mirror of
git://slackware.nl/current.git
synced 2024-12-27 09:59:16 +01:00
8b19227b58
a/bcachefs-tools-1.7.0-x86_64-1.txz: Added.
a/kernel-generic-6.9.0-x86_64-2.txz: Upgraded.
a/kernel-huge-6.9.0-x86_64-2.txz: Upgraded.
a/kernel-modules-6.9.0-x86_64-2.txz: Upgraded.
d/git-2.45.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
Recursive clones on case-insensitive filesystems that support symbolic
links are susceptible to case confusion that can be exploited to
execute just-cloned code during the clone operation.
Repositories can be configured to execute arbitrary code during local
clones. To address this, the ownership checks introduced in v2.30.3
are now extended to cover cloning local repositories.
Local clones may end up hardlinking files into the target repository's
object database when source and target repository reside on the same
disk. If the source repository is owned by a different user, then
those hardlinked files may be rewritten at any point in time by the
untrusted user.
When cloning a local source repository that contains symlinks via the
filesystem, Git may create hardlinks to arbitrary user-readable files
on the same filesystem as the target repository in the objects/
directory.
It is supposed to be safe to clone untrusted repositories, even those
unpacked from zip archives or tarballs originating from untrusted
sources, but Git can be tricked to run arbitrary code as part of the
clone.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32002
https://www.cve.org/CVERecord?id=CVE-2024-32004
https://www.cve.org/CVERecord?id=CVE-2024-32020
https://www.cve.org/CVERecord?id=CVE-2024-32021
https://www.cve.org/CVERecord?id=CVE-2024-32465
(* Security fix *)
d/kernel-headers-6.9.0-x86-2.txz: Upgraded.
d/strace-6.9-x86_64-1.txz: Upgraded.
k/kernel-source-6.9.0-noarch-2.txz: Upgraded.
BCACHEFS_FS m -> y
CRYPTO_CHACHA20 m -> y
CRYPTO_LIB_CHACHA_GENERIC m -> y
CRYPTO_LIB_POLY1305_GENERIC m -> y
CRYPTO_POLY1305 m -> y
MITIGATION_GDS_FORCE y -> n
kde/wcslib-8.3-x86_64-1.txz: Upgraded.
l/gdk-pixbuf2-2.42.12-x86_64-1.txz: Upgraded.
ani: Reject files with multiple INA or IART chunks.
ani: Reject files with multiple anih chunks.
ani: validate chunk size.
Thanks to 0xvhp, pedrib, and Benjamin Gilbert.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-48622
(* Security fix *)
l/gtk+3-3.24.42-x86_64-1.txz: Upgraded.
n/bind-9.18.27-x86_64-1.txz: Upgraded.
This is a bugfix release.
n/popa3d-1.0.3-x86_64-8.txz: Rebuilt.
This is a bugfix release:
Build with AUTH_PAM, not AUTH_SHADOW.
Thanks to jayjwa.
x/xorg-server-xwayland-23.2.7-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
163 lines
9.8 KiB
Bash
163 lines
9.8 KiB
Bash
#!/bin/sh
|
|
#item ####description ###on off ###
|
|
TMP=/var/log/setup/tmp
|
|
if [ ! -d $TMP ]; then
|
|
mkdir -p $TMP
|
|
fi
|
|
cat /dev/null > $TMP/SeTnewtag
|
|
dialog --title "SELECTING PACKAGES FROM SERIES A (BASE LINUX SYSTEM)" \
|
|
--checklist "Please confirm the packages you wish to install \
|
|
from series A. Use the UP/DOWN keys to scroll through the list, and \
|
|
the SPACE key to deselect any packages don't want installed. You are \
|
|
cautioned against unselecting REQUIRED packages. However, it's your \
|
|
system. :^) Press ENTER when you are done." 21 76 10 \
|
|
"aaa_base" "Basic filesystem, shell, and utils - REQUIRED" "on" \
|
|
"aaa_glibc-solibs" "Runtime glibc support libraries - REQUIRED" "on" \
|
|
"aaa_libraries" "Various shared libraries -- REQUIRED" "on" \
|
|
"aaa_terminfo" "A subset of the terminfo database from ncurses" "on" \
|
|
"acl" "POSIX Access Control List tools -- REQUIRED" "on" \
|
|
"acpid" "ACPI Power Management daemon" "on" \
|
|
"attr" "Tools for fs extended attributes -- REQUIRED" "on" \
|
|
"bash" "GNU bash shell - REQUIRED" "on" \
|
|
"bcachefs-tools" "tools for bcachefs filesystem" "on" \
|
|
"bin" "Various system utilities - REQUIRED" "on" \
|
|
"btrfs-progs" "Utilities for btrfs filesystems" "on" \
|
|
"bzip2" "bzip2 compression utility" "on" \
|
|
"coreutils" "The core GNU command-line utilities - REQUIRED" "on" \
|
|
"cpio" "The GNU cpio backup/archiving utility" "on" \
|
|
"cpufrequtils" "Kernel CPUfreq utilities" "on" \
|
|
"cracklib" "Password checking library - REQUIRED" "on" \
|
|
"cryptsetup" "Utilities for encrypting partitions" "on" \
|
|
"dbus" "D-Bus message bus system" "on" \
|
|
"dcron" "Cron daemon - REQUIRED" "on" \
|
|
"devs" "Device files found in /dev - REQUIRED" "on" \
|
|
"dialog" "The program that generates these menus :-)" "on" \
|
|
"dosfstools" "Tools for working with FAT filesystems" "on" \
|
|
"e2fsprogs" "Utilities for ext2/3/4 filesystems - REQUIRED" "on" \
|
|
"ed" "A clone of the old, original UN*X line editor" "on" \
|
|
"efibootmgr" "Tool to modify UEFI boot entries" "on" \
|
|
"efivar" "Library and tools to handle UEFI variables" "on" \
|
|
"elilo" "Linux Loader for EFI-based platforms" "on" \
|
|
"elogind" "logind extracted from systemd" "on" \
|
|
"elvis" "elvis text editor (ex/vi clone)" "on" \
|
|
"etc" "System config files & utilities - REQUIRED" "on" \
|
|
"eudev" "Manages /dev and modules - REQUIRED" "on" \
|
|
"exfatprogs" "exFAT filesystem utilities" "on" \
|
|
"f2fs-tools" "Flash-Friendly File System" "on" \
|
|
"file" "Determines what file format data is in" "on" \
|
|
"findutils" "GNU file finding utilities" "on" \
|
|
"floppy" "Utilities for using DOS floppies" "on" \
|
|
"gawk" "GNU awk pattern scanning language" "on" \
|
|
"gettext" "Programs used to internationalize scripts" "on" \
|
|
"glibc-zoneinfo" "Configures your time zone" "on" \
|
|
"gpm" "Cut and paste text with your mouse" "on" \
|
|
"gptfdisk" "GPT fdisk utilities" "on" \
|
|
"grep" "GNU grep searching tool - REQUIRED" "on" \
|
|
"grub" "GNU GRUB, the GRand Unified Bootloader" "on" \
|
|
"gzip" "GNU zip compression utility - REQUIRED" "on" \
|
|
"haveged" "A simple entropy daemon" "on" \
|
|
"hdparm" "Get/Set IDE hard drive parameters" "on" \
|
|
"hostname" "Linux hostname utility - REQUIRED" "on" \
|
|
"hwdata" "Hardware identification and config data" "on" \
|
|
"infozip" "zip/unzip archive utilities" "on" \
|
|
"inih" "INI Not Invented Here" "on" \
|
|
"iniparser" "ini file parsing library" "on" \
|
|
"inotify-tools" "Command-line tools for using inotify." "on" \
|
|
"jfsutils" "Utilities for IBM's Journaled Filesystem" "on" \
|
|
"kbd" "Change keyboard and console mappings" "on" \
|
|
"kernel-firmware" "Linux kernel firmware -- REQUIRED" "on" \
|
|
"kernel-generic" "Generic 6.9 kernel (needs an initrd)" "on" \
|
|
"kernel-huge" "Loaded 6.9 Linux kernel" "on" \
|
|
"kernel-modules" "Linux 6.9 kernel modules -- REQUIRED" "on" \
|
|
"kmod" "Kernel module utilities -- REQUIRED" "on" \
|
|
"lbzip2" "Parallel bzip2 compressor" "on" \
|
|
"less" "A text pager utility - REQUIRED" "on" \
|
|
"lhasa" "Free LZH archive tool" "on" \
|
|
"libblockdev" "library for manipulating block devices" "on" \
|
|
"libbytesize" "library for working with big sizes in bytes" "on" \
|
|
"libcgroup" "Tools for using kernel control groups" "on" \
|
|
"libgudev" "udev GObject bindings library - REQUIRED" "on" \
|
|
"libpwquality" "Password quality checking library - REQUIRED" "on" \
|
|
"lilo" "Boot loader for Linux, DOS, OS/2, etc." "on" \
|
|
"logrotate" "System log rotation utility" "on" \
|
|
"lrzip" "Long Range ZIP" "on" \
|
|
"lvm2" "Tools for creating logical volumes" "on" \
|
|
"lzip" "A lossless data compressor" "on" \
|
|
"lzlib" "lzip compression library" "on" \
|
|
"mcelog" "Machine Check Event logger" "on" \
|
|
"mdadm" "Utilities for managing MD (RAID) devices" "on" \
|
|
"minicom" "Serial transfer and modem comm package" "on" \
|
|
"mkinitrd" "Tool for building an initial ramdisk" "on" \
|
|
"mlocate" "Locates files on the system" "on" \
|
|
"mt-st" "mt ported from BSD - controls tape drive" "on" \
|
|
"mtx" "Controls tape autochangers" "on" \
|
|
"ncompress" "The historic compress utility" "on" \
|
|
"ndctl" "non-volatile memory device library" "on" \
|
|
"ntfs-3g" "FUSE-based NTFS read-write mount program" "on" \
|
|
"nut" "Network UPS Tools" "on" \
|
|
"nvi" "nvi text editor (ex/vi clone)" "on" \
|
|
"openssl-solibs" "OpenSSL shared libraries -- REQUIRED" "on" \
|
|
"openssl11-solibs" "OpenSSL shared libraries version 1.1.x" "on" \
|
|
"os-prober" "A tool for finding bootable OS partitions" "on" \
|
|
"pam" "Pluggable Authentication Modules -- REQUIRED" "on" \
|
|
"patch" "Applies a diff file to an original file" "on" \
|
|
"pciutils" "Linux PCI utilities" "on" \
|
|
"pcmciautils" "PCMCIA card services for the Linux kernel" "on" \
|
|
"pkgtools" "Slackware package management tools - REQUIRED" "on" \
|
|
"plzip" "Parallel lzip compressor" "on" \
|
|
"procps-ng" "Displays process info - REQUIRED" "on" \
|
|
"quota" "User disk quota utilities" "on" \
|
|
"reiserfsprogs" "Tools for the ReiserFS journaling filesystem" "on" \
|
|
"rpm2tgz" "A simple script to convert an RPM to a tgz" "on" \
|
|
"sdparm" "Get/Set SCSI hard drive parameters" "on" \
|
|
"sed" "GNU stream editor -- REQUIRED" "on" \
|
|
"shadow" "Shadow password suite -- REQUIRED" "on" \
|
|
"sharutils" "GNU shell archive utilities - REQUIRED" "on" \
|
|
"smartmontools" "Hard drive monitoring utilities" "on" \
|
|
"splitvt" "Split a screen into sections (use screen ;-)" "on" \
|
|
"sysfsutils" "Utilities for the sysfs filesystem" "on" \
|
|
"sysklogd" "Logs system and kernel messages" "on" \
|
|
"syslinux" "Loader for making Linux boot floppies" "on" \
|
|
"sysvinit" "System V-like INIT programs - REQUIRED" "on" \
|
|
"sysvinit-functions" "Init functions used by some third-party apps" "on" \
|
|
"sysvinit-scripts" "The startup scripts for Slackware - REQUIRED" "on" \
|
|
"tar" "GNU tar archive utility -- REQUIRED" "on" \
|
|
"tcsh" "Extended C shell /bin/tcsh" "on" \
|
|
"time" "Times how long a process takes to run" "on" \
|
|
"tree" "Display a directory in tree form" "on" \
|
|
"udisks2" "storage device daemon v2" "on" \
|
|
"unarj" "Extract ARJ archives" "on" \
|
|
"upower" "power management abstraction daemon" "on" \
|
|
"usb_modeswitch" "Switching tool for multiple mode USB devices" "on" \
|
|
"usbutils" "Linux USB utilities" "on" \
|
|
"userspace-rcu" "userspace read-copy-update library" "on" \
|
|
"utempter" "Library used for writing to utmp/wtmp" "on" \
|
|
"util-linux" "Util-linux utilities - REQUIRED" "on" \
|
|
"volume_key" "manipulate storage keys" "on" \
|
|
"which" "Locate an executable in your \$PATH" "on" \
|
|
"xfsprogs" "Utilities for SGI's XFS filesystem" "on" \
|
|
"xz" "xz (LZMA) compression utility - REQUIRED" "on" \
|
|
"zerofree" "Zero free blocks from ext* filesystems" "on" \
|
|
"zoo" "Zoo archive utility" "on" \
|
|
2> $TMP/SeTpkgs
|
|
if [ $? = 1 -o $? = 255 ]; then
|
|
rm -f $TMP/SeTpkgs
|
|
> $TMP/SeTnewtag
|
|
for pkg in \
|
|
aaa_base aaa_glibc-solibs aaa_libraries aaa_terminfo acl acpid attr bash bcachefs-tools bin btrfs-progs bzip2 coreutils cpio cpufrequtils cracklib cryptsetup dbus dcron devs dialog dosfstools e2fsprogs ed efibootmgr efivar elilo elogind elvis etc eudev exfatprogs f2fs-tools file findutils floppy gawk gettext glibc-zoneinfo gpm gptfdisk grep grub gzip haveged hdparm hostname hwdata infozip inih iniparser inotify-tools jfsutils kbd kernel-firmware kernel-generic kernel-huge kernel-modules kmod lbzip2 less lhasa libblockdev libbytesize libcgroup libgudev libpwquality lilo logrotate lrzip lvm2 lzip lzlib mcelog mdadm minicom mkinitrd mlocate mt-st mtx ncompress ndctl ntfs-3g nut nvi openssl-solibs openssl11-solibs os-prober pam patch pciutils pcmciautils pkgtools plzip procps-ng quota reiserfsprogs rpm2tgz sdparm sed shadow sharutils smartmontools splitvt sysfsutils sysklogd syslinux sysvinit sysvinit-functions sysvinit-scripts tar tcsh time tree udisks2 unarj upower usb_modeswitch usbutils userspace-rcu utempter util-linux volume_key which xfsprogs xz zerofree zoo \
|
|
; do
|
|
echo "$pkg: SKP" >> $TMP/SeTnewtag
|
|
done
|
|
exit
|
|
fi
|
|
cat /dev/null > $TMP/SeTnewtag
|
|
for PACKAGE in \
|
|
aaa_base aaa_glibc-solibs aaa_libraries aaa_terminfo acl acpid attr bash bcachefs-tools bin btrfs-progs bzip2 coreutils cpio cpufrequtils cracklib cryptsetup dbus dcron devs dialog dosfstools e2fsprogs ed efibootmgr efivar elilo elogind elvis etc eudev exfatprogs f2fs-tools file findutils floppy gawk gettext glibc-zoneinfo gpm gptfdisk grep grub gzip haveged hdparm hostname hwdata infozip inih iniparser inotify-tools jfsutils kbd kernel-firmware kernel-generic kernel-huge kernel-modules kmod lbzip2 less lhasa libblockdev libbytesize libcgroup libgudev libpwquality lilo logrotate lrzip lvm2 lzip lzlib mcelog mdadm minicom mkinitrd mlocate mt-st mtx ncompress ndctl ntfs-3g nut nvi openssl-solibs openssl11-solibs os-prober pam patch pciutils pcmciautils pkgtools plzip procps-ng quota reiserfsprogs rpm2tgz sdparm sed shadow sharutils smartmontools splitvt sysfsutils sysklogd syslinux sysvinit sysvinit-functions sysvinit-scripts tar tcsh time tree udisks2 unarj upower usb_modeswitch usbutils userspace-rcu utempter util-linux volume_key which xfsprogs xz zerofree zoo \
|
|
; do
|
|
if grep "\(^\| \)$PACKAGE\( \|$\)" $TMP/SeTpkgs 1> /dev/null 2> /dev/null ; then
|
|
echo "$PACKAGE: ADD" >> $TMP/SeTnewtag
|
|
else
|
|
echo "$PACKAGE: SKP" >> $TMP/SeTnewtag
|
|
fi
|
|
done
|
|
rm -f $TMP/SeTpkgs
|