Saturday, February 27, 2016

Next MATE for Slackware 14.2

Right now, upstream (MATE) developers are working to get MATE 1.14 ready and it's being scheduled to be released in March to follow Ubuntu and Fedora's cycle. For 1.14, they are focusing on better support for GTK+3 toolkit and in order to do that, they will set a minimum version of GTK+3 supported for all build since GTK+3 changes a lot in every stable releases. You can see their roadmap to see what's their focus at the moment.

Since it's quite a big change for MATE and we are so close to Slackware 14.2, i decided to focus on 1.12 release for now until 14.2 gets released and then i can start working on supporting MATE 1.14.  Since MATE 1.14 might contain mixed release (GTK+2 and GTK+3), i need more time to make sure the transition works nicely.

Personally i prefer not to provide a mixed release since it will be confusing and may lead to bad user experience, but we also have problem if we want to fully switch to GTK+3 build only. There are some parts that still have few critical bugs for GTK+3 and i prefer not to ship them for our users.

Security Update: libssh

One security update has been released for Slackware stable releases (14.0 and 14.1) and two for current. They are libssh which is available in 14.0 and 14.1 and now upgraded to 0.7.3 and also libssh2 which is available only in current and now upgraded to 1.7.0. Both suffered from same problem: weak key generation but happened on different part of the code, thus a different CVE were assigned for those two packages (CVE-2016-0739 and 2016-0787).

In current, new kernel is now introduced 4.4.3 along with other packages:
  • btrfs-progs 4.4.1
  • sdparm 1.10
  • mariadb 10.0.24
  • gdb 7.11
  • gtk+3 3.18.8
  • libical 2.0.0 
  • sg3_utils 1.42
  • mesa 1.11.2

Wednesday, February 24, 2016

Security Update: libgcrypt, bind, glibc, and ntp

There are 4 security updates released today for Slackware:
  • libgcrypt upgraded to 1.5.5 for all stable releases back to 13.0 and 1.6.5 for current
  • bind upgraded to 9.9.8_P3 for all stable releases back to 13.0 and 9.10.3 for current
  • ntp upgraded to 4.2.8p6 for all branches
  • glibc rebuilt to add a fix for CVE 2015-7547 for 14.1 and upgraded to 2.23 for current
Please note that Slackware IS NOT vulnerable to CVE 2015-7547 due to patch that were applied back in 2009 and not removed by Pat even though it was fixed in the main tree since then.

There are also some other changes in current tree:
  • kernel upgraded to 4.4.2
  • some changes in cups, mc, GConf, blueman, and alsa-lib to fix some issues
  • upgrade some packages: libproxy, nmap, xf86-video-amdgpu, and tigervnc

Tuesday, February 9, 2016

Security Update: libsndfile and curl

Two security advisories has been released today to fix security vulnerabilities in two packages: libsndfile and curl. Both have been applied back to all Slackware releases back to 13.0 (13.37 for libsndfile). For stable version, please note that flac is also upgraded since it's needed by the new version of libsndfile.

In current, there isn't any big changes as before, but more like polishing toward stability. Here are the summary:
  • Update blacklist entry in mkinitrd to prevent error message at boot
  • Upgraded cups, loudmouth, mcabber, stunnel, xf86-video-intel, firefox, and wicd to the latest version
  • Fix an internal compiler error on GCC to fix building wine
  • Revert to older version of ghostscript since it caused some problems with GIMP opening ps or eps files.

Thursday, February 4, 2016

Slackware 14.2 Beta 2 Announced

Good news for everyone. Slackware 14.2 is getting close to release as Pat now announced Slackware 14.2 Beta 2 on the latest changelog. This update also brings some security changes for all supported Slackware releases back to Slackware 13.0!!!

Here are the highlights for older Slackware releases:
  • Updated glibc-zoneinfo for latest timezone update
  • Updated MPlayer identical to MPlayer 1.2.1 stable releases
  • Updated openssl to 1.0.1r
  • Updated PHP to 5.6 since PHP 5.4 is no longer supported. Last PHP 5.4.x packages can still be found in pasture just in case you are not ready for 5.6.
Here are the highlights for slackware current:
  • New kernel 4.4.1
  • Coreutils upgraded to 8.25
  • lvm2 upgraded to 2.02.141
  • cups-filter upgraded to 1.8.1
  • Latest update on development tool (binutils, cmake, mercurial, oprofile, python-setuptools)
  • Latest update on libraries (gst-plugins-*, gstreamer, gtk+3, harfbuzz, librsvg, pulseaudio)
  • Latest update on networking tools (proftpd and traceroute)
  • Xterm upgraded to 322
  • Added two new packages: GParted and HexChat (Replacing XChat)
  • Firefox upgraded to 44.0 (re-built with -O2 again)
  • Pidgin upgraded to 2.10.12
  • xine-lib Rebuilt against new ffmpeg 2.8.5