diff options
Diffstat (limited to 'source/n')
134 files changed, 3122 insertions, 1540 deletions
diff --git a/source/n/FTBFSlog b/source/n/FTBFSlog index bea9fa2dc..2ec852076 100644 --- a/source/n/FTBFSlog +++ b/source/n/FTBFSlog @@ -1,3 +1,6 @@ +Mon May 20 18:05:03 UTC 2024 + nmap: Fix build without network access. Thanks to lucabon. ++--------------------------+ Thu Dec 21 19:06:04 UTC 2023 bind: fix build without krb5. Thanks to teoberi and Windu. +--------------------------+ diff --git a/source/n/ModemManager/ModemManager.SlackBuild b/source/n/ModemManager/ModemManager.SlackBuild index c89663ad5..e634bc05e 100755 --- a/source/n/ModemManager/ModemManager.SlackBuild +++ b/source/n/ModemManager/ModemManager.SlackBuild @@ -33,7 +33,7 @@ BUILD=${BUILD:-1} if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) ARCH=i586 ;; + i?86) ARCH=i686 ;; arm*) ARCH=arm ;; *) ARCH=$( uname -m ) ;; esac @@ -53,14 +53,11 @@ TMP=${TMP:-/tmp} PKG=$TMP/package-$PKGNAM OUTPUT=${OUTPUT:-$TMP} -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i686" ]; then - SLKCFLAGS="-O2 -march=i686 -mtune=i686" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" @@ -82,41 +79,43 @@ find . \ zcat $CWD/WeDoNotHaveSystemD.patch.gz | patch -p1 --verbose || exit 1 -if [ ! -r configure ]; then - if [ -x ./autogen.sh ]; then - NOCONFIGURE=1 ./autogen.sh - else - autoreconf -vif - fi -fi - -LIBSYSTEMD_LOGIN_CFLAGS="$(pkg-config --cflags libelogind)" \ -LIBSYSTEMD_LOGIN_LIBS="$(pkg-config --libs libelogind)" \ -CFLAGS="$SLKCFLAGS -Wno-incompatible-pointer-types" \ -CXXFLAGS="$SLKCFLAGS" \ -./configure \ +# Configure, build, and install: +export CFLAGS="$SLKCFLAGS -Wno-incompatible-pointer-types" +export CXXFLAGS="$SLKCFLAGS" +mkdir meson-build +cd meson-build +meson setup \ --prefix=/usr \ - --libdir=/usr/lib${LIBDIRSUFFIX} \ + --libdir=lib${LIBDIRSUFFIX} \ + --libexecdir=/usr/libexec \ + --bindir=/usr/bin \ + --sbindir=/usr/sbin \ + --includedir=/usr/include \ + --datadir=/usr/share \ + --mandir=/usr/man \ --sysconfdir=/etc \ --localstatedir=/var \ - --with-polkit=no \ - --mandir=/usr/man \ - --disable-static \ - --docdir=/usr/doc/$PKGNAM-$VERSION \ - --with-systemd-suspend-resume \ - --build=$ARCH-slackware-linux || exit 1 - -make $NUMJOBS || exit 1 -make install DESTDIR=$PKG || exit 1 + --buildtype=release \ + -Dsystemd_suspend_resume=true \ + -Dsystemd_journal=false \ + -Dsystemdsystemunitdir=no \ + -Dpolkit=permissive \ + -Dvapi=true \ + -Dbash_completion=false \ + .. || exit 1 + "${NINJA:=ninja}" $NUMJOBS || exit 1 + DESTDIR=$PKG $NINJA install || exit 1 +cd .. + +# Install bash-completion file manually since meson is stupid about this: +mkdir -p $PKG/usr/share/bash-completion/completions +cp -a cli/mmcli-completion $PKG/usr/share/bash-completion/completions # Move dbus configs to system location: mkdir -p $PKG/usr/share/dbus-1/system.d/ mv $PKG/etc/dbus-1/system.d/* $PKG/usr/share/dbus-1/system.d/ rmdir --parents $PKG/etc/dbus-1/system.d/ -# Don't ship .la files: -rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la - find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true @@ -124,7 +123,7 @@ find $PKG/usr/man -type f -exec gzip -9 {} \+ mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION cp -a \ - AUTHORS COPYING* ChangeLog INSTALL NEWS README* \ + AUTHORS* COPYING* NEWS* README* RELEASING* \ $PKG/usr/doc/$PKGNAM-$VERSION mkdir -p $PKG/install diff --git a/source/n/NetworkManager/NetworkManager.SlackBuild b/source/n/NetworkManager/NetworkManager.SlackBuild index 7fa8d4a56..200ea0242 100755 --- a/source/n/NetworkManager/NetworkManager.SlackBuild +++ b/source/n/NetworkManager/NetworkManager.SlackBuild @@ -33,8 +33,7 @@ BUILD=${BUILD:-2} MARCH=$( uname -m ) if [ -z "$ARCH" ]; then case "$MARCH" in - i?86) export ARCH=i586 ;; - armv7hl) export ARCH=$MARCH ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$MARCH ;; @@ -55,18 +54,12 @@ TMP=${TMP:-/tmp} PKG=$TMP/package-$PKGNAM OUTPUT=${OUTPUT:-$TMP} -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i686" ]; then - SLKCFLAGS="-O2 -march=i686 -mtune=i686" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" -elif [ "$ARCH" = "armv7hl" ]; then - SLKCFLAGS="-O2 -march=armv7-a -mfpu=vfpv3-d16" - LIBDIRSUFFIX="" else SLKCFLAGS="-O2" LIBDIRSUFFIX="" diff --git a/source/n/alpine/alpine.SlackBuild b/source/n/alpine/alpine.SlackBuild index 152f25c7f..3e3f3d084 100755 --- a/source/n/alpine/alpine.SlackBuild +++ b/source/n/alpine/alpine.SlackBuild @@ -65,6 +65,9 @@ elif [ "$ARCH" = "x86_64" ]; then SLKCFLAGS="-O2 -fPIC" fi +# GCC 14 "fix": +SLKCFLAGS="$SLKCFLAGS -Wno-error=incompatible-pointer-types" + cd $TMP rm -rf alpine-${VERSION} tar xvf $CWD/alpine-$VERSION.tar.?z || exit 1 diff --git a/source/n/bind/bind.SlackBuild b/source/n/bind/bind.SlackBuild index 47a606d5b..f762314fb 100755 --- a/source/n/bind/bind.SlackBuild +++ b/source/n/bind/bind.SlackBuild @@ -29,7 +29,7 @@ BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -51,15 +51,15 @@ PKG=$TMP/package-${PKGNAM} rm -rf $PKG mkdir -p $TMP $PKG/etc/default -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" fi cd $TMP diff --git a/source/n/bluez/b94f1be656f34ea1363f5566ef63b847234c6dea.patch b/source/n/bluez/b94f1be656f34ea1363f5566ef63b847234c6dea.patch deleted file mode 100644 index 129c7b045..000000000 --- a/source/n/bluez/b94f1be656f34ea1363f5566ef63b847234c6dea.patch +++ /dev/null @@ -1,45 +0,0 @@ -From b94f1be656f34ea1363f5566ef63b847234c6dea Mon Sep 17 00:00:00 2001 -From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> -Date: Mon, 15 Apr 2024 10:48:58 -0400 -Subject: [PATCH] shared/uhid: Fix crash if bt_uhid_destroy free replay - structure - -Id replay structured has been allocated it shall be set back to NULL -after calling uhid_replay_free otherwise it may cause the following -crash: - -Invalid read of size 1 - at 0x1D8FC4: bt_uhid_record (uhid.c:116) - by 0x1D912C: uhid_read_handler (uhid.c:158) - by 0x201A64: watch_callback (io-glib.c:157) - by 0x48D4198: g_main_dispatch.lto_priv.0 (gmain.c:3344) - by 0x49333BE: UnknownInlinedFun (gmain.c:4152) - by 0x49333BE: g_main_context_iterate_unlocked.isra.0 (gmain.c:4217) - by 0x48D4DC6: g_main_loop_run (gmain.c:4419) - by 0x2020F4: mainloop_run (mainloop-glib.c:66) - by 0x20254B: mainloop_run_with_signal (mainloop-notify.c:188) - by 0x12D6D4: main (main.c:1456) - Address 0x53ae9c0 is 0 bytes inside a block of size 40 free'd - at 0x48468CF: free (vg_replace_malloc.c:985) - by 0x1D8E19: uhid_replay_free (uhid.c:68) - by 0x1D8E19: uhid_replay_free (uhid.c:59) - by 0x1D8E19: bt_uhid_destroy (uhid.c:509) - by 0x1591F5: uhid_disconnect (device.c:183) - -Fixes: https://github.com/bluez/bluez/issues/815 ---- - src/shared/uhid.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/shared/uhid.c b/src/shared/uhid.c -index c1092b707..1f071b958 100644 ---- a/src/shared/uhid.c -+++ b/src/shared/uhid.c -@@ -507,6 +507,7 @@ int bt_uhid_destroy(struct bt_uhid *uhid) - - uhid->created = false; - uhid_replay_free(uhid->replay); -+ uhid->replay = NULL; - - return err; - } diff --git a/source/n/bluez/bluez.SlackBuild b/source/n/bluez/bluez.SlackBuild index 3597c4fd4..7dc55efae 100755 --- a/source/n/bluez/bluez.SlackBuild +++ b/source/n/bluez/bluez.SlackBuild @@ -24,14 +24,14 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=bluez VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-3} +BUILD=${BUILD:-1} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -46,14 +46,11 @@ if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then exit 0 fi -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" @@ -78,8 +75,6 @@ find . \ sed -i -e 's|-lreadline|\0 -lncursesw|g' Makefile.{in,tools} -cat $CWD/b94f1be656f34ea1363f5566ef63b847234c6dea.patch | patch -p1 --verbose || exit 1 - autoreconf -vif # We're adding --enable-deprecated due to this commit: diff --git a/source/n/c-ares/c-ares.SlackBuild b/source/n/c-ares/c-ares.SlackBuild index 78ee85d79..f61641549 100755 --- a/source/n/c-ares/c-ares.SlackBuild +++ b/source/n/c-ares/c-ares.SlackBuild @@ -29,7 +29,7 @@ BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$(uname -m)" in - i?86) ARCH=i586 ;; + i?86) ARCH=i686 ;; arm*) readelf /usr/bin/file -A | grep -E -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;; # Unless $ARCH is already set, use uname -m for all other archs: *) ARCH=$(uname -m) ;; @@ -47,21 +47,12 @@ fi NUMJOBS=${NUMJOBS:-" -j $(expr $(nproc) + 1) "} -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i686" ]; then - SLKCFLAGS="-O2 -march=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" -elif [ "$ARCH" = "armv7hl" ]; then - SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16" - LIBDIRSUFFIX="" else SLKCFLAGS="-O2" LIBDIRSUFFIX="" diff --git a/source/n/ca-certificates/certdata-20240216.txt b/source/n/ca-certificates/certdata-20240830.txt index ed5e6cb17..110a81471 100644 --- a/source/n/ca-certificates/certdata-20240216.txt +++ b/source/n/ca-certificates/certdata-20240830.txt @@ -3645,7 +3645,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL \002\006\040\006\005\026\160\002 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE @@ -7252,7 +7252,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL \002\010\136\303\267\246\103\177\244\340 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE @@ -17020,8 +17020,14 @@ CKA_VALUE MULTILINE_OCTAL \155\015\277\173\327\222 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Sun Jun 30 00:00:00 2024 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\062\064\060\066\063\060\060\060\060\060\060\060\132 +END +# For Email Distrust After: Sun Jun 30 00:00:00 2024 +CKA_NSS_EMAIL_DISTRUST_AFTER MULTILINE_OCTAL +\062\064\060\066\063\060\060\060\060\060\060\060\132 +END # Trust for "GLOBALTRUST 2020" # Issuer: CN=GLOBALTRUST 2020,O=e-commerce monitoring GmbH,C=AT @@ -25359,3 +25365,885 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "FIRMAPROFESIONAL CA ROOT-A WEB" +# +# Issuer: CN=FIRMAPROFESIONAL CA ROOT-A WEB,OID.2.5.4.97=VATES-A62634068,O=Firmaprofesional SA,C=ES +# Serial Number:31:97:21:ed:af:89:42:7f:35:41:87:a1:67:56:4c:6d +# Subject: CN=FIRMAPROFESIONAL CA ROOT-A WEB,OID.2.5.4.97=VATES-A62634068,O=Firmaprofesional SA,C=ES +# Not Valid Before: Wed Apr 06 09:01:36 2022 +# Not Valid After : Sun Mar 31 09:01:36 2047 +# Fingerprint (SHA-256): BE:F2:56:DA:F2:6E:9C:69:BD:EC:16:02:35:97:98:F3:CA:F7:18:21:A0:3E:01:82:57:C5:3C:65:61:7F:3D:4A +# Fingerprint (SHA1): A8:31:11:74:A6:14:15:0D:CA:77:DD:0E:E4:0C:5D:58:FC:A0:72:A5 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "FIRMAPROFESIONAL CA ROOT-A WEB" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\156\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\034\060\032\006\003\125\004\012\014\023\106\151\162\155\141\160 +\162\157\146\145\163\151\157\156\141\154\040\123\101\061\030\060 +\026\006\003\125\004\141\014\017\126\101\124\105\123\055\101\066 +\062\066\063\064\060\066\070\061\047\060\045\006\003\125\004\003 +\014\036\106\111\122\115\101\120\122\117\106\105\123\111\117\116 +\101\114\040\103\101\040\122\117\117\124\055\101\040\127\105\102 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\156\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\034\060\032\006\003\125\004\012\014\023\106\151\162\155\141\160 +\162\157\146\145\163\151\157\156\141\154\040\123\101\061\030\060 +\026\006\003\125\004\141\014\017\126\101\124\105\123\055\101\066 +\062\066\063\064\060\066\070\061\047\060\045\006\003\125\004\003 +\014\036\106\111\122\115\101\120\122\117\106\105\123\111\117\116 +\101\114\040\103\101\040\122\117\117\124\055\101\040\127\105\102 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\061\227\041\355\257\211\102\177\065\101\207\241\147\126 +\114\155 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\172\060\202\002\000\240\003\002\001\002\002\020\061 +\227\041\355\257\211\102\177\065\101\207\241\147\126\114\155\060 +\012\006\010\052\206\110\316\075\004\003\003\060\156\061\013\060 +\011\006\003\125\004\006\023\002\105\123\061\034\060\032\006\003 +\125\004\012\014\023\106\151\162\155\141\160\162\157\146\145\163 +\151\157\156\141\154\040\123\101\061\030\060\026\006\003\125\004 +\141\014\017\126\101\124\105\123\055\101\066\062\066\063\064\060 +\066\070\061\047\060\045\006\003\125\004\003\014\036\106\111\122 +\115\101\120\122\117\106\105\123\111\117\116\101\114\040\103\101 +\040\122\117\117\124\055\101\040\127\105\102\060\036\027\015\062 +\062\060\064\060\066\060\071\060\061\063\066\132\027\015\064\067 +\060\063\063\061\060\071\060\061\063\066\132\060\156\061\013\060 +\011\006\003\125\004\006\023\002\105\123\061\034\060\032\006\003 +\125\004\012\014\023\106\151\162\155\141\160\162\157\146\145\163 +\151\157\156\141\154\040\123\101\061\030\060\026\006\003\125\004 +\141\014\017\126\101\124\105\123\055\101\066\062\066\063\064\060 +\066\070\061\047\060\045\006\003\125\004\003\014\036\106\111\122 +\115\101\120\122\117\106\105\123\111\117\116\101\114\040\103\101 +\040\122\117\117\124\055\101\040\127\105\102\060\166\060\020\006 +\007\052\206\110\316\075\002\001\006\005\053\201\004\000\042\003 +\142\000\004\107\123\352\054\021\244\167\307\052\352\363\326\137 +\173\323\004\221\134\372\210\306\042\271\203\020\142\167\204\063 +\055\351\003\210\324\340\063\367\355\167\054\112\140\352\344\157 +\255\155\264\370\114\212\244\344\037\312\352\117\070\112\056\202 +\163\053\307\146\233\012\214\100\234\174\212\366\362\071\140\262 +\336\313\354\270\344\157\352\233\135\267\123\220\030\062\125\305 +\040\267\224\243\143\060\141\060\017\006\003\125\035\023\001\001 +\377\004\005\060\003\001\001\377\060\037\006\003\125\035\043\004 +\030\060\026\200\024\223\341\103\143\134\074\235\326\047\363\122 +\354\027\262\251\257\054\367\166\370\060\035\006\003\125\035\016 +\004\026\004\024\223\341\103\143\134\074\235\326\047\363\122\354 +\027\262\251\257\054\367\166\370\060\016\006\003\125\035\017\001 +\001\377\004\004\003\002\001\006\060\012\006\010\052\206\110\316 +\075\004\003\003\003\150\000\060\145\002\060\035\174\244\173\303 +\211\165\063\341\073\251\105\277\106\351\351\241\335\311\042\026 +\267\107\021\013\330\232\272\361\310\013\160\120\123\002\221\160 +\205\131\251\036\244\346\352\043\061\240\000\002\061\000\375\342 +\370\263\257\026\271\036\163\304\226\343\301\060\031\330\176\346 +\303\227\336\034\117\270\211\057\063\353\110\017\031\367\207\106 +\135\046\220\245\205\305\271\172\224\076\207\250\275\000 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "FIRMAPROFESIONAL CA ROOT-A WEB" +# Issuer: CN=FIRMAPROFESIONAL CA ROOT-A WEB,OID.2.5.4.97=VATES-A62634068,O=Firmaprofesional SA,C=ES +# Serial Number:31:97:21:ed:af:89:42:7f:35:41:87:a1:67:56:4c:6d +# Subject: CN=FIRMAPROFESIONAL CA ROOT-A WEB,OID.2.5.4.97=VATES-A62634068,O=Firmaprofesional SA,C=ES +# Not Valid Before: Wed Apr 06 09:01:36 2022 +# Not Valid After : Sun Mar 31 09:01:36 2047 +# Fingerprint (SHA-256): BE:F2:56:DA:F2:6E:9C:69:BD:EC:16:02:35:97:98:F3:CA:F7:18:21:A0:3E:01:82:57:C5:3C:65:61:7F:3D:4A +# Fingerprint (SHA1): A8:31:11:74:A6:14:15:0D:CA:77:DD:0E:E4:0C:5D:58:FC:A0:72:A5 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "FIRMAPROFESIONAL CA ROOT-A WEB" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\250\061\021\164\246\024\025\015\312\167\335\016\344\014\135\130 +\374\240\162\245 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\202\262\255\105\000\202\260\146\143\370\137\303\147\116\316\243 +END +CKA_ISSUER MULTILINE_OCTAL +\060\156\061\013\060\011\006\003\125\004\006\023\002\105\123\061 +\034\060\032\006\003\125\004\012\014\023\106\151\162\155\141\160 +\162\157\146\145\163\151\157\156\141\154\040\123\101\061\030\060 +\026\006\003\125\004\141\014\017\126\101\124\105\123\055\101\066 +\062\066\063\064\060\066\070\061\047\060\045\006\003\125\004\003 +\014\036\106\111\122\115\101\120\122\117\106\105\123\111\117\116 +\101\114\040\103\101\040\122\117\117\124\055\101\040\127\105\102 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\061\227\041\355\257\211\102\177\065\101\207\241\147\126 +\114\155 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "TWCA CYBER Root CA" +# +# Issuer: CN=TWCA CYBER Root CA,OU=Root CA,O=TAIWAN-CA,C=TW +# Serial Number:40:01:34:8c:c2:00:00:00:00:00:00:00:01:3c:f2:c6 +# Subject: CN=TWCA CYBER Root CA,OU=Root CA,O=TAIWAN-CA,C=TW +# Not Valid Before: Tue Nov 22 06:54:29 2022 +# Not Valid After : Fri Nov 22 15:59:59 2047 +# Fingerprint (SHA-256): 3F:63:BB:28:14:BE:17:4E:C8:B6:43:9C:F0:8D:6D:56:F0:B7:C4:05:88:3A:56:48:A3:34:42:4D:6B:3E:C5:58 +# Fingerprint (SHA1): F6:B1:1C:1A:83:38:E9:7B:DB:B3:A8:C8:33:24:E0:2D:9C:7F:26:66 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "TWCA CYBER Root CA" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\120\061\013\060\011\006\003\125\004\006\023\002\124\127\061 +\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116 +\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157 +\157\164\040\103\101\061\033\060\031\006\003\125\004\003\023\022 +\124\127\103\101\040\103\131\102\105\122\040\122\157\157\164\040 +\103\101 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\120\061\013\060\011\006\003\125\004\006\023\002\124\127\061 +\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116 +\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157 +\157\164\040\103\101\061\033\060\031\006\003\125\004\003\023\022 +\124\127\103\101\040\103\131\102\105\122\040\122\157\157\164\040 +\103\101 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\100\001\064\214\302\000\000\000\000\000\000\000\001\074 +\362\306 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\215\060\202\003\165\240\003\002\001\002\002\020\100 +\001\064\214\302\000\000\000\000\000\000\000\001\074\362\306\060 +\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\120 +\061\013\060\011\006\003\125\004\006\023\002\124\127\061\022\060 +\020\006\003\125\004\012\023\011\124\101\111\127\101\116\055\103 +\101\061\020\060\016\006\003\125\004\013\023\007\122\157\157\164 +\040\103\101\061\033\060\031\006\003\125\004\003\023\022\124\127 +\103\101\040\103\131\102\105\122\040\122\157\157\164\040\103\101 +\060\036\027\015\062\062\061\061\062\062\060\066\065\064\062\071 +\132\027\015\064\067\061\061\062\062\061\065\065\071\065\071\132 +\060\120\061\013\060\011\006\003\125\004\006\023\002\124\127\061 +\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116 +\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157 +\157\164\040\103\101\061\033\060\031\006\003\125\004\003\023\022 +\124\127\103\101\040\103\131\102\105\122\040\122\157\157\164\040 +\103\101\060\202\002\042\060\015\006\011\052\206\110\206\367\015 +\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202 +\002\001\000\306\370\312\036\331\011\040\176\035\154\116\316\217 +\343\107\063\104\234\307\311\151\252\072\133\170\356\160\322\222 +\370\004\263\122\122\035\147\162\050\241\337\213\135\225\012\376 +\352\315\355\367\051\316\360\157\177\254\315\075\357\263\034\105 +\152\367\050\220\361\141\127\305\014\304\243\120\135\336\324\265 +\313\031\312\200\271\165\316\051\316\322\205\042\354\002\143\314 +\104\060\040\332\352\221\133\126\346\035\034\325\235\146\307\077 +\337\206\312\113\123\304\331\215\262\035\352\370\334\047\123\243 +\107\341\141\314\175\265\260\370\356\163\221\305\316\163\157\316 +\356\020\037\032\006\317\351\047\140\305\117\031\344\353\316\042 +\046\105\327\140\231\335\316\117\067\340\177\347\143\255\260\270 +\131\270\320\006\150\065\140\323\066\256\161\103\004\361\151\145 +\170\174\363\037\363\312\050\237\132\040\225\146\264\315\267\356 +\217\170\244\105\030\351\046\057\215\233\051\050\261\244\267\072 +\155\271\324\034\070\162\105\130\261\136\353\360\050\233\267\202 +\312\375\317\326\063\017\237\373\227\236\261\034\234\236\352\137 +\136\333\252\335\124\351\060\041\050\155\216\171\363\165\222\214 +\046\376\334\305\366\303\260\337\104\131\103\243\266\003\050\366 +\010\060\252\015\063\341\357\234\251\007\042\343\131\133\100\217 +\332\210\267\151\010\250\267\043\056\104\011\131\067\133\307\343 +\027\362\042\353\156\071\122\305\336\124\247\230\311\113\040\225 +\334\106\211\137\264\022\371\205\051\216\353\310\047\025\040\300 +\113\324\314\174\014\154\064\014\046\233\046\061\246\074\247\366 +\331\320\113\242\144\377\073\231\101\162\301\340\160\227\361\044 +\273\053\304\164\042\261\254\153\042\062\044\323\170\052\300\300 +\241\057\361\122\005\311\077\357\166\146\342\105\330\015\075\255 +\225\310\307\211\046\310\017\256\247\003\056\373\301\137\372\040 +\341\160\255\260\145\040\067\063\140\260\325\257\327\014\034\302 +\220\160\327\112\030\274\176\001\260\260\353\025\036\104\006\315 +\244\117\350\014\321\303\040\020\341\124\145\236\266\121\320\032 +\166\153\102\132\130\166\064\352\267\067\031\256\056\165\371\226 +\345\301\131\367\224\127\051\045\215\072\114\253\115\232\101\320 +\137\046\003\002\003\001\000\001\243\143\060\141\060\016\006\003 +\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003 +\125\035\023\001\001\377\004\005\060\003\001\001\377\060\037\006 +\003\125\035\043\004\030\060\026\200\024\235\205\141\024\174\301 +\142\157\227\150\344\117\067\100\341\255\340\015\126\067\060\035 +\006\003\125\035\016\004\026\004\024\235\205\141\024\174\301\142 +\157\227\150\344\117\067\100\341\255\340\015\126\067\060\015\006 +\011\052\206\110\206\367\015\001\001\014\005\000\003\202\002\001 +\000\144\217\172\304\142\016\265\210\314\270\307\206\016\241\112 +\026\315\160\013\267\247\205\013\263\166\266\017\247\377\010\213 +\013\045\317\250\324\203\165\052\270\226\210\266\373\337\055\055 +\264\151\123\041\065\127\326\211\115\163\277\151\217\160\243\141 +\314\232\333\036\232\340\040\370\154\273\233\042\235\135\204\061 +\232\054\212\335\152\241\327\050\151\312\376\166\125\172\106\147 +\353\314\103\210\026\242\003\326\271\027\370\031\154\155\043\002 +\177\361\137\320\012\051\043\073\321\252\012\355\251\027\046\124 +\012\115\302\245\115\370\305\375\270\201\317\053\054\170\243\147 +\114\251\007\232\363\337\136\373\174\365\211\315\164\227\141\020 +\152\007\053\201\132\322\216\267\347\040\321\040\156\044\250\204 +\047\241\127\254\252\125\130\057\334\331\312\372\150\004\236\355 +\104\044\371\164\100\073\043\063\253\203\132\030\046\102\266\155 +\124\265\026\140\060\154\261\240\370\270\101\240\135\111\111\322 +\145\005\072\352\376\235\141\274\206\331\277\336\323\272\072\261 +\177\176\222\064\216\311\000\156\334\230\275\334\354\200\005\255 +\002\075\337\145\355\013\003\367\367\026\204\004\061\272\223\224 +\330\362\022\370\212\343\277\102\257\247\324\315\021\027\026\310 +\102\035\024\250\102\366\322\100\206\240\117\043\312\226\105\126 +\140\006\315\267\125\001\246\001\224\145\376\156\005\011\272\264 +\244\252\342\357\130\276\275\047\126\330\357\163\161\133\104\063 +\362\232\162\352\260\136\076\156\251\122\133\354\160\155\265\207 +\217\067\136\074\214\234\316\344\360\316\014\147\101\314\316\366 +\200\253\116\314\114\126\365\301\141\131\223\264\076\246\332\270 +\067\022\237\052\062\343\213\270\041\354\303\053\145\014\357\042 +\336\210\051\073\114\327\372\376\267\341\107\276\234\076\076\203 +\373\121\135\365\150\367\056\041\205\334\277\361\132\342\174\327 +\305\344\203\301\152\353\272\200\132\336\134\055\160\166\370\310 +\345\207\207\312\240\235\241\345\042\022\047\017\104\075\035\154 +\352\324\302\213\057\157\171\253\177\120\246\304\031\247\241\172 +\267\226\371\301\037\142\132\242\103\007\100\136\046\306\254\355 +\256\160\026\305\252\312\162\212\115\260\317\001\213\003\077\156 +\327 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "TWCA CYBER Root CA" +# Issuer: CN=TWCA CYBER Root CA,OU=Root CA,O=TAIWAN-CA,C=TW +# Serial Number:40:01:34:8c:c2:00:00:00:00:00:00:00:01:3c:f2:c6 +# Subject: CN=TWCA CYBER Root CA,OU=Root CA,O=TAIWAN-CA,C=TW +# Not Valid Before: Tue Nov 22 06:54:29 2022 +# Not Valid After : Fri Nov 22 15:59:59 2047 +# Fingerprint (SHA-256): 3F:63:BB:28:14:BE:17:4E:C8:B6:43:9C:F0:8D:6D:56:F0:B7:C4:05:88:3A:56:48:A3:34:42:4D:6B:3E:C5:58 +# Fingerprint (SHA1): F6:B1:1C:1A:83:38:E9:7B:DB:B3:A8:C8:33:24:E0:2D:9C:7F:26:66 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "TWCA CYBER Root CA" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\366\261\034\032\203\070\351\173\333\263\250\310\063\044\340\055 +\234\177\046\146 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\013\063\240\227\122\225\324\251\375\273\333\156\243\125\133\121 +END +CKA_ISSUER MULTILINE_OCTAL +\060\120\061\013\060\011\006\003\125\004\006\023\002\124\127\061 +\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116 +\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157 +\157\164\040\103\101\061\033\060\031\006\003\125\004\003\023\022 +\124\127\103\101\040\103\131\102\105\122\040\122\157\157\164\040 +\103\101 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\100\001\064\214\302\000\000\000\000\000\000\000\001\074 +\362\306 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "TWCA Global Root CA G2" +# +# Issuer: CN=TWCA Global Root CA G2,OU=Root CA,O=TAIWAN-CA,C=TW +# Serial Number:40:01:34:8c:c2:00:00:00:00:00:00:00:01:97:58:f4 +# Subject: CN=TWCA Global Root CA G2,OU=Root CA,O=TAIWAN-CA,C=TW +# Not Valid Before: Tue Nov 22 06:42:21 2022 +# Not Valid After : Fri Nov 22 15:59:59 2047 +# Fingerprint (SHA-256): 3A:00:72:D4:9F:FC:04:E9:96:C5:9A:EB:75:99:1D:3C:34:0F:36:15:D6:FD:4D:CE:90:AC:0B:3D:88:EA:D4:F4 +# Fingerprint (SHA1): 73:FE:92:2F:83:63:91:FF:C8:C6:C4:DA:D6:20:2F:6B:07:2E:7F:1B +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "TWCA Global Root CA G2" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\124\061\013\060\011\006\003\125\004\006\023\002\124\127\061 +\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116 +\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157 +\157\164\040\103\101\061\037\060\035\006\003\125\004\003\023\026 +\124\127\103\101\040\107\154\157\142\141\154\040\122\157\157\164 +\040\103\101\040\107\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\124\061\013\060\011\006\003\125\004\006\023\002\124\127\061 +\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116 +\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157 +\157\164\040\103\101\061\037\060\035\006\003\125\004\003\023\026 +\124\127\103\101\040\107\154\157\142\141\154\040\122\157\157\164 +\040\103\101\040\107\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\100\001\064\214\302\000\000\000\000\000\000\000\001\227 +\130\364 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\225\060\202\003\175\240\003\002\001\002\002\020\100 +\001\064\214\302\000\000\000\000\000\000\000\001\227\130\364\060 +\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\124 +\061\013\060\011\006\003\125\004\006\023\002\124\127\061\022\060 +\020\006\003\125\004\012\023\011\124\101\111\127\101\116\055\103 +\101\061\020\060\016\006\003\125\004\013\023\007\122\157\157\164 +\040\103\101\061\037\060\035\006\003\125\004\003\023\026\124\127 +\103\101\040\107\154\157\142\141\154\040\122\157\157\164\040\103 +\101\040\107\062\060\036\027\015\062\062\061\061\062\062\060\066 +\064\062\062\061\132\027\015\064\067\061\061\062\062\061\065\065 +\071\065\071\132\060\124\061\013\060\011\006\003\125\004\006\023 +\002\124\127\061\022\060\020\006\003\125\004\012\023\011\124\101 +\111\127\101\116\055\103\101\061\020\060\016\006\003\125\004\013 +\023\007\122\157\157\164\040\103\101\061\037\060\035\006\003\125 +\004\003\023\026\124\127\103\101\040\107\154\157\142\141\154\040 +\122\157\157\164\040\103\101\040\107\062\060\202\002\042\060\015 +\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002 +\017\000\060\202\002\012\002\202\002\001\000\252\016\325\040\222 +\001\255\202\371\014\010\221\064\153\212\026\320\106\026\377\003 +\270\330\215\352\223\064\373\377\053\275\375\156\252\334\233\362 +\206\201\125\365\211\034\304\215\165\152\130\170\221\023\036\002 +\023\160\075\357\276\012\347\000\217\270\061\345\164\305\060\276 +\377\175\326\231\345\302\102\243\317\041\326\263\010\177\221\325 +\141\346\242\225\020\015\357\136\227\013\111\070\325\042\260\327 +\213\131\157\237\065\233\177\322\221\314\172\177\273\240\237\336 +\125\063\366\113\215\012\352\175\011\300\171\334\275\104\342\376 +\034\347\144\041\050\317\004\112\342\264\277\206\171\052\273\016 +\223\311\217\136\254\060\071\122\220\007\271\352\234\046\102\024 +\304\147\106\376\321\032\150\241\076\120\031\243\046\012\047\051 +\220\302\366\264\353\163\232\170\036\341\230\364\145\014\065\041 +\006\370\013\336\142\345\115\301\263\135\331\271\372\141\227\052 +\343\352\307\104\125\044\222\376\022\247\077\304\167\340\055\002 +\201\007\325\373\175\346\020\236\072\264\250\357\354\373\120\352 +\065\317\314\176\273\102\271\104\154\122\351\277\052\162\037\077 +\336\233\160\351\334\132\305\073\273\277\360\131\205\257\057\301 +\260\024\171\005\254\165\237\045\365\021\047\006\140\041\307\155 +\145\276\250\211\234\345\254\106\337\370\135\104\003\215\140\275 +\367\261\015\314\057\357\101\124\057\356\153\225\271\116\174\064 +\337\073\371\167\235\175\315\007\075\034\006\063\022\200\354\162 +\234\362\055\202\332\325\073\304\307\371\004\303\144\002\174\365 +\065\140\247\264\106\051\056\033\357\245\130\200\056\172\211\121 +\070\066\074\375\241\167\270\200\060\320\212\336\215\247\064\046 +\354\043\273\030\125\030\066\105\356\355\001\006\252\115\277\144 +\014\312\230\227\032\061\002\146\370\170\150\133\210\337\011\250 +\347\233\372\064\155\160\034\041\255\010\213\362\241\266\254\166 +\152\277\361\200\045\000\276\074\036\115\256\271\074\266\225\143 +\275\153\176\107\022\220\125\105\021\215\354\027\037\301\276\047 +\201\223\127\143\151\000\046\167\213\303\131\345\173\321\015\104 +\362\250\360\367\205\232\005\367\302\056\160\232\223\205\330\225 +\220\061\220\124\246\354\013\237\067\105\017\002\003\001\000\001 +\243\143\060\141\060\016\006\003\125\035\017\001\001\377\004\004 +\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004\005 +\060\003\001\001\377\060\037\006\003\125\035\043\004\030\060\026 +\200\024\222\214\324\066\321\133\107\123\304\161\015\204\335\144 +\052\365\066\144\100\347\060\035\006\003\125\035\016\004\026\004 +\024\222\214\324\066\321\133\107\123\304\161\015\204\335\144\052 +\365\066\144\100\347\060\015\006\011\052\206\110\206\367\015\001 +\001\014\005\000\003\202\002\001\000\045\374\113\332\220\264\332 +\165\347\101\072\201\321\246\376\240\152\363\030\161\142\152\044 +\010\213\251\172\115\311\125\316\317\020\050\056\004\031\226\005 +\317\135\002\040\052\073\263\125\077\001\315\102\315\262\167\355 +\377\165\363\174\167\333\226\245\317\214\147\006\364\244\233\162 +\366\041\111\011\230\243\062\136\167\132\143\011\357\142\103\227 +\002\070\265\352\074\030\120\150\374\131\133\331\171\324\361\344 +\126\110\023\126\330\323\161\013\136\170\224\070\021\105\372\005 +\027\365\016\165\036\142\122\141\106\272\056\031\255\206\264\210 +\017\261\120\346\100\000\064\032\225\235\223\340\121\371\324\125 +\106\351\225\074\045\206\056\227\327\001\061\030\104\354\034\140 +\351\175\151\257\062\370\227\100\045\044\266\215\032\125\074\305 +\267\367\274\006\122\073\161\060\160\076\161\027\176\361\146\004 +\136\135\274\212\061\103\246\222\035\173\124\322\245\066\213\157 +\215\326\136\332\324\303\056\035\337\071\125\140\202\060\236\047 +\377\216\200\335\143\114\246\125\065\330\320\063\251\200\155\076 +\136\235\314\250\147\200\146\372\231\127\014\122\312\031\165\260 +\070\065\125\052\201\305\214\036\126\327\137\220\362\040\330\332 +\340\146\161\351\262\170\253\147\271\044\156\153\066\162\374\157 +\215\375\177\162\071\050\147\122\221\005\037\127\145\322\243\247 +\015\141\372\241\347\325\065\106\225\311\006\207\366\060\354\062 +\121\251\254\126\300\041\116\243\024\164\005\072\274\343\277\155 +\075\116\077\136\245\244\155\051\277\204\121\165\123\216\206\032 +\365\121\160\052\015\034\116\100\341\375\243\343\245\053\147\220 +\222\307\154\256\205\277\072\233\027\025\312\234\052\223\324\115 +\071\015\274\040\010\243\215\210\154\011\015\214\256\104\041\115 +\311\161\354\330\046\327\027\236\055\021\030\074\243\042\175\270 +\047\124\277\150\310\073\102\314\217\136\116\347\334\302\305\372 +\152\104\017\215\126\210\172\337\211\204\154\240\263\076\075\361 +\145\000\011\210\352\052\353\100\316\263\135\254\062\027\256\301 +\233\351\320\301\365\111\224\335\247\316\174\132\007\353\256\040 +\234\027\060\222\151\223\162\363\232\133\161\233\376\152\337\172 +\060\151\216\263\056\333\017\054\335 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "TWCA Global Root CA G2" +# Issuer: CN=TWCA Global Root CA G2,OU=Root CA,O=TAIWAN-CA,C=TW +# Serial Number:40:01:34:8c:c2:00:00:00:00:00:00:00:01:97:58:f4 +# Subject: CN=TWCA Global Root CA G2,OU=Root CA,O=TAIWAN-CA,C=TW +# Not Valid Before: Tue Nov 22 06:42:21 2022 +# Not Valid After : Fri Nov 22 15:59:59 2047 +# Fingerprint (SHA-256): 3A:00:72:D4:9F:FC:04:E9:96:C5:9A:EB:75:99:1D:3C:34:0F:36:15:D6:FD:4D:CE:90:AC:0B:3D:88:EA:D4:F4 +# Fingerprint (SHA1): 73:FE:92:2F:83:63:91:FF:C8:C6:C4:DA:D6:20:2F:6B:07:2E:7F:1B +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "TWCA Global Root CA G2" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\163\376\222\057\203\143\221\377\310\306\304\332\326\040\057\153 +\007\056\177\033 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\023\215\135\372\031\265\346\253\144\173\020\164\160\032\043\056 +END +CKA_ISSUER MULTILINE_OCTAL +\060\124\061\013\060\011\006\003\125\004\006\023\002\124\127\061 +\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116 +\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157 +\157\164\040\103\101\061\037\060\035\006\003\125\004\003\023\026 +\124\127\103\101\040\107\154\157\142\141\154\040\122\157\157\164 +\040\103\101\040\107\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\100\001\064\214\302\000\000\000\000\000\000\000\001\227 +\130\364 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "SecureSign Root CA12" +# +# Issuer: CN=SecureSign Root CA12,O="Cybertrust Japan Co., Ltd.",C=JP +# Serial Number:66:f9:c7:c1:af:ec:c2:51:b4:ed:53:97:e6:e6:82:c3:2b:1c:90:16 +# Subject: CN=SecureSign Root CA12,O="Cybertrust Japan Co., Ltd.",C=JP +# Not Valid Before: Wed Apr 08 05:36:46 2020 +# Not Valid After : Sun Apr 08 05:36:46 2040 +# Fingerprint (SHA-256): 3F:03:4B:B5:70:4D:44:B2:D0:85:45:A0:20:57:DE:93:EB:F3:90:5F:CE:72:1A:CB:C7:30:C0:6D:DA:EE:90:4E +# Fingerprint (SHA1): 7A:22:1E:3D:DE:1B:06:AC:9E:C8:47:70:16:8E:3C:E5:F7:6B:06:F4 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "SecureSign Root CA12" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\043\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164 +\162\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040 +\114\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123 +\145\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103 +\101\061\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\043\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164 +\162\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040 +\114\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123 +\145\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103 +\101\061\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\146\371\307\301\257\354\302\121\264\355\123\227\346\346 +\202\303\053\034\220\026 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\003\162\060\202\002\132\240\003\002\001\002\002\024\146 +\371\307\301\257\354\302\121\264\355\123\227\346\346\202\303\053 +\034\220\026\060\015\006\011\052\206\110\206\367\015\001\001\013 +\005\000\060\121\061\013\060\011\006\003\125\004\006\023\002\112 +\120\061\043\060\041\006\003\125\004\012\023\032\103\171\142\145 +\162\164\162\165\163\164\040\112\141\160\141\156\040\103\157\056 +\054\040\114\164\144\056\061\035\060\033\006\003\125\004\003\023 +\024\123\145\143\165\162\145\123\151\147\156\040\122\157\157\164 +\040\103\101\061\062\060\036\027\015\062\060\060\064\060\070\060 +\065\063\066\064\066\132\027\015\064\060\060\064\060\070\060\065 +\063\066\064\066\132\060\121\061\013\060\011\006\003\125\004\006 +\023\002\112\120\061\043\060\041\006\003\125\004\012\023\032\103 +\171\142\145\162\164\162\165\163\164\040\112\141\160\141\156\040 +\103\157\056\054\040\114\164\144\056\061\035\060\033\006\003\125 +\004\003\023\024\123\145\143\165\162\145\123\151\147\156\040\122 +\157\157\164\040\103\101\061\062\060\202\001\042\060\015\006\011 +\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000 +\060\202\001\012\002\202\001\001\000\272\071\301\067\172\150\105 +\053\024\264\353\344\023\353\127\165\043\115\217\044\055\026\350 +\256\216\311\175\244\127\073\052\166\045\063\203\154\352\062\212 +\224\233\116\074\226\344\375\121\277\231\311\223\176\277\371\255 +\247\262\110\053\007\034\047\365\114\274\160\022\167\244\205\124 +\265\375\220\172\344\243\344\121\130\003\315\020\171\171\356\153 +\223\037\144\216\153\144\253\243\023\343\161\376\175\253\234\335 +\047\123\067\263\252\030\302\131\046\354\133\037\322\346\145\174 +\357\223\275\330\130\134\013\300\343\145\157\074\307\312\131\343 +\376\156\137\254\203\276\375\135\045\116\052\051\073\326\013\253 +\027\062\170\244\341\076\224\106\276\142\156\233\336\106\250\261 +\026\347\205\156\364\010\100\105\021\240\236\124\104\204\367\330 +\066\316\365\120\107\334\054\060\233\356\300\365\226\322\376\011 +\206\307\006\131\256\117\256\216\021\230\173\363\013\122\252\142 +\046\252\041\337\216\045\063\171\227\026\111\215\365\076\325\107 +\237\067\061\111\063\162\005\115\014\266\125\214\361\127\217\212 +\207\321\255\305\021\022\071\240\255\002\003\001\000\001\243\102 +\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 +\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003 +\002\001\006\060\035\006\003\125\035\016\004\026\004\024\127\064 +\363\164\317\004\113\325\045\346\361\100\266\054\114\331\055\351 +\240\255\060\015\006\011\052\206\110\206\367\015\001\001\013\005 +\000\003\202\001\001\000\076\273\333\027\026\322\362\024\001\040 +\054\070\203\113\255\276\312\205\172\232\266\233\153\246\341\374 +\245\072\254\255\264\050\072\257\327\001\203\111\053\143\242\335 +\232\144\016\230\134\157\335\216\273\212\124\042\055\112\023\363 +\256\100\103\333\117\221\267\206\032\354\000\264\101\201\244\117 +\372\152\213\210\263\166\010\162\052\111\100\303\323\303\205\211 +\230\020\245\235\157\031\267\273\317\172\145\125\333\067\353\074 +\212\162\062\227\036\232\051\076\255\215\346\243\033\155\365\165 +\032\346\260\150\271\133\242\356\151\107\047\065\241\206\231\200 +\363\063\113\341\153\244\046\303\357\164\131\154\172\242\144\266 +\036\104\303\120\340\017\071\075\251\063\361\245\363\322\275\142 +\204\254\216\034\251\315\132\275\067\073\156\012\042\264\364\025 +\347\221\130\305\072\104\323\225\050\331\300\145\351\162\312\320 +\017\275\037\263\025\331\251\343\244\107\011\236\340\313\067\373 +\375\275\227\325\276\030\032\151\242\071\201\331\032\365\253\177 +\310\343\342\147\013\235\364\014\352\124\337\322\262\257\261\042 +\361\040\337\274\104\034 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "SecureSign Root CA12" +# Issuer: CN=SecureSign Root CA12,O="Cybertrust Japan Co., Ltd.",C=JP +# Serial Number:66:f9:c7:c1:af:ec:c2:51:b4:ed:53:97:e6:e6:82:c3:2b:1c:90:16 +# Subject: CN=SecureSign Root CA12,O="Cybertrust Japan Co., Ltd.",C=JP +# Not Valid Before: Wed Apr 08 05:36:46 2020 +# Not Valid After : Sun Apr 08 05:36:46 2040 +# Fingerprint (SHA-256): 3F:03:4B:B5:70:4D:44:B2:D0:85:45:A0:20:57:DE:93:EB:F3:90:5F:CE:72:1A:CB:C7:30:C0:6D:DA:EE:90:4E +# Fingerprint (SHA1): 7A:22:1E:3D:DE:1B:06:AC:9E:C8:47:70:16:8E:3C:E5:F7:6B:06:F4 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "SecureSign Root CA12" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\172\042\036\075\336\033\006\254\236\310\107\160\026\216\074\345 +\367\153\006\364 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\306\211\312\144\102\233\142\010\111\013\036\177\351\007\075\350 +END +CKA_ISSUER MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\043\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164 +\162\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040 +\114\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123 +\145\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103 +\101\061\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\146\371\307\301\257\354\302\121\264\355\123\227\346\346 +\202\303\053\034\220\026 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "SecureSign Root CA14" +# +# Issuer: CN=SecureSign Root CA14,O="Cybertrust Japan Co., Ltd.",C=JP +# Serial Number:64:db:5a:0c:20:4e:e8:d7:29:77:c8:50:27:a2:5a:27:dd:2d:f2:cb +# Subject: CN=SecureSign Root CA14,O="Cybertrust Japan Co., Ltd.",C=JP +# Not Valid Before: Wed Apr 08 07:06:19 2020 +# Not Valid After : Sat Apr 08 07:06:19 2045 +# Fingerprint (SHA-256): 4B:00:9C:10:34:49:4F:9A:B5:6B:BA:3B:A1:D6:27:31:FC:4D:20:D8:95:5A:DC:EC:10:A9:25:60:72:61:E3:38 +# Fingerprint (SHA1): DD:50:C0:F7:79:B3:64:2E:74:A2:B8:9D:9F:D3:40:DD:BB:F0:F2:4F +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "SecureSign Root CA14" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\043\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164 +\162\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040 +\114\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123 +\145\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103 +\101\061\064 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\043\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164 +\162\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040 +\114\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123 +\145\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103 +\101\061\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\144\333\132\014\040\116\350\327\051\167\310\120\047\242 +\132\047\335\055\362\313 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\162\060\202\003\132\240\003\002\001\002\002\024\144 +\333\132\014\040\116\350\327\051\167\310\120\047\242\132\047\335 +\055\362\313\060\015\006\011\052\206\110\206\367\015\001\001\014 +\005\000\060\121\061\013\060\011\006\003\125\004\006\023\002\112 +\120\061\043\060\041\006\003\125\004\012\023\032\103\171\142\145 +\162\164\162\165\163\164\040\112\141\160\141\156\040\103\157\056 +\054\040\114\164\144\056\061\035\060\033\006\003\125\004\003\023 +\024\123\145\143\165\162\145\123\151\147\156\040\122\157\157\164 +\040\103\101\061\064\060\036\027\015\062\060\060\064\060\070\060 +\067\060\066\061\071\132\027\015\064\065\060\064\060\070\060\067 +\060\066\061\071\132\060\121\061\013\060\011\006\003\125\004\006 +\023\002\112\120\061\043\060\041\006\003\125\004\012\023\032\103 +\171\142\145\162\164\162\165\163\164\040\112\141\160\141\156\040 +\103\157\056\054\040\114\164\144\056\061\035\060\033\006\003\125 +\004\003\023\024\123\145\143\165\162\145\123\151\147\156\040\122 +\157\157\164\040\103\101\061\064\060\202\002\042\060\015\006\011 +\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000 +\060\202\002\012\002\202\002\001\000\305\322\172\241\326\212\277 +\026\061\320\230\321\072\224\374\132\270\156\042\301\142\367\247 +\012\047\357\120\366\056\261\236\150\022\360\154\044\143\071\361 +\360\337\020\306\336\267\122\040\325\122\133\102\231\236\363\240 +\276\122\037\137\314\147\155\247\056\120\242\301\227\215\266\370 +\225\365\260\272\334\235\340\276\313\337\367\070\362\107\365\246 +\232\222\225\052\142\131\120\013\242\261\065\347\145\262\141\262 +\352\222\161\151\344\051\360\117\201\201\004\074\262\245\133\324 +\305\250\131\147\173\125\034\111\253\172\235\302\347\163\115\357 +\315\011\302\304\127\022\333\001\016\043\171\011\007\073\242\350 +\374\212\317\217\300\106\044\234\070\047\340\203\235\033\240\277 +\170\025\020\353\206\116\012\132\375\337\332\054\202\176\356\312 +\366\051\341\372\161\241\367\210\150\234\234\360\215\276\017\111 +\221\330\352\072\371\375\320\150\161\333\351\265\053\116\202\222 +\157\146\037\340\360\334\114\354\312\321\352\272\164\006\371\263 +\204\220\224\321\137\216\163\031\020\135\002\345\160\245\300\020 +\320\020\174\157\305\130\111\264\260\156\232\332\175\225\365\314 +\332\002\257\270\054\175\171\217\276\103\361\371\050\050\215\011 +\103\370\010\335\153\310\213\054\044\261\215\122\007\275\170\233 +\313\312\150\262\244\335\014\114\171\140\306\231\321\223\361\060 +\032\007\323\256\042\302\352\316\361\204\011\314\340\024\156\177 +\077\176\322\202\205\254\334\251\026\116\205\240\140\313\366\234 +\327\310\263\216\355\306\233\230\165\015\125\350\137\345\225\213 +\002\244\256\103\051\050\021\244\346\022\060\001\113\165\153\036 +\146\235\171\057\245\166\057\035\100\264\155\311\175\171\010\354 +\321\152\266\135\052\262\245\146\275\153\205\364\164\126\303\365 +\347\165\122\050\054\245\377\146\107\245\324\376\376\236\124\277 +\145\176\001\326\060\217\245\066\234\242\120\034\356\070\200\001 +\110\306\307\164\364\306\254\303\100\111\026\141\164\054\257\214 +\157\065\355\173\030\000\133\066\074\234\120\015\312\222\063\020 +\361\046\111\155\337\165\044\067\202\042\327\350\226\375\025\113 +\002\226\076\007\162\225\176\253\075\114\056\327\312\360\337\340 +\130\077\055\057\004\232\070\243\001\002\003\001\000\001\243\102 +\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 +\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003 +\002\001\006\060\035\006\003\125\035\016\004\026\004\024\006\223 +\243\012\136\050\151\067\252\141\035\353\353\374\055\157\043\344 +\363\240\060\015\006\011\052\206\110\206\367\015\001\001\014\005 +\000\003\202\002\001\000\226\200\162\011\006\176\234\314\223\004 +\026\273\240\072\215\222\116\267\021\032\012\161\161\020\315\004 +\255\177\245\105\120\020\146\116\112\101\242\003\331\021\117\172 +\067\271\113\342\306\217\062\146\165\045\373\353\316\077\003\051 +\046\215\270\026\035\366\037\063\156\110\346\350\370\127\262\033 +\171\337\073\207\012\342\144\272\000\312\154\357\176\320\043\353 +\170\217\377\144\233\064\067\237\065\145\242\244\000\075\022\043 +\226\130\135\312\143\207\306\243\007\210\115\347\151\166\212\123 +\315\361\117\354\102\362\223\343\231\244\067\074\207\270\142\333 +\360\354\037\067\077\067\137\103\314\121\235\265\360\227\302\267 +\205\152\150\013\104\036\345\121\356\223\316\113\156\206\301\322 +\014\044\131\066\032\237\054\221\217\343\030\333\224\225\012\355 +\221\252\016\231\334\226\123\343\141\203\306\026\272\043\272\334 +\335\176\032\306\173\102\266\331\132\005\334\232\137\325\337\270 +\332\107\175\332\070\333\254\071\325\036\153\154\052\027\214\141 +\315\261\155\162\001\303\303\040\000\142\150\026\061\325\166\252 +\206\273\016\252\236\306\371\360\331\370\015\041\002\344\305\050 +\026\131\021\271\331\151\163\052\222\170\270\222\127\233\010\362 +\072\345\057\225\260\130\267\153\040\024\155\024\357\012\274\176 +\330\125\330\210\332\057\372\031\245\373\213\340\177\071\365\162 +\053\205\304\054\254\357\031\105\222\114\263\141\007\334\115\037 +\156\322\201\023\134\232\363\022\147\203\317\233\077\213\237\235 +\244\271\250\226\003\172\305\356\040\336\063\332\057\236\032\172 +\164\036\341\356\314\132\072\004\335\263\032\004\250\024\143\254 +\267\107\022\203\232\154\365\346\351\025\025\221\032\204\031\016 +\224\104\347\022\216\045\133\200\147\031\334\143\223\020\013\145 +\056\212\372\011\232\116\332\206\050\175\252\141\065\330\016\247 +\050\032\273\122\340\170\370\154\272\154\260\156\271\207\136\351 +\231\065\067\361\075\144\053\251\240\064\223\317\143\057\325\201 +\337\256\143\047\245\036\116\215\334\051\170\131\370\371\241\040 +\214\247\046\100\156\202\162\315\170\262\310\217\074\036\163\347 +\301\037\277\317\316\245\052\233\333\104\144\062\240\273\177\134 +\045\023\110\265\177\222 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "SecureSign Root CA14" +# Issuer: CN=SecureSign Root CA14,O="Cybertrust Japan Co., Ltd.",C=JP +# Serial Number:64:db:5a:0c:20:4e:e8:d7:29:77:c8:50:27:a2:5a:27:dd:2d:f2:cb +# Subject: CN=SecureSign Root CA14,O="Cybertrust Japan Co., Ltd.",C=JP +# Not Valid Before: Wed Apr 08 07:06:19 2020 +# Not Valid After : Sat Apr 08 07:06:19 2045 +# Fingerprint (SHA-256): 4B:00:9C:10:34:49:4F:9A:B5:6B:BA:3B:A1:D6:27:31:FC:4D:20:D8:95:5A:DC:EC:10:A9:25:60:72:61:E3:38 +# Fingerprint (SHA1): DD:50:C0:F7:79:B3:64:2E:74:A2:B8:9D:9F:D3:40:DD:BB:F0:F2:4F +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "SecureSign Root CA14" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\335\120\300\367\171\263\144\056\164\242\270\235\237\323\100\335 +\273\360\362\117 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\161\015\162\372\222\031\145\136\211\004\254\026\063\360\274\325 +END +CKA_ISSUER MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\043\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164 +\162\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040 +\114\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123 +\145\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103 +\101\061\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\144\333\132\014\040\116\350\327\051\167\310\120\047\242 +\132\047\335\055\362\313 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "SecureSign Root CA15" +# +# Issuer: CN=SecureSign Root CA15,O="Cybertrust Japan Co., Ltd.",C=JP +# Serial Number:16:15:c7:c3:d8:49:a7:be:69:0c:8a:88:ed:f0:70:f9:dd:b7:3e:87 +# Subject: CN=SecureSign Root CA15,O="Cybertrust Japan Co., Ltd.",C=JP +# Not Valid Before: Wed Apr 08 08:32:56 2020 +# Not Valid After : Sat Apr 08 08:32:56 2045 +# Fingerprint (SHA-256): E7:78:F0:F0:95:FE:84:37:29:CD:1A:00:82:17:9E:53:14:A9:C2:91:44:28:05:E1:FB:1D:8F:B6:B8:88:6C:3A +# Fingerprint (SHA1): CB:BA:83:C8:C1:5A:5D:F1:F9:73:6F:CA:D7:EF:28:13:06:4A:07:7D +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "SecureSign Root CA15" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\043\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164 +\162\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040 +\114\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123 +\145\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103 +\101\061\065 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\043\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164 +\162\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040 +\114\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123 +\145\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103 +\101\061\065 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\026\025\307\303\330\111\247\276\151\014\212\210\355\360 +\160\371\335\267\076\207 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\043\060\202\001\251\240\003\002\001\002\002\024\026 +\025\307\303\330\111\247\276\151\014\212\210\355\360\160\371\335 +\267\076\207\060\012\006\010\052\206\110\316\075\004\003\003\060 +\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061\043 +\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164\162 +\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040\114 +\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123\145 +\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103\101 +\061\065\060\036\027\015\062\060\060\064\060\070\060\070\063\062 +\065\066\132\027\015\064\065\060\064\060\070\060\070\063\062\065 +\066\132\060\121\061\013\060\011\006\003\125\004\006\023\002\112 +\120\061\043\060\041\006\003\125\004\012\023\032\103\171\142\145 +\162\164\162\165\163\164\040\112\141\160\141\156\040\103\157\056 +\054\040\114\164\144\056\061\035\060\033\006\003\125\004\003\023 +\024\123\145\143\165\162\145\123\151\147\156\040\122\157\157\164 +\040\103\101\061\065\060\166\060\020\006\007\052\206\110\316\075 +\002\001\006\005\053\201\004\000\042\003\142\000\004\013\120\164 +\215\144\062\231\231\263\322\140\010\270\042\216\106\164\054\170 +\300\053\104\055\155\137\035\311\256\113\122\040\203\075\270\024 +\155\123\207\140\236\137\154\205\333\006\024\225\340\307\050\377 +\235\137\344\252\361\263\213\155\355\117\057\113\311\112\224\221 +\144\165\376\001\354\301\330\353\172\224\170\126\030\103\137\153 +\201\313\366\274\332\264\014\266\051\223\010\151\217\243\102\060 +\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 +\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\006\060\035\006\003\125\035\016\004\026\004\024\353\101\310 +\256\374\325\236\121\110\365\275\213\364\207\040\223\101\053\323 +\364\060\012\006\010\052\206\110\316\075\004\003\003\003\150\000 +\060\145\002\061\000\331\056\211\176\136\116\244\021\007\275\131 +\302\007\336\253\062\070\123\052\106\104\006\027\172\316\121\351 +\340\377\146\055\011\116\340\117\364\005\321\205\366\065\140\334 +\365\162\263\106\175\002\060\104\230\106\032\202\205\036\141\151 +\211\113\007\113\146\265\236\252\272\240\036\101\331\001\164\072 +\156\105\072\211\200\031\173\062\230\125\143\253\353\143\156\223 +\155\253\033\011\140\061\116 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "SecureSign Root CA15" +# Issuer: CN=SecureSign Root CA15,O="Cybertrust Japan Co., Ltd.",C=JP +# Serial Number:16:15:c7:c3:d8:49:a7:be:69:0c:8a:88:ed:f0:70:f9:dd:b7:3e:87 +# Subject: CN=SecureSign Root CA15,O="Cybertrust Japan Co., Ltd.",C=JP +# Not Valid Before: Wed Apr 08 08:32:56 2020 +# Not Valid After : Sat Apr 08 08:32:56 2045 +# Fingerprint (SHA-256): E7:78:F0:F0:95:FE:84:37:29:CD:1A:00:82:17:9E:53:14:A9:C2:91:44:28:05:E1:FB:1D:8F:B6:B8:88:6C:3A +# Fingerprint (SHA1): CB:BA:83:C8:C1:5A:5D:F1:F9:73:6F:CA:D7:EF:28:13:06:4A:07:7D +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "SecureSign Root CA15" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\313\272\203\310\301\132\135\361\371\163\157\312\327\357\050\023 +\006\112\007\175 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\023\060\374\304\142\246\251\336\265\301\150\257\265\322\061\107 +END +CKA_ISSUER MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\043\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164 +\162\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040 +\114\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123 +\145\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103 +\101\061\065 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\026\025\307\303\330\111\247\276\151\014\212\210\355\360 +\160\371\335\267\076\207 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE diff --git a/source/n/curl/curl.SlackBuild b/source/n/curl/curl.SlackBuild index 94649e0dc..42a4673d0 100755 --- a/source/n/curl/curl.SlackBuild +++ b/source/n/curl/curl.SlackBuild @@ -29,7 +29,7 @@ BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -52,14 +52,11 @@ PKG=$TMP/package-curl # Set this variable to "--without-ssl" to build a no-SSL version: SSLOPT=${SSLOPT:-"--with-openssl"} -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" @@ -91,6 +88,9 @@ CFLAGS="$SLKCFLAGS" \ --enable-static=no \ --without-ca-bundle \ --with-ca-path=/etc/ssl/certs \ + --with-nghttp2=/usr \ + --with-nghttp3=/usr \ + --with-openssl-quic \ $SSLOPT || exit 1 make $NUMJOBS || make || exit 1 diff --git a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild index 89bbf6b5e..e2e628721 100755 --- a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild +++ b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild @@ -63,6 +63,9 @@ else LIBDIRSUFFIX="" fi +# GCC 14 "fix": +SLKCFLAGS="$SLKCFLAGS -Wno-error=implicit-function-declaration" + rm -rf $PKG mkdir -p $TMP $PKG cd $TMP diff --git a/source/n/dhcpcd/dhcpcd.SlackBuild b/source/n/dhcpcd/dhcpcd.SlackBuild index 82a9b44fb..780ad7495 100755 --- a/source/n/dhcpcd/dhcpcd.SlackBuild +++ b/source/n/dhcpcd/dhcpcd.SlackBuild @@ -37,7 +37,7 @@ NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -55,14 +55,11 @@ fi TMP=${TMP:-/tmp} PKG=$TMP/package-dhcpcd -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" diff --git a/source/n/dovecot/dovecot.SlackBuild b/source/n/dovecot/dovecot.SlackBuild index 7993a195e..76ef90147 100755 --- a/source/n/dovecot/dovecot.SlackBuild +++ b/source/n/dovecot/dovecot.SlackBuild @@ -26,11 +26,11 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=dovecot VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) ARCH=i586 ;; + i?86) ARCH=i686 ;; arm*) ARCH=arm ;; *) ARCH=$( uname -m ) ;; esac @@ -49,21 +49,12 @@ NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} TMP=${TMP:-/tmp} PKG=$TMP/package-$PKGNAM -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i686" ]; then - SLKCFLAGS="-O2 -march=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" -elif [ "$ARCH" = "armv7hl" ]; then - SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16" - LIBDIRSUFFIX="" else SLKCFLAGS="-O2" LIBDIRSUFFIX="" diff --git a/source/n/dovecot/dovecot.url b/source/n/dovecot/dovecot.url index 65afd7518..cbbe71a25 100644 --- a/source/n/dovecot/dovecot.url +++ b/source/n/dovecot/dovecot.url @@ -1 +1 @@ -https://dovecot.org/releases +https://dovecot.org/releases/2.3 diff --git a/source/n/elm/config.sh b/source/n/elm/config.sh index 52bca7a95..1db7ecca3 100644 --- a/source/n/elm/config.sh +++ b/source/n/elm/config.sh @@ -257,7 +257,7 @@ small='' medium='' large='' huge='' -optimize='-O' +optimize='-O -Wno-error=implicit-function-declaration -Wno-error=implicit-int -Wno-error=return-mismatch' ccflags='' cppflags='' ldflags='' diff --git a/source/n/epic5/epic5.SlackBuild b/source/n/epic5/epic5.SlackBuild index a7888aa28..282e62038 100755 --- a/source/n/epic5/epic5.SlackBuild +++ b/source/n/epic5/epic5.SlackBuild @@ -26,7 +26,7 @@ PKGNAM=epic5 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} EPICVER=5 HELPFILE=current -BUILD=${BUILD:-8} +BUILD=${BUILD:-1} ## Default to no Ruby support, since it seems that ruby-2.7.0 is not compatible. ## Patches to fix this are welcome, otherwise we'll keep an eye on upstream. @@ -36,7 +36,7 @@ BUILD=${BUILD:-8} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -53,14 +53,11 @@ fi NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" diff --git a/source/n/fetchmail/fetchmail.SlackBuild b/source/n/fetchmail/fetchmail.SlackBuild index 13530b769..7ab06d0f6 100755 --- a/source/n/fetchmail/fetchmail.SlackBuild +++ b/source/n/fetchmail/fetchmail.SlackBuild @@ -24,12 +24,12 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=fetchmail VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -44,12 +44,12 @@ if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then exit 0 fi -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" elif [ "$ARCH" = "s390" ]; then SLKCFLAGS="-O2" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" else SLKCFLAGS="-O2" fi diff --git a/source/n/getmail/getmail.SlackBuild b/source/n/getmail/getmail.SlackBuild index 47daff253..cf01bdb44 100755 --- a/source/n/getmail/getmail.SlackBuild +++ b/source/n/getmail/getmail.SlackBuild @@ -24,12 +24,12 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=getmail VERSION=${VERSION:-$(echo getmail6-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; diff --git a/source/n/gnupg2/doinst.sh b/source/n/gnupg2/doinst.sh index a9920d0ca..5a078703b 100644 --- a/source/n/gnupg2/doinst.sh +++ b/source/n/gnupg2/doinst.sh @@ -2,3 +2,7 @@ if [ ! -e usr/bin/gpg ]; then ln -sf gpg2 usr/bin/gpg fi +# If there's no /usr/bin/gpgv, claim it: +if [ ! -e usr/bin/gpgv ]; then + ln -sf gpgv2 usr/bin/gpgv +fi diff --git a/source/n/gnupg2/gnupg2.SlackBuild b/source/n/gnupg2/gnupg2.SlackBuild index 797a58b24..03b713e07 100755 --- a/source/n/gnupg2/gnupg2.SlackBuild +++ b/source/n/gnupg2/gnupg2.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=gnupg2 VERSION=${VERSION:-$(echo gnupg-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} diff --git a/source/n/gnutls/1830.patch b/source/n/gnutls/1830.patch deleted file mode 100644 index d3271fb1d..000000000 --- a/source/n/gnutls/1830.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 6eec2a3854f90bfb30492d59db59c675bfb0f6f9 Mon Sep 17 00:00:00 2001 -From: Zoltan Fridrich <zfridric@redhat.com> -Date: Wed, 10 Apr 2024 12:51:33 +0200 -Subject: [PATCH] Fix RSAES-PKCS1-v1_5 system-wide configuration - -Signed-off-by: Zoltan Fridrich <zfridric@redhat.com> ---- - lib/priority.c | 12 ++++++---- - ...system-override-allow-rsa-pkcs1-encrypt.sh | 22 +++++++++++++++++-- - 2 files changed, 28 insertions(+), 6 deletions(-) - -diff --git a/lib/priority.c b/lib/priority.c -index 8abe00d1ff..342f71471d 100644 ---- a/lib/priority.c -+++ b/lib/priority.c -@@ -1423,9 +1423,6 @@ static inline int cfg_apply(struct cfg *cfg, struct ini_ctx *ctx) - _gnutls_default_priority_string = cfg->default_priority_string; - } - -- /* enable RSA-PKCS1-V1_5 by default */ -- cfg->allow_rsa_pkcs1_encrypt = true; -- - if (cfg->allowlisting) { - /* also updates `flags` of global `hash_algorithms[]` */ - ret = cfg_hashes_set_array(cfg, ctx->hashes, ctx->hashes_size); -@@ -2231,6 +2228,9 @@ static int _gnutls_update_system_priorities(bool defer_system_wide) - } - - if (stat(system_priority_file, &sb) < 0) { -+ /* if there is no config enable RSA-PKCS1-V1_5 by default */ -+ system_wide_config.allow_rsa_pkcs1_encrypt = true; -+ - _gnutls_debug_log("cfg: unable to access: %s: %d\n", - system_priority_file, errno); - goto out; -@@ -2272,12 +2272,16 @@ static int _gnutls_update_system_priorities(bool defer_system_wide) - system_priority_file, errno); - goto out; - } -+ -+ memset(&ctx, 0, sizeof(ctx)); -+ /* enable RSA-PKCS1-V1_5 by default */ -+ ctx.cfg.allow_rsa_pkcs1_encrypt = true; -+ - /* Parsing the configuration file needs to be done in 2 phases: - * first parsing the [global] section - * and then the other sections, - * because the [global] section modifies the parsing behavior. - */ -- memset(&ctx, 0, sizeof(ctx)); - err = ini_parse_file(fp, global_ini_handler, &ctx); - if (!err) { - if (fseek(fp, 0L, SEEK_SET) < 0) { -diff --git a/tests/system-override-allow-rsa-pkcs1-encrypt.sh b/tests/system-override-allow-rsa-pkcs1-encrypt.sh -index b7d477c96e..014088bd2f 100755 ---- a/tests/system-override-allow-rsa-pkcs1-encrypt.sh -+++ b/tests/system-override-allow-rsa-pkcs1-encrypt.sh -@@ -38,15 +38,33 @@ cat <<_EOF_ > ${CONF} - allow-rsa-pkcs1-encrypt = true - _EOF_ - --${TEST} && fail "RSAES-PKCS1-v1_5 expected to succeed" -+${TEST} -+if [ $? != 0 ]; then -+ echo "${TEST} expected to succeed" -+ exit 1 -+fi -+echo "RSAES-PKCS1-v1_5 successfully enabled" - - cat <<_EOF_ > ${CONF} - [overrides] - allow-rsa-pkcs1-encrypt = false - _EOF_ - --${TEST} || fail "RSAES-PKCS1-v1_5 expected to fail" -+${TEST} -+if [ $? = 0 ]; then -+ echo "${TEST} expected to fail" -+ exit 1 -+fi -+echo "RSAES-PKCS1-v1_5 successfully disabled" - - unset GNUTLS_SYSTEM_PRIORITY_FILE - unset GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID -+ -+${TEST} -+if [ $? != 0 ]; then -+ echo "${TEST} expected to succeed by default" -+ exit 1 -+fi -+echo "RSAES-PKCS1-v1_5 successfully enabled by default" -+ - exit 0 --- -GitLab - diff --git a/source/n/gnutls/gnutls.SlackBuild b/source/n/gnutls/gnutls.SlackBuild index 154b283fa..cc640a485 100755 --- a/source/n/gnutls/gnutls.SlackBuild +++ b/source/n/gnutls/gnutls.SlackBuild @@ -24,12 +24,12 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=gnutls VERSION=${VERSION:-$(echo gnutls-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -46,14 +46,11 @@ fi NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" @@ -71,6 +68,7 @@ mkdir -p $TMP $PKG cd $TMP rm -rf $PKGNAM-$VERSION +rm -rf $(echo $PKGNAM-$VERSION | rev | cut -f2- -d . | rev) tar xvf $CWD/$PKGNAM-$VERSION.tar.xz || exit 1 cd $PKGNAM-$VERSION || cd $(echo $PKGNAM-$VERSION | rev | cut -f2- -d . | rev) || exit 1 @@ -81,9 +79,6 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ -# [PATCH] Fix RSAES-PKCS1-v1_5 system-wide configuration: -cat $CWD/1830.patch | patch -p1 --verbose || exit 1 - # Need to reconf to find guile-3.0.x: autoreconf -vif diff --git a/source/n/htdig/CVE-2007-6110.patch b/source/n/htdig/CVE-2007-6110.patch new file mode 100644 index 000000000..2d5638ad1 --- /dev/null +++ b/source/n/htdig/CVE-2007-6110.patch @@ -0,0 +1,24 @@ +diff -u htdig-3.2.0b6/htsearch/Display.cc htdig-3.2.0b6/htsearch/Display.cc +--- htdig-3.2.0b6/htsearch/Display.cc ++++ htdig-3.2.0b6/htsearch/Display.cc +@@ -138,7 +138,7 @@ + // Must temporarily stash the message in a String, since + // displaySyntaxError will overwrite the static temp used in form. + +- String s(form("No such sort method: `%s'", (const char*)config->Find("sort"))); ++ String s("Invalid sort method."); + + displaySyntaxError(s); + return; +--- htdig-3.2.0b6.orig/libhtdig/ResultFetch.cc ++++ htdig-3.2.0b6/libhtdig/ResultFetch.cc +@@ -142,7 +142,7 @@ + // Must temporarily stash the message in a String, since + // displaySyntaxError will overwrite the static temp used in form. + +- String s(form("No such sort method: `%s'", (const char *) config->Find("sort"))); ++ String s("Invalid search method."); + + displaySyntaxError(s); + //return; + diff --git a/source/n/htdig/htdig.SlackBuild b/source/n/htdig/htdig.SlackBuild index 1ca8264ff..0d1776701 100755 --- a/source/n/htdig/htdig.SlackBuild +++ b/source/n/htdig/htdig.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2006, 2007, 2008, 2009, 2010, 2018 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2006, 2007, 2008, 2009, 2010, 2018, 2024 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -25,12 +25,12 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=htdig VERSION=${VERSION:-3.2.0b6} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} -BUILD=${BUILD:-9} +BUILD=${BUILD:-10} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -50,20 +50,20 @@ PKG=$TMP/package-${PKGNAM} rm -rf $PKG mkdir -p $TMP $PKG -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" LIBDIRSUFFIX="" fi +# GCC 14 "fix": +SLKCFLAGS="$SLKCFLAGS -Wno-error=implicit-function-declaration" + cd $TMP rm -rf ${PKGNAM}-${VERSION} tar xvf $CWD/${PKGNAM}-$VERSION.tar.bz2 || exit 1 @@ -83,6 +83,9 @@ zcat $CWD/htdig-3.2.0b6.diff.gz | patch -p1 --verbose || exit 1 # Fix "common dir" location and add "synonym_dictionary" entry: zcat $CWD/htdig.conf.diff.gz | patch -p1 --verbose || exit 1 +# Patch XSS vuln: +zcat $CWD/CVE-2007-6110.patch | patch -p1 --verbose || exit 1 + # Configure: CFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS -std=gnu++98 -fpermissive -fno-delete-null-pointer-checks" \ @@ -92,7 +95,7 @@ CXXFLAGS="$SLKCFLAGS -std=gnu++98 -fpermissive -fno-delete-null-pointer-checks" --sysconfdir=/etc \ --localstatedir=/var/lib/htdig \ --with-apache=/usr/sbin/httpd \ - --with-cgi-bin-dir=/var/www/cgi-bin \ + --with-cgi-bin-dir=/usr/bin \ --with-config-dir=/etc/htdig \ --with-common-dir=/var/www/htdocs/htdig \ --with-database-dir=/var/lib/htdig \ diff --git a/source/n/httpd/httpd.url b/source/n/httpd/httpd.url index c60672025..f85a6e71f 100644 --- a/source/n/httpd/httpd.url +++ b/source/n/httpd/httpd.url @@ -1,2 +1,2 @@ -http://www.apache.org/dist/httpd/httpd-2.4.59.tar.bz2 -http://www.apache.org/dist/httpd/httpd-2.4.59.tar.bz2.asc +http://www.apache.org/dist/httpd/httpd-2.4.62.tar.bz2 +http://www.apache.org/dist/httpd/httpd-2.4.62.tar.bz2.asc diff --git a/source/n/icmpinfo/icmpinfo.SlackBuild b/source/n/icmpinfo/icmpinfo.SlackBuild index f5233971e..05883aaa8 100755 --- a/source/n/icmpinfo/icmpinfo.SlackBuild +++ b/source/n/icmpinfo/icmpinfo.SlackBuild @@ -69,6 +69,8 @@ zcat $CWD/icmpinfo-1.11.diff.gz | patch -p1 --backup || exit 1 # Patch to prevent segfault: zcat $CWD/icmpinfo-1.11-time.diff.gz | patch -p1 --backup || exit 1 +export CFLAGS="-O2 -Wno-error=implicit-function-declaration" + make $NUMJOBS || make || exit 1 strip --strip-unneeded icmpinfo diff --git a/source/n/inetd/inetd.SlackBuild b/source/n/inetd/inetd.SlackBuild index f61982aee..b0417dd5c 100755 --- a/source/n/inetd/inetd.SlackBuild +++ b/source/n/inetd/inetd.SlackBuild @@ -60,6 +60,7 @@ cd inetd zcat $CWD/inetd-OpenBSD-1.79.diff.gz | patch -p1 --backup --suffix=.orig --verbose -E zcat $CWD/inetd.loopingdos.diff.gz | patch -p1 --backup --suffix=.orig --verbose -E zcat $CWD/inetd.libtirpc.diff.gz | patch -p1 --backup --suffix=.orig --verbose -E +zcat $CWD/inetd.gcc14.diff.gz | patch -p1 --backup --suffix=.orig --verbose -E # GCC 4 fix (thanks Fred Emmott) sed -i 's#(type)\([a-z]\)=(type)\([a-z]\)#\1=(type)\2#g' inetd.c diff --git a/source/n/inetd/inetd.gcc14.diff b/source/n/inetd/inetd.gcc14.diff new file mode 100644 index 000000000..4053cf978 --- /dev/null +++ b/source/n/inetd/inetd.gcc14.diff @@ -0,0 +1,9 @@ +--- ./Makefile.orig 2024-05-11 12:41:56.282823472 -0500 ++++ ./Makefile 2024-05-11 12:43:08.540825089 -0500 +@@ -1,5 +1,5 @@ + CC = gcc +-CFLAGS = -O2 -I/usr/include/tirpc ++CFLAGS = -O2 -I/usr/include/tirpc -Wno-error=implicit-function-declaration + LDFLAGS = -s -ltirpc + + all: diff --git a/source/n/iproute2/iproute2.SlackBuild b/source/n/iproute2/iproute2.SlackBuild index 48ce07ae0..a8608bf25 100755 --- a/source/n/iproute2/iproute2.SlackBuild +++ b/source/n/iproute2/iproute2.SlackBuild @@ -31,7 +31,7 @@ BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -46,14 +46,11 @@ if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then exit 0 fi -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" diff --git a/source/n/iputils/iputils.SlackBuild b/source/n/iputils/iputils.SlackBuild index abb888184..d30976c8f 100755 --- a/source/n/iputils/iputils.SlackBuild +++ b/source/n/iputils/iputils.SlackBuild @@ -29,7 +29,7 @@ BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -44,9 +44,7 @@ if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then exit 0 fi -if [ "$ARCH" = "i586" ]; then - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then +if [ "$ARCH" = "i686" ]; then LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then LIBDIRSUFFIX="64" diff --git a/source/n/irssi/irssi.SlackBuild b/source/n/irssi/irssi.SlackBuild index 4437ed256..518529f2f 100755 --- a/source/n/irssi/irssi.SlackBuild +++ b/source/n/irssi/irssi.SlackBuild @@ -28,7 +28,7 @@ PKG=$TMP/package-irssi VERSION=${VERSION:-$(echo irssi-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} DIRCD=${VERSION} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/lftp/lftp.SlackBuild b/source/n/lftp/lftp.SlackBuild index 152f7eb51..cbc5c3648 100755 --- a/source/n/lftp/lftp.SlackBuild +++ b/source/n/lftp/lftp.SlackBuild @@ -73,6 +73,9 @@ rm -rf lftp-$VERSION tar xvf $CWD/lftp-$VERSION.tar.xz || exit 1 cd lftp-$VERSION || exit 1 +zcat $CWD/lftp.c99.patch.gz | patch -p1 --verbose || exit 1 +touch -r aclocal.m4 configure m4/needtrio.m4 + chown -R root:root . find . \ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ diff --git a/source/n/lftp/lftp.c99.patch b/source/n/lftp/lftp.c99.patch new file mode 100644 index 000000000..3e3ec17ec --- /dev/null +++ b/source/n/lftp/lftp.c99.patch @@ -0,0 +1,22 @@ +diff -rup a/configure b/configure +--- a/configure 2023-02-08 21:27:48.733647760 -0500 ++++ b/configure 2023-02-08 21:28:31.201222024 -0500 +@@ -57429,6 +57429,7 @@ else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++ #include <stdio.h> + int main() + { + unsigned long long x=0,x1; +diff -rup a/m4/needtrio.m4 b/m4/needtrio.m4 +--- a/m4/needtrio.m4 2016-02-20 08:57:52.000000000 -0500 ++++ b/m4/needtrio.m4 2023-02-08 21:28:13.642571126 -0500 +@@ -9,6 +9,7 @@ AC_DEFUN([LFTP_NEED_TRIO],[ + else + + AC_RUN_IFELSE([AC_LANG_SOURCE([[ ++ #include <stdio.h> + int main() + { + unsigned long long x=0,x1; diff --git a/source/n/libqmi/libqmi.SlackBuild b/source/n/libqmi/libqmi.SlackBuild index b8e921ff6..e669e1245 100755 --- a/source/n/libqmi/libqmi.SlackBuild +++ b/source/n/libqmi/libqmi.SlackBuild @@ -27,14 +27,14 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=libqmi VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -49,14 +49,11 @@ if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then exit 0 fi -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" @@ -98,7 +95,7 @@ meson setup \ --sysconfdir=/etc \ --localstatedir=/var \ --buildtype=release \ - -Dqrtr=false \ + -Dqrtr=true \ -Dbash_completion=false \ .. || exit 1 "${NINJA:=ninja}" $NUMJOBS || exit 1 diff --git a/source/n/libqrtr-glib/libqrtr-glib.SlackBuild b/source/n/libqrtr-glib/libqrtr-glib.SlackBuild new file mode 100755 index 000000000..0390552b0 --- /dev/null +++ b/source/n/libqrtr-glib/libqrtr-glib.SlackBuild @@ -0,0 +1,120 @@ +#!/bin/bash + +# Copyright 2024 Patrick J. Volkerding, Sebeka, Minnesota, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +PKGNAM=libqrtr-glib +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$(uname -m)" in + i?86) ARCH=i686 ;; + arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) ARCH=$(uname -m) ;; + esac + export ARCH +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +NUMJOBS=${NUMJOBS:-" -j $(expr $(nproc) + 1) "} + +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +rm -rf $PKG +mkdir -p $TMP $PKG + +cd $TMP +rm -rf $PKGNAM-$VERSION +tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1 +cd $PKGNAM-$VERSION || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +export CFLAGS="$SLKCFLAGS" +export CXXFLAGS="$SLKCFLAGS" +mkdir meson-build +cd meson-build +meson setup \ + --prefix=/usr \ + --libdir=lib${LIBDIRSUFFIX} \ + --libexecdir=/usr/libexec \ + --bindir=/usr/bin \ + --sbindir=/usr/sbin \ + --includedir=/usr/include \ + --datadir=/usr/share \ + --mandir=/usr/man \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --buildtype=release \ + .. || exit 1 + "${NINJA:=ninja}" $NUMJOBS || exit 1 + DESTDIR=$PKG $NINJA install || exit 1 +cd .. + +# Strip binaries: +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + +# Compress manual pages: +find $PKG/usr/man -type f -exec gzip -9 {} \+ +for i in $( find $PKG/usr/man -type l ) ; do + ln -s $( readlink $i ).gz $i.gz + rm $i +done + +# Add a documentation directory: +mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION +cp -a \ + AUTHORS* NEWS* RELEASING* README* \ + $PKG/usr/doc/${PKGNAM}-$VERSION + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz diff --git a/source/n/libqrtr-glib/libqrtr-glib.url b/source/n/libqrtr-glib/libqrtr-glib.url new file mode 100644 index 000000000..59f8c2e3b --- /dev/null +++ b/source/n/libqrtr-glib/libqrtr-glib.url @@ -0,0 +1,2 @@ +https://gitlab.freedesktop.org/mobile-broadband/libqrtr-glib +https://gitlab.freedesktop.org/mobile-broadband/libqrtr-glib/-/archive/1.2.2/libqrtr-glib-1.2.2.tar.gz diff --git a/source/n/libqrtr-glib/slack-desc b/source/n/libqrtr-glib/slack-desc new file mode 100644 index 000000000..be4df0e5c --- /dev/null +++ b/source/n/libqrtr-glib/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +libqrtr-glib: libqrtr-glib (Qualcomm router protocol library) +libqrtr-glib: +libqrtr-glib: libqrtr-glib is a glib-based library to use and manage the QRTR +libqrtr-glib: (Qualcomm IPC Router) bus. +libqrtr-glib: +libqrtr-glib: Homepage: https://gitlab.freedesktop.org/mobile-broadband/libqrtr-glib +libqrtr-glib: +libqrtr-glib: +libqrtr-glib: +libqrtr-glib: +libqrtr-glib: diff --git a/source/n/libtirpc/libtirpc.SlackBuild b/source/n/libtirpc/libtirpc.SlackBuild index c7361bd35..d3fb5cbbe 100755 --- a/source/n/libtirpc/libtirpc.SlackBuild +++ b/source/n/libtirpc/libtirpc.SlackBuild @@ -35,7 +35,7 @@ WITH_GSS=${WITH_GSS:-YES} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$(uname -m)" in - i?86) ARCH=i586 ;; + i?86) ARCH=i686 ;; arm*) readelf /usr/bin/file -A | grep -E -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;; # Unless $ARCH is already set, use uname -m for all other archs: *) ARCH=$(uname -m) ;; @@ -53,27 +53,12 @@ fi NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} -if [ "$ARCH" = "i386" ]; then - SLKCFLAGS="-O2 -march=i386 -mcpu=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i486" ]; then - SLKCFLAGS="-O2 -march=i486 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i686" ]; then - SLKCFLAGS="-O2 -march=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" -elif [ "$ARCH" = "armv7hl" ]; then - SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16" - LIBDIRSUFFIX="" else SLKCFLAGS="-O2" LIBDIRSUFFIX="" diff --git a/source/n/links/links.SlackBuild b/source/n/links/links.SlackBuild index ce9ac21a6..62eba31b7 100755 --- a/source/n/links/links.SlackBuild +++ b/source/n/links/links.SlackBuild @@ -24,12 +24,12 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=links VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -49,12 +49,10 @@ NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} TMP=${TMP:-/tmp} PKG=$TMP/package-links -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" else SLKCFLAGS="-O2" fi @@ -72,6 +70,9 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ +# GCC 14 "fix": +SLKCFLAGS="$SLKCFLAGS -Wno-error=implicit-int" + # We are configuring this without X as there are MANY browser choices for # X already. If you need a browser for X, either use something else or # recompile. :-) diff --git a/source/n/lynx/lynx.SlackBuild b/source/n/lynx/lynx.SlackBuild index 26bbf5e82..16e86e313 100755 --- a/source/n/lynx/lynx.SlackBuild +++ b/source/n/lynx/lynx.SlackBuild @@ -23,8 +23,8 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=lynx -PKGVER=2.9.1 -DIRVER=2.9.1 +PKGVER=2.9.2 +DIRVER=2.9.2 BUILD=${BUILD:-1} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} @@ -32,7 +32,7 @@ NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -47,14 +47,11 @@ if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then exit 0 fi -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" diff --git a/source/n/metamail/metamail.SlackBuild b/source/n/metamail/metamail.SlackBuild index b2126c81a..96cac1bc6 100755 --- a/source/n/metamail/metamail.SlackBuild +++ b/source/n/metamail/metamail.SlackBuild @@ -80,6 +80,7 @@ cd metamail-$VERSION || exit 1 xz -dc $CWD/metamail_2.7-54.diff.xz | patch -p1 || exit 1 xz -dc $CWD/metamail.automake.diff.xz | patch -p1 || exit 1 zcat $CWD/metamail.uue.getline.diff.gz | patch -p1 || exit 1 +cat $CWD/metamail.gcc14.diff | patch -p1 || exit 1 chmod 755 configure @@ -93,7 +94,7 @@ find . \ # Fix misnamed man page: mv man/mmencode.1 man/mimencode.1 -CFLAGS="$SLKCFLAGS" \ +CFLAGS="$SLKCFLAGS -Wno-error=implicit-int" \ ./configure \ --prefix=/usr \ --libdir=/usr/lib${LIBDIRSUFFIX} \ @@ -113,7 +114,7 @@ CFLAGS="$SLKCFLAGS" \ mv m.c mailto.c ) -make $NUMJOBS || make || exit 1 +CFLAGS="$SLKCFLAGS -Wno-error=implicit-int" make $NUMJOBS || make || exit 1 ( cd bin cat mailto-hebrew | perl -pi -e 's|/usr/lib/X11/fonts/misc|/usr/share/metamail/fonts|' > mh diff --git a/source/n/metamail/metamail.gcc14.diff b/source/n/metamail/metamail.gcc14.diff new file mode 100644 index 000000000..0c539da9d --- /dev/null +++ b/source/n/metamail/metamail.gcc14.diff @@ -0,0 +1,22 @@ +--- ./src/metamail/Makefile.in.orig 2024-05-10 16:12:29.131173303 -0500 ++++ ./src/metamail/Makefile.in 2024-05-10 16:18:58.068182003 -0500 +@@ -82,7 +82,7 @@ + + MAINTAINERCLEANFILES = Makefile.in + +-CFLAGS = -lncurses ++CFLAGS = -lncurses -Wno-error=return-mismatch -Wno-error=implicit-function-declaration -Wno-error=implicit-int + + INCLUDES = -I$(top_builddir) -I$(top_builddir)/metamail -I$(top_srcdir) -I$(top_srcdir)/metamail + +--- ./src/richmail/Makefile.in.orig 2024-05-10 16:12:29.130173303 -0500 ++++ ./src/richmail/Makefile.in 2024-05-10 16:20:28.612184029 -0500 +@@ -82,7 +82,7 @@ + + MAINTAINERCLEANFILES = Makefile.in + +-CFLAGS = -lncurses ++CFLAGS = -lncurses -Wno-error=return-mismatch -Wno-error=implicit-function-declaration -Wno-error=implicit-int + + INCLUDES = -I$(top_builddir) -I$(top_builddir)/metamail -I$(top_srcdir) -I$(top_srcdir)/metamail + diff --git a/source/n/mosh/mosh.SlackBuild b/source/n/mosh/mosh.SlackBuild index b23ba800a..a0c8cfdbe 100755 --- a/source/n/mosh/mosh.SlackBuild +++ b/source/n/mosh/mosh.SlackBuild @@ -24,12 +24,12 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=mosh VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-4} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$(uname -m)" in - i?86) ARCH=i586 ;; + i?86) ARCH=i686 ;; arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;; # Unless $ARCH is already set, use uname -m for all other archs: *) ARCH=$(uname -m) ;; @@ -47,21 +47,12 @@ fi NUMJOBS=${NUMJOBS:-" -j $(expr $(nproc) + 1) "} -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i686" ]; then - SLKCFLAGS="-O2 -march=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" -elif [ "$ARCH" = "armv7hl" ]; then - SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16" - LIBDIRSUFFIX="" else SLKCFLAGS="-O2" LIBDIRSUFFIX="" diff --git a/source/n/nc/nc.SlackBuild b/source/n/nc/nc.SlackBuild index dbd003dfc..0e3c4da3a 100755 --- a/source/n/nc/nc.SlackBuild +++ b/source/n/nc/nc.SlackBuild @@ -55,6 +55,9 @@ else SLKCFLAGS="-O2" fi +# GCC 14 "fix": +SLKCFLAGS="$SLKCFLAGS -Wno-error=implicit-function-declaration -Wno-error=implicit-int" + TMP=${TMP:-/tmp} PKG=$TMP/package-nc rm -rf $PKG diff --git a/source/n/ncftp/ncftp.SlackBuild b/source/n/ncftp/ncftp.SlackBuild index a749c0eb2..2daf6f2c1 100755 --- a/source/n/ncftp/ncftp.SlackBuild +++ b/source/n/ncftp/ncftp.SlackBuild @@ -47,13 +47,13 @@ fi NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686 -fcommon" + SLKCFLAGS="-O2 -march=i586 -mtune=i686 -fcommon -std=gnu90" elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2 -fcommon" + SLKCFLAGS="-O2 -fcommon -std=gnu90" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC -fcommon" + SLKCFLAGS="-O2 -fPIC -fcommon -std=gnu90" else - SLKCFLAGS="-O2 -fcommon" + SLKCFLAGS="-O2 -fcommon -std=gnu90" fi TMP=${TMP:-/tmp} diff --git a/source/n/net-snmp/net-snmp.SlackBuild b/source/n/net-snmp/net-snmp.SlackBuild index 7b2a899cd..0d91fadc3 100755 --- a/source/n/net-snmp/net-snmp.SlackBuild +++ b/source/n/net-snmp/net-snmp.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=net-snmp VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-4} +BUILD=${BUILD:-5} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/netatalk/netatalk.SlackBuild b/source/n/netatalk/netatalk.SlackBuild index acb26fe93..4183e3f41 100755 --- a/source/n/netatalk/netatalk.SlackBuild +++ b/source/n/netatalk/netatalk.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2008, 2009, 2012, 2015, 2018, 2019, 2020, 2022 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2008, 2009, 2012, 2015, 2018, 2019, 2020, 2022, 2024 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -26,12 +26,12 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=netatalk VERSION=${VERSION:-$(echo netatalk-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -48,14 +48,11 @@ fi NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" @@ -78,43 +75,47 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ -# Choose correct options depending on whether PAM is installed: -if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then - PAM_OPTIONS="--with-pam-confdir=/etc/pam.d --with-pam --enable-ddp" - unset SHADOW_OPTIONS -else - unset PAM_OPTIONS - SHADOW_OPTIONS="--with-shadow" -fi - -# use the system libevent, because the internal one won't compile -# with openssl 1.1. Also skip pam and kerberos (for now). -CFLAGS="$SLKCFLAGS" \ -./configure \ +# Configure, build, and install: +export CFLAGS="$SLKCFLAGS" +export CXXFLAGS="$SLKCFLAGS" +mkdir meson-build +cd meson-build +meson setup \ --prefix=/usr \ - --libdir=/usr/lib${LIBDIRSUFFIX} \ + --libdir=lib${LIBDIRSUFFIX} \ + --libexecdir=/usr/libexec \ + --bindir=/usr/bin \ + --sbindir=/usr/sbin \ + --includedir=/usr/include \ + --datadir=/usr/share \ --mandir=/usr/man \ --sysconfdir=/etc/netatalk \ - --libexecdir=/usr/sbin \ --localstatedir=/var \ - --disable-static \ - $PAM_OPTIONS \ - $SHADOW_OPTIONS \ - --with-libevent=system \ - --with-dbus-sysconf-dir=/usr/share/dbus-1/system.d/ \ - --with-dbus-daemon=/usr/bin/dbus-daemon \ - --build=$ARCH-slackware-linux || exit 1 - -make $NUMJOBS || make || exit 1 -make install DESTDIR=$PKG || exit 1 + --buildtype=release \ + -Dwith-pam=true \ + -Dwith-pam-config-path=/etc/pam.d \ + -Dwith-dbus-sysconf-path=/usr/share/dbus-1/system.d/ \ + -Dwith-dbus-daemon-path=/usr/bin/dbus-daemon \ + -Dwith-overwrite=true \ + .. || exit 1 + "${NINJA:=ninja}" $NUMJOBS || exit 1 + DESTDIR=$PKG $NINJA install || exit 1 +cd .. + +# Hmm, this went missing: +if [ ! -r $PKG/etc/netatalk/afp.conf ]; then + cp -a meson-build/config/afp.conf $PKG/etc/netatalk/afp.conf + chown root:root $PKG/etc/netatalk/afp.conf + chmod 644 $PKG/etc/netatalk/afp.conf +fi # At least make this unreadable to non-root users: if [ -u $PKG/usr/bin/afppasswd ]; then chmod 4711 $PKG/usr/bin/afppasswd fi -# Don't ship .la files: -rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la +# Don't ship static libraries: +rm -f $PKG/usr/lib${LIBDIRSUFFIX}/{*.a,netatalk/*.a} find $PKG | xargs file | grep -e "executable" -e "shared object" \ | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null @@ -141,13 +142,11 @@ cat $CWD/slack-desc > $PKG/install/slack-desc done ) -if [ ! -z "$PAM_OPTIONS" ]; then - mv $PKG/etc/pam.d/netatalk $PKG/etc/pam.d/netatalk.new -fi +mv $PKG/etc/pam.d/netatalk $PKG/etc/pam.d/netatalk.new mkdir -p $PKG/usr/doc/netatalk-$VERSION cp -a \ - AUTHORS CONTRIBUTORS COPYING* COPYRIGHT NEWS VERSION \ + AUTHORS* CONTRIBUTORS* COPYING* COPYRIGHT* NEWS* README* VERSION* \ $PKG/usr/doc/netatalk-$VERSION cp -a $CWD/examples $PKG/usr/doc/netatalk-$VERSION chown -R root:root $PKG/usr/doc/netatalk-$VERSION/examples diff --git a/source/n/netdate/netdate.SlackBuild b/source/n/netdate/netdate.SlackBuild index b84d4d69a..16f6a7d93 100755 --- a/source/n/netdate/netdate.SlackBuild +++ b/source/n/netdate/netdate.SlackBuild @@ -56,6 +56,7 @@ cd netdate || exit 1 zcat $CWD/netdate.diff.gz | patch -p1 --backup || exit zcat $CWD/netdate.diff2.gz | patch -p1 --backup || exit +zcat $CWD/netdate.gcc14.diff.gz | patch -p1 --backup || exit chown -R root:root . find . \ diff --git a/source/n/netdate/netdate.gcc14.diff b/source/n/netdate/netdate.gcc14.diff new file mode 100644 index 000000000..7478afb22 --- /dev/null +++ b/source/n/netdate/netdate.gcc14.diff @@ -0,0 +1,11 @@ +--- ./Makefile.orig 2024-05-11 13:17:31.232871231 -0500 ++++ ./Makefile 2024-05-11 13:18:04.399871973 -0500 +@@ -3,7 +3,7 @@ + + WARNINGS=-Wall -W -Wpointer-arith -Wbad-function-cast -Wcast-qual \ + -Wstrict-prototypes -Wmissing-prototypes \ +- -Wmissing-declarations -Wnested-externs -Winline -Wcast-align ++ -Wmissing-declarations -Wnested-externs -Winline -Wcast-align -Wno-error=implicit-int + + CFLAGS = -g $(WARNINGS) + diff --git a/source/n/netkit-rsh/netkit-rsh.SlackBuild b/source/n/netkit-rsh/netkit-rsh.SlackBuild index 92a1541f0..cf92c6f99 100755 --- a/source/n/netkit-rsh/netkit-rsh.SlackBuild +++ b/source/n/netkit-rsh/netkit-rsh.SlackBuild @@ -60,7 +60,7 @@ zcat $CWD/netkit-rsh.arg_max.diff.gz | patch -p1 -l --verbose || exit 1 zcat $CWD/netkit-rsh.union_wait.diff.gz | patch -p1 -l --verbose || exit 1 zcat $CWD/netkit-rsh.auth.c.stddef.diff.gz | patch -p1 -l --verbose || exit 1 chown -R root:root . -./configure --prefix=/usr || exit 1 +CC="gcc -std=gnu89" ./configure --prefix=/usr || exit 1 make || exit 1 cd rsh strip rsh diff --git a/source/n/netkit-rusers/netkit-rusers.SlackBuild b/source/n/netkit-rusers/netkit-rusers.SlackBuild index e0ca90e6c..96047f507 100755 --- a/source/n/netkit-rusers/netkit-rusers.SlackBuild +++ b/source/n/netkit-rusers/netkit-rusers.SlackBuild @@ -55,7 +55,7 @@ tar xzvf $CWD/netkit-rusers-$VERSION.tar.gz cd netkit-rusers-$VERSION chown -R root:root . zcat $CWD/netkit-rusers-0.17.diff.gz | patch -p1 || exit 1 -./configure --prefix=/usr +CC="gcc -std=gnu89" ./configure --prefix=/usr # Fixes for libtirpc: sed -i -e 's/Winline/Winline -I\/usr\/include\/tirpc/' MCONFIG diff --git a/source/n/netkit-rwho/netkit-rwho.SlackBuild b/source/n/netkit-rwho/netkit-rwho.SlackBuild index 89c4e8b17..277ccaa63 100755 --- a/source/n/netkit-rwho/netkit-rwho.SlackBuild +++ b/source/n/netkit-rwho/netkit-rwho.SlackBuild @@ -44,6 +44,9 @@ if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then exit 0 fi +# GCC 14 "fix": +export CFLAGS="-Wno-error=incompatible-pointer-types" + TMP=${TMP:-/tmp} PKG=$TMP/package-netkit-rwho diff --git a/source/n/netkit-timed/netkit-timed.SlackBuild b/source/n/netkit-timed/netkit-timed.SlackBuild index 569105a38..b34c18315 100755 --- a/source/n/netkit-timed/netkit-timed.SlackBuild +++ b/source/n/netkit-timed/netkit-timed.SlackBuild @@ -55,7 +55,7 @@ tar xzvf $CWD/netkit-timed-$VERSION.tar.gz || exit 1 cd netkit-timed-$VERSION chown -R root:root . zcat $CWD/netkit-timed-0.17.diff.gz | patch -p1 --backup --verbose --suffix=.orig -E || exit -CFLAGS="-DCLK_TCK=CLOCKS_PER_SEC" ./configure --prefix=/usr +CFLAGS="-DCLK_TCK=CLOCKS_PER_SEC -Wno-error=incompatible-pointer-types" ./configure --prefix=/usr make || exit 1 cd timed/timed strip timed diff --git a/source/n/netpipes/netpipes.SlackBuild b/source/n/netpipes/netpipes.SlackBuild index 43d6c7e92..f5e9a5db1 100755 --- a/source/n/netpipes/netpipes.SlackBuild +++ b/source/n/netpipes/netpipes.SlackBuild @@ -57,6 +57,7 @@ echo "+==============+" echo "| netpipes-$VERSION |" echo "+==============+" cd $TMP +rm -rf netpipes-${VERSION}-export tar xvf $CWD/netpipes-${VERSION}-export.tar.gz || exit 1 cd netpipes-${VERSION}-export mkdir -p $PKG/usr/doc/netpipes-${VERSION}-export @@ -64,7 +65,7 @@ cp -a COPYING README *.html $PKG/usr/doc/netpipes-${VERSION}-export chown root:root $PKG/usr/doc/netpipes-${VERSION}-export/* chmod 644 $PKG/usr/doc/netpipes-${VERSION}-export/* -make || exit 1 +CC="gcc -std=gnu89" make || exit 1 strip encapsulate faucet getpeername hose sockdown timelimit for file in encapsulate faucet getpeername hose sockdown timelimit ; do diff --git a/source/n/netwatch/netwatch.SlackBuild b/source/n/netwatch/netwatch.SlackBuild index 620fab9fe..4d32c16ef 100755 --- a/source/n/netwatch/netwatch.SlackBuild +++ b/source/n/netwatch/netwatch.SlackBuild @@ -57,6 +57,9 @@ else SLKCFLAGS="-O2 -fcommon" fi +# GCC 14 "fix": +SLKCFLAGS="$SLKCFLAGS -Wno-error=implicit-int -Wno-error=implicit-function-declaration" + TMP=${TMP:-/tmp} PKG=$TMP/package-netwatch rm -rf $PKG diff --git a/source/n/nfs-utils/nfs-utils.SlackBuild b/source/n/nfs-utils/nfs-utils.SlackBuild index 382aa52eb..e09517137 100755 --- a/source/n/nfs-utils/nfs-utils.SlackBuild +++ b/source/n/nfs-utils/nfs-utils.SlackBuild @@ -29,7 +29,7 @@ BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -46,21 +46,12 @@ fi NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i686" ]; then - SLKCFLAGS="-O2 -march=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" -elif [ "$ARCH" = "armv7hl" ]; then - SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16" - LIBDIRSUFFIX="" else SLKCFLAGS="-O2" LIBDIRSUFFIX="" diff --git a/source/n/nftables/nftables.SlackBuild b/source/n/nftables/nftables.SlackBuild index 2810ce877..c5d15fe72 100755 --- a/source/n/nftables/nftables.SlackBuild +++ b/source/n/nftables/nftables.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=nftables VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} diff --git a/source/n/nghttp2/nghttp2.SlackBuild b/source/n/nghttp2/nghttp2.SlackBuild index 51cc13d55..3bb28b456 100755 --- a/source/n/nghttp2/nghttp2.SlackBuild +++ b/source/n/nghttp2/nghttp2.SlackBuild @@ -29,7 +29,7 @@ BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$(uname -m)" in - i?86) ARCH=i586 ;; + i?86) ARCH=i686 ;; arm*) readelf /usr/bin/file -A | grep -E -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;; # Unless $ARCH is already set, use uname -m for all other archs: *) ARCH=$(uname -m) ;; @@ -47,21 +47,12 @@ fi NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i686" ]; then - SLKCFLAGS="-O2 -march=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" -elif [ "$ARCH" = "armv7hl" ]; then - SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16" - LIBDIRSUFFIX="" else SLKCFLAGS="-O2" LIBDIRSUFFIX="" diff --git a/source/n/nghttp2/nghttp2.url b/source/n/nghttp2/nghttp2.url index 9175dce90..d0f8f7087 100644 --- a/source/n/nghttp2/nghttp2.url +++ b/source/n/nghttp2/nghttp2.url @@ -1,2 +1,2 @@ https://github.com/nghttp2/nghttp2 -https://github.com/nghttp2/nghttp2/releases/download/v1.61.0/nghttp2-1.61.0.tar.xz +https://github.com/nghttp2/nghttp2/releases/download/v1.63.0/nghttp2-1.63.0.tar.xz diff --git a/source/n/nghttp3/nghttp3.SlackBuild b/source/n/nghttp3/nghttp3.SlackBuild new file mode 100755 index 000000000..ace2620a5 --- /dev/null +++ b/source/n/nghttp3/nghttp3.SlackBuild @@ -0,0 +1,128 @@ +#!/bin/bash + +# Copyright 2024 Patrick J. Volkerding, Sebeka, Minnesota, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +PKGNAM=nghttp3 +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-2} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$(uname -m)" in + i?86) ARCH=i686 ;; + arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) ARCH=$(uname -m) ;; + esac + export ARCH +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +NUMJOBS=${NUMJOBS:-" -j $(expr $(nproc) + 1) "} + +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +rm -rf $PKG +mkdir -p $TMP $PKG + +cd $TMP +rm -rf $PKGNAM-$VERSION +tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1 +cd $PKGNAM-$VERSION || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +# Make sure the cmake files go in the proper lib${LIB_SUFFIX}: +sed -i "s#lib/cmake/#lib\${LIB_SUFFIX}/cmake/#g" lib/CMakeLists.txt + +# Configure, build, and install: +mkdir cmake-build +cd cmake-build + cmake \ + -DCMAKE_C_FLAGS="$SLKCFLAGS" \ + -DCMAKE_CXX_FLAGS="$SLKCFLAGS" \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_INSTALL_DOCDIR=/usr/doc/$PKGNAM-$VERSION \ + -DLIB_SUFFIX="$LIBDIRSUFFIX" \ + -DDOC_INSTALL_DIR="doc" \ + -DMAN_INSTALL_DIR=/usr/man \ + -DENABLE_STATIC_LIB=OFF \ + -DENABLE_LIB_ONLY=ON \ + .. || exit 1 + make $NUMJOBS || make || exit 1 + make install DESTDIR=$PKG || exit 1 +cd .. + +# Strip binaries: +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + +# Compress manual pages: +find $PKG/usr/man -type f -exec gzip -9 {} \+ +for i in $( find $PKG/usr/man -type l ) ; do + ln -s $( readlink $i ).gz $i.gz + rm $i +done + +# Add a documentation directory: +mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION +cp -a \ + AUTHORS* ChangeLog COPYING* NEWS* README* \ + $PKG/usr/doc/${PKGNAM}-$VERSION + +# If there's a ChangeLog, installing at least part of the recent history +# is useful, but don't let it get totally out of control: +if [ -r ChangeLog ]; then + DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION) + cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog + touch -r ChangeLog $DOCSDIR/ChangeLog +fi + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz diff --git a/source/n/nghttp3/nghttp3.url b/source/n/nghttp3/nghttp3.url new file mode 100644 index 000000000..7d6cc9d67 --- /dev/null +++ b/source/n/nghttp3/nghttp3.url @@ -0,0 +1,2 @@ +https://github.com/ngtcp2/nghttp3 +https://github.com/ngtcp2/nghttp3/releases/download/v1.5.0/nghttp3-1.5.0.tar.xz diff --git a/source/n/nghttp3/slack-desc b/source/n/nghttp3/slack-desc new file mode 100644 index 000000000..06586e2d9 --- /dev/null +++ b/source/n/nghttp3/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +nghttp3: nghttp3 (thin HTTP/3 layer over a QUIC stack) +nghttp3: +nghttp3: nghttp3 is an implementation of RFC 9114 HTTP/3 mapping over QUIC +nghttp3: and RFC 9204 QPACK in C. +nghttp3: +nghttp3: Homepage: https://github.com/ngtcp2/nghttp3 +nghttp3: +nghttp3: +nghttp3: +nghttp3: +nghttp3: diff --git a/source/n/nmap/nmap.SlackBuild b/source/n/nmap/nmap.SlackBuild index b35e41337..108efabc8 100755 --- a/source/n/nmap/nmap.SlackBuild +++ b/source/n/nmap/nmap.SlackBuild @@ -24,12 +24,12 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=nmap VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -44,17 +44,11 @@ if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then exit 0 fi -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i686" ]; then - SLKCFLAGS="-O2 -march=i686 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" @@ -82,6 +76,9 @@ find . \ sed -i "s,share/man/man1,man/man1,g" ndiff/setup.py +# Don't require a network connection to build zenmap: +cat $CWD/nmap.no.internet.requirement.for.build.diff | patch -p1 --verbose || exit 1 + # --without-nmap-update is needed below to avoid depending on apr and subversion libraries. # It's not worth the feature IMHO. LIBS="-lnl" \ @@ -137,6 +134,12 @@ cp -a CONTRIBUTING* COPYING* HACKING* INSTALL* LICENSE* README* \ fi ) +# Make sure zenmap has an icon: +if [ ! -r $PKG/usr/share/pixmaps/zenmap.png -a -r ./zenmap/zenmapCore/data/pixmaps/zenmap.png ]; then + mkdir -p $PKG/usr/share/pixmaps + cp -a ./zenmap/zenmapCore/data/pixmaps/zenmap.png $PKG/usr/share/pixmaps +fi + # If there's a ChangeLog, installing at least part of the recent history # is useful, but don't let it get totally out of control: if [ -r CHANGELOG ]; then diff --git a/source/n/nmap/nmap.no.internet.requirement.for.build.diff b/source/n/nmap/nmap.no.internet.requirement.for.build.diff new file mode 100644 index 000000000..5e80c9a13 --- /dev/null +++ b/source/n/nmap/nmap.no.internet.requirement.for.build.diff @@ -0,0 +1,16 @@ +--- ./Makefile.in.orig 2024-04-18 11:19:35.000000000 -0500 ++++ ./Makefile.in 2024-05-20 13:00:18.665855374 -0500 +@@ -361,11 +361,11 @@ + DEFAULT_PYTHON_PATH = /usr/bin/env python3 + + build-zenmap: $(ZENMAPDIR)/pyproject.toml $(ZENMAPDIR)/zenmapCore/Version.py +- $(PYTHON) -m build $(ZENMAPDIR)/ ++ $(PYTHON) -m build --wheel --no-isolation $(ZENMAPDIR)/ + + install-zenmap: $(ZENMAPDIR)/pyproject.toml + $(INSTALL) -d $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(deskdir) +- $(PYTHON) -m pip install $(ZENMAPDIR)/ $(if $(DESTDIR),--root "$(DESTDIR)") ++ $(PYTHON) -m pip install --no-build-isolation $(ZENMAPDIR)/ $(if $(DESTDIR),--root "$(DESTDIR)") + $(INSTALL) -c -m 644 docs/zenmap.1 $(DESTDIR)$(mandir)/man1/ + $(INSTALL) -c -m 644 $(ZENMAPDIR)/install_scripts/unix/*.desktop $(DESTDIR)$(deskdir) + # Create a symlink from nmapfe to zenmap if nmapfe doesn't exist or is diff --git a/source/n/nn/nn.SlackBuild b/source/n/nn/nn.SlackBuild index 88fd1c6bd..ab9c7a257 100755 --- a/source/n/nn/nn.SlackBuild +++ b/source/n/nn/nn.SlackBuild @@ -58,6 +58,9 @@ else MFILE="m-i80386.h" fi +# GCC 14 "fix": +SLKCFLAGS="$SLKCFLAGS -Wno-error=implicit-function-declaration" + TMP=${TMP:-/tmp} PKG=$TMP/package-nn diff --git a/source/n/ntp/doinst.sh b/source/n/ntp/doinst.sh index 3f1589bda..58b72de05 100644 --- a/source/n/ntp/doinst.sh +++ b/source/n/ntp/doinst.sh @@ -20,6 +20,7 @@ preserve_perms() { config ${NEW} } +config etc/default/ntp.new config etc/logrotate.d/ntp.new config etc/ntp.conf.new config etc/ntp.keys.new diff --git a/source/n/ntp/fix_ipv6_locallink_regression.diff b/source/n/ntp/fix_ipv6_locallink_regression.diff new file mode 100644 index 000000000..2eb44ad63 --- /dev/null +++ b/source/n/ntp/fix_ipv6_locallink_regression.diff @@ -0,0 +1,37 @@ +This patch fixes a regression introduced in ntpd revision 1.4040.1.4[1]. +The first ntpd release to be affected was 4.2.8p18. + +If the IPv6 link-local interface was not ready for binding on the first +attempt, ntpd would segfault in update_interfaces(). The cause was the +inadvertent referencing of the endpoint returned by create_interface() (ep, +which is NULL on error) rather than the endpoint which contained the address +information (ep2). + +In the patch author's experience, the segfault would only occur when ntpd +was started as part of the boot sequence. Most - but not all - boots were +affected. Evidently it could happen that the timing of ntpd's start up was +delayed enough that the IPv6 link-local interface was ready for the bind() +call when it was first issued by open_socket() via create_interface(). + +No segfaults were observed by the patch's author when starting ntpd manually +after logging in. + +[1] [Bug 3913] Avoid duplicate IPv6 link-local manycast associations. + Complete the switch from struct interface to endpt. + +--- a/ntp-4.2.8p18/ntpd/ntp_io.c 2024-05-07 20:51:17.000000000 +0930 ++++ b/ntp-4.2.8p18/ntpd/ntp_io.c 2024-07-16 22:06:48.873953452 +0930 +@@ -1921,11 +1921,11 @@ + } + else { + DPRINT_INTERFACE(3, +- (ep, "updating ", " new - FAILED")); ++ (ep2, "updating ", " new - FAILED")); + + msyslog(LOG_ERR, + "cannot bind address %s", +- stoa(&ep->sin)); ++ stoa(&ep2->sin)); + } + free(ep2); + } diff --git a/source/n/ntp/ntp b/source/n/ntp/ntp new file mode 100644 index 000000000..26d9c37af --- /dev/null +++ b/source/n/ntp/ntp @@ -0,0 +1,12 @@ +# Default options for the ntpd daemon: +# +# -g: allow initial time correction to be Big (once only) +# -p /run/ntpd.pid: write ntpd PID to this location +# -u ntp:ntp: run ntpd as user ntp, group ntp +# +# Depending on your network, you might want to add -4 (ipv4 only) +# or -6 (ipv6 only). +# +# For other available options, see "man ntpd". + +NTPD_OPTS="-g -p /run/ntpd.pid -u ntp:ntp" diff --git a/source/n/ntp/ntp.SlackBuild b/source/n/ntp/ntp.SlackBuild index 1155df285..9c3d9fb70 100755 --- a/source/n/ntp/ntp.SlackBuild +++ b/source/n/ntp/ntp.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2008, 2009, 2010, 2011, 2012, 2014, 2015, 2017, 2018, 2020, 2023 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2008, 2009, 2010, 2011, 2012, 2014, 2015, 2017, 2018, 2020, 2023, 2024 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=ntp VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-3} +BUILD=${BUILD:-5} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -56,6 +56,9 @@ else SLKCFLAGS="-O2" fi +# GCC 14 "fix": +SLKCFLAGS="$SLKCFLAGS -Wno-error=int-conversion" + TMP=${TMP:-/tmp} PKG=$TMP/package-ntp @@ -75,6 +78,8 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ +cat $CWD/fix_ipv6_locallink_regression.diff | patch -p2 --verbose || exit 1 + CFLAGS="$SLKCFLAGS" \ ./configure \ --prefix=/usr \ @@ -105,9 +110,14 @@ mkdir -p $PKG/usr/bin rmdir $PKG/usr/libexec || exit 1 # Install default conf and keys files: -mkdir -p $PKG/etc -cat $CWD/ntp.conf > $PKG/etc/ntp.conf.new -cat $CWD/ntp.keys > $PKG/etc/ntp.keys.new +mkdir -p $PKG/etc/default +cp -a $CWD/ntp $PKG/etc/default/ntp.new +chown root:root $PKG/etc/default/ntp.new +chmod 644 $PKG/etc/default/ntp.new +cp -a $CWD/ntp.conf $PKG/etc/ntp.conf.new +chown root:root $PKG/etc/ntp.conf.new +chmod 644 $PKG/etc/ntp.conf.new +cp -a $CWD/ntp.keys $PKG/etc/ntp.keys.new chown root:ntp $PKG/etc/ntp.keys.new chmod 640 $PKG/etc/ntp.keys.new diff --git a/source/n/ntp/ntp.conf b/source/n/ntp/ntp.conf index a9c0ce6d0..65123564b 100644 --- a/source/n/ntp/ntp.conf +++ b/source/n/ntp/ntp.conf @@ -28,9 +28,11 @@ fudge 127.127.1.0 stratum 10 statsdir /var/lib/ntp/stats # -# Location of an alternate log file to be used instead of the default system syslog(3) facility +# Location of an alternate log file to be used instead of the default system syslog(3) facility. +# This is not enabled by default, because ntpd has to be restarted when the logs are rotated +# which causes unnecessary network traffic as ntpd resynchronizes. # -logfile /var/log/ntp +#logfile /var/log/ntp # # Drift file. Put this in a directory which the daemon can write to. diff --git a/source/n/ntp/ntp.logrotate b/source/n/ntp/ntp.logrotate index 37fd0be15..99e02e6c7 100644 --- a/source/n/ntp/ntp.logrotate +++ b/source/n/ntp/ntp.logrotate @@ -3,6 +3,6 @@ missingok rotate 4 postrotate - ! [ -x /etc/rc.d/rc.ntpd ] || /etc/rc.d/rc.ntpd restart + [ ! -x /etc/rc.d/rc.ntpd ] || /etc/rc.d/rc.ntpd restart endscript } diff --git a/source/n/ntp/rc.ntpd b/source/n/ntp/rc.ntpd index 9d1e3e88f..4f598f71e 100644 --- a/source/n/ntp/rc.ntpd +++ b/source/n/ntp/rc.ntpd @@ -1,21 +1,25 @@ #!/bin/sh # Start/stop/restart ntpd. +# Load options from /etc/default/ntp: +. /etc/default/ntp + # Start ntpd: ntpd_start() { - echo -n "Starting NTP daemon: /usr/sbin/ntpd -g -u ntp:ntp" - /usr/sbin/ntpd -g -u ntp:ntp + echo -n "Starting NTP daemon: /usr/sbin/ntpd $NTPD_OPTS" + /usr/sbin/ntpd $NTPD_OPTS echo } # Stop ntpd: ntpd_stop() { - echo -n "Stopping NTP daemon..." + echo -n "Stopping NTP daemon... " if [ -r /run/ntpd.pid ]; then + echo -n "(PID $(cat /run/ntpd.pid))" kill -HUP $(cat /run/ntpd.pid) rm -f /run/ntpd.pid else - killall -HUP -q ntpd + killall --ns $$ -HUP -q ntpd fi echo } @@ -30,7 +34,7 @@ ntpd_restart() { # Check if ntpd is running ntpd_status() { if [ -e /run/ntpd.pid ]; then - echo "ntpd is running as pid $(cat /run/ntpd.pid)." + echo "ntpd is running as PID $(cat /run/ntpd.pid)." else echo "ntpd is stopped." exit 1 diff --git a/source/n/obexftp/obexftp.SlackBuild b/source/n/obexftp/obexftp.SlackBuild index d63c6dd6f..2edc21117 100755 --- a/source/n/obexftp/obexftp.SlackBuild +++ b/source/n/obexftp/obexftp.SlackBuild @@ -23,14 +23,14 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=obexftp VERSION=${VERSION:-$(echo $PKGNAM-*-Source.tar.?z* | rev | cut -f 3- -d . | cut -f 2 -d - | rev)} -BUILD=${BUILD:-12} +BUILD=${BUILD:-13} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -48,20 +48,23 @@ fi TMP=${TMP:-/tmp} PKG=$TMP/package-${PKGNAM} -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "s390" ]; then SLKCFLAGS="-O2" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" LIBDIRSUFFIX="" fi +# GCC 14 "fix": +export CC="gcc -Wno-error=int-conversion -Wno-error=implicit-function-declaration" + PYTHON3LIB=$( python3 -c 'from distutils.sysconfig import get_python_lib; print(get_python_lib())' ) rm -rf $PKG diff --git a/source/n/openldap/openldap.SlackBuild b/source/n/openldap/openldap.SlackBuild index 4eab73442..745b8d301 100755 --- a/source/n/openldap/openldap.SlackBuild +++ b/source/n/openldap/openldap.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=openldap VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -68,6 +68,9 @@ else LIBDIRSUFFIX="" fi +# GCC 14 "fix": +SLKCFLAGS="$SLKCFLAGS -Wno-error=incompatible-pointer-types" + TMP=${TMP:-/tmp} PKG=$TMP/package-$PKGNAM diff --git a/source/n/openssh/doinst.sh b/source/n/openssh/doinst.sh index ba1d1cdd3..f24972c6f 100644 --- a/source/n/openssh/doinst.sh +++ b/source/n/openssh/doinst.sh @@ -51,3 +51,9 @@ if [ ! -r var/log/btmp ]; then ( cd var/log ; umask 077 ; touch btmp ) fi +# Restart sshd if it is safe to do so: +. etc/default/sshd +if [ ! "$SSHD_LISTENER_AUTO_RESTART_ON_UPGRADE" = "no" -a ! -x /usr/lib/setup/setup ]; then + chroot . /bin/bash -c "if sshd -t 1> /dev/null 2> /dev/null ; then if [ -x /etc/rc.d/rc.sshd ]; then sh /etc/rc.d/rc.sshd restart 1> /dev/null 2>/dev/null; fi; fi" +fi +unset SSHD_OPTS SSHD_LISTENER_AUTO_RESTART_ON_UPGRADE diff --git a/source/n/openssh/openssh.SlackBuild b/source/n/openssh/openssh.SlackBuild index 642194ff7..9a53a6098 100755 --- a/source/n/openssh/openssh.SlackBuild +++ b/source/n/openssh/openssh.SlackBuild @@ -2,7 +2,7 @@ # Copyright 2000 BSDi, Inc. Concord, CA, USA # Copyright 2001, 2002, 2003, 2004 Slackware Linux, Inc. Concord, CA, USA -# Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2018, 2020, 2021, 2023 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2018, 2020, 2021, 2023, 2024 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -37,7 +37,7 @@ NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -52,21 +52,12 @@ if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then exit 0 fi -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" -elif [ "$ARCH" = "arm" ]; then - SLKCFLAGS="-O2 -march=armv4 -mtune=xscale" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "armel" ]; then - SLKCFLAGS="-O2 -march=armv4t" - LIBDIRSUFFIX="" else SLKCFLAGS="-O2" LIBDIRSUFFIX="" @@ -107,12 +98,13 @@ CFLAGS="$SLKCFLAGS" \ --sysconfdir=/etc/ssh \ $PAM_OPTIONS \ $SHADOW_OPTIONS \ - --with-md5-passwords \ + --enable-dsa-keys \ --with-libedit \ --with-tcp-wrappers \ --with-default-path=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin \ --with-privsep-path=/var/empty \ --with-privsep-user=sshd \ + --enable-dsa-keys \ --build=$ARCH-slackware-linux || exit 1 make $NUMJOBS || make || exit 1 @@ -196,11 +188,10 @@ fi # Copy runtime installation files: mkdir -p install - zcat $CWD/doinst.sh.gz > install/doinst.sh + cat $CWD/doinst.sh > install/doinst.sh cat $CWD/slack-desc > install/slack-desc ) # Create the package itself: cd $PKG /sbin/makepkg -l y -c n $TMP/openssh-$VERSION-$ARCH-$BUILD.txz - diff --git a/source/n/openssh/openssh.tcp_wrappers.diff b/source/n/openssh/openssh.tcp_wrappers.diff index 3b530a5b7..f9430fb12 100644 --- a/source/n/openssh/openssh.tcp_wrappers.diff +++ b/source/n/openssh/openssh.tcp_wrappers.diff @@ -1,29 +1,6 @@ ---- ./sshd.8.orig 2022-02-23 05:31:11.000000000 -0600 -+++ ./sshd.8 2022-02-24 13:28:36.533888569 -0600 -@@ -908,6 +908,12 @@ - This file should be writable only by the user, and need not be - readable by anyone else. - .Pp -+.It Pa /etc/hosts.allow -+.It Pa /etc/hosts.deny -+Access controls that should be enforced by tcp-wrappers are defined here. -+Further details are described in -+.Xr hosts_access 5 . -+.Pp - .It Pa /etc/hosts.equiv - This file is for host-based authentication (see - .Xr ssh 1 ) . -@@ -1010,6 +1016,7 @@ - .Xr ssh-keygen 1 , - .Xr ssh-keyscan 1 , - .Xr chroot 2 , -+.Xr hosts_access 5 , - .Xr login.conf 5 , - .Xr moduli 5 , - .Xr sshd_config 5 , ---- ./configure.ac.orig 2022-02-23 05:31:11.000000000 -0600 -+++ ./configure.ac 2022-02-24 13:30:10.535883370 -0600 -@@ -1599,6 +1599,62 @@ +--- ./configure.ac.orig 2024-06-30 23:36:28.000000000 -0500 ++++ ./configure.ac 2024-07-01 12:30:30.668845271 -0500 +@@ -1662,6 +1662,62 @@ AC_MSG_RESULT([no]) fi @@ -86,7 +63,7 @@ # Check whether user wants to use ldns LDNS_MSG="no" AC_ARG_WITH(ldns, -@@ -5593,6 +5649,7 @@ +@@ -5699,6 +5755,7 @@ echo " OSF SIA support: $SIA_MSG" echo " KerberosV support: $KRB5_MSG" echo " SELinux support: $SELINUX_MSG" @@ -94,9 +71,32 @@ echo " libedit support: $LIBEDIT_MSG" echo " libldns support: $LDNS_MSG" echo " Solaris process contract support: $SPC_MSG" ---- ./sshd.c.orig 2022-02-23 05:31:11.000000000 -0600 -+++ ./sshd.c 2022-02-24 13:28:36.533888569 -0600 -@@ -129,6 +129,13 @@ +--- ./sshd.8.orig 2024-06-30 23:36:28.000000000 -0500 ++++ ./sshd.8 2024-07-01 12:30:30.667845271 -0500 +@@ -921,6 +921,12 @@ + This file should be writable only by the user, and need not be + readable by anyone else. + .Pp ++.It Pa /etc/hosts.allow ++.It Pa /etc/hosts.deny ++Access controls that should be enforced by tcp-wrappers are defined here. ++Further details are described in ++.Xr hosts_access 5 . ++.Pp + .It Pa /etc/hosts.equiv + This file is for host-based authentication (see + .Xr ssh 1 ) . +@@ -1023,6 +1029,7 @@ + .Xr ssh-keygen 1 , + .Xr ssh-keyscan 1 , + .Xr chroot 2 , ++.Xr hosts_access 5 , + .Xr login.conf 5 , + .Xr moduli 5 , + .Xr sshd_config 5 , +--- ./sshd-session.c.orig 2024-06-30 23:36:28.000000000 -0500 ++++ ./sshd-session.c 2024-07-01 12:34:16.265697423 -0500 +@@ -110,6 +110,13 @@ #include "srclimit.h" #include "dh.h" @@ -110,28 +110,27 @@ /* Re-exec fds */ #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) -@@ -2138,6 +2145,26 @@ +@@ -1226,6 +1233,25 @@ the_active_state = ssh; ssh_packet_set_server(ssh); -+/* Moved LIBWRAP check here */ +#ifdef LIBWRAP + allow_severity = options.log_facility|LOG_INFO; + deny_severity = options.log_facility|LOG_WARNING; + /* Check whether logins are denied from this host. */ -+ if (ssh_packet_connection_is_on_socket(ssh)) { /* This check must be after ssh_packet_set_connection() */ -+ struct request_info req; ++ if (ssh_packet_connection_is_on_socket(ssh)) { /* This check must be after ssh_packet_set_connection() */ ++ struct request_info req; + -+ request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0); -+ fromhost(&req); ++ request_init(&req, RQ_DAEMON, "sshd", RQ_FILE, sock_in, 0); ++ fromhost(&req); + -+ if (!hosts_access(&req)) { -+ debug("Connection refused by tcp wrapper"); -+ refuse(&req); -+ /* NOTREACHED */ -+ fatal("libwrap refuse returns"); -+ } -+ } ++ if (!hosts_access(&req)) { ++ debug("Connection refused by tcp wrapper"); ++ refuse(&req); ++ /* NOTREACHED */ ++ fatal("libwrap refuse returns"); ++ } ++ } +#endif /* LIBWRAP */ + check_ip_options(ssh); diff --git a/source/n/openssh/rc.sshd b/source/n/openssh/rc.sshd index eea6c6a74..64a8b5d57 100644 --- a/source/n/openssh/rc.sshd +++ b/source/n/openssh/rc.sshd @@ -27,7 +27,8 @@ sshd_start() { } sshd_stop() { - killall sshd + killall --ns $$ sshd-session 2> /dev/null + killall --ns $$ sshd } sshd_restart() { @@ -61,4 +62,3 @@ case "$1" in *) echo "usage $0 start|stop|restart" esac - diff --git a/source/n/openssh/sshd.default b/source/n/openssh/sshd.default index 6cab3ba31..8699a97a6 100644 --- a/source/n/openssh/sshd.default +++ b/source/n/openssh/sshd.default @@ -8,3 +8,7 @@ # # If you want to use non-standard sshd_config, use: #SSHD_OPTS="-f /some/other/sshd_config" +# +# If you don't want the sshd listener automatically restarted when the package +# is upgraded, then uncomment this line: +#SSHD_LISTENER_AUTO_RESTART_ON_UPGRADE=no diff --git a/source/n/openssl/openssl.SlackBuild b/source/n/openssl/openssl.SlackBuild index 1e01d1289..bd4ae8ebc 100755 --- a/source/n/openssl/openssl.SlackBuild +++ b/source/n/openssl/openssl.SlackBuild @@ -33,7 +33,7 @@ BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -67,13 +67,8 @@ tar xvf $CWD/openssl-$VERSION.tar.gz || exit 1 cd openssl-$VERSION chown -R root:root . -if [ "$ARCH" = "i586" ]; then - # Build with -march=i586 -mtune=i686: - sed -i "/linux-elf/s/fomit-frame-pointer/fomit-frame-pointer -march=i586 -mtune=i686/g" Configure - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i686" ]; then - # Build with -march=i686 -mtune=i686: - sed -i "/linux-elf/s/fomit-frame-pointer/fomit-frame-pointer -march=i686 -mtune=i686/g" Configure +if [ "$ARCH" = "i686" ]; then + sed -i "/linux-elf/s/fomit-frame-pointer/fomit-frame-pointer -march=pentium4 -mtune=generic/g" Configure LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then LIBDIRSUFFIX="64" diff --git a/source/n/openssl/openssl.url b/source/n/openssl/openssl.url new file mode 100644 index 000000000..091016679 --- /dev/null +++ b/source/n/openssl/openssl.url @@ -0,0 +1,2 @@ +https://github.com/openssl/openssl/releases +https://github.com/openssl/openssl/releases/download/openssl-3.3.2/openssl-3.3.2.tar.gz diff --git a/source/n/openssl11/0000-patch-license.txt b/source/n/openssl11/0000-patch-license.txt new file mode 100644 index 000000000..49cc83d2e --- /dev/null +++ b/source/n/openssl11/0000-patch-license.txt @@ -0,0 +1,177 @@ + + Apache License + Version 2.0, January 2004 + https://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS diff --git a/source/n/openssl11/0001-openssl-1.1.1x_CVE-2023-5678_CVE-2024-0727.patch b/source/n/openssl11/0001-openssl-1.1.1x_CVE-2023-5678_CVE-2024-0727.patch new file mode 100644 index 000000000..52e575b08 --- /dev/null +++ b/source/n/openssl11/0001-openssl-1.1.1x_CVE-2023-5678_CVE-2024-0727.patch @@ -0,0 +1,294 @@ +From 01ca0bbbe65215f6ae72bba7d63ea67fb53c4f9a Mon Sep 17 00:00:00 2001 +From: Ken Zalewski <ken.zalewski@gmail.com> +Date: Sat, 13 Jul 2024 11:00:49 -0400 +Subject: [PATCH] Patch to openssl-1.1.1x. This version addresses two + vulnerabilities: CVE-2023-5678 and CVE-2024-0727 + +--- + crypto/dh/dh_check.c | 13 +++++++++++++ + crypto/dh/dh_err.c | 2 ++ + crypto/dh/dh_key.c | 10 ++++++++++ + crypto/err/openssl.txt | 2 ++ + crypto/pkcs12/p12_add.c | 18 ++++++++++++++++++ + crypto/pkcs12/p12_mutl.c | 5 +++++ + crypto/pkcs12/p12_npas.c | 5 +++-- + crypto/pkcs12/pk12err.c | 2 ++ + crypto/pkcs7/pk7_mime.c | 9 +++++++-- + include/openssl/dh.h | 6 ++++-- + include/openssl/dherr.h | 2 ++ + include/openssl/opensslv.h | 4 ++-- + include/openssl/pkcs12err.h | 1 + + 13 files changed, 71 insertions(+), 8 deletions(-) + +diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c +index ae1b03b..40dfc57 100644 +--- a/crypto/dh/dh_check.c ++++ b/crypto/dh/dh_check.c +@@ -198,6 +198,19 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) + BN_CTX *ctx = NULL; + + *ret = 0; ++ ++ /* Don't do any checks at all with an excessively large modulus */ ++ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) { ++ DHerr(DH_F_DH_CHECK_PUB_KEY, DH_R_MODULUS_TOO_LARGE); ++ *ret = DH_CHECK_P_NOT_PRIME | DH_CHECK_PUBKEY_INVALID; ++ return 0; ++ } ++ ++ if (dh->q != NULL && BN_ucmp(dh->p, dh->q) < 0) { ++ *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID; ++ return 1; ++ } ++ + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; +diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c +index 92800d3..048ba66 100644 +--- a/crypto/dh/dh_err.c ++++ b/crypto/dh/dh_err.c +@@ -21,6 +21,7 @@ static const ERR_STRING_DATA DH_str_functs[] = { + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"}, ++ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY, 0), "DH_check_pub_key"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_DECRYPT, 0), "dh_cms_decrypt"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"}, +@@ -82,6 +83,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = { + {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), + "parameter encoding error"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, ++ {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR), + "unable to check generator"}, +diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c +index 117f2fa..9f5e6f6 100644 +--- a/crypto/dh/dh_key.c ++++ b/crypto/dh/dh_key.c +@@ -114,6 +114,11 @@ static int generate_key(DH *dh) + return 0; + } + ++ if (dh->q != NULL && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) { ++ DHerr(DH_F_GENERATE_KEY, DH_R_Q_TOO_LARGE); ++ return 0; ++ } ++ + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; +@@ -207,6 +212,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) + goto err; + } + ++ if (dh->q != NULL && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) { ++ DHerr(DH_F_COMPUTE_KEY, DH_R_Q_TOO_LARGE); ++ goto err; ++ } ++ + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; +diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt +index c0a3cd7..ec3823e 100644 +--- a/crypto/err/openssl.txt ++++ b/crypto/err/openssl.txt +@@ -969,6 +969,7 @@ PKCS12_F_PKCS12_SETUP_MAC:122:PKCS12_setup_mac + PKCS12_F_PKCS12_SET_MAC:123:PKCS12_set_mac + PKCS12_F_PKCS12_UNPACK_AUTHSAFES:130:PKCS12_unpack_authsafes + PKCS12_F_PKCS12_UNPACK_P7DATA:131:PKCS12_unpack_p7data ++PKCS12_F_PKCS12_UNPACK_P7ENCDATA:134:PKCS12_unpack_p7encdata + PKCS12_F_PKCS12_VERIFY_MAC:126:PKCS12_verify_mac + PKCS12_F_PKCS8_ENCRYPT:125:PKCS8_encrypt + PKCS12_F_PKCS8_SET0_PBE:132:PKCS8_set0_pbe +@@ -2106,6 +2107,7 @@ DH_R_NO_PARAMETERS_SET:107:no parameters set + DH_R_NO_PRIVATE_VALUE:100:no private value + DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error + DH_R_PEER_KEY_ERROR:111:peer key error ++DH_R_Q_TOO_LARGE:130:q too large + DH_R_SHARED_INFO_ERROR:113:shared info error + DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator + DSA_R_BAD_Q_VALUE:102:bad q value +diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c +index af184c8..6549691 100644 +--- a/crypto/pkcs12/p12_add.c ++++ b/crypto/pkcs12/p12_add.c +@@ -76,6 +76,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7) + PKCS12_R_CONTENT_TYPE_NOT_DATA); + return NULL; + } ++ ++ if (p7->d.data == NULL) { ++ PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA, PKCS12_R_DECODE_ERROR); ++ return NULL; ++ } ++ + return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); + } + +@@ -132,6 +138,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, + { + if (!PKCS7_type_is_encrypted(p7)) + return NULL; ++ ++ if (p7->d.encrypted == NULL) { ++ PKCS12err(PKCS12_F_PKCS12_UNPACK_P7ENCDATA, PKCS12_R_DECODE_ERROR); ++ return NULL; ++ } ++ + return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, + ASN1_ITEM_rptr(PKCS12_SAFEBAGS), + pass, passlen, +@@ -159,6 +171,12 @@ STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12) + PKCS12_R_CONTENT_TYPE_NOT_DATA); + return NULL; + } ++ ++ if (p12->authsafes->d.data == NULL) { ++ PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES, PKCS12_R_DECODE_ERROR); ++ return NULL; ++ } ++ + return ASN1_item_unpack(p12->authsafes->d.data, + ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); + } +diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c +index 3658003..766c9c1 100644 +--- a/crypto/pkcs12/p12_mutl.c ++++ b/crypto/pkcs12/p12_mutl.c +@@ -93,6 +93,11 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + return 0; + } + ++ if (p12->authsafes->d.data == NULL) { ++ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_DECODE_ERROR); ++ return 0; ++ } ++ + salt = p12->mac->salt->data; + saltlen = p12->mac->salt->length; + if (!p12->mac->iter) +diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c +index 0334289..1303376 100644 +--- a/crypto/pkcs12/p12_npas.c ++++ b/crypto/pkcs12/p12_npas.c +@@ -78,8 +78,9 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) + bags = PKCS12_unpack_p7data(p7); + } else if (bagnid == NID_pkcs7_encrypted) { + bags = PKCS12_unpack_p7encdata(p7, oldpass, -1); +- if (!alg_get(p7->d.encrypted->enc_data->algorithm, +- &pbe_nid, &pbe_iter, &pbe_saltlen)) ++ if (p7->d.encrypted == NULL ++ || !alg_get(p7->d.encrypted->enc_data->algorithm, ++ &pbe_nid, &pbe_iter, &pbe_saltlen)) + goto err; + } else { + continue; +diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c +index 38ce519..3eb7f2f 100644 +--- a/crypto/pkcs12/pk12err.c ++++ b/crypto/pkcs12/pk12err.c +@@ -58,6 +58,8 @@ static const ERR_STRING_DATA PKCS12_str_functs[] = { + "PKCS12_unpack_authsafes"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_P7DATA, 0), + "PKCS12_unpack_p7data"}, ++ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_P7ENCDATA, 0), ++ "PKCS12_unpack_p7encdata"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_VERIFY_MAC, 0), + "PKCS12_verify_mac"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS8_ENCRYPT, 0), "PKCS8_encrypt"}, +diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c +index 19e6868..635af10 100644 +--- a/crypto/pkcs7/pk7_mime.c ++++ b/crypto/pkcs7/pk7_mime.c +@@ -30,10 +30,15 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) + { + STACK_OF(X509_ALGOR) *mdalgs; + int ctype_nid = OBJ_obj2nid(p7->type); +- if (ctype_nid == NID_pkcs7_signed) ++ if (ctype_nid == NID_pkcs7_signed) { ++ if (p7->d.sign == NULL) { ++ return 0; ++ } + mdalgs = p7->d.sign->md_algs; +- else ++ } ++ else { + mdalgs = NULL; ++ } + + flags ^= SMIME_OLDMIME; + +diff --git a/include/openssl/dh.h b/include/openssl/dh.h +index 6c6ff36..d2a9c0d 100644 +--- a/include/openssl/dh.h ++++ b/include/openssl/dh.h +@@ -71,14 +71,16 @@ DECLARE_ASN1_ITEM(DHparams) + /* #define DH_GENERATOR_3 3 */ + # define DH_GENERATOR_5 5 + +-/* DH_check error codes */ ++/* DH_check error codes, some of them shared with DH_check_pub_key */ + # define DH_CHECK_P_NOT_PRIME 0x01 + # define DH_CHECK_P_NOT_SAFE_PRIME 0x02 + # define DH_UNABLE_TO_CHECK_GENERATOR 0x04 + # define DH_NOT_SUITABLE_GENERATOR 0x08 + # define DH_CHECK_Q_NOT_PRIME 0x10 +-# define DH_CHECK_INVALID_Q_VALUE 0x20 ++# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */ + # define DH_CHECK_INVALID_J_VALUE 0x40 ++# define DH_MODULUS_TOO_SMALL 0x80 ++# define DH_MODULUS_TOO_LARGE 0x100 /* +DH_check_pub_key */ + + /* DH_check_pub_key error codes */ + # define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h +index 528c819..a98bb1e 100644 +--- a/include/openssl/dherr.h ++++ b/include/openssl/dherr.h +@@ -33,6 +33,7 @@ int ERR_load_DH_strings(void); + # define DH_F_DH_CHECK 126 + # define DH_F_DH_CHECK_EX 121 + # define DH_F_DH_CHECK_PARAMS_EX 122 ++# define DH_F_DH_CHECK_PUB_KEY 127 + # define DH_F_DH_CHECK_PUB_KEY_EX 123 + # define DH_F_DH_CMS_DECRYPT 114 + # define DH_F_DH_CMS_SET_PEERKEY 115 +@@ -82,6 +83,7 @@ int ERR_load_DH_strings(void); + # define DH_R_NO_PRIVATE_VALUE 100 + # define DH_R_PARAMETER_ENCODING_ERROR 105 + # define DH_R_PEER_KEY_ERROR 111 ++# define DH_R_Q_TOO_LARGE 130 + # define DH_R_SHARED_INFO_ERROR 113 + # define DH_R_UNABLE_TO_CHECK_GENERATOR 121 + +diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h +index 5667d47..c16eafd 100644 +--- a/include/openssl/opensslv.h ++++ b/include/openssl/opensslv.h +@@ -39,8 +39,8 @@ extern "C" { + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-# define OPENSSL_VERSION_NUMBER 0x1010117fL +-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1w 11 Sep 2023" ++# define OPENSSL_VERSION_NUMBER 0x1010118fL ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1x 25 Jan 2024" + + /*- + * The macros below are to be used for shared library (.so, .dll, ...) +diff --git a/include/openssl/pkcs12err.h b/include/openssl/pkcs12err.h +index eff5eb2..0d2f15a 100644 +--- a/include/openssl/pkcs12err.h ++++ b/include/openssl/pkcs12err.h +@@ -49,6 +49,7 @@ int ERR_load_PKCS12_strings(void); + # define PKCS12_F_PKCS12_SET_MAC 123 + # define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 + # define PKCS12_F_PKCS12_UNPACK_P7DATA 131 ++# define PKCS12_F_PKCS12_UNPACK_P7ENCDATA 134 + # define PKCS12_F_PKCS12_VERIFY_MAC 126 + # define PKCS12_F_PKCS8_ENCRYPT 125 + # define PKCS12_F_PKCS8_SET0_PBE 132 diff --git a/source/n/openssl11/0002-openssl-1.1.1y_CVE-2024-2511_CVE-2024-4741.patch b/source/n/openssl11/0002-openssl-1.1.1y_CVE-2024-2511_CVE-2024-4741.patch new file mode 100644 index 000000000..3c8c4ace5 --- /dev/null +++ b/source/n/openssl11/0002-openssl-1.1.1y_CVE-2024-2511_CVE-2024-4741.patch @@ -0,0 +1,183 @@ +From 4e975e3aec06165e760953f6c51a795f3dcfd1a0 Mon Sep 17 00:00:00 2001 +From: Ken Zalewski <ken.zalewski@gmail.com> +Date: Sat, 13 Jul 2024 12:02:52 -0400 +Subject: [PATCH] Patch to openssl-1.1.1y. This version addresses two + vulnerabilities: CVE-2024-2511 and CVE-2024-4741 + +--- + include/openssl/opensslv.h | 4 ++-- + include/openssl/ssl.h | 2 +- + ssl/record/rec_layer_s3.c | 9 +++++++++ + ssl/record/record.h | 1 + + ssl/ssl_lib.c | 8 ++++++-- + ssl/ssl_local.h | 2 +- + ssl/ssl_sess.c | 28 ++++++++++++++++++++++------ + ssl/statem/statem_srvr.c | 5 ++--- + 8 files changed, 44 insertions(+), 15 deletions(-) + +diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h +index c16eafd..585109a 100644 +--- a/include/openssl/opensslv.h ++++ b/include/openssl/opensslv.h +@@ -39,8 +39,8 @@ extern "C" { + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-# define OPENSSL_VERSION_NUMBER 0x1010118fL +-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1x 25 Jan 2024" ++# define OPENSSL_VERSION_NUMBER 0x1010119fL ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1y 27 May 2024" + + /*- + * The macros below are to be used for shared library (.so, .dll, ...) +diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h +index 9af0c89..64eaca3 100644 +--- a/include/openssl/ssl.h ++++ b/include/openssl/ssl.h +@@ -1659,7 +1659,7 @@ __owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, + __owur int SSL_SESSION_is_resumable(const SSL_SESSION *s); + + __owur SSL_SESSION *SSL_SESSION_new(void); +-__owur SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src); ++__owur SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src); + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, + unsigned int *len); + const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, +diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c +index 1db1712..525c3ab 100644 +--- a/ssl/record/rec_layer_s3.c ++++ b/ssl/record/rec_layer_s3.c +@@ -81,6 +81,15 @@ int RECORD_LAYER_read_pending(const RECORD_LAYER *rl) + return SSL3_BUFFER_get_left(&rl->rbuf) != 0; + } + ++int RECORD_LAYER_data_present(const RECORD_LAYER *rl) ++{ ++ if (rl->rstate == SSL_ST_READ_BODY) ++ return 1; ++ if (RECORD_LAYER_processed_read_pending(rl)) ++ return 1; ++ return 0; ++} ++ + /* Checks if we have decrypted unread record data pending */ + int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl) + { +diff --git a/ssl/record/record.h b/ssl/record/record.h +index af56206..513ab39 100644 +--- a/ssl/record/record.h ++++ b/ssl/record/record.h +@@ -197,6 +197,7 @@ void RECORD_LAYER_release(RECORD_LAYER *rl); + int RECORD_LAYER_read_pending(const RECORD_LAYER *rl); + int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl); + int RECORD_LAYER_write_pending(const RECORD_LAYER *rl); ++int RECORD_LAYER_data_present(const RECORD_LAYER *rl); + void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl); + void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl); + int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl); +diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c +index 47adc32..356d65c 100644 +--- a/ssl/ssl_lib.c ++++ b/ssl/ssl_lib.c +@@ -3515,9 +3515,10 @@ void ssl_update_cache(SSL *s, int mode) + + /* + * If the session_id_length is 0, we are not supposed to cache it, and it +- * would be rather hard to do anyway :-) ++ * would be rather hard to do anyway :-). Also if the session has already ++ * been marked as not_resumable we should not cache it for later reuse. + */ +- if (s->session->session_id_length == 0) ++ if (s->session->session_id_length == 0 || s->session->not_resumable) + return; + + /* +@@ -5247,6 +5248,9 @@ int SSL_free_buffers(SSL *ssl) + if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl)) + return 0; + ++ if (RECORD_LAYER_data_present(rl)) ++ return 0; ++ + RECORD_LAYER_release(rl); + return 1; + } +diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h +index 5c79215..5e73fa4 100644 +--- a/ssl/ssl_local.h ++++ b/ssl/ssl_local.h +@@ -2261,7 +2261,7 @@ __owur int ssl_get_new_session(SSL *s, int session); + __owur SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, + size_t sess_id_len); + __owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello); +-__owur SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket); ++__owur SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket); + __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); + DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); + __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, +diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c +index 68d1737..2b27a47 100644 +--- a/ssl/ssl_sess.c ++++ b/ssl/ssl_sess.c +@@ -94,16 +94,11 @@ SSL_SESSION *SSL_SESSION_new(void) + return ss; + } + +-SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src) +-{ +- return ssl_session_dup(src, 1); +-} +- + /* + * Create a new SSL_SESSION and duplicate the contents of |src| into it. If + * ticket == 0 then no ticket information is duplicated, otherwise it is. + */ +-SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) ++static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket) + { + SSL_SESSION *dest; + +@@ -226,6 +221,27 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) + return NULL; + } + ++SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) ++{ ++ return ssl_session_dup_intern(src, 1); ++} ++ ++/* ++ * Used internally when duplicating a session which might be already shared. ++ * We will have resumed the original session. Subsequently we might have marked ++ * it as non-resumable (e.g. in another thread) - but this copy should be ok to ++ * resume from. ++ */ ++SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) ++{ ++ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket); ++ ++ if (sess != NULL) ++ sess->not_resumable = 0; ++ ++ return sess; ++} ++ + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) + { + if (len) +diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c +index 43f77a5..2f6ce8f 100644 +--- a/ssl/statem/statem_srvr.c ++++ b/ssl/statem/statem_srvr.c +@@ -2403,9 +2403,8 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) + * so the following won't overwrite an ID that we're supposed + * to send back. + */ +- if (s->session->not_resumable || +- (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) +- && !s->hit)) ++ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) ++ && !s->hit) + s->session->session_id_length = 0; + + if (usetls13) { diff --git a/source/n/openssl11/0003-openssl-1.1.1za_CVE-2024-5535.patch b/source/n/openssl11/0003-openssl-1.1.1za_CVE-2024-5535.patch new file mode 100644 index 000000000..90a30beb1 --- /dev/null +++ b/source/n/openssl11/0003-openssl-1.1.1za_CVE-2024-5535.patch @@ -0,0 +1,108 @@ +From 72f5c8e48a09ab09dae91c869e53e3d0c75ef921 Mon Sep 17 00:00:00 2001 +From: Ken Zalewski <ken.zalewski@gmail.com> +Date: Sat, 13 Jul 2024 12:19:50 -0400 +Subject: [PATCH] Patch to openssl-1.1.1za. This version addresses one + vulnerability: CVE-2024-5535 + +--- + include/openssl/opensslv.h | 4 +-- + ssl/ssl_lib.c | 63 ++++++++++++++++++++++++-------------- + 2 files changed, 42 insertions(+), 25 deletions(-) + +diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h +index 585109a..a1a5d07 100644 +--- a/include/openssl/opensslv.h ++++ b/include/openssl/opensslv.h +@@ -39,8 +39,8 @@ extern "C" { + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-# define OPENSSL_VERSION_NUMBER 0x1010119fL +-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1y 27 May 2024" ++# define OPENSSL_VERSION_NUMBER 0x101011afL ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1za 26 Jun 2024" + + /*- + * The macros below are to be used for shared library (.so, .dll, ...) +diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c +index 356d65c..ccb1d4a 100644 +--- a/ssl/ssl_lib.c ++++ b/ssl/ssl_lib.c +@@ -2761,37 +2761,54 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + unsigned int server_len, + const unsigned char *client, unsigned int client_len) + { +- unsigned int i, j; +- const unsigned char *result; +- int status = OPENSSL_NPN_UNSUPPORTED; ++ PACKET cpkt, csubpkt, spkt, ssubpkt; ++ ++ if (!PACKET_buf_init(&cpkt, client, client_len) ++ || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt) ++ || PACKET_remaining(&csubpkt) == 0) { ++ *out = NULL; ++ *outlen = 0; ++ return OPENSSL_NPN_NO_OVERLAP; ++ } ++ ++ /* ++ * Set the default opportunistic protocol. Will be overwritten if we find ++ * a match. ++ */ ++ *out = (unsigned char *)PACKET_data(&csubpkt); ++ *outlen = (unsigned char)PACKET_remaining(&csubpkt); + + /* + * For each protocol in server preference order, see if we support it. + */ +- for (i = 0; i < server_len;) { +- for (j = 0; j < client_len;) { +- if (server[i] == client[j] && +- memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { +- /* We found a match */ +- result = &server[i]; +- status = OPENSSL_NPN_NEGOTIATED; +- goto found; ++ if (PACKET_buf_init(&spkt, server, server_len)) { ++ while (PACKET_get_length_prefixed_1(&spkt, &ssubpkt)) { ++ if (PACKET_remaining(&ssubpkt) == 0) ++ continue; /* Invalid - ignore it */ ++ if (PACKET_buf_init(&cpkt, client, client_len)) { ++ while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) { ++ if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt), ++ PACKET_remaining(&ssubpkt))) { ++ /* We found a match */ ++ *out = (unsigned char *)PACKET_data(&ssubpkt); ++ *outlen = (unsigned char)PACKET_remaining(&ssubpkt); ++ return OPENSSL_NPN_NEGOTIATED; ++ } ++ } ++ /* Ignore spurious trailing bytes in the client list */ ++ } else { ++ /* This should never happen */ ++ return OPENSSL_NPN_NO_OVERLAP; + } +- j += client[j]; +- j++; + } +- i += server[i]; +- i++; ++ /* Ignore spurious trailing bytes in the server list */ + } + +- /* There's no overlap between our protocols and the server's list. */ +- result = client; +- status = OPENSSL_NPN_NO_OVERLAP; +- +- found: +- *out = (unsigned char *)result + 1; +- *outlen = result[0]; +- return status; ++ /* ++ * There's no overlap between our protocols and the server's list. We use ++ * the default opportunistic protocol selected earlier ++ */ ++ return OPENSSL_NPN_NO_OVERLAP; + } + + #ifndef OPENSSL_NO_NEXTPROTONEG diff --git a/source/n/openssl11/openssl11.SlackBuild b/source/n/openssl11/openssl11.SlackBuild index 63b94f063..4bb3d9a80 100755 --- a/source/n/openssl11/openssl11.SlackBuild +++ b/source/n/openssl11/openssl11.SlackBuild @@ -2,7 +2,7 @@ # Copyright 2000 BSDi, Inc. Concord, CA, USA # Copyright 2001, 2002 Slackware Linux, Inc. Concord, CA, USA -# Copyright 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2018, 2023 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2018, 2023, 2024 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -28,6 +28,8 @@ TMP=${TMP:-/tmp} PKGNAM=openssl11 VERSION=${VERSION:-$(echo openssl-*.tar.gz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +# Get the new version number from the latest patch: +PKGVER=$(grep "^+" $(/bin/ls -t 00*patch | head -n 1) | grep OPENSSL_VERSION_TEXT | cut -f 2 -d \" | cut -f 2 -d ' ') BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: @@ -42,8 +44,8 @@ fi PKG1=$TMP/package-openssl11 PKG2=$TMP/package-ossllibs11 -NAME1=openssl11-$VERSION-$ARCH-$BUILD -NAME2=openssl11-solibs-$VERSION-$ARCH-$BUILD +NAME1=openssl11-$PKGVER-$ARCH-$BUILD +NAME2=openssl11-solibs-$PKGVER-$ARCH-$BUILD # If the variable PRINT_PACKAGE_NAME is set, then this script will report what # the name of the created package would be, and then exit. This information @@ -69,6 +71,14 @@ cd openssl-$VERSION # Fix pod syntax errors which are fatal wih a newer perl: find . -name "*.pod" -exec sed -i "s/^\=item \([0-9]\)\(\ \|$\)/\=item C<\1>/g" {} \; +# Apply patches to fix CVEs that were fixed by the 1.1.1{x,y,za} releases that +# were only available to subscribers to OpenSSL's premium extended support. +# These patches were prepared by backporting commits from the OpenSSL-3.0 repo. +# Thanks to Ken Zalewski! +cat $CWD/0001-openssl-1.1.1x_CVE-2023-5678_CVE-2024-0727.patch | patch -p1 --verbose || exit 1 +cat $CWD/0002-openssl-1.1.1y_CVE-2024-2511_CVE-2024-4741.patch | patch -p1 --verbose || exit 1 +cat $CWD/0003-openssl-1.1.1za_CVE-2024-5535.patch | patch -p1 --verbose || exit 1 + ## For openssl-1.1.x, don't try to change the soname. ## Use .so.1, not .so.1.0.0: #sed -i "s/soname=\$\$SHLIB\$\$SHLIB_SOVER\$\$SHLIB_SUFFIX/soname=\$\$SHLIB.1/g" Makefile.shared @@ -95,17 +105,22 @@ fi sed -i "s/#define OPENSSL_VERSION_NUMBER.*/\/* Use 0x1010100fL (1.1.1) below to avoid pointlessly breaking the ABI *\/\n#define OPENSSL_VERSION_NUMBER 0x1010100fL/g" include/openssl/opensslv.h || exit 1 chown -R root:root . -mkdir -p $PKG1/usr/doc/openssl-$VERSION +mkdir -p $PKG1/usr/doc/openssl-$PKGVER cp -a ACKNOWLEDGEMENTS AUTHORS CHANGES* CONTRIBUTING FAQ INSTALL* \ LICENSE* NEWS NOTES* README* doc \ - $PKG1/usr/doc/openssl-$VERSION -find $PKG1/usr/doc/openssl-$VERSION -type d -exec chmod 755 {} \+ -find $PKG1/usr/doc/openssl-$VERSION -type f -exec chmod 644 {} \+ + $PKG1/usr/doc/openssl-$PKGVER +# For this backported package, let's put the patches in the documentation since +# the CHANGES and other files are not up-to-date with the reported version. +# This'll make it more clear exactly what this package is. +cp -a $CWD/00* $PKG1/usr/doc/openssl-$PKGVER +chown root:root $PKG1/usr/doc/openssl-$PKGVER/00* +find $PKG1/usr/doc/openssl-$PKGVER -type d -exec chmod 755 {} \+ +find $PKG1/usr/doc/openssl-$PKGVER -type f -exec chmod 644 {} \+ # If there's a CHANGES file, installing at least part of the recent history # is useful, but don't let it get totally out of control: if [ -r CHANGES ]; then - DOCSDIR=$(echo $PKG1/usr/doc/*-$VERSION) + DOCSDIR=$(echo $PKG1/usr/doc/*-$PKGVER) cat CHANGES | head -n 2000 > $DOCSDIR/CHANGES touch -r CHANGES $DOCSDIR/CHANGES fi @@ -212,21 +227,21 @@ cp -a $PKG1//usr/lib${LIBDIRSUFFIX}/openssl-1.1/engines-1.1 $PKG2/usr/lib${LIBDI ) #mkdir -p $PKG2/etc #( cd $PKG2/etc ; cp -a $PKG1/etc/ssl . ) -mkdir -p $PKG2/usr/doc/openssl-$VERSION +mkdir -p $PKG2/usr/doc/openssl-$PKGVER ( cd $TMP/openssl-$VERSION cp -a CHANGES CHANGES.SSLeay FAQ INSTALL INSTALL.MacOS INSTALL.VMS INSTALL.W32 \ - LICENSE NEWS README README.ENGINE $PKG2/usr/doc/openssl-$VERSION + LICENSE NEWS README README.ENGINE $PKG2/usr/doc/openssl-$PKGVER # If there's a CHANGES file, installing at least part of the recent history # is useful, but don't let it get totally out of control: if [ -r CHANGES ]; then - DOCSDIR=$(echo $PKG2/usr/doc/*-$VERSION) + DOCSDIR=$(echo $PKG2/usr/doc/*-$PKGVER) cat CHANGES | head -n 2000 > $DOCSDIR/CHANGES touch -r CHANGES $DOCSDIR/CHANGES fi ) -find $PKG2/usr/doc/openssl-$VERSION -type d -exec chmod 755 {} \+ -find $PKG2/usr/doc/openssl-$VERSION -type f -exec chmod 644 {} \+ +find $PKG2/usr/doc/openssl-$PKGVER -type d -exec chmod 755 {} \+ +find $PKG2/usr/doc/openssl-$PKGVER -type f -exec chmod 644 {} \+ cd $PKG2 mkdir -p install cat $CWD/slack-desc.openssl11-solibs > install/slack-desc diff --git a/source/n/p11-kit/p11-kit.url b/source/n/p11-kit/p11-kit.url index cc0b54758..359d6f423 100644 --- a/source/n/p11-kit/p11-kit.url +++ b/source/n/p11-kit/p11-kit.url @@ -1,2 +1,2 @@ https://github.com/p11-glue/p11-kit/releases -https://github.com/p11-glue/p11-kit/releases/download/0.25.3/p11-kit-0.25.3.tar.xz +https://github.com/p11-glue/p11-kit/releases/download/0.25.5/p11-kit-0.25.5.tar.xz diff --git a/source/n/php/fetch-php.sh b/source/n/php/fetch-php.sh index aec301cb7..4f4e95206 100755 --- a/source/n/php/fetch-php.sh +++ b/source/n/php/fetch-php.sh @@ -1,2 +1,2 @@ -lftpget http://us.php.net/distributions/php-8.3.6.tar.xz.asc -lftpget http://us.php.net/distributions/php-8.3.6.tar.xz +lftpget http://us.php.net/distributions/php-8.3.11.tar.xz.asc +lftpget http://us.php.net/distributions/php-8.3.11.tar.xz diff --git a/source/n/php/php.SlackBuild b/source/n/php/php.SlackBuild index 5f4b49261..4197e36cc 100755 --- a/source/n/php/php.SlackBuild +++ b/source/n/php/php.SlackBuild @@ -28,12 +28,12 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=php VERSION=${VERSION:-$(echo php-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} ALPINE=2.26 -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -55,26 +55,20 @@ PKG=$TMP/package-php/ rm -rf $PKG mkdir -p $TMP $PKG -if [ "$ARCH" = "i386" ]; then - SLKCFLAGS="-O2 -march=i386 -mcpu=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i486" ]; then - SLKCFLAGS="-O2 -march=i486 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" LIBDIRSUFFIX="" fi +# GCC 14 "fix": +SLKCFLAGS="$SLKCFLAGS -Wno-error=incompatible-pointer-types" + # Look for Kerberos on the machine and in any precompiled c-client.a: if /bin/ls /lib${LIBDIRSUFFIX}/libkrb5.so.? 1> /dev/null 2> /dev/null ; then # Remove the c-client library if it doesn't contain Kerberos support: diff --git a/source/n/pidentd/pidentd.SlackBuild b/source/n/pidentd/pidentd.SlackBuild index 56ba4a1a3..c1bae462a 100755 --- a/source/n/pidentd/pidentd.SlackBuild +++ b/source/n/pidentd/pidentd.SlackBuild @@ -66,7 +66,7 @@ find . \ zcat $CWD/pidentd.conf.diff.gz | patch -p1 --backup --verbose || exit 1 zcat $CWD/pidentd.openssl-1.1.diff.gz | patch -p1 --backup --verbose || exit 1 -CFLAGS=-O2 \ +CFLAGS="-O2 -Wno-error=implicit-function-declaration" \ ./configure \ --prefix=/usr \ --sysconfdir=/etc \ diff --git a/source/n/pinentry/pinentry.SlackBuild b/source/n/pinentry/pinentry.SlackBuild index 78bff099b..f19fe8736 100755 --- a/source/n/pinentry/pinentry.SlackBuild +++ b/source/n/pinentry/pinentry.SlackBuild @@ -25,12 +25,12 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=pinentry VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -51,12 +51,16 @@ if [ "$ARCH" = "i586" ]; then SLKCFLAGS="-O2 -march=i586 -mtune=i686" LIBDIRSUFFIX="" ARCHQUADLET="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" + LIBDIRSUFFIX="" + ARCHQUADLET="" elif [ "$ARCH" = "s390" ]; then SLKCFLAGS="-O2" LIBDIRSUFFIX="" ARCHQUADLET="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" ARCHQUADLET="" elif [ "$ARCH" = "arm" ]; then diff --git a/source/n/popa3d/popa3d.SlackBuild b/source/n/popa3d/popa3d.SlackBuild index c3cd6543b..91b1b6436 100755 --- a/source/n/popa3d/popa3d.SlackBuild +++ b/source/n/popa3d/popa3d.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=popa3d VERSION=1.0.3 -BUILD=${BUILD:-7} +BUILD=${BUILD:-8} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -46,6 +46,20 @@ fi NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} +if [ "$ARCH" = "i586" ]; then + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + LIBDIRSUFFIX="64" +elif [ "$ARCH" = "armv7hl" ]; then + LIBDIRSUFFIX="" +else + LIBDIRSUFFIX="" +fi + TMP=${TMP:-/tmp} PKG=$TMP/package-popa3d rm -rf $PKG @@ -56,12 +70,10 @@ rm -rf popa3d-$VERSION tar xvf $CWD/popa3d-$VERSION.tar.?z || exit 1 cd popa3d-$VERSION || exit 1 -# Choose correct options depending on whether PAM is installed: -if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then - zcat $CWD/popa3d.pam.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit 1 -else - zcat $CWD/popa3d.shadow.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit 1 -fi +# Choose correct options for PAM: +zcat $CWD/popa3d.pam.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit 1 + +zcat $CWD/popa3d.gcc14.diff.gz | patch -p1 --verbose || exit 1 chown -R root:root . find . \ diff --git a/source/n/popa3d/popa3d.gcc14.diff b/source/n/popa3d/popa3d.gcc14.diff new file mode 100644 index 000000000..932b57741 --- /dev/null +++ b/source/n/popa3d/popa3d.gcc14.diff @@ -0,0 +1,11 @@ +--- ./Makefile.orig 2024-05-11 14:15:26.383948970 -0500 ++++ ./Makefile 2024-05-11 14:16:03.483949800 -0500 +@@ -3,7 +3,7 @@ + RM = rm -f + MKDIR = mkdir -p + INSTALL = install -c +-CFLAGS = -Wall -O2 -fomit-frame-pointer ++CFLAGS = -Wall -O2 -fomit-frame-pointer -Wno-error=implicit-function-declaration -Wno-error=int-conversion + # You may use OpenSSL's MD5 routines instead of the ones supplied here + CFLAGS += -DHAVE_OPENSSL + LDFLAGS = -s diff --git a/source/n/popa3d/popa3d.pam.diff b/source/n/popa3d/popa3d.pam.diff index c0b643844..700dd40d6 100644 --- a/source/n/popa3d/popa3d.pam.diff +++ b/source/n/popa3d/popa3d.pam.diff @@ -1,7 +1,6 @@ -diff -up ../popa3d-1.0.3.orig/Makefile ./Makefile ---- ../popa3d-1.0.3.orig/Makefile 2006-03-05 05:36:54.000000000 -0500 -+++ ./Makefile 2018-09-18 12:56:05.412312376 -0400 -@@ -5,26 +5,26 @@ MKDIR = mkdir -p +--- ./Makefile.orig 2006-03-05 04:36:54.000000000 -0600 ++++ ./Makefile 2024-05-15 19:42:54.924020444 -0500 +@@ -5,26 +5,26 @@ INSTALL = install -c CFLAGS = -Wall -O2 -fomit-frame-pointer # You may use OpenSSL's MD5 routines instead of the ones supplied here @@ -33,10 +32,8 @@ diff -up ../popa3d-1.0.3.orig/Makefile ./Makefile SBINDIR = $(PREFIX)/sbin MANDIR = $(PREFIX)/man -Common subdirectories: ../popa3d-1.0.3.orig/md5 and ./md5 -diff -up ../popa3d-1.0.3.orig/params.h ./params.h ---- ../popa3d-1.0.3.orig/params.h 2006-03-05 08:18:32.000000000 -0500 -+++ ./params.h 2018-09-18 12:55:55.953210742 -0400 +--- ./params.h.orig 2006-03-05 07:18:32.000000000 -0600 ++++ ./params.h 2024-05-15 19:43:21.877021047 -0500 @@ -13,7 +13,7 @@ /* * Are we going to be a standalone server or start via an inetd clone? @@ -55,6 +52,17 @@ diff -up ../popa3d-1.0.3.orig/params.h ./params.h /* * An empty directory to chroot to before authentication. The directory +@@ -155,8 +155,8 @@ + * Note that there's no built-in password aging support. + */ + #define AUTH_PASSWD 0 +-#define AUTH_SHADOW 1 +-#define AUTH_PAM 0 ++#define AUTH_SHADOW 0 ++#define AUTH_PAM 1 + #define AUTH_PAM_USERPASS 0 + #define USE_LIBPAM_USERPASS 0 + @@ -191,7 +191,7 @@ * * #undef this for qmail-style $HOME/Mailbox mailboxes. diff --git a/source/n/popa3d/popa3d.shadow.diff b/source/n/popa3d/popa3d.shadow.diff deleted file mode 100644 index 773f90856..000000000 --- a/source/n/popa3d/popa3d.shadow.diff +++ /dev/null @@ -1,58 +0,0 @@ ---- ./Makefile.orig 2006-03-05 04:36:20.000000000 -0600 -+++ ./Makefile 2006-03-12 16:20:44.000000000 -0600 -@@ -5,11 +5,11 @@ - INSTALL = install -c - CFLAGS = -Wall -O2 -fomit-frame-pointer - # You may use OpenSSL's MD5 routines instead of the ones supplied here --#CFLAGS += -DHAVE_OPENSSL -+CFLAGS += -DHAVE_OPENSSL - LDFLAGS = -s - LIBS = - # Linux with glibc, FreeBSD, NetBSD --#LIBS += -lcrypt -+LIBS += -lcrypt - # HP-UX trusted system - #LIBS += -lsec - # Solaris (POP_STANDALONE, POP_VIRTUAL) -@@ -21,10 +21,10 @@ - # libwrap may also want this - #LIBS += -lnsl - # OpenSSL (-DHAVE_OPENSSL) --#LIBS += -lcrypto -+LIBS += -lcrypto - - DESTDIR = --PREFIX = /usr/local -+PREFIX = /usr - SBINDIR = $(PREFIX)/sbin - MANDIR = $(PREFIX)/man - ---- ./params.h.orig 2006-03-05 06:44:52.000000000 -0600 -+++ ./params.h 2006-03-12 16:23:16.000000000 -0600 -@@ -13,7 +13,7 @@ - /* - * Are we going to be a standalone server or start via an inetd clone? - */ --#define POP_STANDALONE 0 -+#define POP_STANDALONE 1 - - #if POP_STANDALONE - -@@ -103,7 +103,7 @@ - * A pseudo-user to run as before authentication. The user and its UID - * must not be used for any other purpose. - */ --#define POP_USER POP_SERVER -+#define POP_USER "pop" - - /* - * An empty directory to chroot to before authentication. The directory -@@ -191,7 +191,7 @@ - * - * #undef this for qmail-style $HOME/Mailbox mailboxes. - */ --#define MAIL_SPOOL_PATH "/var/mail" -+#define MAIL_SPOOL_PATH "/var/spool/mail" - - #ifndef MAIL_SPOOL_PATH - /* diff --git a/source/n/ppp/doinst.sh b/source/n/ppp/doinst.sh index 3a74db67c..fa67ed922 100644 --- a/source/n/ppp/doinst.sh +++ b/source/n/ppp/doinst.sh @@ -11,10 +11,7 @@ config() { # Otherwise, we leave the .new copy for the admin to consider... } -if [ -r etc/pam.d/ppp.new ]; then - config etc/pam.d/ppp.new -fi - +config etc/pam.d/ppp.new config etc/ppp/chap-secrets.new config etc/ppp/options.new config etc/ppp/pap-secrets.new diff --git a/source/n/ppp/options.new b/source/n/ppp/options.new index 2a0286576..a8f93365d 100644 --- a/source/n/ppp/options.new +++ b/source/n/ppp/options.new @@ -1,68 +1,15 @@ # /etc/ppp/options # -# $Id: options,v 1.4 1996/05/01 18:57:04 alvar Exp $ -# -# Originally created by Jim Knoble <jmknoble@mercury.interpath.net> -# Modified for Debian by alvar Bray <alvar@meiko.co.uk> -# Modified for PPP Server setup by Christoph Lameter <clameter@debian.org> -# Modified for Slackware by Pat Volkerding <volkerdi@slackware.com> -# -# Use the command egrep -v '#|^ *$' /etc/ppp/options to quickly see what -# options are active in this file. - -# Specify which DNS Servers the incoming Win95 or WinNT Connection should use -# Two Servers can be remotely configured -# dns-addr 192.168.1.1 -# dns-addr 192.168.1.2 - -# Specify which WINS Servers the incoming connection Win95 or WinNT should use -# wins-addr 192.168.1.50 -# wins-addr 192.168.1.51 - -# Run the executable or shell command specified after pppd has -# terminated the link. This script could, for example, issue commands -# to the modem to cause it to hang up if hardware modem control signals -# were not available. -#disconnect "chat -- \d+++\d\c OK ath0 OK" # async character map -- 32-bit hex; each bit is a character # that needs to be escaped for pppd to receive it. 0x00000001 # represents '\x01', and 0x80000000 represents '\x1f'. asyncmap 0 -# Require the peer to authenticate itself before allowing network -# packets to be sent or received. -# For a PPP Server with script based logins not using PAP or CHAP -# you need to disable this setting. -#auth - -# Do not require the other end of the connection to authenticate itself. -# This option is dangerous if pppd is setuid. -# If you also have ethernet and are having problems getting PPP to connect -# over a modem, try this option. -#noauth - # Use hardware flow control (i.e. RTS/CTS) to control the flow of data # on the serial port. crtscts -# Use software flow control (i.e. XON/XOFF) to control the flow of data -# on the serial port. -#xonxoff - -# Specifies that certain characters should be escaped on transmission -# (regardless of whether the peer requests them to be escaped with its -# async control character map). The characters to be escaped are -# specified as a list of hex numbers separated by commas. Note that -# almost any character can be specified for the escape option, unlike -# the asyncmap option which only allows control characters to be -# specified. The characters which may not be escaped are those with hex -# values 0x20 - 0x3f or 0x5e. -#escape 11,13,ff - -# Don't use the modem control lines. -#local - # Specifies that pppd should use a UUCP-style lock on the serial device # to ensure exclusive access to the device. lock @@ -72,131 +19,11 @@ lock # implemented.) modem -# Set the MRU [Maximum Receive Unit] value to <n> for negotiation. pppd -# will ask the peer to send packets of no more than <n> bytes. The -# minimum MRU value is 128. The default MRU value is 1500. A value of -# 296 is recommended for slow links (40 bytes for TCP/IP header + 256 -# bytes of data). -#mru 542 - -# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot" -# notation (e.g. 255.255.255.0). -#netmask 255.255.255.0 - -# Disables the default behaviour when no local IP address is specified, -# which is to determine (if possible) the local IP address from the -# hostname. With this option, the peer will have to supply the local IP -# address during IPCP negotiation (unless it specified explicitly on the -# command line or in an options file). -#noipdefault - -# Enables the "passive" option in the LCP. With this option, pppd will -# attempt to initiate a connection; if no reply is received from the -# peer, pppd will then just wait passively for a valid LCP packet from -# the peer (instead of exiting, as it does without this option). -#passive - -# With this option, pppd will not transmit LCP packets to initiate a -# connection until a valid LCP packet is received from the peer (as for -# the "passive" option with old versions of pppd). -#silent - -# Don't request or allow negotiation of any options for LCP and IPCP -# (use default values). -#-all - -# Disable Address/Control compression negotiation (use default, i.e. -# address/control field disabled). -#-ac - -# Disable asyncmap negotiation (use the default asyncmap, i.e. escape -# all control characters). -#-am - -# Don't fork to become a background process (otherwise pppd will do so -# if a serial device is specified). -#-detach - -# Disable IP address negotiation (with this option, the remote IP -# address must be specified with an option on the command line or in an -# options file). -#-ip - -# Disable magic number negotiation. With this option, pppd cannot -# detect a looped-back line. -#-mn - -# Disable MRU [Maximum Receive Unit] negotiation (use default, i.e. -# 1500). -#-mru - -# Disable protocol field compression negotiation (use default, i.e. -# protocol field compression disabled). -#-pc - -# Require the peer to authenticate itself using PAP. -#+pap - -# Don't agree to authenticate using PAP. -#-pap - -# Require the peer to authenticate itself using CHAP [Cryptographic -# Handshake Authentication Protocol] authentication. -#+chap - -# Don't agree to authenticate using CHAP. -#-chap - -# Disable negotiation of Van Jacobson style IP header compression (use -# default, i.e. no compression). -#-vj - -# Increase debugging level (same as -d). If this option is given, pppd -# will log the contents of all control packets sent or received in a -# readable form. The packets are logged through syslog with facility -# daemon and level debug. This information can be directed to a file by -# setting up /etc/syslog.conf appropriately (see syslog.conf(5)). (If -# pppd is compiled with extra debugging enabled, it will log messages -# using facility local2 instead of daemon). -#debug - -# Append the domain name <d> to the local host name for authentication -# purposes. For example, if gethostname() returns the name porsche, -# but the fully qualified domain name is porsche.Quotron.COM, you would -# use the domain option to set the domain name to Quotron.COM. -#domain <d> - -# Enable debugging code in the kernel-level PPP driver. The argument n -# is a number which is the sum of the following values: 1 to enable -# general debug messages, 2 to request that the contents of received -# packets be printed, and 4 to request that the contents of transmitted -# packets be printed. -#kdebug n - -# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer -# requests a smaller value via MRU negotiation, pppd will request that -# the kernel networking code send data packets of no more than n bytes -# through the PPP network interface. -#mtu <n> - -# Enforce the use of the hostname as the name of the local system for -# authentication purposes (overrides the name option). -#usehostname - -# Set the assumed name of the remote system for authentication purposes -# to <n>. -#remotename <n> - # Add an entry to this system's ARP [Address Resolution Protocol] # table with the IP address of the peer and the Ethernet address of this # system. proxyarp -# Use the system password database for authenticating the peer using -# PAP. Note: mgetty already provides this option. If this is specified -# then dialin from users using a script under Linux to fire up ppp wont work. -# login - # If this option is given, pppd will send an LCP echo-request frame to # the peer every n seconds. Under Linux, the echo-request is sent when # no packets have been received from the peer for n seconds. Normally @@ -213,64 +40,3 @@ lcp-echo-interval 30 # connection has been broken (e.g., the modem has hung up) in # situations where no hardware modem control lines are available. lcp-echo-failure 4 - -# Set the LCP restart interval (retransmission timeout) to <n> seconds -# (default 3). -#lcp-restart <n> - -# Set the maximum number of LCP terminate-request transmissions to <n> -# (default 3). -#lcp-max-terminate <n> - -# Set the maximum number of LCP configure-request transmissions to <n> -# (default 10). -#lcp-max-configure <n> - -# Set the maximum number of LCP configure-NAKs returned before starting -# to send configure-Rejects instead to <n> (default 10). -#lcp-max-failure <n> - -# Set the IPCP restart interval (retransmission timeout) to <n> -# seconds (default 3). -#ipcp-restart <n> - -# Set the maximum number of IPCP terminate-request transmissions to <n> -# (default 3). -#ipcp-max-terminate <n> - -# Set the maximum number of IPCP configure-request transmissions to <n> -# (default 10). -#ipcp-max-configure <n> - -# Set the maximum number of IPCP configure-NAKs returned before starting -# to send configure-Rejects instead to <n> (default 10). -#ipcp-max-failure <n> - -# Set the PAP restart interval (retransmission timeout) to <n> seconds -# (default 3). -#pap-restart <n> - -# Set the maximum number of PAP authenticate-request transmissions to -# <n> (default 10). -#pap-max-authreq <n> - -# Set the CHAP restart interval (retransmission timeout for -# challenges) to <n> seconds (default 3). -#chap-restart <n> - -# Set the maximum number of CHAP challenge transmissions to <n> -# (default 10). -#chap-max-challenge - -# If this option is given, pppd will rechallenge the peer every <n> -# seconds. -#chap-interval <n> - -# With this option, pppd will accept the peer's idea of our local IP -# address, even if the local IP address was specified in an option. -#ipcp-accept-local - -# With this option, pppd will accept the peer's idea of its (remote) IP -# address, even if the remote IP address was specified in an option. -#ipcp-accept-remote - diff --git a/source/n/ppp/ppp.CVE-2015-3310.diff b/source/n/ppp/ppp.CVE-2015-3310.diff deleted file mode 100644 index ecf53ce49..000000000 --- a/source/n/ppp/ppp.CVE-2015-3310.diff +++ /dev/null @@ -1,11 +0,0 @@ ---- ./pppd/plugins/radius/util.c.orig 2015-04-17 11:43:59.687374237 -0500 -+++ ./pppd/plugins/radius/util.c 2015-04-17 11:45:12.612379499 -0500 -@@ -77,7 +77,7 @@ - static unsigned short int cnt = 0; - sprintf (buf, "%08lX%04X%02hX", - (unsigned long int) time (NULL), -- (unsigned int) getpid (), -+ (unsigned int) getpid () % 65535, - cnt & 0xFF); - cnt++; - return buf; diff --git a/source/n/ppp/ppp.SlackBuild b/source/n/ppp/ppp.SlackBuild index 9504fca35..c5ff8dd17 100755 --- a/source/n/ppp/ppp.SlackBuild +++ b/source/n/ppp/ppp.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2008, 2009, 2010, 2013, 2015, 2018, 2020, 2021 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2008, 2009, 2010, 2013, 2015, 2018, 2020, 2021, 2024 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -23,17 +23,17 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=ppp -VERSION=2.4.9 +VERSION=2.5.1 RADVER=1.1.7 PPPVER=1.98 -BUILD=${BUILD:-4} +BUILD=${BUILD:-1} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -74,36 +74,37 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ -zcat $CWD/ppp.slack.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit 1 sed -i -e "s#lib/pppd#lib${LIBDIRSUFFIX}/pppd#g" $(grep -lr 'lib/pppd' *) -# This conflicts with the header in 3.5+ kernels: -rm -f include/linux/if_pppol2tp.h - -zcat $CWD/ppp.CVE-2015-3310.diff.gz | patch -p1 --verbose || exit 1 - -# Choose correct options depending on whether PAM is installed: -if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then - PAM_OPTIONS="USE_PAM=y" -else - unset PAM_OPTIONS +# Configure, build, and install: +if [ ! -r configure ]; then + if [ -x ./autogen.sh ]; then + NOCONFIGURE=1 ./autogen.sh + else + autoreconf -vif + fi fi - +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ ./configure \ --prefix=/usr \ - --libdir=/usr/lib${LIBDIRSUFFIX} || exit 1 - -make $PAM_OPTIONS $NUMJOBS || make $PAM_OPTIONS || exit 1 -make $PAM_OPTIONS install DESTDIR=$PKG/usr || exit 1 - -if [ ! -z "$PAM_OPTIONS" ]; then - mkdir -p $PKG/etc/pam.d - cat pppd/ppp.pam > $PKG/etc/pam.d/ppp.new -fi + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --docdir=/usr/doc/$PKGNAM-$VERSION \ + --mandir=/usr/man \ + --infodir=/usr/info \ + --disable-static \ + --build=$ARCH-slackware-linux || exit 1 +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 # Install PPP config files: -mkdir -p $PKG/etc/ppp +rm -f $PKG/etc/ppp/* cp -a etc.ppp/* $PKG/etc/ppp +for file in $PKG/etc/ppp/*.example ; do + mv $file $(dirname $file)/$(basename $file .example) +done chmod 600 $PKG/etc/ppp/*secrets ( cd $PKG/etc/ppp mv chap-secrets chap-secrets.new @@ -111,22 +112,21 @@ chmod 600 $PKG/etc/ppp/*secrets mv pap-secrets pap-secrets.new ) zcat $CWD/options.new.gz > $PKG/etc/ppp/options.new +mkdir -p $PKG/etc/pam.d +cat pppd/ppp.pam > $PKG/etc/pam.d/ppp.new -# Fix what seems like an insecure default setting. -# Feel free to "chmod 4750 pppoatm.so rp-pppoe.so" at your own risk. -# Since they are only runnable by group root, the risk really isn't much... -chmod 755 $PKG/usr/lib${LIBDIRSUFFIX}/pppd/*/*.so - -# The Makefile doesn't error out if building rp-pppoe.so fails, so check for it: -if [ ! -r $PKG/usr/lib${LIBDIRSUFFIX}/pppd/${VERSION}/rp-pppoe.so ]; then - echo "FATAL: /usr/lib${LIBDIRSUFFIX}/pppd/${VERSION}/rp-pppoe.so failed to build." +# The Makefile doesn't error out if building pppoe.so fails, so check for it: +if [ ! -r $PKG/usr/lib${LIBDIRSUFFIX}/pppd/${VERSION}/pppoe.so ]; then + echo "FATAL: /usr/lib${LIBDIRSUFFIX}/pppd/${VERSION}/pppoe.so failed to build." exit 1 fi mkdir -p $PKG/usr/doc/ppp-$VERSION cp -a \ - FAQ PLUGINS README* SETUP scripts \ + AUTHORS* COPYING* ChangeLog* FAQ* LICENSE* NEWS* PLUGINS* README* SECURITY* SETUP* Submitting-patches* \ + scripts \ $PKG/usr/doc/ppp-$VERSION +rm -f $PKG/usr/doc/ppp-$VERSION/scripts/Makefile* echo "+====================+" echo "| freeradius-client-$RADVER |" @@ -180,7 +180,7 @@ cp -a \ $PKG/usr/doc/pppsetup # Don't ship .la files: -rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la +find $PKG -name "*.la" -exec rm -f "{}" \; ( cd $PKG find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null diff --git a/source/n/ppp/ppp.slack.diff b/source/n/ppp/ppp.slack.diff deleted file mode 100644 index 585247d7c..000000000 --- a/source/n/ppp/ppp.slack.diff +++ /dev/null @@ -1,86 +0,0 @@ ---- ./chat/Makefile.linux.orig 2021-01-04 17:06:37.000000000 -0600 -+++ ./chat/Makefile.linux 2021-01-25 12:56:35.570645743 -0600 -@@ -4,7 +4,7 @@ - - DESTDIR = $(INSTROOT)@DESTDIR@ - BINDIR = $(DESTDIR)/sbin --MANDIR = $(DESTDIR)/share/man/man8 -+MANDIR = $(DESTDIR)/man/man8 - - CDEF1= -DTERMIOS # Use the termios structure - CDEF2= -DSIGTYPE=void # Standard definition ---- ./pppdump/Makefile.linux.orig 2021-01-04 17:06:37.000000000 -0600 -+++ ./pppdump/Makefile.linux 2021-01-25 12:56:35.570645743 -0600 -@@ -4,7 +4,7 @@ - - DESTDIR = $(INSTROOT)@DESTDIR@ - BINDIR = $(DESTDIR)/sbin --MANDIR = $(DESTDIR)/share/man/man8 -+MANDIR = $(DESTDIR)/man/man8 - - CFLAGS = $(COPTS) -I../include/net - OBJS = pppdump.o bsd-comp.o deflate.o zlib.o ---- ./pppd/Makefile.linux.orig 2021-01-04 17:06:37.000000000 -0600 -+++ ./pppd/Makefile.linux 2021-01-25 12:56:35.570645743 -0600 -@@ -10,7 +10,7 @@ - # Default installation locations - DESTDIR = $(INSTROOT)@DESTDIR@ - BINDIR = $(DESTDIR)/sbin --MANDIR = $(DESTDIR)/share/man/man8 -+MANDIR = $(DESTDIR)/man/man8 - INCDIR = $(DESTDIR)/include - - TARGETS = pppd -@@ -74,7 +74,7 @@ - PLUGIN=y - - # Enable Microsoft proprietary Callback Control Protocol --#CBCP=y -+CBCP=y - - # Enable EAP SRP-SHA1 authentication (requires libsrp) - #USE_SRP=y ---- ./pppd/plugins/Makefile.linux.orig 2021-01-04 17:06:37.000000000 -0600 -+++ ./pppd/plugins/Makefile.linux 2021-01-25 12:56:35.570645743 -0600 -@@ -4,7 +4,7 @@ - - DESTDIR = $(INSTROOT)@DESTDIR@ - BINDIR = $(DESTDIR)/sbin --MANDIR = $(DESTDIR)/share/man/man8 -+MANDIR = $(DESTDIR)/man/man8 - LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) - - CFLAGS = $(COPTS) -I.. -I../../include -fPIC ---- ./pppd/plugins/radius/Makefile.linux.orig 2021-01-04 17:06:37.000000000 -0600 -+++ ./pppd/plugins/radius/Makefile.linux 2021-01-25 12:56:35.570645743 -0600 -@@ -8,7 +8,7 @@ - COPTS=@CFLAGS@ - - DESTDIR = $(INSTROOT)@DESTDIR@ --MANDIR = $(DESTDIR)/share/man/man8 -+MANDIR = $(DESTDIR)/man/man8 - LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) - - VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) ---- ./linux/Makefile.top.orig 2021-01-04 17:06:37.000000000 -0600 -+++ ./linux/Makefile.top 2021-01-25 12:56:35.570645743 -0600 -@@ -3,7 +3,7 @@ - DESTDIR = $(INSTROOT)@DESTDIR@ - BINDIR = $(DESTDIR)/sbin - INCDIR = $(DESTDIR)/include --MANDIR = $(DESTDIR)/share/man -+MANDIR = $(DESTDIR)/man - ETCDIR = $(INSTROOT)@SYSCONF@/ppp - - # uid 0 = root ---- ./pppstats/Makefile.linux.orig 2021-01-04 17:06:37.000000000 -0600 -+++ ./pppstats/Makefile.linux 2021-01-25 12:56:35.570645743 -0600 -@@ -7,7 +7,7 @@ - - DESTDIR = $(INSTROOT)@DESTDIR@ - BINDIR = $(DESTDIR)/sbin --MANDIR = $(DESTDIR)/share/man/man8 -+MANDIR = $(DESTDIR)/man/man8 - - PPPSTATSRCS = pppstats.c - PPPSTATOBJS = pppstats.o diff --git a/source/n/procmail/procmail.SlackBuild b/source/n/procmail/procmail.SlackBuild index 8e8821ad6..ab6ce8440 100755 --- a/source/n/procmail/procmail.SlackBuild +++ b/source/n/procmail/procmail.SlackBuild @@ -57,7 +57,10 @@ cd $TMP rm -rf procmail-$VERSION tar xvf $CWD/procmail-$VERSION.tar.?z || exit 1 cd procmail-$VERSION || exit 1 + zcat $CWD/procmail.lfs.diff.gz | patch -p1 --verbose || exit 1 +zcat $CWD/procmail.gcc14.diff.gz | patch -p1 --verbose || exit 1 + chown -R root:root . find . \ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ diff --git a/source/n/procmail/procmail.gcc14.diff b/source/n/procmail/procmail.gcc14.diff new file mode 100644 index 000000000..1fcc8fd26 --- /dev/null +++ b/source/n/procmail/procmail.gcc14.diff @@ -0,0 +1,12 @@ +--- ./Makefile.orig 2024-05-11 14:25:05.399961923 -0500 ++++ ./Makefile 2024-05-11 14:25:19.301962234 -0500 +@@ -86,7 +86,8 @@ + #-Wimplicit -Wshadow -Wid-clash-6 #-Wuninitialized + + # The place to put your favourite extra cc flag +-CFLAGS0 = -O -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 #$(GCC_WARNINGS) ++CFLAGS0 = -O -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -Wno-error=implicit-int -Wno-error=implicit-function-declaration #$(GCC_WARNINGS) ++ + LDFLAGS0= -s + # Read my libs :-) + LIBS= diff --git a/source/n/proftpd/proftpd.SlackBuild b/source/n/proftpd/proftpd.SlackBuild index 902c1de66..b918d1a57 100755 --- a/source/n/proftpd/proftpd.SlackBuild +++ b/source/n/proftpd/proftpd.SlackBuild @@ -25,11 +25,11 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=proftpd VERSION=1.3.8b DIRVER=1.3.8b -BUILD=${BUILD:-3} +BUILD=${BUILD:-4} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} -PROFTPD_MODS="mod_radius:mod_ban:mod_readme:mod_ratio:mod_tls:mod_wrap:mod_ctrls_admin:mod_quotatab:mod_quotatab_file:mod_sftp:mod_facl:mod_ldap" +PROFTPD_MODS="mod_radius:mod_ban:mod_readme:mod_ratio:mod_tls:mod_wrap2:mod_wrap2_file:mod_ctrls_admin:mod_quotatab:mod_quotatab_file:mod_sftp:mod_facl:mod_ldap" # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/rp-pppoe/doinst.sh b/source/n/rp-pppoe/doinst.sh index 527dfa903..dd0fdd6a9 100644 --- a/source/n/rp-pppoe/doinst.sh +++ b/source/n/rp-pppoe/doinst.sh @@ -10,7 +10,4 @@ config() { fi # Otherwise, we leave the .new copy for the admin to consider... } -config etc/ppp/firewall-masq.new -config etc/ppp/firewall-standalone.new config etc/ppp/pppoe-server-options.new -config etc/ppp/pppoe.conf.new diff --git a/source/n/rp-pppoe/rp-pppoe-3.12-doc.patch b/source/n/rp-pppoe/rp-pppoe-3.12-doc.patch deleted file mode 100644 index e6e1b117d..000000000 --- a/source/n/rp-pppoe/rp-pppoe-3.12-doc.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -up rp-pppoe-3.12/src/Makefile.in.than rp-pppoe-3.12/src/Makefile.in ---- rp-pppoe-3.12/src/Makefile.in.than 2015-11-16 17:25:40.566618656 +0100 -+++ rp-pppoe-3.12/src/Makefile.in 2015-11-16 17:25:57.749517019 +0100 -@@ -165,14 +165,6 @@ install: all - $(install) -m 755 ../scripts/pppoe-status $(DESTDIR)$(sbindir) - $(install) -m 755 ../scripts/pppoe-stop $(DESTDIR)$(sbindir) - $(install) -m 755 ../scripts/pppoe-setup $(DESTDIR)$(sbindir) -- -mkdir -p $(DESTDIR)$(docdir) -- $(install) -m 644 ../doc/CHANGES $(DESTDIR)$(docdir) -- $(install) -m 644 ../doc/KERNEL-MODE-PPPOE $(DESTDIR)$(docdir) -- $(install) -m 644 ../doc/HOW-TO-CONNECT $(DESTDIR)$(docdir) -- $(install) -m 644 ../doc/LICENSE $(DESTDIR)$(docdir) -- $(install) -m 644 ../README $(DESTDIR)$(docdir) -- $(install) -m 644 ../SERVPOET $(DESTDIR)$(docdir) -- $(install) -m 644 ../configs/pap-secrets $(DESTDIR)$(docdir) - -mkdir -p $(DESTDIR)$(mandir)/man8 - for i in $(TARGETS) ; do \ - if test -f ../man/$$i.8 ; then \ diff --git a/source/n/rp-pppoe/rp-pppoe-3.12-plugin.patch b/source/n/rp-pppoe/rp-pppoe-3.12-plugin.patch deleted file mode 100644 index 5b7671724..000000000 --- a/source/n/rp-pppoe/rp-pppoe-3.12-plugin.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up rp-pppoe-3.12/src/configure.in.than rp-pppoe-3.12/src/configure.in ---- rp-pppoe-3.12/src/configure.in.than 2015-12-11 16:19:38.700092797 +0100 -+++ rp-pppoe-3.12/src/configure.in 2015-12-11 16:20:15.670875690 +0100 -@@ -26,6 +26,7 @@ AC_CHECK_HEADERS(linux/if_pppox.h, [], [ - #include<net/ethernet.h> - #include<linux/if.h> - #include<linux/in.h> -+#include<linux/in6.h> - ]) - - dnl Checks for typedefs, structures, and compiler characteristics. -diff -up rp-pppoe-3.12/src/configure.than rp-pppoe-3.12/src/configure diff --git a/source/n/rp-pppoe/rp-pppoe-3.12-pluginpath.patch b/source/n/rp-pppoe/rp-pppoe-3.12-pluginpath.patch deleted file mode 100644 index c322b00a3..000000000 --- a/source/n/rp-pppoe/rp-pppoe-3.12-pluginpath.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up rp-pppoe-3.12/src/pppoe-server.c.than rp-pppoe-3.12/src/pppoe-server.c ---- rp-pppoe-3.12/src/pppoe-server.c.than 2015-12-17 11:17:30.257775608 +0100 -+++ rp-pppoe-3.12/src/pppoe-server.c 2015-12-17 11:18:44.276951643 +0100 -@@ -2014,7 +2014,7 @@ startPPPDLinuxKernelMode(ClientSession * - - argv[c++] = "pppd"; - argv[c++] = "plugin"; -- argv[c++] = PLUGIN_PATH; -+ argv[c++] = "rp-pppoe.so"; - - /* Add "nic-" to interface name */ - snprintf(buffer, SMALLBUF, "nic-%s", session->ethif->name); diff --git a/source/n/rp-pppoe/rp-pppoe-3.14-ip-allocation.patch b/source/n/rp-pppoe/rp-pppoe-3.14-ip-allocation.patch deleted file mode 100644 index 0fc03e753..000000000 --- a/source/n/rp-pppoe/rp-pppoe-3.14-ip-allocation.patch +++ /dev/null @@ -1,109 +0,0 @@ ---- ./man/pppoe-server.8.orig 2020-05-26 19:29:37.000000000 -0500 -+++ ./man/pppoe-server.8 2020-05-27 17:54:43.214892590 -0500 -@@ -96,6 +96,11 @@ - of 10.67.15.1 is used. - - .TP -+.B \-D -+Delegate the allocation of IP addresses to \fBpppd\fR. If specified, no -+local and remote addresses passed to pppd. -+ -+.TP - .B \-N \fInum\fR - Allows at most \fInum\fR concurrent PPPoE sessions. If not specified, - the default is 64. ---- ./src/pppoe-server.c.orig 2020-05-26 19:29:37.000000000 -0500 -+++ ./src/pppoe-server.c 2020-05-27 17:56:43.228890338 -0500 -@@ -182,6 +182,9 @@ - unsigned char LocalIP[IPV4ALEN] = {10, 0, 0, 1}; /* Counter optionally STARTS here */ - unsigned char RemoteIP[IPV4ALEN] = {10, 67, 15, 1}; /* Counter STARTS here */ - -+/* Delegates the allocation of IP addresses to pppd (as the pptpd doing) */ -+int DelegateIPAllocation = 0; -+ - /* Do we increment local IP for each connection? */ - int IncrLocalIP = 0; - -@@ -247,8 +250,8 @@ - - memset(&conn, 0, sizeof(conn)); - conn.hostUniq = NULL; -- -- syslog(LOG_INFO, -+ if (!DelegateIPAllocation) { -+ syslog(LOG_INFO, - "Session %u closed for client " - "%02x:%02x:%02x:%02x:%02x:%02x (%d.%d.%d.%d) on %s", - (unsigned int) ntohs(session->sess), -@@ -257,6 +260,15 @@ - (int) session->realpeerip[0], (int) session->realpeerip[1], - (int) session->realpeerip[2], (int) session->realpeerip[3], - session->ethif->name); -+ } else { -+ syslog(LOG_INFO, -+ "Session %u closed for client " -+ "%02x:%02x:%02x:%02x:%02x:%02x on %s", -+ (unsigned int) ntohs(session->sess), -+ session->eth[0], session->eth[1], session->eth[2], -+ session->eth[3], session->eth[4], session->eth[5], -+ session->ethif->name); -+ } - memcpy(conn.myEth, session->ethif->mac, ETH_ALEN); - conn.discoverySocket = session->ethif->sock; - conn.session = session->sess; -@@ -1155,6 +1167,7 @@ - fprintf(stderr, " -L ip -- Set local IP address.\n"); - fprintf(stderr, " -l -- Increment local IP address for each session.\n"); - fprintf(stderr, " -R ip -- Set start address of remote IP pool.\n"); -+ fprintf(stderr, " -D -- Delegates the allocation of IP addresses to pppd.\n"); - fprintf(stderr, " -S name -- Advertise specified service-name.\n"); - fprintf(stderr, " -O fname -- Use PPPD options from specified file\n"); - fprintf(stderr, " (default %s).\n", PPPOE_SERVER_OPTIONS); -@@ -1224,9 +1237,9 @@ - #endif - - #ifndef HAVE_LINUX_KERNEL_PPPOE -- char *options = "X:ix:hI:C:L:R:T:m:FN:f:O:o:sp:lrudPc:S:1q:Q:H:M:"; -+ char *options = "X:ix:hI:C:L:R:DT:m:FN:f:O:o:sp:lrudPc:S:1q:Q:H:M:"; - #else -- char *options = "X:ix:hI:C:L:R:T:m:FN:f:O:o:skp:lrudPc:S:1q:Q:H:M:"; -+ char *options = "X:ix:hI:C:L:R:DT:m:FN:f:O:o:skp:lrudPc:S:1q:Q:H:M:"; - #endif - - if (getuid() != geteuid() || -@@ -1448,6 +1461,10 @@ - } - break; - -+ case 'D': -+ DelegateIPAllocation = 1; -+ break; -+ - case 'T': - case 'm': - /* These just get passed to pppoe */ -@@ -2056,6 +2073,7 @@ - argv[c++] = "file"; - argv[c++] = pppoptfile; - -+ if (!DelegateIPAllocation) { - snprintf(buffer, SMALLBUF, "%d.%d.%d.%d:%d.%d.%d.%d", - (int) session->myip[0], (int) session->myip[1], - (int) session->myip[2], (int) session->myip[3], -@@ -2071,6 +2089,16 @@ - session->ethif->name, - session->serviceName); - argv[c++] = strdup(buffer); -+ } else { -+ syslog(LOG_INFO, -+ "Session %u created for client %02x:%02x:%02x:%02x:%02x:%02x on %s using Service-Name '%s'", -+ (unsigned int) ntohs(session->sess), -+ session->eth[0], session->eth[1], session->eth[2], -+ session->eth[3], session->eth[4], session->eth[5], -+ session->ethif->name, -+ session->serviceName); -+ } -+ - if (!argv[c-1]) { - /* TODO: Send a PADT */ - exit(EXIT_FAILURE); diff --git a/source/n/rp-pppoe/rp-pppoe-manpages.patch b/source/n/rp-pppoe/rp-pppoe-manpages.patch deleted file mode 100644 index fd0f24009..000000000 --- a/source/n/rp-pppoe/rp-pppoe-manpages.patch +++ /dev/null @@ -1,71 +0,0 @@ -diff -up rp-pppoe-3.12/man/pppoe.8.than rp-pppoe-3.12/man/pppoe.8 ---- rp-pppoe-3.12/man/pppoe.8.than 2015-11-11 16:10:01.000000000 +0100 -+++ rp-pppoe-3.12/man/pppoe.8 2016-06-03 17:24:49.649336285 +0200 -@@ -32,6 +32,10 @@ triggered. The best way to do this is t - PPPoE timeout to be about four times the LCP echo interval. - - .TP -+.B \-t \fItimeout\fR -+The \fB\-t\fR option sets the initial timeout for discovery packets in seconds. -+ -+.TP - .B \-D \fIfile_name\fR - The \fB\-D\fR option causes every packet to be dumped to the specified - \fIfile_name\fR. This is intended for debugging only; it produces huge -@@ -147,6 +151,10 @@ the peer you are dealing with uses non-s - ISP uses non-standard frame types, complain! - - .TP -+.B \-F numfloods -+The \fB\-F\fR option sets the discovery flood, only used for stress-testing. -+ -+.TP - .B \-h - The \fB\-h\fR option causes \fBpppoe\fR to print usage information and - exit. -diff -up rp-pppoe-3.12/man/pppoe-server.8.than rp-pppoe-3.12/man/pppoe-server.8 ---- rp-pppoe-3.12/man/pppoe-server.8.than 2016-06-03 17:24:49.641336586 +0200 -+++ rp-pppoe-3.12/man/pppoe-server.8 2016-06-03 17:24:49.650336248 +0200 -@@ -77,12 +77,20 @@ PADI and PADR packets are ignored. If y - then no limit is imposed on the number of sessions per peer MAC address. - - .TP -+.B \-P -+Check pool file for correctness and exit. -+ -+.TP - .B \-s - This option is passed directly to \fBpppoe\fR; see \fBpppoe\fR(8) for - details. In addition, it causes \fBpppd\fR to be invoked with the - \fIsync\fR option. - - .TP -+.B \-l -+Increment local IP address for each session. -+ -+.TP - .B \-L \fIip\fR - Sets the local IP address. This is passed to spawned \fBpppd\fR processes. - If not specified, the default is 10.0.0.1. -@@ -147,6 +155,10 @@ handing out sessions in order, the sessi - unpredictable order. - - .TP -+.B \-d -+Debug session creation. -+ -+.TP - .B \-u - Tells the server to invoke \fBpppd\fR with the \fIunit\fR option. Note - that this option only works for \fBpppd\fR version 2.4.0 or newer. -diff -up rp-pppoe-3.12/src/pppoe.c.than rp-pppoe-3.12/src/pppoe.c ---- rp-pppoe-3.12/src/pppoe.c.than 2016-06-03 17:24:49.650336248 +0200 -+++ rp-pppoe-3.12/src/pppoe.c 2016-06-03 17:27:40.888903213 +0200 -@@ -380,6 +380,7 @@ usage(char const *argv0) - " -k -- Kill a session with PADT (requires -e)\n" - " -d -- Perform discovery, print session info and exit.\n" - " -f disc:sess -- Set Ethernet frame types (hex).\n" -+ " -F numfloods -- Set the discovery flood, only used for stress-testing.\n" - " -h -- Print usage information.\n\n" - "PPPoE Version %s, Copyright (C) 2001-2015 Roaring Penguin Software Inc.\n" - "PPPoE comes with ABSOLUTELY NO WARRANTY.\n" diff --git a/source/n/rp-pppoe/rp-pppoe.SlackBuild b/source/n/rp-pppoe/rp-pppoe.SlackBuild index d777bfebc..05eb2720f 100755 --- a/source/n/rp-pppoe/rp-pppoe.SlackBuild +++ b/source/n/rp-pppoe/rp-pppoe.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2008, 2009, 2010, 2012, 2015, 2018 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2008, 2009, 2010, 2012, 2015, 2018, 2024 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -29,7 +29,7 @@ BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -46,16 +46,17 @@ fi NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" else SLKCFLAGS="-O2" fi +# GCC 14 "fix": +SLKCFLAGS="$SLKCFLAGS -Wno-error=implicit-function-declaration" + TMP=${TMP:-/tmp} PKG=$TMP/package-rp-pppoe @@ -72,28 +73,29 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ -zcat $CWD/rp-pppoe-3.14-ip-allocation.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/rp-pppoe-3.12-plugin.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/rp-pppoe-3.12-pluginpath.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/rp-pppoe-manpages.patch.gz | patch -p1 --verbose || exit 1 - cd src CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ ./configure \ - --enable-plugin=/ppp-2.4.4 \ --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --docdir=/usr/doc/$PKGNAM-$VERSION \ --mandir=/usr/man \ + --infodir=/usr/info \ + --disable-static \ + --enable-plugin \ --build=$ARCH-slackware-linux || exit 1 - make $NUMJOBS || make || exit 1 -make install docdir=/usr/doc/rp-pppoe-$VERSION DESTDIR=$PKG install || exit 1 +make install docdir=/usr/doc/rp-pppoe-$VERSION DESTDIR=$PKG || exit 1 find $PKG | xargs file | grep -e "executable" -e "shared object" \ | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null ( cd $PKG/etc/ppp - for config in firewall-masq firewall-standalone pppoe-server-options pppoe.conf ; do + for config in pppoe-server-options ; do mv $config ${config}.new done ) diff --git a/source/n/rpcbind/rpcbind.SlackBuild b/source/n/rpcbind/rpcbind.SlackBuild index a7dc2d5d4..edb916c70 100755 --- a/source/n/rpcbind/rpcbind.SlackBuild +++ b/source/n/rpcbind/rpcbind.SlackBuild @@ -24,12 +24,12 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=rpcbind VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$(uname -m)" in - i?86) ARCH=i586 ;; + i?86) ARCH=i686 ;; arm*) readelf /usr/bin/file -A | grep -E -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;; # Unless $ARCH is already set, use uname -m for all other archs: *) ARCH=$(uname -m) ;; @@ -47,27 +47,12 @@ fi NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} -if [ "$ARCH" = "i386" ]; then - SLKCFLAGS="-O2 -march=i386 -mcpu=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i486" ]; then - SLKCFLAGS="-O2 -march=i486 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i686" ]; then - SLKCFLAGS="-O2 -march=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" -elif [ "$ARCH" = "armv7hl" ]; then - SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16" - LIBDIRSUFFIX="" else SLKCFLAGS="-O2" LIBDIRSUFFIX="" diff --git a/source/n/s-nail/s-nail.SlackBuild b/source/n/s-nail/s-nail.SlackBuild index 02a018f85..de726a34c 100755 --- a/source/n/s-nail/s-nail.SlackBuild +++ b/source/n/s-nail/s-nail.SlackBuild @@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=s-nail VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} if [ -z "$ARCH" ]; then case "$( uname -m )" in diff --git a/source/n/s-nail/s-nail.url b/source/n/s-nail/s-nail.url index 60f9597b5..27f4fe1fd 100644 --- a/source/n/s-nail/s-nail.url +++ b/source/n/s-nail/s-nail.url @@ -1,2 +1,2 @@ -http://ftp.sdaoden.eu/s-nail-14.9.24.tar.xz -http://ftp.sdaoden.eu/s-nail-14.9.24.tar.xz.asc +http://ftp.sdaoden.eu/s-nail-14.9.25.tar.xz +http://ftp.sdaoden.eu/s-nail-14.9.25.tar.xz.asc diff --git a/source/n/samba/samba.SlackBuild b/source/n/samba/samba.SlackBuild index 6544549c6..73de2ca29 100755 --- a/source/n/samba/samba.SlackBuild +++ b/source/n/samba/samba.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2008, 2009, 2010, 2012, 2013, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Patrick J. Volkerding, Sebeka, Minnesota, USA +# Copyright 2008, 2009, 2010, 2012, 2013, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023, 2024 Patrick J. Volkerding, Sebeka, Minnesota, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=samba VERSION=${VERSION:-$(echo samba-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-3} +BUILD=${BUILD:-1} # This option may be set to "heimdal" or "mit". # Upstream considers the use of MIT Kerberos for provisioning an AD DC @@ -48,21 +48,18 @@ else # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; esac fi # Set CFLAGS/CXXFLAGS and LIBDIRSUFFIX: - if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" - elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" + if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" @@ -155,6 +152,7 @@ CFLAGS="$SLKCFLAGS" \ --with-ldap \ --with-ads \ --without-fam \ + --private-libraries='!ldb' \ $KERB_OPTIONS \ $PAM_OPTIONS \ $SHADOW_OPTIONS \ diff --git a/source/n/samba/samba.url b/source/n/samba/samba.url index 2874964b3..24e351aa8 100644 --- a/source/n/samba/samba.url +++ b/source/n/samba/samba.url @@ -1,2 +1,2 @@ -https://download.samba.org/pub/samba/stable/samba-4.20.0.tar.gz -https://download.samba.org/pub/samba/stable/samba-4.20.0.tar.asc +https://download.samba.org/pub/samba/stable/samba-4.20.1.tar.gz +https://download.samba.org/pub/samba/stable/samba-4.20.1.tar.asc diff --git a/source/n/slrn/slrn.SlackBuild b/source/n/slrn/slrn.SlackBuild index ff6225c5b..060d751d4 100755 --- a/source/n/slrn/slrn.SlackBuild +++ b/source/n/slrn/slrn.SlackBuild @@ -60,6 +60,9 @@ else LIBDIRSUFFIX="" fi +# GCC 14 "fix": +SLKCFLAGS="$SLKCFLAGS -Wno-error=implicit-function-declaration" + TMP=${TMP:-/tmp} PKG=$TMP/package-slrn rm -rf $PKG diff --git a/source/n/socat/socat.SlackBuild b/source/n/socat/socat.SlackBuild index 67dbdd504..fc2567d68 100755 --- a/source/n/socat/socat.SlackBuild +++ b/source/n/socat/socat.SlackBuild @@ -30,7 +30,7 @@ BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$(uname -m)" in - i?86) ARCH=i586 ;; + i?86) ARCH=i686 ;; arm*) readelf /usr/bin/file -A | grep -E -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;; # Unless $ARCH is already set, use uname -m for all other archs: *) ARCH=$(uname -m) ;; @@ -48,21 +48,12 @@ fi NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i686" ]; then - SLKCFLAGS="-O2 -march=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" -elif [ "$ARCH" = "armv7hl" ]; then - SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16" - LIBDIRSUFFIX="" else SLKCFLAGS="-O2" LIBDIRSUFFIX="" diff --git a/source/n/stunnel/stunnel.SlackBuild b/source/n/stunnel/stunnel.SlackBuild index 7cf1f878e..b90523df5 100755 --- a/source/n/stunnel/stunnel.SlackBuild +++ b/source/n/stunnel/stunnel.SlackBuild @@ -29,7 +29,7 @@ BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -46,14 +46,11 @@ fi NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" diff --git a/source/n/tcp_wrappers/tcp_wrappers.SlackBuild b/source/n/tcp_wrappers/tcp_wrappers.SlackBuild index 8ab33d2d8..17ed0da43 100755 --- a/source/n/tcp_wrappers/tcp_wrappers.SlackBuild +++ b/source/n/tcp_wrappers/tcp_wrappers.SlackBuild @@ -74,7 +74,7 @@ sh extract-and-patch.sh cd tcp_wrappers_$VERSION || exit 1 # Fix for glibc-2.32: sed -i "s/-DHAVE_WEAKSYMS/-DHAVE_WEAKSYMS -DHAVE_STRERROR/g" Makefile -make REAL_DAEMON_DIR=/usr/sbin linux || exit 1 +make CC="gcc -std=gnu90" REAL_DAEMON_DIR=/usr/sbin linux || exit 1 strip tcpd safe_finger tcpdchk tcpdmatch try-from mkdir -p $PKG/usr/lib${LIBDIRSUFFIX} cat libwrap.a > $PKG/usr/lib${LIBDIRSUFFIX}/libwrap.a diff --git a/source/n/tcpdump/tcpdump.SlackBuild b/source/n/tcpdump/tcpdump.SlackBuild index 8442d178f..79f6bdc63 100755 --- a/source/n/tcpdump/tcpdump.SlackBuild +++ b/source/n/tcpdump/tcpdump.SlackBuild @@ -29,7 +29,7 @@ BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; diff --git a/source/n/telnet/telnet.SlackBuild b/source/n/telnet/telnet.SlackBuild index 2857a17c8..efddb6512 100755 --- a/source/n/telnet/telnet.SlackBuild +++ b/source/n/telnet/telnet.SlackBuild @@ -57,6 +57,7 @@ cd netkit-telnet-$VERSION || exit 1 chown -R root:root . zcat $CWD/netkit-telnet-0.17.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit 1 zcat $CWD/netkit-telnet-0.17-ayt.patch.gz | patch -p1 --verbose --backup --suffix=.orig || exit 1 +CFLAGS="-Wno-error=implicit-int" \ ./configure --prefix=/usr || exit 1 cd telnetd make || exit 1 diff --git a/source/n/tftp-hpa/tftp-hpa.SlackBuild b/source/n/tftp-hpa/tftp-hpa.SlackBuild index d31ad247d..9d4bc95c8 100755 --- a/source/n/tftp-hpa/tftp-hpa.SlackBuild +++ b/source/n/tftp-hpa/tftp-hpa.SlackBuild @@ -67,6 +67,9 @@ find . \ # Add -fcommon to CFLAGS: zcat $CWD/tftp-hpa.fcommon.diff.gz | patch -p1 --verbose || exit 1 +# Unerror what was a warning prior to GCC 14: +zcat $CWD/tftp-hpa.gcc14.diff.gz | patch -p1 --verbose || exit 1 + ./configure --prefix=/usr make $NUMJOBS || make || exit 1 diff --git a/source/n/tftp-hpa/tftp-hpa.gcc14.diff b/source/n/tftp-hpa/tftp-hpa.gcc14.diff new file mode 100644 index 000000000..2b786cb79 --- /dev/null +++ b/source/n/tftp-hpa/tftp-hpa.gcc14.diff @@ -0,0 +1,11 @@ +--- ./MCONFIG.in.orig 2024-05-12 00:09:10.358745878 -0500 ++++ ./MCONFIG.in 2024-05-12 00:10:29.981747659 -0500 +@@ -51,7 +51,7 @@ + + # Compiler and compiler flags + CC = @CC@ +-CFLAGS = @CFLAGS@ -I$(SRCROOT) -fcommon ++CFLAGS = @CFLAGS@ -I$(SRCROOT) -fcommon -Wno-error=implicit-function-declaration + + # Link flags + LDFLAGS = @LDFLAGS@ diff --git a/source/n/uucp/uucp-configure-c99.patch b/source/n/uucp/uucp-configure-c99.patch new file mode 100644 index 000000000..480d6225a --- /dev/null +++ b/source/n/uucp/uucp-configure-c99.patch @@ -0,0 +1,140 @@ +Fix several C99 compatibility issues in the configure script. Most +of them are specific to the uucp package. + +Submitted upstream: <https://savannah.gnu.org/bugs/index.php?63647> + +diff --git a/configure b/configure +index 4cced27226101612..77336b5f0a1ba20d 100755 +--- a/configure ++++ b/configure +@@ -1280,7 +1280,7 @@ cat > conftest.$ac_ext << EOF + #line 1281 "configure" + #include "confdefs.h" + +-main(){return(0);} ++int main(){return(0);} + EOF + if { (eval echo configure:1286: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + ac_cv_prog_cc_works=yes +@@ -3025,6 +3025,7 @@ else + cat > conftest.$ac_ext <<EOF + #line 3027 "configure" + #include "confdefs.h" ++extern void exit (); + + int main() { + extern void foo (); (void) exit (0); +@@ -3153,6 +3154,7 @@ else + cat > conftest.$ac_ext <<EOF + #line 3155 "configure" + #include "confdefs.h" ++#include <string.h> + + int main() { + char *i; int j, k; memset(i, j, k); +@@ -3185,6 +3187,7 @@ else + cat > conftest.$ac_ext <<EOF + #line 3187 "configure" + #include "confdefs.h" ++#include <string.h> + + int main() { + char *i, *j; int k; memcmp(i, j, k); +@@ -3217,6 +3220,7 @@ else + cat > conftest.$ac_ext <<EOF + #line 3219 "configure" + #include "confdefs.h" ++#include <string.h> + + int main() { + char *i, *j; int k; memcpy(i, j, k); +@@ -3894,7 +3898,7 @@ else + + #include <sys/types.h> + #include <sys/timeb.h> +-main () ++int main () + { + struct timeb s, slast; + int c = 0; +@@ -3904,13 +3908,13 @@ main () + ftime (&s); + if (s.time < slast.time + || (s.time == slast.time && s.millitm < slast.millitm)) +- exit (1); ++ return 1; + if (s.time != slast.time) + ++c; + slast.time = s.time; + slast.millitm = s.millitm; + } +- exit (0); ++ return 0; + } + + EOF +diff --git a/configure.in b/configure.in +index 452cf793f9ecc575..a788d07d123c7744 100644 +--- a/configure.in ++++ b/configure.in +@@ -278,7 +278,7 @@ fi + dnl + AC_MSG_CHECKING(for void) + AC_CACHE_VAL(uucp_cv_c_void, +-[AC_TRY_COMPILE([], [extern void foo (); (void) exit (0);], ++[AC_TRY_COMPILE([extern void exit ();], [extern void foo (); (void) exit (0);], + uucp_cv_c_void=yes, uucp_cv_c_void=no)]) + AC_MSG_RESULT($uucp_cv_c_void) + if test $uucp_cv_c_void = yes; then +@@ -318,7 +318,7 @@ dnl On some systems, memset, memcmp, and memcpy must be called with + dnl the right number of arguments. + AC_MSG_CHECKING(for memset) + AC_CACHE_VAL(ac_cv_func_memset, +-[AC_TRY_LINK([], [ char *i; int j, k; memset(i, j, k); ], ++[AC_TRY_LINK([#include <string.h>], [ char *i; int j, k; memset(i, j, k); ], + ac_cv_func_memset=yes, ac_cv_func_memset=no)]) + AC_MSG_RESULT($ac_cv_func_memset) + if test $ac_cv_func_memset = yes; then +@@ -327,7 +327,7 @@ fi + dnl + AC_MSG_CHECKING(for memcmp) + AC_CACHE_VAL(ac_cv_func_memcmp, +-[AC_TRY_LINK([], [ char *i, *j; int k; memcmp(i, j, k); ], ++[AC_TRY_LINK([#include <string.h>], [ char *i, *j; int k; memcmp(i, j, k); ], + ac_cv_func_memcmp=yes, ac_cv_func_memcmp=no)]) + AC_MSG_RESULT($ac_cv_func_memcmp) + if test $ac_cv_func_memcmp = yes; then +@@ -336,7 +336,7 @@ fi + dnl + AC_MSG_CHECKING(for memcpy) + AC_CACHE_VAL(ac_cv_func_memcpy, +-[AC_TRY_LINK([], [ char *i, *j; int k; memcpy(i, j, k); ], ++[AC_TRY_LINK([#include <string.h>], [ char *i, *j; int k; memcpy(i, j, k); ], + ac_cv_func_memcpy=yes, ac_cv_func_memcpy=no)]) + AC_MSG_RESULT($ac_cv_func_memcpy) + if test $ac_cv_func_memcpy = yes; then +@@ -373,7 +373,7 @@ AC_CACHE_VAL(uucp_cv_sys_ftime_ok, + [AC_TRY_RUN([ + #include <sys/types.h> + #include <sys/timeb.h> +-main () ++int main () + { + struct timeb s, slast; + int c = 0; +@@ -383,13 +383,13 @@ main () + ftime (&s); + if (s.time < slast.time + || (s.time == slast.time && s.millitm < slast.millitm)) +- exit (1); ++ return 1; + if (s.time != slast.time) + ++c; + slast.time = s.time; + slast.millitm = s.millitm; + } +- exit (0); ++ return 0; + } + ], + uucp_cv_sys_ftime_ok=yes, diff --git a/source/n/uucp/uucp.SlackBuild b/source/n/uucp/uucp.SlackBuild index f27d57555..1cd43740d 100755 --- a/source/n/uucp/uucp.SlackBuild +++ b/source/n/uucp/uucp.SlackBuild @@ -54,6 +54,9 @@ else SLKCFLAGS="-O2" fi +# GCC 14 "fix": +SLKCFLAGS="$SLKCFLAGS -Wno-error=implicit-int -Wno-error=incompatible-pointer-types" + TMP=${TMP:-/tmp} PKG=$TMP/package-uucp @@ -68,6 +71,9 @@ cd $TMP rm -rf uucp-$VERSION tar xvf $CWD/uucp-$VERSION.tar.gz || exit 1 cd uucp-$VERSION || exit 1 + +cat $CWD/uucp-configure-c99.patch | patch -p1 --verbose || exit 1 + zcat $CWD/policy.h.diff.gz | patch -p1 --verbose || exit 1 CFLAGS="$SLKCFLAGS" \ ./configure \ diff --git a/source/n/wpa_supplicant/patches/0007-nl80211-add-extra-ies-only-if-allowed-by-driver.patch b/source/n/wpa_supplicant/patches/0007-nl80211-add-extra-ies-only-if-allowed-by-driver.patch new file mode 100644 index 000000000..88f99d96d --- /dev/null +++ b/source/n/wpa_supplicant/patches/0007-nl80211-add-extra-ies-only-if-allowed-by-driver.patch @@ -0,0 +1,73 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: David Bauer <mail@david-bauer.net> +Date: Sun, 30 Jan 2022 20:22:00 +0100 +Subject: [PATCH] nl80211: add extra-ies only if allowed by driver +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Upgrading wpa_supplicant from 2.9 to 2.10 breaks broadcom-wl +based adapters. The reason for it is hostapd tries to install additional +IEs for scanning while the driver does not support this. + +The kernel indicates the maximum number of bytes for additional scan IEs +using the NL80211_ATTR_MAX_SCAN_IE_LEN attribute. Save this value and +only add additional scan IEs in case the driver can accommodate these +additional IEs. + +Reported-by: Étienne Morice <neon.emorice@mail.com> +Tested-by: Étienne Morice <neon.emorice@mail.com> +Signed-off-by: David Bauer <mail@david-bauer.net> + +Bug: http://lists.infradead.org/pipermail/hostap/2022-January/040178.html +Bug-ArchLinux: https://bugs.archlinux.org/task/73495 +Bug-Debian: https://bugs.debian.org/1004524 +Origin: http://lists.infradead.org/pipermail/hostap/2022-January/040185.html +--- + src/drivers/driver.h | 3 +++ + src/drivers/driver_nl80211_capa.c | 4 ++++ + src/drivers/driver_nl80211_scan.c | 2 +- + 3 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/drivers/driver.h b/src/drivers/driver.h +index 4331782d897a..243e9b5cc4d8 100644 +--- a/src/drivers/driver.h ++++ b/src/drivers/driver.h +@@ -2357,6 +2357,9 @@ struct wpa_driver_capa { + /** Maximum number of iterations in a single scan plan */ + u32 max_sched_scan_plan_iterations; + ++ /** Maximum number of extra IE bytes for scans */ ++ u16 max_scan_ie_len; ++ + /** Whether sched_scan (offloaded scanning) is supported */ + int sched_scan_supported; + +diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c +index 26c1f41406d2..d5ba66b1073e 100644 +--- a/src/drivers/driver_nl80211_capa.c ++++ b/src/drivers/driver_nl80211_capa.c +@@ -976,6 +976,10 @@ static int wiphy_info_handler(struct nl_msg *msg, void *arg) + nla_get_u32(tb[NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS]); + } + ++ if (tb[NL80211_ATTR_MAX_SCAN_IE_LEN]) ++ capa->max_scan_ie_len = ++ nla_get_u16(tb[NL80211_ATTR_MAX_SCAN_IE_LEN]); ++ + if (tb[NL80211_ATTR_MAX_MATCH_SETS]) + capa->max_match_sets = + nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]); +diff --git a/src/drivers/driver_nl80211_scan.c b/src/drivers/driver_nl80211_scan.c +index b055e684a9f8..a8ea8f2cf1d7 100644 +--- a/src/drivers/driver_nl80211_scan.c ++++ b/src/drivers/driver_nl80211_scan.c +@@ -221,7 +221,7 @@ nl80211_scan_common(struct i802_bss *bss, u8 cmd, + wpa_printf(MSG_DEBUG, "nl80211: Passive scan requested"); + } + +- if (params->extra_ies) { ++ if (params->extra_ies && drv->capa.max_scan_ie_len >= params->extra_ies_len) { + wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs", + params->extra_ies, params->extra_ies_len); + if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len, diff --git a/source/n/wpa_supplicant/patches/8e6485a1bcb0baffdea9e55255a81270b768439c.patch b/source/n/wpa_supplicant/patches/8e6485a1bcb0baffdea9e55255a81270b768439c.patch deleted file mode 100644 index 07263730f..000000000 --- a/source/n/wpa_supplicant/patches/8e6485a1bcb0baffdea9e55255a81270b768439c.patch +++ /dev/null @@ -1,210 +0,0 @@ -From 8e6485a1bcb0baffdea9e55255a81270b768439c Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Sat, 8 Jul 2023 19:55:32 +0300 -Subject: PEAP client: Update Phase 2 authentication requirements - -The previous PEAP client behavior allowed the server to skip Phase 2 -authentication with the expectation that the server was authenticated -during Phase 1 through TLS server certificate validation. Various PEAP -specifications are not exactly clear on what the behavior on this front -is supposed to be and as such, this ended up being more flexible than -the TTLS/FAST/TEAP cases. However, this is not really ideal when -unfortunately common misconfiguration of PEAP is used in deployed -devices where the server trust root (ca_cert) is not configured or the -user has an easy option for allowing this validation step to be skipped. - -Change the default PEAP client behavior to be to require Phase 2 -authentication to be successfully completed for cases where TLS session -resumption is not used and the client certificate has not been -configured. Those two exceptions are the main cases where a deployed -authentication server might skip Phase 2 and as such, where a more -strict default behavior could result in undesired interoperability -issues. Requiring Phase 2 authentication will end up disabling TLS -session resumption automatically to avoid interoperability issues. - -Allow Phase 2 authentication behavior to be configured with a new phase1 -configuration parameter option: -'phase2_auth' option can be used to control Phase 2 (i.e., within TLS -tunnel) behavior for PEAP: - * 0 = do not require Phase 2 authentication - * 1 = require Phase 2 authentication when client certificate - (private_key/client_cert) is no used and TLS session resumption was - not used (default) - * 2 = require Phase 2 authentication in all cases - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/eap_peer/eap_config.h | 8 ++++++++ - src/eap_peer/eap_peap.c | 40 +++++++++++++++++++++++++++++++++++--- - src/eap_peer/eap_tls_common.c | 6 ++++++ - src/eap_peer/eap_tls_common.h | 5 +++++ - wpa_supplicant/wpa_supplicant.conf | 7 +++++++ - 5 files changed, 63 insertions(+), 3 deletions(-) - -diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h -index 26744ab68..58d5a1359 100644 ---- a/src/eap_peer/eap_config.h -+++ b/src/eap_peer/eap_config.h -@@ -471,6 +471,14 @@ struct eap_peer_config { - * 1 = use cryptobinding if server supports it - * 2 = require cryptobinding - * -+ * phase2_auth option can be used to control Phase 2 (i.e., within TLS -+ * tunnel) behavior for PEAP: -+ * 0 = do not require Phase 2 authentication -+ * 1 = require Phase 2 authentication when client certificate -+ * (private_key/client_cert) is no used and TLS session resumption was -+ * not used (default) -+ * 2 = require Phase 2 authentication in all cases -+ * - * EAP-WSC (WPS) uses following options: pin=Device_Password and - * uuid=Device_UUID - * -diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c -index 12e30df29..608069719 100644 ---- a/src/eap_peer/eap_peap.c -+++ b/src/eap_peer/eap_peap.c -@@ -67,6 +67,7 @@ struct eap_peap_data { - u8 cmk[20]; - int soh; /* Whether IF-TNCCS-SOH (Statement of Health; Microsoft NAP) - * is enabled. */ -+ enum { NO_AUTH, FOR_INITIAL, ALWAYS } phase2_auth; - }; - - -@@ -114,6 +115,19 @@ static void eap_peap_parse_phase1(struct eap_peap_data *data, - wpa_printf(MSG_DEBUG, "EAP-PEAP: Require cryptobinding"); - } - -+ if (os_strstr(phase1, "phase2_auth=0")) { -+ data->phase2_auth = NO_AUTH; -+ wpa_printf(MSG_DEBUG, -+ "EAP-PEAP: Do not require Phase 2 authentication"); -+ } else if (os_strstr(phase1, "phase2_auth=1")) { -+ data->phase2_auth = FOR_INITIAL; -+ wpa_printf(MSG_DEBUG, -+ "EAP-PEAP: Require Phase 2 authentication for initial connection"); -+ } else if (os_strstr(phase1, "phase2_auth=2")) { -+ data->phase2_auth = ALWAYS; -+ wpa_printf(MSG_DEBUG, -+ "EAP-PEAP: Require Phase 2 authentication for all cases"); -+ } - #ifdef EAP_TNC - if (os_strstr(phase1, "tnc=soh2")) { - data->soh = 2; -@@ -142,6 +156,7 @@ static void * eap_peap_init(struct eap_sm *sm) - data->force_peap_version = -1; - data->peap_outer_success = 2; - data->crypto_binding = OPTIONAL_BINDING; -+ data->phase2_auth = FOR_INITIAL; - - if (config && config->phase1) - eap_peap_parse_phase1(data, config->phase1); -@@ -454,6 +469,20 @@ static int eap_tlv_validate_cryptobinding(struct eap_sm *sm, - } - - -+static bool peap_phase2_sufficient(struct eap_sm *sm, -+ struct eap_peap_data *data) -+{ -+ if ((data->phase2_auth == ALWAYS || -+ (data->phase2_auth == FOR_INITIAL && -+ !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn) && -+ !data->ssl.client_cert_conf) || -+ data->phase2_eap_started) && -+ !data->phase2_eap_success) -+ return false; -+ return true; -+} -+ -+ - /** - * eap_tlv_process - Process a received EAP-TLV message and generate a response - * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() -@@ -568,6 +597,11 @@ static int eap_tlv_process(struct eap_sm *sm, struct eap_peap_data *data, - " - force failed Phase 2"); - resp_status = EAP_TLV_RESULT_FAILURE; - ret->decision = DECISION_FAIL; -+ } else if (!peap_phase2_sufficient(sm, data)) { -+ wpa_printf(MSG_INFO, -+ "EAP-PEAP: Server indicated Phase 2 success, but sufficient Phase 2 authentication has not been completed"); -+ resp_status = EAP_TLV_RESULT_FAILURE; -+ ret->decision = DECISION_FAIL; - } else { - resp_status = EAP_TLV_RESULT_SUCCESS; - ret->decision = DECISION_UNCOND_SUCC; -@@ -887,8 +921,7 @@ continue_req: - /* EAP-Success within TLS tunnel is used to indicate - * shutdown of the TLS channel. The authentication has - * been completed. */ -- if (data->phase2_eap_started && -- !data->phase2_eap_success) { -+ if (!peap_phase2_sufficient(sm, data)) { - wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 " - "Success used to indicate success, " - "but Phase 2 EAP was not yet " -@@ -1199,8 +1232,9 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv, - static bool eap_peap_has_reauth_data(struct eap_sm *sm, void *priv) - { - struct eap_peap_data *data = priv; -+ - return tls_connection_established(sm->ssl_ctx, data->ssl.conn) && -- data->phase2_success; -+ data->phase2_success && data->phase2_auth != ALWAYS; - } - - -diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c -index 6193b4bdb..966cbd6c7 100644 ---- a/src/eap_peer/eap_tls_common.c -+++ b/src/eap_peer/eap_tls_common.c -@@ -242,6 +242,12 @@ static int eap_tls_params_from_conf(struct eap_sm *sm, - - sm->ext_cert_check = !!(params->flags & TLS_CONN_EXT_CERT_CHECK); - -+ if (!phase2) -+ data->client_cert_conf = params->client_cert || -+ params->client_cert_blob || -+ params->private_key || -+ params->private_key_blob; -+ - return 0; - } - -diff --git a/src/eap_peer/eap_tls_common.h b/src/eap_peer/eap_tls_common.h -index 9ac00121f..334863413 100644 ---- a/src/eap_peer/eap_tls_common.h -+++ b/src/eap_peer/eap_tls_common.h -@@ -79,6 +79,11 @@ struct eap_ssl_data { - * tls_v13 - Whether TLS v1.3 or newer is used - */ - int tls_v13; -+ -+ /** -+ * client_cert_conf: Whether client certificate has been configured -+ */ -+ bool client_cert_conf; - }; - - -diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf -index f0b82443e..1b09f57d3 100644 ---- a/wpa_supplicant/wpa_supplicant.conf -+++ b/wpa_supplicant/wpa_supplicant.conf -@@ -1370,6 +1370,13 @@ fast_reauth=1 - # * 0 = do not use cryptobinding (default) - # * 1 = use cryptobinding if server supports it - # * 2 = require cryptobinding -+# 'phase2_auth' option can be used to control Phase 2 (i.e., within TLS -+# tunnel) behavior for PEAP: -+# * 0 = do not require Phase 2 authentication -+# * 1 = require Phase 2 authentication when client certificate -+# (private_key/client_cert) is no used and TLS session resumption was -+# not used (default) -+# * 2 = require Phase 2 authentication in all cases - # EAP-WSC (WPS) uses following options: pin=<Device Password> or - # pbc=1. - # --- -cgit v1.2.3-18-g5258 - diff --git a/source/n/wpa_supplicant/wpa_supplicant.SlackBuild b/source/n/wpa_supplicant/wpa_supplicant.SlackBuild index 6e8071a17..41d7dfaca 100755 --- a/source/n/wpa_supplicant/wpa_supplicant.SlackBuild +++ b/source/n/wpa_supplicant/wpa_supplicant.SlackBuild @@ -1,7 +1,7 @@ #!/bin/bash # Copyright 2004-2008 Eric Hameleers, Eindhoven, NL -# Copyright 2008-2021 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2008-2024 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -24,15 +24,15 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=wpa_supplicant -VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-4} +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-2} SRCVERSION=$(printf $VERSION | tr _ -) # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i586 ;; + i?86) export ARCH=i686 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; @@ -49,14 +49,11 @@ fi NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC" LIBDIRSUFFIX="64" elif [ "$ARCH" = "arm" ]; then SLKCFLAGS="-O2 -march=armv4 -mtune=xscale" @@ -76,7 +73,7 @@ rm -rf $PKG mkdir -p $TMP $PKG cd $TMP rm -rf ${PKGNAM}-${SRCVERSION} -tar xvf $CWD/${PKGNAM}-${SRCVERSION}.tar.?z* || exit 1 +tar xvf $CWD/${PKGNAM}-${SRCVERSION}.tar.?z || exit 1 cd ${PKGNAM}-${SRCVERSION} chown -R root:root . find . \ @@ -91,8 +88,8 @@ zcat $CWD/patches/wpa_supplicant-quiet-scan-results-message.patch.gz | patch -p1 # Allow legacy tls to avoid breaking WPA2-Enterprise: zcat $CWD/patches/allow-tlsv1.patch.gz | patch -p1 --verbose || exit 1 -# CVE-2023-52160: -zcat $CWD/patches/8e6485a1bcb0baffdea9e55255a81270b768439c.patch.gz | patch -p1 --verbose || exit 1 +# Don't break Broadcom +zcat $CWD/patches/0007-nl80211-add-extra-ies-only-if-allowed-by-driver.patch.gz | patch -p1 --verbose || exit 1 cd wpa_supplicant @@ -171,8 +168,9 @@ mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION cp -a \ ChangeLog ../COPYING README README-{P2P,WPS} examples *.txt *.sample $CWD/README.slackware \ $PKG/usr/doc/$PKGNAM-$VERSION -chown -R root:root $PKG/usr/doc/$PKGNAM-$VERSION/* -chmod -R a-w $PKG/usr/doc/$PKGNAM-$VERSION/* + +# Fix python script perms: +find $PKG/usr/doc/$PKGNAM-$VERSION -name "*.py" -exec chmod 755 "{}" \; # If there's a ChangeLog, installing at least part of the recent history # is useful, but don't let it get totally out of control: diff --git a/source/n/wsdd2/doinst.sh b/source/n/wsdd2/doinst.sh new file mode 100644 index 000000000..194630ea2 --- /dev/null +++ b/source/n/wsdd2/doinst.sh @@ -0,0 +1,26 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + chmod +x $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +preserve_perms etc/rc.d/rc.wsdd2.new diff --git a/source/n/wsdd2/rc.wsdd2 b/source/n/wsdd2/rc.wsdd2 new file mode 100644 index 000000000..6e2a6b838 --- /dev/null +++ b/source/n/wsdd2/rc.wsdd2 @@ -0,0 +1,40 @@ +#!/bin/sh +# +# /etc/rc.d/rc.wsdd2 +# +# start/stop/restart the wsdd2 daemon. +# +# This init script ships as executable, and will start automatically if Samba +# is configured to start. + +wsdd2_start() { + if [ -r /etc/samba/smb.conf -a -x /etc/rc.d/rc.samba -a -x /usr/sbin/wsdd2 ]; then + echo "Starting wsdd2: /usr/bin/wsdd2 -d" + /usr/sbin/wsdd2 -d + fi +} + +wsdd2_stop() { + killall --ns $$ -TERM wsdd2 2> /dev/null +} + +wsdd2_restart() { + wsdd2_stop + sleep 1 + wsdd2_start +} + +case "$1" in +'start') + # We don't want to run this more than once, so just use restart to start it: + wsdd2_restart + ;; +'stop') + wsdd2_stop + ;; +'restart') + wsdd2_restart + ;; +*) + wsdd2_start +esac diff --git a/source/n/wsdd2/slack-desc b/source/n/wsdd2/slack-desc new file mode 100644 index 000000000..fcbdc69a0 --- /dev/null +++ b/source/n/wsdd2/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +wsdd2: wsdd2 (Web Services for Devices daemon) +wsdd2: +wsdd2: The primary purpose of this package is to enable WSD on Samba servers +wsdd2: so that network shares hosted on a Linux box can appear in Windows +wsdd2: File Explorer / Network. +wsdd2: Don't forget to allow local ip6 connections in your smb.conf file, +wsdd2: specifically: fc00::/7 fe80::/64 ::1 +wsdd2: Also, in your firewall, make sure ports 3702 and 5355 are open. +wsdd2: +wsdd2: Homepage: https://github.com/Netgear/wsdd2 +wsdd2: diff --git a/source/n/wsdd2/wsdd2.SlackBuild b/source/n/wsdd2/wsdd2.SlackBuild new file mode 100755 index 000000000..a15826132 --- /dev/null +++ b/source/n/wsdd2/wsdd2.SlackBuild @@ -0,0 +1,128 @@ +#!/bin/bash + +# Copyright 2020, 2022 Tim Dickson Scotland +# Copyright 2024 Patrick J. Volkerding, Sebeka, Minnesota, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +PKGNAM=wsdd2 +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$(uname -m)" in + i?86) ARCH=i586 ;; + arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) ARCH=$(uname -m) ;; + esac + export ARCH +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +# This doesn't contain enough source files for $NUMJOBS to matter. +#NUMJOBS=${NUMJOBS:-" -j $(expr $(nproc) + 1) "} + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +elif [ "$ARCH" = "armv7hl" ]; then + SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16" + LIBDIRSUFFIX="" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +rm -rf $PKG +mkdir -p $TMP $PKG + +cd $TMP +rm -rf $PKGNAM-$VERSION +tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1 +cd $PKGNAM-$VERSION || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +# Don't warn about missing optional config lines: +cat $CWD/wsdd2.nowarn.optional.smb.conf.options.patch | patch -p1 --verbose || exit 1 + +export CFLAGS="$SLKCFLAGS" +export CXXFLAGS="$SLKCFLAGS" +make || exit 1 +make install debug_W=-1 debug_L=-1 DESTDIR=$PKG MANDIR="/usr/man" INSTALLPREFIX="usr" + +# Add a compatibilty symlink for gvfs: +ln -sf wsdd2 $PKG/usr/sbin/wsdd + +# Install the rc script: +mkdir -p $PKG/etc/rc.d +cp -a $CWD/rc.wsdd2 $PKG/etc/rc.d/rc.wsdd2.new +chown root:root $PKG/etc/rc.d/rc.wsdd2.new +chmod 755 $PKG/etc/rc.d/rc.wsdd2.new + +# Strip binaries: +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + +# Compress manual pages: +find $PKG/usr/man -type f -exec gzip -9 {} \+ +for i in $( find $PKG/usr/man -type l ) ; do + ln -s $( readlink $i ).gz $i.gz + rm $i +done + +# Add a documentation directory: +mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION +cp -a \ + LICENSE* README* \ + $PKG/usr/doc/${PKGNAM}-$VERSION + +mkdir -p $PKG/install +cat $CWD/doinst.sh > $PKG/install/doinst.sh +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz diff --git a/source/n/wsdd2/wsdd2.nowarn.optional.smb.conf.options.patch b/source/n/wsdd2/wsdd2.nowarn.optional.smb.conf.options.patch new file mode 100644 index 000000000..3de8e0975 --- /dev/null +++ b/source/n/wsdd2/wsdd2.nowarn.optional.smb.conf.options.patch @@ -0,0 +1,11 @@ +--- ./wsdd2.c.orig 2022-04-25 07:30:50.000000000 -0500 ++++ ./wsdd2.c 2024-05-24 13:51:20.210623306 -0500 +@@ -601,7 +601,7 @@ + + char buf[PAGE_SIZE]; + if (!fgets(buf, sizeof(buf), pp) || !buf[0] || buf[0] == '\n') { +- DEBUG(0, W, "cannot read %s from testparm", name); ++ DEBUG(1, W, "cannot read %s from testparm", name); + result = strdup(_default); + } else { // trim whitespace + char *p; diff --git a/source/n/wsdd2/wsdd2.url b/source/n/wsdd2/wsdd2.url new file mode 100644 index 000000000..37ac6e2af --- /dev/null +++ b/source/n/wsdd2/wsdd2.url @@ -0,0 +1 @@ +https://github.com/Netgear/wsdd2 |