mirror of
git://slackware.nl/current.git
synced 2025-02-15 08:50:09 +01:00
![]() a/openssl11-solibs-1.1.1zb_p2-x86_64-1.txz: Upgraded. a/pkgtools-15.1-noarch-28.txz: Rebuilt. removepkg: when using --verbose, don't remove files in parallel because it causes occasional screen corruption. This change only affects --verbose, and actually hardly slows that down. ap/qpdf-11.10.0-x86_64-1.txz: Upgraded. ap/vim-9.1.1094-x86_64-1.txz: Upgraded. d/cbindgen-0.28.0-x86_64-1.txz: Upgraded. d/python-pip-25.0.1-x86_64-1.txz: Upgraded. d/rust-bindgen-0.71.1-x86_64-1.txz: Upgraded. l/SDL2-2.32.0-x86_64-1.txz: Upgraded. l/gegl-0.4.54-x86_64-1.txz: Upgraded. l/libffi-3.4.7-x86_64-1.txz: Upgraded. l/liboggz-1.1.2-x86_64-1.txz: Upgraded. n/openssl11-1.1.1zb_p2-x86_64-1.txz: Upgraded. Apply patch to fix a low severity security issue: Fix timing side-channel in ECDSA signature computation. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. This CVE was fixed by the second 1.1.1zb release that is only available to subscribers to OpenSSL's premium extended support. The patch was prepared by backporting from the OpenSSL-3.0 repo. Thanks to Ken Zalewski for the patch! For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-13176 (* Security fix *) xap/vim-gvim-9.1.1094-x86_64-1.txz: Upgraded. xfce/xfce4-settings-4.20.1-x86_64-1.txz: Upgraded. |
||
---|---|---|
.. | ||
a | ||
ap | ||
d | ||
e | ||
f | ||
installer | ||
k | ||
kde | ||
l | ||
n | ||
t | ||
tcl | ||
x | ||
xap | ||
xfce | ||
y | ||
buildlist-from-changelog.sh | ||
make_world.sh | ||
README.TXT |
This is the source used for Slackware. To look for a particular bit of source (let's say for 'cp'), first you would look for the full path: fuzzy:~# which cp /bin/cp Then, you grep for the package it came from. Note that the leading '/' is removed, and ^ and $ mark the beginning and end of the pattern to match: fuzzy:~# grep ^bin/cp$ /var/lib/pkgtools/packages/* /var/lib/pkgtools/packages/coreutils-9.0-x86_64-3:bin/cp From this, you can see that 'cp' came from the coreutils-9.0-x86_64-3 package. The source will be found in a corresponding subdirectory. In this case, that would be ./a/coreutils/. All of these packages have scripts that extract, patch, and compile the source automatically. These are the 'SlackBuild' scripts. Have fun! --- Patrick J. Volkerding volkerdi@slackware.com