mirror of
git://slackware.nl/current.git
synced 2024-12-28 09:59:53 +01:00
89d895f1ff
a/eudev-3.2.6-x86_64-2.txz: Rebuilt.
Removed unneeded groups "render" and "kvm" from 50-udev-default.rules.
Thanks to Richard David Sherman.
a/grub-2.02-x86_64-4.txz: Rebuilt.
Applied a patch needed when compiling with recent binutils. Thanks to ivandi.
d/parallel-20180922-noarch-1.txz: Upgraded.
x/xterm-337-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-60.2.1esr-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
A potentially exploitable crash in TransportSecurityInfo used for SSL
can be triggered by data stored in the local cache in the user profile
directory. This issue is only exploitable in combination with another
vulnerability allowing an attacker to write data into the local cache
or from locally installed malware. This issue also triggers a
non-exploitable startup crash for users switching between the Nightly
and Release versions of Firefox if the same profile is used.
For more information, see:
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12383
(* Security fix *)
233 lines
7.3 KiB
Bash
Executable file
233 lines
7.3 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
# Copyright 2013, 2016, 2017, 2018 Patrick J. Volkerding, Sebeka, Minnesota, USA
|
|
# All rights reserved.
|
|
#
|
|
# Redistribution and use of this script, with or without modification, is
|
|
# permitted provided that the following conditions are met:
|
|
#
|
|
# 1. Redistributions of this script must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
|
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
|
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
|
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
|
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
|
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
# Modified 2016 by Eric Hameleers <alien@slackware.com> for Slackware Live Edition.
|
|
|
|
cd $(dirname $0) ; CWD=$(pwd)
|
|
|
|
PKGNAM=grub
|
|
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
|
|
# Better to use _ than ~ in the package filenames version:
|
|
PKGVER=$(echo $VERSION | tr '~' '_')
|
|
BUILD=${BUILD:-4}
|
|
|
|
# Automatically determine the architecture we're building on:
|
|
if [ -z "$ARCH" ]; then
|
|
case "$(uname -m)" in
|
|
i?86) ARCH=i586 ;;
|
|
arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;;
|
|
# Unless $ARCH is already set, use uname -m for all other archs:
|
|
*) ARCH=$(uname -m) ;;
|
|
esac
|
|
export ARCH
|
|
fi
|
|
|
|
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
|
|
# the name of the created package would be, and then exit. This information
|
|
# could be useful to other scripts.
|
|
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
|
|
echo "$PKGNAM-$PKGVER-$ARCH-$BUILD.txz"
|
|
exit 0
|
|
fi
|
|
|
|
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
|
|
|
|
if [ "$ARCH" = "i386" ]; then
|
|
SLKCFLAGS="-O2 -march=i386 -mcpu=i686"
|
|
LIBDIRSUFFIX=""
|
|
elif [ "$ARCH" = "i486" ]; then
|
|
SLKCFLAGS="-O2 -march=i486 -mtune=i686"
|
|
EFI32_FLAGS=" --with-platform=efi --target=i386 --program-prefix= "
|
|
LIBDIRSUFFIX=""
|
|
elif [ "$ARCH" = "i586" ]; then
|
|
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
|
|
EFI32_FLAGS=" --with-platform=efi --target=i386 --program-prefix= "
|
|
LIBDIRSUFFIX=""
|
|
elif [ "$ARCH" = "i686" ]; then
|
|
SLKCFLAGS="-O2 -march=i686"
|
|
EFI32_FLAGS=" --with-platform=efi --target=i386 --program-prefix= "
|
|
LIBDIRSUFFIX=""
|
|
elif [ "$ARCH" = "s390" ]; then
|
|
SLKCFLAGS="-O2"
|
|
LIBDIRSUFFIX=""
|
|
elif [ "$ARCH" = "x86_64" ]; then
|
|
SLKCFLAGS="-O2"
|
|
EFI32_FLAGS=" --with-platform=efi --target=i386 --program-prefix= "
|
|
EFI_FLAGS=" --with-platform=efi --target=x86_64 --program-prefix= "
|
|
LIBDIRSUFFIX="64"
|
|
elif [ "$ARCH" = "armv7hl" ]; then
|
|
SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16"
|
|
LIBDIRSUFFIX=""
|
|
else
|
|
SLKCFLAGS="-O2"
|
|
LIBDIRSUFFIX=""
|
|
fi
|
|
|
|
# Don't use icecream:
|
|
PATH=$(echo $PATH | sed "s|/usr/libexec/icecc/bin||g" | tr -s : | sed "s/^://g" | sed "s/:$//g")
|
|
|
|
TMP=${TMP:-/tmp}
|
|
PKG=$TMP/package-$PKGNAM
|
|
|
|
rm -rf $PKG
|
|
mkdir -p $TMP $PKG
|
|
|
|
cd $TMP
|
|
rm -rf $PKGNAM-$VERSION
|
|
tar xvf $CWD/$PKGNAM-$VERSION.tar.xz || exit 1
|
|
cd $PKGNAM-$VERSION || exit 1
|
|
|
|
chown -R root:root .
|
|
find . \
|
|
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
|
|
-exec chmod 755 {} \; -o \
|
|
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
|
|
-exec chmod 644 {} \;
|
|
|
|
# Use /boot/initrd.gz as a valid initrd name:
|
|
zcat $CWD/initrd_naming.patch | patch -p1 --verbose || exit 1
|
|
|
|
# Support DejaVuSansMono font (dejavusansmono.pf2) by default:
|
|
zcat $CWD/grub.dejavusansmono.gfxterm.font.diff.gz | patch -p1 --verbose || exit 1
|
|
|
|
# Fix security issue when reading username and password:
|
|
zcat $CWD/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch.gz | patch -p1 --verbose || exit 1
|
|
|
|
# Fix alignment error with gcc8:
|
|
zcat $CWD/0198-align-struct-efi_variable-better.patch.gz | patch -p1 --verbose || exit 1
|
|
|
|
# Fix compatibility with recent xfsprogs:
|
|
zcat $CWD/grub.xfs.sparse.inodes.patch.gz | patch -p1 --verbose || exit 1
|
|
|
|
# Fix breakage when compiled with recent binutils:
|
|
zcat $CWD/grub.binutils.fix.diff.gz | patch -p1 --verbose || exit 1
|
|
|
|
build_grub() {
|
|
EFI_DO="$*"
|
|
# Configure:
|
|
CFLAGS="$SLKCFLAGS" \
|
|
./configure \
|
|
--prefix=/usr \
|
|
--libdir=/usr/lib${LIBDIRSUFFIX} \
|
|
--sysconfdir=/etc \
|
|
--localstatedir=/var \
|
|
--infodir=/usr/info \
|
|
--mandir=/usr/man \
|
|
--disable-werror \
|
|
$EFI_DO || exit 1
|
|
|
|
# Build and install:
|
|
make clean || exit 1
|
|
make $NUMJOBS || make || exit 1
|
|
make install DESTDIR=$PKG || exit 1
|
|
|
|
# Clear $EFI_DO :
|
|
unset EFI_DO
|
|
}
|
|
|
|
# Build 32bit and 64bit efi targets if requested:
|
|
if [ -n "$EFI32_FLAGS" ]; then
|
|
build_grub $EFI32_FLAGS || exit 1
|
|
fi
|
|
if [ -n "$EFI_FLAGS" ]; then
|
|
build_grub $EFI_FLAGS || exit 1
|
|
fi
|
|
# Always end with regular build:
|
|
build_grub || exit 1
|
|
|
|
# Preserve the contents of /etc/grub.d/40_custom:
|
|
mv $PKG/etc/grub.d/40_custom $PKG/etc/grub.d/40_custom.new
|
|
|
|
# Strip binaries:
|
|
( cd $PKG
|
|
find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
|
|
find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
|
|
)
|
|
|
|
# Put bash-completion file in system directory:
|
|
mkdir -p $PKG/usr/share/bash-completion/completions/
|
|
mv $PKG/etc/bash_completion.d/grub \
|
|
$PKG/usr/share/bash-completion/completions/grub
|
|
rmdir --parents $PKG/etc/bash_completion.d 2>/dev/null
|
|
|
|
# Install default options file:
|
|
mkdir -p $PKG/etc/default
|
|
cat $CWD/etc.default.grub > $PKG/etc/default/grub.new
|
|
|
|
# Create a directory for grub.cfg:
|
|
mkdir -p $PKG/boot/grub
|
|
|
|
# Add fonts, if found on the system:
|
|
FONT_SIZE=${FONT_SIZE:-19}
|
|
if [ -r /usr/share/fonts/TTF/unifont.ttf ]; then
|
|
$PKG/usr/bin/grub-mkfont -o $PKG/usr/share/grub/unifont.pf2 -abv \
|
|
-s $FONT_SIZE /usr/share/fonts/TTF/unifont.ttf
|
|
fi
|
|
if [ -r /usr/share/fonts/TTF/DejaVuSansMono.ttf ]; then
|
|
$PKG/usr/bin/grub-mkfont -o $PKG/usr/share/grub/dejavusansmono.pf2 -abv \
|
|
-s $FONT_SIZE /usr/share/fonts/TTF/DejaVuSansMono.ttf
|
|
fi
|
|
|
|
# Add a documentation directory:
|
|
mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION
|
|
cp -a \
|
|
AUTHORS BUGS COPYING* INSTALL NEWS README* THANKS TODO \
|
|
$PKG/usr/doc/${PKGNAM}-$VERSION
|
|
|
|
# Compress and if needed symlink the man pages:
|
|
if [ -d $PKG/usr/man ]; then
|
|
( cd $PKG/usr/man
|
|
for manpagedir in $(find . -type d -name "man*") ; do
|
|
( cd $manpagedir
|
|
for eachpage in $( find . -type l -maxdepth 1) ; do
|
|
ln -s $( readlink $eachpage ).gz $eachpage.gz
|
|
rm $eachpage
|
|
done
|
|
gzip -9 *.?
|
|
)
|
|
done
|
|
)
|
|
fi
|
|
|
|
# Compress info files, if any:
|
|
if [ -d $PKG/usr/info ]; then
|
|
( cd $PKG/usr/info
|
|
rm -f dir
|
|
gzip -9 *
|
|
)
|
|
fi
|
|
|
|
# If there's a ChangeLog, installing at least part of the recent history
|
|
# is useful, but don't let it get totally out of control:
|
|
if [ -r ChangeLog ]; then
|
|
DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
|
|
cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
|
|
touch -r ChangeLog $DOCSDIR/ChangeLog
|
|
fi
|
|
|
|
mkdir -p $PKG/install
|
|
zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
|
|
cat $CWD/slack-desc > $PKG/install/slack-desc
|
|
|
|
cd $PKG
|
|
/sbin/makepkg -l y -c n $TMP/$PKGNAM-$PKGVER-$ARCH-$BUILD.txz
|
|
|