Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2024-12-28 09:59:53 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
slackware-current/source/n/curl/curl.SlackBuild
Patrick J Volkerding df07d8b7cd Wed Mar 27 20:37:56 UTC 2019 
a/kernel-generic-4.19.32-x86_64-1.txz:  Upgraded.
a/kernel-huge-4.19.32-x86_64-1.txz:  Upgraded.
a/kernel-modules-4.19.32-x86_64-1.txz:  Upgraded.
ap/hplip-3.19.3-x86_64-1.txz:  Upgraded.
d/kernel-headers-4.19.32-x86-1.txz:  Upgraded.
d/python3-3.7.3-x86_64-1.txz:  Upgraded.
  Fixed bugs and the following security issues:
  bpo-36216: Changes urlsplit() to raise ValueError when the URL contains
  characters that decompose under IDNA encoding (NFKC-normalization) into
  characters that affect how the URL is parsed.
  bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The
  cert parser did not handle CRL distribution points with empty DP or URI
  correctly. A malicious or buggy certificate can result into segfault.
  Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet
  of Cisco.
  bpo-35121: Don't send cookies of domain A without Domain attribute to
  domain B when domain A is a suffix match of domain B while using a
  cookiejar with http.cookiejar.DefaultCookiePolicy policy.
  Patch by Karthikeyan Singaravelan.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010
  (* Security fix *)
d/scons-3.0.5-x86_64-1.txz:  Upgraded.
k/kernel-source-4.19.32-noarch-1.txz:  Upgraded.
n/curl-7.64.1-x86_64-1.txz:  Upgraded.
n/gnutls-3.6.7-x86_64-1.txz:  Upgraded.
  Fixes security issues:
  libgnutls, gnutls tools: Every gnutls_free() will automatically set
  the free'd pointer to NULL. This prevents possible use-after-free and
  double free issues. Use-after-free will be turned into NULL dereference.
  The counter-measure does not extend to applications using gnutls_free().
  libgnutls: Fixed a memory corruption (double free) vulnerability in the
  certificate verification API. Reported by Tavis Ormandy; addressed with
  the change above. [GNUTLS-SA-2019-03-27, #694]
  libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async
  messages; Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704]
  libgnutls: enforce key usage limitations on certificates more actively.
  Previously we would enforce it for TLS1.2 protocol, now we enforce it
  even when TLS1.3 is negotiated, or on client certificates as well. When
  an inappropriate for TLS1.3 certificate is seen on the credentials
  structure GnuTLS will disable TLS1.3 support for that session (#690).
  libgnutls: enforce the equality of the two signature parameters fields
  in a certificate. We were already enforcing the signature algorithm,
  but there was a bug in parameter checking code.
  (* Security fix *)
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
2019-03-28 08:59:45 +01:00

164 lines
4.9 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
# Copyright 2008, 2009, 2010, 2011, 2013, 2014, 2016, 2017, 2018 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=curl
VERSION=${VERSION:-$(echo curl-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
i?86) export ARCH=i586 ;;
arm*) export ARCH=arm ;;
# Unless $ARCH is already set, use uname -m for all other archs:
*) export ARCH=$( uname -m ) ;;
esac
fi
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
exit 0
fi
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
TMP=${TMP:-/tmp}
PKG=$TMP/package-curl
# Uncomment to build a no-SSL version:
#SSLOPT=--without-ssl
if [ "$ARCH" = "i586" ]; then
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "s390" ]; then
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -fPIC"
LIBDIRSUFFIX="64"
else
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
fi
rm -rf $PKG
mkdir -p $PKG
cd $TMP
rm -rf curl-$VERSION
tar xvf $CWD/curl-$VERSION.tar.xz || exit 1
cd curl-$VERSION || exit 1
chown -R root:root .
find . \
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
-exec chmod 755 {} \; -o \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \;
CFLAGS="$SLKCFLAGS" \
./configure \
--prefix=/usr \
--libdir=/usr/lib${LIBDIRSUFFIX} \
--mandir=/usr/man \
--with-ca-bundle=/usr/share/curl/ca-bundle.crt \
--with-libssh2 \
--enable-static=no \
$SSLOPT || exit 1
make $NUMJOBS || make || exit 1
make install DESTDIR=$PKG || exit 1
# Don't ship .la files:
rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
# We have always installed the man3 documentation, so we'll keep doing it
# even though these are no longer installed by default. No || exit 1, if
# it works, it works, and if it doesn't, we tried.
( cd docs/libcurl
make install-man3 DESTDIR=$PKG
cd opts
make install-man3 DESTDIR=$PKG
)
mkdir -p $PKG/usr/share/curl
cp -a $CWD/cacert.pem.bz2 $PKG/usr/share/curl
( cd $PKG/usr/share/curl
bzip2 -d cacert.pem.bz2
mv cacert.pem ca-bundle.crt
chown root:root ca-bundle.crt
chmod 644 ca-bundle.crt
)
# We don't ship the related perl script (yet):
rm -f $PKG/usr/man/man1/mk-ca-bundle.1
find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
| cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
strip -g $PKG/usr/lib${LIBDIRSUFFIX}/libcurl.a
mkdir -p $PKG/usr/doc/curl-$VERSION
cp -a \
COPYING* README* UPGRADE \
$PKG/usr/doc/curl-$VERSION
( cd docs
cp -a \
BUGS CONTRIBUTE FAQ FEATURES INSTALL INTERNALS MANUAL README* RESOURCES THANKS TODO examples \
$PKG/usr/doc/curl-$VERSION )
# Get rid of .deps cruft:
rm -rf $PKG/usr/doc/curl-$VERSION/examples/.deps
# If there's a CHANGES file, installing at least part of the recent history
# is useful, but don't let it get totally out of control:
if [ -r CHANGES ]; then
DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
cat CHANGES | head -n 1000 > $DOCSDIR/ChangeLog
touch -r CHANGES $DOCSDIR/ChangeLog
fi
# Compress and if needed symlink the man pages:
if [ -d $PKG/usr/man ]; then
( cd $PKG/usr/man
for manpagedir in $(find . -type d -name "man*") ; do
( cd $manpagedir
for eachpage in $( find . -type l -maxdepth 1) ; do
ln -s $( readlink $eachpage ).gz $eachpage.gz
rm $eachpage
done
gzip -9 *.?
)
done
)
fi
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cd $PKG
/sbin/makepkg -l y -c n $TMP/curl-$VERSION-$ARCH-$BUILD.txz
Reference in a new issue View git blame Copy permalink