LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 09-09-2019, 05:49 PM   #3691
USUARIONUEVO
Senior Member
 
Registered: Apr 2015
Posts: 1,228

Rep: Reputation: 390Reputation: 390Reputation: 390Reputation: 390

pygobject3-3.34.0
http://ftp.gnome.org/pub/gnome/sourc...-3.34.0.tar.xz
 
Old 09-09-2019, 06:12 PM   #3692
saxa
Member
 
Registered: Aug 2004
Distribution: Slackware
Posts: 468

Rep: Reputation: 50
dconf-0.34.0
https://download.gnome.org/sources/d...-0.34.0.tar.xz
 
Old 09-09-2019, 10:19 PM   #3693
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-14.2.1.2 on Lenovo Thinkpad W520
Posts: 8,957

Rep: Reputation: Disabled
Hello rufeo and welcome to this forum

Quote:
Originally Posted by rufeo View Post
You update it quite regularly (YAY!), one thing that bugs me is the deleting of each individual file and then their directories. Wouldn't "rm -rf /path/to/the/base/directory" work much faster?

I know that deleting each file and folder is part of a log, but that could be produced quicker with “ls /path/to/the/base/directory > deletelog.log”
Deleting the whole directory would indeed be faster, but the script removepkg needs to check that each file "candidate to deletion" be not also shipped in another package (yes, this happens), in which case it should not be deleted. Else you could end up with a broken system.

Further, today's SSD can handle file deletion without wearing too fast (mount them with the options noatime and nodiratime can help I think). There is also the option to use an f2fs file system that targets NAND flash drives, but Slackware version 14.2 is not ready for that.

Last edited by Didier Spaier; 09-09-2019 at 10:27 PM.
 
2 members found this post helpful.
Old 09-10-2019, 04:36 AM   #3694
saahriktu
Member
 
Registered: Nov 2017
Location: Stary Oskol, Russia
Distribution: Slackware
Posts: 36

Rep: Reputation: 17
It seems rare releases have a bad effect on the health of the distribution. This fact scares away many people who start to mistakenly thinking that the distribution is already dead. Frequent releases, of course, are also harmful. The time interval in two years between releases is very good. However, more than three years have passed since the last release...

Last edited by saahriktu; 09-10-2019 at 05:00 AM.
 
2 members found this post helpful.
Old 09-10-2019, 05:44 AM   #3695
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-14.2.1.2 on Lenovo Thinkpad W520
Posts: 8,957

Rep: Reputation: Disabled
Quote:
Originally Posted by Didier Spaier View Post
PS I just checked, atk is still versioned 2.33.3 in the tarball (in meson.build) and in atk.pc in the resulting package.
Fixed releasing atk-2.34.1
 
Old 09-10-2019, 09:32 AM   #3696
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 267

Rep: Reputation: 217Reputation: 217Reputation: 217
openssl-1.1.1d is released with security fix.
https://www.openssl.org/source/openssl-1.1.1d.tar.gz
https://www.openssl.org/source/opens....1d.tar.gz.asc

Quote:
Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]

o Fixed a fork protection issue (CVE-2019-1549)
o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
(CVE-2019-1563)
o For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters
o Compute ECC cofactors if not provided during EC_GROUP construction
(CVE-2019-1547)
o Early start up entropy quality from the DEVRANDOM seed source has been
improved for older Linux systems
o Correct the extended master secret constant on EBCDIC systems
o Use Windows installation paths in the mingw builds (CVE-2019-1552)
o Changed DH_check to accept parameters with order q and 2q subgroups
o Significantly reduce secure memory usage by the randomness pools
o Revert the DEVRANDOM_WAIT feature for Linux systems
 
3 members found this post helpful.
Old 09-10-2019, 05:31 PM   #3697
slalik
Member
 
Registered: Nov 2014
Location: Moscow, Russia
Distribution: Slackware
Posts: 171

Rep: Reputation: 122Reputation: 122
extra/google-chrome doesn't work with google-chrome 77.0.3865.75 because google-chrome-stable_current_amd64.deb contains control.tar.xz instead of control.tar.gz.
 
Old 09-11-2019, 01:22 AM   #3698
Thom1b
Member
 
Registered: Mar 2010
Location: France
Distribution: Slackware
Posts: 267

Rep: Reputation: 217Reputation: 217Reputation: 217
curl-7.66.0 is released with security fixes.
https://curl.haxx.se/download/curl-7.66.0.tar.xz
https://curl.haxx.se/download/curl-7.66.0.tar.xz.asc

Quote:
FTP-KRB double-free
===================

Project curl Security Advisory, September 11th 2019 -
[Permalink](https://curl.haxx.se/docs/CVE-2019-5481.html)

VULNERABILITY
-------------

libcurl can be told to use kerberos over FTP to a server, as set with the
`CURLOPT_KRBLEVEL` option.

During such kerberos FTP data transfer, the server sends data to curl in
blocks with the 32 bit size of each block first and then that amount of data
immediately following.

A malicious or just broken server can claim to send a very large block and if
by doing that it makes curl's subsequent call to `realloc()` to fail, curl
would then misbehave in the exit path and double-free the memory.

In practical terms, an up to 4 GB memory area may very well be fine to
allocate on a modern 64 bit system but on 32 bit systems it will fail.

Kerberos FTP is a rarely used protocol with curl. Also, Kerberos
authentication is usually only attempted and used with servers that the client
has a previous association with.

We are not aware of any exploit of this flaw.

INFO
----

This bug was introduced in November 2016 in [commit
0649433da53c7165f839e2](https://github.com/curl/curl/commit/...a53c7165f839e2).

The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CVE-2019-5481 to this issue.

CWE-415: Double Free

Severity: 6.3 (Medium)

AFFECTED VERSIONS
-----------------

- Affected versions: libcurl >= 7.52.0 to and including 7.65.3
- Not affected versions: libcurl < 7.52.0

libcurl is used by many applications, but not always advertised as such.

THE SOLUTION
------------

A [fix for CVE-2019-5481](https://github.com/curl/curl/commit/...664cea683254a5)

RECOMMENDATIONS
--------------

We suggest you take one of the following actions immediately, in order of
preference:

A - Upgrade curl to version 7.66.0

B - Apply the patch to your version and rebuild

C - do not use `CURLOPT_KRBLEVEL`
Quote:
TFTP small blocksize heap buffer overflow
=========================================

Project curl Security Advisory, September 11th 2019 -
[Permalink](https://curl.haxx.se/docs/CVE-2019-5482.html)

VULNERABILITY
-------------

libcurl contains a heap buffer overflow in the function
(`tftp_receive_packet()`) that receives data from a TFTP server. It can call
`recvfrom()` with the default size for the buffer rather than with the size
that was used to allocate it. Thus, the content that might overwrite the heap
memory is controlled by the server.

This flaw is only triggered if the TFTP server sends an OACK without the BLKSIZE
option, when a BLKSIZE smaller than 512 bytes was requested by the TFTP client.
OACK is a TFTP extension and is not used by all TFTP servers.

Users choosing a smaller block size than default should be rare as the primary
use case for changing the size is to make it larger.

It is rare for users to use TFTP across the Internet. It is most commonly used
within local networks. TFTP as a protocol is always inherently insecure.

This issue was introduced by the add of the TFTP BLKSIZE option handling. It
was previously incompletely fixed by an almost identical issue called
CVE-2019-5436.

We are not aware of any exploit of this flaw.

INFO
----

This bug was introduced in January 2009 in [commit
0516ce7786e9500c2e44](https://github.com/curl/curl/commit/...7786e9500c2e44).

The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CVE-2019-5482 to this issue.

CWE-122: Heap-based Buffer Overflow

Severity: 5.2 (Medium)

AFFECTED VERSIONS
-----------------

- Affected versions: libcurl >= 7.19.4 to and including 7.65.3
- Not affected versions: libcurl < 7.19.4

libcurl is used by many applications, but not always advertised as such.

THE SOLUTION
------------

A [fix for CVE-2019-5482](https://github.com/curl/curl/commit/...c6742ac5fafb3d)

RECOMMENDATIONS
--------------

We suggest you take one of the following actions immediately, in order of
preference:

A - Upgrade curl to version 7.66.0

B - Apply the patch to your version and rebuild

C - do not use TFTP with curl with smaller than the default BLKSIZE
 
3 members found this post helpful.
Old 09-11-2019, 05:44 PM   #3699
rufeo
LQ Newbie
 
Registered: Sep 2019
Posts: 2

Rep: Reputation: Disabled
Thanks, makes since...

Quote:
Originally Posted by Didier Spaier View Post
Hello rufeo and welcome to this forum

Deleting the whole directory would indeed be faster, but the script removepkg needs to check that each file "candidate to deletion" be not also shipped in another package (yes, this happens), in which case it should not be deleted. Else you could end up with a broken system.

Further, today's SSD can handle file deletion without wearing too fast (mount them with the options noatime and nodiratime can help I think). There is also the option to use an f2fs file system that targets NAND flash drives, but Slackware version 14.2 is not ready for that.
I did not think about files being dropped or lost in the update, verification is a good thing!
Thanks for the information on NAND / SSD stuff!
 
Old 09-12-2019, 12:42 AM   #3701
fpetrucio
LQ Newbie
 
Registered: Aug 2019
Location: Aracaju, Sergipe - Brazil
Distribution: Slackware
Posts: 6

Rep: Reputation: Disabled
Quote:
Originally Posted by rufeo View Post
First and foremost: THANK YOU very much for all the work everyone does to keep Slackware alive and up to date!!!

I have a questions.

I have been using the 14.2 -current for a while and have conquered many obstacles Slackware presents.

You update it quite regularly (YAY!), one thing that bugs me is the deleting of each individual file and then their directories. Wouldn't "rm -rf /path/to/the/base/directory" work much faster?

I know that deleting each file and folder is part of a log, but that could be produced quicker with “ls /path/to/the/base/directory > deletelog.log”

I am giving basic concepts, I’m sure there a better and faster ways of doing things, I’m just hoping for the possible of speed up the delete process.

Also, I use a variety of nand / flash based devices (SSD, CF & USB) and the deleting of each files and directory every time I update Slackware causes me to cringe… as we know deleting causes the most wear on flash technology. Slackware does not seem to SSD friendly.

Wear & tear are my real concerns, speeding up the process would be nice…

Thanks Again,
Rufeo
Hi, Rufeo. Glad to know about your achievements with Slackware. Now, about your question on disk writing, if that seems to be an issue for you, I recommend to stick with Stable 14.2 for some more months until the awaited day (R) come . Then upgrade to 15. Best of the two wolrds: after the release, 15 ~= current. then you can install from current a few packages you really want more up to date if any.
 
Old 09-12-2019, 02:08 PM   #3702
saahriktu
Member
 
Registered: Nov 2017
Location: Stary Oskol, Russia
Distribution: Slackware
Posts: 36

Rep: Reputation: 17
bison 3.4.2
http://ftp.gnu.org/gnu/bison/bison-3.4.2.tar.xz
 
1 members found this post helpful.
Old 09-13-2019, 11:28 AM   #3703
orbea
Senior Member
 
Registered: Feb 2015
Distribution: Slackware64-current
Posts: 1,744

Rep: Reputation: Disabled
Please apply this patch to meson, it fixes "meson configure" with at least some projects which is equivalent to "./configure --help".

Code:
From 635aa739c74f5a8b7d8daebd054fe237ac055655 Mon Sep 17 00:00:00 2001
From: Daniel Mensinger <daniel@mensinger-ka.de>
Date: Fri, 13 Sep 2019 12:23:06 +0200
Subject: [PATCH] mconf: Fix meson configure crash (fixes #5909)

---
 mesonbuild/mconf.py | 4 ++--
 run_unittests.py    | 4 ++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/mesonbuild/mconf.py b/mesonbuild/mconf.py
index cac9d61ce4..4f8014014d 100644
--- a/mesonbuild/mconf.py
+++ b/mesonbuild/mconf.py
@@ -181,7 +181,7 @@ def print_default_values_warning():
         core_options = {k: o for k, o in self.coredata.builtins.items() if k in core_option_names}
 
         self.print_options('Core options', core_options)
-        if self.build.environment.is_cross_build():
+        if self.default_values_only or self.build.environment.is_cross_build():
             self.print_options('Core options (for host machine)', self.coredata.builtins_per_machine.host)
             self.print_options(
                 'Core options (for build machine)',
@@ -190,7 +190,7 @@ def print_default_values_warning():
             self.print_options('Core options', self.coredata.builtins_per_machine.host)
         self.print_options('Backend options', self.coredata.backend_options)
         self.print_options('Base options', self.coredata.base_options)
-        if self.build.environment.is_cross_build():
+        if self.default_values_only or self.build.environment.is_cross_build():
             self.print_options('Compiler options (for host machine)', self.coredata.compiler_options.host)
             self.print_options(
                 'Compiler options (for build machine)',
diff --git a/run_unittests.py b/run_unittests.py
index f06be23aef..8cc9811482 100755
--- a/run_unittests.py
+++ b/run_unittests.py
@@ -3624,6 +3624,10 @@ def test_introspect_buildoptions_without_configured_build(self):
         self.maxDiff = None
         self.assertListEqual(res_nb, res_wb)
 
+    def test_meson_configure_from_source_does_not_crash(self):
+        testdir = os.path.join(self.unit_test_dir, '59 introspect buildoptions')
+        self._run(self.mconf_command + [testdir])
+
     def test_introspect_json_dump(self):
         testdir = os.path.join(self.unit_test_dir, '57 introspection')
         self.init(testdir)
Please see these links for more information.

https://github.com/mesonbuild/meson/pull/5921
https://github.com/mesonbuild/meson/issues/5909
 
1 members found this post helpful.
Old 09-13-2019, 12:17 PM   #3704
saahriktu
Member
 
Registered: Nov 2017
Location: Stary Oskol, Russia
Distribution: Slackware
Posts: 36

Rep: Reputation: 17
pulseaudio 13.0
http://freedesktop.org/software/puls...io-13.0.tar.xz
https://www.freedesktop.org/wiki/Sof...io/Notes/13.0/

Last edited by saahriktu; 09-13-2019 at 12:19 PM.
 
Old 09-15-2019, 04:29 AM   #3705
saahriktu
Member
 
Registered: Nov 2017
Location: Stary Oskol, Russia
Distribution: Slackware
Posts: 36

Rep: Reputation: 17
bc-2.1.3
https://github.com/gavinhoward/bc/ar...c-2.1.3.tar.gz
Code:
--- bc.SlackBuild.orig	2019-04-03 23:37:34.000000000 +0300
+++ bc.SlackBuild	2019-09-15 12:20:04.224874358 +0300
@@ -23,7 +23,7 @@
 
 PKGNAM=bc
 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-1}
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
@@ -51,13 +51,13 @@
 mkdir -p $TMP $PKG
 
 if [ "$ARCH" = "i586" ]; then
-  SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+  SLKCFLAGS="-O2 -march=i586 -mtune=i686 -std=c99"
 elif [ "$ARCH" = "s390" ]; then
-  SLKCFLAGS="-O2"
+  SLKCFLAGS="-O2 -std=c99"
 elif [ "$ARCH" = "x86_64" ]; then
-  SLKCFLAGS="-O2 -fPIC"
+  SLKCFLAGS="-O2 -fPIC -std=c99"
 else
-  SLKCFLAGS="-O2"
+  SLKCFLAGS="-O2 -std=c99"
 fi
 
 cd $TMP
@@ -74,16 +74,7 @@
   -exec chmod 644 {} \;
 
 # Configure:
-CFLAGS="$SLKCFLAGS" \
-./configure \
-  --prefix=/usr \
-  --sysconfdir=/etc \
-  --mandir=/usr/man \
-  --infodir=/usr/info \
-  --with-readline \
-  --program-prefix= \
-  --program-suffix= \
-  --build=$ARCH-slackware-linux || exit 1
+PREFIX=/usr CC=gcc CFLAGS="$SLKCFLAGS" ./configure.sh
 
 # Build and install:
 make $NUMJOBS || make || exit 1
kbd-2.2.0
https://www.kernel.org/pub/linux/uti...d-2.2.0.tar.xz

psmisc-23.2
https://sourceforge.net/projects/psm...sc-23.2.tar.xz
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Requests for -current (20151216) rworkman Slackware 3441 12-28-2017 03:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 12:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration