From 33be03fb136ca11ba09834a19984c9f956049b6d Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Tue, 5 May 2020 20:21:27 +0000 Subject: Tue May 5 20:21:27 UTC 2020 a/hwdata-0.335-noarch-1.txz: Upgraded. ap/tmux-3.1b-x86_64-1.txz: Upgraded. l/libcap-2.34-x86_64-1.txz: Upgraded. n/mutt-1.14.0-x86_64-1.txz: Upgraded. n/nfs-utils-2.4.3-x86_64-3.txz: Rebuilt. Added /var/lib/nfs/nfsdcltrack database directory for nfsdcltrack. Thanks to upnort. x/xterm-356-x86_64-1.txz: Upgraded. xap/NetworkManager-openvpn-1.8.12-x86_64-1.txz: Added. Thanks to Robby Workman. xap/mozilla-firefox-68.8.0esr-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/68.8.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2020-17/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12387 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12388 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12389 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6831 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12392 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12393 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12395 (* Security fix *) xap/mozilla-thunderbird-68.8.0-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/68.8.0/releasenotes/ (* Security fix *) testing/packages/PAM/libcap-2.34-x86_64-1_pam.txz: Upgraded. --- source/l/libcap/libcap.SlackBuild | 7 +- source/l/libcap/libcap.pkgconfig.path.diff | 11 ++ .../python2-module-collection.SlackBuild | 46 +++---- source/n/nfs-utils/doinst.sh | 3 +- source/n/nfs-utils/nfs-utils.SlackBuild | 7 +- .../NetworkManager-openvpn.SlackBuild | 136 +++++++++++++++++++++ .../openvpn.nobody.nogroup.diff | 13 ++ source/xap/NetworkManager-openvpn/slack-desc | 19 +++ 8 files changed, 217 insertions(+), 25 deletions(-) create mode 100644 source/l/libcap/libcap.pkgconfig.path.diff create mode 100755 source/xap/NetworkManager-openvpn/NetworkManager-openvpn.SlackBuild create mode 100644 source/xap/NetworkManager-openvpn/openvpn.nobody.nogroup.diff create mode 100644 source/xap/NetworkManager-openvpn/slack-desc (limited to 'source') diff --git a/source/l/libcap/libcap.SlackBuild b/source/l/libcap/libcap.SlackBuild index 15cd5a8f3..d31535d35 100755 --- a/source/l/libcap/libcap.SlackBuild +++ b/source/l/libcap/libcap.SlackBuild @@ -86,11 +86,14 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ +# Put the pkgconfig files in the proper location: +zcat $CWD/libcap.pkgconfig.path.diff.gz | patch -p1 --verbose || exit 1 + # Set the CFLAGS -sed -i.orig "s/^\(DEBUG =\).*/\1$SLKCFLAGS/" Make.Rules +sed -i "s/^\(DEBUG =\).*/\1$SLKCFLAGS/" Make.Rules # Disable broken gperf support: -sed 's@^BUILD_GPERF@#\0@' -i Make.Rules +sed -i 's@^BUILD_GPERF@#\0@' Make.Rules make DYNAMIC=yes GOLANG=$GOSUPPORT || exit 1 make install RAISE_SETFCAP=no GOLANG=$GOSUPPORT DESTDIR=$PKG man_prefix=/usr || exit 1 diff --git a/source/l/libcap/libcap.pkgconfig.path.diff b/source/l/libcap/libcap.pkgconfig.path.diff new file mode 100644 index 000000000..9f3dc55d2 --- /dev/null +++ b/source/l/libcap/libcap.pkgconfig.path.diff @@ -0,0 +1,11 @@ +--- ./Make.Rules.orig 2020-05-03 17:56:47.000000000 -0500 ++++ ./Make.Rules 2020-05-05 15:10:07.762983203 -0500 +@@ -35,7 +35,7 @@ + SBINDIR=$(exec_prefix)/sbin + INCDIR=$(inc_prefix)/include + LIBDIR=$(lib_prefix)/$(lib) +-PKGCONFIGDIR=$(LIBDIR)/pkgconfig ++PKGCONFIGDIR=$(prefix)/$(LIBDIR)/pkgconfig + GOPKGDIR=$(prefix)/share/gocode/src + + # common defines for libcap diff --git a/source/l/python2-module-collection/python2-module-collection.SlackBuild b/source/l/python2-module-collection/python2-module-collection.SlackBuild index c34976996..8087c20b9 100755 --- a/source/l/python2-module-collection/python2-module-collection.SlackBuild +++ b/source/l/python2-module-collection/python2-module-collection.SlackBuild @@ -88,6 +88,31 @@ find . \ -exec chmod 644 {} \+ } +# setuptools-44.0.0: +cd $TMP/$PKGNAM-$VERSION || exit 1 +tar xf $CWD/modules/setuptools-44.0.0.tar.lz || exit 1 +cd setuptools-44.0.0 +fix_perms +# Install setuptools to the system if it's not there: +if [ ! -d /usr/lib${LIBDIRSUFFIX}/python2.7/site-packages/setuptools/version.py ]; then + python2 setup.py install --root=/ || exit 1 +fi +python2 setup.py install --root=$PKG || exit 1 +# Drop the python2 version of easy_install so the python 3.x +# one is the default: +rm -f $PKG/usr/bin/easy_install +mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION/setuptools-44.0.0 +cp -a CHANGES.rst PKG-INFO README.rst docs/*.txt \ + $PKG/usr/doc/$PKGNAM-$VERSION/setuptools-44.0.0 +find $PKG/usr/doc/$PKGNAM-$VERSION/setuptools-44.0.0 -type f -exec chmod 0644 {} \+ +# If there's a CHANGES.rst, installing at least part of the recent history +# is useful, but don't let it get totally out of control: +if [ -r CHANGES.rst ]; then + DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION/setuptools-44.0.0) + cat CHANGES.rst | head -n 1000 > $DOCSDIR/CHANGES.rst + touch -r CHANGES.rst $DOCSDIR/CHANGES.rst +fi + # Cython-0.29.16: cd $TMP/$PKGNAM-$VERSION || exit 1 tar xf $CWD/modules/Cython-0.29.16.tar.lz || exit 1 @@ -122,27 +147,6 @@ cp -a *.txt PKG-INFO README.rst \ $PKG/usr/doc/$PKGNAM-$VERSION/pip-20.0.2 find $PKG/usr/doc/$PKGNAM-$VERSION/pip-20.0.2 -type f -exec chmod 0644 {} \+ -# setuptools-44.0.0: -cd $TMP/$PKGNAM-$VERSION || exit 1 -tar xf $CWD/modules/setuptools-44.0.0.tar.lz || exit 1 -cd setuptools-44.0.0 -fix_perms -python2 setup.py install --root=$PKG || exit 1 -# Drop the python2 version of easy_install so the python 3.x -# one is the default: -rm -f $PKG/usr/bin/easy_install -mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION/setuptools-44.0.0 -cp -a CHANGES.rst PKG-INFO README.rst docs/*.txt \ - $PKG/usr/doc/$PKGNAM-$VERSION/setuptools-44.0.0 -find $PKG/usr/doc/$PKGNAM-$VERSION/setuptools-44.0.0 -type f -exec chmod 0644 {} \+ -# If there's a CHANGES.rst, installing at least part of the recent history -# is useful, but don't let it get totally out of control: -if [ -r CHANGES.rst ]; then - DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION/setuptools-44.0.0) - cat CHANGES.rst | head -n 1000 > $DOCSDIR/CHANGES.rst - touch -r CHANGES.rst $DOCSDIR/CHANGES.rst -fi - # M2Crypto-0.35.2 and typing-3.7.4.1: cd $TMP/$PKGNAM-$VERSION || exit 1 tar xf $CWD/modules/M2Crypto-0.35.2.tar.xz || exit 1 diff --git a/source/n/nfs-utils/doinst.sh b/source/n/nfs-utils/doinst.sh index 911a88cc2..59acadcb1 100644 --- a/source/n/nfs-utils/doinst.sh +++ b/source/n/nfs-utils/doinst.sh @@ -14,7 +14,8 @@ config var/lib/nfs/etab.new config var/lib/nfs/rmtab.new config var/lib/nfs/state.new rm -f var/lib/nfs/*.new -chown -R rpc:rpc var/lib/nfs +# No, no, no. +#chown -R rpc:rpc var/lib/nfs if [ -x etc/rc.d/rc.nfsd ]; then chmod 755 etc/rc.d/rc.nfsd.new else diff --git a/source/n/nfs-utils/nfs-utils.SlackBuild b/source/n/nfs-utils/nfs-utils.SlackBuild index 775740851..ab4ffebc0 100755 --- a/source/n/nfs-utils/nfs-utils.SlackBuild +++ b/source/n/nfs-utils/nfs-utils.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=nfs-utils VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -158,6 +158,11 @@ mkdir -p ${PKG}${NFSV4RECOVERYDIR} # Chown /var/lib/nfs so that rpc.statd runs as rpc:rpc: chown -R rpc:rpc $PKG/var/lib/nfs +# Add database directory for nfsdcltrack: +mkdir -p $PKG/var/lib/nfs/nfsdcltrack +chown root:rpc $PKG/var/lib/nfs/nfsdcltrack +chmod 775 $PKG/var/lib/nfs/nfsdcltrack + # Create log directory: mkdir -p $PKG/var/log/nfsd diff --git a/source/xap/NetworkManager-openvpn/NetworkManager-openvpn.SlackBuild b/source/xap/NetworkManager-openvpn/NetworkManager-openvpn.SlackBuild new file mode 100755 index 000000000..206a7c732 --- /dev/null +++ b/source/xap/NetworkManager-openvpn/NetworkManager-openvpn.SlackBuild @@ -0,0 +1,136 @@ +#!/bin/bash + +# Copyright 2010-2017 Robby Workman, Tuscaloosa, Alabama, USA +# Copyright 2020 Patrick J. Volkerding, Sebeka, Minnesota, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +PKGNAM=NetworkManager-openvpn +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$(uname -m)" in + i?86) ARCH=i586 ;; + arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) ARCH=$(uname -m) ;; + esac + export ARCH +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +elif [ "$ARCH" = "armv7hl" ]; then + SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16" + LIBDIRSUFFIX="" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +rm -rf $PKG +mkdir -p $TMP $PKG + +cd $TMP +rm -rf $PKGNAM-$VERSION +tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1 +cd $PKGNAM-$VERSION || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +# Run as nobody:nogroup: +zcat $CWD/openvpn.nobody.nogroup.diff.gz | patch -p1 --verbose || exit 1 + +# Configure, build, and install: +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --docdir=/usr/doc/$PKGNAM-$VERSION \ + --mandir=/usr/man \ + --disable-static \ + --build=$ARCH-slackware-linux || exit 1 +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 + +# Create the chroot directory +# From src/nm-openvpn-service-defines.h +# /* User name and group to run nm-openvpn-service under */ +# #define NM_OPENVPN_USER "nm-openvpn" +# #define NM_OPENVPN_GROUP "nm-openvpn" +# #define NM_OPENVPN_CHROOT LOCALSTATEDIR "/lib/openvpn/chroot" +mkdir -p $PKG/var/lib/openvpn/chroot + +# Strip binaries: +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + +# Add a documentation directory: +mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION +cp -a \ + AUTHORS* COPYING* ChangeLog* NEWS* README* \ + $PKG/usr/doc/${PKGNAM}-$VERSION + +# If there's a ChangeLog, installing at least part of the recent history +# is useful, but don't let it get totally out of control: +if [ -r ChangeLog ]; then + DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION) + cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog + touch -r ChangeLog $DOCSDIR/ChangeLog +fi + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz diff --git a/source/xap/NetworkManager-openvpn/openvpn.nobody.nogroup.diff b/source/xap/NetworkManager-openvpn/openvpn.nobody.nogroup.diff new file mode 100644 index 000000000..dcb47eae8 --- /dev/null +++ b/source/xap/NetworkManager-openvpn/openvpn.nobody.nogroup.diff @@ -0,0 +1,13 @@ +--- ./shared/nm-service-defines.h.orig 2020-03-06 06:38:55.000000000 -0600 ++++ ./shared/nm-service-defines.h 2020-05-03 20:12:26.997028745 -0500 +@@ -126,8 +126,8 @@ + #define NM_OPENVPN_VERIFY_X509_NAME_TYPE_SUBJECT "subject" + + /* User name and group to run nm-openvpn-service under */ +-#define NM_OPENVPN_USER "nm-openvpn" +-#define NM_OPENVPN_GROUP "nm-openvpn" ++#define NM_OPENVPN_USER "nobody" ++#define NM_OPENVPN_GROUP "nogroup" + #define NM_OPENVPN_CHROOT LOCALSTATEDIR "/lib/openvpn/chroot" + + #endif /* __NM_SERVICE_DEFINES_H__ */ diff --git a/source/xap/NetworkManager-openvpn/slack-desc b/source/xap/NetworkManager-openvpn/slack-desc new file mode 100644 index 000000000..c045ad602 --- /dev/null +++ b/source/xap/NetworkManager-openvpn/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +NetworkManager-openvpn: NetworkManager-openvpn (OpenVPN Support for NetworkManager) +NetworkManager-openvpn: +NetworkManager-openvpn: NetworkManager attempts to keep an active network connection available +NetworkManager-openvpn: at all times. This applet provides OpenVPN Support for NetworkManager. +NetworkManager-openvpn: +NetworkManager-openvpn: Homepage: https://github.com/GNOME/NetworkManager-openvpn +NetworkManager-openvpn: +NetworkManager-openvpn: +NetworkManager-openvpn: +NetworkManager-openvpn: +NetworkManager-openvpn: -- cgit v1.2.3-65-gdbad