mirror of
git://slackware.nl/current.git
synced 2025-01-14 08:01:11 +01:00
df07d8b7cd
a/kernel-generic-4.19.32-x86_64-1.txz: Upgraded. a/kernel-huge-4.19.32-x86_64-1.txz: Upgraded. a/kernel-modules-4.19.32-x86_64-1.txz: Upgraded. ap/hplip-3.19.3-x86_64-1.txz: Upgraded. d/kernel-headers-4.19.32-x86-1.txz: Upgraded. d/python3-3.7.3-x86_64-1.txz: Upgraded. Fixed bugs and the following security issues: bpo-36216: Changes urlsplit() to raise ValueError when the URL contains characters that decompose under IDNA encoding (NFKC-normalization) into characters that affect how the URL is parsed. bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco. bpo-35121: Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with http.cookiejar.DefaultCookiePolicy policy. Patch by Karthikeyan Singaravelan. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010 (* Security fix *) d/scons-3.0.5-x86_64-1.txz: Upgraded. k/kernel-source-4.19.32-noarch-1.txz: Upgraded. n/curl-7.64.1-x86_64-1.txz: Upgraded. n/gnutls-3.6.7-x86_64-1.txz: Upgraded. Fixes security issues: libgnutls, gnutls tools: Every gnutls_free() will automatically set the free'd pointer to NULL. This prevents possible use-after-free and double free issues. Use-after-free will be turned into NULL dereference. The counter-measure does not extend to applications using gnutls_free(). libgnutls: Fixed a memory corruption (double free) vulnerability in the certificate verification API. Reported by Tavis Ormandy; addressed with the change above. [GNUTLS-SA-2019-03-27, #694] libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages; Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704] libgnutls: enforce key usage limitations on certificates more actively. Previously we would enforce it for TLS1.2 protocol, now we enforce it even when TLS1.3 is negotiated, or on client certificates as well. When an inappropriate for TLS1.3 certificate is seen on the credentials structure GnuTLS will disable TLS1.3 support for that session (#690). libgnutls: enforce the equality of the two signature parameters fields in a certificate. We were already enforcing the signature algorithm, but there was a bug in parameter checking code. (* Security fix *) isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.
99 lines
3.5 KiB
Text
99 lines
3.5 KiB
Text
|
|
Slackware initrd mini HOWTO
|
|
by Patrick Volkerding, volkerdi@slackware.com
|
|
Wed Mar 27 20:14:05 UTC 2019
|
|
|
|
This document describes how to create and install an initrd, which may be
|
|
required to use the 4.x kernel. Also see "man mkinitrd".
|
|
|
|
1. What is an initrd?
|
|
2. Why to I need an initrd?
|
|
3. How do I build the initrd?
|
|
4. Now that I've built an initrd, how do I use it?
|
|
|
|
|
|
1. What is an initrd?
|
|
|
|
Initrd stands for "initial ramdisk". An initial ramdisk is a very small
|
|
Linux filesystem that is loaded into RAM and mounted as the kernel boots,
|
|
and before the main root filesystem is mounted.
|
|
|
|
2. Why do I need an initrd?
|
|
|
|
The usual reason to use an initrd is because you need to load kernel
|
|
modules before mounting the root partition. Usually these modules are
|
|
required to support the filesystem used by the root partition (ext3, ext4,
|
|
btrfs, xfs), or perhaps the controller that the hard drive is attached
|
|
to (SCSI, RAID, etc). Essentially, there are so many different options
|
|
available in modern Linux kernels that it isn't practical to try to ship
|
|
many different kernels to try to cover everyone's needs. It's a lot more
|
|
flexible to ship a generic kernel and a set of kernel modules for it.
|
|
|
|
3. How do I build the initrd?
|
|
|
|
The easiest way to make the initrd is to use the mkinitrd script included
|
|
in Slackware's mkinitrd package. We'll walk through the process of
|
|
upgrading to the generic 4.19.32 Linux kernel using the packages
|
|
found in Slackware's slackware/a/ directory.
|
|
|
|
First, make sure the kernel, kernel modules, and mkinitrd package are
|
|
installed (the current version numbers might be a little different, so
|
|
this is just an example):
|
|
|
|
installpkg kernel-generic-4.19.32-x86_64-1.txz
|
|
installpkg kernel-modules-4.19.32-x86_64-1.txz
|
|
installpkg mkinitrd-1.4.11-x86_64-12.txz
|
|
|
|
Change into the /boot directory:
|
|
|
|
cd /boot
|
|
|
|
Now you'll want to run "mkinitrd". I'm using ext4 for my root filesystem,
|
|
and since the disk controller requires no special support the ext4 module
|
|
will be the only one I need to load:
|
|
|
|
mkinitrd -c -k 4.19.32 -m ext4
|
|
|
|
This should do two things. First, it will create a directory
|
|
/boot/initrd-tree containing the initrd's filesystem. Then it will
|
|
create an initrd (/boot/initrd.gz) from this tree. If you wanted to,
|
|
you could make some additional changes in /boot/initrd-tree/ and
|
|
then run mkinitrd again without options to rebuild the image. That's
|
|
optional, though, and only advanced users will need to think about that.
|
|
|
|
Here's another example: Build an initrd image using Linux 4.19.32
|
|
kernel modules for a system with an ext4 root partition on /dev/sdb3:
|
|
|
|
mkinitrd -c -k 4.19.32 -m ext4 -f ext4 -r /dev/sdb3
|
|
|
|
|
|
4. Now that I've built an initrd, how do I use it?
|
|
|
|
Now that you've got an initrd (/boot/initrd.gz), you'll want to load
|
|
it along with the kernel at boot time. If you use LILO for your boot
|
|
loader you'll need to edit /etc/lilo.conf and add a line to load the
|
|
initrd. Here's an example section of lilo.conf showing how this is
|
|
done:
|
|
|
|
# Linux bootable partition config begins
|
|
image = /boot/vmlinuz-generic
|
|
initrd = /boot/initrd.gz
|
|
root = /dev/sda6
|
|
label = Slackware
|
|
read-only
|
|
# Linux bootable partition config ends
|
|
|
|
The initrd is loaded by the "initrd = /boot/initrd.gz" line.
|
|
Just add the line right below the line for the kernel image you use.
|
|
Save the file, and then run LILO again ('lilo' at the command line).
|
|
You'll need to run lilo every time you edit lilo.conf or rebuild the
|
|
initrd.
|
|
|
|
Other bootloaders such as syslinux also support the use of an initrd.
|
|
See the documentation for those programs for details on using an
|
|
initrd with them.
|
|
|
|
|
|
---------
|
|
|
|
Have fun!
|