Requests for current-next (15.0-->15.1)

cwizardone · 02-08-2023, 04:38 PM

Quote:

Mesa 22.3.5 Release Notes / 2023-02-08

https://docs.mesa3d.org/relnotes/22.3.5.html

marav · 02-08-2023, 08:36 PM

inxi

It might be useful, to avoid user mistake (as root)
and because I think the package must stay in the version provided by Slackware
to disable the auto-update feature (some others do the same, e.g fedora)

This can be done with the addition of the following patch in the SlackBuild

Code:

sed -i 's/my $b_update = 1;/my $b_update = 0;/' inxi

which gives the following message

Code:

# inxi -U
Error 20: Option: U has been disabled by the inxi distribution maintainer.

nobodino · 02-09-2023, 11:26 AM

Freetype-2.13 has been released today.

niksoggia · 02-10-2023, 12:09 PM

-current is ok, but 15.0 still has a vulnerable ImageMagick:

CVE-2022-44267: ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
CVE-2022-44268: ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary remote file (if the ImageMagick binary has permissions to read it).

https://www.metabaseq.com/imagemagick-zero-days/

marav · 02-10-2023, 01:45 PM

NetworkManager 1.42.0

Noteworthy change:

Code:

Added support for source load balancing for Ethernet Bonds.

https://gitlab.freedesktop.org/Netwo...1.42.0/NEWS#L9

glennmcc · 02-10-2023, 01:46 PM

Does that vulnerability exist in versions previous to 7.1.0-49 ?

Slackware-15.0 has....

+--------------------------+
Sun Jan 30 20:48:46 UTC 2022
l/imagemagick-7.1.0_22-x86_64-1.txz: Upgraded.
________________________________________________

jandoomster · 02-11-2023, 05:38 AM

Hi all. This is not software related but, in my opinion, probably including an exam with multiple answers on own knowledge about slackware could be a good compendium to traditional documentation.
Especially for the newbies that for obvious reasons cannot understand that the outdated-looking Slackware documentation is still valid in most, most cases.

glennmcc · 02-11-2023, 02:10 PM

There a TON of Linux quizzes online.

https://www.proprofs.com/quiz-school/topic/linux

IMO, we don't need one specific to Slackware.

glennmcc · 02-11-2023, 03:55 PM

Uh oh... today's upgrade of libvpx 'broke' mplayer and ffmpeg
and who knows what else that might be looking for libvpx.so.7

mplayer: error while loading shared libraries: libvpx.so.7: cannot open shared object file: No such file or directory

ffmpeg: error while loading shared libraries: libvpx.so.7: cannot open shared object file: No such file or directory

Petri Kaukasoina · 02-11-2023, 04:20 PM

Quote:

Originally Posted by glennmcc

Uh oh... today's upgrade of libvpx 'broke' mplayer and ffmpeg
and who knows what else that might be looking for libvpx.so.7

I checked with this script: https://www.linuxquestions.org/quest...0/#post6410612
It found these packages linked to libvpx.so.7:

Code:

ffmpeg
gst-plugins-good
qt5
xine-lib

(mplayer is not one of them)

glennmcc · 02-11-2023, 04:30 PM

root@glennmcc-i7:~# ldd `which mplayer`
<snip>
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f57af783000)
libssh.so.4 => /usr/lib64/libssh.so.4 (0x00007f57af6f6000)
libvpx.so.7 => /usr/lib64/libvpx.so.7 (0x00007f57af408000)
libwebpmux.so.3 => /usr/lib64/libwebpmux.so.3 (0x00007f57af3fc000)
libwebp.so.7 => /usr/lib64/libwebp.so.7 (0x00007f57af38e000)

Petri Kaukasoina · 02-11-2023, 04:45 PM

Quote:

Originally Posted by glennmcc

root@glennmcc-i7:~# ldd `which mplayer`
<snip>
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f57af783000)
libssh.so.4 => /usr/lib64/libssh.so.4 (0x00007f57af6f6000)
libvpx.so.7 => /usr/lib64/libvpx.so.7 (0x00007f57af408000)
libwebpmux.so.3 => /usr/lib64/libwebpmux.so.3 (0x00007f57af3fc000)
libwebp.so.7 => /usr/lib64/libwebp.so.7 (0x00007f57af38e000)

Nope. Try this:

Code:

$ objdump -x /usr/bin/mplayer | grep NEEDED
<snip>
  NEEDED               libavcodec.so.59
(no libvpx here!)
<snip>
$ objdump -x /usr/lib64/libavcodec.so.59|grep NEEDED|grep libvpx
  NEEDED               libvpx.so.7

libvpx.so.7 is not NEEDED by mplayer, but it uses libavcodec.so.59 (part of ffmpeg). libvpx.so.7 is NEEDED by libavcodec.so.59, instead.

(ldd is useless finding library dependencies.)

So this means that after rebuilding ffmpeg, gst-plugins-good, qt5, xine-lib, everything should work with respect to libvpx.

marav · 02-11-2023, 04:48 PM

Here, libvpx.so.8 (libvpx 1.13.0) breaks all of these programs that needs libvpx.so.7 (some of them are 3rd party)

Code:

→ /usr/bin/akonadi_archivemail_agent
→ /usr/bin/akonadi_ews_resource
→ /usr/bin/akonadi_followupreminder_agent
→ /usr/bin/akonadi_mailfilter_agent
→ /usr/bin/akonadi_mailmerge_agent
→ /usr/bin/akonadi_sendlater_agent
→ /usr/bin/akonadi_tomboynotes_resource
→ /usr/bin/akonadi_unifiedmailbox_agent
→ /usr/bin/akonadiconsole
→ /usr/bin/akonadiimportwizard
→ /usr/bin/akregator
→ /usr/bin/akregatorstorageexporter
→ /usr/bin/cantor
→ /usr/bin/contactprintthemeeditor
→ /usr/bin/digikam
→ /usr/bin/falkon
→ /usr/bin/ffmpeg
→ /usr/bin/ffmpegthumbnailer
→ /usr/bin/ffplay
→ /usr/bin/ffprobe
→ /usr/bin/freerdp-proxy
→ /usr/bin/freerdp-shadow-cli
→ /usr/bin/geeqie
→ /usr/bin/haruna
→ /usr/bin/headerthemeeditor
→ /usr/bin/kalgebra
→ /usr/bin/kdevelop
→ /usr/bin/kimagemapeditor
→ /usr/bin/kmail
→ /usr/bin/kmymoney
→ /usr/bin/konqueror
→ /usr/bin/kontact
→ /usr/bin/marble
→ /usr/bin/marble-qt
→ /usr/bin/mboximporter
→ /usr/bin/mencoder
→ /usr/bin/mplayer
→ /usr/bin/mpv
→ /usr/bin/onlinequoteseditor5
→ /usr/bin/opencv_interactive-calibration
→ /usr/bin/opencv_visualisation
→ /usr/bin/parley
→ /usr/bin/pimdataexporter
→ /usr/bin/pimdataexporterconsole
→ /usr/bin/plplay
→ /usr/bin/showfoto
→ /usr/bin/sieveeditor
→ /usr/bin/simplescreenrecorder
→ /usr/bin/systemmonitor
→ /usr/bin/umbrello5
→ /usr/bin/wlfreerdp
→ /usr/bin/xfreerdp

I try with what Petri Kaukasoina pointed out

marav · 02-11-2023, 05:00 PM

Excepts all the KDE stuff, which probably needs qt5 to be recompiled
All works fine with

ffmpeg
gst-plugins-good
xine-lib

recompiled against libvpx 1.13.0

marav · 02-11-2023, 05:04 PM

Indeed, This has already happened in the past

Code:

Tue Oct 26 22:01:32 UTC 2021
l/ffmpeg-4.4.1-x86_64-2.txz:  Rebuilt.
  Recompiled against libvpx-1.11.0.
l/gst-plugins-good-1.18.5-x86_64-2.txz:  Rebuilt.
  Recompiled against libvpx-1.11.0.
l/libvpx-1.11.0-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
l/qt5-5.15.3_20211024_2aa0de43-x86_64-1.txz:  Upgraded.
  Upgraded to latest git (might as well) and compiled against libvpx-1.11.0.
xap/xine-lib-1.2.11-x86_64-7.txz:  Rebuilt.
  Recompiled against libvpx-1.11.0.