Thu Jan 1 22:40:40 EET 2009 PATCHES/packages/mozilla-thunderbird-2.0.0.19-x86_64-1.tgz: Upgraded to thunderbird-2.0.0.19. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html [*** Security fix ***] +--------------------------+ Mon Dec 29 23:12:21 EET 2008 PATCHES/packages/seamonkey-1.1.14-x86_64-1.tgz: Upgraded to seamonkey-1.1.14. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html [*** Security fix ***] +--------------------------+ Sun Dec 21 16:45:38 EET 2008 PATCHES/packages/mozilla-firefox-2.0.0.20-x86_64-1.tgz: Upgraded to firefox-2.0.0.20. This fixes some security issues: For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox20.html [*** Security fix ***] +--------------------------+ Mon Dec 1 23:32:56 EET 2008 PATCHES/packages/ruby-1.8.6_p287-x86_64-1.tgz: Upgraded to ruby-1.8.6-p287. This fixes several bugs in the previous Ruby update, including a security issue where the DNS resolver did not randomize the source port and transaction id sufficiently. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 [*** Security fix ***] Sat Nov 29 12:26:30 EET 2008 +--------------------------+ PATCHES/packages/samba-3.0.33-x86_64-1.tgz: Upgraded to samba-3.0.33. This package fixes an important barrier against rogue clients reading from uninitialized memory (though no proof-of-concept is known to exist). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314 [*** Security fix ***] +--------------------------+ Sun Nov 23 10:30:25 EET 2008 PATCHES/packages/mozilla-thunderbird-2.0.0.18-x86_64-1.tgz: Upgraded to thunderbird-2.0.0.18. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html [*** Security fix ***] +--------------------------+ Thu Nov 20 23:24:27 EET 2008 PATCHES/packages/libxml2-2.6.32-x86_64-1.tgz: Upgraded to libxml2-2.6.32 and patched. This fixes vulnerabilities including denial of service, or possibly the execution of arbitrary code as the user running a libxml2 linked application if untrusted XML content is parsed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226 [*** Security fix ***] +--------------------------+ Mon Nov 17 00:45:40 EET 2008 PATCHES/packages/mozilla-firefox-2.0.0.18-x86_64-1.tgz Upgraded to firefox-2.0.0.18. This fixes some security issues: For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox20.html [*** Security fix ***] PATCHES/packages/seamonkey-1.1.13-x86_64-1.tgz: Upgraded to seamonkey-1.1.13. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html [*** Security fix ***] +--------------------------+ Wed Oct 15 01:18:28 EEST 2008 PATCHES/packages/glibc-zoneinfo-2.3.6-noarch-8.tgz: Upgraded to tzdata2008h for the latest world timezone changes. +--------------------------+ Mon Sep 29 10:18:38 EEST 2008 PATCHES/packages/mozilla-thunderbird-2.0.0.17-x86_64-1.tgz: Upgraded to thunderbird-2.0.0.17. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html [*** Security fix ***] +--------------------------+ Fri Sep 26 11:50:13 EEST 2008 patches/packages/mozilla-firefox-2.0.0.17-x86_64-1.tgz: Upgraded to firefox-2.0.0.17. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox20.html [*** Security fix ***] patches/packages/seamonkey-1.1.12-x86_64-1.tgz: Upgraded to seamonkey-1.1.12. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html [*** Security fix ***] +--------------------------+ Wed Sep 17 17:10:02 EEST 2008 PATCHES/packages/bind-9.3.5_P2-x86_64-1.tgz: Upgraded to bind-9.3.5-P2. This version has performance gains over bind-9.3.5-P1. +--------------------------+ Thu Sep 4 23:45:53 EEST 2008 PATCHES/packages/php-4.4.9-x86_64-1.tgz: Upgraded to php-4.4.9. This upgrades the bundled PCRE library to fix security issues, as well as fixing a few other security related bugs. See the PHP4 ChangeLog for more details: http://www.php.net/ChangeLog-4.php#4.4.9 Please note: PHP4 has been officially discontinued since last year, and reached the announced EOL on 2008-08-08. Sites should consider migrating to a supported release. [*** Security fix ***] +--------------------------+ Thu Sep 4 00:46:09 EEST 2008 PATCHES/packages/samba-3.0.32-x86_64-1.tgz: Upgraded to samba-3.0.32. This is a bugfix release. See the WHATSNEW.txt file in the Samba docs for details on what has changed. +--------------------------+ Sat Aug 30 09:55:02 EEST 2008 PATCHES/packages/amarok-1.4.10-x86_64-1.tgz: Upgraded to amarok-1.4.10. This fixes a security issue in the Magnatune online music library support which could be used by malicious local users to overwrite system files. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699 [*** Security fix ***] PATCHES/packages/libgpod-0.6.0-x86_64-1.tgz: Upgraded to libgpod-0.6.0. This new version of libgpod is required for amarok-1.4.10. +--------------------------+ Tue Aug 5 23:50:55 EEST 2008 PATCHES/packages/python-2.4.5-x86_64-1.tgz: Upgraded to 2.4.5 and patched overflows and other security problems. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144 [*** Security fix ***] +-------------------------+ Wed Jul 30 17:43:45 EEST 2008 PATCHES/packages/proftpd-1.3.1-x86_64-1.tgz: Recompiled against new OpenSSL, since this evidently checks the OpenSSL version and will only run against the libraries it was compiled against. A small patch was also added due to changes in the system includes. PATCHES/packages/fetchmail-6.3.8-x86_64-1.tgz: Patched to fix a possible denial of service when "-v -v" options are used. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711 [*** Security fix ***] PATCHES/packages/links-2.1-x86_64-1.tgz: Upgraded to links-2.1. Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs." For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3329 [*** Security fix ***] PATCHES/packages/mozilla-thunderbird-2.0.0.16-x86_64-1.tgz: Upgraded to thunderbird-2.0.0.16. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html [*** Security fix ***] PATCHES/packages/openssh-5.1p1-x86_64-1.tgz: Upgraded to openssh-5.1p1. When upgrading OpenSSH, it is VERY IMPORTANT to also upgrade OpenSSL, or it is possible to be unable to log back into sshd! PATCHES/packages/openssl-0.9.8h-x86_64-1.tgz: Upgraded to OpenSSL 0.9.8h. The Codenomicon TLS test suite uncovered security bugs in OpenSSL. If OpenSSL was compiled using non-default options (Bluewhite64's package is not), then a malicious packet could cause a crash. Also, a malformed TLS handshake could also lead to a crash. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672 When upgrading OpenSSL, it is VERY IMPORTANT to also upgrade OpenSSH, or it is possible to be unable to log back into sshd! [*** Security fix ***] PATCHES/packages/openssl-solibs-0.9.8h-x86_64-1.tgz: Upgraded to OpenSSL 0.9.8h shared libraries (see above). [*** Security fix ***] PATCHES/packages/vim-7.1.330-x86_64-1.tgz: Upgraded to vim-7.1.330. This fixes several security issues related to the automatic processing of untrusted files. For more information, see: http://www.rdancer.org/vulnerablevim.html [*** Security fix ***] PATCHES/packages/vim-gvim-7.1.330-x86_64-1.tgz: Upgraded to vim-gvim-7.1.330. See "vim" above for details. [*** Security fix ***] +-------------------------+ Fri Jul 25 14:29:51 EEST 2008 PATCHES/packages/dnsmasq-2.45-x86_64-1.tgz: Upgraded to dnsmasq-2.45. It was discovered that earlier versions of dnsmasq have DNS cache weaknesses that are similar to the ones recently discovered in BIND. This new release minimizes the risk of cache poisoning. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 [*** Security fix ***] +-------------------------+ Thu Jul 17 21:25:57 EEST 2008 PATCHES/packages/mozilla-firefox-2.0.0.16-x86_64-1.tgz: Upgraded to firefox-2.0.0.16. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefox20.html [*** Security fix ***] PATCHES/packages/seamonkey-1.1.11-x86_64-1.tgz: Upgraded to seamonkey-1.1.11. This release fixes some more security vulnerabilities. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html [*** Security fix ***] +-------------------------+ Fri Jul 11 19:52:59 EEST 2008 PATCHES/packages/bind-9.3.5_P1-x86_64-1.tgz: Upgraded to bind-9.3.5-P1. This upgrade addresses a security flaw known as the CERT VU#800113 DNS Cache Poisoning Issue. This is the summary of the problem from the BIND site: "A weakness in the DNS protocol may enable the poisoning of caching recurive resolvers with spoofed data. DNSSEC is the only full solution. New versions of BIND provide increased resilience to the attack." It is suggested that sites that run BIND upgrade to one of the new packages in order to reduce their exposure to DNS cache poisoning attacks. For more information, see: http://www.isc.org/sw/bind/bind-security.php http://www.kb.cert.org/vuls/id/800113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 [*** Security fix ***] PATCHES/patches/packages/mozilla-firefox-2.0.0.15-x86_64-1.tgz: Upgraded to firefox-2.0.0.15. This release closes several possible security vulnerabilities and bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox [*** Security fix ***] PATCHES/packages/seamonkey-1.1.10-x86_64-1.tgz: Upgraded to seamonkey-1.1.10. This release closes several possible security vulnerabilities and bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey [*** Security fix ***] +-------------------------+ Sat Jun 28 11:22:23 EEST 2008 PATCHES/packages/ruby-1.8.6_p230-x86_64-1.tgz: Upgraded to ruby-1.8.6-p230. This fixes a number of security related bugs in Ruby which could lead to a denial of service (DoS) condition or allow execution of arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726 [*** Security fix ***] +-------------------------+ Thu May 29 17:34:21 EEST 2008 PATCHES/packages/samba-3.0.30-x86_64-1.tgz: Upgraded to samba-3.0.30. This is a security release in order to address CVE-2008-1105 ("Boundary failure when parsing SMB responses can result in a buffer overrun"). For more information on the security issue, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105 [*** Security fix ***] +-------------------------+ Thu May 8 13:59:52 EEST 2008 PATCHES/packages/mozilla-thunderbird-2.0.0.14-x86_64-1.tgz: Upgraded to thunderbird-2.0.0.14. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird [*** Security fix ***] EXTRA software/php5/php-5.2.6-x86_64-1.tgz: Upgraded to php-5.2.6. PHP4 was standard in Bluewhite64 11.0, which is why this package is provided "in place" under /extra rather than under /patches (where upgrade tools might mistakenly grab and install it where it would not be desirable.) This version of PHP contains many fixes and enhancements. Some of the fixes are security related, and the PHP release announcement provides this list: * Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin. * Fixed integer overflow in printf() identified by Maksymilian Aciemowicz. * Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh. * Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. * Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser. * Upgraded bundled PCRE to version 7.6 When last checked, CVE-2008-0599 was not yet open. However, additional information should become available at this URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599 The list reproduced above, as well as additional information about other fixes in PHP 5.2.6 may be found in the PHP release announcement here: http://www.php.net/releases/5_2_6.php [*** Security fix ***] +-------------------------+ Tue Apr 29 14:39:21 EEST 2008 PATCHES/packages/libpng-1.2.27-x86_64-1.tgz: Upgraded to libpng-1.2.27. This fixes various bugs, the most important of which have to do with the handling of unknown chunks containing zero-length data. Processing a PNG image that contains these could cause the application using libpng to crash (possibly resulting in a denial of service), could potentially expose the contents of uninitialized memory, or could cause the execution of arbitrary code as the user running libpng (though it would probably be quite difficult to cause the execution of attacker-chosen code). We recommend upgrading the package as soon as possible. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382 ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.27-README.txt [*** Security fix ***] +-------------------------+ Tue Apr 22 10:25:05 EEST 2008 PATCHES/packages/xine-lib-1.1.11.1-x86_64-3.tgz: Recompiled, with --without-speex (we didn't ship the speex library in Bluewhite64 anyway, but for reference this issue would be CVE-2008-1686), and with --disable-nosefart (the recently reported as insecurely demuxed NSF format). As before in -2, this package fixes the two regressions mentioned in the release notes for xine-lib-1.1.12: http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655 [*** Security fix ***] +-------------------------+ Fri Apr 18 14:09:35 EEST 2008 PATCHES/packages/mozilla-firefox-2.0.0.14-x86_64-1.tgz: Upgraded to firefox-2.0.0.14. This upgrade fixes a potential security bug. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox [*** Security fix ***] +--------------------------+ Tue Apr 8 11:23:35 EEST 2008 PATCHES/packages/xine-lib-1.1.11.1-x86_64-2.tgz: Patched to fix playback failure affecting several media formats accidentally broken in the xine-lib-1.1.11.1 release. PATCHES/packages/bzip2-1.0.5-x86_64-1.tgz: Upgraded to bzip2-1.0.5. Previous versions of bzip2 contained a buffer overread error that could cause applications linked to libbz2 to crash, resulting in a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372 [*** Security fix ***] PATCHES/packages/m4-1.4.11-x86_64-1.tgz: Upgraded to m4-1.4.11. In addition to bugfixes and enhancements, this version of m4 also fixes two issues with possible security implications. A minor security fix with the use of "maketemp" and "mkstemp" -- these are now quoted to prevent the (rather unlikely) possibility that an unquoted string could match an existing macro causing operations to be done on the wrong file. Also, a problem with the '-F' option (introduced with version 1.4) could cause a core dump or possibly (with certain file names) the execution of arbitrary code. For more information on these issues, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688 [*** Security fix ***] +--------------------------+ Sat Apr 5 00:16:32 EEST 2008 PATCHES/packages/openssh-5.0p1-x86_64-1.tgz: Upgraded to openssh-5.0p1. This version fixes a security issue where local users could hijack forwarded X connections. Upgrading to the new package is highly recommended. For more information on this security issue, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483 [*** Security fix ***] +--------------------------+ Tue Apr 1 23:58:349 EEST 2008 PATCHES/packages/xine-lib-1.1.11.1-x86_64-1.tgz: Upgraded to xine-lib-1.1.11.1. Earlier versions of xine-lib suffer from an integer overflow which may lead to a buffer overflow that could potentially be used to gain unauthorized access to the machine if a malicious media file is played back. File types affected this time include .flv, .mov, .rm, .mve, .mkv, and .cak. For more information on this security issue, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482 [*** Security fix ***] +--------------------------+ Sun Mar 30 12:17:42 EEST 2008 PATCHES/packages/mozilla-firefox-2.0.0.13-x86_64-1.tgz: Upgraded to firefox-2.0.0.13. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox [*** Security fix ***] PATCHES/packages/seamonkey-1.1.9-x86_64-1.tgz: Upgraded to seamonkey-1.1.9. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey [*** Security fix ***] PATCHES/packages/xine-lib-1.1.11-x86_64-1.tgz: Earlier versions of xine-lib suffer from an array index bug that may have security implications if a malicious RTSP stream is played. Playback of other media formats is not affected. If you use RTSP, you should probably upgrade xine-lib. For more information on the security issue, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073 [*** Security fix ***] +--------------------------+ Mon Mar 3 11:02:51 EET 2008 PATCHES/packages/espgs-8.15.3svn185-x86_64-3.tgz: This patched version of ESP Ghostscript fixes a buffer overflow. For more information on the security issue, please see: http://scary.beasts.org/security/CESA-2008-001.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0411 [*** Security fix ***] +--------------------------+ Sun Mar 2 10:12:45 EET 2008 PATCHES/packages/mozilla-thunderbird-2.0.0.12-x86_64-1.tgz: Upgraded to thunderbird-2.0.0.12. This update fixes the following security related issues: MFSA 2008-12: Heap buffer overflow in external MIME bodies MFSA 2008-05: Directory traversal via chrome: URI MFSA 2008-03: Privilege escalation, XSS, Remote Code Execution MFSA 2008-01: Crashes with evidence of memory corruption (rv:1.8.1.12) For more information, see: http://www.mozilla.org/security/announce/2008/mfsa2008-12.html http://www.mozilla.org/security/announce/2008/mfsa2008-05.html http://www.mozilla.org/security/announce/2008/mfsa2008-03.html http://www.mozilla.org/security/announce/2008/mfsa2008-01.html These are the related CVE entries: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413 [*** Security fix ***] +--------------------------+ Fri Feb 15 10:38:42 EET 2008 PATCHES/packages/apache-1.3.41-x86_64-1.tgz: Upgraded to apache-1.3.41, the last regular release of the Apache 1.3.x series, and a security bugfix-only release. For more information about the security issues fixed, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 [*** Security fix ***] PATCHES/packages/mod_ssl-2.8.31_1.3.41-x86_64-1.tgz: Upgraded to mod_ssl-2.8.31-1.3.41 to work with apache_1.3.41. PATCHES/packages/php-4.4.8-x86_64-1.tgz: Upgraded to php-4.4.8. This is a security and bugfix release. More information may be found here: http://bugs.php.net/43010 This is the last regular release of PHP-4.4.x. The EOL is scheduled for 2008-08-08. [*** Security fix ***] +--------------------------+ Wed Feb 13 17:09:06 EET 2008 PATCHES/packages/mozilla-firefox-2.0.0.12-x86_64-1.tgz: Upgraded to firefox-2.0.0.12. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox [** Security fix ***] PATCHES/packages/seamonkey-1.1.8-x86_64-1.tgz: Upgraded to seamonkey-1.1.8. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey [*** Security fix ***] +--------------------------+ Sat Dec 15 11:59:38 EET 2007 PATCHES/packages/mysql-5.0.51-x86_64-1.tgz: Upgraded to mysql-5.0.51. This release fixes several bugs, including some security issues. However, it also includes a potentially incompatible change, so be sure to read the release notes before upgrading. It is possible that some databases will need to be fixed in order to work with this (and future) releases: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html For more information about the security issues fixed, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969 [*** Security fix ***] +--------------------------+ Tue Dec 11 16:51:11 EET 2007 PATCHES/packages/samba-3.0.28-x86_64-1.tgz: Upgraded to samba-3.0.28. Samba 3.0.28 is a security release in order to address a boundary failure in GETDC mailslot processing that can result in a buffer overrun leading to possible code execution. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015 http://www.samba.org/samba/history/samba-3.0.28.html http://secunia.com/secunia_research/2007-99/advisory/ [*** Security fix ***] +---------------------+ Tue Dec 4 17:22:12 EET 2007 PATCHES/packages/cairo-1.4.12-x86_64-1.tgz: Upgraded to cairo-1.4.12. This fixes a possible security risk when decoding PNG files that may have been maliciously tampered with: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5503 [*** Security fix ***] PATCHES/packages/samba-3.0.27a-x86_64-1.tgz: Upgraded to samba-3.0.27a. This update fixes a crash bug regression experienced by smbfs clients caused by the fix for CVE-2007-4572. +--------------------------+ Sun Dec 2 10:09:57 EET 2007 PATCHES/packages/rsync-2.6.9-x86_64-1.tgz: Patched some security bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091 http://lists.samba.org/archive/rsync-announce/2007/000050.html [*** Security fix ***] PATCHES/packages/mozilla-firefox-2.0.0.11-x86_64-1.tgz: Upgraded to Firefox 2.0.0.11, which fixed a bug introduced by the 2.0.0.10 update in the feature that affected some web pages and extensions. +--------------------------+ Fri Nov 30 17:48:36 EET 2007 PATCHES/packages/seamonkey-1.1.7-x86_64-1.tgz: Upgraded to seamonkey-1.1.7. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey [*** Security fix ***] +--------------------------+ Wed Nov 28 17:49:26 EET 2007 PATCHES/packages/mozilla-firefox-2.0.0.10-x86_64-1.tgz: Upgraded to firefox-2.0.0.10. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox [*** Security fix ***] +--------------------------+ Wed Nov 21 17:58:13 EET 2007 PATCHES/packages/libpng-1.2.23-x86_64-1.tgz: Upgraded to libpng-1.2.23. Previous libpng versions may crash when loading malformed PNG files. It is not currently known if this vulnerability can be exploited to execute malicious code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 [*** Security fix ***] PATCHES/packages/mozilla-thunderbird-2.0.0.9-x86_64-1.tgz: Upgraded to thunderbird-2.0.0.9. This update fixes the following security related issues: URIs with invalid %-encoding mishandled by Windows (MFSA 2007-36). Crashes with evidence of memory corruption (MFSA 2007-29). OK, so the first one obviously does not affect us. :-) The second fix has to do with the same JavaScript handling problem fixed before in Firefox. JavaScript is not enabled by default in Thunderbird, and the developers (at least in MFSA 2007-36) do not recommend turning it on. For more information, see: http://www.mozilla.org/security/announce/2007/mfsa2007-36.html http://www.mozilla.org/security/announce/2007/mfsa2007-29.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339 [*** Security fix ***] +--------------------------+ Sat Nov 17 22:56:56 EET 2007 PATCHES/packages/samba-3.0.27-x86_64-1.tgz: Upgraded to samba-3.0.27. Samba 3.0.27 is a security release in order to address a stack buffer overflow in nmbd's logon request processing, and remote code execution in Samba's WINS server daemon (nmbd) when processing name registration followed name query requests. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398 [*** Security fix ***] +--------------------------+ Mon Nov 12 13:13:53 EET 2007 PATCHES/packages/kdegraphics-3.5.4-x86_64-2.tgz: Patched xpdf related bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 [*** Security fix ***] PATCHES/packages/koffice-1.5.2-x86_64-5.tgz: Patched xpdf related bugs. For more information, see: http://www.kde.org/info/security/advisory-20071107-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 [*** Security fix ***] PATCHES/packages/xpdf-3.02pl2-x86_64-1.tgz: Upgraded to xpdf-3.02pl2. The pl2 patch fixes a crash in xpdf. Some theorize that this could be used to execute arbitrary code if an untrusted PDF file is opened, but no real-world examples are known (yet). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 [*** Security fix ***] +--------------------------+ Sun Nov 11 22:44:28 EET 2007 PATCHES/packages/mozilla-firefox-2.0.0.9-x86_64-1.tgz: Upgraded to firefox-2.0.0.9. This upgrade improves the stability of Firefox. For more information, see: http://tinyurl.com/ytvnfm EXTRA software/php5/php-5.2.5-x86_64-1.tgz: Upgraded to php-5.2.5. This fixes bugs and security issues. For more information, see: http://www.php.net/releases/5_2_5.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887 [*** Security fix ***] PATCHES/packages/seamonkey-1.1.6-x86_64-1.tgz: Upgraded to SeaMonkey 1.1.6. This upgrade fixes SeaMonkey's ability to display certain types of web pages. That's about all we could find about it here: http://www.mozilla.org/projects/seamonkey/ +--------------------------+ Fri Nov 2 09:31:46 EET 2007 PATCHES/packages/cups-1.1.23-x86_64-3.tgz: Patched cups-1.1.23. An off-by-one error in ipp.c may allow a remote attacker to crash CUPS resulting in a denial of service. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351 [*** Security fix ***] +--------------------------+ Sat Oct 13 23:34:33 EEST 2007 PATCHES/packages/glibc-zoneinfo-2.3.6-noarch-7.tgz: Upgraded to timezone data from tzcode2007h and tzdata2007h. This contains the latest timezone data from NIST, including some important changes to daylight savings time in Brasil and New Zealand. +--------------------------+ Sat Sep 22 13:24:34 EEST 2007 EXTRA software/mozilla-firefox-2.0.0.7/mozilla-firefox-2.0.0.7-x86_64-1.tgz: Upgraded to firefox-2.0.0.7. This upgrade fixes Code execution via QuickTime Media-link files. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox Enabled svg support. Thanks to Janusz Dziemidowicz for the report. [*** Security fix ***] +--------------------------+ Thu Sep 13 13:57:14 EEST 2007 PATCHES/packages/openssh-4.7p1-x86_64-1.tgz: Upgraded to openssh-4.7p1. From the OpenSSH release notes: "Security bugs resolved in this release: Prevent ssh(1) from using a trusted X11 cookie if creation of an untrusted cookie fails; found and fixed by Jan Pechanec." While it's fair to say that we here at Bluewhite64 don't see how this could be leveraged to compromise a system, a) the OpenSSH people (who presumably understand the code better) characterize this as a security bug, b) it has been assigned a CVE entry, and c) OpenSSH is one of the most commonly used network daemons. Better safe than sorry. More information should appear here eventually: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752 [*** Security fix ***] PATCHES/packages/samba-3.0.26a-x86_64-1.tgz: Upgraded to samba-3.0.26a. This fixes a security issue in all Samba 3.0.25 versions: "Incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin." For more information, see: http://www.samba.org/samba/security/CVE-2007-4138.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138 [*** Security fix ***] EXTRA software/php5/php-5.2.4-x86_64-1.tgz: Upgraded to php-5.2.4. The PHP announcement says this version fixes over 120 bugs as well as "several low priority security bugs." Read more about it here: http://www.php.net/releases/5_2_4.php [*** Security fix ***] +--------------------------+ Fri Aug 24 22:07:11 EEST 2007 PATCHES/packages/tcpdump-3.9.7-x86_64-1.tgz: Upgraded to libpcap-0.9.7, tcpdump-3.9.7. This new version fixes an integer overflow in the BGP dissector which could possibly allow remote attackers to crash tcpdump or to execute arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798 [*** Security fix ***] +--------------------------+ Sun Aug 12 10:32:39 EEST 2007 PATCHES/packages/gimp-2.2.17-x86_64-1.tgz: Upgraded to gimp-2.2.17, which fixes buffer overflows when decoding certain image types. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949 [*** Security fix ***] PATCHES/packages/qt-3.3.8-x86_64-2.tgz: Patched to fix several format string bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3388 [*** Security fix ***] PATCHES/packages/seamonkey-1.1.4-x86_64-1.tgz: Upgraded to seamonkey-1.1.4. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey [*** Security fix ***] PATCHES/packages/xpdf-3.02pl1-x86_64-1.tgz: Upgraded to xpdf-3.02pl1. This fixes an integer overflow that could possibly be leveraged to run arbitrary code if a malicious PDF file is processed. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 [*** Security fix ***] +--------------------------+ Sat Aug 4 13:31:49 EEST 2007 PATCHES/packages/mozilla-thunderbird-2.0.0.6-x86_64-1.tgz: Upgraded to thunderbird-2.0.0.6. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird [*** Security fix ***] +--------------------------+ Thu Aug 2 10:58:27 EEST 2007 extra/mozilla-firefox-2.0.0.6/mozilla-firefox-2.0.0.6-x86_64-1.tgz: Upgraded to firefox-2.0.0.6. This upgrade fixes some more security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox [*** Security fix ***] +--------------------------+ Fri Jul 27 11:07:49 EEST 2007 PATCHES/packages/bind-9.3.4_P1-x86_64-1.tgz: Upgraded to bind-9.3.4_P1 to fix a security issue. The query IDs in BIND9 prior to BIND 9.3.4-P1 are cryptographically weak. For more information on this issue, see: http://www.isc.org/index.pl?/sw/bind/bind-security.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926 [*** Security fix ***] +--------------------------+ Wed Jul 25 02:43:17 EEST 2007 PATCHES/packages/mozilla-thunderbird-2.0.0.5-x86_64-1.tgz: Upgraded to thunderbird-2.0.0.5. Since Thunderbird shares the browser engine with Firefox it is susceptible to similar vulnerabilities. This update fixes the same issues fixed in the recent Firefox patch. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird [*** Security fix ***] PATCHES/packages/seamonkey-1.1.3-x86_64-1.tgz: Upgraded to seamonkey-1.1.3. This is presumably a security update, but the details on the net have been sparse. So far nothing has appeared at the usual URL, but I would treat this as a security update unless it is announced as otherwise. For more information (if/when it appears), see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey [*** Security fix ***] +--------------------------+ Thu Jul 19 23:51:17 EEST 2007 extra/mozilla-firefox-2.0.0.5/mozilla-firefox-2.0.0.5-x86_64-1.tgz: Upgraded to firefox-2.0.0.5. This upgrade fixes a couple of minor security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox [*** Security fix ***] +--------------------------+ Wed Jun 27 16:20:57 EEST 2007 PATCHES/packages/gd-2.0.35-x86_64-1.tgz: Upgraded to gd-2.0.35. This fixes a few possible security issues: * Possible infinite loop in the PNG reader * Possible integer overflow in gdImageCreateTrueColor * Possible crash in gdImageCreateXbm * Numerous flaws in the GIF reader [*** Security fix ***] +--------------------------+ Thu Jun 14 10:40:34 EEST 2007 PATCHES/packages/libexif-0.6.16-x86_64-1.tgz: Upgraded to libexif-0.6.16. An integer overflow in libexif can crash applications that use the library on malformed images. The upstream advisory indicates that this flaw could also be used to execute arbitrary code in the context of the user, but no exploit is known (by us) to exist among iDefense's researchers or in the wild. But, as a crash bug and heap overflow one must suppose that the possibility exists. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168 [*** Security fix ***] +--------------------------+ Mon Jun 4 00:36:03 EEST 2007 PATCHES/packages/mozilla-firefox-1.5.0.12-x86_64-1.tgz: Upgraded to firefox-1.5.0.12. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox [*** Security fix ***] PATCHES/packages/mozilla-thunderbird-1.5.0.12-x86_64-1.tgz: Upgraded to thunderbird-1.5.0.12. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird [*** Security fix ***] PATCHES/packages/seamonkey-1.1.2-x86_64-1.tgz: Upgraded to seamonkey-1.1.2. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey [*** Security fix ***] EXTRA software/mozilla-firefox-2.0.0.4/mozilla-firefox-2.0.0.4-x86_64-1.tgz: Upgraded to firefox-2.0.0.4. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox [*** Security fix ***] +--------------------------+ Sat Jun 2 03:56:17 EEST 2007 EXTRA software/php5/php-5.2.3-x86_64-1.tgz: Upgraded to php-5.2.3. Here's some basic information about the release from php.net: "This release continues to improve the security and the stability of the 5.X branch as well as addressing two regressions introduced by the previous 5.2 releases. These regressions relate to the timeout handling over non-blocking SSL connections and the lack of HTTP_RAW_POST_DATA in certain conditions. All users are encouraged to upgrade to this release." For more complete information, see: http://www.php.net/releases/5_2_3.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872 [*** Security fix ***] +--------------------------+ Sat May 26 12:14:32 EEST 2007 PATCHES/packages/samba-3.0.25a-x86_64-1.tgz: Upgraded to samba-3.0.25a. This fixes some major (non-security) bugs in samba-3.0.25. See the WHATSNEW.txt for details. +--------------------------+ Thu May 17 10:10:02 EEST 2007 PATCHES/packages/libpng-1.2.18-x86_64.tgz: Upgraded to libpng-1.2.18. A grayscale PNG image with a malformed (bad CRC) tRNS chunk will crash some libpng applications. This vulnerability has been assigned the identifiers CVE-2007-2445 and CERT VU#684664. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445 [*** Security fix ***] +--------------------------+ Tue May 15 10:15:17 EEST 2007 patches/packages/samba-3.0.25-x86_64-1.tgz: Upgraded to samba-3.0.25. Security Fixes included in the Samba 3.0.25 release are: o CVE-2007-2444 Versions: Samba 3.0.23d - 3.0.25pre2 Local SID/Name translation bug can result in user privilege elevation o CVE-2007-2446 Versions: Samba 3.0.0 - 3.0.24 Multiple heap overflows allow remote code execution o CVE-2007-2447 Versions: Samba 3.0.0 - 3.0.24 Unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447 [*** Security fix ***] +--------------------------+ Thu May 10 17:35:55 EEST 2007 PATCHES/packages/slackpkg-2.60-noarch-1.tgz: Upgraded to slackpkg-2.60. Thanks to Piter Punk! EXTRA software/php5/php-5.2.2-x86_64-1.tgz: Upgraded to php-5.2.2. This fixes bugs and improves security. For more details, see: http://www.php.net/releases/5_2_2.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001 [*** Security fix ***] PATCHES/packages/php-4.4.7-x86_64-1.tgz: Upgraded to php-4.4.7. This fixes bugs and improves security. For more details, see: http://www.php.net/releases/4_4_7.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001 [*** Security fix ***] PATCHES/packages/gnome-icon-theme-2.14.2-noarch-2.tgz: gnome-icon-theme puts its pkgconfig file in the wrong directory, which is (was) breaking compiles. Now it is in the right place. +--------------------------+ Thu Apr 26 11:33:09 EEST 2007 PATCHES/packages/fontconfig-2.4.2-x86_64-2.tgz: Changed the font paths in /etc/fonts/fonts.conf to point to where the fonts actually are, rather than through a symlink. The symlink (/usr/X11R6/lib/fonts) *should* be made by the aaa_base package, but still it's probably best to point to the real location. Moved man pages to the proper location and gzipped them. Created a /var/cache/fontconfig directory. +--------------------------+ Wed Apr 25 13:42:57 EEST 2007 PATCHES/packages/e2fsprogs-1.38-x86_64-2.tgz: Recompiled with --libdir=/lib64. This seems to causes problems if you are using /usr on a separate partition. Thanks to Telsin for reporting this. PATCHES/packages/glibc-solibs-2.3.6-x86_64-5a.tgz: Repackaged. Fixed, in the ldd script, the ld-linux.so.2 path. +--------------------------+ Tue Apr 24 11:05:04 EEST 2007 PATCHES/packages/freetype-2.3.4-x86_64-2.tgz: Fixed the diffs for the patented algorithms. +--------------------------+ Sat Apr 21 01:09:19 EEST 2007 PATCHES/packages/x11-6.9.0-x86_64-10.tgz: Removed old versions of fc-cache and fc-list. Somehow a couple of old fontconfig binaries snuck into this package, and prevent fc-cache from working properly at boot (or any other time). If you've already installed these upgrades, reinstalling the fontconfig package will fix the issue. If you do that, there's no need to reinstall this new x11 package -- it's been fixed so that there's no longer a problem with the package install order (and because those fc-* binaries didn't belong there). Sorry for any inconvenience! [*** Fix ***] +--------------------------+ Fri Apr 20 12:44:17 EEST 2007 PATCHES/packages/fontconfig-2.4.2-x86_64-1.tgz: Upgraded to the fontconfig-2.4.2 to work better with freetype-2.3.4. PATCHES/packages/freetype-2.3.4-x86_64-1.tgz: Fixed an overflow parsing BDF fonts. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 [*** Security fix ***] PATCHES/packages/x11-6.9.0-x86_64-9.tgz: Recompiled. PATCHES/packages/x11-devel-6.9.0-x86_64-9.tgz: Recompiled. PATCHES/packages/x11-xdmx-6.9.0-x86_64-9.tgz: Recompiled. PATCHES/packages/x11-xnest-6.9.0-x86_64-9.tgz: Recompiled. PATCHES/packages/x11-xvfb-6.9.0-x86_64-9.tgz: Recompiled. PATCHES/packages/xine-lib-1.1.6-x86_64-1.tgz: Upgraded to xine-lib-1.1.6. This fixes overflows in xine-lib in some little-used media formats in xine-lib < 1.1.5 and other bugs in xine-lib < 1.1.6. The overflows in xine-lib < 1.1.5 could definitely cause an application using xine-lib to crash, and it is theorized that a malicious media file could be made to run arbitrary code in the context of the user running the application. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246 [*** Security fix ***] +--------------------------+ Wed Apr 4 23:28:30 EEST 2007 PATCHES/packages/qca-tls-1.0-x86_64-4.tgz: Recompiled for qt-3.3.8. +--------------------------+ Wed Apr 4 10:21:54 EEST 2007 PATCHES/packages/file-4.20-x86_64-1.tgz: Upgraded to file-4.20. This fixes a heap overflow that could allow code to be executed as the user running file (note that there are many scenarios where file might be used automatically, such as in virus scanners or spam filters). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 [*** Security fix ***] PATCHES/packages/ktorrent-2.1.3-x86_64-1.tgz: Upgraded to ktorrent-2.1.3. A directory traversal vulnerability in torrent.cpp in versions < 2.1.2 may allow remote attackers to overwrite the ktorrent user's files. A bug in chunkcounter.cpp in versions < 2.1.2 allows remote attackers to crash ktorrent and cause heap corruption by the use of an invalid idx value. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385 [*** Security fix ***] PATCHES/packages/qt-3.3.8-x86_64-1.tgz: Patched an issue where the Qt UTF 8 decoder may in some instances fail to reject overlong sequences, possibly allowing "/../" path injection or XSS errors. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242 [*** Security fix ***] +--------------------------+ Tue Mar 27 12:44:18 EEST 2007 PATCHES/packages/libwpd-0.8.9-x86_64-1.tgz: Upgraded to libwpd-0.8.9. Various overflows may lead to application crashes upon opening a specially crafted WordPerfect file. This vulnerability could also conceivably be used by an attacker to execute arbitrary code. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-002 [*** Security fix ***] PATCHES/packages/mozilla-firefox-1.5.0.11-x86_64-1.tgz: Upgraded to mozilla-firefox-1.5.0.11. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox [*** Security fix ***] EXTRA software/mozilla-firefox-2.0.0.3/mozilla-firefox-2.0.0.3-x86_64-1.tgz: Upgraded to mozilla-firefox-2.0.0.3. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox [*** Security fix ***] +--------------------------+ Sun Mar 18 23:52:01 EET 2007 PATCHES/packages/gaim-1.5.0-x86_64-1.tgz: Recompiled against mozilla-nss. Also added the GAIM beta in the /unsupported/ directory, if anyone is interested. PATCHES/packages/mozilla-nss-3.4.11-x86_64-1.tgz: Added mozilla-nss to provide a more stable API/ABI for GAIM. PATCHES/packages/libpng-1.2.16-x86_64-1.tgz: Upgraded to libpng-1.2.16. This fixes some problems with the new ImageMagick package, such as massive memory usage using "convert". +--------------------------+ Wed Mar 14 14:48:47 EET 2007 PATCHES/packages/php-4.4.6-x86_64-1.tgz: Upgraded to php-4.4.6. This version of PHP fixes a problem introduced with the last PHP release where certain applications using "register_globals" may crash. +--------------------------+ Thu Mar 8 14:31:45 EET 2007 PATCHES/packages/gnupg-1.4.7-x86_64-1.tgz: Upgraded to gnupg-1.4.7. This fixes a security problem that can occur when GnuPG is used incorrectly. Newer versions attempt to prevent such misuse. For more information, see: http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html [*** Security fix ***] PATCHES/packages/x11-6.9.0-x86_64-8.tgz: Patched. This update fixes overflows in the dbe and render extensions. This could possibly be exploited to overwrite parts of memory, possibly allowing malicious code to execute, or (more likely) causing X to crash. For information about some of the security fixes, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6103 [*** Security fix ***] PATCHES/packages/mozilla-firefox-1.5.0.10-x86_64-1.tgz: Upgraded to firefox-1.5.0.10. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox [*** Security fix ***] PATCHES/packages/mozilla-thunderbird-1.5.0.10-x86_64-1.tgz: Upgraded to thunderbird-1.5.0.10. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird [*** Security fix ***] PATCHES/packages/seamonkey-1.0.8-x86_64-1.tgz: Upgraded to seamonkey-1.0.8. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey [*** Security fix ***] PATCHES/packages/imagemagick-6.3.3_0-x86_64-1.tgz: Upgraded to imagemagick-6.3.3-0. The original fix for PALM image handling has been corrected. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456 [*** Security fix ***] EXTRA software/mozilla-firefox-2.0.0.2-x86_64-1.tgz: Upgraded to firefox-2.0.0.2. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox [*** Security fix ***] +--------------------------+ Fri Feb 23 13:18:40 EET 2007 PATCHES/packages/php-4.4.5-x86_64-1.tgz: Upgraded to php-4.4.5 which improves stability and security. For complete details, see http://www.php.net. For imformation about some of the security fixes, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988 [*** Security fix ***] EXTRA software/php5/php-5.2.1-x86_64-1.tgz: Upgraded to php-5.2.1 which improves stability and security. For imformation about some of the security fixes, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988 [*** Security fix ***] PATCHES/packages/amarok-1.4.5-x86_64-1.tgz: Upgraded to amarok-1.4.5, which fixes the last.fm stream breakage after the last upgrade to xine-lib. PATCHES/packages/libgpod-0.4.2-x86_64-1.tgz: Upgraded to libgpod-0.4.2. This is needed for the amarok package. PATCHES/packages/libmtp-0.1.3-x86_64-1.tgz: Upgraded to libmtp-0.1.3. This is needed for the amarok package. PATCHES/packages/xine-lib-1.1.3-x86_64-1.tgz: Upgraded to xine-lib-1.1.3. +--------------------------+ Tue Feb 20 00:19:20 EET 2007 PATCHES/packages/glibc-zoneinfo-2.3.6-noarch-6.tgz: Updated with tzdata2007b for impending Daylight Savings Time changes in the US. +--------------------------+ Thu Feb 8 10:43:39 EET 2007 PATCHES/packages/samba-3.0.24-x86_64-1.tgz: Upgraded to samba-3.0.24. From the WHATSNEW.txt file: "Important issues addressed in 3.0.24 include: Fixes for the following security advisories: - CVE-2007-0452 (Potential Denial of Service bug in smbd) - CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind NSS library on Solaris) - CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)" Samba is vulnerable to the first issue, which can cause smbd to enter into an infinite loop, disrupting Samba services. Bluewhite64 is not vulnerable to the second issue, and does not ship the afsacl.so VFS plugin (but it's something to be aware of if you build Samba with custom options). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454 [*** Security fix ***] +--------------------------+ Sat Jan 27 10:58:16 EET 2007 PATCHES/packages/bind-9.3.4-x86_64-1.tgz: Upgraded to bind-9.3.4. This update fixes two denial of service vulnerabilities where an attacker could crash the name server with specially crafted malformed data. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494 [*** Security fix ***] +--------------------------+ Thu Jan 25 02:54:36 EET 2007 PATCHES/packages/fetchmail-6.3.6-x86_64-1.tgz: Upgraded to fetchmail-6.3.6. This fixes two security issues. First, a bug introduced in fetchmail-6.3.5 could cause fetchmail to crash. Second, a long standing bug (reported by Isaac Wilcox) could cause fetchmail to send a password in clear text or omit using TLS even when configured otherwise. All fetchmail users are encouraged to consider using getmail, or to upgrade to the new fetchmail packages. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867 [*** Security fix ***] +--------------------------+ Sun Dec 24 19:00:11 EET 2006 PATCHES/packages/xine-lib-1.1.2-x86_64-3.tgz: Patched to fix possible security problems such as a heap overflow in libmms and a buffer overflow in the Real Media input plugin. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200 [*** Security fix ***] +--------------------------+ Sun Dec 24 14:22:38 EET 2006 EXTRA SOFTWARE/mozilla-firefox-2.0.0.1/mozilla-firefox-2.0.0.1-x86_64-1.tgz: Upgraded to Mozilla Firefox 2.0.0.1. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox [*** Security fix ***] PATCHES/packages/mozilla-firefox-1.5.0.9-x86_64-1.tgz: Upgraded to firefox-1.5.0.9. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox [*** Security fix ***] PATCHES/packages/mozilla-thunderbird-1.5.0.9-x86_64-1.tgz: Upgraded to thunderbird-1.5.0.9. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird [*** Security fix ***] PATCHES/packages/seamonkey-1.0.7-x86_64-1.tgz: Upgraded to seamonkey-1.0.7. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey [*** Security fix ***] +--------------------------+ Thu Dec 7 09:59:42 EET 2006 PATCHES/packages/gnupg-1.4.6-x86_64-1.tgz: Upgraded to gnupg-1.4.6. This release fixes a severe and exploitable bug in earlier versions of gnupg. All gnupg users should update to the new packages as soon as possible. For details, see the information concerning CVE-2006-6235 posted on lists.gnupg.org: http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235 This update also addresses a more minor security issue possibly exploitable when GnuPG is used in interactive mode. For more information about that issue, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169 [*** Security fix ***] +--------------------------+ Sat Dec 2 11:45:56 EET 2006 PATCHES/packages/libpng-1.2.14-x86_64-1.tgz: Upgraded to libpng-1.2.14. This fixes a bug where a specially crafted PNG file could crash applications that use libpng. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793 [*** Security fix ***] PATCHES/packages/proftpd-1.3.0a-x86_64-1.tgz: Upgraded to proftpd-1.3.0a plus an additional security patch. Several security issues were found in proftpd that could lead to the execution of arbitrary code by a remote attacker, including one in mod_tls that does not require the attacker to be authenticated first. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171 [*** Security fix ***] PATCHES/packages/tar-1.16-x86_64-1.tgz: Upgraded to tar-1.16. This fixes an issue where files may be extracted outside of the current directory, possibly allowing a malicious tar archive, when extracted, to overwrite any of the user's files (in the case of root, any file on the system). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097 [*** Security fix ***] +--------------------------+ Mon Nov 27 20:46:02 EET 2006 PATCHES/packages/autofs-3.1.7-x86_64-3.tgz: Fixed missing shared libraries. Thanks to Kenjiro Tanaka for reporting this and testing the new package. PATCHES/packages/gaim-1.5.0-x86_64-2.tgz: Recompiled and fixed the build script to install perl modules to /usr/lib/perl5/5.8.8/x86_64-linux. +-----------------------------+ Tue Nov 21 12:47:40 EET 2006 PATCHES/packages/ncurses-5.5-x86_64-1.tgz: Upgraded to ncurses-5.5. Thanks to Thomas Dickey for helping to compile to not brake pkgtool dialog and airex for pointing out this upgrade. PATCHES/packages/gaim-1.5.0-x86_64-2.tgz: Recompiled and moved Gaim perl modules from /usr/lib/perl5/5.8.8/x86_64-linux to /usr/lib/perl5/5.8.8/x86_64-linux. +-----------------------------+ Fri Nov 10 13:07:20 EET 2006 EXTRA software/mozilla-firefox-2.0/mozilla-firefox-2.0-x86_64-1.tgz: Moved from /patches, this sets LD_LIBRARY_PATH to use the libraries in /usr/lib64/firefox-2.0/ which aren't compatible with the SeaMonkey libraries that are used to compile the gxine plugin, breaking it. PATCHES/packages/mozilla-firefox-1.5.0.8-x86_64-1.tgz: Upgraded to firefox-1.5.0.8. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox [*** Security fix ***] PATCHES/packages/mozilla-thunderbird-1.5.0.8-x86_64-1.tgz: Upgraded to thunderbird-1.5.0.8. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird [*** Security fix ***] PATCHES/packages/seamonkey-1.0.6-x86_64-1.tgz: Upgraded to seamonkey-1.0.6. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey [*** Security fix ***] PATCHES/packages/openssl-0.9.8d-x86_64-3.tgz: Recompiled with -fPIC. This will fix compilation of other software, like Kopete 0.12.2. Thanks to Kenjiro Tanaka for reporting this. PATCHES/packages/openssl-solibs-0.9.8d-x86_64-3.tgz: Recompiled with -fPIC. +-----------------------------+ Tue Nov 7 12:39:42 EET 2006 PATCHES/packages/bind-9.3.2_P2-x86_64-1.tgz: Upgraded to bind-9.3.2-P2. This fixes some security issues related to previous fixes in OpenSSL. The minimum OpenSSL version was raised to OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws in older versions (these patches were already issued for Bluewhite64). In addition, the default RSA exponent was changed from 3 to 65537. RSA keys using exponent 3 (which was previously BIND's default) will need to be regenerated to protect against the forging of RRSIGs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 [*** Security fix ***] +-----------------------------+ Fri Nov 3 23:17:57 CST 2006 extra/php5/php-5.2.0-x86_64-1.tgz: Upgraded to php-5.2.0. This release "includes a large number of new features, bug fixes and security enhancements." In particular, when the UTF-8 charset is selected there are buffer overflows in the htmlspecialchars() and htmlentities() that may be exploited to execute arbitrary code. More details about the vulnerability may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465 Further details about the release can be found in the release announcement: http://www.php.net/releases/5_2_0.php Some syntax has changed since PHP 5.1.x. An upgrading guide may be found at this location: http://www.php.net/UPDATE_5_2.txt This package was placed in /extra rather than /patches to save people from possible surprises with automated upgrade tools, since users of PHP4 and PHP 5.1.x applications may need to make some code changes before things will work again. [*** Security fix ***] PATCHES/packages/php-4.4.4-x86_64-5.tgz: Patched the UTF-8 overflow. More details about the vulnerability may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465 [*** Security fix ***] PATCHES/packages/screen-4.0.3-x86_64-1.tgz: Upgraded to screen-4.0.3. This addresses an issue with the way screen handles UTF-8 character encoding that could allow screen to be crashed (or possibly code to be executed in the context of the screen user) if a specially crafted sequence of pseudo-UTF-8 characters are displayed withing a screen session. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573 [*** Security fix ***] +-----------------------------+ Fri Nov 3 18:22:18 EET 2006 PATCHES/packages/netwatch-1.0a-x86_64-2.tgz: Recompiled to fix Segmentation fault when "netwatch -t -e eth0" is used. Thanks to eleksir for reporting and testing the new package. +-----------------------------+ Sun Oct 29 19:29:23 EET 2006 PATCHES/packages/mozilla-firefox-2.0-x86_64-1.tgz: Upgraded to Mozilla Firefox 2.0. This is a completely optional enhanced feature package update. +-----------------------------+ Thu Oct 26 15:39:27 EEST 2006 PATCHES/packages/qca-tls-1.0-x86_64-3.tgz: Rebuilt to place the plugin in /usr/lib64/qt-3.3.7/plugins/crypto/. PATCHES/packages/qt-3.3.7-x86_64-1.tgz: Upgraded to qt-x11-free-3.3.7. This fixes an issue with Qt's handling of pixmap images that causes Qt linked applications to crash if a specially crafted malicious image is loaded. Inspection of the code in question makes it seem unlikely that this could lead to more serious implications (such as arbitrary code execution), but it is recommended that users upgrade to the new Qt package. For more information, see: http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811 [*** Security fix ***] +-----------------------------+ Wed Oct 25 15:13:44 EEST 2006 PATCHES/packages/bin-11.0-x86_64-4.tgz: Recompiled file-4.17, to provide magic.mgc and magic.mime.mgc. Without these files some applications (like mldonkey) can crash. Thanks to eleksir for reporting this. PATCHES/packages/bitchx-1.1-x86_64-5.tgz: Fixed BitchX symlink in /usr/bin. +-----------------------------+ Sat Oct 14 21:50:59 EEST 2006 PATCHES/packages/openssl-solibs-0.9.8d-x86_64-2.tgz: Recompiled. PATCHES/packages/hpijs-2.1.4-x86_64-2.tgz: Repackaged and added /usr/lib64/cups/filter path to $cupsfilterpath at the foomatic-rip script. Thanks to Cristi C. for reporting this. PATCHES/packages/espgs-8.15.3svn185-x86_64-2.tgz: Recompiled. Added missing "gs" and other binary to /usr/bin. Thanks to Cristi C. for reporting this. PATCHES/packages/openssl-0.9.8d-x86_64-2.tgz: Recompiled and fixed libssl.so and libcrypt.so symlinks. Thanks to Virgil Moldoveanu for reporting this. +-----------------------------+ Mon Oct 9 09:34:55 EEST 2006 PATCHES/packages/slackpkg-2.09-noarch-1.tgz: Upgraded to slackpkg-2.09. Fixed "search" and "upgrade-all" functions. PATCHES/packages/lesstif-0.95.0-x86_64-2.tgz: Repackaged and fixed docs directory symlink. Thanks to Cristi C. for reporting this. PATCHES/packages/apmd-3.0.2-x86_64-1.tgz: Reverted to apmd-3.0.2. Recompiled and patched to correctly build the apm package binaries. Thanks to Cristi C. for reporting this. +-----------------------------+ Tue Oct 3 15:59:31 EEST 2006 Bluewhite64 Linux 11.0 released ! Thank you all who helped to make this release possible. +-----------------------------+ Mon Oct 2 11:20:47 EEST 2006 L software series/jre-1_5_0_09-x86_64-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment Version 5.0, Release 9. EXTRA software/bittornado/bittornado-0.3.15-noarch-1.tgz: Upgraded to bittornado-0.3.15. EXTRA software/jdk-1.5.0_09/jdk-1_5_0_09-x86_64-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Development Kit Version 5.0, Release 9. +-----------------------------+ Sun Oct 1 12:20:13 EEST 2006 A software series/etc-11.0-noarch-2.tgz: Added missing comment marks (#) for distcc ports in /etc/services. N software series/popa3d-1.0.2-x86_64-2.tgz: Do better checking of passwd and group to avoid adding redundant entries to these files. N software series/sendmail-8.13.8-x86_64-4.tgz: Do better checking of passwd and group to avoid adding redundant entries to these files. N software series/sendmail-cf-8.13.8-noarch-4.tgz: Rebuilt. +-----------------------------+ Sat Sep 30 11:40:47 EEST 2006 testing/packages/fontconfig-2.4.1-x86_64-1.tgz: Upgraded to fontconfig-2.4.1. L software series/shared-mime-info-0.19-x86_64-1.tgz: Upgraded to shared-mime-info-0.19. +-----------------------------+ Sat Sep 30 11:08:51 EEST 2006 L software series/libgpod-0.4.0-x86_64-1.tgz: Upgraded to libgpod-0.4.0. L software series/pango-1.12.4-x86_64-1.tgz: Fixed bogus empty GPOS table warning and other minor bugs. testing/packages/iptables-1.3.6-x86_64-1.tgz: This one appeared too late to be considered for mainline (not enough test time), but it _should_ be stable. testing/packages/wpa_supplicant-0.4.9-x86_64-1.tgz: Added wpa_supplicant-0.4.9. +-----------------------------+ Fri Sep 29 19:50:22 EEST 2006 A software series/openssl-solibs-0.9.8d-x86_64-1.tgz: Upgraded to shared libraries from openssl-0.9.8d. See openssl package update below. [*** Security fix ***] N software series/openssh-4.4p1-x86_64-1.tgz: Upgraded to openssh-4.4p1. This fixes a few security related issues. From the release notes found at http://www.openssh.com/txt/release-4.4: * Fix a pre-authentication denial of service found by Tavis Ormandy, that would cause sshd(8) to spin until the login grace time expired. * Fix an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. On portable OpenSSH, this vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote. * On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. Links to the CVE entries will be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052 After this upgrade, make sure the permissions on /etc/rc.d/rc.sshd are set the way you want them. Future upgrades will respect the existing permissions settings. Upgrading openssh would enable a previously disabled sshd daemon. Do better checking of passwd, shadow, and group to avoid adding redundant entries to these files. [*** Security fix ***] N software series/openssl-0.9.8d-x86_64-1.tgz: Upgraded to openssl-0.9.8d. This fixes a few security related issues: During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory (CVE-2006-2937). (This issue did not affect OpenSSL versions prior to 0.9.7) Thanks to Dr S. N. Henson of Open Network Security and NISCC. Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack (CVE-2006-2940). Thanks to Dr S. N. Henson of Open Network Security and NISCC. A buffer overflow was discovered in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer. (CVE-2006-3738) Thanks to Tavis Ormandy and Will Drewry of the Google Security Team. A flaw in the SSLv2 client code was discovered. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash (CVE-2006-4343). Thanks to Tavis Ormandy and Will Drewry of the Google Security Team. Links to the CVE entries will be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 [*** Security fix ***] +-----------------------------+ Thu Sep 28 17:55:47 EEST 2006 AP software series/vorbis-tools-1.1.1-x86_64-2.tgz: Fixed UTF8 support. +-----------------------------+ Tue Sep 26 23:27:18 EEST 2006 A software series/aaa_base-11.0.0-noarch-3.tgz: Updated the "Welcome to Bluewhite64" email. Added /mount directory, subdirectories, and symbolic links recommended by the FHS, along with README files. A software series/etc-11.0-noarch-1.tgz: Fixed a bug in /etc/csh.login that caused repeated use of "csh -l" to duplicate search directories in the $path. Clearly /etc/csh.login should set the path just as /etc/profile does. Added distcc port to /etc/services. A software series/pkgtools-11.0.0-x86_64-4.tgz: Made upgradepkg a little bit more gentle -- if it is run on a corrupted .tgz it will no longer remove the original package. Added rc.scanluns to the services setup menu. A software series/sysvinit-2.84-x86_64-14.tgz: Fixed path to /sbin/initscript shown in init.8 (again). Changed rc.S to run rc.serial according to whether the script is executable. A software series/util-linux-2.12r-x86_64-3.tgz: Treat /etc/rc.d/rc.serial (to preserve file permissions), /etc/serial.conf, and /etc/fdprm as '.new' config files. AP software series/lm_sensors-2.10.0-x86_64-3.tgz: Fixed hardcoded /usr/local paths in sensors-detect. KDE software series/kdebase-3.5.4-x86_64-9.tgz: Patched to fix media:/ URLs in Konqueror without requiring HAL. http://bugs.kde.org/show_bug.cgi?id=132281 +-----------------------------+ Tue Sep 26 02:35:15 EEST 2006 N software series/php-4.4.4-x86_64-4.tgz: Fixed man directory location. +-----------------------------+ Sun Sep 24 00:06:15 EEST 2006 A software series/sysvinit-2.84-x86_64-13.tgz: In rc.M, start rc.hplip if found. Fix the path to /sbin/initscript shown in init.8. XAP software series/sane-1.0.18-x86_64-3.tgz: Added HPLIP backend (hpaio) to dll.conf. testing/packages/cups-1.2.4/cups-1.2.4-x86_64-1.tgz: Upgraded to cups-1.2.4. testing/packages/hplip-1.6.9-x86_64-1.tgz: Added hplip-1.6.9, a complete print, scan, and fax system for HP devices. Can anyone test this package and send feedback ? I don't have HP printer/scanner/fax. Thank you. testing/packages/gutenprint-5.0.0-x86_64-2.tgz: Don't overwrite GIMP's "print" plugin -- instead install the plugin as "gutenprint". +-----------------------------+ Fri Sep 22 11:36:08 EEST 2006 N software series/portmap-5.0-x86_64-3.tgz: In rc.rpc, fixed restart function. +-----------------------------+ Thu Sep 21 21:26:45 EEST 2006 Bluewhite64 Linux 11.0 release candidate 5. No ISO`s at this time :). A software series/devs-2.3.1-noarch-4.tgz: Added /dev/i2c-* devices. Devs is required to boot even if the machine runs a 2.6+ kernel and uses udev. A software series/hotplug-2004_09_23-noarch-5.tgz: Don't allow dhcpcd -k to make noise at shutdown time if dhcpcd is not running (as in cases where it was shut down manually, or the lease time was infinite). A software series/logrotate-3.7.4-x86_64-1.tgz: Upgraded to logrotate-3.7.4. Rotate /var/log/btmp. A software series/pkgtools-11.0.0-x86_64-4.tgz: Stripped /bin/dialog. In setup.services, rename rc.portmap to rc.rpc. This is no longer started by default. Instead you must turn it on (only if you plan on mounting NFS partitions manually). Otherwise, it will be run regardless of exec perms if NFS shares or mounts are detected at boot time. AP software series/diffstat-1.43-x86_64-1.tgz: Added Thomas Dickey's diffstat utility. AP software series/lm_sensors-2.10.0-x86_64-2.tgz: Edited slack-desc since the package contains only the tools for lm_sensors, not the drivers. In the case of the 2.6+ kernel, these are included with the kernel-modules package. Also, there is still no startup script included for this package, but that's something that will be looked at for the next development cycle. Removed the mkdev.sh after including the i2c devices in the devs package. N software series/mailx-12.1-x86_64-1.tgz: Upgraded to mailx-12.1 from nail-11.25 (renamed). N software series/nfs-utils-1.0.10-x86_64-3.tgz: Moved rpc.lockd and rpc.statd to /sbin. Reworked rc.nfsd to make use of the rc.rpc script in "portmap". N software series/portmap-5.0-x86_64-2.tgz: Replaced /etc/rc.d/rc.portmap with /etc/rc.d/rc.rpc. This script will start rpc.portmap, rpc.lockd, and rpc.statd. All of these are needed to make proper use of NFS from either the server or client side, so this approach should be more likely to work out of the box. Note that nfs-utils will also be required in order to use rc.rpc or NFS, even as a client. If rc.rpc is needed, another script will run it as long as it is readable. The only reason to make rc.rpc executable would be to run it at boot time when there are no shares in /etc/exports and no mounts in /etc/fstab, but you wish to be able to mount NFS partitions manually. N software series/tcpip-0.17-x86_64-4.tgz: Don't allow dhcpcd -k to make noise at shutdown time if dhcpcd is not running (as in cases where it was shut down manually, or the lease time was infinite). Added missing vlan.1.9 and bridge-utils-1.0.6. X software series/ttf-indic-fonts-0.4.7.1-noarch-1.tgz: Added TTF fonts for displaying Indic scripts. This package supports Bengali, Devanagari, Gujarati, Kannada, Malayalam, Oriya, Punjabi, Tamil, and Telugu. For information about fully enabling Indic support (including input), see: /usr/doc/Linux-HOWTOs/Indic-Fonts-HOWTO. isolinux/initrd.img: Patched installer's network script to look for network26.dsk if 2.6.17.13 (generic.i) is used to boot/install. NFS installs with the test26.s kernel are not supported by this system, but should work if you put the module(s) you need on a floppy or otherwise make them available and load them manually. isolinux/network26.dsk: Added network26.dsk for NFS installs with generic.i. Don't try to put this one on a floppy disk. kernels/generic.i/*: Added built-in NLS (CONFIG_NLS_CODEPAGE_437, CONFIG_NLS_ISO8859_1, and CONFIG_NLS_UTF8) to allow FAT filesystems to loopback mount for NFS installs. kernels/test26.s/*: Added 2.6.18 test26.s kernel. testing/packages/flex-2.5.33-x86_64-1.tgz: Added flex-2.5.33. testing/packages/gutenprint-5.0.0-x86_64-1.tgz: Added gutenprint-5.0.0. This package was formerly known as "gimp-print", and will likely take the place of gimp-print in the AP series after going through testing. testing/packages/linux-2.6.18/kernel-generic-2.6.18-x86_64-1.tgz: Added Linux 2.6.18 generic kernel. testing/packages/linux-2.6.18/kernel-headers-2.6.18-x86_64-1.tgz: Added Linux 2.6.18 kernel headers. testing/packages/linux-2.6.18/kernel-modules-2.6.18-x86_64-1.tgz Added Linux 2.6.18 kernel modules. testing/packages/linux-2.6.18/kernel-source-2.6.18-noarch-1.tgz Added Linux 2.6.18 kernel source. NOTE: I have tested this here and seems that the X don't start even with the -vesa config. Also, the nVidia drivers did not load properly in to the running kernel. Anyone have the same situations? +-----------------------------+ Wed Sep 20 10:35:58 EEST 2006 L software series/arts-1.5.4-x86_64-2.tgz: Patched an annoying bug where audio programs such as ogg123 would not work unless KDE had been run first. A software series/gzip-1.3.5-x86_64-1.tgz: Upgraded to gzip-1.3.5, and fixed a variety of bugs. Some of the bugs have possible security implications if gzip or its tools are fed a carefully constructed malicious archive. Most of these issues were recently discovered by Tavis Ormandy and the Google Security Team. Thanks to them, and also to the ALT and Owl developers for cleaning up the patch. For further details about the issues fixed, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338 [*** Security fix ***] N software series/procmail-3.22-x86_64-2.tgz: Added support for large (2GB+) mailboxes. isolinux/initrd.img: Patched installer to allow splitting a package series over two or more pieces of optical media. If a package directory contains a file named README_SPLIT.TXT, then it will be continued on the next disc. An example of such a file can be found in /isolinux. +-----------------------------+ Tue Sep 19 02:32:56 EEST 2006 L software series/neon-0.25.5-x86_64-2.tgz: Enabled missing SSL support. +-----------------------------+ Tue Sep 19 01:05:47 EEST 2006 A software series/aaa_elflibs-11.0.0-x86_64-9.tgz: Added /lib64/libdm.so.0.0.4. A software series/bzip2-1.0.3-x86_64-2.tgz: Stripped /lib64/libbz2.so.1.0.3. AP software series/espgs-8.15.3svn185-x86_64-1.tgz: Upgraded to espgs-8.15.3svn185. AP software series/vim-7.0.109-x86_64-1.tgz: Upgraded to vim-7.0.109. D software series/subversion-1.4.0-x86_64-1.tgz: Upgraded to subversion-1.4.0. L software series/desktop-file-utils-0.11-x86_64-1.tgz: Added desktop-file-utils-0.11. The next XFce will need this freedesktop.org package. L software series/libexif-0.6.13-x86_64-3.tgz: Fixed libexif.pc includedir. L software series/libtheora-1.0alpha7-x86_64-1.tgz: Added libtheora-1.0alpha7. L software series/libungif-4.1.4-x86_64-3.tgz: Added the utilities in /usr/bin, some of which are used to detect that annoying image spam that's on the rise... L software series/neon-0.25.5-x86_64-1.tgz: Added neon package, split from subversion-deps-1.4.0. X software series/dejavu-ttf-2.10-noarch-1.tgz: Upgraded to dejavu-ttf-2.10. XAP software series/vim-gvim-7.0.109-x86_64-1.tgz: Upgraded to vim-7.0.109. Once again, this is just an add-on for the VIM package in ap. XAP software series/xine-lib-1.1.2-x86_64-2.tgz: Recompiled against libtheora to include the Theora codec plugin. Theora testsuite passed. XAP software series/xine-ui-0.99.4-x86_64-3.tgz: Patched an issue where xine-ui could block input to Konsole. isolinux/initrd.img: Fixed swap setup in the "Cancel" or unselecting all swap partitions case. A software series/glibc-solibs-2.3.6-x86_64-5.tgz: Fixed /lib64/ld-linux.so.2 and /lib64/ld-linux-x86_64.so.2 symlinks. No actual rebuild, so no -$BUILD bump. Use "upgradepkg --reinstall glibc-solibs-2.3.6-x86_64-5.tgz" to reinstall this package. L software series/glibc-2.3.6-x86_64-5.tgz: Fixed /lib64/ld-linux.so.2 and /lib64/ld-linux-x86_64.so.2 symlinks. No actual rebuild, so no -$BUILD bump. Use "upgradepkg --reinstall glibc-2.3.6-x86_64-5.tgz" to reinstall this package. Thanks to Roberto Gonzalez Azevedo for reporting this. +-----------------------------+ Mon Sep 18 00:05:59 EEST 2006 EXTRA software/mpg123-0.59r/mpg123-0.59r-x86_64-1.tgz: Added mpg123-0.59r. EXTRA software/isdn4k-utils/isdn4k-utils-CVS-2005-08-21.tar.bz2: Added isdn4k-utils-CVS-2005-08-21. Please read the README file before use this. EXTRA software/inn/inn-2.4.3-x86_64-1.tgz: Added inn-2.4.3. EXTRA software/emacspeak-ss-1.9.1/emacspeak-ss-1.9.1-x86_64-1.tgz: Added emacspeak-ss-1.9.1. EXTRA software/emacspeak/emacspeak-23.0-x86_64-1.tgz: Added emacspeak-23.0. EXTRA software/libsafe-2.0-16/libsafe-2.0.16-x86_64-1.tgz: Added libsafe-2.0.16. +-----------------------------+ Sun Sep 17 14:03:51 EEST 2006 L software series/libgpod-0.3.2-x86_64-2.tgz: Added --enable-eject-command and --enable-unmount-command. KDE software series/amarok-1.4.3-x86_64-2.tgz: Recompiled with a patch to fix non-latin1 playlist corruption by forcing UTF8. Added explicit --enable-libgpod. Thanks to Kody K. KDE software series/kdeutils-3.5.4-x86_64-2.tgz: Fixed ark crash due to race condition on SMP machines. N software series/rdesktop-1.5.0-x86_64-1.tgz: Upgraded to rdesktop-1.5.0. X11 software series/x11-6.9.0-x86_64-7.tgz: Reverted the ATI hang patch. If you were helped by the patch it'll be held in /extra for the release so that hopefully everyone can enjoy a working ATI card. As this is a real problem but the patch does seem to introduce some new issues of its own. It's good to have an alternate driver just in case, though. Fixed an overflow in CID encoded Type1 font parsing. For further reference, see: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=411 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740 [*** Security fix ***] Also, fixed French Canadian keymap variant. X software series/x11-devel-6.9.0-x86_64-7.tgz: Recompiled. X software series/x11-xdmx-6.9.0-x86_64-7.tgz: Recompiled. X software series/x11-xnest-6.9.0-x86_64-7.tgz: Recompiled. X software series/x11-xvfb-6.9.0-x86_64-7.tgz: Recompiled. Y software series/bsd-games-2.13-x86_64-2.tgz: "pom" now supports a reasonable number of digits with a command line option, as noted in the man page. Default behavior has not been changed (it is still a rounded integer percentage). Snipped part of a crufty old patch that wouldn't apply. +-----------------------------+ Sat Sep 16 12:10:53 EEST 2006 D software series/git-1.4.2.1-x86_64-1.tgz: Upgraded to git-1.4.2.1. XAP software series/mozilla-firefox-1.5.0.7-x86_64-1.tgz: Upgraded to firefox-1.5.0.7. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox [*** Security fix ***] XAP software series/mozilla-thunderbird-1.5.0.7-x86_64-1.tgz: Upgraded to thunderbird-1.5.0.7. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird [*** Security fix ***] XAP software series/seamonkey-1.0.5-x86_64-1.tgz: Upgraded to seamonkey-1.0.5. This upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey [*** Security fix ***] A software series/glibc-solibs-2.3.6-x86_64-5.tgz: Recompiled. A software series/glibc-zoneinfo-2.3.6-noarch-5.tgz: Upgraded to tzcode2006k and tzdata2006k. Added "ldconfig -r ." to install script. A software series/openssl-solibs-0.9.8b-x86_64-3.tgz: Patched an issue where it is possible to forge certain kinds of RSA signatures. The patch is used instead of an upgrade to openssl-0.9.8c as it was issued later with a corrected fix. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 [*** Security fix ***] D software series/pkgconfig-0.21-x86_64-3.tgz: Added {curly brackets} around PKG_CONFIG_PATH in /etc/profile.d/pkgconfig.*. L software series/glibc-2.3.6-x86_64-5.tgz: Recompiled against 2.6.17.13 headers. L software series/glibc-i18n-2.3.6-noarch-5.tgz: Recompiled. L software series/glibc-profile-2.3.6-x86_64-5.tgz: Recompiled. N software series/openssl-0.9.8b-x86_64-3.tgz: Patched an issue where it is possible to forge certain kinds of RSA signatures. The patch is used instead of an upgrade to openssl-0.9.8c as it was issued later with a corrected fix. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 [*** Security fix ***] A software series/sysvinit-2.84-x86_64-12.tgz: Sleep 3 seconds before mounting non-root partitions. This was a sleep removed earlier in the devel cycle to see what it would break (if anything), and the answer is some external hard drives that take a couple seconds to hotplug. In rc.M, restart udevd when returning from single user mode. Patched initscript.5 man page to show proper /sbin/initscript path. Found another assumption that the kernel has hotplug support in the rc.udev stop function. A software series/udev-097-x86_64-8.tgz: Uncommented dmsetup rule for LVM2. If there's no udevd daemon, don't allow rc.udev to try to start. AP software series/diffutils-2.8.1-x86_64-3.tgz: Fixed sdiff.1 man page. L software series/libwpd-0.8.6-x86_64-1.tgz: Upgraded to libwpd-0.8.6. N software series/imapd-4.64-x86_64-2.tgz: Added missing md5.txt mentioned in the imapd man page, plus a note about additional (large) documentation in the sources. The docs directory was also moved to /usr/doc/imapd4.64. N software series/rdesktop-1.4.1-x86_64-1.tgz: Added rdesktop-1.4.1. N software series/stunnel-4.17-x86_64-1.tgz: Upgraded to stunnel-4.17. A software series/module-init-tools-3.2.2-x86_64-2.tgz: In /etc/modprobe.d/, if there's no /etc/modprobe.d/modprobe.conf file, try to make a link to ../modprobe.conf. This will retain legacy support for existing /etc/modprobe.conf files. kernels/generic.s/*: Upgraded generic.s kernel to 2.6.17.13. Added NFSv3 support. A software series/kernel-generic-2.6.17.13-x86_64-1.tgz: Upgraded to Linux 2.6.17.13 generic kernel. A software series/kernel-modules-2.6.17.13-x86_64-1.tgz Upgraded to Linux 2.6.17.13 kernel modules. D software series/kernel-headers-2.6.17.13-x86_64-1.tgz: Upgraded to Linux 2.6.17.13 kernel headers. K software series/kernel-source-2.6.17.13-noarch-1.tgz Upgraded to Linux 2.6.17.13 kernel source. KDE software series/kdesdk-3.5.4-x86_64-2.tgz: Recompiled with configure flags that allow the apr libraries to be found. L software series/libgpod-0.3.2-x86_64-1.tgz: Added libgpod-0.3.2. L software series/libmtp-0.0.18-x86_64-1.tgz: Added libmtp-0.0.18. L software series//libnjb-2.2.5-x86_64-1.tgz: Added libnjb-2.2.5. KDE software series/amarok-1.4.3-x86_64-1.tgz: Upgraded to amarok-1.4.3. Added plugins linked with libgpod, libmtp, and libnjb. Working status (even with a bit of DYI) is not known (yet). It might require HAL to make it do anything at all. Compiled against libmtp-0.0.18. N software series/bind-9.3.2_P1-x86_64-1.tgz: Upgraded to bind-9.3.2-P1. This update addresses a denial of service vulnerability. BIND's CHANGES file says this: 2066. [security] Handle SIG queries gracefully. [RT #16300] More details: http://security.FreeBSD.org/advisories/FreeBSD-SA-06:20.bind.asc Also, fixed some missing man pages. [*** Security fix ***] +-----------------------------+ Tue Sep 5 01:18:31 EEST 2006 kernels/generic.s/*. Recompiled with IEEE80211_SOFTMAC=m to enable the Broadcom BCM43xx wireless support. A software series/kernel-generic-2.6.17.11-x86_64-2.tgz. Recompiled with IEEE80211_SOFTMAC=m to enable the Broadcom BCM43xx wireless support. A software series/kernel-modules-2.6.17.11-x86_64-2.tgz: Recompiled with IEEE80211_SOFTMAC=m to enable the Broadcom BCM43xx wireless support. Thanks to Darksurf for reporting this. +-----------------------------+ Mon Sep 4 09:31:40 EEST 2006 A software series/udev-097-x86_64-7.tgz: Fixed a missing '[' in rc.optical-symlinks. +-----------------------------+ Sun Sep 3 20:44:39 EEST 2006 A software series/udev-097-x86_64-6.tgz: Make sure /proc/sys/kernel/hotplug exists before writing to it. Change log level from "crit" or "err" since udev doesn't support "crit". Don't fail to mount tmpfs on /dev because some other tmpfs mount exists. Forget standards -- if k3b wants "/dev/writer" then that is good enough justification. Try to make a link to the most full-featured burner. Relaxed the perms on input events from 600 to 640 so that members of group root can also read events. AP software series/mysql-5.0.24a-x86_64-1.tgz: Upgraded to mysql-5.0.24a. The ABI change in MySQL 5.0.24 was unintentional, so all the packages that were recompiled before need another recompile. D software series/perl-5.8.8-x86_64-4.tgz: Recompiled against libmysqlclient. KDE software series/koffice-1.5.2-x86_64-4.tgz: Recompiled against libmysqlclient. KDE software series/qt-3.3.6-x86_64-4.tgz: Recompiled against libmysqlclient. N software series/bitchx-1.1-x86_64-4.tgz: Recompiled against libmysqlclient. N software series/dhcp-3.0.4-x86_64-2.tgz: Fixed incorrect man page permissions. N software series/iptables-1.3.5-x86_64-2.tgz: Updated a rather ancient description file. N software series/php-4.4.4-x86_64-3.tgz: Recompiled against libmysqlclient. N software series/samba-3.0.23c-x86_64-1.tgz: Upgraded to samba-3.0.23c. N software series/sendmail-8.13.8-x86_64-3.tgz: Recompiled with official patch. "(2006-08-30) If sendmail is used with -bs and a mail filter (milter) is configured, an assertion can be triggered. This patch fixes the bug." n/sendmail-cf-8.13.8-noarch-3.tgz EXTRA software/ktorrent/ktorrent-2.0.2-x86_64-1.tgz: Added ktorrent-2.0.2. EXTRA software/php5/php-5.1.6-x86_64-2.tgz: Recompiled against libmysqlclient. AP software series/ispell-3.2.06-x86_64-2.tgz: Fixed dictionary path. L software series/aspell-en-6.0_0-noarch-4.tgz: Fixed dictionary path. +-----------------------------+ Fri Sep 1 13:04:57 EEST 2006 Bluewhite64 11.0-rc4 ISO`s released ! L software series/glibc-2.3.6-x86_64-4.tgz: Repackaged and fixed the ld-linux.so.2 lib path in the ldd script. Thanks to Roberto Gonzalez Azevedo for reporting this. +-----------------------------+ Wed Aug 30 09:11:50 EEST 2006 KDE software series/kdebase-3.5.4-x86_64-7.tgz: Rebuilt. Against this was built the new amarok package and I forgot to add to the main tree, so here is ;). +-----------------------------+ Wed Aug 30 01:12:11 EEST 2006 isolinux/initrd.img: Fixed an installer bug where setup would ask which swap partitions you'd like to use and then conveniently set them all up for you if you selected at least one. F software series/linux-howtos-20060829-noarch-1.tgz: Updated the HOWTOs KDE software series/amarok-1.4.2-x86_64-2.tgz: Rebuilt and fixed the amarok binaryes location. Thanks to Virgil Moldoveanu for reporting this. A software series/shadow-4.0.6-x86_64-1.tgz: reverted to shadow-4.0.6. PLEASE DO NOT UPGRADE/DOWNGRADE the shadow-4.0.3-x86_64-3.tgz package added Wed Aug 23. Use shadow-4.0.6-x86_64-1.tgz package which is included in Bluewhite64 11.0-rc2 and is working. It looks like I accidentaly downgraded the shadow package. It not was with intention. Sorry. If you have problems to log in after you have installed shadow-4.0.3, please read this http://tinyurl.com/jdovk in order to fix it. Thanks to Darksurf for reporting this. +-----------------------------+ Mon Aug 28 22:25:56 EEST 2006 AP software series/vim-7.0.066-x86_64-2.tgz: Use the default vanilla system vimrc as distributed with the vim sources. Using vim with 'crontab -e' was working fine without any additions to the vimrc. D software series/m4-1.4.6-x86_64-1.tgz: Upgraded to m4-1.4.6. L software series/libpng-1.2.12-x86_64-4.tgz: Recompiled so that libpng.so.* links to libz and libm. N software series/irssi-0.8.10a-x86_64-5.tgz: Removed duplicates and unformatted files from docs/help directory X software series/dejavu-ttf/dejavu-ttf-2.9-noarch-1.tgz: Upgraded to dejavu-ttf-2.9. Moved from /extra into the X series. Thanks to the DejaVu team (http://dejavu.sf.net) for the superb work. X software series/fontconfig-2.2.3-x86_64-2.tgz: Patched /etc/fonts.conf to favor the DejaVu fonts over the Vera ones if they are present on the machine. US English users should notice only minor (if any) differences with this patch, but other users could see their language displayed properly out-of-the box. X software series/x11-6.9.0-x86_64-6.tgz: Patched a PCF font parsing bug that could crash X. Fixed the Greek keyboard layout. Fixed ATI lockup bugs. X software series/x11-devel-6.9.0-x86_64-6.tgz: Recompiled. X software series/x11-xdmx-6.9.0-x86_64-6.tgz: Recompiled. X software series/x11-xnest-6.9.0-x86_64-6.tgz: Recompiled. X software series/x11-xvfb-6.9.0-x86_64-6.tgz: Recompiled. XAP software series/seamonkey-1.0.4-x86_64-3.tgz: Fixed world-writable docs. XAP software series/vim-gvim-7.0.066-x86_64-2.tgz: Recompiled. AP software series/device-mapper-1.02-09-x86_64-1.tgz: Upgraded to device-mapper-1.02.09. AP software series/lvm2-2.02.09-x86_64-1.tgz: Upgraded to LVM-2.02.09 EXTRA software /php5/php-5.1.6-x86_64-1.tgz: Moved out of /testing. XAP software series/imagemagick-6.2.8_8-x86_64-2.tgz: Patched png.c to fix the "display" program crashes. Thanks to Andrekoren for reporting this. +-----------------------------+ Sun Aug 27 20:20:00 EEST 2006 This the second update of the day, we consider this Bluewhite64 11.0-rc3. There is no iso at this time, maybe at the next release candidate :). isolinux/initrd.img: Upgraded kernel modules to 2.6.17.11. A software series/etc-5.1-noarch-6.tgz: Added /usr/x86_64-pc-linux/lib path to /etc/ld.so.conf. AP software series/linuxdoc-tools-0.9.21-x86_64-2 .tgz: Rebuilt. L software series/freetype-2.1.9-x86_64-2.tgz: Rebuilt with --libdir=/usr/lib64. L software series/fontconfig-2.2.3-x86_64-2.tgz: Rebuilt with --libdir=/usr/lib64. +-----------------------------+ Sun Aug 27 08:46:48 EEST 2006 A software series/glibc-solibs-2.3.6-x86_64-3.tgz: Patched an issue with kernel version parsing in ld-2.3.6.so that was leading glibc to treat 2.6 kernels with 4 version parts (such as 2.6.17.11) as if they supported NPTL, leading to a crash at boot. A software serie/glibc-zoneinfo-2.3.6-noarch-3.tgz: Updated timezone information from tzdata2006j. A software serie/udev-097-x86_64-4.tgz: Restore ttyUSB access to members of the tty group. In rc.udev, ignore lines that start with '#'. Removed hostap and hostap_cs dupes from blacklist. Patched rc.optical-symlinks to avoid error messages with real SCSI devices and the SCSI generic driver. AP software serie/lm_sensors-2.10.0-x86_64-1.tgz: Added lm_sensors-2.10.0, which contains the libsensors library that KDE can use for hardware status monitoring. AP software serie/vim-7.0.066-x86_64-1.tgz: Upgraded to vim 7.0.066. Added reasonable default vimrc if none exists. XAP software serie/vim-gvim-7.0.066-x86_64-1.tgz: Upgraded to gvim 7.0.066 (requires vim). D software series/perl-5.8.8-x86_64-3.tgz: Upgraded to DBD-mysql-3.0006 and DBI-1.52. To be on the safe side, everything linked with libmysqlclient is getting recompiled. KDE software series/amarok-1.4.2-x86_64-1.tgz: Upgraded to amarok-1.4.2. KDE software series/qt-3.3.6-x86_64-3.tgz: Recompiled against libmysqlclient, added symlink in /usr/lib64/pkgconfig to qt-mt.pc. KDE software series/kdebase-3.5.4-x86_64-6.tgz: Recompiled to use libsensors with ksysguardd. Fixed location of kdeglobals, removed font defaults but kept the anti-aliasing fixes. KDE software series/koffice-1.5.2-x86_64-3.tgz: Recompiled against libmysqlclient and libruby. D software series/pkgconfig-0.21-x86_64-2.tgz: Export PKG_CONFIG_PATH. L software series/glibc-2.3.6-x86_64-3.tgz: Patched an issue with kernel version parsing in ld-2.3.6.so that was leading glibc to treat 2.6 kernels with 4 version parts (such as 2.6.17.11) as if they supported NPTL, leading to a crash at boot. Added sa_IN and ru_RU.CP1251 locale support. Updated timezone information from tzdata2006j. Updated timezone utilities from tzcode2006j. L software series/glibc-i18n-2.3.6-noarch-5.tgz: Rebuilt. Added sa_IN and ru_RU.CP1251 locale support. L software series/glibc-profile-2.3.6-x86_64-3.tgz: Recompiled. L software series/libmusicbrainz-2.1.4-x86_64-1.tgz: Upgraded to libmusicbrainz-2.1.4. L software series/libvisual-0.4.0-x86_64-1.tgz: Added libvisual-0.4.0. Just the library for now (no plugins), but this should make it much easier to compile and use audio visualization plugins without having to recompile amaroK. N software series/bitchx-1.1-x86_64-3.tgz: Recompiled against libmysqlclient. N software series/openldap-client-2.3.27-x86_64-1.tgz: Upgraded to openldap-client-2.3.27. N software series/php-4.4.4-x86_64-2.tgz: Recompiled against libmysqlclient. Fixed man directory location. T software series/tetex-3.0-x86_64-3.tgz: Recompiled against new LessTif to stop warnings from xdvi. T software series/tetex-doc-3.0-x86_64-3.tgz: Rebuilt. Moved info pages to /usr/info. XAP software series/gimp-2.2.13-x86_64-1.tgz: Upgraded to gimp-2.2.13. EXTRA software/k3b/k3b-0.12.17-x86_64-1.tgz: Upgraded to k3b-0.12.17. EXTRA software/k3b/k3b-i18n-0.12.17-noarch-1.tgz: Upgraded to k3b-i18n-0.12.17. EXTRA software/slackpkg-2.08-noarch-2.tgz: Upgraded to slackpkg-2.08-noarch-3. kernels/generic.s/*: Upgraded generic.s kernel to 2.6.17.11. A software series/kernel-generic-2.6.17.11-x86_64-1.tgz: Upgraded to Linux 2.6.17.11 generic kernel. D software series/kernel-headers-2.6.17.11-x86_64-1.tgz: Upgraded to Linux 2.6.17.11 kernel headers. A software series/kernel-modules-2.6.17.11-x86_64-1.tgz Upgraded to Linux 2.6.17.11 kernel modules. Load PC speaker support in rc.modules. K software series/linux-2.6.17.11/kernel-source-2.6.17.11-noarch-1.tgz Upgraded to Linux 2.6.17.11 kernel source. testing/packages/cairo-1.2.4-x86_64-1.tgz: Added cairo-1.2.4. testing/packages/fontconfig-2.3.95-x86_64-1.tgz: Added fontconfig-2.3.95. testing/packages/php-5.1.6/php-5.1.6-x86_64-1.tgz: Upgraded to php-5.1.6. This release contains a fix for memory_limit restriction on 64 bit systems that was not included in PHP 5.1.5. Compiled against libmysqlclient. +-----------------------------+ Wed Aug 23 02:02:40 EEST 2006 A software series/shadow-4.0.3-x86_64-3.tgz: Removed spurious id.1.gz manpage. Removed obsolete options from the passwd program. Fixed deprecated root:bin ownerships. A software series/util-linux-2.12r-x86_64-2.tgz: Added schedutils-1.5.0. Fixed file permissions and ownerships in /usr/doc. A software series/udev-097-x86-64-3.tgz: Changed default udev log level from err to crit. Refuse to run udev unless the kernel is 2.6.15+. Fixed check in rc.udev for 2.6.15+ kernel. A software series/gpm-1.20.1-x86_64-2.tgz: Patched to send all non-critical error messages to the system logs rather than to the console. A software series/pkgtools-11.0.0-x86_64-3.tgz: Merged in some more xorgsetup patches. A software series/sysvinit-2.84-x86_64-11.tgz: In rc.M, fixed the nohotplug cmdline option. Sleep for a couple seconds after shutting down dhcpcd in rc.6 to allow time for various files in /etc to restore themselves. Don't try to mount usbfs if it's in /proc/mounts already. A software series/tar-1.15.1-x86_64-2.tgz: Patched to be less strict about the option order. AP software series/diffutils-2.8.1-x86_64-2.tgz: Patched a bug in sdiff. AP software series/vim-7.0.063-x86_64-1.tgz: Upgraded to vim 7.0.063. Removed unpopular libruby dependency. E software series/emacs-21.4a-x86_64-2.tgz: Avoid a package file overlap between Emacs ctags and Exuberant Ctags. KDE software series/kdebase-3.5.4-x86_64-5.tgz: Added /opt/kde/share/kdeglobals to set the Vera fonts with anti-aliasing enabled as the defaults. XAP software series/seamonkey-1.0.4-x86_64-2.tgz: Added /usr/lib64/seamonkey -> /usr/lib64/seamonkey-1.0.4 symlink. XAP software series/vim-gvim-7.0.063-x86_64-1.tgz: Upgraded to vim 7.0.063. Removed unpopular libruby dependency. EXTRA software/checkinstall/checkinstall-1.6.0-x86_64-2.tgz: Fixed 640 perms on FAQ. +-----------------------------+ Sun Aug 20 14:42:08 EEST 2006 Bluewhite64 11.0-rc2 ISO`s released ! EXTRA software/slackpkg/slackpkg-2.08-noarch-2.tgz: Upgraded to slackpkg-2.08-noarch-2. D software seriese/pkgconfig-0.21-x86_64-1.tgz: Upgraded to pkg-config-0.21. Set the PKG_CONFIG_PATH to search in /usr/local/lib/pkgconfig and /opt/kde/lib/pkgconfig, too. kernels/generic.s/*: Rebuilt and fixed USB keyboards detection. To be consistent, bumped the build number on all of the 2.6.16.27 packages to -4. A software series/linux-2.6.16.27/kernel-generic-2.6.16.27-x86_64-4.tgz: Recompiled. D software series/linux-2.6.16.27/kernel-headers-2.6.16.27-x86_64-4.tgz: Rebuilt A software series/linux-2.6.16.27/kernel-modules-2.6.16.27-x86_64-4.tgz Recompiled. K software series/linux-2.6.16.27/kernel-source-2.6.16.27-noarch-4.tgz Rebuilt. kernels/test26.s/*: Upgraded test26.s kernel to 2.6.17.9. testing/packages/linux-2.6.17.9/kernel-generic-2.6.17.9-x86_64-1.tgz: Upgraded to Linux 2.6.17.9 generic kernel. testing/packages/linux-2.6.17.9/kernel-headers-2.6.17.9-x86_64-1.tgz: Upgraded to Linux 2.6.17.9 kernel headers. testing/packages/linux-2.6.17.9/kernel-modules-2.6.17.9-x86_64-1.tgz Upgraded to Linux 2.6.17.9 kernel modules. testing/packages/linux-2.6.17.9/kernel-source-2.6.17.9-noarch-1.tgz Upgraded to Linux 2.6.17.9 kernel source. +-----------------------------+ Fri Aug 18 18:00:46 EEST 2006 A software seriese/aaa_elflibs-11.0.0-x86_64-8.tgz: Upgraded to the mm-1.4.2 library, patched libtiff, upgraded to pcre-6.7 libraries, and included the recompiled cups-1.1.23 and slang libraries. A software seriese/cups-1.1.23-x86_64-4.tgz: Fixed broken es and fr man page symlinks. D software seriese/git-1.4.2-x86_64-1.tgz: Upgraded to git-1.4.2. KDE software seriese/kdenetwork-3.5.4-x86_64-2.tgz: Patched a bug in kopete that could freeze KDE under certain circumstances. L software seriese/libtiff-3.8.2-x86_64-2.tgz: Patched vulnerabilities in libtiff which were found by Tavis Ormandy of the Google Security Team. These issues could be used to crash programs linked to libtiff or possibly to execute code as the program's user. A low risk command-line overflow in tiffsplit was also patched. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465 [*** Security fix ***] L software seriese/mm-1.4.2-x86_64-1.tgz: Upgraded to mm-1.4.2. L software seriese/pcre-6.7-x86_64-1.tgz: Upgraded to pcre-6.7. L software seriese/slang-2.0.6-x86_64-2.tgz: Fixed uncompressed manpage. N software seriese/php-4.4.4-x86_64-1.tgz: Upgraded to php-4.4.4. Some of the security issues fixed in this release include: * Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions. * Fixed possible open_basedir/safe_mode bypass in cURL extension. * Fixed a buffer overflow inside sscanf() function. [*** Security fix ***] testing/packages/cups-1.2.2/cups-1.2.2-x86_64-2.tgz: Removed /usr/man/man8/disable.8.gz symlink. testing/packages/php-5.1.5/php-5.1.5-x86_64-1.tgz: Upgraded to php-5.1.5. Some of the security issues fixed in this release include: * Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions. * Fixed possible open_basedir/safe_mode bypass in cURL extension and on PHP 5 with realpath cache. * Fixed a buffer overflow inside sscanf() function. [*** Security fix ***] +-----------------------------+ Fri Aug 18 02:51:26 EEST 2006 TCL software seriese/tk-8.4.13-x86_64-2.tgz: Removed wrong symlink from /usr/lib64. N software series/samba-3.0.23b-x86_64-3.tgz Removed wrong symlink from /usr/lib. A software series/rpm-4.2.1-x86_64-2.tgz: Removed wrong symlink from /usr/lib. A software series/exfsprogs-2.8.10_1-x86_64-2.tgz: Removed wrong symlink from /usr/lib. L software series/esound-0.2.36-x86_64-2.tgz: Removed wrong symlinks from /usr/lib. PASTURE software/bison-1.35-x86_64-1.tgz: Added bison-1.35 PASTURE software/gnupg-1.2.7-x86_64-1.tgz: Added gnupg-1.2.7. PASTURE software/libxml-1.8.17-x86_64-1.tgz: Added libxml-1.8.17. PASTURE software/links-0.98/links-0.98-x96_64-1.tgz: Added links-0.98. +-----------------------------+ Thu Aug 17 12:07:53 EEST 2006 A software series/aaa_base-11.0.0-noarch-2.tgz: Added /usr/share/info -> ../info symlink. Bumped /etc/bluewhite64-version number to 11.0.0. A software series/hotplug-2004_09_23-noarch-4.tgz: Corrected typo in rc.hotplug. A software series/pcmcia-cs-3.2.8-x86_64-3.tgz: Commented out line in config.opts for old Webgear wireless card. chmod 644 /etc/pcmcia/*.opts. A software series/pcmciautils-014-x86_64-2.tgz: Commented out line in config.opts for old Webgear wireless card. Moved man pages to /usr/man/man8, compressed with gzip. A software series/sysvinit-2.84-x86_64-10.tgz: Don't run /lib/udev/rc.optical-symlinks in a login shell, since the bug that required that kludge is now fixed. A software series/udev-097-x86_64-2.tgz: Patched rc.optical-symlinks to be locale friendly. Updated comments and removed obsolete options in udev.conf. Removed /dev/loop0 and /dev/rtc from udev-script-devices.tar.gz. L software series/gd-2.0.33-x86_64-1.tgz: Added gd-2.0.33. L software series/libidn-0.6.5-x86_64-1.tgz: Upgraded to libidn-0.6.5. N software series/nfs-utils-1.0.10-x86_64-2.tgz: On 2.6.x kernels, mount nfsd in rc.nfsd. N software series/wireless-tools-28-x86_64-3.tgz: Fixed rc.wireless which contained a few ^M that broke it. XAP software series/gnuplot-4.0.0-x86_64-2.tgz: Recompiled against new gd-2.0.33 package. +-----------------------------+ Wed Aug 16 17:54:40 EEST 2006 A software series/genpower-1.0.5-x86_64-1.tgz: Upgraded to genpower-1.0.5. A software series/less-394-x86_64-1.tgz: Upgraded to less-394. Added RAR support to lesspipe.sh. A software series/sysvinit-2.84-x86_64-9.tgz: In rc.M, check better for udev before running rc.optical-symlinks, and run the script in a login shell which might fix the error "-bash: let: expression expected". AP software series/mt-st-0.9b-x86_64-1.tgz: Upgraded to mt-st-0.9b. D software series/git-1.4.1.1-x86_64-2.tgz: Replaced hard links with symbolic links. KDE software series/kdebase-3.5.4-x86_64-4.tgz: Patched a bug in ksystraycmd. N software series/wireless-tools-28-x86_64-2.tgz: Patched rc.wireless for ESSIDs with spaces. XAP software series/imagemagick-6.2.8_8-x86_64-1.tgz: Reverted to ImageMagick-6.2.8-8 since the "display" program in ImageMagick-6.2.9-0 crashes. +-----------------------------+ Wed Aug 16 02:38:12 EEST 2006 A software series/devs-2.3.1-noarch-3.tgz: Added udev-style /dev/md/* devices to save people who boot between 2.4.x and 2.6.x kernels some trouble. Note: Upgrading the devs package while running udev will NOT work. A software series/sysvinit-2.84-x86_64-8.tgz: Patched rc.4 to check both /usr/bin and /usr/sbin for gdm. Added a warning in rc.S that if you make an rc.modules.local that the other rc.modules script(s) will not be run. Don't try to start udev if sysfs and tmpfs are not in the kernel. Use grep '-q' option instead of '> /dev/null' in many places. A software series/udev-097-x86_64-1.tgz: Upgraded to udev-097. Updated the rc.optical-symlinks script. Added locking to cdrom-symlinks.sh and nethelper.sh scripts to avoid race conditions at boot time. Fixed bugs in rc.udev where the script attempts to mount devpts and usbfs even if they are already mounted. Don't run rc.udev if tmpfs is not in the kernel. AP software series/sysstat-7.0.0-x86_64-1.tgz: Added sysstat-7.0.0. N software series/iproute2-2.6.16_060323-x86_64-1.tgz: Upgraded to iproute2-2.6.16-060323. N software series/nfs-utils-1.0.10-x86_64-1.tgz: Upgraded to nfs-utils-1.0.10. T software series/xfig-3.2.4-x86_64-1.tgz: Added xfig-3.2.4. XAP software series/gimp-2.2.12-x86_64-3.tgz: Fixed icon path in gimp-2.2.desktop. XAP software series/imagemagick-6.2.9_0-x86_64-1.tgz: Upgraded to imagemagick-6.2.9-0. EXTRA software/slackpkg/slackpkg-2.07-noarch-1.tgz: Upgraded to slackpkg-2.07-noarch-1. A software series/glibc-solibs-2.3.6-x86_64-2.tgz: Recompiled. A software series/glibc-zoneinfo-2.3.6-noarch-2.tgz: Updated to tzcode2006i and tzdata2006g. L software series/glibc-2.3.6-x86_64-2.tgz: Recompiled against 2.6.16.27 kernel headers. L software series/glibc-i18n-2.3.6-noarch-2.tgz: Rebuilt. L software series/glibc-profile-2.3.6-x86_64-2.tgz: Recompiled. L software series/jre-1_5_0_08-x86_64-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment Version 5.0, Release 8. N software series/tcpip-0.17-x86_64-3.tgz: Upgraded to ethtool-4. Upgraded to tftp-0.42. Relinked /bin/ftp with correct libreadline. EXTRA software/jdk-1.5.0_08/jdk-1_5_0_08-x86_64-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Development Kit Version 5.0, Release 8. isolinux/initrd.img: Merged in many installer patches from Stuart Winter. Fixed USB keyboard detection at boot. Thanks to Joe Ferrare and Gaetan Coquel for reporting this. +-----------------------------+ Sat Aug 12 19:43:37 EEST 2006 A software series/hotplug-2004_09_23-noarch-3.tgz: Skip rc.hotplug if a new enough udev is running on a 2.6 kernel. A software series/sysvinit-2.84-x86_64-7.tgz: If udev hasn't made /dev/cdrom and other symlinks, call a script from rc.M to make them. Added support to rc.K and rc.6 for an /etc/rc.d/rc.local_shutdown script. A software series/udev-096-x86_64-4.tgz: Generate network card naming rules in /etc/udev/rules.d/network-devices.rules, but comment them out. If your system is naming network devices strangely you should delete your existing /etc/udev/rules.d/network-devices.rules and reboot. If that doesn't do the trick you'll probably need to edit the file. Instead of having udev make the CD/DVD symlinks, have a new script called /lib/udev/rc.optical-symlinks do it. If you'd rather use Piter Punk's method (which works better for hotplugging USB optical drives, for example), then just comment/uncomment the appropriate rules in /etc/udev/rules.d/udev.rules. N software series/whois-4.7.15-x86_64-1.tgz: Upgraded to whois-4.7.15. XAP software series/gimp-2.2.12-x86_64-2.tgz: Fixed broken gimptool man page symlink. +-----------------------------+ Fri Aug 11 22:27:20 EEST 2006 A software series/aaa_elflibs-11.0.0-x86_64-7.tgz: Upgraded libmm to 1.4.1, Fixed libmm perms. Reverted to CUPS libraries from 1.1.23. A software series/cups-1.1.23-x86_64-1.tgz: Reverted to cups-1.1.23 due to some applications needing time to adjust to no longer having access to the private CUPS functions. See below for more info. A software series/etc-5.1-noarch-4.tgz: Upgraded /etc/services to include IPP (for CUPS) and other new services. L software series/hicolor-icon-theme-0.9-noarch-2.tgz: Fixed slack-desc typo. L software series/mm-1.4.1-x86_64-1.tgz: Upgraded to mm-1.4.1. N software series/samba-3.0.23b-x86_64-2.tgz: Recompiled against CUPS 1.1.23. N software series/sendmail-8.13.8-x86_64-2.tgz: Recompiled with DBROKEN_PTHREAD_SLEEP defined in site.config.m4, which fixes a problem with libmilter.a that can cause sendmail milters to be unstable. N software series/sendmail-cf-8.13.8-noarch-2.tgz: Rebuilt. N software series/tcpip-0.17-x86_64-2.tgz: Removed redundant copy of /etc/services. testing/packages/cups-1.2.2/cups-1.2.2-x86_64-1.tgz: It seems as if KDE might still not be 100% ready for CUPS 1.2.x, so we're going to move this into /testing again for the release, but by all means use it if it works for you. A software series/aaa_elflibs-11.0.0-x86_64-7.tgz: Added libmm. A software series/pkgtools-11.0.0-x86_64-1.tgz: Fixed xwmconfig to only recommend installed window managers. Merged in patches for xorgsetup to support choosing a keyboard model, layout, variant, and even automatically configuring a mouse scroll wheel! L software series/gnome-icon-theme-2.14.2-noarch-1.tgz: Added gnome-icon-theme-2.14.2. It seems that GTK+ applications such as Thunderbird use these, not just GNOME. L software series/gtk+2-2.8.20-x86_64-1.tgz: Upgraded to gtk+-2.8.20. L software series/hicolor-icon-theme-0.9-noarch-1.tgz: Added hicolor-icon-theme-0.9. L software series/mm-1.4.0-x86_64-1.tgz: Moved mm library out of the Apache package so that apps such as the standalone PHP interpreter can use it without installing Apache. L software series/shared-mime-info-0.18-x86_64-1.tgz: Upgraded to shared-mime-info-0.18. N software series/lftp-3.5.4-x86_64-1.tgz: Upgraded to lftp-3.5.4. N software series/sendmail-8.13.8-x86_64-1.tgz: Upgraded to sendmail-8.13.8. N software series/sendmail-cf-8.13.8-noarch-1.tgz: Upgraded to sendmail-8.13.8 configs. X software series/x11-6.9.0-x86_64-5.tgz: More updates to the i945gm chipset support. X software series/x11-devel-6.9.0-x86_64-5.tgz: Recompiled. X software series/x11-xdmx-6.9.0-x86_64-5.tgz: Recompiled. X software series/x11-xnest-6.9.0-x86_64-5.tgz: Recompiled. X software series/x11-xvfb-6.9.0-x86_64-5.tgz: Recompiled. XAP software series/sane-1.0.18-x86_64-2.tgz: Added /etc/udev/rules.d/libsane.rules. testing/packages/php-5.1.4/php-5.1.4-x86_64-2.tgz: Recompiled with freetype. Fixed FastCGI by removing --enable-discard-path from CGI version. Added pdo_sqlite.so and sqlite.so modules. AP software series/mysql-5.0.24-x86_64-2.tgz: Repackaged and fixed lib64 path in rc.mysqld.new. +-----------------------------+ Wed Aug 9 18:28:39 EEST 2006 A software series/aaa_elflibs-11.0.0-x86_64-6.tgz: Added new CUPS libraries. A software series/cups-1.2.2-86_64-1.tgz: Upgraded to cups-1.2.2. A software series/hdparm-6.6-x86_64-1.tgz: Upgraded to hdparm-6.6. A software series/udev-096-x86_64-3.tgz: In /etc/modprobe.d/blacklist, change module name from i810_tco to i8xx_tco. Please note that this udev package requires a 2.6.15+ kernel or it will not work. AP software series/mc-4.6.1-x86_64-2.tgz: Fixed PHP syntax highlighting. N software series/samba-3.0.23b-x86_64-1.tgz: Upgraded to samba-3.0.23b. N software series/sendmail-8.13.7-x86_64-2.tgz: Applied two errata patches from sendmail.org. N software series/sendmail-cf-8.13.7-noarch-2.tgz: Rebuilt. X software series/x11-6.9.0-x86_64-4.tgz: More updates to the i945gm chipset support. X software series/x11-devel-6.9.0-x86_64-4.tgz: Recompiled. X software series/x11-xdmx-6.9.0-x86_64-4.tgz: Recompiled. X software series/x11-xnest-6.9.0-x86_64-4.tgz: Recompiled. X software series/x11-xvfb-6.9.0-x86_64-4.tgz: Recompiled. +-----------------------------+ Wed Aug 9 00:58:56 EEST 2006 A software series/aaa_elflibs-11.0.0-x86_64-5.tgz: Added new version of libcurl. A software series/etc-5.1-noarch-4.tgz: Patched /etc/profile and /etc/csh.login to fix a bug where changing to another user with "su - someuser" would produce an error message such as "/dev/pts/2: Operation not permitted". A software series/findutils-4.2.28-x86_64-1.tgz: Upgraded to findutils-4.2.28. A software series/gawk-3.1.5-x86_64-2.tgz: Patched a fieldwidths bug. A software series/lilo-22.7.1-x86_64-2.tgz: Fixed a typo in liloconfig where installing to the MBR was mentioned twice. A software series/udev-096-x86_64-2.tgz: Added the psmouse module to /etc/modprobe.d/blacklist so that /etc/rc.d/rc.modules can load it using the option "proto=imps". This change restores the mouse options used in Slackware 10.2. At least on Pat`s my machine, the default module options render the mouse completely unusable, but feel free to remove the module from the blacklist or configure rc.modules to your liking if this is not the ideal default for your machine. AP software series/mdadm-2.5.3-x86_64-1.tgz: Upgraded to mdadm-2.5.3. KDE software series/kdebase-3.5.4-x86_64-3.tgz: Patched a bug involving external taskbars that expand as required to fit contents. N software series/dnsmasq-2.33-x86_64-1.tgz: Upgraded to dnsmasq-2.33. N software series/ncftp-3.2.0-x86_64-2.tgz: Fixed permissions in /usr/bin. N software series/ntp-4.2.2p3-x86_64-1.tgz: Upgraded to ntp-4.2.2p3. X software series/x11-6.9.0-x86_64-3.tgz: Added support for newer revisions of the i945gm chipset. X software series/x11-devel-6.9.0-x86_64-3.tgz: Recompiled. X software series/x11-xdmx-6.9.0-x86_64-3.tgz: Recompiled. X software series/x11-xnest-6.9.0-x86_64-3.tgz: Recompiled. X software series/x11-xvfb-6.9.0-x86_64-3.tgz: Recompiled. There are a few reports that the newest udev is not friendly to some systems. Well, that's progress for you -- it isn't always a smooth journey. In most cases the problems could be fixed with a little bit of fine tuning, such as blacklisting unwanted modules in /etc/modprobe.d/blacklist and loading the desired replacements in /etc/rc.d/rc.modules. However, in case either of these older versions of udev worked better for you, they'll be kept in /extra for a while as alternates. Be aware that new kernels will soon require the latest udev, though... EXTRA software/udev-alternate-versions/udev-064-x86_64-2.tgz: Added alternate udev-064. EXTRA software/udev-alternate-versions/udev-071-x86_64-2.tgz: Added alternate udev-071. kernels/test26.s/*: Upgraded test26.s kernel to 2.6.17.8. testing/packages/linux-2.6.17.8/kernel-generic-2.6.17.8-x86_64-1.tgz: Upgraded to Linux 2.6.17.8 generic kernel. testing/packages/linux-2.6.17.8/kernel-headers-2.6.17.8-x86_64-1.tgz: Upgraded to Linux 2.6.17.8 kernel headers. testing/packages/linux-2.6.17.8/kernel-modules-2.6.17.8-x86_64-1.tgz Upgraded to Linux 2.6.17.8 kernel modules. testing/packages/linux-2.6.17.8/kernel-source-2.6.17.8-noarch-1.tgz Upgraded to Linux 2.6.17.8 kernel source. +-----------------------------+ Mon Aug 7 22:33:27 EEST 2006 A software series/pcmciautils-014-x86_64-1.tgz: Added pcmciautils-014, needed to configure PC cards on systems running 2.6.x kernels. A software series/sysfsutils-2.0.0-x86_64-2.tgz: Added missing libsysfs.so symlink. A software series/sysvinit-2.84-x86_64-6.tgz: Merged Piter Punk's changes for the new udev. Please make sure to move all the .new files in /etc/rc.d/ into place for this to work correctly! A software series/udev-096-x86_64-1.tgz: Upgraded to udev-096. A software series/grep-2.5-x86_64-2.tgz: Rebuilt. A software series/pciutils-2.2.3-x86_64-2.tgz: Fixed missing pci/types.h header file. AP software series/man-pages-2.39-noarch-1.tgz: Upgraded to man-pages-2.39. N software series/lftp-3.5.3-x86_64-1.tgz: Upgraded to lftp-3.5.3. N software series/ncftp-3.2.0-x86_64-1.tgz: Upgraded to ncftp-3.2.0. N software series/popa3d-1.0.2-x86_64-1.tgz: Upgraded to popa3d-1.0.2. N software series/vsftpd-2.0.5-x86_64-1.tgz: Upgraded to vsftpd-2.0.5. XAP software series/imagemagick-6.2.8_8-x86_64-1.tgz: Upgraded to ImageMagick-6.2.8-8. XAP software series/sane-1.0.18-x86_64-1.tgz: Upgraded to sane-backends-1.0.18. +-----------------------------+ Sun Aug 6 15:06:05 EEST 2006 A software series/usbutils-0.72-x86_64-1.tgz: Rebuilt using the new usbutils.SlackBuild from slackware-current. AP software series/mdadm-2.5.2-x86_64-1.tgz: Upgraded to mdadm-2.5.2. AP software series/mysql-5.0.24-x86_64-1.tgz: Upgraded to mysql-5.0.24. L software series/lesstif-0.95.0-x86_64-1.tgz: Upgraded to lesstif-0.95.0. XAP software series/xpdf-3.01-x86_64-2.tgz: Fixed a window resizing bug. +-----------------------------+ Sun Aug 6 01:28:56 EEST 2006 A software series/aaa_elflibs-11.0.0-x86_64-4.tgz: Added new versions of libattr and libacl. Added lib64/libsysfs.so.2.0.0. A software series/acl-2.2.39_1-x86_64-1.tgz: Upgraded to acl-2.2.39-1. A software series/attr-2.4.32_1-x86_64-1.tgz: Upgraded to attr-2.4.32-1. A software series/pciutils-2.2.3-x86_64-1.tgz: Upgraded to pciutils-2.2.3. A software series/pcmcia-cs-3.2.8-x86_64-2.tgz: Patched /etc/rc.d/rc.pcmcia to work with either pcmcia-cs or pcmciautils. A software series/sysfsutils-2.0.0-x86_64-1.tgz: Added sysfsutils-2.0.0. A software series/xfsprogs-2.8.10_1-x86_64-1.tgz: Upgraded to xfsprogs-2.8.10-1. AP software series/alsa-utils-1.0.11-x86_64-2.tgz: Fixed uncompressed manpage. AP software series/dmapi-2.2.5_1-x86_64-1.tgz: Upgraded to dmapi-2.2.5-1. AP software series/xfsdump-2.2.38_1-x86_64-1.tgz: Upgraded to xfsdump-2.2.38-1. KDE software series/kdebase-3.5.4-x86_64-2.tgz: Patched to fix video redirects in Konqueror. L software series/freetype-2.1.9-x86_64-1.tgz: Moved from the X to the L series. This makes more sense because freetype does not depend on any X11 libraries, and because PHP has now been built linked to libfreetype. L software series/libusb-0.1.12-x86_64-1.tgz: Upgraded to libusb-0.1.12. N software series/links-2.1pre23-x86_64-1.tgz: Upgraded to links-2.1pre23. N software series/php-4.4.3-x86_64-1.tgz: Upgraded to php-4.4.3. From the announcement of the release: The security issues resolved include the following: * Disallow certain characters in session names. * Fixed a buffer overflow inside the wordwrap() function. * Prevent jumps to parent directory via the 2nd parameter of the tempnam() function. * Improved safe_mode check for the error_log() function. * Fixed cross-site scripting inside the phpinfo() function. The PHP 4.4.3 release announcement may be found on their web site: http://www.php.net NOTE: Bluewhite64's PHP package now requires the freetype library. [*** Security fix ***] XAP software series/xchat-2.6.6-x86_64-2.tgz: Patched to fix Finnish translation errors. A software series/kernel-modules-2.6.16.27-x86_64-3.tgz: Upgraded rc.modules from slackware-current. testing/packages/linux-2.6.17.7/kernel-modules-2.6.17.7-x86_64-3.tgz: Upgraded rc.modules from slackware-current. +-----------------------------+ Fri Aug 4 22:09:36 EEST 2006 XAP software series/mozilla-firefox-1.5.0.6-x86_64-1.tgz: Upgraded to firefox-1.5.0.6. XAP software series/seamonkey-1.0.4-x86_64-1.tgz: Upgraded to seamonkey-1.0.4. A software series/gettext-0.15-x86_64-1.tgz: Upgraded to gettext-0.15. A software series/lilo-22.7.1-x86_64-1.tgz: Reverted to lilo-22.7.1. A software series/sysvinit-2.84-x86_64-5.tgz: Fixed rc.S to use /etc/rc.d/rc.modules.local properly. Use "/bin/sh" not "." to start rc.modules.local in case someone uses "exit". Merged more LVM changes in rc.S and rc.M, including removing many uses of "sleep". AP software series/at-3.1.10-x86_64-1.tgz: Upgraded to at-3.1.10. Added missing at_allow.5 manpage. AP software series/cdparanoia-IIIalpha9.8-x86_64-3.tgz: Patched to use the SG_IO ioctl in Linux 2.6 D software series/gettext-tools-0.15-x86_64-1.tgz: Upgraded to gettext-tools-0.15. L software series/arts-1.5.4-x86_64-1.tgz: Upgraded to arts-1.5.4. KDE software series/*: Upgraded to KDE 3.5.4. KDE software series/kde-i18n*: Upgraded kde-i18n packages for KDE 3.5.4. N software series/dnsmasq-2.32-x86_64-2.tgz: Rebuilt after build script fixes. N software series/gnupg-1.4.5-x86_64-1.tgz: Upgraded to gnupg-1.4.5. From the gnupg-1.4.5 NEWS file: * Fixed 2 more possible memory allocation attacks. They are similar to the problem we fixed with 1.4.4. This bug can easily be be exploited for a DoS; remote code execution is not entirely impossible. [*** Security fix ***] +-----------------------------+ Thu Aug 3 03:06:24 EEST 2006 A software series/sysvinit-2.84-x86_64-4.tgz: In rc.S, give first priority to "rc.modules.local" if it exists. Try to shut down OpenLDAP in rc.6. Merged some more LVM fixes into rc.6. D software series/autoconf-2.60-noarch-1.tgz: Upgraded to autoconf-2.60. KDE software series/qca-tls-1.0-x86_64-2.tgz: Use the actual Qt installation path and not the /usr/lib64/qt symlink or the qca-tls module will be erased if the Qt package is installed after this one (as happens in a new installation). EXTRA software/checkinstall/checkinstall-1.6.0-x86_64-1.tgz: Upgraded to checkinstall-1.6.0. AP software series/device-mapper-1.02.08-x86_64-1.tgz: Upgraded to device-mapper.1.02.08. AP software series/lvm2-2.02.07-x86_64-1.tgz: Upgraded to LVM2.2.02.07. +-----------------------------+ Tue Aug 1 21:10:01 EEST 2006 A software series/aaa_elflibs-11.0.0-x86_64-2.tgz: Added /usr/lib/libslang.so.2.0.6. A software series/bin-11.0-x86_64-3.tgz: Removed /sbin/rescan-scsi-bus, which is better packaged along with the /etc/rc.d/rc.scanluns script in the sysvinit package. A software series/sysvinit-2.84-x86_64-3.tgz: Added symlinks for lastb. Make the install script create /var/log/btmp if it doesn't already exist.Upgraded to the latest rescan-scsi-bus script. Use "tac" to deactivate LVM partitions in reverse order. Make sure usbfs gets mounted if it's in the kernel but hotplug is not used. If rc.M sees an executable rc.openldap, start it. In rc.scanluns, show the command that's being executed. AP software series/jed-0.99_18-x86_64-3.tgz: Relinked against libslang.so.2.0.6. D software series/subversion-1.3.2-x86_64-3.tgz: Rebuilt to fix wrong file ownerships in the book included in the documentation. KDE software series/kdenetwork-3.5.3-x86_64-3a.tgz: Patched for ICQ protocol changes. KDE software series/qca-1.0-x86_64-1.tgz: Added qca-1.0. KDE software series/qca-tls-1.0-x86_64-1.tgz: Added qca-tls-1.0. This and the qca package are needed to support SSL connections with the Jabber(R) protocol in Kopete. L software series/atk-1.10.3-x86_64-2.tgz: Fixed slack-desc typo. L software series/slang-2.0.6-x86_64-1.tgz: Added slang-2.0.6. L software series/slang1-1.4.9-x86_64-1.tgz: Renamed from slang-1.4.9-x86_64-1.tgz. N software series/irssi-0.8.10a-x86_64-4.tgz: Fixed some strange directory permissions in the documentation directory. TCL software series/tcl-8.4.13-x86_64-2.tgz: Added /usr/include/tcl-private/{generic,unix} headers, as there are some sources out there that require these header files. +-----------------------------+ Mon Jul 31 13:51:48 EEST 2006 N software series/samba-3.0.23a-x86_64-2.tgz: Fixed bad