This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via fb152933d3ff9a448256309f54cb30ff4193f9d5 (commit) via 862566343aae50782c24459cdb1b6969f2577347 (commit) via 84bfae6076673e7fa0a52994acf1be1c6d664996 (commit) via 92f2bdd0ca31f6255178503e9a1e875980afe3f2 (commit) via 730a2c9082f7f1d60862968a541feadb550a3014 (commit) via afd1cb3b9d87309929e5d0a8719677fce8d19bb1 (commit) via 5ded395db0cc16e305a93e0b10f6f6e38a1a2af4 (commit) from 239611d40f46cf161576bf9a1d1301b3a2909861 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit fb152933d3ff9a448256309f54cb30ff4193f9d5 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Feb 28 18:06:44 2023 +0000
ca-certificates: Make this all build without Python 2 and Perl
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 862566343aae50782c24459cdb1b6969f2577347 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Feb 28 17:38:30 2023 +0000
dejagnu: Enable testsuite
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 84bfae6076673e7fa0a52994acf1be1c6d664996 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Feb 28 17:37:51 2023 +0000
expect: Update to 5.45.4
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 92f2bdd0ca31f6255178503e9a1e875980afe3f2 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Feb 28 17:25:40 2023 +0000
perl-SGMLSpm: Update to 1.1
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 730a2c9082f7f1d60862968a541feadb550a3014 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Feb 28 17:19:29 2023 +0000
ipfire-logos: Fix download URL
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit afd1cb3b9d87309929e5d0a8719677fce8d19bb1 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Feb 28 17:19:12 2023 +0000
texinfo: Fix build by adding missing Perl modules
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5ded395db0cc16e305a93e0b10f6f6e38a1a2af4 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 28 16:56:42 2023 +0100
perl-libintl-perl: Update to 1.33
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: ca-certificates/ca-certificates.nm | 64 ++-- ca-certificates/certdata2pem.py | 355 +++++++++++++++++---- ca-certificates/generate-cacerts.pl | 347 -------------------- dejagnu/dejagnu.nm | 6 +- expect/expect.nm | 37 +-- expect/patches/expect-5.32.2-random.patch | 19 -- expect/patches/expect-5.43.0-log_file.patch | 12 - expect/patches/expect-5.43.0-pkgpath.patch | 46 --- expect/patches/expect-5.45-check-telnet.patch | 29 -- expect/patches/expect-5.45-format-security.patch | 13 + expect/patches/expect-5.45-man-page.patch | 13 - .../expect-5.45-match-gt-numchars-segfault.patch | 17 - expect/patches/expect-5.45-mkpasswd-dash.patch | 13 - .../expect-5.45-passmass-su-full-path.patch | 12 - ipfire-logos/ipfire-logos.nm | 2 +- perl-SGMLSpm/perl-SGMLSpm.nm | 27 +- perl-libintl-perl/perl-libintl-perl.nm | 6 +- texinfo/texinfo.nm | 4 +- 18 files changed, 368 insertions(+), 654 deletions(-) delete mode 100755 ca-certificates/generate-cacerts.pl delete mode 100644 expect/patches/expect-5.32.2-random.patch delete mode 100644 expect/patches/expect-5.43.0-log_file.patch delete mode 100644 expect/patches/expect-5.43.0-pkgpath.patch delete mode 100644 expect/patches/expect-5.45-check-telnet.patch create mode 100644 expect/patches/expect-5.45-format-security.patch delete mode 100644 expect/patches/expect-5.45-man-page.patch delete mode 100644 expect/patches/expect-5.45-match-gt-numchars-segfault.patch delete mode 100644 expect/patches/expect-5.45-mkpasswd-dash.patch delete mode 100644 expect/patches/expect-5.45-passmass-su-full-path.patch
Difference in files: diff --git a/ca-certificates/ca-certificates.nm b/ca-certificates/ca-certificates.nm index e9b6d53ba..fadabdce0 100644 --- a/ca-certificates/ca-certificates.nm +++ b/ca-certificates/ca-certificates.nm @@ -5,7 +5,7 @@
name = ca-certificates version = 2022.12 -release = 1 +release = 2 arch = noarch
groups = System/Base @@ -24,32 +24,29 @@ sources = build requires openssl - perl - rcs + p11-kit + python3 end
DIR_APP = %{DIR_SOURCE}
build - # Create file layout. + # Create file layout mkdir -pv certs cp certdata.txt blacklist.txt certs - cd certs
- python %{DIR_SOURCE}/certdata2pem.py + pushd certs + python3 %{DIR_SOURCE}/certdata2pem.py + popd
- cd .. (cat <<EOF # This is a bundle of X.509 certificates of public Certificate # Authorities. It was generated from the Mozilla root CA list. # # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt # - # Generated from: EOF - ident -q certdata.txt | sed '1d;s/^/#/'; - - echo '#' ) > ca-bundle.crt + ) > ca-bundle.crt
(cat <<EOF # This is a bundle of X.509 certificates of public Certificate @@ -59,33 +56,30 @@ build # # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt # - # Generated from: EOF - ident -q certdata.txt | sed '1d;s/^/#/'; - echo '#' ) > ca-bundle.trust.crt - - for f in certs/*.crt; do - [ -z "${f}" ] && continue - - tbits=$(sed -n '/^# openssl-trust/{s/^.*=//;p;}' ${f}) - case "${tbits}" in - *serverAuth*) - openssl x509 -text -in "${f}" >> ca-bundle.crt - ;; - esac - - if [ -n "$tbits" ]; then - targs="" - for t in ${tbits}; do - targs="${targs} -addtrust ${t}" - done - - openssl x509 -text -in "${f}" -trustout $targs >> ca-bundle.trust.crt - fi + ) > ca-bundle.trust.crt + + # Collect all certs for p11-kit + for p in certs/*.tmp-p11-kit; do + cat "${p}" >> ca-bundle.trust.p11-kit done
- perl generate-cacerts.pl /usr/bin/keytool ../ca-bundle.crt - touch -r certdata.txt cacerts + trust extract \ + --overwrite \ + --comment \ + --filter=certificates \ + --format=openssl-bundle \ + ca-bundle.trust + cat ca-bundle.trust >> ca-bundle.trust.crt + + trust extract \ + --overwrite \ + --comment \ + --filter=ca-anchors \ + --format=pem-bundle \ + --purpose=server-auth \ + ca-bundle + cat ca-bundle >> ca-bundle.crt end
install diff --git a/ca-certificates/certdata2pem.py b/ca-certificates/certdata2pem.py index c22946d38..a52ce9c74 100644 --- a/ca-certificates/certdata2pem.py +++ b/ca-certificates/certdata2pem.py @@ -4,6 +4,7 @@ # certdata2pem.py - splits certdata.txt into multiple files # # Copyright (C) 2009 Philipp Kern pkern@debian.org +# Copyright (C) 2013 Kai Engert kaie@redhat.com # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -25,12 +26,17 @@ import os.path import re import sys import textwrap +import urllib.request, urllib.parse, urllib.error +import subprocess
objects = []
+def printable_serial(obj): + return ".".join([str(x) for x in obj['CKA_SERIAL_NUMBER']]) + # Dirty file parser. in_data, in_multiline, in_obj = False, False, False -field, type, value, obj = None, None, None, dict() +field, ftype, value, binval, obj = None, None, None, bytearray(), dict() for line in open('certdata.txt', 'r'): # Ignore the file header. if not in_data: @@ -50,72 +56,55 @@ for line in open('certdata.txt', 'r'): continue if in_multiline: if not line.startswith('END'): - if type == 'MULTILINE_OCTAL': + if ftype == 'MULTILINE_OCTAL': line = line.strip() for i in re.finditer(r'\([0-3][0-7][0-7])', line): - value += chr(int(i.group(1), 8)) + integ = int(i.group(1), 8) + binval.extend((integ).to_bytes(1, sys.byteorder)) + obj[field] = binval else: value += line + obj[field] = value continue - obj[field] = value in_multiline = False continue if line.startswith('CKA_CLASS'): in_obj = True line_parts = line.strip().split(' ', 2) if len(line_parts) > 2: - field, type = line_parts[0:2] + field, ftype = line_parts[0:2] value = ' '.join(line_parts[2:]) elif len(line_parts) == 2: - field, type = line_parts + field, ftype = line_parts value = None else: - raise NotImplementedError, 'line_parts < 2 not supported.' - if type == 'MULTILINE_OCTAL': + raise NotImplementedError('line_parts < 2 not supported.\n' + line) + if ftype == 'MULTILINE_OCTAL': in_multiline = True value = "" + binval = bytearray() continue obj[field] = value -if len(obj.items()) > 0: +if len(list(obj.items())) > 0: objects.append(obj)
-# Read blacklist. -blacklist = [] -if os.path.exists('blacklist.txt'): - for line in open('blacklist.txt', 'r'): - line = line.strip() - if line.startswith('#') or len(line) == 0: - continue - item = line.split('#', 1)[0].strip() - blacklist.append(item) - # Build up trust database. -trust = dict() trustmap = dict() for obj in objects: - if obj['CKA_CLASS'] != 'CKO_NSS_TRUST': continue - if obj['CKA_LABEL'] in blacklist: - print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL'] - elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR': - trust[obj['CKA_LABEL']] = True - elif obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_TRUSTED_DELEGATOR': - trust[obj['CKA_LABEL']] = True - elif obj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_TRUSTED_DELEGATOR': - trust[obj['CKA_LABEL']] = True - elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_UNTRUSTED': - print '!'*74 - print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL'] - print '!'*74 - sys.exit(1) - else: - print "Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \ - (obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'], - obj['CKA_TRUST_EMAIL_PROTECTION']) - label = obj['CKA_LABEL'] - trustmap[label] = obj - print " added cert", label + key = obj['CKA_LABEL'] + printable_serial(obj) + trustmap[key] = obj + print(" added trust", key) + +# Build up cert database. +certmap = dict() +for obj in objects: + if obj['CKA_CLASS'] != 'CKO_CERTIFICATE': + continue + key = obj['CKA_LABEL'] + printable_serial(obj) + certmap[key] = obj + print(" added cert", key)
def obj_to_filename(obj): label = obj['CKA_LABEL'][1:-1] @@ -124,9 +113,31 @@ def obj_to_filename(obj): .replace('(', '=')\ .replace(')', '=')\ .replace(',', '_') - label = re.sub(r'\x[0-9a-fA-F]{2}', lambda m:chr(int(m.group(0)[2:], 16)), label) - serial = ".".join(map(lambda x:str(ord(x)), obj['CKA_SERIAL_NUMBER'])) - return label + ":" + serial + ".crt" + labelbytes = bytearray() + i = 0 + imax = len(label) + while i < imax: + if i < imax-3 and label[i] == '\' and label[i+1] == 'x': + labelbytes.extend(bytes.fromhex(label[i+2:i+4])) + i += 4 + continue + labelbytes.extend(str.encode(label[i])) + i = i+1 + continue + label = labelbytes.decode('utf-8') + serial = printable_serial(obj) + return label + ":" + serial + +def write_cert_ext_to_file(f, oid, value, public_key): + f.write("[p11-kit-object-v1]\n") + f.write("label: "); + f.write(tobj['CKA_LABEL']) + f.write("\n") + f.write("class: x-certificate-extension\n"); + f.write("object-id: " + oid + "\n") + f.write("value: "" + value + ""\n") + f.write("modifiable: false\n"); + f.write(public_key)
trust_types = { "CKA_TRUST_DIGITAL_SIGNATURE": "digital-signature", @@ -147,6 +158,18 @@ trust_types = { "CKA_TRUST_STEP_UP_APPROVED": "step-up-approved", }
+legacy_trust_types = { + "LEGACY_CKA_TRUST_SERVER_AUTH": "server-auth", + "LEGACY_CKA_TRUST_CODE_SIGNING": "code-signing", + "LEGACY_CKA_TRUST_EMAIL_PROTECTION": "email-protection", +} + +legacy_to_real_trust_types = { + "LEGACY_CKA_TRUST_SERVER_AUTH": "CKA_TRUST_SERVER_AUTH", + "LEGACY_CKA_TRUST_CODE_SIGNING": "CKA_TRUST_CODE_SIGNING", + "LEGACY_CKA_TRUST_EMAIL_PROTECTION": "CKA_TRUST_EMAIL_PROTECTION", +} + openssl_trust = { "CKA_TRUST_SERVER_AUTH": "serverAuth", "CKA_TRUST_CLIENT_AUTH": "clientAuth", @@ -154,29 +177,237 @@ openssl_trust = { "CKA_TRUST_EMAIL_PROTECTION": "emailProtection", }
-for obj in objects: - if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': - print "producing cert file for " + obj['CKA_LABEL'] - if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: - print " -> untrusted, ignoring" - continue - fname = obj_to_filename(obj) - f = open(fname, 'w') +cert_distrust_types = { + "CKA_NSS_SERVER_DISTRUST_AFTER": "nss-server-distrust-after", + "CKA_NSS_EMAIL_DISTRUST_AFTER": "nss-email-distrust-after", +} + +for tobj in objects: + if tobj['CKA_CLASS'] == 'CKO_NSS_TRUST': + key = tobj['CKA_LABEL'] + printable_serial(tobj) + print("producing trust for " + key) trustbits = [] + distrustbits = [] openssl_trustflags = [] - tobj = trustmap[obj['CKA_LABEL']] - for t in trust_types.keys(): - if tobj.has_key(t) and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR': + openssl_distrustflags = [] + legacy_trustbits = [] + legacy_openssl_trustflags = [] + for t in list(trust_types.keys()): + if t in tobj and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR': trustbits.append(t) if t in openssl_trust: openssl_trustflags.append(openssl_trust[t]) - f.write("# trust=" + " ".join(trustbits) + "\n") - if openssl_trustflags: - f.write("# openssl-trust=" + " ".join(openssl_trustflags) + "\n") - f.write("-----BEGIN CERTIFICATE-----\n") - f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64))) - f.write("\n-----END CERTIFICATE-----\n") - print " -> written as '%s', trust = %s, openssl-trust = %s" % (fname, trustbits, openssl_trustflags) + if t in tobj and tobj[t] == 'CKT_NSS_NOT_TRUSTED': + distrustbits.append(t) + if t in openssl_trust: + openssl_distrustflags.append(openssl_trust[t]) + + for t in list(legacy_trust_types.keys()): + if t in tobj and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR': + real_t = legacy_to_real_trust_types[t] + legacy_trustbits.append(real_t) + if real_t in openssl_trust: + legacy_openssl_trustflags.append(openssl_trust[real_t]) + if t in tobj and tobj[t] == 'CKT_NSS_NOT_TRUSTED': + raise NotImplementedError('legacy distrust not supported.\n' + line) + + fname = obj_to_filename(tobj) + try: + obj = certmap[key] + except: + obj = None + + # optional debug code, that dumps the parsed input to files + #fulldump = "dump-" + fname + #dumpf = open(fulldump, 'w') + #dumpf.write(str(obj)); + #dumpf.write(str(tobj)); + #dumpf.close(); + + is_legacy = 0 + if 'LEGACY_CKA_TRUST_SERVER_AUTH' in tobj or 'LEGACY_CKA_TRUST_EMAIL_PROTECTION' in tobj or 'LEGACY_CKA_TRUST_CODE_SIGNING' in tobj: + is_legacy = 1 + if obj == None: + raise NotImplementedError('found legacy trust without certificate.\n' + line) + + legacy_fname = "legacy-default/" + fname + ".crt" + f = open(legacy_fname, 'w') + f.write("# alias=%s\n"%tobj['CKA_LABEL']) + f.write("# trust=" + " ".join(legacy_trustbits) + "\n") + if legacy_openssl_trustflags: + f.write("# openssl-trust=" + " ".join(legacy_openssl_trustflags) + "\n") + f.write("-----BEGIN CERTIFICATE-----\n") + temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE']) + temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64) + f.write("\n".join(temp_wrapped)) + f.write("\n-----END CERTIFICATE-----\n") + f.close() + + if 'CKA_TRUST_SERVER_AUTH' in tobj or 'CKA_TRUST_EMAIL_PROTECTION' in tobj or 'CKA_TRUST_CODE_SIGNING' in tobj: + legacy_fname = "legacy-disable/" + fname + ".crt" + f = open(legacy_fname, 'w') + f.write("# alias=%s\n"%tobj['CKA_LABEL']) + f.write("# trust=" + " ".join(trustbits) + "\n") + if openssl_trustflags: + f.write("# openssl-trust=" + " ".join(openssl_trustflags) + "\n") + f.write("-----BEGIN CERTIFICATE-----\n") + f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64))) + f.write("\n-----END CERTIFICATE-----\n") + f.close() + + # don't produce p11-kit output for legacy certificates + continue + + pk = '' + cert_comment = '' + if obj != None: + # must extract the public key from the cert, let's use openssl + cert_fname = "cert-" + fname + fc = open(cert_fname, 'w') + fc.write("-----BEGIN CERTIFICATE-----\n") + temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE']) + temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64) + fc.write("\n".join(temp_wrapped)) + fc.write("\n-----END CERTIFICATE-----\n") + fc.close(); + pk_fname = "pubkey-" + fname + fpkout = open(pk_fname, "w") + dump_pk_command = ["openssl", "x509", "-in", cert_fname, "-noout", "-pubkey"] + subprocess.call(dump_pk_command, stdout=fpkout) + fpkout.close() + with open (pk_fname, "r") as myfile: + pk=myfile.read() + # obtain certificate information suitable as a comment + comment_fname = "comment-" + fname + fcout = open(comment_fname, "w") + comment_command = ["openssl", "x509", "-in", cert_fname, "-noout", "-text"] + subprocess.call(comment_command, stdout=fcout) + fcout.close() + sed_command = ["sed", "--in-place", "s/^/#/", comment_fname] + subprocess.call(sed_command) + with open (comment_fname, "r", errors = 'replace') as myfile: + cert_comment=myfile.read() + + fname += ".tmp-p11-kit" + f = open(fname, 'w') + + if obj != None: + is_distrusted = False + has_server_trust = False + has_email_trust = False + has_code_trust = False + + if 'CKA_TRUST_SERVER_AUTH' in tobj: + if tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED': + is_distrusted = True + elif tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR': + has_server_trust = True + + if 'CKA_TRUST_EMAIL_PROTECTION' in tobj: + if tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_NOT_TRUSTED': + is_distrusted = True + elif tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_TRUSTED_DELEGATOR': + has_email_trust = True + + if 'CKA_TRUST_CODE_SIGNING' in tobj: + if tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_NOT_TRUSTED': + is_distrusted = True + elif tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_TRUSTED_DELEGATOR': + has_code_trust = True + + if is_distrusted: + trust_ext_oid = "1.3.6.1.4.1.3319.6.10.1" + trust_ext_value = "0.%06%0a%2b%06%01%04%01%99w%06%0a%01%04 0%1e%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03" + write_cert_ext_to_file(f, trust_ext_oid, trust_ext_value, pk) + + trust_ext_oid = "2.5.29.37" + if has_server_trust: + if has_email_trust: + if has_code_trust: + # server + email + code + trust_ext_value = "0%2a%06%03U%1d%25%01%01%ff%04 0%1e%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03" + else: + # server + email + trust_ext_value = "0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01" + else: + if has_code_trust: + # server + code + trust_ext_value = "0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03" + else: + # server + trust_ext_value = "0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%01" + else: + if has_email_trust: + if has_code_trust: + # email + code + trust_ext_value = "0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%03" + else: + # email + trust_ext_value = "0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%04" + else: + if has_code_trust: + # code + trust_ext_value = "0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%03" + else: + # none + trust_ext_value = "0%18%06%03U%1d%25%01%01%ff%04%0e0%0c%06%0a%2b%06%01%04%01%99w%06%0a%10" + + # no 2.5.29.37 for neutral certificates + if (is_distrusted or has_server_trust or has_email_trust or has_code_trust): + write_cert_ext_to_file(f, trust_ext_oid, trust_ext_value, pk) + + pk = '' + f.write("\n") + + f.write("[p11-kit-object-v1]\n") + f.write("label: "); + f.write(tobj['CKA_LABEL']) + f.write("\n") + if is_distrusted: + f.write("x-distrusted: true\n") + elif has_server_trust or has_email_trust or has_code_trust: + f.write("trusted: true\n") + else: + f.write("trusted: false\n") + + # requires p11-kit >= 0.23.4 + f.write("nss-mozilla-ca-policy: true\n") + f.write("modifiable: false\n");
+ # requires p11-kit >= 0.23.19 + for t in list(cert_distrust_types.keys()): + if t in obj: + value = obj[t] + if value == 'CK_FALSE': + value = bytearray(1) + f.write(cert_distrust_types[t] + ": "") + f.write(urllib.parse.quote(value)); + f.write(""\n")
+ f.write("-----BEGIN CERTIFICATE-----\n") + temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE']) + temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64) + f.write("\n".join(temp_wrapped)) + f.write("\n-----END CERTIFICATE-----\n") + f.write(cert_comment) + f.write("\n")
+ else: + f.write("[p11-kit-object-v1]\n") + f.write("label: "); + f.write(tobj['CKA_LABEL']); + f.write("\n") + f.write("class: certificate\n") + f.write("certificate-type: x-509\n") + f.write("modifiable: false\n"); + f.write("issuer: ""); + f.write(urllib.parse.quote(tobj['CKA_ISSUER'])); + f.write(""\n") + f.write("serial-number: ""); + f.write(urllib.parse.quote(tobj['CKA_SERIAL_NUMBER'])); + f.write(""\n") + if (tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED') or (tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_NOT_TRUSTED') or (tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_NOT_TRUSTED'): + f.write("x-distrusted: true\n") + f.write("\n\n") + f.close() + print(" -> written as '%s', trust = %s, openssl-trust = %s, distrust = %s, openssl-distrust = %s" % (fname, trustbits, openssl_trustflags, distrustbits, openssl_distrustflags)) diff --git a/ca-certificates/generate-cacerts.pl b/ca-certificates/generate-cacerts.pl deleted file mode 100755 index 18602663d..000000000 --- a/ca-certificates/generate-cacerts.pl +++ /dev/null @@ -1,347 +0,0 @@ -#!/usr/bin/perl -w - -use diagnostics; -use Fcntl; - -# Copyright (C) 2007, 2008 Red Hat, Inc. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -# generate-cacerts.pl generates a JKS keystore named 'cacerts' from -# OpenSSL's certificate bundle using OpenJDK's keytool. - -# First extract each of OpenSSL's bundled certificates into its own -# aliased filename. -$file = $ARGV[1]; -open(CERTS, $file); -@certs = <CERTS>; -close(CERTS); - -$pem_file_count = 0; -$in_cert_block = 0; -$write_current_cert = 1; -foreach $cert (@certs) -{ - if ($cert =~ "Certificate:\n") - { - print "New certificate...\n"; - } - elsif ($cert =~ /Subject: /) - { - $_ = $cert; - if ($cert =~ /personal-freemail/) - { - $cert_alias = "thawtepersonalfreemailca"; - } - elsif ($cert =~ /personal-basic/) - { - $cert_alias = "thawtepersonalbasicca"; - } - elsif ($cert =~ /personal-premium/) - { - $cert_alias = "thawtepersonalpremiumca"; - } - elsif ($cert =~ /server-certs/) - { - $cert_alias = "thawteserverca"; - } - elsif ($cert =~ /premium-server/) - { - $cert_alias = "thawtepremiumserverca"; - } - elsif ($cert =~ /Class 1 Public Primary Certification Authority$/) - { - $cert_alias = "verisignclass1ca"; - } - elsif ($cert =~ /Class 1 Public Primary Certification Authority - G2/) - { - $cert_alias = "verisignclass1g2ca"; - } - elsif ($cert =~ - /VeriSign Class 1 Public Primary Certification Authority - G3/) - { - $cert_alias = "verisignclass1g3ca"; - } - elsif ($cert =~ /Class 2 Public Primary Certification Authority$/) - { - $cert_alias = "verisignclass2ca"; - } - elsif ($cert =~ /Class 2 Public Primary Certification Authority - G2/) - { - $cert_alias = "verisignclass2g2ca"; - } - elsif ($cert =~ - /VeriSign Class 2 Public Primary Certification Authority - G3/) - { - $cert_alias = "verisignclass2g3ca"; - } - elsif ($cert =~ /Class 3 Public Primary Certification Authority$/) - { - $cert_alias = "verisignclass3ca"; - } - # Version 1 of Class 3 Public Primary Certification Authority - # - G2 is added. Version 3 is excluded. See below. - elsif ($cert =~ /Class 3 Public Primary Certification Authority - G2.*1998/) - { - $cert_alias = "verisignclass3g2ca"; - } - elsif ($cert =~ - /VeriSign Class 3 Public Primary Certification Authority - G3/) - { - $cert_alias = "verisignclass3g3ca"; - } - elsif ($cert =~ - /RSA Data Security.*Secure Server Certification Authority/) - { - $cert_alias = "rsaserverca"; - } - elsif ($cert =~ /GTE CyberTrust Global Root/) - { - $cert_alias = "gtecybertrustglobalca"; - } - elsif ($cert =~ /Baltimore CyberTrust Root/) - { - $cert_alias = "baltimorecybertrustca"; - } - elsif ($cert =~ /www.entrust.net/Client_CA_Info/CPS/) - { - $cert_alias = "entrustclientca"; - } - elsif ($cert =~ /www.entrust.net/GCCA_CPS/) - { - $cert_alias = "entrustglobalclientca"; - } - elsif ($cert =~ /www.entrust.net/CPS_2048/) - { - $cert_alias = "entrust2048ca"; - } - elsif ($cert =~ /www.entrust.net/CPS incorp /) - { - $cert_alias = "entrustsslca"; - } - elsif ($cert =~ /www.entrust.net/SSL_CPS/) - { - $cert_alias = "entrustgsslca"; - } - elsif ($cert =~ /The Go Daddy Group/) - { - $cert_alias = "godaddyclass2ca"; - } - elsif ($cert =~ /Starfield Class 2 Certification Authority/) - { - $cert_alias = "starfieldclass2ca"; - } - elsif ($cert =~ /ValiCert Class 2 Policy Validation Authority/) - { - $cert_alias = "valicertclass2ca"; - } - elsif ($cert =~ /GeoTrust Global CA$/) - { - $cert_alias = "geotrustglobalca"; - } - elsif ($cert =~ /Equifax Secure Certificate Authority/) - { - $cert_alias = "equifaxsecureca"; - } - elsif ($cert =~ /Equifax Secure eBusiness CA-1/) - { - $cert_alias = "equifaxsecureebusinessca1"; - } - elsif ($cert =~ /Equifax Secure eBusiness CA-2/) - { - $cert_alias = "equifaxsecureebusinessca2"; - } - elsif ($cert =~ /Equifax Secure Global eBusiness CA-1/) - { - $cert_alias = "equifaxsecureglobalebusinessca1"; - } - elsif ($cert =~ /Sonera Class1 CA/) - { - $cert_alias = "soneraclass1ca"; - } - elsif ($cert =~ /Sonera Class2 CA/) - { - $cert_alias = "soneraclass2ca"; - } - elsif ($cert =~ /AAA Certificate Services/) - { - $cert_alias = "comodoaaaca"; - } - elsif ($cert =~ /AddTrust Class 1 CA Root/) - { - $cert_alias = "addtrustclass1ca"; - } - elsif ($cert =~ /AddTrust External CA Root/) - { - $cert_alias = "addtrustexternalca"; - } - elsif ($cert =~ /AddTrust Qualified CA Root/) - { - $cert_alias = "addtrustqualifiedca"; - } - elsif ($cert =~ /UTN-USERFirst-Hardware/) - { - $cert_alias = "utnuserfirsthardwareca"; - } - elsif ($cert =~ /UTN-USERFirst-Client Authentication and Email/) - { - $cert_alias = "utnuserfirstclientauthemailca"; - } - elsif ($cert =~ /UTN - DATACorp SGC/) - { - $cert_alias = "utndatacorpsgcca"; - } - elsif ($cert =~ /UTN-USERFirst-Object/) - { - $cert_alias = "utnuserfirstobjectca"; - } - elsif ($cert =~ /America Online Root Certification Authority 1/) - { - $cert_alias = "aolrootca1"; - } - elsif ($cert =~ /DigiCert Assured ID Root CA/) - { - $cert_alias = "digicertassuredidrootca"; - } - elsif ($cert =~ /DigiCert Global Root CA/) - { - $cert_alias = "digicertglobalrootca"; - } - elsif ($cert =~ /DigiCert High Assurance EV Root CA/) - { - $cert_alias = "digicerthighassuranceevrootca"; - } - elsif ($cert =~ /GlobalSign Root CA$/) - { - $cert_alias = "globalsignca"; - } - elsif ($cert =~ /GlobalSign Root CA - R2/) - { - $cert_alias = "globalsignr2ca"; - } - elsif ($cert =~ /Elektronik.*Kas.*2005/) - { - $cert_alias = "extra-elektronikkas2005"; - } - elsif ($cert =~ /Muntaner 244 Barcelona.*Firmaprofesional/) - { - $cert_alias = "extra-oldfirmaprofesional"; - } - # Mozilla does not provide these certificates: - # baltimorecodesigningca - # gtecybertrust5ca - # trustcenterclass2caii - # trustcenterclass4caii - # trustcenteruniversalcai - else - { - # Generate an alias using the OU and CN attributes of the - # Subject field if both are present, otherwise use only the - # CN attribute. The Subject field must have either the OU - # or the CN attribute. - $_ = $cert; - if ($cert =~ /OU=/) - { - s/Subject:.*?OU=//; - # Remove other occurrences of OU=. - s/OU=.*CN=//; - # Remove CN= if there were not other occurrences of OU=. - s/CN=//; - s//emailAddress.*//; - s/Certificate Authority/ca/g; - s/Certification Authority/ca/g; - } - elsif ($cert =~ /CN=/) - { - s/Subject:.*CN=//; - s//emailAddress.*//; - s/Certificate Authority/ca/g; - s/Certification Authority/ca/g; - } - s/\W//g; - tr/A-Z/a-z/; - $cert_alias = "extra-$_"; - } - print "$cert => alias $cert_alias\n"; - } - elsif ($cert =~ "Signature Algorithm: ecdsa") - { - # Ignore ECC certs since keytool rejects them - $write_current_cert = 0; - print " => ignoring ECC certificate\n"; - } - elsif ($cert eq "-----BEGIN CERTIFICATE-----\n") - { - if ($in_cert_block != 0) - { - die "FAIL: $file is malformed."; - } - $in_cert_block = 1; - if ($write_current_cert == 1) - { - $pem_file_count++; - if (!sysopen(PEM, "$cert_alias.pem", O_WRONLY|O_CREAT|O_EXCL)) { - $cert_alias = "$cert_alias.1"; - sysopen(PEM, "$cert_alias.1.pem", O_WRONLY|O_CREAT|O_EXCL) - || die("FAIL: could not open file for $cert_alias.pem: $!"); - } - print PEM $cert; - print " => writing $cert_alias.pem...\n"; - } - } - elsif ($cert eq "-----END CERTIFICATE-----\n") - { - $in_cert_block = 0; - if ($write_current_cert == 1) - { - print PEM $cert; - close(PEM); - } - $write_current_cert = 1 - } - else - { - if ($in_cert_block == 1 && $write_current_cert == 1) - { - print PEM $cert; - } - } -} - -# Check that the correct number of .pem files were produced. -@pem_files = <*.pem>; -if (@pem_files != $pem_file_count) -{ - print "$pem_file_count != ".@pem_files."\n"; - die "FAIL: Number of .pem files produced does not match". - " number of certs read from $file."; -} - -# Now store each cert in the 'cacerts' file using keytool. -$certs_written_count = 0; -foreach $pem_file (@pem_files) -{ - print "+ Adding $pem_file...\n"; - if (system("$ARGV[0] -import". - " -alias `basename $pem_file .pem`". - " -keystore cacerts -noprompt -storepass 'changeit' -file $pem_file") == 0) { - $certs_written_count++; - } else { - print "FAILED\n"; - } -} - -# Check that the correct number of certs were added to the keystore. -if ($certs_written_count != $pem_file_count) -{ - die "FAIL: Number of certs added to keystore does not match". - " number of certs read from $file."; -} diff --git a/dejagnu/dejagnu.nm b/dejagnu/dejagnu.nm index b043d0644..1f95e0104 100644 --- a/dejagnu/dejagnu.nm +++ b/dejagnu/dejagnu.nm @@ -5,7 +5,7 @@
name = dejagnu version = 1.6.3 -release = 1 +release = 1.1 arch = noarch
groups = Development/Tools @@ -24,6 +24,10 @@ build bison expect end + + test + make check + end end
packages diff --git a/expect/expect.nm b/expect/expect.nm index 0c098a379..af7658c1d 100644 --- a/expect/expect.nm +++ b/expect/expect.nm @@ -4,12 +4,12 @@ ###############################################################################
name = expect -version = 5.45 -release = 2 +version = 5.45.4 +release = 1 thisapp = %{name}%{version}
groups = Development/Languages -url = http://expect.nist.gov/ +url = https://core.tcl-lang.org/expect/index license = Public Domain summary = A program-script interaction and testing utility.
@@ -20,26 +20,14 @@ description control another program and interact with it. end
-source_dl = http://downloads.sourceforge.net/project/expect/Expect/%%7Bversion%7D/ +source_dl = https://downloads.sourceforge.net/project/expect/Expect/%%7Bversion%7D/
build requires - autoconf - automake - chrpath tcl-devel end
- prepare_cmds - aclocal - autoconf - - cd testsuite - autoconf -I.. - end - configure_options += \ - --mandir=%{mandir} \ --with-tcl=%{libdir} \ --with-tclinclude=%{includedir} \ --enable-shared @@ -49,19 +37,10 @@ build end
install_cmds - # Install lib to right location. - mkdir -pv %{BUILDROOT}%{libdir} - mv -v %{BUILDROOT}/%{libdir}/tcl*/expect%{version}/libexpect%{version}.so \ - %{BUILDROOT}%{libdir} - ln -svf libexpect%{version}.so %{BUILDROOT}%{libdir}/libexpect.so - - # Remove rpath. - chrpath --delete %{BUILDROOT}%{libdir}/libexpect%{version}.so - - # remove cryptdir/decryptdir, as Linux has no crypt command - rm -f %{BUILDROOT}/usr/bin/{cryptdir,decryptdir} - rm -f %{BUILDROOT}/usr/share/man1/{cryptdir,decryptdir}.1* - rm -f %{BUILDROOT}/usr/bin/autopasswd + # Remove cryptdir/decryptdir, as Linux has no crypt command + rm -vf %{BUILDROOT}/usr/bin/{cryptdir,decryptdir} + rm -vf %{BUILDROOT}/usr/share/man1/{cryptdir,decryptdir}.1* + rm -vf %{BUILDROOT}/usr/bin/autopasswd end end
diff --git a/expect/patches/expect-5.32.2-random.patch b/expect/patches/expect-5.32.2-random.patch deleted file mode 100644 index 0cac29449..000000000 --- a/expect/patches/expect-5.32.2-random.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff -up expect-5.44.1.15/example/mkpasswd.orig expect-5.44.1.15/example/mkpasswd ---- expect-5.44.1.15/example/mkpasswd.orig 2010-03-08 16:01:05.518378075 +0100 -+++ expect-5.44.1.15/example/mkpasswd 2010-03-08 16:01:27.408388162 +0100 -@@ -92,7 +92,14 @@ proc insert {pvar char} { - } - - proc rand {m} { -- expr {int($m*rand())} -+ set device /dev/urandom ;# /dev/random can block -+ set fileId [open $device r] -+ binary scan [read $fileId 4] i1 number -+ set clipped [expr $number % $m] -+# puts "number is $number" -+# puts "clipped is $clipped" -+ close $fileId -+ return $clipped - } - - # choose left or right starting hand diff --git a/expect/patches/expect-5.43.0-log_file.patch b/expect/patches/expect-5.43.0-log_file.patch deleted file mode 100644 index 8a2c93dc4..000000000 --- a/expect/patches/expect-5.43.0-log_file.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up expect-5.44.1.15/exp_log.c.orig expect-5.44.1.15/exp_log.c ---- expect-5.44.1.15/exp_log.c.orig 2010-03-08 15:45:20.581378309 +0100 -+++ expect-5.44.1.15/exp_log.c 2010-03-08 15:45:38.838398279 +0100 -@@ -374,7 +374,7 @@ expDiagChannelOpen(interp,filename) - Tcl_DStringAppend(&tsdPtr->diagFilename,filename,-1); - } - -- tsdPtr->diagChannel = Tcl_OpenFileChannel(interp,newfilename,"a",0777); -+ tsdPtr->diagChannel = Tcl_OpenFileChannel(interp,newfilename,"a",0666); - if (!tsdPtr->diagChannel) { - Tcl_DStringFree(&tsdPtr->diagFilename); - return TCL_ERROR; diff --git a/expect/patches/expect-5.43.0-pkgpath.patch b/expect/patches/expect-5.43.0-pkgpath.patch deleted file mode 100644 index 0c32a1f9f..000000000 --- a/expect/patches/expect-5.43.0-pkgpath.patch +++ /dev/null @@ -1,46 +0,0 @@ -diff -up expect5.45/configure.in.orig expect5.45/configure.in ---- expect5.45/configure.in.orig 2011-01-18 16:58:14.860806442 +0100 -+++ expect5.45/configure.in 2011-01-18 16:58:30.378753210 +0100 -@@ -977,6 +977,7 @@ AC_SUBST(EXP_CC_SEARCH_FLAGS) - AC_SUBST(SETUID) - AC_SUBST(SETPGRP_VOID) - AC_SUBST(DEFAULT_STTY_ARGS) -+AC_SUBST(TCL_VERSION) - # Expect uses these from tclConfig.sh to make the main executable - AC_SUBST(TCL_DL_LIBS) - AC_SUBST(TCL_CC_SEARCH_FLAGS) -diff -up expect5.45/Makefile.in.orig expect5.45/Makefile.in ---- expect5.45/Makefile.in.orig 2011-01-18 16:58:37.787723824 +0100 -+++ expect5.45/Makefile.in 2011-01-18 17:05:10.697636907 +0100 -@@ -121,8 +121,8 @@ includedir = @includedir@ - DESTDIR = - - PKG_DIR = $(PACKAGE_NAME)$(PACKAGE_VERSION) --pkgdatadir = $(datadir)/$(PKG_DIR) --pkglibdir = $(libdir)/$(PKG_DIR) -+pkgdatadir = $(datadir)/tcl@TCL_VERSION@/$(PKG_DIR) -+pkglibdir = $(libdir)/tcl@TCL_VERSION@/$(PKG_DIR) - pkgincludedir = $(includedir)/$(PKG_DIR) - - top_builddir = . -@@ -263,7 +263,7 @@ install-doc: doc - else true; fi ; \ - done - --test: binaries libraries -+test: binaries libraries pkgIndex.tcl-test - $(TCLSH) `@CYGPATH@ $(srcdir)/tests/all.tcl` $(TESTFLAGS) - - shell: binaries libraries -@@ -331,6 +331,11 @@ pkgIndex.tcl: - pkgIndex.tcl-hand: - (echo 'if {![package vsatisfies [package provide Tcl] @TCL_VERSION@]} {return}' ; \ - echo 'package ifneeded Expect $(PACKAGE_VERSION) \ -+ [list load [file join $$dir .. .. $(PKG_LIB_FILE)]]'\ -+ ) > pkgIndex.tcl -+ -+pkgIndex.tcl-test: -+ (echo 'package ifneeded Expect $(PACKAGE_VERSION) \ - [list load [file join $$dir $(PKG_LIB_FILE)]]'\ - ) > pkgIndex.tcl - diff --git a/expect/patches/expect-5.45-check-telnet.patch b/expect/patches/expect-5.45-check-telnet.patch deleted file mode 100644 index 0b67dc664..000000000 --- a/expect/patches/expect-5.45-check-telnet.patch +++ /dev/null @@ -1,29 +0,0 @@ -diff -up expect5.45/example/passmass.orig expect5.45/example/passmass ---- expect5.45/example/passmass.orig 2011-07-27 16:09:31.013843393 +0200 -+++ expect5.45/example/passmass 2011-07-27 16:10:55.667843578 +0200 -@@ -107,6 +107,10 @@ for {set i 0} {$i<$argc} {incr i} { - set login "ssh" - continue - } "-telnet" { -+ if {[file executable /usr/bin/telnet] == 0} { -+ send_user "It seems that telnet is not installed. Please install telnet in order to use the script with this option.\n" -+ exit 1 -+ } - set login "telnet" - continue - } "-program" { -diff -up expect5.45/example/weather.orig expect5.45/example/weather ---- expect5.45/example/weather.orig 2011-07-27 15:49:57.878843862 +0200 -+++ expect5.45/example/weather 2011-07-27 16:08:48.067843491 +0200 -@@ -33,6 +33,11 @@ set timeout 60 - - set env(TERM) vt100 ;# actual value doesn't matter, just has to be set - -+if {[file executable /usr/bin/telnet] == 0} { -+ send_user "It seems that telnet is not installed. Please install telnet in order to use this script.\n" -+ exit 1 -+} -+ - spawn telnet rainmaker.wunderground.com 3000 - while {1} { - expect timeout { diff --git a/expect/patches/expect-5.45-format-security.patch b/expect/patches/expect-5.45-format-security.patch new file mode 100644 index 000000000..5b621ff35 --- /dev/null +++ b/expect/patches/expect-5.45-format-security.patch @@ -0,0 +1,13 @@ +--- a/exp_clib.c.orig 2017-03-24 10:34:37.269183513 -0400 ++++ b/exp_clib.c 2017-03-24 10:34:41.171117943 -0400 +@@ -1938,8 +1938,8 @@ + char *str; + { + if (exp_is_debugging) { +- fprintf(stderr,str); +- if (exp_logfile) fprintf(exp_logfile,str); ++ fprintf(stderr, "%s", str); ++ if (exp_logfile) fprintf(exp_logfile, "%s", str); + } + } + diff --git a/expect/patches/expect-5.45-man-page.patch b/expect/patches/expect-5.45-man-page.patch deleted file mode 100644 index 1a55251e2..000000000 --- a/expect/patches/expect-5.45-man-page.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up expect5.45/expect.man.orig expect5.45/expect.man ---- expect5.45/expect.man.orig 2011-09-06 13:15:57.081827720 +0200 -+++ expect5.45/expect.man 2011-09-06 13:16:19.463826364 +0200 -@@ -173,7 +173,8 @@ way, use the - .B -b - flag. - (When using Expectk, this option is specified as --.BR -buffer .) Note that stdio-buffering may still take place however this shouldn't cause problems when reading from a fifo or stdin. -+.BR -buffer .) -+Note that stdio-buffering may still take place however this shouldn't cause problems when reading from a fifo or stdin. - .PP - If the string "-" is supplied as a filename, standard input is read instead. - (Use "./-" to read from a file actually named "-".) diff --git a/expect/patches/expect-5.45-match-gt-numchars-segfault.patch b/expect/patches/expect-5.45-match-gt-numchars-segfault.patch deleted file mode 100644 index 1abd42464..000000000 --- a/expect/patches/expect-5.45-match-gt-numchars-segfault.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff -up expect5.45/expect.c.orig expect5.45/expect.c ---- expect5.45/expect.c.orig 2012-02-06 14:15:13.469490744 +0100 -+++ expect5.45/expect.c 2012-02-06 14:16:23.596837896 +0100 -@@ -2363,7 +2363,12 @@ expMatchProcess( - - /* "!e" means no case matched - transfer by default */ - if (!e || e->transfer) { -- int remainder = numchars-match; -+ int remainder; -+ if (match > numchars) { -+ match = numchars; -+ eo->matchlen = match; -+ } -+ remainder = numchars-match; - /* delete matched chars from input buffer */ - esPtr->printed -= match; - if (numchars != 0) { diff --git a/expect/patches/expect-5.45-mkpasswd-dash.patch b/expect/patches/expect-5.45-mkpasswd-dash.patch deleted file mode 100644 index fbdecde95..000000000 --- a/expect/patches/expect-5.45-mkpasswd-dash.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up expect5.45/example/mkpasswd.orig expect5.45/example/mkpasswd ---- expect5.45/example/mkpasswd.orig 2011-03-16 13:23:23.125480017 +0100 -+++ expect5.45/example/mkpasswd 2011-03-16 13:24:08.739353139 +0100 -@@ -202,7 +202,8 @@ if {[info exists user]} { - expect { - "assword*:" { - # some systems say "Password (again):" -- send "$password\r" -+ send -- "$password\r" -+ # "--" because of passwords beginning with dash - exp_continue - } - } diff --git a/expect/patches/expect-5.45-passmass-su-full-path.patch b/expect/patches/expect-5.45-passmass-su-full-path.patch deleted file mode 100644 index 6febf944f..000000000 --- a/expect/patches/expect-5.45-passmass-su-full-path.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up expect5.45/example/passmass.orig expect5.45/example/passmass ---- expect5.45/example/passmass.orig 2011-09-06 13:04:41.439875491 +0200 -+++ expect5.45/example/passmass 2011-09-06 13:04:54.663874571 +0200 -@@ -178,7 +178,7 @@ for {set i 0} {$i<$argc} {incr i} { - } - - if ($su) { -- send "su -\r" -+ send "/bin/su -\r" - expect -nocase "password:" - send "$password(old)\r" - expect "# " diff --git a/ipfire-logos/ipfire-logos.nm b/ipfire-logos/ipfire-logos.nm index 9c18f2eda..78f4781fa 100644 --- a/ipfire-logos/ipfire-logos.nm +++ b/ipfire-logos/ipfire-logos.nm @@ -19,7 +19,7 @@ description IPFire distribution. end
-source_dl = http://source.ipfire.org/releases/%%7Bname%7D/ +source_dl = https://source.ipfire.org/releases/%%7Bname%7D/
build requires diff --git a/perl-SGMLSpm/perl-SGMLSpm.nm b/perl-SGMLSpm/perl-SGMLSpm.nm index 4590ed9ba..bc03dd3e8 100644 --- a/perl-SGMLSpm/perl-SGMLSpm.nm +++ b/perl-SGMLSpm/perl-SGMLSpm.nm @@ -4,8 +4,9 @@ ###############################################################################
name = perl-SGMLSpm -version = 1.03ii +version = 1.1 release = 1 +thisapp = SGMLSpm-%{version} arch = noarch
groups = Development/Libraries @@ -18,24 +19,20 @@ description documents into new formats. end
-source_dl = http://www.cpan.org/authors/id/D/DM/DMEGG/ - -thisapp = SGMLSpm-%{version} +source_dl = https://cpan.metacpan.org/authors/id/R/RA/RAAB/
build - DIR_APP = %{DIR_SRC}/SGMLSpm - - build = # Nothing to do. + requires + perl(ExtUtils::MakeMaker) + end
- install - # Create directory layout. - mkdir -pv %{BUILDROOT}/usr/bin - mkdir -pv %{BUILDROOT}/usr/share/perl5 + build + perl Makefile.PL INSTALLDIRS=vendor + make %{PARALLELISMFLAGS} + end
- # Install the module. - make install_system \ - BINDIR=%{BUILDROOT}/usr/bin/ \ - PERL5DIR=%{BUILDROOT}/usr/share/perl5/ + test + make test end end
diff --git a/perl-libintl-perl/perl-libintl-perl.nm b/perl-libintl-perl/perl-libintl-perl.nm index e1f5b6790..f7cd25eec 100644 --- a/perl-libintl-perl/perl-libintl-perl.nm +++ b/perl-libintl-perl/perl-libintl-perl.nm @@ -4,8 +4,8 @@ ###############################################################################
name = perl-libintl-perl -version = 1.23 -release = 2.1 +version = 1.33 +release = 1 thisapp = libintl-perl-%{version}
groups = Development/Libraries @@ -24,7 +24,9 @@ source_dl = http://search.cpan.org/CPAN/authors/id/G/GU/GUIDO/ build requires /usr/bin/xsubpp + perl(locale) perl(ExtUtils::MakeMaker) + perl(Test::More) pakfire >= 0.9.26-3.1 end
diff --git a/texinfo/texinfo.nm b/texinfo/texinfo.nm index 166d68e1d..ec54bbe18 100644 --- a/texinfo/texinfo.nm +++ b/texinfo/texinfo.nm @@ -5,7 +5,7 @@
name = texinfo version = 7.0.1 -release = 1 +release = 1.1
groups = Applications/Publishing url = https://www.gnu.org/software/texinfo/ @@ -25,6 +25,8 @@ build help2man ncurses-devel perl(Data::Dumper) + perl(File::Copy) + perl(Unicode::Normalize) perl-libintl-perl zlib-devel end
hooks/post-receive -- IPFire 3.x development tree