mirror of
git://slackware.nl/current.git
synced 2024-12-29 10:25:00 +01:00
37eaf40ce5
a/kernel-generic-4.19.7-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.7-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.7-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.7-x86-1.txz: Upgraded.
k/kernel-source-4.19.7-noarch-1.txz: Upgraded.
n/gnutls-3.6.5-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Bleichenbacher-like side channel leakage in PKCS#1 1.5 verification and
padding oracle verification.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16868
(* Security fix *)
n/nettle-3.4.1-x86_64-1.txz: Upgraded.
This update fixes a security issue:
A Bleichenbacher type side-channel based padding oracle attack was found
in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5
data. An attacker who is able to run a process on the same physical core
as the victim process, could use this flaw to extract plaintext or in some
cases downgrade any TLS connections to a vulnerable server.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16869
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
136 lines
4.1 KiB
Bash
Executable file
136 lines
4.1 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
# Slackware build script for nettle
|
|
|
|
# Copyright 2011 Robby Workman, Northport, Alabama, USA
|
|
# All rights reserved.
|
|
#
|
|
# Redistribution and use of this script, with or without modification, is
|
|
# permitted provided that the following conditions are met:
|
|
#
|
|
# 1. Redistributions of this script must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
|
|
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
|
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
|
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
|
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
|
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
cd $(dirname $0) ; CWD=$(pwd)
|
|
|
|
PKGNAM=nettle
|
|
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
|
|
BUILD=${BUILD:-1}
|
|
|
|
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
|
|
|
|
if [ -z "$ARCH" ]; then
|
|
case "$( uname -m )" in
|
|
i?86) ARCH=i586 ;;
|
|
arm*) ARCH=arm ;;
|
|
*) ARCH=$( uname -m ) ;;
|
|
esac
|
|
fi
|
|
|
|
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
|
|
# the name of the created package would be, and then exit. This information
|
|
# could be useful to other scripts.
|
|
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
|
|
echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
|
|
exit 0
|
|
fi
|
|
|
|
TMP=${TMP:-/tmp}
|
|
PKG=$TMP/package-$PKGNAM
|
|
|
|
if [ "$ARCH" = "i586" ]; then
|
|
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
|
|
LIBDIRSUFFIX=""
|
|
elif [ "$ARCH" = "i686" ]; then
|
|
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
|
|
LIBDIRSUFFIX=""
|
|
elif [ "$ARCH" = "x86_64" ]; then
|
|
SLKCFLAGS="-O2 -fPIC"
|
|
LIBDIRSUFFIX="64"
|
|
else
|
|
SLKCFLAGS="-O2"
|
|
LIBDIRSUFFIX=""
|
|
fi
|
|
|
|
rm -rf $PKG
|
|
mkdir -p $TMP $PKG
|
|
cd $TMP
|
|
rm -rf $PKGNAM-$VERSION
|
|
tar xvf $CWD/$PKGNAM-$VERSION.tar.?* || exit 1
|
|
cd $PKGNAM-$VERSION
|
|
chown -R root:root .
|
|
find . \
|
|
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
|
|
-exec chmod 755 {} \; -o \
|
|
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
|
|
-exec chmod 644 {} \;
|
|
|
|
# There is a "--disable-openssl" flag that shows this for help:
|
|
# "Do not include openssl glue in the benchmark program"
|
|
# Building without that flag does not appear to link any openssl libraries,
|
|
# so I don't see any potential legal implications... --rworkman
|
|
CFLAGS="$SLKCFLAGS" \
|
|
CXXFLAGS="$SLKCFLAGS" \
|
|
./configure \
|
|
--prefix=/usr \
|
|
--libdir=/usr/lib${LIBDIRSUFFIX} \
|
|
--sysconfdir=/etc \
|
|
--localstatedir=/var \
|
|
--docdir=/usr/doc/$PKGNAM-$VERSION \
|
|
--infodir=/usr/info \
|
|
--enable-shared \
|
|
--build=$ARCH-slackware-linux \
|
|
|| exit 1
|
|
|
|
make $NUMJOBS || make || exit 1
|
|
make install DESTDIR=$PKG || exit 1
|
|
|
|
# Do not package static libraries:
|
|
rm -f $PKG/usr/lib${LIBDIRSUFFIX}/*.a
|
|
|
|
# Fix perms on shared objects
|
|
find $PKG/usr/lib${LIBDIRSUFFIX} -type f -name "*.so.*" -exec chmod 0755 {} \;
|
|
|
|
# Strip binaries:
|
|
( cd $PKG
|
|
find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
|
|
find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
|
|
)
|
|
|
|
# Compress info files, if any:
|
|
if [ -d $PKG/usr/info ]; then
|
|
( cd $PKG/usr/info
|
|
rm -f dir
|
|
gzip -9 *
|
|
)
|
|
fi
|
|
|
|
mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
|
|
cp -a \
|
|
AUTHORS COPYING* INSTALL NEWS README TODO \
|
|
$PKG/usr/doc/$PKGNAM-$VERSION
|
|
|
|
# If there's a ChangeLog, installing at least part of the recent history
|
|
# is useful, but don't let it get totally out of control:
|
|
if [ -r ChangeLog ]; then
|
|
DOCSDIR=$(echo $PKG/usr/doc/*-$VERSION)
|
|
cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
|
|
touch -r ChangeLog $DOCSDIR/ChangeLog
|
|
fi
|
|
|
|
mkdir -p $PKG/install
|
|
cat $CWD/slack-desc > $PKG/install/slack-desc
|
|
|
|
cd $PKG
|
|
/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz
|