mirror of
git://slackware.nl/current.git
synced 2025-01-15 15:41:54 +01:00
05ec45c9c9
a/kernel-firmware-20231024_4ee0175-noarch-1.txz: Upgraded. a/kernel-generic-6.1.60-x86_64-1.txz: Upgraded. a/kernel-huge-6.1.60-x86_64-1.txz: Upgraded. a/kernel-modules-6.1.60-x86_64-1.txz: Upgraded. a/shadow-4.14.1-x86_64-1.txz: Upgraded. d/kernel-headers-6.1.60-x86-1.txz: Upgraded. k/kernel-source-6.1.60-noarch-1.txz: Upgraded. Hey folks, if you've been following LQ you know I've talked before about dropping the huge kernel and moving the distribution to use only the generic kernel plus an initrd. After mulling this over for a few months, I think I was looking at the problem in the wrong way. First of all, it's clear that some Slackware users have been using the huge kernel all along, without an initrd, and are (to say the least) unhappy about the prospect of a new requirement to start using one. I've been recommending the generic kernel for some time, and a major reason is that we've been using the same set of kernel modules with two slightly different kernels. Because of this, there have always been a few (generally seldom used) kernel modules that won't load into the huge kernel. These are things that aren't built into the huge kernel, but because of a difference in some kernel module dependency, they won't load. The conclusion that I've come to here is that rather than drop the huge kernel, or slap a LOCALVERSION on it and provide a whole duplicate tree of kernel modules especially for the huge kernel, it would be better to make the generic kernel more huge, and minimize the differences between the two kernel configs. That's what I've done here. Shown below are the differences between the previous generic kernel config and the one shipping in this update. You'll notice that most of the popular filesystems are built in. At this point the main difference it that the huge kernel has a couple of dozen SCSI drivers built into it. The modules for those drivers won't load into the huge kernel, but they're fully built in so that doesn't matter. If you find any other modules that will not load into the huge kernel, please make a note about it on LQ and I'll see what can be done. So, tl;dr - what does this change mean? Unless your root device is on SCSI, if you were able to use the huge kernel without an initrd previously, you should now be able to use the generic kernel without an initrd. The kernel is a bit bigger, but we probably have enough RAM these days that it won't make a difference. Enjoy! :-) -CIFS_SMB_DIRECT n 9P_FS m -> y 9P_FSCACHE n -> y BTRFS_FS m -> y CIFS m -> y CRYPTO_CMAC m -> y CRYPTO_CRC32 m -> y CRYPTO_XXHASH m -> y CRYPTO_ZSTD m -> y EFIVAR_FS m -> y EXFAT_FS m -> y EXT2_FS m -> y EXT3_FS m -> y EXT4_FS m -> y F2FS_FS m -> y FAILOVER m -> y FAT_FS m -> y FSCACHE m -> y FS_ENCRYPTION_ALGS m -> y FS_MBCACHE m -> y HW_RANDOM_VIRTIO m -> y ISO9660_FS m -> y JBD2 m -> y JFS_FS m -> y LZ4HC_COMPRESS m -> y LZ4_COMPRESS m -> y MSDOS_FS m -> y NETFS_SUPPORT m -> y NET_9P m -> y NET_9P_FD m -> y NET_9P_VIRTIO m -> y NET_FAILOVER m -> y NFSD m -> y NLS_CODEPAGE_437 m -> y NTFS3_FS m -> y NTFS_FS m -> y PSTORE_LZ4_COMPRESS n -> m PSTORE_LZO_COMPRESS n -> m PSTORE_ZSTD_COMPRESS n -> y QFMT_V2 m -> y QUOTA_TREE m -> y REISERFS_FS m -> y RPCSEC_GSS_KRB5 m -> y SMBFS m -> y SQUASHFS m -> y UDF_FS m -> y VFAT_FS m -> y VIRTIO_BALLOON m -> y VIRTIO_BLK m -> y VIRTIO_CONSOLE m -> y VIRTIO_INPUT m -> y VIRTIO_MMIO m -> y VIRTIO_NET m -> y VIRTIO_PCI m -> y VIRTIO_PCI_LIB m -> y VIRTIO_PCI_LIB_LEGACY m -> y VIRTIO_PMEM m -> y XFS_FS m -> y ZONEFS_FS n -> m ZSTD_COMPRESS m -> y +NFS_FSCACHE y +PSTORE_LZ4_COMPRESS_DEFAULT n +PSTORE_LZO_COMPRESS_DEFAULT n +PSTORE_ZSTD_COMPRESS_DEFAULT n kde/plasma-workspace-5.27.9.1-x86_64-1.txz: Upgraded. l/glib2-2.78.1-x86_64-1.txz: Upgraded. l/netpbm-11.04.03-x86_64-1.txz: Upgraded. l/newt-0.52.24-x86_64-1.txz: Upgraded. n/gpgme-1.23.0-x86_64-1.txz: Upgraded. n/p11-kit-0.25.1-x86_64-1.txz: Upgraded. n/php-8.2.12-x86_64-1.txz: Upgraded. This is a bugfix release. For more information, see: https://www.php.net/ChangeLog-8.php#8.2.12 x/xorg-server-21.1.9-x86_64-1.txz: Upgraded. This update fixes security issues: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. Use-after-free bug in DestroyWindow. For more information, see: https://lists.x.org/archives/xorg-announce/2023-October/003430.html https://www.cve.org/CVERecord?id=CVE-2023-5367 https://www.cve.org/CVERecord?id=CVE-2023-5380 (* Security fix *) x/xorg-server-xephyr-21.1.9-x86_64-1.txz: Upgraded. x/xorg-server-xnest-21.1.9-x86_64-1.txz: Upgraded. x/xorg-server-xvfb-21.1.9-x86_64-1.txz: Upgraded. x/xorg-server-xwayland-23.2.2-x86_64-1.txz: Upgraded. This update fixes a security issue: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. For more information, see: https://lists.x.org/archives/xorg-announce/2023-October/003430.html https://www.cve.org/CVERecord?id=CVE-2023-5367 (* Security fix *) xap/mozilla-thunderbird-115.4.1-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/ https://www.cve.org/CVERecord?id=CVE-2023-5721 https://www.cve.org/CVERecord?id=CVE-2023-5732 https://www.cve.org/CVERecord?id=CVE-2023-5724 https://www.cve.org/CVERecord?id=CVE-2023-5725 https://www.cve.org/CVERecord?id=CVE-2023-5726 https://www.cve.org/CVERecord?id=CVE-2023-5727 https://www.cve.org/CVERecord?id=CVE-2023-5728 https://www.cve.org/CVERecord?id=CVE-2023-5730 (* Security fix *) xfce/thunar-4.18.8-x86_64-1.txz: Upgraded. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.
272 lines
8.6 KiB
Bash
Executable file
272 lines
8.6 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
# Copyright 2005-2023 Patrick J. Volkerding, Sebeka, Minnesota, USA
|
|
# All rights reserved.
|
|
#
|
|
# Redistribution and use of this script, with or without modification, is
|
|
# permitted provided that the following conditions are met:
|
|
#
|
|
# 1. Redistributions of this script must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
|
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
|
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
|
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
|
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
|
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
cd $(dirname $0) ; CWD=$(pwd)
|
|
|
|
PKGNAM=shadow
|
|
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
|
|
BUILD=${BUILD:-1}
|
|
|
|
# Automatically determine the architecture we're building on:
|
|
if [ -z "$ARCH" ]; then
|
|
case "$( uname -m )" in
|
|
i?86) export ARCH=i586 ;;
|
|
arm*) export ARCH=arm ;;
|
|
# Unless $ARCH is already set, use uname -m for all other archs:
|
|
*) export ARCH=$( uname -m ) ;;
|
|
esac
|
|
fi
|
|
|
|
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
|
|
# the name of the created package would be, and then exit. This information
|
|
# could be useful to other scripts.
|
|
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
|
|
echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
|
|
exit 0
|
|
fi
|
|
|
|
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
|
|
|
|
TMP=${TMP:-/tmp}
|
|
PKG=$TMP/package-shadow
|
|
|
|
if [ "$ARCH" = "i586" ]; then
|
|
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
|
|
LIBDIRSUFFIX=""
|
|
elif [ "$ARCH" = "s390" ]; then
|
|
SLKCFLAGS="-O2"
|
|
LIBDIRSUFFIX=""
|
|
elif [ "$ARCH" = "x86_64" ]; then
|
|
SLKCFLAGS="-O2 -fPIC"
|
|
LIBDIRSUFFIX="64"
|
|
else
|
|
SLKCFLAGS="-O2"
|
|
LIBDIRSUFFIX=""
|
|
fi
|
|
|
|
rm -rf $PKG
|
|
mkdir -p $TMP $PKG
|
|
cd $TMP
|
|
rm -rf shadow-$VERSION
|
|
tar xvf $CWD/shadow-$VERSION.tar.xz || exit 1
|
|
cd shadow-$VERSION
|
|
|
|
# Choose correct options depending on whether PAM is installed:
|
|
if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
|
|
PAM_OPTIONS="--with-libpam"
|
|
unset SHADOW_OPTIONS
|
|
# By default, use the shadow version of /bin/su:
|
|
SHIP_SU=${SHIP_SU:-YES}
|
|
else
|
|
unset PAM_OPTIONS
|
|
SHADOW_OPTIONS="--enable-shadowgrp --without-libcrack"
|
|
# By default, use the shadow version of /bin/su:
|
|
SHIP_SU=${SHIP_SU:-YES}
|
|
fi
|
|
|
|
# Apply some patches taken from the svn trunk that
|
|
# fix some of the more serious bugs in 4.1.4.3:
|
|
for patch in $CWD/patches/*.diff.gz ; do
|
|
zcat $patch | patch -p0 --verbose || exit 1
|
|
done
|
|
|
|
# Relax the restrictions on "su -c" when it is used to become root.
|
|
# It's not likely that root is going to try to inject commands back into
|
|
# the user's shell to hack it, and the unnecessary restriction is causing
|
|
# breakage:
|
|
zcat $CWD/shadow.CVE-2005-4890.relax.diff.gz | patch -p1 --verbose || exit 1
|
|
|
|
# Even if gethostname() returns the FQDN (long hostname), just display the
|
|
# short version up to the first '.' on the login prompt:
|
|
zcat $CWD/shadow.login.display.short.hostname.diff.gz | patch -p1 --verbose || exit 1
|
|
|
|
cat 68a722760487d3537905d97d45e5fba189592022.patch | patch -p1 --verbose || exit 1
|
|
cat a6f6da96f4898a34e5ed1475053075172f9915b2.patch | patch -p1 --verbose || exit 1
|
|
|
|
# Add missing file:
|
|
if [ ! -r man/login.defs.d/HOME_MODE.xml ]; then
|
|
zcat $CWD/HOME_MODE.xml.gz > man/login.defs.d/HOME_MODE.xml
|
|
fi
|
|
|
|
chown -R root:root .
|
|
find . \
|
|
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
|
|
-exec chmod 755 {} \+ -o \
|
|
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
|
|
-exec chmod 644 {} \+
|
|
|
|
if [ ! -r ./configure ]; then
|
|
./autogen.sh
|
|
fi
|
|
|
|
CFLAGS="$SLKCFLAGS" \
|
|
./configure \
|
|
--prefix=/usr \
|
|
--libdir=/usr/lib${LIBDIRSUFFIX} \
|
|
--sbindir=/usr/sbin \
|
|
--bindir=/usr/bin \
|
|
--sysconfdir=/etc \
|
|
--mandir=/usr/man \
|
|
--docdir=/usr/doc/shadow-$VERSION \
|
|
--enable-lastlog \
|
|
--enable-man \
|
|
--enable-subordinate-ids \
|
|
--disable-shared \
|
|
--with-group-name-max-length=32 \
|
|
--with-libbsd=no \
|
|
$SHADOW_OPTIONS \
|
|
$PAM_OPTIONS \
|
|
--build=$ARCH-slackware-linux
|
|
|
|
# --enable-utmpx # defaults to 'no'
|
|
|
|
make $NUMJOBS || make || exit 1
|
|
make install DESTDIR=$PKG || exit 1
|
|
|
|
# Don't ship .la files:
|
|
rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
|
|
|
|
# Fix user group = 100:
|
|
mkdir -p $PKG/etc/default
|
|
zcat $CWD/useradd.gz > $PKG/etc/default/useradd
|
|
mv $PKG/etc/default/useradd $PKG/etc/default/useradd.new
|
|
|
|
# Put some stuff back in "old" locations and make symlinks for compat
|
|
mkdir -p $PKG/bin $PKG/sbin
|
|
( cd $PKG/usr/bin
|
|
mv groups ../../bin
|
|
mv login ../../bin
|
|
mv su ../../bin
|
|
mv faillog ../sbin
|
|
mv lastlog ../sbin
|
|
ln -s ../sbin/faillog
|
|
ln -s ../sbin/lastlog
|
|
)
|
|
mv $PKG/usr/sbin/nologin $PKG/sbin/nologin
|
|
|
|
if [ ! -z "$PAM_OPTIONS" ]; then
|
|
# Don't ship the login utilities. We'll be using the ones from util-linux:
|
|
for file in /bin/login /sbin/runuser /usr/bin/chfn /usr/bin/chsh \
|
|
/usr/man/man1/chfn.1.gz /usr/man/man1/chsh.1.gz /usr/man/man1/login.1.gz \
|
|
/usr/man/man1/runuser.1.gz ; do
|
|
rm -f $PKG${file}
|
|
done
|
|
# Install config files in /etc/pam.d/. We'll use our own copies... I'm not
|
|
# sure that I trust upstream enough to let them handle this stuff.
|
|
rm -rf $PKG/etc/pam.d
|
|
mkdir -p $PKG/etc/pam.d
|
|
for file in $CWD/pam.d/* ; do
|
|
cp -a ${file} $PKG/etc/pam.d/
|
|
done
|
|
if [ "$SHIP_SU" = "YES" ]; then
|
|
cp -a $CWD/pam.d-su/* $PKG/etc/pam.d/
|
|
fi
|
|
# Ensure correct perms/ownership on files in /etc/pam.d/:
|
|
chown root:root $PKG/etc/pam.d/*
|
|
chmod 644 $PKG/etc/pam.d/*
|
|
# Don't clobber existing config files:
|
|
find $PKG/etc/pam.d -type f -exec mv {} {}.new \;
|
|
# Install a login.defs with unsurprising defaults:
|
|
rm -f $PKG/etc/login.defs
|
|
zcat $CWD/login.defs.pam.gz > $PKG/etc/login.defs.new
|
|
else # not using PAM
|
|
mv $PKG/etc/login.access $PKG/etc/login.access.new
|
|
# Install a login.defs with unsurprising defaults:
|
|
rm -f $PKG/etc/login.defs
|
|
zcat $CWD/login.defs.shadow.gz > $PKG/etc/login.defs.new
|
|
fi
|
|
|
|
# If we aren't using this version of su, remove the files:
|
|
if [ "$SHIP_SU" = "NO" ]; then
|
|
rm $PKG/bin/su
|
|
find $PKG/usr/man -name su.1 | xargs rm
|
|
find $PKG/usr/man -name suauth.5 | xargs rm
|
|
fi
|
|
|
|
# /etc/suauth doesn't work with PAM, even if configure.ac is hacked to try
|
|
# to turn the feature on, so remove the man pages if we're using PAM:
|
|
if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
|
|
find $PKG/usr/man -name suauth.5 | xargs rm
|
|
fi
|
|
|
|
# /bin/groups is provided by coreutils.
|
|
rm -f $PKG/bin/groups
|
|
find $PKG -name groups.1 -exec rm {} \+
|
|
|
|
# I don't think this works well enough to recommend it.
|
|
#mv $PKG/etc/limits $PKG/etc/limits.new
|
|
rm -f $PKG/etc/limits
|
|
|
|
# Add the friendly 'adduser' script:
|
|
cat $CWD/adduser > $PKG/usr/sbin/adduser
|
|
chmod 0755 $PKG/usr/sbin/adduser
|
|
|
|
# Add sulogin to the package:
|
|
cp -a src/sulogin $PKG/sbin
|
|
( cd $PKG/bin ; ln -s ../sbin/sulogin )
|
|
cp -a ./man/zh_CN/man8/sulogin.8 $PKG/usr/man/zh_CN/man8/sulogin.8 || exit 1
|
|
cp -a ./man/ru/man8/sulogin.8 $PKG/usr/man/ru/man8/sulogin.8 || exit 1
|
|
cp -a ./man/de/man8/sulogin.8 $PKG/usr/man/de/man8/sulogin.8 || exit 1
|
|
cp -a ./man/ja/man8/sulogin.8 $PKG/usr/man/ja/man8/sulogin.8 || exit 1
|
|
cp -a ./man/man8/sulogin.8 $PKG/usr/man/man8/sulogin.8 || exit 1
|
|
|
|
# Add the empty faillog log file:
|
|
mkdir -p $PKG/var/log
|
|
touch $PKG/var/log/faillog.new
|
|
|
|
# Use 4711 rather than 4755 permissions where setuid root is required:
|
|
find $PKG -type f -perm 4755 -exec chmod 4711 "{}" \+
|
|
|
|
# Compress and if needed symlink the man pages:
|
|
if [ -d $PKG/usr/man ]; then
|
|
( cd $PKG/usr/man
|
|
for manpagedir in $(find . -type d -name "man*") ; do
|
|
( cd $manpagedir
|
|
for eachpage in $( find . -type l -maxdepth 1) ; do
|
|
ln -s $( readlink $eachpage ).gz $eachpage.gz
|
|
rm $eachpage
|
|
done
|
|
gzip -9 *.?
|
|
)
|
|
done
|
|
)
|
|
fi
|
|
|
|
mkdir -p $PKG/usr/doc/shadow-$VERSION
|
|
cp -a \
|
|
COPYING* NEWS README* TODO doc/{README*,HOWTO,WISHLIST,*.txt} \
|
|
$PKG/usr/doc/shadow-$VERSION
|
|
|
|
# If there's a ChangeLog, installing at least part of the recent history
|
|
# is useful, but don't let it get totally out of control:
|
|
if [ -r ChangeLog ]; then
|
|
DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
|
|
cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
|
|
touch -r ChangeLog $DOCSDIR/ChangeLog
|
|
fi
|
|
|
|
mkdir -p $PKG/install
|
|
cat $CWD/slack-desc > $PKG/install/slack-desc
|
|
zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
|
|
|
|
cd $PKG
|
|
/sbin/makepkg -l y -c n $TMP/shadow-$VERSION-$ARCH-$BUILD.txz
|