diff options
Diffstat (limited to 'source')
| -rw-r--r-- | source/a/acpid/acpid.url | 1 | ||||
| -rw-r--r-- | source/a/shadow/doinst.sh | 1 | ||||
| -rw-r--r-- | source/a/shadow/patches/README_PATCHES | 10 | ||||
| -rw-r--r-- | source/a/shadow/shadow.CVE-2017-2616.diff | 55 | ||||
| -rwxr-xr-x | source/a/shadow/shadow.SlackBuild | 18 | ||||
| -rw-r--r-- | source/a/shadow/slack-desc | 2 | ||||
| -rwxr-xr-x | source/l/gsettings-desktop-schemas/gsettings-desktop-schemas.SlackBuild | 2 | ||||
| -rwxr-xr-x | source/l/libkarma/libkarma.SlackBuild | 8 | ||||
| -rw-r--r-- | source/l/libkarma/slack-desc | 2 | ||||
| -rw-r--r-- | source/tcl/tcl/slack-desc | 2 | ||||
| -rw-r--r-- | source/tcl/tk/slack-desc | 2 |
11 files changed, 17 insertions, 86 deletions
diff --git a/source/a/acpid/acpid.url b/source/a/acpid/acpid.url deleted file mode 100644 index 5b352a804..000000000 --- a/source/a/acpid/acpid.url +++ /dev/null @@ -1 +0,0 @@ -http://downloads.sourceforge.net/project/acpid2/acpid-2.0.30.tar.xz diff --git a/source/a/shadow/doinst.sh b/source/a/shadow/doinst.sh index 88fefb3af..2bc40e545 100644 --- a/source/a/shadow/doinst.sh +++ b/source/a/shadow/doinst.sh @@ -10,6 +10,7 @@ config() { # Otherwise, we leave the .new copy for the admin to consider... } +config etc/default/useradd.new config etc/login.access.new config etc/login.defs.new config var/log/faillog.new diff --git a/source/a/shadow/patches/README_PATCHES b/source/a/shadow/patches/README_PATCHES deleted file mode 100644 index 1d1f2173a..000000000 --- a/source/a/shadow/patches/README_PATCHES +++ /dev/null @@ -1,10 +0,0 @@ - -r3054.diff: Fixed wrong format string -r3055.diff: Help output to stderr not stdout. -r3060.diff: Fix memory leaks -r3062.diff: Avoid memzero() on a possibly NULL pointer. -r3096.diff: Fix parsing of gshadow entries. -r3090.diff: Fix improper sanitizing of locale variables. -r3160.diff: Fixed limits support (non PAM enabled versions only) -r3194.diff: shell's name must be -su when a su fakes a login. -r3299.diff: man/ru/Makefile.am: Remove double inclusion of $(man_nopam) diff --git a/source/a/shadow/shadow.CVE-2017-2616.diff b/source/a/shadow/shadow.CVE-2017-2616.diff deleted file mode 100644 index 4a5c44222..000000000 --- a/source/a/shadow/shadow.CVE-2017-2616.diff +++ /dev/null @@ -1,55 +0,0 @@ -su: properly clear child PID - -If su is compiled with PAM support, it is possible for any local user -to send SIGKILL to other processes with root privileges. There are -only two conditions. First, the user must be able to perform su with -a successful login. This does NOT have to be the root user, even using -su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL -can only be sent to processes which were executed after the su process. -It is not possible to send SIGKILL to processes which were already -running. I consider this as a security vulnerability, because I was -able to write a proof of concept which unlocked a screen saver of -another user this way. - -diff --git a/src/su.c b/src/su.c -index f20d230..d86aa86 100644 ---- a/src/su.c -+++ b/src/su.c -@@ -379,11 +379,13 @@ static void prepare_pam_close_session (void) - /* wake child when resumed */ - kill (pid, SIGCONT); - stop = false; -+ } else { -+ pid_child = 0; - } - } while (!stop); - } - -- if (0 != caught) { -+ if (0 != caught && 0 != pid_child) { - (void) fputs ("\n", stderr); - (void) fputs (_("Session terminated, terminating shell..."), - stderr); -@@ -393,9 +395,22 @@ static void prepare_pam_close_session (void) - snprintf (wait_msg, sizeof wait_msg, _(" ...waiting for child to terminate.\n")); - - (void) signal (SIGALRM, kill_child); -+ (void) signal (SIGCHLD, catch_signals); - (void) alarm (2); - -- (void) wait (&status); -+ sigemptyset (&ourset); -+ if ((sigaddset (&ourset, SIGALRM) != 0) -+ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) { -+ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog); -+ kill_child (0); -+ } else { -+ while (0 == waitpid (pid_child, &status, WNOHANG)) { -+ sigsuspend (&ourset); -+ } -+ pid_child = 0; -+ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL); -+ } -+ - (void) fputs (_(" ...terminated.\n"), stderr); - } diff --git a/source/a/shadow/shadow.SlackBuild b/source/a/shadow/shadow.SlackBuild index d6ee4c9e0..c227b0f11 100755 --- a/source/a/shadow/shadow.SlackBuild +++ b/source/a/shadow/shadow.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=shadow VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-5} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -78,16 +78,6 @@ done # breakage: zcat $CWD/shadow.CVE-2005-4890.relax.diff.gz | patch -p1 --verbose || exit 1 -# Patch a race condition that allows a user to kill processes that they don't -# own. Note that the bug requires that shadow is using PAM, which is not yet -# the case on Slackware. So we're unaffected, but patching this anyway in -# -current, because you never know... -zcat $CWD/shadow.CVE-2017-2616.diff.gz | patch -p1 --verbose || exit 1 - -# Re-run automake because of r3299 patch to man/ru/Makefile.am: -# (not used because it doesn't work... above patch does the intended fix) -#automake -f - # Even if gethostname() returns the FQDN (long hostname), just display the # short version up to the first '.' on the login prompt: zcat $CWD/shadow.login.display.short.hostname.diff.gz | patch -p1 --verbose || exit 1 @@ -99,12 +89,17 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \; +if [ ! -r ./configure ]; then + ./autogen.sh +fi + CFLAGS="$SLKCFLAGS" \ ./configure \ --prefix=/usr \ --sysconfdir=/etc \ --mandir=/usr/man \ --docdir=/usr/doc/shadow-$VERSION \ + --enable-man \ --enable-subordinate-ids \ --disable-shared \ --without-libcrack \ @@ -117,6 +112,7 @@ make install DESTDIR=$PKG || exit 1 # Fix user group = 100: zcat $CWD/useradd.gz > $PKG/etc/default/useradd +mv $PKG/etc/default/useradd $PKG/etc/default/useradd.new # /bin/groups is provided by coreutils. rm -f $PKG/bin/groups diff --git a/source/a/shadow/slack-desc b/source/a/shadow/slack-desc index d8b2266de..7263ee77d 100644 --- a/source/a/shadow/slack-desc +++ b/source/a/shadow/slack-desc @@ -15,5 +15,5 @@ shadow: system crackers obtain encrypted passwords. It was written by shadow: Julianne Frances Haugh and the Linux port is maintained by Tomasz shadow: Kloczko. shadow: -shadow: This package provides 'login', which is needed to log into the system. +shadow: Homepage: https://github.com/shadow-maint/shadow shadow: diff --git a/source/l/gsettings-desktop-schemas/gsettings-desktop-schemas.SlackBuild b/source/l/gsettings-desktop-schemas/gsettings-desktop-schemas.SlackBuild index 5a92e8676..6aea65556 100755 --- a/source/l/gsettings-desktop-schemas/gsettings-desktop-schemas.SlackBuild +++ b/source/l/gsettings-desktop-schemas/gsettings-desktop-schemas.SlackBuild @@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=gsettings-desktop-schemas VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/l/libkarma/libkarma.SlackBuild b/source/l/libkarma/libkarma.SlackBuild index be16e6076..df0e1aee0 100755 --- a/source/l/libkarma/libkarma.SlackBuild +++ b/source/l/libkarma/libkarma.SlackBuild @@ -23,8 +23,8 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=libkarma -VERSION=${VERSION:-0.1.1} -BUILD=${BUILD:-3} +VERSION=${VERSION:-0.1.2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -64,8 +64,8 @@ fi cd $TMP rm -rf ${PKGNAM}-${VERSION} -tar xvf $CWD/${PKGNAM}-$VERSION.tar.gz || exit 1 -cd ${PKGNAM}-$VERSION +tar xvf $CWD/${PKGNAM}-$VERSION.tar.?z || exit 1 +cd ${PKGNAM}-$VERSION || exit 1 # Make sure ownerships and permissions are sane: chown -R root:root . diff --git a/source/l/libkarma/slack-desc b/source/l/libkarma/slack-desc index 1036b856e..9e6011879 100644 --- a/source/l/libkarma/slack-desc +++ b/source/l/libkarma/slack-desc @@ -13,7 +13,7 @@ libkarma: which supports the music formats ogg vorbis, flac, mp3, wave and wma. libkarma: libkarma: libkarma was mostly written by Frank Zschockelt. libkarma: -libkarma: +libkarma: Homepage: http://linux-karma.sourceforge.net libkarma: libkarma: libkarma: diff --git a/source/tcl/tcl/slack-desc b/source/tcl/tcl/slack-desc index 05c7b11df..681e69507 100644 --- a/source/tcl/tcl/slack-desc +++ b/source/tcl/tcl/slack-desc @@ -12,7 +12,7 @@ tcl: Tcl, developed by Dr. John Ousterhout, is a simple to use text-based tcl: script language with many built-in features which make it especially tcl: nice for writing interactive scripts. tcl: -tcl: +tcl: Homepage: https://www.tcl.tk tcl: tcl: tcl: diff --git a/source/tcl/tk/slack-desc b/source/tcl/tk/slack-desc index 1a600e213..031e1ee7d 100644 --- a/source/tcl/tk/slack-desc +++ b/source/tcl/tk/slack-desc @@ -11,7 +11,7 @@ tk: tk: Tk is an extension to Tcl that allows you to quickly and easily build tk: X11 applications that have the look and feel of Motif apps. tk: -tk: +tk: Homepage: https://www.tcl.tk tk: tk: tk: |