mirror of
git://slackware.nl/current.git
synced 2025-01-17 18:12:36 +01:00
7284497dcf
a/sysvinit-scripts-2.1-noarch-23.txz: Rebuilt. rc.S: simplify test for F2FS filesystem on /. Thanks to GazL. ap/soma-3.2.0-noarch-1.txz: Upgraded. d/cmake-3.13.1-x86_64-1.txz: Upgraded. l/jansson-2.12-x86_64-1.txz: Upgraded. n/rp-pppoe-3.13-x86_64-1.txz: Upgraded. n/samba-4.9.3-x86_64-1.txz: Upgraded. This update fixes bugs and security issues: CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD Internal DNS server CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported) CVE-2018-16857: Bad password count in AD DC not always effective For more information, see: https://www.samba.org/samba/security/CVE-2018-14629.html https://www.samba.org/samba/security/CVE-2018-16841.html https://www.samba.org/samba/security/CVE-2018-16851.html https://www.samba.org/samba/security/CVE-2018-16852.html https://www.samba.org/samba/security/CVE-2018-16853.html https://www.samba.org/samba/security/CVE-2018-16857.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14629 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16841 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16853 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16857 (* Security fix *) x/mesa-18.2.6-x86_64-1.txz: Upgraded. x/vulkan-sdk-1.1.92.1-x86_64-1.txz: Upgraded.
352 lines
14 KiB
Text
352 lines
14 KiB
Text
This file documents the instructions for upgrading to Slackware -current, the
|
|
packages added, removed, renamed, and/or split during the development cycle
|
|
from Slackware 14.2 through -current, and some potential "gotchas" that users
|
|
can avoid by arming themselves with a little knowledge.
|
|
|
|
|
|
*** INSTRUCTIONS FOR UPGRADING FROM 14.2 ***
|
|
|
|
Follow the instructions detailed in the UPGRADE.TXT located in this
|
|
directory.
|
|
|
|
Note that upgrading from a Slackware version earlier than 14.2 is NOT
|
|
supported at all and will most likely not work.
|
|
|
|
|
|
*** PACKAGE ADDITIONS SINCE 14.2 ***
|
|
|
|
a/efivar
|
|
a/f2fs-tools
|
|
a/haveged
|
|
a/hostname (split from n/net-tools)
|
|
a/lbzip2
|
|
a/lzlib
|
|
a/mlocate (replaces a/slocate)
|
|
a/openssl10-solibs (compat libraries for openssl-1.0.2)
|
|
a/plzip
|
|
ap/dash (replaces ap/ash)
|
|
ap/man-db (replaces ap/man)
|
|
ap/sc-im (replaces ap/sc)
|
|
ap/opus-tools
|
|
ap/xorriso
|
|
d/gcc-brig
|
|
d/gnucobol (replaces d/gnu-cobol)
|
|
d/icecream
|
|
d/parallel
|
|
d/patchelf
|
|
d/python-pip
|
|
d/python3
|
|
d/opencl-headers
|
|
d/rust
|
|
d/vala
|
|
l/Mako
|
|
l/SDL2
|
|
l/SDL2_gfx
|
|
l/SDL2_image
|
|
l/SDL2_mixer
|
|
l/SDL2_net
|
|
l/SDL2_ttf
|
|
l/ffmpeg
|
|
l/fluidsynth
|
|
l/gexiv2
|
|
l/graphite2
|
|
l/gst-plugins-libav
|
|
l/id3lib
|
|
l/jansson
|
|
l/jmtpfs
|
|
l/json-glib
|
|
l/lame
|
|
l/libbluray
|
|
l/libclc
|
|
l/libedit
|
|
l/libidn2
|
|
l/libopusenc
|
|
l/libpsl
|
|
l/libsodium
|
|
l/libunwind
|
|
l/libwebp
|
|
l/lmdb
|
|
l/mozjs52 (replaceds l/js185)
|
|
l/ocl-icd
|
|
l/opus
|
|
l/opusfile
|
|
l/pyparsing
|
|
l/python-appdirs
|
|
l/python-certifi
|
|
l/python-chardet
|
|
l/python-docutils
|
|
l/python-idna
|
|
l/python-notify2
|
|
l/python-packaging
|
|
l/python-requests
|
|
l/python-sane
|
|
l/python-six
|
|
l/python-urllib3
|
|
l/speex
|
|
l/tdb
|
|
l/tevent
|
|
l/talloc
|
|
l/utf8proc
|
|
l/zstd
|
|
n/dovecot
|
|
n/libmilter
|
|
n/nghttp2
|
|
n/npth
|
|
n/openssl10 (compat development package for openssl-1.0.2)
|
|
n/postfix
|
|
n/s-nail (replaces mailx)
|
|
n/sshfs
|
|
n/wireless_tools (renamed from n/wireless-tools)
|
|
t/fig2dev (replaces t/transfig)
|
|
t/texlive (replaces t/tetex and t/tetex-doc)
|
|
x/igt-gpu-tools (replaces x/intel-gpu-tools)
|
|
x/intel-vaapi-driver (replaces x/libva-intel-driver)
|
|
x/libXfont2
|
|
x/libinput
|
|
x/libmypaint
|
|
x/libva-utils
|
|
x/libwacom
|
|
x/mypaint-brushes
|
|
x/ttf-tlwg
|
|
x/urw-core35-fonts-otf
|
|
x/vulkan-sdk
|
|
x/xf86-input-libinput
|
|
x/xf86-video-vboxvideo
|
|
x/xorgproto (replaces all of the other x/*proto packages)
|
|
xap/easytag
|
|
xap/rxvt-unicode (replaces xap/rxvt)
|
|
extra/sendmail/* (moved from main tree)
|
|
|
|
|
|
*** PACKAGE REMOVALS SINCE 14.2 ***
|
|
|
|
a/eject (included in a/util-linux)
|
|
a/slocate (replaced by a/mlocate)
|
|
ap/ash (replaced by ap/dash)
|
|
ap/man (replaced by ap/man-db)
|
|
ap/sc (replaced by ap/sc-im)
|
|
ap/workbone
|
|
d/gcc-java
|
|
d/gnu-cobol (replaced by d/gnucobol)
|
|
l/herqq
|
|
l/libart_lgpl
|
|
l/libmowgli
|
|
l/libmcs
|
|
l/libmsn
|
|
l/libtermcap
|
|
l/libwmf-docs (merged with l/libwmf)
|
|
l/js185 (replaced with l/mozjs52)
|
|
l/notify-python (replaced by python-notify2)
|
|
l/pyrex
|
|
l/virtuoso-ose
|
|
n/dirmngr
|
|
n/idnkit
|
|
n/mailx (replaced by n/s-nail)
|
|
n/pth
|
|
n/rfkill (included in a/util-linux)
|
|
n/sendmail (moved to /extra ; replaced by n/postfix and n/libmilter)
|
|
n/sendmail-cf (moved to /extra ; replaced by n/postfix and n/libmilter)
|
|
n/trn
|
|
n/wireless-tools (renamed to n/wireless_tools)
|
|
t/tetex (replaced by t/texlive)
|
|
t/tetex-doc (replaced by t/texlive)
|
|
t/transfig (replaced by t/fig2dev)
|
|
x/bigreqsproto (replaced by x/xorgproto)
|
|
x/compositeproto (replaced by x/xorgproto)
|
|
x/damageproto (replaced by x/xorgproto)
|
|
x/dmxproto (replaced by x/xorgproto)
|
|
x/dri2proto (replaced by x/xorgproto)
|
|
x/dri3proto (replaced by x/xorgproto)
|
|
x/evieext (replaced by x/xorgproto)
|
|
x/fixesproto (replaced by x/xorgproto)
|
|
x/fontcacheproto (replaced by x/xorgproto)
|
|
x/fontsproto (replaced by x/xorgproto)
|
|
x/glproto (replaced by x/xorgproto)
|
|
x/inputproto (replaced by x/xorgproto)
|
|
x/intel-gpu-tools (replaced by x/igt-gpu-tools)
|
|
x/kbproto (replaced by x/xorgproto)
|
|
x/libXfont (deprecated)
|
|
x/libva-intel-driver (replaced by x/intel-vaapi-driver)
|
|
x/presentproto (replaced by x/xorgproto)
|
|
x/printproto (replaced by x/xorgproto)
|
|
x/randrproto (replaced by x/xorgproto)
|
|
x/recordproto (replaced by x/xorgproto)
|
|
x/renderproto (replaced by x/xorgproto)
|
|
x/resourceproto (replaced by x/xorgproto)
|
|
x/scrnsaverproto (replaced by x/xorgproto)
|
|
x/videoproto (replaced by x/xorgproto)
|
|
x/xcmiscproto (replaced by x/xorgproto)
|
|
x/xextproto (replaced by x/xorgproto)
|
|
x/xf86-video-xgi (replaced by x/xorgproto)
|
|
x/xf86-video-xgixp (replaced by x/xorgproto)
|
|
x/xf86bigfontproto (replaced by x/xorgproto)
|
|
x/xf86dgaproto (replaced by x/xorgproto)
|
|
x/xf86driproto (replaced by x/xorgproto)
|
|
x/xf86miscproto (replaced by x/xorgproto)
|
|
x/xf86vidmodeproto (replaced by x/xorgproto)
|
|
x/xineramaproto (replaced by x/xorgproto)
|
|
x/xproto (replaced by x/xorgproto)
|
|
xap/rxvt (replaced by xap/rxvt-unicode)
|
|
extra/mplayerplug-in/mplayerplug-in
|
|
|
|
|
|
*** NEW USERS/GROUPS SINCE 14.2 ***
|
|
|
|
cgred group, GID 41
|
|
ntp user and group, UID and GID 44
|
|
postfix user and group, UID and GID 91
|
|
postdrop group, GID 92
|
|
dovecot user and group, UID and GID 94
|
|
dovenull user and group, UID and GID 95
|
|
|
|
|
|
*** OTHER NOTABLE CHANGES AND HINTS ***
|
|
|
|
The stock networking scripts now use iproute2 instead of net-tools and
|
|
bridge-utils and friends. All of the previous functionality is still
|
|
supported with the same config file syntax in /etc/rc.d/rc.inet1.conf,
|
|
but added functionality includes support for creating virtual interfaces
|
|
(e.g. tun/tap) and adding them to bridges as well as binding additional
|
|
IP addresses to virtual and/or real interfaces. This did involve some
|
|
added options to rc.inet1.conf. Maybe best of all, /sbin/ifconfig can
|
|
still be used to view (and even configure) interfaces manually - any
|
|
additional IP addresses bound to interfaces using rc.inet1 will be done
|
|
in such a way that /sbin/ifconfig recognizes them.
|
|
|
|
The ntp package has changed such that ntpd now drops privileges and runs as
|
|
user ntp and group ntp. Be sure to move/merge the changes to rc.ntpd and
|
|
/etc/ntp.conf.
|
|
|
|
The gnupg2 package has changed such that the gpg agent is autostarted on
|
|
demand now, so be sure to remove any local profile script changes to
|
|
handle that. Also, there is a new keyring format used by gnupg2-2.2.x,
|
|
so have a look at https://www.gnupg.org/faq/whats-new-in-2.1.html#keybox
|
|
for migration tips.
|
|
|
|
As mentioned earlier, n/postfix replaces n/sendmail as the default MTA.
|
|
However, postfix is sendmail compatible with respect to function; in
|
|
other words, any scripts or other applications expecting to *use*
|
|
sendmail should work just fine, as postfix installs a sendmail binary
|
|
at /usr/sbin/sendmail. This is all fine and wonderful unless you want
|
|
to use sendmail *instead* of postfix and thus decided to leave sendmail
|
|
installed on the system. The postfix package will overwrite the
|
|
/usr/sbin/sendmail file on the system. Long story short: if you plan
|
|
to use the sendmail MTA instead of postfix, you will need to reinstall
|
|
sendmail after postfix. Many distros provide a means of having both MTAs
|
|
(and even others, such as exim and courier) installed at the same time,
|
|
but we don't see a reason to bother with that. If for some reason you
|
|
DO want both:
|
|
1: First, install the MTA you do NOT plan to use
|
|
2. Rename the /usr/sbin/sendmail binary with a suffix, e.g.
|
|
# mv /usr/sbin/sendmail /usr/sbin/sendmail.postfix
|
|
3: Next, install the MTA you DO plan to use
|
|
Finally, you might want to configure the first-installed MTA to look at
|
|
the changed path for its sendmail binary. We're not going to cover that
|
|
here. Also note that only one of the installed MTAs will be able to bind
|
|
the common SMTP ports, if you want to have both MTAs running.
|
|
|
|
The cciss driver has been replaced by the hpsa driver, so if you're
|
|
running an HP server, this may be relevant to you. This is mostly an
|
|
issue with respect to device references -- if you have references to
|
|
/dev/cciss/* in e.g. /etc/fstab and/or /etc/smartd.conf, you'll need
|
|
to fix those. Reference: https://tinyurl.com/cciss-hpsa
|
|
|
|
Use one of the provided generic kernels for daily use. Do not report
|
|
bugs until/unless you have reproduced them using one of the stock
|
|
generic kernels. You will need to create an initrd in order to boot
|
|
the generic kernels - see /boot/README.initrd for instructions.
|
|
The huge kernels are primarily intended as "installer" and "emergency"
|
|
kernels in case you forget to make an initrd. For most systems, you
|
|
should use the generic SMP kernel if it will run, even if your system is
|
|
not SMP-capable. Some newer hardware needs the local APIC enabled in the
|
|
SMP kernel, and theoretically there should not be a performance penalty
|
|
with using the SMP-capable kernel on a uniprocessor machine, as the SMP
|
|
kernel tests for this and makes necessary adjustments. Furthermore, the
|
|
kernel sources shipped with Slackware are configured for SMP usage, so you
|
|
won't have to modify those to build external modules (such as NVidia or
|
|
ATI proprietary drivers) if you use the SMP kernel.
|
|
|
|
If you decide to use one of the non-SMP kernels, you will need to follow the
|
|
instructions in /extra/linux-4.19.5-nosmp-sdk/README.TXT to modify your
|
|
kernel sources for non-SMP usage. Note that this only applies if you are
|
|
using the Slackware-provided non-SMP kernel - if you build a custom kernel,
|
|
the symlinks at /lib/modules/$(uname -r)/{build,source} will point to the
|
|
correct kernel source so long as you don't (re)move it.
|
|
|
|
Printing, scanning, and bluetooth usage require that your user account be a
|
|
member of the "lp" group (membership in the "scanner" group is no longer
|
|
needed by any of the included scanner drivers, though some third party
|
|
drivers may still need it); we had to configure sane to use the "lp" group
|
|
or else multifunction devices (e.g. print/scan/copy units) would only do
|
|
one or the other (depending on whether the group ownership was "lp" or
|
|
"scanner").
|
|
|
|
If you want to change the resolution of the KMS console, that can be done
|
|
with something like this as a kernel append in lilo.conf:
|
|
append="video=1024x768"
|
|
|
|
Speaking of lilo.conf and KMS, make sure you use either vga=normal or
|
|
vga=extended -- some of the framebuffers don't like KMS very much...
|
|
|
|
If your cd/dvd drive is not visible inside a gtk-based desktop environment
|
|
(e.g. Xfce), you may need to add "comment=x-gvfs-show" to the /etc/fstab
|
|
line for the device. For more information, see this document:
|
|
http://git.gnome.org/browse/gvfs/tree/monitor/udisks2/what-is-shown.txt
|
|
|
|
If you have set up an encrypted root partition, you will need to have access
|
|
to your keyboard in order to type the passphrase. This may require you to
|
|
add the uhci-hcd and usbhid modules to your initrd image if you have a USB
|
|
keyboard. Also note that if you are using a non-US keyboard, you can use the
|
|
'-l' parameter to the 'mkinitrd' command in order to add support for this
|
|
keyboard to your initrd.
|
|
|
|
If you have permission errors when attempting to burn a cdrom or dvd image,
|
|
such as the following:
|
|
/usr/bin/cdrecord: Operation not permitted. Cannot send SCSI cmd via ioctl
|
|
then cdrecord almost certainly needs root privileges to work correctly.
|
|
One potential solution is to make the cdrecord and cdrdao binaries suid root,
|
|
but this has possible security implications. The safest way to do that is
|
|
to make those binaries suid root, owned by a specific group, and executable
|
|
by only root and members of that group. For most people, the example below
|
|
will be sufficient (but adjust as desired depending on your specific needs):
|
|
chown root:cdrom /usr/bin/cdrecord /usr/bin/cdrdao
|
|
chmod 4750 /usr/bin/cdrecord /usr/bin/cdrdao
|
|
If you don't want all members of the 'cdrom' group to be able to execute the
|
|
two suid binaries, then create a special group (such as 'burning' which is
|
|
recommended by k3b), use it instead of 'cdrom' in the line above, and add
|
|
to it only the users you wish to have access to cdrecord and cdrdao.
|
|
|
|
Subpixel hinting in freetype has been enabled upstream by default, but you
|
|
may adjust this in /etc/profile.d/freetype.{csh,sh}.
|
|
|
|
Input methods for complex characters (CJK, which is shorthand for Chinese,
|
|
Japanese, Korean) and other non-latin character sets have been added. These
|
|
input methods use the SCIM (Smart Common Input Method) platform.
|
|
The environment variables for SCIM support are set in /etc/profile.d/scim.sh
|
|
The requirements for getting SCIM input methods to work in your X session
|
|
are as follows:
|
|
(1) Use a UTF-8 locale. Look in /etc/profile.d/lang.sh for setting your
|
|
language to (for instance) en_US.UTF-8. As a word of warning: maybe you
|
|
should leave root with a non-UTF-8 locale because you don't want root's
|
|
commands to be misinterpreted. You can add the following line to your
|
|
~/.profile file to enable UTF-8 just for yourself:
|
|
export LANG=en_US.UTF-8
|
|
(2) Make the scim profile scripts executable. These will setup your
|
|
environment correctly for the use of scim with X applications. Run:
|
|
chmod +x /etc/profile.d/scim.*
|
|
(3) Start the scim daemon as soon as your X session starts. The scim daemon
|
|
must be active before any of your X applications. In KDE, you can add a
|
|
shell script to the ~/.kde/Autostart folder that runs the command
|
|
"scim -d". In XFCE you can add "scim -d" to the Autostarted Applications.
|
|
If you boot your computer in runlevel 4 (the graphical XDM/KDM login)
|
|
you can simply add the line "scim -d" to your ~/.xprofile file.
|
|
This gives you a Desktop Environment independent way of starting scim.
|
|
When scim is running, you will see a small keyboard icon in your system tray.
|
|
Right-click it to enter SCIM Setup. In 'Global Setup' select your keyboard
|
|
layout, and you are ready to start entering just about any language
|
|
characters you wish! Press the magical key combo <Control><Space>
|
|
in order to activate or deactivate SCIM input. The SCIM taskbar in the
|
|
desktop's corner allows you to select a language. As you type, SCIM will show
|
|
an overview of applicable character glyphs (if you are inputting complex
|
|
characters like Japanese).
|
|
|