headers
Vlad Glagolev | 3 Feb 01:04
Favicon
Gravatar

Announcing stable grimoire 0.60-7 release

Stable grimoire version 0.60-7 has been released!

It's a quick-short security update of of 0.60 stable branch cause of
epic failure bug in PHP appeared in 5.3.9:

http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/

The tarballs have been signed and uploaded to our server and will be
propogating out to the mirrors within six hours.

To download the grimoire manually, get
http://codex.sourcemage.org/stable.tar.bz2 or specifically
http://codex.sourcemage.org/stable-0.60.tar.bz2 .

GPG signatures are available at
http://codex.sourcemage.org/stable.tar.bz2.asc or
http://codex.sourcemage.org/stable-0.60.tar.bz2.asc .

Following updates were integrated[0]:

Vlad Glagolev (1):
      php: => 5.3.10 (security)     (cherry picked from commit 16788790f79b156c3a9a5e52a74e0b4a5dd22a65)

[0] Generated: 'git shortlog --no-merges stable-0.60-6..stable-0.60-7'

--

-- 
Dont wait to die to find paradise...
--
Cheerz,
Vlad "Stealth" Glagolev
(Continue reading)

Permalink | Reply | 0 comments |
headers
Vlad Glagolev | 1 Feb 20:11
Favicon
Gravatar

Announcing stable grimoire 0.60-6 release

In a few hours after 0.60-5 stable grimoire version 0.60-6 has been
released!

This release fixes build of php security bump (5.3.9) with suhosin
patch. So it is security one by itself.

The tarballs have been signed and uploaded to our server and will be
propogating out to the mirrors within six hours.

To download the grimoire manually, get
http://codex.sourcemage.org/stable.tar.bz2 or specifically
http://codex.sourcemage.org/stable-0.60.tar.bz2 .

GPG signatures are available at
http://codex.sourcemage.org/stable.tar.bz2.asc or
http://codex.sourcemage.org/stable-0.60.tar.bz2.asc .

Following updates were integrated[0]:

Vlad Glagolev (2):
      php: corrected 5.3 branch build with suhosin patch     (cherry picked from commit 7159f3a37a7b2e745e46c91471b205d52021b19f)
      VERSION: 0.60-6

[0] Generated: 'git shortlog --no-merges stable-0.60-5..stable-0.60-6'

--

-- 
Dont wait to die to find paradise...
--
Cheerz,
Vlad "Stealth" Glagolev
(Continue reading)

Permalink | Reply | 0 comments |
headers
Vlad Glagolev | 1 Feb 11:08
Favicon
Gravatar

Announcing stable grimoire 0.60-5 release

The last months are pretty insecure :P

So here it is, stable grimoire version 0.60-5 has been released!

This is mostly a security update of 0.60 stable branch. It also
contains various critical fixes to build some major spells.

The tarballs have been signed and uploaded to our server and will be
propogating out to the mirrors within six hours.

To download the grimoire manually, get
http://codex.sourcemage.org/stable.tar.bz2 or specifically
http://codex.sourcemage.org/stable-0.60.tar.bz2 .

GPG signatures are available at
http://codex.sourcemage.org/stable.tar.bz2.asc or
http://codex.sourcemage.org/stable-0.60.tar.bz2.asc .

Following updates were integrated[0]:

Arjan Bouter (2):
      aewm: fixed build error and install paths     (cherry picked from commit 10df5b1508afbbb9a8e944b032ff62667b26f930)
      irssi: fixed the ordering in DETAILS so SOURCE exists before SOURCE2     uses it     (cherry picked from commit 8de4522da45dc74c7760b2b71061346f12f9e782)

Eric Sandall (1):
      samba: Updated to 3.6.1     (cherry picked from commit 869df0bc48f637b35d43af5b8587925e71ab6d10)

Florian Franzmann (1):
      utils/sudo: version 1.8.3p2, fixes CVE 2012-0809     (cherry picked from commit 6e39f48e692a201bfd74521abf4c9f90b233cd76)
(Continue reading)

Permalink | Reply | 0 comments |
headers
Vlad Glagolev | 19 Jan 15:50
Favicon
Gravatar

Announcing stable grimoire 0.60-4 release

Due to our paused (don't worry, it won't take much!) state of future
development and release cycle for Grimoire by now, stable grimoire
version 0.60-4 has been released as another update of stable 0.60 branch.

This is mostly a security update of 0.60 stable branch as well as grub2
bootloader bump which took some good work from our mages recently.

The tarballs have been signed and uploaded to our server and will be
propogating out to the mirrors within six hours.

To download the grimoire manually, get
http://codex.sourcemage.org/stable.tar.bz2 or specifically
http://codex.sourcemage.org/stable-0.60.tar.bz2 .

GPG signatures are available at
http://codex.sourcemage.org/stable.tar.bz2.asc or
http://codex.sourcemage.org/stable-0.60.tar.bz2.asc .

Following updates were integrated[0]:

Bor Kraljič (1):
      libsasl: fixed long description wrap (scripted)     (cherry picked from commit dd9d043a3dbe5d8cd8fec4bab0981730664d3c46)

Eric Sandall (4):
      grub2: fstest is no longer a valid option with 1.99
      grub2: Cleaned up HISTORY formatting     (cherry picked from commit a89a979304ae06250d2e85bf23ddf278e694a7d8)
      grub2: Remove debugging echo     (cherry picked from commit dfe2bdb3709aeae2bd9d7be4edd2a25a5b9a3299)
      grub2: Disable PIC for x86

Florian Franzmann (2):
(Continue reading)

Permalink | Reply | 0 comments |
headers
Vlad Glagolev | 10 Jan 00:04
Favicon
Gravatar

Announcing stable grimoire 0.60-3 release

Just after 0.60-2, stable grimoire version 0.60-3 has been released!

This is a hot security update (and hopefully the last one before 0.61)
of 0.60 stable branch. It also fixes git broken upstream mirror.

The tarballs have been signed and uploaded to our server and will be
propogating out to the mirrors within six hours.

To download the grimoire manually, get
http://codex.sourcemage.org/stable.tar.bz2 or specifically
http://codex.sourcemage.org/stable-0.60.tar.bz2 .

GPG signatures are available at
http://codex.sourcemage.org/stable.tar.bz2.asc or
http://codex.sourcemage.org/stable-0.60.tar.bz2.asc .

Following updates were integrated[0]:

Bor Kraljič (1):
      ipmitool: fixed long description wrap (scripted)     (cherry picked from commit 0eb461a52e915936d0fae830e0fd81e2fe745815)

George Sherwood (2):
      proftpd: Updated to version 1.3.3f     (cherry picked from commit a9473838656f0f511292b49a1484f8cb15309072)
      proftpd: Updated to version 1.3.4a     (cherry picked from commit 7f9f7f46f5bb06a7e73e4e9060277329644b8de2)

Vlad Glagolev (7):
      proftpd: this was a security update     (cherry picked from commit 5c41beefd7f09bc81e1b3aa225e778132059e58c)
      git: => 1.7.7.3     (cherry picked from commit d0b442f1e05254de20efc521556154dcc7d1a94c)
      unbound: fix #266     (cherry picked from commit 4c61ec26b8117e1186c3d6708dc117384b6e2dd2)
      unbound: => 1.4.13     (cherry picked from commit 70d5893424f01fa32130b2b099ad42662c3826da)
(Continue reading)

Permalink | Reply | 0 comments |
headers
Vlad Glagolev | 8 Jan 05:04
Favicon
Gravatar

Announcing stable grimoire 0.60-2 release

Stable grimoire version 0.60-2 has been released!

This is yet another security update of 0.60 stable branch.

The tarballs have been signed and uploaded to our server and will be
propogating out to the mirrors within six hours.

To download the grimoire manually, get
http://codex.sourcemage.org/stable.tar.bz2 or specifically
http://codex.sourcemage.org/stable-0.60.tar.bz2 .

GPG signatures are available at
http://codex.sourcemage.org/stable.tar.bz2.asc or
http://codex.sourcemage.org/stable-0.60.tar.bz2.asc .

Following updates were integrated[0] (thankies to Ladislav for many
of them):

Bor Kraljič (2):
      putty: fixed long description wrap (scripted)     (cherry picked from commit 68e920ba46b3ece84df469c26aff254d5f3615eb)
      vlc: check_self after cast of libdvbpsi (if we depend on it)

Ladislav Hagara (5):
      putty 0.62, SECURITY_PATCH=1
      vlc 1.1.13, SECURITY_PATCH=22, VideoLAN-SA-1108
      linux-pam 1.1.5, SECURITY_PATCH=3     (cherry picked from commit 449a197d68db3896effec68328c6854d1f8b39b3)
      openssl 1.0.0f, SECURITY_PATCH=14     (cherry picked from commit eaaef52e760c081fb0f45c8f9f8cd994e975f564)
      openssl 0.9.8s, SECURITY_PATCH=14     (cherry picked from commit 67470e61352fa8069c256c7073fe4ba663e4ed28)

Thomas Orgis (1):
(Continue reading)

Permalink | Reply | 0 comments |
headers
Vlad Glagolev | 3 Dec 14:31
Favicon
Gravatar

Announcing stable grimoire 0.60-1 release

Long-waiting stable grimoire version 0.60-1 has been released!

This is mostly a security update of 0.60 stable branch.
And I hope we will cut 0.61-rc pretty soon :)

The tarballs have been signed and uploaded to our server and will be
propogating out to the mirrors within six hours.

To download the grimoire manually, get
http://codex.sourcemage.org/stable.tar.bz2 or specifically
http://codex.sourcemage.org/stable-0.60.tar.bz2 .

GPG signatures are available at
http://codex.sourcemage.org/stable.tar.bz2.asc or
http://codex.sourcemage.org/stable-0.60.tar.bz2.asc .

Following updates were integrated[0]:

Bor Kraljič (1):
      privoxy: fixed long description wrap (scripted)     (cherry picked from commit 37f8cb526892911e54659bb804c3dc4f9b6a94af)

Ladislav Hagara (4):
      wireshark 1.6.3, SECURITY_PATCH=33     (cherry picked from commit 73a585b077e8c584407fb0ea247d38f5bea1136b)
      ffmpeg 0.7.7, SECURITY_PATCH=8     (cherry picked from commit a7d8328bcd16f3d57ead6884e478b67fb7dbfcae)
      nss 3.12.11.with.ckbi.1.88, SECURITY_PATCH=3     (cherry picked from commit 49d8bcc5d9f67435d7d20a310b5e3176f5c1f1f7)
      ffmpeg 0.7.8, SECURITY_PATCH=9     (cherry picked from commit 2b5afd9edec1d82f5ca5b0251b0c166251fab9e4)

Tommy Boatman (1):
      quagga: version 0.99.20     (cherry picked from commit 459c861e80758d410d3bf853b3cdcc67d77b1354)
(Continue reading)

Permalink | Reply | 0 comments |
headers
George Sherwood | 15 Oct 22:45

Announcing stable grimoire 0.60 release

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stable grimoire version 0.60 has been released!

Spells listed on the 0.60[0] release wiki were tested.

The tarballs have been signed and uploaded to our server and will be
propogating out to the mirrors within six hours.

To download the grimoire manually, get
http://codex.sourcemage.org/stable.tar.bz2 or specifically
http://codex.sourcemage.org/stable-0.60.tar.bz2.


GPG signatures are available at
http://codex.sourcemage.org/stable.tar.bz2.asc or
http://codex.sourcemage.org/stable-0.60.tar.bz2.asc.



Here's the shortlog[1] between 0.59 and 0.60 (had to delete the actual
comments to get this to the mailing list, just left the numbers and
names):

Andraž 'ruskie' Levstik (4):

Andraž Levstik (1):

Arjan Bouter (27):

Bor Kraljič (771):
(Continue reading)

Permalink | Reply | 0 comments |
headers
Vlad Glagolev | 2 Oct 21:54
Favicon
Gravatar

Announcing stable grimoire 0.59-4 release

Stable grimoire version 0.59-4 has been released!

This is mostly a security update of 0.59 stable branch.

The tarballs have been signed and uploaded to our server and will be
propogating out to the mirrors within six hours.

To download the grimoire manually, get
http://codex.sourcemage.org/stable.tar.bz2 or specifically
http://codex.sourcemage.org/stable-0.59.tar.bz2 .

GPG signatures are available at
http://codex.sourcemage.org/stable.tar.bz2.asc or
http://codex.sourcemage.org/stable-0.59.tar.bz2.asc .

Following updates were integrated[0]:

Bor Kraljič (3):
      udev: use the latest version of {,PRE}SUB_DEPENDS for REPAIR not some ancient     (cherry picked from commit 65d8386f8e15fa65593bd5be87e45bcb4494b289)
      gcc: fixed the source numbers for java in PRE_BUILD (fixes #115)     (cherry picked from commit 24da04334c58f553607e948f2f0c9781bce15c8c)
      apache22: fixed url sourcemage.org -> wiki.sourcemage.org (fixes #181)     (cherry picked from commit 10f03170a363bbd5a239a038f278c46fc552b9c3)

George Sherwood (1):
      thunderbird: Updated to version 5.0.  Various fixes need for     this specific build.     (cherry picked from
commit 55f17eaa2fd336ffe659f085899f96e17022b067)

Julien ROZO (2):
      thunderbird: updated version to 6.0     (cherry picked from commit c9bf457fca6685dfc80d4babd2b0f8b00dbc6ad0)
      thunderbird: updated version to 6.0.2, SECURITY_PATCH=28 (MFSA 2011-35)     (cherry picked from commit 2acea6469ee4fb4e9ce16d7c03150e77b6f73296)
(Continue reading)

Permalink | Reply | 0 comments |
headers
Jaka Kranjc | 22 Sep 20:12
Favicon

Sorcery 1.15.0 Released!

Sorcery 1.15.0 has finally been released! Yep, check the date. A long time has 
passed since the inception, so the changelog is long and full of bugfixes, 
optimisations and new features. Thanks to all involved!

The release notes are worst viewed on the wiki at
http://sourcemage.org/projects/sorcery/wiki/ReleaseNotes1150

Here are just the big highlights:
* sorcery queue and queue-security are now much faster by avoiding disk IO 
(~10 times in my case) and optionally (default: VERBOSE_QUEUING=on) more 
verbose. It displays all the reasons why the particular spell is being put 
into the queue. For security updates it states if there was more than one. 
    * as a side effect, also cast -Z is much faster when searching for possible 
updates (look it up, it is very handy)
* partly improved resurrect: better resurrection and its integration into the 
casting process 
    * a new tool (called resurrect) specifically for dealing with resurrecting 
(downgrades, upgrades, cache manipulation)
* timing functionality. It can be accessed via gaze time, gaze time-system and 
their subcommands. The functions print various casting times. Especially gaze 
time --full can be useful for estimating future casting time. 
* the spell's FINAL outputs are duplicated at the end of cast 
* when a spell fails, a short reason for the failure is displayed in the 
summary 
* improved cleanup algorithm when a spell fails in the dependency resolution 
part of cast 
* conflicts and security questions are now asked during the dependency 
resolution phase
    * the conflicts are then dispelled right before the spell is cast or 
resurrected
(Continue reading)

Permalink | Reply | 4 comments |
headers
Vlad Glagolev | 11 Sep 23:48
Favicon
Gravatar

smgl-archspecs 0.8.2 released

smgl-archspecs 0.8.2 has been released.

This release brings Intel Atom and Via C7 support.

Here are the changes since 0.8.1:

Arwed von Merkatz (2):
      32/ia32/intel/x86/atom: added Atom CPU
      64/x86_64/intel/em64t/atom: added 64 bit Atom archspec

Vlad Glagolev (1):
      added Esther C5J (Via C7) processor specs

--

-- 
Dont wait to die to find paradise...
--
Cheerz,
Vlad "Stealth" Glagolev
Permalink | Reply | 0 comments |

Gmane