Thursday, December 11, 2014

Multiple Security Advisories

Several security advisories has been released for all -stable and -current branches back to Slackware 13.0:
  • bind is upgraded to 9.9.6_P1 for -stable and bind-9.10.1_P1 for -current 
  • openvpn is upgraded to 2.3.6 for all branches
  • pidgin is upgraded to 2.10.11 (this package does not have any security advisory, but still included in all branch.
Some packages are only applicable to -stable 14.1 and -current branch:
  • firefox is upgraded to 31.3.0esr in 14.1 (current is already upgraded to 34.0.5 few days ago)
  • openssh is rebuilt to re-add tcpwrapper support that was removed by upstream
  • wpa_supplicant is upgraded to 0.7.3 in 13.37, 1.0 in 14.0, 2.3 in 14.1 and -current
  • seamonkey and seamonkey-solibs are upgraded to 2.31 in 14.1 and -current
  • gptfdisk is upgraded to 0.8.10 in -current only

Wednesday, December 3, 2014

Two Security Updates: Firefox and Thunderbird

There were two security updates released in December. One for Firefox, which is now upgraded to 34.0.5 (a strange version indeed) and Thunderbird which is now upgraded to 31.3.0. Thunderbird update is applied to 14.1 as well, but not for Firefox as 14.1 still use Firefox ESR 31.2.0 and there has been no update for this release.

Meanwhile, two more packages in -current gets an upgrade: groff and grep. Still no interesting activity happening in -current, but let's hope it's worth to wait for the big update. It happened very often in previous releases, but indeed this time, it's taking more time then before. Please be patient and let Pat do his job.

Monday, November 17, 2014

New Kernel Playground

The default kernel stock has been raised once again in -current branch. The latest stable LTS kernel release (3.14.24) is now being used while config for latest stable kernel (3.17.3) has been included as well for those brave enough or need newer kernel to test new features or need support for newer hardware.

Firefox 33.1.1 is also included in this batch of update, so if you have issues regarding graphic drivers in Firefox, then perhaps this version can fix your problem.

Sunday, November 16, 2014

Bad News for DigiKam Users

I may have a bad news for DigiKam users that are using Slackware-Current. DigiKam 4.5.0 has been released and i have pushed the updates to SlackBuilds project. This package works well under Slackware 14.1 stable, but unfortunately this may not work if you are using -current under a certain configuration.

If you have upgraded to the latest KDE 4.14.3 and KDE framework 5 along with Plasma 5 provided by Eric Hameleers, then you may not be able to use digiKam properly. I have tried many combinations, but still it ended with a segfault or build failure.

The possible solution is basically to upgrade exiv2 to 0.24 and have libkexiv2 in KDE 4.14.3 recompiled against exiv2 and then you can have a working digiKam.I have discussed it with digiKam maintainer and we believe this is the reason why it failed on my machine.

If you can build and run it properly without having to upgrade exiv2 and recompile KDE 4.14.3, then i will gladly hear your input on this issue.

Saturday, November 15, 2014

Fix regressions

There are two regressions found on previous security updates: mariadb and pidgin. MariaDB developers made some changes in one of their headers, my_config.h that caused some problems with other packages that are linked against it.

I first spotted this problem when trying to compile gdal on SlackBuilds repository. I reported this to the maintainer and soon after, we both found that it's not just gdal that were broken, but many others, namely php, apr-utils, mysql-workbench, etc. I googled a bit and found a patch in other project, so i tried to apply it on my own computer and it worked, so i proposed the patch to Patrick and got accepted.

Second regression was on pidgin. Upstream developers broke Gadu-Gadu protocol when providing security update. Mancha found a patch to fix the problem and got accepted as well.

In -current, firefox has been upgraded to 33.1 as well.

Saturday, November 8, 2014

New Kernels on -Current

New LTS kernel release appearing on -current branch along with small number of packages that are being upgraded to the latest version.

The default kernel stock in -current branch has been raised to 3.14.23 and this will continues to go on unless a new LTS version is announced and then probably we will move to that new version. Personally, i'm fine with this version as my personal need (NVidia driver and VMWare Workstation) works perfectly on this kernel without requiring patches at all. It works flawlessly.

Another important update on this batch is bash which is now includes the latest patch available upstream. For now, this should fix all the remaining questions whether the bash package included in Slackware is insecure.

Other changes were minors. btrfs-progs is upgraded and added a header files, mpg123 is also upgraded to the latest version and so does for xfce4-weather-plugin (this should solve a problem reported in LQ).

Tuesday, November 4, 2014

Multiple Advisories: firefox, seamonkey, php, and mariadb

Multiple advisories has been released for Slackware 14.0 and 14.1 (and of course -current) branches. Most of them are Mozilla-based products, such as Firefox and Seamonkey and the rest are php and mariadb.

Firefox has been upgraded to the next ESR (Extended Support Release), which is based on Firefox 31 branch. This is expected as some big companies (namely Google) has dropped support for older ESR version, forcing users to upgrade to the latest version or latest ESR version, which is what Slackware users get (ESR in -stable and latest version in -current branch).

Slackware 14.0 users who uses Seamonkey still gets an update on this release to 2.30, which is basically the latest version of seamonkey available right now. The same thing happened on php update, which is backported to Slackware 14.0 as well. They will all get PHP 5.4.34.

As of MariaDB, the update was only backported to Slackware 14.1, since Slackware 14.0 still uses MySQL and there's no more updates on the version included in Slackware 14.0 by Oracle.

Thursday, October 30, 2014

Security Advisory: wget

wget package has been updated and rebuilt in all supported Slackware releases, back to Slackware 13.0 to fix a security vulnerability that could allow an attacker to write outside of the expected directory.

in -current branch, moc is now upgraded to 2.5.0, following a request from LQ

Friday, October 24, 2014

Security Advisories: glibc and pidgin

Patrick has released two security updates on both -stable and -current branch. The first update was pidgin and it fixed 5 security vulnerabilities. This update was applied to all -stable releases back to Slackware 13.0. They are now upgraded to Pidgin 2.10.10.

The second update was glibc. This update was only applied to Slackware 14.1 and -current and both have different version number. On 14.1, the glibc was rebuilt to include the patch that fixed several security issues (there are 9 CVEs related to this package), while in -current, Pat (finally) upgraded glibc to 2.20, a big jumping from 2.17 found in Slackware 14.1.

With these update in -current, all the core toolchain (gcc, glibc, and kernel) are set and the fun phase of -current may start in real this time. Normally, glibc was set once for a release and there won't be any changes except for minor upgrade or security fixes only because all applications will be compiled against those combination (mostly glibc and gcc).

Update: glibc were rebuilt with an updated gcc that was patched to fix bug pr61801 since it's causing some applications not working. I tested Google Chrome, but i believe many others will not run either. Google Chrome reported
setresgid: Function not implemented
Could not drop privileges: Function not implemented
Read on socketpair: Success

After updating gcc and glibc, they are working again.

Sunday, October 19, 2014

MATE Roadmap Updated

Few days ago i saw a discussion on IRC saying that MATE 1.10 will be released soon. I was kinda puzzled as there were lots of item in the TODO list in MATE Roadmap for 1.10. When i checked the Roadmap again, apparently MATE developers pushed GTK+3 support again to future releases (now targetting MATE 1.12) along with other features that didn't make it into MATE 1.10 schedule.

Most of the TODO list for MATE 1.10 have been completed with only 2 left:
  • caja: Plugin system (GSOC 2014)
  • Move all documentation into mate-user-guide 
One of the reason why GTK+3 support is delayed is because they (GTK developers) introduced incompatible changes on every major releases (3.8, 3.10, 3.12, and 3.14), so it's quite hard for MATE developers to support every releases within one version number. So they came up with a decision to release separate package for mate-themes which targets different GTK+3 version, depending on which Linux distribution that are going to use MATE Desktop. You can see the branches in their Github.

Since MATE focused on incremental instead of bigbang changes, i'm hoping that the transition from MATE 1.8 to MATE 1.10 will be smooth. There will be new packages introduced and some packages gets removed. You can check the documentation i provided in Master branch of our MSB project.

There is one package that are going to be removed by upstream, but not yet included in the list of removal package in MSB and that is mate-system-tools. In my opinion, this package can still be used for MATE 1.10 unless no one is using them. Let me know and i will gladly remove it.