upg shadow xz
This commit is contained in:
parent
f9e3b3f51f
commit
fcff5c1b76
|
@ -7,7 +7,7 @@
|
||||||
|
|
||||||
pkgname=shadow
|
pkgname=shadow
|
||||||
pkgver=4.15.1
|
pkgver=4.15.1
|
||||||
pkgrel=01
|
pkgrel=02
|
||||||
pkgdesc="Password and account management tool suite with support for shadow files and PAM w/o systemd"
|
pkgdesc="Password and account management tool suite with support for shadow files and PAM w/o systemd"
|
||||||
url="https://github.com/shadow-maint/shadow"
|
url="https://github.com/shadow-maint/shadow"
|
||||||
depends=( glibc )
|
depends=( glibc )
|
||||||
|
@ -123,5 +123,4 @@ sha256sums=(bb5f70639a0581f9d626f227ce45b31ac137daa7c451c0f672ce14f2731a96ee #
|
||||||
c2faa81b894de452e6cd23660ad7e30a4e03d6a4eacb94ff209c6e578df05e61 # shadow.tmpfiles
|
c2faa81b894de452e6cd23660ad7e30a4e03d6a4eacb94ff209c6e578df05e61 # shadow.tmpfiles
|
||||||
2d4b7b85ea1d5cddf93c2d636a11b0e76c1f484474449bdb018e3af0fcbd93c3) # useradd.defaults
|
2d4b7b85ea1d5cddf93c2d636a11b0e76c1f484474449bdb018e3af0fcbd93c3) # useradd.defaults
|
||||||
|
|
||||||
## ec2b1c7f737af7eb4881ef01b201f1ff6cf1410980b009342bc0a5b2d0de505d shadow-4.15.1-01-x86_64.pkg.tar.lz
|
## c696c84683c9775cab6fb5fdf5dfb57d03f3f24b7f253a5f5f2b3bc17098e68a shadow-4.15.1-02-x86_64.pkg.tar.lz
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
pkgname=shadow
|
pkgname=shadow
|
||||||
pkgver=4.15.1
|
pkgver=4.15.1
|
||||||
pkgrel=1
|
pkgrel=2
|
||||||
pkgdesc="Password and account management tool suite with support for shadow files and PAM"
|
pkgdesc="Password and account management tool suite with support for shadow files and PAM"
|
||||||
arch=(x86_64)
|
arch=(x86_64)
|
||||||
url="https://github.com/shadow-maint/shadow"
|
url="https://github.com/shadow-maint/shadow"
|
||||||
|
|
120
xz/PKGBUILD
120
xz/PKGBUILD
|
@ -1,19 +1,22 @@
|
||||||
echo "DO NOT USE THIS"
|
# March 30th 2024 concerning xz 5.6.2-01 and 02 (briefly made available at sf)
|
||||||
echo "Read comments first, use arch: core/xz 5.6.1-2
|
# before the compromised xz code was announced.
|
||||||
|
#
|
||||||
Due to the uncovered back door 3/29/24
|
# Due to the uncovered back door 3/29/24
|
||||||
and according to Arch building from git was safer than from tar ball, but
|
# and according to Arch building from git was safer than from tar ball
|
||||||
they also
|
#
|
||||||
|
#
|
||||||
Both tar ball and git source at github is removed
|
# Both tar ball and git source at github is removed
|
||||||
We have copies of both but we will not use either
|
# We have copies of both but we will not use either
|
||||||
till this clears up.
|
# till this clears up.
|
||||||
|
#
|
||||||
As far as we can research ONLY when sshd was run by systemd would this
|
# As far as we can research ONLY when sshd was run by systemd would this
|
||||||
backdoor be effective, so we have nothing to worry about even if the
|
# backdoor be effective, so we have nothing to worry about even if the
|
||||||
code is in our copies of xz
|
# code is in our copies of xz
|
||||||
|
#
|
||||||
|
# --------------------------------------------------------------------------
|
||||||
|
# The following build is perceived cleaned up from what has been discovered
|
||||||
|
# ad compromised April 2nd 2024
|
||||||
|
# -------------------------------------------------------------------------
|
||||||
|
|
||||||
#!/usr/bin/bash
|
#!/usr/bin/bash
|
||||||
# JOBoRun : Jwm OpenBox Obarun RUNit
|
# JOBoRun : Jwm OpenBox Obarun RUNit
|
||||||
|
@ -24,58 +27,59 @@ code is in our copies of xz
|
||||||
|
|
||||||
pkgname=xz
|
pkgname=xz
|
||||||
pkgver=5.6.1
|
pkgver=5.6.1
|
||||||
pkgrel=02
|
pkgrel=03
|
||||||
pkgdesc='Library and command line tools for XZ and LZMA compressed files'
|
pkgdesc='Library and command line tools for XZ and LZMA compressed files'
|
||||||
#makedepends=('git' 'po4a' 'doxygen') # useless doxygen branding and some icons with the trade name
|
|
||||||
|
url='https://xz.tukaani.org/xz-utils/'
|
||||||
depends=('sh')
|
depends=('sh')
|
||||||
|
makedepends=('git' 'po4a' 'doxygen' 'automake' 'autoconf')
|
||||||
|
|
||||||
provides=('liblzma.so')
|
provides=('liblzma.so')
|
||||||
#options=('debug') ##### uncomment this to produce the debug pkg
|
#options=('debug') ##### uncomment this to produce the debug pkg
|
||||||
url='https://xz.tukaani.org/xz-utils/'
|
|
||||||
source=("https://github.com/tukaani-project/xz/releases/download/v${pkgver}/xz-${pkgver}.tar.gz"{,.sig})
|
# source=("https://github.com/tukaani-project/xz/releases/download/v${pkgver}/xz-${pkgver}.tar.gz"{,.sig})
|
||||||
#source=("git+https://github.com/tukaani-project/xz#tag=v${pkgver}")
|
# source=("git+https://github.com/tukaani-project/xz#tag=v${pkgver}")
|
||||||
# previous sources
|
# previous sources
|
||||||
# source=("https://tukaani.org/${pkgname}/${pkgname}-${pkgver}.tar.gz"{,.sig})
|
# source=("https://tukaani.org/${pkgname}/${pkgname}-${pkgver}.tar.gz"{,.sig})
|
||||||
# temporary use of unsigned mirror at SF since zoner.fi is down
|
# temporary use of unsigned mirror at SF since zoner.fi is down
|
||||||
# Sums same with arch
|
# Sums same with arch
|
||||||
#source=("xz-5.2.9.tar.gz:https://downloads.sourceforge.net/project/lzmautils/xz-5.2.9.tar.gz?ts=gAAAAABjiAaACqaAp0YyfNS0hoSgTfR8z7zafIiHfu8jZuEf9Dk3IX7wbWPwuuekp1LHnfAHvVrsFD4kpAbKm9HOsRMfAzd3CA%3D%3D&r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Flzmautils%2Ffiles%2Fxz-5.2.9.tar.gz")
|
#source=("xz-5.2.9.tar.gz:https://downloads.sourceforge.net/project/lzmautils/xz-5.2.9.tar.gz?ts=gAAAAABjiAaACqaAp0YyfNS0hoSgTfR8z7zafIiHfu8jZuEf9Dk3IX7wbWPwuuekp1LHnfAHvVrsFD4kpAbKm9HOsRMfAzd3CA%3D%3D&r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Flzmautils%2Ffiles%2Fxz-5.2.9.tar.gz")
|
||||||
## "https://tukaani.org/${pkgname}/xzgrep-ZDI-CAN-16587.patch"{,.sig})
|
## "https://tukaani.org/${pkgname}/xzgrep-ZDI-CAN-16587.patch"{,.sig})
|
||||||
|
source=("git+https://git.tukaani.org/xz.git#tag=v${pkgver}")
|
||||||
#prepare() {
|
|
||||||
## cd ${pkgname}
|
|
||||||
# cd "${srcdir}/${pkgname}-${pkgver}"
|
prepare() {
|
||||||
# ./autogen.sh
|
cd ${pkgname}
|
||||||
#}
|
# cd "${srcdir}/${pkgname}-${pkgver}"
|
||||||
|
./autogen.sh
|
||||||
|
}
|
||||||
|
|
||||||
#prepare() {
|
|
||||||
# cd "${srcdir}/${pkgname}-${pkgver}"
|
|
||||||
#
|
|
||||||
# patch -p1 -i "${srcdir}/xzgrep-ZDI-CAN-16587.patch"
|
|
||||||
#}
|
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
cd "${srcdir}/${pkgname}-${pkgver}"
|
# cd "${srcdir}/${pkgname}-${pkgver}"
|
||||||
# cd ${pkgname}
|
cd ${pkgname}
|
||||||
./configure --prefix=/usr \
|
./configure \
|
||||||
--disable-rpath \
|
--prefix=/usr \
|
||||||
--enable-werror
|
--disable-rpath \
|
||||||
|
--enable-werror
|
||||||
make
|
make
|
||||||
}
|
}
|
||||||
|
|
||||||
## Some of the reading on this indicates the code is injected by
|
## Some of the reading on this indicates the code is injected by
|
||||||
## blobs used to run the following tests
|
## blobs used to run the following tests on tarballs from github
|
||||||
#check() {
|
check() {
|
||||||
# cd "${srcdir}/${pkgname}-${pkgver}"
|
# cd "${srcdir}/${pkgname}-${pkgver}"
|
||||||
## cd ${pkgname}
|
cd ${pkgname}
|
||||||
# make check
|
make check
|
||||||
#}
|
}
|
||||||
|
|
||||||
package() {
|
package() {
|
||||||
cd "${srcdir}/${pkgname}-${pkgver}"
|
# cd "${srcdir}/${pkgname}-${pkgver}"
|
||||||
# cd ${pkgname}
|
cd ${pkgname}
|
||||||
make DESTDIR="${pkgdir}" install
|
make DESTDIR="${pkgdir}" install
|
||||||
install -d -m755 "${pkgdir}/usr/share/licenses/xz/"
|
install -d -m0755 "${pkgdir}/usr/share/licenses/xz/"
|
||||||
ln -sf /usr/share/doc/xz/COPYING "${pkgdir}/usr/share/licenses/xz/"
|
ln -sf /usr/share/doc/xz/COPYING "${pkgdir}/usr/share/licenses/xz/"
|
||||||
ln -sf /usr/share/licenses/common/GPL2/license.txt "${pkgdir}/usr/share/doc/xz/COPYING.GPLv2"
|
# ln -sf /usr/share/licenses/common/GPL2/license.txt "${pkgdir}/usr/share/doc/xz/COPYING.GPLv2"
|
||||||
}
|
}
|
||||||
|
|
||||||
#---- arch license gpg-key & sha256sums ----
|
#---- arch license gpg-key & sha256sums ----
|
||||||
|
@ -86,18 +90,24 @@ license=('GPL' 'LGPL' 'custom')
|
||||||
|
|
||||||
validpgpkeys=('3690C240CE51B4670D30AD1C38EE757D69184620') # Lasse Collin <lasse.collin@tukaani.org>
|
validpgpkeys=('3690C240CE51B4670D30AD1C38EE757D69184620') # Lasse Collin <lasse.collin@tukaani.org>
|
||||||
|
|
||||||
|
# The following checksums come from arch and from the clean git from Lasse Collin's tukaani.org server
|
||||||
|
# See arch PKGBUILD-arch for reference
|
||||||
|
#
|
||||||
|
sha256sums=('e10fa4254d5ff033c78dcbfd2866e79a762b8a719503a7c146758e590de945dc')
|
||||||
|
sha512sums=('8f4ee2e5c9b46d0917d8bdf8b172a70d02a6cf2d4d78a2e99ae942e32979b72b407809ffda2885af41e2c9d801c19eab5e4fd73888fbaf042346be957df406fc')
|
||||||
|
|
||||||
|
## 56e253f6c4eedb18672f60ab77b3f8fb685cc81cc441e8f2536e5250375b3ef8 xz-5.6.1-03-x86_64.pkg.tar.lz
|
||||||
|
|
||||||
|
|
||||||
## THIS WAS THE ATTACKER ###
|
## THIS WAS THE ATTACKER ###
|
||||||
### '22D465F2B4C173803B20C6DE59FCF207FEA7F445') # Jia Tan <jiat0218@gmail.com>
|
### '22D465F2B4C173803B20C6DE59FCF207FEA7F445') # Jia Tan <jiat0218@gmail.com>
|
||||||
### REMOVE THIS FROM YOUR KEYRING: gpg --delete-keys 22D465F2B4C173803B20C6DE59FCF207FEA7F445
|
### REMOVE THIS FROM YOUR KEYRING: gpg --delete-keys 22D465F2B4C173803B20C6DE59FCF207FEA7F445
|
||||||
|
# tarball sums github infected and so where 5.6.0.tar.gz
|
||||||
# tarball sums
|
#sha256sums=(2398f4a8e53345325f44bdd9f0cc7401bd9025d736c6d43b372f4dea77bf75b8 # xz-5.6.1.tar.gz
|
||||||
sha256sums=(2398f4a8e53345325f44bdd9f0cc7401bd9025d736c6d43b372f4dea77bf75b8 # xz-5.6.1.tar.gz
|
# 2a0745db95fee581cba776c3f68e75729d8bdc0f3db6e4453d6391894c100dac) # xz-5.6.1.tar.gz.sig
|
||||||
2a0745db95fee581cba776c3f68e75729d8bdc0f3db6e4453d6391894c100dac) # xz-5.6.1.tar.gz.sig
|
# git sums from github
|
||||||
|
|
||||||
# git sums
|
|
||||||
#sha512sums=('8f4ee2e5c9b46d0917d8bdf8b172a70d02a6cf2d4d78a2e99ae942e32979b72b407809ffda2885af41e2c9d801c19eab5e4fd73888fbaf042346be957df406fc')
|
#sha512sums=('8f4ee2e5c9b46d0917d8bdf8b172a70d02a6cf2d4d78a2e99ae942e32979b72b407809ffda2885af41e2c9d801c19eab5e4fd73888fbaf042346be957df406fc')
|
||||||
#sha256sums=(e10fa4254d5ff033c78dcbfd2866e79a762b8a719503a7c146758e590de945dc) # xz
|
#sha256sums=(e10fa4254d5ff033c78dcbfd2866e79a762b8a719503a7c146758e590de945dc) # xz
|
||||||
|
# We keep the above as reference for possible investigation of the compromised source
|
||||||
## Removed --- Use arch core/xz instead for now
|
|
||||||
## 8466a47ac4224181b2f56bbf17ef7afea38849abd1d1ffa2da3b5ae8b1e7f941 xz-5.6.1-02-x86_64.pkg.tar.lz
|
|
||||||
##
|
##
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
|
|
||||||
pkgname=xz
|
pkgname=xz
|
||||||
pkgver=5.6.1
|
pkgver=5.6.1
|
||||||
pkgrel=2
|
pkgrel=3
|
||||||
pkgdesc='Library and command line tools for XZ and LZMA compressed files'
|
pkgdesc='Library and command line tools for XZ and LZMA compressed files'
|
||||||
arch=('x86_64')
|
arch=('x86_64')
|
||||||
url='https://xz.tukaani.org/xz-utils/'
|
url='https://xz.tukaani.org/xz-utils/'
|
||||||
|
@ -11,21 +11,8 @@ license=('GPL' 'LGPL' 'custom')
|
||||||
depends=('sh')
|
depends=('sh')
|
||||||
makedepends=('git' 'po4a' 'doxygen')
|
makedepends=('git' 'po4a' 'doxygen')
|
||||||
provides=('liblzma.so')
|
provides=('liblzma.so')
|
||||||
|
validpgpkeys=('3690C240CE51B4670D30AD1C38EE757D69184620') # Lasse Collin <lasse.collin@tukaani.org>
|
||||||
|
source=("git+https://git.tukaani.org/xz.git#tag=v${pkgver}")
|
||||||
## THIS WAS THE ATTACKER ###
|
|
||||||
### '22D465F2B4C173803B20C6DE59FCF207FEA7F445') # Jia Tan <jiat0218@gmail.com>
|
|
||||||
### REMOVE THIS FROM YOUR KEYRING: gpg --delete-keys 22D465F2B4C173803B20C6DE59FCF207FEA7F445
|
|
||||||
|
|
||||||
validpgpkeys=('3690C240CE51B4670D30AD1C38EE757D69184620') # Lasse Collin <lasse.collin@tukaani.org>
|
|
||||||
### '22D465F2B4C173803B20C6DE59FCF207FEA7F445') # Jia Tan <jiat0218@gmail.com>
|
|
||||||
|
|
||||||
## THIS WAS THE ATTACKER ###
|
|
||||||
### '22D465F2B4C173803B20C6DE59FCF207FEA7F445') # Jia Tan <jiat0218@gmail.com>
|
|
||||||
### REMOVE THIS FROM YOUR KEYRING: gpg --delete-keys 22D465F2B4C173803B20C6DE59FCF207FEA7F445
|
|
||||||
|
|
||||||
|
|
||||||
source=("git+https://github.com/tukaani-project/xz#tag=v${pkgver}")
|
|
||||||
sha256sums=('e10fa4254d5ff033c78dcbfd2866e79a762b8a719503a7c146758e590de945dc')
|
sha256sums=('e10fa4254d5ff033c78dcbfd2866e79a762b8a719503a7c146758e590de945dc')
|
||||||
sha512sums=('8f4ee2e5c9b46d0917d8bdf8b172a70d02a6cf2d4d78a2e99ae942e32979b72b407809ffda2885af41e2c9d801c19eab5e4fd73888fbaf042346be957df406fc')
|
sha512sums=('8f4ee2e5c9b46d0917d8bdf8b172a70d02a6cf2d4d78a2e99ae942e32979b72b407809ffda2885af41e2c9d801c19eab5e4fd73888fbaf042346be957df406fc')
|
||||||
|
|
||||||
|
|
2
xz/clean
2
xz/clean
|
@ -1 +1 @@
|
||||||
rm -rf {src,pkg,xz*.tar.gz*,xzgrep*patch*}
|
rm -rf {src,pkg,xz*.tar.gz*,xz}
|
||||||
|
|
Loading…
Reference in New Issue