Commit f9bc751c authored by Ted Trask's avatar Ted Trask

Merge branch '1.9' of git://dev.alpinelinux.org/aports into 1.9

parents 8d943691 10a00b01
From 19b2598f8a52ba8af07eb4904788d0843130b094 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Tue, 27 Oct 2009 15:24:18 +0000
Subject: [PATCH] Revert "abuild: minor cleanup"
This commit seems to kill the entire repository
This reverts commit 46aed95754ebeb17a3a367b3b41d0b6424fd18d9.
---
buildrepo.in | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/buildrepo.in b/buildrepo.in
index d719c34..c211789 100755
--- a/buildrepo.in
+++ b/buildrepo.in
@@ -22,9 +22,9 @@ usage() {
listpackages() {
+ cd "$aportsdir/$1"
for i in */APKBUILD; do
- cd "$aportsdir"/$1/${i%/*}
- abuild listpkg
+ APKBUILD=$i abuild listpkg
done
}
--
1.6.5
From 64baa7c5052f1dbbd156932552d1166b5c1d40ae Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Mon, 14 Sep 2009 08:41:55 +0000
Subject: [PATCH] abuild-sign: set permissions on signed index to 644
mktemp set it to 600 so we need to manually set it to 644
---
abuild-sign.in | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/abuild-sign.in b/abuild-sign.in
index 2aa525e..86b3b15 100644
--- a/abuild-sign.in
+++ b/abuild-sign.in
@@ -80,6 +80,7 @@ for f in "$@"; do
cat "$tmptargz" "$i" > "$tmpsigned"
rm -f "$tmptargz"
mv "$tmpsigned" "$i"
+ chmod 644 "$i"
if [ -z "$quiet" ]; then
echo "Signed $i"
fi
--
1.6.4.2
# Maintainer: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgdesc="Script to build Alpine Packages" pkgdesc="Script to build Alpine Packages"
pkgname=abuild pkgname=abuild
pkgver=2.0_rc9 pkgver=2.0.1
pkgrel=1 pkgrel=0
url=http://git.alpinelinux.org/cgit/abuild/ url=http://git.alpinelinux.org/cgit/abuild/
source="http://git.alpinelinux.org/cgit/abuild/snapshot/abuild-$pkgver.tar.bz2 source="http://git.alpinelinux.org/cgit/abuild/snapshot/abuild-$pkgver.tar.bz2
0001-abuild-sign-set-permissions-on-signed-index-to-644.patch
" "
depends="fakeroot file sudo pax-utils openssl apk-tools" depends="fakeroot file sudo pax-utils openssl apk-tools"
makedepends="openssl-dev pkgconfig" makedepends="openssl-dev pkgconfig"
...@@ -13,11 +12,10 @@ license=GPL-2 ...@@ -13,11 +12,10 @@ license=GPL-2
build() { build() {
cd "$srcdir/$pkgname-$pkgver" cd "$srcdir/$pkgname-$pkgver"
patch -p1 -i ../0001-abuild-sign-set-permissions-on-signed-index-to-644.patch || return 1
make
make install DESTDIR="$pkgdir" make install DESTDIR="$pkgdir"
install -m 644 abuild.conf "$pkgdir"/etc/abuild.conf install -m 644 abuild.conf "$pkgdir"/etc/abuild.conf
} }
md5sums="025f8dfa4114cf6432fdf52f14c2fc5c abuild-2.0_rc9.tar.bz2 md5sums="50d4d0552b4ab2a394422b7ff3016124 abuild-2.0.1.tar.bz2"
512a6f10ffc7a986ea477dcf7ebd1d28 0001-abuild-sign-set-permissions-on-signed-index-to-644.patch"
From cc4644a54e4bb92507f957832647d91f7f91c21b Mon Sep 17 00:00:00 2001
From: Timo Teras <timo.teras@iki.fi>
Date: Mon, 26 Oct 2009 09:33:12 +0200
Subject: [PATCH 1/2] version: fix comparision of pre-suffixes
got broke in 0b9bfa8d52ea7ec2cae562a71932a9cc6e2b9963 which
fixed another corner case. hopefully it's good now. fixes #191.
---
src/version.c | 17 ++++++++++++++---
1 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/src/version.c b/src/version.c
index 97b87a6..4253042 100644
--- a/src/version.c
+++ b/src/version.c
@@ -207,12 +207,23 @@ int apk_version_compare_blob(apk_blob_t a, apk_blob_t b)
if (av > bv)
return APK_VERSION_GREATER;
- /* at and bt are the next expected token type */
+ /* both have TOKEN_END or TOKEN_INVALID next? */
if (at == bt)
return APK_VERSION_EQUAL;
- if (at < bt || bt == TOKEN_INVALID)
+
+ /* leading version components and their values are equal,
+ * now the non-terminating version is greater unless it's a suffix
+ * indicating pre-release */
+ if (at == TOKEN_SUFFIX && get_token(&at, &a) < 0)
+ return APK_VERSION_LESS;
+ if (bt == TOKEN_SUFFIX && get_token(&bt, &b) < 0)
return APK_VERSION_GREATER;
- return APK_VERSION_LESS;
+ if (at == TOKEN_END)
+ return APK_VERSION_LESS;
+ if (bt == TOKEN_END)
+ return APK_VERSION_GREATER;
+
+ return APK_VERSION_EQUAL;
}
int apk_version_compare(const char *str1, const char *str2)
--
1.6.5
From a7360395ea963334e80fb49d3fc36789d6f40685 Mon Sep 17 00:00:00 2001
From: Timo Teras <timo.teras@iki.fi>
Date: Mon, 26 Oct 2009 09:46:09 +0200
Subject: [PATCH 2/2] db: fix migration and pruning of symlinks to dirs
the old code treated a symlink to directory as file; it tried
to calculate regular has of it. fix this by: 1) using no follow
on migration and pruning stats, and 2) the helper function to
check if it's point to directory and not calculate hash in that
case. fixes #188.
---
src/database.c | 6 ++++--
src/io.c | 2 +-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/database.c b/src/database.c
index 16f8bb8..5b1d6bb 100644
--- a/src/database.c
+++ b/src/database.c
@@ -1810,7 +1810,7 @@ static void apk_db_purge_pkg(struct apk_database *db,
if (!(diri->dir->flags & APK_DBDIRF_PROTECTED) ||
(apk_flags & APK_PURGE) ||
(file->csum.type != APK_CHECKSUM_NONE &&
- apk_file_get_info(db->root_fd, name, file->csum.type, &fi) == 0 &&
+ apk_file_get_info(db->root_fd, name, APK_FI_NOFOLLOW | file->csum.type, &fi) == 0 &&
apk_checksum_compare(&file->csum, &fi.csum) == 0))
unlinkat(db->root_fd, name, 0);
if (apk_verbosity >= 3)
@@ -1868,6 +1868,7 @@ static void apk_db_migrate_files(struct apk_database *db,
if (ofile != NULL &&
(diri->dir->flags & APK_DBDIRF_PROTECTED))
cstype = ofile->csum.type;
+ cstype |= APK_FI_NOFOLLOW;
r = apk_file_get_info(db->root_fd, name, cstype, &fi);
if ((diri->dir->flags & APK_DBDIRF_PROTECTED) &&
@@ -1882,7 +1883,8 @@ static void apk_db_migrate_files(struct apk_database *db,
* existing file */
if (ofile == NULL ||
ofile->csum.type != file->csum.type)
- apk_file_get_info(db->root_fd, name, file->csum.type, &fi);
+ apk_file_get_info(db->root_fd, name,
+ APK_FI_NOFOLLOW | file->csum.type, &fi);
if ((apk_flags & APK_CLEAN_PROTECTED) ||
(file->csum.type != APK_CHECKSUM_NONE &&
apk_checksum_compare(&file->csum, &fi.csum) == 0))
diff --git a/src/io.c b/src/io.c
index 40590a2..3e292a7 100644
--- a/src/io.c
+++ b/src/io.c
@@ -487,7 +487,7 @@ int apk_file_get_info(int atfd, const char *filename, unsigned int flags,
.device = st.st_dev,
};
- if (checksum == APK_CHECKSUM_NONE)
+ if (checksum == APK_CHECKSUM_NONE || S_ISDIR(st.st_mode))
return 0;
if ((flags & APK_FI_NOFOLLOW) && S_ISLNK(st.st_mode)) {
--
1.6.5
# Maintainer: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=apk-tools pkgname=apk-tools
pkgver=2.0_rc6 pkgver=2.0_rc7
pkgrel=0 pkgrel=0
pkgdesc="Alpine Package Keeper - package manager for alpine" pkgdesc="Alpine Package Keeper - package manager for alpine"
subpackages="$pkgname-static" subpackages="$pkgname-static"
depends= depends=
makedepends="zlib-dev openssl-dev pkgconfig" makedepends="zlib-dev openssl-dev pkgconfig"
source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2 source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2
0001-version-fix-comparision-of-pre-suffixes.patch
0002-db-fix-migration-and-pruning-of-symlinks-to-dirs.patch
" "
...@@ -42,6 +40,4 @@ static() { ...@@ -42,6 +40,4 @@ static() {
"$subpkgdir"/sbin/apk.static "$subpkgdir"/sbin/apk.static
} }
md5sums="0209128debe2791e2380198af4ef5676 apk-tools-2.0_rc6.tar.bz2 md5sums="8654e4e4e32ead79560890567caaea5e apk-tools-2.0_rc7.tar.bz2"
3772c9db20a6d90d355fe89741dd5991 0001-version-fix-comparision-of-pre-suffixes.patch
ff7be1c68ad27a69fbeeae7b9a548270 0002-db-fix-migration-and-pruning-of-symlinks-to-dirs.patch"
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=iftop
pkgver=0.17
pkgrel=0
pkgdesc="iftop does for network usage what top(1) does for CPU usage"
url="http://www.ex-parrot.com/~pdw/iftop/"
license="GPL"
depends=
makedepends="libpcap-dev>=1 ncurses-dev"
subpackages="$pkgname-doc"
source="http://www.ex-parrot.com/~pdw/$pkgname/download/$pkgname-$pkgver.tar.gz"
build() {
cd "$srcdir/$pkgname-$pkgver"
./configure --prefix=/usr --mandir=/usr/share/man
make
make DESTDIR="$pkgdir" install
}
md5sums="062bc8fb3856580319857326e0b8752d iftop-0.17.tar.gz"
From bf94c9b9aa7884fc50d3110d69e2d28e413159ed Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Tue, 24 Nov 2009 12:23:38 +0000
Subject: [PATCH] init: never overwrite existing files
ref #197
---
initramfs-init.in | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/initramfs-init.in b/initramfs-init.in
index 04798de..bd97ace 100755
--- a/initramfs-init.in
+++ b/initramfs-init.in
@@ -372,7 +372,7 @@ if [ -n "$KOPT_chart" ]; then
fi
apkflags="--initdb --quiet --progress --force --no-network"
if [ -z "$KOPT_keep_apk_new" ]; then
- apkflags="$apkflags --clean-protected"
+ apkflags="$apkflags --clean-protected --never-overwrite"
fi
apk add --root $sysroot $repo_opt $apkflags $pkgs >/dev/null
eend $?
--
1.6.5.3
# Maintainer: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=mkinitfs pkgname=mkinitfs
pkgver=2.0_rc6 pkgver=2.0_rc6
pkgrel=0 pkgrel=1
pkgdesc="Tool to generate initramfs images for Alpine" pkgdesc="Tool to generate initramfs images for Alpine"
url=http://git.alpinelinux.org/cgit/mkinitfs url=http://git.alpinelinux.org/cgit/mkinitfs
depends="busybox" depends="busybox apk-tools>=2.0_rc7"
triggers="$pkgname.trigger:/usr/share/kernel/*" triggers="$pkgname.trigger:/usr/share/kernel/*"
source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2 source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2
0001-init-never-overwrite-existing-files.patch
" "
license="GPL-2" license="GPL-2"
build() { build() {
cd "$srcdir"/$pkgname-$pkgver cd "$srcdir"/$pkgname-$pkgver
patch -p1 -i ../0001-init-never-overwrite-existing-files.patch || return 1
make || return 1 make || return 1
make install DESTDIR="$pkgdir" || return 1 make install DESTDIR="$pkgdir" || return 1
} }
md5sums="6b8945b2e3be747caf8cfb29230f180e mkinitfs-2.0_rc6.tar.bz2" md5sums="6b8945b2e3be747caf8cfb29230f180e mkinitfs-2.0_rc6.tar.bz2
921aadd7e302d5e565e539e611be946e 0001-init-never-overwrite-existing-files.patch"
# Maintainer: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openssl pkgname=openssl
pkgver=0.9.8l pkgver=0.9.8l
pkgrel=0 pkgrel=1
pkgdesc="Toolkit for SSL v2/v3 and TLS v1" pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
url=http://openssl.org url=http://openssl.org
depends= depends=
...@@ -15,6 +15,11 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz ...@@ -15,6 +15,11 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
openssl-bb-basename.patch openssl-bb-basename.patch
openssl-0.9.8k-quote-cc.patch openssl-0.9.8k-quote-cc.patch
openssl-0.9.8k-padlock-sha.patch openssl-0.9.8k-padlock-sha.patch
openssl-0.9.8l-CVE-2009-1377.patch
openssl-0.9.8l-CVE-2009-1378.patch
openssl-0.9.8l-CVE-2009-1379.patch
openssl-0.9.8l-CVE-2009-1387.patch
openssl-0.9.8l-CVE-2009-2409.patch
" "
build() { build() {
...@@ -45,4 +50,9 @@ md5sums="05a0ece1372392a2cf310ebb96333025 openssl-0.9.8l.tar.gz ...@@ -45,4 +50,9 @@ md5sums="05a0ece1372392a2cf310ebb96333025 openssl-0.9.8l.tar.gz
04a6a88c2ee4badd4f8649792b73eaf3 openssl-0.9.8g-fix_manpages-1.patch 04a6a88c2ee4badd4f8649792b73eaf3 openssl-0.9.8g-fix_manpages-1.patch
c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch
c838eb8488896cfeb7de957a0cbe04ae openssl-0.9.8k-quote-cc.patch c838eb8488896cfeb7de957a0cbe04ae openssl-0.9.8k-quote-cc.patch
86b7f1bf50e1f3ba407ec62001a51a0d openssl-0.9.8k-padlock-sha.patch" 86b7f1bf50e1f3ba407ec62001a51a0d openssl-0.9.8k-padlock-sha.patch
36694a8dd1c7164f1021f6f24ef20ab9 openssl-0.9.8l-CVE-2009-1377.patch
80b8c77288a6fde633f8ac3a33e21d31 openssl-0.9.8l-CVE-2009-1378.patch
da60b14279e076a19e783f07d8a60d24 openssl-0.9.8l-CVE-2009-1379.patch
926b151cb1e32dc6e9b1c9a25f218a31 openssl-0.9.8l-CVE-2009-1387.patch
595f5bda14198b3aa83a854b1d4fcfb0 openssl-0.9.8l-CVE-2009-2409.patch"
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
Index: openssl/crypto/pqueue/pqueue.c
RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v
rcsdiff -q -kk '-r1.2.2.4' '-r1.2.2.5' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v' 2>/dev/null
--- a/crypto/pqueue/pqueue.c 2005/06/28 12:53:33 1.2.2.4
+++ b/crypto/pqueue/pqueue.c 2009/05/16 16:18:44 1.2.2.5
@@ -234,3 +234,17 @@
return ret;
}
+
+int
+pqueue_size(pqueue_s *pq)
+{
+ pitem *item = pq->items;
+ int count = 0;
+
+ while(item != NULL)
+ {
+ count++;
+ item = item->next;
+ }
+ return count;
+}
Index: openssl/crypto/pqueue/pqueue.h
RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v
rcsdiff -q -kk '-r1.2.2.1' '-r1.2.2.2' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v' 2>/dev/null
--- a/crypto/pqueue/pqueue.h 2005/05/30 22:34:27 1.2.2.1
+++ b/crypto/pqueue/pqueue.h 2009/05/16 16:18:44 1.2.2.2
@@ -91,5 +91,6 @@
pitem *pqueue_next(piterator *iter);
void pqueue_print(pqueue pq);
+int pqueue_size(pqueue pq);
#endif /* ! HEADER_PQUEUE_H */
Index: openssl/ssl/d1_pkt.c
RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v
rcsdiff -q -kk '-r1.4.2.17' '-r1.4.2.18' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null
--- a/ssl/d1_pkt.c 2009/05/16 15:51:59 1.4.2.17
+++ b/ssl/d1_pkt.c 2009/05/16 16:18:45 1.4.2.18
@@ -167,6 +167,10 @@
DTLS1_RECORD_DATA *rdata;
pitem *item;
+ /* Limit the size of the queue to prevent DOS attacks */
+ if (pqueue_size(queue->q) >= 100)
+ return 0;
+
rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
item = pitem_new(priority, rdata);
if (rdata == NULL || item == NULL)
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
Index: ssl/d1_both.c
===================================================================
--- a/ssl/d1_both.c.orig
+++ b/ssl/d1_both.c
@@ -561,7 +561,16 @@ dtls1_process_out_of_seq_message(SSL *s,
if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
goto err;
- if (msg_hdr->seq <= s->d1->handshake_read_seq)
+ /* Try to find item in queue, to prevent duplicate entries */
+ pq_64bit_init(&seq64);
+ pq_64bit_assign_word(&seq64, msg_hdr->seq);
+ item = pqueue_find(s->d1->buffered_messages, seq64);
+ pq_64bit_free(&seq64);
+
+ /* Discard the message if sequence number was already there, is
+ * too far in the future or the fragment is already in the queue */
+ if (msg_hdr->seq <= s->d1->handshake_read_seq ||
+ msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL)
{
unsigned char devnull [256];
Index: openssl/ssl/d1_both.c
RCS File: /v/openssl/cvs/openssl/ssl/d1_both.c,v
rcsdiff -q -kk '-r1.14.2.6' '-r1.14.2.7' -u '/v/openssl/cvs/openssl/ssl/d1_both.c,v' 2>/dev/null
--- a/ssl/d1_both.c 2009/04/22 12:17:02 1.14.2.6
+++ b/ssl/d1_both.c 2009/05/13 11:51:30 1.14.2.7
@@ -519,6 +519,7 @@
if ( s->d1->handshake_read_seq == frag->msg_header.seq)
{
+ unsigned long frag_len = frag->msg_header.frag_len;
pqueue_pop(s->d1->buffered_messages);
al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
@@ -536,7 +537,7 @@
if (al==0)
{
*ok = 1;
- return frag->msg_header.frag_len;
+ return frag_len;
}
ssl3_send_alert(s,SSL3_AL_FATAL,al);
http://bugs.gentoo.org/270305
fix from upstream
Index: ssl/d1_both.c
===================================================================
RCS file: /usr/local/src/openssl/CVSROOT/openssl/ssl/d1_both.c,v
retrieving revision 1.4.2.7
retrieving revision 1.4.2.8
diff -u -p -r1.4.2.7 -r1.4.2.8
--- a/ssl/d1_both.c 17 Oct 2007 21:17:49 -0000 1.4.2.7
+++ b/ssl/d1_both.c 2 Apr 2009 22:12:13 -0000 1.4.2.8
@@ -575,30 +575,31 @@ dtls1_process_out_of_seq_message(SSL *s,
}
}
- frag = dtls1_hm_fragment_new(frag_len);
- if ( frag == NULL)
- goto err;
+ if (frag_len)
+ {
+ frag = dtls1_hm_fragment_new(frag_len);
+ if ( frag == NULL)
+ goto err;
- memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+ memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
- if (frag_len)
- {
- /* read the body of the fragment (header has already been read */
+ /* read the body of the fragment (header has already been read) */
i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
frag->fragment,frag_len,0);
if (i<=0 || (unsigned long)i!=frag_len)
goto err;
- }
- pq_64bit_init(&seq64);
- pq_64bit_assign_word(&seq64, msg_hdr->seq);
+ pq_64bit_init(&seq64);
+ pq_64bit_assign_word(&seq64, msg_hdr->seq);
- item = pitem_new(seq64, frag);
- pq_64bit_free(&seq64);
- if ( item == NULL)
- goto err;
+ item = pitem_new(seq64, frag);
+ pq_64bit_free(&seq64);
+ if ( item == NULL)
+ goto err;
+
+ pqueue_insert(s->d1->buffered_messages, item);
+ }
- pqueue_insert(s->d1->buffered_messages, item);
return DTLS1_HM_FRAGMENT_RETRY;
err:
http://bugs.gentoo.org/280591
fix from upstream
http://cvs.openssl.org/chngview?cn=18260
Index: openssl/crypto/x509/x509_vfy.c
RCS File: /v/openssl/cvs/openssl/crypto/x509/x509_vfy.c,v
rcsdiff -q -kk '-r1.77.2.8' '-r1.77.2.9' -u '/v/openssl/cvs/openssl/crypto/x509/x509_vfy.c,v' 2>/dev/null
--- a/crypto/x509/x509_vfy.c 2008/07/13 14:33:15 1.77.2.8
+++ b/crypto/x509/x509_vfy.c 2009/06/15 14:52:38 1.77.2.9
@@ -986,7 +986,11 @@
while (n >= 0)
{
ctx->error_depth=n;
- if (!xs->valid)
+
+ /* Skip signature check for self signed certificates. It
+ * doesn't add any security and just wastes time.
+ */
+ if (!xs->valid && xs != xi)
{
if ((pkey=X509_get_pubkey(xi)) == NULL)
{
@@ -996,13 +1000,6 @@
if (!ok) goto end;
}
else if (X509_verify(xs,pkey) <= 0)
- /* XXX For the final trusted self-signed cert,
- * this is a waste of time. That check should
- * optional so that e.g. 'openssl x509' can be
- * used to detect invalid self-signatures, but
- * we don't verify again and again in SSL
- * handshakes and the like once the cert has
- * been declared trusted. */
{
ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
ctx->current_cert=xs;
http://cvs.openssl.org/chngview?cn=18317
Index: openssl/crypto/evp/c_alld.c
RCS File: /v/openssl/cvs/openssl/crypto/evp/c_alld.c,v
rcsdiff -q -kk '-r1.7' '-r1.7.2.1' -u '/v/openssl/cvs/openssl/crypto/evp/c_alld.c,v' 2>/dev/null
--- a/crypto/evp/c_alld.c 2005/04/30 21:51:40 1.7
+++ b/crypto/evp/c_alld.c 2009/07/08 08:33:26 1.7.2.1
@@ -64,9 +64,6 @@
void OpenSSL_add_all_digests(void)
{
-#ifndef OPENSSL_NO_MD2
- EVP_add_digest(EVP_md2());
-#endif
#ifndef OPENSSL_NO_MD4
EVP_add_digest(EVP_md4());
#endif
Index: openssl/ssl/ssl_algs.c
RCS File: /v/openssl/cvs/openssl/ssl/ssl_algs.c,v
rcsdiff -q -kk '-r1.12.2.3' '-r1.12.2.4' -u '/v/openssl/cvs/openssl/ssl/ssl_algs.c,v' 2>/dev/null
--- a/ssl/ssl_algs.c 2007/04/23 23:50:21 1.12.2.3
+++ b/ssl/ssl_algs.c 2009/07/08 08:33:27 1.12.2.4
@@ -92,9 +92,6 @@
EVP_add_cipher(EVP_seed_cbc());
#endif
-#ifndef OPENSSL_NO_MD2
- EVP_add_digest(EVP_md2());
-#endif
#ifndef OPENSSL_NO_MD5
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5,"ssl2-md5");
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
_flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.30.10
_kernver=2.6.30
pkgrel=0
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
makedepends="perl installkernel"
_config=${config:-kernelconfig}
install=
source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
grsecurity-2.1.14-2.6.30.8-200909262311.patch
net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
$_config
"
subpackages="$pkgname-dev linux-firmware:firmware"
license="GPL-2"
_abi_release=${pkgver}-${_flavor}
_prepare() {
cd "$srcdir"/linux-$_kernver
if [ "$_kernver" != "$pkgver" ]; then
bunzip2 -c < ../patch-$pkgver.bz2 | patch -p1 -N || return 1
fi
for i in ../*.diff ../*.patch; do
[ -f $i ] || continue
msg "Applying $i..."
patch -p1 -N < $i || return 1
done
mkdir -p "$srcdir"/build
cp "$srcdir"/$_config "$srcdir"/build/.config
make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="$CC" \
silentoldconfig
}
# this is so we can do: 'abuild menuconfig' to reconfigure kernel
menuconfig() {
_prepare
cd "$srcdir"/build
make menuconfig
cp .config "$startdir"/$_config
}
build() {
_prepare || return 1
cd "$srcdir"/build
make CC="$CC" || return 1
mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules
make modules_install install \
INSTALL_MOD_PATH="$pkgdir" \
INSTALL_PATH="$pkgdir"/boot
# ln -s vmlinuz-${_abi_release} "${pkgdir}"/boot/$_flavor
rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
"$pkgdir"/lib/modules/${_abi_release}/source
install -D include/config/kernel.release \
"$pkgdir"/usr/share/kernel/$_flavor/kernel.release
}
dev() {
# copy the only the parts that we really need for build 3rd party
# kernel modules and install those as /usr/src/linux-headers,
# simlar to what ubuntu does
#
# this way you dont need to install the 300-400 kernel sources to
# build a tiny kernel module
#
pkgdesc="Headers and script for third party modules for grsec kernel"
local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
# first we import config, run prepare to set up for building
# external modules, and create the scripts
mkdir -p "$dir"
cp "$srcdir"/kernelconfig "$dir"/.config
make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="$CC" \
silentoldconfig prepare scripts
# remove the stuff that poits to real sources. we want 3rd party
# modules to believe this is the soruces
rm "$dir"/Makefile "$dir"/source
# copy the needed stuff from real sources
#
# this is taken from ubuntu kernel build script
# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
cd "$srcdir"/linux-$_kernver
find . -path './include/*' -prune -o -path './scripts/*' -prune \
-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
-o -name '*.lds' \) | cpio -pdm "$dir"
cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
cp -a drivers/media/video/*.h "$dir"/drivers/media/video
cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
cp -a scripts include "$dir"
find $(find arch -name include -type d -print) -type f \
| cpio -pdm "$dir"
install -Dm644 "$srcdir"/build/Module.symvers \
"$dir"/Module.symvers
mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
ln -sf /usr/src/linux-headers-${_abi_release} \
"$subpkgdir"/lib/modules/${_abi_release}/build
}
firmware() {
pkgdesc="Firmware for linux kernel"
replaces="linux-grsec linux-vserver"
mkdir -p "$subpkgdir"/lib
mv "$pkgdir"/lib/firmware "$subpkgdir"/lib/
}
md5sums="7a80058a6382e5108cdb5554d1609615 linux-2.6.30.tar.bz2
6485fe0cf0f0220493647505bfd2f7b0 patch-2.6.30.10.bz2
287a382cfb72043867d8092996875f5d grsecurity-2.1.14-2.6.30.8-200909262311.patch
ca05fd252783b82e01610e775cf56498 net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
9f41d910914f5a516072f0aa500fa117 kernelconfig"
This diff is collapsed.