diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2018-09-06 06:15:46 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2018-09-06 18:00:33 +0200 |
commit | ce9883adcab118cd8a0ae45076486ebf643fe2d5 (patch) | |
tree | 5401dcca86cb602cf0a9b8443345458c51735cec /source/d | |
parent | 38dfc4aa131a87735dfc8629c3394c7d2670e9d5 (diff) | |
download | current-ce9883adcab118cd8a0ae45076486ebf643fe2d5.tar.gz current-ce9883adcab118cd8a0ae45076486ebf643fe2d5.tar.xz |
Thu Sep 6 06:15:46 UTC 201820180906061546
a/acpid-2.0.30-x86_64-1.txz: Upgraded.
a/etc-15.0-x86_64-9.txz: Rebuilt.
Added support for /etc/ld.so.conf.d/. Thanks to Qury.
a/kernel-firmware-20180904_85c5d90-noarch-1.txz: Upgraded.
a/kernel-generic-4.14.68-x86_64-1.txz: Upgraded.
a/kernel-huge-4.14.68-x86_64-1.txz: Upgraded.
a/kernel-modules-4.14.68-x86_64-1.txz: Upgraded.
a/pkgtools-15.0-noarch-22.txz: Rebuilt.
installpkg: prevent noise from the "stray cat" if tar hands it a broken
pipe. Thanks to ivandi.
Also (in the comments) provide a possibly better but untested solution.
Thanks to SeB.
a/sysvinit-2.90-x86_64-2.txz: Rebuilt.
sysvinit-2.90 added an undocumented feature that tries to spawn agetty
if it sees console= in the kernel command line. Avoiding the debate about
whether this code belongs in init at all, at least such a change should
be documented, and probably made opt-in. This patch disables the new
behavior unless "sysvinit_agetty" is also seen in the kernel command line.
It seems like this might have been something added for Hurd, and it might
be wise to stick to what we've got rather than following upstream on this
particular package. If anyone notices any other odd behavior, please let
me know. Thanks to shastah.
a/sysvinit-scripts-2.1-noarch-19.txz: Rebuilt.
When checking for intel_pstate, direct the stderr to /dev/null in case
the file doesn't exist in /sys. Thanks to ivandi.
Allow forcing an option by editing /etc/default/cpufreq.
ap/cups-filters-1.21.2-x86_64-1.txz: Upgraded.
ap/ghostscript-9.24-x86_64-1.txz: Upgraded.
Patched multiple -dSAFER sandbox bypass vulnerabilities.
Thanks to Tavis Ormandy.
For more information, see:
https://www.ghostscript.com/doc/9.24/News.htm
https://www.kb.cert.org/vuls/id/332928
(* Security fix *)
ap/sudo-1.8.25-x86_64-1.txz: Upgraded.
d/binutils-2.31.1-x86_64-2.txz: Rebuilt.
elf.c (_bfd_elf_get_symbol_version_string): Return _("<corrupt>") for
corrupt symbol version info.
elflink.c (bfd_elf_record_link_assignment): Always clear h->verinfo.verdef
when overriding a dynamic definition.
Thanks to Michael Short for pointing out the upstream patches.
d/ccache-3.4.3-x86_64-1.txz: Upgraded.
d/kernel-headers-4.14.68-x86-1.txz: Upgraded.
d/llvm-6.0.1-x86_64-2.txz: Rebuilt.
Recompiled with -DCLANG_BUILD_SHARED_LIBS=ON to fix issues when multiple
OpenCL drivers are installed. Thanks to Heinz Wiesinger.
d/mercurial-4.7.1-x86_64-1.txz: Upgraded.
k/kernel-source-4.14.68-noarch-1.txz: Upgraded.
l/mozilla-nss-3.39-x86_64-1.txz: Upgraded.
n/curl-7.61.1-x86_64-1.txz: Upgraded.
This update fixes an NTLM password overflow via integer overflow.
For more information, see:
https://curl.haxx.se/docs/CVE-2018-14618.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618
(* Security fix *)
n/gnupg2-2.2.10-x86_64-1.txz: Upgraded.
n/libtirpc-1.1.4-x86_64-1.txz: Upgraded.
n/netatalk-3.1.11-x86_64-2.txz: Rebuilt.
rc.atalk: fixed errors in status output. Thanks to marav.
n/nghttp2-1.33.0-x86_64-1.txz: Upgraded.
n/p11-kit-0.23.14-x86_64-1.txz: Upgraded.
n/stunnel-5.49-x86_64-1.txz: Upgraded.
x/libdrm-2.4.94-x86_64-1.txz: Upgraded.
x/xf86-video-ati-20180824_de88ea27-x86_64-1.txz: Upgraded.
xap/hexchat-2.14.2-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-60.2.0esr-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
xap/xlockmore-5.56-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'source/d')
-rwxr-xr-x | source/d/binutils/binutils.SlackBuild | 5 | ||||
-rw-r--r-- | source/d/binutils/patches/binutils-2.31.1-verinfo-fix-corrupt-symbol-detect.patch | 106 | ||||
-rwxr-xr-x | source/d/ccache/ccache.SlackBuild | 2 | ||||
-rw-r--r-- | source/d/llvm/clang_disable_pgo.patch | 14 | ||||
-rwxr-xr-x | source/d/llvm/llvm.SlackBuild | 22 | ||||
-rw-r--r-- | source/d/llvm/n_clang_allow_BUILD_SHARED_LIBRARY.patch | 19 |
6 files changed, 145 insertions, 23 deletions
diff --git a/source/d/binutils/binutils.SlackBuild b/source/d/binutils/binutils.SlackBuild index 05a715fa5..a189cba29 100755 --- a/source/d/binutils/binutils.SlackBuild +++ b/source/d/binutils/binutils.SlackBuild @@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=binutils VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: MARCH=$( uname -m ) @@ -121,6 +121,9 @@ zcat $CWD/patches/binutils.export.demangle.h.diff.gz | patch -p1 --verbose || ex # Don't check to see if "config.h" was included in the installed headers: zcat $CWD/patches/binutils.no-config-h-check.diff.gz | patch -p1 --verbose || exit 1 +# Patch to Fix invalid version info and detect corrupted objects +zcat $CWD/patches/binutils-2.31.1-verinfo-fix-corrupt-symbol-detect.patch.gz | patch -p2 --verbose || exit 1 + # Set %version to something halfway meaningful: sed -i -e 's/%''{release}/slack15/g' bfd/Makefile{.am,.in} diff --git a/source/d/binutils/patches/binutils-2.31.1-verinfo-fix-corrupt-symbol-detect.patch b/source/d/binutils/patches/binutils-2.31.1-verinfo-fix-corrupt-symbol-detect.patch new file mode 100644 index 000000000..170577d50 --- /dev/null +++ b/source/d/binutils/patches/binutils-2.31.1-verinfo-fix-corrupt-symbol-detect.patch @@ -0,0 +1,106 @@ +diff -Naur a/binutils-2.31.1/bfd/ChangeLog b/binutils-2.31.1/bfd/ChangeLog +--- a/binutils-2.31.1/bfd/ChangeLog 2018-07-18 00:50:08.000000000 -0700 ++++ b/binutils-2.31.1/bfd/ChangeLog 2018-08-31 02:34:06.852965351 -0700 +@@ -1,3 +1,15 @@ ++2018-08-25 H.J. Lu <hongjiu.lu@intel.com> ++ ++ PR ld/23499 ++ * elf.c (_bfd_elf_get_symbol_version_string): Return ++ _("<corrupt>") for corrupt symbol version info. ++ ++2018-08-10 H.J. Lu <hongjiu.lu@intel.com> ++ ++ PR ld/23499 ++ * elflink.c (bfd_elf_record_link_assignment): Always clear ++ h->verinfo.verdef when overriding a dynamic definition. ++ + 2018-07-18 Nick Clifton <nickc@redhat.com> + + 2.31.1 Release point. +diff -Naur a/binutils-2.31.1/bfd/elf.c b/binutils-2.31.1/bfd/elf.c +--- a/binutils-2.31.1/bfd/elf.c 2018-08-31 01:07:56.804985073 -0700 ++++ b/binutils-2.31.1/bfd/elf.c 2018-08-31 02:36:40.067964767 -0700 +@@ -1884,7 +1884,7 @@ + { + Elf_Internal_Verneed *t; + +- version_string = ""; ++ version_string = _("<corrupt>"); + for (t = elf_tdata (abfd)->verref; + t != NULL; + t = t->vn_nextref) +diff -Naur a/binutils-2.31.1/bfd/elflink.c b/binutils-2.31.1/bfd/elflink.c +--- a/binutils-2.31.1/bfd/elflink.c 2018-07-13 00:33:03.000000000 -0700 ++++ b/binutils-2.31.1/bfd/elflink.c 2018-08-31 01:30:01.056980022 -0700 +@@ -686,13 +686,11 @@ + && !h->def_regular) + h->root.type = bfd_link_hash_undefined; + +- /* If this symbol is not being provided by the linker script, and it is +- currently defined by a dynamic object, but not by a regular object, +- then clear out any version information because the symbol will not be +- associated with the dynamic object any more. */ +- if (!provide +- && h->def_dynamic +- && !h->def_regular) ++ /* If this symbol is currently defined by a dynamic object, but not ++ by a regular object, then clear out any version information because ++ the symbol will not be associated with the dynamic object any ++ more. */ ++ if (h->def_dynamic && !h->def_regular) + h->verinfo.verdef = NULL; + + /* Make sure this symbol is not garbage collected. */ +diff -Naur a/binutils-2.31.1/binutils/ChangeLog b/binutils-2.31.1/binutils/ChangeLog +--- a/binutils-2.31.1/binutils/ChangeLog 2018-07-18 00:50:26.000000000 -0700 ++++ b/binutils-2.31.1/binutils/ChangeLog 2018-08-31 02:37:48.060964507 -0700 +@@ -1,3 +1,9 @@ ++2018-08-25 H.J. Lu <hongjiu.lu@intel.com> ++ ++ PR ld/23499 ++ * readelf.c (get_symbol_version_string): Return _("<corrupt>") ++ for corrupt symbol version info. ++ + 2018-07-18 Nick Clifton <nickc@redhat.com> + + 2.31.1 Release point. +diff -Naur a/binutils-2.31.1/binutils/readelf.c b/binutils-2.31.1/binutils/readelf.c +--- a/binutils-2.31.1/binutils/readelf.c 2018-06-24 11:38:57.000000000 -0700 ++++ b/binutils-2.31.1/binutils/readelf.c 2018-08-31 02:47:39.215962252 -0700 +@@ -11252,6 +11252,7 @@ + unsigned char data[2]; + unsigned short vers_data; + unsigned long offset; ++ unsigned short max_vd_ndx; + + if (!is_dynsym + || version_info[DT_VERSIONTAGIDX (DT_VERSYM)] == 0) +@@ -11269,6 +11270,8 @@ + if ((vers_data & VERSYM_HIDDEN) == 0 && vers_data == 0) + return NULL; + ++ max_vd_ndx = 0; ++ + /* Usually we'd only see verdef for defined symbols, and verneed for + undefined symbols. However, symbols defined by the linker in + .dynbss for variables copied from a shared library in order to +@@ -11311,6 +11314,9 @@ + ivd.vd_flags = BYTE_GET (evd.vd_flags); + } + ++ if ((ivd.vd_ndx & VERSYM_VERSION) > max_vd_ndx) ++ max_vd_ndx = ivd.vd_ndx & VERSYM_VERSION; ++ + off += ivd.vd_next; + } + while (ivd.vd_ndx != (vers_data & VERSYM_VERSION) && ivd.vd_next != 0); +@@ -11402,6 +11408,9 @@ + return (ivna.vna_name < strtab_size + ? strtab + ivna.vna_name : _("<corrupt>")); + } ++ else if ((max_vd_ndx || (vers_data & VERSYM_VERSION) != 1) ++ && (vers_data & VERSYM_VERSION) > max_vd_ndx) ++ return _("<corrupt>"); + } + return NULL; + } diff --git a/source/d/ccache/ccache.SlackBuild b/source/d/ccache/ccache.SlackBuild index 16d64a717..0ffab1565 100755 --- a/source/d/ccache/ccache.SlackBuild +++ b/source/d/ccache/ccache.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=ccache VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/d/llvm/clang_disable_pgo.patch b/source/d/llvm/clang_disable_pgo.patch deleted file mode 100644 index c3998798d..000000000 --- a/source/d/llvm/clang_disable_pgo.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- ./tools/clang/lib/CodeGen/CodeGenPGO.cpp.orig 2018-03-08 19:50:01.115345121 -0600 -+++ ./tools/clang/lib/CodeGen/CodeGenPGO.cpp 2018-03-08 19:52:24.016358481 -0600 -@@ -22,10 +22,7 @@ - #include "llvm/Support/FileSystem.h" - #include "llvm/Support/MD5.h" - --static llvm::cl::opt<bool> -- EnableValueProfiling("enable-value-profiling", llvm::cl::ZeroOrMore, -- llvm::cl::desc("Enable value profiling"), -- llvm::cl::Hidden, llvm::cl::init(false)); -+static bool EnableValueProfiling = false; - - using namespace clang; - using namespace CodeGen; diff --git a/source/d/llvm/llvm.SlackBuild b/source/d/llvm/llvm.SlackBuild index 87428b381..591ed74db 100755 --- a/source/d/llvm/llvm.SlackBuild +++ b/source/d/llvm/llvm.SlackBuild @@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=llvm VERSION=${VERSION:-$(echo llvm-*.tar.xz | rev | cut -f 4- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} NUMJOBS=${NUMJOBS:-" -j7 "} @@ -114,9 +114,9 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \; -# disable value profiling until https://llvm.org/bugs/show_bug.cgi?id=30587 -# is fixed. -zcat $CWD/clang_disable_pgo.patch.gz | patch -p1 --verbose || exit 1 +# Work around https://llvm.org/bugs/show_bug.cgi?id=30587 +# by building clang with shared libs +zcat $CWD/n_clang_allow_BUILD_SHARED_LIBRARY.patch.gz | patch -p0 --verbose || exit 1 # need to disable assertions to make llvm thread-safe # clang resource dir is a relative path based on the location of the clang binary @@ -130,12 +130,14 @@ cd build -DCMAKE_INSTALL_PREFIX=/usr \ -DLLVM_LIBDIR_SUFFIX=${LIBDIRSUFFIX} \ -DCMAKE_BUILD_TYPE=Release \ + -DBUILD_SHARED_LIBS=OFF \ + -DCLANG_BUILD_SHARED_LIBS=ON \ -DLLVM_BUILD_LLVM_DYLIB=ON \ - -DLLVM_DYLIB_EXPORT_ALL=ON \ -DLLVM_LINK_LLVM_DYLIB=ON \ -DLLVM_ENABLE_RTTI=ON \ -DLLVM_ENABLE_FFI=ON \ -DLLVM_ENABLE_ASSERTIONS=OFF \ + -DLLVM_USE_OPROFILE=ON \ -DLLVM_BINUTILS_INCDIR=/usr/include \ -DCLANG_RESOURCE_DIR="../lib${LIBDIRSUFFIX}/clang/${VERSION}" \ .. || exit 1 @@ -163,8 +165,10 @@ done rm -f $PKG/usr/lib$LIBDIRSUFFIX/libgomp.so # Install Python bindings -mkdir -p "$PKG/usr/lib$LIBDIRSUFFIX/python2.7/site-packages" -cp -a tools/clang/bindings/python/clang "$PKG/usr/lib$LIBDIRSUFFIX/python2.7/site-packages/" +for pyver in 2.7 3.6; do + mkdir -p "$PKG/usr/lib$LIBDIRSUFFIX/python$pyver/site-packages" + cp -a tools/clang/bindings/python/clang "$PKG/usr/lib$LIBDIRSUFFIX/python$pyver/site-packages/" +done # Remove bundled python-six rm -f "$PKG/usr/lib$LIBDIRSUFFIX/python2.7/site-packages/six.py" @@ -172,12 +176,16 @@ rm -f "$PKG/usr/lib$LIBDIRSUFFIX/python2.7/site-packages/six.py" # Compile Python scripts python -m compileall "$PKG/usr/lib$LIBDIRSUFFIX/python2.7/site-packages/clang" python -O -m compileall "$PKG/usr/lib$LIBDIRSUFFIX/python2.7/site-packages/clang" +python3 -m compileall "$PKG/usr/lib$LIBDIRSUFFIX/python3.6/site-packages/clang" +python3 -O -m compileall "$PKG/usr/lib$LIBDIRSUFFIX/python3.6/site-packages/clang" python -m compileall "$PKG/usr/lib$LIBDIRSUFFIX/python2.7/site-packages/lldb" python -O -m compileall "$PKG/usr/lib$LIBDIRSUFFIX/python2.7/site-packages/lldb" python -m compileall "$PKG/usr/share/scan-view" python -O -m compileall "$PKG/usr/share/scan-view" python -m compileall "$PKG/usr/share/clang" python -O -m compileall "$PKG/usr/share/clang" +python -m compileall "$PKG/usr/share/opt-viewer" +python -O -m compileall "$PKG/usr/share/opt-viewer" # Move man page directory: mv $PKG/usr/share/man $PKG/usr/ diff --git a/source/d/llvm/n_clang_allow_BUILD_SHARED_LIBRARY.patch b/source/d/llvm/n_clang_allow_BUILD_SHARED_LIBRARY.patch new file mode 100644 index 000000000..8e42aaee6 --- /dev/null +++ b/source/d/llvm/n_clang_allow_BUILD_SHARED_LIBRARY.patch @@ -0,0 +1,19 @@ +We use LLVM_BUILD_LLVM_DYLIB to build the llvm libraries as shared, but that +does not work for clang. We can use BUILD_SHARED_LIBS on clang, but since we +build them all together, we need to smuggle it in using this patch. + +Index: CMakeLists.txt +=================================================================== +--- tools/clang/CMakeLists.txt ++++ tools/clang/CMakeLists.txt +@@ -1,5 +1,10 @@ + cmake_minimum_required(VERSION 3.4.3) + ++if( CLANG_BUILD_SHARED_LIBS ) ++ set(BUILD_SHARED_LIBS ON) ++ set(LLVM_BUILD_LLVM_DYLIB OFF) ++endif() ++ + # If we are not building as a part of LLVM, build Clang as an + # standalone project, using LLVM as an external library: + if( CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR ) |