slackware-current/source/d/llvm/llvm.SlackBuild
Patrick J Volkerding 1e755d579a Tue Oct 1 18:01:38 UTC 2024
Several ELF objects were found to have rpaths pointing into /tmp, a world
writable directory. This could have allowed a local attacker to launch denial
of service attacks or execute arbitrary code when the affected binaries are
run by placing crafted ELF objects in the /tmp rpath location. All rpaths with
an embedded /tmp path have been scrubbed from the binaries, and makepkg has
gained a lint feature to detect these so that they won't creep back in.
a/kernel-firmware-20241001_95bfe08-noarch-1.txz:  Upgraded.
a/kernel-generic-6.10.12-x86_64-1.txz:  Upgraded.
a/pkgtools-15.1-noarch-12.txz:  Rebuilt.
  makepkg: when looking for ELF objects with --remove-rpaths or
  --remove-tmp-rpaths, avoid false hits on files containing 'ELF' as part
  of the directory or filename.
  Also warn about /tmp rpaths after the package is built.
ap/cups-2.4.11-x86_64-1.txz:  Upgraded.
ap/cups-browsed-2.0.1-x86_64-2.txz:  Rebuilt.
  Mitigate security issue that could lead to a denial of service or
  the execution of arbitrary code.
  Rebuilt with --with-browseremoteprotocols=none to disable incoming
  connections, since this daemon has been shown to be insecure. If you
  actually use cups-browsed, be sure to install the new
  /etc/cups/cups-browsed.conf.new containing this line:
  BrowseRemoteProtocols none
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-47176
  (* Security fix *)
d/kernel-headers-6.10.12-x86-1.txz:  Upgraded.
d/llvm-18.1.8-x86_64-3.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
d/luajit-2.1.1727621189-x86_64-1.txz:  Upgraded.
d/ruby-3.3.5-x86_64-2.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
k/kernel-source-6.10.12-noarch-1.txz:  Upgraded.
kde/kimageformats-5.116.0-x86_64-2.txz:  Rebuilt.
  Recompiled against openexr-3.3.0.
kde/kio-extras-23.08.5-x86_64-2.txz:  Rebuilt.
  Recompiled against openexr-3.3.0.
kde/krita-5.2.5-x86_64-2.txz:  Rebuilt.
  Recompiled against openexr-3.3.0.
kde/libindi-2.1.0-x86_64-1.txz:  Upgraded.
l/cryfs-0.10.3-x86_64-13.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
l/espeak-ng-1.51.1-x86_64-2.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
l/ffmpeg-7.1-x86_64-1.txz:  Upgraded.
l/gegl-0.4.48-x86_64-3.txz:  Rebuilt.
  Recompiled against openexr-3.3.0.
l/gst-plugins-bad-free-1.24.8-x86_64-2.txz:  Rebuilt.
  Recompiled against openexr-3.3.0.
l/imagemagick-7.1.1_38-x86_64-2.txz:  Rebuilt.
  Recompiled against openexr-3.3.0.
l/libgsf-1.14.53-x86_64-1.txz:  Upgraded.
l/librsvg-2.58.5-x86_64-1.txz:  Upgraded.
l/libvncserver-0.9.14-x86_64-3.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
l/mozjs128-128.3.0esr-x86_64-1.txz:  Upgraded.
l/netpbm-11.08.00-x86_64-1.txz:  Upgraded.
l/opencv-4.10.0-x86_64-3.txz:  Rebuilt.
  Recompiled against openexr-3.3.0.
l/openexr-3.3.0-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
l/python-glad2-2.0.8-x86_64-1.txz:  Upgraded.
l/python-pyproject-hooks-1.2.0-x86_64-1.txz:  Upgraded.
l/spirv-llvm-translator-18.1.4-x86_64-2.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
l/woff2-20231106_0f4d304-x86_64-2.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
n/openobex-1.7.2-x86_64-6.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
x/marisa-0.2.6-x86_64-11.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
xap/gimp-2.10.38-x86_64-2.txz:  Rebuilt.
  Recompiled against openexr-3.3.0.
xap/mozilla-firefox-128.3.0esr-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/128.3.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-47
    https://www.cve.org/CVERecord?id=CVE-2024-9392
    https://www.cve.org/CVERecord?id=CVE-2024-9393
    https://www.cve.org/CVERecord?id=CVE-2024-9394
    https://www.cve.org/CVERecord?id=CVE-2024-8900
    https://www.cve.org/CVERecord?id=CVE-2024-9396
    https://www.cve.org/CVERecord?id=CVE-2024-9397
    https://www.cve.org/CVERecord?id=CVE-2024-9398
    https://www.cve.org/CVERecord?id=CVE-2024-9399
    https://www.cve.org/CVERecord?id=CVE-2024-9400
    https://www.cve.org/CVERecord?id=CVE-2024-9401
    https://www.cve.org/CVERecord?id=CVE-2024-9402
  (* Security fix *)
xap/xlockmore-5.80-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
testing/packages/kernel-generic-6.11.1-x86_64-1.txz:  Upgraded.
testing/packages/kernel-headers-6.11.1-x86-1.txz:  Upgraded.
testing/packages/kernel-source-6.11.1-noarch-1.txz:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
2024-10-01 22:04:37 +02:00

222 lines
7.9 KiB
Bash
Executable file

#!/bin/bash
# Slackware build script for llvm
# Copyright 2008-2016 Heinz Wiesinger, Amsterdam, The Netherlands
# Copyright 2012, 2013, 2014, 2015, 2016, 2018, 2019, 2020, 2021, 2022, 2023, 2024 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=llvm
VERSION=${VERSION:-$(echo llvmorg-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-3}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
i?86) ARCH=i686 ;;
arm*) ARCH=arm ;;
*) ARCH=$( uname -m ) ;;
esac
fi
# Select projects to build:
if [ "$ARCH" = "i586" -o "$ARCH" = "i686" ]; then
# bolt and flang are not available on 32-bit
LLVM_ENABLE_PROJECTS=${LLVM_ENABLE_PROJECTS:-"clang;clang-tools-extra;compiler-rt;lld;lldb;llvm;mlir;openmp;polly"}
else
LLVM_ENABLE_PROJECTS=${LLVM_ENABLE_PROJECTS:-"bolt;clang;clang-tools-extra;compiler-rt;flang;lld;lldb;llvm;mlir;openmp;polly"}
fi
# Select runtimes to build:
LLVM_ENABLE_RUNTIMES=${LLVM_ENABLE_RUNTIMES:-"libcxx;libcxxabi"}
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
exit 0
fi
TMP=${TMP:-/tmp}
PKG=$TMP/package-$PKGNAM
BUILDDIR=${TMP}/llvm-build-${VERSION}
# Ignore that which should be ignored to avoid long build times and
# massive warning spew:
IGNORE_GNU_EXTENSIONS=${IGNORE_GNU_EXTENSIONS:--Wno-unknown-warning-option -Wno-gnu-line-marker -Wno-gnu-anonymous-struct -Wno-gnu-include-next}
if [ "$ARCH" = "i586" ]; then
SLKCFLAGS="-O2 -march=i586 -mtune=i686 $IGNORE_GNU_EXTENSIONS"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
SLKCFLAGS="-O2 -march=pentium4 -mtune=generic $IGNORE_GNU_EXTENSIONS"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC $IGNORE_GNU_EXTENSIONS"
LIBDIRSUFFIX="64"
else
SLKCFLAGS="-O2 $IGNORE_GNU_EXTENSIONS"
LIBDIRSUFFIX=""
fi
# Python3 short version:
PY3=$(python3 -c 'from distutils.sysconfig import get_python_lib; print(get_python_lib())' | cut -f 2 -d n | cut -f 1 -d /)
rm -rf $PKG $BUILDDIR
mkdir -p $TMP $PKG $BUILDDIR
cd $BUILDDIR
# Add a fake configure script so the cleanup script used here at Slackware
# knows to delete this stuff later. Other folks can just ignore this... it
# doesn't have any other purpose.
touch configure
chmod 755 configure
echo "Extracting $CWD/llvmorg-$VERSION.tar.?z..."
tar xf $CWD/llvmorg-$VERSION.tar.?z || exit 1
cd llvm-project-llvmorg-$VERSION || cd llvmorg-$VERSION || exit 1
# Support GCC built for i?86-slackware-linux:
zcat $CWD/clang.toolchains.32-bit.triple.diff.gz | patch -p2 --verbose || exit 1
chown -R root:root .
find . \
\( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 -o -perm 511 \) \
-exec chmod 755 {} \+ -o \
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \+
mkdir build
cd build
cmake -GNinja \
-DCMAKE_C_COMPILER="clang" \
-DCMAKE_CXX_COMPILER="clang++" \
-DCMAKE_C_FLAGS:STRING="$SLKCFLAGS" \
-DCMAKE_CXX_FLAGS:STRING="$SLKCFLAGS" \
-DCMAKE_INSTALL_PREFIX=/usr \
-DCMAKE_SKIP_RPATH=ON \
-DLLVM_LIBDIR_SUFFIX=${LIBDIRSUFFIX} \
-DCMAKE_BUILD_TYPE=Release \
-DLLVM_BUILD_LLVM_DYLIB=ON \
-DLLVM_LINK_LLVM_DYLIB=ON \
-DCLANG_LINK_CLANG_DYLIB=ON \
-DLLVM_USE_LINKER=lld \
-DLLVM_ENABLE_PROJECTS="$LLVM_ENABLE_PROJECTS" \
-DLLVM_ENABLE_RUNTIMES="$LLVM_ENABLE_RUNTIMES" \
-DLLVM_ENABLE_RTTI=ON \
-DLLVM_ENABLE_FFI=ON \
-DLLVM_ENABLE_ZLIB=ON \
-DLLVM_ENABLE_ASSERTIONS=OFF \
-DLLVM_ENABLE_PER_TARGET_RUNTIME_DIR=NO \
-DLLVM_INSTALL_UTILS=ON \
-DLLVM_BINUTILS_INCDIR=/usr/include \
-DCLANG_RESOURCE_DIR="../lib${LIBDIRSUFFIX}/clang/$(echo $VERSION | cut -f 1 -d .)" \
-DLLVM_TARGETS_TO_BUILD="host;AMDGPU;BPF;WebAssembly" \
-DLLVM_INCLUDE_BENCHMARKS=OFF \
-DCOMPILER_RT_BUILD_LIBFUZZER=OFF \
-DCLANG_DEFAULT_PIE_ON_LINUX=ON \
-DLIBCXX_LIBDIR_SUFFIX=${LIBDIRSUFFIX} \
-DLIBCXXABI_LIBDIR_SUFFIX=${LIBDIRSUFFIX} \
-DLIBCXX_INCLUDE_BENCHMARKS=OFF \
-DLIBCXX_ENABLE_ABI_LINKER_SCRIPT=ON \
-DLIBCXXABI_USE_LLVM_UNWINDER=OFF \
../llvm || exit 1
"${NINJA:=ninja}" $NUMJOBS || exit 1
DESTDIR=$PKG "$NINJA" install || exit 1
cd ..
# Add symlinks for $ARCH-slackware-linux-{clang,clang++}:
( cd $PKG/usr/bin
ln -sf clang $ARCH-slackware-linux-clang
ln -sf clang++ $ARCH-slackware-linux-clang++
)
# Install clang-static-analyzer:
for i in ccc c++; do
ln -s /usr/libexec/$i-analyzer \
$PKG/usr/bin/$i-analyzer || exit 1
done
# Ensure lit-cpuid is installed:
if [ ! -r $PKG/usr/bin/lit-cpuid ]; then
cp -a build/bin/lit-cpuid $PKG/usr/bin/lit-cpuid
chown root:root $PKG/usr/bin/lit-cpuid
chmod 755 $PKG/usr/bin/lit-cpuid
fi
# Remove symlink to libgomp, which is already provided by gcc:
rm -f $PKG/usr/lib$LIBDIRSUFFIX/libgomp.so
# Install Python bindings:
for pyver in ${PY3}; do
mkdir -p "$PKG/usr/lib$LIBDIRSUFFIX/python$pyver/site-packages"
cp -a clang/bindings/python/clang "$PKG/usr/lib$LIBDIRSUFFIX/python$pyver/site-packages/"
done
# Remove bundled python-six:
rm -f "$PKG/usr/lib$LIBDIRSUFFIX/python2*/site-packages/six.py"
# Compile Python scripts:
python3 -m compileall "$PKG/usr/lib$LIBDIRSUFFIX/python${PY3}/site-packages/clang"
python3 -O -m compileall "$PKG/usr/lib$LIBDIRSUFFIX/python${PY3}/site-packages/clang"
python3 -m compileall "$PKG/usr/share/scan-view"
python3 -O -m compileall "$PKG/usr/share/scan-view"
python3 -m compileall "$PKG/usr/share/clang"
python3 -O -m compileall "$PKG/usr/share/clang"
python3 -m compileall "$PKG/usr/share/opt-viewer"
python3 -O -m compileall "$PKG/usr/share/opt-viewer"
# Nevermind, we're not shipping this python2 crap:
rm -rf $PKG/usr/lib$LIBDIRSUFFIX/python2*
# Move man page directory:
mv $PKG/usr/share/man $PKG/usr/
# Strip binaries:
( cd $PKG
find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
)
# Compress manual pages:
find $PKG/usr/man -type f -exec gzip -9 {} \+
for i in $( find $PKG/usr/man -type l ) ; do
ln -s $( readlink $i ).gz $i.gz
rm $i
done
# Just copy anything top or next level that looks like it might be docs.
# Maybe we'll include it someday. ;-)
mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
cp -a *.{txt,md,TXT,rst} $PKG/usr/doc/$PKGNAM-$VERSION
cp -a --parents */*.{txt,md,TXT,rst} $PKG/usr/doc/$PKGNAM-$VERSION
cp -a --parents */README* $PKG/usr/doc/$PKGNAM-$VERSION
find $PKG/usr/doc/$PKGNAM-$VERSION -name CMakeLists.txt -exec rm -f "{}" \;
rmdir $PKG/usr/doc/$PKGNAM-$VERSION/* 2> /dev/null
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cd $PKG
/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz