From: rich@example.invalid   
      
   Joseph Rosevear  wrote:   
   > On Wed, 29 Jan 2025 05:31:27 -0000 (UTC), Henrik Carlqvist wrote:   
   >   
   > [snip]   
   >   
   >> As John wrote, stable Slackware 15.0 has never been affected by any   
   >> of those bad versions.  For those running the alpha or beta version   
   >> of the next stable Slackware, also known as "Slackware current", the   
   >> bad versions 5.6.0 and 5.6.1 was included for a short time.   
   >> However, if I understand things right, the xz.SlackBuild script used   
   >> to build from source does not user cmake but the old school way of   
   >> "./configure; make" and did not produce any bad binaries.  Even if   
   >> Slackware would have had any bad binaries from any bad version it   
   >> would not have become any ssh backdoor as Slackware does not run   
   >> systemd.   
   >>   
   >> regards Henrik   
   >   
   > Hello, Henrik.   
   >   
   > That's interesting.  I was wondering whether systemd was involved in this   
   > story.  One of the links I posted included a message that said something   
   > similar.  Does systemd use ssh in some special way?   
      
   You know, this is all year old news, and just searching "xz backdoor"   
   should have found you this for further reading:   
      
   https://en.wikipedia.org/wiki/XZ_Utils_backdoor   
      
   The short story is the backdoor targeted ssh, and it got into ssh via   
   being linked into a systemd library that ssh, on systemd systems,   
   itself linked to.   
      
   For Slackware it was a no-op because Slackware does not use systemd, so   
   Slackware's ssh did not indirectly link to xz via a systemd library.   
      
   --- SoupGate-DOS v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)