20091218

This is primarily a maintenance release. The hardened toolchain was updated:

  • gcc-4.4.2-r1 from gcc-4.4.1-r2
  • glibc-2.11-r1 from glibc-2.9_p20081201-r4
  • binutils-2.20 from binutils-2.18-r3

The following links are the full list of updated packages from the previous release: amd64 and i686. Important package upgrades include:

  • bash-4.0_p35 from bash-4.0_p28
  • coreutils-7.5-r1 from coreutils-7.4
  • gnome-2.26.3 from gnome-2.24.1
  • mozilla-firefox-3.5.4 from mozilla-firefox-3.0.14
  • openssl-0.9.8l-r2 from openssl-0.9.8k
  • postfix-2.6.5 from postfix-2.5.7
  • python-2.6.4 from python-2.6.2-r1
  • seahorse-2.26.2 from seahorse-2.22.3
  • squashfs-tools-3.4 from squashfs-tools-3.3
  • util-linux-2.16.1 from util-linux-2.14.2
  • xorg-server-1.6.5-r1 from xorg-server-1.5.3-r6

A security audit tool written by Tobias Klein, called checksec.sh, was added to test running processes or binaries for relro, ssp, nx, pie, aslr. See his blog at www.trapkit.de.