1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2025-01-18 22:27:20 +01:00
slackware-current/source/a/elilo/elilo.SlackBuild

151 lines
5.5 KiB
Text
Raw Normal View History

#!/bin/bash
Fri Oct 18 22:51:09 UTC 2024 a/elilo-3.16-x86_64-17.txz: Rebuilt. eliloconfig: adapt to new naming and lack of huge kernel. Thanks to gildbg. ap/cups-browsed-2.1.0-x86_64-1.txz: Upgraded. Removed support for legacy CUPS browsing and for LDAP Legacy CUPS browsing is not needed any more and, our implementation accepting any UDP packet on port 631, causes vulnerabilities, and our LDAP support is does not comly with RFC 7612 and is therefore limited. Fixes CVE-2024-47176 and CVE-2024-47850 Default `BrowseRemoteProtocols` should not include `cups` protocol Works around CVE-2024-47176, the fix is the complete removal of legacy CUPS Browsing functionality. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47176 https://www.cve.org/CVERecord?id=CVE-2024-47850 (* Security fix *) l/dav1d-1.5.0-x86_64-1.txz: Upgraded. l/gvfs-1.56.1-x86_64-1.txz: Upgraded. l/libcupsfilters-2.1.0-x86_64-1.txz: Upgraded. `cfGetPrinterAttributes5()`: Validate response attributes before return The IPP print destination which we are querying can be corrupted or forged, so validate the response to strenghten security. Fixes CVE-2024-47076. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47076 (* Security fix *) l/libppd-2.1.0-x86_64-1.txz: Upgraded. Prevent PPD generation based on invalid IPP response Overtaken from CUPS 2.x: Validate IPP attributes in PPD generator, refactor make-and-model code, PPDize preset and template names, quote PPD localized strings. Fixes CVE-2024-47175. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47175 (* Security fix *) l/python-MarkupSafe-3.0.2-x86_64-1.txz: Upgraded. l/python-psutil-6.1.0-x86_64-1.txz: Upgraded. x/fcitx5-qt-5.1.8-x86_64-1.txz: Upgraded.
2024-10-19 00:51:09 +02:00
# Copyright 2013, 2014, 2016, 2017, 2018, 2019, 2022, 2024 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=elilo
VERSION=${VERSION:-$(echo $PKGNAM*.tar.?z* | rev | cut -f 2 -d - | rev)}
Tue Oct 22 23:55:03 UTC 2024 a/elilo-3.16-x86_64-18.txz: Rebuilt. eliloconfig: if we don't find initrd-generic.img, try to fall back on /boot/initrd.gz. Thanks to rworkman. a/kernel-firmware-20241022_e1d9577-noarch-1.txz: Upgraded. a/kernel-generic-6.11.5-x86_64-1.txz: Upgraded. a/less-668-x86_64-1.txz: Upgraded. a/openssl11-solibs-1.1.1zb-x86_64-1.txz: Upgraded. a/sysvinit-3.11-x86_64-1.txz: Upgraded. a/usbutils-018-x86_64-1.txz: Upgraded. d/kernel-headers-6.11.5-x86-1.txz: Upgraded. d/parallel-20241022-noarch-1.txz: Upgraded. d/swig-4.3.0-x86_64-1.txz: Upgraded. k/kernel-source-6.11.5-noarch-1.txz: Upgraded. l/libvisio-0.1.8-x86_64-1.txz: Upgraded. l/python-trove-classifiers-2024.10.21.16-x86_64-1.txz: Upgraded. n/openssl11-1.1.1zb-x86_64-1.txz: Upgraded. Apply patch to fix a security issue: Harden BN_GF2m_poly2arr against misuse. This CVE was fixed by the 1.1.1zb release that is only available to subscribers to OpenSSL's premium extended support. The patch was prepared by backporting from the OpenSSL-3.0 repo. The reported version number has been updated so that vulnerability scanners calm down. Thanks to Ken Zalewski for the patch! For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-9143 (* Security fix *) xap/gucharmap-16.0.2-x86_64-1.txz: Upgraded. xap/mozilla-thunderbird-128.3.3esr-x86_64-1.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/128.3.3esr/releasenotes/ isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.
2024-10-23 01:55:03 +02:00
BUILD=${BUILD:-18}
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
Fri Oct 18 22:51:09 UTC 2024 a/elilo-3.16-x86_64-17.txz: Rebuilt. eliloconfig: adapt to new naming and lack of huge kernel. Thanks to gildbg. ap/cups-browsed-2.1.0-x86_64-1.txz: Upgraded. Removed support for legacy CUPS browsing and for LDAP Legacy CUPS browsing is not needed any more and, our implementation accepting any UDP packet on port 631, causes vulnerabilities, and our LDAP support is does not comly with RFC 7612 and is therefore limited. Fixes CVE-2024-47176 and CVE-2024-47850 Default `BrowseRemoteProtocols` should not include `cups` protocol Works around CVE-2024-47176, the fix is the complete removal of legacy CUPS Browsing functionality. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47176 https://www.cve.org/CVERecord?id=CVE-2024-47850 (* Security fix *) l/dav1d-1.5.0-x86_64-1.txz: Upgraded. l/gvfs-1.56.1-x86_64-1.txz: Upgraded. l/libcupsfilters-2.1.0-x86_64-1.txz: Upgraded. `cfGetPrinterAttributes5()`: Validate response attributes before return The IPP print destination which we are querying can be corrupted or forged, so validate the response to strenghten security. Fixes CVE-2024-47076. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47076 (* Security fix *) l/libppd-2.1.0-x86_64-1.txz: Upgraded. Prevent PPD generation based on invalid IPP response Overtaken from CUPS 2.x: Validate IPP attributes in PPD generator, refactor make-and-model code, PPDize preset and template names, quote PPD localized strings. Fixes CVE-2024-47175. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47175 (* Security fix *) l/python-MarkupSafe-3.0.2-x86_64-1.txz: Upgraded. l/python-psutil-6.1.0-x86_64-1.txz: Upgraded. x/fcitx5-qt-5.1.8-x86_64-1.txz: Upgraded.
2024-10-19 00:51:09 +02:00
i?86) ARCH=i686 ;;
arm*) ARCH=arm ;;
*) ARCH=$( uname -m ) ;;
esac
fi
TMP=${TMP:-/tmp}
PKG=$TMP/package-$PKGNAM
Fri Oct 18 22:51:09 UTC 2024 a/elilo-3.16-x86_64-17.txz: Rebuilt. eliloconfig: adapt to new naming and lack of huge kernel. Thanks to gildbg. ap/cups-browsed-2.1.0-x86_64-1.txz: Upgraded. Removed support for legacy CUPS browsing and for LDAP Legacy CUPS browsing is not needed any more and, our implementation accepting any UDP packet on port 631, causes vulnerabilities, and our LDAP support is does not comly with RFC 7612 and is therefore limited. Fixes CVE-2024-47176 and CVE-2024-47850 Default `BrowseRemoteProtocols` should not include `cups` protocol Works around CVE-2024-47176, the fix is the complete removal of legacy CUPS Browsing functionality. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47176 https://www.cve.org/CVERecord?id=CVE-2024-47850 (* Security fix *) l/dav1d-1.5.0-x86_64-1.txz: Upgraded. l/gvfs-1.56.1-x86_64-1.txz: Upgraded. l/libcupsfilters-2.1.0-x86_64-1.txz: Upgraded. `cfGetPrinterAttributes5()`: Validate response attributes before return The IPP print destination which we are querying can be corrupted or forged, so validate the response to strenghten security. Fixes CVE-2024-47076. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47076 (* Security fix *) l/libppd-2.1.0-x86_64-1.txz: Upgraded. Prevent PPD generation based on invalid IPP response Overtaken from CUPS 2.x: Validate IPP attributes in PPD generator, refactor make-and-model code, PPDize preset and template names, quote PPD localized strings. Fixes CVE-2024-47175. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47175 (* Security fix *) l/python-MarkupSafe-3.0.2-x86_64-1.txz: Upgraded. l/python-psutil-6.1.0-x86_64-1.txz: Upgraded. x/fcitx5-qt-5.1.8-x86_64-1.txz: Upgraded.
2024-10-19 00:51:09 +02:00
if [ "$ARCH" = "i686" ]; then
SLKCFLAGS="-O2 -march=pentium4 -mtune=generic"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
Fri Oct 18 22:51:09 UTC 2024 a/elilo-3.16-x86_64-17.txz: Rebuilt. eliloconfig: adapt to new naming and lack of huge kernel. Thanks to gildbg. ap/cups-browsed-2.1.0-x86_64-1.txz: Upgraded. Removed support for legacy CUPS browsing and for LDAP Legacy CUPS browsing is not needed any more and, our implementation accepting any UDP packet on port 631, causes vulnerabilities, and our LDAP support is does not comly with RFC 7612 and is therefore limited. Fixes CVE-2024-47176 and CVE-2024-47850 Default `BrowseRemoteProtocols` should not include `cups` protocol Works around CVE-2024-47176, the fix is the complete removal of legacy CUPS Browsing functionality. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47176 https://www.cve.org/CVERecord?id=CVE-2024-47850 (* Security fix *) l/dav1d-1.5.0-x86_64-1.txz: Upgraded. l/gvfs-1.56.1-x86_64-1.txz: Upgraded. l/libcupsfilters-2.1.0-x86_64-1.txz: Upgraded. `cfGetPrinterAttributes5()`: Validate response attributes before return The IPP print destination which we are querying can be corrupted or forged, so validate the response to strenghten security. Fixes CVE-2024-47076. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47076 (* Security fix *) l/libppd-2.1.0-x86_64-1.txz: Upgraded. Prevent PPD generation based on invalid IPP response Overtaken from CUPS 2.x: Validate IPP attributes in PPD generator, refactor make-and-model code, PPDize preset and template names, quote PPD localized strings. Fixes CVE-2024-47175. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47175 (* Security fix *) l/python-MarkupSafe-3.0.2-x86_64-1.txz: Upgraded. l/python-psutil-6.1.0-x86_64-1.txz: Upgraded. x/fcitx5-qt-5.1.8-x86_64-1.txz: Upgraded.
2024-10-19 00:51:09 +02:00
SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC"
LIBDIRSUFFIX="64"
else
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
fi
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
exit 0
fi
rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
rm -rf elilo
mkdir elilo
cd elilo
tar xvf $CWD/${PKGNAM}-$VERSION-all.tar.?z* || exit 1
tar xvf elilo-${VERSION}-source.tar.gz || exit 1
# The tarball extracted below contains rebuilt versions of the x86_64 and
# ia32 elilo, which were extracted from $TMP/elilo/elilo-${VERSION}-source/
# after building under both architectures. This approach simplifies making
# changes to other parts of the package without needlessly complicating
# things, as the loaders themselves seldom need to be rebuilt. Besides,
# elilo can be rather fragile, so we don't want to rebuild it without a
# good reason and risk breaking it.
#
# These EFI binaries were built with Slackware 14.2. Newer compilers might
# cause bloat, or other issues.
tar xvf $CWD/elilo.loader.binaries.tar.xz || exit 1
chown -R root:root .
chmod -R u+w,go+r-w,a-s .
cd elilo-${VERSION}-source || cd elilo || exit
sed -i "s,/usr/lib,/usr/lib${LIBDIRSUFFIX},g" Make.defaults
sed -i "s,EFICRT0.*= /usr/lib${LIBDIRSUFFIX},EFICRT0 = /usr/lib${LIBDIRSUFFIX}/gnuefi,g" Make.defaults
sed -i "s,dpkg-architecture -qDEB_BUILD_ARCH,uname -m,g" Make.defaults
# Fix collision with StrnCpy() function in both elilo and gnu-efi:
grep -r -l StrnCpy * | xargs sed -i "s/StrnCpy/elilo_StrnCpy/g"
# Increase kernel size limit from 8MB to 16MB (nobody will ever need more than 640K ;-):
zcat $CWD/elilo.double.kernel.size.limit.diff.gz | patch -p1 --verbose || exit 1
# Disable the Confidential Computing blob which was leading to boot failures
# with the 5.19.0 kernel and the EFI stub enabled:
zcat $CWD/elilo.zeroes.cc_blob_address.diff.gz | patch -p1 --verbose || exit 1
# We will build the tools from source.
# However, we will package the pre-built EFI binaries, since we would
# like to include both 32-bit and 64-bit x86 EFI loaders in the
# finished package.
# To build everything, you'll need to *not* change into the tools directory,
# instead running "make" here in the top-level. Please note that due to
# memory exhaustion issues, to build the 32-bit loader you will need to
# use a 32-bit userspace with an x86_64 kernel.
cd tools
make || exit 1
cd ..
# Install the files in the package directory:
mkdir -p $PKG/usr/sbin
cp tools/eliloalt $PKG/usr/sbin
# Install eliloconfig, a simple setup script:
cp -a $CWD/eliloconfig $PKG/usr/sbin
chown root:root $PKG/usr/sbin/eliloconfig
chmod 755 $PKG/usr/sbin/eliloconfig
mkdir -p $PKG/var/log/setup
cp -a $CWD/setup.ll.eliloconfig $PKG/var/log/setup
chown root:root $PKG/var/log/setup/setup.ll.eliloconfig
chmod 755 $PKG/var/log/setup/setup.ll.eliloconfig
mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
cp -a \
ChangeLog LIMITATIONS README README.gnu-efi TODO docs/* \
examples \
$PKG/usr/doc/$PKGNAM-$VERSION
# Since it might not be safe to strip the EFI binaries, do this now:
( cd $PKG
find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
)
cd ..
# Install EFI bootloaders in /boot:
mkdir $PKG/boot
# The ia32 version is pretty much useless, since 32-bit UEFI is nowhere to be
# found. Maybe it would help old 32-bit Intel Macs though?
cp -a elilo*ia32.efi $PKG/boot/elilo-ia32.efi
# Itanium binary isn't needed here.
#cp -a elilo*ia64.efi $PKG/boot/elilo-ia64.efi
cp -a elilo*x86_64.efi $PKG/boot/elilo-x86_64.efi
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cd $PKG
/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz