Sun Feb 26 23:09:05 UTC 2012 a/kernel-generic-3.2.7-i486-1.txz: Upgraded. a/kernel-generic-smp-3.2.7_smp-i686-1.txz: Upgraded. a/kernel-huge-3.2.7-i486-1.txz: Upgraded. a/kernel-huge-smp-3.2.7_smp-i686-1.txz: Upgraded. a/kernel-modules-3.2.7-i486-1.txz: Upgraded. a/kernel-modules-smp-3.2.7_smp-i686-1.txz: Upgraded. d/kernel-headers-3.2.7_smp-x86-1.txz: Upgraded. k/kernel-source-3.2.7_smp-noarch-1.txz: Upgraded. extra/linux-3.2.7-nosmp-sdk/*: Upgraded. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt. +--------------------------+ Sat Feb 25 20:36:42 UTC 2012 testing/packages/mozilla-firefox-11.0b4-i486-1.txz: Upgraded. testing/packages/mozilla-thunderbird-11.0b3-i486-1.txz: Upgraded. testing/packages/seamonkey-2.8b4-i486-1.txz: Upgraded. testing/packages/seamonkey-solibs-2.8b4-i486-1.txz: Upgraded. +--------------------------+ Wed Feb 22 18:14:58 UTC 2012 l/libpng-1.4.9-i486-1.txz: Upgraded. All branches of libpng prior to versions 1.5.9, 1.4.9, 1.2.47, and 1.0.57, respectively, fail to correctly validate a heap allocation in png_decompress_chunk(), which can lead to a buffer-overrun and the possibility of execution of hostile code on 32-bit systems. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026 (* Security fix *) l/seamonkey-solibs-2.7.2-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html (* Security fix *) xap/mozilla-firefox-10.0.2-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox.html (* Security fix *) xap/mozilla-thunderbird-10.0.2-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) xap/seamonkey-2.7.2-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html (* Security fix *) +--------------------------+ Tue Feb 14 01:57:25 UTC 2012 xap/mozilla-thunderbird-10.0.1-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) +--------------------------+ Sun Feb 12 23:26:00 UTC 2012 testing/packages/mozilla-thunderbird-11.0b1-i486-1.txz: Added. testing/packages/seamonkey-2.8b2-i486-1.txz: Added. testing/packages/seamonkey-solibs-2.8b2-i486-1.txz: Added. +--------------------------+ Sat Feb 11 02:37:16 UTC 2012 l/seamonkey-solibs-2.7.1-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html (* Security fix *) xap/mozilla-firefox-10.0.1-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox.html (* Security fix *) xap/seamonkey-2.7.1-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html (* Security fix *) testing/packages/mozilla-firefox-11.0b2-i486-1.txz: Upgraded. +--------------------------+ Wed Feb 8 01:21:42 UTC 2012 a/glibc-solibs-2.14.1-i486-4.txz: Rebuilt. Patched an overflow in tzfile. This was evidently first reported in 2009, but is only now getting around to being patched. To exploit it, one must be able to write beneath /usr/share/zoneinfo, which is usually not possible for a normal user, but may be in the case where they are chroot()ed to a directory that they own. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029 (* Security fix *) a/glibc-zoneinfo-2011i_2011n-noarch-4.txz: Rebuilt. ap/alsa-utils-1.0.25-i486-1.txz: Upgraded. ap/hplip-3.11.12-i486-1.txz: Upgraded. ap/sqlite-3.7.10-i486-1.txz: Upgraded. l/alsa-lib-1.0.25-i486-1.txz: Upgraded. l/alsa-oss-1.0.25-i486-1.txz: Upgraded. l/apr-util-1.4.1-i486-1.txz: Upgraded. l/glibc-2.14.1-i486-4.txz: Rebuilt. Patched an overflow in tzfile. This was evidently first reported in 2009, but is only now getting around to being patched. To exploit it, one must be able to write beneath /usr/share/zoneinfo, which is usually not possible for a normal user, but may be in the case where they are chroot()ed to a directory that they own. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029 (* Security fix *) l/glibc-i18n-2.14.1-i486-4.txz: Rebuilt. l/glibc-profile-2.14.1-i486-4.txz: Rebuilt. Patched an overflow in tzfile. This was evidently first reported in 2009, but is only now getting around to being patched. To exploit it, one must be able to write beneath /usr/share/zoneinfo, which is usually not possible for a normal user, but may be in the case where they are chroot()ed to a directory that they own. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029 (* Security fix *) n/httpd-2.2.22-i486-1.txz: Upgraded. *) SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. [Joe Orton] *) SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. [Stefan Fritsch, Greg Ames] *) SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. [Joe Orton] *) SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17. PR 52256. [Rainer Canavan ] *) SECURITY: CVE-2012-0031 (cve.mitre.org) Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly. [Joe Orton] *) SECURITY: CVE-2012-0053 (cve.mitre.org) Fix an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400. [Eric Covener] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053 (* Security fix *) n/php-5.3.10-i486-1.txz: Upgraded. Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830. (Stas, Dmitry) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830 (* Security fix *) n/proftpd-1.3.4a-i486-1.txz: Upgraded. This update fixes a use-after-free() memory corruption error, and possibly other unspecified issues. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130 (* Security fix *) n/vsftpd-2.3.5-i486-1.txz: Upgraded. Minor version bump, this also works around a hard to trigger heap overflow in glibc (glibc zoneinfo caching vuln). For there to be any possibility to trigger the glibc bug within vsftpd, the non-default option "chroot_local_user" must be set in /etc/vsftpd.conf. Considered 1) low severity (hard to exploit) and 2) not a vsftpd bug :-) Nevertheless: (* Security fix *) +--------------------------+ Thu Feb 2 16:02:47 UTC 2012 It is cloudy and foggy here today -- I did not see my shadow, and will not be crawling back into my hole for 6 weeks. ;-) testing/packages/mozilla-firefox-11.0b1-i486-1.txz: Added. +--------------------------+ Thu Feb 2 15:07:23 UTC 2012 a/kernel-firmware-20120202git-noarch-1.txz: Upgraded. There were some reports of a failing checksum on the .asc (which did verify, so the package was good). So, we'll replace it with a new build to make sure that it syncs out. +--------------------------+ Wed Feb 1 23:20:04 UTC 2012 $(fortune) just obtained logging in to stamp the Changelog, finally: "You single-handedly fought your way into this hopeless mess." Well, we'll work on rectifying that situation. :-) Sorry about the lack of updates... everything here blew up all at once, it seemed, but equipment, upstream targets, and reality all seem to be settling down enough to get these updates out and have them be an actual improvement over what's already up. Hope to have more soon. Cheers! l/seamonkey-solibs-2.7-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html (* Security fix *) xap/mozilla-firefox-10.0-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox.html (* Security fix *) xap/mozilla-thunderbird-10.0-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) xap/seamonkey-2.7-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html (* Security fix *) +--------------------------+ Wed Feb 1 17:18:14 CST 2012 testing/packages/mozilla-firefox-10.0-i486-1.txz: Upgraded. testing/packages/mozilla-thunderbird-10.0-i486-1.txz: Upgraded. +--------------------------+ Wed Feb 1 17:18:13 CST 2012 a/kernel-generic-3.2.2-i486-1.txz: Upgraded. a/kernel-generic-smp-3.2.2_smp-i686-1.txz: Upgraded. a/kernel-huge-3.2.2-i486-1.txz: Upgraded. a/kernel-huge-smp-3.2.2_smp-i686-1.txz: Upgraded. a/kernel-modules-3.2.2-i486-1.txz: Upgraded. a/kernel-modules-smp-3.2.2_smp-i686-1.txz: Upgraded. a/openssl-solibs-0.9.8t-i486-1.txz: Upgraded. This fixes a bug where DTLS applications were not properly supported. This bug could have allowed remote attackers to cause a denial of service via unspecified vectors. CVE-2012-0050 has been assigned to this issue. For more details see: http://openssl.org/news/secadv_20120118.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0050 (* Security fix *) d/kernel-headers-3.2.2_smp-x86-1.txz: Upgraded. e/emacs-23.4-i486-1.txz: Upgraded. k/kernel-source-3.2.2_smp-noarch-1.txz: Upgraded. n/openssl-0.9.8t-i486-1.txz: Upgraded. This fixes a bug where DTLS applications were not properly supported. This bug could have allowed remote attackers to cause a denial of service via unspecified vectors. CVE-2012-0050 has been assigned to this issue. For more details see: http://openssl.org/news/secadv_20120118.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0050 (* Security fix *) extra/linux-3.2.1-nosmp-sdk/*: Upgraded. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt. +--------------------------+ Wed Feb 1 17:18:11 CST 2012 a/coreutils-8.15-i486-1.txz: Upgraded. This will be provided as a patch to fix some important issues with ext4. Thanks to Georgy Salnikov for the notification. a/cups-1.4.8-i486-1.txz: Upgraded. This might fix a printing issue with LibreOffice. We'll look into cups-1.5.0 once we know if this fix works. If it does, we'll deploy cups-1.4.8 as a patch for Slackware 13.37. Thanks to Willy Sudiarto Raharjo. a/glibc-solibs-2.14.1-i486-3.txz: Rebuilt. a/glibc-zoneinfo-2011i_2011n-noarch-3.txz: Rebuilt. a/kernel-generic-3.2.1-i486-1.txz: Upgraded. a/kernel-generic-smp-3.2.1_smp-i686-1.txz: Upgraded. a/kernel-huge-3.2.1-i486-1.txz: Upgraded. a/kernel-huge-smp-3.2.1_smp-i686-1.txz: Upgraded. a/kernel-modules-3.2.1-i486-1.txz: Upgraded. a/kernel-modules-smp-3.2.1_smp-i686-1.txz: Upgraded. d/kernel-headers-3.2.1_smp-x86-1.txz: Upgraded. k/kernel-source-3.2.1_smp-noarch-1.txz: Upgraded. l/glibc-2.14.1-i486-3.txz: Rebuilt. l/glibc-i18n-2.14.1-i486-3.txz: Rebuilt. l/glibc-profile-2.14.1-i486-3.txz: Rebuilt. n/ca-certificates-20111211-noarch-1.txz: Upgraded. Removes DigiNotar and other untrusted certificates. (* Security fix *) isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt. +--------------------------+ Wed Feb 1 17:18:07 CST 2012 Hey folks! Have a few overdue updates to the toolchain. This has all been built and rebuild (and upgraded) far too many times IMHO to wait around yet again to get 3.2.1 in place and bump some compiler deps to get ARM working... what was that about the echo $(fortune -m "goal of Computer Science") ? Anyway, please test and report problems and we'll have another round here shortly. a/glibc-solibs-2.14.1-i486-3.txz: Rebuilt. a/glibc-zoneinfo-2011i_2011n-noarch-3.txz: Rebuilt. a/kernel-firmware-20120109git-noarch-1.txz: Upgraded. ap/htop-1.0-i486-1.txz: Upgraded. d/gcc-4.6.2-i486-1.txz: Upgraded. d/gcc-g++-4.6.2-i486-1.txz: Upgraded. d/gcc-gfortran-4.6.2-i486-1.txz: Upgraded. d/gcc-gnat-4.6.2-i486-1.txz: Upgraded. d/gcc-go-4.6.2-i486-1.txz: Added. d/gcc-java-4.6.2-i486-1.txz: Upgraded. d/gcc-objc-4.6.2-i486-1.txz: Upgraded. d/slacktrack-2.10-i486-1.txz: Upgraded. e/emacs-23.3.tar.xz: Upgraded. l/freetype-2.4.8-i486-1.txz: Upgraded. Some vulnerabilities in handling CID-keyed PostScript fonts have been fixed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3439 (* Security fix *) l/glibc-2.14.1-i486-3.txz: Rebuilt. Patched to provide compile support for NIS and RPC again. l/glibc-i18n-2.14.1-i486-3.txz: Rebuilt. l/glibc-profile-2.14.1-i486-3.txz: Rebuilt. l/seamonkey-solibs-2.6.1-i486-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/announce/ (* Security fix *) n/sendmail-8.14.5-i486-1.txz: Upgraded. n/sendmail-cf-8.14.5-noarch-1.txz: Upgraded. xap/mozilla-firefox-9.0.1-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox.html (* Security fix *) xap/mozilla-thunderbird-9.0.1-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) xap/seamonkey-2.6.1-i486-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/announce/ (* Security fix *) xap/x3270-3.3.12ga7-i486-1.txz: Upgraded. xap/xfractint-20.04p11-i486-1.txz: Upgraded. pasture/gcc-4.5.3-i486-2.txz: Moved to /pasture. pasture/gcc-g++-4.5.3-i486-2.txz: Moved to /pasture. pasture/gcc-gfortran-4.5.3-i486-2.txz: Moved to /pasture. pasture/gcc-gnat-4.5.3-i486-2.txz: Moved to /pasture. pasture/gcc-java-4.5.3-i486-2.txz: Moved to /pasture. pasture/gcc-objc-4.5.3-i486-2.txz: Moved to /pasture. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt. testing/packages/mozilla-firefox-10.0b4-i486-1.txz: Added. testing/packages/mozilla-thunderbird-10.0b3-i486-1.txz: Added. +--------------------------+ Wed Dec 14 16:22:29 UTC 2011 d/subversion-1.7.2-i486-1.txz: Upgraded. This update fixes an issue with "git svn clone" being broken. Thanks to Francesco Allertsen for the heads-up. Hmmm, perhaps vbatts can tell me what has happened to the ruby bindings... +--------------------------+ Tue Nov 29 00:09:21 UTC 2011 testing/packages/mozilla-thunderbird-9.0b2-i486-1.txz: Upgraded. +--------------------------+ Sun Nov 27 03:37:52 UTC 2011 d/yasm-1.2.0-i486-1.txz: Upgraded. l/seamonkey-solibs-2.5-i486-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/announce/ (* Security fix *) xap/mozilla-firefox-8.0.1-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox.html (* Security fix *) xap/mozilla-thunderbird-8.0-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) xap/seamonkey-2.5-i486-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/announce/ (* Security fix *) testing/packages/mozilla-firefox-9.0b3-i486-1.txz: Upgraded. +--------------------------+ Wed Nov 23 15:17:39 UTC 2011 d/make-3.82-i486-3.txz: Rebuilt. Patched a free() crash when building Android. Thanks to Troy Unrau. Fixed IA32 arch, package locations... sorry :) +--------------------------+ Tue Nov 22 15:23:55 UTC 2011 d/make-3.82-x86_64-3.txz: Rebuilt. Patched a free() crash when building Android. Thanks to Troy Unrau. testing/packages/mozilla-firefox-9.0b2-i486-1.txz: Upgraded. +--------------------------+ Thu Nov 17 02:12:33 UTC 2011 n/bind-9.7.4_P1-i486-1.txz: Upgraded. --- 9.7.4-P1 released --- 3218. [security] Cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure. [RT #26590] (* Security fix *) +--------------------------+ Sun Nov 13 16:03:06 UTC 2011 a/glibc-solibs-2.14.1-i486-2.txz: Rebuilt. a/glibc-zoneinfo-2011i_2011n-noarch-2.txz: Rebuilt. l/glibc-2.14.1-i486-2.txz: Rebuilt. Merged ELF patches -- Matt Burgess l/glibc-i18n-2.14.1-i486-2.txz: Rebuilt. l/glibc-profile-2.14.1-i486-2.txz: Rebuilt. testing/packages/mozilla-firefox-9.0b1-i486-1.txz: Added. +--------------------------+ Fri Nov 11 18:58:21 UTC 2011 Good 11-11-11, everyone! Enjoy some fresh time. :) a/glibc-solibs-2.14.1-i486-1.txz: Upgraded. a/glibc-zoneinfo-2011i_2011n-noarch-1.txz: Upgraded. New upstream homepage: http://www.iana.org/time-zones l/glibc-2.14.1-i486-1.txz: Upgraded. l/glibc-i18n-2.14.1-i486-1.txz: Upgraded. l/glibc-profile-2.14.1-i486-1.txz: Upgraded. +--------------------------+ Tue Nov 8 04:07:49 UTC 2011 n/openssh-5.9p1-i486-2.txz: Rebuilt. Upstream different timestamp, size, ChangeLog. GPG verifies on both this newer one and what we had before (?). xap/mozilla-firefox-8.0-i486-1.txz: Upgraded. +--------------------------+ Tue Oct 11 07:50:04 UTC 2011 a/file-5.09-i486-1.txz: Upgraded. l/seamonkey-solibs-2.4.1-i486-1.txz: Upgraded. n/httpd-2.2.21-i486-1.txz: Upgraded. Respond with HTTP_NOT_IMPLEMENTED when the method is not recognized. [Jean-Frederic Clere] SECURITY: CVE-2011-3348 Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20. PR 51748. [] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348 (* Security fix *) xap/mozilla-firefox-7.0.1-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox.html (* Security fix *) xap/mozilla-thunderbird-7.0.1-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) xap/seamonkey-2.4.1-i486-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/announce/ (* Security fix *) testing/packages/mozilla-firefox-8.0b2-i486-1.txz: Upgraded. +--------------------------+ Tue Sep 6 16:53:43 UTC 2011 n/openssh-5.9p1-i486-1.txz: Upgraded. +--------------------------+ Tue Sep 6 00:15:03 UTC 2011 l/seamonkey-solibs-2.3.3-i486-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/announce/ http://www.mozilla.org/security/announce/2011/mfsa2011-34.html (* Security fix *) n/httpd-2.2.20-i486-1.txz: Upgraded. SECURITY: CVE-2011-3192 (cve.mitre.org) core: Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file. PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 (* Security fix *) xap/mozilla-firefox-6.0.2-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox.html http://www.mozilla.org/security/announce/2011/mfsa2011-34.html (* Security fix *) xap/mozilla-thunderbird-6.0.1-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html http://www.mozilla.org/security/announce/2011/mfsa2011-34.html (* Security fix *) xap/seamonkey-2.3.3-i486-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/announce/ http://www.mozilla.org/security/announce/2011/mfsa2011-34.html (* Security fix *) testing/packages/mozilla-firefox-7.0b4-i486-1.txz: Upgraded. +--------------------------+ Thu Aug 25 09:10:45 UTC 2011 a/kernel-firmware-20110814git-noarch-1.txz: Upgraded. Fetch the latest kernel firmware from git -- the stuff in the kernel sources is somewhat stale. ap/soma-2.7.1-noarch-1.txz: Added. Soma is a command line/dialog Internet radio player. Thanks to David Woodfall. l/jre-6u27-i586-1.txz: Upgraded. n/php-5.3.8-i486-1.txz: Upgraded. Security fixes vs. 5.3.6 (5.3.7 was not usable): Updated crypt_blowfish to 1.2. (CVE-2011-2483) Fixed crash in error_log(). Reported by Mateusz Kocielski Fixed buffer overflow on overlog salt in crypt(). Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202) Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938) Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483 (* Security fix *) extra/jdk-6/jdk-6u27-i586-1.txz: Upgraded. testing/packages/mozilla-firefox-7.0b1-i486-1.txz: Added. +-------------------------- Sun Aug 14 17:49:30 UTC 2011 n/wget-1.13-i486-1.txz: Upgraded. xap/mozilla-firefox-6.0-i486-1.txz: Upgraded. +--------------------------+ Fri Aug 12 23:20:00 UTC 2011 d/binutils-2.21.53.0.2-i486-1.txz: Upgraded. n/bind-9.7.4-i486-1.txz: Upgraded. This BIND update addresses a couple of security issues: * named, set up to be a caching resolver, is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache the response. Due to an off-by-one error, caching the response could cause named to crash. [RT #24650] [CVE-2011-1910] * Change #2912 (see CHANGES) exposed a latent bug in the DNS message processing code that could allow certain UPDATE requests to crash named. [RT #24777] [CVE-2011-2464] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464 (* Security fix *) +--------------------------+ Fri Aug 12 16:25:35 UTC 2011 ap/htop-0.9-i486-1.txz: Added. Oops, this was missing on 32-bit. Thanks to Willy Sudiarto Raharjo. +--------------------------+ Fri Aug 12 00:29:11 UTC 2011 a/lilo-23.2-i486-1.txz: Upgraded. ap/htop-0.9-i486-1.txz: Added. htop is an ncurses-based interactive process viewer. Thanks to Michal Dorocinski for the suggestion. ap/sqlite-3.7.7.1-i486-1.txz: Upgraded. Added options: -DSQLITE_ENABLE_FTS3 -DSQLITE_ENABLE_FTS3_PARENTHESIS=1 e/emacs-23.3a-i486-1.txz: Upgraded. testing/packages/mozilla-firefox-6.0b5-i486-1.txz: Added. testing/packages/mozilla-thunderbird-6.0b3-i486-1.txz: Added. testing/packages/seamonkey-2.3b3-i486-1.txz: Added. testing/packages/seamonkey-solibs-2.3b3-i486-1.txz: Added. +--------------------------+ Fri Jul 29 18:22:40 UTC 2011 ap/screen-4.0.3-i486-3.txz: Rebuilt. Use a larger buffer for the termtype variable to fix crashes with long names (e.g. rxvt-unicode-256color). Thanks to cteg. l/libpng-1.4.8-i486-1.txz: Upgraded. Upgraded to libpng-1.2.46 and libpng-1.4.8. Fixed uninitialized memory read in png_format_buffer() (Bug report by Frank Busse, related to CVE-2004-0421). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421 (* Security fix *) n/dhcpcd-5.2.12-i486-1.txz: Upgraded. Sanitize the host name provided by the DHCP server to insure that it does not contain any shell metacharacters. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0996 (* Security fix *) n/samba-3.5.10-i486-1.txz: Upgraded. Fixed cross-site request forgery and cross-site scripting vulnerability in SWAT (the Samba Web Administration Tool). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694 (* Security fix *) +--------------------------+ Thu Jul 14 21:34:41 UTC 2011 l/seamonkey-solibs-2.2-i486-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/announce/ (* Security fix *) xap/mozilla-firefox-5.0.1-i486-1.txz: Upgraded. I guess this is only a fix for Mac OS X, but it's still 0.0.1 better. ;-) xap/mozilla-thunderbird-5.0-i486-1.txz: Upgraded. Thanks to dolphin77 for some hints about the ./configure options. xap/seamonkey-2.2-i486-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/announce/ (* Security fix *) +--------------------------+ Fri Jul 8 16:55:13 UTC 2011 n/bind-9.7.3_P3-i486-1.txz: Upgraded. A specially constructed packet will cause BIND 9 ("named") to exit, affecting DNS service. The issue exists in BIND 9.6.3 and newer. "Change #2912 (see CHANGES) exposed a latent bug in the DNS message processing code that could allow certain UPDATE requests to crash named. This was fixed by disambiguating internal database representation vs DNS wire format data. [RT #24777] [CVE-2011-2464]" For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464 (* Security fix *) xap/mozilla-thunderbird-3.1.11-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird30.html (* Security fix *) +--------------------------+ Tue Jun 28 18:19:47 UTC 2011 ap/ghostscript-9.02-i486-2.txz: Rebuilt. Provide pstoraster -> gstoraster symlink. Include latest History file, but not all the old ones. Is this ready for 13.37/patches now? +--------------------------+ Mon Jun 27 21:29:54 UTC 2011 n/gnutls-2.12.7-i486-1.txz: Upgraded. xap/pidgin-2.9.0-i486-1.txz: Upgraded. Fixed a remote denial of service. A remote attacker could set a specially crafted GIF file as their buddy icon causing vulerable versions of pidgin to crash due to excessive memory use. For more information, see: http://pidgin.im/news/security/?id=52 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2485 (* Security fix *) +--------------------------+ Fri Jun 24 02:55:39 UTC 2011 ap/ghostscript-9.02-i486-1.txz: Upgraded. I welcome reports about how well this version of ghostscript works compared with the 9.00 that shipped in Slackware 13.37. If it fixes important bugs without regressions, then it might be considered as a patch for 13.37. l/jre-6u26-i586-1.txz: Upgraded. xap/mozilla-firefox-5.0-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox.html (* Security fix *) extra/jdk-6/jdk-6u26-i586-1.txz: Upgraded. +--------------------------+ Mon Jun 20 04:09:11 UTC 2011 n/getmail-4.20.3-i486-1.txz: Upgraded. n/fetchmail-6.3.20-i486-1.txz: Upgraded. This release fixes a denial of service in STARTTLS protocol phases. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1947 http://www.fetchmail.info/fetchmail-SA-2011-01.txt (* Security fix *) l/seamonkey-solibs-2.1-i486-1.txz: Upgraded. xap/seamonkey-2.1-i486-1.txz: Upgraded. +--------------------------+ Sat May 28 19:28:21 UTC 2011 a/file-5.07-i486-1.txz: Upgraded. d/gcc-4.5.3-i486-2.txz: Rebuilt. d/gcc-g++-4.5.3-i486-2.txz: Rebuilt. d/gcc-gfortran-4.5.3-i486-2.txz: Rebuilt. d/gcc-gnat-4.5.3-i486-2.txz: Rebuilt. d/gcc-java-4.5.3-i486-2.txz: Rebuilt. d/gcc-objc-4.5.3-i486-2.txz: Rebuilt. Added --enable-objc-gc option to enable Objective-C garbage collection. Thanks to Luca De Pandis. +--------------------------+ Fri May 27 22:56:00 UTC 2011 n/bind-9.7.3_P1-i486-1.txz: Upgraded. This release fixes security issues: * A large RRSET from a remote authoritative server that results in the recursive resolver trying to negatively cache the response can hit an off by one code error in named, resulting in named crashing. [RT #24650] [CVE-2011-1910] * Zones that have a DS record in the parent zone but are also listed in a DLV and won't validate without DLV could fail to validate. [RT #24631] For more information, see: http://www.isc.org/software/bind/advisories/cve-2011-1910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910 (* Security fix *) +--------------------------+ Wed May 25 20:03:16 UTC 2011 a/cxxlibs-6.0.14-i486-2.txz: Rebuilt. a/glibc-solibs-2.13-i486-5.txz: Rebuilt. a/glibc-zoneinfo-2.13-noarch-5.txz: Rebuilt. Upgraded to tzcode2011g and tzdata2011g. a/kernel-firmware-2.6.38.7-noarch-1.txz: Upgraded. a/kernel-generic-2.6.38.7-i486-1.txz: Upgraded. a/kernel-generic-smp-2.6.38.7_smp-i686-1.txz: Upgraded. a/kernel-huge-2.6.38.7-i486-1.txz: Upgraded. a/kernel-huge-smp-2.6.38.7_smp-i686-1.txz: Upgraded. a/kernel-modules-2.6.38.7-i486-1.txz: Upgraded. a/kernel-modules-smp-2.6.38.7_smp-i686-1.txz: Upgraded. ap/linuxdoc-tools-0.9.66-i486-9.txz: Rebuilt. ap/nano-2.3.1-i486-1.txz: Upgraded. d/gcc-4.5.3-i486-1.txz: Upgraded. d/gcc-g++-4.5.3-i486-1.txz: Upgraded. d/gcc-gfortran-4.5.3-i486-1.txz: Upgraded. d/gcc-gnat-4.5.3-i486-1.txz: Upgraded. d/gcc-java-4.5.3-i486-1.txz: Upgraded. d/gcc-objc-4.5.3-i486-1.txz: Upgraded. d/git-1.7.5.1-i486-1.txz: Upgraded. d/kernel-headers-2.6.38.7_smp-x86-1.txz: Upgraded. d/perl-5.14.0-i486-1.txz: Upgraded. d/subversion-1.6.16-i486-2.txz: Rebuilt. k/kernel-source-2.6.38.7_smp-noarch-1.txz: Upgraded. These are the main configuration changes from the 2.6.37.6 kernel in 13.37: BLK_DEV_LOOP y -> m HIGHMEM4G y -> n HIGHMEM64G n -> y LOG_BUF_SHIFT 15 -> 18 M686 y -> n MPENTIUMIII n -> y MOUSE_PS2_ELANTECH n -> y And, compared with the 2.6.38.4 kernel in 13.37/testing: LOG_BUF_SHIFT 15 -> 18 M686 y -> n MPENTIUMIII n -> y PREEMPT_NONE y -> n PREEMPT_VOLUNTARY n -> y SCHED_AUTOGROUP y -> n It remains to be seen where the PREEMPT_* options will settle in the future. SCHED_AUTOGROUP still seems sketchy to me, and might be behind some odd clockskew issues. And, thanks to Carl Wenninger for reporting that the LOG_BUF_SHIFT setting was less than the kernel defaults and was leading to a few missing lines at the beginning of 'dmesg' output. kde/kdebindings-4.5.5-i486-3.txz: Rebuilt. l/apr-1.4.5-i486-1.txz: Upgraded. This fixes a possible denial of service due to a problem with a loop in the new apr_fnmatch() implementation consuming CPU. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928 (* Security fix *) l/apr-util-1.3.12-i486-1.txz: Upgraded. Fix crash because of NULL cleanup registered by apr_ldap_rebind_init(). l/glibc-2.13-i486-5.txz: Rebuilt. l/glibc-i18n-2.13-i486-5.txz: Rebuilt. l/glibc-profile-2.13-i486-5.txz: Rebuilt. l/libidn-1.22-i486-1.txz: Upgraded. l/pilot-link-0.12.5-i486-4.txz: Rebuilt. l/virtuoso-ose-6.1.2-i486-2.txz: Rebuilt. n/gnutls-2.12.5-i486-1.txz: Upgraded. n/httpd-2.2.19-i486-1.txz: Upgraded. Revert ABI breakage in 2.2.18 caused by the function signature change of ap_unescape_url_keep2f(). This release restores the signature from 2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex(). Apache httpd-2.2.18 is considered abandoned. All users must upgrade. n/irssi-0.8.15-i486-4.txz: Rebuilt. n/net-snmp-5.6.1-i486-2.txz: Rebuilt. n/ntp-4.2.6p3-i486-2.txz: Rebuilt. n/obexftp-0.23-i486-6.txz: Rebuilt. x/libdrm-2.4.25-i486-1.txz: Upgraded. x/mesa-7.10.2-i486-1.txz: Upgraded. x/xf86-video-nouveau-git_20110515_8378443-i486-1.txz: Upgraded. xap/gv-3.7.2-i486-1.txz: Upgraded. xap/imagemagick-6.6.9_8-i486-1.txz: Upgraded. xap/pidgin-2.7.11-i486-2.txz: Rebuilt. xap/xchat-2.8.8-i486-4.txz: Rebuilt. isolinux/initrd.img: Rebuilt. kernels/*: Rebuilt. usb-and-pxe-installers/usbboot.img: Rebuilt. extra/linux-2.6.38.7-nosmp-sdk/*: Rebuilt. +--------------------------+ Fri May 13 20:30:07 UTC 2011 l/apr-1.4.4-i486-1.txz: Upgraded. This fixes a possible denial of service due to an unconstrained, recursive invocation of apr_fnmatch(). This function has been reimplemented using a non-recursive algorithm. Thanks to William Rowe. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419 (* Security fix *) l/apr-util-1.3.11-i486-1.txz: Upgraded. n/httpd-2.2.18-i486-1.txz: Upgraded. This is a bug fix release, but since the upgrades to apr/apr-util require at least an httpd recompile we opted to upgrade to the newest httpd. +--------------------------+ Thu May 5 23:23:20 UTC 2011 a/coreutils-8.12-i486-1.txz: Upgraded. +--------------------------+ Mon May 2 20:20:50 UTC 2011 xap/mozilla-firefox-4.0.1-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox40.html (* Security fix *) xap/mozilla-thunderbird-3.1.10-i486-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html (* Security fix *) +--------------------------+ Mon Apr 25 13:37:00 UTC 2011 Slackware 13.37 x86 stable is released! Thanks to everyone who pitched in on this release: the Slackware team, the folks producing upstream code, and linuxquestions.org for providing a great forum for collaboration and testing. The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware project by picking up a copy from store.slackware.com. We're taking pre-orders now, and offer a discount if you sign up for a subscription. As always, thanks to the Slackware community for testing, suggestions, and feedback. :-) Have fun! +--------------------------+