slackware-current

mirror of git://slackware.nl/current.git synced 2024-12-27 09:59:16 +01:00

History

Patrick J Volkerding 14a06990b9 Sat Feb 17 21:09:51 UTC 2024 l/nodejs-20.11.1-x86_64-1.txz: Upgraded. This update fixes security issues: Code injection and privilege escalation through Linux capabilities - (High). http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks - (High). Path traversal by monkey-patching Buffer internals - (High). setuid() does not drop all privileges due to io_uring - (High). Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium). Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium). Improper handling of wildcards in --allow-fs-read and --allow-fs-write - (Medium). Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21892 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22019 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21896 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22017 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46809 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21891 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21890 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22025 (* Security fix *) l/pcre2-10.43-x86_64-1.txz: Upgraded.		2024-02-17 23:00:07 +01:00
..
a	Fri Feb 16 02:19:13 UTC 2024	2024-02-16 04:01:23 +01:00
ap	Fri Feb 16 20:18:59 UTC 2024	2024-02-16 22:05:09 +01:00
d	Wed Feb 14 22:46:52 UTC 2024	2024-02-15 00:28:38 +01:00
e	Wed Feb 14 22:46:52 UTC 2024	2024-02-15 00:28:38 +01:00
f	Mon May 28 19:12:29 UTC 2018	2018-05-31 23:39:35 +02:00
installer	Thu Feb 1 19:51:54 UTC 2024	2024-02-01 22:08:06 +01:00
k	Fri Feb 16 20:18:59 UTC 2024	2024-02-16 22:05:09 +01:00
kde	Fri Feb 16 02:19:13 UTC 2024	2024-02-16 04:01:23 +01:00
l	Sat Feb 17 21:09:51 UTC 2024	2024-02-17 23:00:07 +01:00
n	Fri Feb 16 20:18:59 UTC 2024	2024-02-16 22:05:09 +01:00
t	Wed Dec 6 05:03:11 UTC 2023	2023-12-06 07:07:29 +01:00
tcl	Wed Nov 1 23:42:44 UTC 2023	2023-11-02 01:40:45 +01:00
x	Wed Feb 14 04:31:08 UTC 2024	2024-02-14 05:59:05 +01:00
xap	Fri Feb 9 21:48:09 UTC 2024	2024-02-09 23:28:55 +01:00
xfce	Fri Feb 16 02:19:13 UTC 2024	2024-02-16 04:01:23 +01:00
y	Wed Mar 8 20:26:54 UTC 2023	2023-03-08 22:40:50 +01:00
buildlist-from-changelog.sh	Fri Oct 8 03:23:28 UTC 2021	2021-10-08 08:59:45 +02:00
make_world.sh	Wed Jun 8 19:15:34 UTC 2022	2022-06-09 07:00:13 +02:00
README.TXT	Wed Feb 2 08:21:48 UTC 2022	2022-02-02 11:59:53 +01:00

README.TXT

This is the source used for Slackware.

To look for a particular bit of source (let's say for 'cp'), first you would
look for the full path:

fuzzy:~# which cp
/bin/cp

Then, you grep for the package it came from. Note that the leading '/'
is removed, and ^ and $ mark the beginning and end of the pattern to match:

fuzzy:~# grep ^bin/cp$ /var/lib/pkgtools/packages/*
/var/lib/pkgtools/packages/coreutils-9.0-x86_64-3:bin/cp

From this, you can see that 'cp' came from the coreutils-9.0-x86_64-3 package.
The source will be found in a corresponding subdirectory. In this case, that
would be ./a/coreutils/.

All of these packages have scripts that extract, patch, and compile the source
automatically. These are the 'SlackBuild' scripts.

Have fun!

---
Patrick J. Volkerding
volkerdi@slackware.com