Sun Aug 14 17:49:30 UTC 2011 n/wget-1.13-x86_64-1.txz: Upgraded. xap/mozilla-firefox-6.0-x86_64-1.txz: Upgraded. +--------------------------+ Fri Aug 12 23:20:00 UTC 2011 d/binutils-2.21.53.0.2-x86_64-1.txz: Upgraded. n/bind-9.7.4-x86_64-1.txz: Upgraded. This BIND update addresses a couple of security issues: * named, set up to be a caching resolver, is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache the response. Due to an off-by-one error, caching the response could cause named to crash. [RT #24650] [CVE-2011-1910] * Change #2912 (see CHANGES) exposed a latent bug in the DNS message processing code that could allow certain UPDATE requests to crash named. [RT #24777] [CVE-2011-2464] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464 (* Security fix *) +--------------------------+ Fri Aug 12 00:29:11 UTC 2011 a/lilo-23.2-x86_64-1.txz: Upgraded. ap/htop-0.9-x86_64-1.txz: Added. htop is an ncurses-based interactive process viewer. Thanks to Michal Dorocinski for the suggestion. ap/sqlite-3.7.7.1-x86_64-1.txz: Upgraded. Added options: -DSQLITE_ENABLE_FTS3 -DSQLITE_ENABLE_FTS3_PARENTHESIS=1 e/emacs-23.3a-x86_64-1.txz: Upgraded. testing/packages/mozilla-firefox-6.0b5-x86_64-1.txz: Added. testing/packages/mozilla-thunderbird-6.0b3-x86_64-1.txz: Added. testing/packages/seamonkey-2.3b3-x86_64-1.txz: Added. testing/packages/seamonkey-solibs-2.3b3-x86_64-1.txz: Added. +--------------------------+ Fri Jul 29 18:22:40 UTC 2011 ap/screen-4.0.3-x86_64-3.txz: Rebuilt. Use a larger buffer for the termtype variable to fix crashes with long names (e.g. rxvt-unicode-256color). Thanks to cteg. l/libpng-1.4.8-x86_64-1.txz: Upgraded. Upgraded to libpng-1.2.46 and libpng-1.4.8. Fixed uninitialized memory read in png_format_buffer() (Bug report by Frank Busse, related to CVE-2004-0421). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421 (* Security fix *) n/dhcpcd-5.2.12-x86_64-1.txz: Upgraded. Sanitize the host name provided by the DHCP server to insure that it does not contain any shell metacharacters. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0996 (* Security fix *) n/samba-3.5.10-x86_64-1.txz: Upgraded. Fixed cross-site request forgery and cross-site scripting vulnerability in SWAT (the Samba Web Administration Tool). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694 (* Security fix *) +--------------------------+ Thu Jul 14 21:34:41 UTC 2011 l/seamonkey-solibs-2.2-x86_64-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/announce/ (* Security fix *) xap/mozilla-firefox-5.0.1-x86_64-1.txz: Upgraded. I guess this is only a fix for Mac OS X, but it's still 0.0.1 better. ;-) xap/mozilla-thunderbird-5.0-x86_64-1.txz: Upgraded. Thanks to dolphin77 for some hints about the ./configure options. xap/seamonkey-2.2-x86_64-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/announce/ (* Security fix *) +--------------------------+ Fri Jul 8 16:55:13 UTC 2011 n/bind-9.7.3_P3-x86_64-1.txz: Upgraded. A specially constructed packet will cause BIND 9 ("named") to exit, affecting DNS service. The issue exists in BIND 9.6.3 and newer. "Change #2912 (see CHANGES) exposed a latent bug in the DNS message processing code that could allow certain UPDATE requests to crash named. This was fixed by disambiguating internal database representation vs DNS wire format data. [RT #24777] [CVE-2011-2464]" For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464 (* Security fix *) xap/mozilla-thunderbird-3.1.11-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html (* Security fix *) +--------------------------+ Tue Jun 28 18:19:47 UTC 2011 ap/ghostscript-9.02-x86_64-2.txz: Rebuilt. Provide pstoraster -> gstoraster symlink. Include latest History file, but not all the old ones. Is this ready for 13.37/patches now? +--------------------------+ Mon Jun 27 21:29:54 UTC 2011 n/gnutls-2.12.7-x86_64-1.txz: Upgraded. xap/pidgin-2.9.0-x86_64-1.txz: Upgraded. Fixed a remote denial of service. A remote attacker could set a specially crafted GIF file as their buddy icon causing vulerable versions of pidgin to crash due to excessive memory use. For more information, see: http://pidgin.im/news/security/?id=52 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2485 (* Security fix *) +--------------------------+ Fri Jun 24 02:55:39 UTC 2011 ap/ghostscript-9.02-x86_64-1.txz: Upgraded. I welcome reports about how well this version of ghostscript works compared with the 9.00 that shipped in Slackware 13.37. If it fixes important bugs without regressions, then it might be considered as a patch for 13.37. l/jre-6u26-x86_64-1.txz: Upgraded. xap/mozilla-firefox-5.0-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox.html (* Security fix *) extra/jdk-6/jdk-6u26-x86_64-1.txz: Upgraded. +--------------------------+ Mon Jun 20 04:09:11 UTC 2011 n/getmail-4.20.3-x86_64-1.txz: Upgraded. n/fetchmail-6.3.20-x86_64-1.txz: Upgraded. This release fixes a denial of service in STARTTLS protocol phases. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1947 http://www.fetchmail.info/fetchmail-SA-2011-01.txt (* Security fix *) l/seamonkey-solibs-2.1-x86_64-1.txz: Upgraded. xap/seamonkey-2.1-x86_64-1.txz: Upgraded. +--------------------------+ Sat May 28 19:28:21 UTC 2011 a/file-5.07-x86_64-1.txz: Upgraded. d/gcc-4.5.3-x86_64-2.txz: Rebuilt. d/gcc-g++-4.5.3-x86_64-2.txz: Rebuilt. d/gcc-gfortran-4.5.3-x86_64-2.txz: Rebuilt. d/gcc-gnat-4.5.3-x86_64-2.txz: Rebuilt. d/gcc-java-4.5.3-x86_64-2.txz: Rebuilt. d/gcc-objc-4.5.3-x86_64-2.txz: Rebuilt. Added --enable-objc-gc option to enable Objective-C garbage collection. Thanks to Luca De Pandis. +--------------------------+ Fri May 27 22:56:00 UTC 2011 n/bind-9.7.3_P1-x86_64-1.txz: Upgraded. This release fixes security issues: * A large RRSET from a remote authoritative server that results in the recursive resolver trying to negatively cache the response can hit an off by one code error in named, resulting in named crashing. [RT #24650] [CVE-2011-1910] * Zones that have a DS record in the parent zone but are also listed in a DLV and won't validate without DLV could fail to validate. [RT #24631] For more information, see: http://www.isc.org/software/bind/advisories/cve-2011-1910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910 (* Security fix *) +--------------------------+ Wed May 25 20:03:16 UTC 2011 a/cxxlibs-6.0.14-x86_64-2.txz: Rebuilt. a/glibc-solibs-2.13-x86_64-5.txz: Rebuilt. a/glibc-zoneinfo-2.13-noarch-5.txz: Rebuilt. Upgraded to tzcode2011g and tzdata2011g. a/kernel-firmware-2.6.38.7-noarch-1.txz: Upgraded. a/kernel-generic-2.6.38.7-x86_64-1.txz: Upgraded. a/kernel-huge-2.6.38.7-x86_64-1.txz: Upgraded. a/kernel-modules-2.6.38.7-x86_64-1.txz: Upgraded. ap/linuxdoc-tools-0.9.66-x86_64-9.txz: Rebuilt. ap/nano-2.3.1-x86_64-1.txz: Upgraded. d/gcc-4.5.3-x86_64-1.txz: Upgraded. d/gcc-g++-4.5.3-x86_64-1.txz: Upgraded. d/gcc-gfortran-4.5.3-x86_64-1.txz: Upgraded. d/gcc-gnat-4.5.3-x86_64-1.txz: Upgraded. d/gcc-java-4.5.3-x86_64-1.txz: Upgraded. d/gcc-objc-4.5.3-x86_64-1.txz: Upgraded. d/git-1.7.5.1-x86_64-1.txz: Upgraded. d/kernel-headers-2.6.38.7-x86-1.txz: Upgraded. d/perl-5.14.0-x86_64-1.txz: Upgraded. d/subversion-1.6.16-x86_64-2.txz: Rebuilt. k/kernel-source-2.6.38.7-noarch-1.txz: Upgraded. These are the main configuration changes from the 2.6.37.6 kernel in 13.37: BLK_DEV_LOOP y -> m LOG_BUF_SHIFT 15 -> 18 MOUSE_PS2_ELANTECH n -> y And, compared with the 2.6.38.4 kernel in 13.37/testing: LOG_BUF_SHIFT 15 -> 18 PREEMPT_NONE y -> n PREEMPT_VOLUNTARY n -> y SCHED_AUTOGROUP y -> n It remains to be seen where the PREEMPT_* options will settle in the future. SCHED_AUTOGROUP still seems sketchy to me, and might be behind some odd clockskew issues. And, thanks to Carl Wenninger for reporting that the LOG_BUF_SHIFT setting was less than the kernel defaults and was leading to a few missing lines at the beginning of 'dmesg' output. kde/kdebindings-4.5.5-x86_64-3.txz: Rebuilt. l/apr-1.4.5-x86_64-1.txz: Upgraded. This fixes a possible denial of service due to a problem with a loop in the new apr_fnmatch() implementation consuming CPU. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928 (* Security fix *) l/apr-util-1.3.12-x86_64-1.txz: Upgraded. Fix crash because of NULL cleanup registered by apr_ldap_rebind_init(). l/glibc-2.13-x86_64-5.txz: Rebuilt. l/glibc-i18n-2.13-x86_64-5.txz: Rebuilt. l/glibc-profile-2.13-x86_64-5.txz: Rebuilt. l/libidn-1.22-x86_64-1.txz: Rebuilt. l/pilot-link-0.12.5-x86_64-4.txz: Rebuilt. l/virtuoso-ose-6.1.2-x86_64-2.txz: Rebuilt. n/gnutls-2.12.5-x86_64-1.txz: Upgraded. n/httpd-2.2.19-x86_64-1.txz: Upgraded. Revert ABI breakage in 2.2.18 caused by the function signature change of ap_unescape_url_keep2f(). This release restores the signature from 2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex(). Apache httpd-2.2.18 is considered abandoned. All users must upgrade. n/irssi-0.8.15-x86_64-4.txz: Rebuilt. n/net-snmp-5.6.1-x86_64-2.txz: Rebuilt. n/ntp-4.2.6p3-x86_64-2.txz: Rebuilt. n/obexftp-0.23-x86_64-6.txz: Rebuilt. x/libdrm-2.4.25-x86_64-1.txz: Upgraded. x/mesa-7.10.2-x86_64-1.txz: Upgraded. x/xf86-video-nouveau-git_20110515_8378443-x86_64-1.txz: Upgraded. xap/gv-3.7.2-x86_64-1.txz: Upgraded. xap/imagemagick-6.6.9_8-x86_64-1.txz: Upgraded. xap/pidgin-2.7.11-x86_64-2.txz: Rebuilt. xap/xchat-2.8.8-x86_64-4.txz: Rebuilt. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt. +--------------------------+ Fri May 13 20:30:07 UTC 2011 l/apr-1.4.4-x86_64-1.txz: Upgraded. This fixes a possible denial of service due to an unconstrained, recursive invocation of apr_fnmatch(). This function has been reimplemented using a non-recursive algorithm. Thanks to William Rowe. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419 (* Security fix *) l/apr-util-1.3.11-x86_64-1.txz: Upgraded. n/httpd-2.2.18-x86_64-1.txz: Upgraded. This is a bug fix release, but since the upgrades to apr/apr-util require at least an httpd recompile we opted to upgrade to the newest httpd. +--------------------------+ Thu May 5 23:23:20 UTC 2011 a/coreutils-8.12-x86_64-1.txz: Upgraded. +--------------------------+ Mon May 2 20:20:50 UTC 2011 xap/mozilla-firefox-4.0.1-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox40.html (* Security fix *) xap/mozilla-thunderbird-3.1.10-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html (* Security fix *) +--------------------------+ Mon Apr 25 13:37:00 UTC 2011 Slackware 13.37 x86_64 stable is released! Thanks to everyone who pitched in on this release: the Slackware team, the folks producing upstream code, and linuxquestions.org for providing a great forum for collaboration and testing. The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware project by picking up a copy from store.slackware.com. We're taking pre-orders now, and offer a discount if you sign up for a subscription. As always, thanks to the Slackware community for testing, suggestions, and feedback. :-) Have fun! +--------------------------+