diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2022-02-15 20:00:48 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2022-02-16 13:29:58 +0100 |
commit | c9881ad9794a314c7c9d106a6f82d19f07cda088 (patch) | |
tree | 196a5646afe2bf7edaab38ad306d42a6d56967fe /patches/source/aaa_base/current-release.inactive | |
parent | 9a5f4fd634196e1d4257a31e89f24291b0398bc5 (diff) | |
download | current-c9881ad9794a314c7c9d106a6f82d19f07cda088.tar.gz current-c9881ad9794a314c7c9d106a6f82d19f07cda088.tar.xz |
Tue Feb 15 20:00:48 UTC 202220220215200048_15.0
patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz: Rebuilt.
If root's mailbox did not already exist, it would be created with insecure
permissions leading to possible local information disclosure. This update
ensures that a new mailbox will be created with proper permissions and
ownership, and corrects the permissions on an existing mailbox if they are
found to be incorrect. Thanks to Martin for the bug report.
(* Security fix *)
patches/packages/util-linux-2.37.4-x86_64-1_slack15.0.txz: Upgraded.
This release fixes a security issue in chsh(1) and chfn(8):
By default, these utilities had been linked with libreadline, which allows
the INPUTRC environment variable to be abused to produce an error message
containing data from an arbitrary file. So, don't link these utilities with
libreadline as it does not use secure_getenv() (or a similar concept), or
sanitize the config file path to avoid vulnerabilities that could occur in
set-user-ID or set-group-ID programs.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0563
(* Security fix *)
Diffstat (limited to 'patches/source/aaa_base/current-release.inactive')
-rw-r--r-- | patches/source/aaa_base/current-release.inactive | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/patches/source/aaa_base/current-release.inactive b/patches/source/aaa_base/current-release.inactive new file mode 100644 index 000000000..5fe779910 --- /dev/null +++ b/patches/source/aaa_base/current-release.inactive @@ -0,0 +1,28 @@ +# If this file is present and named "current-release" when aaa_base is +# built, then we will modify the files /etc/slackware-version and +# /etc/os-release to help users identify that this system is running a +# -current (test) version of Slackware, rather than the otherwise listed +# stable release. +# +# How useful this will be remains to be seen, because there can be a wide +# variation in the amount of difference a -current installation has from +# the previous stable depending on how many updates have been made to it. +# But, it's probably better than nothing. +# +# Change made to /etc/slackware-version: +# Append a "+" to indicate -current. +# +# Changes made to /etc/os-release: +# Add VERSION_CODENAME seen below. +# Use the PRETTY_NAME variable seen below. +# +# This file will still ship in the build directory of a stable release, +# but will be renamed "current-release.inactive". + +# For /etc/slackware-version: +SLACKWARE_VERSION="Slackware 15.0+" + +# For /etc/os-release: +VERSION_CODENAME=current +PRETTY_NAME="Slackware 15.0 $ARCH (post 15.0 -current)" + |