Friday, November 21, 2008

Security Update: libxml2

One security update has been released along with bunch of updates in x/ directory. While it may not be the latest version of the Xorg packages, it has proven to be the most stable version ever tested by Slackware team. Stability is more important than newer version which is buggy. Here's the latest -Current changelog:
Thu Nov 20 12:15:34 CST 2008
a/acpid-1.0.8-i486-2.tgz: Fixed a bug in the build script so that /etc/acpi/acpi_handler.sh.new is chmoded executable. If you installed the previous package, you should chmod 755 your /etc/acpi/acpi_handler.sh.
Thanks to Stuart Winter for pointing this out.

Wed Nov 19 19:52:15 CST 2008
a/acpid-1.0.8-i486-1.tgz: Upgraded to acpid-1.0.8.
/etc/acpi/acpi_handler.sh will be installed as a .new with future upgrades, but since whatever version already installed on the system owns /etc/acpi/acpi_handler.sh, it will still be overwritten one more time when this update is installed. If you've customized your script, be sure to back it up before upgrading.

a/mkinitrd-1.3.2-i486-4.tgz: Fixed a bug where unless -F was the first option given, other command line options would not override the contents of /etc/mkinitrd.conf as documented in the man page.
Thanks to David Somero for the patch.

l/libxml2-2.6.32-i486-2.tgz: Patched and recompiled.
This fixes vulnerabilities including denial of service, or possibly the execution of arbitrary code as the user running a libxml2 linked application if untrusted XML content is parsed.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226
(* Security fix *)

x/compiz-0.7.8-i486-1.tgz: Upgraded to compiz-0.7.8.

x/dejavu-fonts-ttf-2.27-noarch-1.tgz: Upgraded to dejavu-fonts-ttf-2.27.

x/xf86-input-acecad-1.2.2-i486-1.tgz: Added xf86-input-acecad-1.2.2.

x/xf86-input-calcomp-1.1.2-i486-1.tgz: Upgraded to xf86-input-calcomp-1.1.2-i486-1.tgz.

x/xf86-input-digitaledge-1.1.1-i486-1.tgz: Upgraded to xf86-input-digitaledge-1.1.1.

x/xf86-input-dmc-1.1.2-i486-1.tgz: Added xf86-input-dmc-1.1.2.

x/xf86-input-dynapro-1.1.2-i486-1.tgz: Upgraded to xf86-input-dynapro-1.1.2.

x/xf86-input-elo2300-1.1.2-i486-1.tgz: Upgraded to xf86-input-elo2300-1.1.2.

x/xf86-input-elographics-1.2.3-i486-1.tgz: Upgraded to xf86-input-elographics-1.2.3.

x/xf86-input-evdev-2.0.8-i486-1.tgz: Upgraded to xf86-input-evdev-2.0.8.

x/xf86-input-fpit-1.2.0-i486-1.tgz: Upgraded to xf86-input-fpit-1.2.0.

x/xf86-input-hyperpen-1.2.0-i486-1.tgz: Upgraded to xf86-input-hyperpen-1.2.0.

x/xf86-input-jamstudio-1.2.0-i486-1.tgz: Upgraded to xf86-input-jamstudio-1.2.0.

x/xf86-input-joystick-1.3.3-i486-1.tgz: Upgraded to xf86-input-joystick-1.3.3.

x/xf86-input-keyboard-1.3.1-i486-1.tgz: Upgraded to xf86-input-keyboard-1.3.1.

x/xf86-input-magellan-1.2.0-i486-1.tgz: Upgraded to xf86-input-magellan-1.2.0.

x/xf86-input-microtouch-1.2.0-i486-1.tgz: Upgraded to xf86-input-microtouch-1.2.0.

x/xf86-input-mutouch-1.2.1-i486-1.tgz: Upgraded to xf86-input-mutouch-1.2.1.

x/xf86-input-palmax-1.2.0-i486-1.tgz: Upgraded to xf86-input-palmax-1.2.0.

x/xf86-input-penmount-1.3.0-i486-1.tgz: Upgraded to xf86-input-penmount-1.3.0.

x/xf86-input-summa-1.2.0-i486-1.tgz: Upgraded to xf86-input-summa-1.2.0.

x/xf86-input-synaptics-0.15.2-i486-1.tgz: Added xf86-input-synaptics-0.15.2.

x/xf86-input-tek4957-1.2.0-i486-1.tgz: Upgraded to xf86-input-tek4957-1.2.0.

x/xf86-input-vmmouse-12.5.2-i486-1.tgz: Upgraded to xf86-input-vmmouse-12.5.2.

x/xf86-input-void-1.1.1-i486-1.tgz: Added xf86-input-void-1.1.1.

x/xf86-video-cirrus-1.2.1-i486-1.tgz: Upgraded to xf86-video-cirrus-1.2.1.

x/xf86-video-glint-1.2.1-i486-1.tgz: Upgraded to xf86-video-glint-1.2.1.

x/xf86-video-i128-1.3.1-i486-1.tgz: Upgraded to xf86-video-i128-1.3.1.

x/xf86-video-intel-2.4.3-i486-1.tgz: Upgraded to xf86-video-intel-2.4.3.

x/xf86-video-mga-1.4.9-i486-1.tgz: Upgraded to xf86-video-mga-1.4.9.

x/xf86-video-neomagic-1.2.1-i486-1.tgz: Upgraded to xf86-video-neomagic-1.2.1.

x/xf86-video-nv-2.1.12-i486-1.tgz: Upgraded to xf86-video-nv-2.1.12.

x/xf86-video-openchrome-0.2.903-i486-1.tgz: Added xf86-video-openchrome-0.2.903.

x/xf86-video-radeonhd-1.2.3-i486-1.tgz: Upgraded to xf86-video-radeonhd-1.2.3.

x/xf86-video-s3virge-1.10.1-i486-1.tgz: Upgraded to xf86-video-s3virge-1.10.1.

x/xf86-video-savage-2.2.1-i486-1.tgz: Upgraded to xf86-video-savage-2.2.1.

x/xf86-video-vmware-10.16.5-i486-1.tgz: Upgraded to xf86-video-vmware-10.16.5.

x/xkeyboard-config-1.4-noarch-1.tgz: Upgraded to xkeyboard-config-1.4.
NOTE: These are some of the more important updates for X.Org. For the last several days we have been building and testing the very newest X updates, and it seems that the more intrusive updates are probably best left to develop until sometime after the coming -stable Slackware 12.2 release. Those will require a lot of testing and some things don't seem to be quite there yet.
"X -configure" is hanging the console, DRI is not yet working on all the hardware tested, and the new xorg-server will render most existing xorg.conf files non-functional until several changes are made.

extra/slacktrack/slacktrack-2.01-noarch-1.tgz: Upgraded to slacktrack-2.01.
Thanks to Stuart Winter.