Wed Sep 26 21:18:33 UTC 201820180926211833

a/aaa_terminfo-6.1_20180923-x86_64-1.txz:  Upgraded.
a/eudev-3.2.6-x86_64-3.txz:  Rebuilt.
  Fixed issues with the default rules. Thanks to zuriel.
a/kernel-generic-4.14.72-x86_64-1.txz:  Upgraded.
a/kernel-huge-4.14.72-x86_64-1.txz:  Upgraded.
a/kernel-modules-4.14.72-x86_64-1.txz:  Upgraded.
ap/vim-8.1.0436-x86_64-1.txz:  Upgraded.
d/kernel-headers-4.14.72-x86-1.txz:  Upgraded.
d/re2c-1.1.1-x86_64-1.txz:  Upgraded.
k/kernel-source-4.14.72-noarch-1.txz:  Upgraded.
l/ncurses-6.1_20180923-x86_64-1.txz:  Upgraded.
n/fetchmail-6.3.26-x86_64-5.txz:  Rebuilt.
  Patched to fix certificate verification failures with OpenSSL 1.1.1.
  Thanks to Jurgen Van Ham.
n/gnutls-3.6.4-x86_64-1.txz:  Upgraded.
x/xf86-video-intel-20180906_25c9a2fc-x86_64-1.txz:  Upgraded.
xap/vim-gvim-8.1.0436-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.

4 files changed, 16 insertions, 60 deletions

diff --git a/source/n/fetchmail/fetchmail.SlackBuild b/source/n/fetchmail/fetchmail.SlackBuild
index 3b24b65b1..4129b7c25 100755
--- a/source/n/fetchmail/fetchmail.SlackBuild
+++ b/source/n/fetchmail/fetchmail.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=fetchmail
 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-4}
+BUILD=${BUILD:-5}
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
@@ -67,6 +67,9 @@ rm -rf fetchmail-$VERSION
 tar xvf $CWD/fetchmail-$VERSION.tar.xz || exit 1
 cd fetchmail-$VERSION || exit 1
 
+# Patch for OpenSSL 1.1.1 compatibility:
+zcat $CWD/fetchmail.openssl111.diff.gz | patch -p1 --verbose || exit 1
+
 # this is the sloppiest source tarball ever
 # [NOTE: *was*...  the new maintainers are much better]
 chown -R root:root .
diff --git a/source/n/fetchmail/fetchmail.openssl111.diff b/source/n/fetchmail/fetchmail.openssl111.diff
new file mode 100644
index 000000000..45516b6b4
--- /dev/null
+++ b/source/n/fetchmail/fetchmail.openssl111.diff
@@ -0,0 +1,11 @@
+--- ./socket.c.orig	2013-04-23 15:00:45.000000000 -0500
++++ ./socket.c	2018-09-26 11:56:14.957489314 -0500
+@@ -1007,6 +1007,8 @@
+         	SSL_use_RSAPrivateKey_file(_ssl_context[sock], mykey, SSL_FILETYPE_PEM);
+ 	}
+ 
++	SSL_set_tlsext_host_name(_ssl_context[sock],servercname);
++
+ 	if (SSL_set_fd(_ssl_context[sock], sock) == 0 
+ 	    || SSL_connect(_ssl_context[sock]) < 1) {
+ 		ERR_print_errors_fp(stderr);
diff --git a/source/n/gnutls/gnutls-3.6.3-backport-upstream-fixes.patch b/source/n/gnutls/gnutls-3.6.3-backport-upstream-fixes.patch
deleted file mode 100644
index a7aad333c..000000000
--- a/source/n/gnutls/gnutls-3.6.3-backport-upstream-fixes.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-diff --git a/lib/cert-cred.c b/lib/cert-cred.c
-index d3777e51f..2150e903f 100644
---- a/lib/cert-cred.c
-+++ b/lib/cert-cred.c
-@@ -387,6 +387,13 @@ static int call_legacy_cert_cb1(gnutls_session_t session,
- 	if (ret < 0)
- 		return gnutls_assert_val(ret);
- 
-+	if (st2.ncerts == 0) {
-+		*pcert_length = 0;
-+		*ocsp_length = 0;
-+		*privkey = NULL;
-+		return 0;
-+	}
-+
- 	if (st2.cert_type != GNUTLS_CRT_X509) {
- 		gnutls_assert();
- 		ret = GNUTLS_E_INVALID_REQUEST;
-@@ -503,7 +510,10 @@ void gnutls_certificate_set_retrieve_function
-      gnutls_certificate_retrieve_function * func)
- {
- 	cred->legacy_cert_cb1 = func;
--	cred->get_cert_callback3 = call_legacy_cert_cb1;
-+	if (!func)
-+		cred->get_cert_callback3 = NULL;
-+	else
-+		cred->get_cert_callback3 = call_legacy_cert_cb1;
- }
- 
- static int call_legacy_cert_cb2(gnutls_session_t session,
-@@ -578,7 +588,10 @@ void gnutls_certificate_set_retrieve_function2
-      gnutls_certificate_retrieve_function2 * func) 
- {
- 	cred->legacy_cert_cb2 = func;
--	cred->get_cert_callback3 = call_legacy_cert_cb2;
-+	if (!func)
-+		cred->get_cert_callback3 = NULL;
-+	else
-+		cred->get_cert_callback3 = call_legacy_cert_cb2;
- }
- 
- /**
-diff --git a/lib/hello_ext.c b/lib/hello_ext.c
-index a3027130a..f72afe77f 100644
---- a/lib/hello_ext.c
-+++ b/lib/hello_ext.c
-@@ -208,7 +208,7 @@ int hello_ext_parse(void *_ctx, unsigned tls_id, const uint8_t *data, unsigned d
- 
- 	if (tls_id == PRE_SHARED_KEY_TLS_ID) {
- 		ctx->seen_pre_shared_key = 1;
--	} else if (ctx->seen_pre_shared_key) {
-+	} else if (ctx->seen_pre_shared_key && session->security_parameters.entity == GNUTLS_SERVER) {
- 		/* the pre-shared key extension must always be the last one,
- 		 * draft-ietf-tls-tls13-28: 4.2.11 */
- 		return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
diff --git a/source/n/gnutls/gnutls.SlackBuild b/source/n/gnutls/gnutls.SlackBuild
index 01710af64..2a87b9698 100755
--- a/source/n/gnutls/gnutls.SlackBuild
+++ b/source/n/gnutls/gnutls.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=gnutls
 VERSION=${VERSION:-$(echo gnutls-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
@@ -81,9 +81,6 @@ find . \
   \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
   -exec chmod 644 {} \;
 
-# This patch addresses some issues with SSL/TLS breakage in 3.6.3:
-zcat $CWD/gnutls-3.6.3-backport-upstream-fixes.patch.gz | patch -p1 --verbose || exit 1
-
 # Need to reconf to find guile-2.2.x:
 autoreconf -vif