Keeping Slackware 12.0 patched with security updates
 

Ok, I know this has probably been discussed a thousand times, but I can't seem to find information on how to keep my Slackware 12.0 install updated with all the relevant security updates.

I've browsed through my local friendly Slackware mirror, and read the Changelog.txt, and I see that since I installed Slackware there's a few patches that have been issued to fix various security issues. Is it a simple case of downloading the /patches/packages packages, and then upgradepkg'ing the lot? I presume not, as this will likely break some things, but a pointer in the right direction would be very much appreciated :)

It is really as simple as that.
There was the exceptional case once where there was a package added to Slackware as a "patch" because it was needed by another program which was updated, but that will likely not happen again anytime soon.
So, the "upgrade *.tgz" is basically all you need to do... in runlevel 3 or even better, in runlevel 1.

Eric

Should have known, this is Slackware after all :)

Have a look at slackpkg. Once you have setup your /etc/slackpkg/mirrors and /etc/slackpkg/blacklist files then (as root):
#slackpkg update
#slackpkg upgrade-all

Works great for keeping a stable Slack install up to date.

Indeed, but I think you're after:
The first will install any packages that might happen to be *added* to /patches (such as the *rare* case that Eric mentioned), and the second will upgrade everything to the version in /patches.

This is the way i use:

Now just type
and enjoy.

Just so I understand this properly... Does that mean the full process would be:
The man page recommends running the update step first to get the latest package lists.

I've had a look at slackpkg, and I uncommented the lines in /etc/slackpkg/blacklist for kernel-ide, kernel-modules, kernel-source, kernel-headers, aaa_elflibs and /extra/udev-alternate-versions - is there anything else I need to blacklist? I don't run any proprietary video drivers and most software I've compiled from slackbuilds.

In the mean time, I'll download the patches and upgradepkg them.

Yes, that's correct.

If you've upgraded any of the stock Slackware packages with new versions *not* in /patches, then you'll need to blacklist those packages. Slackpkg's goal is to sync your installed packages with those in the official tree, so it will "upgrade" those custom packages to the versions in the official tree.

Surely this is the easiest method? Instead of using slackpkg etc, just create a directory called patches, and subscribe to the slackware security mailing list. Whenever there's an update, go to a mirror and download it. Easy.

My favorite: Kslackcheck.

I received a message from a user here at LQ (pyllyukko) who's written a fairly impressive script, available here: http://null.maimed.org/~pyllyukko/files/swsp.sh

I've not used it yet, but it seems to do a *lot* of stuff with verifying GPG signatures, md5sums and generally automating the process of fetching the security patches.

I haven't tested it, as I'm just going to go down the init 3 and updatepkg route, but thought someone might need it if they ever stumble across this thread in the future...

I did the update (init 1 followed by upgradepkg *.tgz), and all seems to be working well :)

Phew!

Which is exactly what Kslackcheck does for you automagically. ;)