From 1d5929620e5641ddfa8ba0cd2e73f2c618390ce1 Mon Sep 17 00:00:00 2001 From: ngn Date: Wed, 21 Aug 2024 08:37:16 +0300 Subject: [PATCH] new: lynx, systemd 256 --- src/fakeroot/pkg.sh | 2 + src/lynx/.gitignore | 3 + src/lynx/changes.md | 2 + src/lynx/pkg.sh | 39 ++++ src/systemd/changes.md | 3 + src/systemd/pkg.sh | 62 +++--- .../systemd-255-upstream_fixes-1.patch | 204 ------------------ 7 files changed, 75 insertions(+), 240 deletions(-) create mode 100644 src/lynx/.gitignore create mode 100644 src/lynx/changes.md create mode 100644 src/lynx/pkg.sh delete mode 100644 src/systemd/systemd-255-upstream_fixes-1.patch diff --git a/src/fakeroot/pkg.sh b/src/fakeroot/pkg.sh index 37a8926..c97bb43 100644 --- a/src/fakeroot/pkg.sh +++ b/src/fakeroot/pkg.sh @@ -24,6 +24,8 @@ PACKAGE(){ tar xf "${NAME}_${VERSION}.orig.tar.gz" cd "${NAME}-${VERSION}" + export CFLAGS="${CFLAGS} -std=gnu89" + ./configure --prefix=/usr \ --libdir=/usr/lib/libfakeroot \ --disable-static \ diff --git a/src/lynx/.gitignore b/src/lynx/.gitignore new file mode 100644 index 0000000..8b56c9f --- /dev/null +++ b/src/lynx/.gitignore @@ -0,0 +1,3 @@ +.cache/ +dist/ +root/ diff --git a/src/lynx/changes.md b/src/lynx/changes.md new file mode 100644 index 0000000..f8d31d9 --- /dev/null +++ b/src/lynx/changes.md @@ -0,0 +1,2 @@ +# 2.8.9rel.1 +First version diff --git a/src/lynx/pkg.sh b/src/lynx/pkg.sh new file mode 100644 index 0000000..5a754fe --- /dev/null +++ b/src/lynx/pkg.sh @@ -0,0 +1,39 @@ +# general info +NAME="lynx" +DESC="The text web browser" +VERSION="2.9.2" + +# required files +FILES=("https://invisible-mirror.net/archives/lynx/tarballs/lynx${VERSION}.tar.bz2") +HASHES=("7374b89936d991669e101f4e97f2c9592036e1e8cdaa7bafc259a77ab6fb07ce") + +# install and build depends +DEPENDS=( + "brotli" "bzip2" "glibc" + "libidn2" "ncurses" "openssl" + "zlib" +) +BUILD=() + +PACKAGE(){ + tar xf "${NAME}${VERSION}.tar.bz2" + cd "${NAME}${VERSION}" + + ./configure --prefix=/usr \ + --sysconfdir=/etc \ + --with-ssl=/usr \ + --enable-externs \ + --enable-nls \ + --enable-ipv6 \ + --mandir=/usr/share/man + + make + make DESTDIR="${ROOTDIR}" install + + sed -i -e "s|^HELPFILE.*$|HELPFILE:file:///usr/share/doc/lynx/lynx_help/lynx_help_main.html|" "${ROOTDIR}/etc/lynx.cfg" + install -d "${ROOTDIR}/usr/share/doc/lynx" + cp -rf lynx_help "${ROOTDIR}/usr/share/doc/lynx" + + cd .. && rm -r "${NAME}${VERSION}" +} + diff --git a/src/systemd/changes.md b/src/systemd/changes.md index 30fd291..5f73d25 100644 --- a/src/systemd/changes.md +++ b/src/systemd/changes.md @@ -1,2 +1,5 @@ +# 256 +Updated to latest stable upstream release + # 255 First version diff --git a/src/systemd/pkg.sh b/src/systemd/pkg.sh index 42c7f17..70a7146 100644 --- a/src/systemd/pkg.sh +++ b/src/systemd/pkg.sh @@ -1,19 +1,11 @@ # general info NAME="systemd" DESC="System and service manager" -VERSION="255" +VERSION="256" # required files -FILES=( - "https://github.com/systemd/systemd/archive/v${VERSION}/systemd-${VERSION}.tar.gz" - "https://anduin.linuxfromscratch.org/LFS/systemd-man-pages-${VERSION}.tar.xz" - "systemd-${VERSION}-upstream_fixes-1.patch" -) -HASHES=( - "521cda27409a9edf0370c128fae3e690" - "1ebe54d7a80f9abf8f2d14ddfeb2432d" - "8d9c1014445c463cf7c24c162b1e0686" -) +FILES=("https://github.com/systemd/systemd/archive/v${VERSION}/systemd-${VERSION}.tar.gz") +HASHES=("4825b82700e1acf02ba81885652406e75d0c674c129a1a7e488e5b5200a17998") # install and build depends DEPENDS=( @@ -24,7 +16,7 @@ DEPENDS=( "xz" "util-linux" "pcre2" "linux-pam" ) -BUILD=("shadow" "curl") +BUILD=("shadow" "curl" "pypi-jinja2" "libxslt") PACKAGE(){ tar xf "${NAME}-${VERSION}.tar.gz" @@ -32,31 +24,32 @@ PACKAGE(){ sed -i -e 's/GROUP="render"/GROUP="video"/' \ -e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in - patch -Np1 -i "../systemd-${VERSION}-upstream_fixes-1.patch" mkdir -p build cd build - meson setup \ - --prefix=/usr \ - --buildtype=release \ - -Ddefault-dnssec=no \ - -Dfirstboot=false \ - -Dinstall-tests=false \ - -Dldconfig=false \ - -Dsysusers=false \ - -Drpmmacrosdir=no \ - -Dhomed=disabled \ - -Duserdb=false \ - -Dman=disabled \ - -Dmode=release \ - -Dpamconfdir=no \ - -Ddev-kvm-mode=0660 \ - -Dnobody-group=nogroup \ - -Dsysupdate=disabled \ - -Dukify=disabled \ - -Ddns-servers="94.140.14.14#94.140.15.15" \ - -Ddocdir=/usr/share/doc/systemd-255 \ + meson setup \ + --prefix=/usr \ + --buildtype=release \ + -Ddefault-dnssec=no \ + -Dfirstboot=false \ + -Dinstall-tests=false \ + -Dldconfig=false \ + -Dsysusers=false \ + -Drpmmacrosdir=no \ + -Dhomed=disabled \ + -Duserdb=false \ + -Dman=enabled \ + -Dmode=release \ + -Dpamconfdir=no \ + -Ddev-kvm-mode=0660 \ + -Dnobody-group=nogroup \ + -Dsysupdate=disabled \ + -Dukify=disabled \ + -Dsbat-distro='matter' \ + -Dsbat-distro-summary='MatterLinux' \ + -Ddns-servers="94.140.14.14#94.140.15.15" \ + -Ddocdir="/usr/share/doc/systemd-${VERSION}" \ .. ninja @@ -65,9 +58,6 @@ PACKAGE(){ install -dm755 "${ROOTDIR}/etc" DESTDIR="${ROOTDIR}" ninja install - tar -xf "../../systemd-man-pages-${VERSION}.tar.xz" \ - --no-same-owner --strip-components=1 \ - -C "${ROOTDIR}/usr/share/man" cd ../.. && rm -r "${NAME}-${VERSION}" } diff --git a/src/systemd/systemd-255-upstream_fixes-1.patch b/src/systemd/systemd-255-upstream_fixes-1.patch deleted file mode 100644 index f6ce28e..0000000 --- a/src/systemd/systemd-255-upstream_fixes-1.patch +++ /dev/null @@ -1,204 +0,0 @@ -Submitted By: Xi Ruoyao -Date: 2024-02-10 -Initial Package Version: 255 -Origin: Upstream (PR 30549 and 30363) -Upstream Status: Applied -Description: Fixes CVE-2023-7008, a security vulnerability in - DNSSEC verification allowing a MITM attack. And - Fix a bug breaking "systemd-analyze verify" an - instantiated unit. - -From f56136eb9f7e1bb0f34cd1bace60c4c02a0ed6ea Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Wed, 20 Dec 2023 16:44:14 +0100 -Subject: [PATCH] resolved: actually check authenticated flag of SOA - transaction - -Fixes #25676 ---- - src/resolve/resolved-dns-transaction.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c -index 696fce532a41f..fe88e502e7c11 100644 ---- a/src/resolve/resolved-dns-transaction.c -+++ b/src/resolve/resolved-dns-transaction.c -@@ -2808,7 +2808,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord * - if (r == 0) - continue; - -- return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED); -+ return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED); - } - - return true; -@@ -2835,7 +2835,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord * - /* We found the transaction that was supposed to find the SOA RR for us. It was - * successful, but found no RR for us. This means we are not at a zone cut. In this - * case, we require authentication if the SOA lookup was authenticated too. */ -- return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED); -+ return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED); - } - - return true; - -From 6d9d55657946385916fa4db7149a9b389645ee73 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 7 Dec 2023 19:29:29 +0900 -Subject: [PATCH 1/2] analyze: also find template unit when a template instance - is specified - -Fixes a regression caused by 2f6181ad4d6c126e3ebf6880ba30b3b0059c6fc8. - -Fixes #30357. - -Co-authored-by: Jeff King ---- - src/analyze/analyze-verify-util.c | 64 +++++++++++++++++++++++++------ - 1 file changed, 53 insertions(+), 11 deletions(-) - -diff --git a/src/analyze/analyze-verify-util.c b/src/analyze/analyze-verify-util.c -index 26d1130477123..6fbd6fa54c37d 100644 ---- a/src/analyze/analyze-verify-util.c -+++ b/src/analyze/analyze-verify-util.c -@@ -72,6 +72,54 @@ int verify_prepare_filename(const char *filename, char **ret) { - return 0; - } - -+static int find_unit_directory(const char *p, char **ret) { -+ _cleanup_free_ char *a = NULL, *u = NULL, *t = NULL, *d = NULL; -+ int r; -+ -+ assert(p); -+ assert(ret); -+ -+ r = path_make_absolute_cwd(p, &a); -+ if (r < 0) -+ return r; -+ -+ if (access(a, F_OK) >= 0) { -+ r = path_extract_directory(a, &d); -+ if (r < 0) -+ return r; -+ -+ *ret = TAKE_PTR(d); -+ return 0; -+ } -+ -+ r = path_extract_filename(a, &u); -+ if (r < 0) -+ return r; -+ -+ if (!unit_name_is_valid(u, UNIT_NAME_INSTANCE)) -+ return -ENOENT; -+ -+ /* If the specified unit is an instance of a template unit, then let's try to find the template unit. */ -+ r = unit_name_template(u, &t); -+ if (r < 0) -+ return r; -+ -+ r = path_extract_directory(a, &d); -+ if (r < 0) -+ return r; -+ -+ free(a); -+ a = path_join(d, t); -+ if (!a) -+ return -ENOMEM; -+ -+ if (access(a, F_OK) < 0) -+ return -errno; -+ -+ *ret = TAKE_PTR(d); -+ return 0; -+} -+ - int verify_set_unit_path(char **filenames) { - _cleanup_strv_free_ char **ans = NULL; - _cleanup_free_ char *joined = NULL; -@@ -79,21 +127,15 @@ int verify_set_unit_path(char **filenames) { - int r; - - STRV_FOREACH(filename, filenames) { -- _cleanup_free_ char *a = NULL; -- char *t; -+ _cleanup_free_ char *t = NULL; - -- r = path_make_absolute_cwd(*filename, &a); -- if (r < 0) -+ r = find_unit_directory(*filename, &t); -+ if (r == -ENOMEM) - return r; -- -- if (access(a, F_OK) < 0) -- continue; -- -- r = path_extract_directory(a, &t); - if (r < 0) -- return r; -+ continue; - -- r = strv_consume(&ans, t); -+ r = strv_consume(&ans, TAKE_PTR(t)); - if (r < 0) - return r; - } - -From 9d51ab78300364c71a0e1f138e1d2cbc65771b93 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 8 Dec 2023 10:41:49 +0900 -Subject: [PATCH 2/2] test: add test cases for issue #30357 - ---- - test/units/testsuite-65.sh | 38 ++++++++++++++++++++++++++++++++++++++ - 1 file changed, 38 insertions(+) - -diff --git a/test/units/testsuite-65.sh b/test/units/testsuite-65.sh -index 265a07f01d810..6c819dfe4a4ee 100755 ---- a/test/units/testsuite-65.sh -+++ b/test/units/testsuite-65.sh -@@ -296,6 +296,44 @@ EOF - # Verifies that the --offline= option works with --root= - systemd-analyze security --threshold=90 --offline=true --root=/tmp/img/ testfile.service - -+cat </tmp/foo@.service -+[Service] -+ExecStart=ls -+EOF -+ -+cat </tmp/hoge@test.service -+[Service] -+ExecStart=ls -+EOF -+ -+# issue #30357 -+pushd /tmp -+systemd-analyze verify foo@bar.service -+systemd-analyze verify foo@.service -+systemd-analyze verify hoge@test.service -+(! systemd-analyze verify hoge@nonexist.service) -+(! systemd-analyze verify hoge@.service) -+popd -+pushd / -+systemd-analyze verify tmp/foo@bar.service -+systemd-analyze verify tmp/foo@.service -+systemd-analyze verify tmp/hoge@test.service -+(! systemd-analyze verify tmp/hoge@nonexist.service) -+(! systemd-analyze verify tmp/hoge@.service) -+popd -+pushd /usr -+systemd-analyze verify ../tmp/foo@bar.service -+systemd-analyze verify ../tmp/foo@.service -+systemd-analyze verify ../tmp/hoge@test.service -+(! systemd-analyze verify ../tmp/hoge@nonexist.service) -+(! systemd-analyze verify ../tmp/hoge@.service) -+popd -+systemd-analyze verify /tmp/foo@bar.service -+systemd-analyze verify /tmp/foo@.service -+systemd-analyze verify /tmp/hoge@test.service -+(! systemd-analyze verify /tmp/hoge@nonexist.service) -+(! systemd-analyze verify /tmp/hoge@.service) -+ - # Added an additional "INVALID_ID" id to the .json to verify that nothing breaks when input is malformed - # The PrivateNetwork id description and weight was changed to verify that 'security' is actually reading in - # values from the .json file when required. The default weight for "PrivateNetwork" is 2500, and the new weight