mirror of
git://slackware.nl/current.git
synced 2025-01-13 08:01:53 +01:00
58eb3d5294
l/libgsf-1.14.48-x86_64-1.txz: Upgraded.
l/netpbm-10.97.00-x86_64-1.txz: Upgraded.
n/wpa_supplicant-2.9-x86_64-8.txz: Rebuilt.
This update fixes the following security issues:
AP mode PMF disconnection protection bypass.
UPnP SUBSCRIBE misbehavior in hostapd WPS AP.
P2P group information processing vulnerability.
P2P provision discovery processing vulnerability.
ASN.1: Validate DigestAlgorithmIdentifier parameters.
Flush pending control interface message for an interface to be removed.
These issues could result in a denial-of-service, privilege escalation,
arbitrary code execution, or other unexpected behavior.
Thanks to nobodino for pointing out the patches.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30004
(* Security fix *)
xap/seamonkey-2.53.10.2-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.10.2
(* Security fix *)
198 lines
7 KiB
Bash
Executable file
198 lines
7 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
# Copyright 2004-2008 Eric Hameleers, Eindhoven, NL
|
|
# Copyright 2008-2021 Patrick J. Volkerding, Sebeka, MN, USA
|
|
# All rights reserved.
|
|
#
|
|
# Redistribution and use of this script, with or without modification, is
|
|
# permitted provided that the following conditions are met:
|
|
#
|
|
# 1. Redistributions of this script must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
|
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
|
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
|
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
|
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
|
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
cd $(dirname $0) ; CWD=$(pwd)
|
|
|
|
PKGNAM=wpa_supplicant
|
|
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
|
|
BUILD=${BUILD:-8}
|
|
|
|
SRCVERSION=$(printf $VERSION | tr _ -)
|
|
|
|
# Automatically determine the architecture we're building on:
|
|
if [ -z "$ARCH" ]; then
|
|
case "$( uname -m )" in
|
|
i?86) export ARCH=i586 ;;
|
|
arm*) export ARCH=arm ;;
|
|
# Unless $ARCH is already set, use uname -m for all other archs:
|
|
*) export ARCH=$( uname -m ) ;;
|
|
esac
|
|
fi
|
|
|
|
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
|
|
# the name of the created package would be, and then exit. This information
|
|
# could be useful to other scripts.
|
|
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
|
|
echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
|
|
exit 0
|
|
fi
|
|
|
|
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
|
|
|
|
if [ "$ARCH" = "i586" ]; then
|
|
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
|
|
LIBDIRSUFFIX=""
|
|
elif [ "$ARCH" = "s390" ]; then
|
|
SLKCFLAGS="-O2"
|
|
LIBDIRSUFFIX=""
|
|
elif [ "$ARCH" = "x86_64" ]; then
|
|
SLKCFLAGS="-O2 -fPIC"
|
|
LIBDIRSUFFIX="64"
|
|
elif [ "$ARCH" = "arm" ]; then
|
|
SLKCFLAGS="-O2 -march=armv4 -mtune=xscale"
|
|
LIBDIRSUFFIX=""
|
|
elif [ "$ARCH" = "armel" ]; then
|
|
SLKCFLAGS="-O2 -march=armv4t"
|
|
LIBDIRSUFFIX=""
|
|
else
|
|
SLKCFLAGS="-O2"
|
|
LIBDIRSUFFIX=""
|
|
fi
|
|
|
|
TMP=${TMP:-/tmp}
|
|
PKG=$TMP/package-$PKGNAM
|
|
|
|
rm -rf $PKG
|
|
mkdir -p $TMP $PKG
|
|
cd $TMP
|
|
rm -rf ${PKGNAM}-${SRCVERSION}
|
|
tar xvf $CWD/${PKGNAM}-${SRCVERSION}.tar.?z* || exit 1
|
|
cd ${PKGNAM}-${SRCVERSION}
|
|
chown -R root:root .
|
|
find . \
|
|
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
|
|
-exec chmod 755 {} \+ -o \
|
|
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
|
|
-exec chmod 644 {} \+
|
|
|
|
zcat $CWD/patches/wpa_supplicant-flush-debug-output.patch.gz | patch -p1 --verbose || exit 1
|
|
zcat $CWD/patches/wpa_supplicant-gui-qt4.patch.gz | patch -p1 --verbose || exit 1
|
|
zcat $CWD/patches/wpa_supplicant-quiet-scan-results-message.patch.gz | patch -p1 --verbose || exit 1
|
|
|
|
# Security fixes for CVE-2021-0326 CVE-2021-0535 CVE-2020-12695 CVE-2019-16275 CVE-2021-27803 CVE-2021-30004:
|
|
zcat $CWD/patches/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch.gz | patch -p1 --verbose || exit 1
|
|
zcat $CWD/patches/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch.gz | patch -p1 --verbose || exit 1
|
|
zcat $CWD/patches/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch.gz | patch -p1 --verbose || exit 1
|
|
zcat $CWD/patches/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch.gz | patch -p1 --verbose || exit 1
|
|
zcat $CWD/patches/0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch.gz | patch -p1 --verbose || exit 1
|
|
zcat $CWD/patches/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch.gz | patch -p1 --verbose || exit 1
|
|
zcat $CWD/patches/a0541334a6394f8237a4393b7372693cd7e96f15.patch.gz | patch -p1 --verbose || exit 1
|
|
zcat $CWD/patches/8ca330bd709bf7c000dfda5b1edbc0cbeabb8b55.patch.gz | patch -p1 --verbose || exit 1
|
|
|
|
# Allow legacy tls to avoid breaking WPA2-Enterprise:
|
|
zcat $CWD/patches/allow-tlsv1.patch.gz | patch -p1 --verbose || exit 1
|
|
|
|
cd wpa_supplicant
|
|
|
|
# Create the configuration file for building wpa_supplicant:
|
|
cat $CWD/config/dot.config > .config
|
|
|
|
# Build the usual binaries
|
|
CFLAGS="$SLKCFLAGS" \
|
|
make $NUMJOBS \
|
|
BINDIR=/usr/sbin \
|
|
LIBDIR=/usr/lib${LIBDIRSUFFIX} || exit 1
|
|
|
|
# Build the Qt5 GUI client
|
|
|
|
|
|
|
|
#The following directory name is labelled qt4, but is compatible with qt5.
|
|
#pushd wpa_gui-qt4 &&
|
|
#qmake wpa_gui.pro &&
|
|
#make &&
|
|
#popd
|
|
|
|
pushd wpa_gui-qt4
|
|
qmake-qt5 wpa_gui.pro
|
|
CFLAGS="$SLKCFLAGS" \
|
|
make $NUMJOBS \
|
|
BINDIR=/usr/sbin \
|
|
LIBDIR=/usr/lib${LIBDIRSUFFIX} || exit 1
|
|
popd
|
|
|
|
# Make sure man pages are built
|
|
make -C doc/docbook man
|
|
|
|
# This goes into the doc directory later on:
|
|
mv wpa_supplicant.conf wpa_supplicant.conf.sample
|
|
|
|
# Install binaries:
|
|
mkdir -p $PKG/usr/sbin $PKG/usr/bin
|
|
cp wpa_supplicant wpa_passphrase wpa_cli $PKG/usr/sbin/
|
|
cp wpa_gui-qt4/wpa_gui $PKG/usr/bin/
|
|
|
|
find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
|
|
| cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
|
|
|
|
# Install dbus configuration file:
|
|
mkdir -p $PKG/usr/share/dbus-1/system.d/
|
|
cp dbus/dbus-wpa_supplicant.conf \
|
|
$PKG/usr/share/dbus-1/system.d/dbus-wpa_supplicant.conf
|
|
|
|
mkdir -p $PKG/usr/share/dbus-1/system-services
|
|
install -m644 dbus/*.service $PKG/usr/share/dbus-1/system-services/
|
|
|
|
# Install a .desktop file and icon for wpa_gui:
|
|
# (converted from the wpa_gui.svg in the source)
|
|
mkdir -p $PKG/usr/share/{applications,pixmaps}
|
|
cat $CWD/config/wpa_gui.desktop > $PKG/usr/share/applications/wpa_gui.desktop
|
|
cat $CWD/config/wpa_gui.png > $PKG/usr/share/pixmaps/wpa_gui.png
|
|
|
|
# Install a logrotate config
|
|
mkdir -p $PKG/etc/logrotate.d
|
|
cat $CWD/config/wpa_supplicant.logrotate > $PKG/etc/logrotate.d/wpa_supplicant.new
|
|
|
|
# Install man pages:
|
|
for m in 5 8; do
|
|
mkdir -p $PKG/usr/man/man${m}
|
|
cp doc/docbook/*.${m} $PKG/usr/man/man${m}/
|
|
done
|
|
find $PKG/usr/man -type f -name "*.?" -exec gzip -9f {} \+
|
|
|
|
# Install a default configuration file (only readable by root):
|
|
mkdir -p $PKG/etc
|
|
cat $CWD/config/wpa_supplicant.conf > $PKG/etc/wpa_supplicant.conf.new
|
|
chmod 600 $PKG/etc/wpa_supplicant.conf.new
|
|
|
|
mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
|
|
cp -a \
|
|
ChangeLog ../COPYING README README-{P2P,WPS} examples *.txt *.sample $CWD/README.slackware \
|
|
$PKG/usr/doc/$PKGNAM-$VERSION
|
|
chown -R root:root $PKG/usr/doc/$PKGNAM-$VERSION/*
|
|
chmod -R a-w $PKG/usr/doc/$PKGNAM-$VERSION/*
|
|
|
|
# If there's a ChangeLog, installing at least part of the recent history
|
|
# is useful, but don't let it get totally out of control:
|
|
if [ -r ChangeLog ]; then
|
|
DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
|
|
cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
|
|
touch -r ChangeLog $DOCSDIR/ChangeLog
|
|
fi
|
|
|
|
mkdir -p $PKG/install
|
|
cat $CWD/slack-desc > $PKG/install/slack-desc
|
|
zcat $CWD/doinst.sh.gz >> $PKG/install/doinst.sh
|
|
|
|
cd $PKG
|
|
/sbin/makepkg -l y -c n $TMP/${PKGNAM}-${VERSION}-${ARCH}-${BUILD}.txz
|