From 05538a2b6dae06b52a4533f94999286b4c89a916 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Wed, 6 Feb 2019 00:29:25 +0000 Subject: Wed Feb 6 00:29:25 UTC 2019 ap/linuxdoc-tools-0.9.73-x86_64-1.txz: Upgraded. Upgraded to gtk-doc-1.29. Upgraded to asciidoc-8.6.10. Upgraded to perl-XML-SAX-1.00. Thanks to Stuart Winter. d/meson-0.49.2-x86_64-1.txz: Upgraded. d/python-setuptools-40.8.0-x86_64-1.txz: Upgraded. d/slacktrack-2.19-x86_64-1.txz: Upgraded. Thanks to Stuart Winter. l/imagemagick-6.9.10_26-x86_64-1.txz: Upgraded. n/dovecot-2.3.4.1-x86_64-1.txz: Upgraded. This update addresses security issues: CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field (ssl_cert_username_field), under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. ssl_cert_username_field setting was ignored with external SMTP AUTH, because none of the MTAs (Postfix, Exim) currently send the cert_username field. This may have allowed users with trusted certificate to specify any username in the authentication. This bug didn't affect Dovecot's Submission service. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3814 (* Security fix *) --- source/ap/linuxdoc-tools/postbuildfixes.sh | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) (limited to 'source/ap/linuxdoc-tools/postbuildfixes.sh') diff --git a/source/ap/linuxdoc-tools/postbuildfixes.sh b/source/ap/linuxdoc-tools/postbuildfixes.sh index c7cb28783..9382245cc 100755 --- a/source/ap/linuxdoc-tools/postbuildfixes.sh +++ b/source/ap/linuxdoc-tools/postbuildfixes.sh @@ -22,18 +22,6 @@ # Enter the package's contents: cd $SLACKTRACKFAKEROOT || exit 1 -# Remove .la files: -echo "Deleting .la files..." -find . -type f -name '*.la' -print | while read lafile ; do - # Remove it from the build box itself to prevent other packages potentially referencing it. - # This wouldn't be a problem if you removepkg linuxdoc-tools (the version created by slacktrack - # that contains everything prior to _this_ post build script running) before building any other - # packages; but in case you don't, let's remove it from the OS file system: - rm "/${lafile}" - # Remove it from the distributable package t?z file: - rm -fv "${lafile}" -done - # OpenSP creates this symlink; we delete it. if [ -L usr/share/doc ]; then rm -f usr/share/doc @@ -43,11 +31,7 @@ fi rm -rf etc/cups etc/printcap # crond & mail (just incase you got a delivery!) rm -rf var/spool/{cron,mail} -rmdir var/spool - -# perllocal.pod files don't belong in packages. -# SGMLSPL creates this: -find . -name perllocal.pod -print0 | xargs -0 rm -f +rmdir var/spool 2>/dev/null # Some doc dirs have attracted setuid. # We don't need setuid for anything in this package: @@ -77,6 +61,8 @@ find usr/doc -xtype l -print0 | xargs -0 rm -fv # Never mind: I think this stuff is surplus to requirements: rm -rf var/lib/texmf # Now to prevent deletion of anything else that lives in the package's '/var' +echo "Errors from 'rmdir' below are harmless and are expected, but should be reviewed" +echo "in case there are any files that have crept in there." rmdir var/lib rmdir var -- cgit v1.2.3-65-gdbad