Fri Oct 18 02:41:09 UTC 2013 patches/packages/libtiff-3.9.7-i486-1_slack12.1.tgz: Upgraded. Patched overflows, crashes, and out of bounds writes. Thanks to mancha for the backported patches. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4564 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1961 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4244 (* Security fix *) +--------------------------+ Mon Oct 14 22:09:17 UTC 2013 patches/packages/gnupg-1.4.15-i486-1_slack12.1.tgz: Upgraded. Fixed possible infinite recursion in the compressed packet parser. [CVE-2013-4402] Protect against rogue keyservers sending secret keys. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402 (* Security fix *) patches/packages/gnutls-2.8.4-i486-2_slack12.1.tgz: Rebuilt. [Updated to the correct version to fix fetching the "latest" from gnu.org] This update prevents a side-channel attack which may allow remote attackers to conduct distinguishing attacks and plaintext recovery attacks using statistical analysis of timing data for crafted packets. Other minor security issues are patched as well. Thanks to mancha for backporting these patches. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116 (* Security fix *) patches/packages/xorg-server-1.4.2-i486-3_slack12.1.tgz: Rebuilt. Patched a use-after-free bug that can cause an X server crash or memory corruption. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396 (* Security fix *) patches/packages/xorg-server-xnest-1.4.2-i486-3_slack12.1.tgz: Rebuilt. patches/packages/xorg-server-xvfb-1.4.2-i486-3_slack12.1.tgz: Rebuilt. +--------------------------+ Sun Sep 29 02:39:29 UTC 2013 patches/packages/lm_sensors-2.10.8-i486-1_slack12.1.tgz: Upgraded. This update fixes issues with sensors-detect that may cause serious trouble on recent hardware (most notably laptops.) The symptoms are that the display starts misbehaving (wrong resolution or wrong gamma factor.) The risk is mitigated in this package by changing the default behavior of sensors-detect to no longer touch EDID EEPROMs and then to no longer probe graphics adapters at all unless the user asks for it. +--------------------------+ Fri Aug 30 06:26:06 UTC 2013 #################################################################### # NOTICE OF INPENDING EOL (END OF LIFE) FOR OLD SLACKWARE VERSIONS # # # # Effective December 9, 2013, security patches will no longer be # # provided for the following versions of Slackware (which will all # # be more than 5 years old at that time): # # Slackware 12.1, Slackware 12.2. # # If you are still running these versions you should consider # # migrating to a newer version (preferably as recent as possible). # # Alternately, you may make arrangements to handle your own # # security patches. If for some reason you are unable to upgrade # # or handle your own security patches, limited security support # # may be available for a fee. Inquire at security@slackware.com. # #################################################################### +--------------------------+ Fri Aug 23 20:18:50 UTC 2013 patches/packages/xpdf-3.03-i486-2_slack12.1.tgz: Rebuilt. Due to a bug in the libXt headers, the previous package build silently omitted the main xpdf binary. This has now been fixed. +--------------------------+ Wed Aug 21 06:11:23 UTC 2013 patches/packages/hplip-2.8.4-i486-2_slack12.1.tgz: Rebuilt. This update fixes a stack-based buffer overflow in the hpmud_get_pml function that can allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4267 (* Security fix *) patches/packages/xpdf-3.03-i486-1_slack12.1.tgz: Upgraded. Sanitize error messages to remove escape sequences that could be used to exploit vulnerable terminal emulators. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2142 Thanks to mancha. (* Security fix *) +--------------------------+ Tue Aug 6 05:23:34 UTC 2013 patches/packages/bind-9.8.5_P2-i486-1_slack12.1.tgz: Upgraded. This update fixes a security issue where a specially crafted query can cause BIND to terminate abnormally, resulting in a denial of service. For more information, see: https://kb.isc.org/article/AA-01015 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854 (* Security fix *) patches/packages/httpd-2.2.25-i486-1_slack12.1.tgz: Upgraded. This update addresses two security issues: * SECURITY: CVE-2013-1862 (cve.mitre.org) mod_rewrite: Ensure that client data written to the RewriteLog is escaped to prevent terminal escape sequences from entering the log file. * SECURITY: CVE-2013-1896 (cve.mitre.org) mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896 (* Security fix *) +--------------------------+ Sat Aug 3 20:36:53 UTC 2013 patches/packages/gnupg-1.4.14-i486-1_slack12.1.tgz: Upgraded. Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. For more information, see: http://eprint.iacr.org/2013/448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242 (* Security fix *) patches/packages/libgcrypt-1.5.3-i486-1_slack12.1.tgz: Upgraded. Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. For more information, see: http://eprint.iacr.org/2013/448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242 (* Security fix *) patches/packages/libgpg-error-1.11-i486-1_slack12.1.tgz: Upgraded. This package upgrade was needed by the new version of libgcrypt. +--------------------------+ Tue Jul 16 21:18:56 UTC 2013 patches/packages/php-5.3.27-i486-1_slack12.1.tgz: Upgraded. This update fixes an issue where XML in PHP does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113 (* Security fix *) +--------------------------+ Sun Jun 23 21:00:00 UTC 2013 patches/packages/curl-7.16.2-i486-4_slack12.1.tgz: Rebuilt. This fixes a minor security issue where a decode buffer boundary flaw in libcurl could lead to heap corruption. For more information, see: http://curl.haxx.se/docs/adv_20130622.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174 (* Security fix *) +--------------------------+ Mon Jun 10 21:51:54 UTC 2013 patches/packages/php-5.3.26-i486-1_slack12.1.tgz: Upgraded. This is a bugfix release. It also fixes a security issue -- a heap-based overflow in the quoted_printable_encode() function, which could be used by a remote attacker to crash PHP or execute code as the 'apache' user. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2110 (* Security fix *) +--------------------------+ Wed Mar 27 06:09:29 UTC 2013 patches/packages/bind-9.8.4_P2-i486-1_slack12.1.tgz: Upgraded. This update fixes a critical defect in BIND 9 that allows an attacker to cause excessive memory consumption in named or other programs linked to libdns. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266 https://kb.isc.org/article/AA-00871 (* Security fix *) patches/packages/dhcp-4.2.5_P1-i486-1_slack12.1.tgz: Upgraded. This update replaces the included BIND 9 code that the DHCP programs link against. Those contained a defect that could possibly lead to excessive memory consumption and a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266 (* Security fix *) +--------------------------+ Sat Mar 23 20:22:12 UTC 2013 patches/packages/php-5.3.23-i486-1_slack12.1.tgz: Upgraded. This release fixes two security issues in SOAP: Added check that soap.wsdl_cache_dir conforms to open_basedir. Disabled external entities loading. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1635 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1643 (* Security fix *) +--------------------------+ Tue Mar 12 06:59:27 UTC 2013 patches/packages/glibc-zoneinfo-2013b-noarch-1_slack12.1.tgz: Upgraded. This package provides the latest timezone updates. +--------------------------+ Thu Mar 7 00:16:35 UTC 2013 patches/packages/sudo-1.7.10p7-i486-1_slack12.1.tgz: Upgraded. This update fixes security issues that could allow a user to run commands without authenticating after the password timeout has already expired. Note that the vulnerability did not permit a user to run commands other than those allowed by the sudoers policy. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776 (* Security fix *) +--------------------------+ Sun Mar 3 22:10:56 UTC 2013 patches/packages/httpd-2.2.24-i486-1_slack12.1.tgz: Upgraded. This update provides bugfixes and enhancements. Two security issues are fixed: * Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp. [Jim Jagielski, Stefan Fritsch, Niels Heinen ] * XSS in mod_proxy_balancer manager interface. [Jim Jagielski, Niels Heinen ] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558 (* Security fix *) +--------------------------+ Sat Feb 9 21:45:56 UTC 2013 patches/packages/openssl-0.9.8y-i486-1_slack12.1.tgz: Upgraded. Make the decoding of SSLv3, TLS and DTLS CBC records constant time. This addresses the flaw in CBC record processing discovered by Nadhem Alfardan and Kenny Paterson. Details of this attack can be found at: http://www.isg.rhul.ac.uk/tls/ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and Emilia Käsper for the initial patch. (CVE-2013-0169) [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] Return an error when checking OCSP signatures when key is NULL. This fixes a DoS attack. (CVE-2013-0166) [Steve Henson] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169 (* Security fix *) patches/packages/openssl-solibs-0.9.8y-i486-1_slack12.1.tgz: Upgraded. (* Security fix *) +--------------------------+ Tue Jan 22 23:40:16 UTC 2013 patches/packages/mysql-5.0.96-i486-1_slack12.1.tgz: Upgraded. Upgraded to the latest upstream version to fix security issues and provide other bug fixes and improvements. Note that some of the changes may possibly introduce incompatibilities with the previous package. (* Security fix *) +--------------------------+ Wed Jan 16 02:54:52 UTC 2013 patches/packages/freetype-2.4.11-i486-1_slack12.1.tgz: Upgraded. This release fixes several security bugs that could cause freetype to crash or run programs upon opening a specially crafted file. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5668 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5669 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5670 (* Security fix *) +--------------------------+ Fri Dec 7 01:41:59 UTC 2012 patches/packages/bind-9.8.4_P1-i486-1_slack12.1.tgz: Upgraded. IMPORTANT NOTE: This package updates BIND from 9.7.6_P4 to 9.8.4_P1 since the 9.7 series is no longer supported. It is possible that some changes may be required to your local configuration. This release addresses some denial-of-service and other bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5688 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3817 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3868 (* Security fix *) patches/packages/libxml2-2.6.32-i486-3_slack12.1.tgz: Rebuilt. Patched a heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier that could allow a remote attacker to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134 (* Security fix *) +--------------------------+ Thu Oct 11 01:14:57 UTC 2012 patches/packages/bind-9.7.6_P4-i486-1_slack12.1.tgz: Upgraded. This update fixes a security issue where a certain combination of records in the RBT could cause named to hang while populating the additional section of a response. [RT #31090] (* Security fix *) +--------------------------+ Wed Sep 19 23:52:16 UTC 2012 patches/packages/patch-2.7-i486-2_slack12.1.tgz: Upgraded. Applied two upstream git commits to fix bugs which could cause target files to be removed or truncated. Thanks to Qun-Ying. +--------------------------+ Fri Sep 14 20:29:40 UTC 2012 patches/packages/dhcp-4.1_ESV_R7-i486-1_slack12.1.tgz: Upgraded. An issue with the use of lease times was found and fixed. Making certain changes to the end time of an IPv6 lease could cause the server to abort. Thanks to Glen Eustace of Massey University, New Zealand for finding this issue. [ISC-Bugs #30281] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3955 (* Security fix *) patches/packages/php-5.3.17-i486-1_slack12.1.tgz: Upgraded. This is a bugfix release. +--------------------------+ Fri Sep 14 02:16:53 UTC 2012 patches/packages/bind-9.7.6_P3-i486-1_slack12.1.tgz: Upgraded. This update fixes a security issue where named could crash on a specially crafted record. [RT #30416] (* Security fix *) patches/packages/patch-2.7-i486-1_slack12.1.tgz: Upgraded. This version of patch ignores destination filenames that are absolute or that contain a component of "..", unless such a filename is provided as an argument. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4651 (* Security fix *) +--------------------------+ Thu Aug 30 23:35:53 UTC 2012 patches/packages/slocate-3.1-i486-2_slack12.1.tgz: Rebuilt. Patched to use lstat64 and -D_LARGEFILE64_SOURCE. Thanks to Mancha+. Patched to fix information leak of filenames in protected directories. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0227 (* Security fix *) +--------------------------+ Fri Aug 24 20:08:37 UTC 2012 patches/packages/php-5.3.16-i486-1_slack12.1.tgz: Upgraded. This is a bugfix release. patches/packages/dhcp-4.1_ESV_R6-i486-1_slack12.1.tgz: Upgraded. This fixes memory leaks, denial of service vulnerabilities, and disallows packets with zero length client ids (not valid according to RFC 2132 section 9.14). For more information, see: https://kb.isc.org/article/AA-00736 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4539 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4868 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3954 (* Security fix *) +--------------------------+ Thu Aug 16 04:01:31 UTC 2012 patches/packages/t1lib-5.1.2-i486-1_slack12.1.tgz: Upgraded. Patched various overflows, crashes, and pointer bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554 (* Security fix *) +--------------------------+ Fri Jul 27 17:15:24 UTC 2012 patches/packages/bind-9.7.6_P2-i486-1_slack12.1.tgz: Upgraded. Prevents a named assert (crash) when validating caused by using "Bad cache" data before it has been initialized. [RT #30025] ISC_QUEUE handling for recursive clients was updated to address a race condition that could cause a memory leak. This rarely occurred with UDP clients, but could be a significant problem for a server handling a steady rate of TCP queries. [RT #29539 & #30233] Under heavy incoming TCP query loads named could experience a memory leak which could lead to significant reductions in query response or cause the server to be terminated on systems with "out of memory" killers. [RT #29539] A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process. [RT #29644] (* Security fix *) +--------------------------+ Wed Jul 25 02:02:40 UTC 2012 patches/packages/libpng-1.2.50-i486-1_slack12.1.tgz: Upgraded. Fixed incorrect type (int copy should be png_size_t copy) in png_inflate() (fixes CVE-2011-3045). Revised png_set_text_2() to avoid potential memory corruption (fixes CVE-2011-3048). Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386 (* Security fix *) +--------------------------+ Sun Jul 22 19:45:25 UTC 2012 patches/packages/php-5.3.15-i486-1_slack12.1.tgz: Upgraded. Fixed potential overflow in _php_stream_scandir (CVE-2012-2688). (Thanks to Jason Powell, Stas) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2688 (* Security fix *) +--------------------------+ Wed Jul 18 05:35:26 UTC 2012 patches/packages/libexif-0.6.21-i486-1_slack12.1.tgz: Upgraded. This update fixes a number of remotely exploitable issues in libexif with effects ranging from information leakage to potential remote code execution. For more information, see: http://sourceforge.net/mailarchive/message.php?msg_id=29534027 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2845 (* Security fix *) +--------------------------+ Fri Jul 13 23:14:15 UTC 2012 patches/packages/php-5.3.14-i486-1_slack12.1.tgz: Upgraded. This release fixes a weakness in the DES implementation of crypt and a heap overflow issue in the phar extension. (* Security fix *) +--------------------------+ Mon Jun 25 02:32:37 UTC 2012 patches/packages/freetype-2.4.10-i486-1_slack12.1.tgz: Upgraded. Since freetype-2.4.8 many fixes were made to better handle invalid fonts. Many of them are vulnerabilities (see CVE-2012-1126 up to CVE-2012-1144 and SA48320) so all users should upgrade. (* Security fix *) +--------------------------+ Thu Jun 14 05:02:39 UTC 2012 patches/packages/bind-9.7.6_P1-i486-1_slack12.1.tgz: Upgraded. This release fixes an issue that could crash BIND, leading to a denial of service. It also fixes the so-called "ghost names attack" whereby a remote attacker may trigger continued resolvability of revoked domain names. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667 IMPORTANT NOTE: This is a upgraded version of BIND, _not_ a patched one. It is likely to be more strict about the correctness of configuration files. Care should be taken about deploying this upgrade on production servers to avoid an unintended interruption of service. (* Security fix *) +--------------------------+ Wed May 23 00:14:52 UTC 2012 patches/packages/libxml2-2.6.32-i486-2_slack12.1.tgz: Upgraded. Patched an off-by-one error in XPointer that could lead to a crash or possibly the execution of arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102 (* Security fix *) +--------------------------+ Sat May 19 19:03:37 UTC 2012 patches/packages/openssl-0.9.8x-i486-1_slack12.1.tgz: Upgraded. This is a very minor security fix: o Fix DTLS record length checking bug CVE-2012-2333 For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333 (* Security fix *) patches/packages/openssl-solibs-0.9.8x-i486-1_slack12.1.tgz: Upgraded. This is a very minor security fix: o Fix DTLS record length checking bug CVE-2012-2333 For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333 (* Security fix *) +--------------------------+ Tue May 8 21:21:10 UTC 2012 patches/packages/php-5.3.13-i486-1_slack12.1.tgz: Upgraded. This release completes a fix for a vulnerability in CGI-based setups. Note: mod_php and php-fpm are not vulnerable to this attack. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2311 (* Security fix *) +--------------------------+ Fri Apr 27 01:07:23 UTC 2012 patches/packages/openssl-0.9.8w-i486-1_slack12.1.tgz: Upgraded. Fixes some potentially exploitable buffer overflows. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley for fixing it. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110 (* Security fix *) patches/packages/openssl-solibs-0.9.8w-i486-1_slack12.1.tgz: Upgraded. Fixes some potentially exploitable buffer overflows. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley for fixing it. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110 (* Security fix *) +--------------------------+ Mon Apr 23 18:18:31 UTC 2012 patches/packages/openssl-0.9.8v-i486-1_slack12.1.tgz: Upgraded. Fixes some potentially exploitable buffer overflows. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley for fixing it. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110 (* Security fix *) patches/packages/openssl-solibs-0.9.8v-i486-1_slack12.1.tgz: Upgraded. Fixes some potentially exploitable buffer overflows. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley for fixing it. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110 (* Security fix *) +--------------------------+ Wed Apr 11 17:16:32 UTC 2012 patches/packages/samba-3.0.37-i486-5_slack12.1.tgz: Rebuilt. This is a security release in order to address a vulnerability that allows remote code execution as the "root" user. All sites running a Samba server should update to the new Samba package and restart Samba. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182 (* Security fix *) +--------------------------+ Sat Apr 7 21:48:42 UTC 2012 patches/packages/libtiff-3.8.2-i486-6_slack12.1.tgz: Rebuilt. Patched overflows that could lead to arbitrary code execution when parsing a malformed image file. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1173 (* Security fix *) +--------------------------+ Wed Feb 22 18:14:58 UTC 2012 patches/packages/libpng-1.2.47-i486-1_slack12.1.tgz: Upgraded. All branches of libpng prior to versions 1.5.9, 1.4.9, 1.2.47, and 1.0.57, respectively, fail to correctly validate a heap allocation in png_decompress_chunk(), which can lead to a buffer-overrun and the possibility of execution of hostile code on 32-bit systems. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026 (* Security fix *) +--------------------------+ Wed Feb 8 01:21:42 UTC 2012 patches/packages/apr-util-1.4.1-i486-1_slack12.1.tgz: Upgraded. Version bump for httpd upgrade. patches/packages/httpd-2.2.22-i486-1_slack12.1.tgz: Upgraded. *) SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. [Joe Orton] *) SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. [Stefan Fritsch, Greg Ames] *) SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. [Joe Orton] *) SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17. PR 52256. [Rainer Canavan ] *) SECURITY: CVE-2012-0031 (cve.mitre.org) Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly. [Joe Orton] *) SECURITY: CVE-2012-0053 (cve.mitre.org) Fix an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400. [Eric Covener] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053 (* Security fix *) patches/packages/php-5.3.10-i486-1_slack12.1.tgz: Upgraded. Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830. (Stas, Dmitry) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830 (* Security fix *) patches/packages/proftpd-1.3.4a-i486-1_slack12.1.tgz: Upgraded. This update fixes a use-after-free() memory corruption error, and possibly other unspecified issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130 (* Security fix *) patches/packages/vsftpd-2.3.5-i486-1_slack12.1.tgz: Upgraded. Minor version bump, this also works around a hard to trigger heap overflow in glibc (glibc zoneinfo caching vuln). For there to be any possibility to trigger the glibc bug within vsftpd, the non-default option "chroot_local_user" must be set in /etc/vsftpd.conf. Considered 1) low severity (hard to exploit) and 2) not a vsftpd bug :-) Nevertheless: (* Security fix *) +--------------------------+ Wed Feb 1 23:14:56 UTC 2012 patches/packages/freetype-2.4.8-i486-1_slack12.1.tgz: Upgraded. Some vulnerabilities in handling CID-keyed PostScript fonts have been fixed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3439 (* Security fix *) patches/packages/openssl-0.9.8t-i486-1_slack12.1.tgz: Upgraded. This fixes a bug where DTLS applications were not properly supported. This bug could have allowed remote attackers to cause a denial of service via unspecified vectors. CVE-2012-0050 has been assigned to this issue. For more details see: http://openssl.org/news/secadv_20120118.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0050 (* Security fix *) patches/packages/openssl-solibs-0.9.8t-i486-1_slack12.1.tgz: Upgraded. This fixes a bug where DTLS applications were not properly supported. This bug could have allowed remote attackers to cause a denial of service via unspecified vectors. CVE-2012-0050 has been assigned to this issue. For more details see: http://openssl.org/news/secadv_20120118.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0050 (* Security fix *) +--------------------------+ Thu Nov 17 02:09:25 UTC 2011 patches/packages/bind-9.4_ESV_R5_P1-i486-1_slack12.1.tgz: Upgraded. --- 9.4-ESV-R5-P1 released --- 3218. [security] Cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure. [RT #26590] (* Security fix *) +--------------------------+ Fri Nov 11 18:58:21 UTC 2011 Good 11-11-11, everyone! Enjoy some fresh time. :) patches/packages/glibc-zoneinfo-2011i_2011n-noarch-1.tgz: Upgraded. New upstream homepage: http://www.iana.org/time-zones +--------------------------+ Tue Oct 11 07:50:04 UTC 2011 patches/packages/httpd-2.2.21-i486-1_slack12.1.tgz: Upgraded. Respond with HTTP_NOT_IMPLEMENTED when the method is not recognized. [Jean-Frederic Clere] SECURITY: CVE-2011-3348 Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20. PR 51748. [] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348 (* Security fix *) +--------------------------+ Sun Sep 4 02:17:37 UTC 2011 patches/packages/httpd-2.2.20-i486-1_slack12.1.tgz: Upgraded. SECURITY: CVE-2011-3192 (cve.mitre.org) core: Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file. PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 (* Security fix *) +--------------------------+ Thu Aug 25 09:10:45 UTC 2011 patches/packages/php-5.3.8-i486-1_slack12.1.tgz: Upgraded. Security fixes vs. 5.3.6 (5.3.7 was not usable): Updated crypt_blowfish to 1.2. (CVE-2011-2483) Fixed crash in error_log(). Reported by Mateusz Kocielski Fixed buffer overflow on overlog salt in crypt(). Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202) Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938) Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483 For those upgrading from PHP 5.2.x, be aware that quite a bit has changed, and it will very likely not 'drop in', but PHP 5.2.x is not supported by php.net any longer, so there wasn't a lot of choice in the matter. We're not able to support a security fork of PHP 5.2.x here either, so you'll have to just bite the bullet on this. You'll be better off in the long run. :) (* Security fix *) +--------------------------+ Fri Aug 12 23:20:00 UTC 2011 patches/packages/bind-9.4_ESV_R5-i486-1_slack12.1.tgz: Upgraded. This BIND update addresses a couple of security issues: * named, set up to be a caching resolver, is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache the response. Due to an off-by-one error, caching the response could cause named to crash. [RT #24650] [CVE-2011-1910] * Change #2912 (see CHANGES) exposed a latent bug in the DNS message processing code that could allow certain UPDATE requests to crash named. [RT #24777] [CVE-2011-2464] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464 (* Security fix *) +--------------------------+ Fri Jul 29 18:22:40 UTC 2011 patches/packages/libpng-1.2.46-i486-1_slack12.1.tgz: Upgraded. Fixed uninitialized memory read in png_format_buffer() (Bug report by Frank Busse, related to CVE-2004-0421). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421 (* Security fix *) +--------------------------+ Mon Jun 20 00:49:34 UTC 2011 patches/packages/fetchmail-6.3.20-i486-1_slack12.1.tgz: Upgraded. This release fixes a denial of service in STARTTLS protocol phases. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1947 http://www.fetchmail.info/fetchmail-SA-2011-01.txt (* Security fix *) +--------------------------+ Fri May 27 22:56:00 UTC 2011 patches/packages/bind-9.4_ESV_R4_P1-i486-1_slack12.1.tgz: Upgraded. This release fixes security issues: * A large RRSET from a remote authoritative server that results in the recursive resolver trying to negatively cache the response can hit an off by one code error in named, resulting in named crashing. [RT #24650] [CVE-2011-1910] * Zones that have a DS record in the parent zone but are also listed in a DLV and won't validate without DLV could fail to validate. [RT #24631] For more information, see: http://www.isc.org/software/bind/advisories/cve-2011-1910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910 (* Security fix *) +--------------------------+ Wed May 25 20:03:16 UTC 2011 patches/packages/apr-1.4.5-i486-1_slack12.1.tgz: Upgraded. This fixes a possible denial of service due to a problem with a loop in the new apr_fnmatch() implementation consuming CPU. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928 (* Security fix *) patches/packages/apr-util-1.3.12-i486-1_slack12.1.tgz: Upgraded. Fix crash because of NULL cleanup registered by apr_ldap_rebind_init(). patches/packages/httpd-2.2.19-i486-1_slack12.1.tgz: Upgraded. Revert ABI breakage in 2.2.18 caused by the function signature change of ap_unescape_url_keep2f(). This release restores the signature from 2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex(). Apache httpd-2.2.18 is considered abandoned. All users must upgrade. +--------------------------+ Fri May 13 20:30:07 UTC 2011 patches/packages/apr-1.4.4-i486-1_slack12.1.tgz: Upgraded. This fixes a possible denial of service due to an unconstrained, recursive invocation of apr_fnmatch(). This function has been reimplemented using a non-recursive algorithm. Thanks to William Rowe. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419 (* Security fix *) patches/packages/apr-util-1.3.11-i486-1_slack12.1.tgz: Upgraded. patches/packages/httpd-2.2.18-i486-1_slack12.1.tgz: Upgraded. This is a bug fix release, but since the upgrades to apr/apr-util require at least an httpd recompile we opted to upgrade to the newest httpd. +--------------------------+ Thu Apr 21 03:13:14 UTC 2011 patches/packages/rdesktop-1.6.0-i486-2_slack12.1.tgz: Rebuilt. Patched a traversal vulnerability (disallow /.. requests). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1595 (* Security fix *) +--------------------------+ Mon Apr 18 19:59:50 UTC 2011 patches/packages/acl-2.2.50-i486-1_slack12.1.tgz: Upgraded. Fix the --physical option in setfacl and getfacl to prevent symlink attacks. Thanks to Martijn Dekker for the notification. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4411 (* Security fix *) +--------------------------+ Fri Apr 8 06:58:48 UTC 2011 patches/packages/libtiff-3.8.2-i486-5_slack12.1.tgz: Rebuilt. Patched overflows that could lead to arbitrary code execution when parsing a malformed image file. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167 (* Security fix *) +--------------------------+ Thu Apr 7 04:07:29 UTC 2011 patches/packages/dhcp-3.1_ESV_R1-i486-1_slack12.1.tgz: Upgraded. In dhclient, check the data for some string options for reasonableness before passing it along to the script that interfaces with the OS. This prevents some possible attacks by a hostile DHCP server. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997 (* Security fix *) +--------------------------+ Wed Apr 6 06:32:00 UTC 2011 patches/packages/xrdb-1.0.9-i486-1_slack12.1.tgz: Upgraded. This fixes a security issue where improperly sanitized input could lead to privilege escalation or arbitrary command execution as root. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0465 (* Security fix *) +--------------------------+ Tue Apr 5 05:10:33 UTC 2011 patches/packages/proftpd-1.3.3e-i486-1_slack12.1.tgz: Upgraded. Fixes CVE-2011-1137 (badly formed SSH messages cause DoS). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1137 (* Security fix *) +--------------------------+ Fri Mar 11 20:10:16 UTC 2011 patches/packages/pidgin-2.7.11-i486-1_slack12.1.tgz: Upgraded. Fixed denials of service caused by NULL pointer dereferences due to improper handling of malformed YMSG packets. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1091 (* Security fix *) +--------------------------+ Fri Mar 11 06:34:03 UTC 2011 patches/packages/subversion-1.5.9-i486-1_slack12.1.tgz: Upgraded. Fixed a remotely triggerable NULL-pointer dereference in mod_dav_svn. For more information, see: http://subversion.apache.org/security/CVE-2011-0715-advisory.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0715 (* Security fix *) +--------------------------+ Mon Feb 28 22:19:08 UTC 2011 patches/packages/samba-3.0.37-i486-4_slack12.1.tgz: Rebuilt. Fix memory corruption denial of service issue. For more information, see: http://www.samba.org/samba/security/CVE-2011-0719 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0719 (* Security fix *) +--------------------------+ Fri Feb 25 01:10:49 UTC 2011 patches/packages/pidgin-2.7.10-i486-1_slack12.1.tgz: Upgraded. Fixed potential information disclosure issue in libpurple. (* Security fix *) +--------------------------+ Thu Feb 10 21:19:38 UTC 2011 patches/packages/apr-1.3.12-i486-1_slack12.1.tgz: Upgraded. patches/packages/apr-util-1.3.10-i486-1_slack12.1.tgz: Upgraded. Fixes a memory leak and DoS in apr_brigade_split_line(). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623 (* Security fix *) patches/packages/expat-2.0.1-i486-2_slack12.1.tgz: Upgraded. Fixed various crash and hang bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 (* Security fix *) patches/packages/httpd-2.2.17-i486-1_slack12.1.tgz: Upgraded. This fixes some denial of service bugs in the bundled libraries. On Slackware we do not use the bundled expat or apr-util, so the issues are also fixed in those external libraries. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623 (* Security fix *) patches/packages/openssl-0.9.8r-i486-1_slack12.1.tgz: Upgraded. This OpenSSL update fixes an "OCSP stapling vulnerability". For more information, see the included CHANGES and NEWS files, and: http://www.openssl.org/news/secadv_20110208.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0014 (* Security fix *) Patched certwatch to work with recent versions of "file". Thanks to Ulrich Schäfer and Jan Rafaj. patches/packages/openssl-solibs-0.9.8r-i486-1_slack12.1.tgz: Upgraded. (* Security fix *) patches/packages/sudo-1.7.4p6-i486-1_slack12.1.tgz: Upgraded. Fix Runas group password checking. For more information, see the included CHANGES and NEWS files, and: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0010 (* Security fix *) +--------------------------+ Mon Jan 10 20:03:00 UTC 2011 patches/packages/php-5.2.17-i486-1_slack12.1.tgz: Upgraded. This update fixes an infinite loop with conversions from string to double that may result in a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4645 (* Security fix *) +--------------------------+ Mon Dec 27 18:47:35 UTC 2010 patches/packages/pidgin-2.7.9-i486-1_slack12.1.tgz: Upgraded. Fixed denial-of-service flaw in the MSN protocol. (* Security fix *) +--------------------------+ Sat Dec 25 03:52:39 UTC 2010 patches/packages/php-5.2.16-i486-2_slack12.1.tgz: Rebuilt. This update fixes a wrong (/usr/lib64/) path in the sample php.ini files. Thanks to Steven Masta. +--------------------------+ Fri Dec 24 00:53:19 UTC 2010 patches/packages/php-5.2.16-i486-1_slack12.1.tgz: Upgraded. This fixes many bugs, including some security issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3436 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4150 (* Security fix *) patches/packages/proftpd-1.3.3d-i486-1_slack12.1.tgz: Upgraded. This update fixes an unbounded copy operation in sql_prepare_where() that could be exploited to execute arbitrary code. However, this only affects servers that use the sql_mod module (which Slackware does not ship), and in addition the ability to exploit this depends on an SQL injection bug that was already fixed in proftpd-1.3.2rc2 (this according to upstream). So in theory, this fix should only be of academic interest. But in practice, better safe than sorry. (* Security fix *) +--------------------------+ Thu Dec 16 18:57:05 UTC 2010 patches/packages/bind-9.4_ESV_R4-i486-1_slack12.1.tgz: Upgraded. This update fixes some security issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615 (* Security fix *) +--------------------------+ Tue Dec 7 05:01:53 UTC 2010 patches/packages/openssl-0.9.8q-i486-1_slack12.1.tgz: Upgraded. This OpenSSL update contains some security related bugfixes. For more information, see the included CHANGES and NEWS files, and: http://www.openssl.org/news/secadv_20101202.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4252 (* Security fix *) patches/packages/openssl-solibs-0.9.8q-i486-1_slack12.1.tgz: Upgraded. (* Security fix *) +--------------------------+ Tue Nov 30 23:12:00 UTC 2010 patches/packages/pidgin-2.7.7-i486-1_slack12.1.tgz: Upgraded. This update fixes connection issues for AIM and MSN. +--------------------------+ Mon Nov 29 22:00:24 UTC 2010 patches/packages/cups-1.3.11-i486-1_slack12.1.tgz: Upgraded. Fixed memory corruption bugs that could lead to a denial of service or possibly execution of arbitrary code through a crafted IPP request. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0542 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941 (* Security fix *) +--------------------------+ Mon Nov 22 04:11:40 UTC 2010 patches/packages/openssl-0.9.8p-i486-1_slack12.1.tgz: Rebuilt. This OpenSSL update contains some security related bugfixes. For more information, see the included CHANGES and NEWS files, and: http://www.openssl.org/news/secadv_20101116.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864 (* Security fix *) patches/packages/openssl-solibs-0.9.8p-i486-1_slack12.1.tgz: Rebuilt. (* Security fix *) +--------------------------+ Sat Nov 20 21:20:27 UTC 2010 patches/packages/xpdf-3.02pl5-i486-1_slack12.1.tgz: Upgraded. This update fixes security issues that could lead to an application crash, or execution of arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704 (* Security fix *) patches/packages/poppler-0.6.4-i486-3_slack12.1.tgz: Rebuilt. This updated package includes patches based on xpdf 3.02pl5. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704 (* Security fix *) +--------------------------+ Mon Nov 1 23:21:39 UTC 2010 patches/packages/pidgin-2.7.5-i486-1_slack12.1.tgz: Upgraded. This update addresses some denial of service bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3711 (* Security fix *) patches/packages/proftpd-1.3.3c-i486-1_slack12.1.tgz: Upgraded. Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925), which can allow remote execution of arbitrary code as the user running the ProFTPD daemon. Thanks to TippingPoint and the Zero Day Initiative (ZDI). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3867 (* Security fix *) +--------------------------+ Thu Oct 28 22:13:53 UTC 2010 patches/packages/glibc-2.7-i486-12_slack12.1.tgz: Rebuilt. Patched "The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads." This security issue allows a local attacker to gain root by specifying an unsafe DSO in the library search path to be used with a setuid binary in LD_AUDIT mode. Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856 http://seclists.org/fulldisclosure/2010/Oct/344 (* Security fix *) patches/packages/glibc-i18n-2.7-noarch-12_slack12.1.tgz: Rebuilt. patches/packages/glibc-profile-2.7-i486-12_slack12.1.tgz: Rebuilt. patches/packages/glibc-solibs-2.7-i486-12_slack12.1.tgz: Upgraded. (* Security fix *) patches/packages/glibc-zoneinfo-2.7-noarch-12_slack12.0.tgz: Upgraded. Rebuilt to tzcode2010n and tzdata2010n. +--------------------------+ Wed Oct 20 21:54:05 UTC 2010 patches/packages/glibc-2.7-i486-11_slack12.1.tgz: Rebuilt. Patched "dynamic linker expands $ORIGIN in setuid library search path". This security issue allows a local attacker to gain root if they can create a hard link to a setuid root binary. Thanks to Tavis Ormandy. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847 http://seclists.org/fulldisclosure/2010/Oct/257 (* Security fix *) patches/packages/glibc-i18n-2.7-noarch-11_slack12.1.tgz: Rebuilt. patches/packages/glibc-profile-2.7-i486-11_slack12.1.tgz: Rebuilt. patches/packages/glibc-solibs-2.7-i486-11_slack12.1.tgz: Rebuilt. patches/packages/glibc-zoneinfo-2.7-noarch-11_slack12.1.tgz: Rebuilt. +--------------------------+ Mon Sep 20 18:39:57 UTC 2010 patches/packages/bzip2-1.0.6-i486-1_slack12.1.tgz: Upgraded. This update fixes an integer overflow that could allow a specially crafted bzip2 archive to cause a crash (denial of service), or execute arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405 (* Security fix *) +--------------------------+ Wed Sep 15 18:51:21 UTC 2010 patches/packages/sudo-1.7.4p4-i486-3_slack12.1.tgz: Rebuilt. Hi folks, since the patches for old systems (8.1 - 10.2) were briefly available containing a /var/lib with incorrect permissions, I'm issuing these again just to be 100% sure that no systems out there will be left with problems due to that. This should do it (third time's the charm). +--------------------------+ Wed Sep 15 05:58:55 UTC 2010 patches/packages/sudo-1.7.4p4-i486-2_slack12.1.tgz: Rebuilt. The last sudo packages accidentally changed the permissions on /var from 755 to 700. This build restores the proper permissions. Thanks to Petri Kaukasoina for pointing this out. +--------------------------+ Wed Sep 15 00:41:13 UTC 2010 patches/packages/samba-3.0.37-i486-3_slack12.1.tgz: Upgraded. This upgrade fixes a buffer overflow in the sid_parse() function. For more information, see: http://www.samba.org/samba/security/CVE-2010-3069 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3069 (* Security fix *) patches/packages/sudo-1.7.4p4-i486-1_slack12.1.tgz: Upgraded. This fixes a flaw that could lead to privilege escalation. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2956 (* Security fix *) +--------------------------+ Fri Aug 27 00:23:17 UTC 2010 patches/packages/gnupg2-2.0.9-i486-2_slack12.1.tgz: Rebuilt. Patched to fix "Realloc Bug with X.509 certificates in GnuPG". For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2547 (* Security fix *) patches/packages/httpd-2.2.16-i486-1_slack12.1.tgz: Upgraded. Fix Handling of requests without a path segment. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452 (* Security fix *) patches/packages/php-5.2.14-i486-1_slack12.1.tgz: Upgraded. Fixed several security issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1917 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2225 http://www.php-security.org/2010/05/31/mops-2010-060-php-session-serializer-session-data-injection-vulnerability/index.html http://www.php-security.org/2010/06/25/mops-2010-061-php-splobjectstorage-deserialization-use-after-free-vulnerability/index.html (* Security fix *) patches/packages/pidgin-2.7.3-i486-1_slack12.1.tgz: Upgraded. This fixes a crash due to malformed X-Status messages. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2528 (* Security fix *) patches/packages/xorg-server-1.4.2-i486-2_slack12.1.tgz: Rebuilt. Patched to prevent overwriting stack memory and bypassing security mechanisms on systems that use a 2.6 Linux kernel. Reported by Rafal Wojtczuk. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2240 (* Security fix *) patches/packages/xorg-server-xnest-1.4.2-i486-2_slack12.1.tgz: Rebuilt. patches/packages/xorg-server-xvfb-1.4.2-i486-2_slack12.1.tgz: Rebuilt. +--------------------------+ Wed Jun 30 04:51:49 UTC 2010 patches/packages/libtiff-3.8.2-i486-4_slack12.1.tgz: Rebuilt. This fixes image structure handling bugs that could lead to crashes or execution of arbitrary code if a specially-crafted TIFF image is loaded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1411 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2065 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2067 (* Security fix *) patches/packages/libpng-1.2.44-i486-1_slack12.1.tgz: Upgraded. This fixes out-of-bounds memory write bugs that could lead to crashes or the execution of arbitrary code, and a memory leak bug which could lead to application crashes. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249 (* Security fix *) +--------------------------+ Fri Jun 25 05:28:02 UTC 2010 patches/packages/bind-9.4.3_P5-i486-1_slack12.1.tgz: Upgraded. This fixes possible DNS cache poisoning attacks when DNSSEC is enabled and checking is disabled (CD). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097 (* Security fix *) +--------------------------+ Fri Jun 18 18:09:28 UTC 2010 patches/packages/samba-3.0.37-i486-2_slack12.1.tgz: Rebuilt. Patched a buffer overflow in smbd that allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2063 (* Security fix *) +--------------------------+ Tue May 18 18:30:53 UTC 2010 patches/packages/pidgin-2.7.0-i486-1_slack12.1.tgz: Upgraded. Upgraded to pidgin-2.7.0 and pidgin-encryption-3.1. The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote attackers to cause a denial of service (application crash) via a custom emoticon in a malformed SLP message. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1624 (* Security fix *) +--------------------------+ Sun May 16 20:01:28 UTC 2010 patches/packages/fetchmail-6.3.17-i486-1_slack12.1.tgz: Upgraded. A crafted header or POP3 UIDL list could cause a memory leak and crash leading to a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1167 (* Security fix *) +--------------------------+ Thu Apr 22 19:13:54 UTC 2010 patches/packages/irssi-0.8.15-i486-1_slack12.1.tgz: Upgraded. From the NEWS file: - Check if an SSL certificate matches the hostname of the server we are connecting to. - Fix crash when checking for fuzzy nick match when not on the channel. Reported by Aurelien Delaitre (SATE 2009). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1156 (* Security fix *) +--------------------------+ Tue Apr 20 14:45:24 UTC 2010 patches/packages/sudo-1.7.2p6-i486-1_slack12.1.tgz: Upgraded. This update fixes security issues that may give a user with permission to run sudoedit the ability to run arbitrary commands. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0426 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1163 http://www.gratisoft.us/sudo/alerts/sudoedit_escalate.html http://www.gratisoft.us/sudo/alerts/sudoedit_escalate2.html (* Security fix *) +--------------------------+ Mon Apr 5 03:06:19 UTC 2010 patches/packages/mozilla-thunderbird-2.0.0.24-i686-1.tgz: Upgraded. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) +--------------------------+ Wed Mar 31 05:05:47 UTC 2010 patches/packages/openssl-0.9.8n-i486-1_slack12.1.tgz: Upgraded. This OpenSSL update contains some security related bugfixes. For more information, see the included CHANGES and NEWS files, and: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740 (* Security fix *) patches/packages/openssl-solibs-0.9.8n-i486-1_slack12.1.tgz: Upgraded. patches/packages/proftpd-1.3.3-i486-2_slack12.1.tgz: Rebuilt. patches/packages/seamonkey-1.1.19-i486-1_slack12.1.tgz: Upgraded. Upgraded to seamonkey-1.1.19. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Wed Mar 10 22:38:18 UTC 2010 patches/packages/pidgin-2.6.6-i486-1_slack12.1.tgz: Upgraded. This fixes a few denial-of-service flaws as well as other bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423 (* Security fix *) +--------------------------+ Tue Mar 9 21:31:21 UTC 2010 patches/packages/openssl-0.9.8m-i486-2_slack12.1.tgz: Rebuilt. patches/packages/openssl-solibs-0.9.8m-i486-2_slack12.1.tgz: Rebuilt. The OpenSSL package has been patched and recompiled to revert a change that broke decrypting some files encrypted with previous versions of OpenSSL. This same fix appears in the latest upstream snapshots. +--------------------------+ Mon Mar 8 20:49:02 UTC 2010 patches/packages/httpd-2.2.15-i486-1_slack12.1.tgz: Upgraded. This update addresses a few security issues. mod_ssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent when request headers indicate a request body is incoming; not a case of HTTP_INTERNAL_SERVER_ERROR. mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. [This is the most serious flaw, but does not affect Linux systems] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425 (* Security fix *) +--------------------------+ Mon Mar 1 05:02:21 UTC 2010 patches/packages/openssl-0.9.8m-i486-1_slack12.1.tgz: Upgraded. This OpenSSL update contains some security related bugfixes. For more information, see the included CHANGES and NEWS files, and: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4355 (* Security fix *) patches/packages/openssl-solibs-0.9.8m-i486-1_slack12.1.tgz: Upgraded. patches/packages/proftpd-1.3.3-i486-1_slack12.1.tgz: Upgraded. +--------------------------+ Sun Jan 24 20:22:46 UTC 2010 patches/packages/httpd-2.2.14-i486-1_slack12.1.tgz: Upgraded. This fixes a couple of security bugs when using mod_proxy_ftp. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 (* Security fix *) patches/packages/php-5.2.12-i486-1_slack12.1.tgz: Upgraded. This fixes many bugs, including a few security issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4143 (* Security fix *) patches/packages/pidgin-2.6.5-i486-1_slack12.1.tgz : Upgraded. This fixes a directory traversal vulnerability in Pidgin's MSN protocol handling that may allow attackers to download arbitrary files. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013 (* Security fix *) +--------------------------+ Sat Dec 12 04:51:11 UTC 2009 patches/packages/gimp-2.4.7-i486-1_slack12.1.tgz: Upgraded. This fixes integer overflows in the image handling plugins that could lead to the execution of arbitrary code or an application crash if a malicious image is loaded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1570 (* Security fix *) +--------------------------+ Thu Dec 10 00:12:58 UTC 2009 patches/packages/ntp-4.2.4p8-i486-1_slack12.1.tgz: Upgraded. Prevent a denial-of-service attack involving spoofed mode 7 packets. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 (* Security fix *) +--------------------------+ Wed Dec 2 20:51:55 UTC 2009 patches/packages/bind-9.4.3_P4-i486-1_slack12.1.tgz: Upgraded. BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3-P3. It addresses a potential cache poisoning vulnerability, in which data in the additional section of a response could be cached without proper DNSSEC validation. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022 http://www.kb.cert.org/vuls/id/418861 (* Security fix *) +--------------------------+ Mon Nov 16 18:56:26 UTC 2009 patches/packages/openssl-0.9.8h-i486-4_slack12.1.tgz: Rebuilt. Patched to disable SSL renegotiation. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 (* Security fix *) patches/packages/openssl-solibs-0.9.8h-i486-4_slack12.1.tgz: Rebuilt. Patched to disable SSL renegotiation. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 (* Security fix *) +--------------------------+ Wed Oct 28 22:50:35 UTC 2009 patches/packages/poppler-0.6.4-i486-2_slack12.1.tgz: Rebuilt. This updated package includes patches based on xpdf 3.02pl4. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3605 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609 (* Security fix *) patches/packages/xpdf-3.02pl4-i486-1_slack12.1.tgz: Upgraded. This update fixes several security issues that could lead to an application crash, or execution of arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3605 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609 (* Security fix *) +--------------------------+ Sat Oct 17 23:56:15 UTC 2009 patches/packages/gnutls-2.8.4-i486-1_slack12.1.tgz: This contains a correct fix for the NUL in CN/SAN SSL vulnerability. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2730 (* Security fix *) patches/packages/pidgin-2.6.3-i486-1_slack12.1.tgz: This update fixes an issue where a remote user can cause libpurple-based clients to crash. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3615 (* Security fix *) +--------------------------+ Sat Oct 3 18:19:00 CDT 2009 patches/packages/php-5.2.11-i486-1_slack12.1.tgz: This release fixes some possible security issues, all of which have "unknown impact and attack vectors". For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293 (* Security fix *) patches/packages/samba-3.0.37-i486-1_slack12.1.tgz: This update fixes the following security issues. A misconfigured /etc/passwd with no defined home directory could allow security restrictions to be bypassed. mount.cifs could allow a local user to read the first line of an arbitrary file if installed setuid. (On Slackware, it was not installed setuid) Specially crafted SMB requests could cause a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906 (* Security fix *) +--------------------------+ Mon Sep 7 20:57:44 CDT 2009 patches/packages/seamonkey-1.1.18-i486-1_slack12.1.tgz: Upgraded. Upgraded to seamonkey-1.1.18. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Thu Aug 20 22:12:00 CDT 2009 patches/packages/mozilla-thunderbird-2.0.0.23-i686-1.tgz: This upgrade fixes a security bug. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) +--------------------------+ Wed Aug 19 16:01:42 CDT 2009 patches/packages/pidgin-2.5.9-i486-1_slack12.1.tgz: This update fixes a bug in Pidgin's MSN protocol implementation can allow a remote attacker to send a malicious MSN message to a Pidgin user, which will possibly cause arbitrary code to be executed as that user. This issue was discovered by Federico Muttis of Core Security Technologies. For more information, see: http://www.coresecurity.com/content/libpurple-arbitrary-write http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694 (* Security fix *) +--------------------------+ Tue Aug 18 14:35:23 CDT 2009 patches/packages/kernel-mmap_min_addr-4096-noarch-1.tgz: This package adds an init script to edit /etc/sysctl.conf, adding this config option: vm.mmap_min_addr = 4096 This will configure the kernel to disallow mmap() to userspace of any page lower than 4096, preventing privilege escalation by CVE-2009-2692. This is a hot fix package and will take effect immediately upon installation on any system running a kernel that supports configurable /proc/sys/vm/mmap_min_addr (kernel 2.6.23 or newer). (* Security fix *) +--------------------------+ Fri Aug 14 13:42:26 CDT 2009 patches/packages/curl-7.16.2-i486-3_slack12.1.tgz: This update fixes a security issue where a zero byte embedded in an SSL or TLS certificate could fool cURL into validating the security of a connection to a system that the certificate was not issued for. It has been reported that at least one Certificate Authority allowed such certificates to be issued. For more information, see: http://curl.haxx.se/docs/security.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417 (* Security fix *) +--------------------------+ Mon Aug 10 14:42:54 CDT 2009 patches/packages/httpd-2.2.13-i486-1_slack12.1.tgz: Upgraded. This is a bugfix release. It also upgrades the internal versions of apr and apr-util to address CVE-2009-2412, but Slackware uses the system versions of these libraries which have already been upgraded. +--------------------------+ Fri Aug 7 14:25:03 CDT 2009 patches/packages/samba-3.0.36-i486-1_slack12.1.tgz: Upgraded. This is a bugfix release. +--------------------------+ Fri Aug 7 01:26:38 CDT 2009 patches/packages/apr-1.3.8-i486-1_slack12.1.tgz: Upgraded. Fix overflow in pools and rmm, where size alignment was taking place. [Matt Lewis , Sander Striker] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 (* Security fix *) patches/packages/apr-util-1.3.9-i486-1_slack12.1.tgz: Upgraded. Fix overflow in rmm, where size alignment was taking place. [Matt Lewis , Sander Striker] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 (* Security fix *) patches/packages/httpd-2.2.12-i486-2_slack12.1.tgz: Rebuilt. Recompiled against the new apr and apr-util. This allows external modules to be built without having to edit the new apr/apr-util version numbers into the httpd config files. patches/packages/subversion-1.5.7-i486-1_slack12.1.tgz: Upgraded. Fixed heap overflow vulnerability on server and client. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2411 http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt (* Security fix *) +--------------------------+ Thu Aug 6 00:48:30 CDT 2009 patches/packages/fetchmail-6.3.11-i486-1_slack12.1.tgz: Upgraded. This update fixes an SSL NUL prefix impersonation attack through NULs in a part of a X.509 certificate's CommonName and subjectAltName fields. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666 (* Security fix *) +--------------------------+ Sun Aug 2 16:25:44 CDT 2009 patches/packages/httpd-2.2.12-i486-1_slack12.1.tgz: Upgraded. This update fixes some security issues (from the CHANGES file): *) SECURITY: CVE-2009-1891 (cve.mitre.org) Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects. PR 39605. [Joe Orton, Ruediger Pluem] *) SECURITY: CVE-2009-1195 (cve.mitre.org) Prevent the "Includes" Option from being enabled in an .htaccess file if the AllowOverride restrictions do not permit it. [Jonathan Peatfield , Joe Orton, Ruediger Pluem, Jeff Trawick] *) SECURITY: CVE-2009-1890 (cve.mitre.org) Fix a potential Denial-of-Service attack against mod_proxy in a reverse proxy configuration, where a remote attacker can force a proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton] *) SECURITY: CVE-2009-1191 (cve.mitre.org) mod_proxy_ajp: Avoid delivering content from a previous request which failed to send a request body. PR 46949 [Ruediger Pluem] *) SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org) The bundled copy of the APR-util library has been updated, fixing three different security issues which may affect particular configurations and third-party modules. These last three CVEs were addressed in Slackware previously with an update to new system apr and apr-util packages. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956 (* Security fix *) +--------------------------+ Wed Jul 29 23:10:01 CDT 2009 patches/packages/bind-9.4.3_P3-i486-1_slack12.1.tgz: Upgraded. This BIND update fixes a security problem where a specially crafted dynamic update message packet will cause named to exit resulting in a denial of service. An active remote exploit is in wide circulation at this time. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 https://www.isc.org/node/479 (* Security fix *) +--------------------------+ Tue Jul 14 18:07:41 CDT 2009 patches/packages/dhcp-3.1.2p1-i486-1_slack12.1.tgz: Upgraded. A stack overflow vulnerability was fixed in dhclient that could allow remote attackers to execute arbitrary commands as root on the system, or simply terminate the client, by providing an over-long subnet-mask option. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692 (* Security fix *) +--------------------------+ Sat Jul 11 18:29:58 CDT 2009 patches/packages/php-5.2.10-i486-2_slack12.1.tgz: Rebuilt. Installed the pear.php.net.reg and pecl.php.net.reg files from php-5.2.9, since the ones installed by php-5.2.10 are broken. Thanks to Mike Peachey for the bug report. +--------------------------+ Wed Jul 1 14:37:43 CDT 2009 patches/packages/httpd-2.2.11-i486-1_slack12.1.tgz: Upgraded. This needed a recompile against the new apr package to fix building new modules, and an upgrade to the latest stable version (as long as we're under the hood) seemed like it would also be a good idea. patches/packages/php-5.2.10-i486-1_slack12.1.tgz: Upgraded. +--------------------------+ Tue Jun 30 00:40:40 CDT 2009 patches/packages/ghostscript-8.62-i486-6_slack12.1.tgz: Rebuilt. Patched various problems with ghostscript that could lead to a denial of service or the execution of arbitrary code when processing a malicious or malformed file. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792 (* Security fix *) +--------------------------+ Sat Jun 27 18:54:07 CDT 2009 patches/packages/mozilla-thunderbird-2.0.0.22-i686-1.tgz: Upgraded to thunderbird-2.0.0.22. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) +--------------------------+ Fri Jun 26 22:05:35 CDT 2009 patches/packages/samba-3.0.35-i486-1_slack12.1.tgz: This upgrade fixes the following security issue: o CVE-2009-1888: In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes". For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888 (* Security fix *) +--------------------------+ Wed Jun 24 19:46:28 CDT 2009 patches/packages/seamonkey-1.1.17-i486-1_slack12.1.tgz: Upgraded to seamonkey-1.1.17. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Fri Jun 19 18:22:20 CDT 2009 patches/packages/libpng-1.2.37-i486-1_slack12.1.tgz: Upgraded. This update fixes a possible security issue. Jeff Phillips discovered an uninitialized-memory-read bug affecting interlaced images that may have security implications. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042 (* Security fix *) patches/packages/ruby-1.8.6_p369-i486-1_slack12.1.tgz: Upgraded. This fixes a denial of service issue caused by the BigDecimal method handling large input values improperly that may allow attackers to crash the interpreter. The issue affects most Rails applications. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904 (* Security fix *) +--------------------------+ Mon Jun 15 22:14:45 CDT 2009 patches/packages/apr-1.3.5-i486-1_slack12.1.tgz: Upgraded. patches/packages/apr-util-1.3.7-i486-1_slack12.1.tgz: Upgraded. Fix underflow in apr_strmatch_precompile. Fix a denial of service attack against the apr_xml_* interface using the "billion laughs" entity expansion technique. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955 (* Security fix *) +--------------------------+ Wed Jun 3 18:13:16 CDT 2009 patches/packages/ntp-4.2.4p7-i486-1_slack12.1.tgz: Upgraded to ntp-4.2.4p7. Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows arbitrary code execution by a malicious remote NTP server. Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 allows remote attackers to execute arbitrary code. This does not affect the Slackware ntpd as it does not link with openssl. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252 (* Security fix *) +--------------------------+ Tue May 26 16:49:34 CDT 2009 patches/packages/pidgin-2.5.6-i486-1_slack12.1.tgz: Upgraded to pidgin-2.5.6. This version fixes security issues that could lead to a denial of service or the execution of arbitrary code as the user running Pidgin. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1374 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376 (* Security fix *) +--------------------------+ Thu May 14 18:09:26 CDT 2009 patches/packages/cyrus-sasl-2.1.23-i486-1_slack12.1.tgz: Upgraded to cyrus-sasl-2.1.23. This fixes a buffer overflow in the sasl_encode64() function that could lead to crashes or the execution of arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0688 (* Security fix *) +--------------------------+ Sat May 9 18:03:41 CDT 2009 patches/packages/xpdf-3.02pl3-i486-1_slack12.1.tgz: Upgraded to xpdf-3.02pl3. This update fixes several overflows that may result in crashes or the execution of arbitrary code as the xpdf user. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183 (* Security fix *) +--------------------------+ Tue May 5 15:21:52 CDT 2009 patches/packages/gnutls-2.6.2-i486-2_slack12.1.tgz Patched the following security issues: - Corrected double free on signature verification failure. Reported by Miroslav Kratochvil . - Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS 2.6.x are corrupt. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1416 (* Security fix *) +--------------------------+ Thu Apr 30 20:56:17 CDT 2009 patches/packages/ruby-1.8.6_p368-i486-1_slack12.1.tgz: Upgraded to ruby-1.8.6-p368. This update fixes a DoS in REXML. For details, see: http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/ (* Security fix *) +--------------------------+ Sun Apr 26 15:20:57 CDT 2009 patches/packages/cups-1.3.10-i486-1_slack12.1.tgz: Upgraded to cups-1.3.10. This fixes several security issues, including an integer overflow in the TIFF decoder, a failure to properly verify the Host HTTP header, and several problems with PDF handling (the new CUPS uses a wrapper rather than embedded code taken from xpdf). These issues could result in a denial of service or the execution of arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166 (* Security fix *) +--------------------------+ Mon Apr 20 23:29:57 CDT 2009 patches/packages/udev-118-i486-4_slack12.1.tgz: This package has been patched to fix a local root hole and a denial of service issue. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1186 (* Security fix *) +--------------------------+ Mon Apr 13 16:22:12 CDT 2009 patches/packages/seamonkey-1.1.16-i486-1_slack12.1.tgz: Upgraded to seamonkey-1.1.16. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Tue Apr 7 16:59:49 CDT 2009 patches/packages/openssl-0.9.8h-i486-3_slack12.1.tgz: Patched (see below). patches/packages/openssl-solibs-0.9.8h-i486-3_slack12.1.tgz: Patched to fix possible crashes as well as a (fairly unlikely) case where an invalid signature might verify as valid. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0591 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590 (* Security fix *) patches/packages/php-5.2.9-i486-1_slack12.1.tgz: Upgraded to php-5.2.9. This update fixes a few security issues: - Fixed a crash on extract in zip when files or directories entry names contain a relative path. - Fixed security issue in imagerotate(), background colour isn't validated correctly with a non truecolour image. (CVE-2008-5498) Reported by Hamid Ebadi, APA Laboratory. - Fixed a segfault when malformed string is passed to json_decode(). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498 (* Security fix *) patches/packages/xine-lib-1.1.16.3-i486-1_slack12.1.tgz: Upgraded to xine-lib-1.1.16.3. - Fix another possible int overflow in the 4XM demuxer. (ref. TKADV2009-004, CVE-2009-0385) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385 (* Security fix *) +--------------------------+ Fri Mar 27 20:30:48 CDT 2009 patches/packages/glib2-2.14.6-i486-5_slack12.1.tgz: This library has been patched to fix overflows that are possible security holes. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4316 (* Security fix *) +--------------------------+ Tue Mar 24 01:56:10 CDT 2009 patches/packages/lcms-1.18-i486-1_slack12.1.tgz: Upgraded to lcms-1.18. This update fixes security issues discovered in LittleCMS by Chris Evans. These flaws could cause program crashes (denial of service) or the execution of arbitrary code as the user of the lcms-linked program. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0581 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0723 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0733 (* Security fix *) patches/packages/mozilla-thunderbird-2.0.0.21-i686-1.tgz: Upgraded to thunderbird-2.0.0.21. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) patches/packages/seamonkey-1.1.15-i486-1_slack12.1.tgz: Upgraded to seamonkey-1.1.15. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Mon Mar 9 00:00:38 CDT 2009 patches/packages/curl-7.16.2-i486-2_slack12.1.tgz: Patched curl-7.16.2. This fixes a security issue where automatic redirection could be made to follow file:// URLs, reading or writing a local instead of remote file. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037 (* Security fix *) patches/packages/xterm-241-i486-1_slack12.1.tgz: Upgraded to xterm-241. This fixes a vulnerability where displaying a file containing DECRQSS (Device Control Request Status String) sequences could cause arbitrary commands to be executed as the user running xterm. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2383 (* Security fix *) +--------------------------+ Fri Feb 20 17:20:49 CST 2009 patches/packages/cdrtools-2.01.01a57-i486-2_slack12.1.tgz: Fixed build script to put the charset conversion tables in /usr/lib/siconv. Hopefully this will work correctly with k3b now. Thanks to Krasimir Kazakov for the bug report. patches/packages/git-1.6.1.3-i486-1_slack12.1.tgz: Upgraded to git-1.6.1.3. This fixes a vulnerability where running git-diff or git-grep on a hostile git repository would result in the execution of arbirary code as the git user. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3546 (* Security fix *) patches/packages/libpng-1.2.35-i486-1_slack12.1.tgz: Upgraded to libpng-1.2.35. This fixes multiple memory-corruption vulnerabilities due to a failure to properly initialize data structures. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040 ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt (* Security fix *) +--------------------------+ Mon Feb 9 16:13:43 CST 2009 patches/packages/cdrtools-2.01.01a57-i486-1_slack12.1.tgz: Upgraded to cdrtools-2.01.01a57. Also, fixed a build script error so that the utilities look for locale files in the correct directory. Thanks to Krasimir Kazakov for the bug report. Anyone who had problems with k3b previously should upgrade this package. +--------------------------+ Wed Jan 14 20:37:39 CST 2009 patches/packages/bind-9.4.3_P1-i486-1_slack12.1.tgz: Upgraded to bind-9.4.3-P1. Fixed checking on return values from OpenSSL's EVP_VerifyFinal and DSA_do_verify functions to prevent spoofing answers returned from zones using the DNSKEY algorithms DSA and NSEC3DSA. For more information, see: https://www.isc.org/node/373 http://www.ocert.org/advisories/ocert-2008-016.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025 (* Security fix *) patches/packages/ntp-4.2.4p6-i486-1_slack12.1.tgz: [Sec 1111] Fix incorrect check of EVP_VerifyFinal()'s return value. For more information, see: https://lists.ntp.org/pipermail/announce/2009-January/000055.html http://www.ocert.org/advisories/ocert-2008-016.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 (* Security fix *) patches/packages/openssl-0.9.8h-i486-2_slack12.1.tgz: Patched to fix the return value EVP_VerifyFinal, preventing malformed signatures from being considered good. This flaw could possibly allow a 'man in the middle' attack. For more information, see: http://www.openssl.org/news/secadv_20090107.txt http://www.ocert.org/advisories/ocert-2008-016.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 (* Security fix *) patches/packages/openssl-solibs-0.9.8h-i486-2_slack12.1.tgz: Patched to fix the return value EVP_VerifyFinal, preventing malformed signatures from being considered good. This flaw could possibly allow a 'man in the middle' attack. For more information, see: http://www.openssl.org/news/secadv_20090107.txt http://www.ocert.org/advisories/ocert-2008-016.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 (* Security fix *) +--------------------------+ Wed Dec 31 11:35:43 CST 2008 patches/packages/mozilla-thunderbird-2.0.0.19-i686-1.tgz: Upgraded to thunderbird-2.0.0.19. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) +--------------------------+ Fri Dec 26 22:45:51 CST 2008 patches/packages/seamonkey-1.1.14-i486-1_slack12.1.tgz: Upgraded to seamonkey-1.1.14. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Thu Dec 18 12:44:59 CST 2008 patches/packages/mozilla-firefox-2.0.0.20-i686-1.tgz: Upgraded to firefox-2.0.0.20. This fixes some security issues: For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox20.html (* Security fix *) +--------------------------+ Mon Dec 8 05:16:22 CST 2008 patches/packages/php-5.2.8-i486-1_slack12.1.tgz: Upgraded to php-5.2.8. This is a bugfix release that reverts a change that broke magic_quotes_gpc. +--------------------------+ Thu Dec 4 22:59:37 CST 2008 patches/packages/php-5.2.7-i486-1_slack12.1.tgz: Upgraded to php-5.2.7. In addition to improvements and bug fixes, this new version of PHP also addresses several security issues, including: Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658). Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659). Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666. Crash with URI/file..php (filename contains 2 dots). (Fixes CVE-2008-3660). rfc822.c legacy routine buffer overflow. (Fixes CVE-2008-2829). Fixed extraction of zip files or directories when the entry name is a relative path: http://www.sektioneins.de/advisories/SE-2008-06.txt These are the URLs to get more information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2666 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2829 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660 http://www.sektioneins.de/advisories/SE-2008-06.txt (* Security fix *) +--------------------------+ Sat Nov 29 13:37:04 CST 2008 patches/packages/ruby-1.8.6_p287-i486-1_slack12.1.tgz: Upgraded to ruby-1.8.6-p287. This fixes several bugs in the previous Ruby update, including a security issue where the DNS resolver did not randomize the source port and transaction id sufficiently. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 (* Security fix *) +--------------------------+ Fri Nov 28 16:27:52 CST 2008 patches/packages/samba-3.0.33-i486-1_slack12.1.tgz: Upgraded to samba-3.0.33. This package fixes an important barrier against rogue clients reading from uninitialized memory (though no proof-of-concept is known to exist). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314 (* Security fix *) +--------------------------+ Thu Nov 20 18:14:27 CST 2008 patches/packages/mozilla-thunderbird-2.0.0.18-i686-1.tgz: Upgraded to thunderbird-2.0.0.18. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) +--------------------------+ Wed Nov 19 19:13:12 CST 2008 patches/packages/libxml2-2.6.32-i486-1_slack12.1.tgz: Upgraded to libxml2-2.6.32 and patched. This fixes vulnerabilities including denial of service, or possibly the execution of arbitrary code as the user running a libxml2 linked application if untrusted XML content is parsed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226 (* Security fix *) +--------------------------+ Sat Nov 15 19:22:43 CST 2008 patches/packages/mozilla-firefox-2.0.0.18-i686-1.tgz: Upgraded to firefox-2.0.0.18. This fixes some security issues: For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox20.html (* Security fix *) patches/packages/net-snmp-5.4.2.1-i486-1_slack12.1.tgz: Upgraded to net-snmp-5.4.2.1. This fixes a problem where a user with read access could cause snmpd to crash, resulting in a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309 (* Security fix *) patches/packages/gnutls-2.6.2-i486-1_slack12.1.tgz: Upgraded to gnutls-2.6.2. The security fix in gnutls-2.6.1 had a flaw in cases where the certificate chain contained only one self-signed certificate. This update fixes the issue. patches/packages/seamonkey-1.1.13-i486-1_slack12.1.tgz: Upgraded to seamonkey-1.1.13. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Mon Nov 10 19:24:19 CST 2008 patches/packages/gnutls-2.6.1-i486-1_slack12.1.tgz: Upgraded to gnutls-2.6.1. From the gnutls-2.6.1 NEWS file: ** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3] The flaw makes it possible for man in the middle attackers (i.e., active attackers) to assume any name and trick GNU TLS clients into trusting that name. Thanks for report and analysis from Martin von Gagern . [CVE-2008-4989] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989 IMPORTANT NOTE: This update modifies the API and ABI for the gnutls_pk_params_st function. Any software that uses the function will need to be recompiled. (* Security fix *) patches/packages/pidgin-2.5.2-i486-1_slack12.1.tgz: Upgraded to pidgin-2.5.2 compiled against gnutls-2.6.1. +--------------------------+ Fri Nov 7 22:23:40 CST 2008 patches/packages/cups-1.3.9-i486-1_slack12.1.tgz: Upgraded to cups-1.3.9. This update fixes three vulnerabilities in the SGI image format filter, the texttops filter, and the HP-GL and HP-GL/2 plotter format filter. All three of these could result in a denial of service, and the plotter filter issue could possibly be used to execute code as the print spooler user. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3641 (* Security fix *) +--------------------------+ Mon Oct 13 13:58:21 CDT 2008 patches/packages/glibc-zoneinfo-2.7-noarch-11_slack12.1.tgz: Upgraded to tzdata2008h for the latest world timezone changes. +--------------------------+ Fri Sep 26 22:38:32 CDT 2008 patches/packages/mozilla-thunderbird-2.0.0.17-i686-1.tgz: Upgraded to thunderbird-2.0.0.17. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) +--------------------------+ Thu Sep 25 23:24:07 CDT 2008 patches/packages/mozilla-firefox-2.0.0.17-i686-1.tgz: Upgraded to firefox-2.0.0.17. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox20.html (* Security fix *) patches/packages/seamonkey-1.1.12-i486-1_slack12.1.tgz: This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Wed Sep 17 02:28:20 CDT 2008 patches/packages/bind-9.4.2_P2-i486-1_slack12.1.tgz: Upgraded to bind-9.4.2-P2. This version has performance gains over bind-9.4.2-P1. +--------------------------+ Mon Sep 1 21:56:29 CDT 2008 patches/packages/samba-3.0.32-i486-1_slack12.1.tgz: Upgraded to samba-3.0.32. This is a bugfix release. See the WHATSNEW.txt file in the Samba docs for details on what has changed. +--------------------------+ Thu Aug 28 22:48:16 CDT 2008 patches/packages/amarok-1.4.10-i486-1_slack12.1.tgz: Upgraded to amarok-1.4.10. This fixes a security issue in the Magnatune online music library support which could be used by malicious local users to overwrite system files. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699 (* Security fix *) +--------------------------+ Wed Aug 6 13:41:22 CDT 2008 patches/packages/kdenetwork-3.5.9-i486-3_slack12.1.tgz: Recompiled to fix an issue with connecting to MSN with kopete since the OpenSSL package was updated. Thanks to Jim Diamond for the bug report and testing a recompiled package. If Slackware 11.0 and/or 12.0 are similarly affected, let me know and I'll get some updates out. +--------------------------+ Mon Aug 4 14:03:01 CDT 2008 patches/packages/pan-0.133-i486-1_slack12.1.tgz: Upgraded to pan-0.133. This update fixes a buffer overflow in pan-0.128 through pan-0.132 when processing .nzb files. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2363 (* Security fix *) patches/packages/python-2.5.2-i486-2_slack12.1.tgz: Patched various overflows and other security problems. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2316 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144 (* Security fix *) +--------------------------+ Tue Jul 29 13:32:21 CDT 2008 patches/packages/proftpd-1.3.1-i486-2_slack12.1.tgz: Recompiled against new OpenSSL, since this evidently checks the OpenSSL version and will only run against the libraries it was compiled against. A small patch was also added due to changes in the system includes. Thanks to Martin Schmitz for the info and a pointer to the patch. +--------------------------+ Mon Jul 28 22:05:06 CDT 2008 patches/packages/fetchmail-6.3.8-i486-3_slack12.1.tgz: Patched to fix a possible denial of service when "-v -v" options are used. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711 (* Security fix *) patches/packages/httpd-2.2.9-i486-1_slack12.1.tgz: Upgraded to httpd-2.2.9. This release fixes flaws which could allow XSS attacks. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 (* Security fix *) patches/packages/libxslt-1.1.24-i486-1_slack12.1.tgz: Upgraded to libxslt-1.1.24. A buffer overflow when processing XSL stylesheets could result in the execution of arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1767 (* Security fix *) patches/packages/links-2.1-i486-1_slack12.1.tgz: Upgraded to links-2.1. Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs." For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3329 (* Security fix *) patches/packages/mozilla-thunderbird-2.0.0.16-i686-1.tgz: Upgraded to thunderbird-2.0.0.16. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html (* Security fix *) patches/packages/mtr-0.73-i486-1_slack12.1.tgz: Upgraded to mtr-0.73. This fixes a minor security bug where a very long hostname in the trace path could lead to an overflow (and most likely just a crash). (* Security fix *) patches/packages/net-snmp-5.4.1.2-i486-1_slack12.1.tgz: Upgraded to net-snmp-5.4.1.2. A vulnerability was discovered where an attacked could spoof an authenticated SNMPv3 packet due to incorrect HMAC checking. Also, a buffer overflow was found that could be exploited if an application using the net-snmp perl modules connects to a malicious server. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292 (* Security fix *) patches/packages/openssh-5.1p1-i486-1_slack12.1.tgz: Upgraded to openssh-5.1p1. When upgrading OpenSSH, it is VERY IMPORTANT to also upgrade OpenSSL, or it is possible to be unable to log back into sshd! patches/packages/openssl-0.9.8h-i486-1_slack12.1.tgz: Upgraded to OpenSSL 0.9.8h. The Codenomicon TLS test suite uncovered security bugs in OpenSSL. If OpenSSL was compiled using non-default options (Slackware's package is not), then a malicious packet could cause a crash. Also, a malformed TLS handshake could also lead to a crash. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672 When upgrading OpenSSL, it is VERY IMPORTANT to also upgrade OpenSSH, or it is possible to be unable to log back into sshd! (* Security fix *) patches/packages/openssl-solibs-0.9.8h-i486-1_slack12.1.tgz: Upgraded to OpenSSL 0.9.8h shared libraries (see above). (* Security fix *) patches/packages/pcre-7.7-i486-1_slack12.1.tgz: Upgraded to pcre-7.7. Tavis Ormandy of the Google Security Team found a buffer overflow triggered when handling certain regular expressions. This could lead to a crash or possible execution of code as the user of the PCRE-linked application. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2371 (* Security fix *) patches/packages/vim-7.1.330-i486-1_slack12.1.tgz: Upgraded to vim-7.1.330. This fixes several security issues related to the automatic processing of untrusted files. For more information, see: http://www.rdancer.org/vulnerablevim.html (* Security fix *) patches/packages/vim-gvim-7.1.330-i486-1_slack12.1.tgz: Upgraded to vim-gvim-7.1.330. See "vim" above for details. (* Security fix *) +--------------------------+ Wed Jul 23 16:27:21 CDT 2008 patches/packages/dnsmasq-2.45-i486-1_slack12.1.tgz: Upgraded to dnsmasq-2.45. It was discovered that earlier versions of dnsmasq have DNS cache weaknesses that are similar to the ones recently discovered in BIND. This new release minimizes the risk of cache poisoning. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 (* Security fix *) +--------------------------+ Wed Jul 16 19:28:56 CDT 2008 patches/packages/mozilla-firefox-2.0.0.16-i686-1.tgz: Upgraded to firefox-2.0.0.16. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox20.html (* Security fix *) patches/packages/seamonkey-1.1.11-i486-1_slack12.1.tgz: Upgraded to seamonkey-1.1.11. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html (* Security fix *) +--------------------------+ Wed Jul 9 20:50:52 CDT 2008 patches/packages/bind-9.4.2_P1-i486-1_slack12.1.tgz: Upgraded to bind-9.4.2-P1. This upgrade addresses a security flaw known as the CERT VU#800113 DNS Cache Poisoning Issue. This is the summary of the problem from the BIND site: "A weakness in the DNS protocol may enable the poisoning of caching recurive resolvers with spoofed data. DNSSEC is the only full solution. New versions of BIND provide increased resilience to the attack." It is suggested that sites that run BIND upgrade to one of the new packages in order to reduce their exposure to DNS cache poisoning attacks. For more information, see: http://www.isc.org/sw/bind/bind-security.php http://www.kb.cert.org/vuls/id/800113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 (* Security fix *) patches/packages/mozilla-firefox-2.0.0.15-i686-1.tgz: Upgraded to firefox-2.0.0.15. This release closes several possible security vulnerabilities and bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/pidgin-2.4.3-i486-1_slack12.1.tgz: Upgraded to pidgin-2.4.3. This updates pidgin to work with the changed ICQ protocol. patches/packages/seamonkey-1.1.10-i486-1_slack12.1.tgz: Upgraded to seamonkey-1.1.10. This release closes several possible security vulnerabilities and bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) +--------------------------+ Tue Jul 1 13:30:57 CDT 2008 patches/packages/xorg-server-1.4.2-i486-1_slack12.1.tgz: Upgraded xorg-server to address denial of service and possible arbitrary code execution flaws reported in xorg-server 1.4 prior to 1.4.2. For more information about the issues patched, please refer to: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362 (* Security fix *) patches/packages/xorg-server-xnest-1.4.2-i486-1_slack12.1.tgz: Security fixes (see CVE entries above). (* Security fix *) patches/packages/xorg-server-xvfb-1.4.2-i486-1_slack12.1.tgz: Security fixes (see CVE entries above). (* Security fix *) +--------------------------+ Sat Jun 28 16:52:32 CDT 2008 patches/packages/gnutls-2.2.5-i486-1_slack12.1.tgz: Upgraded to GnuTLS version 2.2.5. This updated package fixes bugs which can lead to a denial of service (DoS) in programs linked with GnuTLS. Thanks to Ossi Herrala and Jukka Taimisto from the CROSS project at Codenomicon Ltd. for finding and reporting the problems, and to Simon Josefsson and Nikos Mavrogiannopoulos for researching the issues and developing patches, and to Andreas Metzler for noting and reporting a problem with one of the original patches. For more information about the issues patched, please refer to: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1950 (* Security fix *) +--------------------------+ Fri Jun 27 23:17:20 CDT 2008 patches/packages/ruby-1.8.6_p230-i486-1_slack12.1.tgz: Upgraded to ruby-1.8.6-p230. This fixes a number of security related bugs in Ruby which could lead to a denial of service (DoS) condition or allow execution of arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726 (* Security fix *) +--------------------------+ Wed May 28 19:46:22 CDT 2008 patches/packages/samba-3.0.30-i486-1_slack12.1.tgz: Upgraded to samba-3.0.30. This is a security release in order to address CVE-2008-1105 ("Boundary failure when parsing SMB responses can result in a buffer overrun"). For more information on the security issue, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105 (* Security fix *) +--------------------------+ Tue May 27 22:01:10 CDT 2008 patches/packages/mkinitrd-1.3.2-i486-3.tgz: Initialize RAID earlier so that the combination of RAID+LUKS+LVM works. Thanks to Eric Hameleers. This one is just a bugfix for a somewhat rare combination of options. :-) patches/packages/rdesktop-1.6.0-i486-1_slack12.1.tgz: Upgraded to rdesktop-1.6.0. According to the rdesktop ChangeLog, this contains a: "* Fix for potential vulnerability against compromised/malicious servers (reported by iDefense)" For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801 (* Security fix *) +--------------------------+ Wed May 14 17:23:11 CDT 2008 patches/packages/slackpkg-2.70.4-noarch-1.tgz: Upgraded to slackpkg 2.70.4-noarch-1. This fixes a bug where the "x86" ARCH was not recognized in a package name, leading to the kernel-headers package not getting properly upgraded. Thanks to Piter Punk! -:) +--------------------------+ Wed May 7 16:30:09 CDT 2008 patches/packages/mozilla-thunderbird-2.0.0.14-i686-1.tgz: Upgraded to thunderbird-2.0.0.14. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) patches/packages/php-5.2.6-i486-1_slack12.1.tgz: Upgraded to php-5.2.6. This version of PHP contains many fixes and enhancements. Some of the fixes are security related, and the PHP release announcement provides this list: * Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin. * Fixed integer overflow in printf() identified by Maksymilian Aciemowicz. * Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh. * Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. * Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser. * Upgraded bundled PCRE to version 7.6 When last checked, CVE-2008-0599 was not yet open. However, additional information should become available at this URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599 The list reproduced above, as well as additional information about other fixes in PHP 5.2.6 may be found in the PHP release announcement here: http://www.php.net/releases/5_2_6.php (* Security fix *) +--------------------------+ Thu May 1 13:36:34 CDT 2008 Slackware 12.1 is released as -stable. :-) Again, huge thanks to everybody who pitched in and helped with bug reports, patches, testing, suggestions, other comments, and everything else. Without this valuable input, Slackware would be nowhere near what it is today. Special thanks to the CREW, to the people developing and testing for slackbuilds.org (where many of Slackware's future additions are first built and tested), and to everyone on linuxquestions.org, various #slackware or ##slackware IRC channels, other Slackware related web sites, and other places where the community shares their needs and concerns with the team. On behalf of everyone here, thanks. We think you'll enjoy this new release, and hope that you'll find it to be much more than 0.1 better than Slackware 12.0. ;-) Have fun! -P. extra/slackpkg/slackpkg-2.70.3-noarch-2.tgz: Updated the version in the slackpkg script from 2.70.2 to 2.70.3. +--------------------------+ Wed Apr 30 20:36:48 CDT 2008 12.1 RC4. We think this should be the last one. a/kernel-generic-2.6.24.5-i486-2.tgz: Patched to fix a security issue in fs/dnotify.c. The use of dnotify (largely replaced by inotify on 2.6.x systems) could lead to a local DoS, or possibly a local root hole. We said we wouldn't make changes now unless something was "critical" -- and it seems we got what we wished for. ;-) This flaw will also be addressed in the kernels for previous releases as soon as possible. The patch itself may be found in source/k/linux-2.6.24.5-CVE-2008-1375-patch/. For additional information (when the CVE candidate is opened), see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375 All the kernel packages below should also be considered security fixes. (* Security fix *) a/kernel-generic-smp-2.6.24.5_smp-i686-2.tgz: Patched and recompiled. a/kernel-huge-2.6.24.5-i486-2.tgz: Patched and recompiled. a/kernel-huge-smp-2.6.24.5_smp-i686-2.tgz: Patched and recompiled. a/kernel-modules-2.6.24.5-i486-2.tgz: Patched and recompiled. a/kernel-modules-smp-2.6.24.5_smp-i686-2.tgz: Patched and recompiled. d/kernel-headers-2.6.24.5_smp-x86-2.tgz: Rebuilt from a patched source tree. k/kernel-source-2.6.24.5_smp-noarch-2.tgz: Patched (leaving dnotify.c.orig for comparison and/or reverting to patch up to a newer kernel later). l/svgalib_helper-1.9.25_2.6.24.5-i486-2.tgz: Recompiled. extra/linux-2.6.24.5-nosmp-sdk/: Updated SMP to no-SMP kernel source patch. extra/slackpkg/slackpkg-2.70.3-noarch-1.tgz: Upgraded to slackpkg-2.70.3-noarch-1 (release ready). Thanks to Piter Punk! -:) kernels/huge.s/*: Patched and recompiled. kernels/hugesmp.s/*: Patched and recompiled. kernels/speakup.s/*: Patched and recompiled. isolinux/initrd.img: Rebuilt with newly compiled kernel modules. usb-and-pxe-installers/: Rebuilt usbboot.img with newly compiled kernel modules. +--------------------------+ Mon Apr 28 23:43:55 CDT 2008 We'll call this Slackware 12.1 RC3, and freeze the tree for anything that isn't critical. Things seem very stable, so it's probably a good idea to save any further upgrades and additions until -current restarts. a/cups-1.3.7-i486-2.tgz: Applied patch str2790 to fix crash bugs in the PNG image filter. The issues are not believed to be capable of either a DoS (at worst, it simply crashes the filter processing the current job and does not crash the scheduler daemon, which just moves on to the next job in the print queue), nor arbitrary code execution (data from the image is never stored in the affected tile array). Still, it seems to be worth fixing here just in case. The CUPS bug report may be found here: http://www.cups.org/str.php?L2790 ap/mysql-5.0.51b-i486-1.tgz: Upgraded to mysql-5.0.51b (which appears to be nothing more than a version bump...) l/imlib-1.9.15-i486-3.tgz: Patched to fix rendering issues on Intel and possibly other graphics chipsets. Thanks to Iain Paton. l/libmtp-0.2.6.1-i486-1.tgz: Upgraded to libmtp-0.2.6.1. The udev rules are now sed processed during build. Thanks much to Joerg Germeroth. :-) l/libpng-1.2.27-i486-1.tgz: Upgraded to libpng-1.2.27. This fixes various bugs, the most important of which have to do with the handling of unknown chunks containing zero-length data. Processing a PNG image that contains these could cause the application using libpng to crash (possibly resulting in a denial of service), could potentially expose the contents of uninitialized memory, or could cause the execution of arbitrary code as the user running libpng (though it would probably be quite difficult to cause the execution of attacker-chosen code). We recommend upgrading the package as soon as possible. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382 ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.27-README.txt (* Security fix *) x/xf86-input-joystick-1.3.2-i486-1.tgz: Upgraded to xf86-input-joystick-1.3.2. x/xf86-video-radeonhd-1.2.1-i486-1.tgz: Upgraded to xf86-video-radeonhd-1.2.1. x/xf86-video-vmware-10.16.1-i486-1.tgz: Upgraded to xf86-video-vmware-10.16.1. isolinux/initrd.img: Fixed minimum RAM amount in /etc/issue, and made some edits to other documentation within the installer. usb-and-pxe-installers/: In usbboot.img, fixed minimum RAM amount in /etc/issue, and made some edits to other documentation within the installer. +--------------------------+ Sat Apr 26 16:38:32 CDT 2008 x/pixman-0.10.0-i486-4.tgz: Restored MMX optimizations, which should fix the issues some machines were having with slow Flash playback. Thanks very much to Zielony for getting me to take a closer look at this. :-) +--------------------------+ Fri Apr 25 23:09:23 CDT 2008 kde/kdelibs-3.5.9-i486-4.tgz: Patched to fix a security problem. From the KDE advisory: "If start_kdeinit is installed as setuid root, a local user might be able to send unix signals to other processes, cause a denial of service or even possibly execute arbitrary code." This issue affects KDE 3.5.5 through KDE 3.5.9. We recommend upgrading to the new kdelibs package as soon as possible. For more information, see: http://www.kde.org/info/security/advisory-20080426-2.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1671 (* Security fix *) extra/ktorrent/ktorrent-2.2.6-i486-1.tgz: Upgraded to ktorrent-2.2.6. isolinux/initrd.img: Patched /sbin/probe to look for formatted swap on RAID. usb-and-pxe-installers/: Patched /sbin/probe in usbboot.img to look for formatted swap on RAID. +--------------------------+ Wed Apr 23 19:42:28 CDT 2008 Not quite yet, but it's getting closer. a/aaa_base-12.1.0-noarch-2.tgz: Updated the initial emails. l/jre-6u6-i586-3.tgz: Adjusted the installation script to fix an issue causing broken symlinks in /. Thanks to Corrado "Conraid" Franco for the report. n/wireless-tools-29-i486-3.tgz: Increased the sleep time after bringing up an interface to 3 seconds, since some of the new drivers need the additional time to fully initialize. Thanks to bstrik on LQ. extra/jdk-6/jdk-6u6-i586-3.tgz: Adjusted the installation script to fix an issue causing broken symlinks in /. Thanks to Corrado "Conraid" Franco for the report. isolinux/initrd.img: Fixed (hopefully) the last remaining "12.0" version number (this one found in /etc/issue). Thanks to Franck Barbenoire for spotting it. usb-and-pxe-installers/: Fixed the "12.0" version number in usbboot.img. +--------------------------+ Mon Apr 21 16:47:32 CDT 2008 We have now reached the Slackware 12.1 RC2 milestone. :-) We're beyond updating packages or fixing minor cosmetic bugs at this point (actually, we had hoped to be past that with RC1, but there were still items in need of attention). What we have here now has proven to be stable for our testers, so unless some real showstoppers are found we'll be releasing this as Slackware 12.1-final soon. a/glibc-solibs-2.7-i486-10.tgz: Recompiled against Linux 2.6.24.5 headers. a/glibc-zoneinfo-2.7-noarch-10.tgz: Rebuilt. a/kernel-generic-2.6.24.5-i486-1.tgz: Upgraded to Linux 2.6.24.5 uniprocessor generic.s (requires initrd) kernel. a/kernel-generic-smp-2.6.24.5_smp-i686-1.tgz: Upgraded to Linux 2.6.24.5 SMP gensmp.s (requires initrd) kernel. a/kernel-huge-2.6.24.5-i486-1.tgz: Upgraded to Linux 2.6.24.5 uniprocessor huge.s (full-featured) kernel. a/kernel-huge-smp-2.6.24.5_smp-i686-1.tgz: Upgraded to Linux 2.6.24.5 SMP hugesmp.s (full-featured) kernel. a/kernel-modules-2.6.24.5-i486-1.tgz Upgraded to Linux 2.6.24.5 uniprocessor kernel modules. a/kernel-modules-smp-2.6.24.5_smp-i686-1.tgz Upgraded to Linux 2.6.24.5 SMP kernel modules. a/pkgtools-12.1.0-noarch-7.tgz: Removed obsolete modem setup script (any /dev/modem symlink would be wiped out by udev anyway). ap/lm_sensors-2.10.6-i486-1.tgz: Upgraded to lm_sensors-2.10.6. d/kernel-headers-2.6.24.5_smp-x86-1.tgz: Upgraded to Linux 2.6.24.5 SMP kernel headers. a/mkinitrd-1.3.2-i486-2.tgz: Updated the version numbers in README.initrd and manpage. k/kernel-source-2.6.24.5_smp-noarch-1.tgz Upgraded to Linux 2.6.24.5 SMP kernel source package. l/glibc-2.7-i486-10.tgz: Recompiled against Linux 2.6.24.5 headers. l/glibc-i18n-2.7-noarch-10.tgz: Rebuilt. l/glibc-profile-2.7-i486-10.tgz: Recompiled against Linux 2.6.24.5 headers. l/jre-6u6-i586-2.tgz: Adjusted installation directory to avoid removing files from kdebindings. Thanks to Kris Karas for pointing out this collision. l/svgalib_helper-1.9.25_2.6.24.5-i486-1.tgz: Recompiled for Linux 2.6.24.5. n/mcabber-0.9.7-i486-1.tgz: Upgraded to mcabber-0.9.7. xap/xine-lib-1.1.11.1-i686-3.tgz: Recompiled, with --without-speex (we didn't ship the speex library in Slackware anyway, but for reference this issue would be CVE-2008-1686), and with --disable-nosefart (the recently reported as insecurely demuxed NSF format). As before in -2, this package fixes the two regressions mentioned in the release notes for xine-lib-1.1.12: http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655 Moving to xine-lib-1.1.12 right now doesn't seem prudent for RC2, as the diff between 1.1.11.1 and 1.1.12 is many thousands of lines long. (* Security fix *) extra/brltty/brltty-3.9-i486-1.tgz: Upgraded to brltty-3.9. extra/jdk-6/jdk-6u6-i586-2.tgz: Adjusted installation directory to avoid removing files from kdebindings. Thanks to Kris Karas. isolinux/initrd.img: Replaced kernel modules with 2.6.24.5 versions. kernels/huge.s/*: Upgraded to huge.s 2.6.24.5 kernel. kernels/hugesmp.s/*: Upgraded to hugesmp.s 2.6.24.5 kernel. kernels/speakup.s/*: Upgraded to speakup.s 2.6.24.5 kernel. usb-and-pxe-installers/: Replaced kernel modules with 2.6.24.5 versions. Thanks to Amritpal Bath for writing a new README_RAID document explaining how to install Slackware using various RAID levels. :-) +--------------------------+ Thu Apr 17 16:25:55 CDT 2008 ap/mysql-5.0.51a-i486-3.tgz: Edited rc.mysql to fix a missing '=' in the example for mysql_install_db. Thanks to Mark. xap/mozilla-firefox-2.0.0.14-i686-1.tgz: Upgraded to firefox-2.0.0.14. This upgrade fixes a potential security bug. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Wed Apr 16 16:18:22 CDT 2008 l/jre-6u6-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment Version 6.0 update 6. n/wireless-tools-29-i486-2.tgz: Make sure that HWADDR in rc.wireless is all uppercase. Thanks to Ken L. and Masanori Kobayasi for reporting the issue. extra/jdk-6/jdk-6u6-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Development Kit Version 6.0 update 6. +--------------------------+ Wed Apr 16 02:12:25 CDT 2008 kernels/speakup.s/: Rebuilt with the latest 2008-04-16 GIT pull. Hopefully this has a better chance of working now. I saw output (though not text) testing the dummy driver using a null modem. +--------------------------+ Mon Apr 14 22:23:29 CDT 2008 e/emacs-22.2-i486-1.tgz: Upgraded to GNU emacs-22.2. x/xf86-video-radeonhd-1.2.1-i486-1.tgz: Upgraded to xf86-video-radeonhd-1.2.1. extra/emacspeak/emacspeak-27.0-i486-1.tgz: Upgraded to emacspeak-27.0. +--------------------------+ Mon Apr 14 00:39:23 CDT 2008 a/smartmontools-5.38-i486-1.tgz: Upgraded to smartmontools-5.38. d/git-1.5.5-i486-1.tgz: Upgraded to git-1.5.5. kde/amarok-1.4.9.1-i486-1.tgz: Upgraded to amarok-1.4.9.1. n/bind-9.4.2-i486-2.tgz: Patched rc.bind to add a short wait after starting named, so that the startup script doesn't match "named " with a failing startup and too quick a check. Thanks to Luis. Upgraded to the latest named.root file. Thanks to giovanni. t/xfig-3.2.4-i486-3.tgz: Patched to fix a wrong XFIGLIBDIR that was causing some minor errors. Thanks to Dario Nicodemi for the patch. tcl/tclx-8.4-i486-2.tgz: Recompiled. Since some of the Tcl/Tk headers are now considered "private", this needs -I flags to compile (for now). xap/xscreensaver-5.05-i486-1.tgz: Upgraded to xscreensaver-5.05. +--------------------------+ Sat Apr 12 02:20:06 CDT 2008 ap/ghostscript-8.62-i486-5.tgz: Edited /usr/share/ghostscript/8.62/lib/cidfmap to attempt support for Simplified Chinese (though Traditional Chinese and Korean will still require cidfmap changes and additional fonts). Thanks to ABE Shin-ichi for providing the cidfmap that the new one is based upon. Any errors in the new cidfmap are most likely my own... ap/man-1.6f-i486-1.tgz: Upgraded to man-1.6f. Thanks to Robby Workman. d/cscope-15.6-i486-1.tgz: Upgraded to cscope-15.6. f/linux-howtos-20080411-noarch-1.tgz: Updated to Linux-HOWTOs-20080411. l/svgalib_helper-1.9.25_2.6.24.4-i486-2.tgz: Recompiled. n/iproute2-2.6.16_060323-i486-2.tgz: Fixed hardcoded "/usr/local/lib/iptables" path in two places within the source. Thanks to Marco Berizzi. n/sendmail-8.14.2-i486-2.tgz: Recompiled. Fixed issues in the install script with properly adding the smmsp user/group. Thanks to Valentin Stoykov. When using SSL/TLS, disable SSLv2 by default. Fixed the line ordering in sendmail-slackware-tls-sasl.mc. Thanks to Strykar. Fixed typos at the top of example .mc files. Thanks to Bart Dumon. Clamp down on security in the defaults some more by requiring authentication when using the TLS/SASL .mc/.cf. Allow SSLv3 in both TLS configurations. Thanks to Leonardo Roman. n/sendmail-cf-8.14.2-noarch-2.tgz x/xf86-video-radeonhd-1.2.0-i486-1.tgz: Upgraded to xf86-video-radeonhd-1.2.0, which adds support for RV620, RV635, and R680 chipsets, and 2D acceleration for R5xx (including RS6xx) chipsets, both XAA and EXA. This driver also enables the use of the second digital output on the RS690 chipset. usb-and-pxe-installers/etherboot: Updated the populate_tftpboot scripts. Thanks to Erik Jan Tromp. +--------------------------+ Fri Apr 11 00:32:00 CDT 2008 a/cryptsetup-1.0.5-i486-4.tgz: Recompiled against static libgpg-error and got rid of --disable-libcrypt in cryptsetup.static's ./configure to prevent the error "Command failed: Key processing error: No hash backend found" when creating a new cryptographic volume. Thanks to TaQ for the heads-up. a/ed-0.9-i486-2.tgz: Fixed missing man page. Thanks to Selkfoster. d/guile-1.8.4-i486-1.tgz: Upgraded to guile-1.8.4. Thanks to Jean-Francois L. Blavier for the upgrade suggestion. n/ipw2200-fw-3.0-fw-2.tgz: Add an extra copy of the LICENSE file to the /usr/doc/ipw2200-fw-3.0/ directory in addition to the one with the firmware. Thanks to Stuart Winter for reporting the package build problem. n/libgcrypt-1.4.0-i486-2.tgz: Recompiled to include the static library. n/libgpg-error-1.6-i486-3.tgz: Recompiled to include the static library. n/mailx-12.3-i486-1.tgz: Upgraded to mailx-12.3. Thanks again to Jean-Francois L. Blavier. xap/gnuplot-4.2.3-i486-1.tgz: Upgraded to gnuplot-4.2.3. Thanks again to Jean-Francois L. Blavier. isolinux/initrd.img: Replaced /sbin/cryptsetup.static. usb-and-pxe-installers/: Replaced /sbin/cryptsetup.static. +--------------------------+ Wed Apr 9 23:57:07 CDT 2008 The kernels were recompiled to add the experimental CONFIG_PATA_MARVELL option, since some newer Intel motherboards are already using this chipset. Like everything else, use it at your own risk. It was decided that having some driver that was tested and found to work was better than no support at all. Thanks to David Somero for reporting the issue. a/kernel-generic-2.6.24.4-i486-2.tgz: Recompiled Linux 2.6.24.4 uniprocessor generic.s (requires initrd) kernel. a/kernel-generic-smp-2.6.24.4_smp-i686-2.tgz: Recompiled Linux 2.6.24.4 SMP gensmp.s (requires initrd) kernel. a/kernel-huge-2.6.24.4-i486-2.tgz: Recompiled Linux 2.6.24.4 uniprocessor huge.s (full-featured) kernel. a/kernel-huge-smp-2.6.24.4_smp-i686-2.tgz: Recompiled Linux 2.6.24.4 SMP hugesmp.s (full-featured) kernel. a/kernel-modules-2.6.24.4-i486-2.tgz Recompiled Linux 2.6.24.4 uniprocessor kernel modules. a/kernel-modules-smp-2.6.24.4_smp-i686-2.tgz Recompiled Linux 2.6.24.4 SMP kernel modules. d/kernel-headers-2.6.24.4_smp-x86-2.tgz: Rebuild Linux 2.6.24.4 SMP kernel headers. d/pkg-config-0.23-i486-2.tgz: Prevent unwanted output during package install. d/ruby-1.8.6_p114-i486-1.tgz: Upgraded to ruby-1.8.6-p114. k/kernel-source-2.6.24.4_smp-noarch-2.tgz Rebuilt Linux 2.6.24.4 SMP kernel source package. l/libaio-0.3.106-i486-1.tgz: Added libaio-0.3.106 (asynchronous I/O library). l/glib2-2.14.6-i486-4.tgz: Renamed /etc/profile.d/glib2.{csh,sh} to /etc/profile.d/libglib2.{csh,sh} so that the lang.{csh,sh} scripts will run first, setting the $LANG variable which these scripts require. Thanks to Carl Bartels. n/dhcp-3.0.6-i486-1.tgz: Upgraded to dhcp-3.0.6. n/lftp-3.7.0-i486-1.tgz: Upgraded to lftp-3.7.0. n/links-2.1pre33-i486-1.tgz: Upgraded to links-2.1pre33. n/ncftp-3.2.1-i486-1.tgz: Upgraded to ncftp-3.2.1. n/rsync-3.0.2-i486-1.tgz: Upgraded to rsync-3.0.2. From the NEWS file: "BUG FIXES: - Fixed a potential buffer overflow in the xattr code." This is the security advisory, as the issue was present in -current only. (* Security fix *) n/tcpdump-3.9.8-i486-1.tgz: Upgraded to libpcap-0.9.8 and tcpdump-3.9.8. x/compiz-0.7.4-i486-1.tgz: Upgraded to compiz-0.7.4. x/pixman-0.10.0-i486-3.tgz: Fixed build script post-install. Thanks to arny. x/scim-1.4.7-i486-6.tgz: Fixed locale example typo in profile.d scripts. x/xf86-input-mouse-1.3.0-i486-1.tgz: Upgraded to xf86-input-mouse-1.3.0 to fix a copy/paste bug when switching between the virtual consoles and X. Thanks to Daryl Bunce for reporting the problem. extra/slackpkg/slackpkg-2.70.2-noarch-1.tgz: Upgraded to slackpkg-2.70.2-noarch-1. Thanks to Piter Punk! isolinux/initrd.img: Replaced kernel modules with recompiled versions. kernels/huge.s/*: Recompiled huge.s 2.6.24.4 kernel. kernels/hugesmp.s/*: Recompiled hugesmp.s 2.6.24.4 kernel. kernels/speakup.s/*: Recompiled speakup.s 2.6.24.4 kernel. Upgraded speakup to GIT pull of 2008-04-09. Fixed a blunder on my part where I started with the wrong .config, making installation impossible. Thanks to Stephen C. Greeley for reporting this. usb-and-pxe-installers/: Replaced kernel modules with recompiled versions. +--------------------------+ Tue Apr 8 00:20:39 CDT 2008 d/cmake-2.4.8-i486-1.tgz: Upgraded to cmake-2.4.8. l/fribidi-0.10.9-i486-2.tgz: Recompiled. "left-to-right" was far too egregious a mistake to leave in the slack-desc. Sorry about that. Thanks to Russell Whitaker for spotting this error. x/pixman-0.10.0-i486-2.tgz: Symlink the headers into /usr/include to temporarily accommodate software that isn't yet using pixman.pc to get the -I/usr/include/pixman-1/ include path. xap/xine-lib-1.1.11.1-i686-2.tgz: Patched to fix playback failure affecting several media formats accidentally broken in the xine-lib-1.1.11.1 release. Thanks to Diogo Sousa for pointing me to the new release notes on xinehq.de. +--------------------------+ Mon Apr 7 12:25:10 CDT 2008 a/aaa_elflibs-12.1.0-i486-1.tgz: Added libfuse. Updated libbz2 (which still has the shared library name "libbz2.so.1.0.4"). a/bzip2-1.0.5-i486-1.tgz: Upgraded to bzip2-1.0.5. Previous versions of bzip2 contained a buffer overread error that could cause applications linked to libbz2 to crash, resulting in a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372 (* Security fix *) a/cryptsetup-1.0.5-i486-3.tgz: Make cryptsetup in /sbin and /usr/sbin both symlinks to /sbin/cryptsetup.static. This prevents "cryptsetup" failure if someone installs only the A package series. Thanks to Piter Punk. ap/cdrtools-2.01.01a38-i486-1.tgz: Upgraded to cdrtools-2.01.01a38. ap/dvd+rw-tools-7.1-i486-1.tgz: Upgraded to dvd+rw-tools-7.1. ap/ghostscript-8.62-i486-4.tgz: Fixed cidfmap for printing with the wqy-zenhei.ttf font. Thanks to ABE Shin-ichi. d/m4-1.4.11-i486-1.tgz: Upgraded to m4-1.4.11. In addition to bugfixes and enhancements, this version of m4 also fixes two issues with possible security implications. A minor security fix with the use of "maketemp" and "mkstemp" -- these are now quoted to prevent the (rather unlikely) possibility that an unquoted string could match an existing macro causing operations to be done on the wrong file. Also, a problem with the '-F' option (introduced with version 1.4) could cause a core dump or possibly (with certain file names) the execution of arbitrary code. For more information on these issues, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688 (* Security fix *) n/iptables-1.4.0-i486-1.tgz: Upgraded to iptables-1.4.0. Thanks to giovanni for testing this version and suggesting it as a safe upgrade. On x86, explicitly set i486 compile flags (though this is the compiler's default anyway). Thanks to kanedaaa. n/network-scripts-12.1-noarch-1.tgz: Fixed WLAN_IWPRIV[4] example generated by netconfig. Thanks to Eric Hameleers for pointing it out. n/whois-4.7.26-i486-1.tgz: Upgraded to whois-4.7.26. xap/xfce-4.4.2-i486-4.tgz: Fixed the build script to apply a couple of bugfix patches correctly. Thanks to Carlos Corbacho for the bug report. Fixed xfcalendar.desktop (orage) to only show in the Xfce menus. Thanks to Frank Duignan for prompting me to take a closer look. isolinux/initrd.img: Patched to fix expert mode FTP/HTTP installation, and to allow installation from HTTP source with port number, such as: http://somehost:8080 Thanks to Dario Nicodemi for the bug report and patches, and to Eric Hameleers for making some adjustments to the HTTP port patch. usb-and-pxe-installers/: Patched to fix expert mode FTP/HTTP installation, and to allow installation from HTTP source with port number, such as: http://somehost:8080 Thanks to Dario Nicodemi for the bug report and patches, and to Eric Hameleers for making some adjustments to the HTTP port patch. +--------------------------+ Fri Apr 4 22:08:08 CDT 2008 a/glibc-solibs-2.7-i486-9.tgz: Recompiled. a/glibc-zoneinfo-2.7-noarch-9.tgz: Rebuilt. l/glibc-2.7-i486-9.tgz: Recompiled to fix a bad sln symlink (noticed by many, thanks). l/glibc-i18n-2.7-noarch-9.tgz: Rebuilt. l/glibc-profile-2.7-i486-9.tgz: Recompiled. n/rsync-3.0.1-i486-1.tgz: Upgraded to rsync-3.0.1. testing/packages/bash-3.2.029-i486-1.tgz: Brought up to patchlevel 029. Last time we tried this as our main shell, it was still causing problems with a lot of the scripts out there, but perhaps it will be tried again in the next development cycle. +--------------------------+ Fri Apr 4 13:47:24 CDT 2008 a/mkinitrd-1.3.2-i486-1.tgz: Patched to fix problems with previous settings getting overwritten with a plain "mkinitrd", and added support for non-US keyboards. Thanks to Eric Hameleers. d/mercurial-1.0-i486-1.tgz: Upgraded to mercurial-1.0. l/dbus-python-0.82.4-i486-1.tgz: Added dbus-python-0.82.4, which is needed for the correct operation of hplip. Thanks to Robby Workman. n/openssh-5.0p1-i486-1.tgz: Upgraded to openssh-5.0p1. This version fixes a security issue where local users could hijack forwarded X connections. Upgrading to the new package is highly recommended. For more information on this security issue, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483 (* Security fix *) usb-and-pxe-installers/initrd.img. Removed. Use the initrd.img from isolinux/ as the installer images had become identical. Also see Eric Hameleers' updated README_PXE.TXT. +--------------------------+ Thu Apr 3 01:16:15 CDT 2008 OK, we're going to call this Slackware 12.1-rc1, though there is still some more minor work to do. Please help test! And if we're missing anything major, please let me know at volkerdi@slackware.com. Thanks. :-) a/aaa_elflibs-12.1.0-i486-1.tgz: Updated the initial "starter" library package to the latest versions in -current. a/cups-1.3.7-i486-1.tgz: Upgraded to cups-1.3.7. This version of CUPS fixes some buffer overflows in the GIF image filter and in cgiCompileSearch. Those running CUPS servers should upgrade. For more information on these security issues, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373 (* Security fix *) a/cxxlibs-6.0.9-i486-1.tgz: Upgraded to libstdc++.so.6.0.9 from gcc-4.2.3. a/mdadm-2.6.4-i486-1.tgz: Upgraded to mdadm-2.6.4. a/pciutils-2.2.10-i486-1.tgz: Upgraded to pciutils-2.2.10. a/sysvinit-2.86-i486-6.tgz: Fixed the /sbin/initscript path to match the man pages. Thanks to Michiel Broek for the patch. ap/hplip-2.8.4-i486-1.tgz: Upgraded to hplip-2.8.4. ap/zsh-4.3.6-i486-1.tgz: Upgraded to zsh-4.3.6. Thanks to Haakon Riiser for alerting me to the new release. d/gdb-6.8-i486-1.tgz: Upgraded to gdb-6.8. l/hal-0.5.10-i486-2.tgz: Recompiled with --enable-umount-helper, which allows non-root users to umount hotplugged devices from the command line. Thanks to Robby Workman for the suggestion. l/hal-info-20080317-noarch-1.tgz: Upgraded to hal-info-20080317. n/bind-9.4.2-i486-1.tgz: Upgraded to bind-9.4.2. n/wpa_supplicant-0.5.10-i486-1.tgz: Upgraded to wpa_supplicant-0.5.10. x/wqy-zenhei-font-ttf-0.5.23-noarch-1.tgz: Upgraded to wqy-zenhei-0.5.23. Thanks to Eric Hameleers for noticing the new release (only linked from the Chinese version of the development website :-) x/xf86-video-amd-2.7.7.7-i486-1.tgz: Removed. (see below) x/xf86-video-geode-2.8.0-i486-1.tgz: Upgraded to xf86-video-geode-2.8.0. This package has been renamed from xf86-video-amd to avoid confusion with other AMD video products. x/xf86-video-intel-2.2.1-i486-1.tgz: Reverted to xf86-video-intel-2.2.1. We suspected that might be needed, given the version number and development status of the newer driver we tried, but gave it a try anyway. Probably there will be no more driver updates at this point unless bugs are reported that newer drivers fix. xap/pidgin-2.4.1-i486-1.tgz: Upgraded to pidgin-2.4.1. +--------------------------+ Tue Apr 1 02:41:32 CDT 2008 a/acl-2.2.47_1-i486-1.tgz: Upgraded to acl-2.2.47_1. a/attr-2.4.41_1-i486-1.tgz: Upgraded to attr-2.4.41_1. a/etc-12.1-noarch-4.tgz: Give the mysql user a /bin/false "shell". Thanks to Noel for the suggestion. a/lilo-22.8-i486-12.tgz: Fixed a bug where liloconfig might not properly determine the root directory where /boot is found. a/sysvinit-scripts-1.2-noarch-20.tgz: Fixed a bug in rescan-scsi-bus that was exposed by the CONFIG_SCSI_MULTI_LUN kernel option (which _should_ also make rescan-scsi-bus unneccessary). Thanks to Kem Prims for the bug report. Keep /usr/share/mime's mime.cache file updated. a/util-linux-2.12r-i486-6.tgz: Removed. See below. a/util-linux-ng-2.13.1-i486-1.tgz: Added util-linux-ng-2.13.1, which replaces the old util-linux package. To install, either use upgradepkg with the "%" option, or do this: installpkg util-linux-ng-2.13.1-i486-1.tgz ; removepkg util-linux ; installpkg util-linux-ng-2.13.1-i486-1.tgz Thanks to Robby Workman for a lot of help with this package update. a/xfsprogs-2.9.7_1-i486-1.tgz: Upgraded to xfsprogs-2.9.7_1. ap/alsa-utils-1.0.15-i486-3.tgz: Don't load the mixer settings until after the OSS modules have been loaded. Eliminate 'awk' usage in rc.alsa, using sed and tr instead. Thanks to Tomas Matejicek for the patch. ap/dmapi-2.2.8_1-i486-1.tgz: Upgraded to dmapi-2.2.8_1. ap/man-pages-2.79-noarch-1.tgz: Upgraded to man-pages-2.79, and retained the POSIX pthread_* man pages this time. Thanks to Rastislav Stanik. ap/mysql-5.0.51a-i486-2.tgz: Modified /etc/rc.d/rc.mysqld's database installation instructions to take into consideration that the mysql user no longer has a login shell. In addition, the admin is told to consider locking the database server down even further (if possible) by using the mysql_secure_installation utility. Thanks again to Noel. ap/xfsdump-2.2.48_1-i486-1.tgz: Upgraded to xfsdump-2.2.48_1. l/libglade-2.6.2-i486-2.tgz: Rebuilt with --libdir=/usr/lib. Without this, libglade-2.0.la incorrectly inserts '/usr/local/lib' in the .la file. Thanks to Steve Kennedy for the bug report. l/libgsf-1.14.8-i486-1.tgz: Upgraded to libgsf-1.14.8. n/net-tools-1.60-i486-2.tgz: Recompiled with latest Debian patch. n/nfs-utils-1.1.2-i486-1.tgz: Upgraded to nfs-utils-1.1.2. n/nmap-4.60-i486-3.tgz: Fixed the build script (third time's the charm?) to use DESTDIR and remove the one item (useless, IMHO, within a package system) that still can't get DESTDIR right: uninstall_zenmap. Thanks to Conraid and Mauro Ghisoni for walking me through this one. :-) n/openssh-4.9p1-i486-1.tgz: Upgraded to openssh-4.9p1. n/wget-1.11.1-i486-1.tgz: Upgraded to wget-1.11.1. x/scim-1.4.7-i486-5.tgz: Fixed scim.desktop to have more information, and to place the SCIM startup utility in the "Utilities" menu rather than having it fall into "Lost & Found". Thanks to Hon Yuen Kwun for the initial patch. x/xf86-video-intel-2.2.99.902-i486-1.tgz: Upgraded to xf86-video-intel-2.2.99.902. xap/xine-lib-1.1.11.1-i686-1.tgz: Earlier versions of xine-lib suffer from an integer overflow which may lead to a buffer overflow that could potentially be used to gain unauthorized access to the machine if a malicious media file is played back. File types affected this time include .flv, .mov, .rm, .mve, .mkv, and .cak. For more information on this security issue, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482 (* Security fix *) isolinux/initrd.img: Patched to have /etc/fstab mount /dev/shm. Updated XFS utilities. usb-and-pxe-installers/: Patched to have /etc/fstab mount /dev/shm. Updated XFS utilities. +--------------------------+ Sat Mar 29 18:07:00 CDT 2008 a/glibc-solibs-2.7-i486-8.tgz: Recompiled against 2.6.24.4 headers. a/glibc-zoneinfo-2.7-noarch-8.tgz: Upgraded to tzdata2008b. l/glibc-2.7-i486-8.tgz: Recompiled against 2.6.24.4 headers. Upgraded to tzdata2008b. l/glibc-i18n-2.7-noarch-8.tgz: Rebuilt. l/glibc-profile-2.7-i486-8.tgz: Recompiled against 2.6.24.4 headers. a/lilo-22.8-i486-11.tgz: Fixed reversed vt.default_utf8 kernel parameter (0 <-> 1) in /etc/lilo.conf. Thanks to Eric Hameleers for noticing the bug. +--------------------------+ Fri Mar 28 23:35:22 CDT 2008 a/aaa_base-12.1.0-noarch-1.tgz: Added an empty /usr/share/wallpapers as this seems to be a de-facto standard directory and (for example) XFce will give an error if it is missing and one tries to change the desktop image. Thanks to Chess Griffin for reporting this. Bumped version number of package, and of /etc/slackware-version. a/etc-12.1-noarch-3.tgz: Installed root into the audio, cdrom, video, plugdev, and floppy groups _correctly_. This was noticed by a lot of people -- sorry for the bogus entries in there before. I don't know how I managed that. (easily ;-) a/lilo-22.8-i486-10.tgz: Fixed liloconfig to at least create an empty message file in /boot if none exists. a/sysvinit-scripts-1.2-noarch-19.tgz: Keep any icon-theme.cache files updated. a/kernel-generic-2.6.24.4-i486-1.tgz: Upgraded to Linux 2.6.24.4 uniprocessor generic.s (requires initrd) kernel. a/kernel-generic-smp-2.6.24.4_smp-i686-1.tgz: Upgraded to Linux 2.6.24.4 SMP gensmp.s (requires initrd) kernel. a/kernel-huge-2.6.24.4-i486-1.tgz: Upgraded to Linux 2.6.24.4 uniprocessor huge.s (full-featured) kernel. a/kernel-huge-smp-2.6.24.4_smp-i686-1.tgz: Upgraded to Linux 2.6.24.4 SMP hugesmp.s (full-featured) kernel. a/kernel-modules-2.6.24.4-i486-1.tgz Upgraded to Linux 2.6.24.4 uniprocessor kernel modules. a/kernel-modules-smp-2.6.24.4_smp-i686-1.tgz Upgraded to Linux 2.6.24.4 SMP kernel modules. ap/vim-7.1.285-i486-1.tgz: Upgraded to vim-7.1.285. d/kernel-headers-2.6.24.4_smp-x86-1.tgz: Upgraded to Linux 2.6.24.4 SMP kernel headers. k/kernel-source-2.6.24.4_smp-noarch-1.tgz Upgraded to Linux 2.6.24.4 SMP kernel source. l/svgalib_helper-1.9.25_2.6.24.4-i486-1.tgz: Recompiled for Linux 2.6.24.4. n/gnupg-1.4.9-i486-1.tgz: Upgraded to gnupg-1.4.9. n/gnupg2-2.0.9-i486-1.tgz: Upgraded to gnupg-2.0.9. n/nmap-4.60-i486-2.tgz: Recompiled. Some files were missing due to an incompletely removed previous compile. Thanks again to Mauro Ghisoni. It may also be necessary to reinstall python after upgrading from -1. tcl/tcl-8.4.18-i486-1.tgz: Upgraded to tcl8.4.18. tcl/tk-8.4.18-i486-1.tgz: Upgraded to tk8.4.18. x/liberation-fonts-ttf-1.0-noarch-1.tgz: Upgraded to Liberation Fonts 1.0. Thanks to Eric Hameleers for making a fontconfig file and updating the build script. x/pixman-0.10.0-i486-1.tgz: Upgraded to pixman-0.10.0. xap/mozilla-firefox-2.0.0.13-i686-1.tgz: Upgraded to firefox-2.0.0.13. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) xap/seamonkey-1.1.9-i486-1.tgz: Upgraded to seamonkey-1.1.9. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) xap/xine-lib-1.1.11-i686-1.tgz: Earlier versions of xine-lib suffer from an array index bug that may have security implications if a malicious RTSP stream is played. Playback of other media formats is not affected. If you use RTSP, you should probably upgrade xine-lib. For more information on the security issue, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073 (* Security fix *) xap/vim-gvim-7.1.285-i486-1.tgz: Upgraded to vim-7.1.285. This is the GTK+ version of vim (gvim). The normal vim package is also required. extra/grub/grub-0.97-i486-6.tgz: Restored the inode patch for ext2/3. It looks like it was needed after all. extra/linux-2.6.24.3-nosmp-sdk/: Updated SMP to no-SMP kernel source patch. isolinux/initrd.img: Fixed huge.s kernel installation bug. kernels/huge.s/*: Upgraded huge.s kernel to 2.6.24.4. kernels/hugesmp.s/*: Upgraded hugesmp.s kernel to 2.6.24.4 (SMP). kernels/speakup.s/*: Upgraded speakup.s kernel to 2.6.24.4. pasture/gcc-3.4.6/: Removed, since this has gone unchanged since Slackware 12.0. I'm not sure if the one in 12.0's pasture still works, but if it does, and you need it for something, that's where to find it. usb-and-pxe-installers/: Updated USB and PXE installers to 2.6.24.4 modules. +--------------------------+ Wed Mar 26 00:21:34 CDT 2008 a/etc-12.1-noarch-2.tgz: Add root to the groups audio, cdrom, video, plugdev, and floppy. Root already has access to most of these devices, but it doesn't hurt to provide an example for people who edit /etc/groups manually. a/shadow-4.0.3-i486-15.tgz: Took plugdev out of CONSOLE_GROUPS in /etc/login.defs, since DBUS doesn't know about group memberships added that way. Users not actually listed in /etc/groups as part of groups such as plugdev wouldn't be able to use those devices even at the console when logging in through a graphical login manager such as XDM, KDM, or GDM. Stuart Winter enhanced the command-line adduser tool. Quote from the adduser program history: "* To facilitate use of the automatic mounting features of HAL, allow the admin to easily add users to the default groups: audio,cdrom,video,plugdev,floppy The default is not to add new users to these groups. And by the way, this script is "adduser from Slackware" not "superadduser from Gentoo" ;-)" If you trust your users, this is the correct way to give them access to these devices. adduser will automatically edit /etc/groups for you. If you do not trust your users and you give them access to these groups, they may create mischief from afar with this access, so be aware of the security implications. a/udev-118-i486-3.tgz: Fixed two broken symbolic links in /sbin. Thanks to Piter Punk for fixing the script, and to Fred Emmott for noticing the problem and letting us know. ap/ntfsprogs-2.0.0-i486-2.tgz: Added back ntfsprogs-2.0.0, using (for now) --disable-ntfsmount. It is still needed to manage NTFS partitions even if we use the kernel driver or NTFS-3G to mount them. Thanks to Matteo Nunziati for the information. n/epic4-2.8-i486-1.tgz: Upgraded to epic4-2.8. n/irssi-0.8.12-i486-1.tgz: Upgraded to irssi-0.8.12. n/nmap-4.60-i486-1.tgz: Upgraded to nmap-4.60. Zenmap still isn't working because we don't include sqlite, but a zenmap .desktop file was added anyway, and some paths in a script were fixed. Thanks to Mauro Ghisoni for pointing out the bad paths in Paths.py. xap/gimp-2.4.5-i486-1.tgz: Upgraded to gimp-2.4.5, added support for pyGTK. isolinux/initrd.img: Fixed Speakup kernel detection. Thanks to Jude DaShiell for reporting the bug. Added LVM swap partition detection. Thanks to Manuel Reimer for the patch. usb-and-pxe-installers/: Fixed Speakup kernel detection. Thanks to Jude DaShiell for reporting the bug. Added LVM swap partition detection. Thanks to Manuel Reimer for the patch. +--------------------------+ Sat Mar 22 16:26:33 CDT 2008 a/pkgtools-12.1.0-noarch-6.tgz: Fixed bogus bad gzipped file warnings. ap/ghostscript-8.62-i486-3.tgz: Fixed default cidfmap installation. n/mcabber-0.9.6-i486-1.tgz: Upgraded to mcabber-0.9.6. xap/audacious-1.5.0-i486-2.tgz: Don't use opcodes that break older computers. Thanks to Elvio Basello and Udo A. Steinberg for the bug reports. Thanks also to Giacomo Lozito for debugging suggestions. The problem was, of course, on my side of things. :-) xap/audacious-plugins-1.5.0-i486-2.tgz: Recompiled. +--------------------------+ Wed Mar 19 19:34:38 CDT 2008 Is this Slackware 12.1 RC 1 yet? It has to be close. a/e2fsprogs-1.40.8-i486-1.tgz: Upgraded to e2fsprogs-1.40.8. a/gpm-1.20.1-i486-5.tgz: Default item to imps2, which works well with KVM boxes. If you use a Synaptics pad with the third party driver, you may have to change this setting. a/inotify-tools-3.13-i486-1.tgz: Upgraded to inotify-tools-3.13. a/kernel-generic-2.6.24.3-i486-2.tgz: After much debate, the kernels have been recompiled with the CONFIG_SCSI_MULTI_LUN option enabled. This was tried once and caused problems for real SCSI systems, but that really was many years ago and it's so handy to have this feature for multi-LUN card readers that we're going to try enabling this again. Please report any problems. Upgraded to Linux 2.6.24.3 uniprocessor generic.s (requires initrd) kernel. a/kernel-generic-smp-2.6.24.3_smp-i686-2.tgz: Recompiled with CONFIG_SCSI_MULTI_LUN. a/kernel-huge-2.6.24.3-i486-2.tgz: Recompiled with CONFIG_SCSI_MULTI_LUN. a/kernel-huge-smp-2.6.24.3_smp-i686-2.tgz: Recompiled with CONFIG_SCSI_MULTI_LUN. a/kernel-modules-2.6.24.3-i486-2.tgz: Recompiled. a/kernel-modules-smp-2.6.24.3_smp-i686-2.tgz: Recompiled. a/ntfs-3g-1.2310-i486-1.tgz: After getting a lot of feedback on it, we're changing from ntfsprogs to ntfs-3g and putting it in the A series so that it can be used as the default NTFS filesystem. All the best wishes to the ntfsprogs project for future improvement, but nftsprogs couldn't extract and compile the Linux kernel on an NTFS partition here, and ntfs-3g could. It also seems to have a better community and support going right now. Thanks to the users who wrote with their opinions to help make this decision. a/pkgtools-12.1.0-noarch-5.tgz: Default making a USB boot stick to off. a/sysvinit-scripts-1.2-noarch-18.tgz: Removed /etc/rc.d/rc.scanluns. a/udev-118-i486-2.tgz: Blacklist old bcm43xx driver (b43 and b43legacy are the recommended drivers now). ap/alsa-utils-1.0.15-i486-2.tgz: Set reasonable volume defaults if there are none in /etc/asound.state. Thanks to Eric Hameleers. ap/gutenprint-5.0.2-i486-1.tgz: Upgraded to gutenprint-5.0.2. ap/ntfsprogs-2.0.0-i486-1.tgz: Removed (for now). d/m4-1.4.10-i486-1.tgz: Upgraded to m4-1.4.10. Thanks to Kyle Guinn for reporting that m4-1.4.9 had a serious calculation bug. d/pkg-config-0.23-i486-1.tgz: Upgraded to pkg-config-0.23. k/kernel-source-2.6.24.3_smp-noarch-2.tgz: CONFIG_SCSI_MULTI_LUN is now the default in the supplied Slackware generic .config. kde/kdelibs-3.5.9-i486-3.tgz: Patched a problem with Kate mislocating the cursor after a block paste. Thanks to Peter Sevens for showing me the fix. l/atk-1.22.0-i486-1.tgz: Upgraded to atk-1.22.0. l/dbus-1.1.20-i486-1.tgz: Upgraded to dbus-1.1.20. Thanks to Robby Workman for helping to maintain the dbus build scripts. l/dbus-glib-0.74-i486-2.tgz: Rebuilt. l/dbus-qt3-0.70-i486-2.tgz: Rebuilt. l/gnome-icon-theme-2.22.0-noarch-1.tgz: Upgraded to gnome-icon-theme-2.22.0. l/glib2-2.14.6-i486-3.tgz: Set G_BROKEN_FILENAMES=1, and if the locale is UTF-8, then set G_FILENAME_ENCODING="@locale" (which will override the G_BROKEN_FILENAMES setting). This should get us a little closer with UTF. Thanks to Dave Minton for pointing out the issue to Robby Workman, who (in turn), sent it in to me. l/gtk+2-2.12.9-i486-1.tgz: Upgraded to gtk+-2.12.9. l/hal-info-20080313-noarch-1.tgz: Upgraded to l/hal-info-20080313. l/hicolor-icon-theme-0.10-noarch-3.tgz: Don't make an icon-theme.cache file in /usr/share/icons. l/lcms-1.17-i486-1.tgz: Upgraded to lcms-1.17. l/libart_lgpl-2.3.20-i486-1.tgz: Upgraded to libart_lgpl-2.3.20. l/pango-1.20.0-i486-1.tgz: Upgraded to pango-1.20.0. l/pygtk-2.12.1-i486-2.tgz: Robby said it would help to recompile this. l/wavpack-4.41.0-i486-1.tgz: Added wavpack-4.41.0. This is needed for audacious WAV format support. n/gnupg2-2.0.8-i486-1.tgz: Upgraded to gnupg2-2.0.8. n/gnutls-2.2.2-i486-1.tgz: Upgraded to gnutls-2.2.2. n/gpgme-1.1.6-i486-1.tgz: Upgraded to gpgme-1.1.6. n/libassuan-1.0.4-i486-1.tgz: Upgraded to libassuan-1.0.4. n/libksba-1.0.3-i486-1.tgz: Upgraded to libksba-1.0.3. n/libgcrypt-1.4.0-i486-1.tgz: Upgraded to libgcrypt-1.4.0. n/libgpg-error-1.6-i486-2.tgz: Recompiled. n/pinentry-0.7.5-i486-1.tgz: Upgraded to pinentry-0.7.5. n/samba-3.0.28a-i486-1.tgz: Upgraded to samba-3.0.28a. n/wireless-tools-29-i486-1.tgz: Upgraded to wireless-tools-29. x/libXScrnSaver-1.1.3-i486-1.tgz: Upgraded to libXScrnSaver-1.1.3. x/libXv-1.0.4-i486-1.tgz: Upgraded to libXv-1.0.4. x/libxkbfile-1.0.5-i486-1.tgz: Upgraded to libxkbfile-1.0.5. x/xf86-video-amd-2.7.7.7-i486-1.tgz: Upgraded to xf86-video-amd-2.7.7.7. x/xf86-video-apm-1.2.0-i486-1.tgz: Upgraded to xf86-video-apm-1.2.0. x/xf86-video-ark-0.7.0-i486-1.tgz: Upgraded to xf86-video-ark-0.7.0. x/xf86-video-ast-0.85.0-i486-1.tgz: Upgraded to xf86-video-ast-0.85.0. x/xf86-video-chips-1.2.0-i486-1.tgz: Upgraded to xf86-video-chips-1.2.0. x/xf86-video-cirrus-1.2.0-i486-1.tgz: Upgraded to xf86-video-cirrus-1.2.0. x/xf86-video-dummy-0.3.0-i486-1.tgz: Upgraded to xf86-video-dummy-0.3.0. x/xf86-video-fbdev-0.4.0-i486-1.tgz: Upgraded to xf86-video-fbdev-0.4.0. x/xf86-video-glint-1.2.0-i486-1.tgz: Upgraded to xf86-video-glint-1.2.0. x/xf86-video-i128-1.3.0-i486-1.tgz: Upgraded to xf86-video-i128-1.3.0. x/xf86-video-i740-1.2.0-i486-1.tgz: Upgraded to xf86-video-i740-1.2.0. x/xf86-video-neomagic-1.2.0-i486-1.tgz: Upgraded to xf86-video-neomagic-1.2.0. x/xf86-video-rendition-4.2.0-i486-1.tgz: Upgraded to xf86-video-rendition-4.2.0. x/xf86-video-s3-0.6.0-i486-1.tgz: Upgraded to xf86-video-s3-0.6.0. x/xf86-video-s3virge-1.10.0-i486-1.tgz: Upgraded to xf86-video-s3virge-1.10.0. x/xf86-video-savage-2.2.0-i486-1.tgz: Upgraded to xf86-video-savage-2.2.0. x/xf86-video-siliconmotion-1.6.0-i486-1.tgz: Upgraded to xf86-video-siliconmotion-1.6.0. x/xf86-video-sis-0.10.0-i486-1.tgz: Upgraded to xf86-video-sis-0.10.0. x/xf86-video-sisusb-0.9.0-i486-1.tgz: Upgraded to xf86-video-sisusb-0.9.0. x/xf86-video-tdfx-1.4.0-i486-1.tgz: Upgraded to xf86-video-tdfx-1.4.0. x/xf86-video-trident-1.3.0-i486-1.tgz: Upgraded to xf86-video-trident-1.3.0. x/xf86-video-tseng-1.2.0-i486-1.tgz: Upgraded to xf86-video-tseng-1.2.0. x/xf86-video-v4l-0.2.0-i486-1.tgz: Upgraded to xf86-video-v4l-0.2.0. x/xf86-video-vmware-10.16.0-i486-1.tgz: Upgraded to xf86-video-vmware-10.16.0. x/xf86-video-voodoo-1.2.0-i486-1.tgz: Upgraded to xf86-video-voodoo-1.2.0. xap/audacious-1.5.0-i486-1.tgz: Upgraded to audacious-1.5.0. xap/audacious-plugins-1.5.0-i486-1.tgz: Upgraded to audacious-plugins-1.5.0. xap/gkrellm-2.3.1-i486-2.tgz: Recompiled against gnutls-2.2.2. xap/pidgin-2.4.0-i486-2.tgz: Recompiled against gnutls-2.2.2. xap/xfce-4.4.2-i486-3.tgz: Patched two Thunar bugs. xap/xpdf-3.02pl2-i486-3.tgz: Rebuilt adding an icon and .desktop file. Thanks to Selkfoster for the .desktop file and for pointing out the icon. extra/grub/grub-0.97-i486-5.tgz: Recompiled without the inode patch since e2fsprogs-1.40.8 broke the GRUB we patched to work with e2fsprogs-1.40.6. extra/linux-2.6.24.3-nosmp-sdk/: Updated SMP to no-SMP kernel source patch. extra/parted/parted-1.8.8-i486-1.tgz: Upgraded to parted-1.8.8. extra/slackpkg/slackpkg-2.70.1-noarch-1.tgz: Upgraded to slackpkg-2.70.1-noarch-1. Thanks to Piter Punk. isolinux/initrd.img: Offer ntfs-3g read-write mounts for NTFS partitions. Upgraded to parted-1.8.8. Upgraded to e2fsprogs-1.40.8. kernels/hugesmp.s/*: Recompiled with CONFIG_SCSI_MULTI_LUN. kernels/huge.s/*: Recompiled with CONFIG_SCSI_MULTI_LUN. kernels/speakup.s/*: Recompiled with CONFIG_SCSI_MULTI_LUN. Updated to latest Speakup GIT pull. usb-and-pxe-installers/: Offer ntfs-3g read-write mounts for NTFS partitions. Upgraded to parted-1.8.8. Upgraded to e2fsprogs-1.40.8. +--------------------------+ Thu Mar 13 19:19:06 CDT 2008 a/gettext-0.17-i486-2.tgz: Compressed the man pages. Thanks to Kris Karas for noticing. d/gettext-tools-0.17-i486-2.tgz: Compressed the man pages. isolinux/initrd.img: Updated dropbear version. usb-and-pxe-installers/: Updated dropbear version. +--------------------------+ Thu Mar 13 17:20:20 CDT 2008 l/sdl-1.2.13-i486-2.tgz: SDL_mixer looks for timidity files in /usr/lib/timidity rather than /usr/local/lib/timidity. Thanks to Dan Church for the bug report. n/zd1211-firmware-1.4-fw-1.tgz: Added ZD1211 USB WLAN firmware. x/dejavu-fonts-ttf-2.24-noarch-1.tgz: Upgraded to dejavu-fonts-ttf-2.24. isolinux/initrd.img: More dropbear adjustments from Eric Hameleers. usb-and-pxe-installers/: More dropbear adjustments from Eric Hameleers. +--------------------------+ Tue Mar 11 19:52:11 CDT 2008 a/glibc-solibs-2.7-i486-7.tgz: Recompiled against Linux 2.6.24.3 headers. a/glibc-zoneinfo-2.7-noarch-7.tgz: Upgraded to tzdata2008a. a/gettext-0.17-i486-1.tgz: Upgraded to gettext-0.17. a/sysvinit-scripts-1.2-noarch-17.tgz: Update gtk.immodules from rc.M at boot. ap/flac-1.2.1-i486-1.tgz: Upgraded to flac-1.2.1. ap/vorbis-tools-1.2.0-i486-1.tgz: Upgraded to vorbis-tools-1.2.0. d/gettext-tools-0.17-i486-1.tgz: Upgraded to tools for gettext-0.17. kde/k3b-1.0.4-i486-3.tgz: Recompiled against flac-1.2.1. kde/kdemultimedia-3.5.9-i486-3.tgz: Recompiled against flac-1.2.1. l/glibc-2.7-i486-7.tgz: Recompiled against Linux 2.6.24.3 headers. l/glibc-i18n-2.7-noarch-7.tgz: Rebuilt. l/glibc-profile-2.7-i486-7.tgz: Recompiled against Linux 2.6.24.3 headers. l/jre-6u5-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment Version 6.0 update 5. l/libcddb-1.3.0-i486-1.tgz: Added libcddb-1.3.0. (needed by audacious-plugins) l/libcdio-0.79-i486-1.tgz: Added libcdio-0.79. (needed by audacious-plugins) n/ipw2100-fw-1.3-fw-1.tgz: Added ipw2100-fw-1.3. n/ipw2200-fw-3.0-fw-1.tgz: Added ipw2200-fw-3.0. n/rt61-firmware-1.2-fw-1.tgz: Added rt61-firmware-1.2. n/rt71w-firmware-1.8-fw-1.tgz: Added rt71w-firmware-1.8. x/compiz-0.7.2-i486-1.tgz: Upgraded to compiz-0.7.2. x/font-xfree86-type1-1.0.1-noarch-1.tgz: Upgraded to font-xfree86-type1-1.0.1. x/inputproto-1.4.3-noarch-1.tgz: Upgraded to inputproto-1.4.3. x/libX11-1.1.4-i486-1.tgz: Upgraded to libX11-1.1.4. x/libXfont-1.3.2-i486-1.tgz: Upgraded to libXfont-1.3.2. x/libXinerama-1.0.3-i486-1.tgz: Upgraded to libXinerama-1.0.3. x/libpciaccess-0.10-i486-1.tgz: Added libpciaccess-0.10. x/mkfontdir-1.0.4-noarch-1.tgz: Upgraded to mkfontdir-1.0.4. x/mkfontscale-1.0.4-i486-1.tgz: Upgraded to mkfontscale-1.0.4. x/printproto-1.0.4-noarch-1.tgz: Upgraded to printproto-1.0.4. x/rendercheck-1.3-i486-1.tgz: Upgraded to rendercheck-1.3. x/twm-1.0.4-i486-1.tgz: Upgraded to twm-1.0.4. x/util-macros-1.1.6-noarch-1.tgz: Upgraded to util-macros-1.1.6. x/x11perf-1.5-i486-1.tgz: Upgraded to x11perf-1.5. x/xauth-1.0.3-i486-1.tgz: Upgraded to xauth-1.0.3. x/xcompmgr-1.1.4-i486-1.tgz: Added xcompmgr-1.1.4. x/xdm-1.1.7-i486-1.tgz: Upgraded to xdm-1.1.7. x/xev-1.0.3-i486-1.tgz: Upgraded to xev-1.0.3. x/xf86-input-aiptek-1.1.1-i486-1.tgz: Upgraded to xf86-input-aiptek-1.1.1. x/xf86-video-nv-2.1.8-i486-1.tgz: Upgraded to xf86-video-nv-2.1.8. x/xfs-1.0.6-i486-1.tgz: Upgraded to xfs-1.0.6. x/xinit-1.0.8-i486-1.tgz: Upgraded to xinit-1.0.8. x/xkbcomp-1.0.4-i486-1.tgz: Upgraded to xkbcomp-1.0.4. x/xprop-1.0.4-i486-1.tgz: Upgraded to xprop-1.0.4. x/xproto-7.0.12-noarch-1.tgz: Upgraded to xproto-7.0.12. x/xrandr-1.2.3-i486-1.tgz: Upgraded to xrandr-1.2.3. x/xrdb-1.0.5-i486-1.tgz: Upgraded to xrdb-1.0.5. x/xset-1.0.4-i486-1.tgz: Upgraded to xset-1.0.4. x/xtrans-1.1-noarch-1.tgz: Upgraded to xtrans-1.1. xap/audacious-plugins-1.4.5-i486-2.tgz: Recompiled against flac-1.2.1. xap/pidgin-2.4.0-i486-1.tgz: Upgraded to pidgin-2.4.0 and pidgin-encryption-3.0. Thanks to Eric Hameleers for updating the script. extra/jdk-6/jdk-6u5-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Development Kit Version 6.0 update 5. isolinux/initrd.img: Made some dropbear changes. Thanks, Eric. usb-and-pxe-installers/: Made some dropbear changes. Thanks, Eric. +--------------------------+ Sat Mar 8 02:12:43 CST 2008 a/kernel-generic-2.6.24.3-i486-1.tgz: Upgraded to Linux 2.6.24.3 uniprocessor generic.s (requires initrd) kernel. a/kernel-generic-smp-2.6.24.3_smp-i686-1.tgz: Upgraded to Linux 2.6.24.3 SMP gensmp.s (requires initrd) kernel. a/kernel-huge-2.6.24.3-i486-1.tgz: Upgraded to Linux 2.6.24.3 uniprocessor huge.s (full-featured) kernel. a/kernel-huge-smp-2.6.24.3_smp-i686-1.tgz: Upgraded to Linux 2.6.24.3 SMP hugesmp.s (full-featured) kernel. a/kernel-modules-2.6.24.3-i486-1.tgz Upgraded to Linux 2.6.24.3 uniprocessor kernel modules. a/kernel-modules-smp-2.6.24.3_smp-i686-1.tgz Upgraded to Linux 2.6.24.3 SMP kernel modules. a/lilo-22.8-i486-9.tgz: If the kernel is >= 2.6.24, then ask the user if they want to override the kernel's new default to UTF-8 on the text consoles. Most users will not want UTF-8 yet until all applications have been fixed to work with it. This option will not affect the use of UTF-8 locales in X. a/pcmciautils-014-i486-4.tgz: Improved the default configuration to work with more hardware. Thanks to Piter Punk. a/pkgtools-12.1.0-noarch-4.tgz: Added fuse to the installer's boot-start (setup.services) menu. Patched makepkg to test gzipped files properly. a/sysvinit-scripts-1.2-noarch-16.tgz: Modified rc.S to start FUSE. a/udev-118-i486-1.tgz: Upgraded to udev-118. Thanks to Piter Punk. ap/ntfsprogs-2.0.0-i486-1.tgz: Moved from /extra. ntfsprogs now includes full read-write support when the NFTS filesystem is mounted with ntfsmount or -t ntfs.fuse. This feature requires the new fuse package. d/kernel-headers-2.6.24.3_smp-x86-1.tgz: Upgraded to Linux 2.6.24.3 SMP kernel headers. k/kernel-source-2.6.24.3_smp-noarch-1.tgz Upgraded to Linux 2.6.24.3 SMP kernel source. kde/kdelibs-3.5.9-i486-3.tgz: Patched a problem with Kate mislocating the cursor after a block paste. Thanks to Peter Sevens for showing me the fix. l/fuse-2.7.3-i486-1.tgz: Added FUSE, a userspace filesystem interface. Thanks to Antonio Hernández Blas for submitting the build script. l/gtk+2-2.12.8-i486-3.tgz: Don't run gtk-query-immodules-2.0 from the installer, because some of the libraries it needs would not yet be on the machine. The SCIM scripts should pick this up later on. l/hal-info-20080215-noarch-1.tgz: Upgraded to hal-info-20080215. l/svgalib_helper-1.9.25_2.6.24.3-i486-1.tgz: Recompiled for Linux 2.6.24.3. n/iwlwifi-3945-ucode-2.14.1.5-fw-1.tgz: Added Intel 3945 wireless firmware. n/iwlwifi-4965-ucode-4.44.1.20-fw-1.tgz: Added Intel 4965 wireless firmware. extra/linux-2.6.24.3-nosmp-sdk/: Updated SMP to no-SMP kernel source patch. isolinux/initrd.img: Merged new dropbear and patches from Eric Hameleers. kernels/hugesmp.s/*: Upgraded hugesmp.s kernel to 2.6.24.3 (SMP). kernels/huge.s/*: Upgraded huge.s kernel to 2.6.24.3. kernels/speakup.s/*: Upgraded speakup.s kernel to 2.6.24.3. Note that the kernel parameters for Speakup have changed. What was speakup_synth= is now speakup.synth=. All of the options have changed similarly using "speakup." rather than "speakup_" as a prefix. usb-and-pxe-installers/: Updated USB and PXE installers to 2.6.24.3 modules. +--------------------------+ Thu Mar 6 03:13:15 CST 2008 a/usbutils-0.73-i486-2.tgz: Don't compress usb.ids (this breaks HAL). Thanks to Robby Workman for the report. l/glib2-2.14.6-i486-2.tgz: Added /etc/profile.d/ scripts so that GTK+ will use the $LANG variable instead of forcing UTF-8. Thanks to Anton Dobkin. n/rsync-3.0.0-i486-1.tgz: Upgraded to rsync-3.0.0. x/libXext-1.0.4-i486-1.tgz: Upgraded to libXext-1.0.4. x/xf86-video-mga-1.4.8-i486-1.tgz: Upgraded to xf86-video-mga-1.4.8. extra/grub/grub-0.97-i486-4.tgz: Patched to handle the new 256 byte ext2/ext3 inode size. Thanks to Michael Wagner for the patch. extra/ham/: Removed, since this hasn't really seen any changes in a couple of years, and packet radio has mostly become an obscure art form (if that wasn't what it always was ;-). Anyway, I'm hoping someone interested in packet radio will appear to maintain these on Slackbuilds.org. Meanwhile, thanks to Arno Verhoeven for his years of work on these packages. +--------------------------+ Mon Mar 3 18:48:07 CST 2008 ap/ghostscript-8.62-i486-2.tgz: Fixed the gs_res.ps file for CJK. (I'd forgotten to apply a patch...) Thanks again to ABE Shin-ichi! +--------------------------+ Sun Mar 2 03:34:48 CST 2008 ap/ghostscript-8.62-i486-1.tgz: Upgraded to ghostscript-8.62. This new release of GPL Ghostscript fixes a buffer overflow. Thanks very much to ABE Shin-ichi for configuring and testing much improved support for CJK output! :-) For more information on the security issue, please see: http://scary.beasts.org/security/CESA-2008-001.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0411 Thanks to Chris Evans and Will Drewry of Google Security for their work on discovering and demonstrating the overflow. (* Security fix *) l/gtk+2-2.12.8-i486-2.tgz: Patched to fix Flash in Konqueror. Thanks to Guido Ascioti for the bug report and fix. l/hicolor-icon-theme-0.10-noarch-1.tgz: Since XFce adds a few hicolor icons of its own, make sure the hicolor icon-cache is updated at the end of the installation. Thanks to Michael Wagner for the bug report. l/pilot-link-0.12.3-i486-2.tgz: Fixed missing perl modules and man pages. Thanks to Ismael Cortes for the report. xap/xpdf-3.02pl2-i486-2.tgz: Added support for Arabic, simplified and traditional Chinese, Hebrew, Japanese, Korean, Thai, and Turkish (in addition to the Cyrillic, Greek, and Latin2 support that had already been included). Thanks again to ABE Shin-ichi for configuring Japanese support, providing a supurb example for including all the additional language support. :-) +--------------------------+ Sat Mar 1 16:21:49 CST 2008 d/python-2.5.2-i486-1.tgz: Upgraded to Python-2.5.2. kde/kdegraphics-3.5.9-i486-3.tgz: Patched with a fix for kdvi. xap/mozilla-thunderbird-2.0.0.12-i686-1.tgz: Upgraded to thunderbird-2.0.0.12. This update fixes the following security related issues: MFSA 2008-12: Heap buffer overflow in external MIME bodies MFSA 2008-05: Directory traversal via chrome: URI MFSA 2008-03: Privilege escalation, XSS, Remote Code Execution MFSA 2008-01: Crashes with evidence of memory corruption (rv:1.8.1.12) For more information, see: http://www.mozilla.org/security/announce/2008/mfsa2008-12.html http://www.mozilla.org/security/announce/2008/mfsa2008-05.html http://www.mozilla.org/security/announce/2008/mfsa2008-03.html http://www.mozilla.org/security/announce/2008/mfsa2008-01.html These are the related CVE entries: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413 (* Security fix *) +--------------------------+ Sat Mar 1 12:59:58 CST 2008 a/lilo-22.8-i486-8.tgz: Fixed a bug using append= in the expert menu. Thanks to Eric Hameleers for pointing it out. ap/lm_sensors-2.10.5-i486-2.tgz: Fixed incorrect install path. +--------------------------+ Fri Feb 29 14:00:57 CST 2008 a/ed-0.9-i486-1.tgz: Upgraded to ed-0.9. World's greatest line editor. a/hdparm-8.6-i486-1.tgz: Upgraded to hdparm-8.6. a/lilo-22.8-i486-7.tgz: Patched liloconfig to make using the boot splash screen an expert option as well. a/pkgtools-12.1.0-noarch-3.tgz: Have makepkg warn of two more common mistakes -- dropping man pages in /usr/share/man, or (now) using site_perl in a non-local package. a/usbutils-0.73-i486-1.tgz: Upgraded to usbutils-0.73 with fresh usb.ids. ap/cdrtools-2.01.01a37-i486-1.tgz: Upgraded to cdrtools-2.01.01a37. ap/linuxdoc-tools-0.9.21-i486-5.tgz: Upgraded to asciidoc-8.2.5, docbook-utils-0.6.14-13.fc9, docbook-xsl-1.73.2, docbook-xsl-doc-1.73.2, gtk-doc-1.9, libsgmls-perl_1.03ii-32.diff, linuxdoc-tools_0.9.21-0.11, sgml-common-0.6.3-23.fc9, and xmlto-0.0.20. Thanks to Richard Hoyle for pointing out some missing asciidoc files under /etc/asciidoc. ap/lm_sensors-2.10.5-i486-1.tgz: Upgraded to lm_sensors-2.10.5. d/binutils-2.17.50.0.17-i486-1.tgz: Reverted to binutils-2.17.50.0.17 due to many reports of ld bugs... d/doxygen-1.5.5-i486-1.tgz: Upgraded to doxygen-1.5.5. d/git-1.5.4.3-i486-1.tgz: Upgraded to git-1.5.4.3. Switched to vendor_perl for the Git perl module. d/oprofile-0.9.2-i486-5.tgz: Reverted to oprofile-0.9.2 compiled against binutils-2.17.50.0.17. d/perl-5.8.8-i486-6.tgz: Use vendor_perl for Slackware-added Perl modules, not site_perl. Really, I think perl's handling of this (and other issues like the registry-like handling of perllocal.pod) is flawed, but this is better than nothing. IMHO, something like /usr/local/lib/perl5/site_perl/ would fit much better with the FHS's recommendations. Try not to clobber an existing perllocal.pod (hard to do after the fact, so make backups if you care...) f/linux-howtos-20080227-noarch-1.tgz: Upgraded to Linux-HOWTOs-20080227. Recompiled all Qt things, since /usr/lib/qt-3.3.8/lib (no longer a valid path) was turning up in .la files. kde/amarok-1.4.8-i486-2.tgz: Recompiled. kde/k3b-1.0.4-i486-2.tgz: Recompiled. kde/kdeaccessibility-3.5.9-i486-2.tgz: Recompiled. kde/kdeaddons-3.5.9-i486-2.tgz: Recompiled. kde/kdeadmin-3.5.9-i486-2.tgz: Recompiled. kde/kdeartwork-3.5.9-i486-2.tgz: Recompiled. kde/kdebase-3.5.9-i486-2.tgz: Patched a bug with lm_sensors. kde/kdebindings-3.5.9-i486-2.tgz: Recompiled. Use vendor_perl dir. kde/kdeedu-3.5.9-i486-2.tgz: Recompiled. kde/kdegames-3.5.9-i486-2.tgz: Recompiled. kde/kdegraphics-3.5.9-i486-2.tgz: Recompiled. kde/kdelibs-3.5.9-i486-2.tgz: Recompiled. kde/kdemultimedia-3.5.9-i486-2.tgz: Recompiled. kde/kdenetwork-3.5.9-i486-2.tgz: Recompiled. kde/kdepim-3.5.9-i486-2.tgz: Recompiled (against new pilot-link). kde/kdesdk-3.5.9-i486-2.tgz: Recompiled. kde/kdetoys-3.5.9-i486-2.tgz: Recompiled. kde/kdeutils-3.5.9-i486-2.tgz: Recompiled. kde/kdevelop-3.5.1-i486-2.tgz: Recompiled with official bugfix patch. kde/kdewebdev-3.5.9-i486-2.tgz: Recompiled. kde/knemo-0.4.8-i486-2.tgz: Recompiled. kde/koffice-1.6.3-i486-3.tgz: Recompiled. l/arts-1.5.9-i486-2.tgz: Recompiled. l/fribidi-0.10.9-i486-1.tgz: Upgraded to fribidi-0.10.9. l/gmime-2.2.17-i486-1.tgz: Upgraded to gmime-2.2.17. l/gmp-4.2.2-i486-1.tgz: Upgraded to gmp-4.2.2. l/jre-6u4-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment Version 6.0 update 4. l/libglade-2.6.2-i486-1.tgz: Upgraded to libglade-2.6.2. l/libgtkhtml-2.11.1-i486-1.tgz: Upgraded to libgtkhtml-2.11.1. l/libidl-0.8.10-i486-1.tgz: Upgraded to libIDL-0.8.10. l/libidn-1.5-i486-1.tgz: Upgraded to libidn-1.5. l/libieee1284-0.2.11-i486-1.tgz: Upgraded to libieee1284-0.2.11. l/libmng-1.0.10-i486-1.tgz: Upgraded to libmng-1.0.10. l/libmcs-0.7.0-i486-1.tgz: Added libmcs-0.7.0 (replaces mcs package). l/libpng-1.2.25-i486-1.tgz: Upgraded to libpng-1.2.25. l/librsvg-2.22.1-i486-1.tgz: Upgraded to librsvg-2.22.1. l/libtheora-1.0beta2-i486-1.tgz: Upgraded to libtheora-1.0beta2. l/libwpd-0.8.14-i486-1.tgz: Upgraded to libwpd-0.8.14. l/libxml2-2.6.31-i486-2.tgz: Moved the man pages to the right location. Thanks to Tomas Szepe. l/mcs-0.4.1-i486-2.tgz: Removed. l/mpfr-2.3.1-i486-1.tgz: Upgraded to mpfr-2.3.1. l/pango-1.19.4-i486-1.tgz: Upgraded to pango-1.19.4. l/pcre-7.6-i486-1.tgz: Upgraded to pcre-7.6. l/pilot-link-0.12.3-i486-1.tgz: Upgraded to pilot-link-0.12.3. l/qca-1.0-i486-4.tgz: Recompiled. l/qca-tls-1.0-i486-6.tgz: Recompiled. l/qt-3.3.8b-i486-2.tgz: Recompiled against gcc-4.2.3. l/readline-5.2-i486-3.tgz: Applied all official patches. l/sdl-1.2.13-i486-1.tgz: Upgraded to SDL-1.2.13, SDL_image-1.2.6, SDL_mixer-1.2.8, SDL_net-1.2.7, and SDL_ttf-2.0.9. l/slang-2.1.3-i486-1.tgz: Upgraded to slang-2.1.3. l/startup-notification-0.9-i486-1.tgz: Upgraded to startup-notification-0.9. l/tango-icon-theme-0.8.1-noarch-1.tgz: Added Tango icon theme. l/tango-icon-theme-extras-0.1.0-noarch-1.tgz: Added Tango theme extra icons. l/vte-0.16.12-i486-1.tgz: Upgraded to vte-0.16.12. n/dnsmasq-2.41-i486-1.tgz: Upgraded to dnsmasq-2.41. n/iptraf-3.0.0-i486-2.tgz: Absorbed the latest Debian patch. (thanks! :-) Also thanks to Marin Glibic for pointing it out, since it adds support for the legacy Ralink 2500 driver. n/net-snmp-5.4-i486-6.tgz: Recompiled to use vendor_perl. n/obexftp-0.21-i486-2.tgz: Recompiled to use vendor_perl. n/wget-1.11-i486-1.tgz: Upgraded to wget-1.11. n/wpa_supplicant-0.5.9-i486-1.tgz: Upgraded to wpa_supplicant-0.5.9. Thanks to Eric Hameleers. x/compiz-0.7.0-i486-1.tgz: Upgraded to compiz-0.7.0. x/luit-1.0.3-i486-1.tgz: Upgraded to luit-1.0.3. x/scim-1.4.7-i486-4.tgz: Default profile.d scripts to executable. x/xf86-video-trident-1.2.4-i486-1.tgz: Upgraded to xf86-video-trident-1.2.4. x/xf86-video-intel-2.2.1-i486-1.tgz: Upgraded to xf86-video-intel-2.2.1. x/xf86-video-ati-6.8.0-i486-1.tgz: Upgraded to xf86-video-ati-6.8.0. xap/imagemagick-6.3.7_10-i486-1.tgz: Upgraded to ImageMagick-6.3.7-10. Changed build script to install Perl modules under vendor_perl. xap/sane-1.0.19-i486-2.tgz: Fixed /var/lock permissions. xap/xfce-4.4.2-i486-2.tgz: Patched a memory leak. The recompile also seemed to pick up new exo and pygtk features. extra/intel-wlan-iwlwifi/*: This replaces the older ipw3945 driver and daemon (no daemon required now). Support was also added for more chipsets, such as the ipw4965 series. extra/jdk-6/jdk-6u4-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Development Kit Version 6.0 update 4. extra/ktorrent/ktorrent-2.2.5-i486-1.tgz: Upgraded to ktorrent-2.2.5. +--------------------------+ Sun Feb 24 15:15:40 CST 2008 a/mkinitrd-1.3.1-i486-4.tgz: Fixed a patch glitch glitch. (My own glitch, probably) Thanks again to Ken Milmore, Kevin F. Haggerty, and the crew members who went over the latest mkinitrd patches with me. Hopefully it's all good now. Otherwise, let me know... +--------------------------+ Sun Feb 24 01:50:25 CST 2008 a/mkinitrd-1.3.1-i486-3.tgz: Fixed a patch glitch. Thanks to Robby Workman and Eric Hameleers. ap/hplip-2.8.2-i486-2.tgz: Fixed udev rules. Thanks to Michael Wagner. x/m17n-lib-1.5.0-i486-1.tgz: Fixed --mandir. Thanks to Kris Karas. x/scim-1.4.7-i486-3.tgz: Make the library links first in the install script. isolinux/initrd.img: Made a minor cosmetic fix to the network script. usb-and-pxe-installers/: Rebuilt. +--------------------------+ Sat Feb 23 14:00:46 CST 2008 a/mkinitrd-1.3.1-i486-2.tgz: Make sure to copy both devices and symlinks to /dev in the initrd. Thanks to Ken Milmore. isolinux/initrd.img: Fixed an installer patch that caused preformatted filesystems to be misdetected in some cases. usb-and-pxe-installers/: Updated. +--------------------------+ Sat Feb 23 01:30:50 CST 2008 a/kernel-generic-2.6.23.16-i486-2.tgz: Recompiled. a/kernel-generic-smp-2.6.23.16_smp-i686-2.tgz: Recompiled. a/kernel-huge-2.6.23.16-i486-2.tgz: Recompiled. a/kernel-huge-smp-2.6.23.16_smp-i686-2.tgz: Recompiled. a/kernel-modules-2.6.23.16-i486-2.tgz: Recompiled. a/kernel-modules-smp-2.6.23.16_smp-i686-2.tgz: Recompiled. d/binutils-2.18.50.0.4-i486-1.tgz: Upgraded to binutils-2.18.50.0.4. d/gcc-4.2.3-i486-1.tgz: Upgraded to gcc-4.2.3. d/gcc-g++-4.2.3-i486-1.tgz: Upgraded to gcc-4.2.3 (C++). d/gcc-gfortran-4.2.3-i486-1.tgz: Upgraded to gcc-4.2.3 (FORTRAN). d/gcc-gnat-4.2.3-i486-1.tgz: Upgraded to gcc-4.2.3 (Ada). d/gcc-java-4.2.3-i486-1.tgz: Upgraded to gcc-4.2.3 (GCJ). d/gcc-objc-4.2.3-i486-1.tgz: Upgraded to gcc-4.2.3 (Objective-C). d/kernel-headers-2.6.23.16_smp-i386-2.tgz: Rebuilt. d/oprofile-0.9.2-i486-6.tgz: Recompiled. k/kernel-source-2.6.23.16_smp-noarch-2.tgz: Recompiled. l/svgalib_helper-1.9.25_2.6.23.16-i486-2.tgz: Rebuilt. n/bluez-hcidump-1.41-i486-1.tgz: Upgraded to bluez-hcidump-1.41. n/bluez-libs-3.26-i486-1.tgz: Upgraded to bluez-libs-3.26. n/bluez-utils-3.26-i486-1.tgz: Upgraded to bluez-utils-3.26. extra/linux-2.6.23.16-nosmp-sdk/: Updated. isolinux/initrd.img: Rebuilt. kernels/huge.s/*: Rebuilt. kernels/hugesmp.s/*: Rebuilt. kernels/speakup.s/*: Rebuilt. usb-and-pxe-installers/: Updated. +--------------------------+ Thu Feb 21 20:15:35 CST 2008 a/cups-1.3.6-i486-1.tgz: Upgraded to cups-1.3.6. a/lilo-22.8-i486-6.tgz: Fixed some trivial bugs that were reported by many. Adjusted the slack.bmp's internal color values to match those written into lilo.conf by liloconfig. ap/foomatic-filters-3.0_20080211-i486-1.tgz: Upgraded to foomatic-filters-3.0_20080211. ap/hplip-2.8.2-i486-1.tgz: Upgraded to hplip-2.8.2. d/git-1.5.4.2-i486-1.tgz: Upgraded to git-1.5.4.2. d/perl-5.8.8-i486-5.tgz: Added XML::Simple perl module for icon-naming-utils. l/cairo-1.4.14-i486-1.tgz: Upgraded to cairo-1.4.14. l/desktop-file-utils-0.14-i486-1.tgz: Upgraded to desktop-file-utils-0.14. l/gnome-icon-theme-2.20.0-noarch-1.tgz: Upgraded to gnome-icon-theme-2.20.0. l/gtk+2-2.12.8-i486-1.tgz: Upgraded to gtk+-2.12.8. l/hicolor-icon-theme-0.10-noarch-1.tgz: Upgraded to hicolor-icon-theme-0.10. l/icon-naming-utils-0.8.6-i486-1.tgz: Added utilities for naming icons. l/librsvg-2.20.0-i486-1.tgz: Upgraded to librsvg-2.20.0. l/ncurses-5.6-i486-3.tgz: Applied all official patches. l/taglib-1.5-i486-1.tgz: Upgraded to taglib-1.5. l/poppler-0.6.4-i486-1.tgz: Upgraded to poppler-0.6.4. Activated --enable-xpdf-headers option (thanks to Jonathan Woithe). l/poppler-data-0.2.0-noarch-1.tgz: Upgraded to poppler-data-0.2.0. l/qca-tls-1.0-i486-5.tgz: Rebuilt for Qt 3.3.8b. l/qt-3.3.8b-i486-1.tgz: Upgraded to qt-x11-free-3.3.8b. l/shared-mime-info-0.23-i486-1.tgz: Upgraded to shared-mime-info-0.23. x/xterm-232-i486-1.tgz: Upgraded to xterm-232. xap/sane-1.0.19-i486-1.tgz: Upgraded sane-backends to version 1.0.19. Merged HAL/DBUS/udev fixes from Robby Workman. Thanks for the help on many of these other packages, too. +--------------------------+ Wed Feb 20 17:45:37 CST 2008 a/lilo-22.8-i486-5.tgz: Added a simple splash screen (the default one had too many colors and was making my eyes hurt ;-). Thanks to the unknown Slacker who submitted the idea ages ago when we were dead-set against "branding". Piter PUNK, alienBOB, and I made some additional adjustments. a/mkinitrd-1.3.1-i486-1.tgz: Merged patches for LVM/LUKS, hibernate, and RAID. Thanks to Eric Hameleers for the LVM/LUKS patches. Thanks to Ricardo Garcia and Piter Punk for the hibernate patches. Thanks to Kevin F. Haggerty for spotting a bug in there, and to Gianluca Toso for the RAID patches. Thanks also to the many people who have offered similar solutions. :-) Fixed a bug using -o with a relative path -- thanks to Mark. Thanks to David Somero for noticing (some time ago...) that the man page for mkinitrd was lacking any information on the -w option. a/sysvinit-scripts-1.2-noarch-15.tgz: Patched /etc/rc.d/rc.S for some of Eric's changes to LUKS handling in the initrd. kde/k3b-1.0.4-i486-1.tgz: Upgraded to k3b-1.0.4. kde/kdeaccessibility-3.5.9-i486-1.tgz: Upgraded to kdeaccessibility-3.5.9. kde/kdeaddons-3.5.9-i486-1.tgz: Upgraded to kdeaddons-3.5.9. kde/kdeadmin-3.5.9-i486-1.tgz: Upgraded to kdeadmin-3.5.9. kde/kdeartwork-3.5.9-i486-1.tgz: Upgraded to kdeartwork-3.5.9. kde/kdebase-3.5.9-i486-1.tgz: Upgraded to kdebase-3.5.9. kde/kdebindings-3.5.9-i486-1.tgz: Upgraded to kdebindings-3.5.9. kde/kdeedu-3.5.9-i486-1.tgz: Upgraded to kdeedu-3.5.9. kde/kdegames-3.5.9-i486-1.tgz: Upgraded to kdegames-3.5.9. kde/kdegraphics-3.5.9-i486-1.tgz: Upgraded to kdegraphics-3.5.9. kde/kdelibs-3.5.9-i486-1.tgz: Upgraded to kdelibs-3.5.9. kde/kdemultimedia-3.5.9-i486-1.tgz: Upgraded to kdemultimedia-3.5.9. kde/kdenetwork-3.5.9-i486-1.tgz: Upgraded to kdenetwork-3.5.9. kde/kdepim-3.5.9-i486-1.tgz: Upgraded to kdepim-3.5.9. kde/kdesdk-3.5.9-i486-1.tgz: Upgraded to kdesdk-3.5.9. kde/kdetoys-3.5.9-i486-1.tgz: Upgraded to kdetoys-3.5.9. kde/kdeutils-3.5.9-i486-1.tgz: Upgraded to kdeutils-3.5.9. kde/kdevelop-3.5.1-i486-1.tgz: Upgraded to kdevelop-3.5.1. kde/kdewebdev-3.5.9-i486-1.tgz: Upgraded to kdewebdev-3.5.9. kdei/k3b-i18n-1.0.4-noarch-1.tgz: Upgraded to k3b-i18n-1.0.4. kdei/kde-i18n-*-3.5.9-noarch-1.tgz: Upgraded to kde-i18n-*-3.5.9. l/arts-1.5.9-i486-1.tgz: Upgraded to arts-1.5.9. l/libmad-0.15.1b-i486-3.tgz: A certain popular project has begun to require "mad.pc", a pkgconfig file which has never been provided with libmad. As much as I'd prefer not to be a lemming, sometimes doing what's right is not the same as doing what has to be done. Probably the project's developers didn't even know mad.pc wasn't a vanilla file. This is a good example of why every distro should not fork every package, especially as libmad's library/headers couldn't be in more obvious locations. Perhaps this package doesn't see much upstream attention any more (I don't know), but does it really _need_ a .pc file? l/libmusicbrainz-2.1.4-i486-2.tgz: Removed. l/libtunepimp-0.4.2-i486-3.tgz: Removed. x/scim-1.4.7-i486-2.tgz: Don't try to use SCIM as the input method if the package has been removed, or use scim-bridge if that package is not installed. Remove the LANG variables and give a pointer to the lang.* scripts. Install script bugfix. x/scim-bridge-0.4.14-i486-2.tgz: Install script bugfix. x/ttf-arphic-uming-0.1.20060928-noarch-1.tgz: Removed. x/wqy-zenhei-font-ttf-0.4.23-noarch-1.tgz: Switched from Arphic to wqy-zenhei after several votes for this font if only one is to be included as a starter font. Thanks to Bruce Hill and Eric Hameleers for the encouragement. :-) isolinux/initrd.img: Added network install patches from Eric Hameleers. usb-and-pxe-installers/: Rebuilt with new patches. +--------------------------+ Sat Feb 16 18:43:48 CST 2008 ap/mysql-5.0.51a-i486-1.tgz: Upgraded to mysql-5.0.51a. x/anthy-9100e-i486-1.tgz: Added anthy-9100e. x/dejavu-fonts-ttf-2.23-noarch-1.tgz: Upgraded to dejavu-fonts-ttf-2.23. x/libhangul-0.0.7-i486-1.tgz: Added libhangul-0.0.7. x/m17n-lib-1.5.0-i486-1.tgz: Added m17n-lib-1.5.0. x/sazanami-fonts-ttf-20040629-noarch-1.tgz: Added sazanami-fonts-ttf-20040629. x/scim-1.4.7-i486-1.tgz: Added scim-1.4.7. x/scim-anthy-1.2.4-i486-1.tgz: Added scim-anthy-1.2.4. x/scim-bridge-0.4.14-i486-1.tgz: Added scim-bridge-0.4.14. x/scim-hangul-0.3.2-i486-1.tgz: Added scim-hangul-0.3.2. x/scim-m17n-0.2.2-i486-1.tgz: Added scim-m17n-0.2.2. x/scim-pinyin-0.5.91-i486-1.tgz: Added scim-pinyin-0.5.91. x/scim-tables-0.5.7-i486-1.tgz: Added scim-tables-0.5.7. x/sinhala_lklug-font-ttf-20060929-noarch-1.tgz: Added sinhala_lklug-font-ttf-20060929. x/tibmachuni-font-ttf-1.901-noarch-1.tgz: Added tibmachuni-font-ttf-1.901. x/ttf-arphic-uming-0.1.20060928-noarch-1.tgz: Added ttf-arphic-uming-0.1.20060928. Huge thanks are again due to Eric Hameleers for doing the vast majority of the work on implementing these new input methods and fonts! Thanks are due as well to ABE Shin-ichi for helping to test packages. And last but not least, thanks to Bruce Hill for getting Eric started on this project, and for helping with the testing process. +--------------------------+ Thu Feb 14 16:11:07 CST 2008 n/httpd-2.2.8-i486-1.tgz: Upgraded to httpd-2.2.8. This fixes security and other bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005 (* Security fix *) +--------------------------+ Tue Feb 12 23:07:34 CST 2008 xap/mozilla-firefox-2.0.0.12-i686-1.tgz: Upgraded to firefox-2.0.0.12. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) xap/seamonkey-1.1.8-i486-1.tgz: Upgraded to seamonkey-1.1.8. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) +--------------------------+ Mon Feb 11 17:47:58 CST 2008 a/kernel-generic-2.6.23.16-i486-1.tgz: Upgraded to Linux 2.6.23.16 uniprocessor generic.s (requires initrd) kernel. All of these kernel upgrades fix yesterday's local root exploit. The kernel headers did not change, so a glibc rebuild is not required. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0010 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0600 (* Security fix *) If you use lilo, don't forget to run it again after the upgrade. a/kernel-generic-smp-2.6.23.16_smp-i686-1.tgz: Upgraded to Linux 2.6.23.16 SMP gensmp.s (requires initrd) kernel. (* Security fix *) a/kernel-huge-2.6.23.16-i486-1.tgz: Upgraded to Linux 2.6.23.16 uniprocessor huge.s (full-featured) kernel. (* Security fix *) a/kernel-huge-smp-2.6.23.16_smp-i686-1.tgz: Upgraded to Linux 2.6.23.16 SMP hugesmp.s (full-featured) kernel. (* Security fix *) a/kernel-modules-2.6.23.16-i486-1.tgz Upgraded to Linux 2.6.23.16 uniprocessor kernel modules. a/kernel-modules-smp-2.6.23.16_smp-i686-1.tgz Upgraded to Linux 2.6.23.16 SMP kernel modules. d/kernel-headers-2.6.23.16_smp-i386-1.tgz: Upgraded to Linux 2.6.23.16 SMP kernel headers. k/kernel-source-2.6.23.16_smp-noarch-1.tgz Upgraded to Linux 2.6.23.16 SMP kernel source. (* Security fix *) l/svgalib_helper-1.9.25_2.6.23.16-i486-1.tgz: Rebuilt for 2.6.23.16 kernels. isolinux/initrd.img: Upgraded modules to 2.6.23.16. kernels/huge.s/*: Upgraded huge.s kernel to 2.6.23.16. (* Security fix *) kernels/hugesmp.s/*: Upgraded hugesmp.s kernel to 2.6.23.16 (SMP). (* Security fix *) kernels/speakup.s: Updated speakup.s kernel to 2.6.23.16. (* Security fix *) extra/linux-2.6.23.16-nosmp-sdk/: Updated SMP to no-SMP kernel source patch. (* Security fix *) usb-and-pxe-installers/: Updated USB and PXE installers to 2.6.23.16 modules. +--------------------------+ Mon Feb 11 01:23:09 CST 2008 a/cups-1.3.5-i486-1.tgz: Upgraded to cups-1.3.5. a/e2fsprogs-1.40.6-i486-1.tgz: Upgraded to e2fsprogs-1.40.6. l/glib2-2.14.6-i486-1.tgz: Upgraded to glib-2.14.6. xap/gimp-2.4.4-i486-1.tgz: Upgraded to gimp-2.4.4. isolinux/initrd.img: Upgraded libraries and utilities to e2fsprogs-1.40.6. usb-and-pxe-installers/: Updated libraries and utilities to e2fsprogs-1.40.6. Also, thanks to David Somero for checking all the slack-desc files for conformance to our unwritten standards. :-) +--------------------------+ Sat Feb 9 04:48:36 CST 2008 a/device-mapper-1.02.24-i486-1.tgz: Upgraded to device-mapper.1.02.24. Thanks to Piter Punk for the help. a/glibc-solibs-2.7-i486-6.tgz: Recompiled against 2.6.23.15. Bumped everything to -6 since glibc-zoneinfo has been at -5 already. a/glibc-zoneinfo-2.7-noarch-6.tgz: Rebuilt. a/kernel-generic-2.6.23.15-i486-1.tgz: Upgraded to Linux 2.6.23.15 uniprocessor generic.s (requires initrd) kernel. a/kernel-generic-smp-2.6.23.15_smp-i686-1.tgz: Upgraded to Linux 2.6.23.15 SMP gensmp.s (requires initrd) kernel. a/kernel-huge-2.6.23.15-i486-1.tgz: Upgraded to Linux 2.6.23.15 uniprocessor huge.s (full-featured) kernel. a/kernel-huge-smp-2.6.23.15_smp-i686-1.tgz: Upgraded to Linux 2.6.23.15 SMP hugesmp.s (full-featured) kernel. a/kernel-modules-2.6.23.15-i486-1.tgz Upgraded to Linux 2.6.23.15 uniprocessor kernel modules. a/kernel-modules-smp-2.6.23.15_smp-i686-1.tgz Upgraded to Linux 2.6.23.15 SMP kernel modules. d/kernel-headers-2.6.23.15_smp-i386-1.tgz: Upgraded to Linux 2.6.23.15 SMP kernel headers. k/kernel-source-2.6.23.15_smp-noarch-1.tgz Upgraded to Linux 2.6.23.15 SMP kernel source. a/lvm2-2.02.33-i486-1.tgz: Upgraded to LVM2.2.02.33. Thanks to Piter Punk for the help. l/glibc-2.7-i486-6.tgz: Recompiled against 2.6.23.15. l/glibc-i18n-2.7-noarch-6.tgz: Rebuilt. l/glibc-profile-2.7-i486-6.tgz: Recompiled against 2.6.23.15. l/svgalib_helper-1.9.25_2.6.23.15-i486-1.tgz: Rebuilt for 2.6.23.15 kernels. xap/xine-lib-1.1.10.1-i686-1.tgz: Upgraded to xine-lib-1.1.10.1. isolinux/initrd.img: Massive overhaul, primarily the work and initiative of Eric Hameleers. Work above and beyond the call of duty. If we gave out medals of honor, this would deserve one. :-) The installer now supports network installs from not just NFS, but also HTTP and FTP. Please be nice to our mirrors -- this feature is _intended_ for use within private networks from your own "site". Work is also underway to fully support unattended/remote installs. The installer has both a small ssh and sshd (dropbear). Thanks again Eric! This is something that's been on the drawing board for many years. isolinux/network.dsk: Upgraded to Linux 2.6.23.15 SMP/UP kernel modules. isolinux/pcmcia.dsk: Upgraded to Linux 2.6.23.15 SMP/UP kernel modules. kernels/huge.s/*: Upgraded huge.s kernel to 2.6.23.15. kernels/hugesmp.s/*: Upgraded hugesmp.s kernel to 2.6.23.15 (SMP). kernels/speakup.s: Updated to CVS as of 20080204T2334. A few diffs didn't apply cleanly, so let me know if it's broken and I'll see what I can do. Also, some hardware synths that were detected automatically with earlier kernels and/or speakup versions may now need the serial port specified on the kernel boot prompt like this: speakup.s speakup_synth=dectlk speakup_ser=0 Thanks to Stephen Greeley for bug reports and testing. Hopefully my best guess at a kernel patch to bypass Unicode for now hasn't broken everything. extra/linux-2.6.23.15-nosmp-sdk/: Updated SMP to no-SMP kernel source patch. +--------------------------+ Fri Feb 1 19:40:32 CST 2008 a/e2fsprogs-1.40.5-i486-1.tgz: Upgraded to e2fsprogs-1.40.5. d/subversion-1.4.6-i486-1.tgz: Upgraded to subversion-1.4.6. kde/kdesdk-3.5.8-i486-2.tgz: Recompiled to pick up new apr/neon/svn libs. A couple of bugzilla-related files have now appeared in the package. kde/kdevelop-3.5.0-i486-2.tgz: Recompiled to pick up new apr/neon/svn libs. l/apr-1.2.12-i486-1.tgz: Upgraded to apr-1.2.12. l/apr-util-1.2.12-i486-1.tgz: Upgraded to apr-util-1.2.12. l/neon-0.26.4-i486-1.tgz: Upgraded to neon-0.26.4. There are newer versions, but this is newer than what we had and allows everything to work for now. xap/audacious-1.4.6-i486-1.tgz: Upgraded to audacious-1.4.6. xap/audacious-plugins-1.4.5-i486-1.tgz: Upgraded to audacious-plugins-1.4.5. Now with an upgraded neon library, this uses neon for http/https transport. Thanks to Giacomo Lozito for the help with neon. +--------------------------+ Thu Jan 31 21:51:05 CST 2008 ap/alsa-utils-1.0.15-i486-1.tgz: Upgraded to alsa-utils-1.0.15. l/alsa-lib-1.0.15-i486-1.tgz: Upgraded to alsa-lib-1.0.15. l/alsa-oss-1.0.15-i486-1.tgz: Upgraded to alsa-oss-1.0.15. x/font-misc-misc-1.0.0-noarch-3.tgz: Removed bogus fonts.alias. The install scripts will make it. Thanks to Piter Punk. x/libXmu-1.0.4-i486-1.tgz: Upgraded to libXmu-1.0.4. x/xf86-video-amd-2.7.7.6-i486-1.tgz: Upgraded to xf86-video-amd-2.7.7.6. x/xf86-video-nv-2.1.7-i486-1.tgz: Upgraded to xf86-video-nv-2.1.7. x/xinput-1.3.0-i486-1.tgz: Added xinput-1.3.0. +--------------------------+ Wed Jan 30 19:07:35 CST 2008 d/ruby-1.8.6_p111-i486-2.tgz: Moved some comments out of the ./configure part of the build script to fix a couple of missed options. Thanks to Stuart Winter. kde/amarok-1.4.8-i486-1.tgz: Upgraded to amarok-1.4.8. l/atk-1.21.5-i486-1.tgz: Upgraded to atk-1.21.5. l/gtk+2-2.12.7-i486-1.tgz: Upgraded to gtk+-2.12.7. l/libmowgli-0.6.0-i486-1.tgz: Added libmowgli-0.6.0, which is needed by Audacious. l/libmtp-0.2.5-i486-1.tgz: Upgraded to libmtp-0.2.5. l/libgpod-0.6.0-i486-1.tgz: Upgraded to libgpod-0.6.0 (major version bump). l/libxml2-2.6.31-i486-1.tgz: Upgraded to libxml2-2.6.31. l/pango-1.19.3-i486-1.tgz: Upgraded to pango-1.19.3. xap/audacious-1.4.5-i486-1.tgz: Upgraded to audacious-1.4.5. xap/audacious-plugins-1.4.4-i486-1.tgz: Upgraded to audacious-plugins-1.4.4-i486-1.tgz. xap/xine-lib-1.1.10-i686-1.tgz: Upgraded to xine-lib-1.1.10. extra/slackpkg/slackpkg-2.70-noarch-1.tgz: Upgraded to slackpkg-2.70. Thanks to Piter Punk. Great thanks are also due to the KDE team, not only for their tremendous accomplishments over the years, but for the gracious reception they gave to the members of the Slackware team who traveled to the release event. What a wonderful group of people! We had a great time there, learned a lot, and will be applying that knowledge and our new contacts within KDE to provide the best possible KDE experience for Slackware users. The next Slackware release will contain KDE 3.5.9, but we're targeting KDE 4.1.x for the one after that. The application end of things doesn't quite fully cover KDE3's functionality yet, but by then it will. As I'm sure most of you know, Robby has put up test packages of the initial KDE 4.0 release which I've tested and found to be consistent with what to expect from a developer's preview. The look of the new desktop is stunning, and the use of SVG and hardware acceleration gives (IMHO) even something like MacOS a run for its money in terms of appearance and user-friendliness. We look forward with great anticipation to merging KDE4 when it is mature enough (and it's getting there fast), and then watching it just get better and better. Once again, _huge_ thanks to our KDE friends! Stop by here any time. :-) +--------------------------+ Tue Jan 8 22:42:01 CST 2008 ap/nano-2.0.7-i486-1.tgz: Upgraded to nano-2.0.7. d/mercurial-0.9.5-i486-1.tgz: Upgraded to mercurial-0.9.5. d/ruby-1.8.6_p111-i486-1.tgz: Upgraded ruby-1.8.6 to patchlevel 111. l/atk-1.20.0-i486-1.tgz: Upgraded to atk-1.20.0. l/glib2-2.14.5-i486-1.tgz: Upgraded to glib-2.14.5. l/gtk+2-2.12.4-i486-1.tgz: Upgraded to gtk+-2.12.4. l/libxml2-2.6.30-i486-1.tgz: Upgraded to libxml2-2.6.30. l/libxslt-1.1.22-i486-1.tgz: Upgraded to libxslt-1.1.22. l/pango-1.19.2-i486-1.tgz: Upgraded to pango-1.19.2. l/pycairo-1.4.12-i486-1.tgz: Added pycairo-1.4.12. Thanks to Eric Hameleers. l/pygobject-2.14.1-i486-1.tgz: Added pygobject-2.14.1. Thanks to Erik Hanson and SBo (slackbuilds.org). l/pygtk-2.12.1-i486-1.tgz: Added pygtk-2.12.1. Thanks to Erik Hanson, Andrew Brouwers, and SBo. l/pyrex-0.9.6.4-i486-1.tgz: Added Pyrex-0.9.6.4. Thanks to David Somero. x/dejavu-fonts-ttf-2.22-noarch-1.tgz: **NOTE PACKAGE NAME CHANGE** Upgraded to version 2.22. x/liberation-fonts-ttf-0.2-noarch-3.tgz: Added liberation-fonts-ttf-0.2-3. x/xf86-video-ati-6.7.197-i486-1.tgz: Upgraded to xf86-video-ati-6.7.197. x/xf86-video-radeonhd-1.1.0-i486-1.tgz: Upgraded to xf86-video-radeonhd-1.1.0. xap/seamonkey-1.1.7-i486-2.tgz: Use the system cairo to avoid a compile error. Thanks to Eric Hameleers for helping to figure this out. Patched a Makefile.in to avoid another compile error with the new GTK+. Thanks to the BLFS contributors for posting the solution to this. +--------------------------+ Mon Dec 31 18:44:01 CST 2007 a/glibc-zoneinfo-2.7-noarch-5.tgz: Some deja vu. ;-) Upgraded to tzdata2007k. A new year should be started with the latest timezone data, so here it is. Happy holidays, and a happy new year to all! :-) +--------------------------+ Sat Dec 22 17:07:12 CST 2007 l/libgsf-1.14.7-i486-1.tgz: Upgraded to libgsf-1.14.7. +--------------------------+ Sat Dec 22 00:54:42 CST 2007 a/glibc-solibs-2.7-i486-4.tgz: Upgraded to glibc-2.7 compiled against Linux 2.6.23.12 kernel headers. a/glibc-zoneinfo-2.7-noarch-4.tgz: Upgraded to tzdata2007j. a/kernel-generic-2.6.23.12-i486-1.tgz: Upgraded to Linux 2.6.23.12 uniprocessor generic.s (requires initrd) kernel. a/kernel-generic-smp-2.6.23.12_smp-i686-1.tgz: Upgraded to Linux 2.6.23.12 SMP gensmp.s (requires initrd) kernel. a/kernel-huge-2.6.23.12-i486-1.tgz: Upgraded to Linux 2.6.23.12 uniprocessor huge.s (full-featured) kernel. a/kernel-huge-smp-2.6.23.12_smp-i686-1.tgz: Upgraded to Linux 2.6.23.12 SMP hugesmp.s (full-featured) kernel. a/kernel-modules-2.6.23.12-i486-1.tgz Upgraded to Linux 2.6.23.12 uniprocessor kernel modules. a/kernel-modules-smp-2.6.23.12_smp-i686-1.tgz Upgraded to Linux 2.6.23.12 SMP kernel modules. d/kernel-headers-2.6.23.12_smp-i386-1.tgz: Upgraded to Linux 2.6.23.12 SMP kernel headers. k/kernel-source-2.6.23.12_smp-noarch-1.tgz Upgraded to Linux 2.6.23.12 SMP kernel source. l/glibc-2.7-i486-4.tgz: Rebuilt against Linux 2.6.23.12 kernel headers. l/glibc-i18n-2.7-noarch-4.tgz: Rebuilt. l/glibc-profile-2.7-i486-4.tgz: Rebuilt against Linux 2.6.23.12 headers. l/svgalib_helper-1.9.25_2.6.23.12-i486-1.tgz: Recompiled for Linux 2.6.23.12. extra/linux-2.6.23.12-nosmp-sdk/: Updated SMP to no-SMP kernel source patch. isolinux/network.dsk, pcmcia.dsk; Upgraded to 2.6.23.12 kernel modules. kernels/huge.s/*: Upgraded huge.s kernel to 2.6.23.12. kernels/hugesmp.s/*: Upgraded hugesmp.s kernel to 2.6.23.12 (SMP). usb-and-pxe-installers/: Updated USB and PXE installers. +--------------------------+ Fri Dec 21 19:03:54 CST 2007 a/pkgtools-12.1.0-noarch-2.tgz: Fixed a regex bug in a grep in installpkg that could cause packages that do not conform to the FHS (those containing single- character top-level directories) to not be removable or upgradeable through the pkgtools. Thanks to Johnny Morano for pointing this ancient bug out. Made the top-line with -infobox more terse since some of the package names have become too long to fit, and were disturbing the infobox's formatting. isolinux/initrd.img: Upgraded to the latest installpkg. +--------------------------+ Fri Dec 14 18:02:39 CST 2007 a/mkinitrd-1.3.0-i486-4.tgz: Fixed a bug that could cause modprobe to attempt to load the same module more than once (due to whitespace differences in the initramfs's load_kernel_modules script). Thanks to Piter Punk. ap/mysql-5.0.51-i486-1.tgz: Upgraded to mysql-5.0.51. This release fixes several bugs, including some security issues. However, it also includes a potentially incompatible change, so be sure to read the release notes before upgrading. It is possible that some databases will need to be fixed in order to work with this (and future) releases: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html For more information about the security issues fixed, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969 (* Security fix *) f/linux-howtos-20071214-noarch-1.tgz: Upgraded to linux-howtos-20071214. l/hal-info-20071212-noarch-1.tgz: Upgraded to hal-info-20071212. l/libpng-1.2.24-i486-1.tgz: Upgraded to libpng-1.2.24. n/nmap-4.50-i486-1.tgz: Upgraded to nmap-4.50. x/xf86-input-joystick-1.3.1-i486-1.tgz: Upgraded to xf86-input-joystick-1.3.1. x/xf86-video-radeonhd-1.0.0-i486-1.tgz: Added xf86-video-radeonhd-1.0.0. x/xorg-server-1.4.0.90-i486-1.tgz: Upgraded to xorg-server-1.4.0.90. x/xorg-server-xnest-1.4.0.90-i486-1.tgz: Upgraded to xorg-server-xnest-1.4.0.90. x/xorg-server-xvfb-1.4.0.90-i486-1.tgz: Upgraded to xorg-server-xvfb-1.4.0.90. xap/imagemagick-6.3.7_4-i486-1.tgz: Upgraded to ImageMagick-6.3.7-4. +--------------------------+ Mon Dec 10 14:07:48 CST 2007 l/vte-0.16.10-i486-1.tgz: Upgraded to vte-0.16.10. n/proftpd-1.3.1-i486-1.tgz: Upgraded to proftpd-1.3.1. n/samba-3.0.28-i486-1.tgz: Upgraded to samba-3.0.28. Samba 3.0.28 is a security release in order to address a boundary failure in GETDC mailslot processing that can result in a buffer overrun leading to possible code execution. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015 http://www.samba.org/samba/history/samba-3.0.28.html http://secunia.com/secunia_research/2007-99/advisory/ (* Security fix *) xap/gkrellm-2.3.1-i486-1.tgz: Upgraded to gkrellm-2.3.1. xap/pidgin-2.3.1-i486-1.tgz: Upgraded to pidgin-2.3.1. xap/xchat-2.8.4-i486-1.tgz: Upgraded to xchat-2.8.4. extra/ktorrent/ktorrent-2.2.4-i486-1.tgz: Upgraded to ktorrent-2.2.4. +--------------------------+ Wed Dec 5 14:57:36 CST 2007 a/kernel-huge-smp-2.6.23.9_smp-i686-3.tgz: Fixed missing JFFS2. Thanks to Arny. kernels/hugesmp.s/*: Fixed missing JFFS2. Thanks to Arny. +--------------------------+ Tue Dec 4 19:03:43 CST 2007 a/hdparm-7.7-i486-1.tgz: Upgraded to hdparm-7.7. Moved hdparm binary to /sbin (suggested by Tsomi). a/kernel-generic-2.6.23.9-i486-2.tgz: Rebuilt. a/kernel-generic-smp-2.6.23.9_smp-i686-2.tgz: Rebuilt. a/kernel-huge-2.6.23.9-i486-2.tgz: Rebuilt. a/kernel-huge-smp-2.6.23.9_smp-i686-2.tgz: Rebuilt. a/kernel-modules-2.6.23.9-i486-2.tgz Added JFFS2 modules. a/kernel-modules-smp-2.6.23.9_smp-i686-2.tgz Added JFFS2 modules. d/kernel-headers-2.6.23.9_smp-i386-2.tgz: Rebuilt. k/kernel-source-2.6.23.9_smp-noarch-2.tgz: Reconfigured to include the option for JFFS2, a journalling flash file system. l/svgalib_helper-1.9.25_2.6.23.9-i486-2.tgz: Recompiled. xap/gimp-2.4.2-i486-1.tgz: Upgraded to gimp-2.4.2. extra/linux-2.6.23.9-nosmp-sdk/: Updated SMP to no-SMP kernel source patch. isolinux/network.dsk, pcmcia.dsk; Upgraded kernel modules. kernels/huge.s/*: Upgraded huge.s kernel. kernels/hugesmp.s/*: Upgraded hugesmp.s kernel (SMP). usb-and-pxe-installers/: Updated USB and PXE installers. +--------------------------+ Mon Dec 3 21:04:37 CST 2007 a/inotify-tools-3.12-i486-1.tgz: Added inotify-tools-3.12. Thanks to Eric Hameleers for the build script. ap/cdparanoia-III10pre0-i486-1.tgz: Upgraded to cdparanoia-III-10pre0. ap/hplip-2.7.10-i486-2.tgz: Rebuilt with some fixes to the build script. Thanks to Robby Workman. kde/amarok-1.4.7-i486-2.tgz: Recompiled against libmtp-0.2.4. l/cairo-1.4.12-i486-1.tgz: Upgraded to cairo-1.4.12. This fixes a possible security risk when decoding PNG files that may have been maliciously tampered with: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5503 (* Security fix *) l/libmtp-0.2.4-i486-1.tgz: Upgraded to libmtp-0.2.4. Thanks to Piter Punk for updating the udev rules. l/libnjb-2.2.6-i486-2.tgz: Updated udev rules. Thanks to Piter Punk. n/bluez-hcidump-1.40-i486-1.tgz: Upgraded to bluez-hcidump-1.40. n/bluez-libs-3.22-i486-1.tgz: Upgraded to bluez-libs-3.22. n/bluez-utils-3.22-i486-1.tgz: Upgraded to bluez-utils-3.22. Thanks to Piter Punk for updating the udev rules. n/gnupg2-2.0.7-i486-1.tgz: Upgraded to gnupg2-2.0.7. n/gnutls-2.0.4-i486-1.tgz: Upgraded to gnutls-2.0.4. n/gpgme-1.1.5-i486-1.tgz: Upgraded to gpgme-1.1.5. n/libassuan-1.0.3-i486-1.tgz: Upgraded to libassuan-1.0.3. n/libgpg-error-1.6-i486-1.tgz: Upgraded to libgpg-error-1.6. n/libksba-1.0.2-i486-1.tgz: Upgraded to libksba-1.0.2. n/mcabber-0.9.5-i486-1.tgz: Upgraded to mcabber-0.9.5. n/pinentry-0.7.4-i486-1.tgz: Upgraded to pinentry-0.7.4. n/samba-3.0.27a-i486-1.tgz: Upgraded to samba-3.0.27a. This update fixes a crash bug regression experienced by smbfs clients caused by the fix for CVE-2007-4572. xap/xfce-4.4.2-i486-1.tgz: Upgraded to xfce-4.4.2. Thanks to Robby Workman for the build script. This fixes a minor security bug in Terminal: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3770 (* Security fix *) +--------------------------+ Sat Dec 1 17:02:02 CST 2007 n/rsync-2.6.9-i486-2.tgz: Patched some security bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091 http://lists.samba.org/archive/rsync-announce/2007/000050.html (* Security fix *) xap/mozilla-firefox-2.0.0.11-i686-1.tgz: Upgraded to Firefox 2.0.0.11, which fixed a bug introduced by the 2.0.0.10 update in the feature that affected some web pages and extensions. +--------------------------+ Thu Nov 29 19:51:15 CST 2007 xap/seamonkey-1.1.7-i486-1.tgz: Upgraded to seamonkey-1.1.7. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) +--------------------------+ Thu Nov 29 17:38:37 CST 2007 a/mkinitrd-1.3.0-i486-3.tgz: Fixed a missing '--parents' in a cp command. Thanks to Eric Hameleers for pointing out the bug. +--------------------------+ Thu Nov 29 14:53:28 CST 2007 a/glibc-solibs-2.7-i486-3.tgz: Fixed incorrect version numbers in the install script. Thanks to guru for the bug report. a/glibc-zoneinfo-2.7-noarch-3.tgz: Rebuilt. l/glibc-2.7-i486-3.tgz: Fixed incorrect version numbers in the install script. Thanks to guru for the bug report. l/glibc-i18n-2.7-noarch-3.tgz: Rebuilt. l/glibc-profile-2.7-i486-3.tgz: Rebuilt. +--------------------------+ Thu Nov 29 01:06:48 CST 2007 ap/cdrtools-2.01.01a36-i486-1.tgz: Upgraded to cdrtools-2.01.01a36. +--------------------------+ Thu Nov 29 01:02:12 CST 2007 a/glibc-solibs-2.7-i486-2.tgz: Upgraded to glibc-2.7 compiled against Linux 2.6.23.9 kernel headers. a/glibc-zoneinfo-2.7-noarch-2.tgz: Upgraded to tzdata2007i. a/kernel-generic-2.6.23.9-i486-1.tgz: Upgraded to Linux 2.6.23.9 uniprocessor generic.s (requires initrd) kernel. a/kernel-generic-smp-2.6.23.9_smp-i686-1.tgz: Upgraded to Linux 2.6.23.9 SMP gensmp.s (requires initrd) kernel. a/kernel-huge-2.6.23.9-i486-1.tgz: Upgraded to Linux 2.6.23.9 uniprocessor huge.s (full-featured) kernel. a/kernel-huge-smp-2.6.23.9_smp-i686-1.tgz: Upgraded to Linux 2.6.23.9 SMP hugesmp.s (full-featured) kernel. a/kernel-modules-2.6.23.9-i486-1.tgz Upgraded to Linux 2.6.23.9 uniprocessor kernel modules. a/kernel-modules-smp-2.6.23.9_smp-i686-1.tgz Upgraded to Linux 2.6.23.9 SMP kernel modules. ap/ghostscript-8.61-i486-1.tgz: Upgraded to ghostscript-8.61. This is still under the GPL -- just FYI, I do not know why the package name changed. This package replaces gnu-ghostscript-8.60.0-i486-2. d/kernel-headers-2.6.23.9_smp-i386-1.tgz: Upgraded to Linux 2.6.23.9 SMP kernel headers. k/kernel-source-2.6.23.9_smp-noarch-1.tgz Upgraded to Linux 2.6.23.9 SMP kernel source. l/gamin-0.1.9-i486-1.tgz: Upgraded to gamin-0.1.9. l/glibc-2.7-i486-2.tgz: Upgraded to glibc-2.7, built against Linux 2.6.23.9 kernel headers. * NOTE: Packages for -current built after this batch of packages (up to * the datestamp above) will be linked against glibc-2.7 and _may_ not work * on systems running earlier versions of glibc (such as Slackware 12.0 * systems running glibc-2.5). l/glibc-i18n-2.7-noarch-2.tgz: Upgraded to glibc-2.7 locale files. l/glibc-profile-2.7-i486-2.tgz: Upgraded to glibc-2.7 profile libs. l/svgalib_helper-1.9.25_2.6.23.9-i486-1.tgz: Recompiled for Linux 2.6.23.9. extra/linux-2.6.23.9-nosmp-sdk/: Updated SMP to no-SMP kernel source patch. isolinux/initrd.img: Upgraded to glibc-2.7. Added dmidecode. isolinux/network.dsk, pcmcia.dsk; Upgraded to 2.6.23.9 kernel modules. kernels/huge.s/*: Upgraded huge.s kernel to 2.6.23.9. kernels/hugesmp.s/*: Upgraded hugesmp.s kernel to 2.6.23.9 (SMP). usb-and-pxe-installers/: Updated USB and PXE installers. +--------------------------+ Wed Nov 28 12:33:14 CST 2007 a/mkinitrd-1.3.0-i486-2.tgz: Edited two spots where grep was searching for / rather than ' on / '. Thanks to Erik Jan Tromp for pointing out that this needed a patch. +--------------------------+ Tue Nov 27 16:08:14 CST 2007 a/mkinitrd-1.3.0-i486-1.tgz: Upgraded to mkinitrd-1.3.0. This fixes a bug where some module options could be ignored. Thanks to Alan Hicks for the patch. Thanks also to Richard Hoyle for showing me how to statically link busybox correctly when I wouldn't listen to the Makefile. ;-) xap/mozilla-firefox-2.0.0.10-i686-1.tgz: Upgraded to firefox-2.0.0.10. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Wed Nov 21 00:11:24 CST 2007 a/kernel-generic-2.6.23.8-i486-1.tgz: Upgraded to Linux 2.6.23.8 uniprocessor generic.s (requires initrd) kernel. a/kernel-generic-smp-2.6.23.8_smp-i686-1.tgz: Upgraded to Linux 2.6.23.8 SMP gensmp.s (requires initrd) kernel. a/kernel-huge-2.6.23.8-i486-1.tgz: Upgraded to Linux 2.6.23.8 uniprocessor huge.s (full-featured) kernel. a/kernel-huge-smp-2.6.23.8_smp-i686-1.tgz: Upgraded to Linux 2.6.23.8 SMP hugesmp.s (full-featured) kernel. a/kernel-modules-2.6.23.8-i486-1.tgz Upgraded to Linux 2.6.23.8 uniprocessor kernel modules. a/kernel-modules-smp-2.6.23.8_smp-i686-1.tgz Upgraded to Linux 2.6.23.8 SMP kernel modules. d/kernel-headers-2.6.23.8_smp-i386-1.tgz: Upgraded to Linux 2.6.23.8 SMP kernel headers. k/kernel-source-2.6.23.8_smp-noarch-1.tgz Upgraded to Linux 2.6.23.8 SMP kernel source. l/libpng-1.2.23-i486-1.tgz: Upgraded to libpng-1.2.23. Previous libpng versions may crash when loading malformed PNG files. It is not currently known if this vulnerability can be exploited to execute malicious code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 (* Security fix *) l/svgalib_helper-1.9.25_2.6.23.8-i486-1.tgz: Recompiled for Linux 2.6.23.8. extra/linux-2.6.23.8-nosmp-sdk/: Updated SMP to no-SMP kernel source patch. isolinux/network.dsk, pcmcia.dsk; upgraded to 2.6.23.8 kernel modules. initrd.img: Upgraded to hdparm-7.6. kernels/generic.s/*: Upgraded generic.s kernel to 2.6.23.8. kernels/gensmp.s/*: Upgraded gensmp.s kernel to 2.6.23.8 (SMP). kernels/huge.s/*: Upgraded huge.s kernel to 2.6.23.8. kernels/hugesmp.s/*: Upgraded hugesmp.s kernel to 2.6.23.8 (SMP). usb-and-pxe-installers/: Updated USB and PXE installers. +--------------------------+ Tue Nov 20 16:49:58 CST 2007 xap/mozilla-thunderbird-2.0.0.9-i686-1.tgz: Upgraded to thunderbird-2.0.0.9. This update fixes the following security related issues: URIs with invalid %-encoding mishandled by Windows (MFSA 2007-36). Crashes with evidence of memory corruption (MFSA 2007-29). OK, so the first one obviously does not affect us. :-) The second fix has to do with the same JavaScript handling problem fixed before in Firefox. JavaScript is not enabled by default in Thunderbird, and the developers (at least in MFSA 2007-36) do not recommend turning it on. For more information, see: http://www.mozilla.org/security/announce/2007/mfsa2007-36.html http://www.mozilla.org/security/announce/2007/mfsa2007-29.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339 (* Security fix *) +--------------------------+ Sat Nov 17 00:19:20 CST 2007 ap/cdparanoia-IIIalpha9.8-i486-3.tgz: Recompiled with SG_IO patch. This didn't seem to make a noticable difference, but to someone it might. x/xf86-video-intel-2.2.0-i486-1.tgz: Upgraded to xf86-video-intel-2.2.0 x/xf86-video-sis-0.9.4-i486-1.tgz: Upgraded to xf86-video-sis-0.9.4. OK, now that that Samba fix is done, we can give you a working X server. :-) Evidently, the HAL/D-Bus enabled X server, xf86-input-evdev, and one of HAL's .fdi files aren't playing well together. After considering three possible workarounds, it was decided to disable D-Bus/HAL support in the X server for now. If you really want to play with X input hotplugging, it's easy enough to modify the source/x/x11/configure xorg-server configure file to enable D-Bus and HAL and run: ./x11.SlackBuild xserver xorg-server Xdmx remains gone per X build recommendations. x/xorg-server-1.4-i486-4.tgz: Recompiled without input hotplugging support. x/xorg-server-xnest-1.4-i486-4.tgz: Rebuilt. x/xorg-server-xvfb-1.4-i486-4.tgz: Rebuilt. xap/xscreensaver-5.04-i486-1.tgz: Upgraded to xscreensaver-5.04. +--------------------------+ Fri Nov 16 17:22:18 CST 2007 n/samba-3.0.27-i486-1.tgz: Upgraded to samba-3.0.27. Samba 3.0.27 is a security release in order to address a stack buffer overflow in nmbd's logon request processing, and remote code execution in Samba's WINS server daemon (nmbd) when processing name registration followed name query requests. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398 (* Security fix *) +--------------------------+ Wed Nov 14 23:01:27 CST 2007 x/xf86-input-evdev-1.2.0-i486-1.tgz: Upgraded to xf86-input-evdev-1.2.0. x/xf86-input-joystick-1.3.0-i486-1.tgz: Upgraded to xf86-input-joystick-1.3.0. +--------------------------+ Wed Nov 14 15:25:14 CST 2007 x/mesa-7.0.2-i486-1.tgz: Upgraded to mesa-7.0.2. x/xf86-video-ati-6.7.196-i486-1.tgz: Upgraded to xf86-video-ati-6.7.196. x/xf86-video-intel-2.1.99-i486-1.tgz: Upgraded to xf86-video-intel-2.1.99. x/xorg-server-1.4-i486-3.tgz: Rebuilt against Mesa 7.0.2. Removed support for XDMX, as the code is not maintained and interferes with input hotplug support. Thanks to Carlos Corbacho for the help. :-) x/xorg-server-xdmx-1.4-i486-2.tgz: Removed. x/xorg-server-xnest-1.4-i486-3.tgz: Rebuilt. x/xorg-server-xvfb-1.4-i486-3.tgz: Rebuilt. +--------------------------+ Mon Nov 12 01:25:34 CST 2007 kde/kdegraphics-3.5.8-i486-2.tgz: Patched xpdf related bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 (* Security fix *) kde/koffice-1.6.3-i486-2.tgz: Patched xpdf related bugs. For more information, see: http://www.kde.org/info/security/advisory-20071107-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 (* Security fix *) l/pcre-7.4-i486-1.tgz: Upgraded to pcre-7.4. l/poppler-0.6.2-i486-1.tgz: Upgraded to poppler-0.6.2. This release fixes xpdf related bugs. For more information, see: http://poppler.freedesktop.org/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 (* Security fix *) xap/xpdf-3.02pl2-i486-1.tgz: Upgraded to xpdf-3.02pl2. The pl2 patch fixes a crash in xpdf. Some theorize that this could be used to execute arbitrary code if an untrusted PDF file is opened, but no real-world examples are known (yet). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 (* Security fix *) +--------------------------+ Sat Nov 10 14:27:42 CST 2007 n/php-5.2.5-i486-1.tgz: Upgraded to php-5.2.5. This fixes bugs and security issues. For more information, see: http://www.php.net/releases/5_2_5.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887 (* Security fix *) +--------------------------+ Fri Nov 9 16:07:43 CST 2007 ap/gnu-ghostscript-8.60.0-i486-2.tgz: ./configured with --disable-compile-inits option, which disables a new default of compiling in various configuration values (such as paper size) rather than reading them from the traditional config file. Thanks to Jonathan Woithe for pointing this change out. xap/mozilla-firefox-2.0.0.9-i686-1.tgz: Upgraded to firefox-2.0.0.9. This upgrade improves the stability of Firefox. For more information, see: http://developer.mozilla.org/devnews/index.php/2007/11/01/firefox-2009-stability-update-now-available-for-download/ xap/seamonkey-1.1.6-i486-1.tgz: Upgraded to SeaMonkey 1.1.6. This upgrade fixes SeaMonkey's ability to display certain types of web pages. That's about all we could find about it here: http://www.mozilla.org/projects/seamonkey/ +--------------------------+ Sat Nov 3 15:24:00 CDT 2007 x/libXft-2.1.12-i486-2.tgz: Recompiled to fix issues with bold font rendering. Thanks to Bruce Hill and Eric Hameleers. +--------------------------+ Fri Nov 2 17:37:13 CDT 2007 n/links-2.1pre31-i486-1.tgz: Upgraded to links-2.1pre31. n/mcabber-0.9.4-i486-1.tgz: Upgraded to mcabber-0.9.4. n/openldap-client-2.3.38-i486-1.tgz: Upgraded to openldap-client-2.3.38. n/sendmail-8.14.2-i486-1.tgz: Upgraded to sendmail-8.14.2. n/sendmail-cf-8.14.2-noarch-1.tgz: Upgraded to sendmail-8.14.2 config files. x/dejavu-ttf-2.21-noarch-1.tgz: Upgraded to dejavu-ttf-2.21. xap/gimp-2.4.1-i486-1.tgz: Upgraded to gimp-2.4.1. xap/pan-0.132-i486-1.tgz: Upgraded to pan-0.132. xap/pidgin-2.2.2-i486-1.tgz: Upgraded to pidgin-2.2.2. +--------------------------+ Thu Nov 1 20:05:07 CDT 2007 a/cups-1.3.4-i486-1.tgz: Upgraded to cups-1.3.4. An off-by-one error in ipp.c may allow a remote attacker to crash CUPS resulting in a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351 (* Security fix *) +--------------------------+ Wed Oct 31 19:33:06 CDT 2007 a/pkgtools-12.1.0-noarch-1.tgz: Upgraded to pkgtools-12.1.0-noarch-1. Fixed the following issues with removepkg: Fix problem removing packages with a large number of fields. Thanks to Niki Kovacs for noticing this, and to Piter Punk for the patch. Use LC_ALL=C locale, which is much faster with "sort". Thanks to Tsomi. Don't try to remove any package that starts with '-'. This is not a proper package name (usually a typo), and results in the package database being broken as the "package" beginning with '-' is passed along as an option to a command later in the script. Thanks to Jef Oliver. Patched cat_except() to allow the last Slackware package on a partition to be removed (using ROOT=, of course). Thanks to Selkfoster for the patch, and to everyone else who proposed solutions before. This issue really wasn't given the highest priority before, but as long as I was here... Fixed pkgtool to handle much larger numbers of installed packages. Thanks to Gabriele Inghirami for the patch. NOTE: If you upgrade to the glibc packages below, be sure you are really wishing to test them, because reverting to the old version is not easy. However, these packages have (so far) passed the tests done here. testing/packages/glibc-2.7-i486-1.tgz: Added glibc-2.7. testing/packages/glibc-i18n-2.7-noarch-1.tgz: Added glibc-i18n-2.7. testing/packages/glibc-profile-2.7-i486-1.tgz: Added glibc-profile-2.7. testing/packages/glibc-solibs-2.7-i486-1.tgz: Added glibc-solibs-2.7. testing/packages/glibc-zoneinfo-2.7-noarch-1.tgz: Added glibc-zoneinfo-2.7. +--------------------------+ Sat Oct 27 16:33:49 CDT 2007 x/xf86-video-nv-2.1.6-i486-1.tgz: Upgraded to xf86-video-nv. x/compiz-0.6.2-i486-1.tgz: Upgraded to compiz-0.6.2. x/pixman-0.9.6-i486-1.tgz: Upgraded to pixman-0.9.6. x/glproto-1.4.9-noarch-1.tgz: Upgraded to glproto-1.4.9. +--------------------------+ Wed Oct 24 22:51:37 CDT 2007 l/librsvg-2.18.2-i486-1.tgz: Upgraded to librsvg-2.18.2. xap/gimp-2.4.0-i486-1.tgz: Upgraded to gimp-2.4.0. xap/mozilla-firefox-2.0.0.8-i686-1.tgz: Upgraded to firefox-2.0.0.8. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) xap/seamonkey-1.1.5-i486-1.tgz: Upgraded to seamonkey-1.1.5. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) +--------------------------+ Sat Oct 20 14:41:24 CDT 2007 ap/hplip-2.7.10-i486-1.tgz: Upgraded to hplip-2.7.10. l/libpng-1.2.22-i486-1.tgz: Upgraded to libpng-1.2.22. +--------------------------+ Sat Oct 20 11:13:29 CDT 2007 a/openssl-solibs-0.9.8g-i486-1.tgz: Upgraded to openssl-solibs-0.9.8g. n/openssh-4.7p1-i486-2.tgz: Recompiled against openssl-0.9.8g. n/openssl-0.9.8g-i486-1.tgz: Upgraded to openssl-0.9.8g. +--------------------------+ Thu Oct 18 18:19:59 CDT 2007 x/xorg-server-1.4-i486-2.tgz: Fixed missing /etc/X11/xserver/SecurityPolicy. Thanks to Robby Workman. x/xorg-server-xdmx-1.4-i486-2.tgz: Recompiled. x/xorg-server-xnest-1.4-i486-2.tgz: Recompiled. x/xorg-server-xvfb-1.4-i486-2.tgz: Recompiled. +--------------------------+ Wed Oct 17 14:22:06 CDT 2007 kde/kdelibs-3.5.8-i486-2.tgz: Replaced kio_http patch with the official fix from the KDE repo. Thanks to the KDE team. :-) These are the fixed bugs: http://bugs.kde.org/show_bug.cgi?id=150809 http://bugs.kde.org/show_bug.cgi?id=150904 +--------------------------+ Tue Oct 16 20:49:45 CDT 2007 kde/kdebindings-3.5.8-i486-1.tgz: Upgraded to kdebindings-3.5.8, and fixed missing package (thanks to Ricardo Garcia). l/poppler-0.6.1-i486-1.tgz: Upgraded to poppler-0.6.1. l/poppler-data-0.1.1-noarch-1.tgz: Upgraded to poppler-data-0.1.1, and fixed missing package (thanks to Ricardo Garcia). +--------------------------+ Tue Oct 16 14:51:30 CDT 2007 a/cups-1.3.3-i486-1.tgz: Upgraded to cups-1.3.3. a/dialog-1.1_20070930-i486-1.tgz: Upgraded to dialog-1.1-20070930. a/etc-12.1-noarch-1.tgz: Added "tape" group. a/glibc-solibs-2.5-i486-5.tgz: Recompiled against 2.6.23.1 kernel headers. a/glibc-zoneinfo-2.5-noarch-5.tgz: Upgraded to tzcode2007h and tzdata2007h. a/jfsutils-1.1.12-i486-1.tgz: Upgraded to jfsutils-1.1.12. a/kernel-generic-2.6.23.1-i486-1.tgz: Upgraded to Linux 2.6.23.1 single processor generic.s (requires initrd) kernel. a/kernel-generic-smp-2.6.23.1_smp-i686-1.tgz: Upgraded to Linux 2.6.23.1 SMP gensmp.s (requires initrd) kernel. a/kernel-huge-2.6.23.1-i486-1.tgz: Upgraded to Linux 2.6.23.1 single processor huge.s (full-featured) kernel. a/kernel-huge-smp-2.6.23.1_smp-i686-1.tgz: Upgraded to Linux 2.6.23.1 SMP hugesmp.s (full-featured) kernel. a/kernel-modules-2.6.23.1-i486-1.tgz Upgraded to Linux 2.6.23.1 UP single processor kernel modules. a/kernel-modules-smp-2.6.23.1_smp-i686-1.tgz Upgraded to Linux 2.6.23.1 SMP kernel modules. a/module-init-tools-3.4-i486-1.tgz: Upgraded to module-init-tools-3.4. Thanks to Robby Workman. :-) a/mkinitrd-1.2.0-i486-1.tgz: Updated to busybox-1.7.2 and dialog-1.1-20070930. Thanks to Piter Punk for the work on mdev device creation. :-) a/openssl-solibs-0.9.8f-i486-1.tgz: Upgraded to openssl-0.9.8f. This release fixes two minor security bugs unlikely to pose any threat to most production servers. For more information, see: http://openssl.org/news/secadv_20071012.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4995 (nothing in Slackware is using this DTLS implementation) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 (this bug is in a function normally only used for logging or debugging) (* Security fix *) a/syslinux-3.52-i486-1.tgz: Upgraded to syslinux-3.52. a/sysvinit-scripts-1.2-noarch-14.tgz: In rc.M, execute "mount -a" to mount any filesystems not already mounted. a/udev-116-i486-1.tgz: Upgraded to udev-116. Thanks to Piter Punk! ap/espgs-8.15.4-i486-2.tgz: Removed. This is replaced by gnu-ghostscript. ap/foomatic-filters-3.0_20070919-i486-1.tgz: Added. This is a printer filter required to use Gutenprint or HPLIP with CUPS. ap/gimp-print-4.2.7-i486-2.tgz: Removed. This is replaced by gutenprint. ap/gutenprint-5.0.1-i486-2.tgz: Added gutenprint-5.0.1, which is the new version of (and name for) gimp-print. ap/gnu-ghostscript-8.60.0-i486-1.tgz: Added gnu-ghostscript-8.60.0. This replaces the espgs (ESP Ghostscript) package. ap/hplip-2.7.9-i486-1.tgz: Upgraded to hplip-2.7.9. Note that this no longer requires daemons to be started at boot time, so any /etc/rc.d/rc.hplip script can be removed. ap/mysql-5.0.45-i486-1.tgz: Upgraded to mysql-5.0.45. ap/vim-7.1.138-i486-1.tgz: Upgraded to vim-7.1.138. d/git-1.5.3.3-i486-1.tgz: Upgraded to git-1.5.3.3. d/kernel-headers-2.6.23.1_smp-i386-1.tgz: Upgraded to Linux 2.6.23.1 SMP kernel headers. k/kernel-source-2.6.23.1_smp-noarch-1.tgz Upgraded to Linux 2.6.23.1 SMP kernel source. kde/amarok-1.4.7-i486-1.tgz: Upgraded to amarok-1.4.7. kde/k3b-1.0.3-i486-1.tgz: Upgraded to k3b-1.0.3. kde/kdeaccessibility-3.5.8-i486-1.tgz: Upgraded to kdeaccessibility-3.5.8. kde/kdeaddons-3.5.8-i486-1.tgz: Upgraded to kdeaddons-3.5.8. kde/kdeadmin-3.5.8-i486-1.tgz: Upgraded to kdeadmin-3.5.8. kde/kdeartwork-3.5.8-i486-1.tgz: Upgraded to kdeartwork-3.5.8. kde/kdebase-3.5.8-i486-1.tgz: Upgraded to kdebase-3.5.8. kde/kdeedu-3.5.8-i486-1.tgz: Upgraded to kdeedu-3.5.8. kde/kdegames-3.5.8-i486-1.tgz: Upgraded to kdegames-3.5.8. kde/kdegraphics-3.5.8-i486-1.tgz: Upgraded to kdegraphics-3.5.8. kde/kdelibs-3.5.8-i486-1.tgz: Upgraded to kdelibs-3.5.8. kde/kdemultimedia-3.5.8-i486-1.tgz: Upgraded to kdemultimedia-3.5.8. kde/kdenetwork-3.5.8-i486-1.tgz: Upgraded to kdenetwork-3.5.8. kde/kdepim-3.5.8-i486-1.tgz: Upgraded to kdepim-3.5.8. kde/kdesdk-3.5.8-i486-1.tgz: Upgraded to kdesdk-3.5.8. kde/kdetoys-3.5.8-i486-1.tgz: Upgraded to kdetoys-3.5.8. kde/kdeutils-3.5.8-i486-1.tgz: Upgraded to kdeutils-3.5.8. kde/kdevelop-3.5.0-i486-1.tgz: Upgraded to kdevelop-3.5.0. kde/kdewebdev-3.5.8-i486-1.tgz: Upgraded to kdewebdev-3.5.8. kdei/kde-i18n-*-3.5.8-noarch-1.tgz: Upgraded to kde-i18n-3.5.8. l/dbus-glib-0.74-i486-1.tgz: Upgraded to dbus-glib-0.74. l/freetype-2.3.5-i486-1.tgz: Upgraded to freetype-2.3.5. l/glib2-2.12.13-i486-1.tgz: Upgraded to glib-2.12.13. l/glibc-2.5-i486-5.tgz: Recompiled against 2.6.23.1 kernel headers. Yes, glibc-2.6 is out, but for now we will stick with a known-working version. l/glibc-i18n-2.5-noarch-5.tgz: Rebuilt. l/glibc-profile-2.5-i486-5.tgz: Recompiled against 2.6.23.1 kernel headers. l/gtk+2-2.10.14-i486-1.tgz: Upgraded to gtk+-2.10.14. l/hal-0.5.10-i486-1.tgz: Upgraded to hal-0.5.10. l/hal-info-20071011-noarch-1.tgz: Upgraded to hal-info-20071011. Thanks to Robby Workman for maintaining both of these HAL packages. l/libao-0.8.8-i486-1.tgz: Upgraded to libao-0.8.8. l/libgpod-0.5.2-i486-1.tgz: Upgraded to libgpod-0.5.2. l/libnjb-2.2.6-i486-1.tgz: Upgraded to libnjb-2.2.6. l/libpng-1.2.21-i486-1.tgz: Upgraded to libpng-1.2.21. l/libtheora-1.0beta1-i486-1.tgz: Upgraded to libtheora-1.0beta1. l/libvorbis-1.2.0-i486-1.tgz: Upgraded to libvorbis-1.2.0. l/libwnck-2.18.3-i486-1.tgz: Added libwnck-2.18.3. This is needed by compiz to compile gtk-window-decorator. l/pcre-7.3-i486-1.tgz: Upgraded to pcre-7.3. l/poppler-0.6-i486-1.tgz: Upgraded to poppler-0.6. l/qt-3.3.8-i486-5.tgz: Added back the library symlinks into /usr/lib, without which kdelibs does not compile. l/svgalib_helper-1.9.25_2.6.23.1-i486-1.tgz: Recompiled for Linux 2.6.23.1. Thanks to Eric Hameleers for pointing me at the information needed to patch the helper module for Linux 2.6.23+. :-) l/vte-0.16.8-i486-1.tgz: Upgraded to vte-0.16.8. n/httpd-2.2.6-i486-1.tgz: Upgraded to httpd-2.2.6. n/network-scripts-12.0-noarch-5.tgz: Mount CIFS partitions. Thanks to Lei Zhang. n/openssh-4.7p1-i486-1.tgz: Upgraded to openssh-4.7p1. From the OpenSSH release notes: "Security bugs resolved in this release: Prevent ssh(1) from using a trusted X11 cookie if creation of an untrusted cookie fails; found and fixed by Jan Pechanec." While it's fair to say that we here at Slackware don't see how this could be leveraged to compromise a system, a) the OpenSSH people (who presumably understand the code better) characterize this as a security bug, b) it has been assigned a CVE entry, and c) OpenSSH is one of the most commonly used network daemons. Better safe than sorry. More information should appear here eventually: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752 (* Security fix *) n/openssl-0.9.8f-i486-1.tgz: Upgraded to openssl-0.9.8f. This release fixes two minor security bugs unlikely to pose any threat to most production servers. For more information, see: http://openssl.org/news/secadv_20071012.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4995 (nothing in Slackware is using this DTLS implementation) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 (this bug is in a function normally only used for logging or debugging) (* Security fix *) n/php-5.2.4-i486-1.tgz: Upgraded to php-5.2.4. The PHP announcement says this version fixes over 120 bugs as well as "several low priority security bugs." Read more about it here: http://www.php.net/releases/5_2_4.php (* Security fix *) n/samba-3.0.26a-i486-1.tgz: Upgraded to samba-3.0.26a. This fixes a security issue in all Samba 3.0.25 versions: "Incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin." For more information, see: http://www.samba.org/samba/security/CVE-2007-4138.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138 (* Security fix *) n/wpa_supplicant-0.5.8-i486-1.tgz: Upgraded to wpa_supplicant-0.5.8. tcl/expect-5.43.0-i486-2.tgz: Rebuilt against tcl-8.4.16. tcl/tcl-8.4.16-i486-1.tgz: Upgraded to tcl-8.4.16. tcl/tk-8.4.16-i486-1.tgz: Upgraded to tk-8.4.16. x/dejavu-ttf-2.20-noarch-1.tgz: Upgraded to dejavu-ttf-2.20. x/mesa-7.0.1-i486-1.tgz: Upgraded to Mesa 7.0.1. Upgraded to X.Org 7.3: PLEASE NOTE: There are a few known problems with this release. Please let us know if you have solutions to any of these. 1. xf86-video-vesa was not upgraded for the X.Org 7.3 release, and running Terminal or vte under KDE results in an X hang under KDE, or garbage in the terminal under XFce. 2. The following modules were not upgraded in the X.Org 7.3 release and no longer compile: mkcfm, xf86-input-acecad, xf86-input-dmc, xf86-input-void, xf86-video-glide, xf86-video-impact, and xf86-video-wsfb. Odds are good that due to the driver ABI change none of these are currently working. x/compiz-0.6.0-i486-1: Upgraded to compiz-0.6.0. x/compositeproto-0.4-noarch-1: Upgraded to compositeproto-0.4. x/iceauth-1.0.2-i486-1: Upgraded to iceauth-1.0.2. x/ico-1.0.2-i486-1: Upgraded to ico-1.0.2. x/inputproto-1.4.2.1-noarch-1: Upgraded to inputproto-1.4.2.1. x/libICE-1.0.4-i486-1: Upgraded to libICE-1.0.4. x/libX11-1.1.3-i486-1: Upgraded to libX11-1.1.3. x/libXaw-1.0.4-i486-1: Upgraded to libXaw-1.0.4. x/libXcomposite-0.4.0-i486-1: Upgraded to libXcomposite-0.4.0. x/libXcursor-1.1.9-i486-1: Upgraded to libXcursor-1.1.9. x/libXfont-1.3.1-i486-1: Upgraded to libXfont-1.3.1. x/libXi-1.1.3-i486-1: Upgraded to libXi-1.1.3. x/libXpm-3.5.7-i486-1: Upgraded to libXpm-3.5.7. x/libXrandr-1.2.2-i486-1: Upgraded to libXrandr-1.2.2. x/libXrender-0.9.4-i486-1: Upgraded to libXrender-0.9.4. x/libXtst-1.0.3-i486-1: Upgraded to libXtst-1.0.3. x/libXxf86dga-1.0.2-i486-1: Upgraded to libXxf86dga-1.0.2. x/pixman-0.9.5-i486-1: Added pixman-0.9.5. x/renderproto-0.9.3-noarch-1: Upgraded to renderproto-0.9.3. x/sessreg-1.0.3-i486-1: Upgraded to sessreg-1.0.3. x/setxkbmap-1.0.4-i486-1: Upgraded to setxkbmap-1.0.4. x/xbacklight-1.1-i486-1: Upgraded to xbacklight-1.1. x/xcalc-1.0.2-i486-1: Upgraded to xcalc-1.0.2. x/xclock-1.0.3-i486-1: Upgraded to xclock-1.0.3. x/xconsole-1.0.3-i486-1: Upgraded to xconsole-1.0.3. x/xcursorgen-1.0.2-i486-1: Upgraded to xcursorgen-1.0.2. x/xdm-1.1.6-i486-1: Upgraded to xdm-1.1.6. x/xdriinfo-1.0.2-i486-1: Upgraded to xdriinfo-1.0.2. x/xf86-input-aiptek-1.0.1-i486-2: Recompiled against xorg-server-1.4. x/xf86-input-acecad-1.2.0-i486-1.tgz: Removed (not compiling). x/xf86-input-calcomp-1.1.1-i486-1: Upgraded to xf86-input-calcomp-1.1.1. x/xf86-input-citron-2.2.1-i486-1: Added xf86-input-citron-2.2.1. x/xf86-input-digitaledge-1.1.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-input-dynapro-1.1.1-i486-1: Added xf86-input-dynapro-1.1.1. x/xf86-input-elo2300-1.1.1-i486-1: Added xf86-input-elo2300-1.1.1. x/xf86-input-elographics-1.1.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-input-evdev-1.1.5-i486-2: Recompiled against xorg-server-1.4. x/xf86-input-fpit-1.1.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-input-hyperpen-1.1.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-input-jamstudio-1.1.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-input-joystick-1.2.3-i486-1: Upgraded to xf86-input-joystick-1.2.3. x/xf86-input-keyboard-1.2.2-i486-1: Upgraded to xf86-input-keyboard-1.2.2. x/xf86-input-magellan-1.1.1-i486-1: Upgraded to xf86-input-magellan-1.1.1. x/xf86-input-magictouch-1.0.0.5-i486-2: Recompiled against xorg-server-1.4. x/xf86-input-microtouch-1.1.1-i486-1: Added xf86-input-microtouch-1.1.1. x/xf86-input-mouse-1.2.3-i486-1: Upgraded to xf86-input-mouse-1.2.3. x/xf86-input-mutouch-1.1.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-input-palmax-1.1.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-input-penmount-1.2.1-i486-1: Added xf86-input-penmount-1.2.1. x/xf86-input-spaceorb-1.1.1-i486-1: Upgraded to xf86-input-spaceorb-1.1.1. x/xf86-input-summa-1.1.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-input-tek4957-1.1.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-input-ur98-1.1.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-input-vmmouse-12.4.3-i486-1: Upgraded to xf86-input-vmmouse-12.4.3. x/xf86-input-void-1.1.0-i486-1.tgz: Removed (not compiling). x/xf86-video-amd-2.7.7.3-i486-1: Added xf86-video-amd-2.7.7.3. x/xf86-video-apm-1.1.1-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-ark-0.6.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-ast-0.81.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-ati-6.7.195-i486-1: Upgraded to xf86-video-ati-6.7.195. x/xf86-video-chips-1.1.1-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-cirrus-1.1.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-cyrix-1.1.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-dummy-0.2.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-fbdev-0.3.1-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-glint-1.1.1-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-i128-1.2.1-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-i740-1.1.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-i810-1.7.4-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-imstt-1.1.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-intel-2.1.1-i486-1: Upgraded to xf86-video-intel-2.1.1. x/xf86-video-mga-1.9.100-i486-1: Upgraded to xf86-video-mga-1.9.100. x/xf86-video-neomagic-1.1.1-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-newport-0.2.1-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-nsc-2.8.3-i486-1: Upgraded to xf86-video-nsc-2.8.3. x/xf86-video-nv-2.1.5-i486-1: Upgraded to xf86-video-nv-2.1.5. x/xf86-video-rendition-4.1.3-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-s3-0.5.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-s3virge-1.9.1-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-savage-2.1.3-i486-1: Upgraded to xf86-video-savage-2.1.3. x/xf86-video-siliconmotion-1.5.1-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-sis-0.9.3-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-sisusb-0.8.1-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-tdfx-1.3.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-tga-1.1.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-trident-1.2.3-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-tseng-1.1.1-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-v4l-0.1.1-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-vesa-1.3.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-vga-4.1.0-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-via-0.2.2-i486-2: Recompiled against xorg-server-1.4. x/xf86-video-vmware-10.15.2-i486-1: Upgraded to xf86-video-vmware-10.15.2. x/xf86-video-voodoo-1.1.1-i486-2: Recompiled against xorg-server-1.4. x/xf86dgaproto-2.0.3-noarch-1: Upgraded to xf86dgaproto-2.0.3. x/xfs-1.0.5-i486-1.tgz: Upgraded to xfs-1.0.5. x/xgamma-1.0.2-i486-1: Upgraded to xgamma-1.0.2. x/xhost-1.0.2-i486-1: Upgraded to xhost-1.0.2. x/xinit-1.0.7-i486-1: Upgraded to xinit-1.0.7. x/xmag-1.0.2-i486-1: Upgraded to xmag-1.0.2. x/xman-1.0.3-i486-1: Upgraded to xman-1.0.3. x/xmessage-1.0.2-i486-1: Upgraded to xmessage-1.0.2. x/xmodmap-1.0.3-i486-1: Upgraded to xmodmap-1.0.3. x/xorg-server-1.4-i486-1: Upgraded to xorg-server-1.4. x/xorg-server-xdmx-1.4-i486-1: Upgraded to xorg-server-xdmx. x/xorg-server-xnest-1.4-i486-1: Upgraded to xorg-server-xnest-1.4. x/xorg-server-xvfb-1.4-i486-1: Upgraded to xorg-server-xvfb-1.4. x/xprop-1.0.3-i486-1: Upgraded to xprop-1.0.3. x/xrandr-1.2.2-i486-1: Upgraded to xrandr-1.2.2. x/xrdb-1.0.4-i486-1: Upgraded to xrdb-1.0.4. x/xset-1.0.3-i486-1: Upgraded to xset-1.0.3. x/xsetroot-1.0.2-i486-1: Upgraded to xsetroot-1.0.2. x/xtrans-1.0.4-noarch-1: Upgraded to xtrans-1.0.4. x/xvinfo-1.0.2-i486-1: Upgraded to xvinfo-1.0.2. x/xwininfo-1.0.3-i486-1: Upgraded to xwininfo-1.0.3. xap/fluxbox-1.0.0-i486-1.tgz: Upgraded to fluxbox-1.0.0. xap/imagemagick-6.3.6_0-i486-1.tgz: Upgraded to ImageMagick-6.3.6-0. xap/mozilla-firefox-2.0.0.7-i686-1.tgz: Upgraded to mozilla-firefox-2.0.0.7. xap/pidgin-2.2.1-i486-1.tgz: Upgraded to pidgin-2.2.1. xap/vim-gvim-7.1.138-i486-1.tgz: Upgraded to vim-7.1.138 with GTK+ extensions. xap/xine-lib-1.1.8-i686-1.tgz: Upgraded to xine-lib-1.1.8. xap/xscreensaver-5.03-i486-1.tgz: Upgraded to xscreensaver-5.03. extra/ktorrent/ktorrent-2.2.2-i486-1.tgz: Upgraded to ktorrent-2.2.2. extra/linux-2.6.23.1-nosmp-sdk/: Updated SMP to no-SMP kernel source patch. extra/linux-wlan-ng/linux-wlan-ng-0.2.8_2.6.21.5-i486-1.tgz: Removed. This does not compile with Linux 2.6.23.1, and no newer version is out. extra/xf86-video-ati-6.6.3/xf86-video-ati-6.6.3-i486-3.tgz: Removed. If there are still problems with the ATI driver we'll have to look at them again. There's a proposed patch around here somewhere. isolinux/initrd.img: Removed libgpm, which may have been interfering with serial console and Speakup installs. Upgraded to jfsutils-1.1.12. isolinux/network.dsk: Added 2.6.23.1 SMP and non-SMP modules. isolinux/pcmcia.dsk: Added 2.6.23.1 SMP and non-SMP modules. kernels/huge.s/*: Upgraded huge.s kernel to 2.6.23.1. kernels/hugesmp.s/*: Upgraded hugesmp.s kernel to 2.6.23.1 (SMP). usb-and-pxe-installers/: Updated USB and PXE installers. testing/packages/bash-3.2.025-i486-1.tgz: Upgraded to bash-3.2.025. +--------------------------+ Sat Sep 1 18:23:39 CDT 2007 extra/jdk-6/jdk-6u2-i586-2.tgz: Fixed a bug in the improvement to the /etc/profile.d/ scripts where it would mess up the $MANPATH. Sorry about that, folks. The JRE package was not affected. BTW, any time a security upgrade package mentioned in an advisory is "missing", it probably means a mistake like this was made. In those cases, look for a newer package, and verify the authenticity using "gpg --verify" and the .asc file. +--------------------------+ Fri Aug 31 13:33:54 CDT 2007 l/jre-6u2-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment Version 6.0 update 2. This update addresses code errors which could possibly be leveraged to compromise system security, though we know of no existing exploits. This update consists of the official Java(TM) binaries repackaged in Slackware's package format, and may be used on any version of Slackware that is based on glibc. For more information, see: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1 (* Security fix *) An additional change was made to the script that Slackware uses to set environment variables for Java(TM). Now, after the $JAVA_HOME variable is set, the next variable settings make use of it, rather than hard-coding the path to $JAVA_HOME. This does not fix a bug, but is certainly better scripting style. Thanks to Jason Byrne and Jean-Christophe Fargette for suggesting this change. extra/jdk-6/jdk-6u2-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Development Kit Version 6.0 update 2. This update addresses code errors which could possibly be leveraged to compromise system security, though we know of no existing exploits. This update consists of the official Java(TM) binaries repackaged in Slackware's package format, and may be used on any version of Slackware that is based on glibc. For more information, see: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1 (* Security fix *) An additional change was made to the script that Slackware uses to set environment variables for Java(TM). Now, after the $JAVA_HOME variable is set, the next variable settings make use of it, rather than hard-coding the path to $JAVA_HOME. This does not fix a bug, but is certainly better scripting style. Thanks to Jason Byrne and Jean-Christophe Fargette for suggesting this change. +--------------------------+ Sat Aug 18 14:20:33 CDT 2007 n/tcpdump-3.9.7-i486-1.tgz: Upgraded to libpcap-0.9.7, tcpdump-3.9.7. This new version fixes an integer overflow in the BGP dissector which could possibly allow remote attackers to crash tcpdump or to execute arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798 (* Security fix *) +--------------------------+ Fri Aug 17 17:53:53 CDT 2007 Merged the following packages from 12.0 /patches: a/mkinitrd-1.1.3-i486-1.tgz l/poppler-0.5.4-i486-2.tgz l/qt-3.3.8-i486-5.tgz n/bind-9.4.1_P1-i486-1.tgz x/xf86-video-intel-2.1.0-i486-1.tgz x/xf86-video-nv-2.1.2-i486-1.tgz xap/gimp-2.2.17-i486-1.tgz xap/mozilla-thunderbird-2.0.0.6-i686-1.tgz xap/mozilla-firefox-2.0.0.6-i686-1.tgz xap/seamonkey-1.1.4-i486-1.tgz xap/xpdf-3.02pl1-i486-1.tgz +--------------------------+ Fri Aug 10 22:39:13 CDT 2007 patches/packages/gimp-2.2.17-i486-1_slack12.0.tgz: Upgraded to gimp-2.2.17, which fixes buffer overflows when decoding certain image types. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949 (* Security fix *) patches/packages/poppler-0.5.4-i486-2_slack12.0.tgz: Patched to fix an integer overflow in code borrowed from xpdf. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 (* Security fix *) patches/packages/qt-3.3.8-i486-5_slack12.0.tgz: Patched to fix several format string bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3388 (* Security fix *) patches/packages/seamonkey-1.1.4-i486-1_slack12.tgz: Upgraded to seamonkey-1.1.4. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) patches/packages/xpdf-3.02pl1-i486-1_slack12.0.tgz: Upgraded to xpdf-3.02pl1. This fixes an integer overflow that could possibly be leveraged to run arbitrary code if a malicious PDF file is processed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 (* Security fix *) +--------------------------+ Fri Aug 3 15:43:35 CDT 2007 patches/packages/mozilla-thunderbird-2.0.0.6-i686-1.tgz: Upgraded to thunderbird-2.0.0.6. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) +--------------------------+ Wed Aug 1 13:52:51 CDT 2007 patches/packages/mozilla-firefox-2.0.0.6-i686-1.tgz: Upgraded to firefox-2.0.0.6. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Thu Jul 26 15:51:42 CDT 2007 patches/packages/bind-9.4.1_P1-i486-1_slack12.0.tgz: Upgraded to bind-9.4.1_P1 to fix security issues. The default access control lists allow remote attackers to make recursive queries in BIND9 versions 9.4.0 through 9.4.1. The query IDs in BIND9 prior to BIND 9.4.1-P1 are cryptographically weak. For more information on these issues, see: http://www.isc.org/index.pl?/sw/bind/bind-security.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926 (* Security fix *) +--------------------------+ Tue Jul 24 12:40:16 CDT 2007 patches/packages/mozilla-thunderbird-2.0.0.5-i686-1.tgz: Upgraded to thunderbird-2.0.0.5. Since Thunderbird shares the browser engine with Firefox it is susceptible to similar vulnerabilities. This update fixes the same issues fixed in the recent Firefox patch. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird (* Security fix *) patches/packages/seamonkey-1.1.3-i486-1_slack12.tgz: Upgraded to seamonkey-1.1.3. This is presumably a security update, but the details on the net have been sparse. So far nothing has appeared at the usual URL, but I would treat this as a security update unless it is announced as otherwise. For more information (if/when it appears), see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) +--------------------------+ Thu Jul 19 12:50:36 CDT 2007 patches/packages/mkinitrd-1.1.3-i486-1.tgz: Fixed a minor bug in mkinitrd where devices such as /dev/cciss/c0d0p2 (DL360 RAID) were not properly copied to the initramfs. "Normal" (two level) boot devices such as /dev/sda1 were not affected by this bug, so most people won't run into it (which is probably why it wasn't spotted in development here). Thanks to Eric Hameleers for the patch. patches/packages/mozilla-firefox-2.0.0.5-i686-1.tgz: Upgraded to firefox-2.0.0.5. This upgrade fixes a couple of minor security bugs. Nobody here is launching Firefox from Internet Explorer, right? :-) For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) patches/packages/xf86-video-intel-2.1.0-i486-1.tgz: Added additional chipsets. patches/packages/xf86-video-nv-2.1.2-i486-1.tgz: Added additional chipsets. +--------------------------+ Sun Jul 1 22:30:42 CDT 2007 Released as Slackware 12.0 with no changes since the last batch. Big Thanks again are due to the CREW, without whom this just wouldn't be possible to do with the level of quality that Slackware users demand. We had a lot of help this time, and I hope it shows in project output that you'll enjoy. Thanks for the support of the Slackware community, because without your support I wouldn't be able to keep leading this project (and I happen to like it a lot :-). For more detailed information about what all has changed since Slackware 11.0, start with CHANGES_AND_HINTS.TXT, and maybe read my RELEASE_NOTES. Have fun!