mirror of
git://slackware.nl/current.git
synced 2025-01-14 08:01:11 +01:00
73d387f569
a/kernel-firmware-20190212_28f5f7d-noarch-1.txz: Upgraded.
a/kernel-generic-4.19.21-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.21-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.21-x86_64-1.txz: Upgraded.
ap/lxc-2.0.9_d3a03247-x86_64-1.txz: Upgraded.
This update fixes a security issue where a malicious privileged container
could overwrite the host binary and thus gain root-level code execution on
the host. As the LXC project considers privileged containers to be unsafe
no CVE has been assigned for this issue for LXC. To prevent this attack,
LXC has been patched to create a temporary copy of the calling binary
itself when it starts or attaches to containers. To do this LXC creates an
anonymous, in-memory file using the memfd_create() system call and copies
itself into the temporary in-memory file, which is then sealed to prevent
further modifications. LXC then executes this sealed, in-memory file
instead of the original on-disk binary.
For more information, see:
https://seclists.org/oss-sec/2019/q1/119
(* Security fix *)
d/kernel-headers-4.19.21-x86-1.txz: Upgraded.
k/kernel-source-4.19.21-noarch-1.txz: Upgraded.
l/libbluray-1.1.0-x86_64-1.txz: Upgraded.
l/libcap-2.26-x86_64-2.txz: Rebuilt.
Don't ship static library.
l/xapian-core-1.4.10-x86_64-1.txz: Upgraded.
n/gnupg2-2.2.13-x86_64-1.txz: Upgraded.
n/irssi-1.2.0-x86_64-1.txz: Upgraded.
n/libassuan-2.5.3-x86_64-1.txz: Upgraded.
x/bitmap-1.0.9-x86_64-1.txz: Upgraded.
x/libXau-1.0.9-x86_64-1.txz: Upgraded.
x/pixman-0.38.0-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
|
||
|---|---|---|
| .. | ||
| a | ||
| ap | ||
| d | ||
| e | ||
| f | ||
| installer | ||
| k | ||
| kde | ||
| kdei | ||
| l | ||
| n | ||
| t | ||
| tcl | ||
| x | ||
| xap | ||
| xfce | ||
| y | ||
| buildlist-from-changelog.sh | ||
| make_world.sh | ||
| README.TXT | ||
This is the source used for Slackware. To look for a particular bit of source (let's say for 'cp'), first you would look for the full path: fuzzy:~# which cp /bin/cp Then, you grep for the package it came from. Note that the leading '/' is removed: fuzzy:~# grep bin/cp /var/log/packages/* /var/log/packages/cpio-2.4.2.91-i386-1:bin/cpio /var/log/packages/fileutils-4.1-i386-2:bin/cp /var/log/packages/gcc-2.95.3-i386-2:usr/bin/cpp /var/log/packages/gnome-applets-1.4.0.5-i386-1:usr/bin/cpumemusage_applet From this, you can see that 'cp' came from the fileutils-4.1-i386-2 package. The source will be found in a corresponding subdirectory. In this case, that would be ./a/bin. Don't be fooled into thinking that the _bin.tar.gz in this directory is the package with the source code -- anything starting with '_' is just a framework package full of empty files with the correct permissions and ownerships for the completed package to use. Many of these packages now have scripts that untar, patch, and compile the source automatically. These are the 'SlackBuild' scripts. Moving back to the example above, you can figure out which package the bin/cp source came from by examining the SlackBuild script. Have fun! --- Patrick J. Volkerding volkerdi@slackware.com