mirror of
git://slackware.nl/current.git
synced 2025-01-03 23:03:22 +01:00
667b86aaab
a/aaa_glibc-solibs-2.33-x86_64-3.txz: Rebuilt.
a/usbutils-014-x86_64-1.txz: Upgraded.
ap/mariadb-10.6.4-x86_64-1.txz: Upgraded.
ap/nvme-cli-1.15-x86_64-1.txz: Upgraded.
l/glibc-2.33-x86_64-3.txz: Rebuilt.
Since glibc-2.34 makes a potentially risky change of moving all functions
into the main library, and another inconvenient (for us) change of renaming
the library files, we'll stick with glibc-2.33 for Slackware 15.0 and test
the newer glibc in the next release cycle. But we'll backport the security
fixes from glibc-2.34 with this update:
The nameserver caching daemon (nscd), when processing a request for netgroup
lookup, may crash due to a double-free, potentially resulting in degraded
service or Denial of Service on the local system. Reported by Chris Schanzle.
The mq_notify function has a potential use-after-free issue when using a
notification type of SIGEV_THREAD and a thread attribute with a non-default
affinity mask.
The wordexp function may overflow the positional parameter number when
processing the expansion resulting in a crash. Reported by Philippe Antoine.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27645
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35942
(* Security fix *)
l/glibc-i18n-2.33-x86_64-3.txz: Rebuilt.
l/glibc-profile-2.33-x86_64-3.txz: Rebuilt.
l/liburing-2.0-x86_64-1.txz: Added.
This is needed by mariadb, and provides increased performance on high speed
devices such as NVMe.
n/dovecot-2.3.16-x86_64-1.txz: Upgraded.
xap/blueman-2.2.2-x86_64-1.txz: Upgraded.
|
||
|---|---|---|
| .. | ||
| a | ||
| ap | ||
| d | ||
| e | ||
| f | ||
| installer | ||
| k | ||
| kde | ||
| l | ||
| n | ||
| t | ||
| tcl | ||
| x | ||
| xap | ||
| xfce | ||
| y | ||
| buildlist-from-changelog.sh | ||
| make_world.sh | ||
| README.TXT | ||
This is the source used for Slackware. To look for a particular bit of source (let's say for 'cp'), first you would look for the full path: fuzzy:~# which cp /bin/cp Then, you grep for the package it came from. Note that the leading '/' is removed: fuzzy:~# grep bin/cp /var/log/packages/* /var/log/packages/cpio-2.4.2.91-i386-1:bin/cpio /var/log/packages/fileutils-4.1-i386-2:bin/cp /var/log/packages/gcc-2.95.3-i386-2:usr/bin/cpp /var/log/packages/gnome-applets-1.4.0.5-i386-1:usr/bin/cpumemusage_applet From this, you can see that 'cp' came from the fileutils-4.1-i386-2 package. The source will be found in a corresponding subdirectory. In this case, that would be ./a/bin. Don't be fooled into thinking that the _bin.tar.gz in this directory is the package with the source code -- anything starting with '_' is just a framework package full of empty files with the correct permissions and ownerships for the completed package to use. Many of these packages now have scripts that untar, patch, and compile the source automatically. These are the 'SlackBuild' scripts. Moving back to the example above, you can figure out which package the bin/cp source came from by examining the SlackBuild script. Have fun! --- Patrick J. Volkerding volkerdi@slackware.com