Friday, December 19, 2008

Security Update: Mozilla Firefox

Welcome to the first update for Slackware 12.2 which is also stated the first update in -Current. Recently, the mechanism has been changed a bit. In the past, security update for stable releases were released only in -Stable branch and not in -Current. Only after *public* -Current development has been started again (usually few months after the -Stable has been released), then every changes to the -Stable will be synced with the -Current along with the package naming (in -Stable, they usually have _slackXX.YY.tgz to indicate that those packages are patches to Slackware version XX.YY, while in -Current there are no such names).

Well, here are those two updates for -Current and also for -Stable (the changelog here is taken from -Current changelog):
Thu Dec 18 12:38:20 CST 2008
a/mkinitrd-1.3.3-i486-1.tgz:
Fixed a few bugs in the previous mkinitrd package:
If a kernel version is requested with the -k option and modules are needed to build the initrd, exit with an error if no matching /lib/modules/ tree is present. Usually an incorrect kernel version was supplied.
Thanks to Eric Hameleers.
When adding kernel modules to the initrd, be more verbose showing success and failure copying each module. Thanks to Ellington Santos.
With some newer kernels, "/dev/root" might be returned by mount as the root device, but this will not work as an initrd root device. If mount returns /dev/root, look at the /dev/root symlink to determine the actual root device and use that so that the root device does not need to be supplied with -r.
In the call to /sbin/modprobe used to determine module dependencies, use the option --ignore-install to avoid catching "install" lines under /etc/modprobe.d/ when modules that use these are added to the initrd. This prevents /sbin/modprobe from being copied over busybox, breaking the initrd.
Thanks to Ken Milmore.

xap/mozilla-firefox-3.0.5-i686-1.tgz:
Upgraded to firefox-3.0.5.
This fixes some security issues:
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html
(* Security fix *)