diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-01-13 20:29:55 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-01-14 13:30:29 +0100 |
commit | 7793836a6dc47f99afa1efb36988e346a37579c0 (patch) | |
tree | cdd1064bc294290b383939d709ddb6183c96bbf0 /patches | |
parent | 4c8bd06faae5a8863bacd911b9cae04af4fa9869 (diff) | |
download | current-7793836a6dc47f99afa1efb36988e346a37579c0.tar.gz current-7793836a6dc47f99afa1efb36988e346a37579c0.tar.xz |
Fri Jan 13 20:29:55 UTC 202320230113202955_15.0
patches/packages/netatalk-3.1.14-x86_64-1_slack15.0.txz: Upgraded.
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow
resulting in code execution via a crafted .appl file.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-45188
(* Security fix *)
Diffstat (limited to 'patches')
-rw-r--r-- | patches/packages/netatalk-3.1.14-x86_64-1_slack15.0.txt | 11 | ||||
-rw-r--r-- | patches/source/netatalk/doinst.sh | 28 | ||||
-rwxr-xr-x | patches/source/netatalk/netatalk.SlackBuild | 157 | ||||
-rw-r--r-- | patches/source/netatalk/netatalk.url | 2 | ||||
-rw-r--r-- | patches/source/netatalk/rc.atalk.new | 58 | ||||
-rw-r--r-- | patches/source/netatalk/slack-desc | 19 |
6 files changed, 275 insertions, 0 deletions
diff --git a/patches/packages/netatalk-3.1.14-x86_64-1_slack15.0.txt b/patches/packages/netatalk-3.1.14-x86_64-1_slack15.0.txt new file mode 100644 index 000000000..f66b47ad0 --- /dev/null +++ b/patches/packages/netatalk-3.1.14-x86_64-1_slack15.0.txt @@ -0,0 +1,11 @@ +netatalk: netatalk (Appletalk file and print server) +netatalk: +netatalk: Netatalk is an Appletalk file and print server for Linux. Using +netatalk: Netatalk, Macintosh computers on your local network can mount Linux +netatalk: volumes as if they were standard Appletalk network drives, and can +netatalk: print to the Linux box's printer as if it were a network printer +netatalk: supporting PostScript. +netatalk: +netatalk: Netatalk was originally written by the Research Systems Unix Group at +netatalk: The University of Michigan, and is maintained by the Netatalk Team. +netatalk: diff --git a/patches/source/netatalk/doinst.sh b/patches/source/netatalk/doinst.sh new file mode 100644 index 000000000..6cc086337 --- /dev/null +++ b/patches/source/netatalk/doinst.sh @@ -0,0 +1,28 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +# Keep same perms on rc.atalk.new: +if [ -e etc/rc.d/rc.atalk ]; then + cp -a etc/rc.d/rc.atalk etc/rc.d/rc.atalk.new.incoming + cat etc/rc.d/rc.atalk.new > etc/rc.d/rc.atalk.new.incoming + mv etc/rc.d/rc.atalk.new.incoming etc/rc.d/rc.atalk.new +fi + +config etc/rc.d/rc.atalk.new + +config etc/netatalk/afp.conf.new +config etc/netatalk/dbus-session.conf.new +config etc/netatalk/extmap.conf.new + +if [ -r etc/pam.d/netatalk.new ]; then + config etc/pam.d/netatalk.new +fi diff --git a/patches/source/netatalk/netatalk.SlackBuild b/patches/source/netatalk/netatalk.SlackBuild new file mode 100755 index 000000000..67c6fdbf2 --- /dev/null +++ b/patches/source/netatalk/netatalk.SlackBuild @@ -0,0 +1,157 @@ +#!/bin/bash + +# Copyright 2008, 2009, 2012, 2015, 2018, 2019, 2020, 2022 Patrick J. Volkerding, Sebeka, MN, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# Script updated to package netatalk 3.1.11 by Matthew Schumacher + +cd $(dirname $0) ; CWD=$(pwd) + +PKGNAM=netatalk +VERSION=${VERSION:-$(echo netatalk-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1_slack15.0} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i586 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +TMP=${TMP:-/tmp} +PKG=$TMP/package-netatalk +rm -rf $PKG +mkdir -p $TMP $PKG + +cd $TMP +rm -rf netatalk-$VERSION +tar xvf $CWD/netatalk-$VERSION.tar.?z* || exit 1 +cd netatalk-$VERSION || exit 1 +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +# Choose correct options depending on whether PAM is installed: +if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then + PAM_OPTIONS="--with-pam-confdir=/etc/pam.d --with-pam --enable-ddp" + unset SHADOW_OPTIONS +else + unset PAM_OPTIONS + SHADOW_OPTIONS="--with-shadow" +fi + +# use the system libevent, because the internal one won't compile +# with openssl 1.1. Also skip pam and kerberos (for now). +CFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --mandir=/usr/man \ + --sysconfdir=/etc/netatalk \ + --libexecdir=/usr/sbin \ + --localstatedir=/var \ + --disable-static \ + $PAM_OPTIONS \ + $SHADOW_OPTIONS \ + --with-libevent=system \ + --with-dbus-sysconf-dir=/usr/share/dbus-1/system.d/ \ + --with-dbus-daemon=/usr/bin/dbus-daemon \ + --build=$ARCH-slackware-linux || exit 1 + +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 + +# At least make this unreadable to non-root users: +if [ -u $PKG/usr/bin/afppasswd ]; then + chmod 4711 $PKG/usr/bin/afppasswd +fi + +# Don't ship .la files: +rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la + +find $PKG | xargs file | grep -e "executable" -e "shared object" \ + | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + +# Compress manual pages: +find $PKG/usr/man -type f -exec gzip -9 {} \+ +for i in $( find $PKG/usr/man -type l ) ; do + ln -s $( readlink $i ).gz $i.gz + rm $i +done + +# Install an init script +mkdir -p $PKG/etc/rc.d +cat $CWD/rc.atalk.new > $PKG/etc/rc.d/rc.atalk.new +chmod 644 $PKG/etc/rc.d/rc.atalk.new + +mkdir -p $PKG/install +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh +cat $CWD/slack-desc > $PKG/install/slack-desc + +( cd $PKG/etc/netatalk + for file in afp.conf dbus-session.conf extmap.conf ; do + mv $file ${file}.new + done +) + +if [ ! -z "$PAM_OPTIONS" ]; then + mv $PKG/etc/pam.d/netatalk $PKG/etc/pam.d/netatalk.new +fi + +mkdir -p $PKG/usr/doc/netatalk-$VERSION +cp -a \ + AUTHORS CONTRIBUTORS COPYING* COPYRIGHT NEWS VERSION \ + $PKG/usr/doc/netatalk-$VERSION +cp -a $CWD/examples $PKG/usr/doc/netatalk-$VERSION +chown -R root:root $PKG/usr/doc/netatalk-$VERSION/examples + +# Build the package: +cd $PKG +/sbin/makepkg -l y -c n $TMP/netatalk-$VERSION-$ARCH-$BUILD.txz diff --git a/patches/source/netatalk/netatalk.url b/patches/source/netatalk/netatalk.url new file mode 100644 index 000000000..43f003249 --- /dev/null +++ b/patches/source/netatalk/netatalk.url @@ -0,0 +1,2 @@ +http://netatalk.sourceforge.io +http://netatalk.sourceforge.net diff --git a/patches/source/netatalk/rc.atalk.new b/patches/source/netatalk/rc.atalk.new new file mode 100644 index 000000000..24b01fd0c --- /dev/null +++ b/patches/source/netatalk/rc.atalk.new @@ -0,0 +1,58 @@ +#!/bin/sh +# Start/stop/restart the netatalk daemon. + +netatalk_start() { + if [ -x /usr/sbin/netatalk ]; then + + LINES="$(grep "^[^;]" /etc/netatalk/afp.conf | wc -l)" + if [ "$LINES" -lt "2" ]; then + echo "netatalk is not configured.... exiting." + exit + fi + + echo "Starting netatalk: /usr/sbin/netatalk" + /usr/sbin/netatalk + fi +} + +# Stop netatalk +netatalk_stop() { + echo "Stopping netatalk." + /usr/bin/pkill --ns $$ -f "^/usr/sbin/netatalk" 2> /dev/null +} + +# Restart netatalk +netatalk_restart() { + netatalk_stop + sleep 1 + netatalk_start +} + +# Check if netatalk is running +netatalk_status() { + PID="$(/usr/bin/pgrep --ns $$ -f "^/usr/sbin/netatalk" 2> /dev/null)" + if [ $PID ]; then + echo "netatalk is running. PID: $PID" + else + echo "netatalk is stopped." + exit 1 + fi +} + +case "$1" in +'start') + netatalk_start + ;; +'stop') + netatalk_stop + ;; +'restart') + netatalk_restart + ;; +'status') + netatalk_status + ;; +*) + echo "usage $0 start|stop|restart|status" +esac + diff --git a/patches/source/netatalk/slack-desc b/patches/source/netatalk/slack-desc new file mode 100644 index 000000000..daa2997ad --- /dev/null +++ b/patches/source/netatalk/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +netatalk: netatalk (Appletalk file and print server) +netatalk: +netatalk: Netatalk is an Appletalk file and print server for Linux. Using +netatalk: Netatalk, Macintosh computers on your local network can mount Linux +netatalk: volumes as if they were standard Appletalk network drives, and can +netatalk: print to the Linux box's printer as if it were a network printer +netatalk: supporting PostScript. +netatalk: +netatalk: Netatalk was originally written by the Research Systems Unix Group at +netatalk: The University of Michigan, and is maintained by the Netatalk Team. +netatalk: |