Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
12-22-2022, 11:04 AM
|
#1
|
Senior Member
Registered: Oct 2005
Location: France
Distribution: Slackware 15.0 64bit
Posts: 1,181
|
[LATEST CHANGELOG] Slackware-15.0
As suggested by marav
https://www.linuxquestions.org/quest...ml#post6399610
A slackware forum thread dedicaced to the latest slackware-15.0 changelog
This will at least give some visibility on the latest updates here on the forum
4 updates (x86_64). Including a (* Security fix *)! : 4 upgraded
Code:
Thu Dec 22 03:40:55 UTC 2022
patches/packages/bind-9.16.36-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/curl-7.87.0-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/mozilla-thunderbird-102.6.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains a security fix and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.6.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-54/
https://www.cve.org/CVERecord?id=CVE-2022-46874
(* Security fix *)
testing/packages/bind-9.16.36-x86_64-1_slack15.0.txz: Upgraded.
Provided by http://marav8.free.fr/report/slack-15.0-x86_64.txt
Last edited by gegechris99; 12-23-2022 at 01:53 AM.
|
|
|
12-22-2022, 11:14 AM
|
#2
|
Senior Member
Registered: Oct 2005
Location: France
Distribution: Slackware 15.0 64bit
Posts: 1,181
Original Poster
|
I'll strive to timely post here any update of Slackware 15.0 changelog.
I'll use the output of marav script provided at http://marav8.free.fr/report/slack-15.0-x86_64.txt
Should you detect the update before me, don't hesitate to post it.
I won't have any hard feeling about it 
|
|
7 members found this post helpful.
|
12-22-2022, 01:02 PM
|
#3
|
LQ Sage
Registered: Sep 2018
Location: Gironde
Distribution: Slackware
Posts: 5,952
|
Very good !
Let me know if you want to be notified by mail ;-)
Almost 100 views and no one noticed the error in the changelog 
|
|
|
12-22-2022, 01:59 PM
|
#4
|
Member
Registered: Mar 2022
Location: Ontario, Canada
Distribution: Slackware
Posts: 188
Rep: 
|
On the subject of the changelog, I don't follow the testing directory, but I did notice that bind under testing has reverted to 9.16.36 (matching what was added in patches).
Quote:
testing/packages/bind-9.16.36-x86_64-1_slack15.0.txz
|
Back in March, version 9.18 slipped into patches by mistake, and PV put it into testing when reverting back to 9.16. Did 9.16 get added to testing by mistake?
Quote:
Mon Mar 21 20:24:16 UTC 2022
patches/packages/bind-9.16.27-x86_64-1_slack15.0.txz: Upgraded.
Sorry folks, I had not meant to bump BIND to the newer branch. I've moved
the other packages into /testing.
|
|
|
1 members found this post helpful.
|
12-23-2022, 01:44 AM
|
#5
|
Senior Member
Registered: Oct 2005
Location: France
Distribution: Slackware 15.0 64bit
Posts: 1,181
Original Poster
|
1 updates (x86_64) : 1 upgraded
Code:
Fri Dec 23 02:37:47 UTC 2022
testing/packages/bind-9.18.10-x86_64-1_slack15.0.txz: Upgraded.
|
|
1 members found this post helpful.
|
12-23-2022, 01:50 AM
|
#6
|
Senior Member
Registered: Oct 2005
Location: France
Distribution: Slackware 15.0 64bit
Posts: 1,181
Original Poster
|
Quote:
Originally Posted by LuckyCyborg
I believe that Slackware is a great distribution, more than worth to be spelled its name with capital "S" letter, that's why I ask you to be kind to edit the thread title s/slackware/Slackware
|
I could not find a way to edit the thread title (Edit doesn't allow that and there is no entry in Thread Tool).
Any pointer on how to change the thread title is welcome.
--EDIT-- forget about it. I found it (in Edit "Advanced")
Last edited by gegechris99; 12-23-2022 at 01:54 AM.
Reason: found it!!!
|
|
|
12-23-2022, 05:11 AM
|
#7
|
Senior Member
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 15.0 + Multilib
Posts: 2,159
|
Thanks for taking on the [LATEST CHANGELOG] Slackware-15.0 Thread gegechris99
-- kjh
Last edited by kjhambrick; 12-23-2022 at 05:12 AM.
|
|
|
01-04-2023, 12:37 AM
|
#8
|
Senior Member
Registered: Oct 2005
Location: France
Distribution: Slackware 15.0 64bit
Posts: 1,181
Original Poster
|
3 updates (x86_64). Including a (* Security fix *)! : 2 upgraded, 1 rebuilt
Code:
Wed Jan 4 02:18:08 UTC 2023
patches/packages/libtiff-4.4.0-x86_64-1_slack15.0.txz: Upgraded.
Patched various security bugs.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-2056
https://www.cve.org/CVERecord?id=CVE-2022-2057
https://www.cve.org/CVERecord?id=CVE-2022-2058
https://www.cve.org/CVERecord?id=CVE-2022-3970
https://www.cve.org/CVERecord?id=CVE-2022-34526
(* Security fix *)
patches/packages/rxvt-unicode-9.26-x86_64-3_slack15.0.txz: Rebuilt.
When the "background" extension was loaded, an attacker able to control the
data written to the terminal would be able to execute arbitrary code as the
terminal's user. Thanks to David Leadbeater and Ben Collver.
For more information, see:
https://www.openwall.com/lists/oss-security/2022/12/05/1
https://www.cve.org/CVERecord?id=CVE-2022-4170
(* Security fix *)
patches/packages/whois-5.5.15-x86_64-1_slack15.0.txz: Upgraded.
Updated the .bd, .nz and .tv TLD servers.
Added the .llyw.cymru, .gov.scot and .gov.wales SLD servers.
Updated the .ac.uk and .gov.uk SLD servers.
Recursion has been enabled for whois.nic.tv.
Updated the list of new gTLDs with four generic TLDs assigned in October 2013
which were missing due to a bug.
Removed 4 new gTLDs which are no longer active.
Added the Georgian translation, contributed by Temuri Doghonadze.
Updated the Finnish translation, contributed by Lauri Nurmi.
Provided by http://marav8.free.fr/report/slack-15.0-x86_64.txt
|
|
1 members found this post helpful.
|
01-04-2023, 11:43 PM
|
#9
|
Senior Member
Registered: Oct 2005
Location: France
Distribution: Slackware 15.0 64bit
Posts: 1,181
Original Poster
|
2 updates (x86_64). Including a (* Security fix *)! : 2 upgraded
Code:
Thu Jan 5 03:09:24 UTC 2023
patches/packages/vim-9.0.1146-x86_64-1_slack15.0.txz: Upgraded.
Fixed security issues:
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0049
https://www.cve.org/CVERecord?id=CVE-2023-0051
(* Security fix *)
patches/packages/vim-gvim-9.0.1146-x86_64-1_slack15.0.txz: Upgraded.
Provided by http://marav8.free.fr/report/slack-15.0-x86_64.txt
|
|
2 members found this post helpful.
|
01-06-2023, 08:26 PM
|
#10
|
Member
Registered: Apr 2005
Location: Oklahoma, USA
Distribution: Slackware
Posts: 940
|
4 updates (x86_64). Including a (* Security fix *)! : 3 upgraded, 1 rebuilt
Code:
Sat Jan 7 01:50:00 UTC 2023
extra/php80/php80-8.0.27-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
PDO::quote() may return unquoted string.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31631
(* Security fix *)
extra/php81/php81-8.1.14-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
PDO::quote() may return unquoted string.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31631
(* Security fix *)
patches/packages/mozilla-nss-3.87-x86_64-1_slack15.0.txz: Upgraded.
Fixed memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures.
For more information, see:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
https://www.cve.org/CVERecord?id=CVE-2021-43527
(* Security fix *)
patches/packages/php-7.4.33-x86_64-2_slack15.0.txz: Rebuilt.
This update fixes a security issue:
PDO::quote() may return unquoted string.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31631
(* Security fix *)
Provided by http://marav8.free.fr/report/slack-15.0-x86_64.txt
|
|
1 members found this post helpful.
|
01-10-2023, 03:54 PM
|
#11
|
Member
Registered: Apr 2005
Location: Oklahoma, USA
Distribution: Slackware
Posts: 940
|
1 updates (x86_64) : 1 rebuilt
Code:
Tue Jan 10 21:32:00 UTC 2023
patches/packages/ca-certificates-20221205-noarch-2_slack15.0.txz: Rebuilt.
Make sure that if we're installing this package on another partition (such as
when using installpkg with a --root parameter) that the updates are done on
that partition. Thanks to fulalas.
Provided by http://marav8.free.fr/report/slack-15.0-x86_64.txt
|
|
2 members found this post helpful.
|
01-13-2023, 03:07 PM
|
#12
|
Member
Registered: Apr 2005
Location: Oklahoma, USA
Distribution: Slackware
Posts: 940
|
1 updates (x86_64). Including a (* Security fix *)! : 1 upgraded
Code:
Fri Jan 13 20:29:55 UTC 2023
patches/packages/netatalk-3.1.14-x86_64-1_slack15.0.txz: Upgraded.
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow
resulting in code execution via a crafted .appl file.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-45188
(* Security fix *)
Provided by http://marav8.free.fr/report/slack-15.0-x86_64.txt
|
|
2 members found this post helpful.
|
01-18-2023, 07:51 AM
|
#13
|
Member
Registered: Apr 2005
Location: Oklahoma, USA
Distribution: Slackware
Posts: 940
|
4 updates (x86_64). Including a (* Security fix *)! : 4 upgraded
Code:
Wed Jan 18 06:11:54 UTC 2023
patches/packages/git-2.35.6-x86_64-1_slack15.0.txz: Upgraded.
This release fixes two security issues:
* CVE-2022-41903:
git log has the ability to display commits using an arbitrary
format with its --format specifiers. This functionality is also
exposed to git archive via the export-subst gitattribute.
When processing the padding operators (e.g., %<(, %<|(, %>(,
%>>(, or %><( ), an integer overflow can occur in
pretty.c::format_and_pad_commit() where a size_t is improperly
stored as an int, and then added as an offset to a subsequent
memcpy() call.
This overflow can be triggered directly by a user running a
command which invokes the commit formatting machinery (e.g., git
log --format=...). It may also be triggered indirectly through
git archive via the export-subst mechanism, which expands format
specifiers inside of files within the repository during a git
archive.
This integer overflow can result in arbitrary heap writes, which
may result in remote code execution.
* CVE-2022-23521:
gitattributes are a mechanism to allow defining attributes for
paths. These attributes can be defined by adding a `.gitattributes`
file to the repository, which contains a set of file patterns and
the attributes that should be set for paths matching this pattern.
When parsing gitattributes, multiple integer overflows can occur
when there is a huge number of path patterns, a huge number of
attributes for a single pattern, or when the declared attribute
names are huge.
These overflows can be triggered via a crafted `.gitattributes` file
that may be part of the commit history. Git silently splits lines
longer than 2KB when parsing gitattributes from a file, but not when
parsing them from the index. Consequentially, the failure mode
depends on whether the file exists in the working tree, the index or
both.
This integer overflow can result in arbitrary heap reads and writes,
which may result in remote code execution.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-41903
https://www.cve.org/CVERecord?id=CVE-2022-23521
(* Security fix *)
patches/packages/httpd-2.4.55-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and the following security issues:
mod_proxy allows a backend to trigger HTTP response splitting.
mod_proxy_ajp possible request smuggling.
mod_dav out of bounds read, or write of zero byte.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.55
https://www.cve.org/CVERecord?id=CVE-2022-37436
https://www.cve.org/CVERecord?id=CVE-2022-36760
https://www.cve.org/CVERecord?id=CVE-2006-20001
(* Security fix *)
patches/packages/libXpm-3.5.15-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Infinite loop on unclosed comments.
Runaway loop with width of 0 and enormous height.
Compression commands depend on $PATH.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-46285
https://www.cve.org/CVERecord?id=CVE-2022-44617
https://www.cve.org/CVERecord?id=CVE-2022-4883
(* Security fix *)
patches/packages/mozilla-firefox-102.7.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/102.7.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/
https://www.cve.org/CVERecord?id=CVE-2022-46871
https://www.cve.org/CVERecord?id=CVE-2023-23598
https://www.cve.org/CVERecord?id=CVE-2023-23599
https://www.cve.org/CVERecord?id=CVE-2023-23601
https://www.cve.org/CVERecord?id=CVE-2023-23602
https://www.cve.org/CVERecord?id=CVE-2022-46877
https://www.cve.org/CVERecord?id=CVE-2023-23603
https://www.cve.org/CVERecord?id=CVE-2023-23605
(* Security fix *)
Provided by http://marav8.free.fr/report/slack-15.0-x86_64.txt
|
|
2 members found this post helpful.
|
01-18-2023, 09:18 PM
|
#14
|
Member
Registered: Apr 2005
Location: Oklahoma, USA
Distribution: Slackware
Posts: 940
|
1 updates (x86_64). Including a (* Security fix *)! : 1 upgraded
Code:
Thu Jan 19 00:40:12 UTC 2023
patches/packages/sudo-1.9.12p2-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a flaw in sudo's -e option (aka sudoedit) that could allow
a malicious user with sudoedit privileges to edit arbitrary files.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-22809
(* Security fix *)
Provided by http://marav8.free.fr/report/slack-15.0-x86_64.txt
|
|
|
01-21-2023, 03:57 AM
|
#15
|
Senior Member
Registered: Oct 2005
Location: France
Distribution: Slackware 15.0 64bit
Posts: 1,181
Original Poster
|
2 updates (x86_64). Including a (* Security fix *)! : 2 upgraded
Code:
Fri Jan 20 23:58:24 UTC 2023
patches/packages/mozilla-thunderbird-102.7.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.7.0/releasenotes/
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird102.7
(* Security fix *)
patches/packages/seamonkey-2.53.15-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.15
(* Security fix *)
Last edited by gegechris99; 01-21-2023 at 04:02 AM.
|
|
5 members found this post helpful.
|
All times are GMT -5. The time now is 05:17 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|