#!/bin/bash # Copyright 2016, 2018, 2019, 2023 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is # permitted provided that the following conditions are met: # # 1. Redistributions of this script must retain the above copyright # notice, this list of conditions and the following disclaimer. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO # EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; # OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. cd $(dirname $0) ; CWD=$(pwd) PKGNAM=xorg-server-xwayland SRCNAM=xwayland VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} BUILD=${BUILD:-11_slack15.0} # Default font paths to be used by the X server: DEF_FONTPATH="/usr/share/fonts/misc,/usr/share/fonts/local,/usr/share/fonts/TTF,/usr/share/fonts/OTF,/usr/share/fonts/Type1,/usr/share/fonts/CID,/usr/share/fonts/75dpi/:unscaled,/usr/share/fonts/100dpi/:unscaled,/usr/share/fonts/75dpi,/usr/share/fonts/100dpi,/usr/share/fonts/cyrillic" NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in i?86) export ARCH=i586 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; esac fi # If the variable PRINT_PACKAGE_NAME is set, then this script will report what # the name of the created package would be, and then exit. This information # could be useful to other scripts. if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" exit 0 fi if [ "$ARCH" = "i586" ]; then SLKCFLAGS="-O2 -march=i586 -mtune=i686" LIBDIRSUFFIX="" elif [ "$ARCH" = "i686" ]; then SLKCFLAGS="-O2 -march=i686 -mtune=i686" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then SLKCFLAGS="-O2 -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" LIBDIRSUFFIX="" fi TMP=${TMP:-/tmp} PKG=$TMP/package-$PKGNAM rm -rf $PKG mkdir -p $TMP $PKG cd $TMP || exit 1 rm -rf $SRCNAM-$VERSION tar xvf $CWD/$SRCNAM-$VERSION.tar.?z || exit 1 cd $SRCNAM-$VERSION || exit 1 chown -R root:root . find . \ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ -exec chmod 755 {} \+ -o \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ # Patch CVE-2022-2319 and CVE-2022-2320: zcat $CWD/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/0002-dd8caf39e9e15d8f302e54045dd08d8ebf1025dc.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/0003-6907b6ea2b4ce949cb07271f5b678d5966d9df42.patch.gz | patch -p1 --verbose || exit 1 # Patch more security issues: zcat $CWD/CVE-2022-3550.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/CVE-2022-3551.patch.gz | patch -p1 --verbose || exit 1 # Patch more security issues: zcat $CWD/CVE-2022-4283.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/CVE-2022-46340.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/CVE-2022-46341.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/CVE-2022-46342.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/CVE-2022-46343.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/CVE-2022-46344.patch.gz | patch -p1 --verbose || exit 1 # Fix a bug in the previous patch: zcat $CWD/CVE-2022-46340.correction.patch.gz | patch -p1 --verbose || exit 1 # Patch another security issue: zcat $CWD/CVE-2023-0494.patch.gz | patch -p1 --verbose || exit 1 # Patch another security issue: zcat $CWD/CVE-2023-1393.patch.gz | patch -p1 --verbose || exit 1 # [PATCH] present: Check for NULL to prevent crash. # This prevents a crash with recent NVIDIA drivers. zcat $CWD/857.patch.gz | patch -p1 --verbose || exit 1 # Patch another security issue: zcat $CWD/CVE-2023-5367.patch.gz | patch -p1 --verbose || exit 1 # Patch more security issues: zcat $CWD/CVE-2023-6377.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/CVE-2023-6478.patch.gz | patch -p1 --verbose || exit 1 # Patch more security issues: zcat $CWD/CVE-2023-6816.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/CVE-2024-0229.01.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/CVE-2024-0229.02.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/CVE-2024-0229.03.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/CVE-2024-0408.patch.gz | patch -p1 --verbose || exit 1 # The vulnerable code is not present in xwayland-21.1.4: #zcat $CWD/CVE-2024-0409.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/CVE-2024-21885.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/CVE-2024-21886.01.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/CVE-2024-21886.02.patch.gz | patch -p1 --verbose || exit 1 # Patch more security issues: zcat $CWD/CVE-2024-31080.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/CVE-2024-31081.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/CVE-2024-31083.patch.gz | patch -p1 --verbose || exit 1 # Configure, build, and install: export CFLAGS="$SLKCFLAGS" export CXXFLAGS="$SLKCFLAGS" mkdir meson-build cd meson-build meson setup \ --prefix=/usr \ --libdir=lib${LIBDIRSUFFIX} \ --libexecdir=/usr/libexec \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --includedir=/usr/include \ --datadir=/usr/share \ --mandir=/usr/man \ --sysconfdir=/etc \ --localstatedir=/var \ --buildtype=release \ -Dxwayland_eglstream=true \ -Ddefault_font_path="${DEF_FONTPATH}" \ -Dbuilder_string="Build ID: $PKGNAM $VERSION-$BUILD" \ -Dxkb_output_dir=/var/lib/xkb \ -Dvendor_name="Slackware Linux Project" \ -Dxdmcp=false \ -Dxcsecurity=true \ -Dglamor=true \ -Ddri3=true \ .. || exit 1 "${NINJA:=ninja}" $NUMJOBS || exit 1 DESTDIR=$PKG $NINJA install || exit 1 cd .. # Remove unwanted files/dirs: rm $PKG/usr/man/man1/Xserver.1* rm -Rf $PKG/usr/lib${LIBDIRSUFFIX}/xorg rm -Rf $PKG/usr/include/xorg rm -Rf $PKG/usr/share/aclocal rm -Rf $PKG/var/lib/xkb # Strip the binaries: find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null # Compress and link manpages, if any: if [ -d $PKG/usr/man ]; then ( cd $PKG/usr/man for manpagedir in $(find . -type d -name "man*") ; do ( cd $manpagedir for eachpage in $( find . -type l -maxdepth 1) ; do ln -s $( readlink $eachpage ).gz $eachpage.gz rm $eachpage done gzip -9 *.? ) done ) fi mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION cp -a \ AUTHORS COPYING* CREDITS INSTALL NEWS README* \ $PKG/usr/doc/$PKGNAM-$VERSION # If there's a ChangeLog, installing at least part of the recent history # is useful, but don't let it get totally out of control: if [ -r ChangeLog ]; then DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION) cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog touch -r ChangeLog $DOCSDIR/ChangeLog fi mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc cd $PKG /sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz