SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A slackware forum thread dedicaced to the latest slackware-current changelog
This will at least give some visibility on the latest updates here on the forum
10 updates including a (* Security fix *) : 5 upgraded, 4 rebuilt, 1 added
Code:
Sat Aug 7 19:04:04 UTC 2021
a/aaa_glibc-solibs-2.33-x86_64-3.txz: Rebuilt.
a/usbutils-014-x86_64-1.txz: Upgraded.
ap/mariadb-10.6.4-x86_64-1.txz: Upgraded.
ap/nvme-cli-1.15-x86_64-1.txz: Upgraded.
l/glibc-2.33-x86_64-3.txz: Rebuilt.
Since glibc-2.34 makes a potentially risky change of moving all functions
into the main library, and another inconvenient (for us) change of renaming
the library files, we'll stick with glibc-2.33 for Slackware 15.0 and test
the newer glibc in the next release cycle. But we'll backport the security
fixes from glibc-2.34 with this update:
The nameserver caching daemon (nscd), when processing a request for netgroup
lookup, may crash due to a double-free, potentially resulting in degraded
service or Denial of Service on the local system. Reported by Chris Schanzle.
The mq_notify function has a potential use-after-free issue when using a
notification type of SIGEV_THREAD and a thread attribute with a non-default
affinity mask.
The wordexp function may overflow the positional parameter number when
processing the expansion resulting in a crash. Reported by Philippe Antoine.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27645
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35942
(* Security fix *)
l/glibc-i18n-2.33-x86_64-3.txz: Rebuilt.
l/glibc-profile-2.33-x86_64-3.txz: Rebuilt.
l/liburing-2.0-x86_64-1.txz: Added.
This is needed by mariadb, and provides increased performance on high speed
devices such as NVMe.
n/dovecot-2.3.16-x86_64-1.txz: Upgraded.
xap/blueman-2.2.2-x86_64-1.txz: Upgraded.
An interesting addition there is liburing. A userspace library for interfacing with the kernel's io_uring system for asynchronous i/o.
What is io_uring? It's basically a ring buffer for userspace to send operations to for asynchronous queuing, with submission and completion events. It avoids context switching and copying data between kernel and userspace (because it's a shared buffer). Essentially, the end result is that the CPU can go do something else sooner.
An obstacle to using it was that applications had to interface with io_ring themselves. Now that there's a library abstraction, more applications may start using it.
MariaDB was mentioned, but also Samba has a module that can be built if liburing is present. Recent Qemu can make use of it as well.
Since glibc-2.34 makes a potentially risky change of moving all functions
into the main library, and another inconvenient (for us) change of renaming
the library files, we'll stick with glibc-2.33 for Slackware 15.0 and test
the newer glibc in the next release cycle.
I wonder if any of the linux from scratch crowd (Nobby6?) has tried implementing glibc-2.34 and if perhaps its not as problematic a move as it might at first seem?
Just more of a curiosity, I know that staying at glibc-2.33 this close to a 15.0 release makes sense.
Distribution: Slackware64 15.0, Slackware64 -current, stuff on qemu
Posts: 400
Rep:
I tried a glibc-2.33 to 2.34 upgrade on LFS, and it seemed to go OK without any other rebuilds. It was an install > remove > ldconfig procedure with this homemade package manager. The biggest caveat is that I was using development LFS, which has symlinks for /bin, /sbin and /lib.
And I 100% agree that not pulling the trigger on glibc yet is sensible. It takes much more comprehensive testing to get the upgrade done if you're in charge of a distribution and not just "some guy." 7
EDIT: The upgrade also worked with actual /bin, etc.
I think it's also worth mentioning the gtk4 and openresolv package additions to the Mon Aug 16 05:28:16 UTC 2021 update:
Code:
Mon Aug 16 05:28:16 UTC 2021
Hey everyone, long time no see!
...
l/gtk4-4.2.1-x86_64-1.txz: Added.
...
n/openresolv-3.12.0-noarch-1.txz: Added.
This is needed for wg-quick in the wireguard-tools package.
Thanks to synbq Bucharest, Jeremy Hansen, and Daniel Wilkins.
...
15 updates including a (* Security fix *) : 10 upgraded, 5 rebuilt
Code:
Tue Aug 17 20:08:40 UTC 2021
a/aaa_glibc-solibs-2.33-x86_64-4.txz: Rebuilt.
a/util-linux-2.37.2-x86_64-1.txz: Upgraded.
d/git-2.33.0-x86_64-1.txz: Upgraded.
d/vala-0.52.5-x86_64-1.txz: Upgraded.
l/gexiv2-0.12.3-x86_64-1.txz: Upgraded.
l/glibc-2.33-x86_64-4.txz: Rebuilt.
In librt, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain
NOTIFY_REMOVED data, leading to a NULL pointer dereference.
NOTE: this vulnerability was introduced as a side effect of the
CVE-2021-33574 fix.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38604
(* Security fix *)
l/glibc-i18n-2.33-x86_64-4.txz: Rebuilt.
l/glibc-profile-2.33-x86_64-4.txz: Rebuilt.
l/libcap-2.53-x86_64-1.txz: Upgraded.
l/python2-module-collection-2.7.18-x86_64-5.txz: Rebuilt.
Added dbus-python-1.2.16.
n/ModemManager-1.16.10-x86_64-1.txz: Upgraded.
n/NetworkManager-1.32.8-x86_64-1.txz: Upgraded.
n/stunnel-5.60-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-91.0.1-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.0.1/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2021-37/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29991
(* Security fix *)
xap/mozilla-thunderbird-91.0.1-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.0.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-37/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29991
(* Security fix *)
12 updates including a (* Security fix *) : 8 upgraded, 4 rebuilt
Code:
Thu Aug 19 05:17:32 UTC 2021
a/aaa_libraries-15.0-x86_64-9.txz: Rebuilt.
Fixed wrong version of libasound.so.2.0.0.
Thanks to Eduardo Charquero and PiterPunk.
a/kernel-firmware-20210818_c46b8c3-noarch-1.txz: Upgraded.
a/kernel-generic-5.13.12-x86_64-1.txz: Upgraded.
a/kernel-huge-5.13.12-x86_64-1.txz: Upgraded.
a/kernel-modules-5.13.12-x86_64-1.txz: Upgraded.
d/kernel-headers-5.13.12-x86-1.txz: Upgraded.
k/kernel-source-5.13.12-noarch-1.txz: Upgraded.
kde/konsole-21.08.0-x86_64-2.txz: Rebuilt.
Patched to fix konsole size and toolbars. Thanks to alienBOB and PiterPunk.
n/bind-9.16.20-x86_64-1.txz: Upgraded.
This update fixes bugs and the following security issue:
An assertion failure occurred when named attempted to send a UDP packet that
exceeded the MTU size, if Response Rate Limiting (RRL) was enabled.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25218
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Sat Aug 21 04:38:34 UTC 2021
a/e2fsprogs-1.46.4-x86_64-1.txz: Upgraded.
d/ccache-4.4-x86_64-1.txz: Upgraded.
d/mercurial-5.9-x86_64-1.txz: Upgraded.
kde/konsole-21.08.0-x86_64-3.txz: Rebuilt.
Merged another upstream patch for the case where there is no konsolerc.
l/glib2-2.68.4-x86_64-1.txz: Upgraded.
l/gnu-efi-3.0.14-x86_64-1.txz: Upgraded.
n/libmilter-8.17.1-x86_64-1.txz: Upgraded.
n/nftables-1.0.0-x86_64-1.txz: Upgraded.
n/openssh-8.7p1-x86_64-1.txz: Upgraded.
x/ibus-1.5.25-x86_64-1.txz: Upgraded.
x/ibus-anthy-1.5.13-x86_64-1.txz: Upgraded.
xap/libnma-1.8.32-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-91.0.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.0.2/releasenotes/
xap/pavucontrol-5.0-x86_64-1.txz: Upgraded.
I wonder if any of the linux from scratch crowd (Nobby6?) has tried implementing glibc-2.34 and if perhaps its not as problematic a move as it might at first seem?
I upgraded glibc to 2.34 in my LFS system. It broke both firefox and falkon (qtwebengine) leaving me with only dillo and lynx for browsing. Both browsers would launch but not render anything. Since then, a fix has been found for both firefox and falkon (did the fix for FF - still need to patch and rebuild qtwebengine).
Also i couldn't build fuse2 - don't have a fix for that yet. Staying with 2.33 sounds prudent for Slack.
I upgraded glibc to 2.34 in my LFS system. It broke both firefox and falkon (qtwebengine) leaving me with only dillo and lynx for browsing. Both browsers would launch but not render anything. Since then, a fix has been found for both firefox and falkon (did the fix for FF - still need to patch and rebuild qtwebengine).
Also i couldn't build fuse2 - don't have a fix for that yet. Staying with 2.33 sounds prudent for Slack.
Sat Aug 21 18:57:13 UTC 2021
a/upower-0.99.13-x86_64-1.txz: Upgraded.
a/xfsprogs-5.13.0-x86_64-1.txz: Upgraded.
l/freetype-2.11.0-x86_64-2.txz: Rebuilt.
Restore quiet no-op rendering of bitmap glyphs.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.