From 1e3ea6735474b9777624dbb311edcc1d0c65cb0d Mon Sep 17 00:00:00 2001 From: Alan Hicks Date: Wed, 24 Feb 2010 00:07:15 -0500 Subject: Chapter 17 completed in rough draft. Added mention of slackware-security mailing list as well. --- chapter_17.xml | 108 +++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 98 insertions(+), 10 deletions(-) diff --git a/chapter_17.xml b/chapter_17.xml index 41ea6cf..ea51ad7 100644 --- a/chapter_17.xml +++ b/chapter_17.xml @@ -9,11 +9,69 @@ The -stable Branch -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do -eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad -minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip -ex ea commodo consequat. Duis aute irure dolor in reprehenderit in -voluptate velit esse cillum dolore eu fugiat nulla pariatur. +Whenever a new version of Slackware is released, it continues to be +updated should a security vulnerability be found or a nasty bug begin +to rear its head. For that reason, it's important to keep up with all +the patches for your version of Slackware. We call this the -stable +branch. There is also a -current branch where frequent and intrusive +changes are made, but unless you're willing to work with a broken +computer and fix things on your own, we recommend you stick with +-stable. + + + +Since -stable updates aren't distributed on the disks, you'll need to +obtain them from the Internet. Many people and organizations offer +mirrors where you can download the entire Slackware tree, or just the +patches/ directory in any number of ways. While +some mirrors offer web access, the most common ways of obtaining +updates are via ftp and rsync servers. The Slackware project maintains +a small list of known mirrors organized by country. If you're in doubt +as to what mirror to use, simply consult http://www.slackware.com/getslack/ +for suggestions. If you know a major university near you, there's a +good chance they offer a mirror of numerous open source projects, and +Slackware may be among them. The only real requirement for a mirror is +that it be complete, but it's best to use a mirror near where you live +to achieve the fastest transfer times and use the least amount of +Internet resources. + + + +So how do you know when there are updates? The best way is to consult +the ChangeLog.txt on any up-to-date mirror. You +can always find the latest changelogs for the -current and most recent +-stable branch on the Slackware Project's web page, but if you're +running an older version, you'll need to check a mirror. + + +darkstar:~# wget -O - \ +ftp://slackware.osuosl.org/pub/slackware/slackware-13.0/ChangeLog.txt \ +| less +Sun Jan 24 20:22:46 UTC 2010 +patches/packages/httpd-2.2.14-i486-1_slack12.1.tgz: Upgraded. + This fixes a couple of security bugs when using mod_proxy_ftp. + For more information, see: + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 + (* Security fix *) + + + +
+Security Update Mailing List + + +While the Slackware team does release strictly bug-fix patches from +time-to-time, you're probably most interested in security fixes for +vulnerabilities that are discovered in software. The Slackware Project +maintains a mailing list that will notify you if any patches are +released that treat such serious issues. In order to subscribe to the +mailing list, simply send an e-mail to +majordomo@slackware.com with the words 'subscribe +slackware-security' in the body of the message. The majordomo will be +happy to add your name to the list, and when new packages are released, +will mail you an advisory.
@@ -22,11 +80,41 @@ voluptate velit esse cillum dolore eu fugiat nulla pariatur. Upgrading Slackware Versions -Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do -eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad -minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip -ex ea commodo consequat. Duis aute irure dolor in reprehenderit in -voluptate velit esse cillum dolore eu fugiat nulla pariatur. +Now that we've gone this far, you should feel reasonably competent in +your ability to handle your Slackware system. But what do we do with it +when there's a new release? Updating from one release of Slackware to +another is a lot more complicated than simply updating a few packages. +Each release changes a lot of things. Many of these changes are small, +but some of them can completely break your system if you haven't +prepared for them. While some Linux distributions provide highly +automated tools that attempt to handle every tiny detail for you, +Slackware takes a much more hands on approach to things. + + + +The very first thing you should do before attempting an upgrade, is +decide if that's really necessary. If the old system is stable and +doing everything you want it to do, there may be no need to do an +operating system upgrade at all. The second thing you should do is read +the CHANGES_AND_HINTS.TXT file on your upgrade +disks or a mirror. This file changes between every release, and lists +helpful hints and tips to aid you in dealing with the changes. +Finally, read the UPGRADE.TXT file as well before +proceeding. After doing these things, you may find it easier to backup +your configuration files and data, then perform a regular install of +the new Slackware release rather than attempt a possibly tricky +upgrade. If however, you still wish to continue, make backups of your +data and configuration files. At a minimum, it's good practice to +backup the /etc and /home +directories. This will give you a chance to perform a re-install should +anything go wrong with the upgrade. + + + +Since every new version of Slackware has a few differences, giving +complete instructions here is not only futile, but misleading. Always +consult the documentation included on your Slackware disks or your +favorite mirror. -- cgit v1.2.3