wok-current rev 25729
Merge wok for both arch and few updates (again)
| author | Stanislas Leduc <shann@slitaz.org> |
|---|---|
| date | Thu Dec 05 08:52:36 2024 +0000 (3 weeks ago) |
| parents | 5926178cd6fa b37d8510dda9 |
| children | 26f4f834359a |
| files | dbus-c++-dev/receipt openssh-pam/receipt openssh/receipt xorg-server/receipt |
line diff
1.1 --- a/dbus-c++-dev/receipt Thu Dec 05 08:39:45 2024 +0000 1.2 +++ b/dbus-c++-dev/receipt Thu Dec 05 08:52:36 2024 +0000 1.3 @@ -18,5 +18,5 @@ 1.4 get_dev_files 1.5 1.6 # Ensure remove .la files 1.7 - find $fs -name "*.la" -delete 1.8 + find $fs -name "*.la" -delete 1.9 }
2.1 --- a/openssh-pam/receipt Thu Dec 05 08:39:45 2024 +0000 2.2 +++ b/openssh-pam/receipt Thu Dec 05 08:52:36 2024 +0000 2.3 @@ -34,6 +34,10 @@ 2.4 # Rules to configure and make the package. 2.5 compile_rules() 2.6 { 2.7 + # Patch CVE-2024-6387 2.8 + # see https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt 2.9 + patch -p1 < $stuff/CVE-2024-6387.patch 2.10 + 2.11 unset LD # for cross compiling with --disable-strip 2.12 ./configure \ 2.13 --prefix=/usr \
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2 +++ b/openssh-pam/stuff/CVE-2024-6387.patch Thu Dec 05 08:52:36 2024 +0000 3.3 @@ -0,0 +1,17 @@ 3.4 +--- a/log.c 3.5 ++++ b/log.c 3.6 +@@ -451,12 +451,14 @@ 3.7 + sshsigdie(const char *file, const char *func, int line, int showfunc, 3.8 + LogLevel level, const char *suffix, const char *fmt, ...) 3.9 + { 3.10 ++#if 0 3.11 + va_list args; 3.12 + 3.13 + va_start(args, fmt); 3.14 + sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL, 3.15 + suffix, fmt, args); 3.16 + va_end(args); 3.17 ++#endif 3.18 + _exit(1); 3.19 + } 3.20 +
4.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 4.2 +++ b/openssh-pam/stuff/openssh Thu Dec 05 08:52:36 2024 +0000 4.3 @@ -0,0 +1,69 @@ 4.4 +#!/bin/sh 4.5 +# /etc/init.d/openssh : Start, stop and restart OpenSSH server on SliTaz, at 4.6 +# boot time or with the command line. 4.7 +# 4.8 +# To start OpenSSH server at boot time, just put openssh in the $RUN_DAEMONS 4.9 +# variable of /etc/rcS.conf and configure options with /etc/daemons.conf 4.10 +# 4.11 +. /etc/init.d/rc.functions 4.12 +. /etc/daemons.conf 4.13 + 4.14 +NAME=OpenSSH 4.15 +DESC="$(_ '%s server' OpenSSH)" 4.16 +DAEMON=/usr/sbin/sshd 4.17 +OPTIONS=$OPENSSH_OPTIONS 4.18 +PIDFILE=/var/run/sshd.pid 4.19 + 4.20 +[ -d /var/run/sshd ] || mkdir -p /var/run/sshd 4.21 + 4.22 +case "$1" in 4.23 + start) 4.24 + # We need rsa and dsa host key file to start dropbear. 4.25 + for type in rsa dsa ecdsa ed25519 ; do 4.26 + [ -s /etc/ssh/ssh_host_${type}_key ] && continue 4.27 + _ 'Generating OpenSSH %s key... ' $type 4.28 + ssh-keygen -t $type -f /etc/ssh/ssh_host_${type}_key -C '' -N '' 4.29 + done 4.30 + if active_pidfile $PIDFILE sshd ; then 4.31 + _ '%s is already running.' $NAME 4.32 + exit 1 4.33 + fi 4.34 + if [ -n "$(which iptables)" ] && ! iptables -L | grep 'tcp dpt:ssh ' ; then 4.35 + tcp22new='iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent' 4.36 + $tcp22new --set --name DEFAULT --rsource 4.37 + limit='--seconds 300 --hitcount 5 --name DEFAULT --rsource' 4.38 + $tcp22new --update $limit -j LOG --log-prefix "SSH-Bruteforce : " 4.39 + $tcp22new --update $limit -j DROP 4.40 + fi 4.41 + action 'Starting %s: %s...' "$DESC" $NAME 4.42 + $DAEMON $OPTIONS 4.43 + status 4.44 + ;; 4.45 + stop) 4.46 + if ! active_pidfile $PIDFILE sshd ; then 4.47 + _ '%s is not running.' $NAME 4.48 + exit 1 4.49 + fi 4.50 + action 'Stopping %s: %s...' "$DESC" $NAME 4.51 + kill $(cat $PIDFILE) 4.52 + status 4.53 + ;; 4.54 + restart) 4.55 + if ! active_pidfile $PIDFILE sshd ; then 4.56 + _ '%s is not running.' $NAME 4.57 + exit 1 4.58 + fi 4.59 + action 'Restarting %s: %s...' "$DESC" $NAME 4.60 + kill $(cat $PIDFILE) 4.61 + sleep 2 4.62 + $DAEMON $OPTIONS 4.63 + status 4.64 + ;; 4.65 + *) 4.66 + emsg "<n><b>$(_ 'Usage:')</b> $0 [start|stop|restart]" 4.67 + newline 4.68 + exit 1 4.69 + ;; 4.70 +esac 4.71 + 4.72 +exit 0
5.1 --- a/openssh/receipt Thu Dec 05 08:39:45 2024 +0000 5.2 +++ b/openssh/receipt Thu Dec 05 08:52:36 2024 +0000 5.3 @@ -35,6 +35,10 @@ 5.4 # Rules to configure and make the package. 5.5 compile_rules() 5.6 { 5.7 + # Patch CVE-2024-6387 5.8 + # see https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt 5.9 + patch -p1 < $stuff/CVE-2024-6387.patch 5.10 + 5.11 unset LD # for cross compiling with --disable-strip 5.12 ./configure \ 5.13 --prefix=/usr \
6.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 6.2 +++ b/openssh/stuff/CVE-2024-6387.patch Thu Dec 05 08:52:36 2024 +0000 6.3 @@ -0,0 +1,17 @@ 6.4 +--- a/log.c 6.5 ++++ b/log.c 6.6 +@@ -451,12 +451,14 @@ 6.7 + sshsigdie(const char *file, const char *func, int line, int showfunc, 6.8 + LogLevel level, const char *suffix, const char *fmt, ...) 6.9 + { 6.10 ++#if 0 6.11 + va_list args; 6.12 + 6.13 + va_start(args, fmt); 6.14 + sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL, 6.15 + suffix, fmt, args); 6.16 + va_end(args); 6.17 ++#endif 6.18 + _exit(1); 6.19 + } 6.20 +