Hello. A few requests/suggestions I'd like to summarize before 14.1 releases:
1. Security:
a.
yp-tools:
Since my name is associated with the crypt() fix, I'd like to request you re-build using my
corrected patch.
b.
libtiff
It seems Slackware 14.1 will stay on the 3.9.x branch. In that case I suggest upgrading to tiff 3.9.7 (which addresses CVE-2012-2088, CVE-2012-2113) and applying the following backports I've put together from upstream:
tiff-3.9.7_CVS20130502.diff (
sig) addresses CVE-2012-4447, CVE-2012-4564, CVE-2013-1960, CVE-2013-1961
tiff-3.9.7_CVE-2013-4231.diff (
sig) addresses CVE-2013-4231
tiff-3.9.7_CVE-2013-4232.diff (
sig) addresses CVE-2013-4232
tiff-3.9.7_CVE-2013-4244.diff (
sig) addresses CVE-2013-4244
2. Suggested Upgrade:
a.
OpenSSH
Upgrading to 6.3p1 would be worthwhile. Aside from bug-fixes, there are some nice new features like download resumption in sftp, proxying through stdin/stdout, and time-based rekeying.
3. Optional Bug-Fixes:
a.
util-linux
agetty included in util-linux 2.21.2 doesn't properly filter arrow keys. See this
thread for the discussion about the wandering cursor at login and
util-linux-2.21.2-fixcursor.diff for my fix.
b.
bash
bash 4.2 currently has no support for multibyte characters in ansic_* functions. this means no multi-byte char suport in printf %q, command not found messages, XTRACE output, etc. This
thread describes the issue noted with "command not found" and
bash-4.2-widechars.diff has the fix.
--mancha
PS You might have noticed my URLs have changed. I've re-organized things into a new project:
http://sf.net/projects/mancha. The old project will remain to not break existing links but will not be updated.