joe-3.4-i486-1.tgz: Upgraded to joe-3.4.
ap/mysql-5.0.22-i486-1.tgz: Upgraded to mysql-5.0.22.
This fixes an SQL injection vulnerability.
For more details, see the MySQL 5.0.22 release announcement here:
http://lists.mysql.com/announce/365
The CVE entry for this issue will be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753
(* Security fix *)
kde/kdeaccessibility-3.5.3-i486-1.tgz: Upgraded to kdeaccessibility-3.5.3.
kde/kdeaddons-3.5.3-i486-1.tgz: Upgraded to kdeaddons-3.5.3.
kde/kdeadmin-3.5.3-i486-1.tgz: Upgraded to kdeadmin-3.5.3.
kde/kdeartwork-3.5.3-i486-1.tgz: Upgraded to kdeartwork-3.5.3.
kde/kdebase-3.5.3-i486-1.tgz: Upgraded to kdebase-3.5.3.
kde/kdebindings-3.5.3-i486-1.tgz: Upgraded to kdebindings-3.5.3.
kde/kdeedu-3.5.3-i486-1.tgz: Upgraded to kdeedu-3.5.3.
kde/kdegames-3.5.3-i486-1.tgz: Upgraded to kdegames-3.5.3.
kde/kdegraphics-3.5.3-i486-1.tgz: Upgraded to kdegraphics-3.5.3.
kde/kdelibs-3.5.3-i486-1.tgz: Upgraded to kdelibs-3.5.3.
kde/kdemultimedia-3.5.3-i486-1.tgz: Upgraded to kdemultimedia-3.5.3.
kde/kdenetwork-3.5.3-i486-1.tgz: Upgraded to kdenetwork-3.5.3.
kde/kdepim-3.5.3-i486-1.tgz: Upgraded to kdepim-3.5.3.
kde/kdesdk-3.5.3-i486-1.tgz: Upgraded to kdesdk-3.5.3.
kde/kdetoys-3.5.3-i486-1.tgz: Upgraded to kdetoys-3.5.3.
kde/kdeutils-3.5.3-i486-1.tgz: Upgraded to kdeutils-3.5.3.
kde/kdevelop-3.3.2-i486-1.tgz: Upgraded to kdevelop-3.3.2.
kde/kdewebdev-3.5.3-i486-1.tgz: Upgraded to kdewebdev-3.5.3.
kde/koffice-1.5.1-i486-1.tgz: Upgraded to koffice-1.5.1.
kdei/kde-i18n-*-3.5.3-noarch-1.tgz: Upgraded to kde-i18n-3.5.3.
kdei/koffice-l10n-*-1.5.1-noarch-1.tgz:
Upgraded to l10n packages for koffice-1.5.1.
l/arts-1.5.3-i486-1.tgz: Upgraded to arts-1.5.3.
l/jre-1_5_0_07-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition
Runtime Environment Version 5.0, Release 7.
n/getmail-4.6.1-noarch-1.tgz: Upgraded to getmail-4.6.1.
n/links-2.1pre22-i486-1.tgz: Upgraded to links-2.1pre22.
xap/mozilla-firefox-1.5.0.4-i686-1.tgz: Upgraded to firefox-1.5.0.4.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
xap/mozilla-thunderbird-1.5.0.4-i686-1.tgz: Upgraded to thunderbird-1.5.0.4.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
xap/seamonkey-1.0.2-i486-1.tgz: Upgraded to seamonkey-1.0.2.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
xap/xlockmore-5.22-i486-1.tgz: Upgraded to xlockmore-5.22.
xap/xscreensaver-5.00-i486-1.tgz: Upgraded to xscreensaver-5.00.
extra/jdk-1.5.0_07/jdk-1_5_0_07-i586-1.tgz: Upgraded to Java(TM) 2
Platform Standard Edition Development Kit Version 5.0, Release 7.
+--------------------------+
Wed May 31 18:37:58 CDT 2006
a/hotplug-2004_09_23-noarch-8.tgz: Patched net.agent to use rc.inet1
to shut down interfaces that use DHCP. Thanks to Lew Pitcher,
Ismael Cortes, and Nuts Mueller, who all suggested possible solutions
for an issue which arose when dhcpcd's .pid file was shifted from
/etc/dhcpc/ to /var/run/.
ap/mdadm-2.5-i486-1.tgz: Upgraded to mdadm-2.5.
d/subversion-1.3.2-i486-1.tgz: Upgraded to subversion-1.3.2.
Added back the HTML book -- thanks to Jan Rafaj for pointing out that
this had gone missing in the last subversion package.
xap/gkrellm-2.2.9-i486-1.tgz: Upgraded to gkrellm-2.2.9.
Suggested by Willy Sudiarto Raharjo.
extra/slackpkg/slackpkg-2.04-noarch-6.tgz: Upgraded to
slackpkg-2.04-noarch-6. Thanks to Piter Punk.
testing/packages/linux-2.6.16.19/alsa-driver-1.0.11_2.6.16.19-i486-1.tgz:
Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.19.
testing/packages/linux-2.6.16.19/kernel-generic-2.6.16.19-i486-1.tgz:
Upgraded to Linux 2.6.16.19 generic kernel.
testing/packages/linux-2.6.16.19/kernel-headers-2.6.16.19-i386-1.tgz:
Upgraded to Linux 2.6.16.19 kernel headers.
testing/packages/linux-2.6.16.19/kernel-modules-2.6.16.19-i486-1.tgz
Upgraded to Linux 2.6.16.19 kernel modules.
Thanks to Nuts Mueller for the rc.modules typo fixes.
testing/packages/linux-2.6.16.19/kernel-source-2.6.16.19-noarch-1.tgz
Upgraded to Linux 2.6.16.19 kernel source.
+--------------------------+
Sat May 27 19:14:31 CDT 2006
a/coreutils-5.96-i486-1.tgz: Upgraded to coreutils-5.96.
l/glib2-2.10.3-i486-1.tgz: Upgraded to glib-2.10.3.
l/gtk+2-2.8.18-i486-1.tgz: Upgraded to gtk+-2.8.18.
l/pango-1.12.3-i486-1.tgz: Upgraded to pango-1.12.3.
n/dnsmasq-2.31-i486-1.tgz: Upgraded to dnsmasq-2.31.
n/cyrus-sasl-2.1.22-i486-1.tgz: Upgraded to cyrus-sasl-2.1.22.
n/openldap-client-2.3.23-i486-1.tgz: Upgraded to openldap-2.3.23.
xap/imagemagick-6.2.7_8-i486-1.tgz: Upgraded to ImageMagick-6.2.7-8.
extra/parted/parted-1.7.1-i486-1.tgz: Upgraded to parted-1.7.1.
+--------------------------+
Mon May 22 21:44:07 CDT 2006
kernels/test26.s/*: Upgraded test26.s kernel to 2.6.16.18.
testing/packages/linux-2.6.16.18/alsa-driver-1.0.11_2.6.16.18-i486-1.tgz:
Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.18.
testing/packages/linux-2.6.16.18/kernel-generic-2.6.16.18-i486-1.tgz:
Upgraded to Linux 2.6.16.18 generic kernel.
testing/packages/linux-2.6.16.18/kernel-headers-2.6.16.18-i386-1.tgz:
Upgraded to Linux 2.6.16.18 kernel headers.
testing/packages/linux-2.6.16.18/kernel-modules-2.6.16.18-i486-1.tgz
Upgraded to Linux 2.6.16.18 kernel modules.
testing/packages/linux-2.6.16.18/kernel-source-2.6.16.18-noarch-1.tgz
Upgraded to Linux 2.6.16.18 kernel source.
+--------------------------+
Mon May 22 11:23:48 CDT 2006
a/bin-11.0-i486-1.tgz: Upgraded to ncompress-4.2.4, eject-2.1.4, file-4.17,
and tree-1.5.0. Removed sharutils, which are now in a separate package.
Patched a security problem in zoo's fullpath() function that was reported by
Jean-Sebastien Guay-Leroux. At first this didn't seem like much as zoo is
old and hardly used, but there are virus scanning programs that scan zoo
archives. It is a possible problem on any system running zoo like this in
an automated way, and (of course) could also cause problems if a user were
to open a malicious zoo archive manually. (though I'd be pretty suspicious
if someone were to mail me anything using "zoo" in 2006...)
(* Security fix *)
a/coreutils-5.95-i486-1.tgz: Upgraded to coreutils-5.95.
a/sharutils-4.6.2-i486-1.tgz: Added new sharutils package,
upgraded to sharutils-4.6.2.
ap/linuxdoc-tools-0.9.21-i486-2.tgz: Added libsgmls-perl_1.03ii.
Upgraded to the latest upstream linuxdoc-tools package.
Moved jadetex out of this package and into the tetex package so that
"mktexlslr" won't need to be run to find jadetex.
Merged some miscellaneous fixes from the armedslack package.
Thanks again to Stuart Winter for help on SGML/Docbook issues. :-)
d/git-1.3.3-i486-1.tgz: Upgraded to git-1.3.3.
kde/amarok-1.4.0-i486-1.tgz: Upgraded to amarok-1.4.0.
l/glib2-2.10.2-i486-1.tgz: Upgraded to glib-2.10.2.
l/pango-1.12.2-i486-1.tgz: Upgraded to pango-1.12.2.
l/sdl-1.2.10-i486-1.tgz: Upgraded to SDL-1.2.10, SDL_image-1.2.5,
SDL_mixer-1.2.7, SDL_net-1.2.6, and SDL_ttf-2.0.8.
l/libxml2-2.6.24-i486-1.tgz: Upgraded to libxml2-2.6.24.
l/libxslt-1.1.16-i486-1.tgz: Upgraded to libxslt-1.1.16.
n/dhcp-3.0.4-i486-1.tgz: Upgraded to dhcp-3.0.4.
n/nfs-utils-1.0.8-i486-1.tgz: Upgraded to nfs-utils-1.0.8.
t/tetex-3.0-i486-2.tgz: Regenerated the etex.fmt files with etex, not pdfetex.
This is more appropriate since etex is a binary, not a link to pdfetex.
Thanks to John Breckenridge for reporting the issue.
Added --disable-a4, and fixed the texconfig for US paper default in the
build script. Thanks to Marc Benstein and Jingmin Zhou for reporting this.
Merged jadetex into the teTeX package.
Moved font build directory (only usable by root anyway) from
/var/tmp/texfonts to /var/lib/texmf.
Improved /tmp use security.
Patched a possible security issue in library code borrowed from xpdf that's
used in pdfetex.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
(* Security fix *)
t/tetex-doc-3.0-i486-2.tgz: Rebuilt.
xap/gxine-0.5.6-i486-1.tgz: Upgraded to gxine-0.5.6.
xap/imagemagick-6.2.7_6-i486-1.tgz: Upgraded to ImageMagick-6.2.7-6.
xap/seamonkey-1.0.1-i486-2.tgz: Added seamonkey-1.0.1, which replaces the old
Mozilla Suite in the XAP series. If Mozilla is not found on the machine, a
mozilla -> seamonkey link will be created to handle applications that might
still try to use "mozilla" to open URLs. Also, if Mozilla is not installed,
then symlinks will be made in /usr/lib/pkgconfig/ from mozilla* ->
seamonkey*. This should allow most sources designed for Mozilla to compile.
extra/parted/parted-1.7.0-i486-1.tgz: Upgraded to parted-1.7.0.
pasture/mozilla-1.7.13-i486-1.tgz: Moved here from XAP series.
This won't remain here long, so grab a copy if you want it...
kernels/test26.s/*: Upgraded test26.s kernel to 2.6.16.17.
testing/packages/linux-2.6.16.17/alsa-driver-1.0.11_2.6.16.17-i486-1.tgz:
Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.17.
testing/packages/linux-2.6.16.17/kernel-generic-2.6.16.17-i486-1.tgz:
Upgraded to Linux 2.6.16.17 generic kernel.
testing/packages/linux-2.6.16.17/kernel-headers-2.6.16.17-i386-1.tgz:
Upgraded to Linux 2.6.16.17 kernel headers.
testing/packages/linux-2.6.16.17/kernel-modules-2.6.16.17-i486-1.tgz
Upgraded to Linux 2.6.16.17 kernel modules.
testing/packages/linux-2.6.16.17/kernel-source-2.6.16.17-noarch-1.tgz
Upgraded to Linux 2.6.16.17 kernel source.
+--------------------------+
Sat May 13 21:00:28 CDT 2006
a/bash-3.1.017-i486-1.tgz: Upgraded to bash-3.1.17.
a/openssl-solibs-0.9.8b-i486-1.tgz: Upgraded to openssl-0.9.8b.
ap/vim-7.0.017-i486-1.tgz: Upgraded to vim-7.0.017.
d/git-1.3.2-i486-1.tgz: Added git-1.3.2.
d/mercurial-0.9-i486-1.tgz: Added mercurial-0.9.
n/openssh-4.3p2-i486-1.tgz: Upgraded to openssh-4.3p2.
n/openssl-0.9.8b-i486-1.tgz: Upgraded to openssl-0.9.8b.
xap/xvim-7.0.017-i486-1.tgz: Upgraded to vim-7.0.017 compiled with
X11 and GTK+ (version 2) support.
kernels/test26.s/*: Upgraded test26.s kernel to 2.6.16.16.
testing/packages/linux-2.6.16.16/alsa-driver-1.0.11_2.6.16.16-i486-1.tgz:
Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.16.
testing/packages/linux-2.6.16.16/kernel-generic-2.6.16.16-i486-1.tgz:
Upgraded to Linux 2.6.16.16 generic kernel.
testing/packages/linux-2.6.16.16/kernel-headers-2.6.16.16-i386-1.tgz:
Upgraded to Linux 2.6.16.16 kernel headers.
testing/packages/linux-2.6.16.16/kernel-modules-2.6.16.16-i486-1.tgz
Upgraded to Linux 2.6.16.16 kernel modules.
Added many missing ISA network card modules (thanks to Marc Rubin).
testing/packages/linux-2.6.16.16/kernel-source-2.6.16.16-noarch-1.tgz
Upgraded to Linux 2.6.16.16 kernel source.
+--------------------------+
Wed May 10 14:23:57 CDT 2006
n/apache-1.3.35-i486-2.tgz: Patched to fix totally broken Include behavior.
Thanks to Francesco Gringoli for reporting this bug.
+--------------------------+
Tue May 9 16:10:33 CDT 2006
ap/cdrdao-1.2.1-i486-1.tgz: Upgraded to cdrdao-1.2.1.
ap/mysql-5.0.21-i486-1.tgz: Upgraded to mysql-5.0.21.
This fixes some security issues, including possible information leakage, and
execution of arbitrary code. Note that the information leakage bugs require
that the attacker have access to an account on the database. Also note that
by default, Slackware's rc.mysqld script does *not* allow access to the
database through the outside network (it uses the --skip-networking option).
If you've enabled network access to MySQL, it is a good idea to filter the
port (3306) to prevent access from unauthorized machines.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1518
(* Security fix *)
l/gmp-4.2.1-i486-1.tgz: Upgraded to gmp-4.2.1.
l/libpng-1.2.10-i486-2.tgz: Run ./configure --prefix=/usr to substitute macros
into libpng12.pc (even though we compile with the custom makefile.)
Thanks to Ian Bennett for the bug report.
l/mpfr-2.2.0p10-i486-1.tgz: Added mpfr-2.2.0p10. This used to be part of GMP
but is now a separate project (www.mpfr.org).
n/apache-1.3.35-i486-1.tgz: Upgraded to apache-1.3.35.
From the official announcement:
Of particular note is that 1.3.35 addresses and fixes 1 potential
security issue: CVE-2005-3352 (cve.mitre.org)
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
(* Security fix *)
Upgraded the bundled mm (Shared Memory Allocation) library to mm-1.4.0.
n/gnupg-1.4.3-i486-1.tgz: Upgraded to gnupg-1.4.3.
n/mod_ssl-2.8.26_1.3.35-i486-1.tgz: Upgraded to mod_ssl-2.8.26-1.3.35.
This is an updated version designed for Apache 1.3.35.
n/php-4.4.2-i486-4.tgz: Recompiled against mm-1.4.0.
Upgraded to Mail-1.1.10 and XML_RPC-1.4.8 PEAR modules.
Added /usr/bin/php-cgi (thanks to AthlonRob).
testing/packages/php-5.1.4/php-5.1.4-i486-1.tgz: Upgraded to php-5.1.4.
Recompiled against mm-1.4.0 (bundled with the new Apache package).
Added /usr/bin/php-cgi (thanks to AthlonRob).
Added mysqli and pdo-mysql extensions (suggested by Janusz Dziemidowicz).
+--------------------------+
Wed May 3 21:48:26 CDT 2006
xap/mozilla-firefox-1.5.0.3-i686-1.tgz: Upgraded to firefox-1.5.0.3.
This upgrade fixes a crash bug that could possibly be used to
execute code as the Firefox user.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
+--------------------------+
Wed May 3 00:01:38 CDT 2006
a/smartmontools-5.36-i486-1.tgz: Upgraded to smartmontools-5.36.
Thanks to Jonathan Woithe for letting me know that newer 2.6.x kernels
need this version to properly support SMART with SATA drives.
l/libpng-1.2.10-i486-1.tgz: Upgraded to libpng-1.2.10.
n/rsync-2.6.8-i486-1.tgz: Upgraded to rsync-2.6.8.
tcl/tcl-8.4.13-i486-1.tgz: Upgraded to tcl-8.4.13.
tcl/tk-8.4.13-i486-1.tgz: Upgraded to tk-8.4.13.
x/x11-6.9.0-i486-4.tgz: Patched with x11r6.9.0-mitri.diff and recompiled.
A typo in the X render extension allows an X client to crash the server
and possibly to execute arbitrary code as the X server user (typically
this is "root".)
The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526
The advisory from X.Org may be found here:
http://lists.freedesktop.org/archives/xorg/2006-May/015136.html
(* Security fix *)
x/x11-devel-6.9.0-i486-4.tgz: Patched and recompiled libXrender.
(* Security fix *)
The rest of these were rebuilt simply to keep the build number consistent.
x/x11-docs-6.9.0-noarch-4.tgz: Rebuilt.
x/x11-docs-html-6.9.0-noarch-4.tgz: Rebuilt.
x/x11-fonts-100dpi-6.9.0-noarch-4.tgz: Rebuilt.
x/x11-fonts-cyrillic-6.9.0-noarch-4.tgz: Rebuilt.
x/x11-fonts-misc-6.9.0-noarch-4.tgz: Rebuilt.
x/x11-fonts-scale-6.9.0-noarch-4.tgz: Rebuilt.
x/x11-xdmx-6.9.0-i486-4.tgz: Rebuilt.
x/x11-xnest-6.9.0-i486-4.tgz: Rebuilt.
x/x11-xvfb-6.9.0-i486-4.tgz: Rebuilt.
+--------------------------+
Sun Apr 30 17:32:22 CDT 2006
a/hotplug-2004_09_23-noarch-7.tgz: Blacklisted the wireless access point
modules (hostap*) as they can interfere with normal usage of the interface.
Thanks to Piter Punk.
ap/espgs-8.15.2-i486-1.tgz: Upgraded to espgs-8.15.2.
l/alsa-driver-1.0.11_2.4.32-i486-2.tgz: Patched a problem with the
via82xx driver. Thanks to user MysticMgcn for entering the bug report,
to Ismael Cortes for getting me a copy of the patch from ALSA's Hg
repository, and to ALSA developer Takashi Iwai for the fix itself.
l/alsa-lib-1.0.11-i486-1.tgz: Moved from /testing.
n/nmap-4.03-i486-1.tgz: Upgraded to nmap-4.03.
n/proftpd-1.3.0-i486-1.tgz: Upgraded to proftpd-1.3.0.
n/tin-1.8.2-i486-1.tgz: Upgraded to tin-1.8.2.
n/wireless-tools-28-i486-1.tgz: Upgraded to wireless_tools.28.
Thanks to Eric Hameleers for the new version of rc.wireless.
xap/mozilla-thunderbird-1.5.0.2-i686-1.tgz: Upgraded to thunderbird-1.5.0.2.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
testing/packages/linux-2.6.16.9/alsa-driver-1.0.11_2.6.16.9-i486-2.tgz:
Patched to fix via82xx driver.
+--------------------------+
Mon Apr 24 14:29:50 CDT 2006
a/hotplug-2004_09_23-noarch-6.tgz: Patched rc.hotplug.
On 2.4 kernels use /sbin/hotplug for hotpluging, but on 2.6 kernels use
/sbin/udevsend (if udev is being used) instead. This should work better
on systems using 2.6 kernels with udev and HAL. Among the people pushing
for this change for a while: Jon Grosshart, Piter Punk, and Eugene Crosser.
Blacklisted hw_random after reports that it causes some systems to crash.
Note that rc.hotplug is now installed as rc.hotplug.new, but upgradepkg
will still replace it for one more package iteration. This will cause
hotplug to be made executable on machines where it currently is not, so
be aware of that.
a/slocate-3.1-i486-1.tgz: Upgraded to slocate-3.1.
This uses a new database format, so you'll have to wait for the cron job or
run "updatedb -c /etc/updatedb.conf" as root. Thanks to Piotr Simon and
Erik Jan Tromp for pointing out that the docs for the previous package were
installed with incorrect permissions.
a/udev-071-i486-1.tgz: Upgraded to udev-071.
Set ttyUSB devices to mode 660 so that users in group tty can use them.
Get rid of the 10-udev.hotplug -> /sbin/udevsend symlink in
/etc/hotplug.d/default. This fixes a race condition with using the hotplug
event handling system now enabled by default in the latest udev.rules.
Another nice effect of this is that udevd no longer runs needlessly on 2.4
systems. WARNING: any existing udev.rules file will be overwritten, so save
your old file if you have custom rules you'd like to merge in).
Based on ideas suggested by Eugene Crosser, Piter Punk, and myself.
In /etc/udev/scripts/make_extra_nodes.sh and floppy-extra-devs.sh, use
${udev_root} instead of hardcoding /dev. Thanks to Andreas Schnaiter.
In /etc/udev/scripts/make_extra_nodes.sh, fixed a bug that caused a bad
cdrom -> pktcdvd/control symlink to be created if the pktcdvd driver was
loaded prior to running the make_extra_nodes.sh script.
Thanks to Kenneth Pettersen for the bug report and fix, and to Giovanni
Quadriglio who also reported the issue.
Finally, thanks to Piter Punk for his continued exploration of udev's
bleeding edge. What's going on there is quite interesting, but there are
still some issues that have led me to decide it's best to take small steps
in that direction. For example, it was nice to be able to populate /dev
before checking the partitions and mounting them read-write, and it seems
that won't be possible any longer. I've had other reports of hardware that
wasn't hotplugged correctly, too (and ran into some myself). Mostly it
seems to be a question of figuring out the proper place in the boot process
to put udev, but there are also a lot of things we're left to figure out
concerning the udev rules. We'll get there, but maybe not in the next
release. This upgrade to udev-071 meets the minimum requirement in the
2.6.16.9 Documentation/Changes file, and has been heavily tested here and
found to work well. udev-090 boot the machine faster, but isn't as
reliable (at least in testing here, with how it's called from our init
scripts), and I've never been in favor of trading reliability for speed.
ap/alsa-utils-1.0.11-i486-1.tgz: Upgraded to alsa-utils-1.0.11.
ap/mysql-5.0.20a-i486-1.tgz: Upgraded to mysql-5.0.20a.
d/guile-1.8.0-i486-1.tgz: Upgraded to guile-1.8.0.
I don't think anything in Slackware depends on guile any more, and that the
only thing that ever did was a solitaire game in GNOME. Since the GNOME
distributions for Slackware are already including their own guile packages,
I'm considering this package for removal. How generally useful is it?
Perhaps something like Ruby in the D series instead would be more useful.
l/alsa-driver-1.0.11_2.4.32-i486-1.tgz: Upgraded to alsa-driver-1.0.11,
compiled for Linux 2.4.32.
l/alsa-lib-1.0.11rc4-i486-1.tgz: Upgraded to alsa-lib-1.0.11rc4.
The reason for 11rc4 rather than 11 is that there was a new subsystem added
(src/pcm_rate_linear.c) in 11rc5, that I suspect causes aRts to break on
at least one system using snd-via82xx and/or snd-ac97-codec -- aRts bails
with a message about a CPU overload. The exact chipset is:
VIA Technologies, Inc. VT8233/A/8235/8237 AC97 Audio Controller (rev 60)
It would seem to me that rc4->rc5 was kind of a risky time in the release
cycle to introduce such a massive change to the codebase. In any case,
I think it's prudent to stick with alsa-lib-1.0.11rc4 as the default
alsa-lib version until this gets sorted out upstream.
l/alsa-oss-1.0.11-i486-1.tgz: Upgraded to alsa-oss-1.0.11.
l/libungif-4.1.4-i486-2.tgz: Fixed libgif.so* symlinks.
Thanks to Wim Speekenbrink.
xap/imagemagick-6.2.7_0-i486-1.tgz: Upgraded to ImageMagick-6.2.7-0.
xap/mozilla-1.7.13-i486-1.tgz: Upgraded to mozilla-1.7.13.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla
This release marks the end-of-life of the Mozilla 1.7.x series:
http://developer.mozilla.org/devnews/index.php/2006/04/12/sunset-announcement-for-fxtb-10x-and-mozilla-suite-17x/
Mozilla Corporation is recommending that users upgrade to Firefox and
Thunderbird, but if you're a fan of the style of the Mozilla Suite, I'd
recommend SeaMonkey myself. There's a good chance that Mozilla will not
ship in the next Slackware release, and SeaMonkey will ship in its place.
I'd been wondering which way to go with that, but getting an official
EOL statement about the Mozilla Suite makes it seem like the switch to
SeaMonkey should happen sooner rather than later.
(* Security fix *)
extra/slacktrack/slacktrack-1.29-i486-1.tgz: Upgraded to slacktrack-1.29-1.
testing/packages/alsa-lib-1.0.11-i486-1.tgz: Added alsa-lib-1.0.11. This is
primarily intended for people to verify the issue with VIA sound, look for
a similar issue with other chipsets as well (seems possible, since the issue
isn't in any VIA specific code in alsa-driver), and report any useful
information found to the upstream developers:
https://bugtrack.alsa-project.org/alsa-bug/
I reported the issue via (ha;) email, but not through the bug track system.
The developer I contacted couldn't reproduce the issue and didn't think it
had anything to do with the rate plugin additions. If other folks test
alsa-lib-1.0.11 and run into this, and have the time to jump through the
hoops needed to report the bug at the URL above, I'd appreciate the help.
At least it would demonstrate that it's not just my machine...
testing/packages/linux-2.6.16.9/alsa-driver-1.0.11_2.6.16.9-i486-1.tgz:
Upgraded to alsa-driver-1.0.11 compiled for Linux 2.6.16.9.
testing/packages/linux-2.6.16.9/kernel-generic-2.6.16.9-i486-1.tgz:
Upgraded to Linux 2.6.16.9 generic kernel.
testing/packages/linux-2.6.16.9/kernel-headers-2.6.16.9-i386-1.tgz:
Upgraded to Linux 2.6.16.9 kernel headers.
testing/packages/linux-2.6.16.9/kernel-modules-2.6.16.9-i486-1.tgz
Upgraded to Linux 2.6.16.9 kernel modules.
testing/packages/linux-2.6.16.9/kernel-source-2.6.16.9-noarch-1.tgz
Upgraded to Linux 2.6.16.9 kernel source.
BTW, I think 2.6.16.x, being the first kernel series in the 2.6 series that
has been promised some long-lived support, will be the 2.6 kernel you'll see
in the next Slackware release. If/when 2.6.17 (or 18, etc.) come out, don't
expect to see me chasing after it immediately. I'm looking for a kernel
that can be counted on for stability -- not the bleeding edge. Of course,
once 2.6.16.x is considered tested enough to leave /testing (and it does
seem close), perhaps a newer kernel might take its place here just for fun.
Oh and yes -- I did see that 2.6.16.10 is out, and I know that the test26.s
kernel wasn't yet updated. Due to the Mozilla situation, I can't delay this
update to be a $SUCKER some more, but you'll see 2.6.16.10 soon. That is,
if there isn't a newer one first...
+--------------------------+
Mon Apr 17 01:22:15 CDT 2006
kde/koffice-1.5.0-i486-1.tgz: Upgraded to koffice-1.5.0.
kdei/koffice-l10n-*.tgz: Upgraded to l10n packages for koffice-1.5.0.
l/gtk+2-2.8.17-i486-1.tgz: Upgraded to gtk+-2.8.17.
l/lcms-1.15-i486-1.tgz: Upgraded to lcms-1.15.
l/libexif-0.6.13-i486-1.tgz: Upgraded to libexif-0.6.13.
l/libidl-0.8.6-i486-1.tgz: Upgraded to libIDL-0.8.6.
l/libglade-2.5.1-i486-1.tgz: Upgraded to libglade-2.5.1.
l/libgsf-1.14.0-i486-1.tgz: Upgraded to libgsf-1.14.0.
This has changed the major library version from .1 to .114...
l/libidn-0.6.3-i486-1.tgz: Upgraded to libidn-0.6.3.
l/librsvg-2.14.3-i486-1.tgz: Upgraded to librsvg-2.14.3.
l/libtiff-3.8.2-i486-1.tgz: Upgraded to libtiff-3.8.2.
l/libungif-4.1.4-i486-1.tgz: Upgraded to libungif-4.1.4.
l/libwpd-0.8.4-i486-2.tgz: Recompiled against libgsf-1.14.0.
l/wv2-0.2.2-i486-2.tgz: Recompiled against libgsf-1.14.0.
Apparently, this needed a recompile anyway (with or without new
dependencies) in order to fix a compiler incompatibility issue
between gcc-3.3.x and gcc-3.4.x that was breaking .doc support
in KWord. Thanks to Marin Mitov and Andrey V. Panov for reporting
this issue.
n/fetchmail-6.3.4-i486-1.tgz: Upgraded to fetchmail-6.3.4.
n/getmail-4.6.0-noarch-1.tgz: Upgraded to getmail-4.6.0.
n/lftp-3.4.4-i486-1.tgz: Upgraded to lftp-3.4.4.
xap/fluxbox-0.9.15.1-i486-1.tgz: Upgraded to fluxbox-0.9.15.1.
xap/gimp-2.2.11-i486-1.tgz: Upgraded to gimp-2.2.11.
xap/mozilla-firefox-1.5.0.2-i686-1.tgz: Upgraded to firefox-1.5.0.2.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
extra/k3b/k3b-0.12.15-i486-1.tgz: Upgraded to k3b-0.12.15.
extra/k3b/k3b-i18n-0.12.15-noarch-1.tgz: Upgraded to k3b-i18n-0.12.15.
testing/packages/seamonkey-1.0.1-i486-1.tgz: Upgraded to seamonkey-1.0.1.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
(* Security fix *)
In other news, I am aware of the expat-2.0 release, but this has a couple of
API changes (and a new major library number) and it will take some time for
upstream sources to patch for it. Therefore, expat-2.0 will not be used for
Slackware 11.0 (but might be included in /testing).
There's also a new gmp-4.2, but the shared libraries that are built by this
have lower numbers than the ones from gmp-4.1.4, so that's probably not going
to make the cut this time around, either.
+--------------------------+
Tue Apr 4 18:06:21 CDT 2006
d/make-3.81-i486-1.tgz: Upgraded to make-3.81. Long live make!
d/subversion-1.3.1-i486-1.tgz: Upgraded to subversion-1.3.1.
xap/xscreensaver-4.24-i486-1.tgz: Upgraded to xscreensaver-4.24.
+--------------------------+
Mon Apr 3 21:18:03 CDT 2006
a/findutils-4.2.27-i486-1.tgz: Upgraded to findutils-4.2.27.
d/python-2.4.3-i486-1.tgz: Upgraded to python-2.4.3.
This now links with Berkeley DB 4.4.x. :-)
d/python-demo-2.4.3-noarch-1.tgz: Upgraded to python-2.4.3 demos.
d/python-tools-2.4.3-noarch-1.tgz: Upgraded to python-2.4.3 tools.
kde/amarok-1.3.9-i486-1.tgz: Added amaroK 1.3.9, a media player for KDE.
kde/kdeaccessibility-3.5.2-i486-1.tgz: Upgraded to kdeaccessibility-3.5.2.
kde/kdeaddons-3.5.2-i486-1.tgz: Upgraded to kdeaddons-3.5.2.
kde/kdeadmin-3.5.2-i486-1.tgz: Upgraded to kdeadmin-3.5.2.
kde/kdeartwork-3.5.2-i486-1.tgz: Upgraded to kdeartwork-3.5.2.
kde/kdebase-3.5.2-i486-1.tgz: Upgraded to kdebase-3.5.2.
kde/kdebindings-3.5.2-i486-1.tgz: Upgraded to kdebindings-3.5.2.
kde/kdeedu-3.5.2-i486-1.tgz: Upgraded to kdeedu-3.5.2.
kde/kdegames-3.5.2-i486-1.tgz: Upgraded to kdegames-3.5.2.
kde/kdegraphics-3.5.2-i486-1.tgz: Upgraded to kdegraphics-3.5.2.
kde/kdelibs-3.5.2-i486-1.tgz: Upgraded to kdelibs-3.5.2.
kde/kdemultimedia-3.5.2-i486-1.tgz: Upgraded to kdemultimedia-3.5.2.
kde/kdenetwork-3.5.2-i486-1.tgz: Upgraded to kdenetwork-3.5.2.
kde/kdepim-3.5.2-i486-1.tgz: Upgraded to kdepim-3.5.2.
kde/kdesdk-3.5.2-i486-1.tgz: Upgraded to kdesdk-3.5.2.
kde/kdetoys-3.5.2-i486-1.tgz: Upgraded to kdetoys-3.5.2.
kde/kdeutils-3.5.2-i486-1.tgz: Upgraded to kdeutils-3.5.2.
kde/kdevelop-3.3.2-i486-1.tgz: Upgraded to kdevelop-3.3.2.
kde/kdewebdev-3.5.2-i486-1.tgz: Upgraded to kdewebdev-3.5.2.
kde/qt-3.3.6-i486-1.tgz: Upgraded to qt-x11-free-3.3.6.
kdei/kde-i18n-*-3.5.2-noarch-1.tgz: Upgraded to kde-i18n-3.5.2.
l/arts-1.5.2-i486-1.tgz: Upgraded to arts-1.5.2.
l/libmusicbrainz-2.1.2-i486-1.tgz: Added libmusicbrainz-2.1.2, a library for
searching a user-maintained community music metadatabase. This is used
to tag media files by libtunepimp.
l/libtunepimp-0.4.2-i486-1.tgz: Added libtunepimp-0.4.2. This is a library
used to support adding metadata tags to music files using the MusicBrainz
client libraries. These libraries are used by several media players to look
up track information. (e.g. in Slackware, JuK and amaroK so far)
n/rp-pppoe-3.8-i486-1.tgz: Upgraded to rp-pppoe-3.8.
xap/abiword-2.2.9-i486-1.tgz: Removed. More recent versions of AbiWord no
longer support compiling without GNOME, and it looks like all of the GNOME
distributions for Slackware are shipping GNOMEified (and newer) versions of
this package anyway.
+--------------------------+
Thu Mar 30 21:24:37 CST 2006
n/rsync-2.6.7-i486-1.tgz: Upgraded to rsync-2.6.7.
n/samba-3.0.22-i486-1.tgz: Upgraded to samba-3.0.22.
This fixes a security issue in previous samba releases where secret machine
credentials may be written into a log file that is readable by anyone with
a login account on the machine. The issue affects only the samba-3.0.21
series (including patches a, b, and c.)
The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1059
(* Security fix *)
+--------------------------+
Sun Mar 26 20:42:28 CST 2006
a/aaa_base-10.2.0-noarch-4.tgz: Chowned all binary directories to root:root.
/media and /svc will not be added at this time, as /mnt (with subdirectory
mount points such as /mnt/cdrom and /mnt/tmp) and /var were already
perfectly adequate for the purposes for which /media and /svc were proposed.
Polluting the root directory is, IMHO, completely pointless. I suppose in
the future that at least compatibility symlinks will need to be considered,
though...
a/bash-3.1.014-i486-1.tgz: Upgraded to bash-3.1 patchlevel 014.
a/jfsutils-1.1.10-i486-1.tgz: Upgraded to jfsutils-1.1.10.
a/module-init-tools-3.2.2-i486-1.tgz: Upgraded to module-init-tools-3.2.2.
This new version of module-init-tools has been patched to look for module
configuration information in /etc/modprobe.conf only for 2.4.x kernels.
For 2.6.x kernels, files found in the directory /etc/modprobe.d/ are used
instead. Eventually, /etc/modprobe.conf will be phased out in favor of
the /etc/modprobe.d/ approach. If you have anything in your
/etc/modprobe.conf that you need, and you are using a 2.6.x kernel, be sure
to copy the configuration to a file (or files) in /etc/modprobe.d/.
Hint: ALSA expects sound modules to be configured in /etc/modprobe.d/sound.
ap/groff-1.19.2-i486-1.tgz: Upgraded to groff-1.19.2.
ap/hpijs-2.1.4-i486-1.tgz: Upgraded to hpijs-2.1.4.
Thanks to Giovanni Venturi for the reminder.
ap/lsof-4.76-i486-1.tgz: Upgraded to lsof-4.76.
ap/most-4.10.2-i486-1.tgz: Upgraded to most-4.10.2.
ap/mysql-5.0.19-i486-1.tgz: Upgraded to mysql-5.0.19.
ap/sox-12.17.9-i486-1.tgz: Upgraded to sox-12.17.9.
ap/vim-6.4.010-i486-1.tgz: Upgraded to VIM 6.4.010.
ap/zsh-4.2.6-i486-1.tgz: Upgraded to zsh-4.2.6.
d/subversion-1.3.0-i486-2.tgz: Fixed broken apr include file permissions.
Thanks to Andreas Schnaiter for pointing this out.
n/curl-7.15.3-i486-1.tgz: Upgraded to curl-7.15.3.
This release fixes a security issue discovered by Ulf Harnhammar.
libcurl uses the given file part of a TFTP URL in a manner that allows a
malicious user to overflow a heap-based memory buffer due to the lack of
boundary check. This overflow happens if you pass in a URL with a TFTP
protocol prefix ("tftp://"), using a valid host and a path part that is
longer than 512 bytes. The affected flaw can be triggered by a redirect,
if curl/libcurl is told to follow redirects and an HTTP server points
the client to a tftp URL with the characteristics described above.
There is no known exploit at the time of this writing.
No stable version of Slackware is affected, as the flaw exists only in
the curl-7.15.x series prior to curl-7.15.3.
The cURL advisory may be found here:
http://curl.haxx.se/docs/adv_20060320.html
The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1061
(* Security fix *)
n/epic4-2.4-i486-1.tgz: Upgraded to epic4-2.4.
n/openldap-client-2.3.20-i486-1.tgz: Upgraded to openldap-2.3.20 client
libraries.
xap/xvim-6.4.010-i486-1.tgz: Upgraded to VIM 6.4.010 (with X support.)
extra/brltty/brltty-3.7.2-i486-1.tgz: Upgraded to brltty-3.7.2.
extra/emacspeak/emacspeak-23.0-i486-1.tgz: Upgraded to emacspeak-23.0.
extra/inn/inn-2.4.3-i486-1.tgz: Upgraded to inn-2.4.3 compiled against
libdb-4.2. Note that this package DOES NOT preserve configuration
files, so back them up first! Also, any database files will need to
be rebuilt due to the move from db-3.3 to db-4.2.
extra/slacktrack/slacktrack-1.28-i486-1.tgz: Upgraded to slacktrack-1.28_1.
+--------------------------+
Wed Mar 22 13:01:23 CST 2006
n/sendmail-8.13.6-i486-1.tgz: Upgraded to sendmail-8.13.6.
This new version of sendmail contains a fix for a security problem
discovered by Mark Dowd of ISS X-Force. From sendmail's advisory:
Sendmail was notified by security researchers at ISS that, under some
specific timing conditions, this vulnerability may permit a specifically
crafted attack to take over the sendmail MTA process, allowing remote
attackers to execute commands and run arbitrary programs on the system
running the MTA, affecting email delivery, or tampering with other
programs and data on this system. Sendmail is not aware of any public
exploit code for this vulnerability. This connection-oriented
vulnerability does not occur in the normal course of sending and
receiving email. It is only triggered when specific conditions are
created through SMTP connection layer commands.
Sendmail's complete advisory may be found here:
http://www.sendmail.com/company/advisory/index.shtml
The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
(* Security fix *)
n/sendmail-cf-8.13.6-noarch-1.tgz: Upgraded to sendmail-8.13.6 configuration
files.
+--------------------------+
Tue Mar 21 11:17:27 CST 2006
x/x11-6.9.0-i486-3.tgz: Fixed /usr/X11R6/bin/Xorg, which due to being not
setuid root could not be used by non-root users. Thanks to the many people
who reported this issue. I tracked it down to a new (or rather, back again)
behavior of "chown", which is removing the suid/sgid bits from any file that
it touches. I remember this same situation from the old days, and it's
why many of the older package builds use a package skeleton and then install
binaries using "cat" -- this prevents the changing of the permissions.
If I recall correctly, "strip" also used to do this. Looking in the kernel
source, I see some mention in fs/open.c about doing this as a safety feature.
IMO, it doesn't seem like the right thing to do, though. If I want chmod,
I'll use it, thank you. However, it looks like the feature was added years
ago, and I have no idea why it has just recently kicked in. I've gone back
and tested on a Slackware 10.2 box, and it's also showing the same effects
with "chown", so it seems to me that this sort of breakage should have
been happening when the x11*-6.9.0-i486-1.tgz packages were built, too,
but Xorg was properly setuid in that package set. I tried dropping back
to the previous coreutils, and this also didn't help. It's a mystery.
Anyway, my first thought was to simply move the "chmod 4711" on Xorg to
after the last "chown" in the build script, but decided that the best way
to handle this is to begin phasing out the use of the "bin" group on
binaries and binary directories. There was never any use to this ever, so
far as I can tell. I think someone working on the FHS just thought that
root:bin looked nicer, or something. ;-) Most distributions install
binaries as root:root now anyway, and the latest standards no longer
require root:bin. Since it doesn't matter, don't expect everything to
change all at once -- don't send bug reports concerning files or
directories that "should be" root:bin or root:root. We will move away
from root:bin to root:root as new packages are built.
I sure hope "strip" doesn't start acting up next...
x/x11-devel-6.9.0-i486-3.tgz: Rebuilt. Really, there was no need to rebuild
this or the below packages, but I like a consistent build number when it's
not too much trouble to have it.
x/x11-docs-6.9.0-noarch-3.tgz: Rebuilt.
x/x11-docs-html-6.9.0-noarch-3.tgz: Rebuilt.
x/x11-fonts-100dpi-6.9.0-noarch-3.tgz: Rebuilt.
x/x11-fonts-cyrillic-6.9.0-noarch-3.tgz: Rebuilt.
x/x11-fonts-misc-6.9.0-noarch-3.tgz: Rebuilt.
x/x11-fonts-scale-6.9.0-noarch-3.tgz: Rebuilt.
x/x11-xdmx-6.9.0-i486-3.tgz: Recompiled.
x/x11-xnest-6.9.0-i486-3.tgz: Recompiled.
x/x11-xvfb-6.9.0-i486-3.tgz: Recompiled.
+--------------------------+
Mon Mar 20 09:29:15 CST 2006
x/x11-6.9.0-i486-2.tgz: Patched with x11r6.9.0-geteuid.diff.
From the x.org security page:
* March 20, 2006 - A security vulnerability has been found in the X.Org
server as shipped with X11R6.9.0 and X11R7.0 (xorg-server 1.0.0 and
1.0.1) -- this is CVE-2006-0745. Local users were able to escalate
privileges to root and cause a DoS if the Xorg server was installed
setuid root (the default). Note that earlier releases are not
vulnerable.
For more information (eventually), see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0745
(* Security fix *)
Since this issue does not affect any stable/released version of Slackware,
there will no security advisory on the mailing list. Those running -current
should keep up with the ChangeLog to stay on top of new developments.
x/x11-devel-6.9.0-i486-2.tgz: Recompiled.
x/x11-docs-6.9.0-noarch-2.tgz: Rebuilt.
x/x11-docs-html-6.9.0-noarch-2.tgz: Rebuilt.
x/x11-fonts-100dpi-6.9.0-noarch-2.tgz: Rebuilt.
x/x11-fonts-cyrillic-6.9.0-noarch-2.tgz: Rebuilt.
x/x11-fonts-misc-6.9.0-noarch-2.tgz: Rebuilt.
x/x11-fonts-scale-6.9.0-noarch-2.tgz: Rebuilt.
x/x11-xdmx-6.9.0-i486-2.tgz: Recompiled.
x/x11-xnest-6.9.0-i486-2.tgz: Recompiled.
x/x11-xvfb-6.9.0-i486-2.tgz: Recompiled.
testing/packages/linux-2.6.15.6/kernel-source-2.6.15.6-noarch-2.tgz:
Removed spurious "asm" symlink in /. Thanks to xgizzmo.
+--------------------------+
Fri Mar 17 16:42:40 CST 2006
l/cairo-1.0.4-i486-1.tgz: Upgraded to cairo-1.0.4.
l/gtk+2-2.8.16-i486-1.tgz: Upgraded to gtk+-2.8.16.
n/dnsmasq-2.27-i486-1.tgz: Upgraded to dnsmasq-2.27.
Oh, and happy St. Patrick's day! :-)
+--------------------------+
Tue Mar 14 18:01:26 CST 2006
n/stunnel-4.15-i486-2.tgz: Fixed messed up /var/lib perms.
Thanks to Adam Dawidowski for the bug report.
+--------------------------+
Mon Mar 13 18:53:57 CST 2006
a/aaa_base-10.2.0-noarch-3.tgz: Added /var/empty directory.
a/gawk-3.1.5-i486-2.tgz: Applied bugfix from the gawk mailing list to fix a
problem with newer glibc versions pulling that "*** free(): invalid pointer"
trick we all love. :-) Thanks to Grant for sending in a link to the fix.
a/glibc-solibs-2.3.6-i486-3.tgz: Recompiled against 2.4.32 and 2.6.15.6
kernel headers. Yes, I have seen that shiny-looking glibc-2.4 release on
ftp.gnu.org, but glibc-2.4 completely drops support for linuxthreads, and
therefore will not support vanilla Linux 2.4.x kernels. I don't think
we're quite ready for that yet around here.
a/glibc-zoneinfo-2.3.6-noarch-3.tgz: Updated timezone data from tzdata2006c.
a/kernel-ide-2.4.32-i486-3.tgz: Recompiled with gcc-3.4.6.
a/kernel-modules-2.4.32-i486-4.tgz: Recompiled with gcc-3.4.6.
Thanks to Piter Punk for all the help revising the default entries in
/etc/rc.d/rc.modules.new to be more accurate for 2.6.x kernels. I've tried
to make it function in the default state under 2.4.x kernels too, though
some of the modules have different names in 2.4 vs. 2.6...
Also thanks to Didier Spaier for suggesting an example for DMA usage in the
section of rc.modules that loads the parallel-port support.
d/gcc-3.4.6-i486-1.tgz: Upgraded to gcc-3.4.6.
d/gcc-g++-3.4.6-i486-1.tgz: Upgraded to gcc-3.4.6.
d/gcc-g77-3.4.6-i486-1.tgz: Upgraded to gcc-3.4.6.
d/gcc-gnat-3.4.6-i486-1.tgz: Upgraded to gcc-3.4.6.
d/gcc-java-3.4.6-i486-1.tgz: Upgraded to gcc-3.4.6.
d/gcc-objc-3.4.6-i486-1.tgz: Upgraded to gcc-3.4.6.
l/alsa-driver-1.0.11rc3_2.4.32-i486-1.tgz: Upgraded to alsa-driver-1.0.11rc3
compiled for Linux 2.4.32. The 2.6.15.6 kernel does not work properly using
the modules in alsa-driver-1.0.10, but works fine with these. Although I'm
normally against using release candidates, I thought in this case that the
version of alsa-driver used by the 2.4 and 2.6 kernels should be the same
since the package does install some header files that would overlap. It's
worked fine on both 2.4.32 and 2.6.15.6 here, and the other alsa-* packages
compile against it without errors (so I don't see a need to update those).
I think this will work, but let me know if this upgrade causes any problems.
l/db44-4.4.20-i486-1.tgz: For consistency, change the name of this package from
db4 to db44, and move the header files into /usr/include/db44/, since that's
the directory where the next version of Python will be looking for them.
Oh, and on that topic, I've had a few people send in or provide links to
patches that fix compiling the latest Python with db-4.4. Thanks, but it's
still a more conservative approach to wait until db-4.4 is officially
supported upstream. BTW, none of the patches were exactly the same. :-)
db-4.3 would also work, but it's probably not worth introducing yet-another
already old version of db over.
Added the --enable-cxx option. (Suggested by Kevin Brammer)
l/glibc-2.3.6-i486-3.tgz: Recompiled against 2.4.32 and 2.6.15.6 kernel
headers. Added /var/run/nscd/ directory (thanks to Dirk van Deun).
Updated timezone data from tzdata2006c.
l/glibc-i18n-2.3.6-noarch-3.tgz: Rebuilt.
l/glibc-profile-2.3.6-i486-3.tgz: Recompiled against 2.4.32 and 2.6.15.6
kernel headers.
l/gtk+2-2.8.14-i486-1.tgz: Upgraded to gtk+2-2.8.14.
n/gnupg-1.4.2.2-i486-1.tgz: Upgraded to gnupg-1.4.2.2.
There have been two security related issues reported recently with GnuPG.
From the GnuPG 1.4.2.1 and 1.4.2.2 NEWS files:
Noteworthy changes in version 1.4.2.2 (2006-03-08)
* Files containing several signed messages are not allowed any
longer as there is no clean way to report the status of such
files back to the caller. To partly revert to the old behaviour
the new option --allow-multisig-verification may be used.
Noteworthy changes in version 1.4.2.1 (2006-02-14)
* Security fix for a verification weakness in gpgv. Some input
could lead to gpgv exiting with 0 even if the detached signature
file did not carry any signature. This is not as fatal as it
might seem because the suggestion as always been not to rely on
th exit code but to parse the --status-fd messages. However it
is likely that gpgv is used in that simplified way and thus we
do this release. Same problem with "gpg --verify" but nobody
should have used this for signature verification without
checking the status codes anyway. Thanks to the taviso from
Gentoo for reporting this problem.
(* Security fix *)
n/popa3d-1.0.1-i486-1.tgz: Upgraded to popa3d-1.0.1.
n/stunnel-4.15-i486-1.tgz: Upgraded to stunnel-4.15.
bootdisks/*: Rebuilt using the recompiled 2.4.32 kernels.
extra/k3b/k3b-0.12.14-i486-1.tgz: Upgraded to k3b-0.12.14.
extra/k3b/k3b-i18n-0.12.14-noarch-1.tgz: Upgraded to k3b-i18n-0.12.14.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.32-i486-3.tgz:
Recompiled with gcc-3.4.6.
extra/linux-wlan-ng/linux-wlan-ng-0.2.3_2.6.15.6-i486-1.tgz:
Recompiled with gcc-3.4.6 for Linux 2.6.15.6.
kernels/*.?/*: Recompiled 2.4.32 kernels with gcc-3.4.6, upgraded
test26.s kernel to 2.6.15.6.
pasture/gnupg-1.2.7-i486-1.tgz: This can rest here for a little while
just in case gnupg-1.4.2.2 causes any problems, but I doubt it will.
I also think gnupg-1.2.7 is still secure when used securely (if that
makes any sense ;-), or I wouldn't even leave it in /pasture...
testing/packages/linux-2.6.15.6/alsa-driver-1.0.11rc3_2.6.15.6-i486-1.tgz
Upgraded to alsa-driver-1.0.11rc3 compiled for Linux 2.6.15.6.
This should fix the "free_hot_cold_page" issue that was occuring with
alsa-driver-1.0.10 and the 2.6.15+ kernels. It fixes it here,
anyway. :-)
testing/packages/linux-2.6.15.6/kernel-generic-2.6.15.6-i486-1.tgz
Upgraded to Linux 2.6.15.6 generic kernel.
testing/packages/linux-2.6.15.6/kernel-headers-2.6.15.6-i386-1.tgz
Upgraded to Linux 2.6.15.6 kernel headers.
testing/packages/linux-2.6.15.6/kernel-modules-2.6.15.6-i486-1.tgz
Upgraded to Linux 2.6.15.6 kernel modules.
testing/packages/linux-2.6.15.6/kernel-source-2.6.15.6-noarch-1.tgz
Upgraded to Linux 2.6.15.6 kernel source.
+--------------------------+
Sat Mar 4 19:54:26 CST 2006
a/xfsprogs-2.7.11-i486-2.tgz: Fixed .gz.gz double compression on
the manpages. Turns out they were already installed compressed.
Thanks to Dave Fullerton.
Fixed /usr/lib/libhandle.so symlink.
Thanks to Luigi Genoni.
ap/dmapi-2.2.3-i486-2.tgz: Fixed /usr/lib/libdm.so symlink.
Thanks to Luigi Genoni.
ap/xfsdump-2.2.33-i486-2.tgz: Recompiled to link with libhandle.
d/python-2.4.2-i486-2.tgz: Recompiled against Berkeley DB 4.2.52
to get _bsddb.so and dbm.so to build. Python finds the db-4.2.52
headers fine in /usr/include/db42/, so I guess that's the right
place for them. :-)
d/python-demo-2.4.2-noarch-2.tgz: Rebuilt.
d/python-tools-2.4.2-noarch-2.tgz: Rebuilt.
l/db42-4.2.52-i486-3.tgz: Added a db-4.2.52 package (called db42)
as a non-default version of Berkeley DB 4.x, since some things
still aren't ready for db-4.4.x, and it's probably best not to
force the issue until the changes needed for db-4.4.x are made
upstream where needed. Oh, I've had a report that subversion-1.3.0
isn't working with db-4.4.x -- can anyone confirm this? I'm not
running any kind of test repository here, so feedback on whether
subversion could use a recompile against db-4.2 would be helpful.
n/proftpd-1.3.0rc4-i486-1.tgz: Upgraded to proftpd-1.3.0rc4.
+--------------------------+
Wed Mar 1 20:25:56 CST 2006
a/coreutils-5.94-i486-2.tgz: Restored ginstall -> install symlinks
which are still needed to build some things. Thanks to Rich.
extra/bash-completion/bash-completion-20060301-noarch-1.tgz:
Upgraded to bash-completion-20060301.
+--------------------------+
Tue Feb 28 20:50:44 CST 2006
a/bash-3.1-i486-3.tgz: Patched with additional official patches
bash31-008 through bash31-011.
a/util-linux-2.12r-i486-1.tgz: Upgraded to util-linux-2.12r.
a/xfsprogs-2.7.11-i486-1.tgz: Upgraded to xfsprogs-2.7.11.
Split acl, attr, dmapi, and xfsdump into separate packages and
moved them into the AP series. This location was a bit of a judgement
call since acl, attr, and dmapi contain libraries, but so do some other
packages outside L. Anyway, it does seem to me that xfsdump should go
in AP, and that these packages should all be found in the same place.
ap/acl-2.2.34-i486-1.tgz: Upgraded to acl-2.2.34, split out of xfsprogs
package.
ap/attr-2.4.28-i486-1.tgz: Upgraded to attr-2.4.28, split out of xfsprogs
package.
ap/dmapi-2.2.3-i486-1.tgz: Upgraded to dmapi-2.2.3, split out of xfsprogs
package.
ap/xfsdump-2.2.33-i486-1.tgz: Upgraded to xfsdump-2.2.33, split out of
xfsprogs package.
d/clisp-2.38-i486-2.tgz: Added some additional modules for CLISP.
Thanks to Bradley Reed for the hint.
f/linux-faqs-20060228-noarch-1.tgz: Updated from ibiblio.org.
f/linux-howtos-20060228-noarch-1.tgz: Upgraded to Linux-HOWTOs-20060228.
l/gtk+2-2.8.13-i486-1.tgz: Upgraded to gtk+-2.8.13.
l/pango-1.10.4-i486-1.tgz: Upgraded to pango-1.10.4.
n/bind-9.3.2-i486-3.tgz: Modified rc.bind to try to use rndc to stop the
nameserver before resorting to killall, and added some additional comments
about loading the "capability" module on 2.6+ kernels.
n/samba-3.0.21c-i486-1.tgz: Upgraded to samba-3.0.21c.
+--------------------------+
Mon Feb 20 14:20:17 CST 2006
ap/dvd+rw-tools-6.1-i486-1.tgz: Upgraded to dvd+rw-tools-6.1.
kdei/kde-i18n-sv-3.5.1-noarch-1a.tgz: Fixed with a rebuild. Thanks to
Nille Kungen for pointing out that the -1 package was missing files.
n/bind-9.3.2-i486-2.tgz: Patched to remove the use of the obsolete setsockopt
SO_BSDCOMPAT that was putting annoying warnings in /var/log/syslog when bind
binaries were run under a 2.6.x kernel. Thanks to Marin Glibic.
Fixed missing nslookup.1 man page. Thanks to Lior Kadosh.
n/tin-1.8.1-i486-1.tgz: Upgraded to tin-1.8.1.
+--------------------------+
Thu Feb 16 14:01:26 CST 2006
OK, I think I have everything that used libreadline.so.4 recompiled
with the exception of AbiWord, as the --disable-gnome option no
longer seems to work with abiword-2.4.2 -- it still demands
libgnomeprint and all of its dependencies. Anyone know a way around
this one? If not, AbiWord will likely be removed soon. It's
included in all of the GNOME distributions for Slackware anyway...
a/bash-3.1-i486-2.tgz: Applied official bash patches 006 and 007.
a/coreutils-5.94-i486-1.tgz: Upgraded to coreutils-5.94.
a/sed-4.1.5-i486-1.tgz: Upgraded to sed-4.1.5.
ap/bc-1.06-i486-3.tgz: Recompiled with new libreadline.
ap/gimp-print-4.2.7-i486-2.tgz: Recompiled with new libreadline.
ap/rzip-2.1-i486-1.tgz: Upgraded to rzip-2.1.
d/guile-1.6.7-i486-2.tgz: Recompiled with new libreadline.
l/gtk+2-2.8.12-i486-1.tgz: Upgraded to gtk+2-2.8.12.
l/pilot-link-0.11.8-i486-3.tgz: Recompiled with new libreadline.
n/ntp-4.2.0a-i486-1.tgz: Upgraded to ntp-stable-4.2.0a-20060127
compiled with new libreadline.
xap/fvwm-2.4.19-i486-5.tgz: Recompiled with new libreadline.
xap/gftp-2.0.18-i486-2.tgz: Recompiled with new libreadline.
xap/gnuchess-5.07-i486-2.tgz: Recompiled with new libreadline.
xap/xine-ui-0.99.4-i686-2.tgz: Recompiled with new libreadline.
extra/parted/parted-1.6.25.1-i486-1.tgz: Upgraded to parted-1.6.25.1,
compiled with new libreadline.
testing/packages/gnupg-1.4.2.1-i486-1.tgz: Upgraded to gnupg-1.4.2.1.
This fixes an issue where gpg could exit with zero in certain cases
where a detached "signature" actually contained no signature.
However, according to the NEWS file "nobody should have used this
for signature verification without checking the status codes" with
--status-fd. Considering that (and especially this package's placement
in the /testing directory) I'm not going to issue an advisory here,
though the NEWS file does admit it is a security weakness.
+--------------------------+
Tue Feb 14 16:08:52 CST 2006
n/php-4.4.2-i486-3.tgz: Fixed some more bugs from the 4.4.2 release...
hopefully the third time is the charm.
Replaced PEAR packages for which the 4.4.2 release contained incorrect
md5sums: Archive_Tar-1.3.1, Console_Getopt-1.2, and HTML_Template_IT-1.1.3.
(this last one was also not upgraded to the stable version that was released
on 2005-11-01) Sorry to have delayed the advisories, but these bugs had to
be fixed first. IMHO, the security issues are of dubious severity anyway,
or a more agressive approach would have been taken (though this would likely
have caused a lot of people to upgrade to the broken -1 or -2 package
revisions, so anyone who didn't know about this until now was probably saved
a hassle.)
Upgraded other PEAR modules to HTTP-1.4.0, Net_SMTP-1.2.8, and XML_RPC-1.4.5.
Thanks again to Krzysztof Oledzki for the bug report.
testing/packages/php-5.1.2/php-5.1.2-i486-2.tgz: The same junk
dotfiles were installed in php-5.1.2, too. Cleaned them out
of the root directory of the package. Thanks to Tyler McGrath
for reporting this.
+--------------------------+
Fri Feb 10 19:07:13 CST 2006
ap/man-1.6c-i486-2.tgz: Reversed man-1.6c change that caused
makewhatis to break. Thanks to Robby Workman for the patch.
n/php-4.4.2-i486-2.tgz: Rebuilt the package to clean up some junk
dotfiles that were installed in the / directory. Harmless, but
sloppy... Thanks to Krzysztof Oledzki for pointing this out.
+--------------------------+
Thu Feb 9 17:24:25 CST 2006
a/aaa_elflibs-10.2.0-i486-4.tgz: Added /lib/libgcc_s.so.1 ->
/usr/lib/libgcc_s.so.1 symlink, needed by Oracle 10g RAC support.
Thanks to Luigi Genoni.
Upgraded various other libraries.
a/bash-3.1-i486-1.tgz: Upgraded to bash-3.1.
a/coreutils-5.93-i486-1.tgz: Upgraded to coreutils-5.93.
The DEFAULT_POSIX2_VERSION=199209 is set to provide more
traditional behavior (thanks to Eric Hameleers), but this may change
in the future as the newer standards are accepted. Added
the uname patch (suggested by many), and moved color ls setup
out of /etc/profile and /etc/csh.login and into scripts in
/etc/profile.d/. These scripts also replace some functionality
(setting up aliases and defaults) that is no longer part of the
dircolors tool.
a/cups-1.1.23-i486-2.tgz: Recompiled against new OpenSSL.
a/cxxlibs-6.0.3-i486-1.tgz: Upgraded to libstdc++ from gcc-3.4.5.
a/etc-5.1-noarch-11.tgz: Removed color ls setup from /etc/profile
and /etc/csh.login. Fixed csh.login in cases where $TERM or $MANPATH
are not set. (thanks to Jim Diamond)
a/gettext-0.14.5-i486-1.tgz: Upgraded to gettext-0.14.5.
a/glibc-solibs-2.3.6-i486-2.tgz: Recompiled with gcc-3.4.5
against the 2.4.32 and 2.6.15.3 kernel headers.
a/glibc-zoneinfo-2.3.6-noarch-2.tgz: Recompiled.
a/gpm-1.20.1-i486-1.tgz: Upgraded to gpm-1.20.1, with many, many patches.
a/openssl-solibs-0.9.8a-i486-1.tgz: Upgraded to openssl-0.9.8a.
This may require many things to be recompiled. Let me know if I
skipped anything that matters. :-)
a/pkgtools-10.2.0-i486-6.tgz: Upgraded subset of terminfo database from
ncurses-5.5. Upgraded to dialog-1.0-20060126.
a/procps-3.2.6-i486-1.tgz: Upgraded to procps-3.2.6.
a/tcsh-6.14.00-i486-2.tgz: Patched to remove built-in color ls, as the new
coreutils adds an 'su' feature to the shared $LS_COLORS variable that
causes tcsh to exit. Perhaps tcsh should use a different variable name or
be less strict about using LS_COLORS? The GNU ls version is probably
better for most purposes anyway, though.
ap/espgs-8.15.1-i486-1.tgz: Upgraded to espgs-8.15.1.
ap/linuxdoc-tools-0.9.21-i486-1.tgz: Added linuxdoc-tools-0.9.21.
This package replaces the sgml-tools package and should contain the
essentials needed to handle modern Linux Docbook/SGML documents. Huge
thanks are due to Stuart Winter for doing most of the work on transitioning
Slackware from the old sgml-tools system to this one! :-)
ap/man-1.6c-i486-1.tgz: Upgraded to man-1.6c.
ap/man-pages-2.22-noarch-1.tgz: Upgraded to man-pages-2.22.
ap/mdadm-2.3.1-i486-1.tgz: Upgraded to mdadm-2.3.1.
ap/mysql-5.0.18-i486-1.tgz: Upgraded to mysql-5.0.18.
(this will require everything linked to MySQL libs to be recompiled)
ap/sgml-tools-1.0.9-i486-12.tgz: Removed. (replaced with linuxdoc-tools)
ap/sudo-1.6.8p12-i486-1.tgz: Upgraded to sudo-1.6.8p12.
This fixes an issue where a user able to run a Python script through sudo
may be able to gain root access.
IMHO, running any kind of scripting language from sudo is still not safe...
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0151
(* Security fix *)
ap/vorbis-tools-1.1.1-i486-2.tgz: Recompiled.
d/automake-1.9.6-noarch-1.tgz: Upgraded to automake-1.9.6.
d/bison-2.1-i486-1.tgz: Upgraded to bison-2.1.
I think enough of the upstream sources are expecting bison-2.x now, but let
me know if you find breakage (for which patches or pointers to upgrades
would be welcome.)
d/clisp-2.38-i486-1.tgz: Upgraded to clisp-2.38.
d/doxygen-1.4.6-i486-1.tgz: Upgraded to doxygen-1.4.6.
d/gdb-6.4-i486-1.tgz: Upgraded to gdb-6.4.
d/gettext-tools-0.14.5-i486-1.tgz: Upgraded to gettext-0.14.5 tools.
d/m4-1.4.4-i486-1.tgz: Upgraded to m4-1.4.4.
d/make-3.80-i486-2.tgz: Fixed an out-of-memory bug in make, since
nobody upstream seems concerned about putting out a fixed make
release any time soon. Is "make" dead? ;-)
Reported here by: Mihnea-Costin Grigore, penguinista, and ePAc.
d/nasm-0.98.39-i486-1.tgz: Upgraded to nasm-0.98.39.
d/perl-5.8.8-i486-1.tgz: Upgraded to perl-5.8.8 and DBI-1.50.
d/pkgconfig-0.20-i486-1.tgz: Upgraded to pkgconfig-0.20.
d/python-2.4.2-i486-1.tgz: Upgraded to python-2.4.2.
The bsddb module didn't build against the new 4.4.x version of
Berkeley DB. Does anyone care? Or perhaps have a patch? :-)
d/python-demo-2.4.2-noarch-1.tgz: Upgraded to python-2.4.2 demos.
d/python-tools-2.4.2-noarch-1.tgz: Upgraded to python-2.4.2 tools.
d/strace-4.5.14-i486-1.tgz: Upgraded to strace-4.5.14.
kde/k*.tgz: Upgraded to KDE 3.5.1.
kde/koffice-1.4.2-i486-1.tgz: Upgraded to koffice-1.4.2.
kde/qt-3.3.5-i486-1.tgz: Upgraded to qt-3.3.5.
l/arts-1.5.1-i486-1.tgz: Upgraded to arts-1.5.1.
l/aspell-0.60.2-i486-2.tgz: Recompiled.
l/atk-1.10.3-i486-1.tgz: Upgraded to atk-1.10.3.
l/cairo-1.0.2-i486-1.tgz: Added cairo graphics library for GTK+2.
l/db4-4.4.20-i486-1.tgz: Upgraded to Berkeley DB 4.4.20. This will
require rebuilding any databases that use the older spec as things
are recompiled to use this, and I'm planning to do that whereever
possible. Just be glad I don't do this with every new BDB release
like I used to. :-)
l/glib2-2.8.6-i486-1.tgz: Upgraded to glib-2.8.6.
l/glibc-2.3.6-i486-2.tgz: Recompiled with gcc-3.4.5
against the 2.4.32 and 2.6.15.3 kernel headers.
l/glibc-i18n-2.3.6-noarch-2.tgz: Rebuilt.
l/glibc-profile-2.3.6-i486-2.tgz: Recompiled with gcc-3.4.5
against the 2.4.32 and 2.6.15.3 kernel headers.
l/gmp-4.1.4-i486-3.tgz: Recompiled.
l/gtk+2-2.8.11-i486-1.tgz: Upgraded to gtk+-2.8.11.
l/jre-1_5_0_06-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition
Runtime Environment Version 5.0, Release 6.
l/libogg-1.1.3-i486-1.tgz: Upgraded to libogg-1.1.3.
l/libtiff-3.7.4-i486-1.tgz: Upgraded to libtiff-3.7.4.
l/libvorbis-1.1.2-i486-1.tgz: Upgraded to libvorbis-1.1.2.
l/libwpd-0.8.4-i486-1.tgz: Upgraded to libwpd-0.8.4.
l/libxml2-2.6.23-i486-1.tgz: Upgraded to libxml2-2.6.23.
l/ncurses-5.5-i486-1.tgz: Upgraded to ncurses-5.5.
l/pango-1.10.3-i486-1.tgz: Upgraded to pango-1.10.3.
l/pcre-6.4-i486-2.tgz: Recompiled.
l/readline-5.1-i486-1.tgz: Upgraded to readline-5.1.
l/sdl-1.2.9-i486-2.tgz: Recompiled.
l/taglib-1.4-i486-2.tgz: Recompiled.
n/apache-1.3.34-i486-2.tgz: Recompiled against db-4.4.
Support for db-3.3 removed.
n/bind-9.3.2-i486-1.tgz: Upgraded to bind-9.3.2.
n/bitchx-1.1-i486-3.tgz: Recompiled.
n/curl-7.15.1-i486-1.tgz: Upgraded to curl-7.15.1.
n/dhcpcd-2.0.1-i486-1.tgz: Upgraded to dhcpcd-2.0.1.
n/dnsmasq-2.26-i486-1.tgz: Upgraded to dnsmasq-2.26.
n/epic4-2.2-i486-1.tgz: Upgraded to epic4-2.2.
n/fetchmail-6.3.2-i486-1.tgz: Upgraded to fetchmail-6.3.2.
Presumably this replaces all the known security problems with
a batch of new unknown ones. (fetchmail is improving, really ;-)
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321
(* Security fix *)
n/getmail-4.4.4-noarch-1.tgz: Upgraded to getmail-4.4.4.
n/imapd-4.64-i486-2.tgz: Recompiled against OpenLDAP client libs.
n/iproute2-2.6.15_060110-i486-1.tgz: Upgraded to iproute2-2.6.15-060110.
n/iptables-1.3.5-i486-1.tgz: Upgraded to iptables-1.3.5.
n/irssi-0.8.10a-i486-1.tgz: Upgraded to irssi-0.8.10a.
n/lftp-3.4.0-i486-1.tgz: Upgraded to lftp-3.4.0.
n/links-2.1pre20-i486-1.tgz: Upgraded to links-2.1pre20.
n/lynx-2.8.5rel.5-i486-2.tgz: Recompiled.
n/mod_ssl-2.8.25_1.3.34-i486-2.tgz: Recompiled against new OpenSSL.
n/mutt-1.4.2.1i-i486-2.tgz: Recompiled against new OpenSSL.
n/nail-11.25-i486-1.tgz: Upgraded to nail-11.25.
n/nmap-4.00-i486-1.tgz: Upgraded to nmap-4.00.
n/openldap-client-2.3.17-i486-1.tgz: Added client libraries and
binaries for LDAP authentication. (Thanks to Eric Hameleers for
help with the ./configure options).
n/openssh-4.3p1-i486-1.tgz: Upgraded to openssh-4.3p1.
This fixes a security issue when using scp to copy files that could
cause commands embedded in filenames to be executed.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225
(* Security fix *)
n/openssl-0.9.8a-i486-1.tgz: Upgraded to openssl-0.9.8a.
n/php-4.4.2-i486-1.tgz: Upgraded to php-4.4.2.
Compiled against db-4.4.
Support for db-3.3 removed.
Claims to fix "a few small security issues".
For more information, see:
http://www.php.net/release_4_4_2.php
(* Security fix *)
n/pidentd-3.0.19-i486-1.tgz: Upgraded to pidentd-3.0.19.
n/pine-4.64-i486-2.tgz: Recompiled.
n/procmail-3.22-i486-1.tgz: Upgraded to procmail-3.22.
n/proftpd-1.3.0rc3-i486-1.tgz: Upgraded to proftpd-1.3.0rc3. Generally I
don't like to use release candidates (especially with network services),
but this one was needed in order to work with the new OpenSSL.
n/rp-pppoe-3.7-i486-1.tgz: Upgraded to rp-pppoe-3.7.
n/samba-3.0.21b-i486-1.tgz: Upgraded to samba-3.0.21b linked with OpenLDAP.
n/sendmail-8.13.5-i486-1.tgz: Upgraded to sendmail-8.13.5.
This has been relinked with db-4.4.20, so any databases in /etc/mail will
have to be rebuilt. ( cd /etc/mail ; rm *.db ; make )
n/sendmail-cf-8.13.5-noarch-1.tgz: Upgraded to sendmail-8.13.5 config files.
n/slrn-0.9.8.1-i486-2.tgz: Recompiled.
n/stunnel-4.14-i486-1.tgz: Upgraded to stunnel-4.14.
n/tcpdump-3.9.4-i486-2.tgz: Recompiled.
n/tcpip-0.17-i486-36.tgz: Upgraded to vlan.1.9 and tftp-hpa-0.41.
Applied Debian's net-tools patch at Cesare Tensi's urging. :-)
n/vsftpd-2.0.4-i486-1.tgz: Upgraded to vsftpd-2.0.4.
n/wget-1.10.2-i486-2.tgz: Recompiled.
n/whois-4.7.11-i486-1.tgz: Upgraded to whois-4.7.11.
n/ytalk-3.3.0-i486-1.tgz: Upgraded to ytalk-3.3.0.
xap/fluxbox-0.9.14-i486-1.tgz: Upgraded to fluxbox-0.9.14.
xap/gaim-1.5.0-i486-2.tgz: Recompiled.
xap/gimp-2.2.10-i486-1.tgz: Upgraded to gimp-2.2.10.
xap/gxine-0.5.4-i486-1.tgz: Upgraded to gxine-0.5.4.
Thanks to Peter Santoro for the heads-up on the Javascript engine issue.
xap/imagemagick-6.2.6_1-i486-1.tgz: Upgraded to imagemagick-6.2.6-1.
This has a new major library version number and will require anything
linked with the ImageMagick shared libraries to be recompiled.
Several security issues are fixed in this release.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0082
(* Security fix *)
xap/mozilla-1.7.12-i486-2.tgz: Linked libmozjs.so into /usr/lib since gxine
needs to be able to find it.
xap/mozilla-firefox-1.5.0.1-i686-1.tgz: Upgraded to firefox-1.5.0.1.
This fixes a DoS issue and some other security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.1
(* Security fix *)
xap/pan-0.14.2.91-i486-2.tgz: Recompiled, fixed pan.desktop and moved it
into the standard .desktop directory.
xap/sane-1.0.17-i486-1.tgz: Upgraded to sane-backends-1.0.17 and
sane-frontends-1.0.14.
xap/xpdf-3.01-i486-3.tgz: Recompiled with xpdf-3.01pl2.patch to fix
possible security bugs with malformed PDF files.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0301
(* Security fix *)
xap/xchat-2.6.1-i486-1.tgz: Upgraded to xchat-2.6.1.
xap/xfce-4.2.3.2-i486-1.tgz: Upgraded to xfce-4.2.3.2.
xap/xine-lib-1.1.1-i686-1.tgz: Upgraded to xine-lib-1.1.1.
xap/xscreensaver-4.23-i486-1.tgz: Upgraded to xscreensaver-4.23.
extra/bittornado/bittornado-0.3.14-noarch-1.tgz: Upgraded to
BitTornado-0.3.14.
extra/bittorrent/bittorrent-4.4.0-noarch-1.tgz: Upgraded to
BitTorrent-4.4.0. Thanks to Erik Jan Tromp for the doinst.sh
to automatically edit /etc/mailcap!
extra/jdk-1.5.0_06/jdk-1_5_0_06-i586-1.tgz: Upgraded to Java(TM) 2
Platform Standard Edition Development Kit Version 5.0, Release 6.
extra/k3b/k3b-0.12.10-i486-1.tgz: Upgraded to k3b-0.12.10.
Thanks to Robby Workman for noticing that CXXFLAGS needed to be set.
extra/k3b/k3b-i18n-0.12.10-noarch-1.tgz: Upgraded to k3b-i18n-0.12.10.
extra/linux-wlan-ng/linux-wlan-ng-0.2.3_2.6.15.3-i486-1.tgz:
Recompiled for Linux 2.6.15.3.
kernels/test26.s/*: Upgraded to full-featured Linux 2.6.15.3 kernel.
pasture/lprng-3.8.28-i486-2.tgz: Recompiled against new OpenSSL.
testing/packages/php-5.1.2/php-5.1.2-i486-1.tgz: Upgraded to php-5.1.2.
testing/packages/linux-2.6.15.3/alsa-driver-1.0.10_2.6.15.3-i486-1.tgz:
Recompiled ALSA modules for Linux 2.6.15.3.
testing/packages/linux-2.6.15.3/kernel-generic-2.6.15.3-i486-1.tgz:
Upgraded to Linux 2.6.15.3 generic kernel.
testing/packages/linux-2.6.15.3/kernel-headers-2.6.15.3-i386-1.tgz:
Upgraded to Linux 2.6.15.3 kernel headers.
testing/packages/linux-2.6.15.3/kernel-modules-2.6.15.3-i486-1.tgz:
Upgraded to Linux 2.6.15.3 kernel modules.
testing/packages/linux-2.6.15.3/kernel-source-2.6.15.3-noarch-1.tgz:
Upgraded to Linux 2.6.15.3 kernel source.
testing/packages/seamonkey-1.0-i486-1.tgz: Added seamonkey-1.0, which
will probably be replacing mozilla-1.7.12 in slackware/xap/ soon unless
doing so ends up breaking too many things. Hopefully it won't -- please
help test it.
# Old bison packages from slackware/d and /extra moved to /pasture.
# A few sources may still require these unless/until they are updated.
pasture/bison-1.35-i386-1.tgz: Moved to /pasture.
pasture/bison-1.875d-i486-1.tgz: Moved to /pasture.
# We'll see if we can get away with a mass removal of old Berkeley DB
# cruft. Yes, I know this will be painful, but it's not my fault that
# BDB does not stay compatible with itself. This mess had to be cleaned
# up sometime, and in preparation for a .0 release seems as good as any.
pasture/db3-3.3.11-i486-4.tgz: Moved to /pasture.
pasture/db31-3.1.17-i486-1.tgz: Moved to /pasture.
pasture/db4-4.1.25-i386-1.tgz: Moved to /pasture.
pasture/db4-4.2.52-i486-2.tgz: Moved to /pasture.
+--------------------------+
Sat Jan 14 13:41:26 CST 2006
a/kernel-ide-2.4.32-i486-2.tgz: Recompiled with gcc-3.4.5.
Apparently the nVidia driver demands that the kernel be compiled with the
same compiler that will be used to compile the kernel module wrapper for the
binary nVidia driver (though my guess is that if this restriction were not
coded into their installer that it would work fine), so I've recompiled all
the 2.4.32 kernels and modules using the new compiler.
a/kernel-modules-2.4.32-i486-3.tgz: Recompiled with gcc-3.4.5.
l/alsa-driver-1.0.10_2.4.32-i486-2.tgz: Recompiled with gcc-3.4.5.
x/x11-docs-html-6.9.0-noarch-1.tgz: Upgraded to X11R6.9.0.
For those who may not be aware, this is is the exact same code base as
X11R7.0.0, but is packaged as the traditional single source archive using
the imake build system. Also, note that this still rightly (IMHO) contains
freetype-2.1.9. The newer release of freetype (2.1.10) removed some functions
that various applications use -- I'm hoping that these will be restored.
Finally, the kernel interface for direct rendering (DRI) seems to have changed,
and direct rendering with X11R6.9.0 only works on my machines with a 2.6
kernel. I spent several days trying to produce working DRM kernel modules
for Linux 2.4.32, but to no avail, so if you're still using a 2.4 kernel
you'll want to edit your xorg.conf so that the dri module is not loaded
or you'll likely corrupt your display requiring a reboot. I've tested this
only with ATI cards and the open source drivers. Perhaps the binary drivers
from ATI or nVidia would work.
x/x11-fonts-scale-6.9.0-noarch-1.tgz: Upgraded to X11R6.9.0.
x/x11-devel-6.9.0-i486-1.tgz: Upgraded to X11R6.9.0.
x/x11-fonts-100dpi-6.9.0-noarch-1.tgz: Upgraded to X11R6.9.0.
x/x11-xnest-6.9.0-i486-1.tgz: Upgraded to X11R6.9.0.
x/x11-xdmx-6.9.0-i486-1.tgz: Upgraded to X11R6.9.0.
x/x11-fonts-misc-6.9.0-noarch-1.tgz: Upgraded to X11R6.9.0.
x/x11-6.9.0-i486-1.tgz: Upgraded to X11R6.9.0.
x/x11-docs-6.9.0-noarch-1.tgz: Upgraded to X11R6.9.0.
x/x11-fonts-cyrillic-6.9.0-noarch-1.tgz: Upgraded to X11R6.9.0.
x/x11-xvfb-6.9.0-i486-1.tgz: Upgraded to X11R6.9.0.
xap/mozilla-thunderbird-1.5-i686-1.tgz: Upgraded to thunderbird-1.5.
bootdisks/*: Rebuilt using the recompiled 2.4.32 kernels.
extra/linux-wlan-ng/linux-wlan-ng-0.2.3_2.6.14.6-i486-1.tgz:
Recompiled for Linux 2.6.14.6.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.32-i486-2.tgz:
Recompiled with gcc-3.4.5.
kernels/*.?/*: Recompiled 2.4.32 kernels with gcc-3.4.5, upgraded
test26.s kernel to 2.6.14.6.
testing/packages/linux-2.6.14.6/alsa-driver-1.0.10_2.6.14.6-i486-2.tgz:
Recompiled for Linux 2.6.14.6.
testing/packages/linux-2.6.14.6/kernel-generic-2.6.14.6-i486-1.tgz:
Upgraded to Linux 2.6.14.6.
testing/packages/linux-2.6.14.6/kernel-headers-2.6.14.6-i386-1.tgz:
Upgraded to Linux 2.6.14.6 kernel headers.
testing/packages/linux-2.6.14.6/kernel-modules-2.6.14.6-i486-1.tgz:
Upgraded to Linux 2.6.14.6 kernel modules.
testing/packages/linux-2.6.14.6/kernel-source-2.6.14.6-noarch-1.tgz:
Upgraded to Linux 2.6.14.6 kernel source.
+--------------------------+
Thu Dec 15 14:37:27 CST 2005
d/gcc-3.4.5-i486-1.tgz: Upgraded to gcc-3.4.5.
d/gcc-g++-3.4.5-i486-1.tgz: Upgraded to gcc-3.4.5.
d/gcc-g77-3.4.5-i486-1.tgz: Upgraded to gcc-3.4.5.
d/gcc-gnat-3.4.5-i486-1.tgz: Upgraded to gcc-3.4.5.
d/gcc-java-3.4.5-i486-1.tgz: Upgraded to gcc-3.4.5.
d/gcc-objc-3.4.5-i486-1.tgz: Upgraded to gcc-3.4.5.
+--------------------------+
Tue Dec 13 14:01:37 CST 2005
a/kernel-modules-2.4.32-i486-2.tgz: That's what I meant to say below,
not "l/alsa-driver-1.0.10_2.4.32-i486-1.tgz". I'd been looking at the
alsa-driver package to see if it had the same issue (it doesn't), and
then listed the wrong package in the ChangeLog. Sorry about that.
Oh, and there was really nothing wrong with the modules in the
kernel-modules-2.4.32-i486-1 package that a 'depmod -a' wouldn't fix.
That's the only change that went into the package -- the modules are
the same. Thanks to Victor Keranov for pointing out my mistake.
+--------------------------+
Mon Dec 12 14:33:24 CST 2005
l/alsa-driver-1.0.10_2.4.32-i486-1.tgz: Regenerated 'depmod -a' files,
as these were referring to uncompressed modules rather than compressed
ones. Thanks to Malcolm Rowe for pointing this out.
+--------------------------+
Sat Dec 10 23:28:42 CST 2005
It's a girl! :-)
I know a lot of you have been wondering what's going on here, and the news
is that my wife Andrea delivered our first child, a daughter Briah Cecilia
(briah at slackware dot com :-) on 2005-11-22, and that event (and the weeks
that led up to it) has had to take priority over the usual tasks of
download/compile/test/package/upload. But, things should be getting back to
normal here (more or less) over the next couple of weeks, particularly after
the holiday season has come and gone. As you might expect, there are a lot of
friends and relatives who want to see her. :-)
Thanks for your patience, and we now return you to your regularly scheduled
ChangeLog...
a/bash-3.0-i486-4.tgz: Fixed an obscure bug where suspending the first process
started in a new shell would cause it to hang.
Thanks to Grant Coady for discovering and fixing this bug.
a/bzip2-1.0.3-i486-2.tgz: Patched a minor bug in the libbz2 shared library
Makefile to enable support for large files. Thanks to Timothy C. McGrath
and Manuel Jose Blanca Molinos both of whom pointed out this problem and
provided fixes.
a/glibc-solibs-2.3.6-i486-1.tgz: Upgraded to glibc-2.3.6 shared libraries.
a/glibc-zoneinfo-2.3.6-noarch-1.tgz: Upgraded to glibc-2.3.6 timezone info.
a/kernel-ide-2.4.32-i486-1.tgz: Upgraded to Linux 2.4.32 bare.i kernel.
a/kernel-modules-2.4.32-i486-1.tgz: Upgraded to Linux 2.4.32 kernel modules.
ap/alsa-utils-1.0.10-i486-1.tgz: Upgraded to alsa-utils-1.0.10.
In /etc/rc.d/rc.alsa, load snd-seq-oss. (Thanks to Tomas Matejicek)
d/gcc-3.4.4-i486-2.tgz: Upgraded to gcc-3.4.4. gcc-4.x isn't ready yet as
a prime time compiler yet, IMHO -- still too many things it can't compile,
internal compiler errors, and the like. How much of that is the compiler
and how much is source needing to be updated is a matter for debate,
though. Also, the -mcpu=i686 option used in Slackware to optimize
binaries for i686 or Athlon platforms has changed to -mtune=i686 with the
gcc-3.4.x compiler series. I'll be updating the SlackBuilds over time as
the packages are upgraded.
d/gcc-g++-3.4.4-i486-2.tgz: Upgraded to gcc-3.4.4.
d/gcc-g77-3.4.4-i486-2.tgz: Upgraded to gcc-3.4.4.
d/gcc-gnat-3.4.4-i486-2.tgz: Upgraded to gcc-3.4.4.
d/gcc-java-3.4.4-i486-2.tgz: Upgraded to gcc-3.4.4.
d/gcc-objc-3.4.4-i486-2.tgz: Upgraded to gcc-3.4.4.
d/kernel-headers-2.4.32-i386-1.tgz: Upgraded to Linux 2.4.32 kernel headers.
k/kernel-source-2.4.32-noarch-1.tgz: Upgraded to Linux 2.4.32 kernel source.
l/alsa-driver-1.0.10_2.4.32-i486-1.tgz: Upgraded to alsa-driver-1.0.10 for
Linux 2.4.32.
l/alsa-lib-1.0.10-i486-1.tgz: Upgraded to alsa-lib-1.0.10.
l/alsa-oss-1.0.10-i486-1.tgz: Upgraded to alsa-oss-1.0.10.
l/glibc-2.3.6-i486-1.tgz: Upgraded to glibc-2.3.6.
l/glibc-i18n-2.3.6-noarch-1.tgz: Upgraded to glibc-2.3.6 i18n files.
Added files in /usr/share/locale that hadn't previously been included in
this package (thanks to Lasse Collin).
l/glibc-profile-2.3.6-i486-1.tgz: Upgraded to glibc-2.3.6.
n/dnsmasq-2.24-i486-1.tgz: Upgraded to dnsmasq-2.24. Thanks to Simon Kelley
(and one of his anonymous testers) for helping to update the SlackBuild.
n/php-4.4.1-i486-2.tgz: Recompiled with a patch from PHP CVS that fixes issues
with SquirrelMail and possibly other PHP applications. I'd hoped there would
be a new PHP out quickly to address this but since there isn't I'm making an
exception to the usual policy here on merging patches from CVS as a fair
number of users seem to be affected by this issue. Let me know if this
doesn't help or if any undesired side effects are noticed.
This problem was first reported here by Gerardo Exequiel Pozzi, but was
later reported by too many people to list. Thanks, everyone! :-)
xap/mozilla-firefox-1.5-i686-1.tgz: Upgraded to firefox-1.5.
bootdisks/*: Upgraded to Linux 2.4.32.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.32-i486-1.tgz:
Upgraded to linux-wlan-ng-0.2.1pre25 (for Linux 2.4.32).
extra/linux-wlan-ng/linux-wlan-ng-0.2.3_2.6.14.3-i486-1.tgz
Upgraded to linux-wlan-ng-0.2.3 (for Linux 2.6.14.3).
isolinux/initrd.img: Upgraded USB/IEEE1394 modules to Linux 2.4.32.
isolinux/network.dsk: Upgraded network modules to Linux 2.4.32.
isolinux/pcmcia.dsk: Upgraded pcmcia modules to Linux 2.4.32.
kernels/*: Upgraded to Linux 2.4.32 (and test.s to 2.6.14.3).
rootdisks/install.1: Upgraded USB/IEEE1394 modules to Linux 2.4.32.
rootdisks/install.2: Upgraded USB/IEEE1394 modules to Linux 2.4.32.
rootdisks/install.zip: Upgraded USB/IEEE1394 modules to Linux 2.4.32.
rootdisks/network.dsk: Upgraded network modules to Linux 2.4.32.
rootdisks/pcmcia.dsk: Upgraded pcmcia modules to Linux 2.4.32.
testing/packages/linux-2.6.14.3/alsa-driver-1.0.10_2.6.14.3-i486-1.tgz:
Upgraded to alsa-driver-1.0.10 for Linux 2.6.14.3.
testing/packages/linux-2.6.14.3/kernel-generic-2.6.14.3-i486-1.tgz:
Upgraded to Linux 2.6.14.3 (generic kernel).
testing/packages/linux-2.6.14.3/kernel-headers-2.6.14.3-i386-1.tgz:
Upgraded to kernel headers from Linux 2.6.14.3 (see the README
file in testing/packages/linux-2.6.14.3/ for information about
why you probably *don't* want to use these headers...)
testing/packages/linux-2.6.14.3/kernel-modules-2.6.14.3-i486-1.tgz:
Upgraded to kernel modules for Linux 2.6.14.3.
testing/packages/linux-2.6.14.3/kernel-source-2.6.14.3-noarch-1.tgz:
Upgraded to Linux 2.6.14.3 kernel source.
testing/packages/php-5.1.1/php-5.1.1-i486-1.tgz: Upgraded to php-5.1.1.
This no longer seems to ship with PEAR, and if anyone knows why this is or
how to go about adding it back to the package (if it's still required), I'd
be interested to know.
testing/packages/thunderbird-1.5rc1/mozilla-thunderbird-1.5rc1-i686-1.tgz:
Added thunderbird-1.5rc1.
+--------------------------+
Mon Nov 7 19:54:57 CST 2005
n/elm-2.5.8-i486-1.tgz: Upgraded to elm2.5.8.
This fixes a buffer overflow in the parsing of the Expires header that
could be used to execute arbitrary code as the user running Elm.
Thanks to Ulf Harnhammar for finding the bug and reminding me to get
out updated packages to address the issue.
A reference to the original advisory:
http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html
+--------------------------+
Sat Nov 5 21:55:21 CST 2005
l/libxml2-2.6.22-i486-1.tgz: Upgraded to libxml2-2.6.22.
This fixes an issue where libxml2 had declared a variable XML_FEATURE_UNICODE
that was already used by the expat headers, causing PHP to fail to compile
when using Slackware's combination of ./configure options.
n/curl-7.12.2-i486-2.tgz: Patched. This addresses a buffer overflow in
libcurl's NTLM function that could have possible security implications.
For more details, see:
http://curl.haxx.se/docs/security.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
(* Security fix *)
n/samba-3.0.20b-i486-1.tgz: Upgraded to samba-3.0.20b.
This includes various bugfixes. Thanks to Christopher Linnet for reporting
that this fixes a problem with printing to a printer on an XP machine from
CUPS. If you use such a configuration, you'll want this upgrade for sure.
n/mod_ssl-2.8.25_1.3.34-i486-1.tgz: Upgraded to mod_ssl-2.8.25-1.3.34.
n/wget-1.10.2-i486-1.tgz: Upgraded to wget-1.10.2.
This addresses a buffer overflow in wget's NTLM handling function that could
have possible security implications.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
(* Security fix *)
n/php-4.4.1-i486-1.tgz: Upgraded to php-4.4.1.
Fixes a number of bugs, including several minor security fixes relating to
the overwriting of the GLOBALS array.
(* Security fix *)
n/lynx-2.8.5rel.5-i486-1.tgz: Upgraded to lynx-2.8.5rel.5.
Fixes an issue where the handling of Asian characters when using lynx to
connect to an NNTP server (is this a common use?) could result in a buffer
overflow causing the execution of arbitrary code.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120
(* Security fix *)
n/apache-1.3.34-i486-1.tgz: Upgraded to apache-1.3.34.
Fixes this minor security bug: "If a request contains both Transfer-Encoding
and Content-Length headers, remove the Content-Length, mitigating some HTTP
Request Splitting/Spoofing attacks."
(* Security fix *)
n/pine-4.64-i486-1.tgz: Upgraded to pine-4.64.
n/tcpdump-3.9.4-i486-1.tgz: Upgraded to tcpdump-3.9.4.
n/imapd-4.64-i486-1.tgz: Upgraded to imapd-4.64.
A buffer overflow was reported in the mail_valid_net_parse_work function.
However, this function in the c-client library does not appear to be called
from anywhere in imapd. iDefense states that the issue is of LOW risk to
sites that allow users shell access, and LOW-MODERATE risk to other servers.
I believe it's possible that it is of NIL risk if the function is indeed
dead code to imapd, but draw your own conclusions...
(* Security fix *)
kde/koffice-1.4.1-i486-2.tgz: Patched.
Fixes a buffer overflow in KWord's RTF import discovered by Chris Evans.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2971
(* Security fix *)
There, now hopefully we can start getting some REAL work done around here
again soon...
+--------------------------+
Thu Oct 13 13:57:25 PDT 2005
a/openssl-solibs-0.9.7g-i486-2.tgz: Patched.
Fixed a vulnerability that could, in rare circumstances, allow an attacker
acting as a "man in the middle" to force a client and a server to negotiate
the SSL 2.0 protocol (which is known to be weak) even if these parties both
support SSL 3.0 or TLS 1.0.
For more details, see:
http://www.openssl.org/news/secadv_20051011.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
(* Security fix *)
n/openssl-0.9.7g-i486-2.tgz: Patched.
(* Security fix *)
+--------------------------+
Mon Oct 10 15:14:22 PDT 2005
xap/xine-lib-1.0.3a-i686-1.tgz: Upgraded to xine-lib-1.0.3a.
This fixes a format string bug where an attacker, if able to upload malicious
information to a CDDB server and then get a local user to play a certain
audio CD, may be able to run arbitrary code on the machine as the user
running the xine-lib linked application.
For more information, see:
http://xinehq.de/index.php/security/XSA-2005-1
(* Security fix *)
+--------------------------+
Sat Oct 8 18:46:14 PDT 2005
d/cvs-1.11.21-i486-1.tgz: Upgraded to cvs-1.11.21.
+--------------------------+
Wed Oct 5 13:04:15 PDT 2005
xap/mozilla-thunderbird-1.0.7-i686-1.tgz: Upgraded to thunderbird-1.0.7.
This fixes a security issue where URLs passed on the command line to the
thunderbird shell script were not correctly protected against
interpretation by the shell. As a result, a malicious URL could contain
embedded shell commands which would then be executed as the user running
Thunderbird.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird
(* Security fix *)
+--------------------------+
Sun Sep 25 22:02:46 PDT 2005
x/x11-6.8.2-i486-4.tgz: Rebuilt with a modified patch for an earlier pixmap
overflow issue. The patch released by X.Org was slightly different than
the one that was circulated previously, and is an improved version. There
have been reports that the earlier patch broke WINE and possibly some
other programs.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2495
(* Security fix *)
x/x11-xdmx-6.8.2-i486-4.tgz: Patched and rebuilt.
x/x11-xnest-6.8.2-i486-4.tgz: Patched and rebuilt.
x/x11-xvfb-6.8.2-i486-4.tgz: Patched and rebuilt.
xap/mozilla-1.7.12-i486-1.tgz: Upgraded to mozilla-1.7.12.
This fixes several security issues. For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla
(* Security fix *)
xap/mozilla-firefox-1.0.7-i686-1.tgz: Upgraded to firefox-1.0.7.
This fixes several security issues. For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
(* Security fix *)
+--------------------------+
Tue Sep 13 12:24:53 PDT 2005
Slackware 10.2 is released.
Thanks to everyone to helped make it possible.
Enjoy! :-)