Slackers (Slackware current journal) - Slackware – GNU/Linux per SubGeni e Fannulloni

Tue Apr 28 17:00:14 CDT 2009
a/kernel-firmware-2.6.29.2-noarch-1.tgz: Upgraded to Linux 2.6.29.2 firmware.
a/kernel-generic-2.6.29.2-i486-1.tgz: Upgraded to Linux 2.6.29.2.
a/kernel-generic-smp-2.6.29.2_smp-i686-1.tgz: Upgraded to Linux 2.6.29.2.
a/kernel-huge-2.6.29.2-i486-1.tgz: Upgraded to Linux 2.6.29.2.
a/kernel-huge-smp-2.6.29.2_smp-i686-1.tgz: Upgraded to Linux 2.6.29.2.
a/kernel-modules-2.6.29.2-i486-1.tgz: Upgraded to Linux 2.6.29.2 modules.
a/kernel-modules-smp-2.6.29.2_smp-i686-1.tgz:
Upgraded to Linux 2.6.29.2 modules.
a/openssl-solibs-0.9.8k-i486-2.tgz: Patched to advertise TLS extensions only
with TLS. Thanks to Fred Emmott.
a/pkgtools-12.34567890-noarch-5.tgz: Fixed a bug in installpkg where a bad
extension on the first package would cause subsequent package installs to
fail. Thanks to Jason Detring.
d/kernel-headers-2.6.29.2_smp-x86-1.tgz: Upgraded to Linux 2.6.29.2 headers.
k/kernel-source-2.6.29.2_smp-noarch-1.tgz: Upgraded to Linux 2.6.29.2 source.
n/openssh-5.2p1-i486-1.tgz: Upgraded to openssh-5.2p1.
n/openssl-0.9.8k-i486-2.tgz: Patched to advertise TLS extensions only
with TLS. Thanks to Fred Emmott.
xap/mozilla-firefox-3.0.10-i686-1.tgz:
Upgraded to firefox-3.0.10.
This fixes some security issues.
For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/firefox30.html

(* Security fix *)
extra/linux-2.6.29.2-nosmp-sdk/: Regenerated SMP to no-SMP kernel source patch.
isolinux/initrd.img: Rebuilt with newly compiled kernel modules.
kernels/*: Rebuilt.
usb-and-pxe-installers/: Rebuilt usbboot.img with newly compiled
kernel modules.

Mon Apr 27 13:35:02 CDT 2009
n/wireless-tools-29-i486-5.tgz: Removed obsolete -w wpa_supplicant option in
rc.wireless.

Sun Apr 26 15:11:57 CDT 2009
a/cups-1.3.10-i486-1.tgz:
Upgraded to cups-1.3.10.
This fixes several security issues, including an integer overflow in the TIFF
decoder, a failure to properly verify the Host HTTP header, and several
problems with PDF handling (the new CUPS uses a wrapper rather than embedded
code taken from xpdf). These issues could result in a denial of service or
the execution of arbitrary code.
For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166

(* Security fix *)
a/dialog-1.1_20080819-i486-2.tgz: Patched to make the minimum height of
checkboxes and menuboxes 4. This fixes a bug where installer menus were
taller than they needed to be, and in some cases filled the screen
overwriting the information at the top.
a/pkgtools-12.34567890-noarch-4.tgz: Patched to fix failures when a valid
package extension (.tgz, .tbz, .tlz, .txz) is embedded somewhere in the
directory path, or the package’s name, version, or build number.
Thanks to Erik Jan Tromp.
a/sysvinit-scripts-1.2-noarch-29.tgz: Patched rc.M to remove files of the form
{a,}quota.{group,user}.new from the top of filesystems that use quota. These
can be created if quota is interrupted by a reboot or power failure and cause
quotacheck at boot time to fail. Thanks to Erik Jan Tromp.
d/strace-4.5.18-i486-1.tgz: Upgraded to strace-4.5.18.
n/bitchx-1.1-i486-5.tgz: Removed.
BitchX has several known security flaws for which there are no known
workarounds, and upstream progress seems to have stalled. Users should
switch to a supported IRC client such as irssi.
(* Security fix *)
n/metamail-2.7-i486-3.tgz: Updated patch and recompiled.
Moved fonts for mailto-hebrew to /usr/share/metamail/fonts/.
n/wpa_supplicant-0.6.9-i486-1.tgz: Upgraded to wpa_supplicant-0.6.9.
x/m17n-lib-1.5.4-i486-1.tgz: Upgraded to m17n-lib-1.5.4.
x/scim-1.4.9-i486-1.tgz: Upgraded to scim-1.4.9.
x/scim-bridge-0.4.16-i486-1.tgz: Upgraded to scim-bridge-0.4.16.
x/scim-input-pad-0.1.2-i486-1.tgz: Added scim-input-pad-0.1.2.
x/scim-m17n-0.2.3-i486-1.tgz: Upgraded to scim-m17n-0.2.3.
x/scim-tables-0.5.9-i486-1.tgz: Upgraded to scim-tables-0.5.9.
x/wqy-zenhei-font-ttf-0.8.38_1-noarch-1.tgz: Upgraded to wqy-zenhei-0.8.38-1.
x/xaw3d-1.5E-i486-1.tgz: Upgraded to Xaw3d-1.5E.
xap/xfractint-20.04p09-i486-1.tgz: Upgraded to xfractint-20.04p09.
isolinux/initrd.img: Regenerated modules.dep to reflect the compressed kernel
modules. Thanks to Piter Punk and Eric Hameleers.
When formatting an ext3 partition, don’t use ‘-j’ (using mkfs.ext3 already
takes care of that).
Use the patched dialog to fix the formatting of the installer menus.
testing/packages/bash-4.0.017-i486-1.tgz: Updated with upstream patches.
usb-and-pxe-installers/usbboot.img: Same fixes as initrd.img.

Wed Apr 22 15:37:09 CDT 2009
xap/mozilla-firefox-3.0.9-i686-1.tgz:
Upgraded to firefox-3.0.9.
This fixes some security issues.
For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/firefox30.html

(* Security fix *)

Tue Apr 21 21:50:11 CDT 2009
a/sysvinit-scripts-1.2-noarch-28.tgz: Allow LUKS passphrases to contain
spaces. Thanks to Piter Punk!
a/udev-141-i486-2.tgz: Changed the permissions on the real time clock
(/dev/rtc0) so that all users can read it.
Modified rc.udev so that the /dev/root symlink is created.
Thanks to Piter Punk!

Mon Apr 20 23:38:45 CDT 2009
a/etc-12.34567890-noarch-3.tgz: Added the uucp user to the dialout group.
a/mkinitrd-1.3.3-i486-3.tgz: Fixed broken directory in initrd-tree.tar.gz.
Thanks to Malcolm Rowe for the bug report.
a/pkgtools-12.34567890-noarch-3.tgz: Fixed upgradepkg oldpackage%newpackage.
Fixed the installpkg test for the external compression utility.
Thanks to Robby Workman.
a/pcmciautils-015-i486-2.tgz: Added symlinks to /sbin/* in /lib/udev (needed
by the udev rules file). Fixed installation of udev rules file.
Thanks to Robby Workman.
a/udev-141-i486-1.tgz:
Upgraded to udev-141.
Changed serial devices from group ‘uucp’ to group ‘dialout’.
This upgrade fixes a local root hole and a denial of service issue.
For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1186

(* Security fix *)
l/pilot-link-0.12.3-i486-7.tgz: The dialout devices now use group ‘dialout’
rather than group ‘uucp’, and the udev rules have been changed to use
MODE=”660″ instead of MODE=”664″. Thanks to Robby Workman.

Wed Apr 15 22:17:31 CDT 2009
a/pkgtools-12.34567890-noarch-2.tgz: Fixed bugs with package extension
stripping and package description handling that could cause error messages
or hangs during package installs or upgrades. Thanks to Piter Punk,
Alan Hicks, Eric Hameleers, and Robby Workman.
Handle “package not found” with upgradepkg gracefully. Thanks to Shark.

Mon Apr 13 16:22:12 CDT 2009
a/coreutils-7.2-i486-1.tgz: Upgraded to coreutils-7.2. Added new file formats
to /etc/DIR_COLORS.
a/kernel-firmware-2.6.29.1-noarch-2.tgz: Rebuilt.
a/kernel-generic-2.6.29.1-i486-2.tgz: Rebuilt.
The huge kernels were rebuilt to remove the crashing i2o_dpt driver
(i2o_block is provided as the replacement driver), and to add three Realtek
wireless drivers that are part of the CONFIG_STAGING driver collection.
These are considered experimental, but are probably better than nothing.
a/kernel-generic-smp-2.6.29.1_smp-i686-2.tgz: Rebuilt.
a/kernel-huge-2.6.29.1-i486-2.tgz: Rebuilt.
a/kernel-huge-smp-2.6.29.1_smp-i686-2.tgz: Rebuilt.
a/kernel-modules-2.6.29.1-i486-2.tgz: Rebuilt.
a/kernel-modules-smp-2.6.29.1_smp-i686-2.tgz: Rebuilt.
a/less-418-i486-2.tgz: Add support in lesspipe.sh for viewing .tbz, .tlz, .txz,
.tar.lzma, and .tar.xz files.
a/pkgtools-12.34567890-noarch-1.tgz: Added support for .tbz, .tlz, and .txz
packages in addition to the traditional .tgz format.
a/tree-1.5.2.2-i486-1.tgz: Upgraded to tree-1.5.2.2.
d/kernel-headers-2.6.29.1_smp-x86-2.tgz: Rebuilt.
k/kernel-source-2.6.29.1_smp-noarch-2.tgz: Rebuilt.
l/libcap-2.16-i486-2.tgz: Patched broken header.
n/crda-1.0.1-i486-2.tgz: Fixed docs directory. Thanks to Mikhail Zotov.
x/dejavu-fonts-ttf-2.29-noarch-1.tgz: Upgraded to dejavu-fonts-ttf-2.29.
xap/audacious-1.5.1-i486-3.tgz: Patched to fix command line option handling.
Thanks to Kirill Cherniy for pointing out the patch.
xap/seamonkey-1.1.16-i486-1.tgz:
Upgraded to seamonkey-1.1.16.
This release fixes some more security vulnerabilities.
For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html

(* Security fix *)
extra/linux-2.6.29.1-nosmp-sdk/: Regenerated SMP to no-SMP kernel source patch.
isolinux/initrd.img: Rebuilt with newly compiled kernel modules.
Added support for .tbz, .tlz, and .txz packages.
kernels/*: Rebuilt.
usb-and-pxe-installers/: Rebuilt usbboot.img with newly compiled
kernel modules. Added support for .tbz, .tlz, and .txz packages.

Tue Apr 7 20:12:35 CDT 2009
a/aaa_elflibs-12.34-i486-1.tgz: Added libcap, needed for coreutils.
Added libidn, liblber, and libldap, needed by libcurl.so.4.
a/dbus-1.2.12-i486-1.tgz: Moved from L, needed by CUPS.
a/glibc-solibs-2.9-i486-3.tgz: Recompiled against Linux 2.6.29.1 headers.
a/glibc-zoneinfo-2.9-noarch-3.tgz: Upgraded to tzcode2009d and tzdata2009d.
a/jfsutils-1.1.13-i486-1.tgz: Upgraded to jfsutils-1.1.13.
a/kernel-firmware-2.6.29.1-noarch-1.tgz: Upgraded to Linux 2.6.29.1 firmware.
a/kernel-generic-2.6.29.1-i486-1.tgz: Upgraded to Linux 2.6.29.1.
a/kernel-generic-smp-2.6.29.1_smp-i686-1.tgz: Upgraded to Linux 2.6.29.1.
a/kernel-huge-2.6.29.1-i486-1.tgz: Upgraded to Linux 2.6.29.1.
a/kernel-huge-smp-2.6.29.1_smp-i686-1.tgz: Upgraded to Linux 2.6.29.1.
a/kernel-modules-2.6.29.1-i486-1.tgz: Upgraded to Linux 2.6.29.1.
a/kernel-modules-smp-2.6.29.1_smp-i686-1.tgz: Upgraded to Linux 2.6.29.1.
a/mkinitrd-1.3.3-i486-2.tgz: Make sure /proc and /sys are mounted.
Thanks to Robby Workman.
Added /usr/share/mkinitrd/mkinitrd_command_generator.sh.
Thanks to Eric Hameleers.
a/ntfs-3g-2009.3.8-i486-1.tgz: Upgraded to ntfs-3g-2009.3.8.
a/openssl-solibs-0.9.8k-i486-1.tgz: Upgraded to openssl-0.9.8k.
This fixes possible crashes as well as a (fairly unlikely) case where an
invalid signature might verify as valid.
For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0591

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590

(* Security fix *)
a/sysvinit-scripts-1.2-noarch-27.tgz: Edited rc.M to run update-gtk-immodules,
update-gdk-pixbuf-loaders, and update-pango-querymodules.
a/xz-4.999.8beta-i486-1.tgz: Added xz-4.999.8beta.
ap/a2ps-4.14-i486-3.tgz: Added /usr/share/fonts/Type1 to the LibraryPath in
/etc/a2ps.cfg. The new a2ps detects a working font path during ./configure,
but without this will not use it at runtime.
ap/sqlite-3.6.12-i486-1.tgz: Upgraded to sqlite-3.6.12.
d/git-1.6.2.2-i486-1.tgz: Upgraded to git-1.6.2.2.
d/kernel-headers-2.6.29.1_smp-x86-1.tgz: Upgraded to Linux 2.6.29.1.
k/kernel-source-2.6.29.1_smp-noarch-1.tgz: Upgraded to Linux 2.6.29.1.
kde/amarok-2.0.2-i486-2.tgz: Patched LastFM service and recompiled.
Thanks to Luigi Trovato.
kde/guidance-power-manager-4.2.2-i486-1.tgz:
Upgraded to guidance-power-manager-4.2.2.
kde/k3b-r948463-i486-1.tgz: Upgraded to k3b-r948463.
kde/kaudiocreator-r948464-i486-1.tgz: Upgraded to kaudiocreator-r948464.
kde/kdeaccessibility-4.2.2-i486-1.tgz: Upgraded to kdeaccessibility-4.2.2.
kde/kdeadmin-4.2.2-i486-1.tgz: Upgraded to kdeadmin-4.2.2.
kde/kdeartwork-4.2.2-i486-1.tgz: Upgraded to kdeartwork-4.2.2.
kde/kdebase-4.2.2-i486-1.tgz: Upgraded to kdebase-4.2.2.
kde/kdebase-runtime-4.2.2-i486-1.tgz: Upgraded to kdebase-runtime-4.2.2.
kde/kdebase-workspace-4.2.2-i486-1.tgz: Upgraded to kdebase-workspace-4.2.2.
kde/kdebindings-4.2.2-i486-1.tgz: Upgraded to kdebindings-4.2.2.
kde/kdeedu-4.2.2-i486-1.tgz: Upgraded to kdeedu-4.2.2.
kde/kdegames-4.2.2-i486-1.tgz: Upgraded to kdegames-4.2.2.
kde/kdegraphics-4.2.2-i486-1.tgz: Upgraded to kdegraphics-4.2.2.
kde/kdelibs-4.2.2-i486-1.tgz: Upgraded to kdelibs-4.2.2.
kde/kdemultimedia-4.2.2-i486-1.tgz: Upgraded to kdemultimedia-4.2.2.
kde/kdenetwork-4.2.2-i486-1.tgz: Upgraded to kdenetwork-4.2.2.
kde/kdepim-4.2.2-i486-1.tgz: Upgraded to kdepim-4.2.2.
kde/kdepimlibs-4.2.2-i486-1.tgz: Upgraded to kdepimlibs-4.2.2.
kde/kdeplasma-addons-4.2.2-i486-1.tgz: Upgraded to kdeplasma-addons-4.2.2.
kde/kdesdk-4.2.2-i486-1.tgz: Upgraded to kdesdk-4.2.2.
kde/kdetoys-4.2.2-i486-1.tgz: Upgraded to kdetoys-4.2.2.
kde/kdeutils-4.2.2-i486-1.tgz: Upgraded to kdeutils-4.2.2.
kde/kdewebdev-4.2.2-i486-1.tgz: Upgraded to kdewebdev-4.2.2.
kde/koffice-1.9.98.7-i486-2.tgz: Recompiled.
kde/konq-plugins-4.2.2-i486-1.tgz: Upgraded to konq-plugins-4.2.2.
kde/skanlite-0.3-i486-1.tgz: Upgraded to skanlite-0.3.
l/M2Crypto-0.19.1-i486-1.tgz: Added M2Crypto-0.19.1.
l/QScintilla-2.3.2-i486-1.tgz: Upgraded to QScintilla-2.3.2.
l/atk-1.26.0-i486-1.tgz: Upgraded to atk-1.26.0.
l/boost-1.38.0-i486-1.tgz: Upgraded to boost-1.38.0.
l/eigen2-r948353-i486-1.tgz: Upgraded to eigen2-r948353.
l/esound-0.2.41-i486-1.tgz: Upgraded to esound-0.2.41.
l/exiv2-0.18-i486-1.tgz: Upgraded to exiv2-0.18.
l/glibc-2.9-i486-3.tgz: Recompiled against Linux 2.6.29.1 headers.
l/glibc-i18n-2.9-i486-3.tgz: Rebuilt.
l/glibc-profile-2.9-i486-3.tgz: Recompiled against Linux 2.6.29.1 headers.
l/gstreamer-0.10.22-i486-1.tgz: Upgraded to gstreamer-0.10.22.
l/gst-plugins-base-0.10.22-i486-1.tgz: Upgraded to gst-plugins-base-0.10.22.
l/gtk+2-2.14.7-i486-2.tgz: Patched to change /etc/gtk-2.0/ directory to
/etc/gtk-2.0/i486-slackware-linux/. Added update-gtk-immodules and
update-gdk-pixbuf-loaders scripts.
l/hal-0.5.11-i486-4.tgz: Rebuilt with some configuration changes.
l/hal-info-20090330-noarch-1.tgz: Upgraded to hal-info-20090330.
l/iso-codes-3.8-noarch-1.tgz: Upgraded to iso-codes-3.8.
l/jasper-1.900.1-i486-1.tgz: Added jasper-1.900.1.
l/jre-6u13-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition
Runtime Environment Version 6.0 update 13.
l/libglade-2.6.4-i486-1.tgz: Upgraded to libglade-2.6.4.
l/libical-0.43-i486-1.tgz: Upgraded to libical-0.43.
l/libmcrypt-2.5.8-i486-1.tgz: Added libmcrypt-2.5.8.
l/libmsn-r95-i486-1.tgz: Upgraded to libmsn-r95.
l/libnl-1.1-i486-1.tgz: Added libnl-1.1.
l/librsvg-2.26.0-i486-1.tgz: Upgraded to librsvg-2.26.0.
l/libspectre-0.2.2-i486-1.tgz: Upgraded to libspectre-0.2.2.
l/libtheora-1.0-i486-1.tgz: Upgraded to libtheora-1.0.
l/libvncserver-0.9.7-i486-1.tgz: Upgraded to LibVNCServer-0.9.7.
l/libxklavier-3.9-i486-1.tgz: Upgraded to libxklavier-3.9.
l/pango-1.22.4-i486-2.tgz: Patched to change /etc/pango/ directory to
/etc/pango/i486-slackware-linux/. Added update-pango-querymodules script.
l/pycups-1.9.45-i486-1.tgz: Upgraded to pycups-1.9.45.
l/qimageblitz-r948358-i486-1.tgz: Upgraded to qimageblitz-r948358.
l/qt-r948357-i486-1.tgz: Upgraded to qt-copy-r948357.
l/soprano-2.2.3-i486-1.tgz: Upgraded to soprano-2.2.3.
l/strigi-0.6.4-i486-1.tgz: Upgraded to strigi-0.6.4.
n/crda-1.0.1-i486-1.tgz: Added crda-1.0.1.
n/curl-7.19.4-i486-2.tgz: Added support for ca-bundle.crt, a bundle of X.509
certificates for public Certificate Authorities.
n/httpd-2.2.11-i486-1.tgz: Upgraded to httpd-2.2.11.
n/iproute2-2.6.29_1-i486-1.tgz: Upgraded to iproute2-2.6.29-1.
n/irssi-0.8.13-i486-1.tgz: Upgraded to irssi-0.8.13.
n/iw-0.9.11-i486-1.tgz: Added iw-0.9.11.
n/libgcrypt-1.4.4-i486-1.tgz: Upgraded to libgcrypt-1.4.4.
n/openssl-0.9.8k-i486-1.tgz: Upgraded to openssl-0.9.8k.
This fixes possible crashes as well as a (fairly unlikely) case where an
invalid signature might verify as valid.
For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0591

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590

(* Security fix *)
n/php-5.2.9-i486-1.tgz: Upgraded to php-5.2.9.
This is now linked against libmcrypt.
This update fixes a few security issues:
– Fixed a crash on extract in zip when files or directories entry names
contain a relative path.
– Fixed security issue in imagerotate(), background colour isn’t validated
correctly with a non truecolour image. (CVE-2008-5498)
Reported by Hamid Ebadi, APA Laboratory.
– Fixed a segfault when malformed string is passed to json_decode().
For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498

(* Security fix *)
n/proftpd-1.3.2-i486-1.tgz: Upgraded to proftpd-1.3.2.
n/samba-3.2.10-i486-1.tgz: Upgraded to samba-3.2.10.
n/vsftpd-2.1.0-i486-2.tgz: Rebuilt with vsftpd.conf changed to use inetd, not
standalone. This was the default in previous versions of vsftpd.
xap/gucharmap-2.26.0-i486-1.tgz: Upgraded to gucharmap-2.26.0.
xap/imagemagick-6.5.1_0-i486-1.tgz: Upgraded to ImageMagick-6.5.1-0.
xap/xine-lib-1.1.16.3-i486-1.tgz: Upgraded to xine-lib-1.1.16.3.
– Fix another possible int overflow in the 4XM demuxer.
(ref. TKADV2009-004, CVE-2009-0385)
For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385

(* Security fix *)
xap/xscreensaver-5.08-i486-1.tgz: Upgraded to xscreensaver-5.08.
extra/grub/grub-0.97-i486-8.tgz: Patched to add ext4 support.
extra/jdk-6/jdk-6u13-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard
Edition Development Kit Version 6.0 update 13.
extra/linux-2.6.29.1-nosmp-sdk/: Updated SMP to no-SMP kernel source patch.
isolinux/initrd.img: Rebuilt with newly compiled kernel modules.
testing/packages/bash-4.0.010-i486-1.tgz: Patched with the official patches
from ftp.gnu.org.
usb-and-pxe-installers/: Rebuilt usbboot.img with newly compiled
kernel modules.