mirror of
git://slackware.nl/current.git
synced 2024-12-26 09:58:59 +01:00
e1cb531b52
a/libblockdev-3.2.1-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-45.txz: Rebuilt.
/etc/default/geninitrd: Add AUTOGENERATE_INITRD variable for disabling
automatically generating the initrd when the kernel package is upgraded.
The hook to trigger this will be in the next kernel-generic package.
setup.01.mkinitrd: skip generating an initrd if we're called from the
kernel doinst.sh and AUTOGENERATE_INITRD=false.
geninitrd: Look for an override script called /usr/local/sbin/geninitrd,
not /usr/local/bin/geninitrd-custom. Thanks to GazL.
ap/mariadb-11.4.4-x86_64-2.txz: Rebuilt.
rc.mysqld: use mariadbd-safe, not mysqld_safe. Thanks to teoberi.
d/cmake-3.31.0-x86_64-1.txz: Upgraded.
l/expat-2.6.4-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Fix crash within function XML_ResumeParser from a NULL pointer dereference
by disallowing function XML_StopParser to (stop or) suspend an unstarted
parser. A new error code XML_ERROR_NOT_STARTED was introduced to properly
communicate this situation.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-50602
(* Security fix *)
n/gpgme-1.24.0-x86_64-1.txz: Upgraded.
Added libqgpgmeqt6.
xap/ffmpegthumbnailer-2.2.3-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-128.4.2esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/128.4.2esr/releasenotes/
227 lines
7.4 KiB
Bash
Executable file
227 lines
7.4 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
# Copyright 2000 BSDi, Inc. Concord, CA, USA
|
|
# Copyright 2001, 2002 Slackware Linux, Inc. Concord, CA, USA
|
|
# Copyright 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2018, 2023 Patrick J. Volkerding, Sebeka, MN, USA
|
|
# All rights reserved.
|
|
#
|
|
# Redistribution and use of this script, with or without modification, is
|
|
# permitted provided that the following conditions are met:
|
|
#
|
|
# 1. Redistributions of this script must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
|
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
|
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
|
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
|
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
|
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
# Set initial variables:
|
|
cd $(dirname $0) ; CWD=$(pwd)
|
|
TMP=${TMP:-/tmp}
|
|
|
|
PKGNAM=openssl
|
|
VERSION=${VERSION:-$(echo openssl-*.tar.gz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
|
|
BUILD=${BUILD:-1}
|
|
|
|
# Automatically determine the architecture we're building on:
|
|
if [ -z "$ARCH" ]; then
|
|
case "$( uname -m )" in
|
|
i?86) export ARCH=i686 ;;
|
|
arm*) export ARCH=arm ;;
|
|
# Unless $ARCH is already set, use uname -m for all other archs:
|
|
*) export ARCH=$( uname -m ) ;;
|
|
esac
|
|
fi
|
|
|
|
PKG1=$TMP/package-openssl
|
|
PKG2=$TMP/package-ossllibs
|
|
NAME1=openssl-$VERSION-$ARCH-$BUILD
|
|
NAME2=openssl-solibs-$VERSION-$ARCH-$BUILD
|
|
|
|
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
|
|
# the name of the created package would be, and then exit. This information
|
|
# could be useful to other scripts.
|
|
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
|
|
echo "${NAME1}.txz"
|
|
echo "${NAME2}.txz"
|
|
exit 0
|
|
fi
|
|
|
|
# Parallel build doesn't link properly.
|
|
#NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
|
|
|
|
# So that ls has the right field counts for parsing...
|
|
export LC_ALL=C
|
|
|
|
cd $TMP
|
|
rm -rf $PKG1 $PKG2 openssl-$VERSION
|
|
|
|
tar xvf $CWD/openssl-$VERSION.tar.gz || exit 1
|
|
cd openssl-$VERSION
|
|
chown -R root:root .
|
|
|
|
if [ "$ARCH" = "i686" ]; then
|
|
sed -i "/linux-elf/s/fomit-frame-pointer/fomit-frame-pointer -march=pentium4 -mtune=generic/g" Configure
|
|
LIBDIRSUFFIX=""
|
|
elif [ "$ARCH" = "x86_64" ]; then
|
|
LIBDIRSUFFIX="64"
|
|
fi
|
|
|
|
# Patch openssl.cnf to remove useless FIPS documentation, and to provide
|
|
# examples for enabling legacy algorithms. These are considered weaker, but
|
|
# some applications may still require them.
|
|
zcat $CWD/0024-load-legacy-prov.patch.gz | patch -p1 --verbose || exit 1
|
|
|
|
mkdir -p $PKG1/usr/doc/openssl-$VERSION
|
|
cp -a ACKNOWLEDGEMENTS* AUTHORS* CHANGES* CODE-OF-CONDUCT* CONTRIBUTING* FAQ* \
|
|
HACKING* INSTALL* LICENSE* NEWS* NOTES* README* SUPPORT* VERSION* doc \
|
|
$PKG1/usr/doc/openssl-$VERSION
|
|
find $PKG1/usr/doc/openssl-$VERSION -type d -exec chmod 755 {} \+
|
|
find $PKG1/usr/doc/openssl-$VERSION -type f -exec chmod 644 {} \+
|
|
|
|
# If there's a CHANGES file, installing at least part of the recent history
|
|
# is useful, but don't let it get totally out of control:
|
|
if [ -r CHANGES ]; then
|
|
DOCSDIR=$(echo $PKG1/usr/doc/*-$VERSION)
|
|
cat CHANGES | head -n 2000 > $DOCSDIR/CHANGES
|
|
touch -r CHANGES $DOCSDIR/CHANGES
|
|
fi
|
|
|
|
# These are the known patent issues with OpenSSL:
|
|
# name # expires
|
|
# MDC-2: 4,908,861 2007-03-13, not included.
|
|
# IDEA: 5,214,703 2010-05-25, not included.
|
|
#
|
|
# Although all of the above are expired, it's still probably
|
|
# not a good idea to include them as there are better
|
|
# algorithms to use.
|
|
|
|
./config \
|
|
--prefix=/usr \
|
|
--openssldir=/etc/ssl \
|
|
zlib \
|
|
enable-camellia \
|
|
enable-seed \
|
|
enable-rfc3779 \
|
|
enable-cms \
|
|
enable-md2 \
|
|
enable-rc5 \
|
|
enable-ssl3 \
|
|
enable-ssl3-method \
|
|
no-weak-ssl-ciphers \
|
|
no-mdc2 \
|
|
no-ec2m \
|
|
no-sm2 \
|
|
no-sm4 \
|
|
shared
|
|
|
|
make $NUMJOBS depend || make depend || exit 1
|
|
|
|
make $NUMJOBS || make || exit 1
|
|
|
|
make install DESTDIR=$PKG1 || exit 1
|
|
|
|
# No thanks on the static libraries:
|
|
rm -f $PKG1/usr/lib${LIBDIRSUFFIX}/*.a
|
|
|
|
# No thanks on manpages duplicated as html:
|
|
rm -rf $PKG1/usr/share/doc
|
|
|
|
# Also no thanks on .pod versions of the already shipped manpages:
|
|
rm -rf $PKG1/usr/doc/openssl-*/doc/man*
|
|
rm -rf $PKG1/usr/doc/openssl-*/doc/internal
|
|
|
|
# Move libraries, as they might be needed by programs that bring a network
|
|
# mounted /usr online:
|
|
|
|
mkdir $PKG1/lib${LIBDIRSUFFIX}
|
|
( cd $PKG1/usr/lib${LIBDIRSUFFIX}
|
|
for file in lib*.so.? ; do
|
|
mv $file ../../lib${LIBDIRSUFFIX}
|
|
ln -sf ../../lib${LIBDIRSUFFIX}/$file .
|
|
done
|
|
)
|
|
|
|
# Add a cron script to warn root if a certificate is going to expire soon:
|
|
mkdir -p $PKG1/etc/cron.daily
|
|
zcat $CWD/certwatch.gz > $PKG1/etc/cron.daily/certwatch.new
|
|
chmod 755 $PKG1/etc/cron.daily/certwatch.new
|
|
|
|
# Make config file non-clobber:
|
|
mv $PKG1/etc/ssl/openssl.cnf $PKG1/etc/ssl/openssl.cnf.new
|
|
|
|
# Remove duplicate config file:
|
|
rm -f $PKG1/etc/ssl/openssl.cnf.dist
|
|
|
|
( cd $PKG1
|
|
find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
|
|
find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
|
|
)
|
|
|
|
# Relocate the manpages:
|
|
mv $PKG1/usr/share/man $PKG1/usr
|
|
rmdir $PKG1/usr/share
|
|
|
|
# Compress and symlink the man pages:
|
|
if [ -d $PKG1/usr/man ]; then
|
|
( cd $PKG1/usr/man
|
|
for manpagedir in $(find . -type d -name "man*") ; do
|
|
( cd $manpagedir
|
|
for eachpage in $( find . -type l -maxdepth 1) ; do
|
|
ln -s $( readlink $eachpage ).gz $eachpage.gz
|
|
rm $eachpage
|
|
done
|
|
gzip -9 *.?ossl
|
|
)
|
|
done
|
|
)
|
|
fi
|
|
|
|
cd $PKG1
|
|
chmod 755 usr/lib${LIBDIRSUFFIX}/pkgconfig
|
|
sed -i -e "s#lib\$#lib${LIBDIRSUFFIX}#" usr/lib${LIBDIRSUFFIX}/pkgconfig/*.pc
|
|
mkdir -p install
|
|
zcat $CWD/doinst.sh-openssl.gz > install/doinst.sh
|
|
cat $CWD/slack-desc.openssl > install/slack-desc
|
|
/sbin/makepkg -l y -c n $TMP/${NAME1}.txz
|
|
|
|
# Make runtime package:
|
|
mkdir -p $PKG2/lib${LIBDIRSUFFIX}
|
|
( cd lib${LIBDIRSUFFIX} ; cp -a lib*.so.* $PKG2/lib${LIBDIRSUFFIX} )
|
|
mkdir -p $PKG2/usr/lib${LIBDIRSUFFIX}
|
|
cp -a $PKG1//usr/lib${LIBDIRSUFFIX}/{engines-3,ossl-modules} $PKG2/usr/lib${LIBDIRSUFFIX}
|
|
( cd $PKG2/lib${LIBDIRSUFFIX}
|
|
for file in lib*.so.? ; do
|
|
( cd $PKG2/usr/lib${LIBDIRSUFFIX} ; ln -sf ../../lib${LIBDIRSUFFIX}/$file . )
|
|
done
|
|
)
|
|
mkdir -p $PKG2/etc
|
|
( cd $PKG2/etc ; cp -a $PKG1/etc/ssl . )
|
|
mkdir -p $PKG2/usr/doc/openssl-$VERSION
|
|
( cd $TMP/openssl-$VERSION
|
|
cp -a ACKNOWLEDGEMENTS* AUTHORS* CHANGES* CONTRIBUTING* FAQ* INSTALL* \
|
|
LICENSE* NEWS* NOTES* README* \
|
|
$PKG2/usr/doc/openssl-$VERSION
|
|
# If there's a CHANGES file, installing at least part of the recent history
|
|
# is useful, but don't let it get totally out of control:
|
|
if [ -r CHANGES ]; then
|
|
DOCSDIR=$(echo $PKG2/usr/doc/*-$VERSION)
|
|
cat CHANGES | head -n 2000 > $DOCSDIR/CHANGES
|
|
touch -r CHANGES $DOCSDIR/CHANGES
|
|
fi
|
|
)
|
|
|
|
find $PKG2/usr/doc/openssl-$VERSION -type d -exec chmod 755 {} \+
|
|
find $PKG2/usr/doc/openssl-$VERSION -type f -exec chmod 644 {} \+
|
|
cd $PKG2
|
|
mkdir -p install
|
|
zcat $CWD/doinst.sh-openssl-solibs.gz > install/doinst.sh
|
|
cat $CWD/slack-desc.openssl-solibs > install/slack-desc
|
|
/sbin/makepkg -l y -c n $TMP/${NAME2}.txz
|