Posts

Showing posts from March, 2014

Security Update: OpenSSH, httpd, mozilla-nss, curl, firefox, thunderbird, and seamonkey

There are seven security updates that were released few days ago when i was in Malaysia, so i couldn't write a blog post about it. Those updates were:
httpd is now upgraded to 2.4.9 and applied back to Slackware 14.0. Unfortunately there is a minor bug about this update that it dropped MPM Event module if apr and apr-utils are not updated with the latest version, so a fix should be released on the next batch.OpenSSH is upgraded to the latest version and this update is applied back to Slackware 13.0. This update also has a small minor bug that it doesn't create the new key, and it should be fixed on the next update as well.mozilla-firefox is upgraded to 24.4 ESR for Slackware 14.1 and currentmozilla-thunderbird is upgraded to 24.4.0 for Slackware 14.1 and currentseamonkey is upgraded to 2.25 for Slackware 14.1 and currentnss is upgraded to 3.16 and applied to Slackware 14.0a and newercurl is upgraded to 7.36 and applied back to Slackware 13.0 and newer  On -current, there was on…

Security Update: PHP

I totally forgot about this, even though i have it ready just the same day it was released. It must have been distracted due to my traveling preparation and also due to my work in the office. Thanks to Ryan who noticed it and let me know.
PHP in Slackware has been updated to the latest PHP 5.4.x stable release due to some vulnerabilities that can cause your CPU to rise up until 100% when using fileinfo function.

New Bitcoin Address

I have been playing with Bitcoin since early this month and i even put a new donation link to both my personal blog and this SlackBlogs replacing my paypal donation link since my paypal account got limited permanently. I used bitcoin client from SBo, but it requires lots of time to syncronize with the past transactions and so far, it has reached 18 GB of data and keep growing as more transactions occurred everyday. Plus, it caused some instability of my network card, so i decided to remove it from my computers.

This evening, i was having conversation with alienBOB (Eric Hameleers) and he mention another bitcoin client alternative, armory and Electrum. I decided to have a look on Electrum and turns out that it doesn't require me to do the syncronization all the time. This is perfect, as this app is so light and with small number of hard dependencies, it's also a good candidate for inclusion in SBo, so i wrote SlackBuild script for this application (including the dependency) and…

LibreOffice 4.2.2 for Slackware Users

Eric Hameleers has just published his LibreOffice packages along with other goodies he maintained on his repository. The new LibreOffice package is built on top of Slackware 14.1, but usable for Slackware-Current as well as -Current hasn't deviate much from -Stable.

You can get the updated version of LibreOffice from these mirrors:
http://www.slackware.com/~alien/slackbuilds/libreoffice/http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/libreoffice/http://repo.ukdw.ac.id/alien-libreoffice/http://alien.slackbook.org/slackbuilds/libreoffice/http://slackware.org.uk/people/alien/slackbuilds/libreoffice/

Security Update: Samba

Another security update has been released for Slackware 14.0 and newer: samba. This single update fixed two security vulnerabilities at once:

CVE-2013-4496: Samba versions 3.4.0 and above allow the administrator to implement locking out Samba accounts after a number of bad password attempts. However, all released versions of Samba did not implement this check for password changes, such as are available over multiple SAMR and RAP interfaces, allowing password guessing attacks. 
CVE-2013-6442: Samba versions 4.0.0 and above have a flaw in the smbcacls command. If smbcacls is used with the "-C|--chown name" or "-G|--chgrp name" command options it will remove the existing ACL on the object being modified, leaving the file or directory unprotected.

Security Update: mutt

Mutt has been upgraded to 1.5.23 to fix security vulnerability (buffer overflow) where malformed RFC2047 header lines could result in denial of service or potentially the execution of arbitrary code as the user running mutt.

This update is applied back to Slackware 13.37

Security Updates: udisks, udisks2

Two security updates were released today and they all came from the same project: udisks and udisks2. Both have the same CVE entries, meaning both are vulnerable to the same bugs. Both are applied to Slackware 14.0 and newer.

Here is the description found on the ChangeLog:
This update fixes a stack-based buffer overflow when handling long path names.  A malicious, local user could use this flaw to create a
  specially-crafted directory structure that could lead to arbitrary code
  execution with the privileges of the udisks daemon (root).

Security Update: sudo

There's another security update for Slackware. This time, though, not all Slackware releases are affected. Only Slackware 13.0 up to 13.37 are affected, but they didn't get a major upgrade to 1.8.x and since this vulnerabilities only affected Sudo 1.6.9 through 1.8.4p5, Slackware 14.0 and 14.1 are not affected by this bug since it uses 1.8.6p7 and 1.8.6p8.

Nevertheless, Patrick updated the sudo package in -current to the latest 1.8.x branch, which is 1.8.9p5.

KDE 4.12.3 Released

This post should be posted yesterday, but i was too busy preparing for MATE 1.8 release and then i forgot about it. Sorry about that.

So, this March, KDE 4.12.3 has been released and as previous update, this update only applies to KDE Applications, since the workspace has been frozen since 4.11.x, although there is a new kde-workspace 4.11.7 for this release. Full changes about this release can be seen here.

Besides updating all KDE core packages, Eric Hameleers also give a surprise by updating several other packages like mentioned on his blog post:
Apart from all-new versions for the core applications, I also updated the oxygen-gtk2 and plasma-nm (and libnm-qt, libmm-qt) packages. I was unable to compile the latest oxygen-gtk3 release because Slackware’s GTK+-3 package is too old.
There is one interesting addition! There is a new package called kdeconnect-kde. Together with the kdeconnect-android app for your smartphone or tablet (no iPhone, surely you don’t own one??) it “fuses” yo…

MATE 1.8 Released

Image
After being developed for some months, finally this morning, i got a notification from the lead developer Stefano that he has released MATE 1.8 to public along with the blog post on MATE's official blog.

I will start building packages for Slackware 14.1, both 32/64 bit architecture and upload it to the official repository and also to it's mirror sites. For those who can't wait, you can build it from master branch as of today as it has been updated for 1.8 since few days ago.

We will make a new branch for this release soon, where bug fixes and updates for MATE 1.8 will be going to this branch and master will be used to track MATE 1.9 progress.

Here are the changes in MATE 1.8:

Caja (file manager)
Added option to use IEC units instead of SI unitsAdded “Open parent location” option in context menu in search viewMarco (window manager)
Added side-by-side tiling (windows snapping)Panel
Added support to run dialog and main menu opening with metacity keybindingsShow a progress bar in …

Security Update: gnutls

There's another security update released for Slackware 13.0 and goes forward to Slackware-Current and this time it's gnutls. The backported patch comes from Mancha who reported this on LQ.

There are still some packages that has been reported, but not yet fixed, such as file, imagemagick, and python.

MATE 1.8 Coming Soon

This morning, i got an automatic email from MATE github account that three of the core packages of MATE (mate-common, mate-desktop, and libmatekbd) has been tagged 1.8.0 by Stefano Karapetsas.

While there hasn't any released tarballs yet in their public download repository, it seems that the MATE developers is ready to release MATE 1.8 this March and i believe it should be released pretty soon. Based on MATE 1.7.90 testing that has been conducted, it's very stable, fast, and consistent.

For those using MATE 1.6, upgrading to 1.8 is pretty straightforward and will be a smooth one. You might want to see new/renamed/removed packages from 1.6 -> 1.8 on MATE-1.8-CHANGES if you are planning to upgrade. Also, don't forget to check the KNOWN ISSUES and also UPGRADE instructions for more detailed step by step on how to upgrade to MATE 1.8.

For those who wonders what changes that has been applied to MATE 1.8 can see their roadmap which has been updated to move some targets postpo…

Security Update and Next Development Cycle

There was one security update releases yesterday and that was subversion. No other changes were made, both on stable and current release.

It's been almost 4 months since Slackware 14.1 gets released last November and there's no sign of the start of -current development again. Usually (based on history), it will start after 3-4 months after the last -stable release to give Pat some time to break from endless testing and debugging preparing for the stable release.

One of the most problematic problem for the next cycle is probably upstream's decision to integrate systemd in some projects. While this does not apply to all upstream projects, but i do hope that if it does, it should not be mandatory to have systemd installed and there's a configure parameter that can disable or build without systemd.

Speaking about systemd, Bart van der Hall has attempted to build systemd on top of Slackware and he has published his work on this home page. There's also a lengthy discussi…