Showing posts from 2014

Security Advisories: ntp, xorg-server, and php

Three security advisories were released for -stable and -current branches of Slackware. They were:
ntp: Upgraded to 4.2.8 for all -stable and -current branches. This fixed several security vulnerabilities discovered by Neel Mehta and Stephen Roettger of the Google Security Team.xorg-server: Rebuilt for Slackware 14.1 and -current to fix many security issues discovered by Ilja van Sprundel, a security researcher with IOActive.php: Upgraded to 5.4.36 for Slackware 14.0, 14.1, and -current Meanwhile, in -current, there are more packages included in this batch, including:
New LTS kernel release: 3.14.27vim and vim-gvim are upgraded to 7.4.560libusb upgraded to 1.0.19 (this allows USB passthrough for QEMU users)libusb-compat upgraded to 0.1.5libdrm upgraded to 2.4.58libvdpau: Added (originally available via SlackBuilds)mesa: Upgraded to 10.3.5MPlayer: Rebuilt to add support for libvdpaukernel 3.18.1 config files for kernel testers or developers

LibreOffice 4.3.5 for Slackware Users

Eric Hameleers has completed building LibreOffice 4.3.5 package for Slackware-Current (and 14.1) users and upload it on his repository which is mirrored through several mirror sites. This version fixes 70 bugs compared to the previous version.

As always, you can grab the source and binary packages on this mirror sites:  A little note on this:
Reminder to all of you who also have my KDE 5 packages installed: do not use the updated harfbuzz from my ‘ktown‘ repository because it will break LibreOffice. If you are using Mario’s slackpkg+ extension to slackpkg then you can configure it so that Slackware’s own harfbuzz package is preferred over the version which accompanies my KDE 5 packages. See this LQ thread fo…

Multiple Security Advisories

Several security advisories has been released for all -stable and -current branches back to Slackware 13.0:
bind is upgraded to 9.9.6_P1 for -stable and bind-9.10.1_P1 for -current openvpn is upgraded to 2.3.6 for all branchespidgin is upgraded to 2.10.11 (this package does not have any security advisory, but still included in all branch. Some packages are only applicable to -stable 14.1 and -current branch:
firefox is upgraded to 31.3.0esr in 14.1 (current is already upgraded to 34.0.5 few days ago)openssh is rebuilt to re-add tcpwrapper support that was removed by upstreamwpa_supplicant is upgraded to 0.7.3 in 13.37, 1.0 in 14.0, 2.3 in 14.1 and -currentseamonkey and seamonkey-solibs are upgraded to 2.31 in 14.1 and -currentgptfdisk is upgraded to 0.8.10 in -current only

Two Security Updates: Firefox and Thunderbird

There were two security updates released in December. One for Firefox, which is now upgraded to 34.0.5 (a strange version indeed) and Thunderbird which is now upgraded to 31.3.0. Thunderbird update is applied to 14.1 as well, but not for Firefox as 14.1 still use Firefox ESR 31.2.0 and there has been no update for this release.

Meanwhile, two more packages in -current gets an upgrade: groff and grep. Still no interesting activity happening in -current, but let's hope it's worth to wait for the big update. It happened very often in previous releases, but indeed this time, it's taking more time then before. Please be patient and let Pat do his job.

New Kernel Playground

The default kernel stock has been raised once again in -current branch. The latest stable LTS kernel release (3.14.24) is now being used while config for latest stable kernel (3.17.3) has been included as well for those brave enough or need newer kernel to test new features or need support for newer hardware.

Firefox 33.1.1 is also included in this batch of update, so if you have issues regarding graphic drivers in Firefox, then perhaps this version can fix your problem.

Bad News for DigiKam Users

I may have a bad news for DigiKam users that are using Slackware-Current. DigiKam 4.5.0 has been released and i have pushed the updates to SlackBuilds project. This package works well under Slackware 14.1 stable, but unfortunately this may not work if you are using -current under a certain configuration.

If you have upgraded to the latest KDE 4.14.3 and KDE framework 5 along with Plasma 5 provided by Eric Hameleers, then you may not be able to use digiKam properly. I have tried many combinations, but still it ended with a segfault or build failure.

The possible solution is basically to upgrade exiv2 to 0.24 and have libkexiv2 in KDE 4.14.3 recompiled against exiv2 and then you can have a working digiKam.I have discussed it with digiKam maintainer and we believe this is the reason why it failed on my machine.

If you can build and run it properly without having to upgrade exiv2 and recompile KDE 4.14.3, then i will gladly hear your input on this issue.

Fix regressions

There are two regressions found on previous security updates: mariadb and pidgin. MariaDB developers made some changes in one of their headers, my_config.h that caused some problems with other packages that are linked against it.

I first spotted this problem when trying to compile gdal on SlackBuilds repository. I reported this to the maintainer and soon after, we both found that it's not just gdal that were broken, but many others, namely php, apr-utils, mysql-workbench, etc. I googled a bit and found a patch in other project, so i tried to apply it on my own computer and it worked, so i proposed the patch to Patrick and got accepted.

Second regression was on pidgin. Upstream developers broke Gadu-Gadu protocol when providing security update. Mancha found a patch to fix the problem and got accepted as well.

In -current, firefox has been upgraded to 33.1 as well.

New Kernels on -Current

New LTS kernel release appearing on -current branch along with small number of packages that are being upgraded to the latest version.

The default kernel stock in -current branch has been raised to 3.14.23 and this will continues to go on unless a new LTS version is announced and then probably we will move to that new version. Personally, i'm fine with this version as my personal need (NVidia driver and VMWare Workstation) works perfectly on this kernel without requiring patches at all. It works flawlessly.

Another important update on this batch is bash which is now includes the latest patch available upstream. For now, this should fix all the remaining questions whether the bash package included in Slackware is insecure.

Other changes were minors. btrfs-progs is upgraded and added a header files, mpg123 is also upgraded to the latest version and so does for xfce4-weather-plugin (this should solve a problem reported in LQ).

Multiple Advisories: firefox, seamonkey, php, and mariadb

Multiple advisories has been released for Slackware 14.0 and 14.1 (and of course -current) branches. Most of them are Mozilla-based products, such as Firefox and Seamonkey and the rest are php and mariadb.

Firefox has been upgraded to the next ESR (Extended Support Release), which is based on Firefox 31 branch. This is expected as some big companies (namely Google) has dropped support for older ESR version, forcing users to upgrade to the latest version or latest ESR version, which is what Slackware users get (ESR in -stable and latest version in -current branch).

Slackware 14.0 users who uses Seamonkey still gets an update on this release to 2.30, which is basically the latest version of seamonkey available right now. The same thing happened on php update, which is backported to Slackware 14.0 as well. They will all get PHP 5.4.34.

As of MariaDB, the update was only backported to Slackware 14.1, since Slackware 14.0 still uses MySQL and there's no more updates on the version incl…

Security Advisory: wget

wget package has been updated and rebuilt in all supported Slackware releases, back to Slackware 13.0 to fix a security vulnerability that could allow an attacker to write outside of the expected directory.

in -current branch, moc is now upgraded to 2.5.0, following a request from LQ

Security Advisories: glibc and pidgin

Patrick has released two security updates on both -stable and -current branch. The first update was pidgin and it fixed 5 security vulnerabilities. This update was applied to all -stable releases back to Slackware 13.0. They are now upgraded to Pidgin 2.10.10.

The second update was glibc. This update was only applied to Slackware 14.1 and -current and both have different version number. On 14.1, the glibc was rebuilt to include the patch that fixed several security issues (there are 9 CVEs related to this package), while in -current, Pat (finally) upgraded glibc to 2.20, a big jumping from 2.17 found in Slackware 14.1.

With these update in -current, all the core toolchain (gcc, glibc, and kernel) are set and the fun phase of -current may start in real this time. Normally, glibc was set once for a release and there won't be any changes except for minor upgrade or security fixes only because all applications will be compiled against those combination (mostly glibc and gcc).

Update: g…

MATE Roadmap Updated

Few days ago i saw a discussion on IRC saying that MATE 1.10 will be released soon. I was kinda puzzled as there were lots of item in the TODO list in MATE Roadmap for 1.10. When i checked the Roadmap again, apparently MATE developers pushed GTK+3 support again to future releases (now targetting MATE 1.12) along with other features that didn't make it into MATE 1.10 schedule.

Most of the TODO list for MATE 1.10 have been completed with only 2 left:
caja: Plugin system (GSOC 2014)Move all documentation into mate-user-guide One of the reason why GTK+3 support is delayed is because they (GTK developers) introduced incompatible changes on every major releases (3.8, 3.10, 3.12, and 3.14), so it's quite hard for MATE developers to support every releases within one version number. So they came up with a decision to release separate package for mate-themes which targets different GTK+3 version, depending on which Linux distribution that are going to use MATE Desktop. You can see the br…

Poodlebleed Fixes

Slackware has released advisories to several products and i didn't write the previous one so consider this as a cumulative updates :)

The previous update was about Firefox and Thunderbird and it's only released in -current architecture. There are no ESR updates for stable releases anymore.

The second and latest advisories is about openssl which is vulnerable to multiple vulnerabilities, including the latest poodlebleed. If you are running public servers, it's highly recommended to upgrade the openssl packages as soon as possible. Use the above link to test whether your server is still vulnerable or not.

Upgrading openssl packages is not enough as your web server application (apache or nginx or any other products you use) can still fallback SSLv3, so you need to disable it manually. Here's how to do it:
nano /etc/httpd/extra/httpd-ssl.confChange
SSLProtocol all -SSLv2
SSLProtocol all -SSLv2 -SSLv3Restart apache You can also force your browser to disable SSL 3.0. If …

Firefox Rebuilt on x86 only

Pat has rebuilt mozilla-firefox on current 32 bit architecture only to fix sluggishness problem reported on LQ. This problem was not found on 64 bit, so those two arch will have different build number, but it will be synced again on the next Firefox update which is very close now (it reached Beta 9 at the time this post is written).

elilo is also upgraded to the latest version in -current.

Another BASH Update

Here comes another bash update to fix more security vulnerabilities. This time, a patch from Florian Weimer changes the encoding bash uses for exported functions to avoid clashes with shell variables and to avoid depending only on an environment variable's contents to determine whether or not to interpret it as a shell function. This change causes a backward incompatible break, but most of your scripts should be safe and continue to work as it is, unless you use the affected features. As always, please upgrade ASAP.

Security Advisory: Firefox, Thunderbird, Seamonkey

Three security advisories were released this morning for Slackware 14.0, 14.1, and current machines. Seamonkey was released for Slackware 14.0 and newer while the rest were released for 14.1 and newer. The stable releases got ESR release for Firefox, but current will always follow the latest Firefox build available from Mozilla FTP Site.

Bash Update for CVE-2014-7169 Fix

Another bash update for all Slackware releases has been pushed by Patrick as the official fix is now available on BASH's FTP site. The new update should fix the CVE-2014-7169 advisory as now i get the correct result after running the same exploit code that i mentioned on the previous blog post. I suggest that you quickly apply the update for your machines as soon as possible as there has been report of many attackers utilizing this vulnerabilities in the wild. The discussion hasn't ended yet, so stay tune for further updates :)

Second Patch on Bash Bug

The initial patch to fix the bash vulnerability was not fully fix the problem as Tavis Ormandy found another exploit to bash which lead to another CVE entry to be made : CVE-2014-7169. This new bug can be simply be solved by using a single line of code and it has been applied to all Slackware releases as of today, thanks to Pat quick response on this issue. Hopefully this finally fixed the bash bug.

Anyway, i can confirmed that the patch worked for Slackware{64}-14.1 (i didn't test other version), but on my desktop -current machine, the same exploit code is still working. Can anyone confirm  this?

Here's the safe exploit code used:

env X='() { (a)=>\' sh -c "echo date"; cat echo
Here's what i got in Slackware-14.1:
sh: X: line 1: syntax error near unexpected token `=' sh: X: line 1: `' …

Two Security Advisories

There are two security advisories released today and you are advised to upgrade as soon as possible (don't worry, it won't cause problem as in iOS 8.0.1 update yesterday).

The first update is for bash which is known to be vulnerable due to how they handle environment variables. This bug affects many applications that uses bash scripts on their operations, namely httpd, ssh, dhclient, etc. This update is backported to all supported Slackware releases (13.0 to -current).

The second update is mozilla-nss which fixed the RSA Signature Forgery vulnerability. This update is applied only to Slackware 14.0 and newer

Three Set of KDE Packages Released

Although KDE has released their KDE 4.14.1, KDE Framework 5, and Plasma 5 source code to public for few days, it doesn't mean that Eric Hamelers didn't notice. In fact, he has prepared the packages and release all of it at the day of the final set (Plasma) released yesterday by announcing it on his blog. Releasing it one by one is possible, but you will have to perform the update process three times, which may be inconvenience. This also gives us time to test the packages and make sure nothing is broken.

In general, KDE 4.14.1 is a minor update, polishing KDE applications to further improve the translations and provide bug fixes. Most of the efforts are now focused on porting the applications to use Qt5, QML, Framework 5 and Plasma 5. As always, these packages are intended to be installed on top of Slackware-Current machines and please read the README (KDE 4.14.1 and KDE 5).

The new directory for KDE5 is now changed to 5 (not 5.0.x anymore), so you might want to change the dow…

Security Update: seamonkey

After Firefox and Thunderbird gets updated, seamonkey is following with another security advisory released for Slackware 14.0, 14.1, and -current. All releases gets an update to seamonkey 2.29.

In -current, the default stock has been raised to 3.14.18, the latest stable kernel maintained by Greg K-H. The ChangeLog is available on's site. There has been some minor update on some packages, namely:
btrfs-progs: upgraded to 20140909net-snmp: upgraded to upgraded to 1.8.2 (request from LQ)

Security Update: Firefox, Thunderbird, and PHP

Three security advisories were released this morning. They are Firefox, Thunderbird, and PHP. PHP update is backported to Slackware 13.0, while Firefox and Thunderbird updates only applicable to Slackware 14.1 and current.

Slackware 14.1 will use the ESR version, while current continues to move forward by using the latest version from Mozilla, which is 32 (Firefox) and 31.1.0 (Thunderbird).

LibreOffice 4.3.1 from AlienBOB

For those waiting for LibreOffice update from Eric Hameleers (AlienBOB), the wait is over as he has published his work and post a blog post about it. You can now grab his package in usual mirror sites below: The LibreOffice package from SlackBuilds project has been updated as well earlier when i pushed the public update yesterday.

If you happened to still use 4.2.x branch, please note that LibreOffice has released a new secfix release to fix 2 CVEs CVE-2014-3524 "CSV Command Injection and DDE formulas" and CVE-2014-3575 "Arbitrary File Disclosure using crafted OLE objects". Eric no longer published his 4.2.x package, but he kept the SlackBuild script available just in case you want to build…

New Kernel on -Current

After more than 2 weeks without any updates, finally the changelog has been updated with some new packages coming in. One of them is the latest Linux Kernel 3.14.17 with some modifications to the default config by adding two options to become static module.

Other changes are:
libcgroup, freetype, tin are upgraded to the latest versionxorg-* has been rebuilt to add several parameter to the build scriptmesa upgraded to 10.2.6 and also some other xorg-related librariesxf86-video-fbdev has been rebuilt to fix ABI mismatch in extra/ There are no major changes yet happening on -current and most of the libraries are still at the same version as in 14.1. This can bring some limitations to upgrade to newer version of packages, mostly that requires newer version of the libraries, such as gtk+2.

I also hope that KDE 4.14.x will be brought to Slackware-Current. It will be easier for Eric Hameleers if the KDE packages has been included in -Current. He can work on Framework and Plasma 5 since it sho…

KDE 4.14.0 Packages for Slackware

A new major release of KDE 4.14.0 has been released earlier this week, but since Eric was out of the country, he couldn't release the packages on time even though the packages were already built. Anyway, it's now released to public and to mirror sites.

KDE 4.14.0 is not something as big as you hope since most of the efforts are porting to use KDE Framework 5 and Plasma 5. Nevertheless, there are some packages that gets new feature on this release, while the rest only get bug fixes.

Eric is also planning to build KDE 4.13.x for Slackware 14.1 users as now KDE 4.14.0 has been released. Give him some time and new version of KDE 4.13.3 for Slackware 14.1 will be available in short time.

You can get KDE 4.14.0 from these mirror sites: URI: rsync:// URI: rsync:// URI: rsync://…

KDE Framework and Plasma 5 Packages by Eric Hameleers

This is the day some of you have been waiting for. It's the day where KDE Framework and Plasma 5 packages are released by Eric Hameleers (announcement will be posted soon later) after KDE team announced it last week (Framework 5.1.0) and yesterday (Plasma 5.0.1). The packages has been uploaded to KTown and mirrored through several mirror sites that normally host the KDE packages.

A little FYI, the next successor of KDE will be based on Qt5 and QML and in order to make the transition goes as smooth as possible, KDE team decided  to freeze the Plasma Workspaces and the KDE Platform at 4.11.x branch (but Plasma Workspaces will still be supported until August 2015). Workspace development efforts were focused on Plasma 2 (later changed to Plasma 5), while KDE Platform is in transition to Frameworks 5. KDE Applications will keep using 4.x branch as of now.

Now, back to Framework and Plasma 5. These new packages are meant for early-adopters and serve more like a preview just like in KDE …

KDE Framework and Plasma 5 and New Poll

Eric Hameleers has posted in his blog that he is working on publishing his latest work on KDE Framework and Plasma Next 5 to public. We (me and Eric) had been doing some private testing about this packages and so far, the result is quite promising, despite there were some known bugs by upstream which will be fixed in future release.

As mentioned, this packages should be installed on a machine running Slackware-Current (not stable) with KDE 4.13.3 (or newer). This can be considered a preview of future KDE releases, so don't expect it to be bug free.

Eric has made a big effort on making sure that KDE Framework and Plasma 5 can coexist with KDE 4, so you only need to switch to Plasma to test it and if you want to switch it back to KDE 4, logout and switch back to KDE 4 and that's it. It's that simple.

I wanted to know if you are interested to get down with KDE Framework and Plasma Next 5? Use your votes :)

Poll Results

The poll is closed, but i completely forgot about it. Here's the result from 77 voters:
3.15 11 (14%)
3.16 9 (11%)
3.17 4 (5%)
3.18 3 (3%)
3.19 50 (64%)

So most users believe that next Slackware users will end up using the 3.19 Linux Kernel. The latest version available is now 3.16 and currently, Slackware-Current is still using 3.14 as the default stock of kernel.

Security Update: openssl

One security advisory has been released for openssl update which fixed quite a lot of security vulnerabilities according to CVE entries related. This update is applied to all supported Slackware release, back to Slackware 13.0. There are 2 versions:
Slackware 13.0, 13.1, and 13.37 will get 0.9.8zb updateSlackware 14.0, 14.1, and current will get 1.0.1i update In current, Pat welcome pi kernel (3.14.16), which is the latest stable (and long term release) of Linux kernel released by Greg yesterday. There are no other updates for this batch besides the kernel and openssl.

LibreOffice and VLC Update

Eric Hameleers has published his work on LibreOffice and VLC on his blog. VLC is now upgraded to VLC 2.1.5, while LibreOffice has jumped to another major release LibreOffice 4.3.0, while users wanted to build older LibreOffice 4.2.6 are given the build script available.

Many new and interesting features can be found on the new LibreOffice release, mainly better compatibility with other document format, better comment management, more formula supported, and of course there are tons of other new features that can be found Release Notes, Announcement or other blog post by Michael Meeks and Charles-H. Schulz.

As always, you can always get the packages (and source code) from these mirror sites:

Security Update: samba and dhcpcd

Two security advisories has been released few days ago (i forgot to make a post about it due to traveling). They are samba and dhcpcd.

Dhcpcd update was applied back to Slackware 13.0 and it was only a small patch, but for samba, it was only applied to Slackware 14.1 and current.

Besides security updates, both stable and current update has another package being changed, which was xscreensaver. In stable branch, it got upgraded to 5.29, while in current, it was patched. Both were to fix the nag screen that display a warning that a system is too old. It happened for those who have the system installed more than 12 months (1 year) since the rebuilt.

More Updates

Pat has released more updates to some development tools, X-related libraries and drivers and app. 
Here's the latest changes from current changelog:
Wed Jul 30 00:08:00 UTC 2014
d/gdb-7.8-i486-1.txz: Upgraded.
d/guile-2.0.11-i486-1.txz: Upgraded.
x/libXext-1.3.3-i486-1.txz: Upgraded.
x/libXi-1.7.4-i486-1.txz: Upgraded.
x/xf86-video-geode-2.11.16-i486-1.txz: Upgraded.
x/xf86-video-intel-2.99.914-i486-1.txz: Upgraded.
x/xterm-310-i486-1.txz: Upgraded.

dropline GNOME 3.10 Released

For those who prefer to use GNOME 3 instead of GNOME 2 (in form of MATE), there's a good news for you. After releasing the BETA version in January, dropline GNOME developers has finally announced the final version of dropline GNOME 3.10.

In order to install dropline GNOME, download the PackageKit package which will then be used to download all remaining packages and install it into your system. Get the installer for each architectures:

Run these command to start the installation and download process:
# installpkg PackageKit-0.8.17-i686-3dl_install.txz
# pkcon refresh force
# pkcon install dropline

Kudos to Eugen Wissner (aka Belka), saxa and Bart Van Der Hall (aka Tyrael).

Patrick Won O'Reilly Open Source Awards 2014

Slackware founder and maintainer, Patrick Volkerding has won O'Reilly Open Source Awards - OSCON 2014, but he was unable to attend the event. Still the committe showed his old photo on the screen.

See the video from O'Reilly on YouTube:

Security Update: httpd, firefox, thunderbird

Three security advisory were released today to fix security vulnerabilities found in httpd (Apache), mozilla-firefox, and mozilla-thunderbird. Interestingly, httpd update was backported back to Slackware 13.0 even though they have different version. Slackware 13.0 - 13.37 got update to 2.2.27 while Slackware 14.0 got 2.4.10.

Meanwhile in -current, the default kernel stock has been raised to 3.14.13 and there are several minor update, nano upgraded to 2.3.6 and emacs is rebuilt to rename ctag manpage to avoid conflict. There's also a cosmetic changes to the installer as well after a bug was reported in LQ.

Slackware is 21 Years Old

On July 16 1993, Patrick Volkerding announced the availability of Slackware 1.00 on comp.os.linux usenet and since then, Slackware has become one of the oldest Linux distribution that are still actively maintained up to now.

These is his official announcement at that time:

From: Patrick J. Volkerding (bf703@cleveland.Freenet.Edu) Subject: ANNOUNCE: Slackware Linux 1.00 Newsgroups: comp.os.linux Date: 1993-07-16 17:21:20 PST The Slackware Linux distribution (v. 1.00) is now available for anonymous FTP. This is a complete installation system designed for systems with a 3.5" boot floppy. It has been tested extensively with a 386/IDE system. The standard kernel included does not support SCSI, but if there's a great demand, I might be persuaded to compile a few custom kernels to put up for FTP. This release is based largely on the SLS system, but has been enhanced and modified substantially. There are two main disk series, A (13 disks) and X (11 disks). Some of …

KDE 4.13.3 for Slackware-Current

Eric Hameleers has just released his KDE 4.13.3 packages into his KTown repository. KDE 4.13.3 is a maintenance release, fixing more than 50 bugs, so it should be a safe pleasant upgrade for anyone.

Eric also upgraded kdeconnect and calligra in his packages.

You can always get the updated KDE packages here: URI: rsync:// URI: rsync:// URI: rsync:// URI: rsync://

Major X Updates

Pat has pushed major XOrg updates today and this is the biggest update since some time ago. The XOrg is now upgraded to 1.15.2 and Mesa is upgraded to 10.1.5. Most of the proprietary drivers already have support for this version, so grab the latest version of your proprietary driver before upgrading to this version if you are using NVidia/ATI and use the proprietary driver.

Other than X update, there are some other packages that are upgraded:
lxc upgraded to 1.0.5automake upgraded to 1.14.1llvm upgraded to 3.4.2calligra upgraded to 2.8.5lesstif removed and replaced by motiftetex rebuilt against new motifddd rebuilt against new motif xpdf upgraded to 3.0.4

Security Update: php

PHP has been upgraded to the latest version (5.4.30) for Slackware 14.0, 14.1, and current which should fixed several security vulnerabilities, mainly related to fileinfo module.

Meanwhile, for -current, there has been some progress:
Linux kernel stock is now upgraded to 3.14.12, following the LTS release that will be maintained by Greg K-H until 2016.Bash is upgraded to 4.3.018Shadow is upgraded to 4.2.1 and added support for subuid and subgid needed for unprivileged containersAdded several new packages: cgmanager, lzip, and libnih Renamed open-cobol to gnu-cobolUpgraded several more packages: nano, slacktrack, and taglibslackpkg is rebuilt to support $ROOT and $CONF environment variables.Added Linux kernel 3.15.x configuration in testing for those brave enough to try

Multiple Security Updates

Slackware has issued 5 security advisories today, accumulated from upstream releases on various projects. They are:
GnuPG: Upgraded to 1.4.17 and backported back to Slackware 13.0 to fix a denial of service using garbled compressed data packets. GnuPG2: Upgraded to 2.0.24 to stop a denial of service using
garbled compressed data packets which can be used to put gpg into an  infinite loop. This update is backported back to Slackware 13.37Samba: Upgraded to 3.6.24 for Slackware 14.0 and 4.1.9 for Slackware 14.1 and current to bring fixes and security issues which can cause a denial of service, and reveal potentially private server informationSeamonkey: Upgraded to 2.26.1 for Slackware 14.0, 14.1, and currentBind: Upgraded to 9.8.7_P1 for Slackware 13.0, 13.1, and 13.37, 9.9.5_P1 for Slackware 14.0, 14.1, and Current. There's also a new package in testing for Bind 9.10.0_P2. For Slackware-Current, there are two additional packages: man (rebuilt to move config to /etc) and  man-pages up…

Slow Pace of Current Progress

It's mid June and the development for the next Slackware release is still slow without significant changes over packages. Pat only updates small number of packages which is considered safe without breaking other applications besides security updates.

The latest changes including rebuilding ncurses to apply upstream patch which should fixed a screen problem (reported in LQ), rebuilding yptools to fix non-changeable password in yppasswd, and upgrading xscreensaver to 5.29.

Security Updates: Mozilla Thunderbird

Following Firefox update in -Stable, Thunderbird is now updated to 24.6.0 in Slackware 14.1 and -Current. Slackware-Current also updated Firefox to 30.0 and dddrescue to 1.18.1.

There are no big changes in basic toolchains and packages which usually gets upgraded on the very early stage of development.

KDE Maintenance Updates: 4.13.2 Released

KDE Team has released another monthly maintenance release for 4.13.x branch: KDE 4.13.2. This release brings more bug fixes and translations updates, along with updated Plasma Workspaces 4.11.10.

This release incorporated more than 40 bug fixes across all modules, including improvements to Personal Information Management suite Kontact, Umbrello UML Modeller, the Desktop search functionality, web browser Konqueror and the file manager Dolphin. More info taken from KDE's announcement:
Additional and noteworthy: this release of KDE Applications includes a number of important fixes for Kopete: a decrease in the exit time of Kopete with enabled statistics plugin, a fix for the compilation of jabber libjingle for non x86 architectures and another fix for voice call support in the jabber libjingle library. Without this last fix, voice calls worked only with the old Google Talk windows jingle client. Now after applying the patches it was tested with GMail web plugin, old Google Ta…

PHP Security Update

PHP Package has been updated to the latest version for all supported Slackware release to fix security vulnerabilities, including a possible denial of service, and an issue where insecure default permissions on the FPM socket may allow local users to run arbitrary code as the apache user.

Slackware 13.0 up to 13.37 will get PHP 5.3.28 update while 14.0 and newer will get PHP 5.4.29

Multiple Security Advisories: OpenSSL, Sendmail, GnuTLS, and Libtasn1

There are multiple security fixes released today and they were backported back to Slackware 13.0 whenever possible:
libtasn1 is upgraded to 2.1.4 for Slackware 14.0 and 3.6 for Slackware 14.1 and Slackware-Currentsendmail is upgraded to 8.14.9 for Slackware 13.0 and newergnutls is upgraded to 2.8.4 for Slackware 13.0, 2.8.6 for Slackware 13.1, 2.10.5 for Slackware 13.37, 3.0.32 for Slackware 14.0, 3.1.25 for Slackware 14.1, and 3.2.5 for Slackware-Current.openssl is upgraded to 0.9.8za for Slackware 13.0, 13.1, and 13.37, 1.0.1h for Slackware 14.0 and newer For Slackware-Current, there are additional packages:
nano is upgraded to 2.3.4irssi is upgraded to 0.8.16

Security Update: MariaDB

After two weeks without any updates, Slackware development and maintenance phase continues and issued one security advisory for mariadb for Slackware 14.1 and current users (now upgraded to 5.5.37). This fixed many security advisories released by CVE:  On -current, several new changes has been introduced, such as:
Linux Kernel 3.14.5GCC 4.8.3nano 2.3.3 Also there were 2 packages gets rebuilt:
gawk: remove symlink and compress man pagemake:  Patched to fix a bug with pa…

KDE 4.13.1 and LibreOffice 4.2.4 Packages

Eric Hameleers has pushed his update on KDE 4.13.1 for Slackware-Current users and also LibreOffice 4.2.4 for Slackware 14.1 and also Slackware-Current users.

One big change in KDE 4.13.1 is that Baloo now enables you to completely disabled desktop search from System Settings GUI. There has been so many improvements on Baloo as well on this release which can be seen on the issue tracker. LibRaw, KDevelop, oxygen-gtk2, and libkscreen are also upgraded to the latest version following the previous KDE 4.12.x updates.

Get the KDE packages from these mirror sites: URI: rsync:// URI: rsync:// URI: rsync:// URI: rsync:// Meanwhile, LibreOffice is also moving forward with 4.2.4 release and it also …

Kernel 3.14.4 Landed in Current

Slackware-Current has moved to the latest kernel 3.14.4 which brings two changes: disabling CONFIG_DEBUG_KERNEL which disabled some proprietary NVidia drivers to be built against Linux Kernel 3.14.x and also it fixed CVE-2014-0196 which was a race condition that could cause a kernel panic, memory corruption and system crash if the exploit were ran in current machine. I have tested the exploit code and it did freeze my desktop and i had to do a hard reset.

There are several packages which is changed on this batch of updates:
gdb upgraded to 7.7.1libelf rebuilt to link headers in /usr/include and enable -D_FILE_OFFSET_BITS=64 parameter on 32 bit machineddd rebuilt to fix the machine code view Go download and test :)

Security Update: Seamonkey

New Seamonkey has been released and this brings security update for Slackware 14.1 and -Current. Firefox is also upgraded in -Current, but since it's a maintenance release and it only fixed some regressions found after 29.0 was released, no security advisories was issued for this update.

Slackware-Current Started Again

Patrick has just finished uploading his latest work for Slackware-Current branch that indicates next development cycle for next Slackware release is now officially started.

In this batch of update, he upgraded GLIBC to 2.19 and the Linux Kernel to 3.14.3, the latest version available at this time. There are several new packages as well in networking area, such as libnftnl and nftables which is the future potential replacement for iptables.

There's also a fix on bash-completion so that it's working well with newer bash 4.3.

I still don't see GCC gets upgraded at this time, but hopefully GCC 4.9.0 could make it into -current soon.

Start your current engine and start testing guys :)

Early Notice for Future MATE Releases

I have posted this on my Google+, but just in case you didn't see them, i will copy and paste it here:
Some headsup for future MATE 1.10 release:
We (me and Chess Griffin) have decided that we will build future MATE 1.10 for Slackware 14.1 against GTK+2, the same toolkit we used to build MATE 1.8. Although MATE 1.10 will fully support GTK+3, we think it's not a good idea to introduce such as a big change for our users. This is assuming that MATE 1.10 will be released before next Slackware gets released.

However, please note that for next Slackware release, we will build MATE against GTK+3 toolkit. Expect some big changes, mainly in the UI look and feel. Have a look on this blog post by Clasen about what to expect in GTK+3-3.12 dialogs (which i think will be landing in the next Slackware release):

I know some of you may like or dislike it, but we will try to keep our policy of bringing MATE desktop on top of …

New Poll: Default Kernel in Next Release

It's quite interesting to find out which kernel releases that will be picked up by Patrick Volkerding for the next release of Slackware. I have added a new poll for that and the time frame for voting is two months from now. I have prepared 5 options which should be more than enough for the next development cycle to pick.

During the development cycle that lead to creation of Slackware 14.1, there were some kernel hopping between releases. Originally, the plan was to use the LTS kernel 3.4.x branch, but then Greg K-H decided to make Linux Kernel 3.10 to be his next LTS kernel and Pat decided to take  that chance to upgrade to 3.10 and picked it up as the default kernel in Slackware 14.1. I wonder what will happen during this cycle. Definitely fun to follow :)

Go vote!!

Poll Results

Two months ago, i asked about how people installed packages from SBo repositories and there were 139 votes so far. Thanks to all who have voted and here are the results:
Download and build manually 66 (47%) 
Using sbopkg 50 (35%)
Using sbopkg + sqg 23 (16%)

It seems that almost half of the voters would rather download the script and source manually instead of using automated tools such as sbopkg (and sqg). It's a matter of preferences and it's fine with that, but for those who would like to have easier experiences installing SBo packages, feel free to read my previous article in January about Managing SBo dependencies Easily through the use of sbopkg + sqg for building up the queues files for you.

KDE 4.12.5 for Slackware 14.1

The last update for KDE 4.12.x branch is now out with the release of KDE 4.12.5 and Eric Hameleers has pushed his KDE packages to his KTown repository as announced on his blog. This set of KDE packages are targetting for Slackware 14.1 users, even though it should work with Slackware-Current users as well.

Unlike previous updates, this set of KDE are built on several updated dependencies, such as LibRaw, Akonadi, and Soprano. Calligra is also updated to 2.8.2, the latest version available at this moment. Eric also added a new package kdev-python which was requested before.

As always, get the packages on mirror sites below: URI: rsync:// URI: rsync:// URI: rsync:// URI: rsync:// Enjoy a nice…

Security Update Firefox and Thunderbird

Two security update has been issued for Slackware 14.1 and current branch for Mozilla products and they are Firefox and Thunderbird. Firefox has been updated to 24.5.0esr and Thunderbird has been upgraded to 24.5.0 as well. In current tree, Firefox is upgraded to 29.0, the newest release which was released yesterday.

In current tree, there are two more packages that gets upgraded and they are qt (4.8.6) and screen (4.2.1). Please note that screen 4.2.x introduce a major changes and for some reason, detached session can't be brought back after upgrading to this release, so please ensure that you have cleared all screen sessions before upgrading to the latest release.

MSB Master Branch Tracking on MATE Development Cycle

This is a notice for those who followed/cloned MSB Repository that at this point, master branch of this repository is tracking the development of MATE 1.9, which is the development version leading to the future stable MATE 1.10 release.

Those who prefer to build a stable release of MATE 1.8, please switch to 14.1-mate-1.8 branch which is used for this purpose. This branch will only contain bug fixes and stable releases of MATE 1.8.x.

If you are curious about what can be expected in MATE 1.10, you can check the ROADMAP:
atril: Support ePub format (#13) caja: Offer a preferences option to turn off generic icons in listview (#26) caja: Improve trash management of removable devices mate-panel: Allow rotation of mate-panel background (#42) mate-control-center: Add option to configure titlebar buttons layout mate-settings-daemon: Add the ability to disable volume/brightness osd (#13) Move all documentation into mate-user-guide Add support for AccountsService Fix deprecations in non-c…

Caja Update Fixed Long-Standing Bug

Stefano Karapetsas has finally tagged caja-1.8.1 and include the backported fix from master branch that should finally fixed the long standing bug that affected many Linux distributions. Lucky enough, for Slackware, i added a hack which could minimize the possibility of this bug to occur, but still didn't fixed the bug completely. With this update, those hacks can be finally removed and we have a proper fix.

Here are the big changes in 1.8.1:
* Accessibility improvements
* Fixed x-caja-desktop issue
* Removed ConsoleKit usage
* Show trash icon in tree side panel

The updated package has been pushed to the MSB repository generously supported by Darren "Tadgy" Austin and also to the MSB Github.

OpenSSH Rebuilt and New Activities on Current

OpenSSH package was rebuilt this morning to fixed a bug with curve25519-sha256 that caused a key exchange failure in about 1 in 512 connection attempts. This update applies back to all Slackware release that uses OpenSSH-6.x.
An interesting new activities came up in -current tree where some of the basic packages gets upgraded besides OpenSSH, such as bash, grep, gawk, and vim/gvim. Normally, the first thing Pat would do is to upgrade the basic toolchain, such as gcc, glibc, and kernel, followed up by basic packages.
Since GCC has just released GCC 4.9.0, i think Pat is targetting that version for next Slackware release along with glibc 2.19. I still don't have an idea which kernel version would be used, but i guess 3.14 would be interesting to follow and soon to be released, 3.15 which brings many performance improvements and also supports for newer Intel CPUs.
It would be another interesting development cycle for next Slackware release and hoping that -current cycle start soon.

Two Security Updates: libyaml and PHP

Two security updates were issued this morning to fix security flaws in yaml and PHP.

PHP is upgraded to 5.4.27 to fix the AWK script detector which can be triggered via a simple script to consume the CPU up to 100% due to backtracking. This update applies to Slackware 14.0 and newer.

libyaml is upgraded to 0.1.6 to fix heap overflow in URI escape parsing of YAML in Ruby and applied to Slackware 13.0 and newer.

Numix Icon Theme Added to MSB Repository

I have heard many positive review about Numix Project and their famous Icon Theme sets. Last night, i decided to try it on my desktop. They don't have a released tarball yet, but they are very active in github based on the commit frequency. In short time, i managed to make a SlackBuild script for this and tested it on my desktop and it works nicely.

At night just before midnight, i posted this on my G+ account and asked whether it should be added to MSB repository or not and the responses were mostly positive about it. I finally decided to put it on my MSB repository, BUT not in base nor extra directory, but in testing.

There are two reasons:
They are in a very active development and changes occurs everyday (which is a good sign for users), but they don't have a released tarballs which is a bad situation for packages, since typically we based our script to a certain released version (eg. 1.0). While it's easy to set up a SlackBuild script which download them from GIT (which…

KDE 4.13.0 Released

KDE 4.13.0 has been released to public as of yesterday and this is a new major release of KDE 4.x, even though the REAL BIG change is going to happen in the next major release of KDE 5. As always, new major release of KDE will introduce new apps and this time, they are: artikulate, baloo, baloo-widgets, kfilemetadata and kqtquickchart. Make sure to install them when you upgrade from previous installation of KDE. It's advised to use --install-new when you run upgradepkg command so that you won't miss any new packages.

Besides new apps, there are also new dependencies introduced in this release and they are: eigen3, qt-gstreamer and xapian-core. They are placed on deps/ directory.

Eric Hameleers has published his KDE packages on his KTown repository under current directory (yes, you read it well, CURRENT). He is aiming to build KDE 4.13.x for Slackware-Current users and for now, there are no guarantee that it will work with Slackware 14.1 (although at this moment, we can say tha…

Cinnamon 2.2 Released

Clem has just officially announced the availability of Cinnamon 2.2.0, a major upgrade from previous version 2.0.x. There are a lot of improvements in Cinnamon 2.2.0, such as:
Better Looking SettingsRevamped Screensaver and Power Management SettingsDate and Time Settings are revived back Improvements on Hot Corners and HUDMPRIS support and Sound AppletHiDPI/Retina Display SupportGraphics Tablet support is backA11y MouseWheel Zoom for visually impared usersWindow opacity and CSD supportand many more:CJS gsettings wrapper (no more segmentation faults when an old applet queries a Cinnamon gsettings key which no longer exists… CJS intercepts the call and deals with it)Better integration with GNOME on the same machine (you should no longer see GNOME Control Center in Cinnamon, or Cinnamon Settings in GNOME)Better support for GDM (in particular for user-switching)Better support for Xrandr cloningSupport for MDM fallback shutdown sequenceNew shutdown hotkeyConfigurable delay in cinnamon-s…

LibreOffice 4.2.3 - Fixed heartbleed bug

A new version of LibreOffice has been released and the good news is that this version fixed the serious heartbleed bug which was exposed last week and become a very heated discussion about it over the Internet. Lots of users are encouraged to upgrade their OpenSSL libraries as well as other applications that statically linked against OpenSSL. LibreOffice is one of them.

Eric Hameleers has published his packages on his repository and it's mirror sites for public usage. Please note about the split packages written on his blog:
The SDK documentation (several hundreds of MB) has now moved into a separate package “libreoffice-sdkdoc” which you will not need unless you are a developer. And the KDE integration libraries have been moved into their own package as well: “libreoffice-kde-integration” In other word, if you are using KDE, you may want to install the new libreoffice-kde-integration package to make your LibreOffice works better with your KDE environment.

As always, packages ca…

Cinnamon Progress

Thanks to people in LQ for testing my Cinnamon SlackBuilds repository, some issues were found and also fixed in just short amount of time.

I have installed Cinnamon on my workstation at the office and surprisingly, it's quite fast and snappy just as Michael said. I also managed to fix the broken cinnamon-settings applications due to case-sensitive naming in python-pam package. Once that was fixed on this commit, all settings are now working normally again. This is the screenshot of the now working cinnamon-settings

The only thing that still bother me is why some of the libraries needs to be reinstalled before (startup-notifications and NetworkManager) and after (qt) just to make Cinnamon works perfectly. Does the build broke those libraries? I still have no answer on these issues yet.

One issue that is not on my high priority list is probably testing under multilib environment. I will need other people's feedback on that issue.

Cinnamon SlackBuilds (CSB) for Slackware is now Live

This morning, i have pushed my own csb (Cinnamon SlackBuilds) on github. As noted on previous post, i have been playing with Cinnamon 2 since last Sunday and on Monday, i'm able to create a working Cinnamon desktop on top of Slackware64 14.1 on a virtual machine environment.

Why does it took so long to publish the repository? Well, the result on Monday was a little mess in my opinion, since it's more like trial and error. Whenever i found a new dependency, i made a SlackBuild script for it and rebuilt again until no errors are found. This wasn't enough unfortunately. I tried to rebuilt the whole packages in a new clean environment and there were errors again, so i must fix the build order first before i publish them.

Starting last night, i created another clean environment and this time, i managed to produce a working environment on one attempt, so i take it as a correct build order. Still, there *might* be some issues i missed, so i was hoping for feedbacks from all of yo…

Nasty OpenSSL Bug Fixed

The nasty OpenSSL heartbleed extension bug has been fixed on -current and -stable releases back to Slackware 14.0. Earlier Slackware releases are not affected since they don't use the vulnerable 1.0.1 branch.

Since this library is used on many other applications as well, please ensure to apply this upgrade as soon as possible as this bug can reveal up to 64k of  memory to read credentials created using the vulnerable (unpatched) libraries.

Playing with Cinnamon 2

On my weekend last Sunday, i decided to try on building Cinnamon on top of Slackware 14.1. I know it's going to be a hell of a mess and lots of problems, but still it's a challenging project for myself.

I started by building a new VM of Slackware64 14.1 and update it with all the software updates coming from -stable branch. Next, i tried to list down cinnamon dependencies one by one. I must say, Cinnamon is way more complex in terms of software dependencies compared to MATE. I didn't build all the optional dependencies, but just the hard dependencies.

The biggest problem when building cinnamon is that some of it's dependencies require systemd and PAM and some other require newer glib than what we have in Slackware 14.1 For glib, i tried to avoid it, since i'm not going to change any packages in Slackware's tree. That makes me easier when i want to update the packages without conflicting with Patrick's packages.

For systemd, i can avoid this as well, by pick…

KDE 4.12.4 Monthly Update

Eric Hameleers has published his KDE packages for KDE 4.12.4 which is built on top of Slackware 14.1 to provide maximum compatibility with Slackware 14.1 AND Slackware Current since it hasn't deviate that much.

Besides updating all the packages to the latest version, there has been a minor changes in the package naming. kdnssd is now renamed into zeroconf-ioslave. You will also need to install python-twisted and zope.interface from SlackBuilds Project or from Eric's repository.

He also updated the kde-connect package to the latest GIT version.

KDE packages can be grabbed from this repositories: URI: rsync:// URI: rsync:// URI: rsync:// URI: rsync://

Fixes for httpd and OpenSSH

As mentioned on my previous post, there will be some following updates to the security updates released few days ago due to some minor bug and now the updates are released.

The new httpd update (2.4.9) requires new apr and apr-utils in order to get mpm_event module created, so in this update, apr and apr-utils are upgraded to 1.5.0 and 1.5.3 respectively. For those who have been selecting to use mpm_worker module as a fix for previous update, you need to revert back to mpm_event or keep it, but DON'T use both. It will throws an error when you tried to restart the httpd daemon. This update applies to Slackware 14.0 and future releases.

The new openSSH update only fixes the rc.sshd to create new ecdsa key when the daemon is restarted. This update only applies to Slackware 14.0 and 14.1.

Security Update: OpenSSH, httpd, mozilla-nss, curl, firefox, thunderbird, and seamonkey

There are seven security updates that were released few days ago when i was in Malaysia, so i couldn't write a blog post about it. Those updates were:
httpd is now upgraded to 2.4.9 and applied back to Slackware 14.0. Unfortunately there is a minor bug about this update that it dropped MPM Event module if apr and apr-utils are not updated with the latest version, so a fix should be released on the next batch.OpenSSH is upgraded to the latest version and this update is applied back to Slackware 13.0. This update also has a small minor bug that it doesn't create the new key, and it should be fixed on the next update as well.mozilla-firefox is upgraded to 24.4 ESR for Slackware 14.1 and currentmozilla-thunderbird is upgraded to 24.4.0 for Slackware 14.1 and currentseamonkey is upgraded to 2.25 for Slackware 14.1 and currentnss is upgraded to 3.16 and applied to Slackware 14.0a and newercurl is upgraded to 7.36 and applied back to Slackware 13.0 and newer  On -current, there was on…

Security Update: PHP

I totally forgot about this, even though i have it ready just the same day it was released. It must have been distracted due to my traveling preparation and also due to my work in the office. Thanks to Ryan who noticed it and let me know.
PHP in Slackware has been updated to the latest PHP 5.4.x stable release due to some vulnerabilities that can cause your CPU to rise up until 100% when using fileinfo function.