Wednesday, April 29, 2009

Security Update: Mozilla Firefox

Today, the kernel stock in -Current branch are upgraded to use 2.6.29.2. Along with these kernel updates, there is also one security update, Mozilla Firefox which is now 3.0.10. OpenSSH has been upgraded to 5.2p1 too. Here are the latest -Current changelog:
Tue Apr 28 17:00:14 CDT 2009
a/kernel-firmware-2.6.29.2-noarch-1.tgz: Upgraded to Linux 2.6.29.2 firmware.

a/kernel-generic-2.6.29.2-i486-1.tgz: Upgraded to Linux 2.6.29.2.

a/kernel-generic-smp-2.6.29.2_smp-i686-1.tgz: Upgraded to Linux 2.6.29.2.

a/kernel-huge-2.6.29.2-i486-1.tgz: Upgraded to Linux 2.6.29.2.

a/kernel-huge-smp-2.6.29.2_smp-i686-1.tgz: Upgraded to Linux 2.6.29.2.

a/kernel-modules-2.6.29.2-i486-1.tgz: Upgraded to Linux 2.6.29.2 modules.

a/kernel-modules-smp-2.6.29.2_smp-i686-1.tgz: Upgraded to Linux 2.6.29.2 modules.

a/openssl-solibs-0.9.8k-i486-2.tgz: Patched to advertise TLS extensions only with TLS. Thanks to Fred Emmott.

a/pkgtools-12.34567890-noarch-5.tgz: Fixed a bug in installpkg where a bad extension on the first package would cause subsequent package installs to fail. Thanks to Jason Detring.

d/kernel-headers-2.6.29.2_smp-x86-1.tgz: Upgraded to Linux 2.6.29.2 headers.

k/kernel-source-2.6.29.2_smp-noarch-1.tgz: Upgraded to Linux 2.6.29.2 source.

n/openssh-5.2p1-i486-1.tgz: Upgraded to openssh-5.2p1.

n/openssl-0.9.8k-i486-2.tgz: Patched to advertise TLS extensions only with TLS. Thanks to Fred Emmott.

xap/mozilla-firefox-3.0.10-i686-1.tgz: Upgraded to firefox-3.0.10.
This fixes some security issues.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html
(* Security fix *)

extra/linux-2.6.29.2-nosmp-sdk/: Regenerated SMP to no-SMP kernel source patch.

isolinux/initrd.img: Rebuilt with newly compiled kernel modules.

kernels/*: Rebuilt.

usb-and-pxe-installers/: Rebuilt usbboot.img with newly compiled kernel modules.

Tuesday, April 28, 2009

Wireless-tools

One update to remove obsolete option in wireless-tools package has been released on -Current based on reports on LQ forums. Here are the changes:
Mon Apr 27 13:35:02 CDT 2009
n/wireless-tools-29-i486-5.tgz: Removed obsolete -w wpa_supplicant option in rc.wireless.

This also marks my 600th post applause

Monday, April 27, 2009

Security Updates: BitchX and CUPS

Two security updates were released today, with something unique, as one of them are package deletion and not a patch or version upgrade. Yes, BitchX has been removed as there is no active development on the upstream, leaving users with known security vulnerabilities without no fixes. It's suggested that people who had been using BitchX to use irssi or X-Chat for GUI-based application.

Besides this two updates, there are several updated packages as well, mostly live in a/ and x/ where scim-* took some package there. Here are the latest -Current changelog:
Sun Apr 26 15:11:57 CDT 2009
a/cups-1.3.10-i486-1.tgz:
Upgraded to cups-1.3.10.
This fixes several security issues, including an integer overflow in the TIFF decoder, a failure to properly verify the Host HTTP header, and several problems with PDF handling (the new CUPS uses a wrapper rather than embedded code taken from xpdf). These issues could result in a denial of service or the execution of arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
(* Security fix *)

a/dialog-1.1_20080819-i486-2.tgz: Patched to make the minimum height of checkboxes and menuboxes 4. This fixes a bug where installer menus were taller than they needed to be, and in some cases filled the screen overwriting the information at the top.

a/pkgtools-12.34567890-noarch-4.tgz: Patched to fix failures when a valid package extension (.tgz, .tbz, .tlz, .txz) is embedded somewhere in the directory path, or the package's name, version, or build number.
Thanks to Erik Jan Tromp.

a/sysvinit-scripts-1.2-noarch-29.tgz: Patched rc.M to remove files of the form {a,}quota.{group,user}.new from the top of filesystems that use quota. These can be created if quota is interrupted by a reboot or power failure and cause quotacheck at boot time to fail.
Thanks to Erik Jan Tromp.

d/strace-4.5.18-i486-1.tgz: Upgraded to strace-4.5.18.

n/bitchx-1.1-i486-5.tgz: Removed.
BitchX has several known security flaws for which there are no known workarounds, and upstream progress seems to have stalled. Users should switch to a supported IRC client such as irssi.
(* Security fix *)

n/metamail-2.7-i486-3.tgz: Updated patch and recompiled.
Moved fonts for mailto-hebrew to /usr/share/metamail/fonts/.

n/wpa_supplicant-0.6.9-i486-1.tgz: Upgraded to wpa_supplicant-0.6.9.

x/m17n-lib-1.5.4-i486-1.tgz: Upgraded to m17n-lib-1.5.4.

x/scim-1.4.9-i486-1.tgz: Upgraded to scim-1.4.9.

x/scim-bridge-0.4.16-i486-1.tgz: Upgraded to scim-bridge-0.4.16.

x/scim-input-pad-0.1.2-i486-1.tgz: Added scim-input-pad-0.1.2.

x/scim-m17n-0.2.3-i486-1.tgz: Upgraded to scim-m17n-0.2.3.

x/scim-tables-0.5.9-i486-1.tgz: Upgraded to scim-tables-0.5.9.

x/wqy-zenhei-font-ttf-0.8.38_1-noarch-1.tgz: Upgraded to wqy-zenhei-0.8.38-1.

x/xaw3d-1.5E-i486-1.tgz: Upgraded to Xaw3d-1.5E.

xap/xfractint-20.04p09-i486-1.tgz: Upgraded to xfractint-20.04p09.

isolinux/initrd.img: Regenerated modules.dep to reflect the compressed kernel modules. Thanks to Piter Punk and Eric Hameleers.
When formatting an ext3 partition, don't use '-j' (using mkfs.ext3 already takes care of that).
Use the patched dialog to fix the formatting of the installer menus.

testing/packages/bash-4.0.017-i486-1.tgz: Updated with upstream patches.

usb-and-pxe-installers/usbboot.img: Same fixes as initrd.img.

Saturday, April 25, 2009

Please Welcome France Team

In revision 340, a new directory (fr_FR) has been added on the main tree of SlackBasics translation project. This will mark new translations for France language. Welcome aboard on the SlackBasics project big hug

Indonesian team now has two translators (currently) and so far we are progressing quite well. I'm translating from chapter 1 and going forward while the other one translate from last chapter (26) and going backward. This way, we won't have conflict unless we have reached the same file. Let's just hope we are able to finish this project this year and it can be used by many Slackware users, mostly in Indonesia.

If you are still interested to join this project, please let me know. It would be better if you already have experience playing with SVN because this project uses SVN for SCM tools.

Thursday, April 23, 2009

As expected, Slackware released another security fix after Mozilla Firefox gets a lift off yesterday as they released another version, 3.0.9. It fixed several vulnerabilities and it's considered high priority so that it's released as soon as possible.

Wednesday, April 22, 2009

Indonesian Slackbasics-i18n Project

This morning, i have added all the skeleton files for Indonesian Slackbasics-i18n project which i copied from the English version. All the files are ready to be translated and by this post, i invite all of Indonesian Slackware users to join this project and finish up this translations so that it could be used by any other Indonesian Slackware users.

For now, my focus is to move translated files from our repository in Slackware.Linux.Or.Id into Google Code. This will take some time, as we didn't translate the XML files, but we generated the HTML files and we translated the HTML files.

This project are hosted at Google Code and it will use SVN as the collaboration tools. You can see the information on how to obtain the sources here.

Thanks to Marcelo Andrade for inviting me into this project and i hope more translations will come in the future.

Tuesday, April 21, 2009

Slackbasics-i18n

Marcelo Andrade, one of the Portuguese translator for SlackBasics has offered me to join the Slackbasics-i18n project as Daniel is no longer a Slackware users so he gave the management of SlackBasics.org to Marcelo. This project will host translations for SlackBasics which was originally done by Daniel.

I took the offer and i will handle the Indonesian version. I have given the admin right for now, but i'm a little bit busy this days, so it might take few days to add Indonesian translation to the site and when it's done, it can be accessed anywhere via SVN access described here.

Also i was given a new mail address at willy@slackbasics.org. Thanks to Marcelo for all his efforts big grin

Security Update: udev

Another security update has been released on -Current branch along with several other fixes in a/ directory. Here are the latest -Current changelog:
Mon Apr 20 23:38:45 CDT 2009
a/etc-12.34567890-noarch-3.tgz: Added the uucp user to the dialout group.

a/mkinitrd-1.3.3-i486-3.tgz: Fixed broken directory in initrd-tree.tar.gz.
Thanks to Malcolm Rowe for the bug report.

a/pkgtools-12.34567890-noarch-3.tgz: Fixed upgradepkg oldpackage%newpackage.
Fixed the installpkg test for the external compression utility.
Thanks to Robby Workman.

a/pcmciautils-015-i486-2.tgz: Added symlinks to /sbin/* in /lib/udev (needed by the udev rules file). Fixed installation of udev rules file.
Thanks to Robby Workman.

a/udev-141-i486-1.tgz:
Upgraded to udev-141.
Changed serial devices from group 'uucp' to group 'dialout'.
This upgrade fixes a local root hole and a denial of service issue.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1186
(* Security fix *)

l/pilot-link-0.12.3-i486-7.tgz: The dialout devices now use group 'dialout' rather than group 'uucp', and the udev rules have been changed to use MODE="660" instead of MODE="664". Thanks to Robby Workman.

Thursday, April 16, 2009

Pkgtool Gets a Fix

Only one update is released today to fix pkgtool, the Slackware package management tool. It has been reported on LQ and now the fix has come out. Here's the small changes in -Current changelog:
Wed Apr 15 22:17:31 CDT 2009
a/pkgtools-12.34567890-noarch-2.tgz: Fixed bugs with package extension stripping and package description handling that could cause error messages or hangs during package installs or upgrades. Thanks to Piter Punk, Alan Hicks, Eric Hameleers, and Robby Workman.
Handle "package not found" with upgradepkg gracefully. Thanks to Shark.

Tuesday, April 14, 2009

Security Update: Seamonkey

One security update has been released by Slackware Security Team led by Patrick himself. It's seamonkey package which is now upgraded to 1.1.16. Along with this update, there are several upgraded packages as well, like the rebuilt kernel packages to remove the crashing i2o_dpt driver and replaced by i2o_block and added three experimental wireless drivers for Realtek.

The interesting thing is that the pkgtool now supports new formats other than tgz. The new supported formats are .tbz, .tlz, and .txz. I don't know for now what's the purpose of those formats and what's inside it, but we will know it when it's time.

Here are the latest -Current changelog:
Mon Apr 13 16:22:12 CDT 2009
a/coreutils-7.2-i486-1.tgz: Upgraded to coreutils-7.2. Added new file formats to /etc/DIR_COLORS.
a/kernel-firmware-2.6.29.1-noarch-2.tgz: Rebuilt.

a/kernel-generic-2.6.29.1-i486-2.tgz: Rebuilt.
The huge kernels were rebuilt to remove the crashing i2o_dpt driver (i2o_block is provided as the replacement driver), and to add three Realtek wireless drivers that are part of the CONFIG_STAGING driver collection.
These are considered experimental, but are probably better than nothing.

a/kernel-generic-smp-2.6.29.1_smp-i686-2.tgz: Rebuilt.

a/kernel-huge-2.6.29.1-i486-2.tgz: Rebuilt.

a/kernel-huge-smp-2.6.29.1_smp-i686-2.tgz: Rebuilt.

a/kernel-modules-2.6.29.1-i486-2.tgz: Rebuilt.

a/kernel-modules-smp-2.6.29.1_smp-i686-2.tgz: Rebuilt.

a/less-418-i486-2.tgz: Add support in lesspipe.sh for viewing .tbz, .tlz, .txz, .tar.lzma, and .tar.xz files.

a/pkgtools-12.34567890-noarch-1.tgz: Added support for .tbz, .tlz, and .txz packages in addition to the traditional .tgz format.

a/tree-1.5.2.2-i486-1.tgz: Upgraded to tree-1.5.2.2.

d/kernel-headers-2.6.29.1_smp-x86-2.tgz: Rebuilt.

k/kernel-source-2.6.29.1_smp-noarch-2.tgz: Rebuilt.

l/libcap-2.16-i486-2.tgz: Patched broken header.

n/crda-1.0.1-i486-2.tgz: Fixed docs directory. Thanks to Mikhail Zotov.

x/dejavu-fonts-ttf-2.29-noarch-1.tgz: Upgraded to dejavu-fonts-ttf-2.29.

xap/audacious-1.5.1-i486-3.tgz: Patched to fix command line option handling.
Thanks to Kirill Cherniy for pointing out the patch.

xap/seamonkey-1.1.16-i486-1.tgz:
Upgraded to seamonkey-1.1.16.
This release fixes some more security vulnerabilities.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
(* Security fix *)

extra/linux-2.6.29.1-nosmp-sdk/: Regenerated SMP to no-SMP kernel source patch.

isolinux/initrd.img: Rebuilt with newly compiled kernel modules. Added support for .tbz, .tlz, and .txz packages.

kernels/*: Rebuilt.

usb-and-pxe-installers/: Rebuilt usbboot.img with newly compiled kernel modules. Added support for .tbz, .tlz, and .txz packages.

Friday, April 10, 2009

Massive Updates

Big and massive updates are now available on -Current tree. It has been out since yesterday actually, but since i'm out of town without Internet connection, i'm able to write it down today after coming back. In general, it has new KDE 4.2.2, new kernel 2.6.29.1, lots of new packages being added, and also many more are being recompiled or patched to fix minor problem up to security vulnerabilities.

The changelog are quite huge, so i suggest that you should go to the -Current changelog to see them in detail.

Friday, April 3, 2009

Another Poll

The development of -Current has been started for some time and new packages has started to be merged on this development cycle. On this monthly poll, I want to know your prediction about next Slackware release. The results of the poll will not affect the exact release schedule, as i'm not the release manager, but i want to see your expectation of the next Slackware release which i think will be a huge release winking

So, start voting guys.....

Poll Results

It's been three days since the poll closed, but i forgot to announce the results, so without any further ado, the results of last month's poll are:
1-2 years 41 (25%)
3-5 years 47 (29%)
6-9 years 45 (27%)
more than 10 years 29 (17%)

We have a tight votes from 162 voters and finally the winner is people who has been using Slackware for 3-5 years (including me). I believe that Slackware users are very loyal once they have been used to Slackware due to it's simplicity and stability. I'm also happy to see many new Slackware users who have joined the Slackware community, both in Indonesia and also in other countries.

We are proud to be Slackware users love struck