Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2025-01-15 15:41:54 +01:00
Code Issues Projects Releases Packages Wiki Activity
slackware-current/patches/source/openobex/openobex.SlackBuild
Patrick J Volkerding 4657194ae3 Tue Oct 1 18:01:38 UTC 2024 
Several ELF objects were found to have rpaths pointing into /tmp, a world
writable directory. This could have allowed a local attacker to launch denial
of service attacks or execute arbitrary code when the affected binaries are
run by placing crafted ELF objects in the /tmp rpath location. All rpaths with
an embedded /tmp path have been scrubbed from the binaries, and makepkg has
gained a lint feature to detect these so that they won't creep back in.
extra/llvm-17.0.6-x86_64-2_slack15.0.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
patches/packages/cryfs-0.10.3-x86_64-5_slack15.0.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
patches/packages/cups-filters-1.28.17-x86_64-2_slack15.0.txz:  Rebuilt.
  Mitigate security issue that could lead to a denial of service or
  the execution of arbitrary code.
  Rebuilt with --with-browseremoteprotocols=none to disable incoming
  connections, since this daemon has been shown to be insecure. If you
  actually use cups-browsed, be sure to install the new
  /etc/cups/cups-browsed.conf.new containing this line:
  BrowseRemoteProtocols none
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-47176
  (* Security fix *)
patches/packages/espeak-ng-1.50-x86_64-4_slack15.0.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
patches/packages/libvncserver-0.9.13-x86_64-4_slack15.0.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
patches/packages/marisa-0.2.6-x86_64-5_slack15.0.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
patches/packages/mlt-7.4.0-x86_64-2_slack15.0.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
patches/packages/mozilla-firefox-115.16.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.16.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-48
    https://www.cve.org/CVERecord?id=CVE-2024-9392
    https://www.cve.org/CVERecord?id=CVE-2024-9393
    https://www.cve.org/CVERecord?id=CVE-2024-9394
    https://www.cve.org/CVERecord?id=CVE-2024-9401
  (* Security fix *)
patches/packages/openobex-1.7.2-x86_64-6_slack15.0.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
patches/packages/pkgtools-15.0-noarch-44_slack15.0.txz:  Rebuilt.
  makepkg: when looking for ELF objects with --remove-rpaths or
  --remove-tmp-rpaths, avoid false hits on files containing 'ELF' as part
  of the directory or filename.
  Also warn about /tmp rpaths after the package is built.
patches/packages/spirv-llvm-translator-13.0.0-x86_64-2_slack15.0.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
testing/packages/llvm-18.1.8-x86_64-2_slack15.0.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
2024-10-02 13:30:38 +02:00

147 lines
4.4 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
# Copyright 2006, 2007, 2008, 2009, 2010, 2015, 2018 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=openobex
VERSION=${VERSION:-$(echo $PKGNAM-*-Source.tar.?z* | rev | cut -f 3- -d . | cut -f 2 -d - | rev)}
BUILD=${BUILD:-6_slack15.0}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
# Automatically determine architecture for build & packaging:
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
i?86) export ARCH=i586 ;;
# Unless $ARCH is already set, use uname -m for all other archs:
*) export ARCH=$( uname -m ) ;;
esac
fi
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
exit 0
fi
TMP=${TMP:-/tmp}
PKG=$TMP/package-${PKGNAM}
if [ "$ARCH" = "i586" ]; then
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "s390" ]; then
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -fPIC"
LIBDIRSUFFIX="64"
else
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
fi
rm -rf $PKG
mkdir -p $TMP $PKG
cd $TMP
rm -rf ${PKGNAM}-${VERSION}-Source
tar xvf $CWD/${PKGNAM}-${VERSION}-Source.tar.?z* || exit 1
cd ${PKGNAM}-${VERSION}-Source || exit 1
# Make sure ownerships and permissions are sane:
chown -R root:root .
find . \
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
-exec chmod 755 {} \+ -o \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \+
mkdir -p build
cd build
cmake \
-DCMAKE_C_FLAGS:STRING="$SLKCFLAGS" \
-DCMAKE_CXX_FLAGS:STRING="$SLKCFLAGS" \
-DCMAKE_INSTALL_PREFIX=/usr \
-DCMAKE_SKIP_RPATH=ON \
-DLIB_SUFFIX=${LIBDIRSUFFIX} \
-DCMAKE_INSTALL_DOCDIR=/usr/doc/$PKGNAM-$VERSION \
-DCMAKE_BUILD_TYPE=Release ..
make $NUMJOBS || make || exit 1
make $NUMJOBS openobex-apps || make openobex-apps || exit 1
make doc || exit 1
make install DESTDIR=$PKG || exit 1
cd ..
# Strip binaries:
find $PKG | xargs file | grep -e "executable" -e "shared object" \
| grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
# Relocate man pages:
mv $PKG/usr/share/man $PKG/usr
rmdir $PKG/usr/share 2> /dev/null
# Compress and link manpages, if any:
if [ -d $PKG/usr/man ]; then
( cd $PKG/usr/man
for manpagedir in $(find . -type d -name "man*") ; do
( cd $manpagedir
for eachpage in $( find . -type l -maxdepth 1) ; do
ln -s $( readlink $eachpage ).gz $eachpage.gz
rm $eachpage
done
gzip -9 *.*
)
done
)
fi
# Compress info files, if any:
if [ -d $PKG/usr/info ]; then
( cd $PKG/usr/info
rm -f dir
gzip -9 *
)
fi
# Add a documentation directory:
mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION
cp -a \
AUTHORS COPYING* INSTALL NEWS README* \
$PKG/usr/doc/${PKGNAM}-$VERSION
# If there's a ChangeLog, installing at least part of the recent history
# is useful, but don't let it get totally out of control:
if [ -r ChangeLog ]; then
DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
touch -r ChangeLog $DOCSDIR/ChangeLog
fi
mkdir -p $PKG/install
#zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
cat $CWD/slack-desc > $PKG/install/slack-desc
cd $PKG
/sbin/makepkg -l y -c n $TMP/${PKGNAM}-$VERSION-$ARCH-$BUILD.txz
Reference in a new issue View git blame Copy permalink