slackware64 14.2 backports (slackbuild and source)
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
slackware64 14.2 backports (slackbuild and source)
# Copyright 2006, 2007, 2009, 2010, 2011, 2015, 2017, 2018 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# never say anything negative about Barry White's songs.
No, ncurses-6.4 is not a security update. The CVE is patched in a later daily snapshot.
Furthermore, the vulnerability only exists when an ncurses-linked binary is setuid or setguid, which I do not believe Slackware has done in many years.
The real vulnerability is not the ncurses library. It's making something linked to it setuid.
cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
slack-desc
Quote:
# HOW TO EDIT THIS FILE:
# The "handy ruler" below makes it easier to edit a package description.
# Line up the first '|' above the ':' following the base package name, and
# the '|' on the right side marks the last column you can put a character in.
# You must make exactly 11 lines for the formatting to be correct. It's also
# customary to leave one space after the ':' except on otherwise blank lines.
Wed Feb 7 20:07:29 UTC 2024
patches/packages/expat-2.6.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Fix quadratic runtime issues with big tokens that can cause
denial of service.
Fix billion laughs attacks for users compiling *without* XML_DTD
defined (which is not common).
For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-52425 https://www.cve.org/CVERecord?id=CVE-2023-52426
(* Security fix *)
+--------------------------+
Sun Feb 4 19:37:40 UTC 2024
patches/packages/libxml2-2.11.7-x86_64-1_slack15.0.txz: Upgraded.
Fix the following security issue:
xmlreader: Don't expand XIncludes when backtracking.
For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-25062
(* Security fix *)
14.2 is considered EOL, so you need to backport those patches by yourself or upgrade your machine to 15.0
IS 14.2 EOL? I understood Pat would continue to support the current release (15.0), plus the last version (14.2), while working on current development? When was the announcement that only the current release would be supported?
In fact a few critical security updates for 14.2 have been some in the past year. Although a few more would be appreciated, by us folks on older hardware that just keeps on kicking.
This information would be helpful in deciding if this machine continues on Slackware or move to a BSD where systemD and a lot of other silly Linux ideas aren't being implemented, thank you Pat for keeping Slackware pure! I happen to like my FVWM desktop a lot. I also like Slackware a lot. But I was hoping to run 14.2 and receive security updates until 15.1 is released. Is that thinking in error?
Wed Jan 3 20:25:45 UTC 2024
####################################################################
# EOL (END OF LIFE) NOTICE FOR OLD SLACKWARE VERSIONS #
# #
# Effective January 1, 2024, security patches will no longer be #
# provided for the following versions of Slackware (which will all #
# be more than 7 years old at that time): #
# Slackware 14.0, Slackware 14.1, Slackware 14.2. #
# If you are still running these versions you should consider #
# migrating to a newer version (preferably as recent as possible). #
# Alternately, you may make arrangements to handle your own #
# security patches. #
####################################################################
+--------------------------+
-- Found PkgConfig: /usr/bin/pkg-config (found version "0.29.2")
-- Found ZLIB: /usr/lib64/libz.so (found version "1.2.13")
-- Your system seems to have a Z lib available, we will use it to generate PNG lib
-- Found PNG: /usr/lib64/libpng.so (found version "1.6.40")
-- Your system seems to have a PNG lib available, we will use it
-- Found TIFF: /usr/lib64/libtiff.so (found version "4.4.0")
-- Your system seems to have a TIFF lib available, we will use it
-- Found LCMS2: /usr/lib64/liblcms2.so
-- Your system seems to have a LCMS2 lib available, we will use it
-- Could NOT find Java (missing: Java_JAVA_EXECUTABLE Java_JAVAC_EXECUTABLE Java_JAR_EXECUTABLE Java_JAVADOC_EXECUTABLE Java_JAVAH_EXECUTABLE Development) (Required is at least version "1.8")
I’m not very in love with JAVA, but made as you like
Since I run slackware64-14.2 and have usually received both the "stable" and 14.2 change-log notices from the auto mailer you should be aware this notice was not received. I've experienced this glitch twice before in the past year, ex. a slackpkg update shows available updates but the mailer system hasn't sent a notice of them available, only the 15.0 updates.
Additionally, slackware.com/change-logs are published only 15.0 and current, and there are no notices of this EOL for the older versions on that date in those change-logs. Neither is the notice in the security notices. Has Pat or the crew ever considered listing on the change-log page a notice of "Support is still available for x,y,z versions"? Or was the decision to allow Wikipedia to handle the release support information?
Since the topic is about security, i.e. no security updates will be provided for these older versions, maybe all of subscribers of the security mailing list could receive the notice again? Or perhaps it should have gone out on the announce mailing list, which hasn't seen activity since 2022?
Just my thoughts. I do appreciate the information, although I'm disappointed that the 14.2 version is now EOL, which isn't the pattern for older version during the past decade. I know the struggle to keep so many versions can be a huge amount of work, so I understand that Pat and the team have to decide what can still be easily back-ported and focus on current so we don't have a 15.1 release seven years after 15.0.
That 14.x was to be EOL January 1st was announced in the changelog on October 9, 2023
And if I remember correctly, someone posted this info on here as well.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
