Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2024-12-28 09:59:53 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
slackware-current/source/l/mozilla-nss/mozilla-nss.SlackBuild
Patrick J Volkerding 7a2ee07f95 Tue Oct 3 22:19:10 UTC 2023 
a/aaa_glibc-solibs-2.37-x86_64-3.txz:  Rebuilt.
a/dialog-1.3_20231002-x86_64-1.txz:  Upgraded.
ap/mpg123-1.32.3-x86_64-1.txz:  Upgraded.
d/llvm-17.0.2-x86_64-1.txz:  Upgraded.
d/meson-1.2.2-x86_64-2.txz:  Rebuilt.
  [PATCH] Revert rust: apply global, project, and environment C args to bindgen.
  This fixes building Mesa.
  Thanks to lucabon and marav.
kde/calligra-3.2.1-x86_64-34.txz:  Rebuilt.
  Recompiled against poppler-23.10.0.
kde/cantor-23.08.1-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-23.10.0.
kde/kfilemetadata-5.110.0-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-23.10.0.
kde/kile-2.9.93-x86_64-28.txz:  Rebuilt.
  Recompiled against poppler-23.10.0.
kde/kitinerary-23.08.1-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-23.10.0.
kde/krita-5.1.5-x86_64-15.txz:  Rebuilt.
  Recompiled against poppler-23.10.0.
kde/okular-23.08.1-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-23.10.0.
l/glibc-2.37-x86_64-3.txz:  Rebuilt.
l/glibc-i18n-2.37-x86_64-3.txz:  Rebuilt.
  Patched to fix the "Looney Tunables" vulnerability, a local privilege
  escalation in ld.so. This vulnerability was introduced in April 2021
  (glibc 2.34) by commit 2ed18c.
  Thanks to Qualys Research Labs for reporting this issue.
  For more information, see:
    https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
    https://www.cve.org/CVERecord?id=CVE-2023-4911
  (* Security fix *)
l/glibc-profile-2.37-x86_64-3.txz:  Rebuilt.
l/mozilla-nss-3.94-x86_64-1.txz:  Upgraded.
l/poppler-23.10.0-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
n/NetworkManager-1.44.2-x86_64-1.txz:  Upgraded.
n/irssi-1.4.5-x86_64-1.txz:  Upgraded.
x/fcitx5-5.1.1-x86_64-1.txz:  Upgraded.
x/fcitx5-anthy-5.1.1-x86_64-1.txz:  Upgraded.
x/fcitx5-chinese-addons-5.1.1-x86_64-1.txz:  Upgraded.
x/fcitx5-gtk-5.1.0-x86_64-1.txz:  Upgraded.
x/fcitx5-hangul-5.1.0-x86_64-1.txz:  Upgraded.
x/fcitx5-kkc-5.1.0-x86_64-1.txz:  Upgraded.
x/fcitx5-m17n-5.1.0-x86_64-1.txz:  Upgraded.
x/fcitx5-qt-5.1.1-x86_64-1.txz:  Upgraded.
x/fcitx5-sayura-5.1.0-x86_64-1.txz:  Upgraded.
x/fcitx5-table-extra-5.1.0-x86_64-1.txz:  Upgraded.
x/fcitx5-table-other-5.1.0-x86_64-1.txz:  Upgraded.
x/fcitx5-unikey-5.1.1-x86_64-1.txz:  Upgraded.
x/libX11-1.8.7-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  libX11: out-of-bounds memory access in _XkbReadKeySyms().
  libX11: stack exhaustion from infinite recursion in PutSubImage().
  libX11: integer overflow in XCreateImage() leading to a heap overflow.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003424.html
    https://www.cve.org/CVERecord?id=CVE-2023-43785
    https://www.cve.org/CVERecord?id=CVE-2023-43786
    https://www.cve.org/CVERecord?id=CVE-2023-43787
  (* Security fix *)
x/libXpm-3.5.17-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  libXpm: out of bounds read in XpmCreateXpmImageFromBuffer().
  libXpm: out of bounds read on XPM with corrupted colormap.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003424.html
    https://www.cve.org/CVERecord?id=CVE-2023-43788
    https://www.cve.org/CVERecord?id=CVE-2023-43789
  (* Security fix *)
testing/packages/aaa_glibc-solibs-2.38-x86_64-2.txz:  Rebuilt.
testing/packages/glibc-2.38-x86_64-2.txz:  Rebuilt.
  Patched to fix the "Looney Tunables" vulnerability, a local privilege
  escalation in ld.so. This vulnerability was introduced in April 2021
  (glibc 2.34) by commit 2ed18c.
  Thanks to Qualys Research Labs for reporting this issue.
  For more information, see:
    https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
    https://www.cve.org/CVERecord?id=CVE-2023-4911
  (* Security fix *)
testing/packages/glibc-i18n-2.38-x86_64-2.txz:  Rebuilt.
testing/packages/glibc-profile-2.38-x86_64-2.txz:  Rebuilt.
2023-10-04 01:08:21 +02:00

185 lines
5.9 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
# Copyright 2005, 2006, 2008, 2009, 2010, 2012 Eric Hameleers, Eindhoven, NL
# Copyright 2013, 2014, 2015, 2017, 2018, 2019, 2020, 2023 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Permission to use, copy, modify, and distribute this software for
# any purpose with or without fee is hereby granted, provided that
# the above copyright notice and this permission notice appear in all
# copies.
#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
# -----------------------------------------------------------------------------
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=mozilla-nss
SRCNAM=nss
VERSION=${VERSION:-3.94}
NSPR=${NSPR:-4.35}
BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
MARCH=$( uname -m )
if [ -z "$ARCH" ]; then
case "$MARCH" in
i?86) export ARCH=i586 ;;
armv7hl) export ARCH=$MARCH ;;
arm*) export ARCH=arm ;;
# Unless $ARCH is already set, use uname -m for all other archs:
*) export ARCH=$MARCH ;;
esac
fi
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
exit 0
fi
if [ "$ARCH" = "i586" ]; then
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -fPIC"
LIBDIRSUFFIX="64"
export USE_64=1
elif [ "$ARCH" = "armv7hl" ]; then
SLKCFLAGS="-O2 -march=armv7-a -mfpu=vfpv3-d16"
LIBDIRSUFFIX=""
else
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
fi
TMP=${TMP:-/tmp}
PKG=$TMP/package-$PKGNAM
NUMJOBS=${NUMJOBS:-" -j $(expr $(nproc) + 1) "}
rm -rf $PKG
mkdir -p $TMP $PKG
cd $TMP
rm -rf nss-${VERSION}
rm -rf nspr-${NSPR}
tar xvf $CWD/nss-$VERSION.tar.?z || exit 1
cd nss-$VERSION
tar xvf $CWD/nspr-$NSPR.tar.?z || exit 1
mv nspr*/nspr .
## -Werror is problematic with gcc7:
#sed -i "s|\ -Werror| |" nss/coreconf/Werror.mk || exit 1
# Make sure ownerships and permissions are sane:
chown -R root:root .
find . \
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
-exec chmod 755 {} \+ -o \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \+
cd nss
./build.sh -v $NUMJOBS --opt --system-sqlite --enable-libpkix --disable-tests
cd -
# Install all the needed stuff to the package dir:
mkdir -p $PKG/usr/{bin,lib${LIBDIRSUFFIX},include/{nss,nspr}}
cd dist/Release
cp -pL bin/{certutil,cmsutil,crlutil,modutil,pk12util,shlibsign,signtool,signver,ssltap} $PKG/usr/bin/
cp -pL lib/* $PKG/usr/lib${LIBDIRSUFFIX}/
chmod 755 $PKG/usr/lib${LIBDIRSUFFIX}/*.so*
cp -rL include/* $PKG/usr/include/
cp -rpL ../public/nss/*.h $PKG/usr/include/nss/
# Remove some things we do not need:
rm -f $PKG/usr/bin/*.so
rm -f $PKG/usr/lib${LIBDIRSUFFIX}/*.{TOC,a}
rm -rf $PKG/usr/include/nspr/md
# We require a few static libraries. Why? I don't remember.
cp -L ../../nss/out/Release/lib{crmf,nssb,nssckfw}.a $PKG/usr/lib${LIBDIRSUFFIX}/ || exit 1
cd -
cd nss/cmd/smimetools
cp -a smime $PKG/usr/bin/
chmod 0755 $PKG/usr/bin/smime
sed -i -e 's#/usr/local/bin#/usr/bin#g' $PKG/usr/bin/smime
cd -
# Install nspr-config:
cat nspr/Release/config/nspr-config | sed -e "s,^prefix=.*$,prefix=/usr,g" | sed -e "s,libdir=\${exec_prefix}/lib,libdir=\${exec_prefix}/lib${LIBDIRSUFFIX},g" > $PKG/usr/bin/nspr-config
chmod 755 $PKG/usr/bin/nspr-config
# Install nss-config:
sed -e "s,@prefix@,/usr,g" \
-e "s,@MOD_MAJOR_VERSION@,$(printf $VERSION | cut -d. -f1),g" \
-e "s,@MOD_MINOR_VERSION@,$(printf $VERSION | cut -d. -f2),g" \
-e "s,@MOD_PATCH_VERSION@,$(printf $VERSION | cut -d. -f3),g" \
$CWD/nss-config.in > $PKG/usr/bin/nss-config
chmod 755 $PKG/usr/bin/nss-config
# Provide pkg-config files:
mkdir -p $PKG/usr/lib${LIBDIRSUFFIX}/pkgconfig
cat <<EOT > $PKG/usr/lib${LIBDIRSUFFIX}/pkgconfig/mozilla-nss.pc
prefix=/usr
exec_prefix=\${prefix}
libdir=/usr/lib${LIBDIRSUFFIX}
includedir=\${prefix}/include/nss
Name: NSS
Description: Network Security Services
Version: $VERSION
Requires: nspr >= $NSPR sqlite3
Libs: -L\${libdir} -lnss3 -lsmime3 -lssl3 -lsoftokn3 -lnssutil3
Cflags: -I\${includedir}
EOT
cat <<EOT > $PKG/usr/lib${LIBDIRSUFFIX}/pkgconfig/mozilla-nspr.pc
prefix=/usr
exec_prefix=\${prefix}
libdir=/usr/lib${LIBDIRSUFFIX}
includedir=\${prefix}/include/nspr
Name: NSPR
Description: The Netscape Portable Runtime
Version: $NSPR
Libs: -L\${libdir} -lplds4 -lplc4 -lnspr4
Cflags: -I\${includedir}
EOT
( cd $PKG/usr/lib${LIBDIRSUFFIX}/pkgconfig
ln -s mozilla-nspr.pc nspr.pc
ln -s mozilla-nss.pc nss.pc
)
# Add documentation:
mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
cp -a \
$CWD/MPL-1.1.txt $CWD/gpl-2.0.txt $CWD/lgpl-2.1.txt \
$CWD/faq.html \
$PKG/usr/doc/$PKGNAM-$VERSION
chown -R root:root $PKG/usr/doc/$PKGNAM-$VERSION
# Strip binaries:
find $PKG | xargs file | grep -e "executable" -e "shared object" \
| grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
# Add a package description:
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
# Build the package:
cd $PKG
/sbin/makepkg -l y -c n $TMP/${PKGNAM}-${VERSION}-${ARCH}-${BUILD}.txz
Reference in a new issue View git blame Copy permalink