From 33be03fb136ca11ba09834a19984c9f956049b6d Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Tue, 5 May 2020 20:21:27 +0000
Subject: Tue May  5 20:21:27 UTC 2020

a/hwdata-0.335-noarch-1.txz:  Upgraded.
ap/tmux-3.1b-x86_64-1.txz:  Upgraded.
l/libcap-2.34-x86_64-1.txz:  Upgraded.
n/mutt-1.14.0-x86_64-1.txz:  Upgraded.
n/nfs-utils-2.4.3-x86_64-3.txz:  Rebuilt.
  Added /var/lib/nfs/nfsdcltrack database directory for nfsdcltrack.
  Thanks to upnort.
x/xterm-356-x86_64-1.txz:  Upgraded.
xap/NetworkManager-openvpn-1.8.12-x86_64-1.txz:  Added.
  Thanks to Robby Workman.
xap/mozilla-firefox-68.8.0esr-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/68.8.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2020-17/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12387
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12388
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12389
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6831
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12392
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12393
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12395
  (* Security fix *)
xap/mozilla-thunderbird-68.8.0-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/68.8.0/releasenotes/
  (* Security fix *)
testing/packages/PAM/libcap-2.34-x86_64-1_pam.txz:  Upgraded.
---
 .../NetworkManager-openvpn.SlackBuild              | 136 +++++++++++++++++++++
 .../openvpn.nobody.nogroup.diff                    |  13 ++
 source/xap/NetworkManager-openvpn/slack-desc       |  19 +++
 3 files changed, 168 insertions(+)
 create mode 100755 source/xap/NetworkManager-openvpn/NetworkManager-openvpn.SlackBuild
 create mode 100644 source/xap/NetworkManager-openvpn/openvpn.nobody.nogroup.diff
 create mode 100644 source/xap/NetworkManager-openvpn/slack-desc

(limited to 'source/xap')

diff --git a/source/xap/NetworkManager-openvpn/NetworkManager-openvpn.SlackBuild b/source/xap/NetworkManager-openvpn/NetworkManager-openvpn.SlackBuild
new file mode 100755
index 000000000..206a7c732
--- /dev/null
+++ b/source/xap/NetworkManager-openvpn/NetworkManager-openvpn.SlackBuild
@@ -0,0 +1,136 @@
+#!/bin/bash
+
+# Copyright 2010-2017  Robby Workman, Tuscaloosa, Alabama, USA
+# Copyright 2020  Patrick J. Volkerding, Sebeka, Minnesota, USA
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+PKGNAM=NetworkManager-openvpn
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1}
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+  case "$(uname -m)" in
+    i?86) ARCH=i586 ;;
+    arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;;
+    # Unless $ARCH is already set, use uname -m for all other archs:
+    *) ARCH=$(uname -m) ;;
+  esac
+  export ARCH
+fi
+
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+  echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+  exit 0
+fi
+
+NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
+
+if [ "$ARCH" = "i586" ]; then
+  SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+  SLKCFLAGS="-O2 -march=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "s390" ]; then
+  SLKCFLAGS="-O2"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
+  LIBDIRSUFFIX="64"
+elif [ "$ARCH" = "armv7hl" ]; then
+  SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16"
+  LIBDIRSUFFIX=""
+else
+  SLKCFLAGS="-O2"
+  LIBDIRSUFFIX=""
+fi
+
+TMP=${TMP:-/tmp}
+PKG=$TMP/package-$PKGNAM
+
+rm -rf $PKG
+mkdir -p $TMP $PKG
+
+cd $TMP
+rm -rf $PKGNAM-$VERSION
+tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1
+cd $PKGNAM-$VERSION || exit 1
+
+chown -R root:root .
+find . \
+  \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+  -exec chmod 755 {} \+ -o \
+  \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+  -exec chmod 644 {} \+
+
+# Run as nobody:nogroup:
+zcat $CWD/openvpn.nobody.nogroup.diff.gz | patch -p1 --verbose || exit 1
+
+# Configure, build, and install:
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+  --prefix=/usr \
+  --libdir=/usr/lib${LIBDIRSUFFIX} \
+  --sysconfdir=/etc \
+  --localstatedir=/var \
+  --docdir=/usr/doc/$PKGNAM-$VERSION \
+  --mandir=/usr/man \
+  --disable-static \
+  --build=$ARCH-slackware-linux || exit 1
+make $NUMJOBS || make || exit 1
+make install DESTDIR=$PKG || exit 1
+
+# Create the chroot directory
+# From src/nm-openvpn-service-defines.h
+#    /* User name and group to run nm-openvpn-service under */
+#    #define NM_OPENVPN_USER   "nm-openvpn"
+#    #define NM_OPENVPN_GROUP  "nm-openvpn"
+#    #define NM_OPENVPN_CHROOT LOCALSTATEDIR "/lib/openvpn/chroot"
+mkdir -p $PKG/var/lib/openvpn/chroot
+
+# Strip binaries:
+find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+
+# Add a documentation directory:
+mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION
+cp -a \
+  AUTHORS* COPYING* ChangeLog* NEWS* README* \
+  $PKG/usr/doc/${PKGNAM}-$VERSION
+
+# If there's a ChangeLog, installing at least part of the recent history
+# is useful, but don't let it get totally out of control:
+if [ -r ChangeLog ]; then
+  DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
+  cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
+  touch -r ChangeLog $DOCSDIR/ChangeLog
+fi
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz
diff --git a/source/xap/NetworkManager-openvpn/openvpn.nobody.nogroup.diff b/source/xap/NetworkManager-openvpn/openvpn.nobody.nogroup.diff
new file mode 100644
index 000000000..dcb47eae8
--- /dev/null
+++ b/source/xap/NetworkManager-openvpn/openvpn.nobody.nogroup.diff
@@ -0,0 +1,13 @@
+--- ./shared/nm-service-defines.h.orig	2020-03-06 06:38:55.000000000 -0600
++++ ./shared/nm-service-defines.h	2020-05-03 20:12:26.997028745 -0500
+@@ -126,8 +126,8 @@
+ #define NM_OPENVPN_VERIFY_X509_NAME_TYPE_SUBJECT     "subject"
+ 
+ /* User name and group to run nm-openvpn-service under */
+-#define NM_OPENVPN_USER   "nm-openvpn"
+-#define NM_OPENVPN_GROUP  "nm-openvpn"
++#define NM_OPENVPN_USER   "nobody"
++#define NM_OPENVPN_GROUP  "nogroup"
+ #define NM_OPENVPN_CHROOT LOCALSTATEDIR "/lib/openvpn/chroot"
+ 
+ #endif /* __NM_SERVICE_DEFINES_H__ */
diff --git a/source/xap/NetworkManager-openvpn/slack-desc b/source/xap/NetworkManager-openvpn/slack-desc
new file mode 100644
index 000000000..c045ad602
--- /dev/null
+++ b/source/xap/NetworkManager-openvpn/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct.  It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+                      |-----handy-ruler------------------------------------------------------|
+NetworkManager-openvpn: NetworkManager-openvpn (OpenVPN Support for NetworkManager)
+NetworkManager-openvpn:
+NetworkManager-openvpn: NetworkManager attempts to keep an active network connection available
+NetworkManager-openvpn: at all times. This applet provides OpenVPN Support for NetworkManager.
+NetworkManager-openvpn:
+NetworkManager-openvpn: Homepage: https://github.com/GNOME/NetworkManager-openvpn
+NetworkManager-openvpn:
+NetworkManager-openvpn:
+NetworkManager-openvpn:
+NetworkManager-openvpn:
+NetworkManager-openvpn:
-- 
cgit v1.2.3