From: lew.pitcher@digitalfreehold.ca   
      
   Hi, everyone   
      
   I just encountered an interesting speedbump... Slackware issued a set of   
   patches for openssl on June 22, 2022 that address CVE-2022-2068.   
      
   However, for Slackware 14.2, the issued packages, while different in MD5   
   sum, are named the same as the openssl patches issued on May 4, 2022   
   (SSA:2022-124-02) that address CVE-2022-1292.   
      
   /If/ you use the package name, or ask 'updatepkg --dry-run' if the   
   SSA:2022-174-01 packages update the SSA:2022-124-02 packages, it will say   
   that they are not to be upgraded ("would be skipped")[1]   
      
   However, the SSA:2022-174-01 packages have different MD5 sums than the   
   SSA:2022-124-02, and look to be genuine. In other words, the Slackware   
   team has a naming problem with the 14.2 patches.   
      
   I've already informed Slackware of the naming issue. And, now, /you/ know   
   as well.   
      
   HTH   
      
   [1]# upgradepkg --dry-run Slackware.patches/*.t?z | grep openssl   
   openssl-1.0.2u-x86_64-3_slack14.2 would be skipped (already installed).   
   openssl-solibs-1.0.2u-x86_64-3_slack14.2 would be skipped (already   
   installed).   
      
      
   --   
   Lew Pitcher   
   "In Skills, We Trust"   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)