Slackware 14.1slackware-14.1

Mon Nov  4 17:08:47 UTC 2013
Slackware 14.1 x86_64 stable is released!

It's been another interesting release cycle here at Slackware bringing
new features like support for UEFI machines, updated compilers and
development tools, the switch from MySQL to MariaDB, and many more
improvements throughout the system.  Thanks to the team, the upstream
developers, the dedicated Slackware community, and everyone else who
pitched in to help make this release a reality.

The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a
dual-sided
32-bit/64-bit x86/x86_64 DVD.  Please consider supporting the Slackware
project by picking up a copy from store.slackware.com.  We're taking
pre-orders now, and offer a discount if you sign up for a subscription.

Have fun!  :-)

1 files changed, 53 insertions, 37 deletions

diff --git a/source/l/glibc/glibc.SlackBuild b/source/l/glibc/glibc.SlackBuild
index 0ab9e7143..c97559eee 100755
--- a/source/l/glibc/glibc.SlackBuild
+++ b/source/l/glibc/glibc.SlackBuild
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright 2006, 2008, 2009, 2010, 2011, 2012  Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2006, 2008, 2009, 2010, 2011, 2012, 2013  Patrick J. Volkerding, Sebeka, MN, USA
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -22,7 +22,7 @@
 
 ## build glibc-$VERSION for Slackware
 
-VERSION=${VERSION:-2.15}
+VERSION=${VERSION:-2.17}
 CHECKOUT=${CHECKOUT:-""}
 BUILD=${BUILD:-7}
 
@@ -30,6 +30,9 @@ BUILD=${BUILD:-7}
 ## glibc-libidn version
 #LIBIDNVER=2.10.1
 
+# I was considering disabling NSCD, but MoZes talked me out of it.  :)
+#DISABLE_NSCD=" --disable-nscd "
+
 # $ARCH may be preset, otherwise i486 compatibility with i686 binary
 # structuring is the Slackware default, since this is what gcc-3.2+
 # requires for binary compatibility with previous releases.
@@ -134,13 +137,6 @@ fix_doinst() {
 # This is a patch function to put all glibc patches in the build script
 # up near the top.
 apply_patches() {
-  # Reexport the RPC interfaces that were removed in glibc-2.14.
-  # Sure, it's crufy code, but stuff needs it, so rather than pull the
-  # rug out from under you, we'll just humbly recommend that you consider
-  # transitioning away from it...  :-)
-  zcat $CWD/glibc-2.14-reexport-rpc-interface.patch.gz | patch -p1 --verbose || exit 1
-  # Add back the NIS and RPC headers:
-  zcat $CWD/glibc-2.14-reinstall-nis-rpc-headers.patch.gz | patch -p1 --verbose || exit 1
   # Use old-style locale directories rather than a single (and strangely
   # formatted) /usr/lib/locale/locale-archive file:
   zcat $CWD/glibc.locale.no-archive.diff.gz | patch -p1 --verbose || exit 1
@@ -172,32 +168,27 @@ apply_patches() {
   # Avoid the Intel optimized asm routines for now because they break
   # the flash player.  We'll phase this in when it's safer to do so.
   zcat $CWD/glibc.disable.broken.optimized.memcpy.diff.gz | patch -p1 --verbose || exit 1
-  # Upstream fixes to avert Firefox crashes:  (still applies to 2.15...   probably better not to drop it)
-  zcat $CWD/glibc-2.14.1-fixes-1.patch.gz | patch -p1 --verbose || exit 1
-  # Upstream patch to fix relocation sorting related crashes:
-  zcat $CWD/glibc.git-6ee65ed6ddbf04402fad0bec6aa9c73b9d982ae4.diff.gz | patch -p1 --verbose || exit 1
-  # Upstream patch to fix crashes when nscd is not running:
-  zcat $CWD/glibc-2.15.nscd-race-fix.diff.gz | patch -p1 --verbose || exit 1
-  # Revert a patch that went into 2.15 that causes NPTL related crashes:
-  zcat $CWD/glibc-2.15-revert-c5a0802a.diff.gz | patch -p1 --verbose || exit 1
-  # Patch integer overflows in strtod*() functions:
-  zcat $CWD/glibc.strtod.CVE-2012-3480.diff.gz | patch -p1 --verbose || exit 1
-  # Update the timezone information:
-  ( cd timezone
-    tar xzf $CWD/tzdata?????.tar.gz
-    chown root:root *
-    mv yearistype.sh yearistype
-    chmod 644 *
-    chmod 755 yearistype
-    mkdir tzcode
-    cd tzcode
-    tar xzf $CWD/tzcode?????.tar.gz
-    # A partial build is needed here to update TZVERSION in version.h:
-    make -i
-    chown -R root:root .
-    chmod 644 *
-    cp -a *.c *.h ..
-  )
+  # Fix buffer overrun in regexp matcher.  This bug is deemed low impact since
+  # the buffer contents cannot be controlled, but could lead to a crash.
+  zcat $CWD/glibc.CVE-2013-0242.diff.gz | patch -p1 --verbose || exit 1
+  # Fix stack overflow in getaddrinfo with many results.  This bug can only be
+  # triggered through DNS poisoning or through the use of a hostile DNS
+  # server (in which case you already have problems), and requires large
+  # amounts of data to be sent to the targeted machine.  May lead to a
+  # crash.  Considered low impact.
+  zcat $CWD/glibc.CVE-2013-1914.diff.gz | patch -p1 --verbose || exit 1
+  # Remove pt_chown by default, as it can be used for a local privilege
+  # escalation.  However, although this is worth patching in the -current
+  # version, it requires a non-default (and known to weaken security) setting
+  # for FUSE.  Additionally, the patch is not portable to older versions of
+  # glibc (but thanks Mancha for porting it to 2.17!).  On older versions
+  # of glibc, making /usr/libexec/pt_chown a symlink to /bin/true will
+  # provide the same fix, if needed.  But the insecure setting for FUSE
+  # probably opens up many other possible exploits and should be avoided.
+  zcat $CWD/glibc.CVE-2013-2207.diff.gz | patch -p1 --verbose || exit 1
+  # Patch integer overflows in pvalloc, valloc, and
+  # posix_memalign/memalign/aligned_alloc (CVE-2013-4332).
+  zcat $CWD/glibc.CVE-2013-4332.diff.gz | patch -p1 --verbose || exit 1
 }
 
 # This is going to be the initial $DESTDIR:
@@ -275,10 +266,12 @@ CFLAGS="-g $OPTIMIZ" \
 ../configure \
   --prefix=/usr \
   --libdir=/usr/lib${LIBDIRSUFFIX} \
-  --enable-kernel=2.6.32 \
+  --enable-kernel=3.2.29 \
   --with-headers=/usr/include \
   --enable-add-ons=libidn,nptl \
+  --enable-obsolete-rpc \
   --enable-profile \
+  $DISABLE_NSCD \
   --infodir=/usr/info \
   --mandir=/usr/man \
   --with-tls \
@@ -311,6 +304,25 @@ strip -g $PKG/lib${LIBDIRSUFFIX}/l*.so*
 strip -g $PKG/usr/lib${LIBDIRSUFFIX}/l*.so*
 strip -g $PKG/usr/lib${LIBDIRSUFFIX}/lib*.a
 
+# Build and install the zoneinfo database:
+cd $TMP
+rm -rf tzcodedata-build
+mkdir tzcodedata-build
+cd tzcodedata-build
+tar xzf $CWD/tzdata?????.tar.gz
+tar xzf $CWD/tzcode?????.tar.gz
+sed -i "s,/usr/local,$(pwd),g" Makefile
+sed -i "s,/etc/zoneinfo,/zoneinfo,g" Makefile
+make
+make install
+mkdir -p $PKG/usr/share/zoneinfo/{posix,right}
+cp -a zoneinfo/* $PKG/usr/share/zoneinfo
+cp -a zoneinfo-posix/* $PKG/usr/share/zoneinfo/posix
+cp -a zoneinfo-leaps/* $PKG/usr/share/zoneinfo/right
+# Remove $PKG/usr/share/zoneinfo/localtime -- the install script will
+# create it as a link to /etc/localtime.
+rm -f $PKG/usr/share/zoneinfo/localtime
+
 # Back to the sources dir to add some files/docs:
 cd $TMP/glibc-$CVSVER
 
@@ -320,6 +332,10 @@ mkdir -p $PKG/etc
 cat nscd/nscd.conf > $PKG/etc/nscd.conf.new
 
 # Install some scripts to help select a timezone:
+( cd $CWD/timezone-scripts
+  # Try to rebuild this:
+  sh output-updated-timeconfig.sh $PKG/usr/share/zoneinfo > timeconfig 2> /dev/null
+)
 mkdir -p $PKG/var/log/setup
 cp -a $CWD/timezone-scripts/setup.timeconfig $PKG/var/log/setup
 chown root:root $PKG/var/log/setup/setup.timeconfig
@@ -378,7 +394,7 @@ rm $PKG/etc/ld.so.cache
 
 # glibc-zoneinfo.  We will start with an easy one to avoid breaking a sweat.  ;-)
 cd $CWD
-ZONE_VERSIONS="$(echo tzcode* | cut -f1 -d . | cut -b7-11)_$(echo tzdata* | cut -f1 -d . | cut -b7-11)"
+ZONE_VERSIONS="$(echo tzdata* | cut -f1 -d . | cut -b7-11)"
 echo $ZONE_VERSIONS
 cd $PZONE
 # Install some scripts to help select a timezone: