diff options
Diffstat (limited to 'libs/libsafe')
-rw-r--r-- | libs/libsafe/doinst.sh | 57 | ||||
-rw-r--r-- | libs/libsafe/doinst64.sh | 57 | ||||
-rwxr-xr-x | libs/libsafe/libsafe.SlackBuild | 74 | ||||
-rw-r--r-- | libs/libsafe/slack-desc | 19 |
4 files changed, 207 insertions, 0 deletions
diff --git a/libs/libsafe/doinst.sh b/libs/libsafe/doinst.sh new file mode 100644 index 00000000..813767b3 --- /dev/null +++ b/libs/libsafe/doinst.sh @@ -0,0 +1,57 @@ +#!/bin/sh + +# libmove sourcelib targetlib +# +# This allows you to move a new shared library into place, +# even on a running system. +libmove() { + LIBSOURCE=$1 + LIBTARGET=$2 + LIBFOO="`dirname $LIBTARGET`/libfoo.so.0.0.0" + # link duplicate of target lib so we can safely copy over it: + if [ -r $LIBTARGET ]; then + cp -a $LIBTARGET $LIBFOO + if [ -x /sbin/ldconfig ]; then + ldconfig -l $LIBFOO 2> /dev/null + fi + fi + mv $LIBSOURCE $LIBTARGET + if [ -x /sbin/ldconfig ]; then + ldconfig -l $LIBTARGET 2> /dev/null + fi + rm -f $LIBFOO +} + +# Before using libmove, try to install everything we can: +( cd lib/incoming + for file in * ; do + if [ ! -r ../$file ]; then + cp -a $file .. + fi + done ) +# Prepare the library for use with ldconfig: +if [ -x sbin/ldconfig ]; then + chroot . /sbin/ldconfig +fi + +( cd lib/incoming + for file in * ; do + libmove $file ../$file + done ) +#### Now, get rid of the temporary directory: +rm -rf lib/incoming + +# add the library to /etc/ld.so.preload: +if fgrep libsafe.so.2 etc/ld.so.preload 1> /dev/null 2> /dev/null ; then + GOOD=we_found_it +else + echo "/lib/libsafe.so.2" >> etc/ld.so.preload +fi + +# Prepare the library for use with ldconfig: +if [ -x sbin/ldconfig ]; then + chroot . /sbin/ldconfig +else # In case there's no ldconfig, make the links manually: + ( cd lib ; rm -rf libsafe.so.2 ) + ( cd lib ; ln -sf libsafe.so.2.0.9 libsafe.so.2 ) +fi diff --git a/libs/libsafe/doinst64.sh b/libs/libsafe/doinst64.sh new file mode 100644 index 00000000..a5d753a9 --- /dev/null +++ b/libs/libsafe/doinst64.sh @@ -0,0 +1,57 @@ +#!/bin/sh + +# libmove sourcelib targetlib +# +# This allows you to move a new shared library into place, +# even on a running system. +libmove() { + LIBSOURCE=$1 + LIBTARGET=$2 + LIBFOO="`dirname $LIBTARGET`/libfoo.so.0.0.0" + # link duplicate of target lib so we can safely copy over it: + if [ -r $LIBTARGET ]; then + cp -a $LIBTARGET $LIBFOO + if [ -x /sbin/ldconfig ]; then + ldconfig -l $LIBFOO 2> /dev/null + fi + fi + mv $LIBSOURCE $LIBTARGET + if [ -x /sbin/ldconfig ]; then + ldconfig -l $LIBTARGET 2> /dev/null + fi + rm -f $LIBFOO +} + +# Before using libmove, try to install everything we can: +( cd lib64/incoming + for file in * ; do + if [ ! -r ../$file ]; then + cp -a $file .. + fi + done ) +# Prepare the library for use with ldconfig: +if [ -x sbin/ldconfig ]; then + chroot . /sbin/ldconfig +fi + +( cd lib64/incoming + for file in * ; do + libmove $file ../$file + done ) +#### Now, get rid of the temporary directory: +rm -rf lib64/incoming + +# add the library to /etc/ld.so.preload: +if fgrep libsafe.so.2 etc/ld.so.preload 1> /dev/null 2> /dev/null ; then + GOOD=we_found_it +else + echo "/lib64/libsafe.so.2" >> etc/ld.so.preload +fi + +# Prepare the library for use with ldconfig: +if [ -x sbin/ldconfig ]; then + chroot . /sbin/ldconfig +else # In case there's no ldconfig, make the links manually: + ( cd lib64 ; rm -rf libsafe.so.2 ) + ( cd lib64 ; ln -sf libsafe.so.2.0.9 libsafe.so.2 ) +fi diff --git a/libs/libsafe/libsafe.SlackBuild b/libs/libsafe/libsafe.SlackBuild new file mode 100755 index 00000000..2dd83b40 --- /dev/null +++ b/libs/libsafe/libsafe.SlackBuild @@ -0,0 +1,74 @@ +#!/bin/bash +# +# got it from ftp://ftp.slackware.com/pub/slackware/slackware-10.2/extra/source/libsafe-2.0-16/libsafe.SlackBuild +# small changes by rhatto +# + +CWD="`pwd`" + +if [ -f ~/.slackbuildrc ]; then + source ~/.slackbuildrc +elif [ -f /etc/slackbuildrc ]; then + source /etc/slackbuildrc +fi + +PACKAGE="libsafe" +ARCH=${ARCH:=i486} +BUILD=${BUILD:=1rha} +TMP=${TMP:=/tmp} +VERSION=2.0.16 +SRCPKG=2.0-16 +SRC_DIR=${SRC:=$CWD} +REPOS=${REPOS:=$TMP} + +if [ "$ARCH" == "x86_64" ]; then + LIBDIR=lib64 + DOINST="doinst64.sh" +else + LIBDIR=lib + DOINST="doinst.sh" +fi + +RTOOL="wget" +SRC="$PACKAGE-$SRCPKG.tar.gz" +URL="ftp://ftp.slackware.com/pub/slackware/slackware-10.2/extra/source/libsafe-$SRCPKG/$SRC" + +SRC_DIR="$SRC_DIR/$PACKAGE" +mkdir -p $SRC_DIR + +if [ "$RTOOL" == "wget" ] && [ ! -f "$SRC_DIR/$SRC" ]; then + wget "$URL" -O "$SRC_DIR/$SRC" +fi + +TMP="$TMP/$PACKAGE" +PKG=$TMP/package-$PACKAGE +rm -rf $TMP +mkdir -p $TMP +cd $TMP + +tar xzvf $SRC_DIR/$SRC +cd libsafe-$SRCPKG + +chown -R root.root . +find . -perm 775 -exec chmod 755 {} \; +find . -perm 664 -exec chmod 644 {} \; +make || exit 32 +mkdir -p $PKG/$LIBDIR/incoming +cat src/libsafe.so.$VERSION > $PKG/$LIBDIR/incoming/libsafe.so.$VERSION +chmod 755 $PKG/$LIBDIR/incoming/libsafe.so.$VERSION +mkdir $PKG/install +cat $CWD/$DOINST > $PKG/install/doinst.sh +cat $CWD/slack-desc > $PKG/install/slack-desc +mkdir -p $PKG/usr/doc/libsafe-$VERSION +cp -a \ + COPYING ChangeLog EMAIL_NOTIFICATION INSTALL README doc \ + $PKG/usr/doc/libsafe-$VERSION +mkdir -p $PKG/usr/man/man8 +cat doc/libsafe.8 | gzip -9c > $PKG/usr/man/man8/libsafe.8.gz +cd $PKG +makepkg -l y -c n $REPOS/$PACKAGE-$VERSION-$ARCH-$BUILD.tgz + +if [ "$CLEANUP" == "yes" ]; then + rm -rf $TMP +fi + diff --git a/libs/libsafe/slack-desc b/libs/libsafe/slack-desc new file mode 100644 index 00000000..5cf1c752 --- /dev/null +++ b/libs/libsafe/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +libsafe: libsafe +libsafe: +libsafe: The libsafe library protects a process against the exploitation of +libsafe: buffer overflow vulnerabilities in process stacks and against format +libsafe: string exploits. Libsafe works with any existing pre-compiled +libsafe: executable and can be used transparently, even on a system-wide basis. +libsafe: The method intercepts all calls to library functions that are known to +libsafe: be vulnerable. Libsafe has been shown to detect several known attacks +libsafe: and can potentially prevent yet unknown attacks. Experiments indicate +libsafe: that the performance overhead of libsafe is negligible. +libsafe: |