summaryrefslogtreecommitdiff
path: root/misc/slackbook/html/security-current.html
diff options
context:
space:
mode:
Diffstat (limited to 'misc/slackbook/html/security-current.html')
-rw-r--r--misc/slackbook/html/security-current.html138
1 files changed, 138 insertions, 0 deletions
diff --git a/misc/slackbook/html/security-current.html b/misc/slackbook/html/security-current.html
new file mode 100644
index 00000000..12e20716
--- /dev/null
+++ b/misc/slackbook/html/security-current.html
@@ -0,0 +1,138 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta name="generator" content="HTML Tidy, see www.w3.org" />
+<title>Keeping Current</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
+<link rel="HOME" title="Slackware Linux Essentials" href="index.html" />
+<link rel="UP" title="Security" href="security.html" />
+<link rel="PREVIOUS" title="Host Access Control" href="security-host.html" />
+<link rel="NEXT" title="Archive Files" href="archive-files.html" />
+<link rel="STYLESHEET" type="text/css" href="docbook.css" />
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
+</head>
+<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
+alink="#0000FF">
+<div class="NAVHEADER">
+<table summary="Header navigation table" width="100%" border="0" cellpadding="0"
+cellspacing="0">
+<tr>
+<th colspan="3" align="center">Slackware Linux Essentials</th>
+</tr>
+
+<tr>
+<td width="10%" align="left" valign="bottom"><a href="security-host.html"
+accesskey="P">Prev</a></td>
+<td width="80%" align="center" valign="bottom">Chapter 14 Security</td>
+<td width="10%" align="right" valign="bottom"><a href="archive-files.html"
+accesskey="N">Next</a></td>
+</tr>
+</table>
+
+<hr align="LEFT" width="100%" />
+</div>
+
+<div class="SECT1">
+<h1 class="SECT1"><a id="SECURITY-CURRENT" name="SECURITY-CURRENT">14.3 Keeping
+Current</a></h1>
+
+<div class="SECT2">
+<h2 class="SECT2"><a id="SECURITY-CURRENT-LIST" name="SECURITY-CURRENT-LIST">14.3.1 <var
+class="LITERAL">slackware-security</var> mailing list</a></h2>
+
+<p>Whenever a security problem affects Slackware, an email is sent to all subscribers to
+the <var class="LITERAL">slackware-security@slackware.com</var> mailing list. Reports are
+sent out for vulnerabilities of any part of Slackware, apart from the software in <tt
+class="FILENAME">/extra</tt> or <tt class="FILENAME">/pasture</tt>. These security
+announcement emails include details on obtaining updated versions of Slackware packages
+or work-arounds, if any.</p>
+
+<p>Subscribing to Slackware mailing lists is covered in <a
+href="help-online.html#HELP-ONLINE-EMAIL">Section 2.2.2</a>.</p>
+</div>
+
+<div class="SECT2">
+<h2 class="SECT2"><a id="SECURITY-CURRENT-PATCHES" name="SECURITY-CURRENT-PATCHES">14.3.2
+The <tt class="FILENAME">/patches</tt> directory</a></h2>
+
+<p>Whenever updated packages are released for a version of Slackware (usually only to fix
+a security problem, in the case of already released Slackware versions), they are placed
+in the <tt class="FILENAME">/patches</tt> directory. The full path to these patches will
+depend on the mirror you are using, but will take the form <tt
+class="FILENAME">/path/to/slackware-x.x/patches/</tt>.</p>
+
+<p>Before installing these packages, it is a good idea to verify the <tt
+class="COMMAND">md5sum</tt> of the package. <tt class="COMMAND">md5sum</tt>(1) is a
+commandline utility that creates a &#8220;unique&#8221; mathematical hash of the file. If
+a single bit of the file has been changed, it will generate a different md5sum value.</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">%</samp> <kbd
+class="USERINPUT">md5sum package-&lt;ver&gt;-&lt;arch&gt;-&lt;rev&gt;.tgz</kbd>
+6341417aa1c025448b53073a1f1d287d package-&lt;ver&gt;-&lt;arch&gt;-&lt;rev&gt;.tgz
+</pre>
+</td>
+</tr>
+</table>
+
+<p>You should then check this against the line for the new package in the <tt
+class="FILENAME">CHECKSUMS.md5</tt> file in the root of the <tt
+class="FILENAME">slackware-<var class="REPLACEABLE">$VERSION</var></tt> directory (also
+in the <tt class="FILENAME">/patches</tt> directory for patches) or in the email to the
+<var class="LITERAL">slackware-security</var> mailing list.</p>
+
+<p>If you have a file with the md5sum values in it, you can source it instead with the
+<var class="OPTION">-c</var> option to <tt class="COMMAND">md5sum</tt>.</p>
+
+<table border="0" bgcolor="#E0E0E0" width="100%">
+<tr>
+<td>
+<pre class="SCREEN">
+<samp class="PROMPT">#</samp> <kbd class="USERINPUT">md5sum -c CHECKSUMS.md5</kbd>
+./ANNOUNCE.10_0: OK
+./BOOTING.TXT: OK
+./COPYING: OK
+./COPYRIGHT.TXT: OK
+./CRYPTO_NOTICE.TXT: OK
+./ChangeLog.txt: OK
+./FAQ.TXT: FAILED
+</pre>
+</td>
+</tr>
+</table>
+
+<p>As you can see, any files that <tt class="COMMAND">md5sum</tt> evaluates as correct
+are listed &#8220;<var class="LITERAL">OK</var>&#8221; while files that fail are labelled
+&#8220;<var class="LITERAL">FAILED</var>&#8221;. (Yes, this was an insult to your
+intelligence. Why do you put up with me?)</p>
+</div>
+</div>
+
+<div class="NAVFOOTER">
+<hr align="LEFT" width="100%" />
+<table summary="Footer navigation table" width="100%" border="0" cellpadding="0"
+cellspacing="0">
+<tr>
+<td width="33%" align="left" valign="top"><a href="security-host.html"
+accesskey="P">Prev</a></td>
+<td width="34%" align="center" valign="top"><a href="index.html"
+accesskey="H">Home</a></td>
+<td width="33%" align="right" valign="top"><a href="archive-files.html"
+accesskey="N">Next</a></td>
+</tr>
+
+<tr>
+<td width="33%" align="left" valign="top">Host Access Control</td>
+<td width="34%" align="center" valign="top"><a href="security.html"
+accesskey="U">Up</a></td>
+<td width="33%" align="right" valign="top">Archive Files</td>
+</tr>
+</table>
+</div>
+</body>
+</html>
+