matter/base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

new: lynx, systemd 256

Browse Source
This commit is contained in:
ngn 2024-08-21 08:37:16 +03:00
parent 76bdb362af
commit 1d5929620e
7 changed files with 75 additions and 240 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/fakeroot/pkg.sh
View File

@ -24,6 +24,8 @@ PACKAGE(){
tar xf "${NAME}_${VERSION}.orig.tar.gz" tar xf "${NAME}_${VERSION}.orig.tar.gz"
cd "${NAME}-${VERSION}" cd "${NAME}-${VERSION}"
export CFLAGS="${CFLAGS} -std=gnu89"
./configure --prefix=/usr \ ./configure --prefix=/usr \
--libdir=/usr/lib/libfakeroot \ --libdir=/usr/lib/libfakeroot \
--disable-static \ --disable-static \

3
src/lynx/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
.cache/
dist/
root/

2
src/lynx/changes.md Normal file
View File

@ -0,0 +1,2 @@
# 2.8.9rel.1
First version

39
src/lynx/pkg.sh Normal file
View File

@ -0,0 +1,39 @@
# general info
NAME="lynx"
DESC="The text web browser"
VERSION="2.9.2"
# required files
FILES=("https://invisible-mirror.net/archives/lynx/tarballs/lynx${VERSION}.tar.bz2")
HASHES=("7374b89936d991669e101f4e97f2c9592036e1e8cdaa7bafc259a77ab6fb07ce")
# install and build depends
DEPENDS=(
"brotli" "bzip2" "glibc"
"libidn2" "ncurses" "openssl"
"zlib"
)
BUILD=()
PACKAGE(){
tar xf "${NAME}${VERSION}.tar.bz2"
cd "${NAME}${VERSION}"
./configure --prefix=/usr \
--sysconfdir=/etc \
--with-ssl=/usr \
--enable-externs \
--enable-nls \
--enable-ipv6 \
--mandir=/usr/share/man
make
make DESTDIR="${ROOTDIR}" install
sed -i -e "s|^HELPFILE.*$|HELPFILE:file:///usr/share/doc/lynx/lynx_help/lynx_help_main.html|" "${ROOTDIR}/etc/lynx.cfg"
install -d "${ROOTDIR}/usr/share/doc/lynx"
cp -rf lynx_help "${ROOTDIR}/usr/share/doc/lynx"
cd .. && rm -r "${NAME}${VERSION}"
}

3
src/systemd/changes.md
View File

@ -1,2 +1,5 @@
# 256
Updated to latest stable upstream release
# 255 # 255
First version First version

62
src/systemd/pkg.sh
View File

@ -1,19 +1,11 @@
# general info # general info
NAME="systemd" NAME="systemd"
DESC="System and service manager" DESC="System and service manager"
VERSION="255" VERSION="256"
# required files # required files
FILES=( FILES=("https://github.com/systemd/systemd/archive/v${VERSION}/systemd-${VERSION}.tar.gz")
"https://github.com/systemd/systemd/archive/v${VERSION}/systemd-${VERSION}.tar.gz" HASHES=("4825b82700e1acf02ba81885652406e75d0c674c129a1a7e488e5b5200a17998")
"https://anduin.linuxfromscratch.org/LFS/systemd-man-pages-${VERSION}.tar.xz"
"systemd-${VERSION}-upstream_fixes-1.patch"
)
HASHES=(
"521cda27409a9edf0370c128fae3e690"
"1ebe54d7a80f9abf8f2d14ddfeb2432d"
"8d9c1014445c463cf7c24c162b1e0686"
)
# install and build depends # install and build depends
DEPENDS=( DEPENDS=(
@ -24,7 +16,7 @@ DEPENDS=(
"xz" "util-linux" "pcre2" "xz" "util-linux" "pcre2"
"linux-pam" "linux-pam"
) )
BUILD=("shadow" "curl") BUILD=("shadow" "curl" "pypi-jinja2" "libxslt")
PACKAGE(){ PACKAGE(){
tar xf "${NAME}-${VERSION}.tar.gz" tar xf "${NAME}-${VERSION}.tar.gz"
@ -32,31 +24,32 @@ PACKAGE(){
sed -i -e 's/GROUP="render"/GROUP="video"/' \ sed -i -e 's/GROUP="render"/GROUP="video"/' \
-e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in -e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in
patch -Np1 -i "../systemd-${VERSION}-upstream_fixes-1.patch"
mkdir -p build mkdir -p build
cd build cd build
meson setup \ meson setup \
--prefix=/usr \ --prefix=/usr \
--buildtype=release \ --buildtype=release \
-Ddefault-dnssec=no \ -Ddefault-dnssec=no \
-Dfirstboot=false \ -Dfirstboot=false \
-Dinstall-tests=false \ -Dinstall-tests=false \
-Dldconfig=false \ -Dldconfig=false \
-Dsysusers=false \ -Dsysusers=false \
-Drpmmacrosdir=no \ -Drpmmacrosdir=no \
-Dhomed=disabled \ -Dhomed=disabled \
-Duserdb=false \ -Duserdb=false \
-Dman=disabled \ -Dman=enabled \
-Dmode=release \ -Dmode=release \
-Dpamconfdir=no \ -Dpamconfdir=no \
-Ddev-kvm-mode=0660 \ -Ddev-kvm-mode=0660 \
-Dnobody-group=nogroup \ -Dnobody-group=nogroup \
-Dsysupdate=disabled \ -Dsysupdate=disabled \
-Dukify=disabled \ -Dukify=disabled \
-Ddns-servers="94.140.14.14#94.140.15.15" \ -Dsbat-distro='matter' \
-Ddocdir=/usr/share/doc/systemd-255 \ -Dsbat-distro-summary='MatterLinux' \
-Ddns-servers="94.140.14.14#94.140.15.15" \
-Ddocdir="/usr/share/doc/systemd-${VERSION}" \
.. ..
ninja ninja
@ -65,9 +58,6 @@ PACKAGE(){
install -dm755 "${ROOTDIR}/etc" install -dm755 "${ROOTDIR}/etc"
DESTDIR="${ROOTDIR}" ninja install DESTDIR="${ROOTDIR}" ninja install
tar -xf "../../systemd-man-pages-${VERSION}.tar.xz" \
--no-same-owner --strip-components=1 \
-C "${ROOTDIR}/usr/share/man"
cd ../.. && rm -r "${NAME}-${VERSION}" cd ../.. && rm -r "${NAME}-${VERSION}"
} }

204
src/systemd/systemd-255-upstream_fixes-1.patch
View File

@ -1,204 +0,0 @@
Submitted By: Xi Ruoyao <xry111 at xry111 dot site>
Date: 2024-02-10
Initial Package Version: 255
Origin: Upstream (PR 30549 and 30363)
Upstream Status: Applied
Description: Fixes CVE-2023-7008, a security vulnerability in
DNSSEC verification allowing a MITM attack. And
Fix a bug breaking "systemd-analyze verify" an
instantiated unit.
From f56136eb9f7e1bb0f34cd1bace60c4c02a0ed6ea Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 20 Dec 2023 16:44:14 +0100
Subject: [PATCH] resolved: actually check authenticated flag of SOA
transaction
Fixes #25676
---
src/resolve/resolved-dns-transaction.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 696fce532a41f..fe88e502e7c11 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -2808,7 +2808,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
if (r == 0)
continue;
- return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
+ return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
}
return true;
@@ -2835,7 +2835,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
/* We found the transaction that was supposed to find the SOA RR for us. It was
* successful, but found no RR for us. This means we are not at a zone cut. In this
* case, we require authentication if the SOA lookup was authenticated too. */
- return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
+ return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
}
return true;
From 6d9d55657946385916fa4db7149a9b389645ee73 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 7 Dec 2023 19:29:29 +0900
Subject: [PATCH 1/2] analyze: also find template unit when a template instance
is specified
Fixes a regression caused by 2f6181ad4d6c126e3ebf6880ba30b3b0059c6fc8.
Fixes #30357.
Co-authored-by: Jeff King <peff@peff.net>
---
src/analyze/analyze-verify-util.c | 64 +++++++++++++++++++++++++------
1 file changed, 53 insertions(+), 11 deletions(-)
diff --git a/src/analyze/analyze-verify-util.c b/src/analyze/analyze-verify-util.c
index 26d1130477123..6fbd6fa54c37d 100644
--- a/src/analyze/analyze-verify-util.c
+++ b/src/analyze/analyze-verify-util.c
@@ -72,6 +72,54 @@ int verify_prepare_filename(const char *filename, char **ret) {
return 0;
}
+static int find_unit_directory(const char *p, char **ret) {
+ _cleanup_free_ char *a = NULL, *u = NULL, *t = NULL, *d = NULL;
+ int r;
+
+ assert(p);
+ assert(ret);
+
+ r = path_make_absolute_cwd(p, &a);
+ if (r < 0)
+ return r;
+
+ if (access(a, F_OK) >= 0) {
+ r = path_extract_directory(a, &d);
+ if (r < 0)
+ return r;
+
+ *ret = TAKE_PTR(d);
+ return 0;
+ }
+
+ r = path_extract_filename(a, &u);
+ if (r < 0)
+ return r;
+
+ if (!unit_name_is_valid(u, UNIT_NAME_INSTANCE))
+ return -ENOENT;
+
+ /* If the specified unit is an instance of a template unit, then let's try to find the template unit. */
+ r = unit_name_template(u, &t);
+ if (r < 0)
+ return r;
+
+ r = path_extract_directory(a, &d);
+ if (r < 0)
+ return r;
+
+ free(a);
+ a = path_join(d, t);
+ if (!a)
+ return -ENOMEM;
+
+ if (access(a, F_OK) < 0)
+ return -errno;
+
+ *ret = TAKE_PTR(d);
+ return 0;
+}
+
int verify_set_unit_path(char **filenames) {
_cleanup_strv_free_ char **ans = NULL;
_cleanup_free_ char *joined = NULL;
@@ -79,21 +127,15 @@ int verify_set_unit_path(char **filenames) {
int r;
STRV_FOREACH(filename, filenames) {
- _cleanup_free_ char *a = NULL;
- char *t;
+ _cleanup_free_ char *t = NULL;
- r = path_make_absolute_cwd(*filename, &a);
- if (r < 0)
+ r = find_unit_directory(*filename, &t);
+ if (r == -ENOMEM)
return r;
-
- if (access(a, F_OK) < 0)
- continue;
-
- r = path_extract_directory(a, &t);
if (r < 0)
- return r;
+ continue;
- r = strv_consume(&ans, t);
+ r = strv_consume(&ans, TAKE_PTR(t));
if (r < 0)
return r;
}
From 9d51ab78300364c71a0e1f138e1d2cbc65771b93 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 8 Dec 2023 10:41:49 +0900
Subject: [PATCH 2/2] test: add test cases for issue #30357
---
test/units/testsuite-65.sh | 38 ++++++++++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)
diff --git a/test/units/testsuite-65.sh b/test/units/testsuite-65.sh
index 265a07f01d810..6c819dfe4a4ee 100755
--- a/test/units/testsuite-65.sh
+++ b/test/units/testsuite-65.sh
@@ -296,6 +296,44 @@ EOF
# Verifies that the --offline= option works with --root=
systemd-analyze security --threshold=90 --offline=true --root=/tmp/img/ testfile.service
+cat <<EOF >/tmp/foo@.service
+[Service]
+ExecStart=ls
+EOF
+
+cat <<EOF >/tmp/hoge@test.service
+[Service]
+ExecStart=ls
+EOF
+
+# issue #30357
+pushd /tmp
+systemd-analyze verify foo@bar.service
+systemd-analyze verify foo@.service
+systemd-analyze verify hoge@test.service
+(! systemd-analyze verify hoge@nonexist.service)
+(! systemd-analyze verify hoge@.service)
+popd
+pushd /
+systemd-analyze verify tmp/foo@bar.service
+systemd-analyze verify tmp/foo@.service
+systemd-analyze verify tmp/hoge@test.service
+(! systemd-analyze verify tmp/hoge@nonexist.service)
+(! systemd-analyze verify tmp/hoge@.service)
+popd
+pushd /usr
+systemd-analyze verify ../tmp/foo@bar.service
+systemd-analyze verify ../tmp/foo@.service
+systemd-analyze verify ../tmp/hoge@test.service
+(! systemd-analyze verify ../tmp/hoge@nonexist.service)
+(! systemd-analyze verify ../tmp/hoge@.service)
+popd
+systemd-analyze verify /tmp/foo@bar.service
+systemd-analyze verify /tmp/foo@.service
+systemd-analyze verify /tmp/hoge@test.service
+(! systemd-analyze verify /tmp/hoge@nonexist.service)
+(! systemd-analyze verify /tmp/hoge@.service)
+
# Added an additional "INVALID_ID" id to the .json to verify that nothing breaks when input is malformed
# The PrivateNetwork id description and weight was changed to verify that 'security' is actually reading in
# values from the .json file when required. The default weight for "PrivateNetwork" is 2500, and the new weight