Friday, August 29, 2008

Security Update: Amarok

Even though it's a bit late for -Current users, but it might be useful for those who don't play fire with -Current and stick with -Stable tree. Amarok has just been upgraded to 1.4.10 because The Magnatune music library plugin made insecure use of the /tmp directory, allowing malicious local users to overwrite files owned by the user running Amarok through symlink attacks. This was fixed in 1.4.10, so please go get them now, mostly if you are using Magnatune. Here's the latest -Stable tree:
Thu Aug 28 22:48:16 CDT 2008
patches/packages/amarok-1.4.10-i486-1_slack12.1.tgz:
Upgraded to amarok-1.4.10. This fixes a security issue in the Magnatune online music library support which could be used by malicious local users to overwrite system files. For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699
(* Security fix *)

KOffice Patched

There was one small issue on KOffice so that Pat has to patch the KOffice in order to fix this issue with ODT files. Here's the latest -Current changelog:
Thu Aug 28 15:11:39 CDT 2008
kde/koffice-1.6.3-i486-6.tgz: Patched KOffice to write ODT elements in the correct order according to specs. This issue was first noticed by Giovanni Venturi while moving ODT documents between OOo and KWord. Thanks to Giovanni Venturi for pointing out the patch in KOffice's SVN.
+--------------------------+

Thursday, August 28, 2008

Kdetoys and Kdenetwork are Back

In the last KDE updates, two files were missing (kdetoys and kdenetwork). Right now, it has been uploaded by Pat and every KDE packages are now synchronized to 3.5.10. Good to hear that.
Wed Aug 27 21:01:25 CDT 2008
A couple of things slipped through the cracks with that last update. An old patch was applied to kdenetwork making that build fail. Once that was fixed kdetoys (previously missing) built correctly. Perhaps it needed a header file or library from kdenetwork. Sorry about that, and thanks to Willy Sudiarto Raharjo and Corrado Franco for pointing out the omissions.
kde/kdenetwork-3.5.10-i486-1.tgz: Upgraded to kdenetwork-3.5.10.

kde/kdetoys-3.5.10-i486-1.tgz: Upgraded to kdetoys-3.5.10.

Wednesday, August 27, 2008

KDE 3.5.10 Is Available

KDE 3.5.10 has been released and it's already on the Slackware-Current repository. Go get them and upgrade to the latest version of the KDe 3.5.x version. It's still one of the most stable version of the KDE version. I'm still using it even though Pat has put the KDE 4.1 on the /testing directory. I do use KDE 4.1, but it's on my office desktop which i rarely used for most of my daily activities. Anyways, here's the latest -Current changelog (it's nice to see the changelog gets updated after two weeks without any updates):
Tue Aug 26 22:21:31 CDT 2008
Upgraded KDE version 3.x.x to 3.5.10. Really, there's nothing wrong with looking back as long as it's something stable and dependable. It's good to see that KDE3 received this maintainance update. Thanks, KDE team! :-)
The announcement may be found on the KDE web site: http://kde.org/announcements/announce-3.5.10.php
kde/amarok-1.4.10-i486-1.tgz: Upgraded to amarok-1.4.10.

kde/k3b-1.0.5-i486-1.tgz: Upgraded to k3b-1.0.5.

kde/kdeaccessibility-3.5.10-i486-1.tgz: Upgraded to kdeaccessibility-3.5.10.

kde/kdeaddons-3.5.10-i486-1.tgz: Upgraded to kdeaddons-3.5.10.

kde/kdeadmin-3.5.10-i486-1.tgz: Upgraded to kdeadmin-3.5.10.

kde/kdeartwork-3.5.10-i486-1.tgz: Upgraded to kdeartwork-3.5.10.

kde/kdebase-3.5.10-i486-1.tgz: Upgraded to kdebase-3.5.10.

kde/kdebindings-3.5.10-i486-1.tgz: Upgraded to kdebindings-3.5.10.

kde/kdeedu-3.5.10-i486-1.tgz: Upgraded to kdeedu-3.5.10.

kde/kdegames-3.5.10-i486-1.tgz: Upgraded to kdegames-3.5.10.

kde/kdegraphics-3.5.10-i486-1.tgz: Upgraded to kdegraphics-3.5.10.

kde/kdelibs-3.5.10-i486-1.tgz: Upgraded to kdelibs-3.5.10.

kde/kdemultimedia-3.5.10-i486-1.tgz: Upgraded to kdemultimedia-3.5.10.

kde/kdepim-3.5.10-i486-1.tgz: Upgraded to kdepim-3.5.10.

kde/kdesdk-3.5.10-i486-1.tgz: Upgraded to kdesdk-3.5.10.

kde/kdeutils-3.5.10-i486-1.tgz: Upgraded to kdeutils-3.5.10.

kde/kdevelop-3.5.3-i486-1.tgz: Upgraded to kdevelop-3.5.3.

kde/kdewebdev-3.5.10-i486-1.tgz: Upgraded to kdewebdev-3.5.10.

kde/koffice-1.6.3-i486-5.tgz: Recompiled.

kdei/k3b-i18n-1.0.5-noarch-1.tgz: Upgraded to k3b-i18n-1.0.5.

kdei/kde-i18n-*-3.5.10-noarch-1.tgz: Upgraded to kde-i18n 3.5.10.

l/arts-1.5.10-i486-1.tgz: Upgraded to arts-1.5.10.

Friday, August 22, 2008

According to Royal Pingdom, Indonesia are the second country which has the highest interest on Slackware after Bulgaria applause

Yes, we do love Slackware love struck and we would love to see it grows much bigger in the future

Countries with highest interest in Slackware:

  1. Bulgaria
  2. Indonesia
  3. Brazil
  4. Russia
  5. Poland

Sunday, August 17, 2008

Updated Kernel Installation Article

After the first update to my article, i'm updating the other article which is also outdated: Installing Kernel on Slackware. The old article uses Slackware 10.1 which still used 2.4.31 kernel. Slackware no longer support 2.4.x on Slackware 12.1, so it's time to update the article to reflect the changes into the article as well.

This update has been committed both on my web page and also in Indonesian Linux Forum (Slackware thread). Enjoy the updated article and please let me know if there's missing or typo on the article.

Saturday, August 16, 2008

One Year of Serving

ID-Slackware mailing list has been serving the Indonesian Slackware community for about one year (13 months since July 2007). At the beginning when i created this mailing list, i thought the member would be less than 100 peoples because many people prefer to use easy-to-use Linux distribution (i consider Slackware is easy, but not to everybody), but today there are 305 of them (i know it's not so big compared to other Indonesian Linux communities like Ubuntu-ID or OpenSuSE-ID). Even so, i'm quite proud of it. I never explicitly publish this mailing list, but the member keep on coming and signed up. Most of them know this mailing list from our aggregator or Indonesian Linux Forum.

The discussion frequency also increased every month. This month (up to 16 August), there are about 204 posts, so equals to 12 posts/day. One of the reason is because someone asked in this mailing list about "Why do you choose Slackware Linux?". It seems that everybody eager to answer the question and post their opinion. Most of the answer are like everybody else. Simple, Stable, and Secure. But there are also funny answers too, for example "Slackware could make you addicted so your girlfriend left you because you spent your time hacking the Slackware all the time" laughing

Updated Kernel Compilation Article

I have updated my kernel compilation article which was very outdated. Last time i update the article was about one year ago. During one year, some changes has been introduced, either by the kernel itself, or by the Slackware development. So it's time to update the article. I do hope i have time to update all of the articles, but most of the articles are still valid up to now.

Thursday, August 14, 2008

Official KDE 4 on Slackware

Hey Hey Hey....
KDE 4 is already supported on Slackware-Current (it's still on /testing though). You may want to read the instructions before testing this packages. I have been using Vincent's packages and everything seems to work very well, but this one is the official packages from Pat which was helped by Robby and Heinz for maintaining the script to build the packages.

Another news about Slackware is that this project will have a new logo created by Mark from Senile Felines Designs (look the screenshot below)

Here's the latest -Current changelog:
Wed Aug 13 09:21:45 CDT 2008
l/poppler-0.8.5-i486-2.tgz: Added Qt4 support.
testing/packages/kde4: Added KDE version 4.1 to testing! :-)
Thanks to Robby Workman and Heinz Wiesinger for all the packaging and testing help, and of course to the whole KDE community for helping to bring the Linux desktop to a whole new level of appearance and ease of use. I've installed this on my main email/browsing/general machine and as far as I'm concerned there's just no looking back. It's really a big step forward.

Wednesday, August 13, 2008

Running on KDE 4

Thanks to Vincent Batts for providing KDE 4 packages which can co-exist with KDE 3.5.x, i am now running KDE 4.1.0 on my desktop at my office (i didn't use this desktop as much as my desktop at home, so i used it for testing this KDE 4 packages). All i did was install all the kde and deps packages except for poppler which was provided by Slackware and it has newer version than Vincent's package.

Next thing is running xwmconfig to switch to KDE4. After than, i ran startx and voila..... huh? Stil running KDE 3.5.9? Hm... so the script at .xinitrc didn't work at all. So i checked the script and i looked at the QT4DIR and KDE4DIR environment variables. They didn't exists on my system, so i tried to use this command to initiate it
EXPORT QTDIR=/usr/libqt4
EXPORT KDEDIR=/opt/kde4
EXPORT KDEHOME=/home/willysr/.kde4

i only need to do this, as the script in .xinitrc will find the the variables and load it with the correct KDE 4 packages. So far, everything works normally, except for some specific configuration i have made to KDE 3.5.9 which is temporarily gone (i may have to re-add it again in KDE 4). I also lost my previous konsole settings which display my username, hostname, and current working directory. The default setting in Terminal just displays the bash and bash version. Luckily, a simple script on .bashrc would do the tricks
PS1="[\u@\h \w]"

One thing that bothers me is that when i looked at Control Center, it still displayed the old version of KDE (Look at the screenshot below)

Tuesday, August 12, 2008

Testing KDE 4

I'm downloading KDE 4 packages from Vincent's repository which said to work co-exist with existing KDE 3.5.x installation. I'm hoping to try this installation tomorrow using my workstation at my office. The worst case is that i will have to remove all kde packages and install a new one :)

Of course i will backup my .kde directory, just in case it blew up my system laughing

Sunday, August 10, 2008

Alpine Updates

Two updates related to Alpine has been released today to fix SSL cert path. Also there's one upgraded application. Here's the Changelog
Sat Aug 9 15:32:37 CDT 2008
n/alpine-1.10-i486-2.tgz: Fixed path for SSL certs. Thanks to Peter Stokes.

n/imapd-1.10-i486-2.tgz: Fixed path for SSL certs. Thanks to Peter Stokes.

x/m17n-lib-1.5.2-i486-1.tgz: Upgraded to m17n-{db,docs,lib}-1.5.2.

Saturday, August 9, 2008

Kopete is Connecting Again

Pat released a recompiled kdenetwork package with a small patch to fix MSN connection on Kopete. With this patch, the Kopete users will be allowed to connect to MSN network again. Here's the latest -Current changelog today:
Fri Aug 8 23:42:20 CDT 2008
kde/kdenetwork-3.5.9-i486-3.tgz: Recompiled (with a small patch) against the new OpenSSL, which fixes connecting to MSN with kopete.

Thursday, August 7, 2008

All Yeah 2.6.26.2

Almost all of my system now runs on 2.6.26.2. I did have problems with 2.6.26.x when it was launched initially, mostly because NVIdia driver and also my lack of knowledge while configuring for the new feature. It seems that choosing 4KB stack instead of using the default 8KB stack is a bad idea (in my case), so i repeated the process and leave the old setting and NOT using 4KB stack and everything works well.

Just for some clue, my kernel configuration is already uploaded on my Box under kernel directory. Have fun with it. You might want to change several things to match your system though big grin

Bye Bye Pine, Welcome Alpine

Well, finally my request to Pat to replace Pine with Alpine come true today. Pine development has been discontinued and it's being replaced by Alpine. It's fully compatible with Pine, so don't worry too much about your inbox. You can always do backups before the migration. It's being merged in the -Current changelog today along with other changes.
Thu Aug 7 01:40:04 CDT 2008
a/cups-1.3.8-i486-1.tgz: Upgraded to cups-1.3.8.

ap/hplip-2.8.7-i486-1.tgz: Upgraded to hplip-2.8.7.

d/git-1.5.6.4-i486-1.tgz: Upgraded to git-1.5.6.4.

d/mercurial-1.0.1-i486-1.tgz: Upgraded to mercurial-1.0.1.

d/subversion-1.5.1-i486-1.tgz: Upgraded to subversion-1.5.1.

n/alpine-1.10-i486-1.tgz: Added alpine-1.10, a Pine replacement.

n/imapd-1.10-i486-1.tgz: Upgraded to imapd/ipop3d daemons from alpine-1.10.

n/pine-4.64-i486-2.tgz: Removed. (Replaced by alpine-1.10)

n/rsync-3.0.3-i486-1.tgz: Upgraded to rsync-3.0.3.

n/samba-3.2.1-i486-1.tgz: Upgraded to samba-3.2.1.

xap/xchat-2.8.6-i486-1.tgz: Upgraded to xchat-2.8.6.

Tuesday, August 5, 2008

Security Update: Pan and Python

Two security updates coming up this morning along with few other updates on -Current. These two packages are Pan and Python. Here's the -Current changelog:
Mon Aug 4 13:56:36 CDT 2008
a/sysvinit-scripts-1.2-noarch-22.tgz: _Really_ quieted down rc.M's mime update this time (it seems that errors are sent to stdout). Thanks to Robby Workman.
If we must update icon-cache files in rc.M (which is done only if they already exist), background it so that it doesn't delay the boot as much.
In rc.S, only update the kernel version in /etc/motd if the file begins with"Linux", leaving the rest of the file free to be customized.
Thanks to Pete Cervasio for the improved MOTD script.
Grab some information about the root partition from /proc/mounts to initialize /etc/mtab. Thanks to Alan Hicks.

d/python-2.5.2-i486-2.tgz:
Patched various overflows and other security problems.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144
(* Security fix *)

n/getmail-4.8.2-noarch-1.tgz: Upgraded to getmail-4.8.2.

x/dejavu-fonts-ttf-2.26-noarch-1.tgz: Upgraded to dejavu-fonts-ttf-2.26.

x/liberation-fonts-ttf-1.04-noarch-1.tgz: Upgraded to liberation-fonts-1.04.

xap/pan-0.133-i486-1.tgz: Upgraded to pan-0.133.
This update fixes a buffer overflow in pan-0.128 through pan-0.132 when processing .nzb files.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2363
(* Security fix *)

Saturday, August 2, 2008

New Poll

Ok, time to start a new poll again. This time, i wanted to take some small surveys about OpenOffice.org in Slackware. Like we all know, OOo is one of the most popular application among Open Source project and also Linux users. Unfortunately, it wasn't a default application in Slackware (perhaps because it's too bloated and it will require Pat to remove lots of application in order to ship OOo in Slackware or adding more CDs to Slackware which will add more burden to the users).

So, give your votes now even though it's up to Pat whether he will include this or not. It's just a poll anyways big grin

Poll Result

It's a bit late, but only for one day, so it wasn't a big one. So, without any ADO, here's the poll result from last month's question: "What is your opinion about KDE 4 on Slackware?"

I totally agree 23 (26%)
It should be on /extra or /testing 40 (46%)
It's not stable enough 15 (17%)
I totally disagree 2 (2%)
I didn't use KDE 6 (6%)

So, based on the votes, people thinks that KDE 4.x should be placed in /extra or /testing rather than being the default window manager in next Slackware release. I can understand that, as many critics has been addresses towards KDE on the development progress, but after 4.1 release few days ago, i believe that it's getting more stable and when next Slackware gets released, it will be as mature as KDE 3.5.x and most application will have been ported to KDE 4.x. So there is a good chance that KDE 4.x will be shipped in next Slackware.

Also if you look on the changelog on July 28, Pat updates the sysvinit-scripts to reduce the verbose level as he's "playing" with KDE 4 (my assumption) which generates more error while booting up. I guess this can be an indication that the next KDE will be used rather than 3.5.x.
a/sysvinit-scripts-1.2-noarch-21.tgz: For now, quiet error output from update-mime-database, since KDE4 causes some "noise".