Posts

Showing posts from July, 2009

Security Update: BIND

A patched BIND package has been released today on -Current along with ICS announcement about new releases of all current versions BIND 9 in response to CERT Vulnerability Note VU#725188.

Here's the latest -Current changelog:
Wed Jul 29 23:10:01 CDT 2009
n/bind-9.4.3_P3-i486-1.txz: Upgraded.
This BIND update fixes a security problem where a specially crafted dynamic update message packet will cause named to exit resulting in a denial of service.
An active remote exploit is in wide circulation at this time.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696
https://www.isc.org/node/479
(* Security fix *)

Security Update: Mozilla Firefox

Security update has been released for -Stable release, which is Firefox. Since -Current has been migrating to Firefox 3.5, this security update only affects Slackware 12.2 and previous version.

Here's the latest -Stable changelog:
Tue Jul 28 14:07:36 CDT 2009
patches/packages/mozilla-firefox-3.0.12-i686-1.tgz:
Upgraded to firefox-3.0.12.
This fixes some security issues.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html
(* Security fix *)

New KTorrent Released

Even though i never had problems with KTorrent included in -Current (3.2.1), when i saw a newer version of KTorrent (3.2.2), i am hoping that this version should be included before Slackware 13.0 is released.

Taken from the official website:A new bugfix release is out for the 3.2 series. Several crashes have been fixed, the plasma applet has seen some improvements and can now be placed in the panel, and the configuration dialog can be made small enough to be useful on small screens.If you are getting a lot of connection to host is broken errors with some trackers, you can now try out the new tracker announce code (to enable go to the advanced settings and make sure "Do not use KIO for tracker announces" is enabled).

Request For Testing

Robby Workman has asked for public testing (again) for newer version of MESA and several XOrg packages on his repository.

This is due to problem found on newer version of XOrg-server which he thinks might lead to new requirement of newer version of MESA (7.5) while Slackware-Current still uses 7.4.4.

If you are using Intel drivers and having problems with current version, try testing the new packages, but read the instructions first.

New Package: dc3dd

One new package has been included on the latest batch of updates in -Current. It's dc3dd, a patched version of dd utility which are now being commonly used for forensic purposes.

Here's the latest changes in -Current:
Fri Jul 24 19:43:51 CDT 2009
a/cxxlibs-6.0.10-i486-1.txz: Upgraded. Replaced libstdc++.so.6.0.9 with libstdc++.so.6.0.10.

ap/dc3dd-6.12.3-i486-1.txz: Added. This is a version of dd that has been patched to include a number of features useful for computer forensics.
Thanks to Barry J. Grundy for the build script.

More Updates

Ok, since i have come back to my home, i can start updating this blog again. There are several interesting updates since my last post few days ago.

Mesa 7.4.4 has been moved out from /testing to be used in the next Slackware release. I have tested it here on my desktop and my laptop and it's proven to be stable, but hey, it's just two cases. NMap finally gets an update after a final release has been published by Fyodor. It incorporates big changes since 4.76 release and it's pretty darn good.

There is an addition of intel driver at /extra just in case you have trouble using the 902 version (mostly because you haven't use Linux kernel 2.6.30 which has the KMS feature). The slocate has been tweaked to use ionice which makes the performance slightly better than before. This has been discussed at LQ.

Mozilla Firefox also gets a cosmetic update by using the new Firefox logo. I don't really see the big differences between the new and the old one though.

Security Update : Mozilla Firefox

One security update has been released by Pat. It's a new Firefox release which has been waited by many users.

Also, Slackware-Current received so many updates in these days. There are kernel updates to 2.6.29.6 and also packages in /x has been updated also. Xorg server packages has been raised to 1.6.2.

There are several packages in /extra as well for Intel chipset (Robby has asked for public testing for this packages in LQ and the answers vary among users, so Pat probably includes all of them for safety reason).

Please enjoy Slackware-Current. I'am sorry for not posting the Changelog as i'm posting this via my phone
Image
I will be leaving to Jakarta and Bandung for almost a week starting today, so updates on Slackware-current will not be available on this blog during that day. Meanwhile, please read the changelog for updates.

I will be back on Wednesday with (hopefully) good updates on Slackware

Security Update: dhcp

One security update has been released today, which is dhcp. Along with this update, there are several updates on other packages as well. Finally a decision is made on libsafe package which is now moved to /pasture, due to problem caused by this application, mostly in Firefox 3.5 and being an unmaintained application since 2001.

Here's the latest -Current changelog:
Tue Jul 14 18:10:01 CDT 2009
a/e2fsprogs-1.41.7-i486-1.txz: Upgraded.

ap/mc-20090714_git-i486-1.txz: Upgraded.

ap/slackpkg-2.80.1-noarch-2.tgz: Upgraded. Thanks to Piter Punk.

l/gnome-icon-theme-2.26.0-i486-1.txz: Upgraded.

l/libgsf-1.14.15-i486-1.txz: Upgraded.

n/dhcp-3.1.2p1-i486-1.txz: Upgraded.
A stack overflow vulnerability was fixed in dhclient that could allow remote attackers to execute arbitrary commands as root on the system, or simply terminate the client, by providing an over-long subnet-mask option.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692
(* Security fix *)

extra/wicd/wicd-…

Another Firefox 3.5 Solution

After following several thread and bug reports from many Linux distribution about Firefox 3.5, i found that there are several options to fix Firefox 3.5 problems, which won't load anything. Here they are:
Make a wrapper script for Firefox 3.5 and put this line on it: LD_PRELOAD=/lib/libc.so.6 /path/to/firefox (this is the proposed solution which should make libsafe is usable for other application while Firefox should start normally)
Comment libsafe entry in /etc/ld.so.preload. (This will disable libsafe, which i think is not the best way to solve things, as libsafe is proven to be stable enough)Remove libsafe (it should be the last option if any other options failed)

Welcome Firefox 3.5 on -Current

Well, time to get updated again on -Current as Pat has released some updates on -Current (not too much though). The interesting part is Qt updates and also Firefox 3.5 which eventually makes it way to -Current. Some people (including me) was assuming that Firefox 3.5 will not make it into -Current, but Pat decided to go with it.

So here's the latest -Current changelog:
Sat Jul 11 18:31:32 CDT 2009
l/qt-r994599-i486-1.txz: Upgraded to qt-copy-r994599.

n/php-5.2.10-i486-2.txz: Rebuilt. Installed the pear.php.net.reg and pecl.php.net.reg files from php-5.2.9, since the ones installed by php-5.2.10 are broken. Thanks to Mike Peachey for the bug report.

xap/mozilla-firefox-3.5-i686-1.txz: Upgraded to mozilla-firefox-3.5.

It's Up again

Good news comes out from LQ forum that main website of Slackware has been up again after having some hardware issues in the last few days. Still, there're no updates on -Current, but i think they will come up with good news in the following days, so stay tuned on Slackware development tree since it's getting closer and closer to a final release of Slackware 13.0 which will be the first Slackware release that includes KDE 4 and also 64-bit version as well as 32-bit.

Firefox 3.5 Problem Solved

Image
Thanks to olego, a new LQ member who has posted at my thread about the same problem that he had with Firefox 3.5. He tried to comment out libsafe entry at /etc/ld.so.preload and this trick works. It makes Firefox 3.5 works as intended. What is libsafe anyway?

Libsafe is a library that intercepts calls to vulnerable functions in the standard C library at runtime, replacing these functions with safer ones that do not allow buffer overflows (SecurityFocus).

So, i was wondering whether Mozilla Firefox 3.5 uses insecure C functions on the code so that libsafe changed them and makes it broken?

Slackware.Com Down

The main site of Slackware is currently down since few days ago and i still don't know when will it be up again, but don't worry. I believe that Pat and the Crew will do their best to restore the website again and they will come up with better services in the future. Also let's hope when the Changelog is up again, it will be filled with updates from the latest development cycle of Slackware-Current.

Slackware 13.0 RC 1

The development of Slackware 13.0 nearly ends and Pat decided to freeze further updates (unless there's a security problem or regression occurred) and marks today's update as Release Candidate 1. Usually, Slackware never had too many RCs in the past, so i would say, Slackware 13.0 will be released on July or probably in August.

Based on the Changelog, it would use 2.6.29.x rather than going with 2.6.30, even though it would bring more updates to the core of the operating system itself.

Here's the latest -Current changelog:
Wed Jul 1 16:04:35 CDT 2009
Hi folks -- the TODO isn't entirely empty here, but it's pretty much down to minor nits, and so we're going to call this release candidate #1 and (mostly) freeze further updates unless they happen to fix problems.
Regarding the kernel, 2.6.29.x has been well tested with this userspace and seems like the best choice to ship for production use. Perhaps we can put something else (at least source and configs) in /testing, t…