slackware-current/source
Patrick J Volkerding 564ec5a0ac Thu Aug 2 20:12:10 UTC 2018
ap/hplip-3.18.7-x86_64-1.txz:  Upgraded.
l/harfbuzz-1.8.5-x86_64-1.txz:  Upgraded.
n/lftp-4.8.4-x86_64-1.txz:  Upgraded.
  It has been discovered that lftp up to and including version 4.8.3 does
  not properly sanitize remote file names, leading to a loss of integrity
  on the local system when reverse mirroring is used. A remote attacker
  may trick a user to use reverse mirroring on an attacker controlled FTP
  server, resulting in the removal of all files in the current working
  directory of the victim's system.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10916
  (* Security fix *)
x/fonttosfnt-1.0.5-x86_64-1.txz:  Upgraded.
2018-08-03 09:00:36 +02:00
..
a Wed Jul 25 03:50:17 UTC 2018 2018-07-25 13:47:10 +02:00
ap Wed Aug 1 22:38:53 UTC 2018 2018-08-02 09:00:35 +02:00
d Wed Aug 1 22:38:53 UTC 2018 2018-08-02 09:00:35 +02:00
e Mon May 28 19:12:29 UTC 2018 2018-05-31 23:39:35 +02:00
f Mon May 28 19:12:29 UTC 2018 2018-05-31 23:39:35 +02:00
installer Wed Jul 25 03:50:17 UTC 2018 2018-07-25 13:47:10 +02:00
k Sun Jul 29 08:27:12 UTC 2018 2018-07-29 21:00:41 +02:00
kde Fri Jul 20 23:16:32 UTC 2018 2018-07-21 09:00:35 +02:00
kdei Mon May 28 19:12:29 UTC 2018 2018-05-31 23:39:35 +02:00
l Wed Aug 1 22:38:53 UTC 2018 2018-08-02 09:00:35 +02:00
n Thu Aug 2 20:12:10 UTC 2018 2018-08-03 09:00:36 +02:00
t Fri Jul 20 23:16:32 UTC 2018 2018-07-21 09:00:35 +02:00
tcl Mon May 28 19:12:29 UTC 2018 2018-05-31 23:39:35 +02:00
x Thu Aug 2 20:12:10 UTC 2018 2018-08-03 09:00:36 +02:00
xap Wed Aug 1 22:38:53 UTC 2018 2018-08-02 09:00:35 +02:00
xfce Fri Jul 20 23:16:32 UTC 2018 2018-07-21 09:00:35 +02:00
y Mon May 28 19:12:29 UTC 2018 2018-05-31 23:39:35 +02:00
buildlist-from-changelog.sh Mon May 28 19:12:29 UTC 2018 2018-05-31 23:39:35 +02:00
make_world.sh Mon May 28 19:12:29 UTC 2018 2018-05-31 23:39:35 +02:00
README.TXT Slackware 14.0 2018-05-31 22:51:55 +02:00

This is the source used for Slackware.

To look for a particular bit of source (let's say for 'cp'), first you would
look for the full path:

fuzzy:~# which cp
/bin/cp

Then, you grep for the package it came from. Note that the leading '/'
is removed:

fuzzy:~# grep bin/cp /var/log/packages/*
/var/log/packages/cpio-2.4.2.91-i386-1:bin/cpio
/var/log/packages/fileutils-4.1-i386-2:bin/cp
/var/log/packages/gcc-2.95.3-i386-2:usr/bin/cpp
/var/log/packages/gnome-applets-1.4.0.5-i386-1:usr/bin/cpumemusage_applet


From this, you can see that 'cp' came from the fileutils-4.1-i386-2 package.
The source will be found in a corresponding subdirectory.  In this case, that
would be ./a/bin.   Don't be fooled into thinking that the _bin.tar.gz in this
directory is the package with the source code -- anything starting with '_' is
just a framework package full of empty files with the correct permissions and 
ownerships for the completed package to use.

Many of these packages now have scripts that untar, patch, and compile the
source automatically.  These are the 'SlackBuild' scripts.  Moving back to the
example above, you can figure out which package the bin/cp source came from by
examining the SlackBuild script.

Have fun!

---
Patrick J. Volkerding
volkerdi@slackware.com