mirror of
git://slackware.nl/current.git
synced 2024-12-28 09:59:53 +01:00
ffef56590d
Greetings! After three months in /testing, the PAM merge into the main tree
is now complete. When updating, be sure to install the new pam, cracklib, and
libpwquality packages or you may find yourself locked out of your machine.
Otherwise, these changes should be completely transparent and you shouldn't
notice any obvious operational differences. Be careful if you make any changes
in /etc/pam.d/ - leaving an extra console logged in while testing PAM config
changes is a recommended standard procedure. Thanks again to Robby Workman,
Vincent Batts, Phantom X, and ivandi for help implementing this. It's not
done yet and there will be more fine-tuning of the config files, but now we
can move on to build some other updates. Enjoy!
a/cracklib-2.9.7-x86_64-1.txz: Added.
a/kernel-firmware-20200517_f8d32e4-noarch-1.txz: Upgraded.
a/libcgroup-0.41-x86_64-7.txz: Rebuilt.
Rebuilt to add PAM support.
a/libpwquality-1.4.2-x86_64-1.txz: Added.
a/lilo-24.2-x86_64-9.txz: Rebuilt.
Enable the "compact" option by default.
liloconfig: correctly set the root partition.
a/pam-1.3.1-x86_64-1.txz: Added.
a/shadow-4.8.1-x86_64-7.txz: Rebuilt.
Rebuilt to add PAM support.
a/utempter-1.2.0-x86_64-1.txz: Upgraded.
a/util-linux-2.35.1-x86_64-6.txz: Rebuilt.
Rebuilt to add PAM support.
a/xfsprogs-5.6.0-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
ap/at-3.2.1-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
ap/cups-2.3.3-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
ap/hplip-3.20.5-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
ap/mariadb-10.4.13-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
ap/screen-4.8.0-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
ap/soma-3.3.0-noarch-1.txz: Upgraded.
Thanks to David Woodfall.
ap/sqlite-3.31.1-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
ap/sudo-1.9.0-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
ap/vim-8.2.0788-x86_64-1.txz: Upgraded.
d/bison-3.6.2-x86_64-1.txz: Upgraded.
d/meson-0.54.2-x86_64-1.txz: Upgraded.
d/python-setuptools-46.4.0-x86_64-1.txz: Upgraded.
d/vala-0.48.6-x86_64-1.txz: Upgraded.
kde/calligra-2.9.11-x86_64-36.txz: Rebuilt.
Recompiled against icu4c-67.1.
kde/kde-workspace-4.11.22-x86_64-7.txz: Rebuilt.
Rebuilt to add PAM support.
l/ConsoleKit2-1.2.1-x86_64-4.txz: Rebuilt.
Rebuilt to add PAM support.
l/boost-1.73.0-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/gnome-keyring-3.36.0-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
l/harfbuzz-2.6.6-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/icu4c-67.1-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/imagemagick-7.0.10_13-x86_64-1.txz: Upgraded.
l/libcap-2.34-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
l/libical-3.0.8-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/libuv-1.38.0-x86_64-1.txz: Upgraded.
l/libvisio-0.1.7-x86_64-3.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/polkit-0.116-x86_64-3.txz: Rebuilt.
Rebuilt to add PAM support.
l/qt-4.8.7-x86_64-16.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/qt5-5.13.2-x86_64-4.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/qt5-webkit-5.212.0_alpha4-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/raptor2-2.0.15-x86_64-9.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/system-config-printer-1.5.12-x86_64-4.txz: Rebuilt.
Rebuilt to add PAM support.
l/vte-0.60.2-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
n/cifs-utils-6.10-x86_64-4.txz: Rebuilt.
Rebuilt to add PAM support.
n/cyrus-sasl-2.1.27-x86_64-4.txz: Rebuilt.
Rebuilt to add PAM support.
n/dovecot-2.3.10.1-x86_64-1.txz: Upgraded.
Rebuilt to add PAM support.
Compiled against icu4c-67.1.
This update fixes several denial-of-service vulnerabilities.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10967
(* Security fix *)
n/mutt-1.14.1-x86_64-1.txz: Upgraded.
n/netatalk-3.1.12-x86_64-3.txz: Rebuilt.
Rebuilt to add PAM support.
n/netkit-rsh-0.17-x86_64-3.txz: Rebuilt.
Rebuilt to add PAM support.
n/nss-pam-ldapd-0.9.11-x86_64-1.txz: Added.
n/openssh-8.2p1-x86_64-3.txz: Rebuilt.
Rebuilt to add PAM support.
n/openvpn-2.4.9-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
n/pam-krb5-4.9-x86_64-1.txz: Added.
n/php-7.4.6-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
n/popa3d-1.0.3-x86_64-4.txz: Rebuilt.
Rebuilt to add PAM support.
n/postfix-3.5.2-x86_64-1.txz: Upgraded.
Compiled against icu4c-67.1.
n/ppp-2.4.8-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
n/proftpd-1.3.6c-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
n/samba-4.12.2-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
Recompiled against icu4c-67.1.
n/tin-2.4.4-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
n/vsftpd-3.0.3-x86_64-6.txz: Rebuilt.
Rebuilt to add PAM support.
t/texlive-2019.190626-x86_64-4.txz: Rebuilt.
Recompiled against icu4c-67.1.
x/vulkan-sdk-1.2.135.0-x86_64-1.txz: Upgraded.
x/xdm-1.1.11-x86_64-10.txz: Rebuilt.
Rebuilt to add PAM support.
x/xisxwayland-1-x86_64-1.txz: Added.
xap/sane-1.0.30-x86_64-1.txz: Upgraded.
This update fixes several security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12865
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12866
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12864
(* Security fix *)
xap/vim-gvim-8.2.0788-x86_64-1.txz: Upgraded.
xap/xlockmore-5.63-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
xap/xscreensaver-5.44-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
extra/brltty/brltty-6.1-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
extra/pure-alsa-system/qt5-5.13.2-x86_64-4_alsa.txz: Rebuilt.
Recompiled against icu4c-67.1.
isolinux/initrd.img: Rebuilt.
Added PAM libraries, security modules, and config files.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Added PAM libraries, security modules, and config files.
202 lines
6.4 KiB
Bash
Executable file
202 lines
6.4 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
# Copyright 2008, 2009, 2010, 2013, 2015, 2018, 2020 Patrick J. Volkerding, Sebeka, MN, USA
|
|
# All rights reserved.
|
|
#
|
|
# Redistribution and use of this script, with or without modification, is
|
|
# permitted provided that the following conditions are met:
|
|
#
|
|
# 1. Redistributions of this script must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
|
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
|
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
|
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
|
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
|
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
cd $(dirname $0) ; CWD=$(pwd)
|
|
|
|
PKGNAM=ppp
|
|
VERSION=2.4.8
|
|
RADVER=1.1.7
|
|
PPPVER=1.98
|
|
BUILD=${BUILD:-2}
|
|
|
|
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
|
|
|
|
# Automatically determine the architecture we're building on:
|
|
if [ -z "$ARCH" ]; then
|
|
case "$( uname -m )" in
|
|
i?86) export ARCH=i586 ;;
|
|
arm*) export ARCH=arm ;;
|
|
# Unless $ARCH is already set, use uname -m for all other archs:
|
|
*) export ARCH=$( uname -m ) ;;
|
|
esac
|
|
fi
|
|
|
|
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
|
|
# the name of the created package would be, and then exit. This information
|
|
# could be useful to other scripts.
|
|
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
|
|
echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
|
|
exit 0
|
|
fi
|
|
|
|
if [ "$ARCH" = "x86_64" ]; then
|
|
LIBDIRSUFFIX="64"
|
|
else
|
|
LIBDIRSUFFIX=""
|
|
fi
|
|
|
|
TMP=${TMP:-/tmp}
|
|
PKG=$TMP/package-ppp
|
|
|
|
rm -rf $PKG
|
|
mkdir -p $TMP $PKG
|
|
|
|
echo "+============+"
|
|
echo "| ppp-$VERSION |"
|
|
echo "+============+"
|
|
cd $TMP
|
|
rm -rf ppp-$VERSION ppp-ppp-$VERSION
|
|
tar xvf $CWD/ppp-$VERSION.tar.xz || exit 1
|
|
cd ppp-ppp-$VERSION || ppp-$VERSION || exit 1
|
|
chown -R root:root .
|
|
find . \
|
|
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
|
|
-exec chmod 755 {} \+ -o \
|
|
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
|
|
-exec chmod 644 {} \+
|
|
|
|
zcat $CWD/ppp.slack.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit 1
|
|
sed -i -e "s#lib/pppd#lib${LIBDIRSUFFIX}/pppd#g" $(grep -lr 'lib/pppd' *)
|
|
|
|
# This conflicts with the header in 3.5+ kernels:
|
|
rm -f include/linux/if_pppol2tp.h
|
|
|
|
zcat $CWD/ppp.CVE-2015-3310.diff.gz | patch -p1 --verbose || exit 1
|
|
zcat $CWD/ppp.CVE-2020-8597.patch.gz | patch -p1 --verbose || exit 1
|
|
|
|
# Choose correct options depending on whether PAM is installed:
|
|
if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
|
|
PAM_OPTIONS="USE_PAM=y"
|
|
else
|
|
unset PAM_OPTIONS
|
|
fi
|
|
|
|
./configure \
|
|
--prefix=/usr \
|
|
--libdir=/usr/lib${LIBDIRSUFFIX} || exit 1
|
|
|
|
make $PAM_OPTIONS $NUMJOBS || make $PAM_OPTIONS || exit 1
|
|
make $PAM_OPTIONS install DESTDIR=$PKG/usr || exit 1
|
|
|
|
if [ ! -z "$PAM_OPTIONS" ]; then
|
|
mkdir -p $PKG/etc/pam.d
|
|
cat pppd/ppp.pam > $PKG/etc/pam.d/ppp.new
|
|
fi
|
|
|
|
# Install PPP config files:
|
|
mkdir -p $PKG/etc/ppp
|
|
cp -a etc.ppp/* $PKG/etc/ppp
|
|
chmod 600 $PKG/etc/ppp/*secrets
|
|
( cd $PKG/etc/ppp
|
|
mv chap-secrets chap-secrets.new
|
|
mv options options.new
|
|
mv pap-secrets pap-secrets.new
|
|
)
|
|
zcat $CWD/options.new.gz > $PKG/etc/ppp/options.new
|
|
|
|
# Fix what seems like an insecure default setting.
|
|
# Feel free to "chmod 4750 pppoatm.so rp-pppoe.so" at your own risk.
|
|
# Since they are only runnable by group root, the risk really isn't much...
|
|
chmod 755 $PKG/usr/lib${LIBDIRSUFFIX}/pppd/*/*.so
|
|
|
|
# The Makefile doesn't error out if building rp-pppoe.so fails, so check for it:
|
|
if [ ! -r $PKG/usr/lib${LIBDIRSUFFIX}/pppd/${VERSION}/rp-pppoe.so ]; then
|
|
echo "FATAL: /usr/lib${LIBDIRSUFFIX}/pppd/${VERSION}/rp-pppoe.so failed to build."
|
|
exit 1
|
|
fi
|
|
|
|
mkdir -p $PKG/usr/doc/ppp-$VERSION
|
|
cp -a \
|
|
FAQ PLUGINS README* SETUP scripts \
|
|
$PKG/usr/doc/ppp-$VERSION
|
|
|
|
echo "+====================+"
|
|
echo "| freeradius-client-$RADVER |"
|
|
echo "+====================+"
|
|
cd $TMP
|
|
rm -rf freeradius-client-$RADVER
|
|
tar xf $CWD/freeradius-client-$RADVER.tar.xz || exit 1
|
|
cd freeradius-client-$RADVER || exit 1
|
|
chown -R root:root .
|
|
./configure \
|
|
--prefix=/usr \
|
|
--libdir=/usr/lib${LIBDIRSUFFIX} \
|
|
--sysconfdir=/etc \
|
|
--build=$ARCH-slackware-linux || exit 1
|
|
make $NUMJOBS || make || exit 1
|
|
make install DESTDIR=$PKG || exit 1
|
|
zcat $CWD/radius.msdict.gz > $PKG/etc/radiusclient/dictionary.microsoft
|
|
zcat $CWD/realms.gz > $PKG/etc/radiusclient/realms
|
|
( cd $PKG/etc/radiusclient
|
|
chmod 600 realms servers
|
|
mv issue issue.new
|
|
mv radiusclient.conf radiusclient.conf.new
|
|
mv realms realms.new
|
|
mv servers servers.new
|
|
)
|
|
mkdir -p $PKG/usr/doc/freeradius-client-$RADVER
|
|
cp -a \
|
|
BUGS CHANGES COPYRIGHT README README.radexample doc/instop.html \
|
|
$PKG/usr/doc/freeradius-client-$RADVER
|
|
chmod 644 $PKG/usr/doc/freeradius-client-$RADVER/*
|
|
|
|
echo "+===============+"
|
|
echo "| pppsetup-$PPPVER |"
|
|
echo "+===============+"
|
|
cd $TMP
|
|
rm -rf pppsetup-$PPPVER
|
|
tar xvf $CWD/pppsetup-$PPPVER.tar.xz || exit 1
|
|
cd pppsetup-$PPPVER || exit 1
|
|
chown -R root:root .
|
|
zcat $CWD/pppsetup-1.98.slack.diff.gz | patch -p1 --backup || exit
|
|
zcat $CWD/pppsetup-1.98.pppoff.diff.gz | patch -p0 --backup || exit
|
|
zcat $CWD/pppsetup-1.98.moredevs.diff.gz | patch -p1 --backup || exit
|
|
zcat $CWD/pppsetup-1.98.backupfiles.diff.gz | patch -p1 --backup || exit
|
|
chmod 755 ppp-off pppsetup
|
|
cp -a ppp-off pppsetup $PKG/usr/sbin
|
|
mkdir -p $PKG/usr/doc/pppsetup
|
|
cp -a \
|
|
README.pppsetup ppp-compile.txt pppsetup-$PPPVER.README pppsetup-$PPPVER.lsm \
|
|
$PKG/usr/doc/pppsetup
|
|
|
|
# Don't ship .la files:
|
|
rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
|
|
|
|
( cd $PKG
|
|
find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
|
|
find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
|
|
find . -name "*.a" | xargs file | grep "ar archive" | cut -f 1 -d : | xargs strip -g 2> /dev/null
|
|
)
|
|
|
|
chmod 755 $PKG/usr/sbin/*
|
|
|
|
gzip -9 $PKG/usr/man/man?/*.?
|
|
chmod 644 $PKG/usr/man/man?/*
|
|
|
|
mkdir -p $PKG/install
|
|
zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
|
|
cat $CWD/slack-desc > $PKG/install/slack-desc
|
|
|
|
# Build the package:
|
|
cd $PKG
|
|
/sbin/makepkg -l y -c n $TMP/ppp-$VERSION-$ARCH-$BUILD.txz
|
|
|