1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2025-01-27 07:59:56 +01:00
slackware-current/CHANGES_AND_HINTS.TXT
Patrick J Volkerding 7284497dcf Thu Nov 29 05:53:27 UTC 2018
a/sysvinit-scripts-2.1-noarch-23.txz:  Rebuilt.
  rc.S: simplify test for F2FS filesystem on /. Thanks to GazL.
ap/soma-3.2.0-noarch-1.txz:  Upgraded.
d/cmake-3.13.1-x86_64-1.txz:  Upgraded.
l/jansson-2.12-x86_64-1.txz:  Upgraded.
n/rp-pppoe-3.13-x86_64-1.txz:  Upgraded.
n/samba-4.9.3-x86_64-1.txz:  Upgraded.
  This update fixes bugs and security issues:
  CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD
    Internal DNS server
  CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT
  CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server
  CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers
  CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos
    configuration (unsupported)
  CVE-2018-16857: Bad password count in AD DC not always effective
  For more information, see:
    https://www.samba.org/samba/security/CVE-2018-14629.html
    https://www.samba.org/samba/security/CVE-2018-16841.html
    https://www.samba.org/samba/security/CVE-2018-16851.html
    https://www.samba.org/samba/security/CVE-2018-16852.html
    https://www.samba.org/samba/security/CVE-2018-16853.html
    https://www.samba.org/samba/security/CVE-2018-16857.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14629
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16841
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16851
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16852
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16853
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16857
  (* Security fix *)
x/mesa-18.2.6-x86_64-1.txz:  Upgraded.
x/vulkan-sdk-1.1.92.1-x86_64-1.txz:  Upgraded.
2018-11-29 17:59:45 +01:00

352 lines
14 KiB
Text

This file documents the instructions for upgrading to Slackware -current, the
packages added, removed, renamed, and/or split during the development cycle
from Slackware 14.2 through -current, and some potential "gotchas" that users
can avoid by arming themselves with a little knowledge.
*** INSTRUCTIONS FOR UPGRADING FROM 14.2 ***
Follow the instructions detailed in the UPGRADE.TXT located in this
directory.
Note that upgrading from a Slackware version earlier than 14.2 is NOT
supported at all and will most likely not work.
*** PACKAGE ADDITIONS SINCE 14.2 ***
a/efivar
a/f2fs-tools
a/haveged
a/hostname (split from n/net-tools)
a/lbzip2
a/lzlib
a/mlocate (replaces a/slocate)
a/openssl10-solibs (compat libraries for openssl-1.0.2)
a/plzip
ap/dash (replaces ap/ash)
ap/man-db (replaces ap/man)
ap/sc-im (replaces ap/sc)
ap/opus-tools
ap/xorriso
d/gcc-brig
d/gnucobol (replaces d/gnu-cobol)
d/icecream
d/parallel
d/patchelf
d/python-pip
d/python3
d/opencl-headers
d/rust
d/vala
l/Mako
l/SDL2
l/SDL2_gfx
l/SDL2_image
l/SDL2_mixer
l/SDL2_net
l/SDL2_ttf
l/ffmpeg
l/fluidsynth
l/gexiv2
l/graphite2
l/gst-plugins-libav
l/id3lib
l/jansson
l/jmtpfs
l/json-glib
l/lame
l/libbluray
l/libclc
l/libedit
l/libidn2
l/libopusenc
l/libpsl
l/libsodium
l/libunwind
l/libwebp
l/lmdb
l/mozjs52 (replaceds l/js185)
l/ocl-icd
l/opus
l/opusfile
l/pyparsing
l/python-appdirs
l/python-certifi
l/python-chardet
l/python-docutils
l/python-idna
l/python-notify2
l/python-packaging
l/python-requests
l/python-sane
l/python-six
l/python-urllib3
l/speex
l/tdb
l/tevent
l/talloc
l/utf8proc
l/zstd
n/dovecot
n/libmilter
n/nghttp2
n/npth
n/openssl10 (compat development package for openssl-1.0.2)
n/postfix
n/s-nail (replaces mailx)
n/sshfs
n/wireless_tools (renamed from n/wireless-tools)
t/fig2dev (replaces t/transfig)
t/texlive (replaces t/tetex and t/tetex-doc)
x/igt-gpu-tools (replaces x/intel-gpu-tools)
x/intel-vaapi-driver (replaces x/libva-intel-driver)
x/libXfont2
x/libinput
x/libmypaint
x/libva-utils
x/libwacom
x/mypaint-brushes
x/ttf-tlwg
x/urw-core35-fonts-otf
x/vulkan-sdk
x/xf86-input-libinput
x/xf86-video-vboxvideo
x/xorgproto (replaces all of the other x/*proto packages)
xap/easytag
xap/rxvt-unicode (replaces xap/rxvt)
extra/sendmail/* (moved from main tree)
*** PACKAGE REMOVALS SINCE 14.2 ***
a/eject (included in a/util-linux)
a/slocate (replaced by a/mlocate)
ap/ash (replaced by ap/dash)
ap/man (replaced by ap/man-db)
ap/sc (replaced by ap/sc-im)
ap/workbone
d/gcc-java
d/gnu-cobol (replaced by d/gnucobol)
l/herqq
l/libart_lgpl
l/libmowgli
l/libmcs
l/libmsn
l/libtermcap
l/libwmf-docs (merged with l/libwmf)
l/js185 (replaced with l/mozjs52)
l/notify-python (replaced by python-notify2)
l/pyrex
l/virtuoso-ose
n/dirmngr
n/idnkit
n/mailx (replaced by n/s-nail)
n/pth
n/rfkill (included in a/util-linux)
n/sendmail (moved to /extra ; replaced by n/postfix and n/libmilter)
n/sendmail-cf (moved to /extra ; replaced by n/postfix and n/libmilter)
n/trn
n/wireless-tools (renamed to n/wireless_tools)
t/tetex (replaced by t/texlive)
t/tetex-doc (replaced by t/texlive)
t/transfig (replaced by t/fig2dev)
x/bigreqsproto (replaced by x/xorgproto)
x/compositeproto (replaced by x/xorgproto)
x/damageproto (replaced by x/xorgproto)
x/dmxproto (replaced by x/xorgproto)
x/dri2proto (replaced by x/xorgproto)
x/dri3proto (replaced by x/xorgproto)
x/evieext (replaced by x/xorgproto)
x/fixesproto (replaced by x/xorgproto)
x/fontcacheproto (replaced by x/xorgproto)
x/fontsproto (replaced by x/xorgproto)
x/glproto (replaced by x/xorgproto)
x/inputproto (replaced by x/xorgproto)
x/intel-gpu-tools (replaced by x/igt-gpu-tools)
x/kbproto (replaced by x/xorgproto)
x/libXfont (deprecated)
x/libva-intel-driver (replaced by x/intel-vaapi-driver)
x/presentproto (replaced by x/xorgproto)
x/printproto (replaced by x/xorgproto)
x/randrproto (replaced by x/xorgproto)
x/recordproto (replaced by x/xorgproto)
x/renderproto (replaced by x/xorgproto)
x/resourceproto (replaced by x/xorgproto)
x/scrnsaverproto (replaced by x/xorgproto)
x/videoproto (replaced by x/xorgproto)
x/xcmiscproto (replaced by x/xorgproto)
x/xextproto (replaced by x/xorgproto)
x/xf86-video-xgi (replaced by x/xorgproto)
x/xf86-video-xgixp (replaced by x/xorgproto)
x/xf86bigfontproto (replaced by x/xorgproto)
x/xf86dgaproto (replaced by x/xorgproto)
x/xf86driproto (replaced by x/xorgproto)
x/xf86miscproto (replaced by x/xorgproto)
x/xf86vidmodeproto (replaced by x/xorgproto)
x/xineramaproto (replaced by x/xorgproto)
x/xproto (replaced by x/xorgproto)
xap/rxvt (replaced by xap/rxvt-unicode)
extra/mplayerplug-in/mplayerplug-in
*** NEW USERS/GROUPS SINCE 14.2 ***
cgred group, GID 41
ntp user and group, UID and GID 44
postfix user and group, UID and GID 91
postdrop group, GID 92
dovecot user and group, UID and GID 94
dovenull user and group, UID and GID 95
*** OTHER NOTABLE CHANGES AND HINTS ***
The stock networking scripts now use iproute2 instead of net-tools and
bridge-utils and friends. All of the previous functionality is still
supported with the same config file syntax in /etc/rc.d/rc.inet1.conf,
but added functionality includes support for creating virtual interfaces
(e.g. tun/tap) and adding them to bridges as well as binding additional
IP addresses to virtual and/or real interfaces. This did involve some
added options to rc.inet1.conf. Maybe best of all, /sbin/ifconfig can
still be used to view (and even configure) interfaces manually - any
additional IP addresses bound to interfaces using rc.inet1 will be done
in such a way that /sbin/ifconfig recognizes them.
The ntp package has changed such that ntpd now drops privileges and runs as
user ntp and group ntp. Be sure to move/merge the changes to rc.ntpd and
/etc/ntp.conf.
The gnupg2 package has changed such that the gpg agent is autostarted on
demand now, so be sure to remove any local profile script changes to
handle that. Also, there is a new keyring format used by gnupg2-2.2.x,
so have a look at https://www.gnupg.org/faq/whats-new-in-2.1.html#keybox
for migration tips.
As mentioned earlier, n/postfix replaces n/sendmail as the default MTA.
However, postfix is sendmail compatible with respect to function; in
other words, any scripts or other applications expecting to *use*
sendmail should work just fine, as postfix installs a sendmail binary
at /usr/sbin/sendmail. This is all fine and wonderful unless you want
to use sendmail *instead* of postfix and thus decided to leave sendmail
installed on the system. The postfix package will overwrite the
/usr/sbin/sendmail file on the system. Long story short: if you plan
to use the sendmail MTA instead of postfix, you will need to reinstall
sendmail after postfix. Many distros provide a means of having both MTAs
(and even others, such as exim and courier) installed at the same time,
but we don't see a reason to bother with that. If for some reason you
DO want both:
1: First, install the MTA you do NOT plan to use
2. Rename the /usr/sbin/sendmail binary with a suffix, e.g.
# mv /usr/sbin/sendmail /usr/sbin/sendmail.postfix
3: Next, install the MTA you DO plan to use
Finally, you might want to configure the first-installed MTA to look at
the changed path for its sendmail binary. We're not going to cover that
here. Also note that only one of the installed MTAs will be able to bind
the common SMTP ports, if you want to have both MTAs running.
The cciss driver has been replaced by the hpsa driver, so if you're
running an HP server, this may be relevant to you. This is mostly an
issue with respect to device references -- if you have references to
/dev/cciss/* in e.g. /etc/fstab and/or /etc/smartd.conf, you'll need
to fix those. Reference: https://tinyurl.com/cciss-hpsa
Use one of the provided generic kernels for daily use. Do not report
bugs until/unless you have reproduced them using one of the stock
generic kernels. You will need to create an initrd in order to boot
the generic kernels - see /boot/README.initrd for instructions.
The huge kernels are primarily intended as "installer" and "emergency"
kernels in case you forget to make an initrd. For most systems, you
should use the generic SMP kernel if it will run, even if your system is
not SMP-capable. Some newer hardware needs the local APIC enabled in the
SMP kernel, and theoretically there should not be a performance penalty
with using the SMP-capable kernel on a uniprocessor machine, as the SMP
kernel tests for this and makes necessary adjustments. Furthermore, the
kernel sources shipped with Slackware are configured for SMP usage, so you
won't have to modify those to build external modules (such as NVidia or
ATI proprietary drivers) if you use the SMP kernel.
If you decide to use one of the non-SMP kernels, you will need to follow the
instructions in /extra/linux-4.19.5-nosmp-sdk/README.TXT to modify your
kernel sources for non-SMP usage. Note that this only applies if you are
using the Slackware-provided non-SMP kernel - if you build a custom kernel,
the symlinks at /lib/modules/$(uname -r)/{build,source} will point to the
correct kernel source so long as you don't (re)move it.
Printing, scanning, and bluetooth usage require that your user account be a
member of the "lp" group (membership in the "scanner" group is no longer
needed by any of the included scanner drivers, though some third party
drivers may still need it); we had to configure sane to use the "lp" group
or else multifunction devices (e.g. print/scan/copy units) would only do
one or the other (depending on whether the group ownership was "lp" or
"scanner").
If you want to change the resolution of the KMS console, that can be done
with something like this as a kernel append in lilo.conf:
append="video=1024x768"
Speaking of lilo.conf and KMS, make sure you use either vga=normal or
vga=extended -- some of the framebuffers don't like KMS very much...
If your cd/dvd drive is not visible inside a gtk-based desktop environment
(e.g. Xfce), you may need to add "comment=x-gvfs-show" to the /etc/fstab
line for the device. For more information, see this document:
http://git.gnome.org/browse/gvfs/tree/monitor/udisks2/what-is-shown.txt
If you have set up an encrypted root partition, you will need to have access
to your keyboard in order to type the passphrase. This may require you to
add the uhci-hcd and usbhid modules to your initrd image if you have a USB
keyboard. Also note that if you are using a non-US keyboard, you can use the
'-l' parameter to the 'mkinitrd' command in order to add support for this
keyboard to your initrd.
If you have permission errors when attempting to burn a cdrom or dvd image,
such as the following:
/usr/bin/cdrecord: Operation not permitted. Cannot send SCSI cmd via ioctl
then cdrecord almost certainly needs root privileges to work correctly.
One potential solution is to make the cdrecord and cdrdao binaries suid root,
but this has possible security implications. The safest way to do that is
to make those binaries suid root, owned by a specific group, and executable
by only root and members of that group. For most people, the example below
will be sufficient (but adjust as desired depending on your specific needs):
chown root:cdrom /usr/bin/cdrecord /usr/bin/cdrdao
chmod 4750 /usr/bin/cdrecord /usr/bin/cdrdao
If you don't want all members of the 'cdrom' group to be able to execute the
two suid binaries, then create a special group (such as 'burning' which is
recommended by k3b), use it instead of 'cdrom' in the line above, and add
to it only the users you wish to have access to cdrecord and cdrdao.
Subpixel hinting in freetype has been enabled upstream by default, but you
may adjust this in /etc/profile.d/freetype.{csh,sh}.
Input methods for complex characters (CJK, which is shorthand for Chinese,
Japanese, Korean) and other non-latin character sets have been added. These
input methods use the SCIM (Smart Common Input Method) platform.
The environment variables for SCIM support are set in /etc/profile.d/scim.sh
The requirements for getting SCIM input methods to work in your X session
are as follows:
(1) Use a UTF-8 locale. Look in /etc/profile.d/lang.sh for setting your
language to (for instance) en_US.UTF-8. As a word of warning: maybe you
should leave root with a non-UTF-8 locale because you don't want root's
commands to be misinterpreted. You can add the following line to your
~/.profile file to enable UTF-8 just for yourself:
export LANG=en_US.UTF-8
(2) Make the scim profile scripts executable. These will setup your
environment correctly for the use of scim with X applications. Run:
chmod +x /etc/profile.d/scim.*
(3) Start the scim daemon as soon as your X session starts. The scim daemon
must be active before any of your X applications. In KDE, you can add a
shell script to the ~/.kde/Autostart folder that runs the command
"scim -d". In XFCE you can add "scim -d" to the Autostarted Applications.
If you boot your computer in runlevel 4 (the graphical XDM/KDM login)
you can simply add the line "scim -d" to your ~/.xprofile file.
This gives you a Desktop Environment independent way of starting scim.
When scim is running, you will see a small keyboard icon in your system tray.
Right-click it to enter SCIM Setup. In 'Global Setup' select your keyboard
layout, and you are ready to start entering just about any language
characters you wish! Press the magical key combo <Control><Space>
in order to activate or deactivate SCIM input. The SCIM taskbar in the
desktop's corner allows you to select a language. As you type, SCIM will show
an overview of applicable character glyphs (if you are inputting complex
characters like Japanese).