Wednesday, January 21, 2015

Security Update: samba

New security advisory has been released for Slackware 14.1 and current only, affecting samba that is being used as AD DC (Active Directory Domain Controller). Samba has been updated to 4.1.16 to fix this problem.

Current is progressing slowly with only 3 new packages introduced in this batch:
  • gdb upgraded to 7.8.2
  • alpine upgraded to 2.20
  • imapd upgraded to 2.20

Saturday, January 17, 2015

Multiple Security Advisories Released

There are 4 security advisories released for slackware today and they are:
  • seamonkey: Upgraded to 2.32 for Slackware 14.0 and newer
  • freetype: Upgraded to 2.55 for Slackware 13.0 and newer
  • mozilla-firefox: Upgraded to 31.4.0esr for Slackware 14.1 and 35 for -current
  • mozilla-thunderbird: Upgraded to 31.4.0 for Slackware 14.1 and current
In -current itself there has been a slow pace of changes:
  • gcc is upgraded to 4.8.4
  • libtool is upgraded to 2.4.4
  • kernel stock is upgraded to 3.14.29

Saturday, January 10, 2015

Security Advisory: openssl

New advisory has been released and this update fixed many many security problems in openssl library. This update is backported to earlier Slackware release, back to Slackware 13.0, but in two different version. Slackware 13.0 up to 13.37 will receive 0.9.8zd, while Slackware 14.0 up to -current will get 1.0.1k.

Nothing interesting in -current besides a new fluxbox which is upgraded to the latest version which was released few days ago. I guess you will have to wait longer for the big surprise from Patrick :)

Tuesday, December 23, 2014

Security Advisories: ntp, xorg-server, and php

Three security advisories were released for -stable and -current branches of Slackware. They were:
  • ntp: Upgraded to 4.2.8 for all -stable and -current branches. This fixed several security vulnerabilities discovered by Neel Mehta and Stephen Roettger of the Google Security Team.
  • xorg-server: Rebuilt for Slackware 14.1 and -current to fix many security issues discovered by Ilja van Sprundel, a security researcher with IOActive.
  • php: Upgraded to 5.4.36 for Slackware 14.0, 14.1, and -current
Meanwhile, in -current, there are more packages included in this batch, including:
  • New LTS kernel release: 3.14.27
  • vim and vim-gvim are upgraded to 7.4.560
  • libusb upgraded to 1.0.19 (this allows USB passthrough for QEMU users)
  • libusb-compat upgraded to 0.1.5
  • libdrm upgraded to 2.4.58
  • libvdpau: Added (originally available via SlackBuilds)
  • mesa: Upgraded to 10.3.5
  • MPlayer: Rebuilt to add support for libvdpau
  • kernel 3.18.1 config files for kernel testers or developers

Monday, December 22, 2014

LibreOffice 4.3.5 for Slackware Users

Eric Hameleers has completed building LibreOffice 4.3.5 package for Slackware-Current (and 14.1) users and upload it on his repository which is mirrored through several mirror sites. This version fixes 70 bugs compared to the previous version.

As always, you can grab the source and binary packages on this mirror sites:
 A little note on this:
Reminder to all of you who also have my KDE 5 packages installed: do not use the updated harfbuzz from my ‘ktown‘ repository because it will break LibreOffice. If you are using Mario’s slackpkg+ extension to slackpkg then you can configure it so that Slackware’s own harfbuzz package is preferred over the version which accompanies my KDE 5 packages. See this LQ thread for the details.
You can also use LibreOffice from SBo repository along with it's helppack and langpack which uses a different ways of creating the binary output. It uses RPM binaries from upstream developers, while Eric build it from source.

Thursday, December 11, 2014

Multiple Security Advisories

Several security advisories has been released for all -stable and -current branches back to Slackware 13.0:
  • bind is upgraded to 9.9.6_P1 for -stable and bind-9.10.1_P1 for -current 
  • openvpn is upgraded to 2.3.6 for all branches
  • pidgin is upgraded to 2.10.11 (this package does not have any security advisory, but still included in all branch.
Some packages are only applicable to -stable 14.1 and -current branch:
  • firefox is upgraded to 31.3.0esr in 14.1 (current is already upgraded to 34.0.5 few days ago)
  • openssh is rebuilt to re-add tcpwrapper support that was removed by upstream
  • wpa_supplicant is upgraded to 0.7.3 in 13.37, 1.0 in 14.0, 2.3 in 14.1 and -current
  • seamonkey and seamonkey-solibs are upgraded to 2.31 in 14.1 and -current
  • gptfdisk is upgraded to 0.8.10 in -current only

Wednesday, December 3, 2014

Two Security Updates: Firefox and Thunderbird

There were two security updates released in December. One for Firefox, which is now upgraded to 34.0.5 (a strange version indeed) and Thunderbird which is now upgraded to 31.3.0. Thunderbird update is applied to 14.1 as well, but not for Firefox as 14.1 still use Firefox ESR 31.2.0 and there has been no update for this release.

Meanwhile, two more packages in -current gets an upgrade: groff and grep. Still no interesting activity happening in -current, but let's hope it's worth to wait for the big update. It happened very often in previous releases, but indeed this time, it's taking more time then before. Please be patient and let Pat do his job.

Monday, November 17, 2014

New Kernel Playground

The default kernel stock has been raised once again in -current branch. The latest stable LTS kernel release (3.14.24) is now being used while config for latest stable kernel (3.17.3) has been included as well for those brave enough or need newer kernel to test new features or need support for newer hardware.

Firefox 33.1.1 is also included in this batch of update, so if you have issues regarding graphic drivers in Firefox, then perhaps this version can fix your problem.

Sunday, November 16, 2014

Bad News for DigiKam Users

I may have a bad news for DigiKam users that are using Slackware-Current. DigiKam 4.5.0 has been released and i have pushed the updates to SlackBuilds project. This package works well under Slackware 14.1 stable, but unfortunately this may not work if you are using -current under a certain configuration.

If you have upgraded to the latest KDE 4.14.3 and KDE framework 5 along with Plasma 5 provided by Eric Hameleers, then you may not be able to use digiKam properly. I have tried many combinations, but still it ended with a segfault or build failure.

The possible solution is basically to upgrade exiv2 to 0.24 and have libkexiv2 in KDE 4.14.3 recompiled against exiv2 and then you can have a working digiKam.I have discussed it with digiKam maintainer and we believe this is the reason why it failed on my machine.

If you can build and run it properly without having to upgrade exiv2 and recompile KDE 4.14.3, then i will gladly hear your input on this issue.

Saturday, November 15, 2014

Fix regressions

There are two regressions found on previous security updates: mariadb and pidgin. MariaDB developers made some changes in one of their headers, my_config.h that caused some problems with other packages that are linked against it.

I first spotted this problem when trying to compile gdal on SlackBuilds repository. I reported this to the maintainer and soon after, we both found that it's not just gdal that were broken, but many others, namely php, apr-utils, mysql-workbench, etc. I googled a bit and found a patch in other project, so i tried to apply it on my own computer and it worked, so i proposed the patch to Patrick and got accepted.

Second regression was on pidgin. Upstream developers broke Gadu-Gadu protocol when providing security update. Mancha found a patch to fix the problem and got accepted as well.

In -current, firefox has been upgraded to 33.1 as well.