[FYI] slackware 12.2 -current package update log

sxzzsf · 发表于 2008-12-29 09:33:25

Fri Dec 26 22:45:51 CST 2008
xap/seamonkey-1.1.14-i486-1.tgz:
  Upgraded to seamonkey-1.1.14.
  This release fixes some more security vulnerabilities.
  For more information, see:
http://www.mozilla.org/security/ ... es/seamonkey11.html
  (* Security fix *)
+--------------------------+
Thu Dec 18 12:38:20 CST 2008
a/mkinitrd-1.3.3-i486-1.tgz:
  Fixed a few bugs in the previous mkinitrd package:
  If a kernel version is requested with the -k option and modules are needed to
  build the initrd, exit with an error if no matching /lib/modules/ tree is
  present.  Usually an incorrect kernel version was supplied.
  Thanks to Eric Hameleers.
  When adding kernel modules to the initrd, be more verbose showing success and
  failure copying each module.  Thanks to Ellington Santos.
  With some newer kernels, "/dev/root" might be returned by mount as the root
  device, but this will not work as an initrd root device.  If mount returns
  /dev/root, look at the /dev/root symlink to determine the actual root device
  and use that so that the root device does not need to be supplied with -r.
  In the call to /sbin/modprobe used to determine module dependencies, use the
  option --ignore-install to avoid catching "install" lines under
  /etc/modprobe.d/ when modules that use these are added to the initrd.  This
  prevents /sbin/modprobe from being copied over busybox, breaking the initrd.
  Thanks to Ken Milmore.
xap/mozilla-firefox-3.0.5-i686-1.tgz:
  Upgraded to firefox-3.0.5.
  This fixes some security issues:
  For more information, see:
http://www.mozilla.org/security/ ... ties/firefox30.html
  (* Security fix *)
+--------------------------+

ginkgo · 发表于 2009-1-6 12:49:12

Mon Jan  5 14:09:18 CST 2009
n/samba-3.2.7-i486-1.tgz:
  Upgraded to samba-3.2.7.
  This fixes a security issue.  From the WHATSNEW.txt file:
"This is a security release in order to address CVE-2009-0022.
   o CVE-2009-0022
   In Samba 3.2.0 to 3.2.6, in setups with registry shares enabled,
   access to the root filesystem ("/") is granted
   when connecting to a share called "" (empty string)
   using old versions of smbclient (before 3.0.28).
The original security announcement for this and past advisories can
be found http://www.samba.org/samba/security/"
  For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0022
  (* Security fix *)
+--------------------------+
Wed Dec 31 11:35:43 CST 2008
xap/mozilla-thunderbird-2.0.0.19-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.19.
  This upgrade fixes some more security bugs.
  For more information, see:
http://www.mozilla.org/security/ ... /thunderbird20.html
  (* Security fix *)
+--------------------------+

ginkgo · 发表于 2009-1-17 11:31:22

Wed Jan 14 20:32:54 CST 2009
a/openssl-solibs-0.9.8i-i486-2.tgz:
  Patched to fix the return value EVP_VerifyFinal, preventing malformed
  signatures from being considered good.  This flaw could possibly allow a
  'man in the middle' attack.
  For more information, see:
http://www.openssl.org/news/secadv_20090107.txt
http://www.ocert.org/advisories/ocert-2008-016.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
  (* Security fix *)
l/svgalib_helper-1.9.25_2.6.27.7-i486-2.tgz:  Recompiled against a correct
  kernel source tree to fix issues with an invalid module format when loading
  the svgalib_helper module on 2.6.27.7-smp systems.
n/bind-9.4.3_P1-i486-1.tgz:
  Upgraded to bind-9.4.3-P1.
  Fixed checking on return values from OpenSSL's EVP_VerifyFinal and
  DSA_do_verify functions to prevent spoofing answers returned from zones using
  the DNSKEY algorithms DSA and NSEC3DSA.
  For more information, see:
https://www.isc.org/node/373
http://www.ocert.org/advisories/ocert-2008-016.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
  (* Security fix *)
n/ntp-4.2.4p6-i486-1.tgz:
  [Sec 1111] Fix incorrect check of EVP_VerifyFinal()'s return value.
  For more information, see:
https://lists.ntp.org/pipermail/announce/2009-January/000055.html
http://www.ocert.org/advisories/ocert-2008-016.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
  (* Security fix *)
n/openssl-0.9.8i-i486-2.tgz:
  Patched to fix the return value EVP_VerifyFinal, preventing malformed
  signatures from being considered good.  This flaw could possibly allow a
  'man in the middle' attack.
  For more information, see:
http://www.openssl.org/news/secadv_20090107.txt
http://www.ocert.org/advisories/ocert-2008-016.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
  (* Security fix *)
+--------------------------+

sunny_5252 · 发表于 2009-1-17 13:48:38

我已经跟上了。呵呵。谢谢

slackcode · 发表于 2009-1-17 16:57:07

跟进，哈哈哈

duangw · 发表于 2009-1-22 22:43:21

Wed Jan 21 17:27:37 CST 2009
Upgraded to KDE 4.2rc1 (4.1.96) in /testing.  Thanks very much to Eric Hameleers
for all of the hard work getting this version of KDE ready for /testing so that
Slackware -current will be ready when KDE 4.2 is released!  And thanks for all
of his behind-the-scenes work...  Eric has been following all of the KDE 4.2
betas as well, and taking note as the build requirements have changed.
This set of packages will also work on Slackware 12.2.  If you intend to use
them with Slackware 12.2, grab them now.  Library changes in -current may occur
which could make it more difficult to use these KDE packages with Slackware 12.2
in the future.
testing/packages/kde4/deps/PyQt-4.4.4-i486-1.tgz:  Upgraded to PyQt-4.4.4.
testing/packages/kde4/deps/akonadi-1.1.1-i486-1.tgz:  Upgraded to akonadi-1.1.1.
testing/packages/kde4/deps/automoc4-r900905-i486-1.tgz:  Added automoc4-r900905.
testing/packages/kde4/deps/boost-1.36.0-i486-1.tgz:  Upgraded to boost-1.36.0.
testing/packages/kde4/deps/eigen2-r900905-i486-1.tgz:
  Upgraded to eigen2-r900905.
testing/packages/kde4/deps/iso-codes-3.5-noarch-1.tgz:  Added iso-codes-3.5.
testing/packages/kde4/deps/libdvdread-4.1.3-i486-1.tgz:  Added libdvdread-4.1.3.
testing/packages/kde4/deps/libical-0.42-i486-1.tgz:  Added libical-0.42.
testing/packages/kde4/deps/libxklavier-3.8-i486-1.tgz:
  Upgraded to libxklavier-3.8.
testing/packages/kde4/deps/phonon-4.2.96-i486-1.tgz:  Upgraded to phonon-4.2.96.
testing/packages/kde4/deps/qimageblitz-r900905-i486-1.tgz:
  Upgraded to qimageblitz-r900905.
testing/packages/kde4/deps/qt-r912655-i486-1.tgz:  Upgraded to qt-r912655.
testing/packages/kde4/deps/sip-4.7.9-i486-1.tgz:  Upgraded to sip-4.7.9.
testing/packages/kde4/deps/soprano-2.1.64-i486-1.tgz:
  Upgraded to soprano-2.1.64.
testing/packages/kde4/deps/strigi-0.6.3-i486-1.tgz:  Upgraded to strigi-0.6.3.
testing/packages/kde4/extragear/amarok-2.0.1.1-i486-1.tgz:
  Upgraded to amarok-2.0.1.1.
testing/packages/kde4/extragear/guidance-power-manager-4.1.96-i486-1.tgz:
  Upgraded to guidance-power-manager-4.1.96.
testing/packages/kde4/extragear/kaudiocreator-r888119-i486-1.tgz:
  Upgraded to kaudiocreator-r888119.
testing/packages/kde4/extragear/konq-plugins-4.1.96-i486-1.tgz:
  Upgraded to konq-plugins-4.1.96.
testing/packages/kde4/extragear/skanlite-0.2_kde4.1.96-i486-1.tgz:
  Added skanlite-0.2_kde4.1.96.
testing/packages/kde4/kde/kdeaccessibility-4.1.96-i486-1.tgz:
  Upgraded to kdeaccessibility-4.1.96.
testing/packages/kde4/kde/kdeadmin-4.1.96-i486-1.tgz:
  Upgraded to kdeadmin-4.1.96.
testing/packages/kde4/kde/kdeartwork-4.1.96-i486-1.tgz:
  Upgraded to kdeartwork-4.1.96.
testing/packages/kde4/kde/kdebase-4.1.96-i486-1.tgz:
  Upgraded to kdebase-4.1.96.
testing/packages/kde4/kde/kdebase-runtime-4.1.96-i486-1.tgz:
  Upgraded to kdebase-runtime-4.1.96.
testing/packages/kde4/kde/kdebase-workspace-4.1.96-i486-1.tgz:
  Upgraded to kdebase-workspace-4.1.96.
testing/packages/kde4/kde/kdebindings-4.1.96-i486-1.tgz:
  Upgraded to kdebindings-4.1.96.
testing/packages/kde4/kde/kdeedu-4.1.96-i486-1.tgz:
  Upgraded to kdeedu-4.1.96.
testing/packages/kde4/kde/kdegames-4.1.96-i486-1.tgz:
  Upgraded to kdegames-4.1.96.
testing/packages/kde4/kde/kdegraphics-4.1.96-i486-1.tgz:
  Upgraded to kdegraphics-4.1.96.
testing/packages/kde4/kde/kdelibs-4.1.96-i486-1.tgz:
  Upgraded to kdelibs-4.1.96.
testing/packages/kde4/kde/kdemultimedia-4.1.96-i486-1.tgz:
  Upgraded to kdemultimedia-4.1.96.
testing/packages/kde4/kde/kdenetwork-4.1.96-i486-1.tgz:
  Upgraded to kdenetwork-4.1.96.
testing/packages/kde4/kde/kdepim-r914823_4.2-i486-1.tgz:
  Upgraded to kdepim-r914823_4.2.
testing/packages/kde4/kde/kdepimlibs-4.1.96-i486-1.tgz:
  Upgraded to kdepimlibs-4.1.96.
testing/packages/kde4/kde/kdeplasma-addons-4.1.96-i486-1.tgz:
  Upgraded to kdeplasma-addons-4.1.96.
testing/packages/kde4/kde/kdesdk-4.1.96-i486-1.tgz:
  Upgraded to kdesdk-4.1.96.
testing/packages/kde4/kde/kdetoys-4.1.96-i486-1.tgz:
  Upgraded to kdetoys-4.1.96.
testing/packages/kde4/kde/kdeutils-4.1.96-i486-1.tgz:
  Upgraded to kdeutils-4.1.96.
testing/packages/kde4/kde/kdevelop-3.9.85-i486-1.tgz:
  Added kdevelop-3.9.85.
testing/packages/kde4/kde/kdevplatform-0.9.85-i486-1.tgz:
  Added kdevplatform-0.9.85.
testing/packages/kde4/kde/kdewebdev-4.1.96-i486-1.tgz:
  Upgraded to kdewebdev-4.1.96.
testing/packages/kde4/kde/koffice-1.9.98.5-i486-1.tgz:
  Upgraded to koffice-1.9.98.5.
testing/packages/kde4/kde-l10n/kde-l10n-*-4.1.96-noarch-1.tgz:
  Upgraded to KDE 4.1.96 l10n packages.
testing/packages/kde4/kde-l10n/koffice-l10n-*-1.9.98.5-noarch-1.tgz:
  Upgraded to KOffice 1.9.98.5 l10n packages.
testing/packages/bash-3.2.048-i486-1.tgz:
  Upgraded to bash-3.2.048.  This might still have issues with backtick
  handling.  Even though $(...) is a better syntax, a lot of things break if
  `...` is not handled correctly.  Any feedback on this is appreciated.
+--------------------------+

grissiom · 发表于 2009-1-28 10:09:11

Tue Jan 27 14:33:35 CST 2009
KDE 4.2.0 is released -- congratulations to the KDE development team for such
an amazing job on this beautiful and highly user-friendly desktop environment!
Thanks also to Eric Hameleers, who did a ton of work getting KDE 4.2.0 ready
for Slackware.  Once again (for now), these packages are compatible with
Slackware 12.2.  Enjoy!  :-)
testing/packages/kde4/deps/automoc4-0.9.88-i486-1.tgz:
  Upgraded to automoc4-0.9.88.
testing/packages/kde4/deps/clucene-0.9.21b-i486-1.tgz:
  Upgraded to clucene-0.9.21b.
testing/packages/kde4/extragear/guidance-power-manager-4.2.0-i486-1.tgz:
  Upgraded to guidance-power-manager-4.2.0.
testing/packages/kde4/extragear/konq-plugins-4.2.0-i486-1.tgz:
  Upgraded to konq-plugins-4.2.0.
testing/packages/kde4/extragear/skanlite-0.2_kde4.2.0-i486-1.tgz:
  Upgraded to skanlite-0.2_kde4.2.0.
testing/packages/kde4/kde/kdeaccessibility-4.2.0-i486-1.tgz:
  Upgraded to kdeaccessibility-4.2.0.
testing/packages/kde4/kde/kdeadmin-4.2.0-i486-1.tgz:
  Upgraded to kdeadmin-4.2.0.
testing/packages/kde4/kde/kdeartwork-4.2.0-i486-1.tgz:
  Upgraded to kdeartwork-4.2.0.
testing/packages/kde4/kde/kdebase-4.2.0-i486-1.tgz:
  Upgraded to kdebase-4.2.0.
testing/packages/kde4/kde/kdebase-runtime-4.2.0-i486-1.tgz:
  Upgraded to kdebase-runtime-4.2.0.
testing/packages/kde4/kde/kdebase-workspace-4.2.0-i486-1.tgz:
  Upgraded to kdebase-workspace-4.2.0.
testing/packages/kde4/kde/kdebindings-4.2.0-i486-1.tgz:
  Upgraded to kdebindings-4.2.0.
testing/packages/kde4/kde/kdeedu-4.2.0-i486-1.tgz:
  Upgraded to kdeedu-4.2.0.
testing/packages/kde4/kde/kdegames-4.2.0-i486-1.tgz:
  Upgraded to kdegames-4.2.0.
testing/packages/kde4/kde/kdegraphics-4.2.0-i486-1.tgz:
  Upgraded to kdegraphics-4.2.0.
testing/packages/kde4/kde/kdelibs-4.2.0-i486-1.tgz:
  Upgraded to kdelibs-4.2.0.
testing/packages/kde4/kde/kdemultimedia-4.2.0-i486-1.tgz:
  Upgraded to kdemultimedia-4.2.0.
testing/packages/kde4/kde/kdenetwork-4.2.0-i486-2.tgz:
  Upgraded to kdenetwork-4.2.0.
testing/packages/kde4/kde/kdepim-4.2.0-i486-1.tgz:
  Upgraded to kdepim-4.2.0.
testing/packages/kde4/kde/kdepimlibs-4.2.0-i486-1.tgz:
  Upgraded to kdepimlibs-4.2.0.
testing/packages/kde4/kde/kdeplasma-addons-4.2.0-i486-1.tgz:
  Upgraded to kdeplasma-addons-4.2.0.
testing/packages/kde4/kde/kdesdk-4.2.0-i486-1.tgz:
  Upgraded to kdesdk-4.2.0.
testing/packages/kde4/kde/kdetoys-4.2.0-i486-1.tgz:
  Upgraded to kdetoys-4.2.0.
testing/packages/kde4/kde/kdeutils-4.2.0-i486-1.tgz:
  Upgraded to kdeutils-4.2.0.
testing/packages/kde4/kde/kdewebdev-4.2.0-i486-1.tgz:
  Upgraded to kdewebdev-4.2.0.
testing/packages/kde4/kde-l10n/kde-l10n-*-4.2.0-noarch-1.tgz:
  Upgraded to KDE 4.2.0 l10n packages.

==================================================
激动地把这一篇发上来~ 其实差不多是第一次看到 slackware 跟进得这么快……

ginkgo · 发表于 2009-1-28 13:06:20

+--------------------------+
Sun Jan 25 19:40:20 CST 2009
n/bluez-utils-3.36-i486-5.tgz:  Changes in the dbus version used in Slackware
  12.2 (and in -current) to increase security had some unintended side effects,
  and bluez was one of the things that broke.  However, by using the dbus
  bluetooth.conf file from bluez-4, this version of bluez can be made to work
  again.  The newer version of the .conf file has been merged into this package,
  and changed from a .conf.new to a plain .conf to ensure that it replaces the
  other version.  Thanks to David Somero for the bug report and fix.
n/lftp-3.7.8-i486-1.tgz:  Upgraded to lftp-3.7.8.
testing/packages/kde4/deps/libmsn-r93-i486-1.tgz:  Added libmsn-r93, needed to
  handle the MSN protocol in kopete.
testing/packages/kde4/deps/phonon-4.3.0-i486-1.tgz:  Upgraded to phonon-4.3.0.
testing/packages/kde4/deps/soprano-2.1.67-i486-1.tgz:
  Upgraded to soprano-2.1.67.
testing/packages/kde4/extragear/ktorrent-3.1.6-i486-1.tgz:
  Upgraded to ktorrent-3.1.6.
testing/packages/kde4/kde/kdenetwork-4.1.96-i486-2.tgz:
  Recompiled against libmsn-r93.
+--------------------------+
25号的差了一段。现在补上。不知道什么时候升级内核到2.6.28 用一些ext4.

duangw · 发表于 2009-2-5 20:38:26

Mon Feb  2 17:47:18 CST 2009
x/xdg-utils-1.0.2-noarch-3.tgz:
  This update fixes two security issues.  First, use of xdg-open in
  /etc/mailcap was found to be unsafe -- xdg-open passes along downloaded files
  without indicating what mime type they initially presented themselves as,
  leaving programs further down the processing chain to discover the file type
  again.  This makes it rather trivial to present a script (such as a .desktop
  file) as a document type (like a PDF) so that it looks safe to click on in a
  browser, but will result in the execution of an arbitrary script.  It might
  be safe to send files to trusted applications in /etc/mailcap, but it does
  not seem to be safe to send files to xdg-open in /etc/mailcap.
This package will comment out calls to xdg-open in /etc/mailcap if they are
  determined to have been added by a previous version of this package.
  If you've made any local customizations to /etc/mailcap, be sure to check
  that there are no uncommented calls to xdg-open after installing this update.
  Thanks to Manuel Reimer for discovering this issue.
  For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0068
  Another bug in xdg-open fails to sanitize input properly allowing the
  execution of arbitrary commands.  This was fixed in the xdg-utils repository
  quite some time ago (prior to the inclusion of xdg-utils in Slackware), but
  was never fixed in the official release of xdg-utils.  The sources for
  xdg-utils in Slackware have now been updated from the repo to fix the problem.
  For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0386
  (* Security fix *)
+--------------------------+

ginkgo · 发表于 2009-2-9 11:06:51

Thu Feb 5 15:19:56 CST 2009
ap/ghostscript-8.64-i486-1.tgz: Upgraded to ghostscript-8.64.
Thanks to ABE Shin-ichi updating the build script and testing CJK output.
xap/mozilla-firefox-3.0.6-i686-1.tgz:
Upgraded to firefox-3.0.6.
This fixes some security issues:
For more information, see:
[url]http://www.mozilla.org/security/known-vulnerabilities/firefox30.html[/url]
(* Security fix *)
+--------------------------+

复制代码

		自动登录	找回密码
密码			注册