mirror of
git://slackware.nl/current.git
synced 2024-12-28 09:59:53 +01:00
aaa6bb3264
a/pam-1.5.3-x86_64-1.txz: Upgraded. ap/cups-filters-1.28.17-x86_64-2.txz: Rebuilt. [PATCH] Merge pull request from GHSA-gpxc-v2m8-fr3x. With execv() command line arguments are passed as separate strings and not the full command line in a single string. This prevents arbitrary command execution by escaping the quoting of the arguments in a job with forged job title. Thanks to marav. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-24805 (* Security fix *) ap/vim-9.0.1569-x86_64-1.txz: Upgraded. xap/vim-gvim-9.0.1569-x86_64-1.txz: Upgraded.
231 lines
8.4 KiB
Bash
Executable file
231 lines
8.4 KiB
Bash
Executable file
#!/bin/sh
|
|
|
|
# Copyright 2010 Vincent Batts, vbatts@hashbangbash.com
|
|
# Copyright 2010, 2011 Patrick J. Volkerding, Sebeka, Minnesota, USA
|
|
# All rights reserved.
|
|
#
|
|
# Redistribution and use of this script, with or without modification, is
|
|
# permitted provided that the following conditions are met:
|
|
#
|
|
# 1. Redistributions of this script must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
|
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
|
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
|
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
|
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
|
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
cd $(dirname $0) ; CWD=$(pwd)
|
|
|
|
SRCNAM=Linux-PAM
|
|
PKGNAM=pam
|
|
PAMRHVER=${PAMRHVER:-$(echo pam-redhat-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
|
|
VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
|
|
BUILD=${BUILD:-1}
|
|
|
|
# Automatically determine the architecture we're building on:
|
|
if [ -z "$ARCH" ]; then
|
|
case "$( uname -m )" in
|
|
i?86) export ARCH=i586 ;;
|
|
arm*) export ARCH=arm ;;
|
|
# Unless $ARCH is already set, use uname -m for all other archs:
|
|
*) export ARCH=$( uname -m ) ;;
|
|
esac
|
|
fi
|
|
|
|
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
|
|
# the name of the created package would be, and then exit. This information
|
|
# could be useful to other scripts.
|
|
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
|
|
echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
|
|
exit 0
|
|
fi
|
|
|
|
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
|
|
|
|
if [ "$ARCH" = "i586" ]; then
|
|
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
|
|
LIBDIRSUFFIX=""
|
|
elif [ "$ARCH" = "s390" ]; then
|
|
SLKCFLAGS="-O2"
|
|
LIBDIRSUFFIX=""
|
|
elif [ "$ARCH" = "x86_64" ]; then
|
|
SLKCFLAGS="-O2 -fPIC"
|
|
LIBDIRSUFFIX="64"
|
|
else
|
|
SLKCFLAGS="-O2"
|
|
LIBDIRSUFFIX=""
|
|
fi
|
|
|
|
TMP=${TMP:-/tmp}
|
|
PKG=$TMP/package-$PKGNAM
|
|
|
|
rm -rf $PKG
|
|
mkdir -p $TMP $PKG
|
|
|
|
cd $TMP
|
|
rm -rf $SRCNAM-$VERSION
|
|
tar xvf $CWD/$SRCNAM-$VERSION.tar.?z || exit 1
|
|
cd $SRCNAM-$VERSION || exit 1
|
|
|
|
chown -R root:root .
|
|
find . \
|
|
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
|
|
-exec chmod 755 {} \+ -o \
|
|
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
|
|
-exec chmod 644 {} \+
|
|
|
|
# Better take the Red Hat added modules and patches, because that's very
|
|
# likely to be the most standard as far as PAM goes:
|
|
tar xvf $CWD/pam-redhat-$PAMRHVER.tar.?z || exit 1
|
|
for file in CHANGELOG COPYING README ; do
|
|
mv pam-redhat-$PAMRHVER/${file}* ./${file}.pam-redhat
|
|
done
|
|
# Add additional PAM modules from Red Hat:
|
|
for file in pam-redhat-$PAMRHVER/* ; do
|
|
if [ ! -d modules/$(basename $file) ]; then
|
|
echo "Moving module directory $(basename $file)."
|
|
mv $file modules
|
|
else
|
|
echo "$(basename $file) already exists in modules/, not moving!"
|
|
fi
|
|
done
|
|
# NOTE: Linux-PAM-1.4.0 already ships with most of these applied:
|
|
#zcat $CWD/fedora-patches/pam-1.3.1-redhat-modules.patch.gz | patch -p1 --verbose || exit 1
|
|
#zcat $CWD/fedora-patches/pam-1.4.0-redhat-modules.patch.gz | patch -p1 --verbose || exit 1
|
|
zcat $CWD/fedora-patches/pam-1.5.0-redhat-modules.patch.gz | patch -p1 --verbose || exit 1
|
|
#zcat $CWD/fedora-patches/pam-1.3.1-noflex.patch.gz | patch -p1 --verbose || exit 1
|
|
#zcat $CWD/fedora-patches/pam-1.1.3-nouserenv.patch.gz | patch -p1 --verbose || exit 1
|
|
zcat $CWD/fedora-patches/pam-1.1.6-limits-user.patch.gz | patch -p1 --verbose || exit 1
|
|
#zcat $CWD/fedora-patches/pam-1.1.8-full-relro.patch.gz | patch -p1 --verbose || exit 1
|
|
#zcat $CWD/fedora-patches/pam-1.3.0-pwhistory-helper.patch.gz | patch -p1 --verbose || exit 1
|
|
#zcat $CWD/fedora-patches/pam-1.1.8-audit-user-mgmt.patch.gz | patch -p1 --verbose || exit 1
|
|
zcat $CWD/fedora-patches/pam-1.3.0-unix-nomsg.patch.gz | patch -p1 --verbose || exit 1
|
|
#zcat $CWD/fedora-patches/pam-1.3.1-coverity.patch.gz | patch -p1 --verbose || exit 1
|
|
#zcat $CWD/fedora-patches/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch.gz | patch -p1 --verbose || exit 1
|
|
#zcat $CWD/fedora-patches/pam-1.3.1-unix-bcrypt_b.patch.gz | patch -p1 --verbose || exit 1
|
|
#zcat $CWD/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch.gz | patch -p1 --verbose || exit 1
|
|
#zcat $CWD/fedora-patches/pam-1.3.1-unix-crypt_checksalt.patch.gz | patch -p1 --verbose || exit 1
|
|
#zcat $CWD/fedora-patches/pam-1.3.1-unix-yescrypt.patch.gz | patch -p1 --verbose || exit 1
|
|
#zcat $CWD/fedora-patches/pam-1.3.1-unix-no-fallback.patch.gz | patch -p1 --verbose || exit 1
|
|
#zcat $CWD/fedora-patches/pam-1.3.1-motd-multiple-paths.patch.gz | patch -p1 --verbose || exit 1
|
|
#zcat $CWD/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch.gz | patch -p1 --verbose || exit 1
|
|
#zcat $CWD/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch.gz | patch -p1 --verbose || exit 1
|
|
|
|
# Improve the comments in /etc/environment:
|
|
zcat $CWD/patches/pam.etc.environment.better.comments.diff.gz | patch -p1 --verbose || exit 1
|
|
|
|
autoreconf -ivf || exit 1
|
|
|
|
CFLAGS="$SLKCFLAGS" \
|
|
CXXFLAGS="$SLKCFLAGS" \
|
|
./configure \
|
|
--prefix=/ \
|
|
--libdir=/lib${LIBDIRSUFFIX} \
|
|
--sysconfdir=/etc \
|
|
--includedir=/usr/include/security \
|
|
--enable-securedir=/lib${LIBDIRSUFFIX}/security \
|
|
--datarootdir=/usr/share \
|
|
--localstatedir=/var \
|
|
--mandir=/usr/man \
|
|
--docdir=/usr/doc/$PKGNAM-$VERSION \
|
|
--disable-regenerate-docu \
|
|
--disable-audit \
|
|
--disable-prelude \
|
|
--disable-rpath \
|
|
--disable-selinux \
|
|
--disable-static \
|
|
--enable-lastlog \
|
|
--build=$ARCH-slackware-linux || exit 1
|
|
|
|
# Make these man pages or the build falls over later
|
|
xmlto man modules/pam_faillock/faillock.8.xml -o modules/pam_faillock/
|
|
xmlto man modules/pam_faillock/pam_faillock.8.xml -o modules/pam_faillock/
|
|
xmlto man modules/pam_pwhistory/pwhistory_helper.8.xml -o modules/pam_pwhistory/
|
|
|
|
make -C po update-gmo
|
|
make $NUMJOBS || make || exit 1
|
|
make install DESTDIR=$PKG || exit 1
|
|
|
|
# Don't ship .la files:
|
|
rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
|
|
|
|
# The ones in /lib${LIBDIRSUFFIX}/security can also go:
|
|
rm -f $PKG/lib${LIBDIRSUFFIX}/security/*.la
|
|
|
|
# Add extra symlinks added by pam.spec:
|
|
( cd $PKG/lib${LIBDIRSUFFIX}/security
|
|
for type in acct auth passwd session ; do
|
|
ln -sf pam_unix.so pam_unix_${type}.so
|
|
done
|
|
)
|
|
|
|
# This is a pam helper that can only be called from pam
|
|
chown root:root $PKG/sbin/unix_chkpwd
|
|
chmod 6755 $PKG/sbin/unix_chkpwd
|
|
|
|
# This package can own the /etc/pam.d/ directory
|
|
mkdir -p $PKG/etc/pam.d
|
|
|
|
# Strip binaries:
|
|
( cd $PKG
|
|
find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
|
|
find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
|
|
)
|
|
|
|
# Don't clobber config files:
|
|
find $PKG/etc -type f -exec mv {} {}.new \;
|
|
|
|
# Compress and if needed symlink the man pages:
|
|
if [ -d $PKG/usr/man ]; then
|
|
( cd $PKG/usr/man
|
|
for manpagedir in $(find . -type d -name "man*") ; do
|
|
( cd $manpagedir
|
|
for eachpage in $( find . -type l -maxdepth 1) ; do
|
|
ln -s $( readlink $eachpage ).gz $eachpage.gz
|
|
rm $eachpage
|
|
done
|
|
gzip -9 *.?
|
|
)
|
|
done
|
|
)
|
|
fi
|
|
|
|
mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
|
|
cp -a \
|
|
AUTHORS COPYING* Copyright NEWS README* \
|
|
$PKG/usr/doc/$PKGNAM-$VERSION
|
|
|
|
# If there's a ChangeLog, installing at least part of the recent history
|
|
# is useful, but don't let it get totally out of control:
|
|
if [ -r ChangeLog ]; then
|
|
DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
|
|
cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
|
|
touch -r ChangeLog $DOCSDIR/ChangeLog
|
|
fi
|
|
if [ -r CHANGELOG ]; then
|
|
DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
|
|
cat CHANGELOG | head -n 1000 > $DOCSDIR/CHANGELOG
|
|
touch -r CHANGELOG $DOCSDIR/CHANGELOG
|
|
fi
|
|
rm -f $PKG/usr/doc/$PKGNAM-$VERSION/index.html
|
|
|
|
mkdir -p $PKG/install
|
|
cat $CWD/slack-desc > $PKG/install/slack-desc
|
|
zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
|
|
|
|
# Append config statements to the install/doinst.sh:
|
|
( cd $PKG
|
|
for i in $(find etc -type f -name "*.new") ; do
|
|
echo "config $i" >> $PKG/install/doinst.sh ;
|
|
done
|
|
)
|
|
|
|
cd $PKG
|
|
/sbin/makepkg -p -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz
|