Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackwarearm-current ChangeLog (2016-02-29) ====== ====== Mon Feb 29 16:15:14 UTC 2016 ====== ===== Packages ===== ==== Upgraded ==== * [[slackwarearm.current>a/btrfs-progs-4.4.1-arm-1.txz]] * [[slackwarearm.current>a/glibc-solibs-2.23-arm-1.txz]] * [[slackwarearm.current>a/kernel-firmware-20160223git-noarch-1.txz]] * [[slackwarearm.current>a/kernel-modules-armv5-4.4.3_armv5-arm-1.txz]] * [[slackwarearm.current>a/kernel-modules-armv7-4.4.3_armv7-arm-1.txz]] * [[slackwarearm.current>a/kernel_armv5-4.4.3-arm-1.txz]] \\ Removed orion_nand from initird due to Kernel oops. See Change Log entry \\ above for 'eudev'. * [[slackwarearm.current>a/kernel_armv7-4.4.3-arm-1.txz]] * [[slackwarearm.current>a/sdparm-1.10-arm-1.txz]] * [[slackwarearm.current>ap/mariadb-10.0.24-arm-1.txz]] * [[slackwarearm.current>ap/nano-2.5.3-arm-1.txz]] * [[slackwarearm.current>ap/vim-7.4.1424-arm-1.txz]] * [[slackwarearm.current>d/gdb-7.11-arm-1.txz]] * [[slackwarearm.current>d/kernel-headers-4.4.3-arm-1.txz]] * [[slackwarearm.current>k/kernel-source-4.4.3-arm-1.txz]] * [[slackwarearm.current>l/glibc-2.23-arm-1.txz]] \\ This update contains security fixes and improvements. \\ Of the security fixes, the most important and well-publicized is the \\ stack-based buffer overflow in libresolv that could allow specially \\ crafted DNS responses to seize control of execution flow in the DNS \\ client (CVE-2015-7547). However, due to a patch applied to Slackware's \\ glibc back in 2009 (don't use the gethostbyname4() lookup method as it \\ was causing some cheap routers to misbehave), we were not vulnerable to \\ that issue. The rest of the fixed security issues are less critical. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8776 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8777 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8778 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8779 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9761 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547 \\ (* Security fix *) * [[slackwarearm.current>l/glibc-i18n-2.23-arm-1.txz]] * [[slackwarearm.current>l/glibc-profile-2.23-arm-1.txz]] * [[slackwarearm.current>l/gtk+3-3.18.8-arm-1.txz]] * [[slackwarearm.current>l/libical-2.0.0-arm-1.txz]] \\ Shared library .so-version bump. * [[slackwarearm.current>l/libproxy-0.4.12-arm-1.txz]] * [[slackwarearm.current>l/libssh-0.7.3-arm-1.txz]] \\ Fixed weak key generation. Due to a bug in the ephemeral secret key \\ generation for the diffie-hellman-group1 and diffie-hellman-group14 \\ methods, ephemeral secret keys of size 128 bits are generated, instead \\ of the recommended sizes of 1024 and 2048 bits, giving a practical \\ security of 63 bits. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0739 \\ (* Security fix *) \\ l/libssh2-1.7.0-arm-1.txz: Moved. \\ Moved from N -> L series to be consistent with libssh. * [[slackwarearm.current>l/sg3_utils-1.42-arm-1.txz]] * [[slackwarearm.current>n/bind-9.10.3_P3-arm-1.txz]] \\ This release fixes two possible denial-of-service issues: \\ render_ecs errors were mishandled when printing out a OPT record resulting \\ in a assertion failure. (CVE-2015-8705) [RT #41397] \\ Specific APL data could trigger a INSIST. (CVE-2015-8704) [RT #41396] \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705 \\ (* Security fix *) * [[slackwarearm.current>n/libgcrypt-1.6.5-arm-1.txz]] \\ Mitigate side-channel attack on ECDH with Weierstrass curves. \\ For more information, see: \\ http://www.cs.tau.ac.IL/~tromer/ecdh/ \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7511 \\ (* Security fix *) * [[slackwarearm.current>n/libssh2-1.7.0-arm-1.txz]] \\ Fixed weak key generation. During the SSHv2 handshake when libssh2 is to \\ get a suitable value for 'group order' in the Diffle Hellman negotiation, \\ it would pass in number of bytes to a function that expected number of bits. \\ This would result in the library generating numbers using only an 8th the \\ number of random bits than what were intended: 128 or 256 bits instead of \\ 1023 or 2047. Using such drastically reduced amount of random bits for \\ Diffie Hellman weakended the handshake security significantly. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0787 \\ (* Security fix *) * [[slackwarearm.current>n/nmap-7.01-arm-1.txz]] * [[slackwarearm.current>n/ntp-4.2.8p6-arm-1.txz]] \\ In addition to bug fixes and enhancements, this release fixes \\ several low and medium severity vulnerabilities. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158 \\ (* Security fix *) * [[slackwarearm.current>n/samba-4.3.5-arm-1.txz]] * [[slackwarearm.current>x/mesa-11.1.2-arm-1.txz]] * [[slackwarearm.current>x/xf86-video-amdgpu-1.0.1-arm-1.txz]] * [[slackwarearm.current>xap/vim-gvim-7.4.1424-arm-1.txz]] * [[slackwarearm.current>extra/tigervnc/tigervnc-1.6.0-arm-1.txz]] * [[slackwarearm.current>kernels/*]] ==== Rebuilt ==== * [[slackwarearm.current>a/eudev-3.1.5-arm-4.txz]] \\ Black listed orion_nand due to it causing a Kernel oops on the Sheevaplugs/ \\ Kirkwood platforms. I've reported this upstream: \\ https://bugzilla.kernel.org/show_bug.cgi?id=111701 \\ If this is a problem for you - sorry, but I cannot release with Linux 4.3.x \\ as it's now EOL. If a patch materialises I will include it prior to release \\ or patch afterwards. * [[slackwarearm.current>ap/cups-2.1.3-arm-2.txz]] \\ Corrected build script to use compiler flags. Thanks to ecd102. * [[slackwarearm.current>ap/mc-4.8.15-arm-2.txz]] \\ Patched to fix displaying man pages. Thanks to DarkVision. * [[slackwarearm.current>kde/kdepimlibs-4.14.10-arm-3.txz]] \\ Recompiled against libical-2.0.0. * [[slackwarearm.current>l/GConf-3.2.6-arm-4.txz]] \\ Patched "GConf-WARNING **: Client failed to connect to the D-BUS daemon:" \\ and added a couple other patches from git. Thanks to Robby Workman. * [[slackwarearm.current>l/alsa-lib-1.1.0-arm-3.txz]] \\ Changed the default /etc/asound.conf.new to use a different configuration \\ for PulseAudio that is less likely to cause issues than the previous one, \\ especially on machines where the analog output is not recognized as card 0 \\ by the BIOS. Thanks to Ryan P.C. McQuen who went above and beyond on this \\ bug report by convincing upstream to recommend this on their website in \\ order to convince me to make the change. :-) * [[slackwarearm.current>n/bluez-5.37-arm-2.txz]] \\ Recompiled against libical-2.0.0. * [[slackwarearm.current>xap/blueman-2.0.3-arm-2.txz]] \\ Rewrite launcher scripts to use #!/usr/bin/python2.7 rather than \\ #!/usr/bin/env python. \\ For details, see: https://github.com/blueman-project/blueman/issues/435 \\ Thanks to zakame and Robby Workman. * [[slackwarearm.current>xfce/orage-4.12.1-arm-3.txz]] \\ Recompiled against libical-2.0.0. * [[slackwarearm.current>isolinux/*]] {{tag>slackware changelog slackwarearm-current 2016/02}} news/2016/02/29/slackwarearm-current-changelog.txt Last modified: 8 years agoby Giuseppe Di Terlizzi Log In