The Ultimate "When Will The Next Slackware Release Arrive" MegaThread

drkstr · 09-29-2006, 12:39 AM

great, fscking internet is down again. Good thing I still have my neighbors wireless

Sorry, news ticker will be down for a bit.

Quote:

Originally Posted by iwen

11 released !! check the -current

...drkstr

oneminizut · 09-29-2006, 12:40 AM

Quote:

Originally Posted by iwen

11 released !! check the -current

The only thing I saw in -current for today was...

Quote:

Thu Sep 28 03:33:49 CDT 2006
ap/vorbis-tools-1.1.1-i486-3.tgz: Fixed UTF8 support.
Thanks to Igor Pashev for providing a simple patch from Gene Pavlovsky.
kernels/huge26.s/*: Added support for USB and IEEE1394 storage devices.
kernels/test26.s/*: Added support for USB and IEEE1394 storage devices.
Thanks to Tais M. Hansen for pointing out that these kernels lacked support
for USB storage devices. Using these kernels with udev may cause a few
warnings at boot time as udev attempts to load the already built-in support,
but these seem to be harmless.

Am I missing something? Because it looks to me like he's still do last minute patching/support.

dive · 09-29-2006, 12:45 AM

I'll wait till it says 11.0 released on slackware.com thx

Nylex · 09-29-2006, 12:45 AM

Perhaps iwen just saw the ANNOUNCE file in the current directory, which has been updated already?

iwen · 09-29-2006, 12:46 AM

Here you go,
ANNOUNCE.11_0

Nylex · 09-29-2006, 12:46 AM

Ah ha, just as I thought. The release isn't official yet, though.

iwen · 09-29-2006, 12:48 AM

won't be long to be official.

oneminizut · 09-29-2006, 12:50 AM

damn! and I was just getting ready to go to bed too. Oh well, guess I'll make more coffee.

win32sux · 09-29-2006, 12:52 AM

the date on that file is over a week old... =/

iwen · 09-29-2006, 12:56 AM

hmmm..u right win32sux, didn't pay attention to the date before.

slackware_newbie · 09-29-2006, 02:42 AM

Vaporware?

Fluggo · 09-29-2006, 03:07 AM

New update in changelog. No 11.0 : (

Quote:

Fri Sep 29 02:10:15 CDT 2006
a/openssl-solibs-0.9.8d-i486-1.tgz: Upgraded to shared libraries from
openssl-0.9.8d. See openssl package update below.
(* Security fix *)
n/openssh-4.4p1-i486-1.tgz: Upgraded to openssh-4.4p1.
This fixes a few security related issues. From the release notes found at
http://www.openssh.com/txt/release-4.4:
* Fix a pre-authentication denial of service found by Tavis Ormandy,
that would cause sshd(8) to spin until the login grace time
expired.
* Fix an unsafe signal hander reported by Mark Dowd. The signal
handler was vulnerable to a race condition that could be exploited
to perform a pre-authentication denial of service. On portable
OpenSSH, this vulnerability could theoretically lead to
pre-authentication remote code execution if GSSAPI authentication
is enabled, but the likelihood of successful exploitation appears
remote.
* On portable OpenSSH, fix a GSSAPI authentication abort that could
be used to determine the validity of usernames on some platforms.
Links to the CVE entries will be found here:
http://cve.mitre.org/cgi-bin/cvename...=CVE-2006-4924
http://cve.mitre.org/cgi-bin/cvename...=CVE-2006-5051
http://cve.mitre.org/cgi-bin/cvename...=CVE-2006-5052
After this upgrade, make sure the permissions on /etc/rc.d/rc.sshd are set
the way you want them. Future upgrades will respect the existing permissions
settings. Thanks to Manuel Reimer for pointing out that upgrading openssh
would enable a previously disabled sshd daemon.
Do better checking of passwd, shadow, and group to avoid adding
redundant entries to these files. Thanks to Menno Duursma.
(* Security fix *)
n/openssl-0.9.8d-i486-1.tgz: Upgraded to openssl-0.9.8d.
This fixes a few security related issues:
During the parsing of certain invalid ASN.1 structures an error
condition is mishandled. This can result in an infinite loop which
consumes system memory (CVE-2006-2937). (This issue did not affect
OpenSSL versions prior to 0.9.7)
Thanks to Dr S. N. Henson of Open Network Security and NISCC.
Certain types of public key can take disproportionate amounts of
time to process. This could be used by an attacker in a denial of
service attack (CVE-2006-2940).
Thanks to Dr S. N. Henson of Open Network Security and NISCC.
A buffer overflow was discovered in the SSL_get_shared_ciphers()
utility function. An attacker could send a list of ciphers to an
application that uses this function and overrun a buffer.
(CVE-2006-3738)
Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
A flaw in the SSLv2 client code was discovered. When a client
application used OpenSSL to create an SSLv2 connection to a malicious
server, that server could cause the client to crash (CVE-2006-4343).
Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
Links to the CVE entries will be found here:
http://cve.mitre.org/cgi-bin/cvename...=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename...=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename...=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename...=CVE-2006-4343
(* Security fix *)
zipslack/zipslack.zip: Rebuilt ZipSlack with new openssl-solibs and
openssh packages