14.3 Keeping Current

14.3.1 slackware-security mailing list

Whenever a security problem affects Slackware, an email is sent to all subscribers to the [email protected] mailing list. Reports are sent out for vulnerabilities of any part of Slackware, apart from the software in /extra or /pasture. These security announcement emails include details on obtaining updated versions of Slackware packages or work-arounds, if any.

Subscribing to Slackware mailing lists is covered in Section 2.2.2.

14.3.2 The /patches directory

Whenever updated packages are released for a version of Slackware (usually only to fix a security problem, in the case of already released Slackware versions), they are placed in the /patches directory. The full path to these patches will depend on the mirror you are using, but will take the form /path/to/slackware-x.x/patches/.

Before installing these packages, it is a good idea to verify the md5sum of the package. md5sum(1) is a commandline utility that creates a “unique” mathematical hash of the file. If a single bit of the file has been changed, it will generate a different md5sum value.

% md5sum package-<ver>-<arch>-<rev>.tgz
6341417aa1c025448b53073a1f1d287d  package-<ver>-<arch>-<rev>.tgz

You should then check this against the line for the new package in the CHECKSUMS.md5 file in the root of the slackware-$VERSION directory (also in the /patches directory for patches) or in the email to the slackware-security mailing list.

If you have a file with the md5sum values in it, you can source it instead with the -c option to md5sum.

# md5sum -c CHECKSUMS.md5
./ANNOUNCE.10_0: OK
./BOOTING.TXT: OK
./COPYING: OK
./COPYRIGHT.TXT: OK
./CRYPTO_NOTICE.TXT: OK
./ChangeLog.txt: OK
./FAQ.TXT: FAILED

As you can see, any files that md5sum evaluates as correct are listed “OK” while files that fail are labelled “FAILED”. (Yes, this was an insult to your intelligence. Why do you put up with me?)