[SOLVED] WARNING! DO NOT APPLY the batch Sat Dec 17 21:14:11 UTC 2022 unless you have applied previously all updates. Conflict: XZ vs. aaa_libraries
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
stop screaming
works fine here. liblzma.so.5 is installed
I do NOT scream, buddy! I never scream. It's a warning for others.
BTW, did you did you did the last 2 updates in a batch?
I talk about this
Code:
Sat Dec 17 21:14:11 UTC 2022
a/xz-5.4.0-x86_64-1.txz: Upgraded.
l/harfbuzz-6.0.0-x86_64-1.txz: Upgraded.
l/libmpc-1.3.1-x86_64-1.txz: Upgraded.
n/NetworkManager-1.40.8-x86_64-1.txz: Upgraded.
n/samba-4.17.4-x86_64-1.txz: Upgraded.
This update fixes security issues:
This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of
Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac session keys for
use between modern clients and servers despite all modern Kerberos
implementations supporting the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members
'kerberos encryption types = legacy'
would force rc4-hmac as a client even if the server supports
aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
This is the Samba CVE for the Windows Kerberos Elevation of Privilege
Vulnerability disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained delegation permission
could forge a more powerful ticket than the one it was presented with.
The "RC4" protection of the NetLogon Secure channel uses the same
algorithms as rc4-hmac cryptography in Kerberos, and so must also be
assumed to be weak.
Note that there are several important behavior changes included in this
release, which may cause compatibility problems interacting with system
still expecting the former behavior.
Please read the advisories of CVE-2022-37966, CVE-2022-37967 and
CVE-2022-38023 carefully!
For more information, see:
https://www.samba.org/samba/security/CVE-2022-37966.html
https://www.samba.org/samba/security/CVE-2022-37967.html
https://www.samba.org/samba/security/CVE-2022-38023.html
https://www.cve.org/CVERecord?id=CVE-2022-37966
https://www.cve.org/CVERecord?id=CVE-2022-37967
https://www.cve.org/CVERecord?id=CVE-2022-38023
(* Security fix *)
xfce/exo-4.18.0-x86_64-1.txz: Upgraded.
xfce/garcon-4.18.0-x86_64-1.txz: Upgraded.
xfce/libxfce4ui-4.18.0-x86_64-1.txz: Upgraded.
xfce/libxfce4util-4.18.0-x86_64-1.txz: Upgraded.
xfce/thunar-4.18.0-x86_64-1.txz: Upgraded.
xfce/thunar-volman-4.18.0-x86_64-1.txz: Upgraded.
xfce/tumbler-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-appfinder-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-dev-tools-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-notifyd-0.6.5-x86_64-1.txz: Upgraded.
xfce/xfce4-panel-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-power-manager-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-session-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-settings-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-weather-plugin-0.11.0-x86_64-1.txz: Upgraded.
xfce/xfconf-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfdesktop-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfwm4-4.18.0-x86_64-1.txz: Upgraded.
+--------------------------+
Sat Dec 17 02:40:06 UTC 2022
a/aaa_libraries-15.1-x86_64-14.txz: Rebuilt.
Upgraded: liblzma.so.5.2.9, libpcre2-8.so.0.11.2, libglib-2.0.so.0.7400.3,
libgmodule-2.0.so.0.7400.3, libpng16.so.16.39.0.
Removed: libFLAC++.so.6.3.0, libFLAC.so.8.3.0, libicudata.so.71.1,
libicui18n.so.71.1, libicuio.so.71.1, libicutest.so.71.1, libicutu.so.71.1,
libicuuc.so.71.1, libjasper.so.6.0.0.
Added: libboost_atomic.so.1.80.0, libboost_chrono.so.1.80.0,
libboost_container.so.1.80.0, libboost_context.so.1.80.0,
libboost_contract.so.1.80.0, libboost_coroutine.so.1.80.0,
libboost_date_time.so.1.80.0, libboost_fiber.so.1.80.0,
libboost_filesystem.so.1.80.0, libboost_graph.so.1.80.0,
libboost_iostreams.so.1.80.0, libboost_json.so.1.80.0,
libboost_locale.so.1.80.0, libboost_log.so.1.80.0,
libboost_log_setup.so.1.80.0, libboost_math_c99.so.1.80.0,
libboost_math_c99f.so.1.80.0, libboost_math_c99l.so.1.80.0,
libboost_math_tr1.so.1.80.0, libboost_math_tr1f.so.1.80.0,
libboost_math_tr1l.so.1.80.0, libboost_nowide.so.1.80.0,
libboost_prg_exec_monitor.so.1.80.0, libboost_program_options.so.1.80.0,
libboost_python27.so.1.80.0, libboost_python39.so.1.80.0,
libboost_random.so.1.80.0, libboost_regex.so.1.80.0,
libboost_serialization.so.1.80.0, libboost_stacktrace_addr2line.so.1.80.0,
libboost_stacktrace_basic.so.1.80.0, libboost_stacktrace_noop.so.1.80.0,
libboost_system.so.1.80.0, libboost_thread.so.1.80.0,
libboost_timer.so.1.80.0, libboost_type_erasure.so.1.80.0,
libboost_unit_test_framework.so.1.80.0, libboost_wave.so.1.80.0,
libboost_wserialization.so.1.80.0.
ap/pamixer-1.5-x86_64-5.txz: Rebuilt.
Recompiled against boost-1.81.0.
kde/kig-22.12.0-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.81.0.
kde/kopeninghours-22.12.0-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.81.0.
kde/krita-5.1.4-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.81.0.
l/boost-1.81.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/cryfs-0.10.3-x86_64-7.txz: Rebuilt.
Recompiled against boost-1.81.0.
x/fcitx5-chinese-addons-5.0.16-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.81.0.
x/libime-1.0.16-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.81.0.
xap/mozilla-firefox-108.0.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/108.0.1/releasenotes/
xfce/elementary-xfce-0.17-x86_64-1.txz: Upgraded.
aaa_libraries-15.1-x86_64-14.txz still contains liblzma.so.5.2.9. I assume that, when you install/upgrade this package AFTER xz-5.4.0, the /lib64/liblzma.so.5 symlink (pointing to liblzma.so.5.4.0 after the upgrade of xz) is replaced by a link to the old version?
If i'm right, this should repair the link (and xz):
Code:
/sbin/ldconfig -l /lib64/liblzma.so.5.4.0
Last edited by Markus Wiesner; 12-17-2022 at 05:33 PM.
Distribution: VM Host: Slackware-current, VM Guests: Artix, Venom, antiX, Gentoo, FreeBSD, OpenBSD, OpenIndiana
Posts: 1,008
Rep:
Quote:
Originally Posted by LuckyCyborg
I do NOT scream, buddy! I never scream. It's a warning for others.
BTW, did you did you did the last 2 updates in a batch?
I talk about this
Code:
Sat Dec 17 21:14:11 UTC 2022
a/xz-5.4.0-x86_64-1.txz: Upgraded.
l/harfbuzz-6.0.0-x86_64-1.txz: Upgraded.
l/libmpc-1.3.1-x86_64-1.txz: Upgraded.
n/NetworkManager-1.40.8-x86_64-1.txz: Upgraded.
n/samba-4.17.4-x86_64-1.txz: Upgraded.
This update fixes security issues:
This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of
Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac session keys for
use between modern clients and servers despite all modern Kerberos
implementations supporting the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members
'kerberos encryption types = legacy'
would force rc4-hmac as a client even if the server supports
aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
This is the Samba CVE for the Windows Kerberos Elevation of Privilege
Vulnerability disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained delegation permission
could forge a more powerful ticket than the one it was presented with.
The "RC4" protection of the NetLogon Secure channel uses the same
algorithms as rc4-hmac cryptography in Kerberos, and so must also be
assumed to be weak.
Note that there are several important behavior changes included in this
release, which may cause compatibility problems interacting with system
still expecting the former behavior.
Please read the advisories of CVE-2022-37966, CVE-2022-37967 and
CVE-2022-38023 carefully!
For more information, see:
https://www.samba.org/samba/security/CVE-2022-37966.html
https://www.samba.org/samba/security/CVE-2022-37967.html
https://www.samba.org/samba/security/CVE-2022-38023.html
https://www.cve.org/CVERecord?id=CVE-2022-37966
https://www.cve.org/CVERecord?id=CVE-2022-37967
https://www.cve.org/CVERecord?id=CVE-2022-38023
(* Security fix *)
xfce/exo-4.18.0-x86_64-1.txz: Upgraded.
xfce/garcon-4.18.0-x86_64-1.txz: Upgraded.
xfce/libxfce4ui-4.18.0-x86_64-1.txz: Upgraded.
xfce/libxfce4util-4.18.0-x86_64-1.txz: Upgraded.
xfce/thunar-4.18.0-x86_64-1.txz: Upgraded.
xfce/thunar-volman-4.18.0-x86_64-1.txz: Upgraded.
xfce/tumbler-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-appfinder-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-dev-tools-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-notifyd-0.6.5-x86_64-1.txz: Upgraded.
xfce/xfce4-panel-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-power-manager-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-session-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-settings-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-weather-plugin-0.11.0-x86_64-1.txz: Upgraded.
xfce/xfconf-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfdesktop-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfwm4-4.18.0-x86_64-1.txz: Upgraded.
+--------------------------+
Sat Dec 17 02:40:06 UTC 2022
a/aaa_libraries-15.1-x86_64-14.txz: Rebuilt.
Upgraded: liblzma.so.5.2.9, libpcre2-8.so.0.11.2, libglib-2.0.so.0.7400.3,
libgmodule-2.0.so.0.7400.3, libpng16.so.16.39.0.
Removed: libFLAC++.so.6.3.0, libFLAC.so.8.3.0, libicudata.so.71.1,
libicui18n.so.71.1, libicuio.so.71.1, libicutest.so.71.1, libicutu.so.71.1,
libicuuc.so.71.1, libjasper.so.6.0.0.
Added: libboost_atomic.so.1.80.0, libboost_chrono.so.1.80.0,
libboost_container.so.1.80.0, libboost_context.so.1.80.0,
libboost_contract.so.1.80.0, libboost_coroutine.so.1.80.0,
libboost_date_time.so.1.80.0, libboost_fiber.so.1.80.0,
libboost_filesystem.so.1.80.0, libboost_graph.so.1.80.0,
libboost_iostreams.so.1.80.0, libboost_json.so.1.80.0,
libboost_locale.so.1.80.0, libboost_log.so.1.80.0,
libboost_log_setup.so.1.80.0, libboost_math_c99.so.1.80.0,
libboost_math_c99f.so.1.80.0, libboost_math_c99l.so.1.80.0,
libboost_math_tr1.so.1.80.0, libboost_math_tr1f.so.1.80.0,
libboost_math_tr1l.so.1.80.0, libboost_nowide.so.1.80.0,
libboost_prg_exec_monitor.so.1.80.0, libboost_program_options.so.1.80.0,
libboost_python27.so.1.80.0, libboost_python39.so.1.80.0,
libboost_random.so.1.80.0, libboost_regex.so.1.80.0,
libboost_serialization.so.1.80.0, libboost_stacktrace_addr2line.so.1.80.0,
libboost_stacktrace_basic.so.1.80.0, libboost_stacktrace_noop.so.1.80.0,
libboost_system.so.1.80.0, libboost_thread.so.1.80.0,
libboost_timer.so.1.80.0, libboost_type_erasure.so.1.80.0,
libboost_unit_test_framework.so.1.80.0, libboost_wave.so.1.80.0,
libboost_wserialization.so.1.80.0.
ap/pamixer-1.5-x86_64-5.txz: Rebuilt.
Recompiled against boost-1.81.0.
kde/kig-22.12.0-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.81.0.
kde/kopeninghours-22.12.0-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.81.0.
kde/krita-5.1.4-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.81.0.
l/boost-1.81.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/cryfs-0.10.3-x86_64-7.txz: Rebuilt.
Recompiled against boost-1.81.0.
x/fcitx5-chinese-addons-5.0.16-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.81.0.
x/libime-1.0.16-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.81.0.
xap/mozilla-firefox-108.0.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/108.0.1/releasenotes/
xfce/elementary-xfce-0.17-x86_64-1.txz: Upgraded.
aaa_libraries-15.1-x86_64-14.txz still contains liblzma.so.5.2.9. I assume that, when you install/upgrade this package AFTER xz-5.4.0, the /lib64/liblzma.so.5 symlink (pointing to liblzma.so.5.4.0 after the upgrade of xz) is replaced by a link to the old version?
If i'm right, this should repair the link (and xz):
Code:
/sbin/ldconfig -l /lib64/liblzma.so.5.4.0
Well, I for one I've fixed already (just before posting) that symlink manually, with "ln -sf" , BUT I can confirm that that is the root issue.
However, I believe that a fix should be issued ASAP, before people to broke theirs systems and their packages database.
Because, there are many who does not follow daily the updates, because of lack of time or interest. Even I can't follow always daily the updates.
And this event made me believe that upgradepkg should check the incoming package's consistency before renaming the /var/log/packages files. Because this conflict between XZ and aaa_libraries makes upgradepkg to rename those files and bail out, the user ending with a broken database.
Last edited by LuckyCyborg; 12-17-2022 at 05:46 PM.
# Let's attempt to activate these libraries as they might be needed by various
# install scripts early on. We used to package symlinks in the normal way, and
# it's possible that would be fine too, but there must(?) have been a reason
# that we quit doing that...
cat var/lib/pkgtools/packages/aaa_libraries* 2> /dev/null | grep -e "^lib" -e "/lib" | grep -v "/$" | while read file ; do
if [ -r "$file" ]; then
ldconfig -l "$file" 1> /dev/null 2> /dev/null
fi
done
Probably it would be safer NOT to use ldconfig -l and instead just update the whole directory with e.g.
Code:
cat var/lib/pkgtools/packages/aaa_libraries* 2> /dev/null | grep -e "^lib" -e "/lib" | grep "/$" | while read dir ; do
if [ -d "$dir" ]; then
ldconfig -n "$dir" 1> /dev/null 2> /dev/null
fi
done
to prevent problems in case another future update misses updating a file? Or could that lead to other problems as it also updates links for libraries that are NOT part of aaa_libraries? ldconfig -n picks the higher version number when multiple libraries provide the same major version.
Quote:
We used to package symlinks in the normal way, and
it's possible that would be fine too, but there must(?) have been a reason
that we quit doing that...
Maybe this problem was the reason? But ldconfig -l does not solve it either as it also changes the symlink to the older version.
Excuse my ignorance, BUT from what I understand, a program linked against /lib64/liblzma.so.5.2.9 will find it even there /lib64/liblzma.so.5 symlink points to another library, right?
So, how about this logic: if there is a valid symlink and it points to a valid target (i.e. /lib64/liblzma.so.5.4.0 ), then do not touch it?
However, I do not know how could be calculated the symlink name in a Bash script...
Last edited by LuckyCyborg; 12-17-2022 at 07:09 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
