Sunday, February 25, 2007

Section 7 Finished

So i continue my work today by finishing Section 7 of Slackbook and it's already finished (i just committed it to the CVS server also). I guess that's enough for today. I will continue Section 8 in other time and i'm enjoying a nice weekend now.

Section 6 Finished

Finally i have some spare time to update Slackbook project. I have just committed a change to finish all translations for Chapter 6 of the Slackbook and i'm going through Chapter 7. I do really need help to finish this project as it still 13 section left to be translated. If you really wanted to help this project, please visit the Project Page

Friday, February 23, 2007

Updated PHP and Amarok

Patrick Volkerding has released several packages today and it contains an updates to PHP and Amarok (including some dependencies packages needed by Amarok). Some of the packages has been around for few days if we look OSUOSL's mirror site. Here's the changelog of all of them:
Thu Feb 22 21:13:04 CST 2007
patches/packages/php-4.4.5-i486-1_slack11.0.tgz:
Upgraded to php-4.4.5 which improves stability and security.
For complete details, see http://www.php.net.
For imformation about some of the security fixes, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
(* Security fix *)

extra/php5/php-5.2.1-i486-1_slack11.0.tgz:
Upgraded to php-5.2.1 which improves stability and security.
For imformation about some of the security fixes, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
(* Security fix *)

patches/packages/amarok-1.4.5-i486-1_slack11.0.tgz: Upgraded to amarok-1.4.5, which fixes the last.fm stream breakage after the last upgrade to xine-lib.

patches/packages/libgpod-0.4.2-i486-1_slack11.0.tgz: Upgraded to libgpod-0.4.2. This is needed for the amarok package.

patches/packages/libmtp-0.1.3-i486-1_slack11.0.tgz: Upgraded to libmtp-0.1.3. This is needed for the amarok package.

Wednesday, February 21, 2007

Kernel 2.6.20.1 Released

Containing only 1 update, this fix (2.6.20.1) is relatively small, but i guess it's very important as the -stable team don't want to wait until other fixes are ready and they just released this version right away. Here's the short changelog to 2.6.20.1:
commit 8d1117a9f5d302d8d460fbe7ef322b382e45c9ce
Author: Greg Kroah-Hartman
Date: Mon Feb 19 22:34:32 2007 -0800

Linux 2.6.20.1

commit e162a033a5882bde0c3bf5a07ee2119f9535cd8c
Author: Greg Banks
Date: Tue Feb 20 10:12:34 2007 +1100

[PATCH] Fix a free-wrong-pointer bug in nfs/acl server (CVE-2007-0772)

Due to type confusion, when an nfsacl verison 2 'ACCESS' request
finishes and tries to clean up, it calls fh_put on entiredly the
wrong thing and this can cause an oops.

Signed-off-by: Neil Brown
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman

Monday, February 19, 2007

Updated glibc-zoneinfo Package

Patrick Volkerding has released an updated glibc-zoneinfo package to update the timezone information to account for the extention of Daylight Savings Time (DST) in the US. Without this update, many computers who uses Slackware in the United States will have a system clock off by one hour for a month starting on March 11.

Here's the changelog:
+--------------------------+
patches/packages/glibc-zoneinfo-2.3.6-noarch-7_slack11.0.tgz:
Updated with tzdata2007b for impending Daylight Savings Time
changes in the US.
+--------------------------+

Saturday, February 10, 2007

No Sound at Gaim 2.0.0-beta6

In my previous post about Upgrading to Gaim 2.0.0-beta6, i have mentioned about Gstreamer as one of the requirements in beta6, but unfortunately, after i upgraded Gstreamer, my Gaim still don't produce any sound (i have just tested it) and it won't even blink now. I have tried to recompile gaim several times to make sure it has the correct parameter but still no luck.

I even tried to downgrade to beta-5, but nothing changed. I guess for now, i will have to use Gaim without any sound or message notifications when i'm online using Slackware.

Friday, February 9, 2007

PHP 5.2.1 Released

Thanks to Eris, i finally found an update to PHP 5. Actually, i browsed PHP site few days ago (and also yesterday) and i couldn't found any update on PHP, but today, they have changed their front page and also released an update to their latest 5.2.x version (4.4.x version with relevant changes will be available soon).

There's a bunch of updates included in this version and they urged every developer and web hosting should upgrade to this version as this version also added new meta data to prevent search engines indexing the page with phpinfo() information which can be used to infiltrate the system or looking for vulnerable configuration of PHP itself.

Here's the security enhancement on PHP 5.2.1:
* Fixed possible safe_mode & open_basedir bypasses inside the session extension.
* Prevent search engines from indexing the phpinfo() page.
* Fixed a number of input processing bugs inside the filter extension.
* Fixed unserialize() abuse on 64 bit systems with certain input strings.
* Fixed possible overflows and stack corruptions in the session extension.
* Fixed an underflow inside the internal sapi_header_op() function.
* Fixed allocation bugs caused by attempts to allocate negative values in some code paths.
* Fixed possible stack overflows inside zip, imap & sqlite extensions.
* Fixed several possible buffer overflows inside the stream filters.
* Fixed non-validated resource destruction inside the shmop extension.
* Fixed a possible overflow in the str_replace() function.
* Fixed possible clobbering of super-globals in several code paths.
* Fixed a possible information disclosure inside the wddx extension.
* Fixed a possible string format vulnerability in *print() functions on 64 bit systems.
* Fixed a possible buffer overflow inside mail() and ibase_{delete,add,modify}_user() functions.
* Fixed a string format vulnerability inside the odbc_result_all() function.
* Memory limit is now enabled by default.
* Added internal heap protection.
* Extended filter extension support for $_SERVER in CGI and apache2 SAPIs.

Detailed improvements/fixes can be seen at the Changelog.

Time to upgrade to the latest PHP....

Thursday, February 8, 2007

Updated Samba

Patrick Volkerding has upgraded SAMBA packages to the latest version which fixed some security vulnerabilities. Here's the entry from the Stable Changelog:
Wed Feb 7 12:29:05 CST 2007
patches/packages/samba-3.0.24-i486-1_slack11.0.tgz:
Upgraded to samba-3.0.24. From the WHATSNEW.txt file:
"Important issues addressed in 3.0.24 include:
o Fixes for the following security advisories:
- CVE-2007-0452 (Potential Denial of Service bug in smbd)
- CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind NSS library on Solaris)
- CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)"
Samba is Slackware is vulnerable to the first issue, which can cause smbd to enter into an infinite loop, disrupting Samba services. Linux is not vulnerable to the second issue, and Slackware does not ship the afsacl.so VFS plugin (but it's something to be aware of if you build Samba with custom options).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454
(* Security fix *)

Monday, February 5, 2007

New Kernel Released

Linus Torvalds and Willy Tarreau has released a new kernel release, 2.6.20 and also 2.4.34.1. Please see the Changelog (2.6.x and 2.4.x) for more detail about the changes. Time for some kernel upgrades :)