Tuesday, August 25, 2015

Intel Driver Problem Fixed

In the last big update few days ago, there was a bug slipped the team in which Intel GPU users were unable to start their desktop after upgrading to the latest XOrg and Mesa packages. Many people reported this on LQ, G+, and also on AlienBOB's blog. Several people came up to help and Ponce finally gathered all the information and push a new build on his repository.

The packages is good and i have tested it on my workstation which also uses Intel GPU and it does work. Few hours later, Pat pushed the new update for xf86-video-intel and some other related packages in -current tree. This issue should be solved by now and you can safely upgrade your packages using slackpkg as usual.

Happy Slacking and Testing :)

Saturday, August 22, 2015

VMWare-Workstation 10.0.6 Patch for Linux Kernel 4.1

It doesn't take long to find the patch for VMWare Workstation 10.0.6 against Linux Kernel 4.1 since the patch has been around since Linux Kernel 3.19 was introduced, so again, i have pushed the simple automated script to patch your VMWare Workstation against the latest Linux Kernel 4.1 into my SlackHacks github repository.

Please let me know if you have any problems using it.

NVidia 304.125 Patch for Linux Kernel 4.1

As i mentioned before, if you are upgrading to the latest -current update, you *may* end up with a text-only system as your desktop will not load due to incompatibilities from your proprietary driver with the new Linux Kernel 4.1. This is the case on my desktop system where i used the legacy NVidia driver 304.125.

While it already had XOrg 1.17 support, it wasn't ready to support Linux Kernel 4.1 (due to it's being released in 2014), so patches are needed in order to make it buildable.

I have pushed 2 patches in my SlackHacks github repository to address this issue. I have tested it and it works fine on my desktop machine.

Now, my next issue is to rebuild all third party packages that are linked to gnutls since it introduces another soname bumps. Also VMWare needs to be taken care as well since it failed to built. One step at a time.

Security Update: gnutls

One security update was released this weekend and it was gnutls. This update applies to 14.0, 14.1, and current. For those living in 14.0, please make sure to install a new package first: nettle.

current is now progressing very well. Pat added and upgraded lots of packages in this batch. Here are the highlights:
  • Linux Kernel 4.1
  • glibc 2.22
  • gcc 4.9.3
  • ruby 2.2.3
  • gtk+3 3.16.6
  • gnutls 3.4.4
  • samba 4.2.3
  • libdrm 2.4.64
  • mesa 10.6.4
  • xorg 1.17.2
This surely interesting, but don't blindly upgrade. There are some newly added and removed packages in this batch, so please read the changelog carefully and take some notes on those packages.

If you are using proprietary blog drivers from NVidia/ATI, please make sure it's compatible with Linux Kernel 4.1 already.

Have fun testing new current :)

Wednesday, August 19, 2015

Security Update: Thunderbird

One regular security update was released last week, which was Thunderbird. It's now updated to 38.2.0.

For current, there were some small progress which was reported by some users in LQ and Pat quickly fixed that. It's regarding SIP update earlier which caused some packages were broken due to changes in the API.

One interesting change was dhcpcd gets downgraded to 6.8 since there were multiple reports on 6.9.

Wednesday, August 12, 2015

OpenSSH Update: A Little Warning

Pat has started to push some updates in -current branch and while some of them are small updates such as file, sip and libjpeg-turbo, there's also quite a major improvements such as firefox 40 openssh 7.0.

Firefox 40 gave a lot of new features such as expanded malware protection, Improved scrolling, graphics, and video playback performance with off main thread compositing, and lots of new features for developers and users. See the release notes for more detailed information.

OpenSSH 7.0 is a major update compared to 6.9 and based on the release notes, it also introduce some incompatible changes such as:

 * Support for the legacy SSH version 1 protocol is disabled by
   default at compile time.

 * Support for the 1024-bit diffie-hellman-group1-sha1 key exchange
   is disabled by default at run-time. It may be re-enabled using
   the instructions at http://www.openssh.com/legacy.html

 * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled
   by default at run-time. These may be re-enabled using the
   instructions at http://www.openssh.com/legacy.html

 * Support for the legacy v00 cert format has been removed.

 * The default for the sshd_config(5) PermitRootLogin option has
   changed from "yes" to "prohibit-password".

 * PermitRootLogin=without-password/prohibit-password now bans all
   interactive authentication methods, allowing only public-key,
   hostbased and GSSAPI authentication (previously it permitted
   keyboard-interactive and password-less authentication if those
   were enabled). 

They also gave early warning to users about future deprecations:
We plan on retiring more legacy cryptography in the next release
including:

 * Refusing all RSA keys smaller than 1024 bits (the current minimum
   is 768 bits)

 * Several ciphers will be disabled by default: blowfish-cbc,
   cast128-cbc, all arcfour variants and the rijndael-cbc aliases
   for AES.

 * MD5-based HMAC algorithms will be disabled by default.
If you have been using SSH to securely connect to your machines remotely and the keys were generated in the past using a weak algorithm such as DSS, it would be wise to backup the .ssh directory and move it somewhere else and start generating your new key (RSA-based) and upload it to the server and update your key preferences or settings before attempting to upgrade your OpenSSH package. Failing to do so will block you to connect to the remote machine unless you have a normal password-based authentication. This will also affect for those who have been using git protocol to push or pull updates from and to git repository as they use ssh as the backend.

Saturday, August 8, 2015

Security Update: mozilla-nss and firefox

Two security updates were released for Slackware 14.0, 14.1 and current this morning. They were mozilla-nss and mozilla-firefox.

Meanwhile, big changes in current are pushed as of today by Pat along with many changes scattered in many directories. You can see it from below changelog (verbatim copy from current changelog):

Fri Aug 7 23:32:05 UTC 2015
Thanks to rworkman for help on many of these!
a/bash-4.3.039-i586-1.txz: Upgraded.
a/coreutils-8.24-i586-1.txz: Upgraded.
a/dbus-1.8.20-i586-1.txz: Upgraded.
a/file-5.23-i586-1.txz: Upgraded.
a/gawk-4.1.3-i586-1.txz: Upgraded.
a/kmod-21-i586-1.txz: Upgraded.
a/lvm2-2.02.125-i586-1.txz: Upgraded.
a/procps-3.2.8-i486-4.txz: Removed.
a/procps-ng-3.3.10-i586-1.txz: Added.
       Thanks to Larry Hajali for the initial SlackBuild diff.
a/sysvinit-2.88dsf-i486-4.txz: Rebuilt.
       Removed pidof which is now part of the procps-ng package.
a/sysvinit-scripts-2.0-noarch-21.txz: Rebuilt.
       Handle changed sysctl syntax in rc.S.
a/util-linux-2.26.2-i586-1.txz: Upgraded.
a/xfsprogs-3.2.4-i586-1.txz: Upgraded.
ap/cups-2.0.4-i586-1.txz: Upgraded.
ap/mc-4.8.14-i586-1.txz: Upgraded.
ap/sc-7.16-i586-4.txz: Rebuilt.
       Added SC.MACROS to the documentation. Thanks to Dario Niedermann.
ap/screen-4.3.1-i586-2.txz: Rebuilt.
       Drop dependency on libelf.
ap/tmux-2.0-i586-1.txz: Upgraded.
d/binutils-2.25.1-i586-1.txz: Upgraded.
d/gcc-4.9.2-i586-3.txz: Rebuilt.
       Added c89 and c99 shell scripts.
d/gcc-g++-4.9.2-i586-3.txz: Rebuilt.
d/gcc-gfortran-4.9.2-i586-3.txz: Rebuilt.
d/gcc-gnat-4.9.2-i586-3.txz: Rebuilt.
d/gcc-go-4.9.2-i586-3.txz: Rebuilt.
d/gcc-java-4.9.2-i586-3.txz: Rebuilt.
d/gcc-objc-4.9.2-i586-3.txz: Rebuilt.
d/git-2.5.0-i586-1.txz: Upgraded.
d/llvm-3.6.2-i586-1.txz: Upgraded.
d/mercurial-3.5-i486-1.txz: Upgraded.
d/oprofile-1.0.0-i586-1.txz: Upgraded.
d/swig-3.0.7-i586-1.txz: Upgraded.
l/adwaita-icon-theme-3.16.2-noarch-1.txz: Upgraded.
l/at-spi2-atk-2.16.0-i586-1.txz: Upgraded.
l/at-spi2-core-2.16.0-i586-1.txz: Upgraded.
l/atk-2.16.0-i586-1.txz: Upgraded.
l/dconf-0.24.0-i586-1.txz: Upgraded.
l/freetype-2.6-i586-1.txz: Upgraded.
l/gcr-3.16.0-i586-1.txz: Upgraded.
l/glib-networking-2.44.0-i586-1.txz: Upgraded.
l/glib2-2.44.1-i586-1.txz: Upgraded.
       Drop dependency on libelf.
l/gnome-keyring-3.16.0-i586-1.txz: Upgraded.
l/gnome-themes-standard-3.16.2-i586-1.txz: Upgraded.
l/gsettings-desktop-schemas-3.16.1-i586-1.txz: Upgraded.
l/gtk+2-2.24.28-i586-1.txz: Upgraded.
l/gvfs-1.24.1-i586-1.txz: Upgraded.
l/harfbuzz-1.0.1-i586-1.txz: Upgraded.
l/libgsf-1.14.34-i586-1.txz: Upgraded.
l/libpcap-1.7.4-i586-1.txz: Upgraded.
l/libsecret-0.18.3-i586-1.txz: Upgraded.
l/libsoup-2.50.0-i586-1.txz: Upgraded.
l/mozilla-nss-3.19.2-i586-1.txz: Upgraded.
       This release contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/nss.html
       (* Security fix *)
l/mpfr-3.1.3-i586-1.txz: Upgraded.
n/NetworkManager-1.0.4-i586-1.txz: Upgraded.
n/ca-certificates-20150426-noarch-1.txz: Upgraded.
       This package updates to the latest CA certificates.
n/dhcpcd-6.9.1-i586-1.txz: Upgraded.
n/lftp-4.6.3a-i586-1.txz: Upgraded.
n/tcpdump-4.7.4-i586-1.txz: Upgraded.
xap/mozilla-firefox-39.0.3-i586-1.txz: Upgraded.
       This release contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/firefox.html
       (* Security fix *)
xap/network-manager-applet-1.0.4-i586-1.txz: Upgraded.
xfce/Thunar-1.6.10-i586-1.txz: Upgraded.
xfce/exo-0.10.6-i586-1.txz: Upgraded.
xfce/xfce4-weather-plugin-0.8.6-i586-1.txz: Upgraded.
xfce/xfdesktop-4.12.3-i586-1.txz: Upgraded.

Wednesday, July 29, 2015

More security updates: bind, httpd, and php

Three security updates has been released in the last two updates. They were bind which is now upgraded to 9.10.2-P3, httpd to 2.4.16 and php to 5.6.11 in current (stable might have different version number).

You might notice that Pat is now building some packages in i586 instead of the old i486 for 32 bit machine. That was intentional and the reason was some mesa drivers weren't buildable in i486 opcode anymore, thus a change in 586 is necessary.

Saturday, July 11, 2015

KDE Updates: 5_15.07

Eric Hameleers has just pushed his latest work on KDE 5 sets which is composed of KDE Framework 5.12.0, KDE Plasma 5.3.2, and KDE Applications 15.04.3. The updates to Applications also contain the usual KDE 4 Long Term Support (LTS) updates for kdelibs, kdepimlibs, kdepim, kdepim-runtime and kde-workplace.

There are no major or new framework on this release, just pure bug fixing and bringing more stability on the packages along with more translations updates.

As always, you can grab the packages from the following mirror sites:
Remember that this packages are intended for Slackware-Current users. Don't install this on Slackware 14.1. Also, this will remove your KDE 4 installations, so if you still need KDE 4 functionality, please stay away from KDE 5.

Friday, July 10, 2015

security update: openssl

Yesterday, OpenSSL team announced a critical vulnerability exists on several OpenSSL version and also proving a new release. Pat has pushed the update this morning and you should upgrade this package as soon as possible.

Here are the description about the vulnerabilities:

Alternative chains certificate forgery (CVE-2015-1793). During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication. This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o. This issue was reported to OpenSSL on 24th June 2015 by Adam Langley/David Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL project.

Wednesday, July 8, 2015

security update: cups, cups-filter, bind, ntp, firefox

After almost a month without any updates, finally some new packages were pushed both to -stable and -current to fix security vulnerabilities as well as fix things or just a bump to the latest version. Here are the recap:
  • cups, cups-filter: Upgraded to 2.0.3 and 1.0.71
  • gstreamer1, gst-plugins-*: Upgraded to 1.4.5
  • python: Upgraded to 2.7.10
  • bind, ntp, firefox: Upgraded to 9.10.2_P2, 4.2.8P3, and 39.0
  • glade3, gst-plugins-base0, notify-python, pygtk, scim-hangul: Rebuilt to remove remaining libpng14 reference
  • pidgin: Patched to use gstreamer1
  • nano, screen, lm_sensors: Upgraded to 2.4.2, 4.3.1, and 3.3.5
  • New config for Linux Kernel 4.1.x (LTS release) in testing/

Tuesday, June 16, 2015

sbopkg new maintainer

One of the best tool for managing and building packages from SBo repository is sbopkg. I have been using it for a long time and i love this tool. It does it's job nicely. It was even better when Chess Griffin invented sqg, a new script that can be used to produce queue file for some/all packages in the repository. This solve dependency problem for many users (including me). I wrote a blog post in the past about how to manage SBo dependencies easily.

Few days ago (11 June 2015), Chess Griffin, one of the author of sbopkg and sqg posted an announcement to slackbuilds-users mailing list. He stopped developing sbopkg and also maintaining the website for sometime and looking for people who wanted to maintain it.

I quickly step up to take this role since i used it daily and i hate to see this nice project died just like that. I made a special sbopkg github account for this project, push the code there along with all the past releases, added wiki for documentation, and update all references related to development to github for easy access and management. I am hoping that more and more people will be interested to make sbopkg a better tool by sending patches, git pull requests, suggestions, and many other improvement ideas.


Big thanks to Chess Griffin, Mauro Giachero, and slackmagic for creating, maintaining, and developing this great tool.