2024-04-26 22:12:32 +02:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
# Copyright 2024 Patrick J. Volkerding, Sebeka, Minnesota, USA
|
|
|
|
# All rights reserved.
|
|
|
|
#
|
|
|
|
# Redistribution and use of this script, with or without modification, is
|
|
|
|
# permitted provided that the following conditions are met:
|
|
|
|
#
|
|
|
|
# 1. Redistributions of this script must retain the above copyright
|
|
|
|
# notice, this list of conditions and the following disclaimer.
|
|
|
|
#
|
|
|
|
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
|
|
|
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
|
|
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
|
|
|
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
|
|
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
|
|
|
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
|
|
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
|
|
|
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
|
|
|
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
|
|
|
cd $(dirname $0) ; CWD=$(pwd)
|
|
|
|
|
|
|
|
PKGNAM=libppd
|
|
|
|
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
|
2024-12-05 23:00:02 +01:00
|
|
|
BUILD=${BUILD:-2}
|
2024-04-26 22:12:32 +02:00
|
|
|
|
|
|
|
# Automatically determine the architecture we're building on:
|
|
|
|
if [ -z "$ARCH" ]; then
|
|
|
|
case "$(uname -m)" in
|
Fri Oct 18 22:51:09 UTC 2024
a/elilo-3.16-x86_64-17.txz: Rebuilt.
eliloconfig: adapt to new naming and lack of huge kernel. Thanks to gildbg.
ap/cups-browsed-2.1.0-x86_64-1.txz: Upgraded.
Removed support for legacy CUPS browsing and for LDAP
Legacy CUPS browsing is not needed any more and, our implementation
accepting any UDP packet on port 631, causes vulnerabilities, and
our LDAP support is does not comly with RFC 7612 and is therefore
limited. Fixes CVE-2024-47176 and CVE-2024-47850
Default `BrowseRemoteProtocols` should not include `cups` protocol
Works around CVE-2024-47176, the fix is the complete removal of
legacy CUPS Browsing functionality.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47176
https://www.cve.org/CVERecord?id=CVE-2024-47850
(* Security fix *)
l/dav1d-1.5.0-x86_64-1.txz: Upgraded.
l/gvfs-1.56.1-x86_64-1.txz: Upgraded.
l/libcupsfilters-2.1.0-x86_64-1.txz: Upgraded.
`cfGetPrinterAttributes5()`: Validate response attributes before return
The IPP print destination which we are querying can be corrupted or
forged, so validate the response to strenghten security. Fixes
CVE-2024-47076.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47076
(* Security fix *)
l/libppd-2.1.0-x86_64-1.txz: Upgraded.
Prevent PPD generation based on invalid IPP response
Overtaken from CUPS 2.x: Validate IPP attributes in PPD generator,
refactor make-and-model code, PPDize preset and template names,
quote PPD localized strings. Fixes CVE-2024-47175.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47175
(* Security fix *)
l/python-MarkupSafe-3.0.2-x86_64-1.txz: Upgraded.
l/python-psutil-6.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-qt-5.1.8-x86_64-1.txz: Upgraded.
2024-10-19 00:51:09 +02:00
|
|
|
i?86) ARCH=i686 ;;
|
2024-04-26 22:12:32 +02:00
|
|
|
arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;;
|
|
|
|
# Unless $ARCH is already set, use uname -m for all other archs:
|
|
|
|
*) ARCH=$(uname -m) ;;
|
|
|
|
esac
|
|
|
|
export ARCH
|
|
|
|
fi
|
|
|
|
|
|
|
|
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
|
|
|
|
# the name of the created package would be, and then exit. This information
|
|
|
|
# could be useful to other scripts.
|
|
|
|
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
|
|
|
|
echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
|
|
|
NUMJOBS=${NUMJOBS:-" -j $(expr $(nproc) + 1) "}
|
|
|
|
|
Fri Oct 18 22:51:09 UTC 2024
a/elilo-3.16-x86_64-17.txz: Rebuilt.
eliloconfig: adapt to new naming and lack of huge kernel. Thanks to gildbg.
ap/cups-browsed-2.1.0-x86_64-1.txz: Upgraded.
Removed support for legacy CUPS browsing and for LDAP
Legacy CUPS browsing is not needed any more and, our implementation
accepting any UDP packet on port 631, causes vulnerabilities, and
our LDAP support is does not comly with RFC 7612 and is therefore
limited. Fixes CVE-2024-47176 and CVE-2024-47850
Default `BrowseRemoteProtocols` should not include `cups` protocol
Works around CVE-2024-47176, the fix is the complete removal of
legacy CUPS Browsing functionality.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47176
https://www.cve.org/CVERecord?id=CVE-2024-47850
(* Security fix *)
l/dav1d-1.5.0-x86_64-1.txz: Upgraded.
l/gvfs-1.56.1-x86_64-1.txz: Upgraded.
l/libcupsfilters-2.1.0-x86_64-1.txz: Upgraded.
`cfGetPrinterAttributes5()`: Validate response attributes before return
The IPP print destination which we are querying can be corrupted or
forged, so validate the response to strenghten security. Fixes
CVE-2024-47076.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47076
(* Security fix *)
l/libppd-2.1.0-x86_64-1.txz: Upgraded.
Prevent PPD generation based on invalid IPP response
Overtaken from CUPS 2.x: Validate IPP attributes in PPD generator,
refactor make-and-model code, PPDize preset and template names,
quote PPD localized strings. Fixes CVE-2024-47175.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47175
(* Security fix *)
l/python-MarkupSafe-3.0.2-x86_64-1.txz: Upgraded.
l/python-psutil-6.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-qt-5.1.8-x86_64-1.txz: Upgraded.
2024-10-19 00:51:09 +02:00
|
|
|
if [ "$ARCH" = "i686" ]; then
|
|
|
|
SLKCFLAGS="-O2 -march=pentium4 -mtune=generic"
|
2024-04-26 22:12:32 +02:00
|
|
|
LIBDIRSUFFIX=""
|
|
|
|
elif [ "$ARCH" = "x86_64" ]; then
|
Fri Oct 18 22:51:09 UTC 2024
a/elilo-3.16-x86_64-17.txz: Rebuilt.
eliloconfig: adapt to new naming and lack of huge kernel. Thanks to gildbg.
ap/cups-browsed-2.1.0-x86_64-1.txz: Upgraded.
Removed support for legacy CUPS browsing and for LDAP
Legacy CUPS browsing is not needed any more and, our implementation
accepting any UDP packet on port 631, causes vulnerabilities, and
our LDAP support is does not comly with RFC 7612 and is therefore
limited. Fixes CVE-2024-47176 and CVE-2024-47850
Default `BrowseRemoteProtocols` should not include `cups` protocol
Works around CVE-2024-47176, the fix is the complete removal of
legacy CUPS Browsing functionality.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47176
https://www.cve.org/CVERecord?id=CVE-2024-47850
(* Security fix *)
l/dav1d-1.5.0-x86_64-1.txz: Upgraded.
l/gvfs-1.56.1-x86_64-1.txz: Upgraded.
l/libcupsfilters-2.1.0-x86_64-1.txz: Upgraded.
`cfGetPrinterAttributes5()`: Validate response attributes before return
The IPP print destination which we are querying can be corrupted or
forged, so validate the response to strenghten security. Fixes
CVE-2024-47076.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47076
(* Security fix *)
l/libppd-2.1.0-x86_64-1.txz: Upgraded.
Prevent PPD generation based on invalid IPP response
Overtaken from CUPS 2.x: Validate IPP attributes in PPD generator,
refactor make-and-model code, PPDize preset and template names,
quote PPD localized strings. Fixes CVE-2024-47175.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47175
(* Security fix *)
l/python-MarkupSafe-3.0.2-x86_64-1.txz: Upgraded.
l/python-psutil-6.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-qt-5.1.8-x86_64-1.txz: Upgraded.
2024-10-19 00:51:09 +02:00
|
|
|
SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC"
|
2024-04-26 22:12:32 +02:00
|
|
|
LIBDIRSUFFIX="64"
|
|
|
|
else
|
|
|
|
SLKCFLAGS="-O2"
|
|
|
|
LIBDIRSUFFIX=""
|
|
|
|
fi
|
|
|
|
|
|
|
|
TMP=${TMP:-/tmp}
|
|
|
|
PKG=$TMP/package-$PKGNAM
|
|
|
|
|
|
|
|
rm -rf $PKG
|
|
|
|
mkdir -p $TMP $PKG
|
|
|
|
|
|
|
|
cd $TMP
|
|
|
|
rm -rf $PKGNAM-$VERSION
|
|
|
|
tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1
|
|
|
|
cd $PKGNAM-$VERSION || exit 1
|
|
|
|
|
|
|
|
chown -R root:root .
|
|
|
|
find . \
|
|
|
|
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
|
|
|
|
-exec chmod 755 {} \+ -o \
|
|
|
|
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
|
|
|
|
-exec chmod 644 {} \+
|
|
|
|
|
|
|
|
# Configure, build, and install:
|
|
|
|
if [ ! -r configure ]; then
|
|
|
|
if [ -x ./autogen.sh ]; then
|
|
|
|
NOCONFIGURE=1 ./autogen.sh
|
|
|
|
else
|
|
|
|
autoreconf -vif
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
CFLAGS="$SLKCFLAGS" \
|
|
|
|
CXXFLAGS="$SLKCFLAGS" \
|
|
|
|
./configure \
|
|
|
|
--prefix=/usr \
|
|
|
|
--libdir=/usr/lib${LIBDIRSUFFIX} \
|
|
|
|
--sysconfdir=/etc \
|
|
|
|
--localstatedir=/var \
|
|
|
|
--docdir=/usr/doc/$PKGNAM-$VERSION \
|
|
|
|
--mandir=/usr/man \
|
|
|
|
--disable-static \
|
|
|
|
--disable-mutool \
|
|
|
|
--with-cups-rundir=/run/cups \
|
|
|
|
--build=$ARCH-slackware-linux || exit 1
|
|
|
|
make $NUMJOBS || make || exit 1
|
|
|
|
make install DESTDIR=$PKG || exit 1
|
|
|
|
|
|
|
|
# Don't ship .la files:
|
|
|
|
rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
|
|
|
|
|
|
|
|
# Strip binaries:
|
|
|
|
find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
|
|
|
|
|
|
|
|
# Compress manual pages:
|
|
|
|
find $PKG/usr/man -type f -exec gzip -9 {} \+
|
|
|
|
for i in $( find $PKG/usr/man -type l ) ; do
|
|
|
|
ln -s $( readlink $i ).gz $i.gz
|
|
|
|
rm $i
|
|
|
|
done
|
|
|
|
|
|
|
|
# Add a documentation directory:
|
|
|
|
mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION
|
|
|
|
cp -a \
|
|
|
|
AUTHORS* CHANGES.md COPYING* DEVELOPING* INSTALL* LICENSE* NEWS* NOTICE* README* \
|
|
|
|
$PKG/usr/doc/${PKGNAM}-$VERSION
|
|
|
|
|
|
|
|
# If there's a CHANGES.md file, installing at least part of the recent history
|
|
|
|
# is useful, but don't let it get totally out of control:
|
|
|
|
if [ -r CHANGES.md ]; then
|
|
|
|
DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
|
|
|
|
cat CHANGES.md | head -n 1000 > $DOCSDIR/CHANGES.md
|
|
|
|
touch -r CHANGES.md $DOCSDIR/CHANGES.md
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Nope:
|
|
|
|
rm -f $PKG/usr/doc/${PKGNAM}-$VERSION/CHANGES-1.x*
|
|
|
|
|
|
|
|
mkdir -p $PKG/install
|
|
|
|
cat $CWD/slack-desc > $PKG/install/slack-desc
|
|
|
|
|
|
|
|
cd $PKG
|
|
|
|
/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz
|