Slackware 13.0slackware-13.0

Wed Aug 26 10:00:38 CDT 2009
Slackware 13.0 x86_64 is released as stable!  Thanks to everyone who
helped make this release possible -- see the RELEASE_NOTES for the
credits.  The ISOs are off to the replicator.  This time it will be a
6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD.
We're taking pre-orders now at store.slackware.com.  Please consider
picking up a copy to help support the project.  Once again, thanks to
the entire Slackware community for all the help testing and fixing
things and offering suggestions during this development cycle.
As always, have fun and enjoy!  -P.

9 files changed, 392 insertions, 0 deletions

diff --git a/source/n/openssl/certwatch b/source/n/openssl/certwatch
new file mode 100644
index 000000000..ac8d83403
--- /dev/null
+++ b/source/n/openssl/certwatch
@@ -0,0 +1,128 @@
+#!/bin/sh
+#
+# Will check all certificates stored in $CERTDIR for their expiration date,
+# and will display (if optional "stdout" argument is given), or mail a warning
+# message to $MAILADDR (if script is executed without any parameter
+# - unattended mode suitable for cron execution) for each particular certificate
+# that is about to expire in time less to, or equal to $DAYS after this script
+# has been executed, or if it has already expired.
+# This stupid script (C) 2006,2007 Jan Rafaj
+
+########################## CONFIGURATION SECTION BEGIN #########################
+# Note: all settings are mandatory
+# Warning will be sent if a certificate expires in time <= days given here
+DAYS=7
+# E-mail address where to send warnings
+MAILADDR=root
+# Directory with certificates to check
+CERTDIR=/etc/ssl/certs
+# Directory where to keep state files if this script isnt executed with "stdout"
+STATEDIR=/var/run
+########################### CONFIGURATION SECTION END ##########################
+
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+DAY_IN_SECS=$((60*60*24))
+DATE_CURRENT=$(date '+%s')
+
+usage()
+{
+  echo "Usage: $0 [stdout]"
+  echo
+  echo "Detailed description and configuration is embedded within the script."
+  exit 0
+}
+
+message()
+{
+  cat << EOF
+    WARNING: certificate $certfile
+    is about to expire in time equal to or less than $DAYS days from now on,
+    or has already expired - it might be a good idea to obtain/create new one.
+
+EOF
+}
+
+message_mail()
+{
+  message
+  cat << EOF
+    NOTE: This message is being sent only once.
+
+    A lock-file
+    $STATEDIR/certwatch-mailwarning-sent-$certfilebase
+    has been created, which will prevent this script from mailing you again
+    upon its subsequent executions by crond. You dont need to care about it;
+    the file will be auto-deleted as soon as you'll prolong your certificate.
+EOF
+}
+
+unset stdout
+case $# in
+  0) ;;
+  1) if   [ "$1" = "-h" -o "$1" == "--help" ]; then
+       usage
+     elif [ "$1" = "stdout" ]; then
+       stdout=1
+     else
+       usage
+     fi
+     ;;
+  *) usage ;;
+esac
+
+for dir in $STATEDIR $CERTDIR ; do
+  if [ ! -d $dir ]; then
+    echo "ERROR: directory $dir does not exist"
+    exit 1
+  fi
+done
+for binary in basename date find grep mail openssl touch ; do
+  if [ ! \( -x /usr/bin/$binary -o -x /bin/$binary \) ]; then
+    echo "ERROR: /usr/bin/$binary not found"
+    exit 1
+  fi
+done
+
+find $CERTDIR -type f -maxdepth 1 | while read certfile ; do
+  certfilebase="$(basename "$certfile")"
+  inform=PEM
+  echo "$certfile" | grep -q -i '\.net$'
+  if [ $? -eq 0 ]; then
+    # This is based purely on filename extension, so may give false results.
+    # But lets assume noone uses NET format certs today, ok?
+    continue
+  fi
+  echo "$certfile" | grep -q -i '\.der$'
+  if [ $? -eq 0 -o "$(file "$certfile" | grep ASCII)" == "" ]; then
+    inform=DER
+  fi
+  # We wont use '-checkend' since it is not properly documented (as of
+  # OpenSSL 0.9.8e).
+  DATE_CERT_EXPIRES=$(openssl x509 -in "$certfile" -inform $inform -noout -enddate | sed 's/^notAfter=//')
+  DATE_CERT_EXPIRES=$(date -d"$DATE_CERT_EXPIRES" +%s)
+  if [ $(($DATE_CERT_EXPIRES - $DATE_CURRENT)) -le $(($DAYS * $DAY_IN_SECS)) ]
+  then
+    if [ $stdout ]; then
+      message
+    else
+      if [ ! -f $STATEDIR/certwatch-mailwarning-sent-"$certfilebase" ]; then
+        subject="$0: certificate $certfile expiration warning"
+        message_mail | mail -r "certwatch@$HOSTNAME" \
+                            -s "$subject" \
+                            $MAILADDR 2>/dev/null
+        # echo "Mail about expiring certificate $certfile sent to $MAILADDR."
+        # echo "If you need to send it again, please remove lock-file"
+        # echo "$STATEDIR/certwatch-mailwarning-sent-$certfilebase ."
+        # echo
+      fi
+      touch $STATEDIR/certwatch-mailwarning-sent-"$certfilebase"
+    fi
+  else
+    if [ ! $stdout ]; then
+      if [ -f $STATEDIR/certwatch-mailwarning-sent-"$certfilebase" ]; then
+        rm $STATEDIR/certwatch-mailwarning-sent-"$certfilebase"
+      fi
+    fi
+  fi
+done
+
diff --git a/source/n/openssl/doinst.sh-openssl b/source/n/openssl/doinst.sh-openssl
new file mode 100644
index 000000000..f73c5a514
--- /dev/null
+++ b/source/n/openssl/doinst.sh-openssl
@@ -0,0 +1,15 @@
+config() {
+  NEW="$1"
+  OLD="`dirname $NEW`/`basename $NEW .new`"
+  # If there's no config file by that name, mv it over:
+  if [ ! -r $OLD ]; then
+    mv $NEW $OLD
+  elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy
+    rm $NEW
+  fi
+  # Otherwise, we leave the .new copy for the admin to consider...
+}
+config etc/ssl/openssl.cnf.new
+config etc/cron.daily/certwatch.new
+# If the admin has modified this in any way, no need to keep the sample.
+rm -f etc/cron.daily/certwatch.new
diff --git a/source/n/openssl/doinst.sh-openssl-solibs b/source/n/openssl/doinst.sh-openssl-solibs
new file mode 100644
index 000000000..ed4fdfacb
--- /dev/null
+++ b/source/n/openssl/doinst.sh-openssl-solibs
@@ -0,0 +1,12 @@
+config() {
+  NEW="$1"
+  OLD="`dirname $NEW`/`basename $NEW .new`"
+  # If there's no config file by that name, mv it over:
+  if [ ! -r $OLD ]; then
+    mv $NEW $OLD
+  elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy
+    rm $NEW
+  fi
+  # Otherwise, we leave the .new copy for the admin to consider...
+}
+config etc/ssl/openssl.cnf.new
diff --git a/source/n/openssl/openssl.SlackBuild b/source/n/openssl/openssl.SlackBuild
new file mode 100755
index 000000000..b6cb80741
--- /dev/null
+++ b/source/n/openssl/openssl.SlackBuild
@@ -0,0 +1,150 @@
+#!/bin/sh
+
+# Copyright 2000 BSDi, Inc. Concord, CA, USA
+# Copyright 2001, 2002 Slackware Linux, Inc.  Concord, CA, USA
+# Copyright 2005, 2006, 2007, 2008, 2009  Patrick J. Volkerding, Sebeka, MN, USA
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+# Set initial variables:
+CWD=$(pwd)
+TMP=${TMP:-/tmp}
+
+VERSION=${VERSION:-0.9.8k}
+ARCH=${ARCH:-x86_64}
+BUILD=${BUILD:-2}
+
+PKG1=$TMP/package-openssl
+PKG2=$TMP/package-ossllibs
+NAME1=openssl-$VERSION-$ARCH-$BUILD
+NAME2=openssl-solibs-$VERSION-$ARCH-$BUILD
+
+NUMJOBS=${NUMJOBS:--j6}
+
+# So that ls has the right field counts for parsing...
+export LC_ALL=C
+
+cd $TMP
+rm -rf $PKG1 $PKG2 openssl-$VERSION
+tar xvf $CWD/openssl-$VERSION.tar.bz2 || exit 1
+cd openssl-$VERSION
+
+# Use .so.0, not .so.0.9.8:
+zcat $CWD/openssl.soname.diff.gz | patch -p1 --backup --verbose --suffix=.orig || exit 1
+if [ "$ARCH" = "i486" ]; then
+  # Build with -march=i486 -mtune=i686:
+  zcat $CWD/openssl.optsx86.diff.gz | patch -p1 --backup --verbose --suffix=.orig || exit 1
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+  LIBDIRSUFFIX="64"
+fi
+
+# Advertise TLS extensions only on TLS handshakes, not SSL:
+zcat $CWD/openssl.no-extssl.diff.gz | patch -p1 --verbose || exit 1
+
+chown -R root:root .
+mkdir -p $PKG1/usr/doc/openssl-$VERSION
+cp -a CHANGES CHANGES.SSLeay FAQ INSTALL INSTALL.MacOS INSTALL.VMS INSTALL.W32 \
+  LICENSE NEWS README README.ENGINE doc $PKG1/usr/doc/openssl-$VERSION
+find $PKG1/usr/doc/openssl-$VERSION -type d -exec chmod 755 {} \;
+find $PKG1/usr/doc/openssl-$VERSION -type f -exec chmod 644 {} \;
+
+# These are the known patent issues with OpenSSL:
+# name   #         expires
+# MDC-2: 4,908,861  2007-03-13, included.  :-)
+# IDEA:  5,214,703  2010-05-25, not included.
+# RC5:   5,724,428  2015-03-03, not included.
+
+./config \
+ --prefix=/usr \
+ --openssldir=/etc/ssl \
+ no-idea \
+ no-rc5 \
+ no-sse2 \
+ shared
+
+make depend || exit 1
+
+make $NUMJOBS || make || exit 1
+
+make install INSTALL_PREFIX=$PKG1 || exit 1
+
+( cd $PKG1/usr; mv lib lib${LIBDIRSUFFIX} )
+
+# Add a cron script to warn root if a certificate is going to expire soon:
+mkdir -p $PKG1/etc/cron.daily
+zcat $CWD/certwatch.gz > $PKG1/etc/cron.daily/certwatch.new
+chmod 755 $PKG1/etc/cron.daily/certwatch.new
+
+mv $PKG1/etc/ssl/openssl.cnf $PKG1/etc/ssl/openssl.cnf.new
+
+( cd $PKG1
+  find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+  find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+)
+
+( cd $PKG1/usr/lib${LIBDIRSUFFIX} ; ldconfig -l * 2> /dev/null )
+( cd $PKG1/usr/lib${LIBDIRSUFFIX} ; ln -sf libcrypto.so.0 libcrypto.so )
+( cd $PKG1/usr/lib${LIBDIRSUFFIX} ; ln -sf libssl.so.0 libssl.so )
+mv $PKG1/etc/ssl/man $PKG1/usr
+( cd $PKG1/usr/man/man1 ; mv passwd.1 ssl_passwd.1 )
+( cd $PKG1/usr/man/man3 ; mv rand.3 ssl_rand.3 )
+( cd $PKG1/usr/man/man3 ; mv err.3 ssl_err.3 )
+# Compress and symlink the man pages:
+if [ -d $PKG1/usr/man ]; then
+  ( cd $PKG1/usr/man
+    for manpagedir in $(find . -type d -name "man*") ; do
+      ( cd $manpagedir
+        for eachpage in $( find . -type l -maxdepth 1) ; do
+          ln -s $( readlink $eachpage ).gz $eachpage.gz
+          rm $eachpage
+        done
+        gzip -9 *.?
+      )
+    done
+  )
+fi
+
+cd $PKG1
+chmod 755 usr/lib${LIBDIRSUFFIX}/pkgconfig
+sed -i -e "s#lib\$#lib${LIBDIRSUFFIX}#" usr/lib${LIBDIRSUFFIX}/pkgconfig/*.pc
+mkdir -p install
+zcat $CWD/doinst.sh-openssl.gz > install/doinst.sh
+cat $CWD/slack-desc.openssl > install/slack-desc
+/sbin/makepkg -l y -c n $TMP/${NAME1}.txz
+
+# Make runtime package:
+mkdir -p $PKG2/usr/lib${LIBDIRSUFFIX}
+( cd usr/lib${LIBDIRSUFFIX} ; cp -a lib*.so.*.*.* $PKG2/usr/lib${LIBDIRSUFFIX} )
+( cd $PKG2/usr/lib${LIBDIRSUFFIX} ; ldconfig -l * )
+mkdir -p $PKG2/etc
+( cd $PKG2/etc ; cp -a $PKG1/etc/ssl . )
+mkdir -p $PKG2/usr/doc/openssl-$VERSION
+( cd $TMP/openssl-$VERSION
+  cp -a CHANGES CHANGES.SSLeay FAQ INSTALL INSTALL.MacOS INSTALL.VMS INSTALL.W32 \
+  LICENSE NEWS README README.ENGINE $PKG2/usr/doc/openssl-$VERSION
+)
+find $PKG2/usr/doc/openssl-$VERSION -type d -exec chmod 755 {} \;
+find $PKG2/usr/doc/openssl-$VERSION -type f -exec chmod 644 {} \;
+cd $PKG2
+mkdir -p install
+zcat $CWD/doinst.sh-openssl-solibs.gz > install/doinst.sh
+cat $CWD/slack-desc.openssl-solibs > install/slack-desc
+/sbin/makepkg -l y -c n $TMP/${NAME2}.txz
diff --git a/source/n/openssl/openssl.no-extssl.diff b/source/n/openssl/openssl.no-extssl.diff
new file mode 100644
index 000000000..de00d0c77
--- /dev/null
+++ b/source/n/openssl/openssl.no-extssl.diff
@@ -0,0 +1,27 @@
+diff -up openssl-0.9.8g/ssl/t1_lib.c.no-extssl openssl-0.9.8g/ssl/t1_lib.c
+--- openssl-0.9.8g/ssl/t1_lib.c.no-extssl	2007-10-19 09:44:10.000000000 +0200
++++ openssl-0.9.8g/ssl/t1_lib.c	2008-08-10 21:42:11.000000000 +0200
+@@ -132,6 +132,11 @@ unsigned char *ssl_add_clienthello_tlsex
+ 	int extdatalen=0;
+ 	unsigned char *ret = p;
+ 
++	if (s->client_version != TLS1_VERSION && s->client_version != DTLS1_VERSION)
++		{
++		return ret;
++		}
++
+ 	ret+=2;
+ 
+ 	if (ret>=limit) return NULL; /* this really never occurs, but ... */
+@@ -202,6 +207,11 @@ unsigned char *ssl_add_serverhello_tlsex
+ 	int extdatalen=0;
+ 	unsigned char *ret = p;
+ 
++	if (s->version != TLS1_VERSION && s->version != DTLS1_VERSION)
++		{
++		return ret;
++		}
++
+ 	ret+=2;
+ 	if (ret>=limit) return NULL; /* this really never occurs, but ... */
+ 
diff --git a/source/n/openssl/openssl.optsx86.diff b/source/n/openssl/openssl.optsx86.diff
new file mode 100644
index 000000000..a1a289a20
--- /dev/null
+++ b/source/n/openssl/openssl.optsx86.diff
@@ -0,0 +1,11 @@
+--- ./Configure.orig	2005-08-02 03:59:42.000000000 -0700
++++ ./Configure	2005-10-12 20:04:43.000000000 -0700
+@@ -317,7 +317,7 @@
+ "linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ #### IA-32 targets...
+ "linux-ia32-icc",	"icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -mtune=i686 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+ ####
+ "linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/source/n/openssl/openssl.soname.diff b/source/n/openssl/openssl.soname.diff
new file mode 100644
index 000000000..f660e93bb
--- /dev/null
+++ b/source/n/openssl/openssl.soname.diff
@@ -0,0 +1,11 @@
+--- ./Makefile.shared.orig	2005-06-23 13:47:54.000000000 -0700
++++ ./Makefile.shared	2005-10-12 20:02:28.000000000 -0700
+@@ -151,7 +151,7 @@
+ 	SHLIB_SUFFIX=; \
+ 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
+ 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
++	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB.0"
+ 
+ DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
+ 
diff --git a/source/n/openssl/slack-desc.openssl b/source/n/openssl/slack-desc.openssl
new file mode 100644
index 000000000..57227c043
--- /dev/null
+++ b/source/n/openssl/slack-desc.openssl
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.  Line
+# up the first '|' above the ':' following the base package name, and the '|' on
+# the right side marks the last column you can put a character in.  You must make
+# exactly 11 lines for the formatting to be correct.  It's also customary to
+# leave one space after the ':'.
+
+       |-----handy-ruler------------------------------------------------------|
+openssl: openssl (Secure Sockets Layer toolkit)
+openssl:
+openssl: The OpenSSL certificate management tool and the shared libraries that
+openssl: provide various encryption and decryption algorithms and protocols.
+openssl:
+openssl: This product includes software developed by the OpenSSL Project for
+openssl: use in the OpenSSL Toolkit (http://www.openssl.org).  This product
+openssl: includes cryptographic software written by Eric Young
+openssl: (eay@cryptsoft.com).  This product includes software written by Tim
+openssl: Hudson (tjh@cryptsoft.com).
+openssl:
diff --git a/source/n/openssl/slack-desc.openssl-solibs b/source/n/openssl/slack-desc.openssl-solibs
new file mode 100644
index 000000000..f65bf12c9
--- /dev/null
+++ b/source/n/openssl/slack-desc.openssl-solibs
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.  Line
+# up the first '|' above the ':' following the base package name, and the '|' on
+# the right side marks the last column you can put a character in.  You must make
+# exactly 11 lines for the formatting to be correct.  It's also customary to
+# leave one space after the ':'.
+
+              |-----handy-ruler------------------------------------------------------|
+openssl-solibs: openssl-solibs (OpenSSL shared libraries)
+openssl-solibs:
+openssl-solibs: These shared libraries provide encryption routines required by
+openssl-solibs: programs such as openssh.  They are also used by KDE's Konqueror web
+openssl-solibs: browser to provide secure web connections.
+openssl-solibs:
+openssl-solibs: This product includes software developed by the OpenSSL Project for
+openssl-solibs: use in the OpenSSL Toolkit (http://www.openssl.org).  This product
+openssl-solibs: includes cryptographic software written by Eric Young
+openssl-solibs: (eay@cryptsoft.com).  This product includes software written by Tim
+openssl-solibs: Hudson (tjh@cryptsoft.com).