mid-kid
/
RocketSlack
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

merge into: mid-kid:master
Branches Tags
mid-kid:gcc
mid-kid:lxc
mid-kid:master
mid-kid:rocket-config
mid-kid:vim
mid-kid:wpa_supplicant
...
pull from: mid-kid:wpa_supplicant
Branches Tags
mid-kid:gcc
mid-kid:lxc
mid-kid:master
mid-kid:rocket-config
mid-kid:vim
mid-kid:wpa_supplicant

No commits in common. 'master' and 'wpa_supplicant' have entirely different histories.
master ... wpa_suppli

34 changed files with 664 additions and 1149 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats
  1. 95
      14.2/convert32-supported
  2. 144
      14.2/convert32pkg.sh
  3. 229
      14.2/kernel.SlackBuild
  4. 151
      14.2/makechroot-minimal.sh
  5. 63
      14.2/makechroot.sh
  6. 58
      14.2/massconvert32.sh
  7. 188
      14.2/update-repo.sh
  8. 143
      15.0/makechroot-minimal.sh
  9. 63
      15.0/makechroot.sh
  10. BIN
      2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch.gz
  11. BIN
      2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch.gz
  12. BIN
      2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch.gz
  13. BIN
      2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch.gz
  14. BIN
      2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch.gz
  15. BIN
      2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch.gz
  16. BIN
      2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch.gz
  17. BIN
      2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch.gz
  18. 226
      2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
  19. 55
      README.slackware
  20. 37
      config/dot.config
  21. 7
      config/wpa_gui.desktop
  22. BIN
      config/wpa_gui.png
  23. 2
      config/wpa_supplicant.conf
  24. 6
      config/wpa_supplicant.logrotate
  25. BIN
      doinst.sh.gz
  26. 16
      patches/assoc-timeout.diff
  27. 20
      patches/dbus-service-file-args.diff
  28. 50
      patches/flush-debug-output.diff
  29. 16
      patches/quiet-scan-results-message.diff
  30. 27
      patches/wpa_supplicant-2.5-notify.patch
  31. 15
      readme.txt
  32. 18
      slack-desc
  33. BIN
      wpa_supplicant-2.6.tar.xz
  34. 184
      wpa_supplicant.SlackBuild

95
14.2/convert32-supported
View File

@ -1,95 +0,0 @@
# List of tested packages using convert32pkg.
# This list is safe to use with massconvert32.sh and safe to install.
# Note that these are from slackware 14.2, including patches. -current is unsupported.
# a
bzip2
dbus
eudev
xz
# ap
cups
mpg123
# d
libtool
llvm
# l
alsa-lib
atk
cairo
elfutils
expat
freetype
gdk-pixbuf2
glib2
glibc
gmp
gst-plugins-base
gstreamer
gtk+2
harfbuzz
icu4c
lcms2
libexif
libffi
libgphoto2
libidn
libieee1284
libjpeg-turbo
libnl3
libpcap
libpng
libtiff
libunistring
libusb
libxml2
libxslt
ncurses
orc
pango
sdl
svgalib
v4l-utils
zlib
gamin
# n
cyrus-sasl
gnutls
libgcrypt
libgpg-error
nettle
openldap-client
openssl
p11-kit
# x
fontconfig
glu
libX11
libXau
libXcomposite
libXcursor
libXdamage
libXdmcp
libXext
libXfixes
libXi
libXinerama
libXrandr
libXrender
libXv
libXvMC
libXxf86vm
libdrm
libpciaccess
libxcb
libxshmfence
mesa
pixman
# xap
sane

144
14.2/convert32pkg.sh
View File

@ -1,144 +0,0 @@
#!/bin/sh -e
pkginfodir='/var/log/packages/'
pkgscriptdir='/var/log/scripts/'
if [ "$#" -lt 1 ]; then
echo "Usage: $0 <package32> [package64]" 1>&2
exit 1
fi
pkg32="$(realpath "$1")"
unset pkg64
[ "$2" ] && pkg64="$(realpath "$2")"
# Extract all package info
# See /sbin/installpkg
pkgbase="$(echo "$pkg32" | sed -e 's?.*/??;s/\.t[bglx]z$//')"
pkgext="$(echo "$pkg32" | sed -e 's?.*/??;s/.*\.\(t[bglx]z\)$/\1/')"
pkgname="$(echo "$pkgbase" | sed -e 's?-[^-]*-[^-]*-[^-]*$??')"
pkgver="$(echo "$pkgbase" | sed -e 's?.*-\([^-]*\)-[^-]*-[^-]*$?\1?')"
pkgarch="$(echo "$pkgbase" | sed -e 's?.*-[^-]*-\([^-]*\)-[^-]*$?\1?')"
pkgbuild="$(echo "$pkgbase" | sed -e 's?.*-[^-]*-[^-]*-\([^-]*\)$?\1?')"
case "$pkgarch" in
i?86) pkgarch=x86_64 ;;
*)
echo "Unsupported package architecture '$pkgarch'. Can't proceed." 1>&2
exit 1
;;
esac
pkginfo="$pkginfodir/$pkgname-$pkgver-$pkgarch-$pkgbuild"
pkgscript="$pkgscriptdir/$pkgname-$pkgver-$pkgarch-$pkgbuild"
case "$pkgext" in
tgz) tool=gzip ;;
tbz) tool=bzip2 ;;
tlz) tool=lzma ;;
txz) tool=xz ;;
esac
temp="$(mktemp -d)"
trap "rm -rf '$temp'" EXIT
cd "$temp"
explodepkg "$pkg32"
# Remove all files present in the 64bit package
if [ "$pkg64" ]; then
echo
echo "Removing files:"
$tool -cd "$pkg64" | tar-1.13 t | grep -v '^install/' | while read -r file; do
echo "./$file"
rm -f "./$file" 2> /dev/null || true
done
else
if [ ! -f "$pkginfo" ]; then
echo "Package '$pkgname-$pkgver-$pkgarch-$pkgbuild' is not installed. Can't proceed." 1>&2
exit 1
fi
# See /sbin/removepkg
if fgrep './' "$pkginfo" 1> /dev/null 2>&1; then
TRIGGER='^\.\/'
else
TRIGGER='FILE LIST:'
fi
echo
echo 'Removing files:'
sed -n "/$TRIGGER/,/^$/p" "$pkginfo" | fgrep -v 'FILE LIST:' | grep -v '^install/' | while read -r file; do
echo "./$file"
rm -f "./$file" 2> /dev/null || true
done
fi
# Clean empty directories
echo
echo 'Empty directories:'
find . -type d -empty -print -delete
# Remove all symlinks present in the 64bit package
if [ -f install/doinst.sh ]; then
if [ "$pkg64" ]; then
if ! $tool -cd "$pkg64" | tar-1.13 xO install/doinst.sh > install/doinst.64; then
echo "Failed to extract install/doinst.sh from '$pkg64'. Can't proceed." 1>&2
exit 1
fi
else
if [ ! -f "$pkgscript" ]; then
echo "Package '$pkgname-$pkgver-$pkgarch-$pkgbuild' is installed but has no installation script. Can't proceed." 1>&2
exit 1
fi
cp "$pkgscript" install/doinst.64
fi
# There's some packages that need special treatment
if [ "$pkgname" = 'glib2' -o "$pkgname" = 'cups' -o "$pkgname" = 'sane' ]; then
sed -i -e '/^for file in/,/^done/d' install/doinst.sh
fi
if [ "$pkgname" = 'cups' ]; then
sed -i -e '/^if \[ -e etc\/rc.d\/rc.cups \]; then/,/^fi/d' install/doinst.sh
fi
if [ "$pkgname" = 'eudev' ]; then
sed -i -e '/^if \[ \(-e etc\/rc.d\/rc.udev\|-r etc\/rc.d\/rc.udev.new\) \]; then/,/^fi/d' install/doinst.sh
fi
if [ "$pkgname" = 'dbus' ]; then
sed -i -e '/^if \[ \(-e etc\/rc.d\/rc.messagebus\|-r etc\/rc.d\/rc.messagebus.new\) \]; then/,/^fi/d' install/doinst.sh
fi
# Extract all lines treating with symlinks or config files. See /sbin/removepkg
sed -n -e 's,^[ ]*( [ ]*cd[ ]* .* [ ]*; [ ]*\(rm\|ln\) [ ]*-\(rf\|sf\)[ ]* .* [ ]*)[ ]*$,&,p' \
-e 's,^[ ]*config .*[ ]*$,&,p' install/doinst.64 > install/doinst
rm install/doinst.64
echo
echo 'Removed lines in doinst.sh:'
if [ -s install/doinst ]; then
fgrep -xf install/doinst install/doinst.sh || true
# Remove all symlinks present in the 64bit package
fgrep -vxf install/doinst install/doinst.sh > install/doinst.sh.new || true
mv install/doinst.sh.new install/doinst.sh
# If the resulting doinst.sh is empty, remove it.
if [ ! -s install/doinst.sh ]; then
rm install/doinst.sh
fi
fi
rm install/doinst
fi
# Rename package in slack-desc
if [ -f install/slack-desc ]; then
sed -i -e '/^\$\|#\| *|/!s/^[^:]*:/convert32-&/' install/slack-desc
fi
if ! find . | grep -v '^.$\|^./install' > /dev/null; then
echo
echo 'Package is empty. Not running makepkg.' 1>&2
exit 0
fi
makepkg -l n -c n "$OLDPWD/convert32-$pkgname-$pkgver-$pkgarch-$pkgbuild.$pkgext"

229
14.2/kernel.SlackBuild
View File

@ -1,229 +0,0 @@
#!/bin/sh
set -e
# This is a SlackBuild script for building as-original-as-possible kernel packages.
# It combines existing SlackBuilds and other files in the slackware source tree with vanilla SlackBuild conventions in a way that is clean and functional.
# Unlike the "official" method of building a Slackware kernel, it builds and installs everything in $TMP, so it doesn't taint the host system, and you can build it as a regular user under fakeroot, if you wanted to.
# This often means that the $PKG directory is used as an intermediate directory to run a SlackBuild in, and that said SlackBuilds may need to be modified to run properly in $PKG.
# This script is tailored for x86_64. i?86 support is untested, and would need more modifications (such as building the -smp kernels and fixing $TMP in the packaging SlackBuilds).
# Other architectures can be added, provided the source tree for them is anywhere close to the original slackware tree.
# This SlackBuild should be placed in the "source/k" directory of the source DVD.
# However, this directory doesn't contain all the files we need, as they're scattered all throughout the slackware tree.
# This code may help prepare the source directory:
if [ "$1" = prepare ]; then
shift
if [ $# -lt 3 ]; then
echo Usage: $0 prepare \<source\> \<install\> \<output\> 1>&2
echo e.g. $0 prepare /mnt/tmp/slackware-14.2-source-dvd/source /mnt/tmp/slackware64-14.2-install-dvd/slackware64 ./kernel 1>&2
exit 1
fi
SOURCE=$1
INSTALL=$2
OUT=$3
# Copy the "source/k" directory
cp -aT $SOURCE/k $OUT
# Copy the "source/d/kernel-headers" and "source/a/kernel-firmware" directories into it
cp -at $OUT $SOURCE/d/kernel-headers $SOURCE/a/kernel-firmware
# Copy "slackware*/k/kernel-source-*-noarch-*.txt" to use as slack-desc for kernel-source into it
mkdir -p $OUT/kernel-source
cp -aT $INSTALL/k/kernel-source-*-noarch-*.txt $OUT/kernel-source/slack-desc
# Copy the SlackBuild
cp -at $OUT $0
exit
fi
PKGNAM=${PKGNAM:-linux}
BASEVER=${BASEVER:-4.4.14}
VERSION=${VERSION:-$BASEVER}
ARCH=${ARCH:-x86_64}
KARCH=${KARCH:-x86}
BUILD=${BUILD:-1}
CWD=$(pwd)
TMP=${TMP:-/tmp/kernel}
NUMJOBS=${NUMJOBS:-" -j7 "}
export VERSION ARCH BUILD TMP
# Extract the kernel source
mkdir -p $TMP
cd $TMP
rm -rf $PKGNAM-$BASEVER $PKGNAM-$VERSION
tar xvf $CWD/$PKGNAM-$BASEVER.tar.xz
# Rename the kernel source directory to the proper VERSION
# This is useful if you're applying stable patches and the actual VERSION is different from the one the tarball is named after
if [ "$BASEVER" != "$VERSION" ]; then
mv $PKGNAM-$BASEVER $PKGNAM-$VERSION
fi
# Apply patches
cd $PKGNAM-$VERSION
#xzcat $CWD/patch-x.x.xx.xz | patch -p1 --verbose
#
# Build kernel-headers
#
cd $TMP/$PKGNAM-$VERSION
# Install the kernel headers
PKG=$TMP/package-kernel-headers
rm -rf $PKG
mkdir -p $PKG/usr
make $NUMJOBS INSTALL_HDR_PATH=$PKG/usr headers_install
# Apply some modifications that are present in the original kernel-headers package
find $PKG/usr -type f -a ! -name '*.h' -delete
rm -rf $PKG/usr/include/drm
mv $PKG/usr/include/asm $PKG/usr/include/asm-$KARCH
ln -sf asm-$KARCH $PKG/usr/include/asm
# Install the slack-desc
mkdir -p $PKG/install
cat $CWD/kernel-headers/slack-desc > $PKG/install/slack-desc
# Create the package
cd $PKG
/sbin/makepkg -l y -c n $TMP/kernel-headers-$(echo $VERSION | tr - _)-$KARCH-$BUILD.txz
#
# Build kernel-huge
#
cd $TMP/$PKGNAM-$VERSION
# Build the kernel image
make $NUMJOBS mrproper
cat $CWD/config-$ARCH/config-huge-* > .config
make $NUMJOBS oldconfig
make $NUMJOBS bzImage
# Prepare the directory to run the packaging SlackBuild in
PKG=$TMP/kernel-huge
rm -rf $PKG
mkdir -p $PKG
cp arch/$KARCH/boot/bzImage $PKG
cp System.map $PKG
cp .config $PKG/config
# Copy the packaging SlackBuild
cp -aT $CWD/packaging-$ARCH/kernel-huge $PKG
# Run the packaging SlackBuild
cd $PKG
./kernel-huge.SlackBuild
#
# Build kernel-generic
#
cd $TMP/$PKGNAM-$VERSION
# Build the kernel image
make $NUMJOBS mrproper
cat $CWD/config-$ARCH/config-generic-* > .config
make $NUMJOBS oldconfig
make $NUMJOBS bzImage
# Prepare the directory to run the packaging SlackBuild in
PKG=$TMP/kernel-generic
rm -rf $PKG
mkdir -p $PKG
cp arch/$KARCH/boot/bzImage $PKG
cp System.map $PKG
cp .config $PKG/config
# Copy the packaging SlackBuild
cp -aT $CWD/packaging-$ARCH/kernel-generic $PKG
# Run the packaging SlackBuild
cd $PKG
./kernel-generic.SlackBuild
#
# Build kernel-modules
#
cd $TMP/$PKGNAM-$VERSION
# Build the kernel modules with the already-present kernel-generic config
make $NUMJOBS modules
# Prepare the directory to run the packaging SlackBuild in
PKG=$TMP/kernel-modules
rm -rf $PKG
mkdir -p $PKG
make $NUMJOBS INSTALL_MOD_PATH=$PKG modules_install
# Point the build and source links to the proper source directory in /usr/src, as packaged in kernel-source
rm -f $PKG/lib/modules/$VERSION/build $PKG/lib/modules/$VERSION/source
ln -s /usr/src/$PKGNAM-$VERSION $PKG/lib/modules/$VERSION/build
ln -s /usr/src/$PKGNAM-$VERSION $PKG/lib/modules/$VERSION/source
# Copy the packaging SlackBuild
cp -aT $CWD/packaging-$ARCH/kernel-modules $PKG
# Prefix absolute module paths in the SlackBuild with $CWD, since we installed the modules there
sed -i -e 's@/lib/modules/@$CWD&@' $PKG/kernel-modules.SlackBuild
# Run the packaging SlackBuild
cd $PKG
KERNELRELEASE=$VERSION ./kernel-modules.SlackBuild
#
# Build kernel-source
#
cd $TMP/$PKGNAM-$VERSION
# Cleanup the source directory that was prepared and built with the kernel-generic config
make $NUMJOBS clean
make $NUMJOBS prepare
rm .version .config.old
# Install the kernel source
PKG=$TMP/package-kernel-source
rm -rf $PKG
mkdir -p $PKG/usr/src
ln -s $PKGNAM-$VERSION $PKG/usr/src/$PKGNAM
# Install the slack-desc
mkdir -p $PKG/install
cat $CWD/kernel-source/slack-desc > $PKG/install/slack-desc
# Create the package
cd $PKG
mv $TMP/$PKGNAM-$VERSION usr/src
/sbin/makepkg -l y -c n $TMP/kernel-source-$(echo $VERSION | tr - _)-noarch-$BUILD.txz
#
# Build kernel-firmware
#
cd $TMP
# Prepare the directory to run the packaging SlackBuild in
PKG=$TMP/kernel-firmware
rm -rf $PKG
mkdir -p $PKG
cp -aT $CWD/kernel-firmware $PKG
# Use --depth=1 to cause git to not to download the entire history
sed -i -e 's/git clone/& --depth=1/' $PKG/kernel-firmware.SlackBuild
# Run the packaging SlackBuild
cd $PKG
unset VERSION # The script uses `date` to make a $VERSION
./kernel-firmware.SlackBuild

151
14.2/makechroot-minimal.sh
View File

@ -1,151 +0,0 @@
#!/bin/sh
set -eu
if [ "$(id -u)" != 0 ]; then
echo "This script needs root permissions!" 1>&2
exit 1
fi
if [ "$#" -lt 2 ]; then
echo "Usage: $0 [-a arch] [-v version] [-m mirror] [-b localmirror]" 1>&2
exit 1
fi
version='14.2'
arch="$(uname -m)"
mirror='https://mirrors.slackware.com/slackware'
base=''
# Minimal amount of packages required to run installpkg, removepkg and upgradepkg
# bzip2 and gzip are optional, but required to support .tgz and .tbz packages
# All of these exist in the 'a' package set
packages_pkgtools='
aaa_base
aaa_elflibs
bash
bzip2
coreutils
etc
findutils
glibc-solibs
grep
gzip
pkgtools
sed
tar
util-linux
xz
'
# Minimal amount of packages required to run slackpkg without the dialog interface
# gnupg is optional, but required to verify the GPG signatures of packages
# ca-certificates, openssl, bin and perl are optional, but required for HTTPS support
# These exist over the 'a', 'ap' and 'n' package sets
# perl exists in the 'd' package set
# openssl and ca-certificates need to be installed last (after perl and bin, at least) for the doinst.sh to run correctly
packages_slackpkg='
bin
diffutils
gawk
gnupg
openssl-solibs
perl
slackpkg
wget
which
openssl
ca-certificates
'
# Parse arguments
while getopts "v:a:m:b:" opt; do
case "$opt" in
v) version="$OPTARG" ;;
a) arch="$OPTARG" ;;
m) mirror="$OPTARG" ;;
b) base="$(realpath "$OPTARG")" # Path to local mirror, to get the files from.
esac
done
# Build final variables
case "$arch" in
x86_64)
pkgmain='slackware64'
;;
*)
pkgmain='slackware'
;;
esac
release="$pkgmain-$version"
initrd='isolinux/initrd.img'
checksums='CHECKSUMS.md5'
# Create working directory
temp="$(mktemp -d -t "$(basename "$0")".XXXXXX)"
trap "rm -rf '$temp'" EXIT
destdir="$PWD"
cd "$temp"
# Function to download (or copy) a file
get() {
if [ "$base" ]; then
cp "$base/$1" "$2"
else
wget "$mirror/$release/$1" -O "$2"
fi
}
# Function to verify files based on the checksums file
check() {
printf '%s' "$(tail +13 CHECKSUMS.md5 | grep "^[0-9a-f]* ./$1$" | cut -d ' ' -f 1) $2" | md5sum -c --quiet -
}
# Get the full path to a package
package() {
tail +13 CHECKSUMS.md5 | grep "^[0-9a-f]* ./$pkgmain/[^/]*/$1-[^-]*-[^-]*-[^-]*\.t.z$" | cut -d ' ' -f 3- | cut -c 3-
}
# Download checksums
get "$checksums" CHECKSUMS.md5
# Download installer initrd.img
get "$initrd" initrd.img
check "$initrd" initrd.img
# Unpack and prepare the installer
zcat initrd.img | cpio -id
rm -rf initrd.img mnt pkg
mkdir -p mnt/pkg pkg
# Download packages
for pkg in $packages_pkgtools; do
path="$(package "$pkg")"
name="$(basename "$path")"
get "$path" "pkg/$name"
check "$path" "pkg/$name"
echo "$name" >> pkg/_
done
for pkg in $packages_slackpkg; do
path="$(package "$pkg")"
name="$(basename "$path")"
get "$path" "mnt/pkg/$name"
check "$path" "mnt/pkg/$name"
echo "$name" >> mnt/pkg/_
done
# Bootstrap pkgtools and it's dependencies
env -i chroot . sh -l -c 'while read pkg; do /usr/lib/setup/installpkg --root /mnt --terse "/pkg/$pkg"; done < /pkg/_'
# Install slackpkg and it's dependencies
env -i chroot mnt sh -l -c 'while read pkg; do /sbin/installpkg --terse "/pkg/$pkg"; done < /pkg/_'
# Configuration
printf '%s\n' "$mirror/$release/" >> mnt/etc/slackpkg/mirrors
# Compress the package
tar cvJf "$destdir/$release.tar.xz" --sort=name --exclude=./pkg -C mnt .

63
14.2/makechroot.sh
View File

@ -1,63 +0,0 @@
#!/bin/sh -e
set -e
if [ "$(id -u)" != 0 ]; then
echo "This script needs root permissions!" 1>&2
exit 1
fi
if [ "$#" -lt 2 ]; then
echo "Usage: $0 <slackware> <chroot>" 1>&2
exit 1
fi
slackware="$(realpath "$1")"
chroot="$(realpath "$2")"
temp="$(mktemp -d -t makechroot.XXXXXX)"
# Make sure we clean up properly before exitting
cleanup() {
mountpoint -q "$temp/mnt" && umount "$temp/mnt"
mountpoint -q "$temp/dvd" && umount "$temp/dvd"
rm -rf "$temp"
}
trap 'cleanup' EXIT
# Extract the initrd
cd "$temp"
gzip -cd "$slackware/isolinux/initrd.img" | cpio -id
# Mount the dvd
mkdir dvd
mount --bind "$slackware" dvd
# Mount the destination
mkdir -p "$chroot"
mount --bind "$chroot" mnt
# Install the packages
env -i chroot . sh -l -c '
/usr/lib/setup/installpkg --root /mnt --terse /dvd/slackware*/*/*.t?z
cd /mnt
for script in \
04.mkfontdir \
05.fontconfig \
07.update-desktop-database \
07.update-mime-database \
08.gtk-update-icon-cache \
11.cacerts \
cups-genppdupdate
do
var/log/setup/setup.$script
done
chroot . /usr/bin/update-gtk-immodules > /dev/null 2>&1
chroot . /usr/bin/update-gdk-pixbuf-loaders > /dev/null 2>&1
chroot . /usr/bin/update-pango-querymodules > /dev/null 2>&1
chroot . /usr/bin/glib-compile-schemas /usr/share/glib-2.0/schemas > /dev/null 2>&1
'
# We only run a few setup scripts that do not require user interaction, and deal with updating caches and such, which is not done (properly) by the doinst.sh scripts.
# To get a full list, run: bzcat MANIFEST.bz2 | awk '{print $6}' | grep '^var/log/setup/setup\.' | sort
# Besides the setup scripts, we also need to run some programs which are usually ran from /etc/rc.d/rc.M, but not from the setup scripts.
# This is tailored to Slackware 14.2. I'm unsure whether it'll work properly on any other version.

58
14.2/massconvert32.sh
View File

@ -1,58 +0,0 @@
#!/bin/sh
set -e
# DISCLAIMER
# Don't ever think of installing every single package generated with this script.
# While it *should* not cause any problems, doing so is simply overkill, untested, and not recommended in the least.
if [ "$#" -lt 2 ]; then
echo "Usage: $0 <slackware> <slackware64> [whitelist]" 1>&2
exit 1
fi
scriptdir="$(realpath "$(dirname "$0")")"
slackware="$1"
slackware64="$2"
whitelist="$3"
find "$slackware" -type f -name "*.t?z" -printf '%P\n' | sort | while read -r pkg; do
# See /sbin/installpkg
pkgbase="$(echo "$pkg" | sed -e 's?.*/??;s/\.t[bglx]z$//')"
pkgext="$(echo "$pkg" | sed -e 's?.*/??;s/.*\.\(t[bglx]z\)$/\1/')"
pkgname="$(echo "$pkgbase" | sed -e 's?-[^-]*-[^-]*-[^-]*$??')"
pkgver="$(echo "$pkgbase" | sed -e 's?.*-\([^-]*\)-[^-]*-[^-]*$?\1?')"
pkgarch="$(echo "$pkgbase" | sed -e 's?.*-[^-]*-\([^-]*\)-[^-]*$?\1?')"
if [ "$whitelist" ]; then
if ! grep -v '^#' "$whitelist" | fgrep -xq "$pkgname"; then
continue
fi
fi
case "$pkgarch" in
i?86) pkgarch=x86_64 ;;
# Architecture-independent stuff
noarch|fw) continue ;;
# Only kernel-headers uses x86 as pkgarch. That doesn't need conversion.
x86) continue ;;
*)
echo "WARNING: Package '$pkg' has an unsupported architecture: '$pkgarch'"
exit
;;
esac
if [ ! -f "$slackware64/$(dirname "$pkg")/$pkgname-$pkgver-$pkgarch-"*".$pkgext" ]; then
echo "WARNING: Package '$pkg' doesn't exist in slackware64, or there were multiple with different build versions."
continue
fi
rpkg="$(realpath "$slackware/$pkg")"
rpkg64="$(realpath "$slackware64/$(dirname "$pkg")/$pkgname-$pkgver-$pkgarch-"*".$pkgext")"
mkdir -p "$(dirname "$pkg")"
( cd "$(dirname "$pkg")"
"$scriptdir/convert32pkg.sh" "$rpkg" "$rpkg64"
)
done

188
14.2/update-repo.sh
View File

@ -1,188 +0,0 @@
#!/bin/sh
set -e
gpgkey=''
timestamp="$(LC_ALL=C date -u)"
cachedir='.cache'
# Cleanup
if [ "$1" = 'clean' ]; then
rm -rf "$cachedir" ChangeLog.txt PACKAGES.TXT MANIFEST.bz2 FILELIST.TXT CHECKSUMS.md5 CHECKSUMS.md5.asc GPG-KEY
find . -regex '.*\.t[bglx]z$' | while read -r package; do
pkgbase="$(echo "$package" | sed 's?.*/??;s/\.t[bglx]z$//')"
rm -f "$(dirname "$package")/$pkgbase.txt"
rm -f "$package.asc"
done
exit
fi
mkdir -p "$cachedir"
# Process all packages
find . -regex '.*\.t[bglx]z$' | while read -r package; do
case "$package" in
*.tgz)
tool=gzip
;;
*.tbz)
tool=bzip2
;;
*.tlz)
tool=lzma
;;
*.txz)
tool=xz
;;
esac
# See the pkgbase and package_name functions in /sbin/installpkg
pkgbase="$(echo "$package" | sed 's?.*/??;s/\.t[bglx]z$//')"
pkgdir="$(dirname "$package")"
pkgname="$(echo "$pkgbase" | sed 's?-[^-]*-[^-]*-[^-]*$??')"
pkgtxt="$pkgdir/$pkgbase.txt"
pkgmeta="$cachedir/$pkgdir/$pkgbase.meta"
pkgmanifest="$cachedir/$pkgdir/$pkgbase.manifest"
pkgsize="$cachedir/$pkgdir/$pkgbase.size"
pkgusize="$cachedir/$pkgdir/$pkgbase.usize"
pkgsum="$cachedir/$pkgdir/$pkgbase.checksum"
if [ -f "$pkgtxt" -a \
-f "$pkgmeta" -a \
-f "$pkgmanifest" -a \
-f "$pkgsize" -a \
-f "$pkgusize" -a \
-f "$pkgsum" ]; then
if [ "$gpgkey" ]; then
if [ -f "$package.asc" ]; then
md5sum --status -c "$pkgsum" && continue
fi
else
md5sum --status -c "$pkgsum" && continue
fi
fi
echo "Adding $package..."
mkdir -p "$cachedir/$pkgdir"
# Decompress the package
tmppkg="$(mktemp)"
$tool -cd "$package" > "$tmppkg"
# Get package size
du -k "$package" | cut -f 1 > "$pkgsize"
du -k "$tmppkg" | cut -f 1 > "$pkgusize"
# Generate .txt file (see /usr/bin/slackdtxt)
(tar xOf "$tmppkg" install/slack-desc 2> /dev/null || echo "$pkgname:") | egrep -v '^($|#| *\|)' > "$pkgtxt"
# Create manifest for this package
cat > "$pkgmanifest" << EOF
++========================================
||
|| Package: $package
||
++========================================
$(TZ=EST tar tvvf "$tmppkg")
EOF
# Create metadata for this package
# Source for the sed line: https://stackoverflow.com/questions/1444406/how-can-i-delete-duplicate-lines-in-a-file-in-unix#1444433
cat > "$pkgmeta" << EOF
PACKAGE NAME: $(basename "$package")
PACKAGE LOCATION: $pkgdir
PACKAGE SIZE (compressed): $(cat "$pkgsize" | xargs) K
PACKAGE SIZE (uncompressed): $(cat "$pkgusize" | xargs) K
PACKAGE DESCRIPTION:
$(cat "$pkgtxt" | sed -e '$!N; /^\(.*\)\n\1$/!P; D')
EOF
# Sign the package
rm -f "$package.asc"
[ "$gpgkey" ] && gpg -bas --use-agent --batch -u "$gpgkey" "$package"
# Remove decompressed package
rm -f "$tmppkg"
# Save checksum
md5sum "$package" > "$pkgsum"
done
# Generate shitty ChangeLog.txt
echo "$timestamp" > ChangeLog.txt
# Create GPG-KEY
if [ "$gpgkey" ]; then
gpg --list-keys "$gpgkey" > GPG-KEY
gpg -a --export "$gpgkey" >> GPG-KEY
fi
# Generate PACKAGES.TXT
echo "Generating PACKAGES.TXT..."
cat > PACKAGES.TXT << EOF
PACKAGES.TXT; $timestamp
This file provides details on the Slackware packages found
in this directory.
Total size of all packages (compressed): $(expr \( 0$(find "$cachedir" -type f -name '*.size' | xargs cat | xargs printf ' + %s') \) / 1024 || true) MB
Total size of all packages (uncompressed): $(expr \( 0$(find "$cachedir" -type f -name '*.usize' | xargs cat | xargs printf ' + %s') \) / 1024 || true) MB
EOF
# https://stackoverflow.com/questions/4255603/sort-files-by-basename#4256095
find "$cachedir" -type f -name '*.meta' | perl -e 'print sort{($p=$a)=~s!.*/!!;($q=$b)=~s!.*/!!;$p cmp$q}<>' | xargs cat >> PACKAGES.TXT
echo >> PACKAGES.TXT
# Generate MANIFEST.bz2
echo "Generating MANIFEST.bz2..."
find "$cachedir" -type f -name '*.manifest' | sort | xargs cat | bzip2 -9 -z > MANIFEST.bz2
# Generate FILELIST.TXT
echo "Generating FILELIST.TXT..."
cat > FILELIST.TXT << EOF
$timestamp
Here is the file list for this directory. If you are using a
mirror site and find missing or extra files in the disk
subdirectories, please have the archive administrator refresh
the mirror.
EOF
find . ! -path "./$cachedir/*" -a ! -name "$cachedir" | sort | xargs fakeroot ls -ld --time-style=long-iso > FILELIST.TXT
# Generate CHECKSUMS.md5
echo "Generating CHECKSUMS.md5..."
cat > CHECKSUMS.md5 << EOF
These are the MD5 message digests for the files in this directory.
If you want to test your files, use 'md5sum' and compare the values to
the ones listed here.
To test all these files, use this command:
tail +13 CHECKSUMS.md5 | md5sum -c --quiet - | less
'md5sum' can be found in the GNU coreutils package on ftp.gnu.org in
/pub/gnu, or at any GNU mirror site.
MD5 message digest Filename
EOF
find . -type f -a ! -path "./$cachedir/*" | sort | xargs md5sum >> CHECKSUMS.md5
# Sign CHECKSUMS.md5
rm -f CHECKSUMS.md5.asc
[ "$gpgkey" ] && gpg -bas --use-agent --batch -u "$gpgkey" CHECKSUMS.md5
# Remove tmpdir
rm -rf "$tmpdir"

143
15.0/makechroot-minimal.sh
View File

@ -1,143 +0,0 @@
#!/bin/sh
set -eu
if [ "$(id -u)" != 0 ]; then
echo "This script needs root permissions!" 1>&2
exit 1
fi
if [ "$#" -lt 1 ]; then
echo "Usage: $0 [-a arch] [-m mirror] <chroot>" 1>&2
exit 1
fi
arch="$(uname -m)"
mirror='https://mirrors.slackware.com/slackware/slackware64-current'
# Minimal amount of packages required to run installpkg, removepkg, upgradepkg, explodepkg and makepkg
# All of these exist in the 'a' package set
packages_pkgtools='
aaa_base
aaa_elflibs
bash
coreutils
etc
findutils
glibc-solibs
grep
pkgtools
sed
tar
util-linux
which
xz
'
# Minimal amount of packages required to run slackpkg without the dialog interface
# Supporting https, gpg, and upgrade-all.
# These exist over the 'a', 'ap', 'n' and 'l' package sets
# ca-certificates needs to be installed after openssl for the doinst.sh to run correctly
packages_extra='
bzip2
diffutils
gawk
gnupg
gzip
libpsl
libunistring
pcre2
slackpkg
wget
openssl
ca-certificates
'
# Parse arguments
while getopts "a:m:" opt; do
case "$opt" in
a) arch="$OPTARG" ;;
m)
if [ -d "$OPTARG" ]; then
mirror="$(realpath "$OPTARG")"
else
mirror="$OPTARG"
fi
;;
esac
done
shift $(expr $OPTIND - 1)
[ "$#" -ge 1 ] && [ "$1" = "--" ] && shift
# Build final variables
case "$arch" in
x86_64) pkgmain='slackware64' ;;
*) pkgmain='slackware' ;;
esac
initrd='isolinux/initrd.img'
checksums='CHECKSUMS.md5'
chroot="$(realpath "$1")"
# Create working directory
temp="$(mktemp -d -t "$(basename "$0")".XXXXXX)"
cleanup() {
if mountpoint -q "$temp/mnt/pkg"; then
umount "$temp/mnt/pkg"
rmdir "$temp/mnt/pkg"
fi
mountpoint -q "$temp/mnt" && umount "$temp/mnt"
rm -rf "$temp"
}
trap 'cleanup' EXIT
cd "$temp"
# Function to download (or copy) a file
get() {
if [ -d "$mirror" ]; then
cp "$mirror/$1" "$2"
else
wget "$mirror/$1" -O "$2"
fi
}
# Function to verify files based on the checksums file
check() {
printf '%s' "$(tail +13 CHECKSUMS.md5 | grep "^[0-9a-f]* ./$1$" | cut -d ' ' -f 1) $2" | md5sum -c --quiet -
}
# Get the full path to a package
package() {
tail +13 CHECKSUMS.md5 | grep "^[0-9a-f]* ./$pkgmain/[^/]*/$1-[^-]*-[^-]*-[^-]*\.t.z$" | cut -d ' ' -f 3- | cut -c 3-
}
# Download checksums
get "$checksums" CHECKSUMS.md5
# Download installer initrd.img
get "$initrd" initrd.img
check "$initrd" initrd.img
# Unpack and prepare the installer
xz -cd initrd.img | cpio -id
rm -f initrd.img
mkdir -p pkg "$chroot"
mount --bind "$chroot" mnt
mkdir -p mnt/pkg
mount --bind pkg mnt/pkg
# Download packages
for pkg in $packages_pkgtools $packages_extra; do
path="$(package "$pkg")"
name="$(basename "$path")"
get "$path" "pkg/$name"
check "$path" "pkg/$name"
done
for pkg in $packages_pkgtools; do echo "$(basename "$(package "$pkg")")" >> pkg/__; done
for pkg in $packages_extra; do echo "$(basename "$(package "$pkg")")" >> pkg/_; done
# Bootstrap pkgtools and its dependencies
env -i chroot . sh -l -c 'while read pkg; do /sbin/installpkg --root /mnt --terse "/pkg/$pkg"; done < /pkg/__'
# Install slackpkg and its dependencies
env -i chroot mnt sh -l -c 'while read pkg; do /sbin/installpkg --terse "/pkg/$pkg"; done < /pkg/_'

63
15.0/makechroot.sh
View File

@ -1,63 +0,0 @@
#!/bin/sh -e
set -e
if [ "$(id -u)" != 0 ]; then
echo "This script needs root permissions!" 1>&2
exit 1
fi
if [ "$#" -lt 2 ]; then
echo "Usage: $0 <slackware> <chroot>" 1>&2
exit 1
fi
slackware="$(realpath "$1")"
chroot="$(realpath "$2")"
temp="$(mktemp -d -t makechroot.XXXXXX)"
# Make sure we clean up properly before exitting
cleanup() {
mountpoint -q "$temp/mnt" && umount "$temp/mnt"
mountpoint -q "$temp/dvd" && umount "$temp/dvd"
rm -rf "$temp"
}
trap 'cleanup' EXIT
# Extract the initrd
cd "$temp"
xz -cd "$slackware/isolinux/initrd.img" | cpio -id
# Mount the dvd
mkdir dvd
mount --bind "$slackware" dvd
# Mount the destination
mkdir -p "$chroot"
mount --bind "$chroot" mnt
# Install the packages
env -i chroot . sh -l -c '
/sbin/installpkg --root /mnt --terse /dvd/slackware*/*/*.t?z
cd /mnt
for script in \
04.mkfontdir \
05.fontconfig \
07.update-desktop-database \
07.update-mime-database \
08.gtk-update-icon-cache \
11.cacerts \
cups-genppdupdate
do
var/lib/pkgtools/setup/setup.$script
done
chroot . /usr/bin/update-gtk-immodules > /dev/null 2>&1
HOME=/root chroot . /usr/bin/update-gdk-pixbuf-loaders > /dev/null 2>&1
chroot . /usr/bin/update-pango-querymodules > /dev/null 2>&1
chroot . /usr/bin/glib-compile-schemas /usr/share/glib-2.0/schemas > /dev/null 2>&1
'
# We only run a few setup scripts that do not require user interaction, and deal with updating caches and such, which is not done (properly) by the doinst.sh scripts.
# To get a full list, run: bzcat MANIFEST.bz2 | awk '{print $6}' | grep '^var/log/setup/setup\.' | sort
# Besides the setup scripts, we also need to run some programs which are usually ran from /etc/rc.d/rc.M, but not from the setup scripts.
# This is tailored to Slackware 15.0-current, I'm unsure whether it'll work properly on any other version.

BIN
2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch.gz
View File

Binary file not shown.

BIN
2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch.gz
View File

Binary file not shown.

BIN
2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch.gz
View File

Binary file not shown.

BIN
2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch.gz
View File

Binary file not shown.

BIN
2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch.gz
View File

Binary file not shown.

BIN
2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch.gz
View File

Binary file not shown.

BIN
2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch.gz
View File

Binary file not shown.

BIN
2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch.gz
View File

Binary file not shown.

226
2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
View File

@ -0,0 +1,226 @@
WPA packet number reuse with replayed messages and key reinstallation
Published: October 16, 2017
Identifiers:
- CERT case ID: VU#228519
- CVE-2017-13077
- CVE-2017-13078
- CVE-2017-13079
- CVE-2017-13080
- CVE-2017-13081
- CVE-2017-13082
- CVE-2017-13084 (not applicable)
- CVE-2017-13086
- CVE-2017-13087
- CVE-2017-13088
Latest version available from: https://w1.fi/security/2017-1/
Vulnerability
A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys. Such
reinstallation of the encryption key can result in two different types
of vulnerabilities: disabling replay protection and significantly
reducing the security of encryption to the point of allowing frames to
be decrypted or some parts of the keys to be determined by an attacker
depending on which cipher is used.
This document focuses on the cases that apply to systems using hostapd
(AP) or wpa_supplicant (station), but it should be noted that the
generic vulnerability itself is applicable to other implementations and
may have different impact in other cases.
This vulnerability can in theory apply to any case where a TK (the
pairwise/unicast encryption key used with TKIP, CCMP, GCMP), a GTK
(group/multicast encryption key), or an IGTK (group management frame
integrity protection key) is configured by the Authentication/Supplicant
component to the WLAN driver/firmware taking care of the TX/RX path and
encryption/decryption of frames.
If the same key is configured multiple times, it is likely that the
transmit and receive packet numbers (PN, IPN, RSC/TSC, etc.) are cleared
to a smaller value (zero in case of pairwise keys, zero or at least a
smaller value than the last used value in case of group keys). When this
happens with the same key, this breaks replay protection on RX side and
can result in reuse of packet numbers on TX side. The former may allow
replaying of previously delivered packets (without the attacker being
able to decrypt them or modify their contents) while the latter may
result in more severe issues on the TX side due to resulting CCM nonce
replay and related issues with GCMP and TKIP. The TX side issue may make
it significantly easier for the attacker to decrypt frames and determine
some parts of the keys (e.g., a Michael MIC key in case of TKIP).
Impact on AP/hostapd
On the AP side, this generic issue has been determined to be applicable
in the case where hostapd is used to operate an RSN/WPA2 network with FT
(Fast BSS Transition from IEEE 802.11r) enabled. Replaying of the
Reassociation Request frame can be used to get the AP reinstalling the
TK which results in the AP accepting previously delivered unicast frames
from the station and the AP reusing previously used packet numbers
(local TX packet number gets reset to zero). This latter issue on the TX
side can result in CCM nonce reuse which invalidates CCMP security
properties. In case of TKIP this can result in the attacker being able
to determine part of the TK more easily and with GCMP, result in similar
issues.
It should be noted that the AP side issue with FT would be close to
applying to FILS authentication (from IEEE 802.11ai) in hostapd with
replaying of (Re)Association Request frames. However, due to a different
handling of the repeated association processing with FILS, this would
actually result in the station getting immediately disconnected which
prevents this attack in practice. In addition, the FILS implementation
in the current hostapd version is still experimental and documented as
being discouraged in production use cases.
Another area of potentially reduced security was identified when looking
into these issues. When AP/Authenticator implementation in hostapd is
requested to rekey the PTK without performing EAP reauthentication
(either through local periodic rekeying or due to a request from an
association station), the ANonce value does not get updated. This
results in the new 4-way handshake depending on the station/supplicant
side generating a new, unique (for the current PMK/PSK) SNonce for the
PTK derivation to result in a new key. While a properly working
supplicant would do so, if there is a supplicant implementation that
does not, this combination could result in deriving the same PTK
again. When the TK from that PTK gets configured in the driver, this
would result in reinstalling the same key and the same issues as
described above for the FT protocol case.
Impact on station/wpa_supplicant
On the station side, this generic issue has been determined to be
applicable in the cases where wpa_supplicant processes a group key (GTK
or IGTK) update from the AP. An attacker that is able to limit access
to frame delivery may be able to extract two update messages and deliver
those to the station with significant time delay between them. When
wpa_supplicant processes the second message, it may end up reinstalling
the same key to the driver and when doing this, clear the RX packet
number to an old value. This would allow the attacker to replay all
group-addressed frames that the AP sent between the time the key update
message was originally sent and the time when the attacker forwarded the
second frame to the station. The attacker would not be able to decrypt
or modify the frames based on this vulnerability, though. There is an
exception to this with older wpa_supplicant versions as noted below in
version specific notes.
For the current wpa_supplicant version (v2.6), there is also an
additional EAPOL-Key replay sequence where an additional forged
EAPOL-Key message can be used to bypass the existing protection for the
pairwise key reconfiguration in a manner that ends up configuring a
known TK that an attacker could use to decrypt any frame sent by the
station and to inject arbitrary unicast frames. Similar issues are
reachable in older versions as noted below.
PeerKey / TDLS PeerKey
As far as the related CVE-2017-13084 (reinstallation of the STK key in
the PeerKey handshake) is concerned, it should be noted that PeerKey
implementation in wpa_supplicant is not fully functional and the actual
installation of the key into the driver does not work. As such, this
item is not applicable in practice. Furthermore, the PeerKey handshake
for IEEE 802.11e DLS is obsolete and not known to have been deployed.
As far as the TDLS PeerKey handshake is concerned (CVE-2017-13086),
wpa_supplicant implementation is already rejecting TPK M2 retries, so
the reconfiguration issue cannot apply for it. For TPK M3, there is a
theoretical impact. However, if that frame is replayed, the current
wpa_supplicant implementation ends up tearing down the TDLS link
immediately and as such, there is no real window for performing the
attack. Furthermore, TPK M3 goes through the AP path and if RSN is used
there, that frame has replay protection, so the attacker could not
perform the attack. If the AP path were to use WEP, the frame could be
replayed, though. That said, if WEP is used on the AP path, it would be
fair to assume that there is no security in the network, so a new attack
vector would be of small additional value.
With older wpa_supplicant versions, it may be possible for an attacker
to cause TPK M2 to be retransmitted with delay that would be able to
trigger reinstallation of TK on the peer receiving TPK M2
(CVE-2017-13086). This may open a short window for the attack with v2.3,
v2.4, and v2.5; and a longer window with older versions.
Vulnerable versions/configurations
For the AP/Authenticator TK (unicast) reinstallation in FT protocol
(CVE-2017-13082):
hostapd v0.7.2 and newer with FT enabled (i.e., practically all versions
that include full FT implementation). FT needs to be enabled in the
runtime configuration to make this applicable.
For the AP/Authenticator missing ANonce during PTK rekeying:
All hostapd versions.
For the station/Supplicant side GTK/IGTK reinstallation and TK
configuration:
All wpa_supplicant versions. The impact on older versions can be more
severe due to earlier changes in this area: v2.3 and older can also
reinstall the pairwise key and as such have similar impact as the AP FT
case (CVE-2017-13077); v2.4 and v2.5 end up configuring an all-zero TK
which breaks the normal data path, but could allow an attacker to
decrypt all following frames from the station and to inject arbitrary
frames to the station. In addition, a different message sequence
involving 4-way handshake can result in configuration of an all-zero TK
in v2.6 and the current snapshot of the development repository as of the
publication of this advisory.
Acknowledgments
Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU
Leuven for discovering and reporting this issue. Thanks to John A. Van
Boxtel for finding additional issues related to this topic.
Possible mitigation steps
- For AP/hostapd and FT replay issue (CVE-2017-13082), it is possible to
prevent the issue temporarily by disabling FT in runtime
configuration, if needed before being able to update the
implementations.
- Merge the following commits to hostapd/wpa_supplicant and rebuild them:
hostapd and replayed FT reassociation request frame (CVE-2017-13082):
hostapd: Avoid key reinstallation in FT handshake
hostapd PTK rekeying and ANonce update:
Fix PTK rekeying to generate a new ANonce
wpa_supplicant and GTK/IGTK rekeying (CVE-2017-13078, CVE-2017-13079,
CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088):
Prevent reinstallation of an already in-use group key
Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
wpa_supplicant (v2.6 or newer snapshot) and known TK issue:
Prevent installation of an all-zero TK
Additional protection steps for wpa_supplicant:
TDLS: Reject TPK-TK reconfiguration
WNM: Ignore WNM-Sleep Mode Response without pending request
FT: Do not allow multiple Reassociation Response frames
These patches are available from https://w1.fi/security/2017-1/
(both against the snapshot of hostap.git master branch and rebased on
top of the v2.6 release)
For the TDLS TPK M2 retransmission issue (CVE-2017-13086) with older
wpa_supplicant versions, consider updating to the latest version or
merge in a commit that is present in v2.6:
https://w1.fi/cgit/hostap/commit/?id=dabdef9e048b17b22b1c025ad592922eab30dda8
('TDLS: Ignore incoming TDLS Setup Response retries')
- Update to hostapd/wpa_supplicant v2.7 or newer, once available
* it should be noted that there are number of additional changes in
the related areas of the implementation to provide extra layer of
protection for potential unknown issues; these changes are not
included in this advisory as they have not been identified to be
critical for preventing any of the identified security
vulnerabilities; however, users of hostapd/wpa_supplicant are
encouraged to consider merging such changes even if not fully
moving to v2.7

55
README.slackware
View File

@ -0,0 +1,55 @@
=================================================
How do I get my card to use WPA-PSK in Slackware?
=================================================
First off: wpa_supplicant REQUIRES the AP to broadcast the SSID. When the AP
hides its SSID, all you will get out of wpa_supplicant is the message:
"No suitable AP found"
Also, read the MADwifi FAQ (http://madwifi.sourceforge.net/dokuwiki/doku.php)
since it contains a wealth of information.
This being said, you'll have to do the following (as root):
Edit the file named /etc/wpa_supplicant.conf and add these lines:
network={
scan_ssid=0
proto=WPA
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP WEP104 WEP40
}
Then execute:
/usr/sbin/wpa_passphrase YOURSSID passphrase
with the SSID of your AP and the passphrase you've entered in its WPA-PSK configuration. You'll receive an output, which looks like this:
network={
ssid="YOURSSID"
#psk="passphrase"
psk=66a4bfb03de5656cf26cfa03a116097546046f4aea11ee044b841171207d8308
}
Copy the three lines within the network-tag into your own entry in wpa_supplicant.conf and change the permissions after you've finished editing:
chmod 640 /etc/wpa_supplicant.conf
To get your network device up and running, execute:
### /usr/sbin/wpa_supplicant -Bw -c/etc/wpa_supplicant.conf -iath0 -Dmadwifi ###
### you don't have to run the above command by hand, because it will ###
### be executed by the rc.inet1 command that you run: ###
/etc/rc.d/rc.inet1 ath0_start
In case you want to see the wpa_supplicant in action, start it on the command line before enabling the wireless device, by running:
/usr/sbin/wpa_supplicant -dw -c/etc/wpa_supplicant.conf -iath0 -Dmadwifi
The terminal where you've started the wpa_supplicant should now show the communication between your wlan card and the AP. If you got everything up and running you can let Slackware's init script take over by killing wpa_supplicant and running:
/etc/rc.d/rc.inet1 ath0_restart
Studying the wpa_supplicant README is also highly recommended for further insight!

37
config/dot.config
View File

@ -0,0 +1,37 @@
CONFIG_AP=y
CONFIG_BACKEND=file
CONFIG_BGSCAN_SIMPLE=y
CONFIG_CTRL_IFACE=y
CONFIG_CTRL_IFACE_DBUS=y
CONFIG_CTRL_IFACE_DBUS_INTRO=y
CONFIG_CTRL_IFACE_DBUS_NEW=y
CONFIG_DEBUG_FILE=y
CONFIG_DRIVER_NL80211=y
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_WIRED=y
CONFIG_EAP_AKA=y
CONFIG_EAP_FAST=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_GTC=y
CONFIG_EAP_IKEV2=y
CONFIG_EAP_LEAP=y
CONFIG_EAP_MD5=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_OTP=y
CONFIG_EAP_PAX=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_TLS=y
CONFIG_EAP_TNC=y
CONFIG_EAP_TTLS=y
CONFIG_IBSS_RSN=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_LIBNL32=y
CONFIG_P2P=y
CONFIG_PEERKEY=y
CONFIG_PKCS12=y
CONFIG_READLINE=y
CONFIG_SMARTCARD=y
CONFIG_WPS=y

7
config/wpa_gui.desktop
View File

@ -0,0 +1,7 @@
[Desktop Entry]
Name=wpa_gui
Comment[en]=Wpa_supplicant management
Exec=wpa_gui
Icon=wpa_gui
Type=Application
Categories=Qt;Network;

BIN
config/wpa_gui.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.0 KiB

2
config/wpa_supplicant.conf
View File

@ -0,0 +1,2 @@
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=root

6
config/wpa_supplicant.logrotate
View File

@ -0,0 +1,6 @@
/var/log/wpa_supplicant.log {
missingok
notifempty
size 30k
create 0600 root root
}

BIN
doinst.sh.gz
View File

Binary file not shown.

16
patches/assoc-timeout.diff
View File

@ -0,0 +1,16 @@
diff -Nur wpa_supplicant-2.0.orig/wpa_supplicant/wpa_supplicant.c wpa_supplicant-2.0/wpa_supplicant/wpa_supplicant.c
--- wpa_supplicant-2.0.orig/wpa_supplicant/wpa_supplicant.c 2013-01-12 09:42:53.000000000 -0600
+++ wpa_supplicant-2.0/wpa_supplicant/wpa_supplicant.c 2013-05-11 14:09:34.586718122 -0500
@@ -1666,10 +1666,10 @@
if (assoc_failed) {
/* give IBSS a bit more time */
- timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
+ timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
} else if (wpa_s->conf->ap_scan == 1) {
/* give IBSS a bit more time */
- timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
+ timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 20;
}
wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
}

20
patches/dbus-service-file-args.diff
View File

@ -0,0 +1,20 @@
diff -Nur wpa_supplicant-1.0-rc3.orig/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in wpa_supplicant-1.0-rc3/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in
--- wpa_supplicant-1.0-rc3.orig/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in 2012-04-16 15:15:40.000000000 -0500
+++ wpa_supplicant-1.0-rc3/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in 2012-05-06 01:07:44.523999837 -0500
@@ -1,5 +1,5 @@
[D-BUS Service]
Name=fi.epitest.hostap.WPASupplicant
-Exec=@BINDIR@/wpa_supplicant -u
+Exec=@BINDIR@/wpa_supplicant -B -u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid
User=root
SystemdService=wpa_supplicant.service
diff -Nur wpa_supplicant-1.0-rc3.orig/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in wpa_supplicant-1.0-rc3/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
--- wpa_supplicant-1.0-rc3.orig/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in 2012-04-16 15:15:40.000000000 -0500
+++ wpa_supplicant-1.0-rc3/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in 2012-05-06 01:06:59.528589953 -0500
@@ -1,5 +1,5 @@
[D-BUS Service]
Name=fi.w1.wpa_supplicant1
-Exec=@BINDIR@/wpa_supplicant -u
+Exec=@BINDIR@/wpa_supplicant -B -u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid
User=root
SystemdService=wpa_supplicant.service

50
patches/flush-debug-output.diff
View File

@ -0,0 +1,50 @@
diff -Nur wpa_supplicant-2.0.orig/src/utils/wpa_debug.c wpa_supplicant-2.0/src/utils/wpa_debug.c
--- wpa_supplicant-2.0.orig/src/utils/wpa_debug.c 2013-01-12 09:42:53.000000000 -0600
+++ wpa_supplicant-2.0/src/utils/wpa_debug.c 2013-05-11 14:10:37.886101742 -0500
@@ -75,6 +75,7 @@
if (out_file) {
fprintf(out_file, "%ld.%06u: ", (long) tv.sec,
(unsigned int) tv.usec);
+ fflush(out_file);
} else
#endif /* CONFIG_DEBUG_FILE */
printf("%ld.%06u: ", (long) tv.sec, (unsigned int) tv.usec);
@@ -221,6 +222,7 @@
if (out_file) {
vfprintf(out_file, fmt, ap);
fprintf(out_file, "\n");
+ fflush(out_file);
} else {
#endif /* CONFIG_DEBUG_FILE */
vprintf(fmt, ap);
@@ -357,6 +359,7 @@
fprintf(out_file, " [REMOVED]");
}
fprintf(out_file, "\n");
+ fflush(out_file);
} else {
#endif /* CONFIG_DEBUG_FILE */
printf("%s - hexdump(len=%lu):", title, (unsigned long) len);
@@ -425,12 +428,14 @@
fprintf(out_file,
"%s - hexdump_ascii(len=%lu): [REMOVED]\n",
title, (unsigned long) len);
+ fflush(out_file);
return;
}
if (buf == NULL) {
fprintf(out_file,
"%s - hexdump_ascii(len=%lu): [NULL]\n",
title, (unsigned long) len);
+ fflush(out_file);
return;
}
fprintf(out_file, "%s - hexdump_ascii(len=%lu):\n",
@@ -455,6 +460,7 @@
pos += llen;
len -= llen;
}
+ fflush(out_file);
} else {
#endif /* CONFIG_DEBUG_FILE */
if (!show) {

16
patches/quiet-scan-results-message.diff
View File

@ -0,0 +1,16 @@
--- ./wpa_supplicant/events.c.orig 2017-01-05 11:29:16.968898845 -0600
+++ ./wpa_supplicant/events.c 2017-01-05 11:31:13.515907254 -0600
@@ -1555,11 +1555,11 @@
if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
wpa_s->manual_scan_use_id && wpa_s->own_scan_running &&
own_request && !(data && data->scan_info.external_scan)) {
- wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u",
+ wpa_msg_ctrl(wpa_s, MSG_DEBUG, WPA_EVENT_SCAN_RESULTS "id=%u",
wpa_s->manual_scan_id);
wpa_s->manual_scan_use_id = 0;
} else {
- wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS);
+ wpa_msg_ctrl(wpa_s, MSG_DEBUG, WPA_EVENT_SCAN_RESULTS);
}
wpas_notify_scan_results(wpa_s);

27
patches/wpa_supplicant-2.5-notify.patch
View File

@ -0,0 +1,27 @@
diff -Nur ../wpa_supplicant-2.5/wpa_supplicant/wpa_gui-qt4/wpagui.cpp ./wpa_supplicant/wpa_gui-qt4/wpagui.cpp
--- ../wpa_supplicant-2.5/wpa_supplicant/wpa_gui-qt4/wpagui.cpp 2015-09-27 21:02:05.000000000 +0200
+++ ./wpa_supplicant/wpa_gui-qt4/wpagui.cpp 2016-10-11 21:34:31.043783564 +0200
@@ -10,6 +10,7 @@
#include <windows.h>
#endif /* CONFIG_NATIVE_WINDOWS */
+#include <stdlib.h>
#include <cstdio>
#include <unistd.h>
#include <QMessageBox>
@@ -1415,13 +1416,10 @@
void WpaGui::showTrayMessage(QSystemTrayIcon::MessageIcon type, int sec,
const QString & msg)
{
- if (!QSystemTrayIcon::supportsMessages())
+ if (isVisible() || quietMode)
return;
- if (isVisible() || !tray_icon || !tray_icon->isVisible() || quietMode)
- return;
-
- tray_icon->showMessage(qAppName(), msg, type, sec * 1000);
+ system(("notify-send -a " + qAppName() + " -t " + QString::number(sec * 1000) + " '" + qAppName() + "' '" + msg + "'").toStdString().c_str());
}

15
readme.txt
View File

@ -1,15 +0,0 @@
This repo contains all my slackware modifications of the base install.
Additional packages are contained in RocketLinux and built in a non-standard manner.
This branch contains a few scripts I use, related to slackware.
- kernel.SlackBuild is capable of building a near-identical slackware kernel
- convert32pkg.sh converts a 32bit package to be installable on 64bit (by
removing everything present in the 64bit package).
It is only designed to support some packages in the official slackware iso,
because there's all kinds of packages that need special treatment,
especially for their doinst.sh scripts.
- massconvert32.sh calls convert32pkg.sh over an entire package directory
- update-repo.sh is my shitty implementation of a slackware repo generator,
that tries to generate everything as close to the official slackware repo as
possible.

18
slack-desc
View File

@ -0,0 +1,18 @@
# HOW TO EDIT THIS FILE:
# The "handy ruler" below makes it easier to edit a package description. Line
# up the first '|' above the ':' following the base package name, and the '|'
# on the right side marks the last column you can put a character in. You must
# make exactly 11 lines for the formatting to be correct. It's also
# customary to leave one space after the ':'.
|-----handy-ruler------------------------------------------------------|
wpa_supplicant: wpa_supplicant (WPA/WPA2/IEEE 802.1X Supplicant)
wpa_supplicant:
wpa_supplicant: wpa_supplicant is a WPA Supplicant for Linux with support for WPA and
wpa_supplicant: WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA
wpa_supplicant: component that is used in the client stations. It implements key
wpa_supplicant: negotiation with a WPA Authenticator and it controls the roaming and
wpa_supplicant: IEEE 802.11 authentication/association of the wlan driver.
wpa_supplicant:
wpa_supplicant: More info: http://hostap.epitest.fi/wpa_supplicant/
wpa_supplicant:
wpa_supplicant:

BIN
wpa_supplicant-2.6.tar.xz
View File

Binary file not shown.

184
wpa_supplicant.SlackBuild
View File

@ -0,0 +1,184 @@
#!/bin/sh
# Copyright 2004-2008 Eric Hameleers, Eindhoven, NL
# Copyright 2008-2015 Patrick J. Volkerding, Sebeka, MN, USA
# Permission to use, copy, modify, and distribute this software for
# any purpose with or without fee is hereby granted, provided that
# the above copyright notice and this permission notice appear in all
# copies.
#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
# -----------------------------------------------------------------------------
PKGNAM=wpa_supplicant
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-1_slack14.2}
SRCVERSION=$(printf $VERSION | tr _ -)
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
i?86) export ARCH=i586 ;;
arm*) export ARCH=arm ;;
# Unless $ARCH is already set, use uname -m for all other archs:
*) export ARCH=$( uname -m ) ;;
esac
fi
NUMJOBS=${NUMJOBS:-" -j7 "}
if [ "$ARCH" = "i586" ]; then
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "s390" ]; then
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -fPIC"
LIBDIRSUFFIX="64"
elif [ "$ARCH" = "arm" ]; then
SLKCFLAGS="-O2 -march=armv4 -mtune=xscale"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "armel" ]; then
SLKCFLAGS="-O2 -march=armv4t"
LIBDIRSUFFIX=""
else
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
fi
CWD=$(pwd)
TMP=${TMP:-/tmp}
PKG=$TMP/package-$PKGNAM
rm -rf $PKG
mkdir -p $TMP $PKG
cd $TMP
rm -rf ${PKGNAM}-${SRCVERSION}
tar xvf $CWD/${PKGNAM}-${SRCVERSION}.tar.?z* || exit 1
cd ${PKGNAM}-${SRCVERSION}
chown -R root:root .
find . \
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
-exec chmod 755 {} \; -o \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \;
zcat $CWD/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch.gz | patch -p1 || exit 1
zcat $CWD/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch.gz | patch -p1 || exit 1
zcat $CWD/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch.gz | patch -p1 || exit 1
zcat $CWD/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch.gz | patch -p1 || exit 1
zcat $CWD/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch.gz | patch -p1 || exit 1
zcat $CWD/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch.gz | patch -p1 || exit 1
zcat $CWD/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch.gz | patch -p1 || exit 1
zcat $CWD/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch.gz | patch -p1 || exit 1
# Fixup various paths in the dbus service file
cat $CWD/patches/dbus-service-file-args.diff | patch -p1 --verbose || exit 1
# Eliminate some logspam
cat $CWD/patches/quiet-scan-results-message.diff | patch -p1 --verbose || exit 1
# Apply a couple of other patches from Fedora
cat $CWD/patches/assoc-timeout.diff | patch -p1 --verbose || exit 1
cat $CWD/patches/flush-debug-output.diff | patch -p1 --verbose || exit 1
# Use notify-send for notifications
cat $CWD/patches/wpa_supplicant-2.5-notify.patch | patch -p0 --verbose || exit 1
cd wpa_supplicant
# Create the configuration file for building wpa_supplicant:
cat $CWD/config/dot.config > .config
# Build the usual binaries
CFLAGS="$SLKCFLAGS" \
make $NUMJOBS \
BINDIR=/usr/sbin \
LIBDIR=/usr/lib${LIBDIRSUFFIX} || exit 1
# Build the Qt4 GUI client
CFLAGS="$SLKCFLAGS" \
make $NUMJOBS \
wpa_gui-qt4 \
BINDIR=/usr/sbin \
LIBDIR=/usr/lib${LIBDIRSUFFIX} || exit 1
# Make sure man pages are built
make -C doc/docbook man
# This goes into the doc directory later on:
mv wpa_supplicant.conf wpa_supplicant.conf.sample
# Install binaries:
mkdir -p $PKG/usr/sbin $PKG/usr/bin
cp wpa_supplicant wpa_passphrase wpa_cli $PKG/usr/sbin/
cp wpa_gui-qt4/wpa_gui $PKG/usr/bin/
find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
| cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
# Install dbus configuration file:
mkdir -p $PKG/etc/dbus-1/system.d/
cp dbus/dbus-wpa_supplicant.conf \
$PKG/etc/dbus-1/system.d/dbus-wpa_supplicant.conf
mkdir -p $PKG/usr/share/dbus-1/system-services
install -m644 dbus/*.service $PKG/usr/share/dbus-1/system-services/
# Install a .desktop file and icon for wpa_gui:
# (converted from the wpa_gui.svg in the source)
mkdir -p $PKG/usr/share/{applications,pixmaps}
cat $CWD/config/wpa_gui.desktop > $PKG/usr/share/applications/wpa_gui.desktop
cat $CWD/config/wpa_gui.png > $PKG/usr/share/pixmaps/wpa_gui.png
# Install a logrotate config
mkdir -p $PKG/etc/logrotate.d
cat $CWD/config/wpa_supplicant.logrotate > $PKG/etc/logrotate.d/wpa_supplicant.new
# Install man pages:
for m in 5 8; do
mkdir -p $PKG/usr/man/man${m}
cp doc/docbook/*.${m} $PKG/usr/man/man${m}/
done
find $PKG/usr/man -type f -name "*.?" -exec gzip -9f {} \;
# Install a default configuration file (only readable by root):
mkdir -p $PKG/etc
cat $CWD/config/wpa_supplicant.conf > $PKG/etc/wpa_supplicant.conf.new
chmod 600 $PKG/etc/wpa_supplicant.conf.new
mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
cp -a \
ChangeLog ../COPYING README README-{P2P,WPS} examples *.txt *.sample $CWD/README.slackware \
$PKG/usr/doc/$PKGNAM-$VERSION
chown -R root:root $PKG/usr/doc/$PKGNAM-$VERSION/*
chmod -R a-w $PKG/usr/doc/$PKGNAM-$VERSION/*
# If there's a ChangeLog, installing at least part of the recent history
# is useful, but don't let it get totally out of control:
if [ -r ChangeLog ]; then
DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
touch -r ChangeLog $DOCSDIR/ChangeLog
fi
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
zcat $CWD/doinst.sh.gz >> $PKG/install/doinst.sh
cd $PKG
/sbin/makepkg -l y -c n $TMP/${PKGNAM}-${VERSION}-${ARCH}-${BUILD}.txz
Write Preview
Loading…
Cancel
Save