slackware-current/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild

#!/bin/bash

# Copyright 2016, 2018, 2019, 2023  Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

cd $(dirname $0) ; CWD=$(pwd)

PKGNAM=xorg-server-xwayland
SRCNAM=xwayland
VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-11_slack15.0}

# Default font paths to be used by the X server:
DEF_FONTPATH="/usr/share/fonts/misc,/usr/share/fonts/local,/usr/share/fonts/TTF,/usr/share/fonts/OTF,/usr/share/fonts/Type1,/usr/share/fonts/CID,/usr/share/fonts/75dpi/:unscaled,/usr/share/fonts/100dpi/:unscaled,/usr/share/fonts/75dpi,/usr/share/fonts/100dpi,/usr/share/fonts/cyrillic"

NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}

# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
  case "$( uname -m )" in
    i?86) export ARCH=i586 ;;
    arm*) export ARCH=arm ;;
    # Unless $ARCH is already set, use uname -m for all other archs:
       *) export ARCH=$( uname -m ) ;;
  esac
fi

# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
  echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
  exit 0
fi

if [ "$ARCH" = "i586" ]; then
  SLKCFLAGS="-O2 -march=i586 -mtune=i686"
  LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
  SLKCFLAGS="-O2 -march=i686 -mtune=i686"
  LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
  SLKCFLAGS="-O2 -fPIC"
  LIBDIRSUFFIX="64"
else
  SLKCFLAGS="-O2"
  LIBDIRSUFFIX=""
fi

TMP=${TMP:-/tmp}
PKG=$TMP/package-$PKGNAM

rm -rf $PKG 
mkdir -p $TMP $PKG
cd $TMP || exit 1
rm -rf $SRCNAM-$VERSION
tar xvf $CWD/$SRCNAM-$VERSION.tar.?z || exit 1
cd $SRCNAM-$VERSION || exit 1
chown -R root:root .
find . \
  \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
  -exec chmod 755 {} \+ -o \
  \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
  -exec chmod 644 {} \+

# Patch CVE-2022-2319 and CVE-2022-2320:
zcat $CWD/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/0002-dd8caf39e9e15d8f302e54045dd08d8ebf1025dc.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/0003-6907b6ea2b4ce949cb07271f5b678d5966d9df42.patch.gz | patch -p1 --verbose || exit 1

# Patch more security issues:
zcat $CWD/CVE-2022-3550.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2022-3551.patch.gz | patch -p1 --verbose || exit 1

# Patch more security issues:
zcat $CWD/CVE-2022-4283.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2022-46340.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2022-46341.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2022-46342.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2022-46343.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2022-46344.patch.gz | patch -p1 --verbose || exit 1

# Fix a bug in the previous patch:
zcat $CWD/CVE-2022-46340.correction.patch.gz | patch -p1 --verbose || exit 1

# Patch another security issue:
zcat $CWD/CVE-2023-0494.patch.gz | patch -p1 --verbose || exit 1

# Patch another security issue:
zcat $CWD/CVE-2023-1393.patch.gz | patch -p1 --verbose || exit 1

# [PATCH] present: Check for NULL to prevent crash.
# This prevents a crash with recent NVIDIA drivers.
zcat $CWD/857.patch.gz | patch -p1 --verbose || exit 1

# Patch another security issue:
zcat $CWD/CVE-2023-5367.patch.gz | patch -p1 --verbose || exit 1

# Patch more security issues:
zcat $CWD/CVE-2023-6377.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2023-6478.patch.gz | patch -p1 --verbose || exit 1


# Patch more security issues:
zcat $CWD/CVE-2023-6816.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2024-0229.01.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2024-0229.02.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2024-0229.03.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2024-0408.patch.gz | patch -p1 --verbose || exit 1
# The vulnerable code is not present in xwayland-21.1.4:
#zcat $CWD/CVE-2024-0409.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2024-21885.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2024-21886.01.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2024-21886.02.patch.gz | patch -p1 --verbose || exit 1

# Patch more security issues:
zcat $CWD/CVE-2024-31080.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2024-31081.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2024-31083.patch.gz | patch -p1 --verbose || exit 1

# Configure, build, and install:
export CFLAGS="$SLKCFLAGS"
export CXXFLAGS="$SLKCFLAGS"
mkdir meson-build
cd meson-build
meson setup \
  --prefix=/usr \
  --libdir=lib${LIBDIRSUFFIX} \
  --libexecdir=/usr/libexec \
  --bindir=/usr/bin \
  --sbindir=/usr/sbin \
  --includedir=/usr/include \
  --datadir=/usr/share \
  --mandir=/usr/man \
  --sysconfdir=/etc \
  --localstatedir=/var \
  --buildtype=release \
  -Dxwayland_eglstream=true \
  -Ddefault_font_path="${DEF_FONTPATH}" \
  -Dbuilder_string="Build ID: $PKGNAM $VERSION-$BUILD" \
  -Dxkb_output_dir=/var/lib/xkb \
  -Dvendor_name="Slackware Linux Project" \
  -Dxdmcp=false \
  -Dxcsecurity=true \
  -Dglamor=true \
  -Ddri3=true \
  .. || exit 1
  "${NINJA:=ninja}" $NUMJOBS || exit 1
  DESTDIR=$PKG $NINJA install || exit 1
cd ..

# Remove unwanted files/dirs:
rm $PKG/usr/man/man1/Xserver.1*
rm -Rf $PKG/usr/lib${LIBDIRSUFFIX}/xorg
rm -Rf $PKG/usr/include/xorg
rm -Rf $PKG/usr/share/aclocal
rm -Rf $PKG/var/lib/xkb

# Strip the binaries:
find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
  | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null

# Compress and link manpages, if any:
if [ -d $PKG/usr/man ]; then
  ( cd $PKG/usr/man
    for manpagedir in $(find . -type d -name "man*") ; do
      ( cd $manpagedir
        for eachpage in $( find . -type l -maxdepth 1) ; do
          ln -s $( readlink $eachpage ).gz $eachpage.gz
          rm $eachpage
        done
        gzip -9 *.?
      )
    done
  )
fi

mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
cp -a \
  AUTHORS COPYING* CREDITS INSTALL NEWS README* \
  $PKG/usr/doc/$PKGNAM-$VERSION

# If there's a ChangeLog, installing at least part of the recent history
# is useful, but don't let it get totally out of control:
if [ -r ChangeLog ]; then
  DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
  cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
  touch -r ChangeLog $DOCSDIR/ChangeLog
fi

mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc

cd $PKG
/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz