Mon Apr 28 23:43:55 CDT 2008
We'll call this Slackware 12.1 RC3, and freeze the tree for anything that isn't critical. Things seem very stable, so it's probably a good idea to save any further upgrades and additions until -current restarts.
a/cups-1.3.7-i486-2.tgz: Applied patch str2790 to fix crash bugs in the PNG image filter. The issues are not believed to be capable of either a DoS (at worst, it simply crashes the filter processing the current job and does not crash the scheduler daemon, which just moves on to the next job in the print queue), nor arbitrary code execution (data from the image is never stored in the affected tile array). Still, it seems to be worth fixing here just in case. The CUPS bug report may be found here:
ap/mysql-5.0.51b-i486-1.tgz: Upgraded to mysql-5.0.51b (which appears to be nothing more than a version bump...)
l/imlib-1.9.15-i486-3.tgz: Patched to fix rendering issues on Intel and possibly other graphics chipsets. Thanks to Iain Paton.
l/libmtp-0.2.6.1-i486-1.tgz: Upgraded to libmtp-0.2.6.1. The udev rules are now sed processed during build. Thanks much to Joerg Germeroth. :-)
l/libpng-1.2.27-i486-1.tgz: Upgraded to libpng-1.2.27.
This fixes various bugs, the most important of which have to do with the handling of unknown chunks containing zero-length data. Processing a PNG image that contains these could cause the application using libpng to crash (possibly resulting in a denial of service), could potentially expose the contents of uninitialized memory, or could cause the execution of arbitrary code as the user running libpng (though it would probably be quite difficult to cause the execution of attacker-chosen code). We recommend upgrading the package as soon as possible.
For more information, see:
(* Security fix *)
x/xf86-input-joystick-1.3.2-i486-1.tgz: Upgraded to xf86-input-joystick-1.3.2.
x/xf86-video-radeonhd-1.2.1-i486-1.tgz: Upgraded to xf86-video-radeonhd-1.2.1.
x/xf86-video-vmware-10.16.1-i486-1.tgz: Upgraded to xf86-video-vmware-10.16.1.
isolinux/initrd.img: Fixed minimum RAM amount in /etc/issue, and made some edits to other documentation within the installer.
usb-and-pxe-installers/: In usbboot.img, fixed minimum RAM amount in /etc/issue, and made some edits to other documentation within the installer.
Tuesday, April 29, 2008
Another RC release towards 12.1 and it's been officially freezed for non-critical updates and save further big changes after -Current gets started again (we don't know yet, but most of the time two or three months after the -Stable has been released, even though it could be longer than that).