Friday, October 9, 2015

Working Towards MATE 1.12

MATE developers have started to work towards MATE 1.12 and they have bumped several packages to 1.11.0 even though only 2 packages were published under 1.11.0 version (for now).

I also use this chance to make some changes to the SlackBuilds to match next Slackware release, which is to make the default ARCH for x86 is i586 although it will still build normally for i486.

That said, master branch is now diverging from 14.1-mate-1.10 branch which will exclusively track and build packages for stable releases (14.1) only. Master branch is now following development version of MATE, thus there's a chance for new deps in the future. For those who are building from source and living in stable releases, please make sure to checkout 14.1-mate-1.10 branch.

MATE's ROADMAP is also updated with the new goal. Hopefully all of them can be implemented in this cycle.

Friday, October 2, 2015

Security Updates: Firefox, Thunderbird, Seamonkey, and PHP

Four security updates were released this morning and they are the usual Mozilla trio packages and PHP. They were released for 14.0, 14.1, and current branches.

Along with this batch of update, Pat also pushed some update to current including:
  • pkgtool bumped to 14.2 with lots of performance improvements
  • mozilla-nss upgraded to 3.20
  • php upgraded to 5.4.45 (stable) and 5.6.13 (current)
  • libXi upgraded to 1.7.5
  • libxcb upgraded to 1.11.1
  • mesa upgraded to 11.0.2
  • xf86-video-{chips,s3virge,sis} upgraded to latest version

Thursday, October 1, 2015

Poll Results and New Poll

It's been late for one month already, but it's better to be late than no post at all. So few months ago i asked which DE that people wished to be included in the future Slackware releases. Here are the results:
  44 (26%)
  29 (17%)
  25 (15%)
  11 (6%)
  30 (18%)
  34 (20%)
  51 (30%)
  7 (4%)
  21 (12%)

MATE is the highest votes with 30% followed by Cinnamon and LxQT. I'm not that surprised since many people loved the old GNOME2 and since MATE is based on it, it has high number of people who wished it to be included. Cinnamon is also quite interesting since it provides modern desktop with modern technology and it's still relatively new, but it has attracted many people already.

While i don't have any authority to give a decision whether all those options will be included in next Slackware or not, here's a good solution:
I'm also announcing new question for next poll. It's all about PHP. PHP 5.6 is still used in -current as of today (October 1 2015), but it will be supported until August 2016 and receive security updates until July 2017. Meanwhile, PHP 7.0 is approaching and it has reached RC3.
Which PHP version should be included in the next Slackware release?

Last 2 Batch of Updates

There were 2 batch of updates in current after my last post and i didn't have time to write a blog post about them due to my heavy load in the office in last few weeks.

The last two updates brings more up to date packages:
  • smartmontools 6.4
  • cdrtools 3.01
  • ddrescue 1.20
  • ccache 3.2.3
  • libjpeg-turbo 1.4.2
  • libtasn1 1.4.7
  • mozilla-firefox 41.0
  • hplip 3.15.9
  • sqlite
  • llvm 3.7.0
  • stunnel 5.23
  • mesa 11.0.0
  • xf86-video-intel git20150915_23986f0
Some other packages are being rebuilt to fix some problems found and reported by users in LQ.

Friday, September 11, 2015

Security Update: bind and seamonkey

I was busy at work in the past few days, so i couldn't write any blog post about updates happening in Slackware, so here are the recap for last week and this week:
  • bind upgraded to 9.10.2_P4 to fix security vulnerabilities
  • seamonkey upgraded to 2.35 to fix security vulnerabilities
  • mutt upgraded to 1.5.24
  • mesa rebuilt with --enable-nine parameter and upgraded to 10.6.6
  • gdb upgraded to 7.10
  • gobject-introspection upgraded to 1.44.0
  • parted rebuilt (should fix libvirt build issue)
  • netpbm rebuilt (remove some junk files)
  • sendmail upgraded to 8.15.2

Thursday, September 3, 2015

Security Update: gdk-pixbufs2 and bind

Three security updates were released for Slackware yesterday : gdk-pixbufs2 that applied to Slackware 13.37 and newer, libvdpau for current users only, and bind that was just released for Slackware 13.0 and newer.

Meanwhile in current world, several new updates pushed on the last batch:
a/aaa_elflibs-14.2-i586-2.txz: Rebuilt.
a/cryptsetup-1.6.7-i586-1.txz: Upgraded.
a/lvm2-2.02.129-i586-1.txz: Upgraded.
ap/lxc-1.1.3-i586-1.txz: Upgraded.
d/git-2.5.1-i586-1.txz: Upgraded.
l/dconf-editor-3.16.1-i586-1.txz: Added.
n/ModemManager-1.4.10-i586-1.txz: Upgraded.
n/NetworkManager-1.0.6-i586-1.txz: Upgraded.
n/openssh-7.1p1-i586-1.txz: Upgraded.
x/mesa-10.6.5-i586-1.txz: Upgraded.
xap/network-manager-applet-1.0.6-i586-1.txz: Upgraded.

Monday, August 31, 2015

More XOrg Fixes

On weekend, Pat pushed several updates to fix some annoying bugs reported on LQ and it was tested by some people and confirmed to work before being pushed into the main tree. For those affected by previous XOrg instabilities, please try this update that contain upstream fixes.

Here are the changes in the past two days:
Sun Aug 30 22:43:36 UTC 2015
l/adwaita-icon-theme-3.16.2-noarch-2.txz: Rebuilt.
       Patched to remove bogus /usr/locale/ directory tree. Thanks to ponce.
l/gvfs-1.24.2-i586-2.txz: Rebuilt.
       Rebuilt to fix missing CIFS filesystem support. Thanks to lems.
x/xorg-server-1.17.2-i586-2.txz: Rebuilt.
       Recompiled with stability patches from upstream. Thanks to ponce.
x/xorg-server-xephyr-1.17.2-i586-2.txz: Rebuilt.
x/xorg-server-xnest-1.17.2-i586-2.txz: Rebuilt.
x/xorg-server-xvfb-1.17.2-i586-2.txz: Rebuilt.
Sat Aug 29 05:27:29 UTC 2015
a/procps-ng-3.3.10-i586-4.txz: Rebuilt.
       Recompiled without --enable-timeout-stat to fix fuser hang.
kde/oxygen-gtk3-1.4.1-i486-1.txz: Removed.
x/libXaw3dXft-1.6.2d-i586-2.txz: Rebuilt.
xap/mozilla-firefox-40.0.3-i586-1.txz: Upgraded.
       This release contains security fixes and improvements.
       For more information, see:
       (* Security fix *)

Tuesday, August 25, 2015

Intel Driver Problem Fixed

In the last big update few days ago, there was a bug slipped the team in which Intel GPU users were unable to start their desktop after upgrading to the latest XOrg and Mesa packages. Many people reported this on LQ, G+, and also on AlienBOB's blog. Several people came up to help and Ponce finally gathered all the information and push a new build on his repository.

The packages is good and i have tested it on my workstation which also uses Intel GPU and it does work. Few hours later, Pat pushed the new update for xf86-video-intel and some other related packages in -current tree. This issue should be solved by now and you can safely upgrade your packages using slackpkg as usual.

Happy Slacking and Testing :)

Saturday, August 22, 2015

VMWare-Workstation 10.0.6 Patch for Linux Kernel 4.1

It doesn't take long to find the patch for VMWare Workstation 10.0.6 against Linux Kernel 4.1 since the patch has been around since Linux Kernel 3.19 was introduced, so again, i have pushed the simple automated script to patch your VMWare Workstation against the latest Linux Kernel 4.1 into my SlackHacks github repository.

Please let me know if you have any problems using it.

NVidia 304.125 Patch for Linux Kernel 4.1

As i mentioned before, if you are upgrading to the latest -current update, you *may* end up with a text-only system as your desktop will not load due to incompatibilities from your proprietary driver with the new Linux Kernel 4.1. This is the case on my desktop system where i used the legacy NVidia driver 304.125.

While it already had XOrg 1.17 support, it wasn't ready to support Linux Kernel 4.1 (due to it's being released in 2014), so patches are needed in order to make it buildable.

I have pushed 2 patches in my SlackHacks github repository to address this issue. I have tested it and it works fine on my desktop machine.

Now, my next issue is to rebuild all third party packages that are linked to gnutls since it introduces another soname bumps. Also VMWare needs to be taken care as well since it failed to built. One step at a time.

Security Update: gnutls

One security update was released this weekend and it was gnutls. This update applies to 14.0, 14.1, and current. For those living in 14.0, please make sure to install a new package first: nettle.

current is now progressing very well. Pat added and upgraded lots of packages in this batch. Here are the highlights:
  • Linux Kernel 4.1
  • glibc 2.22
  • gcc 4.9.3
  • ruby 2.2.3
  • gtk+3 3.16.6
  • gnutls 3.4.4
  • samba 4.2.3
  • libdrm 2.4.64
  • mesa 10.6.4
  • xorg 1.17.2
This surely interesting, but don't blindly upgrade. There are some newly added and removed packages in this batch, so please read the changelog carefully and take some notes on those packages.

If you are using proprietary blog drivers from NVidia/ATI, please make sure it's compatible with Linux Kernel 4.1 already.

Have fun testing new current :)

Wednesday, August 19, 2015

Security Update: Thunderbird

One regular security update was released last week, which was Thunderbird. It's now updated to 38.2.0.

For current, there were some small progress which was reported by some users in LQ and Pat quickly fixed that. It's regarding SIP update earlier which caused some packages were broken due to changes in the API.

One interesting change was dhcpcd gets downgraded to 6.8 since there were multiple reports on 6.9.

Wednesday, August 12, 2015

OpenSSH Update: A Little Warning

Pat has started to push some updates in -current branch and while some of them are small updates such as file, sip and libjpeg-turbo, there's also quite a major improvements such as firefox 40 openssh 7.0.

Firefox 40 gave a lot of new features such as expanded malware protection, Improved scrolling, graphics, and video playback performance with off main thread compositing, and lots of new features for developers and users. See the release notes for more detailed information.

OpenSSH 7.0 is a major update compared to 6.9 and based on the release notes, it also introduce some incompatible changes such as:

 * Support for the legacy SSH version 1 protocol is disabled by
   default at compile time.

 * Support for the 1024-bit diffie-hellman-group1-sha1 key exchange
   is disabled by default at run-time. It may be re-enabled using
   the instructions at

 * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled
   by default at run-time. These may be re-enabled using the
   instructions at

 * Support for the legacy v00 cert format has been removed.

 * The default for the sshd_config(5) PermitRootLogin option has
   changed from "yes" to "prohibit-password".

 * PermitRootLogin=without-password/prohibit-password now bans all
   interactive authentication methods, allowing only public-key,
   hostbased and GSSAPI authentication (previously it permitted
   keyboard-interactive and password-less authentication if those
   were enabled). 

They also gave early warning to users about future deprecations:
We plan on retiring more legacy cryptography in the next release

 * Refusing all RSA keys smaller than 1024 bits (the current minimum
   is 768 bits)

 * Several ciphers will be disabled by default: blowfish-cbc,
   cast128-cbc, all arcfour variants and the rijndael-cbc aliases
   for AES.

 * MD5-based HMAC algorithms will be disabled by default.
If you have been using SSH to securely connect to your machines remotely and the keys were generated in the past using a weak algorithm such as DSS, it would be wise to backup the .ssh directory and move it somewhere else and start generating your new key (RSA-based) and upload it to the server and update your key preferences or settings before attempting to upgrade your OpenSSH package. Failing to do so will block you to connect to the remote machine unless you have a normal password-based authentication. This will also affect for those who have been using git protocol to push or pull updates from and to git repository as they use ssh as the backend.