diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2024-03-13 19:46:48 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2024-03-13 21:30:19 +0100 |
| commit | 47e3f5d9c3c5d0832b83f12782ded63fdcb11bd1 (patch) | |
| tree | 84be9b35d40057667e2d7616b8b9adef6f68c093 /source | |
| parent | e4d752ef5069af2d0502827a03aaadfe36d3bb04 (diff) | |
| download | current-47e3f5d9c3c5d0832b83f12782ded63fdcb11bd1.tar.gz current-47e3f5d9c3c5d0832b83f12782ded63fdcb11bd1.tar.xz | |
Wed Mar 13 19:46:48 UTC 202420240313194648
a/etc-15.1-x86_64-9.txz: Rebuilt.
Added proftpd user (97) and proftpd group (97).
Added nm-openvpn user (320) and nm-openvpn group (320).
Added openvpn user (443) and openvpn group (443).
Added overflowuid user (65534) and overflowgid group (65534).
Thanks to opty for encouraging us to think about nobody.
d/meson-1.4.0-x86_64-1.txz: Upgraded.
d/python-setuptools-69.2.0-x86_64-1.txz: Upgraded.
l/expat-2.6.2-x86_64-1.txz: Upgraded.
Prevent billion laughs attacks with isolated use of external parsers.
For more information, see:
https://github.com/libexpat/libexpat/commit/1d50b80cf31de87750103656f6eb693746854aa8
https://www.cve.org/CVERecord?id=CVE-2024-28757
(* Security fix *)
l/pipewire-1.0.4-x86_64-1.txz: Upgraded.
l/python-zipp-3.18.0-x86_64-1.txz: Upgraded.
n/openvpn-2.6.9-x86_64-2.txz: Rebuilt.
Run as openvpn:openvpn. Thanks to rkelsen.
n/proftpd-1.3.8b-x86_64-2.txz: Rebuilt.
Run as proftpd:proftpd.
x/libva-2.21.0-x86_64-1.txz: Upgraded.
x/libva-utils-2.21.0-x86_64-1.txz: Upgraded.
xap/NetworkManager-openvpn-1.10.2-x86_64-2.txz: Rebuilt.
Run as nm-openvpn:nm-openvpn. Thanks to Markus Wiesner.
Diffstat (limited to 'source')
| -rwxr-xr-x | source/a/etc/etc.SlackBuild | 2 | ||||
| -rw-r--r-- | source/a/etc/group.new | 4 | ||||
| -rw-r--r-- | source/a/etc/passwd.new | 4 | ||||
| -rw-r--r-- | source/a/etc/shadow.new | 4 | ||||
| -rw-r--r-- | source/d/python-setuptools/setuptools.url (renamed from source/d/python-setuptools/python-setuptools.url) | 0 | ||||
| -rw-r--r-- | source/l/expat/expat.url | 4 | ||||
| -rwxr-xr-x | source/l/pipewire/pipewire.SlackBuild | 2 | ||||
| -rw-r--r-- | source/n/openvpn/README | 10 | ||||
| -rwxr-xr-x | source/n/openvpn/openvpn.SlackBuild | 6 | ||||
| -rw-r--r-- | source/n/openvpn/rc.openvpn | 8 | ||||
| -rw-r--r-- | source/n/proftpd/etc/proftpd.conf | 6 | ||||
| -rwxr-xr-x | source/n/proftpd/proftpd.SlackBuild | 6 | ||||
| -rwxr-xr-x | source/xap/NetworkManager-openvpn/NetworkManager-openvpn.SlackBuild | 7 | ||||
| -rw-r--r-- | source/xap/NetworkManager-openvpn/openvpn.nobody.nogroup.diff | 13 |
14 files changed, 36 insertions, 40 deletions
diff --git a/source/a/etc/etc.SlackBuild b/source/a/etc/etc.SlackBuild index 4a10ba5d9..4dc6e0d59 100755 --- a/source/a/etc/etc.SlackBuild +++ b/source/a/etc/etc.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=etc VERSION=15.1 -BUILD=${BUILD:-8} +BUILD=${BUILD:-9} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/a/etc/group.new b/source/a/etc/group.new index 71f4923d8..d4a516c68 100644 --- a/source/a/etc/group.new +++ b/source/a/etc/group.new @@ -53,10 +53,14 @@ postdrop:x:92: scanner:x:93: dovecot:x:94: dovenull:x:95: +proftpd:x:97: nobody:x:98:nobody nogroup:x:99: users:x:100: console:x:101: avahi:x:214: colord:x:303: +nm-openvpn:x:320: ldap:x:330: +openvpn:x:443: +overflowgid:x:65534: diff --git a/source/a/etc/passwd.new b/source/a/etc/passwd.new index 5c200b3a3..e926f2f4a 100644 --- a/source/a/etc/passwd.new +++ b/source/a/etc/passwd.new @@ -34,7 +34,11 @@ pop:x:90:90:POP:/:/bin/false postfix:x:91:91:User for Postfix MTA:/dev/null:/bin/false dovecot:x:94:94:User for Dovecot processes:/dev/null:/bin/false dovenull:x:95:95:User for Dovecot login processing:/dev/null:/bin/false +proftpd:x:97:97:User for ProFTPD:/:/bin/false nobody:x:99:99:nobody:/:/bin/false avahi:x:214:214:User for avahi:/dev/null:/bin/false colord:x:303:303:User for colord:/var/lib/colord:/bin/false +nm-openvpn:x:320:320:User for NetworkManager-openvpn:/var/lib/openvpn/chroot:/bin/false ldap:x:330:330:OpenLDAP server:/var/lib/openldap:/bin/false +openvpn:x:443:443:User for OpenVPN:/:/bin/false +overflowuid:x:65534:65534:System UID overflow:/:/bin/false diff --git a/source/a/etc/shadow.new b/source/a/etc/shadow.new index e2bad0ff1..f2acecf78 100644 --- a/source/a/etc/shadow.new +++ b/source/a/etc/shadow.new @@ -34,7 +34,11 @@ pop:*:9797:0::::: postfix:*:9797:0::::: dovecot:*:9797:0::::: dovenull:*:9797:0::::: +proftpd:*:9797:0::::: nobody:*:9797:0::::: avahi:*:9797:0::::: colord:*:9797:0::::: +nm-openvpn:*:9797:0::::: ldap:*:9797:0::::: +openvpn:*:9797:0::::: +overflowuid:*:9797:0::::: diff --git a/source/d/python-setuptools/python-setuptools.url b/source/d/python-setuptools/setuptools.url index 6e63ed64c..6e63ed64c 100644 --- a/source/d/python-setuptools/python-setuptools.url +++ b/source/d/python-setuptools/setuptools.url diff --git a/source/l/expat/expat.url b/source/l/expat/expat.url index e463cc8da..9493fbccd 100644 --- a/source/l/expat/expat.url +++ b/source/l/expat/expat.url @@ -1,2 +1,2 @@ -https://github.com/libexpat/libexpat/releases/download/R_2_6_1/expat-2.6.1.tar.lz -https://github.com/libexpat/libexpat/releases/download/R_2_6_1/expat-2.6.1.tar.lz.asc +https://github.com/libexpat/libexpat/releases/download/R_2_6_2/expat-2.6.2.tar.lz +https://github.com/libexpat/libexpat/releases/download/R_2_6_2/expat-2.6.2.tar.lz.asc diff --git a/source/l/pipewire/pipewire.SlackBuild b/source/l/pipewire/pipewire.SlackBuild index f5a101bd0..79f1988d9 100755 --- a/source/l/pipewire/pipewire.SlackBuild +++ b/source/l/pipewire/pipewire.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=pipewire VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-5} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/openvpn/README b/source/n/openvpn/README index cf2c6602f..46d8e00b4 100644 --- a/source/n/openvpn/README +++ b/source/n/openvpn/README @@ -16,11 +16,11 @@ openssl-solibs) and lzo installed on your computer. Please note that there is no default config file for OpenVPN. This is by design. OpenVPN can technically use any config file in any location. However, this script does create an /etc/openvpn/ directory with certs/ -and keys/ subdirectories. Feel free to place config files, keys, and +and keys/ subdirectories. Feel free to place config files, keys, and certificates in these directories. certs/ and keys/ are owned by user -root and group nobody and are not world readable nor writable. -Additionally, they are not writable by group nobody. It is recommended -that you run openvpn nobody:nobody, but you may use another -non-privilaged user and group at your option. Just change the +root and group openvpn and are not world readable nor writable. +Additionally, they are not writable by group openvpn. It is recommended +that you run openvpn openvpn:openvpn, but you may use another +non-privileged user and group at your option. Just change the permissions on these permissions to reflect that if you do. diff --git a/source/n/openvpn/openvpn.SlackBuild b/source/n/openvpn/openvpn.SlackBuild index 21406b8b4..06c96254a 100755 --- a/source/n/openvpn/openvpn.SlackBuild +++ b/source/n/openvpn/openvpn.SlackBuild @@ -1,7 +1,7 @@ #!/bin/bash # Copyright 2006, Alan Hicks, Lizella, GA -# Copyright 2008, 2009, 2010, 2011, 2013, 2016, 2018 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2008, 2009, 2010, 2011, 2013, 2016, 2018, 2024 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=openvpn VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -124,7 +124,7 @@ fi # Create a decent config directory. openvpn doesn't have one by # default, nor does it have a single config file. mkdir -p $PKG/etc/openvpn/{certs,keys} -chown root:nobody $PKG/etc/openvpn/{certs,keys} +chown root:openvpn $PKG/etc/openvpn/{certs,keys} chmod 750 $PKG/etc/openvpn/{certs,keys} # Install a startup script: diff --git a/source/n/openvpn/rc.openvpn b/source/n/openvpn/rc.openvpn index 86f319225..8494ce329 100644 --- a/source/n/openvpn/rc.openvpn +++ b/source/n/openvpn/rc.openvpn @@ -22,16 +22,16 @@ ovpn_start() { if [ -z "$1" ]; then # start OpenVPN for all config files: if /bin/ls /etc/openvpn/*.conf 1> /dev/null 2> /dev/null ; then for config in /etc/openvpn/*.conf ; do - echo "Starting OpenVPN: /usr/sbin/openvpn --daemon --writepid /run/openvpn/$(basename $config).pid --user nobody --group nobody --config $config" - /usr/sbin/openvpn --daemon --writepid /run/openvpn/$(basename $config).pid --user nobody --group nobody --config $config + echo "Starting OpenVPN: /usr/sbin/openvpn --daemon --writepid /run/openvpn/$(basename $config).pid --user openvpn --group openvpn --config $config" + /usr/sbin/openvpn --daemon --writepid /run/openvpn/$(basename $config).pid --user openvpn --group openvpn --config $config done else echo "Unable to start OpenVPN - no .conf files found in /etc/openvpn/." fi else # start OpenVPN for one config file: if [ -r "$1" ]; then - echo "Starting OpenVPN: /usr/sbin/openvpn --daemon --writepid /run/openvpn/$(basename $1).pid --user nobody --group nobody --config $1" - /usr/sbin/openvpn --daemon --writepid /run/openvpn/$(basename $1).pid --user nobody --group nobody --config $1 + echo "Starting OpenVPN: /usr/sbin/openvpn --daemon --writepid /run/openvpn/$(basename $1).pid --user openvpn --group openvpn --config $1" + /usr/sbin/openvpn --daemon --writepid /run/openvpn/$(basename $1).pid --user openvpn --group openvpn --config $1 else # config file is missing: echo "Error starting OpenVPN: config file $1 is missing." fi diff --git a/source/n/proftpd/etc/proftpd.conf b/source/n/proftpd/etc/proftpd.conf index 50ee487c2..83cdc4cfa 100644 --- a/source/n/proftpd/etc/proftpd.conf +++ b/source/n/proftpd/etc/proftpd.conf @@ -1,6 +1,6 @@ # This is a basic ProFTPD configuration file. # It establishes a single server and a single anonymous login. -# It assumes that you have a user/group "nobody" and "ftp" +# It assumes that you have a user/group "proftpd" and "ftp" # for normal/anonymous operation. ServerName "ProFTPD Default Installation" @@ -27,8 +27,8 @@ UseIPv6 off MaxInstances 30 # Set the user and group under which the server will run. -User nobody -Group nogroup +User proftpd +Group proftpd # Set system log location: SystemLog /var/log/proftpd.log diff --git a/source/n/proftpd/proftpd.SlackBuild b/source/n/proftpd/proftpd.SlackBuild index 5408c3fb8..35711a01a 100755 --- a/source/n/proftpd/proftpd.SlackBuild +++ b/source/n/proftpd/proftpd.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2008, 2009, 2010, 2011, 2012, 2013, 2016, 2017, 2018, 2020 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2008, 2009, 2010, 2011, 2012, 2013, 2016, 2017, 2018, 2020, 2024 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=proftpd VERSION=1.3.8b DIRVER=1.3.8b -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} @@ -111,7 +111,7 @@ mkdir -p $PKG/home/ftp # Directory used by mod_ban: mkdir -p $PKG/var/db/proftpd -chown nobody:nogroup $PKG/var/db/proftpd +chown proftpd:proftpd $PKG/var/db/proftpd # Compress manual pages: find $PKG/usr/man -type f -exec gzip -9 {} \+ diff --git a/source/xap/NetworkManager-openvpn/NetworkManager-openvpn.SlackBuild b/source/xap/NetworkManager-openvpn/NetworkManager-openvpn.SlackBuild index 90a9960f4..a4659ac80 100755 --- a/source/xap/NetworkManager-openvpn/NetworkManager-openvpn.SlackBuild +++ b/source/xap/NetworkManager-openvpn/NetworkManager-openvpn.SlackBuild @@ -1,7 +1,7 @@ #!/bin/bash # Copyright 2010-2017 Robby Workman, Tuscaloosa, Alabama, USA -# Copyright 2020 Patrick J. Volkerding, Sebeka, Minnesota, USA +# Copyright 2020, 2024 Patrick J. Volkerding, Sebeka, Minnesota, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=NetworkManager-openvpn VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -86,9 +86,6 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ -# Run as nobody:nogroup: -zcat $CWD/openvpn.nobody.nogroup.diff.gz | patch -p1 --verbose || exit 1 - # Configure, build, and install: CFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS" \ diff --git a/source/xap/NetworkManager-openvpn/openvpn.nobody.nogroup.diff b/source/xap/NetworkManager-openvpn/openvpn.nobody.nogroup.diff deleted file mode 100644 index dcb47eae8..000000000 --- a/source/xap/NetworkManager-openvpn/openvpn.nobody.nogroup.diff +++ /dev/null @@ -1,13 +0,0 @@ ---- ./shared/nm-service-defines.h.orig 2020-03-06 06:38:55.000000000 -0600 -+++ ./shared/nm-service-defines.h 2020-05-03 20:12:26.997028745 -0500 -@@ -126,8 +126,8 @@ - #define NM_OPENVPN_VERIFY_X509_NAME_TYPE_SUBJECT "subject" - - /* User name and group to run nm-openvpn-service under */ --#define NM_OPENVPN_USER "nm-openvpn" --#define NM_OPENVPN_GROUP "nm-openvpn" -+#define NM_OPENVPN_USER "nobody" -+#define NM_OPENVPN_GROUP "nogroup" - #define NM_OPENVPN_CHROOT LOCALSTATEDIR "/lib/openvpn/chroot" - - #endif /* __NM_SERVICE_DEFINES_H__ */ |