From patchwork Fri Jul 4 16:32:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8902 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4bYfMM2D4jz3wmb for ; Fri, 4 Jul 2025 16:33:19 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4bYfMJ06HMz76F for ; Fri, 4 Jul 2025 16:33:16 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bYfMG6hP7z34NR for ; Fri, 4 Jul 2025 16:33:14 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bYfMC6hhHz2yqG for ; Fri, 4 Jul 2025 16:33:11 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4bYfM975J2z27Z; Fri, 4 Jul 2025 16:33:09 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1751646790; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=SYyEvzkwgnC+kTnkGOdebH3iHbcnmF0Y9q8IR/Yiy5U=; b=LIrIWj/l79klGCqCzZz2jHOvERO3qR/4whptd/g9DukbzSfLke+RG2nsQjOw6D/F9mP2yJ Fj2UD+Dq7fwGePBQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1751646790; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=SYyEvzkwgnC+kTnkGOdebH3iHbcnmF0Y9q8IR/Yiy5U=; b=efAM5W1lQfRMXF6ktm2ed+KeDHVzH5d9HzXeFyp7b45OZyazitUfbtkuPspc0BEeEiQT8i 3MVe3IQn/9UWzkmA+V63YjyHBYtasixZ9WOlZ8jm3m2kKwHUjPfux0SJsMnTR8tuP2v5Qn uBk8bIVgpWQ8oOJ1V5d/ey7D9k7tQ7tjpVxeLSckJG5F7KW+K9RizzL/2F9Yok03kkSzjw Vs/+IW3hi9WjqGxcsupTuFAwWP5/zpdkVS4jCtVsg/nTFAEg3ykHD9XNQiilrMXfYP6mer P6/Be1GnlxaOwp9Ia8MnF+cRhJI9tfHqpSpmcdM5e8kO2CXm6UxuvJ4ef2dBcQ== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH 1/6] gnutls: Update to version 3.8.9 Date: Fri, 4 Jul 2025 18:32:59 +0200 Message-ID: <20250704163304.589703-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 3.8.8 to 3.8.9 - Update of rootfile - I found that gnutls was using its own bundled versions of libtasn1 and libunistring and that there had been some CVE's with libtasn1 which were then fixed later in the gnutls bundled version together with some fixes in the gnutls code. So this patch, as well updating the version has also removed the options to use the included versions of the libtasn1 and libunistring libraries. libtasn1 was already in IPFire and just needed to be moved to before gnutls. libunistring had to be added in. - The disable-guile option was removed as the guile bindings were removed in gnutls-3.8.0 and the option is no longer recognised. - Changelog 3.8.9 ** libgnutls: leancrypto was added as an interim option for PQC The library can now be built with leancrypto instead of liboqs for post-quantum cryptography (PQC), when configured with --with-leancrypto option instead of --with-liboqs. ** libgnutls: Experimental support for ML-DSA signature algorithm The library and certtool now support ML-DSA signature algorithm as defined in FIPS 204 and based on draft-ietf-lamps-dilithium-certificates-04. This feature is currently marked as experimental and can only be enabled when compiled with --with-leancrypto or --with-liboqs. Contributed by David Dudas. ** libgnutls: Support for ML-KEM-1024 key encapsulation mechanism The support for ML-KEM post-quantum key encapsulation mechanisms has been extended to cover ML-KEM-1024, in addition to ML-KEM-768. MLKEM1024 is only offered as SecP384r1MLKEM1024 hybrid as per draft-kwiatkowski-tls-ecdhe-mlkem-03. ** libgnutls: Fix potential DoS in handling certificates with numerous name constraints, as a follow-up of CVE-2024-12133 in libtasn1. The bundled copy of libtasn1 has also been updated to the latest 4.20.0 release to complete the fix. Reported by Bing Shi (#1553). [GNUTLS-SA-2025-02-07, CVSS: medium] [CVE-2024-12243] ** API and ABI modifications: GNUTLS_PK_MLDSA44: New enum member of gnutls_pk_algorithm_t GNUTLS_PK_MLDSA65: New enum member of gnutls_pk_algorithm_t GNUTLS_PK_MLDSA87: New enum member of gnutls_pk_algorithm_t GNUTLS_SIGN_MLDSA44: New enum member of gnutls_sign_algorithm_t GNUTLS_SIGN_MLDSA65: New enum member of gnutls_sign_algorithm_t GNUTLS_SIGN_MLDSA87: New enum member of gnutls_sign_algorithm_t Signed-off-by: Adolf Belka --- config/rootfiles/common/gnutls | 2 +- lfs/gnutls | 8 +++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/config/rootfiles/common/gnutls b/config/rootfiles/common/gnutls index 4f496435f..824631734 100644 --- a/config/rootfiles/common/gnutls +++ b/config/rootfiles/common/gnutls @@ -32,7 +32,7 @@ usr/lib/libgnutls-dane.so.0.4.1 #usr/lib/libgnutls.la #usr/lib/libgnutls.so usr/lib/libgnutls.so.30 -usr/lib/libgnutls.so.30.40.2 +usr/lib/libgnutls.so.30.40.3 #usr/lib/libgnutlsxx.la #usr/lib/libgnutlsxx.so usr/lib/libgnutlsxx.so.30 diff --git a/lfs/gnutls b/lfs/gnutls index ad8269338..cc5b255fb 100644 --- a/lfs/gnutls +++ b/lfs/gnutls @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 3.8.8 +VER = 3.8.9 THISAPP = gnutls-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = d1498b0b9f14789599fd5b984d5370b632611f2702e9f4fc504ddba2a3e0dd4137bec858eb6150d031f9f50e6b3a3a7d905864f0a9f50a1f01e5ea8f37a44ba8 +$(DL_FILE)_BLAKE2 = 0fd4751e24649a9c4b8ee7616350a4b6a504ec10b3ef39b450af25abc4935f30df9e8f732435166516f89c692ac7cb7a0aafb76c4c86c1faff53119840d26ae7 install : $(TARGET) @@ -73,8 +73,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && \ ./configure \ --prefix=/usr \ - --with-included-libtasn1 \ - --with-included-unistring \ --without-p11-kit \ --disable-openssl-compatibility \ --disable-guile From patchwork Fri Jul 4 16:33:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8903 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4bYfMM2bJqz3wnD for ; Fri, 4 Jul 2025 16:33:19 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4bYfMJ07t6z6dx for ; Fri, 4 Jul 2025 16:33:16 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bYfMH0F8pz36VR for ; Fri, 4 Jul 2025 16:33:15 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bYfMD0Mv2z32yn for ; Fri, 4 Jul 2025 16:33:12 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4bYfMC4JPtz28b; Fri, 4 Jul 2025 16:33:11 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1751646791; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=h/ztlNnnOQlD/c7R7nYI6h6mAYUkdblXw1TERvOXYow=; b=SzoL3TLshmri20axX16rCPSzezS/sRto0vhYwlV+w4pZAnfButlDihtZEAQUzNHG5wKyXW aNCXY5x1JmYURcDQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1751646791; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=h/ztlNnnOQlD/c7R7nYI6h6mAYUkdblXw1TERvOXYow=; b=CTXZB6admEPIKKnnFgKvu3/FhY/1GNYtqtiJyj9uIGl0l75dRUv657j6cMmbPSVZWYzgJK 5OYAr4d+O1xNgVgMrV6sQ+XIpfvfkf0I3fQbQOQUwP1fEuZs+PDTfNLYP+YwtjAnrMfcHy Cw1r4RPAeAzwEwmim6lamyF7M9BQ5RpAB4UPMlcb/11Sd9X2yoX/onpTVossGzXnLZxrM1 zSnQcnvTR/6NBXcIN5mSyc2NSTA0/1kzbOK2g24pIb6hkz2z4cXInEiRqMChmmmN8q9w2y 4iD2Hz/WhV6AOI+Ced+QWqnvy59atceDgovB3C4POynpd2WQYiZoFwXUDk8f9g== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH 2/6] libtasn1: Update to version 4.20.0 & move before gnutls Date: Fri, 4 Jul 2025 18:33:00 +0200 Message-ID: <20250704163304.589703-2-adolf.belka@ipfire.org> In-Reply-To: <20250704163304.589703-1-adolf.belka@ipfire.org> References: <20250704163304.589703-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 4.19.0 to 4.20.0 - Update of rootfile - Move earlier in make.sh so that the library can be used by gnutls in place of the gnutls bundled version. - Fix for a CVE - Changelog 4.20.0 - The release tarball is now reproducible. - We publish a minimal source-only tarball generated by 'git archive'. - Update gnulib files and various build/maintenance fixes. - Fix CVE-2024-12133: Potential DoS in handling of numerous SEQUENCE OF or SET OF elements Signed-off-by: Adolf Belka --- config/rootfiles/common/libtasn1 | 2 +- lfs/libtasn1 | 10 +++++----- make.sh | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/config/rootfiles/common/libtasn1 b/config/rootfiles/common/libtasn1 index 87fd4ce5f..fad23cf03 100644 --- a/config/rootfiles/common/libtasn1 +++ b/config/rootfiles/common/libtasn1 @@ -5,7 +5,7 @@ #usr/lib/libtasn1.la #usr/lib/libtasn1.so usr/lib/libtasn1.so.6 -usr/lib/libtasn1.so.6.6.3 +usr/lib/libtasn1.so.6.6.4 #usr/lib/pkgconfig/libtasn1.pc #usr/share/info/libtasn1.info #usr/share/man/man1/asn1Coding.1 diff --git a/lfs/libtasn1 b/lfs/libtasn1 index 86c436306..aeb3c8b87 100644 --- a/lfs/libtasn1 +++ b/lfs/libtasn1 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 4.19.0 +VER = 4.20.0 THISAPP = libtasn1-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -42,7 +42,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 6e8232590cd87da3bfd9182ed44eccdfbdfcc85e88d8cf19fffdb3d600e04694b77079b95bbd822d2c3fff29458ddae0f0440f9c1c19c711923a2507bd19270f +$(DL_FILE)_BLAKE2 = 3219b48e691abd7f6f4e32164ab708bc7c29832a2a7669aa03751d4a519dffb78d5a5f94530a3f35cd6516b39400da9e634d7f46245ab934465c305a1d387561 install : $(TARGET) @@ -74,8 +74,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) $(UPDATE_AUTOMAKE) cd $(DIR_APP) && ./configure \ - --prefix=/usr \ - --disable-static + --prefix=/usr \ + --disable-static cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) diff --git a/make.sh b/make.sh index 486937997..8bf452c37 100755 --- a/make.sh +++ b/make.sh @@ -1535,6 +1535,7 @@ build_system() { lfsmake2 apr lfsmake2 aprutil lfsmake2 unbound + lfsmake2 libtasn1 lfsmake2 gnutls lfsmake2 libuv lfsmake2 liburcu @@ -1665,7 +1666,6 @@ build_system() { lfsmake2 mandoc lfsmake2 efivar lfsmake2 efibootmgr - lfsmake2 libtasn1 lfsmake2 p11-kit lfsmake2 ca-certificates lfsmake2 fireinfo From patchwork Fri Jul 4 16:33:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8904 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4bYfMN0pmzz3wnF for ; Fri, 4 Jul 2025 16:33:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4bYfMJ3VCnz77h for ; Fri, 4 Jul 2025 16:33:16 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bYfMH2lF6z34P4 for ; Fri, 4 Jul 2025 16:33:15 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bYfMD31Slz34Jn for ; Fri, 4 Jul 2025 16:33:12 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4bYfMD0JhFz27Z; Fri, 4 Jul 2025 16:33:12 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1751646792; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=f4B14cZtHOhj6S7PHZFc3IFjPrzA+xCKV+/Qt34Ku9M=; b=pRkgy+oB0fSUvmL5Zm239P385Yq2OcJ/HTwfTIFcxgdhb7/HxOc/S6XVJUAn+VTvZMlST0 bviroS5nST+N2wCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1751646792; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=f4B14cZtHOhj6S7PHZFc3IFjPrzA+xCKV+/Qt34Ku9M=; b=IDqFsC7ulpgNJgK0bddmKbFLVPuGDaaSiqLBtLVJExaQwzHYHViPYOQY8p+T2U1Aovaws+ C7ZMZ2HTS+9y8dzUuE0KseO7Uz+Dng0ODhl1KbK8s4hjqy+YRhyUEnlatG+r1wlXGZTiF4 rzc1DyuXZvzEMEkrkKlCqkB/q1+fk0EFLt8+9Wke2LZ7BKCB2yFiMl30MGLcyrtXHKOU/3 eVuS2eSnsHvBNaOgd6zCqXo/N3B4ix3HxDYq3TFMmWVUAYcpTMd0C5UpJa1FFb1gb0ixvq wZZESfgjKnHI1xBrruLZEM0te53ru1JS5gijHgNQzE3xqm+XIwhWXdrxg8XasQ== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH 3/6] libunistring: New package to replace bundled version in gnutls Date: Fri, 4 Jul 2025 18:33:01 +0200 Message-ID: <20250704163304.589703-3-adolf.belka@ipfire.org> In-Reply-To: <20250704163304.589703-1-adolf.belka@ipfire.org> References: <20250704163304.589703-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Signed-off-by: Adolf Belka --- config/rootfiles/common/libunistring | 53 ++++++++++++++++++ lfs/libunistring | 82 ++++++++++++++++++++++++++++ make.sh | 1 + 3 files changed, 136 insertions(+) create mode 100644 config/rootfiles/common/libunistring create mode 100644 lfs/libunistring diff --git a/config/rootfiles/common/libunistring b/config/rootfiles/common/libunistring new file mode 100644 index 000000000..0811a695d --- /dev/null +++ b/config/rootfiles/common/libunistring @@ -0,0 +1,53 @@ +#usr/include/unicase.h +#usr/include/uniconv.h +#usr/include/unictype.h +#usr/include/unigbrk.h +#usr/include/unilbrk.h +#usr/include/unimetadata.h +#usr/include/uniname.h +#usr/include/uninorm.h +#usr/include/unistdio.h +#usr/include/unistr.h +#usr/include/unistring +#usr/include/unistring/cdefs.h +#usr/include/unistring/iconveh.h +#usr/include/unistring/inline.h +#usr/include/unistring/localcharset.h +#usr/include/unistring/stdint.h +#usr/include/unistring/version.h +#usr/include/unistring/woe32dll.h +#usr/include/unitypes.h +#usr/include/uniwbrk.h +#usr/include/uniwidth.h +#usr/lib/libunistring.la +#usr/lib/libunistring.so +usr/lib/libunistring.so.5 +usr/lib/libunistring.so.5.2.0 +#usr/share/doc/libunistring +#usr/share/doc/libunistring/libunistring_1.html +#usr/share/doc/libunistring/libunistring_10.html +#usr/share/doc/libunistring/libunistring_11.html +#usr/share/doc/libunistring/libunistring_12.html +#usr/share/doc/libunistring/libunistring_13.html +#usr/share/doc/libunistring/libunistring_14.html +#usr/share/doc/libunistring/libunistring_15.html +#usr/share/doc/libunistring/libunistring_16.html +#usr/share/doc/libunistring/libunistring_17.html +#usr/share/doc/libunistring/libunistring_18.html +#usr/share/doc/libunistring/libunistring_19.html +#usr/share/doc/libunistring/libunistring_2.html +#usr/share/doc/libunistring/libunistring_20.html +#usr/share/doc/libunistring/libunistring_21.html +#usr/share/doc/libunistring/libunistring_22.html +#usr/share/doc/libunistring/libunistring_23.html +#usr/share/doc/libunistring/libunistring_3.html +#usr/share/doc/libunistring/libunistring_4.html +#usr/share/doc/libunistring/libunistring_5.html +#usr/share/doc/libunistring/libunistring_6.html +#usr/share/doc/libunistring/libunistring_7.html +#usr/share/doc/libunistring/libunistring_8.html +#usr/share/doc/libunistring/libunistring_9.html +#usr/share/doc/libunistring/libunistring_abt.html +#usr/share/doc/libunistring/libunistring_fot.html +#usr/share/doc/libunistring/libunistring_toc.html +#usr/share/info/libunistring.info diff --git a/lfs/libunistring b/lfs/libunistring new file mode 100644 index 000000000..1ea398d39 --- /dev/null +++ b/lfs/libunistring @@ -0,0 +1,82 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2025 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.3 + +THISAPP = libunistring-$(VER) +DL_FILE = $(THISAPP).tar.xz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +CFLAGS += -fcommon + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 213d24ea4ba5e960a030bd83fc1b6c9d9a5e33d63ade8874e2a15d1b7a0acbe4b2d03df18065f6c17f01bfed94f7e70ef474e713f5c5ad2375cf2438457b0379 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + $(UPDATE_AUTOMAKE) + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --disable-static + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 8bf452c37..1bcb4f42c 100755 --- a/make.sh +++ b/make.sh @@ -1536,6 +1536,7 @@ build_system() { lfsmake2 aprutil lfsmake2 unbound lfsmake2 libtasn1 + lfsmake2 libunistring lfsmake2 gnutls lfsmake2 libuv lfsmake2 liburcu From patchwork Fri Jul 4 16:33:02 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8905 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4bYfMN29klz3wnj for ; Fri, 4 Jul 2025 16:33:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4bYfMJ4wvVz78h for ; Fri, 4 Jul 2025 16:33:16 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bYfMH4Ktdz34RW for ; Fri, 4 Jul 2025 16:33:15 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bYfMD4q3kz34Nw for ; Fri, 4 Jul 2025 16:33:12 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4bYfMD2xxsz2SR; Fri, 4 Jul 2025 16:33:12 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1751646792; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lwG2u3L+GiWg4Ie1ZNfPUOgsNtl1JTG2NH0blsMYiXw=; b=xGVzkAhTgBTYU6tMU6+P/WURyu8oAeoQGi1UDPe5SE5OtZQurWGsknYV069+ABn6SO9bUB i4eHFI/GOhpk/eBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1751646792; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lwG2u3L+GiWg4Ie1ZNfPUOgsNtl1JTG2NH0blsMYiXw=; b=ErLvmbzjvhaTEhTFhC4feSPpgZ1byozK+HyHp4GYYohsBfv2U80OyVjZyGa9jM9AQ+jDJU nHdJSPunuvDxB4dIHSqJ99t2Nm4/z7aDTRtwnfup1eKVUQTRuXcP2WgrcBxw+l/3I2Augw UqHbroxAKBTCqV5Ljwhp0R5BpgYoJWClnmst/Ic6EOCaMz17WN8V/dU9GrTI62vT43gS+V KS7/GVxQPX9Zu5FpqKnLxGJIk41LP7g+LRPad2inKUDmg6uIEI8EDuTcNaKK5diTZf5AKU 7v79EuxjziP00jBU9XobS2KznjBke4m9b+kiV8i1/RizPsSpOsqW6uRmaxTJXQ== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH 4/6] core197: Ship gnutls Date: Fri, 4 Jul 2025 18:33:02 +0200 Message-ID: <20250704163304.589703-4-adolf.belka@ipfire.org> In-Reply-To: <20250704163304.589703-1-adolf.belka@ipfire.org> References: <20250704163304.589703-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Signed-off-by: Adolf Belka --- config/rootfiles/core/197/filelists/gnutls | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/197/filelists/gnutls diff --git a/config/rootfiles/core/197/filelists/gnutls b/config/rootfiles/core/197/filelists/gnutls new file mode 120000 index 000000000..8dbe60bc3 --- /dev/null +++ b/config/rootfiles/core/197/filelists/gnutls @@ -0,0 +1 @@ +../../../common/gnutls \ No newline at end of file From patchwork Fri Jul 4 16:33:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8906 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4bYfMN5KMBz3wmb for ; Fri, 4 Jul 2025 16:33:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4bYfMJ6Y5Cz7Bv for ; Fri, 4 Jul 2025 16:33:16 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bYfMH63KFz34Rj for ; Fri, 4 Jul 2025 16:33:15 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bYfMD6SXvz34PV for ; Fri, 4 Jul 2025 16:33:12 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4bYfMD4kSwz4Yl; Fri, 4 Jul 2025 16:33:12 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1751646792; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1vXDiii/Gz5a7el5yw03/N0Nq2p3XLVxw4E/Zv96pIQ=; b=ijMtdk/CV+5VbOPnqx23LoZtwCpHnjRry1iBimcUARxFh2yOkmyUn4krceBHft9AQYyZOW EdHHOY/P/f24kQCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1751646792; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1vXDiii/Gz5a7el5yw03/N0Nq2p3XLVxw4E/Zv96pIQ=; b=HQSjsaM0+Ohc2XQLkRzWbTbz5+H8DzRTCbUV4F6jfURHCtuySshCqGHob2TZqu4egG13kb ji72hhZcLrFZD1HOAGb2f579cMpqV95wNYaVoMVjMNTr/xuKEItemUc6AEN9zD6leeD9bK R0/HJ2ttdv2NFFwe0i6vWWuT/LljEIQ7lKrhFz2jO1S0QNAkItrdNldm7Wgx6kgmi2ky/2 TF60S1JON3geONULHJwP7I53OfuPp1uoQB/4fxtgy7sHj/cgVoLhIkr9SFNVjs9YGbHUBp khhZqLqTCaqNaTlPttM7BKPYQtT43/x4rBIdNdiCNmwbQtIWVt/5OKtHNu6I5w== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH 5/6] core197: Ship libtasn1 Date: Fri, 4 Jul 2025 18:33:03 +0200 Message-ID: <20250704163304.589703-5-adolf.belka@ipfire.org> In-Reply-To: <20250704163304.589703-1-adolf.belka@ipfire.org> References: <20250704163304.589703-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Signed-off-by: Adolf Belka --- config/rootfiles/core/197/filelists/libtasn1 | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/197/filelists/libtasn1 diff --git a/config/rootfiles/core/197/filelists/libtasn1 b/config/rootfiles/core/197/filelists/libtasn1 new file mode 120000 index 000000000..b6297f1fe --- /dev/null +++ b/config/rootfiles/core/197/filelists/libtasn1 @@ -0,0 +1 @@ +../../../common/libtasn1 \ No newline at end of file From patchwork Fri Jul 4 16:33:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8907 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4bYfMS19hNz3wnD for ; Fri, 4 Jul 2025 16:33:24 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4bYfMN3hqcz7Dj for ; Fri, 4 Jul 2025 16:33:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bYfMN2C1fz34C0 for ; Fri, 4 Jul 2025 16:33:20 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bYfMF4LrLz34NT for ; Fri, 4 Jul 2025 16:33:13 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4bYfMD6RBKz6Gp; Fri, 4 Jul 2025 16:33:12 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1751646793; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FFK+1wVDhALeAFLcsJiAPVaCrYgAK2sjTPRKXfbFkfk=; b=zswRstP41zawGeJZwWVRISUBbqlgaIGAR1YzH8DAP07KwPha19QLU6sBfw4NdQpRo//aLS 2DAcVBi7QgHQ7/CQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1751646793; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FFK+1wVDhALeAFLcsJiAPVaCrYgAK2sjTPRKXfbFkfk=; b=eGeLaeVQ7Bhs1zHm+vMy857A8CQDl5w/c+49SmnfaPwssE7IFgBK7ePuvQjGH8RYRhrv8F 5xG+ogdGwBgwPupkBELTGkgFjVPxa4qBHWL/Cvm8HIMxkwXOlaG+HF3zaSIzUUCRLQckQZ UuoVg02Mvc8uVXV3KYKjWfWBqKfyrKtBIyxt5uxjn7UMyWWSYe6tyHrfJoLjd28j++HfVA BMEwAQdZNMy7u4iwCT9gw3/0T2ih1+y46dRPIpLxogP2rlVbEr6gRazgbya0E7jUDAGBtL fbPOnkLulV4ynD6Ge4Qs9F7oEBUEulhS0joblq0pzjA7Lj8/W3A0K8jGICl+vA== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH 6/6] core197: Ship libunistring Date: Fri, 4 Jul 2025 18:33:04 +0200 Message-ID: <20250704163304.589703-6-adolf.belka@ipfire.org> In-Reply-To: <20250704163304.589703-1-adolf.belka@ipfire.org> References: <20250704163304.589703-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Signed-off-by: Adolf Belka --- config/rootfiles/core/197/filelists/libunistring | 1 + 1 file changed, 1 insertion(+) create mode 120000 config/rootfiles/core/197/filelists/libunistring diff --git a/config/rootfiles/core/197/filelists/libunistring b/config/rootfiles/core/197/filelists/libunistring new file mode 120000 index 000000000..9a892f438 --- /dev/null +++ b/config/rootfiles/core/197/filelists/libunistring @@ -0,0 +1 @@ +../../../common/libunistring \ No newline at end of file