Thursday, April 10, 2008

Security Fix : Rsync

One security fix has been released by PV along with bunch of updates today on -Current, which is Rsync. The security fix is only valid for -Current since the package affected is not yet released to -Stable. It's not the only updates today, since the kernel itself is now compiled to add the experimental CONFIG_PATA_MARVELL option, since some newer Intel motherboards are already using this chipset. One new package also find it's way to the official Slackware packages today: libaio (Asyncronous I/O Library).

Here's the latest -Current changelog:
Wed Apr 9 23:57:07 CDT 2008
The kernels were recompiled to add the experimental CONFIG_PATA_MARVELL option, since some newer Intel motherboards are already using this chipset. Like everything else, use it at your own risk. It was decided that having some driver that was tested and found to work was better than no support at all.
Thanks to David Somero for reporting the issue.

a/kernel-generic-2.6.24.4-i486-2.tgz: Recompiled Linux 2.6.24.4 uniprocessor generic.s (requires initrd) kernel.

a/kernel-generic-smp-2.6.24.4_smp-i686-2.tgz: Recompiled Linux 2.6.24.4 SMP gensmp.s (requires initrd) kernel.

a/kernel-huge-2.6.24.4-i486-2.tgz: Recompiled Linux 2.6.24.4 uniprocessor huge.s (full-featured) kernel.

a/kernel-huge-smp-2.6.24.4_smp-i686-2.tgz: Recompiled Linux 2.6.24.4 SMP hugesmp.s (full-featured) kernel.

a/kernel-modules-2.6.24.4-i486-2.tgz: Recompiled Linux 2.6.24.4 uniprocessor kernel modules.

a/kernel-modules-smp-2.6.24.4_smp-i686-2.tgz: Recompiled Linux 2.6.24.4 SMP kernel modules.

d/kernel-headers-2.6.24.4_smp-x86-2.tgz: Rebuild Linux 2.6.24.4 SMP kernel headers.

d/pkg-config-0.23-i486-2.tgz: Prevent unwanted output during package install.

d/ruby-1.8.6_p114-i486-1.tgz: Upgraded to ruby-1.8.6-p114.

k/kernel-source-2.6.24.4_smp-noarch-2.tgz: Rebuilt Linux 2.6.24.4 SMP kernel source package.

l/libaio-0.3.106-i486-1.tgz: Added libaio-0.3.106 (asynchronous I/O library).

l/glib2-2.14.6-i486-4.tgz: Renamed /etc/profile.d/glib2.{csh,sh} to /etc/profile.d/libglib2.{csh,sh} so that the lang.{csh,sh} scripts will run first, setting the $LANG variable which these scripts require.
Thanks to Carl Bartels.

n/dhcp-3.0.6-i486-1.tgz: Upgraded to dhcp-3.0.6.

n/lftp-3.7.0-i486-1.tgz: Upgraded to lftp-3.7.0.

n/links-2.1pre33-i486-1.tgz: Upgraded to links-2.1pre33.

n/ncftp-3.2.1-i486-1.tgz: Upgraded to ncftp-3.2.1.

n/rsync-3.0.2-i486-1.tgz: Upgraded to rsync-3.0.2.
From the NEWS file:
"BUG FIXES: - Fixed a potential buffer overflow in the xattr code."
This is the security advisory, as the issue was present in -current only.
(* Security fix *)

n/tcpdump-3.9.8-i486-1.tgz: Upgraded to libpcap-0.9.8 and tcpdump-3.9.8.

x/compiz-0.7.4-i486-1.tgz: Upgraded to compiz-0.7.4.

x/pixman-0.10.0-i486-3.tgz: Fixed build script post-install. Thanks to arny.

x/scim-1.4.7-i486-6.tgz: Fixed locale example typo in profile.d scripts.

x/xf86-input-mouse-1.3.0-i486-1.tgz: Upgraded to xf86-input-mouse-1.3.0 to fix a copy/paste bug when switching between the virtual consoles and X.
Thanks to Daryl Bunce for reporting the problem.

extra/slackpkg/slackpkg-2.70.2-noarch-1.tgz: Upgraded to slackpkg-2.70.2-noarch-1. Thanks to Piter Punk!

isolinux/initrd.img: Replaced kernel modules with recompiled versions.

kernels/huge.s/*: Recompiled huge.s 2.6.24.4 kernel.

kernels/hugesmp.s/*: Recompiled hugesmp.s 2.6.24.4 kernel.

kernels/speakup.s/*: Recompiled speakup.s 2.6.24.4 kernel.
Upgraded speakup to GIT pull of 2008-04-09.
Fixed a blunder on my part where I started with the wrong .config, making installation impossible. Thanks to Stephen C. Greeley for reporting this.

usb-and-pxe-installers/: Replaced kernel modules with recompiled versions.