[LATEST CHANGELOG] Slackware-15.0

Jeebizz · 05-14-2023, 05:38 PM

Code:

Sun May 14 17:03:16 UTC 2023

a/pkgtools-15.1-noarch-5.txz: Rebuilt.
       installpkg, removepkg, upgradepkg: make all of these scripts accept either
       --dry-run or --warn for consistency. Thanks to Brent Spillner.

So what does this mean? It is like a simulation install and doesn't actually install the package?

marav · 05-14-2023, 05:42 PM

Quote:

Originally Posted by Jeebizz

Code:

Sun May 14 17:03:16 UTC 2023

a/pkgtools-15.1-noarch-5.txz: Rebuilt.
       installpkg, removepkg, upgradepkg: make all of these scripts accept either
       --dry-run or --warn for consistency. Thanks to Brent Spillner.

So what does this mean? It is like a simulation install and doesn't actually install the package?

https://en.wikipedia.org/wiki/Dry_run_(testing)

dhalliwe · 05-15-2023, 10:09 AM

Just a note for anyone else that was getting confused. The change log entry

Quote:

Sun May 14 17:03:16 UTC 2023

a/pkgtools-15.1-noarch-5.txz: Rebuilt.

is actually from slackware-current, not slackware-15.0.

drumz · 05-15-2023, 01:28 PM

Quote:

Originally Posted by Jeebizz

Code:

Sun May 14 17:03:16 UTC 2023

a/pkgtools-15.1-noarch-5.txz: Rebuilt.
       installpkg, removepkg, upgradepkg: make all of these scripts accept either
       --dry-run or --warn for consistency. Thanks to Brent Spillner.

So what does this mean? It is like a simulation install and doesn't actually install the package?

Try looking in the man pages... on Slackware 15.0 --dry-run is only present in upgradepkg. One can (safely) presume it will have the same meaning in installpkg and removepkg.

Code:

man upgradepkg

OPTIONS
       --dry-run
              Output  a  report about which packages would be installed or upgraded but
              don't actually perform the upgrades.

metaed · 05-17-2023, 05:33 PM

3 updates (x86_64). Including a (* Security fix *)! : 3 upgraded

Code:

Wed May 17 20:59:51 UTC 2023
patches/packages/curl-8.1.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  more POST-after-PUT confusion.
  IDN wildcard match.
  siglongjmp race condition.
  UAF in SSH sha256 fingerprint check.
  For more information, see:
    https://curl.se/docs/CVE-2023-28322.html
    https://curl.se/docs/CVE-2023-28321.html
    https://curl.se/docs/CVE-2023-28320.html
    https://curl.se/docs/CVE-2023-28319.html
    https://www.cve.org/CVERecord?id=CVE-2023-28322
    https://www.cve.org/CVERecord?id=CVE-2023-28321
    https://www.cve.org/CVERecord?id=CVE-2023-28320
    https://www.cve.org/CVERecord?id=CVE-2023-28319
  (* Security fix *)
patches/packages/bind-9.16.41-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
testing/packages/bind-9.18.15-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.

Provided by http://marav8.free.fr/report/slack-15.0-x86_64.txt

metaed · 05-19-2023, 03:01 PM

1 updates (x86_64). Including a (* Security fix *)! : 1 upgraded

Code:

Fri May 19 18:59:24 UTC 2023
patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz:  Upgraded.
  [PATCH] Merge pull request from GHSA-gpxc-v2m8-fr3x.
  With execv() command line arguments are passed as separate strings and
  not the full command line in a single string. This prevents arbitrary
  command execution by escaping the quoting of the arguments in a job
  with forged job title.
  Thanks to marav.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-24805
  (* Security fix *)

Provided by http://marav8.free.fr/report/slack-15.0-x86_64.txt

garpu · 05-19-2023, 04:45 PM

Wrong thread, sorry.

gegechris99 · 05-22-2023, 04:09 PM

1 updates (x86_64). Including a (* Security fix *)! : 1 upgraded

Code:

Mon May 22 19:05:02 UTC 2023
patches/packages/c-ares-1.19.1-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  0-byte UDP payload causes Denial of Service.
  Insufficient randomness in generation of DNS query IDs.
  Buffer Underwrite in ares_inet_net_pton().
  AutoTools does not set CARES_RANDOM_FILE during cross compilation.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-32067
    https://www.cve.org/CVERecord?id=CVE-2023-31147
    https://www.cve.org/CVERecord?id=CVE-2023-31130
    https://www.cve.org/CVERecord?id=CVE-2023-31124
  (* Security fix *)

Provided by http://marav8.free.fr/report/slack-15.0-x86_64.txt

gegechris99 · 05-24-2023, 11:54 PM

2 updates (x86_64). Including a (* Security fix *)! : 2 upgraded

Code:

Thu May 25 00:24:33 UTC 2023
patches/packages/curl-8.1.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/texlive-2023.230322-x86_64-1_slack15.0.txz:  Upgraded.
  This update patches a security issue:
  LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
  compiling a TeX file obtained from an untrusted source. This occurs
  because luatex-core.lua lets the original io.popen be accessed. This also
  affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
  Thanks to Johannes Schoepfer.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-32700
  (* Security fix *)

Provided by http://marav8.free.fr/report/slack-15.0-x86_64.txt

metaed · 05-25-2023, 03:41 PM

2 updates (x86_64). Including a (* Security fix *)! : 2 upgraded

Code:

Thu May 25 19:04:56 UTC 2023
patches/packages/mozilla-thunderbird-102.11.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.11.1/releasenotes/
patches/packages/ntfs-3g-2022.10.3-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed vulnerabilities that may allow an attacker using a maliciously
  crafted NTFS-formatted image file or external storage to potentially
  execute arbitrary privileged code or cause a denial of service.
  Thanks to opty.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40284
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30789
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30788
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30787
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30786
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30785
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30784
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30783
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46790
  (* Security fix *)

Provided by http://marav8.free.fr/report/slack-15.0-x86_64.txt

metaed · 05-27-2023, 05:01 PM

1 updates (x86_64) : 1 upgraded

Code:

Sat May 27 20:42:29 UTC 2023
patches/packages/mozilla-thunderbird-102.11.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.11.2/releasenotes/

Provided by http://marav8.free.fr/report/slack-15.0-x86_64.txt

metaed · 05-30-2023, 09:09 PM

3 updates (x86_64). Including a (* Security fix *)! : 3 upgraded

Code:

Wed May 31 01:29:12 UTC 2023
patches/packages/curl-8.1.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/openssl-1.1.1u-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Possible DoS translating ASN.1 object identifiers.
  For more information, see:
    https://www.openssl.org/news/secadv/20230530.txt
    https://www.cve.org/CVERecord?id=CVE-2023-2650
  (* Security fix *)
patches/packages/openssl-solibs-1.1.1u-x86_64-1_slack15.0.txz:  Upgraded.

Provided by http://marav8.free.fr/report/slack-15.0-x86_64.txt

metaed · 06-02-2023, 05:20 PM

2 updates (x86_64). Including a (* Security fix *)! : 2 upgraded

Code:

Fri Jun  2 20:56:35 UTC 2023
patches/packages/cups-2.4.3-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed a heap buffer overflow in _cups_strlcpy(), when the configuration file
  cupsd.conf sets the value of loglevel to DEBUG, that could allow a remote
  attacker to launch a denial of service (DoS) attack, or possibly execute
  arbirary code.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-32324
  (* Security fix *)
patches/packages/ntp-4.2.8p16-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-26551
    https://www.cve.org/CVERecord?id=CVE-2023-26552
    https://www.cve.org/CVERecord?id=CVE-2023-26553
    https://www.cve.org/CVERecord?id=CVE-2023-26554
    https://www.cve.org/CVERecord?id=CVE-2023-26555
  (* Security fix *)

Provided by http://marav8.free.fr/report/slack-15.0-x86_64.txt

metaed · 06-04-2023, 03:24 PM

3 updates (x86_64) : 3 upgraded

Code:

Sun Jun  4 19:16:13 UTC 2023
extra/sendmail/sendmail-8.17.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
extra/sendmail/sendmail-cf-8.17.2-noarch-1_slack15.0.txz:  Upgraded.
patches/packages/libmilter-8.17.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.

Provided by http://marav8.free.fr/report/slack-15.0-x86_64.txt

metaed · 06-06-2023, 04:41 PM

4 updates (x86_64). Including a (* Security fix *)! : 2 upgraded, 2 rebuilt

Code:

Tue Jun  6 20:26:59 UTC 2023
extra/sendmail/sendmail-8.17.2-x86_64-2_slack15.0.txz:  Rebuilt.
  Recompiled without -DUSE_EAI or ICU libraries as this experimental option
  is still leading to regressions.
extra/sendmail/sendmail-cf-8.17.2-noarch-2_slack15.0.txz:  Rebuilt.
patches/packages/mozilla-firefox-102.12.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.12.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2023-19/
    https://www.cve.org/CVERecord?id=CVE-2023-34414
    https://www.cve.org/CVERecord?id=CVE-2023-34416
  (* Security fix *)
patches/packages/ntp-4.2.8p17-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.

Provided by http://marav8.free.fr/report/slack-15.0-x86_64.txt