[FYI] slackware 12.1 -current package update log

sxzzsf

Thu Jul 10 18:40:34 CDT 2008
d/nasm-2.03.01-i486-1.tgz: Upgraded to nasm-2.03.01.
x/compiz-0.7.6-i486-1.tgz: Upgraded to compiz-0.7.6.
xf86-video-ati-6.9.0-i486-1.tgz: Upgraded to xf86-video-ati-6.9.0.
xf86-video-mach64-6.8.0-i486-1.tgz: Added xf86-video-mach64-6.8.0.
       This can be used alone with driver type "mach64" in xorg.conf, or with type
       "ati" using both this package and the ati driver package as a wrapper.
xf86-video-r128-6.8.0-i486-1.tgz: Added xf86-video-r128-6.8.0.
       This can be used alone with driver type "r128" in xorg.conf, or with type
       "ati" using both this package and the ati driver package as a wrapper.
xf86-video-intel-2.3.2-i486-1.tgz: Upgraded to xf86-video-intel-2.3.2.
xf86-video-nv-2.1.10-i486-1.tgz: Upgraded to xf86-video-nv-2.1.10.
+--------------------------+
Wed Jul 9 20:48:22 CDT 2008
n/bind-9.4.2_P1-i486-1.tgz:
       Upgraded to bind-9.4.2-P1.
       This upgrade addresses a security flaw known as the CERT VU#800113 DNS Cache
       Poisoning Issue. This is the summary of the problem from the BIND site:
       "A weakness in the DNS protocol may enable the poisoning of caching
       recurive resolvers with spoofed data. DNSSEC is the only full solution.
       New versions of BIND provide increased resilience to the attack."
       It is suggested that sites that run BIND upgrade to one of the new packages
       in order to reduce their exposure to DNS cache poisoning attacks.
       For more information, see:
       http://www.isc.org/sw/bind/bind-security.php
       http://www.kb.cert.org/vuls/id/800113
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
       (* Security fix *)
xap/pidgin-2.4.3-i486-1.tgz: Upgraded to pidgin-2.4.3.
       This updates pidgin to work with the changed ICQ protocol.
xap/seamonkey-1.1.10-i486-1.tgz:
       Upgraded to seamonkey-1.1.10.
       This release closes several possible security vulnerabilities and bugs.
       For more information, see:
       http://www.mozilla.org/projects/ ... ties.html#seamonkey
       (* Security fix *)
+--------------------------+

sxzzsf

Mon Jul 14 01:35:05 CDT 2008
a/e2fsprogs-1.41.0-i486-1.tgz:  Upgraded to e2fsprogs-1.41.0.
n/dnsmasq-2.43-i486-1.tgz:  Upgraded to dnsmasq-2.43.
+--------------------------+

sxzzsf

Sat Jul 19 17:09:00 CDT 2008
l/jre-6u7-i586-1.tgz: Switched to Java(TM) 2 Platform Standard Edition Runtime
       Environment Version 6.0 update 7. This non-beta stable release should fix
       the printing issues with CUPS in the previous stable Java(TM) release.
extra/jdk-6/jdk-6u7-i586-1.tgz: Switched to Java(TM) 2 Platform Standard
       Edition Development Kit Version 6.0 update 7.
       Both of these Java(TM) packages are suitable for use on Slackware 12.1 and
       probably on earlier releases as well.
+--------------------------+
Wed Jul 16 17:30:36 CDT 2008
a/ntfs-3g-1.2712-i486-1.tgz: Upgraded to ntfs-3g-1.2712.
       This has been compiled to use the internal FUSE library rather than the
       system FUSE library. The benefit of this is that if /bin/ntfs-3g is make
       setuid root, then non-root users can use it to mount NTFS partitions if
       /etc/fstab allows it. Also, this version of ntfs-3g would require the CVS
       version of external FUSE, so that helped make this an easy choice.
a/util-linux-ng-2.14-i486-1.tgz: Upgraded to util-linux-ng-2.14.
x/mesa-7.0.3-i486-1.tgz: Upgraded to mesa-7.0.3.
       We've had a few reports that this new mesa version fixes some instability
       issues people were having with mesa-7.0.2. While it's not usually a good
       idea to run -current packages on older Slackware versions, this mesa package
       should be fully compatible with a patched-up Slackware 12.1 box. If mesa is
       causing issues for you, it might be worth a try. At worst you'd have to go
       back to the older package.
       When we make changes to the libraries or toolchain that would make -current
       break compatibility with Slackware 12.1, we will try to make note of it here.
       However, we don't always know what side effects or regressions an update may
       cause, but will do the best we can to offer a heads-up where possible.
xap/seamonkey-1.1.11-i486-1.tgz:
       Upgraded to Seamonkey 1.1.11.
       This release fixes some more security vulnerabilities.
       For more information, see:
       http://www.mozilla.org/security/ ... es/seamonkey11.html
       (* Security fix *)
+--------------------------+

sxzzsf

Wed Jul 23 16:39:43 CDT 2008
n/dnsmasq-2.45-i486-1.tgz:
  Upgraded to dnsmasq-2.45.
  It was discovered that earlier versions of dnsmasq have DNS cache
  weaknesses that are similar to the ones recently discovered in BIND.
  This new release minimizes the risk of cache poisoning.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
  (* Security fix *)
testing/packages/jdk-6u10_beta-i586-1.tgz:  Added Java(TM) 2 Platform Standard
  Edition Runtime Environment Version 6.0 update 10 beta.  Evidently the
  version 6.0 update 7 (stable) packages did not fix the CUPS printing issue,
  but these beta packages should (but remember, they are BETA releases).
testing/packages/jre-6u10_beta-i586-1.tgz:  Added Java(TM) 2 Platform Standard
  Edition Development Kit Version 6.0 update 10 beta.
  Both of these Java(TM) packages are suitable for use on Slackware 12.1 and
  probably on earlier releases as well.
+--------------------------+
Mon Jul 21 11:15:47 CDT 2008
xap/mozilla-firefox-3.0.1-i686-1.tgz:
  Upgraded to Firefox 3.0.1.
  This fixes some security issues:
  For more information, see:
    http://www.mozilla.org/security/ ... ties/firefox30.html
  Also, thanks to Phillip Warner for providing a configuration fix to allow
  mailto: links to open in Thunderbird (or other mailers).  To use this, you
  may need to copy /usr/lib/firefox-3.0.1/defaults/profile/mimeTypes.rdf over
  your own mimeTypes.rdf under $HOME/.mozilla/firefox/{something}.default,
  or merge in the changes to your own mimeTypes.rdf.
  ( -current only )
  (* Security fix *)

sxzzsf

Mon Jul 28 22:45:58 CDT 2008
a/openssl-solibs-0.9.8h-i486-1.tgz:
       Upgraded to OpenSSL 0.9.8h shared libraries (see below).
       (* Security fix *)
a/sysvinit-scripts-1.2-noarch-21.tgz: For now, quiet error output from
       update-mime-database, since KDE4 causes some "noise".
ap/vim-7.1.330-i486-1.tgz:
       Upgraded to vim-7.1.330. This fixes several security issues related to
       the automatic processing of untrusted files.
       For more information, see:
       http://www.rdancer.org/vulnerablevim.html
       (* Security fix *)
l/libxml2-2.6.32-i486-1.tgz: Upgraded to libxml2-2.6.32.
l/libxslt-1.1.24-i486-1.tgz:
       Upgraded to libxslt-1.1.24.
       A buffer overflow when processing XSL stylesheets could result in the
       execution of arbitrary code.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1767
       (* Security fix *)
l/pcre-7.7-i486-1.tgz:
       Upgraded to pcre-7.7.
       Tavis Ormandy of the Google Security Team found a buffer overflow triggered
       when handling certain regular expressions. This could lead to a crash or
       possible execution of code as the user of the PCRE-linked application.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2371
       (* Security fix *)
n/fetchmail-6.3.8-i486-3.tgz:
       Patched to fix a possible denial of service when "-v -v" options are used.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711
       (* Security fix *)
n/httpd-2.2.9-i486-1.tgz:
       Upgraded to httpd-2.2.9.
       This release fixes flaws which could allow XSS attacks.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
       (* Security fix *)
n/links-2.1-i486-1.tgz:
       Upgraded to links-2.1.
       Unspecified vulnerability in Links before 2.1, when "only proxies" is
       enabled, has unknown impact and attack vectors related to providing
       "URLs to external programs."
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3329
       (* Security fix *)
n/mtr-0.73-i486-1.tgz:
       Upgraded to mtr-0.73.
       This fixes a minor security bug where a very long hostname in the trace path
       could lead to an overflow (and most likely just a crash).
       (* Security fix *)
n/net-snmp-5.4.1.2-i486-1.tgz:
       Upgraded to net-snmp-5.4.1.2.
       A vulnerability was discovered where an attacked could spoof an authenticated
       SNMPv3 packet due to incorrect HMAC checking. Also, a buffer overflow was
       found that could be exploited if an application using the net-snmp perl
       modules connects to a malicious server.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292
       (* Security fix *)
n/openldap-client-2.3.43-i486-1.tgz: Upgraded to openldap-2.3.43.
       This release fixes a security issue in slapd (our package does not ship it.)
n/openssh-5.1p1-i486-1.tgz:
       Upgraded to openssh-5.1p1.
       When upgrading OpenSSH, it is VERY IMPORTANT to also upgrade OpenSSL, or
       it is possible to be unable to log back into sshd!
n/openssl-0.9.8h-i486-1.tgz:
       Upgraded to OpenSSL 0.9.8h.
       The Codenomicon TLS test suite uncovered security bugs in OpenSSL.
       If OpenSSL was compiled using non-default options (Slackware's package
       is not), then a malicious packet could cause a crash. Also, a malformed
       TLS handshake could also lead to a crash.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0891
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672
       When upgrading OpenSSL, it is VERY IMPORTANT to also upgrade OpenSSH, or
       it is possible to be unable to log back into sshd!
       (* Security fix *)
xap/gimp-2.4.6-i486-1.tgz: Upgraded to gimp-2.4.6.
xap/mozilla-thunderbird-2.0.0.16-i686-1.tgz:
       Upgraded to thunderbird-2.0.0.16.
       This upgrade fixes some more security bugs.
       For more information, see:
       http://www.mozilla.org/security/ ... /thunderbird20.html
       (* Security fix *)
xap/vim-gvim-7.1.330-i486-1.tgz: Upgraded to vim-gvim-7.1.330.
       See "vim" above for details.
       (* Security fix *)
xap/xscreensaver-5.06-i486-1.tgz: Upgraded to xscreensaver-5.06.
+--------------------------+

sxzzsf

Tue Jul 29 13:22:03 CDT 2008
n/proftpd-1.3.1-i486-2.tgz:  Recompiled against new OpenSSL, since this
  evidently checks the OpenSSL version and will only run against the
  libraries it was compiled against.  A small patch was also added to
  account for changes in the system includes.
  Thanks to Martin Schmitz for the info and a pointer to the patch.
+--------------------------+

sxzzsf

Wed Jul 30 02:49:09 CDT 2008
a/hdparm-8.9-i486-1.tgz: Upgraded to hdparm-8.9.
kde/kdegraphics-3.5.9-i486-4.tgz: Recompiled against poppler-0.8.5.
kde/koffice-1.6.3-i486-4.tgz: Recompiled against poppler-0.8.5.
l/poppler-0.8.5-i486-1.tgz: Upgraded to poppler-0.8.5.
xap/gimp-2.4.6-i486-2.tgz: Recompiled against poppler-0.8.5.
xap/gxine-0.5.903-i486-1.tgz: Upgraded to gxine-0.5.903.
xap/imagemagick-6.4.2_5-i486-1.tgz: Upgraded to ImageMagick 6.4.2-5.
xap/windowmaker-20060427cvs-i486-1.tgz: Switched to a patched CVS snapshot to
       get this compiling again with gcc 4.x (against ImageMagick 6.4.2-5).
xap/xine-lib-1.1.14-i686-1.tgz: Upgraded to xine-lib-1.1.14.

sxzzsf

Wed Aug 6 13:43:40 CDT 2008
a/sysvinit-scripts-1.2-noarch-23.tgz: Removed line that wipes out /etc/motd.
ap/ghostscript-8.63-i486-1.tgz: Upgraded to ghostscript-8.63.
+--------------------------+
Mon Aug 4 13:56:36 CDT 2008
a/sysvinit-scripts-1.2-noarch-22.tgz: _Really_ quieted down rc.M's mime update
       this time (it seems that errors are sent to stdout). Thanks to Robby Workman.
       If we must update icon-cache files in rc.M (which is done only if they already
       exist), background it so that it doesn't delay the boot as much.
       In rc.S, only update the kernel version in /etc/motd if the file begins with
       "Linux", leaving the rest of the file free to be customized.
       Thanks to Pete Cervasio for the improved MOTD script.
       Grab some information about the root partition from /proc/mounts to
       initialize /etc/mtab. Thanks to Alan Hicks.
d/python-2.5.2-i486-2.tgz:
       Patched various overflows and other security problems.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2316
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144
       (* Security fix *)
n/getmail-4.8.2-noarch-1.tgz: Upgraded to getmail-4.8.2.
x/dejavu-fonts-ttf-2.26-noarch-1.tgz: Upgraded to dejavu-fonts-ttf-2.26.
x/liberation-fonts-ttf-1.04-noarch-1.tgz: Upgraded to liberation-fonts-1.04.
xap/pan-0.133-i486-1.tgz: Upgraded to pan-0.133.
       This update fixes a buffer overflow in pan-0.128 through pan-0.132 when
       processing .nzb files.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2363
       (* Security fix *)
+--------------------------+

sxzzsf

Thu Aug 7 01:40:04 CDT 2008
a/cups-1.3.8-i486-1.tgz: Upgraded to cups-1.3.8.
ap/hplip-2.8.7-i486-1.tgz: Upgraded to hplip-2.8.7.
d/git-1.5.6.4-i486-1.tgz: Upgraded to git-1.5.6.4.
d/mercurial-1.0.1-i486-1.tgz: Upgraded to mercurial-1.0.1.
d/subversion-1.5.1-i486-1.tgz: Upgraded to subversion-1.5.1.
n/alpine-1.10-i486-1.tgz: Added alpine-1.10, a Pine replacement.
n/imapd-1.10-i486-1.tgz: Upgraded to imapd/ipop3d daemons from alpine-1.10.
n/pine-4.64-i486-2.tgz: Removed. (Replaced by alpine-1.10)
n/rsync-3.0.3-i486-1.tgz: Upgraded to rsync-3.0.3.
n/samba-3.2.1-i486-1.tgz: Upgraded to samba-3.2.1.
xap/xchat-2.8.6-i486-1.tgz: Upgraded to xchat-2.8.6.
+--------------------------+

ginkgo

Sat Aug  9 15:32:37 CDT 2008
n/alpine-1.10-i486-2.tgz:  Fixed path for SSL certs.  Thanks to Peter Stokes.
n/imapd-1.10-i486-2.tgz:  Fixed path for SSL certs.  Thanks to Peter Stokes.
x/m17n-lib-1.5.2-i486-1.tgz:  Upgraded to m17n-{db,docs,lib}-1.5.2.
+--------------------------+
Fri Aug  8 23:42:20 CDT 2008
kde/kdenetwork-3.5.9-i486-3.tgz:  Recompiled (with a small patch) against the
  new OpenSSL, which fixes connecting to MSN with kopete.
+--------------------------+