Welcome Firefox 3.5 on -Current

Well, time to get updated again on -Current as Pat has released some updates on -Current (not too much though). The interesting part is Qt updates and also Firefox 3.5 which eventually makes it way to -Current. Some people (including me) was assuming that Firefox 3.5 will not make it into -Current, but Pat decided to go with it.

So here's the latest -Current changelog:

Sat Jul 11 18:31:32 CDT 2009
l/qt-r994599-i486-1.txz: Upgraded to qt-copy-r994599.

n/php-5.2.10-i486-2.txz: Rebuilt. Installed the pear.php.net.reg and pecl.php.net.reg files from php-5.2.9, since the ones installed by php-5.2.10 are broken. Thanks to Mike Peachey for the bug report.

xap/mozilla-firefox-3.5-i686-1.txz: Upgraded to mozilla-firefox-3.5.

It's Up again

Good news comes out from LQ forum that main website of Slackware has been up again after having some hardware issues in the last few days. Still, there're no updates on -Current, but i think they will come up with good news in the following days, so stay tuned on Slackware development tree since it's getting closer and closer to a final release of Slackware 13.0 which will be the first Slackware release that includes KDE 4 and also 64-bit version as well as 32-bit.

Firefox 3.5 Problem Solved

Thanks to olego, a new LQ member who has posted at my thread about the same problem that he had with Firefox 3.5. He tried to comment out libsafe entry at /etc/ld.so.preload and this trick works. It makes Firefox 3.5 works as intended. What is libsafe anyway?

Libsafe is a library that intercepts calls to vulnerable functions in the standard C library at runtime, replacing these functions with safer ones that do not allow buffer overflows (SecurityFocus).

So, i was wondering whether Mozilla Firefox 3.5 uses insecure C functions on the code so that libsafe changed them and makes it broken?

Slackware.Com Down

The main site of Slackware is currently down since few days ago and i still don't know when will it be up again, but don't worry. I believe that Pat and the Crew will do their best to restore the website again and they will come up with better services in the future. Also let's hope when the Changelog is up again, it will be filled with updates from the latest development cycle of Slackware-Current.

Slackware 13.0 RC 1

The development of Slackware 13.0 nearly ends and Pat decided to freeze further updates (unless there's a security problem or regression occurred) and marks today's update as Release Candidate 1. Usually, Slackware never had too many RCs in the past, so i would say, Slackware 13.0 will be released on July or probably in August.

Based on the Changelog, it would use 2.6.29.x rather than going with 2.6.30, even though it would bring more updates to the core of the operating system itself.

Here's the latest -Current changelog:

Wed Jul 1 16:04:35 CDT 2009
Hi folks -- the TODO isn't entirely empty here, but it's pretty much down to minor nits, and so we're going to call this release candidate #1 and (mostly) freeze further updates unless they happen to fix problems.
Regarding the kernel, 2.6.29.x has been well tested with this userspace and seems like the best choice to ship for production use. Perhaps we can put something else (at least source and configs) in /testing, though.
a/slocate-3.1-i486-2.txz: Rebuilt. Don't index cifs or tmpfs.
Add a few more directories to the list of paths to prune.
Thanks to Cor Molenaar and Erik Jan Tromp.

l/urwid-0.9.8.4-i486-1.txz: Added. Needed for wicd.

n/dnsmasq-2.49-i486-1.txz: Upgraded.

n/httpd-2.2.11-i486-2.txz: Rebuilt. This needed a recompile against the new apr package to fix building new modules.
Thanks to Michael Johnson and Ian Carolan for reporting this issue.

n/iwlwifi-3945-ucode-15.32.2.9-fw-1.txz: Upgraded.

n/iwlwifi-5000-ucode-8.24.2.12-fw-1.txz: Upgraded.

n/php-5.2.10-i486-1.txz: Upgraded.

x/xorg-server-1.6.1-i486-2.txz: Rebuilt.
Fixed default-font-path. Thanks to Bruce Hill.
Patched a key repeat problem in XineramaCheckMotion.
Thanks to Adam Kennedy for pointing out the fix.

x/xorg-server-xephyr-1.6.1-i486-2.txz: Rebuilt.

x/xorg-server-xnest-1.6.1-i486-2.txz: Rebuilt.

x/xorg-server-xvfb-1.6.1-i486-2.txz: Rebuilt.

xap/electricsheep-20090306-i486-2.txz: Rebuilt. Patched to fix an issue where mplayer needs a buffer when reading from a pipe.
Thanks to Eric Hameleers.

extra/wicd/wicd-1.6.1-i486-1.txz: Upgraded. Thanks to Robby Workman.

Update (09:01 AM): Don't forget to add yourself to netdev group (in /etc/group) and restart wicd daemon and messagebus or you will not find wicd working.

Security Update: Ghostscript

The ghostscript package has been patched to fix several security problems on -Current. It is released on the same day here in Indonesia (Tuesday evening), but it's 39 minutes past midnight at Pat's place. Have a good sleep after releasing this package

Anyway, here's the security advisory today:

Tue Jun 30 00:39:54 CDT 2009
ap/ghostscript-8.64-i486-2.txz: Rebuilt.
Patched various problems with ghostscript that could lead to a denial of service or the execution of arbitrary code when processing a malicious or malformed file.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792
(* Security fix *)

Again, Yahoo Fixes

Two packages are upgraded to fix the Yahoo protocols problems after they decided to upgraded their protocols. Lots of IM client running under Linux are affected, so hopefully this two updates on kdenetwork and pidgin can solve the problem.

Here are the updates:

Mon Jun 29 14:44:25 CDT 2009
kde/kdenetwork-4.2.4-i486-2.txz: Rebuilt.
Patched to fix Yahoo! protocol. Thanks to Matt Rogers.

xap/pidgin-2.5.8-i486-1.txz: Upgraded.

Another Pidgin Release

Another Pidgin release to fix Yahoo problem and this time, it includes other fixes for other protocols as well. As in Yahoo protocol, the default pager server will now be converted to scsa.msg.yahoo.com by default if the user emptied the field or it's still using the old scs.msg.yahoo.com. This, by default will ease user in migration process.

Refer to the changelog here.

We should wait until the package arrived in -Current which i think won't be long

Development and KDE Updates

It seems that Pat really does care about development tools and KDE apps. Today's updates are all about development tools and also KDE apps, which are located under d/ and kde/ directory. Have fun with it

Here's the latest -Current directory:

Mon Jun 29 02:14:32 CDT 2009
d/git-1.6.3.3-i486-1.txz: Upgraded.

d/subversion-1.6.3-i486-1.txz: Upgraded.

kde/amarok-2.1.1-i486-1.txz: Upgraded.

kde/koffice-2.0.1-i486-1.txz: Upgraded.

kdei/koffice-l10n-*-2.0.1-noarch-1.txz: Upgraded to KOffice 2.0.1 l10n packages.

Security Update: Mozilla Thunderbird

Another security-related package coming up on -Current. As Mozilla Firefox has been released few days ago, it's usually followed by Thunderbird as they share the same engine, so here's the Thunderbird coming. Another package is most, which fixed the doc directory.

Here's the latest -Current changelog:

Sat Jun 27 19:02:36 CDT 2009
ap/most-5.0.0a-i486-2.txz: Fixed doc directory.
Thanks to Ellington Santos.

xap/mozilla-thunderbird-2.0.0.22-i686-1.txz:
Upgraded to thunderbird-2.0.0.22.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
(* Security fix *)

Security Fix: Samba

One security update and three updated packages plus one package on testing has been released today. The security update is Samba and the three updated packages are sendmail (and sendmail-cf), and MPlayer, and the last package under /testing directory is Mesa, which is now upgraded to 7.4.4. Hopefully this updated package will fix many problem users encountering while using older version.

Here's the latest -Current changelog:

Fri Jun 26 22:06:58 CDT 2009
n/samba-3.2.13-i486-1.txz: Upgraded.
This upgrade fixes the following security issues:
o CVE-2009-1888:
In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes".
o CVE-2009-1886:
In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf.
With a maliciously crafted file name smbclient can be made to execute code triggered by the server.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1886
(* Security fix *)

n/sendmail-8.14.3-i486-2.txz: Rebuilt.
Fixed missing praliases. Thanks to Mark Post.

n/sendmail-cf-8.14.3-noarch-2.txz: Rebuilt.

xap/MPlayer-r29390-i486-1.txz: Upgraded.

testing/packages/mesa-7.4.4-i486-1.txz: Upgraded.

Security Update: Seamonkey

One security package has been released today, which was Seamonkey. Remember that Seamonkey package are now divided into two separate packages: Seamonkey and Seamonkey-solibs which contains only the runtime file. It gives you an option to compile application that uses Seamonkey library but you don't want to install the whole Seamonkey package.

Here's the -Current changelog:

Wed Jun 24 19:48:10 CDT 2009
l/seamonkey-solibs-1.1.17-i486-1.txz: Upgraded to seamonkey-1.1.17 shared libraries.

xap/seamonkey-1.1.17-i486-1.txz:
Upgraded to seamonkey-1.1.17.
This release fixes some more security vulnerabilities.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
(* Security fix *)