diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2023-05-25 00:24:33 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2023-05-25 03:50:00 +0200 |
| commit | ed49432ad9d734d447d1bda6657b2d221a7fb3a8 (patch) | |
| tree | fbd372b018ab43e211a275280da8a02597203800 /source/a | |
| parent | b2fa3fdbd7ee8367f9ea371367850e010a58dfee (diff) | |
| download | current-ed49432ad9d734d447d1bda6657b2d221a7fb3a8.tar.gz current-ed49432ad9d734d447d1bda6657b2d221a7fb3a8.tar.xz | |
Thu May 25 00:24:33 UTC 202320230525002433
a/elilo-3.16-x86_64-16.txz: Rebuilt.
eliloconfig: don't mess with mounting efivarfs. This should be handled by
rc.S, or by whatever the admin put in /etc/fstab.
a/kernel-firmware-20230523_1ba3519-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.30-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.30-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.30-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-15.1-noarch-5.txz: Rebuilt.
rc.S: mount efivarfs rw, may be overridden in /etc/default/efivarfs.
ap/sc-im-0.8.3-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.30-x86-1.txz: Upgraded.
d/parallel-20230522-noarch-1.txz: Upgraded.
k/kernel-source-6.1.30-noarch-1.txz: Upgraded.
l/enchant-2.4.0-x86_64-1.txz: Upgraded.
l/glib2-2.76.3-x86_64-1.txz: Upgraded.
l/gtk+3-3.24.38-x86_64-1.txz: Upgraded.
l/qt5-5.15.9_20230523_245f369c-x86_64-1.txz: Upgraded.
This update fixes a security issue.
Qt-based clients may mismatch HSTS headers (Strict-Transport-Security),
which would prevent the client from switching to a secure HTTPS
connection as requested by a server.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32762
(* Security fix *)
n/curl-8.1.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
t/texlive-2023.230322-x86_64-3.txz: Rebuilt.
This update patches a security issue:
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
compiling a TeX file obtained from an untrusted source. This occurs
because luatex-core.lua lets the original io.popen be accessed. This also
affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
Thanks to Johannes Schoepfer.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32700
(* Security fix *)
xap/mozilla-firefox-113.0.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/113.0.2/releasenotes/
xfce/libxfce4ui-4.18.4-x86_64-1.txz: Upgraded.
xfce/xfce4-panel-4.18.4-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'source/a')
| -rwxr-xr-x | source/a/elilo/elilo.SlackBuild | 2 | ||||
| -rw-r--r-- | source/a/elilo/eliloconfig | 6 | ||||
| -rw-r--r-- | source/a/sysvinit-scripts/default/efivarfs | 7 | ||||
| -rw-r--r-- | source/a/sysvinit-scripts/doinst.sh | 1 | ||||
| -rw-r--r-- | source/a/sysvinit-scripts/scripts/rc.S | 25 | ||||
| -rwxr-xr-x | source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild | 5 |
6 files changed, 38 insertions, 8 deletions
diff --git a/source/a/elilo/elilo.SlackBuild b/source/a/elilo/elilo.SlackBuild index 57f247959..bf7d70990 100755 --- a/source/a/elilo/elilo.SlackBuild +++ b/source/a/elilo/elilo.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=elilo VERSION=${VERSION:-$(echo $PKGNAM*.tar.?z* | rev | cut -f 2 -d - | rev)} -BUILD=${BUILD:-15} +BUILD=${BUILD:-16} if [ -z "$ARCH" ]; then case "$( uname -m )" in diff --git a/source/a/elilo/eliloconfig b/source/a/elilo/eliloconfig index bcded54d8..a662927bf 100644 --- a/source/a/elilo/eliloconfig +++ b/source/a/elilo/eliloconfig @@ -176,12 +176,6 @@ if [ "$REPLY" = "skip" ]; then exit fi -# Make sure efivarfs is active since we'll need it to -# change UEFI boot menu entries: -if [ "$(/bin/ls /sys/firmware/efi/efivars 2> /dev/null | wc -l)" = "0" ]; then - mount -t efivarfs none /sys/firmware/efi/efivars -fi - efibootmgr -v | rev | cut -f 2- | rev | grep Boot0 | grep Slackware | while read line ; do # Reject entries that don't exactly match as not our business if [ ! "$(echo $line | cut -f 2- -d ' ')" = "Slackware" ]; then diff --git a/source/a/sysvinit-scripts/default/efivarfs b/source/a/sysvinit-scripts/default/efivarfs new file mode 100644 index 000000000..973e041d7 --- /dev/null +++ b/source/a/sysvinit-scripts/default/efivarfs @@ -0,0 +1,7 @@ +# By default, we will mount efivarfs read-write on /sys/firmware/efi/efivars. +# This is needed in order to create or modify EFI boot menu entries. +# If you do not want this, you may set the variable below to 'ro' for +# read-only, or 'nomount' (or anything else) if you do not want rc.S to mount +# efivarfs. However, if might still be mounted by /etc/fstab or elsewhere. + +EFIVARFS=rw diff --git a/source/a/sysvinit-scripts/doinst.sh b/source/a/sysvinit-scripts/doinst.sh index c11a17985..ad6980247 100644 --- a/source/a/sysvinit-scripts/doinst.sh +++ b/source/a/sysvinit-scripts/doinst.sh @@ -24,6 +24,7 @@ config etc/rc.d/rc.sysvinit.new config etc/rc.d/rc.modules.new config etc/rc.d/rc.modules.local.new config etc/default/cpufreq.new +config etc/default/efivarfs.new ( cd etc/rc.d ; rm -rf rc.0 ) ( cd etc/rc.d ; ln -sf rc.6 rc.0 ) diff --git a/source/a/sysvinit-scripts/scripts/rc.S b/source/a/sysvinit-scripts/scripts/rc.S index 7c004e6f5..37eaac2f9 100644 --- a/source/a/sysvinit-scripts/scripts/rc.S +++ b/source/a/sysvinit-scripts/scripts/rc.S @@ -24,6 +24,31 @@ if [ ! -d /sys/kernel -a -z "$container" ]; then /sbin/mount -v sysfs /sys -n -t sysfs 2> /dev/null fi +# The efivarfs filesystem is used for reading and writing EFI variables, such +# as the boot menu entries. By default efivarfs will be mounted read-write on +# the /sys/firmware/efi/efivars directory. To modify this behavior, edit the +# file: /etc/default/efivarfs +# Only try to mount if this directory exists (so the kernel supports efivarfs): +if [ -d /sys/firmware/efi/efivars ]; then + # Only try to mount if efivarfs is not already mounted: + if ! mount | grep -wq efivarfs ; then + # Mount according to /etc/default/efivarfs: + if [ -r /etc/default/efivarfs ]; then + . /etc/default/efivarfs + else # default + EFIVARFS=rw + fi + case "$EFIVARFS" in + 'rw') + mount -o rw -t efivarfs none /sys/firmware/efi/efivars + ;; + 'ro') + mount -o ro -t efivarfs none /sys/firmware/efi/efivars + ;; + esac + fi +fi + # If /run exists, mount a tmpfs on it (unless the # initrd has already done so): if [ -d /run -a -z "$container" ]; then diff --git a/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild b/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild index 0d6acafd4..60b17e1e3 100755 --- a/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild +++ b/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=sysvinit-scripts VERSION=${VERSION:-15.1} ARCH=noarch -BUILD=${BUILD:-4} +BUILD=${BUILD:-5} # If the variable PRINT_PACKAGE_NAME is set, then this script will report what # the name of the created package would be, and then exit. This information @@ -56,6 +56,9 @@ chown root:root $PKG/etc/inittab.new mkdir -p $PKG/etc/default cat $CWD/default/cpufreq > $PKG/etc/default/cpufreq.new +# Install /etc/default/efivarfs.new: +cat $CWD/default/efivarfs > $PKG/etc/default/efivarfs.new + mkdir -p $PKG/install zcat $CWD/doinst.sh > $PKG/install/doinst.sh cat $CWD/slack-desc > $PKG/install/slack-desc |