Slackware-14.2 ChangeLog (2016-06-13)
Mon Jun 13 21:34:08 UTC 2016
Packages
Upgraded
- a/gettext-0.19.8.1-i586-1.txz
- d/gettext-tools-0.19.8.1-i586-1.txz
Rebuilt
- a/pkgtools-14.2-noarch-9.txz
In setup.80.make-bootdisk, create a first bootable active primary partition
rather than using a filesystem on the unpartitioned device. Some BIOSes
won't boot it otherwise. Thanks to Richard Narron.
Mon Jun 13 07:07:39 UTC 2016
Packages
Rebuilt
- a/grub-2.00-i586-5.txz
Use correct GRUB_DISABLE_RECOVERY option in /etc/default/grub.new.
Thanks to Eugen Wissner. - a/mkinitrd-1.4.8-i486-7.txz
Fixed detecting USB partition in init, added proper USB storage modules
to mkinitrd, and added missing USB keyboard modules to
mkinitrd_command_generator.sh to fix entering LUKS password with some
newer USB keyboards. Thanks to Eric Hameleers. - a/sysvinit-scripts-2.0-noarch-33.txz
rc.S: In cryptsetup script, support supplying a password of “none”
(interactive entry) for non-swap partitions to allow specifying additional
options. Support a new option “discard” to pass the –allow-discards option
to cryptsetup when unlocking a volume, which can potentially improve
performance and longevity on some SSDs. Thanks to Nathan Wallace. - ap/lxc-2.0.1-i586-4.txz
Merged rc.S changes. - n/NetworkManager-1.2.2-i586-2.txz
Install udev rules in the correct directory. Thanks to gmgf. - n/samba-4.4.4-i586-3.txz
When installing, move any files existing in /etc/samba/private to
/var/lib/samba/private, not just *.tdb files.
Thanks to Maciej Goluchowski. - n/vsftpd-3.0.3-i586-3.txz
Patched to handle NULL returns from recent glibc crypt(). Thanks to nixi.
Upgraded
- ap/cups-filters-1.9.0-i586-1.txz
- l/hicolor-icon-theme-0.15-noarch-1.txz
- n/wget-1.18-i586-1.txz
This version fixes a security vulnerability present in all old versions
of wget. On a server redirect from HTTP to a FTP resource, wget would
trust the HTTP server and use the name in the redirected URL as the
destination filename. This behaviour was changed and now it works
similarly as a redirect from HTTP to another HTTP resource so the original
name is used as the destination file. To keep the previous behaviour the
user must provide –trust-server-names.
The vulnerability was discovered by Dawid Golunski and was reported by
Beyond Security's SecuriTeam.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4971
(* Security fix *) - x/xterm-325-i586-1.txz