Yes, during the years, that page has only linked to changelogs of current and latest stable. To read changelogs of any older still maintained Slackware version it used to be possible to walk around in the ftp server provided by the ftp URLs from the same page. Unfortunately the Firefox of today no longer support ftp URLs.

No, those notices are instead in the changelogs of those older versions.

It is true that this is a unique situation that only the latest stable version of Slackware is still being maintained. On the other hand, the 14 versions was maintained for about as many years as any other version of Slackware:

https://endoflife.date/slackware

The version maintained for the longest time was Slacwkare 8.1 which was maintained for slightly more than 10 years.

However, even though a maintained version of Slackware has not become EOL does not mean that all packages receive security updates. Lets have a loock at Slackware 14.2 and the Mozilla Firefox package as an example:

Slacware 14.2 was released 2016-06-30 with mozilla-firefox-45.2.0esr.

Released slackware 14.2 received almost 60 updates of mozilla-firefox until the last update to mozilla-firefox-68.12.0esr 2020-08-24.

Then for a little more than 3 years and 3 months even though Slackware 14.2 was not EOL it did not receive any more security update of Mozilla Firefox. The same applies for many more packages. When upstream providers no longer provide versions possible to compile on old maintained versions of Slackware those new version will not be provided for the old versions of Slackware.

regards Henrik

openjpeg-2.5.1 --->openjpeg-2.5.2
http://ftp.nluug.nl/os/Linux/distr/s...urce/openjpeg/
Fixed a regression in openjpeg-2.5.1:
API breakage / openjpeg version no longer detected (openjpeg.h no longer
includes opj_config.h).

expat-2.6.0 --->expat-2.6.1
http://ftp.nluug.nl/os/Linux/distr/s.../source/expat/
Bug fixes:
#817 Make tests independent of CPU speed, and thus more robust
#828 #836 Expose billion laughs API with XML_DTD defined and
XML_GE undefined, regression from 2.6.0

Other changes:
#829 Hide test-only code behind new internal macro
#833 Autotools: Reject expat_config.h.in defining SIZEOF_VOID_P
#819 Address compiler warnings
#832 #834 Version info bumped from 10:0:9 (libexpat*.so.1.9.0)
to 10:1:9 (libexpat*.so.1.9.1); see https://verbump.de/
for what these numbers do

Infrastructure:
#818 CI: Adapt to breaking changes in clang-format

openssl-1.1.1w and a little more
https://filetransfer.io/data-package/rN7AAZRf#link
*if you have processor lower than intel haswell removed the extensions SLKCFLAGS
**slackbuilds are not masterpieces because it was for my personal use

this fixes:
CVE-2023-4807 POLY1305 MAC implementation corrupts XMM registers on Windows [Low severity] 08 September 2023
CVE-2023-3446 Excessive time spent checking DH keys and parameters [Low severity] 13 July 2023
CVE-2023-2650 Possible DoS translating ASN.1 object identifiers [Moderate severity] 30 May 2023
CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored [Low severity] 23 March 2023
CVE-2023-0466 Certificate policy check not enabled [Low severity] 21 March 2023
CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints [Low severity] 21 March 2023
CVE-2023-0286 X.400 address type confusion in X.509 GeneralName [High severity] 07 February 2023
CVE-2023-0215 Use-after-free following BIO_new_NDEF [Moderate severity] 07 February 2023
CVE-2022-4304 Timing Oracle in RSA Decryption [Moderate severity] 07 February 2023
CVE-2022-2068 The c_rehash script allows command injection [Moderate severity] 21 June 2022
CVE-2022-1292 The c_rehash script allows command injection [Moderate severity] 03 May 2022
CVE-2022-0778 Infinite loop in BN_mod_sqrt() reachable when parsing certificates [High severity] 15 March 2022
CVE-2021-4160 BN_mod_exp may produce incorrect results on MIPS [Moderate severity] 28 January 2022
CVE-2021-3712 Read buffer overruns processing ASN.1 strings [Moderate severity] 24 August 2021
CVE-2021-23841 Null pointer deref in X509_issuer_and_serial_hash() [Moderate severity] 16 February 2021
CVE-2021-23840 Integer overflow in CipherUpdate [Low severity] 16 February 2021
CVE-2021-23839 Incorrect SSLv2 rollback protection [Low severity] 16 February 2021
CVE-2020-1971 EDIPARTYNAME NULL pointer dereference [High severity] 08 December 2020
CVE-2020-1968 Raccoon attack [Low severity] 09 September 2020

this does not fixes:
CVE-2024-0727 PKCS12 Decoding crashes [Low severity] 25 January 2024
CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value [LOW severity] 06 November 2023

expat-2.6.1 --->expat-2.6.2
https://reddoglinux.ddns.net/linux/s.../source/expat/

xfce4-session need libexpat.la

build a expat scratch, copy libexpat.la inside your slackbuild.
add:

cd ..
# CMake does not produce .la files, so we need to create them otherwise we'll
# cause breakage due to references in other .la files:
cp $CWD/libexpat.la $PKG/usr/lib64/libexpat.la
chmod 755 $PKG/usr/lib64/libexpat.la

instead of:
# Don't ship .la files:
rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la

* this solution comes from Pat slackbuild for jpg-turbo, I deserve no special credit for this.

libarchive-3.7.2 --->libarchive-3.7.3

This update fixes a security issue:
Fix possible vulnerability in tar error reporting introduced in f27c173
by JiaT75.
For more information, see:
https://github.com/libarchive/libarc...1207c3f04ff34f
https://github.com/libarchive/libarchive/pull/2101
(* Security fix *)

https://mirror.slackbuilds.org/slack...ce/libarchive/