Posts

Showing posts from June, 2009

Security Update: Ghostscript

Image
The ghostscript package has been patched to fix several security problems on -Current. It is released on the same day here in Indonesia (Tuesday evening), but it's 39 minutes past midnight at Pat's place. Have a good sleep after releasing this package

Anyway, here's the security advisory today:
Tue Jun 30 00:39:54 CDT 2009
ap/ghostscript-8.64-i486-2.txz: Rebuilt.
Patched various problems with ghostscript that could lead to a denial of service or the execution of arbitrary code when processing a malicious or malformed file.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792
(* Security fix *)

Again, Yahoo Fixes

Two packages are upgraded to fix the Yahoo protocols problems after they decided to upgraded their protocols. Lots of IM client running under Linux are affected, so hopefully this two updates on kdenetwork and pidgin can solve the problem.

Here are the updates:
Mon Jun 29 14:44:25 CDT 2009
kde/kdenetwork-4.2.4-i486-2.txz: Rebuilt.
Patched to fix Yahoo! protocol. Thanks to Matt Rogers.

xap/pidgin-2.5.8-i486-1.txz: Upgraded.

Another Pidgin Release

Image
Another Pidgin release to fix Yahoo problem and this time, it includes other fixes for other protocols as well. As in Yahoo protocol, the default pager server will now be converted to scsa.msg.yahoo.com by default if the user emptied the field or it's still using the old scs.msg.yahoo.com. This, by default will ease user in migration process.

Refer to the changelog here.

We should wait until the package arrived in -Current which i think won't be long

Development and KDE Updates

Image
It seems that Pat really does care about development tools and KDE apps. Today's updates are all about development tools and also KDE apps, which are located under d/ and kde/ directory. Have fun with it

Here's the latest -Current directory:
Mon Jun 29 02:14:32 CDT 2009
d/git-1.6.3.3-i486-1.txz: Upgraded.

d/subversion-1.6.3-i486-1.txz: Upgraded.

kde/amarok-2.1.1-i486-1.txz: Upgraded.

kde/koffice-2.0.1-i486-1.txz: Upgraded.

kdei/koffice-l10n-*-2.0.1-noarch-1.txz: Upgraded to KOffice 2.0.1 l10n packages.

Security Update: Mozilla Thunderbird

Another security-related package coming up on -Current. As Mozilla Firefox has been released few days ago, it's usually followed by Thunderbird as they share the same engine, so here's the Thunderbird coming. Another package is most, which fixed the doc directory.

Here's the latest -Current changelog:
Sat Jun 27 19:02:36 CDT 2009
ap/most-5.0.0a-i486-2.txz: Fixed doc directory.
Thanks to Ellington Santos.

xap/mozilla-thunderbird-2.0.0.22-i686-1.txz:
Upgraded to thunderbird-2.0.0.22.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
(* Security fix *)

Security Fix: Samba

One security update and three updated packages plus one package on testing has been released today. The security update is Samba and the three updated packages are sendmail (and sendmail-cf), and MPlayer, and the last package under /testing directory is Mesa, which is now upgraded to 7.4.4. Hopefully this updated package will fix many problem users encountering while using older version.

Here's the latest -Current changelog:
Fri Jun 26 22:06:58 CDT 2009
n/samba-3.2.13-i486-1.txz: Upgraded.
This upgrade fixes the following security issues:
o CVE-2009-1888:
In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes".
o CVE-2009-1886:
In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf.
With a maliciously crafted file name smbclient can be made to execute code triggered by the server.
For more information,…

Security Update: Seamonkey

One security package has been released today, which was Seamonkey. Remember that Seamonkey package are now divided into two separate packages: Seamonkey and Seamonkey-solibs which contains only the runtime file. It gives you an option to compile application that uses Seamonkey library but you don't want to install the whole Seamonkey package.

Here's the -Current changelog:
Wed Jun 24 19:48:10 CDT 2009
l/seamonkey-solibs-1.1.17-i486-1.txz: Upgraded to seamonkey-1.1.17 shared libraries.

xap/seamonkey-1.1.17-i486-1.txz:
Upgraded to seamonkey-1.1.17.
This release fixes some more security vulnerabilities.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
(* Security fix *)

More Updates Coming Up

More updates are coming in for the next release of Slackware 13.0. Not too much, but it's still an important update for Slackware-Current. Here's the latest -Current changelog:

Mon Jun 22 22:24:01 CDT 2009
a/quota-3.17-i486-1.txz: Upgraded.

a/sharutils-4.7-i486-1.txz: Upgraded.

ap/lm_sensors-3.1.1-i486-1.txz: Upgraded.

ap/mc-20090621_git-i486-1.txz: Upgraded.

ap/most-5.0.0a-i486-1.txz: Upgraded.

l/exiv2-0.18.1-i486-1.txz: Upgraded.

l/slang-2.1.4-i486-1.txz: Upgraded.

extra/aspell-word-lists/aspell-pt_BR-20080707_0-noarch-4.txz: Added.

Indonesian SlackBasics is Finished

Image
Just now, i have committed the last file which should be translated on SlackBasics project. This commit marks the end of translation project of SlackBasics in Indonesian language and the next step will be a review on the translations before i publish the zip file containing the HTML (single), HTML (split) and PDF format of the translations.

I hope i can finish this review before July and the final results can be published on July. Please have a look on the translations on SlackBasics project (you must use SVN to checkout the translations).

The last revision has been uploaded to Indonesian Slackware Community Site too.

Enjoy the Indonesian version of SlackBasics

Signature Problem Fixed

Image
Actually it's not Slackware's bug, but since i used Slackware, it would be great idea to post it here, just in case other people might experienced this too.

I'm using Firefox and FireGPG extension to sign all my mails. The problem was that i always had a wrong signature every time i sign my message. This happened since few months ago when i changed the GnuPG version from gpg 1.x into gpg 2.x. I set the gpg path in FireGPG preference dialog into /usr/bin/gpg2 which is the executable file for GnuPG 2.x. In fact, this is wrong. Today i discovered, that it should be /usr/bin/gpg and we should make a symlink on /usr/bin/gpg to point to /usr/bin/gpg2 and now it is working normally again.

The latest version of FireGPG inspired me to solve this bug because i thought it was FireGPG's bug

Oh yeah, i have changed my digest algorithm to SHA512 instead of staying with SHA1 which is no longer recommended by some people. SHA512 is quite strong for now and for years from now, so i'm…

More Slackware64 Mirrors

Image
Up to yesterday, only Slackware 32 bits are supported on mirrors listed on Indonesian Slackware Community Site, but today, Ozzie has finally finished syncronizing the Slackware64 repository on the mirrors listed there, so we now have more Slackware64 mirrors besides Kambing and many other local mirrors.

There are three additional mirrors for Slackware64:
HTTP:
http://mirror.slackware-id.org/pub/slackware64-current/http://slackware.linux.or.id/pub/slackware/slackware64-current/http://slackware.vip.net.id/pub/slackware64-current/
FTP:
ftp://mirror.slackware-id.org/pub/slackware64-current/ftp://slackware.linux.or.id/pub/slackware/slackware64-current/ftp://slackware.vip.net.id/pub/slackware64-current/
RSYNC:
rsync://slackware.linux.or.id/slackware64-currentrsync://mirror.slackware-id.org/slackware64-currentrsync://slackware.vip.net.id/slackware64-currentEnjoy

Pidgin Upgraded

As expected, Pidgin 2.5.7 has arrived on -Current changelog. It should fixed the Yahoo login problem for now.

Here's the -Current changelog:
Sun Jun 21 13:23:07 CDT 2009
xap/pidgin-2.5.7-i486-1.txz: Upgraded.
This fixes the Yahoo protocol plugin. Thanks to Willy Sudiarto Raharjo for letting us know about the problem and the new Pidgin release.

New Pidgin to Fix Yahoo Login Problem

Image
New version of Pidgin which brings fixes for Yahoo login problem has been released. I think it will be out in the -Current shortly since i think many users are still using Pidgin for their IM client application (including me).

For those who can't be patient, grab the SlackBuild script and compile by yourself

Packages to be Tested

Two new packages have arrived on /testing directory. It's bash and mesa. Like i said. Newer version of Mesa has just been released yesterday, but it will require more intensive testing, so for now, the current version of mesa being used is still 7.4.1 while 7.4.3 is placed on /testing for a while to make sure that it has been tested by public and then it will be moved to the proper place if it qualifies.

As for BASH, it's still the same. Slackware still actively following the progress of BASH, but the default version hasn't change from the last release. Me myself has been using 3.2.048 and found no problem on my daily usage, but i'm not sure of upgrading to 4.0.024 for now.

Here's the latest -Current changelog:
Sat Jun 20 12:49:02 CDT 2009
testing/packages/bash-4.0.024-i486-1.txz: Upgraded.

testing/packages/mesa-7.4.3-x86_64-1.txz: Upgraded.

Mesa Rebuilt

Missing a components make Mesa gets rebuilt. It's the only changes today, so very short on the Changelog. Mesa 7.4.3 has been released today, so we should wait until Pat and the team tested it internally before releasing it to public. The newer version should help fixing the regression found on 7.4.2 which caused Slackware crew decided to downgrade to 7.4.1.

Here's the -Current changelog:
Sat Jun 20 00:10:23 CDT 2009
x/mesa-7.4.1-i486-2.txz: Rebuilt. The software rasterizer was missing again. Thanks to Mark Post for catching the omission.

Updated SlackBasics Project

Image
I have updated the SlackBasics project on Indonesian Slackware Community Site so it is now synced with the ongoing development happened on Google Code.

Why on earth do we have two repositories? The first reason is speed. The Indonesian Slackware Community Site is located in Indonesia, which provides faster speed for local access. The second reason is that the Google Code server is more suitable for development, not for public access (even though it's still possible).

Anyways, i have uploaded the single html, split html, and the PDF version on the site. It's not yet finished, but we are close to that.

Check it out and give your remarks

Security Updates: Ruby, Libpng

Two security updates are released today: Ruby and Libpng. There has been a reverted package as well. Mesa is downgraded to 7.4.1 due to regression found on 7.4.2 which was upgraded few days ago. While i don't find this regression on my system, many people have reported this and Pat and the team has decided to switch back to 7.4.1 which has no problem so far. The 7.4.2 version are moved to /testing.

Also, Pat has decided to include the old K3B program in extra in case the newer K3B is not yet stable for daily usage. It's a good choice as K3B isn't quite mature yet with KDE 4.

Here's the latest -Current changelog
Fri Jun 19 18:22:20 CDT 2009
d/ruby-1.8.7_p174-i486-1.txz: Upgraded.
This fixes a denial of service issue caused by the BigDecimal method handling large input values improperly that may allow attackers to crash the interpreter. The issue affects most Rails applications.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904
(* Security fi…

Pidgin Login Problem

Image
In the last two days, there has been a lot of users complaining that Pidgin can't connect to Yahoo protocol. It happened only in Pidgin while Kopete and many other clients worked.

To solve this problem, try to edit your Yahoo account, and change the Pager Server into cs101.msg.mud.yahoo.com. I tried this at home and it worked

Thanks to Setiajie who have gave this instructions on the list.

More information can be read here:
- Pidgin and Yahoo
- Yahoo! Messenger Blog

Small Updates on Friday

There are only two small updates on Friday, which are upgraded samba and recompiled xfig packages to link with glibc to avoid crashes. Here is the latest -Current changelog:
Thu Jun 18 21:21:04 CDT 2009
n/samba-3.2.12-i486-1.txz: Upgraded.

t/xfig-3.2.4-i486-4.txz: Rebuilt. This needed a recompile against glibc to fix crashes. Thanks to Petri Kaukasoina for the bug report.

Kernel Stock Upgraded

The default kernel being used by Slackware-Current has been upgraded to 2.6.29.5. There are several upgraded packages as well, such as JDK, pkgtools, and other packages were recompiled as well. Here's the latest -Current changelog:
Wed Jun 17 22:11:29 CDT 2009
a/cryptsetup-1.0.6-i486-2.txz: Rebuilt. Fixed cryptsetup to use "udevadm settle" instead of the deprecated "udevsettle".
Thanks to Robby Workman.

a/kernel-firmware-2.6.29.5-noarch-1.tgz: Upgraded to Linux 2.6.29.5 firmware.

a/kernel-generic-2.6.29.5-i486-1.tgz: Upgraded to Linux 2.6.29.5.

a/kernel-generic-smp-2.6.29.5_smp-i686-1.tgz: Upgraded to Linux 2.6.29.5.

a/kernel-huge-2.6.29.5-i486-1.tgz: Upgraded to Linux 2.6.29.5.

a/kernel-huge-smp-2.6.29.5_smp-i686-1.tgz: Upgraded to Linux 2.6.29.5.

a/kernel-modules-2.6.29.5-i486-1.tgz: Upgraded to Linux 2.6.29.5 modules.

a/kernel-modules-smp-2.6.29.5_smp-i686-1.tgz: Upgraded to Linux 2.6.29.5 modules.

a/pkgtools-13.0-noarch-1.tgz: Bumped version number.

d/kernel-headers-2.…

Security Updates: Firefox and Apr-Util

Image
Just less than three hours from my previous posting, the security update for Firefox has been released along with apr-util and also other packages as well. The aaa-base package has been bumped to 13.0. New package which has been added in x86_64 (tightvnc) has also makes its way on i386 arch. Way to go Slackware 13.0

Here's the latest -Current changelog:
Tue Jun 16 17:50:30 CDT 2009
a/aaa_base-13.0-noarch-1.txz: Rebuilt. Updated slackware-version.

a/e2fsprogs-1.41.6-i486-1.txz: Upgraded.

a/ed-1.3-i486-1.txz: Upgraded.

a/file-5.03-i486-1.txz: Upgraded.

a/findutils-4.4.2-i486-1.txz: Upgraded.

a/jfsutils-1.1.14-i486-1.txz: Upgraded.

a/ntfs-3g-2009.4.4-i486-1.txz: Upgraded.

a/usbutils-0.82-i486-1.txz: Upgraded.

a/xfsprogs-3.0.1-i486-1.txz: Upgraded.

ap/dmapi-2.2.10-i486-1.txz: Upgraded.

ap/man-pages-3.21-noarch-1.txz: Upgraded.

ap/sqlite-3.6.14.2-i486-1.txz: Upgraded.

ap/xfsdump-3.0.1-i486-1.txz: Upgraded.

d/git-1.6.3.2-i486-1.txz: Upgraded.

d/m4-1.4.13-i486-1.txz: Upgraded.

d/subversion-1.6.2-i486-1.t…

Upgrading to Latest -Current

Image
I have successfully upgraded three systems to the latest -Current (every computer i have has been running -Current all the time). The first computer i upgraded was my workstation at the office. The second one was my desktop, and the last one was my laptop. I had no major problem while upgrading my workstation, but i do have some problems with my desktop and laptop.

The problem lies on NVidia driver which should be rebuilt after the XOrg updates. Currently i'm using a custom kernel which i compiled it myself, but the kernel header that is on the system is using Slackware-Current's kernel header, so the the installation failed. I have tried to set SYSOUT and SYSSRC environment variable as told by the error messages, but no luck. In the end, i compiled a new kernel and finally the problem dissappeared.

Besides this driver, nothing major comes in my way. I agree with Pat on this one. KDE is just keep getting better, but not only KDE. So does Slackware

By the way, i'm still waiti…

All in One Post

Sorry for the delay. I had trouble finding good Internet connection at Manado and i forgot that my phone is capable of doing it, but unfortunately, i have to use different OS since the application is only for specific platform.

OK, here's the highlight from the last changelog:
- KDE gets upgraded to KDe 4.2.4
- XOrg has been upgraded to 1.6.1
- Mesa has been upgraded to 7.4.2
- Most package has been rebuilt due to XOrg changes

Here's the latest Changelog since the last time i post to this blog (sorry, it will be a long post)
Thu Jun 11 13:57:36 CDT 2009
l/gtk+2-2.14.7-i486-4.txz: Rebuilt.

l/pango-1.22.4-i486-4.txz: Rebuilt.

l/pycairo-1.8.4-i486-3.txz: Rebuilt. The last one was built using the x86_64 build script (oops).

l/vte-0.20.5-i486-1.txz: Upgraded. This reverts the soname bump in the previous version of vte. :-/

x/mesa-7.4.2-i486-2.txz: Rebuilt. Fixed missing DRI drivers. Thanks to Jason Detring.

x/xf86-video-geode-2.11.2-i486-1.txz: Upgraded. This package was uploadedas part of the …
Image
Starting tomorrow and up to 15 June, this blog *may* be not be updated since i have to go to Manado for service learning assignment. I'm sure Slackware-Current will get an update and for that, i'm sorry to inform you that new updates will be posted here as soon as i came back or when i have a proper Internet connection there

Keep Slacking

Security Update: ntp

One security update has been released today: ntp. There are two buffer-overflow problems that occurred to ntp prior to 4.2.4p7, so these were patched, even though one of the doesn't affect Slackware at all due to non linkable ntp package with ssl.

There are two other updates, which are pkgtool and liboil.

Here's the -Current changelog:
Wed Jun 3 18:17:19 CDT 2009
a/pkgtools-12.34567890-noarch-6.tgz: Patched makepkg to warn about possible problems with /usr/share/info usage. Thanks to Robby Workman.

l/liboil-0.3.16-i486-1.txz: Upgraded to liboil-0.3.16.

n/ntp-4.2.4p7-i486-1.txz: Upgraded to ntp-4.2.4p7.
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows arbitrary code execution by a malicious remote NTP server.
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 allows remote attackers to execute arbitrary code.
This does not affect the Slackware ntpd as it does not link with o…

Slackware64-Current Changelog Added

Image
My bad. Although Slackware64 has been officially announced for some time, i forgot to add the Slackware64-Current changelog entry on this blog. So, for that reason, i have added the new changelog on the right side of this blog.

Since the changelog on 32 and 64 bit are mostly the same, on my blog post, i will refer to 32 bit changelog, with some addition when new packages are arriving on 64 bit changelog. I hope it won't confused you

If you know other Slackware-related links and you would like to add those on this blog, please let me know. It should be Slackware-related site.

New Poll

Image
Time for new poll for this month. We know that the next release of Slackware will be 13.0. Since it's a big jump on the version number, it will contain big changes too. First of all, it will use KDE 4 instead of staying with KDE 3.5 which has been used for some time. This is a big changes and while many people still prefer KDE 3.5 due to it's stability, the path has been decided by Pat and his crew.

The second big changes is that Slackware 13.0 will come in two separate version, 32 bit and 64 bit. In case you haven't heard, Slackware-Current is now running on two trees, 32 and 64 bit. You can see the announcement on Slackware's main page. Many people have asked for this and now the wait is over.

It also contains lots of changes described on the -Current changelog (32 bit and 64 bit). A brief detail can be seen on CHANGES AND HINTS.

So the poll this month is all about your choice when Slackware 13.0 comes out. What will you use? I'm running this poll for two months, wh…

Poll Results

Image
This time, i am not late

The poll has been running for about a month and it's time to show the results. As expected, most Slackware users would want to use the latest stable kernel, no matter the version is. Actually, in an ideal way, users would compile their own kernel since they might need different configuration with the configuration shipped with Slackware default kernel.

OK, here's the final result:

2.6.29.x 6 (6%)
2.6.30.x 11 (12%)
2.6.31.x 8 (8%)
Always use the latest stable kernel 64 (71%)

Recompiled xine-lib

Only one small update released today, which is recompiled xine-lib package. I'm not sure why it needs to be recompiled since there are no other changes, but i'm sure it for good thing.

Here's the single change:
Sun May 31 12:46:00 CDT 2009
xap/xine-lib-1.1.16.3-i486-4.txz: Recompiled.