wok-4.x rev 12473
Up openssl 1.0.2u, zlib 1.2.13, tar 1.34, add cacerts, fix git receipt
author | Stanislas Leduc <shann@slitaz.org> |
---|---|
date | Sat Mar 04 08:15:16 2023 +0000 (19 months ago) |
parents | bb72317ca464 |
children | d97d1f60fc46 |
files | .hgignore cacerts/receipt cacerts/stuff/make-ca.sh cacerts/stuff/make-cert.pl cacerts/stuff/remove-expired-certs.sh cacerts/stuff/remove_cnnic.patch git/receipt libcrypto-dev/receipt libcrypto/receipt libssl/receipt openssl-dev/receipt openssl/receipt tar/receipt zlib-dev/receipt zlib/receipt |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/.hgignore Sat Mar 04 08:15:16 2023 +0000 1.3 @@ -0,0 +1,4 @@ 1.4 +syntax: glob 1.5 +./*/taz/* 1.6 +./*/source/* 1.7 +./*/install/*
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/cacerts/receipt Sat Mar 04 08:15:16 2023 +0000 2.3 @@ -0,0 +1,57 @@ 2.4 +# SliTaz package receipt. 2.5 + 2.6 +PACKAGE="cacerts" 2.7 +VERSION="20230303" 2.8 +CATEGORY="security" 2.9 +SHORT_DESC="Certificate Authority Certificates" 2.10 +MAINTAINER="al.bobylev@gmail.com" 2.11 +LICENSE="MPL2" 2.12 +WEB_SITE="http://www.linuxfromscratch.org/blfs/view/svn/postlfs/cacerts.html" 2.13 +TARBALL="$PACKAGE-$VERSION.txt" 2.14 +WGET_URL="https://hg.mozilla.org/releases/mozilla-release/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt" 2.15 + 2.16 +DEPENDS="openssl" 2.17 +BUILD_DEPENDS="openssl" 2.18 + 2.19 +# Rules to configure and make the package. 2.20 +compile_rules() 2.21 +{ 2.22 + mv -f *.txt certdata.txt 2.23 + # Insert header 2.24 + sed -i "1i\#CVS_ID @# \$ RCSfile: certdata.txt \$ \$Revision: $data_Ymd \$ \$Date: \$" certdata.txt 2.25 + 2.26 + cp -a $stuff/* $src 2.27 + ./make-ca.sh && 2.28 + ./remove-expired-certs.sh $src/certs 2.29 +} 2.30 + 2.31 +# Rules to gen a SliTaz package suitable for Tazpkg. 2.32 +genpkg_rules() 2.33 +{ 2.34 + mkdir -p $fs/etc/ssl/certs 2.35 + cp -a $src/certs/*.pem $fs/etc/ssl/certs 2.36 + cp -a $src/ca-bundle.crt $fs/etc/ssl 2.37 + ln -s ../ca-bundle.crt $fs/etc/ssl/certs/ca-certificates.crt 2.38 +} 2.39 + 2.40 +post_install() 2.41 +{ 2.42 + case "$1" in 2.43 + /cross*) return 2.44 + esac 2.45 + 2.46 + # Keep silence, for example, when installed on cook as build dependency 2.47 + if [ -z "$quiet" ]; then 2.48 + echo "Rehash certificates:" 2.49 + out='&1' 2.50 + else 2.51 + out='/dev/null' 2.52 + fi 2.53 + 2.54 + if [ -d "$1/$INSTALLED/perl" ]; then 2.55 + chroot "$1/" c_rehash >$out 2.56 + else 2.57 + tazpkg -gi microperl --root="${1:-/}" 2.58 + chroot "$1/" microperl /usr/bin/c_rehash >$out 2.59 + fi 2.60 +}
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2 +++ b/cacerts/stuff/make-ca.sh Sat Mar 04 08:15:16 2023 +0000 3.3 @@ -0,0 +1,99 @@ 3.4 +#!/bin/sh 3.5 +# Begin make-ca.sh 3.6 +# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs 3.7 +# 3.8 +# The file certdata.txt must exist in the local directory 3.9 +# Version number is obtained from the version of the data. 3.10 +# 3.11 +# Authors: DJ Lucas 3.12 +# Bruce Dubbs 3.13 +# 3.14 +# Version 20120211 3.15 + 3.16 +# Some data in the certs have UTF-8 characters 3.17 +export LANG=en_US.utf8 3.18 + 3.19 +certdata="certdata.txt" 3.20 + 3.21 +if [ ! -r $certdata ]; then 3.22 + echo "$certdata must be in the local directory" 3.23 + exit 1 3.24 +fi 3.25 + 3.26 +REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$') 3.27 + 3.28 +if [ -z "${REVISION}" ]; then 3.29 + echo "$certfile has no 'Revision' in CVS_ID" 3.30 + exit 1 3.31 +fi 3.32 + 3.33 +VERSION=$(echo $REVISION | cut -f2 -d" ") 3.34 + 3.35 +TEMPDIR=$(mktemp -d) 3.36 +TRUSTATTRIBUTES="CKA_TRUST_SERVER_AUTH" 3.37 +BUNDLE="ca-bundle.crt" 3.38 +CONVERTSCRIPT="./make-cert.pl" 3.39 +SSLDIR="${DESTDIR}/etc/ssl" 3.40 + 3.41 +mkdir "${TEMPDIR}/certs" 3.42 + 3.43 +# Get a list of starting lines for each cert 3.44 +CERTBEGINLIST=$(grep -n "^# Certificate" "${certdata}" | cut -d ":" -f1) 3.45 + 3.46 +# Get a list of ending lines for each cert 3.47 +CERTENDLIST=`grep -n "^CKA_TRUST_STEP_UP_APPROVED" "${certdata}" | cut -d ":" -f 1` 3.48 + 3.49 +# Start a loop 3.50 +for certbegin in ${CERTBEGINLIST}; do 3.51 + for certend in ${CERTENDLIST}; do 3.52 + if test "${certend}" -gt "${certbegin}"; then 3.53 + break 3.54 + fi 3.55 + done 3.56 + 3.57 + # Dump to a temp file with the name of the file as the beginning line number 3.58 + sed -n "${certbegin},${certend}p" "${certdata}" > "${TEMPDIR}/certs/${certbegin}.tmp" 3.59 +done 3.60 + 3.61 +unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend 3.62 + 3.63 +mkdir -p certs 3.64 +rm -f certs/* # Make sure the directory is clean 3.65 + 3.66 +for tempfile in ${TEMPDIR}/certs/*.tmp; do 3.67 + # Make sure that the cert is trusted... 3.68 + grep "CKA_TRUST_SERVER_AUTH" "${tempfile}" | \ 3.69 + egrep "TRUST_UNKNOWN|NOT_TRUSTED" > /dev/null 3.70 + 3.71 + if test "${?}" = "0"; then 3.72 + # Throw a meaningful error and remove the file 3.73 + cp "${tempfile}" tempfile.cer 3.74 + perl ${CONVERTSCRIPT} > tempfile.crt 3.75 + keyhash=$(openssl x509 -noout -in tempfile.crt -hash) 3.76 + echo "Certificate ${keyhash} is not trusted! Removing..." 3.77 + rm -f tempfile.cer tempfile.crt "${tempfile}" 3.78 + continue 3.79 + fi 3.80 + 3.81 + # If execution made it to here in the loop, the temp cert is trusted 3.82 + # Find the cert data and generate a cert file for it 3.83 + 3.84 + cp "${tempfile}" tempfile.cer 3.85 + perl ${CONVERTSCRIPT} > tempfile.crt 3.86 + keyhash=$(openssl x509 -noout -in tempfile.crt -hash) 3.87 + mv tempfile.crt "certs/${keyhash}.pem" 3.88 + rm -f tempfile.cer "${tempfile}" 3.89 + echo "Created ${keyhash}.pem" 3.90 +done 3.91 + 3.92 +# Remove blacklisted files 3.93 +# MD5 Collision Proof of Concept CA 3.94 +if test -f certs/8f111d69.pem; then 3.95 + echo "Certificate 8f111d69 is not trusted! Removing..." 3.96 + rm -f certs/8f111d69.pem 3.97 +fi 3.98 + 3.99 +# Finally, generate the bundle and clean up. 3.100 +cat certs/*.pem > ${BUNDLE} 3.101 +rm -r "${TEMPDIR}" 3.102 +
4.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 4.2 +++ b/cacerts/stuff/make-cert.pl Sat Mar 04 08:15:16 2023 +0000 4.3 @@ -0,0 +1,49 @@ 4.4 +#!/usr/bin/perl -w 4.5 + 4.6 +# Used to generate PEM encoded files from Mozilla certdata.txt. 4.7 +# Run as ./make-cert.pl > certificate.crt 4.8 +# 4.9 +# Parts of this script courtesy of RedHat (mkcabundle.pl) 4.10 +# 4.11 +# This script modified for use with single file data (tempfile.cer) extracted 4.12 +# from certdata.txt, taken from the latest version in the Mozilla NSS source. 4.13 +# mozilla/security/nss/lib/ckfw/builtins/certdata.txt 4.14 +# 4.15 +# Authors: DJ Lucas 4.16 +# Bruce Dubbs 4.17 +# 4.18 +# Version 20120211 4.19 + 4.20 +my $certdata = './tempfile.cer'; 4.21 + 4.22 +open( IN, "cat $certdata|" ) 4.23 + || die "could not open $certdata"; 4.24 + 4.25 +my $incert = 0; 4.26 + 4.27 +while ( <IN> ) 4.28 +{ 4.29 + if ( /^CKA_VALUE MULTILINE_OCTAL/ ) 4.30 + { 4.31 + $incert = 1; 4.32 + open( OUT, "|openssl x509 -text -inform DER -fingerprint" ) 4.33 + || die "could not pipe to openssl x509"; 4.34 + } 4.35 + 4.36 + elsif ( /^END/ && $incert ) 4.37 + { 4.38 + close( OUT ); 4.39 + $incert = 0; 4.40 + print "\n\n"; 4.41 + } 4.42 + 4.43 + elsif ($incert) 4.44 + { 4.45 + my @bs = split( /\\/ ); 4.46 + foreach my $b (@bs) 4.47 + { 4.48 + chomp $b; 4.49 + printf( OUT "%c", oct($b) ) unless $b eq ''; 4.50 + } 4.51 + } 4.52 +}
5.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 5.2 +++ b/cacerts/stuff/remove-expired-certs.sh Sat Mar 04 08:15:16 2023 +0000 5.3 @@ -0,0 +1,53 @@ 5.4 +#!/bin/sh 5.5 +# Begin remove-expired-certs.sh 5.6 +# 5.7 +# Version 20120211 5.8 + 5.9 +# Make sure the date is parsed correctly on all systems 5.10 +mydate() 5.11 +{ 5.12 + local y=$( echo $1 | cut -d" " -f4 ) 5.13 + local M=$( echo $1 | cut -d" " -f1 ) 5.14 + local d=$( echo $1 | cut -d" " -f2 ) 5.15 + local m 5.16 + 5.17 + if [ ${d} -lt 10 ]; then d="0${d}"; fi 5.18 + 5.19 + case $M in 5.20 + Jan) m="01";; 5.21 + Feb) m="02";; 5.22 + Mar) m="03";; 5.23 + Apr) m="04";; 5.24 + May) m="05";; 5.25 + Jun) m="06";; 5.26 + Jul) m="07";; 5.27 + Aug) m="08";; 5.28 + Sep) m="09";; 5.29 + Oct) m="10";; 5.30 + Nov) m="11";; 5.31 + Dec) m="12";; 5.32 + esac 5.33 + 5.34 + certdate="${y}${m}${d}" 5.35 +} 5.36 + 5.37 +OPENSSL=/usr/bin/openssl 5.38 +DIR=$DESTDIR/etc/ssl/certs 5.39 + 5.40 +if [ $# -gt 0 ]; then 5.41 + DIR="$1" 5.42 +fi 5.43 + 5.44 +certs=$( find ${DIR} -type f -name "*.pem" -o -name "*.crt" ) 5.45 +today=$( date +%Y%m%d ) 5.46 + 5.47 +for cert in $certs; do 5.48 + notafter=$( $OPENSSL x509 -enddate -in "${cert}" -noout ) 5.49 + date=$( echo ${notafter} | sed 's/^notAfter=//' ) 5.50 + mydate "$date" 5.51 + 5.52 + if [ ${certdate} -lt ${today} ]; then 5.53 + echo "${cert} expired on ${certdate}! Removing..." 5.54 + rm -f "${cert}" 5.55 + fi 5.56 +done
6.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 6.2 +++ b/cacerts/stuff/remove_cnnic.patch Sat Mar 04 08:15:16 2023 +0000 6.3 @@ -0,0 +1,7 @@ 6.4 +# Remove CNNIC Root certificate (temporarily) 6.5 +# http://googleonlinesecurity.blogspot.com/2015/03/maintaining-digital-certificate-security.html 6.6 +--- a/certdata.txt 6.7 ++++ b/certdata.txt 6.8 +@@ -14889 +14889 @@ 6.9 +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR 6.10 ++CKA_TRUST_SERVER_AUTH TRUST_UNKNOWN
7.1 --- a/git/receipt Fri Mar 03 09:44:37 2023 +0000 7.2 +++ b/git/receipt Sat Mar 04 08:15:16 2023 +0000 7.3 @@ -11,13 +11,12 @@ 7.4 WGET_URL="http://mirror.slitaz.org/sources/packages-4.0/g/$TARBALL" 7.5 7.6 DEPENDS="zlib openssl curl expat" 7.7 -BUILD_DEPENDS="zlib-dev openssl-dev curl-dev expat-dev perl python-dev tar bzip2" 7.8 +BUILD_DEPENDS="zlib-dev openssl-dev curl-dev expat-dev perl python-dev bzip2" 7.9 7.10 # Rules to configure and make the package. 7.11 compile_rules() 7.12 { 7.13 cd $src 7.14 - [ -L /bin/tar ] && tazpkg get-install tar --forced 7.15 ./configure \ 7.16 --prefix=/usr \ 7.17 --libexecdir=/usr/lib \
8.1 --- a/libcrypto-dev/receipt Fri Mar 03 09:44:37 2023 +0000 8.2 +++ b/libcrypto-dev/receipt Sat Mar 04 08:15:16 2023 +0000 8.3 @@ -1,7 +1,7 @@ 8.4 # SliTaz package receipt. 8.5 8.6 PACKAGE="libcrypto-dev" 8.7 -VERSION="1.0.0g" 8.8 +VERSION="1.0.2u" 8.9 CATEGORY="development" 8.10 SHORT_DESC="General purpose cryptographic shared library devel files." 8.11 MAINTAINER="pascal.bellard@slitaz.org"
9.1 --- a/libcrypto/receipt Fri Mar 03 09:44:37 2023 +0000 9.2 +++ b/libcrypto/receipt Sat Mar 04 08:15:16 2023 +0000 9.3 @@ -1,7 +1,7 @@ 9.4 # SliTaz package receipt. 9.5 9.6 PACKAGE="libcrypto" 9.7 -VERSION="1.0.0g" 9.8 +VERSION="1.0.2u" 9.9 CATEGORY="security" 9.10 SHORT_DESC="General purpose cryptographic shared library." 9.11 MAINTAINER="pascal.bellard@slitaz.org"
10.1 --- a/libssl/receipt Fri Mar 03 09:44:37 2023 +0000 10.2 +++ b/libssl/receipt Sat Mar 04 08:15:16 2023 +0000 10.3 @@ -1,7 +1,7 @@ 10.4 # SliTaz package receipt. 10.5 10.6 PACKAGE="libssl" 10.7 -VERSION="1.0.0g" 10.8 +VERSION="1.0.2u" 10.9 CATEGORY="development" 10.10 SHORT_DESC="OpenSSL libraries." 10.11 MAINTAINER="pascal.bellard@slitaz.org"
11.1 --- a/openssl-dev/receipt Fri Mar 03 09:44:37 2023 +0000 11.2 +++ b/openssl-dev/receipt Sat Mar 04 08:15:16 2023 +0000 11.3 @@ -1,7 +1,7 @@ 11.4 # SliTaz package receipt. 11.5 11.6 PACKAGE="openssl-dev" 11.7 -VERSION="1.0.0g" 11.8 +VERSION="1.0.2u" 11.9 CATEGORY="development" 11.10 SHORT_DESC="Open source Secure Sockets Layer devel files." 11.11 MAINTAINER="pascal.bellard@slitaz.org"
12.1 --- a/openssl/receipt Fri Mar 03 09:44:37 2023 +0000 12.2 +++ b/openssl/receipt Sat Mar 04 08:15:16 2023 +0000 12.3 @@ -1,7 +1,7 @@ 12.4 # SliTaz package receipt. 12.5 12.6 PACKAGE="openssl" 12.7 -VERSION="1.0.0g" 12.8 +VERSION="1.0.2u" 12.9 CATEGORY="security" 12.10 SHORT_DESC="Open source Secure Sockets Layer." 12.11 MAINTAINER="pascal.bellard@slitaz.org"
13.1 --- a/tar/receipt Fri Mar 03 09:44:37 2023 +0000 13.2 +++ b/tar/receipt Sat Mar 04 08:15:16 2023 +0000 13.3 @@ -1,7 +1,7 @@ 13.4 # SliTaz package receipt. 13.5 13.6 PACKAGE="tar" 13.7 -VERSION="1.33" 13.8 +VERSION="1.34" 13.9 CATEGORY="utilities" 13.10 SHORT_DESC="GNU tar archiving tools." 13.11 MAINTAINER="pankso@slitaz.org"
14.1 --- a/zlib-dev/receipt Fri Mar 03 09:44:37 2023 +0000 14.2 +++ b/zlib-dev/receipt Sat Mar 04 08:15:16 2023 +0000 14.3 @@ -1,7 +1,7 @@ 14.4 # SliTaz package receipt. 14.5 14.6 PACKAGE="zlib-dev" 14.7 -VERSION="1.2.12" 14.8 +VERSION="1.2.13" 14.9 CATEGORY="development" 14.10 SHORT_DESC="Zlib compression library devel files." 14.11 MAINTAINER="pankso@slitaz.org"
15.1 --- a/zlib/receipt Fri Mar 03 09:44:37 2023 +0000 15.2 +++ b/zlib/receipt Sat Mar 04 08:15:16 2023 +0000 15.3 @@ -1,7 +1,7 @@ 15.4 # SliTaz package receipt. 15.5 15.6 PACKAGE="zlib" 15.7 -VERSION="1.2.12" 15.8 +VERSION="1.2.13" 15.9 CATEGORY="base-system" 15.10 SHORT_DESC="Compression library." 15.11 MAINTAINER="pankso@slitaz.org"