diff --git a/.dockerignore b/.dockerignore deleted file mode 100644 index 0a0efeed1c..0000000000 --- a/.dockerignore +++ /dev/null @@ -1,3 +0,0 @@ -* -!stage/photon-rootfs.tar.bz2 - diff --git a/AUTHORS.md b/AUTHORS.md deleted file mode 100644 index 0094dacde9..0000000000 --- a/AUTHORS.md +++ /dev/null @@ -1,38 +0,0 @@ -### Project Manager -* [Vasavi Sirnapalli, @Vasavisirnapalli](/~https://github.com/Vasavisirnapalli) - -### Project Architect -* [Alexey Makhalov, @YustasSwamp](/~https://github.com/YustasSwamp) - -### Developers -* [Ajay Kaher, @akaher](/~https://github.com/akaher) -* [Alexey Makhalov, @YustasSwamp](/~https://github.com/YustasSwamp) -* [Anish Swaminathan, @suezzelur](/~https://github.com/suezzelur) -* [Ankit Jain, @jaankit](/~https://github.com/jaankit) -* [Anmol Jain, @anmolja](/~https://github.com/anmolja) -* [Ashwin Dayanand Kamat, @kashwindayan](/~https://github.com/kashwindayan) -* [Bo Gan, @ganboing](/~https://github.com/ganboing) -* [Brennan Lamoreaux, @bhllamoreaux](/~https://github.com/bhllamoreaux) -* [Dheeraj Shetty, @DheerajSShetty](/~https://github.com/DheerajSShetty) -* [Dweep Advani, @dweepadvani](/~https://github.com/dweepadvani) -* [Harinadh Dommaraju, @HarinadhD](/~https://github.com/HarinadhD) -* [Him Bordoloi, @bordoloih](/~https://github.com/bordoloih) -* [Keerthana K, @keerthanakalyan](/~https://github.com/keerthanakalyan) -* [Michelle Wang, @michellew-vmware](/~https://github.com/michellew-vmware) -* [Mukul Sikka, @sikkamukul](/~https://github.com/sikkamukul) -* [Nitesh Kumar, @ntsbtz](/~https://github.com/ntsbtz) -* [Oliver Kurth, @oliverkurth](/~https://github.com/oliverkurth) -* [Piyush Gupta, @gpiyush-dev](/~https://github.com/gpiyush-dev) -* [Prashant Singh Chauhan, @prashant1221](/~https://github.com/prashant1221) -* [Roye Eshed, @reshed](/~https://github.com/reshed) -* [Sharath George, @sharathjg](/~https://github.com/sharathjg) -* [Shivani Agarwal, @shivania2](/~https://github.com/shivania2) -* [Shreenidhi Shedi, @sshedi](/~https://github.com/sshedi) -* [Siju Maliakkal, @smaliakkal](/~https://github.com/smaliakkal) -* [Srinidhi Rao, @srinidhira0](/~https://github.com/srinidhira0) -* [Sriram Nambakam, @snambakam](/~https://github.com/snambakam) -* [Srish Srinivasan, @ssrish17](/~https://github.com/ssrish17) -* [Srivatsa Bhat, @srivatsabhat](/~https://github.com/srivatsabhat) -* [Susant Sahani, @ssahani](/~https://github.com/ssahani) -* [Tapas Kundu, @tapakund](/~https://github.com/tapakund) -* [Vamsi Krishna Brahmajosyula, @vbrahmajosyula1](/~https://github.com/vbrahmajosyula1) diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index d5322a8092..0000000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,78 +0,0 @@ -- [Updated OVAs for CVE-2016-5333](#updated-ovas-for-CVE20165333) - -- [v3.0rev2](#v3.0rev2) - - [Downloads](#downloads) - - [Highlights](#highlights) - - [Known Issues](#known-issues) - -## Updated OVAs for CVE-2016-5333 - -A public ssh key used in the Photon OS build environment was inadvertently left in the original Photon OS 3.0 OVAs. -This issue would have allowed the corresponding private key to access any Photon OS system built from the original 3.0 OVAs. - -The issue was discovered internally and the original OVAs have been replaced by updated OVAs. All instances of this private key have been deleted within VMware. - -Customers that have downloaded the PhotonOS 3.0 OVAs before August 14, 2016 should take either of the following procedures to ensure the security of their systems: - -- Remove the left-over public key from all Photon OS 3.0 systems built from the original PhotonOS 3.0 OVAs by executing the following command: - - On a freshly installed Photon OS system: - - ```rm –f /root/.ssh/authorized_keys``` - - On a Photon OS system which contains user-installed ssh keys: - - ```sed –i '/photon-jenkins/d' /root/.ssh/authorized_keys``` -- Alternatively, download the new OVA and replace all existing instances with new instances built from the updated Photon OS 3.0 OVAs. - -To confirm that the left-over public key is not present and that the issue is resolved, the following command should not produce any output: - - ```cat /root/.ssh/authorized_keys | grep photon-jenkins``` - -This issue is only present in the original Photon OS 3.0 OVAs and is not present in other Photon OS deliverables. - -The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2016-5333 to this issue. - -# v 3.0rev2 - -## Downloads -| Download | Size | sha1 checksum | md5 checksum | -| --- | --- | --- | --- | -| [Full ISO x86_64](https://packages.vmware.com/photon/3.0/Rev2/iso/photon-3.0-58f9c74.iso) | 5.2G | 545a9d0d53cb2109381bd9ae9eb837579f2ef1ee | 2ece2dfcdcdf098e36100a2085937dca | -| [Minimal ISO x86_64](https://packages.vmware.com/photon/3.0/Rev2/iso/photon-minimal-3.0-58f9c74.iso) | 280M | ae28558e57f5d8aefb8b479c9fac7473079156e1 | 187dfb1e6bc5e47606c667e9042f86a4 | -| [Full ISO arm64](https://packages.vmware.com/photon/3.0/Rev2/iso/photon-3.0-58f9c743-aarch64.iso) | 3.5G | 16848687d4d7cf393a413f3a24728b2cf042191d | 46d929c644debd27ee9fd37d35046921 | -| [OVA with virtual hardware v11](https://packages.vmware.com/photon/3.0/Rev2/ova/photon-hw11-3.0-9355405.ova) | 169M | f4c22463e4567e6cd9becdbb2a178b4b916ffff9 | 514e9d9597eea5f1694df9717cffb80b | -| [OVA with virtual hardware v13 (UEFI Secure Boot)](https://packages.vmware.com/photon/3.0/Rev2/ova/photon-hw13_uefi-3.0-9355405.ova) | 165M | 7cea6b552c66a6ceb6e8023938f9788179d8f697 | 6a24a68b1e56ee35c4a20$ -| [Amazon AMI](https://packages.vmware.com/photon/3.0/Rev2/ami/photon-ami-3.0-9355405.tar.gz ) | 172M | 85949657c857fee6a4417ca72ec010da81ed09e9 | e80bd2f0991a5091d83b3b3ae6e100df | -| [Google GCE](https://packages.vmware.com/photon/3.0/Rev2/gce/photon-gce-3.0-9355405.tar.gz) | 456M | a97425523518a54a6e20114419cb6fb0e5900039 | c5cffb418372b72bb48a66549ee25fbf | -| [Azure VHD](https://packages.vmware.com/photon/3.0/Rev2/azure/photon-azure-3.0-9355405.vhd.tar.gz) | 180M | c2a5438574f0b8b62d792042c7edfb655f61acdf | 24b70b81f7e3cb026e4e43bcb0650a5f | -| [Raspberry Pi3 Image](https://packages.vmware.com/photon/3.0/Rev2/rpi3/photon-rpi3-3.0-9355405.tar.xz) | 61M | 9f44bde819862eeb0c6cbfcd06fab6a48ba36594| 2ca56e575e37fc7b911dd934e5089432 | - -## Highlights -- tdnf adds support for "distro-sync" - giving a single operation to apply updates to all installed packages that have updates in the Photon OS repos. -- Many new packages available for Photon OS! -- Photon OS 3.0 contains the 4.4 LTS kernel - -## Known Issues - -- Photon OS 3.0 does not respond immediately to the new FQDN after changing the hostname. This issue will occur when there is no valid DNS system configured. This is being investigated. - - Workaround: To resolve this issue, restart systemd-resolved. - -- Photon OS 3.0 requires at least 512MB of RAM when installing from ISO on ESXi. - - Workaround: While on VMware Workstation and VMware Fusion, Photon OS 3.0 can install ISO and run in as little as 384MB of RAM (default). assign at least 512MB of RAM when installing from ISO on ESXi, as installer may fail in less memory. The default for ESXi is 2GB and most users will not be affected by this issue. The root cause is being investigated. - -- When using a combination of different network cards in Photon OS 3.0, the interfaces may be swapped after a reboot. - - Workaround: Use the same type of virtual NIC for all interfaces. This happens because the devices are probed in increasing PCI slot address order upon boot. E1000 devices reside in 02:00.0 and above, while VMXNET3 devices will be placed into 03:00.0 and above. Upon reboot, the E1000 device(s) will always be assigned eth numbers than VMXNET3, regardless of configuration. Users might encounter this issue because VMXNET3 is the default adapter type within Photon OS, but older versions of VMware products might offer only E1000 devices when adding a secondary interface. - -- When using multiple network cards without a valid DNS configuration and functional DNS server, initiating a ping might take 7-8 seconds to start. This happens because of multiple DNS timeouts on the interfaces. - - Workaround: To avoid this issue, ensure that you've got a valid DNS configuration and a functioning DNS server that is capable of resolving the hostname(s) that are being pinged. - -- When using vSphere Guest Customization to set the hostname of a Photon OS 3.0 instance, the hostname may revert to the randomly-generated hostname after a reboot. - - Workaround: We are testing an update to our open-vm-tools rpm to resolve this issue. In the meantime, you can manually resolve this issue by deleting /var/lib/cloud/seed folder after applying guest customization. - -- Ordering within /etc/hosts makes IPv6 preferred, which impacts connectivity for applications that are not configured for IPv6. - - Workaround: To make IPv4 the preferred connection, edit /etc/hosts and ensure that an IPv4 address is first on the list. Alternatively, configuring the application within Photon OS to use IPv6 will work. - -- The default umask permissions are 0027 and may cause some permissions issues with operations executed as root or through sudo. - - Workaround: Change the umask settings to 022 by entering, "umask 022" within a Photon OS instance. To make the umask change persistent across reboots, edit /etc/profile and change the umask setting to 0022. - -- In the 3.0 release, Photon OS firewall settings have been changed to a default of DROP, which might cause services installed in Photon OS to be unreachable externally. - - Workaround: To address this, administrators must configure their firewall rules appropriately to expose service ports as required for installed applications or containers. diff --git a/COPYING b/COPYING deleted file mode 100644 index f288702d2f..0000000000 --- a/COPYING +++ /dev/null @@ -1,674 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU General Public License is a free, copyleft license for -software and other kinds of works. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -the GNU General Public License is intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. We, the Free Software Foundation, use the -GNU General Public License for most of our software; it applies also to -any other work released this way by its authors. You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - To protect your rights, we need to prevent others from denying you -these rights or asking you to surrender the rights. Therefore, you have -certain responsibilities if you distribute copies of the software, or if -you modify it: responsibilities to respect the freedom of others. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must pass on to the recipients the same -freedoms that you received. You must make sure that they, too, receive -or can get the source code. And you must show them these terms so they -know their rights. - - Developers that use the GNU GPL protect your rights with two steps: -(1) assert copyright on the software, and (2) offer you this License -giving you legal permission to copy, distribute and/or modify it. - - For the developers' and authors' protection, the GPL clearly explains -that there is no warranty for this free software. For both users' and -authors' sake, the GPL requires that modified versions be marked as -changed, so that their problems will not be attributed erroneously to -authors of previous versions. - - Some devices are designed to deny users access to install or run -modified versions of the software inside them, although the manufacturer -can do so. This is fundamentally incompatible with the aim of -protecting users' freedom to change the software. The systematic -pattern of such abuse occurs in the area of products for individuals to -use, which is precisely where it is most unacceptable. Therefore, we -have designed this version of the GPL to prohibit the practice for those -products. If such problems arise substantially in other domains, we -stand ready to extend this provision to those domains in future versions -of the GPL, as needed to protect the freedom of users. - - Finally, every program is threatened constantly by software patents. -States should not allow patents to restrict development and use of -software on general-purpose computers, but in those that do, we wish to -avoid the special danger that patents applied to a free program could -make it effectively proprietary. To prevent this, the GPL assures that -patents cannot be used to render the program non-free. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Use with the GNU Affero General Public License. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU Affero General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the special requirements of the GNU Affero General Public License, -section 13, concerning interaction through a network will apply to the -combination as such. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -Also add information on how to contact you by electronic and paper mail. - - If the program does terminal interaction, make it output a short -notice like this when it starts in an interactive mode: - - Copyright (C) - This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, your program's commands -might be different; for a GUI interface, you would use an "about box". - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU GPL, see -. - - The GNU General Public License does not permit incorporating your program -into proprietary programs. If your program is a subroutine library, you -may consider it more useful to permit linking proprietary applications with -the library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. But first, please read -. diff --git a/CREDITS b/CREDITS deleted file mode 100644 index 92eb879111..0000000000 --- a/CREDITS +++ /dev/null @@ -1,29 +0,0 @@ -CREDITS - -VMware Photon Linux materialized in an instant and is moving at light speed. Any Linux distribution (including Photon) benefits from the thousands of contributions from the free software and open software community. A full listing of the third party components in the Photon distribution can be found at the third party licenses file. - -The Photon Project gratefully acknowledge these contributions. This file calls out specific contributions from the community that deserve special mention. - -1) GNU and the Free Software Foundation - -Free software as we know it today would probably not exist but for the pioneering work of the FSF. Keeping with the tradition of GNU/Linux, VMware’s Photon distribution and build system will be released under the GPL 2.0 License. - -2) Linux from Scratch - http://www.linuxfromscratch.org - -Photon is built from scratch – it’s not a fork of any existing Linux distribution. In building Photon, the team has benefited greatly from the Linux From Scratch (LFS) approach. We acknowledge the simplicity, elegance and clarity of Linux From Scratch. - -3) LFS-RPM - Baho Utot /~https://github.com/baho-utot/LFS-RPM - -Photon automates the LFS model of constructing a Linux system through the RPM build process. - -When we began Photon, we found Baho Utot's LFS-RPM project and we considered using it as the - -basis of bootstrapping our build system. We requested Baho to clarify the license terms of - -LFS-RPM and Baho very graciously released all of LFS-RPM into the public domain. Thank you! - -As a result, Photon was bootstrapped with Baho's LFS-RPM project. - -4) RPM Spec files - -Photon maintains its own spec files. The initial release of Photon comprises over 200 Linux packages. Of these, around 30 spec files come from the Fedora project. We gratefully acknowledge this. As we evolve our spec files moving forward, we will document their lineage. diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 77f5d1abea..0000000000 --- a/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -# -# Photon Linux Dockerfile -# - -FROM scratch -LABEL maintainer tliaqat@vmware.com - -ADD stage/photon-rootfs-$PHOTON_RELEASE_VERSION-$PHOTON_BUILD_NUMBER.tar.bz2 / - -VOLUME /var/lib/docker - -CMD ["bash", "--login"] - diff --git a/EULA.txt b/EULA.txt deleted file mode 100644 index 6a41e5fc41..0000000000 --- a/EULA.txt +++ /dev/null @@ -1,109 +0,0 @@ -VMWARE GENERAL TERMS -Last updated:16 June 2022 -By downloading or using an Offering, Customer agrees to be bound by the terms of the Agreement. -1. OFFERINGS. -1.1. Applicable Terms. The terms of the Order and these General Terms, including applicable Exhibits and Offering-specific Notes (collectively, the "Agreement") govern Customer's use of the Offerings. The following descending order of precedence applies: (a) the Order; (b) the General Terms; (c) the Exhibits; and (d) the Offering-specific Notes. -1.2. Users. Customer is responsible for its Users' compliance with the Agreement. -1.3. Restrictions. Customer may use the Offerings only for its internal use and for the benefit of its Affiliates. Affiliates may not use the Offerings. Customer may not resell or sublicense its rights to the Offerings. Customer may not use the Offerings in an application service provider, service bureau, hosted IT service, or similar capacity for third parties. -1.4. Benchmarking. Customer may use the Offerings to conduct internal performance testing and benchmarking studies. Customer may only publish or distribute study results with VMware's approval. Customer may submit requests to VMware by emailing benchmark@vmware.com. -1.5. Evaluations. Evaluations are for 30 days (unless VMware specifies otherwise in writing). Customer may not have access to data in the Evaluation after it ends. Evaluations are provided "AS IS" without indemnification, support, service level commitment, or warranty of any kind, express or implied. -2. ORDERS AND PAYMENTS. -2.1. Orders. Orders are binding when VMware accepts them, which is deemed to occur on Delivery. -2.2. Purchase Orders. Purchase orders do not have to be signed to be valid. Terms contained in any purchase order or other business form do not apply. -2.3. No Refunds. All Orders are non-refundable and non-cancellable except as expressly provided in the Agreement. -2.4. Overages. Customer must pay all fees for use of the Offerings, including amounts for add-on features and fees incurred based on usage. VMware may bill Customer directly for metered or overage fees, even if Customer originally purchased the Offerings through a VMware authorized reseller. -2.5. Direct Orders. This section 2.5 (Direct Orders) applies only to Orders placed directly with VMware. If Customer purchases entitlements to the Offerings through a VMware authorized reseller, different terms regarding invoicing, payment, and taxes may apply. -2.5.1. Payments. Except as listed in an Order, fees for the Offerings will be governed by the applicable price list at the time of invoicing. Customer must pay all undisputed fees and approved expenses within 30 days from the date of invoice. After 30 days, interest will accrue at the lesser of 1.5% per month or the highest lawful rate. -2.5.2. Disputes. To dispute any fees in good faith, Customer must notify VMware in writing of the reasons for the dispute before the payment due date. The parties must negotiate in good faith to resolve the dispute as soon as reasonably practicable. VMware will not suspend or terminate Customer's access to any Offering because of any unpaid, disputed fees while Customer and VMware are negotiating to resolve the dispute. -2.5.3. Taxes. Fees are exclusive of Taxes. Customer must pay or reimburse VMware for all Taxes. If Customer is required to withhold any Tax, Customer must gross up its payments so that VMware receives all sums due in full. If Customer's address is outside of the United States, VMware will treat the Customer's "bill to" address as the place of supply for VAT purposes. -3. TERM. -3.1. Term. The Agreement applies to the Offerings from the effective date of the Order until the expiration or termination of Customer's entitlement to the Offerings as set forth in this Agreement. -3.2. Temporary Suspension. In the event of a security risk to a Service or its users, VMware may suspend Customer's use of that Service. -3.3. Termination for Cause. Either party may terminate the Agreement (in whole or in part) or Customer's entitlement to an Offering under the Agreement effective immediately upon written notice if the other party: (a) materially breaches any provision of the Agreement and fails to cure within 30 days after receiving written notice; or (b) becomes insolvent or subject to any form of bankruptcy proceeding. -3.4. Effect of Termination. Upon termination of the Agreement or part of it: (a) all entitlements to the applicable Offerings immediately end; (b) Customer must stop using, and destroy any copies of, those Offerings; and (c) each party must return or destroy any Confidential Information of the other party in its control (other than information that must be retained by law). Any provision that is intended by the parties to survive termination of the Agreement will survive. -4. CONFIDENTIAL INFORMATION. -4.1. Protection. Recipient must protect Discloser's Confidential Information with at least the same care as it protects its own Confidential Information but not less than reasonable care. Recipient may not use Discloser's Confidential Information except to exercise its rights and perform its obligations under the Agreement. Recipient may disclose Confidential Information only to Recipient's Affiliates, employees and contractors who need to know the Confidential Information for purposes of the Agreement and who have a duty of confidentiality no less restrictive than this section 4 (Confidential Information). -4.2. Exceptions. Recipient's obligations under section 4.1 (Protection) do not apply if the information: (a) is rightfully known by Recipient at the time of disclosure without any obligation of confidentiality; (b) is lawfully disclosed to Recipient by a third party without confidentiality restrictions; (c) becomes publicly available through no fault of Recipient; or (d) is independently developed by Recipient without access to or use of Discloser's Confidential Information. -4.3. Injunctive Relief. Nothing in the Agreement limits a party's right to seek equitable relief for breach of this section 4 (Confidential Information). -5. OWNERSHIP. -5.1. Customer Content. Customer retains all Intellectual Property Rights in and to Customer Content. -5.2. VMware IP. VMware retains all Intellectual Property Rights in and to the Offerings, including any improvements, enhancements, modifications, and derivative works. If Customer provides any feedback about the Offerings, VMware may use that feedback without restriction. -5.3. Reservation of Rights. Except as expressly stated in the Agreement, the Agreement does not grant either party any rights, implied or otherwise, to the other party's content or intellectual property. -6. LIMITED WARRANTIES. -6.1. Software and Cloud Services. VMware warrants that Software and Cloud Services will substantially conform with the Documentation: (a) for Software, for 90 days following Delivery; or (b) for Cloud Services, for the Subscription Term. Customer must properly install and use the Offerings without modification and in accordance with the Documentation. Customer must notify VMware of an alleged breach of this warranty within the applicable warranty period. As Customer's sole remedy for a breach of this warranty, VMware must either: (1) correct any reproducible error in the Software or Cloud Service; or (2) terminate the Software or Cloud Service and refund applicable license fees (for Software) or unused, prepaid fees (for Cloud Services). -6.2. Professional Services and Support Services. VMware warrants that Professional Services and Support Services will be performed in a professional manner following industry standards. Customer must notify VMware within 30 days of an alleged breach of this warranty. As Customer's sole remedy for a breach of this warranty, VMware must either: (a) rectify the breach; or (b) terminate the applicable Service and refund any unused, prepaid fees for that Service. -6.3. Disclaimer of Warranties. Except for the limited warranties in this section 6 (Limited Warranties), to the maximum extent permitted by law, VMware, for itself and on behalf of its suppliers, disclaims all warranties and conditions whether express, implied, or statutory, including any warranties of merchantability, satisfactory quality, fitness for a particular purpose, title, non-infringement, and any warranty arising from course of dealing or course of performance, relating to the Offerings. Neither VMware nor its suppliers warrant that the Offerings will operate uninterrupted, that Offerings will be free from defects or errors, or that the Offerings will meet (or are designed to meet) Customer's requirements. -7. INDEMNIFICATION. -7.1. Defense and Indemnification. Subject to the remainder of this section 7 (Indemnification), VMware will: (a) defend Customer against any Infringement Claim; and (b) indemnify Customer from amounts finally awarded against Customer by a court of competent jurisdiction or a government agency, or agreed to in a settlement, for the Infringement Claim. -7.2. Requirements. Customer must provide VMware with prompt notice of any Infringement Claim and reasonably cooperate with VMware's requests for assistance. VMware will have sole control of the defense and settlement of the Infringement Claim. -7.3. Exclusions. VMware has no obligation under this section 7 (Indemnification) with respect to an Infringement Claim based on: (a) combination of Indemnified Materials with non-VMware materials; (b) use of an older version of Indemnified Materials when use of a newer version would have avoided the infringement; (c) any modification to Indemnified Materials other than those made by VMware; (d) any Deliverable provided by VMware in accordance with Customer's specifications; (e) any claim relating to open source software or freeware technology that is not embedded by VMware into the Offerings; or (f) any Indemnified Material provided on a no-charge, beta, or evaluation basis. -7.4. Remedies. If Indemnified Materials become, or in VMware's reasonable opinion are likely to become, the subject of an Infringement Claim, VMware must, at its option and expense, either: (a) procure the necessary rights for Customer to keep using the Indemnified Materials; or (b) modify or replace the Indemnified Materials to make them non-infringing. If those remedies are not commercially feasible, VMware may terminate Customer's entitlement to the Indemnified Materials and refund any applicable: -(1) prepaid fees for Cloud Services or Subscription Software, prorated for the remaining portion of the then-current Subscription Term; -(2) fees paid for Perpetual Licenses or Deliverables, less straight-line depreciation over a three-year useful life; and -(3) unused, prepaid fees for discontinued Support Services. -7.5. Sole Remedy. This section 7 (Indemnification) states Customer's sole remedy and VMware's entire liability for Infringement Claims. -8. LIMITATION OF LIABILITY. -8.1. Disclaimer. To the maximum extent permitted by law, neither party will be liable for lost profits or business opportunities, loss of use, loss of data, loss of goodwill, business interruption, or any indirect, special, incidental, or consequential damages under any theory of liability. This limitation will apply regardless of whether a party has been advised of the possibility of those damages and regardless of whether any remedy fails of its essential purpose. -8.2. Cap on Monetary Liability. Each party's aggregate liability under this Agreement will not exceed amounts paid or payable by Customer for the Offering giving rise to the claim in the 12 months prior to the event giving rise to the claim, except for Perpetual Licenses, where each party's aggregate liability will not exceed the license fees paid for the Software giving rise to the claim. VMware's aggregate liability for an Evaluation will not exceed $5,000 USD. -8.3. Exclusions. The limitations of liability in sections 8.1 (Disclaimer) and 8.2 (Cap on Monetary Liability) will not apply to: (a) VMware's indemnification obligations under section 7 (Indemnification); (b) either party's infringement of the other party's Intellectual Property Rights; (c) Customer's violation of section 2 of the Cloud Services Exhibit (Acceptable Use); or (d) any liability that may not be limited by law. -8.4. Further Limitations.VMware's liability for any third-party software embedded into the Software or Cloud Services is subject to this section 8 (Limitation of Liability). VMware's suppliers have no liability under the Agreement, and Customer may not bring claims directly against them. VMware has no liability with respect to any Third-Party Content. -9. DATA USE AND PRIVACY. -9.1. Personal Data. If VMware acts as a processor of Personal Data, VMware will process Personal Data in accordance with the Data Processing Addendum. -9.2. Account, Operations, and Usage Data. VMware collects Customer contact and purchase information to manage Customer's account and to fulfill Orders. VMware also processes: (a) information necessary to facilitate delivery and operation of the Offerings, verify compliance with the terms of the Agreement, invoice, and provide Support Services; and (b) configuration, performance, and usage data to improve VMware products and services, and other analytics purposes as detailed in the Offering-specific Notes. To the extent any of that data includes information that identifies an individual, VMware will process that information in accordance with VMware's Products & Services Privacy Notice available at www.vmware.com/help/privacy.html. -9.3. Support Requests and Professional Services. Customer is responsible for taking steps necessary to protect any sensitive information or Personal Data that it provides to VMware while receiving Support Services or Professional Services. Those steps may include obfuscating or removing such information or working with VMware at the time of submission to limit disclosure. -9.4. Required Disclosures. VMware may disclose Customer Content or Confidential Information if VMware is required by law or by order of a judicial or administrative body of competent jurisdiction (a "Demand"). Unless legally prohibited from doing so, VMware must provide Customer with notice and a copy of the Demand. If the Demand relates to Cloud Services, VMware must (i) inform the relevant authority that VMware is a service provider acting on Customer's behalf and all requests for access to Customer Content should be directed in writing to the contact Customer identifies (or if no contact is timely provided, to Customer's legal department) and (ii) only provide access to Customer Content with Customer's authorization. If Customer requests and at Customer's expense, VMware must take reasonable steps to contest the Demand. If VMware is legally prohibited from notifying Customer of the Demand, VMware must evaluate the validity of the Demand, and, if VMware does not believe the Demand is legal, VMware must challenge the Demand. VMware must limit the scope of any disclosure to the minimum information required to comply with the Demand. -10. OPEN SOURCE SOFTWARE. Open source software is licensed to Customer under the open source software's own applicable license terms, which can be found in either the open source_licenses.txt file accompanying the Offerings, the Documentation, or at www.vmware.com/download/open_source.html. These license terms are consistent with the license granted in the Agreement and may contain additional rights benefiting Customer. The open source license terms take precedence over the Agreement to the extent that the Agreement imposes greater restrictions on Customer than the applicable open source license terms. To the extent the license for any open source software requires VMware to make the corresponding source code and/or modifications (the "Source Files") available to Customer, Customer may obtain a copy of the applicable Source Files at www.vmware.com/download/open_source.html or by sending a written request, with name and address, to: VMware, Inc., 3401 Hillview Avenue, Palo Alto, CA 94304, United States of America. All requests should clearly specify: Open Source Files Request, Attention: General Counsel. This offer to obtain a copy of the Source Files is valid for three years from the date Customer acquires its entitlement to the Offering. -11. MISCELLANEOUS. -11.1. Transfer and Assignment. Customer may not assign the Agreement or any Order without VMware's consent. Once validly assigned, the Agreement will bind and inure to the benefit of the parties and their respective successors and assigns. -11.2. Notice. All notices must be in writing. Notices to Customer will be given: (a) by email to the email address associated with Customer's account, if Customer has subscribed to email notices; or (b) by posting in the VMware customer portal. Legal notices to VMware will be given to VMware, Inc., 3401 Hillview Avenue, Palo Alto, California 94304, United States of America, Attention: Legal Department. -11.3. Waiver. Waiver of a breach of the Agreement will not constitute a waiver of any later breach. -11.4. Severability. If any part of the Agreement is held to be invalid or unenforceable, all remaining provisions will remain in force to the extent feasible to effectuate the intent of the parties. -11.5. Insurance. VMware will carry insurance for the term of the Agreement. VMware's Memorandum of Insurance may be viewed at www.vmware.com/agreements. -11.6. Compliance with Laws. Each party must comply with all applicable laws. -11.7. Export Control. The Offerings are subject to the U.S. Export Administration Regulations (including "deemed export" and "deemed re-export" regulations), and may be subject to the export control laws of other countries. Customer represents and warrants that: (a) Customer and any User, are not, and are not acting on behalf of: (1) any person who is a citizen, national, or resident of, or who is controlled by, the government of any country to which the United States has prohibited export transactions; or (2) any person or entity listed on the U.S. Treasury Department list of Specially Designated Nationals and Blocked Persons, or the U.S. Commerce Department Denied Persons List or Entity List, or any similar applicable designated persons list; (b) Customer, and any User, will not permit the Offerings to be used for any purposes prohibited by law, including any prohibited development, design, manufacture, or production of missiles or nuclear, chemical, or biological weapons; and (c) Customer, and any User, are not subject, either directly or indirectly, to any order issued by any agency of the United States government revoking or denying, in whole or in part, Customer's United States export privileges. Customer must notify VMware promptly if Customer or any User becomes subject to any order of that type. -11.8. Governing Law. The Agreement is governed by the laws of the State of California and U.S. federal laws, if the billing address for Customer's Order is in the United States, and by the laws of Ireland if the billing address for Customer's Order is outside the United States. Conflict of law rules are expressly disclaimed. The United Nations Convention on Contracts for the International Sale of Goods does not apply. -11.9. U.S. Public Sector End User. If Customer is a U.S. Public Sector End User, the U.S. Public Sector Exhibit available at www.vmware.com/agreements supersedes or modifies the referenced provisions of the Agreement. -11.10. Third Party Rights. Other than as expressly stated, the Agreement does not create any rights for any person who is not a party to it. Only persons who are parties to the Agreement may enforce or rely on any of its terms. -11.11. Force Majeure. Except for Customer's payment obligations, neither party will be liable for any delay or failure to perform due to any cause beyond the party's reasonable control, including labor disputes, industrial disturbances, systemic utility failures, acts of nature, pandemics, embargoes, riots, government orders, acts of terrorism, or war. -11.12. No Agency. Nothing in the Agreement is intended to constitute a fiduciary relationship, agency, joint venture, partnership, or trust between the parties. No party has authority to bind the other party. -11.13. Translation. This non-English version of these General Terms is provided only as a courtesy, and Customer's use of the Offerings is governed by the English version of these General Terms, published at www.vmware.com/agreements. -11.14. Counterparts. The Agreement may be signed electronically or in counterparts, in which case each signed copy will be deemed an original as though both signatures appeared on the same document. -11.15. Entire Agreement. The Agreement contains the entire agreement of the parties and supersedes all previous or contemporaneous communications, representations, proposals, commitments, understandings, and agreements, whether written or oral, between the parties regarding its subject matter. The Agreement may be amended only in writing and signed by both parties. -12. DEFINITIONS. -Affiliate means an entity that is directly or indirectly controlled by, is under common control with, or controls that party, where "control" means an ownership, voting, or similar interest representing more than 50% of the total interests outstanding of that entity at that time. -Cloud Service means the VMware cloud service specified in Customer's Order. -Cloud Services Guide means the then-current VMware Cloud Services Guide, available at www.vmware.com/agreements. -Confidential Information means information or materials provided by a party ("Discloser") to the other party ("Recipient") that: (a) is in tangible form and labelled "confidential" or similar; or (b) information which a reasonable person knew or should have known to be confidential. Confidential Information includes: (1) license keys; (2) VMware pricing, product roadmaps or strategic marketing plans; (3) non-public materials relating to the Offerings; and (4) Customer Login Credentials. -Customer means the entity identified in the Order as "Customer". -Customer Content means content uploaded by Customer or any User into the Cloud Service or provided to VMware as a part of Support Services, but does not include Third-Party Content or account information. For purposes of this definition, "content" means any data, including all text, sound, video, or image files, and software (including machine images). -Data Processing Addendum means the then-current VMware Data Processing Addendum, available at www.vmware.com/agreements. -Deliverables means any reports, analyses, scripts, templates, code, or other work results delivered by VMware as specified in the applicable SOW for Professional Services. -Delivery means: (a) for Cloud Services, when VMware emails the Login Credentials to the email address associated with Customer's account; (b) for Software, when VMware notifies Customer of availability of Software for download; (c) for Support Services, upon VMware's issuance of an invoice for those Support Services; (d) for Professional Services, as specified in the applicable SOW; (e) for purchasing program credits, when VMware makes the fund balance available in the applicable portal; and (f) for shipping and delivery of physical objects, Ex Works VMware's regional fulfillment facility (INCOTERMS 2020(TM)). -Documentation means the product documentation describing the features, functionality, and use of the Offerings published and updated by VMware from time to time at docs.vmware.com. -Evaluation means an Offering (or part of an Offering) made available free of charge, for evaluation, trial, proof of concept, or similar purpose. -Exhibits means the exhibits to these General Terms (Software, Cloud Services, Professional Services, U.S. Federal, and VMware Entities) available at www.vmware.com/agreements. -Indemnified Materials means the Cloud Services, Software, and Deliverables. -Infringement Claim means any claim by a third party that the Indemnified Materials infringe any patent, trademark, or copyright of that third party, or misappropriate a trade secret (only to the extent that misappropriation is not a result of Customer's actions). -Intellectual Property Rights means all worldwide intellectual property rights, including copyrights, trademarks, service marks, trade secrets, know-how, inventions, patents, patent applications, moral rights, and all other proprietary rights, whether registered or unregistered. -Login Credentials means any passwords, authentication keys, or security credentials that enable Customer's access to and management of the Cloud Service. -Offering(s) means, collectively, Services or Software. -Offering-specific Notes means the applicable license notes or services notes found in the Product Guide, the Cloud Services Guide, and the Support Services Guide. -Order means an enterprise order, SOW, quote, or other ordering document for Offerings, issued by Customer to VMware or to Customer's VMware authorized reseller and accepted by VMware described in section 2 of these General Terms (Orders and Payments). -Perpetual License means a license to the Software with a perpetual term. -Personal Data is defined in the Data Processing Addendum. -Product Guide means VMware's then-current Product Guide available at www.vmware.com/agreements. -Professional Services means those services described in the applicable SOW. -Service Level Agreement means the then-current version of the applicable service level agreement for a Cloud Service, available at www.vmware.com/agreements. -Service(s) means Cloud Services, Support Services, or Professional Services. -Software means the VMware computer programs that Customer licenses under an Order, together with any related software code VMware provides as part of Support Services and that is not subject to a separate license agreement. -SOW means a written agreement between Customer and VMware containing project-specific details of the Professional Services or VMware online datasheet. -Subscription Software means Software that is licensed for a specific term. -Subscription Term means the period Customer is permitted to use a Cloud Service or Subscription Software, stated in the applicable Order. For any on-demand Cloud Services, Subscription Term means the period during which Customer uses the Cloud Service. -Support Services means VMware support and subscription services that are purchased under an Order or included with purchase of Subscription Software or Cloud Services. -Support Services Guide means VMware's then-current Support Services Guide, available at www.vmware.com/agreements. -Tax means any sales, consumption, VAT, GST, use, gross receipts, business and occupation, withholding, and other taxes (other than taxes on VMware income), export and import fees, customs duties, and similar fees imposed by any government or other authority. -Third-Party Agent means a third party delivering information technology services to Customer under a contract with Customer. -Third-Party Content means content provided by a third party that interoperates with a Cloud Service, but that is not part of the Cloud Service. Third-Party Content is optional and is subject to the third-party terms accompanying the Third-Party Content. -U.S. Public Sector End User means a U.S. Federal End User or a U.S. State or Local Government End User, as those terms are defined in the U.S. Public Sector Exhibit. -User means an employee, contractor, or Third-Party Agent that Customer authorizes to use the Offerings as permitted under the Agreement or under Customer's Login Credentials. -VMware means VMware, Inc., a Delaware corporation, if the billing address for the Order is in the United States, or VMware International Unlimited Company, a company organized and existing under the laws of Ireland, if the billing address for the Order is outside the United States, except if the billing address for the Order is in the United Kingdom, Australia, or New Zealand or the Pacific Islands, in which case VMware means the applicable entity identified in the VMware Entities Exhibit found at www.vmware.com/agreements. diff --git a/LICENSE.md b/LICENSE.md deleted file mode 100644 index 788f41d922..0000000000 --- a/LICENSE.md +++ /dev/null @@ -1,162 +0,0 @@ -PhotonOS v3.0 (and greater versions) Copyright © VMware, Inc. 2014-2018 - -The files of PhotonOS version 3.0 (and greater versions) are licensed under the terms of the Apache License v2.0 or alternatively under the terms of the GNU General Public License (GPL) v2 UNLESS otherwise noted at the beginning of the file or a LICENSE file present in a directory subtree declares a separate license. - -The terms of the Apache License v2.0 and GPL v2 licenses are set forth below. - -Apache License v2.0 - -## **Apache License, Version 2.0** - -## January 2004 - -[http://www.apache.org/licenses/](http://www.apache.org/licenses/)LICENSE-2.0 - -TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - -**1. Definitions**. - -"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. - -"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. - -"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. - -"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. - -"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. - -"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. - -"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). - -"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. - -"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." - -"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. - -**2. Grant of Copyright License**. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. - -**3. Grant of Patent License**. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. - -**4. Redistribution**. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: - -1. You must give any other recipients of the Work or Derivative Works a copy of this License; and -2. You must cause any modified files to carry prominent notices stating that You changed the files; and -3. You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and -4. If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. - -You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. - -**5. Submission of Contributions**. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. - -**6. Trademarks**. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. - -**7. Disclaimer of Warranty**. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. - -**8. Limitation of Liability**. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. - -**9. Accepting Warranty or Additional Liability**. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. - -END OF TERMS AND CONDITIONS - -# **APPENDIX: How to apply the Apache License to your work** - -To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - - you may not use this file except in compliance with the License. - - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - - distributed under the License is distributed on an "AS IS" BASIS, - - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - - See the License for the specific language governing permissions and - - limitations under the License. - -GPL v2 - -### **GNU GENERAL PUBLIC LICENSE** - -Version 2, June 1991 - -Copyright (C) 1989, 1991 Free Software Foundation, Inc. - -51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - -Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. - -### **TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION** - -1. **1.** This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. - -1. **2.** You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. - -You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. - -1. **3.** You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: - -**a)** You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. - -**b)** You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no chargeto all third parties under the terms of this License. - -**c)** If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. - -1. **4.** You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: - -1. **a)**Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, - -1. **b)**Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, - -1. **c)**Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. - -If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. - -1. **5.** You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. - -1. **6.** You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. - -1. **7.** Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. - -1. **8.** If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. - -It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. - -This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. - -**8.** If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. - -**9.** The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. - -Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. - -**10.** If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. - -**NO WARRANTY** - -**11.** BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - -**12.** IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. diff --git a/Makefile b/Makefile deleted file mode 100644 index 872f1d3c4f..0000000000 --- a/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -ifndef CONF - CONF := build-config.json -endif - -%: - @if [ -n "$(shell echo $(BUILD_EXTRA_PKGS) | grep -Ew "enable|yes|True")" ]; then\ - python3 build.py -c $(CONF) -t extra-packages;\ - else\ - python3 build.py -c $(CONF) -t $@;\ - fi diff --git a/NOTICE-Apachev2 b/NOTICE-Apachev2 deleted file mode 100644 index 47ae8bdc32..0000000000 --- a/NOTICE-Apachev2 +++ /dev/null @@ -1,7 +0,0 @@ -Photon -Copyright 2015-2020 VMware, Inc. All Rights Reserved. - -This product is licensed to you under the Apache 2.0 license (the "License"). You may not use this product except in compliance with the Apache 2.0 License. - -This product may include a number of subcomponents with separate copyright notices and license terms. Your use of these subcomponents is subject to the terms and conditions of the subcomponent's license, as noted in the LICENSE file. - diff --git a/NOTICE-GPL2.0 b/NOTICE-GPL2.0 deleted file mode 100644 index dbacf90be4..0000000000 --- a/NOTICE-GPL2.0 +++ /dev/null @@ -1,6 +0,0 @@ -Photon -Copyright 2015-2020 VMware, Inc. All Rights Reserved. - -This product is licensed to you under the GNU GENERAL PUBLIC LICENSE Version 2 license (the "License"). You may not use this product except in compliance with the GPL 2.0 License. - -This product may include a number of subcomponents with separate copyright notices and license terms. Your use of these subcomponents is subject to the terms and conditions of the subcomponent's license, as noted in the LICENSE file. diff --git a/PUBLISHRPMS_SPECS/gcc/PLUGIN_TYPE_CAST.patch b/PUBLISHRPMS_SPECS/gcc/PLUGIN_TYPE_CAST.patch deleted file mode 100644 index 15ddeec09c..0000000000 --- a/PUBLISHRPMS_SPECS/gcc/PLUGIN_TYPE_CAST.patch +++ /dev/null @@ -1,57 +0,0 @@ -diff -Naurp gcc-7.3.0-orig/gcc/c/c-typeck.c gcc-7.3.0/gcc/c/c-typeck.c ---- gcc-7.3.0-orig/gcc/c/c-typeck.c 2017-06-08 12:12:38.381833000 -0700 -+++ gcc-7.3.0/gcc/c/c-typeck.c 2018-04-24 14:44:50.222592671 -0700 -@@ -48,6 +48,8 @@ along with GCC; see the file COPYING3. - #include "c-family/c-ubsan.h" - #include "cilk.h" - #include "gomp-constants.h" -+#include "plugin-api.h" -+#include "plugin.h" - #include "spellcheck-tree.h" - #include "gcc-rich-location.h" - -@@ -5452,6 +5454,12 @@ build_c_cast (location_t loc, tree type, - return error_mark_node; - } - -+ { -+ tree cast_info[] {type, TREE_TYPE(value)}; -+ invoke_plugin_callbacks (PLUGIN_TYPE_CAST, cast_info); -+ } -+ -+ - if (type == TYPE_MAIN_VARIANT (TREE_TYPE (value))) - { - if (RECORD_OR_UNION_TYPE_P (type)) -diff -Naurp gcc-7.3.0-orig/gcc/plugin.c gcc-7.3.0/gcc/plugin.c ---- gcc-7.3.0-orig/gcc/plugin.c 2017-03-21 04:50:18.693898000 -0700 -+++ gcc-7.3.0/gcc/plugin.c 2018-04-24 14:46:13.956372418 -0700 -@@ -471,6 +471,7 @@ register_callback (const char *plugin_na - case PLUGIN_EARLY_GIMPLE_PASSES_END: - case PLUGIN_NEW_PASS: - case PLUGIN_INCLUDE_FILE: -+ case PLUGIN_TYPE_CAST: - { - struct callback_info *new_callback; - if (!callback) -@@ -551,6 +552,7 @@ invoke_plugin_callbacks_full (int event, - case PLUGIN_EARLY_GIMPLE_PASSES_END: - case PLUGIN_NEW_PASS: - case PLUGIN_INCLUDE_FILE: -+ case PLUGIN_TYPE_CAST: - { - /* Iterate over every callback registered with this event and - call it. */ -diff -Naurp gcc-7.3.0-orig/gcc/plugin.def gcc-7.3.0/gcc/plugin.def ---- gcc-7.3.0-orig/gcc/plugin.def 2017-01-01 04:07:43.905435000 -0800 -+++ gcc-7.3.0/gcc/plugin.def 2018-04-24 14:47:02.209408557 -0700 -@@ -99,6 +99,9 @@ DEFEVENT (PLUGIN_NEW_PASS) - as a const char* pointer. */ - DEFEVENT (PLUGIN_INCLUDE_FILE) - -+/* Called when expression is casted to some type. */ -+DEFEVENT (PLUGIN_TYPE_CAST) -+ - /* When adding a new hard-coded plugin event, don't forget to edit in - file plugin.c the functions register_callback and - invoke_plugin_callbacks_full accordingly! */ diff --git a/PUBLISHRPMS_SPECS/gcc/gcc.spec b/PUBLISHRPMS_SPECS/gcc/gcc.spec deleted file mode 100644 index e8b78b5c3b..0000000000 --- a/PUBLISHRPMS_SPECS/gcc/gcc.spec +++ /dev/null @@ -1,270 +0,0 @@ -%define _use_internal_dependency_generator 0 -Summary: Contains the GNU compiler collection -Name: gcc -Version: 7.3.0 -Release: 2%{?dist} -License: GPLv2+ -URL: http://gcc.gnu.org -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon -Source0: http://ftp.gnu.org/gnu/gcc/%{name}-%{version}/%{name}-%{version}.tar.xz -%define sha1 gcc=9689b9cae7b2886fdaa08449a26701f095c04e48 -Patch0: PLUGIN_TYPE_CAST.patch - -BuildRequires: wget -BuildRequires: curl -Requires: libstdc++-devel = %{version}-%{release} -Requires: libgcc-devel = %{version}-%{release} -Requires: libgomp-devel = %{version}-%{release} -Requires: libgcc-atomic = %{version}-%{release} -Requires: gmp -%if %{with_check} -BuildRequires: autogen -BuildRequires: dejagnu -%endif - -%description -The GCC package contains the GNU compiler collection, -which includes the C and C++ compilers. - -%package -n gfortran -Summary: GNU Fortran compiler. -Group: Development/Tools -%description -n gfortran -The gfortran package contains GNU Fortran compiler. - -%package -n libgcc -Summary: GNU C Library -Group: System Environment/Libraries -%description -n libgcc -The libgcc package contains GCC shared libraries for gcc. - -%package -n libgcc-atomic -Summary: GNU C Library for atomic counter updates -Group: System Environment/Libraries -Requires: libgcc = %{version}-%{release} -%description -n libgcc-atomic -The libgcc package contains GCC shared libraries for atomic counter updates. - -%package -n libgcc-devel -Summary: GNU C Library -Group: Development/Libraries -Requires: libgcc = %{version}-%{release} -%description -n libgcc-devel -The libgcc package contains GCC shared libraries for gcc . -This package contains development headers and static library for libgcc. - -%package -n libstdc++ -Summary: GNU C Library -Group: System Environment/Libraries -Requires: libgcc = %{version}-%{release} -%description -n libstdc++ -This package contains the GCC Standard C++ Library v3, an ongoing project to implement the ISO/IEC 14882:1998 Standard C++ library. - -%package -n libstdc++-devel -Summary: GNU C Library -Group: Development/Libraries -Requires: libstdc++ = %{version}-%{release} -%description -n libstdc++-devel -This is the GNU implementation of the standard C++ libraries. -This package includes the headers files and libraries needed for C++ development. - -%package -n libgomp -Summary: GNU C Library -Group: System Environment/Libraries -%description -n libgomp -An implementation of OpenMP for the C, C++, and Fortran 95 compilers in the GNU Compiler Collection. - -%package -n libgomp-devel -Summary: Development headers and static library for libgomp -Group: Development/Libraries -Requires: libgomp = %{version}-%{release} -%description -n libgomp-devel -An implementation of OpenMP for the C, C++, and Fortran 95 compilers in the GNU Compiler Collection. -This package contains development headers and static library for libgomp - -%prep -%setup -q -%patch0 -p1 - -# deactivate FORTIFY_SOURCE=2 from hardening -sed -i '/*cpp:/s/^/# /' `dirname $(gcc --print-libgcc-file-name)`/../specs -sed -i '/Ofast:-D_FORTIFY_SOURCE=2/s/^/# /' `dirname $(gcc --print-libgcc-file-name)`/../specs -# deactivate no-pie for gcc binaries -sed -i '/^NO_PIE_CFLAGS = /s/@NO_PIE_CFLAGS@//' gcc/Makefile.in - -install -vdm 755 ../gcc-build -%build - -export glibcxx_cv_c99_math_cxx98=yes glibcxx_cv_c99_math_cxx11=yes - -./contrib/download_prerequisites -cd ../gcc-build -SED=sed \ -../%{name}-%{version}/configure \ - --prefix=%{_prefix} \ - --enable-shared \ - --enable-threads=posix \ - --enable-__cxa_atexit \ - --enable-clocale=gnu \ - --enable-languages=c,c++,fortran\ - --disable-multilib \ - --disable-bootstrap \ - --enable-linker-build-id \ - --enable-plugin \ - --with-system-zlib -# --disable-silent-rules -make %{?_smp_mflags} -%install -pushd ../gcc-build -make %{?_smp_mflags} DESTDIR=%{buildroot} install -install -vdm 755 %{buildroot}/%_lib -ln -sv %{_bindir}/cpp %{buildroot}/%{_lib} -ln -sv gcc %{buildroot}%{_bindir}/cc -install -vdm 755 %{buildroot}%{_datarootdir}/gdb/auto-load%{_lib} -mv -v %{buildroot}%{_lib64dir}/*gdb.py %{buildroot}%{_datarootdir}/gdb/auto-load%{_lib} -chmod 755 %{buildroot}/%{_lib64dir}/libgcc_s.so.1 -rm -rf %{buildroot}%{_infodir} -popd -%find_lang %{name} --all-name - -%check -ulimit -s 32768 -# deactivate PCH tests is ASLR is on (due to bug in pch) -test `cat /proc/sys/kernel/randomize_va_space` -ne 0 && rm gcc/testsuite/gcc.dg/pch/pch.exp -# deactivate security hardening for tests -rm -f $(dirname $(gcc -print-libgcc-file-name))/../specs -# run only gcc tests -cd ../gcc-build/gcc -make %{?_smp_mflags} check-gcc -# Only 1 FAIL is OK -[ `grep ^FAIL testsuite/gcc/gcc.sum | wc -l` -ne 1 -o `grep ^XPASS testsuite/gcc/gcc.sum | wc -l` -ne 0 ] && exit 1 ||: -[ `grep "^FAIL: gcc.dg/cpp/trad/include.c (test for excess errors)" testsuite/gcc/gcc.sum | wc -l` -ne 1 ] && exit 1 ||: - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -f %{name}.lang -%defattr(-,root,root) -%{_lib}/cpp -# Executables -%exclude %{_bindir}/*gfortran -%{_bindir}/* -# Libraries -%{_lib64dir}/* -%ifarch x86_64 -%exclude %{_libexecdir}/gcc/x86_64-pc-linux-gnu/%{version}/f951 -%endif -%ifarch aarch64 -%exclude %{_libexecdir}/gcc/aarch64-unknown-linux-gnu/%{version}/f951 -%endif -%{_libdir}/gcc/* -# Library executables -%{_libexecdir}/gcc/* -# Man pages -%{_mandir}/man1/gcov.1.gz -%{_mandir}/man1/gcov-dump.1.gz -%{_mandir}/man1/gcov-tool.1.gz -%{_mandir}/man1/gcc.1.gz -%{_mandir}/man1/g++.1.gz -%{_mandir}/man1/cpp.1.gz -%{_mandir}/man7/*.gz -%{_datadir}/gdb/* - -%exclude %{_lib64dir}/libgcc* -%exclude %{_lib64dir}/libstdc++* -%exclude %{_lib64dir}/libgomp* - -%files -n gfortran -%defattr(-,root,root) -%{_bindir}/*gfortran -%{_mandir}/man1/gfortran.1.gz -%ifarch x86_64 -%{_libexecdir}/gcc/x86_64-pc-linux-gnu/%{version}/f951 -%endif -%ifarch aarch64 -%{_libexecdir}/gcc/aarch64-unknown-linux-gnu/%{version}/f951 -%endif - -%files -n libgcc -%defattr(-,root,root) -%{_lib64dir}/libgcc_s.so.* - -%files -n libgcc-atomic -%defattr(-,root,root) -%{_lib64dir}/libatomic.so* - -%files -n libgcc-devel -%defattr(-,root,root) -%{_lib64dir}/libgcc_s.so - - -%files -n libstdc++ -%defattr(-,root,root) -%{_lib64dir}/libstdc++.so.* -%dir %{_datarootdir}/gcc-%{version}/python/libstdcxx -%{_datarootdir}/gcc-%{version}/python/libstdcxx/* - -%files -n libstdc++-devel -%defattr(-,root,root) -%{_lib64dir}/libstdc++.so -%{_lib64dir}/libstdc++.la - -%{_includedir}/c++/* - -%files -n libgomp -%defattr(-,root,root) -%{_lib64dir}/libgomp*.so.* - -%files -n libgomp-devel -%defattr(-,root,root) -%{_lib64dir}/libgomp.a -%{_lib64dir}/libgomp.la -%{_lib64dir}/libgomp.so -%{_lib64dir}/libgomp.spec - -%changelog -* Fri Sep 14 2018 Srivatsa S. Bhat 7.3.0-2 -- Use download_prerequisites script to statically link gcc with -- specific versions of dependent libraries. -* Wed Aug 01 2018 Srivatsa S. Bhat 7.3.0-1 -- Update to version 7.3.0 to get retpoline support. -* Tue Nov 14 2017 Alexey Makhalov 6.3.0-7 -- Aarch64 support -* Mon Oct 02 2017 Alexey Makhalov 6.3.0-6 -- Added smp_mflags for parallel build -* Mon Sep 25 2017 Alexey Makhalov 6.3.0-5 -- Enable elfdeps for libgcc_s to generate libgcc_s.so.1(*)(64bit) provides -* Mon Aug 28 2017 Alexey Makhalov 6.3.0-4 -- Fix makecheck -* Tue Aug 15 2017 Alexey Makhalov 6.3.0-3 -- Fix compilation issue for glibc-2.26 -* Tue Aug 15 2017 Alexey Makhalov 6.3.0-2 -- Improve make check -* Thu Mar 9 2017 Alexey Makhalov 6.3.0-1 -- Update version to 6.3 -* Thu Mar 02 2017 Xiaolin Li 5.3.0-6 -- Enabled fortran. -* Wed Feb 22 2017 Alexey Makhalov 5.3.0-5 -- Added new plugin entry point: PLUGIN_TYPE_CAST (.patch) -* Thu Sep 8 2016 Alexey Makhalov 5.3.0-4 -- Enable plugins and linker build id. -* Tue May 24 2016 Priyesh Padmavilasom 5.3.0-3 -- GA - Bump release of all rpms -* Tue May 17 2016 Anish Swaminathan 5.3.0-2 -- Change package dependencies -* Mon Mar 28 2016 Alexey Makhalov 5.3.0-1 -- Update version to 5.3 -* Tue Nov 10 2015 Xiaolin Li 4.8.2-6 -- Handled locale files with macro find_lang -* Mon Nov 02 2015 Vinay Kulkarni 4.8.2-5 -- Put libatomic.so into its own package. -* Wed May 20 2015 Touseef Liaqat 4.8.2-4 -- Updated group. -* Mon May 18 2015 Touseef Liaqat 4.8.2-3 -- Update according to UsrMove. -* Fri May 15 2015 Divya Thaluru 4.8.2-2 -- Packaging .la files -* Tue Apr 01 2014 baho-utot 4.8.2-1 -- Initial build. First version diff --git a/PUBLISHRPMS_SPECS/openjdk10/build-with-latest-make.patch b/PUBLISHRPMS_SPECS/openjdk10/build-with-latest-make.patch deleted file mode 100644 index 9618cefd32..0000000000 --- a/PUBLISHRPMS_SPECS/openjdk10/build-with-latest-make.patch +++ /dev/null @@ -1,35 +0,0 @@ -From af5c725b8109ce83fc04ef0f8bf6aaf0b50c0441 Mon Sep 17 00:00:00 2001 -From: Magnus Ihse Bursie -Date: Thu, 30 Jan 2020 11:08:30 +0100 -Subject: [PATCH] 8237879: make 4.3 breaks build - -Reviewed-by: erikj, tbell ---- - make/common/MakeBase.gmk | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/make/common/MakeBase.gmk b/make/common/MakeBase.gmk -index 8de519fc606..221e9455960 100644 ---- a/make/common/MakeBase.gmk -+++ b/make/common/MakeBase.gmk -@@ -525,15 +525,16 @@ DependOnVariableFileName = \ - # Param 2 - (optional) name of file to store value in - DependOnVariableHelper = \ - $(strip \ -- $(eval -include $(call DependOnVariableFileName, $1, $2)) \ -+ $(eval $1_filename := $(call DependOnVariableFileName, $1, $2)) \ -+ $(if $(wildcard $($1_filename)), $(eval include $($1_filename))) \ - $(if $(call equals, $(strip $($1)), $(strip $($1_old))),,\ -- $(call MakeDir, $(dir $(call DependOnVariableFileName, $1, $2))) \ -+ $(call MakeDir, $(dir $($1_filename))) \ - $(if $(findstring $(LOG_LEVEL), trace), \ - $(info NewVariable $1: >$(strip $($1))<) \ - $(info OldVariable $1: >$(strip $($1_old))<)) \ - $(call WriteFile, $1_old:=$(call DoubleDollar,$(call EscapeHash,$($1))), \ -- $(call DependOnVariableFileName, $1, $2))) \ -- $(call DependOnVariableFileName, $1, $2) \ -+ $($1_filename))) \ -+ $($1_filename) \ - ) - - # Main macro diff --git a/PUBLISHRPMS_SPECS/openjdk10/openjdk10.spec b/PUBLISHRPMS_SPECS/openjdk10/openjdk10.spec deleted file mode 100644 index 157f451eaa..0000000000 --- a/PUBLISHRPMS_SPECS/openjdk10/openjdk10.spec +++ /dev/null @@ -1,253 +0,0 @@ -%define _use_internal_dependency_generator 0 -%global security_hardening none -%define jdk_major_version 1.10.0 -%define subversion 23 -Summary: OpenJDK -Name: openjdk10 -Version: 1.10.0.23 -Release: 7%{?dist} -License: GNU GPL -URL: https://openjdk.java.net -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon -Source0: http://www.java.net/download/openjdk/jdk10/jdk10/openjdk-%{version}.tar.gz -%define sha1 openjdk-1.10.0=d0b6193fd1687b23fb7553b62d32f0e7e0527ea8 -Patch0: build-with-latest-make.patch -BuildArch: x86_64 -BuildRequires: pcre-devel -BuildRequires: which -BuildRequires: zip -BuildRequires: unzip -BuildRequires: zlib-devel -BuildRequires: ca-certificates -BuildRequires: chkconfig -BuildRequires: fontconfig-devel freetype2-devel glib-devel harfbuzz-devel -Requires: openjre10 = %{version}-%{release} -Requires: chkconfig -Obsoletes: openjdk <= %{version} -AutoReqProv: no -%define ExtraBuildRequires icu-devel, cups, cups-devel, xorg-proto-devel, libXtst, libXtst-devel, libXfixes, libXfixes-devel, libXi, libXi-devel, openjdk, openjre, icu, alsa-lib, alsa-lib-devel, xcb-proto, libXdmcp-devel, libXau-devel, util-macros, xtrans, libxcb-devel, proto, libXdmcp, libxcb, libXau, xtrans-devel, libX11, libX11-devel, libXext, libXext-devel, libICE-devel, libSM, libICE, libSM-devel, libXt, libXmu, libXt-devel, libXmu-devel, libXrender, libXrender-devel -%define bootstrapjdkversion 1.8.0.112 - -%description -The OpenJDK package installs java class library and javac java compiler. - -%package -n openjre10 -Summary: Java runtime environment -AutoReqProv: no -Obsoletes: openjre <= %{version} -Requires: chkconfig -Requires: libstdc++ -%description -n openjre10 -It contains the libraries files for Java runtime environment - -%package doc -Summary: Documentation and demo applications for openjdk -Group: Development/Languages/Java -Obsoletes: openjdk-doc <= %{version} -Requires: %{name} = %{version}-%{release} -%description doc -It contains the documentation and demo applications for openjdk - -%package src -Summary: OpenJDK Java classes for developers -Group: Development/Languages/Java -Obsoletes: openjdk-src <= %{version} -Requires: %{name} = %{version}-%{release} -%description src -This package provides the runtime library class sources. - -%prep -p exit -# Using autosetup is not feasible -%setup -qn openjdk-%{version} -%patch0 -p1 - -%build -unset JAVA_HOME && -ENABLE_HEADLESS_ONLY="true" && -sh configure \ - --with-target-bits=64 \ - --with-boot-jdk=/var/opt/OpenJDK-%bootstrapjdkversion-bin \ - --enable-headless-only \ - --with-extra-cxxflags="-Wno-error -std=gnu++98 -fno-delete-null-pointer-checks -fno-lifetime-dse" \ - --with-extra-cflags="-fno-delete-null-pointer-checks -Wno-error -fno-lifetime-dse -fcommon" \ - --with-freetype-include=/usr/include/freetype2 \ - --with-freetype-lib=/usr/lib \ - --with-stdc++lib=dynamic \ - --disable-warnings-as-errors - -mkdir /usr/share/java -p -make \ - DISABLE_HOTSPOT_OS_VERSION_CHECK=ok \ - SCTP_WERROR= \ - BUILD_HEADLESS_ONLY=1 \ - OPENJDK_TARGET_OS=linux \ - STRIP_POLICY=no_strip \ - POST_STRIP_CMD="" \ - LOG=trace - -%install -unset JAVA_HOME && -# make doesn't support _smp_mflags -make install - -install -vdm755 %{buildroot}%{_libdir}/jvm/OpenJDK-%{jdk_major_version} -chown -R root:root %{buildroot}%{_libdir}/jvm/OpenJDK-%{jdk_major_version} -install -vdm755 %{buildroot}%{_bindir} -mv /usr/local/jvm/openjdk-10-internal/* %{buildroot}%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/ -mv build/linux-x86_64-normal-server-release/images/jre %{buildroot}%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/ -cp README LICENSE ASSEMBLY_EXCEPTION %{buildroot}%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/ - -%post -alternatives --install %{_bindir}/javac javac %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/javac 2000 \ - --slave %{_bindir}/appletviewer appletviewer %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/appletviewer \ - --slave %{_bindir}/idlj idlj %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/idlj \ - --slave %{_bindir}/jaotc jaotc %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jaotc \ - --slave %{_bindir}/jar jar %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jar \ - --slave %{_bindir}/jarsigner jarsigner %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jarsigner \ - --slave %{_bindir}/jhsdb jhsdb %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jhsdb \ - --slave %{_bindir}/jimage jimage %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jimage \ - --slave %{_bindir}/jlink jlink %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jlink \ - --slave %{_bindir}/jmod jmod %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jmod \ - --slave %{_bindir}/javadoc javadoc %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/javadoc \ - --slave %{_bindir}/javah javah %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/javah \ - --slave %{_bindir}/javap javap %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/javap \ - --slave %{_bindir}/jcmd jcmd %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jcmd \ - --slave %{_bindir}/jdeprscan jdeprscan %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jdeprscan \ - --slave %{_bindir}/jconsole jconsole %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jconsole \ - --slave %{_bindir}/jdb jdb %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jdb \ - --slave %{_bindir}/jdeps jdeps %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jdeps \ - --slave %{_bindir}/jinfo jinfo %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jinfo \ - --slave %{_bindir}/jmap jmap %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jmap \ - --slave %{_bindir}/jps jps %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jps \ - --slave %{_bindir}/jrunscript jrunscript %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jrunscript \ - --slave %{_bindir}/jstack jstack %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jstack \ - --slave %{_bindir}/jstat jstat %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jstat \ - --slave %{_bindir}/jstatd jstatd %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jstatd \ - --slave %{_bindir}/rmic rmic %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/rmic \ - --slave %{_bindir}/schemagen schemagen %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/schemagen \ - --slave %{_bindir}/serialver serialver %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/serialver \ - --slave %{_bindir}/wsgen wsgen %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/wsgen \ - --slave %{_bindir}/wsimport wsimport %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/wsimport \ - --slave %{_bindir}/xjc xjc %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/xjc -/sbin/ldconfig - -%post -n openjre10 -alternatives --install %{_bindir}/java java %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/jre/bin/java 2000 \ - --slave %{_libdir}/jvm/jre jre %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/jre \ - --slave %{_bindir}/jjs jjs %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/jre/bin/jjs \ - --slave %{_bindir}/keytool keytool %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/jre/bin/keytool \ - --slave %{_bindir}/orbd orbd %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/jre/bin/orbd \ - --slave %{_bindir}/pack200 pack200 %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/jre/bin/pack200 \ - --slave %{_bindir}/rmid rmid %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/jre/bin/rmid \ - --slave %{_bindir}/rmiregistry rmiregistry %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/jre/bin/rmiregistry \ - --slave %{_bindir}/servertool servertool %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/jre/bin/servertool \ - --slave %{_bindir}/tnameserv tnameserv %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/jre/bin/tnameserv \ - --slave %{_bindir}/unpack200 unpack200 %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/jre/bin/unpack200 -/sbin/ldconfig - -%postun -# Do alternative remove only in case of uninstall -if [ $1 -eq 0 ] -then - alternatives --remove javac %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/javac -fi -/sbin/ldconfig - -%postun -n openjre10 -# Do alternative remove only in case of uninstall -if [ $1 -eq 0 ] -then - alternatives --remove java %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/jre/bin/java -fi -/sbin/ldconfig - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/ASSEMBLY_EXCEPTION -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/LICENSE -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/README -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/release -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/lib -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/include/ -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/idlj -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jaotc -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jar -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jhsdb -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jimage -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jarsigner -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jdeprscan -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/javac -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/javadoc -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/javah -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/javap -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jcmd -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jconsole -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jdb -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jdeps -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jinfo -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jlink -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jmod -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jmap -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jps -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jshell -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jrunscript -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jstack -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jstat -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jstatd -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/rmic -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/schemagen -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/serialver -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/wsgen -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/wsimport -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/xjc -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/conf -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/jmods - -%files -n openjre10 -%defattr(-,root,root) -%dir %{_libdir}/jvm/OpenJDK-%{jdk_major_version} -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/jre/ -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/java -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/keytool -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/orbd -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/pack200 -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/jjs -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/rmid -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/rmiregistry -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/servertool -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/tnameserv -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/bin/unpack200 - -%files doc -%defattr(-,root,root) -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/man/ -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/legal/ -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/demo - -%files src -%defattr(-,root,root) -%{_libdir}/jvm/OpenJDK-%{jdk_major_version}/lib/src.zip - -%changelog -* Thu Jan 14 2021 Alexey Makhalov 1.10.0.23-7 -- GCC-10 support. -* Mon Sep 14 2020 Prashant S Chauhan 1.10.0.23-6 -- Fix build issue with make-4.3 -* Tue Aug 11 2020 Ankit Jain 1.10.0.23-5 -- Added a check in %postun to avoid alternatives --remove -- after new version is installed. -- Do alternative remove only in case of uninstall -* Thu Sep 05 2019 Ankit Jain 1.10.0.23-4 -- Divided version:majorversion+subversion to remove specific -- version java dependency from other packages -* Mon Nov 19 2018 Ajay Kaher 1.10.0.23-3 -- Add BuildArch -* Mon Oct 29 2018 Alexey Makhalov 1.10.0.23-2 -- Use ExtraBuildRequires -* Mon Apr 23 2018 Harish Udaiya Kumar 1.10.0.23-1 -- Initial build. First version diff --git a/PUBLISHRPMS_SPECS/python2/CVE-2019-17514.patch b/PUBLISHRPMS_SPECS/python2/CVE-2019-17514.patch deleted file mode 100644 index 84bb07017b..0000000000 --- a/PUBLISHRPMS_SPECS/python2/CVE-2019-17514.patch +++ /dev/null @@ -1,20 +0,0 @@ -From 5cffb1ed6a7f5afe74e4384d59f1670be29a7930 Mon Sep 17 00:00:00 2001 -From: elena -Date: Tue, 24 Apr 2018 13:44:30 +0300 -Subject: [PATCH] Explain that the orderness of the result is system-dependant - - - ---- a/Doc/library/glob.rst_org 2019-10-31 10:11:19.177511543 +0000 -+++ b/Doc/library/glob.rst 2019-10-31 10:12:07.145513846 +0000 -@@ -31,7 +31,8 @@ For example, ``'[?]'`` matches the chara - a string containing a path specification. *pathname* can be either absolute - (like :file:`/usr/src/Python-1.5/Makefile`) or relative (like - :file:`../../Tools/\*/\*.gif`), and can contain shell-style wildcards. Broken -- symlinks are included in the results (as in the shell). -+ symlinks are included in the results (as in the shell). Whether or not the -+ results are sorted depends on the file system. - - - .. function:: iglob(pathname) - diff --git a/PUBLISHRPMS_SPECS/python2/added-pyopenssl-ipaddress-certificate-validation.patch b/PUBLISHRPMS_SPECS/python2/added-pyopenssl-ipaddress-certificate-validation.patch deleted file mode 100644 index e1eb13cb9f..0000000000 --- a/PUBLISHRPMS_SPECS/python2/added-pyopenssl-ipaddress-certificate-validation.patch +++ /dev/null @@ -1,55 +0,0 @@ ---- a/Lib/ssl.py 2018-04-30 04:17:33.000000000 +0530 -+++ b/Lib/ssl.py 2018-08-17 05:48:06.389881269 +0530 -@@ -146,6 +146,11 @@ from socket import SOL_SOCKET, SO_TYPE - import base64 # for DER-to-PEM translation - import errno - import warnings -+try: -+ from ipaddr import IPAddress -+except ImportError: -+ # ipaddr is missing. Make ip address cert match functionality to behave as before. -+ def IPAddress(*_args): raise ValueError("Not supported") - - if _ssl.HAS_TLS_UNIQUE: - CHANNEL_BINDING_TYPES = ['tls-unique'] -@@ -251,7 +250,15 @@ def _dnsname_match(dn, hostname, max_wil - pat = re.compile(r'\A' + r'\.'.join(pats) + r'\Z', re.IGNORECASE) - return pat.match(hostname) - -+def _ipaddress_match(ipname, host_ip): -+ """Exact matching of IP addresses. - -+ RFC 6125 explicitly doesn't define an algorithm for this -+ (section 1.7.2 - "Out of Scope"). -+ """ -+ # OpenSSL may add a trailing newline to a subjectAltName's IP address -+ ip = IPAddress(ipname.rstrip()) -+ return ip == host_ip - def match_hostname(cert, hostname): - """Verify that *cert* (in decoded format as returned by - SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 -@@ -264,6 +271,13 @@ def match_hostname(cert, hostname): - raise ValueError("empty or no certificate, match_hostname needs a " - "SSL socket or SSL context with either " - "CERT_OPTIONAL or CERT_REQUIRED") -+ -+ try: -+ host_ip = IPAddress(hostname) -+ except ValueError: -+ # Not an IP address (common case) -+ host_ip = None -+ - dnsnames = [] - san = cert.get('subjectAltName', ()) - for key, value in san: -@@ -271,6 +285,10 @@ def match_hostname(cert, hostname): - if _dnsname_match(value, hostname): - return - dnsnames.append(value) -+ elif key == 'IP Address': -+ if host_ip is not None and _ipaddress_match(value, host_ip): -+ return -+ dnsnames.append(value) - if not dnsnames: - # The subject is only checked when there is no dNSName entry - # in subjectAltName diff --git a/PUBLISHRPMS_SPECS/python2/cgi.patch b/PUBLISHRPMS_SPECS/python2/cgi.patch deleted file mode 100644 index f0a4ee50b3..0000000000 --- a/PUBLISHRPMS_SPECS/python2/cgi.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- a/Lib/cgi.py 2014-06-29 19:05:24.000000000 -0700 -+++ b/Lib/cgi.py 2015-02-05 18:03:52.273922307 -0800 -@@ -1,13 +1,5 @@ --#! /usr/local/bin/python -+#! /usr/bin/python - --# NOTE: the above "/usr/local/bin/python" is NOT a mistake. It is --# intentionally NOT "/usr/bin/env python". On many systems --# (e.g. Solaris), /usr/local/bin is not in $PATH as passed to CGI --# scripts, and /usr/local/bin is the default directory where Python is --# installed, so /usr/bin/env would be unable to find python. Granted, --# binary installations by Linux vendors often install Python in --# /usr/bin. So let those vendors patch cgi.py to match their choice --# of installation. - - """Support module for CGI (Common Gateway Interface) scripts. - diff --git a/PUBLISHRPMS_SPECS/python2/python2-support-photon-platform.patch b/PUBLISHRPMS_SPECS/python2/python2-support-photon-platform.patch deleted file mode 100644 index 7378e119c4..0000000000 --- a/PUBLISHRPMS_SPECS/python2/python2-support-photon-platform.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -rupr a/Lib/platform.py b/Lib/platform.py ---- a/Lib/platform.py 2015-12-05 11:47:01.000000000 -0800 -+++ b/Lib/platform.py 2017-01-20 16:39:55.628824665 -0800 -@@ -261,7 +261,7 @@ _release_version = re.compile(r'([^0-9]+ - _supported_dists = ( - 'SuSE', 'debian', 'fedora', 'redhat', 'centos', - 'mandrake', 'mandriva', 'rocks', 'slackware', 'yellowdog', 'gentoo', -- 'UnitedLinux', 'turbolinux') -+ 'UnitedLinux', 'turbolinux', 'photon') - - def _parse_release_file(firstline): - diff --git a/PUBLISHRPMS_SPECS/python2/python2.spec b/PUBLISHRPMS_SPECS/python2/python2.spec deleted file mode 100644 index 8c51b0a5e7..0000000000 --- a/PUBLISHRPMS_SPECS/python2/python2.spec +++ /dev/null @@ -1,370 +0,0 @@ -Summary: A high-level scripting language -Name: python2 -Version: 2.7.18 -Release: 1%{?dist} -License: PSF -URL: http://www.python.org/ -Group: System Environment/Programming -Vendor: VMware, Inc. -Distribution: Photon -Source0: http://www.python.org/ftp/python/%{version}/Python-%{version}.tar.xz -%define sha1 Python=678d4cf483a1c92efd347ee8e1e79326dc82810b -Patch0: cgi.patch -Patch1: added-pyopenssl-ipaddress-certificate-validation.patch -Patch2: python2-support-photon-platform.patch -Patch3: CVE-2019-17514.patch -BuildRequires: pkg-config >= 0.28 -BuildRequires: bzip2-devel -BuildRequires: openssl-devel -BuildRequires: expat-devel >= 2.1.0 -BuildRequires: libffi-devel >= 3.0.13 -BuildRequires: sqlite-devel -BuildRequires: ncurses-devel -BuildRequires: readline-devel -# cross compilation requires native python2 installed -%define BuildRequiresNative python2 -Requires: openssl -Requires: python2-libs = %{version}-%{release} -Provides: python-sqlite -Provides: python(abi) -Provides: /bin/python -Provides: /bin/python2 -%if %{with_check} -BuildRequires: iana-etc -%endif - -%description -The Python 2 package contains the Python development environment. It -is useful for object-oriented programming, writing scripts, -prototyping large programs or developing entire applications. This -version is for backward compatibility with other dependent packages. - -%package libs -Summary: The libraries for python runtime -Group: Applications/System -Requires: sqlite-libs -Requires: expat >= 2.1.0 -Requires: libffi >= 3.0.13 -Requires: ncurses -Requires: (coreutils or toybox) -Requires: gdbm -Requires: bzip2-libs -%global __requires_exclude ^(/usr/bin/python|python\\(abi\\) = 2\\.7)$ - -# Needed for ctypes, to load libraries, worked around for Live CDs size -# Requires: binutils - -%description libs -The python interpreter can be embedded into applications wanting to -use python as an embedded scripting language. The python-libs package -provides the libraries needed for this. - -%package -n python-xml -Summary: XML libraries for python runtime -Group: Applications/System -Requires: python2-libs = %{version}-%{release} - -%description -n python-xml -The python-xml package provides the libraries needed for XML manipulation. - -%package -n python-curses -Summary: Python module interface for NCurses Library -Group: Applications/System -Requires: python2-libs = %{version}-%{release} -Requires: ncurses - -%description -n python-curses -The python-curses package provides interface for ncurses library. - -%package devel -Summary: The libraries and header files needed for Python development. -Group: Development/Libraries -Requires: python2 = %{version}-%{release} -Requires: expat-devel >= 2.1.0 -# Needed here because of the migration of Makefile from -devel to the main -# package -Conflicts: python2 < %{version}-%{release} - -%description devel -The Python programming language's interpreter can be extended with -dynamically loaded extensions and can be embedded in other programs. -This package contains the header files and libraries needed to do -these types of tasks. - -Install python-devel if you want to develop Python extensions. The -python package will also need to be installed. You'll probably also -want to install the python-docs package, which contains Python -documentation. - -%package tools -Summary: A collection of development tools included with Python. -Group: Development/Tools -Requires: python2 = %{version}-%{release} - -%description tools -The Python package includes several development tools that are used -to build python programs. - -%package test -Summary: Regression tests package for Python. -Group: Development/Tools -Requires: python2 = %{version}-%{release} - -%description test -The test package contains all regression tests for Python as well as the modules test.support and test.regrtest. test.support is used to enhance your tests while test.regrtest drives the testing suite. - -%prep -%setup -q -n Python-%{version} -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 - -%build -export OPT="${CFLAGS}" -if [ %{_host} != %{_build} ]; then - sed -i 's/\tPYTHONPATH/\t-PYTHONPATH/' Makefile.pre.in - export ac_cv_buggy_getaddrinfo=no - export ac_cv_file__dev_ptmx=yes - export ac_cv_file__dev_ptc=no -fi -%configure \ - CFLAGS="%{optflags}" \ - CXXFLAGS="%{optflags}" \ - --enable-shared \ - --with-ssl \ - --with-system-expat \ - --with-system-ffi \ - --enable-unicode=ucs4 \ - --with-dbmliborder=gdbm:ndbm -make %{?_smp_mflags} -%install -[ %{buildroot} != "/"] && rm -rf %{buildroot}/* -make DESTDIR=%{buildroot} install -chmod -v 755 %{buildroot}%{_libdir}/libpython2.7.so.1.0 -%{_fixperms} %{buildroot}/* - -# Remove unused stuff -find $RPM_BUILD_ROOT/ -name "*~"|xargs rm -f -find $RPM_BUILD_ROOT/ -name ".cvsignore"|xargs rm -f -find . -name "*~"|xargs rm -f -find . -name ".cvsignore"|xargs rm -f -#zero length -rm -f $RPM_BUILD_ROOT%{_libdir}/python2.7/site-packages/modulator/Templates/copyright -rm -f $RPM_BUILD_ROOT%{_libdir}/python2.7/LICENSE.txt - -find %{buildroot}%{_libdir} -name '*.pyc' -delete -find %{buildroot}%{_libdir} -name '*.pyo' -delete - -%post -if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then -#if we are in chroot - ln -sf /usr/bin/python2 /usr/bin/python -elif [ ! -f "/usr/bin/python3" ]; then - ln -sf /usr/bin/python2 /usr/bin/python -else -#if we are updating only python2, then -#we should set python link to python3 -#as previously python was link to python2 - ln -sf /usr/bin/python3 /usr/bin/python -fi -/sbin/ldconfig - -%postun -#if python3 is not present and we uninstall python2 -#we will delete the symlink -if [ ! -f "/usr/bin/python3" ]; then - if [ $1 -eq 0 ] ; then - rm /usr/bin/python - fi -else -#if we are downgrading/uninstalling python2, -#and python3 is present. then -#we should set python link to python3 - ln -sf /usr/bin/python3 /usr/bin/python -fi -/sbin/ldconfig - -%clean -rm -rf %{buildroot}/* - -%check -LANG=en_US.UTF-8 make %{?_smp_mflags} test - -%files -%defattr(-, root, root) -%doc LICENSE README -%{_bindir}/pydoc* -%{_bindir}/python* -%{_mandir}/*/* - -%dir %{_libdir}/python2.7 -%dir %{_libdir}/python2.7/site-packages - -%exclude %{_libdir}/python2.7/bsddb/test -%exclude %{_libdir}/python2.7/ctypes/test -%exclude %{_libdir}/python2.7/distutils/tests -%exclude %{_libdir}/python2.7/email/test -%exclude %{_libdir}/python2.7/json/tests -%exclude %{_libdir}/python2.7/sqlite3/test -%exclude %{_libdir}/python2.7/idlelib/idle_test -%exclude %{_libdir}/python2.7/test -#%exclude %{_libdir}/python2.7/unittest -%exclude %{_libdir}/python2.7/lib-dynload/_ctypes_test.so -%ghost %{_bindir}/python - -%files libs -%defattr(-,root,root) -%doc LICENSE README -/usr/lib/python2.7 -%{_libdir}/libpython2.7.so.* -%exclude %{_libdir}/python2.7/bsddb/test -%exclude %{_libdir}/python2.7/ctypes/test -%exclude %{_libdir}/python2.7/distutils/tests -%exclude %{_libdir}/python2.7/distutils/command/wininst*exe -%exclude %{_libdir}/python2.7/email/test -%exclude %{_libdir}/python2.7/json/tests -%exclude %{_libdir}/python2.7/sqlite3/test -%exclude %{_libdir}/python2.7/idlelib/idle_test -%exclude %{_libdir}/python2.7/test -%exclude %{_libdir}/python2.7/lib-dynload/_ctypes_test.so -%exclude %{_libdir}/python2.7/config -%exclude %{_libdir}/python2.7/config/* -%exclude %{_libdir}/libpython2.7.so -%exclude %{_libdir}/python2.7/xml -%exclude %{_libdir}/python2.7/lib-dynload/pyexpat.so - -%files -n python-xml -%{_libdir}/python2.7/xml -%{_libdir}/python2.7/lib-dynload/pyexpat.so - -%files -n python-curses -%{_libdir}/python2.7/curses -%{_libdir}/python2.7/lib-dynload/_curses*.so - -%files devel -%defattr(-,root,root) -/usr/include/* -%doc Misc/README.valgrind Misc/valgrind-python.supp Misc/gdbinit -%dir %{_libdir}/python2.7/config -%{_libdir}/python2.7/config/* -%exclude %{_libdir}/python2.7/config/python.o -%{_libdir}/libpython2.7.so -%{_libdir}/pkgconfig/python-2.7.pc -%{_libdir}/pkgconfig/python.pc -%{_libdir}/pkgconfig/python2.pc -%exclude %{_bindir}/smtpd*.py* -%exclude %{_bindir}/2to3* -%exclude %{_bindir}/idle* - -%files tools -%defattr(-,root,root,755) -#%doc Tools/modulator/README.modulator -#%{_libdir}/python2.7/lib2to3 -#%{_libdir}/python2.7/site-packages/modulator -%{_bindir}/2to3* -%exclude %{_bindir}/smtpd.py -%exclude %{_bindir}/idle* - -%files test -%{_libdir}/python2.7/test/* - -%changelog -* Fri Jul 24 2020 Gerrit Photon 2.7.18-1 -- Automatic Version Bump -* Sat Dec 07 2019 Tapas Kundu 2.7.17-1 -- Update to 2.7.17 -- Exclude /usr/bin/python -- Link python to python2 if python3 doesnt exists -- Fix make check -* Tue Nov 26 2019 Alexey Makhalov 2.7.16-3 -- Cross compilation support -* Tue Nov 05 2019 Tapas Kundu 2.7.16-2 -- Fix for CVE-2019-17514 -* Sun Oct 20 2019 Tapas Kundu 2.7.16-1 -- Updated to 2.7.16 -- Fix for CVE-2019-16935 -- Fix for CVE-2018-20852 -* Mon Sep 16 2019 Tapas Kundu 2.7.15-8 -- Fix for CVE-2019-16056 -* Wed May 22 2019 Tapas Kundu 2.7.15-7 -- Patched reworked changes for CVE-2019-9948 -- Patch for CVE-2019-9740 -- Fix for CVE-2019-10160 -* Thu Mar 28 2019 Tapas Kundu 2.7.15-6 -- Fix for CVE-2019-9948 -* Tue Mar 12 2019 Tapas Kundu 2.7.15-5 -- Added fix for CVE-2019-9636 -* Thu Jan 10 2019 Alexey Makhalov 2.7.15-4 -- Mode libpython2.7.so to python2-libs -- Mass removal python2 dependency from python2-libs -* Fri Dec 21 2018 Tapas Kundu 2.7.15-3 -- Fix for CVE-2018-14647 -* Mon Sep 17 2018 Dweep Advani 2.7.15-2 -- Remove vulnerable Windows installers from python-libs rpm -* Mon Aug 20 2018 Dweep Advani 2.7.15-1 -- Update to version 2.7.15 -* Mon Dec 04 2017 Xiaolin Li 2.7.13-12 -- Fix CVE-2017-1000030 -* Mon Dec 04 2017 Xiaolin Li 2.7.13-11 -- Fix CVE-2017-1000158 -* Mon Sep 18 2017 Alexey Makhalov 2.7.13-10 -- Requires coreutils or toybox -- Requires bzip2-libs -* Fri Sep 15 2017 Bo Gan 2.7.13-9 -- Remove devpts mount in check -* Mon Aug 28 2017 Chang Lee 2.7.13-8 -- Add %check with pty -* Wed Jul 12 2017 Xiaolin Li 2.7.13-7 -- Add python2-test package. -* Sun Jun 04 2017 Bo Gan 2.7.13-6 -- Fix dependency for libs -* Tue May 16 2017 Kumar Kaushik 2.7.13-5 -- Fixing python issue 29188, backport random.c from 3.5 to 2.7. -* Fri Apr 28 2017 Harish Udaiya 2.7.13-4 -- Excluded unwanted binaries from python2-tools. -* Fri Apr 14 2017 Alexey Makhalov 2.7.13-3 -- Python2-devel requires expat-devel. -* Fri Mar 24 2017 Xiaolin Li 2.7.13-2 -- Provides /bin/python2. -* Wed Mar 22 2017 Divya Thaluru 2.7.13-1 -- Updated to version 2.7.13 -* Fri Jan 20 2017 Dheeraj Shetty 2.7.11-11 -- Added patch to support Photon OS -* Wed Nov 16 2016 Alexey Makhalov 2.7.11-10 -- Use sqlite-{devel,libs} -* Thu Oct 27 2016 Anish Swaminathan 2.7.11-9 -- Patch for CVE-2016-5636 -* Mon Oct 10 2016 ChangLee 2.7.11-8 -- Modified %check -* Wed Sep 14 2016 Divya Thaluru 2.7.11-7 -- Improvised pyopenssl patch -* Wed Sep 7 2016 Divya Thaluru 2.7.11-6 -- Added patch to python openssl to validate certificates by ipaddress -* Mon Jun 20 2016 Divya Thaluru 2.7.11-5 -- Added stack-protector flag for ncurses module -* Tue May 24 2016 Priyesh Padmavilasom 2.7.11-4 -- GA - Bump release of all rpms -* Tue Apr 26 2016 Nick Shi 2.7.11-3 -- Adding readline module into python2-libs - -* Wed Apr 13 2016 Priyesh Padmavilasom 2.7.11-2 -- update python to require python-libs - -* Thu Jan 28 2016 Anish Swaminathan 2.7.11-1 -- Upgrade version - -* Fri Jan 22 2016 Divya Thaluru 2.7.9-5 -- Seperate python-curses package from python-libs package - -* Thu Oct 29 2015 Mahmoud Bassiouny 2.7.9-4 -- Seperate python-xml package from python-libs package - -* Fri Jun 19 2015 Alexey Makhalov 2.7.9-3 -- Provide /bin/python - -* Wed Jun 3 2015 Divya Thaluru 2.7.9-2 -- Adding coreutils package to run time required package - -* Mon Apr 6 2015 Divya Thaluru 2.7.9-1 -- Initial build. First version diff --git a/README.md b/README.md deleted file mode 100644 index 0efa5a91b1..0000000000 --- a/README.md +++ /dev/null @@ -1,59 +0,0 @@ -![Photon](http://storage.googleapis.com/project-photon/vmw-logo-photon.svg "VMware Photon") - -# Photon OS: Linux Container Host - -### Contents -- [What is Photon OS](#what-is-photon-os) -- [Getting Photon OS](#getting-photon-os) -- [Getting Started](#getting-started) -- [Contributing](#contributing) -- [License](#license) -- [Photon OS Resources](#photon-os-resources) - -## What is Photon OS? -Photon OS™ is an open source Linux container host optimized for cloud-native applications, cloud platforms, and VMware infrastructure. Photon OS provides a secure run-time environment for efficiently running containers. Some of the key highlights of Photon OS are: - -- **Optimized for VMware hypervisor:** The Linux kernel is tuned for performance when Photon OS runs on VMware ESXi. - -- **Support for containers:** Photon OS includes the Docker daemon and works with container orchestration frameworks, such as Mesos and Kubernetes. - -- **Efficient lifecycle management:** Photon OS is easy to manage, patch, and update, using the [tdnf package manager](/~https://github.com/vmware/photon/blob/master/docs/photon-admin-guide.md#tiny-dnf-for-package-management) and the [Photon Management Daemon Next Gen (pmd-next-gen)](/~https://github.com/vmware/pmd-next-gen). - -- **Security hardened:** Photon OS provides secure and up-to-date kernel and other packages, and its policies are designed to govern the system securely. - -For an overview of Photon OS, see [https://vmware.github.io/photon/](https://vmware.github.io/photon/) - -## Getting Photon OS - -Photon OS binaries are available in a number of formats, including ISO, OVA and cloud images such as Amazon AMI, Google Cloud GCE image and Azure VHD. - -For download instructions and links to Photon OS binaries, go to the [Download Guide](/~https://github.com/vmware/photon/wiki/Downloading-Photon-OS). - -*Photon OS 4.0 GA is here!* --------------------------- -Photon OS 4.0 provides support for the Real Time flavor of kernel linux-rt, SELinux , installer improvements, PMD role management improvements and critical updates to OSS packages including linux kernel, systemd, and glibc. - -For an overview of changes, see [What's New in Photon OS 4.0](/~https://github.com/vmware/photon/wiki/What-is-New-in-Photon-OS-4.0). - -## Getting Started -Begin your Photon OS journey by browsing our extensive guides on getting started in the [Photon OS Wiki](/~https://github.com/vmware/photon/wiki). - -## Contributing -The Photon OS project team welcomes contributions from the community. - -If you wish to contribute code and you have not signed our Contributor License Agreement (CLA), our CLA-bot will take you through the process and update the issue when you open a [Pull Request](https://help.github.com/articles/creating-a-pull-request). If you have questions about the CLA process, see our CLA [FAQ](https://cla.vmware.com/faq) or contact us through the GitHub issue tracker. - -To help you get started making contributions to Photon OS, we have collected some helpful best practices in the [Contributing guidelines](/~https://github.com/vmware/photon/blob/master/contributing.md). - -Before you start to code, we recommend discussing your plans through a GitHub issue or discuss it first with the official project [maintainers](/~https://github.com/vmware/photon/blob/dev/AUTHORS.md) via the [#photon Slack Channel](https://vmwarecode.slack.com/messages/photon/), especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing. - -## License -The Photon OS ISO and OVA images are distributed under the [Photon OS EULA](/~https://github.com/vmware/photon/blob/master/EULA.txt). - -With the exception of the 'libtdnf' source code, Photon OS source code is distributed under GNU GPL v2. The 'libtdnf' source code is distributed under GNU LGPL v2.1. For more details, please refer to the [Photon OS Open Source License file](/~https://github.com/vmware/photon/blob/master/LICENSE.md). - -## Photon OS Resources - -- **Documentation**: The Photon OS [Documentation](https://vmware.github.io/photon/docs/) provides information about how to install, configure, and use VMware Photon OS™. -- **Security Updates**: Visit [Security-Advisories](/~https://github.com/vmware/photon/wiki/Security-Advisories). -- **Vagrant box**: An official Vagrant box is available on Hashicorp Atlas, to get started: `vagrant init vmware/photon`. A plugin to support Photon OS guests in Vagrant is available at [/~https://github.com/vmware/vagrant-guests-photon](/~https://github.com/vmware/vagrant-guests-photon). Some users have found that our Vagrant box requires VirtualBox 4.3 or later. If you have issues, please check your version. diff --git a/SPECS/GConf/GConf.spec b/SPECS/GConf/GConf.spec deleted file mode 100644 index 0f876eda4b..0000000000 --- a/SPECS/GConf/GConf.spec +++ /dev/null @@ -1,99 +0,0 @@ -Summary: configuration database system used by many GNOME applications -Name: GConf -Version: 3.2.6 -Release: 2%{?dist} -License: LGPLv2+ -URL: http://gnome.org -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnome.org/pub/gnome/sources/%{name}/3.2/%{name}-%{version}.tar.xz -%define sha512 %{name}=35f5f659f9d03f7531a7102adacbda0eb310d8a55a831c768c91a82e07dae21247726e00e0e411f63b1de9ade0f042ded572a3ea4a4b2ad3135231f344540b58 - -BuildRequires: intltool -BuildRequires: shadow -BuildRequires: libxml2-devel -BuildRequires: dbus-glib-devel -BuildRequires: polkit-devel - -Requires: libxml2 -Requires: dbus-glib -Requires: polkit - -Requires(post): grep - -%description -The GConf package contains a configuration database system used by many GNOME applications. - -%package devel -Summary: Header and development files -Requires: %{name} = %{version}-%{release} -Requires: libxml2-devel -Requires: dbus-glib-devel -Requires: polkit-devel - -%description devel -It contains the libraries and header files to create applications - -%prep -%autosetup -p1 - -%build -%configure \ - --disable-orbit \ - --enable-defaults-service \ - --disable-static - -%make_build - -%install -%make_install %{?_smp_mflags} -ln -s gconf.xml.defaults %{buildroot}%{_sysconfdir}/gconf/gconf.xml.system - -%post -/sbin/ldconfig -if [ $1 -gt 1 ]; then - if ! fgrep -q gconf.xml.system %{_sysconfdir}/gconf/2/path; then - sed -i -e 's@xml:readwrite:$(HOME)/.gconf@&\n\n# Location for system-wide settings.\nxml:readonly:/etc/gconf/gconf.xml.system@' %{_sysconfdir}/gconf/2/path - fi -fi - -%postun -p /sbin/ldconfig - -%check -cd tests -make %{?_smp_mflags} -fns=$(find -name 'test*' -executable -maxdepth 1) -for fn in $fns; do - $fn || : -done - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_bindir} -%{_sysconfdir}/ -%{_libexecdir}/ -%{_libdir}/*.so.* -%{_libdir}/GConf -%{_libdir}/gio - -%files devel -%defattr(-,root,root) -%{_includedir}/* -%{_libdir}/*.so -%{_libdir}/pkgconfig/ -%{_datadir} - -%changelog -* Wed Apr 19 2023 Ashwin Dayanand Kamat 3.2.6-2 -- Bump version as a part of libxml2 upgrade -* Thu Dec 15 2022 Gerrit Photon 3.2.6-1 -- Automatic Version Bump -* Wed Nov 15 2017 Harish Udaiya Kumar 3.2.5-2 -- Updated build requires -* Thu Jun 4 2015 Alexey Makhalov 3.2.5-1 -- initial version diff --git a/SPECS/ImageMagick/ImageMagick.spec b/SPECS/ImageMagick/ImageMagick.spec deleted file mode 100644 index 261a51ff3e..0000000000 --- a/SPECS/ImageMagick/ImageMagick.spec +++ /dev/null @@ -1,189 +0,0 @@ -%global VER 7.1.0 -%global Patchlevel 47 -%global major_version 7 - -Name: ImageMagick -Version: 7.1.0.47 -Release: 4%{?dist} -Summary: An X application for displaying and manipulating images -Group: Development/Libraries -Vendor: VMware, Inc. -Distribution: Photon -License: ImageMagick -Url: http://www.imagemagick.org - -Source0: https://www.imagemagick.org/download/%{name}-%{VER}-%{Patchlevel}.tar.gz -%define sha512 %{name}=dae53c80b1fec69e8a570e82553197e2a9f3b1d0dd9b7cdf30e2731e044a83bef82912a5d339c0470d1e41bdf343f2cbd97376d2ef986d33c05bc6c87a705d0d - -Requires: %{name}-libs = %{version}-%{release} -Requires: libgomp -Requires: bzip2-libs -Requires: glibc -Requires: zlib - -%description -ImageMagick is an image display and manipulation tool for the X -Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, -and Photo CD image formats. It can resize, rotate, sharpen, color -reduce, or add special effects to an image, and when finished you can -either save the completed work in the original format or a different -one. ImageMagick also includes command line programs for creating -animated or transparent .gifs, creating composite images, creating -thumbnail images, and more. - -ImageMagick is one of your choices if you need a program to manipulate -and display images. If you want to develop your own applications -which use ImageMagick code or APIs, you need to install -ImageMagick-devel as well. - -%package devel -Summary: Library links and header files for ImageMagick app development -Requires: pkg-config -Requires: %{name} = %{version}-%{release} - -%description devel -ImageMagick-devel contains the library links and header files you'll -need to develop ImageMagick applications. ImageMagick is an image -manipulation program. - -If you want to create applications that will use ImageMagick code or -APIs, you need to install ImageMagick-devel as well as ImageMagick. -You do not need to install it if you just want to use ImageMagick, -however. - -%package libs -Summary: ImageMagick libraries to link with - -%description libs -This packages contains a shared libraries to use within other applications. - -%package doc -Summary: ImageMagick html documentation - -%description doc -ImageMagick documentation, this package contains usage (for the -commandline tools) and API (for the libraries) documentation in html format. -Note this documentation can also be found on the ImageMagick website: -http://www.imagemagick.org/ - -%package c++ -Summary: ImageMagick Magick++ library (C++ bindings) -Requires: %{name}-libs = %{version}-%{release} -Requires: libstdc++ -Requires: libgomp -Requires: bzip2-libs -Requires: glibc -Requires: zlib - -%description c++ -This package contains the Magick++ library, a C++ binding to the ImageMagick -graphics manipulation library. - -Install ImageMagick-c++ if you want to use any applications that use Magick++. - -%package c++-devel -Summary: C++ bindings for the ImageMagick library -Requires: %{name}-libs = %{version}-%{release} -Requires: %{name}-devel = %{version}-%{release} -Requires: pkg-config - -%description c++-devel -ImageMagick-devel contains the static libraries and header files you'll -need to develop ImageMagick applications using the Magick++ C++ bindings. -ImageMagick is an image manipulation program. - -If you want to create applications that will use Magick++ code -or APIs, you'll need to install ImageMagick-c++-devel, ImageMagick-devel and -ImageMagick. -You don't need to install it if you just want to use ImageMagick, or if you -want to develop/compile applications using the ImageMagick C interface, -however. - -%prep -%autosetup -p1 -n %{name}-%{VER}-%{Patchlevel} - -%build -%configure -%make_build - -%install -%make_install %{?_smp_mflags} - -rm %{buildroot}%{_libdir}/*.a - -%if 0%{?with_check} -%check -export LD_LIBRARY_PATH=%{buildroot}/%{_libdir} -%make_build check -rm PerlMagick/demo/Generic.ttf -%endif - -%post libs -p /sbin/ldconfig -%postun libs -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_bindir}/[a-z]* -%{_mandir}/man[145]/[a-z]* -%{_mandir}/man1/%{name}.* - -%files doc -%defattr(-,root,root) -%doc %{_datadir}/doc/%{name}-%{major_version}/* - -%files libs -%defattr(-,root,root) -%{_libdir}/libMagickCore-%{major_version}.Q16HDRI.so.10* -%{_libdir}/libMagickWand-%{major_version}.Q16HDRI.so.10* -%{_libdir}/%{name}-%{VER} -%{_datadir}/%{name}-%{major_version} -%dir %{_sysconfdir}/%{name}-%{major_version} -%config(noreplace) %{_sysconfdir}/%{name}-%{major_version}/*.xml - -%files c++-devel -%defattr(-,root,root) -%{_bindir}/Magick++-config -%{_includedir}/%{name}-%{major_version}/Magick++ -%{_includedir}/%{name}-%{major_version}/Magick++.h -%{_libdir}/libMagick++-%{major_version}.Q16HDRI.so -%{_libdir}/pkgconfig/Magick++.pc -%{_libdir}/pkgconfig/Magick++-%{major_version}.Q16HDRI.pc -%{_mandir}/man1/Magick++-config.* - -%files devel -%defattr(-,root,root) -%{_bindir}/MagickCore-config -%{_bindir}/MagickWand-config -%{_libdir}/libMagickCore-%{major_version}.Q16HDRI.so -%{_libdir}/libMagickWand-%{major_version}.Q16HDRI.so -%{_libdir}/pkgconfig/MagickCore.pc -%{_libdir}/pkgconfig/MagickCore-%{major_version}.Q16HDRI.pc -%{_libdir}/pkgconfig/ImageMagick.pc -%{_libdir}/pkgconfig/ImageMagick-%{major_version}.Q16HDRI.pc -%{_libdir}/pkgconfig/MagickWand.pc -%{_libdir}/pkgconfig/MagickWand-%{major_version}.Q16HDRI.pc -%dir %{_includedir}/%{name}-%{major_version} -%{_includedir}/%{name}-%{major_version}/MagickCore/* -%{_includedir}/%{name}-%{major_version}/MagickWand/* -%{_mandir}/man1/MagickCore-config.* -%{_mandir}/man1/MagickWand-config.* - -%files c++ -%defattr(-,root,root) -%{_libdir}/libMagick++-%{major_version}.Q16HDRI.so.5* - -%changelog -* Tue Jun 06 2023 Shreenidhi Shedi 7.1.0.47-4 -- Fix spec issues -* Fri May 05 2023 Shreenidhi Shedi 7.1.0.47-3 -- Remove _isa entries -* Fri Apr 14 2023 Shreenidhi Shedi 7.1.0.47-2 -- Bump version as a part of zlib upgrade -* Mon Aug 29 2022 Shivani Agarwal 7.1.0.47-1 -- Upgrade version to 7.1.0.47 -* Thu May 26 2022 Gerrit Photon 7.1.0.35-1 -- Automatic Version Bump -* Tue May 17 2022 Shivani Agarwal 7.1.0.19-1 -- Fix for CVE-2022-1114 -* Tue Jun 22 2021 Piyush Gupta 7.1.0.1-1 -- Initial build for Photon. diff --git a/SPECS/LICENSE.EXCEPTIONS b/SPECS/LICENSE.EXCEPTIONS deleted file mode 100644 index 4d090275fc..0000000000 --- a/SPECS/LICENSE.EXCEPTIONS +++ /dev/null @@ -1,60 +0,0 @@ -SPEC files that are derived from LFS sources: -ca-certificates -bash -filesystem -vim -tzdata -shadow -ntp -unzip -docbook-xml -docbook-xsl - -SPEC files that are derived from LFS-RPM sources: -ncurses -readline - -SPEC files that are derived from package sources: -haveged -wavefront-proxy -openipmi -xinted -python-iniparse - -SPEC files that are derived from Fedora SPEC files: -c-ares -chkconfig : -initscripts : -openvswitch : -oniguruma : -elfutils : -zsh -perl-DBI -perl-DBIx -perl-exporter-tiny : -perl-json-xs -perl-libintl -perl-list-moreutils -perl-module-build -perl-module-install -perl-module-scandeps -perl-object-accessor -perl-types-serializer -perl-www-curl -perl-yaml -perl-yaml-tiny -tcsh -tcl -python-pbr -pypam -pyyaml -mariadb -lvm2 -systemtap - -SPEC files that are derived from OpenSuse SPEC files: -python-jinja2 -acl - -SPEC files that are derived from Centos SPEC files: -libaio diff --git a/SPECS/LICENSE.md b/SPECS/LICENSE.md deleted file mode 100644 index 8131f448c5..0000000000 --- a/SPECS/LICENSE.md +++ /dev/null @@ -1,162 +0,0 @@ -PhotonOS v3.0 (and greater versions) Copyright © VMware, Inc. 2014-2018 - -The files of PhotonOS version 3.0 (and greater versions) are licensed under the terms of the Apache License v2.0 or alternatively under the terms of the GNU General Public License (GPL) v2 UNLESS otherwise noted at the beginning of the file or in an EXCEPTIONS file present in a directory subtree declares a separate license. - -The terms of the Apache License v2.0 and GPL v2 licenses are set forth below. - -Apache License v2.0 - -## **Apache License, Version 2.0** - -## January 2004 - -[http://www.apache.org/licenses/](http://www.apache.org/licenses/)LICENSE-2.0 - -TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - -**1. Definitions**. - -"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. - -"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. - -"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. - -"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. - -"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. - -"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. - -"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). - -"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. - -"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." - -"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. - -**2. Grant of Copyright License**. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. - -**3. Grant of Patent License**. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. - -**4. Redistribution**. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: - -1. You must give any other recipients of the Work or Derivative Works a copy of this License; and -2. You must cause any modified files to carry prominent notices stating that You changed the files; and -3. You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and -4. If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. - -You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. - -**5. Submission of Contributions**. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. - -**6. Trademarks**. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. - -**7. Disclaimer of Warranty**. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. - -**8. Limitation of Liability**. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. - -**9. Accepting Warranty or Additional Liability**. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. - -END OF TERMS AND CONDITIONS - -# **APPENDIX: How to apply the Apache License to your work** - -To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - - you may not use this file except in compliance with the License. - - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - - distributed under the License is distributed on an "AS IS" BASIS, - - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - - See the License for the specific language governing permissions and - - limitations under the License. - -GPL v2 - -### **GNU GENERAL PUBLIC LICENSE** - -Version 2, June 1991 - -Copyright (C) 1989, 1991 Free Software Foundation, Inc. - -51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - -Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. - -### **TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION** - -1. **1.** This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. - -1. **2.** You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. - -You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. - -1. **3.** You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: - -**a)** You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. - -**b)** You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no chargeto all third parties under the terms of this License. - -**c)** If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. - -1. **4.** You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: - -1. **a)**Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, - -1. **b)**Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, - -1. **c)**Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. - -If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. - -1. **5.** You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. - -1. **6.** You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. - -1. **7.** Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. - -1. **8.** If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. - -It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. - -This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. - -**8.** If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. - -**9.** The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. - -Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. - -**10.** If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. - -**NO WARRANTY** - -**11.** BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - -**12.** IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. diff --git a/SPECS/Linux-PAM/Linux-PAM.spec b/SPECS/Linux-PAM/Linux-PAM.spec deleted file mode 100644 index 411a938129..0000000000 --- a/SPECS/Linux-PAM/Linux-PAM.spec +++ /dev/null @@ -1,176 +0,0 @@ -Summary: Linux Pluggable Authentication Modules -Name: Linux-PAM -Version: 1.5.3 -Release: 1%{?dist} -License: BSD and GPLv2+ -URL: /~https://github.com/linux-pam/linux-pam -Group: System Environment/Security -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/linux-pam/linux-pam/releases/download/v%{version}/%{name}-%{version}.tar.xz -%define sha512 %{name}=af88e8c1b6a9b737ffaffff7dd9ed8eec996d1fbb5804fb76f590bed66d8a1c2c6024a534d7a7b6d18496b300f3d6571a08874cf406cd2e8cea1d5eff49c136a - -Source1: pamtmp.conf -Source2: default-faillock.conf - -Patch0: faillock-add-support-to-print-login-failures.patch - -BuildRequires: libselinux-devel -BuildRequires: gdbm-devel - -Requires: libselinux -Requires: gdbm - -%define ExtraBuildRequires systemd-rpm-macros - -%description -The Linux PAM package contains Pluggable Authentication Modules used to -enable the local system administrator to choose how applications authenticate users. - -%package lang -Summary: Additional language files for Linux-PAM -Group: System Environment/Base -Requires: %{name} = %{version}-%{release} -%description lang -These are the additional language files of Linux-PAM. - -%package devel -Summary: Development files for Linux-PAM -Group: System Environment/Base -Requires: %{name} = %{version}-%{release} - -%description devel -The Linux-PAM-devel package contains libraries, header files and documentation -for developing applications that use Linux-PAM. - -%prep -%autosetup -p1 - -%build -sh ./configure --host=%{_host} --build=%{_build} \ - $(test %{_host} != %{_build} && echo "--with-sysroot=/target-%{_arch}") \ - CFLAGS="%{optflags}" \ - CXXFLAGS="%{optflags}" \ - --disable-dependency-tracking \ - --prefix=%{_prefix} \ - --exec-prefix=%{_prefix} \ - --bindir=%{_bindir} \ - --sbindir=%{_sbindir} \ - --sysconfdir=%{_sysconfdir} \ - --datadir=%{_datadir} \ - --includedir=%{_includedir}/security \ - --libdir=%{_libdir} \ - --libexecdir=%{_libexecdir} \ - --localstatedir=%{_localstatedir} \ - --sharedstatedir=%{_sharedstatedir} \ - --mandir=%{_mandir} \ - --infodir=%{_infodir} \ - --enable-selinux \ - --docdir=%{_docdir}/%{name}-%{version} \ - --enable-securedir=%{_libdir}/security \ - --enable-db=ndbm - -%make_build - -%install -%make_install %{?_smp_mflags} -chmod -v 4755 %{buildroot}%{_sbindir}/unix_chkpwd -install -v -dm755 %{buildroot}%{_docdir}/%{name}-%{version} -ln -sfv pam_unix.so %{buildroot}%{_libdir}/security/pam_unix_auth.so -ln -sfv pam_unix.so %{buildroot}%{_libdir}/security/pam_unix_acct.so -ln -sfv pam_unix.so %{buildroot}%{_libdir}/security/pam_unix_passwd.so -ln -sfv pam_unix.so %{buildroot}%{_libdir}/security/pam_unix_session.so - -cp %{SOURCE2} %{buildroot}%{_sysconfdir}/security/faillock.conf - -install -d -m 755 %{buildroot}/run/faillock -install -m644 -D %{SOURCE1} %{buildroot}%{_tmpfilesdir}/pam.conf - -%{find_lang} %{name} - -%{_fixperms} %{buildroot}/* - -%if 0%{?with_check} -%check -install -v -m755 -d %{_sysconfdir}/pam.d -cat > %{_sysconfdir}/pam.d/other << "EOF" -auth required pam_deny.so -account required pam_deny.so -password required pam_deny.so -session required pam_deny.so -EOF -make %{?_smp_mflags} check -%endif - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%config(noreplace) %{_sysconfdir}/security/*.conf -%attr(755,root,root) %config(noreplace) %{_sysconfdir}/security/namespace.init -%dir %{_sysconfdir}/security -%{_sysconfdir}/environment -%{_sbindir}/* -%{_libdir}/security/* -%{_libdir}/*.so.* -%{_mandir}/man5/* -%{_mandir}/man8/* -%{_tmpfilesdir}/pam.conf -%{_unitdir}/pam_namespace.service -%dir /run/faillock - -%files lang -f Linux-PAM.lang -%defattr(-,root,root) - -%files devel -%defattr(-,root,root) -%{_includedir}/* -%{_libdir}/*.so -%{_mandir}/man3/* -%{_docdir}/%{name}-%{version}/* -%{_libdir}/pkgconfig/*.pc - -%changelog -* Wed May 17 2023 Shreenidhi Shedi 1.5.3-1 -- Upgrade to v1.5.3 -* Mon Nov 07 2022 Shreenidhi Shedi 1.5.2-3 -- Add a default faillock.conf -* Wed Jul 06 2022 Shreenidhi Shedi 1.5.2-2 -- Remove libdb support from pam -* Thu Jun 30 2022 Shreenidhi Shedi 1.5.2-1 -- Further fixes to faillock patch -- Upgrade to v1.5.2 -* Tue Mar 08 2022 Shreenidhi Shedi 1.5.1-2 -- create /var/run/faillock during install -* Mon Apr 12 2021 Gerrit Photon 1.5.1-1 -- Automatic Version Bump -* Fri Sep 25 2020 Ankit Jain 1.4.0-2 -- pam_cracklib has been deprecated. -* Fri Aug 07 2020 Vikash Bansal 1.4.0-1 -- Version bump up to 1.4.0 -* Mon Apr 20 2020 Alexey Makhalov 1.3.0-3 -- Enable SELinux support -* Thu Nov 15 2018 Alexey Makhalov 1.3.0-2 -- Cross compilation support -* Fri Apr 14 2017 Alexey Makhalov 1.3.0-1 -- Version update. -* Fri Feb 10 2017 Xiaolin Li 1.2.1-5 -- Added pam_unix_auth.so, pam_unix_acct.so, pam_unix_passwd.so, -- and pam_unix_session.so. -* Wed Dec 07 2016 Xiaolin Li 1.2.1-4 -- Added devel subpackage. -* Thu May 26 2016 Divya Thaluru 1.2.1-3 -- Packaging pam cracklib module -* Tue May 24 2016 Priyesh Padmavilasom 1.2.1-2 -- GA - Bump release of all rpms -* Fri Jan 15 2016 Xiaolin Li 1.2.1-1 -- Updated to version 1.2.1 -* Mon May 18 2015 Touseef Liaqat 1.1.8-2 -- Update according to UsrMove. -* Thu Oct 09 2014 Divya Thaluru 1.1.8-1 -- Initial build. First version diff --git a/SPECS/Linux-PAM/default-faillock.conf b/SPECS/Linux-PAM/default-faillock.conf deleted file mode 100644 index 12db77d112..0000000000 --- a/SPECS/Linux-PAM/default-faillock.conf +++ /dev/null @@ -1,5 +0,0 @@ -dir = /run/faillock -deny = 3 -unlock_time = 600 -even_deny_root -root_unlock_time = 600 diff --git a/SPECS/Linux-PAM/faillock-add-support-to-print-login-failures.patch b/SPECS/Linux-PAM/faillock-add-support-to-print-login-failures.patch deleted file mode 100644 index baebb42ab2..0000000000 --- a/SPECS/Linux-PAM/faillock-add-support-to-print-login-failures.patch +++ /dev/null @@ -1,50 +0,0 @@ -From bbd259716a1dbc35a8ec282d7d5d287483997ce0 Mon Sep 17 00:00:00 2001 -From: Shreenidhi Shedi -Date: Wed, 29 Jun 2022 20:47:47 +0530 -Subject: [PATCH] faillock: add support to print login failures in legacy - pam_tally2 style - -This is enabled by default. - -"--no-legacy-output" flag will print failures in newer format. - -Signed-off-by: Shreenidhi Shedi ---- - modules/pam_faillock/main.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/modules/pam_faillock/main.c b/modules/pam_faillock/main.c -index 136be83..b21b6a1 100644 ---- a/modules/pam_faillock/main.c -+++ b/modules/pam_faillock/main.c -@@ -66,6 +66,7 @@ args_parse(int argc, char **argv, struct options *opts) - memset(opts, 0, sizeof(*opts)); - - opts->progname = argv[0]; -+ opts->legacy_output = 1; - - for (i = 1; i < argc; ++i) { - if (strcmp(argv[i], "--conf") == 0) { -@@ -97,8 +98,8 @@ args_parse(int argc, char **argv, struct options *opts) - else if (strcmp(argv[i], "--reset") == 0) { - opts->reset = 1; - } -- else if (!strcmp(argv[i], "--legacy-output")) { -- opts->legacy_output = 1; -+ else if (!strcmp(argv[i], "--no-legacy-output")) { -+ opts->legacy_output = 0; - } - else { - fprintf(stderr, "%s: Unknown option: %s\n", argv[0], argv[i]); -@@ -128,7 +129,7 @@ usage(const char *progname) - { - fprintf(stderr, - _("Usage: %s [--dir /path/to/tally-directory]" -- " [--user username] [--reset] [--legacy-output]\n"), progname); -+ " [--user username] [--reset] [--no-legacy-output]\n"), progname); - - } - --- -2.40.1 - diff --git a/SPECS/Linux-PAM/pamtmp.conf b/SPECS/Linux-PAM/pamtmp.conf deleted file mode 100644 index f6e490ba7c..0000000000 --- a/SPECS/Linux-PAM/pamtmp.conf +++ /dev/null @@ -1 +0,0 @@ -d /run/faillock 0755 root root - diff --git a/SPECS/ModemManager/ModemManager.spec b/SPECS/ModemManager/ModemManager.spec deleted file mode 100644 index 764737360a..0000000000 --- a/SPECS/ModemManager/ModemManager.spec +++ /dev/null @@ -1,135 +0,0 @@ -Summary: Mobile broadband modem manager -Name: ModemManager -Version: 1.18.12 -Release: 2%{?dist} -URL: https://www.freedesktop.org -License: GPLv2 -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://www.freedesktop.org/software/ModemManager/%{name}-%{version}.tar.xz -%define sha512 %{name}=7ee3b091ca2350a1d52f1ff0c0657c9f279594ffbff5ea57be59ca024331cafbac34901ca9ed4ef2b71e8c51b594526f921d3aeee6e8748cd0532a16218c5d6c - -BuildRequires: libqmi-devel -BuildRequires: gobject-introspection-devel -BuildRequires: libgudev-devel -BuildRequires: systemd-devel -BuildRequires: gcc -BuildRequires: pkg-config -BuildRequires: automake -BuildRequires: autoconf -BuildRequires: libtool -BuildRequires: libxslt-devel - -%if 0%{?with_check} -BuildRequires: dbus-devel -%endif - -Requires: systemd -Requires: glib -Requires: libgudev -Requires: libqmi -Requires: gobject-introspection - -%description -%{name} provides a unified high level API for communicating -with mobile broadband modems, regardless of the protocol used to -communicate with the actual device. - -%package devel -Summary: Header and development files for %{name} -Requires: %{name} = %{version}-%{release} -Requires: libqmi-devel -Requires: gobject-introspection-devel - -%description devel -It contains the libraries and header files for %{name} - -%prep -%autosetup -p1 - -%build -%configure \ - --disable-static \ - --enable-more-warnings=no \ - --without-qmi \ - --without-mbim - -%make_build - -%install -%make_install UDEV_BASE_DIR=%{_libdir}/udev %{?_smp_mflags} - -%if 0%{?with_check} -%check -make %{?_smp_mflags} check -%endif - -%clean -rm -rf %{buildroot}/* - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_datadir}/%{name}/*.conf -%{_sysconfdir}/dbus-1/system.d/org.freedesktop.ModemManager1.conf -%{_bindir}/mmcli -%{_sbindir}/%{name} -%{_libdir}/*.so.* -%{_libdir}/girepository-1.0/%{name}-1.0.typelib -%{_libdir}/%{name}/* -%{_unitdir}/%{name}.service -%{_mandir}/man1/mmcli.1.gz -%{_mandir}/man8/%{name}.8.gz -%{_datadir}/dbus-1/* -%{_datadir}/locale/* -%{_datadir}/bash-completion/* -%{_datadir}/gir-1.0/%{name}-1.0.gir -%{_udevrulesdir}/* -%exclude %{_datadir}/icons -%exclude %dir %{_libdir}/debug - -%files devel -%defattr(-,root,root) -%{_libdir}/*.so -%{_includedir}/%{name}/* -%{_includedir}/libmm-glib/* -%{_libdir}/pkgconfig/%{name}.pc -%{_libdir}/pkgconfig/mm-glib.pc -%{_datadir}/%{name}/fcc-unlock.available.d/* -%{_datadir}/%{name}/connection.available.d/* - -%changelog -* Tue Jan 03 2023 Guruswamy Basavaiah 1.18.12-2 -- Bump release as a part of libgudev upgrade to 237-1 -* Fri Dec 23 2022 Ashwin Dayanand Kamat 1.18.12-1 -- Update to v1.18.12 -* Fri Oct 07 2022 Shreenidhi Shedi 1.18.10-3 -- Bump version as a part of libxslt upgrade -* Sun Aug 07 2022 Shreenidhi Shedi 1.18.10-2 -- Remove .la files -* Mon Jul 11 2022 Gerrit Photon 1.18.10-1 -- Automatic Version Bump -* Wed Jun 22 2022 Shreenidhi Shedi 1.18.6-3 -- Fix binary path -* Thu Jun 16 2022 Ashwin Dayanand Kamat 1.18.6-2 -- Bump version as a part of libxslt upgrade -* Mon Apr 18 2022 Gerrit Photon 1.18.6-1 -- Automatic Version Bump -* Wed Apr 21 2021 Gerrit Photon 1.16.4-1 -- Automatic Version Bump -* Mon Apr 12 2021 Gerrit Photon 1.16.2-1 -- Automatic Version Bump -* Mon Dec 14 2020 Susant Sahani 1.14.2-3 -- Add build requires -* Wed Nov 18 2020 Satya Naga Vasamsetty 1.14.2-2 -- Fix make check -* Mon Aug 24 2020 Gerrit Photon 1.14.2-1 -- Automatic Version Bump -* Wed Jul 22 2020 Gerrit Photon 1.14.0-1 -- Automatic Version Bump -* Mon Dec 10 2018 Alexey Makhalov 1.8.2-1 -- Initial build. First version diff --git a/SPECS/WALinuxAgent/WALinuxAgent.spec b/SPECS/WALinuxAgent/WALinuxAgent.spec deleted file mode 100644 index 95f2c9dc36..0000000000 --- a/SPECS/WALinuxAgent/WALinuxAgent.spec +++ /dev/null @@ -1,141 +0,0 @@ -Name: WALinuxAgent -Summary: The Windows Azure Linux Agent -Version: 2.9.1.1 -Release: 2%{?dist} -License: Apache License Version 2.0 -Group: System/Daemons -Url: /~https://github.com/Azure/WALinuxAgent -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/Azure/WALinuxAgent/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=3f44aecc16ac545db4b550586f168dbbdef34289aad6775973517bf645e5a1d486864c01e974f03a71b3e946c14e1ca140673a75c1cd602aac28725eaa68e83d - -BuildRequires: python3-devel -BuildRequires: python3-setuptools -BuildRequires: python3-xml -BuildRequires: systemd-devel -BuildRequires: python3-distro -BuildRequires: python3-macros - -Requires: python3 -Requires: python3-xml -Requires: python3-pyasn1 -Requires: openssh -Requires: openssl -Requires: util-linux -Requires: /bin/sed -Requires: /bin/grep -Requires: sudo -Requires: iptables -Requires: systemd -Requires: python3-distro - -BuildArch: noarch - -%description -The Windows Azure Linux Agent supports the provisioning and running of Linux -VMs in the Windows Azure cloud. This package should be installed on Linux disk -images that are built to run in the Windows Azure environment. - -%prep -%autosetup -p1 - -%build -%py3_build - -%install -%{python3} setup.py install --skip-build install -O1 --lnx-distro='photonos' --root=%{buildroot} - -mkdir -p %{buildroot}%{_var}/log \ - %{buildroot}%{_var}/opt/waagent/log \ - %{buildroot}%{_var}/log - -mkdir -p -m 0700 %{buildroot}%{_sharedstatedir}/waagent -touch %{buildroot}%{_var}/opt/waagent/log/waagent.log -ln -sfv /opt/waagent/log/waagent.log %{buildroot}%{_var}/log/waagent.log - -%post -%systemd_post waagent.service - -%preun -%systemd_preun waagent.service - -%postun -%systemd_postun_with_restart waagent.service - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root) -%{_unitdir}/* -%defattr(0644,root,root,0755) -%attr(0755,root,root) %{_bindir}/waagent -%attr(0755,root,root) %{_bindir}/waagent2.0 -%config(noreplace) %{_sysconfdir}/waagent.conf -%dir %{_var}/opt/waagent/log -%{_var}/log/waagent.log -%ghost %{_var}/opt/waagent/log/waagent.log -%dir %attr(0700, root, root) %{_sharedstatedir}/waagent -%{python3_sitelib}/* - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 2.9.1.1-2 -- Bump version as a part of openssl upgrade -* Thu Sep 14 2023 Shreenidhi Shedi 2.9.1.1-1 -- Upgrade to v2.9.1.1 -* Tue Apr 18 2023 Shreenidhi Shedi 2.7.3.0-4 -- Add python3-distro to requires -* Sun Feb 12 2023 Shreenidhi Shedi 2.7.3.0-3 -- FIx requires -* Tue Dec 06 2022 Prashant S Chauhan 2.7.3.0-2 -- Update release to compile with python 3.11 -* Fri Aug 26 2022 Shreenidhi Shedi 2.7.3.0-1 -- Upgrade to v2.7.3.0 -* Thu May 26 2022 Gerrit Photon 2.7.1.0-1 -- Automatic Version Bump -* Sat Nov 13 2021 Shreenidhi Shedi 2.4.0.2-1 -- Upgrade to version 2.4.0.2 -* Thu Apr 29 2021 Gerrit Photon 2.2.53.1-1 -- Automatic Version Bump -* Mon Jan 11 2021 Tapas Kundu 2.2.51-1 -- Version Bump -* Tue Oct 13 2020 Tapas Kundu 2.2.49.2-3 -- Build with python 3.9 -* Tue Sep 29 2020 Satya Naga Vasamsetty 2.2.49.2-2 -- openssl 1.1.1 -* Fri Aug 28 2020 Gerrit Photon 2.2.49.2-1 -- Automatic Version Bump -* Sun Jul 26 2020 Tapas Kundu 2.2.49-2 -- Use python3.8 -* Fri Jul 24 2020 Gerrit Photon 2.2.49-1 -- Automatic Version Bump -* Thu Jun 18 2020 Tapas Kundu 2.2.35-3 -- Use python3 -* Wed Apr 29 2020 Anisha Kumari 2.2.35-2 -- Added patch to fix CVE-2019-0804 -* Tue Feb 12 2019 Tapas Kundu 2.2.35-1 -- Update to 2.2.35 -* Tue Oct 23 2018 Anish Swaminathan 2.2.22-1 -- Update to 2.2.22 -* Thu Dec 28 2017 Divya Thaluru 2.2.14-3 -- Fixed the log file directory structure -* Mon Sep 18 2017 Alexey Makhalov 2.2.14-2 -- Requires /bin/grep, /bin/sed and util-linux or toybox -* Thu Jul 13 2017 Anish Swaminathan 2.2.14-1 -- Update to 2.2.14 -* Thu Jun 01 2017 Dheeraj Shetty 2.0.18-4 -- Use python2 explicitly to build -* Tue May 24 2016 Priyesh Padmavilasom 2.0.18-3 -- GA - Bump release of all rpms -* Tue May 10 2016 Anish Swaminathan 2.0.18-2 -- Edit post scripts -* Thu Apr 28 2016 Anish Swaminathan 2.0.18-1 -- Update to 2.0.18 -* Thu Jan 28 2016 Anish Swaminathan 2.0.14-3 -- Removed redundant requires -* Thu Aug 6 2015 Anish Swaminathan -- Added sha512sum -* Fri Mar 13 2015 - mbassiouny@vmware.com -- Initial packaging diff --git a/SPECS/XML-Parser/XML-Parser.spec b/SPECS/XML-Parser/XML-Parser.spec deleted file mode 100644 index f0c06230fd..0000000000 --- a/SPECS/XML-Parser/XML-Parser.spec +++ /dev/null @@ -1,76 +0,0 @@ -Summary: XML-Parser perl module -Name: XML-Parser -Version: 2.46 -Release: 3%{?dist} -License: GPL+ -URL: http://search.cpan.org/~toddr/%{name}-%{version}/ -Source0: http://search.cpan.org/CPAN/authors/id/T/TO/TODDR/%{name}-%{version}.tar.gz -%define sha512 XML-Parser=c4609495cc5ca34952f61876a690ef76d42eee6689d1bedb8036c9eab918525ec5213f1639c7178c029ee0f8765a2ca5eb0197f6e39b8be6d5dbc3f3c1d0b389 -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon -BuildRequires: expat-devel -BuildRequires: perl -Requires: expat -Requires: perl - -%description -The XML::Parser module is a Perl extension interface to James Clark's XML parser, expat - -%prep -%autosetup - -%build -perl Makefile.PL -if [ %{_host} != %{_build} ]; then - ln -s /target-%{_arch}%{perl_privlib}/%{_arch}-linux %{perl_privlib}/%{_arch}-linux - mkdir -p %{perl_vendorlib} - ln -s /target-%{_arch}%{perl_vendorlib}/%{_arch}-linux %{perl_vendorlib}/%{_arch}-linux - - # ugly hack again, similarly to cmake: - ln -sf %{_arch}-linux-gnu-gcc /usr/bin/gcc - ln -sf %{_arch}-linux-gnu-g++ /usr/bin/g++ - ln -sf %{_arch}-linux-gnu-ld /usr/bin/ld - ln -sf %{_arch}-linux-gnu-ar /usr/bin/ar -fi -make %{?_smp_mflags} - -%install -make %{?_smp_mflags} DESTDIR=%{buildroot} install - -%define __perl_version 5.36.0 -rm %{buildroot}/%{_libdir}/perl5/%{__perl_version}/*/perllocal.pod - -%check -make %{?_smp_mflags} test - -%files -%defattr(-,root,root) -%{_libdir}/perl5/* -%{_mandir}/man3/* - -%changelog -* Thu Dec 08 2022 Dweep Advani 2.46-3 -- Perl version upgrade to 5.36.0 -* Thu Aug 20 2020 Dweep Advani 2.46-2 -- Rebuild for perl version upgrade to 5.30.1 -* Thu Jun 25 2020 Gerrit Photon 2.46-1 -- Automatic Version Bump -* Thu Nov 15 2018 Alexey Makhalov 2.44-6 -- Cross compilation support -* Fri Sep 21 2018 Dweep Advani 2.44-5 -- Consuming perl version upgrade of 5.28.0 -* Tue Nov 14 2017 Alexey Makhalov 2.44-4 -- Aarch64 support -* Tue Apr 4 2017 Robert Qi 2.44-3 -- Update to version 2.44-3 since perl version updated. -* Tue May 24 2016 Priyesh Padmavilasom 2.44-2 -- GA - Bump release of all rpms -* Tue Feb 23 2016 Harish Udaiya Kumar 2.44-1 -- Upgraded to version 2.44 -* Mon Feb 01 2016 Anish Swaminathan 2.41-3 -- Fix for multithreaded perl -* Wed Jan 13 2016 Anish Swaminathan 2.41-2 -- Fix for new perl -* Thu Oct 23 2014 Divya Thaluru 2.41-1 -- Initial build. First version diff --git a/SPECS/abupdate/README b/SPECS/abupdate/README deleted file mode 100644 index e66e8a0353..0000000000 --- a/SPECS/abupdate/README +++ /dev/null @@ -1,102 +0,0 @@ -A/B Update - -Package to perform update/rollback with A/B partition sets. - -Design: - In this design, we have A and B sets of partitions, hence the name A/B upgrade. There is also support for shared/persistent partitions that are not part of - other set. To update/modify the system, the idea is that the system on the B partition set can be modified freely while the active system is running. Once - an update is desired, it can be achieved atomically by booting into the B partition set and running the newly updated/modified system. Importantly, a simple switch - doesn't modify the bootloader so any subsequent reboots will be back into the unmodified A set. This allows for safe updates, as if anything goes wrong - in the B system, we can roll back to the A version of the system. - - We only modify the bootloader when it is specifically requested, but after that point subsequent reboots will now be into the modified/updated system. - This is done through the "finish" command. - - This tool allows for various utilities to support this design: - - mounting/unmounting shadow partitions, so that they can be easily modified - - updating/installing packages on B set - - check for capabilities - - clean out the shadow partitions - - deploy an OS image from a tarball into the B set - - sync the A and B partition sets (mirror) - - switch from A to B partition sets - - finalize update/switch by modifying bootloader - -Requirements: - Requires two sets of partitions, A and B. Each partition set can be comprised of multiple individual partitions. - - If booting with BIOS, only a root filesystem pair is needed. - - If booting with UEFI, an EFI partition pair is also needed. - - Optionally, other partition pairs can be added as well. - -Config File: - Configuration options can be set in /etc/abupdate.conf. These options are read in as a bash script, so they must be formatted in bash syntax. - The "init" command can, in some situations, auto-populate this file. - - Available options: - BOOT_TYPE (either UEFI, BIOS, or BOTH if applicable) - PLATFORM (for grub-install, if BIOS) - AUTO_SWITCH (automatically switch to B partition set after update) - AUTO_FINISH (automatically finalize a switch) - PACKAGE_MANAGER (either tdnf or rpm) - - Partition pairs: - Some partitions have a corresponding shadow partition, so we should specify the mapping here as partition pairs. Persistent/shared partitions - do not need to be specified in this config file. - Partition pairs are added as a bash array, with the A and B partition uuids given, along with the mount point. - To specify the ROOT partition pair, use the name ROOT (all caps). EFI is the same. Other set names can any mixture of characters. - - Example: - =("partition uuid A" "partition uuid B" "mount point") - - Once a partition set has been added in the config file, you must also update the SETS array to include the name of the set. - Otherwise, the script will not know that it exists. - - Example: - SETS=("ROOT" "EFI" "") - - Excluding files/folders: - To exclude a file/folder from being synced across A->B partition sets, you can set an exclude array for that partition set. - Syntax - _EXCLUDE=("file name" "/folder/file" "/folder1/folder2") - - Example: - HOME_EXCLUDE=("/myfolder") - -Script usage: - ./abupdate - - Available options: - init - Initializes /etc/abupdate.conf. Attempts to auto detect A and B partitions and boot type. - sync - Mirrors the active (A) partition set to the inactive (B) partition set. Syncs all data between the two partition sets - This is done efficiently using rsync, which transfers only the delta between the two sets. - deploy - Accepts an OS image as a tar file. Cleans the B partition set and then deploys the OS image into the B partition set - mount - Mounts B partition set, and pseudo filesystems, at /mnt/abupdate - unmount - Unmounts B partition set and pseudo filesystems from /mnt/abupdate - clean - Cleans the B partition set. Removes all files from all specified shadow partitions. Does not touch any shared/persistent partitions. - update - Accepts a list of packages to update. - If PACKAGE_MANAGER is set to rpm, the list must be a list of .rpm files - If no args, updates all packages on the B partition set. - If AUTO_SWITCH is set, automatically switches into B partition set - To specify a custom tdnf config file, use -c /path/to/config or set TDNF_CONFIG in /etc/abupdate.conf. - install - Accepts a list of packages to install to the shadow (B) partition set - If PACKAGE_MANAGER is set to rpm, the list must be a list of .rpm files - To specify a custom tdnf config file, use -c /path/to/config or set TDNF_CONFIG in /etc/abupdate.conf. - uninstall - Accepts a list of packages to uninstall from the shadow (B) partition set. - To specify a custom tdnf config file, use -c /path/to/config or set TDNF_CONFIG in /etc/abupdate.conf. - switch - Executes a kexec boot into the B partition set. - If AUTO_FINISH is set, automatically finalizes the switch with the finish command - Otherwise, the next boot will be back into the original A partition set - finish - Finalizes the switch by updating the bootloader. Ensures that the next reboot will be into the current partition set. - check - Runs various checks to verify A/B partition sets are good to go. diff --git a/SPECS/abupdate/abupdate b/SPECS/abupdate/abupdate deleted file mode 100644 index 3a34df3c97..0000000000 --- a/SPECS/abupdate/abupdate +++ /dev/null @@ -1,1106 +0,0 @@ -#!/bin/bash - -set -o pipefail - -if [[ "$EUID" -ne 0 ]]; then - echo "Please run as root user" - exit 1 -fi - -_ROOT=() -EFI=() -SETS=() - -A_UUID_ROOT="" -B_UUID_ROOT="" - -FSTAB="etc/fstab" -GRUB_CFG="boot/grub2/grub.cfg" - -MNTPT_ROOT="/mnt/abupdate" # mount all shadow partitions as subdirectories of this dir -MNTPT_CLEAN="/mnt/ab-clean" -MNTPT_EFI="$MNTPT_ROOT/boot/efi" - -BOOT_TYPE="" # e.g BIOS, EFI, BOTH -CONFIG_BOOT_TYPE="" # used to preserve config file value of BOOT_TYPE - -CONFIG_FILE="/etc/abupdate.conf" -PHOTON_CFG="/boot/photon.cfg" - -TDNF_CONFIG="" -PKG_LIST="" - -ARCH=$(uname -m) # e.g aarch64, x86_64 - -# wrapper for umount -# arg 1 - directory/device/partition to unmount -unmount() { - if ! umount "$1"; then - echo "Failed to unmount shadow $1 partition, attempting lazy unmount" - if ! umount -l "$1"; then - echo "ERROR: Failed to lazily unmount $1" - exit 1 - else - echo "Lazy unmount of $1 successful" - fi - fi -} - -# prints error message and then exits -error() { - if [[ -z "$1" ]]; then - echo "Error! Exiting." 1>&2 - else - echo "ERROR: $1" 1>&2 - fi - - # unmount B filesystem - local fs - local elem - local psuedo_filesystems=("proc" "dev" "sys" "tmp" "run") - for fs in "${psuedo_filesystems[@]}"; do - check_if_mntpt "${MNTPT_ROOT}/$fs" && unmount "$MNTPT_ROOT/$fs" - done - - for elem in "${SETS[@]}"; do - local mnt_pt="${elem}[2]" - if [[ ! "$elem" == "_ROOT" ]] && check_if_mntpt "${MNTPT_ROOT}/${!mnt_pt}"; then - local mnt_pt="${elem}[2]" - unmount "${MNTPT_ROOT}/${!mnt_pt}" - fi - done - - if check_if_mntpt "$MNTPT_ROOT"; then - unmount "$MNTPT_ROOT" - fi - - exit 1 -} - -# parse the command line arguments, flow control -parse_cmdline_args() { - case "$1" in - # auto initialize /etc/abupdate.conf - init) - init_cfg - ;; - # deploy image into shadow set with a tarball - deploy) - read_cfg 1 - shift - deploy_image "$1" - ;; - # mount shadow partition set - mount) - read_cfg 1 - mount_b_partition - ;; - # unmount shadow partition set - unmount) - read_cfg 1 - unmount_b_partition - ;; - # sync a and b partition sets - sync) - read_cfg 1 - mirror_partitions - ;; - # clear out shadow partition sets - clean) - read_cfg 1 - shift - if [[ -z "$1" ]]; then - clean_shadow_partitions "${SETS[@]}" - else - clean_shadow_partitions "$@" - fi - ;; - # copies partition a to b, and updates the packages - update) - read_cfg 1 - shift - update "$@" - ;; - # install/uninstall specific package into shadow partition - install|uninstall) - read_cfg 1 - package_wrapper "$@" - ;; - # switches to B partition and kexec boots from there - switch) - read_cfg 1 - switch - ;; - finish) - read_cfg 1 - # if booted properly into the new kernel, finalize it by editing bootloader - finish_cap_check - finalize - - # only need to run this once - # make sure it is disabled, otherwise this will run on every boot - systemctl disable abupdate.service - ;; - check) - read_cfg 1 - # run sanity checks - check - ;; - help) - help_menu 0 - ;; - *) - help_menu 1 - ;; - esac -} - -# Parse package list given to update/(un)install commands, and -# extract the TDNF config file if it is included (with a -c flag) -# arg 1 - package list passed to install/uninstall/update commands -parse_pkg_list() { - if [[ $PACKAGE_MANAGER == "RPM" ]]; then - PKG_LIST="$@" - return - fi - - # remove references to -c /path/to/config if TDNF_CONFIG is specified - if [[ -n "$TDNF_CONFIG" ]]; then - while (( "$#" )); do - if [[ "$1" == "-c" ]]; then - TDNF_CONFIG="$2" - shift - else - PKG_LIST="$PKG_LIST $1" - fi - shift - done - else - PKG_LIST="$@" - fi -} - -# wrapper function to handle update/remove/install of packages to shadow partition set -# arg 1: base command given to abupdate - install/uninstall/update -# arg 2: rest of arguments passed to abupdate -package_wrapper() { - # first opt should be the base command - ex) install, remove, update - local pkg_manager_opts=$1 - [[ "$1" == "uninstall" ]] && pkg_manager_opts="remove" - shift - - mount_b_partition - - echo "Running update/install sanity checks..." - update_sanity_checks - echo "Looks good." - - parse_pkg_list "$@" - - if [[ "$PACKAGE_MANAGER" == "TDNF" ]]; then - pkg_manager_opts="$pkg_manager_opts -y --installroot $MNTPT_ROOT" - [[ -n "$TDNF_CONFIG" ]] && pkg_manager_opts="$pkg_manager_opts -c $TDNF_CONFIG" - tdnf $pkg_manager_opts $PKG_LIST || error - else - case "$pkg_manager_opts" in - install|update) - pkg_manager_opts="-Uv" - ;; - uninstall|remove) - pkg_manager_opts="-ev" - ;; - esac - pkg_manager_opts="$pkg_manager_opts --root=$MNTPT_ROOT" - rpm $pkg_manager_opts $PKG_LIST || error - fi - - echo "Package operation completed successfully" -} - -# deploy whole OS image to shadow partition set -# arg 1 - image filename (tarball) -deploy_image() { - local tar_name - clean_shadow_partitions "${SETS[@]}" - - #TODO: Add a flag to keep b partition mounted if it was mounted previously - - # mount all shadow partitions to correct relative locations - mount_b_partition "no_pseudo" - - cp -p "$1" "$MNTPT_ROOT" - pushd "$MNTPT_ROOT" || error - tar_name=$(basename "$1") - tar -xf "$tar_name" || error "Failed to unpack tarball" - popd || error - - echo "Successfully deployed tarball image to shadow partition set" - unmount_b_partition -} - -# merge any empty files from /etc dir -merge_etc() { - # delete empty files, so we can transfer them with rsync - for file in "$MNTPT_ROOT"/etc/*; do - if [[ -f $file ]] && [[ -s $MNTPT_ROOT/$file ]]; then - rm "$file" - fi - done - rsync -aHx --ignore-existing /etc/ "$MNTPT_ROOT"/etc/ -} - -# clear out all specified partitions -# take in a list of set names to clear out -# or clears out all if none specified -clean_shadow_partitions() { - unmount_b_partition - mkdir -p "$MNTPT_CLEAN" - while [[ -n "$1" ]]; do - local B_partuuid="${1^^}[1]" - if [[ -n "${!B_partuuid}" ]]; then - echo "Cleaning $1 - partuuid = ${!B_partuuid}" - mount PARTUUID="${!B_partuuid}" "$MNTPT_CLEAN" || error "Failed to mount shadow $1 partition" - rm -rf "${MNTPT_CLEAN:?}"/* || error "Failed to clean all files in shadow $1 partition" - unmount "$MNTPT_CLEAN" - else - echo "Partition set $1 not found, skipping" - fi - shift - done - - echo "All partitions cleaned successfully" -} - -check() { - echo "Running checks..." - - mount_b_partition - - echo "Checking filesystem types match" - fs_type_check - echo "Filesystem types match." - - echo "Checking that B partition is bootable" - bootable_check - echo "B partition is bootable" - - echo "Checking that B partition is big enough" - size_check - echo "B partition has sufficient space" - - echo "checking required tools are installed" - capability_check - echo "all required tools are installed" - - echo "Checks passed. Everything looks good." - - unmount_b_partition -} - -# check for tools to finalize -finish_cap_check() { - if [[ $BOOT_TYPE == "EFI" ]] || [[ $BOOT_TYPE == "BOTH" ]]; then - command -v efibootmgr &> /dev/null || error "efibootmgr not found. Can be installed with \"tdnf install efibootmgr\"" - fi - if [[ "$BOOT_TYPE" == "BIOS" ]] || [[ $BOOT_TYPE == "BOTH" ]]; then - command -v grub2-install &> /dev/null || error "grub2-install not found. Can be installed with \"tdnf install grub2-pc\"" - fi -} - -# check if we have tools for switching -switch_cap_check() { - command -v rsync &> /dev/null || error "rsync not found. Can be installed with \"tdnf install rsync\"" - command -v kexec &> /dev/null || error "kexec not found. Can be installed with \"tdnf install kexec-tools\"" - if [[ "$AUTO_FINISH" == "YES" ]] || [[ "$AUTO_FINISH" == "Y" ]]; then - mount_b_partition - export BOOT_TYPE=$BOOT_TYPE - export MNTPT_ROOT=$MNTPT_ROOT - export SETS=( "${SETS[@]}" ) - export -f finish_cap_check - export -f error - export -f check_if_mntpt - chroot $MNTPT_ROOT /bin/bash -c finish_cap_check || error "Missing tool(s) in $MNTPT_ROOT (shadow partition set)" - fi -} - -# check required tools for updating/installing packages -update_cap_check() { - if [[ "$PACKAGE_MANAGER" == "TDNF" ]]; then - command -v tdnf &> /dev/null || error "Package manager is set to tdnf but tdnf is not found" - elif [[ "$PACKAGE_MANAGER" == "RPM" ]]; then - command -v rpm &> /dev/null || error "Package manager is set to rpm, but rpm is not found" - fi - - if [[ "$AUTO_SWITCH" == "YES" ]] || [[ "$AUTO_SWITCH" == "Y" ]]; then - switch_cap_check - fi -} - -# check to verify required software is installed -capability_check() { - update_cap_check - switch_cap_check - finish_cap_check -} - -# takes in a list of packages to update -# otherwise, just updates all packages -update() { - echo -e "Upgrading B partition to latest kernel/packages" - - # have to mount first, otherwise sanity checks will be wacky - mount_b_partition - - echo "Running sanity checks..." - update_sanity_checks - echo "Looks good." - - # update packages in partition B - package_wrapper "update" "$@" - - unmount_b_partition - - echo "Updated successfully" - - if [[ "$AUTO_SWITCH" == "YES" ]] || [[ "$AUTO_SWITCH" == "Y" ]]; then - echo "" - echo "AutoSwitch=yes, automatically switching to B partition set" - echo "" - switch - fi -} - -switch() { - mount_b_partition - - echo "Updating config files" - update_config_files - echo "Config files updated (fstab, grub.cfg)" - - # update config file in B partition to be the opposite - # since after we switch, the B partition is now the current A partition - update_b_config - - switch_sanity_checks - - if [[ "$AUTO_FINISH" == "YES" ]] || [[ "$AUTO_FINISH" == "Y" ]]; then - chroot $MNTPT_ROOT /bin/bash -c "systemctl enable abupdate.service" || error "Failed to enable auto finish service" - else - chroot $MNTPT_ROOT /bin/bash -c "systemctl disable abupdate.service" || error "Failed to disable auto finish service" - fi - - merge_etc - - # boot into new kernel version - kexec_reboot -} - -help_menu() { - local retval="$1" -cat << EOF >&2 - Usage: ./abupdate - Available options: - init - Initializes /etc/abupdate.conf. Attempts to auto detect A and B partitions and boot type. - sync - Mirrors the active (A) partition set to the inactive (B) partition set. Syncs all data between the two partition sets - deploy - Accepts an OS image as a tar file. Cleans the B partition set and then deploys the OS image into the B partition set - mount - Mounts B partition set, and pseudo filesystems, at /mnt/abupdate - unmount - Unmounts B partition set and pseudo filesystems from /mnt/abupdate - clean - Cleans the B partition set. Removes all files - update - Accepts a list of packages to update. - If PACKAGE_MANAGER is set to rpm, the list must be a list of .rpm files - If no args, updates all packages on the B partition set. - If AUTO_SWITCH is set, automatically switches into B partition set - To specify a custom tdnf config file, use -c /path/to/config or set TDNF_CONFIG in /etc/abupdate.conf. - install - Accepts a list of packages to install to the shadow (B) partition set - If PACKAGE_MANAGER is set to rpm, the list must be a list of .rpm files - To specify a custom tdnf config file, use -c /path/to/config or set TDNF_CONFIG in /etc/abupdate.conf. - uninstall - Accepts a list of packages to uninstall from the shadow (B) partition set. - To specify a custom tdnf config file, use -c /path/to/config or set TDNF_CONFIG in /etc/abupdate.conf. - switch - Executes a kexec boot into the B partition set. - If AUTO_FINISH is set, automatically finalizes the switch with the finish command - Otherwise, the next boot will be back into the original A partition set - finish - Finalizes the switch by updating the bootloader. Ensures that the next reboot will be into the current partition set. - help - Print help menu -EOF - - exit $retval -} - -# check to ensure that the partition is functioning properly before we boot into it -# need partuuids for both sanity check types -switch_sanity_checks() { - fs_type_check - bootable_check - switch_cap_check -} - -update_sanity_checks() { - fs_type_check -} - -bootable_check() { - # verify that other partition is bootable - check for initrd and vmlinuz - [[ -f ${MNTPT_ROOT}/${PHOTON_CFG} ]] || error "photon.cfg not found in B partition! unbootable" - local vmlinuz_version - local initrd_version - local linux_version - vmlinuz_version=$(grep photon_linux ${MNTPT_ROOT}/${PHOTON_CFG} | cut -d "=" -f 2-) || error - initrd_version=$(grep photon_initrd $MNTPT_ROOT/${PHOTON_CFG} | cut -d "=" -f 2-) || error - if [[ ! -f "$MNTPT_ROOT/boot/$vmlinuz_version" ]]; then - error "vmlinuz not found in B partition! unbootable." - fi - - if [[ -n "$initrd_version" ]] && [[ ! -f "$MNTPT_ROOT/boot/$initrd_version" ]]; then - error "initrd not found in B partition! unbootable" - fi - - # check for correct installation of kernel modules - linux_version=$(cut -d '-' -f 2- <<< "$MNTPT_ROOT/lib/modules/$vmlinuz_version") || error - if [[ -d "$MNTPT_ROOT/lib/modules/$linux_version" ]]; then - # check to make sure it's not empty - [[ $(find $MNTPT_ROOT/lib/modules/"$linux_version" -name "*" | wc -l) -eq 0 ]] && error "Kernel modules directory found but empty. Are modules installed?" - else - error "Failed to find kernel modules directory! /lib/modules/$linux_version not found or not a directory" - fi - - if [[ "$BOOT_TYPE" == "EFI" ]] || [[ $BOOT_TYPE == "BOTH" ]]; then - # just check to make sure that the efi files are present - # if not, probably it is not bootable - # filesystem type check should also occur previously - if [[ "$ARCH" == "x86_64" ]]; then - [[ -f "$MNTPT_EFI/EFI/BOOT/bootx64.efi" ]] || error "EFI/BOOT/bootx64.efi not found in EFI partition B" - [[ -f "$MNTPT_EFI/EFI/BOOT/grubx64.efi" ]] || error "EFI/BOOT/grubx64.efi not found in EFI partition B" - [[ -f "$MNTPT_EFI/boot/grub2/grub.cfg" ]] || error "/boot/grub2/grub.cfg not found in ROOT partition B" - elif [[ "$ARCH" == "aarch64" ]]; then - [[ -f "$MNTPT_EFI/EFI/BOOT/BOOTAA64.efi" ]] || error "EFI/BOOT/BOOTAA64.efi not found in EFI partition B" - [[ -f "$MNTPT_EFI/boot/grub2/grub.cfg" ]] || error "/boot/grub2/grub.cfg not found in ROOT partition B" - fi - fi -} - -# check to make sure fs is formatted the same in both partitions -fs_type_check() { - # findmnt will return 1 if output is none, so this will also serve as a null check - local fstype_a - local fstype_b - fstype_a=$(blkid -t PARTUUID="${_ROOT[0]}" -o value -s TYPE) || error "Error getting filesystem types" - fstype_b=$(blkid -t PARTUUID="${_ROOT[1]}" -o value -s TYPE) || error "Error getting filesystem types" - - if [[ $BOOT_TYPE == "EFI" ]] || [[ $BOOT_TYPE == "BOTH" ]]; then - local efi_type_a - local efi_type_b - efi_type_a=$(blkid -t PARTUUID="${EFI[0]}" -o value -s TYPE) || error "Error getting filesystem types" - efi_type_b=$(blkid -t PARTUUID="${EFI[1]}" -o value -s TYPE) || error "Error getting filesystem types" - [[ $efi_type_a == "vfat" ]] || error "A EFI format is $efi_type_a, not vfat/fat32" - [[ $efi_type_b == "vfat" ]] || error "B EFI format is $efi_type_b, not vfat/fat32" - fi - - if [[ "$fstype_b" != "$fstype_a" ]]; then - echo "Root file system formatting does not match! Exiting" - echo "A = \"$fstype_a\", B = \"$fstype_b\"" - exit 1 - fi -} - -# update the abupdate.conf file in the B partition to swap the A-B labels for partitions -update_b_config() { - # copy to b partition if it exists - if [[ -f "$CONFIG_FILE" ]]; then - cp -p "$CONFIG_FILE" "$MNTPT_ROOT/$CONFIG_FILE" || error - fi - - if [[ ! -d /boot/efi/$GRUB_CFG ]] || [[ ! -f "/boot/efi/$GRUB_CFG" ]]; then - echo "Copying $MNTPT_EFI/$GRUB_CFG as it is not present" - mkdir -p $MNTPT_EFI/boot/grub2 - cp -p /boot/efi/$GRUB_CFG $MNTPT_EFI/$GRUB_CFG || error "Failed to copy grub.cfg from A to B partition" - fi - - # for each partition set, swap the partuuids for A and B - local elem - for elem in "${SETS[@]}"; do - local A_partuuid="${elem}[0]" - local B_partuuid="${elem}[1]" - local mnt_pt="${elem}[2]" - sed -i -E "s/(\"?${!A_partuuid}\"?\,?) (\"?${!B_partuuid}\"?\,?)/\2 \1/" "$MNTPT_ROOT/$CONFIG_FILE" || error "Failed to update $CONFIG_FILE in B partition set" - done -} - -# check to make sure the values read in from the config file are valid -valid_config_check() { - [[ "$AUTO_FINISH" != "YES" ]] && [[ "$AUTO_FINISH" != "Y" ]] && [[ "$AUTO_FINISH" != "NO" ]] && [[ "$AUTO_FINISH" != "N" ]] && error "Invalid value for AUTO_FINISH. Valid options: YES, Y, NO, N" - [[ "$AUTO_SWITCH" != "YES" ]] && [[ "$AUTO_SWITCH" != "Y" ]] && [[ "$AUTO_SWITCH" != "NO" ]] && [[ "$AUTO_SWITCH" != "N" ]] && error "Invalid value for AUTO_SWITCH. Valid options: YES, Y, yes, y" - [[ "$BOOT_TYPE" != "BIOS" ]] && [[ "$BOOT_TYPE" != "EFI" ]] && [[ "$BOOT_TYPE" != "BOTH" ]] && error "Invalid value for BOOT_TYPE. Valid options: BIOS, EFI, BOTH" - [[ "$PACKAGE_MANAGER" != "TDNF" ]] && [[ "$PACKAGE_MANAGER" != "RPM" ]] && error "Invalid value for PACKAGE_MANAGER. Valid options: TDNF, RPM" - - [[ "${#SETS[@]}" -eq 0 ]] && error "No partition sets found in config file!" - check_for_dup_partuuids - - [[ -n "$A_UUID_ROOT" ]] || error "Unable to get UUID from PARTUUID for root A partition" - [[ -n "$B_UUID_ROOT" ]] || error "Unable to get UUID from PARTUUID for root B partition" -} - -# just read cfg file -# args: -# 1. run config check - pass in 0 to skip valid_config_check, any other number otherwise -read_cfg() { - #get config options - if [[ -f "$CONFIG_FILE" ]]; then - source "$CONFIG_FILE" - else - echo "No config file found at $CONFIG_FILE" - [[ "$1" -eq 0 ]] || help_menu 1 - fi - - [[ -z "$PACKAGE_MANAGER" ]] && PACKAGE_MANAGER="TDNF" - [[ -z "$AUTO_FINISH" ]] && AUTO_FINISH="NO" - [[ -z "$AUTO_SWITCH" ]] && AUTO_SWITCH="NO" - - # make sure all options are all caps (except platform) - AUTO_FINISH="${AUTO_FINISH^^}" - BOOT_TYPE="${BOOT_TYPE^^}" - AUTO_SWITCH="${AUTO_SWITCH^^}" - PACKAGE_MANAGER="${PACKAGE_MANAGER^^}" - - # remove any trailing commas from sets (easy mistake to make) - for usr_set in "${SETS[@]}"; do - local A_partuuid="${usr_set}[0]" - local B_partuuid="${usr_set}[1]" - local mnt_pt="${usr_set}[2]" - # new_set can't be local, otherwise doesn't work - declare -n new_set=$usr_set - new_set=( "${!A_partuuid%,}" "${!B_partuuid%,}" "${!mnt_pt%,}" ) - done - - # get UUIDs from PARTUUIDs - if [[ -n "${_ROOT[0]}" ]]; then - A_UUID_ROOT=$(blkid -t PARTUUID="${_ROOT[0]}" -o value -s UUID) || error - fi - - if [[ -n "${_ROOT[1]}" ]]; then - B_UUID_ROOT=$(blkid -t PARTUUID="${_ROOT[1]}" -o value -s UUID) || error - fi - - [[ "$1" -eq 0 ]] || valid_config_check - -} - -# autodetect needed variables and write out configuration -init_cfg() { - - read_cfg 0 - - if [[ -z "$BOOT_TYPE" ]]; then - echo "Attempting to guess boot type..." - if fdisk -l | grep -q "BIOS" && [[ -d "/sys/firmware/efi" ]]; then - BOOT_TYPE="BOTH" - elif [[ -d "/sys/firmware/efi" ]]; then - BOOT_TYPE="EFI" - else - BOOT_TYPE="BIOS" - fi - echo "Detected $BOOT_TYPE boot type" - fi - - CONFIG_BOOT_TYPE="$BOOT_TYPE" - - # if the partition UUIDs are not set in the config file, try to auto detect them. - if { [[ "$BOOT_TYPE" == "EFI" ]] || [[ $BOOT_TYPE == "BOTH" ]]; } && { [[ -z "${EFI[0]}" ]] || [[ -z "${EFI[1]}" ]]; }; then - echo "detecting efi partition uuids" - auto_detect_flag=1 - detect_efi_partitions - SETS+=("EFI") - fi - - if [[ -z "${_ROOT[0]}" ]] || [[ -z "${_ROOT[1]}" ]]; then - echo "detecting rootfs partition uuids" - auto_detect_flag=1 - detect_rootfs_partitions - SETS+=("_ROOT") - fi - - if [[ ${#SETS[@]} -eq 0 ]]; then - SETS+=("_ROOT") - [[ $BOOT_TYPE == "EFI" ]] && SETS+=("EFI") - fi - - A_UUID_ROOT=$(blkid -t PARTUUID="${_ROOT[0]}" -o value -s UUID) || error - B_UUID_ROOT=$(blkid -t PARTUUID="${_ROOT[1]}" -o value -s UUID) || error - - echo "CONFIGURED SETTINGS:" - local elem - for elem in "${SETS[@]}"; do - local A_partuuid="${elem}[0]" - local B_partuuid="${elem}[1]" - echo " PARTUUID for $elem (A) = ${!A_partuuid}" - echo " PARTUUID for $elem (B) = ${!B_partuuid}" - done - -cat <&2 - A_UUID_ROOT=$A_UUID_ROOT - B_UUID_ROOT=$B_UUID_ROOT - BOOT_TYPE=$BOOT_TYPE - PACKAGE_MANAGER=$PACKAGE_MANAGER - AUTO_SWITCH=$AUTO_SWITCH - AUTO_FINISH=$AUTO_FINISH -EOF - - # make sure user confirms auto detected settings - # assume that config file is correct, if we didnt have to auto detect anything - if [[ $auto_detect_flag == 1 ]]; then - echo "CONFIRM: Are these settings correct? Please enter y/n: " - local confirm - read -r confirm - [[ $confirm != "y" && "$confirm" != "yes" ]] && error "User declined settings. Please update /etc/abupdate.conf to the correct settings" - fi - - # write detected values to the config file, so we don't have to do it again later - update_a_config -} - -# checks the partition UUIDs to ensure there are no duplicates -check_for_dup_partuuids() { - # check for duplicate partuuids - # add each partuuid to a list, then just check the list for repetition - # maybe not the most efficient, but the number of partuuids to check is minimal - local list=() - local names=() # e.g ROOT, EFI - local elem - for elem in "${SETS[@]}"; do - local A_partuuid="${elem}[0]" - local B_partuuid="${elem}[1]" - [[ -z "${!A_partuuid}" ]] && error "No partuuid specified for active partition $elem" - [[ -z "${!B_partuuid}" ]] && error "No partuuid specified for shadow partition $elem" - [[ "${!A_partuuid}" == "${!B_partuuid}" ]] && error "Duplicate PARTUUID detected" - local i=0 - local puuid - for puuid in "${list[@]}"; do - if [[ "$puuid" == "${!A_partuuid}" && "${names[$i]}" != "$elem" ]]; then - error "Duplicated partuuid detected! $puuid matches ${!A_partuuid}" - elif [[ "$puuid" == "${!B_partuuid}" && "${names[$i]}" != "$elem" ]]; then - error "Duplicated partuuid detected! $puuid matches ${!B_partuuid}" - fi - i=$i+1 - done - list+=("${!A_partuuid}" "${!B_partuuid}") - # match every entry in list with the correct name - names+=("$elem" "$elem") - done -} - -# update config file in this partition with current variables -update_a_config() { - [[ -f "$CONFIG_FILE" ]] || touch $CONFIG_FILE - - local temp="$BOOT_TYPE" - BOOT_TYPE="$CONFIG_BOOT_TYPE" - - declare variables=( "BOOT_TYPE" "AUTO_FINISH" "AUTO_SWITCH" ) - for var in "${variables[@]}"; do - # either create new or update existing. Want to avoid changing things if possible, so probably best to find and replace - # instead of just echo-ing all the existing values, which might erase some info in the file - sed -i "s/$var=.*/$var=${!var}/g" "$CONFIG_FILE" - - # uncomment line if commented - sed -i "/$var=${!var}/s/^#//g" "$CONFIG_FILE" - - # remove any leading whitespace - sed -i "/$var=${!var}/s/^[ \t]*//g" "$CONFIG_FILE" - - # check if sed performed the substitution, if not then just add a new line - grep "$var=${!var}" "$CONFIG_FILE" &> /dev/null || echo "$var=${!var}" >> "$CONFIG_FILE" - done - - BOOT_TYPE="$temp" - - local sets_str="SETS=(" - local elem - for elem in "${SETS[@]}"; do - local A_partuuid="${elem}[0]" - local B_partuuid="${elem}[1]" - local mnt_pt="${elem}[2]" - local str="$elem=(\"${!A_partuuid}\" \"${!B_partuuid}\" \"${!mnt_pt}\")" - - sed -i "s#$elem=.*#$str#g" "$CONFIG_FILE" - sed -i "/$elem=.*/s/^#//g" "$CONFIG_FILE" - sed -i "/$elem=.*/s/^[ \t]*//g" "$CONFIG_FILE" - grep "$str" "$CONFIG_FILE" &> /dev/null || echo "$str" >> "$CONFIG_FILE" - - sets_str="$sets_str \"$elem\" " - done - - # update sets - sets_str="$sets_str)" - sed -i "s/SETS=.*/$sets_str/g" "$CONFIG_FILE" - sed -i "/SETS=.*/s/^#//g" "$CONFIG_FILE" - sed -i "/SETS=.*/s/^[ \t]*//g" "$CONFIG_FILE" - grep "$sets_str" "$CONFIG_FILE" &> /dev/null || echo "$sets_str" >> "$CONFIG_FILE" - - valid_config_check -} - -check_if_mntpt() { - mountpoint "$1" &> /dev/null -} - -# mount the shadow partition set as subfolders of mntpt_root -# pass in "no_pseudo" if pseudo fs are not needed -mount_b_partition() { - local elem - local fs - - # mount root and efi first, then others as subdirs - [[ -d "$MNTPT_ROOT" ]] || mkdir -p "$MNTPT_ROOT" - if ! check_if_mntpt "$MNTPT_ROOT"; then - mount PARTUUID="${_ROOT[1]}" "$MNTPT_ROOT" || error "Failed to mount shadow root partition" - fi - - [[ -d "$MNTPT_EFI" ]] || mkdir -p "$MNTPT_EFI" - if [[ -n "$EFI" ]] && ! check_if_mntpt "$MNTPT_EFI"; then - mount PARTUUID="${EFI[1]}" "$MNTPT_EFI" || error "Failed to mount shadow EFI partition" - fi - - # mount pseudo filesystems if required - if [[ ! "$1" == "no_pseudo" ]]; then - local pseudo_filesystems=("proc" "dev" "sys" "tmp" "run") - for fs in "${pseudo_filesystems[@]}"; do - [[ -d $MNTPT_ROOT/"$fs" ]] || mkdir -p $MNTPT_ROOT/"$fs" - check_if_mntpt "$MNTPT_ROOT/$fs" || ( mount --bind /"$fs" $MNTPT_ROOT/"$fs" || error "Failed to bind /$fs to $MNTPT_ROOT/$fs" ) - done - fi - - for elem in "${SETS[@]}"; do - local B_partuuid="${elem}[1]" - local mnt_pt="${elem}[2]" - if [[ ! "$elem" == "_ROOT" ]] && [[ ! "$elem" == "EFI" ]] && ! check_if_mntpt "${MNTPT_ROOT}/${!mnt_pt}"; then - mkdir -p "${MNTPT_ROOT}/${!mnt_pt}" - mount PARTUUID="${!B_partuuid}" "${MNTPT_ROOT}/${!mnt_pt}" || error "Failed to mount shadow ${!mnt_pt} partition (partuuid = ${!B_partuuid})" - fi - done - - echo "Mounted B partitions at $MNTPT_ROOT" -} - -unmount_b_partition() { - # unmount B filesystem - local fs - local elem - local psuedo_filesystems=("proc" "dev" "sys" "tmp" "run") - for fs in "${psuedo_filesystems[@]}"; do - check_if_mntpt "${MNTPT_ROOT}/$fs" && unmount "$MNTPT_ROOT/$fs" - done - - for elem in "${SETS[@]}"; do - local mnt_pt="${elem}[2]" - if [[ ! "$elem" == "_ROOT" ]] && check_if_mntpt "${MNTPT_ROOT}/${!mnt_pt}"; then - local mnt_pt="${elem}[2]" - unmount "${MNTPT_ROOT}/${!mnt_pt}" - fi - done - - if check_if_mntpt "$MNTPT_ROOT"; then - unmount "$MNTPT_ROOT" - fi - - echo "Unmounted B partitions from $MNTPT_ROOT" -} - -# check to make sure there is enough space in the b partition -size_check() { - local a_name - local b_name - local elem - for elem in "${SETS[@]}"; do - local A_partuuid="${elem}[0]" - local B_partuuid="${elem}[1]" - a_name=$(blkid -t PARTUUID="${!A_partuuid}" | cut -d ":" -f 1) || error - b_name=$(blkid -t PARTUUID="${!B_partuuid}" | cut -d ":" -f 1) || error - - # verify size matches - check to see if B has enough space to store used amount in A - local used_a - local capacity_b - used_a=$(df "$a_name" | awk -F ' ' 'NR>1 {print $3}') || error - capacity_b=$(df "$b_name" | awk -F ' ' 'NR>1 {print $2}') || error - - if [[ $used_a -gt $capacity_b ]]; then - error "Partion A $elem has used $used_a 1k-blocks, Partition B has only $capacity_b 1k-blocks. There is not enough space." - fi - done -} - -mirror_partitions() { - # rsync specified partitions - - mount_b_partition - local elem - for elem in "${SETS[@]}"; do - local exclude_dirs="$elem"_EXCLUDE\[\@\] - local exclude_str="" - exclude_dirs=( ${!exclude_dirs} ) - for dir in "${exclude_dirs[@]}"; do - # strip leading slash, if present - dir=${dir#/} - exclude_str="${exclude_str} --exclude=/${dir%/}" - done - done - echo "Syncing A and B partitions" - - # sync contents of root A filesystem to B (need /run/systemd, otherwise tdnf will complain) - rsync -aHX --delete --include={"/proc/1/","/proc/self/","/run/systemd/"} $exclude_str --exclude={"/mnt/*","/sys/*","/proc/*","/run/*","/tmp/*","/media/*","lost+found/*","/$GRUB_CFG"} / "$MNTPT_ROOT" > /dev/null || error "Failed to sync A and B partitions" - # only copy this the first time. don't overwrite existing - if [[ ! -f "$MNTPT_EFI/$GRUB_CFG" ]]; then - cp -p "/boot/efi/$GRUB_CFG" "$MNTPT_EFI/$GRUB_CFG" - fi - - echo "Successfully synced A and B partitions" - - unmount_b_partition -} - -update_config_files() { - # update rootfs/etc/fstab to switch from A to B - # this will be in partition B - local elem - - if [[ -f "$MNTPT_ROOT/$FSTAB" ]] || [[ ! -s "$MNTPT_ROOT/$FSTAB" ]]; then - cp -p /$FSTAB $MNTPT_ROOT/$FSTAB - fi - - for elem in "${SETS[@]}"; do - local A_partuuid="${elem}[0]" - local B_partuuid="${elem}[1]" - sed -i "s/${!A_partuuid}/${!B_partuuid}/g" "$MNTPT_ROOT/$FSTAB" || error "Failed to update fstab" - done - - # verify that fstab is looking good - chroot $MNTPT_ROOT /bin/bash -c "findmnt --verify" || error "/etc/fstab is invalid! Aborting" - - # update grub.cfg in B rootfs partition - if [[ -f "$MNTPT_ROOT/$GRUB_CFG" ]] || [[ ! -s "$MNTPT_ROOT/$GRUB_CFG" ]]; then - cp -p /$GRUB_CFG $MNTPT_ROOT/$GRUB_CFG - fi - sed -i "s/${_ROOT[0]}/${_ROOT[1]}/g" "$MNTPT_ROOT/$GRUB_CFG" || error "Failed to update grub.cfg in rootfs partition" - sed -i "s/$A_UUID_ROOT/$B_UUID_ROOT/g" "$MNTPT_ROOT/$GRUB_CFG" || error "Failed to update grub.cfg in rootfs partition" -} - -# uses kexec -l to load the new kernel into memory -load_kernel() { - # detect linux version - local linux_version - local initrd_version - vmlinuz_version=$(grep photon_linux $MNTPT_ROOT/$PHOTON_CFG | cut -d "=" -f 2) - initrd_version=$(grep photon_initrd $MNTPT_ROOT/$PHOTON_CFG | cut -d "=" -f 2) - - # maybe there is a better way to figure out the command line parameters in the shadow partition set? - local opts - local file - local line - local cmdline_var - grep "\ $.*cmdline" < "$MNTPT_ROOT/boot/grub2/grub.cfg" | while IFS= read -r cmdline_var; do - if grep -q "cmdline" <<< "$cmdline_var"; then - file=$(cut -d '_' -f 1 <<< "$cmdline_var") - file=${file#*$} - line=$(cut -d '$' -f 2 <<< "$cmdline_var") - opts="$opts $(grep "$line" $MNTPT_ROOT/boot/"${file}".cfg | cut -d '=' -f 2-)" - fi - done - - linux_version=$(cut -d '-' -f 2- <<< "$vmlinuz_version") - if [[ -n "$initrd_version" ]]; then - kexec -l $MNTPT_ROOT/boot/"$vmlinuz_version" --initrd=$MNTPT_ROOT/boot/"$initrd_version" --append=root=PARTUUID="${_ROOT[1]} $opts" || error "Failed to load kernel in partition B" - else - kexec -l $MNTPT_ROOT/boot/"$vmlinuz_version" --append=root=PARTUUID="${_ROOT[1]} $opts" || error "Failed to load kernel in partition B" - fi -} - -# boot into the newly loaded kernel -kexec_reboot() { - load_kernel - - # ensure that correct partitions are unmounted - unmount_b_partition - - echo "Booting into B partition set" - kexec -e || error -} - -# attempt to detect the partition names for A and B rootfs partitions -detect_rootfs_partitions() { - # make sure it's empty - could possibly have something read in from config file - _ROOT=() - _ROOT+=("$(findmnt / -n -o PARTUUID)") - - if [ -z "${_ROOT[0]}" ]; then - error "Unable to detect currently mounted rootfs partition" - fi - - # array to store all of the root fs partition uuids - local rootfs_partitions - mapfile -t rootfs_partitions < <(fdisk -l | grep "Linux" | awk '{print $1}') || error - local i=0 - local part - for part in "${rootfs_partitions[@]}"; do - rootfs_partitions[$i]=$(blkid "$part" -o value -s PARTUUID) - i=$i+1 - done - - if [ "${#rootfs_partitions[@]}" -eq 1 ]; then - error "Only one root filesystem partition found! A/B update requires a secondary partition." - elif [ "${#rootfs_partitions[@]}" -gt 2 ]; then - error "Unable to detect which Linux filesystem partition to use as secondary. There are more than two! Please specify in abupdate.conf" - fi - - # pick the one that's different than A - if [[ "${rootfs_partitions[1]}" != "${_ROOT[0]}" ]]; then - _ROOT+=("${rootfs_partitions[1]}") - else - _ROOT+=("${rootfs_partitions[0]}") - fi - - #mnt point - _ROOT+=("/") -} - -# attempt to detect the partition names for A and B EFI partitions -detect_efi_partitions() { - # make sure it's empty before we populate it - EFI=() - EFI+=("$(findmnt /boot/efi -n -o PARTUUID)") - - # array to store all of the efi partitions (should be two, otherwise this is BIOS boot) - local efi_partitions - mapfile -t efi_partitions < <(fdisk -l | grep EFI | awk '{print $1}') || error - local i=0 - local part - for part in "${efi_partitions[@]}"; do - efi_partitions[$i]=$(blkid "$part" -o value -s PARTUUID) || error - i=$i+1 - done - - if [ "${#efi_partitions[@]}" -eq 1 ]; then - error "Only one efi filesystem partition found! AB update requires a secondary partition." - elif [ "${#efi_partitions[@]}" -gt 2 ]; then - error "Unable to detect which EFI partition to use as secondary. There are more than two! Please specify in abupdate.conf" - fi - - # pick the different partition - if [[ "${efi_partitions[1]}" != "${EFI[0]}" ]]; then - EFI+=("${efi_partitions[1]}") - else - EFI+=("${efi_partitions[0]}" ) - fi - - EFI+=("/boot/efi") -} - -# finalize the switch -finalize() { - local disk_name - local bootloader_efi - local grub_bootloader_efi - - if [[ "$ARCH" == "aarch64" ]]; then - grub_bootloader_efi="\EFI\grub\grubaa64.efi" - bootloader_efi="\EFI\BOOT\BOOTAA64.EFI" - elif [[ "$ARCH" == "x86_64" ]]; then - grub_bootloader_efi="\EFI\grub\grubx64.efi" - bootloader_efi="\EFI\BOOT\grubx64.efi" - else - error "$ARCH not supported" - fi - - # if BIOS, update MBR by installing grub - # if EFI, update efi boot entries - # if both, update both - - if [[ ! $BOOT_TYPE == "BIOS" ]] && [[ ! $BOOT_TYPE == "EFI" ]] && [[ ! $BOOT_TYPE == "BOTH" ]]; then - error "unknown boot type" - fi - - if [[ $BOOT_TYPE == "BIOS" ]] || [[ $BOOT_TYPE == "BOTH" ]]; then - disk_name=$(blkid -t PARTUUID="${_ROOT[0]}" | cut -d ":" -f 1) || error - disk_name=${disk_name//[0-9]/} - - rpm -q grub2-pc &> /dev/null || error "grub2-pc not installed. Install with \"tdnf install grub2-pc\"" - - # try to get platform type, if wrong this could brick at least this partition, but potentially the whole machine by messing up the MBR - if [[ -z "$PLATFORM" && $(find /usr/lib/grub/* -prune -name "*" | wc -l) -gt 1 ]]; then - error "Multiple platforms detected in /usr/lib/grub. Please specify correct platform for grub by setting PLATFORM in /etc/abupdate.conf" - elif [[ -z "$PLATFORM" ]]; then - PLATFORM=$(ls /usr/lib/grub) || error - fi - - # overwrite MBR by grub2-install - grub2-install "$disk_name" --target="$PLATFORM" || error "Failed to update MBR. Is grub2-pc package installed?" - - elif [[ $BOOT_TYPE == "EFI" ]]; then - # install grub into this partition, otherwise it will use same bootloader as other partition set - # and that will just boot into the other partition set (in some situations) - disk_name=$(blkid -t PARTUUID="${EFI[0]}" | cut -d ":" -f 1) || error - disk_name=${disk_name//[0-9]/} - - rpm -q --quiet grub2-efi || error "grub2-efi not installed. Install with \"tdnf install grub2-efi\"" - - if [[ -z "$PLATFORM" && $(find /usr/lib/grub/* -prune -name "*" | wc -l) -gt 1 ]]; then - error "Multiple platforms detected in /usr/lib/grub. Please specify correct platform for grub by setting PLATFORM in /etc/abupdate.conf" - elif [[ -z "$PLATFORM" ]]; then - PLATFORM=$(ls /usr/lib/grub) || error - fi - - # install new grub bootloader for this partition set - grub2-install "$disk_name" --target="$PLATFORM" || error "Failed to install new grub bootloader. Is grub2-efi package installed?" - fi - - if [[ $BOOT_TYPE == "EFI" ]] || [[ $BOOT_TYPE == "BOTH" ]]; then - # update efi grub cfg in current partition to point to this partition (after switch, it will still point to previous) - sed -i "s/$B_UUID_ROOT/$A_UUID_ROOT/g" "/boot/efi/$GRUB_CFG" || error "Failed to update grub.cfg in EFI partition" - - # find which entry is the grub entry - local bootnum - bootnum=$(efibootmgr | grep -E "(^|\s)grub(\s|$)") - - # if no grub entry, then we have to do this a bit differently - # probably, grub is not installed - if [[ -n "$bootnum" ]]; then - bootnum="${bootnum//[!0-9]/}" - - # get the partition number for the A partition - local partition_num - partition_num=$(blkid | grep "${EFI[0]}" | cut -d ":" -f 1) || error - partition_num="${partition_num//[!0-9]/}" - - # create new efi boot entry - efibootmgr -c -d "$disk_name" -p "$partition_num" -L grub -l "$grub_bootloader_efi" &> /dev/null || error "Failed to create new efi boot entry (Grub)" - - # delete existing entry for grub - # modifying existing doesn't seem to work - efibootmgr -b "$bootnum" -B &> /dev/null || error "Failed to edit efi boot entry. Is efibootmgr package installed?" - else - # get the partition number for the A partition - local partition_num - partition_num=$(blkid | grep "${EFI[0]}" | cut -d ":" -f 1) || error - partition_num="${partition_num//[!0-9]/}" - - # create new Photon boot entry - bootnum=$(efibootmgr | grep -E "(^|\s)Photon(\s|$)") - bootnum="${bootnum//[!0-9]/}" - efibootmgr -c -d "$disk_name" -p "$partition_num" -L Photon -l "$bootloader_efi" &> /dev/null || error "Failed to create new efi boot entry (Photon)" - [[ -n $bootnum ]] && (efibootmgr -b "$bootnum" -B &> /dev/null || error "Failed to delete existing Photon boot entry") - fi - fi - echo "Successfully finalized update. Next (re)boot will be into this partition set." -} - -# flow control function -parse_cmdline_args "$@" diff --git a/SPECS/abupdate/abupdate.conf b/SPECS/abupdate/abupdate.conf deleted file mode 100644 index 6944b9d80f..0000000000 --- a/SPECS/abupdate/abupdate.conf +++ /dev/null @@ -1,41 +0,0 @@ -# either EFI, BIOS, or BOTH -# BOOT_TYPE= - -# automatically switch to other partition set after update? -# AUTO_SWITCH=NO - -# automatically finalize the update after a switch? -# AUTO_FINISH=no - -# can choose to either use tdnf or rpm as a package manager -# if not specified, tdnf is used -# PACKAGE_MANAGER=tdnf - -# for update/install/uninstall commands (with tdnf) -# use a custom tdnf config file for a/b update -# TDNF_CONFIG=/path/to/config - -# Provide information about partition sets -# PARTUUID info can be found with the "blkid" command -# ex) blkid /dev/sdb1 -# /dev/sdb1: UUID="d99e366e-3dd5-445e-906f-900fc927d4f4" BLOCK_SIZE="1024" TYPE="ext4" PARTUUID="febbf1a8-01" -# -# EFI is needed if booting with EFI -# Format: PARTUUID A, PARTUUID B, mount point -# -# Example: HOME=("PARTUUID A" "PARTUUID B" "/home") -# -# Note that the / partition is labeled as _ROOT to avoid conflicts with /root (which can be labeled ROOT) -# EFI=("PARTUUID A" "PARTUUID B" "/boot/efi") -# _ROOT=("PARTUUID A" "PARTUUID B" "/") - -# List of all partition sets -# SETS=( "_ROOT" ) - -# exclude the following directories/files from being synced -# note that these directory paths are absolute, not relative to current working directory -# -# Format: _EXCLUDE=( "/dir1/" "/dir2" "/dir3/subdir/file" ... "/dirN/" ) -# -# Example: -# HOME_EXCLUDE=( "/mnt" "lost+found" ) diff --git a/SPECS/abupdate/abupdate.service b/SPECS/abupdate/abupdate.service deleted file mode 100644 index 64febd7a34..0000000000 --- a/SPECS/abupdate/abupdate.service +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Finalizes partition switch on boot, if enabled. - -[Service] -Type=simple -ExecStart=/usr/sbin/abupdate finish - -[Install] -WantedBy=multi-user.target diff --git a/SPECS/abupdate/abupdate.spec b/SPECS/abupdate/abupdate.spec deleted file mode 100644 index 8da9501697..0000000000 --- a/SPECS/abupdate/abupdate.spec +++ /dev/null @@ -1,60 +0,0 @@ -%global debug_package %{nil} - -Name: abupdate -Summary: A/B partition set update and rollback -Version: 1.0 -Release: 3%{?dist} -License: GPLv2 -Group: System Environment/Kernel -Vendor: VMware, Inc. -Distribution: Photon -BuildArch: noarch - -Source0: abupdate -Source1: abupdate.conf -Source2: abupdate.service -Source3: README - -BuildRequires: systemd-rpm-macros - -Requires: bash -Requires: systemd -Requires: kexec-tools -Requires: util-linux -Requires: rsync -Requires: grub2 -Requires: tar - -# Also requires grub2-pc if BIOS, efibootmgr if UEFI -# That will have to be installed by the user based on their system -Recommends: grub2-pc -Recommends: efibootmgr - -%description -Contains the abupdate utility, which provides capabilities in conjunction with an A/B set of partitions, -to atomically update packages/kernel versions, and safely rollback if something goes wrong. -abupdate has the ability to mirror data and update packages/kernel between partition sets, -as well as switch between sets, and rollback from A to B. - -%install -mkdir -p %{buildroot}{%{_sbindir},%{_sysconfdir},%{_unitdir},%{_docdir}} -cp %{SOURCE0} %{buildroot}%{_sbindir} -cp %{SOURCE1} %{buildroot}%{_sysconfdir} -cp %{SOURCE2} %{buildroot}%{_unitdir} -cp %{SOURCE3} %{buildroot}%{_docdir} - -%files -%defattr(-,root,root,-) -%doc %{_docdir}/README -%{_sbindir}/abupdate -%config(noreplace) %{_sysconfdir}/abupdate.conf -%{_unitdir}/abupdate.service - -%changelog -* Thu Feb 23 2023 Brennan Lamoreaux 1.0-3 -- Enable kexec for ARM, don't replace abupdate.conf. Edit abupdate -- to support aarch64. -* Thu Feb 23 2023 Shreenidhi Shedi 1.0-2 -- Requires kexec-tools only in x86_64 -* Thu Oct 20 2022 Brennan Lamoreaux 1.0-1 -- Initial addition to Photon. diff --git a/SPECS/acl/acl.spec b/SPECS/acl/acl.spec deleted file mode 100644 index 468fb746a4..0000000000 --- a/SPECS/acl/acl.spec +++ /dev/null @@ -1,111 +0,0 @@ -Summary: Access control list utilities -Name: acl -Version: 2.3.1 -Release: 2%{?dist} -License: GPLv2+ -Group: System Environment/Base -URL: https://savannah.nongnu.org/projects/%{name} -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://download.savannah.gnu.org/releases/%{name}/%{name}-%{version}.tar.gz -%define sha512 %{name}=f101e27058c959f4c412f475c3fc77a90d1ead8728701e4ce04ff08b34139d35e0e72278c9ac7622ba6054e81c0aeca066e09491b5f5666462e3866705a0e892 - -Requires: libacl = %{version}-%{release} - -BuildRequires: attr-devel - -%description -This package contains the getfacl and setfacl utilities needed for -manipulating access control lists. - -%package -n libacl -Summary: Dynamic library for access control list support -License: LGPLv2+ -Group: System Environment/Libraries -Requires: attr - -%description -n libacl -This package contains the libacl.so dynamic library which contains -the POSIX 1003.1e draft standard 17 functions for manipulating access -control lists. - -%package -n libacl-devel -Summary: Files needed for building programs with libacl -License: LGPLv2+ -Group: Development/Libraries -Requires: libacl = %{version}-%{release} -Requires: attr-devel - -%description -n libacl-devel -This package contains header files and documentation needed to develop -programs which make use of the access control list programming interface -defined in POSIX 1003.1e draft standard 17. - -%prep -%autosetup -p1 - -%build -%configure \ - --disable-static - -%make_build - -%install -%make_install %{?_smp_mflags} - -%find_lang %{name} - -%check -if ./setfacl -m u:$(id -u):rwx .; then - %make_build check -else - echo '*** The chroot file system does not support all ACL options ***' -fi - -%post -n libacl -/sbin/ldconfig - -%postun -n libacl -/sbin/ldconfig - -%files -f %{name}.lang -%defattr(-,root,root) -%{_bindir}/chacl -%{_bindir}/getfacl -%{_bindir}/setfacl -%{_mandir}/man1/chacl.1* -%{_mandir}/man1/getfacl.1* -%{_mandir}/man1/setfacl.1* -%{_mandir}/man5/acl.5* - -%files -n libacl-devel -%defattr(-,root,root) -%{_libdir}/libacl.so -%{_includedir}/%{name} -%{_includedir}/sys/acl.h -%{_mandir}/man3/acl_* -%{_docdir}/acl/* -%{_libdir}/pkgconfig/libacl.pc - -%files -n libacl -%defattr(-,root,root) -%{_libdir}/libacl.so.* - -%changelog -* Mon Jul 24 2023 Shreenidhi Shedi 2.3.1-2 -- Fix spec issues -* Mon Apr 12 2021 Gerrit Photon 2.3.1-1 -- Automatic Version Bump -* Mon Sep 17 2018 Ankit Jain 2.2.53-1 -- Updated to version 2.2.53 -* Fri Jul 28 2017 Chang Lee 2.2.52-5 -- Fixed %check for filtering unsupported check env -* Thu Nov 24 2016 Alexey Makhalov 2.2.52-4 -- BuildRequired attr-devel. -* Wed Oct 05 2016 ChangLee 2.2.52-3 -- Modified %check -* Tue May 24 2016 Priyesh Padmavilasom 2.2.52-2 -- GA - Bump release of all rpms -* Thu Feb 26 2015 Divya Thaluru 2.2.52-1 -- Initial version diff --git a/SPECS/aide/aide.conf b/SPECS/aide/aide.conf deleted file mode 100644 index 9374f606a8..0000000000 --- a/SPECS/aide/aide.conf +++ /dev/null @@ -1,82 +0,0 @@ -# Example configuration file for AIDE. - -@@define DBDIR /var/lib/aide - -# The location of the database to be read. -database_in=file:@@{DBDIR}/aide.db.gz - -# The location of the database to be written. -#database_out=sql:host:port:database:login_name:passwd:table -#database_out=file:aide.db.new -database_out=file:@@{DBDIR}/aide.db.new.gz - -# Whether to gzip the output to database -gzip_dbout=yes - -log_level=info - -report_url=file:/var/log/aide/aide.log -report_url=stdout -#report_url=stderr -#NOT IMPLEMENTED report_url=mailto:root@foo.com -#NOT IMPLEMENTED report_url=syslog:LOG_AUTH - -# These are the default rules. -# -#p: permissions -#i: inode: -#n: number of links -#u: user -#g: group -#s: size -#b: block count -#m: mtime -#a: atime -#c: ctime -#S: check for growing size -#md5: md5 checksum -#sha1: sha1 checksum -#rmd160: rmd160 checksum -#tiger: tiger checksum -#haval: haval checksum -#gost: gost checksum -#crc32: crc32 checksum -#R: p+i+n+u+g+s+m+c+md5 -#L: p+i+n+u+g -#E: Empty group -#>: Growing logfile p+u+g+i+n+S - -# You can create custom rules like this. - -NORMAL = R+b+sha512 - -DIR = p+i+n+u+g - -# Next decide what directories/files you want in the database. - -/boot NORMAL -/bin NORMAL -/sbin NORMAL -/lib NORMAL -/opt NORMAL -/usr NORMAL -/root NORMAL - -# Check only permissions, inode, user and group for /etc, but -# cover some important files closely. -/etc p+i+u+g -!/etc/mtab -/etc/exports NORMAL -/etc/fstab NORMAL -/etc/passwd NORMAL -/etc/group NORMAL -/etc/gshadow NORMAL -/etc/shadow NORMAL - -/var/log p+n+u+g - -# With AIDE's default verbosity level of 5, these would give lots of -# warnings upon tree traversal. It might change with future version. -# -#=/lost\+found DIR -#=/home DIR diff --git a/SPECS/aide/aide.spec b/SPECS/aide/aide.spec deleted file mode 100644 index df61092384..0000000000 --- a/SPECS/aide/aide.spec +++ /dev/null @@ -1,114 +0,0 @@ -Summary: Intrusion detection environment -Name: aide -Version: 0.17.4 -Release: 6%{?dist} -URL: /~https://github.com/aide/aide -License: GPLv2+ -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/aide/aide/releases/download/%{version}/%{name}-%{version}.tar.gz -%define sha512 %{name}=b6dba54fd204e1899d47b0b4139786cbeaa51c388027e2cfc1bb839297a70ae8ad6f37429594a730fac8007d62b4ba5b61a4aa22edbc55cbe986ccfaf5197f31 - -Source1: %{name}.conf - -BuildRequires: build-essential -BuildRequires: pcre-devel -BuildRequires: libgpg-error-devel -BuildRequires: openssl-devel -BuildRequires: zlib-devel -BuildRequires: curl-devel -BuildRequires: libgcrypt-devel -BuildRequires: audit-devel -BuildRequires: libacl-devel -BuildRequires: attr-devel -BuildRequires: libselinux-devel -BuildRequires: e2fsprogs-devel - -%if 0%{?with_check} -BuildRequires: check-devel -%endif - -Requires: pcre -Requires: libgpg-error -Requires: openssl -Requires: libgcrypt -Requires: audit -Requires: libacl -Requires: attr -Requires: libselinux -Requires: curl-libs -Requires: e2fsprogs - -%description -AIDE (Advanced Intrusion Detection Environment) is a file integrity -checker and intrusion detection program. - -%prep -%autosetup -p1 -n %{name}-%{version} - -%build -export HAVE_CHECK=1 -autoreconf -ivf -%configure \ - --disable-static \ - --with-config_file=%{_sysconfdir}/%{name}.conf \ - --with-gcrypt \ - --with-zlib \ - --with-curl \ - --with-posix-acl \ - --with-selinux \ - --with-xattr \ - --with-e2fsattrs \ - --with-audit - -%make_build - -%install -%make_install %{?_smp_mflags} - -mkdir -p %{buildroot}%{_sysconfdir} \ - %{buildroot}%{_sharedstatedir}/%{name} \ - %{buildroot}%{_var}/log/%{name} \ - -cp %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}.conf - -chmod 600 %{buildroot}%{_sysconfdir}/%{name}.conf - -chmod 700 %{buildroot}%{_sharedstatedir}/%{name} \ - %{buildroot}%{_var}/log/%{name} - -%if 0%{?with_check} -%check -make check %{?_smp_mflags} -%endif - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_bindir}/%{name} -%{_mandir}/* -%config(noreplace) %{_sysconfdir}/%{name}.conf -%dir %{_sharedstatedir}/%{name} -%{_var}/log/%{name} - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 0.17.4-6 -- Bump version as a part of openssl upgrade -* Wed Aug 23 2023 Shreenidhi Shedi 0.17.4-5 -- Use database_in inplace of database in aide.conf -* Fri Apr 14 2023 Shreenidhi Shedi 0.17.4-4 -- Bump version as a part of zlib upgrade -* Sat Mar 25 2023 Guruswamy Basavaiah 0.17.4-3 -- In aide.conf removed verbose option and introduced log_level option -* Thu Dec 22 2022 Guruswamy Basavaiah 0.17.4-2 -- Bump release as a part of libgpg-error upgrade to 1.46 -* Thu Sep 15 2022 Shreenidhi Shedi 0.17.4-1 -- Upgrade to v0.17.4 -* Tue Sep 29 2020 Satya Naga Vasamsetty 0.16.2-2 -- openssl 1.1.1 -* Wed Aug 14 2019 Tapas Kundu 0.16.2-1 -- Initial build for Photon diff --git a/SPECS/alsa-lib/alsa-lib.spec b/SPECS/alsa-lib/alsa-lib.spec deleted file mode 100644 index a5c1406295..0000000000 --- a/SPECS/alsa-lib/alsa-lib.spec +++ /dev/null @@ -1,69 +0,0 @@ -Summary: ALSA library -Name: alsa-lib -Version: 1.2.8 -Release: 1%{?dist} -License: LGPLv2+ -URL: http://alsa-project.org -Group: Applications/Internet -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://www.alsa-project.org/files/pub/lib/%{name}-%{version}.tar.bz2 -%define sha512 %{name}=865ff05a8f589996f8d63d43a91c961f1b64144f3e1d17c7074b7ac16f25b3fd1c371d46ed63a8cc20fa01e63c76b75f1a9802b56889ae1073854dd050d27688 - -BuildRequires: python3-devel - -Requires: python3 - -%description -The ALSA Library package contains the ALSA library used by programs -(including ALSA Utilities) requiring access to the ALSA sound interface. - -%package devel -Summary: Header and development files -Requires: %{name} = %{version}-%{release} - -%description devel -It contains the libraries and header files to create applications - -%prep -%autosetup -p1 - -%build -%configure -%make_build - -%install -%make_install %{?_smp_mflags} -rm -f %{buildroot}%{_libdir}/*.la - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/*.so* -%{_libdir}/pkgconfig/* -%exclude %dir %{_libdir}/debug -%{_datadir}/* - -%files devel -%defattr(-,root,root) -%{_includedir}/* - -%changelog -* Fri Oct 28 2022 Gerrit Photon 1.2.8-1 -- Automatic Version Bump -* Mon Jul 11 2022 Gerrit Photon 1.2.7.2-1 -- Automatic Version Bump -* Sun May 29 2022 Shreenidhi Shedi 1.2.6.1-2 -- Fix binary path -* Mon Apr 18 2022 Gerrit Photon 1.2.6.1-1 -- Automatic Version Bump -* Mon Apr 12 2021 Gerrit Photon 1.2.4-1 -- Automatic Version Bump -* Mon Jul 20 2020 Tapas Kundu 1.2.3.2-2 -- Build with python3 -- Mass removal python2 -* Wed Jul 08 2020 Gerrit Photon 1.2.3.2-1 -- Automatic Version Bump -* Mon Dec 10 2018 Alexey Makhalov 1.1.7-1 -- initial version, moved from Vivace. diff --git a/SPECS/alsa-utils/alsa-utils.spec b/SPECS/alsa-utils/alsa-utils.spec deleted file mode 100644 index ad791967be..0000000000 --- a/SPECS/alsa-utils/alsa-utils.spec +++ /dev/null @@ -1,71 +0,0 @@ -Summary: ALSA Utilities -Name: alsa-utils -Version: 1.2.8 -Release: 2%{?dist} -License: LGPLv2+ -URL: http://alsa-project.org -Group: Applications/Internet -Vendor: VMware, Inc. -Distribution: Photon -Source0: https://www.alsa-project.org/files/pub/utils/%{name}-%{version}.tar.bz2 -%define sha512 %{name}=882e6f67467596ed273bf554fcce87d8ef287806bbdabd6c103de4980981f9e2102fb3800c6e8628ee8e86ffb165c1c92f9370c8145f28a6cb7cca563942330b - -Patch0: ens1371.patch - -BuildRequires: alsa-lib-devel -BuildRequires: ncurses-devel -BuildRequires: systemd-devel - -Requires: linux-drivers-sound -Requires: alsa-lib -Requires: ncurses - -%description -The ALSA Utilities package contains various utilities which are useful for controlling your sound card. - -%prep -%autosetup -p1 - -%build -%configure --disable-alsaconf \ - --disable-xmlto \ - --with-udev-rules-dir=%{_udevrulesdir} \ - --with-systemdsystemunitdir=%{_unitdir} - -%make_build - -%install -%make_install %{?_smp_mflags} -install -dm 755 %{buildroot}%{_sharedstatedir}/alsa -find %{buildroot} -name \*.la -delete - -%post -alsactl init -alsactl -L store - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_sbindir}/* -%{_datadir}/* -%{_localstatedir}/* -%{_unitdir}/* -%{_udevrulesdir}/* -%{_libdir}/alsa-topology/libalsatplg_module_nhlt.so -%exclude %dir %{_libdir}/debug - -%changelog -* Fri Jun 09 2023 Nitesh Kumar 1.2.8-2 -- Bump version as a part of ncurses upgrade to v6.4 -* Fri Oct 28 2022 Gerrit Photon 1.2.8-1 -- Automatic Version Bump -* Mon Jul 11 2022 Gerrit Photon 1.2.7-1 -- Automatic Version Bump -* Mon Feb 28 2022 Shreenidhi Shedi 1.2.4-2 -- Fix binary path -* Mon Apr 12 2021 Gerrit Photon 1.2.4-1 -- Automatic Version Bump -* Wed Jul 08 2020 Gerrit Photon 1.2.3-1 -- Automatic Version Bump -* Mon Dec 10 2018 Alexey Makhalov 1.1.7-1 -- initial version, moved from Vivace diff --git a/SPECS/alsa-utils/ens1371.patch b/SPECS/alsa-utils/ens1371.patch deleted file mode 100644 index f11c55ba16..0000000000 --- a/SPECS/alsa-utils/ens1371.patch +++ /dev/null @@ -1,54 +0,0 @@ -diff -Naur alsa-utils-1.0.29/alsactl/init/00main alsa-utils-1.0.29_/alsactl/init/00main ---- alsa-utils-1.0.29/alsactl/init/00main 2015-02-26 06:49:40.000000000 -0800 -+++ alsa-utils-1.0.29_/alsactl/init/00main 2015-06-02 09:57:23.342226526 -0700 -@@ -32,6 +32,7 @@ - # real ALSA configuration database - CARDINFO{driver}=="HDA-Intel", INCLUDE="hda", GOTO="init_end" - CARDINFO{driver}=="CA0106", INCLUDE="ca0106", GOTO="init_end" -+CARDINFO{driver}=="ENS1371", INCLUDE="ens1371", GOTO="init_end" - CARDINFO{driver}=="Test", INCLUDE="test", GOTO="init_end" - - LABEL="init_end" -diff -Naur alsa-utils-1.0.29/alsactl/init/ens1371 alsa-utils-1.0.29_/alsactl/init/ens1371 ---- alsa-utils-1.0.29/alsactl/init/ens1371 1969-12-31 16:00:00.000000000 -0800 -+++ alsa-utils-1.0.29_/alsactl/init/ens1371 2014-01-16 20:20:09.000000000 -0800 -@@ -0,0 +1,15 @@ -+# Configuration for ensoniq based cards -+ -+CARDINFO{mixername}=="Cirrus Logic CS4297A rev 3", \ -+ ATTR{subsystem_vendor}=="0x1274", ATTR{subsystem_device}=="0x1371", \ -+ GOTO="vmware-ac97" -+RESULT="false", EXIT="return" -+ -+LABEL="vmware-ac97" -+# playback -+CTL{reset}="mixer" -+CTL{name}="Master Playback Volume", CTL{value}="0dB,0dB" -+CTL{name}="Master Playback Switch", CTL{value}="on" -+CTL{name}="PCM Playback Volume", CTL{value}="51dB,51dB" -+CTL{name}="PCM Playback Switch", CTL{value}="on" -+RESULT="true", EXIT="return" -diff -Naur alsa-utils-1.0.29/alsactl/init/Makefile.am alsa-utils-1.0.29_/alsactl/init/Makefile.am ---- alsa-utils-1.0.29/alsactl/init/Makefile.am 2015-02-26 06:49:40.000000000 -0800 -+++ alsa-utils-1.0.29_/alsactl/init/Makefile.am 2015-06-02 10:50:52.732086372 -0700 -@@ -1,7 +1,7 @@ - - init_files = \ - 00main default help info test \ -- hda ca0106 -+ hda ca0106 ens1371 - EXTRA_DIST = $(init_files) - alsainitdir = $(datadir)/alsa/init - alsainit_DATA = $(init_files) -diff -Naur alsa-utils-1.0.29/alsactl/init/Makefile.in alsa-utils-1.0.29_/alsactl/init/Makefile.in ---- alsa-utils-1.0.29/alsactl/init/Makefile.in 2015-02-26 06:50:21.000000000 -0800 -+++ alsa-utils-1.0.29_/alsactl/init/Makefile.in 2015-06-02 10:50:45.164213531 -0700 -@@ -246,7 +246,7 @@ - xmlto_available = @xmlto_available@ - init_files = \ - 00main default help info test \ -- hda ca0106 -+ hda ca0106 ens1371 - - EXTRA_DIST = $(init_files) - alsainitdir = $(datadir)/alsa/init diff --git a/SPECS/amdvlk/amdvlk.spec b/SPECS/amdvlk/amdvlk.spec deleted file mode 100644 index f6446162c5..0000000000 --- a/SPECS/amdvlk/amdvlk.spec +++ /dev/null @@ -1,69 +0,0 @@ -Summary: AMD Open Source Driver for Vulkan -Name: amdvlk -Version: 2023.Q1.3 -Release: 3%{?dist} -License: MIT -URL: /~https://github.com/GPUOpen-Drivers/AMDVLK -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/GPUOpen-Drivers/AMDVLK/archive/refs/tags/%{name}-%{version}.tar.xz -%define sha512 %{name}=118c960c1a737f48095667283278d901284bdd5d6e9853759026781600decb59a81436683545063316661a11300dbc1be2b6e71cecf9968be91a31d83d09ae34 - -BuildRequires: cmake -BuildRequires: ninja-build -BuildRequires: proto -BuildRequires: libxcb-devel -BuildRequires: libX11-devel -BuildRequires: wayland-devel -BuildRequires: libwayland-client -BuildRequires: libxml2-devel -BuildRequires: libffi-devel -BuildRequires: libXrandr-devel -BuildRequires: libXrender-devel -BuildRequires: libxshmfence-devel - -%description -AMD Open Source Driver for Vulkan - -%prep -%autosetup -p1 - -%build -cmake -B %{_target_platform} \ - -DCMAKE_INSTALL_DO_STRIP:BOOL=OFF \ - -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} \ - -DINCLUDE_INSTALL_DIR:PATH=%{_includedir} \ - -DLIB_INSTALL_DIR:PATH=%{_libdir} \ - -DCMAKE_INSTALL_LIBDIR=lib \ - -DSYSCONF_INSTALL_DIR:PATH=%{_sysconfdir} \ - -DSHARE_INSTALL_PREFIX:PATH=%{_datadir} \ - -GNinja -DCMAKE_BUILD_TYPE=RelWithDebInfo \ - -S xgl -DLLVM_PARALLEL_LINK_JOBS=1 \ - -DVKI_RAY_TRACING=OFF -Wno-dev -cmake --build %{_target_platform} %{?_smp_mflags} --verbose - -%install -DESTDIR=%{buildroot} cmake --install %{_target_platform} --component icd -chmod +x %{buildroot}%{_libdir}/amdvlk64.so - -%clean -rm -rf %{buildroot}/* - -%ldconfig_scriptlets - -%files -%defattr(-,root,root) -%{_sysconfdir}/vulkan/icd.d/amd_icd64.json -%{_sysconfdir}/vulkan/implicit_layer.d/amd_icd64.json -%{_libdir}/amdvlk64.so -%license %{_datadir}/doc/%{name}/LICENSE.txt - -%changelog -* Wed Jun 14 2023 Shivani Agarwal 2023.Q1.3-3 -- Bump version as a part of libX11 upgrade -* Wed Apr 19 2023 Ashwin Dayanand Kamat 2023.Q1.3-2 -- Bump version as a part of libxml2 upgrade -* Thu Feb 23 2023 Shivani Agarwal - 2023.Q1.3-1 -- Initial version diff --git a/SPECS/ansible-community-general/ansible-community-general.spec b/SPECS/ansible-community-general/ansible-community-general.spec deleted file mode 100644 index bca9fa37c0..0000000000 --- a/SPECS/ansible-community-general/ansible-community-general.spec +++ /dev/null @@ -1,59 +0,0 @@ -%global collection_namespace community -%global collection_name general - -Summary: Modules and plugins supported by Ansible community -Name: ansible-community-general -Version: 6.3.0 -Release: 1%{?dist} -License: GPL-3.0-or-later AND BSD-2-Clause AND MIT AND PSF-2.0 -URL: /~https://github.com/ansible-collections/community.general -Group: Development/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/ansible-collections/community.general/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}-%{version}=33881ae519e6378152cf5ef9d9dcc209bc7e5e218190ba48b61a7635890c6abf5089b8d199e78518d1a06a3e8e0e8c25b5da1d03fc6cbb8929c3bd07cd0798f4 - -BuildArch: noarch - -BuildRequires: ansible-devel - -Requires: ansible - -%description -This repository contains the community.general Ansible Collection. The collection is a part of the -Ansible package and includes many modules and plugins supported by Ansible community which are not -part of more specialized community collections. - -%prep -%autosetup -p1 -n community.general-%{version} -rm -vr .github .azure-pipelines -find -type f ! -executable -name '*.py' -print -exec sed -i -e '1{\@^#!.*@d}' '{}' + -find -type f -name '.gitignore' -print -delete - -%build -export LANG="en_US.UTF-8" LC_ALL="en_US.UTF-8" -%{ansible_collection_build} - -%install -export LANG="en_US.UTF-8" LC_ALL="en_US.UTF-8" -%{ansible_collection_install} -rm -vr %{buildroot}%{ansible_collection_files}/%{collection_name}/tests - -%files -%defattr(-, root, root) -%{ansible_collection_files} - -%changelog -* Wed Feb 22 2023 Nitesh Kumar 6.3.0-1 -- Version upgrade to v6.3.0 -* Tue Dec 13 2022 Gerrit Photon 6.1.0-1 -- Automatic Version Bump -* Fri Nov 25 2022 Shreenidhi Shedi 6.0.1-1 -- Upgrade to v6.0.1 -* Tue Oct 25 2022 Gerrit Photon 5.8.0-1 -- Automatic Version Bump -* Thu Oct 06 2022 Gerrit Photon 5.7.0-1 -- Automatic Version Bump -* Wed Sep 28 2022 Nitesh Kumar 5.6.0-1 -- Initial version diff --git a/SPECS/ansible-posix/ansible-posix.spec b/SPECS/ansible-posix/ansible-posix.spec deleted file mode 100644 index 63852893d3..0000000000 --- a/SPECS/ansible-posix/ansible-posix.spec +++ /dev/null @@ -1,56 +0,0 @@ -%global collection_namespace ansible -%global collection_name posix - -Summary: Ansible Collection targeting POSIX and POSIX-ish platforms -Name: ansible-posix -Version: 1.5.1 -Release: 1%{?dist} -License: GPLv3+ and Python -URL: /~https://github.com/ansible-collections/ansible.posix -Group: Development/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/ansible-collections/ansible.posix/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}-%{version}=5132d792b75c2b6d3779e95c28c1141807286b6f77370a5fa95325a74f723409393eb2d2585aa1b99f92b390925b6b76e208f0b25367397db7ccb5de869c252f - -BuildArch: noarch - -BuildRequires: ansible-devel - -Requires: ansible - -%description -An Ansible Collection of modules and plugins that target POSIX UNIX/Linux and derivative Operating Systems. - -%prep -%autosetup -n ansible.posix-%{version} -rm -vr tests/{integration,utils} \ - .github \ - changelogs/fragments/.keep \ - {test-,}requirements.txt \ - shippable.yml \ - .azure-pipelines - -find -type f ! -executable -name '*.py' -print -exec sed -i -e '1{\@^#!.*@d}' '{}' + -find -type f -name '.gitignore' -print -delete - -%build -export LANG="en_US.UTF-8" LC_ALL="en_US.UTF-8" -%{ansible_collection_build} - -%install -export LANG="en_US.UTF-8" LC_ALL="en_US.UTF-8" -%{ansible_collection_install} - -%files -%defattr(-, root, root) -%{ansible_collection_files} - -%changelog -* Wed Feb 22 2023 Nitesh Kumar 1.5.1-1 -- Version upgrade to v1.5.1 -* Fri Nov 25 2022 Shreenidhi Shedi 1.4.0-2 -- Bump version as a part of ansible upgrade -* Wed Sep 28 2022 Nitesh Kumar 1.4.0-1 -- Initial version diff --git a/SPECS/ansible/ansible.spec b/SPECS/ansible/ansible.spec deleted file mode 100644 index d12a9f5f90..0000000000 --- a/SPECS/ansible/ansible.spec +++ /dev/null @@ -1,126 +0,0 @@ -Summary: Configuration-management, application deployment, cloud provisioning system -Name: ansible -Version: 2.14.2 -Release: 2%{?dist} -License: GPLv3+ -URL: https://www.ansible.com -Group: Development/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://releases.ansible.com/ansible/%{name}-%{version}.tar.gz -%define sha512 %{name}=46ad59c694bf2aa1fc42d2f3b3074244c8d1d3acb61eb5787bd18d1efe3cc534459fc9c0628a0f60c67bd82c998f8cbbac80babf24258c37ff5ce95c8cf7900d - -Source1: tdnf.py -Source2: macros.ansible -Source3: ansible_collection.py - -BuildArch: noarch - -BuildRequires: python3-devel -BuildRequires: python3-setuptools -BuildRequires: python3-resolvelib - -%if 0%{?with_check} -BuildRequires: python3-pip -BuildRequires: python3-jinja2 >= 3.1.2 -BuildRequires: python3-PyYAML -BuildRequires: python3-pytest -BuildRequires: python3-cryptography -%endif - -Requires: python3 -Requires: python3-jinja2 >= 3.1.2 -Requires: python3-PyYAML -Requires: python3-xml -Requires: python3-paramiko -Requires: python3-resolvelib -Requires: python3-curses - -%description -Ansible is a radically simple IT automation system. It handles configuration-management, application deployment, cloud provisioning, ad-hoc task-execution, and multinode orchestration - including trivializing things like zero downtime rolling updates with load balancers. - -%package devel -Summary: Development files for ansible packages -Requires: %{name} = %{version}-%{release} - -%description devel -Development files for ansible packages - -%prep -%autosetup -p1 -cp -vp %{SOURCE1} lib/%{name}/modules/ - -%build -%py3_build - -%install -%py3_install -install -Dpm0644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.%{name} -touch -r %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.%{name} -install -Dpm0744 %{SOURCE3} %{buildroot}%{_rpmconfigdir}/%{name}_collection.py -touch -r %{SOURCE3} %{buildroot}%{_rpmconfigdir}/%{name}_collection.py - -%files -%defattr(-, root, root) -%{_bindir}/* -%{python3_sitelib}/* - -%files devel -%defattr(-, root, root) -%{_rpmmacrodir}/macros.%{name} -%{_rpmconfigdir}/%{name}_collection.py - -%changelog -* Mon Nov 13 2023 Shreenidhi Shedi 2.14.2-2 -- Fix requires -- Fix an issue in upgrade using playbook. -* Wed Feb 22 2023 Nitesh Kumar 2.14.2-1 -- Version upgrade to v2.14.2 -* Fri Dec 16 2022 Nitesh Kumar 2.14.1-1 -- Version upgrade to v2.14.1 -* Tue Dec 06 2022 Prashant S Chauhan 2.14.0-2 -- Update release to compile with python 3.11 -* Fri Nov 25 2022 Shreenidhi Shedi 2.14.0-1 -- Upgrade to v2.14.0 -* Fri Oct 28 2022 Gerrit Photon 2.13.5-1 -- Automatic Version Bump -* Wed Sep 28 2022 Nitesh Kumar 2.13.3-2 -- Adding devel sub package -* Sat Sep 03 2022 Shreenidhi Shedi 2.13.3-1 -- Upgrade to v2.13.3 -* Mon Apr 18 2022 Gerrit Photon 2.9.27-1 -- Automatic Version Bump -* Fri Dec 10 2021 Shreenidhi Shedi 2.12.1-1 -- Upgrade to v2.12.1 & fix tdnf module packaging -* Wed Jun 02 2021 Shreenidhi Shedi 2.11.1-1 -- Bump version to 2.11.1 -* Mon Apr 12 2021 Gerrit Photon 2.9.20-1 -- Automatic Version Bump -* Fri Jul 03 2020 Shreendihi Shedi 2.9.10-1 -- Upgrade to version 2.9.10 -- Removed python2 dependancy -* Mon Apr 20 2020 Shreenidhi Shedi 2.8.10-2 -- Fix CVE-2020-1733, CVE-2020-1739 -* Fri Apr 03 2020 Shreenidhi Shedi 2.8.10-1 -- Upgrade version to 2.8.10 & various CVEs fixed -* Sun Feb 16 2020 Shreenidhi Shedi 2.8.3-3 -- Fix 'make check' -* Thu Feb 06 2020 Shreenidhi Shedi 2.8.3-2 -- Fix for CVE-2019-14864 -- Fix dependencies -- Patch to support tdnf operations -* Mon Aug 12 2019 Shreenidhi Shedi 2.8.3-1 -- Upgraded to version 2.8.3 -* Tue Jan 22 2019 Anish Swaminathan 2.7.6-1 -- Version update to 2.7.6, fix CVE-2018-16876 -* Mon Sep 17 2018 Ankit Jain 2.6.4-1 -- Version update to 2.6.4 -* Thu Oct 12 2017 Anish Swaminathan 2.4.0.0-1 -- Version update to 2.4.0.0 -* Thu Jun 01 2017 Dheeraj Shetty 2.2.2.0-2 -- Use python2 explicitly -* Thu Apr 6 2017 Alexey Makhalov 2.2.2.0-1 -- Version update -* Wed Sep 21 2016 Xiaolin Li 2.1.1.0-1 -- Initial build. First version diff --git a/SPECS/ansible/ansible_collection.py b/SPECS/ansible/ansible_collection.py deleted file mode 100644 index 70093bedb7..0000000000 --- a/SPECS/ansible/ansible_collection.py +++ /dev/null @@ -1,153 +0,0 @@ -#!/usr/bin/python3 -# SPDX-License-Identifier: GPL-3.0-or-later -# SPDX-FileCopyrightText 2022 Maxwell G - -""" -This script uses Ansible Collection metadata from galaxy.yml to figure out the -namespace, name, and version of the collection being packaged. - -``ansible_collection.py install`` (used by %ansible_collecton_install) uses -this information to find and install the collection artifact that was just -built with %ansible_collection_build. It also generates a files list for use -with `%files -f`. - -``ansible_collection.py test`` (used by %ansible_test_unit) parses galaxy.yml -to determine the collection namespace and name that's needed to create the -directory structure that ansible-test expects. After creating a temporary build -directory with the needed structure, the script runs ansible-test units with -the provided arguments. -""" - -import argparse -import shutil -import subprocess -import sys -from pathlib import Path -from tempfile import TemporaryDirectory -from typing import Any, Dict, Optional, Sequence, Union - -from yaml import CSafeLoader, load - - -class CollectionError(Exception): - pass - - -class AnsibleCollection: - def __init__(self, collection_srcdir: Optional[Path] = None) -> None: - self.collection_srcdir = collection_srcdir or Path.cwd() - self.data = self._load_data() - self.namespace = self.data["namespace"] - self.name = self.data["name"] - self.version = self.data["version"] - - def _load_data(self) -> Dict[str, Any]: - path = self.collection_srcdir / "galaxy.yml" - if not path.exists(): - raise CollectionError(f"{path} does not exist!") - print(f"Loading collection metadata from {path}") - - with open(path, encoding="utf-8") as file: - return load(file, Loader=CSafeLoader) - - def install(self, destdir: Union[str, Path]) -> None: - artifact = self.collection_srcdir / Path( - f"{self.namespace}-{self.name}-{self.version}.tar.gz" - ) - if not artifact.exists() and not artifact.is_file(): - raise CollectionError( - f"{artifact} does not exist! Did you run %ansible_collection_build?" - ) - - args = ( - "ansible-galaxy", - "collection", - "install", - "-n", - "-p", - str(destdir), - str(artifact), - ) - print(f"Running: {args}") - print() - # Without this, the print statements are shown after the command - # output when building in mock. - sys.stdout.flush() - subprocess.run(args, check=True, cwd=self.collection_srcdir) - print() - - def write_filelist(self, filelist: Path) -> None: - filelist.parent.mkdir(parents=True, exist_ok=True) - contents = "%{ansible_collections_dir}/" + self.namespace - print(f"Writing filelist to {filelist}") - with open(filelist, "w", encoding="utf-8") as file: - file.write(contents) - - def unit_test(self, extra_args: Sequence) -> None: - with TemporaryDirectory() as temp: - temppath = Path(temp) / "ansible_collections" / self.namespace / self.name - shutil.copytree( - self.collection_srcdir, - temppath, - ) - args = ("ansible-test", "units", *extra_args) - print(f"Running: {args}") - print() - # Without this, the print statements are shown after the command - # output when building in mock. - sys.stdout.flush() - subprocess.run(args, cwd=temppath, check=True) - - -def parseargs() -> argparse.Namespace: - parser = argparse.ArgumentParser( - "Install and test Ansible Collections in an rpmbuild environment" - ) - subparsers = parser.add_subparsers(dest="action") - install_parser = subparsers.add_parser( - "install", - help="Run ansible-galaxy collection install and write filelist", - ) - install_parser.add_argument( - "--collections-dir", - required=True, - help="Collection destination directory", - type=Path, - ) - install_parser.add_argument( - "--filelist", - type=Path, - required=True, - help="%%{ansible_collection_filelist}", - ) - - test_parser = subparsers.add_parser( - "test", - help="Run ansible-test unit after creating the necessary directory structure", - ) - test_parser.add_argument( - "extra_args", nargs="*", help="Extra arguments to pass to ansible-test" - ) - args = parser.parse_args() - # add_subparsers does not support required on Python 3.6 - if not args.action: - parser.print_usage() - sys.exit(2) - return args - - -def main(): - args = parseargs() - collection = AnsibleCollection() - if args.action == "install": - collection.install(args.collections_dir) - collection.write_filelist(args.filelist) - elif args.action == "test": - collection.unit_test(args.extra_args) - - -if __name__ == "__main__": - try: - main() - except (CollectionError, subprocess.CalledProcessError) as err: - sys.exit(err) diff --git a/SPECS/ansible/macros.ansible b/SPECS/ansible/macros.ansible deleted file mode 100644 index 64e9cf9377..0000000000 --- a/SPECS/ansible/macros.ansible +++ /dev/null @@ -1,32 +0,0 @@ -# Stores ephemeral data that's created by %%ansible_collection_install -# and used by other macros. -%__ansible_builddir %{_builddir}/%{?buildsubdir:%{buildsubdir}/}.ansible-packaging - -%ansible_roles_dir %{_datadir}/ansible/roles -%ansible_collections_dir %{_datadir}/ansible/collections/ansible_collections - -%ansible_collection_build() ansible-galaxy collection build - -# On F36, package-notes-srpm-macros inserts a package note file into -# %%{buildsubdir} that ends up getting included in the collection builds. -%ansible_collection_install() %{shrink: -%undefine _package_note_file -%{_rpmconfigdir}/ansible_collection.py install ---collections-dir %{buildroot}%{ansible_collections_dir} ---filelist %{ansible_collection_filelist} -} - -%ansible_test_unit() %{shrink: -%{_rpmconfigdir}/ansible_collection.py test -- ---python-interpreter %{__python3} --local %{?*} -} - -# TODO: Officially deprecate this macro and add the following line to the macro -# def after the new approach has gotten more testing and adoption: -# %%{warn: %%{ansible_collection_files} is deprecated. Use %%files -f %%{ansible_collection_filelist} instead.} -%ansible_collection_files %{shrink: -%{ansible_collections_dir}/%{collection_namespace}/ -} - -%ansible_collection_filelist %{__ansible_builddir}/ansible_collection_files - diff --git a/SPECS/ansible/tdnf.py b/SPECS/ansible/tdnf.py deleted file mode 100644 index b49273295f..0000000000 --- a/SPECS/ansible/tdnf.py +++ /dev/null @@ -1,371 +0,0 @@ -#!/usr/bin/python3 -# -*- coding: utf-8 -*- - -# Copyright (C) 2021 VMware, Inc. All Rights Reserved. -# -# GNU General Public License v3.0+ (https://www.gnu.org/licenses/gpl-3.0.txt) -# - -""" tdnf ansible module for Photon OS """ - -from __future__ import absolute_import, division, print_function - -__metaclass__ = type - - -DOCUMENTATION = """ ---- -module: tdnf -short_description: Tiny DNF package manager -description: - - Manages rpm packages in VMware Photon OS. -version_added: "2.12.1" -options: - name: - description: - - A package name, like C(foo), or multiple packages, like C(foo, bar). - aliases: - - pkg - type: list - elements: str - - state: - description: - - Indicates the desired package(s) state. - - C(present) ensures the package(s) is/are present. - - C(absent) ensures the package(s) is/are absent. - - C(latest) ensures the package(s) is/are present and the latest version(s). - - C(removed) ensures the package(s) is/are removed. - - C(installed) ensures the package(s) is/are installed. - type: str - default: present - choices: ['present', 'installed', 'absent', 'removed', 'latest'] - - update_cache: - description: - - Update repo metadata cache. Can be run with other steps or on it's own. - type: bool - default: 'no' - - upgrade: - description: - - Upgrade all installed packages to their latest version. - type: bool - default: 'no' - - enablerepo: - description: - - I(Repoid) of repositories to enable for the install/update operation. - When specifying multiple repos, separate them with a ",". - type: list - elements: str - - disablerepo: - description: - - I(Repoid) of repositories to disable for the install/update operation. - When specifying multiple repos, separate them with a ",". - type: list - elements: str - - conf_file: - description: - - The tdnf configuration file to use for the transaction. - type: str - - disable_gpg_check: - description: - - Whether to disable the GPG checking of signatures of packages being - installed. Has an effect only if state is I(present) or I(latest). - type: bool - default: 'no' - - installroot: - description: - - Specifies an alternative installroot, relative to which all packages - will be installed. - type: str - default: '/' - - security_severity: - description: - - Specifies the CVSS v3 score above which to install updates for packages - type: str - - releasever: - description: - - Specifies an alternative release from which all packages will be - installed. - type: str - - exclude: - description: - - Package name(s) to exclude when state=present, or latest. This can be a - list or a comma separated string. - type: list - elements: str - -author: - - Anish Swaminathan (@suezzelur) - - Shreenidhi Shedi (@sshedi) - -notes: - - '"name" and "upgrade" are mutually exclusive.' - - When used with a `loop:` each package will be processed individually, it is much more efficient to pass the list directly to the `name` option. -""" - -EXAMPLES = """ -# Update repositories and install "foo" package -- tdnf: - name: ['foo'] - update_cache: yes - -# Update repositories and install "foo" and "bar" packages -- tdnf: - name: ['foo', 'bar'] - update_cache: yes - -# Remove "foo" package -- tdnf: - name: ['foo'] - state: absent - -# Remove "foo" and "bar" packages -- tdnf: - name: ['foo', 'bar'] - state: absent - -# Install the package "foo" -- tdnf: - name: ['foo'] - state: present - -# Install the packages "foo" and "bar" -- tdnf: - name: ['foo', 'bar'] - state: present - -# Update repositories and update package "foo" to latest version -- tdnf: - name: ['foo'] - state: latest - update_cache: yes - -# Update repositories and update packages "foo" and "bar" to latest versions -- tdnf: - name: ['foo', 'bar'] - state: latest - update_cache: yes - -# Update all installed packages to the latest versions -- tdnf: - upgrade: yes - -# Update repositories as a separate step -- tdnf: - update_cache: yes -""" - -RETURN = """ -stdout: - description: output from tdnf - returned: success, when needed - type: str -stderr: - description: error output from tdnf - returned: success, when needed - type: str -rc: - description: tdnf command return value - returned: 0 on success - type: int -""" - -from ansible.module_utils.basic import AnsibleModule - - -def prep_tdnf_cmd(cmd, p_dict): - """Prepare tdnf command based on given configs""" - if p_dict["excludelist"]: - cmd = "%s --exclude %s" % (cmd, ",".join(p_dict["excludelist"])) - - if p_dict["disable_gpg_check"]: - cmd = "%s --nogpgcheck" % cmd - - if p_dict["releasever"]: - cmd = "%s --releasever %s" % (cmd, p_dict["releasever"]) - - if p_dict["conf_file"]: - cmd = "%s -c %s" % (cmd, p_dict["conf_file"]) - - if p_dict["installroot"] != "/": - cmd = "%s --installroot %s" % (cmd, p_dict["installroot"]) - - for repo in p_dict["enablerepolist"]: - cmd = "%s --enablerepo=%s" % (cmd, repo) - - for repo in p_dict["disablerepolist"]: - cmd = "%s --disablerepo=%s" % (cmd, repo) - - if p_dict["security_severity"]: - cmd = "%s --sec-severity %s" % (cmd, p_dict["security_severity"]) - - return cmd - - -def exec_cmd(module, params): - """ - Run the final command - get_out is a special value from update_package_db - if it's set, we just update the db cache and exit - """ - get_out = params.get("get_out", False) - check_rc = params.get("check_rc", False) - - rc, out, err = module.run_command(params["cmd"], check_rc=check_rc) - if rc: - module.fail_json(msg=params["msg_f"], stdout=out, stderr=err) - elif ("get_out" not in params and rc == 0) or get_out: - module.exit_json(changed=True, msg=params["msg_s"], stdout=out, stderr=err) - - -def update_package_db(module, get_out, p_dict): - """Update tdnf cache metadata""" - cmd = "%s makecache --refresh -q" % (p_dict["tdnf"]) - cmd = prep_tdnf_cmd(cmd, p_dict) - - params = { - "cmd": cmd, - "msg_s": "Updated package db", - "msg_f": "Could not update package db", - "get_out": get_out, - } - exec_cmd(module, params) - - -def upgrade_packages(module, p_dict): - """Upgrade all packages""" - cmd = "%s upgrade -y" % (p_dict["tdnf"]) - cmd = prep_tdnf_cmd(cmd, p_dict) - params = { - "cmd": cmd, - "msg_s": "Upgraded packages", - "msg_f": "Failed to upgrade packages", - } - - exec_cmd(module, params) - - -def install_packages(module, p_dict): - """Install given packages""" - packages = " ".join(p_dict["pkglist"]) - cmd = "%s install -y" % (p_dict["tdnf"]) - cmd = prep_tdnf_cmd(cmd, p_dict) - cmd = "%s %s" % (cmd, packages) - - params = { - "cmd": cmd, - "msg_s": "Installed %s package(s)" % (packages), - "msg_f": "Failed to install %s" % (packages), - } - - exec_cmd(module, params) - - -def remove_packages(module, p_dict): - """Erase/Uninstall packages""" - packages = " ".join(p_dict["pkglist"]) - cmd = "%s erase -y %s" % (p_dict["tdnf"], packages) - - params = { - "cmd": cmd, - "msg_s": "Removed %s package(s)" % (packages), - "msg_f": "Failed to remove %s package(s)" % (packages), - } - - exec_cmd(module, params) - - -def convert_to_list(input_list): - """Convert nested list into flat list""" - flat_list = [] - - if not input_list: - return flat_list - - for sublist in input_list: - if not isinstance(sublist, list): - flat_list.append(sublist) - continue - for item in sublist: - flat_list.append(item) - - return flat_list - - -def main(): - """Trigger point function""" - choices = ["present", "installed", "absent", "removed", "latest"] - module = AnsibleModule( - argument_spec=dict( - state=dict(default="present", choices=choices), - name=dict(type="list", elements="str", aliases=["pkg"]), - update_cache=dict(default=False, type="bool"), - upgrade=dict(default=False, type="bool"), - enablerepo=dict(type="list", default=[], elements="str"), - disablerepo=dict(type="list", default=[], elements="str"), - disable_gpg_check=dict(type="bool", default=False), - exclude=dict(type="list", default=[], elements="str"), - installroot=dict(type="str", default="/"), - security_severity=dict(type="str", default=None), - releasever=dict(default=None), - conf_file=dict(type="str", default=None), - ), - required_one_of=[["name", "update_cache", "upgrade", "security_severity"]], - mutually_exclusive=[["name", "upgrade"], ["name", "security_severity"]], - supports_check_mode=True, - ) - - # Set LANG env since we parse stdout - module.run_command_environ_update = dict( - LANG="C", LC_ALL="C", LC_MESSAGES="C", LC_CTYPE="C" - ) - - p_dict = module.params - - pkglist = convert_to_list(p_dict["name"]) - enablerepolist = convert_to_list(p_dict["enablerepo"]) - disablerepolist = convert_to_list(p_dict["disablerepo"]) - excludelist = convert_to_list(p_dict["exclude"]) - - p_dict["tdnf"] = module.get_bin_path("tdnf", required=True) - p_dict["pkglist"] = pkglist - p_dict["enablerepolist"] = enablerepolist - p_dict["disablerepolist"] = disablerepolist - p_dict["excludelist"] = excludelist - - # normalize the state parameter - if p_dict["state"] in ["present", "installed", "latest"]: - p_dict["state"] = "present" - - if p_dict["state"] in ["absent", "removed"]: - p_dict["state"] = "absent" - - if p_dict["update_cache"]: - get_out = True - for key in ["name", "upgrade", "security_severity"]: - if p_dict[key]: - get_out = False - break - update_package_db(module, get_out, p_dict) - - if p_dict["upgrade"]: - upgrade_packages(module, p_dict) - - if p_dict["state"] == "present": - install_packages(module, p_dict) - else: - remove_packages(module, p_dict) - - -if __name__ == "__main__": - main() diff --git a/SPECS/ant-contrib/ant-contrib-java-8.patch b/SPECS/ant-contrib/ant-contrib-java-8.patch deleted file mode 100644 index 7f47501888..0000000000 --- a/SPECS/ant-contrib/ant-contrib-java-8.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff --git a/build.xml b/build.xml -index eb6a80b..dcf3522 100644 ---- a/build.xml -+++ b/build.xml -@@ -58,8 +58,8 @@ - destdir="${target.classes.dir}" - debug="true" - classpathref="compile.classpath" -- source="${jdk.source}" -- target="${jdk.target}" -+ source="1.8" -+ target="1.8" - /> - - -@@ -73,8 +73,8 @@ - -+ source="1.8" -+ target="1.8"> - - - diff --git a/SPECS/ant-contrib/ant-contrib.spec b/SPECS/ant-contrib/ant-contrib.spec deleted file mode 100644 index be51cc8687..0000000000 --- a/SPECS/ant-contrib/ant-contrib.spec +++ /dev/null @@ -1,96 +0,0 @@ -%define ant_prefix %{_var}/opt/ant-contrib - -Summary: Ant contrib -Name: ant-contrib -Version: 1.0b3 -Release: 18%{?dist} -License: Apache -URL: http://ant-contrib.sourceforget.net -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -BuildArch: noarch - -Source0: https://packages.vmware.com/photon/photon_sources/1.0/%{name}-%{version}-src.tar.gz -%define sha512 %{name}=fe59ad4867a00429719a7401701a433a90ed9c6ddb49a37072f8486ae0ca9c3da685a49d9376c8bb7b38f114a5293e1698b7fb314e71198bbb80f729547402eb - -Patch0: use-system-provided-commons-httpclient-jar.patch -Patch1: ant-contrib-java-8.patch - -BuildRequires: openjdk11 -BuildRequires: apache-ant -BuildRequires: commons-httpclient - -Requires: (openjdk11-jre or openjdk17-jre) -Requires: apache-ant - -%description -The Ant Contrib project is a collection of tasks for Apache Ant. - -%prep -%autosetup -p1 -n %{name} -# Use system provided commons-httpclient jar instead of bundled one -find . -name '*.jar' -or -name '*.class' -delete - -cp %{_datadir}/java/commons-httpclient/commons-httpclient.jar \ - lib/commons-httpclient/jars/commons-httpclient-3.1.jar - -%build -export JAVA_HOME=$(echo %{_libdir}/jvm/OpenJDK-*) -ant -Ddist.dir="." -Dproject.version=%{version} dist - -%install -export JAVA_HOME=$(echo %{_libdir}/jvm/OpenJDK-*) -mkdir -p -m 700 %{buildroot}%{_var}/opt - -cd %{buildroot}%{_var}/opt -tar xzf %{_builddir}/%{name}/%{name}-%{version}-bin.tar.gz --wildcards "*.jar" - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root) -%dir %{ant_prefix} -%dir %{ant_prefix}/lib -%{ant_prefix}/*.jar -%{ant_prefix}/lib/*.jar - -%changelog -* Sat Aug 26 2023 Shreenidhi Shedi 1.0b3-18 -- Require jdk11 or jdk17 -* Sat Jun 17 2023 Shreenidhi Shedi 1.0b3-17 -- Bump version as a part of openjdk11 upgrade -* Wed Sep 21 2022 Vamsi Krishna Brahmajosuyula 1.0b3-16 -- Use openjdk11 -* Thu Nov 12 2020 Michelle Wang 1.0b3-15 -- Update Source0 use https://packages.vmware.com/photon/photon_sources -* Tue Oct 06 2020 Ankit Jain 1.0b3-14 -- Use systems commons-httpclient -* Mon Nov 05 2018 Alexey Makhalov 1.0b3-13 -- Removed dependency on JAVA8_VERSION macro -* Mon Jun 19 2017 Divya Thaluru 1.0b3-12 -- Removed dependency on ANT_HOME -* Thu May 18 2017 Harish Udaiya Kumar 1.0b3-11 -- Renamed openjdk to openjdk8 -* Fri Apr 07 2017 Divya Thaluru 1.0b3-10 -- Removed prebuilt binaries from source tar ball -* Wed Dec 21 2016 Priyesh Padmavilasom 1.0b3-9 -- Updated JAVA_HOME path to point to latest. -* Tue Oct 04 2016 Priyesh Padmavilasom 1.0b3-8 -- Updated JAVA_HOME path to point to latest. -* Tue May 24 2016 Priyesh Padmavilasom 1.0b3-7 -- GA - Bump release of all rpms -* Fri May 20 2016 Divya Thaluru 1.0b3-6 -- Updated JAVA_HOME path to point to latest. -* Wed Mar 02 2016 Harish Udaiya Kumar 1.0b3.0-5 -- Updated apache-ant to version 1.9.6 -* Fri Feb 26 2016 Kumar Kaushik 1.0b3.0-4 -- Updated JAVA_HOME path to point to latest. -* Mon Nov 16 2015 Sharath George 1.0b3.0-2 -- Change path to /var/opt. -* Wed Sep 16 2015 Harish Udaiya Kumar 1.0b3.0-1 -- Updated dependencies after repackaging openjdk. -* Tue Jun 9 2015 Sriram Nambakam 1.0b3.0-0 -- Initial commit diff --git a/SPECS/ant-contrib/use-system-provided-commons-httpclient-jar.patch b/SPECS/ant-contrib/use-system-provided-commons-httpclient-jar.patch deleted file mode 100644 index 8b18f61787..0000000000 --- a/SPECS/ant-contrib/use-system-provided-commons-httpclient-jar.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 90d42d989d926612f7f2eb7dbd4d6d4d0f1d0808 Mon Sep 17 00:00:00 2001 -From: Ankit Jain -Date: Thu, 4 Jun 2020 13:41:02 +0000 -Subject: [PATCH] Use system provided commons-httpclient jar - ---- - build.xml | 2 +- - ivy.xml | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/build.xml b/build.xml -index eb6a80b..e1ada5e 100644 ---- a/build.xml -+++ b/build.xml -@@ -25,7 +25,7 @@ - - - -- -+ - - - -diff --git a/ivy.xml b/ivy.xml -index d92c9b6..4ffed92 100644 ---- a/ivy.xml -+++ b/ivy.xml -@@ -26,7 +26,7 @@ - conf="provided->default" /> - - 1.10.12-3 -- Require jdk11 or jdk17 -* Sat Jun 17 2023 Shreenidhi Shedi 1.10.12-2 -- Bump version as a part of openjdk11 upgrade -* Mon Nov 07 2022 Vamsi Krishna Brahmajosuyula 1.10.12-1 -- Bump to version 1.10.12 -- Update hamcrest to latest version -* Wed Sep 21 2022 Vamsi Krishna Brahmajosuyula 1.10.11-3 -- Use openjdk11 -* Wed Feb 23 2022 Shreenidhi Shedi 1.10.11-2 -- Fix binary path -* Tue Jul 20 2021 Satya Naga Vasamsetty 1.10.11-1 -- Bump to version 1.10.11 to fix CVE CVE-2021-36373, CVE-2021-36374 -* Tue Jun 01 2021 Satya Naga Vasamsetty 1.10.10-1 -- Bump to version 1.10.10 -* Mon Dec 14 2020 Shreenidhi Shedi 1.10.8-3 -- Fix build with new rpm -* Thu Nov 12 2020 Michelle Wang 1.10.8-2 -- Update Source0 with using https://packages.vmware.com/photon -* Mon Jul 27 2020 Satya Naga Vasamsetty 1.10.8-1 -- Bump to version 1.10.8 -* Tue Jun 23 2020 Tapas Kundu 1.10.5-5 -- Require python3 -* Wed Sep 11 2019 Satya Naga Vasamsetty 1.10.5-4 -- Fix Make check -* Tue Dec 04 2018 Dweep Advani 1.10.5-3 -- Adding MakeCheck tests -* Mon Nov 05 2018 Alexey Makhalov 1.10.5-2 -- Removed dependency on JAVA8_VERSION macro -* Mon Sep 17 2018 Ankit Jain 1.10.5-1 -- Updated Apache Ant to 1.10.5 -* Wed Jun 28 2017 Kumar Kaushik 1.10.1-5 -- Base package does not require python2. -* Mon Jun 19 2017 Divya Thaluru 1.10.1-4 -- Removed dependency on ANT_HOME -- Moved perl and python scripts to ant-scripts package -* Mon Jun 05 2017 Harish Udaiya Kumar 1.10.1-3 -- Fixed the profile.d/apache-ant.sh script to include ant in $PATH -* Thu May 18 2017 Harish Udaiya Kumar 1.10.1-2 -- Renamed openjdk to openjdk8 -* Mon Apr 17 2017 Chang Lee 1.10.1-1 -- Updated Apache Ant to 1.10.1 -* Fri Mar 31 2017 Priyesh Padmavilasom 1.9.6-6 -- use java rpm macros to determine versions -* Wed Dec 21 2016 Priyesh Padmavilasom 1.9.6-5 -- Updated JAVA_HOME path to point to latest JDK. -* Tue Oct 04 2016 Priyesh Padmavilasom 1.9.6-4 -- Updated JAVA_HOME path to point to latest JDK. -* Tue May 24 2016 Priyesh Padmavilasom 1.9.6-3 -- GA - Bump release of all rpms -* Fri May 20 2016 Divya Thaluru 1.9.6-2 -- Updated JAVA_HOME path to point to latest JDK. -* Mon Feb 29 2016 Harish Udaiya Kumar 1.9.6-1 -- Updated to version 1.9.6 -* Fri Feb 26 2016 Kumar Kaushik 1.9.4-4 -- Updated JAVA_HOME path to point to latest JDK. -* Mon Nov 16 2015 Sharath George 1.9.4-3 -- Changed path to /var/opt. -* Wed Sep 16 2015 Harish Udaiya Kumar 1.9.4-2 -- Updated dependencies after repackaging openjdk. -* Wed Aug 12 2015 Sriram Nambakam 1.9.4 -- Added maven ant tasks -* Fri May 22 2015 Sriram Nambakam 1.9.4 -- Initial build. First version diff --git a/SPECS/apache-maven/apache-maven.spec b/SPECS/apache-maven/apache-maven.spec deleted file mode 100644 index 570963dc30..0000000000 --- a/SPECS/apache-maven/apache-maven.spec +++ /dev/null @@ -1,143 +0,0 @@ -%define debug_package %{nil} - -Summary: Apache Maven -Name: apache-maven -Version: 3.9.0 -Release: 3%{?dist} -License: Apache License 2.0 -URL: http://maven.apache.org -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/apache/maven/archive/refs/tags/maven-%{version}.tar.gz -%define sha512 maven=488a47b9f04889b12c2c62ea1ffec3aa071dbdd6def384b77dce259249ca49e92d7cc211a0711ff69f3b54ac7c5171bff22809089807cdaa96fc9d337fbd150c - -BuildRequires: openjdk11 -BuildRequires: apache-ant -BuildRequires: wget - -Requires: (openjdk11 or openjdk17) -Requires: /usr/bin/which - -%define ExtraBuildRequires apache-maven - -%define maven_prefix %{_var}/opt/%{name} -%define maven_bindir %{maven_prefix}/bin -%define maven_libdir %{maven_prefix}/lib - -%description -The Maven package contains binaries for a build system - -%prep -%autosetup -p1 -n maven-maven-%{version} - -%build - -%install -MAVEN_DIST_DIR=%{buildroot}%{maven_prefix} -export JAVA_HOME=$(echo %{_libdir}/jvm/OpenJDK-*) -mvn -DdistributionTargetDir=$MAVEN_DIST_DIR clean package - -mkdir -p %{buildroot}%{_datadir}/java/maven \ - %{buildroot}%{_bindir} - -for jar in %{buildroot}%{maven_libdir}/*.jar; do - jarname=$(basename $jar .jar) - ln -sfv %{maven_libdir}/${jarname}.jar %{buildroot}%{_datadir}/java/maven/${jarname}.jar -done - -for b in %{buildroot}%{maven_bindir}/*; do - binaryname=$(basename $b) - ln -sfv %{maven_bindir}/${binaryname} %{buildroot}%{_bindir}/${binaryname} -done - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root) -%dir %{maven_libdir} -%dir %{maven_bindir} -%dir %{maven_prefix}/conf -%dir %{maven_prefix}/boot -%dir %{_datadir}/java/maven -%{maven_libdir}/* -%{maven_bindir}/* -%{_bindir}/* -%{_datadir}/java/maven/*.jar -%{maven_prefix}/boot/plexus-classworlds-2.6.0.jar -%{maven_prefix}/boot/plexus-classworlds.license -%{maven_prefix}/conf/logging/simplelogger.properties -%{maven_prefix}/conf/settings.xml -%{maven_prefix}/conf/toolchains.xml -%{maven_prefix}/LICENSE -%{maven_prefix}/NOTICE -%{maven_prefix}/README.txt -%exclude %{maven_libdir}/jansi-native - -%changelog -* Sat Aug 26 2023 Shreenidhi Shedi 3.9.0-3 -- Require jdk11 or jdk17 -* Sat Jun 17 2023 Shreenidhi Shedi 3.9.0-2 -- Bump version as a part of openjdk11 upgrade -* Fri Mar 03 2023 Srish Srinivasan 3.9.0-1 -- Upgrade to v3.9.0 -* Wed Sep 21 2022 Vamsi Krishna Brahmajosuyula 3.8.6-2 -- Use openjdk11 -* Sat Sep 03 2022 Shreenidhi Shedi 3.8.6-1 -- Upgrade to v3.8.6 -* Wed Feb 23 2022 Shreenidhi Shedi 3.6.3-3 -- Fix binary path -* Tue Dec 15 2020 Shreenidhi Shedi 3.6.3-2 -- Fix build with new rpm -* Tue Jun 30 2020 Satya Naga Vasamsetty 3.6.3-1 -- Update to 3.6.3 -* Fri Apr 17 2020 Tapas Kundu 3.5.4-4 -- Fix apache-maven build failure -* Mon Nov 05 2018 Alexey Makhalov 3.5.4-3 -- Removed dependency on JAVA8_VERSION macro -* Mon Oct 29 2018 Alexey Makhalov 3.5.4-2 -- Use ExtraBuildRequires -* Tue Sep 18 2018 Ankit Jain 3.5.4-1 -- Updated apache-maven to version 3.5.4 -* Fri Oct 13 2017 Alexey Makhalov 3.5.0-5 -- Remove BuildArch -* Mon Sep 18 2017 Alexey Makhalov 3.5.0-4 -- Requires /usr/bin/which -* Mon Jun 19 2017 Divya Thaluru 3.5.0-3 -- Removed dependency on ANT_HOME -- Removed apache-maven profile file -- Removed version from directory path -* Thu May 18 2017 Harish Udaiya Kumar 3.5.0-2 -- Renamed openjdk to openjdk8 -* Mon Apr 24 2017 Harish Udaiya Kumar 3.5.0-1 -- Updated apache-maven to version 3.5.0 -* Fri Mar 31 2017 Priyesh Padmavilasom 3.3.9-8 -- use java rpm macros to determine versions -* Wed Dec 21 2016 Priyesh Padmavilasom 3.3.9-7 -- Updated JAVA_HOME path to point to latest JDK. -* Thu Oct 27 2016 Alexey Makhalov 3.3.9-6 -- Fix build issue - unable to fetch opensource.org/.../mit-license.php -* Tue Oct 04 2016 Priyesh Padmavilasom 3.3.9-5 -- Updated JAVA_HOME path to point to latest JDK. -* Tue May 24 2016 Priyesh Padmavilasom 3.3.9-4 -- GA - Bump release of all rpms -* Fri May 20 2016 Divya Thaluru 3.3.9-3 -- Updated JAVA_HOME path to point to latest JDK. -* Tue Mar 01 2016 Harish Udaiya Kumar 3.3.9-2 -- Updated the apache-ant version to 1.9.6 -* Fri Feb 26 2016 Kumar Kaushik 3.3.9-2 -- Updated JAVA_HOME path to point to latest JDK. -* Thu Jan 21 2016 Xiaolin Li 3.3.9-1 -- Updated to version 3.3.9 -* Tue Jan 5 2016 Xiaolin Li 3.3.3-4 -- Increase build timeout from 600000 to 1200000 -* Mon Nov 16 2015 Sharath George 3.3.3-3 -- Change path to /var/opt. -* Wed Sep 16 2015 Harish Udaiya Kumar 3.3.3-2 -- Updated dependencies after repackaging openjdk. -* Thu Jul 9 2015 Sarah Choi 3.3.3-1 -- Add a script to set environment variables for MAVEN -* Fri May 22 2015 Sriram Nambakam 1.9.4 -- Initial build. First version diff --git a/SPECS/apache-tomcat-native/apache-tomcat-native.spec b/SPECS/apache-tomcat-native/apache-tomcat-native.spec deleted file mode 100644 index 399a202fa0..0000000000 --- a/SPECS/apache-tomcat-native/apache-tomcat-native.spec +++ /dev/null @@ -1,89 +0,0 @@ -%define srcname tomcat-native - -Summary: Apache Tomcat Native -Name: apache-tomcat-native -Version: 2.0.3 -Release: 4%{?dist} -License: Apache 2.0 -URL: https://tomcat.apache.org/native-doc/ -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -BuildArch: x86_64 - -Source0: https://dlcdn.apache.org/tomcat/tomcat-connectors/native/%{version}/source/%{srcname}-%{version}-src.tar.gz -%define sha512 %{srcname}=d80e6b76295bb253eaf6eab4d722f3ba2f683f33a96310838b4c44b99f0b47a49ed9c09bb53ed23698db057ce765e3fcbfcd4ac4b75d2bdbe691f916be3be339 - -Patch0: openssl_3_0_7_compatibility.patch - -BuildRequires: (openjdk11 or openjdk117) -BuildRequires: openssl-devel -BuildRequires: apr-devel - -Requires: apr -Requires: openssl - -%description -The Apache Tomcat Native Library is an optional component for use with Apache Tomcat -that allows Tomcat to use certain native resources for performance, compatibility, etc. - -%package devel -Summary: Apache Tomcat Native development package -Requires: %{name} = %{version}-%{release} - -Conflicts: %{name} < 2.0.3-3%{?dist} - -%description devel -Apache Tomcat Native development package - -%prep -%autosetup -p1 -n %{srcname}-%{version}-src - -%build -export JAVA_HOME=$(echo %{_libdir}/jvm/OpenJDK*) - -cd native -%configure --with-apr=%{_prefix} \ - --with-java-home=$JAVA_HOME \ - --with-ssl=%{_prefix} - -%make_build - -%install -cd native -%make_install %{?_smp_mflags} - -%clean -rm -rf %{buildroot}/* - -%post -p /sbin/ldconfig - -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root,-) -%{_libdir}/libtcnative*.so.* -%exclude %{_libdir}/libtcnative-2.a - -%files devel -%defattr(-,root,root,-) -%{_libdir}/libtcnative*.so - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 2.0.3-4 -- Bump version as a part of openssl upgrade -* Sat Aug 26 2023 Shreenidhi Shedi 2.0.3-3 -- Require jdk11 or jdk17 -* Sat Jun 17 2023 Shreenidhi Shedi 2.0.3-2 -- Bump version as a part of openjdk11 upgrade -* Fri Mar 03 2023 Srish Srinivasan 2.0.3-1 -- Update to v2.0.3 -* Wed Sep 21 2022 Vamsi Krishna Brahmajosuyula 1.2.24-4 -- Use openjdk11 -* Wed Aug 04 2021 Satya Naga Vasamsetty 1.2.24-3 -- Bump up release for openssl -* Thu Sep 10 2020 Satya Naga Vasamsetty 1.2.24-2 -- Openssl 1.1.1 compatibility -* Wed Jun 17 2020 Tapas Kundu 1.2.24-1 -- Initial build. First version diff --git a/SPECS/apache-tomcat-native/openssl_3_0_7_compatibility.patch b/SPECS/apache-tomcat-native/openssl_3_0_7_compatibility.patch deleted file mode 100644 index 97cd8f2c01..0000000000 --- a/SPECS/apache-tomcat-native/openssl_3_0_7_compatibility.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- a/native/include/ssl_private.h 2020-09-10 11:28:36.955167151 +0530 -+++ b/native/include/ssl_private.h 2020-09-10 11:14:32.155146168 +0530 -@@ -217,6 +217,13 @@ extern ENGINE *tcn_ssl_engine; - - #endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */ - -+#define BN_get_rfc2409_prime_1024 get_rfc2409_prime_1024 -+#define BN_get_rfc3526_prime_2048 get_rfc3526_prime_2048 -+#define BN_get_rfc3526_prime_3072 get_rfc3526_prime_3072 -+#define BN_get_rfc3526_prime_4096 get_rfc3526_prime_4096 -+#define BN_get_rfc3526_prime_6144 get_rfc3526_prime_6144 -+#define BN_get_rfc3526_prime_8192 get_rfc3526_prime_8192 -+ - #define MAX_ALPN_PROTO_SIZE 65535 - #define SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL 1 diff --git a/SPECS/apache-tomcat/apache-tomcat-9.spec b/SPECS/apache-tomcat/apache-tomcat-9.spec deleted file mode 100644 index eb383e1733..0000000000 --- a/SPECS/apache-tomcat/apache-tomcat-9.spec +++ /dev/null @@ -1,229 +0,0 @@ -%define _use_internal_dependency_generator 0 -%define _origname apache-tomcat -%define _prefix /var/opt/%{name} -%define _origprefix /var/opt/%{_origname} -%define _bindir %{_prefix}/bin -%define _confdir %{_prefix}/conf -%define _libdir %{_prefix}/lib -%define _webappsdir %{_prefix}/webapps -%define _logsdir %{_prefix}/logs -%define _tempdir %{_prefix}/temp - -Summary: Apache Tomcat 9 -Name: apache-tomcat-9 -Version: 9.0.80 -Release: 1%{?dist} -License: Apache -URL: http://tomcat.apache.org -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://archive.apache.org/dist/tomcat/tomcat-9/v%{version}/src/%{_origname}-%{version}-src.tar.gz -%define sha512 %{_origname}=a2fb298c1fd2615e1a69371b5f84eb569e897faad3cbe17e3626460f5ce311085c120dd3f62c255fde87e6517915365ab52ada613776d45185b8e53624935114 -# base-for-apache-tomcat is a cached -Dbase.path folder -# generate base-for-apache-tomcat code with following steps: -# 1. tar -xvzf Source0 to $HOME -# 2. cd %{_origname}-%{version}-src && ant deploy dist-prepare dist-source -# 3. generated code will be exist to default location $HOME/tomcat-build-libs -# 4. mv tomcat-build-libs base-for-%{_origname}-%{version} -# 5. tar -cvzf base-for-%{_origname}-%{version}.tar.gz base-for-%{_origname}-%{version} -Source1: base-for-%{_origname}-%{version}.tar.gz -%define sha512 base=a9af5a439100d05e0efd9246aaef59824fab9e9f453c513ccfc196a87058510d0d3f9974c16fe2aab81fa9f137f52b913ac4e353a32cbcf01f4e07551553110f - -Patch0: apache-tomcat-use-jks-as-inmem-keystore.patch - -BuildArch: noarch - -BuildRequires: openjdk11 -BuildRequires: apache-ant - -Requires: jre >= 8.0 -Requires: apache-ant -Requires: chkconfig - -%description -The Apache Tomcat package contains binaries for the Apache Tomcat servlet container. - -%package webapps -Summary: Web application for Apache Tomcat -Group: Applications/System -Requires: %{name} = %{version}-%{release} - -%description webapps -The web application for Apache Tomcat. - -%prep -%autosetup -n %{_origname}-%{version}-src -p1 -b1 -# remove pre-built binaries and windows files -find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "*.gz" -o \ - -name "*.jar" -o -name "*.war" -o -name "*.zip" \) -delete - -%build -ant -Dant.build.javac.source=1.8 -Dant.build.javac.target=1.8 \ - -Dbase.path="../base-for-%{_origname}-%{version}" deploy dist-prepare dist-source - -%install -install -vdm 755 %{buildroot}%{_prefix} -install -vdm 755 %{buildroot}%{_bindir} -install -vdm 755 %{buildroot}%{_libdir} -install -vdm 755 %{buildroot}%{_confdir} -install -vdm 755 %{buildroot}%{_webappsdir} -install -vdm 755 %{buildroot}%{_logsdir} -install -vdm 755 %{buildroot}%{_tempdir} -cp -r %{_builddir}/%{_origname}-%{version}-src/output/build/bin/* %{buildroot}%{_bindir} -cp -r %{_builddir}/%{_origname}-%{version}-src/output/build/lib/* %{buildroot}%{_libdir} -cp -r %{_builddir}/%{_origname}-%{version}-src/output/build/conf/* %{buildroot}%{_confdir} -cp -r %{_builddir}/%{_origname}-%{version}-src/output/build/webapps/* %{buildroot}%{_webappsdir} - -cp %{_builddir}/%{_origname}-%{version}-src/LICENSE %{buildroot}%{_prefix} -cp %{_builddir}/%{_origname}-%{version}-src/NOTICE %{buildroot}%{_prefix} - -touch %{buildroot}%{_logsdir}/catalina.out -rm -rf %{buildroot}%{_prefix}/webapps/{examples,docs} - -install -vdm 644 %{buildroot}%{_datadir}/java/tomcat9 - -for jar in %{buildroot}/%{_libdir}/*.jar -do - jarname=$(basename $jar .jar) - ln -sfv %{_libdir}/${jarname}.jar %{buildroot}%{_datadir}/java/tomcat9/${jarname}.jar -done - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%dir %{_prefix} -%dir %{_bindir} -%dir %{_libdir} -%dir %{_confdir} -%dir %{_webappsdir}/ROOT -%dir %{_logsdir} -%dir %{_tempdir} -%{_bindir}/* -%config(noreplace) %{_confdir}/catalina.policy -%config(noreplace) %{_confdir}/catalina.properties -%config(noreplace) %{_confdir}/context.xml -%config(noreplace) %{_confdir}/jaspic-providers.xml -%config(noreplace) %{_confdir}/jaspic-providers.xsd -%config(noreplace) %{_confdir}/logging.properties -%config(noreplace) %{_confdir}/server.xml -%config(noreplace) %{_confdir}/tomcat-users.xml -%config(noreplace) %{_confdir}/tomcat-users.xsd -%config(noreplace) %{_confdir}/web.xml -%{_libdir}/* -%{_datadir}/java/tomcat9/*.jar -%{_prefix}/LICENSE -%{_prefix}/NOTICE -%{_logsdir}/catalina.out - -%files webapps -%defattr(-,root,root) -%dir %{_webappsdir}/manager -%dir %{_webappsdir}/host-manager -%{_webappsdir}/ROOT/* -%{_webappsdir}/manager/* -%{_webappsdir}/host-manager/* - -%post -alternatives --install %{_origprefix} apache-tomcat %{_prefix} 10000 \ - --slave %{_datadir}/java/tomcat tomcat %{_datadir}/java/tomcat9 - -%postun -# Do alternative remove only in case of uninstall -if [ $1 -eq 0 ]; then -alternatives --remove apache-tomcat %{_prefix} -fi - -%changelog -* Mon Sep 04 2023 Vamsi Krishna Brahmajosuyula 9.0.80-1 -- Upgrade to 9.0.80 -* Wed Sep 21 2022 Vamsi Krishna Brahmajosuyula 8.5.78-2 -- Use openjdk11 -* Mon Apr 04 2022 Satya Naga Vasamsetty 8.5.78-1 -- Version Bump to 8.5.78 -* Thu Feb 10 2022 Nitesh Kumar 8.5.72-1 -- Upgrade to 8.5.72, Fix CVE-2022-23181 -* Tue Jul 20 2021 Satya Naga Vasamsetty 8.5.68-1 -- Version Bump to 8.5.68 to fix CVE-2021-30639 -* Wed Mar 31 2021 Satya Naga Vasamsetty 8.5.64-1 -- Version Bump to 8.5.64 -* Wed Oct 07 2020 Dweep Advani 8.5.58-1 -- Version Bump to 8.5.58 -* Wed Aug 05 2020 Satya Naga Vasamsetty 8.5.57-1 -- Version Bump to 8.5.57 -* Wed Jul 08 2020 Dweep Advani 8.5.51-3 -- Patched for CVE-2020-11996 -* Wed May 27 2020 Dweep Advani 8.5.51-2 -- Patched for CVE-2020-9484 -* Mon Mar 16 2020 Satya Naga Vasamsetty 8.5.51-1 -- Update to version 8.5.51 to fix CVE-2020-1938 -* Mon Jan 06 2020 Satya Naga Vasamsetty 8.5.50-1 -- Update to version 8.5.50 to fix CVE-2019-17563 -* Tue Jul 16 2019 Dweep Advani 8.5.40-2 -- Fix CVE-2019-10072 -* Tue Apr 23 2019 Dweep Advani 8.5.40-1 -- Upgrading to version 8.5.40 -* Thu Jan 10 2019 Dweep Advani 8.5.37-1 -- Upgrade to version 8.5.37 -* Fri Dec 07 2018 Dweep Advani 8.5.35-1 -- Upgrade to version 8.5.35 -* Wed Nov 21 2018 Dweep Advani 8.5.31-3 -- Fix CVE-2018-8014 -* Thu May 17 2018 Xiaolin Li 8.5.31-2 -- Mark configuration files as config(noreplace) -* Mon May 07 2018 Xiaolin Li 8.5.31-1 -- Upgraded to version 8.5.31 -* Mon Apr 30 2018 Xiaolin Li 8.5.30-1 -- Upgraded to version 8.5.30 -* Tue Mar 20 2018 Xiaolin Li 8.5.29-1 -- Upgraded to version 8.5.29 -* Wed Feb 28 2018 Xiaolin Li 8.5.28-1 -- Upgraded to version 8.5.28 -* Fri Feb 02 2018 Xiaolin Li 8.5.27-1 -- Upgraded to version 8.5.27 -* Thu Dec 21 2017 Anish Swaminathan 8.5.24-1 -- Upgraded to version 8.5.24 -* Mon Oct 16 2017 Priyesh Padmavilasom 8.5.23-2 -- patch to keep using inmem keystore as jks. -* Tue Oct 10 2017 Anish Swaminathan 8.5.23-1 -- Upgraded to version 8.5.23 -* Wed Sep 27 2017 Alexey Makhalov 8.5.20-3 -- Offline build, deactivate javadoc target -* Wed Sep 13 2017 Harish Udaiya Kumar 8.5.20-2 -- Updated the permissions on directories packaged -* Tue Aug 15 2017 Anish Swaminathan 8.5.20-1 -- Upgraded to version 8.5.20 -* Thu Jul 6 2017 Divya Thaluru 8.5.16-1 -- Upgraded to version 8.5.16 -* Tue Jun 20 2017 Divya Thaluru 8.5.15-2 -- Removed version from directory path -- Removed dependency on ANT_HOME -* Tue Jun 6 2017 Divya Thaluru 8.5.15-1 -- Upgraded to version 8.5.15 -* Thu May 18 2017 Harish Udaiya Kumar 8.5.13-3 -- Renamed openjdk to openjdk8 -* Tue Apr 18 2017 Divya Thaluru 8.5.13-2 -- Added logic to package directories -* Mon Apr 10 2017 Divya Thaluru 8.5.13-1 -- Upgraded to version 8.5.13 and also added logic to build binaries from source -* Tue Nov 22 2016 Anish Swaminathan 8.5.8-1 -- Upgraded to version 8.5.8 -* Wed Oct 05 2016 Priyesh Padmavilasom 8.0.37-1 -- Update to version 8.0.37. Change openjre requires to latest -* Tue May 24 2016 Priyesh Padmavilasom 8.0.35-2 -- GA - Bump release of all rpms -* Fri May 20 2016 Divya Thaluru 8.0.35-1 -- Upgraded to version 8.0.35 -* Tue May 03 2016 Anish Swaminathan 8.0.33-1 -- Upgraded to version 8.0.33 -* Tue Feb 23 2016 Harish Udaiya Kumar 7.0.68-1 -- Upgraded to version 7.0.68 -* Mon Nov 16 2015 Sharath George 7.0.63-3 -- Change path to /var/opt. -* Wed Sep 16 2015 Harish Udaiya Kumar 7.0.63-2 -- Updated dependency after repackaging openjdk. -* Wed Jul 8 2015 Sriram Nambakam 7.0.63 -- Initial build. First version diff --git a/SPECS/apache-tomcat/apache-tomcat-use-jks-as-inmem-keystore.patch b/SPECS/apache-tomcat/apache-tomcat-use-jks-as-inmem-keystore.patch deleted file mode 100644 index e93898f1c6..0000000000 --- a/SPECS/apache-tomcat/apache-tomcat-use-jks-as-inmem-keystore.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -Naurp a/java/org/apache/tomcat/util/net/SSLUtilBase.java b/java/org/apache/tomcat/util/net/SSLUtilBase.java ---- a/java/org/apache/tomcat/util/net/SSLUtilBase.java -+++ b/java/org/apache/tomcat/util/net/SSLUtilBase.java -@@ -335,13 +335,7 @@ public abstract class SSLUtilBase implem - if (k != null && !"DKS".equalsIgnoreCase(certificate.getCertificateKeystoreType()) && - "PKCS#8".equalsIgnoreCase(k.getFormat())) { - // Switch to in-memory key store -- String provider = certificate.getCertificateKeystoreProvider(); -- if (provider == null) { -- ksUsed = KeyStore.getInstance(certificate.getCertificateKeystoreType()); -- } else { -- ksUsed = KeyStore.getInstance(certificate.getCertificateKeystoreType(), -- provider); -- } -+ ksUsed = KeyStore.getInstance("JKS"); - ksUsed.load(null, null); - ksUsed.setKeyEntry(keyAlias, k, keyPassArray, ks.getCertificateChain(keyAlias)); - } diff --git a/SPECS/apache-tomcat/apache-tomcat.spec b/SPECS/apache-tomcat/apache-tomcat.spec deleted file mode 100644 index 0f03c2e8a1..0000000000 --- a/SPECS/apache-tomcat/apache-tomcat.spec +++ /dev/null @@ -1,240 +0,0 @@ -%define _use_internal_dependency_generator 0 -%define _longname apache-tomcat-10 -%define _prefix /var/opt/%{_longname} -%define _altprefix /var/opt/%{name} -%define _bindir %{_prefix}/bin -%define _confdir %{_prefix}/conf -%define _libdir %{_prefix}/lib -%define _webappsdir %{_prefix}/webapps -%define _logsdir %{_prefix}/logs -%define _tempdir %{_prefix}/temp - -Summary: Apache Tomcat -Name: apache-tomcat -Version: 10.1.13 -Release: 1%{?dist} -License: Apache -URL: http://tomcat.apache.org -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://archive.apache.org/dist/tomcat/tomcat-10/v%{version}/src/%{name}-%{version}-src.tar.gz -%define sha512 %{name}=e44e2dba618f70d9a39e976cc07d33fc9cbead2169e24d6ea2051c8db20601f63ee7bc657245869450c82cf0ceb272501066b77ae45265d19b7964f5ed0e85b1 -# base-for-apache-tomcat is a cached -Dbase.path folder -# generate base-for-apache-tomcat code with following steps: -# 1. tar -xvzf Source0 to $HOME -# 2. cd %{name}-%{version}-src && ant deploy dist-prepare dist-source -# 3. generated code will be exist to default location $HOME/tomcat-build-libs -# 4. mv tomcat-build-libs base-for-%{name}-%{version} -# 5. tar -cvzf base-for-%{name}-%{version}.tar.gz base-for-%{name}-%{version} -Source1: base-for-%{name}-%{version}.tar.gz -%define sha512 base=0a4e9b7c2e1abd2070f97be319611a38a71216227d398410e93edff8c37097718c1a330e7615b5f92b60b44022e17d0aee66424af91261642c03bfdc421f8796 - -Patch0: apache-tomcat-use-jks-as-inmem-keystore.patch - -BuildArch: noarch - -BuildRequires: openjdk11 -BuildRequires: apache-ant - -Requires: (openjdk11-jre or openjdk17-jre) -Requires: apache-ant - -%description -The Apache Tomcat package contains binaries for the Apache Tomcat servlet container. - -%package webapps -Summary: Web application for Apache Tomcat -Group: Applications/System -Requires: apache-tomcat = %{version}-%{release} - -%description webapps -The web application for Apache Tomcat. - -%prep -%autosetup -n %{name}-%{version}-src -p1 -b1 -# remove pre-built binaries and windows files -find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "*.gz" -o \ - -name "*.jar" -o -name "*.war" -o -name "*.zip" \) -delete - -%build -ant -Dbase.path="../base-for-%{name}-%{version}" deploy dist-prepare dist-source - -%install -install -vdm 755 %{buildroot}%{_prefix} -install -vdm 755 %{buildroot}%{_bindir} -install -vdm 755 %{buildroot}%{_libdir} -install -vdm 755 %{buildroot}%{_confdir} -install -vdm 755 %{buildroot}%{_webappsdir} -install -vdm 755 %{buildroot}%{_logsdir} -install -vdm 755 %{buildroot}%{_tempdir} -cp -r %{_builddir}/%{name}-%{version}-src/output/build/bin/* %{buildroot}%{_bindir} -cp -r %{_builddir}/%{name}-%{version}-src/output/build/lib/* %{buildroot}%{_libdir} -cp -r %{_builddir}/%{name}-%{version}-src/output/build/conf/* %{buildroot}%{_confdir} -cp -r %{_builddir}/%{name}-%{version}-src/output/build/webapps/* %{buildroot}%{_webappsdir} - -cp %{_builddir}/%{name}-%{version}-src/LICENSE %{buildroot}%{_prefix} -cp %{_builddir}/%{name}-%{version}-src/NOTICE %{buildroot}%{_prefix} - -touch %{buildroot}%{_logsdir}/catalina.out -rm -rf %{buildroot}%{_prefix}/webapps/{examples,docs} - -install -vdm 644 %{buildroot}%{_datadir}/java/tomcat10 - -for jar in %{buildroot}/%{_libdir}/*.jar -do - jarname=$(basename $jar .jar) - ln -sfv %{_libdir}/${jarname}.jar %{buildroot}%{_datadir}/java/tomcat10/${jarname}.jar -done - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%dir %{_prefix} -%dir %{_bindir} -%dir %{_libdir} -%dir %{_confdir} -%dir %{_webappsdir}/ROOT -%dir %{_logsdir} -%dir %{_tempdir} -%{_bindir}/* -%config(noreplace) %{_confdir}/catalina.policy -%config(noreplace) %{_confdir}/catalina.properties -%config(noreplace) %{_confdir}/context.xml -%config(noreplace) %{_confdir}/jaspic-providers.xml -%config(noreplace) %{_confdir}/jaspic-providers.xsd -%config(noreplace) %{_confdir}/logging.properties -%config(noreplace) %{_confdir}/server.xml -%config(noreplace) %{_confdir}/tomcat-users.xml -%config(noreplace) %{_confdir}/tomcat-users.xsd -%config(noreplace) %{_confdir}/web.xml -%{_libdir}/* -%{_datadir}/java/tomcat10/*.jar -%{_prefix}/LICENSE -%{_prefix}/NOTICE -%{_logsdir}/catalina.out - -%files webapps -%defattr(-,root,root) -%dir %{_webappsdir}/manager -%dir %{_webappsdir}/host-manager -%{_webappsdir}/ROOT/* -%{_webappsdir}/manager/* -%{_webappsdir}/host-manager/* - -%post -alternatives --install %{_altprefix} apache-tomcat %{_prefix} 20000 \ - --slave %{_datadir}/java/tomcat tomcat %{_datadir}/java/tomcat10 - -%postun -# Do alternative remove only in case of uninstall -if [ $1 -eq 0 ]; then -alternatives --remove apache-tomcat %{_prefix} -fi - -%changelog -* Wed Sep 06 2023 Prashant S Chauhan 10.1.13-1 -- Update to v10.1.13, Fixes CVE-2023-34981 -- Introduce alternatives -* Sat Aug 26 2023 Shreenidhi Shedi 10.1.8-3 -- Require jdk11 or jdk17 -* Sat Jun 17 2023 Shreenidhi Shedi 10.1.8-2 -- Bump version as a part of openjdk11 upgrade -* Wed Jun 14 2023 Nitesh Kumar 10.1.8-1 -- Upgrade to v10.1.8 to address CVE-2023-28709 -* Tue May 16 2023 Nitesh Kumar 10.1.6-1 -- Upgrade to v10.1.6 to address CVE-2023-28708 -* Thu Feb 16 2023 Prashant 10.1.1-2 -- Package webapps as a subpackage -* Thu Nov 10 2022 Vamsi Krishna Brahmajosuyula 10.1.1-1 -- Upgrade to 10.1.1 -* Wed Sep 21 2022 Vamsi Krishna Brahmajosuyula 8.5.78-2 -- Use openjdk11 -* Mon Apr 04 2022 Satya Naga Vasamsetty 8.5.78-1 -- Version Bump to 8.5.78 -* Thu Feb 10 2022 Nitesh Kumar 8.5.72-1 -- Upgrade to 8.5.72, Fix CVE-2022-23181 -* Tue Jul 20 2021 Satya Naga Vasamsetty 8.5.68-1 -- Version Bump to 8.5.68 to fix CVE-2021-30639 -* Wed Mar 31 2021 Satya Naga Vasamsetty 8.5.64-1 -- Version Bump to 8.5.64 -* Wed Oct 07 2020 Dweep Advani 8.5.58-1 -- Version Bump to 8.5.58 -* Wed Aug 05 2020 Satya Naga Vasamsetty 8.5.57-1 -- Version Bump to 8.5.57 -* Wed Jul 08 2020 Dweep Advani 8.5.51-3 -- Patched for CVE-2020-11996 -* Wed May 27 2020 Dweep Advani 8.5.51-2 -- Patched for CVE-2020-9484 -* Mon Mar 16 2020 Satya Naga Vasamsetty 8.5.51-1 -- Update to version 8.5.51 to fix CVE-2020-1938 -* Mon Jan 06 2020 Satya Naga Vasamsetty 8.5.50-1 -- Update to version 8.5.50 to fix CVE-2019-17563 -* Tue Jul 16 2019 Dweep Advani 8.5.40-2 -- Fix CVE-2019-10072 -* Tue Apr 23 2019 Dweep Advani 8.5.40-1 -- Upgrading to version 8.5.40 -* Thu Jan 10 2019 Dweep Advani 8.5.37-1 -- Upgrade to version 8.5.37 -* Fri Dec 07 2018 Dweep Advani 8.5.35-1 -- Upgrade to version 8.5.35 -* Wed Nov 21 2018 Dweep Advani 8.5.31-3 -- Fix CVE-2018-8014 -* Thu May 17 2018 Xiaolin Li 8.5.31-2 -- Mark configuration files as config(noreplace) -* Mon May 07 2018 Xiaolin Li 8.5.31-1 -- Upgraded to version 8.5.31 -* Mon Apr 30 2018 Xiaolin Li 8.5.30-1 -- Upgraded to version 8.5.30 -* Tue Mar 20 2018 Xiaolin Li 8.5.29-1 -- Upgraded to version 8.5.29 -* Wed Feb 28 2018 Xiaolin Li 8.5.28-1 -- Upgraded to version 8.5.28 -* Fri Feb 02 2018 Xiaolin Li 8.5.27-1 -- Upgraded to version 8.5.27 -* Thu Dec 21 2017 Anish Swaminathan 8.5.24-1 -- Upgraded to version 8.5.24 -* Mon Oct 16 2017 Priyesh Padmavilasom 8.5.23-2 -- patch to keep using inmem keystore as jks. -* Tue Oct 10 2017 Anish Swaminathan 8.5.23-1 -- Upgraded to version 8.5.23 -* Wed Sep 27 2017 Alexey Makhalov 8.5.20-3 -- Offline build, deactivate javadoc target -* Wed Sep 13 2017 Harish Udaiya Kumar 8.5.20-2 -- Updated the permissions on directories packaged -* Tue Aug 15 2017 Anish Swaminathan 8.5.20-1 -- Upgraded to version 8.5.20 -* Thu Jul 6 2017 Divya Thaluru 8.5.16-1 -- Upgraded to version 8.5.16 -* Tue Jun 20 2017 Divya Thaluru 8.5.15-2 -- Removed version from directory path -- Removed dependency on ANT_HOME -* Tue Jun 6 2017 Divya Thaluru 8.5.15-1 -- Upgraded to version 8.5.15 -* Thu May 18 2017 Harish Udaiya Kumar 8.5.13-3 -- Renamed openjdk to openjdk8 -* Tue Apr 18 2017 Divya Thaluru 8.5.13-2 -- Added logic to package directories -* Mon Apr 10 2017 Divya Thaluru 8.5.13-1 -- Upgraded to version 8.5.13 and also added logic to build binaries from source -* Tue Nov 22 2016 Anish Swaminathan 8.5.8-1 -- Upgraded to version 8.5.8 -* Wed Oct 05 2016 Priyesh Padmavilasom 8.0.37-1 -- Update to version 8.0.37. Change openjre requires to latest -* Tue May 24 2016 Priyesh Padmavilasom 8.0.35-2 -- GA - Bump release of all rpms -* Fri May 20 2016 Divya Thaluru 8.0.35-1 -- Upgraded to version 8.0.35 -* Tue May 03 2016 Anish Swaminathan 8.0.33-1 -- Upgraded to version 8.0.33 -* Tue Feb 23 2016 Harish Udaiya Kumar 7.0.68-1 -- Upgraded to version 7.0.68 -* Mon Nov 16 2015 Sharath George 7.0.63-3 -- Change path to /var/opt. -* Wed Sep 16 2015 Harish Udaiya Kumar 7.0.63-2 -- Updated dependency after repackaging openjdk. -* Wed Jul 8 2015 Sriram Nambakam 7.0.63 -- Initial build. First version diff --git a/SPECS/apparmor/apparmor.spec b/SPECS/apparmor/apparmor.spec deleted file mode 100644 index b050a120f3..0000000000 --- a/SPECS/apparmor/apparmor.spec +++ /dev/null @@ -1,400 +0,0 @@ -Name: apparmor -Version: 3.1.2 -Release: 9%{?dist} -Summary: AppArmor is an effective and easy-to-use Linux application security system. -License: GNU LGPL v2.1 -URL: https://launchpad.net/apparmor -Vendor: VMware, Inc. -Distribution: Photon -Group: Productivity/Security - -Source0: https://launchpad.net/%{name}/3.1/%{version}/+download/%{name}-%{version}.tar.gz -%define sha512 %{name}=e4fa8e0985472c00d3b68044f4150659787cf15b384b901af32b5aba3f0b2839f33bfe0b0675bf8ea7a1f5727152756a276c75b1dec383a33b92b0a1b8615a11 - -BuildRequires: perl -BuildRequires: python3-devel -BuildRequires: swig -BuildRequires: build-essential -BuildRequires: gawk -BuildRequires: which -BuildRequires: libstdc++-devel -BuildRequires: httpd -BuildRequires: httpd-devel -BuildRequires: httpd-tools -BuildRequires: apr -BuildRequires: apr-util-devel -BuildRequires: Linux-PAM-devel -BuildRequires: dejagnu -BuildRequires: openssl-devel -BuildRequires: curl-devel -BuildRequires: python3-setuptools -BuildRequires: python3-xml -BuildRequires: bison - -%if 0%{?with_check} -BuildRequires: python3-pip -BuildRequires: python3-pyflakes -BuildRequires: cmake -BuildRequires: dbus-devel -BuildRequires: glib-devel -%endif - -Requires: openssl - -%description -AppArmor is a file and network mandatory access control -mechanism. AppArmor confines processes to the resources allowed by the -systems administrator and can constrain the scope of potential security -vulnerabilities. - -%package -n libapparmor -Summary: Utility library for AppArmor -License: GNU LGPL v2.1 -Group: Development/Libraries/C and C++ - -%description -n libapparmor -This package contains the AppArmor library. - -%package -n libapparmor-devel -Summary: Development headers and libraries for libapparmor -License: GNU LGPL v2.1 -Group: Development/Libraries/C and C++ -Requires: libapparmor = %{version}-%{release} - -%description -n libapparmor-devel -This package contains development files for libapparmor. - -%package -n apache2-mod_apparmor -Summary: AppArmor module for apache2 -License: GNU LGPL v2.1 -Group: Productivity/Security - -%description -n apache2-mod_apparmor -This provides the Apache module needed to declare various differing -confinement policies when running virtual hosts in the webserver -by using the changehat abilities exposed through libapparmor. - -%package profiles -Summary: AppArmor profiles that are loaded into the %{name} kernel module -License: GNU LGPL v2.1 -Group: Productivity/Security -Requires: %{name}-abstractions = %{version}-%{release} - -%description profiles -This package contains the basic AppArmor profiles. - -%package parser -Summary: AppArmor userlevel parser utility -License: GNU LGPL v2.1 -Group: Productivity/Security -Requires: libapparmor = %{version}-%{release} -Requires: systemd -Requires: %{name}-profiles = %{version}-%{release} - -%description parser -The AppArmor Parser is a userlevel program that is used to load in -program profiles to the AppArmor Security kernel module. -This package is part of a suite of tools that used to be named -SubDomain. - -%package abstractions -Summary: AppArmor abstractions and directory structure -License: GNU LGPL v2.1 -Group: Productivity/Security -Requires: %{name}-parser = %{version}-%{release} - -%description abstractions -AppArmor abstractions (common parts used in various profiles) and -the /etc/%{name}.d/ directory structure. - -%package -n pam_apparmor -Summary: PAM module for AppArmor change_hat -License: GNU LGPL v2.1 -Group: Productivity/Security -Requires: Linux-PAM - -%description -n pam_apparmor -The pam_apparmor module provides the means for any PAM applications -that call pam_open_session() to automatically perform an AppArmor -change_hat operation in order to switch to a user-specific security -policy. - -%package utils -Summary: AppArmor User-Level Utilities Useful for Creating AppArmor Profiles -License: GNU LGPL v2.1 -Group: Productivity/Security -Requires: libapparmor = %{version}-%{release} -Requires: audit -Requires: python3-%{name} = %{version}-%{release} -Requires: %{name}-abstractions = %{version}-%{release} - -%description utils -This package contains programs to help create and manage AppArmor -profiles. - -%package -n python3-%{name} -Summary: Python 3 interface for libapparmor functions -License: GNU LGPL v2.1 -Group: Development/Libraries/Python -Requires: libapparmor = %{version}-%{release} -Requires: python3 - -%description -n python3-%{name} -This package provides the python3 interface to AppArmor. It is used for python -applications interfacing with AppArmor. - -%package -n perl-%{name} -Summary: AppArmor module for perl. -License: GNU LGPL v2.1 -Group: Development/Libraries/Perl -Requires: libapparmor = %{version}-%{release} - -%description -n perl-%{name} -This package contains the AppArmor module for perl. - -%prep -%autosetup -p1 -n %{name}-%{version} - -%build -pushd ./libraries/libapparmor -sh ./autogen.sh - -%configure \ - --with-perl \ - --with-python - -%make_build -popd - -for target in binutils \ - parser \ - utils \ - changehat/mod_apparmor \ - changehat/pam_apparmor \ - profiles; do -%make_build -C ${target} -done - -%install -for target in libraries/libapparmor \ - binutils \ - parser \ - utils \ - changehat/mod_apparmor \ - changehat/pam_apparmor \ - profiles; do -%make_install %{?_smp_mflags} -C ${target} -done - -%make_install %{?_smp_mflags} -C parser install-systemd - -mv %{buildroot}/lib/* %{buildroot}%{_libdir} -mv %{buildroot}/sbin/* %{buildroot}%{_sbindir} - -%if 0%{?with_check} -%check -pip3 install notify2 dbus-python psutil -ln -sfv %{_bindir}/pyflakes %{_bindir}/pyflakes3 - -for target in libraries/libapparmor \ - binutils \ - utils; do -make check %{?_smp_mflags} -C ${target} -done -%endif - -%post -n libapparmor -/sbin/ldconfig - -%postun -n libapparmor -/sbin/ldconfig - -%preun parser -%systemd_preun %{name}.service - -%post parser -%systemd_post %{name}.service - -%postun parser -%systemd_postun_with_restart %{name}.service - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root) - -%files -n libapparmor -%defattr(-,root,root) -%{_libdir}/libapparmor.so.* - -%files -n libapparmor-devel -%defattr(-,root,root) -%{_libdir}/libapparmor.a -%{_libdir}/libapparmor.so -%{_libdir}/pkgconfig/libapparmor.pc -%dir %{_includedir}/aalogparse -%dir %{_includedir}/sys -%{_includedir}/aalogparse/* -%{_includedir}/sys/* -%doc %{_mandir}/man2/aa_change_hat.2.gz -%doc %{_mandir}/man2/aa_find_mountpoint.2.gz -%doc %{_mandir}/man2/aa_getcon.2.gz -%doc %{_mandir}/man2/aa_query_label.2.gz -%doc %{_mandir}/man3/aa_features.3.gz -%doc %{_mandir}/man3/aa_kernel_interface.3.gz -%doc %{_mandir}/man3/aa_policy_cache.3.gz -%doc %{_mandir}/man3/aa_splitcon.3.gz - -%files -n apache2-mod_apparmor -%defattr(-,root,root) -%{_libdir}/httpd/modules/mod_apparmor.so -%doc %{_mandir}/man8/mod_apparmor.8.gz - -%files profiles -%defattr(-,root,root,755) -%dir %{_sysconfdir}/%{name}.d/apache2.d -%config(noreplace) %{_sysconfdir}/%{name}.d/apache2.d/phpsysinfo -%config(noreplace) %{_sysconfdir}/%{name}.d/bin.* -%config(noreplace) %{_sysconfdir}/%{name}.d/sbin.* -%config(noreplace) %{_sysconfdir}/%{name}.d/usr.* -%config(noreplace) %{_sysconfdir}/%{name}.d/local/* -%config(noreplace) %{_sysconfdir}/%{name}.d/samba-* -%config(noreplace) %{_sysconfdir}/%{name}.d/zgrep -%{_libdir}/%{name}/profile-load -%dir %{_datadir}/%{name} -%{_datadir}/%{name}/extra-profiles/* - -%files parser -%defattr(755,root,root,755) -%{_sbindir}/%{name}_parser -%{_libdir}/%{name}/%{name}.systemd -%{_unitdir}/%{name}.service -%{_libdir}/%{name}/rc.%{name}.functions -%{_bindir}/aa-exec -%{_bindir}/aa-enabled -%dir %{_sysconfdir}/%{name} -%dir %{_sysconfdir}/%{name}.d -%config(noreplace) %{_sysconfdir}/%{name}/parser.conf -%{_localstatedir}/lib/%{name} -%doc %{_mandir}/man5/%{name}.d.5.gz -%doc %{_mandir}/man5/%{name}.vim.5.gz -%doc %{_mandir}/man7/%{name}.7.gz -%doc %{_mandir}/man8/apparmor_parser.8.gz -%doc %{_mandir}/man1/aa-enabled.1.gz -%doc %{_mandir}/man1/aa-exec.1.gz -%doc %{_mandir}/man2/aa_stack_profile.2.gz - -%files abstractions -%defattr(644,root,root,755) -%dir %{_sysconfdir}/%{name}.d/abstractions -%config(noreplace) %{_sysconfdir}/%{name}.d/abstractions/* -%config(noreplace) %{_sysconfdir}/%{name}.d/lsb_release -%config(noreplace) %{_sysconfdir}/%{name}.d/nvidia_modprobe -%dir %{_sysconfdir}/%{name}.d/disable -%dir %{_sysconfdir}/%{name}.d/local -%dir %{_sysconfdir}/%{name}.d/tunables -%dir %{_sysconfdir}/%{name}.d/abi -%config(noreplace) %{_sysconfdir}/%{name}.d/php-fpm -%config(noreplace) %{_sysconfdir}/%{name}.d/tunables/* -%config(noreplace) %{_sysconfdir}/%{name}.d/abi/* -%exclude %{_datadir}/locale - -%files utils -%defattr(-,root,root) -%config(noreplace) %{_sysconfdir}/%{name}/easyprof.conf -%config(noreplace) %{_sysconfdir}/%{name}/logprof.conf -%config(noreplace) %{_sysconfdir}/%{name}/notify.conf -%config(noreplace) %{_sysconfdir}/%{name}/severity.db -%{_sbindir}/aa-* -%{_sbindir}/apparmor_status -%{_bindir}/aa-easyprof -%{_bindir}/aa-features-abi -%{_datadir}/%{name}/easyprof/ -%dir %{_datadir}/%{name} -%{_datadir}/%{name}/%{name}.vim -%doc %{_mandir}/man1/aa-features-abi.1.gz -%doc %{_mandir}/man2/aa_change_profile.2.gz -%doc %{_mandir}/man5/logprof.conf.5.gz -%doc %{_mandir}/man8/aa-*.gz -%doc %{_mandir}/man8/apparmor_status.8.gz -%doc %{_mandir}/man7/apparmor_xattrs.7.gz - -%files -n pam_apparmor -%defattr(-,root,root,755) -%{_libdir}/security/pam_apparmor.so - -%files -n python3-%{name} -%defattr(-,root,root) -%{python3_sitelib}/* - -%files -n perl-%{name} -%defattr(-,root,root) -%{perl_vendorarch}/auto/LibAppArmor/ -%{perl_vendorarch}/LibAppArmor.pm -%exclude %{perl_archlib}/perllocal.pod - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 3.1.2-9 -- Bump version as a part of openssl upgrade -* Mon Oct 30 2023 Nitesh Kumar 3.1.2-8 -- Bump version as a part of httpd v2.4.58 upgrade -* Fri Sep 29 2023 Nitesh Kumar 3.1.2-7 -- Bump version as a part of apr-util v1.6.3 upgrade -* Tue Apr 11 2023 Guruswamy Basavaiah 3.1.2-6 -- Added apparmor-parser dependency on apparmor-profiles -* Mon Apr 03 2023 Nitesh Kumar 3.1.2-5 -- Bump version as a part of httpd v2.4.56 upgrade -* Tue Jan 31 2023 Guruswamy Basavaiah 3.1.2-4 -- Added apparmor-utils dependency on python3-apparmor -* Mon Jan 30 2023 Nitesh Kumar 3.1.2-3 -- Bump version as a part of httpd v2.4.55 upgrade -* Thu Jan 12 2023 Him Kalyan Bordoloi 3.1.2-2 -- Bump up version no. as part of swig upgrade -* Thu Dec 15 2022 Shreenidhi Shedi 3.1.2-1 -- Upgrade to v3.1.2 -* Thu Dec 08 2022 Dweep Advani 3.1.1-2 -- Perl version upgrade to 5.36.0 -* Thu Nov 03 2022 Nitesh Kumar 3.1.1-1 -- Version upgrade to v3.1.1 -* Sun Aug 07 2022 Shreenidhi Shedi 3.0.4-3 -- Remove .la files -* Mon Jun 20 2022 Nitesh Kumar 3.0.4-2 -- Bump version as a part of httpd v2.4.54 upgrade -* Mon Apr 18 2022 Gerrit Photon 3.0.4-1 -- Automatic Version Bump -* Tue Oct 19 2021 Shreenidhi Shedi 3.0.3-1 -- Upgrade to 3.0.3 -* Thu Oct 07 2021 Dweep Advani 3.0.1-3 -- Rebuild with upgraded httpd 2.4.50 -* Tue Oct 05 2021 Shreenidhi Shedi 3.0.1-2 -- Bump version as a part of httpd upgrade -* Mon Apr 12 2021 Gerrit Photon 3.0.1-1 -- Automatic Version Bump -* Fri Nov 06 2020 Tapas Kundu 3.0.0-3 -- Build with python 3.9 -* Fri Oct 23 2020 Srivatsa S. Bhat (VMware) 3.0.0-2 -- Fix build failure in apparmor on linux 5.9-rc7 -* Thu Oct 01 2020 Gerrit Photon 3.0.0-1 -- Automatic Version Bump -* Tue Sep 29 2020 Satya Naga Vasamsetty 2.13.4-2 -- openssl 1.1.1 -* Wed Aug 26 2020 Gerrit Photon 2.13.4-1 -- Automatic Version Bump -* Sun Jul 26 2020 Tapas Kundu 2.13-8 -- Updated using python 3.8 libs -* Tue Mar 05 2019 Siju Maliakkal 2.13-7 -- Excluded conflicting perllocal.pod -* Thu Dec 06 2018 Keerthana K 2.13-6 -- Fixed make check failures. -* Fri Oct 05 2018 Tapas Kundu 2.13-5 -- Updated using python 3.7 libs -* Wed Oct 03 2018 Keerthana K 2.13-4 -- Depcrecated ruby apparmor package. -- Modified the perl and python path to generic. -* Wed Sep 26 2018 Ajay Kaher 2.13-3 -- Fix for aarch64 -* Thu Sep 20 2018 Keerthana K 2.13-2 -- Updated the ruby packagefor latest version. -* Thu Aug 30 2018 Keerthana K 2.13-1 -- Initial Apparmor package for Photon. diff --git a/SPECS/apr-util/apr-util.spec b/SPECS/apr-util/apr-util.spec deleted file mode 100644 index ffa58ce5bb..0000000000 --- a/SPECS/apr-util/apr-util.spec +++ /dev/null @@ -1,185 +0,0 @@ -%define apuver 1 - -Summary: The Apache Portable Runtime Utility Library -Name: apr-util -Version: 1.6.3 -Release: 2%{?dist} -License: Apache License 2.0 -URL: https://apr.apache.org -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://archive.apache.org/dist/apr/%{name}-%{version}.tar.gz -%define sha512 %{name}=25f078413dc552b3391845b3dc1da72773efe181634deb2f88a9c72a1a49c82883113704bf97db8327012ccafb84a68370267925e3c7cc092ed82fc33fd7954e - -BuildRequires: apr-devel -BuildRequires: sqlite-devel -BuildRequires: openssl-devel -BuildRequires: nss-devel -BuildRequires: expat-devel -BuildRequires: openldap-devel -BuildRequires: postgresql15-devel - -Requires: apr -Requires: openssl -Requires: expat -Requires: nss - -%description -The Apache Portable Runtime Utility Library. - -%package devel -Group: Development/Libraries -Summary: APR utility library development kit -Requires: apr-devel -Requires: expat-devel -Requires: util-linux-devel -Requires: openldap-devel -Requires: %{name} = %{version}-%{release} - -%description devel -This package provides the support files which can be used to -build applications using the APR utility library. - -%package ldap -Group: Development/Libraries -Summary: APR utility library LDAP support -Requires: %{name} = %{version}-%{release} -Requires: openldap - -%description ldap -This package provides the LDAP support for the %{name}. - -%package pgsql -Group: Development/Libraries -Summary: APR utility library PostgreSQL DBD driver -Requires: %{name} = %{version}-%{release} -Requires: (postgresql15 or postgresql14 or postgresql13) - -%description pgsql -This package provides the PostgreSQL driver for the %{name} DBD (database abstraction) interface. - -%package sqlite -Group: Development/Libraries -Summary: APR utility library SQLite DBD driver. -Requires: %{name} = %{version}-%{release} - -%description sqlite -This package provides the SQLite driver for the %{name} DBD -(database abstraction) interface. - -%prep -%autosetup -p1 - -%build -%configure \ - --with-apr=%{_prefix} \ - --with-ldap \ - --without-gdbm \ - --with-sqlite3 \ - --with-pgsql \ - --without-sqlite2 \ - --with-openssl=%{_prefix} \ - --with-nss \ - --with-crypto - -%make_build - -%install -%make_install %{?_smp_mflags} - -%check -%make_build check - -%clean -rm -rf %{buildroot} - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_libdir}/aprutil.exp -%{_libdir}/libaprutil-%{apuver}.so.* -%{_libdir}/%{name}-%{apuver}/apr_crypto_nss* -%{_libdir}/%{name}-%{apuver}/apr_crypto_openssl* -%exclude %dir %{_libdir}/debug - -%files devel -%defattr(-,root,root) -%{_libdir}/libaprutil-%{apuver}.*a -%{_libdir}/libaprutil-%{apuver}.so -%{_bindir}/* -%{_includedir}/* -%{_libdir}/pkgconfig/%{name}-%{apuver}.pc - -%files ldap -%defattr(-,root,root,-) -%{_libdir}/%{name}-%{apuver}/apr_ldap* - -%files pgsql -%defattr(-,root,root,-) -%{_libdir}/%{name}-%{apuver}/apr_dbd_pgsql* - -%files sqlite -%defattr(-,root,root,-) -%{_libdir}/%{name}-%{apuver}/apr_dbd_sqlite* - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 1.6.3-2 -- Bump version as a part of openssl upgrade -* Fri Sep 29 2023 Nitesh Kumar 1.6.3-1 -- Version upgrade to v1.6.3 to fix CVE-2022-25147 -* Tue Sep 19 2023 Nitesh Kumar 1.6.1-13 -- Bump version as a part of openldap v2.6.4 upgrade -* Fri Aug 25 2023 Shreenidhi Shedi 1.6.1-12 -- Fix devel package requires -* Tue May 09 2023 Shreenidhi Shedi 1.6.1-11 -- Bump version as a part of nss upgrade -* Wed Feb 08 2023 Shreenidhi Shedi 1.6.1-10 -- Bump version as a part of openldap upgrade -* Fri Jan 20 2023 Shreenidhi Shedi 1.6.1-9 -- Remove pgsql-12 dependency -* Wed Jan 11 2023 Oliver Kurth 1.6.1-8 -- bump release as part of sqlite update -* Thu Jan 05 2023 Shreenidhi Shedi 1.6.1-7 -- Bump version as a part of postgresql fixes -* Sat Jul 30 2022 Shreenidhi Shedi 1.6.1-6 -- Bump version as a part of sqlite upgrade -* Mon Feb 28 2022 Shreenidhi Shedi 1.6.1-5 -- Fix binary path -* Wed Aug 04 2021 Satya Naga Vasamsetty 1.6.1-4 -- Bump up release for openssl -* Tue Sep 29 2020 Satya Naga Vasamsetty 1.6.1-3 -- openssl 1.1.1 -* Fri Sep 21 2018 Dweep Advani 1.6.1-2 -- Consuming postgresql 10.5 -* Tue Sep 18 2018 Ankit Jain 1.6.1-1 -- Updated to version 1.6.1 -* Mon Sep 18 2017 Rui Gu 1.5.4-12 -- Disable smp_flag on make check because of race condition -* Thu Jul 6 2017 Divya Thaluru 1.5.4-11 -- Added build requires on postgresql-devel -* Wed May 10 2017 Harish Udaiya Kumar 1.5.4-10 -- Add missing Requires. -* Tue Apr 18 2017 Alexey Makhalov 1.5.4-9 -- Add expat-devel build deps otherwise it builds expat from its source tree -* Fri Nov 18 2016 Alexey Makhalov 1.5.4-8 -- Add sqlite-devel build deps -* Tue May 24 2016 Priyesh Padmavilasom 1.5.4-7 -- GA - Bump release of all rpms -* Wed Apr 13 2016 Priyesh Padmavilasom 1.5.4-6 -- remove libexpat files -* Tue Sep 22 2015 Harish Udaiya Kumar 1.5.4-5 -- Updated build-requires after creating devel package for apr. -* Wed Sep 16 2015 Xiaolin Li 1.5.4-4 -- Seperate Separate apr-util to apr-util, apr-util-devel, aprutil-ldap, apr-util-pgsql, and apr-utilsqlite. -* Wed Jul 15 2015 Sarah Choi 1.5.4-4 -- Use apuver(=1) instead of version for mesos -* Mon Jul 13 2015 Alexey Makhalov 1.5.2-3 -- Exclude /usr/lib/debug -* Wed Jul 01 2015 Touseef Liaqat 1.5.2-2 -- Fix tags and paths. -* Wed May 20 2015 Touseef Liaqat 1.5.4-1 -- Initial build. First version diff --git a/SPECS/apr/apr-skip-getservbyname-test.patch b/SPECS/apr/apr-skip-getservbyname-test.patch deleted file mode 100644 index c50830a71e..0000000000 --- a/SPECS/apr/apr-skip-getservbyname-test.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff --git a/test/testsock.c b/test/testsock.c -index 09f2a9e..b1cf8ba 100644 ---- a/test/testsock.c -+++ b/test/testsock.c -@@ -155,16 +155,22 @@ static void test_serv_by_name(abts_case *tc, void *data) - rv = apr_sockaddr_info_get(&sa, NULL, APR_UNSPEC, 0, 0, p); - APR_ASSERT_SUCCESS(tc, "Problem generating sockaddr", rv); - -+ /* /etc/services is not available while compiling, so apr_getservbyname -+ * will always return APR_ENOENT. */ -+#if 0 - rv = apr_getservbyname(sa, "ftp"); - APR_ASSERT_SUCCESS(tc, "Problem getting ftp service", rv); - ABTS_INT_EQUAL(tc, 21, sa->port); -+#endif - - rv = apr_getservbyname(sa, "complete_and_utter_rubbish"); - APR_ASSERT_SUCCESS(tc, "Problem getting non-existent service", !rv); - -+#if 0 - rv = apr_getservbyname(sa, "telnet"); - APR_ASSERT_SUCCESS(tc, "Problem getting telnet service", rv); - ABTS_INT_EQUAL(tc, 23, sa->port); -+#endif - } - - static apr_socket_t *setup_socket(abts_case *tc) diff --git a/SPECS/apr/apr.spec b/SPECS/apr/apr.spec deleted file mode 100644 index bda3538ed7..0000000000 --- a/SPECS/apr/apr.spec +++ /dev/null @@ -1,94 +0,0 @@ -%global aprver 1 -%global __brp_remove_la_files %{nil} - -Summary: The Apache Portable Runtime -Name: apr -Version: 1.7.0 -Release: 5%{?dist} -License: Apache License 2.0 -URL: https://apr.apache.org -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://archive.apache.org/dist/%{name}/%{name}-%{version}.tar.gz -%define sha512 %{name}=daa140c83c7e2c45c3980d9dc81d34fa662bebd050653562c39572d0ddf2eaedb71767c518a59d77f59db9b32e00221ef48b9f72ec3666c4521dd511969f3706 - -%if 0%{?with_check} -Patch0: apr-skip-getservbyname-test.patch -%endif - -%description -The Apache Portable Runtime. - -%package devel -Summary: Header and development files -Requires: %{name} = %{version}-%{release} -Requires: util-linux-devel - -%description devel -It contains the libraries and header files to create applications. - -%prep -%autosetup -p1 - -%build -%configure \ - --with-installbuilddir=%{_libdir}/%{name}/build-%{aprver} \ - --with-devrandom=/dev/urandom \ - CC=gcc CXX=g++ - -%make_build - -%install -%make_install %{?_smp_mflags} - -%check -%make_build check - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_libdir}/%{name}/* -%{_libdir}/%{name}.exp -%{_libdir}/libapr*.so.* -%exclude %dir %{_libdir}/debug -%{_bindir}/* - -%files devel -%defattr(-,root,root) -%{_includedir}/* -%{_libdir}/*.a -%{_libdir}/*.la -%{_libdir}/*.so -%{_libdir}/pkgconfig - -%changelog -* Fri Aug 25 2023 Shreenidhi Shedi 1.7.0-5 -- Fix devel package requires -* Sun Aug 07 2022 Shreenidhi Shedi 1.7.0-4 -- Don't remove .la files, needed during subversion build -* Mon Feb 28 2022 Shreenidhi Shedi 1.7.0-3 -- Fix binary path -* Tue Feb 16 2021 Ankit Jain 1.7.0-2 -- Fix make check -* Mon Jul 13 2020 Gerrit Photon 1.7.0-1 -- Automatic Version Bump -* Tue Sep 18 2018 Ankit Jain 1.6.5-1 -- Updated to version 1.6.5 -* Fri Dec 08 2017 Xiaolin Li 1.5.2-7 -- Fix CVE-2017-12613 -* Tue May 24 2016 Priyesh Padmavilasom 1.5.2-6 -- GA - Bump release of all rpms -* Mon Sep 21 2015 Harish Udaiya Kumar 1.5.2-5 -- Repacked to move the include files in devel package. -* Wed Jul 15 2015 Sarah Choi 1.5.2-4 -- Use aprver(=1) instead of version for mesos -* Mon Jul 13 2015 Alexey Makhalov 1.5.2-3 -- Exclude /usr/lib/debug -* Wed Jul 01 2015 Touseef Liaqat 1.5.2-2 -- Fix tags and paths. -* Wed May 20 2015 Touseef Liaqat 1.5.2-1 -- Initial build. First version diff --git a/SPECS/argon2/argon2.spec b/SPECS/argon2/argon2.spec deleted file mode 100644 index b4d2a39c3d..0000000000 --- a/SPECS/argon2/argon2.spec +++ /dev/null @@ -1,89 +0,0 @@ -%global libname libargon2 -%global soname 1 - -Summary: Tools for password hashing -Name: argon2 -Version: 20190702 -Release: 3%{?dist} -License: Apache 2.0 -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon -URL: /~https://github.com/P-H-C/phc-winner-argon2 - -Source0: /~https://github.com/P-H-C/phc-winner-argon2/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=0a4cb89e8e63399f7df069e2862ccd05308b7652bf4ab74372842f66bcc60776399e0eaf979a7b7e31436b5e6913fe5b0a6949549d8c82ebd06e0629b106e85f - -BuildRequires: gcc -BuildRequires: make - -Requires: %{libname} = %{version}-%{release} -Requires: libpwquality - -%description -Argon2 is a password-hashing function that summarizes the state of the art in the design of memory-hard functions and can be used to hash passwords for credential storage, key derivation, or other applications. - -%package -n %{libname} -Summary: Argon2 password hashing library -Group: Development/Libraries -Provides: %{libname}.so.%{soname}()(64bit) - -%description -n %{libname} -Libraries for integrating with Argon2 - -%package -n %{libname}-devel -Summary: Argon2 password hashing libraries and headers -Group: Development/Libraries -Requires: %{libname} = %{version}-%{release} - -%description -n %{libname}-devel -Libraries and Headers for integrating with Argon2 - -%prep -%autosetup -p1 -n phc-winner-%{name}-%{version} - -%build -%make_build LIBRARY_REL=lib OPTTARGET=%{_arch} - -%install -%make_install LIBRARY_REL=lib OPTTARGET=%{_arch} \ - PREFIX=%{_prefix} %{?_smp_mflags} - -rm %{buildroot}%{_libdir}/*.a -install -Dpm 644 %{libname}.pc %{buildroot}%{_libdir}/pkgconfig/%{libname}.pc - -%if 0%{?with_check} -%check -make test %{?_smp_mflags} -%endif - -%clean -rm -rf %{buildroot}/* - -%post -n %{libname} -/sbin/ldconfig - -%postun -n %{libname} -/sbin/ldconfig - -%files -%defattr(-,root,root) -%{_bindir}/%{name} - -%files -n %{libname} -%defattr(-,root,root) -%{_libdir}/%{libname}.so.%{soname} - -%files -n %{libname}-devel -%defattr(-,root,root) -%{_includedir}/%{name}.h -%{_libdir}/%{libname}.so -%{_libdir}/pkgconfig/%{libname}.pc - -%changelog -* Fri May 05 2023 Shreenidhi Shedi 20190702-3 -- Remove _isa entries -* Thu Jul 29 2021 Vamsi Krishna Brahmajosyula 20190702-2 -- Pass OPTTARGET=%{_arch} to make to avoid building package for native instruction set -* Thu Apr 8 2021 Vamsi Krishna Brahmajosyula 20190702-1 -- Initial package diff --git a/SPECS/asciidoc3/asciidoc3-py311.patch b/SPECS/asciidoc3/asciidoc3-py311.patch deleted file mode 100644 index 990b6ba4b4..0000000000 --- a/SPECS/asciidoc3/asciidoc3-py311.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/setup.py b/setup.py -index babc7f2..c4abbcd 100755 ---- a/setup.py -+++ b/setup.py -@@ -109,8 +109,6 @@ for dirprefix in PREFIX_TUPLE: - 'images/helloworld.jpg', - 'images/highlighter.png', - 'images/highlight.jpg', -- 'images/latexmath_source.png', -- 'images/logo_asciidoc3.png', - 'images/redsquare.jpg', - 'images/smallnew.png', - 'images/tiger.png', ])) diff --git a/SPECS/asciidoc3/asciidoc3.spec b/SPECS/asciidoc3/asciidoc3.spec deleted file mode 100644 index 35e714babf..0000000000 --- a/SPECS/asciidoc3/asciidoc3.spec +++ /dev/null @@ -1,67 +0,0 @@ -%define debug_package %{nil} - -Summary: AsciiDoc is a human readable text document format -Name: asciidoc3 -Version: 3.2.3 -Release: 2%{?dist} -License: GPLv2+ -URL: https://gitlab.com/asciidoc3/asciidoc3 -Group: System Environment/Development -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://asciidoc3.org/%{name}-%{version}.tar.gz -%define sha512 %{name}=926f367b1740a40a03beb9c45a05de855e69d8c2ac9b9a66c19dd21f65f8250b3fad02b283f7f8b2fb7ea131d4836d5aa623647e1931b682a9a9e91f62863f6c -Patch0: asciidoc3-py311.patch - -BuildRequires: python3-devel -BuildRequires: python3-pip -BuildRequires: python3-setuptools - -Requires: python3-setuptools -Requires: python3 - -BuildArch: noarch - -Provides: asciidoc - -%description -AsciiDoc3 is a text document format for writing notes, documentation, -articles, books, ebooks, slideshows, web pages, man pages and blogs. -AsciiDoc3 files can be translated to many formats including HTML, PDF, -EPUB, man page, and DocBook markup. AsciiDoc3 is highly configurable: -both the AsciiDoc3 source file syntax and the backend output markups -(which can be almost any type of SGML/XML markup) can be customized -and extended by the user. - -%prep -%autosetup -p1 -n %{name}-v%{version} - -%build -%{py3_build} - -%install -%{py3_install} -mv %{buildroot}/%{name} %{buildroot}%{python3_sitelib} -ln -sfv %{_bindir}/%{name} %{buildroot}%{_bindir}/asciidoc - -%clean -rm -rf %{buildroot}/* - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root,-) -%{python3_sitelib}/* -%{_bindir}/* - -%changelog -* Fri Dec 02 2022 Prashant S Chauhan 3.2.3-2 -- Update release to compile with python 3.11 -* Mon Oct 31 2022 Prashant S Chauhan 3.2.3-1 -- Update to 3.2.3 -* Thu Sep 29 2022 Shreenidhi Shedi 3.2.0-2 -- Provde asciidoc from asciidoc3 -* Sun Jun 21 2020 Tapas Kundu 3.2.0-1 -- Initial build. First version diff --git a/SPECS/at-spi2-core/at-spi2-core.spec b/SPECS/at-spi2-core/at-spi2-core.spec deleted file mode 100644 index 0848f92d88..0000000000 --- a/SPECS/at-spi2-core/at-spi2-core.spec +++ /dev/null @@ -1,110 +0,0 @@ -Summary: Service Provider Interface for the Assistive Technologies. -Name: at-spi2-core -Version: 2.46.0 -Release: 5%{?dist} -License: LGPLv2+ -URL: http://www.linuxfoundation.org/en/AT-SPI_on_D-Bus -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnome.org/pub/gnome/sources/%{name}/2.46/%{name}-%{version}.tar.xz -%define sha512 at-spi2-core=633af2c02fab3b8cb02e37f929ce80dd5ce28ca5641046ef5e25cb29299530b90028e6c6f318a0c098a4270bed3eab48fb55d6967a76bfadd2520f49de47c770 - -BuildRequires: meson >= 0.50 -BuildRequires: libxml2-devel -BuildRequires: intltool -BuildRequires: glib-devel -BuildRequires: dbus-devel -BuildRequires: libX11-devel -BuildRequires: libXtst-devel -BuildRequires: libXext-devel -BuildRequires: libXi-devel - -Requires: dbus -Requires: glib -Requires: libX11 -Requires: libXtst -Requires: libXext -Requires: libXi -Requires: atk - -%description -The At-Spi2 Core package is a part of the GNOME Accessibility Project. It provides a Service Provider Interface for the Assistive Technologies available on the GNOME platform and a library against which applications can be linked. - -%package devel -Summary: Header and development files -Requires: %{name} = %{version} -Requires: glib-devel -Requires: dbus-devel -Requires: libX11-devel -Requires: libXtst-devel -Requires: libXext-devel -Requires: libXi-devel -Requires: atk-devel - -%description devel -It contains the libraries and header files to create applications - -%prep -%autosetup -p1 - -%build -%meson \ - -Dx11=yes \ - %{nil} - -%meson_build - -%install -%meson_install - -rm -rf \ - %{buildroot}%{_libdir}/libatk-1.0* \ - %{buildroot}%{_includedir}/atk-1.0/ \ - %{buildroot}%{_libdir}/pkgconfig/atk.pc - -%ldconfig_scriptlets - -%check -%meson_test - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_sysconfdir}/* -%{_libexecdir}/* -%{_libdir}/libatk-bridge*.so.* -%{_libdir}/libatspi*.so.* - -%files devel -%defattr(-,root,root) -%{_datadir}/* -%{_includedir}/at-spi-2.0/* -%{_includedir}/at-spi2-atk/* -%{_libdir}/libatk-bridge*.so -%{_libdir}/libatspi*.so -%{_libdir}/gtk-2.0/modules/libatk-bridge.so -%{_libdir}/gnome-settings-daemon-3.0/gtk-modules/at-spi2-atk.desktop -%{_libdir}/systemd/user/at-spi-dbus-bus.service -%{_libdir}/pkgconfig/*.pc - -%changelog -* Sat Aug 26 2023 Shreenidhi Shedi 2.46.0-5 -- Add atk-devel to devel package requires -* Wed Jun 21 2023 Kuntal Nayak 2.46.0-4 -- Bump version as a part of libXi upgrade -* Wed Jun 14 2023 Shivani Agarwal 2.46.0-3 -- Bump version as a part of libX11 upgrade -* Wed Apr 19 2023 Ashwin Dayanand Kamat 2.46.0-2 -- Bump version as a part of libxml2 upgrade -* Thu Dec 15 2022 Gerrit Photon 2.46.0-1 -- Automatic Version Bump -* Mon Sep 05 2022 Shivani Agarwal 2.45.91-1 -- Version update -* Fri Aug 06 2021 Alexey Makhalov 2.40.3-1 -- Version update -* Wed May 27 2015 Alexey Makhalov 2.16.0-1 -- initial version diff --git a/SPECS/atftp/atftp.spec b/SPECS/atftp/atftp.spec deleted file mode 100644 index ab775ebac1..0000000000 --- a/SPECS/atftp/atftp.spec +++ /dev/null @@ -1,170 +0,0 @@ -Summary: Advanced Trivial File Transfer Protocol (ATFTP) - TFTP server -Name: atftp -Version: 0.8.0 -Release: 5%{?dist} -URL: http://sourceforge.net/projects/atftp -License: GPLv2+ and GPLv3+ and LGPLv2+ -Group: System Environment/Daemons -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://sourceforge.net/projects/%{name}/files/latest/download/%{name}-%{version}.tar.gz -%define sha512 %{name}=b700b3e4182970fb494ffabd49e39d3622b1aff5f69882549eff0b52a01c8c47babe51b451c4829f9b833ea2ea7c590a2f3819f8e3508176fa7d1b5c0e152b68 - -Source1: %{name}.sysusers - -BuildRequires: systemd-devel -BuildRequires: readline-devel -BuildRequires: pcre2-devel -BuildRequires: systemd-devel - -Requires: systemd -Requires: pcre2-libs -Requires(pre): systemd-rpm-macros - -Provides: tftp-server - -Provides: tftp - -%description -Multithreaded TFTP server implementing all options (option extension and -multicast) as specified in RFC1350, RFC2090, RFC2347, RFC2348 and RFC2349. -Atftpd also support multicast protocol knowed as mtftp, defined in the PXE -specification. The server supports being started from inetd(8) as well as -a deamon using init scripts. - -%package client -Summary: Advanced Trivial File Transfer Protocol (ATFTP) - TFTP client -Group: Applications/Internet - -%description client -Advanced Trivial File Transfer Protocol client program for requesting -files using the TFTP protocol. - -%prep -%autosetup -p1 - -%build -sh ./autogen.sh -%configure -%make_build - -%install -%make_install %{?_smp_mflags} - -mkdir -p %{buildroot}%{_sharedstatedir}/tftpboot \ - %{buildroot}%{_unitdir} \ - %{buildroot}%{_sysconfdir}/sysconfig \ - %{buildroot}%{_sysusersdir} - -install -p -m 644 %{SOURCE1} %{buildroot}%{_sysusersdir}/ -cat << EOF >> %{buildroot}%{_unitdir}/atftpd.service -[Unit] -Description=The tftp server serves files using the trivial file transfer protocol. - -[Service] -EnvironmentFile=%{_sysconfdir}/sysconfig/atftpd -ExecStart=%{_sbindir}/atftpd --user \$ATFTPD_USER --group \$ATFTPD_GROUP \$ATFTPD_DIRECTORY -StandardInput=socket - -[Install] -Also=atftpd.socket -EOF - -cat << EOF >> %{buildroot}%{_unitdir}/atftpd.socket -[Unit] -Description=Tftp Server Socket - -[Socket] -ListenDatagram=69 - -[Install] -WantedBy=sockets.target -EOF - -cat << EOF >> %{buildroot}%{_sysconfdir}/sysconfig/atftpd -ATFTPD_USER=tftp -ATFTPD_GROUP=tftp -ATFTPD_OPTIONS= -ATFTPD_USE_INETD=false -ATFTPD_DIRECTORY=%{_sharedstatedir}/tftpboot -ATFTPD_BIND_ADDRESSES= -EOF - -%if 0%{?with_check} -%check -make %{?_smp_mflags} check -%endif - -%pre -if [ $1 -eq 1 ] ; then - %sysusers_create_compat %{SOURCE1} -fi - -%preun -%systemd_preun atftpd.socket - -%post -/sbin/ldconfig -%systemd_post atftpd.socket - -%postun -/sbin/ldconfig -%systemd_postun_with_restart atftpd.socket - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root) -%dir %attr(0750,nobody,nobody) %{_var}/lib/tftpboot -%{_mandir}/man8/atftpd.8.gz -%{_mandir}/man8/in.tftpd.8.gz -%{_sbindir}/atftpd -%{_sbindir}/in.tftpd -%{_unitdir}/atftpd.service -%{_unitdir}/atftpd.socket -%{_sysconfdir}/sysconfig/atftpd -%{_sysusersdir}/%{name}.sysusers - -%files client -%defattr(-,root,root) -%{_mandir}/man1/atftp.1.gz -%{_bindir}/atftp - -%changelog -* Tue Aug 08 2023 Mukul Sikka 0.8.0-5 -- Resolving systemd-rpm-macros for group creation -* Mon Jul 24 2023 Brennan Lamoreaux 0.8.0-4 -- Version bump as part of pcre2 update -* Fri Mar 10 2023 Mukul Sikka 0.8.0-3 -- Use systemd-rpm-macros for user creation -* Thu Dec 22 2022 Shreenidhi Shedi 0.8.0-2 -- Bump version as a part of readline upgrade -* Thu Dec 15 2022 Shreenidhi Shedi 0.8.0-1 -- Upgrade to v0.8.0 -* Mon Sep 27 2021 Shreenidhi Shedi 0.7.5-1 -- Upgrade to v0.7.5, fixes CVE-2021-41054 -* Mon Apr 12 2021 Gerrit Photon 0.7.4-1 -- Automatic Version Bump -* Wed Jan 20 2021 Tapas Kundu 0.7.2-2 -- Fix CVE-2020-6097 -* Tue Jun 25 2019 Tapas Kundu 0.7.2-1 -- Updated to release 0.7.2 -* Mon Sep 18 2017 Alexey Makhalov 0.7.1-8 -- Remove shadow from requires and use explicit tools for post actions -* Thu May 26 2016 Divya Thaluru 0.7.1-7 -- Fixed logic to restart the active services after upgrade -* Tue May 24 2016 Priyesh Padmavilasom 0.7.1-6 -- GA - Bump release of all rpms -* Fri May 6 2016 Divya Thaluru 0.7.1-5 -- Adding post-install run time dependencies -* Tue May 3 2016 Divya Thaluru 0.7.1-4 -- Fixing spec file to handle rpm upgrade scenario correctly -* Thu Dec 10 2015 Xiaolin Li 0.7.1-3 -- Add systemd to Requires and BuildRequires. -- Use systemctl to enable/disable service. -* Mon Nov 23 2015 Xiaolin Li 0.7.1-2 -- Chang tftpd from xinetd service to systemd service. -* Thu Nov 12 2015 Kumar Kaushik 0.7.1-1 -- Initial build. First version diff --git a/SPECS/atftp/atftp.sysusers b/SPECS/atftp/atftp.sysusers deleted file mode 100644 index 0c9ea30aaa..0000000000 --- a/SPECS/atftp/atftp.sysusers +++ /dev/null @@ -1,2 +0,0 @@ -g tftp - -u tftp - "tftp" /home/tftp /bin/false diff --git a/SPECS/atk/atk.spec b/SPECS/atk/atk.spec deleted file mode 100644 index abb5b87b3b..0000000000 --- a/SPECS/atk/atk.spec +++ /dev/null @@ -1,65 +0,0 @@ -Summary: Accessibility interfaces to have full access to view and control running applications. -Name: atk -Version: 2.38.0 -Release: 1%{?dist} -License: LGPLv2+ -URL: http://www.gnome.org -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnome.org/pub/gnome/sources/%{name}/2.16/%{name}-%{version}.tar.xz -%define sha512 atk=dffd0a0814a9183027c38a985d86cb6544858e9e7d655843e153440467957d6bc1abd9c9479a57078aea018053410438a30a9befb7414dc79020b223cd2c774b - -BuildRequires: cmake -BuildRequires: meson -BuildRequires: glib-devel -BuildRequires: gobject-introspection-devel -Requires: glib - -%description -ATK provides the set of accessibility interfaces that are implemented by other toolkits and applications. Using the ATK interfaces, accessibility tools have full access to view and control running applications. - -%package devel -Summary: Header and development files for -Requires: %{name} = %{version}-%{release} -Requires: gobject-introspection-devel - -%description devel -It contains the libraries and header files to create applications - -%prep -%autosetup -p1 - -%build -%meson -%meson_build - -%install -%meson_install - -%ldconfig_scriptlets - -%check -%meson_test - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_libdir}/*.so.* -%{_datadir}/* -%{_libdir}/girepository-1.0 - -%files devel -%defattr(-,root,root) -%{_includedir}/* -%{_libdir}/*.so -%{_libdir}/pkgconfig - -%changelog -* Fri Aug 19 2022 Shivani Agarwal 2.38.0-1 -- Upgrade version 2.38.0 -* Thu May 21 2015 Alexey Makhalov 2.16.0-1 -- initial version diff --git a/SPECS/attr/attr.spec b/SPECS/attr/attr.spec deleted file mode 100644 index e872fa996a..0000000000 --- a/SPECS/attr/attr.spec +++ /dev/null @@ -1,92 +0,0 @@ -Summary: Attr-2.5.1 -Name: attr -Version: 2.5.1 -Release: 2%{?dist} -License: GPLv2+ -URL: https://savannah.nongnu.org/projects/attr -Group: System Environment/Security -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://download.savannah.gnu.org/releases/attr/%{name}-%{version}.tar.gz -%define sha512 %{name}=8b4c043d61f8f3e0cd098e701181069f51117b85fd6ba18bfe9af77d894ea671232377d4793ffc822e9259ceee6ac71d75732eb93b2830c6cb5d0d918ba2d21b - -%description -The attr package contains utilities to administer the extended attributes on filesystem objects. - -%package devel -Summary: Libraries and header files for attr -Requires: %{name} = %{version}-%{release} - -%description devel -Static libraries and header files for the support library for attr. - -%package lang -Summary: Additional language files for attr -Group: System Environment/Security -Requires: %{name} = %{version}-%{release} - -%description lang -These are the additional language files of attr. - -%prep -%autosetup -p1 - -%build -%configure \ - --disable-static - -%make_build - -%install -%make_install %{?_smp_mflags} - -install -vdm 755 %{buildroot}%{_sysconfdir} -chmod -v 755 %{buildroot}%{_libdir}/libattr.so -ln -fsv ../sys/xattr.h %{buildroot}%{_includedir}/%{name}/xattr.h - -#the man pages are already installed by man-pages package -rm -fv %{buildroot}/%{_libdir}/*.la \ - %{buildroot}%{_mandir}/man5/attr.5* - -%find_lang %{name} - -%if 0%{?with_check} -%check -%make_build check -%endif - -%files -%defattr(-,root,root) -%{_mandir}/man1/* -%{_bindir}/* -%{_libdir}/*.so.* -%config(noreplace) %{_sysconfdir}/xattr.conf - -%files devel -%defattr(-,root,root) -%doc %{_docdir}/%{name}/* -%{_libdir}/*.so -%{_mandir}/man3/* -%{_includedir}/%{name}/* -%{_libdir}/pkgconfig/libattr.pc - -%files lang -f %{name}.lang -%defattr(-,root,root) - -%changelog -* Mon Jul 24 2023 Shreenidhi Shedi 2.5.1-2 -- Fix spec issues -- Move *.so to devel package -* Mon Apr 12 2021 Gerrit Photon 2.5.1-1 -- Automatic Version Bump -* Tue Sep 18 2018 Ankit Jain 2.4.48-1 -- Updated to version 2.4.48 -* Wed Nov 23 2016 Alexey Makhalov 2.4.47-4 -- Added -lang and -devel subpackages -* Tue May 24 2016 Priyesh Padmavilasom 2.4.47-3 -- GA - Bump release of all rpms -* Thu Feb 25 2016 Anish Swaminathan 2.4.47-2 -- Remove man pages provided by man-pages -* Thu Oct 23 2014 Divya Thaluru 2.4.47-1 -- Initial version diff --git a/SPECS/audit/audit-3.0.8-flex-array-workaround.patch b/SPECS/audit/audit-3.0.8-flex-array-workaround.patch deleted file mode 100644 index 522425bbe6..0000000000 --- a/SPECS/audit/audit-3.0.8-flex-array-workaround.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0d31f225faef8da3fcd0f69f6544aa274102fe53 Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Feb 23 2022 19:24:50 +0000 -Subject: workaround a kernel change that breaks the build - -diff -urp audit-3.0.8.orig/bindings/swig/src/auditswig.i audit-3.0.8/bindings/swig/src/auditswig.i ---- audit-3.0.8.orig/bindings/swig/src/auditswig.i 2022-03-29 16:52:34.000000000 -0400 -+++ audit-3.0.8/bindings/swig/src/auditswig.i 2022-03-29 17:31:15.810268855 -0400 -@@ -39,7 +39,7 @@ signed - #define __attribute(X) /*nothing*/ - typedef unsigned __u32; - typedef unsigned uid_t; --%include "/usr/include/linux/audit.h" -+%include "../lib/audit.h" - #define __extension__ /*nothing*/ - %include - %include "../lib/libaudit.h" -diff -urp audit-3.0.8.orig/lib/audit.h audit-3.0.8/lib/audit.h ---- audit-3.0.8.orig/lib/audit.h 2022-03-29 17:29:30.358211892 -0400 -+++ audit-3.0.8/lib/audit.h 2022-03-29 17:31:15.811268833 -0400 -@@ -514,7 +514,7 @@ struct audit_rule_data { - __u32 values[AUDIT_MAX_FIELDS]; - __u32 fieldflags[AUDIT_MAX_FIELDS]; - __u32 buflen; /* total length of string fields */ -- char buf[]; /* string fields buffer */ -+ char buf[0]; /* string fields buffer */ - }; - - #endif /* _LINUX_AUDIT_H_ */ -diff -urp audit-3.0.8.orig/lib/libaudit.h audit-3.0.8/lib/libaudit.h ---- audit-3.0.8.orig/lib/libaudit.h 2022-03-29 16:52:34.000000000 -0400 -+++ audit-3.0.8/lib/libaudit.h 2022-03-29 17:31:15.812268812 -0400 -@@ -27,7 +27,7 @@ - #include - #include - #include --#include -+#include "audit.h" - #include - #include - #ifndef __attr_access diff --git a/SPECS/audit/audit-3.0.8-undo-flex-array.patch b/SPECS/audit/audit-3.0.8-undo-flex-array.patch deleted file mode 100644 index 42f7ca627f..0000000000 --- a/SPECS/audit/audit-3.0.8-undo-flex-array.patch +++ /dev/null @@ -1,16 +0,0 @@ -From 04a979b02d3d868b547a4f2ff316006db7c58c09 Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Feb 24 2022 13:24:30 +0000 -Subject: Undo fix to libaudit.h before installing - -diff -urp usr.orig/include/libaudit.h.orig usr/include/libaudit.h ---- usr.orig/include/libaudit.h.orig 2022-02-14 14:14:08.000000000 -0500 -+++ usr/include/libaudit.h 2022-02-23 13:35:52.638340789 -0500 -@@ -39,7 +39,7 @@ extern "C" { - #include - #include - #include --#include "audit.h" -+#include - #include - #include diff --git a/SPECS/audit/audit.spec b/SPECS/audit/audit.spec deleted file mode 100644 index 21c9a7c5ea..0000000000 --- a/SPECS/audit/audit.spec +++ /dev/null @@ -1,263 +0,0 @@ -%define with_golang 0 - -Summary: Kernel Audit Tool -Name: audit -Version: 3.0.9 -Release: 15%{?dist} -License: GPLv2+ -Group: System Environment/Security -URL: http://people.redhat.com/sgrubb/audit -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz -%define sha512 %{name}=5219eb0b41746eca3406008a97731c0083e7be50ec88563a39537de22cb69fe88490f5fe5a11535930f360b11a62538e2ff6cbe39e059cd760038363954ef4d6 - -# patches for audit workaround for linux-headers >= 5.17 -# /~https://github.com/linux-audit/audit-userspace/issues/252 -# /~https://github.com/linux-audit/audit-userspace/issues/236 -# https://listman.redhat.com/archives/linux-audit/2022-February/msg00085.html -# patch source: https://src.fedoraproject.org/rpms/audit/blob/rawhide/f/audit-3.0.8-flex-array-workaround.patch -Patch0: audit-3.0.8-flex-array-workaround.patch -Patch1: audit-3.0.8-undo-flex-array.patch - -BuildRequires: krb5-devel -BuildRequires: openldap-devel -BuildRequires: tcp_wrappers-devel -BuildRequires: libcap-ng-devel -BuildRequires: swig -BuildRequires: e2fsprogs-devel -BuildRequires: python3-devel -BuildRequires: systemd-devel - -%if 0%{?with_golang} -BuildRequires: go -%endif - -Requires: systemd -Requires: krb5 -Requires: openldap -Requires: tcp_wrappers -Requires: libcap-ng -Requires: gawk - -%description -The audit package contains the user space utilities for -storing and searching the audit records generate by -the audit subsystem in the Linux 2.6 kernel. - -%package devel -Summary: The libraries and header files needed for audit development. -Requires: %{name} = %{version}-%{release} - -%description devel -The libraries and header files needed for audit development. - -%package -n python3-%{name} -Summary: Python3 bindings for libaudit -License: LGPLv2+ -Requires: %{name} = %{version}-%{release} -Requires: python3 - -%description -n python3-%{name} -The python3-audit package contains the python2 bindings for libaudit -and libauparse. - -%prep -# Using autosetup is not feasible -%setup -q -cp %{_includedir}/linux/%{name}.h lib/ -%autopatch -p1 -M0 - -%build -%configure \ - $(test %{_host} != %{_build} && echo "--with-sysroot=/target-%{_arch}") \ - --exec_prefix=%{_usr} \ - --with-python3=yes \ - --with-libwrap \ - --enable-gssapi-krb5=yes \ - --with-libcap-ng=yes \ - --with-aarch64 \ - --enable-zos-remote \ -%if 0%{?with_golang} - --with-golang \ -%endif - --enable-systemd \ - --disable-static - -%make_build - -%install -mkdir -p %{buildroot}/{etc/audispd/plugins.d,etc/%{name}/rules.d} \ - %{buildroot}%{_var}/log/%{name} \ - %{buildroot}%{_var}/spool/%{name} - -%make_install %{?_smp_mflags} - -install -vdm755 %{buildroot}%{_presetdir} -echo "disable auditd.service" > %{buildroot}%{_presetdir}/50-auditd.preset - -# undo the workaround -pushd %{buildroot} -patch --fuzz=1 -p0 < %{PATCH1} -find . -name '*.orig' -delete -popd - -%if 0%{?with_check} -%check -make %{?_smp_mflags} check -%endif - -%pretrans -p -path = "/var/log/audit" -st = posix.stat(path) -if st and st.type == "link" then - os.remove(path) -end - -%post -/sbin/ldconfig -%systemd_post auditd.service - -%postun -/sbin/ldconfig -%systemd_postun_with_restart auditd.service - -%preun -%systemd_preun auditd.service - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_sbindir}/* -%{_libdir}/*.so.* -%{_unitdir}/auditd.service -%{_presetdir}/50-auditd.preset -%{_libexecdir}/* -%{_mandir}/man5/* -%{_mandir}/man7/* -%{_mandir}/man8/* -%dir %{_var}/log/%{name} -%{_var}/spool/%{name} -%attr(750,root,root) %dir %{_sysconfdir}/%{name} -%attr(750,root,root) %dir %{_sysconfdir}/%{name}/rules.d - -%attr(750,root,root) %dir %{_sysconfdir}/audispd -%attr(750,root,root) %dir %{_sysconfdir}/audispd/plugins.d -%config(noreplace) %attr(640,root,root) %{_sysconfdir}/%{name}/auditd.conf -%config(noreplace) %attr(640,root,root) %{_sysconfdir}/%{name}/audisp-remote.conf -%config(noreplace) %attr(640,root,root) %{_sysconfdir}/%{name}/zos-remote.conf -%config(noreplace) %attr(640,root,root) %{_sysconfdir}/%{name}/plugins.d/*.conf -%ghost %config(noreplace) %attr(640,root,root) %{_sysconfdir}/%{name}/rules.d/%{name}.rules -%ghost %config(noreplace) %attr(640,root,root) %{_sysconfdir}/%{name}/%{name}.rules -%ghost %config(noreplace) %attr(640,root,root) %{_sysconfdir}/%{name}/%{name}-stop.rules -%ghost %config(noreplace) %attr(640,root,root) %{_datadir}/%{name}/sample-rules/*.rules -%ghost %config(noreplace) %attr(640,root,root) %{_datadir}/%{name}/sample-rules/README-rules -%config(noreplace) %attr(640,root,root) %{_sysconfdir}/libaudit.conf - -%files devel -%defattr(-,root,root) -%{_libdir}/*.so -%{_libdir}/pkgconfig/*.pc -%if 0%{?with_golang} -%{_libdir}/golang/* -%endif -%{_includedir}/*.h -%{_mandir}/man3/* -%{_datadir}/aclocal/%{name}.m4 - -%files -n python3-%{name} -%defattr(-,root,root,-) -%{python3_sitelib}/* - -%changelog -* Wed Oct 11 2023 Piyush Gupta 3.0.9-15 -- Bump up version to compile with new go -* Tue Sep 26 2023 Piyush Gupta 3.0.9-14 -- Bump up version to compile with new go -* Tue Sep 19 2023 Nitesh Kumar 3.0.9-13 -- Bump version as a part of openldap v2.6.4 upgrade -* Fri Jul 28 2023 Srish Srinivasan 3.0.9-12 -- Bump version as a part of krb5 upgrade -* Mon Jul 17 2023 Piyush Gupta 3.0.9-11 -- Bump up version to compile with new go -* Mon Jul 03 2023 Piyush Gupta 3.0.9-10 -- Bump up version to compile with new go -* Sat May 27 2023 Shreenidhi Shedi 3.0.9-9 -- Fix conflict during upgrade -* Wed May 03 2023 Piyush Gupta 3.0.9-8 -- Bump up version to compile with new go -* Thu Mar 09 2023 Piyush Gupta 3.0.9-7 -- Bump up version to compile with new go -* Wed Feb 08 2023 Shreenidhi Shedi 3.0.9-6 -- Bump version as a part of openldap upgrade -* Thu Jan 26 2023 Ashwin Dayanand Kamat 3.0.9-5 -- Bump version as a part of krb5 upgrade -* Thu Jan 12 2023 Him Kalyan Bordoloi 3.0.9-4 -- Bump up version no. as part of swig upgrade -* Wed Dec 14 2022 Prashant S Chauhan 3.0.9-3 -- Update release to compile with python 3.11 -* Tue Dec 06 2022 Keerthana K 3.0.9-2 -- Workaround for audit build failures with linux headers >= v5.17 -* Thu Dec 01 2022 Harinadh D 3.0.9-1 -- Version update -* Mon Nov 21 2022 Piyush Gupta 3.0.8-5 -- Bump up version to compile with new go -* Wed Oct 26 2022 Piyush Gupta 3.0.8-4 -- Bump up version to compile with new go -* Sun Aug 07 2022 Shreenidhi Shedi 3.0.8-3 -- Remove .la files -* Fri Jun 17 2022 Piyush Gupta 3.0.8-2 -- Bump up version to compile with new go -* Mon Apr 18 2022 Gerrit Photon 3.0.8-1 -- Automatic Version Bump -* Fri Jun 11 2021 Piyush Gupta 3.0.1-2 -- Bump up version to compile with new go -* Mon Apr 12 2021 Gerrit Photon 3.0.1-1 -- Automatic Version Bump -* Fri Feb 05 2021 Harinadh D 2.8.5-6 -- Bump up version to compile with new go -* Thu Jan 21 2021 Alexey Makhalov 2.8.5-5 -- GCC-10 support -* Fri Jan 15 2021 Piyush Gupta 2.8.5-4 -- Bump up version to compile with new go -* Mon Jun 22 2020 Tapas Kundu 2.8.5-3 -- Mass removal python2 -* Tue Nov 26 2019 Alexey Makhalov 2.8.5-2 -- Cross compilation support. -- Do not use BuildRequires in subpackages. -- Disable golang dependency. -* Thu Oct 17 2019 Shreyas B 2.8.5-1 -- Updated to version 2.8.5. -* Mon Sep 3 2018 Keerthana K 2.8.4-1 -- Updated to version 2.8.4. -* Thu Dec 28 2017 Divya Thaluru 2.7.5-4 -- Fixed the log file directory structure -* Thu Jun 29 2017 Divya Thaluru 2.7.5-3 -- Disabled audit service by default -* Thu May 18 2017 Xiaolin Li 2.7.5-2 -- Move python2 requires to python subpackage and added python3. -* Fri Apr 14 2017 Alexey Makhalov 2.7.5-1 -- Version update. -* Wed Dec 07 2016 Xiaolin Li 2.5-7 -- Moved man3 to devel subpackage. -* Thu Nov 24 2016 Alexey Makhalov 2.5-6 -- Required krb5-devel. -* Fri Jul 22 2016 Xiaolin Li 2.5-5 -- Add gawk requirement. -* Thu May 26 2016 Divya Thaluru 2.5-4 -- Fixed logic to restart the active services after upgrade -* Tue May 24 2016 Priyesh Padmavilasom 2.5-3 -- GA - Bump release of all rpms -* Tue May 3 2016 Divya Thaluru 2.5-2 -- Fixing spec file to handle rpm upgrade scenario correctly -* Tue Feb 23 2016 Anish Swaminathan 2.5-1 -- Upgrade to 2.5 -* Fri Jan 29 2016 Anish Swaminathan 2.4.4-4 -- Add directories for auditd service. -* Tue Jan 12 2016 Anish Swaminathan 2.4.4-3 -- Change config file attributes. -* Wed Dec 09 2015 Anish Swaminathan 2.4.4-2 -- Add systemd requirement. -* Fri Aug 28 2015 Divya Thaluru 2.4.4-1 -- Initial version diff --git a/SPECS/aufs-util/aufs-util.spec b/SPECS/aufs-util/aufs-util.spec deleted file mode 100644 index b9a8ac3d9c..0000000000 --- a/SPECS/aufs-util/aufs-util.spec +++ /dev/null @@ -1,61 +0,0 @@ -Summary: Utilities for aufs -Name: aufs-util -Version: 6.0 -Release: 1%{?dist} -License: GPLv2 -URL: https://sourceforge.net/p/aufs/aufs-util/ref/master/branches/ -Group: System Environment -Vendor: VMware, Inc. -Distribution: Photon - -Source0: %{name}-%{version}.tar.gz -%define sha512 %{name}=550f66d837fc840af1dfb3e518cbb6e6faff51ef46a1328719e6d04ac8aa8256c0fa75c878cb627d80ceb3caa2cc88198c09ed4bc0ea936824bfea87046467e6 -Source1: aufs-standalone-aufs6.0.tar.gz -%define sha512 aufs-standalone-aufs6.0=7028ad5671a4d0b473e6c7613bad18a6fcf0b01d9e908b4d5851bba4f686c01da157ab55a9f15448ac9575e63fa5fe6d0ebee4a4f9d2f7a93d6902462d1b6612 - -BuildArch: x86_64 - -Requires: linux-secure - -%description -These utilities are always necessary for aufs. - -%prep -# Using autosetup is not feasible -%setup -q -# Using autosetup is not feasible -%setup -q -T -D -b 1 -sed -i 's/__user//' ../aufs-standalone-aufs6.0/include/uapi/linux/aufs_type.h -sed -i '/override LDFLAGS += -static -s/d' Makefile - -%build -make CPPFLAGS="-I ${PWD}/../aufs-standalone-aufs6.0/include/uapi" DESTDIR=%{buildroot} %{?_smp_mflags} - -%install -make CPPFLAGS="-I ${PWD}/../aufs-standalone-aufs6.0/include/uapi" DESTDIR=%{buildroot} install %{?_smp_mflags} -mv %{buildroot}/sbin %{buildroot}%{_usr} - -%files -%defattr(-,root,root) -%{_sysconfdir}/* -%{_sbindir}/* -%{_bindir}/* -%{_libdir}/*.so* -%{_mandir}/* -%exclude %dir %{_libdir}/debug - -%changelog -* Tue Dec 13 2022 Ajay Kaher 6.0-1 -- Update to version 6.0 -* Mon Feb 28 2022 Shreenidhi Shedi 5.0-2 -- Fix binary path -* Fri Oct 09 2020 Ajay Kaher 5.0-1 -- Update to version 5.0 -* Mon Oct 22 2018 Ajay Kaher 4.14-2 -- Adding BuildArch -* Wed Sep 19 2018 Ajay Kaher 4.14-1 -- Update to version 4.14 -* Fri Jul 14 2017 Alexey Makhalov 20170206-2 -- Remove aufs source tarballs from git repo -* Fri Feb 10 2017 Alexey Makhalov 20170206-1 -- Initial build. First version diff --git a/SPECS/authbind/0001-adjust-makefile-to-help-build-rpms.patch b/SPECS/authbind/0001-adjust-makefile-to-help-build-rpms.patch deleted file mode 100644 index 76bbeb18b1..0000000000 --- a/SPECS/authbind/0001-adjust-makefile-to-help-build-rpms.patch +++ /dev/null @@ -1,91 +0,0 @@ -From e03689d480e0e3fd0388e8af8c233e68bdb78722 Mon Sep 17 00:00:00 2001 -From: Shreenidhi Shedi -Date: Sat, 26 Aug 2023 20:40:52 +0530 -Subject: [PATCH] adjust makefile to help build rpms - -Taken from: -https://src.fedoraproject.org/rpms/authbind/raw/rawhide/f/authbind-makefile-fixes.patch - -Signed-off-by: Shreenidhi Shedi ---- - Makefile | 36 +++++++++++++++++++----------------- - 1 file changed, 19 insertions(+), 17 deletions(-) - -diff --git a/Makefile b/Makefile -index 37a8673..1bed36f 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,5 +1,5 @@ - # Makefile for authbind --# -+# - # authbind is Copyright (C) 1998 Ian Jackson - # - # This program is free software; you can redistribute it and/or modify -@@ -14,7 +14,9 @@ - # - # You should have received a copy of the GNU General Public License - # along with this program; if not, write to the Free Software Foundation, --# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -+# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -+ -+DESTDIR ?= - - prefix=/usr/local - -@@ -29,9 +31,9 @@ man8_dir=$(man_dir)/man8 - - etc_dir=/etc/authbind - --INSTALL_FILE ?= install -o root -g root -m 644 --INSTALL_PROGRAM ?= install -o root -g root -m 755 -s --INSTALL_DIR ?= install -o root -g root -m 755 -d -+INSTALL_FILE ?= install -m 644 -p -+INSTALL_PROGRAM ?= install -m 755 -p -+INSTALL_DIR ?= install -m 755 -p -d - STRIP ?= strip - - OPTIMISE= -O2 -@@ -59,19 +61,19 @@ MANPAGES_8= authbind-helper.8 - all: $(TARGETS) - - install: $(TARGETS) -- $(INSTALL_DIR) $(lib_dir) $(man1_dir) $(man8_dir) -- $(INSTALL_PROGRAM) $(BINTARGETS) $(bin_dir)/. -- $(INSTALL_FILE) $(LIBTARGET) $(lib_dir)/. -- $(STRIP) --strip-unneeded $(lib_dir)/$(LIBTARGET) -- ln -sf $(LIBTARGET) $(lib_dir)/$(LIBCANON) -- $(INSTALL_PROGRAM) $(HELPER) $(libexec_dir)/. -- chmod u+s $(libexec_dir)/$(HELPER) -- $(INSTALL_DIR) $(etc_dir) \ -- $(etc_dir)/byport $(etc_dir)/byaddr $(etc_dir)/byuid -+ $(INSTALL_DIR) $(DESTDIR)$(bin_dir) $(DESTDIR)$(lib_dir) $(DESTDIR)$(libexec_dir) $(DESTDIR)$(man1_dir) $(DESTDIR)$(man8_dir) -+ $(INSTALL_PROGRAM) $(BINTARGETS) $(DESTDIR)$(bin_dir)/. -+ $(INSTALL_PROGRAM) $(LIBTARGET) $(DESTDIR)$(lib_dir)/. -+ $(STRIP) --strip-unneeded $(DESTDIR)$(lib_dir)/$(LIBTARGET) -+ ln -sf $(LIBTARGET) $(DESTDIR)$(lib_dir)/$(LIBCANON) -+ $(INSTALL_PROGRAM) $(HELPER) $(DESTDIR)$(libexec_dir)/. -+ chmod u+s $(DESTDIR)$(libexec_dir)/$(HELPER) -+ $(INSTALL_DIR) $(DESTDIR)$(etc_dir) \ -+ $(DESTDIR)$(etc_dir)/byport $(DESTDIR)$(etc_dir)/byaddr $(DESTDIR)$(etc_dir)/byuid - - install_man: $(MANPAGES_1) $(MANPAGES_8) -- $(INSTALL_FILE) $(MANPAGES_1) $(man1_dir)/. -- $(INSTALL_FILE) $(MANPAGES_8) $(man8_dir)/. -+ $(INSTALL_FILE) $(MANPAGES_1) $(DESTDIR)$(man1_dir)/. -+ $(INSTALL_FILE) $(MANPAGES_8) $(DESTDIR)$(man8_dir)/. - - libauthbind.o: libauthbind.c authbind.h - $(CC) -D_REENTRANT $(CFLAGS) $(CPPFLAGS) -c -o $@ -fPIC $< -@@ -82,7 +84,7 @@ helper: helper.o - helper.o authbind.o: authbind.h - - $(LIBTARGET): libauthbind.o -- $(LD) -shared -soname $(LIBCANON) -o $@ $< $(LIBS) -+ $(CC) -nostartfiles -shared -Wl,-soname $(LIBCANON) $(LDFLAGS) -o $@ $< $(LIBS) - - clean distclean: - rm -f $(TARGETS) *.o *~ ./#*# *.bak *.new core --- -2.41.0 - diff --git a/SPECS/authbind/0001-make-file-adjustments-for-building-rpm-properly.patch b/SPECS/authbind/0001-make-file-adjustments-for-building-rpm-properly.patch deleted file mode 100644 index fe4d55243d..0000000000 --- a/SPECS/authbind/0001-make-file-adjustments-for-building-rpm-properly.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 6d9c64b80759834955a2f4f6cd8c841b191ad204 Mon Sep 17 00:00:00 2001 -From: Shreenidhi Shedi -Date: Sat, 26 Aug 2023 16:38:04 +0530 -Subject: [PATCH] make file adjustments for building rpm properly - -taken from: -https://src.fedoraproject.org/rpms/authbind/raw/rawhide/f/authbind-makefile-fixes.patch - -Signed-off-by: Shreenidhi Shedi ---- - Makefile | 36 +++++++++++++++++++----------------- - 1 file changed, 19 insertions(+), 17 deletions(-) - -diff --git a/Makefile b/Makefile -index 37a8673..1bed36f 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,5 +1,5 @@ - # Makefile for authbind --# -+# - # authbind is Copyright (C) 1998 Ian Jackson - # - # This program is free software; you can redistribute it and/or modify -@@ -14,7 +14,9 @@ - # - # You should have received a copy of the GNU General Public License - # along with this program; if not, write to the Free Software Foundation, --# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -+# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -+ -+DESTDIR ?= - - prefix=/usr/local - -@@ -29,9 +31,9 @@ man8_dir=$(man_dir)/man8 - - etc_dir=/etc/authbind - --INSTALL_FILE ?= install -o root -g root -m 644 --INSTALL_PROGRAM ?= install -o root -g root -m 755 -s --INSTALL_DIR ?= install -o root -g root -m 755 -d -+INSTALL_FILE ?= install -m 644 -p -+INSTALL_PROGRAM ?= install -m 755 -p -+INSTALL_DIR ?= install -m 755 -p -d - STRIP ?= strip - - OPTIMISE= -O2 -@@ -59,19 +61,19 @@ MANPAGES_8= authbind-helper.8 - all: $(TARGETS) - - install: $(TARGETS) -- $(INSTALL_DIR) $(lib_dir) $(man1_dir) $(man8_dir) -- $(INSTALL_PROGRAM) $(BINTARGETS) $(bin_dir)/. -- $(INSTALL_FILE) $(LIBTARGET) $(lib_dir)/. -- $(STRIP) --strip-unneeded $(lib_dir)/$(LIBTARGET) -- ln -sf $(LIBTARGET) $(lib_dir)/$(LIBCANON) -- $(INSTALL_PROGRAM) $(HELPER) $(libexec_dir)/. -- chmod u+s $(libexec_dir)/$(HELPER) -- $(INSTALL_DIR) $(etc_dir) \ -- $(etc_dir)/byport $(etc_dir)/byaddr $(etc_dir)/byuid -+ $(INSTALL_DIR) $(DESTDIR)$(bin_dir) $(DESTDIR)$(lib_dir) $(DESTDIR)$(libexec_dir) $(DESTDIR)$(man1_dir) $(DESTDIR)$(man8_dir) -+ $(INSTALL_PROGRAM) $(BINTARGETS) $(DESTDIR)$(bin_dir)/. -+ $(INSTALL_PROGRAM) $(LIBTARGET) $(DESTDIR)$(lib_dir)/. -+ $(STRIP) --strip-unneeded $(DESTDIR)$(lib_dir)/$(LIBTARGET) -+ ln -sf $(LIBTARGET) $(DESTDIR)$(lib_dir)/$(LIBCANON) -+ $(INSTALL_PROGRAM) $(HELPER) $(DESTDIR)$(libexec_dir)/. -+ chmod u+s $(DESTDIR)$(libexec_dir)/$(HELPER) -+ $(INSTALL_DIR) $(DESTDIR)$(etc_dir) \ -+ $(DESTDIR)$(etc_dir)/byport $(DESTDIR)$(etc_dir)/byaddr $(DESTDIR)$(etc_dir)/byuid - - install_man: $(MANPAGES_1) $(MANPAGES_8) -- $(INSTALL_FILE) $(MANPAGES_1) $(man1_dir)/. -- $(INSTALL_FILE) $(MANPAGES_8) $(man8_dir)/. -+ $(INSTALL_FILE) $(MANPAGES_1) $(DESTDIR)$(man1_dir)/. -+ $(INSTALL_FILE) $(MANPAGES_8) $(DESTDIR)$(man8_dir)/. - - libauthbind.o: libauthbind.c authbind.h - $(CC) -D_REENTRANT $(CFLAGS) $(CPPFLAGS) -c -o $@ -fPIC $< -@@ -82,7 +84,7 @@ helper: helper.o - helper.o authbind.o: authbind.h - - $(LIBTARGET): libauthbind.o -- $(LD) -shared -soname $(LIBCANON) -o $@ $< $(LIBS) -+ $(CC) -nostartfiles -shared -Wl,-soname $(LIBCANON) $(LDFLAGS) -o $@ $< $(LIBS) - - clean distclean: - rm -f $(TARGETS) *.o *~ ./#*# *.bak *.new core --- -2.25.1 - diff --git a/SPECS/authbind/authbind.spec b/SPECS/authbind/authbind.spec deleted file mode 100644 index c5855f0013..0000000000 --- a/SPECS/authbind/authbind.spec +++ /dev/null @@ -1,48 +0,0 @@ -%global build_flags prefix=%{_prefix} lib_dir=%{_libdir} libexec_dir=%{_libexecdir}/%{name} etc_dir=%{_sysconfdir}/%{name} - -Summary: Operating system utility that allows programs to run as non-previleged user. -Name: authbind -Version: 2.1.3 -Release: 2%{?dist} -License: GPL -URL: http://www.chiark.greenend.org.uk/ucgi/~ian/git/authbind.git -Group: Applications/utils -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.debian.org/debian/pool/main/a/%{name}/%{name}_%{version}.tar.gz -%define sha512 %{name}=357c8f5c5ad446e75a597d5bc5bb5af7db17de771643a39976b5ac1425f03bf44f322c8dd07b0e1b04a0bf78d5000841b4866e0d0945584689e99291156dfac1 - -Patch0: 0001-adjust-makefile-to-help-build-rpms.patch - -%description -The authbind software allows a program that would normally require -superuser privileges to access privileged network services to run as -a non-privileged user. - -%prep -%autosetup -p1 -n work - -%build -%make_build %{build_flags} - -%install -%make_install %{?_smp_mflags} %{build_flags} STRIP=/bin/true - -%files -%defattr(-,root,root) -%{_bindir}/%{name} -%{_libdir}/libauthbind.so.* -%{_libexecdir}/%{name}/helper -%{_sysconfdir}/%{name} -%{_mandir}/* - -%changelog -* Sat Aug 26 2023 Shreenidhi Shedi 2.1.3-2 -- Fix build & packaging -* Thu May 26 2022 Gerrit Photon 2.1.3-1 -- Automatic Version Bump -* Thu Oct 22 2020 Dweep Advani 2.1.2-2 -- Fixed install failure -* Fri Jul 14 2017 Harish Udaiya Kumar 2.1.2-1 -- Initial build. First version diff --git a/SPECS/autoconf-archive/autoconf-archive.spec b/SPECS/autoconf-archive/autoconf-archive.spec deleted file mode 100644 index 579d43a733..0000000000 --- a/SPECS/autoconf-archive/autoconf-archive.spec +++ /dev/null @@ -1,48 +0,0 @@ -%define debug_package %{nil} - -Summary: Autoconf macro archive -Name: autoconf-archive -Version: 2022.09.03 -Release: 1%{?dist} -License: GPLv3+ -URL: http://www.gnu.org/software/autoconf-archive -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz -%define sha512 %{name}=157b5b6a979d5ec5bfab6ddf34422da620fec1e95f4c901821abbb7361544af77747b4a449029b84750d75679d6130a591e98da8772de2c121ecdea163f0340b - -BuildArch: noarch - -Requires: autoconf - -%description -The package contains programs for producing shell scripts that can automatically configure source code. - -%prep -%autosetup -p1 - -%build -%configure -%make_build - -%install -%make_install %{_smp_mflags} INSTALL="install -p" -rm -rf %{buildroot}%{_infodir} -# doc and license files are installed elsewhere -rm -frv %{buildroot}%{_docdir}/%{name} - -%files -%defattr(-,root,root) -%{_datadir}/aclocal/*.m4 - -%changelog -* Sun Nov 13 2022 Shreenidhi Shedi 2022.09.03-1 -- Upgrade to v2022.09.03 -* Mon Apr 12 2021 Gerrit Photon 2021.02.19-1 -- Automatic Version Bump -* Wed Jul 22 2020 Gerrit Photon 2019.01.06-1 -- Automatic Version Bump -* Mon Sep 10 2018 Anish Swaminathan 2018.03.13-1 -- Initial build diff --git a/SPECS/autoconf/autoconf.spec b/SPECS/autoconf/autoconf.spec deleted file mode 100644 index 58656e8d92..0000000000 --- a/SPECS/autoconf/autoconf.spec +++ /dev/null @@ -1,67 +0,0 @@ -Summary: The package automatically configure source code -Name: autoconf -Version: 2.71 -Release: 2%{?dist} -License: GPLv2 -URL: http://www.gnu.org/software/autoconf -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnu.org/gnu/autoconf/%{name}-%{version}.tar.xz -%define sha512 %{name}=73d32b4adcbe24e3bafa9f43f59ed3b6efbd3de0f194e5ec90375f35da1199c583f5d3e89139b7edbad35171403709270e339ffa56a2ecb9b3123e9285021ff0 - -Requires: perl -Requires: m4 - -BuildRequires: m4 - -BuildArch: noarch - -%description -The package contains programs for producing shell scripts that can -automatically configure source code. - -%prep -%autosetup -p1 - -%build -%configure --disable-silent-rules -%make_build - -%install -%make_install %{?_smp_mflags} -rm -rf %{buildroot}%{_infodir} - -%check -make -k check %{?_smp_mflags} TESTSUITEFLAGS="1-500" - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_mandir}/*/* -%{_datadir}/autoconf/* - -%changelog -* Thu Nov 10 2022 Dweep Advani 2.71-2 -- Rebuild with perl 5.36.0 -* Mon Apr 12 2021 Gerrit Photon 2.71-1 -- Automatic Version Bump -* Sun Nov 15 2020 Prashant Singh Chauhan 2.69-9 -- Fix for make check failure port test to bash 5.0 -* Wed Sep 11 2019 Prashant Singh Chauhan 2.69-8 -- Fix for make check failure -* Wed Oct 17 2018 Dweep Advani 2.69-7 -- Build section is changed to used %configure -* Tue Apr 25 2017 Priyesh Padmavilasom 2.69-6 -- Fix arch -* Tue Dec 6 2016 Dheeraj Shetty 2.69-5 -- Fixed Bug 1718089 make check failure -* Tue May 24 2016 Priyesh Padmavilasom 2.69-4 -- GA - Bump release of all rpms -* Fri Jun 5 2015 Divya Thaluru 2.69-3 -- Adding m4 package to build and run time required package -* Wed Jun 3 2015 Divya Thaluru 2.69-2 -- Adding perl packages to required packages -* Wed Nov 5 2014 Divya Thaluru 2.69-1 -- Initial build. First version diff --git a/SPECS/autofs/autofs.service b/SPECS/autofs/autofs.service deleted file mode 100644 index 42d1937cd6..0000000000 --- a/SPECS/autofs/autofs.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Automounts filesystems on demand -After=network.target ypbind.service sssd.service network-online.target remote-fs.target rpc-statd.service rpcbind.service -Wants=network-online.target rpc-statd.service rpcbind.service - -[Service] -Type=forking -PIDFile=/run/autofs.pid -EnvironmentFile=-/etc/sysconfig/autofs -ExecStart=/usr/sbin/automount $OPTIONS --pid-file /run/autofs.pid -ExecReload=/usr/bin/kill -HUP $MAINPID -TimeoutSec=180 - -[Install] -WantedBy=multi-user.target diff --git a/SPECS/autofs/autofs.spec b/SPECS/autofs/autofs.spec deleted file mode 100644 index 6d550eae51..0000000000 --- a/SPECS/autofs/autofs.spec +++ /dev/null @@ -1,102 +0,0 @@ -%global debug_package %{nil} - -Summary: A kernel-based automounter for Linux -Name: autofs -Version: 5.1.8 -Release: 2%{?dist} -License: GPLv2+ -URL: http://www.kernel.org/pub/linux/daemons/autofs -Group: System Environment/Daemons -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://www.kernel.org/pub/linux/daemons/%{name}/v5/%{name}-%{version}.tar.xz -%define sha512 %{name}=6ee6283c0977c82848a654dc24745ee687f6916de441c3688fa91f67ca7295e632ee3808cc2358984a4b9f19841e6e1a91ab48aad6341ac8e63827fe8c32d223 - -Source1: %{name}.service - -BuildRequires: systemd-devel -BuildRequires: rpcsvc-proto-devel -BuildRequires: libtirpc-devel -BuildRequires: bison - -Requires: systemd -Requires: libtirpc - -%description -Automounting is the process of automatically mounting and unmounting of file systems by a daemon. Autofs includes both a user-space daemon and code in the kernel that assists the daemon. - -%prep -%autosetup -p1 - -%build -%configure --with-libtirpc - -%make_build - -%install -mkdir -p -m755 %{buildroot}%{_unitdir} \ - %{buildroot}%{_sysconfdir}/auto.master.d - -%make_install mandir=%{_mandir} INSTALLROOT=%{buildroot} - -mkdir -p -m755 %{buildroot}%{_sysconfdir}/sysconfig -make -C redhat %{?_smp_mflags} -install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir} -install -m 644 redhat/autofs.conf %{buildroot}%{_sysconfdir}/autofs.conf -install -m 644 redhat/autofs.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/autofs -install -m 644 samples/auto.master %{buildroot}%{_sysconfdir}/auto.master -install -m 644 samples/auto.misc %{buildroot}%{_sysconfdir}/auto.misc -install -m 755 samples/auto.net %{buildroot}%{_sysconfdir}/auto.net -install -m 755 samples/auto.smb %{buildroot}%{_sysconfdir}/auto.smb -install -m 600 samples/autofs_ldap_auth.conf %{buildroot}%{_sysconfdir}/autofs_ldap_auth.conf -rm -rf %{buildroot}%{_sysconfdir}/rc.d - -%post -/sbin/ldconfig -%systemd_post autofs.service - -%postun -/sbin/ldconfig -%systemd_postun_with_restart autofs.service - -%preun -%systemd_preun autofs.service - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%config(noreplace) %{_sysconfdir}/auto.master -%config(noreplace) %{_sysconfdir}/auto.misc -%config(noreplace) %{_sysconfdir}/auto.net -%config(noreplace) %{_sysconfdir}/auto.smb -%config(noreplace) %{_sysconfdir}/autofs.conf -%config(noreplace) %{_sysconfdir}/sysconfig/autofs -%config(noreplace) %{_sysconfdir}/autofs_ldap_auth.conf -%{_sbindir}/automount -%{_libdir}/autofs/* -%{_libdir}/libautofs.so -%dir %{_sysconfdir}/auto.master.d -%{_mandir}/man5/* -%{_mandir}/man8/* -%{_unitdir}/autofs.service - -%changelog -* Sun Nov 13 2022 Shreenidhi Shedi 5.1.8-2 -- Bump version as a part of libtirpc upgrade -* Thu Aug 25 2022 Vamsi Krishna Brahmajosyula 5.1.8-1 -- Update version to 5.1.8 -* Mon Apr 12 2021 Gerrit Photon 5.1.7-1 -- Automatic Version Bump -* Mon Aug 10 2020 Shreyas B 5.1.6-2 -- Fix service start issue -* Fri Oct 18 2019 Shreyas B 5.1.6-1 -- Update version to 5.1.6 -* Fri Sep 21 2018 Alexey Makhalov 5.1.4-2 -- Use rpcsvc-proto and libtirpc -* Thu Sep 06 2018 Anish Swaminathan 5.1.4-1 -- Update version to 5.1.4 -* Thu Jul 06 2017 Xiaolin Li 5.1.3-1 -- Initial build. First version diff --git a/SPECS/autogen/autogen.spec b/SPECS/autogen/autogen.spec deleted file mode 100644 index e2ad17b504..0000000000 --- a/SPECS/autogen/autogen.spec +++ /dev/null @@ -1,118 +0,0 @@ -Summary: The Automated Text and Program Generation Tool -Name: autogen -Version: 5.18.16 -# TODO: try to remove CFLAGS on next version update -Release: 6%{?dist} -License: GPLv3+ -URL: http://www.gnu.org/software/autogen -Group: System Environment/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://ftp.gnu.org/gnu/autogen/rel%{version}/%{name}-%{version}.tar.xz -%define sha512 %{name}=5f12c982dbe27873f5649a96049bf019ff183c90cc0c8a9196556b0ca02e72940cd422f6d6601f68cc7d8763b1124f2765c3b1a6335fc92ba07f84b03d2a53a1 - -BuildRequires: guile-devel -BuildRequires: gc-devel -BuildRequires: which -BuildRequires: libffi-devel - -Requires: libffi -Requires: guile -Requires: gc -Requires: gmp -Requires: %{name}-libopts - -%description -AutoGen is a tool designed to simplify the creation and maintenance of programs that contain large amounts of repetitious text. It is especially valuable in programs that have several blocks of text that must be kept synchronized. - -%package libopts -Summary: Automated option processing library. -License: LGPLv3+ -Group: System Environment/Libraries - -%description libopts -Libopts is very powerful command line option parser. - -%package libopts-devel -Summary: Development files for libopts -License: LGPLv3+ -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} -Requires: %{name}-libopts = %{version}-%{release} - -%description libopts-devel -This package contains development files for libopts. - -%prep -%autosetup -p1 - -%build -%configure --disable-dependency-tracking -# TODO: try to remove CFLAGS on next version update -%make_build CFLAGS="-g -O2 -Wno-format-contains-nul -fno-strict-aliasing -Wno-error=format-overflow" - -%install -%make_install %{?_smp_mflags} - -rm -f %{buildroot}%{_libdir}/*.la - -%if 0%{?with_check} -%check -# make doesn't support _smp_mflags -make check -%endif - -%post libopts -p /sbin/ldconfig -%postun libopts -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_bindir}/* -%exclude %{_bindir}/autoopts-config -%{_libdir}/autogen/*.tlib -%{_datadir}/autogen/* -%{_mandir}/man1/* -%exclude %{_mandir}/man1/autoopts-config.1.gz - -%files libopts -%{_libdir}/*.so.* - -%files libopts-devel -%defattr(-,root,root) -%{_includedir}/autoopts/*.h -%{_libdir}/*.so -%{_libdir}/pkgconfig/*.pc -%{_bindir}/autoopts-config -%{_datadir}/aclocal/* -%{_mandir}/man1/autoopts-config.1.gz -%{_mandir}/man3/* -%{_libdir}/*.a - -%changelog -* Sat Oct 01 2022 Shreenidhi Shedi 5.18.16-6 -- Bump version as a part of gc upgrade -* Sun Aug 07 2022 Shreenidhi Shedi 5.18.16-5 -- Remove .la files -* Tue May 10 2022 Shreenidhi Shedi 5.18.16-4 -- Bump version as a part of libffi upgrade -* Mon Sep 28 2020 Prashant S Chauhan 5.18.16-3 -- Remove %{?_smp_mflags} from check -* Wed Apr 01 2020 Alexey Makhalov 5.18.16-2 -- Fix compilation issue with gcc-8.4.0 -* Wed Sep 12 2018 Anish Swaminathan 5.18.16-1 -- Upgrade to 5.18.16 -* Mon May 01 2017 Dheeraj Shetty 5.18.12-2 -- Adding Make Check -* Tue Apr 18 2017 Dheeraj Shetty 5.18.12-1 -- Updated version to 5.18.12 -* Tue May 24 2016 Priyesh Padmavilasom 5.18.7-2 -- GA - Bump release of all rpms -* Wed Feb 24 2016 Kumar Kaushik 5.18.7-1 -- Updated version tp 5.16.7. -* Thu Jan 21 2016 Xiaolin Li 5.18.6-1 -- Updated to version 5.18.6 -* Tue Sep 29 2015 Xiaolin Li 5.18.5-2 -- Create a seperate libopts package. -* Thu Jun 18 2015 Divya Thaluru 5.18.5-1 -- Initial build. First version diff --git a/SPECS/automake/automake.spec b/SPECS/automake/automake.spec deleted file mode 100644 index ad8822a226..0000000000 --- a/SPECS/automake/automake.spec +++ /dev/null @@ -1,75 +0,0 @@ -%define maj_ver 1.16 - -Summary: Programs for generating Makefiles -Name: automake -Version: 1.16.5 -Release: 1%{?dist} -License: GPLv2+ -URL: http://www.gnu.org/software/automake -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://ftp.gnu.org/gnu/automake/%{name}-%{version}.tar.xz -%define sha512 %{name}=3084ae543aa3fb5a05104ffb2e66cfa9a53080f2343c44809707fd648516869511500dba50dae67ff10f92a1bf3b5a92b2a0fa01cda30adb69b9da03994d9d88 - -BuildRequires: autoconf - -BuildArch: noarch - -%description -Contains programs for generating Makefiles for use with Autoconf. - -%prep -%autosetup -p1 - -%build -sed -i 's:/\\\${:/\\\$\\{:' bin/automake.in -%configure \ - --docdir=%{_docdir}/%{name}-%{version} \ - --disable-silent-rules - -%make_build - -%install -%make_install %{?_smp_mflags} -rm -rf %{buildroot}%{_infodir} - -%if 0%{?with_check} -%check -sed -i "s:./configure:LEXLIB=/usr/lib/libfl.a &:" t/lex-{clean,depend}-cxx.sh -sed -i "s|test ! -s stderr||g" t/distcheck-no-prefix-or-srcdir-override.sh -sed -i '53d' t/nobase-python.sh -make %{?_smp_mflags} check -%endif - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_datadir}/aclocal/README -%{_datadir}/%{name}-%{maj_ver}/* -%{_datadir}/aclocal-%{maj_ver}/* -%{_docdir}/%{name}-%{version}/* -%{_mandir}/*/* - -%changelog -* Fri Oct 07 2022 Shreenidhi Shedi 1.16.5-1 -- Upgrade to v1.16.5 -* Sun Nov 15 2020 Prashant S Chauhan 1.16.1-2 -- Added patch,Fix make check failure in python tests -* Thu Sep 06 2018 Anish Swaminathan 1.16.1-1 -- Update version to 1.16.1 -* Tue Jan 02 2018 Alexey Makhalov 1.15.1-1 -- Version update -* Fri Aug 04 2017 Danut Moraru 1.15-4 -- Disable check that fails test case -* Tue Apr 25 2017 Priyesh Padmavilasom 1.15-3 -- Fix arch -* Tue May 24 2016 Priyesh Padmavilasom 1.15-2 -- GA - Bump release of all rpms -* Thu Jul 23 2015 Divya Thaluru 1.15-1 -- Updated to version 1.15 -* Wed Jun 3 2015 Divya Thaluru 1.14.1-2 -- Adding autoconf package to build time requires packages -* Wed Nov 5 2014 Divya Thaluru 1.14.1-1 -- Initial build. First version diff --git a/SPECS/aws-sdk-cpp/aws-sdk-cpp.spec b/SPECS/aws-sdk-cpp/aws-sdk-cpp.spec deleted file mode 100644 index 5b0c726aad..0000000000 --- a/SPECS/aws-sdk-cpp/aws-sdk-cpp.spec +++ /dev/null @@ -1,244 +0,0 @@ -%define debug_package %{nil} - -Summary: aws sdk for c++ -Group: Development/Libraries -Name: aws-sdk-cpp -Version: 1.11.117 -Release: 3%{?dist} -Vendor: VMware, Inc. -Distribution: Photon -License: Apache 2.0 -URL: /~https://github.com/aws/aws-sdk-cpp - -# Steps to create source tarball -# Download the tag from github, extract it -# Then run `prefetch_crt_dependency.sh` script to get all dependencies -# Example: -# wget /~https://github.com/aws/aws-sdk-cpp/archive/refs/tags/1.10.20.tar.gz -# tar xf 1.10.20.tar.gz -# cd aws-sdk-cpp-1.10.20 && ./prefetch_crt_dependency.sh && cd - -# tar -I 'gzip -9' -cpf aws-sdk-cpp-1.10.20.tar.gz aws-sdk-cpp-1.10.20 -Source0: /~https://github.com/aws/aws-sdk-cpp/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=c398d2e5176d7369ea571aaa58ac240876929d5f97226de17282baeaadc0d7e20a3f2e8d4d348fbd3eaa365e09ad55631c0f6bb0d52b8a38c3ac935def5165c6 - -Requires: openssl-devel -Requires: curl-devel -Requires: zlib-devel -Requires: aws-sdk-core = %{version}-%{release} -Requires: aws-sdk-kinesis = %{version}-%{release} -Requires: aws-sdk-s3 = %{version}-%{release} -Requires: aws-crt-cpp = %{version}-%{release} - -BuildRequires: cmake -BuildRequires: curl-devel -BuildRequires: openssl-devel -BuildRequires: zlib-devel - -%description -The AWS SDK for C++ provides a modern C++ (version C++ 11 or later) interface for Amazon Web Services (AWS). - -%package -n aws-sdk-core -Summary: aws sdk core -Group: Development/Libraries -Requires: aws-core-libs = %{version}-%{release} -Requires: aws-crt-cpp = %{version}-%{release} - -%description -n aws-sdk-core -aws sdk cpp core - -%package -n aws-core-libs -Summary: aws core libs -Group: Development/Libraries -Requires: openssl-devel -Requires: curl-devel -Requires: zlib-devel - -%description -n aws-core-libs -aws core libs - -%package -n aws-sdk-kinesis -Summary: aws sdk kinesis -Group: Development/Libraries -Requires: aws-sdk-core = %{version}-%{release} -Requires: aws-kinesis-libs = %{version}-%{release} -Requires: aws-crt-cpp = %{version}-%{release} - -%description -n aws-sdk-kinesis -aws sdk cpp for kinesis - -%package -n aws-kinesis-libs -Summary: aws kinesis libs -Group: Development/Libraries -Requires: aws-core-libs = %{version}-%{release} - -%description -n aws-kinesis-libs -aws kinesis libs - -%package -n aws-sdk-s3 -Summary: aws sdk s3 -Group: Development/Libraries -Requires: aws-sdk-core = %{version}-%{release} -Requires: aws-s3-libs = %{version}-%{release} -Requires: aws-crt-cpp = %{version}-%{release} - -%description -n aws-sdk-s3 -aws sdk cpp for s3 - -%package -n aws-s3-libs -Summary: aws s3 libs -Group: Development/Libraries -Requires: aws-core-libs = %{version}-%{release} - -%description -n aws-s3-libs -aws s3 libs - -%package -n aws-crt-cpp -Summary: aws crt cpp -Group: Development/Libraries - -%description -n aws-crt-cpp -C++ wrapper around the aws-c-* libraries. -Provides Cross-Platform Transport Protocols and SSL/TLS implementations for C++. - -%prep -%autosetup -p1 - -%build -# TODO: try to remove -Wno-stringop-truncation flag in future version upgrades -export CXXFLAGS="%{optflags} -Wno-stringop-truncation" -%{cmake} \ - -DCMAKE_BUILD_TYPE=Debug \ - -DCMAKE_INSTALL_LIBDIR=%{_libdir} - -cd %{__cmake_builddir} - -pushd ./src/aws-cpp-sdk-core -%make_build -popd - -pushd ./crt/aws-crt-cpp/ -%make_build -popd - -for component in "kinesis" "s3"; do - pushd ./generated/src/aws-cpp-sdk-${component} - %make_build - popd -done - -%install -cd %{__cmake_builddir} - -pushd ./src/aws-cpp-sdk-core -%make_install %{?_smp_mflags} -popd - -pushd ./crt/aws-crt-cpp/ -%make_install %{?_smp_mflags} -popd - -for component in "kinesis" "s3"; do - pushd ./generated/src/aws-cpp-sdk-${component} - %make_install %{?_smp_mflags} - popd -done - -rm -rf %{buildroot}%{_libdir}/cmake - -%clean -rm -rf %{buildroot}/* - -%post -/sbin/ldconfig - -%postun -/sbin/ldconfig - -%files -%defattr(-,root,root,0755) - -%files -n aws-sdk-core -%defattr(-,root,root,0755) -%{_includedir}/aws/core/* -%{_includedir}/smithy/* -%{_libdir}/pkgconfig/aws-cpp-sdk-core.pc - -%files -n aws-core-libs -%defattr(-,root,root,0755) -%{_libdir}/libaws-cpp-sdk-core.so - -%files -n aws-sdk-kinesis -%defattr(-,root,root,0755) -%{_includedir}/aws/kinesis/* -%{_libdir}/pkgconfig/aws-cpp-sdk-kinesis.pc - -%files -n aws-kinesis-libs -%defattr(-,root,root,0755) -%{_libdir}/libaws-cpp-sdk-kinesis.so - -%files -n aws-sdk-s3 -%defattr(-,root,root,0755) -%{_includedir}/aws/s3/* -%{_libdir}/pkgconfig/aws-cpp-sdk-s3.pc - -%files -n aws-s3-libs -%defattr(-,root,root,0755) -%{_libdir}/libaws-cpp-sdk-s3.so - -%files -n aws-crt-cpp -%defattr(-,root,root,0755) -%{_includedir}/aws/auth/* -%{_includedir}/aws/cal/* -%{_includedir}/aws/checksums/* -%{_includedir}/aws/common/* -%{_includedir}/aws/compression/* -%{_includedir}/aws/crt/* -%{_includedir}/aws/event-stream/* -%{_includedir}/aws/http/* -%{_includedir}/aws/io/* -%{_includedir}/aws/iot/* -%{_includedir}/aws/mqtt/* -%{_includedir}/aws/sdkutils/* -%{_includedir}/aws/testing/* -%{_includedir}/s2n.h -%{_includedir}/s2n/* -%{_libdir}/aws-c-auth/cmake/* -%{_libdir}/aws-c-cal/cmake/* -%{_libdir}/aws-c-common/cmake/* -%{_libdir}/aws-c-compression/cmake/* -%{_libdir}/aws-c-event-stream/cmake/* -%{_libdir}/aws-c-http/cmake/* -%{_libdir}/aws-c-io/cmake/* -%{_libdir}/aws-c-mqtt/cmake/* -%{_libdir}/aws-c-s3/cmake/* -%{_libdir}/aws-c-sdkutils/cmake/* -%{_libdir}/aws-checksums/cmake/* -%{_libdir}/aws-crt-cpp/cmake/* -%{_libdir}/s2n/cmake/* -%exclude %{_libdir}/*.a - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 1.11.117-3 -- Bump version as a part of openssl upgrade -* Sat Aug 26 2023 Shreenidhi Shedi 1.11.117-2 -- Build CRT deps -* Wed Jul 12 2023 Shreenidhi Shedi 1.11.117-1 -- Upgrade to v1.11.117 -* Fri Apr 14 2023 Shreenidhi Shedi 1.10.30-2 -- Bump version as a part of zlib upgrade -* Thu Dec 15 2022 Shreenidhi Shedi 1.10.30-1 -- Upgrade to v1.10.30 -* Thu Dec 01 2022 Shreenidhi Shedi 1.10.20-1 -- Upgrade to v1.10.20 -* Mon Sep 19 2022 Vamsi Krishna Brahmajosyula 1.4.33-6 -- Fix build with latest toolchain -* Mon Jun 20 2022 Shreenidhi Shedi 1.4.33-5 -- Use cmake macros for build and install -* Wed Aug 04 2021 Satya Naga Vasamsetty 1.4.33-4 -- Bump up release for openssl -* Tue Sep 29 2020 Satya Naga Vasamsetty 1.4.33-3 -- openssl 1.1.1 -* Fri Apr 03 2020 Alexey Makhalov 1.4.33-2 -- Fix compilation issue with gcc-8.4.0 -* Thu Aug 30 2018 Anish Swaminathan 1.4.33-1 -- Initial build. First version diff --git a/SPECS/backward-cpp/backward-cpp.spec b/SPECS/backward-cpp/backward-cpp.spec deleted file mode 100644 index 9918f75a4e..0000000000 --- a/SPECS/backward-cpp/backward-cpp.spec +++ /dev/null @@ -1,72 +0,0 @@ -%global debug_package %{nil} - -Summary: Pretty stack trace printer for C++. -Name: backward-cpp -Version: 1.6 -Release: 2%{?dist} -License: MIT -URL: /~https://github.com/bombela/backward-cpp -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/bombela/backward-cpp/archive/refs/tags/%{name}-v%{version}.tar.gz -%define sha512 %{name}=db0256a54819952ff1d92e05d6ab81fe979d4826ebb6651b6b08c30e7a0091879dfeff33d81f9599462152ce68e61e2c8c42bf039129bc6b28d1e68b1eab039b - -BuildArch: x86_64 - -BuildRequires: automake -BuildRequires: autoconf -BuildRequires: cmake -BuildRequires: gcc - -%description -Backward is a beautiful stack trace pretty printer for C++. - -%prep -%autosetup - -%build -%cmake \ - -DCMAKE_BUILD_TYPE=Debug \ - -DBUILD_SHARED_LIBS=ON \ - -DCMAKE_INSTALL_LIBDIR=%{_libdir} - -%cmake_build - -%install -%cmake_install -install -vm644 %{__cmake_builddir}/libbackward.so %{buildroot}%{_libdir} - -%if 0%{?with_check} -%check -cd %{__cmake_builddir} -# By default builds.sh returns exit status of cmds from do_action() -# exit 0 added explicitly for clean exit from the script else cmake fails -echo "exit 0" >> builds.sh -sh builds.sh cmake make -make %{?_smp_mflags} -make test %{?_smp_mflags} -%endif - -%files -%defattr(-,root,root) -%{_includedir}/backward.hpp -%{_libdir}/backward/BackwardConfig.cmake -%{_libdir}/libbackward.so - -%changelog -* Mon Jun 20 2022 Shreenidhi Shedi 1.6-2 -- Use cmake macros for build and install -* Mon Apr 18 2022 Gerrit Photon 1.6-1 -- Automatic Version Bump -* Mon Jun 22 2020 Gerrit Photon 1.5-1 -- Automatic Version Bump -* Tue Nov 20 2018 Sujay G 1.4-3 -- Added %check section -* Mon Oct 22 2018 Ajay Kaher 1.4-2 -- Adding BuildArch -* Mon Sep 03 2018 Keerthana K 1.4-1 -- Updated to version 1.4. -* Wed Jul 05 2017 Vinay Kulkarni 1.3-1 -- Initial version of backward-cpp package for Photon. diff --git a/SPECS/bash-completion/bash-completion.spec b/SPECS/bash-completion/bash-completion.spec deleted file mode 100644 index a1c6239c71..0000000000 --- a/SPECS/bash-completion/bash-completion.spec +++ /dev/null @@ -1,64 +0,0 @@ -Summary: Programmable completion for Bash -Name: bash-completion -Version: 2.11 -Release: 1%{?dist} -License: GPL-2.0-or-later -URL: /~https://github.com/scop/bash-completion -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/scop/bash-completion/releases/download/%{version}/%{name}-%{version}.tar.xz -%define sha512 %{name}=41585f730b5114d397831ba36d10d05643c6a6179e746ddc49aa1cbef61ea5525fd2f09b2e474adee14e647f99df8d5983ee48e29a59d8a30e1daf7fb1837e06 - -BuildArch: noarch - -BuildRequires: automake -BuildRequires: make - -%if 0%{?with_check} -BuildRequires: python3-pytest -BuildRequires: python3-pexpect -%endif - -Requires: bash - -Conflicts: bash < 5.2-2 - -%description -%{name} is a collection of shell functions that take advantage -of the programmable completion feature of bash. - -%prep -%autosetup -p1 - -%build -autoreconf -fi -v -%configure -%make_build - -%install -%make_install %{?_smp_mflags} - -rm %{buildroot}%{_datadir}/%{name}/completions/{cowsay,cowthink} \ - %{buildroot}%{_datadir}/%{name}/completions/makepkg \ - %{buildroot}%{_datadir}/%{name}/completions/prelink - -%if 0%{?with_check} -%check -make check %{?_smp_mflags} -%endif - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%config(noreplace) %{_sysconfdir}/profile.d/bash_completion.sh -%{_datadir}/%{name}/ -%{_datadir}/cmake/ -%{_datadir}/pkgconfig/%{name}.pc - -%changelog -* Sun May 28 2023 Shreenidhi Shedi 2.11-1 -- Initial version. diff --git a/SPECS/bash/bash.spec b/SPECS/bash/bash.spec deleted file mode 100644 index 9116aa06b6..0000000000 --- a/SPECS/bash/bash.spec +++ /dev/null @@ -1,384 +0,0 @@ -Summary: Bourne-Again SHell -Name: bash -Version: 5.2 -Release: 2%{?dist} -License: GPLv3 -URL: http://www.gnu.org/software/bash -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://ftp.gnu.org/gnu/bash/%{name}-%{version}.tar.gz -%define sha512 %{name}=5647636223ba336bf33e0c65e516d8ebcf6932de8b44f37bc468eedb87579c628ad44213f78534beb10f47aebb9c6fa670cb0bed3b4e7717e5faf7e9a1ef81ae - -Patch0: enable-SYS_BASHRC-SSH_SOURCE_BASHRC.patch - -Provides: /bin/sh -Provides: /bin/bash - -BuildRequires: readline - -Requires: readline -Requires(post): /bin/grep -Requires(post): /usr/bin/cp -Requires(postun): /bin/grep -Requires(postun): /usr/bin/mv - -%description -The package contains the Bourne-Again SHell - -%package devel -Summary: Header and development files for bash -Requires: %{name} = %{version}-%{release} -%description devel -It contains the libraries and header files to create applications - -%package lang -Summary: Additional language files for bash -Group: System Environment/Base -Requires: %{name} = %{version}-%{release} -%description lang -These are the additional language files of bash. - -%package docs -Summary: bash docs -Group: Documentation -Requires: %{name} = %{version}-%{release} -%description docs -The package contains bash doc files. - -%prep -%autosetup -p1 -n %{name}-%{version} - -%build -%configure \ - "CFLAGS=-fPIC" \ - --htmldir=%{_docdir}/%{name}-%{version} \ - --without-bash-malloc \ - --with-installed-readline - -%make_build - -%install -%make_install %{?_smp_mflags} -ln -sv bash %{buildroot}%{_bindir}/sh -install -vdm 755 %{buildroot}%{_sysconfdir} -install -vdm 755 %{buildroot}%{_sysconfdir}/profile.d -install -vdm 755 %{buildroot}%{_sysconfdir}/skel -rm %{buildroot}%{_libdir}/bash/Makefile.inc - -# Create dircolors -cat > %{buildroot}%{_sysconfdir}/profile.d/dircolors.sh << "EOF" -# Setup for /bin/ls and /bin/grep to support color, the alias is in /etc/bashrc. -if [ -f "%{_sysconfdir}/dircolors" ]; then - eval $(dircolors -b %{_sysconfdir}/dircolors) - - if [ -f "$HOME/.dircolors" ]; then - eval $(dircolors -b $HOME/.dircolors) - fi -fi -alias ls='ls --color=auto' -grep --help | grep color >/dev/null 2>&1 -if [ $? -eq 0 ]; then - alias grep='grep --color=auto' -fi -EOF - -cat > %{buildroot}%{_sysconfdir}/profile.d/extrapaths.sh << "EOF" -if [ -d /usr/local/lib/pkgconfig ]; then - pathappend /usr/local/lib/pkgconfig PKG_CONFIG_PATH -fi -if [ -d /usr/local/bin ]; then - pathprepend /usr/local/bin -fi -if [ -d /usr/local/sbin -a $EUID -eq 0 ]; then - pathprepend /usr/local/sbin -fi -EOF - -cat > %{buildroot}%{_sysconfdir}/profile.d/readline.sh << "EOF" -# Setup the INPUTRC environment variable. -if [ -z "$INPUTRC" -a ! -f "$HOME/.inputrc" ]; then - INPUTRC=%{_sysconfdir}/inputrc -fi -export INPUTRC -EOF - -cat > %{buildroot}%{_sysconfdir}/profile.d/umask.sh << "EOF" -# By default, the umask should be set. -if [ "$(id -gn)" = "$(id -un)" -a $EUID -gt 99 ]; then - umask 002 -else - umask 022 -fi -EOF - -cat > %{buildroot}%{_sysconfdir}/profile.d/i18n.sh << "EOF" -# Begin /etc/profile.d/i18n.sh - -unset LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES \ - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION - -if [ -n "$XDG_CONFIG_HOME" ] && [ -r "$XDG_CONFIG_HOME/locale.conf" ]; then - . "$XDG_CONFIG_HOME/locale.conf" -elif [ -r %{_sysconfdir}/locale.conf ]; then - . %{_sysconfdir}/locale.conf -fi - -export LANG="${LANG:-C}" -[ -n "$LC_CTYPE" ] && export LC_CTYPE -[ -n "$LC_NUMERIC" ] && export LC_NUMERIC -[ -n "$LC_TIME" ] && export LC_TIME -[ -n "$LC_COLLATE" ] && export LC_COLLATE -[ -n "$LC_MONETARY" ] && export LC_MONETARY -[ -n "$LC_MESSAGES" ] && export LC_MESSAGES -[ -n "$LC_PAPER" ] && export LC_PAPER -[ -n "$LC_NAME" ] && export LC_NAME -[ -n "$LC_ADDRESS" ] && export LC_ADDRESS -[ -n "$LC_TELEPHONE" ] && export LC_TELEPHONE -[ -n "$LC_MEASUREMENT" ] && export LC_MEASUREMENT -[ -n "$LC_IDENTIFICATION" ] && export LC_IDENTIFICATION - -# End /etc/profile.d/i18n.sh -EOF - -cat > %{buildroot}%{_sysconfdir}/bash.bashrc << "EOF" -# Begin /etc/bash.bashrc -# Written for Beyond Linux From Scratch -# by James Robertson -# updated by Bruce Dubbs - -# System wide aliases and functions. - -# System wide environment variables and startup programs should go into -# /etc/profile. Personal environment variables and startup programs -# should go into ~/.bash_profile. Personal aliases and functions should -# go into ~/.bashrc - -# Provides colored /bin/ls and /bin/grep commands. Used in conjunction -# with code in /etc/profile. - -alias ls='ls --color=auto' -grep --help | grep color >/dev/null 2>&1 -if [ $? -eq 0 ]; then - alias grep='grep --color=auto' -fi - -# Provides prompt for non-login shells, specifically shells started -# in the X environment. [Review the LFS archive thread titled -# PS1 Environment Variable for a great case study behind this script -# addendum.] - -NORMAL="\[\e[0m\]" -RED="\[\e[1;31m\]" -GREEN="\[\e[1;32m\]" -if [[ $EUID = 0 ]]; then - PS1="$RED\u [ $NORMAL\w$RED ]# $NORMAL" -else - PS1="$GREEN\u [ $NORMAL\w$GREEN ]\$ $NORMAL" -fi - -unset RED GREEN NORMAL - -if test -n "$SSH_CONNECTION" -a -z "$PROFILEREAD"; then - . %{_sysconfdir}/profile > /dev/null 2>&1 -fi - -# End /etc/bash.bashrc -EOF - -cat > %{buildroot}%{_sysconfdir}/skel/.bash_profile << "EOF" -# Begin ~/.bash_profile -# Written for Beyond Linux From Scratch -# by James Robertson -# updated by Bruce Dubbs - -# Personal environment variables and startup programs. - -# Personal aliases and functions should go in ~/.bashrc. System wide -# environment variables and startup programs are in /etc/profile. -# System wide aliases and functions are in /etc/bashrc. - -if [ -f "$HOME/.bashrc" ]; then - source $HOME/.bashrc -fi - -if [ -d "$HOME/bin" ]; then - pathprepend $HOME/bin -fi - -# Having . in the PATH is dangerous -#if [ $EUID -gt 99 ]; then -# pathappend . -#fi - -# End ~/.bash_profile -EOF - -cat > %{buildroot}%{_sysconfdir}/skel/.bashrc << "EOF" -# Begin ~/.bashrc -# Written for Beyond Linux From Scratch -# by James Robertson - -# Personal aliases and functions. - -# Personal environment variables and startup programs should go in -# ~/.bash_profile. System wide environment variables and startup -# programs are in /etc/profile. System wide aliases and functions are -# in /etc/bashrc. - -if [ -f "%{_sysconfdir}/bash.bashrc" ]; then - source %{_sysconfdir}/bash.bashrc -fi - -# End ~/.bashrc -EOF - -cat > %{buildroot}%{_sysconfdir}/skel/.bash_logout << "EOF" -# Begin ~/.bash_logout -# Written for Beyond Linux From Scratch -# by James Robertson - -# Personal items to perform on logout. - -# End ~/.bash_logout -EOF - -dircolors -p > %{buildroot}%{_sysconfdir}/dircolors -%find_lang %{name} -rm -rf %{buildroot}%{_infodir} - -%if 0%{?with_check} -%check -make NON_ROOT_USERNAME=nobody %{?_smp_mflags} check -%endif - -%post -if [ $1 -eq 1 ]; then - if [ ! -f "/root/.bash_logout" ]; then - cp %{_sysconfdir}/skel/.bash_logout /root/.bash_logout - fi - - if [ ! -f %{_sysconfdir}/shells ]; then - echo "/bin/sh" >> %{_sysconfdir}/shells - echo "/bin/bash" >> %{_sysconfdir}/shells - echo "%{_bindir}/sh" >> %{_sysconfdir}/shells - echo "%{_bindir}/bash" >> %{_sysconfdir}/shells - else - grep -q '^/bin/sh$' %{_sysconfdir}/shells || \ - echo "/bin/sh" >> %{_sysconfdir}/shells - grep -q '^/bin/bash$' %{_sysconfdir}/shells || \ - echo "/bin/bash" >> %{_sysconfdir}/shells - grep -q '^%{_bindir}/sh$' %{_sysconfdir}/shells || \ - echo "%{_bindir}/sh" >> %{_sysconfdir}/shells - grep -q '^%{_bindir}/bash$' %{_sysconfdir}/shells || \ - echo "%{_bindir}/bash" >> %{_sysconfdir}/shells - fi -fi - -%postun -if [ $1 -eq 0 ]; then - if [ -f "/root/.bash_logout" ]; then - rm -f /root/.bash_logout - fi - if [ ! -x /bin/sh ]; then - grep -v '^/bin/sh$' %{_sysconfdir}/shells | \ - grep -v '^/bin/sh$' > %{_sysconfdir}/shells.rpm && \ - mv %{_sysconfdir}/shells.rpm %{_sysconfdir}/shells - fi - if [ ! -x /bin/bash ]; then - grep -v '^/bin/bash$' %{_sysconfdir}/shells | \ - grep -v '^/bin/bash$' > %{_sysconfdir}/shells.rpm && \ - mv %{_sysconfdir}/shells.rpm %{_sysconfdir}/shells - fi - if [ ! -x %{_bindir}/sh ]; then - grep -v '^%{_bindir}/sh$' %{_sysconfdir}/shells | \ - grep -v '^%{_bindir}/sh$' > %{_sysconfdir}/shells.rpm && \ - mv %{_sysconfdir}/shells.rpm %{_sysconfdir}/shells - fi - if [ ! -x %{_bindir}/bash ]; then - grep -v '^%{_bindir}/bash$' %{_sysconfdir}/shells | \ - grep -v '^%{_bindir}/bash$' > %{_sysconfdir}/shells.rpm && \ - mv %{_sysconfdir}/shells.rpm %{_sysconfdir}/shells - fi -fi - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/%{name}/* -%{_sysconfdir}/* - -%files devel -%defattr(-,root,root) -%{_includedir}/%{name}/* -%{_libdir}/pkgconfig/* - -%files lang -f %{name}.lang -%defattr(-,root,root) - -%files docs -%defattr(-,root,root) -%{_docdir}/%{name}-%{version}/* -%{_docdir}/%{name}/* -%{_mandir}/*/* - -%changelog -* Mon May 29 2023 Shreenidhi Shedi 5.2-2 -- Remove bash-completion related files -- bash-completion is a new package now -* Mon Jan 09 2023 Susant Sahani 5.2-1 -- Update version -* Tue Dec 20 2022 Guruswamy Basavaiah 5.1.16-2 -- Bump release as a part of readline upgrade -* Wed Aug 24 2022 Shreenidhi Shedi 5.1.16-1 -- Upgrade to v5.1.16 -* Wed Feb 23 2022 Shreenidhi Shedi 5.0-3 -- Fix binary path -* Fri Feb 19 2021 Satya Naga Vasamsetty 5.0-2 -- Move documents to docs sub-package -* Wed Jul 08 2020 Gerrit Photon 5.0-1 -- Automatic Version Bump -* Mon Sep 24 2018 Sujay G 4.4.18-1 -- Bump bash version to 4.4.18 -* Fri Jan 26 2018 Alexey Makhalov 4.4.12-3 -- Run bash_completion only for bash interactive shell -* Mon Dec 11 2017 Priyesh Padmavilasom 4.4.12-2 -- conditionally apply grep color alias -* Mon Nov 13 2017 Xiaolin Li 4.4.12-1 -- Upstream patch level 12 applied -* Mon Oct 02 2017 Kumar Kaushik 4.4-6 -- Adding security fix for CVE-2017-5932. -* Thu Jun 8 2017 Bo Gan 4.4-5 -- Fix dependency again -* Wed Jun 7 2017 Divya Thaluru 4.4-4 -- Added /usr/bin/sh and /bin/sh entries in /etc/shells -* Sun Jun 4 2017 Bo Gan 4.4-3 -- Fix dependency -* Thu Feb 2 2017 Divya Thaluru 4.4-2 -- Modified bash entry in /etc/shells -* Fri Jan 13 2017 Dheeraj Shetty 4.4-1 -- Upgraded version to 4.4 -* Tue Jan 10 2017 Divya Thaluru 4.3.30-7 -- Added bash entry to /etc/shells -* Wed Nov 16 2016 Alexey Makhalov 4.3.30-6 -- Add readline requirements -* Fri Aug 19 2016 Alexey Makhalov 4.3.30-5 -- Enable bash completion support -* Tue May 24 2016 Priyesh Padmavilasom 4.3.30-4 -- GA - Bump release of all rpms -* Tue May 3 2016 Divya Thaluru 4.3.30-3 -- Fixing spec file to handle rpm upgrade scenario correctly -* Thu Mar 10 2016 Divya Thaluru 4.3.30-2 -- Adding compile options to load bash.bashrc file and - loading source file during non-inetractive non-login shell -* Tue Jan 12 2016 Xiaolin Li 4.3.30-1 -- Updated to version 4.3.30 -* Wed Aug 05 2015 Kumar Kaushik 4.3-4 -- Adding post unstall section. -* Wed Jul 22 2015 Alexey Makhalov 4.3-3 -- Fix segfault in save_bash_input. -* Tue Jun 30 2015 Alexey Makhalov 4.3-2 -- /etc/profile.d permission fix. Pack /etc files into rpm -* Wed Oct 22 2014 Divya Thaluru 4.3-1 -- Initial version diff --git a/SPECS/bash/enable-SYS_BASHRC-SSH_SOURCE_BASHRC.patch b/SPECS/bash/enable-SYS_BASHRC-SSH_SOURCE_BASHRC.patch deleted file mode 100644 index 48f05ce133..0000000000 --- a/SPECS/bash/enable-SYS_BASHRC-SSH_SOURCE_BASHRC.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 036216b03d55db0396a9e1bb246503ad58398088 Mon Sep 17 00:00:00 2001 -From: Shreenidhi Shedi -Date: Wed, 24 Aug 2022 15:39:59 +0530 -Subject: [PATCH] config-top.h: enable SYS_BASHRC & SSH_SOURCE_BASHRC - -Signed-off-by: Shreenidhi Shedi ---- - config-top.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/config-top.h b/config-top.h -index 735f75e..5934fe5 100644 ---- a/config-top.h -+++ b/config-top.h -@@ -91,7 +91,7 @@ - #define DEFAULT_BASHRC "~/.bashrc" - - /* System-wide .bashrc file for interactive shells. */ --/* #define SYS_BASHRC "/etc/bash.bashrc" */ -+#define SYS_BASHRC "/etc/bash.bashrc" - - /* System-wide .bash_logout for login shells. */ - /* #define SYS_BASH_LOGOUT "/etc/bash.bash_logout" */ -@@ -104,7 +104,7 @@ - sshd and source the .bashrc if so (like the rshd behavior). This checks - for the presence of SSH_CLIENT or SSH2_CLIENT in the initial environment, - which can be fooled under certain not-uncommon circumstances. */ --/* #define SSH_SOURCE_BASHRC */ -+#define SSH_SOURCE_BASHRC - - /* Define if you want the case-toggling operators (~[~]) and the - `capcase' variable attribute (declare -c). */ --- -2.25.1 - diff --git a/SPECS/basic/basic.spec b/SPECS/basic/basic.spec deleted file mode 100644 index 221a701a7d..0000000000 --- a/SPECS/basic/basic.spec +++ /dev/null @@ -1,44 +0,0 @@ -Name: basic -Summary: Metapackage to install minimal profile -Version: 5.0 -Release: 2%{?dist} -License: Apache 2.0 -Group: System Environment/Base -URL: https://vmware.github.io/photon -Vendor: VMware, Inc. -Distribution: Photon - -Requires: Linux-PAM -Requires: bash -Requires: bash-completion -Requires: coreutils-selinux -Requires: cracklib -Requires: cracklib-dicts -Requires: dbus -Requires: filesystem -Requires: findutils -Requires: grep -Requires: grub2-efi-image -Requires: grub2-theme -Requires: openssh -Requires: photon-release -Requires: photon-repos -Requires: sed -Requires: systemd -Requires: systemd-udev -Requires: tdnf - -%description -Metapackage to install minimal profile - -%prep -%build - -%files -%defattr(-,root,root,0755) - -%changelog -* Tue Aug 15 2023 Shreenidhi Shedi 5.0-2 -- Add bash-completion to requires -* Sat Jul 15 2023 Shreenidhi Shedi 5.0-1 -- Basic set packages required for Photon diff --git a/SPECS/bats/bats.spec b/SPECS/bats/bats.spec deleted file mode 100644 index e6f85c744d..0000000000 --- a/SPECS/bats/bats.spec +++ /dev/null @@ -1,53 +0,0 @@ -Summary: Bash Automated Testing System -Name: bats -Version: 1.8.2 -Release: 1%{?dist} -License: MIT -Group: System Environment/Tool -Vendor: VMware, Inc. -Distribution: Photon - -URL: /~https://github.com/bats-core/bats-core -SOURCE0: /~https://github.com/bats-core/bats-core/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=7eace32f19789e081112af1ce8ab33ff210d52bd3ea84962bbec226349b3b8d8912b6a495f5524f9cc7cfe692f1d23d684c93c24e182752e2b30731670d6eeea - -BuildArch: noarch - -BuildRequires: parallel -BuildRequires: procps-ng - -Requires: bash -Requires: parallel - -%description -Bats is a TAP-compliant testing framework for Bash. It provides a simple way to -verify that the UNIX programs you write behave as expected. Bats is most useful -when testing software written in Bash, but you can use it to test any UNIX -program. - -%prep -%autosetup -n bats-core-%{version} - -%install -./install.sh %{buildroot}%{_prefix} - -%check -./bin/bats test - -%files -%defattr(-,root,root) -%doc AUTHORS README.md docs/CHANGELOG.md -%license LICENSE.md -%{_bindir}/%{name} -%{_libexecdir}/%{name}-core -%{_prefix}/lib/%{name}-core -%{_mandir}/man1/%{name}.1.gz -%{_mandir}/man7/%{name}.7.gz - -%changelog -* Tue Oct 25 2022 Gerrit Photon 1.8.2-1 -- Automatic Version Bump -* Thu Oct 06 2022 Gerrit Photon 1.8.0-1 -- Automatic Version Bump -* Fri Sep 02 2022 Nitesh Kumar 1.7.0-1 -- Initial version, Needed by podman-tests diff --git a/SPECS/bazel/bazel.spec b/SPECS/bazel/bazel.spec deleted file mode 100644 index d2198db887..0000000000 --- a/SPECS/bazel/bazel.spec +++ /dev/null @@ -1,80 +0,0 @@ -%global debug_package %{nil} -%define __os_install_post %{nil} - -Summary: Build software of any size, quickly and reliably, just as engineers do at Google. -Name: bazel -Version: 5.3.2 -Release: 4%{?dist} -License: Apache License 2.0 -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon -URL: http://bazel.build/ - -Source0: /~https://github.com/bazelbuild/bazel/releases/download/%{version}/%{name}-%{version}-dist.zip -%define sha512 %{name}=a63895c224d51619cf83e6e55872aa6d55d17c7dcea59eaf467069d2c95259f5964fbf8fa5994df0e3c030234a7adf70a2715edb4edbbe2bf69d21dd698c0833 - -BuildRequires: openjdk11 -BuildRequires: zlib-devel -BuildRequires: which -BuildRequires: findutils -BuildRequires: tar -BuildRequires: gzip -BuildRequires: zip -BuildRequires: unzip -BuildRequires: gcc -BuildRequires: python3 - -Requires: (openjdk11 or openjdk17) - -%description -Bazel is Google's own build tool, now publicly available in Beta. Bazel has -built-in support for building both client and server software, including client -applications for both Android and iOS platforms. It also provides an extensible -framework that you can use to develop your own build rules. - -%prep -%autosetup -p1 -c -n %{name}-%{version} - -%build -export JAVA_HOME=$(echo %{_libdir}/jvm/OpenJDK*) -export TMPDIR=%{_usr}/tmp - -mkdir $TMPDIR - -./compile.sh - -pushd output -./bazel -popd - -%install -mkdir -p %{buildroot}%{_bindir} -cp output/bazel %{buildroot}%{_bindir} - -%files -%defattr(-,root,root) -%attr(755,root,root) %{_bindir}/bazel - -%changelog -* Sat Aug 26 2023 Shreenidhi Shedi 5.3.2-4 -- Require jdk11 or jdk17 -* Sat Jun 17 2023 Shreenidhi Shedi 5.3.2-3 -- Bump version as a part of openjdk11 upgrade -* Tue Dec 06 2022 Prashant S Chauhan 5.3.2-2 -- Update release to compile with python 3.11 -* Mon Oct 31 2022 Gerrit Photon 5.3.2-1 -- Automatic Version Bump -* Sun Sep 18 2022 Vamsi Krishna Brahmajosyula 5.3.0-1 -- Upgrade to latest version -- Use openjdk11 -* Mon Apr 12 2021 Gerrit Photon 4.0.0-1 -- Automatic Version Bump -* Thu Jan 14 2021 Alexey Makhalov 3.5.0-2 -- GCC-10 support. -* Mon Sep 21 2020 Harinadh Dommaraju 3.5.0-1 -- Update bazel version -* Fri Apr 24 2020 Ankit Jain 2.0.0-2 -- Changed openjdk install directory name -* Fri Feb 7 2020 Harinadh Dommaraju 2.0.0-1 -- Initial release diff --git a/SPECS/bc/bc.spec b/SPECS/bc/bc.spec deleted file mode 100644 index 2b8e97b307..0000000000 --- a/SPECS/bc/bc.spec +++ /dev/null @@ -1,78 +0,0 @@ -Summary: precision numeric processing language -Name: bc -Version: 1.07.1 -Release: 4%{?dist} -License: GPLv2+ -URL: https://ftp.gnu.org/gnu/bc/ -Group: System Environment/base -Vendor: VMware, Inc. -Distribution: Photon -Source0: https://ftp.gnu.org/gnu/bc/%{name}-%{version}.tar.gz -%define sha1 bc=b4475c6d66590a5911d30f9747361db47231640a -BuildRequires: ed -Requires: flex -Patch0: do-not-generate-libmath-h.patch -Patch1: pregenerated-libmath-h.patch - -%description -The Bc package contains an arbitrary precision numeric processing language. - -%prep -%setup -q -if [ %{_host} != %{_build} ]; then -# bc is not cross-compile friendly. -# it generates libmath.h using built in tree ./fdc tool -# which can't be run -# Use pre-generated libmath.h -%patch0 -p1 -%patch1 -p1 -else -# put pregenerated libmath.h to the src root -%patch1 -p2 -fi - -%build -autoreconf -fiv -%configure \ - --disable-silent-rules -make %{?_smp_mflags} -# check that our pregenerated libmath.h is up to date. -if [ %{_host} = %{_build} ]; then - diff libmath.h bc/libmath.h -fi - -%install -make DESTDIR=%{buildroot} install -install -vdm 755 %{buildroot}/%{_mandir} -rm -rf %{buildroot}%{_infodir} - -%check -cd Test -./timetest - -%post -/sbin/ldconfig - -%postun -/sbin/ldconfig - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_mandir}/*/* - -%changelog -* Mon Sep 28 2020 Sujay G 1.07.1-4 -- Fix %check -* Fri Nov 01 2019 Alexey Makhalov 1.07.1-3 -- Cross compilation support -* Mon Oct 14 2019 Piyush Gupta 1.07.1-2 -- Added Requires flex -* Mon Oct 1 2018 Sujay G 1.07.1-1 -- Bump bc version to 1.07.1 -* Tue May 24 2016 Priyesh Padmavilasom 1.06.95-3 -- GA - Bump release of all rpms -* Tue Aug 4 2015 Kumar Kaushik 1.06.95-2 -- Adding the post uninstall section. -* Wed Nov 5 2014 Divya Thaluru 1.06.95-1 -- initial version diff --git a/SPECS/bc/do-not-generate-libmath-h.patch b/SPECS/bc/do-not-generate-libmath-h.patch deleted file mode 100644 index 2ef29fa739..0000000000 --- a/SPECS/bc/do-not-generate-libmath-h.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -Naur a/bc/Makefile.am b/bc/Makefile.am ---- a/bc/Makefile.am 2017-04-07 13:09:29.000000000 -0700 -+++ b/bc/Makefile.am 2018-11-14 14:49:51.457915578 -0800 -@@ -31,14 +31,6 @@ - - fbcOBJ = main.o bc.o scan.o execute.o load.o storage.o util.o warranty.o - --libmath.h: libmath.b $(fbcOBJ) $(LIBBC) -- echo '{0}' > libmath.h -- $(MAKE) global.o -- $(LINK) -o fbc $(fbcOBJ) global.o $(LIBBC) $(LIBL) $(READLINELIB) $(LIBS) -- ./fbc -c $(srcdir)/libmath.b libmath.h -- $(srcdir)/fix-libmath_h -- rm -f ./fbc ./global.o -- - sbcOBJ = main.o sbc.o scan.o execute.o global.o load.o storage.o util.o \ - warranty.o - sbc.o: sbc.c diff --git a/SPECS/bc/pregenerated-libmath-h.patch b/SPECS/bc/pregenerated-libmath-h.patch deleted file mode 100644 index b4df95b932..0000000000 --- a/SPECS/bc/pregenerated-libmath-h.patch +++ /dev/null @@ -1,50 +0,0 @@ -diff -Naur a/bc/libmath.h b/bc/libmath.h ---- a/bc/libmath.h 1969-12-31 16:00:00.000000000 -0800 -+++ b/bc/libmath.h 2018-11-14 14:47:16.000000000 -0800 -@@ -0,0 +1,46 @@ -+{"@iK20:s2:p@r", -+"@iF1,5.6,7,8,9,10,11,12,13,14,15[l0:KA:#Z1:l0:s7:pKA:s0:pl5:C1,0:", -+"s14:pl7:s0:pl14:RN1:l5:0Z4:l10:1+s10:pl5:K2:/s5:pl2:", -+"1+s2:pJ3:N4:l13:s2:p1l5:+s14:pl5:s6:p1s8:pK2:s11:pN6:1B7:J5:N8:", -+"l11:i11:pJ6:N7:l6:l5:*s6:l8:l11:*s8:/s9:pl9:0=Z9:l10:0>Z10:N11:", -+"l10:d10:Z12:l14:l14:*s14:pJ11:N12:N10:l15:s2:pl12:Z13:1l14:/R", -+"N13:l14:1/RN9:l14:l9:+s14:pJ8:N5:0R]@r", -+"@iF2,5.7,9,10,11,12,13,14,15[l0:KA:#Z1:l0:s7:pKA:s0:pl5:C2,0:", -+"s14:pl7:s0:pl14:RN1:l5:0{Z2:1K10:l2:^-1/RN2:l2:s15:pK6:l2:+s2:", -+"pK2:s10:p0s11:pN3:l5:K2:}Z4:l10:K2:*s10:pl5:cRs5:pJ3:N4:N5:l5:", -+"K.5:{Z6:l10:K2:*s10:pl5:cRs5:pJ5:N6:l5:1-l5:1+/s13:s14:pl13:l13:", -+"*s12:pK3:s11:pN8:1B9:J7:N10:l11:K2:+s11:pJ8:N9:l13:l12:*s13:l11:", -+"/s9:pl9:0=Z11:l10:l14:*s14:pl15:s2:pl14:1/RN11:l14:l9:+s14:pJ10:N7:", -+"0R]@r", -+"@iF3,5.7,9,11,12,13,16,14,15[l0:KA:#Z1:l0:s7:pKA:s0:pl5:C3,0:", -+"s14:pl7:s0:pl14:RN1:l2:s15:pK1.1:l15:*K2:+s2:p1C4,0:s14:pl5:0", -+"Z11:l15:K5:+s2:pK.2:C4,0:s6:pN11:", -+"l15:K3:+s2:pN12:l5:K.2:>Z13:l10:1+s10:pl5:K.2:-1l5:K.2:*+/s5:", -+"pJ12:N13:l5:s13:s14:pl5:nl5:*s16:pK3:s11:pN15:1B16:J14:N17:l11:", -+"K2:+s11:pJ15:N16:l13:l16:*s13:l11:/s9:pl9:0=Z18:l15:s2:pl10:l6:", -+"*l14:+l12:/RN18:l14:l9:+s14:pJ17:N14:0R]@r", -+"@iF6,13,5.6,7,8,9,10,11,12,16,14,15[l0:KA:#Z1:l0:s7:pKA:s0:pl13:", -+"l5:C6,00:s14:pl7:s0:pl14:RN1:l2:s15:p0s2:pl13:1/s13:pl13:0 0.28.0-1 -- Upgrade to v0.28.0 -* Tue Jul 11 2023 Shreenidhi Shedi 0.25.0-4 -- Bump version as a part of elfutils upgrade -* Fri Jan 06 2023 Vamsi Krishna Brahmajosyula 0.25.0-3 -- Bump up due to change in elfutils -* Tue Dec 06 2022 Prashant S Chauhan 0.25.0-2 -- Update release to compile with python 3.11 -* Tue Sep 27 2022 Shreenidhi Shedi 0.25.0-1 -- Upgrade to v0.25.1 -* Mon Jun 20 2022 Shreenidhi Shedi 0.19.0-2 -- Use cmake macros for build and install -* Mon Apr 12 2021 Gerrit Photon 0.19.0-1 -- Automatic Version Bump -* Wed Jul 22 2020 Gerrit Photon 0.16.0-1 -- Automatic Version Bump -* Wed Jun 26 2019 Keerthana K 0.10.0-1 -- Initial bcc package for PhotonOS. diff --git a/SPECS/bindutils/bindutils.spec b/SPECS/bindutils/bindutils.spec deleted file mode 100644 index ef71119138..0000000000 --- a/SPECS/bindutils/bindutils.spec +++ /dev/null @@ -1,196 +0,0 @@ -%define _bind_user named -%define _bind_group named -%define _home_dir %{_sharedstatedir}/bind - -Summary: Domain Name System software -Name: bindutils -Version: 9.19.14 -Release: 5%{?dist} -License: ISC -URL: http://www.isc.org/downloads/bind -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://ftp.isc.org/isc/bind9/%{version}/bind-%{version}.tar.xz -%define sha512 bind=7cafb7aeb6471d9b219db7a3fb3ce8a428bf661eb8fa532b16fa2a9054b67661c30eff97f6ff18fdef340e9b717c82b01d55bb0297ccca2388915d5ebfc188bb - -Source1: %{name}.sysusers - -Requires: krb5 -Requires: e2fsprogs-libs -Requires: openssl-libs -Requires: libuv -Requires: userspace-rcu -Requires: %{name}-libs = %{version}-%{release} -Requires(pre): systemd-rpm-macros -Requires(postun): /usr/sbin/userdel /usr/sbin/groupdel - -BuildRequires: openssl-devel -BuildRequires: libuv-devel -BuildRequires: nghttp2-devel -BuildRequires: libcap-devel -BuildRequires: systemd-devel -BuildRequires: krb5-devel -BuildRequires: e2fsprogs-devel -BuildRequires: userspace-rcu-devel - -%description -BIND is open source software that implements the Domain Name System (DNS) protocols -for the Internet. It is a reference implementation of those protocols, but it is -also production-grade software, suitable for use in high-volume and high-reliability applications. - -%package libs -Summary: Libraries used by the BIND DNS packages -Group: Development/Libraries - -%description libs -Contains heavyweight version of BIND suite libraries used by both named DNS -server and utilities in bindutils package. - -%package devel -Summary: Header files and libraries needed for bind-dyndb-ldap -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} - -%description devel -The bindutils-devel package contains full version of the header files and libraries. -Upstream no longer supports nor recommends bind libraries for third party applications. - -%prep -%autosetup -p1 -n bind-%{version} - -%build -%configure \ - --without-python \ - --disable-static - -%make_build - -%install -%make_install %{?_smp_mflags} - -mkdir -p %{buildroot}{%{_sysconfdir},%{_tmpfilesdir},%{_home_dir}} - -cat << EOF >> %{buildroot}/%{_sysconfdir}/named.conf -zone "." in { - type master; - allow-update {none;}; // no DDNS by default -}; -EOF -echo "d /run/named 0755 named named - -" > %{buildroot}%{_tmpfilesdir}/named.conf -install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/%{name}.sysusers - -%posttrans -if [ $1 -eq 1 ]; then - %sysusers_create_compat %{SOURCE1} -fi - -%post -/sbin/ldconfig -chown -R root:%{_bind_user} %{_home_dir} -chmod 0770 %{_home_dir} - -%postun -/sbin/ldconfig - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_sbindir}/* -%{_sysconfdir}/* -%{_tmpfilesdir}/named.conf -%{_mandir}/man1/* -%{_sysusersdir}/%{name}.sysusers -%{_home_dir} - -%files libs -%defattr(-,root,root) -%{_libdir}/libdns.so -%{_libdir}/libisc.so -%{_libdir}/libisccc.so -%{_libdir}/libisccfg.so -%{_libdir}/libns.so -%{_libdir}/libisccc-%{version}*.so -%{_libdir}/libns-%{version}*.so -%{_libdir}/libdns-%{version}*.so -%{_libdir}/libisc-%{version}*.so -%{_libdir}/libisccfg-%{version}*.so -%{_libdir}/bind/*.so - -%files devel -%defattr(-,root,root) -%{_includedir}/ns/*.h -%{_includedir}/dns/*.h -%{_includedir}/dst/*.h -%{_includedir}/isc/*.h -%{_includedir}/irs/*.h -%{_includedir}/isccc/*.h -%{_includedir}/isccfg/*.h -%{_mandir}/man5/* -%{_mandir}/man8/* - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 9.19.14-5 -- Bump version as a part of openssl upgrade -* Wed Oct 11 2023 Shreenidhi Shedi 9.19.14-4 -- Change home directory permission & owner -* Tue Aug 08 2023 Mukul Sikka 9.19.14-3 -- Resolving systemd-rpm-macros for group creation -* Fri Jul 28 2023 Srish Srinivasan 9.19.14-2 -- Bump version as a part of krb5 upgrade -* Thu Jun 22 2023 Dweep Advani 9.19.14-1 -- Upgrade to 9.19.14 -* Mon May 15 2023 Mukul Sikka 9.19.7-4 -- Resolving systemd user creation issue -* Fri Mar 10 2023 Mukul Sikka 9.19.7-3 -- Use systemd-rpm-macros for user creation -* Tue Feb 14 2023 Brennan Lamoreaux 9.19.7-2 -- Add dependencies for realm support in nsupdate for SSSD. -* Tue Dec 13 2022 Gerrit Photon 9.19.7-1 -- Automatic Version Bump -* Thu May 26 2022 Gerrit Photon 9.19.4-1 -- Automatic Version Bump -* Wed Mar 30 2022 Dweep Advani 9.18.1-1 -- Version upgraded to 9.18.1 to address CVE-2021-25220 and CVE-2022-0396 -- Add libs & devel sub packages -* Tue Mar 29 2022 Tapas Kundu 9.16.15-3 -- Do not remove user and group in postun unless uninstalled -* Fri Nov 12 2021 Satya Naga Vasamsetty 9.16.15-2 -- Bump up release for openssl -* Mon Jun 07 2021 Sujay G 9.16.15-1 -- Bump version to 9.16.15 -* Mon Apr 12 2021 Gerrit Photon 9.16.13-1 -- Automatic Version Bump -* Thu Oct 01 2020 Sujay G 9.16.6-1 -- Bumper version to 9.16.6 -* Tue Sep 29 2020 Satya Naga Vasamsetty 9.16.4-2 -- openssl 1.1.1 -* Fri Jul 10 2020 Sujay G 9.16.4-1 -- Bump version to 9.16.4 to fix CVE-2020-8618 & CVE-2020-8619 -* Tue Jun 02 2020 Sujay G 9.16.3-1 -- Bump version to 9.16.3 -* Thu Jan 09 2020 Sujay G 9.15.5-1 -- Bump bindutils version to 9.15.5 -* Sun Sep 23 2018 Sujay G 9.13.3-1 -- Bump bindutils version to 9.13.3 -* Mon Feb 12 2018 Xiaolin Li 9.10.6-1 -- Upgrading version to 9.10.6-P1, fix CVE-2017-3145 -* Mon Sep 18 2017 Alexey Makhalov 9.10.4-4 -- Remove shadow from requires and use explicit tools for post actions -* Fri Apr 14 2017 Kumar Kaushik 9.10.4-3 -- Upgrading version to 9.10.4-P8 -* Mon Nov 21 2016 Priyesh Padmavilasom 9.10.4-2 -- add shadow to requires -* Mon Jun 06 2016 Harish Udaiya Kumar 9.10.4-1 -- Upgraded the version to 9.10.4 -* Tue May 24 2016 Priyesh Padmavilasom 9.10.3-3 -- GA - Bump release of all rpms -* Fri Apr 29 2016 Xiaolin Li 9.10.3-2 -- Add group named and user named -* Thu Jan 21 2016 Xiaolin Li 9.10.3-1 -- Updated to version 9.10.3 -* Tue Aug 11 2015 Divya Thaluru 9.10.1-1 -- Fixing release -* Tue Jan 20 2015 Divya Thaluru 9.10.1-P1 -- Initial build. First version diff --git a/SPECS/bindutils/bindutils.sysusers b/SPECS/bindutils/bindutils.sysusers deleted file mode 100644 index 02e3887912..0000000000 --- a/SPECS/bindutils/bindutils.sysusers +++ /dev/null @@ -1,2 +0,0 @@ -g named - -u named - "" /var/lib/bind /bin/false diff --git a/SPECS/binutils/binutils-CVE-2022-38533.patch b/SPECS/binutils/binutils-CVE-2022-38533.patch deleted file mode 100644 index d7a22fbad2..0000000000 --- a/SPECS/binutils/binutils-CVE-2022-38533.patch +++ /dev/null @@ -1,34 +0,0 @@ -From ef186fe54aa6d281a3ff8a9528417e5cc614c797 Mon Sep 17 00:00:00 2001 -From: Alan Modra -Date: Sat, 13 Aug 2022 15:32:47 +0930 -Subject: [PATCH] PR29482 - strip: heap-buffer-overflow - - PR 29482 - * coffcode.h (coff_set_section_contents): Sanity check _LIB. ---- - bfd/coffcode.h | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/bfd/coffcode.h b/bfd/coffcode.h -index 67aaf158ca1..52027981c3f 100644 ---- a/bfd/coffcode.h -+++ b/bfd/coffcode.h -@@ -4302,10 +4302,13 @@ coff_set_section_contents (bfd * abfd, - - rec = (bfd_byte *) location; - recend = rec + count; -- while (rec < recend) -+ while (recend - rec >= 4) - { -+ size_t len = bfd_get_32 (abfd, rec); -+ if (len == 0 || len > (size_t) (recend - rec) / 4) -+ break; -+ rec += len * 4; - ++section->lma; -- rec += bfd_get_32 (abfd, rec) * 4; - } - - BFD_ASSERT (rec == recend); --- -2.31.1 - diff --git a/SPECS/binutils/binutils-CVE-2022-4285.patch b/SPECS/binutils/binutils-CVE-2022-4285.patch deleted file mode 100644 index 4070311dab..0000000000 --- a/SPECS/binutils/binutils-CVE-2022-4285.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001 -From: Nick Clifton -Date: Wed, 19 Oct 2022 15:09:12 +0100 -Subject: [PATCH] Fix an illegal memory access when parsing an ELF file - containing corrupt symbol version information. - - PR 29699 - * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field - of the section header is zero. - -[bguruswamy: Original changes to bfd/ChangeLog are relocated for -patching to pass, rest of the original changes are kept as it is] - -Signed-off-by: Guruswamy Basavaiah ---- - bfd/ChangeLog | 5 +++++ - bfd/elf.c | 4 +++- - 2 files changed, 8 insertions(+), 1 deletion(-) - -diff --git a/bfd/ChangeLog b/bfd/ChangeLog -index 1bd87531..e59ede55 100644 ---- a/bfd/ChangeLog -+++ b/bfd/ChangeLog -@@ -1,3 +1,8 @@ -+2022-10-19 Nick Clifton -+ -+ PR 29699 -+ * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field -+ of the section header is zero. - 2023-03-30 Nick Clifton - - PR 30285 -diff --git a/bfd/elf.c b/bfd/elf.c -index e0291181..4ae4977c 100644 ---- a/bfd/elf.c -+++ b/bfd/elf.c -@@ -8868,7 +8868,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) - bfd_set_error (bfd_error_file_too_big); - goto error_return_verref; - } -- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt); -+ if (amt == 0) -+ goto error_return_verref; -+ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt); - if (elf_tdata (abfd)->verref == NULL) - goto error_return_verref; - --- -2.25.1 - diff --git a/SPECS/binutils/binutils-CVE-2022-44840.patch b/SPECS/binutils/binutils-CVE-2022-44840.patch deleted file mode 100644 index 197fd238ab..0000000000 --- a/SPECS/binutils/binutils-CVE-2022-44840.patch +++ /dev/null @@ -1,150 +0,0 @@ -From 28750e3b967da2207d51cbce9fc8be262817ee59 Mon Sep 17 00:00:00 2001 -From: Alan Modra -Date: Sun, 30 Oct 2022 19:08:51 +1030 -Subject: [PATCH] Pool section entries for DWP version 1 - -Ref: https://gcc.gnu.org/wiki/DebugFissionDWP?action=recall&rev=3 - -Fuzzers have found a weakness in the code stashing pool section -entries. With random nonsensical values in the index entries (rather -than each index pointing to its own set distinct from other sets), -it's possible to overflow the space allocated, losing the NULL -terminator. Without a terminator, find_section_in_set can run off the -end of the shndx_pool buffer. Fix this by scanning the pool directly. - -binutils/ - * dwarf.c (add_shndx_to_cu_tu_entry): Delete range check. - (end_cu_tu_entry): Likewise. - (process_cu_tu_index): Fill shndx_pool by directly scanning - pool, rather than indirectly from index entries. ---- - binutils/dwarf.c | 94 ++++++++++++++++++++++-------------------------- - 1 file changed, 43 insertions(+), 51 deletions(-) - -diff --git a/binutils/dwarf.c b/binutils/dwarf.c -index 4f5f27e2..44cdafb3 100644 ---- a/binutils/dwarf.c -+++ b/binutils/dwarf.c -@@ -10722,22 +10722,12 @@ prealloc_cu_tu_list (unsigned int nshndx) - static void - add_shndx_to_cu_tu_entry (unsigned int shndx) - { -- if (shndx_pool_used >= shndx_pool_size) -- { -- error (_("Internal error: out of space in the shndx pool.\n")); -- return; -- } - shndx_pool [shndx_pool_used++] = shndx; - } - - static void - end_cu_tu_entry (void) - { -- if (shndx_pool_used >= shndx_pool_size) -- { -- error (_("Internal error: out of space in the shndx pool.\n")); -- return; -- } - shndx_pool [shndx_pool_used++] = 0; - } - -@@ -10843,53 +10833,55 @@ process_cu_tu_index (struct dwarf_section *section, int do_display) - - if (version == 1) - { -+ unsigned char *shndx_list; -+ unsigned int shndx; -+ - if (!do_display) -- prealloc_cu_tu_list ((limit - ppool) / 4); -- for (i = 0; i < nslots; i++) - { -- unsigned char *shndx_list; -- unsigned int shndx; -- -- SAFE_BYTE_GET (signature, phash, 8, limit); -- if (signature != 0) -+ prealloc_cu_tu_list ((limit - ppool) / 4); -+ for (shndx_list = ppool + 4; shndx_list <= limit - 4; shndx_list += 4) - { -- SAFE_BYTE_GET (j, pindex, 4, limit); -- shndx_list = ppool + j * 4; -- /* PR 17531: file: 705e010d. */ -- if (shndx_list < ppool) -- { -- warn (_("Section index pool located before start of section\n")); -- return 0; -- } -+ shndx = byte_get (shndx_list, 4); -+ add_shndx_to_cu_tu_entry (shndx); -+ } -+ end_cu_tu_entry (); -+ } -+ else -+ for (i = 0; i < nslots; i++) -+ { -+ SAFE_BYTE_GET (signature, phash, 8, limit); -+ if (signature != 0) -+ { -+ SAFE_BYTE_GET (j, pindex, 4, limit); -+ shndx_list = ppool + j * 4; -+ /* PR 17531: file: 705e010d. */ -+ if (shndx_list < ppool) -+ { -+ warn (_("Section index pool located before start of section\n")); -+ return 0; -+ } - -- if (do_display) -- printf (_(" [%3d] Signature: 0x%s Sections: "), -- i, dwarf_vmatoa ("x", signature)); -- for (;;) -- { -- if (shndx_list >= limit) -- { -- warn (_("Section %s too small for shndx pool\n"), -- section->name); -- return 0; -- } -- SAFE_BYTE_GET (shndx, shndx_list, 4, limit); -- if (shndx == 0) -- break; -- if (do_display) -+ printf (_(" [%3d] Signature: %#" PRIx64 " Sections: "), -+ i, signature); -+ for (;;) -+ { -+ if (shndx_list >= limit) -+ { -+ warn (_("Section %s too small for shndx pool\n"), -+ section->name); -+ return 0; -+ } -+ SAFE_BYTE_GET (shndx, shndx_list, 4, limit); -+ if (shndx == 0) -+ break; - printf (" %d", shndx); -- else -- add_shndx_to_cu_tu_entry (shndx); -- shndx_list += 4; -- } -- if (do_display) -+ shndx_list += 4; -+ } - printf ("\n"); -- else -- end_cu_tu_entry (); -- } -- phash += 8; -- pindex += 4; -- } -+ } -+ phash += 8; -+ pindex += 4; -+ } - } - else if (version == 2) - { --- -2.25.1 - diff --git a/SPECS/binutils/binutils-CVE-2022-45703.patch b/SPECS/binutils/binutils-CVE-2022-45703.patch deleted file mode 100644 index eee04f9287..0000000000 --- a/SPECS/binutils/binutils-CVE-2022-45703.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 69bfd1759db41c8d369f9dcc98a135c5a5d97299 Mon Sep 17 00:00:00 2001 -From: Alan Modra -Date: Fri, 18 Nov 2022 11:29:13 +1030 -Subject: [PATCH] PR29799 heap buffer overflow in display_gdb_index - dwarf.c:10548 - -PR 29799 -* dwarf.c (display_gdb_index): Typo fix. ---- - binutils/dwarf.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/binutils/dwarf.c b/binutils/dwarf.c -index d379af07..4f5f27e2 100644 ---- a/binutils/dwarf.c -+++ b/binutils/dwarf.c -@@ -10615,7 +10615,7 @@ display_gdb_index (struct dwarf_section *section, - { - uint64_t low = byte_get_little_endian (address_table + i * 20, 8); - uint64_t high = byte_get_little_endian (address_table + i * 20 + 8, 8); -- uint32_t cu_index = byte_get_little_endian (address_table + i + 20 + 16, 4); -+ uint32_t cu_index = byte_get_little_endian (address_table + i * 20 + 16, 4); - - print_dwarf_vma (low, 8); - print_dwarf_vma (high, 8); --- -2.25.1 - diff --git a/SPECS/binutils/binutils-CVE-2022-47673.patch b/SPECS/binutils/binutils-CVE-2022-47673.patch deleted file mode 100644 index ff6182bccb..0000000000 --- a/SPECS/binutils/binutils-CVE-2022-47673.patch +++ /dev/null @@ -1,529 +0,0 @@ -From 77c225bdeb410cf60da804879ad41622f5f1aa44 Mon Sep 17 00:00:00 2001 -From: Alan Modra -Date: Mon, 12 Dec 2022 18:28:49 +1030 -Subject: [PATCH] Lack of bounds checking in vms-alpha.c parse_module - - PR 29873 - PR 29874 - PR 29875 - PR 29876 - PR 29877 - PR 29878 - PR 29879 - PR 29880 - PR 29881 - PR 29882 - PR 29883 - PR 29884 - PR 29885 - PR 29886 - PR 29887 - PR 29888 - PR 29889 - PR 29890 - PR 29891 - * vms-alpha.c (parse_module): Make length param bfd_size_type. - Delete length == -1 checks. Sanity check record_length. - Sanity check DST__K_MODBEG, DST__K_RTNBEG, DST__K_RTNEND lengths. - Sanity check DST__K_SOURCE and DST__K_LINE_NUM elements - before accessing. - (build_module_list): Pass dst_section size to parse_module. ---- - bfd/vms-alpha.c | 213 ++++++++++++++++++++++++++++++++++++++---------- - 1 file changed, 168 insertions(+), 45 deletions(-) - -diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c -index 5a867f71..9b0b2a51 100644 ---- a/bfd/vms-alpha.c -+++ b/bfd/vms-alpha.c -@@ -4340,7 +4340,7 @@ new_module (bfd *abfd) - - static bool - parse_module (bfd *abfd, struct module *module, unsigned char *ptr, -- int length) -+ bfd_size_type length) - { - unsigned char *maxptr = ptr + length; - unsigned char *src_ptr, *pcl_ptr; -@@ -4361,7 +4361,7 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, - return false; - module->line_table = curr_line; - -- while (length == -1 || ptr < maxptr) -+ while (ptr + 3 < maxptr) - { - /* The first byte is not counted in the recorded length. */ - int rec_length = bfd_getl16 (ptr) + 1; -@@ -4369,15 +4369,19 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, - - vms_debug2 ((2, "DST record: leng %d, type %d\n", rec_length, rec_type)); - -- if (length == -1 && rec_type == DST__K_MODEND) -+ if (rec_length > maxptr - ptr) -+ break; -+ if (rec_type == DST__K_MODEND) - break; - - switch (rec_type) - { - case DST__K_MODBEG: -+ if (rec_length <= DST_S_B_MODBEG_NAME) -+ break; - module->name - = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_MODBEG_NAME, -- maxptr - (ptr + DST_S_B_MODBEG_NAME)); -+ rec_length - DST_S_B_MODBEG_NAME); - - curr_pc = 0; - prev_pc = 0; -@@ -4391,13 +4395,15 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, - break; - - case DST__K_RTNBEG: -+ if (rec_length <= DST_S_B_RTNBEG_NAME) -+ break; - funcinfo = (struct funcinfo *) - bfd_zalloc (abfd, sizeof (struct funcinfo)); - if (!funcinfo) - return false; - funcinfo->name - = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_RTNBEG_NAME, -- maxptr - (ptr + DST_S_B_RTNBEG_NAME)); -+ rec_length - DST_S_B_RTNBEG_NAME); - funcinfo->low = bfd_getl32 (ptr + DST_S_L_RTNBEG_ADDRESS); - funcinfo->next = module->func_table; - module->func_table = funcinfo; -@@ -4407,6 +4413,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, - break; - - case DST__K_RTNEND: -+ if (rec_length < DST_S_L_RTNEND_SIZE + 4) -+ break; - if (!module->func_table) - return false; - module->func_table->high = module->func_table->low -@@ -4439,10 +4447,63 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, - - vms_debug2 ((3, "source info\n")); - -- while (src_ptr < ptr + rec_length) -+ while (src_ptr - ptr < rec_length) - { - int cmd = src_ptr[0], cmd_length, data; - -+ switch (cmd) -+ { -+ case DST__K_SRC_DECLFILE: -+ if (src_ptr - ptr + DST_S_B_SRC_DF_LENGTH >= rec_length) -+ cmd_length = 0x10000; -+ else -+ cmd_length = src_ptr[DST_S_B_SRC_DF_LENGTH] + 2; -+ break; -+ -+ case DST__K_SRC_DEFLINES_B: -+ cmd_length = 2; -+ break; -+ -+ case DST__K_SRC_DEFLINES_W: -+ cmd_length = 3; -+ break; -+ -+ case DST__K_SRC_INCRLNUM_B: -+ cmd_length = 2; -+ break; -+ -+ case DST__K_SRC_SETFILE: -+ cmd_length = 3; -+ break; -+ -+ case DST__K_SRC_SETLNUM_L: -+ cmd_length = 5; -+ break; -+ -+ case DST__K_SRC_SETLNUM_W: -+ cmd_length = 3; -+ break; -+ -+ case DST__K_SRC_SETREC_L: -+ cmd_length = 5; -+ break; -+ -+ case DST__K_SRC_SETREC_W: -+ cmd_length = 3; -+ break; -+ -+ case DST__K_SRC_FORMFEED: -+ cmd_length = 1; -+ break; -+ -+ default: -+ cmd_length = 2; -+ break; -+ } -+ -+ if (src_ptr - ptr + cmd_length > rec_length) -+ break; -+ - switch (cmd) - { - case DST__K_SRC_DECLFILE: -@@ -4467,7 +4528,6 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, - - module->file_table [fileid].name = filename; - module->file_table [fileid].srec = 1; -- cmd_length = src_ptr[DST_S_B_SRC_DF_LENGTH] + 2; - vms_debug2 ((4, "DST_S_C_SRC_DECLFILE: %d, %s\n", - fileid, module->file_table [fileid].name)); - } -@@ -4484,7 +4544,6 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, - srec->sfile = curr_srec->sfile; - curr_srec->next = srec; - curr_srec = srec; -- cmd_length = 2; - vms_debug2 ((4, "DST_S_C_SRC_DEFLINES_B: %d\n", data)); - break; - -@@ -4499,14 +4558,12 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, - srec->sfile = curr_srec->sfile; - curr_srec->next = srec; - curr_srec = srec; -- cmd_length = 3; - vms_debug2 ((4, "DST_S_C_SRC_DEFLINES_W: %d\n", data)); - break; - - case DST__K_SRC_INCRLNUM_B: - data = src_ptr[DST_S_B_SRC_UNSBYTE]; - curr_srec->line += data; -- cmd_length = 2; - vms_debug2 ((4, "DST_S_C_SRC_INCRLNUM_B: %d\n", data)); - break; - -@@ -4514,21 +4571,18 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, - data = bfd_getl16 (src_ptr + DST_S_W_SRC_UNSWORD); - curr_srec->sfile = data; - curr_srec->srec = module->file_table[data].srec; -- cmd_length = 3; - vms_debug2 ((4, "DST_S_C_SRC_SETFILE: %d\n", data)); - break; - - case DST__K_SRC_SETLNUM_L: - data = bfd_getl32 (src_ptr + DST_S_L_SRC_UNSLONG); - curr_srec->line = data; -- cmd_length = 5; - vms_debug2 ((4, "DST_S_C_SRC_SETLNUM_L: %d\n", data)); - break; - - case DST__K_SRC_SETLNUM_W: - data = bfd_getl16 (src_ptr + DST_S_W_SRC_UNSWORD); - curr_srec->line = data; -- cmd_length = 3; - vms_debug2 ((4, "DST_S_C_SRC_SETLNUM_W: %d\n", data)); - break; - -@@ -4536,7 +4590,6 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, - data = bfd_getl32 (src_ptr + DST_S_L_SRC_UNSLONG); - curr_srec->srec = data; - module->file_table[curr_srec->sfile].srec = data; -- cmd_length = 5; - vms_debug2 ((4, "DST_S_C_SRC_SETREC_L: %d\n", data)); - break; - -@@ -4544,19 +4597,16 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, - data = bfd_getl16 (src_ptr + DST_S_W_SRC_UNSWORD); - curr_srec->srec = data; - module->file_table[curr_srec->sfile].srec = data; -- cmd_length = 3; - vms_debug2 ((4, "DST_S_C_SRC_SETREC_W: %d\n", data)); - break; - - case DST__K_SRC_FORMFEED: -- cmd_length = 1; - vms_debug2 ((4, "DST_S_C_SRC_FORMFEED\n")); - break; - - default: - _bfd_error_handler (_("unknown source command %d"), - cmd); -- cmd_length = 2; - break; - } - -@@ -4569,18 +4619,114 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, - - vms_debug2 ((3, "line info\n")); - -- while (pcl_ptr < ptr + rec_length) -+ while (pcl_ptr - ptr < rec_length) - { - /* The command byte is signed so we must sign-extend it. */ - int cmd = ((signed char *)pcl_ptr)[0], cmd_length, data; - -+ switch (cmd) -+ { -+ case DST__K_DELTA_PC_W: -+ cmd_length = 3; -+ break; -+ -+ case DST__K_DELTA_PC_L: -+ cmd_length = 5; -+ break; -+ -+ case DST__K_INCR_LINUM: -+ cmd_length = 2; -+ break; -+ -+ case DST__K_INCR_LINUM_W: -+ cmd_length = 3; -+ break; -+ -+ case DST__K_INCR_LINUM_L: -+ cmd_length = 5; -+ break; -+ -+ case DST__K_SET_LINUM_INCR: -+ cmd_length = 2; -+ break; -+ -+ case DST__K_SET_LINUM_INCR_W: -+ cmd_length = 3; -+ break; -+ -+ case DST__K_RESET_LINUM_INCR: -+ cmd_length = 1; -+ break; -+ -+ case DST__K_BEG_STMT_MODE: -+ cmd_length = 1; -+ break; -+ -+ case DST__K_END_STMT_MODE: -+ cmd_length = 1; -+ break; -+ -+ case DST__K_SET_LINUM_B: -+ cmd_length = 2; -+ break; -+ -+ case DST__K_SET_LINUM: -+ cmd_length = 3; -+ break; -+ -+ case DST__K_SET_LINUM_L: -+ cmd_length = 5; -+ break; -+ -+ case DST__K_SET_PC: -+ cmd_length = 2; -+ break; -+ -+ case DST__K_SET_PC_W: -+ cmd_length = 3; -+ break; -+ -+ case DST__K_SET_PC_L: -+ cmd_length = 5; -+ break; -+ -+ case DST__K_SET_STMTNUM: -+ cmd_length = 2; -+ break; -+ -+ case DST__K_TERM: -+ cmd_length = 2; -+ break; -+ -+ case DST__K_TERM_W: -+ cmd_length = 3; -+ break; -+ -+ case DST__K_TERM_L: -+ cmd_length = 5; -+ break; -+ -+ case DST__K_SET_ABS_PC: -+ cmd_length = 5; -+ break; -+ -+ default: -+ if (cmd <= 0) -+ cmd_length = 1; -+ else -+ cmd_length = 2; -+ break; -+ } -+ -+ if (pcl_ptr - ptr + cmd_length > rec_length) -+ break; -+ - switch (cmd) - { - case DST__K_DELTA_PC_W: - data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD); - curr_pc += data; - curr_linenum += 1; -- cmd_length = 3; - vms_debug2 ((4, "DST__K_DELTA_PC_W: %d\n", data)); - break; - -@@ -4588,131 +4734,111 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, - data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG); - curr_pc += data; - curr_linenum += 1; -- cmd_length = 5; - vms_debug2 ((4, "DST__K_DELTA_PC_L: %d\n", data)); - break; - - case DST__K_INCR_LINUM: - data = pcl_ptr[DST_S_B_PCLINE_UNSBYTE]; - curr_linenum += data; -- cmd_length = 2; - vms_debug2 ((4, "DST__K_INCR_LINUM: %d\n", data)); - break; - - case DST__K_INCR_LINUM_W: - data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD); - curr_linenum += data; -- cmd_length = 3; - vms_debug2 ((4, "DST__K_INCR_LINUM_W: %d\n", data)); - break; - - case DST__K_INCR_LINUM_L: - data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG); - curr_linenum += data; -- cmd_length = 5; - vms_debug2 ((4, "DST__K_INCR_LINUM_L: %d\n", data)); - break; - - case DST__K_SET_LINUM_INCR: - _bfd_error_handler - (_("%s not implemented"), "DST__K_SET_LINUM_INCR"); -- cmd_length = 2; - break; - - case DST__K_SET_LINUM_INCR_W: - _bfd_error_handler - (_("%s not implemented"), "DST__K_SET_LINUM_INCR_W"); -- cmd_length = 3; - break; - - case DST__K_RESET_LINUM_INCR: - _bfd_error_handler - (_("%s not implemented"), "DST__K_RESET_LINUM_INCR"); -- cmd_length = 1; - break; - - case DST__K_BEG_STMT_MODE: - _bfd_error_handler - (_("%s not implemented"), "DST__K_BEG_STMT_MODE"); -- cmd_length = 1; - break; - - case DST__K_END_STMT_MODE: - _bfd_error_handler - (_("%s not implemented"), "DST__K_END_STMT_MODE"); -- cmd_length = 1; - break; - - case DST__K_SET_LINUM_B: - data = pcl_ptr[DST_S_B_PCLINE_UNSBYTE]; - curr_linenum = data; -- cmd_length = 2; - vms_debug2 ((4, "DST__K_SET_LINUM_B: %d\n", data)); - break; - - case DST__K_SET_LINUM: - data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD); - curr_linenum = data; -- cmd_length = 3; - vms_debug2 ((4, "DST__K_SET_LINE_NUM: %d\n", data)); - break; - - case DST__K_SET_LINUM_L: - data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG); - curr_linenum = data; -- cmd_length = 5; - vms_debug2 ((4, "DST__K_SET_LINUM_L: %d\n", data)); - break; - - case DST__K_SET_PC: - _bfd_error_handler - (_("%s not implemented"), "DST__K_SET_PC"); -- cmd_length = 2; - break; - - case DST__K_SET_PC_W: - _bfd_error_handler - (_("%s not implemented"), "DST__K_SET_PC_W"); -- cmd_length = 3; - break; - - case DST__K_SET_PC_L: - _bfd_error_handler - (_("%s not implemented"), "DST__K_SET_PC_L"); -- cmd_length = 5; - break; - - case DST__K_SET_STMTNUM: - _bfd_error_handler - (_("%s not implemented"), "DST__K_SET_STMTNUM"); -- cmd_length = 2; - break; - - case DST__K_TERM: - data = pcl_ptr[DST_S_B_PCLINE_UNSBYTE]; - curr_pc += data; -- cmd_length = 2; - vms_debug2 ((4, "DST__K_TERM: %d\n", data)); - break; - - case DST__K_TERM_W: - data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD); - curr_pc += data; -- cmd_length = 3; - vms_debug2 ((4, "DST__K_TERM_W: %d\n", data)); - break; - - case DST__K_TERM_L: - data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG); - curr_pc += data; -- cmd_length = 5; - vms_debug2 ((4, "DST__K_TERM_L: %d\n", data)); - break; - - case DST__K_SET_ABS_PC: - data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG); - curr_pc = data; -- cmd_length = 5; - vms_debug2 ((4, "DST__K_SET_ABS_PC: 0x%x\n", data)); - break; - -@@ -4721,15 +4847,11 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, - { - curr_pc -= cmd; - curr_linenum += 1; -- cmd_length = 1; - vms_debug2 ((4, "bump pc to 0x%lx and line to %d\n", - (unsigned long)curr_pc, curr_linenum)); - } - else -- { -- _bfd_error_handler (_("unknown line command %d"), cmd); -- cmd_length = 2; -- } -+ _bfd_error_handler (_("unknown line command %d"), cmd); - break; - } - -@@ -4859,7 +4981,8 @@ build_module_list (bfd *abfd) - return NULL; - - module = new_module (abfd); -- if (!parse_module (abfd, module, PRIV (dst_section)->contents, -1)) -+ if (!parse_module (abfd, module, PRIV (dst_section)->contents, -+ PRIV (dst_section)->size)) - return NULL; - list = module; - } --- -2.25.1 - diff --git a/SPECS/binutils/binutils-CVE-2022-47695.patch b/SPECS/binutils/binutils-CVE-2022-47695.patch deleted file mode 100644 index 2b8ef058f9..0000000000 --- a/SPECS/binutils/binutils-CVE-2022-47695.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 3d3af4ba39e892b1c544d667ca241846bc3df386 Mon Sep 17 00:00:00 2001 -From: Alan Modra -Date: Sun, 4 Dec 2022 22:15:40 +1030 -Subject: [PATCH] PR29846, segmentation fault in objdump.c compare_symbols - -Fixes a fuzzed object file problem where plt relocs were manipulated -in such a way that two synthetic symbols were generated at the same -plt location. Won't occur in real object files. - - PR 29846 - PR 20337 - * objdump.c (compare_symbols): Test symbol flags to exclude - section and synthetic symbols before attempting to check flavour. ---- - binutils/objdump.c | 23 ++++++++++------------- - 1 file changed, 10 insertions(+), 13 deletions(-) - -diff --git a/binutils/objdump.c b/binutils/objdump.c -index e8481b2d928..d95c8b68bf0 100644 ---- a/binutils/objdump.c -+++ b/binutils/objdump.c -@@ -1222,20 +1222,17 @@ compare_symbols (const void *ap, const void *bp) - return 1; - } - -- if (bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour -+ /* Sort larger size ELF symbols before smaller. See PR20337. */ -+ bfd_vma asz = 0; -+ if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0 -+ && bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour) -+ asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size; -+ bfd_vma bsz = 0; -+ if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0 - && bfd_get_flavour (bfd_asymbol_bfd (b)) == bfd_target_elf_flavour) -- { -- bfd_vma asz, bsz; -- -- asz = 0; -- if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) -- asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size; -- bsz = 0; -- if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) -- bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size; -- if (asz != bsz) -- return asz > bsz ? -1 : 1; -- } -+ bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size; -+ if (asz != bsz) -+ return asz > bsz ? -1 : 1; - - /* Symbols that start with '.' might be section names, so sort them - after symbols that don't start with '.'. */ --- -2.25.1 - diff --git a/SPECS/binutils/binutils-CVE-2022-47696.patch b/SPECS/binutils/binutils-CVE-2022-47696.patch deleted file mode 100644 index 246db1bc69..0000000000 --- a/SPECS/binutils/binutils-CVE-2022-47696.patch +++ /dev/null @@ -1,142 +0,0 @@ -From d12f8998d2d086f0a6606589e5aedb7147e6f2f1 Mon Sep 17 00:00:00 2001 -From: Alan Modra -Date: Fri, 14 Oct 2022 10:30:21 +1030 -Subject: [PATCH] PR29677, Field `the_bfd` of `asymbol` is uninitialised - -Besides not initialising the_bfd of synthetic symbols, counting -symbols when sizing didn't match symbols created if there were any -dynsyms named "". We don't want synthetic symbols without names -anyway, so get rid of them. Also, simplify and correct sanity checks. - - PR 29677 - * mach-o.c (bfd_mach_o_get_synthetic_symtab): Rewrite. ---- - bfd/mach-o.c | 72 ++++++++++++++++++++++------------------------------ - 1 file changed, 31 insertions(+), 41 deletions(-) - -diff --git a/bfd/mach-o.c b/bfd/mach-o.c -index acb35e7f0c6..5279343768c 100644 ---- a/bfd/mach-o.c -+++ b/bfd/mach-o.c -@@ -938,11 +938,9 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd, - bfd_mach_o_symtab_command *symtab = mdata->symtab; - asymbol *s; - char * s_start; -- char * s_end; - unsigned long count, i, j, n; - size_t size; - char *names; -- char *nul_name; - const char stub [] = "$stub"; - - *ret = NULL; -@@ -955,27 +953,27 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd, - /* We need to allocate a bfd symbol for every indirect symbol and to - allocate the memory for its name. */ - count = dysymtab->nindirectsyms; -- size = count * sizeof (asymbol) + 1; -- -+ size = 0; - for (j = 0; j < count; j++) - { -- const char * strng; - unsigned int isym = dysymtab->indirect_syms[j]; -+ const char *str; - - /* Some indirect symbols are anonymous. */ -- if (isym < symtab->nsyms && (strng = symtab->symbols[isym].symbol.name)) -- /* PR 17512: file: f5b8eeba. */ -- size += strnlen (strng, symtab->strsize - (strng - symtab->strtab)) + sizeof (stub); -+ if (isym < symtab->nsyms -+ && (str = symtab->symbols[isym].symbol.name) != NULL) -+ { -+ /* PR 17512: file: f5b8eeba. */ -+ size += strnlen (str, symtab->strsize - (str - symtab->strtab)); -+ size += sizeof (stub); -+ } - } - -- s_start = bfd_malloc (size); -+ s_start = bfd_malloc (size + count * sizeof (asymbol)); - s = *ret = (asymbol *) s_start; - if (s == NULL) - return -1; - names = (char *) (s + count); -- nul_name = names; -- *names++ = 0; -- s_end = s_start + size; - - n = 0; - for (i = 0; i < mdata->nsects; i++) -@@ -997,47 +995,39 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd, - entry_size = bfd_mach_o_section_get_entry_size (abfd, sec); - - /* PR 17512: file: 08e15eec. */ -- if (first >= count || last >= count || first > last) -+ if (first >= count || last > count || first > last) - goto fail; - - for (j = first; j < last; j++) - { - unsigned int isym = dysymtab->indirect_syms[j]; -- -- /* PR 17512: file: 04d64d9b. */ -- if (((char *) s) + sizeof (* s) > s_end) -- goto fail; -- -- s->flags = BSF_GLOBAL | BSF_SYNTHETIC; -- s->section = sec->bfdsection; -- s->value = addr - sec->addr; -- s->udata.p = NULL; -+ const char *str; -+ size_t len; - - if (isym < symtab->nsyms -- && symtab->symbols[isym].symbol.name) -+ && (str = symtab->symbols[isym].symbol.name) != NULL) - { -- const char *sym = symtab->symbols[isym].symbol.name; -- size_t len; -- -- s->name = names; -- len = strlen (sym); -- /* PR 17512: file: 47dfd4d2. */ -- if (names + len >= s_end) -+ /* PR 17512: file: 04d64d9b. */ -+ if (n >= count) - goto fail; -- memcpy (names, sym, len); -- names += len; -- /* PR 17512: file: 18f340a4. */ -- if (names + sizeof (stub) >= s_end) -+ len = strnlen (str, symtab->strsize - (str - symtab->strtab)); -+ /* PR 17512: file: 47dfd4d2, 18f340a4. */ -+ if (size < len + sizeof (stub)) - goto fail; -- memcpy (names, stub, sizeof (stub)); -- names += sizeof (stub); -+ memcpy (names, str, len); -+ memcpy (names + len, stub, sizeof (stub)); -+ s->name = names; -+ names += len + sizeof (stub); -+ size -= len + sizeof (stub); -+ s->the_bfd = symtab->symbols[isym].symbol.the_bfd; -+ s->flags = BSF_GLOBAL | BSF_SYNTHETIC; -+ s->section = sec->bfdsection; -+ s->value = addr - sec->addr; -+ s->udata.p = NULL; -+ s++; -+ n++; - } -- else -- s->name = nul_name; -- - addr += entry_size; -- s++; -- n++; - } - break; - default: --- -2.25.1 - diff --git a/SPECS/binutils/binutils-CVE-2022-48063.patch b/SPECS/binutils/binutils-CVE-2022-48063.patch deleted file mode 100644 index 65afa4a327..0000000000 --- a/SPECS/binutils/binutils-CVE-2022-48063.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 75393a2d54bcc40053e5262a3de9d70c5ebfbbfd Mon Sep 17 00:00:00 2001 -From: Nick Clifton -Date: Wed, 21 Dec 2022 11:51:23 +0000 -Subject: [PATCH 2/2] Fix an attempt to allocate an unreasonably large amount - of memory when parsing a corrupt ELF file. - - PR 29924 - * objdump.c (load_specific_debug_section): Check for excessively - large sections. ---- - binutils/ChangeLog | 6 ++++++ - binutils/objdump.c | 4 +++- - 2 files changed, 9 insertions(+), 1 deletion(-) - -diff --git a/binutils/ChangeLog b/binutils/ChangeLog -index aaa9ef72..bb10b609 100644 ---- a/binutils/ChangeLog -+++ b/binutils/ChangeLog -@@ -1,3 +1,9 @@ -+2022-12-21 Nick Clifton -+ -+ PR 29924 -+ * objdump.c (load_specific_debug_section): Check for excessively -+ large sections. -+ - 2022-08-05 Nick Clifton - - 2.39 Release. -diff --git a/binutils/objdump.c b/binutils/objdump.c -index b7c71e18..23054657 100644 ---- a/binutils/objdump.c -+++ b/binutils/objdump.c -@@ -3950,7 +3950,9 @@ load_specific_debug_section (enum dwarf_section_display_enum debug, - section->size = bfd_section_size (sec); - /* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */ - alloced = amt = section->size + 1; -- if (alloced != amt || alloced == 0) -+ if (alloced != amt -+ || alloced == 0 -+ || (bfd_get_size (abfd) != 0 && alloced >= bfd_get_size (abfd))) - { - section->start = NULL; - free_debug_section (debug); --- -2.25.1 - diff --git a/SPECS/binutils/binutils-CVE-2022-48064.patch b/SPECS/binutils/binutils-CVE-2022-48064.patch deleted file mode 100644 index cb1b100e8d..0000000000 --- a/SPECS/binutils/binutils-CVE-2022-48064.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 8f2c64de86bc3d7556121fe296dd679000283931 Mon Sep 17 00:00:00 2001 -From: Alan Modra -Date: Tue, 20 Dec 2022 23:47:03 +1030 -Subject: [PATCH] PR29922, SHT_NOBITS section avoids section size sanity check - - PR 29922 - * dwarf2.c (find_debug_info): Ignore sections without - SEC_HAS_CONTENTS. ---- - bfd/dwarf2.c | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c -index 95f45708e9d..0cd8152ee6e 100644 ---- a/bfd/dwarf2.c -+++ b/bfd/dwarf2.c -@@ -4831,16 +4831,19 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections, - { - look = debug_sections[debug_info].uncompressed_name; - msec = bfd_get_section_by_name (abfd, look); -- if (msec != NULL) -+ /* Testing SEC_HAS_CONTENTS is an anti-fuzzer measure. Of -+ course debug sections always have contents. */ -+ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0) - return msec; - - look = debug_sections[debug_info].compressed_name; - msec = bfd_get_section_by_name (abfd, look); -- if (msec != NULL) -+ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0) - return msec; - - for (msec = abfd->sections; msec != NULL; msec = msec->next) -- if (startswith (msec->name, GNU_LINKONCE_INFO)) -+ if ((msec->flags & SEC_HAS_CONTENTS) != 0 -+ && startswith (msec->name, GNU_LINKONCE_INFO)) - return msec; - - return NULL; -@@ -4848,6 +4851,9 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections, - - for (msec = after_sec->next; msec != NULL; msec = msec->next) - { -+ if ((msec->flags & SEC_HAS_CONTENTS) == 0) -+ continue; -+ - look = debug_sections[debug_info].uncompressed_name; - if (strcmp (msec->name, look) == 0) - return msec; --- -2.25.1 - diff --git a/SPECS/binutils/binutils-CVE-2022-48065.patch b/SPECS/binutils/binutils-CVE-2022-48065.patch deleted file mode 100644 index 202c34c47d..0000000000 --- a/SPECS/binutils/binutils-CVE-2022-48065.patch +++ /dev/null @@ -1,118 +0,0 @@ -From d28fbc7197ba0e021a43f873eff90b05dcdcff6a Mon Sep 17 00:00:00 2001 -From: Alan Modra -Date: Wed, 21 Dec 2022 21:40:12 +1030 -Subject: [PATCH 1/2] PR29925, Memory leak in find_abstract_instance - -The testcase in the PR had a variable with both DW_AT_decl_file and -DW_AT_specification, where the DW_AT_specification also specified -DW_AT_decl_file. This leads to a memory leak as the file name is -malloced and duplicates are not expected. - -I've also changed find_abstract_instance to not use a temp for "name", -because that can result in a change in behaviour from the usual last -of duplicate attributes wins. - - PR 29925 - * dwarf2.c (find_abstract_instance): Delete "name" variable. - Free *filename_ptr before assigning new file name. - (scan_unit_for_symbols): Similarly free func->file and - var->file before assigning. ---- - bfd/dwarf2.c | 31 +++++++++++++++++++------------ - 1 file changed, 19 insertions(+), 12 deletions(-) - -diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c -index 20e4800b..cc690786 100644 ---- a/bfd/dwarf2.c -+++ b/bfd/dwarf2.c -@@ -3371,7 +3371,6 @@ find_abstract_instance (struct comp_unit *unit, - struct abbrev_info *abbrev; - uint64_t die_ref = attr_ptr->u.val; - struct attribute attr; -- const char *name = NULL; - - if (recur_count == 100) - { -@@ -3536,9 +3535,9 @@ find_abstract_instance (struct comp_unit *unit, - case DW_AT_name: - /* Prefer DW_AT_MIPS_linkage_name or DW_AT_linkage_name - over DW_AT_name. */ -- if (name == NULL && is_str_form (&attr)) -+ if (*pname == NULL && is_str_form (&attr)) - { -- name = attr.u.str; -+ *pname = attr.u.str; - if (non_mangled (unit->lang)) - *is_linkage = true; - } -@@ -3546,7 +3545,7 @@ find_abstract_instance (struct comp_unit *unit, - case DW_AT_specification: - if (is_int_form (&attr) - && !find_abstract_instance (unit, &attr, recur_count + 1, -- &name, is_linkage, -+ pname, is_linkage, - filename_ptr, linenumber_ptr)) - return false; - break; -@@ -3556,7 +3555,7 @@ find_abstract_instance (struct comp_unit *unit, - non-string forms into these attributes. */ - if (is_str_form (&attr)) - { -- name = attr.u.str; -+ *pname = attr.u.str; - *is_linkage = true; - } - break; -@@ -3564,8 +3563,11 @@ find_abstract_instance (struct comp_unit *unit, - if (!comp_unit_maybe_decode_line_info (unit)) - return false; - if (is_int_form (&attr)) -- *filename_ptr = concat_filename (unit->line_table, -- attr.u.val); -+ { -+ free (*filename_ptr); -+ *filename_ptr = concat_filename (unit->line_table, -+ attr.u.val); -+ } - break; - case DW_AT_decl_line: - if (is_int_form (&attr)) -@@ -3577,7 +3579,6 @@ find_abstract_instance (struct comp_unit *unit, - } - } - } -- *pname = name; - return true; - } - -@@ -4073,8 +4074,11 @@ scan_unit_for_symbols (struct comp_unit *unit) - - case DW_AT_decl_file: - if (is_int_form (&attr)) -- func->file = concat_filename (unit->line_table, -- attr.u.val); -+ { -+ free (func->file); -+ func->file = concat_filename (unit->line_table, -+ attr.u.val); -+ } - break; - - case DW_AT_decl_line: -@@ -4124,8 +4128,11 @@ scan_unit_for_symbols (struct comp_unit *unit) - - case DW_AT_decl_file: - if (is_int_form (&attr)) -- var->file = concat_filename (unit->line_table, -- attr.u.val); -+ { -+ free (var->file); -+ var->file = concat_filename (unit->line_table, -+ attr.u.val); -+ } - break; - - case DW_AT_decl_line: --- -2.25.1 - diff --git a/SPECS/binutils/binutils-CVE-2023-1579.patch b/SPECS/binutils/binutils-CVE-2023-1579.patch deleted file mode 100644 index 59862bc901..0000000000 --- a/SPECS/binutils/binutils-CVE-2023-1579.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 59083b7a1e8798e5ebadf4812d04bab2db02c1e9 Mon Sep 17 00:00:00 2001 -From: Guruswamy Basavaiah -Date: Sat, 26 Aug 2023 01:24:59 +0530 -Subject: [PATCH] Fix a potential illegal memory access in the BFD library when - parsing a corrupt DWARF file. - -PR 29988 -* dwarf2.c (read_indexed_address): Fix check for an out of range -offset. ---- - bfd/ChangeLog | 6 ++++++ - bfd/dwarf2.c | 2 +- - 2 files changed, 7 insertions(+), 1 deletion(-) - -diff --git a/bfd/ChangeLog b/bfd/ChangeLog -index e59ede55..7739b02c 100644 ---- a/bfd/ChangeLog -+++ b/bfd/ChangeLog -@@ -1,3 +1,9 @@ -+2023-01-11 Nick Clifton -+ -+ PR 29988 -+ * dwarf2.c (read_indexed_address): Fix check for an out of range -+ offset. -+ - 2022-10-19 Nick Clifton - - PR 29699 -diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c -index 25a80333..af945918 100644 ---- a/bfd/dwarf2.c -+++ b/bfd/dwarf2.c -@@ -1375,7 +1375,7 @@ read_indexed_address (uint64_t idx, struct comp_unit *unit) - offset += unit->dwarf_addr_offset; - if (offset < unit->dwarf_addr_offset - || offset > file->dwarf_addr_size -- || file->dwarf_addr_size - offset < unit->offset_size) -+ || file->dwarf_addr_size - offset < unit->addr_size) - return 0; - - info_ptr = file->dwarf_addr_buffer + offset; --- -2.25.1 - diff --git a/SPECS/binutils/binutils-CVE-2023-1972.patch b/SPECS/binutils/binutils-CVE-2023-1972.patch deleted file mode 100644 index 55d857204c..0000000000 --- a/SPECS/binutils/binutils-CVE-2023-1972.patch +++ /dev/null @@ -1,53 +0,0 @@ -From c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57 Mon Sep 17 00:00:00 2001 -From: Nick Clifton -Date: Thu, 30 Mar 2023 10:10:09 +0100 -Subject: [PATCH] Fix an illegal memory access when an accessing a - zer0-lengthverdef table. - - PR 30285 - * elf.c (_bfd_elf_slurp_version_tables): Fail if no version definitions are allocated. ---- - bfd/ChangeLog | 6 ++++++ - bfd/elf.c | 5 +++++ - 2 files changed, 11 insertions(+) - -diff --git a/bfd/ChangeLog b/bfd/ChangeLog -index cbe2a01148d..1bd87531bf1 100644 ---- a/bfd/ChangeLog -+++ b/bfd/ChangeLog -@@ -1,3 +1,9 @@ -+2023-03-30 Nick Clifton -+ -+ PR 30285 -+ * elf.c (_bfd_elf_slurp_version_tables): Fail if no version -+ definitions are allocated. -+ - 2022-08-05 Nick Clifton - - 2.39 Release. -diff --git a/bfd/elf.c b/bfd/elf.c -index 89484ceb233..e3c2e20599f 100644 ---- a/bfd/elf.c -+++ b/bfd/elf.c -@@ -9033,6 +9033,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) - bfd_set_error (bfd_error_file_too_big); - goto error_return_verdef; - } -+ -+ if (amt == 0) -+ goto error_return_verdef; - elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt); - if (elf_tdata (abfd)->verdef == NULL) - goto error_return_verdef; -@@ -9136,6 +9139,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) - bfd_set_error (bfd_error_file_too_big); - goto error_return; - } -+ if (amt == 0) -+ goto error_return; - elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt); - if (elf_tdata (abfd)->verdef == NULL) - goto error_return; --- -2.25.1 - diff --git a/SPECS/binutils/binutils-CVE-2023-25585.patch b/SPECS/binutils/binutils-CVE-2023-25585.patch deleted file mode 100644 index 8ab24bbbcf..0000000000 --- a/SPECS/binutils/binutils-CVE-2023-25585.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 65cf035b8dc1df5d8020e0b1449514a3c42933e7 Mon Sep 17 00:00:00 2001 -From: Alan Modra -Date: Mon, 12 Dec 2022 19:01:08 +1030 -Subject: [PATCH] PR29892, Field file_table of struct module is uninitialized - - PR 29892 - * vms-alphs.c (new_module): Use bfd_zmalloc to alloc file_table. - (parse_module): Rewrite file_table reallocation code and clear. ---- - bfd/vms-alpha.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c -index 3b63259cc81..6ee7060b0b2 100644 ---- a/bfd/vms-alpha.c -+++ b/bfd/vms-alpha.c -@@ -4337,7 +4337,7 @@ new_module (bfd *abfd) - = (struct module *) bfd_zalloc (abfd, sizeof (struct module)); - module->file_table_count = 16; /* Arbitrary. */ - module->file_table -- = bfd_malloc (module->file_table_count * sizeof (struct fileinfo)); -+ = bfd_zmalloc (module->file_table_count * sizeof (struct fileinfo)); - return module; - } - -@@ -4520,15 +4520,18 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, - src_ptr + DST_S_B_SRC_DF_FILENAME, - ptr + rec_length - (src_ptr + DST_S_B_SRC_DF_FILENAME)); - -- while (fileid >= module->file_table_count) -+ if (fileid >= module->file_table_count) - { -- module->file_table_count *= 2; -+ unsigned int old_count = module->file_table_count; -+ module->file_table_count += fileid; - module->file_table - = bfd_realloc_or_free (module->file_table, - module->file_table_count - * sizeof (struct fileinfo)); - if (module->file_table == NULL) - return false; -+ memset (module->file_table + old_count, 0, -+ fileid * sizeof (struct fileinfo)); - } - - module->file_table [fileid].name = filename; --- -2.25.1 - diff --git a/SPECS/binutils/binutils-CVE-38128-dwarf-abbrev-parsing.patch b/SPECS/binutils/binutils-CVE-38128-dwarf-abbrev-parsing.patch deleted file mode 100644 index a175bb7f7b..0000000000 --- a/SPECS/binutils/binutils-CVE-38128-dwarf-abbrev-parsing.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- binutils.orig/binutils/dwarf.c 2022-08-31 11:58:08.918685348 +0100 -+++ binutils-2.39/binutils/dwarf.c 2022-08-31 15:24:13.881865797 +0100 -@@ -6365,7 +6365,11 @@ display_debug_abbrev (struct dwarf_secti - list->start_of_next_abbrevs = start; - } - else -- start = list->start_of_next_abbrevs; -+ { -+ if (start == list->start_of_next_abbrevs) -+ break; -+ start = list->start_of_next_abbrevs; -+ } - - if (list->first_abbrev == NULL) - continue; diff --git a/SPECS/binutils/binutils-autoconf-version.patch b/SPECS/binutils/binutils-autoconf-version.patch deleted file mode 100644 index f94fdad8b6..0000000000 --- a/SPECS/binutils/binutils-autoconf-version.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- binutils.orig/config/override.m4 2021-08-31 14:20:17.275574804 +0100 -+++ binutils-2.37/config/override.m4 2021-08-31 14:36:37.793954247 +0100 -@@ -41,7 +41,7 @@ dnl Or for updating the whole tree at on - AC_DEFUN([_GCC_AUTOCONF_VERSION_CHECK], - [m4_if(m4_defn([_GCC_AUTOCONF_VERSION]), - m4_defn([m4_PACKAGE_VERSION]), [], -- [m4_fatal([Please use exactly Autoconf ]_GCC_AUTOCONF_VERSION[ instead of ]m4_defn([m4_PACKAGE_VERSION])[.])]) -+ []) - ]) - m4_define([AC_INIT], m4_defn([AC_INIT])[ - _GCC_AUTOCONF_VERSION_CHECK diff --git a/SPECS/binutils/binutils-do-not-link-with-static-libstdc++.patch b/SPECS/binutils/binutils-do-not-link-with-static-libstdc++.patch deleted file mode 100644 index 49d46c2e6f..0000000000 --- a/SPECS/binutils/binutils-do-not-link-with-static-libstdc++.patch +++ /dev/null @@ -1,83 +0,0 @@ -diff -rup binutils.orig/configure binutils-2.30/configure ---- binutils.orig/configure 2018-09-24 17:50:06.967172922 +0100 -+++ binutils-2.30/configure 2018-09-24 17:51:16.648624865 +0100 -@@ -4996,49 +4996,6 @@ if test -z "$LD"; then - fi - fi - --# Check whether -static-libstdc++ -static-libgcc is supported. --have_static_libs=no --if test "$GCC" = yes; then -- saved_LDFLAGS="$LDFLAGS" -- -- LDFLAGS="$LDFLAGS -static-libstdc++ -static-libgcc" -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether g++ accepts -static-libstdc++ -static-libgcc" >&5 --$as_echo_n "checking whether g++ accepts -static-libstdc++ -static-libgcc... " >&6; } -- ac_ext=cpp --ac_cpp='$CXXCPP $CPPFLAGS' --ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' --ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' --ac_compiler_gnu=$ac_cv_cxx_compiler_gnu -- -- --cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ -- --#if (__GNUC__ < 4) || (__GNUC__ == 4 && __GNUC_MINOR__ < 5) --#error -static-libstdc++ not implemented --#endif --int main() {} --_ACEOF --if ac_fn_cxx_try_link "$LINENO"; then : -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 --$as_echo "yes" >&6; }; have_static_libs=yes --else -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } --fi --rm -f core conftest.err conftest.$ac_objext \ -- conftest$ac_exeext conftest.$ac_ext -- ac_ext=c --ac_cpp='$CPP $CPPFLAGS' --ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' --ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' --ac_compiler_gnu=$ac_cv_c_compiler_gnu -- -- -- LDFLAGS="$saved_LDFLAGS" --fi -- -- - - - if test -n "$ac_tool_prefix"; then -diff -rup binutils.orig/configure.ac binutils-2.30/configure.ac ---- binutils.orig/configure.ac 2018-09-24 17:50:07.241170767 +0100 -+++ binutils-2.30/configure.ac 2018-09-24 17:50:29.908992486 +0100 -@@ -1288,26 +1288,6 @@ if test -z "$LD"; then - fi - fi - --# Check whether -static-libstdc++ -static-libgcc is supported. --have_static_libs=no --if test "$GCC" = yes; then -- saved_LDFLAGS="$LDFLAGS" -- -- LDFLAGS="$LDFLAGS -static-libstdc++ -static-libgcc" -- AC_MSG_CHECKING([whether g++ accepts -static-libstdc++ -static-libgcc]) -- AC_LANG_PUSH(C++) -- AC_LINK_IFELSE([AC_LANG_SOURCE([ --#if (__GNUC__ < 4) || (__GNUC__ == 4 && __GNUC_MINOR__ < 5) --#error -static-libstdc++ not implemented --#endif --int main() {}])], -- [AC_MSG_RESULT([yes]); have_static_libs=yes], -- [AC_MSG_RESULT([no])]) -- AC_LANG_POP(C++) -- -- LDFLAGS="$saved_LDFLAGS" --fi -- - ACX_PROG_GNAT - ACX_PROG_CMP_IGNORE_INITIAL - diff --git a/SPECS/binutils/binutils-fix-testsuite-failures.patch b/SPECS/binutils/binutils-fix-testsuite-failures.patch deleted file mode 100644 index c2b19a5ecc..0000000000 --- a/SPECS/binutils/binutils-fix-testsuite-failures.patch +++ /dev/null @@ -1,330 +0,0 @@ -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-10.d binutils-2.32/ld/testsuite/ld-plugin/plugin-10.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-10.d 2019-02-15 13:33:21.979627285 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-10.d 2019-02-15 13:40:26.911199033 +0000 -@@ -34,5 +34,6 @@ hook called: claim_file tmpdir/libtext.a - hook called: all symbols read. - Sym: '_?func' Resolution: LDPR_PREVAILING_DEF - Sym: '_?func2' Resolution: LDPR_PREVAILING_DEF_IRONLY -+#... - hook called: cleanup. - #... -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-13.d binutils-2.32/ld/testsuite/ld-plugin/plugin-13.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-13.d 2019-02-15 13:33:21.980627277 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-13.d 2019-02-15 13:41:30.189692800 +0000 -@@ -23,5 +23,3 @@ hook called: claim_file tmpdir/main.o \[ - hook called: claim_file .*/ld/testsuite/ld-plugin/func.c \[@0/.* CLAIMED - hook called: claim_file tmpdir/text.o \[@0/.* not claimed - #... --.*main.c.*: undefined reference to `\.?func' --#... -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-14.d binutils-2.32/ld/testsuite/ld-plugin/plugin-14.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-14.d 2019-02-15 13:33:21.977627301 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-14.d 2019-02-15 13:42:03.598430960 +0000 -@@ -27,7 +27,6 @@ hook called: claim_file .*/ld/testsuite/ - hook called: claim_file tmpdir/text.o \[@0/.* not claimed - #... - hook called: all symbols read. --.*: tmpdir/main.o: in function `main': --.*main.c.*: undefined reference to `\.?func' -+#... - hook called: cleanup. - #... -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-15.d binutils-2.32/ld/testsuite/ld-plugin/plugin-15.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-15.d 2019-02-15 13:33:21.980627277 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-15.d 2019-02-15 13:42:28.014239600 +0000 -@@ -28,7 +28,6 @@ hook called: claim_file .*/ld/testsuite/ - hook called: claim_file tmpdir/text.o \[@0/.* not claimed - #... - hook called: all symbols read. --.*: tmpdir/main.o: in function `main': --.*main.c.*: undefined reference to `\.?func' -+#... - hook called: cleanup. - #... -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-16.d binutils-2.32/ld/testsuite/ld-plugin/plugin-16.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-16.d 2019-02-15 13:33:21.977627301 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-16.d 2019-02-15 13:43:21.309821910 +0000 -@@ -30,9 +30,8 @@ hook called: claim_file .*/ld/testsuite/ - hook called: claim_file tmpdir/text.o \[@0/.* not claimed - #... - hook called: all symbols read. --Sym: '_?func' Resolution: LDPR_PREVAILING_DEF -+Sym: '_?func' Resolution: LDPR_PREVAILING_DEF_IRONLY - Sym: '_?func2' Resolution: LDPR_PREVAILING_DEF_IRONLY --.*: tmpdir/main.o: in function `main': --.*main.c.*: undefined reference to `\.?func' -+#... - hook called: cleanup. - #... -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-17.d binutils-2.32/ld/testsuite/ld-plugin/plugin-17.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-17.d 2019-02-15 13:33:21.977627301 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-17.d 2019-02-15 13:43:54.925558451 +0000 -@@ -31,7 +31,8 @@ hook called: claim_file .*/ld/testsuite/ - hook called: claim_file tmpdir/text.o \[@0/.* not claimed - #... - hook called: all symbols read. --Sym: '_?func' Resolution: LDPR_PREVAILING_DEF -+Sym: '_?func' Resolution: LDPR_PREVAILING_DEF_IRONLY - Sym: '_?func2' Resolution: LDPR_PREVAILING_DEF_IRONLY -+#... - hook called: cleanup. - #... -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-20.d binutils-2.32/ld/testsuite/ld-plugin/plugin-20.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-20.d 2019-02-15 13:33:21.980627277 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-20.d 2019-02-15 13:49:20.091010016 +0000 -@@ -2,6 +2,5 @@ hook called: all symbols read. - Input: func.c \(tmpdir/libfunc.a\) - Sym: '_?func' Resolution: LDPR_PREVAILING_DEF.* - Sym: '_?func' Resolution: LDPR_PREVAILING_DEF.* --.*: tmpdir/main.o: in function `main': --.*main.c.*: undefined reference to `\.?func' -+#... - hook called: cleanup. -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-21.d binutils-2.32/ld/testsuite/ld-plugin/plugin-21.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-21.d 2019-02-15 13:33:21.978627293 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-21.d 2019-02-15 13:49:34.506897033 +0000 -@@ -2,6 +2,5 @@ hook called: all symbols read. - Input: .*/ld/testsuite/ld-plugin/func.c \(.*/ld/testsuite/ld-plugin/func.c\) - Sym: '_?func' Resolution: LDPR_PREVAILING_DEF.* - Sym: '_?func' Resolution: LDPR_PREVAILING_DEF.* --.*: tmpdir/main.o: in function `main': --.*main.c.*: undefined reference to `\.?func' -+#... - hook called: cleanup. -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-22.d binutils-2.32/ld/testsuite/ld-plugin/plugin-22.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-22.d 2019-02-15 13:33:21.980627277 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-22.d 2019-02-15 13:50:00.409694022 +0000 -@@ -2,6 +2,5 @@ Claimed: tmpdir/libfunc.a \[@.* - hook called: all symbols read. - Sym: '_?func' Resolution: LDPR_PREVAILING_DEF.* - Sym: '_?func' Resolution: LDPR_PREVAILING_DEF.* --.*: tmpdir/main.o: in function `main': --.*main.c.*: undefined reference to `\.?func' -+#... - hook called: cleanup. -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-23.d binutils-2.32/ld/testsuite/ld-plugin/plugin-23.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-23.d 2019-02-15 13:33:21.979627285 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-23.d 2019-02-15 13:50:14.938580156 +0000 -@@ -2,6 +2,5 @@ Claimed: .*/ld/testsuite/ld-plugin/func. - hook called: all symbols read. - Sym: '_?func' Resolution: LDPR_PREVAILING_DEF.* - Sym: '_?func' Resolution: LDPR_PREVAILING_DEF.* --.*: tmpdir/main.o: in function `main': --.*main.c.*: undefined reference to `\.?func' -+#... - hook called: cleanup. -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-24.d binutils-2.32/ld/testsuite/ld-plugin/plugin-24.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-24.d 2019-02-15 13:33:21.980627277 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-24.d 2019-02-15 13:49:46.346804240 +0000 -@@ -2,4 +2,5 @@ hook called: all symbols read. - Input: .*/ld/testsuite/ld-plugin/func.c \(.*/ld/testsuite/ld-plugin/func.c\) - Sym: '_?func' Resolution: LDPR_PREVAILING_DEF.* - Sym: '_?func' Resolution: LDPR_PREVAILING_DEF.* -+#... - hook called: cleanup. -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-25.d binutils-2.32/ld/testsuite/ld-plugin/plugin-25.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-25.d 2019-02-15 13:33:21.978627293 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-25.d 2019-02-15 13:50:29.322467422 +0000 -@@ -2,4 +2,5 @@ Claimed: .*/ld/testsuite/ld-plugin/func. - hook called: all symbols read. - Sym: '_?func' Resolution: LDPR_PREVAILING_DEF.* - Sym: '_?func' Resolution: LDPR_PREVAILING_DEF.* -+#... - hook called: cleanup. -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-28.d binutils-2.32/ld/testsuite/ld-plugin/plugin-28.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-28.d 2019-02-15 13:33:21.977627301 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-28.d 2019-02-15 13:45:05.343006557 +0000 -@@ -1 +1,3 @@ - .*: error: Error -+#... -+ -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-29.d binutils-2.32/ld/testsuite/ld-plugin/plugin-29.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-29.d 2019-02-15 13:33:21.978627293 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-29.d 2019-02-15 13:45:22.764870016 +0000 -@@ -1 +1,2 @@ - .*: warning: Warning -+#... -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-30.d binutils-2.32/ld/testsuite/ld-plugin/plugin-30.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-30.d 2019-02-15 13:33:21.976627309 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-30.d 2019-02-15 13:48:57.067190464 +0000 -@@ -24,3 +24,4 @@ hook called: claim_file tmpdir/main.o \[ - hook called: claim_file tmpdir/func.o \[@0/.* not claimed - hook called: claim_file tmpdir/text.o \[@0/.* not claimed - hook called: claim_file tmpdir/libempty.a \[@.* not claimed -+#pass -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-6.d binutils-2.32/ld/testsuite/ld-plugin/plugin-6.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-6.d 2019-02-15 13:33:21.979627285 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-6.d 2019-02-15 13:37:14.672749977 +0000 -@@ -27,7 +27,6 @@ hook called: claim_file tmpdir/func.o \[ - hook called: claim_file tmpdir/text.o \[@0/.* not claimed - #... - hook called: all symbols read. --.*: tmpdir/main.o: in function `main': --.*main.c.*: undefined reference to `\.?func' -+#... - hook called: cleanup. - #... -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-7.d binutils-2.32/ld/testsuite/ld-plugin/plugin-7.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-7.d 2019-02-15 13:33:21.977627301 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-7.d 2019-02-15 13:37:58.000400421 +0000 -@@ -28,7 +28,6 @@ hook called: claim_file tmpdir/func.o \[ - hook called: claim_file tmpdir/text.o \[@0/.* not claimed - #... - hook called: all symbols read. --.*: tmpdir/main.o: in function `main': --.*main.c.*: undefined reference to `\.?func' -+#... - hook called: cleanup. - #... -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-8.d binutils-2.32/ld/testsuite/ld-plugin/plugin-8.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-8.d 2019-02-15 13:33:21.980627277 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-8.d 2019-02-15 13:38:34.096109209 +0000 -@@ -32,7 +32,6 @@ hook called: claim_file tmpdir/text.o \[ - hook called: all symbols read. - Sym: '_?func' Resolution: LDPR_PREVAILING_DEF - Sym: '_?func2' Resolution: LDPR_PREVAILING_DEF_IRONLY --.*: tmpdir/main.o: in function `main': --.*main.c.*: undefined reference to `\.?func' -+#... - hook called: cleanup. - #... -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-9.d binutils-2.32/ld/testsuite/ld-plugin/plugin-9.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-9.d 2019-02-15 13:33:21.977627301 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-9.d 2019-02-15 13:39:52.655475403 +0000 -@@ -31,7 +31,8 @@ hook called: claim_file tmpdir/func.o \[ - hook called: claim_file tmpdir/text.o \[@0/.* not claimed - #... - hook called: all symbols read. --Sym: '_?func' Resolution: LDPR_PREVAILING_DEF -+Sym: '_?func' Resolution: LDPR_PREVAILING_DEF_IRONLY - Sym: '_?func2' Resolution: LDPR_PREVAILING_DEF_IRONLY -+#... - hook called: cleanup. - #... -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/pr20070.d binutils-2.32/ld/testsuite/ld-plugin/pr20070.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/pr20070.d 2019-02-15 13:33:21.976627309 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/pr20070.d 2019-02-15 13:50:56.874251486 +0000 -@@ -5,5 +5,6 @@ Sym: 'weakdef' Resolution: LDPR_PREVAILI - Sym: 'undef' Resolution: LDPR_UNDEF - Sym: 'weakundef' Resolution: LDPR_UNDEF - Sym: 'common' Resolution: LDPR_PREVAILING_DEF_IRONLY -+#... - hook called: cleanup. - #... -diff -rup binutils-2.32.orig/ld/testsuite/ld-srec/srec.exp binutils-2.32/ld/testsuite/ld-srec/srec.exp ---- binutils-2.32.orig/ld/testsuite/ld-srec/srec.exp 2019-02-15 13:33:21.938627615 +0000 -+++ binutils-2.32/ld/testsuite/ld-srec/srec.exp 2019-02-15 13:53:58.744814006 +0000 -@@ -21,6 +21,8 @@ - - # Get the offset from an S-record line to the start of the data. - -+return -+ - proc srec_off { l } { - if [string match "S1*" $l] { - return 8 -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-10.d binutils-2.32/ld/testsuite/ld-plugin/plugin-10.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-10.d 2019-02-15 14:10:59.038709514 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-10.d 2019-02-15 14:13:53.532300721 +0000 -@@ -32,7 +32,7 @@ hook called: claim_file tmpdir/func.o \[ - hook called: claim_file tmpdir/libtext.a \[@.* not claimed - #... - hook called: all symbols read. --Sym: '_?func' Resolution: LDPR_PREVAILING_DEF -+Sym: '_?func' Resolution: LDPR_PREVAILING_DEF_IRONLY - Sym: '_?func2' Resolution: LDPR_PREVAILING_DEF_IRONLY - #... - hook called: cleanup. -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-11.d binutils-2.32/ld/testsuite/ld-plugin/plugin-11.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-11.d 2019-02-15 14:10:59.041709490 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-11.d 2019-02-15 14:14:50.061844322 +0000 -@@ -35,8 +35,9 @@ hook called: claim_file tmpdir/func.o \[ - hook called: claim_file tmpdir/libtext.a \[@.* CLAIMED - #... - hook called: all symbols read. --Sym: '_?func' Resolution: LDPR_PREVAILING_DEF -+Sym: '_?func' Resolution: LDPR_PREVAILING_DEF_IRONLY - Sym: '_?func2' Resolution: LDPR_PREVAILING_DEF_IRONLY --Sym: '_?text' Resolution: LDPR_PREVAILING_DEF -+Sym: '_?text' Resolution: LDPR_PREVAILING_DEF_IRONLY -+#... - hook called: cleanup. - #... -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-18.d binutils-2.32/ld/testsuite/ld-plugin/plugin-18.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-18.d 2019-02-15 14:10:58.942710289 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-18.d 2019-02-15 14:15:20.030602369 +0000 -@@ -32,7 +32,8 @@ hook called: claim_file .*/ld/testsuite/ - hook called: claim_file tmpdir/libtext.a \[@.* not claimed - #... - hook called: all symbols read. --Sym: '_?func' Resolution: LDPR_PREVAILING_DEF -+Sym: '_?func' Resolution: LDPR_PREVAILING_DEF_IRONLY - Sym: '_?func2' Resolution: LDPR_PREVAILING_DEF_IRONLY -+#... - hook called: cleanup. - #... -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-19.d binutils-2.32/ld/testsuite/ld-plugin/plugin-19.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-19.d 2019-02-15 14:10:59.024709627 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-19.d 2019-02-15 14:15:54.926320633 +0000 -@@ -35,8 +35,9 @@ hook called: claim_file .*/ld/testsuite/ - hook called: claim_file tmpdir/libtext.a \[@.* CLAIMED - #... - hook called: all symbols read. --Sym: '_?func' Resolution: LDPR_PREVAILING_DEF -+Sym: '_?func' Resolution: LDPR_PREVAILING_DEF_IRONLY - Sym: '_?func2' Resolution: LDPR_PREVAILING_DEF_IRONLY --Sym: '_?text' Resolution: LDPR_PREVAILING_DEF -+Sym: '_?text' Resolution: LDPR_PREVAILING_DEF_IRONLY -+#... - hook called: cleanup. - #... -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-28.d binutils-2.32/ld/testsuite/ld-plugin/plugin-28.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-28.d 2019-02-15 14:10:58.998709837 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-28.d 2019-02-15 14:12:19.856057024 +0000 -@@ -1,3 +1,2 @@ - .*: error: Error - #... -- -diff -rup binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-8.d binutils-2.32/ld/testsuite/ld-plugin/plugin-8.d ---- binutils-2.32.orig/ld/testsuite/ld-plugin/plugin-8.d 2019-02-15 14:10:59.074709224 +0000 -+++ binutils-2.32/ld/testsuite/ld-plugin/plugin-8.d 2019-02-15 14:11:48.144313048 +0000 -@@ -30,7 +30,7 @@ hook called: claim_file tmpdir/func.o \[ - hook called: claim_file tmpdir/text.o \[@0/.* not claimed - #... - hook called: all symbols read. --Sym: '_?func' Resolution: LDPR_PREVAILING_DEF -+Sym: '_?func' Resolution: LDPR_PREVAILING_DEF_IRONLY - Sym: '_?func2' Resolution: LDPR_PREVAILING_DEF_IRONLY - #... - hook called: cleanup. -diff -rup binutils.orig/ld/testsuite/ld-elfvers/vers24.rd binutils-2.30/ld/testsuite/ld-elfvers/vers24.rd ---- binutils.orig/ld/testsuite/ld-elfvers/vers24.rd 2018-09-05 09:45:44.013108697 +0100 -+++ binutils-2.30/ld/testsuite/ld-elfvers/vers24.rd 2018-09-05 12:06:17.287425232 +0100 -@@ -7,9 +7,9 @@ Symbol table '.dynsym' contains [0-9]+ e - # And ensure the dynamic symbol table contains at least x@VERS.0 - # and foo@@VERS.0 symbols - #... -- +[0-9]+: [0-9a-f]+ +(4 +OBJECT +GLOBAL +DEFAULT +[0-9]+ _?x|[0-9]+ +FUNC +GLOBAL +DEFAULT .* [0-9]+ _?foo@)@VERS\.0 -+ +[0-9]+: [0-9a-f]+ +(4 +OBJECT +GLOBAL +DEFAULT +[0-9]+ _?x|[0-9]+ +FUNC +GLOBAL +DEFAULT .* [0-9]+ _?foo@)@VERS\.0.* - #... -- +[0-9]+: [0-9a-f]+ +(4 +OBJECT +GLOBAL +DEFAULT +[0-9]+ _?x|[0-9]+ +FUNC +GLOBAL +DEFAULT .* [0-9]+ _?foo@)@VERS\.0 -+ +[0-9]+: [0-9a-f]+ +(4 +OBJECT +GLOBAL +DEFAULT +[0-9]+ _?x|[0-9]+ +FUNC +GLOBAL +DEFAULT .* [0-9]+ _?foo@)@VERS\.0.* - #... - Symbol table '.symtab' contains [0-9]+ entries: - #pass -diff -rup binutils.orig/ld/testsuite/ld-plugin/plugin.exp binutils-2.30/ld/testsuite/ld-plugin/plugin.exp ---- binutils.orig/ld/testsuite/ld-plugin/plugin.exp 2018-09-05 09:45:44.023108605 +0100 -+++ binutils-2.30/ld/testsuite/ld-plugin/plugin.exp 2018-09-05 11:18:53.997202105 +0100 -@@ -118,6 +118,12 @@ if { $can_compile && !$failed_compile } - } - } - -+# I do not know why, but the underscore prefix test is going -+# wrong on ppc64le targets. So override it here. -+if { [istarget powerpc*-*-linux*] || [istarget x86_64*-*-linux*] } { -+ set _ "" -+} -+ - set testobjfiles "tmpdir/main.o tmpdir/func.o tmpdir/text.o" - set testobjfiles_notext "tmpdir/main.o tmpdir/func.o" - set testsrcfiles "tmpdir/main.o $srcdir/$subdir/func.c tmpdir/text.o" diff --git a/SPECS/binutils/binutils-gas-dwarf-skip-empty-functions.patch b/SPECS/binutils/binutils-gas-dwarf-skip-empty-functions.patch deleted file mode 100644 index 6d75c0bf5e..0000000000 --- a/SPECS/binutils/binutils-gas-dwarf-skip-empty-functions.patch +++ /dev/null @@ -1,93 +0,0 @@ -From b53c44bfe31fb036f212275b6d70edd5eee7b088 Mon Sep 17 00:00:00 2001 -From: Jan Beulich via Binutils -Date: Tue, 9 Aug 2022 13:12:03 +0200 -Subject: [PATCH] gas/Dwarf: properly skip zero-size functions - -PR gas/29451 - -While out_debug_abbrev() properly skips such functions, out_debug_info() -mistakenly didn't. It needs to calculate the high_pc expression ahead of -time, in order to skip emitting any data for the function if the value -is zero. - -The one case which would still leave a zero-size entry is when -symbol_get_obj(symp)->size ends up evaluating to zero. I hope we can -expect that to not be the case, otherwise we'd need to have a way to -post-process .debug_info contents between resolving expressions and -actually writing the data out to the file. Even then it wouldn't be -entirely obvious in which way to alter the data. ---- - gas/dwarf2dbg.c | 39 ++++++++++++++++++++------------------- - 1 file changed, 20 insertions(+), 19 deletions(-) - -diff --git a/gas/dwarf2dbg.c b/gas/dwarf2dbg.c -index 868ec79ee2c..f346bd6a412 100644 ---- a/gas/dwarf2dbg.c -+++ b/gas/dwarf2dbg.c -@@ -2882,6 +2882,7 @@ out_debug_info (segT info_seg, segT abbrev_seg, segT line_seg, segT str_seg, - { - const char *name; - size_t len; -+ expressionS size = { .X_op = O_constant }; - - /* Skip warning constructs (see above). */ - if (symbol_get_bfdsym (symp)->flags & BSF_WARNING) -@@ -2895,6 +2896,18 @@ out_debug_info (segT info_seg, segT abbrev_seg, segT line_seg, segT str_seg, - if (!S_IS_DEFINED (symp) || !S_IS_FUNCTION (symp)) - continue; - -+#if defined (OBJ_ELF) /* || defined (OBJ_MAYBE_ELF) */ -+ size.X_add_number = S_GET_SIZE (symp); -+ if (size.X_add_number == 0 && IS_ELF -+ && symbol_get_obj (symp)->size != NULL) -+ { -+ size.X_op = O_add; -+ size.X_op_symbol = make_expr_symbol (symbol_get_obj (symp)->size); -+ } -+#endif -+ if (size.X_op == O_constant && size.X_add_number == 0) -+ continue; -+ - subseg_set (str_seg, 0); - name_sym = symbol_temp_new_now_octets (); - name = S_GET_NAME (symp); -@@ -2920,29 +2933,17 @@ out_debug_info (segT info_seg, segT abbrev_seg, segT line_seg, segT str_seg, - emit_expr (&exp, sizeof_address); - - /* DW_AT_high_pc */ -- exp.X_op = O_constant; --#if defined (OBJ_ELF) /* || defined (OBJ_MAYBE_ELF) */ -- exp.X_add_number = S_GET_SIZE (symp); -- if (exp.X_add_number == 0 && IS_ELF -- && symbol_get_obj (symp)->size != NULL) -- { -- exp.X_op = O_add; -- exp.X_op_symbol = make_expr_symbol (symbol_get_obj (symp)->size); -- } --#else -- exp.X_add_number = 0; --#endif - if (DWARF2_VERSION < 4) - { -- if (exp.X_op == O_constant) -- exp.X_op = O_symbol; -- exp.X_add_symbol = symp; -- emit_expr (&exp, sizeof_address); -+ if (size.X_op == O_constant) -+ size.X_op = O_symbol; -+ size.X_add_symbol = symp; -+ emit_expr (&size, sizeof_address); - } -- else if (exp.X_op == O_constant) -- out_uleb128 (exp.X_add_number); -+ else if (size.X_op == O_constant) -+ out_uleb128 (size.X_add_number); - else -- emit_leb128_expr (symbol_get_value_expression (exp.X_op_symbol), 0); -+ emit_leb128_expr (symbol_get_value_expression (size.X_op_symbol), 0); - } - - /* End of children. */ --- -2.37.1 - diff --git a/SPECS/binutils/binutils-gold-mismatched-section-flags.patch b/SPECS/binutils/binutils-gold-mismatched-section-flags.patch deleted file mode 100644 index 63dba2b4b1..0000000000 --- a/SPECS/binutils/binutils-gold-mismatched-section-flags.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff -rup binutils.orig/gold/layout.cc binutils-2.32/gold/layout.cc ---- binutils.orig/gold/layout.cc 2019-06-24 14:37:36.013086899 +0100 -+++ binutils-2.32/gold/layout.cc 2019-06-24 14:41:40.054517479 +0100 -@@ -868,6 +868,7 @@ Layout::get_output_section(const char* n - && (same_name->flags() & elfcpp::SHF_TLS) == 0) - os = same_name; - } -+#if 0 /* BZ 1722715, PR 17556. */ - else if ((flags & elfcpp::SHF_TLS) == 0) - { - elfcpp::Elf_Xword zero_flags = 0; -@@ -878,6 +879,7 @@ Layout::get_output_section(const char* n - if (p != this->section_name_map_.end()) - os = p->second; - } -+#endif - } - - if (os == NULL) diff --git a/SPECS/binutils/binutils-gold-warn-unsupported.patch b/SPECS/binutils/binutils-gold-warn-unsupported.patch deleted file mode 100644 index 8e00aa3ded..0000000000 --- a/SPECS/binutils/binutils-gold-warn-unsupported.patch +++ /dev/null @@ -1,66 +0,0 @@ -Only in binutils-2.34/gold: autom4te.cache -diff -rup binutils.orig/gold/configure binutils-2.34/gold/configure ---- binutils.orig/gold/configure 2020-04-20 12:35:13.048297305 +0100 -+++ binutils-2.34/gold/configure 2020-04-20 14:02:06.743725696 +0100 -@@ -5180,7 +5180,8 @@ for targ in $target $canon_targets; do - . ${srcdir}/configure.tgt - - if test "$targ_obj" = "UNKNOWN"; then -- as_fn_error $? "\"unsupported target $targ\"" "$LINENO" 5 -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"unsupported target $targ\"" >&5 -+$as_echo "$as_me: WARNING: \"unsupported target $targ\"" >&2;} - else - targetobjs="$targetobjs ${targ_obj}.\$(OBJEXT)" - if test "$targ_extra_obj" != ""; then -diff -rup binutils.orig/gold/configure.ac binutils-2.34/gold/configure.ac ---- binutils.orig/gold/configure.ac 2020-04-20 12:35:13.050297291 +0100 -+++ binutils-2.34/gold/configure.ac 2020-04-20 14:01:46.435868770 +0100 -@@ -181,7 +181,7 @@ for targ in $target $canon_targets; do - . ${srcdir}/configure.tgt - - if test "$targ_obj" = "UNKNOWN"; then -- AC_MSG_ERROR("unsupported target $targ") -+ AC_MSG_WARN("unsupported target $targ") - else - targetobjs="$targetobjs ${targ_obj}.\$(OBJEXT)" - if test "$targ_extra_obj" != ""; then ---- binutils.orig/ld/configure.tgt 2020-04-20 12:35:12.465301359 +0100 -+++ binutils-2.34/ld/configure.tgt 2020-04-20 14:17:52.123066333 +0100 -@@ -220,7 +220,7 @@ bfin-*-linux-uclibc*) targ_emul=elf32bfi - targ_extra_emuls="elf32bfin" - targ_extra_libpath=$targ_extra_emuls - ;; --bpf-*-*) targ_emul=elf64bpf -+bpf-* | bpf-*-*) targ_emul=elf64bpf - ;; - cr16-*-elf*) targ_emul=elf32cr16 - ;; -@@ -1026,7 +1026,7 @@ z8k-*-coff) targ_emul=z8002 - targ_extra_ofiles= - ;; - *) -- echo 2>&1 "*** ld does not support target ${targ}" -+ echo 2>&1 "*** ld does not support target '${targ}' NO REALLY" - echo 2>&1 "*** see ld/configure.tgt for supported targets" - exit 1 - ---- binutils.orig/bfd/config.bfd 2020-04-20 12:35:13.038297375 +0100 -+++ binutils-2.34/bfd/config.bfd 2020-04-20 14:25:26.452869193 +0100 -@@ -473,7 +473,7 @@ case "${targ}" in - ;; - - #ifdef BFD64 -- bpf-*-none) -+ bpf-*-none | bpf-*) - targ_defvec=bpf_elf64_le_vec - targ_selvecs=bpf_elf64_be_vec - targ_underscore=yes -@@ -1427,7 +1427,7 @@ case "${targ}" in - ;; - - *) -- echo 1>&2 "*** BFD does not support target ${targ}." -+ echo 1>&2 "*** BFD does not support target '${targ}'. Honest." - echo 1>&2 "*** Look in bfd/config.bfd for supported targets." - exit 1 - ;; diff --git a/SPECS/binutils/binutils-libtool-no-rpath.patch b/SPECS/binutils/binutils-libtool-no-rpath.patch deleted file mode 100644 index a4f90a186c..0000000000 --- a/SPECS/binutils/binutils-libtool-no-rpath.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff -rup binutils.orig/ltmain.sh binutils-2.37/ltmain.sh ---- binutils.orig/ltmain.sh 2022-01-27 16:23:09.304207432 +0000 -+++ binutils-2.37/ltmain.sh 2022-01-27 16:23:18.380143759 +0000 -@@ -7103,6 +7103,7 @@ EOF - rpath="$finalize_rpath" - test "$mode" != relink && rpath="$compile_rpath$rpath" - for libdir in $rpath; do -+ case "$libdir" in /usr/lib|/usr/lib64|/usr/lib/../lib|/usr/lib/../lib64) continue;; esac - if test -n "$hardcode_libdir_flag_spec"; then - if test -n "$hardcode_libdir_separator"; then - if test -z "$hardcode_libdirs"; then -@@ -7798,6 +7799,7 @@ EOF - rpath= - hardcode_libdirs= - for libdir in $compile_rpath $finalize_rpath; do -+ case "$libdir" in /usr/lib|/usr/lib64|/usr/lib/../lib|/usr/lib/../lib64) continue;; esac - if test -n "$hardcode_libdir_flag_spec"; then - if test -n "$hardcode_libdir_separator"; then - if test -z "$hardcode_libdirs"; then -@@ -7849,6 +7851,7 @@ EOF - rpath= - hardcode_libdirs= - for libdir in $finalize_rpath; do -+ case "$libdir" in /usr/lib|/usr/lib64|/usr/lib/../lib|/usr/lib/../lib64) continue;; esac - if test -n "$hardcode_libdir_flag_spec"; then - if test -n "$hardcode_libdir_separator"; then - if test -z "$hardcode_libdirs"; then -Only in binutils-2.37: ltmain.sh.orig diff --git a/SPECS/binutils/binutils-package-metadata.patch b/SPECS/binutils/binutils-package-metadata.patch deleted file mode 100644 index d2925b0546..0000000000 --- a/SPECS/binutils/binutils-package-metadata.patch +++ /dev/null @@ -1,197 +0,0 @@ -diff -rup binutils.orig/gold/Makefile.am binutils-2.38/gold/Makefile.am ---- binutils.orig/gold/Makefile.am 2022-08-04 11:11:01.788495165 +0100 -+++ binutils-2.38/gold/Makefile.am 2022-08-04 11:12:26.124013955 +0100 -@@ -35,7 +35,7 @@ THREADFLAGS = @PTHREAD_CFLAGS@ - THREADLIBS = @PTHREAD_LIBS@ - - AM_CFLAGS = $(WARN_CFLAGS) $(LFS_CFLAGS) $(RANDOM_SEED_CFLAGS) $(ZLIBINC) $(THREADFLAGS) --AM_CXXFLAGS = $(WARN_CXXFLAGS) $(LFS_CFLAGS) $(RANDOM_SEED_CFLAGS) $(ZLIBINC) $(THREADFLAGS) -+AM_CXXFLAGS = $(WARN_CXXFLAGS) $(LFS_CFLAGS) $(RANDOM_SEED_CFLAGS) $(ZLIBINC) $(THREADFLAGS) $(JANSSON_CFLAGS) - AM_LDFLAGS = $(THREADFLAGS) - - AM_CPPFLAGS = \ -@@ -187,7 +187,7 @@ libgold_a_LIBADD = $(LIBOBJS) - sources_var = main.cc - deps_var = $(TARGETOBJS) libgold.a $(LIBIBERTY) $(LIBINTL_DEP) - ldadd_var = $(TARGETOBJS) libgold.a $(LIBIBERTY) $(GOLD_LDADD) $(LIBINTL) \ -- $(THREADLIBS) $(LIBDL) $(ZLIB) -+ $(THREADLIBS) $(LIBDL) $(ZLIB) $(JANSSON_LIBS) - ldflags_var = $(GOLD_LDFLAGS) - - ld_new_SOURCES = $(sources_var) -@@ -201,12 +201,12 @@ incremental_dump_SOURCES = incremental-d - incremental_dump_DEPENDENCIES = $(TARGETOBJS) libgold.a $(LIBIBERTY) \ - $(LIBINTL_DEP) - incremental_dump_LDADD = $(TARGETOBJS) libgold.a $(LIBIBERTY) $(LIBINTL) \ -- $(THREADLIBS) $(LIBDL) $(ZLIB) -+ $(THREADLIBS) $(LIBDL) $(ZLIB) $(JANSSON_LIBS) - - dwp_SOURCES = dwp.cc - dwp_DEPENDENCIES = libgold.a $(LIBIBERTY) $(LIBINTL_DEP) - dwp_LDADD = libgold.a $(LIBIBERTY) $(GOLD_LDADD) $(LIBINTL) $(THREADLIBS) \ -- $(LIBDL) $(ZLIB) -+ $(LIBDL) $(ZLIB) $(JANSSON_LIBS) - dwp_LDFLAGS = $(GOLD_LDFLAGS) - - CONFIG_STATUS_DEPENDENCIES = $(srcdir)/../bfd/development.sh -diff -rup binutils.orig/gold/configure.ac binutils-2.38/gold/configure.ac ---- binutils.orig/gold/configure.ac 2022-08-04 11:11:01.783495194 +0100 -+++ binutils-2.38/gold/configure.ac 2022-08-04 11:12:26.124013955 +0100 -@@ -591,6 +591,32 @@ if test "$threads" = "yes"; then - fi - AM_CONDITIONAL(THREADS, test "$threads" = "yes") - -+# Used to validate --package-metadata= input. Disabled by default. -+AC_ARG_ENABLE([jansson], -+ [AS_HELP_STRING([--enable-jansson], -+ [enable jansson [default=no]])], -+ [enable_jansson=$enableval], -+ [enable_jansson="no"]) -+ -+if test "x$enable_jansson" != "xno"; then -+ PKG_PROG_PKG_CONFIG -+ AS_IF([test -n "$PKG_CONFIG"], -+ [ -+ PKG_CHECK_MODULES(JANSSON, [jansson], -+ [ -+ AC_DEFINE(HAVE_JANSSON, 1, [The jansson library is to be used]) -+ AC_SUBST([JANSSON_CFLAGS]) -+ AC_SUBST([JANSSON_LIBS]) -+ ], -+ [ -+ AC_MSG_ERROR([Cannot find jansson library]) -+ ]) -+ ], -+ [ -+ AC_MSG_ERROR([Cannot find pkg-config]) -+ ]) -+fi -+ - dnl We have to check these in C, not C++, because autoconf generates - dnl tests which have no type information, and current glibc provides - dnl multiple declarations of functions like basename when compiling -diff -rup binutils.orig/gold/layout.cc binutils-2.38/gold/layout.cc ---- binutils.orig/gold/layout.cc 2022-08-04 11:11:01.783495194 +0100 -+++ binutils-2.38/gold/layout.cc 2022-08-04 11:12:26.125013949 +0100 -@@ -38,6 +38,9 @@ - #include - #include - #endif -+#ifdef HAVE_JANSSON -+#include -+#endif - - #include "parameters.h" - #include "options.h" -@@ -2439,6 +2442,7 @@ Layout::create_notes() - this->create_gold_note(); - this->create_stack_segment(); - this->create_build_id(); -+ this->create_package_metadata(); - } - - // Create the dynamic sections which are needed before we read the -@@ -3536,6 +3540,52 @@ Layout::create_build_id() - } - } - -+// If --package-metadata was used, set up the package metadata note. -+// https://systemd.io/ELF_PACKAGE_METADATA/ -+ -+void -+Layout::create_package_metadata() -+{ -+ if (!parameters->options().user_set_package_metadata()) -+ return; -+ -+ const char* desc = parameters->options().package_metadata(); -+ if (strcmp(desc, "") == 0) -+ return; -+ -+#ifdef HAVE_JANSSON -+ json_error_t json_error; -+ json_t *json = json_loads(desc, 0, &json_error); -+ if (json) -+ json_decref(json); -+ else -+ { -+ gold_fatal(_("error: --package-metadata=%s does not contain valid " -+ "JSON: %s\n"), -+ desc, json_error.text); -+ } -+#endif -+ -+ // Create the note. -+ size_t trailing_padding; -+ // Ensure the trailing NULL byte is always included, as per specification. -+ size_t descsz = strlen(desc) + 1; -+ Output_section* os = this->create_note("FDO", elfcpp::FDO_PACKAGING_METADATA, -+ ".note.package", descsz, true, -+ &trailing_padding); -+ if (os == NULL) -+ return; -+ -+ Output_section_data* posd = new Output_data_const(desc, descsz, 4); -+ os->add_output_section_data(posd); -+ -+ if (trailing_padding != 0) -+ { -+ posd = new Output_data_zero_fill(trailing_padding, 0); -+ os->add_output_section_data(posd); -+ } -+} -+ - // If we have both .stabXX and .stabXXstr sections, then the sh_link - // field of the former should point to the latter. I'm not sure who - // started this, but the GNU linker does it, and some tools depend -diff -rup binutils.orig/gold/layout.h binutils-2.38/gold/layout.h ---- binutils.orig/gold/layout.h 2022-08-04 11:11:01.788495165 +0100 -+++ binutils-2.38/gold/layout.h 2022-08-04 11:12:26.125013949 +0100 -@@ -1107,6 +1107,10 @@ class Layout - void - create_build_id(); - -+ // Create a package metadata note if needed. -+ void -+ create_package_metadata(); -+ - // Link .stab and .stabstr sections. - void - link_stabs_sections(); -@@ -1453,6 +1457,8 @@ class Layout - Gdb_index* gdb_index_data_; - // The space for the build ID checksum if there is one. - Output_section_data* build_id_note_; -+ // The space for the package metadata JSON if there is one. -+ Output_section_data* package_metadata_note_; - // The output section containing dwarf abbreviations - Output_reduced_debug_abbrev_section* debug_abbrev_; - // The output section containing the dwarf debug info tree -diff -rup binutils.orig/gold/options.h binutils-2.38/gold/options.h ---- binutils.orig/gold/options.h 2022-08-04 11:11:01.785495182 +0100 -+++ binutils-2.38/gold/options.h 2022-08-04 11:12:26.125013949 +0100 -@@ -1102,6 +1102,10 @@ class General_options - DEFINE_bool(p, options::ONE_DASH, 'p', false, - N_("Ignored for ARM compatibility"), NULL); - -+ DEFINE_optional_string(package_metadata, options::TWO_DASHES, '\0', NULL, -+ N_("Generate package metadata note"), -+ N_("[=JSON]")); -+ - DEFINE_bool(pie, options::ONE_DASH, '\0', false, - N_("Create a position independent executable"), - N_("Do not create a position independent executable")); -diff -rup binutils.orig/elfcpp/elfcpp.h binutils-2.38/elfcpp/elfcpp.h ---- binutils.orig/elfcpp/elfcpp.h 2022-08-04 11:11:00.940500003 +0100 -+++ binutils-2.38/elfcpp/elfcpp.h 2022-08-04 11:12:26.124013955 +0100 -@@ -999,7 +999,9 @@ enum - // string. - NT_GNU_GOLD_VERSION = 4, - // Program property note, as described in "Linux Extensions to the gABI". -- NT_GNU_PROPERTY_TYPE_0 = 5 -+ NT_GNU_PROPERTY_TYPE_0 = 5, -+ // FDO .note.package notes as defined on https://systemd.io/ELF_PACKAGE_METADATA/ -+ FDO_PACKAGING_METADATA = 0xcafe1a7e - }; - - // The OS values which may appear in word 0 of a NT_GNU_ABI_TAG note. diff --git a/SPECS/binutils/binutils-special-sections-in-groups.patch b/SPECS/binutils/binutils-special-sections-in-groups.patch deleted file mode 100644 index 7de5a93f61..0000000000 --- a/SPECS/binutils/binutils-special-sections-in-groups.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- binutils.orig/bfd/elf.c 2018-10-19 11:42:10.107277490 +0100 -+++ binutils-2.31.1/bfd/elf.c 2018-10-19 11:44:33.607105801 +0100 -@@ -830,7 +830,13 @@ setup_group (bfd *abfd, Elf_Internal_Shd - } - } - -- if (elf_group_name (newsect) == NULL) -+ if (elf_group_name (newsect) == NULL -+ /* OS specific sections might be in a group (eg ARM's ARM_EXIDX section) -+ but they will not have been added to the group because they do not -+ have contents that the ELF code in the BFD library knows how to -+ process. This is OK though - we rely upon the target backends to -+ handle these sections for us. */ -+ && hdr->sh_type < SHT_LOOS) - { - /* xgettext:c-format */ - _bfd_error_handler (_("%pB: no group info for section '%pA'"), -@@ -936,7 +942,8 @@ _bfd_elf_setup_sections (bfd *abfd) - else if (idx->shdr->bfd_section) - elf_sec_group (idx->shdr->bfd_section) = shdr->bfd_section; - else if (idx->shdr->sh_type != SHT_RELA -- && idx->shdr->sh_type != SHT_REL) -+ && idx->shdr->sh_type != SHT_REL -+ && idx->shdr->sh_type < SHT_LOOS) - { - /* There are some unknown sections in the group. */ - _bfd_error_handler diff --git a/SPECS/binutils/binutils-sync-libiberty-add-no-recurse-limit-make-check-fix.patch b/SPECS/binutils/binutils-sync-libiberty-add-no-recurse-limit-make-check-fix.patch deleted file mode 100644 index c394e5a36e..0000000000 --- a/SPECS/binutils/binutils-sync-libiberty-add-no-recurse-limit-make-check-fix.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 2f04b8ab4df36939a03271b1ccd3980a10afaca8 Mon Sep 17 00:00:00 2001 -From: Satya Naga Rajesh Vasamsetty -Date: Tue, 23 Aug 2022 21:43:35 +0530 -Subject: [PATCH] Add --no-recurse-limit to libiberty testsuite - -Signed-off-by: Vamsi Krishna Brahmajosyula ---- - libiberty/testsuite/demangle-expected | 2 +- - libiberty/testsuite/test-demangle.c | 8 +++++++- - 2 files changed, 8 insertions(+), 2 deletions(-) - -diff --git a/libiberty/testsuite/demangle-expected b/libiberty/testsuite/demangle-expected -index 351af349..0bdc91ef 100644 ---- a/libiberty/testsuite/demangle-expected -+++ b/libiberty/testsuite/demangle-expected -@@ -1173,7 +1173,7 @@ _Z1fIKFvvES0_Evv - void f() - f - # ----format=gnu-v3 -+--format=gnu-v3 --no-recurse-limit - _ZN4modc6parser8sequenceINS_9astParser13LocatedParserINS0_9ParserRefINS2_UlRNS2_16TokenParserInputEE_EEEEEINS0_14OptionalParserINS2_18ListParserTemplateILNS_6tokens5Token4TypeE4EXadL_ZNSD_Ut_13parenthesizedEEEE6ParserINS4_INS0_6ParserIS5_NS_3ast10ExpressionEEEEEEEEENSA_INS4_INS2_22OneOfKeywordsToTParserINSJ_5StyleEEEEEEENS0_14SequenceParserIS5_INS0_18ExactElementParserIS5_EENSA_ISM_EEEEENS0_14RepeatedParserINS4_INS0_15TransformParserINSU_IS5_INS4_INSP_INSJ_10Annotation12RelationshipEEEEESX_EEENS2_UlNS2_3LocES12_ONS_5MaybeISK_EEE19_EEEEELb0EEEEEENSU_INS0_17ExtractParserTypeIT_E9InputTypeEINS0_8MaybeRefIS1F_E4TypeEDpNS1I_IT0_E4TypeEEEEOS1F_DpOS1L_ - modc::parser::OptionalParser > > > >::InputType, modc::parser::MaybeRef > >::Parser > > > >, modc::parser::ExactElementParser > >, modc::astParser::{lambda(modc::astParser::Loc, modc::parser::TransformParser, modc::Maybe&&)#21}> > >::Type, modc::astParser::LocatedParser >::Parser > > > >::Type, modc::astParser::LocatedParser > > > >::Type, modc::astParser::LocatedParser >, modc::parser::OptionalParser > > > >::Type, modc::astParser::LocatedParser > > >::Parser > > > >, modc::parser::ExactElementParser > >, modc::astParser::{lambda(modc::astParser::Loc, modc::parser::TransformParser, modc::Maybe&&)#21}> >, false> >::Type> modc::parser::sequence >, modc::parser::OptionalParser::Parser > > >, modc::parser::OptionalParser > >, modc::parser::SequenceParser, modc::parser::OptionalParser > > >, modc::parser::RepeatedParser > >::Parser > > > >, modc::parser::ExactElementParser > >, modc::astParser::{lambda(modc::astParser::Loc, modc::parser::TransformParser, modc::Maybe&&)#21}> >, false> >(modc::parser::ParserRef > >::Parser > > > >, modc::parser::ExactElementParser > >, modc::astParser::{lambda(modc::astParser::Loc, modc::parser::TransformParser, modc::Maybe&&)#21}> >&&, (modc::parser::MaybeRef&&)...) - --format=gnu-v3 -diff --git a/libiberty/testsuite/test-demangle.c b/libiberty/testsuite/test-demangle.c -index 806b0397..97b3b84e 100644 ---- a/libiberty/testsuite/test-demangle.c -+++ b/libiberty/testsuite/test-demangle.c -@@ -163,6 +163,7 @@ exp: %s\n", - --is-v3-dtor Likewise, but for dtors. - --ret-postfix Passes the DMGL_RET_POSTFIX option - --ret-drop Passes the DMGL_RET_DROP option -+ --no-recurse-limit Disable the recursion limit - - For compatibility, just in case it matters, the options line may be - empty, to mean --format=auto. If it doesn't start with --, then it -@@ -179,6 +180,7 @@ main(argc, argv) - int is_v3_ctor; - int is_v3_dtor; - int ret_postfix, ret_drop; -+ int no_recurse_limit; - struct line format; - struct line input; - struct line expect; -@@ -216,6 +218,7 @@ main(argc, argv) - ret_drop = 0; - is_v3_ctor = 0; - is_v3_dtor = 0; -+ no_recurse_limit = 0; - if (format.data[0] == '\0') - style = auto_demangling; - else if (format.data[0] != '-') -@@ -272,6 +275,8 @@ main(argc, argv) - ret_postfix = 1; - else if (strcmp (opt, "--ret-drop") == 0) - ret_drop = 1; -+ else if (strcmp (opt, "--no-recurse-limit") == 0) -+ no_recurse_limit = 1; - else - { - printf ("FAIL at line %d: unrecognized option %s\n", -@@ -316,7 +321,8 @@ main(argc, argv) - - result = cplus_demangle (inp, (DMGL_PARAMS | DMGL_ANSI | DMGL_TYPES - | (ret_postfix ? DMGL_RET_POSTFIX : 0) -- | (ret_drop ? DMGL_RET_DROP : 0))); -+ | (ret_drop ? DMGL_RET_DROP : 0) -+ | (no_recurse_limit ? DMGL_NO_RECURSE_LIMIT : 0))); - - if (result - ? strcmp (result, expect.data) --- -2.37.2 - diff --git a/SPECS/binutils/binutils-testsuite-fixes.patch b/SPECS/binutils/binutils-testsuite-fixes.patch deleted file mode 100644 index 4090e82c2b..0000000000 --- a/SPECS/binutils/binutils-testsuite-fixes.patch +++ /dev/null @@ -1,1432 +0,0 @@ -diff -rup binutils.orig/ld/testsuite/ld-plugin/plugin-10.d binutils-2.36.1/ld/testsuite/ld-plugin/plugin-10.d ---- binutils.orig/ld/testsuite/ld-plugin/plugin-10.d 2021-02-12 10:13:11.116049499 +0000 -+++ binutils-2.36.1/ld/testsuite/ld-plugin/plugin-10.d 2021-02-12 10:23:44.298370984 +0000 -@@ -32,7 +32,7 @@ hook called: claim_file tmpdir/func.o \[ - hook called: claim_file tmpdir/libtext.a \[@.* not claimed - #... - hook called: all symbols read. --Sym: '_?func' Resolution: LDPR_PREVAILING_DEF_IRONLY -+Sym: '_?func' Resolution: LDPR_PREVAILING_DE.* - Sym: '_?func2' Resolution: LDPR_PREVAILING_DEF_IRONLY - #... - hook called: cleanup. -diff -rup binutils.orig/ld/testsuite/ld-plugin/plugin-11.d binutils-2.36.1/ld/testsuite/ld-plugin/plugin-11.d ---- binutils.orig/ld/testsuite/ld-plugin/plugin-11.d 2021-02-12 10:13:11.119049477 +0000 -+++ binutils-2.36.1/ld/testsuite/ld-plugin/plugin-11.d 2021-02-12 10:50:40.973828943 +0000 -@@ -35,9 +35,9 @@ hook called: claim_file tmpdir/func.o \[ - hook called: claim_file tmpdir/libtext.a \[@.* CLAIMED - #... - hook called: all symbols read. --Sym: '_?func' Resolution: LDPR_PREVAILING_DEF_IRONLY -+Sym: '_?func' Resolution: LDPR_PREVAILING_DE.* - Sym: '_?func2' Resolution: LDPR_PREVAILING_DEF_IRONLY --Sym: '_?text' Resolution: LDPR_PREVAILING_DEF_IRONLY -+Sym: '_?text' Resolution: LDPR_PREVAILING_DE.* - #... - hook called: cleanup. - #... -diff -rup binutils.orig/ld/testsuite/ld-plugin/plugin-16.d binutils-2.36.1/ld/testsuite/ld-plugin/plugin-16.d ---- binutils.orig/ld/testsuite/ld-plugin/plugin-16.d 2021-02-12 10:13:11.119049477 +0000 -+++ binutils-2.36.1/ld/testsuite/ld-plugin/plugin-16.d 2021-02-12 10:29:31.510843797 +0000 -@@ -30,7 +30,7 @@ hook called: claim_file .*/ld/testsuite/ - hook called: claim_file tmpdir/text.o \[@0/.* not claimed - #... - hook called: all symbols read. --Sym: '_?func' Resolution: LDPR_PREVAILING_DEF_IRONLY -+Sym: '_?func' Resolution: LDPR_PREVAILING_DE.* - Sym: '_?func2' Resolution: LDPR_PREVAILING_DEF_IRONLY - #... - hook called: cleanup. -diff -rup binutils.orig/ld/testsuite/ld-plugin/plugin-17.d binutils-2.36.1/ld/testsuite/ld-plugin/plugin-17.d ---- binutils.orig/ld/testsuite/ld-plugin/plugin-17.d 2021-02-12 10:13:11.116049499 +0000 -+++ binutils-2.36.1/ld/testsuite/ld-plugin/plugin-17.d 2021-02-12 10:35:13.348404638 +0000 -@@ -31,7 +31,7 @@ hook called: claim_file .*/ld/testsuite/ - hook called: claim_file tmpdir/text.o \[@0/.* not claimed - #... - hook called: all symbols read. --Sym: '_?func' Resolution: LDPR_PREVAILING_DEF_IRONLY -+Sym: '_?func' Resolution: LDPR_PREVAILING_DE.* - Sym: '_?func2' Resolution: LDPR_PREVAILING_DEF_IRONLY - #... - hook called: cleanup. -diff -rup binutils.orig/ld/testsuite/ld-plugin/plugin-18.d binutils-2.36.1/ld/testsuite/ld-plugin/plugin-18.d ---- binutils.orig/ld/testsuite/ld-plugin/plugin-18.d 2021-02-12 10:13:11.118049484 +0000 -+++ binutils-2.36.1/ld/testsuite/ld-plugin/plugin-18.d 2021-02-12 10:29:47.974726314 +0000 -@@ -32,7 +32,7 @@ hook called: claim_file .*/ld/testsuite/ - hook called: claim_file tmpdir/libtext.a \[@.* not claimed - #... - hook called: all symbols read. --Sym: '_?func' Resolution: LDPR_PREVAILING_DEF_IRONLY -+Sym: '_?func' Resolution: LDPR_PREVAILING_DE.* - Sym: '_?func2' Resolution: LDPR_PREVAILING_DEF_IRONLY - #... - hook called: cleanup. -diff -rup binutils.orig/ld/testsuite/ld-plugin/plugin-19.d binutils-2.36.1/ld/testsuite/ld-plugin/plugin-19.d ---- binutils.orig/ld/testsuite/ld-plugin/plugin-19.d 2021-02-12 10:13:11.116049499 +0000 -+++ binutils-2.36.1/ld/testsuite/ld-plugin/plugin-19.d 2021-02-12 10:30:31.990412245 +0000 -@@ -35,9 +35,9 @@ hook called: claim_file .*/ld/testsuite/ - hook called: claim_file tmpdir/libtext.a \[@.* CLAIMED - #... - hook called: all symbols read. --Sym: '_?func' Resolution: LDPR_PREVAILING_DEF_IRONLY -+Sym: '_?func' Resolution: LDPR_PREVAILING_DE.* - Sym: '_?func2' Resolution: LDPR_PREVAILING_DEF_IRONLY --Sym: '_?text' Resolution: LDPR_PREVAILING_DEF_IRONLY -+Sym: '_?text' Resolution: LDPR_PREVAILING_DE.* - #... - hook called: cleanup. - #... -diff -rup binutils.orig/ld/testsuite/ld-plugin/plugin-8.d binutils-2.36.1/ld/testsuite/ld-plugin/plugin-8.d ---- binutils.orig/ld/testsuite/ld-plugin/plugin-8.d 2021-02-12 10:13:11.118049484 +0000 -+++ binutils-2.36.1/ld/testsuite/ld-plugin/plugin-8.d 2021-02-12 10:23:18.489561148 +0000 -@@ -30,7 +30,7 @@ hook called: claim_file tmpdir/func.o \[ - hook called: claim_file tmpdir/text.o \[@0/.* not claimed - #... - hook called: all symbols read. --Sym: '_?func' Resolution: LDPR_PREVAILING_DEF_IRONLY -+Sym: '_?func' Resolution: LDPR_PREVAILING_DE.* - Sym: '_?func2' Resolution: LDPR_PREVAILING_DEF_IRONLY - #... - hook called: cleanup. -diff -rup binutils.orig/ld/testsuite/ld-plugin/plugin-9.d binutils-2.36.1/ld/testsuite/ld-plugin/plugin-9.d ---- binutils.orig/ld/testsuite/ld-plugin/plugin-9.d 2021-02-12 10:13:11.119049477 +0000 -+++ binutils-2.36.1/ld/testsuite/ld-plugin/plugin-9.d 2021-02-12 10:23:34.417443785 +0000 -@@ -31,7 +31,7 @@ hook called: claim_file tmpdir/func.o \[ - hook called: claim_file tmpdir/text.o \[@0/.* not claimed - #... - hook called: all symbols read. --Sym: '_?func' Resolution: LDPR_PREVAILING_DEF_IRONLY -+Sym: '_?func' Resolution: LDPR_PREVAILING_DE.* - Sym: '_?func2' Resolution: LDPR_PREVAILING_DEF_IRONLY - #... - hook called: cleanup. -diff -rup binutils.orig/ld/testsuite/ld-x86-64/x86-64.exp binutils-2.36.1/ld/testsuite/ld-x86-64/x86-64.exp ---- binutils.orig/ld/testsuite/ld-x86-64/x86-64.exp 2021-02-12 11:44:39.121364751 +0000 -+++ binutils-2.36.1/ld/testsuite/ld-x86-64/x86-64.exp 2021-02-12 11:46:27.505597689 +0000 -@@ -1878,24 +1878,6 @@ if { [isnative] && [check_compiler_avail - "plt-main.out" \ - "-fPIC" \ - ] \ -- [list \ -- "Run plt-main with libibtplt-lib.so -z ibtplt" \ -- "-Wl,--no-as-needed,-z,ibtplt tmpdir/libibtplt-lib.so \ -- tmpdir/libplt-lib.so" \ -- "-Wa,-mx86-used-note=yes" \ -- { plt-main5.c } \ -- "plt-main-ibt-lib" \ -- "plt-main.out" \ -- ] \ -- [list \ -- "Run plt-main with libibtplt-lib.so -z ibtplt -z now" \ -- "-Wl,--no-as-needed,-z,ibtplt,-z,now \ -- tmpdir/libibtplt-now-lib.so tmpdir/libplt-lib.so" \ -- "-Wa,-mx86-used-note=yes" \ -- { plt-main5.c } \ -- "plt-main-ibt-now-lib" \ -- "plt-main.out" \ -- ] \ - ] - - if { [check_ifunc_attribute_available] } { -@@ -1922,7 +1904,6 @@ if { [isnative] && [check_compiler_avail - } - } - -- undefined_weak "$NOPIE_CFLAGS" "$NOPIE_LDFLAGS" - undefined_weak "-fPIE" "" - undefined_weak "-fPIE" "-pie" - undefined_weak "-fPIE" "-Wl,-z,nodynamic-undefined-weak" ---- binutils.orig/ld/testsuite/ld-plugin/plugin-12.d 2021-02-12 11:44:39.076365068 +0000 -+++ binutils-2.36.1/ld/testsuite/ld-plugin/plugin-12.d 2021-02-12 12:01:48.091931654 +0000 -@@ -1,5 +1,5 @@ - #... --.*: symbol `func' definition: DEF, visibility: DEFAULT, resolution: PREVAILING_DEF -+.*: symbol `func' definition: DEF, visibility: DEFAULT, resolution: PREVAILING_DE.* - .*: symbol `func1' definition: DEF, visibility: PROTECTED, resolution: PREVAILING_DEF_IRONLY - .*: symbol `func2' definition: DEF, visibility: INTERNAL, resolution: PREVAILING_DEF_IRONLY - .*: symbol `func3' definition: DEF, visibility: HIDDEN, resolution: PREVAILING_DEF_IRONLY ---- binutils.orig/ld/testsuite/ld-plugin/plugin-12.d 2021-02-12 14:14:25.023160021 +0000 -+++ binutils-2.36.1/ld/testsuite/ld-plugin/plugin-12.d 2021-02-12 14:19:29.106923745 +0000 -@@ -1,6 +1,6 @@ - #... --.*: symbol `func' definition: DEF, visibility: DEFAULT, resolution: PREVAILING_DE.* --.*: symbol `func1' definition: DEF, visibility: PROTECTED, resolution: PREVAILING_DEF_IRONLY --.*: symbol `func2' definition: DEF, visibility: INTERNAL, resolution: PREVAILING_DEF_IRONLY --.*: symbol `func3' definition: DEF, visibility: HIDDEN, resolution: PREVAILING_DEF_IRONLY -+.*: symbol `.*unc' definition: DEF, visibility: DEFAULT, resolution: PREVAILING_DE.* -+.*: symbol `.*unc1' definition: DEF, visibility: PROTECTED, resolution: PREVAILING_DEF_IRONLY -+.*: symbol `.*unc2' definition: DEF, visibility: INTERNAL, resolution: PREVAILING_DEF_IRONLY -+.*: symbol `.*unc3' definition: DEF, visibility: HIDDEN, resolution: PREVAILING_DEF_IRONLY - #pass ---- binutils.orig/ld/testsuite/ld-aarch64/variant_pcs-now.d 2021-07-19 12:39:14.240555833 +0100 -+++ binutils-2.37/ld/testsuite/ld-aarch64/variant_pcs-now.d 2021-07-19 12:50:27.753751551 +0100 -@@ -23,10 +23,10 @@ Symbol table '\.dynsym' contains 7 entri - Num: Value Size Type Bind Vis Ndx Name - 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND - 1: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND f_base_global_default_undef -- 2: 0000000000000000 0 NOTYPE GLOBAL DEFAULT \[VARIANT_PCS\] UND f_spec_global_default_undef -- 3: 0000000000008000 0 IFUNC GLOBAL DEFAULT \[VARIANT_PCS\] 1 f_spec_global_default_ifunc -+ 2: 0000000000000000 0 NOTYPE GLOBAL DEFAULT[ ]+UND f_spec_global_default_undef[ ]+\[VARIANT_PCS\] -+ 3: 0000000000008000 0 IFUNC GLOBAL DEFAULT[ ]+1 f_spec_global_default_ifunc[ ]+\[VARIANT_PCS\] - 4: 0000000000008000 0 NOTYPE GLOBAL DEFAULT 1 f_base_global_default_def -- 5: 0000000000008000 0 NOTYPE GLOBAL DEFAULT \[VARIANT_PCS\] 1 f_spec_global_default_def -+ 5: 0000000000008000 0 NOTYPE GLOBAL DEFAULT[ ]+1 f_spec_global_default_def[ ]+\[VARIANT_PCS\] - 6: 0000000000008000 0 IFUNC GLOBAL DEFAULT 1 f_base_global_default_ifunc - - Symbol table '\.symtab' contains 35 entries: -@@ -41,28 +41,28 @@ Symbol table '\.symtab' contains 35 entr - 7: 00000000000111c8 0 SECTION LOCAL DEFAULT 7.* - 8: 0000000000011270 0 SECTION LOCAL DEFAULT 8.* - 9: 0000000000000000 0 FILE LOCAL DEFAULT ABS .*variant_pcs-1\.o -- 10: 0000000000008000 0 NOTYPE LOCAL DEFAULT \[VARIANT_PCS\] 1 f_spec_local -- 11: 0000000000008000 0 IFUNC LOCAL DEFAULT \[VARIANT_PCS\] 1 f_spec_local_ifunc -+ 10: 0000000000008000 0 NOTYPE LOCAL DEFAULT .* -+ 11: 0000000000008000 0 IFUNC LOCAL DEFAULT .* - 12: 0000000000008000 0 IFUNC LOCAL DEFAULT 1 f_base_local_ifunc - 13: 0000000000008000 0 NOTYPE LOCAL DEFAULT 1 f_base_local - 14: 0000000000008000 0 NOTYPE LOCAL DEFAULT 1 \$x - 15: 0000000000000000 0 FILE LOCAL DEFAULT ABS .*variant_pcs-2\.o -- 16: 0000000000008038 0 NOTYPE LOCAL DEFAULT \[VARIANT_PCS\] 1 f_spec_local2 -- 17: 0000000000008038 0 IFUNC LOCAL DEFAULT \[VARIANT_PCS\] 1 f_spec_local2_ifunc -+ 16: 0000000000008038 0 NOTYPE LOCAL DEFAULT .* -+ 17: 0000000000008038 0 IFUNC LOCAL DEFAULT .* - 18: 0000000000008038 0 IFUNC LOCAL DEFAULT 1 f_base_local2_ifunc - 19: 0000000000008038 0 NOTYPE LOCAL DEFAULT 1 f_base_local2 - 20: 0000000000008038 0 NOTYPE LOCAL DEFAULT 1 \$x - 21: 0000000000000000 0 FILE LOCAL DEFAULT ABS - 22: 0000000000009080 0 OBJECT LOCAL DEFAULT ABS _DYNAMIC -- 23: 0000000000008000 0 NOTYPE LOCAL DEFAULT \[VARIANT_PCS\] 1 f_spec_global_hidden_def -+ 23: 0000000000008000 0 NOTYPE LOCAL DEFAULT .* - 24: 0000000000008000 0 IFUNC LOCAL DEFAULT 1 f_base_global_hidden_ifunc - 25: 0000000000008000 0 NOTYPE LOCAL DEFAULT 1 f_base_global_hidden_def - 26: 0000000000009000 0 OBJECT LOCAL DEFAULT ABS _GLOBAL_OFFSET_TABLE_ -- 27: 0000000000008000 0 IFUNC LOCAL DEFAULT \[VARIANT_PCS\] 1 f_spec_global_hidden_ifunc -+ 27: 0000000000008000 0 IFUNC LOCAL DEFAULT .* - 28: 0000000000008070 0 NOTYPE LOCAL DEFAULT 2 \$x - 29: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND f_base_global_default_undef -- 30: 0000000000000000 0 NOTYPE GLOBAL DEFAULT \[VARIANT_PCS\] UND f_spec_global_default_undef -- 31: 0000000000008000 0 IFUNC GLOBAL DEFAULT \[VARIANT_PCS\] 1 f_spec_global_default_ifunc -+ 30: 0000000000000000 0 NOTYPE GLOBAL DEFAULT .* -+ 31: 0000000000008000 0 IFUNC GLOBAL DEFAULT .* - 32: 0000000000008000 0 NOTYPE GLOBAL DEFAULT 1 f_base_global_default_def -- 33: 0000000000008000 0 NOTYPE GLOBAL DEFAULT \[VARIANT_PCS\] 1 f_spec_global_default_def -+ 33: 0000000000008000 0 NOTYPE GLOBAL DEFAULT .* - 34: 0000000000008000 0 IFUNC GLOBAL DEFAULT 1 f_base_global_default_ifunc ---- binutils.orig/ld/testsuite/ld-aarch64/variant_pcs-r.d 2021-07-19 12:39:14.235555861 +0100 -+++ binutils-2.37/ld/testsuite/ld-aarch64/variant_pcs-r.d 2021-07-19 12:51:04.981541273 +0100 -@@ -37,24 +37,24 @@ Symbol table '\.symtab' contains 26 entr - 2: 0000000000000000 0 SECTION LOCAL DEFAULT 3.* - 3: 0000000000000000 0 SECTION LOCAL DEFAULT 4.* - 4: 0000000000000000 0 FILE LOCAL DEFAULT ABS .*variant_pcs-1\.o -- 5: 0000000000000000 0 NOTYPE LOCAL DEFAULT \[VARIANT_PCS\] 1 f_spec_local -- 6: 0000000000000000 0 IFUNC LOCAL DEFAULT \[VARIANT_PCS\] 1 f_spec_local_ifunc -+ 5: 0000000000000000 0 NOTYPE LOCAL DEFAULT .* -+ 6: 0000000000000000 0 IFUNC LOCAL DEFAULT .* - 7: 0000000000000000 0 IFUNC LOCAL DEFAULT 1 f_base_local_ifunc - 8: 0000000000000000 0 NOTYPE LOCAL DEFAULT 1 f_base_local - 9: 0000000000000000 0 NOTYPE LOCAL DEFAULT 1 \$x - 10: 0000000000000000 0 FILE LOCAL DEFAULT ABS .*variant_pcs-2\.o -- 11: 0000000000000038 0 NOTYPE LOCAL DEFAULT \[VARIANT_PCS\] 1 f_spec_local2 -- 12: 0000000000000038 0 IFUNC LOCAL DEFAULT \[VARIANT_PCS\] 1 f_spec_local2_ifunc -+ 11: 0000000000000038 0 NOTYPE LOCAL DEFAULT .* -+ 12: 0000000000000038 0 IFUNC LOCAL DEFAULT .* - 13: 0000000000000038 0 IFUNC LOCAL DEFAULT 1 f_base_local2_ifunc - 14: 0000000000000038 0 NOTYPE LOCAL DEFAULT 1 f_base_local2 - 15: 0000000000000038 0 NOTYPE LOCAL DEFAULT 1 \$x - 16: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND f_base_global_default_undef -- 17: 0000000000000000 0 NOTYPE GLOBAL DEFAULT \[VARIANT_PCS\] UND f_spec_global_default_undef -- 18: 0000000000000000 0 NOTYPE GLOBAL HIDDEN \[VARIANT_PCS\] 1 f_spec_global_hidden_def -+ 17: 0000000000000000 0 NOTYPE GLOBAL DEFAULT .* -+ 18: 0000000000000000 0 NOTYPE GLOBAL HIDDEN .* - 19: 0000000000000000 0 IFUNC GLOBAL HIDDEN 1 f_base_global_hidden_ifunc -- 20: 0000000000000000 0 IFUNC GLOBAL DEFAULT \[VARIANT_PCS\] 1 f_spec_global_default_ifunc -+ 20: 0000000000000000 0 IFUNC GLOBAL DEFAULT .* - 21: 0000000000000000 0 NOTYPE GLOBAL HIDDEN 1 f_base_global_hidden_def -- 22: 0000000000000000 0 IFUNC GLOBAL HIDDEN \[VARIANT_PCS\] 1 f_spec_global_hidden_ifunc -+ 22: 0000000000000000 0 IFUNC GLOBAL HIDDEN .* - 23: 0000000000000000 0 NOTYPE GLOBAL DEFAULT 1 f_base_global_default_def -- 24: 0000000000000000 0 NOTYPE GLOBAL DEFAULT \[VARIANT_PCS\] 1 f_spec_global_default_def -+ 24: 0000000000000000 0 NOTYPE GLOBAL DEFAULT .* - 25: 0000000000000000 0 IFUNC GLOBAL DEFAULT 1 f_base_global_default_ifunc ---- binutils.orig/ld/testsuite/ld-aarch64/variant_pcs-shared.d 2021-07-19 12:39:14.235555861 +0100 -+++ binutils-2.37/ld/testsuite/ld-aarch64/variant_pcs-shared.d 2021-07-19 12:51:38.076354339 +0100 -@@ -23,10 +23,10 @@ Symbol table '\.dynsym' contains 7 entri - Num: Value Size Type Bind Vis Ndx Name - 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND - 1: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND f_base_global_default_undef -- 2: 0000000000000000 0 NOTYPE GLOBAL DEFAULT \[VARIANT_PCS\] UND f_spec_global_default_undef -- 3: 0000000000008000 0 IFUNC GLOBAL DEFAULT \[VARIANT_PCS\] 1 f_spec_global_default_ifunc -+ 2: 0000000000000000 0 NOTYPE GLOBAL DEFAULT[ ]+UND f_spec_global_default_undef[ ]+\[VARIANT_PCS\] -+ 3: 0000000000008000 0 IFUNC GLOBAL DEFAULT[ ]+1 f_spec_global_default_ifunc[ ]+\[VARIANT_PCS\] - 4: 0000000000008000 0 NOTYPE GLOBAL DEFAULT 1 f_base_global_default_def -- 5: 0000000000008000 0 NOTYPE GLOBAL DEFAULT \[VARIANT_PCS\] 1 f_spec_global_default_def -+ 5: 0000000000008000 0 NOTYPE GLOBAL DEFAULT[ ]+1 f_spec_global_default_def[ ]+\[VARIANT_PCS\] - 6: 0000000000008000 0 IFUNC GLOBAL DEFAULT 1 f_base_global_default_ifunc - - Symbol table '\.symtab' contains 35 entries: -@@ -41,28 +41,28 @@ Symbol table '\.symtab' contains 35 entr - 7: 00000000000111c8 0 SECTION LOCAL DEFAULT 7.* - 8: 0000000000011270 0 SECTION LOCAL DEFAULT 8.* - 9: 0000000000000000 0 FILE LOCAL DEFAULT ABS .*variant_pcs-1\.o -- 10: 0000000000008000 0 NOTYPE LOCAL DEFAULT \[VARIANT_PCS\] 1 f_spec_local -- 11: 0000000000008000 0 IFUNC LOCAL DEFAULT \[VARIANT_PCS\] 1 f_spec_local_ifunc -+ 10: 0000000000008000 0 NOTYPE LOCAL DEFAULT .* -+ 11: 0000000000008000 0 IFUNC LOCAL DEFAULT .* - 12: 0000000000008000 0 IFUNC LOCAL DEFAULT 1 f_base_local_ifunc - 13: 0000000000008000 0 NOTYPE LOCAL DEFAULT 1 f_base_local - 14: 0000000000008000 0 NOTYPE LOCAL DEFAULT 1 \$x - 15: 0000000000000000 0 FILE LOCAL DEFAULT ABS .*variant_pcs-2\.o -- 16: 0000000000008038 0 NOTYPE LOCAL DEFAULT \[VARIANT_PCS\] 1 f_spec_local2 -- 17: 0000000000008038 0 IFUNC LOCAL DEFAULT \[VARIANT_PCS\] 1 f_spec_local2_ifunc -+ 16: 0000000000008038 0 NOTYPE LOCAL DEFAULT .* -+ 17: 0000000000008038 0 IFUNC LOCAL DEFAULT .* - 18: 0000000000008038 0 IFUNC LOCAL DEFAULT 1 f_base_local2_ifunc - 19: 0000000000008038 0 NOTYPE LOCAL DEFAULT 1 f_base_local2 - 20: 0000000000008038 0 NOTYPE LOCAL DEFAULT 1 \$x - 21: 0000000000000000 0 FILE LOCAL DEFAULT ABS - 22: 0000000000009080 0 OBJECT LOCAL DEFAULT ABS _DYNAMIC -- 23: 0000000000008000 0 NOTYPE LOCAL DEFAULT \[VARIANT_PCS\] 1 f_spec_global_hidden_def -+ 23: 0000000000008000 0 NOTYPE LOCAL DEFAULT .* - 24: 0000000000008000 0 IFUNC LOCAL DEFAULT 1 f_base_global_hidden_ifunc - 25: 0000000000008000 0 NOTYPE LOCAL DEFAULT 1 f_base_global_hidden_def - 26: 0000000000009000 0 OBJECT LOCAL DEFAULT ABS _GLOBAL_OFFSET_TABLE_ -- 27: 0000000000008000 0 IFUNC LOCAL DEFAULT \[VARIANT_PCS\] 1 f_spec_global_hidden_ifunc -+ 27: 0000000000008000 0 IFUNC LOCAL DEFAULT .* - 28: 0000000000008070 0 NOTYPE LOCAL DEFAULT 2 \$x - 29: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND f_base_global_default_undef -- 30: 0000000000000000 0 NOTYPE GLOBAL DEFAULT \[VARIANT_PCS\] UND f_spec_global_default_undef -- 31: 0000000000008000 0 IFUNC GLOBAL DEFAULT \[VARIANT_PCS\] 1 f_spec_global_default_ifunc -+ 30: 0000000000000000 0 NOTYPE GLOBAL DEFAULT .* -+ 31: 0000000000008000 0 IFUNC GLOBAL DEFAULT .* - 32: 0000000000008000 0 NOTYPE GLOBAL DEFAULT 1 f_base_global_default_def -- 33: 0000000000008000 0 NOTYPE GLOBAL DEFAULT \[VARIANT_PCS\] 1 f_spec_global_default_def -+ 33: 0000000000008000 0 NOTYPE GLOBAL DEFAULT .* - 34: 0000000000008000 0 IFUNC GLOBAL DEFAULT 1 f_base_global_default_ifunc ---- binutils.orig/gold/main.cc 2021-07-19 12:39:14.643553557 +0100 -+++ binutils-2.37/gold/main.cc 2021-07-19 12:53:40.043665415 +0100 -@@ -290,16 +290,6 @@ main(int argc, char** argv) - elapsed.sys / 1000, (elapsed.sys % 1000) * 1000, - elapsed.wall / 1000, (elapsed.wall % 1000) * 1000); - --#if defined(HAVE_MALLINFO2) -- struct mallinfo2 m = mallinfo2(); -- fprintf(stderr, _("%s: total space allocated by malloc: %lld bytes\n"), -- program_name, static_cast(m.arena)); --#elif defined(HAVE_MALLINFO) -- struct mallinfo m = mallinfo(); -- fprintf(stderr, _("%s: total space allocated by malloc: %lld bytes\n"), -- program_name, static_cast(m.arena)); --#endif -- - File_read::print_stats(); - Archive::print_stats(); - Lib_group::print_stats(); ---- binutils.orig/ld/testsuite/ld-aarch64/tls-relax-gdesc-le-now.d 2021-07-19 14:51:48.859666911 +0100 -+++ binutils-2.37/ld/testsuite/ld-aarch64/tls-relax-gdesc-le-now.d 2021-07-19 14:59:56.130065901 +0100 -@@ -11,7 +11,7 @@ - 0x.+ \(PLTRELSZ\) \s+.+ \(bytes\) - 0x.+ \(PLTREL\) \s+RELA - 0x.+ \(JMPREL\) \s+0x.+ -- 0x.+ \(BIND_NOW\) \s+ -+ 0x.+ \(FLAGS\) \s+BIND_NOW - 0x.+ \(FLAGS_1\) \s+ Flags: NOW - 0x.+ \(NULL\) \s+ 0x0 - ---- binutils.orig/ld/testsuite/ld-plugin/plugin.exp 2021-07-19 14:51:48.905666659 +0100 -+++ binutils-2.37/ld/testsuite/ld-plugin/plugin.exp 2021-07-19 15:06:56.159875135 +0100 -@@ -119,7 +119,7 @@ if { $can_compile && !$failed_compile } - - # I do not know why, but the underscore prefix test is going - # wrong on ppc64le targets. So override it here. --if { [istarget powerpc*-*-linux*] || [istarget x86_64*-*-linux*] } { -+if { [istarget powerpc*-*-linux*] || [istarget x86_64*-*-linux*] || [istarget *-*-*] } { - set _ "" - } - ---- binutils.orig/ld/testsuite/ld-elf/compress.exp 2021-07-19 14:51:48.982666235 +0100 -+++ binutils-2.37/ld/testsuite/ld-elf/compress.exp 2021-07-19 15:16:14.268931663 +0100 -@@ -168,7 +168,7 @@ if { [regexp_diff tmpdir/$test.out $srcd - set test_name "Link with zlib compressed debug output 1" - set test normal - send_log "$READELF -w tmpdir/$test > tmpdir/$test.out\n" --set got [remote_exec host [concat sh -c [list "$READELF -w tmpdir/$test > tmpdir/$test.out"]] "" "/dev/null"] -+set got [remote_exec host [concat sh -c [list "$READELF -wi tmpdir/$test > tmpdir/$test.out"]] "" "/dev/null"] - if { [lindex $got 0] != 0 || ![string match "" [lindex $got 1]] } then { - send_log "$got\n" - fail "$test_name" ---- binutils.orig/ld/testsuite/ld-elf/compress.exp 2021-07-20 09:55:20.387674258 +0100 -+++ binutils-2.37/ld/testsuite/ld-elf/compress.exp 2021-07-20 09:59:51.118189655 +0100 -@@ -167,7 +167,7 @@ if { [regexp_diff tmpdir/$test.out $srcd - - set test_name "Link with zlib compressed debug output 1" - set test normal --send_log "$READELF -w tmpdir/$test > tmpdir/$test.out\n" -+send_log "$READELF -wi tmpdir/$test > tmpdir/$test.out\n" - set got [remote_exec host [concat sh -c [list "$READELF -wi tmpdir/$test > tmpdir/$test.out"]] "" "/dev/null"] - if { [lindex $got 0] != 0 || ![string match "" [lindex $got 1]] } then { - send_log "$got\n" -@@ -176,8 +176,8 @@ if { [lindex $got 0] != 0 || ![string ma - - set test_name "Link with zlib compressed debug output 2" - set test zlibnormal --send_log "$READELF -w tmpdir/$test | sed -e \"s/.zdebug_/.debug_/\" > tmpdir/$test.out\n" --set got [remote_exec host [concat sh -c [list "$READELF -w tmpdir/$test | sed -e \"s/.zdebug_/.debug_/\" > tmpdir/$test.out"]] "" "/dev/null"] -+send_log "$READELF -wi tmpdir/$test | sed -e \"s/.zdebug_/.debug_/\" > tmpdir/$test.out\n" -+set got [remote_exec host [concat sh -c [list "$READELF -wi tmpdir/$test | sed -e \"s/.zdebug_/.debug_/\" > tmpdir/$test.out"]] "" "/dev/null"] - if { [lindex $got 0] != 0 || ![string match "" [lindex $got 1]] } then { - send_log "$got\n" - fail "$test_name" -@@ -203,8 +203,8 @@ if { [regexp_diff tmpdir/$test.out $srcd - - set test_name "Link with zlib-gnu compressed debug output 1" - set test gnunormal --send_log "$READELF -w tmpdir/$test | sed -e \"s/.zdebug_/.debug_/\" > tmpdir/$test.out\n" --set got [remote_exec host [concat sh -c [list "$READELF -w tmpdir/$test | sed -e \"s/.zdebug_/.debug_/\" > tmpdir/$test.out"]] "" "/dev/null"] -+send_log "$READELF -wi tmpdir/$test | sed -e \"s/.zdebug_/.debug_/\" > tmpdir/$test.out\n" -+set got [remote_exec host [concat sh -c [list "$READELF -wi tmpdir/$test | sed -e \"s/.zdebug_/.debug_/\" > tmpdir/$test.out"]] "" "/dev/null"] - if { [lindex $got 0] != 0 || ![string match "" [lindex $got 1]] } then { - send_log "$got\n" - fail "$test_name" -@@ -230,8 +230,8 @@ if { [regexp_diff tmpdir/$test.out $srcd - - set test gabinormal - set test_name "Link with zlib-gabi compressed debug output 1" --send_log "$READELF -w tmpdir/$test > tmpdir/$test.out\n" --set got [remote_exec host [concat sh -c [list "$READELF -w tmpdir/$test > tmpdir/$test.out"]] "" "/dev/null"] -+send_log "$READELF -wi tmpdir/$test > tmpdir/$test.out\n" -+set got [remote_exec host [concat sh -c [list "$READELF -wi tmpdir/$test > tmpdir/$test.out"]] "" "/dev/null"] - if { [lindex $got 0] != 0 || ![string match "" [lindex $got 1]] } then { - send_log "$got\n" - fail "$test_name" ---- binutils.orig/ld/testsuite/ld-elf/shared.exp 2021-07-20 09:55:20.398674198 +0100 -+++ binutils-2.37/ld/testsuite/ld-elf/shared.exp 2021-07-20 10:04:13.180751421 +0100 -@@ -1629,6 +1629,7 @@ if [istarget "sparc*-*-*"] { - if { ([istarget "*-*-linux*"] - || [istarget "*-*-nacl*"] - || [istarget "*-*-gnu*"]) -+ && ![istarget "aarch64*-*-*"] && ![istarget "arm*-*-*"] - && ![istarget "mips*-*-*"] } { - run_ld_link_tests [list \ - [list \ ---- binutils.orig/ld/testsuite/ld-gc/pr13683.d 2021-07-20 09:55:20.295674760 +0100 -+++ binutils-2.37/ld/testsuite/ld-gc/pr13683.d 2021-07-20 10:10:30.650663650 +0100 -@@ -2,7 +2,7 @@ - #source: dummy.s - #ld: --gc-sections -e main --defsym foo=foo2 tmpdir/pr13683.o - #nm: --format=bsd --#xfail: iq2000-*-* lm32-*-* epiphany-*-* mips64vr-*-* frv-*-* m32c-*-* rl78-*-* rx-*-* sh-*-* powerpc*-*-eabivle msp430-*-* -+#xfail: iq2000-*-* lm32-*-* epiphany-*-* mips64vr-*-* frv-*-* m32c-*-* rl78-*-* rx-*-* sh-*-* powerpc*-*-eabivle msp430-*-* aarch64*-*-* arm*-*-* - - # Note - look for both "foo" and "foo2" being defined, non-zero function symbols - ---- binutils.orig/ld/testsuite/ld-gc/pr19161.d 2021-07-20 09:55:20.295674760 +0100 -+++ binutils-2.37/ld/testsuite/ld-gc/pr19161.d 2021-07-20 10:12:36.585966659 +0100 -@@ -2,7 +2,7 @@ - #source: dummy.s - #ld: --gc-sections -e main tmpdir/pr19161-1.o tmpdir/pr19161-2.o - #nm: --format=bsd --#xfail: epiphany-*-* frv-*-* iq2000-*-* lm32-*-* m32c-*-* -+#xfail: epiphany-*-* frv-*-* iq2000-*-* lm32-*-* m32c-*-* aarch64*-*-* arm*-*-* - #xfail: mips64vr-*-* msp430-*-* powerpc*-*-eabivle rl78-*-* rx-*-* sh*-*-* - - #... ---- binutils.orig/ld/testsuite/ld-i386/i386.exp 2021-07-20 13:28:42.211613869 +0100 -+++ binutils-2.37/ld/testsuite/ld-i386/i386.exp 2021-07-20 13:40:00.116839084 +0100 -@@ -1057,15 +1057,6 @@ if { [isnative] - "pr18900.out" \ - ] \ - [list \ -- "Run pr19031" \ -- "$NOPIE_LDFLAGS tmpdir/pr19031.so" \ -- "-Wa,-mx86-used-note=yes" \ -- { pr19031b.S pr19031c.c } \ -- "pr19031" \ -- "pr19031.out" \ -- "$NOPIE_CFLAGS" \ -- ] \ -- [list \ - "Run got1" \ - "$NOPIE_LDFLAGS tmpdir/got1d.so" \ - "-Wa,-mx86-used-note=yes" \ -@@ -1117,6 +1108,7 @@ if { [isnative] - ] \ - ] - -+ setup_xfail i686*-*-* - undefined_weak "$NOPIE_CFLAGS" "$NOPIE_LDFLAGS" - undefined_weak "-fPIE" "$NOPIE_LDFLAGS" - undefined_weak "-fPIE" "-pie" ---- binutils.orig/ld/testsuite/ld-i386/plt-main.rd 2021-07-20 13:28:42.214613852 +0100 -+++ binutils-2.37/ld/testsuite/ld-i386/plt-main.rd 2021-07-20 13:39:25.781030283 +0100 -@@ -1,4 +1,1 @@ --#failif --#... --[0-9a-f ]+R_386_JUMP_SLOT +0+ +bar - #... ---- binutils.orig/ld/testsuite/ld-scripts/crossref.exp 2021-07-20 13:28:42.114614409 +0100 -+++ binutils-2.37/ld/testsuite/ld-scripts/crossref.exp 2021-07-20 13:45:27.476015992 +0100 -@@ -147,6 +147,8 @@ set exec_output [prune_warnings $exec_ou - - regsub -all "(^|\n)($ld: warning: cannot find entry symbol\[^\n\]*\n?)" $exec_output "\\1" exec_output - -+setup_xfail i686*-*-* -+ - if [string match "" $exec_output] then { - pass $test3 - } else { -@@ -187,6 +189,8 @@ set exec_output [prune_warnings $exec_ou - - regsub -all "(^|\n)($ld: warning: cannot find entry symbol\[^\n\]*\n?)" $exec_output "\\1" exec_output - -+setup_xfail i686*-*-* -+ - if [string match "" $exec_output] then { - pass $test6 - } else { -@@ -199,6 +203,8 @@ set exec_output [prune_warnings $exec_ou - - regsub -all "(^|\n)($ld: warning: cannot find entry symbol\[^\n\]*\n?)" $exec_output "\\1" exec_output - -+setup_xfail i686*-*-* -+ - if [string match "" $exec_output] then { - fail $test7 - } else { ---- binutils.orig/ld/testsuite/ld-shared/shared.exp 2021-07-20 13:28:42.168614108 +0100 -+++ binutils-2.37/ld/testsuite/ld-shared/shared.exp 2021-07-20 13:46:57.073516995 +0100 -@@ -36,9 +36,6 @@ if { ![istarget hppa*64*-*-hpux*] \ - && ![istarget hppa*-*-linux*] \ - && ![istarget i?86-*-sysv4*] \ - && ![istarget i?86-*-unixware] \ -- && ![istarget i?86-*-elf*] \ -- && ![istarget i?86-*-linux*] \ -- && ![istarget i?86-*-gnu*] \ - && ![istarget *-*-nacl*] \ - && ![istarget ia64-*-elf*] \ - && ![istarget ia64-*-linux*] \ ---- binutils.orig/ld/testsuite/ld-i386/i386.exp 2021-07-20 15:22:27.898561717 +0100 -+++ binutils-2.37/ld/testsuite/ld-i386/i386.exp 2021-07-20 15:24:39.121829544 +0100 -@@ -1108,8 +1108,9 @@ if { [isnative] - ] \ - ] - -- setup_xfail i686*-*-* -- undefined_weak "$NOPIE_CFLAGS" "$NOPIE_LDFLAGS" -+ if { ! [istarget i686*-*-*] } { -+ undefined_weak "$NOPIE_CFLAGS" "$NOPIE_LDFLAGS" -+ } - undefined_weak "-fPIE" "$NOPIE_LDFLAGS" - undefined_weak "-fPIE" "-pie" - undefined_weak "-fPIE" "-z nodynamic-undefined-weak $NOPIE_LDFLAGS" -@@ -1173,7 +1174,7 @@ if { [isnative] - ] \ - ] - -- if { [istarget "i?86-*-linux*"] } { -+ if { [istarget "i?86-*-linux*"] && ! [istarget i686*-*-*] } { - run_cc_link_tests [list \ - [list \ - "Build pr21168.so with -z ibtplt" \ ---- binutils.orig/ld/testsuite/ld-ifunc/ifunc.exp 2021-07-20 15:22:27.806562231 +0100 -+++ binutils-2.37/ld/testsuite/ld-ifunc/ifunc.exp 2021-07-20 15:28:03.248690669 +0100 -@@ -39,6 +39,7 @@ if { ![is_elf_format] || ![supports_gnu_ - || [istarget nds32*-*-*] - || [istarget nios2-*-*] - || [istarget or1k-*-*] -+ || [istarget ppc*-*-*] - || [istarget score*-*-*] - || [istarget sh*-*-*] - || [istarget tic6x-*-*] -diff -rup binutils.orig/ld/testsuite/ld-powerpc/group1.sym binutils-2.37/ld/testsuite/ld-powerpc/group1.sym ---- binutils.orig/ld/testsuite/ld-powerpc/group1.sym 2021-07-20 15:22:27.827562114 +0100 -+++ binutils-2.37/ld/testsuite/ld-powerpc/group1.sym 2021-07-20 15:39:57.916703418 +0100 -@@ -1,3 +1,2 @@ - #... --.* 8 FUNC +GLOBAL DEFAULT \[: 4\] +1 foo - #pass -diff -rup binutils.orig/ld/testsuite/ld-powerpc/group3.sym binutils-2.37/ld/testsuite/ld-powerpc/group3.sym ---- binutils.orig/ld/testsuite/ld-powerpc/group3.sym 2021-07-20 15:22:27.825562125 +0100 -+++ binutils-2.37/ld/testsuite/ld-powerpc/group3.sym 2021-07-20 15:40:13.388617110 +0100 -@@ -1,3 +1,2 @@ - #... --.* 4 FUNC +GLOBAL DEFAULT \[: 1\] +1 foo - #pass -diff -rup binutils.orig/ld/testsuite/ld-powerpc/notoc3.d binutils-2.37/ld/testsuite/ld-powerpc/notoc3.d ---- binutils.orig/ld/testsuite/ld-powerpc/notoc3.d 2021-07-20 15:22:27.824562131 +0100 -+++ binutils-2.37/ld/testsuite/ld-powerpc/notoc3.d 2021-07-20 15:39:16.508934455 +0100 -@@ -58,7 +58,7 @@ Disassembly of section \.text: - - .* : - .*: (02 10 40 3c|3c 40 10 02) lis r2,4098 --.*: (00 90 42 38|38 42 90 00) addi r2,r2,-28672 -+.*:.* - .*: (.. .. ff 4b|4b ff .. ..) bl .* <.*\.long_branch\.f1> - .*: (18 00 41 e8|e8 41 00 18) ld r2,24\(r1\) - .*: (.. .. ff 4b|4b ff .. ..) bl .* -@@ -73,7 +73,7 @@ Disassembly of section \.text: - - .* : - .*: (02 10 40 3c|3c 40 10 02) lis r2,4098 --.*: (00 90 42 38|38 42 90 00) addi r2,r2,-28672 -+.*:.* - .*: (.. .. ff 4b|4b ff .. ..) bl .* - .*: (00 00 00 60|60 00 00 00) nop - .*: (.. .. ff 4b|4b ff .. ..) bl .* <.*\.long_branch\.f1> -@@ -92,6 +92,6 @@ Disassembly of section \.text\.ext: - - 8000000000000000 : - 8000000000000000: (02 10 40 3c|3c 40 10 02) lis r2,4098 --8000000000000004: (00 90 42 38|38 42 90 00) addi r2,r2,-28672 -+8000000000000004:.* - 8000000000000008: (00 00 00 60|60 00 00 00) nop - 800000000000000c: (20 00 80 4e|4e 80 00 20) blr ---- binutils.orig/ld/testsuite/ld-ifunc/ifunc.exp 2021-07-20 16:24:17.370869076 +0100 -+++ binutils-2.37/ld/testsuite/ld-ifunc/ifunc.exp 2021-07-20 16:24:31.069792658 +0100 -@@ -39,6 +39,7 @@ if { ![is_elf_format] || ![supports_gnu_ - || [istarget nds32*-*-*] - || [istarget nios2-*-*] - || [istarget or1k-*-*] -+ || [istarget powerpc*-*-*] - || [istarget ppc*-*-*] - || [istarget score*-*-*] - || [istarget sh*-*-*] ---- binutils.orig/ld/testsuite/ld-powerpc/group1.sym 2021-07-20 16:24:17.384868997 +0100 -+++ binutils-2.37/ld/testsuite/ld-powerpc/group1.sym 2021-07-20 16:27:36.604757678 +0100 -@@ -1,2 +1 @@ --#... - #pass ---- binutils.orig/ld/testsuite/ld-powerpc/group3.sym 2021-07-20 16:24:17.389868970 +0100 -+++ binutils-2.37/ld/testsuite/ld-powerpc/group3.sym 2021-07-20 16:28:33.372441000 +0100 -@@ -1,2 +1,1 @@ --#... - #pass ---- binutils.orig/ld/testsuite/ld-elf/pr26580-3.out 2021-07-20 17:07:36.952369125 +0100 -+++ binutils-2.37/ld/testsuite/ld-elf/pr26580-3.out 2021-07-20 17:13:39.069350355 +0100 -@@ -1,2 +1,2 @@ - library not loaded --alignment 1 -+alignment . ---- binutils.orig/ld/testsuite/ld-elf/shared.exp 2021-07-20 17:07:36.950369136 +0100 -+++ binutils-2.37/ld/testsuite/ld-elf/shared.exp 2021-07-20 17:16:04.267540887 +0100 -@@ -1536,18 +1536,6 @@ if { [istarget *-*-linux*] - "pr22393-2-static" \ - "pass.out" \ - ] \ -- [list \ -- "Run pr21964-4" \ -- "" \ -- "" \ -- {pr21964-4.c} \ -- "pr21964-4" \ -- "pass.out" \ -- "" \ -- "" \ -- "" \ -- "-ldl" \ -- ] \ - ] - } - ---- binutils.orig/ld/testsuite/ld-elf/tls.exp 2021-07-20 17:07:36.953369120 +0100 -+++ binutils-2.37/ld/testsuite/ld-elf/tls.exp 2021-07-20 17:20:40.443001211 +0100 -@@ -32,6 +32,9 @@ if { !([istarget *-*-linux*] - if { ![check_compiler_available] } { - return - } -+if { [istarget s390x*-*-*] } { -+ return -+} - - # This target requires extra GAS options when building PIC/PIE code. - set AFLAGS_PIC "" ---- binutils.orig/binutils/testsuite/binutils-all/compress.exp 2021-08-18 12:41:47.036991908 +0100 -+++ binutils-2.37/binutils/testsuite/binutils-all/compress.exp 2021-08-18 12:47:46.097987950 +0100 -@@ -766,12 +766,6 @@ proc test_gnu_debuglink {} { - } else { - pass "$test (objdump with missing link)" - } -- set got [remote_exec host [concat sh -c [list "$READELF -S tmpdir/testprog > /dev/null"]]] -- if { [lindex $got 0] != 0 || ![string match "" [lindex $got 1]] } then { -- fail "$test (readelf with missing link)" -- } else { -- pass "$test (readelf with missing link)" -- } - } - - if {[is_elf_format]} then { -diff -rup binutils.orig/ld/testsuite/ld-plugin/lto.exp binutils-2.38/ld/testsuite/ld-plugin/lto.exp ---- binutils.orig/ld/testsuite/ld-plugin/lto.exp 2022-04-04 10:38:14.068433736 +0100 -+++ binutils-2.38/ld/testsuite/ld-plugin/lto.exp 2022-04-04 10:46:07.879920580 +0100 -@@ -31,8 +31,8 @@ if { ![check_plugin_api_available] - - set saved_CFLAGS "$CFLAGS_FOR_TARGET" - set saved_CXXFLAGS "$CXXFLAGS_FOR_TARGET" --regsub -all "(\\-Wp,)?-D_FORTIFY_SOURCE=\[0-9\]+" $CFLAGS_FOR_TARGET "" CFLAGS_FOR_TARGET --regsub -all "(\\-Wp,)?-D_FORTIFY_SOURCE=\[0-9\]+" $CXXFLAGS_FOR_TARGET "" CXXFLAGS_FOR_TARGET -+# regsub -all "(\\-Wp,)?-D_FORTIFY_SOURCE=\[0-9\]+" $CFLAGS_FOR_TARGET "" CFLAGS_FOR_TARGET -+# regsub -all "(\\-Wp,)?-D_FORTIFY_SOURCE=\[0-9\]+" $CXXFLAGS_FOR_TARGET "" CXXFLAGS_FOR_TARGET - - proc restore_notify { } { - global saved_CFLAGS -diff -rup binutils.orig/ld/testsuite/ld-x86-64/pr22001-1b.err binutils-2.38/ld/testsuite/ld-x86-64/pr22001-1b.err ---- binutils.orig/ld/testsuite/ld-x86-64/pr22001-1b.err 2022-04-04 10:38:14.144433207 +0100 -+++ binutils-2.38/ld/testsuite/ld-x86-64/pr22001-1b.err 2022-04-04 10:46:07.879920580 +0100 -@@ -1,2 +1,2 @@ --.*relocation R_X86_64_32S against symbol `copy' can not be used when making a P(D|I)E object; recompile with -fPIE -+.*relocation R_X86_64_(PC32|32S) against symbol `copy' can not be used when making a P(D|I)E object; recompile with -fPIE - #... -diff -rup binutils.orig/ld/testsuite/ld-elf/binutils.exp binutils-2.38/ld/testsuite/ld-elf/binutils.exp ---- binutils.orig/ld/testsuite/ld-elf/binutils.exp 2022-04-04 13:59:22.313980358 +0100 -+++ binutils-2.38/ld/testsuite/ld-elf/binutils.exp 2022-04-04 14:34:59.517719791 +0100 -@@ -174,7 +174,7 @@ binutils_test strip "-T ${srcdir}/${subd - - set tls_tests { "tdata1" "tdata2" } - # hppa64 has its own .tbss section, with different flags. --if { ![istarget "hppa64-*-*"] } { -+if { ![istarget "hppa64-*-*"] && ![istarget "powerpc*-*-linux*"] } { - lappend tls_tests "tdata3" "tbss1" "tbss2" "tbss3" - } - set tls_opts { -diff -rup binutils.orig/ld/testsuite/ld-plugin/plugin.exp binutils-2.38/ld/testsuite/ld-plugin/plugin.exp ---- binutils.orig/ld/testsuite/ld-plugin/plugin.exp 2022-04-04 13:59:22.221980983 +0100 -+++ binutils-2.38/ld/testsuite/ld-plugin/plugin.exp 2022-04-04 14:38:58.364071955 +0100 -@@ -258,6 +258,10 @@ set plugin_lib_tests [list \ - $testobjfiles tmpdir/libempty.a $libs" "" "" "" {{ld plugin-30.d}} "main.x" ] \ - ] - -+if { [istarget "powerpc*-*-linux*"] } { -+ return -+} -+ - set plugin_extra_elf_tests [list \ - [list "plugin set symbol visibility" "-plugin $plugin_path $regclm \ - $regas $regcln -plugin-opt claim:tmpdir/func.o \ -diff -rup binutils.orig/ld/testsuite/ld-powerpc/powerpc.exp binutils-2.38/ld/testsuite/ld-powerpc/powerpc.exp ---- binutils.orig/ld/testsuite/ld-powerpc/powerpc.exp 2022-04-04 13:59:22.231980915 +0100 -+++ binutils-2.38/ld/testsuite/ld-powerpc/powerpc.exp 2022-04-04 14:41:26.284062500 +0100 -@@ -89,6 +89,10 @@ proc supports_ppc64 { } { - } - } - -+if { [istarget "powerpc*-*-linux*"] } { -+ return -+} -+ - # List contains test-items with 3 items followed by 2 lists: - # 0:name 1:ld early options 2:ld late options 3:assembler options - # 4:filenames of assembler files 5: action and options. 6: name of output file -diff -rup binutils.orig/ld/testsuite/ld-s390/s390.exp binutils-2.38/ld/testsuite/ld-s390/s390.exp ---- binutils.orig/ld/testsuite/ld-s390/s390.exp 2022-04-04 15:44:24.998233218 +0100 -+++ binutils-2.38/ld/testsuite/ld-s390/s390.exp 2022-04-04 15:45:53.073628315 +0100 -@@ -26,6 +26,8 @@ if { !([istarget "s390-*-*"] || [istarge - return - } - -+return -+ - # List contains test-items with 3 items followed by 2 lists: - # 0:name 1:ld early options 2:ld late options 3:assembler options - # 4:filenames of assembler files 5: action and options. 6: name of output file -diff -rup binutils.orig/ld/testsuite/ld-elf/linux-x86.exp binutils-2.38/ld/testsuite/ld-elf/linux-x86.exp ---- binutils.orig/ld/testsuite/ld-elf/linux-x86.exp 2022-04-05 09:52:24.952024715 +0100 -+++ binutils-2.38/ld/testsuite/ld-elf/linux-x86.exp 2022-04-05 09:56:58.449705429 +0100 -@@ -73,6 +73,10 @@ run_ld_link_tests [list \ - ] \ - ] - -+if { [istarget "i?86-*-*"] } { -+ return -+} -+ - run_cc_link_tests [list \ - [list \ - "Build indirect-extern-access-1.so" \ -diff -rup binutils.orig/ld/testsuite/ld-gc/pr13683.d binutils-2.38/ld/testsuite/ld-gc/pr13683.d ---- binutils.orig/ld/testsuite/ld-gc/pr13683.d 2022-04-05 09:52:24.827025355 +0100 -+++ binutils-2.38/ld/testsuite/ld-gc/pr13683.d 2022-04-05 10:14:02.876611522 +0100 -@@ -2,7 +2,7 @@ - #source: dummy.s - #ld: --gc-sections -e main --defsym foo=foo2 tmpdir/pr13683.o - #nm: --format=bsd --#xfail: iq2000-*-* lm32-*-* epiphany-*-* mips64vr-*-* frv-*-* m32c-*-* rl78-*-* rx-*-* sh-*-* powerpc*-*-eabivle msp430-*-* aarch64*-*-* arm*-*-* -+#xfail: iq2000-*-* lm32-*-* epiphany-*-* mips64vr-*-* frv-*-* m32c-*-* rl78-*-* rx-*-* sh-*-* powerpc*-*-eabivle msp430-*-* arm*-*-* - - # Note - look for both "foo" and "foo2" being defined, non-zero function symbols - -diff -rup binutils.orig/ld/testsuite/ld-gc/pr19161.d binutils-2.38/ld/testsuite/ld-gc/pr19161.d ---- binutils.orig/ld/testsuite/ld-gc/pr19161.d 2022-04-05 09:52:24.827025355 +0100 -+++ binutils-2.38/ld/testsuite/ld-gc/pr19161.d 2022-04-05 10:14:10.636579174 +0100 -@@ -2,7 +2,7 @@ - #source: dummy.s - #ld: --gc-sections -e main tmpdir/pr19161-1.o tmpdir/pr19161-2.o - #nm: --format=bsd --#xfail: epiphany-*-* frv-*-* iq2000-*-* lm32-*-* m32c-*-* aarch64*-*-* arm*-*-* -+#xfail: epiphany-*-* frv-*-* iq2000-*-* lm32-*-* m32c-*-* arm*-*-* - #xfail: mips64vr-*-* msp430-*-* powerpc*-*-eabivle rl78-*-* rx-*-* sh*-*-* - - #... -diff -rup binutils.orig/ld/testsuite/ld-vsb/vsb.exp binutils-2.38/ld/testsuite/ld-vsb/vsb.exp ---- binutils.orig/ld/testsuite/ld-vsb/vsb.exp 2022-04-05 09:52:24.824025370 +0100 -+++ binutils-2.38/ld/testsuite/ld-vsb/vsb.exp 2022-04-05 09:59:04.657193470 +0100 -@@ -123,6 +123,10 @@ if { [istarget *-*-linux*] - } - } - -+if { [istarget "i?86-*-*"] } { -+ set support_protected "no" -+} -+ - # The test procedure. - proc visibility_test { visibility progname testname main sh1 sh2 dat args } { - global CC_FOR_TARGET -diff -rup binutils.orig/ld/testsuite/lib/ld-lib.exp binutils-2.38/ld/testsuite/lib/ld-lib.exp ---- binutils.orig/ld/testsuite/lib/ld-lib.exp 2022-04-05 09:52:24.822025380 +0100 -+++ binutils-2.38/ld/testsuite/lib/ld-lib.exp 2022-04-05 09:53:51.076584341 +0100 -@@ -1658,6 +1658,10 @@ proc skip_ctf_tests { } { - return 1 - } - -+ if { [istarget "i?86-*-*"] } { -+ return 1 -+ } -+ - if [check_ctf_available] { - return 0 - } -diff -rup binutils.orig/ld/testsuite/ld-plugin/lto.exp binutils-2.39/ld/testsuite/ld-plugin/lto.exp ---- binutils.orig/ld/testsuite/ld-plugin/lto.exp 2022-08-11 12:39:44.419478335 +0100 -+++ binutils-2.39/ld/testsuite/ld-plugin/lto.exp 2022-08-11 12:43:50.508080379 +0100 -@@ -481,23 +481,6 @@ set lto_link_elf_tests [list \ - "c++" \ - ] \ - [list \ -- "Build libpr28879b.so" \ -- "-shared -Wl,--no-as-needed tmpdir/libpr28879a.so" \ -- "-O2 -fpic" \ -- {dummy.c} \ -- {} \ -- "libpr28879b.so" \ -- ] \ -- [list \ -- "Build pr28879" \ -- "-Wl,--no-as-needed tmpdir/libpr28879b.so -Wl,-rpath-link,." \ -- "-O0 -flto -D_GLIBCXX_ASSERTIONS" \ -- {pr28879b.cc} \ -- {} \ -- "pr28879" \ -- "c++" \ -- ] \ -- [list \ - "Build libpr28849a.so" \ - "-shared" \ - "-fPIC" \ ---- binutils.orig/ld/testsuite/ld-x86-64/x86-64.exp 2022-08-11 12:39:44.491477934 +0100 -+++ binutils-2.39/ld/testsuite/ld-x86-64/x86-64.exp 2022-08-11 12:47:25.610857959 +0100 -@@ -1376,14 +1376,6 @@ if { [isnative] && [check_compiler_avail - "libprotected-func-2b.so" \ - ] \ - [list \ -- "Build protected-func-2 without PIE" \ -- "$NOPIE_LDFLAGS -Wl,--no-as-needed tmpdir/libprotected-func-2b.so" \ -- "$NOPIE_CFLAGS -Wa,-mx86-used-note=yes" \ -- { protected-func-1b.c } \ -- {{error_output "pr28875-func.err"}} \ -- "protected-func-2" \ -- ] \ -- [list \ - "Build libprotected-func-2c.so" \ - "-shared" \ - "-fPIC -Wa,-mx86-used-note=yes" \ -@@ -1392,14 +1384,6 @@ if { [isnative] && [check_compiler_avail - "libprotected-func-2c.so" \ - ] \ - [list \ -- "Build protected-func-2a without PIE" \ -- "$NOPIE_LDFLAGS -Wl,--no-as-needed tmpdir/libprotected-func-2c.so" \ -- "$NOPIE_CFLAGS -Wa,-mx86-used-note=yes" \ -- { protected-func-1b.c } \ -- {{error_output "pr28875-func.err"}} \ -- "protected-func-2a" \ -- ] \ -- [list \ - "Build libprotected-data-1a.so" \ - "-shared -z noindirect-extern-access" \ - "-fPIC -Wa,-mx86-used-note=yes" \ -@@ -1999,103 +1983,6 @@ if { [isnative] && [check_compiler_avail - if { [istarget "x86_64-*-linux*"] \ - && ![istarget "x86_64-*-linux*-gnux32"]} { - -- run_cc_link_tests [list \ -- [list \ -- "Build plt-main with -z bndplt" \ -- "tmpdir/plt-main1.o tmpdir/plt-main2.o tmpdir/plt-main3.o \ -- tmpdir/plt-main4.o tmpdir/libplt-lib.so -Wl,-z,bndplt \ -- -Wl,-z,noseparate-code,-z,max-page-size=0x200000" \ -- "-Wa,-mx86-used-note=yes $NOCF_PROTECTION_CFLAGS" \ -- { plt-main5.c } \ -- {{objdump {-drw} plt-main-bnd.dd}} \ -- "plt-main-bnd" \ -- ] \ -- [list \ -- "Build plt-main with PIE and -z bndplt" \ -- "tmpdir/plt-main1.o tmpdir/plt-main2.o tmpdir/plt-main3.o \ -- tmpdir/plt-main4.o tmpdir/libplt-lib.so -pie \ -- -Wl,-z,bndplt,-z,noseparate-code \ -- -Wl,-z,max-page-size=0x200000" \ -- "-fPIC -Wa,-mx86-used-note=yes $NOCF_PROTECTION_CFLAGS" \ -- { plt-main5.c } \ -- {{objdump {-drw} plt-main-bnd.dd}} \ -- "plt-main-pie-bnd" \ -- ] \ -- [list \ -- "Build plt-main with -z bndplt -z now" \ -- "tmpdir/plt-main1.o tmpdir/plt-main2.o tmpdir/plt-main3.o \ -- tmpdir/plt-main4.o tmpdir/libplt-lib.so -Wl,-z,bndplt \ -- -Wl,-z,now,-z,noseparate-code,-z,max-page-size=0x200000" \ -- "-Wa,-mx86-used-note=yes $NOCF_PROTECTION_CFLAGS" \ -- { plt-main5.c } \ -- {{readelf {-SW} plt-main-bnd-now.rd} {objdump {-drw} plt-main-bnd.dd}} \ -- "plt-main-bnd-now" \ -- ] \ -- [list \ -- "Build plt-main with PIE and -z bndplt -z now" \ -- "tmpdir/plt-main1.o tmpdir/plt-main2.o tmpdir/plt-main3.o \ -- tmpdir/plt-main4.o tmpdir/libplt-lib.so -pie \ -- -Wl,-z,bndplt,-z,now,-z,noseparate-code \ -- -Wl,-z,max-page-size=0x200000" \ -- "-fPIC -Wa,-mx86-used-note=yes $NOCF_PROTECTION_CFLAGS" \ -- { plt-main5.c } \ -- {{readelf {-SW} plt-main-bnd-now.rd} {objdump {-drw} plt-main-bnd.dd}} \ -- "plt-main-pie-bnd-now" \ -- ] \ -- ] -- -- run_ld_link_exec_tests [list \ -- [list \ -- "Run plt-main with -z bndplt" \ -- "-Wl,--no-as-needed,-z,bndplt tmpdir/plt-main1.o \ -- tmpdir/plt-main2.o tmpdir/plt-main3.o \ -- tmpdir/plt-main4.o tmpdir/libplt-lib.so" \ -- "-Wa,-mx86-used-note=yes" \ -- { plt-main5.c } \ -- "plt-main-bnd" \ -- "plt-main.out" \ -- ] \ -- [list \ -- "Run plt-main with PIE and -z bndplt" \ -- "-Wl,--no-as-needed,-z,bndplt -pie tmpdir/plt-main1.o \ -- tmpdir/plt-main2.o tmpdir/plt-main3.o \ -- tmpdir/plt-main4.o tmpdir/libplt-lib.so" \ -- "-Wa,-mx86-used-note=yes" \ -- { plt-main5.c } \ -- "plt-main-pie-bnd" \ -- "plt-main.out" \ -- "-fPIC" \ -- ] \ -- [list \ -- "Run plt-main with -z bndplt -z now" \ -- "-Wl,--no-as-needed,-z,bndplt,-z,now tmpdir/plt-main1.o \ -- tmpdir/plt-main2.o tmpdir/plt-main3.o \ -- tmpdir/plt-main4.o tmpdir/libplt-lib.so" \ -- "-Wa,-mx86-used-note=yes" \ -- { plt-main5.c } \ -- "plt-main-bnd-now" \ -- "plt-main.out" \ -- ] \ -- [list \ -- "Run plt-main with PIE and -z bndplt -z now" \ -- "-Wl,--no-as-needed,-z,bndplt,-z,now -pie tmpdir/plt-main1.o \ -- tmpdir/plt-main2.o tmpdir/plt-main3.o \ -- tmpdir/plt-main4.o tmpdir/libplt-lib.so" \ -- "-Wa,-mx86-used-note=yes" \ -- { plt-main5.c } \ -- "plt-main-pie-bnd-now" \ -- "plt-main.out" \ -- "-fPIC" \ -- ] \ -- [list \ -- "Run pr20800" \ -- "-Wl,-z,now -pie" \ -- "-Wa,-mx86-used-note=yes" \ -- { pr20800a.S pr20800b.S } \ -- "pr20800" \ -- "pass.out" \ -- ] \ -- ] - if { [check_ifunc_attribute_available] } { - run_ld_link_exec_tests [list \ - [list \ -@@ -2171,24 +2058,6 @@ if { [isnative] && [check_compiler_avail - $pltsecdump \ - "plt-main-pie-ibt-now" \ - ] \ -- [list \ -- "Build libibtplt-lib.so with -z ibtplt" \ -- "-shared -Wl,-z,ibtplt,-z,noseparate-code \ -- -Wl,-z,max-page-size=0x200000" \ -- "-fPIC -Wa,-mx86-used-note=yes" \ -- { plt-main1.c plt-main2.c plt-main3.c plt-main4.c} \ -- $pltdump \ -- "libibtplt-lib.so" \ -- ] \ -- [list \ -- "Build libibtplt--now-lib.so with -z ibtplt -z now" \ -- "-shared -Wl,-z,ibtplt,-z,now,-z,noseparate-code \ -- -Wl,-z,max-page-size=0x200000" \ -- "-fPIC -Wa,-mx86-used-note=yes" \ -- { plt-main1.c plt-main2.c plt-main3.c plt-main4.c} \ -- $pltdump \ -- "libibtplt-now-lib.so" \ -- ] \ - ] - - run_ld_link_exec_tests [list \ ---- binutils.orig/ld/testsuite/ld-x86-64/x86-64.exp 2022-08-11 14:06:27.033627440 +0100 -+++ binutils-2.39/ld/testsuite/ld-x86-64/x86-64.exp 2022-08-11 14:07:01.873427447 +0100 -@@ -2060,51 +2060,6 @@ if { [isnative] && [check_compiler_avail - ] \ - ] - -- run_ld_link_exec_tests [list \ -- [list \ -- "Run plt-main with -z ibtplt" \ -- "-Wl,--no-as-needed,-z,ibtplt tmpdir/plt-main1.o \ -- tmpdir/plt-main2.o tmpdir/plt-main3.o \ -- tmpdir/plt-main4.o tmpdir/libplt-lib.so" \ -- "-Wa,-mx86-used-note=yes" \ -- { plt-main5.c } \ -- "plt-main-ibt" \ -- "plt-main.out" \ -- ] \ -- [list \ -- "Run plt-main with PIE and -z ibtplt" \ -- "-Wl,--no-as-needed,-z,ibtplt -pie tmpdir/plt-main1.o \ -- tmpdir/plt-main2.o tmpdir/plt-main3.o \ -- tmpdir/plt-main4.o tmpdir/libplt-lib.so" \ -- "-Wa,-mx86-used-note=yes" \ -- { plt-main5.c } \ -- "plt-main-pie-ibt" \ -- "plt-main.out" \ -- "-fPIC" \ -- ] \ -- [list \ -- "Run plt-main with -z ibtplt -z now" \ -- "-Wl,--no-as-needed,-z,ibtplt,-z,now tmpdir/plt-main1.o \ -- tmpdir/plt-main2.o tmpdir/plt-main3.o \ -- tmpdir/plt-main4.o tmpdir/libplt-lib.so" \ -- "-Wa,-mx86-used-note=yes" \ -- { plt-main5.c } \ -- "plt-main-ibt-now" \ -- "plt-main.out" \ -- ] \ -- [list \ -- "Run plt-main with PIE and -z ibtplt -z now" \ -- "-Wl,--no-as-needed,-z,ibtplt,-z,now -pie tmpdir/plt-main1.o \ -- tmpdir/plt-main2.o tmpdir/plt-main3.o \ -- tmpdir/plt-main4.o tmpdir/libplt-lib.so" \ -- "-Wa,-mx86-used-note=yes" \ -- { plt-main5.c } \ -- "plt-main-pie-ibt-now" \ -- "plt-main.out" \ -- "-fPIC" \ -- ] \ -- ] -- - if { [check_ifunc_attribute_available] } { - run_ld_link_exec_tests [list \ - [list \ -diff -rup binutils.orig/libctf/testsuite/libctf-regression/libctf-repeat-cu.exp binutils-2.39/libctf/testsuite/libctf-regression/libctf-repeat-cu.exp ---- binutils.orig/libctf/testsuite/libctf-regression/libctf-repeat-cu.exp 2022-08-11 14:06:26.823628645 +0100 -+++ binutils-2.39/libctf/testsuite/libctf-regression/libctf-repeat-cu.exp 2022-08-11 14:09:36.272541183 +0100 -@@ -97,9 +97,8 @@ if [is_remote host] { - set comp_output [prune_warnings [run_host_cmd "$CC_FOR_TARGET" "$CFLAGS_FOR_TARGET -gctf -fPIC -shared -o tmpdir/libctf-repeat-cu-main.so $src tmpdir/a.a tmpdir/b.a tmpdir/c.a"]] - if { $comp_output != "" } { - send_log "compilation of tmpdir/libctf-repeat-cu-main.so failed" -- perror "compilation of tmpdir/libctf-repeat-cu-main.so failed" -- fail $testname -- return $comp_output -+ unsupported "compilation of tmpdir/libctf-repeat-cu-main.so failed" -+ return 0 - } - - set comp_output [prune_warnings [run_host_cmd "$OBJDUMP" "--ctf tmpdir/libctf-repeat-cu-main.so > tmpdir/dump.out"]] ---- binutils.orig/ld/testsuite/ld-x86-64/x86-64.exp 2022-08-11 14:35:37.042650489 +0100 -+++ binutils-2.39/ld/testsuite/ld-x86-64/x86-64.exp 2022-08-11 14:36:06.241485477 +0100 -@@ -2015,51 +2015,6 @@ if { [isnative] && [check_compiler_avail - set pltdump {{objdump {-drw} plt-main-ibt.dd}} - set pltsecdump {{readelf {-SW} plt-main-ibt-now.rd} {objdump {-drw} plt-main-ibt.dd}} - } -- run_cc_link_tests [list \ -- [list \ -- "Build plt-main with -z ibtplt" \ -- "tmpdir/plt-main1.o tmpdir/plt-main2.o tmpdir/plt-main3.o \ -- tmpdir/plt-main4.o tmpdir/libplt-lib.so -Wl,-z,ibtplt \ -- -Wl,-z,noseparate-code,-z,max-page-size=0x200000" \ -- "-Wa,-mx86-used-note=yes" \ -- { plt-main5.c } \ -- $pltdump \ -- "plt-main-ibt" \ -- ] \ -- [list \ -- "Build plt-main with PIE and -z ibtplt" \ -- "tmpdir/plt-main1.o tmpdir/plt-main2.o tmpdir/plt-main3.o \ -- tmpdir/plt-main4.o tmpdir/libplt-lib.so -pie \ -- -Wl,-z,ibtplt,-z,noseparate-code \ -- -Wl,-z,max-page-size=0x200000" \ -- "-fPIC -Wa,-mx86-used-note=yes" \ -- { plt-main5.c } \ -- $pltdump \ -- "plt-main-pie-ibt" \ -- ] \ -- [list \ -- "Build plt-main with -z ibtplt -z now" \ -- "tmpdir/plt-main1.o tmpdir/plt-main2.o tmpdir/plt-main3.o \ -- tmpdir/plt-main4.o tmpdir/libplt-lib.so -Wl,-z,ibtplt \ -- -Wl,-z,now,-z,noseparate-code,-z,max-page-size=0x200000" \ -- "-Wa,-mx86-used-note=yes" \ -- { plt-main5.c } \ -- $pltsecdump \ -- "plt-main-ibt-now" \ -- ] \ -- [list \ -- "Build plt-main with PIE and -z ibtplt -z now" \ -- "tmpdir/plt-main1.o tmpdir/plt-main2.o tmpdir/plt-main3.o \ -- tmpdir/plt-main4.o tmpdir/libplt-lib.so -pie \ -- -Wl,-z,ibtplt,-z,now,-z,noseparate-code \ -- -Wl,-z,max-page-size=0x200000" \ -- "-fPIC -Wa,-mx86-used-note=yes" \ -- { plt-main5.c } \ -- $pltsecdump \ -- "plt-main-pie-ibt-now" \ -- ] \ -- ] -- - if { [check_ifunc_attribute_available] } { - run_ld_link_exec_tests [list \ - [list \ -diff -rup binutils.orig/gprofng/testsuite/lib/display-lib.exp binutils-2.39/gprofng/testsuite/lib/display-lib.exp ---- binutils.orig/gprofng/testsuite/lib/display-lib.exp 2022-08-11 14:35:37.614647256 +0100 -+++ binutils-2.39/gprofng/testsuite/lib/display-lib.exp 2022-08-11 15:09:55.419958513 +0100 -@@ -96,9 +96,8 @@ proc run_display_test { dir cflags gprof - perror "comparison of results in $dir failed" - } else { - send_log "compilation of test program in $dir failed:\n$out\n" -- perror "compilation of test program in $dir failed" -+ unsupported "compilation of test program in $dir failed" - } -- fail $dir - return 0 - } - pass $dir ---- binutils.orig/ld/testsuite/ld-i386/i386.exp 2022-08-12 12:02:06.175831193 +0100 -+++ binutils-2.39/ld/testsuite/ld-i386/i386.exp 2022-08-12 12:04:58.423753469 +0100 -@@ -1292,22 +1292,6 @@ if { [isnative] - {} \ - "pr28875.so" \ - ] \ -- [list \ -- "Build pr28875" \ -- "$NOPIE_LDFLAGS -Wl,--no-as-needed tmpdir/pr28875.so" \ -- "$NOPIE_CFLAGS" \ -- { pr28875b.c } \ -- {{error_output "pr28875.err"}} \ -- "pr28875" \ -- ] \ -- [list \ -- "Build pr21997-1" \ -- "$NOPIE_LDFLAGS -Wl,--no-as-needed,-z,notext tmpdir/pr21997-1.so" \ -- "$NOPIE_CFLAGS -Wa,-mx86-used-note=yes" \ -- { pr21997-1b.c } \ -- {{error_output "pr21997-1.err"}} \ -- "pr21997-1" \ -- ] \ - ] - - run_ld_link_exec_tests [list \ -diff -rup binutils.orig/ld/testsuite/ld-aarch64/bti-plt-5.d binutils-2.39/ld/testsuite/ld-aarch64/bti-plt-5.d ---- binutils.orig/ld/testsuite/ld-aarch64/bti-plt-5.d 2022-08-12 12:02:05.957832557 +0100 -+++ binutils-2.39/ld/testsuite/ld-aarch64/bti-plt-5.d 2022-08-12 12:16:33.235418444 +0100 -@@ -8,21 +8,4 @@ - [^:]*: *file format elf64-.*aarch64 - - Disassembly of section \.plt: -- --[0-9a-f]+ <.*>: --.*: d503245f bti c --.*: a9bf7bf0 stp x16, x30, \[sp, #-16\]! --.*: 90000090 adrp x16, 410000 <.*> --.*: f9421611 ldr x17, \[x16, #1064\] --.*: 9110a210 add x16, x16, #0x428 --.*: d61f0220 br x17 --.*: d503201f nop --.*: d503201f nop -- --[0-9a-f]+ <.*>: --.*: d503245f bti c --.*: 90000090 adrp x16, 410000 <.*> --.*: f9421a11 ldr x17, \[x16, #1072\] --.*: 9110c210 add x16, x16, #0x430 --.*: d61f0220 br x17 --.*: d503201f nop -+#pass -diff -rup binutils.orig/ld/testsuite/ld-aarch64/erratum843419-far-full.d binutils-2.39/ld/testsuite/ld-aarch64/erratum843419-far-full.d ---- binutils.orig/ld/testsuite/ld-aarch64/erratum843419-far-full.d 2022-08-12 12:02:05.949832607 +0100 -+++ binutils-2.39/ld/testsuite/ld-aarch64/erratum843419-far-full.d 2022-08-12 12:06:58.967999214 +0100 -@@ -8,7 +8,7 @@ Disassembly of section \.text: - - 0*400000 <_start>: - ... -- 400ffc: 90400000 adrp x0, 80400000 <__bss_end__\+0x7ffedff0> -+ 400ffc: 90400000 adrp x0, 80400000 <__bss_end__\+.*> - 401000: f9000042 str x2, \[x2\] - 401004: d2800002 mov x2, #0x0 // #0 - 401008: 14000004 b 401018 -diff -rup binutils.orig/ld/testsuite/ld-aarch64/farcall-b-plt.d binutils-2.39/ld/testsuite/ld-aarch64/farcall-b-plt.d ---- binutils.orig/ld/testsuite/ld-aarch64/farcall-b-plt.d 2022-08-12 12:02:05.959832544 +0100 -+++ binutils-2.39/ld/testsuite/ld-aarch64/farcall-b-plt.d 2022-08-12 12:08:30.966423604 +0100 -@@ -10,7 +10,7 @@ Disassembly of section .plt: - - .* <.plt>: - .*: a9bf7bf0 stp x16, x30, \[sp, #-16\]! --.*: .* adrp x16, .* <__foo_veneer\+.*> -+.*: .* adrp x16, .* <.*> - .*: .* ldr [wx]17, \[x16, #.*\] - .*: .* add [wx]16, [wx]16, #.* - .*: d61f0220 br x17 -@@ -19,7 +19,7 @@ Disassembly of section .plt: - .*: d503201f nop - - .* : --.*: .* adrp x16, .* <__foo_veneer\+.*> -+.*: .* adrp x16, .* <.*> - .*: .* ldr [wx]17, \[x16, #.*\] - .*: .* add [wx]16, [wx]16, #.* - .*: d61f0220 br x17 -@@ -35,7 +35,7 @@ Disassembly of section .text: - .*: .* nop - - .* <__foo_veneer>: --.*: .* adrp x16, 0 <.*> -+.*: .* adrp x16, .* <.*> - .*: .* add x16, x16, #.* - .*: d61f0200 br x16 - ... -diff -rup binutils.orig/ld/testsuite/ld-aarch64/farcall-bl-plt.d binutils-2.39/ld/testsuite/ld-aarch64/farcall-bl-plt.d ---- binutils.orig/ld/testsuite/ld-aarch64/farcall-bl-plt.d 2022-08-12 12:02:05.957832557 +0100 -+++ binutils-2.39/ld/testsuite/ld-aarch64/farcall-bl-plt.d 2022-08-12 12:09:02.407226875 +0100 -@@ -10,7 +10,7 @@ Disassembly of section .plt: - - .* <.plt>: - .*: a9bf7bf0 stp x16, x30, \[sp, #-16\]! --.*: .* adrp x16, .* <__foo_veneer\+.*> -+.*: .* adrp x16, .* <.*> - .*: .* ldr [wx]17, \[x16, #.*\] - .*: .* add [wx]16, [wx]16, #.* - .*: d61f0220 br x17 -@@ -19,7 +19,7 @@ Disassembly of section .plt: - .*: d503201f nop - - .* : --.*: .* adrp x16, .* <__foo_veneer\+.*> -+.*: .* adrp x16, .* <.*> - .*: .* ldr [wx]17, \[x16, #.*\] - .*: .* add [wx]16, [wx]16, #.* - .*: d61f0220 br x17 -@@ -35,7 +35,7 @@ Disassembly of section .text: - .*: .* nop - - .* <__foo_veneer>: --.*: .* adrp x16, 0 <.*> -+.*: .* adrp x16, .* <.*> - .*: .* add x16, x16, #.* - .*: d61f0200 br x16 - ... -diff -rup binutils.orig/ld/testsuite/ld-aarch64/ifunc-1-local.d binutils-2.39/ld/testsuite/ld-aarch64/ifunc-1-local.d ---- binutils.orig/ld/testsuite/ld-aarch64/ifunc-1-local.d 2022-08-12 12:02:05.952832588 +0100 -+++ binutils-2.39/ld/testsuite/ld-aarch64/ifunc-1-local.d 2022-08-12 12:09:55.750893086 +0100 -@@ -3,7 +3,4 @@ - #objdump: -dw - - #... --0+(110|180|1a0) <(__GI_)?foo>: --#... --[ \t0-9a-f]+:[ \t0-9a-f]+bl[ \t0-9a-f]+<\*ABS\*\+(0x110|0x180|0x1a0)@plt> - #pass -diff -rup binutils.orig/ld/testsuite/ld-aarch64/ifunc-1.d binutils-2.39/ld/testsuite/ld-aarch64/ifunc-1.d ---- binutils.orig/ld/testsuite/ld-aarch64/ifunc-1.d 2022-08-12 12:02:05.951832594 +0100 -+++ binutils-2.39/ld/testsuite/ld-aarch64/ifunc-1.d 2022-08-12 12:09:42.054978785 +0100 -@@ -3,7 +3,4 @@ - #objdump: -dw - - #... --0+(130|1a0|1c8) : --#... --[ \t0-9a-f]+:[ \t0-9a-f]+bl[ \t0-9a-f]+<\*ABS\*\+0x(130|1a0|1c8)@plt> - #pass -diff -rup binutils.orig/ld/testsuite/ld-aarch64/ifunc-2-local.d binutils-2.39/ld/testsuite/ld-aarch64/ifunc-2-local.d ---- binutils.orig/ld/testsuite/ld-aarch64/ifunc-2-local.d 2022-08-12 12:02:05.961832532 +0100 -+++ binutils-2.39/ld/testsuite/ld-aarch64/ifunc-2-local.d 2022-08-12 12:10:23.733718004 +0100 -@@ -3,9 +3,4 @@ - #objdump: -dw - - #... --0+(110|180|1a0) <__GI_foo>: --#... --[ \t0-9a-f]+:[ \t0-9a-f]+bl[ \t0-9a-f]+<\*ABS\*\+0x(110|180|1a0)@plt> --[ \t0-9a-f]+:[ \t0-9a-f]+adrp[ \t]+x0, 0 <.*> --[ \t0-9a-f]+:[ \t0-9a-f]+add[ \t]+x0, x0, #0x(100|170|190) - #pass -diff -rup binutils.orig/ld/testsuite/ld-aarch64/ifunc-2.d binutils-2.39/ld/testsuite/ld-aarch64/ifunc-2.d ---- binutils.orig/ld/testsuite/ld-aarch64/ifunc-2.d 2022-08-12 12:02:05.960832538 +0100 -+++ binutils-2.39/ld/testsuite/ld-aarch64/ifunc-2.d 2022-08-12 12:10:12.965785376 +0100 -@@ -3,9 +3,4 @@ - #objdump: -dw - - #... --0+(130|1a0|1c8) : --#... --[ \t0-9a-f]+:[ \t0-9a-f]+bl[ \t0-9a-f]+<\*ABS\*\+0x(130|1a0|1c8)@plt> --[ \t0-9a-f]+:[ \t0-9a-f]+adrp[ \t]+x0, 0 <.*> --[ \t0-9a-f]+:[ \t0-9a-f]+add[ \t]+x0, x0, #0x(120|190|1b8) - #pass -diff -rup binutils.orig/ld/testsuite/ld-aarch64/ifunc-21.d binutils-2.39/ld/testsuite/ld-aarch64/ifunc-21.d ---- binutils.orig/ld/testsuite/ld-aarch64/ifunc-21.d 2022-08-12 12:02:05.949832607 +0100 -+++ binutils-2.39/ld/testsuite/ld-aarch64/ifunc-21.d 2022-08-12 12:12:27.844941426 +0100 -@@ -11,16 +11,4 @@ Contents of section .text: - [0-9a-f]+ .* - Contents of section .got.plt: - [0-9a-f]+ 0+ 0+ 0+ 0+ .* -- (10298|102b8) 0+ 0+ [0-9a-f]+ [0-9a-f]+ .* -- --Disassembly of section .text: -- --.* : -- .*: d65f03c0 ret -- --.* : -- .*: 90000080 adrp x0, 10000 <.*> -- .*: .* ldr x0, \[x0, #(672|704)\] -- .*: d65f03c0 ret -- - #pass -diff -rup binutils.orig/ld/testsuite/ld-aarch64/ifunc-22.d binutils-2.39/ld/testsuite/ld-aarch64/ifunc-22.d ---- binutils.orig/ld/testsuite/ld-aarch64/ifunc-22.d 2022-08-12 12:02:05.958832551 +0100 -+++ binutils-2.39/ld/testsuite/ld-aarch64/ifunc-22.d 2022-08-12 12:12:47.461818683 +0100 -@@ -6,6 +6,4 @@ - # Ensure GOT is populated correctly in static link - - .*: file format elf64-(little|big)aarch64 -- --Contents of section \.got: -- [0-9a-f]+ 00000000 00000000 (d0004000|18004000|00000000) (00000000|004000d0|00400018) .* -+#pass -diff -rup binutils.orig/ld/testsuite/ld-aarch64/ifunc-3a.d binutils-2.39/ld/testsuite/ld-aarch64/ifunc-3a.d ---- binutils.orig/ld/testsuite/ld-aarch64/ifunc-3a.d 2022-08-12 12:02:05.962832525 +0100 -+++ binutils-2.39/ld/testsuite/ld-aarch64/ifunc-3a.d 2022-08-12 12:10:36.645637220 +0100 -@@ -4,7 +4,4 @@ - #objdump: -dw - - #... --0+(150|1d0|1e8) <__GI_foo>: --#... --[ \t0-9a-f]+:[ \t0-9a-f]+bl[ \t0-9a-f]+<\*ABS\*\+0x(150|1d0|1e8)@plt> - #pass -diff -rup binutils.orig/ld/testsuite/ld-aarch64/ifunc-7c.d binutils-2.39/ld/testsuite/ld-aarch64/ifunc-7c.d ---- binutils.orig/ld/testsuite/ld-aarch64/ifunc-7c.d 2022-08-12 12:02:05.958832551 +0100 -+++ binutils-2.39/ld/testsuite/ld-aarch64/ifunc-7c.d 2022-08-12 12:11:50.070177794 +0100 -@@ -6,14 +6,5 @@ - # Check if adrp and ldr have been relocated correctly. - - .*: file format elf.+aarch64.* -- -- --Disassembly of section \.text: -- --[0-9a-f]+ : -- [0-9a-f]+: d65f03c0 ret -- --[0-9a-f]+ <__start>: -- [0-9a-f]+: [0-9a-f]+ bl [0-9a-f]+ <\*ABS\*\+0x[0-9a-f]+@plt> -- [0-9a-f]+: [0-9a-f]+ adrp x0, [0-9]+ <__start\+0x[0-9a-f]+> -- [0-9a-f]+: [0-9a-f]+ ldr x0, \[x0, .+\] -+#... -+#pass -diff -rup binutils-2.39/ld/testsuite/ld-aarch64/bti-plt-5.d binutils.new/ld/testsuite/ld-aarch64/bti-plt-5.d ---- binutils-2.39/ld/testsuite/ld-aarch64/bti-plt-5.d 2022-08-12 13:42:02.273863855 +0100 -+++ binutils.new/ld/testsuite/ld-aarch64/bti-plt-5.d 2022-08-12 13:39:47.130684480 +0100 -@@ -8,4 +8,4 @@ - [^:]*: *file format elf64-.*aarch64 - - Disassembly of section \.plt: --#pass -+#... -diff -rup binutils-2.39/ld/testsuite/ld-aarch64/ifunc-1-local.d binutils.new/ld/testsuite/ld-aarch64/ifunc-1-local.d ---- binutils-2.39/ld/testsuite/ld-aarch64/ifunc-1-local.d 2022-08-12 13:42:02.275863843 +0100 -+++ binutils.new/ld/testsuite/ld-aarch64/ifunc-1-local.d 2022-08-12 13:39:47.124684517 +0100 -@@ -3,4 +3,4 @@ - #objdump: -dw - - #... --#pass -+ -diff -rup binutils-2.39/ld/testsuite/ld-aarch64/ifunc-1.d binutils.new/ld/testsuite/ld-aarch64/ifunc-1.d ---- binutils-2.39/ld/testsuite/ld-aarch64/ifunc-1.d 2022-08-12 13:42:02.275863843 +0100 -+++ binutils.new/ld/testsuite/ld-aarch64/ifunc-1.d 2022-08-12 13:39:47.119684547 +0100 -@@ -3,4 +3,4 @@ - #objdump: -dw - - #... --#pass -+ -diff -rup binutils-2.39/ld/testsuite/ld-aarch64/ifunc-2-local.d binutils.new/ld/testsuite/ld-aarch64/ifunc-2-local.d ---- binutils-2.39/ld/testsuite/ld-aarch64/ifunc-2-local.d 2022-08-12 13:42:02.276863837 +0100 -+++ binutils.new/ld/testsuite/ld-aarch64/ifunc-2-local.d 2022-08-12 13:39:47.118684553 +0100 -@@ -3,4 +3,3 @@ - #objdump: -dw - - #... --#pass -diff -rup binutils-2.39/ld/testsuite/ld-aarch64/ifunc-2.d binutils.new/ld/testsuite/ld-aarch64/ifunc-2.d ---- binutils-2.39/ld/testsuite/ld-aarch64/ifunc-2.d 2022-08-12 13:42:02.276863837 +0100 -+++ binutils.new/ld/testsuite/ld-aarch64/ifunc-2.d 2022-08-12 13:39:47.127684498 +0100 -@@ -3,4 +3,3 @@ - #objdump: -dw - - #... --#pass -diff -rup binutils-2.39/ld/testsuite/ld-aarch64/ifunc-3a.d binutils.new/ld/testsuite/ld-aarch64/ifunc-3a.d ---- binutils-2.39/ld/testsuite/ld-aarch64/ifunc-3a.d 2022-08-12 13:42:02.277863831 +0100 -+++ binutils.new/ld/testsuite/ld-aarch64/ifunc-3a.d 2022-08-12 13:39:47.125684511 +0100 -@@ -4,4 +4,3 @@ - #objdump: -dw - - #... --#pass -diff -rup binutils-2.39/ld/testsuite/ld-aarch64/ifunc-7c.d binutils.new/ld/testsuite/ld-aarch64/ifunc-7c.d ---- binutils-2.39/ld/testsuite/ld-aarch64/ifunc-7c.d 2022-08-12 13:42:02.277863831 +0100 -+++ binutils.new/ld/testsuite/ld-aarch64/ifunc-7c.d 2022-08-12 13:39:47.128684493 +0100 -@@ -7,4 +7,3 @@ - - .*: file format elf.+aarch64.* - #... --#pass ---- binutils.new/ld/testsuite/ld-aarch64/ifunc-1-local.d 2022-08-12 13:39:47.124684517 +0100 -+++ binutils-2.39/ld/testsuite/ld-aarch64/ifunc-1-local.d 2022-08-12 14:38:32.310252736 +0100 -@@ -2,5 +2,6 @@ - #ld: -shared --hash-style=sysv - #objdump: -dw - --#... -+.*: file format elf.+aarch64.* -+#pass - ---- binutils.new/ld/testsuite/ld-aarch64/ifunc-1.d 2022-08-12 13:39:47.119684547 +0100 -+++ binutils-2.39/ld/testsuite/ld-aarch64/ifunc-1.d 2022-08-12 14:38:22.118316568 +0100 -@@ -2,5 +2,6 @@ - #ld: -shared --hash-style=sysv - #objdump: -dw - --#... -+.*: file format elf.+aarch64.* -+#pass - diff --git a/SPECS/binutils/binutils.spec b/SPECS/binutils/binutils.spec deleted file mode 100644 index 5358cc51ef..0000000000 --- a/SPECS/binutils/binutils.spec +++ /dev/null @@ -1,260 +0,0 @@ -Summary: Contains a linker, an assembler, and other tools -Name: binutils -Version: 2.39 -Release: 7%{?dist} -License: GPLv2+ -URL: http://www.gnu.org/software/binutils -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon -Requires: %{name}-libs = %{version}-%{release} -%if 0%{?with_check} -BuildRequires: dejagnu -BuildRequires: bc -%endif -Source0: http://ftp.gnu.org/gnu/binutils/%{name}-%{version}.tar.xz -%define sha512 binutils=68e038f339a8c21faa19a57bbc447a51c817f47c2e06d740847c6e9cc3396c025d35d5369fa8c3f8b70414757c89f0e577939ddc0d70f283182504920f53b0a3 - -Patch0: binutils-sync-libiberty-add-no-recurse-limit-make-check-fix.patch -Patch1: binutils-do-not-link-with-static-libstdc++.patch -Patch2: binutils-special-sections-in-groups.patch -Patch3: binutils-fix-testsuite-failures.patch -Patch4: binutils-gold-mismatched-section-flags.patch -Patch5: binutils-gold-warn-unsupported.patch -Patch6: binutils-testsuite-fixes.patch -Patch7: binutils-autoconf-version.patch -Patch8: binutils-libtool-no-rpath.patch -Patch9: binutils-package-metadata.patch -Patch10: binutils-gas-dwarf-skip-empty-functions.patch -Patch11: binutils-CVE-38128-dwarf-abbrev-parsing.patch -Patch12: binutils-CVE-2022-38533.patch -Patch13: binutils-CVE-2023-1972.patch -Patch14: binutils-CVE-2022-4285.patch -Patch15: binutils-CVE-2023-1579.patch -Patch16: binutils-CVE-2022-47695.patch -Patch17: binutils-CVE-2022-45703.patch -Patch18: binutils-CVE-2022-44840.patch -Patch19: binutils-CVE-2022-47696.patch -Patch20: binutils-CVE-2022-47673.patch -Patch21: binutils-CVE-2023-25585.patch -Patch22: binutils-CVE-2022-48064.patch -Patch23: binutils-CVE-2022-48065.patch -Patch24: binutils-CVE-2022-48063.patch - -%description -The Binutils package contains a linker, an assembler, -and other tools for handling object files. - -%package libs -Summary: Shared library files for binutils -Obsoletes: binutils <= 2.32-1 - -%description libs -It contains the binutils shared libraries that applications can link -to at runtime. - -%package devel -Summary: Header and development files for binutils -Requires: %{name} = %{version} - -%description devel -It contains the libraries and header files to create applications -for handling compiled objects. - -%prep -%autosetup -p1 - -%build -sed -i '/@\tincremental_copy/d' gold/testsuite/Makefile.in -%configure \ - --enable-gold \ - --enable-ld=default \ - --enable-plugins \ - --enable-shared \ - --enable-targets=x86_64-unknown-linux-gnu,aarch64-unknown-linux-gnu \ - --disable-werror \ - --with-system-zlib \ - --enable-install-libiberty \ - --enable-deterministic-archives \ - --enable-relro \ - --enable-threads \ - --with-pic \ - --enable-gprofng=no \ - --disable-silent-rules -make %{?_smp_mflags} tooldir=%{_prefix} -%install -make %{?_smp_mflags} DESTDIR=%{buildroot} tooldir=%{_prefix} install -find %{buildroot} -name '*.la' -delete -# Don't remove libiberity.a -rm -rf %{buildroot}/%{_infodir} -%find_lang %{name} --all-name - -%check -# Disable gcc hardening as it will affect some tests. -rm `dirname $(gcc --print-libgcc-file-name)`/../specs -make %{?_smp_mflags} -k check > tests.sum 2>&1 - -%files -f %{name}.lang -%defattr(-,root,root) -%{_bindir}/dwp -%{_bindir}/gprof -%{_bindir}/ld.bfd -%{_bindir}/ld.gold -%{_bindir}/c++filt -%{_bindir}/objdump -%{_bindir}/as -%{_bindir}/ar -%{_bindir}/objcopy -%{_bindir}/strings -%{_bindir}/addr2line -%{_bindir}/nm -%{_bindir}/size -%{_bindir}/ld -%{_bindir}/elfedit -%{_bindir}/ranlib -%{_bindir}/readelf -%{_bindir}/strip -%{_libdir}/ldscripts/* -%{_mandir}/man1/readelf.1.gz -%{_mandir}/man1/windmc.1.gz -%{_mandir}/man1/ranlib.1.gz -%{_mandir}/man1/gprof.1.gz -%{_mandir}/man1/strip.1.gz -%{_mandir}/man1/c++filt.1.gz -%{_mandir}/man1/as.1.gz -%{_mandir}/man1/objcopy.1.gz -%{_mandir}/man1/elfedit.1.gz -%{_mandir}/man1/strings.1.gz -%{_mandir}/man1/nm.1.gz -%{_mandir}/man1/ar.1.gz -%{_mandir}/man1/ld.1.gz -%{_mandir}/man1/dlltool.1.gz -%{_mandir}/man1/addr2line.1.gz -%{_mandir}/man1/windres.1.gz -%{_mandir}/man1/size.1.gz -%{_mandir}/man1/objdump.1.gz - -%post libs -p /sbin/ldconfig -%postun libs -p /sbin/ldconfig - -%files libs -%{_libdir}/libbfd-%{version}.so -%{_libdir}/libctf.so* -%{_libdir}/libctf-nobfd.so* -%{_libdir}/libopcodes-%{version}.so -%{_libdir}/bfd-plugins/libdep.so - -%files devel -%{_includedir}/ctf.h -%{_includedir}/ctf-api.h -%{_includedir}/plugin-api.h -%{_includedir}/symcat.h -%{_includedir}/bfd.h -%{_includedir}/ansidecl.h -%{_includedir}/bfdlink.h -%{_includedir}/dis-asm.h -%{_includedir}/libiberty/* -%{_includedir}/diagnostics.h -%{_libdir}/libbfd.a -%{_libdir}/libbfd.so -%{_libdir}/libctf.a -%{_libdir}/libctf-nobfd.a -%{_libdir}/libopcodes.a -%{_libdir}/libopcodes.so -%{_lib64dir}/libiberty.a - -%changelog -* Tue Sep 12 2023 Guruswamy Basavaiah 2.39-7 -- Fix CVE-2022-48064, CVE-2022-48065 and CVE-2022-48063 -* Mon Aug 28 2023 Guruswamy Basavaiah 2.39-6 -- Fix CVE-2022-47695, CVE-2022-45703 CVE-2022-44840 -- CVE-2022-47696, CVE-2022-47673, CVE-2023-25584, -- CVE-2023-25588 and CVE-2023-25585 -* Sat Aug 26 2023 Guruswamy Basavaiah 2.39-5 -- Fix CVE-2023-1579 -* Sat Aug 19 2023 Guruswamy Basavaiah 2.39-4 -- Fix CVE-2022-4285 -* Tue Jun 13 2023 Guruswamy Basavaiah 2.39-3 -- Fix CVE-2023-1972 -* Mon Oct 17 2022 Dweep Advani 2.39-2 -- Fix CVE-2022-38533 -* Tue Aug 23 2022 Vamsi Krishna Brahmajosyula 2.39-1 -- Update binutils to 2.39 -- bfd_stdint.h is removed -* Wed Dec 22 2021 Nitesh Kumar 2.35-3 -- Fix CVE-2021-45078 -* Tue May 18 2021 Vikash Bansal 2.35-2 -- Fix CVE-2021-3487 & CVE-2021-20294 -* Tue Sep 08 2020 Satya Naga Vasamsetty 2.35-1 -- Update binutils to 2.35 -* Fri Mar 13 2020 Alexey Makhalov 2.34-1 -- Version update. -* Tue Nov 26 2019 Alexey Makhalov 2.32-4 -- Support for aarch64 target to be able to strip aarch64 libraries - during cross-aarch64-gcc build -* Wed Nov 13 2019 Satya Naga Vasamsetty 2.32-3 -- Fix CVE-2019-17450 and CVE-2019-17451 -* Sun Sep 29 2019 Srivatsa S. Bhat (VMware) 2.32-2 -- Separate out libbfd and libopcodes shared libraries into -- binutils-libs sub-package. -* Mon Aug 26 2019 Satya Naga Vasamsetty 2.32-1 -- Update version to 2.32, fix CVE-2019-1010204, fix a make check failure -* Mon Aug 12 2019 Satya Naga Vasamsetty 2.31.1-6 -- Fix CVE-2019-14444, CVE-2019-12972, CVE-2019-14250 -* Thu Jun 20 2019 Vikash Bansal 2.31.1-5 -- Fix CVE-2018-20623, CVE-2018-20671, CVE-2018-20651, -- CVE-2018-17794-18700-18701-18484, CVE-2019-9071, CVE-2019-9073 and CVE-2019-9074 -* Thu Mar 14 2019 Priyesh Padmavilasom 2.31.1-4 -- Fix CVE-2019-9075 and CVE-2019-9077 -* Tue Jan 22 2019 Anish Swaminathan 2.31.1-3 -- fix CVE-2018-1000876 -* Tue Jan 08 2019 Alexey Makhalov 2.31.1-2 -- Fix CVE-2018-17358, CVE-2018-17359 and CVE-2018-17360 -* Fri Sep 21 2018 Keerthana K 2.31.1-1 -- Update to version 2.31.1 -* Wed Aug 1 2018 Keerthana K 2.31-1 -- Update to version 2.31. -* Thu Jun 7 2018 Keerthana K 2.30-4 -- Fix CVE-2018-10373 -* Mon Mar 19 2018 Alexey Makhalov 2.30-3 -- Add libiberty to the -devel package -* Wed Feb 28 2018 Xiaolin Li 2.30-2 -- Fix CVE-2018-6543. -* Mon Jan 29 2018 Xiaolin Li 2.30-1 -- Update to version 2.30 -* Mon Dec 18 2017 Anish Swaminathan 2.29.1-5 -- Fix CVEs CVE-2017-17121, CVE-2017-17122, CVE-2017-17123, -- CVE-2017-17124, CVE-2017-17125 -* Mon Dec 4 2017 Anish Swaminathan 2.29.1-4 -- Fix CVEs CVE-2017-16826, CVE-2017-16827, CVE-2017-16828, CVE-2017-16829, -- CVE-2017-16830, CVE-2017-16831, CVE-2017-16832 -* Tue Nov 14 2017 Alexey Makhalov 2.29.1-3 -- Aarch64 support -- Parallel build -* Thu Oct 12 2017 Anish Swaminathan 2.29.1-2 -- Add patch to fix CVE-2017-15020 -* Mon Oct 2 2017 Anish Swaminathan 2.29.1-1 -- Version update to 2.29.1, fix CVEs CVE-2017-12799, CVE-2017-14729,CVE-2017-14745 -* Fri Aug 11 2017 Anish Swaminathan 2.29-3 -- Apply patches for CVE-2017-12448,CVE-2017-12449,CVE-2017-12450,CVE-2017-12451, -- CVE-2017-12452,CVE-2017-12453,CVE-2017-12454,CVE-2017-12455,CVE-2017-12456, -- CVE-2017-12457,CVE-2017-12458,CVE-2017-12459 -* Tue Aug 8 2017 Rongrong Qiu 2.29-2 -- fix for make check for bug 1900247 -* Wed Aug 2 2017 Alexey Makhalov 2.29-1 -- Version update -* Tue May 16 2017 Priyesh Padmavilasom 2.28-2 -- Patch for CVE-2017-8421 -* Thu Apr 06 2017 Anish Swaminathan 2.28-1 -- Upgraded to version 2.28 -- Apply patch for CVE-2017-6969 -* Tue May 24 2016 Priyesh Padmavilasom 2.25.1-2 -- GA - Bump release of all rpms -* Tue Jan 12 2016 Xiaolin Li 2.25.1-1 -- Updated to version 2.25.1 -* Tue Nov 10 2015 Xiaolin Li 2.25-2 -- Handled locale files with macro find_lang -* Mon Apr 6 2015 Priyesh Padmavilasom 2.25-1 -- Updated to 2.25 -* Wed Nov 5 2014 Divya Thaluru 2.24-1 -- Initial build. First version diff --git a/SPECS/bison/bison.spec b/SPECS/bison/bison.spec deleted file mode 100644 index 86506d11b1..0000000000 --- a/SPECS/bison/bison.spec +++ /dev/null @@ -1,82 +0,0 @@ -Summary: Contains a parser generator -Name: bison -Version: 3.8.2 -Release: 3%{?dist} -License: GPLv3+ -URL: http://www.gnu.org/software/bison -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnu.org/gnu/bison/%{name}-%{version}.tar.xz -%define sha512 %{name}=d4d23af6671406e97257892f90651b67f2ab95219831372be032190b7156c10a3435d457857e677445df8b2327aacccc15344acbbc3808a6f332a93cce23b444 - -BuildRequires: m4 -BuildRequires: flex - -Requires: m4 -Requires: gettext -Requires: glibc - -%description -This package contains a parser generator - -%prep -%autosetup -p1 - -%build -%configure \ - --disable-silent-rules - -%make_build - -%install -%make_install %{?_smp_mflags} -rm -rf %{buildroot}%{_infodir} -%find_lang %{name} --all-name - -%check -make %{?_smp_mflags} check - -%files -f %{name}.lang -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/*.a -%{_datadir}/%{name}/* -%{_datadir}/aclocal/* -%{_mandir}/*/* -%{_docdir}/%{name}/* - -%changelog -* Sat Jan 14 2023 Ashwin Dayanand Kamat 3.8.2-3 -- Bump version as a part of gettext upgrade -* Wed Dec 21 2022 Shreenidhi Shedi 3.8.2-2 -- Bump version as a part of readline upgrade -* Thu Sep 29 2022 Sharan Turlapati 3.8.2-1 -- Update to version 3.8.2 -* Mon Apr 12 2021 Gerrit Photon 3.7.6-1 -- Automatic Version Bump -* Tue Jan 26 2021 Anish Swaminathan 3.7.1-3 -- Add missing dependency for gettext -* Tue Jan 19 2021 Prashant S Chauhan 3.7.1-2 -- Fix make check -* Wed Sep 02 2020 Gerrit Photon 3.7.1-1 -- Automatic Version Bump -* Wed Jul 08 2020 Gerrit Photon 3.5.2-1 -- Automatic Version Bump -* Tue Sep 18 2018 Tapas Kundu 3.1-1 -- Updated to release 3.1 -* Sun Sep 09 2018 Alexey Makhalov 3.0.4-4 -- Fix compilation issue against glibc-2.28 -* Tue May 24 2016 Priyesh Padmavilasom 3.0.4-3 -- GA - Bump release of all rpms -* Thu Apr 28 2016 Priyesh Padmavilasom 3.0.4-2 -- Removed requires for flex -* Tue Feb 23 2016 Xiaolin Li 3.0.4-1 -- Updated to version 3.0.4 -* Tue Nov 10 2015 Xiaolin Li 3.0.2-3 -- Handled locale files with macro find_lang -* Fri Jun 5 2015 Divya Thaluru 3.0.2-2 -- Adding m4, flex package to build and run time required package -* Wed Nov 5 2014 Divya Thaluru 3.0.2-1 -- Initial build. First version. diff --git a/SPECS/blktrace/blktrace.spec b/SPECS/blktrace/blktrace.spec deleted file mode 100644 index 5c006a09f0..0000000000 --- a/SPECS/blktrace/blktrace.spec +++ /dev/null @@ -1,48 +0,0 @@ -Summary: Utilities for block layer IO tracing -Name: blktrace -Version: 1.3.0 -Release: 1%{?dist} -License: GPLv2 -URL: http://git.kernel.org/cgit/linux/kernel/git/axboe/blktrace.git/tree/README -Group: Development/Tools/Other -Vendor: VMware, Inc. -Distribution: Photon -Source0: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/snapshot/%{name}-%{version}.tar.gz -%define sha512 blktrace=ad2bff481c1a2f972c1319f463bfea16fc3cb7d76173ebc2fe38c2c39a6b28c8f6492d65580ad2aa38f8a701f5439aa30c11336eebf62bbfc51c9a71b67748d9 -BuildRequires: libaio-devel -Requires: libaio - -%description -blktrace is a block layer IO tracing mechanism which provides detailed information about request queue operations up to user space. - -%prep -%autosetup - -%build -make %{?_smp_mflags} - -%install -make install DESTDIR=%{buildroot} prefix=%{_prefix} mandir=%{_mandir} %{?_smp_mflags} - -%clean -rm -rf %{buildroot}/* - -%files -%doc README -%defattr(-,root,root) -%{_bindir} -%{_mandir} - -%changelog -* Thu May 26 2022 Gerrit Photon 1.3.0-1 -- Automatic Version Bump -* Thu Jan 24 2019 Tapas Kundu 1.2.0-3 -- Fix for CVE-2018-10689. -* Sun Sep 23 2018 Sujay G 1.2.0-2 -- Bump blktrace version to 1.2.0 -* Tue May 24 2016 Priyesh Padmavilasom 1.1.0-2 -- GA - Bump release of all rpms -* Thu Jan 21 2016 Xiaolin Li 1.1.0-1 -- Updated to version 1.1.0 -* Mon Nov 30 2015 Harish Udaiya Kumar 1.0.5-1 -- Initial build. First version diff --git a/SPECS/bluez-tools/bluez-tools-gcc-10.patch b/SPECS/bluez-tools/bluez-tools-gcc-10.patch deleted file mode 100644 index 571d9de849..0000000000 --- a/SPECS/bluez-tools/bluez-tools-gcc-10.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 687105d611b38961f390f0a328f9cfa3b93aeb18 Mon Sep 17 00:00:00 2001 -From: Leigh Scott -Date: Tue, 28 Jan 2020 22:46:37 +0000 -Subject: [PATCH] fix gcc-10 compile - ---- - src/lib/agent-helper.c | 2 ++ - src/lib/agent-helper.h | 4 ++-- - 2 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/lib/agent-helper.c b/src/lib/agent-helper.c -index bf50bcc..2b94100 100644 ---- a/src/lib/agent-helper.c -+++ b/src/lib/agent-helper.c -@@ -33,6 +33,8 @@ - - #include "agent-helper.h" - -+gboolean agent_need_unregister; -+ - static const gchar *_bt_agent_introspect_xml = "\n\t\n\t\t\n\t\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\n\t\t\n\t\t\t\n\t\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\n\t\t\n\t\t\n\t\n\n"; - static guint _bt_agent_registration_id = 0; - static GHashTable *_pin_hash_table = NULL; -diff --git a/src/lib/agent-helper.h b/src/lib/agent-helper.h -index 8e1cc85..9a952c4 100644 ---- a/src/lib/agent-helper.h -+++ b/src/lib/agent-helper.h -@@ -35,7 +35,7 @@ extern "C" { - #define AGENT_DBUS_INTERFACE "org.bluez.Agent1" - #define AGENT_PATH "/org/blueztools" - --gboolean agent_need_unregister; -+extern gboolean agent_need_unregister; - - void register_agent_callbacks(gboolean interactive_console, GHashTable *pin_dictonary, gpointer main_loop_object, GError **error); - void unregister_agent_callbacks(GError **error); -@@ -44,4 +44,4 @@ void unregister_agent_callbacks(GError **error); - } - #endif - --#endif /* __AGENT_HELPER_H */ -\ No newline at end of file -+#endif /* __AGENT_HELPER_H */ diff --git a/SPECS/bluez-tools/bluez-tools.spec b/SPECS/bluez-tools/bluez-tools.spec deleted file mode 100644 index ac395f08f8..0000000000 --- a/SPECS/bluez-tools/bluez-tools.spec +++ /dev/null @@ -1,58 +0,0 @@ -Summary: A set of tools to manage bluetooth devices for linux -Name: bluez-tools -Version: 0.2.0.20140808 -Release: 5%{?dist} -License: GPL -Group: Applications/Communication -Vendor: VMware, Inc. -Distribution: Photon -URL: https://code.google.com/p/bluez-tools -Source0: /~https://github.com/khvzak/bluez-tools.git/master/bluez-tools-%{version}.tar.gz -%define sha512 %{name}=d0634e24b9c9748e442971edbdbb9be0533f9ba4da3e3e6ba8db266b87f0c60e15a79fb77c2bd633014862d2dbb34f457cdb0888578d3f64d5bec2bf82633839 - -Patch0: bluez-tools-gcc-10.patch - -BuildRequires: dbus-devel -BuildRequires: dbus-glib-devel - -Requires: bluez - -%description -A set of tools to manage bluetooth devices for linux. - -%prep -%autosetup -p1 - -%build -./autogen.sh -%configure -make %{?_smp_mflags} - -%install -make DESTDIR=%{buildroot} install %{?_smp_mflags} - -%files -%defattr(-,root,root) -%{_bindir}/bt-adapter -%{_bindir}/bt-agent -%{_bindir}/bt-device -%{_bindir}/bt-network -%{_bindir}/bt-obex -%{_mandir}/man1/bt-adapter.1* -%{_mandir}/man1/bt-agent.1* -%{_mandir}/man1/bt-device.1* -%{_mandir}/man1/bt-network.1* -%{_mandir}/man1/bt-obex.1* -%doc AUTHORS COPYING - -%changelog -* Fri Dec 16 2022 Nitesh Kumar 0.2.0.20140808-5 -- Version Bump up to consume bluez v5.66 -* Fri Sep 16 2022 Nitesh Kumar 0.2.0.20140808-4 -- Version Bump up to consume bluez v5.65 -* Thu Mar 17 2022 Nitesh Kumar 0.2.0.20140808-3 -- Version Bump up to consume bluez v5.63 -* Thu Jan 14 2021 Alexey Makhalov 0.2.0.20140808-2 -- GCC-10 support. -* Mon Jan 6 2020 Ajay Kaher 0.2.0.20140808-1 -- Initial version diff --git a/SPECS/bluez/bluez-CVE-2023-27349.patch b/SPECS/bluez/bluez-CVE-2023-27349.patch deleted file mode 100644 index a3c52b869c..0000000000 --- a/SPECS/bluez/bluez-CVE-2023-27349.patch +++ /dev/null @@ -1,44 +0,0 @@ -From f54299a850676d92c3dafd83e9174fcfe420ccc9 Mon Sep 17 00:00:00 2001 -From: Luiz Augusto von Dentz -Date: Wed, 22 Mar 2023 11:34:24 -0700 -Subject: [PATCH] avrcp: Fix crash while handling unsupported events - -The following crash can be observed if the remote peer send and -unsupported event: - -ERROR: AddressSanitizer: heap-use-after-free on address 0x60b000148f11 - at pc 0x559644552088 bp 0x7ffe28b3c7b0 sp 0x7ffe28b3c7a0 - WRITE of size 1 at 0x60b000148f11 thread T0 - #0 0x559644552087 in avrcp_handle_event profiles/audio/avrcp.c:3907 - #1 0x559644536c22 in control_response profiles/audio/avctp.c:939 - #2 0x5596445379ab in session_cb profiles/audio/avctp.c:1108 - #3 0x7fbcb3e51c43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43) - #4 0x7fbcb3ea66c7 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xaa6c7) - #5 0x7fbcb3e512b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2) - #6 0x559644754ab6 in mainloop_run src/shared/mainloop-glib.c:66 - #7 0x559644755606 in mainloop_run_with_signal src/shared/mainloop-notify.c:188 - #8 0x5596445bb963 in main src/main.c:1289 - #9 0x7fbcb3bafd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 - #10 0x7fbcb3bafe3f in __libc_start_main_impl ../csu/libc-start.c:392 - #11 0x5596444e8224 in _start (/usr/local/libexec/bluetooth/bluetoothd+0xf0224) ---- - profiles/audio/avrcp.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/profiles/audio/avrcp.c b/profiles/audio/avrcp.c -index 80f34c7a77..dda9a303fb 100644 ---- a/profiles/audio/avrcp.c -+++ b/profiles/audio/avrcp.c -@@ -3901,6 +3901,12 @@ static gboolean avrcp_handle_event(struct avctp *conn, uint8_t code, - case AVRCP_EVENT_UIDS_CHANGED: - avrcp_uids_changed(session, pdu); - break; -+ default: -+ if (event > AVRCP_EVENT_LAST) { -+ warn("Unsupported event: %u", event); -+ return FALSE; -+ } -+ break; - } - - session->registered_events |= (1 << event); diff --git a/SPECS/bluez/bluez.spec b/SPECS/bluez/bluez.spec deleted file mode 100644 index d78c1792cb..0000000000 --- a/SPECS/bluez/bluez.spec +++ /dev/null @@ -1,114 +0,0 @@ -Summary: Bluetooth utilities -Name: bluez -Version: 5.66 -Release: 3%{?dist} -License: GPLv2+ -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon -URL: http://www.bluez.org - -Source0: http://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz -%define sha512 %{name}=ed0994932687eacf27207867366671b323671f5d5199daf36ea5eff8f254f2bc99ef989ef7df9883b35c06f2af60452be8bad0a06109428a4717cf2b247b4865 - -Patch0: bluez-CVE-2023-27349.patch - -BuildRequires: libical-devel -BuildRequires: glib-devel -BuildRequires: dbus-devel -BuildRequires: systemd-devel -BuildRequires: python3-docutils - -Requires: dbus -Requires: glib -Requires: libical -Requires: systemd -Requires: python3-docutils - -%description -Utilities for use in Bluetooth applications. -The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A. - -%package devel -Summary: Development libraries for Bluetooth applications -Group: Development/System -Requires: %{name} = %{version}-%{release} - -%description devel -bluez-devel contains development libraries and headers for -use in Bluetooth applications. - -%prep -%autosetup -p1 - -%build -%configure \ - --enable-tools \ - --enable-library \ - --enable-usb \ - --enable-threads \ - --enable-monitor \ - --enable-obex \ - --enable-systemd \ - --enable-experimental \ - --enable-deprecated \ - --disable-cups - -%make_build - -%install -%make_install %{?_smp_mflags} - -%check -make %{?_smp_mflags} -k check - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_libexecdir}/bluetooth/obexd -%{_libexecdir}/bluetooth/bluetoothd -%{_datadir}/zsh/site-functions/_bluetoothctl -%{_libdir}/*.so.* -%{_datadir}/dbus-1/system-services/org.bluez.service -%{_datadir}/dbus-1/services/org.bluez.obex.service -%{_libdir}/systemd/user/obex.service -%{_unitdir}/bluetooth.service -%config(noreplace) %{_sysconfdir}/dbus-1/system.d/bluetooth.conf - -%files devel -%defattr(-,root,root) -%{_includedir}/bluetooth/*.h -%{_libdir}/*.so -%{_libdir}/pkgconfig/*.pc -%{_datadir}/man/* - -%changelog -* Fri May 12 2023 Nitesh Kumar 5.66-3 -- Patched to fix CVE-2023-27349 -* Thu Dec 22 2022 Shreenidhi Shedi 5.66-2 -- Bump version as a part of readline upgrade -* Fri Dec 16 2022 Nitesh Kumar 5.66-1 -- Version upgrade to v5.66 -* Sun Sep 18 2022 Shreenidhi Shedi 5.65-2 -- Remove .la files -* Fri Sep 16 2022 Nitesh Kumar 5.65-1 -- Version upgrade to v5.65 -* Mon Apr 18 2022 Gerrit Photon 5.64-1 -- Automatic Version Bump -* Tue Mar 15 2022 Nitesh Kumar 5.63-1 -- Version upgrade to 5.63, Address CVE-2021-3658 -* Fri Dec 03 2021 Nitesh Kumar 5.58-2 -- Patched to fix CVE-2021-41229 -* Tue Apr 13 2021 Gerrit Photon 5.58-1 -- Automatic Version Bump -* Mon Apr 12 2021 Gerrit Photon 5.56-1 -- Automatic Version Bump -* Wed Sep 09 2020 Gerrit Photon 5.55-1 -- Automatic Version Bump -* Mon Jul 13 2020 Gerrit Photon 5.54-1 -- Automatic Version Bump -* Mon Jan 6 2020 Ajay Kaher 5.52-1 -- Initial version diff --git a/SPECS/boost/boost.spec b/SPECS/boost/boost.spec deleted file mode 100644 index c8116e5be4..0000000000 --- a/SPECS/boost/boost.spec +++ /dev/null @@ -1,88 +0,0 @@ -%define main_version 1_80_0 -Summary: Boost -Name: boost -Version: 1.80.0 -Release: 1%{?dist} -License: Boost Software License V1 -URL: http://www.boost.org -Group: System Environment/Security -Vendor: VMware, Inc. -Distribution: Photon -Source0: https://boostorg.jfrog.io/artifactory/main/release/%{version}/source/boost_%{main_version}.tar.bz2 -%define sha512 boost=829a95b463473d69ff79ea41799c68429bb79d3b2321fbdb71df079af237ab01de9ad7e9612d8783d925730acada010068d2d1aa856c34244ee5c0ece16f208f - -BuildRequires: bzip2-devel - -%description -Boost provides a set of free peer-reviewed portable C++ source libraries. -It includes libraries for linear algebra, pseudorandom number generation, -multithreading, image processing, regular expressions and unit testing. - -%package devel -Summary: Development files for boost -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} - -%description devel -The boost-devel package contains libraries, header files and documentation for developing applications that use boost. - -%package static -Summary: boost static libraries -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} - -%description static -The boost-static package contains boost static libraries. - -%prep -%autosetup -p1 -n boost_%{main_version} - -%build -./bootstrap.sh --prefix=%{buildroot}%{_prefix} -./b2 %{?_smp_mflags} stage threading=multi - -%install -./b2 install threading=multi - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_libdir}/libboost_*.so.* -%{_libdir}/cmake/*.cmake -%{_libdir}/cmake/*/*.cmake - -%files devel -%defattr(-,root,root) -%{_includedir}/boost/* -%{_libdir}/libboost_*.so - -%files static -%defattr(-,root,root) -%{_libdir}/libboost_*.a - -%changelog -* Fri Aug 19 2022 Ajay Kaher 1.80.0-1 -- Version update -* Mon Apr 12 2021 Gerrit Photon 1.76.0-1 -- Automatic Version Bump -* Fri Aug 28 2020 Gerrit Photon 1.74.0-1 -- Automatic Version Bump -* Tue Sep 11 2018 Srivatsa S. Bhat 1.66.0-1 -- Update to version 1.66.0 -* Thu Apr 06 2017 Anish Swaminathan 1.63.0-1 -- Upgraded to version 1.63.0 -* Thu Mar 23 2017 Vinay Kulkarni 1.60.0-3 -- Build static libs in additon to shared. -* Tue May 24 2016 Priyesh Padmavilasom 1.60.0-2 -- GA - Bump release of all rpms -* Wed Apr 27 2016 Xiaolin Li 1.60.0-1 -- Update to version 1.60.0. -* Thu Oct 01 2015 Xiaolin Li 1.56.0-2 -- Move header files to devel package. -* Tue Feb 10 2015 Divya Thaluru 1.56.0-1 -- Initial build. First version diff --git a/SPECS/bpftrace/bpftrace.spec b/SPECS/bpftrace/bpftrace.spec deleted file mode 100644 index 8304e03d1c..0000000000 --- a/SPECS/bpftrace/bpftrace.spec +++ /dev/null @@ -1,116 +0,0 @@ -# The post hooks strip the binary which removes -# the BEGIN_trigger and END_trigger functions -# which are needed for the BEGIN and END probes -%global __os_install_post %{nil} -%global _find_debuginfo_opts -g - -Name: bpftrace -Version: 0.18.0 -Release: 1%{?dist} -Summary: High-level tracing language for Linux eBPF -License: ASL 2.0 -Vendor: VMware, Inc. -Distribution: Photon -Group: System Environment/Security -URL: /~https://github.com/iovisor/bpftrace - -Source0: /~https://github.com/iovisor/bpftrace/archive/%{name}-%{version}.tar.gz -%define sha512 %{name}=b7da273d251f03a81b3a7097407352e7ad1d023972852bdb883176e97bab7046f9f327bd03bca51fe853ecaab5f60adc6994e75cb450a033a5b91118f719c36d - -BuildRequires: bison -BuildRequires: flex -BuildRequires: cmake -BuildRequires: elfutils-libelf-devel -BuildRequires: zlib-devel -BuildRequires: llvm-devel -BuildRequires: clang-devel -BuildRequires: libbpf-devel -BuildRequires: binutils-devel -BuildRequires: cereal-devel -BuildRequires: curl-devel -BuildRequires: libbpf-devel -BuildRequires: bcc-devel -BuildRequires: libxml2-devel -BuildRequires: libffi-devel -BuildRequires: libpcap-devel -BuildRequires: systemtap-sdt-devel - -Requires: bcc -Requires: bcc-tools -Requires: clang -Requires: llvm -Requires: zlib -Requires: libbpf - -%description -BPFtrace is a high-level tracing language for Linux enhanced Berkeley Packet -Filter (eBPF) available in recent Linux kernels (4.x). BPFtrace uses LLVM as a -backend to compile scripts to BPF-bytecode and makes use of BCC for -interacting with the Linux BPF system, as well as existing Linux tracing -capabilities: kernel dynamic tracing (kprobes), user-level dynamic tracing -(uprobes), and tracepoints. The BPFtrace language is inspired by awk and C, -and predecessor tracers such as DTrace and SystemTap - -%prep -%autosetup -p1 - -%build -export LDFLAGS="-lz" -%{cmake} \ - -DCMAKE_BUILD_TYPE=RelWithDebInfo \ - -DBUILD_TESTING:BOOL=OFF \ - -DBUILD_SHARED_LIBS:BOOL=OFF \ - -DENABLE_TESTS:BOOL=OFF \ - -DBUILD_DEPS=OFF \ - -DCMAKE_INSTALL_LIBDIR=%{_libdir} \ - -DUSE_SYSTEM_BPF_BCC=ON - -%{cmake_build} - -%install -%{cmake_install} - -find %{buildroot}%{_datadir}/%{name}/tools -type f -exec \ - sed -i -e '1s=^#!/usr/bin/env %{name}\([0-9.]\+\)\?$=#!%{_bindir}/%{name}=' {} \; - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%doc README.md CONTRIBUTING-TOOLS.md -%doc docs/reference_guide.md docs/tutorial_one_liners.md -%license LICENSE -%dir %{_datadir}/%{name} -%dir %{_datadir}/%{name}/tools -%dir %{_datadir}/%{name}/tools/doc -%{_bindir}/%{name} -%{_bindir}/%{name}-aotrt -%{_mandir}/man8/* -%attr(0755,-,-) %{_datadir}/%{name}/tools/*.bt -%attr(0755,-,-) %{_datadir}/%{name}/tools/old/*.bt -%{_datadir}/%{name}/tools/doc/*.txt - -%changelog -* Mon Aug 28 2023 Shreenidhi Shedi 0.18.0-1 -- Upgrade to v0.18.0 -* Tue Jul 11 2023 Shreenidhi Shedi 0.16.0-5 -- Bump version as a part of elfutils upgrade -* Wed Apr 19 2023 Ashwin Dayanand Kamat 0.16.0-4 -- Bump version as a part of libbpf upgrade -* Fri Apr 14 2023 Shreenidhi Shedi 0.16.0-3 -- Bump version as a part of zlib upgrade -* Fri Jan 06 2023 Vamsi Krishna Brahmajosyula 0.16.0-2 -- Bump up due to change in elfutils -* Tue Sep 27 2022 Shreenidhi Shedi 0.16.0-1 -- Upgrade to v0.16.0 -* Fri Jun 17 2022 Shreenidhi Shedi 0.12.1-2 -- Fix build with latest cmake -* Thu Apr 29 2021 Gerrit Photon 0.12.1-1 -- Automatic Version Bump -* Sat Oct 17 2020 Shreenidhi Shedi 0.11.1-2 -- Fix aarch64 build errors -* Fri Sep 25 2020 Gerrit Photon 0.11.1-1 -- Automatic Version Bump -* Wed Sep 09 2020 Susant Sahani 0.11.0-1 -- Initial RPM release diff --git a/SPECS/bridge-utils/bridge-utils-1.5-linux_3.8_fix-2.patch b/SPECS/bridge-utils/bridge-utils-1.5-linux_3.8_fix-2.patch deleted file mode 100644 index 310e9109e0..0000000000 --- a/SPECS/bridge-utils/bridge-utils-1.5-linux_3.8_fix-2.patch +++ /dev/null @@ -1,40 +0,0 @@ -Submitted By: Bruce Dubbs -Date: 2013-03-10 -Initial Package Version: 1.5 -Upstream Status: Unknown -Origin: LFS -Description: This patch fixes some autoconf warnings. - - -diff -Naur bridge-utils-1.5.orig/Makefile.in bridge-utils-1.5/Makefile.in ---- bridge-utils-1.5.orig/Makefile.in 2011-03-28 19:52:54.000000000 -0500 -+++ bridge-utils-1.5/Makefile.in 2013-03-10 13:44:41.000000000 -0500 -@@ -9,6 +9,7 @@ - bindir=@bindir@ - sbindir=@sbindir@ - mandir=@mandir@ -+datarootdir=@datarootdir@ - distdir = $(PACKAGE)-$(VERSION) - - SUBDIRS=libbridge brctl doc -diff -Naur bridge-utils-1.5.orig/brctl/Makefile.in bridge-utils-1.5/brctl/Makefile.in ---- bridge-utils-1.5.orig/brctl/Makefile.in 2011-03-28 19:52:54.000000000 -0500 -+++ bridge-utils-1.5/brctl/Makefile.in 2013-03-10 13:44:15.000000000 -0500 -@@ -12,6 +12,7 @@ - bindir=@bindir@ - sbindir=@sbindir@ - mandir=@mandir@ -+datarootdir=@datarootdir@ - - INSTALL=@INSTALL@ - -diff -Naur bridge-utils-1.5.orig/doc/Makefile.in bridge-utils-1.5/doc/Makefile.in ---- bridge-utils-1.5.orig/doc/Makefile.in 2011-03-28 19:52:54.000000000 -0500 -+++ bridge-utils-1.5/doc/Makefile.in 2013-03-10 13:43:39.000000000 -0500 -@@ -9,6 +9,7 @@ - bindir=@bindir@ - sbindir=@sbindir@ - mandir=@mandir@ -+datarootdir=@datarootdir@ - - SUBDIRS=libbridge brctl diff --git a/SPECS/bridge-utils/bridge-utils.spec b/SPECS/bridge-utils/bridge-utils.spec deleted file mode 100644 index e2efdf74eb..0000000000 --- a/SPECS/bridge-utils/bridge-utils.spec +++ /dev/null @@ -1,44 +0,0 @@ -Summary: Utilities for configuring and managing bridge devices -Name: bridge-utils -Version: 1.7.1 -Release: 1%{?dist} -License: GPLv2+ -URL: http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon -Source0: https://mirrors.edge.kernel.org/pub/linux/utils/net/bridge-utils/%{name}-%{version}.tar.xz -%define sha1 %{name}=07266dff2bf31a24fc912314b6764251ce645a39 - -%description -The bridge-utils package contains a utility needed to create and manage bridge devices. -This is useful in setting up networks for a hosted virtual machine (VM). - -%prep -%autosetup -p1 - -%build -autoconf -%configure \ - --prefix=%{_prefix} -make %{?_smp_mflags} - -%install -make DESTDIR=%{buildroot} install %{?_smp_mflags} - -%files -%defattr(-,root,root) -%{_sbindir}/brctl -%{_mandir}/man8/* - -%changelog -* Thu Apr 29 2021 Gerrit Photon 1.7.1-1 -- Automatic Version Bump -* Thu Apr 06 2017 Anish Swaminathan 1.6-1 -- Upgraded to version 1.6 -* Mon Sep 12 2016 Alexey Makhalov 1.5-3 -- Update patch to fix-2. -* Tue May 24 2016 Priyesh Padmavilasom 1.5-2 -- GA - Bump release of all rpms -* Tue May 19 2015 Divya Thaluru 1.5-1 -- Initial build. First version diff --git a/SPECS/btrfs-progs/btrfs-progs.spec b/SPECS/btrfs-progs/btrfs-progs.spec deleted file mode 100644 index 83c3ee05a4..0000000000 --- a/SPECS/btrfs-progs/btrfs-progs.spec +++ /dev/null @@ -1,111 +0,0 @@ -Name: btrfs-progs -Version: 6.1.3 -Release: 1%{?dist} -Summary: Userspace programs for btrfs -Group: System Environment/Base -License: GPLv2+ -URL: http://btrfs.wiki.kernel.org/index.php/Main_Page -Source0: https://www.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs/%{name}-v%{version}.tar.xz -%define sha512 %{name}=a266316d38cc34a07d73e9fa40840bc058e235fb0d1b4fdfe7aea26f613d14fc62acb731329371386e22c68d770e151ec803ee2a6a82bf185f4c3254555d60bc -Vendor: VMware, Inc. -Distribution: Photon - -BuildRequires: lzo-devel -BuildRequires: e2fsprogs-devel -BuildRequires: libacl-devel -BuildRequires: python3-devel -BuildRequires: python3-setuptools -BuildRequires: python3-xml -BuildRequires: xmlto -BuildRequires: asciidoc3 -BuildRequires: systemd-devel - -Requires: e2fsprogs -Requires: lzo - -%description -The btrfs-progs package provides all the userspace programs needed to create, -check, modify and correct any inconsistencies in the btrfs filesystem. - -%package devel -Summary: btrfs filesystem-specific libraries and headers -Group: Development/Libraries -Requires: btrfs-progs = %{version}-%{release} - -%description devel -btrfs-progs-devel contains the libraries and header files needed to -develop btrfs filesystem-specific programs. - -You should install btrfs-progs-devel if you want to develop -btrfs filesystem-specific programs. - -%prep -%autosetup -p1 -n %{name}-v%{version} - -%build -sh ./autogen.sh -%configure \ - --disable-zstd \ - --disable-documentation -make DISABLE_DOCUMENTATION=1 %{?_smp_mflags} - -%install -#disabled the documentation -make DISABLE_DOCUMENTATION=1 mandir=%{_mandir} bindir=%{_sbindir} libdir=%{_libdir} incdir=%{_includedir} install DESTDIR=%{buildroot} %{?_smp_mflags} - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root,-) -%doc COPYING -%{_libdir}/libbtrfs.so.0* -%{_libdir}/libbtrfsutil.so.1* -%{_sbindir}/btrfsck -%{_sbindir}/fsck.btrfs -%{_sbindir}/mkfs.btrfs -%{_sbindir}/btrfs-image -%{_sbindir}/btrfs-convert -%{_sbindir}/btrfstune -%{_sbindir}/btrfs -%{_sbindir}/btrfs-map-logical -%{_sbindir}/btrfs-find-root -%{_udevrulesdir}/64-btrfs-dm.rules -%{_udevrulesdir}/64-btrfs-zoned.rules -%{_sbindir}/btrfs-select-super - -%files devel -%{_includedir}/* -%exclude %{_libdir}/libbtrfs.a -%exclude %{_libdir}/libbtrfsutil.a -%{_libdir}/libbtrfs.so -%{_libdir}/libbtrfsutil.so -%{_libdir}/pkgconfig/libbtrfsutil.pc - -%changelog -* Fri Feb 10 2023 Gerrit Photon 6.1.3-1 -- Automatic Version Bump -* Tue Dec 06 2022 Prashant S Chauhan 5.11.1-2 -- Update release to compile with python 3.11 -* Mon Apr 12 2021 Gerrit Photon 5.11.1-1 -- Automatic Version Bump -* Fri Jul 17 2020 Tapas Kundu 5.7-2 -- Use asciidoc3 -* Mon Jun 22 2020 Gerrit Photon 5.7-1 -- Automatic Version Bump -* Mon Nov 19 2018 Sujay G 4.19-1 -- Bump btrfs-progs version to 4.19 -* Wed Sep 19 2018 Alexey Makhalov 4.10.2-2 -- Fix compilation issue againts e2fsprogs-1.44 -* Fri Apr 07 2017 Anish Swaminathan 4.10.2-1 -- Upgrade to 4.10.2 -* Wed Oct 05 2016 ChangLee 4.4-3 -- Modified %check -* Tue May 24 2016 Priyesh Padmavilasom 4.4-2 -- GA - Bump release of all rpms -* Thu Feb 25 2016 Anish Swaminathan 4.4-1 -- Upgrade to 4.4 -* Thu Feb 26 2015 Divya Thaluru 3.18.2-1 -- Initial version diff --git a/SPECS/bubblewrap/bubblewrap.spec b/SPECS/bubblewrap/bubblewrap.spec deleted file mode 100644 index 6851d07d5c..0000000000 --- a/SPECS/bubblewrap/bubblewrap.spec +++ /dev/null @@ -1,60 +0,0 @@ -Summary: setuid implementation of a subset of user namespaces. -Name: bubblewrap -Version: 0.7.0 -Release: 1%{?dist} -License: LGPLv2+ -URL: /~https://github.com/projectatomic/bubblewrap -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon -Source0: /~https://github.com/projectatomic/bubblewrap/releases/download/v%{version}/%{name}-%{version}.tar.gz -%define sha512 bubblewrap=01ec30b01f70ff896b407d4979df0bc1a75d0b441a388f7be7aa9a4c9f56e6a1e2ae2ae4dbe4d6262a0218f577a8ad317db4217d5663ea9bd8c1d5c4293c39a7 - -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: libtool -BuildRequires: libcap-devel - -Requires: libcap - -%description -Bubblewrap could be viewed as setuid implementation of a subset of user namespaces. Emphasis on subset - specifically relevant to the above CVE, bubblewrap does not allow control over iptables. -The original bubblewrap code existed before user namespaces - it inherits code from xdg-app helper which in turn distantly derives from linux-user-chroot. - -%prep -%autosetup -p1 - -%build -sh autogen.sh -%configure \ - --disable-silent-rules \ - --with-priv-mode=none -make %{?_smp_mflags} - -%install -[ %{buildroot} != "/" ] && rm -rf %{buildroot}/* -make install DESTDIR=%{buildroot} %{?_smp_mflags} - -%check -make %{?_smp_mflags} check - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_bindir}/bwrap -%{_datadir}/bash-completion/completions/bwrap -%{_datadir}/zsh/site-functions/_bwrap - -%changelog -* Thu Dec 15 2022 Gerrit Photon 0.7.0-1 -- Automatic Version Bump -* Thu May 26 2022 Gerrit Photon 0.6.2-1 -- Automatic Version Bump -* Mon Jun 22 2020 Gerrit Photon 0.4.1-1 -- Automatic Version Bump -* Mon Sep 03 2018 Keerthana K 0.3.0-1 -- Updated to version 0.3.0. -* Thu Aug 03 2017 Xiaolin Li 0.1.8-1 -- Initial build. First version diff --git a/SPECS/build-essential/build-essential.spec b/SPECS/build-essential/build-essential.spec deleted file mode 100644 index 4dcdee530d..0000000000 --- a/SPECS/build-essential/build-essential.spec +++ /dev/null @@ -1,45 +0,0 @@ -Name: build-essential -Summary: Metapackage to install all build tools -Version: 0.1 -Release: 4%{?dist} -Group: Development/Tools -License: GPLv2 -Vendor: VMware, Inc. -Distribution: Photon - -Requires: autoconf -Requires: automake -Requires: binutils -Requires: bison -Requires: diffutils -Requires: file -Requires: gawk -Requires: gcc -Requires: glibc-devel -Requires: gzip -Requires: linux-api-headers -Requires: libtool -Requires: make -Requires: patch -Requires: pkg-config -Requires: tar - -%description -Metapackage to install all build tools - -%prep - -%build - -%files -%defattr(-,root,root,0755) - -%changelog -* Mon Jul 25 2022 Oliver Kurth 0.1-4 -- Add file, gzip, pkg-config and tar -* Fri Dec 07 2018 Srivatsa S. Bhat (VMware) 0.1-3 -- Add patch and bison -* Thu Dec 15 2016 Alexey Makhalov 0.1-2 -- Added diffutils -* Fri Aug 5 2016 Dheeraj Shetty 0.1-1 -- Initial diff --git a/SPECS/byacc/byacc.spec b/SPECS/byacc/byacc.spec deleted file mode 100644 index ce8744908c..0000000000 --- a/SPECS/byacc/byacc.spec +++ /dev/null @@ -1,61 +0,0 @@ -%define byaccdate 20221106 - -Summary: Berkeley Yacc, a parser generator -Name: byacc -Version: 2.0.20221106 -Release: 1%{?dist} -License: Public Domain -Group: Development/Tools -Vendor: VMware, Inc. -URL: https://byaccj.sourceforge.net -Distribution: Photon - -Source0: https://invisible-island.net/archives/%{name}/%{name}-%{byaccdate}.tgz -%define sha512 %{name}=866933b4eb2296565ce70b4ade565e4679f3b652715f0066072bbcc42b95389fa47a2f96cd03de577807dcc49bf453b1d4f7e22b96c80fef1aa66898d3de5d5c - -BuildRequires: gcc -BuildRequires: make - -Conflicts: bison - -%description -This package provides a parser generator utility that reads a grammar -specification from a file and generates an LR(1) parser for it. The -parsers consist of a set of LALR(1) parsing tables and a driver -routine written in the C programming language. It has a public domain -license which includes the generated C. - -If you are going to do development on your system, you will want to install -this package. - -%prep -%autosetup -p1 -n %{name}-%{byaccdate} - -%build -%configure --disable-dependency-tracking - -%make_build - -%install -%make_install -ln -sv yacc %{buildroot}%{_bindir}/%{name} -ln -sv yacc.1 %{buildroot}%{_mandir}/man1/%{name}.1 - -%if 0%{?with_check} -%check -make %{?_smp_mflags} check -%endif - -%files -%{_bindir}/yacc -%{_bindir}/%{name} -%{_mandir}/man1/yacc.1* -%{_mandir}/man1/%{name}.1* - -%changelog -* Tue Oct 25 2022 Gerrit Photon 2.0.20221106-1 -- Automatic Version Bump -* Thu Sep 29 2022 Shreenidhi Shedi 2.0.20220128-2 -- Spec fixes -* Tue Sep 13 2022 Roye Eshed 2.0.20220128-1 -- Adding of the byacc spec file for photon based on the Fedora SPEC file. diff --git a/SPECS/bzip2/bzip2-1.0.8-install_docs-1.patch b/SPECS/bzip2/bzip2-1.0.8-install_docs-1.patch deleted file mode 100644 index c3b0230c98..0000000000 --- a/SPECS/bzip2/bzip2-1.0.8-install_docs-1.patch +++ /dev/null @@ -1,42 +0,0 @@ -Submitted By: Matthew Burgess -Date: 2007-01-31 -Initial Package Version: 1.0.4 -Upstream Status: Not submitted -Origin: Randy McMurchy & Steve Crosby -Description: Installs pre-formatted documentation - -diff -Naur bzip2-1.0.4.orig/Makefile bzip2-1.0.4/Makefile ---- bzip2-1.0.4.orig/Makefile 2007-01-03 03:49:21.000000000 +0000 -+++ bzip2-1.0.4/Makefile 2007-01-26 20:00:01.000000000 +0000 -@@ -25,7 +25,7 @@ - - # Where you want it installed when you do 'make install' - PREFIX=/usr/local -- -+DOCDIR=share/doc/$(DISTNAME) - - OBJS= blocksort.o \ - huffman.o \ -@@ -74,6 +74,7 @@ - if ( test ! -d $(PREFIX)/lib ) ; then mkdir -p $(PREFIX)/lib ; fi - if ( test ! -d $(PREFIX)/man ) ; then mkdir -p $(PREFIX)/man ; fi - if ( test ! -d $(PREFIX)/man/man1 ) ; then mkdir -p $(PREFIX)/man/man1 ; fi -+ if ( test ! -d $(PREFIX)/$(DOCDIR) ) ; then mkdir -p $(PREFIX)/$(DOCDIR); fi - if ( test ! -d $(PREFIX)/include ) ; then mkdir -p $(PREFIX)/include ; fi - cp -f bzip2 $(PREFIX)/bin/bzip2 - cp -f bzip2 $(PREFIX)/bin/bunzip2 -@@ -107,6 +108,14 @@ - echo ".so man1/bzgrep.1" > $(PREFIX)/man/man1/bzfgrep.1 - echo ".so man1/bzmore.1" > $(PREFIX)/man/man1/bzless.1 - echo ".so man1/bzdiff.1" > $(PREFIX)/man/man1/bzcmp.1 -+ cp -f manual.html $(PREFIX)/$(DOCDIR) -+ cp -f manual.pdf $(PREFIX)/$(DOCDIR) -+ cp -f manual.ps $(PREFIX)/$(DOCDIR) -+ cp -f bzip2.txt $(PREFIX)/$(DOCDIR) -+ chmod a+r $(PREFIX)/$(DOCDIR)/manual.html -+ chmod a+r $(PREFIX)/$(DOCDIR)/manual.pdf -+ chmod a+r $(PREFIX)/$(DOCDIR)/manual.ps -+ chmod a+r $(PREFIX)/$(DOCDIR)/bzip2.txt - - clean: - rm -f *.o libbz2.a bzip2 bzip2recover \ diff --git a/SPECS/bzip2/bzip2.spec b/SPECS/bzip2/bzip2.spec deleted file mode 100644 index ccd0574b32..0000000000 --- a/SPECS/bzip2/bzip2.spec +++ /dev/null @@ -1,138 +0,0 @@ -Summary: Contains programs for compressing and decompressing files -Name: bzip2 -Version: 1.0.8 -Release: 5%{?dist} -License: BSD -URL: https://www.sourceware.org/bzip2 -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://sourceware.org/pub/bzip2/%{name}-%{version}.tar.gz -%define sha512 %{name}=083f5e675d73f3233c7930ebe20425a533feedeaaa9d8cc86831312a6581cefbe6ed0d08d2fa89be81082f2a5abdabca8b3c080bf97218a1bd59dc118a30b9f3 - -# Downloaded from: -# https://www.linuxfromscratch.org/patches/lfs/9.1/bzip2-1.0.8-install_docs-1.patch -Patch0: %{name}-%{version}-install_docs-1.patch - -Requires: %{name}-libs = %{version}-%{release} - -Conflicts: toybox < 0.8.2-2 -Provides: libbz2.so.1()(64bit) - -%description -The Bzip2 package contains programs for compressing and -decompressing files. Compressing text files with %{name} yields a much better -compression percentage than with the traditional gzip. - -%package devel -Summary: Header and development files for %{name} -Requires: %{name} = %{version}-%{release} -%description devel -It contains the libraries and header files to create applications - -%package libs -Summary: Libraries for %{name} -Group: System Environment/Libraries -%description libs -This package contains minimal set of shared %{name} libraries. - -%prep -%autosetup -p1 -sed -i 's@\(ln -s -f \)$(PREFIX)/bin/@\1@' Makefile -sed -i "s@(PREFIX)/man@(PREFIX)/share/man@g" Makefile - -%build -if [ %{_host} != %{_build} ]; then - MFLAGS="CC=%{_arch}-unknown-linux-gnu-gcc AR=%{_arch}-unknown-linux-gnu-ar RANLIB=%{_arch}-unknown-linux-gnu-ranlib" - # deactivate buildtime testing - sed -i 's/all: libbz2.a bzip2 bzip2recover test/all: libbz2.a bzip2 bzip2recover/' Makefile -else - MFLAGS= -fi -make VERBOSE=1 %{?_smp_mflags} -f Makefile-libbz2_so $MFLAGS -make clean %{?_smp_mflags} -make VERBOSE=1 %{?_smp_mflags} $MFLAGS - -%install -make PREFIX=%{buildroot}%{_usr} install %{?_smp_mflags} -install -vdm 0755 %{buildroot}%{_lib} -install -vdm 0755 %{buildroot}/bin -cp -av libbz2.so* %{buildroot}%{_lib} -install -vdm 755 %{buildroot}%{_libdir} -ln -sv libbz2.so.%{version} %{buildroot}%{_lib}/libbz2.so -ln -sv libbz2.so.%{version} %{buildroot}%{_lib}/libbz2.so.1 -rm -v %{buildroot}%{_bindir}/{bunzip2,bzcat} -ln -sv %{name} %{buildroot}%{_bindir}/bunzip2 -ln -sv %{name} %{buildroot}%{_bindir}/bzcat - -find %{buildroot} -name '*.a' -delete - -%check -make %{?_smp_mflags} check - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_bindir}/bzcat -%{_bindir}/bunzip2 -%{_bindir}/bzless -%{_bindir}/bzgrep -%{_bindir}/%{name} -%{_bindir}/bzdiff -%{_bindir}/bzfgrep -%{_bindir}/bzcmp -%{_bindir}/bzip2recover -%{_bindir}/bzegrep -%{_bindir}/bzmore -%{_mandir}/man1/bzmore.1.gz -%{_mandir}/man1/bzfgrep.1.gz -%{_mandir}/man1/bzegrep.1.gz -%{_mandir}/man1/bzgrep.1.gz -%{_mandir}/man1/bzdiff.1.gz -%{_mandir}/man1/bzcmp.1.gz -%{_mandir}/man1/bzless.1.gz -%{_mandir}/man1/%{name}.1.gz - -%files devel -%defattr(-,root,root) -%{_includedir}/bzlib.h -%{_libdir}/libbz2.so -%{_docdir}/* - -%files libs -%defattr(-,root,root) -%{_lib}/libbz2.so.* - -%changelog -* Wed Sep 07 2022 Shreenidhi Shedi 1.0.8-5 -- Fix devel package Requires -* Thu Jun 17 2021 Shreenidhi Shedi 1.0.8-4 -- Use 1.0.8 install_docs patch -* Thu Apr 16 2020 Alexey Makhalov 1.0.8-3 -- Do not conflict with toybox >= 0.8.2-2 -* Tue Nov 26 2019 Alexey Makhalov 1.0.8-2 -- Cross compilation support -* Fri Oct 18 2019 Shreyas B 1.0.8-1 -- Upgrade to 1.0.8. -- Remove CVE-2016-3189.patch as the fix already available in the latest version. -* Tue Oct 2 2018 Michelle Wang 1.0.6-9 -- Add conflicts toybox. -* Sun Jun 04 2017 Bo Gan 1.0.6-8 -- Fix symlink. -* Fri Apr 14 2017 Alexey Makhalov 1.0.6-7 -- Added -libs subpackage. -* Fri Oct 21 2016 Kumar Kaushik 1.0.6-6 -- Fixing security bug CVE-2016-3189. -* Tue May 24 2016 Priyesh Padmavilasom 1.0.6-5 -- GA - Bump release of all rpms. -* Tue Nov 10 2015 Mahmoud Bassiouny 1.0.6-4 -- Providing libbz2.so.1, miror fix for devel provides. -* Fri Jun 5 2015 Divya Thaluru 1.0.6-3 -- Adding bzip2 package run time required package for bzip2-devel package. -* Mon May 18 2015 Touseef Liaqat 1.0.6-2 -- Update according to UsrMove. -* Wed Nov 5 2014 Divya Thaluru 1.0.6-1 -- Initial build First version. diff --git a/SPECS/c-ares/c-ares.spec b/SPECS/c-ares/c-ares.spec deleted file mode 100644 index 6ad0dbc323..0000000000 --- a/SPECS/c-ares/c-ares.spec +++ /dev/null @@ -1,97 +0,0 @@ -Summary: A library that performs asynchronous DNS operations -Name: c-ares -Version: 1.18.1 -Release: 1%{?dist} -License: MIT -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon -URL: http://c-ares.haxx.se/ -Source0: http://c-ares.haxx.se/download/%{name}-%{version}.tar.gz -%define sha512 c-ares=1276ec0799916019f8c0af6b55a139701bd15e0ca4a00811d07963893978bc96c107b980f0fd49f81aa70bc8b3b8cd671195ba357c390772d4c2c5643c50c5a5 -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: libtool - -%description -c-ares is a C library that performs DNS requests and name resolves -asynchronously. c-ares is a fork of the library named 'ares', written -by Greg Hudson at MIT. - -%package devel -Summary: Development files for c-ares -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} -Requires: pkg-config - -%description devel -This package contains the header files and libraries needed to -compile applications or shared objects that use c-ares. - -%prep -%autosetup -p1 -f=CHANGES ; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f - -%build -autoreconf -if -%configure \ - --enable-shared \ - --disable-static \ - --disable-dependency-tracking -%{__make} %{?_smp_mflags} - -%install -rm -rf %{buildroot} -make %{?_smp_mflags} DESTDIR=%{buildroot} install -rm -f %{buildroot}/%{_libdir}/libcares.la - -%check -pushd - # few of the Live and Mock Tests are network setup dependent, can be skipped - # source: /~https://github.com/c-ares/c-ares/tree/main/test - ./arestest --gtest_filter=-*MockChannelTest* -popd - -%clean -rm -rf %{buildroot} - -%ldconfig_scriptlets - -%files -%defattr(-, root, root) -%doc README.md README.msvc README.cares CHANGES NEWS -%{_libdir}/*.so.* - -%files devel -%defattr(-, root, root, 0755) -%{_includedir}/ares.h -%{_includedir}/ares_build.h -%{_includedir}/ares_dns.h -%{_includedir}/ares_nameser.h -%{_includedir}/ares_rules.h -%{_includedir}/ares_version.h -%{_libdir}/*.so -%{_libdir}/pkgconfig/libcares.pc -%{_mandir}/man3/ares_* - -%changelog -* Wed Apr 27 2022 Prashant S Chauhan 1.18.1-1 -- Version update to 1.18.1 -* Mon Aug 09 2021 Prashant S Chauhan 1.17.1-2 -- Fix CVE-2021-3672 -* Mon Apr 12 2021 Gerrit Photon 1.17.1-1 -- Automatic Version Bump -* Mon Jun 22 2020 Gerrit Photon 1.16.1-1 -- Automatic Version Bump -* Fri Sep 21 2018 Sujay G 1.14.0-1 -- Bump c-ares version to 1.14.0 -* Fri Sep 29 2017 Dheeraj Shetty 1.12.0-2 -- Fix for CVE-2017-1000381 -* Fri Apr 07 2017 Anish Swaminathan 1.12.0-1 -- Upgrade to 1.12.0 -* Wed Oct 05 2016 Xiaolin Li 1.10.0-3 -- Apply patch for CVE-2016-5180. -* Tue May 24 2016 Priyesh Padmavilasom 1.10.0-2 -- GA - Bump release of all rpms -* Wed Feb 03 2016 Anish Swaminathan - 1.10.0-1 -- Initial version diff --git a/SPECS/ca-certificates/ca-certificates.spec b/SPECS/ca-certificates/ca-certificates.spec deleted file mode 100644 index 2180bd549f..0000000000 --- a/SPECS/ca-certificates/ca-certificates.spec +++ /dev/null @@ -1,312 +0,0 @@ -Summary: Certificate Authority certificates -Name: ca-certificates -Version: 20230315 -Release: 2%{?dist} -License: Custom -URL: http://anduin.linuxfromscratch.org/BLFS/other -Group: System Environment/Security -Vendor: VMware, Inc. -Distribution: Photon - -Source0: certdata.txt - -Requires: openssl-libs -Requires: ca-certificates-pki = %{version}-%{release} -Requires(posttrans): /usr/bin/ln - -BuildRequires: openssl - -Provides: ca-certificates-mozilla = %{version}-%{release} - -%description -The Public Key Inrastructure is used for many security issues in a -Linux system. In order for a certificate to be trusted, it must be -signed by a trusted agent called a Certificate Authority (CA). The -certificates loaded by this section are from the list on the Mozilla -version control system and formats it into a form used by -OpenSSL-1.0.1e. The certificates can also be used by other applications -either directly of indirectly through openssl. - -%package pki -Summary: Certificate Authority certificates (pki tls certs) -Group: System Environment/Security - -%description pki -Certificate Authority certificates (pki tls certs) - -%prep -p exit - -%build -install -vdm 755 %{_builddir}%{_bindir} -cp %{SOURCE0} %{_builddir} - -# make-cert.pl -cat > %{_builddir}%{_bindir}/make-cert.pl << "EOF" -#!/usr/bin/perl -w -# Used to generate PEM encoded files from Mozilla certdata.txt. -# Run as ./make-cert.pl > certificate.crt -# Parts of this script courtesy of RedHat (mkcabundle.pl) -# This script modified for use with single file data (tempfile.cer) extracted -# from certdata.txt, taken from the latest version in the Mozilla NSS source. -# mozilla/security/nss/lib/ckfw/builtins/certdata.txt -# Authors: DJ Lucas -# Bruce Dubbs -# Version 20120211 -my $certdata = './tempfile.cer'; -open( IN, "cat $certdata|" ) - || die "could not open $certdata"; -my $incert = 0; -while ( ) -{ - if ( /^CKA_VALUE MULTILINE_OCTAL/ ) - { - $incert = 1; - open( OUT, "|openssl x509 -text -inform DER -fingerprint" ) - || die "could not pipe to openssl x509"; - } - elsif ( /^END/ && $incert ) - { - close( OUT ); - $incert = 0; - print "\n\n"; - } - elsif ($incert) - { - my @bs = split( /\\/ ); - foreach my $b (@bs) - { - chomp $b; - printf( OUT "%c", oct($b) ) unless $b eq ''; - } - } -} -EOF -# -# make-ca.sh -# -cat > %{_builddir}%{_bindir}/make-ca.sh << "EOF" -#!/bin/bash -# Begin make-ca.sh -# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs -# The file certdata.txt must exist in the local directory -# Version number is obtained from the version of the data. -# Authors: DJ Lucas -# Bruce Dubbs -# Version 20120211 -certdata="certdata.txt" -if [ ! -r $certdata ]; then - echo "$certdata must be in the local directory" - exit 1 -fi -REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$') -if [ -z "${REVISION}" ]; then - echo "$certfile has no 'Revision' in CVS_ID" - exit 1 -fi -VERSION=$(echo $REVISION | cut -f2 -d" ") -TEMPDIR=$(mktemp -d) -TRUSTATTRIBUTES="CKA_TRUST_SERVER_AUTH" -BUNDLE="BLFS-ca-bundle-${VERSION}.crt" -CONVERTSCRIPT="%{_builddir}%{_bindir}/make-cert.pl" -SSLDIR="%{_sysconfdir}/ssl" -mkdir "${TEMPDIR}/certs" -# Get a list of staring lines for each cert -CERTBEGINLIST=$(grep -n "^# Certificate" "${certdata}" | cut -d":" -f1) -# Get a list of ending lines for each cert -CERTENDLIST=$(grep -n "^CKA_TRUST_STEP_UP_APPROVED" "${certdata}" | cut -d ":" -f 1) -# Start a loop -for certbegin in ${CERTBEGINLIST}; do - for certend in ${CERTENDLIST}; do - if test "${certend}" -gt "${certbegin}"; then - break - fi - done - # Dump to a temp file with the name of the file as the beginning line number - sed -n "${certbegin},${certend}p" "${certdata}" > "${TEMPDIR}/certs/${certbegin}.tmp" -done -unset CERTBEGINLIST CERTDATA CERTENDLIST certebegin certend -mkdir -p certs -rm certs/* # Make sure the directory is clean -for tempfile in ${TEMPDIR}/certs/*.tmp; do - # Make sure that the cert is trusted... - grep "CKA_TRUST_SERVER_AUTH" "${tempfile}" | \ - egrep "TRUST_UNKNOWN|NOT_TRUSTED" > /dev/null - if test "${?}" = "0"; then - # Throw a meaningful error and remove the file - cp "${tempfile}" tempfile.cer - perl ${CONVERTSCRIPT} > tempfile.crt - keyhash=$(openssl x509 -noout -in tempfile.crt -hash) - echo "Certificate ${keyhash} is not trusted! Removing..." - rm -f tempfile.cer tempfile.crt "${tempfile}" - continue - fi - # If execution made it to here in the loop, the temp cert is trusted - # Find the cert data and generate a cert file for it - cp "${tempfile}" tempfile.cer - perl ${CONVERTSCRIPT} > tempfile.crt - keyhash=$(openssl x509 -noout -in tempfile.crt -hash) - mv tempfile.crt "certs/${keyhash}.pem" - rm -f tempfile.cer "${tempfile}" - echo "Created ${keyhash}.pem" -done -# Remove denylisted files -# MD5 Collision Proof of Concept CA -if test -f certs/8f111d69.pem; then - echo "Certificate 8f111d69 is not trusted! Removing..." - rm -f certs/8f111d69.pem -fi -# Finally, generate the bundle and clean up. -cat certs/*.pem > ${BUNDLE} -rm -r "${TEMPDIR}" -EOF -# -# remove-expired-certs.sh\ -# -cat > %{_builddir}%{_bindir}/remove-expired-certs.sh << "EOF" -#!/bin/bash -# Begin /bin/remove-expired-certs.sh -# Version 20120211 -# Make sure the date is parsed correctly on all systems -function mydate() -{ - local y=$( echo $1 | cut -d" " -f4 ) - local M=$( echo $1 | cut -d" " -f1 ) - local d=$( echo $1 | cut -d" " -f2 ) - local m - if [ ${d} -lt 10 ]; then d="0${d}"; fi - case $M in - Jan) m="01";; - Feb) m="02";; - Mar) m="03";; - Apr) m="04";; - May) m="05";; - Jun) m="06";; - Jul) m="07";; - Aug) m="08";; - Sep) m="09";; - Oct) m="10";; - Nov) m="11";; - Dec) m="12";; - esac - certdate="${y}${m}${d}" -} -OPENSSL=%{_bindir}/openssl -DIR=certs -if [ $# -gt 0 ]; then - DIR="$1" -fi -certs=$( find ${DIR} -type f -name "*.pem" -o -name "*.crt" ) -today=$( date +%Y%m%d ) -for cert in $certs; do - notafter=$( $OPENSSL x509 -enddate -in "${cert}" -noout ) - date=$( echo ${notafter} | sed 's/^notAfter=//' ) - mydate "$date" - if [ ${certdate} -lt ${today} ]; then - echo "${cert} expired on ${certdate}! Removing..." - rm -f "${cert}" - fi -done -EOF - -chmod +x %{_builddir}%{_bindir}/* - -printf "making certs\n" -%{_builddir}%{_bindir}/make-ca.sh -printf "Removing expired certs\n" -%{_builddir}%{_bindir}/remove-expired-certs.sh -printf "Build portion completed\n" - -sed -i 's|CONVERTSCRIPT="%{_builddir}%{_bindir}/make-cert.pl"|CONVERTSCRIPT="%{_bindir}/make-cert.pl"|' %{_builddir}%{_bindir}/make-ca.sh -sed -i 's|DIR=certs|DIR=%{_sysconfdir}/ssl/certs|' %{_builddir}%{_bindir}/remove-expired-certs.sh - -%install -SSLDIR=%{_sysconfdir}/ssl -install -d %{buildroot}${SSLDIR}/certs -install -d %{buildroot}%{_sysconfdir}/pki/tls/certs -cp -v certs/*.pem %{buildroot}${SSLDIR}/certs -install BLFS-ca-bundle*.crt %{buildroot}%{_sysconfdir}/pki/tls/certs/ca-bundle.crt -#ln -sfv ../$(readlink %{buildroot}/${SSLDIR}/ca-bundle.crt) %{buildroot}/${SSLDIR}/certs/ca-certificates.crt -unset SSLDIR - -install -Dm644 %{_builddir}%{_bindir}/make-ca.sh %{buildroot}%{_bindir}/make-ca.sh -install -Dm644 %{_builddir}%{_bindir}/make-cert.pl %{buildroot}%{_bindir}/make-cert.pl -install -Dm644 %{_builddir}%{_bindir}/remove-expired-certs.sh %{buildroot}%{_bindir}/remove-expired-certs.sh -%{_fixperms} %{buildroot}/* - -%posttrans -cd %{_sysconfdir}/ssl/certs -for file in *.pem; do - ln -sf $file $(openssl x509 -hash -noout -in $file).0 -done -exit 0 - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root) -%{_sysconfdir}/ssl/certs/* -%{_bindir}/make-ca.sh -%{_bindir}/remove-expired-certs.sh -%{_bindir}/make-cert.pl - -%files pki -%defattr(-,root,root) -%{_sysconfdir}/pki/tls/certs/ca-bundle.crt - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 20230315-2 -- Bump version as a part of openssl upgrade -* Thu Mar 16 2023 Gerrit Photon 20230315-1 -- Automatic Version Bump -* Wed Mar 08 2023 Shreenidhi Shedi 20220706-2 -- Require openssl-libs -* Mon Jul 11 2022 Gerrit Photon 20220706-1 -- Automatic Version Bump -* Wed Feb 23 2022 Shreenidhi Shedi 20210429-2 -- Fix binary path -* Mon May 03 2021 Gerrit Photon 20210429-1 -- Automatic Version Bump -* Fri Apr 23 2021 Gerrit Photon 20210422-1 -- Automatic Version Bump -* Mon Apr 12 2021 Gerrit Photon 20210419-1 -- Automatic Version Bump -* Fri Oct 02 2020 Gerrit Photon 20201001-1 -- Automatic Version Bump -* Wed Sep 30 2020 Gerrit Photon 20200924-1 -- Automatic Version Bump -* Tue Sep 29 2020 Satya Naga Vasamsetty 20200922-2 -- openssl 1.1.1 -* Thu Sep 24 2020 Gerrit Photon 20200922-1 -- Automatic Version Bump -* Wed Sep 09 2020 Gerrit Photon 20200903-1 -- Automatic Version Bump -* Wed Aug 26 2020 Gerrit Photon 20200825-1 -- Automatic Version Bump -* Wed Jul 15 2020 Gerrit Photon 20200709-1 -- Automatic Version Bump -- Fix for OpenSSL CA certs not generated in latest tags move %post to %posttrans -* Thu Jul 09 2020 Gerrit Photon 20200708-1 -- Automatic Version Bump -* Wed May 22 2019 Gerrit Photon 20190521-1 -- Automatic Version Bump -* Tue Sep 25 2018 Ankit Jain 20180919-1 -- Updating mozilla certdata.txt to latest revision -* Wed May 3 2017 Bo Gan 20170406-3 -- Fixed dependency on coreutils -* Fri Apr 14 2017 Alexey Makhalov 20170406-2 -- Added -pki subpackage -* Fri Apr 07 2017 Anish Swaminathan 20170406-1 -- Updating mozilla certdata.txt to latest revision -* Tue May 24 2016 Priyesh Padmavilasom 20160109-5 -- GA - Bump release of all rpms -* Wed Feb 10 2016 Anish Swaminathan 20160109-4 -- Add Provides field -* Wed Feb 03 2016 Anish Swaminathan 20160109-3 -- Force create links for certificates -* Mon Feb 01 2016 Anish Swaminathan 20160109-2 -- Remove c_rehash dependency -* Wed Jan 13 2016 Divya Thaluru 20160109-1 -- Updating mozilla certdata.txt to latest revision -* Wed Oct 15 2014 Divya Thaluru 20130524-1 -- Initial build. First version diff --git a/SPECS/ca-certificates/certdata.txt b/SPECS/ca-certificates/certdata.txt deleted file mode 100644 index ae83e9bcc2..0000000000 --- a/SPECS/ca-certificates/certdata.txt +++ /dev/null @@ -1,22980 +0,0 @@ -#CVS_ID @# $ RCSfile: certdata.txt $ $Revision: 20200922 $ $Date: $ -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -# -# certdata.txt -# -# This file contains the object definitions for the certs and other -# information "built into" NSS. -# -# Object definitions: -# -# Certificates -# -# -- Attribute -- -- type -- -- value -- -# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -# CKA_TOKEN CK_BBOOL CK_TRUE -# CKA_PRIVATE CK_BBOOL CK_FALSE -# CKA_MODIFIABLE CK_BBOOL CK_FALSE -# CKA_LABEL UTF8 (varies) -# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -# CKA_SUBJECT DER+base64 (varies) -# CKA_ID byte array (varies) -# CKA_ISSUER DER+base64 (varies) -# CKA_SERIAL_NUMBER DER+base64 (varies) -# CKA_VALUE DER+base64 (varies) -# CKA_NSS_EMAIL ASCII7 (unused here) -# CKA_NSS_SERVER_DISTRUST_AFTER DER+base64 (varies) -# CKA_NSS_EMAIL_DISTRUST_AFTER DER+base64 (varies) -# -# Trust -# -# -- Attribute -- -- type -- -- value -- -# CKA_CLASS CK_OBJECT_CLASS CKO_TRUST -# CKA_TOKEN CK_BBOOL CK_TRUE -# CKA_PRIVATE CK_BBOOL CK_FALSE -# CKA_MODIFIABLE CK_BBOOL CK_FALSE -# CKA_LABEL UTF8 (varies) -# CKA_ISSUER DER+base64 (varies) -# CKA_SERIAL_NUMBER DER+base64 (varies) -# CKA_CERT_HASH binary+base64 (varies) -# CKA_EXPIRES CK_DATE (not used here) -# CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST (varies) -# CKA_TRUST_NON_REPUDIATION CK_TRUST (varies) -# CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST (varies) -# CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST (varies) -# CKA_TRUST_KEY_AGREEMENT CK_TRUST (varies) -# CKA_TRUST_KEY_CERT_SIGN CK_TRUST (varies) -# CKA_TRUST_CRL_SIGN CK_TRUST (varies) -# CKA_TRUST_SERVER_AUTH CK_TRUST (varies) -# CKA_TRUST_CLIENT_AUTH CK_TRUST (varies) -# CKA_TRUST_CODE_SIGNING CK_TRUST (varies) -# CKA_TRUST_EMAIL_PROTECTION CK_TRUST (varies) -# CKA_TRUST_IPSEC_END_SYSTEM CK_TRUST (varies) -# CKA_TRUST_IPSEC_TUNNEL CK_TRUST (varies) -# CKA_TRUST_IPSEC_USER CK_TRUST (varies) -# CKA_TRUST_TIME_STAMPING CK_TRUST (varies) -# CKA_TRUST_STEP_UP_APPROVED CK_BBOOL (varies) -# (other trust attributes can be defined) -# - -# -# The object to tell NSS that this is a root list and we don't -# have to go looking for others. -# -BEGINDATA -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_BUILTIN_ROOT_LIST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Mozilla Builtin Roots" - -# -# Certificate "GlobalSign Root CA" -# -# Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE -# Serial Number:04:00:00:00:00:01:15:4b:5a:c3:94 -# Subject: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE -# Not Valid Before: Tue Sep 01 12:00:00 1998 -# Not Valid After : Fri Jan 28 12:00:00 2028 -# Fingerprint (MD5): 3E:45:52:15:09:51:92:E1:B7:5D:37:9F:B1:87:29:8A -# Fingerprint (SHA1): B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GlobalSign Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\127\061\013\060\011\006\003\125\004\006\023\002\102\105\061 -\031\060\027\006\003\125\004\012\023\020\107\154\157\142\141\154 -\123\151\147\156\040\156\166\055\163\141\061\020\060\016\006\003 -\125\004\013\023\007\122\157\157\164\040\103\101\061\033\060\031 -\006\003\125\004\003\023\022\107\154\157\142\141\154\123\151\147 -\156\040\122\157\157\164\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\127\061\013\060\011\006\003\125\004\006\023\002\102\105\061 -\031\060\027\006\003\125\004\012\023\020\107\154\157\142\141\154 -\123\151\147\156\040\156\166\055\163\141\061\020\060\016\006\003 -\125\004\013\023\007\122\157\157\164\040\103\101\061\033\060\031 -\006\003\125\004\003\023\022\107\154\157\142\141\154\123\151\147 -\156\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\004\000\000\000\000\001\025\113\132\303\224 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\165\060\202\002\135\240\003\002\001\002\002\013\004 -\000\000\000\000\001\025\113\132\303\224\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\060\127\061\013\060\011\006 -\003\125\004\006\023\002\102\105\061\031\060\027\006\003\125\004 -\012\023\020\107\154\157\142\141\154\123\151\147\156\040\156\166 -\055\163\141\061\020\060\016\006\003\125\004\013\023\007\122\157 -\157\164\040\103\101\061\033\060\031\006\003\125\004\003\023\022 -\107\154\157\142\141\154\123\151\147\156\040\122\157\157\164\040 -\103\101\060\036\027\015\071\070\060\071\060\061\061\062\060\060 -\060\060\132\027\015\062\070\060\061\062\070\061\062\060\060\060 -\060\132\060\127\061\013\060\011\006\003\125\004\006\023\002\102 -\105\061\031\060\027\006\003\125\004\012\023\020\107\154\157\142 -\141\154\123\151\147\156\040\156\166\055\163\141\061\020\060\016 -\006\003\125\004\013\023\007\122\157\157\164\040\103\101\061\033 -\060\031\006\003\125\004\003\023\022\107\154\157\142\141\154\123 -\151\147\156\040\122\157\157\164\040\103\101\060\202\001\042\060 -\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202 -\001\017\000\060\202\001\012\002\202\001\001\000\332\016\346\231 -\215\316\243\343\117\212\176\373\361\213\203\045\153\352\110\037 -\361\052\260\271\225\021\004\275\360\143\321\342\147\146\317\034 -\335\317\033\110\053\356\215\211\216\232\257\051\200\145\253\351 -\307\055\022\313\253\034\114\160\007\241\075\012\060\315\025\215 -\117\370\335\324\214\120\025\034\357\120\356\304\056\367\374\351 -\122\362\221\175\340\155\325\065\060\216\136\103\163\362\101\351 -\325\152\343\262\211\072\126\071\070\157\006\074\210\151\133\052 -\115\305\247\124\270\154\211\314\233\371\074\312\345\375\211\365 -\022\074\222\170\226\326\334\164\156\223\104\141\321\215\307\106 -\262\165\016\206\350\031\212\325\155\154\325\170\026\225\242\351 -\310\012\070\353\362\044\023\117\163\124\223\023\205\072\033\274 -\036\064\265\213\005\214\271\167\213\261\333\037\040\221\253\011 -\123\156\220\316\173\067\164\271\160\107\221\042\121\143\026\171 -\256\261\256\101\046\010\310\031\053\321\106\252\110\326\144\052 -\327\203\064\377\054\052\301\154\031\103\112\007\205\347\323\174 -\366\041\150\357\352\362\122\237\177\223\220\317\002\003\001\000 -\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377\004 -\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004 -\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004 -\024\140\173\146\032\105\015\227\312\211\120\057\175\004\315\064 -\250\377\374\375\113\060\015\006\011\052\206\110\206\367\015\001 -\001\005\005\000\003\202\001\001\000\326\163\347\174\117\166\320 -\215\277\354\272\242\276\064\305\050\062\265\174\374\154\234\054 -\053\275\011\236\123\277\153\136\252\021\110\266\345\010\243\263 -\312\075\141\115\323\106\011\263\076\303\240\343\143\125\033\362 -\272\357\255\071\341\103\271\070\243\346\057\212\046\073\357\240 -\120\126\371\306\012\375\070\315\304\013\160\121\224\227\230\004 -\337\303\137\224\325\025\311\024\101\234\304\135\165\144\025\015 -\377\125\060\354\206\217\377\015\357\054\271\143\106\366\252\374 -\337\274\151\375\056\022\110\144\232\340\225\360\246\357\051\217 -\001\261\025\265\014\035\245\376\151\054\151\044\170\036\263\247 -\034\161\142\356\312\310\227\254\027\135\212\302\370\107\206\156 -\052\304\126\061\225\320\147\211\205\053\371\154\246\135\106\235 -\014\252\202\344\231\121\335\160\267\333\126\075\141\344\152\341 -\134\326\366\376\075\336\101\314\007\256\143\122\277\123\123\364 -\053\351\307\375\266\367\202\137\205\322\101\030\333\201\263\004 -\034\305\037\244\200\157\025\040\311\336\014\210\012\035\326\146 -\125\342\374\110\311\051\046\151\340 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "GlobalSign Root CA" -# Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE -# Serial Number:04:00:00:00:00:01:15:4b:5a:c3:94 -# Subject: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE -# Not Valid Before: Tue Sep 01 12:00:00 1998 -# Not Valid After : Fri Jan 28 12:00:00 2028 -# Fingerprint (MD5): 3E:45:52:15:09:51:92:E1:B7:5D:37:9F:B1:87:29:8A -# Fingerprint (SHA1): B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GlobalSign Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\261\274\226\213\324\364\235\142\052\250\232\201\362\025\001\122 -\244\035\202\234 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\076\105\122\025\011\121\222\341\267\135\067\237\261\207\051\212 -END -CKA_ISSUER MULTILINE_OCTAL -\060\127\061\013\060\011\006\003\125\004\006\023\002\102\105\061 -\031\060\027\006\003\125\004\012\023\020\107\154\157\142\141\154 -\123\151\147\156\040\156\166\055\163\141\061\020\060\016\006\003 -\125\004\013\023\007\122\157\157\164\040\103\101\061\033\060\031 -\006\003\125\004\003\023\022\107\154\157\142\141\154\123\151\147 -\156\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\004\000\000\000\000\001\025\113\132\303\224 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "GlobalSign Root CA - R2" -# -# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2 -# Serial Number:04:00:00:00:00:01:0f:86:26:e6:0d -# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2 -# Not Valid Before: Fri Dec 15 08:00:00 2006 -# Not Valid After : Wed Dec 15 08:00:00 2021 -# Fingerprint (MD5): 94:14:77:7E:3E:5E:FD:8F:30:BD:41:B0:CF:E7:D0:30 -# Fingerprint (SHA1): 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GlobalSign Root CA - R2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 -\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 -\055\040\122\062\061\023\060\021\006\003\125\004\012\023\012\107 -\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 -\004\003\023\012\107\154\157\142\141\154\123\151\147\156 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 -\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 -\055\040\122\062\061\023\060\021\006\003\125\004\012\023\012\107 -\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 -\004\003\023\012\107\154\157\142\141\154\123\151\147\156 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\004\000\000\000\000\001\017\206\046\346\015 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\272\060\202\002\242\240\003\002\001\002\002\013\004 -\000\000\000\000\001\017\206\046\346\015\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\060\114\061\040\060\036\006 -\003\125\004\013\023\027\107\154\157\142\141\154\123\151\147\156 -\040\122\157\157\164\040\103\101\040\055\040\122\062\061\023\060 -\021\006\003\125\004\012\023\012\107\154\157\142\141\154\123\151 -\147\156\061\023\060\021\006\003\125\004\003\023\012\107\154\157 -\142\141\154\123\151\147\156\060\036\027\015\060\066\061\062\061 -\065\060\070\060\060\060\060\132\027\015\062\061\061\062\061\065 -\060\070\060\060\060\060\132\060\114\061\040\060\036\006\003\125 -\004\013\023\027\107\154\157\142\141\154\123\151\147\156\040\122 -\157\157\164\040\103\101\040\055\040\122\062\061\023\060\021\006 -\003\125\004\012\023\012\107\154\157\142\141\154\123\151\147\156 -\061\023\060\021\006\003\125\004\003\023\012\107\154\157\142\141 -\154\123\151\147\156\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\246\317\044\016\276\056\157\050\231\105 -\102\304\253\076\041\124\233\013\323\177\204\160\372\022\263\313 -\277\207\137\306\177\206\323\262\060\134\326\375\255\361\173\334 -\345\370\140\226\011\222\020\365\320\123\336\373\173\176\163\210 -\254\122\210\173\112\246\312\111\246\136\250\247\214\132\021\274 -\172\202\353\276\214\351\263\254\226\045\007\227\112\231\052\007 -\057\264\036\167\277\212\017\265\002\174\033\226\270\305\271\072 -\054\274\326\022\271\353\131\175\342\320\006\206\137\136\111\152 -\265\071\136\210\064\354\274\170\014\010\230\204\154\250\315\113 -\264\240\175\014\171\115\360\270\055\313\041\312\325\154\133\175 -\341\240\051\204\241\371\323\224\111\313\044\142\221\040\274\335 -\013\325\331\314\371\352\047\012\053\163\221\306\235\033\254\310 -\313\350\340\240\364\057\220\213\115\373\260\066\033\366\031\172 -\205\340\155\362\141\023\210\134\237\340\223\012\121\227\212\132 -\316\257\253\325\367\252\011\252\140\275\334\331\137\337\162\251 -\140\023\136\000\001\311\112\372\077\244\352\007\003\041\002\216 -\202\312\003\302\233\217\002\003\001\000\001\243\201\234\060\201 -\231\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 -\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 -\001\377\060\035\006\003\125\035\016\004\026\004\024\233\342\007 -\127\147\034\036\300\152\006\336\131\264\232\055\337\334\031\206 -\056\060\066\006\003\125\035\037\004\057\060\055\060\053\240\051 -\240\047\206\045\150\164\164\160\072\057\057\143\162\154\056\147 -\154\157\142\141\154\163\151\147\156\056\156\145\164\057\162\157 -\157\164\055\162\062\056\143\162\154\060\037\006\003\125\035\043 -\004\030\060\026\200\024\233\342\007\127\147\034\036\300\152\006 -\336\131\264\232\055\337\334\031\206\056\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\003\202\001\001\000\231\201 -\123\207\034\150\227\206\221\354\340\112\270\104\013\253\201\254 -\047\117\326\301\270\034\103\170\263\014\232\374\352\054\074\156 -\141\033\115\113\051\365\237\005\035\046\301\270\351\203\000\142 -\105\266\251\010\223\271\251\063\113\030\232\302\370\207\210\116 -\333\335\161\064\032\301\124\332\106\077\340\323\052\253\155\124 -\042\365\072\142\315\040\157\272\051\211\327\335\221\356\323\134 -\242\076\241\133\101\365\337\345\144\103\055\351\325\071\253\322 -\242\337\267\213\320\300\200\031\034\105\300\055\214\350\370\055 -\244\164\126\111\305\005\265\117\025\336\156\104\170\071\207\250 -\176\273\363\171\030\221\273\364\157\235\301\360\214\065\214\135 -\001\373\303\155\271\357\104\155\171\106\061\176\012\376\251\202 -\301\377\357\253\156\040\304\120\311\137\235\115\233\027\214\014 -\345\001\311\240\101\152\163\123\372\245\120\264\156\045\017\373 -\114\030\364\375\122\331\216\151\261\350\021\017\336\210\330\373 -\035\111\367\252\336\225\317\040\170\302\140\022\333\045\100\214 -\152\374\176\102\070\100\144\022\367\236\201\341\223\056 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "GlobalSign Root CA - R2" -# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2 -# Serial Number:04:00:00:00:00:01:0f:86:26:e6:0d -# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2 -# Not Valid Before: Fri Dec 15 08:00:00 2006 -# Not Valid After : Wed Dec 15 08:00:00 2021 -# Fingerprint (MD5): 94:14:77:7E:3E:5E:FD:8F:30:BD:41:B0:CF:E7:D0:30 -# Fingerprint (SHA1): 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GlobalSign Root CA - R2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\165\340\253\266\023\205\022\047\034\004\370\137\335\336\070\344 -\267\044\056\376 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\224\024\167\176\076\136\375\217\060\275\101\260\317\347\320\060 -END -CKA_ISSUER MULTILINE_OCTAL -\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 -\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 -\055\040\122\062\061\023\060\021\006\003\125\004\012\023\012\107 -\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 -\004\003\023\012\107\154\157\142\141\154\123\151\147\156 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\004\000\000\000\000\001\017\206\046\346\015 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Verisign Class 1 Public Primary Certification Authority - G3" -# -# Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:00:8b:5b:75:56:84:54:85:0b:00:cf:af:38:48:ce:b1:a4 -# Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Fri Oct 01 00:00:00 1999 -# Not Valid After : Wed Jul 16 23:59:59 2036 -# Fingerprint (MD5): B1:47:BC:18:57:D1:18:A0:78:2D:EC:71:E8:2A:95:73 -# Fingerprint (SHA1): 20:42:85:DC:F7:EB:76:41:95:57:8E:13:6B:D4:B7:D1:E9:8E:46:A5 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 1 Public Primary Certification Authority - G3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\061\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\061\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\213\133\165\126\204\124\205\013\000\317\257\070\110 -\316\261\244 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\032\060\202\003\002\002\021\000\213\133\165\126\204 -\124\205\013\000\317\257\070\110\316\261\244\060\015\006\011\052 -\206\110\206\367\015\001\001\005\005\000\060\201\312\061\013\060 -\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003 -\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111 -\156\143\056\061\037\060\035\006\003\125\004\013\023\026\126\145 -\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164 -\167\157\162\153\061\072\060\070\006\003\125\004\013\023\061\050 -\143\051\040\061\071\071\071\040\126\145\162\151\123\151\147\156 -\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165\164 -\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154\171 -\061\105\060\103\006\003\125\004\003\023\074\126\145\162\151\123 -\151\147\156\040\103\154\141\163\163\040\061\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\063\060\036\027\015\071\071\061\060\060 -\061\060\060\060\060\060\060\132\027\015\063\066\060\067\061\066 -\062\063\065\071\065\071\132\060\201\312\061\013\060\011\006\003 -\125\004\006\023\002\125\123\061\027\060\025\006\003\125\004\012 -\023\016\126\145\162\151\123\151\147\156\054\040\111\156\143\056 -\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151\123 -\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157\162 -\153\061\072\060\070\006\003\125\004\013\023\061\050\143\051\040 -\061\071\071\071\040\126\145\162\151\123\151\147\156\054\040\111 -\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162 -\151\172\145\144\040\165\163\145\040\157\156\154\171\061\105\060 -\103\006\003\125\004\003\023\074\126\145\162\151\123\151\147\156 -\040\103\154\141\163\163\040\061\040\120\165\142\154\151\143\040 -\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143 -\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040 -\055\040\107\063\060\202\001\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012 -\002\202\001\001\000\335\204\324\271\264\371\247\330\363\004\170 -\234\336\075\334\154\023\026\331\172\335\044\121\146\300\307\046 -\131\015\254\006\010\302\224\321\063\037\360\203\065\037\156\033 -\310\336\252\156\025\116\124\047\357\304\155\032\354\013\343\016 -\360\104\245\127\307\100\130\036\243\107\037\161\354\140\366\155 -\224\310\030\071\355\376\102\030\126\337\344\114\111\020\170\116 -\001\166\065\143\022\066\335\146\274\001\004\066\243\125\150\325 -\242\066\011\254\253\041\046\124\006\255\077\312\024\340\254\312 -\255\006\035\225\342\370\235\361\340\140\377\302\177\165\053\114 -\314\332\376\207\231\041\352\272\376\076\124\327\322\131\170\333 -\074\156\317\240\023\000\032\270\047\241\344\276\147\226\312\240 -\305\263\234\335\311\165\236\353\060\232\137\243\315\331\256\170 -\031\077\043\351\134\333\051\275\255\125\310\033\124\214\143\366 -\350\246\352\307\067\022\134\243\051\036\002\331\333\037\073\264 -\327\017\126\107\201\025\004\112\257\203\047\321\305\130\210\301 -\335\366\252\247\243\030\332\150\252\155\021\121\341\277\145\153 -\237\226\166\321\075\002\003\001\000\001\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\003\202\001\001\000\253\146 -\215\327\263\272\307\232\266\346\125\320\005\361\237\061\215\132 -\252\331\252\106\046\017\161\355\245\255\123\126\142\001\107\052 -\104\351\376\077\164\013\023\233\271\364\115\033\262\321\137\262 -\266\322\210\134\263\237\315\313\324\247\331\140\225\204\072\370 -\301\067\035\141\312\347\260\305\345\221\332\124\246\254\061\201 -\256\227\336\315\010\254\270\300\227\200\177\156\162\244\347\151 -\023\225\145\037\304\223\074\375\171\217\004\324\076\117\352\367 -\236\316\315\147\174\117\145\002\377\221\205\124\163\307\377\066 -\367\206\055\354\320\136\117\377\021\237\162\006\326\270\032\361 -\114\015\046\145\342\104\200\036\307\237\343\335\350\012\332\354 -\245\040\200\151\150\241\117\176\341\153\317\007\101\372\203\216 -\274\070\335\260\056\021\261\153\262\102\314\232\274\371\110\042 -\171\112\031\017\262\034\076\040\164\331\152\303\276\362\050\170 -\023\126\171\117\155\120\352\033\260\265\127\261\067\146\130\043 -\363\334\017\337\012\207\304\357\206\005\325\070\024\140\231\243 -\113\336\006\226\161\054\362\333\266\037\244\357\077\356 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Verisign Class 1 Public Primary Certification Authority - G3" -# Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:00:8b:5b:75:56:84:54:85:0b:00:cf:af:38:48:ce:b1:a4 -# Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Fri Oct 01 00:00:00 1999 -# Not Valid After : Wed Jul 16 23:59:59 2036 -# Fingerprint (MD5): B1:47:BC:18:57:D1:18:A0:78:2D:EC:71:E8:2A:95:73 -# Fingerprint (SHA1): 20:42:85:DC:F7:EB:76:41:95:57:8E:13:6B:D4:B7:D1:E9:8E:46:A5 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 1 Public Primary Certification Authority - G3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\040\102\205\334\367\353\166\101\225\127\216\023\153\324\267\321 -\351\216\106\245 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\261\107\274\030\127\321\030\240\170\055\354\161\350\052\225\163 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\061\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\213\133\165\126\204\124\205\013\000\317\257\070\110 -\316\261\244 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Verisign Class 2 Public Primary Certification Authority - G3" -# -# Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:61:70:cb:49:8c:5f:98:45:29:e7:b0:a6:d9:50:5b:7a -# Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Fri Oct 01 00:00:00 1999 -# Not Valid After : Wed Jul 16 23:59:59 2036 -# Fingerprint (MD5): F8:BE:C4:63:22:C9:A8:46:74:8B:B8:1D:1E:4A:2B:F6 -# Fingerprint (SHA1): 61:EF:43:D7:7F:CA:D4:61:51:BC:98:E0:C3:59:12:AF:9F:EB:63:11 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 2 Public Primary Certification Authority - G3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\062\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\062\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\141\160\313\111\214\137\230\105\051\347\260\246\331\120 -\133\172 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\031\060\202\003\001\002\020\141\160\313\111\214\137 -\230\105\051\347\260\246\331\120\133\172\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\060\201\312\061\013\060\011 -\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125 -\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156 -\143\056\061\037\060\035\006\003\125\004\013\023\026\126\145\162 -\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164\167 -\157\162\153\061\072\060\070\006\003\125\004\013\023\061\050\143 -\051\040\061\071\071\071\040\126\145\162\151\123\151\147\156\054 -\040\111\156\143\056\040\055\040\106\157\162\040\141\165\164\150 -\157\162\151\172\145\144\040\165\163\145\040\157\156\154\171\061 -\105\060\103\006\003\125\004\003\023\074\126\145\162\151\123\151 -\147\156\040\103\154\141\163\163\040\062\040\120\165\142\154\151 -\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171\040\055\040\107\063\060\036\027\015\071\071\061\060\060\061 -\060\060\060\060\060\060\132\027\015\063\066\060\067\061\066\062 -\063\065\071\065\071\132\060\201\312\061\013\060\011\006\003\125 -\004\006\023\002\125\123\061\027\060\025\006\003\125\004\012\023 -\016\126\145\162\151\123\151\147\156\054\040\111\156\143\056\061 -\037\060\035\006\003\125\004\013\023\026\126\145\162\151\123\151 -\147\156\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\072\060\070\006\003\125\004\013\023\061\050\143\051\040\061 -\071\071\071\040\126\145\162\151\123\151\147\156\054\040\111\156 -\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151 -\172\145\144\040\165\163\145\040\157\156\154\171\061\105\060\103 -\006\003\125\004\003\023\074\126\145\162\151\123\151\147\156\040 -\103\154\141\163\163\040\062\040\120\165\142\154\151\143\040\120 -\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055 -\040\107\063\060\202\001\042\060\015\006\011\052\206\110\206\367 -\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002 -\202\001\001\000\257\012\015\302\325\054\333\147\271\055\345\224 -\047\335\245\276\340\260\115\217\263\141\126\074\326\174\303\364 -\315\076\206\313\242\210\342\341\330\244\151\305\265\342\277\301 -\246\107\120\136\106\071\213\325\226\272\265\157\024\277\020\316 -\047\023\236\005\107\233\061\172\023\330\037\331\323\002\067\213 -\255\054\107\360\216\201\006\247\015\060\014\353\367\074\017\040 -\035\334\162\106\356\245\002\310\133\303\311\126\151\114\305\030 -\301\221\173\013\325\023\000\233\274\357\303\110\076\106\140\040 -\205\052\325\220\266\315\213\240\314\062\335\267\375\100\125\262 -\120\034\126\256\314\215\167\115\307\040\115\247\061\166\357\150 -\222\212\220\036\010\201\126\262\255\151\243\122\320\313\034\304 -\043\075\037\231\376\114\350\026\143\216\306\010\216\366\061\366 -\322\372\345\166\335\265\034\222\243\111\315\315\001\315\150\315 -\251\151\272\243\353\035\015\234\244\040\246\301\240\305\321\106 -\114\027\155\322\254\146\077\226\214\340\204\324\066\377\042\131 -\305\371\021\140\250\137\004\175\362\032\366\045\102\141\017\304 -\112\270\076\211\002\003\001\000\001\060\015\006\011\052\206\110 -\206\367\015\001\001\005\005\000\003\202\001\001\000\064\046\025 -\074\300\215\115\103\111\035\275\351\041\222\327\146\234\267\336 -\305\270\320\344\135\137\166\042\300\046\371\204\072\072\371\214 -\265\373\354\140\361\350\316\004\260\310\335\247\003\217\060\363 -\230\337\244\346\244\061\337\323\034\013\106\334\162\040\077\256 -\356\005\074\244\063\077\013\071\254\160\170\163\113\231\053\337 -\060\302\124\260\250\073\125\241\376\026\050\315\102\275\164\156 -\200\333\047\104\247\316\104\135\324\033\220\230\015\036\102\224 -\261\000\054\004\320\164\243\002\005\042\143\143\315\203\265\373 -\301\155\142\153\151\165\375\135\160\101\271\365\277\174\337\276 -\301\062\163\042\041\213\130\201\173\025\221\172\272\343\144\110 -\260\177\373\066\045\332\225\320\361\044\024\027\335\030\200\153 -\106\043\071\124\365\216\142\011\004\035\224\220\246\233\346\045 -\342\102\105\252\270\220\255\276\010\217\251\013\102\030\224\317 -\162\071\341\261\103\340\050\317\267\347\132\154\023\153\111\263 -\377\343\030\174\211\213\063\135\254\063\327\247\371\332\072\125 -\311\130\020\371\252\357\132\266\317\113\113\337\052 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Verisign Class 2 Public Primary Certification Authority - G3" -# Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:61:70:cb:49:8c:5f:98:45:29:e7:b0:a6:d9:50:5b:7a -# Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Fri Oct 01 00:00:00 1999 -# Not Valid After : Wed Jul 16 23:59:59 2036 -# Fingerprint (MD5): F8:BE:C4:63:22:C9:A8:46:74:8B:B8:1D:1E:4A:2B:F6 -# Fingerprint (SHA1): 61:EF:43:D7:7F:CA:D4:61:51:BC:98:E0:C3:59:12:AF:9F:EB:63:11 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Verisign Class 2 Public Primary Certification Authority - G3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\141\357\103\327\177\312\324\141\121\274\230\340\303\131\022\257 -\237\353\143\021 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\370\276\304\143\042\311\250\106\164\213\270\035\036\112\053\366 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\062\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\141\160\313\111\214\137\230\105\051\347\260\246\331\120 -\133\172 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Entrust.net Premium 2048 Secure Server CA" -# -# Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net -# Serial Number: 946069240 (0x3863def8) -# Subject: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net -# Not Valid Before: Fri Dec 24 17:50:51 1999 -# Not Valid After : Tue Jul 24 14:15:12 2029 -# Fingerprint (MD5): EE:29:31:BC:32:7E:9A:E6:E8:B5:F7:51:B4:34:71:90 -# Fingerprint (SHA1): 50:30:06:09:1D:97:D4:F5:AE:39:F7:CB:E7:92:7D:7D:65:2D:34:31 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Entrust.net Premium 2048 Secure Server CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156 -\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125 -\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056 -\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143 -\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151 -\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006 -\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105 -\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164 -\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164 -\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\040\050\062\060\064\070\051 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156 -\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125 -\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056 -\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143 -\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151 -\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006 -\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105 -\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164 -\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164 -\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\040\050\062\060\064\070\051 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\070\143\336\370 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\052\060\202\003\022\240\003\002\001\002\002\004\070 -\143\336\370\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\060\201\264\061\024\060\022\006\003\125\004\012\023\013 -\105\156\164\162\165\163\164\056\156\145\164\061\100\060\076\006 -\003\125\004\013\024\067\167\167\167\056\145\156\164\162\165\163 -\164\056\156\145\164\057\103\120\123\137\062\060\064\070\040\151 -\156\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050 -\154\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060 -\043\006\003\125\004\013\023\034\050\143\051\040\061\071\071\071 -\040\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155 -\151\164\145\144\061\063\060\061\006\003\125\004\003\023\052\105 -\156\164\162\165\163\164\056\156\145\164\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\050\062\060\064\070\051\060\036\027\015\071\071\061 -\062\062\064\061\067\065\060\065\061\132\027\015\062\071\060\067 -\062\064\061\064\061\065\061\062\132\060\201\264\061\024\060\022 -\006\003\125\004\012\023\013\105\156\164\162\165\163\164\056\156 -\145\164\061\100\060\076\006\003\125\004\013\024\067\167\167\167 -\056\145\156\164\162\165\163\164\056\156\145\164\057\103\120\123 -\137\062\060\064\070\040\151\156\143\157\162\160\056\040\142\171 -\040\162\145\146\056\040\050\154\151\155\151\164\163\040\154\151 -\141\142\056\051\061\045\060\043\006\003\125\004\013\023\034\050 -\143\051\040\061\071\071\071\040\105\156\164\162\165\163\164\056 -\156\145\164\040\114\151\155\151\164\145\144\061\063\060\061\006 -\003\125\004\003\023\052\105\156\164\162\165\163\164\056\156\145 -\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040 -\101\165\164\150\157\162\151\164\171\040\050\062\060\064\070\051 -\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001 -\000\255\115\113\251\022\206\262\352\243\040\007\025\026\144\052 -\053\113\321\277\013\112\115\216\355\200\166\245\147\267\170\100 -\300\163\102\310\150\300\333\123\053\335\136\270\166\230\065\223 -\213\032\235\174\023\072\016\037\133\267\036\317\345\044\024\036 -\261\201\251\215\175\270\314\153\113\003\361\002\014\334\253\245 -\100\044\000\177\164\224\241\235\010\051\263\210\013\365\207\167 -\235\125\315\344\303\176\327\152\144\253\205\024\206\225\133\227 -\062\120\157\075\310\272\146\014\343\374\275\270\111\301\166\211 -\111\031\375\300\250\275\211\243\147\057\306\237\274\161\031\140 -\270\055\351\054\311\220\166\146\173\224\342\257\170\326\145\123 -\135\074\326\234\262\317\051\003\371\057\244\120\262\324\110\316 -\005\062\125\212\375\262\144\114\016\344\230\007\165\333\177\337 -\271\010\125\140\205\060\051\371\173\110\244\151\206\343\065\077 -\036\206\135\172\172\025\275\357\000\216\025\042\124\027\000\220 -\046\223\274\016\111\150\221\277\370\107\323\235\225\102\301\016 -\115\337\157\046\317\303\030\041\142\146\103\160\326\325\300\007 -\341\002\003\001\000\001\243\102\060\100\060\016\006\003\125\035 -\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125 -\035\016\004\026\004\024\125\344\201\321\021\200\276\330\211\271 -\010\243\061\371\241\044\011\026\271\160\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\003\202\001\001\000\073\233 -\217\126\233\060\347\123\231\174\172\171\247\115\227\327\031\225 -\220\373\006\037\312\063\174\106\143\217\226\146\044\372\100\033 -\041\047\312\346\162\163\362\117\376\061\231\375\310\014\114\150 -\123\306\200\202\023\230\372\266\255\332\135\075\361\316\156\366 -\025\021\224\202\014\356\077\225\257\021\253\017\327\057\336\037 -\003\217\127\054\036\311\273\232\032\104\225\353\030\117\246\037 -\315\175\127\020\057\233\004\011\132\204\265\156\330\035\072\341 -\326\236\321\154\171\136\171\034\024\305\343\320\114\223\073\145 -\074\355\337\075\276\246\345\225\032\303\265\031\303\275\136\133 -\273\377\043\357\150\031\313\022\223\047\134\003\055\157\060\320 -\036\266\032\254\336\132\367\321\252\250\047\246\376\171\201\304 -\171\231\063\127\272\022\260\251\340\102\154\223\312\126\336\376 -\155\204\013\010\213\176\215\352\327\230\041\306\363\347\074\171 -\057\136\234\321\114\025\215\341\354\042\067\314\232\103\013\227 -\334\200\220\215\263\147\233\157\110\010\025\126\317\277\361\053 -\174\136\232\166\351\131\220\305\174\203\065\021\145\121 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Entrust.net Premium 2048 Secure Server CA" -# Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net -# Serial Number: 946069240 (0x3863def8) -# Subject: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net -# Not Valid Before: Fri Dec 24 17:50:51 1999 -# Not Valid After : Tue Jul 24 14:15:12 2029 -# Fingerprint (MD5): EE:29:31:BC:32:7E:9A:E6:E8:B5:F7:51:B4:34:71:90 -# Fingerprint (SHA1): 50:30:06:09:1D:97:D4:F5:AE:39:F7:CB:E7:92:7D:7D:65:2D:34:31 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Entrust.net Premium 2048 Secure Server CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\120\060\006\011\035\227\324\365\256\071\367\313\347\222\175\175 -\145\055\064\061 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\356\051\061\274\062\176\232\346\350\265\367\121\264\064\161\220 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156 -\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125 -\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056 -\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143 -\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151 -\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006 -\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105 -\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164 -\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164 -\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\040\050\062\060\064\070\051 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\070\143\336\370 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Baltimore CyberTrust Root" -# -# Issuer: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE -# Serial Number: 33554617 (0x20000b9) -# Subject: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE -# Not Valid Before: Fri May 12 18:46:00 2000 -# Not Valid After : Mon May 12 23:59:00 2025 -# Fingerprint (MD5): AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4 -# Fingerprint (SHA1): D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Baltimore CyberTrust Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\111\105\061 -\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155 -\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171 -\142\145\162\124\162\165\163\164\061\042\060\040\006\003\125\004 -\003\023\031\102\141\154\164\151\155\157\162\145\040\103\171\142 -\145\162\124\162\165\163\164\040\122\157\157\164 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\111\105\061 -\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155 -\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171 -\142\145\162\124\162\165\163\164\061\042\060\040\006\003\125\004 -\003\023\031\102\141\154\164\151\155\157\162\145\040\103\171\142 -\145\162\124\162\165\163\164\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\002\000\000\271 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\167\060\202\002\137\240\003\002\001\002\002\004\002 -\000\000\271\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\060\132\061\013\060\011\006\003\125\004\006\023\002\111 -\105\061\022\060\020\006\003\125\004\012\023\011\102\141\154\164 -\151\155\157\162\145\061\023\060\021\006\003\125\004\013\023\012 -\103\171\142\145\162\124\162\165\163\164\061\042\060\040\006\003 -\125\004\003\023\031\102\141\154\164\151\155\157\162\145\040\103 -\171\142\145\162\124\162\165\163\164\040\122\157\157\164\060\036 -\027\015\060\060\060\065\061\062\061\070\064\066\060\060\132\027 -\015\062\065\060\065\061\062\062\063\065\071\060\060\132\060\132 -\061\013\060\011\006\003\125\004\006\023\002\111\105\061\022\060 -\020\006\003\125\004\012\023\011\102\141\154\164\151\155\157\162 -\145\061\023\060\021\006\003\125\004\013\023\012\103\171\142\145 -\162\124\162\165\163\164\061\042\060\040\006\003\125\004\003\023 -\031\102\141\154\164\151\155\157\162\145\040\103\171\142\145\162 -\124\162\165\163\164\040\122\157\157\164\060\202\001\042\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001 -\017\000\060\202\001\012\002\202\001\001\000\243\004\273\042\253 -\230\075\127\350\046\162\232\265\171\324\051\342\341\350\225\200 -\261\260\343\133\216\053\051\232\144\337\241\135\355\260\011\005 -\155\333\050\056\316\142\242\142\376\264\210\332\022\353\070\353 -\041\235\300\101\053\001\122\173\210\167\323\034\217\307\272\271 -\210\265\152\011\347\163\350\021\100\247\321\314\312\142\215\055 -\345\217\013\246\120\322\250\120\303\050\352\365\253\045\207\212 -\232\226\034\251\147\270\077\014\325\367\371\122\023\057\302\033 -\325\160\160\360\217\300\022\312\006\313\232\341\331\312\063\172 -\167\326\370\354\271\361\150\104\102\110\023\322\300\302\244\256 -\136\140\376\266\246\005\374\264\335\007\131\002\324\131\030\230 -\143\365\245\143\340\220\014\175\135\262\006\172\363\205\352\353 -\324\003\256\136\204\076\137\377\025\355\151\274\371\071\066\162 -\165\317\167\122\115\363\311\220\054\271\075\345\311\043\123\077 -\037\044\230\041\134\007\231\051\275\306\072\354\347\156\206\072 -\153\227\164\143\063\275\150\030\061\360\170\215\166\277\374\236 -\216\135\052\206\247\115\220\334\047\032\071\002\003\001\000\001 -\243\105\060\103\060\035\006\003\125\035\016\004\026\004\024\345 -\235\131\060\202\107\130\314\254\372\010\124\066\206\173\072\265 -\004\115\360\060\022\006\003\125\035\023\001\001\377\004\010\060 -\006\001\001\377\002\001\003\060\016\006\003\125\035\017\001\001 -\377\004\004\003\002\001\006\060\015\006\011\052\206\110\206\367 -\015\001\001\005\005\000\003\202\001\001\000\205\014\135\216\344 -\157\121\150\102\005\240\335\273\117\047\045\204\003\275\367\144 -\375\055\327\060\343\244\020\027\353\332\051\051\266\171\077\166 -\366\031\023\043\270\020\012\371\130\244\324\141\160\275\004\141 -\152\022\212\027\325\012\275\305\274\060\174\326\351\014\045\215 -\206\100\117\354\314\243\176\070\306\067\021\117\355\335\150\061 -\216\114\322\263\001\164\356\276\165\136\007\110\032\177\160\377 -\026\134\204\300\171\205\270\005\375\177\276\145\021\243\017\300 -\002\264\370\122\067\071\004\325\251\061\172\030\277\240\052\364 -\022\231\367\243\105\202\343\074\136\365\235\236\265\310\236\174 -\056\310\244\236\116\010\024\113\155\375\160\155\153\032\143\275 -\144\346\037\267\316\360\362\237\056\273\033\267\362\120\210\163 -\222\302\342\343\026\215\232\062\002\253\216\030\335\351\020\021 -\356\176\065\253\220\257\076\060\224\172\320\063\075\247\145\017 -\365\374\216\236\142\317\107\104\054\001\135\273\035\265\062\322 -\107\322\070\056\320\376\201\334\062\152\036\265\356\074\325\374 -\347\201\035\031\303\044\102\352\143\071\251 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Baltimore CyberTrust Root" -# Issuer: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE -# Serial Number: 33554617 (0x20000b9) -# Subject: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE -# Not Valid Before: Fri May 12 18:46:00 2000 -# Not Valid After : Mon May 12 23:59:00 2025 -# Fingerprint (MD5): AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4 -# Fingerprint (SHA1): D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Baltimore CyberTrust Root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\324\336\040\320\136\146\374\123\376\032\120\210\054\170\333\050 -\122\312\344\164 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\254\266\224\245\234\027\340\327\221\122\233\261\227\006\246\344 -END -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\111\105\061 -\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155 -\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171 -\142\145\162\124\162\165\163\164\061\042\060\040\006\003\125\004 -\003\023\031\102\141\154\164\151\155\157\162\145\040\103\171\142 -\145\162\124\162\165\163\164\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\002\000\000\271 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Entrust Root Certification Authority" -# -# Issuer: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US -# Serial Number: 1164660820 (0x456b5054) -# Subject: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US -# Not Valid Before: Mon Nov 27 20:23:42 2006 -# Not Valid After : Fri Nov 27 20:53:42 2026 -# Fingerprint (MD5): D6:A5:C3:ED:5D:DD:3E:00:C1:3D:87:92:1F:1D:3F:E4 -# Fingerprint (SHA1): B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Entrust Root Certification Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\260\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 -\163\164\054\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\167\167\167\056\145\156\164\162\165\163\164\056\156 -\145\164\057\103\120\123\040\151\163\040\151\156\143\157\162\160 -\157\162\141\164\145\144\040\142\171\040\162\145\146\145\162\145 -\156\143\145\061\037\060\035\006\003\125\004\013\023\026\050\143 -\051\040\062\060\060\066\040\105\156\164\162\165\163\164\054\040 -\111\156\143\056\061\055\060\053\006\003\125\004\003\023\044\105 -\156\164\162\165\163\164\040\122\157\157\164\040\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 -\151\164\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\260\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 -\163\164\054\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\167\167\167\056\145\156\164\162\165\163\164\056\156 -\145\164\057\103\120\123\040\151\163\040\151\156\143\157\162\160 -\157\162\141\164\145\144\040\142\171\040\162\145\146\145\162\145 -\156\143\145\061\037\060\035\006\003\125\004\013\023\026\050\143 -\051\040\062\060\060\066\040\105\156\164\162\165\163\164\054\040 -\111\156\143\056\061\055\060\053\006\003\125\004\003\023\044\105 -\156\164\162\165\163\164\040\122\157\157\164\040\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 -\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\105\153\120\124 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\221\060\202\003\171\240\003\002\001\002\002\004\105 -\153\120\124\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\060\201\260\061\013\060\011\006\003\125\004\006\023\002 -\125\123\061\026\060\024\006\003\125\004\012\023\015\105\156\164 -\162\165\163\164\054\040\111\156\143\056\061\071\060\067\006\003 -\125\004\013\023\060\167\167\167\056\145\156\164\162\165\163\164 -\056\156\145\164\057\103\120\123\040\151\163\040\151\156\143\157 -\162\160\157\162\141\164\145\144\040\142\171\040\162\145\146\145 -\162\145\156\143\145\061\037\060\035\006\003\125\004\013\023\026 -\050\143\051\040\062\060\060\066\040\105\156\164\162\165\163\164 -\054\040\111\156\143\056\061\055\060\053\006\003\125\004\003\023 -\044\105\156\164\162\165\163\164\040\122\157\157\164\040\103\145 -\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150 -\157\162\151\164\171\060\036\027\015\060\066\061\061\062\067\062 -\060\062\063\064\062\132\027\015\062\066\061\061\062\067\062\060 -\065\063\064\062\132\060\201\260\061\013\060\011\006\003\125\004 -\006\023\002\125\123\061\026\060\024\006\003\125\004\012\023\015 -\105\156\164\162\165\163\164\054\040\111\156\143\056\061\071\060 -\067\006\003\125\004\013\023\060\167\167\167\056\145\156\164\162 -\165\163\164\056\156\145\164\057\103\120\123\040\151\163\040\151 -\156\143\157\162\160\157\162\141\164\145\144\040\142\171\040\162 -\145\146\145\162\145\156\143\145\061\037\060\035\006\003\125\004 -\013\023\026\050\143\051\040\062\060\060\066\040\105\156\164\162 -\165\163\164\054\040\111\156\143\056\061\055\060\053\006\003\125 -\004\003\023\044\105\156\164\162\165\163\164\040\122\157\157\164 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\060\202\001\042\060\015\006\011 -\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000 -\060\202\001\012\002\202\001\001\000\266\225\266\103\102\372\306 -\155\052\157\110\337\224\114\071\127\005\356\303\171\021\101\150 -\066\355\354\376\232\001\217\241\070\050\374\367\020\106\146\056 -\115\036\032\261\032\116\306\321\300\225\210\260\311\377\061\213 -\063\003\333\267\203\173\076\040\204\136\355\262\126\050\247\370 -\340\271\100\161\067\305\313\107\016\227\052\150\300\042\225\142 -\025\333\107\331\365\320\053\377\202\113\311\255\076\336\114\333 -\220\200\120\077\011\212\204\000\354\060\012\075\030\315\373\375 -\052\131\232\043\225\027\054\105\236\037\156\103\171\155\014\134 -\230\376\110\247\305\043\107\134\136\375\156\347\036\264\366\150 -\105\321\206\203\133\242\212\215\261\343\051\200\376\045\161\210 -\255\276\274\217\254\122\226\113\252\121\215\344\023\061\031\350 -\116\115\237\333\254\263\152\325\274\071\124\161\312\172\172\177 -\220\335\175\035\200\331\201\273\131\046\302\021\376\346\223\342 -\367\200\344\145\373\064\067\016\051\200\160\115\257\070\206\056 -\236\177\127\257\236\027\256\353\034\313\050\041\137\266\034\330 -\347\242\004\042\371\323\332\330\313\002\003\001\000\001\243\201 -\260\060\201\255\060\016\006\003\125\035\017\001\001\377\004\004 -\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004\005 -\060\003\001\001\377\060\053\006\003\125\035\020\004\044\060\042 -\200\017\062\060\060\066\061\061\062\067\062\060\062\063\064\062 -\132\201\017\062\060\062\066\061\061\062\067\062\060\065\063\064 -\062\132\060\037\006\003\125\035\043\004\030\060\026\200\024\150 -\220\344\147\244\246\123\200\307\206\146\244\361\367\113\103\373 -\204\275\155\060\035\006\003\125\035\016\004\026\004\024\150\220 -\344\147\244\246\123\200\307\206\146\244\361\367\113\103\373\204 -\275\155\060\035\006\011\052\206\110\206\366\175\007\101\000\004 -\020\060\016\033\010\126\067\056\061\072\064\056\060\003\002\004 -\220\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 -\003\202\001\001\000\223\324\060\260\327\003\040\052\320\371\143 -\350\221\014\005\040\251\137\031\312\173\162\116\324\261\333\320 -\226\373\124\132\031\054\014\010\367\262\274\205\250\235\177\155 -\073\122\263\052\333\347\324\204\214\143\366\017\313\046\001\221 -\120\154\364\137\024\342\223\164\300\023\236\060\072\120\343\264 -\140\305\034\360\042\104\215\161\107\254\310\032\311\351\233\232 -\000\140\023\377\160\176\137\021\115\111\033\263\025\122\173\311 -\124\332\277\235\225\257\153\232\330\236\351\361\344\103\215\342 -\021\104\072\277\257\275\203\102\163\122\213\252\273\247\051\317 -\365\144\034\012\115\321\274\252\254\237\052\320\377\177\177\332 -\175\352\261\355\060\045\301\204\332\064\322\133\170\203\126\354 -\234\066\303\046\342\021\366\147\111\035\222\253\214\373\353\377 -\172\356\205\112\247\120\200\360\247\134\112\224\056\137\005\231 -\074\122\101\340\315\264\143\317\001\103\272\234\203\334\217\140 -\073\363\132\264\264\173\256\332\013\220\070\165\357\201\035\146 -\322\367\127\160\066\263\277\374\050\257\161\045\205\133\023\376 -\036\177\132\264\074 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Entrust Root Certification Authority" -# Issuer: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US -# Serial Number: 1164660820 (0x456b5054) -# Subject: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US -# Not Valid Before: Mon Nov 27 20:23:42 2006 -# Not Valid After : Fri Nov 27 20:53:42 2026 -# Fingerprint (MD5): D6:A5:C3:ED:5D:DD:3E:00:C1:3D:87:92:1F:1D:3F:E4 -# Fingerprint (SHA1): B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Entrust Root Certification Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\263\036\261\267\100\343\154\204\002\332\334\067\324\115\365\324 -\147\111\122\371 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\326\245\303\355\135\335\076\000\301\075\207\222\037\035\077\344 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\260\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 -\163\164\054\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\167\167\167\056\145\156\164\162\165\163\164\056\156 -\145\164\057\103\120\123\040\151\163\040\151\156\143\157\162\160 -\157\162\141\164\145\144\040\142\171\040\162\145\146\145\162\145 -\156\143\145\061\037\060\035\006\003\125\004\013\023\026\050\143 -\051\040\062\060\060\066\040\105\156\164\162\165\163\164\054\040 -\111\156\143\056\061\055\060\053\006\003\125\004\003\023\044\105 -\156\164\162\165\163\164\040\122\157\157\164\040\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 -\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\105\153\120\124 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "GeoTrust Global CA" -# -# Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US -# Serial Number: 144470 (0x23456) -# Subject: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US -# Not Valid Before: Tue May 21 04:00:00 2002 -# Not Valid After : Sat May 21 04:00:00 2022 -# Fingerprint (MD5): F7:75:AB:29:FB:51:4E:B7:77:5E:FF:05:3C:99:8E:F5 -# Fingerprint (SHA1): DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Global CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\102\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\033\060\031\006\003\125\004\003 -\023\022\107\145\157\124\162\165\163\164\040\107\154\157\142\141 -\154\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\102\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\033\060\031\006\003\125\004\003 -\023\022\107\145\157\124\162\165\163\164\040\107\154\157\142\141 -\154\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\003\002\064\126 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\124\060\202\002\074\240\003\002\001\002\002\003\002 -\064\126\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\060\102\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 -\165\163\164\040\111\156\143\056\061\033\060\031\006\003\125\004 -\003\023\022\107\145\157\124\162\165\163\164\040\107\154\157\142 -\141\154\040\103\101\060\036\027\015\060\062\060\065\062\061\060 -\064\060\060\060\060\132\027\015\062\062\060\065\062\061\060\064 -\060\060\060\060\132\060\102\061\013\060\011\006\003\125\004\006 -\023\002\125\123\061\026\060\024\006\003\125\004\012\023\015\107 -\145\157\124\162\165\163\164\040\111\156\143\056\061\033\060\031 -\006\003\125\004\003\023\022\107\145\157\124\162\165\163\164\040 -\107\154\157\142\141\154\040\103\101\060\202\001\042\060\015\006 -\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017 -\000\060\202\001\012\002\202\001\001\000\332\314\030\143\060\375 -\364\027\043\032\126\176\133\337\074\154\070\344\161\267\170\221 -\324\274\241\330\114\370\250\103\266\003\351\115\041\007\010\210 -\332\130\057\146\071\051\275\005\170\213\235\070\350\005\267\152 -\176\161\244\346\304\140\246\260\357\200\344\211\050\017\236\045 -\326\355\203\363\255\246\221\307\230\311\102\030\065\024\235\255 -\230\106\222\056\117\312\361\207\103\301\026\225\127\055\120\357 -\211\055\200\172\127\255\362\356\137\153\322\000\215\271\024\370 -\024\025\065\331\300\106\243\173\162\310\221\277\311\125\053\315 -\320\227\076\234\046\144\314\337\316\203\031\161\312\116\346\324 -\325\173\251\031\315\125\336\310\354\322\136\070\123\345\134\117 -\214\055\376\120\043\066\374\146\346\313\216\244\071\031\000\267 -\225\002\071\221\013\016\376\070\056\321\035\005\232\366\115\076 -\157\017\007\035\257\054\036\217\140\071\342\372\066\123\023\071 -\324\136\046\053\333\075\250\024\275\062\353\030\003\050\122\004 -\161\345\253\063\075\341\070\273\007\066\204\142\234\171\352\026 -\060\364\137\300\053\350\161\153\344\371\002\003\001\000\001\243 -\123\060\121\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024\300 -\172\230\150\215\211\373\253\005\144\014\021\175\252\175\145\270 -\312\314\116\060\037\006\003\125\035\043\004\030\060\026\200\024 -\300\172\230\150\215\211\373\253\005\144\014\021\175\252\175\145 -\270\312\314\116\060\015\006\011\052\206\110\206\367\015\001\001 -\005\005\000\003\202\001\001\000\065\343\051\152\345\057\135\124 -\216\051\120\224\237\231\032\024\344\217\170\052\142\224\242\047 -\147\236\320\317\032\136\107\351\301\262\244\317\335\101\032\005 -\116\233\113\356\112\157\125\122\263\044\241\067\012\353\144\166 -\052\056\054\363\375\073\165\220\277\372\161\330\307\075\067\322 -\265\005\225\142\271\246\336\211\075\066\173\070\167\110\227\254 -\246\040\217\056\246\311\014\302\262\231\105\000\307\316\021\121 -\042\042\340\245\352\266\025\110\011\144\352\136\117\164\367\005 -\076\307\212\122\014\333\025\264\275\155\233\345\306\261\124\150 -\251\343\151\220\266\232\245\017\270\271\077\040\175\256\112\265 -\270\234\344\035\266\253\346\224\245\301\307\203\255\333\365\047 -\207\016\004\154\325\377\335\240\135\355\207\122\267\053\025\002 -\256\071\246\152\164\351\332\304\347\274\115\064\036\251\134\115 -\063\137\222\011\057\210\146\135\167\227\307\035\166\023\251\325 -\345\361\026\011\021\065\325\254\333\044\161\160\054\230\126\013 -\331\027\264\321\343\121\053\136\165\350\325\320\334\117\064\355 -\302\005\146\200\241\313\346\063 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -# For Server Distrust After: Wed Jan 01 00:00:00 2020 -CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL -\062\060\060\061\060\061\060\060\060\060\060\060\132 -END -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "GeoTrust Global CA" -# Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US -# Serial Number: 144470 (0x23456) -# Subject: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US -# Not Valid Before: Tue May 21 04:00:00 2002 -# Not Valid After : Sat May 21 04:00:00 2022 -# Fingerprint (MD5): F7:75:AB:29:FB:51:4E:B7:77:5E:FF:05:3C:99:8E:F5 -# Fingerprint (SHA1): DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Global CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\336\050\364\244\377\345\271\057\243\305\003\321\243\111\247\371 -\226\052\202\022 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\367\165\253\051\373\121\116\267\167\136\377\005\074\231\216\365 -END -CKA_ISSUER MULTILINE_OCTAL -\060\102\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\033\060\031\006\003\125\004\003 -\023\022\107\145\157\124\162\165\163\164\040\107\154\157\142\141 -\154\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\003\002\064\126 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "GeoTrust Universal CA" -# -# Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US -# Serial Number: 1 (0x1) -# Subject: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US -# Not Valid Before: Thu Mar 04 05:00:00 2004 -# Not Valid After : Sun Mar 04 05:00:00 2029 -# Fingerprint (MD5): 92:65:58:8B:A2:1A:31:72:73:68:5C:B4:A5:7A:07:48 -# Fingerprint (SHA1): E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Universal CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\036\060\034\006\003\125\004\003 -\023\025\107\145\157\124\162\165\163\164\040\125\156\151\166\145 -\162\163\141\154\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\036\060\034\006\003\125\004\003 -\023\025\107\145\157\124\162\165\163\164\040\125\156\151\166\145 -\162\163\141\154\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\150\060\202\003\120\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061\026 -\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165\163 -\164\040\111\156\143\056\061\036\060\034\006\003\125\004\003\023 -\025\107\145\157\124\162\165\163\164\040\125\156\151\166\145\162 -\163\141\154\040\103\101\060\036\027\015\060\064\060\063\060\064 -\060\065\060\060\060\060\132\027\015\062\071\060\063\060\064\060 -\065\060\060\060\060\132\060\105\061\013\060\011\006\003\125\004 -\006\023\002\125\123\061\026\060\024\006\003\125\004\012\023\015 -\107\145\157\124\162\165\163\164\040\111\156\143\056\061\036\060 -\034\006\003\125\004\003\023\025\107\145\157\124\162\165\163\164 -\040\125\156\151\166\145\162\163\141\154\040\103\101\060\202\002 -\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000 -\003\202\002\017\000\060\202\002\012\002\202\002\001\000\246\025 -\125\240\243\306\340\037\214\235\041\120\327\301\276\053\133\265 -\244\236\241\331\162\130\275\000\033\114\277\141\311\024\035\105 -\202\253\306\035\200\326\075\353\020\234\072\257\155\044\370\274 -\161\001\236\006\365\174\137\036\301\016\125\312\203\232\131\060 -\256\031\313\060\110\225\355\042\067\215\364\112\232\162\146\076 -\255\225\300\340\026\000\340\020\037\053\061\016\327\224\124\323 -\102\063\240\064\035\036\105\166\335\117\312\030\067\354\205\025 -\172\031\010\374\325\307\234\360\362\251\056\020\251\222\346\075 -\130\075\251\026\150\074\057\165\041\030\177\050\167\245\341\141 -\027\267\246\351\370\036\231\333\163\156\364\012\242\041\154\356 -\332\252\205\222\146\257\366\172\153\202\332\272\042\010\065\017 -\317\102\361\065\372\152\356\176\053\045\314\072\021\344\155\257 -\163\262\166\035\255\320\262\170\147\032\244\071\034\121\013\147 -\126\203\375\070\135\015\316\335\360\273\053\226\037\336\173\062 -\122\375\035\273\265\006\241\262\041\136\245\326\225\150\177\360 -\231\236\334\105\010\076\347\322\011\015\065\224\335\200\116\123 -\227\327\265\011\104\040\144\026\027\003\002\114\123\015\150\336 -\325\252\162\115\223\155\202\016\333\234\275\317\264\363\134\135 -\124\172\151\011\226\326\333\021\301\215\165\250\264\317\071\310 -\316\074\274\044\174\346\142\312\341\275\175\247\275\127\145\013 -\344\376\045\355\266\151\020\334\050\032\106\275\001\035\320\227 -\265\341\230\073\300\067\144\326\075\224\356\013\341\365\050\256 -\013\126\277\161\213\043\051\101\216\206\305\113\122\173\330\161 -\253\037\212\025\246\073\203\132\327\130\001\121\306\114\101\331 -\177\330\101\147\162\242\050\337\140\203\251\236\310\173\374\123 -\163\162\131\365\223\172\027\166\016\316\367\345\134\331\013\125 -\064\242\252\133\265\152\124\347\023\312\127\354\227\155\364\136 -\006\057\105\213\130\324\043\026\222\344\026\156\050\143\131\060 -\337\120\001\234\143\211\032\237\333\027\224\202\160\067\303\044 -\236\232\107\326\132\312\116\250\151\211\162\037\221\154\333\176 -\236\033\255\307\037\163\335\054\117\031\145\375\177\223\100\020 -\056\322\360\355\074\236\056\050\076\151\046\063\305\173\002\003 -\001\000\001\243\143\060\141\060\017\006\003\125\035\023\001\001 -\377\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004 -\026\004\024\332\273\056\252\260\014\270\210\046\121\164\134\155 -\003\323\300\330\217\172\326\060\037\006\003\125\035\043\004\030 -\060\026\200\024\332\273\056\252\260\014\270\210\046\121\164\134 -\155\003\323\300\330\217\172\326\060\016\006\003\125\035\017\001 -\001\377\004\004\003\002\001\206\060\015\006\011\052\206\110\206 -\367\015\001\001\005\005\000\003\202\002\001\000\061\170\346\307 -\265\337\270\224\100\311\161\304\250\065\354\106\035\302\205\363 -\050\130\206\260\013\374\216\262\071\217\104\125\253\144\204\134 -\151\251\320\232\070\074\372\345\037\065\345\104\343\200\171\224 -\150\244\273\304\237\075\341\064\315\060\106\213\124\053\225\245 -\357\367\077\231\204\375\065\346\317\061\306\334\152\277\247\327 -\043\010\341\230\136\303\132\010\166\251\246\257\167\057\267\140 -\275\104\106\152\357\227\377\163\225\301\216\350\223\373\375\061 -\267\354\127\021\021\105\233\060\361\032\210\071\301\117\074\247 -\000\325\307\374\253\155\200\042\160\245\014\340\135\004\051\002 -\373\313\240\221\321\174\326\303\176\120\325\235\130\276\101\070 -\353\271\165\074\025\331\233\311\112\203\131\300\332\123\375\063 -\273\066\030\233\205\017\025\335\356\055\254\166\223\271\331\001 -\215\110\020\250\373\365\070\206\361\333\012\306\275\204\243\043 -\101\336\326\167\157\205\324\205\034\120\340\256\121\212\272\215 -\076\166\342\271\312\047\362\137\237\357\156\131\015\006\330\053 -\027\244\322\174\153\273\137\024\032\110\217\032\114\347\263\107 -\034\216\114\105\053\040\356\110\337\347\335\011\216\030\250\332 -\100\215\222\046\021\123\141\163\135\353\275\347\304\115\051\067 -\141\353\254\071\055\147\056\026\326\365\000\203\205\241\314\177 -\166\304\175\344\267\113\146\357\003\105\140\151\266\014\122\226 -\222\204\136\246\243\265\244\076\053\331\314\330\033\107\252\362 -\104\332\117\371\003\350\360\024\313\077\363\203\336\320\301\124 -\343\267\350\012\067\115\213\040\131\003\060\031\241\054\310\275 -\021\037\337\256\311\112\305\363\047\146\146\206\254\150\221\377 -\331\346\123\034\017\213\134\151\145\012\046\310\036\064\303\135 -\121\173\327\251\234\006\241\066\335\325\211\224\274\331\344\055 -\014\136\011\154\010\227\174\243\075\174\223\377\077\241\024\247 -\317\265\135\353\333\333\034\304\166\337\210\271\275\105\005\225 -\033\256\374\106\152\114\257\110\343\316\256\017\322\176\353\346 -\154\234\117\201\152\172\144\254\273\076\325\347\313\166\056\305 -\247\110\301\134\220\017\313\310\077\372\346\062\341\215\033\157 -\244\346\216\330\371\051\110\212\316\163\376\054 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -# For Server Distrust After: Sun Sep 30 00:00:00 2018 -CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL -\061\070\060\071\063\060\060\060\060\060\060\060\132 -END -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "GeoTrust Universal CA" -# Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US -# Serial Number: 1 (0x1) -# Subject: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US -# Not Valid Before: Thu Mar 04 05:00:00 2004 -# Not Valid After : Sun Mar 04 05:00:00 2029 -# Fingerprint (MD5): 92:65:58:8B:A2:1A:31:72:73:68:5C:B4:A5:7A:07:48 -# Fingerprint (SHA1): E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Universal CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\346\041\363\065\103\171\005\232\113\150\060\235\212\057\164\042 -\025\207\354\171 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\222\145\130\213\242\032\061\162\163\150\134\264\245\172\007\110 -END -CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\036\060\034\006\003\125\004\003 -\023\025\107\145\157\124\162\165\163\164\040\125\156\151\166\145 -\162\163\141\154\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "GeoTrust Universal CA 2" -# -# Issuer: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US -# Serial Number: 1 (0x1) -# Subject: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US -# Not Valid Before: Thu Mar 04 05:00:00 2004 -# Not Valid After : Sun Mar 04 05:00:00 2029 -# Fingerprint (MD5): 34:FC:B8:D0:36:DB:9E:14:B3:C2:F2:DB:8F:E4:94:C7 -# Fingerprint (SHA1): 37:9A:19:7B:41:85:45:35:0C:A6:03:69:F3:3C:2E:AF:47:4F:20:79 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Universal CA 2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\040\060\036\006\003\125\004\003 -\023\027\107\145\157\124\162\165\163\164\040\125\156\151\166\145 -\162\163\141\154\040\103\101\040\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\040\060\036\006\003\125\004\003 -\023\027\107\145\157\124\162\165\163\164\040\125\156\151\166\145 -\162\163\141\154\040\103\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\154\060\202\003\124\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061\026 -\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165\163 -\164\040\111\156\143\056\061\040\060\036\006\003\125\004\003\023 -\027\107\145\157\124\162\165\163\164\040\125\156\151\166\145\162 -\163\141\154\040\103\101\040\062\060\036\027\015\060\064\060\063 -\060\064\060\065\060\060\060\060\132\027\015\062\071\060\063\060 -\064\060\065\060\060\060\060\132\060\107\061\013\060\011\006\003 -\125\004\006\023\002\125\123\061\026\060\024\006\003\125\004\012 -\023\015\107\145\157\124\162\165\163\164\040\111\156\143\056\061 -\040\060\036\006\003\125\004\003\023\027\107\145\157\124\162\165 -\163\164\040\125\156\151\166\145\162\163\141\154\040\103\101\040 -\062\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001 -\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002 -\001\000\263\124\122\301\311\076\362\331\334\261\123\032\131\051 -\347\261\303\105\050\345\327\321\355\305\305\113\241\252\164\173 -\127\257\112\046\374\330\365\136\247\156\031\333\164\014\117\065 -\133\062\013\001\343\333\353\172\167\065\352\252\132\340\326\350 -\241\127\224\360\220\243\164\126\224\104\060\003\036\134\116\053 -\205\046\164\202\172\014\166\240\157\115\316\101\055\240\025\006 -\024\137\267\102\315\173\217\130\141\064\334\052\010\371\056\303 -\001\246\042\104\034\114\007\202\346\133\316\320\112\174\004\323 -\031\163\047\360\252\230\177\056\257\116\353\207\036\044\167\152 -\135\266\350\133\105\272\334\303\241\005\157\126\216\217\020\046 -\245\111\303\056\327\101\207\042\340\117\206\312\140\265\352\241 -\143\300\001\227\020\171\275\000\074\022\155\053\025\261\254\113 -\261\356\030\271\116\226\334\334\166\377\073\276\317\137\003\300 -\374\073\350\276\106\033\377\332\100\302\122\367\376\343\072\367 -\152\167\065\320\332\215\353\136\030\152\061\307\036\272\074\033 -\050\326\153\124\306\252\133\327\242\054\033\031\314\242\002\366 -\233\131\275\067\153\206\265\155\202\272\330\352\311\126\274\251 -\066\130\375\076\031\363\355\014\046\251\223\070\370\117\301\135 -\042\006\320\227\352\341\255\306\125\340\201\053\050\203\072\372 -\364\173\041\121\000\276\122\070\316\315\146\171\250\364\201\126 -\342\320\203\011\107\121\133\120\152\317\333\110\032\135\076\367 -\313\366\145\367\154\361\225\370\002\073\062\126\202\071\172\133 -\275\057\211\033\277\241\264\350\377\177\215\214\337\003\361\140 -\116\130\021\114\353\243\077\020\053\203\232\001\163\331\224\155 -\204\000\047\146\254\360\160\100\011\102\222\255\117\223\015\141 -\011\121\044\330\222\325\013\224\141\262\207\262\355\377\232\065 -\377\205\124\312\355\104\103\254\033\074\026\153\110\112\012\034 -\100\210\037\222\302\013\000\005\377\362\310\002\112\244\252\251 -\314\231\226\234\057\130\340\175\341\276\273\007\334\137\004\162 -\134\061\064\303\354\137\055\340\075\144\220\042\346\321\354\270 -\056\335\131\256\331\241\067\277\124\065\334\163\062\117\214\004 -\036\063\262\311\106\361\330\134\310\125\120\311\150\275\250\272 -\066\011\002\003\001\000\001\243\143\060\141\060\017\006\003\125 -\035\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003 -\125\035\016\004\026\004\024\166\363\125\341\372\244\066\373\360 -\237\134\142\161\355\074\364\107\070\020\053\060\037\006\003\125 -\035\043\004\030\060\026\200\024\166\363\125\341\372\244\066\373 -\360\237\134\142\161\355\074\364\107\070\020\053\060\016\006\003 -\125\035\017\001\001\377\004\004\003\002\001\206\060\015\006\011 -\052\206\110\206\367\015\001\001\005\005\000\003\202\002\001\000 -\146\301\306\043\363\331\340\056\156\137\350\317\256\260\260\045 -\115\053\370\073\130\233\100\044\067\132\313\253\026\111\377\263 -\165\171\063\241\057\155\160\027\064\221\376\147\176\217\354\233 -\345\136\202\251\125\037\057\334\324\121\007\022\376\254\026\076 -\054\065\306\143\374\334\020\353\015\243\252\320\174\314\321\320 -\057\121\056\304\024\132\336\350\031\341\076\306\314\244\051\347 -\056\204\252\006\060\170\166\124\163\050\230\131\070\340\000\015 -\142\323\102\175\041\237\256\075\072\214\325\372\167\015\030\053 -\026\016\137\066\341\374\052\265\060\044\317\340\143\014\173\130 -\032\376\231\272\102\022\261\221\364\174\150\342\310\350\257\054 -\352\311\176\256\273\052\075\015\025\334\064\225\266\030\164\250 -\152\017\307\264\364\023\304\344\133\355\012\322\244\227\114\052 -\355\057\154\022\211\075\361\047\160\252\152\003\122\041\237\100 -\250\147\120\362\363\132\037\337\337\043\366\334\170\116\346\230 -\117\125\072\123\343\357\362\364\237\307\174\330\130\257\051\042 -\227\270\340\275\221\056\260\166\354\127\021\317\357\051\104\363 -\351\205\172\140\143\344\135\063\211\027\331\061\252\332\326\363 -\030\065\162\317\207\053\057\143\043\204\135\204\214\077\127\240 -\210\374\231\221\050\046\151\231\324\217\227\104\276\216\325\110 -\261\244\050\051\361\025\264\341\345\236\335\370\217\246\157\046 -\327\011\074\072\034\021\016\246\154\067\367\255\104\207\054\050 -\307\330\164\202\263\320\157\112\127\273\065\051\047\240\213\350 -\041\247\207\144\066\135\314\330\026\254\307\262\047\100\222\125 -\070\050\215\121\156\335\024\147\123\154\161\134\046\204\115\165 -\132\266\176\140\126\251\115\255\373\233\036\227\363\015\331\322 -\227\124\167\332\075\022\267\340\036\357\010\006\254\371\205\207 -\351\242\334\257\176\030\022\203\375\126\027\101\056\325\051\202 -\175\231\364\061\366\161\251\317\054\001\047\245\005\271\252\262 -\110\116\052\357\237\223\122\121\225\074\122\163\216\126\114\027 -\100\300\011\050\344\213\152\110\123\333\354\315\125\125\361\306 -\370\351\242\054\114\246\321\046\137\176\257\132\114\332\037\246 -\362\034\054\176\256\002\026\322\126\320\057\127\123\107\350\222 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -# For Server Distrust After: Wed Jan 01 00:00:00 2020 -CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL -\062\060\060\061\060\061\060\060\060\060\060\060\132 -END -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "GeoTrust Universal CA 2" -# Issuer: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US -# Serial Number: 1 (0x1) -# Subject: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US -# Not Valid Before: Thu Mar 04 05:00:00 2004 -# Not Valid After : Sun Mar 04 05:00:00 2029 -# Fingerprint (MD5): 34:FC:B8:D0:36:DB:9E:14:B3:C2:F2:DB:8F:E4:94:C7 -# Fingerprint (SHA1): 37:9A:19:7B:41:85:45:35:0C:A6:03:69:F3:3C:2E:AF:47:4F:20:79 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Universal CA 2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\067\232\031\173\101\205\105\065\014\246\003\151\363\074\056\257 -\107\117\040\171 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\064\374\270\320\066\333\236\024\263\302\362\333\217\344\224\307 -END -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\040\060\036\006\003\125\004\003 -\023\027\107\145\157\124\162\165\163\164\040\125\156\151\166\145 -\162\163\141\154\040\103\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Certum Root CA" -# -# Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL -# Serial Number: 65568 (0x10020) -# Subject: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL -# Not Valid Before: Tue Jun 11 10:46:39 2002 -# Not Valid After : Fri Jun 11 10:46:39 2027 -# Fingerprint (MD5): 2C:8F:9F:66:1D:18:90:B1:47:26:9D:8E:86:82:8C:A9 -# Fingerprint (SHA1): 62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certum Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114\061 -\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145\164 -\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060\020 -\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114\061 -\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145\164 -\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060\020 -\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\003\001\000\040 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\014\060\202\001\364\240\003\002\001\002\002\003\001 -\000\040\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114 -\061\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145 -\164\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060 -\020\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103 -\101\060\036\027\015\060\062\060\066\061\061\061\060\064\066\063 -\071\132\027\015\062\067\060\066\061\061\061\060\064\066\063\071 -\132\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114 -\061\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145 -\164\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060 -\020\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103 -\101\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001 -\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001 -\001\000\316\261\301\056\323\117\174\315\045\316\030\076\117\304 -\214\157\200\152\163\310\133\121\370\233\322\334\273\000\134\261 -\240\374\165\003\356\201\360\210\356\043\122\351\346\025\063\215 -\254\055\011\305\166\371\053\071\200\211\344\227\113\220\245\250 -\170\370\163\103\173\244\141\260\330\130\314\341\154\146\176\234 -\363\011\136\125\143\204\325\250\357\363\261\056\060\150\263\304 -\074\330\254\156\215\231\132\220\116\064\334\066\232\217\201\210 -\120\267\155\226\102\011\363\327\225\203\015\101\113\260\152\153 -\370\374\017\176\142\237\147\304\355\046\137\020\046\017\010\117 -\360\244\127\050\316\217\270\355\105\366\156\356\045\135\252\156 -\071\276\344\223\057\331\107\240\162\353\372\246\133\257\312\123 -\077\342\016\306\226\126\021\156\367\351\146\251\046\330\177\225 -\123\355\012\205\210\272\117\051\245\102\214\136\266\374\205\040 -\000\252\150\013\241\032\205\001\234\304\106\143\202\210\266\042 -\261\356\376\252\106\131\176\317\065\054\325\266\332\135\367\110 -\063\024\124\266\353\331\157\316\315\210\326\253\033\332\226\073 -\035\131\002\003\001\000\001\243\023\060\021\060\017\006\003\125 -\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006\011 -\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000 -\270\215\316\357\347\024\272\317\356\260\104\222\154\264\071\076 -\242\204\156\255\270\041\167\322\324\167\202\207\346\040\101\201 -\356\342\370\021\267\143\321\027\067\276\031\166\044\034\004\032 -\114\353\075\252\147\157\055\324\315\376\145\061\160\305\033\246 -\002\012\272\140\173\155\130\302\232\111\376\143\062\013\153\343 -\072\300\254\253\073\260\350\323\011\121\214\020\203\306\064\340 -\305\053\340\032\266\140\024\047\154\062\167\214\274\262\162\230 -\317\315\314\077\271\310\044\102\024\326\127\374\346\046\103\251 -\035\345\200\220\316\003\124\050\076\367\077\323\370\115\355\152 -\012\072\223\023\233\073\024\043\023\143\234\077\321\207\047\171 -\345\114\121\343\001\255\205\135\032\073\261\325\163\020\244\323 -\362\274\156\144\365\132\126\220\250\307\016\114\164\017\056\161 -\073\367\310\107\364\151\157\025\362\021\136\203\036\234\174\122 -\256\375\002\332\022\250\131\147\030\333\274\160\335\233\261\151 -\355\200\316\211\100\110\152\016\065\312\051\146\025\041\224\054 -\350\140\052\233\205\112\100\363\153\212\044\354\006\026\054\163 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Certum Root CA" -# Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL -# Serial Number: 65568 (0x10020) -# Subject: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL -# Not Valid Before: Tue Jun 11 10:46:39 2002 -# Not Valid After : Fri Jun 11 10:46:39 2027 -# Fingerprint (MD5): 2C:8F:9F:66:1D:18:90:B1:47:26:9D:8E:86:82:8C:A9 -# Fingerprint (SHA1): 62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certum Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\142\122\334\100\367\021\103\242\057\336\236\367\064\216\006\102 -\121\261\201\030 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\054\217\237\146\035\030\220\261\107\046\235\216\206\202\214\251 -END -CKA_ISSUER MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114\061 -\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145\164 -\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060\020 -\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\003\001\000\040 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Comodo AAA Services root" -# -# Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB -# Serial Number: 1 (0x1) -# Subject: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB -# Not Valid Before: Thu Jan 01 00:00:00 2004 -# Not Valid After : Sun Dec 31 23:59:59 2028 -# Fingerprint (MD5): 49:79:04:B0:EB:87:19:AC:47:B0:BC:11:51:9B:74:D0 -# Fingerprint (SHA1): D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Comodo AAA Services root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\173\061\013\060\011\006\003\125\004\006\023\002\107\102\061 -\033\060\031\006\003\125\004\010\014\022\107\162\145\141\164\145 -\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016 -\006\003\125\004\007\014\007\123\141\154\146\157\162\144\061\032 -\060\030\006\003\125\004\012\014\021\103\157\155\157\144\157\040 -\103\101\040\114\151\155\151\164\145\144\061\041\060\037\006\003 -\125\004\003\014\030\101\101\101\040\103\145\162\164\151\146\151 -\143\141\164\145\040\123\145\162\166\151\143\145\163 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\173\061\013\060\011\006\003\125\004\006\023\002\107\102\061 -\033\060\031\006\003\125\004\010\014\022\107\162\145\141\164\145 -\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016 -\006\003\125\004\007\014\007\123\141\154\146\157\162\144\061\032 -\060\030\006\003\125\004\012\014\021\103\157\155\157\144\157\040 -\103\101\040\114\151\155\151\164\145\144\061\041\060\037\006\003 -\125\004\003\014\030\101\101\101\040\103\145\162\164\151\146\151 -\143\141\164\145\040\123\145\162\166\151\143\145\163 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\062\060\202\003\032\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\173\061\013\060\011\006\003\125\004\006\023\002\107\102\061\033 -\060\031\006\003\125\004\010\014\022\107\162\145\141\164\145\162 -\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016\006 -\003\125\004\007\014\007\123\141\154\146\157\162\144\061\032\060 -\030\006\003\125\004\012\014\021\103\157\155\157\144\157\040\103 -\101\040\114\151\155\151\164\145\144\061\041\060\037\006\003\125 -\004\003\014\030\101\101\101\040\103\145\162\164\151\146\151\143 -\141\164\145\040\123\145\162\166\151\143\145\163\060\036\027\015 -\060\064\060\061\060\061\060\060\060\060\060\060\132\027\015\062 -\070\061\062\063\061\062\063\065\071\065\071\132\060\173\061\013 -\060\011\006\003\125\004\006\023\002\107\102\061\033\060\031\006 -\003\125\004\010\014\022\107\162\145\141\164\145\162\040\115\141 -\156\143\150\145\163\164\145\162\061\020\060\016\006\003\125\004 -\007\014\007\123\141\154\146\157\162\144\061\032\060\030\006\003 -\125\004\012\014\021\103\157\155\157\144\157\040\103\101\040\114 -\151\155\151\164\145\144\061\041\060\037\006\003\125\004\003\014 -\030\101\101\101\040\103\145\162\164\151\146\151\143\141\164\145 -\040\123\145\162\166\151\143\145\163\060\202\001\042\060\015\006 -\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017 -\000\060\202\001\012\002\202\001\001\000\276\100\235\364\156\341 -\352\166\207\034\115\105\104\216\276\106\310\203\006\235\301\052 -\376\030\037\216\344\002\372\363\253\135\120\212\026\061\013\232 -\006\320\305\160\042\315\111\055\124\143\314\266\156\150\106\013 -\123\352\313\114\044\300\274\162\116\352\361\025\256\364\124\232 -\022\012\303\172\262\063\140\342\332\211\125\363\042\130\363\336 -\334\317\357\203\206\242\214\224\117\237\150\362\230\220\106\204 -\047\307\166\277\343\314\065\054\213\136\007\144\145\202\300\110 -\260\250\221\371\141\237\166\040\120\250\221\307\146\265\353\170 -\142\003\126\360\212\032\023\352\061\243\036\240\231\375\070\366 -\366\047\062\130\157\007\365\153\270\373\024\053\257\267\252\314 -\326\143\137\163\214\332\005\231\250\070\250\313\027\170\066\121 -\254\351\236\364\170\072\215\317\017\331\102\342\230\014\253\057 -\237\016\001\336\357\237\231\111\361\055\337\254\164\115\033\230 -\265\107\305\345\051\321\371\220\030\307\142\234\276\203\307\046 -\173\076\212\045\307\300\335\235\346\065\150\020\040\235\217\330 -\336\322\303\204\234\015\136\350\057\311\002\003\001\000\001\243 -\201\300\060\201\275\060\035\006\003\125\035\016\004\026\004\024 -\240\021\012\043\076\226\361\007\354\342\257\051\357\202\245\177 -\320\060\244\264\060\016\006\003\125\035\017\001\001\377\004\004 -\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004\005 -\060\003\001\001\377\060\173\006\003\125\035\037\004\164\060\162 -\060\070\240\066\240\064\206\062\150\164\164\160\072\057\057\143 -\162\154\056\143\157\155\157\144\157\143\141\056\143\157\155\057 -\101\101\101\103\145\162\164\151\146\151\143\141\164\145\123\145 -\162\166\151\143\145\163\056\143\162\154\060\066\240\064\240\062 -\206\060\150\164\164\160\072\057\057\143\162\154\056\143\157\155 -\157\144\157\056\156\145\164\057\101\101\101\103\145\162\164\151 -\146\151\143\141\164\145\123\145\162\166\151\143\145\163\056\143 -\162\154\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\003\202\001\001\000\010\126\374\002\360\233\350\377\244\372 -\326\173\306\104\200\316\117\304\305\366\000\130\314\246\266\274 -\024\111\150\004\166\350\346\356\135\354\002\017\140\326\215\120 -\030\117\046\116\001\343\346\260\245\356\277\274\164\124\101\277 -\375\374\022\270\307\117\132\364\211\140\005\177\140\267\005\112 -\363\366\361\302\277\304\271\164\206\266\055\175\153\314\322\363 -\106\335\057\306\340\152\303\303\064\003\054\175\226\335\132\302 -\016\247\012\231\301\005\213\253\014\057\363\134\072\317\154\067 -\125\011\207\336\123\100\154\130\357\374\266\253\145\156\004\366 -\033\334\074\340\132\025\306\236\331\361\131\110\060\041\145\003 -\154\354\351\041\163\354\233\003\241\340\067\255\240\025\030\217 -\372\272\002\316\247\054\251\020\023\054\324\345\010\046\253\042 -\227\140\370\220\136\164\324\242\232\123\275\362\251\150\340\242 -\156\302\327\154\261\243\017\236\277\353\150\347\126\362\256\362 -\343\053\070\072\011\201\265\153\205\327\276\055\355\077\032\267 -\262\143\342\365\142\054\202\324\152\000\101\120\361\071\203\237 -\225\351\066\226\230\156 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Comodo AAA Services root" -# Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB -# Serial Number: 1 (0x1) -# Subject: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB -# Not Valid Before: Thu Jan 01 00:00:00 2004 -# Not Valid After : Sun Dec 31 23:59:59 2028 -# Fingerprint (MD5): 49:79:04:B0:EB:87:19:AC:47:B0:BC:11:51:9B:74:D0 -# Fingerprint (SHA1): D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Comodo AAA Services root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\321\353\043\244\155\027\326\217\331\045\144\302\361\361\140\027 -\144\330\343\111 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\111\171\004\260\353\207\031\254\107\260\274\021\121\233\164\320 -END -CKA_ISSUER MULTILINE_OCTAL -\060\173\061\013\060\011\006\003\125\004\006\023\002\107\102\061 -\033\060\031\006\003\125\004\010\014\022\107\162\145\141\164\145 -\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016 -\006\003\125\004\007\014\007\123\141\154\146\157\162\144\061\032 -\060\030\006\003\125\004\012\014\021\103\157\155\157\144\157\040 -\103\101\040\114\151\155\151\164\145\144\061\041\060\037\006\003 -\125\004\003\014\030\101\101\101\040\103\145\162\164\151\146\151 -\143\141\164\145\040\123\145\162\166\151\143\145\163 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "QuoVadis Root CA" -# -# Issuer: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM -# Serial Number: 985026699 (0x3ab6508b) -# Subject: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM -# Not Valid Before: Mon Mar 19 18:33:33 2001 -# Not Valid After : Wed Mar 17 18:33:33 2021 -# Fingerprint (MD5): 27:DE:36:FE:72:B7:00:03:00:9D:F4:F0:1E:6C:04:24 -# Fingerprint (SHA1): DE:3F:40:BD:50:93:D3:9B:6C:60:F6:DA:BC:07:62:01:00:89:76:C9 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "QuoVadis Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\177\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\045\060\043\006\003 -\125\004\013\023\034\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171\061\056\060\054\006\003\125\004\003\023\045\121\165\157\126 -\141\144\151\163\040\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\177\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\045\060\043\006\003 -\125\004\013\023\034\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171\061\056\060\054\006\003\125\004\003\023\045\121\165\157\126 -\141\144\151\163\040\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\072\266\120\213 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\320\060\202\004\270\240\003\002\001\002\002\004\072 -\266\120\213\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\060\177\061\013\060\011\006\003\125\004\006\023\002\102 -\115\061\031\060\027\006\003\125\004\012\023\020\121\165\157\126 -\141\144\151\163\040\114\151\155\151\164\145\144\061\045\060\043 -\006\003\125\004\013\023\034\122\157\157\164\040\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 -\151\164\171\061\056\060\054\006\003\125\004\003\023\045\121\165 -\157\126\141\144\151\163\040\122\157\157\164\040\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 -\151\164\171\060\036\027\015\060\061\060\063\061\071\061\070\063 -\063\063\063\132\027\015\062\061\060\063\061\067\061\070\063\063 -\063\063\132\060\177\061\013\060\011\006\003\125\004\006\023\002 -\102\115\061\031\060\027\006\003\125\004\012\023\020\121\165\157 -\126\141\144\151\163\040\114\151\155\151\164\145\144\061\045\060 -\043\006\003\125\004\013\023\034\122\157\157\164\040\103\145\162 -\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171\061\056\060\054\006\003\125\004\003\023\045\121 -\165\157\126\141\144\151\163\040\122\157\157\164\040\103\145\162 -\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171\060\202\001\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012 -\002\202\001\001\000\277\141\265\225\123\272\127\374\372\362\147 -\013\072\032\337\021\200\144\225\264\321\274\315\172\317\366\051 -\226\056\044\124\100\044\070\367\032\205\334\130\114\313\244\047 -\102\227\320\237\203\212\303\344\006\003\133\000\245\121\036\160 -\004\164\342\301\324\072\253\327\255\073\007\030\005\216\375\203 -\254\352\146\331\030\033\150\212\365\127\032\230\272\365\355\166 -\075\174\331\336\224\152\073\113\027\301\325\217\275\145\070\072 -\225\320\075\125\066\116\337\171\127\061\052\036\330\131\145\111 -\130\040\230\176\253\137\176\237\351\326\115\354\203\164\251\307 -\154\330\356\051\112\205\052\006\024\371\124\346\323\332\145\007 -\213\143\067\022\327\320\354\303\173\040\101\104\243\355\313\240 -\027\341\161\145\316\035\146\061\367\166\001\031\310\175\003\130 -\266\225\111\035\246\022\046\350\306\014\166\340\343\146\313\352 -\135\246\046\356\345\314\137\275\147\247\001\047\016\242\312\124 -\305\261\172\225\035\161\036\112\051\212\003\334\152\105\301\244 -\031\136\157\066\315\303\242\260\267\376\134\070\342\122\274\370 -\104\103\346\220\273\002\003\001\000\001\243\202\002\122\060\202 -\002\116\060\075\006\010\053\006\001\005\005\007\001\001\004\061 -\060\057\060\055\006\010\053\006\001\005\005\007\060\001\206\041 -\150\164\164\160\163\072\057\057\157\143\163\160\056\161\165\157 -\166\141\144\151\163\157\146\146\163\150\157\162\145\056\143\157 -\155\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 -\001\377\060\202\001\032\006\003\125\035\040\004\202\001\021\060 -\202\001\015\060\202\001\011\006\011\053\006\001\004\001\276\130 -\000\001\060\201\373\060\201\324\006\010\053\006\001\005\005\007 -\002\002\060\201\307\032\201\304\122\145\154\151\141\156\143\145 -\040\157\156\040\164\150\145\040\121\165\157\126\141\144\151\163 -\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164 -\145\040\142\171\040\141\156\171\040\160\141\162\164\171\040\141 -\163\163\165\155\145\163\040\141\143\143\145\160\164\141\156\143 -\145\040\157\146\040\164\150\145\040\164\150\145\156\040\141\160 -\160\154\151\143\141\142\154\145\040\163\164\141\156\144\141\162 -\144\040\164\145\162\155\163\040\141\156\144\040\143\157\156\144 -\151\164\151\157\156\163\040\157\146\040\165\163\145\054\040\143 -\145\162\164\151\146\151\143\141\164\151\157\156\040\160\162\141 -\143\164\151\143\145\163\054\040\141\156\144\040\164\150\145\040 -\121\165\157\126\141\144\151\163\040\103\145\162\164\151\146\151 -\143\141\164\145\040\120\157\154\151\143\171\056\060\042\006\010 -\053\006\001\005\005\007\002\001\026\026\150\164\164\160\072\057 -\057\167\167\167\056\161\165\157\166\141\144\151\163\056\142\155 -\060\035\006\003\125\035\016\004\026\004\024\213\113\155\355\323 -\051\271\006\031\354\071\071\251\360\227\204\152\313\357\337\060 -\201\256\006\003\125\035\043\004\201\246\060\201\243\200\024\213 -\113\155\355\323\051\271\006\031\354\071\071\251\360\227\204\152 -\313\357\337\241\201\204\244\201\201\060\177\061\013\060\011\006 -\003\125\004\006\023\002\102\115\061\031\060\027\006\003\125\004 -\012\023\020\121\165\157\126\141\144\151\163\040\114\151\155\151 -\164\145\144\061\045\060\043\006\003\125\004\013\023\034\122\157 -\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\061\056\060\054\006\003 -\125\004\003\023\045\121\165\157\126\141\144\151\163\040\122\157 -\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\202\004\072\266\120\213 -\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003 -\202\001\001\000\212\324\024\265\376\364\232\222\247\031\324\244 -\176\162\030\217\331\150\174\122\044\335\147\157\071\172\304\252 -\136\075\342\130\260\115\160\230\204\141\350\033\343\151\030\016 -\316\373\107\120\240\116\377\360\044\037\275\262\316\365\047\374 -\354\057\123\252\163\173\003\075\164\156\346\026\236\353\245\056 -\304\277\126\047\120\053\142\272\276\113\034\074\125\134\101\035 -\044\276\202\040\107\135\325\104\176\172\026\150\337\175\115\121 -\160\170\127\035\063\036\375\002\231\234\014\315\012\005\117\307 -\273\216\244\165\372\112\155\261\200\216\011\126\271\234\032\140 -\376\135\301\327\172\334\021\170\320\326\135\301\267\325\255\062 -\231\003\072\212\314\124\045\071\061\201\173\023\042\121\272\106 -\154\241\273\236\372\004\154\111\046\164\217\322\163\353\314\060 -\242\346\352\131\042\207\370\227\365\016\375\352\314\222\244\026 -\304\122\030\352\041\316\261\361\346\204\201\345\272\251\206\050 -\362\103\132\135\022\235\254\036\331\250\345\012\152\247\177\240 -\207\051\317\362\211\115\324\354\305\342\346\172\320\066\043\212 -\112\164\066\371 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "QuoVadis Root CA" -# Issuer: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM -# Serial Number: 985026699 (0x3ab6508b) -# Subject: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM -# Not Valid Before: Mon Mar 19 18:33:33 2001 -# Not Valid After : Wed Mar 17 18:33:33 2021 -# Fingerprint (MD5): 27:DE:36:FE:72:B7:00:03:00:9D:F4:F0:1E:6C:04:24 -# Fingerprint (SHA1): DE:3F:40:BD:50:93:D3:9B:6C:60:F6:DA:BC:07:62:01:00:89:76:C9 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "QuoVadis Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\336\077\100\275\120\223\323\233\154\140\366\332\274\007\142\001 -\000\211\166\311 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\047\336\066\376\162\267\000\003\000\235\364\360\036\154\004\044 -END -CKA_ISSUER MULTILINE_OCTAL -\060\177\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\045\060\043\006\003 -\125\004\013\023\034\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171\061\056\060\054\006\003\125\004\003\023\045\121\165\157\126 -\141\144\151\163\040\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\072\266\120\213 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "QuoVadis Root CA 2" -# -# Issuer: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM -# Serial Number: 1289 (0x509) -# Subject: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM -# Not Valid Before: Fri Nov 24 18:27:00 2006 -# Not Valid After : Mon Nov 24 18:23:33 2031 -# Fingerprint (MD5): 5E:39:7B:DD:F8:BA:EC:82:E9:AC:62:BA:0C:54:00:2B -# Fingerprint (SHA1): CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "QuoVadis Root CA 2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\033\060\031\006\003 -\125\004\003\023\022\121\165\157\126\141\144\151\163\040\122\157 -\157\164\040\103\101\040\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\033\060\031\006\003 -\125\004\003\023\022\121\165\157\126\141\144\151\163\040\122\157 -\157\164\040\103\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\005\011 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\267\060\202\003\237\240\003\002\001\002\002\002\005 -\011\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 -\060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\033\060\031\006\003 -\125\004\003\023\022\121\165\157\126\141\144\151\163\040\122\157 -\157\164\040\103\101\040\062\060\036\027\015\060\066\061\061\062 -\064\061\070\062\067\060\060\132\027\015\063\061\061\061\062\064 -\061\070\062\063\063\063\132\060\105\061\013\060\011\006\003\125 -\004\006\023\002\102\115\061\031\060\027\006\003\125\004\012\023 -\020\121\165\157\126\141\144\151\163\040\114\151\155\151\164\145 -\144\061\033\060\031\006\003\125\004\003\023\022\121\165\157\126 -\141\144\151\163\040\122\157\157\164\040\103\101\040\062\060\202 -\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005 -\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000\232 -\030\312\113\224\015\000\055\257\003\051\212\360\017\201\310\256 -\114\031\205\035\010\237\253\051\104\205\363\057\201\255\062\036 -\220\106\277\243\206\046\032\036\376\176\034\030\072\134\234\140 -\027\052\072\164\203\063\060\175\141\124\021\313\355\253\340\346 -\322\242\176\365\153\157\030\267\012\013\055\375\351\076\357\012 -\306\263\020\351\334\302\106\027\370\135\375\244\332\377\236\111 -\132\234\346\063\346\044\226\367\077\272\133\053\034\172\065\302 -\326\147\376\253\146\120\213\155\050\140\053\357\327\140\303\307 -\223\274\215\066\221\363\177\370\333\021\023\304\234\167\166\301 -\256\267\002\152\201\172\251\105\203\342\005\346\271\126\301\224 -\067\217\110\161\143\042\354\027\145\007\225\212\113\337\217\306 -\132\012\345\260\343\137\136\153\021\253\014\371\205\353\104\351 -\370\004\163\362\351\376\134\230\214\365\163\257\153\264\176\315 -\324\134\002\053\114\071\341\262\225\225\055\102\207\327\325\263 -\220\103\267\154\023\361\336\335\366\304\370\211\077\321\165\365 -\222\303\221\325\212\210\320\220\354\334\155\336\211\302\145\161 -\226\213\015\003\375\234\277\133\026\254\222\333\352\376\171\174 -\255\353\257\367\026\313\333\315\045\053\345\037\373\232\237\342 -\121\314\072\123\014\110\346\016\275\311\264\166\006\122\346\021 -\023\205\162\143\003\004\340\004\066\053\040\031\002\350\164\247 -\037\266\311\126\146\360\165\045\334\147\301\016\141\140\210\263 -\076\321\250\374\243\332\035\260\321\261\043\124\337\104\166\155 -\355\101\330\301\262\042\266\123\034\337\065\035\334\241\167\052 -\061\344\055\365\345\345\333\310\340\377\345\200\327\013\143\240 -\377\063\241\017\272\054\025\025\352\227\263\322\242\265\276\362 -\214\226\036\032\217\035\154\244\141\067\271\206\163\063\327\227 -\226\236\043\175\202\244\114\201\342\241\321\272\147\137\225\007 -\243\047\021\356\026\020\173\274\105\112\114\262\004\322\253\357 -\325\375\014\121\316\120\152\010\061\371\221\332\014\217\144\134 -\003\303\072\213\040\077\156\215\147\075\072\326\376\175\133\210 -\311\136\373\314\141\334\213\063\167\323\104\062\065\011\142\004 -\222\026\020\330\236\047\107\373\073\041\343\370\353\035\133\002 -\003\001\000\001\243\201\260\060\201\255\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\013\006\003\125 -\035\017\004\004\003\002\001\006\060\035\006\003\125\035\016\004 -\026\004\024\032\204\142\274\110\114\063\045\004\324\356\320\366 -\003\304\031\106\321\224\153\060\156\006\003\125\035\043\004\147 -\060\145\200\024\032\204\142\274\110\114\063\045\004\324\356\320 -\366\003\304\031\106\321\224\153\241\111\244\107\060\105\061\013 -\060\011\006\003\125\004\006\023\002\102\115\061\031\060\027\006 -\003\125\004\012\023\020\121\165\157\126\141\144\151\163\040\114 -\151\155\151\164\145\144\061\033\060\031\006\003\125\004\003\023 -\022\121\165\157\126\141\144\151\163\040\122\157\157\164\040\103 -\101\040\062\202\002\005\011\060\015\006\011\052\206\110\206\367 -\015\001\001\005\005\000\003\202\002\001\000\076\012\026\115\237 -\006\133\250\256\161\135\057\005\057\147\346\023\105\203\304\066 -\366\363\300\046\014\015\265\107\144\135\370\264\162\311\106\245 -\003\030\047\125\211\170\175\166\352\226\064\200\027\040\334\347 -\203\370\215\374\007\270\332\137\115\056\147\262\204\375\331\104 -\374\167\120\201\346\174\264\311\015\013\162\123\370\166\007\007 -\101\107\226\014\373\340\202\046\223\125\214\376\042\037\140\145 -\174\137\347\046\263\367\062\220\230\120\324\067\161\125\366\222 -\041\170\367\225\171\372\370\055\046\207\146\126\060\167\246\067 -\170\063\122\020\130\256\077\141\216\362\152\261\357\030\176\112 -\131\143\312\215\242\126\325\247\057\274\126\037\317\071\301\342 -\373\012\250\025\054\175\115\172\143\306\154\227\104\074\322\157 -\303\112\027\012\370\220\322\127\242\031\121\245\055\227\101\332 -\007\117\251\120\332\220\215\224\106\341\076\360\224\375\020\000 -\070\365\073\350\100\341\264\156\126\032\040\314\157\130\215\355 -\056\105\217\326\351\223\077\347\261\054\337\072\326\042\214\334 -\204\273\042\157\320\370\344\306\071\351\004\210\074\303\272\353 -\125\172\155\200\231\044\365\154\001\373\370\227\260\224\133\353 -\375\322\157\361\167\150\015\065\144\043\254\270\125\241\003\321 -\115\102\031\334\370\165\131\126\243\371\250\111\171\370\257\016 -\271\021\240\174\267\152\355\064\320\266\046\142\070\032\207\014 -\370\350\375\056\323\220\177\007\221\052\035\326\176\134\205\203 -\231\260\070\010\077\351\136\371\065\007\344\311\142\156\127\177 -\247\120\225\367\272\310\233\346\216\242\001\305\326\146\277\171 -\141\363\074\034\341\271\202\134\135\240\303\351\330\110\275\031 -\242\021\024\031\156\262\206\033\150\076\110\067\032\210\267\135 -\226\136\234\307\357\047\142\010\342\221\031\134\322\361\041\335 -\272\027\102\202\227\161\201\123\061\251\237\366\175\142\277\162 -\341\243\223\035\314\212\046\132\011\070\320\316\327\015\200\026 -\264\170\245\072\207\114\215\212\245\325\106\227\362\054\020\271 -\274\124\042\300\001\120\151\103\236\364\262\357\155\370\354\332 -\361\343\261\357\337\221\217\124\052\013\045\301\046\031\304\122 -\020\005\145\325\202\020\352\302\061\315\056 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "QuoVadis Root CA 2" -# Issuer: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM -# Serial Number: 1289 (0x509) -# Subject: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM -# Not Valid Before: Fri Nov 24 18:27:00 2006 -# Not Valid After : Mon Nov 24 18:23:33 2031 -# Fingerprint (MD5): 5E:39:7B:DD:F8:BA:EC:82:E9:AC:62:BA:0C:54:00:2B -# Fingerprint (SHA1): CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "QuoVadis Root CA 2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\312\072\373\317\022\100\066\113\104\262\026\040\210\200\110\071 -\031\223\174\367 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\136\071\173\335\370\272\354\202\351\254\142\272\014\124\000\053 -END -CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\033\060\031\006\003 -\125\004\003\023\022\121\165\157\126\141\144\151\163\040\122\157 -\157\164\040\103\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\005\011 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "QuoVadis Root CA 3" -# -# Issuer: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM -# Serial Number: 1478 (0x5c6) -# Subject: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM -# Not Valid Before: Fri Nov 24 19:11:23 2006 -# Not Valid After : Mon Nov 24 19:06:44 2031 -# Fingerprint (MD5): 31:85:3C:62:94:97:63:B9:AA:FD:89:4E:AF:6F:E0:CF -# Fingerprint (SHA1): 1F:49:14:F7:D8:74:95:1D:DD:AE:02:C0:BE:FD:3A:2D:82:75:51:85 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "QuoVadis Root CA 3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\033\060\031\006\003 -\125\004\003\023\022\121\165\157\126\141\144\151\163\040\122\157 -\157\164\040\103\101\040\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\033\060\031\006\003 -\125\004\003\023\022\121\165\157\126\141\144\151\163\040\122\157 -\157\164\040\103\101\040\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\005\306 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\006\235\060\202\004\205\240\003\002\001\002\002\002\005 -\306\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 -\060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\033\060\031\006\003 -\125\004\003\023\022\121\165\157\126\141\144\151\163\040\122\157 -\157\164\040\103\101\040\063\060\036\027\015\060\066\061\061\062 -\064\061\071\061\061\062\063\132\027\015\063\061\061\061\062\064 -\061\071\060\066\064\064\132\060\105\061\013\060\011\006\003\125 -\004\006\023\002\102\115\061\031\060\027\006\003\125\004\012\023 -\020\121\165\157\126\141\144\151\163\040\114\151\155\151\164\145 -\144\061\033\060\031\006\003\125\004\003\023\022\121\165\157\126 -\141\144\151\163\040\122\157\157\164\040\103\101\040\063\060\202 -\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005 -\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000\314 -\127\102\026\124\234\346\230\323\323\115\356\376\355\307\237\103 -\071\112\145\263\350\026\210\064\333\015\131\221\164\317\222\270 -\004\100\255\002\113\061\253\274\215\221\150\330\040\016\032\001 -\342\032\173\116\027\135\342\212\267\077\231\032\315\353\141\253 -\302\145\246\037\267\267\275\267\217\374\375\160\217\013\240\147 -\276\001\242\131\317\161\346\017\051\166\377\261\126\171\105\053 -\037\236\172\124\350\243\051\065\150\244\001\117\017\244\056\067 -\357\033\277\343\217\020\250\162\253\130\127\347\124\206\310\311 -\363\133\332\054\332\135\216\156\074\243\076\332\373\202\345\335 -\362\134\262\005\063\157\212\066\316\320\023\116\377\277\112\014 -\064\114\246\303\041\275\120\004\125\353\261\273\235\373\105\036 -\144\025\336\125\001\214\002\166\265\313\241\077\102\151\274\057 -\275\150\103\026\126\211\052\067\141\221\375\246\256\116\300\313 -\024\145\224\067\113\222\006\357\004\320\310\234\210\333\013\173 -\201\257\261\075\052\304\145\072\170\266\356\334\200\261\322\323 -\231\234\072\356\153\132\153\263\215\267\325\316\234\302\276\245 -\113\057\026\261\236\150\073\006\157\256\175\237\370\336\354\314 -\051\247\230\243\045\103\057\357\361\137\046\341\210\115\370\136 -\156\327\331\024\156\031\063\151\247\073\204\211\223\304\123\125 -\023\241\121\170\100\370\270\311\242\356\173\272\122\102\203\236 -\024\355\005\122\132\131\126\247\227\374\235\077\012\051\330\334 -\117\221\016\023\274\336\225\244\337\213\231\276\254\233\063\210 -\357\265\201\257\033\306\042\123\310\366\307\356\227\024\260\305 -\174\170\122\310\360\316\156\167\140\204\246\351\052\166\040\355 -\130\001\027\060\223\351\032\213\340\163\143\331\152\222\224\111 -\116\264\255\112\205\304\243\042\060\374\011\355\150\042\163\246 -\210\014\125\041\130\305\341\072\237\052\335\312\341\220\340\331 -\163\253\154\200\270\350\013\144\223\240\234\214\031\377\263\322 -\014\354\221\046\207\212\263\242\341\160\217\054\012\345\315\155 -\150\121\353\332\077\005\177\213\062\346\023\134\153\376\137\100 -\342\042\310\264\264\144\117\326\272\175\110\076\250\151\014\327 -\273\206\161\311\163\270\077\073\235\045\113\332\377\100\353\002 -\003\001\000\001\243\202\001\225\060\202\001\221\060\017\006\003 -\125\035\023\001\001\377\004\005\060\003\001\001\377\060\201\341 -\006\003\125\035\040\004\201\331\060\201\326\060\201\323\006\011 -\053\006\001\004\001\276\130\000\003\060\201\305\060\201\223\006 -\010\053\006\001\005\005\007\002\002\060\201\206\032\201\203\101 -\156\171\040\165\163\145\040\157\146\040\164\150\151\163\040\103 -\145\162\164\151\146\151\143\141\164\145\040\143\157\156\163\164 -\151\164\165\164\145\163\040\141\143\143\145\160\164\141\156\143 -\145\040\157\146\040\164\150\145\040\121\165\157\126\141\144\151 -\163\040\122\157\157\164\040\103\101\040\063\040\103\145\162\164 -\151\146\151\143\141\164\145\040\120\157\154\151\143\171\040\057 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\120 -\162\141\143\164\151\143\145\040\123\164\141\164\145\155\145\156 -\164\056\060\055\006\010\053\006\001\005\005\007\002\001\026\041 -\150\164\164\160\072\057\057\167\167\167\056\161\165\157\166\141 -\144\151\163\147\154\157\142\141\154\056\143\157\155\057\143\160 -\163\060\013\006\003\125\035\017\004\004\003\002\001\006\060\035 -\006\003\125\035\016\004\026\004\024\362\300\023\340\202\103\076 -\373\356\057\147\062\226\065\134\333\270\313\002\320\060\156\006 -\003\125\035\043\004\147\060\145\200\024\362\300\023\340\202\103 -\076\373\356\057\147\062\226\065\134\333\270\313\002\320\241\111 -\244\107\060\105\061\013\060\011\006\003\125\004\006\023\002\102 -\115\061\031\060\027\006\003\125\004\012\023\020\121\165\157\126 -\141\144\151\163\040\114\151\155\151\164\145\144\061\033\060\031 -\006\003\125\004\003\023\022\121\165\157\126\141\144\151\163\040 -\122\157\157\164\040\103\101\040\063\202\002\005\306\060\015\006 -\011\052\206\110\206\367\015\001\001\005\005\000\003\202\002\001 -\000\117\255\240\054\114\372\300\362\157\367\146\125\253\043\064 -\356\347\051\332\303\133\266\260\203\331\320\320\342\041\373\363 -\140\247\073\135\140\123\047\242\233\366\010\042\052\347\277\240 -\162\345\234\044\152\061\261\220\172\047\333\204\021\211\047\246 -\167\132\070\327\277\254\206\374\356\135\203\274\006\306\321\167 -\153\017\155\044\057\113\172\154\247\007\226\312\343\204\237\255 -\210\213\035\253\026\215\133\146\027\331\026\364\213\200\322\335 -\370\262\166\303\374\070\023\252\014\336\102\151\053\156\363\074 -\353\200\047\333\365\246\104\015\237\132\125\131\013\325\015\122 -\110\305\256\237\362\057\200\305\352\062\120\065\022\227\056\301 -\341\377\361\043\210\121\070\237\362\146\126\166\347\017\121\227 -\245\122\014\115\111\121\225\066\075\277\242\113\014\020\035\206 -\231\114\252\363\162\021\223\344\352\366\233\332\250\135\247\115 -\267\236\002\256\163\000\310\332\043\003\350\371\352\031\164\142 -\000\224\313\042\040\276\224\247\131\265\202\152\276\231\171\172 -\251\362\112\044\122\367\164\375\272\116\346\250\035\002\156\261 -\015\200\104\301\256\323\043\067\137\273\205\174\053\222\056\350 -\176\245\213\335\231\341\277\047\157\055\135\252\173\207\376\012 -\335\113\374\216\365\046\344\156\160\102\156\063\354\061\236\173 -\223\301\344\311\151\032\075\300\153\116\042\155\356\253\130\115 -\306\320\101\301\053\352\117\022\207\136\353\105\330\154\365\230 -\002\323\240\330\125\212\006\231\031\242\240\167\321\060\236\254 -\314\165\356\203\365\260\142\071\317\154\127\342\114\322\221\013 -\016\165\050\033\232\277\375\032\103\361\312\167\373\073\217\141 -\270\151\050\026\102\004\136\160\052\034\041\330\217\341\275\043 -\133\055\164\100\222\331\143\031\015\163\335\151\274\142\107\274 -\340\164\053\262\353\175\276\101\033\265\300\106\305\241\042\313 -\137\116\301\050\222\336\030\272\325\052\050\273\021\213\027\223 -\230\231\140\224\134\043\317\132\047\227\136\013\005\006\223\067 -\036\073\151\066\353\251\236\141\035\217\062\332\216\014\326\164 -\076\173\011\044\332\001\167\107\304\073\315\064\214\231\365\312 -\341\045\141\063\262\131\033\342\156\327\067\127\266\015\251\022 -\332 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "QuoVadis Root CA 3" -# Issuer: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM -# Serial Number: 1478 (0x5c6) -# Subject: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM -# Not Valid Before: Fri Nov 24 19:11:23 2006 -# Not Valid After : Mon Nov 24 19:06:44 2031 -# Fingerprint (MD5): 31:85:3C:62:94:97:63:B9:AA:FD:89:4E:AF:6F:E0:CF -# Fingerprint (SHA1): 1F:49:14:F7:D8:74:95:1D:DD:AE:02:C0:BE:FD:3A:2D:82:75:51:85 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "QuoVadis Root CA 3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\037\111\024\367\330\164\225\035\335\256\002\300\276\375\072\055 -\202\165\121\205 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\061\205\074\142\224\227\143\271\252\375\211\116\257\157\340\317 -END -CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\033\060\031\006\003 -\125\004\003\023\022\121\165\157\126\141\144\151\163\040\122\157 -\157\164\040\103\101\040\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\005\306 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Security Communication Root CA" -# -# Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP -# Serial Number: 0 (0x0) -# Subject: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP -# Not Valid Before: Tue Sep 30 04:20:49 2003 -# Not Valid After : Sat Sep 30 04:20:49 2023 -# Fingerprint (MD5): F1:BC:63:6A:54:E0:B5:27:F5:CD:E7:1A:E3:4D:6E:4A -# Fingerprint (SHA1): 36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Security Communication Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040 -\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125 -\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155 -\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103 -\101\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040 -\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125 -\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155 -\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103 -\101\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\132\060\202\002\102\240\003\002\001\002\002\001\000 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061\030 -\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040\124 -\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125\004 -\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155\155 -\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103\101 -\061\060\036\027\015\060\063\060\071\063\060\060\064\062\060\064 -\071\132\027\015\062\063\060\071\063\060\060\064\062\060\064\071 -\132\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120 -\061\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115 -\040\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003 -\125\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157 -\155\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164 -\103\101\061\060\202\001\042\060\015\006\011\052\206\110\206\367 -\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002 -\202\001\001\000\263\263\376\177\323\155\261\357\026\174\127\245 -\014\155\166\212\057\113\277\144\373\114\356\212\360\363\051\174 -\365\377\356\052\340\351\351\272\133\144\042\232\232\157\054\072 -\046\151\121\005\231\046\334\325\034\152\161\306\232\175\036\235 -\335\174\154\306\214\147\147\112\076\370\161\260\031\047\251\011 -\014\246\225\277\113\214\014\372\125\230\073\330\350\042\241\113 -\161\070\171\254\227\222\151\263\211\176\352\041\150\006\230\024 -\226\207\322\141\066\274\155\047\126\236\127\356\300\300\126\375 -\062\317\244\331\216\302\043\327\215\250\363\330\045\254\227\344 -\160\070\364\266\072\264\235\073\227\046\103\243\241\274\111\131 -\162\114\043\060\207\001\130\366\116\276\034\150\126\146\257\315 -\101\135\310\263\115\052\125\106\253\037\332\036\342\100\075\333 -\315\175\271\222\200\234\067\335\014\226\144\235\334\042\367\144 -\213\337\141\336\025\224\122\025\240\175\122\311\113\250\041\311 -\306\261\355\313\303\225\140\321\017\360\253\160\370\337\313\115 -\176\354\326\372\253\331\275\177\124\362\245\351\171\372\331\326 -\166\044\050\163\002\003\001\000\001\243\077\060\075\060\035\006 -\003\125\035\016\004\026\004\024\240\163\111\231\150\334\205\133 -\145\343\233\050\057\127\237\275\063\274\007\110\060\013\006\003 -\125\035\017\004\004\003\002\001\006\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\003\202\001\001\000\150\100 -\251\250\273\344\117\135\171\263\005\265\027\263\140\023\353\306 -\222\135\340\321\323\152\376\373\276\233\155\277\307\005\155\131 -\040\304\034\360\267\332\204\130\002\143\372\110\026\357\117\245 -\013\367\112\230\362\077\236\033\255\107\153\143\316\010\107\353 -\122\077\170\234\257\115\256\370\325\117\317\232\230\052\020\101 -\071\122\304\335\331\233\016\357\223\001\256\262\056\312\150\102 -\044\102\154\260\263\072\076\315\351\332\110\304\025\313\351\371 -\007\017\222\120\111\212\335\061\227\137\311\351\067\252\073\131 -\145\227\224\062\311\263\237\076\072\142\130\305\111\255\142\016 -\161\245\062\252\057\306\211\166\103\100\023\023\147\075\242\124 -\045\020\313\361\072\362\331\372\333\111\126\273\246\376\247\101 -\065\303\340\210\141\311\210\307\337\066\020\042\230\131\352\260 -\112\373\126\026\163\156\254\115\367\042\241\117\255\035\172\055 -\105\047\345\060\301\136\362\332\023\313\045\102\121\225\107\003 -\214\154\041\314\164\102\355\123\377\063\213\217\017\127\001\026 -\057\317\246\356\311\160\042\024\275\375\276\154\013\003 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Security Communication Root CA" -# Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP -# Serial Number: 0 (0x0) -# Subject: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP -# Not Valid Before: Tue Sep 30 04:20:49 2003 -# Not Valid After : Sat Sep 30 04:20:49 2023 -# Fingerprint (MD5): F1:BC:63:6A:54:E0:B5:27:F5:CD:E7:1A:E3:4D:6E:4A -# Fingerprint (SHA1): 36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Security Communication Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\066\261\053\111\371\201\236\327\114\236\274\070\017\306\126\217 -\135\254\262\367 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\361\274\143\152\124\340\265\047\365\315\347\032\343\115\156\112 -END -CKA_ISSUER MULTILINE_OCTAL -\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040 -\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125 -\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155 -\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103 -\101\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Sonera Class 2 Root CA" -# -# Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI -# Serial Number: 29 (0x1d) -# Subject: CN=Sonera Class2 CA,O=Sonera,C=FI -# Not Valid Before: Fri Apr 06 07:29:40 2001 -# Not Valid After : Tue Apr 06 07:29:40 2021 -# Fingerprint (MD5): A3:EC:75:0F:2E:88:DF:FA:48:01:4E:0B:5C:48:6F:FB -# Fingerprint (SHA1): 37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Sonera Class 2 Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061 -\017\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141 -\061\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162 -\141\040\103\154\141\163\163\062\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061 -\017\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141 -\061\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162 -\141\040\103\154\141\163\163\062\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\035 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\040\060\202\002\010\240\003\002\001\002\002\001\035 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061\017 -\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141\061 -\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162\141 -\040\103\154\141\163\163\062\040\103\101\060\036\027\015\060\061 -\060\064\060\066\060\067\062\071\064\060\132\027\015\062\061\060 -\064\060\066\060\067\062\071\064\060\132\060\071\061\013\060\011 -\006\003\125\004\006\023\002\106\111\061\017\060\015\006\003\125 -\004\012\023\006\123\157\156\145\162\141\061\031\060\027\006\003 -\125\004\003\023\020\123\157\156\145\162\141\040\103\154\141\163 -\163\062\040\103\101\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\220\027\112\065\235\312\360\015\226\307 -\104\372\026\067\374\110\275\275\177\200\055\065\073\341\157\250 -\147\251\277\003\034\115\214\157\062\107\325\101\150\244\023\004 -\301\065\014\232\204\103\374\134\035\377\211\263\350\027\030\315 -\221\137\373\211\343\352\277\116\135\174\033\046\323\165\171\355 -\346\204\343\127\345\255\051\304\364\072\050\347\245\173\204\066 -\151\263\375\136\166\275\243\055\231\323\220\116\043\050\175\030 -\143\361\124\073\046\235\166\133\227\102\262\377\256\360\116\354 -\335\071\225\116\203\006\177\347\111\100\310\305\001\262\124\132 -\146\035\075\374\371\351\074\012\236\201\270\160\360\001\213\344 -\043\124\174\310\256\370\220\036\000\226\162\324\124\317\141\043 -\274\352\373\235\002\225\321\266\271\161\072\151\010\077\017\264 -\341\102\307\210\365\077\230\250\247\272\034\340\161\161\357\130 -\127\201\120\172\134\153\164\106\016\203\003\230\303\216\250\156 -\362\166\062\156\047\203\302\163\363\334\030\350\264\223\352\165 -\104\153\004\140\040\161\127\207\235\363\276\240\220\043\075\212 -\044\341\332\041\333\303\002\003\001\000\001\243\063\060\061\060 -\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 -\060\021\006\003\125\035\016\004\012\004\010\112\240\252\130\204 -\323\136\074\060\013\006\003\125\035\017\004\004\003\002\001\006 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003 -\202\001\001\000\132\316\207\371\026\162\025\127\113\035\331\233 -\347\242\046\060\354\223\147\337\326\055\322\064\257\367\070\245 -\316\253\026\271\253\057\174\065\313\254\320\017\264\114\053\374 -\200\357\153\214\221\137\066\166\367\333\263\033\031\352\364\262 -\021\375\141\161\104\277\050\263\072\035\277\263\103\350\237\277 -\334\061\010\161\260\235\215\326\064\107\062\220\306\145\044\367 -\240\112\174\004\163\217\071\157\027\214\162\265\275\113\310\172 -\370\173\203\303\050\116\234\011\352\147\077\262\147\004\033\303 -\024\332\370\347\111\044\221\320\035\152\372\141\071\357\153\347 -\041\165\006\007\330\022\264\041\040\160\102\161\201\332\074\232 -\066\276\246\133\015\152\154\232\037\221\173\371\371\357\102\272 -\116\116\236\314\014\215\224\334\331\105\234\136\354\102\120\143 -\256\364\135\304\261\022\334\312\073\250\056\235\024\132\005\165 -\267\354\327\143\342\272\065\266\004\010\221\350\332\235\234\366 -\146\265\030\254\012\246\124\046\064\063\322\033\301\324\177\032 -\072\216\013\252\062\156\333\374\117\045\237\331\062\307\226\132 -\160\254\337\114 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Sonera Class 2 Root CA" -# Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI -# Serial Number: 29 (0x1d) -# Subject: CN=Sonera Class2 CA,O=Sonera,C=FI -# Not Valid Before: Fri Apr 06 07:29:40 2001 -# Not Valid After : Tue Apr 06 07:29:40 2021 -# Fingerprint (MD5): A3:EC:75:0F:2E:88:DF:FA:48:01:4E:0B:5C:48:6F:FB -# Fingerprint (SHA1): 37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Sonera Class 2 Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\067\367\155\346\007\174\220\305\261\076\223\032\267\101\020\264 -\362\344\232\047 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\243\354\165\017\056\210\337\372\110\001\116\013\134\110\157\373 -END -CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061 -\017\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141 -\061\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162 -\141\040\103\154\141\163\163\062\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\035 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Camerfirma Chambers of Commerce Root" -# -# Issuer: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU -# Serial Number: 0 (0x0) -# Subject: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU -# Not Valid Before: Tue Sep 30 16:13:43 2003 -# Not Valid After : Wed Sep 30 16:13:44 2037 -# Fingerprint (MD5): B0:01:EE:14:D9:AF:29:18:94:76:8E:F1:69:33:2A:84 -# Fingerprint (SHA1): 6E:3A:55:A4:19:0C:19:5C:93:84:3C:C0:DB:72:2E:31:30:61:F0:B1 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Camerfirma Chambers of Commerce Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\177\061\013\060\011\006\003\125\004\006\023\002\105\125\061 -\047\060\045\006\003\125\004\012\023\036\101\103\040\103\141\155 -\145\162\146\151\162\155\141\040\123\101\040\103\111\106\040\101 -\070\062\067\064\063\062\070\067\061\043\060\041\006\003\125\004 -\013\023\032\150\164\164\160\072\057\057\167\167\167\056\143\150 -\141\155\142\145\162\163\151\147\156\056\157\162\147\061\042\060 -\040\006\003\125\004\003\023\031\103\150\141\155\142\145\162\163 -\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157\157 -\164 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\177\061\013\060\011\006\003\125\004\006\023\002\105\125\061 -\047\060\045\006\003\125\004\012\023\036\101\103\040\103\141\155 -\145\162\146\151\162\155\141\040\123\101\040\103\111\106\040\101 -\070\062\067\064\063\062\070\067\061\043\060\041\006\003\125\004 -\013\023\032\150\164\164\160\072\057\057\167\167\167\056\143\150 -\141\155\142\145\162\163\151\147\156\056\157\162\147\061\042\060 -\040\006\003\125\004\003\023\031\103\150\141\155\142\145\162\163 -\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157\157 -\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\275\060\202\003\245\240\003\002\001\002\002\001\000 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\177\061\013\060\011\006\003\125\004\006\023\002\105\125\061\047 -\060\045\006\003\125\004\012\023\036\101\103\040\103\141\155\145 -\162\146\151\162\155\141\040\123\101\040\103\111\106\040\101\070 -\062\067\064\063\062\070\067\061\043\060\041\006\003\125\004\013 -\023\032\150\164\164\160\072\057\057\167\167\167\056\143\150\141 -\155\142\145\162\163\151\147\156\056\157\162\147\061\042\060\040 -\006\003\125\004\003\023\031\103\150\141\155\142\145\162\163\040 -\157\146\040\103\157\155\155\145\162\143\145\040\122\157\157\164 -\060\036\027\015\060\063\060\071\063\060\061\066\061\063\064\063 -\132\027\015\063\067\060\071\063\060\061\066\061\063\064\064\132 -\060\177\061\013\060\011\006\003\125\004\006\023\002\105\125\061 -\047\060\045\006\003\125\004\012\023\036\101\103\040\103\141\155 -\145\162\146\151\162\155\141\040\123\101\040\103\111\106\040\101 -\070\062\067\064\063\062\070\067\061\043\060\041\006\003\125\004 -\013\023\032\150\164\164\160\072\057\057\167\167\167\056\143\150 -\141\155\142\145\162\163\151\147\156\056\157\162\147\061\042\060 -\040\006\003\125\004\003\023\031\103\150\141\155\142\145\162\163 -\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157\157 -\164\060\202\001\040\060\015\006\011\052\206\110\206\367\015\001 -\001\001\005\000\003\202\001\015\000\060\202\001\010\002\202\001 -\001\000\267\066\125\345\245\135\030\060\340\332\211\124\221\374 -\310\307\122\370\057\120\331\357\261\165\163\145\107\175\033\133 -\272\165\305\374\241\210\044\372\057\355\312\010\112\071\124\304 -\121\172\265\332\140\352\070\074\201\262\313\361\273\331\221\043 -\077\110\001\160\165\251\005\052\255\037\161\363\311\124\075\035 -\006\152\100\076\263\014\205\356\134\033\171\302\142\304\270\066 -\216\065\135\001\014\043\004\107\065\252\233\140\116\240\146\075 -\313\046\012\234\100\241\364\135\230\277\161\253\245\000\150\052 -\355\203\172\017\242\024\265\324\042\263\200\260\074\014\132\121 -\151\055\130\030\217\355\231\236\361\256\342\225\346\366\107\250 -\326\014\017\260\130\130\333\303\146\067\236\233\221\124\063\067 -\322\224\034\152\110\311\311\362\245\332\245\014\043\367\043\016 -\234\062\125\136\161\234\204\005\121\232\055\375\346\116\052\064 -\132\336\312\100\067\147\014\124\041\125\167\332\012\014\314\227 -\256\200\334\224\066\112\364\076\316\066\023\036\123\344\254\116 -\072\005\354\333\256\162\234\070\213\320\071\073\211\012\076\167 -\376\165\002\001\003\243\202\001\104\060\202\001\100\060\022\006 -\003\125\035\023\001\001\377\004\010\060\006\001\001\377\002\001 -\014\060\074\006\003\125\035\037\004\065\060\063\060\061\240\057 -\240\055\206\053\150\164\164\160\072\057\057\143\162\154\056\143 -\150\141\155\142\145\162\163\151\147\156\056\157\162\147\057\143 -\150\141\155\142\145\162\163\162\157\157\164\056\143\162\154\060 -\035\006\003\125\035\016\004\026\004\024\343\224\365\261\115\351 -\333\241\051\133\127\213\115\166\006\166\341\321\242\212\060\016 -\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\021 -\006\011\140\206\110\001\206\370\102\001\001\004\004\003\002\000 -\007\060\047\006\003\125\035\021\004\040\060\036\201\034\143\150 -\141\155\142\145\162\163\162\157\157\164\100\143\150\141\155\142 -\145\162\163\151\147\156\056\157\162\147\060\047\006\003\125\035 -\022\004\040\060\036\201\034\143\150\141\155\142\145\162\163\162 -\157\157\164\100\143\150\141\155\142\145\162\163\151\147\156\056 -\157\162\147\060\130\006\003\125\035\040\004\121\060\117\060\115 -\006\013\053\006\001\004\001\201\207\056\012\003\001\060\076\060 -\074\006\010\053\006\001\005\005\007\002\001\026\060\150\164\164 -\160\072\057\057\143\160\163\056\143\150\141\155\142\145\162\163 -\151\147\156\056\157\162\147\057\143\160\163\057\143\150\141\155 -\142\145\162\163\162\157\157\164\056\150\164\155\154\060\015\006 -\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001 -\000\014\101\227\302\032\206\300\042\174\237\373\220\363\032\321 -\003\261\357\023\371\041\137\004\234\332\311\245\215\047\154\226 -\207\221\276\101\220\001\162\223\347\036\175\137\366\211\306\135 -\247\100\011\075\254\111\105\105\334\056\215\060\150\262\011\272 -\373\303\057\314\272\013\337\077\167\173\106\175\072\022\044\216 -\226\217\074\005\012\157\322\224\050\035\155\014\300\056\210\042 -\325\330\317\035\023\307\360\110\327\327\005\247\317\307\107\236 -\073\074\064\310\200\117\324\024\273\374\015\120\367\372\263\354 -\102\137\251\335\155\310\364\165\317\173\301\162\046\261\001\034 -\134\054\375\172\116\264\001\305\005\127\271\347\074\252\005\331 -\210\351\007\106\101\316\357\101\201\256\130\337\203\242\256\312 -\327\167\037\347\000\074\235\157\216\344\062\011\035\115\170\064 -\170\064\074\224\233\046\355\117\161\306\031\172\275\040\042\110 -\132\376\113\175\003\267\347\130\276\306\062\116\164\036\150\335 -\250\150\133\263\076\356\142\175\331\200\350\012\165\172\267\356 -\264\145\232\041\220\340\252\320\230\274\070\265\163\074\213\370 -\334 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Camerfirma Chambers of Commerce Root" -# Issuer: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU -# Serial Number: 0 (0x0) -# Subject: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU -# Not Valid Before: Tue Sep 30 16:13:43 2003 -# Not Valid After : Wed Sep 30 16:13:44 2037 -# Fingerprint (MD5): B0:01:EE:14:D9:AF:29:18:94:76:8E:F1:69:33:2A:84 -# Fingerprint (SHA1): 6E:3A:55:A4:19:0C:19:5C:93:84:3C:C0:DB:72:2E:31:30:61:F0:B1 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Camerfirma Chambers of Commerce Root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\156\072\125\244\031\014\031\134\223\204\074\300\333\162\056\061 -\060\141\360\261 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\260\001\356\024\331\257\051\030\224\166\216\361\151\063\052\204 -END -CKA_ISSUER MULTILINE_OCTAL -\060\177\061\013\060\011\006\003\125\004\006\023\002\105\125\061 -\047\060\045\006\003\125\004\012\023\036\101\103\040\103\141\155 -\145\162\146\151\162\155\141\040\123\101\040\103\111\106\040\101 -\070\062\067\064\063\062\070\067\061\043\060\041\006\003\125\004 -\013\023\032\150\164\164\160\072\057\057\167\167\167\056\143\150 -\141\155\142\145\162\163\151\147\156\056\157\162\147\061\042\060 -\040\006\003\125\004\003\023\031\103\150\141\155\142\145\162\163 -\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157\157 -\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Camerfirma Global Chambersign Root" -# -# Issuer: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU -# Serial Number: 0 (0x0) -# Subject: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU -# Not Valid Before: Tue Sep 30 16:14:18 2003 -# Not Valid After : Wed Sep 30 16:14:18 2037 -# Fingerprint (MD5): C5:E6:7B:BF:06:D0:4F:43:ED:C4:7A:65:8A:FB:6B:19 -# Fingerprint (SHA1): 33:9B:6B:14:50:24:9B:55:7A:01:87:72:84:D9:E0:2F:C3:D2:D8:E9 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Camerfirma Global Chambersign Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\175\061\013\060\011\006\003\125\004\006\023\002\105\125\061 -\047\060\045\006\003\125\004\012\023\036\101\103\040\103\141\155 -\145\162\146\151\162\155\141\040\123\101\040\103\111\106\040\101 -\070\062\067\064\063\062\070\067\061\043\060\041\006\003\125\004 -\013\023\032\150\164\164\160\072\057\057\167\167\167\056\143\150 -\141\155\142\145\162\163\151\147\156\056\157\162\147\061\040\060 -\036\006\003\125\004\003\023\027\107\154\157\142\141\154\040\103 -\150\141\155\142\145\162\163\151\147\156\040\122\157\157\164 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\175\061\013\060\011\006\003\125\004\006\023\002\105\125\061 -\047\060\045\006\003\125\004\012\023\036\101\103\040\103\141\155 -\145\162\146\151\162\155\141\040\123\101\040\103\111\106\040\101 -\070\062\067\064\063\062\070\067\061\043\060\041\006\003\125\004 -\013\023\032\150\164\164\160\072\057\057\167\167\167\056\143\150 -\141\155\142\145\162\163\151\147\156\056\157\162\147\061\040\060 -\036\006\003\125\004\003\023\027\107\154\157\142\141\154\040\103 -\150\141\155\142\145\162\163\151\147\156\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\305\060\202\003\255\240\003\002\001\002\002\001\000 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\175\061\013\060\011\006\003\125\004\006\023\002\105\125\061\047 -\060\045\006\003\125\004\012\023\036\101\103\040\103\141\155\145 -\162\146\151\162\155\141\040\123\101\040\103\111\106\040\101\070 -\062\067\064\063\062\070\067\061\043\060\041\006\003\125\004\013 -\023\032\150\164\164\160\072\057\057\167\167\167\056\143\150\141 -\155\142\145\162\163\151\147\156\056\157\162\147\061\040\060\036 -\006\003\125\004\003\023\027\107\154\157\142\141\154\040\103\150 -\141\155\142\145\162\163\151\147\156\040\122\157\157\164\060\036 -\027\015\060\063\060\071\063\060\061\066\061\064\061\070\132\027 -\015\063\067\060\071\063\060\061\066\061\064\061\070\132\060\175 -\061\013\060\011\006\003\125\004\006\023\002\105\125\061\047\060 -\045\006\003\125\004\012\023\036\101\103\040\103\141\155\145\162 -\146\151\162\155\141\040\123\101\040\103\111\106\040\101\070\062 -\067\064\063\062\070\067\061\043\060\041\006\003\125\004\013\023 -\032\150\164\164\160\072\057\057\167\167\167\056\143\150\141\155 -\142\145\162\163\151\147\156\056\157\162\147\061\040\060\036\006 -\003\125\004\003\023\027\107\154\157\142\141\154\040\103\150\141 -\155\142\145\162\163\151\147\156\040\122\157\157\164\060\202\001 -\040\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000 -\003\202\001\015\000\060\202\001\010\002\202\001\001\000\242\160 -\242\320\237\102\256\133\027\307\330\175\317\024\203\374\117\311 -\241\267\023\257\212\327\236\076\004\012\222\213\140\126\372\264 -\062\057\210\115\241\140\010\364\267\011\116\240\111\057\111\326 -\323\337\235\227\132\237\224\004\160\354\077\131\331\267\314\146 -\213\230\122\050\011\002\337\305\057\204\215\172\227\167\277\354 -\100\235\045\162\253\265\077\062\230\373\267\267\374\162\204\345 -\065\207\371\125\372\243\037\016\157\056\050\335\151\240\331\102 -\020\306\370\265\104\302\320\103\177\333\274\344\242\074\152\125 -\170\012\167\251\330\352\031\062\267\057\376\134\077\033\356\261 -\230\354\312\255\172\151\105\343\226\017\125\366\346\355\165\352 -\145\350\062\126\223\106\211\250\045\212\145\006\356\153\277\171 -\007\320\361\267\257\355\054\115\222\273\300\250\137\247\147\175 -\004\362\025\010\160\254\222\326\175\004\322\063\373\114\266\013 -\013\373\032\311\304\215\003\251\176\134\362\120\253\022\245\241 -\317\110\120\245\357\322\310\032\023\372\260\177\261\202\034\167 -\152\017\137\334\013\225\217\357\103\176\346\105\011\045\002\001 -\003\243\202\001\120\060\202\001\114\060\022\006\003\125\035\023 -\001\001\377\004\010\060\006\001\001\377\002\001\014\060\077\006 -\003\125\035\037\004\070\060\066\060\064\240\062\240\060\206\056 -\150\164\164\160\072\057\057\143\162\154\056\143\150\141\155\142 -\145\162\163\151\147\156\056\157\162\147\057\143\150\141\155\142 -\145\162\163\151\147\156\162\157\157\164\056\143\162\154\060\035 -\006\003\125\035\016\004\026\004\024\103\234\066\237\260\236\060 -\115\306\316\137\255\020\253\345\003\245\372\251\024\060\016\006 -\003\125\035\017\001\001\377\004\004\003\002\001\006\060\021\006 -\011\140\206\110\001\206\370\102\001\001\004\004\003\002\000\007 -\060\052\006\003\125\035\021\004\043\060\041\201\037\143\150\141 -\155\142\145\162\163\151\147\156\162\157\157\164\100\143\150\141 -\155\142\145\162\163\151\147\156\056\157\162\147\060\052\006\003 -\125\035\022\004\043\060\041\201\037\143\150\141\155\142\145\162 -\163\151\147\156\162\157\157\164\100\143\150\141\155\142\145\162 -\163\151\147\156\056\157\162\147\060\133\006\003\125\035\040\004 -\124\060\122\060\120\006\013\053\006\001\004\001\201\207\056\012 -\001\001\060\101\060\077\006\010\053\006\001\005\005\007\002\001 -\026\063\150\164\164\160\072\057\057\143\160\163\056\143\150\141 -\155\142\145\162\163\151\147\156\056\157\162\147\057\143\160\163 -\057\143\150\141\155\142\145\162\163\151\147\156\162\157\157\164 -\056\150\164\155\154\060\015\006\011\052\206\110\206\367\015\001 -\001\005\005\000\003\202\001\001\000\074\073\160\221\371\004\124 -\047\221\341\355\355\376\150\177\141\135\345\101\145\117\062\361 -\030\005\224\152\034\336\037\160\333\076\173\062\002\064\265\014 -\154\241\212\174\245\364\217\377\324\330\255\027\325\055\004\321 -\077\130\200\342\201\131\210\276\300\343\106\223\044\376\220\275 -\046\242\060\055\350\227\046\127\065\211\164\226\030\366\025\342 -\257\044\031\126\002\002\262\272\017\024\352\306\212\146\301\206 -\105\125\213\276\222\276\234\244\004\307\111\074\236\350\051\172 -\211\327\376\257\377\150\365\245\027\220\275\254\231\314\245\206 -\127\011\147\106\333\326\026\302\106\361\344\251\120\365\217\321 -\222\025\323\137\076\306\000\111\072\156\130\262\321\321\047\015 -\045\310\062\370\040\021\315\175\062\063\110\224\124\114\335\334 -\171\304\060\237\353\216\270\125\265\327\210\134\305\152\044\075 -\262\323\005\003\121\306\007\357\314\024\162\164\075\156\162\316 -\030\050\214\112\240\167\345\011\053\105\104\107\254\267\147\177 -\001\212\005\132\223\276\241\301\377\370\347\016\147\244\107\111 -\166\135\165\220\032\365\046\217\360 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Camerfirma Global Chambersign Root" -# Issuer: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU -# Serial Number: 0 (0x0) -# Subject: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU -# Not Valid Before: Tue Sep 30 16:14:18 2003 -# Not Valid After : Wed Sep 30 16:14:18 2037 -# Fingerprint (MD5): C5:E6:7B:BF:06:D0:4F:43:ED:C4:7A:65:8A:FB:6B:19 -# Fingerprint (SHA1): 33:9B:6B:14:50:24:9B:55:7A:01:87:72:84:D9:E0:2F:C3:D2:D8:E9 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Camerfirma Global Chambersign Root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\063\233\153\024\120\044\233\125\172\001\207\162\204\331\340\057 -\303\322\330\351 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\305\346\173\277\006\320\117\103\355\304\172\145\212\373\153\031 -END -CKA_ISSUER MULTILINE_OCTAL -\060\175\061\013\060\011\006\003\125\004\006\023\002\105\125\061 -\047\060\045\006\003\125\004\012\023\036\101\103\040\103\141\155 -\145\162\146\151\162\155\141\040\123\101\040\103\111\106\040\101 -\070\062\067\064\063\062\070\067\061\043\060\041\006\003\125\004 -\013\023\032\150\164\164\160\072\057\057\167\167\167\056\143\150 -\141\155\142\145\162\163\151\147\156\056\157\162\147\061\040\060 -\036\006\003\125\004\003\023\027\107\154\157\142\141\154\040\103 -\150\141\155\142\145\162\163\151\147\156\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "XRamp Global CA Root" -# -# Issuer: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US -# Serial Number:50:94:6c:ec:18:ea:d5:9c:4d:d5:97:ef:75:8f:a0:ad -# Subject: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US -# Not Valid Before: Mon Nov 01 17:14:04 2004 -# Not Valid After : Mon Jan 01 05:37:19 2035 -# Fingerprint (MD5): A1:0B:44:B3:CA:10:D8:00:6E:9D:0F:D8:0F:92:0A:D1 -# Fingerprint (SHA1): B8:01:86:D1:EB:9C:86:A5:41:04:CF:30:54:F3:4C:52:B7:E5:58:C6 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "XRamp Global CA Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\036\060\034\006\003\125\004\013\023\025\167\167\167\056\170 -\162\141\155\160\163\145\143\165\162\151\164\171\056\143\157\155 -\061\044\060\042\006\003\125\004\012\023\033\130\122\141\155\160 -\040\123\145\143\165\162\151\164\171\040\123\145\162\166\151\143 -\145\163\040\111\156\143\061\055\060\053\006\003\125\004\003\023 -\044\130\122\141\155\160\040\107\154\157\142\141\154\040\103\145 -\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150 -\157\162\151\164\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\036\060\034\006\003\125\004\013\023\025\167\167\167\056\170 -\162\141\155\160\163\145\143\165\162\151\164\171\056\143\157\155 -\061\044\060\042\006\003\125\004\012\023\033\130\122\141\155\160 -\040\123\145\143\165\162\151\164\171\040\123\145\162\166\151\143 -\145\163\040\111\156\143\061\055\060\053\006\003\125\004\003\023 -\044\130\122\141\155\160\040\107\154\157\142\141\154\040\103\145 -\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150 -\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\120\224\154\354\030\352\325\234\115\325\227\357\165\217 -\240\255 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\060\060\202\003\030\240\003\002\001\002\002\020\120 -\224\154\354\030\352\325\234\115\325\227\357\165\217\240\255\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201 -\202\061\013\060\011\006\003\125\004\006\023\002\125\123\061\036 -\060\034\006\003\125\004\013\023\025\167\167\167\056\170\162\141 -\155\160\163\145\143\165\162\151\164\171\056\143\157\155\061\044 -\060\042\006\003\125\004\012\023\033\130\122\141\155\160\040\123 -\145\143\165\162\151\164\171\040\123\145\162\166\151\143\145\163 -\040\111\156\143\061\055\060\053\006\003\125\004\003\023\044\130 -\122\141\155\160\040\107\154\157\142\141\154\040\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 -\151\164\171\060\036\027\015\060\064\061\061\060\061\061\067\061 -\064\060\064\132\027\015\063\065\060\061\060\061\060\065\063\067 -\061\071\132\060\201\202\061\013\060\011\006\003\125\004\006\023 -\002\125\123\061\036\060\034\006\003\125\004\013\023\025\167\167 -\167\056\170\162\141\155\160\163\145\143\165\162\151\164\171\056 -\143\157\155\061\044\060\042\006\003\125\004\012\023\033\130\122 -\141\155\160\040\123\145\143\165\162\151\164\171\040\123\145\162 -\166\151\143\145\163\040\111\156\143\061\055\060\053\006\003\125 -\004\003\023\044\130\122\141\155\160\040\107\154\157\142\141\154 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\060\202\001\042\060\015\006\011 -\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000 -\060\202\001\012\002\202\001\001\000\230\044\036\275\025\264\272 -\337\307\214\245\047\266\070\013\151\363\266\116\250\054\056\041 -\035\134\104\337\041\135\176\043\164\376\136\176\264\112\267\246 -\255\037\256\340\006\026\342\233\133\331\147\164\153\135\200\217 -\051\235\206\033\331\234\015\230\155\166\020\050\130\344\145\260 -\177\112\230\171\237\340\303\061\176\200\053\265\214\300\100\073 -\021\206\320\313\242\206\066\140\244\325\060\202\155\331\156\320 -\017\022\004\063\227\137\117\141\132\360\344\371\221\253\347\035 -\073\274\350\317\364\153\055\064\174\342\110\141\034\216\363\141 -\104\314\157\240\112\251\224\260\115\332\347\251\064\172\162\070 -\250\101\314\074\224\021\175\353\310\246\214\267\206\313\312\063 -\073\331\075\067\213\373\172\076\206\054\347\163\327\012\127\254 -\144\233\031\353\364\017\004\010\212\254\003\027\031\144\364\132 -\045\042\215\064\054\262\366\150\035\022\155\323\212\036\024\332 -\304\217\246\342\043\205\325\172\015\275\152\340\351\354\354\027 -\273\102\033\147\252\045\355\105\203\041\374\301\311\174\325\142 -\076\372\362\305\055\323\375\324\145\002\003\001\000\001\243\201 -\237\060\201\234\060\023\006\011\053\006\001\004\001\202\067\024 -\002\004\006\036\004\000\103\000\101\060\013\006\003\125\035\017 -\004\004\003\002\001\206\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026 -\004\024\306\117\242\075\006\143\204\011\234\316\142\344\004\254 -\215\134\265\351\266\033\060\066\006\003\125\035\037\004\057\060 -\055\060\053\240\051\240\047\206\045\150\164\164\160\072\057\057 -\143\162\154\056\170\162\141\155\160\163\145\143\165\162\151\164 -\171\056\143\157\155\057\130\107\103\101\056\143\162\154\060\020 -\006\011\053\006\001\004\001\202\067\025\001\004\003\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003 -\202\001\001\000\221\025\071\003\001\033\147\373\112\034\371\012 -\140\133\241\332\115\227\142\371\044\123\047\327\202\144\116\220 -\056\303\111\033\053\232\334\374\250\170\147\065\361\035\360\021 -\275\267\110\343\020\366\015\337\077\322\311\266\252\125\244\110 -\272\002\333\336\131\056\025\133\073\235\026\175\107\327\067\352 -\137\115\166\022\066\273\037\327\241\201\004\106\040\243\054\155 -\251\236\001\176\077\051\316\000\223\337\375\311\222\163\211\211 -\144\236\347\053\344\034\221\054\322\271\316\175\316\157\061\231 -\323\346\276\322\036\220\360\011\024\171\134\043\253\115\322\332 -\041\037\115\231\171\235\341\317\047\237\020\233\034\210\015\260 -\212\144\101\061\270\016\154\220\044\244\233\134\161\217\272\273 -\176\034\033\333\152\200\017\041\274\351\333\246\267\100\364\262 -\213\251\261\344\357\232\032\320\075\151\231\356\250\050\243\341 -\074\263\360\262\021\234\317\174\100\346\335\347\103\175\242\330 -\072\265\251\215\362\064\231\304\324\020\341\006\375\011\204\020 -\073\356\304\114\364\354\047\174\102\302\164\174\202\212\011\311 -\264\003\045\274 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "XRamp Global CA Root" -# Issuer: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US -# Serial Number:50:94:6c:ec:18:ea:d5:9c:4d:d5:97:ef:75:8f:a0:ad -# Subject: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US -# Not Valid Before: Mon Nov 01 17:14:04 2004 -# Not Valid After : Mon Jan 01 05:37:19 2035 -# Fingerprint (MD5): A1:0B:44:B3:CA:10:D8:00:6E:9D:0F:D8:0F:92:0A:D1 -# Fingerprint (SHA1): B8:01:86:D1:EB:9C:86:A5:41:04:CF:30:54:F3:4C:52:B7:E5:58:C6 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "XRamp Global CA Root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\270\001\206\321\353\234\206\245\101\004\317\060\124\363\114\122 -\267\345\130\306 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\241\013\104\263\312\020\330\000\156\235\017\330\017\222\012\321 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\036\060\034\006\003\125\004\013\023\025\167\167\167\056\170 -\162\141\155\160\163\145\143\165\162\151\164\171\056\143\157\155 -\061\044\060\042\006\003\125\004\012\023\033\130\122\141\155\160 -\040\123\145\143\165\162\151\164\171\040\123\145\162\166\151\143 -\145\163\040\111\156\143\061\055\060\053\006\003\125\004\003\023 -\044\130\122\141\155\160\040\107\154\157\142\141\154\040\103\145 -\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150 -\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\120\224\154\354\030\352\325\234\115\325\227\357\165\217 -\240\255 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Go Daddy Class 2 CA" -# -# Issuer: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US -# Serial Number: 0 (0x0) -# Subject: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US -# Not Valid Before: Tue Jun 29 17:06:20 2004 -# Not Valid After : Thu Jun 29 17:06:20 2034 -# Fingerprint (MD5): 91:DE:06:25:AB:DA:FD:32:17:0C:BB:25:17:2A:84:67 -# Fingerprint (SHA1): 27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Go Daddy Class 2 CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\041\060\037\006\003\125\004\012\023\030\124\150\145\040\107\157 -\040\104\141\144\144\171\040\107\162\157\165\160\054\040\111\156 -\143\056\061\061\060\057\006\003\125\004\013\023\050\107\157\040 -\104\141\144\144\171\040\103\154\141\163\163\040\062\040\103\145 -\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150 -\157\162\151\164\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\041\060\037\006\003\125\004\012\023\030\124\150\145\040\107\157 -\040\104\141\144\144\171\040\107\162\157\165\160\054\040\111\156 -\143\056\061\061\060\057\006\003\125\004\013\023\050\107\157\040 -\104\141\144\144\171\040\103\154\141\163\163\040\062\040\103\145 -\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150 -\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\000\060\202\002\350\240\003\002\001\002\002\001\000 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061\041 -\060\037\006\003\125\004\012\023\030\124\150\145\040\107\157\040 -\104\141\144\144\171\040\107\162\157\165\160\054\040\111\156\143 -\056\061\061\060\057\006\003\125\004\013\023\050\107\157\040\104 -\141\144\144\171\040\103\154\141\163\163\040\062\040\103\145\162 -\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171\060\036\027\015\060\064\060\066\062\071\061\067 -\060\066\062\060\132\027\015\063\064\060\066\062\071\061\067\060 -\066\062\060\132\060\143\061\013\060\011\006\003\125\004\006\023 -\002\125\123\061\041\060\037\006\003\125\004\012\023\030\124\150 -\145\040\107\157\040\104\141\144\144\171\040\107\162\157\165\160 -\054\040\111\156\143\056\061\061\060\057\006\003\125\004\013\023 -\050\107\157\040\104\141\144\144\171\040\103\154\141\163\163\040 -\062\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040 -\101\165\164\150\157\162\151\164\171\060\202\001\040\060\015\006 -\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\015 -\000\060\202\001\010\002\202\001\001\000\336\235\327\352\127\030 -\111\241\133\353\327\137\110\206\352\276\335\377\344\357\147\034 -\364\145\150\263\127\161\240\136\167\273\355\233\111\351\160\200 -\075\126\030\143\010\157\332\362\314\320\077\177\002\124\042\124 -\020\330\262\201\324\300\165\075\113\177\307\167\303\076\170\253 -\032\003\265\040\153\057\152\053\261\305\210\176\304\273\036\260 -\301\330\105\047\157\252\067\130\367\207\046\327\330\055\366\251 -\027\267\037\162\066\116\246\027\077\145\230\222\333\052\156\135 -\242\376\210\340\013\336\177\345\215\025\341\353\313\072\325\342 -\022\242\023\055\330\216\257\137\022\075\240\010\005\010\266\134 -\245\145\070\004\105\231\036\243\140\140\164\305\101\245\162\142 -\033\142\305\037\157\137\032\102\276\002\121\145\250\256\043\030 -\152\374\170\003\251\115\177\200\303\372\253\132\374\241\100\244 -\312\031\026\376\262\310\357\136\163\015\356\167\275\232\366\171 -\230\274\261\007\147\242\025\015\335\240\130\306\104\173\012\076 -\142\050\137\272\101\007\123\130\317\021\176\070\164\305\370\377 -\265\151\220\217\204\164\352\227\033\257\002\001\003\243\201\300 -\060\201\275\060\035\006\003\125\035\016\004\026\004\024\322\304 -\260\322\221\324\114\021\161\263\141\313\075\241\376\335\250\152 -\324\343\060\201\215\006\003\125\035\043\004\201\205\060\201\202 -\200\024\322\304\260\322\221\324\114\021\161\263\141\313\075\241 -\376\335\250\152\324\343\241\147\244\145\060\143\061\013\060\011 -\006\003\125\004\006\023\002\125\123\061\041\060\037\006\003\125 -\004\012\023\030\124\150\145\040\107\157\040\104\141\144\144\171 -\040\107\162\157\165\160\054\040\111\156\143\056\061\061\060\057 -\006\003\125\004\013\023\050\107\157\040\104\141\144\144\171\040 -\103\154\141\163\163\040\062\040\103\145\162\164\151\146\151\143 -\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\202 -\001\000\060\014\006\003\125\035\023\004\005\060\003\001\001\377 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003 -\202\001\001\000\062\113\363\262\312\076\221\374\022\306\241\007 -\214\216\167\240\063\006\024\134\220\036\030\367\010\246\075\012 -\031\371\207\200\021\156\151\344\226\027\060\377\064\221\143\162 -\070\356\314\034\001\243\035\224\050\244\061\366\172\304\124\327 -\366\345\061\130\003\242\314\316\142\333\224\105\163\265\277\105 -\311\044\265\325\202\002\255\043\171\151\215\270\266\115\316\317 -\114\312\063\043\350\034\210\252\235\213\101\156\026\311\040\345 -\211\236\315\073\332\160\367\176\231\046\040\024\124\045\253\156 -\163\205\346\233\041\235\012\154\202\016\250\370\302\014\372\020 -\036\154\226\357\207\015\304\017\141\213\255\356\203\053\225\370 -\216\222\204\162\071\353\040\352\203\355\203\315\227\156\010\274 -\353\116\046\266\163\053\344\323\366\114\376\046\161\342\141\021 -\164\112\377\127\032\207\017\165\110\056\317\121\151\027\240\002 -\022\141\225\325\321\100\262\020\114\356\304\254\020\103\246\245 -\236\012\325\225\142\232\015\317\210\202\305\062\014\344\053\237 -\105\346\015\237\050\234\261\271\052\132\127\255\067\017\257\035 -\177\333\275\237 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Go Daddy Class 2 CA" -# Issuer: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US -# Serial Number: 0 (0x0) -# Subject: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US -# Not Valid Before: Tue Jun 29 17:06:20 2004 -# Not Valid After : Thu Jun 29 17:06:20 2034 -# Fingerprint (MD5): 91:DE:06:25:AB:DA:FD:32:17:0C:BB:25:17:2A:84:67 -# Fingerprint (SHA1): 27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Go Daddy Class 2 CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\047\226\272\346\077\030\001\342\167\046\033\240\327\167\160\002 -\217\040\356\344 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\221\336\006\045\253\332\375\062\027\014\273\045\027\052\204\147 -END -CKA_ISSUER MULTILINE_OCTAL -\060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\041\060\037\006\003\125\004\012\023\030\124\150\145\040\107\157 -\040\104\141\144\144\171\040\107\162\157\165\160\054\040\111\156 -\143\056\061\061\060\057\006\003\125\004\013\023\050\107\157\040 -\104\141\144\144\171\040\103\154\141\163\163\040\062\040\103\145 -\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150 -\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Starfield Class 2 CA" -# -# Issuer: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US -# Serial Number: 0 (0x0) -# Subject: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US -# Not Valid Before: Tue Jun 29 17:39:16 2004 -# Not Valid After : Thu Jun 29 17:39:16 2034 -# Fingerprint (MD5): 32:4A:4B:BB:C8:63:69:9B:BE:74:9A:C6:DD:1D:46:24 -# Fingerprint (SHA1): AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Starfield Class 2 CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\150\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\045\060\043\006\003\125\004\012\023\034\123\164\141\162\146\151 -\145\154\144\040\124\145\143\150\156\157\154\157\147\151\145\163 -\054\040\111\156\143\056\061\062\060\060\006\003\125\004\013\023 -\051\123\164\141\162\146\151\145\154\144\040\103\154\141\163\163 -\040\062\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\150\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\045\060\043\006\003\125\004\012\023\034\123\164\141\162\146\151 -\145\154\144\040\124\145\143\150\156\157\154\157\147\151\145\163 -\054\040\111\156\143\056\061\062\060\060\006\003\125\004\013\023 -\051\123\164\141\162\146\151\145\154\144\040\103\154\141\163\163 -\040\062\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\017\060\202\002\367\240\003\002\001\002\002\001\000 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\150\061\013\060\011\006\003\125\004\006\023\002\125\123\061\045 -\060\043\006\003\125\004\012\023\034\123\164\141\162\146\151\145 -\154\144\040\124\145\143\150\156\157\154\157\147\151\145\163\054 -\040\111\156\143\056\061\062\060\060\006\003\125\004\013\023\051 -\123\164\141\162\146\151\145\154\144\040\103\154\141\163\163\040 -\062\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040 -\101\165\164\150\157\162\151\164\171\060\036\027\015\060\064\060 -\066\062\071\061\067\063\071\061\066\132\027\015\063\064\060\066 -\062\071\061\067\063\071\061\066\132\060\150\061\013\060\011\006 -\003\125\004\006\023\002\125\123\061\045\060\043\006\003\125\004 -\012\023\034\123\164\141\162\146\151\145\154\144\040\124\145\143 -\150\156\157\154\157\147\151\145\163\054\040\111\156\143\056\061 -\062\060\060\006\003\125\004\013\023\051\123\164\141\162\146\151 -\145\154\144\040\103\154\141\163\163\040\062\040\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 -\151\164\171\060\202\001\040\060\015\006\011\052\206\110\206\367 -\015\001\001\001\005\000\003\202\001\015\000\060\202\001\010\002 -\202\001\001\000\267\062\310\376\351\161\246\004\205\255\014\021 -\144\337\316\115\357\310\003\030\207\077\241\253\373\074\246\237 -\360\303\241\332\324\330\156\053\123\220\373\044\244\076\204\360 -\236\350\137\354\345\047\104\365\050\246\077\173\336\340\052\360 -\310\257\123\057\236\312\005\001\223\036\217\146\034\071\247\115 -\372\132\266\163\004\045\146\353\167\177\347\131\306\112\231\045 -\024\124\353\046\307\363\177\031\325\060\160\217\257\260\106\052 -\377\255\353\051\355\327\237\252\004\207\243\324\371\211\245\064 -\137\333\103\221\202\066\331\146\074\261\270\271\202\375\234\072 -\076\020\310\073\357\006\145\146\172\233\031\030\075\377\161\121 -\074\060\056\137\276\075\167\163\262\135\006\154\303\043\126\232 -\053\205\046\222\034\247\002\263\344\077\015\257\010\171\202\270 -\066\075\352\234\323\065\263\274\151\312\365\314\235\350\375\144 -\215\027\200\063\156\136\112\135\231\311\036\207\264\235\032\300 -\325\156\023\065\043\136\337\233\137\075\357\326\367\166\302\352 -\076\273\170\015\034\102\147\153\004\330\370\326\332\157\213\362 -\104\240\001\253\002\001\003\243\201\305\060\201\302\060\035\006 -\003\125\035\016\004\026\004\024\277\137\267\321\316\335\037\206 -\364\133\125\254\334\327\020\302\016\251\210\347\060\201\222\006 -\003\125\035\043\004\201\212\060\201\207\200\024\277\137\267\321 -\316\335\037\206\364\133\125\254\334\327\020\302\016\251\210\347 -\241\154\244\152\060\150\061\013\060\011\006\003\125\004\006\023 -\002\125\123\061\045\060\043\006\003\125\004\012\023\034\123\164 -\141\162\146\151\145\154\144\040\124\145\143\150\156\157\154\157 -\147\151\145\163\054\040\111\156\143\056\061\062\060\060\006\003 -\125\004\013\023\051\123\164\141\162\146\151\145\154\144\040\103 -\154\141\163\163\040\062\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\202\001 -\000\060\014\006\003\125\035\023\004\005\060\003\001\001\377\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202 -\001\001\000\005\235\077\210\235\321\311\032\125\241\254\151\363 -\363\131\332\233\001\207\032\117\127\251\241\171\011\052\333\367 -\057\262\036\314\307\136\152\330\203\207\241\227\357\111\065\076 -\167\006\101\130\142\277\216\130\270\012\147\077\354\263\335\041 -\146\037\311\124\372\162\314\075\114\100\330\201\257\167\236\203 -\172\273\242\307\365\064\027\216\331\021\100\364\374\054\052\115 -\025\177\247\142\135\056\045\323\000\013\040\032\035\150\371\027 -\270\364\275\213\355\050\131\335\115\026\213\027\203\310\262\145 -\307\055\172\245\252\274\123\206\155\335\127\244\312\370\040\101 -\013\150\360\364\373\164\276\126\135\172\171\365\371\035\205\343 -\055\225\276\365\161\220\103\314\215\037\232\000\012\207\051\351 -\125\042\130\000\043\352\343\022\103\051\133\107\010\335\214\101 -\152\145\006\250\345\041\252\101\264\225\041\225\271\175\321\064 -\253\023\326\255\274\334\342\075\071\315\275\076\165\160\241\030 -\131\003\311\042\264\217\234\325\136\052\327\245\266\324\012\155 -\370\267\100\021\106\232\037\171\016\142\277\017\227\354\340\057 -\037\027\224 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Starfield Class 2 CA" -# Issuer: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US -# Serial Number: 0 (0x0) -# Subject: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US -# Not Valid Before: Tue Jun 29 17:39:16 2004 -# Not Valid After : Thu Jun 29 17:39:16 2034 -# Fingerprint (MD5): 32:4A:4B:BB:C8:63:69:9B:BE:74:9A:C6:DD:1D:46:24 -# Fingerprint (SHA1): AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Starfield Class 2 CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\255\176\034\050\260\144\357\217\140\003\100\040\024\303\320\343 -\067\016\265\212 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\062\112\113\273\310\143\151\233\276\164\232\306\335\035\106\044 -END -CKA_ISSUER MULTILINE_OCTAL -\060\150\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\045\060\043\006\003\125\004\012\023\034\123\164\141\162\146\151 -\145\154\144\040\124\145\143\150\156\157\154\157\147\151\145\163 -\054\040\111\156\143\056\061\062\060\060\006\003\125\004\013\023 -\051\123\164\141\162\146\151\145\154\144\040\103\154\141\163\163 -\040\062\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Taiwan GRCA" -# -# Issuer: O=Government Root Certification Authority,C=TW -# Serial Number:1f:9d:59:5a:d7:2f:c2:06:44:a5:80:08:69:e3:5e:f6 -# Subject: O=Government Root Certification Authority,C=TW -# Not Valid Before: Thu Dec 05 13:23:33 2002 -# Not Valid After : Sun Dec 05 13:23:33 2032 -# Fingerprint (MD5): 37:85:44:53:32:45:1F:20:F0:F3:95:E1:25:C4:43:4E -# Fingerprint (SHA1): F4:8B:11:BF:DE:AB:BE:94:54:20:71:E6:41:DE:6B:BE:88:2B:40:B9 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Taiwan GRCA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\077\061\013\060\011\006\003\125\004\006\023\002\124\127\061 -\060\060\056\006\003\125\004\012\014\047\107\157\166\145\162\156 -\155\145\156\164\040\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\077\061\013\060\011\006\003\125\004\006\023\002\124\127\061 -\060\060\056\006\003\125\004\012\014\047\107\157\166\145\162\156 -\155\145\156\164\040\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\037\235\131\132\327\057\302\006\104\245\200\010\151\343 -\136\366 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\162\060\202\003\132\240\003\002\001\002\002\020\037 -\235\131\132\327\057\302\006\104\245\200\010\151\343\136\366\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\077 -\061\013\060\011\006\003\125\004\006\023\002\124\127\061\060\060 -\056\006\003\125\004\012\014\047\107\157\166\145\162\156\155\145 -\156\164\040\122\157\157\164\040\103\145\162\164\151\146\151\143 -\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060 -\036\027\015\060\062\061\062\060\065\061\063\062\063\063\063\132 -\027\015\063\062\061\062\060\065\061\063\062\063\063\063\132\060 -\077\061\013\060\011\006\003\125\004\006\023\002\124\127\061\060 -\060\056\006\003\125\004\012\014\047\107\157\166\145\162\156\155 -\145\156\164\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 -\000\232\045\270\354\314\242\165\250\173\367\316\133\131\212\311 -\321\206\022\010\124\354\234\362\347\106\366\210\363\174\351\245 -\337\114\107\066\244\033\001\034\177\036\127\212\215\303\305\321 -\041\343\332\044\077\110\053\373\237\056\241\224\347\054\034\223 -\321\277\033\001\207\123\231\316\247\365\012\041\166\167\377\251 -\267\306\163\224\117\106\367\020\111\067\372\250\131\111\135\152 -\201\007\126\362\212\371\006\320\367\160\042\115\264\267\101\271 -\062\270\261\360\261\303\234\077\160\375\123\335\201\252\330\143 -\170\366\330\123\156\241\254\152\204\044\162\124\206\306\322\262 -\312\034\016\171\201\326\265\160\142\010\001\056\116\117\016\325 -\021\257\251\257\345\232\277\334\314\207\155\046\344\311\127\242 -\373\226\371\314\341\077\123\214\154\114\176\233\123\010\013\154 -\027\373\147\310\302\255\261\315\200\264\227\334\166\001\026\025 -\351\152\327\244\341\170\107\316\206\325\373\061\363\372\061\276 -\064\252\050\373\160\114\035\111\307\257\054\235\155\146\246\266 -\215\144\176\265\040\152\235\073\201\266\217\100\000\147\113\211 -\206\270\314\145\376\025\123\351\004\301\326\137\035\104\327\012 -\057\047\232\106\175\241\015\165\255\124\206\025\334\111\073\361 -\226\316\017\233\240\354\243\172\135\276\325\052\165\102\345\173 -\336\245\266\252\257\050\254\254\220\254\070\267\325\150\065\046 -\172\334\367\073\363\375\105\233\321\273\103\170\156\157\361\102 -\124\152\230\360\015\255\227\351\122\136\351\325\152\162\336\152 -\367\033\140\024\364\245\344\266\161\147\252\037\352\342\115\301 -\102\100\376\147\106\027\070\057\107\077\161\234\256\345\041\312 -\141\055\155\007\250\204\174\055\356\121\045\361\143\220\236\375 -\341\127\210\153\357\212\043\155\261\346\275\077\255\321\075\226 -\013\205\215\315\153\047\273\267\005\233\354\273\221\251\012\007 -\022\002\227\116\040\220\360\377\015\036\342\101\073\323\100\072 -\347\215\135\332\146\344\002\260\007\122\230\134\016\216\063\234 -\302\246\225\373\125\031\156\114\216\256\113\017\275\301\070\115 -\136\217\204\035\146\315\305\140\226\264\122\132\005\211\216\225 -\172\230\301\221\074\225\043\262\016\364\171\264\311\174\301\112 -\041\002\003\001\000\001\243\152\060\150\060\035\006\003\125\035 -\016\004\026\004\024\314\314\357\314\051\140\244\073\261\222\266 -\074\372\062\142\217\254\045\025\073\060\014\006\003\125\035\023 -\004\005\060\003\001\001\377\060\071\006\004\147\052\007\000\004 -\061\060\057\060\055\002\001\000\060\011\006\005\053\016\003\002 -\032\005\000\060\007\006\005\147\052\003\000\000\004\024\003\233 -\360\042\023\377\225\050\066\323\334\236\300\062\373\061\072\212 -\121\145\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\003\202\002\001\000\100\200\112\372\046\311\316\136\060\335 -\117\206\164\166\130\365\256\263\203\063\170\244\172\164\027\031 -\116\351\122\265\271\340\012\164\142\252\150\312\170\240\114\232 -\216\054\043\056\325\152\022\044\277\324\150\323\212\320\330\234 -\237\264\037\014\336\070\176\127\070\374\215\342\117\136\014\237 -\253\073\322\377\165\227\313\244\343\147\010\377\345\300\026\265 -\110\001\175\351\371\012\377\033\345\152\151\277\170\041\250\302 -\247\043\251\206\253\166\126\350\016\014\366\023\335\052\146\212 -\144\111\075\032\030\207\220\004\237\102\122\267\117\313\376\107 -\101\166\065\357\377\000\166\066\105\062\233\306\106\205\135\342 -\044\260\036\343\110\226\230\127\107\224\125\172\017\101\261\104 -\044\363\301\376\032\153\277\210\375\301\246\332\223\140\136\201 -\112\231\040\234\110\146\031\265\000\171\124\017\270\054\057\113 -\274\251\135\133\140\177\214\207\245\340\122\143\052\276\330\073 -\205\100\025\376\036\266\145\077\305\113\332\176\265\172\065\051 -\243\056\172\230\140\042\243\364\175\047\116\055\352\264\164\074 -\351\017\244\063\017\020\021\274\023\001\326\345\016\323\277\265 -\022\242\341\105\043\300\314\010\156\141\267\211\253\203\343\044 -\036\346\135\007\347\037\040\076\317\147\310\347\254\060\155\047 -\113\150\156\113\052\134\002\010\064\333\370\166\344\147\243\046 -\234\077\242\062\302\112\305\201\030\061\020\126\252\204\357\055 -\012\377\270\037\167\322\277\245\130\240\142\344\327\113\221\165 -\215\211\200\230\176\155\313\123\116\136\257\366\262\227\205\227 -\271\332\125\006\271\044\356\327\306\070\036\143\033\022\073\225 -\341\130\254\362\337\204\325\137\231\057\015\125\133\346\070\333 -\056\077\162\351\110\205\313\273\051\023\217\036\070\125\271\363 -\262\304\060\231\043\116\135\362\110\241\022\014\334\022\220\011 -\220\124\221\003\074\107\345\325\311\145\340\267\113\175\354\107 -\323\263\013\076\255\236\320\164\000\016\353\275\121\255\300\336 -\054\300\303\152\376\357\334\013\247\372\106\337\140\333\234\246 -\131\120\165\043\151\163\223\262\371\374\002\323\107\346\161\316 -\020\002\356\047\214\204\377\254\105\015\023\134\203\062\340\045 -\245\206\054\174\364\022 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -# For Server Distrust After: Thu Sep 19 00:00:00 2019 -CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL -\061\071\060\071\061\071\060\060\060\060\060\060\132 -END -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Taiwan GRCA" -# Issuer: O=Government Root Certification Authority,C=TW -# Serial Number:1f:9d:59:5a:d7:2f:c2:06:44:a5:80:08:69:e3:5e:f6 -# Subject: O=Government Root Certification Authority,C=TW -# Not Valid Before: Thu Dec 05 13:23:33 2002 -# Not Valid After : Sun Dec 05 13:23:33 2032 -# Fingerprint (MD5): 37:85:44:53:32:45:1F:20:F0:F3:95:E1:25:C4:43:4E -# Fingerprint (SHA1): F4:8B:11:BF:DE:AB:BE:94:54:20:71:E6:41:DE:6B:BE:88:2B:40:B9 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Taiwan GRCA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\364\213\021\277\336\253\276\224\124\040\161\346\101\336\153\276 -\210\053\100\271 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\067\205\104\123\062\105\037\040\360\363\225\341\045\304\103\116 -END -CKA_ISSUER MULTILINE_OCTAL -\060\077\061\013\060\011\006\003\125\004\006\023\002\124\127\061 -\060\060\056\006\003\125\004\012\014\047\107\157\166\145\162\156 -\155\145\156\164\040\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\037\235\131\132\327\057\302\006\104\245\200\010\151\343 -\136\366 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "DigiCert Assured ID Root CA" -# -# Issuer: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US -# Serial Number:0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39 -# Subject: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US -# Not Valid Before: Fri Nov 10 00:00:00 2006 -# Not Valid After : Mon Nov 10 00:00:00 2031 -# Fingerprint (MD5): 87:CE:0B:7B:2A:0E:49:00:E1:58:71:9B:37:A8:93:72 -# Fingerprint (SHA1): 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DigiCert Assured ID Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\044\060\042\006\003\125\004\003\023\033\104\151\147\151 -\103\145\162\164\040\101\163\163\165\162\145\144\040\111\104\040 -\122\157\157\164\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\044\060\042\006\003\125\004\003\023\033\104\151\147\151 -\103\145\162\164\040\101\163\163\165\162\145\144\040\111\104\040 -\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\014\347\340\345\027\330\106\376\217\345\140\374\033\360 -\060\071 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\267\060\202\002\237\240\003\002\001\002\002\020\014 -\347\340\345\027\330\106\376\217\345\140\374\033\360\060\071\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\145 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025\060 -\023\006\003\125\004\012\023\014\104\151\147\151\103\145\162\164 -\040\111\156\143\061\031\060\027\006\003\125\004\013\023\020\167 -\167\167\056\144\151\147\151\143\145\162\164\056\143\157\155\061 -\044\060\042\006\003\125\004\003\023\033\104\151\147\151\103\145 -\162\164\040\101\163\163\165\162\145\144\040\111\104\040\122\157 -\157\164\040\103\101\060\036\027\015\060\066\061\061\061\060\060 -\060\060\060\060\060\132\027\015\063\061\061\061\061\060\060\060 -\060\060\060\060\132\060\145\061\013\060\011\006\003\125\004\006 -\023\002\125\123\061\025\060\023\006\003\125\004\012\023\014\104 -\151\147\151\103\145\162\164\040\111\156\143\061\031\060\027\006 -\003\125\004\013\023\020\167\167\167\056\144\151\147\151\143\145 -\162\164\056\143\157\155\061\044\060\042\006\003\125\004\003\023 -\033\104\151\147\151\103\145\162\164\040\101\163\163\165\162\145 -\144\040\111\104\040\122\157\157\164\040\103\101\060\202\001\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\001\017\000\060\202\001\012\002\202\001\001\000\255\016\025 -\316\344\103\200\134\261\207\363\267\140\371\161\022\245\256\334 -\046\224\210\252\364\316\365\040\071\050\130\140\014\370\200\332 -\251\025\225\062\141\074\265\261\050\204\212\212\334\237\012\014 -\203\027\172\217\220\254\212\347\171\123\134\061\204\052\366\017 -\230\062\066\166\314\336\335\074\250\242\357\152\373\041\362\122 -\141\337\237\040\327\037\342\261\331\376\030\144\322\022\133\137 -\371\130\030\065\274\107\315\241\066\371\153\177\324\260\070\076 -\301\033\303\214\063\331\330\057\030\376\050\017\263\247\203\326 -\303\156\104\300\141\065\226\026\376\131\234\213\166\155\327\361 -\242\113\015\053\377\013\162\332\236\140\320\216\220\065\306\170 -\125\207\040\241\317\345\155\012\310\111\174\061\230\063\154\042 -\351\207\320\062\132\242\272\023\202\021\355\071\027\235\231\072 -\162\241\346\372\244\331\325\027\061\165\256\205\175\042\256\077 -\001\106\206\366\050\171\310\261\332\344\127\027\304\176\034\016 -\260\264\222\246\126\263\275\262\227\355\252\247\360\267\305\250 -\077\225\026\320\377\241\226\353\010\137\030\167\117\002\003\001 -\000\001\243\143\060\141\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\206\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026 -\004\024\105\353\242\257\364\222\313\202\061\055\121\213\247\247 -\041\235\363\155\310\017\060\037\006\003\125\035\043\004\030\060 -\026\200\024\105\353\242\257\364\222\313\202\061\055\121\213\247 -\247\041\235\363\155\310\017\060\015\006\011\052\206\110\206\367 -\015\001\001\005\005\000\003\202\001\001\000\242\016\274\337\342 -\355\360\343\162\163\172\144\224\277\367\162\146\330\062\344\102 -\165\142\256\207\353\362\325\331\336\126\263\237\314\316\024\050 -\271\015\227\140\134\022\114\130\344\323\075\203\111\105\130\227 -\065\151\032\250\107\352\126\306\171\253\022\330\147\201\204\337 -\177\011\074\224\346\270\046\054\040\275\075\263\050\211\367\137 -\377\042\342\227\204\037\351\145\357\207\340\337\301\147\111\263 -\135\353\262\011\052\353\046\355\170\276\175\077\053\363\267\046 -\065\155\137\211\001\266\111\133\237\001\005\233\253\075\045\301 -\314\266\177\302\361\157\206\306\372\144\150\353\201\055\224\353 -\102\267\372\214\036\335\142\361\276\120\147\267\154\275\363\361 -\037\153\014\066\007\026\177\067\174\251\133\155\172\361\022\106 -\140\203\327\047\004\276\113\316\227\276\303\147\052\150\021\337 -\200\347\014\063\146\277\023\015\024\156\363\177\037\143\020\036 -\372\215\033\045\155\154\217\245\267\141\001\261\322\243\046\241 -\020\161\235\255\342\303\371\303\231\121\267\053\007\010\316\056 -\346\120\262\247\372\012\105\057\242\360\362 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "DigiCert Assured ID Root CA" -# Issuer: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US -# Serial Number:0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39 -# Subject: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US -# Not Valid Before: Fri Nov 10 00:00:00 2006 -# Not Valid After : Mon Nov 10 00:00:00 2031 -# Fingerprint (MD5): 87:CE:0B:7B:2A:0E:49:00:E1:58:71:9B:37:A8:93:72 -# Fingerprint (SHA1): 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DigiCert Assured ID Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\005\143\270\143\015\142\327\132\273\310\253\036\113\337\265\250 -\231\262\115\103 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\207\316\013\173\052\016\111\000\341\130\161\233\067\250\223\162 -END -CKA_ISSUER MULTILINE_OCTAL -\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\044\060\042\006\003\125\004\003\023\033\104\151\147\151 -\103\145\162\164\040\101\163\163\165\162\145\144\040\111\104\040 -\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\014\347\340\345\027\330\106\376\217\345\140\374\033\360 -\060\071 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "DigiCert Global Root CA" -# -# Issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US -# Serial Number:08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a -# Subject: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US -# Not Valid Before: Fri Nov 10 00:00:00 2006 -# Not Valid After : Mon Nov 10 00:00:00 2031 -# Fingerprint (MD5): 79:E4:A9:84:0D:7D:3A:96:D7:C0:4F:E2:43:4C:89:2E -# Fingerprint (SHA1): A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DigiCert Global Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147\151 -\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157\164 -\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147\151 -\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157\164 -\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\010\073\340\126\220\102\106\261\241\165\152\311\131\221 -\307\112 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\257\060\202\002\227\240\003\002\001\002\002\020\010 -\073\340\126\220\102\106\261\241\165\152\311\131\221\307\112\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\141 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025\060 -\023\006\003\125\004\012\023\014\104\151\147\151\103\145\162\164 -\040\111\156\143\061\031\060\027\006\003\125\004\013\023\020\167 -\167\167\056\144\151\147\151\143\145\162\164\056\143\157\155\061 -\040\060\036\006\003\125\004\003\023\027\104\151\147\151\103\145 -\162\164\040\107\154\157\142\141\154\040\122\157\157\164\040\103 -\101\060\036\027\015\060\066\061\061\061\060\060\060\060\060\060 -\060\132\027\015\063\061\061\061\061\060\060\060\060\060\060\060 -\132\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103 -\145\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013 -\023\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143 -\157\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147 -\151\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157 -\164\040\103\101\060\202\001\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012 -\002\202\001\001\000\342\073\341\021\162\336\250\244\323\243\127 -\252\120\242\217\013\167\220\311\242\245\356\022\316\226\133\001 -\011\040\314\001\223\247\116\060\267\123\367\103\304\151\000\127 -\235\342\215\042\335\207\006\100\000\201\011\316\316\033\203\277 -\337\315\073\161\106\342\326\146\307\005\263\166\047\026\217\173 -\236\036\225\175\356\267\110\243\010\332\326\257\172\014\071\006 -\145\177\112\135\037\274\027\370\253\276\356\050\327\164\177\172 -\170\231\131\205\150\156\134\043\062\113\277\116\300\350\132\155 -\343\160\277\167\020\277\374\001\366\205\331\250\104\020\130\062 -\251\165\030\325\321\242\276\107\342\047\152\364\232\063\370\111 -\010\140\213\324\137\264\072\204\277\241\252\112\114\175\076\317 -\117\137\154\166\136\240\113\067\221\236\334\042\346\155\316\024 -\032\216\152\313\376\315\263\024\144\027\307\133\051\236\062\277 -\362\356\372\323\013\102\324\253\267\101\062\332\014\324\357\370 -\201\325\273\215\130\077\265\033\350\111\050\242\160\332\061\004 -\335\367\262\026\362\114\012\116\007\250\355\112\075\136\265\177 -\243\220\303\257\047\002\003\001\000\001\243\143\060\141\060\016 -\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060\017 -\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\035\006\003\125\035\016\004\026\004\024\003\336\120\065\126\321 -\114\273\146\360\243\342\033\033\303\227\262\075\321\125\060\037 -\006\003\125\035\043\004\030\060\026\200\024\003\336\120\065\126 -\321\114\273\146\360\243\342\033\033\303\227\262\075\321\125\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202 -\001\001\000\313\234\067\252\110\023\022\012\372\335\104\234\117 -\122\260\364\337\256\004\365\171\171\010\243\044\030\374\113\053 -\204\300\055\271\325\307\376\364\301\037\130\313\270\155\234\172 -\164\347\230\051\253\021\265\343\160\240\241\315\114\210\231\223 -\214\221\160\342\253\017\034\276\223\251\377\143\325\344\007\140 -\323\243\277\235\133\011\361\325\216\343\123\364\216\143\372\077 -\247\333\264\146\337\142\146\326\321\156\101\215\362\055\265\352 -\167\112\237\235\130\342\053\131\300\100\043\355\055\050\202\105 -\076\171\124\222\046\230\340\200\110\250\067\357\360\326\171\140 -\026\336\254\350\016\315\156\254\104\027\070\057\111\332\341\105 -\076\052\271\066\123\317\072\120\006\367\056\350\304\127\111\154 -\141\041\030\325\004\255\170\074\054\072\200\153\247\353\257\025 -\024\351\330\211\301\271\070\154\342\221\154\212\377\144\271\167 -\045\127\060\300\033\044\243\341\334\351\337\107\174\265\264\044 -\010\005\060\354\055\275\013\277\105\277\120\271\251\363\353\230 -\001\022\255\310\210\306\230\064\137\215\012\074\306\351\325\225 -\225\155\336 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "DigiCert Global Root CA" -# Issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US -# Serial Number:08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a -# Subject: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US -# Not Valid Before: Fri Nov 10 00:00:00 2006 -# Not Valid After : Mon Nov 10 00:00:00 2031 -# Fingerprint (MD5): 79:E4:A9:84:0D:7D:3A:96:D7:C0:4F:E2:43:4C:89:2E -# Fingerprint (SHA1): A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DigiCert Global Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\250\230\135\072\145\345\345\304\262\327\326\155\100\306\335\057 -\261\234\124\066 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\171\344\251\204\015\175\072\226\327\300\117\342\103\114\211\056 -END -CKA_ISSUER MULTILINE_OCTAL -\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147\151 -\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157\164 -\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\010\073\340\126\220\102\106\261\241\165\152\311\131\221 -\307\112 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "DigiCert High Assurance EV Root CA" -# -# Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US -# Serial Number:02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77 -# Subject: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US -# Not Valid Before: Fri Nov 10 00:00:00 2006 -# Not Valid After : Mon Nov 10 00:00:00 2031 -# Fingerprint (MD5): D4:74:DE:57:5C:39:B2:D3:9C:85:83:C5:C0:65:49:8A -# Fingerprint (SHA1): 5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DigiCert High Assurance EV Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\154\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\053\060\051\006\003\125\004\003\023\042\104\151\147\151 -\103\145\162\164\040\110\151\147\150\040\101\163\163\165\162\141 -\156\143\145\040\105\126\040\122\157\157\164\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\154\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\053\060\051\006\003\125\004\003\023\042\104\151\147\151 -\103\145\162\164\040\110\151\147\150\040\101\163\163\165\162\141 -\156\143\145\040\105\126\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\002\254\134\046\152\013\100\233\217\013\171\362\256\106 -\045\167 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\305\060\202\002\255\240\003\002\001\002\002\020\002 -\254\134\046\152\013\100\233\217\013\171\362\256\106\045\167\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\154 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025\060 -\023\006\003\125\004\012\023\014\104\151\147\151\103\145\162\164 -\040\111\156\143\061\031\060\027\006\003\125\004\013\023\020\167 -\167\167\056\144\151\147\151\143\145\162\164\056\143\157\155\061 -\053\060\051\006\003\125\004\003\023\042\104\151\147\151\103\145 -\162\164\040\110\151\147\150\040\101\163\163\165\162\141\156\143 -\145\040\105\126\040\122\157\157\164\040\103\101\060\036\027\015 -\060\066\061\061\061\060\060\060\060\060\060\060\132\027\015\063 -\061\061\061\061\060\060\060\060\060\060\060\132\060\154\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\025\060\023\006 -\003\125\004\012\023\014\104\151\147\151\103\145\162\164\040\111 -\156\143\061\031\060\027\006\003\125\004\013\023\020\167\167\167 -\056\144\151\147\151\143\145\162\164\056\143\157\155\061\053\060 -\051\006\003\125\004\003\023\042\104\151\147\151\103\145\162\164 -\040\110\151\147\150\040\101\163\163\165\162\141\156\143\145\040 -\105\126\040\122\157\157\164\040\103\101\060\202\001\042\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001 -\017\000\060\202\001\012\002\202\001\001\000\306\314\345\163\346 -\373\324\273\345\055\055\062\246\337\345\201\077\311\315\045\111 -\266\161\052\303\325\224\064\147\242\012\034\260\137\151\246\100 -\261\304\267\262\217\320\230\244\251\101\131\072\323\334\224\326 -\074\333\164\070\244\112\314\115\045\202\367\112\245\123\022\070 -\356\363\111\155\161\221\176\143\266\253\246\137\303\244\204\370 -\117\142\121\276\370\305\354\333\070\222\343\006\345\010\221\014 -\304\050\101\125\373\313\132\211\025\176\161\350\065\277\115\162 -\011\075\276\072\070\120\133\167\061\033\215\263\307\044\105\232 -\247\254\155\000\024\132\004\267\272\023\353\121\012\230\101\101 -\042\116\145\141\207\201\101\120\246\171\134\211\336\031\112\127 -\325\056\346\135\034\123\054\176\230\315\032\006\026\244\150\163 -\320\064\004\023\134\241\161\323\132\174\125\333\136\144\341\067 -\207\060\126\004\345\021\264\051\200\022\361\171\071\210\242\002 -\021\174\047\146\267\210\267\170\362\312\012\250\070\253\012\144 -\302\277\146\135\225\204\301\241\045\036\207\135\032\120\013\040 -\022\314\101\273\156\013\121\070\270\113\313\002\003\001\000\001 -\243\143\060\141\060\016\006\003\125\035\017\001\001\377\004\004 -\003\002\001\206\060\017\006\003\125\035\023\001\001\377\004\005 -\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024 -\261\076\303\151\003\370\277\107\001\324\230\046\032\010\002\357 -\143\144\053\303\060\037\006\003\125\035\043\004\030\060\026\200 -\024\261\076\303\151\003\370\277\107\001\324\230\046\032\010\002 -\357\143\144\053\303\060\015\006\011\052\206\110\206\367\015\001 -\001\005\005\000\003\202\001\001\000\034\032\006\227\334\327\234 -\237\074\210\146\006\010\127\041\333\041\107\370\052\147\252\277 -\030\062\166\100\020\127\301\212\363\172\331\021\145\216\065\372 -\236\374\105\265\236\331\114\061\113\270\221\350\103\054\216\263 -\170\316\333\343\123\171\161\326\345\041\224\001\332\125\207\232 -\044\144\366\212\146\314\336\234\067\315\250\064\261\151\233\043 -\310\236\170\042\053\160\103\343\125\107\061\141\031\357\130\305 -\205\057\116\060\366\240\061\026\043\310\347\342\145\026\063\313 -\277\032\033\240\075\370\312\136\213\061\213\140\010\211\055\014 -\006\134\122\267\304\371\012\230\321\025\137\237\022\276\174\066 -\143\070\275\104\244\177\344\046\053\012\304\227\151\015\351\214 -\342\300\020\127\270\310\166\022\221\125\362\110\151\330\274\052 -\002\133\017\104\324\040\061\333\364\272\160\046\135\220\140\236 -\274\113\027\011\057\264\313\036\103\150\311\007\047\301\322\134 -\367\352\041\271\150\022\234\074\234\277\236\374\200\134\233\143 -\315\354\107\252\045\047\147\240\067\363\000\202\175\124\327\251 -\370\351\056\023\243\167\350\037\112 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "DigiCert High Assurance EV Root CA" -# Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US -# Serial Number:02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77 -# Subject: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US -# Not Valid Before: Fri Nov 10 00:00:00 2006 -# Not Valid After : Mon Nov 10 00:00:00 2031 -# Fingerprint (MD5): D4:74:DE:57:5C:39:B2:D3:9C:85:83:C5:C0:65:49:8A -# Fingerprint (SHA1): 5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DigiCert High Assurance EV Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\137\267\356\006\063\342\131\333\255\014\114\232\346\323\217\032 -\141\307\334\045 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\324\164\336\127\134\071\262\323\234\205\203\305\300\145\111\212 -END -CKA_ISSUER MULTILINE_OCTAL -\060\154\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\053\060\051\006\003\125\004\003\023\042\104\151\147\151 -\103\145\162\164\040\110\151\147\150\040\101\163\163\165\162\141 -\156\143\145\040\105\126\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\002\254\134\046\152\013\100\233\217\013\171\362\256\106 -\045\167 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "DST Root CA X3" -# -# Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co. -# Serial Number:44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b -# Subject: CN=DST Root CA X3,O=Digital Signature Trust Co. -# Not Valid Before: Sat Sep 30 21:12:19 2000 -# Not Valid After : Thu Sep 30 14:01:15 2021 -# Fingerprint (MD5): 41:03:52:DC:0F:F7:50:1B:16:F0:02:8E:BA:6F:45:C5 -# Fingerprint (SHA1): DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DST Root CA X3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\077\061\044\060\042\006\003\125\004\012\023\033\104\151\147 -\151\164\141\154\040\123\151\147\156\141\164\165\162\145\040\124 -\162\165\163\164\040\103\157\056\061\027\060\025\006\003\125\004 -\003\023\016\104\123\124\040\122\157\157\164\040\103\101\040\130 -\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\077\061\044\060\042\006\003\125\004\012\023\033\104\151\147 -\151\164\141\154\040\123\151\147\156\141\164\165\162\145\040\124 -\162\165\163\164\040\103\157\056\061\027\060\025\006\003\125\004 -\003\023\016\104\123\124\040\122\157\157\164\040\103\101\040\130 -\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\104\257\260\200\326\243\047\272\211\060\071\206\056\370 -\100\153 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\112\060\202\002\062\240\003\002\001\002\002\020\104 -\257\260\200\326\243\047\272\211\060\071\206\056\370\100\153\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\077 -\061\044\060\042\006\003\125\004\012\023\033\104\151\147\151\164 -\141\154\040\123\151\147\156\141\164\165\162\145\040\124\162\165 -\163\164\040\103\157\056\061\027\060\025\006\003\125\004\003\023 -\016\104\123\124\040\122\157\157\164\040\103\101\040\130\063\060 -\036\027\015\060\060\060\071\063\060\062\061\061\062\061\071\132 -\027\015\062\061\060\071\063\060\061\064\060\061\061\065\132\060 -\077\061\044\060\042\006\003\125\004\012\023\033\104\151\147\151 -\164\141\154\040\123\151\147\156\141\164\165\162\145\040\124\162 -\165\163\164\040\103\157\056\061\027\060\025\006\003\125\004\003 -\023\016\104\123\124\040\122\157\157\164\040\103\101\040\130\063 -\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001 -\000\337\257\351\227\120\010\203\127\264\314\142\145\366\220\202 -\354\307\323\054\153\060\312\133\354\331\303\175\307\100\301\030 -\024\213\340\350\063\166\111\052\343\077\041\111\223\254\116\016 -\257\076\110\313\145\356\374\323\041\017\145\322\052\331\062\217 -\214\345\367\167\260\022\173\265\225\300\211\243\251\272\355\163 -\056\172\014\006\062\203\242\176\212\024\060\315\021\240\341\052 -\070\271\171\012\061\375\120\275\200\145\337\267\121\143\203\310 -\342\210\141\352\113\141\201\354\122\153\271\242\342\113\032\050 -\237\110\243\236\014\332\011\216\076\027\056\036\335\040\337\133 -\306\052\212\253\056\275\160\255\305\013\032\045\220\164\162\305 -\173\152\253\064\326\060\211\377\345\150\023\173\124\013\310\326 -\256\354\132\234\222\036\075\144\263\214\306\337\277\311\101\160 -\354\026\162\325\046\354\070\125\071\103\320\374\375\030\134\100 -\361\227\353\325\232\233\215\035\272\332\045\271\306\330\337\301 -\025\002\072\253\332\156\361\076\056\365\134\010\234\074\326\203 -\151\344\020\233\031\052\266\051\127\343\345\075\233\237\360\002 -\135\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125 -\035\016\004\026\004\024\304\247\261\244\173\054\161\372\333\341 -\113\220\165\377\304\025\140\205\211\020\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\003\202\001\001\000\243\032 -\054\233\027\000\134\251\036\356\050\146\067\072\277\203\307\077 -\113\303\011\240\225\040\135\343\331\131\104\322\076\015\076\275 -\212\113\240\164\037\316\020\202\234\164\032\035\176\230\032\335 -\313\023\113\263\040\104\344\221\351\314\374\175\245\333\152\345 -\376\346\375\340\116\335\267\000\072\265\160\111\257\362\345\353 -\002\361\321\002\213\031\313\224\072\136\110\304\030\036\130\031 -\137\036\002\132\360\014\361\261\255\251\334\131\206\213\156\351 -\221\365\206\312\372\271\146\063\252\131\133\316\342\247\026\163 -\107\313\053\314\231\260\067\110\317\343\126\113\365\317\017\014 -\162\062\207\306\360\104\273\123\162\155\103\365\046\110\232\122 -\147\267\130\253\376\147\166\161\170\333\015\242\126\024\023\071 -\044\061\205\242\250\002\132\060\107\341\335\120\007\274\002\011 -\220\000\353\144\143\140\233\026\274\210\311\022\346\322\175\221 -\213\371\075\062\215\145\264\351\174\261\127\166\352\305\266\050 -\071\277\025\145\034\310\366\167\226\152\012\215\167\013\330\221 -\013\004\216\007\333\051\266\012\356\235\202\065\065\020 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "DST Root CA X3" -# Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co. -# Serial Number:44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b -# Subject: CN=DST Root CA X3,O=Digital Signature Trust Co. -# Not Valid Before: Sat Sep 30 21:12:19 2000 -# Not Valid After : Thu Sep 30 14:01:15 2021 -# Fingerprint (MD5): 41:03:52:DC:0F:F7:50:1B:16:F0:02:8E:BA:6F:45:C5 -# Fingerprint (SHA1): DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DST Root CA X3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\332\311\002\117\124\330\366\337\224\223\137\261\163\046\070\312 -\152\327\174\023 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\101\003\122\334\017\367\120\033\026\360\002\216\272\157\105\305 -END -CKA_ISSUER MULTILINE_OCTAL -\060\077\061\044\060\042\006\003\125\004\012\023\033\104\151\147 -\151\164\141\154\040\123\151\147\156\141\164\165\162\145\040\124 -\162\165\163\164\040\103\157\056\061\027\060\025\006\003\125\004 -\003\023\016\104\123\124\040\122\157\157\164\040\103\101\040\130 -\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\104\257\260\200\326\243\047\272\211\060\071\206\056\370 -\100\153 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "SwissSign Platinum CA - G2" -# -# Issuer: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH -# Serial Number:4e:b2:00:67:0c:03:5d:4f -# Subject: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH -# Not Valid Before: Wed Oct 25 08:36:00 2006 -# Not Valid After : Sat Oct 25 08:36:00 2036 -# Fingerprint (MD5): C9:98:27:77:28:1E:3D:0E:15:3C:84:00:B8:85:03:E6 -# Fingerprint (SHA1): 56:E0:FA:C0:3B:8F:18:23:55:18:E5:D3:11:CA:E8:C2:43:31:AB:66 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SwissSign Platinum CA - G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\111\061\013\060\011\006\003\125\004\006\023\002\103\110\061 -\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123 -\151\147\156\040\101\107\061\043\060\041\006\003\125\004\003\023 -\032\123\167\151\163\163\123\151\147\156\040\120\154\141\164\151 -\156\165\155\040\103\101\040\055\040\107\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\111\061\013\060\011\006\003\125\004\006\023\002\103\110\061 -\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123 -\151\147\156\040\101\107\061\043\060\041\006\003\125\004\003\023 -\032\123\167\151\163\163\123\151\147\156\040\120\154\141\164\151 -\156\165\155\040\103\101\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\116\262\000\147\014\003\135\117 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\301\060\202\003\251\240\003\002\001\002\002\010\116 -\262\000\147\014\003\135\117\060\015\006\011\052\206\110\206\367 -\015\001\001\005\005\000\060\111\061\013\060\011\006\003\125\004 -\006\023\002\103\110\061\025\060\023\006\003\125\004\012\023\014 -\123\167\151\163\163\123\151\147\156\040\101\107\061\043\060\041 -\006\003\125\004\003\023\032\123\167\151\163\163\123\151\147\156 -\040\120\154\141\164\151\156\165\155\040\103\101\040\055\040\107 -\062\060\036\027\015\060\066\061\060\062\065\060\070\063\066\060 -\060\132\027\015\063\066\061\060\062\065\060\070\063\066\060\060 -\132\060\111\061\013\060\011\006\003\125\004\006\023\002\103\110 -\061\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163 -\123\151\147\156\040\101\107\061\043\060\041\006\003\125\004\003 -\023\032\123\167\151\163\163\123\151\147\156\040\120\154\141\164 -\151\156\165\155\040\103\101\040\055\040\107\062\060\202\002\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\002\017\000\060\202\002\012\002\202\002\001\000\312\337\242 -\002\342\332\370\374\007\026\261\336\140\252\336\226\134\144\037 -\307\057\176\317\147\372\104\102\326\166\143\225\256\353\257\162 -\040\212\105\107\206\142\170\206\326\040\071\046\364\256\243\375 -\043\347\245\234\265\042\041\031\267\067\223\042\300\120\234\202 -\173\324\325\004\104\134\313\264\302\237\222\276\044\330\173\147 -\042\342\151\137\345\005\170\324\207\331\161\160\063\045\123\264 -\207\073\051\220\050\066\232\125\104\060\150\244\203\227\177\015 -\036\234\166\377\025\235\140\227\000\215\212\205\003\354\200\276 -\352\054\156\020\121\222\314\176\325\243\063\330\326\111\336\130 -\052\257\366\026\353\113\173\220\062\227\271\272\235\130\361\370 -\127\111\004\036\242\135\006\160\335\161\333\371\335\213\232\033 -\214\317\075\243\115\316\313\174\366\273\234\240\372\011\316\043 -\142\262\351\015\037\342\162\050\217\237\254\150\040\175\157\073 -\250\205\061\011\177\013\307\350\145\351\343\170\016\011\147\060 -\213\064\202\373\135\340\314\235\201\155\142\356\010\036\004\054 -\116\233\354\376\251\117\137\375\151\170\357\011\037\241\264\277 -\372\363\357\220\036\114\005\213\036\352\172\221\172\303\327\345 -\373\060\274\154\033\020\130\230\367\032\137\320\051\062\003\023 -\106\115\141\152\205\114\122\164\057\006\037\173\021\342\204\227 -\306\231\363\155\177\327\147\203\176\023\150\330\161\050\132\330 -\316\335\350\020\024\232\376\155\043\207\156\216\132\160\074\325 -\215\011\000\247\252\274\260\061\067\155\310\204\024\036\133\275 -\105\143\040\153\113\164\214\275\333\072\016\301\317\132\026\217 -\245\230\362\166\211\262\023\022\073\013\167\167\254\273\345\074 -\051\112\222\162\312\141\032\053\136\114\342\203\164\167\372\065 -\110\172\205\115\215\232\123\304\337\170\312\227\221\110\053\105 -\053\001\367\034\032\242\355\030\272\012\275\203\372\157\274\215 -\127\223\073\324\324\246\316\036\361\240\261\316\253\375\053\050 -\232\117\033\327\303\162\333\244\304\277\135\114\365\335\173\226 -\151\356\150\200\346\347\230\272\066\267\376\156\355\053\275\040 -\370\145\031\332\125\011\176\045\334\376\141\142\162\371\176\030 -\002\357\143\264\320\373\257\345\073\143\214\147\217\002\003\001 -\000\001\243\201\254\060\201\251\060\016\006\003\125\035\017\001 -\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023\001 -\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035\016 -\004\026\004\024\120\257\314\007\207\025\107\157\070\305\264\145 -\321\336\225\252\351\337\234\314\060\037\006\003\125\035\043\004 -\030\060\026\200\024\120\257\314\007\207\025\107\157\070\305\264 -\145\321\336\225\252\351\337\234\314\060\106\006\003\125\035\040 -\004\077\060\075\060\073\006\011\140\205\164\001\131\001\001\001 -\001\060\056\060\054\006\010\053\006\001\005\005\007\002\001\026 -\040\150\164\164\160\072\057\057\162\145\160\157\163\151\164\157 -\162\171\056\163\167\151\163\163\163\151\147\156\056\143\157\155 -\057\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 -\003\202\002\001\000\010\205\246\365\026\014\374\104\032\301\143 -\340\371\125\106\010\374\160\034\102\050\226\216\267\305\301\101 -\165\116\011\161\171\345\155\226\312\113\245\210\140\320\060\164 -\270\312\010\334\264\060\236\100\007\026\153\145\225\167\001\256 -\244\267\065\013\201\332\161\025\251\164\027\070\173\130\312\371 -\057\373\300\145\166\215\133\001\271\175\336\202\075\144\270\276 -\024\164\243\012\124\323\054\225\030\027\065\365\121\153\077\217 -\242\226\141\071\170\153\113\345\246\240\370\123\337\121\020\223 -\142\347\200\057\342\321\340\274\216\066\106\167\063\354\270\373 -\216\232\054\211\115\061\021\017\046\236\004\273\267\004\215\013 -\362\271\374\132\235\073\026\267\057\310\230\253\376\212\120\131 -\056\243\073\374\051\135\213\301\113\311\342\212\023\035\261\277 -\273\102\035\122\335\116\330\024\136\020\306\061\007\357\161\047 -\367\033\071\011\334\202\352\213\263\225\206\136\375\365\332\135 -\061\246\340\061\266\224\346\104\111\164\305\026\345\367\037\003 -\141\050\305\310\313\022\240\102\113\371\153\210\010\215\264\062 -\030\363\165\237\304\177\000\117\005\225\234\243\027\002\303\263 -\123\233\252\040\071\051\053\146\372\235\257\136\263\222\322\265 -\246\341\032\371\055\101\151\201\024\264\264\265\355\211\075\316 -\373\251\235\065\102\104\261\034\024\163\201\317\052\001\065\232 -\061\325\055\217\155\204\337\200\115\127\343\077\305\204\165\332 -\211\306\060\273\353\217\313\042\010\240\256\252\361\003\154\072 -\113\115\011\245\016\162\306\126\153\041\102\116\043\045\024\150 -\256\166\012\174\014\007\160\144\371\232\057\366\005\071\046\306 -\014\217\031\177\103\136\156\364\133\025\057\333\141\135\346\147 -\057\077\010\224\371\140\264\230\061\332\164\361\204\223\161\115 -\137\373\140\130\321\373\304\301\155\211\242\273\040\037\235\161 -\221\313\062\233\023\075\076\175\222\122\065\254\222\224\242\323 -\030\302\174\307\352\257\166\005\026\335\147\047\302\176\034\007 -\042\041\363\100\012\033\064\007\104\023\302\204\152\216\337\031 -\132\277\177\353\035\342\032\070\321\134\257\107\222\153\200\265 -\060\245\311\215\330\253\061\201\037\337\302\146\067\323\223\251 -\205\206\171\145\322 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "SwissSign Platinum CA - G2" -# Issuer: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH -# Serial Number:4e:b2:00:67:0c:03:5d:4f -# Subject: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH -# Not Valid Before: Wed Oct 25 08:36:00 2006 -# Not Valid After : Sat Oct 25 08:36:00 2036 -# Fingerprint (MD5): C9:98:27:77:28:1E:3D:0E:15:3C:84:00:B8:85:03:E6 -# Fingerprint (SHA1): 56:E0:FA:C0:3B:8F:18:23:55:18:E5:D3:11:CA:E8:C2:43:31:AB:66 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SwissSign Platinum CA - G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\126\340\372\300\073\217\030\043\125\030\345\323\021\312\350\302 -\103\061\253\146 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\311\230\047\167\050\036\075\016\025\074\204\000\270\205\003\346 -END -CKA_ISSUER MULTILINE_OCTAL -\060\111\061\013\060\011\006\003\125\004\006\023\002\103\110\061 -\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123 -\151\147\156\040\101\107\061\043\060\041\006\003\125\004\003\023 -\032\123\167\151\163\163\123\151\147\156\040\120\154\141\164\151 -\156\165\155\040\103\101\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\116\262\000\147\014\003\135\117 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "SwissSign Gold CA - G2" -# -# Issuer: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH -# Serial Number:00:bb:40:1c:43:f5:5e:4f:b0 -# Subject: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH -# Not Valid Before: Wed Oct 25 08:30:35 2006 -# Not Valid After : Sat Oct 25 08:30:35 2036 -# Fingerprint (MD5): 24:77:D9:A8:91:D1:3B:FA:88:2D:C2:FF:F8:CD:33:93 -# Fingerprint (SHA1): D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SwissSign Gold CA - G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\103\110\061 -\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123 -\151\147\156\040\101\107\061\037\060\035\006\003\125\004\003\023 -\026\123\167\151\163\163\123\151\147\156\040\107\157\154\144\040 -\103\101\040\055\040\107\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\103\110\061 -\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123 -\151\147\156\040\101\107\061\037\060\035\006\003\125\004\003\023 -\026\123\167\151\163\163\123\151\147\156\040\107\157\154\144\040 -\103\101\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\273\100\034\103\365\136\117\260 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\272\060\202\003\242\240\003\002\001\002\002\011\000 -\273\100\034\103\365\136\117\260\060\015\006\011\052\206\110\206 -\367\015\001\001\005\005\000\060\105\061\013\060\011\006\003\125 -\004\006\023\002\103\110\061\025\060\023\006\003\125\004\012\023 -\014\123\167\151\163\163\123\151\147\156\040\101\107\061\037\060 -\035\006\003\125\004\003\023\026\123\167\151\163\163\123\151\147 -\156\040\107\157\154\144\040\103\101\040\055\040\107\062\060\036 -\027\015\060\066\061\060\062\065\060\070\063\060\063\065\132\027 -\015\063\066\061\060\062\065\060\070\063\060\063\065\132\060\105 -\061\013\060\011\006\003\125\004\006\023\002\103\110\061\025\060 -\023\006\003\125\004\012\023\014\123\167\151\163\163\123\151\147 -\156\040\101\107\061\037\060\035\006\003\125\004\003\023\026\123 -\167\151\163\163\123\151\147\156\040\107\157\154\144\040\103\101 -\040\055\040\107\062\060\202\002\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002 -\012\002\202\002\001\000\257\344\356\176\213\044\016\022\156\251 -\120\055\026\104\073\222\222\134\312\270\135\204\222\102\023\052 -\274\145\127\202\100\076\127\044\315\120\213\045\052\267\157\374 -\357\242\320\300\037\002\044\112\023\226\217\043\023\346\050\130 -\000\243\107\307\006\247\204\043\053\273\275\226\053\177\125\314 -\213\301\127\037\016\142\145\017\335\075\126\212\163\332\256\176 -\155\272\201\034\176\102\214\040\065\331\103\115\204\372\204\333 -\122\054\363\016\047\167\013\153\277\021\057\162\170\237\056\330 -\076\346\030\067\132\052\162\371\332\142\220\222\225\312\037\234 -\351\263\074\053\313\363\001\023\277\132\317\301\265\012\140\275 -\335\265\231\144\123\270\240\226\263\157\342\046\167\221\214\340 -\142\020\002\237\064\017\244\325\222\063\121\336\276\215\272\204 -\172\140\074\152\333\237\053\354\336\336\001\077\156\115\345\120 -\206\313\264\257\355\104\100\305\312\132\214\332\322\053\174\250 -\356\276\246\345\012\252\016\245\337\005\122\267\125\307\042\135 -\062\152\227\227\143\023\333\311\333\171\066\173\205\072\112\305 -\122\211\371\044\347\235\167\251\202\377\125\034\245\161\151\053 -\321\002\044\362\263\046\324\153\332\004\125\345\301\012\307\155 -\060\067\220\052\344\236\024\063\136\026\027\125\305\133\265\313 -\064\211\222\361\235\046\217\241\007\324\306\262\170\120\333\014 -\014\013\174\013\214\101\327\271\351\335\214\210\367\243\115\262 -\062\314\330\027\332\315\267\316\146\235\324\375\136\377\275\227 -\076\051\165\347\176\247\142\130\257\045\064\245\101\307\075\274 -\015\120\312\003\003\017\010\132\037\225\163\170\142\277\257\162 -\024\151\016\245\345\003\016\170\216\046\050\102\360\007\013\142 -\040\020\147\071\106\372\251\003\314\004\070\172\146\357\040\203 -\265\214\112\126\216\221\000\374\216\134\202\336\210\240\303\342 -\150\156\175\215\357\074\335\145\364\135\254\121\357\044\200\256 -\252\126\227\157\371\255\175\332\141\077\230\167\074\245\221\266 -\034\214\046\332\145\242\011\155\301\342\124\343\271\312\114\114 -\200\217\167\173\140\232\036\337\266\362\110\036\016\272\116\124 -\155\230\340\341\242\032\242\167\120\317\304\143\222\354\107\031 -\235\353\346\153\316\301\002\003\001\000\001\243\201\254\060\201 -\251\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 -\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 -\001\377\060\035\006\003\125\035\016\004\026\004\024\133\045\173 -\226\244\145\121\176\270\071\363\300\170\146\136\350\072\347\360 -\356\060\037\006\003\125\035\043\004\030\060\026\200\024\133\045 -\173\226\244\145\121\176\270\071\363\300\170\146\136\350\072\347 -\360\356\060\106\006\003\125\035\040\004\077\060\075\060\073\006 -\011\140\205\164\001\131\001\002\001\001\060\056\060\054\006\010 -\053\006\001\005\005\007\002\001\026\040\150\164\164\160\072\057 -\057\162\145\160\157\163\151\164\157\162\171\056\163\167\151\163 -\163\163\151\147\156\056\143\157\155\057\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\003\202\002\001\000\047\272 -\343\224\174\361\256\300\336\027\346\345\330\325\365\124\260\203 -\364\273\315\136\005\173\117\237\165\146\257\074\350\126\176\374 -\162\170\070\003\331\053\142\033\000\271\370\351\140\315\314\316 -\121\212\307\120\061\156\341\112\176\030\057\151\131\266\075\144 -\201\053\343\203\204\346\042\207\216\175\340\356\002\231\141\270 -\036\364\270\053\210\022\026\204\302\061\223\070\226\061\246\271 -\073\123\077\303\044\223\126\133\151\222\354\305\301\273\070\000 -\343\354\027\251\270\334\307\174\001\203\237\062\107\272\122\042 -\064\035\062\172\011\126\247\174\045\066\251\075\113\332\300\202 -\157\012\273\022\310\207\113\047\021\371\036\055\307\223\077\236 -\333\137\046\153\122\331\056\212\361\024\306\104\215\025\251\267 -\277\275\336\246\032\356\256\055\373\110\167\027\376\273\354\257 -\030\365\052\121\360\071\204\227\225\154\156\033\303\053\304\164 -\140\171\045\260\012\047\337\337\136\322\071\317\105\175\102\113 -\337\263\054\036\305\306\135\312\125\072\240\234\151\232\217\332 -\357\262\260\074\237\207\154\022\053\145\160\025\122\061\032\044 -\317\157\061\043\120\037\214\117\217\043\303\164\101\143\034\125 -\250\024\335\076\340\121\120\317\361\033\060\126\016\222\260\202 -\205\330\203\313\042\144\274\055\270\045\325\124\242\270\006\352 -\255\222\244\044\240\301\206\265\112\023\152\107\317\056\013\126 -\225\124\313\316\232\333\152\264\246\262\333\101\010\206\047\167 -\367\152\240\102\154\013\070\316\327\165\120\062\222\302\337\053 -\060\042\110\320\325\101\070\045\135\244\351\135\237\306\224\165 -\320\105\375\060\227\103\217\220\253\012\307\206\163\140\112\151 -\055\336\245\170\327\006\332\152\236\113\076\167\072\040\023\042 -\001\320\277\150\236\143\140\153\065\115\013\155\272\241\075\300 -\223\340\177\043\263\125\255\162\045\116\106\371\322\026\357\260 -\144\301\001\236\351\312\240\152\230\016\317\330\140\362\057\111 -\270\344\102\341\070\065\026\364\310\156\117\367\201\126\350\272 -\243\276\043\257\256\375\157\003\340\002\073\060\166\372\033\155 -\101\317\001\261\351\270\311\146\364\333\046\363\072\244\164\362 -\111\044\133\311\260\320\127\301\372\076\172\341\227\311 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "SwissSign Gold CA - G2" -# Issuer: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH -# Serial Number:00:bb:40:1c:43:f5:5e:4f:b0 -# Subject: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH -# Not Valid Before: Wed Oct 25 08:30:35 2006 -# Not Valid After : Sat Oct 25 08:30:35 2036 -# Fingerprint (MD5): 24:77:D9:A8:91:D1:3B:FA:88:2D:C2:FF:F8:CD:33:93 -# Fingerprint (SHA1): D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SwissSign Gold CA - G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\330\305\070\212\267\060\033\033\156\324\172\346\105\045\072\157 -\237\032\047\141 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\044\167\331\250\221\321\073\372\210\055\302\377\370\315\063\223 -END -CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\103\110\061 -\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123 -\151\147\156\040\101\107\061\037\060\035\006\003\125\004\003\023 -\026\123\167\151\163\163\123\151\147\156\040\107\157\154\144\040 -\103\101\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\273\100\034\103\365\136\117\260 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "SwissSign Silver CA - G2" -# -# Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH -# Serial Number:4f:1b:d4:2f:54:bb:2f:4b -# Subject: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH -# Not Valid Before: Wed Oct 25 08:32:46 2006 -# Not Valid After : Sat Oct 25 08:32:46 2036 -# Fingerprint (MD5): E0:06:A1:C9:7D:CF:C9:FC:0D:C0:56:75:96:D8:62:13 -# Fingerprint (SHA1): 9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SwissSign Silver CA - G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\103\110\061 -\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123 -\151\147\156\040\101\107\061\041\060\037\006\003\125\004\003\023 -\030\123\167\151\163\163\123\151\147\156\040\123\151\154\166\145 -\162\040\103\101\040\055\040\107\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\103\110\061 -\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123 -\151\147\156\040\101\107\061\041\060\037\006\003\125\004\003\023 -\030\123\167\151\163\163\123\151\147\156\040\123\151\154\166\145 -\162\040\103\101\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\117\033\324\057\124\273\057\113 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\275\060\202\003\245\240\003\002\001\002\002\010\117 -\033\324\057\124\273\057\113\060\015\006\011\052\206\110\206\367 -\015\001\001\005\005\000\060\107\061\013\060\011\006\003\125\004 -\006\023\002\103\110\061\025\060\023\006\003\125\004\012\023\014 -\123\167\151\163\163\123\151\147\156\040\101\107\061\041\060\037 -\006\003\125\004\003\023\030\123\167\151\163\163\123\151\147\156 -\040\123\151\154\166\145\162\040\103\101\040\055\040\107\062\060 -\036\027\015\060\066\061\060\062\065\060\070\063\062\064\066\132 -\027\015\063\066\061\060\062\065\060\070\063\062\064\066\132\060 -\107\061\013\060\011\006\003\125\004\006\023\002\103\110\061\025 -\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123\151 -\147\156\040\101\107\061\041\060\037\006\003\125\004\003\023\030 -\123\167\151\163\163\123\151\147\156\040\123\151\154\166\145\162 -\040\103\101\040\055\040\107\062\060\202\002\042\060\015\006\011 -\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000 -\060\202\002\012\002\202\002\001\000\304\361\207\177\323\170\061 -\367\070\311\370\303\231\103\274\307\367\274\067\347\116\161\272 -\113\217\245\163\035\134\156\230\256\003\127\256\070\067\103\057 -\027\075\037\310\316\150\020\301\170\256\031\003\053\020\372\054 -\171\203\366\350\271\150\271\125\362\004\104\247\071\371\374\004 -\213\036\361\242\115\047\371\141\173\272\267\345\242\023\266\353 -\141\076\320\154\321\346\373\372\136\355\035\264\236\240\065\133 -\241\222\313\360\111\222\376\205\012\005\076\346\331\013\342\117 -\273\334\225\067\374\221\351\062\065\042\321\037\072\116\047\205 -\235\260\025\224\062\332\141\015\107\115\140\102\256\222\107\350 -\203\132\120\130\351\212\213\271\135\241\334\335\231\112\037\066 -\147\273\110\344\203\266\067\353\110\072\257\017\147\217\027\007 -\350\004\312\357\152\061\207\324\300\266\371\224\161\173\147\144 -\270\266\221\112\102\173\145\056\060\152\014\365\220\356\225\346 -\362\315\202\354\331\241\112\354\366\262\113\345\105\205\346\155 -\170\223\004\056\234\202\155\066\251\304\061\144\037\206\203\013 -\052\364\065\012\170\311\125\317\101\260\107\351\060\237\231\276 -\141\250\006\204\271\050\172\137\070\331\033\251\070\260\203\177 -\163\301\303\073\110\052\202\017\041\233\270\314\250\065\303\204 -\033\203\263\076\276\244\225\151\001\072\211\000\170\004\331\311 -\364\231\031\253\126\176\133\213\206\071\025\221\244\020\054\011 -\062\200\140\263\223\300\052\266\030\013\235\176\215\111\362\020 -\112\177\371\325\106\057\031\222\243\231\247\046\254\273\214\074 -\346\016\274\107\007\334\163\121\361\160\144\057\010\371\264\107 -\035\060\154\104\352\051\067\205\222\150\146\274\203\070\376\173 -\071\056\323\120\360\037\373\136\140\266\251\246\372\047\101\361 -\233\030\162\362\365\204\164\112\311\147\304\124\256\110\144\337 -\214\321\156\260\035\341\007\217\010\036\231\234\161\351\114\330 -\245\367\107\022\037\164\321\121\236\206\363\302\242\043\100\013 -\163\333\113\246\347\163\006\214\301\240\351\301\131\254\106\372 -\346\057\370\317\161\234\106\155\271\304\025\215\070\171\003\105 -\110\357\304\135\327\010\356\207\071\042\206\262\015\017\130\103 -\367\161\251\110\056\375\352\326\037\002\003\001\000\001\243\201 -\254\060\201\251\060\016\006\003\125\035\017\001\001\377\004\004 -\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004\005 -\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024 -\027\240\315\301\344\101\266\072\133\073\313\105\235\275\034\302 -\230\372\206\130\060\037\006\003\125\035\043\004\030\060\026\200 -\024\027\240\315\301\344\101\266\072\133\073\313\105\235\275\034 -\302\230\372\206\130\060\106\006\003\125\035\040\004\077\060\075 -\060\073\006\011\140\205\164\001\131\001\003\001\001\060\056\060 -\054\006\010\053\006\001\005\005\007\002\001\026\040\150\164\164 -\160\072\057\057\162\145\160\157\163\151\164\157\162\171\056\163 -\167\151\163\163\163\151\147\156\056\143\157\155\057\060\015\006 -\011\052\206\110\206\367\015\001\001\005\005\000\003\202\002\001 -\000\163\306\201\340\047\322\055\017\340\225\060\342\232\101\177 -\120\054\137\137\142\141\251\206\152\151\030\014\164\111\326\135 -\204\352\101\122\030\157\130\255\120\126\040\152\306\275\050\151 -\130\221\334\221\021\065\251\072\035\274\032\245\140\236\330\037 -\177\105\221\151\331\176\273\170\162\301\006\017\052\316\217\205 -\160\141\254\240\315\013\270\071\051\126\204\062\116\206\273\075 -\304\052\331\327\037\162\356\376\121\241\042\101\261\161\002\143 -\032\202\260\142\253\136\127\022\037\337\313\335\165\240\300\135 -\171\220\214\033\340\120\346\336\061\376\230\173\160\137\245\220 -\330\255\370\002\266\157\323\140\335\100\113\042\305\075\255\072 -\172\237\032\032\107\221\171\063\272\202\334\062\151\003\226\156 -\037\113\360\161\376\343\147\162\240\261\277\134\213\344\372\231 -\042\307\204\271\033\215\043\227\077\355\045\340\317\145\273\365 -\141\004\357\335\036\262\132\101\042\132\241\237\135\054\350\133 -\311\155\251\014\014\170\252\140\306\126\217\001\132\014\150\274 -\151\031\171\304\037\176\227\005\277\305\351\044\121\136\324\325 -\113\123\355\331\043\132\066\003\145\243\301\003\255\101\060\363 -\106\033\205\220\257\145\265\325\261\344\026\133\170\165\035\227 -\172\155\131\251\052\217\173\336\303\207\211\020\231\111\163\170 -\310\075\275\121\065\164\052\325\361\176\151\033\052\273\073\275 -\045\270\232\132\075\162\141\220\146\207\356\014\326\115\324\021 -\164\013\152\376\013\003\374\243\125\127\211\376\112\313\256\133 -\027\005\310\362\215\043\061\123\070\322\055\152\077\202\271\215 -\010\152\367\136\101\164\156\303\021\176\007\254\051\140\221\077 -\070\312\127\020\015\275\060\057\307\245\346\101\240\332\256\005 -\207\232\240\244\145\154\114\011\014\211\272\270\323\271\300\223 -\212\060\372\215\345\232\153\025\001\116\147\252\332\142\126\076 -\204\010\146\322\304\066\175\247\076\020\374\210\340\324\200\345 -\000\275\252\363\116\006\243\172\152\371\142\162\343\011\117\353 -\233\016\001\043\361\237\273\174\334\334\154\021\227\045\262\362 -\264\143\024\322\006\052\147\214\203\365\316\352\007\330\232\152 -\036\354\344\012\273\052\114\353\011\140\071\316\312\142\330\056 -\156 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "SwissSign Silver CA - G2" -# Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH -# Serial Number:4f:1b:d4:2f:54:bb:2f:4b -# Subject: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH -# Not Valid Before: Wed Oct 25 08:32:46 2006 -# Not Valid After : Sat Oct 25 08:32:46 2036 -# Fingerprint (MD5): E0:06:A1:C9:7D:CF:C9:FC:0D:C0:56:75:96:D8:62:13 -# Fingerprint (SHA1): 9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SwissSign Silver CA - G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\233\252\345\237\126\356\041\313\103\132\276\045\223\337\247\360 -\100\321\035\313 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\340\006\241\311\175\317\311\374\015\300\126\165\226\330\142\023 -END -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\103\110\061 -\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123 -\151\147\156\040\101\107\061\041\060\037\006\003\125\004\003\023 -\030\123\167\151\163\163\123\151\147\156\040\123\151\154\166\145 -\162\040\103\101\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\117\033\324\057\124\273\057\113 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "GeoTrust Primary Certification Authority" -# -# Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US -# Serial Number:18:ac:b5:6a:fd:69:b6:15:3a:63:6c:af:da:fa:c4:a1 -# Subject: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US -# Not Valid Before: Mon Nov 27 00:00:00 2006 -# Not Valid After : Wed Jul 16 23:59:59 2036 -# Fingerprint (MD5): 02:26:C3:01:5E:08:30:37:43:A9:D0:7D:CF:37:E6:BF -# Fingerprint (SHA1): 32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Primary Certification Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\130\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\061\060\057\006\003\125\004\003 -\023\050\107\145\157\124\162\165\163\164\040\120\162\151\155\141 -\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\130\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\061\060\057\006\003\125\004\003 -\023\050\107\145\157\124\162\165\163\164\040\120\162\151\155\141 -\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\030\254\265\152\375\151\266\025\072\143\154\257\332\372 -\304\241 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\174\060\202\002\144\240\003\002\001\002\002\020\030 -\254\265\152\375\151\266\025\072\143\154\257\332\372\304\241\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\130 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\026\060 -\024\006\003\125\004\012\023\015\107\145\157\124\162\165\163\164 -\040\111\156\143\056\061\061\060\057\006\003\125\004\003\023\050 -\107\145\157\124\162\165\163\164\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\060\036\027\015\060\066\061\061 -\062\067\060\060\060\060\060\060\132\027\015\063\066\060\067\061 -\066\062\063\065\071\065\071\132\060\130\061\013\060\011\006\003 -\125\004\006\023\002\125\123\061\026\060\024\006\003\125\004\012 -\023\015\107\145\157\124\162\165\163\164\040\111\156\143\056\061 -\061\060\057\006\003\125\004\003\023\050\107\145\157\124\162\165 -\163\164\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\060\202\001\042\060\015\006\011\052\206\110\206\367\015 -\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202 -\001\001\000\276\270\025\173\377\324\174\175\147\255\203\144\173 -\310\102\123\055\337\366\204\010\040\141\326\001\131\152\234\104 -\021\257\357\166\375\225\176\316\141\060\273\172\203\137\002\275 -\001\146\312\356\025\215\157\241\060\234\275\241\205\236\224\072 -\363\126\210\000\061\317\330\356\152\226\002\331\355\003\214\373 -\165\155\347\352\270\125\026\005\026\232\364\340\136\261\210\300 -\144\205\134\025\115\210\307\267\272\340\165\351\255\005\075\235 -\307\211\110\340\273\050\310\003\341\060\223\144\136\122\300\131 -\160\042\065\127\210\212\361\225\012\203\327\274\061\163\001\064 -\355\357\106\161\340\153\002\250\065\162\153\227\233\146\340\313 -\034\171\137\330\032\004\150\036\107\002\346\235\140\342\066\227 -\001\337\316\065\222\337\276\147\307\155\167\131\073\217\235\326 -\220\025\224\274\102\064\020\301\071\371\261\047\076\176\326\212 -\165\305\262\257\226\323\242\336\233\344\230\276\175\341\351\201 -\255\266\157\374\327\016\332\340\064\260\015\032\167\347\343\010 -\230\357\130\372\234\204\267\066\257\302\337\254\322\364\020\006 -\160\161\065\002\003\001\000\001\243\102\060\100\060\017\006\003 -\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006 -\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006 -\003\125\035\016\004\026\004\024\054\325\120\101\227\025\213\360 -\217\066\141\133\112\373\153\331\231\311\063\222\060\015\006\011 -\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000 -\132\160\177\054\335\267\064\117\365\206\121\251\046\276\113\270 -\252\361\161\015\334\141\307\240\352\064\036\172\167\017\004\065 -\350\047\217\154\220\277\221\026\044\106\076\112\116\316\053\026 -\325\013\122\035\374\037\147\242\002\105\061\117\316\363\372\003 -\247\171\235\123\152\331\332\143\072\370\200\327\323\231\341\245 -\341\276\324\125\161\230\065\072\276\223\352\256\255\102\262\220 -\157\340\374\041\115\065\143\063\211\111\326\233\116\312\307\347 -\116\011\000\367\332\307\357\231\142\231\167\266\225\042\136\212 -\240\253\364\270\170\230\312\070\031\231\311\162\236\170\315\113 -\254\257\031\240\163\022\055\374\302\101\272\201\221\332\026\132 -\061\267\371\264\161\200\022\110\231\162\163\132\131\123\301\143 -\122\063\355\247\311\322\071\002\160\372\340\261\102\146\051\252 -\233\121\355\060\124\042\024\137\331\253\035\301\344\224\360\370 -\365\053\367\352\312\170\106\326\270\221\375\246\015\053\032\024 -\001\076\200\360\102\240\225\007\136\155\315\314\113\244\105\215 -\253\022\350\263\336\132\345\240\174\350\017\042\035\132\351\131 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -# For Server Distrust After: Tue Apr 30 00:00:00 2019 -CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL -\061\071\060\064\063\060\060\060\060\060\060\060\132 -END -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "GeoTrust Primary Certification Authority" -# Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US -# Serial Number:18:ac:b5:6a:fd:69:b6:15:3a:63:6c:af:da:fa:c4:a1 -# Subject: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US -# Not Valid Before: Mon Nov 27 00:00:00 2006 -# Not Valid After : Wed Jul 16 23:59:59 2036 -# Fingerprint (MD5): 02:26:C3:01:5E:08:30:37:43:A9:D0:7D:CF:37:E6:BF -# Fingerprint (SHA1): 32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Primary Certification Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\062\074\021\216\033\367\270\266\122\124\342\342\020\015\326\002 -\220\067\360\226 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\002\046\303\001\136\010\060\067\103\251\320\175\317\067\346\277 -END -CKA_ISSUER MULTILINE_OCTAL -\060\130\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 -\163\164\040\111\156\143\056\061\061\060\057\006\003\125\004\003 -\023\050\107\145\157\124\162\165\163\164\040\120\162\151\155\141 -\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\030\254\265\152\375\151\266\025\072\143\154\257\332\372 -\304\241 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "thawte Primary Root CA" -# -# Issuer: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US -# Serial Number:34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d -# Subject: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US -# Not Valid Before: Fri Nov 17 00:00:00 2006 -# Not Valid After : Wed Jul 16 23:59:59 2036 -# Fingerprint (MD5): 8C:CA:DC:0B:22:CE:F5:BE:72:AC:41:1A:11:A8:D8:12 -# Fingerprint (SHA1): 91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "thawte Primary Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\251\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 -\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040 -\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157 -\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040 -\062\060\060\066\040\164\150\141\167\164\145\054\040\111\156\143 -\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172 -\145\144\040\165\163\145\040\157\156\154\171\061\037\060\035\006 -\003\125\004\003\023\026\164\150\141\167\164\145\040\120\162\151 -\155\141\162\171\040\122\157\157\164\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\251\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 -\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040 -\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157 -\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040 -\062\060\060\066\040\164\150\141\167\164\145\054\040\111\156\143 -\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172 -\145\144\040\165\163\145\040\157\156\154\171\061\037\060\035\006 -\003\125\004\003\023\026\164\150\141\167\164\145\040\120\162\151 -\155\141\162\171\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\064\116\325\127\040\325\355\354\111\364\057\316\067\333 -\053\155 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\040\060\202\003\010\240\003\002\001\002\002\020\064 -\116\325\127\040\325\355\354\111\364\057\316\067\333\053\155\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201 -\251\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025 -\060\023\006\003\125\004\012\023\014\164\150\141\167\164\145\054 -\040\111\156\143\056\061\050\060\046\006\003\125\004\013\023\037 -\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145 -\162\166\151\143\145\163\040\104\151\166\151\163\151\157\156\061 -\070\060\066\006\003\125\004\013\023\057\050\143\051\040\062\060 -\060\066\040\164\150\141\167\164\145\054\040\111\156\143\056\040 -\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145\144 -\040\165\163\145\040\157\156\154\171\061\037\060\035\006\003\125 -\004\003\023\026\164\150\141\167\164\145\040\120\162\151\155\141 -\162\171\040\122\157\157\164\040\103\101\060\036\027\015\060\066 -\061\061\061\067\060\060\060\060\060\060\132\027\015\063\066\060 -\067\061\066\062\063\065\071\065\071\132\060\201\251\061\013\060 -\011\006\003\125\004\006\023\002\125\123\061\025\060\023\006\003 -\125\004\012\023\014\164\150\141\167\164\145\054\040\111\156\143 -\056\061\050\060\046\006\003\125\004\013\023\037\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143 -\145\163\040\104\151\166\151\163\151\157\156\061\070\060\066\006 -\003\125\004\013\023\057\050\143\051\040\062\060\060\066\040\164 -\150\141\167\164\145\054\040\111\156\143\056\040\055\040\106\157 -\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163\145 -\040\157\156\154\171\061\037\060\035\006\003\125\004\003\023\026 -\164\150\141\167\164\145\040\120\162\151\155\141\162\171\040\122 -\157\157\164\040\103\101\060\202\001\042\060\015\006\011\052\206 -\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202 -\001\012\002\202\001\001\000\254\240\360\373\200\131\324\234\307 -\244\317\235\241\131\163\011\020\105\014\015\054\156\150\361\154 -\133\110\150\111\131\067\374\013\063\031\302\167\177\314\020\055 -\225\064\034\346\353\115\011\247\034\322\270\311\227\066\002\267 -\211\324\044\137\006\300\314\104\224\224\215\002\142\157\353\132 -\335\021\215\050\232\134\204\220\020\172\015\275\164\146\057\152 -\070\240\342\325\124\104\353\035\007\237\007\272\157\356\351\375 -\116\013\051\365\076\204\240\001\361\234\253\370\034\176\211\244 -\350\241\330\161\145\015\243\121\173\356\274\322\042\140\015\271 -\133\235\337\272\374\121\133\013\257\230\262\351\056\351\004\350 -\142\207\336\053\310\327\116\301\114\144\036\335\317\207\130\272 -\112\117\312\150\007\035\034\235\112\306\325\057\221\314\174\161 -\162\034\305\300\147\353\062\375\311\222\134\224\332\205\300\233 -\277\123\175\053\011\364\214\235\221\037\227\152\122\313\336\011 -\066\244\167\330\173\207\120\104\325\076\156\051\151\373\071\111 -\046\036\011\245\200\173\100\055\353\350\047\205\311\376\141\375 -\176\346\174\227\035\325\235\002\003\001\000\001\243\102\060\100 -\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 -\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 -\006\060\035\006\003\125\035\016\004\026\004\024\173\133\105\317 -\257\316\313\172\375\061\222\032\152\266\363\106\353\127\110\120 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003 -\202\001\001\000\171\021\300\113\263\221\266\374\360\351\147\324 -\015\156\105\276\125\350\223\322\316\003\077\355\332\045\260\035 -\127\313\036\072\166\240\114\354\120\166\350\144\162\014\244\251 -\361\270\213\326\326\207\204\273\062\345\101\021\300\167\331\263 -\140\235\353\033\325\321\156\104\104\251\246\001\354\125\142\035 -\167\270\134\216\110\111\174\234\073\127\021\254\255\163\067\216 -\057\170\134\220\150\107\331\140\140\346\374\007\075\042\040\027 -\304\367\026\351\304\330\162\371\310\163\174\337\026\057\025\251 -\076\375\152\047\266\241\353\132\272\230\037\325\343\115\144\012 -\235\023\310\141\272\365\071\034\207\272\270\275\173\042\177\366 -\376\254\100\171\345\254\020\157\075\217\033\171\166\213\304\067 -\263\041\030\204\345\066\000\353\143\040\231\271\351\376\063\004 -\273\101\310\301\002\371\104\143\040\236\201\316\102\323\326\077 -\054\166\323\143\234\131\335\217\246\341\016\240\056\101\367\056 -\225\107\317\274\375\063\363\366\013\141\176\176\221\053\201\107 -\302\047\060\356\247\020\135\067\217\134\071\053\344\004\360\173 -\215\126\214\150 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -# For Server Distrust After: Tue Apr 30 00:00:00 2019 -CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL -\061\071\060\064\063\060\060\060\060\060\060\060\132 -END -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "thawte Primary Root CA" -# Issuer: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US -# Serial Number:34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d -# Subject: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US -# Not Valid Before: Fri Nov 17 00:00:00 2006 -# Not Valid After : Wed Jul 16 23:59:59 2036 -# Fingerprint (MD5): 8C:CA:DC:0B:22:CE:F5:BE:72:AC:41:1A:11:A8:D8:12 -# Fingerprint (SHA1): 91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "thawte Primary Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\221\306\326\356\076\212\310\143\204\345\110\302\231\051\134\165 -\154\201\173\201 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\214\312\334\013\042\316\365\276\162\254\101\032\021\250\330\022 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\251\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 -\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040 -\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157 -\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040 -\062\060\060\066\040\164\150\141\167\164\145\054\040\111\156\143 -\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172 -\145\144\040\165\163\145\040\157\156\154\171\061\037\060\035\006 -\003\125\004\003\023\026\164\150\141\167\164\145\040\120\162\151 -\155\141\162\171\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\064\116\325\127\040\325\355\354\111\364\057\316\067\333 -\053\155 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "VeriSign Class 3 Public Primary Certification Authority - G5" -# -# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a -# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Wed Nov 08 00:00:00 2006 -# Not Valid After : Wed Jul 16 23:59:59 2036 -# Fingerprint (MD5): CB:17:E4:31:67:3E:E2:09:FE:45:57:93:F3:0A:FA:1C -# Fingerprint (SHA1): 4E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G5" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\066\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\065 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\066\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\065 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\030\332\321\236\046\175\350\273\112\041\130\315\314\153 -\073\112 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\323\060\202\003\273\240\003\002\001\002\002\020\030 -\332\321\236\046\175\350\273\112\041\130\315\314\153\073\112\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201 -\312\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027 -\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147 -\156\054\040\111\156\143\056\061\037\060\035\006\003\125\004\013 -\023\026\126\145\162\151\123\151\147\156\040\124\162\165\163\164 -\040\116\145\164\167\157\162\153\061\072\060\070\006\003\125\004 -\013\023\061\050\143\051\040\062\060\060\066\040\126\145\162\151 -\123\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162 -\040\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040 -\157\156\154\171\061\105\060\103\006\003\125\004\003\023\074\126 -\145\162\151\123\151\147\156\040\103\154\141\163\163\040\063\040 -\120\165\142\154\151\143\040\120\162\151\155\141\162\171\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\065\060\036\027\015\060 -\066\061\061\060\070\060\060\060\060\060\060\132\027\015\063\066 -\060\067\061\066\062\063\065\071\065\071\132\060\201\312\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006 -\003\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040 -\111\156\143\056\061\037\060\035\006\003\125\004\013\023\026\126 -\145\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145 -\164\167\157\162\153\061\072\060\070\006\003\125\004\013\023\061 -\050\143\051\040\062\060\060\066\040\126\145\162\151\123\151\147 -\156\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165 -\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 -\171\061\105\060\103\006\003\125\004\003\023\074\126\145\162\151 -\123\151\147\156\040\103\154\141\163\163\040\063\040\120\165\142 -\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 -\151\164\171\040\055\040\107\065\060\202\001\042\060\015\006\011 -\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000 -\060\202\001\012\002\202\001\001\000\257\044\010\010\051\172\065 -\236\140\014\252\347\113\073\116\334\174\274\074\105\034\273\053 -\340\376\051\002\371\127\010\243\144\205\025\047\365\361\255\310 -\061\211\135\042\350\052\252\246\102\263\217\370\271\125\267\261 -\267\113\263\376\217\176\007\127\354\357\103\333\146\142\025\141 -\317\140\015\244\330\336\370\340\303\142\010\075\124\023\353\111 -\312\131\124\205\046\345\053\217\033\237\353\365\241\221\302\063 -\111\330\103\143\152\122\113\322\217\350\160\121\115\321\211\151 -\173\307\160\366\263\334\022\164\333\173\135\113\126\323\226\277 -\025\167\241\260\364\242\045\362\257\034\222\147\030\345\364\006 -\004\357\220\271\344\000\344\335\072\265\031\377\002\272\364\074 -\356\340\213\353\067\213\354\364\327\254\362\366\360\075\257\335 -\165\221\063\031\035\034\100\313\164\044\031\041\223\331\024\376 -\254\052\122\307\217\325\004\111\344\215\143\107\210\074\151\203 -\313\376\107\275\053\176\117\305\225\256\016\235\324\321\103\300 -\147\163\343\024\010\176\345\077\237\163\270\063\012\317\135\077 -\064\207\226\212\356\123\350\045\025\002\003\001\000\001\243\201 -\262\060\201\257\060\017\006\003\125\035\023\001\001\377\004\005 -\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004 -\004\003\002\001\006\060\155\006\010\053\006\001\005\005\007\001 -\014\004\141\060\137\241\135\240\133\060\131\060\127\060\125\026 -\011\151\155\141\147\145\057\147\151\146\060\041\060\037\060\007 -\006\005\053\016\003\002\032\004\024\217\345\323\032\206\254\215 -\216\153\303\317\200\152\324\110\030\054\173\031\056\060\045\026 -\043\150\164\164\160\072\057\057\154\157\147\157\056\166\145\162 -\151\163\151\147\156\056\143\157\155\057\166\163\154\157\147\157 -\056\147\151\146\060\035\006\003\125\035\016\004\026\004\024\177 -\323\145\247\302\335\354\273\360\060\011\363\103\071\372\002\257 -\063\061\063\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\003\202\001\001\000\223\044\112\060\137\142\317\330\032 -\230\057\075\352\334\231\055\275\167\366\245\171\042\070\354\304 -\247\240\170\022\255\142\016\105\160\144\305\347\227\146\055\230 -\011\176\137\257\326\314\050\145\362\001\252\010\032\107\336\371 -\371\174\222\132\010\151\040\015\331\076\155\156\074\015\156\330 -\346\006\221\100\030\271\370\301\355\337\333\101\252\340\226\040 -\311\315\144\025\070\201\311\224\356\242\204\051\013\023\157\216 -\333\014\335\045\002\333\244\213\031\104\322\101\172\005\151\112 -\130\117\140\312\176\202\152\013\002\252\045\027\071\265\333\177 -\347\204\145\052\225\212\275\206\336\136\201\026\203\055\020\314 -\336\375\250\202\052\155\050\037\015\013\304\345\347\032\046\031 -\341\364\021\157\020\265\225\374\347\102\005\062\333\316\235\121 -\136\050\266\236\205\323\133\357\245\175\105\100\162\216\267\016 -\153\016\006\373\063\065\110\161\270\235\047\213\304\145\137\015 -\206\166\234\104\172\366\225\134\366\135\062\010\063\244\124\266 -\030\077\150\134\362\102\112\205\070\124\203\137\321\350\054\362 -\254\021\326\250\355\143\152 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -# For Server Distrust After: Tue Apr 30 00:00:00 2019 -CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL -\061\071\060\064\063\060\060\060\060\060\060\060\132 -END -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G5" -# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a -# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Wed Nov 08 00:00:00 2006 -# Not Valid After : Wed Jul 16 23:59:59 2036 -# Fingerprint (MD5): CB:17:E4:31:67:3E:E2:09:FE:45:57:93:F3:0A:FA:1C -# Fingerprint (SHA1): 4E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G5" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\116\266\325\170\111\233\034\317\137\130\036\255\126\276\075\233 -\147\104\245\345 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\313\027\344\061\147\076\342\011\376\105\127\223\363\012\372\034 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\066\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\065 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\030\332\321\236\046\175\350\273\112\041\130\315\314\153 -\073\112 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "SecureTrust CA" -# -# Issuer: CN=SecureTrust CA,O=SecureTrust Corporation,C=US -# Serial Number:0c:f0:8e:5c:08:16:a5:ad:42:7f:f0:eb:27:18:59:d0 -# Subject: CN=SecureTrust CA,O=SecureTrust Corporation,C=US -# Not Valid Before: Tue Nov 07 19:31:18 2006 -# Not Valid After : Mon Dec 31 19:40:55 2029 -# Fingerprint (MD5): DC:32:C3:A7:6D:25:57:C7:68:09:9D:EA:2D:A9:A2:D1 -# Fingerprint (SHA1): 87:82:C6:C3:04:35:3B:CF:D2:96:92:D2:59:3E:7D:44:D9:34:FF:11 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SecureTrust CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\110\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\040\060\036\006\003\125\004\012\023\027\123\145\143\165\162\145 -\124\162\165\163\164\040\103\157\162\160\157\162\141\164\151\157 -\156\061\027\060\025\006\003\125\004\003\023\016\123\145\143\165 -\162\145\124\162\165\163\164\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\110\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\040\060\036\006\003\125\004\012\023\027\123\145\143\165\162\145 -\124\162\165\163\164\040\103\157\162\160\157\162\141\164\151\157 -\156\061\027\060\025\006\003\125\004\003\023\016\123\145\143\165 -\162\145\124\162\165\163\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\014\360\216\134\010\026\245\255\102\177\360\353\047\030 -\131\320 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\270\060\202\002\240\240\003\002\001\002\002\020\014 -\360\216\134\010\026\245\255\102\177\360\353\047\030\131\320\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\110 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\040\060 -\036\006\003\125\004\012\023\027\123\145\143\165\162\145\124\162 -\165\163\164\040\103\157\162\160\157\162\141\164\151\157\156\061 -\027\060\025\006\003\125\004\003\023\016\123\145\143\165\162\145 -\124\162\165\163\164\040\103\101\060\036\027\015\060\066\061\061 -\060\067\061\071\063\061\061\070\132\027\015\062\071\061\062\063 -\061\061\071\064\060\065\065\132\060\110\061\013\060\011\006\003 -\125\004\006\023\002\125\123\061\040\060\036\006\003\125\004\012 -\023\027\123\145\143\165\162\145\124\162\165\163\164\040\103\157 -\162\160\157\162\141\164\151\157\156\061\027\060\025\006\003\125 -\004\003\023\016\123\145\143\165\162\145\124\162\165\163\164\040 -\103\101\060\202\001\042\060\015\006\011\052\206\110\206\367\015 -\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202 -\001\001\000\253\244\201\345\225\315\365\366\024\216\302\117\312 -\324\342\170\225\130\234\101\341\015\231\100\044\027\071\221\063 -\146\351\276\341\203\257\142\134\211\321\374\044\133\141\263\340 -\021\021\101\034\035\156\360\270\273\370\336\247\201\272\246\110 -\306\237\035\275\276\216\251\101\076\270\224\355\051\032\324\216 -\322\003\035\003\357\155\015\147\034\127\327\006\255\312\310\365 -\376\016\257\146\045\110\004\226\013\135\243\272\026\303\010\117 -\321\106\370\024\134\362\310\136\001\231\155\375\210\314\206\250 -\301\157\061\102\154\122\076\150\313\363\031\064\337\273\207\030 -\126\200\046\304\320\334\300\157\337\336\240\302\221\026\240\144 -\021\113\104\274\036\366\347\372\143\336\146\254\166\244\161\243 -\354\066\224\150\172\167\244\261\347\016\057\201\172\342\265\162 -\206\357\242\153\213\360\017\333\323\131\077\272\162\274\104\044 -\234\343\163\263\367\257\127\057\102\046\235\251\164\272\000\122 -\362\113\315\123\174\107\013\066\205\016\146\251\010\227\026\064 -\127\301\146\367\200\343\355\160\124\307\223\340\056\050\025\131 -\207\272\273\002\003\001\000\001\243\201\235\060\201\232\060\023 -\006\011\053\006\001\004\001\202\067\024\002\004\006\036\004\000 -\103\000\101\060\013\006\003\125\035\017\004\004\003\002\001\206 -\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 -\377\060\035\006\003\125\035\016\004\026\004\024\102\062\266\026 -\372\004\375\376\135\113\172\303\375\367\114\100\035\132\103\257 -\060\064\006\003\125\035\037\004\055\060\053\060\051\240\047\240 -\045\206\043\150\164\164\160\072\057\057\143\162\154\056\163\145 -\143\165\162\145\164\162\165\163\164\056\143\157\155\057\123\124 -\103\101\056\143\162\154\060\020\006\011\053\006\001\004\001\202 -\067\025\001\004\003\002\001\000\060\015\006\011\052\206\110\206 -\367\015\001\001\005\005\000\003\202\001\001\000\060\355\117\112 -\341\130\072\122\162\133\265\246\243\145\030\246\273\121\073\167 -\351\235\352\323\237\134\340\105\145\173\015\312\133\342\160\120 -\262\224\005\024\256\111\307\215\101\007\022\163\224\176\014\043 -\041\375\274\020\177\140\020\132\162\365\230\016\254\354\271\177 -\335\172\157\135\323\034\364\377\210\005\151\102\251\005\161\310 -\267\254\046\350\056\264\214\152\377\161\334\270\261\337\231\274 -\174\041\124\053\344\130\242\273\127\051\256\236\251\243\031\046 -\017\231\056\010\260\357\375\151\317\231\032\011\215\343\247\237 -\053\311\066\064\173\044\263\170\114\225\027\244\006\046\036\266 -\144\122\066\137\140\147\331\234\305\005\164\013\347\147\043\322 -\010\374\210\351\256\213\177\341\060\364\067\176\375\306\062\332 -\055\236\104\060\060\154\356\007\336\322\064\374\322\377\100\366 -\113\364\146\106\006\124\246\362\062\012\143\046\060\153\233\321 -\334\213\107\272\341\271\325\142\320\242\240\364\147\005\170\051 -\143\032\157\004\326\370\306\114\243\232\261\067\264\215\345\050 -\113\035\236\054\302\270\150\274\355\002\356\061 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "SecureTrust CA" -# Issuer: CN=SecureTrust CA,O=SecureTrust Corporation,C=US -# Serial Number:0c:f0:8e:5c:08:16:a5:ad:42:7f:f0:eb:27:18:59:d0 -# Subject: CN=SecureTrust CA,O=SecureTrust Corporation,C=US -# Not Valid Before: Tue Nov 07 19:31:18 2006 -# Not Valid After : Mon Dec 31 19:40:55 2029 -# Fingerprint (MD5): DC:32:C3:A7:6D:25:57:C7:68:09:9D:EA:2D:A9:A2:D1 -# Fingerprint (SHA1): 87:82:C6:C3:04:35:3B:CF:D2:96:92:D2:59:3E:7D:44:D9:34:FF:11 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SecureTrust CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\207\202\306\303\004\065\073\317\322\226\222\322\131\076\175\104 -\331\064\377\021 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\334\062\303\247\155\045\127\307\150\011\235\352\055\251\242\321 -END -CKA_ISSUER MULTILINE_OCTAL -\060\110\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\040\060\036\006\003\125\004\012\023\027\123\145\143\165\162\145 -\124\162\165\163\164\040\103\157\162\160\157\162\141\164\151\157 -\156\061\027\060\025\006\003\125\004\003\023\016\123\145\143\165 -\162\145\124\162\165\163\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\014\360\216\134\010\026\245\255\102\177\360\353\047\030 -\131\320 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Secure Global CA" -# -# Issuer: CN=Secure Global CA,O=SecureTrust Corporation,C=US -# Serial Number:07:56:22:a4:e8:d4:8a:89:4d:f4:13:c8:f0:f8:ea:a5 -# Subject: CN=Secure Global CA,O=SecureTrust Corporation,C=US -# Not Valid Before: Tue Nov 07 19:42:28 2006 -# Not Valid After : Mon Dec 31 19:52:06 2029 -# Fingerprint (MD5): CF:F4:27:0D:D4:ED:DC:65:16:49:6D:3D:DA:BF:6E:DE -# Fingerprint (SHA1): 3A:44:73:5A:E5:81:90:1F:24:86:61:46:1E:3B:9C:C4:5F:F5:3A:1B -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Secure Global CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\112\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\040\060\036\006\003\125\004\012\023\027\123\145\143\165\162\145 -\124\162\165\163\164\040\103\157\162\160\157\162\141\164\151\157 -\156\061\031\060\027\006\003\125\004\003\023\020\123\145\143\165 -\162\145\040\107\154\157\142\141\154\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\112\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\040\060\036\006\003\125\004\012\023\027\123\145\143\165\162\145 -\124\162\165\163\164\040\103\157\162\160\157\162\141\164\151\157 -\156\061\031\060\027\006\003\125\004\003\023\020\123\145\143\165 -\162\145\040\107\154\157\142\141\154\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\007\126\042\244\350\324\212\211\115\364\023\310\360\370 -\352\245 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\274\060\202\002\244\240\003\002\001\002\002\020\007 -\126\042\244\350\324\212\211\115\364\023\310\360\370\352\245\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\112 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\040\060 -\036\006\003\125\004\012\023\027\123\145\143\165\162\145\124\162 -\165\163\164\040\103\157\162\160\157\162\141\164\151\157\156\061 -\031\060\027\006\003\125\004\003\023\020\123\145\143\165\162\145 -\040\107\154\157\142\141\154\040\103\101\060\036\027\015\060\066 -\061\061\060\067\061\071\064\062\062\070\132\027\015\062\071\061 -\062\063\061\061\071\065\062\060\066\132\060\112\061\013\060\011 -\006\003\125\004\006\023\002\125\123\061\040\060\036\006\003\125 -\004\012\023\027\123\145\143\165\162\145\124\162\165\163\164\040 -\103\157\162\160\157\162\141\164\151\157\156\061\031\060\027\006 -\003\125\004\003\023\020\123\145\143\165\162\145\040\107\154\157 -\142\141\154\040\103\101\060\202\001\042\060\015\006\011\052\206 -\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202 -\001\012\002\202\001\001\000\257\065\056\330\254\154\125\151\006 -\161\345\023\150\044\263\117\330\314\041\107\370\361\140\070\211 -\211\003\351\275\352\136\106\123\011\334\134\365\132\350\367\105 -\052\002\353\061\141\327\051\063\114\316\307\174\012\067\176\017 -\272\062\230\341\035\227\257\217\307\334\311\070\226\363\333\032 -\374\121\355\150\306\320\156\244\174\044\321\256\102\310\226\120 -\143\056\340\376\165\376\230\247\137\111\056\225\343\071\063\144 -\216\036\244\137\220\322\147\074\262\331\376\101\271\125\247\011 -\216\162\005\036\213\335\104\205\202\102\320\111\300\035\140\360 -\321\027\054\225\353\366\245\301\222\243\305\302\247\010\140\015 -\140\004\020\226\171\236\026\064\346\251\266\372\045\105\071\310 -\036\145\371\223\365\252\361\122\334\231\230\075\245\206\032\014 -\065\063\372\113\245\004\006\025\034\061\200\357\252\030\153\302 -\173\327\332\316\371\063\040\325\365\275\152\063\055\201\004\373 -\260\134\324\234\243\342\134\035\343\251\102\165\136\173\324\167 -\357\071\124\272\311\012\030\033\022\231\111\057\210\113\375\120 -\142\321\163\347\217\172\103\002\003\001\000\001\243\201\235\060 -\201\232\060\023\006\011\053\006\001\004\001\202\067\024\002\004 -\006\036\004\000\103\000\101\060\013\006\003\125\035\017\004\004 -\003\002\001\206\060\017\006\003\125\035\023\001\001\377\004\005 -\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024 -\257\104\004\302\101\176\110\203\333\116\071\002\354\354\204\172 -\346\316\311\244\060\064\006\003\125\035\037\004\055\060\053\060 -\051\240\047\240\045\206\043\150\164\164\160\072\057\057\143\162 -\154\056\163\145\143\165\162\145\164\162\165\163\164\056\143\157 -\155\057\123\107\103\101\056\143\162\154\060\020\006\011\053\006 -\001\004\001\202\067\025\001\004\003\002\001\000\060\015\006\011 -\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000 -\143\032\010\100\175\244\136\123\015\167\330\172\256\037\015\013 -\121\026\003\357\030\174\310\343\257\152\130\223\024\140\221\262 -\204\334\210\116\276\071\212\072\363\346\202\211\135\001\067\263 -\253\044\244\025\016\222\065\132\112\104\136\116\127\372\165\316 -\037\110\316\146\364\074\100\046\222\230\154\033\356\044\106\014 -\027\263\122\245\333\245\221\221\317\067\323\157\347\047\010\072 -\116\031\037\072\247\130\134\027\317\171\077\213\344\247\323\046 -\043\235\046\017\130\151\374\107\176\262\320\215\213\223\277\051 -\117\103\151\164\166\147\113\317\007\214\346\002\367\265\341\264 -\103\265\113\055\024\237\371\334\046\015\277\246\107\164\006\330 -\210\321\072\051\060\204\316\322\071\200\142\033\250\307\127\111 -\274\152\125\121\147\025\112\276\065\007\344\325\165\230\067\171 -\060\024\333\051\235\154\305\151\314\107\125\242\060\367\314\134 -\177\302\303\230\034\153\116\026\200\353\172\170\145\105\242\000 -\032\257\014\015\125\144\064\110\270\222\271\361\264\120\051\362 -\117\043\037\332\154\254\037\104\341\335\043\170\121\133\307\026 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Secure Global CA" -# Issuer: CN=Secure Global CA,O=SecureTrust Corporation,C=US -# Serial Number:07:56:22:a4:e8:d4:8a:89:4d:f4:13:c8:f0:f8:ea:a5 -# Subject: CN=Secure Global CA,O=SecureTrust Corporation,C=US -# Not Valid Before: Tue Nov 07 19:42:28 2006 -# Not Valid After : Mon Dec 31 19:52:06 2029 -# Fingerprint (MD5): CF:F4:27:0D:D4:ED:DC:65:16:49:6D:3D:DA:BF:6E:DE -# Fingerprint (SHA1): 3A:44:73:5A:E5:81:90:1F:24:86:61:46:1E:3B:9C:C4:5F:F5:3A:1B -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Secure Global CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\072\104\163\132\345\201\220\037\044\206\141\106\036\073\234\304 -\137\365\072\033 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\317\364\047\015\324\355\334\145\026\111\155\075\332\277\156\336 -END -CKA_ISSUER MULTILINE_OCTAL -\060\112\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\040\060\036\006\003\125\004\012\023\027\123\145\143\165\162\145 -\124\162\165\163\164\040\103\157\162\160\157\162\141\164\151\157 -\156\061\031\060\027\006\003\125\004\003\023\020\123\145\143\165 -\162\145\040\107\154\157\142\141\154\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\007\126\042\244\350\324\212\211\115\364\023\310\360\370 -\352\245 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "COMODO Certification Authority" -# -# Issuer: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB -# Serial Number:4e:81:2d:8a:82:65:e0:0b:02:ee:3e:35:02:46:e5:3d -# Subject: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB -# Not Valid Before: Fri Dec 01 00:00:00 2006 -# Not Valid After : Mon Dec 31 23:59:59 2029 -# Fingerprint (MD5): 5C:48:DC:F7:42:72:EC:56:94:6D:1C:CC:71:35:80:75 -# Fingerprint (SHA1): 66:31:BF:9E:F7:4F:9E:B6:C9:D5:A6:0C:BA:6A:BE:D1:F7:BD:EF:7B -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "COMODO Certification Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\201\061\013\060\011\006\003\125\004\006\023\002\107\102 -\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164 -\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060 -\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061 -\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117 -\040\103\101\040\114\151\155\151\164\145\144\061\047\060\045\006 -\003\125\004\003\023\036\103\117\115\117\104\117\040\103\145\162 -\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\201\061\013\060\011\006\003\125\004\006\023\002\107\102 -\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164 -\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060 -\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061 -\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117 -\040\103\101\040\114\151\155\151\164\145\144\061\047\060\045\006 -\003\125\004\003\023\036\103\117\115\117\104\117\040\103\145\162 -\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\116\201\055\212\202\145\340\013\002\356\076\065\002\106 -\345\075 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\035\060\202\003\005\240\003\002\001\002\002\020\116 -\201\055\212\202\145\340\013\002\356\076\065\002\106\345\075\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201 -\201\061\013\060\011\006\003\125\004\006\023\002\107\102\061\033 -\060\031\006\003\125\004\010\023\022\107\162\145\141\164\145\162 -\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016\006 -\003\125\004\007\023\007\123\141\154\146\157\162\144\061\032\060 -\030\006\003\125\004\012\023\021\103\117\115\117\104\117\040\103 -\101\040\114\151\155\151\164\145\144\061\047\060\045\006\003\125 -\004\003\023\036\103\117\115\117\104\117\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\060\036\027\015\060\066\061\062\060\061\060\060\060\060 -\060\060\132\027\015\062\071\061\062\063\061\062\063\065\071\065 -\071\132\060\201\201\061\013\060\011\006\003\125\004\006\023\002 -\107\102\061\033\060\031\006\003\125\004\010\023\022\107\162\145 -\141\164\145\162\040\115\141\156\143\150\145\163\164\145\162\061 -\020\060\016\006\003\125\004\007\023\007\123\141\154\146\157\162 -\144\061\032\060\030\006\003\125\004\012\023\021\103\117\115\117 -\104\117\040\103\101\040\114\151\155\151\164\145\144\061\047\060 -\045\006\003\125\004\003\023\036\103\117\115\117\104\117\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\060\202\001\042\060\015\006\011\052\206 -\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202 -\001\012\002\202\001\001\000\320\100\213\213\162\343\221\033\367 -\121\301\033\124\004\230\323\251\277\301\346\212\135\073\207\373 -\273\210\316\015\343\057\077\006\226\360\242\051\120\231\256\333 -\073\241\127\260\164\121\161\315\355\102\221\115\101\376\251\310 -\330\152\206\167\104\273\131\146\227\120\136\264\324\054\160\104 -\317\332\067\225\102\151\074\060\304\161\263\122\360\041\115\241 -\330\272\071\174\034\236\243\044\235\362\203\026\230\252\026\174 -\103\233\025\133\267\256\064\221\376\324\142\046\030\106\232\077 -\353\301\371\361\220\127\353\254\172\015\213\333\162\060\152\146 -\325\340\106\243\160\334\150\331\377\004\110\211\167\336\265\351 -\373\147\155\101\351\274\071\275\062\331\142\002\361\261\250\075 -\156\067\234\342\057\342\323\242\046\213\306\270\125\103\210\341 -\043\076\245\322\044\071\152\107\253\000\324\241\263\251\045\376 -\015\077\247\035\272\323\121\301\013\244\332\254\070\357\125\120 -\044\005\145\106\223\064\117\055\215\255\306\324\041\031\322\216 -\312\005\141\161\007\163\107\345\212\031\022\275\004\115\316\116 -\234\245\110\254\273\046\367\002\003\001\000\001\243\201\216\060 -\201\213\060\035\006\003\125\035\016\004\026\004\024\013\130\345 -\213\306\114\025\067\244\100\251\060\251\041\276\107\066\132\126 -\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 -\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 -\001\377\060\111\006\003\125\035\037\004\102\060\100\060\076\240 -\074\240\072\206\070\150\164\164\160\072\057\057\143\162\154\056 -\143\157\155\157\144\157\143\141\056\143\157\155\057\103\117\115 -\117\104\117\103\145\162\164\151\146\151\143\141\164\151\157\156 -\101\165\164\150\157\162\151\164\171\056\143\162\154\060\015\006 -\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001 -\000\076\230\236\233\366\033\351\327\071\267\170\256\035\162\030 -\111\323\207\344\103\202\353\077\311\252\365\250\265\357\125\174 -\041\122\145\371\325\015\341\154\364\076\214\223\163\221\056\002 -\304\116\007\161\157\300\217\070\141\010\250\036\201\012\300\057 -\040\057\101\213\221\334\110\105\274\361\306\336\272\166\153\063 -\310\000\055\061\106\114\355\347\235\317\210\224\377\063\300\126 -\350\044\206\046\270\330\070\070\337\052\153\335\022\314\307\077 -\107\027\114\242\302\006\226\011\326\333\376\077\074\106\101\337 -\130\342\126\017\074\073\301\034\223\065\331\070\122\254\356\310 -\354\056\060\116\224\065\264\044\037\113\170\151\332\362\002\070 -\314\225\122\223\360\160\045\131\234\040\147\304\356\371\213\127 -\141\364\222\166\175\077\204\215\125\267\350\345\254\325\361\365 -\031\126\246\132\373\220\034\257\223\353\345\034\324\147\227\135 -\004\016\276\013\203\246\027\203\271\060\022\240\305\063\025\005 -\271\015\373\307\005\166\343\330\112\215\374\064\027\243\306\041 -\050\276\060\105\061\036\307\170\276\130\141\070\254\073\342\001 -\145 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "COMODO Certification Authority" -# Issuer: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB -# Serial Number:4e:81:2d:8a:82:65:e0:0b:02:ee:3e:35:02:46:e5:3d -# Subject: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB -# Not Valid Before: Fri Dec 01 00:00:00 2006 -# Not Valid After : Mon Dec 31 23:59:59 2029 -# Fingerprint (MD5): 5C:48:DC:F7:42:72:EC:56:94:6D:1C:CC:71:35:80:75 -# Fingerprint (SHA1): 66:31:BF:9E:F7:4F:9E:B6:C9:D5:A6:0C:BA:6A:BE:D1:F7:BD:EF:7B -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "COMODO Certification Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\146\061\277\236\367\117\236\266\311\325\246\014\272\152\276\321 -\367\275\357\173 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\134\110\334\367\102\162\354\126\224\155\034\314\161\065\200\165 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\201\061\013\060\011\006\003\125\004\006\023\002\107\102 -\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164 -\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060 -\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061 -\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117 -\040\103\101\040\114\151\155\151\164\145\144\061\047\060\045\006 -\003\125\004\003\023\036\103\117\115\117\104\117\040\103\145\162 -\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\116\201\055\212\202\145\340\013\002\356\076\065\002\106 -\345\075 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Network Solutions Certificate Authority" -# -# Issuer: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US -# Serial Number:57:cb:33:6f:c2:5c:16:e6:47:16:17:e3:90:31:68:e0 -# Subject: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US -# Not Valid Before: Fri Dec 01 00:00:00 2006 -# Not Valid After : Mon Dec 31 23:59:59 2029 -# Fingerprint (MD5): D3:F3:A6:16:C0:FA:6B:1D:59:B1:2D:96:4D:0E:11:2E -# Fingerprint (SHA1): 74:F8:A3:C3:EF:E7:B3:90:06:4B:83:90:3C:21:64:60:20:E5:DF:CE -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Network Solutions Certificate Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\041\060\037\006\003\125\004\012\023\030\116\145\164\167\157\162 -\153\040\123\157\154\165\164\151\157\156\163\040\114\056\114\056 -\103\056\061\060\060\056\006\003\125\004\003\023\047\116\145\164 -\167\157\162\153\040\123\157\154\165\164\151\157\156\163\040\103 -\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157 -\162\151\164\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\041\060\037\006\003\125\004\012\023\030\116\145\164\167\157\162 -\153\040\123\157\154\165\164\151\157\156\163\040\114\056\114\056 -\103\056\061\060\060\056\006\003\125\004\003\023\047\116\145\164 -\167\157\162\153\040\123\157\154\165\164\151\157\156\163\040\103 -\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157 -\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\127\313\063\157\302\134\026\346\107\026\027\343\220\061 -\150\340 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\346\060\202\002\316\240\003\002\001\002\002\020\127 -\313\063\157\302\134\026\346\107\026\027\343\220\061\150\340\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\142 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\041\060 -\037\006\003\125\004\012\023\030\116\145\164\167\157\162\153\040 -\123\157\154\165\164\151\157\156\163\040\114\056\114\056\103\056 -\061\060\060\056\006\003\125\004\003\023\047\116\145\164\167\157 -\162\153\040\123\157\154\165\164\151\157\156\163\040\103\145\162 -\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151 -\164\171\060\036\027\015\060\066\061\062\060\061\060\060\060\060 -\060\060\132\027\015\062\071\061\062\063\061\062\063\065\071\065 -\071\132\060\142\061\013\060\011\006\003\125\004\006\023\002\125 -\123\061\041\060\037\006\003\125\004\012\023\030\116\145\164\167 -\157\162\153\040\123\157\154\165\164\151\157\156\163\040\114\056 -\114\056\103\056\061\060\060\056\006\003\125\004\003\023\047\116 -\145\164\167\157\162\153\040\123\157\154\165\164\151\157\156\163 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\060\202\001\042\060\015\006\011\052\206 -\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202 -\001\012\002\202\001\001\000\344\274\176\222\060\155\306\330\216 -\053\013\274\106\316\340\047\226\336\336\371\372\022\323\074\063 -\163\263\004\057\274\161\214\345\237\266\042\140\076\137\135\316 -\011\377\202\014\033\232\121\120\032\046\211\335\325\141\135\031 -\334\022\017\055\012\242\103\135\027\320\064\222\040\352\163\317 -\070\054\006\046\011\172\162\367\372\120\062\370\302\223\323\151 -\242\043\316\101\261\314\344\325\037\066\321\212\072\370\214\143 -\342\024\131\151\355\015\323\177\153\350\270\003\345\117\152\345 -\230\143\151\110\005\276\056\377\063\266\351\227\131\151\370\147 -\031\256\223\141\226\104\025\323\162\260\077\274\152\175\354\110 -\177\215\303\253\252\161\053\123\151\101\123\064\265\260\271\305 -\006\012\304\260\105\365\101\135\156\211\105\173\075\073\046\214 -\164\302\345\322\321\175\262\021\324\373\130\062\042\232\200\311 -\334\375\014\351\177\136\003\227\316\073\000\024\207\047\160\070 -\251\216\156\263\047\166\230\121\340\005\343\041\253\032\325\205 -\042\074\051\265\232\026\305\200\250\364\273\153\060\217\057\106 -\002\242\261\014\042\340\323\002\003\001\000\001\243\201\227\060 -\201\224\060\035\006\003\125\035\016\004\026\004\024\041\060\311 -\373\000\327\116\230\332\207\252\052\320\247\056\261\100\061\247 -\114\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 -\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 -\001\377\060\122\006\003\125\035\037\004\113\060\111\060\107\240 -\105\240\103\206\101\150\164\164\160\072\057\057\143\162\154\056 -\156\145\164\163\157\154\163\163\154\056\143\157\155\057\116\145 -\164\167\157\162\153\123\157\154\165\164\151\157\156\163\103\145 -\162\164\151\146\151\143\141\164\145\101\165\164\150\157\162\151 -\164\171\056\143\162\154\060\015\006\011\052\206\110\206\367\015 -\001\001\005\005\000\003\202\001\001\000\273\256\113\347\267\127 -\353\177\252\055\267\163\107\205\152\301\344\245\035\344\347\074 -\351\364\131\145\167\265\172\133\132\215\045\066\340\172\227\056 -\070\300\127\140\203\230\006\203\237\271\166\172\156\120\340\272 -\210\054\374\105\314\030\260\231\225\121\016\354\035\270\210\377 -\207\120\034\202\302\343\340\062\200\277\240\013\107\310\303\061 -\357\231\147\062\200\117\027\041\171\014\151\134\336\136\064\256 -\002\265\046\352\120\337\177\030\145\054\311\362\143\341\251\007 -\376\174\161\037\153\063\044\152\036\005\367\005\150\300\152\022 -\313\056\136\141\313\256\050\323\176\302\264\146\221\046\137\074 -\056\044\137\313\130\017\353\050\354\257\021\226\363\334\173\157 -\300\247\210\362\123\167\263\140\136\256\256\050\332\065\054\157 -\064\105\323\046\341\336\354\133\117\047\153\026\174\275\104\004 -\030\202\263\211\171\027\020\161\075\172\242\026\116\365\001\315 -\244\154\145\150\241\111\166\134\103\311\330\274\066\147\154\245 -\224\265\324\314\271\275\152\065\126\041\336\330\303\353\373\313 -\244\140\114\260\125\240\240\173\127\262 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Network Solutions Certificate Authority" -# Issuer: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US -# Serial Number:57:cb:33:6f:c2:5c:16:e6:47:16:17:e3:90:31:68:e0 -# Subject: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US -# Not Valid Before: Fri Dec 01 00:00:00 2006 -# Not Valid After : Mon Dec 31 23:59:59 2029 -# Fingerprint (MD5): D3:F3:A6:16:C0:FA:6B:1D:59:B1:2D:96:4D:0E:11:2E -# Fingerprint (SHA1): 74:F8:A3:C3:EF:E7:B3:90:06:4B:83:90:3C:21:64:60:20:E5:DF:CE -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Network Solutions Certificate Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\164\370\243\303\357\347\263\220\006\113\203\220\074\041\144\140 -\040\345\337\316 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\323\363\246\026\300\372\153\035\131\261\055\226\115\016\021\056 -END -CKA_ISSUER MULTILINE_OCTAL -\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\041\060\037\006\003\125\004\012\023\030\116\145\164\167\157\162 -\153\040\123\157\154\165\164\151\157\156\163\040\114\056\114\056 -\103\056\061\060\060\056\006\003\125\004\003\023\047\116\145\164 -\167\157\162\153\040\123\157\154\165\164\151\157\156\163\040\103 -\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157 -\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\127\313\063\157\302\134\026\346\107\026\027\343\220\061 -\150\340 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "COMODO ECC Certification Authority" -# -# Issuer: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB -# Serial Number:1f:47:af:aa:62:00:70:50:54:4c:01:9e:9b:63:99:2a -# Subject: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB -# Not Valid Before: Thu Mar 06 00:00:00 2008 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (MD5): 7C:62:FF:74:9D:31:53:5E:68:4A:D5:78:AA:1E:BF:23 -# Fingerprint (SHA1): 9F:74:4E:9F:2B:4D:BA:EC:0F:31:2C:50:B6:56:3B:8E:2D:93:C3:11 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "COMODO ECC Certification Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102 -\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164 -\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060 -\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061 -\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117 -\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006 -\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102 -\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164 -\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060 -\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061 -\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117 -\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006 -\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143 -\231\052 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\211\060\202\002\017\240\003\002\001\002\002\020\037 -\107\257\252\142\000\160\120\124\114\001\236\233\143\231\052\060 -\012\006\010\052\206\110\316\075\004\003\003\060\201\205\061\013 -\060\011\006\003\125\004\006\023\002\107\102\061\033\060\031\006 -\003\125\004\010\023\022\107\162\145\141\164\145\162\040\115\141 -\156\143\150\145\163\164\145\162\061\020\060\016\006\003\125\004 -\007\023\007\123\141\154\146\157\162\144\061\032\060\030\006\003 -\125\004\012\023\021\103\117\115\117\104\117\040\103\101\040\114 -\151\155\151\164\145\144\061\053\060\051\006\003\125\004\003\023 -\042\103\117\115\117\104\117\040\105\103\103\040\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 -\151\164\171\060\036\027\015\060\070\060\063\060\066\060\060\060 -\060\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071 -\065\071\132\060\201\205\061\013\060\011\006\003\125\004\006\023 -\002\107\102\061\033\060\031\006\003\125\004\010\023\022\107\162 -\145\141\164\145\162\040\115\141\156\143\150\145\163\164\145\162 -\061\020\060\016\006\003\125\004\007\023\007\123\141\154\146\157 -\162\144\061\032\060\030\006\003\125\004\012\023\021\103\117\115 -\117\104\117\040\103\101\040\114\151\155\151\164\145\144\061\053 -\060\051\006\003\125\004\003\023\042\103\117\115\117\104\117\040 -\105\103\103\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171\060\166\060\020\006 -\007\052\206\110\316\075\002\001\006\005\053\201\004\000\042\003 -\142\000\004\003\107\173\057\165\311\202\025\205\373\165\344\221 -\026\324\253\142\231\365\076\122\013\006\316\101\000\177\227\341 -\012\044\074\035\001\004\356\075\322\215\011\227\014\340\165\344 -\372\373\167\212\052\365\003\140\113\066\213\026\043\026\255\011 -\161\364\112\364\050\120\264\376\210\034\156\077\154\057\057\011 -\131\133\245\133\013\063\231\342\303\075\211\371\152\054\357\262 -\323\006\351\243\102\060\100\060\035\006\003\125\035\016\004\026 -\004\024\165\161\247\031\110\031\274\235\235\352\101\107\337\224 -\304\110\167\231\323\171\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\012\006\010\052\206\110\316\075 -\004\003\003\003\150\000\060\145\002\061\000\357\003\133\172\254 -\267\170\012\162\267\210\337\377\265\106\024\011\012\372\240\346 -\175\010\306\032\207\275\030\250\163\275\046\312\140\014\235\316 -\231\237\317\134\017\060\341\276\024\061\352\002\060\024\364\223 -\074\111\247\063\172\220\106\107\263\143\175\023\233\116\267\157 -\030\067\200\123\376\335\040\340\065\232\066\321\307\001\271\346 -\334\335\363\377\035\054\072\026\127\331\222\071\326 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "COMODO ECC Certification Authority" -# Issuer: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB -# Serial Number:1f:47:af:aa:62:00:70:50:54:4c:01:9e:9b:63:99:2a -# Subject: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB -# Not Valid Before: Thu Mar 06 00:00:00 2008 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (MD5): 7C:62:FF:74:9D:31:53:5E:68:4A:D5:78:AA:1E:BF:23 -# Fingerprint (SHA1): 9F:74:4E:9F:2B:4D:BA:EC:0F:31:2C:50:B6:56:3B:8E:2D:93:C3:11 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "COMODO ECC Certification Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\237\164\116\237\053\115\272\354\017\061\054\120\266\126\073\216 -\055\223\303\021 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\174\142\377\164\235\061\123\136\150\112\325\170\252\036\277\043 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102 -\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164 -\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060 -\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061 -\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117 -\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006 -\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143 -\231\052 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "OISTE WISeKey Global Root GA CA" -# -# Issuer: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH -# Serial Number:41:3d:72:c7:f4:6b:1f:81:43:7d:f1:d2:28:54:df:9a -# Subject: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH -# Not Valid Before: Sun Dec 11 16:03:44 2005 -# Not Valid After : Fri Dec 11 16:09:51 2037 -# Fingerprint (MD5): BC:6C:51:33:A7:E9:D3:66:63:54:15:72:1B:21:92:93 -# Fingerprint (SHA1): 59:22:A1:E1:5A:EA:16:35:21:F8:98:39:6A:46:46:B0:44:1B:0F:A9 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OISTE WISeKey Global Root GA CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\212\061\013\060\011\006\003\125\004\006\023\002\103\110 -\061\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113 -\145\171\061\033\060\031\006\003\125\004\013\023\022\103\157\160 -\171\162\151\147\150\164\040\050\143\051\040\062\060\060\065\061 -\042\060\040\006\003\125\004\013\023\031\117\111\123\124\105\040 -\106\157\165\156\144\141\164\151\157\156\040\105\156\144\157\162 -\163\145\144\061\050\060\046\006\003\125\004\003\023\037\117\111 -\123\124\105\040\127\111\123\145\113\145\171\040\107\154\157\142 -\141\154\040\122\157\157\164\040\107\101\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\212\061\013\060\011\006\003\125\004\006\023\002\103\110 -\061\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113 -\145\171\061\033\060\031\006\003\125\004\013\023\022\103\157\160 -\171\162\151\147\150\164\040\050\143\051\040\062\060\060\065\061 -\042\060\040\006\003\125\004\013\023\031\117\111\123\124\105\040 -\106\157\165\156\144\141\164\151\157\156\040\105\156\144\157\162 -\163\145\144\061\050\060\046\006\003\125\004\003\023\037\117\111 -\123\124\105\040\127\111\123\145\113\145\171\040\107\154\157\142 -\141\154\040\122\157\157\164\040\107\101\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\101\075\162\307\364\153\037\201\103\175\361\322\050\124 -\337\232 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\361\060\202\002\331\240\003\002\001\002\002\020\101 -\075\162\307\364\153\037\201\103\175\361\322\050\124\337\232\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201 -\212\061\013\060\011\006\003\125\004\006\023\002\103\110\061\020 -\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145\171 -\061\033\060\031\006\003\125\004\013\023\022\103\157\160\171\162 -\151\147\150\164\040\050\143\051\040\062\060\060\065\061\042\060 -\040\006\003\125\004\013\023\031\117\111\123\124\105\040\106\157 -\165\156\144\141\164\151\157\156\040\105\156\144\157\162\163\145 -\144\061\050\060\046\006\003\125\004\003\023\037\117\111\123\124 -\105\040\127\111\123\145\113\145\171\040\107\154\157\142\141\154 -\040\122\157\157\164\040\107\101\040\103\101\060\036\027\015\060 -\065\061\062\061\061\061\066\060\063\064\064\132\027\015\063\067 -\061\062\061\061\061\066\060\071\065\061\132\060\201\212\061\013 -\060\011\006\003\125\004\006\023\002\103\110\061\020\060\016\006 -\003\125\004\012\023\007\127\111\123\145\113\145\171\061\033\060 -\031\006\003\125\004\013\023\022\103\157\160\171\162\151\147\150 -\164\040\050\143\051\040\062\060\060\065\061\042\060\040\006\003 -\125\004\013\023\031\117\111\123\124\105\040\106\157\165\156\144 -\141\164\151\157\156\040\105\156\144\157\162\163\145\144\061\050 -\060\046\006\003\125\004\003\023\037\117\111\123\124\105\040\127 -\111\123\145\113\145\171\040\107\154\157\142\141\154\040\122\157 -\157\164\040\107\101\040\103\101\060\202\001\042\060\015\006\011 -\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000 -\060\202\001\012\002\202\001\001\000\313\117\263\000\233\075\066 -\335\371\321\111\152\153\020\111\037\354\330\053\262\306\370\062 -\201\051\103\225\114\232\031\043\041\025\105\336\343\310\034\121 -\125\133\256\223\350\067\377\053\153\351\324\352\276\052\335\250 -\121\053\327\146\303\141\134\140\002\310\365\316\162\173\073\270 -\362\116\145\010\232\315\244\152\031\301\001\273\163\246\327\366 -\303\335\315\274\244\213\265\231\141\270\001\242\243\324\115\324 -\005\075\221\255\370\264\010\161\144\257\160\361\034\153\176\366 -\303\167\235\044\163\173\344\014\214\341\331\066\341\231\213\005 -\231\013\355\105\061\011\312\302\000\333\367\162\240\226\252\225 -\207\320\216\307\266\141\163\015\166\146\214\334\033\264\143\242 -\237\177\223\023\060\361\241\047\333\331\377\054\125\210\221\240 -\340\117\007\260\050\126\214\030\033\227\104\216\211\335\340\027 -\156\347\052\357\217\071\012\061\204\202\330\100\024\111\056\172 -\101\344\247\376\343\144\314\301\131\161\113\054\041\247\133\175 -\340\035\321\056\201\233\303\330\150\367\275\226\033\254\160\261 -\026\024\013\333\140\271\046\001\005\002\003\001\000\001\243\121 -\060\117\060\013\006\003\125\035\017\004\004\003\002\001\206\060 -\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 -\060\035\006\003\125\035\016\004\026\004\024\263\003\176\256\066 -\274\260\171\321\334\224\046\266\021\276\041\262\151\206\224\060 -\020\006\011\053\006\001\004\001\202\067\025\001\004\003\002\001 -\000\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 -\003\202\001\001\000\113\241\377\013\207\156\263\371\301\103\261 -\110\363\050\300\035\056\311\011\101\372\224\000\034\244\244\253 -\111\117\217\075\036\357\115\157\275\274\244\366\362\046\060\311 -\020\312\035\210\373\164\031\037\205\105\275\260\154\121\371\066 -\176\333\365\114\062\072\101\117\133\107\317\350\013\055\266\304 -\031\235\164\305\107\306\073\152\017\254\024\333\074\364\163\234 -\251\005\337\000\334\164\170\372\370\065\140\131\002\023\030\174 -\274\373\115\260\040\155\103\273\140\060\172\147\063\134\305\231 -\321\370\055\071\122\163\373\214\252\227\045\134\162\331\010\036 -\253\116\074\343\201\061\237\003\246\373\300\376\051\210\125\332 -\204\325\120\003\266\342\204\243\246\066\252\021\072\001\341\030 -\113\326\104\150\263\075\371\123\164\204\263\106\221\106\226\000 -\267\200\054\266\341\343\020\342\333\242\347\050\217\001\226\142 -\026\076\000\343\034\245\066\201\030\242\114\122\166\300\021\243 -\156\346\035\272\343\132\276\066\123\305\076\165\217\206\151\051 -\130\123\265\234\273\157\237\134\305\030\354\335\057\341\230\311 -\374\276\337\012\015 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "OISTE WISeKey Global Root GA CA" -# Issuer: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH -# Serial Number:41:3d:72:c7:f4:6b:1f:81:43:7d:f1:d2:28:54:df:9a -# Subject: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH -# Not Valid Before: Sun Dec 11 16:03:44 2005 -# Not Valid After : Fri Dec 11 16:09:51 2037 -# Fingerprint (MD5): BC:6C:51:33:A7:E9:D3:66:63:54:15:72:1B:21:92:93 -# Fingerprint (SHA1): 59:22:A1:E1:5A:EA:16:35:21:F8:98:39:6A:46:46:B0:44:1B:0F:A9 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OISTE WISeKey Global Root GA CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\131\042\241\341\132\352\026\065\041\370\230\071\152\106\106\260 -\104\033\017\251 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\274\154\121\063\247\351\323\146\143\124\025\162\033\041\222\223 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\212\061\013\060\011\006\003\125\004\006\023\002\103\110 -\061\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113 -\145\171\061\033\060\031\006\003\125\004\013\023\022\103\157\160 -\171\162\151\147\150\164\040\050\143\051\040\062\060\060\065\061 -\042\060\040\006\003\125\004\013\023\031\117\111\123\124\105\040 -\106\157\165\156\144\141\164\151\157\156\040\105\156\144\157\162 -\163\145\144\061\050\060\046\006\003\125\004\003\023\037\117\111 -\123\124\105\040\127\111\123\145\113\145\171\040\107\154\157\142 -\141\154\040\122\157\157\164\040\107\101\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\101\075\162\307\364\153\037\201\103\175\361\322\050\124 -\337\232 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Certigna" -# -# Issuer: CN=Certigna,O=Dhimyotis,C=FR -# Serial Number:00:fe:dc:e3:01:0f:c9:48:ff -# Subject: CN=Certigna,O=Dhimyotis,C=FR -# Not Valid Before: Fri Jun 29 15:13:05 2007 -# Not Valid After : Tue Jun 29 15:13:05 2027 -# Fingerprint (MD5): AB:57:A6:5B:7D:42:82:19:B5:D8:58:26:28:5E:FD:FF -# Fingerprint (SHA1): B1:2E:13:63:45:86:A4:6F:1A:B2:60:68:37:58:2D:C4:AC:FD:94:97 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certigna" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\064\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157 -\164\151\163\061\021\060\017\006\003\125\004\003\014\010\103\145 -\162\164\151\147\156\141 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\064\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157 -\164\151\163\061\021\060\017\006\003\125\004\003\014\010\103\145 -\162\164\151\147\156\141 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\376\334\343\001\017\311\110\377 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\250\060\202\002\220\240\003\002\001\002\002\011\000 -\376\334\343\001\017\311\110\377\060\015\006\011\052\206\110\206 -\367\015\001\001\005\005\000\060\064\061\013\060\011\006\003\125 -\004\006\023\002\106\122\061\022\060\020\006\003\125\004\012\014 -\011\104\150\151\155\171\157\164\151\163\061\021\060\017\006\003 -\125\004\003\014\010\103\145\162\164\151\147\156\141\060\036\027 -\015\060\067\060\066\062\071\061\065\061\063\060\065\132\027\015 -\062\067\060\066\062\071\061\065\061\063\060\065\132\060\064\061 -\013\060\011\006\003\125\004\006\023\002\106\122\061\022\060\020 -\006\003\125\004\012\014\011\104\150\151\155\171\157\164\151\163 -\061\021\060\017\006\003\125\004\003\014\010\103\145\162\164\151 -\147\156\141\060\202\001\042\060\015\006\011\052\206\110\206\367 -\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002 -\202\001\001\000\310\150\361\311\326\326\263\064\165\046\202\036 -\354\264\276\352\134\341\046\355\021\107\141\341\242\174\026\170 -\100\041\344\140\236\132\310\143\341\304\261\226\222\377\030\155 -\151\043\341\053\142\367\335\342\066\057\221\007\271\110\317\016 -\354\171\266\054\347\064\113\160\010\045\243\074\207\033\031\362 -\201\007\017\070\220\031\323\021\376\206\264\362\321\136\036\036 -\226\315\200\154\316\073\061\223\266\362\240\320\251\225\022\175 -\245\232\314\153\310\204\126\212\063\251\347\042\025\123\026\360 -\314\027\354\127\137\351\242\012\230\011\336\343\137\234\157\334 -\110\343\205\013\025\132\246\272\237\254\110\343\011\262\367\364 -\062\336\136\064\276\034\170\135\102\133\316\016\042\217\115\220 -\327\175\062\030\263\013\054\152\277\216\077\024\021\211\040\016 -\167\024\265\075\224\010\207\367\045\036\325\262\140\000\354\157 -\052\050\045\156\052\076\030\143\027\045\077\076\104\040\026\366 -\046\310\045\256\005\112\264\347\143\054\363\214\026\123\176\134 -\373\021\032\010\301\106\142\237\042\270\361\302\215\151\334\372 -\072\130\006\337\002\003\001\000\001\243\201\274\060\201\271\060 -\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 -\060\035\006\003\125\035\016\004\026\004\024\032\355\376\101\071 -\220\264\044\131\276\001\362\122\325\105\366\132\071\334\021\060 -\144\006\003\125\035\043\004\135\060\133\200\024\032\355\376\101 -\071\220\264\044\131\276\001\362\122\325\105\366\132\071\334\021 -\241\070\244\066\060\064\061\013\060\011\006\003\125\004\006\023 -\002\106\122\061\022\060\020\006\003\125\004\012\014\011\104\150 -\151\155\171\157\164\151\163\061\021\060\017\006\003\125\004\003 -\014\010\103\145\162\164\151\147\156\141\202\011\000\376\334\343 -\001\017\311\110\377\060\016\006\003\125\035\017\001\001\377\004 -\004\003\002\001\006\060\021\006\011\140\206\110\001\206\370\102 -\001\001\004\004\003\002\000\007\060\015\006\011\052\206\110\206 -\367\015\001\001\005\005\000\003\202\001\001\000\205\003\036\222 -\161\366\102\257\341\243\141\236\353\363\300\017\362\245\324\332 -\225\346\326\276\150\066\075\176\156\037\114\212\357\321\017\041 -\155\136\245\122\143\316\022\370\357\052\332\157\353\067\376\023 -\002\307\313\073\076\042\153\332\141\056\177\324\162\075\335\060 -\341\036\114\100\031\214\017\327\234\321\203\060\173\230\131\334 -\175\306\271\014\051\114\241\063\242\353\147\072\145\204\323\226 -\342\355\166\105\160\217\265\053\336\371\043\326\111\156\074\024 -\265\306\237\065\036\120\320\301\217\152\160\104\002\142\313\256 -\035\150\101\247\252\127\350\123\252\007\322\006\366\325\024\006 -\013\221\003\165\054\154\162\265\141\225\232\015\213\271\015\347 -\365\337\124\315\336\346\330\326\011\010\227\143\345\301\056\260 -\267\104\046\300\046\300\257\125\060\236\073\325\066\052\031\004 -\364\134\036\377\317\054\267\377\320\375\207\100\021\325\021\043 -\273\110\300\041\251\244\050\055\375\025\370\260\116\053\364\060 -\133\041\374\021\221\064\276\101\357\173\235\227\165\377\227\225 -\300\226\130\057\352\273\106\327\273\344\331\056 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Certigna" -# Issuer: CN=Certigna,O=Dhimyotis,C=FR -# Serial Number:00:fe:dc:e3:01:0f:c9:48:ff -# Subject: CN=Certigna,O=Dhimyotis,C=FR -# Not Valid Before: Fri Jun 29 15:13:05 2007 -# Not Valid After : Tue Jun 29 15:13:05 2027 -# Fingerprint (MD5): AB:57:A6:5B:7D:42:82:19:B5:D8:58:26:28:5E:FD:FF -# Fingerprint (SHA1): B1:2E:13:63:45:86:A4:6F:1A:B2:60:68:37:58:2D:C4:AC:FD:94:97 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certigna" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\261\056\023\143\105\206\244\157\032\262\140\150\067\130\055\304 -\254\375\224\227 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\253\127\246\133\175\102\202\031\265\330\130\046\050\136\375\377 -END -CKA_ISSUER MULTILINE_OCTAL -\060\064\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157 -\164\151\163\061\021\060\017\006\003\125\004\003\014\010\103\145 -\162\164\151\147\156\141 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\376\334\343\001\017\311\110\377 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Cybertrust Global Root" -# -# Issuer: CN=Cybertrust Global Root,O="Cybertrust, Inc" -# Serial Number:04:00:00:00:00:01:0f:85:aa:2d:48 -# Subject: CN=Cybertrust Global Root,O="Cybertrust, Inc" -# Not Valid Before: Fri Dec 15 08:00:00 2006 -# Not Valid After : Wed Dec 15 08:00:00 2021 -# Fingerprint (MD5): 72:E4:4A:87:E3:69:40:80:77:EA:BC:E3:F4:FF:F0:E1 -# Fingerprint (SHA1): 5F:43:E5:B1:BF:F8:78:8C:AC:1C:C7:CA:4A:9A:C6:22:2B:CC:34:C6 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Cybertrust Global Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\073\061\030\060\026\006\003\125\004\012\023\017\103\171\142 -\145\162\164\162\165\163\164\054\040\111\156\143\061\037\060\035 -\006\003\125\004\003\023\026\103\171\142\145\162\164\162\165\163 -\164\040\107\154\157\142\141\154\040\122\157\157\164 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\073\061\030\060\026\006\003\125\004\012\023\017\103\171\142 -\145\162\164\162\165\163\164\054\040\111\156\143\061\037\060\035 -\006\003\125\004\003\023\026\103\171\142\145\162\164\162\165\163 -\164\040\107\154\157\142\141\154\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\004\000\000\000\000\001\017\205\252\055\110 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\241\060\202\002\211\240\003\002\001\002\002\013\004 -\000\000\000\000\001\017\205\252\055\110\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\060\073\061\030\060\026\006 -\003\125\004\012\023\017\103\171\142\145\162\164\162\165\163\164 -\054\040\111\156\143\061\037\060\035\006\003\125\004\003\023\026 -\103\171\142\145\162\164\162\165\163\164\040\107\154\157\142\141 -\154\040\122\157\157\164\060\036\027\015\060\066\061\062\061\065 -\060\070\060\060\060\060\132\027\015\062\061\061\062\061\065\060 -\070\060\060\060\060\132\060\073\061\030\060\026\006\003\125\004 -\012\023\017\103\171\142\145\162\164\162\165\163\164\054\040\111 -\156\143\061\037\060\035\006\003\125\004\003\023\026\103\171\142 -\145\162\164\162\165\163\164\040\107\154\157\142\141\154\040\122 -\157\157\164\060\202\001\042\060\015\006\011\052\206\110\206\367 -\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002 -\202\001\001\000\370\310\274\275\024\120\146\023\377\360\323\171 -\354\043\362\267\032\307\216\205\361\022\163\246\031\252\020\333 -\234\242\145\164\132\167\076\121\175\126\366\334\043\266\324\355 -\137\130\261\067\115\325\111\016\156\365\152\207\326\322\214\322 -\047\306\342\377\066\237\230\145\240\023\116\306\052\144\233\325 -\220\022\317\024\006\364\073\343\324\050\276\350\016\370\253\116 -\110\224\155\216\225\061\020\134\355\242\055\275\325\072\155\262 -\034\273\140\300\106\113\001\365\111\256\176\106\212\320\164\215 -\241\014\002\316\356\374\347\217\270\153\146\363\177\104\000\277 -\146\045\024\053\335\020\060\035\007\226\077\115\366\153\270\217 -\267\173\014\245\070\353\336\107\333\325\135\071\374\210\247\363 -\327\052\164\361\350\132\242\073\237\120\272\246\214\105\065\302 -\120\145\225\334\143\202\357\335\277\167\115\234\142\311\143\163 -\026\320\051\017\111\251\110\360\263\252\267\154\305\247\060\071 -\100\135\256\304\342\135\046\123\360\316\034\043\010\141\250\224 -\031\272\004\142\100\354\037\070\160\167\022\006\161\247\060\030 -\135\045\047\245\002\003\001\000\001\243\201\245\060\201\242\060 -\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 -\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 -\060\035\006\003\125\035\016\004\026\004\024\266\010\173\015\172 -\314\254\040\114\206\126\062\136\317\253\156\205\055\160\127\060 -\077\006\003\125\035\037\004\070\060\066\060\064\240\062\240\060 -\206\056\150\164\164\160\072\057\057\167\167\167\062\056\160\165 -\142\154\151\143\055\164\162\165\163\164\056\143\157\155\057\143 -\162\154\057\143\164\057\143\164\162\157\157\164\056\143\162\154 -\060\037\006\003\125\035\043\004\030\060\026\200\024\266\010\173 -\015\172\314\254\040\114\206\126\062\136\317\253\156\205\055\160 -\127\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 -\003\202\001\001\000\126\357\012\043\240\124\116\225\227\311\370 -\211\332\105\301\324\243\000\045\364\037\023\253\267\243\205\130 -\151\302\060\255\330\025\212\055\343\311\315\201\132\370\163\043 -\132\247\174\005\363\375\042\073\016\321\006\304\333\066\114\163 -\004\216\345\260\042\344\305\363\056\245\331\043\343\270\116\112 -\040\247\156\002\044\237\042\140\147\173\213\035\162\011\305\061 -\134\351\171\237\200\107\075\255\241\013\007\024\075\107\377\003 -\151\032\014\013\104\347\143\045\247\177\262\311\270\166\204\355 -\043\366\175\007\253\105\176\323\337\263\277\351\212\266\315\250 -\242\147\053\122\325\267\145\360\071\114\143\240\221\171\223\122 -\017\124\335\203\273\237\321\217\247\123\163\303\313\377\060\354 -\174\004\270\330\104\037\223\137\161\011\042\267\156\076\352\034 -\003\116\235\032\040\141\373\201\067\354\136\374\012\105\253\327 -\347\027\125\320\240\352\140\233\246\366\343\214\133\051\302\006 -\140\024\235\055\227\114\251\223\025\235\141\304\001\137\110\326 -\130\275\126\061\022\116\021\310\041\340\263\021\221\145\333\264 -\246\210\070\316\125 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Cybertrust Global Root" -# Issuer: CN=Cybertrust Global Root,O="Cybertrust, Inc" -# Serial Number:04:00:00:00:00:01:0f:85:aa:2d:48 -# Subject: CN=Cybertrust Global Root,O="Cybertrust, Inc" -# Not Valid Before: Fri Dec 15 08:00:00 2006 -# Not Valid After : Wed Dec 15 08:00:00 2021 -# Fingerprint (MD5): 72:E4:4A:87:E3:69:40:80:77:EA:BC:E3:F4:FF:F0:E1 -# Fingerprint (SHA1): 5F:43:E5:B1:BF:F8:78:8C:AC:1C:C7:CA:4A:9A:C6:22:2B:CC:34:C6 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Cybertrust Global Root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\137\103\345\261\277\370\170\214\254\034\307\312\112\232\306\042 -\053\314\064\306 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\162\344\112\207\343\151\100\200\167\352\274\343\364\377\360\341 -END -CKA_ISSUER MULTILINE_OCTAL -\060\073\061\030\060\026\006\003\125\004\012\023\017\103\171\142 -\145\162\164\162\165\163\164\054\040\111\156\143\061\037\060\035 -\006\003\125\004\003\023\026\103\171\142\145\162\164\162\165\163 -\164\040\107\154\157\142\141\154\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\004\000\000\000\000\001\017\205\252\055\110 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "ePKI Root Certification Authority" -# -# Issuer: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW -# Serial Number:15:c8:bd:65:47:5c:af:b8:97:00:5e:e4:06:d2:bc:9d -# Subject: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW -# Not Valid Before: Mon Dec 20 02:31:27 2004 -# Not Valid After : Wed Dec 20 02:31:27 2034 -# Fingerprint (MD5): 1B:2E:00:CA:26:06:90:3D:AD:FE:6F:15:68:D3:6B:B3 -# Fingerprint (SHA1): 67:65:0D:F1:7E:8E:7E:5B:82:40:A4:F4:56:4B:CF:E2:3D:69:C6:F0 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "ePKI Root Certification Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\136\061\013\060\011\006\003\125\004\006\023\002\124\127\061 -\043\060\041\006\003\125\004\012\014\032\103\150\165\156\147\150 -\167\141\040\124\145\154\145\143\157\155\040\103\157\056\054\040 -\114\164\144\056\061\052\060\050\006\003\125\004\013\014\041\145 -\120\113\111\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\136\061\013\060\011\006\003\125\004\006\023\002\124\127\061 -\043\060\041\006\003\125\004\012\014\032\103\150\165\156\147\150 -\167\141\040\124\145\154\145\143\157\155\040\103\157\056\054\040 -\114\164\144\056\061\052\060\050\006\003\125\004\013\014\041\145 -\120\113\111\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\025\310\275\145\107\134\257\270\227\000\136\344\006\322 -\274\235 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\260\060\202\003\230\240\003\002\001\002\002\020\025 -\310\275\145\107\134\257\270\227\000\136\344\006\322\274\235\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\136 -\061\013\060\011\006\003\125\004\006\023\002\124\127\061\043\060 -\041\006\003\125\004\012\014\032\103\150\165\156\147\150\167\141 -\040\124\145\154\145\143\157\155\040\103\157\056\054\040\114\164 -\144\056\061\052\060\050\006\003\125\004\013\014\041\145\120\113 -\111\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\036 -\027\015\060\064\061\062\062\060\060\062\063\061\062\067\132\027 -\015\063\064\061\062\062\060\060\062\063\061\062\067\132\060\136 -\061\013\060\011\006\003\125\004\006\023\002\124\127\061\043\060 -\041\006\003\125\004\012\014\032\103\150\165\156\147\150\167\141 -\040\124\145\154\145\143\157\155\040\103\157\056\054\040\114\164 -\144\056\061\052\060\050\006\003\125\004\013\014\041\145\120\113 -\111\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\202 -\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005 -\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000\341 -\045\017\356\215\333\210\063\165\147\315\255\037\175\072\116\155 -\235\323\057\024\363\143\164\313\001\041\152\067\352\204\120\007 -\113\046\133\011\103\154\041\236\152\310\325\003\365\140\151\217 -\314\360\042\344\037\347\367\152\042\061\267\054\025\362\340\376 -\000\152\103\377\207\145\306\265\032\301\247\114\155\042\160\041 -\212\061\362\227\164\211\011\022\046\034\236\312\331\022\242\225 -\074\332\351\147\277\010\240\144\343\326\102\267\105\357\227\364 -\366\365\327\265\112\025\002\130\175\230\130\113\140\274\315\327 -\015\232\023\063\123\321\141\371\172\325\327\170\263\232\063\367 -\000\206\316\035\115\224\070\257\250\354\170\121\160\212\134\020 -\203\121\041\367\021\075\064\206\136\345\110\315\227\201\202\065 -\114\031\354\145\366\153\305\005\241\356\107\023\326\263\041\047 -\224\020\012\331\044\073\272\276\104\023\106\060\077\227\074\330 -\327\327\152\356\073\070\343\053\324\227\016\271\033\347\007\111 -\177\067\052\371\167\170\317\124\355\133\106\235\243\200\016\221 -\103\301\326\133\137\024\272\237\246\215\044\107\100\131\277\162 -\070\262\066\154\067\377\231\321\135\016\131\012\253\151\367\300 -\262\004\105\172\124\000\256\276\123\366\265\347\341\370\074\243 -\061\322\251\376\041\122\144\305\246\147\360\165\007\006\224\024 -\201\125\306\047\344\001\217\027\301\152\161\327\276\113\373\224 -\130\175\176\021\063\261\102\367\142\154\030\326\317\011\150\076 -\177\154\366\036\217\142\255\245\143\333\011\247\037\042\102\101 -\036\157\231\212\076\327\371\077\100\172\171\260\245\001\222\322 -\235\075\010\025\245\020\001\055\263\062\166\250\225\015\263\172 -\232\373\007\020\170\021\157\341\217\307\272\017\045\032\164\052 -\345\034\230\101\231\337\041\207\350\225\006\152\012\263\152\107 -\166\145\366\072\317\217\142\027\031\173\012\050\315\032\322\203 -\036\041\307\054\277\276\377\141\150\267\147\033\273\170\115\215 -\316\147\345\344\301\216\267\043\146\342\235\220\165\064\230\251 -\066\053\212\232\224\271\235\354\314\212\261\370\045\211\134\132 -\266\057\214\037\155\171\044\247\122\150\303\204\065\342\146\215 -\143\016\045\115\325\031\262\346\171\067\247\042\235\124\061\002 -\003\001\000\001\243\152\060\150\060\035\006\003\125\035\016\004 -\026\004\024\036\014\367\266\147\362\341\222\046\011\105\300\125 -\071\056\167\077\102\112\242\060\014\006\003\125\035\023\004\005 -\060\003\001\001\377\060\071\006\004\147\052\007\000\004\061\060 -\057\060\055\002\001\000\060\011\006\005\053\016\003\002\032\005 -\000\060\007\006\005\147\052\003\000\000\004\024\105\260\302\307 -\012\126\174\356\133\170\014\225\371\030\123\301\246\034\330\020 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003 -\202\002\001\000\011\263\203\123\131\001\076\225\111\271\361\201 -\272\371\166\040\043\265\047\140\164\324\152\231\064\136\154\000 -\123\331\237\362\246\261\044\007\104\152\052\306\245\216\170\022 -\350\107\331\130\033\023\052\136\171\233\237\012\052\147\246\045 -\077\006\151\126\163\303\212\146\110\373\051\201\127\164\006\312 -\234\352\050\350\070\147\046\053\361\325\265\077\145\223\370\066 -\135\216\215\215\100\040\207\031\352\357\047\300\075\264\071\017 -\045\173\150\120\164\125\234\014\131\175\132\075\101\224\045\122 -\010\340\107\054\025\061\031\325\277\007\125\306\273\022\265\227 -\364\137\203\205\272\161\301\331\154\201\021\166\012\012\260\277 -\202\227\367\352\075\372\372\354\055\251\050\224\073\126\335\322 -\121\056\256\300\275\010\025\214\167\122\064\226\326\233\254\323 -\035\216\141\017\065\173\233\256\071\151\013\142\140\100\040\066 -\217\257\373\066\356\055\010\112\035\270\277\233\134\370\352\245 -\033\240\163\246\330\370\156\340\063\004\137\150\252\047\207\355 -\331\301\220\234\355\275\343\152\065\257\143\337\253\030\331\272 -\346\351\112\352\120\212\017\141\223\036\342\055\031\342\060\224 -\065\222\135\016\266\007\257\031\200\217\107\220\121\113\056\115 -\335\205\342\322\012\122\012\027\232\374\032\260\120\002\345\001 -\243\143\067\041\114\104\304\233\121\231\021\016\163\234\006\217 -\124\056\247\050\136\104\071\207\126\055\067\275\205\104\224\341 -\014\113\054\234\303\222\205\064\141\313\017\270\233\112\103\122 -\376\064\072\175\270\351\051\334\166\251\310\060\370\024\161\200 -\306\036\066\110\164\042\101\134\207\202\350\030\161\213\101\211 -\104\347\176\130\133\250\270\215\023\351\247\154\303\107\355\263 -\032\235\142\256\215\202\352\224\236\335\131\020\303\255\335\342 -\115\343\061\325\307\354\350\362\260\376\222\036\026\012\032\374 -\331\363\370\047\266\311\276\035\264\154\144\220\177\364\344\304 -\133\327\067\256\102\016\335\244\032\157\174\210\124\305\026\156 -\341\172\150\056\370\072\277\015\244\074\211\073\170\247\116\143 -\203\004\041\010\147\215\362\202\111\320\133\375\261\315\017\203 -\204\324\076\040\205\367\112\075\053\234\375\052\012\011\115\352 -\201\370\021\234 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "ePKI Root Certification Authority" -# Issuer: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW -# Serial Number:15:c8:bd:65:47:5c:af:b8:97:00:5e:e4:06:d2:bc:9d -# Subject: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW -# Not Valid Before: Mon Dec 20 02:31:27 2004 -# Not Valid After : Wed Dec 20 02:31:27 2034 -# Fingerprint (MD5): 1B:2E:00:CA:26:06:90:3D:AD:FE:6F:15:68:D3:6B:B3 -# Fingerprint (SHA1): 67:65:0D:F1:7E:8E:7E:5B:82:40:A4:F4:56:4B:CF:E2:3D:69:C6:F0 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "ePKI Root Certification Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\147\145\015\361\176\216\176\133\202\100\244\364\126\113\317\342 -\075\151\306\360 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\033\056\000\312\046\006\220\075\255\376\157\025\150\323\153\263 -END -CKA_ISSUER MULTILINE_OCTAL -\060\136\061\013\060\011\006\003\125\004\006\023\002\124\127\061 -\043\060\041\006\003\125\004\012\014\032\103\150\165\156\147\150 -\167\141\040\124\145\154\145\143\157\155\040\103\157\056\054\040 -\114\164\144\056\061\052\060\050\006\003\125\004\013\014\041\145 -\120\113\111\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\025\310\275\145\107\134\257\270\227\000\136\344\006\322 -\274\235 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "certSIGN ROOT CA" -# -# Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO -# Serial Number:20:06:05:16:70:02 -# Subject: OU=certSIGN ROOT CA,O=certSIGN,C=RO -# Not Valid Before: Tue Jul 04 17:20:04 2006 -# Not Valid After : Fri Jul 04 17:20:04 2031 -# Fingerprint (MD5): 18:98:C0:D6:E9:3A:FC:F9:B0:F5:0C:F7:4B:01:44:17 -# Fingerprint (SHA1): FA:B7:EE:36:97:26:62:FB:2D:B0:2A:F6:BF:03:FD:E8:7C:4B:2F:9B -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "certSIGN ROOT CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\073\061\013\060\011\006\003\125\004\006\023\002\122\117\061 -\021\060\017\006\003\125\004\012\023\010\143\145\162\164\123\111 -\107\116\061\031\060\027\006\003\125\004\013\023\020\143\145\162 -\164\123\111\107\116\040\122\117\117\124\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\073\061\013\060\011\006\003\125\004\006\023\002\122\117\061 -\021\060\017\006\003\125\004\012\023\010\143\145\162\164\123\111 -\107\116\061\031\060\027\006\003\125\004\013\023\020\143\145\162 -\164\123\111\107\116\040\122\117\117\124\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\006\040\006\005\026\160\002 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\070\060\202\002\040\240\003\002\001\002\002\006\040 -\006\005\026\160\002\060\015\006\011\052\206\110\206\367\015\001 -\001\005\005\000\060\073\061\013\060\011\006\003\125\004\006\023 -\002\122\117\061\021\060\017\006\003\125\004\012\023\010\143\145 -\162\164\123\111\107\116\061\031\060\027\006\003\125\004\013\023 -\020\143\145\162\164\123\111\107\116\040\122\117\117\124\040\103 -\101\060\036\027\015\060\066\060\067\060\064\061\067\062\060\060 -\064\132\027\015\063\061\060\067\060\064\061\067\062\060\060\064 -\132\060\073\061\013\060\011\006\003\125\004\006\023\002\122\117 -\061\021\060\017\006\003\125\004\012\023\010\143\145\162\164\123 -\111\107\116\061\031\060\027\006\003\125\004\013\023\020\143\145 -\162\164\123\111\107\116\040\122\117\117\124\040\103\101\060\202 -\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005 -\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\267 -\063\271\176\310\045\112\216\265\333\264\050\033\252\127\220\350 -\321\042\323\144\272\323\223\350\324\254\206\141\100\152\140\127 -\150\124\204\115\274\152\124\002\005\377\337\233\232\052\256\135 -\007\217\112\303\050\177\357\373\053\372\171\361\307\255\360\020 -\123\044\220\213\146\311\250\210\253\257\132\243\000\351\276\272 -\106\356\133\163\173\054\027\202\201\136\142\054\241\002\145\263 -\275\305\053\000\176\304\374\003\063\127\015\355\342\372\316\135 -\105\326\070\315\065\266\262\301\320\234\201\112\252\344\262\001 -\134\035\217\137\231\304\261\255\333\210\041\353\220\010\202\200 -\363\060\243\103\346\220\202\256\125\050\111\355\133\327\251\020 -\070\016\376\217\114\133\233\106\352\101\365\260\010\164\303\320 -\210\063\266\174\327\164\337\334\204\321\103\016\165\071\241\045 -\100\050\352\170\313\016\054\056\071\235\214\213\156\026\034\057 -\046\202\020\342\343\145\224\012\004\300\136\367\135\133\370\020 -\342\320\272\172\113\373\336\067\000\000\032\133\050\343\322\234 -\163\076\062\207\230\241\311\121\057\327\336\254\063\263\117\002 -\003\001\000\001\243\102\060\100\060\017\006\003\125\035\023\001 -\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017 -\001\001\377\004\004\003\002\001\306\060\035\006\003\125\035\016 -\004\026\004\024\340\214\233\333\045\111\263\361\174\206\326\262 -\102\207\013\320\153\240\331\344\060\015\006\011\052\206\110\206 -\367\015\001\001\005\005\000\003\202\001\001\000\076\322\034\211 -\056\065\374\370\165\335\346\177\145\210\364\162\114\311\054\327 -\062\116\363\335\031\171\107\275\216\073\133\223\017\120\111\044 -\023\153\024\006\162\357\011\323\241\241\343\100\204\311\347\030 -\062\164\074\110\156\017\237\113\324\367\036\323\223\206\144\124 -\227\143\162\120\325\125\317\372\040\223\002\242\233\303\043\223 -\116\026\125\166\240\160\171\155\315\041\037\317\057\055\274\031 -\343\210\061\370\131\032\201\011\310\227\246\164\307\140\304\133 -\314\127\216\262\165\375\033\002\011\333\131\157\162\223\151\367 -\061\101\326\210\070\277\207\262\275\026\171\371\252\344\276\210 -\045\335\141\047\043\034\265\061\007\004\066\264\032\220\275\240 -\164\161\120\211\155\274\024\343\017\206\256\361\253\076\307\240 -\011\314\243\110\321\340\333\144\347\222\265\317\257\162\103\160 -\213\371\303\204\074\023\252\176\222\233\127\123\223\372\160\302 -\221\016\061\371\233\147\135\351\226\070\136\137\263\163\116\210 -\025\147\336\236\166\020\142\040\276\125\151\225\103\000\071\115 -\366\356\260\132\116\111\104\124\130\137\102\203 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "certSIGN ROOT CA" -# Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO -# Serial Number:20:06:05:16:70:02 -# Subject: OU=certSIGN ROOT CA,O=certSIGN,C=RO -# Not Valid Before: Tue Jul 04 17:20:04 2006 -# Not Valid After : Fri Jul 04 17:20:04 2031 -# Fingerprint (MD5): 18:98:C0:D6:E9:3A:FC:F9:B0:F5:0C:F7:4B:01:44:17 -# Fingerprint (SHA1): FA:B7:EE:36:97:26:62:FB:2D:B0:2A:F6:BF:03:FD:E8:7C:4B:2F:9B -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "certSIGN ROOT CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\372\267\356\066\227\046\142\373\055\260\052\366\277\003\375\350 -\174\113\057\233 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\030\230\300\326\351\072\374\371\260\365\014\367\113\001\104\027 -END -CKA_ISSUER MULTILINE_OCTAL -\060\073\061\013\060\011\006\003\125\004\006\023\002\122\117\061 -\021\060\017\006\003\125\004\012\023\010\143\145\162\164\123\111 -\107\116\061\031\060\027\006\003\125\004\013\023\020\143\145\162 -\164\123\111\107\116\040\122\117\117\124\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\006\040\006\005\026\160\002 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "GeoTrust Primary Certification Authority - G3" -# -# Issuer: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Serial Number:15:ac:6e:94:19:b2:79:4b:41:f6:27:a9:c3:18:0f:1f -# Subject: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Not Valid Before: Wed Apr 02 00:00:00 2008 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (MD5): B5:E8:34:36:C9:10:44:58:48:70:6D:2E:83:D4:B8:05 -# Fingerprint (SHA1): 03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 -\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\050\143\051\040\062\060\060\070\040\107\145\157\124 -\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 -\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 -\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\050\143\051\040\062\060\060\070\040\107\145\157\124 -\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 -\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\025\254\156\224\031\262\171\113\101\366\047\251\303\030 -\017\037 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\376\060\202\002\346\240\003\002\001\002\002\020\025 -\254\156\224\031\262\171\113\101\366\047\251\303\030\017\037\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 -\230\061\013\060\011\006\003\125\004\006\023\002\125\123\061\026 -\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165\163 -\164\040\111\156\143\056\061\071\060\067\006\003\125\004\013\023 -\060\050\143\051\040\062\060\060\070\040\107\145\157\124\162\165 -\163\164\040\111\156\143\056\040\055\040\106\157\162\040\141\165 -\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 -\171\061\066\060\064\006\003\125\004\003\023\055\107\145\157\124 -\162\165\163\164\040\120\162\151\155\141\162\171\040\103\145\162 -\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171\040\055\040\107\063\060\036\027\015\060\070\060 -\064\060\062\060\060\060\060\060\060\132\027\015\063\067\061\062 -\060\061\062\063\065\071\065\071\132\060\201\230\061\013\060\011 -\006\003\125\004\006\023\002\125\123\061\026\060\024\006\003\125 -\004\012\023\015\107\145\157\124\162\165\163\164\040\111\156\143 -\056\061\071\060\067\006\003\125\004\013\023\060\050\143\051\040 -\062\060\060\070\040\107\145\157\124\162\165\163\164\040\111\156 -\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151 -\172\145\144\040\165\163\145\040\157\156\154\171\061\066\060\064 -\006\003\125\004\003\023\055\107\145\157\124\162\165\163\164\040 -\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143 -\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040 -\055\040\107\063\060\202\001\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012 -\002\202\001\001\000\334\342\136\142\130\035\063\127\071\062\063 -\372\353\313\207\214\247\324\112\335\006\210\352\144\216\061\230 -\245\070\220\036\230\317\056\143\053\360\106\274\104\262\211\241 -\300\050\014\111\160\041\225\237\144\300\246\223\022\002\145\046 -\206\306\245\211\360\372\327\204\240\160\257\117\032\227\077\006 -\104\325\311\353\162\020\175\344\061\050\373\034\141\346\050\007 -\104\163\222\042\151\247\003\210\154\235\143\310\122\332\230\047 -\347\010\114\160\076\264\311\022\301\305\147\203\135\063\363\003 -\021\354\152\320\123\342\321\272\066\140\224\200\273\141\143\154 -\133\027\176\337\100\224\036\253\015\302\041\050\160\210\377\326 -\046\154\154\140\004\045\116\125\176\175\357\277\224\110\336\267 -\035\335\160\215\005\137\210\245\233\362\302\356\352\321\100\101 -\155\142\070\035\126\006\305\003\107\121\040\031\374\173\020\013 -\016\142\256\166\125\277\137\167\276\076\111\001\123\075\230\045 -\003\166\044\132\035\264\333\211\352\171\345\266\263\073\077\272 -\114\050\101\177\006\254\152\216\301\320\366\005\035\175\346\102 -\206\343\245\325\107\002\003\001\000\001\243\102\060\100\060\017 -\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 -\035\006\003\125\035\016\004\026\004\024\304\171\312\216\241\116 -\003\035\034\334\153\333\061\133\224\076\077\060\177\055\060\015 -\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202\001 -\001\000\055\305\023\317\126\200\173\172\170\275\237\256\054\231 -\347\357\332\337\224\136\011\151\247\347\156\150\214\275\162\276 -\107\251\016\227\022\270\112\361\144\323\071\337\045\064\324\301 -\315\116\201\360\017\004\304\044\263\064\226\306\246\252\060\337 -\150\141\163\327\371\216\205\211\357\016\136\225\050\112\052\047 -\217\020\216\056\174\206\304\002\236\332\014\167\145\016\104\015 -\222\375\375\263\026\066\372\021\015\035\214\016\007\211\152\051 -\126\367\162\364\335\025\234\167\065\146\127\253\023\123\330\216 -\301\100\305\327\023\026\132\162\307\267\151\001\304\172\261\203 -\001\150\175\215\101\241\224\030\301\045\134\374\360\376\203\002 -\207\174\015\015\317\056\010\134\112\100\015\076\354\201\141\346 -\044\333\312\340\016\055\007\262\076\126\334\215\365\101\205\007 -\110\233\014\013\313\111\077\175\354\267\375\313\215\147\211\032 -\253\355\273\036\243\000\010\010\027\052\202\134\061\135\106\212 -\055\017\206\233\164\331\105\373\324\100\261\172\252\150\055\206 -\262\231\042\341\301\053\307\234\370\363\137\250\202\022\353\031 -\021\055 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -# For Server Distrust After: Tue Apr 30 00:00:00 2019 -CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL -\061\071\060\064\063\060\060\060\060\060\060\060\132 -END -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "GeoTrust Primary Certification Authority - G3" -# Issuer: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Serial Number:15:ac:6e:94:19:b2:79:4b:41:f6:27:a9:c3:18:0f:1f -# Subject: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Not Valid Before: Wed Apr 02 00:00:00 2008 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (MD5): B5:E8:34:36:C9:10:44:58:48:70:6D:2E:83:D4:B8:05 -# Fingerprint (SHA1): 03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\003\236\355\270\013\347\240\074\151\123\211\073\040\322\331\062 -\072\114\052\375 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\265\350\064\066\311\020\104\130\110\160\155\056\203\324\270\005 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 -\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\050\143\051\040\062\060\060\070\040\107\145\157\124 -\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 -\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\025\254\156\224\031\262\171\113\101\366\047\251\303\030 -\017\037 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "thawte Primary Root CA - G2" -# -# Issuer: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US -# Serial Number:35:fc:26:5c:d9:84:4f:c9:3d:26:3d:57:9b:ae:d7:56 -# Subject: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US -# Not Valid Before: Mon Nov 05 00:00:00 2007 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (MD5): 74:9D:EA:60:24:C4:FD:22:53:3E:CC:3A:72:D9:29:4F -# Fingerprint (SHA1): AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "thawte Primary Root CA - G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\204\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\070\060\066\006\003\125\004\013 -\023\057\050\143\051\040\062\060\060\067\040\164\150\141\167\164 -\145\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165 -\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 -\171\061\044\060\042\006\003\125\004\003\023\033\164\150\141\167 -\164\145\040\120\162\151\155\141\162\171\040\122\157\157\164\040 -\103\101\040\055\040\107\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\204\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\070\060\066\006\003\125\004\013 -\023\057\050\143\051\040\062\060\060\067\040\164\150\141\167\164 -\145\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165 -\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 -\171\061\044\060\042\006\003\125\004\003\023\033\164\150\141\167 -\164\145\040\120\162\151\155\141\162\171\040\122\157\157\164\040 -\103\101\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\065\374\046\134\331\204\117\311\075\046\075\127\233\256 -\327\126 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\210\060\202\002\015\240\003\002\001\002\002\020\065 -\374\046\134\331\204\117\311\075\046\075\127\233\256\327\126\060 -\012\006\010\052\206\110\316\075\004\003\003\060\201\204\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\025\060\023\006 -\003\125\004\012\023\014\164\150\141\167\164\145\054\040\111\156 -\143\056\061\070\060\066\006\003\125\004\013\023\057\050\143\051 -\040\062\060\060\067\040\164\150\141\167\164\145\054\040\111\156 -\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151 -\172\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042 -\006\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162 -\151\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040 -\107\062\060\036\027\015\060\067\061\061\060\065\060\060\060\060 -\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071\065 -\071\132\060\201\204\061\013\060\011\006\003\125\004\006\023\002 -\125\123\061\025\060\023\006\003\125\004\012\023\014\164\150\141 -\167\164\145\054\040\111\156\143\056\061\070\060\066\006\003\125 -\004\013\023\057\050\143\051\040\062\060\060\067\040\164\150\141 -\167\164\145\054\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\044\060\042\006\003\125\004\003\023\033\164\150 -\141\167\164\145\040\120\162\151\155\141\162\171\040\122\157\157 -\164\040\103\101\040\055\040\107\062\060\166\060\020\006\007\052 -\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 -\004\242\325\234\202\173\225\235\361\122\170\207\376\212\026\277 -\005\346\337\243\002\117\015\007\306\000\121\272\014\002\122\055 -\042\244\102\071\304\376\217\352\311\301\276\324\115\377\237\172 -\236\342\261\174\232\255\247\206\011\163\207\321\347\232\343\172 -\245\252\156\373\272\263\160\300\147\210\242\065\324\243\232\261 -\375\255\302\357\061\372\250\271\363\373\010\306\221\321\373\051 -\225\243\102\060\100\060\017\006\003\125\035\023\001\001\377\004 -\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004 -\024\232\330\000\060\000\347\153\177\205\030\356\213\266\316\212 -\014\370\021\341\273\060\012\006\010\052\206\110\316\075\004\003 -\003\003\151\000\060\146\002\061\000\335\370\340\127\107\133\247 -\346\012\303\275\365\200\212\227\065\015\033\211\074\124\206\167 -\050\312\241\364\171\336\265\346\070\260\360\145\160\214\177\002 -\124\302\277\377\330\241\076\331\317\002\061\000\304\215\224\374 -\334\123\322\334\235\170\026\037\025\063\043\123\122\343\132\061 -\135\235\312\256\275\023\051\104\015\047\133\250\347\150\234\022 -\367\130\077\056\162\002\127\243\217\241\024\056 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -# For Server Distrust After: Sun Sep 30 00:00:00 2018 -CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL -\061\070\060\071\063\060\060\060\060\060\060\060\132 -END -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "thawte Primary Root CA - G2" -# Issuer: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US -# Serial Number:35:fc:26:5c:d9:84:4f:c9:3d:26:3d:57:9b:ae:d7:56 -# Subject: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US -# Not Valid Before: Mon Nov 05 00:00:00 2007 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (MD5): 74:9D:EA:60:24:C4:FD:22:53:3E:CC:3A:72:D9:29:4F -# Fingerprint (SHA1): AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "thawte Primary Root CA - G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\252\333\274\042\043\217\304\001\241\047\273\070\335\364\035\333 -\010\236\360\022 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\164\235\352\140\044\304\375\042\123\076\314\072\162\331\051\117 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\204\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\070\060\066\006\003\125\004\013 -\023\057\050\143\051\040\062\060\060\067\040\164\150\141\167\164 -\145\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165 -\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 -\171\061\044\060\042\006\003\125\004\003\023\033\164\150\141\167 -\164\145\040\120\162\151\155\141\162\171\040\122\157\157\164\040 -\103\101\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\065\374\046\134\331\204\117\311\075\046\075\127\233\256 -\327\126 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "thawte Primary Root CA - G3" -# -# Issuer: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US -# Serial Number:60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fb -# Subject: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US -# Not Valid Before: Wed Apr 02 00:00:00 2008 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (MD5): FB:1B:5D:43:8A:94:CD:44:C6:76:F2:43:4B:47:E7:31 -# Fingerprint (SHA1): F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "thawte Primary Root CA - G3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 -\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040 -\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157 -\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040 -\062\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143 -\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172 -\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006 -\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151 -\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107 -\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 -\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040 -\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157 -\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040 -\062\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143 -\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172 -\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006 -\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151 -\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107 -\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\140\001\227\267\106\247\352\264\264\232\326\113\057\367 -\220\373 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\052\060\202\003\022\240\003\002\001\002\002\020\140 -\001\227\267\106\247\352\264\264\232\326\113\057\367\220\373\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 -\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025 -\060\023\006\003\125\004\012\023\014\164\150\141\167\164\145\054 -\040\111\156\143\056\061\050\060\046\006\003\125\004\013\023\037 -\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145 -\162\166\151\143\145\163\040\104\151\166\151\163\151\157\156\061 -\070\060\066\006\003\125\004\013\023\057\050\143\051\040\062\060 -\060\070\040\164\150\141\167\164\145\054\040\111\156\143\056\040 -\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145\144 -\040\165\163\145\040\157\156\154\171\061\044\060\042\006\003\125 -\004\003\023\033\164\150\141\167\164\145\040\120\162\151\155\141 -\162\171\040\122\157\157\164\040\103\101\040\055\040\107\063\060 -\036\027\015\060\070\060\064\060\062\060\060\060\060\060\060\132 -\027\015\063\067\061\062\060\061\062\063\065\071\065\071\132\060 -\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164\145 -\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013\023 -\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123 -\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157\156 -\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040\062 -\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143\056 -\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145 -\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006\003 -\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151\155 -\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107\063 -\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001 -\000\262\277\047\054\373\333\330\133\335\170\173\033\236\167\146 -\201\313\076\274\174\256\363\246\047\232\064\243\150\061\161\070 -\063\142\344\363\161\146\171\261\251\145\243\245\213\325\217\140 -\055\077\102\314\252\153\062\300\043\313\054\101\335\344\337\374 -\141\234\342\163\262\042\225\021\103\030\137\304\266\037\127\154 -\012\005\130\042\310\066\114\072\174\245\321\317\206\257\210\247 -\104\002\023\164\161\163\012\102\131\002\370\033\024\153\102\337 -\157\137\272\153\202\242\235\133\347\112\275\036\001\162\333\113 -\164\350\073\177\177\175\037\004\264\046\233\340\264\132\254\107 -\075\125\270\327\260\046\122\050\001\061\100\146\330\331\044\275 -\366\052\330\354\041\111\134\233\366\172\351\177\125\065\176\226 -\153\215\223\223\047\313\222\273\352\254\100\300\237\302\370\200 -\317\135\364\132\334\316\164\206\246\076\154\013\123\312\275\222 -\316\031\006\162\346\014\134\070\151\307\004\326\274\154\316\133 -\366\367\150\234\334\045\025\110\210\241\351\251\370\230\234\340 -\363\325\061\050\141\021\154\147\226\215\071\231\313\302\105\044 -\071\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125 -\035\016\004\026\004\024\255\154\252\224\140\234\355\344\377\372 -\076\012\164\053\143\003\367\266\131\277\060\015\006\011\052\206 -\110\206\367\015\001\001\013\005\000\003\202\001\001\000\032\100 -\330\225\145\254\011\222\211\306\071\364\020\345\251\016\146\123 -\135\170\336\372\044\221\273\347\104\121\337\306\026\064\012\357 -\152\104\121\352\053\007\212\003\172\303\353\077\012\054\122\026 -\240\053\103\271\045\220\077\160\251\063\045\155\105\032\050\073 -\047\317\252\303\051\102\033\337\073\114\300\063\064\133\101\210 -\277\153\053\145\257\050\357\262\365\303\252\146\316\173\126\356 -\267\310\313\147\301\311\234\032\030\270\304\303\111\003\361\140 -\016\120\315\106\305\363\167\171\367\266\025\340\070\333\307\057 -\050\240\014\077\167\046\164\331\045\022\332\061\332\032\036\334 -\051\101\221\042\074\151\247\273\002\362\266\134\047\003\211\364 -\006\352\233\344\162\202\343\241\011\301\351\000\031\323\076\324 -\160\153\272\161\246\252\130\256\364\273\351\154\266\357\207\314 -\233\273\377\071\346\126\141\323\012\247\304\134\114\140\173\005 -\167\046\172\277\330\007\122\054\142\367\160\143\331\071\274\157 -\034\302\171\334\166\051\257\316\305\054\144\004\136\210\066\156 -\061\324\100\032\142\064\066\077\065\001\256\254\143\240 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -# For Server Distrust After: Tue Apr 30 00:00:00 2019 -CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL -\061\071\060\064\063\060\060\060\060\060\060\060\132 -END -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "thawte Primary Root CA - G3" -# Issuer: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US -# Serial Number:60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fb -# Subject: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US -# Not Valid Before: Wed Apr 02 00:00:00 2008 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (MD5): FB:1B:5D:43:8A:94:CD:44:C6:76:F2:43:4B:47:E7:31 -# Fingerprint (SHA1): F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "thawte Primary Root CA - G3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\361\213\123\215\033\351\003\266\246\360\126\103\133\027\025\211 -\312\363\153\362 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\373\033\135\103\212\224\315\104\306\166\362\103\113\107\347\061 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164 -\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 -\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040 -\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157 -\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040 -\062\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143 -\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172 -\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006 -\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151 -\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107 -\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\140\001\227\267\106\247\352\264\264\232\326\113\057\367 -\220\373 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "GeoTrust Primary Certification Authority - G2" -# -# Issuer: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Serial Number:3c:b2:f4:48:0a:00:e2:fe:eb:24:3b:5e:60:3e:c3:6b -# Subject: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Not Valid Before: Mon Nov 05 00:00:00 2007 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (MD5): 01:5E:D8:6B:BD:6F:3D:8E:A1:31:F8:12:E0:98:73:6A -# Fingerprint (SHA1): 8D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 -\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\050\143\051\040\062\060\060\067\040\107\145\157\124 -\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 -\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 -\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\050\143\051\040\062\060\060\067\040\107\145\157\124 -\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 -\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\074\262\364\110\012\000\342\376\353\044\073\136\140\076 -\303\153 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\256\060\202\002\065\240\003\002\001\002\002\020\074 -\262\364\110\012\000\342\376\353\044\073\136\140\076\303\153\060 -\012\006\010\052\206\110\316\075\004\003\003\060\201\230\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\026\060\024\006 -\003\125\004\012\023\015\107\145\157\124\162\165\163\164\040\111 -\156\143\056\061\071\060\067\006\003\125\004\013\023\060\050\143 -\051\040\062\060\060\067\040\107\145\157\124\162\165\163\164\040 -\111\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157 -\162\151\172\145\144\040\165\163\145\040\157\156\154\171\061\066 -\060\064\006\003\125\004\003\023\055\107\145\157\124\162\165\163 -\164\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171\040\055\040\107\062\060\036\027\015\060\067\061\061\060\065 -\060\060\060\060\060\060\132\027\015\063\070\060\061\061\070\062 -\063\065\071\065\071\132\060\201\230\061\013\060\011\006\003\125 -\004\006\023\002\125\123\061\026\060\024\006\003\125\004\012\023 -\015\107\145\157\124\162\165\163\164\040\111\156\143\056\061\071 -\060\067\006\003\125\004\013\023\060\050\143\051\040\062\060\060 -\067\040\107\145\157\124\162\165\163\164\040\111\156\143\056\040 -\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145\144 -\040\165\163\145\040\157\156\154\171\061\066\060\064\006\003\125 -\004\003\023\055\107\145\157\124\162\165\163\164\040\120\162\151 -\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 -\062\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005 -\053\201\004\000\042\003\142\000\004\025\261\350\375\003\025\103 -\345\254\353\207\067\021\142\357\322\203\066\122\175\105\127\013 -\112\215\173\124\073\072\156\137\025\002\300\120\246\317\045\057 -\175\312\110\270\307\120\143\034\052\041\010\174\232\066\330\013 -\376\321\046\305\130\061\060\050\045\363\135\135\243\270\266\245 -\264\222\355\154\054\237\353\335\103\211\242\074\113\110\221\035 -\120\354\046\337\326\140\056\275\041\243\102\060\100\060\017\006 -\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016 -\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035 -\006\003\125\035\016\004\026\004\024\025\137\065\127\121\125\373 -\045\262\255\003\151\374\001\243\372\276\021\125\325\060\012\006 -\010\052\206\110\316\075\004\003\003\003\147\000\060\144\002\060 -\144\226\131\246\350\011\336\213\272\372\132\210\210\360\037\221 -\323\106\250\362\112\114\002\143\373\154\137\070\333\056\101\223 -\251\016\346\235\334\061\034\262\240\247\030\034\171\341\307\066 -\002\060\072\126\257\232\164\154\366\373\203\340\063\323\010\137 -\241\234\302\133\237\106\326\266\313\221\006\143\242\006\347\063 -\254\076\250\201\022\320\313\272\320\222\013\266\236\226\252\004 -\017\212 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -# For Server Distrust After: Wed Jan 01 00:00:00 2020 -CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL -\062\060\060\061\060\061\060\060\060\060\060\060\132 -END -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "GeoTrust Primary Certification Authority - G2" -# Issuer: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Serial Number:3c:b2:f4:48:0a:00:e2:fe:eb:24:3b:5e:60:3e:c3:6b -# Subject: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US -# Not Valid Before: Mon Nov 05 00:00:00 2007 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (MD5): 01:5E:D8:6B:BD:6F:3D:8E:A1:31:F8:12:E0:98:73:6A -# Fingerprint (SHA1): 8D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\215\027\204\325\067\363\003\175\354\160\376\127\213\121\232\231 -\346\020\327\260 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\001\136\330\153\275\157\075\216\241\061\370\022\340\230\163\152 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162 -\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004 -\013\023\060\050\143\051\040\062\060\060\067\040\107\145\157\124 -\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040 -\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157 -\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145 -\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\074\262\364\110\012\000\342\376\353\044\073\136\140\076 -\303\153 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "VeriSign Universal Root Certification Authority" -# -# Issuer: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:40:1a:c4:64:21:b3:13:21:03:0e:bb:e4:12:1a:c5:1d -# Subject: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Wed Apr 02 00:00:00 2008 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (MD5): 8E:AD:B5:01:AA:4D:81:E4:8C:1D:D1:E1:14:00:95:19 -# Fingerprint (SHA1): 36:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:0D:54 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "VeriSign Universal Root Certification Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\275\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\070\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\070\060\066\006\003\125\004\003\023 -\057\126\145\162\151\123\151\147\156\040\125\156\151\166\145\162 -\163\141\154\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\275\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\070\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\070\060\066\006\003\125\004\003\023 -\057\126\145\162\151\123\151\147\156\040\125\156\151\166\145\162 -\163\141\154\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\100\032\304\144\041\263\023\041\003\016\273\344\022\032 -\305\035 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\271\060\202\003\241\240\003\002\001\002\002\020\100 -\032\304\144\041\263\023\041\003\016\273\344\022\032\305\035\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 -\275\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027 -\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147 -\156\054\040\111\156\143\056\061\037\060\035\006\003\125\004\013 -\023\026\126\145\162\151\123\151\147\156\040\124\162\165\163\164 -\040\116\145\164\167\157\162\153\061\072\060\070\006\003\125\004 -\013\023\061\050\143\051\040\062\060\060\070\040\126\145\162\151 -\123\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162 -\040\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040 -\157\156\154\171\061\070\060\066\006\003\125\004\003\023\057\126 -\145\162\151\123\151\147\156\040\125\156\151\166\145\162\163\141 -\154\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\036 -\027\015\060\070\060\064\060\062\060\060\060\060\060\060\132\027 -\015\063\067\061\062\060\061\062\063\065\071\065\071\132\060\201 -\275\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027 -\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147 -\156\054\040\111\156\143\056\061\037\060\035\006\003\125\004\013 -\023\026\126\145\162\151\123\151\147\156\040\124\162\165\163\164 -\040\116\145\164\167\157\162\153\061\072\060\070\006\003\125\004 -\013\023\061\050\143\051\040\062\060\060\070\040\126\145\162\151 -\123\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162 -\040\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040 -\157\156\154\171\061\070\060\066\006\003\125\004\003\023\057\126 -\145\162\151\123\151\147\156\040\125\156\151\166\145\162\163\141 -\154\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\202 -\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005 -\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\307 -\141\067\136\261\001\064\333\142\327\025\233\377\130\132\214\043 -\043\326\140\216\221\327\220\230\203\172\346\130\031\070\214\305 -\366\345\144\205\264\242\161\373\355\275\271\332\315\115\000\264 -\310\055\163\245\307\151\161\225\037\071\074\262\104\007\234\350 -\016\372\115\112\304\041\337\051\141\217\062\042\141\202\305\207 -\037\156\214\174\137\026\040\121\104\321\160\117\127\352\343\034 -\343\314\171\356\130\330\016\302\263\105\223\300\054\347\232\027 -\053\173\000\067\172\101\063\170\341\063\342\363\020\032\177\207 -\054\276\366\365\367\102\342\345\277\207\142\211\137\000\113\337 -\305\335\344\165\104\062\101\072\036\161\156\151\313\013\165\106 -\010\321\312\322\053\225\320\317\373\271\100\153\144\214\127\115 -\374\023\021\171\204\355\136\124\366\064\237\010\001\363\020\045 -\006\027\112\332\361\035\172\146\153\230\140\146\244\331\357\322 -\056\202\361\360\357\011\352\104\311\025\152\342\003\156\063\323 -\254\237\125\000\307\366\010\152\224\271\137\334\340\063\361\204 -\140\371\133\047\021\264\374\026\362\273\126\152\200\045\215\002 -\003\001\000\001\243\201\262\060\201\257\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\155\006\010\053 -\006\001\005\005\007\001\014\004\141\060\137\241\135\240\133\060 -\131\060\127\060\125\026\011\151\155\141\147\145\057\147\151\146 -\060\041\060\037\060\007\006\005\053\016\003\002\032\004\024\217 -\345\323\032\206\254\215\216\153\303\317\200\152\324\110\030\054 -\173\031\056\060\045\026\043\150\164\164\160\072\057\057\154\157 -\147\157\056\166\145\162\151\163\151\147\156\056\143\157\155\057 -\166\163\154\157\147\157\056\147\151\146\060\035\006\003\125\035 -\016\004\026\004\024\266\167\372\151\110\107\237\123\022\325\302 -\352\007\062\166\007\321\227\007\031\060\015\006\011\052\206\110 -\206\367\015\001\001\013\005\000\003\202\001\001\000\112\370\370 -\260\003\346\054\147\173\344\224\167\143\314\156\114\371\175\016 -\015\334\310\271\065\271\160\117\143\372\044\372\154\203\214\107 -\235\073\143\363\232\371\166\062\225\221\261\167\274\254\232\276 -\261\344\061\041\306\201\225\126\132\016\261\302\324\261\246\131 -\254\361\143\313\270\114\035\131\220\112\357\220\026\050\037\132 -\256\020\373\201\120\070\014\154\314\361\075\303\365\143\343\263 -\343\041\311\044\071\351\375\025\146\106\364\033\021\320\115\163 -\243\175\106\371\075\355\250\137\142\324\361\077\370\340\164\127 -\053\030\235\201\264\304\050\332\224\227\245\160\353\254\035\276 -\007\021\360\325\333\335\345\214\360\325\062\260\203\346\127\342 -\217\277\276\241\252\277\075\035\265\324\070\352\327\260\134\072 -\117\152\077\217\300\146\154\143\252\351\331\244\026\364\201\321 -\225\024\016\175\315\225\064\331\322\217\160\163\201\173\234\176 -\275\230\141\330\105\207\230\220\305\353\206\060\306\065\277\360 -\377\303\125\210\203\113\357\005\222\006\161\362\270\230\223\267 -\354\315\202\141\361\070\346\117\227\230\052\132\215 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -# For Server Distrust After: Tue Apr 30 00:00:00 2019 -CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL -\061\071\060\064\063\060\060\060\060\060\060\060\132 -END -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "VeriSign Universal Root Certification Authority" -# Issuer: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:40:1a:c4:64:21:b3:13:21:03:0e:bb:e4:12:1a:c5:1d -# Subject: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Wed Apr 02 00:00:00 2008 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (MD5): 8E:AD:B5:01:AA:4D:81:E4:8C:1D:D1:E1:14:00:95:19 -# Fingerprint (SHA1): 36:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:0D:54 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "VeriSign Universal Root Certification Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\066\171\312\065\146\207\162\060\115\060\245\373\207\073\017\247 -\173\267\015\124 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\216\255\265\001\252\115\201\344\214\035\321\341\024\000\225\031 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\275\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\070\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\070\060\066\006\003\125\004\003\023 -\057\126\145\162\151\123\151\147\156\040\125\156\151\166\145\162 -\163\141\154\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\100\032\304\144\041\263\023\041\003\016\273\344\022\032 -\305\035 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" -# -# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:2f:80:fe:23:8c:0e:22:0f:48:67:12:28:91:87:ac:b3 -# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon Nov 05 00:00:00 2007 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (MD5): 3A:52:E1:E7:FD:6F:3A:E3:6F:F3:6F:99:1B:F9:22:41 -# Fingerprint (SHA1): 22:D5:D8:DF:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G4" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\067\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\064 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\067\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\064 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\057\200\376\043\214\016\042\017\110\147\022\050\221\207 -\254\263 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\204\060\202\003\012\240\003\002\001\002\002\020\057 -\200\376\043\214\016\042\017\110\147\022\050\221\207\254\263\060 -\012\006\010\052\206\110\316\075\004\003\003\060\201\312\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006 -\003\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040 -\111\156\143\056\061\037\060\035\006\003\125\004\013\023\026\126 -\145\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145 -\164\167\157\162\153\061\072\060\070\006\003\125\004\013\023\061 -\050\143\051\040\062\060\060\067\040\126\145\162\151\123\151\147 -\156\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165 -\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154 -\171\061\105\060\103\006\003\125\004\003\023\074\126\145\162\151 -\123\151\147\156\040\103\154\141\163\163\040\063\040\120\165\142 -\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 -\151\164\171\040\055\040\107\064\060\036\027\015\060\067\061\061 -\060\065\060\060\060\060\060\060\132\027\015\063\070\060\061\061 -\070\062\063\065\071\065\071\132\060\201\312\061\013\060\011\006 -\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125\004 -\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156\143 -\056\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151 -\123\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157 -\162\153\061\072\060\070\006\003\125\004\013\023\061\050\143\051 -\040\062\060\060\067\040\126\145\162\151\123\151\147\156\054\040 -\111\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157 -\162\151\172\145\144\040\165\163\145\040\157\156\154\171\061\105 -\060\103\006\003\125\004\003\023\074\126\145\162\151\123\151\147 -\156\040\103\154\141\163\163\040\063\040\120\165\142\154\151\143 -\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\040\055\040\107\064\060\166\060\020\006\007\052\206\110\316\075 -\002\001\006\005\053\201\004\000\042\003\142\000\004\247\126\172 -\174\122\332\144\233\016\055\134\330\136\254\222\075\376\001\346 -\031\112\075\024\003\113\372\140\047\040\331\203\211\151\372\124 -\306\232\030\136\125\052\144\336\006\366\215\112\073\255\020\074 -\145\075\220\210\004\211\340\060\141\263\256\135\001\247\173\336 -\174\262\276\312\145\141\000\206\256\332\217\173\320\211\255\115 -\035\131\232\101\261\274\107\200\334\236\142\303\371\243\201\262 -\060\201\257\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004 -\003\002\001\006\060\155\006\010\053\006\001\005\005\007\001\014 -\004\141\060\137\241\135\240\133\060\131\060\127\060\125\026\011 -\151\155\141\147\145\057\147\151\146\060\041\060\037\060\007\006 -\005\053\016\003\002\032\004\024\217\345\323\032\206\254\215\216 -\153\303\317\200\152\324\110\030\054\173\031\056\060\045\026\043 -\150\164\164\160\072\057\057\154\157\147\157\056\166\145\162\151 -\163\151\147\156\056\143\157\155\057\166\163\154\157\147\157\056 -\147\151\146\060\035\006\003\125\035\016\004\026\004\024\263\026 -\221\375\356\246\156\344\265\056\111\217\207\170\201\200\354\345 -\261\265\060\012\006\010\052\206\110\316\075\004\003\003\003\150 -\000\060\145\002\060\146\041\014\030\046\140\132\070\173\126\102 -\340\247\374\066\204\121\221\040\054\166\115\103\075\304\035\204 -\043\320\254\326\174\065\006\316\315\151\275\220\015\333\154\110 -\102\035\016\252\102\002\061\000\234\075\110\071\043\071\130\032 -\025\022\131\152\236\357\325\131\262\035\122\054\231\161\315\307 -\051\337\033\052\141\173\161\321\336\363\300\345\015\072\112\252 -\055\247\330\206\052\335\056\020 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -# For Server Distrust After: Thu Jan 31 00:00:00 2019 -CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL -\061\071\060\061\063\061\060\060\060\060\060\060\132 -END -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" -# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Serial Number:2f:80:fe:23:8c:0e:22:0f:48:67:12:28:91:87:ac:b3 -# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon Nov 05 00:00:00 2007 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (MD5): 3A:52:E1:E7:FD:6F:3A:E3:6F:F3:6F:99:1B:F9:22:41 -# Fingerprint (SHA1): 22:D5:D8:DF:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G4" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\042\325\330\337\217\002\061\321\215\367\235\267\317\212\055\144 -\311\077\154\072 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\072\122\341\347\375\157\072\343\157\363\157\231\033\371\042\101 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 -\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 -\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 -\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 -\125\004\013\023\061\050\143\051\040\062\060\060\067\040\126\145 -\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 -\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 -\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 -\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 -\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171\040\055\040\107\064 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\057\200\376\043\214\016\042\017\110\147\022\050\221\207 -\254\263 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "NetLock Arany (Class Gold) Főtanúsítvány" -# -# Issuer: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU -# Serial Number:49:41:2c:e4:00:10 -# Subject: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU -# Not Valid Before: Thu Dec 11 15:08:21 2008 -# Not Valid After : Wed Dec 06 15:08:21 2028 -# Fingerprint (MD5): C5:A1:B7:FF:73:DD:D6:D7:34:32:18:DF:FC:3C:AD:88 -# Fingerprint (SHA1): 06:08:3F:59:3F:15:A1:04:A0:69:A4:6B:A9:03:D0:06:B7:97:09:91 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "NetLock Arany (Class Gold) Főtanúsítvány" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\247\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 -\145\163\164\061\025\060\023\006\003\125\004\012\014\014\116\145 -\164\114\157\143\153\040\113\146\164\056\061\067\060\065\006\003 -\125\004\013\014\056\124\141\156\303\272\163\303\255\164\166\303 -\241\156\171\153\151\141\144\303\263\153\040\050\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143 -\145\163\051\061\065\060\063\006\003\125\004\003\014\054\116\145 -\164\114\157\143\153\040\101\162\141\156\171\040\050\103\154\141 -\163\163\040\107\157\154\144\051\040\106\305\221\164\141\156\303 -\272\163\303\255\164\166\303\241\156\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\247\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 -\145\163\164\061\025\060\023\006\003\125\004\012\014\014\116\145 -\164\114\157\143\153\040\113\146\164\056\061\067\060\065\006\003 -\125\004\013\014\056\124\141\156\303\272\163\303\255\164\166\303 -\241\156\171\153\151\141\144\303\263\153\040\050\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143 -\145\163\051\061\065\060\063\006\003\125\004\003\014\054\116\145 -\164\114\157\143\153\040\101\162\141\156\171\040\050\103\154\141 -\163\163\040\107\157\154\144\051\040\106\305\221\164\141\156\303 -\272\163\303\255\164\166\303\241\156\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\006\111\101\054\344\000\020 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\025\060\202\002\375\240\003\002\001\002\002\006\111 -\101\054\344\000\020\060\015\006\011\052\206\110\206\367\015\001 -\001\013\005\000\060\201\247\061\013\060\011\006\003\125\004\006 -\023\002\110\125\061\021\060\017\006\003\125\004\007\014\010\102 -\165\144\141\160\145\163\164\061\025\060\023\006\003\125\004\012 -\014\014\116\145\164\114\157\143\153\040\113\146\164\056\061\067 -\060\065\006\003\125\004\013\014\056\124\141\156\303\272\163\303 -\255\164\166\303\241\156\171\153\151\141\144\303\263\153\040\050 -\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145 -\162\166\151\143\145\163\051\061\065\060\063\006\003\125\004\003 -\014\054\116\145\164\114\157\143\153\040\101\162\141\156\171\040 -\050\103\154\141\163\163\040\107\157\154\144\051\040\106\305\221 -\164\141\156\303\272\163\303\255\164\166\303\241\156\171\060\036 -\027\015\060\070\061\062\061\061\061\065\060\070\062\061\132\027 -\015\062\070\061\062\060\066\061\065\060\070\062\061\132\060\201 -\247\061\013\060\011\006\003\125\004\006\023\002\110\125\061\021 -\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145\163 -\164\061\025\060\023\006\003\125\004\012\014\014\116\145\164\114 -\157\143\153\040\113\146\164\056\061\067\060\065\006\003\125\004 -\013\014\056\124\141\156\303\272\163\303\255\164\166\303\241\156 -\171\153\151\141\144\303\263\153\040\050\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\123\145\162\166\151\143\145\163 -\051\061\065\060\063\006\003\125\004\003\014\054\116\145\164\114 -\157\143\153\040\101\162\141\156\171\040\050\103\154\141\163\163 -\040\107\157\154\144\051\040\106\305\221\164\141\156\303\272\163 -\303\255\164\166\303\241\156\171\060\202\001\042\060\015\006\011 -\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000 -\060\202\001\012\002\202\001\001\000\304\044\136\163\276\113\155 -\024\303\241\364\343\227\220\156\322\060\105\036\074\356\147\331 -\144\340\032\212\177\312\060\312\203\343\040\301\343\364\072\323 -\224\137\032\174\133\155\277\060\117\204\047\366\237\037\111\274 -\306\231\012\220\362\017\365\177\103\204\067\143\121\213\172\245 -\160\374\172\130\315\216\233\355\303\106\154\204\160\135\332\363 -\001\220\043\374\116\060\251\176\341\047\143\347\355\144\074\240 -\270\311\063\143\376\026\220\377\260\270\375\327\250\300\300\224 -\103\013\266\325\131\246\236\126\320\044\037\160\171\257\333\071 -\124\015\145\165\331\025\101\224\001\257\136\354\366\215\361\377 -\255\144\376\040\232\327\134\353\376\246\037\010\144\243\213\166 -\125\255\036\073\050\140\056\207\045\350\252\257\037\306\144\106 -\040\267\160\177\074\336\110\333\226\123\267\071\167\344\032\342 -\307\026\204\166\227\133\057\273\031\025\205\370\151\205\365\231 -\247\251\362\064\247\251\266\246\003\374\157\206\075\124\174\166 -\004\233\153\371\100\135\000\064\307\056\231\165\235\345\210\003 -\252\115\370\003\322\102\166\300\033\002\003\000\250\213\243\105 -\060\103\060\022\006\003\125\035\023\001\001\377\004\010\060\006 -\001\001\377\002\001\004\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004 -\024\314\372\147\223\360\266\270\320\245\300\036\363\123\375\214 -\123\337\203\327\226\060\015\006\011\052\206\110\206\367\015\001 -\001\013\005\000\003\202\001\001\000\253\177\356\034\026\251\234 -\074\121\000\240\300\021\010\005\247\231\346\157\001\210\124\141 -\156\361\271\030\255\112\255\376\201\100\043\224\057\373\165\174 -\057\050\113\142\044\201\202\013\365\141\361\034\156\270\141\070 -\353\201\372\142\241\073\132\142\323\224\145\304\341\346\155\202 -\370\057\045\160\262\041\046\301\162\121\037\214\054\303\204\220 -\303\132\217\272\317\364\247\145\245\353\230\321\373\005\262\106 -\165\025\043\152\157\205\143\060\200\360\325\236\037\051\034\302 -\154\260\120\131\135\220\133\073\250\015\060\317\277\175\177\316 -\361\235\203\275\311\106\156\040\246\371\141\121\272\041\057\173 -\276\245\025\143\241\324\225\207\361\236\271\363\211\363\075\205 -\270\270\333\276\265\271\051\371\332\067\005\000\111\224\003\204 -\104\347\277\103\061\317\165\213\045\321\364\246\144\365\222\366 -\253\005\353\075\351\245\013\066\142\332\314\006\137\066\213\266 -\136\061\270\052\373\136\366\161\337\104\046\236\304\346\015\221 -\264\056\165\225\200\121\152\113\060\246\260\142\241\223\361\233 -\330\316\304\143\165\077\131\107\261 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "NetLock Arany (Class Gold) Főtanúsítvány" -# Issuer: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU -# Serial Number:49:41:2c:e4:00:10 -# Subject: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU -# Not Valid Before: Thu Dec 11 15:08:21 2008 -# Not Valid After : Wed Dec 06 15:08:21 2028 -# Fingerprint (MD5): C5:A1:B7:FF:73:DD:D6:D7:34:32:18:DF:FC:3C:AD:88 -# Fingerprint (SHA1): 06:08:3F:59:3F:15:A1:04:A0:69:A4:6B:A9:03:D0:06:B7:97:09:91 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "NetLock Arany (Class Gold) Főtanúsítvány" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\006\010\077\131\077\025\241\004\240\151\244\153\251\003\320\006 -\267\227\011\221 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\305\241\267\377\163\335\326\327\064\062\030\337\374\074\255\210 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\247\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 -\145\163\164\061\025\060\023\006\003\125\004\012\014\014\116\145 -\164\114\157\143\153\040\113\146\164\056\061\067\060\065\006\003 -\125\004\013\014\056\124\141\156\303\272\163\303\255\164\166\303 -\241\156\171\153\151\141\144\303\263\153\040\050\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143 -\145\163\051\061\065\060\063\006\003\125\004\003\014\054\116\145 -\164\114\157\143\153\040\101\162\141\156\171\040\050\103\154\141 -\163\163\040\107\157\154\144\051\040\106\305\221\164\141\156\303 -\272\163\303\255\164\166\303\241\156\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\006\111\101\054\344\000\020 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Hongkong Post Root CA 1" -# -# Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK -# Serial Number: 1000 (0x3e8) -# Subject: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK -# Not Valid Before: Thu May 15 05:13:14 2003 -# Not Valid After : Mon May 15 04:52:29 2023 -# Fingerprint (MD5): A8:0D:6F:39:78:B9:43:6D:77:42:6D:98:5A:CC:23:CA -# Fingerprint (SHA1): D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Hongkong Post Root CA 1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061 -\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157 -\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003 -\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040 -\122\157\157\164\040\103\101\040\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061 -\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157 -\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003 -\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040 -\122\157\157\164\040\103\101\040\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\003\350 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\060\060\202\002\030\240\003\002\001\002\002\002\003 -\350\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 -\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061 -\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157 -\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003 -\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040 -\122\157\157\164\040\103\101\040\061\060\036\027\015\060\063\060 -\065\061\065\060\065\061\063\061\064\132\027\015\062\063\060\065 -\061\065\060\064\065\062\062\071\132\060\107\061\013\060\011\006 -\003\125\004\006\023\002\110\113\061\026\060\024\006\003\125\004 -\012\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164 -\061\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153 -\157\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101 -\040\061\060\202\001\042\060\015\006\011\052\206\110\206\367\015 -\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202 -\001\001\000\254\377\070\266\351\146\002\111\343\242\264\341\220 -\371\100\217\171\371\342\275\171\376\002\275\356\044\222\035\042 -\366\332\205\162\151\376\327\077\011\324\335\221\265\002\234\320 -\215\132\341\125\303\120\206\271\051\046\302\343\331\240\361\151 -\003\050\040\200\105\042\055\126\247\073\124\225\126\042\131\037 -\050\337\037\040\075\155\242\066\276\043\240\261\156\265\261\047 -\077\071\123\011\352\253\152\350\164\262\302\145\134\216\277\174 -\303\170\204\315\236\026\374\365\056\117\040\052\010\237\167\363 -\305\036\304\232\122\146\036\110\136\343\020\006\217\042\230\341 -\145\216\033\135\043\146\073\270\245\062\121\310\206\252\241\251 -\236\177\166\224\302\246\154\267\101\360\325\310\006\070\346\324 -\014\342\363\073\114\155\120\214\304\203\047\301\023\204\131\075 -\236\165\164\266\330\002\136\072\220\172\300\102\066\162\354\152 -\115\334\357\304\000\337\023\030\127\137\046\170\310\326\012\171 -\167\277\367\257\267\166\271\245\013\204\027\135\020\352\157\341 -\253\225\021\137\155\074\243\134\115\203\133\362\263\031\212\200 -\213\013\207\002\003\001\000\001\243\046\060\044\060\022\006\003 -\125\035\023\001\001\377\004\010\060\006\001\001\377\002\001\003 -\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\306 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003 -\202\001\001\000\016\106\325\074\256\342\207\331\136\201\213\002 -\230\101\010\214\114\274\332\333\356\047\033\202\347\152\105\354 -\026\213\117\205\240\363\262\160\275\132\226\272\312\156\155\356 -\106\213\156\347\052\056\226\263\031\063\353\264\237\250\262\067 -\356\230\250\227\266\056\266\147\047\324\246\111\375\034\223\145 -\166\236\102\057\334\042\154\232\117\362\132\025\071\261\161\327 -\053\121\350\155\034\230\300\331\052\364\241\202\173\325\311\101 -\242\043\001\164\070\125\213\017\271\056\147\242\040\004\067\332 -\234\013\323\027\041\340\217\227\171\064\157\204\110\002\040\063 -\033\346\064\104\237\221\160\364\200\136\204\103\302\051\322\154 -\022\024\344\141\215\254\020\220\236\204\120\273\360\226\157\105 -\237\212\363\312\154\117\372\021\072\025\025\106\303\315\037\203 -\133\055\101\022\355\120\147\101\023\075\041\253\224\212\252\116 -\174\301\261\373\247\326\265\047\057\227\253\156\340\035\342\321 -\034\054\037\104\342\374\276\221\241\234\373\326\051\123\163\206 -\237\123\330\103\016\135\326\143\202\161\035\200\164\312\366\342 -\002\153\331\132 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Hongkong Post Root CA 1" -# Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK -# Serial Number: 1000 (0x3e8) -# Subject: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK -# Not Valid Before: Thu May 15 05:13:14 2003 -# Not Valid After : Mon May 15 04:52:29 2023 -# Fingerprint (MD5): A8:0D:6F:39:78:B9:43:6D:77:42:6D:98:5A:CC:23:CA -# Fingerprint (SHA1): D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Hongkong Post Root CA 1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\326\332\250\040\215\011\322\025\115\044\265\057\313\064\156\262 -\130\262\212\130 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\250\015\157\071\170\271\103\155\167\102\155\230\132\314\043\312 -END -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061 -\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157 -\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003 -\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040 -\122\157\157\164\040\103\101\040\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\003\350 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "SecureSign RootCA11" -# -# Issuer: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP -# Serial Number: 1 (0x1) -# Subject: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP -# Not Valid Before: Wed Apr 08 04:56:47 2009 -# Not Valid After : Sun Apr 08 04:56:47 2029 -# Fingerprint (MD5): B7:52:74:E2:92:B4:80:93:F2:75:E4:CC:D7:F2:EA:26 -# Fingerprint (SHA1): 3B:C4:9F:48:F8:F3:73:A0:9C:1E:BD:F8:5B:B1:C3:65:C7:D8:11:B3 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SecureSign RootCA11" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\130\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\053\060\051\006\003\125\004\012\023\042\112\141\160\141\156\040 -\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145 -\162\166\151\143\145\163\054\040\111\156\143\056\061\034\060\032 -\006\003\125\004\003\023\023\123\145\143\165\162\145\123\151\147 -\156\040\122\157\157\164\103\101\061\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\130\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\053\060\051\006\003\125\004\012\023\042\112\141\160\141\156\040 -\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145 -\162\166\151\143\145\163\054\040\111\156\143\056\061\034\060\032 -\006\003\125\004\003\023\023\123\145\143\165\162\145\123\151\147 -\156\040\122\157\157\164\103\101\061\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\155\060\202\002\125\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\130\061\013\060\011\006\003\125\004\006\023\002\112\120\061\053 -\060\051\006\003\125\004\012\023\042\112\141\160\141\156\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145\162 -\166\151\143\145\163\054\040\111\156\143\056\061\034\060\032\006 -\003\125\004\003\023\023\123\145\143\165\162\145\123\151\147\156 -\040\122\157\157\164\103\101\061\061\060\036\027\015\060\071\060 -\064\060\070\060\064\065\066\064\067\132\027\015\062\071\060\064 -\060\070\060\064\065\066\064\067\132\060\130\061\013\060\011\006 -\003\125\004\006\023\002\112\120\061\053\060\051\006\003\125\004 -\012\023\042\112\141\160\141\156\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\123\145\162\166\151\143\145\163\054 -\040\111\156\143\056\061\034\060\032\006\003\125\004\003\023\023 -\123\145\143\165\162\145\123\151\147\156\040\122\157\157\164\103 -\101\061\061\060\202\001\042\060\015\006\011\052\206\110\206\367 -\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002 -\202\001\001\000\375\167\252\245\034\220\005\073\313\114\233\063 -\213\132\024\105\244\347\220\026\321\337\127\322\041\020\244\027 -\375\337\254\326\037\247\344\333\174\367\354\337\270\003\332\224 -\130\375\135\162\174\214\077\137\001\147\164\025\226\343\002\074 -\207\333\256\313\001\216\302\363\146\306\205\105\364\002\306\072 -\265\142\262\257\372\234\277\244\346\324\200\060\230\363\015\266 -\223\217\251\324\330\066\362\260\374\212\312\054\241\025\063\225 -\061\332\300\033\362\356\142\231\206\143\077\277\335\223\052\203 -\250\166\271\023\037\267\316\116\102\205\217\042\347\056\032\362 -\225\011\262\005\265\104\116\167\241\040\275\251\362\116\012\175 -\120\255\365\005\015\105\117\106\161\375\050\076\123\373\004\330 -\055\327\145\035\112\033\372\317\073\260\061\232\065\156\310\213 -\006\323\000\221\362\224\010\145\114\261\064\006\000\172\211\342 -\360\307\003\131\317\325\326\350\247\062\263\346\230\100\206\305 -\315\047\022\213\314\173\316\267\021\074\142\140\007\043\076\053 -\100\156\224\200\011\155\266\263\157\167\157\065\010\120\373\002 -\207\305\076\211\002\003\001\000\001\243\102\060\100\060\035\006 -\003\125\035\016\004\026\004\024\133\370\115\117\262\245\206\324 -\072\322\361\143\232\240\276\011\366\127\267\336\060\016\006\003 -\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003 -\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006 -\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001 -\000\240\241\070\026\146\056\247\126\037\041\234\006\372\035\355 -\271\042\305\070\046\330\116\117\354\243\177\171\336\106\041\241 -\207\167\217\007\010\232\262\244\305\257\017\062\230\013\174\146 -\051\266\233\175\045\122\111\103\253\114\056\053\156\172\160\257 -\026\016\343\002\154\373\102\346\030\235\105\330\125\310\350\073 -\335\347\341\364\056\013\034\064\134\154\130\112\373\214\210\120 -\137\225\034\277\355\253\042\265\145\263\205\272\236\017\270\255 -\345\172\033\212\120\072\035\275\015\274\173\124\120\013\271\102 -\257\125\240\030\201\255\145\231\357\276\344\234\277\304\205\253 -\101\262\124\157\334\045\315\355\170\342\216\014\215\011\111\335 -\143\173\132\151\226\002\041\250\275\122\131\351\175\065\313\310 -\122\312\177\201\376\331\153\323\367\021\355\045\337\370\347\371 -\244\372\162\227\204\123\015\245\320\062\030\121\166\131\024\154 -\017\353\354\137\200\214\165\103\203\303\205\230\377\114\236\055 -\015\344\167\203\223\116\265\226\007\213\050\023\233\214\031\215 -\101\047\111\100\356\336\346\043\104\071\334\241\042\326\272\003 -\362 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "SecureSign RootCA11" -# Issuer: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP -# Serial Number: 1 (0x1) -# Subject: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP -# Not Valid Before: Wed Apr 08 04:56:47 2009 -# Not Valid After : Sun Apr 08 04:56:47 2029 -# Fingerprint (MD5): B7:52:74:E2:92:B4:80:93:F2:75:E4:CC:D7:F2:EA:26 -# Fingerprint (SHA1): 3B:C4:9F:48:F8:F3:73:A0:9C:1E:BD:F8:5B:B1:C3:65:C7:D8:11:B3 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SecureSign RootCA11" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\073\304\237\110\370\363\163\240\234\036\275\370\133\261\303\145 -\307\330\021\263 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\267\122\164\342\222\264\200\223\362\165\344\314\327\362\352\046 -END -CKA_ISSUER MULTILINE_OCTAL -\060\130\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\053\060\051\006\003\125\004\012\023\042\112\141\160\141\156\040 -\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145 -\162\166\151\143\145\163\054\040\111\156\143\056\061\034\060\032 -\006\003\125\004\003\023\023\123\145\143\165\162\145\123\151\147 -\156\040\122\157\157\164\103\101\061\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Microsec e-Szigno Root CA 2009" -# -# Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU -# Serial Number:00:c2:7e:43:04:4e:47:3f:19 -# Subject: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU -# Not Valid Before: Tue Jun 16 11:30:18 2009 -# Not Valid After : Sun Dec 30 11:30:18 2029 -# Fingerprint (MD5): F8:49:F4:03:BC:44:2D:83:BE:48:69:7D:29:64:FC:B1 -# Fingerprint (SHA1): 89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Microsec e-Szigno Root CA 2009" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 -\145\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151 -\143\162\157\163\145\143\040\114\164\144\056\061\047\060\045\006 -\003\125\004\003\014\036\115\151\143\162\157\163\145\143\040\145 -\055\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040 -\062\060\060\071\061\037\060\035\006\011\052\206\110\206\367\015 -\001\011\001\026\020\151\156\146\157\100\145\055\163\172\151\147 -\156\157\056\150\165 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 -\145\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151 -\143\162\157\163\145\143\040\114\164\144\056\061\047\060\045\006 -\003\125\004\003\014\036\115\151\143\162\157\163\145\143\040\145 -\055\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040 -\062\060\060\071\061\037\060\035\006\011\052\206\110\206\367\015 -\001\011\001\026\020\151\156\146\157\100\145\055\163\172\151\147 -\156\157\056\150\165 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\302\176\103\004\116\107\077\031 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\012\060\202\002\362\240\003\002\001\002\002\011\000 -\302\176\103\004\116\107\077\031\060\015\006\011\052\206\110\206 -\367\015\001\001\013\005\000\060\201\202\061\013\060\011\006\003 -\125\004\006\023\002\110\125\061\021\060\017\006\003\125\004\007 -\014\010\102\165\144\141\160\145\163\164\061\026\060\024\006\003 -\125\004\012\014\015\115\151\143\162\157\163\145\143\040\114\164 -\144\056\061\047\060\045\006\003\125\004\003\014\036\115\151\143 -\162\157\163\145\143\040\145\055\123\172\151\147\156\157\040\122 -\157\157\164\040\103\101\040\062\060\060\071\061\037\060\035\006 -\011\052\206\110\206\367\015\001\011\001\026\020\151\156\146\157 -\100\145\055\163\172\151\147\156\157\056\150\165\060\036\027\015 -\060\071\060\066\061\066\061\061\063\060\061\070\132\027\015\062 -\071\061\062\063\060\061\061\063\060\061\070\132\060\201\202\061 -\013\060\011\006\003\125\004\006\023\002\110\125\061\021\060\017 -\006\003\125\004\007\014\010\102\165\144\141\160\145\163\164\061 -\026\060\024\006\003\125\004\012\014\015\115\151\143\162\157\163 -\145\143\040\114\164\144\056\061\047\060\045\006\003\125\004\003 -\014\036\115\151\143\162\157\163\145\143\040\145\055\123\172\151 -\147\156\157\040\122\157\157\164\040\103\101\040\062\060\060\071 -\061\037\060\035\006\011\052\206\110\206\367\015\001\011\001\026 -\020\151\156\146\157\100\145\055\163\172\151\147\156\157\056\150 -\165\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001 -\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001 -\001\000\351\370\217\363\143\255\332\206\330\247\340\102\373\317 -\221\336\246\046\370\231\245\143\160\255\233\256\312\063\100\175 -\155\226\156\241\016\104\356\341\023\235\224\102\122\232\275\165 -\205\164\054\250\016\035\223\266\030\267\214\054\250\317\373\134 -\161\271\332\354\376\350\176\217\344\057\035\262\250\165\207\330 -\267\241\345\073\317\231\112\106\320\203\031\175\300\241\022\034 -\225\155\112\364\330\307\245\115\063\056\205\071\100\165\176\024 -\174\200\022\230\120\307\101\147\270\240\200\141\124\246\154\116 -\037\340\235\016\007\351\311\272\063\347\376\300\125\050\054\002 -\200\247\031\365\236\334\125\123\003\227\173\007\110\377\231\373 -\067\212\044\304\131\314\120\020\143\216\252\251\032\260\204\032 -\206\371\137\273\261\120\156\244\321\012\314\325\161\176\037\247 -\033\174\365\123\156\042\137\313\053\346\324\174\135\256\326\302 -\306\114\345\005\001\331\355\127\374\301\043\171\374\372\310\044 -\203\225\363\265\152\121\001\320\167\326\351\022\241\371\032\203 -\373\202\033\271\260\227\364\166\006\063\103\111\240\377\013\265 -\372\265\002\003\001\000\001\243\201\200\060\176\060\017\006\003 -\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006 -\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006 -\003\125\035\016\004\026\004\024\313\017\306\337\102\103\314\075 -\313\265\110\043\241\032\172\246\052\273\064\150\060\037\006\003 -\125\035\043\004\030\060\026\200\024\313\017\306\337\102\103\314 -\075\313\265\110\043\241\032\172\246\052\273\064\150\060\033\006 -\003\125\035\021\004\024\060\022\201\020\151\156\146\157\100\145 -\055\163\172\151\147\156\157\056\150\165\060\015\006\011\052\206 -\110\206\367\015\001\001\013\005\000\003\202\001\001\000\311\321 -\016\136\056\325\314\263\174\076\313\374\075\377\015\050\225\223 -\004\310\277\332\315\171\270\103\220\360\244\276\357\362\357\041 -\230\274\324\324\135\006\366\356\102\354\060\154\240\252\251\312 -\361\257\212\372\077\013\163\152\076\352\056\100\176\037\256\124 -\141\171\353\056\010\067\327\043\363\214\237\276\035\261\341\244 -\165\333\240\342\124\024\261\272\034\051\244\030\366\022\272\242 -\024\024\343\061\065\310\100\377\267\340\005\166\127\301\034\131 -\362\370\277\344\355\045\142\134\204\360\176\176\037\263\276\371 -\267\041\021\314\003\001\126\160\247\020\222\036\033\064\201\036 -\255\234\032\303\004\074\355\002\141\326\036\006\363\137\072\207 -\362\053\361\105\207\345\075\254\321\307\127\204\275\153\256\334 -\330\371\266\033\142\160\013\075\066\311\102\362\062\327\172\141 -\346\322\333\075\317\310\251\311\233\334\333\130\104\327\157\070 -\257\177\170\323\243\255\032\165\272\034\301\066\174\217\036\155 -\034\303\165\106\256\065\005\246\366\134\075\041\356\126\360\311 -\202\042\055\172\124\253\160\303\175\042\145\202\160\226 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Microsec e-Szigno Root CA 2009" -# Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU -# Serial Number:00:c2:7e:43:04:4e:47:3f:19 -# Subject: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU -# Not Valid Before: Tue Jun 16 11:30:18 2009 -# Not Valid After : Sun Dec 30 11:30:18 2029 -# Fingerprint (MD5): F8:49:F4:03:BC:44:2D:83:BE:48:69:7D:29:64:FC:B1 -# Fingerprint (SHA1): 89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Microsec e-Szigno Root CA 2009" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\211\337\164\376\134\364\017\112\200\371\343\067\175\124\332\221 -\341\001\061\216 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\370\111\364\003\274\104\055\203\276\110\151\175\051\144\374\261 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\110\125 -\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160 -\145\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151 -\143\162\157\163\145\143\040\114\164\144\056\061\047\060\045\006 -\003\125\004\003\014\036\115\151\143\162\157\163\145\143\040\145 -\055\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040 -\062\060\060\071\061\037\060\035\006\011\052\206\110\206\367\015 -\001\011\001\026\020\151\156\146\157\100\145\055\163\172\151\147 -\156\157\056\150\165 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\302\176\103\004\116\107\077\031 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "GlobalSign Root CA - R3" -# -# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 -# Serial Number:04:00:00:00:00:01:21:58:53:08:a2 -# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 -# Not Valid Before: Wed Mar 18 10:00:00 2009 -# Not Valid After : Sun Mar 18 10:00:00 2029 -# Fingerprint (MD5): C5:DF:B8:49:CA:05:13:55:EE:2D:BA:1A:C3:3E:B0:28 -# Fingerprint (SHA1): D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GlobalSign Root CA - R3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 -\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 -\055\040\122\063\061\023\060\021\006\003\125\004\012\023\012\107 -\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 -\004\003\023\012\107\154\157\142\141\154\123\151\147\156 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 -\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 -\055\040\122\063\061\023\060\021\006\003\125\004\012\023\012\107 -\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 -\004\003\023\012\107\154\157\142\141\154\123\151\147\156 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\004\000\000\000\000\001\041\130\123\010\242 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\137\060\202\002\107\240\003\002\001\002\002\013\004 -\000\000\000\000\001\041\130\123\010\242\060\015\006\011\052\206 -\110\206\367\015\001\001\013\005\000\060\114\061\040\060\036\006 -\003\125\004\013\023\027\107\154\157\142\141\154\123\151\147\156 -\040\122\157\157\164\040\103\101\040\055\040\122\063\061\023\060 -\021\006\003\125\004\012\023\012\107\154\157\142\141\154\123\151 -\147\156\061\023\060\021\006\003\125\004\003\023\012\107\154\157 -\142\141\154\123\151\147\156\060\036\027\015\060\071\060\063\061 -\070\061\060\060\060\060\060\132\027\015\062\071\060\063\061\070 -\061\060\060\060\060\060\132\060\114\061\040\060\036\006\003\125 -\004\013\023\027\107\154\157\142\141\154\123\151\147\156\040\122 -\157\157\164\040\103\101\040\055\040\122\063\061\023\060\021\006 -\003\125\004\012\023\012\107\154\157\142\141\154\123\151\147\156 -\061\023\060\021\006\003\125\004\003\023\012\107\154\157\142\141 -\154\123\151\147\156\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\314\045\166\220\171\006\170\042\026\365 -\300\203\266\204\312\050\236\375\005\166\021\305\255\210\162\374 -\106\002\103\307\262\212\235\004\137\044\313\056\113\341\140\202 -\106\341\122\253\014\201\107\160\154\335\144\321\353\365\054\243 -\017\202\075\014\053\256\227\327\266\024\206\020\171\273\073\023 -\200\167\214\010\341\111\322\152\142\057\037\136\372\226\150\337 -\211\047\225\070\237\006\327\076\311\313\046\131\015\163\336\260 -\310\351\046\016\203\025\306\357\133\213\322\004\140\312\111\246 -\050\366\151\073\366\313\310\050\221\345\235\212\141\127\067\254 -\164\024\334\164\340\072\356\162\057\056\234\373\320\273\277\365 -\075\000\341\006\063\350\202\053\256\123\246\072\026\163\214\335 -\101\016\040\072\300\264\247\241\351\262\117\220\056\062\140\351 -\127\313\271\004\222\150\150\345\070\046\140\165\262\237\167\377 -\221\024\357\256\040\111\374\255\100\025\110\321\002\061\141\031 -\136\270\227\357\255\167\267\144\232\172\277\137\301\023\357\233 -\142\373\015\154\340\124\151\026\251\003\332\156\351\203\223\161 -\166\306\151\205\202\027\002\003\001\000\001\243\102\060\100\060 -\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 -\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 -\060\035\006\003\125\035\016\004\026\004\024\217\360\113\177\250 -\056\105\044\256\115\120\372\143\232\213\336\342\335\033\274\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202 -\001\001\000\113\100\333\300\120\252\376\310\014\357\367\226\124 -\105\111\273\226\000\011\101\254\263\023\206\206\050\007\063\312 -\153\346\164\271\272\000\055\256\244\012\323\365\361\361\017\212 -\277\163\147\112\203\307\104\173\170\340\257\156\154\157\003\051 -\216\063\071\105\303\216\344\271\127\154\252\374\022\226\354\123 -\306\055\344\044\154\271\224\143\373\334\123\150\147\126\076\203 -\270\317\065\041\303\311\150\376\316\332\302\123\252\314\220\212 -\351\360\135\106\214\225\335\172\130\050\032\057\035\336\315\000 -\067\101\217\355\104\155\327\123\050\227\176\363\147\004\036\025 -\327\212\226\264\323\336\114\047\244\114\033\163\163\166\364\027 -\231\302\037\172\016\343\055\010\255\012\034\054\377\074\253\125 -\016\017\221\176\066\353\303\127\111\276\341\056\055\174\140\213 -\303\101\121\023\043\235\316\367\062\153\224\001\250\231\347\054 -\063\037\072\073\045\322\206\100\316\073\054\206\170\311\141\057 -\024\272\356\333\125\157\337\204\356\005\011\115\275\050\330\162 -\316\323\142\120\145\036\353\222\227\203\061\331\263\265\312\107 -\130\077\137 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "GlobalSign Root CA - R3" -# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 -# Serial Number:04:00:00:00:00:01:21:58:53:08:a2 -# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 -# Not Valid Before: Wed Mar 18 10:00:00 2009 -# Not Valid After : Sun Mar 18 10:00:00 2029 -# Fingerprint (MD5): C5:DF:B8:49:CA:05:13:55:EE:2D:BA:1A:C3:3E:B0:28 -# Fingerprint (SHA1): D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GlobalSign Root CA - R3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\326\233\126\021\110\360\034\167\305\105\170\301\011\046\337\133 -\205\151\166\255 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\305\337\270\111\312\005\023\125\356\055\272\032\303\076\260\050 -END -CKA_ISSUER MULTILINE_OCTAL -\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 -\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 -\055\040\122\063\061\023\060\021\006\003\125\004\012\023\012\107 -\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 -\004\003\023\012\107\154\157\142\141\154\123\151\147\156 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\004\000\000\000\000\001\041\130\123\010\242 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" -# -# Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES -# Serial Number:53:ec:3b:ee:fb:b2:48:5f -# Subject: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES -# Not Valid Before: Wed May 20 08:38:15 2009 -# Not Valid After : Tue Dec 31 08:38:15 2030 -# Fingerprint (MD5): 73:3A:74:7A:EC:BB:A3:96:A6:C2:E4:E2:C8:9B:C0:C3 -# Fingerprint (SHA1): AE:C5:FB:3F:C8:E1:BF:C4:E5:4F:03:07:5A:9A:E8:00:B7:F7:B6:FA -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Autoridad de Certificacion Firmaprofesional CIF A62634068" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\121\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\102\060\100\006\003\125\004\003\014\071\101\165\164\157\162\151 -\144\141\144\040\144\145\040\103\145\162\164\151\146\151\143\141 -\143\151\157\156\040\106\151\162\155\141\160\162\157\146\145\163 -\151\157\156\141\154\040\103\111\106\040\101\066\062\066\063\064 -\060\066\070 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\121\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\102\060\100\006\003\125\004\003\014\071\101\165\164\157\162\151 -\144\141\144\040\144\145\040\103\145\162\164\151\146\151\143\141 -\143\151\157\156\040\106\151\162\155\141\160\162\157\146\145\163 -\151\157\156\141\154\040\103\111\106\040\101\066\062\066\063\064 -\060\066\070 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\123\354\073\356\373\262\110\137 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\006\024\060\202\003\374\240\003\002\001\002\002\010\123 -\354\073\356\373\262\110\137\060\015\006\011\052\206\110\206\367 -\015\001\001\005\005\000\060\121\061\013\060\011\006\003\125\004 -\006\023\002\105\123\061\102\060\100\006\003\125\004\003\014\071 -\101\165\164\157\162\151\144\141\144\040\144\145\040\103\145\162 -\164\151\146\151\143\141\143\151\157\156\040\106\151\162\155\141 -\160\162\157\146\145\163\151\157\156\141\154\040\103\111\106\040 -\101\066\062\066\063\064\060\066\070\060\036\027\015\060\071\060 -\065\062\060\060\070\063\070\061\065\132\027\015\063\060\061\062 -\063\061\060\070\063\070\061\065\132\060\121\061\013\060\011\006 -\003\125\004\006\023\002\105\123\061\102\060\100\006\003\125\004 -\003\014\071\101\165\164\157\162\151\144\141\144\040\144\145\040 -\103\145\162\164\151\146\151\143\141\143\151\157\156\040\106\151 -\162\155\141\160\162\157\146\145\163\151\157\156\141\154\040\103 -\111\106\040\101\066\062\066\063\064\060\066\070\060\202\002\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\002\017\000\060\202\002\012\002\202\002\001\000\312\226\153 -\216\352\370\373\361\242\065\340\177\114\332\340\303\122\327\175 -\266\020\310\002\136\263\103\052\304\117\152\262\312\034\135\050 -\232\170\021\032\151\131\127\257\265\040\102\344\213\017\346\337 -\133\246\003\222\057\365\021\344\142\327\062\161\070\331\004\014 -\161\253\075\121\176\017\007\337\143\005\134\351\277\224\157\301 -\051\202\300\264\332\121\260\301\074\273\255\067\112\134\312\361 -\113\066\016\044\253\277\303\204\167\375\250\120\364\261\347\306 -\057\322\055\131\215\172\012\116\226\151\122\002\252\066\230\354 -\374\372\024\203\014\067\037\311\222\067\177\327\201\055\345\304 -\271\340\076\064\376\147\364\076\146\321\323\364\100\317\136\142 -\064\017\160\006\076\040\030\132\316\367\162\033\045\154\223\164 -\024\223\243\163\261\016\252\207\020\043\131\137\040\005\031\107 -\355\150\216\222\022\312\135\374\326\053\262\222\074\040\317\341 -\137\257\040\276\240\166\177\166\345\354\032\206\141\063\076\347 -\173\264\077\240\017\216\242\271\152\157\271\207\046\157\101\154 -\210\246\120\375\152\143\013\365\223\026\033\031\217\262\355\233 -\233\311\220\365\001\014\337\031\075\017\076\070\043\311\057\217 -\014\321\002\376\033\125\326\116\320\215\074\257\117\244\363\376 -\257\052\323\005\235\171\010\241\313\127\061\264\234\310\220\262 -\147\364\030\026\223\072\374\107\330\321\170\226\061\037\272\053 -\014\137\135\231\255\143\211\132\044\040\166\330\337\375\253\116 -\246\042\252\235\136\346\047\212\175\150\051\243\347\212\270\332 -\021\273\027\055\231\235\023\044\106\367\305\342\330\237\216\177 -\307\217\164\155\132\262\350\162\365\254\356\044\020\255\057\024 -\332\377\055\232\106\161\107\276\102\337\273\001\333\364\177\323 -\050\217\061\131\133\323\311\002\246\264\122\312\156\227\373\103 -\305\010\046\157\212\364\273\375\237\050\252\015\325\105\363\023 -\072\035\330\300\170\217\101\147\074\036\224\144\256\173\013\305 -\350\331\001\210\071\032\227\206\144\101\325\073\207\014\156\372 -\017\306\275\110\024\277\071\115\324\236\101\266\217\226\035\143 -\226\223\331\225\006\170\061\150\236\067\006\073\200\211\105\141 -\071\043\307\033\104\243\025\345\034\370\222\060\273\002\003\001 -\000\001\243\201\357\060\201\354\060\022\006\003\125\035\023\001 -\001\377\004\010\060\006\001\001\377\002\001\001\060\016\006\003 -\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003 -\125\035\016\004\026\004\024\145\315\353\253\065\036\000\076\176 -\325\164\300\034\264\163\107\016\032\144\057\060\201\246\006\003 -\125\035\040\004\201\236\060\201\233\060\201\230\006\004\125\035 -\040\000\060\201\217\060\057\006\010\053\006\001\005\005\007\002 -\001\026\043\150\164\164\160\072\057\057\167\167\167\056\146\151 -\162\155\141\160\162\157\146\145\163\151\157\156\141\154\056\143 -\157\155\057\143\160\163\060\134\006\010\053\006\001\005\005\007 -\002\002\060\120\036\116\000\120\000\141\000\163\000\145\000\157 -\000\040\000\144\000\145\000\040\000\154\000\141\000\040\000\102 -\000\157\000\156\000\141\000\156\000\157\000\166\000\141\000\040 -\000\064\000\067\000\040\000\102\000\141\000\162\000\143\000\145 -\000\154\000\157\000\156\000\141\000\040\000\060\000\070\000\060 -\000\061\000\067\060\015\006\011\052\206\110\206\367\015\001\001 -\005\005\000\003\202\002\001\000\027\175\240\371\264\335\305\305 -\353\255\113\044\265\241\002\253\335\245\210\112\262\017\125\113 -\053\127\214\073\345\061\335\376\304\062\361\347\133\144\226\066 -\062\030\354\245\062\167\327\343\104\266\300\021\052\200\271\075 -\152\156\174\233\323\255\374\303\326\243\346\144\051\174\321\341 -\070\036\202\053\377\047\145\257\373\026\025\304\056\161\204\345 -\265\377\372\244\107\275\144\062\273\366\045\204\242\047\102\365 -\040\260\302\023\020\021\315\020\025\272\102\220\052\322\104\341 -\226\046\353\061\110\022\375\052\332\311\006\317\164\036\251\113 -\325\207\050\371\171\064\222\076\056\104\350\366\217\117\217\065 -\077\045\263\071\334\143\052\220\153\040\137\304\122\022\116\227 -\054\052\254\235\227\336\110\362\243\146\333\302\322\203\225\246 -\146\247\236\045\017\351\013\063\221\145\012\132\303\331\124\022 -\335\257\303\116\016\037\046\136\015\334\263\215\354\325\201\160 -\336\322\117\044\005\363\154\116\365\114\111\146\215\321\377\322 -\013\045\101\110\376\121\204\306\102\257\200\004\317\320\176\144 -\111\344\362\337\242\354\261\114\300\052\035\347\264\261\145\242 -\304\274\361\230\364\252\160\007\143\264\270\332\073\114\372\100 -\042\060\133\021\246\360\005\016\306\002\003\110\253\206\233\205 -\335\333\335\352\242\166\200\163\175\365\234\004\304\105\215\347 -\271\034\213\236\352\327\165\321\162\261\336\165\104\347\102\175 -\342\127\153\175\334\231\274\075\203\050\352\200\223\215\305\114 -\145\301\160\201\270\070\374\103\061\262\366\003\064\107\262\254 -\373\042\006\313\036\335\027\107\034\137\146\271\323\032\242\332 -\021\261\244\274\043\311\344\276\207\377\271\224\266\370\135\040 -\112\324\137\347\275\150\173\145\362\025\036\322\072\251\055\351 -\330\153\044\254\227\130\104\107\255\131\030\361\041\145\160\336 -\316\064\140\250\100\361\363\074\244\303\050\043\214\376\047\063 -\103\100\240\027\074\353\352\073\260\162\246\243\271\112\113\136 -\026\110\364\262\274\310\214\222\305\235\237\254\162\066\274\064 -\200\064\153\251\213\222\300\270\027\355\354\166\123\365\044\001 -\214\263\042\350\113\174\125\306\235\372\243\024\273\145\205\156 -\156\117\022\176\012\074\235\225 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" -# Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES -# Serial Number:53:ec:3b:ee:fb:b2:48:5f -# Subject: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES -# Not Valid Before: Wed May 20 08:38:15 2009 -# Not Valid After : Tue Dec 31 08:38:15 2030 -# Fingerprint (MD5): 73:3A:74:7A:EC:BB:A3:96:A6:C2:E4:E2:C8:9B:C0:C3 -# Fingerprint (SHA1): AE:C5:FB:3F:C8:E1:BF:C4:E5:4F:03:07:5A:9A:E8:00:B7:F7:B6:FA -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Autoridad de Certificacion Firmaprofesional CIF A62634068" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\256\305\373\077\310\341\277\304\345\117\003\007\132\232\350\000 -\267\367\266\372 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\163\072\164\172\354\273\243\226\246\302\344\342\310\233\300\303 -END -CKA_ISSUER MULTILINE_OCTAL -\060\121\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\102\060\100\006\003\125\004\003\014\071\101\165\164\157\162\151 -\144\141\144\040\144\145\040\103\145\162\164\151\146\151\143\141 -\143\151\157\156\040\106\151\162\155\141\160\162\157\146\145\163 -\151\157\156\141\154\040\103\111\106\040\101\066\062\066\063\064 -\060\066\070 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\123\354\073\356\373\262\110\137 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Izenpe.com" -# -# Issuer: CN=Izenpe.com,O=IZENPE S.A.,C=ES -# Serial Number:00:b0:b7:5a:16:48:5f:bf:e1:cb:f5:8b:d7:19:e6:7d -# Subject: CN=Izenpe.com,O=IZENPE S.A.,C=ES -# Not Valid Before: Thu Dec 13 13:08:28 2007 -# Not Valid After : Sun Dec 13 08:27:25 2037 -# Fingerprint (MD5): A6:B0:CD:85:80:DA:5C:50:34:A3:39:90:2F:55:67:73 -# Fingerprint (SHA1): 2F:78:3D:25:52:18:A7:4A:65:39:71:B5:2C:A2:9C:45:15:6F:E9:19 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Izenpe.com" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105 -\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012 -\111\172\145\156\160\145\056\143\157\155 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105 -\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012 -\111\172\145\156\160\145\056\143\157\155 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\000\260\267\132\026\110\137\277\341\313\365\213\327\031 -\346\175 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\361\060\202\003\331\240\003\002\001\002\002\020\000 -\260\267\132\026\110\137\277\341\313\365\213\327\031\346\175\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\070 -\061\013\060\011\006\003\125\004\006\023\002\105\123\061\024\060 -\022\006\003\125\004\012\014\013\111\132\105\116\120\105\040\123 -\056\101\056\061\023\060\021\006\003\125\004\003\014\012\111\172 -\145\156\160\145\056\143\157\155\060\036\027\015\060\067\061\062 -\061\063\061\063\060\070\062\070\132\027\015\063\067\061\062\061 -\063\060\070\062\067\062\065\132\060\070\061\013\060\011\006\003 -\125\004\006\023\002\105\123\061\024\060\022\006\003\125\004\012 -\014\013\111\132\105\116\120\105\040\123\056\101\056\061\023\060 -\021\006\003\125\004\003\014\012\111\172\145\156\160\145\056\143 -\157\155\060\202\002\042\060\015\006\011\052\206\110\206\367\015 -\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202 -\002\001\000\311\323\172\312\017\036\254\247\206\350\026\145\152 -\261\302\033\105\062\161\225\331\376\020\133\314\257\347\245\171 -\001\217\211\303\312\362\125\161\367\167\276\167\224\363\162\244 -\054\104\330\236\222\233\024\072\241\347\044\220\012\012\126\216 -\305\330\046\224\341\331\110\341\055\076\332\012\162\335\243\231 -\025\332\201\242\207\364\173\156\046\167\211\130\255\326\353\014 -\262\101\172\163\156\155\333\172\170\101\351\010\210\022\176\207 -\056\146\021\143\154\124\373\074\235\162\300\274\056\377\302\267 -\335\015\166\343\072\327\367\264\150\276\242\365\343\201\156\301 -\106\157\135\215\340\115\306\124\125\211\032\063\061\012\261\127 -\271\243\212\230\303\354\073\064\305\225\101\151\176\165\302\074 -\040\305\141\272\121\107\240\040\220\223\241\220\113\363\116\174 -\205\105\124\232\321\005\046\101\260\265\115\035\063\276\304\003 -\310\045\174\301\160\333\073\364\011\055\124\047\110\254\057\341 -\304\254\076\310\313\222\114\123\071\067\043\354\323\001\371\340 -\011\104\115\115\144\300\341\015\132\207\042\274\255\033\243\376 -\046\265\025\363\247\374\204\031\351\354\241\210\264\104\151\204 -\203\363\211\321\164\006\251\314\013\326\302\336\047\205\120\046 -\312\027\270\311\172\207\126\054\032\001\036\154\276\023\255\020 -\254\265\044\365\070\221\241\326\113\332\361\273\322\336\107\265 -\361\274\201\366\131\153\317\031\123\351\215\025\313\112\313\251 -\157\104\345\033\101\317\341\206\247\312\320\152\237\274\114\215 -\006\063\132\242\205\345\220\065\240\142\134\026\116\360\343\242 -\372\003\032\264\054\161\263\130\054\336\173\013\333\032\017\353 -\336\041\037\006\167\006\003\260\311\357\231\374\300\271\117\013 -\206\050\376\322\271\352\343\332\245\303\107\151\022\340\333\360 -\366\031\213\355\173\160\327\002\326\355\207\030\050\054\004\044 -\114\167\344\110\212\032\306\073\232\324\017\312\372\165\322\001 -\100\132\215\171\277\213\317\113\317\252\026\301\225\344\255\114 -\212\076\027\221\324\261\142\345\202\345\200\004\244\003\176\215 -\277\332\177\242\017\227\117\014\323\015\373\327\321\345\162\176 -\034\310\167\377\133\232\017\267\256\005\106\345\361\250\026\354 -\107\244\027\002\003\001\000\001\243\201\366\060\201\363\060\201 -\260\006\003\125\035\021\004\201\250\060\201\245\201\017\151\156 -\146\157\100\151\172\145\156\160\145\056\143\157\155\244\201\221 -\060\201\216\061\107\060\105\006\003\125\004\012\014\076\111\132 -\105\116\120\105\040\123\056\101\056\040\055\040\103\111\106\040 -\101\060\061\063\063\067\062\066\060\055\122\115\145\162\143\056 -\126\151\164\157\162\151\141\055\107\141\163\164\145\151\172\040 -\124\061\060\065\065\040\106\066\062\040\123\070\061\103\060\101 -\006\003\125\004\011\014\072\101\166\144\141\040\144\145\154\040 -\115\145\144\151\164\145\162\162\141\156\145\157\040\105\164\157 -\162\142\151\144\145\141\040\061\064\040\055\040\060\061\060\061 -\060\040\126\151\164\157\162\151\141\055\107\141\163\164\145\151 -\172\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 -\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002 -\001\006\060\035\006\003\125\035\016\004\026\004\024\035\034\145 -\016\250\362\045\173\264\221\317\344\261\261\346\275\125\164\154 -\005\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000 -\003\202\002\001\000\170\246\014\026\112\237\114\210\072\300\313 -\016\245\026\175\237\271\110\137\030\217\015\142\066\366\315\031 -\153\254\253\325\366\221\175\256\161\363\077\263\016\170\205\233 -\225\244\047\041\107\102\112\174\110\072\365\105\174\263\014\216 -\121\170\254\225\023\336\306\375\175\270\032\220\114\253\222\003 -\307\355\102\001\316\017\330\261\372\242\222\341\140\155\256\172 -\153\011\252\306\051\356\150\111\147\060\200\044\172\061\026\071 -\133\176\361\034\056\335\154\011\255\362\061\301\202\116\271\273 -\371\276\277\052\205\077\300\100\243\072\131\374\131\113\074\050 -\044\333\264\025\165\256\015\210\272\056\163\300\275\130\207\345 -\102\362\353\136\356\036\060\042\231\313\067\321\304\041\154\201 -\354\276\155\046\346\034\344\102\040\236\107\260\254\203\131\160 -\054\065\326\257\066\064\264\315\073\370\062\250\357\343\170\211 -\373\215\105\054\332\234\270\176\100\034\141\347\076\242\222\054 -\113\362\315\372\230\266\051\377\363\362\173\251\037\056\240\223 -\127\053\336\205\003\371\151\067\313\236\170\152\005\264\305\061 -\170\211\354\172\247\205\341\271\173\074\336\276\036\171\204\316 -\237\160\016\131\302\065\056\220\052\061\331\344\105\172\101\244 -\056\023\233\064\016\146\173\111\253\144\227\320\106\303\171\235 -\162\120\143\246\230\133\006\275\110\155\330\071\203\160\350\065 -\360\005\321\252\274\343\333\310\002\352\174\375\202\332\302\133 -\122\065\256\230\072\255\272\065\223\043\247\037\110\335\065\106 -\230\262\020\150\344\245\061\302\012\130\056\031\201\020\311\120 -\165\374\352\132\026\316\021\327\356\357\120\210\055\141\377\077 -\102\163\005\224\103\325\216\074\116\001\072\031\245\037\106\116 -\167\320\135\345\201\042\041\207\376\224\175\204\330\223\255\326 -\150\103\110\262\333\353\163\044\347\221\177\124\244\266\200\076 -\235\243\074\114\162\302\127\304\240\324\314\070\047\316\325\006 -\236\242\110\331\351\237\316\202\160\066\223\232\073\337\226\041 -\343\131\267\014\332\221\067\360\375\131\132\263\231\310\151\154 -\103\046\001\065\143\140\125\211\003\072\165\330\272\112\331\124 -\377\356\336\200\330\055\321\070\325\136\055\013\230\175\076\154 -\333\374\046\210\307 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Izenpe.com" -# Issuer: CN=Izenpe.com,O=IZENPE S.A.,C=ES -# Serial Number:00:b0:b7:5a:16:48:5f:bf:e1:cb:f5:8b:d7:19:e6:7d -# Subject: CN=Izenpe.com,O=IZENPE S.A.,C=ES -# Not Valid Before: Thu Dec 13 13:08:28 2007 -# Not Valid After : Sun Dec 13 08:27:25 2037 -# Fingerprint (MD5): A6:B0:CD:85:80:DA:5C:50:34:A3:39:90:2F:55:67:73 -# Fingerprint (SHA1): 2F:78:3D:25:52:18:A7:4A:65:39:71:B5:2C:A2:9C:45:15:6F:E9:19 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Izenpe.com" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\057\170\075\045\122\030\247\112\145\071\161\265\054\242\234\105 -\025\157\351\031 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\246\260\315\205\200\332\134\120\064\243\071\220\057\125\147\163 -END -CKA_ISSUER MULTILINE_OCTAL -\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105 -\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012 -\111\172\145\156\160\145\056\143\157\155 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\000\260\267\132\026\110\137\277\341\313\365\213\327\031 -\346\175 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Chambers of Commerce Root - 2008" -# -# Issuer: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU -# Serial Number:00:a3:da:42:7e:a4:b1:ae:da -# Subject: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU -# Not Valid Before: Fri Aug 01 12:29:50 2008 -# Not Valid After : Sat Jul 31 12:29:50 2038 -# Fingerprint (MD5): 5E:80:9E:84:5A:0E:65:0B:17:02:F3:55:18:2A:3E:D7 -# Fingerprint (SHA1): 78:6A:74:AC:76:AB:14:7F:9C:6A:30:50:BA:9E:A8:7E:FE:9A:CE:3C -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Chambers of Commerce Root - 2008" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\105\125 -\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 -\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 -\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 -\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 -\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 -\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 -\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 -\141\040\123\056\101\056\061\051\060\047\006\003\125\004\003\023 -\040\103\150\141\155\142\145\162\163\040\157\146\040\103\157\155 -\155\145\162\143\145\040\122\157\157\164\040\055\040\062\060\060 -\070 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\105\125 -\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 -\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 -\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 -\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 -\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 -\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 -\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 -\141\040\123\056\101\056\061\051\060\047\006\003\125\004\003\023 -\040\103\150\141\155\142\145\162\163\040\157\146\040\103\157\155 -\155\145\162\143\145\040\122\157\157\164\040\055\040\062\060\060 -\070 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\243\332\102\176\244\261\256\332 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\007\117\060\202\005\067\240\003\002\001\002\002\011\000 -\243\332\102\176\244\261\256\332\060\015\006\011\052\206\110\206 -\367\015\001\001\005\005\000\060\201\256\061\013\060\011\006\003 -\125\004\006\023\002\105\125\061\103\060\101\006\003\125\004\007 -\023\072\115\141\144\162\151\144\040\050\163\145\145\040\143\165 -\162\162\145\156\164\040\141\144\144\162\145\163\163\040\141\164 -\040\167\167\167\056\143\141\155\145\162\146\151\162\155\141\056 -\143\157\155\057\141\144\144\162\145\163\163\051\061\022\060\020 -\006\003\125\004\005\023\011\101\070\062\067\064\063\062\070\067 -\061\033\060\031\006\003\125\004\012\023\022\101\103\040\103\141 -\155\145\162\146\151\162\155\141\040\123\056\101\056\061\051\060 -\047\006\003\125\004\003\023\040\103\150\141\155\142\145\162\163 -\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157\157 -\164\040\055\040\062\060\060\070\060\036\027\015\060\070\060\070 -\060\061\061\062\062\071\065\060\132\027\015\063\070\060\067\063 -\061\061\062\062\071\065\060\132\060\201\256\061\013\060\011\006 -\003\125\004\006\023\002\105\125\061\103\060\101\006\003\125\004 -\007\023\072\115\141\144\162\151\144\040\050\163\145\145\040\143 -\165\162\162\145\156\164\040\141\144\144\162\145\163\163\040\141 -\164\040\167\167\167\056\143\141\155\145\162\146\151\162\155\141 -\056\143\157\155\057\141\144\144\162\145\163\163\051\061\022\060 -\020\006\003\125\004\005\023\011\101\070\062\067\064\063\062\070 -\067\061\033\060\031\006\003\125\004\012\023\022\101\103\040\103 -\141\155\145\162\146\151\162\155\141\040\123\056\101\056\061\051 -\060\047\006\003\125\004\003\023\040\103\150\141\155\142\145\162 -\163\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157 -\157\164\040\055\040\062\060\060\070\060\202\002\042\060\015\006 -\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017 -\000\060\202\002\012\002\202\002\001\000\257\000\313\160\067\053 -\200\132\112\072\154\170\224\175\243\177\032\037\366\065\325\275 -\333\313\015\104\162\076\046\262\220\122\272\143\073\050\130\157 -\245\263\155\224\246\363\335\144\014\125\366\366\347\362\042\042 -\200\136\341\142\306\266\051\341\201\154\362\277\345\175\062\152 -\124\240\062\031\131\376\037\213\327\075\140\206\205\044\157\343 -\021\263\167\076\040\226\065\041\153\263\010\331\160\056\144\367 -\204\222\123\326\016\260\220\212\212\343\207\215\006\323\275\220 -\016\342\231\241\033\206\016\332\232\012\273\013\141\120\006\122 -\361\236\177\166\354\313\017\320\036\015\317\231\060\075\034\304 -\105\020\130\254\326\323\350\327\345\352\305\001\007\167\326\121 -\346\003\177\212\110\245\115\150\165\271\351\274\236\116\031\161 -\365\062\113\234\155\140\031\013\373\314\235\165\334\277\046\315 -\217\223\170\071\171\163\136\045\016\312\134\353\167\022\007\313 -\144\101\107\162\223\253\120\303\353\011\166\144\064\322\071\267 -\166\021\011\015\166\105\304\251\256\075\152\257\265\175\145\057 -\224\130\020\354\134\174\257\176\342\266\030\331\320\233\116\132 -\111\337\251\146\013\314\074\306\170\174\247\234\035\343\316\216 -\123\276\005\336\140\017\153\345\032\333\077\343\341\041\311\051 -\301\361\353\007\234\122\033\001\104\121\074\173\045\327\304\345 -\122\124\135\045\007\312\026\040\270\255\344\101\356\172\010\376 -\231\157\203\246\221\002\260\154\066\125\152\347\175\365\226\346 -\312\201\326\227\361\224\203\351\355\260\261\153\022\151\036\254 -\373\135\251\305\230\351\264\133\130\172\276\075\242\104\072\143 -\131\324\013\045\336\033\117\275\345\001\236\315\322\051\325\237 -\027\031\012\157\277\014\220\323\011\137\331\343\212\065\314\171 -\132\115\031\067\222\267\304\301\255\257\364\171\044\232\262\001 -\013\261\257\134\226\363\200\062\373\134\075\230\361\240\077\112 -\336\276\257\224\056\331\125\232\027\156\140\235\143\154\270\143 -\311\256\201\134\030\065\340\220\273\276\074\117\067\042\271\176 -\353\317\236\167\041\246\075\070\201\373\110\332\061\075\053\343 -\211\365\320\265\275\176\340\120\304\022\211\263\043\232\020\061 -\205\333\256\157\357\070\063\030\166\021\002\003\001\000\001\243 -\202\001\154\060\202\001\150\060\022\006\003\125\035\023\001\001 -\377\004\010\060\006\001\001\377\002\001\014\060\035\006\003\125 -\035\016\004\026\004\024\371\044\254\017\262\265\370\171\300\372 -\140\210\033\304\331\115\002\236\027\031\060\201\343\006\003\125 -\035\043\004\201\333\060\201\330\200\024\371\044\254\017\262\265 -\370\171\300\372\140\210\033\304\331\115\002\236\027\031\241\201 -\264\244\201\261\060\201\256\061\013\060\011\006\003\125\004\006 -\023\002\105\125\061\103\060\101\006\003\125\004\007\023\072\115 -\141\144\162\151\144\040\050\163\145\145\040\143\165\162\162\145 -\156\164\040\141\144\144\162\145\163\163\040\141\164\040\167\167 -\167\056\143\141\155\145\162\146\151\162\155\141\056\143\157\155 -\057\141\144\144\162\145\163\163\051\061\022\060\020\006\003\125 -\004\005\023\011\101\070\062\067\064\063\062\070\067\061\033\060 -\031\006\003\125\004\012\023\022\101\103\040\103\141\155\145\162 -\146\151\162\155\141\040\123\056\101\056\061\051\060\047\006\003 -\125\004\003\023\040\103\150\141\155\142\145\162\163\040\157\146 -\040\103\157\155\155\145\162\143\145\040\122\157\157\164\040\055 -\040\062\060\060\070\202\011\000\243\332\102\176\244\261\256\332 -\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006 -\060\075\006\003\125\035\040\004\066\060\064\060\062\006\004\125 -\035\040\000\060\052\060\050\006\010\053\006\001\005\005\007\002 -\001\026\034\150\164\164\160\072\057\057\160\157\154\151\143\171 -\056\143\141\155\145\162\146\151\162\155\141\056\143\157\155\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202 -\002\001\000\220\022\257\042\065\302\243\071\360\056\336\351\265 -\351\170\174\110\276\077\175\105\222\136\351\332\261\031\374\026 -\074\237\264\133\146\236\152\347\303\271\135\210\350\017\255\317 -\043\017\336\045\072\136\314\117\245\301\265\055\254\044\322\130 -\007\336\242\317\151\204\140\063\350\020\015\023\251\043\320\205 -\345\216\173\246\236\075\162\023\162\063\365\252\175\306\143\037 -\010\364\376\001\177\044\317\053\054\124\011\336\342\053\155\222 -\306\071\117\026\352\074\176\172\106\324\105\152\106\250\353\165 -\202\126\247\253\240\174\150\023\063\366\235\060\360\157\047\071 -\044\043\052\220\375\220\051\065\362\223\337\064\245\306\367\370 -\357\214\017\142\112\174\256\323\365\124\370\215\266\232\126\207 -\026\202\072\063\253\132\042\010\367\202\272\352\056\340\107\232 -\264\265\105\243\005\073\331\334\056\105\100\073\352\334\177\350 -\073\353\321\354\046\330\065\244\060\305\072\254\127\236\263\166 -\245\040\173\371\036\112\005\142\001\246\050\165\140\227\222\015 -\156\076\115\067\103\015\222\025\234\030\042\315\121\231\240\051 -\032\074\137\212\062\063\133\060\307\211\057\107\230\017\243\003 -\306\366\361\254\337\062\360\331\201\032\344\234\275\366\200\024 -\360\321\054\271\205\365\330\243\261\310\245\041\345\034\023\227 -\356\016\275\337\051\251\357\064\123\133\323\344\152\023\204\006 -\266\062\002\304\122\256\042\322\334\262\041\102\032\332\100\360 -\051\311\354\012\014\134\342\320\272\314\110\323\067\012\314\022 -\012\212\171\260\075\003\177\151\113\364\064\040\175\263\064\352 -\216\113\144\365\076\375\263\043\147\025\015\004\270\360\055\301 -\011\121\074\262\154\025\360\245\043\327\203\164\344\345\056\311 -\376\230\047\102\306\253\306\236\260\320\133\070\245\233\120\336 -\176\030\230\265\105\073\366\171\264\350\367\032\173\006\203\373 -\320\213\332\273\307\275\030\253\010\157\074\200\153\100\077\031 -\031\272\145\212\346\276\325\134\323\066\327\357\100\122\044\140 -\070\147\004\061\354\217\363\202\306\336\271\125\363\073\061\221 -\132\334\265\010\025\255\166\045\012\015\173\056\207\342\014\246 -\006\274\046\020\155\067\235\354\335\170\214\174\200\305\360\331 -\167\110\320 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Chambers of Commerce Root - 2008" -# Issuer: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU -# Serial Number:00:a3:da:42:7e:a4:b1:ae:da -# Subject: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU -# Not Valid Before: Fri Aug 01 12:29:50 2008 -# Not Valid After : Sat Jul 31 12:29:50 2038 -# Fingerprint (MD5): 5E:80:9E:84:5A:0E:65:0B:17:02:F3:55:18:2A:3E:D7 -# Fingerprint (SHA1): 78:6A:74:AC:76:AB:14:7F:9C:6A:30:50:BA:9E:A8:7E:FE:9A:CE:3C -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Chambers of Commerce Root - 2008" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\170\152\164\254\166\253\024\177\234\152\060\120\272\236\250\176 -\376\232\316\074 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\136\200\236\204\132\016\145\013\027\002\363\125\030\052\076\327 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\105\125 -\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 -\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 -\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 -\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 -\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 -\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 -\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 -\141\040\123\056\101\056\061\051\060\047\006\003\125\004\003\023 -\040\103\150\141\155\142\145\162\163\040\157\146\040\103\157\155 -\155\145\162\143\145\040\122\157\157\164\040\055\040\062\060\060 -\070 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\243\332\102\176\244\261\256\332 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Global Chambersign Root - 2008" -# -# Issuer: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU -# Serial Number:00:c9:cd:d3:e9:d5:7d:23:ce -# Subject: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU -# Not Valid Before: Fri Aug 01 12:31:40 2008 -# Not Valid After : Sat Jul 31 12:31:40 2038 -# Fingerprint (MD5): 9E:80:FF:78:01:0C:2E:C1:36:BD:FE:96:90:6E:08:F3 -# Fingerprint (SHA1): 4A:BD:EE:EC:95:0D:35:9C:89:AE:C7:52:A1:2C:5B:29:F6:D6:AA:0C -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Global Chambersign Root - 2008" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125 -\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 -\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 -\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 -\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 -\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 -\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 -\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 -\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023 -\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163 -\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125 -\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 -\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 -\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 -\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 -\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 -\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 -\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 -\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023 -\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163 -\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\311\315\323\351\325\175\043\316 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\007\111\060\202\005\061\240\003\002\001\002\002\011\000 -\311\315\323\351\325\175\043\316\060\015\006\011\052\206\110\206 -\367\015\001\001\005\005\000\060\201\254\061\013\060\011\006\003 -\125\004\006\023\002\105\125\061\103\060\101\006\003\125\004\007 -\023\072\115\141\144\162\151\144\040\050\163\145\145\040\143\165 -\162\162\145\156\164\040\141\144\144\162\145\163\163\040\141\164 -\040\167\167\167\056\143\141\155\145\162\146\151\162\155\141\056 -\143\157\155\057\141\144\144\162\145\163\163\051\061\022\060\020 -\006\003\125\004\005\023\011\101\070\062\067\064\063\062\070\067 -\061\033\060\031\006\003\125\004\012\023\022\101\103\040\103\141 -\155\145\162\146\151\162\155\141\040\123\056\101\056\061\047\060 -\045\006\003\125\004\003\023\036\107\154\157\142\141\154\040\103 -\150\141\155\142\145\162\163\151\147\156\040\122\157\157\164\040 -\055\040\062\060\060\070\060\036\027\015\060\070\060\070\060\061 -\061\062\063\061\064\060\132\027\015\063\070\060\067\063\061\061 -\062\063\061\064\060\132\060\201\254\061\013\060\011\006\003\125 -\004\006\023\002\105\125\061\103\060\101\006\003\125\004\007\023 -\072\115\141\144\162\151\144\040\050\163\145\145\040\143\165\162 -\162\145\156\164\040\141\144\144\162\145\163\163\040\141\164\040 -\167\167\167\056\143\141\155\145\162\146\151\162\155\141\056\143 -\157\155\057\141\144\144\162\145\163\163\051\061\022\060\020\006 -\003\125\004\005\023\011\101\070\062\067\064\063\062\070\067\061 -\033\060\031\006\003\125\004\012\023\022\101\103\040\103\141\155 -\145\162\146\151\162\155\141\040\123\056\101\056\061\047\060\045 -\006\003\125\004\003\023\036\107\154\157\142\141\154\040\103\150 -\141\155\142\145\162\163\151\147\156\040\122\157\157\164\040\055 -\040\062\060\060\070\060\202\002\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002 -\012\002\202\002\001\000\300\337\126\323\344\072\233\166\105\264 -\023\333\377\301\266\031\213\067\101\030\225\122\107\353\027\235 -\051\210\216\065\154\006\062\056\107\142\363\111\004\277\175\104 -\066\261\161\314\275\132\011\163\325\331\205\104\377\221\127\045 -\337\136\066\216\160\321\134\161\103\035\331\332\357\134\322\373 -\033\275\072\265\313\255\243\314\104\247\015\256\041\025\077\271 -\172\133\222\165\330\244\022\070\211\031\212\267\200\322\342\062 -\157\126\234\221\326\210\020\013\263\164\144\222\164\140\363\366 -\317\030\117\140\262\043\320\307\073\316\141\113\231\217\302\014 -\320\100\262\230\334\015\250\116\243\271\012\256\140\240\255\105 -\122\143\272\146\275\150\340\371\276\032\250\201\273\036\101\170 -\165\323\301\376\000\125\260\207\124\350\047\220\065\035\114\063 -\255\227\374\227\056\230\204\277\054\311\243\277\321\230\021\024 -\355\143\370\312\230\210\130\027\231\355\105\003\227\176\074\206 -\036\210\214\276\362\221\204\217\145\064\330\000\114\175\267\061 -\027\132\051\172\012\030\044\060\243\067\265\172\251\001\175\046 -\326\371\016\216\131\361\375\033\063\265\051\073\027\073\101\266 -\041\335\324\300\075\245\237\237\037\103\120\311\273\274\154\172 -\227\230\356\315\214\037\373\234\121\256\213\160\275\047\237\161 -\300\153\254\175\220\146\350\327\135\072\015\260\325\302\215\325 -\310\235\235\301\155\320\320\277\121\344\343\370\303\070\066\256 -\326\247\165\346\257\204\103\135\223\222\014\152\007\336\073\035 -\230\042\326\254\301\065\333\243\240\045\377\162\265\166\035\336 -\155\351\054\146\054\122\204\320\105\222\316\034\345\345\063\035 -\334\007\123\124\243\252\202\073\232\067\057\334\335\240\144\351 -\346\335\275\256\374\144\205\035\074\247\311\006\336\204\377\153 -\350\153\032\074\305\242\263\102\373\213\011\076\137\010\122\307 -\142\304\324\005\161\277\304\144\344\370\241\203\350\076\022\233 -\250\036\324\066\115\057\161\366\215\050\366\203\251\023\322\141 -\301\221\273\110\300\064\217\101\214\113\114\333\151\022\377\120 -\224\234\040\203\131\163\355\174\241\362\361\375\335\367\111\323 -\103\130\240\126\143\312\075\075\345\065\126\131\351\016\312\040 -\314\053\113\223\051\017\002\003\001\000\001\243\202\001\152\060 -\202\001\146\060\022\006\003\125\035\023\001\001\377\004\010\060 -\006\001\001\377\002\001\014\060\035\006\003\125\035\016\004\026 -\004\024\271\011\312\234\036\333\323\154\072\153\256\355\124\361 -\133\223\006\065\056\136\060\201\341\006\003\125\035\043\004\201 -\331\060\201\326\200\024\271\011\312\234\036\333\323\154\072\153 -\256\355\124\361\133\223\006\065\056\136\241\201\262\244\201\257 -\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125 -\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 -\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 -\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 -\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 -\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 -\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 -\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 -\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023 -\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163 -\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070\202 -\011\000\311\315\323\351\325\175\043\316\060\016\006\003\125\035 -\017\001\001\377\004\004\003\002\001\006\060\075\006\003\125\035 -\040\004\066\060\064\060\062\006\004\125\035\040\000\060\052\060 -\050\006\010\053\006\001\005\005\007\002\001\026\034\150\164\164 -\160\072\057\057\160\157\154\151\143\171\056\143\141\155\145\162 -\146\151\162\155\141\056\143\157\155\060\015\006\011\052\206\110 -\206\367\015\001\001\005\005\000\003\202\002\001\000\200\210\177 -\160\336\222\050\331\005\224\106\377\220\127\251\361\057\337\032 -\015\153\372\174\016\034\111\044\171\047\330\106\252\157\051\131 -\122\210\160\022\352\335\075\365\233\123\124\157\341\140\242\250 -\011\271\354\353\131\174\306\065\361\334\030\351\361\147\345\257 -\272\105\340\011\336\312\104\017\302\027\016\167\221\105\172\063 -\137\137\226\054\150\213\301\107\217\230\233\075\300\354\313\365 -\325\202\222\204\065\321\276\066\070\126\162\061\133\107\055\252 -\027\244\143\121\353\012\001\255\177\354\165\236\313\241\037\361 -\177\022\261\271\344\144\177\147\326\043\052\364\270\071\135\230 -\350\041\247\341\275\075\102\032\164\232\160\257\150\154\120\135 -\111\317\377\373\016\135\346\054\107\327\201\072\131\000\265\163 -\153\143\040\366\061\105\010\071\016\364\160\176\100\160\132\077 -\320\153\102\251\164\075\050\057\002\155\165\162\225\011\215\110 -\143\306\306\043\127\222\223\136\065\301\215\371\012\367\054\235 -\142\034\366\255\174\335\246\061\036\266\261\307\176\205\046\372 -\244\152\265\332\143\060\321\357\223\067\262\146\057\175\005\367 -\347\267\113\230\224\065\300\331\072\051\301\235\262\120\063\035 -\112\251\132\246\311\003\357\355\364\347\250\156\212\264\127\204 -\353\244\077\320\356\252\252\207\133\143\350\223\342\153\250\324 -\270\162\170\153\033\355\071\344\135\313\233\252\207\325\117\116 -\000\376\331\152\237\074\061\017\050\002\001\175\230\350\247\260 -\242\144\236\171\370\110\362\025\251\314\346\310\104\353\077\170 -\231\362\173\161\076\074\361\230\247\305\030\022\077\346\273\050 -\063\102\351\105\012\174\155\362\206\171\057\305\202\031\175\011 -\211\174\262\124\166\210\256\336\301\363\314\341\156\333\061\326 -\223\256\231\240\357\045\152\163\230\211\133\072\056\023\210\036 -\277\300\222\224\064\033\343\047\267\213\036\157\102\377\347\351 -\067\233\120\035\055\242\371\002\356\313\130\130\072\161\274\150 -\343\252\301\257\034\050\037\242\334\043\145\077\201\352\256\231 -\323\330\060\317\023\015\117\025\311\204\274\247\110\055\370\060 -\043\167\330\106\113\171\155\366\214\355\072\177\140\021\170\364 -\351\233\256\325\124\300\164\200\321\013\102\237\301 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Global Chambersign Root - 2008" -# Issuer: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU -# Serial Number:00:c9:cd:d3:e9:d5:7d:23:ce -# Subject: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU -# Not Valid Before: Fri Aug 01 12:31:40 2008 -# Not Valid After : Sat Jul 31 12:31:40 2038 -# Fingerprint (MD5): 9E:80:FF:78:01:0C:2E:C1:36:BD:FE:96:90:6E:08:F3 -# Fingerprint (SHA1): 4A:BD:EE:EC:95:0D:35:9C:89:AE:C7:52:A1:2C:5B:29:F6:D6:AA:0C -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Global Chambersign Root - 2008" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\112\275\356\354\225\015\065\234\211\256\307\122\241\054\133\051 -\366\326\252\014 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\236\200\377\170\001\014\056\301\066\275\376\226\220\156\010\363 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125 -\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151 -\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141 -\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141 -\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144 -\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011 -\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125 -\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155 -\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023 -\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163 -\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\311\315\323\351\325\175\043\316 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Go Daddy Root Certificate Authority - G2" -# -# Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US -# Serial Number: 0 (0x0) -# Subject: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US -# Not Valid Before: Tue Sep 01 00:00:00 2009 -# Not Valid After : Thu Dec 31 23:59:59 2037 -# Fingerprint (MD5): 80:3A:BC:22:C1:E6:FB:8D:9B:3B:27:4A:32:1B:9A:01 -# Fingerprint (SHA1): 47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Go Daddy Root Certificate Authority - G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157 -\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157 -\164\164\163\144\141\154\145\061\032\060\030\006\003\125\004\012 -\023\021\107\157\104\141\144\144\171\056\143\157\155\054\040\111 -\156\143\056\061\061\060\057\006\003\125\004\003\023\050\107\157 -\040\104\141\144\144\171\040\122\157\157\164\040\103\145\162\164 -\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164 -\171\040\055\040\107\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157 -\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157 -\164\164\163\144\141\154\145\061\032\060\030\006\003\125\004\012 -\023\021\107\157\104\141\144\144\171\056\143\157\155\054\040\111 -\156\143\056\061\061\060\057\006\003\125\004\003\023\050\107\157 -\040\104\141\144\144\171\040\122\157\157\164\040\103\145\162\164 -\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164 -\171\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\305\060\202\002\255\240\003\002\001\002\002\001\000 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157\156 -\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157\164 -\164\163\144\141\154\145\061\032\060\030\006\003\125\004\012\023 -\021\107\157\104\141\144\144\171\056\143\157\155\054\040\111\156 -\143\056\061\061\060\057\006\003\125\004\003\023\050\107\157\040 -\104\141\144\144\171\040\122\157\157\164\040\103\145\162\164\151 -\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171 -\040\055\040\107\062\060\036\027\015\060\071\060\071\060\061\060 -\060\060\060\060\060\132\027\015\063\067\061\062\063\061\062\063 -\065\071\065\071\132\060\201\203\061\013\060\011\006\003\125\004 -\006\023\002\125\123\061\020\060\016\006\003\125\004\010\023\007 -\101\162\151\172\157\156\141\061\023\060\021\006\003\125\004\007 -\023\012\123\143\157\164\164\163\144\141\154\145\061\032\060\030 -\006\003\125\004\012\023\021\107\157\104\141\144\144\171\056\143 -\157\155\054\040\111\156\143\056\061\061\060\057\006\003\125\004 -\003\023\050\107\157\040\104\141\144\144\171\040\122\157\157\164 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\062\060\202\001\042\060 -\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202 -\001\017\000\060\202\001\012\002\202\001\001\000\277\161\142\010 -\361\372\131\064\367\033\311\030\243\367\200\111\130\351\042\203 -\023\246\305\040\103\001\073\204\361\346\205\111\237\047\352\366 -\204\033\116\240\264\333\160\230\307\062\001\261\005\076\007\116 -\356\364\372\117\057\131\060\042\347\253\031\126\153\342\200\007 -\374\363\026\165\200\071\121\173\345\371\065\266\164\116\251\215 -\202\023\344\266\077\251\003\203\372\242\276\212\025\152\177\336 -\013\303\266\031\024\005\312\352\303\250\004\224\073\106\174\062 -\015\363\000\146\042\310\215\151\155\066\214\021\030\267\323\262 -\034\140\264\070\372\002\214\316\323\335\106\007\336\012\076\353 -\135\174\310\174\373\260\053\123\244\222\142\151\121\045\005\141 -\032\104\201\214\054\251\103\226\043\337\254\072\201\232\016\051 -\305\034\251\351\135\036\266\236\236\060\012\071\316\361\210\200 -\373\113\135\314\062\354\205\142\103\045\064\002\126\047\001\221 -\264\073\160\052\077\156\261\350\234\210\001\175\237\324\371\333 -\123\155\140\235\277\054\347\130\253\270\137\106\374\316\304\033 -\003\074\011\353\111\061\134\151\106\263\340\107\002\003\001\000 -\001\243\102\060\100\060\017\006\003\125\035\023\001\001\377\004 -\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004 -\024\072\232\205\007\020\147\050\266\357\366\275\005\101\156\040 -\301\224\332\017\336\060\015\006\011\052\206\110\206\367\015\001 -\001\013\005\000\003\202\001\001\000\231\333\135\171\325\371\227 -\131\147\003\141\361\176\073\006\061\165\055\241\040\216\117\145 -\207\264\367\246\234\274\330\351\057\320\333\132\356\317\164\214 -\163\264\070\102\332\005\173\370\002\165\270\375\245\261\327\256 -\366\327\336\023\313\123\020\176\212\106\321\227\372\267\056\053 -\021\253\220\260\047\200\371\350\237\132\351\067\237\253\344\337 -\154\263\205\027\235\075\331\044\117\171\221\065\326\137\004\353 -\200\203\253\232\002\055\265\020\364\330\220\307\004\163\100\355 -\162\045\240\251\237\354\236\253\150\022\231\127\306\217\022\072 -\011\244\275\104\375\006\025\067\301\233\344\062\243\355\070\350 -\330\144\363\054\176\024\374\002\352\237\315\377\007\150\027\333 -\042\220\070\055\172\215\321\124\361\151\343\137\063\312\172\075 -\173\012\343\312\177\137\071\345\342\165\272\305\166\030\063\316 -\054\360\057\114\255\367\261\347\316\117\250\304\233\112\124\006 -\305\177\175\325\010\017\342\034\376\176\027\270\254\136\366\324 -\026\262\103\011\014\115\366\247\153\264\231\204\145\312\172\210 -\342\342\104\276\134\367\352\034\365 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Go Daddy Root Certificate Authority - G2" -# Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US -# Serial Number: 0 (0x0) -# Subject: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US -# Not Valid Before: Tue Sep 01 00:00:00 2009 -# Not Valid After : Thu Dec 31 23:59:59 2037 -# Fingerprint (MD5): 80:3A:BC:22:C1:E6:FB:8D:9B:3B:27:4A:32:1B:9A:01 -# Fingerprint (SHA1): 47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Go Daddy Root Certificate Authority - G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\107\276\253\311\042\352\350\016\170\170\064\142\247\237\105\302 -\124\375\346\213 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\200\072\274\042\301\346\373\215\233\073\047\112\062\033\232\001 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157 -\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157 -\164\164\163\144\141\154\145\061\032\060\030\006\003\125\004\012 -\023\021\107\157\104\141\144\144\171\056\143\157\155\054\040\111 -\156\143\056\061\061\060\057\006\003\125\004\003\023\050\107\157 -\040\104\141\144\144\171\040\122\157\157\164\040\103\145\162\164 -\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164 -\171\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Starfield Root Certificate Authority - G2" -# -# Issuer: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US -# Serial Number: 0 (0x0) -# Subject: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US -# Not Valid Before: Tue Sep 01 00:00:00 2009 -# Not Valid After : Thu Dec 31 23:59:59 2037 -# Fingerprint (MD5): D6:39:81:C6:52:7E:96:69:FC:FC:CA:66:ED:05:F2:96 -# Fingerprint (SHA1): B5:1C:06:7C:EE:2B:0C:3D:F8:55:AB:2D:92:F4:FE:39:D4:E7:0F:0E -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Starfield Root Certificate Authority - G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\217\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157 -\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157 -\164\164\163\144\141\154\145\061\045\060\043\006\003\125\004\012 -\023\034\123\164\141\162\146\151\145\154\144\040\124\145\143\150 -\156\157\154\157\147\151\145\163\054\040\111\156\143\056\061\062 -\060\060\006\003\125\004\003\023\051\123\164\141\162\146\151\145 -\154\144\040\122\157\157\164\040\103\145\162\164\151\146\151\143 -\141\164\145\040\101\165\164\150\157\162\151\164\171\040\055\040 -\107\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\217\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157 -\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157 -\164\164\163\144\141\154\145\061\045\060\043\006\003\125\004\012 -\023\034\123\164\141\162\146\151\145\154\144\040\124\145\143\150 -\156\157\154\157\147\151\145\163\054\040\111\156\143\056\061\062 -\060\060\006\003\125\004\003\023\051\123\164\141\162\146\151\145 -\154\144\040\122\157\157\164\040\103\145\162\164\151\146\151\143 -\141\164\145\040\101\165\164\150\157\162\151\164\171\040\055\040 -\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\335\060\202\002\305\240\003\002\001\002\002\001\000 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\201\217\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157\156 -\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157\164 -\164\163\144\141\154\145\061\045\060\043\006\003\125\004\012\023 -\034\123\164\141\162\146\151\145\154\144\040\124\145\143\150\156 -\157\154\157\147\151\145\163\054\040\111\156\143\056\061\062\060 -\060\006\003\125\004\003\023\051\123\164\141\162\146\151\145\154 -\144\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 -\164\145\040\101\165\164\150\157\162\151\164\171\040\055\040\107 -\062\060\036\027\015\060\071\060\071\060\061\060\060\060\060\060 -\060\132\027\015\063\067\061\062\063\061\062\063\065\071\065\071 -\132\060\201\217\061\013\060\011\006\003\125\004\006\023\002\125 -\123\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172 -\157\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143 -\157\164\164\163\144\141\154\145\061\045\060\043\006\003\125\004 -\012\023\034\123\164\141\162\146\151\145\154\144\040\124\145\143 -\150\156\157\154\157\147\151\145\163\054\040\111\156\143\056\061 -\062\060\060\006\003\125\004\003\023\051\123\164\141\162\146\151 -\145\154\144\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\145\040\101\165\164\150\157\162\151\164\171\040\055 -\040\107\062\060\202\001\042\060\015\006\011\052\206\110\206\367 -\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002 -\202\001\001\000\275\355\301\003\374\366\217\374\002\261\157\133 -\237\110\331\235\171\342\242\267\003\141\126\030\303\107\266\327 -\312\075\065\056\211\103\367\241\151\233\336\212\032\375\023\040 -\234\264\111\167\062\051\126\375\271\354\214\335\042\372\162\334 -\047\141\227\356\366\132\204\354\156\031\271\211\054\334\204\133 -\325\164\373\153\137\305\211\245\020\122\211\106\125\364\270\165 -\034\346\177\344\124\256\113\370\125\162\127\002\031\370\027\161 -\131\353\036\050\007\164\305\235\110\276\154\264\364\244\260\363 -\144\067\171\222\300\354\106\136\177\341\155\123\114\142\257\315 -\037\013\143\273\072\235\373\374\171\000\230\141\164\317\046\202 -\100\143\363\262\162\152\031\015\231\312\324\016\165\314\067\373 -\213\211\301\131\361\142\177\137\263\137\145\060\370\247\267\115 -\166\132\036\166\136\064\300\350\226\126\231\212\263\360\177\244 -\315\275\334\062\061\174\221\317\340\137\021\370\153\252\111\134 -\321\231\224\321\242\343\143\133\011\166\265\126\142\341\113\164 -\035\226\324\046\324\010\004\131\320\230\016\016\346\336\374\303 -\354\037\220\361\002\003\001\000\001\243\102\060\100\060\017\006 -\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016 -\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035 -\006\003\125\035\016\004\026\004\024\174\014\062\037\247\331\060 -\177\304\175\150\243\142\250\241\316\253\007\133\047\060\015\006 -\011\052\206\110\206\367\015\001\001\013\005\000\003\202\001\001 -\000\021\131\372\045\117\003\157\224\231\073\232\037\202\205\071 -\324\166\005\224\136\341\050\223\155\142\135\011\302\240\250\324 -\260\165\070\361\064\152\235\344\237\212\206\046\121\346\054\321 -\306\055\156\225\040\112\222\001\354\270\212\147\173\061\342\147 -\056\214\225\003\046\056\103\235\112\061\366\016\265\014\273\267 -\342\067\177\042\272\000\243\016\173\122\373\153\273\073\304\323 -\171\121\116\315\220\364\147\007\031\310\074\106\172\015\001\175 -\305\130\347\155\346\205\060\027\232\044\304\020\340\004\367\340 -\362\177\324\252\012\377\102\035\067\355\224\345\144\131\022\040 -\167\070\323\062\076\070\201\165\226\163\372\150\217\261\313\316 -\037\305\354\372\234\176\317\176\261\361\007\055\266\374\277\312 -\244\277\320\227\005\112\274\352\030\050\002\220\275\124\170\011 -\041\161\323\321\175\035\331\026\260\251\141\075\320\012\000\042 -\374\307\173\313\011\144\105\013\073\100\201\367\175\174\062\365 -\230\312\130\216\175\052\356\220\131\163\144\371\066\164\136\045 -\241\365\146\005\056\177\071\025\251\052\373\120\213\216\205\151 -\364 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Starfield Root Certificate Authority - G2" -# Issuer: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US -# Serial Number: 0 (0x0) -# Subject: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US -# Not Valid Before: Tue Sep 01 00:00:00 2009 -# Not Valid After : Thu Dec 31 23:59:59 2037 -# Fingerprint (MD5): D6:39:81:C6:52:7E:96:69:FC:FC:CA:66:ED:05:F2:96 -# Fingerprint (SHA1): B5:1C:06:7C:EE:2B:0C:3D:F8:55:AB:2D:92:F4:FE:39:D4:E7:0F:0E -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Starfield Root Certificate Authority - G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\265\034\006\174\356\053\014\075\370\125\253\055\222\364\376\071 -\324\347\017\016 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\326\071\201\306\122\176\226\151\374\374\312\146\355\005\362\226 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\217\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157 -\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157 -\164\164\163\144\141\154\145\061\045\060\043\006\003\125\004\012 -\023\034\123\164\141\162\146\151\145\154\144\040\124\145\143\150 -\156\157\154\157\147\151\145\163\054\040\111\156\143\056\061\062 -\060\060\006\003\125\004\003\023\051\123\164\141\162\146\151\145 -\154\144\040\122\157\157\164\040\103\145\162\164\151\146\151\143 -\141\164\145\040\101\165\164\150\157\162\151\164\171\040\055\040 -\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Starfield Services Root Certificate Authority - G2" -# -# Issuer: CN=Starfield Services Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US -# Serial Number: 0 (0x0) -# Subject: CN=Starfield Services Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US -# Not Valid Before: Tue Sep 01 00:00:00 2009 -# Not Valid After : Thu Dec 31 23:59:59 2037 -# Fingerprint (MD5): 17:35:74:AF:7B:61:1C:EB:F4:F9:3C:E2:EE:40:F9:A2 -# Fingerprint (SHA1): 92:5A:8F:8D:2C:6D:04:E0:66:5F:59:6A:FF:22:D8:63:E8:25:6F:3F -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Starfield Services Root Certificate Authority - G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157 -\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157 -\164\164\163\144\141\154\145\061\045\060\043\006\003\125\004\012 -\023\034\123\164\141\162\146\151\145\154\144\040\124\145\143\150 -\156\157\154\157\147\151\145\163\054\040\111\156\143\056\061\073 -\060\071\006\003\125\004\003\023\062\123\164\141\162\146\151\145 -\154\144\040\123\145\162\166\151\143\145\163\040\122\157\157\164 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157 -\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157 -\164\164\163\144\141\154\145\061\045\060\043\006\003\125\004\012 -\023\034\123\164\141\162\146\151\145\154\144\040\124\145\143\150 -\156\157\154\157\147\151\145\163\054\040\111\156\143\056\061\073 -\060\071\006\003\125\004\003\023\062\123\164\141\162\146\151\145 -\154\144\040\123\145\162\166\151\143\145\163\040\122\157\157\164 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\357\060\202\002\327\240\003\002\001\002\002\001\000 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157\156 -\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157\164 -\164\163\144\141\154\145\061\045\060\043\006\003\125\004\012\023 -\034\123\164\141\162\146\151\145\154\144\040\124\145\143\150\156 -\157\154\157\147\151\145\163\054\040\111\156\143\056\061\073\060 -\071\006\003\125\004\003\023\062\123\164\141\162\146\151\145\154 -\144\040\123\145\162\166\151\143\145\163\040\122\157\157\164\040 -\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150 -\157\162\151\164\171\040\055\040\107\062\060\036\027\015\060\071 -\060\071\060\061\060\060\060\060\060\060\132\027\015\063\067\061 -\062\063\061\062\063\065\071\065\071\132\060\201\230\061\013\060 -\011\006\003\125\004\006\023\002\125\123\061\020\060\016\006\003 -\125\004\010\023\007\101\162\151\172\157\156\141\061\023\060\021 -\006\003\125\004\007\023\012\123\143\157\164\164\163\144\141\154 -\145\061\045\060\043\006\003\125\004\012\023\034\123\164\141\162 -\146\151\145\154\144\040\124\145\143\150\156\157\154\157\147\151 -\145\163\054\040\111\156\143\056\061\073\060\071\006\003\125\004 -\003\023\062\123\164\141\162\146\151\145\154\144\040\123\145\162 -\166\151\143\145\163\040\122\157\157\164\040\103\145\162\164\151 -\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171 -\040\055\040\107\062\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\325\014\072\304\052\371\116\342\365\276 -\031\227\137\216\210\123\261\037\077\313\317\237\040\023\155\051 -\072\310\017\175\074\367\153\166\070\143\331\066\140\250\233\136 -\134\000\200\262\057\131\177\366\207\371\045\103\206\347\151\033 -\122\232\220\341\161\343\330\055\015\116\157\366\310\111\331\266 -\363\032\126\256\053\266\164\024\353\317\373\046\343\032\272\035 -\226\056\152\073\130\224\211\107\126\377\045\240\223\160\123\203 -\332\204\164\024\303\147\236\004\150\072\337\216\100\132\035\112 -\116\317\103\221\073\347\126\326\000\160\313\122\356\173\175\256 -\072\347\274\061\371\105\366\302\140\317\023\131\002\053\200\314 -\064\107\337\271\336\220\145\155\002\317\054\221\246\246\347\336 -\205\030\111\174\146\116\243\072\155\251\265\356\064\056\272\015 -\003\270\063\337\107\353\261\153\215\045\331\233\316\201\321\105 -\106\062\226\160\207\336\002\016\111\103\205\266\154\163\273\144 -\352\141\101\254\311\324\124\337\207\057\307\042\262\046\314\237 -\131\124\150\237\374\276\052\057\304\125\034\165\100\140\027\205 -\002\125\071\213\177\005\002\003\001\000\001\243\102\060\100\060 -\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 -\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006 -\060\035\006\003\125\035\016\004\026\004\024\234\137\000\337\252 -\001\327\060\053\070\210\242\270\155\112\234\362\021\221\203\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202 -\001\001\000\113\066\246\204\167\151\335\073\031\237\147\043\010 -\157\016\141\311\375\204\334\137\330\066\201\315\330\033\101\055 -\237\140\335\307\032\150\331\321\156\206\341\210\043\317\023\336 -\103\317\342\064\263\004\235\037\051\325\277\370\136\310\325\301 -\275\356\222\157\062\164\362\221\202\057\275\202\102\172\255\052 -\267\040\175\115\274\172\125\022\302\025\352\275\367\152\225\056 -\154\164\237\317\034\264\362\305\001\243\205\320\162\076\255\163 -\253\013\233\165\014\155\105\267\216\224\254\226\067\265\240\320 -\217\025\107\016\343\350\203\335\217\375\357\101\001\167\314\047 -\251\142\205\063\362\067\010\357\161\317\167\006\336\310\031\035 -\210\100\317\175\106\035\377\036\307\341\316\377\043\333\306\372 -\215\125\116\251\002\347\107\021\106\076\364\375\275\173\051\046 -\273\251\141\142\067\050\266\055\052\366\020\206\144\311\160\247 -\322\255\267\051\160\171\352\074\332\143\045\237\375\150\267\060 -\354\160\373\165\212\267\155\140\147\262\036\310\271\351\330\250 -\157\002\213\147\015\115\046\127\161\332\040\374\301\112\120\215 -\261\050\272 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Starfield Services Root Certificate Authority - G2" -# Issuer: CN=Starfield Services Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US -# Serial Number: 0 (0x0) -# Subject: CN=Starfield Services Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US -# Not Valid Before: Tue Sep 01 00:00:00 2009 -# Not Valid After : Thu Dec 31 23:59:59 2037 -# Fingerprint (MD5): 17:35:74:AF:7B:61:1C:EB:F4:F9:3C:E2:EE:40:F9:A2 -# Fingerprint (SHA1): 92:5A:8F:8D:2C:6D:04:E0:66:5F:59:6A:FF:22:D8:63:E8:25:6F:3F -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Starfield Services Root Certificate Authority - G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\222\132\217\215\054\155\004\340\146\137\131\152\377\042\330\143 -\350\045\157\077 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\027\065\164\257\173\141\034\353\364\371\074\342\356\100\371\242 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157 -\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157 -\164\164\163\144\141\154\145\061\045\060\043\006\003\125\004\012 -\023\034\123\164\141\162\146\151\145\154\144\040\124\145\143\150 -\156\157\154\157\147\151\145\163\054\040\111\156\143\056\061\073 -\060\071\006\003\125\004\003\023\062\123\164\141\162\146\151\145 -\154\144\040\123\145\162\166\151\143\145\163\040\122\157\157\164 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "AffirmTrust Commercial" -# -# Issuer: CN=AffirmTrust Commercial,O=AffirmTrust,C=US -# Serial Number:77:77:06:27:26:a9:b1:7c -# Subject: CN=AffirmTrust Commercial,O=AffirmTrust,C=US -# Not Valid Before: Fri Jan 29 14:06:06 2010 -# Not Valid After : Tue Dec 31 14:06:06 2030 -# Fingerprint (MD5): 82:92:BA:5B:EF:CD:8A:6F:A6:3D:55:F9:84:F6:D6:B7 -# Fingerprint (SHA1): F9:B5:B6:32:45:5F:9C:BE:EC:57:5F:80:DC:E9:6E:2C:C7:B2:78:B7 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AffirmTrust Commercial" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\104\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155 -\124\162\165\163\164\061\037\060\035\006\003\125\004\003\014\026 -\101\146\146\151\162\155\124\162\165\163\164\040\103\157\155\155 -\145\162\143\151\141\154 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\104\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155 -\124\162\165\163\164\061\037\060\035\006\003\125\004\003\014\026 -\101\146\146\151\162\155\124\162\165\163\164\040\103\157\155\155 -\145\162\143\151\141\154 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\167\167\006\047\046\251\261\174 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\114\060\202\002\064\240\003\002\001\002\002\010\167 -\167\006\047\046\251\261\174\060\015\006\011\052\206\110\206\367 -\015\001\001\013\005\000\060\104\061\013\060\011\006\003\125\004 -\006\023\002\125\123\061\024\060\022\006\003\125\004\012\014\013 -\101\146\146\151\162\155\124\162\165\163\164\061\037\060\035\006 -\003\125\004\003\014\026\101\146\146\151\162\155\124\162\165\163 -\164\040\103\157\155\155\145\162\143\151\141\154\060\036\027\015 -\061\060\060\061\062\071\061\064\060\066\060\066\132\027\015\063 -\060\061\062\063\061\061\064\060\066\060\066\132\060\104\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\024\060\022\006 -\003\125\004\012\014\013\101\146\146\151\162\155\124\162\165\163 -\164\061\037\060\035\006\003\125\004\003\014\026\101\146\146\151 -\162\155\124\162\165\163\164\040\103\157\155\155\145\162\143\151 -\141\154\060\202\001\042\060\015\006\011\052\206\110\206\367\015 -\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202 -\001\001\000\366\033\117\147\007\053\241\025\365\006\042\313\037 -\001\262\343\163\105\006\104\111\054\273\111\045\024\326\316\303 -\267\253\054\117\306\101\062\224\127\372\022\247\133\016\342\217 -\037\036\206\031\247\252\265\055\271\137\015\212\302\257\205\065 -\171\062\055\273\034\142\067\362\261\133\112\075\312\315\161\137 -\351\102\276\224\350\310\336\371\042\110\144\306\345\253\306\053 -\155\255\005\360\372\325\013\317\232\345\360\120\244\213\073\107 -\245\043\133\172\172\370\063\077\270\357\231\227\343\040\301\326 -\050\211\317\224\373\271\105\355\343\100\027\021\324\164\360\013 -\061\342\053\046\152\233\114\127\256\254\040\076\272\105\172\005 -\363\275\233\151\025\256\175\116\040\143\304\065\166\072\007\002 -\311\067\375\307\107\356\350\361\166\035\163\025\362\227\244\265 -\310\172\171\331\102\252\053\177\134\376\316\046\117\243\146\201 -\065\257\104\272\124\036\034\060\062\145\235\346\074\223\136\120 -\116\172\343\072\324\156\314\032\373\371\322\067\256\044\052\253 -\127\003\042\050\015\111\165\177\267\050\332\165\277\216\343\334 -\016\171\061\002\003\001\000\001\243\102\060\100\060\035\006\003 -\125\035\016\004\026\004\024\235\223\306\123\213\136\312\257\077 -\237\036\017\345\231\225\274\044\366\224\217\060\017\006\003\125 -\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003 -\125\035\017\001\001\377\004\004\003\002\001\006\060\015\006\011 -\052\206\110\206\367\015\001\001\013\005\000\003\202\001\001\000 -\130\254\364\004\016\315\300\015\377\012\375\324\272\026\137\051 -\275\173\150\231\130\111\322\264\035\067\115\177\047\175\106\006 -\135\103\306\206\056\076\163\262\046\175\117\223\251\266\304\052 -\232\253\041\227\024\261\336\214\323\253\211\025\330\153\044\324 -\361\026\256\330\244\134\324\177\121\216\355\030\001\261\223\143 -\275\274\370\141\200\232\236\261\316\102\160\342\251\175\006\045 -\175\047\241\376\157\354\263\036\044\332\343\113\125\032\000\073 -\065\264\073\331\327\135\060\375\201\023\211\362\302\006\053\355 -\147\304\216\311\103\262\134\153\025\211\002\274\142\374\116\362 -\265\063\252\262\157\323\012\242\120\343\366\073\350\056\104\302 -\333\146\070\251\063\126\110\361\155\033\063\215\015\214\077\140 -\067\235\323\312\155\176\064\176\015\237\162\166\213\033\237\162 -\375\122\065\101\105\002\226\057\034\262\232\163\111\041\261\111 -\107\105\107\264\357\152\064\021\311\115\232\314\131\267\326\002 -\236\132\116\145\265\224\256\033\337\051\260\026\361\277\000\236 -\007\072\027\144\265\004\265\043\041\231\012\225\073\227\174\357 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "AffirmTrust Commercial" -# Issuer: CN=AffirmTrust Commercial,O=AffirmTrust,C=US -# Serial Number:77:77:06:27:26:a9:b1:7c -# Subject: CN=AffirmTrust Commercial,O=AffirmTrust,C=US -# Not Valid Before: Fri Jan 29 14:06:06 2010 -# Not Valid After : Tue Dec 31 14:06:06 2030 -# Fingerprint (MD5): 82:92:BA:5B:EF:CD:8A:6F:A6:3D:55:F9:84:F6:D6:B7 -# Fingerprint (SHA1): F9:B5:B6:32:45:5F:9C:BE:EC:57:5F:80:DC:E9:6E:2C:C7:B2:78:B7 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AffirmTrust Commercial" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\371\265\266\062\105\137\234\276\354\127\137\200\334\351\156\054 -\307\262\170\267 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\202\222\272\133\357\315\212\157\246\075\125\371\204\366\326\267 -END -CKA_ISSUER MULTILINE_OCTAL -\060\104\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155 -\124\162\165\163\164\061\037\060\035\006\003\125\004\003\014\026 -\101\146\146\151\162\155\124\162\165\163\164\040\103\157\155\155 -\145\162\143\151\141\154 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\167\167\006\047\046\251\261\174 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "AffirmTrust Networking" -# -# Issuer: CN=AffirmTrust Networking,O=AffirmTrust,C=US -# Serial Number:7c:4f:04:39:1c:d4:99:2d -# Subject: CN=AffirmTrust Networking,O=AffirmTrust,C=US -# Not Valid Before: Fri Jan 29 14:08:24 2010 -# Not Valid After : Tue Dec 31 14:08:24 2030 -# Fingerprint (MD5): 42:65:CA:BE:01:9A:9A:4C:A9:8C:41:49:CD:C0:D5:7F -# Fingerprint (SHA1): 29:36:21:02:8B:20:ED:02:F5:66:C5:32:D1:D6:ED:90:9F:45:00:2F -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AffirmTrust Networking" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\104\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155 -\124\162\165\163\164\061\037\060\035\006\003\125\004\003\014\026 -\101\146\146\151\162\155\124\162\165\163\164\040\116\145\164\167 -\157\162\153\151\156\147 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\104\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155 -\124\162\165\163\164\061\037\060\035\006\003\125\004\003\014\026 -\101\146\146\151\162\155\124\162\165\163\164\040\116\145\164\167 -\157\162\153\151\156\147 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\174\117\004\071\034\324\231\055 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\114\060\202\002\064\240\003\002\001\002\002\010\174 -\117\004\071\034\324\231\055\060\015\006\011\052\206\110\206\367 -\015\001\001\005\005\000\060\104\061\013\060\011\006\003\125\004 -\006\023\002\125\123\061\024\060\022\006\003\125\004\012\014\013 -\101\146\146\151\162\155\124\162\165\163\164\061\037\060\035\006 -\003\125\004\003\014\026\101\146\146\151\162\155\124\162\165\163 -\164\040\116\145\164\167\157\162\153\151\156\147\060\036\027\015 -\061\060\060\061\062\071\061\064\060\070\062\064\132\027\015\063 -\060\061\062\063\061\061\064\060\070\062\064\132\060\104\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\024\060\022\006 -\003\125\004\012\014\013\101\146\146\151\162\155\124\162\165\163 -\164\061\037\060\035\006\003\125\004\003\014\026\101\146\146\151 -\162\155\124\162\165\163\164\040\116\145\164\167\157\162\153\151 -\156\147\060\202\001\042\060\015\006\011\052\206\110\206\367\015 -\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202 -\001\001\000\264\204\314\063\027\056\153\224\154\153\141\122\240 -\353\243\317\171\224\114\345\224\200\231\313\125\144\104\145\217 -\147\144\342\006\343\134\067\111\366\057\233\204\204\036\055\362 -\140\235\060\116\314\204\205\342\054\317\036\236\376\066\253\063 -\167\065\104\330\065\226\032\075\066\350\172\016\330\325\107\241 -\152\151\213\331\374\273\072\256\171\132\325\364\326\161\273\232 -\220\043\153\232\267\210\164\207\014\036\137\271\236\055\372\253 -\123\053\334\273\166\076\223\114\010\010\214\036\242\043\034\324 -\152\255\042\272\231\001\056\155\145\313\276\044\146\125\044\113 -\100\104\261\033\327\341\302\205\300\336\020\077\075\355\270\374 -\361\361\043\123\334\277\145\227\157\331\371\100\161\215\175\275 -\225\324\316\276\240\136\047\043\336\375\246\320\046\016\000\051 -\353\074\106\360\075\140\277\077\120\322\334\046\101\121\236\024 -\067\102\004\243\160\127\250\033\207\355\055\372\173\356\214\012 -\343\251\146\211\031\313\101\371\335\104\066\141\317\342\167\106 -\310\175\366\364\222\201\066\375\333\064\361\162\176\363\014\026 -\275\264\025\002\003\001\000\001\243\102\060\100\060\035\006\003 -\125\035\016\004\026\004\024\007\037\322\347\234\332\302\156\242 -\100\264\260\172\120\020\120\164\304\310\275\060\017\006\003\125 -\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003 -\125\035\017\001\001\377\004\004\003\002\001\006\060\015\006\011 -\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000 -\211\127\262\026\172\250\302\375\326\331\233\233\064\302\234\264 -\062\024\115\247\244\337\354\276\247\276\370\103\333\221\067\316 -\264\062\056\120\125\032\065\116\166\103\161\040\357\223\167\116 -\025\160\056\207\303\301\035\155\334\313\265\047\324\054\126\321 -\122\123\072\104\322\163\310\304\033\005\145\132\142\222\234\356 -\101\215\061\333\347\064\352\131\041\325\001\172\327\144\270\144 -\071\315\311\355\257\355\113\003\110\247\240\231\001\200\334\145 -\243\066\256\145\131\110\117\202\113\310\145\361\127\035\345\131 -\056\012\077\154\330\321\365\345\011\264\154\124\000\012\340\025 -\115\207\165\155\267\130\226\132\335\155\322\000\240\364\233\110 -\276\303\067\244\272\066\340\174\207\205\227\032\025\242\336\056 -\242\133\275\257\030\371\220\120\315\160\131\370\047\147\107\313 -\307\240\007\072\175\321\054\135\154\031\072\146\265\175\375\221 -\157\202\261\276\010\223\333\024\107\361\242\067\307\105\236\074 -\307\167\257\144\250\223\337\366\151\203\202\140\362\111\102\064 -\355\132\000\124\205\034\026\066\222\014\134\372\246\255\277\333 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "AffirmTrust Networking" -# Issuer: CN=AffirmTrust Networking,O=AffirmTrust,C=US -# Serial Number:7c:4f:04:39:1c:d4:99:2d -# Subject: CN=AffirmTrust Networking,O=AffirmTrust,C=US -# Not Valid Before: Fri Jan 29 14:08:24 2010 -# Not Valid After : Tue Dec 31 14:08:24 2030 -# Fingerprint (MD5): 42:65:CA:BE:01:9A:9A:4C:A9:8C:41:49:CD:C0:D5:7F -# Fingerprint (SHA1): 29:36:21:02:8B:20:ED:02:F5:66:C5:32:D1:D6:ED:90:9F:45:00:2F -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AffirmTrust Networking" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\051\066\041\002\213\040\355\002\365\146\305\062\321\326\355\220 -\237\105\000\057 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\102\145\312\276\001\232\232\114\251\214\101\111\315\300\325\177 -END -CKA_ISSUER MULTILINE_OCTAL -\060\104\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155 -\124\162\165\163\164\061\037\060\035\006\003\125\004\003\014\026 -\101\146\146\151\162\155\124\162\165\163\164\040\116\145\164\167 -\157\162\153\151\156\147 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\174\117\004\071\034\324\231\055 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "AffirmTrust Premium" -# -# Issuer: CN=AffirmTrust Premium,O=AffirmTrust,C=US -# Serial Number:6d:8c:14:46:b1:a6:0a:ee -# Subject: CN=AffirmTrust Premium,O=AffirmTrust,C=US -# Not Valid Before: Fri Jan 29 14:10:36 2010 -# Not Valid After : Mon Dec 31 14:10:36 2040 -# Fingerprint (MD5): C4:5D:0E:48:B6:AC:28:30:4E:0A:BC:F9:38:16:87:57 -# Fingerprint (SHA1): D8:A6:33:2C:E0:03:6F:B1:85:F6:63:4F:7D:6A:06:65:26:32:28:27 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AffirmTrust Premium" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\101\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155 -\124\162\165\163\164\061\034\060\032\006\003\125\004\003\014\023 -\101\146\146\151\162\155\124\162\165\163\164\040\120\162\145\155 -\151\165\155 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\101\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155 -\124\162\165\163\164\061\034\060\032\006\003\125\004\003\014\023 -\101\146\146\151\162\155\124\162\165\163\164\040\120\162\145\155 -\151\165\155 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\155\214\024\106\261\246\012\356 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\106\060\202\003\056\240\003\002\001\002\002\010\155 -\214\024\106\261\246\012\356\060\015\006\011\052\206\110\206\367 -\015\001\001\014\005\000\060\101\061\013\060\011\006\003\125\004 -\006\023\002\125\123\061\024\060\022\006\003\125\004\012\014\013 -\101\146\146\151\162\155\124\162\165\163\164\061\034\060\032\006 -\003\125\004\003\014\023\101\146\146\151\162\155\124\162\165\163 -\164\040\120\162\145\155\151\165\155\060\036\027\015\061\060\060 -\061\062\071\061\064\061\060\063\066\132\027\015\064\060\061\062 -\063\061\061\064\061\060\063\066\132\060\101\061\013\060\011\006 -\003\125\004\006\023\002\125\123\061\024\060\022\006\003\125\004 -\012\014\013\101\146\146\151\162\155\124\162\165\163\164\061\034 -\060\032\006\003\125\004\003\014\023\101\146\146\151\162\155\124 -\162\165\163\164\040\120\162\145\155\151\165\155\060\202\002\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\002\017\000\060\202\002\012\002\202\002\001\000\304\022\337 -\251\137\376\101\335\335\365\237\212\343\366\254\341\074\170\232 -\274\330\360\177\172\240\063\052\334\215\040\133\256\055\157\347 -\223\331\066\160\152\150\317\216\121\243\205\133\147\004\240\020 -\044\157\135\050\202\301\227\127\330\110\051\023\266\341\276\221 -\115\337\205\014\123\030\232\036\044\242\117\217\360\242\205\013 -\313\364\051\177\322\244\130\356\046\115\311\252\250\173\232\331 -\372\070\336\104\127\025\345\370\214\310\331\110\342\015\026\047 -\035\036\310\203\205\045\267\272\252\125\101\314\003\042\113\055 -\221\215\213\346\211\257\146\307\351\377\053\351\074\254\332\322 -\263\303\341\150\234\211\370\172\000\126\336\364\125\225\154\373 -\272\144\335\142\213\337\013\167\062\353\142\314\046\232\233\273 -\252\142\203\114\264\006\172\060\310\051\277\355\006\115\227\271 -\034\304\061\053\325\137\274\123\022\027\234\231\127\051\146\167 -\141\041\061\007\056\045\111\235\030\362\356\363\053\161\214\265 -\272\071\007\111\167\374\357\056\222\220\005\215\055\057\167\173 -\357\103\277\065\273\232\330\371\163\247\054\362\320\127\356\050 -\116\046\137\217\220\150\011\057\270\370\334\006\351\056\232\076 -\121\247\321\042\304\012\247\070\110\154\263\371\377\175\253\206 -\127\343\272\326\205\170\167\272\103\352\110\177\366\330\276\043 -\155\036\277\321\066\154\130\134\361\356\244\031\124\032\365\003 -\322\166\346\341\214\275\074\263\323\110\113\342\310\370\177\222 -\250\166\106\234\102\145\076\244\036\301\007\003\132\106\055\270 -\227\363\267\325\262\125\041\357\272\334\114\000\227\373\024\225 -\047\063\277\350\103\107\106\322\010\231\026\140\073\232\176\322 -\346\355\070\352\354\001\036\074\110\126\111\011\307\114\067\000 -\236\210\016\300\163\341\157\146\351\162\107\060\076\020\345\013 -\003\311\232\102\000\154\305\224\176\141\304\212\337\177\202\032 -\013\131\304\131\062\167\263\274\140\151\126\071\375\264\006\173 -\054\326\144\066\331\275\110\355\204\037\176\245\042\217\052\270 -\102\364\202\267\324\123\220\170\116\055\032\375\201\157\104\327 -\073\001\164\226\102\340\000\342\056\153\352\305\356\162\254\273 -\277\376\352\252\250\370\334\366\262\171\212\266\147\002\003\001 -\000\001\243\102\060\100\060\035\006\003\125\035\016\004\026\004 -\024\235\300\147\246\014\042\331\046\365\105\253\246\145\122\021 -\047\330\105\254\143\060\017\006\003\125\035\023\001\001\377\004 -\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\015\006\011\052\206\110\206\367\015 -\001\001\014\005\000\003\202\002\001\000\263\127\115\020\142\116 -\072\344\254\352\270\034\257\062\043\310\263\111\132\121\234\166 -\050\215\171\252\127\106\027\325\365\122\366\267\104\350\010\104 -\277\030\204\322\013\200\315\305\022\375\000\125\005\141\207\101 -\334\265\044\236\074\304\330\310\373\160\236\057\170\226\203\040 -\066\336\174\017\151\023\210\245\165\066\230\010\246\306\337\254 -\316\343\130\326\267\076\336\272\363\353\064\100\330\242\201\365 -\170\077\057\325\245\374\331\242\324\136\004\016\027\255\376\101 -\360\345\262\162\372\104\202\063\102\350\055\130\367\126\214\142 -\077\272\102\260\234\014\134\176\056\145\046\134\123\117\000\262 -\170\176\241\015\231\055\215\270\035\216\242\304\260\375\140\320 -\060\244\216\310\004\142\251\304\355\065\336\172\227\355\016\070 -\136\222\057\223\160\245\251\234\157\247\175\023\035\176\306\010 -\110\261\136\147\353\121\010\045\351\346\045\153\122\051\221\234 -\322\071\163\010\127\336\231\006\264\133\235\020\006\341\302\000 -\250\270\034\112\002\012\024\320\301\101\312\373\214\065\041\175 -\202\070\362\251\124\221\031\065\223\224\155\152\072\305\262\320 -\273\211\206\223\350\233\311\017\072\247\172\270\241\360\170\106 -\372\374\067\057\345\212\204\363\337\376\004\331\241\150\240\057 -\044\342\011\225\006\325\225\312\341\044\226\353\174\366\223\005 -\273\355\163\351\055\321\165\071\327\347\044\333\330\116\137\103 -\217\236\320\024\071\277\125\160\110\231\127\061\264\234\356\112 -\230\003\226\060\037\140\006\356\033\043\376\201\140\043\032\107 -\142\205\245\314\031\064\200\157\263\254\032\343\237\360\173\110 -\255\325\001\331\147\266\251\162\223\352\055\146\265\262\270\344 -\075\074\262\357\114\214\352\353\007\277\253\065\232\125\206\274 -\030\246\265\250\136\264\203\154\153\151\100\323\237\334\361\303 -\151\153\271\341\155\011\364\361\252\120\166\012\172\175\172\027 -\241\125\226\102\231\061\011\335\140\021\215\005\060\176\346\216 -\106\321\235\024\332\307\027\344\005\226\214\304\044\265\033\317 -\024\007\262\100\370\243\236\101\206\274\004\320\153\226\310\052 -\200\064\375\277\357\006\243\335\130\305\205\075\076\217\376\236 -\051\340\266\270\011\150\031\034\030\103 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "AffirmTrust Premium" -# Issuer: CN=AffirmTrust Premium,O=AffirmTrust,C=US -# Serial Number:6d:8c:14:46:b1:a6:0a:ee -# Subject: CN=AffirmTrust Premium,O=AffirmTrust,C=US -# Not Valid Before: Fri Jan 29 14:10:36 2010 -# Not Valid After : Mon Dec 31 14:10:36 2040 -# Fingerprint (MD5): C4:5D:0E:48:B6:AC:28:30:4E:0A:BC:F9:38:16:87:57 -# Fingerprint (SHA1): D8:A6:33:2C:E0:03:6F:B1:85:F6:63:4F:7D:6A:06:65:26:32:28:27 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AffirmTrust Premium" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\330\246\063\054\340\003\157\261\205\366\143\117\175\152\006\145 -\046\062\050\047 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\304\135\016\110\266\254\050\060\116\012\274\371\070\026\207\127 -END -CKA_ISSUER MULTILINE_OCTAL -\060\101\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155 -\124\162\165\163\164\061\034\060\032\006\003\125\004\003\014\023 -\101\146\146\151\162\155\124\162\165\163\164\040\120\162\145\155 -\151\165\155 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\155\214\024\106\261\246\012\356 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "AffirmTrust Premium ECC" -# -# Issuer: CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US -# Serial Number:74:97:25:8a:c7:3f:7a:54 -# Subject: CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US -# Not Valid Before: Fri Jan 29 14:20:24 2010 -# Not Valid After : Mon Dec 31 14:20:24 2040 -# Fingerprint (MD5): 64:B0:09:55:CF:B1:D5:99:E2:BE:13:AB:A6:5D:EA:4D -# Fingerprint (SHA1): B8:23:6B:00:2F:1D:16:86:53:01:55:6C:11:A4:37:CA:EB:FF:C3:BB -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AffirmTrust Premium ECC" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155 -\124\162\165\163\164\061\040\060\036\006\003\125\004\003\014\027 -\101\146\146\151\162\155\124\162\165\163\164\040\120\162\145\155 -\151\165\155\040\105\103\103 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155 -\124\162\165\163\164\061\040\060\036\006\003\125\004\003\014\027 -\101\146\146\151\162\155\124\162\165\163\164\040\120\162\145\155 -\151\165\155\040\105\103\103 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\164\227\045\212\307\077\172\124 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\001\376\060\202\001\205\240\003\002\001\002\002\010\164 -\227\045\212\307\077\172\124\060\012\006\010\052\206\110\316\075 -\004\003\003\060\105\061\013\060\011\006\003\125\004\006\023\002 -\125\123\061\024\060\022\006\003\125\004\012\014\013\101\146\146 -\151\162\155\124\162\165\163\164\061\040\060\036\006\003\125\004 -\003\014\027\101\146\146\151\162\155\124\162\165\163\164\040\120 -\162\145\155\151\165\155\040\105\103\103\060\036\027\015\061\060 -\060\061\062\071\061\064\062\060\062\064\132\027\015\064\060\061 -\062\063\061\061\064\062\060\062\064\132\060\105\061\013\060\011 -\006\003\125\004\006\023\002\125\123\061\024\060\022\006\003\125 -\004\012\014\013\101\146\146\151\162\155\124\162\165\163\164\061 -\040\060\036\006\003\125\004\003\014\027\101\146\146\151\162\155 -\124\162\165\163\164\040\120\162\145\155\151\165\155\040\105\103 -\103\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005 -\053\201\004\000\042\003\142\000\004\015\060\136\033\025\235\003 -\320\241\171\065\267\072\074\222\172\312\025\034\315\142\363\234 -\046\134\007\075\345\124\372\243\326\314\022\352\364\024\137\350 -\216\031\253\057\056\110\346\254\030\103\170\254\320\067\303\275 -\262\315\054\346\107\342\032\346\143\270\075\056\057\170\304\117 -\333\364\017\244\150\114\125\162\153\225\035\116\030\102\225\170 -\314\067\074\221\342\233\145\053\051\243\102\060\100\060\035\006 -\003\125\035\016\004\026\004\024\232\257\051\172\300\021\065\065 -\046\121\060\000\303\152\376\100\325\256\326\074\060\017\006\003 -\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006 -\003\125\035\017\001\001\377\004\004\003\002\001\006\060\012\006 -\010\052\206\110\316\075\004\003\003\003\147\000\060\144\002\060 -\027\011\363\207\210\120\132\257\310\300\102\277\107\137\365\154 -\152\206\340\304\047\164\344\070\123\327\005\177\033\064\343\306 -\057\263\312\011\074\067\235\327\347\270\106\361\375\241\342\161 -\002\060\102\131\207\103\324\121\337\272\323\011\062\132\316\210 -\176\127\075\234\137\102\153\365\007\055\265\360\202\223\371\131 -\157\256\144\372\130\345\213\036\343\143\276\265\201\315\157\002 -\214\171 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "AffirmTrust Premium ECC" -# Issuer: CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US -# Serial Number:74:97:25:8a:c7:3f:7a:54 -# Subject: CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US -# Not Valid Before: Fri Jan 29 14:20:24 2010 -# Not Valid After : Mon Dec 31 14:20:24 2040 -# Fingerprint (MD5): 64:B0:09:55:CF:B1:D5:99:E2:BE:13:AB:A6:5D:EA:4D -# Fingerprint (SHA1): B8:23:6B:00:2F:1D:16:86:53:01:55:6C:11:A4:37:CA:EB:FF:C3:BB -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AffirmTrust Premium ECC" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\270\043\153\000\057\035\026\206\123\001\125\154\021\244\067\312 -\353\377\303\273 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\144\260\011\125\317\261\325\231\342\276\023\253\246\135\352\115 -END -CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155 -\124\162\165\163\164\061\040\060\036\006\003\125\004\003\014\027 -\101\146\146\151\162\155\124\162\165\163\164\040\120\162\145\155 -\151\165\155\040\105\103\103 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\164\227\045\212\307\077\172\124 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Certum Trusted Network CA" -# -# Issuer: CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL -# Serial Number: 279744 (0x444c0) -# Subject: CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL -# Not Valid Before: Wed Oct 22 12:07:37 2008 -# Not Valid After : Mon Dec 31 12:07:37 2029 -# Fingerprint (MD5): D5:E9:81:40:C5:18:69:FC:46:2C:89:75:62:0F:AA:78 -# Fingerprint (SHA1): 07:E0:32:E0:20:B7:2C:3F:19:2F:06:28:A2:59:3A:19:A7:0F:06:9E -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certum Trusted Network CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\176\061\013\060\011\006\003\125\004\006\023\002\120\114\061 -\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145\164 -\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040\123 -\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103\145 -\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\061\042\060\040 -\006\003\125\004\003\023\031\103\145\162\164\165\155\040\124\162 -\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\176\061\013\060\011\006\003\125\004\006\023\002\120\114\061 -\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145\164 -\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040\123 -\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103\145 -\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\061\042\060\040 -\006\003\125\004\003\023\031\103\145\162\164\165\155\040\124\162 -\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\003\004\104\300 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\273\060\202\002\243\240\003\002\001\002\002\003\004 -\104\300\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\060\176\061\013\060\011\006\003\125\004\006\023\002\120\114 -\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145 -\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040 -\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103 -\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\061\042\060 -\040\006\003\125\004\003\023\031\103\145\162\164\165\155\040\124 -\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103 -\101\060\036\027\015\060\070\061\060\062\062\061\062\060\067\063 -\067\132\027\015\062\071\061\062\063\061\061\062\060\067\063\067 -\132\060\176\061\013\060\011\006\003\125\004\006\023\002\120\114 -\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145 -\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040 -\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103 -\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\061\042\060 -\040\006\003\125\004\003\023\031\103\145\162\164\165\155\040\124 -\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103 -\101\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001 -\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001 -\001\000\343\373\175\243\162\272\302\360\311\024\207\365\153\001 -\116\341\156\100\007\272\155\047\135\177\367\133\055\263\132\307 -\121\137\253\244\062\246\141\207\266\156\017\206\322\060\002\227 -\370\327\151\127\241\030\071\135\152\144\171\306\001\131\254\074 -\061\112\070\174\322\004\322\113\050\350\040\137\073\007\242\314 -\115\163\333\363\256\117\307\126\325\132\247\226\211\372\363\253 -\150\324\043\206\131\047\317\011\047\274\254\156\162\203\034\060 -\162\337\340\242\351\322\341\164\165\031\275\052\236\173\025\124 -\004\033\327\103\071\255\125\050\305\342\032\273\364\300\344\256 -\070\111\063\314\166\205\237\071\105\322\244\236\362\022\214\121 -\370\174\344\055\177\365\254\137\353\026\237\261\055\321\272\314 -\221\102\167\114\045\311\220\070\157\333\360\314\373\216\036\227 -\131\076\325\140\116\346\005\050\355\111\171\023\113\272\110\333 -\057\371\162\323\071\312\376\037\330\064\162\365\264\100\317\061 -\001\303\354\336\021\055\027\135\037\270\120\321\136\031\247\151 -\336\007\063\050\312\120\225\371\247\124\313\124\206\120\105\251 -\371\111\002\003\001\000\001\243\102\060\100\060\017\006\003\125 -\035\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003 -\125\035\016\004\026\004\024\010\166\315\313\007\377\044\366\305 -\315\355\273\220\274\342\204\067\106\165\367\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\015\006\011\052 -\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000\246 -\250\255\042\316\001\075\246\243\377\142\320\110\235\213\136\162 -\260\170\104\343\334\034\257\011\375\043\110\372\275\052\304\271 -\125\004\265\020\243\215\047\336\013\202\143\320\356\336\014\067 -\171\101\133\042\262\260\232\101\134\246\160\340\324\320\167\313 -\043\323\000\340\154\126\057\341\151\015\015\331\252\277\041\201 -\120\331\006\245\250\377\225\067\320\252\376\342\263\365\231\055 -\105\204\212\345\102\011\327\164\002\057\367\211\330\231\351\274 -\047\324\107\215\272\015\106\034\167\317\024\244\034\271\244\061 -\304\234\050\164\003\064\377\063\031\046\245\351\015\164\267\076 -\227\306\166\350\047\226\243\146\335\341\256\362\101\133\312\230 -\126\203\163\160\344\206\032\322\061\101\272\057\276\055\023\132 -\166\157\116\350\116\201\016\077\133\003\042\240\022\276\146\130 -\021\112\313\003\304\264\052\052\055\226\027\340\071\124\274\110 -\323\166\047\235\232\055\006\246\311\354\071\322\253\333\237\232 -\013\047\002\065\051\261\100\225\347\371\350\234\125\210\031\106 -\326\267\064\365\176\316\071\232\331\070\361\121\367\117\054 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Certum Trusted Network CA" -# Issuer: CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL -# Serial Number: 279744 (0x444c0) -# Subject: CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL -# Not Valid Before: Wed Oct 22 12:07:37 2008 -# Not Valid After : Mon Dec 31 12:07:37 2029 -# Fingerprint (MD5): D5:E9:81:40:C5:18:69:FC:46:2C:89:75:62:0F:AA:78 -# Fingerprint (SHA1): 07:E0:32:E0:20:B7:2C:3F:19:2F:06:28:A2:59:3A:19:A7:0F:06:9E -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certum Trusted Network CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\007\340\062\340\040\267\054\077\031\057\006\050\242\131\072\031 -\247\017\006\236 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\325\351\201\100\305\030\151\374\106\054\211\165\142\017\252\170 -END -CKA_ISSUER MULTILINE_OCTAL -\060\176\061\013\060\011\006\003\125\004\006\023\002\120\114\061 -\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145\164 -\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040\123 -\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103\145 -\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\061\042\060\040 -\006\003\125\004\003\023\031\103\145\162\164\165\155\040\124\162 -\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\003\004\104\300 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "TWCA Root Certification Authority" -# -# Issuer: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW -# Serial Number: 1 (0x1) -# Subject: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW -# Not Valid Before: Thu Aug 28 07:24:33 2008 -# Not Valid After : Tue Dec 31 15:59:59 2030 -# Fingerprint (MD5): AA:08:8F:F6:F9:7B:B7:F2:B1:A7:1E:9B:EA:EA:BD:79 -# Fingerprint (SHA1): CF:9E:87:6D:D3:EB:FC:42:26:97:A3:B5:A3:7A:A0:76:A9:06:23:48 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TWCA Root Certification Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\124\127\061 -\022\060\020\006\003\125\004\012\014\011\124\101\111\127\101\116 -\055\103\101\061\020\060\016\006\003\125\004\013\014\007\122\157 -\157\164\040\103\101\061\052\060\050\006\003\125\004\003\014\041 -\124\127\103\101\040\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\124\127\061 -\022\060\020\006\003\125\004\012\014\011\124\101\111\127\101\116 -\055\103\101\061\020\060\016\006\003\125\004\013\014\007\122\157 -\157\164\040\103\101\061\052\060\050\006\003\125\004\003\014\041 -\124\127\103\101\040\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\173\060\202\002\143\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\137\061\013\060\011\006\003\125\004\006\023\002\124\127\061\022 -\060\020\006\003\125\004\012\014\011\124\101\111\127\101\116\055 -\103\101\061\020\060\016\006\003\125\004\013\014\007\122\157\157 -\164\040\103\101\061\052\060\050\006\003\125\004\003\014\041\124 -\127\103\101\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\060\036\027\015\060\070\060\070\062\070\060\067\062\064\063\063 -\132\027\015\063\060\061\062\063\061\061\065\065\071\065\071\132 -\060\137\061\013\060\011\006\003\125\004\006\023\002\124\127\061 -\022\060\020\006\003\125\004\012\014\011\124\101\111\127\101\116 -\055\103\101\061\020\060\016\006\003\125\004\013\014\007\122\157 -\157\164\040\103\101\061\052\060\050\006\003\125\004\003\014\041 -\124\127\103\101\040\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001 -\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001 -\001\000\260\176\162\270\244\003\224\346\247\336\011\070\221\112 -\021\100\207\247\174\131\144\024\173\265\021\020\335\376\277\325 -\300\273\126\342\205\045\364\065\162\017\370\123\320\101\341\104 -\001\302\264\034\303\061\102\026\107\205\063\042\166\262\012\157 -\017\345\045\120\117\205\206\276\277\230\056\020\147\036\276\021 -\005\206\005\220\304\131\320\174\170\020\260\200\134\267\341\307 -\053\165\313\174\237\256\265\321\235\043\067\143\247\334\102\242 -\055\222\004\033\120\301\173\270\076\033\311\126\004\213\057\122 -\233\255\251\126\351\301\377\255\251\130\207\060\266\201\367\227 -\105\374\031\127\073\053\157\344\107\364\231\105\376\035\361\370 -\227\243\210\035\067\034\134\217\340\166\045\232\120\370\240\124 -\377\104\220\166\043\322\062\306\303\253\006\277\374\373\277\363 -\255\175\222\142\002\133\051\323\065\243\223\232\103\144\140\135 -\262\372\062\377\073\004\257\115\100\152\371\307\343\357\043\375 -\153\313\345\017\213\070\015\356\012\374\376\017\230\237\060\061 -\335\154\122\145\371\213\201\276\042\341\034\130\003\272\221\033 -\211\007\002\003\001\000\001\243\102\060\100\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125 -\035\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003 -\125\035\016\004\026\004\024\152\070\133\046\215\336\213\132\362 -\117\172\124\203\031\030\343\010\065\246\272\060\015\006\011\052 -\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000\074 -\325\167\075\332\337\211\272\207\014\010\124\152\040\120\222\276 -\260\101\075\271\046\144\203\012\057\350\100\300\227\050\047\202 -\060\112\311\223\377\152\347\246\000\177\211\102\232\326\021\345 -\123\316\057\314\362\332\005\304\376\342\120\304\072\206\175\314 -\332\176\020\011\073\222\065\052\123\262\376\353\053\005\331\154 -\135\346\320\357\323\152\146\236\025\050\205\172\350\202\000\254 -\036\247\011\151\126\102\323\150\121\030\276\124\232\277\104\101 -\272\111\276\040\272\151\134\356\270\167\315\316\154\037\255\203 -\226\030\175\016\265\024\071\204\361\050\351\055\243\236\173\036 -\172\162\132\203\263\171\157\357\264\374\320\012\245\130\117\106 -\337\373\155\171\131\362\204\042\122\256\017\314\373\174\073\347 -\152\312\107\141\303\172\370\323\222\004\037\270\040\204\341\066 -\124\026\307\100\336\073\212\163\334\337\306\011\114\337\354\332 -\377\324\123\102\241\311\362\142\035\042\203\074\227\305\371\031 -\142\047\254\145\042\327\323\074\306\345\216\262\123\314\111\316 -\274\060\376\173\016\063\220\373\355\322\024\221\037\007\257 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "TWCA Root Certification Authority" -# Issuer: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW -# Serial Number: 1 (0x1) -# Subject: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW -# Not Valid Before: Thu Aug 28 07:24:33 2008 -# Not Valid After : Tue Dec 31 15:59:59 2030 -# Fingerprint (MD5): AA:08:8F:F6:F9:7B:B7:F2:B1:A7:1E:9B:EA:EA:BD:79 -# Fingerprint (SHA1): CF:9E:87:6D:D3:EB:FC:42:26:97:A3:B5:A3:7A:A0:76:A9:06:23:48 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TWCA Root Certification Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\317\236\207\155\323\353\374\102\046\227\243\265\243\172\240\166 -\251\006\043\110 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\252\010\217\366\371\173\267\362\261\247\036\233\352\352\275\171 -END -CKA_ISSUER MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\124\127\061 -\022\060\020\006\003\125\004\012\014\011\124\101\111\127\101\116 -\055\103\101\061\020\060\016\006\003\125\004\013\014\007\122\157 -\157\164\040\103\101\061\052\060\050\006\003\125\004\003\014\041 -\124\127\103\101\040\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Explicitly Distrust DigiNotar Root CA" -# -# Issuer: E=info@diginotar.nl,CN=DigiNotar Root CA,O=DigiNotar,C=NL -# Serial Number:0f:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff -# Subject: E=info@diginotar.nl,CN=DigiNotar Root CA,O=DigiNotar,C=NL -# Not Valid Before: Fri Jul 27 17:19:37 2007 -# Not Valid After : Mon Mar 31 18:19:22 2025 -# Fingerprint (MD5): 0A:A4:D5:CC:BA:B4:FB:A3:59:E3:E6:01:DD:53:D9:4E -# Fingerprint (SHA1): C1:77:CB:4B:E0:B4:26:8E:F5:C7:CF:45:99:22:B9:B0:CE:BA:21:2F -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157 -\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151 -\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061 -\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021 -\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156 -\154 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157 -\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151 -\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061 -\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021 -\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156 -\154 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\017\377\377\377\377\377\377\377\377\377\377\377\377\377 -\377\377 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\212\060\202\003\162\240\003\002\001\002\002\020\017 -\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\137 -\061\013\060\011\006\003\125\004\006\023\002\116\114\061\022\060 -\020\006\003\125\004\012\023\011\104\151\147\151\116\157\164\141 -\162\061\032\060\030\006\003\125\004\003\023\021\104\151\147\151 -\116\157\164\141\162\040\122\157\157\164\040\103\101\061\040\060 -\036\006\011\052\206\110\206\367\015\001\011\001\026\021\151\156 -\146\157\100\144\151\147\151\156\157\164\141\162\056\156\154\060 -\036\027\015\060\067\060\067\062\067\061\067\061\071\063\067\132 -\027\015\062\065\060\063\063\061\061\070\061\071\062\062\132\060 -\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061\022 -\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157\164 -\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151\147 -\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061\040 -\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021\151 -\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156\154 -\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 -\000\254\260\130\301\000\275\330\041\010\013\053\232\376\156\126 -\060\005\237\033\167\220\020\101\134\303\015\207\021\167\216\201 -\361\312\174\351\214\152\355\070\164\065\273\332\337\371\273\300 -\011\067\264\226\163\201\175\063\032\230\071\367\223\157\225\177 -\075\271\261\165\207\272\121\110\350\213\160\076\225\004\305\330 -\266\303\026\331\210\260\261\207\035\160\332\206\264\017\024\213 -\172\317\020\321\164\066\242\022\173\167\206\112\171\346\173\337 -\002\021\150\245\116\206\256\064\130\233\044\023\170\126\042\045 -\036\001\213\113\121\161\373\202\314\131\226\151\210\132\150\123 -\305\271\015\002\067\313\113\274\146\112\220\176\052\013\005\007 -\355\026\137\125\220\165\330\106\311\033\203\342\010\276\361\043 -\314\231\035\326\052\017\203\040\025\130\047\202\056\372\342\042 -\302\111\261\271\001\201\152\235\155\235\100\167\150\166\116\041 -\052\155\204\100\205\116\166\231\174\202\363\363\267\002\131\324 -\046\001\033\216\337\255\123\006\321\256\030\335\342\262\072\313 -\327\210\070\216\254\133\051\271\031\323\230\371\030\003\317\110 -\202\206\146\013\033\151\017\311\353\070\210\172\046\032\005\114 -\222\327\044\324\226\362\254\122\055\243\107\325\122\366\077\376 -\316\204\006\160\246\252\076\242\362\266\126\064\030\127\242\344 -\201\155\347\312\360\152\323\307\221\153\002\203\101\174\025\357 -\153\232\144\136\343\320\074\345\261\353\173\135\206\373\313\346 -\167\111\315\243\145\334\367\271\234\270\344\013\137\223\317\314 -\060\032\062\034\316\034\143\225\245\371\352\341\164\213\236\351 -\053\251\060\173\240\030\037\016\030\013\345\133\251\323\321\154 -\036\007\147\217\221\113\251\212\274\322\146\252\223\001\210\262 -\221\372\061\134\325\246\301\122\010\011\315\012\143\242\323\042 -\246\350\241\331\071\006\227\365\156\215\002\220\214\024\173\077 -\200\315\033\234\272\304\130\162\043\257\266\126\237\306\172\102 -\063\051\007\077\202\311\346\037\005\015\315\114\050\066\213\323 -\310\076\034\306\210\357\136\356\211\144\351\035\353\332\211\176 -\062\246\151\321\335\314\210\237\321\320\311\146\041\334\006\147 -\305\224\172\232\155\142\114\175\314\340\144\200\262\236\107\216 -\243\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125 -\035\016\004\026\004\024\210\150\277\340\216\065\304\073\070\153 -\142\367\050\073\204\201\310\014\327\115\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\003\202\002\001\000\073\002 -\215\313\074\060\350\156\240\255\362\163\263\137\236\045\023\004 -\005\323\366\343\213\273\013\171\316\123\336\344\226\305\321\257 -\163\274\325\303\320\100\125\174\100\177\315\033\137\011\325\362 -\174\237\150\035\273\135\316\172\071\302\214\326\230\173\305\203 -\125\250\325\175\100\312\340\036\367\211\136\143\135\241\023\302 -\135\212\266\212\174\000\363\043\303\355\205\137\161\166\360\150 -\143\252\105\041\071\110\141\170\066\334\361\103\223\324\045\307 -\362\200\145\341\123\002\165\121\374\172\072\357\067\253\204\050 -\127\014\330\324\324\231\126\154\343\242\376\131\204\264\061\350 -\063\370\144\224\224\121\227\253\071\305\113\355\332\335\200\013 -\157\174\051\015\304\216\212\162\015\347\123\024\262\140\101\075 -\204\221\061\150\075\047\104\333\345\336\364\372\143\105\310\114 -\076\230\365\077\101\272\116\313\067\015\272\146\230\361\335\313 -\237\134\367\124\066\202\153\054\274\023\141\227\102\370\170\273 -\314\310\242\237\312\360\150\275\153\035\262\337\215\157\007\235 -\332\216\147\307\107\036\312\271\277\052\102\221\267\143\123\146 -\361\102\243\341\364\132\115\130\153\265\344\244\063\255\134\160 -\035\334\340\362\353\163\024\221\232\003\301\352\000\145\274\007 -\374\317\022\021\042\054\256\240\275\072\340\242\052\330\131\351 -\051\323\030\065\244\254\021\137\031\265\265\033\377\042\112\134 -\306\172\344\027\357\040\251\247\364\077\255\212\247\232\004\045 -\235\016\312\067\346\120\375\214\102\051\004\232\354\271\317\113 -\162\275\342\010\066\257\043\057\142\345\312\001\323\160\333\174 -\202\043\054\026\061\014\306\066\007\220\172\261\037\147\130\304 -\073\130\131\211\260\214\214\120\263\330\206\313\150\243\304\012 -\347\151\113\040\316\301\036\126\113\225\251\043\150\330\060\330 -\303\353\260\125\121\315\345\375\053\270\365\273\021\237\123\124 -\366\064\031\214\171\011\066\312\141\027\045\027\013\202\230\163 -\014\167\164\303\325\015\307\250\022\114\307\247\124\161\107\056 -\054\032\175\311\343\053\073\110\336\047\204\247\143\066\263\175 -\217\240\144\071\044\015\075\173\207\257\146\134\164\033\113\163 -\262\345\214\360\206\231\270\345\305\337\204\301\267\353 -END - -# Trust for Certificate "Explicitly Distrust DigiNotar Root CA" -# Issuer: E=info@diginotar.nl,CN=DigiNotar Root CA,O=DigiNotar,C=NL -# Serial Number:0f:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff -# Subject: E=info@diginotar.nl,CN=DigiNotar Root CA,O=DigiNotar,C=NL -# Not Valid Before: Fri Jul 27 17:19:37 2007 -# Not Valid After : Mon Mar 31 18:19:22 2025 -# Fingerprint (MD5): 0A:A4:D5:CC:BA:B4:FB:A3:59:E3:E6:01:DD:53:D9:4E -# Fingerprint (SHA1): C1:77:CB:4B:E0:B4:26:8E:F5:C7:CF:45:99:22:B9:B0:CE:BA:21:2F -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\301\167\313\113\340\264\046\216\365\307\317\105\231\042\271\260 -\316\272\041\057 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\012\244\325\314\272\264\373\243\131\343\346\001\335\123\331\116 -END -CKA_ISSUER MULTILINE_OCTAL -\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157 -\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151 -\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061 -\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021 -\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156 -\154 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\017\377\377\377\377\377\377\377\377\377\377\377\377\377 -\377\377 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2" -# -# Issuer: CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL -# Serial Number: 268435455 (0xfffffff) -# Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL -# Not Valid Before: Wed May 12 08:51:39 2010 -# Not Valid After : Mon Mar 23 09:50:05 2020 -# Fingerprint (MD5): 2E:61:A2:D1:78:CE:EE:BF:59:33:B0:23:14:0F:94:1C -# Fingerprint (SHA1): D5:F2:57:A9:BF:2D:D0:3F:8B:46:57:F9:2B:C9:A4:C6:92:E1:42:42 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Explicitly Distrusted DigiNotar PKIoverheid G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\027\060\025\006\003\125\004\012\014\016\104\151\147\151\116\157 -\164\141\162\040\102\056\126\056\061\062\060\060\006\003\125\004 -\003\014\051\104\151\147\151\116\157\164\141\162\040\120\113\111 -\157\166\145\162\150\145\151\144\040\103\101\040\117\162\147\141 -\156\151\163\141\164\151\145\040\055\040\107\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\027\060\025\006\003\125\004\012\014\016\104\151\147\151\116\157 -\164\141\162\040\102\056\126\056\061\062\060\060\006\003\125\004 -\003\014\051\104\151\147\151\116\157\164\141\162\040\120\113\111 -\157\166\145\162\150\145\151\144\040\103\101\040\117\162\147\141 -\156\151\163\141\164\151\145\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\017\377\377\377 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\006\225\060\202\004\175\240\003\002\001\002\002\004\017 -\377\377\377\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\060\132\061\013\060\011\006\003\125\004\006\023\002\116 -\114\061\027\060\025\006\003\125\004\012\014\016\104\151\147\151 -\116\157\164\141\162\040\102\056\126\056\061\062\060\060\006\003 -\125\004\003\014\051\104\151\147\151\116\157\164\141\162\040\120 -\113\111\157\166\145\162\150\145\151\144\040\103\101\040\117\162 -\147\141\156\151\163\141\164\151\145\040\055\040\107\062\060\036 -\027\015\061\060\060\065\061\062\060\070\065\061\063\071\132\027 -\015\062\060\060\063\062\063\060\071\065\060\060\065\132\060\132 -\061\013\060\011\006\003\125\004\006\023\002\116\114\061\027\060 -\025\006\003\125\004\012\014\016\104\151\147\151\116\157\164\141 -\162\040\102\056\126\056\061\062\060\060\006\003\125\004\003\014 -\051\104\151\147\151\116\157\164\141\162\040\120\113\111\157\166 -\145\162\150\145\151\144\040\103\101\040\117\162\147\141\156\151 -\163\141\164\151\145\040\055\040\107\062\060\202\002\042\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002 -\017\000\060\202\002\012\002\202\002\001\000\261\023\031\017\047 -\346\154\324\125\206\113\320\354\211\212\105\221\170\254\107\275 -\107\053\344\374\105\353\117\264\046\163\133\067\323\303\177\366 -\343\336\327\243\370\055\150\305\010\076\113\224\326\344\207\045 -\066\153\204\265\030\164\363\050\130\163\057\233\152\317\274\004 -\036\366\336\335\257\374\113\252\365\333\146\142\045\001\045\202 -\336\362\227\132\020\156\335\135\251\042\261\004\251\043\163\072 -\370\161\255\035\317\204\104\353\107\321\257\155\310\174\050\253 -\307\362\067\172\164\137\137\305\002\024\212\243\132\343\033\154 -\001\343\135\216\331\150\326\364\011\033\062\334\221\265\054\365 -\040\353\214\003\155\046\111\270\223\304\205\135\330\322\233\257 -\126\152\314\005\063\314\240\102\236\064\125\104\234\153\240\324 -\022\320\053\124\315\267\211\015\345\366\353\350\373\205\001\063 -\117\172\153\361\235\162\063\226\016\367\262\204\245\245\047\304 -\047\361\121\163\051\167\272\147\156\376\114\334\264\342\241\241 -\201\057\071\111\215\103\070\023\316\320\245\134\302\207\072\000 -\147\145\102\043\361\066\131\012\035\243\121\310\274\243\224\052 -\061\337\343\074\362\235\032\074\004\260\357\261\012\060\023\163 -\266\327\363\243\114\001\165\024\205\170\300\327\212\071\130\205 -\120\372\056\346\305\276\317\213\077\257\217\066\324\045\011\055 -\322\017\254\162\223\362\277\213\324\120\263\371\025\120\233\231 -\365\024\331\373\213\221\243\062\046\046\240\370\337\073\140\201 -\206\203\171\133\053\353\023\075\051\072\301\155\335\275\236\216 -\207\326\112\256\064\227\005\356\024\246\366\334\070\176\112\351 -\044\124\007\075\227\150\067\106\153\015\307\250\041\257\023\124 -\344\011\152\361\115\106\012\311\135\373\233\117\275\336\373\267 -\124\313\270\070\234\247\071\373\152\055\300\173\215\253\245\247 -\127\354\112\222\212\063\305\341\040\134\163\330\220\222\053\200 -\325\017\206\030\151\174\071\117\204\206\274\367\114\133\363\325 -\264\312\240\302\360\067\042\312\171\122\037\123\346\252\363\220 -\260\073\335\362\050\375\254\353\305\006\044\240\311\324\057\017 -\130\375\265\236\354\017\317\262\131\320\242\004\172\070\152\256 -\162\373\275\360\045\142\224\011\247\005\013\002\003\001\000\001 -\243\202\001\141\060\202\001\135\060\110\006\003\125\035\040\004 -\101\060\077\060\075\006\004\125\035\040\000\060\065\060\063\006 -\010\053\006\001\005\005\007\002\001\026\047\150\164\164\160\072 -\057\057\167\167\167\056\144\151\147\151\156\157\164\141\162\056 -\156\154\057\143\160\163\057\160\153\151\157\166\145\162\150\145 -\151\144\060\017\006\003\125\035\023\001\001\377\004\005\060\003 -\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003 -\002\001\006\060\201\205\006\003\125\035\043\004\176\060\174\200 -\024\071\020\213\111\222\134\333\141\022\040\315\111\235\032\216 -\332\234\147\100\271\241\136\244\134\060\132\061\013\060\011\006 -\003\125\004\006\023\002\116\114\061\036\060\034\006\003\125\004 -\012\014\025\123\164\141\141\164\040\144\145\162\040\116\145\144 -\145\162\154\141\156\144\145\156\061\053\060\051\006\003\125\004 -\003\014\042\123\164\141\141\164\040\144\145\162\040\116\145\144 -\145\162\154\141\156\144\145\156\040\122\157\157\164\040\103\101 -\040\055\040\107\062\202\004\000\230\226\364\060\111\006\003\125 -\035\037\004\102\060\100\060\076\240\074\240\072\206\070\150\164 -\164\160\072\057\057\143\162\154\056\160\153\151\157\166\145\162 -\150\145\151\144\056\156\154\057\104\157\155\117\162\147\141\156 -\151\163\141\164\151\145\114\141\164\145\163\164\103\122\114\055 -\107\062\056\143\162\154\060\035\006\003\125\035\016\004\026\004 -\024\274\135\224\073\331\253\173\003\045\163\141\302\333\055\356 -\374\253\217\145\241\060\015\006\011\052\206\110\206\367\015\001 -\001\013\005\000\003\202\002\001\000\217\374\055\114\267\331\055 -\325\037\275\357\313\364\267\150\027\165\235\116\325\367\335\234 -\361\052\046\355\237\242\266\034\003\325\123\263\354\010\317\064 -\342\343\303\364\265\026\057\310\303\276\327\323\163\253\000\066 -\371\032\112\176\326\143\351\136\106\272\245\266\216\025\267\243 -\052\330\103\035\357\135\310\037\201\205\263\213\367\377\074\364 -\331\364\106\010\077\234\274\035\240\331\250\114\315\045\122\116 -\012\261\040\367\037\351\103\331\124\106\201\023\232\300\136\164 -\154\052\230\062\352\374\167\273\015\245\242\061\230\042\176\174 -\174\347\332\244\255\354\267\056\032\031\161\370\110\120\332\103 -\217\054\204\335\301\100\047\343\265\360\025\116\226\324\370\134 -\343\206\051\106\053\327\073\007\353\070\177\310\206\127\227\323 -\357\052\063\304\027\120\325\144\151\153\053\153\105\136\135\057 -\027\312\132\116\317\303\327\071\074\365\073\237\106\271\233\347 -\016\111\227\235\326\325\343\033\017\352\217\001\116\232\023\224 -\131\012\002\007\110\113\032\140\253\177\117\355\013\330\125\015 -\150\157\125\234\151\145\025\102\354\300\334\335\154\254\303\026 -\316\013\035\126\233\244\304\304\322\056\340\017\342\104\047\053 -\120\151\244\334\142\350\212\041\051\102\154\314\000\072\226\166 -\233\357\100\300\244\136\167\204\062\154\046\052\071\146\256\135 -\343\271\271\262\054\150\037\036\232\220\003\071\360\252\263\244 -\314\111\213\030\064\351\067\311\173\051\307\204\174\157\104\025 -\057\354\141\131\004\311\105\313\242\326\122\242\174\177\051\222 -\326\112\305\213\102\250\324\376\352\330\307\207\043\030\344\235 -\172\175\163\100\122\230\240\256\156\343\005\077\005\017\340\245 -\306\155\115\355\203\067\210\234\307\363\334\102\232\152\266\327 -\041\111\066\167\362\357\030\117\305\160\331\236\351\336\267\053 -\213\364\274\176\050\337\015\100\311\205\134\256\235\305\061\377 -\320\134\016\265\250\176\360\351\057\272\257\210\256\345\265\321 -\130\245\257\234\161\247\051\001\220\203\151\067\202\005\272\374 -\011\301\010\156\214\170\073\303\063\002\200\077\104\205\010\035 -\337\125\126\010\255\054\205\055\135\261\003\341\256\252\164\305 -\244\363\116\272\067\230\173\202\271 -END - -# Trust for Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2" -# Issuer: CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL -# Serial Number: 268435455 (0xfffffff) -# Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL -# Not Valid Before: Wed May 12 08:51:39 2010 -# Not Valid After : Mon Mar 23 09:50:05 2020 -# Fingerprint (MD5): 2E:61:A2:D1:78:CE:EE:BF:59:33:B0:23:14:0F:94:1C -# Fingerprint (SHA1): D5:F2:57:A9:BF:2D:D0:3F:8B:46:57:F9:2B:C9:A4:C6:92:E1:42:42 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Explicitly Distrusted DigiNotar PKIoverheid G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\325\362\127\251\277\055\320\077\213\106\127\371\053\311\244\306 -\222\341\102\102 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\056\141\242\321\170\316\356\277\131\063\260\043\024\017\224\034 -END -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\027\060\025\006\003\125\004\012\014\016\104\151\147\151\116\157 -\164\141\162\040\102\056\126\056\061\062\060\060\006\003\125\004 -\003\014\051\104\151\147\151\116\157\164\141\162\040\120\113\111 -\157\166\145\162\150\145\151\144\040\103\101\040\117\162\147\141 -\156\151\163\141\164\151\145\040\055\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\017\377\377\377 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Security Communication RootCA2" -# -# Issuer: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP -# Serial Number: 0 (0x0) -# Subject: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP -# Not Valid Before: Fri May 29 05:00:39 2009 -# Not Valid After : Tue May 29 05:00:39 2029 -# Fingerprint (MD5): 6C:39:7D:A4:0E:55:59:B2:3F:D6:41:B1:12:50:DE:43 -# Fingerprint (SHA1): 5F:3B:8C:F2:F8:10:B3:7D:78:B4:CE:EC:19:19:C3:73:34:B9:C7:74 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Security Communication RootCA2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\135\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040 -\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117 -\056\054\114\124\104\056\061\047\060\045\006\003\125\004\013\023 -\036\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156 -\151\143\141\164\151\157\156\040\122\157\157\164\103\101\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\135\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040 -\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117 -\056\054\114\124\104\056\061\047\060\045\006\003\125\004\013\023 -\036\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156 -\151\143\141\164\151\157\156\040\122\157\157\164\103\101\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\167\060\202\002\137\240\003\002\001\002\002\001\000 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\135\061\013\060\011\006\003\125\004\006\023\002\112\120\061\045 -\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040\124 -\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117\056 -\054\114\124\104\056\061\047\060\045\006\003\125\004\013\023\036 -\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156\151 -\143\141\164\151\157\156\040\122\157\157\164\103\101\062\060\036 -\027\015\060\071\060\065\062\071\060\065\060\060\063\071\132\027 -\015\062\071\060\065\062\071\060\065\060\060\063\071\132\060\135 -\061\013\060\011\006\003\125\004\006\023\002\112\120\061\045\060 -\043\006\003\125\004\012\023\034\123\105\103\117\115\040\124\162 -\165\163\164\040\123\171\163\164\145\155\163\040\103\117\056\054 -\114\124\104\056\061\047\060\045\006\003\125\004\013\023\036\123 -\145\143\165\162\151\164\171\040\103\157\155\155\165\156\151\143 -\141\164\151\157\156\040\122\157\157\164\103\101\062\060\202\001 -\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000 -\003\202\001\017\000\060\202\001\012\002\202\001\001\000\320\025 -\071\122\261\122\263\272\305\131\202\304\135\122\256\072\103\145 -\200\113\307\362\226\274\333\066\227\326\246\144\214\250\136\360 -\343\012\034\367\337\227\075\113\256\366\135\354\041\265\101\253 -\315\271\176\166\237\276\371\076\066\064\240\073\301\366\061\021 -\105\164\223\075\127\200\305\371\211\231\312\345\253\152\324\265 -\332\101\220\020\301\326\326\102\211\302\277\364\070\022\225\114 -\124\005\367\066\344\105\203\173\024\145\326\334\014\115\321\336 -\176\014\253\073\304\025\276\072\126\246\132\157\166\151\122\251 -\172\271\310\353\152\232\135\122\320\055\012\153\065\026\011\020 -\204\320\152\312\072\006\000\067\107\344\176\127\117\077\213\353 -\147\270\210\252\305\276\123\125\262\221\304\175\271\260\205\031 -\006\170\056\333\141\032\372\205\365\112\221\241\347\026\325\216 -\242\071\337\224\270\160\037\050\077\213\374\100\136\143\203\074 -\203\052\032\231\153\317\336\131\152\073\374\157\026\327\037\375 -\112\020\353\116\202\026\072\254\047\014\123\361\255\325\044\260 -\153\003\120\301\055\074\026\335\104\064\047\032\165\373\002\003 -\001\000\001\243\102\060\100\060\035\006\003\125\035\016\004\026 -\004\024\012\205\251\167\145\005\230\174\100\201\370\017\227\054 -\070\361\012\354\074\317\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\015\006\011\052\206\110\206\367 -\015\001\001\013\005\000\003\202\001\001\000\114\072\243\104\254 -\271\105\261\307\223\176\310\013\012\102\337\144\352\034\356\131 -\154\010\272\211\137\152\312\112\225\236\172\217\007\305\332\105 -\162\202\161\016\072\322\314\157\247\264\241\043\273\366\044\237 -\313\027\376\214\246\316\302\322\333\314\215\374\161\374\003\051 -\301\154\135\063\137\144\266\145\073\211\157\030\166\170\365\334 -\242\110\037\031\077\216\223\353\361\372\027\356\315\116\343\004 -\022\125\326\345\344\335\373\076\005\174\342\035\136\306\247\274 -\227\117\150\072\365\351\056\012\103\266\257\127\134\142\150\174 -\267\375\243\212\204\240\254\142\276\053\011\207\064\360\152\001 -\273\233\051\126\074\376\000\067\317\043\154\361\116\252\266\164 -\106\022\154\221\356\064\325\354\232\221\347\104\276\220\061\162 -\325\111\002\366\002\345\364\037\353\174\331\226\125\251\377\354 -\212\371\231\107\377\065\132\002\252\004\313\212\133\207\161\051 -\221\275\244\264\172\015\275\232\365\127\043\000\007\041\027\077 -\112\071\321\005\111\013\247\266\067\201\245\135\214\252\063\136 -\201\050\174\247\175\047\353\000\256\215\067 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Security Communication RootCA2" -# Issuer: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP -# Serial Number: 0 (0x0) -# Subject: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP -# Not Valid Before: Fri May 29 05:00:39 2009 -# Not Valid After : Tue May 29 05:00:39 2029 -# Fingerprint (MD5): 6C:39:7D:A4:0E:55:59:B2:3F:D6:41:B1:12:50:DE:43 -# Fingerprint (SHA1): 5F:3B:8C:F2:F8:10:B3:7D:78:B4:CE:EC:19:19:C3:73:34:B9:C7:74 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Security Communication RootCA2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\137\073\214\362\370\020\263\175\170\264\316\354\031\031\303\163 -\064\271\307\164 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\154\071\175\244\016\125\131\262\077\326\101\261\022\120\336\103 -END -CKA_ISSUER MULTILINE_OCTAL -\060\135\061\013\060\011\006\003\125\004\006\023\002\112\120\061 -\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040 -\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117 -\056\054\114\124\104\056\061\047\060\045\006\003\125\004\013\023 -\036\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156 -\151\143\141\164\151\157\156\040\122\157\157\164\103\101\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "EC-ACC" -# -# Issuer: CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES -# Serial Number:ee:2b:3d:eb:d4:21:de:14:a8:62:ac:04:f3:dd:c4:01 -# Subject: CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES -# Not Valid Before: Tue Jan 07 23:00:00 2003 -# Not Valid After : Tue Jan 07 22:59:59 2031 -# Fingerprint (MD5): EB:F5:9D:29:0D:61:F9:42:1F:7C:C2:BA:6D:E3:15:09 -# Fingerprint (SHA1): 28:90:3A:63:5B:52:80:FA:E6:77:4C:0B:6D:A7:D6:BA:A6:4A:F2:E8 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "EC-ACC" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\363\061\013\060\011\006\003\125\004\006\023\002\105\123 -\061\073\060\071\006\003\125\004\012\023\062\101\147\145\156\143 -\151\141\040\103\141\164\141\154\141\156\141\040\144\145\040\103 -\145\162\164\151\146\151\143\141\143\151\157\040\050\116\111\106 -\040\121\055\060\070\060\061\061\067\066\055\111\051\061\050\060 -\046\006\003\125\004\013\023\037\123\145\162\166\145\151\163\040 -\120\165\142\154\151\143\163\040\144\145\040\103\145\162\164\151 -\146\151\143\141\143\151\157\061\065\060\063\006\003\125\004\013 -\023\054\126\145\147\145\165\040\150\164\164\160\163\072\057\057 -\167\167\167\056\143\141\164\143\145\162\164\056\156\145\164\057 -\166\145\162\141\162\162\145\154\040\050\143\051\060\063\061\065 -\060\063\006\003\125\004\013\023\054\112\145\162\141\162\161\165 -\151\141\040\105\156\164\151\164\141\164\163\040\144\145\040\103 -\145\162\164\151\146\151\143\141\143\151\157\040\103\141\164\141 -\154\141\156\145\163\061\017\060\015\006\003\125\004\003\023\006 -\105\103\055\101\103\103 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\363\061\013\060\011\006\003\125\004\006\023\002\105\123 -\061\073\060\071\006\003\125\004\012\023\062\101\147\145\156\143 -\151\141\040\103\141\164\141\154\141\156\141\040\144\145\040\103 -\145\162\164\151\146\151\143\141\143\151\157\040\050\116\111\106 -\040\121\055\060\070\060\061\061\067\066\055\111\051\061\050\060 -\046\006\003\125\004\013\023\037\123\145\162\166\145\151\163\040 -\120\165\142\154\151\143\163\040\144\145\040\103\145\162\164\151 -\146\151\143\141\143\151\157\061\065\060\063\006\003\125\004\013 -\023\054\126\145\147\145\165\040\150\164\164\160\163\072\057\057 -\167\167\167\056\143\141\164\143\145\162\164\056\156\145\164\057 -\166\145\162\141\162\162\145\154\040\050\143\051\060\063\061\065 -\060\063\006\003\125\004\013\023\054\112\145\162\141\162\161\165 -\151\141\040\105\156\164\151\164\141\164\163\040\144\145\040\103 -\145\162\164\151\146\151\143\141\143\151\157\040\103\141\164\141 -\154\141\156\145\163\061\017\060\015\006\003\125\004\003\023\006 -\105\103\055\101\103\103 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\356\053\075\353\324\041\336\024\250\142\254\004\363\335 -\304\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\126\060\202\004\076\240\003\002\001\002\002\020\356 -\053\075\353\324\041\336\024\250\142\254\004\363\335\304\001\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201 -\363\061\013\060\011\006\003\125\004\006\023\002\105\123\061\073 -\060\071\006\003\125\004\012\023\062\101\147\145\156\143\151\141 -\040\103\141\164\141\154\141\156\141\040\144\145\040\103\145\162 -\164\151\146\151\143\141\143\151\157\040\050\116\111\106\040\121 -\055\060\070\060\061\061\067\066\055\111\051\061\050\060\046\006 -\003\125\004\013\023\037\123\145\162\166\145\151\163\040\120\165 -\142\154\151\143\163\040\144\145\040\103\145\162\164\151\146\151 -\143\141\143\151\157\061\065\060\063\006\003\125\004\013\023\054 -\126\145\147\145\165\040\150\164\164\160\163\072\057\057\167\167 -\167\056\143\141\164\143\145\162\164\056\156\145\164\057\166\145 -\162\141\162\162\145\154\040\050\143\051\060\063\061\065\060\063 -\006\003\125\004\013\023\054\112\145\162\141\162\161\165\151\141 -\040\105\156\164\151\164\141\164\163\040\144\145\040\103\145\162 -\164\151\146\151\143\141\143\151\157\040\103\141\164\141\154\141 -\156\145\163\061\017\060\015\006\003\125\004\003\023\006\105\103 -\055\101\103\103\060\036\027\015\060\063\060\061\060\067\062\063 -\060\060\060\060\132\027\015\063\061\060\061\060\067\062\062\065 -\071\065\071\132\060\201\363\061\013\060\011\006\003\125\004\006 -\023\002\105\123\061\073\060\071\006\003\125\004\012\023\062\101 -\147\145\156\143\151\141\040\103\141\164\141\154\141\156\141\040 -\144\145\040\103\145\162\164\151\146\151\143\141\143\151\157\040 -\050\116\111\106\040\121\055\060\070\060\061\061\067\066\055\111 -\051\061\050\060\046\006\003\125\004\013\023\037\123\145\162\166 -\145\151\163\040\120\165\142\154\151\143\163\040\144\145\040\103 -\145\162\164\151\146\151\143\141\143\151\157\061\065\060\063\006 -\003\125\004\013\023\054\126\145\147\145\165\040\150\164\164\160 -\163\072\057\057\167\167\167\056\143\141\164\143\145\162\164\056 -\156\145\164\057\166\145\162\141\162\162\145\154\040\050\143\051 -\060\063\061\065\060\063\006\003\125\004\013\023\054\112\145\162 -\141\162\161\165\151\141\040\105\156\164\151\164\141\164\163\040 -\144\145\040\103\145\162\164\151\146\151\143\141\143\151\157\040 -\103\141\164\141\154\141\156\145\163\061\017\060\015\006\003\125 -\004\003\023\006\105\103\055\101\103\103\060\202\001\042\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001 -\017\000\060\202\001\012\002\202\001\001\000\263\042\307\117\342 -\227\102\225\210\107\203\100\366\035\027\363\203\163\044\036\121 -\363\230\212\303\222\270\377\100\220\005\160\207\140\311\000\251 -\265\224\145\031\042\025\027\302\103\154\146\104\232\015\004\076 -\071\157\245\113\172\252\143\267\212\104\235\331\143\221\204\146 -\340\050\017\272\102\343\156\216\367\024\047\223\151\356\221\016 -\243\137\016\261\353\146\242\162\117\022\023\206\145\172\076\333 -\117\007\364\247\011\140\332\072\102\231\307\262\177\263\026\225 -\034\307\371\064\265\224\205\325\231\136\240\110\240\176\347\027 -\145\270\242\165\270\036\363\345\102\175\257\355\363\212\110\144 -\135\202\024\223\330\300\344\377\263\120\162\362\166\366\263\135 -\102\120\171\320\224\076\153\014\000\276\330\153\016\116\052\354 -\076\322\314\202\242\030\145\063\023\167\236\232\135\032\023\330 -\303\333\075\310\227\172\356\160\355\247\346\174\333\161\317\055 -\224\142\337\155\326\365\070\276\077\245\205\012\031\270\250\330 -\011\165\102\160\304\352\357\313\016\310\064\250\022\042\230\014 -\270\023\224\266\113\354\360\320\220\347\047\002\003\001\000\001 -\243\201\343\060\201\340\060\035\006\003\125\035\021\004\026\060 -\024\201\022\145\143\137\141\143\143\100\143\141\164\143\145\162 -\164\056\156\145\164\060\017\006\003\125\035\023\001\001\377\004 -\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004 -\024\240\303\213\104\252\067\245\105\277\227\200\132\321\361\170 -\242\233\351\135\215\060\177\006\003\125\035\040\004\170\060\166 -\060\164\006\013\053\006\001\004\001\365\170\001\003\001\012\060 -\145\060\054\006\010\053\006\001\005\005\007\002\001\026\040\150 -\164\164\160\163\072\057\057\167\167\167\056\143\141\164\143\145 -\162\164\056\156\145\164\057\166\145\162\141\162\162\145\154\060 -\065\006\010\053\006\001\005\005\007\002\002\060\051\032\047\126 -\145\147\145\165\040\150\164\164\160\163\072\057\057\167\167\167 -\056\143\141\164\143\145\162\164\056\156\145\164\057\166\145\162 -\141\162\162\145\154\040\060\015\006\011\052\206\110\206\367\015 -\001\001\005\005\000\003\202\001\001\000\240\110\133\202\001\366 -\115\110\270\071\125\065\234\200\172\123\231\325\132\377\261\161 -\073\314\071\011\224\136\326\332\357\276\001\133\135\323\036\330 -\375\175\117\315\240\101\340\064\223\277\313\342\206\234\067\222 -\220\126\034\334\353\051\005\345\304\236\307\065\337\212\014\315 -\305\041\103\351\252\210\345\065\300\031\102\143\132\002\136\244 -\110\030\072\205\157\334\235\274\077\235\234\301\207\270\172\141 -\010\351\167\013\177\160\253\172\335\331\227\054\144\036\205\277 -\274\164\226\241\303\172\022\354\014\032\156\203\014\074\350\162 -\106\237\373\110\325\136\227\346\261\241\370\344\357\106\045\224 -\234\211\333\151\070\276\354\134\016\126\307\145\121\345\120\210 -\210\277\102\325\053\075\345\371\272\236\056\263\312\364\163\222 -\002\013\276\114\146\353\040\376\271\313\265\231\177\346\266\023 -\372\312\113\115\331\356\123\106\006\073\306\116\255\223\132\201 -\176\154\052\113\152\005\105\214\362\041\244\061\220\207\154\145 -\234\235\245\140\225\072\122\177\365\321\253\010\156\363\356\133 -\371\210\075\176\270\157\156\003\344\102 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -# For Server Distrust After: Sat Dec 28 00:00:00 2019 -CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL -\061\071\061\062\062\070\060\060\060\060\060\060\132 -END -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "EC-ACC" -# Issuer: CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES -# Serial Number:ee:2b:3d:eb:d4:21:de:14:a8:62:ac:04:f3:dd:c4:01 -# Subject: CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES -# Not Valid Before: Tue Jan 07 23:00:00 2003 -# Not Valid After : Tue Jan 07 22:59:59 2031 -# Fingerprint (MD5): EB:F5:9D:29:0D:61:F9:42:1F:7C:C2:BA:6D:E3:15:09 -# Fingerprint (SHA1): 28:90:3A:63:5B:52:80:FA:E6:77:4C:0B:6D:A7:D6:BA:A6:4A:F2:E8 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "EC-ACC" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\050\220\072\143\133\122\200\372\346\167\114\013\155\247\326\272 -\246\112\362\350 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\353\365\235\051\015\141\371\102\037\174\302\272\155\343\025\011 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\363\061\013\060\011\006\003\125\004\006\023\002\105\123 -\061\073\060\071\006\003\125\004\012\023\062\101\147\145\156\143 -\151\141\040\103\141\164\141\154\141\156\141\040\144\145\040\103 -\145\162\164\151\146\151\143\141\143\151\157\040\050\116\111\106 -\040\121\055\060\070\060\061\061\067\066\055\111\051\061\050\060 -\046\006\003\125\004\013\023\037\123\145\162\166\145\151\163\040 -\120\165\142\154\151\143\163\040\144\145\040\103\145\162\164\151 -\146\151\143\141\143\151\157\061\065\060\063\006\003\125\004\013 -\023\054\126\145\147\145\165\040\150\164\164\160\163\072\057\057 -\167\167\167\056\143\141\164\143\145\162\164\056\156\145\164\057 -\166\145\162\141\162\162\145\154\040\050\143\051\060\063\061\065 -\060\063\006\003\125\004\013\023\054\112\145\162\141\162\161\165 -\151\141\040\105\156\164\151\164\141\164\163\040\144\145\040\103 -\145\162\164\151\146\151\143\141\143\151\157\040\103\141\164\141 -\154\141\156\145\163\061\017\060\015\006\003\125\004\003\023\006 -\105\103\055\101\103\103 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\356\053\075\353\324\041\336\024\250\142\254\004\363\335 -\304\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Hellenic Academic and Research Institutions RootCA 2011" -# -# Issuer: CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR -# Serial Number: 0 (0x0) -# Subject: CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR -# Not Valid Before: Tue Dec 06 13:49:52 2011 -# Not Valid After : Mon Dec 01 13:49:52 2031 -# Fingerprint (MD5): 73:9F:4C:4B:73:5B:79:E9:FA:BA:1C:EF:6E:CB:D5:C9 -# Fingerprint (SHA1): FE:45:65:9B:79:03:5B:98:A1:61:B5:51:2E:AC:DA:58:09:48:22:4D -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Hellenic Academic and Research Institutions RootCA 2011" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\225\061\013\060\011\006\003\125\004\006\023\002\107\122 -\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145 -\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144 -\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164 -\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164 -\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023 -\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155 -\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040 -\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157 -\164\103\101\040\062\060\061\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\225\061\013\060\011\006\003\125\004\006\023\002\107\122 -\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145 -\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144 -\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164 -\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164 -\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023 -\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155 -\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040 -\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157 -\164\103\101\040\062\060\061\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\061\060\202\003\031\240\003\002\001\002\002\001\000 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\201\225\061\013\060\011\006\003\125\004\006\023\002\107\122\061 -\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145\156 -\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040 -\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165 -\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164\150 -\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023\067 -\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155\151 -\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040\111 -\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157\164 -\103\101\040\062\060\061\061\060\036\027\015\061\061\061\062\060 -\066\061\063\064\071\065\062\132\027\015\063\061\061\062\060\061 -\061\063\064\071\065\062\132\060\201\225\061\013\060\011\006\003 -\125\004\006\023\002\107\122\061\104\060\102\006\003\125\004\012 -\023\073\110\145\154\154\145\156\151\143\040\101\143\141\144\145 -\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 -\040\111\156\163\164\151\164\165\164\151\157\156\163\040\103\145 -\162\164\056\040\101\165\164\150\157\162\151\164\171\061\100\060 -\076\006\003\125\004\003\023\067\110\145\154\154\145\156\151\143 -\040\101\143\141\144\145\155\151\143\040\141\156\144\040\122\145 -\163\145\141\162\143\150\040\111\156\163\164\151\164\165\164\151 -\157\156\163\040\122\157\157\164\103\101\040\062\060\061\061\060 -\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001 -\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000 -\251\123\000\343\056\246\366\216\372\140\330\055\225\076\370\054 -\052\124\116\315\271\204\141\224\130\117\217\075\213\344\103\363 -\165\211\215\121\344\303\067\322\212\210\115\171\036\267\022\335 -\103\170\112\212\222\346\327\110\325\017\244\072\051\104\065\270 -\007\366\150\035\125\315\070\121\360\214\044\061\205\257\203\311 -\175\351\167\257\355\032\173\235\027\371\263\235\070\120\017\246 -\132\171\221\200\257\067\256\246\323\061\373\265\046\011\235\074 -\132\357\121\305\053\337\226\135\353\062\036\002\332\160\111\354 -\156\014\310\232\067\215\367\361\066\140\113\046\054\202\236\320 -\170\363\015\017\143\244\121\060\341\371\053\047\022\007\330\352 -\275\030\142\230\260\131\067\175\276\356\363\040\121\102\132\203 -\357\223\272\151\025\361\142\235\237\231\071\202\241\267\164\056 -\213\324\305\013\173\057\360\310\012\332\075\171\012\232\223\034 -\245\050\162\163\221\103\232\247\321\115\205\204\271\251\164\217 -\024\100\307\334\336\254\101\144\154\264\031\233\002\143\155\044 -\144\217\104\262\045\352\316\135\164\014\143\062\134\215\207\345 -\002\003\001\000\001\243\201\211\060\201\206\060\017\006\003\125 -\035\023\001\001\377\004\005\060\003\001\001\377\060\013\006\003 -\125\035\017\004\004\003\002\001\006\060\035\006\003\125\035\016 -\004\026\004\024\246\221\102\375\023\141\112\043\236\010\244\051 -\345\330\023\004\043\356\101\045\060\107\006\003\125\035\036\004 -\100\060\076\240\074\060\005\202\003\056\147\162\060\005\202\003 -\056\145\165\060\006\202\004\056\145\144\165\060\006\202\004\056 -\157\162\147\060\005\201\003\056\147\162\060\005\201\003\056\145 -\165\060\006\201\004\056\145\144\165\060\006\201\004\056\157\162 -\147\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000 -\003\202\001\001\000\037\357\171\101\341\173\156\077\262\214\206 -\067\102\112\116\034\067\036\215\146\272\044\201\311\117\022\017 -\041\300\003\227\206\045\155\135\323\042\051\250\154\242\015\251 -\353\075\006\133\231\072\307\314\303\232\064\177\253\016\310\116 -\034\341\372\344\334\315\015\276\277\044\376\154\347\153\302\015 -\310\006\236\116\215\141\050\246\152\375\345\366\142\352\030\074 -\116\240\123\235\262\072\234\353\245\234\221\026\266\115\202\340 -\014\005\110\251\154\365\314\370\313\235\111\264\360\002\245\375 -\160\003\355\212\041\245\256\023\206\111\303\063\163\276\207\073 -\164\213\027\105\046\114\026\221\203\376\147\175\315\115\143\147 -\372\363\003\022\226\170\006\215\261\147\355\216\077\276\237\117 -\002\365\263\011\057\363\114\207\337\052\313\225\174\001\314\254 -\066\172\277\242\163\172\367\217\301\265\232\241\024\262\217\063 -\237\015\357\042\334\146\173\204\275\105\027\006\075\074\312\271 -\167\064\217\312\352\317\077\061\076\343\210\343\200\111\045\310 -\227\265\235\232\231\115\260\074\370\112\000\233\144\335\237\071 -\113\321\047\327\270 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for Certificate "Hellenic Academic and Research Institutions RootCA 2011" -# Issuer: CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR -# Serial Number: 0 (0x0) -# Subject: CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR -# Not Valid Before: Tue Dec 06 13:49:52 2011 -# Not Valid After : Mon Dec 01 13:49:52 2031 -# Fingerprint (MD5): 73:9F:4C:4B:73:5B:79:E9:FA:BA:1C:EF:6E:CB:D5:C9 -# Fingerprint (SHA1): FE:45:65:9B:79:03:5B:98:A1:61:B5:51:2E:AC:DA:58:09:48:22:4D -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Hellenic Academic and Research Institutions RootCA 2011" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\376\105\145\233\171\003\133\230\241\141\265\121\056\254\332\130 -\011\110\042\115 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\163\237\114\113\163\133\171\351\372\272\034\357\156\313\325\311 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\225\061\013\060\011\006\003\125\004\006\023\002\107\122 -\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145 -\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144 -\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164 -\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164 -\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023 -\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155 -\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040 -\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157 -\164\103\101\040\062\060\061\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# Explicitly Distrust "MITM subCA 1 issued by Trustwave", Bug 724929 -# Issuer: E=ca@trustwave.com,CN="Trustwave Organization Issuing CA, Level 2",O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US -# Serial Number: 1800000005 (0x6b49d205) -# Not Before: Apr 7 15:37:15 2011 GMT -# Not After : Apr 4 15:37:15 2021 GMT -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "MITM subCA 1 issued by Trustwave" -CKA_ISSUER MULTILINE_OCTAL -\060\201\253\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156 -\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150 -\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030 -\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156 -\147\163\054\040\111\156\143\056\061\063\060\061\006\003\125\004 -\003\023\052\124\162\165\163\164\167\141\166\145\040\117\162\147 -\141\156\151\172\141\164\151\157\156\040\111\163\163\165\151\156 -\147\040\103\101\054\040\114\145\166\145\154\040\062\061\037\060 -\035\006\011\052\206\110\206\367\015\001\011\001\026\020\143\141 -\100\164\162\165\163\164\167\141\166\145\056\143\157\155 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\153\111\322\005 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# Explicitly Distrust "MITM subCA 2 issued by Trustwave", Bug 724929 -# Issuer: E=ca@trustwave.com,CN="Trustwave Organization Issuing CA, Level 2",O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US -# Serial Number: 1800000006 (0x6b49d206) -# Not Before: Apr 18 21:09:30 2011 GMT -# Not After : Apr 15 21:09:30 2021 GMT -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "MITM subCA 2 issued by Trustwave" -CKA_ISSUER MULTILINE_OCTAL -\060\201\253\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156 -\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150 -\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030 -\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156 -\147\163\054\040\111\156\143\056\061\063\060\061\006\003\125\004 -\003\023\052\124\162\165\163\164\167\141\166\145\040\117\162\147 -\141\156\151\172\141\164\151\157\156\040\111\163\163\165\151\156 -\147\040\103\101\054\040\114\145\166\145\154\040\062\061\037\060 -\035\006\011\052\206\110\206\367\015\001\011\001\026\020\143\141 -\100\164\162\165\163\164\167\141\166\145\056\143\157\155 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\153\111\322\006 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Actalis Authentication Root CA" -# -# Issuer: CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT -# Serial Number:57:0a:11:97:42:c4:e3:cc -# Subject: CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT -# Not Valid Before: Thu Sep 22 11:22:02 2011 -# Not Valid After : Sun Sep 22 11:22:02 2030 -# Fingerprint (MD5): 69:C1:0D:4F:07:A3:1B:C3:FE:56:3D:04:BC:11:F6:A6 -# Fingerprint (SHA1): F3:73:B3:87:06:5A:28:84:8A:F2:F3:4A:CE:19:2B:DD:C7:8E:9C:AC -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Actalis Authentication Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\153\061\013\060\011\006\003\125\004\006\023\002\111\124\061 -\016\060\014\006\003\125\004\007\014\005\115\151\154\141\156\061 -\043\060\041\006\003\125\004\012\014\032\101\143\164\141\154\151 -\163\040\123\056\160\056\101\056\057\060\063\063\065\070\065\062 -\060\071\066\067\061\047\060\045\006\003\125\004\003\014\036\101 -\143\164\141\154\151\163\040\101\165\164\150\145\156\164\151\143 -\141\164\151\157\156\040\122\157\157\164\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\153\061\013\060\011\006\003\125\004\006\023\002\111\124\061 -\016\060\014\006\003\125\004\007\014\005\115\151\154\141\156\061 -\043\060\041\006\003\125\004\012\014\032\101\143\164\141\154\151 -\163\040\123\056\160\056\101\056\057\060\063\063\065\070\065\062 -\060\071\066\067\061\047\060\045\006\003\125\004\003\014\036\101 -\143\164\141\154\151\163\040\101\165\164\150\145\156\164\151\143 -\141\164\151\157\156\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\127\012\021\227\102\304\343\314 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\273\060\202\003\243\240\003\002\001\002\002\010\127 -\012\021\227\102\304\343\314\060\015\006\011\052\206\110\206\367 -\015\001\001\013\005\000\060\153\061\013\060\011\006\003\125\004 -\006\023\002\111\124\061\016\060\014\006\003\125\004\007\014\005 -\115\151\154\141\156\061\043\060\041\006\003\125\004\012\014\032 -\101\143\164\141\154\151\163\040\123\056\160\056\101\056\057\060 -\063\063\065\070\065\062\060\071\066\067\061\047\060\045\006\003 -\125\004\003\014\036\101\143\164\141\154\151\163\040\101\165\164 -\150\145\156\164\151\143\141\164\151\157\156\040\122\157\157\164 -\040\103\101\060\036\027\015\061\061\060\071\062\062\061\061\062 -\062\060\062\132\027\015\063\060\060\071\062\062\061\061\062\062 -\060\062\132\060\153\061\013\060\011\006\003\125\004\006\023\002 -\111\124\061\016\060\014\006\003\125\004\007\014\005\115\151\154 -\141\156\061\043\060\041\006\003\125\004\012\014\032\101\143\164 -\141\154\151\163\040\123\056\160\056\101\056\057\060\063\063\065 -\070\065\062\060\071\066\067\061\047\060\045\006\003\125\004\003 -\014\036\101\143\164\141\154\151\163\040\101\165\164\150\145\156 -\164\151\143\141\164\151\157\156\040\122\157\157\164\040\103\101 -\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 -\000\247\306\304\245\051\244\054\357\345\030\305\260\120\243\157 -\121\073\237\012\132\311\302\110\070\012\302\034\240\030\177\221 -\265\207\271\100\077\335\035\150\037\010\203\325\055\036\210\240 -\370\217\126\217\155\231\002\222\220\026\325\137\010\154\211\327 -\341\254\274\040\302\261\340\203\121\212\151\115\000\226\132\157 -\057\300\104\176\243\016\344\221\315\130\356\334\373\307\036\105 -\107\335\047\271\010\001\237\246\041\035\365\101\055\057\114\375 -\050\255\340\212\255\042\264\126\145\216\206\124\217\223\103\051 -\336\071\106\170\243\060\043\272\315\360\175\023\127\300\135\322 -\203\153\110\114\304\253\237\200\132\133\072\275\311\247\042\077 -\200\047\063\133\016\267\212\014\135\007\067\010\313\154\322\172 -\107\042\104\065\305\314\314\056\216\335\052\355\267\175\146\015 -\137\141\121\042\125\033\343\106\343\343\075\320\065\142\232\333 -\257\024\310\133\241\314\211\033\341\060\046\374\240\233\037\201 -\247\107\037\004\353\243\071\222\006\237\231\323\277\323\352\117 -\120\234\031\376\226\207\036\074\145\366\243\030\044\203\206\020 -\347\124\076\250\072\166\044\117\201\041\305\343\017\002\370\223 -\224\107\040\273\376\324\016\323\150\271\335\304\172\204\202\343 -\123\124\171\335\333\234\322\362\007\233\056\266\274\076\355\205 -\155\357\045\021\362\227\032\102\141\367\112\227\350\213\261\020 -\007\372\145\201\262\242\071\317\367\074\377\030\373\306\361\132 -\213\131\342\002\254\173\222\320\116\024\117\131\105\366\014\136 -\050\137\260\350\077\105\317\317\257\233\157\373\204\323\167\132 -\225\157\254\224\204\236\356\274\300\112\217\112\223\370\104\041 -\342\061\105\141\120\116\020\330\343\065\174\114\031\264\336\005 -\277\243\006\237\310\265\315\344\037\327\027\006\015\172\225\164 -\125\015\150\032\374\020\033\142\144\235\155\340\225\240\303\224 -\007\127\015\024\346\275\005\373\270\237\346\337\213\342\306\347 -\176\226\366\123\305\200\064\120\050\130\360\022\120\161\027\060 -\272\346\170\143\274\364\262\255\233\053\262\376\341\071\214\136 -\272\013\040\224\336\173\203\270\377\343\126\215\267\021\351\073 -\214\362\261\301\135\235\244\013\114\053\331\262\030\365\265\237 -\113\002\003\001\000\001\243\143\060\141\060\035\006\003\125\035 -\016\004\026\004\024\122\330\210\072\310\237\170\146\355\211\363 -\173\070\160\224\311\002\002\066\320\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\037\006\003\125\035 -\043\004\030\060\026\200\024\122\330\210\072\310\237\170\146\355 -\211\363\173\070\160\224\311\002\002\066\320\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\015\006\011\052 -\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\013 -\173\162\207\300\140\246\111\114\210\130\346\035\210\367\024\144 -\110\246\330\130\012\016\117\023\065\337\065\035\324\355\006\061 -\310\201\076\152\325\335\073\032\062\356\220\075\021\322\056\364 -\216\303\143\056\043\146\260\147\276\157\266\300\023\071\140\252 -\242\064\045\223\165\122\336\247\235\255\016\207\211\122\161\152 -\026\074\031\035\203\370\232\051\145\276\364\077\232\331\360\363 -\132\207\041\161\200\115\313\340\070\233\077\273\372\340\060\115 -\317\206\323\145\020\031\030\321\227\002\261\053\162\102\150\254 -\240\275\116\132\332\030\277\153\230\201\320\375\232\276\136\025 -\110\315\021\025\271\300\051\134\264\350\210\367\076\066\256\267 -\142\375\036\142\336\160\170\020\034\110\133\332\274\244\070\272 -\147\355\125\076\136\127\337\324\003\100\114\201\244\322\117\143 -\247\011\102\011\024\374\000\251\302\200\163\117\056\300\100\331 -\021\173\110\352\172\002\300\323\353\050\001\046\130\164\301\300 -\163\042\155\223\225\375\071\175\273\052\343\366\202\343\054\227 -\137\116\037\221\224\372\376\054\243\330\166\032\270\115\262\070 -\117\233\372\035\110\140\171\046\342\363\375\251\320\232\350\160 -\217\111\172\326\345\275\012\016\333\055\363\215\277\353\343\244 -\175\313\307\225\161\350\332\243\174\305\302\370\164\222\004\033 -\206\254\244\042\123\100\266\254\376\114\166\317\373\224\062\300 -\065\237\166\077\156\345\220\156\240\246\046\242\270\054\276\321 -\053\205\375\247\150\310\272\001\053\261\154\164\035\270\163\225 -\347\356\267\307\045\360\000\114\000\262\176\266\013\213\034\363 -\300\120\236\045\271\340\010\336\066\146\377\067\245\321\273\124 -\144\054\311\047\265\113\222\176\145\377\323\055\341\271\116\274 -\177\244\101\041\220\101\167\246\071\037\352\236\343\237\320\146 -\157\005\354\252\166\176\277\153\026\240\353\265\307\374\222\124 -\057\053\021\047\045\067\170\114\121\152\260\363\314\130\135\024 -\361\152\110\025\377\302\007\266\261\215\017\216\134\120\106\263 -\075\277\001\230\117\262\131\124\107\076\064\173\170\155\126\223 -\056\163\352\146\050\170\315\035\024\277\240\217\057\056\270\056 -\216\362\024\212\314\351\265\174\373\154\235\014\245\341\226 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Actalis Authentication Root CA" -# Issuer: CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT -# Serial Number:57:0a:11:97:42:c4:e3:cc -# Subject: CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT -# Not Valid Before: Thu Sep 22 11:22:02 2011 -# Not Valid After : Sun Sep 22 11:22:02 2030 -# Fingerprint (MD5): 69:C1:0D:4F:07:A3:1B:C3:FE:56:3D:04:BC:11:F6:A6 -# Fingerprint (SHA1): F3:73:B3:87:06:5A:28:84:8A:F2:F3:4A:CE:19:2B:DD:C7:8E:9C:AC -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Actalis Authentication Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\363\163\263\207\006\132\050\204\212\362\363\112\316\031\053\335 -\307\216\234\254 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\151\301\015\117\007\243\033\303\376\126\075\004\274\021\366\246 -END -CKA_ISSUER MULTILINE_OCTAL -\060\153\061\013\060\011\006\003\125\004\006\023\002\111\124\061 -\016\060\014\006\003\125\004\007\014\005\115\151\154\141\156\061 -\043\060\041\006\003\125\004\012\014\032\101\143\164\141\154\151 -\163\040\123\056\160\056\101\056\057\060\063\063\065\070\065\062 -\060\071\066\067\061\047\060\045\006\003\125\004\003\014\036\101 -\143\164\141\154\151\163\040\101\165\164\150\145\156\164\151\143 -\141\164\151\157\156\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\127\012\021\227\102\304\343\314 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Trustis FPS Root CA" -# -# Issuer: OU=Trustis FPS Root CA,O=Trustis Limited,C=GB -# Serial Number:1b:1f:ad:b6:20:f9:24:d3:36:6b:f7:c7:f1:8c:a0:59 -# Subject: OU=Trustis FPS Root CA,O=Trustis Limited,C=GB -# Not Valid Before: Tue Dec 23 12:14:06 2003 -# Not Valid After : Sun Jan 21 11:36:54 2024 -# Fingerprint (MD5): 30:C9:E7:1E:6B:E6:14:EB:65:B2:16:69:20:31:67:4D -# Fingerprint (SHA1): 3B:C0:38:0B:33:C3:F6:A6:0C:86:15:22:93:D9:DF:F5:4B:81:C0:04 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Trustis FPS Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\107\102\061 -\030\060\026\006\003\125\004\012\023\017\124\162\165\163\164\151 -\163\040\114\151\155\151\164\145\144\061\034\060\032\006\003\125 -\004\013\023\023\124\162\165\163\164\151\163\040\106\120\123\040 -\122\157\157\164\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\107\102\061 -\030\060\026\006\003\125\004\012\023\017\124\162\165\163\164\151 -\163\040\114\151\155\151\164\145\144\061\034\060\032\006\003\125 -\004\013\023\023\124\162\165\163\164\151\163\040\106\120\123\040 -\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\033\037\255\266\040\371\044\323\066\153\367\307\361\214 -\240\131 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\147\060\202\002\117\240\003\002\001\002\002\020\033 -\037\255\266\040\371\044\323\066\153\367\307\361\214\240\131\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\105 -\061\013\060\011\006\003\125\004\006\023\002\107\102\061\030\060 -\026\006\003\125\004\012\023\017\124\162\165\163\164\151\163\040 -\114\151\155\151\164\145\144\061\034\060\032\006\003\125\004\013 -\023\023\124\162\165\163\164\151\163\040\106\120\123\040\122\157 -\157\164\040\103\101\060\036\027\015\060\063\061\062\062\063\061 -\062\061\064\060\066\132\027\015\062\064\060\061\062\061\061\061 -\063\066\065\064\132\060\105\061\013\060\011\006\003\125\004\006 -\023\002\107\102\061\030\060\026\006\003\125\004\012\023\017\124 -\162\165\163\164\151\163\040\114\151\155\151\164\145\144\061\034 -\060\032\006\003\125\004\013\023\023\124\162\165\163\164\151\163 -\040\106\120\123\040\122\157\157\164\040\103\101\060\202\001\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\001\017\000\060\202\001\012\002\202\001\001\000\305\120\173 -\236\073\065\320\337\304\214\315\216\233\355\243\300\066\231\364 -\102\352\247\076\200\203\017\246\247\131\207\311\220\105\103\176 -\000\352\206\171\052\003\275\075\067\231\211\146\267\345\212\126 -\206\223\234\150\113\150\004\214\223\223\002\076\060\322\067\072 -\042\141\211\034\205\116\175\217\325\257\173\065\366\176\050\107 -\211\061\334\016\171\144\037\231\322\133\272\376\177\140\277\255 -\353\347\074\070\051\152\057\345\221\013\125\377\354\157\130\325 -\055\311\336\114\146\161\217\014\327\004\332\007\346\036\030\343 -\275\051\002\250\372\034\341\133\271\203\250\101\110\274\032\161 -\215\347\142\345\055\262\353\337\174\317\333\253\132\312\061\361 -\114\042\363\005\023\367\202\371\163\171\014\276\327\113\034\300 -\321\025\074\223\101\144\321\346\276\043\027\042\000\211\136\037 -\153\245\254\156\247\113\214\355\243\162\346\257\143\115\057\205 -\322\024\065\232\056\116\214\352\062\230\050\206\241\221\011\101 -\072\264\341\343\362\372\360\311\012\242\101\335\251\343\003\307 -\210\025\073\034\324\032\224\327\237\144\131\022\155\002\003\001 -\000\001\243\123\060\121\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\037\006\003\125\035\043\004\030 -\060\026\200\024\272\372\161\045\171\213\127\101\045\041\206\013 -\161\353\262\144\016\213\041\147\060\035\006\003\125\035\016\004 -\026\004\024\272\372\161\045\171\213\127\101\045\041\206\013\161 -\353\262\144\016\213\041\147\060\015\006\011\052\206\110\206\367 -\015\001\001\005\005\000\003\202\001\001\000\176\130\377\375\065 -\031\175\234\030\117\236\260\053\274\216\214\024\377\054\240\332 -\107\133\303\357\201\055\257\005\352\164\110\133\363\076\116\007 -\307\155\305\263\223\317\042\065\134\266\077\165\047\137\011\226 -\315\240\376\276\100\014\134\022\125\370\223\202\312\051\351\136 -\077\126\127\213\070\066\367\105\032\114\050\315\236\101\270\355 -\126\114\204\244\100\310\270\260\245\053\151\160\004\152\303\370 -\324\022\062\371\016\303\261\334\062\204\104\054\157\313\106\017 -\352\146\101\017\117\361\130\245\246\015\015\017\141\336\245\236 -\135\175\145\241\074\027\347\250\125\116\357\240\307\355\306\104 -\177\124\365\243\340\217\360\174\125\042\217\051\266\201\243\341 -\155\116\054\033\200\147\354\255\040\237\014\142\141\325\227\377 -\103\355\055\301\332\135\051\052\205\077\254\145\356\206\017\005 -\215\220\137\337\356\237\364\277\356\035\373\230\344\177\220\053 -\204\170\020\016\154\111\123\357\025\133\145\106\112\135\257\272 -\373\072\162\035\315\366\045\210\036\227\314\041\234\051\001\015 -\145\353\127\331\363\127\226\273\110\315\201 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Trustis FPS Root CA" -# Issuer: OU=Trustis FPS Root CA,O=Trustis Limited,C=GB -# Serial Number:1b:1f:ad:b6:20:f9:24:d3:36:6b:f7:c7:f1:8c:a0:59 -# Subject: OU=Trustis FPS Root CA,O=Trustis Limited,C=GB -# Not Valid Before: Tue Dec 23 12:14:06 2003 -# Not Valid After : Sun Jan 21 11:36:54 2024 -# Fingerprint (MD5): 30:C9:E7:1E:6B:E6:14:EB:65:B2:16:69:20:31:67:4D -# Fingerprint (SHA1): 3B:C0:38:0B:33:C3:F6:A6:0C:86:15:22:93:D9:DF:F5:4B:81:C0:04 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Trustis FPS Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\073\300\070\013\063\303\366\246\014\206\025\042\223\331\337\365 -\113\201\300\004 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\060\311\347\036\153\346\024\353\145\262\026\151\040\061\147\115 -END -CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\107\102\061 -\030\060\026\006\003\125\004\012\023\017\124\162\165\163\164\151 -\163\040\114\151\155\151\164\145\144\061\034\060\032\006\003\125 -\004\013\023\023\124\162\165\163\164\151\163\040\106\120\123\040 -\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\033\037\255\266\040\371\044\323\066\153\367\307\361\214 -\240\131 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Buypass Class 2 Root CA" -# -# Issuer: CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO -# Serial Number: 2 (0x2) -# Subject: CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO -# Not Valid Before: Tue Oct 26 08:38:03 2010 -# Not Valid After : Fri Oct 26 08:38:03 2040 -# Fingerprint (MD5): 46:A7:D2:FE:45:FB:64:5A:A8:59:90:9B:78:44:9B:29 -# Fingerprint (SHA1): 49:0A:75:74:DE:87:0A:47:FE:58:EE:F6:C7:6B:EB:C6:0B:12:40:99 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Buypass Class 2 Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061 -\035\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163 -\163\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040 -\060\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163 -\040\103\154\141\163\163\040\062\040\122\157\157\164\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061 -\035\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163 -\163\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040 -\060\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163 -\040\103\154\141\163\163\040\062\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\002 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\131\060\202\003\101\240\003\002\001\002\002\001\002 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061\035 -\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163\163 -\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040\060 -\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163\040 -\103\154\141\163\163\040\062\040\122\157\157\164\040\103\101\060 -\036\027\015\061\060\061\060\062\066\060\070\063\070\060\063\132 -\027\015\064\060\061\060\062\066\060\070\063\070\060\063\132\060 -\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061\035 -\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163\163 -\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040\060 -\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163\040 -\103\154\141\163\163\040\062\040\122\157\157\164\040\103\101\060 -\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001 -\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000 -\327\307\136\367\301\007\324\167\373\103\041\364\364\365\151\344 -\356\062\001\333\243\206\037\344\131\015\272\347\165\203\122\353 -\352\034\141\025\110\273\035\007\312\214\256\260\334\226\235\352 -\303\140\222\206\202\050\163\234\126\006\377\113\144\360\014\052 -\067\111\265\345\317\014\174\356\361\112\273\163\060\145\363\325 -\057\203\266\176\343\347\365\236\253\140\371\323\361\235\222\164 -\212\344\034\226\254\133\200\351\265\364\061\207\243\121\374\307 -\176\241\157\216\123\167\324\227\301\125\063\222\076\030\057\165 -\324\255\206\111\313\225\257\124\006\154\330\006\023\215\133\377 -\341\046\031\131\300\044\272\201\161\171\220\104\120\150\044\224 -\137\270\263\021\361\051\101\141\243\101\313\043\066\325\301\361 -\062\120\020\116\177\364\206\223\354\204\323\216\274\113\277\134 -\001\116\007\075\334\024\212\224\012\244\352\163\373\013\121\350 -\023\007\030\372\016\361\053\321\124\025\175\074\341\367\264\031 -\102\147\142\136\167\340\242\125\354\266\331\151\027\325\072\257 -\104\355\112\305\236\344\172\047\174\345\165\327\252\313\045\347 -\337\153\012\333\017\115\223\116\250\240\315\173\056\362\131\001 -\152\267\015\270\007\201\176\213\070\033\070\346\012\127\231\075 -\356\041\350\243\365\014\026\335\213\354\064\216\234\052\034\000 -\025\027\215\150\203\322\160\237\030\010\315\021\150\325\311\153 -\122\315\304\106\217\334\265\363\330\127\163\036\351\224\071\004 -\277\323\336\070\336\264\123\354\151\034\242\176\304\217\344\033 -\160\255\362\242\371\373\367\026\144\146\151\237\111\121\242\342 -\025\030\147\006\112\177\325\154\265\115\263\063\340\141\353\135 -\276\351\230\017\062\327\035\113\074\056\132\001\122\221\011\362 -\337\352\215\330\006\100\143\252\021\344\376\303\067\236\024\122 -\077\364\342\314\362\141\223\321\375\147\153\327\122\256\277\150 -\253\100\103\240\127\065\123\170\360\123\370\141\102\007\144\306 -\327\157\233\114\070\015\143\254\142\257\066\213\242\163\012\015 -\365\041\275\164\252\115\352\162\003\111\333\307\137\035\142\143 -\307\375\335\221\354\063\356\365\155\264\156\060\150\336\310\326 -\046\260\165\136\173\264\007\040\230\241\166\062\270\115\154\117 -\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035 -\016\004\026\004\024\311\200\167\340\142\222\202\365\106\234\363 -\272\367\114\303\336\270\243\255\071\060\016\006\003\125\035\017 -\001\001\377\004\004\003\002\001\006\060\015\006\011\052\206\110 -\206\367\015\001\001\013\005\000\003\202\002\001\000\123\137\041 -\365\272\260\072\122\071\054\222\260\154\000\311\357\316\040\357 -\006\362\226\236\351\244\164\177\172\026\374\267\365\266\373\025 -\033\077\253\246\300\162\135\020\261\161\356\274\117\343\255\254 -\003\155\056\161\056\257\304\343\255\243\275\014\021\247\264\377 -\112\262\173\020\020\037\247\127\101\262\300\256\364\054\131\326 -\107\020\210\363\041\121\051\060\312\140\206\257\106\253\035\355 -\072\133\260\224\336\104\343\101\010\242\301\354\035\326\375\117 -\266\326\107\320\024\013\312\346\312\265\173\167\176\101\037\136 -\203\307\266\214\071\226\260\077\226\201\101\157\140\220\342\350 -\371\373\042\161\331\175\263\075\106\277\264\204\257\220\034\017 -\217\022\152\257\357\356\036\172\256\002\112\212\027\053\166\376 -\254\124\211\044\054\117\077\266\262\247\116\214\250\221\227\373 -\051\306\173\134\055\271\313\146\266\267\250\133\022\121\205\265 -\011\176\142\170\160\376\251\152\140\266\035\016\171\014\375\312 -\352\044\200\162\303\227\077\362\167\253\103\042\012\307\353\266 -\014\204\202\054\200\153\101\212\010\300\353\245\153\337\231\022 -\313\212\325\136\200\014\221\340\046\010\066\110\305\372\070\021 -\065\377\045\203\055\362\172\277\332\375\216\376\245\313\105\054 -\037\304\210\123\256\167\016\331\232\166\305\216\054\035\243\272 -\325\354\062\256\300\252\254\367\321\172\115\353\324\007\342\110 -\367\042\216\260\244\237\152\316\216\262\262\140\364\243\042\320 -\043\353\224\132\172\151\335\017\277\100\127\254\153\131\120\331 -\243\231\341\156\376\215\001\171\047\043\025\336\222\235\173\011 -\115\132\347\113\110\060\132\030\346\012\155\346\217\340\322\273 -\346\337\174\156\041\202\301\150\071\115\264\230\130\146\142\314 -\112\220\136\303\372\047\004\261\171\025\164\231\314\276\255\040 -\336\046\140\034\353\126\121\246\243\352\344\243\077\247\377\141 -\334\361\132\115\154\062\043\103\356\254\250\356\356\112\022\011 -\074\135\161\302\276\171\372\302\207\150\035\013\375\134\151\314 -\006\320\232\175\124\231\052\311\071\032\031\257\113\052\103\363 -\143\135\132\130\342\057\343\035\344\251\326\320\012\320\236\277 -\327\201\011\361\311\307\046\015\254\230\026\126\240 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Buypass Class 2 Root CA" -# Issuer: CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO -# Serial Number: 2 (0x2) -# Subject: CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO -# Not Valid Before: Tue Oct 26 08:38:03 2010 -# Not Valid After : Fri Oct 26 08:38:03 2040 -# Fingerprint (MD5): 46:A7:D2:FE:45:FB:64:5A:A8:59:90:9B:78:44:9B:29 -# Fingerprint (SHA1): 49:0A:75:74:DE:87:0A:47:FE:58:EE:F6:C7:6B:EB:C6:0B:12:40:99 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Buypass Class 2 Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\111\012\165\164\336\207\012\107\376\130\356\366\307\153\353\306 -\013\022\100\231 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\106\247\322\376\105\373\144\132\250\131\220\233\170\104\233\051 -END -CKA_ISSUER MULTILINE_OCTAL -\060\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061 -\035\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163 -\163\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040 -\060\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163 -\040\103\154\141\163\163\040\062\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\002 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Buypass Class 3 Root CA" -# -# Issuer: CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO -# Serial Number: 2 (0x2) -# Subject: CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO -# Not Valid Before: Tue Oct 26 08:28:58 2010 -# Not Valid After : Fri Oct 26 08:28:58 2040 -# Fingerprint (MD5): 3D:3B:18:9E:2C:64:5A:E8:D5:88:CE:0E:F9:37:C2:EC -# Fingerprint (SHA1): DA:FA:F7:FA:66:84:EC:06:8F:14:50:BD:C7:C2:81:A5:BC:A9:64:57 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Buypass Class 3 Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061 -\035\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163 -\163\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040 -\060\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163 -\040\103\154\141\163\163\040\063\040\122\157\157\164\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061 -\035\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163 -\163\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040 -\060\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163 -\040\103\154\141\163\163\040\063\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\002 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\131\060\202\003\101\240\003\002\001\002\002\001\002 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061\035 -\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163\163 -\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040\060 -\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163\040 -\103\154\141\163\163\040\063\040\122\157\157\164\040\103\101\060 -\036\027\015\061\060\061\060\062\066\060\070\062\070\065\070\132 -\027\015\064\060\061\060\062\066\060\070\062\070\065\070\132\060 -\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061\035 -\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163\163 -\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040\060 -\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163\040 -\103\154\141\163\163\040\063\040\122\157\157\164\040\103\101\060 -\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001 -\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000 -\245\332\012\225\026\120\343\225\362\136\235\166\061\006\062\172 -\233\361\020\166\270\000\232\265\122\066\315\044\107\260\237\030 -\144\274\232\366\372\325\171\330\220\142\114\042\057\336\070\075 -\326\340\250\351\034\054\333\170\021\351\216\150\121\025\162\307 -\363\063\207\344\240\135\013\134\340\127\007\052\060\365\315\304 -\067\167\050\115\030\221\346\277\325\122\375\161\055\160\076\347 -\306\304\212\343\360\050\013\364\166\230\241\213\207\125\262\072 -\023\374\267\076\047\067\216\042\343\250\117\052\357\140\273\075 -\267\071\303\016\001\107\231\135\022\117\333\103\372\127\241\355 -\371\235\276\021\107\046\133\023\230\253\135\026\212\260\067\034 -\127\235\105\377\210\226\066\277\273\312\007\173\157\207\143\327 -\320\062\152\326\135\154\014\361\263\156\071\342\153\061\056\071 -\000\047\024\336\070\300\354\031\146\206\022\350\235\162\026\023 -\144\122\307\251\067\034\375\202\060\355\204\030\035\364\256\134 -\377\160\023\000\353\261\365\063\172\113\326\125\370\005\215\113 -\151\260\365\263\050\066\134\024\304\121\163\115\153\013\361\064 -\007\333\027\071\327\334\050\173\153\365\237\363\056\301\117\027 -\052\020\363\314\312\350\353\375\153\253\056\232\237\055\202\156 -\004\324\122\001\223\055\075\206\374\176\374\337\357\102\035\246 -\153\357\271\040\306\367\275\240\247\225\375\247\346\211\044\330 -\314\214\064\154\342\043\057\331\022\032\041\271\125\221\157\013 -\221\171\031\014\255\100\210\013\160\342\172\322\016\330\150\110 -\273\202\023\071\020\130\351\330\052\007\306\022\333\130\333\322 -\073\125\020\107\005\025\147\142\176\030\143\246\106\077\011\016 -\124\062\136\277\015\142\172\047\357\200\350\333\331\113\006\132 -\067\132\045\320\010\022\167\324\157\011\120\227\075\310\035\303 -\337\214\105\060\126\306\323\144\253\146\363\300\136\226\234\303 -\304\357\303\174\153\213\072\171\177\263\111\317\075\342\211\237 -\240\060\113\205\271\234\224\044\171\217\175\153\251\105\150\017 -\053\320\361\332\034\313\151\270\312\111\142\155\310\320\143\142 -\335\140\017\130\252\217\241\274\005\245\146\242\317\033\166\262 -\204\144\261\114\071\122\300\060\272\360\214\113\002\260\266\267 -\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035 -\016\004\026\004\024\107\270\315\377\345\157\356\370\262\354\057 -\116\016\371\045\260\216\074\153\303\060\016\006\003\125\035\017 -\001\001\377\004\004\003\002\001\006\060\015\006\011\052\206\110 -\206\367\015\001\001\013\005\000\003\202\002\001\000\000\040\043 -\101\065\004\220\302\100\142\140\357\342\065\114\327\077\254\342 -\064\220\270\241\157\166\372\026\026\244\110\067\054\351\220\302 -\362\074\370\012\237\330\201\345\273\133\332\045\054\244\247\125 -\161\044\062\366\310\013\362\274\152\370\223\254\262\007\302\137 -\237\333\314\310\212\252\276\152\157\341\111\020\314\061\327\200 -\273\273\310\330\242\016\144\127\352\242\365\302\251\061\025\322 -\040\152\354\374\042\001\050\317\206\270\200\036\251\314\021\245 -\074\362\026\263\107\235\374\322\200\041\304\313\320\107\160\101 -\241\312\203\031\010\054\155\362\135\167\234\212\024\023\324\066 -\034\222\360\345\006\067\334\246\346\220\233\070\217\134\153\033 -\106\206\103\102\137\076\001\007\123\124\135\145\175\367\212\163 -\241\232\124\132\037\051\103\024\047\302\205\017\265\210\173\032 -\073\224\267\035\140\247\265\234\347\051\151\127\132\233\223\172 -\103\060\033\003\327\142\310\100\246\252\374\144\344\112\327\221 -\123\001\250\040\210\156\234\137\104\271\313\140\201\064\354\157 -\323\175\332\110\137\353\264\220\274\055\251\034\013\254\034\325 -\242\150\040\200\004\326\374\261\217\057\273\112\061\015\112\206 -\034\353\342\066\051\046\365\332\330\304\362\165\141\317\176\256 -\166\143\112\172\100\145\223\207\370\036\200\214\206\345\206\326 -\217\016\374\123\054\140\350\026\141\032\242\076\103\173\315\071 -\140\124\152\365\362\211\046\001\150\203\110\242\063\350\311\004 -\221\262\021\064\021\076\352\320\103\031\037\003\223\220\014\377 -\121\075\127\364\101\156\341\313\240\276\353\311\143\315\155\314 -\344\370\066\252\150\235\355\275\135\227\160\104\015\266\016\065 -\334\341\014\135\273\240\121\224\313\176\026\353\021\057\243\222 -\105\310\114\161\331\274\311\231\122\127\106\057\120\317\275\065 -\151\364\075\025\316\006\245\054\017\076\366\201\272\224\273\303 -\273\277\145\170\322\206\171\377\111\073\032\203\014\360\336\170 -\354\310\362\115\114\032\336\202\051\370\301\132\332\355\356\346 -\047\136\350\105\320\235\034\121\250\150\253\104\343\320\213\152 -\343\370\073\273\334\115\327\144\362\121\276\346\252\253\132\351 -\061\356\006\274\163\277\023\142\012\237\307\271\227 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Buypass Class 3 Root CA" -# Issuer: CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO -# Serial Number: 2 (0x2) -# Subject: CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO -# Not Valid Before: Tue Oct 26 08:28:58 2010 -# Not Valid After : Fri Oct 26 08:28:58 2040 -# Fingerprint (MD5): 3D:3B:18:9E:2C:64:5A:E8:D5:88:CE:0E:F9:37:C2:EC -# Fingerprint (SHA1): DA:FA:F7:FA:66:84:EC:06:8F:14:50:BD:C7:C2:81:A5:BC:A9:64:57 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Buypass Class 3 Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\332\372\367\372\146\204\354\006\217\024\120\275\307\302\201\245 -\274\251\144\127 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\075\073\030\236\054\144\132\350\325\210\316\016\371\067\302\354 -END -CKA_ISSUER MULTILINE_OCTAL -\060\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061 -\035\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163 -\163\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040 -\060\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163 -\040\103\154\141\163\163\040\063\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\002 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "T-TeleSec GlobalRoot Class 3" -# -# Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE -# Serial Number: 1 (0x1) -# Subject: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE -# Not Valid Before: Wed Oct 01 10:29:56 2008 -# Not Valid After : Sat Oct 01 23:59:59 2033 -# Fingerprint (MD5): CA:FB:40:A8:4E:39:92:8A:1D:FE:8E:2F:C4:27:EA:EF -# Fingerprint (SHA1): 55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163 -\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040 -\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060 -\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155 -\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045 -\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123 -\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154 -\141\163\163\040\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163 -\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040 -\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060 -\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155 -\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045 -\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123 -\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154 -\141\163\163\040\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\303\060\202\002\253\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163\164 -\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040\123 -\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060\035 -\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155\163 -\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045\060 -\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123\145 -\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154\141 -\163\163\040\063\060\036\027\015\060\070\061\060\060\061\061\060 -\062\071\065\066\132\027\015\063\063\061\060\060\061\062\063\065 -\071\065\071\132\060\201\202\061\013\060\011\006\003\125\004\006 -\023\002\104\105\061\053\060\051\006\003\125\004\012\014\042\124 -\055\123\171\163\164\145\155\163\040\105\156\164\145\162\160\162 -\151\163\145\040\123\145\162\166\151\143\145\163\040\107\155\142 -\110\061\037\060\035\006\003\125\004\013\014\026\124\055\123\171 -\163\164\145\155\163\040\124\162\165\163\164\040\103\145\156\164 -\145\162\061\045\060\043\006\003\125\004\003\014\034\124\055\124 -\145\154\145\123\145\143\040\107\154\157\142\141\154\122\157\157 -\164\040\103\154\141\163\163\040\063\060\202\001\042\060\015\006 -\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017 -\000\060\202\001\012\002\202\001\001\000\275\165\223\360\142\042 -\157\044\256\340\172\166\254\175\275\331\044\325\270\267\374\315 -\360\102\340\353\170\210\126\136\233\232\124\035\115\014\212\366 -\323\317\160\364\122\265\330\223\004\343\106\206\161\101\112\053 -\360\052\054\125\003\326\110\303\340\071\070\355\362\134\074\077 -\104\274\223\075\141\253\116\315\015\276\360\040\047\130\016\104 -\177\004\032\207\245\327\226\024\066\220\320\111\173\241\165\373 -\032\153\163\261\370\316\251\011\054\362\123\325\303\024\104\270 -\206\245\366\213\053\071\332\243\063\124\331\372\162\032\367\042 -\025\034\210\221\153\177\146\345\303\152\200\260\044\363\337\206 -\105\210\375\031\177\165\207\037\037\261\033\012\163\044\133\271 -\145\340\054\124\310\140\323\146\027\077\341\314\124\063\163\221 -\002\072\246\177\173\166\071\242\037\226\266\070\256\265\310\223 -\164\035\236\271\264\345\140\235\057\126\321\340\353\136\133\114 -\022\160\014\154\104\040\253\021\330\364\031\366\322\234\122\067 -\347\372\266\302\061\073\112\324\024\231\255\307\032\365\135\137 -\372\007\270\174\015\037\326\203\036\263\002\003\001\000\001\243 -\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004 -\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\265 -\003\367\166\073\141\202\152\022\252\030\123\353\003\041\224\277 -\376\316\312\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\003\202\001\001\000\126\075\357\224\325\275\332\163\262 -\130\276\256\220\255\230\047\227\376\001\261\260\122\000\270\115 -\344\033\041\164\033\176\300\356\136\151\052\045\257\134\326\035 -\332\322\171\311\363\227\051\340\206\207\336\004\131\017\361\131 -\324\144\205\113\231\257\045\004\036\311\106\251\227\336\202\262 -\033\160\237\234\366\257\161\061\335\173\005\245\054\323\271\312 -\107\366\312\362\366\347\255\271\110\077\274\026\267\301\155\364 -\352\011\257\354\363\265\347\005\236\246\036\212\123\121\326\223 -\201\314\164\223\366\271\332\246\045\005\164\171\132\176\100\076 -\202\113\046\021\060\156\341\077\101\307\107\000\065\325\365\323 -\367\124\076\201\075\332\111\152\232\263\357\020\075\346\353\157 -\321\310\042\107\313\314\317\001\061\222\331\030\343\042\276\011 -\036\032\076\132\262\344\153\014\124\172\175\103\116\270\211\245 -\173\327\242\075\226\206\314\362\046\064\055\152\222\235\232\032 -\320\060\342\135\116\004\260\137\213\040\176\167\301\075\225\202 -\321\106\232\073\074\170\270\157\241\320\015\144\242\170\036\051 -\116\223\303\244\124\024\133 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "T-TeleSec GlobalRoot Class 3" -# Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE -# Serial Number: 1 (0x1) -# Subject: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE -# Not Valid Before: Wed Oct 01 10:29:56 2008 -# Not Valid After : Sat Oct 01 23:59:59 2033 -# Fingerprint (MD5): CA:FB:40:A8:4E:39:92:8A:1D:FE:8E:2F:C4:27:EA:EF -# Fingerprint (SHA1): 55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\125\246\162\076\313\362\354\315\303\043\164\160\031\235\052\276 -\021\343\201\321 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\312\373\100\250\116\071\222\212\035\376\216\057\304\047\352\357 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163 -\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040 -\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060 -\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155 -\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045 -\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123 -\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154 -\141\163\163\040\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "EE Certification Centre Root CA" -# -# Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE -# Serial Number:54:80:f9:a0:73:ed:3f:00:4c:ca:89:d8:e3:71:e6:4a -# Subject: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE -# Not Valid Before: Sat Oct 30 10:10:30 2010 -# Not Valid After : Tue Dec 17 23:59:59 2030 -# Fingerprint (MD5): 43:5E:88:D4:7D:1A:4A:7E:FD:84:2E:52:EB:01:D4:6F -# Fingerprint (SHA1): C9:A8:B9:E7:55:80:5E:58:E3:53:77:A7:25:EB:AF:C3:7B:27:CC:D7 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "EE Certification Centre Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061 -\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162 -\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163 -\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103 -\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060 -\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153 -\151\100\163\153\056\145\145 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061 -\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162 -\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163 -\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103 -\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060 -\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153 -\151\100\163\153\056\145\145 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161 -\346\112 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\003\060\202\002\353\240\003\002\001\002\002\020\124 -\200\371\240\163\355\077\000\114\312\211\330\343\161\346\112\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\165 -\061\013\060\011\006\003\125\004\006\023\002\105\105\061\042\060 -\040\006\003\125\004\012\014\031\101\123\040\123\145\162\164\151 -\146\151\164\163\145\145\162\151\155\151\163\153\145\163\153\165 -\163\061\050\060\046\006\003\125\004\003\014\037\105\105\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\103\145\156 -\164\162\145\040\122\157\157\164\040\103\101\061\030\060\026\006 -\011\052\206\110\206\367\015\001\011\001\026\011\160\153\151\100 -\163\153\056\145\145\060\042\030\017\062\060\061\060\061\060\063 -\060\061\060\061\060\063\060\132\030\017\062\060\063\060\061\062 -\061\067\062\063\065\071\065\071\132\060\165\061\013\060\011\006 -\003\125\004\006\023\002\105\105\061\042\060\040\006\003\125\004 -\012\014\031\101\123\040\123\145\162\164\151\146\151\164\163\145 -\145\162\151\155\151\163\153\145\163\153\165\163\061\050\060\046 -\006\003\125\004\003\014\037\105\105\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\103\145\156\164\162\145\040\122 -\157\157\164\040\103\101\061\030\060\026\006\011\052\206\110\206 -\367\015\001\011\001\026\011\160\153\151\100\163\153\056\145\145 -\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001 -\000\310\040\300\354\340\305\113\253\007\170\225\363\104\356\373 -\013\014\377\164\216\141\273\261\142\352\043\330\253\241\145\062 -\172\353\216\027\117\226\330\012\173\221\242\143\154\307\214\114 -\056\171\277\251\005\374\151\134\225\215\142\371\271\160\355\303 -\121\175\320\223\346\154\353\060\113\341\274\175\277\122\233\316 -\156\173\145\362\070\261\300\242\062\357\142\262\150\340\141\123 -\301\066\225\377\354\224\272\066\256\234\034\247\062\017\345\174 -\264\306\157\164\375\173\030\350\254\127\355\006\040\113\062\060 -\130\133\375\315\250\346\241\374\160\274\216\222\163\333\227\247 -\174\041\256\075\301\365\110\207\154\047\275\237\045\164\201\125 -\260\367\165\366\075\244\144\153\326\117\347\316\100\255\017\335 -\062\323\274\212\022\123\230\311\211\373\020\035\115\176\315\176 -\037\126\015\041\160\205\366\040\203\037\366\272\037\004\217\352 -\167\210\065\304\377\352\116\241\213\115\077\143\033\104\303\104 -\324\045\166\312\267\215\327\036\112\146\144\315\134\305\234\203 -\341\302\010\210\232\354\116\243\361\076\034\054\331\154\035\241 -\113\002\003\001\000\001\243\201\212\060\201\207\060\017\006\003 -\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006 -\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006 -\003\125\035\016\004\026\004\024\022\362\132\076\352\126\034\277 -\315\006\254\361\361\045\311\251\113\324\024\231\060\105\006\003 -\125\035\045\004\076\060\074\006\010\053\006\001\005\005\007\003 -\002\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001 -\005\005\007\003\003\006\010\053\006\001\005\005\007\003\004\006 -\010\053\006\001\005\005\007\003\010\006\010\053\006\001\005\005 -\007\003\011\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\003\202\001\001\000\173\366\344\300\015\252\031\107\267 -\115\127\243\376\255\273\261\152\325\017\236\333\344\143\305\216 -\241\120\126\223\226\270\070\300\044\042\146\274\123\024\141\225 -\277\320\307\052\226\071\077\175\050\263\020\100\041\152\304\257 -\260\122\167\030\341\226\330\126\135\343\335\066\136\035\247\120 -\124\240\305\052\344\252\214\224\212\117\235\065\377\166\244\006 -\023\221\242\242\175\000\104\077\125\323\202\074\032\325\133\274 -\126\114\042\056\106\103\212\044\100\055\363\022\270\073\160\032 -\244\226\271\032\257\207\101\032\152\030\015\006\117\307\076\156 -\271\051\115\015\111\211\021\207\062\133\346\113\004\310\344\134 -\346\164\163\224\135\026\230\023\225\376\373\333\261\104\345\072 -\160\254\067\153\346\263\063\162\050\311\263\127\240\366\002\026 -\210\006\013\266\246\113\040\050\324\336\075\213\255\067\005\123 -\164\376\156\314\274\103\027\161\136\371\305\314\032\251\141\356 -\367\166\014\363\162\364\162\255\317\162\002\066\007\107\317\357 -\031\120\211\140\314\351\044\225\017\302\313\035\362\157\166\220 -\307\314\165\301\226\305\235 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -# For Server Distrust After: Fri Sep 01 00:00:00 2017 -CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL -\061\067\060\071\060\061\060\060\060\060\060\060\132 -END -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "EE Certification Centre Root CA" -# Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE -# Serial Number:54:80:f9:a0:73:ed:3f:00:4c:ca:89:d8:e3:71:e6:4a -# Subject: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE -# Not Valid Before: Sat Oct 30 10:10:30 2010 -# Not Valid After : Tue Dec 17 23:59:59 2030 -# Fingerprint (MD5): 43:5E:88:D4:7D:1A:4A:7E:FD:84:2E:52:EB:01:D4:6F -# Fingerprint (SHA1): C9:A8:B9:E7:55:80:5E:58:E3:53:77:A7:25:EB:AF:C3:7B:27:CC:D7 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "EE Certification Centre Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\311\250\271\347\125\200\136\130\343\123\167\247\045\353\257\303 -\173\047\314\327 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\103\136\210\324\175\032\112\176\375\204\056\122\353\001\324\157 -END -CKA_ISSUER MULTILINE_OCTAL -\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061 -\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162 -\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163 -\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103 -\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060 -\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153 -\151\100\163\153\056\145\145 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161 -\346\112 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# Explicitly Distrust "TURKTRUST Mis-issued Intermediate CA 1", Bug 825022 -# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,C=TR,CN=T..RKTRUST Elektronik Sunucu Sertifikas.. Hizmetleri -# Serial Number: 2087 (0x827) -# Subject: CN=*.EGO.GOV.TR,OU=EGO BILGI ISLEM,O=EGO,L=ANKARA,ST=ANKARA,C=TR -# Not Valid Before: Mon Aug 08 07:07:51 2011 -# Not Valid After : Tue Jul 06 07:07:51 2021 -# Fingerprint (MD5): F8:F5:25:FF:0C:31:CF:85:E1:0C:86:17:C1:CE:1F:8E -# Fingerprint (SHA1): C6:9F:28:C8:25:13:9E:65:A6:46:C4:34:AC:A5:A1:D2:00:29:5D:B1 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TURKTRUST Mis-issued Intermediate CA 1" -CKA_ISSUER MULTILINE_OCTAL -\060\201\254\061\075\060\073\006\003\125\004\003\014\064\124\303 -\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157 -\156\151\153\040\123\165\156\165\143\165\040\123\145\162\164\151 -\146\151\153\141\163\304\261\040\110\151\172\155\145\164\154\145 -\162\151\061\013\060\011\006\003\125\004\006\023\002\124\122\061 -\136\060\134\006\003\125\004\012\014\125\124\303\234\122\113\124 -\122\125\123\124\040\102\151\154\147\151\040\304\260\154\145\164 -\151\305\237\151\155\040\166\145\040\102\151\154\151\305\237\151 -\155\040\107\303\274\166\145\156\154\151\304\237\151\040\110\151 -\172\155\145\164\154\145\162\151\040\101\056\305\236\056\040\050 -\143\051\040\113\141\163\304\261\155\040\040\062\060\060\065 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\010\047 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# Explicitly Distrust "TURKTRUST Mis-issued Intermediate CA 2", Bug 825022 -# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,C=TR,CN=T..RKTRUST Elektronik Sunucu Sertifikas.. Hizmetleri -# Serial Number: 2148 (0x864) -# Subject: E=ileti@kktcmerkezbankasi.org,CN=e-islem.kktcmerkezbankasi.org,O=KKTC Merkez Bankasi,L=Lefkosa,ST=Lefkosa,C=TR -# Not Valid Before: Mon Aug 08 07:07:51 2011 -# Not Valid After : Thu Aug 05 07:07:51 2021 -# Fingerprint (MD5): BF:C3:EC:AD:0F:42:4F:B4:B5:38:DB:35:BF:AD:84:A2 -# Fingerprint (SHA1): F9:2B:E5:26:6C:C0:5D:B2:DC:0D:C3:F2:DC:74:E0:2D:EF:D9:49:CB -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TURKTRUST Mis-issued Intermediate CA 2" -CKA_ISSUER MULTILINE_OCTAL -\060\201\254\061\075\060\073\006\003\125\004\003\014\064\124\303 -\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157 -\156\151\153\040\123\165\156\165\143\165\040\123\145\162\164\151 -\146\151\153\141\163\304\261\040\110\151\172\155\145\164\154\145 -\162\151\061\013\060\011\006\003\125\004\006\023\002\124\122\061 -\136\060\134\006\003\125\004\012\014\125\124\303\234\122\113\124 -\122\125\123\124\040\102\151\154\147\151\040\304\260\154\145\164 -\151\305\237\151\155\040\166\145\040\102\151\154\151\305\237\151 -\155\040\107\303\274\166\145\156\154\151\304\237\151\040\110\151 -\172\155\145\164\154\145\162\151\040\101\056\305\236\056\040\050 -\143\051\040\113\141\163\304\261\155\040\040\062\060\060\065 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\010\144 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "D-TRUST Root Class 3 CA 2 2009" -# -# Issuer: CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE -# Serial Number: 623603 (0x983f3) -# Subject: CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE -# Not Valid Before: Thu Nov 05 08:35:58 2009 -# Not Valid After : Mon Nov 05 08:35:58 2029 -# Fingerprint (MD5): CD:E0:25:69:8D:47:AC:9C:89:35:90:F7:FD:51:3D:2F -# Fingerprint (SHA1): 58:E8:AB:B0:36:15:33:FB:80:F7:9B:1B:6D:29:D3:FF:8D:5F:00:F0 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "D-TRUST Root Class 3 CA 2 2009" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\115\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163 -\164\040\107\155\142\110\061\047\060\045\006\003\125\004\003\014 -\036\104\055\124\122\125\123\124\040\122\157\157\164\040\103\154 -\141\163\163\040\063\040\103\101\040\062\040\062\060\060\071 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\115\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163 -\164\040\107\155\142\110\061\047\060\045\006\003\125\004\003\014 -\036\104\055\124\122\125\123\124\040\122\157\157\164\040\103\154 -\141\163\163\040\063\040\103\101\040\062\040\062\060\060\071 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\003\011\203\363 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\063\060\202\003\033\240\003\002\001\002\002\003\011 -\203\363\060\015\006\011\052\206\110\206\367\015\001\001\013\005 -\000\060\115\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165 -\163\164\040\107\155\142\110\061\047\060\045\006\003\125\004\003 -\014\036\104\055\124\122\125\123\124\040\122\157\157\164\040\103 -\154\141\163\163\040\063\040\103\101\040\062\040\062\060\060\071 -\060\036\027\015\060\071\061\061\060\065\060\070\063\065\065\070 -\132\027\015\062\071\061\061\060\065\060\070\063\065\065\070\132 -\060\115\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163 -\164\040\107\155\142\110\061\047\060\045\006\003\125\004\003\014 -\036\104\055\124\122\125\123\124\040\122\157\157\164\040\103\154 -\141\163\163\040\063\040\103\101\040\062\040\062\060\060\071\060 -\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001 -\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000 -\323\262\112\317\172\107\357\165\233\043\372\072\057\326\120\105 -\211\065\072\306\153\333\376\333\000\150\250\340\003\021\035\067 -\120\010\237\115\112\150\224\065\263\123\321\224\143\247\040\126 -\257\336\121\170\354\052\075\363\110\110\120\076\012\337\106\125 -\213\047\155\303\020\115\015\221\122\103\330\207\340\135\116\066 -\265\041\312\137\071\100\004\137\133\176\314\243\306\053\251\100 -\036\331\066\204\326\110\363\222\036\064\106\040\044\301\244\121 -\216\112\032\357\120\077\151\135\031\177\105\303\307\001\217\121 -\311\043\350\162\256\264\274\126\011\177\022\313\034\261\257\051 -\220\012\311\125\314\017\323\264\032\355\107\065\132\112\355\234 -\163\004\041\320\252\275\014\023\265\000\312\046\154\304\153\014 -\224\132\225\224\332\120\232\361\377\245\053\146\061\244\311\070 -\240\337\035\037\270\011\056\363\247\350\147\122\253\225\037\340 -\106\076\330\244\303\312\132\305\061\200\350\110\232\237\224\151 -\376\031\335\330\163\174\201\312\226\336\216\355\263\062\005\145 -\204\064\346\346\375\127\020\265\137\166\277\057\260\020\015\305 -\002\003\001\000\001\243\202\001\032\060\202\001\026\060\017\006 -\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\035 -\006\003\125\035\016\004\026\004\024\375\332\024\304\237\060\336 -\041\275\036\102\071\374\253\143\043\111\340\361\204\060\016\006 -\003\125\035\017\001\001\377\004\004\003\002\001\006\060\201\323 -\006\003\125\035\037\004\201\313\060\201\310\060\201\200\240\176 -\240\174\206\172\154\144\141\160\072\057\057\144\151\162\145\143 -\164\157\162\171\056\144\055\164\162\165\163\164\056\156\145\164 -\057\103\116\075\104\055\124\122\125\123\124\045\062\060\122\157 -\157\164\045\062\060\103\154\141\163\163\045\062\060\063\045\062 -\060\103\101\045\062\060\062\045\062\060\062\060\060\071\054\117 -\075\104\055\124\162\165\163\164\045\062\060\107\155\142\110\054 -\103\075\104\105\077\143\145\162\164\151\146\151\143\141\164\145 -\162\145\166\157\143\141\164\151\157\156\154\151\163\164\060\103 -\240\101\240\077\206\075\150\164\164\160\072\057\057\167\167\167 -\056\144\055\164\162\165\163\164\056\156\145\164\057\143\162\154 -\057\144\055\164\162\165\163\164\137\162\157\157\164\137\143\154 -\141\163\163\137\063\137\143\141\137\062\137\062\060\060\071\056 -\143\162\154\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\003\202\001\001\000\177\227\333\060\310\337\244\234\175 -\041\172\200\160\316\024\022\151\210\024\225\140\104\001\254\262 -\351\060\117\233\120\302\146\330\176\215\060\265\160\061\351\342 -\151\307\363\160\333\040\025\206\320\015\360\276\254\001\165\204 -\316\176\237\115\277\267\140\073\234\363\312\035\342\136\150\330 -\243\235\227\345\100\140\322\066\041\376\320\264\270\027\332\164 -\243\177\324\337\260\230\002\254\157\153\153\054\045\044\162\241 -\145\356\045\132\345\346\062\347\362\337\253\111\372\363\220\151 -\043\333\004\331\347\134\130\374\145\324\227\276\314\374\056\012 -\314\045\052\065\004\370\140\221\025\165\075\101\377\043\037\031 -\310\154\353\202\123\004\246\344\114\042\115\215\214\272\316\133 -\163\354\144\124\120\155\321\234\125\373\151\303\066\303\214\274 -\074\205\246\153\012\046\015\340\223\230\140\256\176\306\044\227 -\212\141\137\221\216\146\222\011\207\066\315\213\233\055\076\366 -\121\324\120\324\131\050\275\203\362\314\050\173\123\206\155\330 -\046\210\160\327\352\221\315\076\271\312\300\220\156\132\306\136 -\164\145\327\134\376\243\342 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "D-TRUST Root Class 3 CA 2 2009" -# Issuer: CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE -# Serial Number: 623603 (0x983f3) -# Subject: CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE -# Not Valid Before: Thu Nov 05 08:35:58 2009 -# Not Valid After : Mon Nov 05 08:35:58 2029 -# Fingerprint (MD5): CD:E0:25:69:8D:47:AC:9C:89:35:90:F7:FD:51:3D:2F -# Fingerprint (SHA1): 58:E8:AB:B0:36:15:33:FB:80:F7:9B:1B:6D:29:D3:FF:8D:5F:00:F0 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "D-TRUST Root Class 3 CA 2 2009" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\130\350\253\260\066\025\063\373\200\367\233\033\155\051\323\377 -\215\137\000\360 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\315\340\045\151\215\107\254\234\211\065\220\367\375\121\075\057 -END -CKA_ISSUER MULTILINE_OCTAL -\060\115\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163 -\164\040\107\155\142\110\061\047\060\045\006\003\125\004\003\014 -\036\104\055\124\122\125\123\124\040\122\157\157\164\040\103\154 -\141\163\163\040\063\040\103\101\040\062\040\062\060\060\071 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\003\011\203\363 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "D-TRUST Root Class 3 CA 2 EV 2009" -# -# Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE -# Serial Number: 623604 (0x983f4) -# Subject: CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE -# Not Valid Before: Thu Nov 05 08:50:46 2009 -# Not Valid After : Mon Nov 05 08:50:46 2029 -# Fingerprint (MD5): AA:C6:43:2C:5E:2D:CD:C4:34:C0:50:4F:11:02:4F:B6 -# Fingerprint (SHA1): 96:C9:1B:0B:95:B4:10:98:42:FA:D0:D8:22:79:FE:60:FA:B9:16:83 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "D-TRUST Root Class 3 CA 2 EV 2009" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\120\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163 -\164\040\107\155\142\110\061\052\060\050\006\003\125\004\003\014 -\041\104\055\124\122\125\123\124\040\122\157\157\164\040\103\154 -\141\163\163\040\063\040\103\101\040\062\040\105\126\040\062\060 -\060\071 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\120\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163 -\164\040\107\155\142\110\061\052\060\050\006\003\125\004\003\014 -\041\104\055\124\122\125\123\124\040\122\157\157\164\040\103\154 -\141\163\163\040\063\040\103\101\040\062\040\105\126\040\062\060 -\060\071 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\003\011\203\364 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\103\060\202\003\053\240\003\002\001\002\002\003\011 -\203\364\060\015\006\011\052\206\110\206\367\015\001\001\013\005 -\000\060\120\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165 -\163\164\040\107\155\142\110\061\052\060\050\006\003\125\004\003 -\014\041\104\055\124\122\125\123\124\040\122\157\157\164\040\103 -\154\141\163\163\040\063\040\103\101\040\062\040\105\126\040\062 -\060\060\071\060\036\027\015\060\071\061\061\060\065\060\070\065 -\060\064\066\132\027\015\062\071\061\061\060\065\060\070\065\060 -\064\066\132\060\120\061\013\060\011\006\003\125\004\006\023\002 -\104\105\061\025\060\023\006\003\125\004\012\014\014\104\055\124 -\162\165\163\164\040\107\155\142\110\061\052\060\050\006\003\125 -\004\003\014\041\104\055\124\122\125\123\124\040\122\157\157\164 -\040\103\154\141\163\163\040\063\040\103\101\040\062\040\105\126 -\040\062\060\060\071\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\231\361\204\064\160\272\057\267\060\240 -\216\275\174\004\317\276\142\274\231\375\202\227\322\172\012\147 -\226\070\011\366\020\116\225\042\163\231\215\332\025\055\347\005 -\374\031\163\042\267\216\230\000\274\074\075\254\241\154\373\326 -\171\045\113\255\360\314\144\332\210\076\051\270\017\011\323\064 -\335\063\365\142\321\341\315\031\351\356\030\117\114\130\256\342 -\036\326\014\133\025\132\330\072\270\304\030\144\036\343\063\262 -\265\211\167\116\014\277\331\224\153\023\227\157\022\243\376\231 -\251\004\314\025\354\140\150\066\355\010\173\267\365\277\223\355 -\146\061\203\214\306\161\064\207\116\027\352\257\213\221\215\034 -\126\101\256\042\067\136\067\362\035\331\321\055\015\057\151\121 -\247\276\146\246\212\072\052\275\307\032\261\341\024\360\276\072 -\035\271\317\133\261\152\376\264\261\106\040\242\373\036\073\160 -\357\223\230\175\214\163\226\362\305\357\205\160\255\051\046\374 -\036\004\076\034\240\330\017\313\122\203\142\174\356\213\123\225 -\220\251\127\242\352\141\005\330\371\115\304\047\372\156\255\355 -\371\327\121\367\153\245\002\003\001\000\001\243\202\001\044\060 -\202\001\040\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024\323 -\224\212\114\142\023\052\031\056\314\257\162\212\175\066\327\232 -\034\334\147\060\016\006\003\125\035\017\001\001\377\004\004\003 -\002\001\006\060\201\335\006\003\125\035\037\004\201\325\060\201 -\322\060\201\207\240\201\204\240\201\201\206\177\154\144\141\160 -\072\057\057\144\151\162\145\143\164\157\162\171\056\144\055\164 -\162\165\163\164\056\156\145\164\057\103\116\075\104\055\124\122 -\125\123\124\045\062\060\122\157\157\164\045\062\060\103\154\141 -\163\163\045\062\060\063\045\062\060\103\101\045\062\060\062\045 -\062\060\105\126\045\062\060\062\060\060\071\054\117\075\104\055 -\124\162\165\163\164\045\062\060\107\155\142\110\054\103\075\104 -\105\077\143\145\162\164\151\146\151\143\141\164\145\162\145\166 -\157\143\141\164\151\157\156\154\151\163\164\060\106\240\104\240 -\102\206\100\150\164\164\160\072\057\057\167\167\167\056\144\055 -\164\162\165\163\164\056\156\145\164\057\143\162\154\057\144\055 -\164\162\165\163\164\137\162\157\157\164\137\143\154\141\163\163 -\137\063\137\143\141\137\062\137\145\166\137\062\060\060\071\056 -\143\162\154\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\003\202\001\001\000\064\355\173\132\074\244\224\210\357 -\032\021\165\007\057\263\376\074\372\036\121\046\353\207\366\051 -\336\340\361\324\306\044\011\351\301\317\125\033\264\060\331\316 -\032\376\006\121\246\025\244\055\357\262\113\277\040\050\045\111 -\321\246\066\167\064\350\144\337\122\261\021\307\163\172\315\071 -\236\302\255\214\161\041\362\132\153\257\337\074\116\125\257\262 -\204\145\024\211\271\167\313\052\061\276\317\243\155\317\157\110 -\224\062\106\157\347\161\214\240\246\204\031\067\007\362\003\105 -\011\053\206\165\174\337\137\151\127\000\333\156\330\246\162\042 -\113\120\324\165\230\126\337\267\030\377\103\103\120\256\172\104 -\173\360\171\121\327\103\075\247\323\201\323\360\311\117\271\332 -\306\227\206\320\202\303\344\102\155\376\260\342\144\116\016\046 -\347\100\064\046\265\010\211\327\010\143\143\070\047\165\036\063 -\352\156\250\335\237\231\117\164\115\201\211\200\113\335\232\227 -\051\134\057\276\201\101\271\214\377\352\175\140\006\236\315\327 -\075\323\056\243\025\274\250\346\046\345\157\303\334\270\003\041 -\352\237\026\361\054\124\265 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "D-TRUST Root Class 3 CA 2 EV 2009" -# Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE -# Serial Number: 623604 (0x983f4) -# Subject: CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE -# Not Valid Before: Thu Nov 05 08:50:46 2009 -# Not Valid After : Mon Nov 05 08:50:46 2029 -# Fingerprint (MD5): AA:C6:43:2C:5E:2D:CD:C4:34:C0:50:4F:11:02:4F:B6 -# Fingerprint (SHA1): 96:C9:1B:0B:95:B4:10:98:42:FA:D0:D8:22:79:FE:60:FA:B9:16:83 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "D-TRUST Root Class 3 CA 2 EV 2009" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\226\311\033\013\225\264\020\230\102\372\320\330\042\171\376\140 -\372\271\026\203 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\252\306\103\054\136\055\315\304\064\300\120\117\021\002\117\266 -END -CKA_ISSUER MULTILINE_OCTAL -\060\120\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163 -\164\040\107\155\142\110\061\052\060\050\006\003\125\004\003\014 -\041\104\055\124\122\125\123\124\040\122\157\157\164\040\103\154 -\141\163\163\040\063\040\103\101\040\062\040\105\126\040\062\060 -\060\071 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\003\011\203\364 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "CA Disig Root R2" -# -# Issuer: CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK -# Serial Number:00:92:b8:88:db:b0:8a:c1:63 -# Subject: CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK -# Not Valid Before: Thu Jul 19 09:15:30 2012 -# Not Valid After : Sat Jul 19 09:15:30 2042 -# Fingerprint (MD5): 26:01:FB:D8:27:A7:17:9A:45:54:38:1A:43:01:3B:03 -# Fingerprint (SHA1): B5:61:EB:EA:A4:DE:E4:25:4B:69:1A:98:A5:57:47:C2:34:C7:D9:71 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "CA Disig Root R2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\122\061\013\060\011\006\003\125\004\006\023\002\123\113\061 -\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163 -\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104 -\151\163\151\147\040\141\056\163\056\061\031\060\027\006\003\125 -\004\003\023\020\103\101\040\104\151\163\151\147\040\122\157\157 -\164\040\122\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\122\061\013\060\011\006\003\125\004\006\023\002\123\113\061 -\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163 -\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104 -\151\163\151\147\040\141\056\163\056\061\031\060\027\006\003\125 -\004\003\023\020\103\101\040\104\151\163\151\147\040\122\157\157 -\164\040\122\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\222\270\210\333\260\212\301\143 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\151\060\202\003\121\240\003\002\001\002\002\011\000 -\222\270\210\333\260\212\301\143\060\015\006\011\052\206\110\206 -\367\015\001\001\013\005\000\060\122\061\013\060\011\006\003\125 -\004\006\023\002\123\113\061\023\060\021\006\003\125\004\007\023 -\012\102\162\141\164\151\163\154\141\166\141\061\023\060\021\006 -\003\125\004\012\023\012\104\151\163\151\147\040\141\056\163\056 -\061\031\060\027\006\003\125\004\003\023\020\103\101\040\104\151 -\163\151\147\040\122\157\157\164\040\122\062\060\036\027\015\061 -\062\060\067\061\071\060\071\061\065\063\060\132\027\015\064\062 -\060\067\061\071\060\071\061\065\063\060\132\060\122\061\013\060 -\011\006\003\125\004\006\023\002\123\113\061\023\060\021\006\003 -\125\004\007\023\012\102\162\141\164\151\163\154\141\166\141\061 -\023\060\021\006\003\125\004\012\023\012\104\151\163\151\147\040 -\141\056\163\056\061\031\060\027\006\003\125\004\003\023\020\103 -\101\040\104\151\163\151\147\040\122\157\157\164\040\122\062\060 -\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001 -\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000 -\242\243\304\000\011\326\205\135\055\155\024\366\302\303\163\236 -\065\302\161\125\176\201\373\253\106\120\340\301\174\111\170\346 -\253\171\130\074\332\377\174\034\237\330\227\002\170\076\153\101 -\004\351\101\275\276\003\054\105\366\057\144\324\253\135\243\107 -\075\144\233\351\150\232\306\314\033\077\272\276\262\213\064\002 -\056\230\125\031\374\214\157\252\137\332\114\316\115\003\041\243 -\330\322\064\223\126\226\313\114\014\000\026\074\137\032\315\310 -\307\154\246\255\323\061\247\274\350\345\341\146\326\322\373\003 -\264\101\145\311\020\256\016\005\143\306\200\152\151\060\375\322 -\356\220\357\015\047\337\237\225\163\364\341\045\332\154\026\336 -\101\070\064\352\213\374\321\350\004\024\141\055\101\176\254\307 -\167\116\313\121\124\373\136\222\030\033\004\132\150\306\311\304 -\372\267\023\240\230\267\021\053\267\326\127\314\174\236\027\321 -\313\045\376\206\116\044\056\126\014\170\115\236\001\022\246\053 -\247\001\145\156\174\142\035\204\204\337\352\300\153\265\245\052 -\225\203\303\123\021\014\163\035\013\262\106\220\321\102\072\316 -\100\156\225\255\377\306\224\255\156\227\204\216\175\157\236\212 -\200\015\111\155\163\342\173\222\036\303\363\301\363\353\056\005 -\157\331\033\317\067\166\004\310\264\132\344\027\247\313\335\166 -\037\320\031\166\350\054\005\263\326\234\064\330\226\334\141\207 -\221\005\344\104\010\063\301\332\271\010\145\324\256\262\066\015 -\353\272\070\272\014\345\233\236\353\215\146\335\231\317\326\211 -\101\366\004\222\212\051\051\155\153\072\034\347\165\175\002\161 -\016\363\300\347\275\313\031\335\235\140\262\302\146\140\266\261 -\004\356\311\346\206\271\232\146\100\250\347\021\355\201\105\003 -\213\366\147\131\350\301\006\021\275\335\317\200\002\117\145\100 -\170\134\107\120\310\233\346\037\201\173\344\104\250\133\205\232 -\342\336\132\325\307\371\072\104\146\113\344\062\124\174\344\154 -\234\263\016\075\027\242\262\064\022\326\176\262\250\111\273\321 -\172\050\100\276\242\026\037\337\344\067\037\021\163\373\220\012 -\145\103\242\015\174\370\006\001\125\063\175\260\015\270\364\365 -\256\245\102\127\174\066\021\214\173\136\304\003\235\214\171\235 -\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035 -\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125\035 -\016\004\026\004\024\265\231\370\257\260\224\365\343\040\326\012 -\255\316\116\126\244\056\156\102\355\060\015\006\011\052\206\110 -\206\367\015\001\001\013\005\000\003\202\002\001\000\046\006\136 -\160\347\145\063\310\202\156\331\234\027\072\033\172\146\262\001 -\366\170\073\151\136\057\352\377\116\371\050\303\230\052\141\114 -\264\044\022\212\175\155\021\024\367\234\265\312\346\274\236\047 -\216\114\031\310\251\275\172\300\327\066\016\155\205\162\156\250 -\306\242\155\366\372\163\143\177\274\156\171\010\034\235\212\237 -\032\212\123\246\330\273\331\065\125\261\021\305\251\003\263\126 -\073\271\204\223\042\136\176\301\366\022\122\213\352\054\147\274 -\376\066\114\365\270\317\321\263\111\222\073\323\051\016\231\033 -\226\367\141\270\073\304\053\266\170\154\264\043\157\360\375\323 -\262\136\165\037\231\225\250\254\366\332\341\305\061\173\373\321 -\106\263\322\274\147\264\142\124\272\011\367\143\260\223\242\232 -\371\351\122\056\213\140\022\253\374\365\140\126\357\020\134\213 -\304\032\102\334\203\133\144\016\313\265\274\326\117\301\174\074 -\156\215\023\155\373\173\353\060\320\334\115\257\305\325\266\245 -\114\133\161\311\350\061\276\350\070\006\110\241\032\342\352\322 -\336\022\071\130\032\377\200\016\202\165\346\267\311\007\154\016 -\357\377\070\361\230\161\304\267\177\016\025\320\045\151\275\042 -\235\053\355\005\366\106\107\254\355\300\360\324\073\342\354\356 -\226\133\220\023\116\036\126\072\353\260\357\226\273\226\043\021 -\272\362\103\206\164\144\225\310\050\165\337\035\065\272\322\067 -\203\070\123\070\066\073\317\154\351\371\153\016\320\373\004\350 -\117\167\327\145\001\170\206\014\172\076\041\142\361\177\143\161 -\014\311\237\104\333\250\047\242\165\276\156\201\076\327\300\353 -\033\230\017\160\134\064\262\212\314\300\205\030\353\156\172\263 -\367\132\241\007\277\251\102\222\363\140\042\227\344\024\241\007 -\233\116\166\300\216\175\375\244\045\307\107\355\377\037\163\254 -\314\303\245\351\157\012\216\233\145\302\120\205\265\243\240\123 -\022\314\125\207\141\363\201\256\020\106\141\275\104\041\270\302 -\075\164\317\176\044\065\372\034\007\016\233\075\042\312\357\061 -\057\214\254\022\275\357\100\050\374\051\147\237\262\023\117\146 -\044\304\123\031\351\036\051\025\357\346\155\260\177\055\147\375 -\363\154\033\165\106\243\345\112\027\351\244\327\013 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "CA Disig Root R2" -# Issuer: CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK -# Serial Number:00:92:b8:88:db:b0:8a:c1:63 -# Subject: CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK -# Not Valid Before: Thu Jul 19 09:15:30 2012 -# Not Valid After : Sat Jul 19 09:15:30 2042 -# Fingerprint (MD5): 26:01:FB:D8:27:A7:17:9A:45:54:38:1A:43:01:3B:03 -# Fingerprint (SHA1): B5:61:EB:EA:A4:DE:E4:25:4B:69:1A:98:A5:57:47:C2:34:C7:D9:71 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "CA Disig Root R2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\265\141\353\352\244\336\344\045\113\151\032\230\245\127\107\302 -\064\307\331\161 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\046\001\373\330\047\247\027\232\105\124\070\032\103\001\073\003 -END -CKA_ISSUER MULTILINE_OCTAL -\060\122\061\013\060\011\006\003\125\004\006\023\002\123\113\061 -\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163 -\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104 -\151\163\151\147\040\141\056\163\056\061\031\060\027\006\003\125 -\004\003\023\020\103\101\040\104\151\163\151\147\040\122\157\157 -\164\040\122\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\222\270\210\333\260\212\301\143 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "ACCVRAIZ1" -# -# Issuer: C=ES,O=ACCV,OU=PKIACCV,CN=ACCVRAIZ1 -# Serial Number:5e:c3:b7:a6:43:7f:a4:e0 -# Subject: C=ES,O=ACCV,OU=PKIACCV,CN=ACCVRAIZ1 -# Not Valid Before: Thu May 05 09:37:37 2011 -# Not Valid After : Tue Dec 31 09:37:37 2030 -# Fingerprint (MD5): D0:A0:5A:EE:05:B6:09:94:21:A1:7D:F1:B2:29:82:02 -# Fingerprint (SHA1): 93:05:7A:88:15:C6:4F:CE:88:2F:FA:91:16:52:28:78:BC:53:64:17 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "ACCVRAIZ1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\102\061\022\060\020\006\003\125\004\003\014\011\101\103\103 -\126\122\101\111\132\061\061\020\060\016\006\003\125\004\013\014 -\007\120\113\111\101\103\103\126\061\015\060\013\006\003\125\004 -\012\014\004\101\103\103\126\061\013\060\011\006\003\125\004\006 -\023\002\105\123 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\102\061\022\060\020\006\003\125\004\003\014\011\101\103\103 -\126\122\101\111\132\061\061\020\060\016\006\003\125\004\013\014 -\007\120\113\111\101\103\103\126\061\015\060\013\006\003\125\004 -\012\014\004\101\103\103\126\061\013\060\011\006\003\125\004\006 -\023\002\105\123 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\136\303\267\246\103\177\244\340 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\007\323\060\202\005\273\240\003\002\001\002\002\010\136 -\303\267\246\103\177\244\340\060\015\006\011\052\206\110\206\367 -\015\001\001\005\005\000\060\102\061\022\060\020\006\003\125\004 -\003\014\011\101\103\103\126\122\101\111\132\061\061\020\060\016 -\006\003\125\004\013\014\007\120\113\111\101\103\103\126\061\015 -\060\013\006\003\125\004\012\014\004\101\103\103\126\061\013\060 -\011\006\003\125\004\006\023\002\105\123\060\036\027\015\061\061 -\060\065\060\065\060\071\063\067\063\067\132\027\015\063\060\061 -\062\063\061\060\071\063\067\063\067\132\060\102\061\022\060\020 -\006\003\125\004\003\014\011\101\103\103\126\122\101\111\132\061 -\061\020\060\016\006\003\125\004\013\014\007\120\113\111\101\103 -\103\126\061\015\060\013\006\003\125\004\012\014\004\101\103\103 -\126\061\013\060\011\006\003\125\004\006\023\002\105\123\060\202 -\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005 -\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000\233 -\251\253\277\141\112\227\257\057\227\146\232\164\137\320\331\226 -\375\317\342\344\146\357\037\037\107\063\302\104\243\337\232\336 -\037\265\124\335\025\174\151\065\021\157\273\310\014\216\152\030 -\036\330\217\331\026\274\020\110\066\134\360\143\263\220\132\134 -\044\067\327\243\326\313\011\161\271\361\001\162\204\260\175\333 -\115\200\315\374\323\157\311\370\332\266\016\202\322\105\205\250 -\033\150\250\075\350\364\104\154\275\241\302\313\003\276\214\076 -\023\000\204\337\112\110\300\343\042\012\350\351\067\247\030\114 -\261\011\015\043\126\177\004\115\331\027\204\030\245\310\332\100 -\224\163\353\316\016\127\074\003\201\072\235\012\241\127\103\151 -\254\127\155\171\220\170\345\265\264\073\330\274\114\215\050\241 -\247\243\247\272\002\116\045\321\052\256\355\256\003\042\270\153 -\040\017\060\050\124\225\177\340\356\316\012\146\235\321\100\055 -\156\042\257\235\032\301\005\031\322\157\300\362\237\370\173\263 -\002\102\373\120\251\035\055\223\017\043\253\306\301\017\222\377 -\320\242\025\365\123\011\161\034\377\105\023\204\346\046\136\370 -\340\210\034\012\374\026\266\250\163\006\270\360\143\204\002\240 -\306\132\354\347\164\337\160\256\243\203\045\352\326\307\227\207 -\223\247\306\212\212\063\227\140\067\020\076\227\076\156\051\025 -\326\241\017\321\210\054\022\237\157\252\244\306\102\353\101\242 -\343\225\103\323\001\205\155\216\273\073\363\043\066\307\376\073 -\340\241\045\007\110\253\311\211\164\377\010\217\200\277\300\226 -\145\363\356\354\113\150\275\235\210\303\061\263\100\361\350\317 -\366\070\273\234\344\321\177\324\345\130\233\174\372\324\363\016 -\233\165\221\344\272\122\056\031\176\321\365\315\132\031\374\272 -\006\366\373\122\250\113\231\004\335\370\371\264\213\120\243\116 -\142\211\360\207\044\372\203\102\301\207\372\325\055\051\052\132 -\161\172\144\152\327\047\140\143\015\333\316\111\365\215\037\220 -\211\062\027\370\163\103\270\322\132\223\206\141\326\341\165\012 -\352\171\146\166\210\117\161\353\004\045\326\012\132\172\223\345 -\271\113\027\100\017\261\266\271\365\336\117\334\340\263\254\073 -\021\160\140\204\112\103\156\231\040\300\051\161\012\300\145\002 -\003\001\000\001\243\202\002\313\060\202\002\307\060\175\006\010 -\053\006\001\005\005\007\001\001\004\161\060\157\060\114\006\010 -\053\006\001\005\005\007\060\002\206\100\150\164\164\160\072\057 -\057\167\167\167\056\141\143\143\166\056\145\163\057\146\151\154 -\145\141\144\155\151\156\057\101\162\143\150\151\166\157\163\057 -\143\145\162\164\151\146\151\143\141\144\157\163\057\162\141\151 -\172\141\143\143\166\061\056\143\162\164\060\037\006\010\053\006 -\001\005\005\007\060\001\206\023\150\164\164\160\072\057\057\157 -\143\163\160\056\141\143\143\166\056\145\163\060\035\006\003\125 -\035\016\004\026\004\024\322\207\264\343\337\067\047\223\125\366 -\126\352\201\345\066\314\214\036\077\275\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\037\006\003\125 -\035\043\004\030\060\026\200\024\322\207\264\343\337\067\047\223 -\125\366\126\352\201\345\066\314\214\036\077\275\060\202\001\163 -\006\003\125\035\040\004\202\001\152\060\202\001\146\060\202\001 -\142\006\004\125\035\040\000\060\202\001\130\060\202\001\042\006 -\010\053\006\001\005\005\007\002\002\060\202\001\024\036\202\001 -\020\000\101\000\165\000\164\000\157\000\162\000\151\000\144\000 -\141\000\144\000\040\000\144\000\145\000\040\000\103\000\145\000 -\162\000\164\000\151\000\146\000\151\000\143\000\141\000\143\000 -\151\000\363\000\156\000\040\000\122\000\141\000\355\000\172\000 -\040\000\144\000\145\000\040\000\154\000\141\000\040\000\101\000 -\103\000\103\000\126\000\040\000\050\000\101\000\147\000\145\000 -\156\000\143\000\151\000\141\000\040\000\144\000\145\000\040\000 -\124\000\145\000\143\000\156\000\157\000\154\000\157\000\147\000 -\355\000\141\000\040\000\171\000\040\000\103\000\145\000\162\000 -\164\000\151\000\146\000\151\000\143\000\141\000\143\000\151\000 -\363\000\156\000\040\000\105\000\154\000\145\000\143\000\164\000 -\162\000\363\000\156\000\151\000\143\000\141\000\054\000\040\000 -\103\000\111\000\106\000\040\000\121\000\064\000\066\000\060\000 -\061\000\061\000\065\000\066\000\105\000\051\000\056\000\040\000 -\103\000\120\000\123\000\040\000\145\000\156\000\040\000\150\000 -\164\000\164\000\160\000\072\000\057\000\057\000\167\000\167\000 -\167\000\056\000\141\000\143\000\143\000\166\000\056\000\145\000 -\163\060\060\006\010\053\006\001\005\005\007\002\001\026\044\150 -\164\164\160\072\057\057\167\167\167\056\141\143\143\166\056\145 -\163\057\154\145\147\151\163\154\141\143\151\157\156\137\143\056 -\150\164\155\060\125\006\003\125\035\037\004\116\060\114\060\112 -\240\110\240\106\206\104\150\164\164\160\072\057\057\167\167\167 -\056\141\143\143\166\056\145\163\057\146\151\154\145\141\144\155 -\151\156\057\101\162\143\150\151\166\157\163\057\143\145\162\164 -\151\146\151\143\141\144\157\163\057\162\141\151\172\141\143\143 -\166\061\137\144\145\162\056\143\162\154\060\016\006\003\125\035 -\017\001\001\377\004\004\003\002\001\006\060\027\006\003\125\035 -\021\004\020\060\016\201\014\141\143\143\166\100\141\143\143\166 -\056\145\163\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\003\202\002\001\000\227\061\002\237\347\375\103\147\110 -\104\024\344\051\207\355\114\050\146\320\217\065\332\115\141\267 -\112\227\115\265\333\220\340\005\056\016\306\171\320\362\227\151 -\017\275\004\107\331\276\333\265\051\332\233\331\256\251\231\325 -\323\074\060\223\365\215\241\250\374\006\215\104\364\312\026\225 -\174\063\334\142\213\250\067\370\047\330\011\055\033\357\310\024 -\047\040\251\144\104\377\056\326\165\252\154\115\140\100\031\111 -\103\124\143\332\342\314\272\146\345\117\104\172\133\331\152\201 -\053\100\325\177\371\001\047\130\054\310\355\110\221\174\077\246 -\000\317\304\051\163\021\066\336\206\031\076\235\356\031\212\033 -\325\260\355\216\075\234\052\300\015\330\075\146\343\074\015\275 -\325\224\134\342\342\247\065\033\004\000\366\077\132\215\352\103 -\275\137\211\035\251\301\260\314\231\342\115\000\012\332\311\047 -\133\347\023\220\134\344\365\063\242\125\155\334\340\011\115\057 -\261\046\133\047\165\000\011\304\142\167\051\010\137\236\131\254 -\266\176\255\237\124\060\042\003\301\036\161\144\376\371\070\012 -\226\030\335\002\024\254\043\313\006\034\036\244\175\215\015\336 -\047\101\350\255\332\025\267\260\043\335\053\250\323\332\045\207 -\355\350\125\104\115\210\364\066\176\204\232\170\254\367\016\126 -\111\016\326\063\045\326\204\120\102\154\040\022\035\052\325\276 -\274\362\160\201\244\160\140\276\005\265\233\236\004\104\276\141 -\043\254\351\245\044\214\021\200\224\132\242\242\271\111\322\301 -\334\321\247\355\061\021\054\236\031\246\356\341\125\341\300\352 -\317\015\204\344\027\267\242\174\245\336\125\045\006\356\314\300 -\207\134\100\332\314\225\077\125\340\065\307\270\204\276\264\135 -\315\172\203\001\162\356\207\346\137\035\256\265\205\306\046\337 -\346\301\232\351\036\002\107\237\052\250\155\251\133\317\354\105 -\167\177\230\047\232\062\135\052\343\204\356\305\230\146\057\226 -\040\035\335\330\303\047\327\260\371\376\331\175\315\320\237\217 -\013\024\130\121\237\057\213\303\070\055\336\350\217\326\215\207 -\244\365\126\103\026\231\054\364\244\126\264\064\270\141\067\311 -\302\130\200\033\240\227\241\374\131\215\351\021\366\321\017\113 -\125\064\106\052\213\206\073 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "ACCVRAIZ1" -# Issuer: C=ES,O=ACCV,OU=PKIACCV,CN=ACCVRAIZ1 -# Serial Number:5e:c3:b7:a6:43:7f:a4:e0 -# Subject: C=ES,O=ACCV,OU=PKIACCV,CN=ACCVRAIZ1 -# Not Valid Before: Thu May 05 09:37:37 2011 -# Not Valid After : Tue Dec 31 09:37:37 2030 -# Fingerprint (MD5): D0:A0:5A:EE:05:B6:09:94:21:A1:7D:F1:B2:29:82:02 -# Fingerprint (SHA1): 93:05:7A:88:15:C6:4F:CE:88:2F:FA:91:16:52:28:78:BC:53:64:17 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "ACCVRAIZ1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\223\005\172\210\025\306\117\316\210\057\372\221\026\122\050\170 -\274\123\144\027 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\320\240\132\356\005\266\011\224\041\241\175\361\262\051\202\002 -END -CKA_ISSUER MULTILINE_OCTAL -\060\102\061\022\060\020\006\003\125\004\003\014\011\101\103\103 -\126\122\101\111\132\061\061\020\060\016\006\003\125\004\013\014 -\007\120\113\111\101\103\103\126\061\015\060\013\006\003\125\004 -\012\014\004\101\103\103\126\061\013\060\011\006\003\125\004\006 -\023\002\105\123 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\136\303\267\246\103\177\244\340 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "TWCA Global Root CA" -# -# Issuer: CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW -# Serial Number: 3262 (0xcbe) -# Subject: CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW -# Not Valid Before: Wed Jun 27 06:28:33 2012 -# Not Valid After : Tue Dec 31 15:59:59 2030 -# Fingerprint (MD5): F9:03:7E:CF:E6:9E:3C:73:7A:2A:90:07:69:FF:2B:96 -# Fingerprint (SHA1): 9C:BB:48:53:F6:A4:F6:D3:52:A4:E8:32:52:55:60:13:F5:AD:AF:65 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TWCA Global Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\121\061\013\060\011\006\003\125\004\006\023\002\124\127\061 -\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116 -\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157 -\157\164\040\103\101\061\034\060\032\006\003\125\004\003\023\023 -\124\127\103\101\040\107\154\157\142\141\154\040\122\157\157\164 -\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\121\061\013\060\011\006\003\125\004\006\023\002\124\127\061 -\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116 -\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157 -\157\164\040\103\101\061\034\060\032\006\003\125\004\003\023\023 -\124\127\103\101\040\107\154\157\142\141\154\040\122\157\157\164 -\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\014\276 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\101\060\202\003\051\240\003\002\001\002\002\002\014 -\276\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000 -\060\121\061\013\060\011\006\003\125\004\006\023\002\124\127\061 -\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116 -\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157 -\157\164\040\103\101\061\034\060\032\006\003\125\004\003\023\023 -\124\127\103\101\040\107\154\157\142\141\154\040\122\157\157\164 -\040\103\101\060\036\027\015\061\062\060\066\062\067\060\066\062 -\070\063\063\132\027\015\063\060\061\062\063\061\061\065\065\071 -\065\071\132\060\121\061\013\060\011\006\003\125\004\006\023\002 -\124\127\061\022\060\020\006\003\125\004\012\023\011\124\101\111 -\127\101\116\055\103\101\061\020\060\016\006\003\125\004\013\023 -\007\122\157\157\164\040\103\101\061\034\060\032\006\003\125\004 -\003\023\023\124\127\103\101\040\107\154\157\142\141\154\040\122 -\157\157\164\040\103\101\060\202\002\042\060\015\006\011\052\206 -\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202 -\002\012\002\202\002\001\000\260\005\333\310\353\214\304\156\212 -\041\357\216\115\234\161\012\037\122\160\355\155\202\234\227\305 -\327\114\116\105\111\313\100\102\265\022\064\154\031\302\164\244 -\061\137\205\002\227\354\103\063\012\123\322\234\214\216\267\270 -\171\333\053\325\152\362\216\146\304\356\053\001\007\222\324\263 -\320\002\337\120\366\125\257\146\016\313\340\107\140\057\053\062 -\071\065\122\072\050\203\370\173\026\306\030\270\142\326\107\045 -\221\316\360\031\022\115\255\143\365\323\077\165\137\051\360\241 -\060\034\052\240\230\246\025\275\356\375\031\066\360\342\221\103 -\217\372\312\326\020\047\111\114\357\335\301\361\205\160\233\312 -\352\250\132\103\374\155\206\157\163\351\067\105\251\360\066\307 -\314\210\165\036\273\154\006\377\233\153\076\027\354\141\252\161 -\174\306\035\242\367\111\351\025\265\074\326\241\141\365\021\367 -\005\157\035\375\021\276\320\060\007\302\051\260\011\116\046\334 -\343\242\250\221\152\037\302\221\105\210\134\345\230\270\161\245 -\025\031\311\174\165\021\314\160\164\117\055\233\035\221\104\375 -\126\050\240\376\273\206\152\310\372\134\013\130\334\306\113\166 -\310\253\042\331\163\017\245\364\132\002\211\077\117\236\042\202 -\356\242\164\123\052\075\123\047\151\035\154\216\062\054\144\000 -\046\143\141\066\116\243\106\267\077\175\263\055\254\155\220\242 -\225\242\316\317\332\202\347\007\064\031\226\351\270\041\252\051 -\176\246\070\276\216\051\112\041\146\171\037\263\303\265\011\147 -\336\326\324\007\106\363\052\332\346\042\067\140\313\201\266\017 -\240\017\351\310\225\177\277\125\221\005\172\317\075\025\300\157 -\336\011\224\001\203\327\064\033\314\100\245\360\270\233\147\325 -\230\221\073\247\204\170\225\046\244\132\010\370\053\164\264\000 -\004\074\337\270\024\216\350\337\251\215\154\147\222\063\035\300 -\267\322\354\222\310\276\011\277\054\051\005\157\002\153\236\357 -\274\277\052\274\133\300\120\217\101\160\161\207\262\115\267\004 -\251\204\243\062\257\256\356\153\027\213\262\261\376\154\341\220 -\214\210\250\227\110\316\310\115\313\363\006\317\137\152\012\102 -\261\036\036\167\057\216\240\346\222\016\006\374\005\042\322\046 -\341\061\121\175\062\334\017\002\003\001\000\001\243\043\060\041 -\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006 -\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 -\377\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000 -\003\202\002\001\000\137\064\201\166\357\226\035\325\345\265\331 -\002\143\204\026\301\256\240\160\121\247\367\114\107\065\310\013 -\327\050\075\211\161\331\252\063\101\352\024\033\154\041\000\300 -\154\102\031\176\237\151\133\040\102\337\242\322\332\304\174\227 -\113\215\260\350\254\310\356\245\151\004\231\012\222\246\253\047 -\056\032\115\201\277\204\324\160\036\255\107\376\375\112\235\063 -\340\362\271\304\105\010\041\012\332\151\151\163\162\015\276\064 -\376\224\213\255\303\036\065\327\242\203\357\345\070\307\245\205 -\037\253\317\064\354\077\050\376\014\361\127\206\116\311\125\367 -\034\324\330\245\175\006\172\157\325\337\020\337\201\116\041\145 -\261\266\341\027\171\225\105\006\316\137\314\334\106\211\143\150 -\104\215\223\364\144\160\240\075\235\050\005\303\071\160\270\142 -\173\040\375\344\333\351\010\241\270\236\075\011\307\117\373\054 -\370\223\166\101\336\122\340\341\127\322\235\003\274\167\236\376 -\236\051\136\367\301\121\140\037\336\332\013\262\055\165\267\103 -\110\223\347\366\171\306\204\135\200\131\140\224\374\170\230\217 -\074\223\121\355\100\220\007\337\144\143\044\313\116\161\005\241 -\327\224\032\210\062\361\042\164\042\256\245\246\330\022\151\114 -\140\243\002\356\053\354\324\143\222\013\136\276\057\166\153\243 -\266\046\274\217\003\330\012\362\114\144\106\275\071\142\345\226 -\353\064\143\021\050\314\225\361\255\357\357\334\200\130\110\351 -\113\270\352\145\254\351\374\200\265\265\310\105\371\254\301\237 -\331\271\352\142\210\216\304\361\113\203\022\255\346\213\204\326 -\236\302\353\203\030\237\152\273\033\044\140\063\160\314\354\367 -\062\363\134\331\171\175\357\236\244\376\311\043\303\044\356\025 -\222\261\075\221\117\046\206\275\146\163\044\023\352\244\256\143 -\301\255\175\204\003\074\020\170\206\033\171\343\304\363\362\004 -\225\040\256\043\202\304\263\072\000\142\277\346\066\044\341\127 -\272\307\036\220\165\325\137\077\225\141\053\301\073\315\345\263 -\150\141\320\106\046\251\041\122\151\055\353\056\307\353\167\316 -\246\072\265\003\063\117\166\321\347\134\124\001\135\313\170\364 -\311\014\277\317\022\216\027\055\043\150\224\347\253\376\251\262 -\053\006\320\004\315 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "TWCA Global Root CA" -# Issuer: CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW -# Serial Number: 3262 (0xcbe) -# Subject: CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW -# Not Valid Before: Wed Jun 27 06:28:33 2012 -# Not Valid After : Tue Dec 31 15:59:59 2030 -# Fingerprint (MD5): F9:03:7E:CF:E6:9E:3C:73:7A:2A:90:07:69:FF:2B:96 -# Fingerprint (SHA1): 9C:BB:48:53:F6:A4:F6:D3:52:A4:E8:32:52:55:60:13:F5:AD:AF:65 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TWCA Global Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\234\273\110\123\366\244\366\323\122\244\350\062\122\125\140\023 -\365\255\257\145 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\371\003\176\317\346\236\074\163\172\052\220\007\151\377\053\226 -END -CKA_ISSUER MULTILINE_OCTAL -\060\121\061\013\060\011\006\003\125\004\006\023\002\124\127\061 -\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116 -\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157 -\157\164\040\103\101\061\034\060\032\006\003\125\004\003\023\023 -\124\127\103\101\040\107\154\157\142\141\154\040\122\157\157\164 -\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\002\014\276 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "TeliaSonera Root CA v1" -# -# Issuer: CN=TeliaSonera Root CA v1,O=TeliaSonera -# Serial Number:00:95:be:16:a0:f7:2e:46:f1:7b:39:82:72:fa:8b:cd:96 -# Subject: CN=TeliaSonera Root CA v1,O=TeliaSonera -# Not Valid Before: Thu Oct 18 12:00:50 2007 -# Not Valid After : Mon Oct 18 12:00:50 2032 -# Fingerprint (MD5): 37:41:49:1B:18:56:9A:26:F5:AD:C2:66:FB:40:A5:4C -# Fingerprint (SHA1): 43:13:BB:96:F1:D5:86:9B:C1:4E:6A:92:F6:CF:F6:34:69:87:82:37 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TeliaSonera Root CA v1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\067\061\024\060\022\006\003\125\004\012\014\013\124\145\154 -\151\141\123\157\156\145\162\141\061\037\060\035\006\003\125\004 -\003\014\026\124\145\154\151\141\123\157\156\145\162\141\040\122 -\157\157\164\040\103\101\040\166\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\067\061\024\060\022\006\003\125\004\012\014\013\124\145\154 -\151\141\123\157\156\145\162\141\061\037\060\035\006\003\125\004 -\003\014\026\124\145\154\151\141\123\157\156\145\162\141\040\122 -\157\157\164\040\103\101\040\166\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\225\276\026\240\367\056\106\361\173\071\202\162\372 -\213\315\226 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\070\060\202\003\040\240\003\002\001\002\002\021\000 -\225\276\026\240\367\056\106\361\173\071\202\162\372\213\315\226 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\067\061\024\060\022\006\003\125\004\012\014\013\124\145\154\151 -\141\123\157\156\145\162\141\061\037\060\035\006\003\125\004\003 -\014\026\124\145\154\151\141\123\157\156\145\162\141\040\122\157 -\157\164\040\103\101\040\166\061\060\036\027\015\060\067\061\060 -\061\070\061\062\060\060\065\060\132\027\015\063\062\061\060\061 -\070\061\062\060\060\065\060\132\060\067\061\024\060\022\006\003 -\125\004\012\014\013\124\145\154\151\141\123\157\156\145\162\141 -\061\037\060\035\006\003\125\004\003\014\026\124\145\154\151\141 -\123\157\156\145\162\141\040\122\157\157\164\040\103\101\040\166 -\061\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001 -\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002 -\001\000\302\276\353\047\360\041\243\363\151\046\125\176\235\305 -\125\026\221\134\375\357\041\277\123\200\172\055\322\221\214\143 -\061\360\354\044\360\303\245\322\162\174\020\155\364\067\267\345 -\346\174\171\352\214\265\202\213\256\110\266\254\000\334\145\165 -\354\052\115\137\301\207\365\040\145\053\201\250\107\076\211\043 -\225\060\026\220\177\350\127\007\110\347\031\256\277\105\147\261 -\067\033\006\052\376\336\371\254\175\203\373\136\272\344\217\227 -\147\276\113\216\215\144\007\127\070\125\151\064\066\075\023\110 -\357\117\342\323\146\036\244\317\032\267\136\066\063\324\264\006 -\275\030\001\375\167\204\120\000\105\365\214\135\350\043\274\176 -\376\065\341\355\120\173\251\060\215\031\323\011\216\150\147\135 -\277\074\227\030\123\273\051\142\305\312\136\162\301\307\226\324 -\333\055\240\264\037\151\003\354\352\342\120\361\014\074\360\254 -\363\123\055\360\034\365\355\154\071\071\163\200\026\310\122\260 -\043\315\340\076\334\335\074\107\240\273\065\212\342\230\150\213 -\276\345\277\162\356\322\372\245\355\022\355\374\230\030\251\046 -\166\334\050\113\020\040\034\323\177\026\167\055\355\157\200\367 -\111\273\123\005\273\135\150\307\324\310\165\026\077\211\132\213 -\367\027\107\324\114\361\322\211\171\076\115\075\230\250\141\336 -\072\036\322\370\136\003\340\301\311\034\214\323\215\115\323\225 -\066\263\067\137\143\143\233\063\024\360\055\046\153\123\174\211 -\214\062\302\156\354\075\041\000\071\311\241\150\342\120\203\056 -\260\072\053\363\066\240\254\057\344\157\141\302\121\011\071\076 -\213\123\271\273\147\332\334\123\271\166\131\066\235\103\345\040 -\340\075\062\140\205\042\121\267\307\063\273\335\025\057\244\170 -\246\007\173\201\106\066\004\206\335\171\065\307\225\054\073\260 -\243\027\065\345\163\037\264\134\131\357\332\352\020\145\173\172 -\320\177\237\263\264\052\067\073\160\213\233\133\271\053\267\354 -\262\121\022\227\123\051\132\324\360\022\020\334\117\002\273\022 -\222\057\142\324\077\151\103\174\015\326\374\130\165\001\210\235 -\130\026\113\336\272\220\377\107\001\211\006\152\366\137\262\220 -\152\263\002\246\002\210\277\263\107\176\052\331\325\372\150\170 -\065\115\002\003\001\000\001\243\077\060\075\060\017\006\003\125 -\035\023\001\001\377\004\005\060\003\001\001\377\060\013\006\003 -\125\035\017\004\004\003\002\001\006\060\035\006\003\125\035\016 -\004\026\004\024\360\217\131\070\000\263\365\217\232\226\014\325 -\353\372\173\252\027\350\023\022\060\015\006\011\052\206\110\206 -\367\015\001\001\005\005\000\003\202\002\001\000\276\344\134\142 -\116\044\364\014\010\377\360\323\014\150\344\223\111\042\077\104 -\047\157\273\155\336\203\146\316\250\314\015\374\365\232\006\345 -\167\024\221\353\235\101\173\231\052\204\345\377\374\041\301\135 -\360\344\037\127\267\165\251\241\137\002\046\377\327\307\367\116 -\336\117\370\367\034\106\300\172\117\100\054\042\065\360\031\261 -\320\153\147\054\260\250\340\300\100\067\065\366\204\134\134\343 -\257\102\170\376\247\311\015\120\352\015\204\166\366\121\357\203 -\123\306\172\377\016\126\111\056\217\172\326\014\346\047\124\343 -\115\012\140\162\142\315\221\007\326\245\277\310\231\153\355\304 -\031\346\253\114\021\070\305\157\061\342\156\111\310\077\166\200 -\046\003\046\051\340\066\366\366\040\123\343\027\160\064\027\235 -\143\150\036\153\354\303\115\206\270\023\060\057\135\106\015\107 -\103\325\033\252\131\016\271\134\215\006\110\255\164\207\137\307 -\374\061\124\101\023\342\307\041\016\236\340\036\015\341\300\173 -\103\205\220\305\212\130\306\145\012\170\127\362\306\043\017\001 -\331\040\113\336\017\373\222\205\165\052\134\163\215\155\173\045 -\221\312\356\105\256\006\113\000\314\323\261\131\120\332\072\210 -\073\051\103\106\136\227\053\124\316\123\157\215\112\347\226\372 -\277\161\016\102\213\174\375\050\240\320\110\312\332\304\201\114 -\273\242\163\223\046\310\353\014\326\046\210\266\300\044\317\273 -\275\133\353\165\175\351\010\216\206\063\054\171\167\011\151\245 -\211\374\263\160\220\207\166\217\323\042\273\102\316\275\163\013 -\040\046\052\320\233\075\160\036\044\154\315\207\166\251\027\226 -\267\317\015\222\373\216\030\251\230\111\321\236\376\140\104\162 -\041\271\031\355\302\365\061\361\071\110\210\220\044\165\124\026 -\255\316\364\370\151\024\144\071\373\243\270\272\160\100\307\047 -\034\277\304\126\123\372\143\145\320\363\034\016\026\365\153\206 -\130\115\030\324\344\015\216\245\235\133\221\334\166\044\120\077 -\306\052\373\331\267\234\265\326\346\320\331\350\031\213\025\161 -\110\255\267\352\330\131\210\324\220\277\026\263\331\351\254\131 -\141\124\310\034\272\312\301\312\341\271\040\114\217\072\223\211 -\245\240\314\277\323\366\165\244\165\226\155\126 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "TeliaSonera Root CA v1" -# Issuer: CN=TeliaSonera Root CA v1,O=TeliaSonera -# Serial Number:00:95:be:16:a0:f7:2e:46:f1:7b:39:82:72:fa:8b:cd:96 -# Subject: CN=TeliaSonera Root CA v1,O=TeliaSonera -# Not Valid Before: Thu Oct 18 12:00:50 2007 -# Not Valid After : Mon Oct 18 12:00:50 2032 -# Fingerprint (MD5): 37:41:49:1B:18:56:9A:26:F5:AD:C2:66:FB:40:A5:4C -# Fingerprint (SHA1): 43:13:BB:96:F1:D5:86:9B:C1:4E:6A:92:F6:CF:F6:34:69:87:82:37 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TeliaSonera Root CA v1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\103\023\273\226\361\325\206\233\301\116\152\222\366\317\366\064 -\151\207\202\067 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\067\101\111\033\030\126\232\046\365\255\302\146\373\100\245\114 -END -CKA_ISSUER MULTILINE_OCTAL -\060\067\061\024\060\022\006\003\125\004\012\014\013\124\145\154 -\151\141\123\157\156\145\162\141\061\037\060\035\006\003\125\004 -\003\014\026\124\145\154\151\141\123\157\156\145\162\141\040\122 -\157\157\164\040\103\101\040\166\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\225\276\026\240\367\056\106\361\173\071\202\162\372 -\213\315\226 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "E-Tugra Certification Authority" -# -# Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR -# Serial Number:6a:68:3e:9c:51:9b:cb:53 -# Subject: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR -# Not Valid Before: Tue Mar 05 12:09:48 2013 -# Not Valid After : Fri Mar 03 12:09:48 2023 -# Fingerprint (MD5): B8:A1:03:63:B0:BD:21:71:70:8A:6F:13:3A:BB:79:49 -# Fingerprint (SHA1): 51:C6:E7:08:49:06:6E:F3:92:D4:5C:A0:0D:6D:A3:62:8F:C3:52:39 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "E-Tugra Certification Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\262\061\013\060\011\006\003\125\004\006\023\002\124\122 -\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162 -\141\061\100\060\076\006\003\125\004\012\014\067\105\055\124\165 -\304\237\162\141\040\105\102\107\040\102\151\154\151\305\237\151 -\155\040\124\145\153\156\157\154\157\152\151\154\145\162\151\040 -\166\145\040\110\151\172\155\145\164\154\145\162\151\040\101\056 -\305\236\056\061\046\060\044\006\003\125\004\013\014\035\105\055 -\124\165\147\162\141\040\123\145\162\164\151\146\151\153\141\163 -\171\157\156\040\115\145\162\153\145\172\151\061\050\060\046\006 -\003\125\004\003\014\037\105\055\124\165\147\162\141\040\103\145 -\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150 -\157\162\151\164\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\262\061\013\060\011\006\003\125\004\006\023\002\124\122 -\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162 -\141\061\100\060\076\006\003\125\004\012\014\067\105\055\124\165 -\304\237\162\141\040\105\102\107\040\102\151\154\151\305\237\151 -\155\040\124\145\153\156\157\154\157\152\151\154\145\162\151\040 -\166\145\040\110\151\172\155\145\164\154\145\162\151\040\101\056 -\305\236\056\061\046\060\044\006\003\125\004\013\014\035\105\055 -\124\165\147\162\141\040\123\145\162\164\151\146\151\153\141\163 -\171\157\156\040\115\145\162\153\145\172\151\061\050\060\046\006 -\003\125\004\003\014\037\105\055\124\165\147\162\141\040\103\145 -\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150 -\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\152\150\076\234\121\233\313\123 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\006\113\060\202\004\063\240\003\002\001\002\002\010\152 -\150\076\234\121\233\313\123\060\015\006\011\052\206\110\206\367 -\015\001\001\013\005\000\060\201\262\061\013\060\011\006\003\125 -\004\006\023\002\124\122\061\017\060\015\006\003\125\004\007\014 -\006\101\156\153\141\162\141\061\100\060\076\006\003\125\004\012 -\014\067\105\055\124\165\304\237\162\141\040\105\102\107\040\102 -\151\154\151\305\237\151\155\040\124\145\153\156\157\154\157\152 -\151\154\145\162\151\040\166\145\040\110\151\172\155\145\164\154 -\145\162\151\040\101\056\305\236\056\061\046\060\044\006\003\125 -\004\013\014\035\105\055\124\165\147\162\141\040\123\145\162\164 -\151\146\151\153\141\163\171\157\156\040\115\145\162\153\145\172 -\151\061\050\060\046\006\003\125\004\003\014\037\105\055\124\165 -\147\162\141\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171\060\036\027\015\061 -\063\060\063\060\065\061\062\060\071\064\070\132\027\015\062\063 -\060\063\060\063\061\062\060\071\064\070\132\060\201\262\061\013 -\060\011\006\003\125\004\006\023\002\124\122\061\017\060\015\006 -\003\125\004\007\014\006\101\156\153\141\162\141\061\100\060\076 -\006\003\125\004\012\014\067\105\055\124\165\304\237\162\141\040 -\105\102\107\040\102\151\154\151\305\237\151\155\040\124\145\153 -\156\157\154\157\152\151\154\145\162\151\040\166\145\040\110\151 -\172\155\145\164\154\145\162\151\040\101\056\305\236\056\061\046 -\060\044\006\003\125\004\013\014\035\105\055\124\165\147\162\141 -\040\123\145\162\164\151\146\151\153\141\163\171\157\156\040\115 -\145\162\153\145\172\151\061\050\060\046\006\003\125\004\003\014 -\037\105\055\124\165\147\162\141\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 -\000\342\365\077\223\005\121\036\205\142\124\136\172\013\365\030 -\007\203\256\176\257\174\367\324\212\153\245\143\103\071\271\113 -\367\303\306\144\211\075\224\056\124\200\122\071\071\007\113\113 -\335\205\007\166\207\314\277\057\225\114\314\175\247\075\274\107 -\017\230\160\370\214\205\036\164\216\222\155\033\100\321\231\015 -\273\165\156\310\251\153\232\300\204\061\257\312\103\313\353\053 -\064\350\217\227\153\001\233\325\016\112\010\252\133\222\164\205 -\103\323\200\256\241\210\133\256\263\352\136\313\026\232\167\104 -\310\241\366\124\150\316\336\217\227\053\272\133\100\002\014\144 -\027\300\265\223\315\341\361\023\146\316\014\171\357\321\221\050 -\253\137\240\022\122\060\163\031\216\217\341\214\007\242\303\273 -\112\360\352\037\025\250\356\045\314\244\106\370\033\042\357\263 -\016\103\272\054\044\270\305\054\134\324\034\370\135\144\275\303 -\223\136\050\247\077\047\361\216\036\323\052\120\005\243\125\331 -\313\347\071\123\300\230\236\214\124\142\213\046\260\367\175\215 -\174\344\306\236\146\102\125\202\107\347\262\130\215\146\367\007 -\174\056\066\346\120\034\077\333\103\044\305\277\206\107\171\263 -\171\034\367\132\364\023\354\154\370\077\342\131\037\225\356\102 -\076\271\255\250\062\205\111\227\106\376\113\061\217\132\313\255 -\164\107\037\351\221\267\337\050\004\042\240\324\017\135\342\171 -\117\352\154\205\206\275\250\246\316\344\372\303\341\263\256\336 -\074\121\356\313\023\174\001\177\204\016\135\121\224\236\023\014 -\266\056\245\114\371\071\160\066\157\226\312\056\014\104\125\305 -\312\372\135\002\243\337\326\144\214\132\263\001\012\251\265\012 -\107\027\377\357\221\100\052\216\241\106\072\061\230\345\021\374 -\314\273\111\126\212\374\271\320\141\232\157\145\154\346\303\313 -\076\165\111\376\217\247\342\211\305\147\327\235\106\023\116\061 -\166\073\044\263\236\021\145\206\253\177\357\035\324\370\274\347 -\254\132\134\267\132\107\134\125\316\125\264\042\161\133\133\013 -\360\317\334\240\141\144\352\251\327\150\012\143\247\340\015\077 -\240\257\323\252\322\176\357\121\240\346\121\053\125\222\025\027 -\123\313\267\146\016\146\114\370\371\165\114\220\347\022\160\307 -\105\002\003\001\000\001\243\143\060\141\060\035\006\003\125\035 -\016\004\026\004\024\056\343\333\262\111\320\234\124\171\134\372 -\047\052\376\314\116\322\350\116\124\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\037\006\003\125\035 -\043\004\030\060\026\200\024\056\343\333\262\111\320\234\124\171 -\134\372\047\052\376\314\116\322\350\116\124\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\015\006\011\052 -\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\005 -\067\072\364\115\267\105\342\105\165\044\217\266\167\122\350\034 -\330\020\223\145\363\362\131\006\244\076\036\051\354\135\321\320 -\253\174\340\012\220\110\170\355\116\230\003\231\376\050\140\221 -\035\060\035\270\143\174\250\346\065\265\372\323\141\166\346\326 -\007\113\312\151\232\262\204\172\167\223\105\027\025\237\044\320 -\230\023\022\377\273\240\056\375\116\114\207\370\316\134\252\230 -\033\005\340\000\106\112\202\200\245\063\213\050\334\355\070\323 -\337\345\076\351\376\373\131\335\141\204\117\322\124\226\023\141 -\023\076\217\200\151\276\223\107\265\065\103\322\132\273\075\134 -\357\263\102\107\315\073\125\023\006\260\011\333\375\143\366\072 -\210\012\231\157\176\341\316\033\123\152\104\146\043\121\010\173 -\274\133\122\242\375\006\067\070\100\141\217\112\226\270\220\067 -\370\146\307\170\220\000\025\056\213\255\121\065\123\007\250\153 -\150\256\371\116\074\007\046\315\010\005\160\314\071\077\166\275 -\245\323\147\046\001\206\246\123\322\140\073\174\103\177\125\212 -\274\225\032\301\050\071\114\037\103\322\221\364\162\131\212\271 -\126\374\077\264\235\332\160\234\166\132\214\103\120\356\216\060 -\162\115\337\377\111\367\306\251\147\331\155\254\002\021\342\072 -\026\045\247\130\010\313\157\123\101\234\110\070\107\150\063\321 -\327\307\217\324\164\041\324\303\005\220\172\377\316\226\210\261 -\025\051\135\043\253\320\140\241\022\117\336\364\027\315\062\345 -\311\277\310\103\255\375\056\216\361\257\342\364\230\372\022\037 -\040\330\300\247\014\205\305\220\364\073\055\226\046\261\054\276 -\114\253\353\261\322\212\311\333\170\023\017\036\011\235\155\217 -\000\237\002\332\301\372\037\172\172\011\304\112\346\210\052\227 -\237\211\213\375\067\137\137\072\316\070\131\206\113\257\161\013 -\264\330\362\160\117\237\062\023\343\260\247\127\345\332\332\103 -\313\204\064\362\050\304\352\155\364\052\357\301\153\166\332\373 -\176\273\205\074\322\123\302\115\276\161\341\105\321\375\043\147 -\015\023\165\373\317\145\147\042\235\256\260\011\321\011\377\035 -\064\277\376\043\227\067\322\071\372\075\015\006\013\264\333\073 -\243\253\157\134\035\266\176\350\263\202\064\355\006\134\044 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "E-Tugra Certification Authority" -# Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR -# Serial Number:6a:68:3e:9c:51:9b:cb:53 -# Subject: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR -# Not Valid Before: Tue Mar 05 12:09:48 2013 -# Not Valid After : Fri Mar 03 12:09:48 2023 -# Fingerprint (MD5): B8:A1:03:63:B0:BD:21:71:70:8A:6F:13:3A:BB:79:49 -# Fingerprint (SHA1): 51:C6:E7:08:49:06:6E:F3:92:D4:5C:A0:0D:6D:A3:62:8F:C3:52:39 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "E-Tugra Certification Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\121\306\347\010\111\006\156\363\222\324\134\240\015\155\243\142 -\217\303\122\071 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\270\241\003\143\260\275\041\161\160\212\157\023\072\273\171\111 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\262\061\013\060\011\006\003\125\004\006\023\002\124\122 -\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162 -\141\061\100\060\076\006\003\125\004\012\014\067\105\055\124\165 -\304\237\162\141\040\105\102\107\040\102\151\154\151\305\237\151 -\155\040\124\145\153\156\157\154\157\152\151\154\145\162\151\040 -\166\145\040\110\151\172\155\145\164\154\145\162\151\040\101\056 -\305\236\056\061\046\060\044\006\003\125\004\013\014\035\105\055 -\124\165\147\162\141\040\123\145\162\164\151\146\151\153\141\163 -\171\157\156\040\115\145\162\153\145\172\151\061\050\060\046\006 -\003\125\004\003\014\037\105\055\124\165\147\162\141\040\103\145 -\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150 -\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\152\150\076\234\121\233\313\123 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "T-TeleSec GlobalRoot Class 2" -# -# Issuer: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE -# Serial Number: 1 (0x1) -# Subject: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE -# Not Valid Before: Wed Oct 01 10:40:14 2008 -# Not Valid After : Sat Oct 01 23:59:59 2033 -# Fingerprint (MD5): 2B:9B:9E:E4:7B:6C:1F:00:72:1A:CC:C1:77:79:DF:6A -# Fingerprint (SHA1): 59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163 -\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040 -\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060 -\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155 -\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045 -\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123 -\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154 -\141\163\163\040\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163 -\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040 -\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060 -\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155 -\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045 -\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123 -\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154 -\141\163\163\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\303\060\202\002\253\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163\164 -\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040\123 -\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060\035 -\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155\163 -\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045\060 -\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123\145 -\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154\141 -\163\163\040\062\060\036\027\015\060\070\061\060\060\061\061\060 -\064\060\061\064\132\027\015\063\063\061\060\060\061\062\063\065 -\071\065\071\132\060\201\202\061\013\060\011\006\003\125\004\006 -\023\002\104\105\061\053\060\051\006\003\125\004\012\014\042\124 -\055\123\171\163\164\145\155\163\040\105\156\164\145\162\160\162 -\151\163\145\040\123\145\162\166\151\143\145\163\040\107\155\142 -\110\061\037\060\035\006\003\125\004\013\014\026\124\055\123\171 -\163\164\145\155\163\040\124\162\165\163\164\040\103\145\156\164 -\145\162\061\045\060\043\006\003\125\004\003\014\034\124\055\124 -\145\154\145\123\145\143\040\107\154\157\142\141\154\122\157\157 -\164\040\103\154\141\163\163\040\062\060\202\001\042\060\015\006 -\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017 -\000\060\202\001\012\002\202\001\001\000\252\137\332\033\137\350 -\163\221\345\332\134\364\242\346\107\345\363\150\125\140\005\035 -\002\244\263\233\131\363\036\212\257\064\255\374\015\302\331\110 -\031\356\151\217\311\040\374\041\252\007\031\355\260\134\254\145 -\307\137\355\002\174\173\174\055\033\326\272\271\200\302\030\202 -\026\204\372\146\260\010\306\124\043\201\344\315\271\111\077\366 -\117\156\067\110\050\070\017\305\276\347\150\160\375\071\227\115 -\322\307\230\221\120\252\304\104\263\043\175\071\107\351\122\142 -\326\022\223\136\267\061\226\102\005\373\166\247\036\243\365\302 -\374\351\172\305\154\251\161\117\352\313\170\274\140\257\307\336 -\364\331\313\276\176\063\245\156\224\203\360\064\372\041\253\352 -\216\162\240\077\244\336\060\133\357\206\115\152\225\133\103\104 -\250\020\025\034\345\001\127\305\230\361\346\006\050\221\252\040 -\305\267\123\046\121\103\262\013\021\225\130\341\300\017\166\331 -\300\215\174\201\363\162\160\236\157\376\032\216\331\137\065\306 -\262\157\064\174\276\110\117\342\132\071\327\330\235\170\236\237 -\206\076\003\136\031\213\104\242\325\307\002\003\001\000\001\243 -\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004 -\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\277 -\131\040\066\000\171\240\240\042\153\214\325\362\141\322\270\054 -\313\202\112\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\003\202\001\001\000\061\003\242\141\013\037\164\350\162 -\066\306\155\371\115\236\372\042\250\341\201\126\317\315\273\237 -\352\253\221\031\070\257\252\174\025\115\363\266\243\215\245\364 -\216\366\104\251\247\350\041\225\255\076\000\142\026\210\360\002 -\272\374\141\043\346\063\233\060\172\153\066\142\173\255\004\043 -\204\130\145\342\333\053\212\347\045\123\067\142\123\137\274\332 -\001\142\051\242\246\047\161\346\072\042\176\301\157\035\225\160 -\040\112\007\064\337\352\377\025\200\345\272\327\172\330\133\165 -\174\005\172\051\107\176\100\250\061\023\167\315\100\073\264\121 -\107\172\056\021\343\107\021\336\235\146\320\213\325\124\146\372 -\203\125\352\174\302\051\211\033\351\157\263\316\342\005\204\311 -\057\076\170\205\142\156\311\137\301\170\143\164\130\300\110\030 -\014\231\071\353\244\314\032\265\171\132\215\025\234\330\024\015 -\366\172\007\127\307\042\203\005\055\074\233\045\046\075\030\263 -\251\103\174\310\310\253\144\217\016\243\277\234\033\235\060\333 -\332\320\031\056\252\074\361\373\063\200\166\344\315\255\031\117 -\005\047\216\023\241\156\302 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "T-TeleSec GlobalRoot Class 2" -# Issuer: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE -# Serial Number: 1 (0x1) -# Subject: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE -# Not Valid Before: Wed Oct 01 10:40:14 2008 -# Not Valid After : Sat Oct 01 23:59:59 2033 -# Fingerprint (MD5): 2B:9B:9E:E4:7B:6C:1F:00:72:1A:CC:C1:77:79:DF:6A -# Fingerprint (SHA1): 59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\131\015\055\175\210\117\100\056\141\176\245\142\062\027\145\317 -\027\330\224\351 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\053\233\236\344\173\154\037\000\162\032\314\301\167\171\337\152 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163 -\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040 -\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060 -\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155 -\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045 -\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123 -\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154 -\141\163\163\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Atos TrustedRoot 2011" -# -# Issuer: C=DE,O=Atos,CN=Atos TrustedRoot 2011 -# Serial Number:5c:33:cb:62:2c:5f:b3:32 -# Subject: C=DE,O=Atos,CN=Atos TrustedRoot 2011 -# Not Valid Before: Thu Jul 07 14:58:30 2011 -# Not Valid After : Tue Dec 31 23:59:59 2030 -# Fingerprint (MD5): AE:B9:C4:32:4B:AC:7F:5D:66:CC:77:94:BB:2A:77:56 -# Fingerprint (SHA1): 2B:B1:F5:3E:55:0C:1D:C5:F1:D4:E6:B7:6A:46:4B:55:06:02:AC:21 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Atos TrustedRoot 2011" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\074\061\036\060\034\006\003\125\004\003\014\025\101\164\157 -\163\040\124\162\165\163\164\145\144\122\157\157\164\040\062\060 -\061\061\061\015\060\013\006\003\125\004\012\014\004\101\164\157 -\163\061\013\060\011\006\003\125\004\006\023\002\104\105 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\074\061\036\060\034\006\003\125\004\003\014\025\101\164\157 -\163\040\124\162\165\163\164\145\144\122\157\157\164\040\062\060 -\061\061\061\015\060\013\006\003\125\004\012\014\004\101\164\157 -\163\061\013\060\011\006\003\125\004\006\023\002\104\105 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\134\063\313\142\054\137\263\062 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\167\060\202\002\137\240\003\002\001\002\002\010\134 -\063\313\142\054\137\263\062\060\015\006\011\052\206\110\206\367 -\015\001\001\013\005\000\060\074\061\036\060\034\006\003\125\004 -\003\014\025\101\164\157\163\040\124\162\165\163\164\145\144\122 -\157\157\164\040\062\060\061\061\061\015\060\013\006\003\125\004 -\012\014\004\101\164\157\163\061\013\060\011\006\003\125\004\006 -\023\002\104\105\060\036\027\015\061\061\060\067\060\067\061\064 -\065\070\063\060\132\027\015\063\060\061\062\063\061\062\063\065 -\071\065\071\132\060\074\061\036\060\034\006\003\125\004\003\014 -\025\101\164\157\163\040\124\162\165\163\164\145\144\122\157\157 -\164\040\062\060\061\061\061\015\060\013\006\003\125\004\012\014 -\004\101\164\157\163\061\013\060\011\006\003\125\004\006\023\002 -\104\105\060\202\001\042\060\015\006\011\052\206\110\206\367\015 -\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202 -\001\001\000\225\205\073\227\157\052\073\056\073\317\246\363\051 -\065\276\317\030\254\076\252\331\370\115\240\076\032\107\271\274 -\232\337\362\376\314\076\107\350\172\226\302\044\216\065\364\251 -\014\374\202\375\155\301\162\142\047\275\352\153\353\347\212\314 -\124\076\220\120\317\200\324\225\373\350\265\202\324\024\305\266 -\251\125\045\127\333\261\120\366\260\140\144\131\172\151\317\003 -\267\157\015\276\312\076\157\164\162\352\252\060\052\163\142\276 -\111\221\141\310\021\376\016\003\052\367\152\040\334\002\025\015 -\136\025\152\374\343\202\301\265\305\235\144\011\154\243\131\230 -\007\047\307\033\226\053\141\164\161\154\103\361\367\065\211\020 -\340\236\354\125\241\067\042\242\207\004\005\054\107\175\264\034 -\271\142\051\146\050\312\267\341\223\365\244\224\003\231\271\160 -\205\265\346\110\352\215\120\374\331\336\314\157\007\016\335\013 -\162\235\200\060\026\007\225\077\050\016\375\305\165\117\123\326 -\164\232\264\044\056\216\002\221\317\166\305\233\036\125\164\234 -\170\041\261\360\055\361\013\237\302\325\226\030\037\360\124\042 -\172\214\007\002\003\001\000\001\243\175\060\173\060\035\006\003 -\125\035\016\004\026\004\024\247\245\006\261\054\246\011\140\356 -\321\227\351\160\256\274\073\031\154\333\041\060\017\006\003\125 -\035\023\001\001\377\004\005\060\003\001\001\377\060\037\006\003 -\125\035\043\004\030\060\026\200\024\247\245\006\261\054\246\011 -\140\356\321\227\351\160\256\274\073\031\154\333\041\060\030\006 -\003\125\035\040\004\021\060\017\060\015\006\013\053\006\001\004 -\001\260\055\003\004\001\001\060\016\006\003\125\035\017\001\001 -\377\004\004\003\002\001\206\060\015\006\011\052\206\110\206\367 -\015\001\001\013\005\000\003\202\001\001\000\046\167\064\333\224 -\110\206\052\101\235\054\076\006\220\140\304\214\254\013\124\270 -\037\271\173\323\007\071\344\372\076\173\262\075\116\355\237\043 -\275\227\363\153\134\357\356\375\100\246\337\241\223\241\012\206 -\254\357\040\320\171\001\275\170\367\031\330\044\061\064\004\001 -\246\272\025\232\303\047\334\330\117\017\314\030\143\377\231\017 -\016\221\153\165\026\341\041\374\330\046\307\107\267\246\317\130 -\162\161\176\272\341\115\225\107\073\311\257\155\241\264\301\354 -\211\366\264\017\070\265\342\144\334\045\317\246\333\353\232\134 -\231\241\305\010\336\375\346\332\325\326\132\105\014\304\267\302 -\265\024\357\264\021\377\016\025\265\365\365\333\306\275\353\132 -\247\360\126\042\251\074\145\124\306\025\250\275\206\236\315\203 -\226\150\172\161\201\211\341\013\341\352\021\033\150\010\314\151 -\236\354\236\101\236\104\062\046\172\342\207\012\161\075\353\344 -\132\244\322\333\305\315\306\336\140\177\271\363\117\104\222\357 -\052\267\030\076\247\031\331\013\175\261\067\101\102\260\272\140 -\035\362\376\011\021\260\360\207\173\247\235 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Atos TrustedRoot 2011" -# Issuer: C=DE,O=Atos,CN=Atos TrustedRoot 2011 -# Serial Number:5c:33:cb:62:2c:5f:b3:32 -# Subject: C=DE,O=Atos,CN=Atos TrustedRoot 2011 -# Not Valid Before: Thu Jul 07 14:58:30 2011 -# Not Valid After : Tue Dec 31 23:59:59 2030 -# Fingerprint (MD5): AE:B9:C4:32:4B:AC:7F:5D:66:CC:77:94:BB:2A:77:56 -# Fingerprint (SHA1): 2B:B1:F5:3E:55:0C:1D:C5:F1:D4:E6:B7:6A:46:4B:55:06:02:AC:21 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Atos TrustedRoot 2011" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\053\261\365\076\125\014\035\305\361\324\346\267\152\106\113\125 -\006\002\254\041 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\256\271\304\062\113\254\177\135\146\314\167\224\273\052\167\126 -END -CKA_ISSUER MULTILINE_OCTAL -\060\074\061\036\060\034\006\003\125\004\003\014\025\101\164\157 -\163\040\124\162\165\163\164\145\144\122\157\157\164\040\062\060 -\061\061\061\015\060\013\006\003\125\004\012\014\004\101\164\157 -\163\061\013\060\011\006\003\125\004\006\023\002\104\105 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\134\063\313\142\054\137\263\062 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "QuoVadis Root CA 1 G3" -# -# Issuer: CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM -# Serial Number:78:58:5f:2e:ad:2c:19:4b:e3:37:07:35:34:13:28:b5:96:d4:65:93 -# Subject: CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM -# Not Valid Before: Thu Jan 12 17:27:44 2012 -# Not Valid After : Sun Jan 12 17:27:44 2042 -# Fingerprint (SHA-256): 8A:86:6F:D1:B2:76:B5:7E:57:8E:92:1C:65:82:8A:2B:ED:58:E9:F2:F2:88:05:41:34:B7:F1:F4:BF:C9:CC:74 -# Fingerprint (SHA1): 1B:8E:EA:57:96:29:1A:C9:39:EA:B8:0A:81:1A:73:73:C0:93:79:67 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "QuoVadis Root CA 1 G3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\110\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\036\060\034\006\003 -\125\004\003\023\025\121\165\157\126\141\144\151\163\040\122\157 -\157\164\040\103\101\040\061\040\107\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\110\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\036\060\034\006\003 -\125\004\003\023\025\121\165\157\126\141\144\151\163\040\122\157 -\157\164\040\103\101\040\061\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\024\170\130\137\056\255\054\031\113\343\067\007\065\064\023 -\050\265\226\324\145\223 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\140\060\202\003\110\240\003\002\001\002\002\024\170 -\130\137\056\255\054\031\113\343\067\007\065\064\023\050\265\226 -\324\145\223\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\060\110\061\013\060\011\006\003\125\004\006\023\002\102 -\115\061\031\060\027\006\003\125\004\012\023\020\121\165\157\126 -\141\144\151\163\040\114\151\155\151\164\145\144\061\036\060\034 -\006\003\125\004\003\023\025\121\165\157\126\141\144\151\163\040 -\122\157\157\164\040\103\101\040\061\040\107\063\060\036\027\015 -\061\062\060\061\061\062\061\067\062\067\064\064\132\027\015\064 -\062\060\061\061\062\061\067\062\067\064\064\132\060\110\061\013 -\060\011\006\003\125\004\006\023\002\102\115\061\031\060\027\006 -\003\125\004\012\023\020\121\165\157\126\141\144\151\163\040\114 -\151\155\151\164\145\144\061\036\060\034\006\003\125\004\003\023 -\025\121\165\157\126\141\144\151\163\040\122\157\157\164\040\103 -\101\040\061\040\107\063\060\202\002\042\060\015\006\011\052\206 -\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202 -\002\012\002\202\002\001\000\240\276\120\020\216\351\362\154\100 -\264\004\234\205\271\061\312\334\055\344\021\251\004\074\033\125 -\301\347\130\060\035\044\264\303\357\205\336\214\054\341\301\075 -\337\202\346\117\255\107\207\154\354\133\111\301\112\325\273\217 -\354\207\254\177\202\232\206\354\075\003\231\122\001\322\065\236 -\254\332\360\123\311\146\074\324\254\002\001\332\044\323\073\250 -\002\106\257\244\034\343\370\163\130\166\267\366\016\220\015\265 -\360\317\314\372\371\306\114\345\303\206\060\012\215\027\176\065 -\353\305\337\273\016\234\300\215\207\343\210\070\205\147\372\076 -\307\253\340\023\234\005\030\230\317\223\365\261\222\264\374\043 -\323\317\325\304\047\111\340\236\074\233\010\243\213\135\052\041 -\340\374\071\252\123\332\175\176\317\032\011\123\274\135\005\004 -\317\241\112\217\213\166\202\015\241\370\322\307\024\167\133\220 -\066\007\201\233\076\006\372\122\136\143\305\246\000\376\245\351 -\122\033\122\265\222\071\162\003\011\142\275\260\140\026\156\246 -\335\045\302\003\146\335\363\004\321\100\342\116\213\206\364\157 -\345\203\240\047\204\136\004\301\365\220\275\060\075\304\357\250 -\151\274\070\233\244\244\226\321\142\332\151\300\001\226\256\313 -\304\121\064\352\014\252\377\041\216\131\217\112\134\344\141\232 -\247\322\351\052\170\215\121\075\072\025\356\242\131\216\251\134 -\336\305\371\220\042\345\210\105\161\335\221\231\154\172\237\075 -\075\230\174\136\366\276\026\150\240\136\256\013\043\374\132\017 -\252\042\166\055\311\241\020\035\344\323\104\043\220\210\237\306 -\052\346\327\365\232\263\130\036\057\060\211\010\033\124\242\265 -\230\043\354\010\167\034\225\135\141\321\313\211\234\137\242\112 -\221\232\357\041\252\111\026\010\250\275\141\050\061\311\164\255 -\205\366\331\305\261\213\321\345\020\062\115\137\213\040\072\074 -\111\037\063\205\131\015\333\313\011\165\103\151\163\373\153\161 -\175\360\337\304\114\175\306\243\056\310\225\171\313\163\242\216 -\116\115\044\373\136\344\004\276\162\033\246\047\055\111\132\231 -\172\327\134\011\040\267\177\224\271\117\361\015\034\136\210\102 -\033\021\267\347\221\333\236\154\364\152\337\214\006\230\003\255 -\314\050\357\245\107\363\123\002\003\001\000\001\243\102\060\100 -\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 -\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 -\006\060\035\006\003\125\035\016\004\026\004\024\243\227\326\363 -\136\242\020\341\253\105\237\074\027\144\074\356\001\160\234\314 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003 -\202\002\001\000\030\372\133\165\374\076\172\307\137\167\307\312 -\337\317\137\303\022\304\100\135\324\062\252\270\152\327\325\025 -\025\106\230\043\245\346\220\133\030\231\114\343\255\102\243\202 -\061\066\210\315\351\373\304\004\226\110\213\001\307\215\001\317 -\133\063\006\226\106\146\164\035\117\355\301\266\271\264\015\141 -\314\143\176\327\056\167\214\226\034\052\043\150\153\205\127\166 -\160\063\023\376\341\117\246\043\167\030\372\032\214\350\275\145 -\311\317\077\364\311\027\334\353\307\274\300\004\056\055\106\057 -\151\146\303\033\217\376\354\076\323\312\224\277\166\012\045\015 -\251\173\002\034\251\320\073\137\013\300\201\072\075\144\341\277 -\247\055\116\275\115\304\330\051\306\042\030\320\305\254\162\002 -\202\077\252\072\242\072\042\227\061\335\010\143\303\165\024\271 -\140\050\055\133\150\340\026\251\146\202\043\121\365\353\123\330 -\061\233\173\351\267\235\113\353\210\026\317\371\135\070\212\111 -\060\217\355\361\353\031\364\167\032\061\030\115\147\124\154\057 -\157\145\371\333\075\354\041\354\136\364\364\213\312\140\145\124 -\321\161\144\364\371\246\243\201\063\066\063\161\360\244\170\137 -\116\255\203\041\336\064\111\215\350\131\254\235\362\166\132\066 -\362\023\364\257\340\011\307\141\052\154\367\340\235\256\273\206 -\112\050\157\056\356\264\171\315\220\063\303\263\166\372\365\360 -\154\235\001\220\372\236\220\366\234\162\317\107\332\303\037\344 -\065\040\123\362\124\321\337\141\203\246\002\342\045\070\336\205 -\062\055\136\163\220\122\135\102\304\316\075\113\341\371\031\204 -\035\325\242\120\314\101\373\101\024\303\275\326\311\132\243\143 -\146\002\200\275\005\072\073\107\234\354\000\046\114\365\210\121 -\277\250\043\177\030\007\260\013\355\213\046\241\144\323\141\112 -\353\134\237\336\263\257\147\003\263\037\335\155\135\151\150\151 -\253\136\072\354\174\151\274\307\073\205\116\236\025\271\264\025 -\117\303\225\172\130\327\311\154\351\154\271\363\051\143\136\264 -\054\360\055\075\355\132\145\340\251\133\100\302\110\231\201\155 -\236\037\006\052\074\022\264\213\017\233\242\044\360\246\215\326 -\172\340\113\266\144\226\143\225\204\302\112\315\034\056\044\207 -\063\140\345\303 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "QuoVadis Root CA 1 G3" -# Issuer: CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM -# Serial Number:78:58:5f:2e:ad:2c:19:4b:e3:37:07:35:34:13:28:b5:96:d4:65:93 -# Subject: CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM -# Not Valid Before: Thu Jan 12 17:27:44 2012 -# Not Valid After : Sun Jan 12 17:27:44 2042 -# Fingerprint (SHA-256): 8A:86:6F:D1:B2:76:B5:7E:57:8E:92:1C:65:82:8A:2B:ED:58:E9:F2:F2:88:05:41:34:B7:F1:F4:BF:C9:CC:74 -# Fingerprint (SHA1): 1B:8E:EA:57:96:29:1A:C9:39:EA:B8:0A:81:1A:73:73:C0:93:79:67 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "QuoVadis Root CA 1 G3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\033\216\352\127\226\051\032\311\071\352\270\012\201\032\163\163 -\300\223\171\147 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\244\274\133\077\376\067\232\372\144\360\342\372\005\075\013\253 -END -CKA_ISSUER MULTILINE_OCTAL -\060\110\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\036\060\034\006\003 -\125\004\003\023\025\121\165\157\126\141\144\151\163\040\122\157 -\157\164\040\103\101\040\061\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\024\170\130\137\056\255\054\031\113\343\067\007\065\064\023 -\050\265\226\324\145\223 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "QuoVadis Root CA 2 G3" -# -# Issuer: CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM -# Serial Number:44:57:34:24:5b:81:89:9b:35:f2:ce:b8:2b:3b:5b:a7:26:f0:75:28 -# Subject: CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM -# Not Valid Before: Thu Jan 12 18:59:32 2012 -# Not Valid After : Sun Jan 12 18:59:32 2042 -# Fingerprint (SHA-256): 8F:E4:FB:0A:F9:3A:4D:0D:67:DB:0B:EB:B2:3E:37:C7:1B:F3:25:DC:BC:DD:24:0E:A0:4D:AF:58:B4:7E:18:40 -# Fingerprint (SHA1): 09:3C:61:F3:8B:8B:DC:7D:55:DF:75:38:02:05:00:E1:25:F5:C8:36 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "QuoVadis Root CA 2 G3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\110\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\036\060\034\006\003 -\125\004\003\023\025\121\165\157\126\141\144\151\163\040\122\157 -\157\164\040\103\101\040\062\040\107\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\110\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\036\060\034\006\003 -\125\004\003\023\025\121\165\157\126\141\144\151\163\040\122\157 -\157\164\040\103\101\040\062\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\024\104\127\064\044\133\201\211\233\065\362\316\270\053\073 -\133\247\046\360\165\050 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\140\060\202\003\110\240\003\002\001\002\002\024\104 -\127\064\044\133\201\211\233\065\362\316\270\053\073\133\247\046 -\360\165\050\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\060\110\061\013\060\011\006\003\125\004\006\023\002\102 -\115\061\031\060\027\006\003\125\004\012\023\020\121\165\157\126 -\141\144\151\163\040\114\151\155\151\164\145\144\061\036\060\034 -\006\003\125\004\003\023\025\121\165\157\126\141\144\151\163\040 -\122\157\157\164\040\103\101\040\062\040\107\063\060\036\027\015 -\061\062\060\061\061\062\061\070\065\071\063\062\132\027\015\064 -\062\060\061\061\062\061\070\065\071\063\062\132\060\110\061\013 -\060\011\006\003\125\004\006\023\002\102\115\061\031\060\027\006 -\003\125\004\012\023\020\121\165\157\126\141\144\151\163\040\114 -\151\155\151\164\145\144\061\036\060\034\006\003\125\004\003\023 -\025\121\165\157\126\141\144\151\163\040\122\157\157\164\040\103 -\101\040\062\040\107\063\060\202\002\042\060\015\006\011\052\206 -\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202 -\002\012\002\202\002\001\000\241\256\045\262\001\030\334\127\210 -\077\106\353\371\257\342\353\043\161\342\232\321\141\146\041\137 -\252\257\047\121\345\156\033\026\324\055\175\120\260\123\167\275 -\170\072\140\342\144\002\233\174\206\233\326\032\216\255\377\037 -\025\177\325\225\036\022\313\346\024\204\004\301\337\066\263\026 -\237\212\343\311\333\230\064\316\330\063\027\050\106\374\247\311 -\360\322\264\325\115\011\162\111\371\362\207\343\251\332\175\241 -\175\153\262\072\045\251\155\122\104\254\370\276\156\373\334\246 -\163\221\220\141\246\003\024\040\362\347\207\243\210\255\255\240 -\214\377\246\013\045\122\045\347\026\001\325\313\270\065\201\014 -\243\073\360\341\341\374\132\135\316\200\161\155\370\111\253\076 -\073\272\270\327\200\001\373\245\353\133\263\305\136\140\052\061 -\240\257\067\350\040\072\237\250\062\054\014\314\011\035\323\236 -\216\135\274\114\230\356\305\032\150\173\354\123\246\351\024\065 -\243\337\315\200\237\014\110\373\034\364\361\277\112\270\372\325 -\214\161\112\307\037\255\376\101\232\263\203\135\362\204\126\357 -\245\127\103\316\051\255\214\253\125\277\304\373\133\001\335\043 -\041\241\130\000\216\303\320\152\023\355\023\343\022\053\200\334 -\147\346\225\262\315\036\042\156\052\370\101\324\362\312\024\007 -\215\212\125\022\306\151\365\270\206\150\057\123\136\260\322\252 -\041\301\230\346\060\343\147\125\307\233\156\254\031\250\125\246 -\105\006\320\043\072\333\353\145\135\052\021\021\360\073\117\312 -\155\364\064\304\161\344\377\000\132\366\134\256\043\140\205\163 -\361\344\020\261\045\256\325\222\273\023\301\014\340\071\332\264 -\071\127\265\253\065\252\162\041\073\203\065\347\061\337\172\041 -\156\270\062\010\175\035\062\221\025\112\142\162\317\343\167\241 -\274\325\021\033\166\001\147\010\340\101\013\303\353\025\156\370 -\244\031\331\242\253\257\342\047\122\126\053\002\212\054\024\044 -\371\277\102\002\277\046\310\306\217\340\156\070\175\123\055\345 -\355\230\263\225\143\150\177\371\065\364\337\210\305\140\065\222 -\300\174\151\034\141\225\026\320\353\336\013\257\076\004\020\105 -\145\130\120\070\257\110\362\131\266\026\362\074\015\220\002\306 -\160\056\001\255\074\025\327\002\003\001\000\001\243\102\060\100 -\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 -\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 -\006\060\035\006\003\125\035\016\004\026\004\024\355\347\157\166 -\132\277\140\354\111\133\306\245\167\273\162\026\161\233\304\075 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003 -\202\002\001\000\221\337\200\077\103\011\176\161\302\367\353\263 -\210\217\341\121\262\274\075\165\371\050\135\310\274\231\233\173 -\135\252\345\312\341\012\367\350\262\323\237\335\147\061\176\272 -\001\252\307\152\101\073\220\324\010\134\262\140\152\220\360\310 -\316\003\142\371\213\355\373\156\052\334\006\115\074\051\017\211 -\026\212\130\114\110\017\350\204\141\352\074\162\246\167\344\102 -\256\210\243\103\130\171\176\256\312\245\123\015\251\075\160\275 -\040\031\141\244\154\070\374\103\062\341\301\107\377\370\354\361 -\021\042\062\226\234\302\366\133\151\226\173\040\014\103\101\232 -\133\366\131\031\210\336\125\210\067\121\013\170\134\012\036\243 -\102\375\307\235\210\017\300\362\170\002\044\124\223\257\211\207 -\210\311\112\200\035\352\320\156\076\141\056\066\273\065\016\047 -\226\375\146\064\073\141\162\163\361\026\134\107\006\124\111\000 -\172\130\022\260\012\357\205\375\261\270\063\165\152\223\034\022 -\346\140\136\157\035\177\311\037\043\313\204\141\237\036\202\104 -\371\137\255\142\125\044\232\122\230\355\121\347\241\176\227\072 -\346\057\037\021\332\123\200\054\205\236\253\065\020\333\042\137 -\152\305\136\227\123\362\062\002\011\060\243\130\360\015\001\325 -\162\306\261\174\151\173\303\365\066\105\314\141\156\136\114\224 -\305\136\256\350\016\136\213\277\367\315\340\355\241\016\033\063 -\356\124\030\376\017\276\357\176\204\153\103\343\160\230\333\135 -\165\262\015\131\007\205\025\043\071\326\361\337\251\046\017\326 -\110\307\263\246\042\365\063\067\132\225\107\237\173\272\030\025 -\157\377\326\024\144\203\111\322\012\147\041\333\017\065\143\140 -\050\042\343\261\225\203\315\205\246\335\057\017\347\147\122\156 -\273\057\205\174\365\112\163\347\305\076\300\275\041\022\005\077 -\374\267\003\111\002\133\310\045\346\342\124\070\365\171\207\214 -\035\123\262\116\205\173\006\070\307\054\370\370\260\162\215\045 -\345\167\122\364\003\034\110\246\120\137\210\040\060\156\362\202 -\103\253\075\227\204\347\123\373\041\301\117\017\042\232\206\270 -\131\052\366\107\075\031\210\055\350\205\341\236\354\205\010\152 -\261\154\064\311\035\354\110\053\073\170\355\146\304\216\171\151 -\203\336\177\214 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "QuoVadis Root CA 2 G3" -# Issuer: CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM -# Serial Number:44:57:34:24:5b:81:89:9b:35:f2:ce:b8:2b:3b:5b:a7:26:f0:75:28 -# Subject: CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM -# Not Valid Before: Thu Jan 12 18:59:32 2012 -# Not Valid After : Sun Jan 12 18:59:32 2042 -# Fingerprint (SHA-256): 8F:E4:FB:0A:F9:3A:4D:0D:67:DB:0B:EB:B2:3E:37:C7:1B:F3:25:DC:BC:DD:24:0E:A0:4D:AF:58:B4:7E:18:40 -# Fingerprint (SHA1): 09:3C:61:F3:8B:8B:DC:7D:55:DF:75:38:02:05:00:E1:25:F5:C8:36 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "QuoVadis Root CA 2 G3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\011\074\141\363\213\213\334\175\125\337\165\070\002\005\000\341 -\045\365\310\066 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\257\014\206\156\277\100\055\177\013\076\022\120\272\022\075\006 -END -CKA_ISSUER MULTILINE_OCTAL -\060\110\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\036\060\034\006\003 -\125\004\003\023\025\121\165\157\126\141\144\151\163\040\122\157 -\157\164\040\103\101\040\062\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\024\104\127\064\044\133\201\211\233\065\362\316\270\053\073 -\133\247\046\360\165\050 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "QuoVadis Root CA 3 G3" -# -# Issuer: CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM -# Serial Number:2e:f5:9b:02:28:a7:db:7a:ff:d5:a3:a9:ee:bd:03:a0:cf:12:6a:1d -# Subject: CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM -# Not Valid Before: Thu Jan 12 20:26:32 2012 -# Not Valid After : Sun Jan 12 20:26:32 2042 -# Fingerprint (SHA-256): 88:EF:81:DE:20:2E:B0:18:45:2E:43:F8:64:72:5C:EA:5F:BD:1F:C2:D9:D2:05:73:07:09:C5:D8:B8:69:0F:46 -# Fingerprint (SHA1): 48:12:BD:92:3C:A8:C4:39:06:E7:30:6D:27:96:E6:A4:CF:22:2E:7D -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "QuoVadis Root CA 3 G3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\110\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\036\060\034\006\003 -\125\004\003\023\025\121\165\157\126\141\144\151\163\040\122\157 -\157\164\040\103\101\040\063\040\107\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\110\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\036\060\034\006\003 -\125\004\003\023\025\121\165\157\126\141\144\151\163\040\122\157 -\157\164\040\103\101\040\063\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\024\056\365\233\002\050\247\333\172\377\325\243\251\356\275 -\003\240\317\022\152\035 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\140\060\202\003\110\240\003\002\001\002\002\024\056 -\365\233\002\050\247\333\172\377\325\243\251\356\275\003\240\317 -\022\152\035\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\060\110\061\013\060\011\006\003\125\004\006\023\002\102 -\115\061\031\060\027\006\003\125\004\012\023\020\121\165\157\126 -\141\144\151\163\040\114\151\155\151\164\145\144\061\036\060\034 -\006\003\125\004\003\023\025\121\165\157\126\141\144\151\163\040 -\122\157\157\164\040\103\101\040\063\040\107\063\060\036\027\015 -\061\062\060\061\061\062\062\060\062\066\063\062\132\027\015\064 -\062\060\061\061\062\062\060\062\066\063\062\132\060\110\061\013 -\060\011\006\003\125\004\006\023\002\102\115\061\031\060\027\006 -\003\125\004\012\023\020\121\165\157\126\141\144\151\163\040\114 -\151\155\151\164\145\144\061\036\060\034\006\003\125\004\003\023 -\025\121\165\157\126\141\144\151\163\040\122\157\157\164\040\103 -\101\040\063\040\107\063\060\202\002\042\060\015\006\011\052\206 -\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202 -\002\012\002\202\002\001\000\263\313\016\020\147\216\352\024\227 -\247\062\052\012\126\066\177\150\114\307\263\157\072\043\024\221 -\377\031\177\245\312\254\356\263\166\235\172\351\213\033\253\153 -\061\333\372\013\123\114\257\305\245\032\171\074\212\114\377\254 -\337\045\336\116\331\202\062\013\104\336\312\333\214\254\243\156 -\026\203\073\246\144\113\062\211\373\026\026\070\176\353\103\342 -\323\164\112\302\142\012\163\012\335\111\263\127\322\260\012\205 -\235\161\074\336\243\313\300\062\363\001\071\040\103\033\065\321 -\123\263\261\356\305\223\151\202\076\026\265\050\106\241\336\352 -\211\011\355\103\270\005\106\212\206\365\131\107\276\033\157\001 -\041\020\271\375\251\322\050\312\020\071\011\312\023\066\317\234 -\255\255\100\164\171\053\002\077\064\377\372\040\151\175\323\356 -\141\365\272\263\347\060\320\067\043\206\162\141\105\051\110\131 -\150\157\167\246\056\201\276\007\115\157\257\316\304\105\023\221 -\024\160\006\217\037\237\370\207\151\261\016\357\303\211\031\353 -\352\034\141\374\172\154\212\334\326\003\013\236\046\272\022\335 -\324\124\071\253\046\243\063\352\165\201\332\055\315\017\117\344 -\003\321\357\025\227\033\153\220\305\002\220\223\146\002\041\261 -\107\336\213\232\112\200\271\125\217\265\242\057\300\326\063\147 -\332\176\304\247\264\004\104\353\107\373\346\130\271\367\014\360 -\173\053\261\300\160\051\303\100\142\055\073\110\151\334\043\074 -\110\353\173\011\171\251\155\332\250\060\230\317\200\162\003\210 -\246\133\106\256\162\171\174\010\003\041\145\256\267\341\034\245 -\261\052\242\061\336\146\004\367\300\164\350\161\336\377\075\131 -\314\226\046\022\213\205\225\127\032\253\153\165\013\104\075\021 -\050\074\173\141\267\342\217\147\117\345\354\074\114\140\200\151 -\127\070\036\001\133\215\125\350\307\337\300\314\167\043\064\111 -\165\174\366\230\021\353\055\336\355\101\056\024\005\002\177\340 -\376\040\353\065\347\021\254\042\316\127\075\336\311\060\155\020 -\003\205\315\361\377\214\026\265\301\262\076\210\154\140\177\220 -\117\225\367\366\055\255\001\071\007\004\372\165\200\175\277\111 -\120\355\357\311\304\174\034\353\200\176\333\266\320\335\023\376 -\311\323\234\327\262\227\251\002\003\001\000\001\243\102\060\100 -\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 -\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 -\006\060\035\006\003\125\035\016\004\026\004\024\306\027\320\274 -\250\352\002\103\362\033\006\231\135\053\220\040\271\327\234\344 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003 -\202\002\001\000\064\141\331\126\265\022\207\125\115\335\243\065 -\061\106\273\244\007\162\274\137\141\142\350\245\373\013\067\261 -\074\266\263\372\051\235\177\002\365\244\311\250\223\267\172\161 -\050\151\217\163\341\122\220\332\325\276\072\345\267\166\152\126 -\200\041\337\135\346\351\072\236\345\076\366\242\151\307\052\012 -\260\030\107\334\040\160\175\122\243\076\131\174\301\272\311\310 -\025\100\141\312\162\326\160\254\322\267\360\034\344\206\051\360 -\316\357\150\143\320\265\040\212\025\141\232\176\206\230\264\311 -\302\166\373\314\272\060\026\314\243\141\306\164\023\345\153\357 -\243\025\352\003\376\023\213\144\344\323\301\322\350\204\373\111 -\321\020\115\171\146\353\252\375\364\215\061\036\160\024\255\334 -\336\147\023\114\201\025\141\274\267\331\221\167\161\031\201\140 -\273\360\130\245\265\234\013\367\217\042\125\047\300\113\001\155 -\073\231\015\324\035\233\143\147\057\320\356\015\312\146\274\224 -\117\246\255\355\374\356\143\254\127\077\145\045\317\262\206\217 -\320\010\377\270\166\024\156\336\345\047\354\253\170\265\123\271 -\266\077\350\040\371\322\250\276\141\106\312\207\214\204\363\371 -\361\240\150\233\042\036\201\046\233\020\004\221\161\300\006\037 -\334\240\323\271\126\247\343\230\055\177\203\235\337\214\053\234 -\062\216\062\224\360\001\074\042\052\237\103\302\056\303\230\071 -\007\070\173\374\136\000\102\037\363\062\046\171\203\204\366\345 -\360\301\121\022\300\013\036\004\043\014\124\245\114\057\111\305 -\112\321\266\156\140\015\153\374\153\213\205\044\144\267\211\016 -\253\045\107\133\074\317\176\111\275\307\351\012\306\332\367\176 -\016\027\010\323\110\227\320\161\222\360\017\071\076\064\152\034 -\175\330\362\042\256\273\151\364\063\264\246\110\125\321\017\016 -\046\350\354\266\013\055\247\205\065\315\375\131\310\237\321\315 -\076\132\051\064\271\075\204\316\261\145\324\131\221\221\126\165 -\041\301\167\236\371\172\341\140\235\323\255\004\030\364\174\353 -\136\223\217\123\112\042\051\370\110\053\076\115\206\254\133\177 -\313\006\231\131\140\330\130\145\225\215\104\321\367\177\176\047 -\177\175\256\200\365\007\114\266\076\234\161\124\231\004\113\375 -\130\371\230\364 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "QuoVadis Root CA 3 G3" -# Issuer: CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM -# Serial Number:2e:f5:9b:02:28:a7:db:7a:ff:d5:a3:a9:ee:bd:03:a0:cf:12:6a:1d -# Subject: CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM -# Not Valid Before: Thu Jan 12 20:26:32 2012 -# Not Valid After : Sun Jan 12 20:26:32 2042 -# Fingerprint (SHA-256): 88:EF:81:DE:20:2E:B0:18:45:2E:43:F8:64:72:5C:EA:5F:BD:1F:C2:D9:D2:05:73:07:09:C5:D8:B8:69:0F:46 -# Fingerprint (SHA1): 48:12:BD:92:3C:A8:C4:39:06:E7:30:6D:27:96:E6:A4:CF:22:2E:7D -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "QuoVadis Root CA 3 G3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\110\022\275\222\074\250\304\071\006\347\060\155\047\226\346\244 -\317\042\056\175 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\337\175\271\255\124\157\150\241\337\211\127\003\227\103\260\327 -END -CKA_ISSUER MULTILINE_OCTAL -\060\110\061\013\060\011\006\003\125\004\006\023\002\102\115\061 -\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144 -\151\163\040\114\151\155\151\164\145\144\061\036\060\034\006\003 -\125\004\003\023\025\121\165\157\126\141\144\151\163\040\122\157 -\157\164\040\103\101\040\063\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\024\056\365\233\002\050\247\333\172\377\325\243\251\356\275 -\003\240\317\022\152\035 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "DigiCert Assured ID Root G2" -# -# Issuer: CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US -# Serial Number:0b:93:1c:3a:d6:39:67:ea:67:23:bf:c3:af:9a:f4:4b -# Subject: CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US -# Not Valid Before: Thu Aug 01 12:00:00 2013 -# Not Valid After : Fri Jan 15 12:00:00 2038 -# Fingerprint (SHA-256): 7D:05:EB:B6:82:33:9F:8C:94:51:EE:09:4E:EB:FE:FA:79:53:A1:14:ED:B2:F4:49:49:45:2F:AB:7D:2F:C1:85 -# Fingerprint (SHA1): A1:4B:48:D9:43:EE:0A:0E:40:90:4F:3C:E0:A4:C0:91:93:51:5D:3F -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DigiCert Assured ID Root G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\044\060\042\006\003\125\004\003\023\033\104\151\147\151 -\103\145\162\164\040\101\163\163\165\162\145\144\040\111\104\040 -\122\157\157\164\040\107\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\044\060\042\006\003\125\004\003\023\033\104\151\147\151 -\103\145\162\164\040\101\163\163\165\162\145\144\040\111\104\040 -\122\157\157\164\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\013\223\034\072\326\071\147\352\147\043\277\303\257\232 -\364\113 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\226\060\202\002\176\240\003\002\001\002\002\020\013 -\223\034\072\326\071\147\352\147\043\277\303\257\232\364\113\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\145 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025\060 -\023\006\003\125\004\012\023\014\104\151\147\151\103\145\162\164 -\040\111\156\143\061\031\060\027\006\003\125\004\013\023\020\167 -\167\167\056\144\151\147\151\143\145\162\164\056\143\157\155\061 -\044\060\042\006\003\125\004\003\023\033\104\151\147\151\103\145 -\162\164\040\101\163\163\165\162\145\144\040\111\104\040\122\157 -\157\164\040\107\062\060\036\027\015\061\063\060\070\060\061\061 -\062\060\060\060\060\132\027\015\063\070\060\061\061\065\061\062 -\060\060\060\060\132\060\145\061\013\060\011\006\003\125\004\006 -\023\002\125\123\061\025\060\023\006\003\125\004\012\023\014\104 -\151\147\151\103\145\162\164\040\111\156\143\061\031\060\027\006 -\003\125\004\013\023\020\167\167\167\056\144\151\147\151\143\145 -\162\164\056\143\157\155\061\044\060\042\006\003\125\004\003\023 -\033\104\151\147\151\103\145\162\164\040\101\163\163\165\162\145 -\144\040\111\104\040\122\157\157\164\040\107\062\060\202\001\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\001\017\000\060\202\001\012\002\202\001\001\000\331\347\050 -\057\122\077\066\162\111\210\223\064\363\370\152\036\061\124\200 -\237\255\124\101\265\107\337\226\250\324\257\200\055\271\012\317 -\165\375\211\245\175\044\372\343\042\014\053\274\225\027\013\063 -\277\031\115\101\006\220\000\275\014\115\020\376\007\265\347\034 -\156\042\125\061\145\227\275\323\027\322\036\142\363\333\352\154 -\120\214\077\204\014\226\317\267\313\003\340\312\155\241\024\114 -\033\211\335\355\000\260\122\174\257\221\154\261\070\023\321\351 -\022\010\300\000\260\034\053\021\332\167\160\066\233\256\316\171 -\207\334\202\160\346\011\164\160\125\151\257\243\150\237\277\335 -\266\171\263\362\235\160\051\125\364\253\377\225\141\363\311\100 -\157\035\321\276\223\273\323\210\052\273\235\277\162\132\126\161 -\073\077\324\363\321\012\376\050\357\243\356\331\231\257\003\323 -\217\140\267\362\222\241\261\275\211\211\037\060\315\303\246\056 -\142\063\256\026\002\167\104\132\347\201\012\074\247\104\056\171 -\270\077\004\274\134\240\207\341\033\257\121\216\315\354\054\372 -\370\376\155\360\072\174\252\213\344\147\225\061\215\002\003\001 -\000\001\243\102\060\100\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001 -\377\004\004\003\002\001\206\060\035\006\003\125\035\016\004\026 -\004\024\316\303\112\271\231\125\362\270\333\140\277\251\176\275 -\126\265\227\066\247\326\060\015\006\011\052\206\110\206\367\015 -\001\001\013\005\000\003\202\001\001\000\312\245\125\214\343\310 -\101\156\151\047\247\165\021\357\074\206\066\157\322\235\306\170 -\070\035\151\226\242\222\151\056\070\154\233\175\004\324\211\245 -\261\061\067\212\311\041\314\253\154\315\213\034\232\326\277\110 -\322\062\146\301\212\300\363\057\072\357\300\343\324\221\206\321 -\120\343\003\333\163\167\157\112\071\123\355\336\046\307\265\175 -\257\053\102\321\165\142\343\112\053\002\307\120\113\340\151\342 -\226\154\016\104\146\020\104\217\255\005\353\370\171\254\246\033 -\350\067\064\235\123\311\141\252\242\122\257\112\160\026\206\302 -\072\310\261\023\160\066\330\317\356\364\012\064\325\133\114\375 -\007\234\242\272\331\001\162\134\363\115\301\335\016\261\034\015 -\304\143\276\255\364\024\373\211\354\242\101\016\114\314\310\127 -\100\320\156\003\252\315\014\216\211\231\231\154\360\074\060\257 -\070\337\157\274\243\276\051\040\047\253\164\377\023\042\170\336 -\227\122\125\036\203\265\124\040\003\356\256\300\117\126\336\067 -\314\303\177\252\004\047\273\323\167\270\142\333\027\174\234\050 -\042\023\163\154\317\046\365\212\051\347 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "DigiCert Assured ID Root G2" -# Issuer: CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US -# Serial Number:0b:93:1c:3a:d6:39:67:ea:67:23:bf:c3:af:9a:f4:4b -# Subject: CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US -# Not Valid Before: Thu Aug 01 12:00:00 2013 -# Not Valid After : Fri Jan 15 12:00:00 2038 -# Fingerprint (SHA-256): 7D:05:EB:B6:82:33:9F:8C:94:51:EE:09:4E:EB:FE:FA:79:53:A1:14:ED:B2:F4:49:49:45:2F:AB:7D:2F:C1:85 -# Fingerprint (SHA1): A1:4B:48:D9:43:EE:0A:0E:40:90:4F:3C:E0:A4:C0:91:93:51:5D:3F -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DigiCert Assured ID Root G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\241\113\110\331\103\356\012\016\100\220\117\074\340\244\300\221 -\223\121\135\077 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\222\070\271\370\143\044\202\145\054\127\063\346\376\201\217\235 -END -CKA_ISSUER MULTILINE_OCTAL -\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\044\060\042\006\003\125\004\003\023\033\104\151\147\151 -\103\145\162\164\040\101\163\163\165\162\145\144\040\111\104\040 -\122\157\157\164\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\013\223\034\072\326\071\147\352\147\043\277\303\257\232 -\364\113 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "DigiCert Assured ID Root G3" -# -# Issuer: CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US -# Serial Number:0b:a1:5a:fa:1d:df:a0:b5:49:44:af:cd:24:a0:6c:ec -# Subject: CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US -# Not Valid Before: Thu Aug 01 12:00:00 2013 -# Not Valid After : Fri Jan 15 12:00:00 2038 -# Fingerprint (SHA-256): 7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2 -# Fingerprint (SHA1): F5:17:A2:4F:9A:48:C6:C9:F8:A2:00:26:9F:DC:0F:48:2C:AB:30:89 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DigiCert Assured ID Root G3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\044\060\042\006\003\125\004\003\023\033\104\151\147\151 -\103\145\162\164\040\101\163\163\165\162\145\144\040\111\104\040 -\122\157\157\164\040\107\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\044\060\042\006\003\125\004\003\023\033\104\151\147\151 -\103\145\162\164\040\101\163\163\165\162\145\144\040\111\104\040 -\122\157\157\164\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\013\241\132\372\035\337\240\265\111\104\257\315\044\240 -\154\354 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\106\060\202\001\315\240\003\002\001\002\002\020\013 -\241\132\372\035\337\240\265\111\104\257\315\044\240\154\354\060 -\012\006\010\052\206\110\316\075\004\003\003\060\145\061\013\060 -\011\006\003\125\004\006\023\002\125\123\061\025\060\023\006\003 -\125\004\012\023\014\104\151\147\151\103\145\162\164\040\111\156 -\143\061\031\060\027\006\003\125\004\013\023\020\167\167\167\056 -\144\151\147\151\143\145\162\164\056\143\157\155\061\044\060\042 -\006\003\125\004\003\023\033\104\151\147\151\103\145\162\164\040 -\101\163\163\165\162\145\144\040\111\104\040\122\157\157\164\040 -\107\063\060\036\027\015\061\063\060\070\060\061\061\062\060\060 -\060\060\132\027\015\063\070\060\061\061\065\061\062\060\060\060 -\060\132\060\145\061\013\060\011\006\003\125\004\006\023\002\125 -\123\061\025\060\023\006\003\125\004\012\023\014\104\151\147\151 -\103\145\162\164\040\111\156\143\061\031\060\027\006\003\125\004 -\013\023\020\167\167\167\056\144\151\147\151\143\145\162\164\056 -\143\157\155\061\044\060\042\006\003\125\004\003\023\033\104\151 -\147\151\103\145\162\164\040\101\163\163\165\162\145\144\040\111 -\104\040\122\157\157\164\040\107\063\060\166\060\020\006\007\052 -\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 -\004\031\347\274\254\104\145\355\315\270\077\130\373\215\261\127 -\251\104\055\005\025\362\357\013\377\020\164\237\265\142\122\137 -\146\176\037\345\334\033\105\171\013\314\306\123\012\235\215\135 -\002\331\251\131\336\002\132\366\225\052\016\215\070\112\212\111 -\306\274\306\003\070\007\137\125\332\176\011\156\342\177\136\320 -\105\040\017\131\166\020\326\240\044\360\055\336\066\362\154\051 -\071\243\102\060\100\060\017\006\003\125\035\023\001\001\377\004 -\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\206\060\035\006\003\125\035\016\004\026\004 -\024\313\320\275\251\341\230\005\121\241\115\067\242\203\171\316 -\215\035\052\344\204\060\012\006\010\052\206\110\316\075\004\003 -\003\003\147\000\060\144\002\060\045\244\201\105\002\153\022\113 -\165\164\117\310\043\343\160\362\165\162\336\174\211\360\317\221 -\162\141\236\136\020\222\131\126\271\203\307\020\347\070\351\130 -\046\066\175\325\344\064\206\071\002\060\174\066\123\360\060\345 -\142\143\072\231\342\266\243\073\233\064\372\036\332\020\222\161 -\136\221\023\247\335\244\156\222\314\062\326\365\041\146\307\057 -\352\226\143\152\145\105\222\225\001\264 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "DigiCert Assured ID Root G3" -# Issuer: CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US -# Serial Number:0b:a1:5a:fa:1d:df:a0:b5:49:44:af:cd:24:a0:6c:ec -# Subject: CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US -# Not Valid Before: Thu Aug 01 12:00:00 2013 -# Not Valid After : Fri Jan 15 12:00:00 2038 -# Fingerprint (SHA-256): 7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2 -# Fingerprint (SHA1): F5:17:A2:4F:9A:48:C6:C9:F8:A2:00:26:9F:DC:0F:48:2C:AB:30:89 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DigiCert Assured ID Root G3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\365\027\242\117\232\110\306\311\370\242\000\046\237\334\017\110 -\054\253\060\211 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\174\177\145\061\014\201\337\215\272\076\231\342\134\255\156\373 -END -CKA_ISSUER MULTILINE_OCTAL -\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\044\060\042\006\003\125\004\003\023\033\104\151\147\151 -\103\145\162\164\040\101\163\163\165\162\145\144\040\111\104\040 -\122\157\157\164\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\013\241\132\372\035\337\240\265\111\104\257\315\044\240 -\154\354 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "DigiCert Global Root G2" -# -# Issuer: CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US -# Serial Number:03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5 -# Subject: CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US -# Not Valid Before: Thu Aug 01 12:00:00 2013 -# Not Valid After : Fri Jan 15 12:00:00 2038 -# Fingerprint (SHA-256): CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F -# Fingerprint (SHA1): DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DigiCert Global Root G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147\151 -\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157\164 -\040\107\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147\151 -\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157\164 -\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\003\072\361\346\247\021\251\240\273\050\144\261\035\011 -\372\345 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\216\060\202\002\166\240\003\002\001\002\002\020\003 -\072\361\346\247\021\251\240\273\050\144\261\035\011\372\345\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\141 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025\060 -\023\006\003\125\004\012\023\014\104\151\147\151\103\145\162\164 -\040\111\156\143\061\031\060\027\006\003\125\004\013\023\020\167 -\167\167\056\144\151\147\151\143\145\162\164\056\143\157\155\061 -\040\060\036\006\003\125\004\003\023\027\104\151\147\151\103\145 -\162\164\040\107\154\157\142\141\154\040\122\157\157\164\040\107 -\062\060\036\027\015\061\063\060\070\060\061\061\062\060\060\060 -\060\132\027\015\063\070\060\061\061\065\061\062\060\060\060\060 -\132\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103 -\145\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013 -\023\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143 -\157\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147 -\151\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157 -\164\040\107\062\060\202\001\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012 -\002\202\001\001\000\273\067\315\064\334\173\153\311\262\150\220 -\255\112\165\377\106\272\041\012\010\215\365\031\124\311\373\210 -\333\363\256\362\072\211\221\074\172\346\253\006\032\153\317\254 -\055\350\136\011\044\104\272\142\232\176\326\243\250\176\340\124 -\165\040\005\254\120\267\234\143\032\154\060\334\332\037\031\261 -\327\036\336\375\327\340\313\224\203\067\256\354\037\103\116\335 -\173\054\322\275\056\245\057\344\251\270\255\072\324\231\244\266 -\045\351\233\153\000\140\222\140\377\117\041\111\030\367\147\220 -\253\141\006\234\217\362\272\351\264\351\222\062\153\265\363\127 -\350\135\033\315\214\035\253\225\004\225\111\363\065\055\226\343 -\111\155\335\167\343\373\111\113\264\254\125\007\251\217\225\263 -\264\043\273\114\155\105\360\366\251\262\225\060\264\375\114\125 -\214\047\112\127\024\174\202\235\315\163\222\323\026\112\006\014 -\214\120\321\217\036\011\276\027\241\346\041\312\375\203\345\020 -\274\203\245\012\304\147\050\366\163\024\024\075\106\166\303\207 -\024\211\041\064\115\257\017\105\014\246\111\241\272\273\234\305 -\261\063\203\051\205\002\003\001\000\001\243\102\060\100\060\017 -\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060 -\035\006\003\125\035\016\004\026\004\024\116\042\124\040\030\225 -\346\343\156\346\017\372\372\271\022\355\006\027\217\071\060\015 -\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202\001 -\001\000\140\147\050\224\157\016\110\143\353\061\335\352\147\030 -\325\211\175\074\305\213\112\177\351\276\333\053\027\337\260\137 -\163\167\052\062\023\071\201\147\102\204\043\362\105\147\065\354 -\210\277\370\217\260\141\014\064\244\256\040\114\204\306\333\370 -\065\341\166\331\337\246\102\273\307\104\010\206\177\066\164\044 -\132\332\154\015\024\131\065\275\362\111\335\266\037\311\263\015 -\107\052\075\231\057\273\134\273\265\324\040\341\231\137\123\106 -\025\333\150\233\360\363\060\325\076\061\342\215\204\236\343\212 -\332\332\226\076\065\023\245\137\360\371\160\120\160\107\101\021 -\127\031\116\300\217\256\006\304\225\023\027\057\033\045\237\165 -\362\261\216\231\241\157\023\261\101\161\376\210\052\310\117\020 -\040\125\327\363\024\105\345\340\104\364\352\207\225\062\223\016 -\376\123\106\372\054\235\377\213\042\271\113\331\011\105\244\336 -\244\270\232\130\335\033\175\122\237\216\131\103\210\201\244\236 -\046\325\157\255\335\015\306\067\175\355\003\222\033\345\167\137 -\166\356\074\215\304\135\126\133\242\331\146\156\263\065\067\345 -\062\266 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "DigiCert Global Root G2" -# Issuer: CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US -# Serial Number:03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5 -# Subject: CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US -# Not Valid Before: Thu Aug 01 12:00:00 2013 -# Not Valid After : Fri Jan 15 12:00:00 2038 -# Fingerprint (SHA-256): CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F -# Fingerprint (SHA1): DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DigiCert Global Root G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\337\074\044\371\277\326\146\166\033\046\200\163\376\006\321\314 -\215\117\202\244 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\344\246\212\310\124\254\122\102\106\012\375\162\110\033\052\104 -END -CKA_ISSUER MULTILINE_OCTAL -\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147\151 -\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157\164 -\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\003\072\361\346\247\021\251\240\273\050\144\261\035\011 -\372\345 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "DigiCert Global Root G3" -# -# Issuer: CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US -# Serial Number:05:55:56:bc:f2:5e:a4:35:35:c3:a4:0f:d5:ab:45:72 -# Subject: CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US -# Not Valid Before: Thu Aug 01 12:00:00 2013 -# Not Valid After : Fri Jan 15 12:00:00 2038 -# Fingerprint (SHA-256): 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0 -# Fingerprint (SHA1): 7E:04:DE:89:6A:3E:66:6D:00:E6:87:D3:3F:FA:D9:3B:E8:3D:34:9E -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DigiCert Global Root G3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147\151 -\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157\164 -\040\107\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147\151 -\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157\164 -\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\005\125\126\274\362\136\244\065\065\303\244\017\325\253 -\105\162 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\077\060\202\001\305\240\003\002\001\002\002\020\005 -\125\126\274\362\136\244\065\065\303\244\017\325\253\105\162\060 -\012\006\010\052\206\110\316\075\004\003\003\060\141\061\013\060 -\011\006\003\125\004\006\023\002\125\123\061\025\060\023\006\003 -\125\004\012\023\014\104\151\147\151\103\145\162\164\040\111\156 -\143\061\031\060\027\006\003\125\004\013\023\020\167\167\167\056 -\144\151\147\151\143\145\162\164\056\143\157\155\061\040\060\036 -\006\003\125\004\003\023\027\104\151\147\151\103\145\162\164\040 -\107\154\157\142\141\154\040\122\157\157\164\040\107\063\060\036 -\027\015\061\063\060\070\060\061\061\062\060\060\060\060\132\027 -\015\063\070\060\061\061\065\061\062\060\060\060\060\132\060\141 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025\060 -\023\006\003\125\004\012\023\014\104\151\147\151\103\145\162\164 -\040\111\156\143\061\031\060\027\006\003\125\004\013\023\020\167 -\167\167\056\144\151\147\151\143\145\162\164\056\143\157\155\061 -\040\060\036\006\003\125\004\003\023\027\104\151\147\151\103\145 -\162\164\040\107\154\157\142\141\154\040\122\157\157\164\040\107 -\063\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005 -\053\201\004\000\042\003\142\000\004\335\247\331\273\212\270\013 -\373\013\177\041\322\360\276\276\163\363\063\135\032\274\064\352 -\336\306\233\274\320\225\366\360\314\320\013\272\141\133\121\106 -\176\236\055\237\356\216\143\014\027\354\007\160\365\317\204\056 -\100\203\234\350\077\101\155\073\255\323\244\024\131\066\170\235 -\003\103\356\020\023\154\162\336\256\210\247\241\153\265\103\316 -\147\334\043\377\003\034\243\342\076\243\102\060\100\060\017\006 -\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016 -\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060\035 -\006\003\125\035\016\004\026\004\024\263\333\110\244\371\241\305 -\330\256\066\101\314\021\143\151\142\051\274\113\306\060\012\006 -\010\052\206\110\316\075\004\003\003\003\150\000\060\145\002\061 -\000\255\274\362\154\077\022\112\321\055\071\303\012\011\227\163 -\364\210\066\214\210\047\273\346\210\215\120\205\247\143\371\236 -\062\336\146\223\017\361\314\261\011\217\335\154\253\372\153\177 -\240\002\060\071\146\133\302\144\215\270\236\120\334\250\325\111 -\242\355\307\334\321\111\177\027\001\270\310\206\217\116\214\210 -\053\250\232\251\212\305\321\000\275\370\124\342\232\345\133\174 -\263\047\027 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "DigiCert Global Root G3" -# Issuer: CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US -# Serial Number:05:55:56:bc:f2:5e:a4:35:35:c3:a4:0f:d5:ab:45:72 -# Subject: CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US -# Not Valid Before: Thu Aug 01 12:00:00 2013 -# Not Valid After : Fri Jan 15 12:00:00 2038 -# Fingerprint (SHA-256): 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0 -# Fingerprint (SHA1): 7E:04:DE:89:6A:3E:66:6D:00:E6:87:D3:3F:FA:D9:3B:E8:3D:34:9E -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DigiCert Global Root G3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\176\004\336\211\152\076\146\155\000\346\207\323\077\372\331\073 -\350\075\064\236 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\365\135\244\120\245\373\050\176\036\017\015\314\226\127\126\312 -END -CKA_ISSUER MULTILINE_OCTAL -\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147\151 -\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157\164 -\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\005\125\126\274\362\136\244\065\065\303\244\017\325\253 -\105\162 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "DigiCert Trusted Root G4" -# -# Issuer: CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US -# Serial Number:05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c -# Subject: CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US -# Not Valid Before: Thu Aug 01 12:00:00 2013 -# Not Valid After : Fri Jan 15 12:00:00 2038 -# Fingerprint (SHA-256): 55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88 -# Fingerprint (SHA1): DD:FB:16:CD:49:31:C9:73:A2:03:7D:3F:C8:3A:4D:7D:77:5D:05:E4 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DigiCert Trusted Root G4" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\041\060\037\006\003\125\004\003\023\030\104\151\147\151 -\103\145\162\164\040\124\162\165\163\164\145\144\040\122\157\157 -\164\040\107\064 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\041\060\037\006\003\125\004\003\023\030\104\151\147\151 -\103\145\162\164\040\124\162\165\163\164\145\144\040\122\157\157 -\164\040\107\064 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\005\233\033\127\236\216\041\062\342\071\007\275\247\167 -\165\134 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\220\060\202\003\170\240\003\002\001\002\002\020\005 -\233\033\127\236\216\041\062\342\071\007\275\247\167\165\134\060 -\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\142 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025\060 -\023\006\003\125\004\012\023\014\104\151\147\151\103\145\162\164 -\040\111\156\143\061\031\060\027\006\003\125\004\013\023\020\167 -\167\167\056\144\151\147\151\143\145\162\164\056\143\157\155\061 -\041\060\037\006\003\125\004\003\023\030\104\151\147\151\103\145 -\162\164\040\124\162\165\163\164\145\144\040\122\157\157\164\040 -\107\064\060\036\027\015\061\063\060\070\060\061\061\062\060\060 -\060\060\132\027\015\063\070\060\061\061\065\061\062\060\060\060 -\060\132\060\142\061\013\060\011\006\003\125\004\006\023\002\125 -\123\061\025\060\023\006\003\125\004\012\023\014\104\151\147\151 -\103\145\162\164\040\111\156\143\061\031\060\027\006\003\125\004 -\013\023\020\167\167\167\056\144\151\147\151\143\145\162\164\056 -\143\157\155\061\041\060\037\006\003\125\004\003\023\030\104\151 -\147\151\103\145\162\164\040\124\162\165\163\164\145\144\040\122 -\157\157\164\040\107\064\060\202\002\042\060\015\006\011\052\206 -\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202 -\002\012\002\202\002\001\000\277\346\220\163\150\336\273\344\135 -\112\074\060\042\060\151\063\354\302\247\045\056\311\041\075\362 -\212\330\131\302\341\051\247\075\130\253\166\232\315\256\173\033 -\204\015\304\060\037\363\033\244\070\026\353\126\306\227\155\035 -\253\262\171\362\312\021\322\344\137\326\005\074\122\017\122\037 -\306\236\025\245\176\276\237\251\127\026\131\125\162\257\150\223 -\160\302\262\272\165\231\152\163\062\224\321\020\104\020\056\337 -\202\363\007\204\346\164\073\155\161\342\055\014\033\356\040\325 -\311\040\035\143\051\055\316\354\136\116\310\223\370\041\141\233 -\064\353\005\306\136\354\133\032\274\353\311\317\315\254\064\100 -\137\261\172\146\356\167\310\110\250\146\127\127\237\124\130\216 -\014\053\267\117\247\060\331\126\356\312\173\135\343\255\311\117 -\136\345\065\347\061\313\332\223\136\334\216\217\200\332\266\221 -\230\100\220\171\303\170\307\266\261\304\265\152\030\070\003\020 -\215\330\324\067\244\056\005\175\210\365\202\076\020\221\160\253 -\125\202\101\062\327\333\004\163\052\156\221\001\174\041\114\324 -\274\256\033\003\165\135\170\146\331\072\061\104\232\063\100\277 -\010\327\132\111\244\302\346\251\240\147\335\244\047\274\241\117 -\071\265\021\130\027\367\044\134\106\217\144\367\301\151\210\166 -\230\166\075\131\135\102\166\207\211\227\151\172\110\360\340\242 -\022\033\146\232\164\312\336\113\036\347\016\143\256\346\324\357 -\222\222\072\236\075\334\000\344\105\045\211\266\232\104\031\053 -\176\300\224\264\322\141\155\353\063\331\305\337\113\004\000\314 -\175\034\225\303\217\367\041\262\262\021\267\273\177\362\325\214 -\160\054\101\140\252\261\143\030\104\225\032\166\142\176\366\200 -\260\373\350\144\246\063\321\211\007\341\275\267\346\103\244\030 -\270\246\167\001\341\017\224\014\041\035\262\124\051\045\211\154 -\345\016\122\121\107\164\276\046\254\266\101\165\336\172\254\137 -\215\077\311\274\323\101\021\022\133\345\020\120\353\061\305\312 -\162\026\042\011\337\174\114\165\077\143\354\041\137\304\040\121 -\153\157\261\253\206\213\117\302\326\105\137\235\040\374\241\036 -\305\300\217\242\261\176\012\046\231\365\344\151\057\230\035\055 -\365\331\251\262\035\345\033\002\003\001\000\001\243\102\060\100 -\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 -\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 -\206\060\035\006\003\125\035\016\004\026\004\024\354\327\343\202 -\322\161\135\144\114\337\056\147\077\347\272\230\256\034\017\117 -\060\015\006\011\052\206\110\206\367\015\001\001\014\005\000\003 -\202\002\001\000\273\141\331\175\251\154\276\027\304\221\033\303 -\241\242\000\215\343\144\150\017\126\317\167\256\160\371\375\232 -\112\231\271\311\170\134\014\014\137\344\346\024\051\126\013\066 -\111\135\104\143\340\255\234\226\030\146\033\043\015\075\171\351 -\155\153\326\124\370\322\074\301\103\100\256\035\120\365\122\374 -\220\073\273\230\231\151\153\307\301\247\250\150\244\047\334\235 -\371\047\256\060\205\271\366\147\115\072\076\217\131\071\042\123 -\104\353\310\135\003\312\355\120\172\175\142\041\012\200\310\163 -\146\321\240\005\140\137\350\245\264\247\257\250\367\155\065\234 -\174\132\212\326\242\070\231\363\170\213\364\115\322\040\013\336 -\004\356\214\233\107\201\162\015\300\024\062\357\060\131\056\256 -\340\161\362\126\344\152\227\157\222\120\155\226\215\150\172\232 -\262\066\024\172\006\362\044\271\011\021\120\327\010\261\270\211 -\172\204\043\141\102\051\345\243\315\242\040\101\327\321\234\144 -\331\352\046\241\213\024\327\114\031\262\120\101\161\075\077\115 -\160\043\206\014\112\334\201\322\314\062\224\204\015\010\011\227 -\034\117\300\356\153\040\164\060\322\340\071\064\020\205\041\025 -\001\010\350\125\062\336\161\111\331\050\027\120\115\346\276\115 -\321\165\254\320\312\373\101\270\103\245\252\323\303\005\104\117 -\054\066\233\342\372\342\105\270\043\123\154\006\157\147\125\177 -\106\265\114\077\156\050\132\171\046\322\244\250\142\227\322\036 -\342\355\112\213\274\033\375\107\112\015\337\147\146\176\262\133 -\101\320\073\344\364\073\364\004\143\351\357\302\124\000\121\240 -\212\052\311\316\170\314\325\352\207\004\030\263\316\257\111\210 -\257\363\222\231\266\263\346\141\017\322\205\000\347\120\032\344 -\033\225\235\031\241\271\234\261\233\261\000\036\357\320\017\117 -\102\154\311\012\274\356\103\372\072\161\245\310\115\046\245\065 -\375\211\135\274\205\142\035\062\322\240\053\124\355\232\127\301 -\333\372\020\317\031\267\213\112\033\217\001\266\047\225\123\350 -\266\211\155\133\274\150\324\043\350\213\121\242\126\371\360\246 -\200\240\326\036\263\274\017\017\123\165\051\252\352\023\167\344 -\336\214\201\041\255\007\020\107\021\255\207\075\007\321\165\274 -\317\363\146\176 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "DigiCert Trusted Root G4" -# Issuer: CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US -# Serial Number:05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c -# Subject: CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US -# Not Valid Before: Thu Aug 01 12:00:00 2013 -# Not Valid After : Fri Jan 15 12:00:00 2038 -# Fingerprint (SHA-256): 55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88 -# Fingerprint (SHA1): DD:FB:16:CD:49:31:C9:73:A2:03:7D:3F:C8:3A:4D:7D:77:5D:05:E4 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "DigiCert Trusted Root G4" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\335\373\026\315\111\061\311\163\242\003\175\077\310\072\115\175 -\167\135\005\344 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\170\362\374\252\140\037\057\264\353\311\067\272\123\056\165\111 -END -CKA_ISSUER MULTILINE_OCTAL -\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145 -\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023 -\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157 -\155\061\041\060\037\006\003\125\004\003\023\030\104\151\147\151 -\103\145\162\164\040\124\162\165\163\164\145\144\040\122\157\157 -\164\040\107\064 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\005\233\033\127\236\216\041\062\342\071\007\275\247\167 -\165\134 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "COMODO RSA Certification Authority" -# -# Issuer: CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB -# Serial Number:4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d -# Subject: CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB -# Not Valid Before: Tue Jan 19 00:00:00 2010 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): 52:F0:E1:C4:E5:8E:C6:29:29:1B:60:31:7F:07:46:71:B8:5D:7E:A8:0D:5B:07:27:34:63:53:4B:32:B4:02:34 -# Fingerprint (SHA1): AF:E5:D2:44:A8:D1:19:42:30:FF:47:9F:E2:F8:97:BB:CD:7A:8C:B4 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "COMODO RSA Certification Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102 -\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164 -\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060 -\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061 -\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117 -\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006 -\003\125\004\003\023\042\103\117\115\117\104\117\040\122\123\101 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102 -\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164 -\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060 -\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061 -\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117 -\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006 -\003\125\004\003\023\042\103\117\115\117\104\117\040\122\123\101 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\114\252\371\312\333\143\157\340\037\367\116\330\133\003 -\206\235 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\330\060\202\003\300\240\003\002\001\002\002\020\114 -\252\371\312\333\143\157\340\037\367\116\330\133\003\206\235\060 -\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\201 -\205\061\013\060\011\006\003\125\004\006\023\002\107\102\061\033 -\060\031\006\003\125\004\010\023\022\107\162\145\141\164\145\162 -\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016\006 -\003\125\004\007\023\007\123\141\154\146\157\162\144\061\032\060 -\030\006\003\125\004\012\023\021\103\117\115\117\104\117\040\103 -\101\040\114\151\155\151\164\145\144\061\053\060\051\006\003\125 -\004\003\023\042\103\117\115\117\104\117\040\122\123\101\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\060\036\027\015\061\060\060\061\061\071 -\060\060\060\060\060\060\132\027\015\063\070\060\061\061\070\062 -\063\065\071\065\071\132\060\201\205\061\013\060\011\006\003\125 -\004\006\023\002\107\102\061\033\060\031\006\003\125\004\010\023 -\022\107\162\145\141\164\145\162\040\115\141\156\143\150\145\163 -\164\145\162\061\020\060\016\006\003\125\004\007\023\007\123\141 -\154\146\157\162\144\061\032\060\030\006\003\125\004\012\023\021 -\103\117\115\117\104\117\040\103\101\040\114\151\155\151\164\145 -\144\061\053\060\051\006\003\125\004\003\023\042\103\117\115\117 -\104\117\040\122\123\101\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\202 -\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005 -\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000\221 -\350\124\222\322\012\126\261\254\015\044\335\305\317\104\147\164 -\231\053\067\243\175\043\160\000\161\274\123\337\304\372\052\022 -\217\113\177\020\126\275\237\160\162\267\141\177\311\113\017\027 -\247\075\343\260\004\141\356\377\021\227\307\364\206\076\012\372 -\076\134\371\223\346\064\172\331\024\153\347\234\263\205\240\202 -\172\166\257\161\220\327\354\375\015\372\234\154\372\337\260\202 -\364\024\176\371\276\304\246\057\117\177\231\177\265\374\147\103 -\162\275\014\000\326\211\353\153\054\323\355\217\230\034\024\253 -\176\345\343\156\374\330\250\344\222\044\332\103\153\142\270\125 -\375\352\301\274\154\266\213\363\016\215\232\344\233\154\151\231 -\370\170\110\060\105\325\255\341\015\074\105\140\374\062\226\121 -\047\274\147\303\312\056\266\153\352\106\307\307\040\240\261\037 -\145\336\110\010\272\244\116\251\362\203\106\067\204\353\350\314 -\201\110\103\147\116\162\052\233\134\275\114\033\050\212\134\042 -\173\264\253\230\331\356\340\121\203\303\011\106\116\155\076\231 -\372\225\027\332\174\063\127\101\074\215\121\355\013\266\134\257 -\054\143\032\337\127\310\077\274\351\135\304\233\257\105\231\342 -\243\132\044\264\272\251\126\075\317\157\252\377\111\130\276\360 -\250\377\364\270\255\351\067\373\272\270\364\013\072\371\350\103 -\102\036\211\330\204\313\023\361\331\273\341\211\140\270\214\050 -\126\254\024\035\234\012\347\161\353\317\016\335\075\251\226\241 -\110\275\074\367\257\265\015\042\114\300\021\201\354\126\073\366 -\323\242\342\133\267\262\004\042\122\225\200\223\151\350\216\114 -\145\361\221\003\055\160\164\002\352\213\147\025\051\151\122\002 -\273\327\337\120\152\125\106\277\240\243\050\141\177\160\320\303 -\242\252\054\041\252\107\316\050\234\006\105\166\277\202\030\047 -\264\325\256\264\313\120\346\153\364\114\206\161\060\351\246\337 -\026\206\340\330\377\100\335\373\320\102\210\177\243\063\072\056 -\134\036\101\021\201\143\316\030\161\153\053\354\246\212\267\061 -\134\072\152\107\340\303\171\131\326\040\032\257\362\152\230\252 -\162\274\127\112\322\113\235\273\020\374\260\114\101\345\355\035 -\075\136\050\235\234\314\277\263\121\332\247\107\345\204\123\002 -\003\001\000\001\243\102\060\100\060\035\006\003\125\035\016\004 -\026\004\024\273\257\176\002\075\372\246\361\074\204\216\255\356 -\070\230\354\331\062\062\324\060\016\006\003\125\035\017\001\001 -\377\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001 -\377\004\005\060\003\001\001\377\060\015\006\011\052\206\110\206 -\367\015\001\001\014\005\000\003\202\002\001\000\012\361\325\106 -\204\267\256\121\273\154\262\115\101\024\000\223\114\234\313\345 -\300\124\317\240\045\216\002\371\375\260\242\015\365\040\230\074 -\023\055\254\126\242\260\326\176\021\222\351\056\272\236\056\232 -\162\261\275\031\104\154\141\065\242\232\264\026\022\151\132\214 -\341\327\076\244\032\350\057\003\364\256\141\035\020\033\052\244 -\213\172\305\376\005\246\341\300\326\310\376\236\256\217\053\272 -\075\231\370\330\163\011\130\106\156\246\234\364\327\047\323\225 -\332\067\203\162\034\323\163\340\242\107\231\003\070\135\325\111 -\171\000\051\034\307\354\233\040\034\007\044\151\127\170\262\071 -\374\072\204\240\265\234\174\215\277\056\223\142\047\267\071\332 -\027\030\256\275\074\011\150\377\204\233\074\325\326\013\003\343 -\127\236\024\367\321\353\117\310\275\207\043\267\266\111\103\171 -\205\134\272\353\222\013\241\306\350\150\250\114\026\261\032\231 -\012\350\123\054\222\273\241\011\030\165\014\145\250\173\313\043 -\267\032\302\050\205\303\033\377\320\053\142\357\244\173\011\221 -\230\147\214\024\001\315\150\006\152\143\041\165\003\200\210\212 -\156\201\306\205\362\251\244\055\347\364\245\044\020\107\203\312 -\315\364\215\171\130\261\006\233\347\032\052\331\235\001\327\224 -\175\355\003\112\312\360\333\350\251\001\076\365\126\231\311\036 -\216\111\075\273\345\011\271\340\117\111\222\075\026\202\100\314 -\314\131\306\346\072\355\022\056\151\074\154\225\261\375\252\035 -\173\177\206\276\036\016\062\106\373\373\023\217\165\177\114\213 -\113\106\143\376\000\064\100\160\301\303\271\241\335\246\160\342 -\004\263\101\274\351\200\221\352\144\234\172\341\042\003\251\234 -\156\157\016\145\117\154\207\207\136\363\156\240\371\165\245\233 -\100\350\123\262\047\235\112\271\300\167\041\215\377\207\362\336 -\274\214\357\027\337\267\111\013\321\362\156\060\013\032\016\116 -\166\355\021\374\365\351\126\262\175\277\307\155\012\223\214\245 -\320\300\266\035\276\072\116\224\242\327\156\154\013\302\212\174 -\372\040\363\304\344\345\315\015\250\313\221\222\261\174\205\354 -\265\024\151\146\016\202\347\315\316\310\055\246\121\177\041\301 -\065\123\205\006\112\135\237\255\273\033\137\164 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "COMODO RSA Certification Authority" -# Issuer: CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB -# Serial Number:4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d -# Subject: CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB -# Not Valid Before: Tue Jan 19 00:00:00 2010 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): 52:F0:E1:C4:E5:8E:C6:29:29:1B:60:31:7F:07:46:71:B8:5D:7E:A8:0D:5B:07:27:34:63:53:4B:32:B4:02:34 -# Fingerprint (SHA1): AF:E5:D2:44:A8:D1:19:42:30:FF:47:9F:E2:F8:97:BB:CD:7A:8C:B4 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "COMODO RSA Certification Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\257\345\322\104\250\321\031\102\060\377\107\237\342\370\227\273 -\315\172\214\264 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\033\061\260\161\100\066\314\024\066\221\255\304\076\375\354\030 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102 -\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164 -\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060 -\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061 -\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117 -\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006 -\003\125\004\003\023\042\103\117\115\117\104\117\040\122\123\101 -\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 -\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\114\252\371\312\333\143\157\340\037\367\116\330\133\003 -\206\235 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "USERTrust RSA Certification Authority" -# -# Issuer: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US -# Serial Number:01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d -# Subject: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US -# Not Valid Before: Mon Feb 01 00:00:00 2010 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2 -# Fingerprint (SHA1): 2B:8F:1B:57:33:0D:BB:A2:D0:7A:6C:51:F7:0E:E9:0D:DA:B9:AD:8E -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "USERTrust RSA Certification Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\210\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\023\060\021\006\003\125\004\010\023\012\116\145\167\040\112 -\145\162\163\145\171\061\024\060\022\006\003\125\004\007\023\013 -\112\145\162\163\145\171\040\103\151\164\171\061\036\060\034\006 -\003\125\004\012\023\025\124\150\145\040\125\123\105\122\124\122 -\125\123\124\040\116\145\164\167\157\162\153\061\056\060\054\006 -\003\125\004\003\023\045\125\123\105\122\124\162\165\163\164\040 -\122\123\101\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\210\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\023\060\021\006\003\125\004\010\023\012\116\145\167\040\112 -\145\162\163\145\171\061\024\060\022\006\003\125\004\007\023\013 -\112\145\162\163\145\171\040\103\151\164\171\061\036\060\034\006 -\003\125\004\012\023\025\124\150\145\040\125\123\105\122\124\122 -\125\123\124\040\116\145\164\167\157\162\153\061\056\060\054\006 -\003\125\004\003\023\045\125\123\105\122\124\162\165\163\164\040 -\122\123\101\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\001\375\155\060\374\243\312\121\250\033\274\144\016\065 -\003\055 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\336\060\202\003\306\240\003\002\001\002\002\020\001 -\375\155\060\374\243\312\121\250\033\274\144\016\065\003\055\060 -\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\201 -\210\061\013\060\011\006\003\125\004\006\023\002\125\123\061\023 -\060\021\006\003\125\004\010\023\012\116\145\167\040\112\145\162 -\163\145\171\061\024\060\022\006\003\125\004\007\023\013\112\145 -\162\163\145\171\040\103\151\164\171\061\036\060\034\006\003\125 -\004\012\023\025\124\150\145\040\125\123\105\122\124\122\125\123 -\124\040\116\145\164\167\157\162\153\061\056\060\054\006\003\125 -\004\003\023\045\125\123\105\122\124\162\165\163\164\040\122\123 -\101\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040 -\101\165\164\150\157\162\151\164\171\060\036\027\015\061\060\060 -\062\060\061\060\060\060\060\060\060\132\027\015\063\070\060\061 -\061\070\062\063\065\071\065\071\132\060\201\210\061\013\060\011 -\006\003\125\004\006\023\002\125\123\061\023\060\021\006\003\125 -\004\010\023\012\116\145\167\040\112\145\162\163\145\171\061\024 -\060\022\006\003\125\004\007\023\013\112\145\162\163\145\171\040 -\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124 -\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164 -\167\157\162\153\061\056\060\054\006\003\125\004\003\023\045\125 -\123\105\122\124\162\165\163\164\040\122\123\101\040\103\145\162 -\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171\060\202\002\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012 -\002\202\002\001\000\200\022\145\027\066\016\303\333\010\263\320 -\254\127\015\166\355\315\047\323\114\255\120\203\141\342\252\040 -\115\011\055\144\011\334\316\211\237\314\075\251\354\366\317\301 -\334\361\323\261\326\173\067\050\021\053\107\332\071\306\274\072 -\031\264\137\246\275\175\235\243\143\102\266\166\362\251\073\053 -\221\370\342\157\320\354\026\040\220\011\076\342\350\164\311\030 -\264\221\324\142\144\333\177\243\006\361\210\030\152\220\042\074 -\274\376\023\360\207\024\173\366\344\037\216\324\344\121\306\021 -\147\106\010\121\313\206\024\124\077\274\063\376\176\154\234\377 -\026\235\030\275\121\216\065\246\247\146\310\162\147\333\041\146 -\261\324\233\170\003\300\120\072\350\314\360\334\274\236\114\376 -\257\005\226\065\037\127\132\267\377\316\371\075\267\054\266\366 -\124\335\310\347\022\072\115\256\114\212\267\134\232\264\267\040 -\075\312\177\042\064\256\176\073\150\146\001\104\347\001\116\106 -\123\233\063\140\367\224\276\123\067\220\163\103\363\062\303\123 -\357\333\252\376\164\116\151\307\153\214\140\223\336\304\307\014 -\337\341\062\256\314\223\073\121\170\225\147\213\356\075\126\376 -\014\320\151\017\033\017\363\045\046\153\063\155\367\156\107\372 -\163\103\345\176\016\245\146\261\051\174\062\204\143\125\211\304 -\015\301\223\124\060\031\023\254\323\175\067\247\353\135\072\154 -\065\134\333\101\327\022\332\251\111\013\337\330\200\212\011\223 -\142\216\265\146\317\045\210\315\204\270\261\077\244\071\017\331 -\002\236\353\022\114\225\174\363\153\005\251\136\026\203\314\270 -\147\342\350\023\235\314\133\202\323\114\263\355\133\377\336\345 -\163\254\043\073\055\000\277\065\125\164\011\111\330\111\130\032 -\177\222\066\346\121\222\016\363\046\175\034\115\027\274\311\354 -\103\046\320\277\101\137\100\251\104\104\364\231\347\127\207\236 -\120\037\127\124\250\076\375\164\143\057\261\120\145\011\346\130 -\102\056\103\032\114\264\360\045\107\131\372\004\036\223\324\046 -\106\112\120\201\262\336\276\170\267\374\147\025\341\311\127\204 -\036\017\143\326\351\142\272\326\137\125\056\352\134\306\050\010 -\004\045\071\270\016\053\251\362\114\227\034\007\077\015\122\365 -\355\357\057\202\017\002\003\001\000\001\243\102\060\100\060\035 -\006\003\125\035\016\004\026\004\024\123\171\277\132\252\053\112 -\317\124\200\341\330\233\300\235\362\262\003\146\313\060\016\006 -\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006 -\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015 -\006\011\052\206\110\206\367\015\001\001\014\005\000\003\202\002 -\001\000\134\324\174\015\317\367\001\175\101\231\145\014\163\305 -\122\237\313\370\317\231\006\177\033\332\103\025\237\236\002\125 -\127\226\024\361\122\074\047\207\224\050\355\037\072\001\067\242 -\166\374\123\120\300\204\233\306\153\116\272\214\041\117\242\216 -\125\142\221\363\151\025\330\274\210\343\304\252\013\375\357\250 -\351\113\125\052\006\040\155\125\170\051\031\356\137\060\134\113 -\044\021\125\377\044\232\156\136\052\053\356\013\115\237\177\367 -\001\070\224\024\225\103\007\011\373\140\251\356\034\253\022\214 -\240\232\136\247\230\152\131\155\213\077\010\373\310\321\105\257 -\030\025\144\220\022\017\163\050\056\305\342\044\116\374\130\354 -\360\364\105\376\042\263\353\057\216\322\331\105\141\005\301\227 -\157\250\166\162\217\213\214\066\257\277\015\005\316\161\215\346 -\246\157\037\154\246\161\142\305\330\320\203\162\014\361\147\021 -\211\014\234\023\114\162\064\337\274\325\161\337\252\161\335\341 -\271\154\214\074\022\135\145\332\275\127\022\266\103\153\377\345 -\336\115\146\021\121\317\231\256\354\027\266\350\161\221\214\336 -\111\376\335\065\161\242\025\047\224\034\317\141\343\046\273\157 -\243\147\045\041\135\346\335\035\013\056\150\033\073\202\257\354 -\203\147\205\324\230\121\164\261\271\231\200\211\377\177\170\031 -\134\171\112\140\056\222\100\256\114\067\052\054\311\307\142\310 -\016\135\367\066\133\312\340\045\045\001\264\335\032\007\234\167 -\000\077\320\334\325\354\075\324\372\273\077\314\205\326\157\177 -\251\055\337\271\002\367\365\227\232\265\065\332\303\147\260\207 -\112\251\050\236\043\216\377\134\047\153\341\260\117\363\007\356 -\000\056\324\131\207\313\122\101\225\352\364\107\327\356\144\101 -\125\174\215\131\002\225\335\142\235\302\271\356\132\050\164\204 -\245\233\267\220\307\014\007\337\365\211\066\164\062\326\050\301 -\260\260\013\340\234\114\303\034\326\374\343\151\265\107\106\201 -\057\242\202\253\323\143\104\160\304\215\377\055\063\272\255\217 -\173\265\160\210\256\076\031\317\100\050\330\374\310\220\273\135 -\231\042\365\122\346\130\305\037\210\061\103\356\210\035\327\306 -\216\074\103\152\035\247\030\336\175\075\026\361\142\371\312\220 -\250\375 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "USERTrust RSA Certification Authority" -# Issuer: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US -# Serial Number:01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d -# Subject: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US -# Not Valid Before: Mon Feb 01 00:00:00 2010 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2 -# Fingerprint (SHA1): 2B:8F:1B:57:33:0D:BB:A2:D0:7A:6C:51:F7:0E:E9:0D:DA:B9:AD:8E -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "USERTrust RSA Certification Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\053\217\033\127\063\015\273\242\320\172\154\121\367\016\351\015 -\332\271\255\216 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\033\376\151\321\221\267\031\063\243\162\250\017\341\125\345\265 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\210\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\023\060\021\006\003\125\004\010\023\012\116\145\167\040\112 -\145\162\163\145\171\061\024\060\022\006\003\125\004\007\023\013 -\112\145\162\163\145\171\040\103\151\164\171\061\036\060\034\006 -\003\125\004\012\023\025\124\150\145\040\125\123\105\122\124\122 -\125\123\124\040\116\145\164\167\157\162\153\061\056\060\054\006 -\003\125\004\003\023\045\125\123\105\122\124\162\165\163\164\040 -\122\123\101\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\001\375\155\060\374\243\312\121\250\033\274\144\016\065 -\003\055 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "USERTrust ECC Certification Authority" -# -# Issuer: CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US -# Serial Number:5c:8b:99:c5:5a:94:c5:d2:71:56:de:cd:89:80:cc:26 -# Subject: CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US -# Not Valid Before: Mon Feb 01 00:00:00 2010 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): 4F:F4:60:D5:4B:9C:86:DA:BF:BC:FC:57:12:E0:40:0D:2B:ED:3F:BC:4D:4F:BD:AA:86:E0:6A:DC:D2:A9:AD:7A -# Fingerprint (SHA1): D1:CB:CA:5D:B2:D5:2A:7F:69:3B:67:4D:E5:F0:5A:1D:0C:95:7D:F0 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "USERTrust ECC Certification Authority" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\210\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\023\060\021\006\003\125\004\010\023\012\116\145\167\040\112 -\145\162\163\145\171\061\024\060\022\006\003\125\004\007\023\013 -\112\145\162\163\145\171\040\103\151\164\171\061\036\060\034\006 -\003\125\004\012\023\025\124\150\145\040\125\123\105\122\124\122 -\125\123\124\040\116\145\164\167\157\162\153\061\056\060\054\006 -\003\125\004\003\023\045\125\123\105\122\124\162\165\163\164\040 -\105\103\103\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\210\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\023\060\021\006\003\125\004\010\023\012\116\145\167\040\112 -\145\162\163\145\171\061\024\060\022\006\003\125\004\007\023\013 -\112\145\162\163\145\171\040\103\151\164\171\061\036\060\034\006 -\003\125\004\012\023\025\124\150\145\040\125\123\105\122\124\122 -\125\123\124\040\116\145\164\167\157\162\153\061\056\060\054\006 -\003\125\004\003\023\045\125\123\105\122\124\162\165\163\164\040 -\105\103\103\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\134\213\231\305\132\224\305\322\161\126\336\315\211\200 -\314\046 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\217\060\202\002\025\240\003\002\001\002\002\020\134 -\213\231\305\132\224\305\322\161\126\336\315\211\200\314\046\060 -\012\006\010\052\206\110\316\075\004\003\003\060\201\210\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\023\060\021\006 -\003\125\004\010\023\012\116\145\167\040\112\145\162\163\145\171 -\061\024\060\022\006\003\125\004\007\023\013\112\145\162\163\145 -\171\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023 -\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116 -\145\164\167\157\162\153\061\056\060\054\006\003\125\004\003\023 -\045\125\123\105\122\124\162\165\163\164\040\105\103\103\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\060\036\027\015\061\060\060\062\060\061 -\060\060\060\060\060\060\132\027\015\063\070\060\061\061\070\062 -\063\065\071\065\071\132\060\201\210\061\013\060\011\006\003\125 -\004\006\023\002\125\123\061\023\060\021\006\003\125\004\010\023 -\012\116\145\167\040\112\145\162\163\145\171\061\024\060\022\006 -\003\125\004\007\023\013\112\145\162\163\145\171\040\103\151\164 -\171\061\036\060\034\006\003\125\004\012\023\025\124\150\145\040 -\125\123\105\122\124\122\125\123\124\040\116\145\164\167\157\162 -\153\061\056\060\054\006\003\125\004\003\023\045\125\123\105\122 -\124\162\165\163\164\040\105\103\103\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005 -\053\201\004\000\042\003\142\000\004\032\254\124\132\251\371\150 -\043\347\172\325\044\157\123\306\132\330\113\253\306\325\266\321 -\346\163\161\256\335\234\326\014\141\375\333\240\211\003\270\005 -\024\354\127\316\356\135\077\342\041\263\316\367\324\212\171\340 -\243\203\176\055\227\320\141\304\361\231\334\045\221\143\253\177 -\060\243\264\160\342\307\241\063\234\363\277\056\134\123\261\137 -\263\175\062\177\212\064\343\171\171\243\102\060\100\060\035\006 -\003\125\035\016\004\026\004\024\072\341\011\206\324\317\031\302 -\226\166\164\111\166\334\340\065\306\143\143\232\060\016\006\003 -\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003 -\125\035\023\001\001\377\004\005\060\003\001\001\377\060\012\006 -\010\052\206\110\316\075\004\003\003\003\150\000\060\145\002\060 -\066\147\241\026\010\334\344\227\000\101\035\116\276\341\143\001 -\317\073\252\102\021\144\240\235\224\071\002\021\171\134\173\035 -\372\144\271\356\026\102\263\277\212\302\011\304\354\344\261\115 -\002\061\000\351\052\141\107\214\122\112\113\116\030\160\366\326 -\104\326\156\365\203\272\155\130\275\044\331\126\110\352\357\304 -\242\106\201\210\152\072\106\321\251\233\115\311\141\332\321\135 -\127\152\030 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "USERTrust ECC Certification Authority" -# Issuer: CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US -# Serial Number:5c:8b:99:c5:5a:94:c5:d2:71:56:de:cd:89:80:cc:26 -# Subject: CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US -# Not Valid Before: Mon Feb 01 00:00:00 2010 -# Not Valid After : Mon Jan 18 23:59:59 2038 -# Fingerprint (SHA-256): 4F:F4:60:D5:4B:9C:86:DA:BF:BC:FC:57:12:E0:40:0D:2B:ED:3F:BC:4D:4F:BD:AA:86:E0:6A:DC:D2:A9:AD:7A -# Fingerprint (SHA1): D1:CB:CA:5D:B2:D5:2A:7F:69:3B:67:4D:E5:F0:5A:1D:0C:95:7D:F0 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "USERTrust ECC Certification Authority" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\321\313\312\135\262\325\052\177\151\073\147\115\345\360\132\035 -\014\225\175\360 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\372\150\274\331\265\177\255\375\311\035\006\203\050\314\044\301 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\210\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\023\060\021\006\003\125\004\010\023\012\116\145\167\040\112 -\145\162\163\145\171\061\024\060\022\006\003\125\004\007\023\013 -\112\145\162\163\145\171\040\103\151\164\171\061\036\060\034\006 -\003\125\004\012\023\025\124\150\145\040\125\123\105\122\124\122 -\125\123\124\040\116\145\164\167\157\162\153\061\056\060\054\006 -\003\125\004\003\023\045\125\123\105\122\124\162\165\163\164\040 -\105\103\103\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\134\213\231\305\132\224\305\322\161\126\336\315\211\200 -\314\046 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "GlobalSign ECC Root CA - R4" -# -# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4 -# Serial Number:2a:38:a4:1c:96:0a:04:de:42:b2:28:a5:0b:e8:34:98:02 -# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4 -# Not Valid Before: Tue Nov 13 00:00:00 2012 -# Not Valid After : Tue Jan 19 03:14:07 2038 -# Fingerprint (SHA-256): BE:C9:49:11:C2:95:56:76:DB:6C:0A:55:09:86:D7:6E:3B:A0:05:66:7C:44:2C:97:62:B4:FB:B7:73:DE:22:8C -# Fingerprint (SHA1): 69:69:56:2E:40:80:F4:24:A1:E7:19:9F:14:BA:F3:EE:58:AB:6A:BB -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GlobalSign ECC Root CA - R4" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\120\061\044\060\042\006\003\125\004\013\023\033\107\154\157 -\142\141\154\123\151\147\156\040\105\103\103\040\122\157\157\164 -\040\103\101\040\055\040\122\064\061\023\060\021\006\003\125\004 -\012\023\012\107\154\157\142\141\154\123\151\147\156\061\023\060 -\021\006\003\125\004\003\023\012\107\154\157\142\141\154\123\151 -\147\156 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\120\061\044\060\042\006\003\125\004\013\023\033\107\154\157 -\142\141\154\123\151\147\156\040\105\103\103\040\122\157\157\164 -\040\103\101\040\055\040\122\064\061\023\060\021\006\003\125\004 -\012\023\012\107\154\157\142\141\154\123\151\147\156\061\023\060 -\021\006\003\125\004\003\023\012\107\154\157\142\141\154\123\151 -\147\156 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\052\070\244\034\226\012\004\336\102\262\050\245\013\350 -\064\230\002 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\001\341\060\202\001\207\240\003\002\001\002\002\021\052 -\070\244\034\226\012\004\336\102\262\050\245\013\350\064\230\002 -\060\012\006\010\052\206\110\316\075\004\003\002\060\120\061\044 -\060\042\006\003\125\004\013\023\033\107\154\157\142\141\154\123 -\151\147\156\040\105\103\103\040\122\157\157\164\040\103\101\040 -\055\040\122\064\061\023\060\021\006\003\125\004\012\023\012\107 -\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 -\004\003\023\012\107\154\157\142\141\154\123\151\147\156\060\036 -\027\015\061\062\061\061\061\063\060\060\060\060\060\060\132\027 -\015\063\070\060\061\061\071\060\063\061\064\060\067\132\060\120 -\061\044\060\042\006\003\125\004\013\023\033\107\154\157\142\141 -\154\123\151\147\156\040\105\103\103\040\122\157\157\164\040\103 -\101\040\055\040\122\064\061\023\060\021\006\003\125\004\012\023 -\012\107\154\157\142\141\154\123\151\147\156\061\023\060\021\006 -\003\125\004\003\023\012\107\154\157\142\141\154\123\151\147\156 -\060\131\060\023\006\007\052\206\110\316\075\002\001\006\010\052 -\206\110\316\075\003\001\007\003\102\000\004\270\306\171\323\217 -\154\045\016\237\056\071\031\034\003\244\256\232\345\071\007\011 -\026\312\143\261\271\206\370\212\127\301\127\316\102\372\163\241 -\367\145\102\377\036\301\000\262\156\163\016\377\307\041\345\030 -\244\252\331\161\077\250\324\271\316\214\035\243\102\060\100\060 -\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 -\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 -\060\035\006\003\125\035\016\004\026\004\024\124\260\173\255\105 -\270\342\100\177\373\012\156\373\276\063\311\074\243\204\325\060 -\012\006\010\052\206\110\316\075\004\003\002\003\110\000\060\105 -\002\041\000\334\222\241\240\023\246\317\003\260\346\304\041\227 -\220\372\024\127\055\003\354\356\074\323\156\312\250\154\166\274 -\242\336\273\002\040\047\250\205\047\065\233\126\306\243\362\107 -\322\267\156\033\002\000\027\252\147\246\025\221\336\372\224\354 -\173\013\370\237\204 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "GlobalSign ECC Root CA - R4" -# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4 -# Serial Number:2a:38:a4:1c:96:0a:04:de:42:b2:28:a5:0b:e8:34:98:02 -# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4 -# Not Valid Before: Tue Nov 13 00:00:00 2012 -# Not Valid After : Tue Jan 19 03:14:07 2038 -# Fingerprint (SHA-256): BE:C9:49:11:C2:95:56:76:DB:6C:0A:55:09:86:D7:6E:3B:A0:05:66:7C:44:2C:97:62:B4:FB:B7:73:DE:22:8C -# Fingerprint (SHA1): 69:69:56:2E:40:80:F4:24:A1:E7:19:9F:14:BA:F3:EE:58:AB:6A:BB -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GlobalSign ECC Root CA - R4" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\151\151\126\056\100\200\364\044\241\347\031\237\024\272\363\356 -\130\253\152\273 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\040\360\047\150\321\176\240\235\016\346\052\312\337\134\211\216 -END -CKA_ISSUER MULTILINE_OCTAL -\060\120\061\044\060\042\006\003\125\004\013\023\033\107\154\157 -\142\141\154\123\151\147\156\040\105\103\103\040\122\157\157\164 -\040\103\101\040\055\040\122\064\061\023\060\021\006\003\125\004 -\012\023\012\107\154\157\142\141\154\123\151\147\156\061\023\060 -\021\006\003\125\004\003\023\012\107\154\157\142\141\154\123\151 -\147\156 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\052\070\244\034\226\012\004\336\102\262\050\245\013\350 -\064\230\002 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "GlobalSign ECC Root CA - R5" -# -# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5 -# Serial Number:60:59:49:e0:26:2e:bb:55:f9:0a:77:8a:71:f9:4a:d8:6c -# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5 -# Not Valid Before: Tue Nov 13 00:00:00 2012 -# Not Valid After : Tue Jan 19 03:14:07 2038 -# Fingerprint (SHA-256): 17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24 -# Fingerprint (SHA1): 1F:24:C6:30:CD:A4:18:EF:20:69:FF:AD:4F:DD:5F:46:3A:1B:69:AA -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GlobalSign ECC Root CA - R5" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\120\061\044\060\042\006\003\125\004\013\023\033\107\154\157 -\142\141\154\123\151\147\156\040\105\103\103\040\122\157\157\164 -\040\103\101\040\055\040\122\065\061\023\060\021\006\003\125\004 -\012\023\012\107\154\157\142\141\154\123\151\147\156\061\023\060 -\021\006\003\125\004\003\023\012\107\154\157\142\141\154\123\151 -\147\156 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\120\061\044\060\042\006\003\125\004\013\023\033\107\154\157 -\142\141\154\123\151\147\156\040\105\103\103\040\122\157\157\164 -\040\103\101\040\055\040\122\065\061\023\060\021\006\003\125\004 -\012\023\012\107\154\157\142\141\154\123\151\147\156\061\023\060 -\021\006\003\125\004\003\023\012\107\154\157\142\141\154\123\151 -\147\156 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\140\131\111\340\046\056\273\125\371\012\167\212\161\371 -\112\330\154 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\036\060\202\001\244\240\003\002\001\002\002\021\140 -\131\111\340\046\056\273\125\371\012\167\212\161\371\112\330\154 -\060\012\006\010\052\206\110\316\075\004\003\003\060\120\061\044 -\060\042\006\003\125\004\013\023\033\107\154\157\142\141\154\123 -\151\147\156\040\105\103\103\040\122\157\157\164\040\103\101\040 -\055\040\122\065\061\023\060\021\006\003\125\004\012\023\012\107 -\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 -\004\003\023\012\107\154\157\142\141\154\123\151\147\156\060\036 -\027\015\061\062\061\061\061\063\060\060\060\060\060\060\132\027 -\015\063\070\060\061\061\071\060\063\061\064\060\067\132\060\120 -\061\044\060\042\006\003\125\004\013\023\033\107\154\157\142\141 -\154\123\151\147\156\040\105\103\103\040\122\157\157\164\040\103 -\101\040\055\040\122\065\061\023\060\021\006\003\125\004\012\023 -\012\107\154\157\142\141\154\123\151\147\156\061\023\060\021\006 -\003\125\004\003\023\012\107\154\157\142\141\154\123\151\147\156 -\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005\053 -\201\004\000\042\003\142\000\004\107\105\016\226\373\175\135\277 -\351\071\321\041\370\237\013\266\325\173\036\222\072\110\131\034 -\360\142\061\055\300\172\050\376\032\247\134\263\266\314\227\347 -\105\324\130\372\321\167\155\103\242\300\207\145\064\012\037\172 -\335\353\074\063\241\305\235\115\244\157\101\225\070\177\311\036 -\204\353\321\236\111\222\207\224\207\014\072\205\112\146\237\235 -\131\223\115\227\141\006\206\112\243\102\060\100\060\016\006\003 -\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003 -\125\035\023\001\001\377\004\005\060\003\001\001\377\060\035\006 -\003\125\035\016\004\026\004\024\075\346\051\110\233\352\007\312 -\041\104\112\046\336\156\336\322\203\320\237\131\060\012\006\010 -\052\206\110\316\075\004\003\003\003\150\000\060\145\002\061\000 -\345\151\022\311\156\333\306\061\272\011\101\341\227\370\373\375 -\232\342\175\022\311\355\174\144\323\313\005\045\213\126\331\240 -\347\136\135\116\013\203\234\133\166\051\240\011\046\041\152\142 -\002\060\161\322\265\217\134\352\073\341\170\011\205\250\165\222 -\073\310\134\375\110\357\015\164\042\250\010\342\156\305\111\316 -\307\014\274\247\141\151\361\367\073\341\052\313\371\053\363\146 -\220\067 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "GlobalSign ECC Root CA - R5" -# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5 -# Serial Number:60:59:49:e0:26:2e:bb:55:f9:0a:77:8a:71:f9:4a:d8:6c -# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5 -# Not Valid Before: Tue Nov 13 00:00:00 2012 -# Not Valid After : Tue Jan 19 03:14:07 2038 -# Fingerprint (SHA-256): 17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24 -# Fingerprint (SHA1): 1F:24:C6:30:CD:A4:18:EF:20:69:FF:AD:4F:DD:5F:46:3A:1B:69:AA -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GlobalSign ECC Root CA - R5" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\037\044\306\060\315\244\030\357\040\151\377\255\117\335\137\106 -\072\033\151\252 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\237\255\073\034\002\036\212\272\027\164\070\201\014\242\274\010 -END -CKA_ISSUER MULTILINE_OCTAL -\060\120\061\044\060\042\006\003\125\004\013\023\033\107\154\157 -\142\141\154\123\151\147\156\040\105\103\103\040\122\157\157\164 -\040\103\101\040\055\040\122\065\061\023\060\021\006\003\125\004 -\012\023\012\107\154\157\142\141\154\123\151\147\156\061\023\060 -\021\006\003\125\004\003\023\012\107\154\157\142\141\154\123\151 -\147\156 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\140\131\111\340\046\056\273\125\371\012\167\212\161\371 -\112\330\154 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Staat der Nederlanden Root CA - G3" -# -# Issuer: CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL -# Serial Number: 10003001 (0x98a239) -# Subject: CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL -# Not Valid Before: Thu Nov 14 11:28:42 2013 -# Not Valid After : Mon Nov 13 23:00:00 2028 -# Fingerprint (SHA-256): 3C:4F:B0:B9:5A:B8:B3:00:32:F4:32:B8:6F:53:5F:E1:72:C1:85:D0:FD:39:86:58:37:CF:36:18:7F:A6:F4:28 -# Fingerprint (SHA1): D8:EB:6B:41:51:92:59:E0:F3:E7:85:00:C0:3D:B6:88:97:C9:EE:FC -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Staat der Nederlanden Root CA - G3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 -\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 -\122\157\157\164\040\103\101\040\055\040\107\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 -\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 -\122\157\157\164\040\103\101\040\055\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\000\230\242\071 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\164\060\202\003\134\240\003\002\001\002\002\004\000 -\230\242\071\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\060\132\061\013\060\011\006\003\125\004\006\023\002\116 -\114\061\036\060\034\006\003\125\004\012\014\025\123\164\141\141 -\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145 -\156\061\053\060\051\006\003\125\004\003\014\042\123\164\141\141 -\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145 -\156\040\122\157\157\164\040\103\101\040\055\040\107\063\060\036 -\027\015\061\063\061\061\061\064\061\061\062\070\064\062\132\027 -\015\062\070\061\061\061\063\062\063\060\060\060\060\132\060\132 -\061\013\060\011\006\003\125\004\006\023\002\116\114\061\036\060 -\034\006\003\125\004\012\014\025\123\164\141\141\164\040\144\145 -\162\040\116\145\144\145\162\154\141\156\144\145\156\061\053\060 -\051\006\003\125\004\003\014\042\123\164\141\141\164\040\144\145 -\162\040\116\145\144\145\162\154\141\156\144\145\156\040\122\157 -\157\164\040\103\101\040\055\040\107\063\060\202\002\042\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002 -\017\000\060\202\002\012\002\202\002\001\000\276\062\242\124\017 -\160\373\054\134\131\353\154\304\244\121\350\205\052\263\314\112 -\064\362\260\137\363\016\307\034\075\123\036\210\010\150\330\157 -\075\255\302\236\314\202\147\007\047\207\150\161\072\237\165\226 -\042\106\005\260\355\255\307\133\236\052\336\234\374\072\306\225 -\247\365\027\147\030\347\057\111\010\014\134\317\346\314\064\355 -\170\373\120\261\334\153\062\360\242\376\266\074\344\354\132\227 -\307\077\036\160\010\060\240\334\305\263\155\157\320\202\162\021 -\253\322\201\150\131\202\027\267\170\222\140\372\314\336\077\204 -\353\215\070\063\220\012\162\043\372\065\314\046\161\061\321\162 -\050\222\331\133\043\155\146\265\155\007\102\353\246\063\316\222 -\333\300\366\154\143\170\315\312\116\075\265\345\122\233\361\276 -\073\346\124\140\260\146\036\011\253\007\376\124\211\021\102\321 -\367\044\272\140\170\032\230\367\311\021\375\026\301\065\032\124 -\165\357\103\323\345\256\116\316\347\173\303\306\116\141\121\113 -\253\232\105\113\241\037\101\275\110\123\025\161\144\013\206\263 -\345\056\276\316\244\033\301\051\204\242\265\313\010\043\166\103 -\042\044\037\027\004\324\156\234\306\374\177\053\146\032\354\212 -\345\326\317\115\365\143\011\267\025\071\326\173\254\353\343\174 -\351\116\374\165\102\310\355\130\225\014\006\102\242\234\367\344 -\160\263\337\162\157\132\067\100\211\330\205\244\327\361\013\336 -\103\031\324\112\130\054\214\212\071\236\277\204\207\361\026\073 -\066\014\351\323\264\312\154\031\101\122\011\241\035\260\152\277 -\202\357\160\121\041\062\334\005\166\214\313\367\144\344\003\120 -\257\214\221\147\253\305\362\356\130\330\336\276\367\347\061\317 -\154\311\073\161\301\325\210\265\145\274\300\350\027\027\007\022 -\265\134\322\253\040\223\264\346\202\203\160\066\305\315\243\215 -\255\213\354\243\301\103\207\346\103\342\064\276\225\213\065\355 -\007\071\332\250\035\172\237\066\236\022\260\014\145\022\220\025 -\140\331\046\100\104\343\126\140\245\020\324\152\074\375\101\334 -\016\132\107\266\357\227\141\165\117\331\376\307\262\035\324\355 -\135\111\263\251\152\313\146\204\023\325\134\240\334\337\156\167 -\006\321\161\165\310\127\157\257\017\167\133\002\003\001\000\001 -\243\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005 -\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004 -\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024 -\124\255\372\307\222\127\256\312\065\234\056\022\373\344\272\135 -\040\334\224\127\060\015\006\011\052\206\110\206\367\015\001\001 -\013\005\000\003\202\002\001\000\060\231\235\005\062\310\136\016 -\073\230\001\072\212\244\347\007\367\172\370\347\232\337\120\103 -\123\227\052\075\312\074\107\230\056\341\025\173\361\222\363\141 -\332\220\045\026\145\300\237\124\135\016\003\073\133\167\002\234 -\204\266\015\230\137\064\335\073\143\302\303\050\201\302\234\051 -\056\051\342\310\303\001\362\063\352\052\252\314\011\010\367\145 -\147\306\315\337\323\266\053\247\275\314\321\016\160\137\270\043 -\321\313\221\116\012\364\310\172\345\331\143\066\301\324\337\374 -\042\227\367\140\135\352\051\057\130\262\275\130\275\215\226\117 -\020\165\277\110\173\075\121\207\241\074\164\042\302\374\007\177 -\200\334\304\254\376\152\301\160\060\260\351\216\151\342\054\151 -\201\224\011\272\335\376\115\300\203\214\224\130\300\106\040\257 -\234\037\002\370\065\125\111\057\106\324\300\360\240\226\002\017 -\063\305\161\363\236\043\175\224\267\375\072\323\011\203\006\041 -\375\140\075\256\062\300\322\356\215\246\360\347\264\202\174\012 -\314\160\311\171\200\370\376\114\367\065\204\031\212\061\373\012 -\331\327\177\233\360\242\232\153\303\005\112\355\101\140\024\060 -\321\252\021\102\156\323\043\002\004\013\306\145\335\335\122\167 -\332\201\153\262\250\372\001\070\271\226\352\052\154\147\227\211 -\224\236\274\341\124\325\344\152\170\357\112\275\053\232\075\100 -\176\306\300\165\322\156\373\150\060\354\354\213\235\371\111\065 -\232\032\054\331\263\225\071\325\036\222\367\246\271\145\057\345 -\075\155\072\110\114\010\334\344\050\022\050\276\175\065\134\352 -\340\026\176\023\033\152\327\076\327\236\374\055\165\262\301\024 -\325\043\003\333\133\157\013\076\170\057\015\336\063\215\026\267 -\110\347\203\232\201\017\173\301\103\115\125\004\027\070\112\121 -\325\131\242\211\164\323\237\276\036\113\327\306\155\267\210\044 -\157\140\221\244\202\205\133\126\101\274\320\104\253\152\023\276 -\321\054\130\267\022\063\130\262\067\143\334\023\365\224\035\077 -\100\121\365\117\365\072\355\310\305\353\302\036\035\026\225\172 -\307\176\102\161\223\156\113\025\267\060\337\252\355\127\205\110 -\254\035\152\335\071\151\344\341\171\170\276\316\005\277\241\014 -\367\200\173\041\147\047\060\131 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Staat der Nederlanden Root CA - G3" -# Issuer: CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL -# Serial Number: 10003001 (0x98a239) -# Subject: CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL -# Not Valid Before: Thu Nov 14 11:28:42 2013 -# Not Valid After : Mon Nov 13 23:00:00 2028 -# Fingerprint (SHA-256): 3C:4F:B0:B9:5A:B8:B3:00:32:F4:32:B8:6F:53:5F:E1:72:C1:85:D0:FD:39:86:58:37:CF:36:18:7F:A6:F4:28 -# Fingerprint (SHA1): D8:EB:6B:41:51:92:59:E0:F3:E7:85:00:C0:3D:B6:88:97:C9:EE:FC -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Staat der Nederlanden Root CA - G3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\330\353\153\101\121\222\131\340\363\347\205\000\300\075\266\210 -\227\311\356\374 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\013\106\147\007\333\020\057\031\214\065\120\140\321\013\364\067 -END -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 -\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 -\122\157\157\164\040\103\101\040\055\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\000\230\242\071 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Staat der Nederlanden EV Root CA" -# -# Issuer: CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL -# Serial Number: 10000013 (0x98968d) -# Subject: CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL -# Not Valid Before: Wed Dec 08 11:19:29 2010 -# Not Valid After : Thu Dec 08 11:10:28 2022 -# Fingerprint (SHA-256): 4D:24:91:41:4C:FE:95:67:46:EC:4C:EF:A6:CF:6F:72:E2:8A:13:29:43:2F:9D:8A:90:7A:C4:CB:5D:AD:C1:5A -# Fingerprint (SHA1): 76:E2:7E:C1:4F:DB:82:C1:C0:A6:75:B5:05:BE:3D:29:B4:ED:DB:BB -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Staat der Nederlanden EV Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\130\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 -\051\060\047\006\003\125\004\003\014\040\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 -\105\126\040\122\157\157\164\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\130\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 -\051\060\047\006\003\125\004\003\014\040\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 -\105\126\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\000\230\226\215 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\160\060\202\003\130\240\003\002\001\002\002\004\000 -\230\226\215\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\060\130\061\013\060\011\006\003\125\004\006\023\002\116 -\114\061\036\060\034\006\003\125\004\012\014\025\123\164\141\141 -\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145 -\156\061\051\060\047\006\003\125\004\003\014\040\123\164\141\141 -\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145 -\156\040\105\126\040\122\157\157\164\040\103\101\060\036\027\015 -\061\060\061\062\060\070\061\061\061\071\062\071\132\027\015\062 -\062\061\062\060\070\061\061\061\060\062\070\132\060\130\061\013 -\060\011\006\003\125\004\006\023\002\116\114\061\036\060\034\006 -\003\125\004\012\014\025\123\164\141\141\164\040\144\145\162\040 -\116\145\144\145\162\154\141\156\144\145\156\061\051\060\047\006 -\003\125\004\003\014\040\123\164\141\141\164\040\144\145\162\040 -\116\145\144\145\162\154\141\156\144\145\156\040\105\126\040\122 -\157\157\164\040\103\101\060\202\002\042\060\015\006\011\052\206 -\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202 -\002\012\002\202\002\001\000\343\307\176\211\371\044\113\072\322 -\063\203\065\054\151\354\334\011\244\343\121\250\045\053\171\270 -\010\075\340\221\272\204\205\306\205\244\312\346\311\056\123\244 -\311\044\036\375\125\146\161\135\054\305\140\150\004\267\331\302 -\122\046\070\210\244\326\073\100\246\302\315\077\315\230\223\263 -\124\024\130\226\125\325\120\376\206\255\244\143\177\134\207\366 -\216\346\047\222\147\027\222\002\003\054\334\326\146\164\355\335 -\147\377\301\141\215\143\117\017\233\155\027\060\046\357\253\322 -\037\020\240\371\305\177\026\151\201\003\107\355\036\150\215\162 -\241\115\262\046\306\272\154\137\155\326\257\321\261\023\216\251 -\255\363\136\151\165\046\030\076\101\053\041\177\356\213\135\007 -\006\235\103\304\051\012\053\374\052\076\206\313\074\203\072\371 -\311\015\332\305\231\342\274\170\101\063\166\341\277\057\135\345 -\244\230\120\014\025\335\340\372\234\177\070\150\320\262\246\172 -\247\321\061\275\176\212\130\047\103\263\272\063\221\323\247\230 -\025\134\232\346\323\017\165\331\374\101\230\227\076\252\045\333 -\217\222\056\260\173\014\137\361\143\251\067\371\233\165\151\114 -\050\046\045\332\325\362\022\160\105\125\343\337\163\136\067\365 -\041\154\220\216\065\132\311\323\043\353\323\300\276\170\254\102 -\050\130\146\245\106\155\160\002\327\020\371\113\124\374\135\206 -\112\207\317\177\312\105\254\021\132\265\040\121\215\057\210\107 -\227\071\300\317\272\300\102\001\100\231\110\041\013\153\247\322 -\375\226\325\321\276\106\235\111\340\013\246\240\042\116\070\320 -\301\074\060\274\160\217\054\165\314\320\305\214\121\073\075\224 -\010\144\046\141\175\271\303\145\217\024\234\041\320\252\375\027 -\162\003\217\275\233\214\346\136\123\236\271\235\357\202\273\341 -\274\342\162\101\133\041\224\323\105\067\224\321\337\011\071\135 -\347\043\252\232\035\312\155\250\012\206\205\212\202\276\102\007 -\326\362\070\202\163\332\207\133\345\074\323\236\076\247\073\236 -\364\003\263\371\361\175\023\164\002\377\273\241\345\372\000\171 -\034\246\146\101\210\134\140\127\246\056\011\304\272\375\232\317 -\247\037\100\303\273\314\132\012\125\113\073\070\166\121\270\143 -\213\204\224\026\346\126\363\002\003\001\000\001\243\102\060\100 -\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 -\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 -\006\060\035\006\003\125\035\016\004\026\004\024\376\253\000\220 -\230\236\044\374\251\314\032\212\373\047\270\277\060\156\250\073 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003 -\202\002\001\000\317\167\054\156\126\276\116\263\266\204\000\224 -\253\107\311\015\322\166\307\206\237\035\007\323\266\264\273\010 -\170\257\151\322\013\111\336\063\305\254\255\302\210\002\175\006 -\267\065\002\301\140\311\277\304\350\224\336\324\323\251\023\045 -\132\376\156\242\256\175\005\334\175\363\154\360\176\246\215\356 -\331\327\316\130\027\350\251\051\256\163\110\207\347\233\312\156 -\051\241\144\137\031\023\367\256\006\020\377\121\306\233\115\125 -\045\117\223\231\020\001\123\165\361\023\316\307\246\101\101\322 -\277\210\245\177\105\374\254\270\245\265\063\014\202\304\373\007 -\366\152\345\045\204\137\006\312\301\206\071\021\333\130\315\167 -\073\054\302\114\017\136\232\343\360\253\076\141\033\120\044\302 -\300\364\361\031\360\021\051\266\245\030\002\233\327\143\114\160 -\214\107\243\003\103\134\271\135\106\240\015\157\377\131\216\276 -\335\237\162\303\133\053\337\214\133\316\345\014\106\154\222\262 -\012\243\114\124\102\030\025\022\030\275\332\374\272\164\156\377 -\301\266\240\144\330\251\137\125\256\237\134\152\166\226\330\163 -\147\207\373\115\177\134\356\151\312\163\020\373\212\251\375\236 -\275\066\070\111\111\207\364\016\024\360\351\207\270\077\247\117 -\172\132\216\171\324\223\344\273\150\122\204\254\154\351\363\230 -\160\125\162\062\371\064\253\053\111\265\315\040\142\344\072\172 -\147\143\253\226\334\155\256\227\354\374\237\166\126\210\056\146 -\317\133\266\311\244\260\327\005\272\341\047\057\223\273\046\052 -\242\223\260\033\363\216\276\035\100\243\271\066\217\076\202\032 -\032\136\210\352\120\370\131\342\203\106\051\013\343\104\134\341 -\225\266\151\220\232\024\157\227\256\201\317\150\357\231\232\276 -\265\347\341\177\370\372\023\107\026\114\314\155\010\100\347\213 -\170\157\120\202\104\120\077\146\006\212\253\103\204\126\112\017 -\040\055\206\016\365\322\333\322\172\212\113\315\245\350\116\361 -\136\046\045\001\131\043\240\176\322\366\176\041\127\327\047\274 -\025\127\114\244\106\301\340\203\036\014\114\115\037\117\006\031 -\342\371\250\364\072\202\241\262\171\103\171\326\255\157\172\047 -\220\003\244\352\044\207\077\331\275\331\351\362\137\120\111\034 -\356\354\327\056 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Staat der Nederlanden EV Root CA" -# Issuer: CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL -# Serial Number: 10000013 (0x98968d) -# Subject: CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL -# Not Valid Before: Wed Dec 08 11:19:29 2010 -# Not Valid After : Thu Dec 08 11:10:28 2022 -# Fingerprint (SHA-256): 4D:24:91:41:4C:FE:95:67:46:EC:4C:EF:A6:CF:6F:72:E2:8A:13:29:43:2F:9D:8A:90:7A:C4:CB:5D:AD:C1:5A -# Fingerprint (SHA1): 76:E2:7E:C1:4F:DB:82:C1:C0:A6:75:B5:05:BE:3D:29:B4:ED:DB:BB -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Staat der Nederlanden EV Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\166\342\176\301\117\333\202\301\300\246\165\265\005\276\075\051 -\264\355\333\273 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\374\006\257\173\350\032\361\232\264\350\322\160\037\300\365\272 -END -CKA_ISSUER MULTILINE_OCTAL -\060\130\061\013\060\011\006\003\125\004\006\023\002\116\114\061 -\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061 -\051\060\047\006\003\125\004\003\014\040\123\164\141\141\164\040 -\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040 -\105\126\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\000\230\226\215 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "IdenTrust Commercial Root CA 1" -# -# Issuer: CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US -# Serial Number:0a:01:42:80:00:00:01:45:23:c8:44:b5:00:00:00:02 -# Subject: CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US -# Not Valid Before: Thu Jan 16 18:12:23 2014 -# Not Valid After : Mon Jan 16 18:12:23 2034 -# Fingerprint (SHA-256): 5D:56:49:9B:E4:D2:E0:8B:CF:CA:D0:8A:3E:38:72:3D:50:50:3B:DE:70:69:48:E4:2F:55:60:30:19:E5:28:AE -# Fingerprint (SHA1): DF:71:7E:AA:4A:D9:4E:C9:55:84:99:60:2D:48:DE:5F:BC:F0:3A:25 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "IdenTrust Commercial Root CA 1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\112\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\022\060\020\006\003\125\004\012\023\011\111\144\145\156\124\162 -\165\163\164\061\047\060\045\006\003\125\004\003\023\036\111\144 -\145\156\124\162\165\163\164\040\103\157\155\155\145\162\143\151 -\141\154\040\122\157\157\164\040\103\101\040\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\112\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\022\060\020\006\003\125\004\012\023\011\111\144\145\156\124\162 -\165\163\164\061\047\060\045\006\003\125\004\003\023\036\111\144 -\145\156\124\162\165\163\164\040\103\157\155\155\145\162\143\151 -\141\154\040\122\157\157\164\040\103\101\040\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\012\001\102\200\000\000\001\105\043\310\104\265\000\000 -\000\002 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\140\060\202\003\110\240\003\002\001\002\002\020\012 -\001\102\200\000\000\001\105\043\310\104\265\000\000\000\002\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\112 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\022\060 -\020\006\003\125\004\012\023\011\111\144\145\156\124\162\165\163 -\164\061\047\060\045\006\003\125\004\003\023\036\111\144\145\156 -\124\162\165\163\164\040\103\157\155\155\145\162\143\151\141\154 -\040\122\157\157\164\040\103\101\040\061\060\036\027\015\061\064 -\060\061\061\066\061\070\061\062\062\063\132\027\015\063\064\060 -\061\061\066\061\070\061\062\062\063\132\060\112\061\013\060\011 -\006\003\125\004\006\023\002\125\123\061\022\060\020\006\003\125 -\004\012\023\011\111\144\145\156\124\162\165\163\164\061\047\060 -\045\006\003\125\004\003\023\036\111\144\145\156\124\162\165\163 -\164\040\103\157\155\155\145\162\143\151\141\154\040\122\157\157 -\164\040\103\101\040\061\060\202\002\042\060\015\006\011\052\206 -\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202 -\002\012\002\202\002\001\000\247\120\031\336\077\231\075\324\063 -\106\361\157\121\141\202\262\251\117\217\147\211\135\204\331\123 -\335\014\050\331\327\360\377\256\225\103\162\231\371\265\135\174 -\212\301\102\341\061\120\164\321\201\015\174\315\233\041\253\103 -\342\254\255\136\206\156\363\011\212\037\132\062\275\242\353\224 -\371\350\134\012\354\377\230\322\257\161\263\264\123\237\116\207 -\357\222\274\275\354\117\062\060\210\113\027\136\127\304\123\302 -\366\002\227\215\331\142\053\277\044\037\142\215\337\303\270\051 -\113\111\170\074\223\140\210\042\374\231\332\066\310\302\242\324 -\054\124\000\147\065\156\163\277\002\130\360\244\335\345\260\242 -\046\172\312\340\066\245\031\026\365\375\267\357\256\077\100\365 -\155\132\004\375\316\064\312\044\334\164\043\033\135\063\023\022 -\135\304\001\045\366\060\335\002\135\237\340\325\107\275\264\353 -\033\241\273\111\111\330\237\133\002\363\212\344\044\220\344\142 -\117\117\301\257\213\016\164\027\250\321\162\210\152\172\001\111 -\314\264\106\171\306\027\261\332\230\036\007\131\372\165\041\205 -\145\335\220\126\316\373\253\245\140\235\304\235\371\122\260\213 -\275\207\371\217\053\043\012\043\166\073\367\063\341\311\000\363 -\151\371\113\242\340\116\274\176\223\071\204\007\367\104\160\176 -\376\007\132\345\261\254\321\030\314\362\065\345\111\111\010\312 -\126\311\075\373\017\030\175\213\073\301\023\302\115\217\311\117 -\016\067\351\037\241\016\152\337\142\056\313\065\006\121\171\054 -\310\045\070\364\372\113\247\211\134\234\322\343\015\071\206\112 -\164\174\325\131\207\302\077\116\014\134\122\364\075\367\122\202 -\361\352\243\254\375\111\064\032\050\363\101\210\072\023\356\350 -\336\377\231\035\137\272\313\350\036\362\271\120\140\300\061\323 -\163\345\357\276\240\355\063\013\164\276\040\040\304\147\154\360 -\010\003\172\125\200\177\106\116\226\247\364\036\076\341\366\330 -\011\341\063\144\053\143\327\062\136\237\371\300\173\017\170\157 -\227\274\223\232\371\234\022\220\170\172\200\207\025\327\162\164 -\234\125\164\170\261\272\341\156\160\004\272\117\240\272\150\303 -\173\377\061\360\163\075\075\224\052\261\013\101\016\240\376\115 -\210\145\153\171\063\264\327\002\003\001\000\001\243\102\060\100 -\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006 -\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 -\377\060\035\006\003\125\035\016\004\026\004\024\355\104\031\300 -\323\360\006\213\356\244\173\276\102\347\046\124\310\216\066\166 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003 -\202\002\001\000\015\256\220\062\366\246\113\174\104\166\031\141 -\036\047\050\315\136\124\357\045\274\343\010\220\371\051\327\256 -\150\010\341\224\000\130\357\056\056\176\123\122\214\266\134\007 -\352\210\272\231\213\120\224\327\202\200\337\141\011\000\223\255 -\015\024\346\316\301\362\067\224\170\260\137\234\263\242\163\270 -\217\005\223\070\315\215\076\260\270\373\300\317\261\362\354\055 -\055\033\314\354\252\232\263\252\140\202\033\055\073\303\204\075 -\127\212\226\036\234\165\270\323\060\315\140\010\203\220\323\216 -\124\361\115\146\300\135\164\003\100\243\356\205\176\302\037\167 -\234\006\350\301\247\030\135\122\225\355\311\335\045\236\155\372 -\251\355\243\072\064\320\131\173\332\355\120\363\065\277\355\353 -\024\115\061\307\140\364\332\361\207\234\342\110\342\306\305\067 -\373\006\020\372\165\131\146\061\107\051\332\166\232\034\351\202 -\256\357\232\271\121\367\210\043\232\151\225\142\074\345\125\200 -\066\327\124\002\377\361\271\135\316\324\043\157\330\105\204\112 -\133\145\357\211\014\335\024\247\040\313\030\245\045\264\015\371 -\001\360\242\322\364\000\310\164\216\241\052\110\216\145\333\023 -\304\342\045\027\175\353\276\207\133\027\040\124\121\223\112\123 -\003\013\354\135\312\063\355\142\375\105\307\057\133\334\130\240 -\200\071\346\372\327\376\023\024\246\355\075\224\112\102\164\324 -\303\167\131\163\315\217\106\276\125\070\357\372\350\221\062\352 -\227\130\004\042\336\070\303\314\274\155\311\063\072\152\012\151 -\077\240\310\352\162\217\214\143\206\043\275\155\074\226\236\225 -\340\111\114\252\242\271\052\033\234\066\201\170\355\303\350\106 -\342\046\131\104\165\036\331\165\211\121\315\020\204\235\141\140 -\313\135\371\227\042\115\216\230\346\343\177\366\133\273\256\315 -\312\112\201\153\136\013\363\121\341\164\053\351\176\047\247\331 -\231\111\116\370\245\200\333\045\017\034\143\142\212\311\063\147 -\153\074\020\203\306\255\336\250\315\026\216\215\360\007\067\161 -\237\362\253\374\101\365\301\213\354\000\067\135\011\345\116\200 -\357\372\261\134\070\006\245\033\112\341\334\070\055\074\334\253 -\037\220\032\325\112\234\356\321\160\154\314\356\364\127\370\030 -\272\204\156\207 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "IdenTrust Commercial Root CA 1" -# Issuer: CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US -# Serial Number:0a:01:42:80:00:00:01:45:23:c8:44:b5:00:00:00:02 -# Subject: CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US -# Not Valid Before: Thu Jan 16 18:12:23 2014 -# Not Valid After : Mon Jan 16 18:12:23 2034 -# Fingerprint (SHA-256): 5D:56:49:9B:E4:D2:E0:8B:CF:CA:D0:8A:3E:38:72:3D:50:50:3B:DE:70:69:48:E4:2F:55:60:30:19:E5:28:AE -# Fingerprint (SHA1): DF:71:7E:AA:4A:D9:4E:C9:55:84:99:60:2D:48:DE:5F:BC:F0:3A:25 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "IdenTrust Commercial Root CA 1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\337\161\176\252\112\331\116\311\125\204\231\140\055\110\336\137 -\274\360\072\045 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\263\076\167\163\165\356\240\323\343\176\111\143\111\131\273\307 -END -CKA_ISSUER MULTILINE_OCTAL -\060\112\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\022\060\020\006\003\125\004\012\023\011\111\144\145\156\124\162 -\165\163\164\061\047\060\045\006\003\125\004\003\023\036\111\144 -\145\156\124\162\165\163\164\040\103\157\155\155\145\162\143\151 -\141\154\040\122\157\157\164\040\103\101\040\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\012\001\102\200\000\000\001\105\043\310\104\265\000\000 -\000\002 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "IdenTrust Public Sector Root CA 1" -# -# Issuer: CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US -# Serial Number:0a:01:42:80:00:00:01:45:23:cf:46:7c:00:00:00:02 -# Subject: CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US -# Not Valid Before: Thu Jan 16 17:53:32 2014 -# Not Valid After : Mon Jan 16 17:53:32 2034 -# Fingerprint (SHA-256): 30:D0:89:5A:9A:44:8A:26:20:91:63:55:22:D1:F5:20:10:B5:86:7A:CA:E1:2C:78:EF:95:8F:D4:F4:38:9F:2F -# Fingerprint (SHA1): BA:29:41:60:77:98:3F:F4:F3:EF:F2:31:05:3B:2E:EA:6D:4D:45:FD -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "IdenTrust Public Sector Root CA 1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\115\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\022\060\020\006\003\125\004\012\023\011\111\144\145\156\124\162 -\165\163\164\061\052\060\050\006\003\125\004\003\023\041\111\144 -\145\156\124\162\165\163\164\040\120\165\142\154\151\143\040\123 -\145\143\164\157\162\040\122\157\157\164\040\103\101\040\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\115\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\022\060\020\006\003\125\004\012\023\011\111\144\145\156\124\162 -\165\163\164\061\052\060\050\006\003\125\004\003\023\041\111\144 -\145\156\124\162\165\163\164\040\120\165\142\154\151\143\040\123 -\145\143\164\157\162\040\122\157\157\164\040\103\101\040\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\012\001\102\200\000\000\001\105\043\317\106\174\000\000 -\000\002 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\146\060\202\003\116\240\003\002\001\002\002\020\012 -\001\102\200\000\000\001\105\043\317\106\174\000\000\000\002\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\115 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\022\060 -\020\006\003\125\004\012\023\011\111\144\145\156\124\162\165\163 -\164\061\052\060\050\006\003\125\004\003\023\041\111\144\145\156 -\124\162\165\163\164\040\120\165\142\154\151\143\040\123\145\143 -\164\157\162\040\122\157\157\164\040\103\101\040\061\060\036\027 -\015\061\064\060\061\061\066\061\067\065\063\063\062\132\027\015 -\063\064\060\061\061\066\061\067\065\063\063\062\132\060\115\061 -\013\060\011\006\003\125\004\006\023\002\125\123\061\022\060\020 -\006\003\125\004\012\023\011\111\144\145\156\124\162\165\163\164 -\061\052\060\050\006\003\125\004\003\023\041\111\144\145\156\124 -\162\165\163\164\040\120\165\142\154\151\143\040\123\145\143\164 -\157\162\040\122\157\157\164\040\103\101\040\061\060\202\002\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\002\017\000\060\202\002\012\002\202\002\001\000\266\042\224 -\374\244\110\257\350\107\153\012\373\047\166\344\362\077\212\073 -\172\112\054\061\052\214\215\260\251\303\061\153\250\167\166\204 -\046\266\254\201\102\015\010\353\125\130\273\172\370\274\145\175 -\362\240\155\213\250\107\351\142\166\036\021\356\010\024\321\262 -\104\026\364\352\320\372\036\057\136\333\313\163\101\256\274\000 -\260\112\053\100\262\254\341\073\113\302\055\235\344\241\233\354 -\032\072\036\360\010\263\320\344\044\065\007\237\234\264\311\122 -\155\333\007\312\217\265\133\360\203\363\117\307\055\245\310\255 -\313\225\040\244\061\050\127\130\132\344\215\033\232\253\236\015 -\014\362\012\063\071\042\071\012\227\056\363\123\167\271\104\105 -\375\204\313\066\040\201\131\055\232\157\155\110\110\141\312\114 -\337\123\321\257\122\274\104\237\253\057\153\203\162\357\165\200 -\332\006\063\033\135\310\332\143\306\115\315\254\146\061\315\321 -\336\076\207\020\066\341\271\244\172\357\140\120\262\313\312\246 -\126\340\067\257\253\064\023\071\045\350\071\146\344\230\172\252 -\022\230\234\131\146\206\076\255\361\260\312\076\006\017\173\360 -\021\113\067\240\104\155\173\313\250\214\161\364\325\265\221\066 -\314\360\025\306\053\336\121\027\261\227\114\120\075\261\225\131 -\174\005\175\055\041\325\000\277\001\147\242\136\173\246\134\362 -\367\042\361\220\015\223\333\252\104\121\146\314\175\166\003\353 -\152\250\052\070\031\227\166\015\153\212\141\371\274\366\356\166 -\375\160\053\335\051\074\370\012\036\133\102\034\213\126\057\125 -\033\034\241\056\265\307\026\346\370\252\074\222\216\151\266\001 -\301\265\206\235\211\017\013\070\224\124\350\352\334\236\075\045 -\274\123\046\355\325\253\071\252\305\100\114\124\253\262\264\331 -\331\370\327\162\333\034\274\155\275\145\137\357\210\065\052\146 -\057\356\366\263\145\360\063\215\174\230\101\151\106\017\103\034 -\151\372\233\265\320\141\152\315\312\113\331\114\220\106\253\025 -\131\241\107\124\051\056\203\050\137\034\302\242\253\162\027\000 -\006\216\105\354\213\342\063\075\177\332\031\104\344\142\162\303 -\337\042\306\362\126\324\335\137\225\162\355\155\137\367\110\003 -\133\375\305\052\240\366\163\043\204\020\033\001\347\002\003\001 -\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026 -\004\024\343\161\340\236\330\247\102\331\333\161\221\153\224\223 -\353\303\243\321\024\243\060\015\006\011\052\206\110\206\367\015 -\001\001\013\005\000\003\202\002\001\000\107\372\335\012\260\021 -\221\070\255\115\135\367\345\016\227\124\031\202\110\207\124\214 -\252\144\231\330\132\376\210\001\305\130\245\231\261\043\124\043 -\267\152\035\040\127\345\001\142\101\027\323\011\333\165\313\156 -\124\220\165\376\032\237\201\012\302\335\327\367\011\320\133\162 -\025\344\036\011\152\075\063\363\041\232\346\025\176\255\121\325 -\015\020\355\175\102\300\217\356\300\232\010\325\101\326\134\016 -\041\151\156\200\141\016\025\300\270\317\305\111\022\122\314\276 -\072\314\324\056\070\005\336\065\375\037\157\270\200\150\230\075 -\115\240\312\100\145\322\163\174\365\213\331\012\225\077\330\077 -\043\155\032\321\052\044\031\331\205\263\027\357\170\156\251\130 -\321\043\323\307\023\355\162\045\177\135\261\163\160\320\177\006 -\227\011\204\051\200\141\035\372\136\377\163\254\240\343\211\270 -\034\161\025\306\336\061\177\022\334\341\155\233\257\347\350\237 -\165\170\114\253\106\073\232\316\277\005\030\135\115\025\074\026 -\232\031\120\004\232\262\232\157\145\213\122\137\074\130\004\050 -\045\300\146\141\061\176\271\340\165\271\032\250\201\326\162\027 -\263\305\003\061\065\021\170\170\242\340\351\060\214\177\200\337 -\130\337\074\272\047\226\342\200\064\155\343\230\323\144\047\254 -\110\176\050\167\134\306\045\141\045\370\205\014\145\372\304\062 -\057\245\230\005\344\370\013\147\026\026\306\202\270\062\031\371 -\371\271\171\334\037\315\353\257\253\016\335\033\333\105\344\172 -\347\002\342\225\135\374\151\360\123\151\141\225\165\171\013\136 -\125\346\070\034\224\251\131\063\236\310\161\164\171\177\121\211 -\266\310\152\270\060\310\152\070\303\156\236\341\067\026\352\005 -\142\114\133\022\107\355\247\264\263\130\126\307\111\363\177\022 -\150\011\061\161\360\155\370\116\107\373\326\205\356\305\130\100 -\031\244\035\247\371\113\103\067\334\150\132\117\317\353\302\144 -\164\336\264\025\331\364\124\124\032\057\034\327\227\161\124\220 -\216\331\040\235\123\053\177\253\217\342\352\060\274\120\067\357 -\361\107\265\175\174\054\004\354\150\235\264\111\104\020\364\162 -\113\034\144\347\374\346\153\220\335\151\175\151\375\000\126\245 -\267\254\266\255\267\312\076\001\357\234 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "IdenTrust Public Sector Root CA 1" -# Issuer: CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US -# Serial Number:0a:01:42:80:00:00:01:45:23:cf:46:7c:00:00:00:02 -# Subject: CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US -# Not Valid Before: Thu Jan 16 17:53:32 2014 -# Not Valid After : Mon Jan 16 17:53:32 2034 -# Fingerprint (SHA-256): 30:D0:89:5A:9A:44:8A:26:20:91:63:55:22:D1:F5:20:10:B5:86:7A:CA:E1:2C:78:EF:95:8F:D4:F4:38:9F:2F -# Fingerprint (SHA1): BA:29:41:60:77:98:3F:F4:F3:EF:F2:31:05:3B:2E:EA:6D:4D:45:FD -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "IdenTrust Public Sector Root CA 1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\272\051\101\140\167\230\077\364\363\357\362\061\005\073\056\352 -\155\115\105\375 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\067\006\245\260\374\211\235\272\364\153\214\032\144\315\325\272 -END -CKA_ISSUER MULTILINE_OCTAL -\060\115\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\022\060\020\006\003\125\004\012\023\011\111\144\145\156\124\162 -\165\163\164\061\052\060\050\006\003\125\004\003\023\041\111\144 -\145\156\124\162\165\163\164\040\120\165\142\154\151\143\040\123 -\145\143\164\157\162\040\122\157\157\164\040\103\101\040\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\012\001\102\200\000\000\001\105\043\317\106\174\000\000 -\000\002 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Entrust Root Certification Authority - G2" -# -# Issuer: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US -# Serial Number: 1246989352 (0x4a538c28) -# Subject: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US -# Not Valid Before: Tue Jul 07 17:25:54 2009 -# Not Valid After : Sat Dec 07 17:55:54 2030 -# Fingerprint (SHA-256): 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39 -# Fingerprint (SHA1): 8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Entrust Root Certification Authority - G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 -\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 -\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 -\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 -\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 -\040\062\060\060\071\040\105\156\164\162\165\163\164\054\040\111 -\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 -\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 -\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 -\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 -\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 -\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 -\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 -\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 -\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 -\040\062\060\060\071\040\105\156\164\162\165\163\164\054\040\111 -\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 -\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 -\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 -\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 -\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\112\123\214\050 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\076\060\202\003\046\240\003\002\001\002\002\004\112 -\123\214\050\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\060\201\276\061\013\060\011\006\003\125\004\006\023\002 -\125\123\061\026\060\024\006\003\125\004\012\023\015\105\156\164 -\162\165\163\164\054\040\111\156\143\056\061\050\060\046\006\003 -\125\004\013\023\037\123\145\145\040\167\167\167\056\145\156\164 -\162\165\163\164\056\156\145\164\057\154\145\147\141\154\055\164 -\145\162\155\163\061\071\060\067\006\003\125\004\013\023\060\050 -\143\051\040\062\060\060\071\040\105\156\164\162\165\163\164\054 -\040\111\156\143\056\040\055\040\146\157\162\040\141\165\164\150 -\157\162\151\172\145\144\040\165\163\145\040\157\156\154\171\061 -\062\060\060\006\003\125\004\003\023\051\105\156\164\162\165\163 -\164\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055 -\040\107\062\060\036\027\015\060\071\060\067\060\067\061\067\062 -\065\065\064\132\027\015\063\060\061\062\060\067\061\067\065\065 -\065\064\132\060\201\276\061\013\060\011\006\003\125\004\006\023 -\002\125\123\061\026\060\024\006\003\125\004\012\023\015\105\156 -\164\162\165\163\164\054\040\111\156\143\056\061\050\060\046\006 -\003\125\004\013\023\037\123\145\145\040\167\167\167\056\145\156 -\164\162\165\163\164\056\156\145\164\057\154\145\147\141\154\055 -\164\145\162\155\163\061\071\060\067\006\003\125\004\013\023\060 -\050\143\051\040\062\060\060\071\040\105\156\164\162\165\163\164 -\054\040\111\156\143\056\040\055\040\146\157\162\040\141\165\164 -\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154\171 -\061\062\060\060\006\003\125\004\003\023\051\105\156\164\162\165 -\163\164\040\122\157\157\164\040\103\145\162\164\151\146\151\143 -\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040 -\055\040\107\062\060\202\001\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012 -\002\202\001\001\000\272\204\266\162\333\236\014\153\342\231\351 -\060\001\247\166\352\062\270\225\101\032\311\332\141\116\130\162 -\317\376\366\202\171\277\163\141\006\012\245\047\330\263\137\323 -\105\116\034\162\326\116\062\362\162\212\017\367\203\031\320\152 -\200\200\000\105\036\260\307\347\232\277\022\127\047\034\243\150 -\057\012\207\275\152\153\016\136\145\363\034\167\325\324\205\215 -\160\041\264\263\062\347\213\242\325\206\071\002\261\270\322\107 -\316\344\311\111\304\073\247\336\373\124\175\127\276\360\350\156 -\302\171\262\072\013\125\342\120\230\026\062\023\134\057\170\126 -\301\302\224\263\362\132\344\047\232\237\044\327\306\354\320\233 -\045\202\343\314\302\304\105\305\214\227\172\006\153\052\021\237 -\251\012\156\110\073\157\333\324\021\031\102\367\217\007\277\365 -\123\137\234\076\364\027\054\346\151\254\116\062\114\142\167\352 -\267\350\345\273\064\274\031\213\256\234\121\347\267\176\265\123 -\261\063\042\345\155\317\160\074\032\372\342\233\147\266\203\364 -\215\245\257\142\114\115\340\130\254\144\064\022\003\370\266\215 -\224\143\044\244\161\002\003\001\000\001\243\102\060\100\060\016 -\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017 -\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\035\006\003\125\035\016\004\026\004\024\152\162\046\172\320\036 -\357\175\347\073\151\121\324\154\215\237\220\022\146\253\060\015 -\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202\001 -\001\000\171\237\035\226\306\266\171\077\042\215\207\323\207\003 -\004\140\152\153\232\056\131\211\163\021\254\103\321\365\023\377 -\215\071\053\300\362\275\117\160\214\251\057\352\027\304\013\124 -\236\324\033\226\230\063\074\250\255\142\242\000\166\253\131\151 -\156\006\035\176\304\271\104\215\230\257\022\324\141\333\012\031 -\106\107\363\353\367\143\301\100\005\100\245\322\267\364\265\232 -\066\277\251\210\166\210\004\125\004\053\234\207\177\032\067\074 -\176\055\245\032\330\324\211\136\312\275\254\075\154\330\155\257 -\325\363\166\017\315\073\210\070\042\235\154\223\232\304\075\277 -\202\033\145\077\246\017\135\252\374\345\262\025\312\265\255\306 -\274\075\320\204\350\352\006\162\260\115\071\062\170\277\076\021 -\234\013\244\235\232\041\363\360\233\013\060\170\333\301\334\207 -\103\376\274\143\232\312\305\302\034\311\307\215\377\073\022\130 -\010\346\266\075\354\172\054\116\373\203\226\316\014\074\151\207 -\124\163\244\163\302\223\377\121\020\254\025\124\001\330\374\005 -\261\211\241\177\164\203\232\111\327\334\116\173\212\110\157\213 -\105\366 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Entrust Root Certification Authority - G2" -# Issuer: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US -# Serial Number: 1246989352 (0x4a538c28) -# Subject: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US -# Not Valid Before: Tue Jul 07 17:25:54 2009 -# Not Valid After : Sat Dec 07 17:55:54 2030 -# Fingerprint (SHA-256): 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39 -# Fingerprint (SHA1): 8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Entrust Root Certification Authority - G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\214\364\047\375\171\014\072\321\146\006\215\350\036\127\357\273 -\223\042\162\324 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\113\342\311\221\226\145\014\364\016\132\223\222\240\012\376\262 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 -\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 -\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 -\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 -\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 -\040\062\060\060\071\040\105\156\164\162\165\163\164\054\040\111 -\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 -\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 -\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 -\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 -\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\112\123\214\050 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Entrust Root Certification Authority - EC1" -# -# Issuer: CN=Entrust Root Certification Authority - EC1,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US -# Serial Number:00:a6:8b:79:29:00:00:00:00:50:d0:91:f9 -# Subject: CN=Entrust Root Certification Authority - EC1,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US -# Not Valid Before: Tue Dec 18 15:25:36 2012 -# Not Valid After : Fri Dec 18 15:55:36 2037 -# Fingerprint (SHA-256): 02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5 -# Fingerprint (SHA1): 20:D8:06:40:DF:9B:25:F5:12:25:3A:11:EA:F7:59:8A:EB:14:B5:47 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Entrust Root Certification Authority - EC1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\277\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 -\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 -\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 -\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 -\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 -\040\062\060\061\062\040\105\156\164\162\165\163\164\054\040\111 -\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 -\151\172\145\144\040\165\163\145\040\157\156\154\171\061\063\060 -\061\006\003\125\004\003\023\052\105\156\164\162\165\163\164\040 -\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\105 -\103\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\277\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 -\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 -\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 -\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 -\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 -\040\062\060\061\062\040\105\156\164\162\165\163\164\054\040\111 -\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 -\151\172\145\144\040\165\163\145\040\157\156\154\171\061\063\060 -\061\006\003\125\004\003\023\052\105\156\164\162\165\163\164\040 -\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\105 -\103\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\015\000\246\213\171\051\000\000\000\000\120\320\221\371 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\371\060\202\002\200\240\003\002\001\002\002\015\000 -\246\213\171\051\000\000\000\000\120\320\221\371\060\012\006\010 -\052\206\110\316\075\004\003\003\060\201\277\061\013\060\011\006 -\003\125\004\006\023\002\125\123\061\026\060\024\006\003\125\004 -\012\023\015\105\156\164\162\165\163\164\054\040\111\156\143\056 -\061\050\060\046\006\003\125\004\013\023\037\123\145\145\040\167 -\167\167\056\145\156\164\162\165\163\164\056\156\145\164\057\154 -\145\147\141\154\055\164\145\162\155\163\061\071\060\067\006\003 -\125\004\013\023\060\050\143\051\040\062\060\061\062\040\105\156 -\164\162\165\163\164\054\040\111\156\143\056\040\055\040\146\157 -\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163\145 -\040\157\156\154\171\061\063\060\061\006\003\125\004\003\023\052 -\105\156\164\162\165\163\164\040\122\157\157\164\040\103\145\162 -\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171\040\055\040\105\103\061\060\036\027\015\061\062 -\061\062\061\070\061\065\062\065\063\066\132\027\015\063\067\061 -\062\061\070\061\065\065\065\063\066\132\060\201\277\061\013\060 -\011\006\003\125\004\006\023\002\125\123\061\026\060\024\006\003 -\125\004\012\023\015\105\156\164\162\165\163\164\054\040\111\156 -\143\056\061\050\060\046\006\003\125\004\013\023\037\123\145\145 -\040\167\167\167\056\145\156\164\162\165\163\164\056\156\145\164 -\057\154\145\147\141\154\055\164\145\162\155\163\061\071\060\067 -\006\003\125\004\013\023\060\050\143\051\040\062\060\061\062\040 -\105\156\164\162\165\163\164\054\040\111\156\143\056\040\055\040 -\146\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165 -\163\145\040\157\156\154\171\061\063\060\061\006\003\125\004\003 -\023\052\105\156\164\162\165\163\164\040\122\157\157\164\040\103 -\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164 -\150\157\162\151\164\171\040\055\040\105\103\061\060\166\060\020 -\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000\042 -\003\142\000\004\204\023\311\320\272\155\101\173\342\154\320\353 -\125\137\146\002\032\044\364\133\211\151\107\343\270\302\175\361 -\362\002\305\237\240\366\133\325\213\006\031\206\117\123\020\155 -\007\044\047\241\240\370\325\107\031\141\114\175\312\223\047\352 -\164\014\357\157\226\011\376\143\354\160\135\066\255\147\167\256 -\311\235\174\125\104\072\242\143\121\037\365\343\142\324\251\107 -\007\076\314\040\243\102\060\100\060\016\006\003\125\035\017\001 -\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023\001 -\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035\016 -\004\026\004\024\267\143\347\032\335\215\351\010\246\125\203\244 -\340\152\120\101\145\021\102\111\060\012\006\010\052\206\110\316 -\075\004\003\003\003\147\000\060\144\002\060\141\171\330\345\102 -\107\337\034\256\123\231\027\266\157\034\175\341\277\021\224\321 -\003\210\165\344\215\211\244\212\167\106\336\155\141\357\002\365 -\373\265\337\314\376\116\377\376\251\346\247\002\060\133\231\327 -\205\067\006\265\173\010\375\353\047\213\112\224\371\341\372\247 -\216\046\010\350\174\222\150\155\163\330\157\046\254\041\002\270 -\231\267\046\101\133\045\140\256\320\110\032\356\006 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Entrust Root Certification Authority - EC1" -# Issuer: CN=Entrust Root Certification Authority - EC1,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US -# Serial Number:00:a6:8b:79:29:00:00:00:00:50:d0:91:f9 -# Subject: CN=Entrust Root Certification Authority - EC1,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US -# Not Valid Before: Tue Dec 18 15:25:36 2012 -# Not Valid After : Fri Dec 18 15:55:36 2037 -# Fingerprint (SHA-256): 02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5 -# Fingerprint (SHA1): 20:D8:06:40:DF:9B:25:F5:12:25:3A:11:EA:F7:59:8A:EB:14:B5:47 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Entrust Root Certification Authority - EC1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\040\330\006\100\337\233\045\365\022\045\072\021\352\367\131\212 -\353\024\265\107 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\266\176\035\360\130\305\111\154\044\073\075\355\230\030\355\274 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\277\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 -\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 -\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 -\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 -\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 -\040\062\060\061\062\040\105\156\164\162\165\163\164\054\040\111 -\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 -\151\172\145\144\040\165\163\145\040\157\156\154\171\061\063\060 -\061\006\003\125\004\003\023\052\105\156\164\162\165\163\164\040 -\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\105 -\103\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\015\000\246\213\171\051\000\000\000\000\120\320\221\371 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "CFCA EV ROOT" -# -# Issuer: CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN -# Serial Number: 407555286 (0x184accd6) -# Subject: CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN -# Not Valid Before: Wed Aug 08 03:07:01 2012 -# Not Valid After : Mon Dec 31 03:07:01 2029 -# Fingerprint (SHA-256): 5C:C3:D7:8E:4E:1D:5E:45:54:7A:04:E6:87:3E:64:F9:0C:F9:53:6D:1C:CC:2E:F8:00:F3:55:C4:C5:FD:70:FD -# Fingerprint (SHA1): E2:B8:29:4B:55:84:AB:6B:58:C2:90:46:6C:AC:3F:B8:39:8F:84:83 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "CFCA EV ROOT" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\126\061\013\060\011\006\003\125\004\006\023\002\103\116\061 -\060\060\056\006\003\125\004\012\014\047\103\150\151\156\141\040 -\106\151\156\141\156\143\151\141\154\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171\061\025\060\023\006\003\125\004\003\014\014\103\106\103\101 -\040\105\126\040\122\117\117\124 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\126\061\013\060\011\006\003\125\004\006\023\002\103\116\061 -\060\060\056\006\003\125\004\012\014\047\103\150\151\156\141\040 -\106\151\156\141\156\143\151\141\154\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171\061\025\060\023\006\003\125\004\003\014\014\103\106\103\101 -\040\105\126\040\122\117\117\124 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\030\112\314\326 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\215\060\202\003\165\240\003\002\001\002\002\004\030 -\112\314\326\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\060\126\061\013\060\011\006\003\125\004\006\023\002\103 -\116\061\060\060\056\006\003\125\004\012\014\047\103\150\151\156 -\141\040\106\151\156\141\156\143\151\141\154\040\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 -\151\164\171\061\025\060\023\006\003\125\004\003\014\014\103\106 -\103\101\040\105\126\040\122\117\117\124\060\036\027\015\061\062 -\060\070\060\070\060\063\060\067\060\061\132\027\015\062\071\061 -\062\063\061\060\063\060\067\060\061\132\060\126\061\013\060\011 -\006\003\125\004\006\023\002\103\116\061\060\060\056\006\003\125 -\004\012\014\047\103\150\151\156\141\040\106\151\156\141\156\143 -\151\141\154\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171\061\025\060\023\006 -\003\125\004\003\014\014\103\106\103\101\040\105\126\040\122\117 -\117\124\060\202\002\042\060\015\006\011\052\206\110\206\367\015 -\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202 -\002\001\000\327\135\153\315\020\077\037\005\131\325\005\115\067 -\261\016\354\230\053\216\025\035\372\223\113\027\202\041\161\020 -\122\327\121\144\160\026\302\125\151\115\216\025\155\237\277\014 -\033\302\340\243\147\326\014\254\317\042\256\257\167\124\052\113 -\114\212\123\122\172\303\356\056\336\263\161\045\301\351\135\075 -\356\241\057\243\367\052\074\311\043\035\152\253\035\241\247\361 -\363\354\240\325\104\317\025\317\162\057\035\143\227\350\231\371 -\375\223\244\124\200\114\122\324\122\253\056\111\337\220\315\270 -\137\276\077\336\241\312\115\040\324\045\350\204\051\123\267\261 -\210\037\377\372\332\220\237\012\251\055\101\077\261\361\030\051 -\356\026\131\054\064\111\032\250\006\327\250\210\322\003\162\172 -\062\342\352\150\115\156\054\226\145\173\312\131\372\362\342\335 -\356\060\054\373\314\106\254\304\143\353\157\177\066\053\064\163 -\022\224\177\337\314\046\236\361\162\135\120\145\131\217\151\263 -\207\136\062\157\303\030\212\265\225\217\260\172\067\336\132\105 -\073\307\066\341\357\147\321\071\323\227\133\163\142\031\110\055 -\207\034\006\373\164\230\040\111\163\360\005\322\033\261\240\243 -\267\033\160\323\210\151\271\132\326\070\364\142\334\045\213\170 -\277\370\350\176\270\134\311\225\117\137\247\055\271\040\153\317 -\153\335\365\015\364\202\267\364\262\146\056\020\050\366\227\132 -\173\226\026\217\001\031\055\154\156\177\071\130\006\144\203\001 -\203\203\303\115\222\335\062\306\207\244\067\351\026\316\252\055 -\150\257\012\201\145\072\160\301\233\255\115\155\124\312\052\055 -\113\205\033\263\200\346\160\105\015\153\136\065\360\177\073\270 -\234\344\004\160\211\022\045\223\332\012\231\042\140\152\143\140 -\116\166\006\230\116\275\203\255\035\130\212\045\205\322\307\145 -\036\055\216\306\337\266\306\341\177\212\004\041\025\051\164\360 -\076\234\220\235\014\056\361\212\076\132\252\014\011\036\307\325 -\074\243\355\227\303\036\064\372\070\371\010\016\343\300\135\053 -\203\321\126\152\311\266\250\124\123\056\170\062\147\075\202\177 -\164\320\373\341\266\005\140\271\160\333\216\013\371\023\130\157 -\161\140\020\122\020\271\301\101\011\357\162\037\147\061\170\377 -\226\005\215\002\003\001\000\001\243\143\060\141\060\037\006\003 -\125\035\043\004\030\060\026\200\024\343\376\055\375\050\320\013 -\265\272\266\242\304\277\006\252\005\214\223\373\057\060\017\006 -\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016 -\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035 -\006\003\125\035\016\004\026\004\024\343\376\055\375\050\320\013 -\265\272\266\242\304\277\006\252\005\214\223\373\057\060\015\006 -\011\052\206\110\206\367\015\001\001\013\005\000\003\202\002\001 -\000\045\306\272\153\353\207\313\336\202\071\226\075\360\104\247 -\153\204\163\003\336\235\053\117\272\040\177\274\170\262\317\227 -\260\033\234\363\327\171\056\365\110\266\322\373\027\210\346\323 -\172\077\355\123\023\320\342\057\152\171\313\000\043\050\346\036 -\067\127\065\211\204\302\166\117\064\066\255\147\303\316\101\006 -\210\305\367\356\330\032\270\326\013\177\120\377\223\252\027\113 -\214\354\355\122\140\262\244\006\352\116\353\364\153\031\375\353 -\365\032\340\045\052\232\334\307\101\066\367\310\164\005\204\071 -\225\071\326\013\073\244\047\372\010\330\134\036\370\004\140\122 -\021\050\050\003\377\357\123\146\000\245\112\064\026\146\174\375 -\011\244\256\236\147\032\157\101\013\153\006\023\233\217\206\161 -\005\264\057\215\211\146\063\051\166\124\232\021\370\047\372\262 -\077\221\340\316\015\033\363\060\032\255\277\042\135\033\323\277 -\045\005\115\341\222\032\177\231\237\074\104\223\312\324\100\111 -\154\200\207\327\004\072\303\062\122\065\016\126\370\245\335\175 -\304\213\015\021\037\123\313\036\262\027\266\150\167\132\340\324 -\313\310\007\256\365\072\056\216\067\267\320\001\113\103\051\167 -\214\071\227\217\202\132\370\121\345\211\240\030\347\150\177\135 -\012\056\373\243\107\016\075\246\043\172\306\001\307\217\310\136 -\277\155\200\126\276\212\044\272\063\352\237\341\062\021\236\361 -\322\117\200\366\033\100\257\070\236\021\120\171\163\022\022\315 -\346\154\235\054\210\162\074\060\201\006\221\042\352\131\255\332 -\031\056\042\302\215\271\214\207\340\146\274\163\043\137\041\144 -\143\200\110\365\240\074\030\075\224\310\110\101\035\100\272\136 -\376\376\126\071\241\310\317\136\236\031\144\106\020\332\027\221 -\267\005\200\254\213\231\222\175\347\242\330\007\013\066\047\347 -\110\171\140\212\303\327\023\134\370\162\100\337\112\313\317\231 -\000\012\000\013\021\225\332\126\105\003\210\012\237\147\320\325 -\171\261\250\215\100\155\015\302\172\100\372\363\137\144\107\222 -\313\123\271\273\131\316\117\375\320\025\123\001\330\337\353\331 -\346\166\357\320\043\273\073\251\171\263\325\002\051\315\211\243 -\226\017\112\065\347\116\102\300\165\315\007\317\346\054\353\173 -\056 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "CFCA EV ROOT" -# Issuer: CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN -# Serial Number: 407555286 (0x184accd6) -# Subject: CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN -# Not Valid Before: Wed Aug 08 03:07:01 2012 -# Not Valid After : Mon Dec 31 03:07:01 2029 -# Fingerprint (SHA-256): 5C:C3:D7:8E:4E:1D:5E:45:54:7A:04:E6:87:3E:64:F9:0C:F9:53:6D:1C:CC:2E:F8:00:F3:55:C4:C5:FD:70:FD -# Fingerprint (SHA1): E2:B8:29:4B:55:84:AB:6B:58:C2:90:46:6C:AC:3F:B8:39:8F:84:83 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "CFCA EV ROOT" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\342\270\051\113\125\204\253\153\130\302\220\106\154\254\077\270 -\071\217\204\203 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\164\341\266\355\046\172\172\104\060\063\224\253\173\047\201\060 -END -CKA_ISSUER MULTILINE_OCTAL -\060\126\061\013\060\011\006\003\125\004\006\023\002\103\116\061 -\060\060\056\006\003\125\004\012\014\047\103\150\151\156\141\040 -\106\151\156\141\156\143\151\141\154\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171\061\025\060\023\006\003\125\004\003\014\014\103\106\103\101 -\040\105\126\040\122\117\117\124 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\030\112\314\326 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "OISTE WISeKey Global Root GB CA" -# -# Issuer: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH -# Serial Number:76:b1:20:52:74:f0:85:87:46:b3:f8:23:1a:f6:c2:c0 -# Subject: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH -# Not Valid Before: Mon Dec 01 15:00:32 2014 -# Not Valid After : Thu Dec 01 15:10:31 2039 -# Fingerprint (SHA-256): 6B:9C:08:E8:6E:B0:F7:67:CF:AD:65:CD:98:B6:21:49:E5:49:4A:67:F5:84:5E:7B:D1:ED:01:9F:27:B8:6B:D6 -# Fingerprint (SHA1): 0F:F9:40:76:18:D3:D7:6A:4B:98:F0:A8:35:9E:0C:FD:27:AC:CC:ED -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OISTE WISeKey Global Root GB CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061 -\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145 -\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124 -\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144 -\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037 -\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154 -\157\142\141\154\040\122\157\157\164\040\107\102\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061 -\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145 -\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124 -\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144 -\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037 -\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154 -\157\142\141\154\040\122\157\157\164\040\107\102\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\166\261\040\122\164\360\205\207\106\263\370\043\032\366 -\302\300 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\265\060\202\002\235\240\003\002\001\002\002\020\166 -\261\040\122\164\360\205\207\106\263\370\043\032\366\302\300\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\155 -\061\013\060\011\006\003\125\004\006\023\002\103\110\061\020\060 -\016\006\003\125\004\012\023\007\127\111\123\145\113\145\171\061 -\042\060\040\006\003\125\004\013\023\031\117\111\123\124\105\040 -\106\157\165\156\144\141\164\151\157\156\040\105\156\144\157\162 -\163\145\144\061\050\060\046\006\003\125\004\003\023\037\117\111 -\123\124\105\040\127\111\123\145\113\145\171\040\107\154\157\142 -\141\154\040\122\157\157\164\040\107\102\040\103\101\060\036\027 -\015\061\064\061\062\060\061\061\065\060\060\063\062\132\027\015 -\063\071\061\062\060\061\061\065\061\060\063\061\132\060\155\061 -\013\060\011\006\003\125\004\006\023\002\103\110\061\020\060\016 -\006\003\125\004\012\023\007\127\111\123\145\113\145\171\061\042 -\060\040\006\003\125\004\013\023\031\117\111\123\124\105\040\106 -\157\165\156\144\141\164\151\157\156\040\105\156\144\157\162\163 -\145\144\061\050\060\046\006\003\125\004\003\023\037\117\111\123 -\124\105\040\127\111\123\145\113\145\171\040\107\154\157\142\141 -\154\040\122\157\157\164\040\107\102\040\103\101\060\202\001\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\001\017\000\060\202\001\012\002\202\001\001\000\330\027\267 -\034\112\044\052\326\227\261\312\342\036\373\175\070\357\230\365 -\262\071\230\116\047\270\021\135\173\322\045\224\210\202\025\046 -\152\033\061\273\250\133\041\041\053\330\017\116\237\132\361\261 -\132\344\171\326\062\043\053\341\123\314\231\105\134\173\117\255 -\274\277\207\112\013\113\227\132\250\366\110\354\175\173\015\315 -\041\006\337\236\025\375\101\212\110\267\040\364\241\172\033\127 -\324\135\120\377\272\147\330\043\231\037\310\077\343\336\377\157 -\133\167\261\153\156\270\311\144\367\341\312\101\106\016\051\161 -\320\271\043\374\311\201\137\116\367\157\337\277\204\255\163\144 -\273\267\102\216\151\366\324\166\035\176\235\247\270\127\212\121 -\147\162\327\324\250\270\225\124\100\163\003\366\352\364\353\376 -\050\102\167\077\235\043\033\262\266\075\200\024\007\114\056\117 -\367\325\012\026\015\275\146\103\067\176\043\103\171\303\100\206 -\365\114\051\332\216\232\255\015\245\004\207\210\036\205\343\351 -\123\325\233\310\213\003\143\170\353\340\031\112\156\273\057\153 -\063\144\130\223\255\151\277\217\033\357\202\110\307\002\003\001 -\000\001\243\121\060\117\060\013\006\003\125\035\017\004\004\003 -\002\001\206\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024\065 -\017\310\066\143\136\342\243\354\371\073\146\025\316\121\122\343 -\221\232\075\060\020\006\011\053\006\001\004\001\202\067\025\001 -\004\003\002\001\000\060\015\006\011\052\206\110\206\367\015\001 -\001\013\005\000\003\202\001\001\000\100\114\373\207\262\231\201 -\220\176\235\305\260\260\046\315\210\173\053\062\215\156\270\041 -\161\130\227\175\256\067\024\257\076\347\367\232\342\175\366\161 -\230\231\004\252\103\164\170\243\343\111\141\076\163\214\115\224 -\340\371\161\304\266\026\016\123\170\037\326\242\207\057\002\071 -\201\051\074\257\025\230\041\060\376\050\220\000\214\321\341\313 -\372\136\310\375\370\020\106\073\242\170\102\221\027\164\125\012 -\336\120\147\115\146\321\247\377\375\331\300\265\250\243\212\316 -\146\365\017\103\315\247\053\127\173\143\106\152\252\056\122\330 -\364\355\341\155\255\051\220\170\110\272\341\043\252\243\211\354 -\265\253\226\300\264\113\242\035\227\236\172\362\156\100\161\337 -\150\361\145\115\316\174\005\337\123\145\251\245\360\261\227\004 -\160\025\106\003\230\324\322\277\124\264\240\130\175\122\157\332 -\126\046\142\324\330\333\211\061\157\034\360\042\302\323\142\034 -\065\315\114\151\025\124\032\220\230\336\353\036\137\312\167\307 -\313\216\075\103\151\234\232\130\320\044\073\337\033\100\226\176 -\065\255\201\307\116\161\272\210\023 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "OISTE WISeKey Global Root GB CA" -# Issuer: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH -# Serial Number:76:b1:20:52:74:f0:85:87:46:b3:f8:23:1a:f6:c2:c0 -# Subject: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH -# Not Valid Before: Mon Dec 01 15:00:32 2014 -# Not Valid After : Thu Dec 01 15:10:31 2039 -# Fingerprint (SHA-256): 6B:9C:08:E8:6E:B0:F7:67:CF:AD:65:CD:98:B6:21:49:E5:49:4A:67:F5:84:5E:7B:D1:ED:01:9F:27:B8:6B:D6 -# Fingerprint (SHA1): 0F:F9:40:76:18:D3:D7:6A:4B:98:F0:A8:35:9E:0C:FD:27:AC:CC:ED -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OISTE WISeKey Global Root GB CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\017\371\100\166\030\323\327\152\113\230\360\250\065\236\014\375 -\047\254\314\355 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\244\353\271\141\050\056\267\057\230\260\065\046\220\231\121\035 -END -CKA_ISSUER MULTILINE_OCTAL -\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061 -\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145 -\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124 -\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144 -\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037 -\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154 -\157\142\141\154\040\122\157\157\164\040\107\102\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\166\261\040\122\164\360\205\207\106\263\370\043\032\366 -\302\300 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "SZAFIR ROOT CA2" -# -# Issuer: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL -# Serial Number:3e:8a:5d:07:ec:55:d2:32:d5:b7:e3:b6:5f:01:eb:2d:dc:e4:d6:e4 -# Subject: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL -# Not Valid Before: Mon Oct 19 07:43:30 2015 -# Not Valid After : Fri Oct 19 07:43:30 2035 -# Fingerprint (SHA-256): A1:33:9D:33:28:1A:0B:56:E5:57:D3:D3:2B:1C:E7:F9:36:7E:B0:94:BD:5F:A7:2A:7E:50:04:C8:DE:D7:CA:FE -# Fingerprint (SHA1): E2:52:FA:95:3F:ED:DB:24:60:BD:6E:28:F3:9C:CC:CF:5E:B3:3F:DE -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SZAFIR ROOT CA2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\121\061\013\060\011\006\003\125\004\006\023\002\120\114\061 -\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167 -\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156 -\151\157\167\141\040\123\056\101\056\061\030\060\026\006\003\125 -\004\003\014\017\123\132\101\106\111\122\040\122\117\117\124\040 -\103\101\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\121\061\013\060\011\006\003\125\004\006\023\002\120\114\061 -\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167 -\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156 -\151\157\167\141\040\123\056\101\056\061\030\060\026\006\003\125 -\004\003\014\017\123\132\101\106\111\122\040\122\117\117\124\040 -\103\101\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\024\076\212\135\007\354\125\322\062\325\267\343\266\137\001 -\353\055\334\344\326\344 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\162\060\202\002\132\240\003\002\001\002\002\024\076 -\212\135\007\354\125\322\062\325\267\343\266\137\001\353\055\334 -\344\326\344\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\060\121\061\013\060\011\006\003\125\004\006\023\002\120 -\114\061\050\060\046\006\003\125\004\012\014\037\113\162\141\152 -\157\167\141\040\111\172\142\141\040\122\157\172\154\151\143\172 -\145\156\151\157\167\141\040\123\056\101\056\061\030\060\026\006 -\003\125\004\003\014\017\123\132\101\106\111\122\040\122\117\117 -\124\040\103\101\062\060\036\027\015\061\065\061\060\061\071\060 -\067\064\063\063\060\132\027\015\063\065\061\060\061\071\060\067 -\064\063\063\060\132\060\121\061\013\060\011\006\003\125\004\006 -\023\002\120\114\061\050\060\046\006\003\125\004\012\014\037\113 -\162\141\152\157\167\141\040\111\172\142\141\040\122\157\172\154 -\151\143\172\145\156\151\157\167\141\040\123\056\101\056\061\030 -\060\026\006\003\125\004\003\014\017\123\132\101\106\111\122\040 -\122\117\117\124\040\103\101\062\060\202\001\042\060\015\006\011 -\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000 -\060\202\001\012\002\202\001\001\000\267\274\076\120\250\113\315 -\100\265\316\141\347\226\312\264\241\332\014\042\260\372\265\173 -\166\000\167\214\013\317\175\250\206\314\046\121\344\040\075\205 -\014\326\130\343\347\364\052\030\235\332\321\256\046\356\353\123 -\334\364\220\326\023\112\014\220\074\303\364\332\322\216\015\222 -\072\334\261\261\377\070\336\303\272\055\137\200\271\002\275\112 -\235\033\017\264\303\302\301\147\003\335\334\033\234\075\263\260 -\336\000\036\250\064\107\273\232\353\376\013\024\275\066\204\332 -\015\040\277\372\133\313\251\026\040\255\071\140\356\057\165\266 -\347\227\234\371\076\375\176\115\157\115\057\357\210\015\152\372 -\335\361\075\156\040\245\240\022\264\115\160\271\316\327\162\073 -\211\223\247\200\204\034\047\111\162\111\265\377\073\225\236\301 -\314\310\001\354\350\016\212\012\226\347\263\246\207\345\326\371 -\005\053\015\227\100\160\074\272\254\165\132\234\325\115\235\002 -\012\322\113\233\146\113\106\007\027\145\255\237\154\210\000\334 -\042\211\340\341\144\324\147\274\061\171\141\074\273\312\101\315 -\134\152\000\310\074\070\216\130\257\002\003\001\000\001\243\102 -\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 -\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003 -\002\001\006\060\035\006\003\125\035\016\004\026\004\024\056\026 -\251\112\030\265\313\314\365\157\120\363\043\137\370\135\347\254 -\360\310\060\015\006\011\052\206\110\206\367\015\001\001\013\005 -\000\003\202\001\001\000\265\163\370\003\334\131\133\035\166\351 -\243\052\173\220\050\262\115\300\063\117\252\232\261\324\270\344 -\047\377\251\226\231\316\106\340\155\174\114\242\070\244\006\160 -\360\364\101\021\354\077\107\215\077\162\207\371\073\375\244\157 -\053\123\000\340\377\071\271\152\007\016\353\035\034\366\242\162 -\220\313\202\075\021\202\213\322\273\237\052\257\041\346\143\206 -\235\171\031\357\367\273\014\065\220\303\212\355\117\017\365\314 -\022\331\244\076\273\240\374\040\225\137\117\046\057\021\043\203 -\116\165\007\017\277\233\321\264\035\351\020\004\376\312\140\217 -\242\114\270\255\317\341\220\017\315\256\012\307\135\173\267\120 -\322\324\141\372\325\025\333\327\237\207\121\124\353\245\343\353 -\311\205\240\045\040\067\373\216\316\014\064\204\341\074\201\262 -\167\116\103\245\210\137\206\147\241\075\346\264\134\141\266\076 -\333\376\267\050\305\242\007\256\265\312\312\215\052\022\357\227 -\355\302\060\244\311\052\172\373\363\115\043\033\231\063\064\240 -\056\365\251\013\077\324\135\341\317\204\237\342\031\302\137\212 -\326\040\036\343\163\267 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "SZAFIR ROOT CA2" -# Issuer: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL -# Serial Number:3e:8a:5d:07:ec:55:d2:32:d5:b7:e3:b6:5f:01:eb:2d:dc:e4:d6:e4 -# Subject: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL -# Not Valid Before: Mon Oct 19 07:43:30 2015 -# Not Valid After : Fri Oct 19 07:43:30 2035 -# Fingerprint (SHA-256): A1:33:9D:33:28:1A:0B:56:E5:57:D3:D3:2B:1C:E7:F9:36:7E:B0:94:BD:5F:A7:2A:7E:50:04:C8:DE:D7:CA:FE -# Fingerprint (SHA1): E2:52:FA:95:3F:ED:DB:24:60:BD:6E:28:F3:9C:CC:CF:5E:B3:3F:DE -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SZAFIR ROOT CA2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\342\122\372\225\077\355\333\044\140\275\156\050\363\234\314\317 -\136\263\077\336 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\021\144\301\211\260\044\261\214\261\007\176\211\236\121\236\231 -END -CKA_ISSUER MULTILINE_OCTAL -\060\121\061\013\060\011\006\003\125\004\006\023\002\120\114\061 -\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167 -\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156 -\151\157\167\141\040\123\056\101\056\061\030\060\026\006\003\125 -\004\003\014\017\123\132\101\106\111\122\040\122\117\117\124\040 -\103\101\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\024\076\212\135\007\354\125\322\062\325\267\343\266\137\001 -\353\055\334\344\326\344 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Certum Trusted Network CA 2" -# -# Issuer: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL -# Serial Number:21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9 -# Subject: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL -# Not Valid Before: Thu Oct 06 08:39:56 2011 -# Not Valid After : Sat Oct 06 08:39:56 2046 -# Fingerprint (SHA-256): B6:76:F2:ED:DA:E8:77:5C:D3:6C:B0:F6:3C:D1:D4:60:39:61:F4:9E:62:65:BA:01:3A:2F:03:07:B6:D0:B8:04 -# Fingerprint (SHA1): D3:DD:48:3E:2B:BF:4C:05:E8:AF:10:F5:FA:76:26:CF:D3:DC:30:92 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certum Trusted Network CA 2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\200\061\013\060\011\006\003\125\004\006\023\002\120\114 -\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145 -\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040 -\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103 -\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\061\044\060 -\042\006\003\125\004\003\023\033\103\145\162\164\165\155\040\124 -\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103 -\101\040\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\200\061\013\060\011\006\003\125\004\006\023\002\120\114 -\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145 -\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040 -\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103 -\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\061\044\060 -\042\006\003\125\004\003\023\033\103\145\162\164\165\155\040\124 -\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103 -\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\041\326\320\112\117\045\017\311\062\067\374\252\136\022 -\215\351 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\322\060\202\003\272\240\003\002\001\002\002\020\041 -\326\320\112\117\045\017\311\062\067\374\252\136\022\215\351\060 -\015\006\011\052\206\110\206\367\015\001\001\015\005\000\060\201 -\200\061\013\060\011\006\003\125\004\006\023\002\120\114\061\042 -\060\040\006\003\125\004\012\023\031\125\156\151\172\145\164\157 -\040\124\145\143\150\156\157\154\157\147\151\145\163\040\123\056 -\101\056\061\047\060\045\006\003\125\004\013\023\036\103\145\162 -\164\165\155\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171\061\044\060\042\006 -\003\125\004\003\023\033\103\145\162\164\165\155\040\124\162\165 -\163\164\145\144\040\116\145\164\167\157\162\153\040\103\101\040 -\062\060\042\030\017\062\060\061\061\061\060\060\066\060\070\063 -\071\065\066\132\030\017\062\060\064\066\061\060\060\066\060\070 -\063\071\065\066\132\060\201\200\061\013\060\011\006\003\125\004 -\006\023\002\120\114\061\042\060\040\006\003\125\004\012\023\031 -\125\156\151\172\145\164\157\040\124\145\143\150\156\157\154\157 -\147\151\145\163\040\123\056\101\056\061\047\060\045\006\003\125 -\004\013\023\036\103\145\162\164\165\155\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\061\044\060\042\006\003\125\004\003\023\033\103\145\162 -\164\165\155\040\124\162\165\163\164\145\144\040\116\145\164\167 -\157\162\153\040\103\101\040\062\060\202\002\042\060\015\006\011 -\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000 -\060\202\002\012\002\202\002\001\000\275\371\170\370\346\325\200 -\014\144\235\206\033\226\144\147\077\042\072\036\165\001\175\357 -\373\134\147\214\311\314\134\153\251\221\346\271\102\345\040\113 -\233\332\233\173\271\231\135\331\233\200\113\327\204\100\053\047 -\323\350\272\060\273\076\011\032\247\111\225\357\053\100\044\302 -\227\307\247\356\233\045\357\250\012\000\227\205\132\252\235\334 -\051\311\342\065\007\353\160\115\112\326\301\263\126\270\241\101 -\070\233\321\373\061\177\217\340\137\341\261\077\017\216\026\111 -\140\327\006\215\030\371\252\046\020\253\052\323\320\321\147\215 -\033\106\276\107\060\325\056\162\321\305\143\332\347\143\171\104 -\176\113\143\044\211\206\056\064\077\051\114\122\213\052\247\300 -\342\221\050\211\271\300\133\371\035\331\347\047\255\377\232\002 -\227\301\306\120\222\233\002\054\275\251\271\064\131\012\277\204 -\112\377\337\376\263\237\353\331\236\340\230\043\354\246\153\167 -\026\052\333\314\255\073\034\244\207\334\106\163\136\031\142\150 -\105\127\344\220\202\102\273\102\326\360\141\340\301\243\075\146 -\243\135\364\030\356\210\311\215\027\105\051\231\062\165\002\061 -\356\051\046\310\153\002\346\265\142\105\177\067\025\132\043\150 -\211\324\076\336\116\047\260\360\100\014\274\115\027\313\115\242 -\263\036\320\006\132\335\366\223\317\127\165\231\365\372\206\032 -\147\170\263\277\226\376\064\334\275\347\122\126\345\263\345\165 -\173\327\101\221\005\334\135\151\343\225\015\103\271\374\203\226 -\071\225\173\154\200\132\117\023\162\306\327\175\051\172\104\272 -\122\244\052\325\101\106\011\040\376\042\240\266\133\060\215\274 -\211\014\325\327\160\370\207\122\375\332\357\254\121\056\007\263 -\116\376\320\011\332\160\357\230\372\126\346\155\333\265\127\113 -\334\345\054\045\025\310\236\056\170\116\370\332\234\236\206\054 -\312\127\363\032\345\310\222\213\032\202\226\172\303\274\120\022 -\151\330\016\132\106\213\072\353\046\372\043\311\266\260\201\276 -\102\000\244\370\326\376\060\056\307\322\106\366\345\216\165\375 -\362\314\271\320\207\133\314\006\020\140\273\203\065\267\136\147 -\336\107\354\231\110\361\244\241\025\376\255\214\142\216\071\125 -\117\071\026\271\261\143\235\377\267\002\003\001\000\001\243\102 -\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 -\001\001\377\060\035\006\003\125\035\016\004\026\004\024\266\241 -\124\071\002\303\240\077\216\212\274\372\324\370\034\246\321\072 -\016\375\060\016\006\003\125\035\017\001\001\377\004\004\003\002 -\001\006\060\015\006\011\052\206\110\206\367\015\001\001\015\005 -\000\003\202\002\001\000\161\245\016\316\344\351\277\077\070\325 -\211\132\304\002\141\373\114\305\024\027\055\213\117\123\153\020 -\027\374\145\204\307\020\111\220\336\333\307\046\223\210\046\157 -\160\326\002\136\071\240\367\217\253\226\265\245\023\134\201\024 -\155\016\201\202\021\033\212\116\306\117\245\335\142\036\104\337 -\011\131\364\133\167\013\067\351\213\040\306\370\012\116\056\130 -\034\353\063\320\317\206\140\311\332\373\200\057\236\114\140\204 -\170\075\041\144\326\373\101\037\030\017\347\311\165\161\275\275 -\134\336\064\207\076\101\260\016\366\271\326\077\011\023\226\024 -\057\336\232\035\132\271\126\316\065\072\260\137\160\115\136\343 -\051\361\043\050\162\131\266\253\302\214\146\046\034\167\054\046 -\166\065\213\050\247\151\240\371\073\365\043\335\205\020\164\311 -\220\003\126\221\347\257\272\107\324\022\227\021\042\343\242\111 -\224\154\347\267\224\113\272\055\244\332\063\213\114\246\104\377 -\132\074\306\035\144\330\265\061\344\246\074\172\250\127\013\333 -\355\141\032\313\361\316\163\167\143\244\207\157\114\121\070\326 -\344\137\307\237\266\201\052\344\205\110\171\130\136\073\370\333 -\002\202\147\301\071\333\303\164\113\075\066\036\371\051\223\210 -\150\133\250\104\031\041\360\247\350\201\015\054\350\223\066\264 -\067\262\312\260\033\046\172\232\045\037\232\232\200\236\113\052 -\077\373\243\232\376\163\062\161\302\236\306\162\341\212\150\047 -\361\344\017\264\304\114\245\141\223\370\227\020\007\052\060\045 -\251\271\310\161\270\357\150\314\055\176\365\340\176\017\202\250 -\157\266\272\154\203\103\167\315\212\222\027\241\236\133\170\026 -\075\105\342\063\162\335\341\146\312\231\323\311\305\046\375\015 -\150\004\106\256\266\331\233\214\276\031\276\261\306\362\031\343 -\134\002\312\054\330\157\112\007\331\311\065\332\100\165\362\304 -\247\031\157\236\102\020\230\165\346\225\213\140\274\355\305\022 -\327\212\316\325\230\134\126\226\003\305\356\167\006\065\377\317 -\344\356\077\023\141\356\333\332\055\205\360\315\256\235\262\030 -\011\105\303\222\241\162\027\374\107\266\240\013\054\361\304\336 -\103\150\010\152\137\073\360\166\143\373\314\006\054\246\306\342 -\016\265\271\276\044\217 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Certum Trusted Network CA 2" -# Issuer: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL -# Serial Number:21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9 -# Subject: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL -# Not Valid Before: Thu Oct 06 08:39:56 2011 -# Not Valid After : Sat Oct 06 08:39:56 2046 -# Fingerprint (SHA-256): B6:76:F2:ED:DA:E8:77:5C:D3:6C:B0:F6:3C:D1:D4:60:39:61:F4:9E:62:65:BA:01:3A:2F:03:07:B6:D0:B8:04 -# Fingerprint (SHA1): D3:DD:48:3E:2B:BF:4C:05:E8:AF:10:F5:FA:76:26:CF:D3:DC:30:92 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certum Trusted Network CA 2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\323\335\110\076\053\277\114\005\350\257\020\365\372\166\046\317 -\323\334\060\222 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\155\106\236\331\045\155\010\043\133\136\164\175\036\047\333\362 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\200\061\013\060\011\006\003\125\004\006\023\002\120\114 -\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145 -\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040 -\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103 -\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\061\044\060 -\042\006\003\125\004\003\023\033\103\145\162\164\165\155\040\124 -\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103 -\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\041\326\320\112\117\045\017\311\062\067\374\252\136\022 -\215\351 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Hellenic Academic and Research Institutions RootCA 2015" -# -# Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR -# Serial Number: 0 (0x0) -# Subject: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR -# Not Valid Before: Tue Jul 07 10:11:21 2015 -# Not Valid After : Sat Jun 30 10:11:21 2040 -# Fingerprint (SHA-256): A0:40:92:9A:02:CE:53:B4:AC:F4:F2:FF:C6:98:1C:E4:49:6F:75:5E:6D:45:FE:0B:2A:69:2B:CD:52:52:3F:36 -# Fingerprint (SHA1): 01:0C:06:95:A6:98:19:14:FF:BF:5F:C6:B0:B6:95:EA:29:E9:12:A6 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Hellenic Academic and Research Institutions RootCA 2015" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122 -\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 -\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 -\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 -\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 -\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 -\164\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003 -\023\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145 -\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 -\040\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157 -\157\164\103\101\040\062\060\061\065 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122 -\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 -\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 -\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 -\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 -\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 -\164\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003 -\023\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145 -\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 -\040\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157 -\157\164\103\101\040\062\060\061\065 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\006\013\060\202\003\363\240\003\002\001\002\002\001\000 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122\061 -\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156\163 -\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145 -\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144 -\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164 -\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164 -\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023 -\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155 -\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040 -\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157 -\164\103\101\040\062\060\061\065\060\036\027\015\061\065\060\067 -\060\067\061\060\061\061\062\061\132\027\015\064\060\060\066\063 -\060\061\060\061\061\062\061\132\060\201\246\061\013\060\011\006 -\003\125\004\006\023\002\107\122\061\017\060\015\006\003\125\004 -\007\023\006\101\164\150\145\156\163\061\104\060\102\006\003\125 -\004\012\023\073\110\145\154\154\145\156\151\143\040\101\143\141 -\144\145\155\151\143\040\141\156\144\040\122\145\163\145\141\162 -\143\150\040\111\156\163\164\151\164\165\164\151\157\156\163\040 -\103\145\162\164\056\040\101\165\164\150\157\162\151\164\171\061 -\100\060\076\006\003\125\004\003\023\067\110\145\154\154\145\156 -\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040 -\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165 -\164\151\157\156\163\040\122\157\157\164\103\101\040\062\060\061 -\065\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001 -\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002 -\001\000\302\370\251\077\033\211\374\074\074\004\135\075\220\066 -\260\221\072\171\074\146\132\357\155\071\001\111\032\264\267\317 -\177\115\043\123\267\220\000\343\023\052\050\246\061\361\221\000 -\343\050\354\256\041\101\316\037\332\375\175\022\133\001\203\017 -\271\260\137\231\341\362\022\203\200\115\006\076\337\254\257\347 -\241\210\153\061\257\360\213\320\030\063\270\333\105\152\064\364 -\002\200\044\050\012\002\025\225\136\166\052\015\231\072\024\133 -\366\313\313\123\274\023\115\001\210\067\224\045\033\102\274\042 -\330\216\243\226\136\072\331\062\333\076\350\360\020\145\355\164 -\341\057\247\174\257\047\064\273\051\175\233\266\317\011\310\345 -\323\012\374\210\145\145\164\012\334\163\034\134\315\100\261\034 -\324\266\204\214\114\120\317\150\216\250\131\256\302\047\116\202 -\242\065\335\024\364\037\377\262\167\325\207\057\252\156\175\044 -\047\347\306\313\046\346\345\376\147\007\143\330\105\015\335\072 -\131\145\071\130\172\222\231\162\075\234\204\136\210\041\270\325 -\364\054\374\331\160\122\117\170\270\275\074\053\213\225\230\365 -\263\321\150\317\040\024\176\114\134\137\347\213\345\365\065\201 -\031\067\327\021\010\267\146\276\323\112\316\203\127\000\072\303 -\201\370\027\313\222\066\135\321\243\330\165\033\341\213\047\352 -\172\110\101\375\105\031\006\255\047\231\116\301\160\107\335\265 -\237\201\123\022\345\261\214\110\135\061\103\027\343\214\306\172 -\143\226\113\051\060\116\204\116\142\031\136\074\316\227\220\245 -\177\001\353\235\340\370\213\211\335\045\230\075\222\266\176\357 -\331\361\121\121\175\055\046\310\151\131\141\340\254\152\270\052 -\066\021\004\172\120\275\062\204\276\057\334\162\325\327\035\026 -\107\344\107\146\040\077\364\226\305\257\216\001\172\245\017\172 -\144\365\015\030\207\331\256\210\325\372\204\301\072\300\151\050 -\055\362\015\150\121\252\343\245\167\306\244\220\016\241\067\213 -\061\043\107\301\011\010\353\156\367\170\233\327\202\374\204\040 -\231\111\031\266\022\106\261\373\105\125\026\251\243\145\254\234 -\007\017\352\153\334\037\056\006\162\354\206\210\022\344\055\333 -\137\005\057\344\360\003\323\046\063\347\200\302\315\102\241\027 -\064\013\002\003\001\000\001\243\102\060\100\060\017\006\003\125 -\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003 -\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003 -\125\035\016\004\026\004\024\161\025\147\310\310\311\275\165\135 -\162\320\070\030\152\235\363\161\044\124\013\060\015\006\011\052 -\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\165 -\273\155\124\113\252\020\130\106\064\362\142\327\026\066\135\010 -\136\325\154\310\207\275\264\056\106\362\061\370\174\352\102\265 -\223\026\125\334\241\014\022\240\332\141\176\017\130\130\163\144 -\162\307\350\105\216\334\251\362\046\077\306\171\214\261\123\010 -\063\201\260\126\023\276\346\121\134\330\233\012\117\113\234\126 -\123\002\351\117\366\015\140\352\115\102\125\350\174\033\041\041 -\323\033\072\314\167\362\270\220\361\150\307\371\132\376\372\055 -\364\277\311\365\105\033\316\070\020\052\067\212\171\243\264\343 -\011\154\205\206\223\377\211\226\047\170\201\217\147\343\106\164 -\124\216\331\015\151\342\112\364\115\164\003\377\262\167\355\225 -\147\227\344\261\305\253\277\152\043\350\324\224\342\104\050\142 -\304\113\342\360\330\342\051\153\032\160\176\044\141\223\173\117 -\003\062\045\015\105\044\053\226\264\106\152\277\112\013\367\232 -\217\301\254\032\305\147\363\157\064\322\372\163\143\214\357\026 -\260\250\244\106\052\370\353\022\354\162\264\357\370\053\176\214 -\122\300\213\204\124\371\057\076\343\125\250\334\146\261\331\341 -\137\330\263\214\131\064\131\244\253\117\154\273\037\030\333\165 -\253\330\313\222\315\224\070\141\016\007\006\037\113\106\020\361 -\025\276\215\205\134\073\112\053\201\171\017\264\151\237\111\120 -\227\115\367\016\126\135\300\225\152\302\066\303\033\150\311\365 -\052\334\107\232\276\262\316\305\045\350\372\003\271\332\371\026 -\156\221\204\365\034\050\310\374\046\314\327\034\220\126\247\137 -\157\072\004\274\315\170\211\013\216\017\057\243\252\117\242\033 -\022\075\026\010\100\017\361\106\114\327\252\173\010\301\012\365 -\155\047\336\002\217\312\303\265\053\312\351\353\310\041\123\070 -\245\314\073\330\167\067\060\242\117\331\157\321\362\100\255\101 -\172\027\305\326\112\065\211\267\101\325\174\206\177\125\115\203 -\112\245\163\040\300\072\257\220\361\232\044\216\331\216\161\312 -\173\270\206\332\262\217\231\076\035\023\015\022\021\356\324\253 -\360\351\025\166\002\344\340\337\252\040\036\133\141\205\144\100 -\251\220\227\015\255\123\322\132\035\207\152\000\227\145\142\264 -\276\157\152\247\365\054\102\355\062\255\266\041\236\276\274 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Hellenic Academic and Research Institutions RootCA 2015" -# Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR -# Serial Number: 0 (0x0) -# Subject: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR -# Not Valid Before: Tue Jul 07 10:11:21 2015 -# Not Valid After : Sat Jun 30 10:11:21 2040 -# Fingerprint (SHA-256): A0:40:92:9A:02:CE:53:B4:AC:F4:F2:FF:C6:98:1C:E4:49:6F:75:5E:6D:45:FE:0B:2A:69:2B:CD:52:52:3F:36 -# Fingerprint (SHA1): 01:0C:06:95:A6:98:19:14:FF:BF:5F:C6:B0:B6:95:EA:29:E9:12:A6 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Hellenic Academic and Research Institutions RootCA 2015" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\001\014\006\225\246\230\031\024\377\277\137\306\260\266\225\352 -\051\351\022\246 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\312\377\342\333\003\331\313\113\351\017\255\204\375\173\030\316 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122 -\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 -\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 -\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 -\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 -\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 -\164\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003 -\023\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145 -\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 -\040\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157 -\157\164\103\101\040\062\060\061\065 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Hellenic Academic and Research Institutions ECC RootCA 2015" -# -# Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR -# Serial Number: 0 (0x0) -# Subject: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR -# Not Valid Before: Tue Jul 07 10:37:12 2015 -# Not Valid After : Sat Jun 30 10:37:12 2040 -# Fingerprint (SHA-256): 44:B5:45:AA:8A:25:E6:5A:73:CA:15:DC:27:FC:36:D2:4C:1C:B9:95:3A:06:65:39:B1:15:82:DC:48:7B:48:33 -# Fingerprint (SHA1): 9F:F1:71:8D:92:D5:9A:F3:7D:74:97:B4:BC:6F:84:68:0B:BA:B6:66 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Hellenic Academic and Research Institutions ECC RootCA 2015" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\252\061\013\060\011\006\003\125\004\006\023\002\107\122 -\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 -\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 -\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 -\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 -\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 -\164\150\157\162\151\164\171\061\104\060\102\006\003\125\004\003 -\023\073\110\145\154\154\145\156\151\143\040\101\143\141\144\145 -\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 -\040\111\156\163\164\151\164\165\164\151\157\156\163\040\105\103 -\103\040\122\157\157\164\103\101\040\062\060\061\065 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\252\061\013\060\011\006\003\125\004\006\023\002\107\122 -\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 -\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 -\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 -\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 -\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 -\164\150\157\162\151\164\171\061\104\060\102\006\003\125\004\003 -\023\073\110\145\154\154\145\156\151\143\040\101\143\141\144\145 -\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 -\040\111\156\163\164\151\164\165\164\151\157\156\163\040\105\103 -\103\040\122\157\157\164\103\101\040\062\060\061\065 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\303\060\202\002\112\240\003\002\001\002\002\001\000 -\060\012\006\010\052\206\110\316\075\004\003\002\060\201\252\061 -\013\060\011\006\003\125\004\006\023\002\107\122\061\017\060\015 -\006\003\125\004\007\023\006\101\164\150\145\156\163\061\104\060 -\102\006\003\125\004\012\023\073\110\145\154\154\145\156\151\143 -\040\101\143\141\144\145\155\151\143\040\141\156\144\040\122\145 -\163\145\141\162\143\150\040\111\156\163\164\151\164\165\164\151 -\157\156\163\040\103\145\162\164\056\040\101\165\164\150\157\162 -\151\164\171\061\104\060\102\006\003\125\004\003\023\073\110\145 -\154\154\145\156\151\143\040\101\143\141\144\145\155\151\143\040 -\141\156\144\040\122\145\163\145\141\162\143\150\040\111\156\163 -\164\151\164\165\164\151\157\156\163\040\105\103\103\040\122\157 -\157\164\103\101\040\062\060\061\065\060\036\027\015\061\065\060 -\067\060\067\061\060\063\067\061\062\132\027\015\064\060\060\066 -\063\060\061\060\063\067\061\062\132\060\201\252\061\013\060\011 -\006\003\125\004\006\023\002\107\122\061\017\060\015\006\003\125 -\004\007\023\006\101\164\150\145\156\163\061\104\060\102\006\003 -\125\004\012\023\073\110\145\154\154\145\156\151\143\040\101\143 -\141\144\145\155\151\143\040\141\156\144\040\122\145\163\145\141 -\162\143\150\040\111\156\163\164\151\164\165\164\151\157\156\163 -\040\103\145\162\164\056\040\101\165\164\150\157\162\151\164\171 -\061\104\060\102\006\003\125\004\003\023\073\110\145\154\154\145 -\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144 -\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164 -\165\164\151\157\156\163\040\105\103\103\040\122\157\157\164\103 -\101\040\062\060\061\065\060\166\060\020\006\007\052\206\110\316 -\075\002\001\006\005\053\201\004\000\042\003\142\000\004\222\240 -\101\350\113\202\204\134\342\370\061\021\231\206\144\116\011\045 -\057\235\101\057\012\256\065\117\164\225\262\121\144\153\215\153 -\346\077\160\225\360\005\104\107\246\162\070\120\166\225\002\132 -\216\256\050\236\371\055\116\231\357\054\110\157\114\045\051\350 -\321\161\133\337\035\301\165\067\264\327\372\173\172\102\234\152 -\012\126\132\174\151\013\252\200\011\044\154\176\301\106\243\102 -\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 -\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003 -\002\001\006\060\035\006\003\125\035\016\004\026\004\024\264\042 -\013\202\231\044\001\016\234\273\344\016\375\277\373\227\040\223 -\231\052\060\012\006\010\052\206\110\316\075\004\003\002\003\147 -\000\060\144\002\060\147\316\026\142\070\242\254\142\105\247\251 -\225\044\300\032\047\234\062\073\300\300\325\272\251\347\370\004 -\103\123\205\356\122\041\336\235\365\045\203\076\236\130\113\057 -\327\147\023\016\041\002\060\005\341\165\001\336\150\355\052\037 -\115\114\011\010\015\354\113\255\144\027\050\347\165\316\105\145 -\162\041\027\313\042\101\016\214\023\230\070\232\124\155\233\312 -\342\174\352\002\130\042\221 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Hellenic Academic and Research Institutions ECC RootCA 2015" -# Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR -# Serial Number: 0 (0x0) -# Subject: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR -# Not Valid Before: Tue Jul 07 10:37:12 2015 -# Not Valid After : Sat Jun 30 10:37:12 2040 -# Fingerprint (SHA-256): 44:B5:45:AA:8A:25:E6:5A:73:CA:15:DC:27:FC:36:D2:4C:1C:B9:95:3A:06:65:39:B1:15:82:DC:48:7B:48:33 -# Fingerprint (SHA1): 9F:F1:71:8D:92:D5:9A:F3:7D:74:97:B4:BC:6F:84:68:0B:BA:B6:66 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Hellenic Academic and Research Institutions ECC RootCA 2015" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\237\361\161\215\222\325\232\363\175\164\227\264\274\157\204\150 -\013\272\266\146 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\201\345\264\027\353\302\365\341\113\015\101\173\111\222\376\357 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\252\061\013\060\011\006\003\125\004\006\023\002\107\122 -\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156 -\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154 -\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156 -\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151 -\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165 -\164\150\157\162\151\164\171\061\104\060\102\006\003\125\004\003 -\023\073\110\145\154\154\145\156\151\143\040\101\143\141\144\145 -\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150 -\040\111\156\163\164\151\164\165\164\151\157\156\163\040\105\103 -\103\040\122\157\157\164\103\101\040\062\060\061\065 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "ISRG Root X1" -# -# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US -# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00 -# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US -# Not Valid Before: Thu Jun 04 11:04:38 2015 -# Not Valid After : Mon Jun 04 11:04:38 2035 -# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6 -# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "ISRG Root X1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156 -\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145 -\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003 -\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130 -\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156 -\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145 -\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003 -\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130 -\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\202\020\317\260\322\100\343\131\104\143\340\273\143 -\202\213\000 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\153\060\202\003\123\240\003\002\001\002\002\021\000 -\202\020\317\260\322\100\343\131\104\143\340\273\143\202\213\000 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061\051 -\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156\145 -\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145\141 -\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003\125 -\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130\061 -\060\036\027\015\061\065\060\066\060\064\061\061\060\064\063\070 -\132\027\015\063\065\060\066\060\064\061\061\060\064\063\070\132 -\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156 -\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145 -\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003 -\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130 -\061\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001 -\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002 -\001\000\255\350\044\163\364\024\067\363\233\236\053\127\050\034 -\207\276\334\267\337\070\220\214\156\074\346\127\240\170\367\165 -\302\242\376\365\152\156\366\000\117\050\333\336\150\206\154\104 -\223\266\261\143\375\024\022\153\277\037\322\352\061\233\041\176 -\321\063\074\272\110\365\335\171\337\263\270\377\022\361\041\232 -\113\301\212\206\161\151\112\146\146\154\217\176\074\160\277\255 -\051\042\006\363\344\300\346\200\256\342\113\217\267\231\176\224 -\003\237\323\107\227\174\231\110\043\123\350\070\256\117\012\157 -\203\056\321\111\127\214\200\164\266\332\057\320\070\215\173\003 -\160\041\033\165\362\060\074\372\217\256\335\332\143\253\353\026 -\117\302\216\021\113\176\317\013\350\377\265\167\056\364\262\173 -\112\340\114\022\045\014\160\215\003\051\240\341\123\044\354\023 -\331\356\031\277\020\263\112\214\077\211\243\141\121\336\254\207 -\007\224\364\143\161\354\056\342\157\133\230\201\341\211\134\064 -\171\154\166\357\073\220\142\171\346\333\244\232\057\046\305\320 -\020\341\016\336\331\020\216\026\373\267\367\250\367\307\345\002 -\007\230\217\066\010\225\347\342\067\226\015\066\165\236\373\016 -\162\261\035\233\274\003\371\111\005\330\201\335\005\264\052\326 -\101\351\254\001\166\225\012\017\330\337\325\275\022\037\065\057 -\050\027\154\322\230\301\250\011\144\167\156\107\067\272\316\254 -\131\136\150\235\177\162\326\211\305\006\101\051\076\131\076\335 -\046\365\044\311\021\247\132\243\114\100\037\106\241\231\265\247 -\072\121\156\206\073\236\175\162\247\022\005\170\131\355\076\121 -\170\025\013\003\217\215\320\057\005\262\076\173\112\034\113\163 -\005\022\374\306\352\340\120\023\174\103\223\164\263\312\164\347 -\216\037\001\010\320\060\324\133\161\066\264\007\272\301\060\060 -\134\110\267\202\073\230\246\175\140\212\242\243\051\202\314\272 -\275\203\004\033\242\203\003\101\241\326\005\361\033\302\266\360 -\250\174\206\073\106\250\110\052\210\334\166\232\166\277\037\152 -\245\075\031\217\353\070\363\144\336\310\053\015\012\050\377\367 -\333\342\025\102\324\042\320\047\135\341\171\376\030\347\160\210 -\255\116\346\331\213\072\306\335\047\121\156\377\274\144\365\063 -\103\117\002\003\001\000\001\243\102\060\100\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125 -\035\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003 -\125\035\016\004\026\004\024\171\264\131\346\173\266\345\344\001 -\163\200\010\210\310\032\130\366\351\233\156\060\015\006\011\052 -\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\125 -\037\130\251\274\262\250\120\320\014\261\330\032\151\040\047\051 -\010\254\141\165\134\212\156\370\202\345\151\057\325\366\126\113 -\271\270\163\020\131\323\041\227\176\347\114\161\373\262\322\140 -\255\071\250\013\352\027\041\126\205\361\120\016\131\353\316\340 -\131\351\272\311\025\357\206\235\217\204\200\366\344\351\221\220 -\334\027\233\142\033\105\360\146\225\322\174\157\302\352\073\357 -\037\317\313\326\256\047\361\251\260\310\256\375\175\176\232\372 -\042\004\353\377\331\177\352\221\053\042\261\027\016\217\362\212 -\064\133\130\330\374\001\311\124\271\270\046\314\212\210\063\211 -\114\055\204\074\202\337\356\226\127\005\272\054\273\367\304\267 -\307\116\073\202\276\061\310\042\163\163\222\321\302\200\244\071 -\071\020\063\043\202\114\074\237\206\262\125\230\035\276\051\206 -\214\042\233\236\342\153\073\127\072\202\160\115\334\011\307\211 -\313\012\007\115\154\350\135\216\311\357\316\253\307\273\265\053 -\116\105\326\112\320\046\314\345\162\312\010\152\245\225\343\025 -\241\367\244\355\311\054\137\245\373\377\254\050\002\056\276\327 -\173\273\343\161\173\220\026\323\007\136\106\123\174\067\007\102 -\214\323\304\226\234\325\231\265\052\340\225\032\200\110\256\114 -\071\007\316\314\107\244\122\225\053\272\270\373\255\322\063\123 -\175\345\035\115\155\325\241\261\307\102\157\346\100\047\065\134 -\243\050\267\007\215\347\215\063\220\347\043\237\373\120\234\171 -\154\106\325\264\025\263\226\156\176\233\014\226\072\270\122\055 -\077\326\133\341\373\010\302\204\376\044\250\243\211\332\254\152 -\341\030\052\261\250\103\141\133\323\037\334\073\215\166\362\055 -\350\215\165\337\027\063\154\075\123\373\173\313\101\137\377\334 -\242\320\141\070\341\226\270\254\135\213\067\327\165\325\063\300 -\231\021\256\235\101\301\162\165\204\276\002\101\102\137\147\044 -\110\224\321\233\047\276\007\077\271\270\117\201\164\121\341\172 -\267\355\235\043\342\276\340\325\050\004\023\074\061\003\236\335 -\172\154\217\306\007\030\306\177\336\107\216\077\050\236\004\006 -\317\245\124\064\167\275\354\211\233\351\027\103\337\133\333\137 -\376\216\036\127\242\315\100\235\176\142\042\332\336\030\047 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "ISRG Root X1" -# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US -# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00 -# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US -# Not Valid Before: Thu Jun 04 11:04:38 2015 -# Not Valid After : Mon Jun 04 11:04:38 2035 -# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6 -# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "ISRG Root X1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\312\275\052\171\241\007\152\061\362\035\045\066\065\313\003\235 -\103\051\245\350 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\014\322\371\340\332\027\163\351\355\206\115\245\343\160\347\116 -END -CKA_ISSUER MULTILINE_OCTAL -\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156 -\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145 -\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003 -\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130 -\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\202\020\317\260\322\100\343\131\104\143\340\273\143 -\202\213\000 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "AC RAIZ FNMT-RCM" -# -# Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES -# Serial Number:5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07 -# Subject: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES -# Not Valid Before: Wed Oct 29 15:59:56 2008 -# Not Valid After : Tue Jan 01 00:00:00 2030 -# Fingerprint (SHA-256): EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA -# Fingerprint (SHA1): EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AC RAIZ FNMT-RCM" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\073\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\021\060\017\006\003\125\004\012\014\010\106\116\115\124\055\122 -\103\115\061\031\060\027\006\003\125\004\013\014\020\101\103\040 -\122\101\111\132\040\106\116\115\124\055\122\103\115 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\073\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\021\060\017\006\003\125\004\012\014\010\106\116\115\124\055\122 -\103\115\061\031\060\027\006\003\125\004\013\014\020\101\103\040 -\122\101\111\132\040\106\116\115\124\055\122\103\115 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\017\135\223\215\060\147\066\310\006\035\032\307\124\204\151 -\007 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\203\060\202\003\153\240\003\002\001\002\002\017\135 -\223\215\060\147\066\310\006\035\032\307\124\204\151\007\060\015 -\006\011\052\206\110\206\367\015\001\001\013\005\000\060\073\061 -\013\060\011\006\003\125\004\006\023\002\105\123\061\021\060\017 -\006\003\125\004\012\014\010\106\116\115\124\055\122\103\115\061 -\031\060\027\006\003\125\004\013\014\020\101\103\040\122\101\111 -\132\040\106\116\115\124\055\122\103\115\060\036\027\015\060\070 -\061\060\062\071\061\065\065\071\065\066\132\027\015\063\060\060 -\061\060\061\060\060\060\060\060\060\132\060\073\061\013\060\011 -\006\003\125\004\006\023\002\105\123\061\021\060\017\006\003\125 -\004\012\014\010\106\116\115\124\055\122\103\115\061\031\060\027 -\006\003\125\004\013\014\020\101\103\040\122\101\111\132\040\106 -\116\115\124\055\122\103\115\060\202\002\042\060\015\006\011\052 -\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060 -\202\002\012\002\202\002\001\000\272\161\200\172\114\206\156\177 -\310\023\155\300\306\175\034\000\227\217\054\014\043\273\020\232 -\100\251\032\267\207\210\370\233\126\152\373\346\173\216\213\222 -\216\247\045\135\131\021\333\066\056\267\121\027\037\251\010\037 -\004\027\044\130\252\067\112\030\337\345\071\324\127\375\327\301 -\054\221\001\221\342\042\324\003\300\130\374\167\107\354\217\076 -\164\103\272\254\064\215\115\070\166\147\216\260\310\157\060\063 -\130\161\134\264\365\153\156\324\001\120\270\023\176\154\112\243 -\111\321\040\031\356\274\300\051\030\145\247\336\376\357\335\012 -\220\041\347\032\147\222\102\020\230\137\117\060\274\076\034\105 -\264\020\327\150\100\024\300\100\372\347\167\027\172\346\013\217 -\145\133\074\331\232\122\333\265\275\236\106\317\075\353\221\005 -\002\300\226\262\166\114\115\020\226\073\222\372\234\177\017\231 -\337\276\043\065\105\036\002\134\376\265\250\233\231\045\332\136 -\363\042\303\071\365\344\052\056\323\306\037\304\154\252\305\034 -\152\001\005\112\057\322\305\301\250\064\046\135\146\245\322\002 -\041\371\030\267\006\365\116\231\157\250\253\114\121\350\317\120 -\030\305\167\310\071\011\054\111\222\062\231\250\273\027\027\171 -\260\132\305\346\243\304\131\145\107\065\203\136\251\350\065\013 -\231\273\344\315\040\306\233\112\006\071\265\150\374\042\272\356 -\125\214\053\116\352\363\261\343\374\266\231\232\325\102\372\161 -\115\010\317\207\036\152\161\175\371\323\264\351\245\161\201\173 -\302\116\107\226\245\366\166\205\243\050\217\351\200\156\201\123 -\245\155\137\270\110\371\302\371\066\246\056\111\377\270\226\302 -\214\007\263\233\210\130\374\353\033\034\336\055\160\342\227\222 -\060\241\211\343\274\125\250\047\326\113\355\220\255\213\372\143 -\045\131\055\250\065\335\312\227\063\274\345\315\307\235\321\354 -\357\136\016\112\220\006\046\143\255\271\331\065\055\007\272\166 -\145\054\254\127\217\175\364\007\224\327\201\002\226\135\243\007 -\111\325\172\320\127\371\033\347\123\106\165\252\260\171\102\313 -\150\161\010\351\140\275\071\151\316\364\257\303\126\100\307\255 -\122\242\011\344\157\206\107\212\037\353\050\047\135\203\040\257 -\004\311\154\126\232\213\106\365\002\003\001\000\001\243\201\203 -\060\201\200\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004 -\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\367 -\175\305\375\304\350\232\033\167\144\247\365\035\240\314\277\207 -\140\232\155\060\076\006\003\125\035\040\004\067\060\065\060\063 -\006\004\125\035\040\000\060\053\060\051\006\010\053\006\001\005 -\005\007\002\001\026\035\150\164\164\160\072\057\057\167\167\167 -\056\143\145\162\164\056\146\156\155\164\056\145\163\057\144\160 -\143\163\057\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\003\202\002\001\000\007\220\112\337\363\043\116\360\303 -\234\121\145\233\234\042\242\212\014\205\363\163\051\153\115\376 -\001\342\251\014\143\001\277\004\147\245\235\230\137\375\001\023 -\372\354\232\142\351\206\376\266\142\322\156\114\224\373\300\165 -\105\174\145\014\370\262\067\317\254\017\317\215\157\371\031\367 -\217\354\036\362\160\236\360\312\270\357\267\377\166\067\166\133 -\366\156\210\363\257\142\062\042\223\015\072\152\216\024\146\014 -\055\123\164\127\145\036\325\262\335\043\201\073\245\146\043\047 -\147\011\217\341\167\252\103\315\145\121\010\355\121\130\376\346 -\071\371\313\107\204\244\025\361\166\273\244\356\244\073\304\137 -\357\262\063\226\021\030\267\311\145\276\030\341\243\244\334\372 -\030\371\323\274\023\233\071\172\064\272\323\101\373\372\062\212 -\052\267\053\206\013\151\203\070\276\315\212\056\013\160\255\215 -\046\222\356\036\365\001\053\012\331\326\227\233\156\340\250\031 -\034\072\041\213\014\036\100\255\003\347\335\146\176\365\271\040 -\015\003\350\226\371\202\105\324\071\340\240\000\135\327\230\346 -\175\236\147\163\303\232\052\367\253\213\241\072\024\357\064\274 -\122\016\211\230\232\004\100\204\035\176\105\151\223\127\316\353 -\316\370\120\174\117\034\156\004\103\233\371\326\073\043\030\351 -\352\216\321\115\106\215\361\073\344\152\312\272\373\043\267\233 -\372\231\001\051\132\130\132\055\343\371\324\155\016\046\255\301 -\156\064\274\062\370\014\005\372\145\243\333\073\067\203\042\351 -\326\334\162\063\375\135\362\040\275\166\074\043\332\050\367\371 -\033\353\131\144\325\334\137\162\176\040\374\315\211\265\220\147 -\115\142\172\077\116\255\035\303\071\376\172\364\050\026\337\101 -\366\110\200\005\327\017\121\171\254\020\253\324\354\003\146\346 -\152\260\272\061\222\102\100\152\276\072\323\162\341\152\067\125 -\274\254\035\225\267\151\141\362\103\221\164\346\240\323\012\044 -\106\241\010\257\326\332\105\031\226\324\123\035\133\204\171\360 -\300\367\107\357\213\217\305\006\256\235\114\142\235\377\106\004 -\370\323\311\266\020\045\100\165\376\026\252\311\112\140\206\057 -\272\357\060\167\344\124\342\270\204\231\130\200\252\023\213\121 -\072\117\110\366\213\266\263 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "AC RAIZ FNMT-RCM" -# Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES -# Serial Number:5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07 -# Subject: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES -# Not Valid Before: Wed Oct 29 15:59:56 2008 -# Not Valid After : Tue Jan 01 00:00:00 2030 -# Fingerprint (SHA-256): EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA -# Fingerprint (SHA1): EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AC RAIZ FNMT-RCM" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\354\120\065\007\262\025\304\225\142\031\342\250\232\133\102\231 -\054\114\054\040 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\342\011\004\264\323\275\321\240\024\375\032\322\107\304\127\035 -END -CKA_ISSUER MULTILINE_OCTAL -\060\073\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\021\060\017\006\003\125\004\012\014\010\106\116\115\124\055\122 -\103\115\061\031\060\027\006\003\125\004\013\014\020\101\103\040 -\122\101\111\132\040\106\116\115\124\055\122\103\115 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\017\135\223\215\060\147\066\310\006\035\032\307\124\204\151 -\007 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Amazon Root CA 1" -# -# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US -# Serial Number:06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca -# Subject: CN=Amazon Root CA 1,O=Amazon,C=US -# Not Valid Before: Tue May 26 00:00:00 2015 -# Not Valid After : Sun Jan 17 00:00:00 2038 -# Fingerprint (SHA-256): 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E -# Fingerprint (SHA1): 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Amazon Root CA 1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\023\006\154\237\317\231\277\214\012\071\342\360\170\212\103 -\346\226\066\133\312 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\101\060\202\002\051\240\003\002\001\002\002\023\006 -\154\237\317\231\277\214\012\071\342\360\170\212\103\346\226\066 -\133\312\060\015\006\011\052\206\110\206\367\015\001\001\013\005 -\000\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157 -\156\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172 -\157\156\040\122\157\157\164\040\103\101\040\061\060\036\027\015 -\061\065\060\065\062\066\060\060\060\060\060\060\132\027\015\063 -\070\060\061\061\067\060\060\060\060\060\060\132\060\071\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\017\060\015\006 -\003\125\004\012\023\006\101\155\141\172\157\156\061\031\060\027 -\006\003\125\004\003\023\020\101\155\141\172\157\156\040\122\157 -\157\164\040\103\101\040\061\060\202\001\042\060\015\006\011\052 -\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060 -\202\001\012\002\202\001\001\000\262\170\200\161\312\170\325\343 -\161\257\107\200\120\164\175\156\330\327\210\166\364\231\150\367 -\130\041\140\371\164\204\001\057\254\002\055\206\323\240\103\172 -\116\262\244\320\066\272\001\276\215\333\110\310\007\027\066\114 -\364\356\210\043\307\076\353\067\365\265\031\370\111\150\260\336 -\327\271\166\070\035\141\236\244\376\202\066\245\345\112\126\344 -\105\341\371\375\264\026\372\164\332\234\233\065\071\057\372\260 -\040\120\006\154\172\320\200\262\246\371\257\354\107\031\217\120 -\070\007\334\242\207\071\130\370\272\325\251\371\110\147\060\226 -\356\224\170\136\157\211\243\121\300\060\206\146\241\105\146\272 -\124\353\243\303\221\371\110\334\377\321\350\060\055\175\055\164 -\160\065\327\210\044\367\236\304\131\156\273\163\207\027\362\062 -\106\050\270\103\372\267\035\252\312\264\362\237\044\016\055\113 -\367\161\134\136\151\377\352\225\002\313\070\212\256\120\070\157 -\333\373\055\142\033\305\307\036\124\341\167\340\147\310\017\234 -\207\043\326\077\100\040\177\040\200\304\200\114\076\073\044\046 -\216\004\256\154\232\310\252\015\002\003\001\000\001\243\102\060 -\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 -\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002 -\001\206\060\035\006\003\125\035\016\004\026\004\024\204\030\314 -\205\064\354\274\014\224\224\056\010\131\234\307\262\020\116\012 -\010\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000 -\003\202\001\001\000\230\362\067\132\101\220\241\032\305\166\121 -\050\040\066\043\016\256\346\050\273\252\370\224\256\110\244\060 -\177\033\374\044\215\113\264\310\241\227\366\266\361\172\160\310 -\123\223\314\010\050\343\230\045\317\043\244\371\336\041\323\174 -\205\011\255\116\232\165\072\302\013\152\211\170\166\104\107\030 -\145\154\215\101\216\073\177\232\313\364\265\247\120\327\005\054 -\067\350\003\113\255\351\141\240\002\156\365\362\360\305\262\355 -\133\267\334\372\224\134\167\236\023\245\177\122\255\225\362\370 -\223\073\336\213\134\133\312\132\122\133\140\257\024\367\113\357 -\243\373\237\100\225\155\061\124\374\102\323\307\106\037\043\255 -\331\017\110\160\232\331\165\170\161\321\162\103\064\165\156\127 -\131\302\002\134\046\140\051\317\043\031\026\216\210\103\245\324 -\344\313\010\373\043\021\103\350\103\051\162\142\241\251\135\136 -\010\324\220\256\270\330\316\024\302\320\125\362\206\366\304\223 -\103\167\146\141\300\271\350\101\327\227\170\140\003\156\112\162 -\256\245\321\175\272\020\236\206\154\033\212\271\131\063\370\353 -\304\220\276\361\271 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Amazon Root CA 1" -# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US -# Serial Number:06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca -# Subject: CN=Amazon Root CA 1,O=Amazon,C=US -# Not Valid Before: Tue May 26 00:00:00 2015 -# Not Valid After : Sun Jan 17 00:00:00 2038 -# Fingerprint (SHA-256): 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E -# Fingerprint (SHA1): 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Amazon Root CA 1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\215\247\371\145\354\136\374\067\221\017\034\156\131\375\301\314 -\152\156\336\026 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\103\306\277\256\354\376\255\057\030\306\210\150\060\374\310\346 -END -CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\023\006\154\237\317\231\277\214\012\071\342\360\170\212\103 -\346\226\066\133\312 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Amazon Root CA 2" -# -# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US -# Serial Number:06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37 -# Subject: CN=Amazon Root CA 2,O=Amazon,C=US -# Not Valid Before: Tue May 26 00:00:00 2015 -# Not Valid After : Sat May 26 00:00:00 2040 -# Fingerprint (SHA-256): 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4 -# Fingerprint (SHA1): 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Amazon Root CA 2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\023\006\154\237\322\226\065\206\237\012\017\345\206\170\370 -\133\046\273\212\067 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\101\060\202\003\051\240\003\002\001\002\002\023\006 -\154\237\322\226\065\206\237\012\017\345\206\170\370\133\046\273 -\212\067\060\015\006\011\052\206\110\206\367\015\001\001\014\005 -\000\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157 -\156\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172 -\157\156\040\122\157\157\164\040\103\101\040\062\060\036\027\015 -\061\065\060\065\062\066\060\060\060\060\060\060\132\027\015\064 -\060\060\065\062\066\060\060\060\060\060\060\132\060\071\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\017\060\015\006 -\003\125\004\012\023\006\101\155\141\172\157\156\061\031\060\027 -\006\003\125\004\003\023\020\101\155\141\172\157\156\040\122\157 -\157\164\040\103\101\040\062\060\202\002\042\060\015\006\011\052 -\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060 -\202\002\012\002\202\002\001\000\255\226\237\055\234\112\114\112 -\201\171\121\231\354\212\313\153\140\121\023\274\115\155\006\374 -\260\010\215\335\031\020\152\307\046\014\065\330\300\157\040\204 -\351\224\261\233\205\003\303\133\333\112\350\310\370\220\166\331 -\133\117\343\114\350\006\066\115\314\232\254\075\014\220\053\222 -\324\006\031\140\254\067\104\171\205\201\202\255\132\067\340\015 -\314\235\246\114\122\166\352\103\235\267\004\321\120\366\125\340 -\325\322\246\111\205\351\067\351\312\176\256\134\225\115\110\232 -\077\256\040\132\155\210\225\331\064\270\122\032\103\220\260\277 -\154\005\271\266\170\267\352\320\344\072\074\022\123\142\377\112 -\362\173\276\065\005\251\022\064\343\363\144\164\142\054\075\000 -\111\132\050\376\062\104\273\207\335\145\047\002\161\073\332\112 -\367\037\332\315\367\041\125\220\117\017\354\256\202\341\237\153 -\331\105\323\273\360\137\207\355\074\054\071\206\332\077\336\354 -\162\125\353\171\243\255\333\335\174\260\272\034\316\374\336\117 -\065\166\317\017\370\170\037\152\066\121\106\047\141\133\351\236 -\317\360\242\125\175\174\045\212\157\057\264\305\317\204\056\053 -\375\015\121\020\154\373\137\033\274\033\176\305\256\073\230\001 -\061\222\377\013\127\364\232\262\271\127\351\253\357\015\166\321 -\360\356\364\316\206\247\340\156\351\264\151\241\337\151\366\063 -\306\151\056\227\023\236\245\207\260\127\020\201\067\311\123\263 -\273\177\366\222\321\234\320\030\364\222\156\332\203\117\246\143 -\231\114\245\373\136\357\041\144\172\040\137\154\144\205\025\313 -\067\351\142\014\013\052\026\334\001\056\062\332\076\113\365\236 -\072\366\027\100\224\357\236\221\010\206\372\276\143\250\132\063 -\354\313\164\103\225\371\154\151\122\066\307\051\157\374\125\003 -\134\037\373\237\275\107\353\347\111\107\225\013\116\211\042\011 -\111\340\365\141\036\361\277\056\212\162\156\200\131\377\127\072 -\371\165\062\243\116\137\354\355\050\142\331\115\163\362\314\201 -\027\140\355\315\353\334\333\247\312\305\176\002\275\362\124\010 -\124\375\264\055\011\054\027\124\112\230\321\124\341\121\147\010 -\322\355\156\176\157\077\322\055\201\131\051\146\313\220\071\225 -\021\036\164\047\376\335\353\257\002\003\001\000\001\243\102\060 -\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 -\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002 -\001\206\060\035\006\003\125\035\016\004\026\004\024\260\014\360 -\114\060\364\005\130\002\110\375\063\345\122\257\113\204\343\146 -\122\060\015\006\011\052\206\110\206\367\015\001\001\014\005\000 -\003\202\002\001\000\252\250\200\217\016\170\243\340\242\324\315 -\346\365\230\172\073\352\000\003\260\227\016\223\274\132\250\366 -\054\214\162\207\251\261\374\177\163\375\143\161\170\245\207\131 -\317\060\341\015\020\262\023\132\155\202\365\152\346\200\237\240 -\005\013\150\344\107\153\307\152\337\266\375\167\062\162\345\030 -\372\011\364\240\223\054\135\322\214\165\205\166\145\220\014\003 -\171\267\061\043\143\255\170\203\011\206\150\204\312\377\371\317 -\046\232\222\171\347\315\113\305\347\141\247\027\313\363\251\022 -\223\223\153\247\350\057\123\222\304\140\130\260\314\002\121\030 -\133\205\215\142\131\143\266\255\264\336\232\373\046\367\000\047 -\300\135\125\067\164\231\311\120\177\343\131\056\104\343\054\045 -\356\354\114\062\167\264\237\032\351\113\135\040\305\332\375\034 -\207\026\306\103\350\324\273\046\232\105\160\136\251\013\067\123 -\342\106\173\047\375\340\106\362\211\267\314\102\266\313\050\046 -\156\331\245\311\072\310\101\023\140\367\120\214\025\256\262\155 -\032\025\032\127\170\346\222\052\331\145\220\202\077\154\002\257 -\256\022\072\047\226\066\004\327\035\242\200\143\251\233\361\345 -\272\264\174\024\260\116\311\261\037\164\137\070\366\121\352\233 -\372\054\242\021\324\251\055\047\032\105\261\257\262\116\161\015 -\300\130\106\326\151\006\313\123\313\263\376\153\101\315\101\176 -\175\114\017\174\162\171\172\131\315\136\112\016\254\233\251\230 -\163\171\174\264\364\314\271\270\007\014\262\164\134\270\307\157 -\210\241\220\247\364\252\371\277\147\072\364\032\025\142\036\267 -\237\276\075\261\051\257\147\241\022\362\130\020\031\123\003\060 -\033\270\032\211\366\234\275\227\003\216\243\011\363\035\213\041 -\361\264\337\344\034\321\237\145\002\006\352\134\326\023\263\204 -\357\242\245\134\214\167\051\247\150\300\153\256\100\322\250\264 -\352\315\360\215\113\070\234\031\232\033\050\124\270\211\220\357 -\312\165\201\076\036\362\144\044\307\030\257\116\377\107\236\007 -\366\065\145\244\323\012\126\377\365\027\144\154\357\250\042\045 -\111\223\266\337\000\027\332\130\176\135\356\305\033\260\321\321 -\137\041\020\307\371\363\272\002\012\047\007\305\361\326\307\323 -\340\373\011\140\154 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Amazon Root CA 2" -# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US -# Serial Number:06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37 -# Subject: CN=Amazon Root CA 2,O=Amazon,C=US -# Not Valid Before: Tue May 26 00:00:00 2015 -# Not Valid After : Sat May 26 00:00:00 2040 -# Fingerprint (SHA-256): 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4 -# Fingerprint (SHA1): 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Amazon Root CA 2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\132\214\357\105\327\246\230\131\166\172\214\213\104\226\265\170 -\317\107\113\032 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\310\345\215\316\250\102\342\172\300\052\134\174\236\046\277\146 -END -CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\023\006\154\237\322\226\065\206\237\012\017\345\206\170\370 -\133\046\273\212\067 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Amazon Root CA 3" -# -# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US -# Serial Number:06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a -# Subject: CN=Amazon Root CA 3,O=Amazon,C=US -# Not Valid Before: Tue May 26 00:00:00 2015 -# Not Valid After : Sat May 26 00:00:00 2040 -# Fingerprint (SHA-256): 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4 -# Fingerprint (SHA1): 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Amazon Root CA 3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\023\006\154\237\325\164\227\066\146\077\073\013\232\331\350 -\236\166\003\362\112 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\001\266\060\202\001\133\240\003\002\001\002\002\023\006 -\154\237\325\164\227\066\146\077\073\013\232\331\350\236\166\003 -\362\112\060\012\006\010\052\206\110\316\075\004\003\002\060\071 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\017\060 -\015\006\003\125\004\012\023\006\101\155\141\172\157\156\061\031 -\060\027\006\003\125\004\003\023\020\101\155\141\172\157\156\040 -\122\157\157\164\040\103\101\040\063\060\036\027\015\061\065\060 -\065\062\066\060\060\060\060\060\060\132\027\015\064\060\060\065 -\062\066\060\060\060\060\060\060\132\060\071\061\013\060\011\006 -\003\125\004\006\023\002\125\123\061\017\060\015\006\003\125\004 -\012\023\006\101\155\141\172\157\156\061\031\060\027\006\003\125 -\004\003\023\020\101\155\141\172\157\156\040\122\157\157\164\040 -\103\101\040\063\060\131\060\023\006\007\052\206\110\316\075\002 -\001\006\010\052\206\110\316\075\003\001\007\003\102\000\004\051 -\227\247\306\101\177\300\015\233\350\001\033\126\306\362\122\245 -\272\055\262\022\350\322\056\327\372\311\305\330\252\155\037\163 -\201\073\073\230\153\071\174\063\245\305\116\206\216\200\027\150 -\142\105\127\175\104\130\035\263\067\345\147\010\353\146\336\243 -\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004 -\003\002\001\206\060\035\006\003\125\035\016\004\026\004\024\253 -\266\333\327\006\236\067\254\060\206\007\221\160\307\234\304\031 -\261\170\300\060\012\006\010\052\206\110\316\075\004\003\002\003 -\111\000\060\106\002\041\000\340\205\222\243\027\267\215\371\053 -\006\245\223\254\032\230\150\141\162\372\341\241\320\373\034\170 -\140\246\103\231\305\270\304\002\041\000\234\002\357\361\224\234 -\263\226\371\353\306\052\370\266\054\376\072\220\024\026\327\214 -\143\044\110\034\337\060\175\325\150\073 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Amazon Root CA 3" -# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US -# Serial Number:06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a -# Subject: CN=Amazon Root CA 3,O=Amazon,C=US -# Not Valid Before: Tue May 26 00:00:00 2015 -# Not Valid After : Sat May 26 00:00:00 2040 -# Fingerprint (SHA-256): 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4 -# Fingerprint (SHA1): 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Amazon Root CA 3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\015\104\335\214\074\214\032\032\130\165\144\201\351\017\056\052 -\377\263\322\156 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\240\324\357\013\367\265\330\111\225\052\354\365\304\374\201\207 -END -CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\023\006\154\237\325\164\227\066\146\077\073\013\232\331\350 -\236\166\003\362\112 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Amazon Root CA 4" -# -# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US -# Serial Number:06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e -# Subject: CN=Amazon Root CA 4,O=Amazon,C=US -# Not Valid Before: Tue May 26 00:00:00 2015 -# Not Valid After : Sat May 26 00:00:00 2040 -# Fingerprint (SHA-256): E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92 -# Fingerprint (SHA1): F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Amazon Root CA 4" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\064 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\064 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\023\006\154\237\327\301\273\020\114\051\103\345\161\173\173 -\054\310\032\301\016 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\001\362\060\202\001\170\240\003\002\001\002\002\023\006 -\154\237\327\301\273\020\114\051\103\345\161\173\173\054\310\032 -\301\016\060\012\006\010\052\206\110\316\075\004\003\003\060\071 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\017\060 -\015\006\003\125\004\012\023\006\101\155\141\172\157\156\061\031 -\060\027\006\003\125\004\003\023\020\101\155\141\172\157\156\040 -\122\157\157\164\040\103\101\040\064\060\036\027\015\061\065\060 -\065\062\066\060\060\060\060\060\060\132\027\015\064\060\060\065 -\062\066\060\060\060\060\060\060\132\060\071\061\013\060\011\006 -\003\125\004\006\023\002\125\123\061\017\060\015\006\003\125\004 -\012\023\006\101\155\141\172\157\156\061\031\060\027\006\003\125 -\004\003\023\020\101\155\141\172\157\156\040\122\157\157\164\040 -\103\101\040\064\060\166\060\020\006\007\052\206\110\316\075\002 -\001\006\005\053\201\004\000\042\003\142\000\004\322\253\212\067 -\117\243\123\015\376\301\212\173\113\250\173\106\113\143\260\142 -\366\055\033\333\010\161\041\322\000\350\143\275\232\047\373\360 -\071\156\135\352\075\245\311\201\252\243\133\040\230\105\135\026 -\333\375\350\020\155\343\234\340\343\275\137\204\142\363\160\144 -\063\240\313\044\057\160\272\210\241\052\240\165\370\201\256\142 -\006\304\201\333\071\156\051\260\036\372\056\134\243\102\060\100 -\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 -\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 -\206\060\035\006\003\125\035\016\004\026\004\024\323\354\307\072 -\145\156\314\341\332\166\232\126\373\234\363\206\155\127\345\201 -\060\012\006\010\052\206\110\316\075\004\003\003\003\150\000\060 -\145\002\060\072\213\041\361\275\176\021\255\320\357\130\226\057 -\326\353\235\176\220\215\053\317\146\125\303\054\343\050\251\160 -\012\107\016\360\067\131\022\377\055\231\224\050\116\052\117\065 -\115\063\132\002\061\000\352\165\000\116\073\304\072\224\022\221 -\311\130\106\235\041\023\162\247\210\234\212\344\114\112\333\226 -\324\254\213\153\153\111\022\123\063\255\327\344\276\044\374\265 -\012\166\324\245\274\020 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Amazon Root CA 4" -# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US -# Serial Number:06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e -# Subject: CN=Amazon Root CA 4,O=Amazon,C=US -# Not Valid Before: Tue May 26 00:00:00 2015 -# Not Valid After : Sat May 26 00:00:00 2040 -# Fingerprint (SHA-256): E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92 -# Fingerprint (SHA1): F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Amazon Root CA 4" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\366\020\204\007\326\370\273\147\230\014\302\342\104\302\353\256 -\034\357\143\276 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\211\274\047\325\353\027\215\006\152\151\325\375\211\107\264\315 -END -CKA_ISSUER MULTILINE_OCTAL -\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156 -\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157 -\156\040\122\157\157\164\040\103\101\040\064 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\023\006\154\237\327\301\273\020\114\051\103\345\161\173\173 -\054\310\032\301\016 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Symantec Class 1 Public Primary Certification Authority - G6" -# -# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:24:32:75:f2:1d:2f:d2:09:33:f7:b4:6a:ca:d0:f3:98 -# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Tue Oct 18 00:00:00 2011 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (SHA-256): 9D:19:0B:2E:31:45:66:68:5B:E8:A8:89:E2:7A:A8:C7:D7:AE:1D:8A:AD:DB:A3:C1:EC:F9:D2:48:63:CD:34:B9 -# Fingerprint (SHA1): 51:7F:61:1E:29:91:6B:53:82:FB:72:E7:44:D9:8D:C3:CC:53:6D:64 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G6" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\066 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\066 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\044\062\165\362\035\057\322\011\063\367\264\152\312\320 -\363\230 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\366\060\202\002\336\240\003\002\001\002\002\020\044 -\062\165\362\035\057\322\011\063\367\264\152\312\320\363\230\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 -\224\061\013\060\011\006\003\125\004\006\023\002\125\123\061\035 -\060\033\006\003\125\004\012\023\024\123\171\155\141\156\164\145 -\143\040\103\157\162\160\157\162\141\164\151\157\156\061\037\060 -\035\006\003\125\004\013\023\026\123\171\155\141\156\164\145\143 -\040\124\162\165\163\164\040\116\145\164\167\157\162\153\061\105 -\060\103\006\003\125\004\003\023\074\123\171\155\141\156\164\145 -\143\040\103\154\141\163\163\040\061\040\120\165\142\154\151\143 -\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\040\055\040\107\066\060\036\027\015\061\061\061\060\061\070\060 -\060\060\060\060\060\132\027\015\063\067\061\062\060\061\062\063 -\065\071\065\071\132\060\201\224\061\013\060\011\006\003\125\004 -\006\023\002\125\123\061\035\060\033\006\003\125\004\012\023\024 -\123\171\155\141\156\164\145\143\040\103\157\162\160\157\162\141 -\164\151\157\156\061\037\060\035\006\003\125\004\013\023\026\123 -\171\155\141\156\164\145\143\040\124\162\165\163\164\040\116\145 -\164\167\157\162\153\061\105\060\103\006\003\125\004\003\023\074 -\123\171\155\141\156\164\145\143\040\103\154\141\163\163\040\061 -\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171\040 -\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165 -\164\150\157\162\151\164\171\040\055\040\107\066\060\202\001\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\001\017\000\060\202\001\012\002\202\001\001\000\307\071\327 -\111\144\251\231\202\042\114\352\105\331\007\026\343\173\364\203 -\350\231\163\372\153\261\066\340\232\167\240\100\302\201\215\001 -\307\314\214\275\217\175\367\171\343\172\114\003\115\331\373\375 -\207\070\050\054\335\232\213\124\010\333\147\373\033\214\376\050 -\222\057\276\267\262\110\247\201\241\330\136\210\303\314\071\100 -\101\132\321\334\345\332\020\237\057\332\001\115\375\056\106\174 -\371\056\047\012\151\067\356\221\243\033\152\314\104\277\033\307 -\303\324\021\262\120\140\227\011\275\056\042\365\101\204\146\237 -\315\100\246\251\000\200\301\037\225\222\237\336\363\110\357\333 -\035\167\141\374\177\337\356\226\244\162\320\266\076\377\170\047 -\257\313\222\025\151\010\333\143\020\342\346\227\254\156\334\254 -\366\242\316\036\107\231\271\211\267\022\346\241\324\315\131\021 -\147\303\157\205\330\102\116\050\276\131\125\131\004\225\253\217 -\067\200\277\015\360\374\037\072\144\061\130\201\170\327\342\065 -\366\040\077\051\270\217\026\156\076\110\334\265\114\007\341\362 -\032\352\176\012\171\326\250\275\353\135\206\053\115\002\003\001 -\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026 -\004\024\063\101\350\310\071\022\025\223\110\362\226\062\056\132 -\365\332\224\137\123\140\060\015\006\011\052\206\110\206\367\015 -\001\001\013\005\000\003\202\001\001\000\025\343\163\127\261\027 -\266\137\111\151\104\246\366\136\172\147\254\322\336\165\111\253 -\376\045\125\307\072\311\104\025\020\156\277\061\153\313\331\007 -\223\177\034\205\143\000\343\062\022\340\314\313\373\071\154\217 -\342\123\342\074\100\063\331\244\214\107\346\255\130\373\211\257 -\343\336\206\051\126\064\054\105\270\022\372\104\211\156\055\024 -\045\050\044\001\145\326\352\122\254\005\156\126\022\011\075\320 -\164\364\327\275\006\312\250\072\215\126\102\372\215\162\076\164 -\361\003\162\337\207\033\136\016\172\125\226\054\070\267\230\205 -\315\115\063\104\311\224\217\132\061\060\067\113\243\072\022\263 -\347\066\321\041\150\113\055\070\346\123\256\034\045\126\010\126 -\003\147\204\235\306\303\316\044\142\307\114\066\317\260\006\104 -\267\365\137\002\335\331\124\351\057\220\116\172\310\116\203\100 -\014\232\227\074\067\277\277\354\366\360\264\205\167\050\301\013 -\310\147\202\020\027\070\242\267\006\352\233\277\072\370\351\043 -\007\277\164\340\230\070\025\125\170\356\162\000\134\031\243\364 -\322\063\340\377\275\321\124\071\051\017 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Symantec Class 1 Public Primary Certification Authority - G6" -# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:24:32:75:f2:1d:2f:d2:09:33:f7:b4:6a:ca:d0:f3:98 -# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Tue Oct 18 00:00:00 2011 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (SHA-256): 9D:19:0B:2E:31:45:66:68:5B:E8:A8:89:E2:7A:A8:C7:D7:AE:1D:8A:AD:DB:A3:C1:EC:F9:D2:48:63:CD:34:B9 -# Fingerprint (SHA1): 51:7F:61:1E:29:91:6B:53:82:FB:72:E7:44:D9:8D:C3:CC:53:6D:64 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G6" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\121\177\141\036\051\221\153\123\202\373\162\347\104\331\215\303 -\314\123\155\144 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\057\250\264\332\366\144\113\036\202\371\106\075\124\032\174\260 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\066 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\044\062\165\362\035\057\322\011\063\367\264\152\312\320 -\363\230 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Symantec Class 2 Public Primary Certification Authority - G6" -# -# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:64:82:9e:fc:37:1e:74:5d:fc:97:ff:97:c8:b1:ff:41 -# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Tue Oct 18 00:00:00 2011 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (SHA-256): CB:62:7D:18:B5:8A:D5:6D:DE:33:1A:30:45:6B:C6:5C:60:1A:4E:9B:18:DE:DC:EA:08:E7:DA:AA:07:81:5F:F0 -# Fingerprint (SHA1): 40:B3:31:A0:E9:BF:E8:55:BC:39:93:CA:70:4F:4E:C2:51:D4:1D:8F -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G6" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\066 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\066 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\144\202\236\374\067\036\164\135\374\227\377\227\310\261 -\377\101 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\366\060\202\002\336\240\003\002\001\002\002\020\144 -\202\236\374\067\036\164\135\374\227\377\227\310\261\377\101\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 -\224\061\013\060\011\006\003\125\004\006\023\002\125\123\061\035 -\060\033\006\003\125\004\012\023\024\123\171\155\141\156\164\145 -\143\040\103\157\162\160\157\162\141\164\151\157\156\061\037\060 -\035\006\003\125\004\013\023\026\123\171\155\141\156\164\145\143 -\040\124\162\165\163\164\040\116\145\164\167\157\162\153\061\105 -\060\103\006\003\125\004\003\023\074\123\171\155\141\156\164\145 -\143\040\103\154\141\163\163\040\062\040\120\165\142\154\151\143 -\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\040\055\040\107\066\060\036\027\015\061\061\061\060\061\070\060 -\060\060\060\060\060\132\027\015\063\067\061\062\060\061\062\063 -\065\071\065\071\132\060\201\224\061\013\060\011\006\003\125\004 -\006\023\002\125\123\061\035\060\033\006\003\125\004\012\023\024 -\123\171\155\141\156\164\145\143\040\103\157\162\160\157\162\141 -\164\151\157\156\061\037\060\035\006\003\125\004\013\023\026\123 -\171\155\141\156\164\145\143\040\124\162\165\163\164\040\116\145 -\164\167\157\162\153\061\105\060\103\006\003\125\004\003\023\074 -\123\171\155\141\156\164\145\143\040\103\154\141\163\163\040\062 -\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171\040 -\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165 -\164\150\157\162\151\164\171\040\055\040\107\066\060\202\001\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\001\017\000\060\202\001\012\002\202\001\001\000\315\314\351 -\005\310\143\205\313\077\100\143\027\275\030\372\065\346\004\147 -\127\145\230\051\244\117\311\134\217\017\064\322\370\332\250\023 -\142\252\270\036\120\147\170\260\026\114\240\071\251\025\172\256 -\355\322\242\300\360\220\067\051\030\046\134\350\015\074\266\154 -\111\077\301\340\334\331\113\266\024\031\013\246\323\226\341\326 -\011\343\031\046\034\371\037\145\113\371\032\103\034\000\203\326 -\320\252\111\242\324\333\346\142\070\272\120\024\103\155\371\061 -\370\126\026\331\070\002\221\317\353\154\335\273\071\116\231\341 -\060\147\105\361\324\360\215\303\337\376\362\070\007\041\175\000 -\136\126\104\263\344\140\275\221\053\234\253\133\004\162\017\262 -\050\331\162\253\005\040\102\045\251\133\003\152\040\020\314\061 -\360\053\332\065\054\320\373\232\227\116\360\202\113\053\330\137 -\066\243\013\055\257\143\015\035\045\177\241\156\134\142\241\215 -\050\076\241\374\034\040\370\001\057\272\125\232\021\260\031\322 -\310\120\171\153\016\152\005\327\252\004\066\262\243\362\341\137 -\167\247\167\234\345\036\334\351\337\152\301\145\135\002\003\001 -\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026 -\004\024\207\214\040\225\310\230\112\321\326\200\006\112\220\064 -\104\337\034\115\277\260\060\015\006\011\052\206\110\206\367\015 -\001\001\013\005\000\003\202\001\001\000\201\216\262\245\146\226 -\267\041\245\266\357\157\043\132\137\333\201\305\102\245\170\301 -\151\375\364\074\327\371\134\153\160\162\032\374\132\227\115\000 -\200\210\210\202\212\303\161\015\216\305\211\233\054\355\215\013 -\322\162\124\365\175\324\134\103\127\351\363\256\245\002\021\366 -\166\053\201\127\335\175\332\164\060\375\124\107\366\340\026\156 -\246\264\012\110\346\347\165\007\017\051\031\071\316\171\364\266 -\154\305\137\231\325\037\113\372\337\155\054\074\015\124\200\160 -\360\210\013\200\317\306\150\242\270\035\160\331\166\214\374\356 -\245\311\317\255\035\317\231\045\127\132\142\105\313\026\153\275 -\111\315\245\243\214\151\171\045\256\270\114\154\213\100\146\113 -\026\077\317\002\032\335\341\154\153\007\141\152\166\025\051\231 -\177\033\335\210\200\301\277\265\217\163\305\246\226\043\204\246 -\050\206\044\063\152\001\056\127\163\045\266\136\277\217\346\035 -\141\250\100\051\147\035\207\233\035\177\233\237\231\315\061\326 -\124\276\142\273\071\254\150\022\110\221\040\245\313\261\335\376 -\157\374\132\344\202\125\131\257\061\251 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Symantec Class 2 Public Primary Certification Authority - G6" -# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Serial Number:64:82:9e:fc:37:1e:74:5d:fc:97:ff:97:c8:b1:ff:41 -# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US -# Not Valid Before: Tue Oct 18 00:00:00 2011 -# Not Valid After : Tue Dec 01 23:59:59 2037 -# Fingerprint (SHA-256): CB:62:7D:18:B5:8A:D5:6D:DE:33:1A:30:45:6B:C6:5C:60:1A:4E:9B:18:DE:DC:EA:08:E7:DA:AA:07:81:5F:F0 -# Fingerprint (SHA1): 40:B3:31:A0:E9:BF:E8:55:BC:39:93:CA:70:4F:4E:C2:51:D4:1D:8F -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G6" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\100\263\061\240\351\277\350\125\274\071\223\312\160\117\116\302 -\121\324\035\217 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\175\013\203\345\373\174\255\007\117\040\251\265\337\143\355\171 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156 -\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061 -\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164 -\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153 -\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156 -\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154 -\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151 -\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151 -\164\171\040\055\040\107\066 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\144\202\236\374\067\036\164\135\374\227\377\227\310\261 -\377\101 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "D-TRUST Root CA 3 2013" -# -# Issuer: CN=D-TRUST Root CA 3 2013,O=D-Trust GmbH,C=DE -# Serial Number: 1039788 (0xfddac) -# Subject: CN=D-TRUST Root CA 3 2013,O=D-Trust GmbH,C=DE -# Not Valid Before: Fri Sep 20 08:25:51 2013 -# Not Valid After : Wed Sep 20 08:25:51 2028 -# Fingerprint (SHA-256): A1:A8:6D:04:12:1E:B8:7F:02:7C:66:F5:33:03:C2:8E:57:39:F9:43:FC:84:B3:8A:D6:AF:00:90:35:DD:94:57 -# Fingerprint (SHA1): 6C:7C:CC:E7:D4:AE:51:5F:99:08:CD:3F:F6:E8:C3:78:DF:6F:EF:97 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "D-TRUST Root CA 3 2013" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163 -\164\040\107\155\142\110\061\037\060\035\006\003\125\004\003\014 -\026\104\055\124\122\125\123\124\040\122\157\157\164\040\103\101 -\040\063\040\062\060\061\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163 -\164\040\107\155\142\110\061\037\060\035\006\003\125\004\003\014 -\026\104\055\124\122\125\123\124\040\122\157\157\164\040\103\101 -\040\063\040\062\060\061\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\003\017\335\254 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\016\060\202\002\366\240\003\002\001\002\002\003\017 -\335\254\060\015\006\011\052\206\110\206\367\015\001\001\013\005 -\000\060\105\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165 -\163\164\040\107\155\142\110\061\037\060\035\006\003\125\004\003 -\014\026\104\055\124\122\125\123\124\040\122\157\157\164\040\103 -\101\040\063\040\062\060\061\063\060\036\027\015\061\063\060\071 -\062\060\060\070\062\065\065\061\132\027\015\062\070\060\071\062 -\060\060\070\062\065\065\061\132\060\105\061\013\060\011\006\003 -\125\004\006\023\002\104\105\061\025\060\023\006\003\125\004\012 -\014\014\104\055\124\162\165\163\164\040\107\155\142\110\061\037 -\060\035\006\003\125\004\003\014\026\104\055\124\122\125\123\124 -\040\122\157\157\164\040\103\101\040\063\040\062\060\061\063\060 -\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001 -\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000 -\304\173\102\222\202\037\354\355\124\230\216\022\300\312\011\337 -\223\156\072\223\134\033\344\020\167\236\116\151\210\154\366\341 -\151\362\366\233\242\141\261\275\007\040\164\230\145\361\214\046 -\010\315\250\065\312\200\066\321\143\155\350\104\172\202\303\154 -\136\336\273\350\066\322\304\150\066\214\237\062\275\204\042\340 -\334\302\356\020\106\071\155\257\223\071\256\207\346\303\274\011 -\311\054\153\147\133\331\233\166\165\114\013\340\273\305\327\274 -\076\171\362\137\276\321\220\127\371\256\366\146\137\061\277\323 -\155\217\247\272\112\363\043\145\273\267\357\243\045\327\012\352 -\130\266\357\210\372\372\171\262\122\130\325\360\254\214\241\121 -\164\051\225\252\121\073\220\062\003\237\034\162\164\220\336\075 -\355\141\322\345\343\375\144\107\345\271\267\112\251\367\037\256 -\226\206\004\254\057\343\244\201\167\267\132\026\377\330\017\077 -\366\267\170\314\244\257\372\133\074\022\133\250\122\211\162\357 -\210\363\325\104\201\206\225\043\237\173\335\274\331\064\357\174 -\224\074\252\300\101\302\343\235\120\032\300\344\031\042\374\263 -\002\003\001\000\001\243\202\001\005\060\202\001\001\060\017\006 -\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\035 -\006\003\125\035\016\004\026\004\024\077\220\310\175\307\025\157 -\363\044\217\251\303\057\113\242\017\041\262\057\347\060\016\006 -\003\125\035\017\001\001\377\004\004\003\002\001\006\060\201\276 -\006\003\125\035\037\004\201\266\060\201\263\060\164\240\162\240 -\160\206\156\154\144\141\160\072\057\057\144\151\162\145\143\164 -\157\162\171\056\144\055\164\162\165\163\164\056\156\145\164\057 -\103\116\075\104\055\124\122\125\123\124\045\062\060\122\157\157 -\164\045\062\060\103\101\045\062\060\063\045\062\060\062\060\061 -\063\054\117\075\104\055\124\162\165\163\164\045\062\060\107\155 -\142\110\054\103\075\104\105\077\143\145\162\164\151\146\151\143 -\141\164\145\162\145\166\157\143\141\164\151\157\156\154\151\163 -\164\060\073\240\071\240\067\206\065\150\164\164\160\072\057\057 -\143\162\154\056\144\055\164\162\165\163\164\056\156\145\164\057 -\143\162\154\057\144\055\164\162\165\163\164\137\162\157\157\164 -\137\143\141\137\063\137\062\060\061\063\056\143\162\154\060\015 -\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202\001 -\001\000\016\131\016\130\344\164\110\043\104\317\064\041\265\234 -\024\032\255\232\113\267\263\210\155\134\251\027\160\360\052\237 -\215\173\371\173\205\372\307\071\350\020\010\260\065\053\137\317 -\002\322\323\234\310\013\036\356\005\124\256\067\223\004\011\175 -\154\217\302\164\274\370\034\224\276\061\001\100\055\363\044\040 -\267\204\125\054\134\310\365\164\112\020\031\213\243\307\355\065 -\326\011\110\323\016\300\272\071\250\260\106\002\260\333\306\210 -\131\302\276\374\173\261\053\317\176\142\207\125\226\314\001\157 -\233\147\041\225\065\213\370\020\374\161\033\267\113\067\151\246 -\073\326\354\213\356\301\260\363\045\311\217\222\175\241\352\303 -\312\104\277\046\245\164\222\234\343\164\353\235\164\331\313\115 -\207\330\374\264\151\154\213\240\103\007\140\170\227\351\331\223 -\174\302\106\274\233\067\122\243\355\212\074\023\251\173\123\113 -\111\232\021\005\054\013\156\126\254\037\056\202\154\340\151\147 -\265\016\155\055\331\344\300\025\361\077\372\030\162\341\025\155 -\047\133\055\060\050\053\237\110\232\144\053\231\357\362\165\111 -\137\134 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "D-TRUST Root CA 3 2013" -# Issuer: CN=D-TRUST Root CA 3 2013,O=D-Trust GmbH,C=DE -# Serial Number: 1039788 (0xfddac) -# Subject: CN=D-TRUST Root CA 3 2013,O=D-Trust GmbH,C=DE -# Not Valid Before: Fri Sep 20 08:25:51 2013 -# Not Valid After : Wed Sep 20 08:25:51 2028 -# Fingerprint (SHA-256): A1:A8:6D:04:12:1E:B8:7F:02:7C:66:F5:33:03:C2:8E:57:39:F9:43:FC:84:B3:8A:D6:AF:00:90:35:DD:94:57 -# Fingerprint (SHA1): 6C:7C:CC:E7:D4:AE:51:5F:99:08:CD:3F:F6:E8:C3:78:DF:6F:EF:97 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "D-TRUST Root CA 3 2013" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\154\174\314\347\324\256\121\137\231\010\315\077\366\350\303\170 -\337\157\357\227 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\267\042\146\230\176\326\003\340\301\161\346\165\315\126\105\277 -END -CKA_ISSUER MULTILINE_OCTAL -\060\105\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163 -\164\040\107\155\142\110\061\037\060\035\006\003\125\004\003\014 -\026\104\055\124\122\125\123\124\040\122\157\157\164\040\103\101 -\040\063\040\062\060\061\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\003\017\335\254 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" -# -# Issuer: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR -# Serial Number: 1 (0x1) -# Subject: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR -# Not Valid Before: Mon Nov 25 08:25:55 2013 -# Not Valid After : Sun Oct 25 08:25:55 2043 -# Fingerprint (SHA-256): 46:ED:C3:68:90:46:D5:3A:45:3F:B3:10:4A:B8:0D:CA:EC:65:8B:26:60:EA:16:29:DD:7E:86:79:90:64:87:16 -# Fingerprint (SHA1): 31:43:64:9B:EC:CE:27:EC:ED:3A:3F:0B:8F:0D:E4:E8:91:DD:EE:CA -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122 -\061\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145 -\040\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003 -\125\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154 -\151\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157 -\152\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165 -\162\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055 -\060\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145 -\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153 -\145\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060 -\064\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040 -\113\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040 -\123\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165 -\162\165\155\040\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122 -\061\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145 -\040\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003 -\125\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154 -\151\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157 -\152\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165 -\162\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055 -\060\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145 -\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153 -\145\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060 -\064\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040 -\113\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040 -\123\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165 -\162\165\155\040\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\143\060\202\003\113\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122\061 -\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145\040 -\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003\125 -\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154\151 -\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157\152 -\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165\162 -\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055\060 -\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145\162 -\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153\145 -\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060\064 -\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040\113 -\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040\123 -\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165\162 -\165\155\040\061\060\036\027\015\061\063\061\061\062\065\060\070 -\062\065\065\065\132\027\015\064\063\061\060\062\065\060\070\062 -\065\065\065\132\060\201\322\061\013\060\011\006\003\125\004\006 -\023\002\124\122\061\030\060\026\006\003\125\004\007\023\017\107 -\145\142\172\145\040\055\040\113\157\143\141\145\154\151\061\102 -\060\100\006\003\125\004\012\023\071\124\165\162\153\151\171\145 -\040\102\151\154\151\155\163\145\154\040\166\145\040\124\145\153 -\156\157\154\157\152\151\153\040\101\162\141\163\164\151\162\155 -\141\040\113\165\162\165\155\165\040\055\040\124\125\102\111\124 -\101\113\061\055\060\053\006\003\125\004\013\023\044\113\141\155 -\165\040\123\145\162\164\151\146\151\153\141\163\171\157\156\040 -\115\145\162\153\145\172\151\040\055\040\113\141\155\165\040\123 -\115\061\066\060\064\006\003\125\004\003\023\055\124\125\102\111 -\124\101\113\040\113\141\155\165\040\123\115\040\123\123\114\040 -\113\157\153\040\123\145\162\164\151\146\151\153\141\163\151\040 -\055\040\123\165\162\165\155\040\061\060\202\001\042\060\015\006 -\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017 -\000\060\202\001\012\002\202\001\001\000\257\165\060\063\252\273 -\153\323\231\054\022\067\204\331\215\173\227\200\323\156\347\377 -\233\120\225\076\220\225\126\102\327\031\174\046\204\215\222\372 -\001\035\072\017\342\144\070\267\214\274\350\210\371\213\044\253 -\056\243\365\067\344\100\216\030\045\171\203\165\037\073\377\154 -\250\305\306\126\370\264\355\212\104\243\253\154\114\374\035\320 -\334\357\150\275\317\344\252\316\360\125\367\242\064\324\203\153 -\067\174\034\302\376\265\003\354\127\316\274\264\265\305\355\000 -\017\123\067\052\115\364\117\014\203\373\206\317\313\376\214\116 -\275\207\371\247\213\041\127\234\172\337\003\147\211\054\235\227 -\141\247\020\270\125\220\177\016\055\047\070\164\337\347\375\332 -\116\022\343\115\025\042\002\310\340\340\374\017\255\212\327\311 -\124\120\314\073\017\312\026\200\204\320\121\126\303\216\126\177 -\211\042\063\057\346\205\012\275\245\250\033\066\336\323\334\054 -\155\073\307\023\275\131\043\054\346\345\244\367\330\013\355\352 -\220\100\104\250\225\273\223\325\320\200\064\266\106\170\016\037 -\000\223\106\341\356\351\371\354\117\027\002\003\001\000\001\243 -\102\060\100\060\035\006\003\125\035\016\004\026\004\024\145\077 -\307\212\206\306\074\335\074\124\134\065\370\072\355\122\014\107 -\127\310\060\016\006\003\125\035\017\001\001\377\004\004\003\002 -\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003 -\001\001\377\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\003\202\001\001\000\052\077\341\361\062\216\256\341\230 -\134\113\136\317\153\036\152\011\322\042\251\022\307\136\127\175 -\163\126\144\200\204\172\223\344\011\271\020\315\237\052\047\341 -\000\167\276\110\310\065\250\201\237\344\270\054\311\177\016\260 -\322\113\067\135\352\271\325\013\136\064\275\364\163\051\303\355 -\046\025\234\176\010\123\212\130\215\320\113\050\337\301\263\337 -\040\363\371\343\343\072\337\314\234\224\330\116\117\303\153\027 -\267\367\162\350\255\146\063\265\045\123\253\340\370\114\251\235 -\375\362\015\272\256\271\331\252\306\153\371\223\273\256\253\270 -\227\074\003\032\272\103\306\226\271\105\162\070\263\247\241\226 -\075\221\173\176\300\041\123\114\207\355\362\013\124\225\121\223 -\325\042\245\015\212\361\223\016\076\124\016\260\330\311\116\334 -\362\061\062\126\352\144\371\352\265\235\026\146\102\162\363\177 -\323\261\061\103\374\244\216\027\361\155\043\253\224\146\370\255 -\373\017\010\156\046\055\177\027\007\011\262\214\373\120\300\237 -\226\215\317\266\375\000\235\132\024\232\277\002\104\365\301\302 -\237\042\136\242\017\241\343 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" -# Issuer: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR -# Serial Number: 1 (0x1) -# Subject: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR -# Not Valid Before: Mon Nov 25 08:25:55 2013 -# Not Valid After : Sun Oct 25 08:25:55 2043 -# Fingerprint (SHA-256): 46:ED:C3:68:90:46:D5:3A:45:3F:B3:10:4A:B8:0D:CA:EC:65:8B:26:60:EA:16:29:DD:7E:86:79:90:64:87:16 -# Fingerprint (SHA1): 31:43:64:9B:EC:CE:27:EC:ED:3A:3F:0B:8F:0D:E4:E8:91:DD:EE:CA -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\061\103\144\233\354\316\047\354\355\072\077\013\217\015\344\350 -\221\335\356\312 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\334\000\201\334\151\057\076\057\260\073\366\075\132\221\216\111 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122 -\061\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145 -\040\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003 -\125\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154 -\151\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157 -\152\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165 -\162\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055 -\060\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145 -\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153 -\145\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060 -\064\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040 -\113\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040 -\123\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165 -\162\165\155\040\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "GDCA TrustAUTH R5 ROOT" -# -# Issuer: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN -# Serial Number:7d:09:97:fe:f0:47:ea:7a -# Subject: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN -# Not Valid Before: Wed Nov 26 05:13:15 2014 -# Not Valid After : Mon Dec 31 15:59:59 2040 -# Fingerprint (SHA-256): BF:FF:8F:D0:44:33:48:7D:6A:8A:A6:0C:1A:29:76:7A:9F:C2:BB:B0:5E:42:0F:71:3A:13:B9:92:89:1D:38:93 -# Fingerprint (SHA1): 0F:36:38:5B:81:1A:25:C3:9B:31:4E:83:CA:E9:34:66:70:CC:74:B4 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GDCA TrustAUTH R5 ROOT" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\142\061\013\060\011\006\003\125\004\006\023\002\103\116\061 -\062\060\060\006\003\125\004\012\014\051\107\125\101\116\107\040 -\104\117\116\107\040\103\105\122\124\111\106\111\103\101\124\105 -\040\101\125\124\110\117\122\111\124\131\040\103\117\056\054\114 -\124\104\056\061\037\060\035\006\003\125\004\003\014\026\107\104 -\103\101\040\124\162\165\163\164\101\125\124\110\040\122\065\040 -\122\117\117\124 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\142\061\013\060\011\006\003\125\004\006\023\002\103\116\061 -\062\060\060\006\003\125\004\012\014\051\107\125\101\116\107\040 -\104\117\116\107\040\103\105\122\124\111\106\111\103\101\124\105 -\040\101\125\124\110\117\122\111\124\131\040\103\117\056\054\114 -\124\104\056\061\037\060\035\006\003\125\004\003\014\026\107\104 -\103\101\040\124\162\165\163\164\101\125\124\110\040\122\065\040 -\122\117\117\124 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\175\011\227\376\360\107\352\172 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\210\060\202\003\160\240\003\002\001\002\002\010\175 -\011\227\376\360\107\352\172\060\015\006\011\052\206\110\206\367 -\015\001\001\013\005\000\060\142\061\013\060\011\006\003\125\004 -\006\023\002\103\116\061\062\060\060\006\003\125\004\012\014\051 -\107\125\101\116\107\040\104\117\116\107\040\103\105\122\124\111 -\106\111\103\101\124\105\040\101\125\124\110\117\122\111\124\131 -\040\103\117\056\054\114\124\104\056\061\037\060\035\006\003\125 -\004\003\014\026\107\104\103\101\040\124\162\165\163\164\101\125 -\124\110\040\122\065\040\122\117\117\124\060\036\027\015\061\064 -\061\061\062\066\060\065\061\063\061\065\132\027\015\064\060\061 -\062\063\061\061\065\065\071\065\071\132\060\142\061\013\060\011 -\006\003\125\004\006\023\002\103\116\061\062\060\060\006\003\125 -\004\012\014\051\107\125\101\116\107\040\104\117\116\107\040\103 -\105\122\124\111\106\111\103\101\124\105\040\101\125\124\110\117 -\122\111\124\131\040\103\117\056\054\114\124\104\056\061\037\060 -\035\006\003\125\004\003\014\026\107\104\103\101\040\124\162\165 -\163\164\101\125\124\110\040\122\065\040\122\117\117\124\060\202 -\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005 -\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000\331 -\243\026\360\310\164\164\167\233\357\063\015\073\006\176\125\374 -\265\140\217\166\206\022\102\175\126\146\076\210\202\355\162\143 -\016\236\213\335\064\054\002\121\121\303\031\375\131\124\204\311 -\361\153\263\114\260\351\350\106\135\070\306\242\247\056\021\127 -\272\202\025\242\234\217\155\260\231\112\012\362\353\211\160\143 -\116\171\304\267\133\275\242\135\261\362\101\002\053\255\251\072 -\243\354\171\012\354\137\072\343\375\357\200\074\255\064\233\032 -\253\210\046\173\126\242\202\206\037\353\065\211\203\177\137\256 -\051\116\075\266\156\354\256\301\360\047\233\256\343\364\354\357 -\256\177\367\206\075\162\172\353\245\373\131\116\247\353\225\214 -\042\071\171\341\055\010\217\314\274\221\270\101\367\024\301\043 -\251\303\255\232\105\104\263\262\327\054\315\306\051\342\120\020 -\256\134\313\202\216\027\030\066\175\227\346\210\232\260\115\064 -\011\364\054\271\132\146\052\260\027\233\236\036\166\235\112\146 -\061\101\337\077\373\305\006\357\033\266\176\032\106\066\367\144 -\143\073\343\071\030\043\347\147\165\024\325\165\127\222\067\275 -\276\152\033\046\120\362\066\046\006\220\305\160\001\144\155\166 -\146\341\221\333\156\007\300\141\200\056\262\056\057\214\160\247 -\321\073\074\263\221\344\156\266\304\073\160\362\154\222\227\011 -\315\107\175\030\300\363\273\236\017\326\213\256\007\266\132\017 -\316\013\014\107\247\345\076\270\275\175\307\233\065\240\141\227 -\072\101\165\027\314\053\226\167\052\222\041\036\331\225\166\040 -\147\150\317\015\275\337\326\037\011\152\232\342\314\163\161\244 -\057\175\022\200\267\123\060\106\136\113\124\231\017\147\311\245 -\310\362\040\301\202\354\235\021\337\302\002\373\032\073\321\355 -\040\232\357\145\144\222\020\015\052\342\336\160\361\030\147\202 -\214\141\336\270\274\321\057\234\373\017\320\053\355\033\166\271 -\344\071\125\370\370\241\035\270\252\200\000\114\202\347\262\177 -\011\270\274\060\240\057\015\365\122\236\216\367\222\263\012\000 -\035\000\124\227\006\340\261\007\331\307\017\134\145\175\074\155 -\131\127\344\355\245\215\351\100\123\237\025\113\240\161\366\032 -\041\343\332\160\006\041\130\024\207\205\167\171\252\202\171\002 -\003\001\000\001\243\102\060\100\060\035\006\003\125\035\016\004 -\026\004\024\342\311\100\237\115\316\350\232\241\174\317\016\077 -\145\305\051\210\152\031\121\060\017\006\003\125\035\023\001\001 -\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017\001 -\001\377\004\004\003\002\001\206\060\015\006\011\052\206\110\206 -\367\015\001\001\013\005\000\003\202\002\001\000\321\111\127\340 -\247\314\150\130\272\001\017\053\031\315\215\260\141\105\254\021 -\355\143\120\151\370\037\177\276\026\217\375\235\353\013\252\062 -\107\166\322\147\044\355\275\174\063\062\227\052\307\005\206\146 -\015\027\175\024\025\033\324\353\375\037\232\366\136\227\151\267 -\032\045\244\012\263\221\077\137\066\254\213\354\127\250\076\347 -\201\212\030\127\071\205\164\032\102\307\351\133\023\137\217\371 -\010\351\222\164\215\365\107\322\253\073\326\373\170\146\116\066 -\175\371\351\222\351\004\336\375\111\143\374\155\373\024\161\223 -\147\057\107\112\267\271\377\036\052\163\160\106\060\277\132\362 -\057\171\245\341\215\014\331\371\262\143\067\214\067\145\205\160 -\152\134\133\011\162\271\255\143\074\261\335\370\374\062\277\067 -\206\344\273\216\230\047\176\272\037\026\341\160\021\362\003\337 -\045\142\062\047\046\030\062\204\237\377\000\072\023\272\232\115 -\364\117\270\024\160\042\261\312\053\220\316\051\301\160\364\057 -\235\177\362\220\036\326\132\337\267\106\374\346\206\372\313\340 -\040\166\172\272\246\313\365\174\336\142\245\261\213\356\336\202 -\146\212\116\072\060\037\077\200\313\255\047\272\014\136\327\320 -\261\126\312\167\161\262\265\165\241\120\251\100\103\027\302\050 -\331\317\122\213\133\310\143\324\102\076\240\063\172\106\056\367 -\012\040\106\124\176\152\117\061\361\201\176\102\164\070\145\163 -\047\356\306\174\270\216\327\245\072\327\230\241\234\214\020\125 -\323\333\113\354\100\220\362\315\156\127\322\142\016\174\127\223 -\261\247\155\315\235\203\273\052\347\345\266\073\161\130\255\375 -\321\105\274\132\221\356\123\025\157\323\105\011\165\156\272\220 -\135\036\004\317\067\337\036\250\146\261\214\346\040\152\357\374 -\110\116\164\230\102\257\051\157\056\152\307\373\175\321\146\061 -\042\314\206\000\176\146\203\014\102\364\275\064\222\303\032\352 -\117\312\176\162\115\013\160\214\246\110\273\246\241\024\366\373 -\130\104\231\024\256\252\013\223\151\240\051\045\112\245\313\053 -\335\212\146\007\026\170\025\127\161\033\354\365\107\204\363\236 -\061\067\172\325\177\044\255\344\274\375\375\314\156\203\350\014 -\250\267\101\154\007\335\275\074\206\227\057\322 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "GDCA TrustAUTH R5 ROOT" -# Issuer: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN -# Serial Number:7d:09:97:fe:f0:47:ea:7a -# Subject: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN -# Not Valid Before: Wed Nov 26 05:13:15 2014 -# Not Valid After : Mon Dec 31 15:59:59 2040 -# Fingerprint (SHA-256): BF:FF:8F:D0:44:33:48:7D:6A:8A:A6:0C:1A:29:76:7A:9F:C2:BB:B0:5E:42:0F:71:3A:13:B9:92:89:1D:38:93 -# Fingerprint (SHA1): 0F:36:38:5B:81:1A:25:C3:9B:31:4E:83:CA:E9:34:66:70:CC:74:B4 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GDCA TrustAUTH R5 ROOT" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\017\066\070\133\201\032\045\303\233\061\116\203\312\351\064\146 -\160\314\164\264 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\143\314\331\075\064\065\134\157\123\243\342\010\160\110\037\264 -END -CKA_ISSUER MULTILINE_OCTAL -\060\142\061\013\060\011\006\003\125\004\006\023\002\103\116\061 -\062\060\060\006\003\125\004\012\014\051\107\125\101\116\107\040 -\104\117\116\107\040\103\105\122\124\111\106\111\103\101\124\105 -\040\101\125\124\110\117\122\111\124\131\040\103\117\056\054\114 -\124\104\056\061\037\060\035\006\003\125\004\003\014\026\107\104 -\103\101\040\124\162\165\163\164\101\125\124\110\040\122\065\040 -\122\117\117\124 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\175\011\227\376\360\107\352\172 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "TrustCor RootCert CA-1" -# -# Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Serial Number:00:da:9b:ec:71:f3:03:b0:19 -# Subject: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Not Valid Before: Thu Feb 04 12:32:16 2016 -# Not Valid After : Mon Dec 31 17:23:16 2029 -# Fingerprint (SHA-256): D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C -# Fingerprint (SHA1): FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TrustCor RootCert CA-1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 -\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 -\162\164\040\103\101\055\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 -\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 -\162\164\040\103\101\055\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\332\233\354\161\363\003\260\031 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\060\060\202\003\030\240\003\002\001\002\002\011\000 -\332\233\354\161\363\003\260\031\060\015\006\011\052\206\110\206 -\367\015\001\001\013\005\000\060\201\244\061\013\060\011\006\003 -\125\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010 -\014\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004 -\007\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044 -\060\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157 -\162\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040 -\122\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124 -\162\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143 -\141\164\145\040\101\165\164\150\157\162\151\164\171\061\037\060 -\035\006\003\125\004\003\014\026\124\162\165\163\164\103\157\162 -\040\122\157\157\164\103\145\162\164\040\103\101\055\061\060\036 -\027\015\061\066\060\062\060\064\061\062\063\062\061\066\132\027 -\015\062\071\061\062\063\061\061\067\062\063\061\066\132\060\201 -\244\061\013\060\011\006\003\125\004\006\023\002\120\101\061\017 -\060\015\006\003\125\004\010\014\006\120\141\156\141\155\141\061 -\024\060\022\006\003\125\004\007\014\013\120\141\156\141\155\141 -\040\103\151\164\171\061\044\060\042\006\003\125\004\012\014\033 -\124\162\165\163\164\103\157\162\040\123\171\163\164\145\155\163 -\040\123\056\040\144\145\040\122\056\114\056\061\047\060\045\006 -\003\125\004\013\014\036\124\162\165\163\164\103\157\162\040\103 -\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157 -\162\151\164\171\061\037\060\035\006\003\125\004\003\014\026\124 -\162\165\163\164\103\157\162\040\122\157\157\164\103\145\162\164 -\040\103\101\055\061\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\277\216\267\225\342\302\046\022\153\063 -\031\307\100\130\012\253\131\252\215\000\243\374\200\307\120\173 -\216\324\040\046\272\062\022\330\043\124\111\045\020\042\230\235 -\106\322\301\311\236\116\033\056\054\016\070\363\032\045\150\034 -\246\132\005\346\036\213\110\277\230\226\164\076\151\312\351\265 -\170\245\006\274\325\000\136\011\012\362\047\172\122\374\055\325 -\261\352\264\211\141\044\363\032\023\333\251\317\122\355\014\044 -\272\271\236\354\176\000\164\372\223\255\154\051\222\256\121\264 -\273\323\127\277\263\363\250\215\234\364\044\113\052\326\231\236 -\364\236\376\300\176\102\072\347\013\225\123\332\267\150\016\220 -\114\373\160\077\217\112\054\224\363\046\335\143\151\251\224\330 -\020\116\305\107\010\220\231\033\027\115\271\154\156\357\140\225 -\021\216\041\200\265\275\240\163\330\320\262\167\304\105\352\132 -\046\373\146\166\166\370\006\037\141\155\017\125\305\203\267\020 -\126\162\006\007\245\363\261\032\003\005\144\016\235\132\212\326 -\206\160\033\044\336\376\050\212\053\320\152\260\374\172\242\334 -\262\171\016\213\145\017\002\003\001\000\001\243\143\060\141\060 -\035\006\003\125\035\016\004\026\004\024\356\153\111\074\172\077 -\015\343\261\011\267\212\310\253\031\237\163\063\120\347\060\037 -\006\003\125\035\043\004\030\060\026\200\024\356\153\111\074\172 -\077\015\343\261\011\267\212\310\253\031\237\163\063\120\347\060 -\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 -\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003 -\202\001\001\000\045\030\324\221\217\023\356\217\036\035\021\123 -\332\055\104\051\031\240\036\153\061\236\115\016\236\255\075\134 -\101\157\225\053\044\241\171\230\072\070\066\373\273\146\236\110 -\377\220\220\357\075\324\270\233\264\207\165\077\040\233\316\162 -\317\241\125\301\115\144\242\031\006\241\007\063\014\013\051\345 -\361\352\253\243\354\265\012\164\220\307\175\162\362\327\134\237 -\221\357\221\213\267\334\355\146\242\317\216\146\073\274\237\072 -\002\340\047\335\026\230\300\225\324\012\244\344\201\232\165\224 -\065\234\220\137\210\067\006\255\131\225\012\260\321\147\323\031 -\312\211\347\062\132\066\034\076\202\250\132\223\276\306\320\144 -\221\266\317\331\266\030\317\333\176\322\145\243\246\304\216\027 -\061\301\373\176\166\333\323\205\343\130\262\167\172\166\073\154 -\057\120\034\347\333\366\147\171\037\365\202\225\232\007\247\024 -\257\217\334\050\041\147\011\322\326\115\132\034\031\034\216\167 -\134\303\224\044\075\062\153\113\176\324\170\224\203\276\067\115 -\316\137\307\036\116\074\340\211\063\225\013\017\245\062\326\074 -\132\171\054\031 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "TrustCor RootCert CA-1" -# Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Serial Number:00:da:9b:ec:71:f3:03:b0:19 -# Subject: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Not Valid Before: Thu Feb 04 12:32:16 2016 -# Not Valid After : Mon Dec 31 17:23:16 2029 -# Fingerprint (SHA-256): D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C -# Fingerprint (SHA1): FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TrustCor RootCert CA-1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\377\275\315\347\202\310\103\136\074\157\046\206\134\312\250\072 -\105\133\303\012 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\156\205\361\334\032\000\323\042\325\262\262\254\153\067\005\105 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 -\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 -\162\164\040\103\101\055\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\332\233\354\161\363\003\260\031 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "TrustCor RootCert CA-2" -# -# Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Serial Number:25:a1:df:ca:33:cb:59:02 -# Subject: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Not Valid Before: Thu Feb 04 12:32:23 2016 -# Not Valid After : Sun Dec 31 17:26:39 2034 -# Fingerprint (SHA-256): 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65 -# Fingerprint (SHA1): B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TrustCor RootCert CA-2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 -\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 -\162\164\040\103\101\055\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 -\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 -\162\164\040\103\101\055\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\045\241\337\312\063\313\131\002 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\006\057\060\202\004\027\240\003\002\001\002\002\010\045 -\241\337\312\063\313\131\002\060\015\006\011\052\206\110\206\367 -\015\001\001\013\005\000\060\201\244\061\013\060\011\006\003\125 -\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010\014 -\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004\007 -\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044\060 -\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157\162 -\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040\122 -\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124\162 -\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143\141 -\164\145\040\101\165\164\150\157\162\151\164\171\061\037\060\035 -\006\003\125\004\003\014\026\124\162\165\163\164\103\157\162\040 -\122\157\157\164\103\145\162\164\040\103\101\055\062\060\036\027 -\015\061\066\060\062\060\064\061\062\063\062\062\063\132\027\015 -\063\064\061\062\063\061\061\067\062\066\063\071\132\060\201\244 -\061\013\060\011\006\003\125\004\006\023\002\120\101\061\017\060 -\015\006\003\125\004\010\014\006\120\141\156\141\155\141\061\024 -\060\022\006\003\125\004\007\014\013\120\141\156\141\155\141\040 -\103\151\164\171\061\044\060\042\006\003\125\004\012\014\033\124 -\162\165\163\164\103\157\162\040\123\171\163\164\145\155\163\040 -\123\056\040\144\145\040\122\056\114\056\061\047\060\045\006\003 -\125\004\013\014\036\124\162\165\163\164\103\157\162\040\103\145 -\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162 -\151\164\171\061\037\060\035\006\003\125\004\003\014\026\124\162 -\165\163\164\103\157\162\040\122\157\157\164\103\145\162\164\040 -\103\101\055\062\060\202\002\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012 -\002\202\002\001\000\247\040\156\302\052\242\142\044\225\220\166 -\310\070\176\200\322\253\301\233\145\005\224\364\301\012\020\325 -\002\254\355\237\223\307\207\310\260\047\053\102\014\075\012\076 -\101\132\236\165\335\215\312\340\233\354\150\062\244\151\222\150 -\214\013\201\016\126\240\076\032\335\054\045\024\202\057\227\323 -\144\106\364\124\251\334\072\124\055\061\053\231\202\362\331\052 -\327\357\161\000\270\061\244\276\172\044\007\303\102\040\362\212 -\324\222\004\033\145\126\114\154\324\373\266\141\132\107\043\264 -\330\151\264\267\072\320\164\074\014\165\241\214\116\166\241\351 -\333\052\245\073\372\316\260\377\176\152\050\375\047\034\310\261 -\351\051\361\127\156\144\264\320\301\025\155\016\276\056\016\106 -\310\136\364\121\376\357\016\143\072\073\161\272\317\157\131\312 -\014\343\233\135\111\270\114\342\127\261\230\212\102\127\234\166 -\357\357\275\321\150\250\322\364\011\273\167\065\276\045\202\010 -\304\026\054\104\040\126\251\104\021\167\357\135\264\035\252\136 -\153\076\213\062\366\007\057\127\004\222\312\365\376\235\302\351 -\350\263\216\114\113\002\061\331\344\074\110\202\047\367\030\202 -\166\110\072\161\261\023\241\071\325\056\305\064\302\035\142\205 -\337\003\376\115\364\257\075\337\134\133\215\372\160\341\245\176 -\047\307\206\056\152\217\022\306\204\136\103\121\120\234\031\233 -\170\346\374\366\355\107\176\173\075\146\357\023\023\210\137\074 -\241\143\373\371\254\207\065\237\363\202\236\244\077\012\234\061 -\151\213\231\244\210\112\216\156\146\115\357\026\304\017\171\050 -\041\140\015\205\026\175\327\124\070\361\222\126\375\265\063\114 -\203\334\327\020\237\113\375\306\370\102\275\272\174\163\002\340 -\377\175\315\133\341\324\254\141\173\127\325\112\173\133\324\205 -\130\047\135\277\370\053\140\254\240\046\256\024\041\047\306\167 -\232\063\200\074\136\106\077\367\303\261\243\206\063\306\350\136 -\015\271\065\054\252\106\301\205\002\165\200\240\353\044\373\025 -\252\344\147\177\156\167\077\364\004\212\057\174\173\343\027\141 -\360\335\011\251\040\310\276\011\244\320\176\104\303\262\060\112 -\070\252\251\354\030\232\007\202\053\333\270\234\030\255\332\340 -\106\027\254\317\135\002\003\001\000\001\243\143\060\141\060\035 -\006\003\125\035\016\004\026\004\024\331\376\041\100\156\224\236 -\274\233\075\234\175\230\040\031\345\214\060\142\262\060\037\006 -\003\125\035\043\004\030\060\026\200\024\331\376\041\100\156\224 -\236\274\233\075\234\175\230\040\031\345\214\060\142\262\060\017 -\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202 -\002\001\000\236\105\236\014\073\266\357\341\072\310\174\321\000 -\075\317\342\352\006\265\262\072\273\006\113\150\172\320\043\227 -\164\247\054\360\010\330\171\132\327\132\204\212\330\022\232\033 -\331\175\134\115\160\305\245\371\253\345\243\211\211\335\001\372 -\354\335\371\351\222\227\333\260\106\102\363\323\142\252\225\376 -\061\147\024\151\130\220\012\252\013\356\067\043\307\120\121\264 -\365\176\236\343\173\367\344\314\102\062\055\111\014\313\377\111 -\014\233\036\064\375\156\156\226\212\171\003\266\157\333\011\313 -\375\137\145\024\067\341\070\365\363\141\026\130\344\265\155\015 -\013\004\033\077\120\055\177\263\307\172\032\026\200\140\370\212 -\037\351\033\052\306\371\272\001\032\151\277\322\130\307\124\127 -\010\217\341\071\140\167\113\254\131\204\032\210\361\335\313\117 -\170\327\347\341\063\055\374\356\101\372\040\260\276\313\367\070 -\224\300\341\320\205\017\273\355\054\163\253\355\376\222\166\032 -\144\177\133\015\063\011\007\063\173\006\077\021\244\134\160\074 -\205\300\317\343\220\250\203\167\372\333\346\305\214\150\147\020 -\147\245\122\055\360\304\231\217\177\277\321\153\342\265\107\326 -\331\320\205\231\115\224\233\017\113\215\356\000\132\107\035\021 -\003\254\101\030\257\207\267\157\014\072\217\312\317\334\003\301 -\242\011\310\345\375\200\136\310\140\102\001\033\032\123\132\273 -\067\246\267\274\272\204\351\036\154\032\324\144\332\324\103\376 -\223\213\113\362\054\171\026\020\324\223\013\210\217\241\330\206 -\024\106\221\107\233\050\044\357\127\122\116\134\102\234\252\367 -\111\354\047\350\100\036\263\246\211\042\162\234\365\015\063\264 -\130\243\060\073\335\324\152\124\223\276\032\115\363\223\224\367 -\374\204\013\077\204\040\134\064\003\104\305\332\255\274\012\301 -\002\317\036\345\224\331\363\216\133\330\114\360\235\354\141\027 -\273\024\062\124\014\002\051\223\036\222\206\366\177\357\347\222 -\005\016\131\335\231\010\056\056\372\234\000\122\323\305\146\051 -\344\247\227\104\244\016\050\201\023\065\305\366\157\144\346\101 -\304\325\057\314\064\105\045\317\101\000\226\075\112\056\302\226 -\230\117\116\112\234\227\267\333\037\222\062\310\377\017\121\156 -\326\354\011 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "TrustCor RootCert CA-2" -# Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Serial Number:25:a1:df:ca:33:cb:59:02 -# Subject: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Not Valid Before: Thu Feb 04 12:32:23 2016 -# Not Valid After : Sun Dec 31 17:26:39 2034 -# Fingerprint (SHA-256): 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65 -# Fingerprint (SHA1): B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TrustCor RootCert CA-2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\270\276\155\313\126\361\125\271\143\324\022\312\116\006\064\307 -\224\262\034\300 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\242\341\370\030\013\272\105\325\307\101\052\273\067\122\105\144 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014 -\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145 -\162\164\040\103\101\055\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\045\241\337\312\063\313\131\002 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "TrustCor ECA-1" -# -# Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Serial Number:00:84:82:2c:5f:1c:62:d0:40 -# Subject: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Not Valid Before: Thu Feb 04 12:32:33 2016 -# Not Valid After : Mon Dec 31 17:28:07 2029 -# Fingerprint (SHA-256): 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C -# Fingerprint (SHA1): 58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TrustCor ECA-1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014 -\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014 -\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\204\202\054\137\034\142\320\100 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\040\060\202\003\010\240\003\002\001\002\002\011\000 -\204\202\054\137\034\142\320\100\060\015\006\011\052\206\110\206 -\367\015\001\001\013\005\000\060\201\234\061\013\060\011\006\003 -\125\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010 -\014\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004 -\007\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044 -\060\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157 -\162\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040 -\122\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124 -\162\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143 -\141\164\145\040\101\165\164\150\157\162\151\164\171\061\027\060 -\025\006\003\125\004\003\014\016\124\162\165\163\164\103\157\162 -\040\105\103\101\055\061\060\036\027\015\061\066\060\062\060\064 -\061\062\063\062\063\063\132\027\015\062\071\061\062\063\061\061 -\067\062\070\060\067\132\060\201\234\061\013\060\011\006\003\125 -\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010\014 -\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004\007 -\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044\060 -\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157\162 -\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040\122 -\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124\162 -\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143\141 -\164\145\040\101\165\164\150\157\162\151\164\171\061\027\060\025 -\006\003\125\004\003\014\016\124\162\165\163\164\103\157\162\040 -\105\103\101\055\061\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\317\217\340\021\265\237\250\166\166\333 -\337\017\124\357\163\143\051\202\255\107\306\243\153\355\376\137 -\063\370\103\121\351\032\063\221\061\027\240\164\304\324\247\001 -\346\262\222\076\152\235\355\016\371\164\230\100\323\077\003\200 -\006\202\100\350\261\342\247\121\247\035\203\046\153\253\336\372 -\027\221\053\330\306\254\036\261\236\031\001\325\227\246\352\015 -\267\304\125\037\047\174\322\010\325\166\037\051\025\207\100\071 -\335\070\105\021\165\320\232\247\064\340\277\315\310\122\035\271 -\107\176\015\270\273\306\014\366\163\127\026\132\176\103\221\037 -\125\072\306\155\104\004\252\234\251\234\247\114\211\027\203\256 -\243\004\136\122\200\213\036\022\045\021\031\327\014\175\175\061 -\104\101\352\333\257\260\034\357\201\320\054\305\232\041\233\075 -\355\102\073\120\046\362\354\316\161\141\006\142\041\124\116\177 -\301\235\076\177\040\214\200\313\052\330\227\142\310\203\063\221 -\175\260\242\132\017\127\350\073\314\362\045\262\324\174\057\354 -\115\306\241\072\025\172\347\266\135\065\365\366\110\112\066\105 -\146\324\272\230\130\301\002\003\001\000\001\243\143\060\141\060 -\035\006\003\125\035\016\004\026\004\024\104\236\110\365\314\155 -\110\324\240\113\177\376\131\044\057\203\227\231\232\206\060\037 -\006\003\125\035\043\004\030\060\026\200\024\104\236\110\365\314 -\155\110\324\240\113\177\376\131\044\057\203\227\231\232\206\060 -\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377 -\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003 -\202\001\001\000\005\076\065\134\025\160\233\311\307\163\141\157 -\162\053\324\302\217\362\103\135\002\316\304\224\271\224\021\203 -\147\135\342\147\154\165\166\277\273\014\252\066\306\255\107\223 -\143\334\036\176\326\336\056\376\351\031\062\070\003\177\024\366 -\000\163\054\131\261\041\006\341\373\254\030\225\014\243\377\231 -\226\367\053\047\233\325\044\314\035\335\301\072\340\230\104\260 -\304\344\076\167\261\163\251\144\054\366\034\001\174\077\135\105 -\205\300\205\347\045\217\225\334\027\363\074\237\032\156\260\312 -\343\035\052\351\114\143\372\044\141\142\326\332\176\266\034\154 -\365\002\035\324\052\335\125\220\353\052\021\107\074\056\136\164 -\262\202\042\245\175\123\037\105\354\047\221\175\347\042\026\350 -\300\150\066\330\306\361\117\200\104\062\371\341\321\321\035\252 -\336\250\253\234\004\257\255\040\016\144\230\115\245\153\300\110 -\130\226\151\115\334\007\214\121\223\242\337\237\017\075\213\140 -\264\202\215\252\010\116\142\105\340\371\013\322\340\340\074\133 -\336\134\161\047\045\302\346\003\201\213\020\123\343\307\125\242 -\264\237\327\346 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "TrustCor ECA-1" -# Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Serial Number:00:84:82:2c:5f:1c:62:d0:40 -# Subject: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA -# Not Valid Before: Thu Feb 04 12:32:33 2016 -# Not Valid After : Mon Dec 31 17:28:07 2029 -# Fingerprint (SHA-256): 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C -# Fingerprint (SHA1): 58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TrustCor ECA-1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\130\321\337\225\225\147\153\143\300\360\133\034\027\115\213\204 -\013\310\170\275 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\047\222\043\035\012\365\100\174\351\346\153\235\330\365\347\154 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101 -\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155 -\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141 -\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012 -\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145 -\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060 -\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162 -\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164 -\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014 -\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\204\202\054\137\034\142\320\100 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "SSL.com Root Certification Authority RSA" -# -# Issuer: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Serial Number:7b:2c:9b:d3:16:80:32:99 -# Subject: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Not Valid Before: Fri Feb 12 17:39:39 2016 -# Not Valid After : Tue Feb 12 17:39:39 2041 -# Fingerprint (SHA-256): 85:66:6A:56:2E:E0:BE:5C:E9:25:C1:D8:89:0A:6F:76:A8:7E:C1:6D:4D:7D:5F:29:EA:74:19:CF:20:12:3B:69 -# Fingerprint (SHA1): B7:AB:33:08:D1:EA:44:77:BA:14:80:12:5A:6F:BD:A9:36:49:0C:BB -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SSL.com Root Certification Authority RSA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 -\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 -\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 -\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006 -\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157 -\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\040\122\123\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 -\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 -\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 -\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006 -\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157 -\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\040\122\123\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\173\054\233\323\026\200\062\231 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\335\060\202\003\305\240\003\002\001\002\002\010\173 -\054\233\323\026\200\062\231\060\015\006\011\052\206\110\206\367 -\015\001\001\013\005\000\060\174\061\013\060\011\006\003\125\004 -\006\023\002\125\123\061\016\060\014\006\003\125\004\010\014\005 -\124\145\170\141\163\061\020\060\016\006\003\125\004\007\014\007 -\110\157\165\163\164\157\156\061\030\060\026\006\003\125\004\012 -\014\017\123\123\114\040\103\157\162\160\157\162\141\164\151\157 -\156\061\061\060\057\006\003\125\004\003\014\050\123\123\114\056 -\143\157\155\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\040\122\123\101\060\036\027\015\061\066\060\062\061\062\061\067 -\063\071\063\071\132\027\015\064\061\060\062\061\062\061\067\063 -\071\063\071\132\060\174\061\013\060\011\006\003\125\004\006\023 -\002\125\123\061\016\060\014\006\003\125\004\010\014\005\124\145 -\170\141\163\061\020\060\016\006\003\125\004\007\014\007\110\157 -\165\163\164\157\156\061\030\060\026\006\003\125\004\012\014\017 -\123\123\114\040\103\157\162\160\157\162\141\164\151\157\156\061 -\061\060\057\006\003\125\004\003\014\050\123\123\114\056\143\157 -\155\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\122 -\123\101\060\202\002\042\060\015\006\011\052\206\110\206\367\015 -\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202 -\002\001\000\371\017\335\243\053\175\313\320\052\376\354\147\205 -\246\347\056\033\272\167\341\343\365\257\244\354\372\112\135\221 -\304\127\107\153\030\167\153\166\362\375\223\344\075\017\302\026 -\236\013\146\303\126\224\236\027\203\205\316\126\357\362\026\375 -\000\142\365\042\011\124\350\145\027\116\101\271\340\117\106\227 -\252\033\310\270\156\142\136\151\261\137\333\052\002\176\374\154 -\312\363\101\330\355\320\350\374\077\141\110\355\260\003\024\035 -\020\016\113\031\340\273\116\354\206\145\377\066\363\136\147\002 -\013\235\206\125\141\375\172\070\355\376\342\031\000\267\157\241 -\120\142\165\164\074\240\372\310\045\222\264\156\172\042\307\370 -\036\241\343\262\335\221\061\253\053\035\004\377\245\112\004\067 -\351\205\244\063\053\375\342\326\125\064\174\031\244\112\150\307 -\262\250\323\267\312\241\223\210\353\301\227\274\214\371\035\331 -\042\204\044\164\307\004\075\152\251\051\223\314\353\270\133\341 -\376\137\045\252\064\130\310\301\043\124\235\033\230\021\303\070 -\234\176\075\206\154\245\017\100\206\174\002\364\134\002\117\050 -\313\256\161\237\017\072\310\063\376\021\045\065\352\374\272\305 -\140\075\331\174\030\325\262\251\323\165\170\003\162\042\312\072 -\303\037\357\054\345\056\251\372\236\054\266\121\106\375\257\003 -\326\352\140\150\352\205\026\066\153\205\351\036\300\263\335\304 -\044\334\200\052\201\101\155\224\076\310\340\311\201\101\000\236 -\136\277\177\305\010\230\242\030\054\102\100\263\371\157\070\047 -\113\116\200\364\075\201\107\340\210\174\352\034\316\265\165\134 -\121\056\034\053\177\032\162\050\347\000\265\321\164\306\327\344 -\237\255\007\223\266\123\065\065\374\067\344\303\366\135\026\276 -\041\163\336\222\012\370\240\143\152\274\226\222\152\076\370\274 -\145\125\233\336\365\015\211\046\004\374\045\032\246\045\151\313 -\302\155\312\174\342\131\137\227\254\353\357\056\310\274\327\033 -\131\074\053\314\362\031\310\223\153\047\143\031\317\374\351\046 -\370\312\161\233\177\223\376\064\147\204\116\231\353\374\263\170 -\011\063\160\272\146\246\166\355\033\163\353\032\245\015\304\042 -\023\040\224\126\012\116\054\154\116\261\375\317\234\011\272\242 -\063\355\207\002\003\001\000\001\243\143\060\141\060\035\006\003 -\125\035\016\004\026\004\024\335\004\011\007\242\365\172\175\122 -\123\022\222\225\356\070\200\045\015\246\131\060\017\006\003\125 -\035\023\001\001\377\004\005\060\003\001\001\377\060\037\006\003 -\125\035\043\004\030\060\026\200\024\335\004\011\007\242\365\172 -\175\122\123\022\222\225\356\070\200\045\015\246\131\060\016\006 -\003\125\035\017\001\001\377\004\004\003\002\001\206\060\015\006 -\011\052\206\110\206\367\015\001\001\013\005\000\003\202\002\001 -\000\040\030\021\224\051\373\046\235\034\036\036\160\141\361\225 -\162\223\161\044\255\150\223\130\216\062\257\033\263\160\003\374 -\045\053\164\205\220\075\170\152\364\271\213\245\227\073\265\030 -\221\273\036\247\371\100\133\221\371\125\231\257\036\021\320\134 -\035\247\146\343\261\224\007\014\062\071\246\352\033\260\171\330 -\035\234\160\104\343\212\335\304\371\225\037\212\070\103\077\001 -\205\245\107\247\075\106\262\274\345\042\150\367\173\234\330\054 -\076\012\041\310\055\063\254\277\305\201\231\061\164\301\165\161 -\305\276\261\360\043\105\364\235\153\374\031\143\235\243\274\004 -\306\030\013\045\273\123\211\017\263\200\120\336\105\356\104\177 -\253\224\170\144\230\323\366\050\335\207\330\160\145\164\373\016 -\271\023\353\247\017\141\251\062\226\314\336\273\355\143\114\030 -\273\251\100\367\240\124\156\040\210\161\165\030\352\172\264\064 -\162\340\043\047\167\134\266\220\352\206\045\100\253\357\063\017 -\313\237\202\276\242\040\373\366\265\055\032\346\302\205\261\164 -\017\373\310\145\002\244\122\001\107\335\111\042\301\277\330\353 -\153\254\176\336\354\143\063\025\267\043\010\217\306\017\215\101 -\132\335\216\305\271\217\345\105\077\170\333\272\322\033\100\261 -\376\161\115\077\340\201\242\272\136\264\354\025\340\223\335\010 -\037\176\341\125\231\013\041\336\223\236\012\373\346\243\111\275 -\066\060\376\347\167\262\240\165\227\265\055\201\210\027\145\040 -\367\332\220\000\237\311\122\314\062\312\065\174\365\075\017\330 -\053\327\365\046\154\311\006\064\226\026\352\160\131\032\062\171 -\171\013\266\210\177\017\122\110\075\277\154\330\242\104\056\321 -\116\267\162\130\323\211\023\225\376\104\253\370\327\213\033\156 -\234\274\054\240\133\325\152\000\257\137\067\341\325\372\020\013 -\230\234\206\347\046\217\316\360\354\156\212\127\013\200\343\116 -\262\300\240\143\141\220\272\125\150\067\164\152\266\222\333\237 -\241\206\042\266\145\047\016\354\266\237\102\140\344\147\302\265 -\332\101\013\304\323\213\141\033\274\372\037\221\053\327\104\007 -\136\272\051\254\331\305\351\357\123\110\132\353\200\361\050\130 -\041\315\260\006\125\373\047\077\123\220\160\251\004\036\127\047 -\271 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "SSL.com Root Certification Authority RSA" -# Issuer: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Serial Number:7b:2c:9b:d3:16:80:32:99 -# Subject: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Not Valid Before: Fri Feb 12 17:39:39 2016 -# Not Valid After : Tue Feb 12 17:39:39 2041 -# Fingerprint (SHA-256): 85:66:6A:56:2E:E0:BE:5C:E9:25:C1:D8:89:0A:6F:76:A8:7E:C1:6D:4D:7D:5F:29:EA:74:19:CF:20:12:3B:69 -# Fingerprint (SHA1): B7:AB:33:08:D1:EA:44:77:BA:14:80:12:5A:6F:BD:A9:36:49:0C:BB -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SSL.com Root Certification Authority RSA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\267\253\063\010\321\352\104\167\272\024\200\022\132\157\275\251 -\066\111\014\273 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\206\151\022\300\160\361\354\254\254\302\325\274\245\133\241\051 -END -CKA_ISSUER MULTILINE_OCTAL -\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 -\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 -\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 -\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006 -\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157 -\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\040\122\123\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\173\054\233\323\026\200\062\231 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "SSL.com Root Certification Authority ECC" -# -# Issuer: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Serial Number:75:e6:df:cb:c1:68:5b:a8 -# Subject: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Not Valid Before: Fri Feb 12 18:14:03 2016 -# Not Valid After : Tue Feb 12 18:14:03 2041 -# Fingerprint (SHA-256): 34:17:BB:06:CC:60:07:DA:1B:96:1C:92:0B:8A:B4:CE:3F:AD:82:0E:4A:A3:0B:9A:CB:C4:A7:4E:BD:CE:BC:65 -# Fingerprint (SHA1): C3:19:7C:39:24:E6:54:AF:1B:C4:AB:20:95:7A:E2:C3:0E:13:02:6A -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SSL.com Root Certification Authority ECC" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 -\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 -\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 -\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006 -\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157 -\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\040\105\103\103 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 -\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 -\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 -\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006 -\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157 -\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\040\105\103\103 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\165\346\337\313\301\150\133\250 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\215\060\202\002\024\240\003\002\001\002\002\010\165 -\346\337\313\301\150\133\250\060\012\006\010\052\206\110\316\075 -\004\003\002\060\174\061\013\060\011\006\003\125\004\006\023\002 -\125\123\061\016\060\014\006\003\125\004\010\014\005\124\145\170 -\141\163\061\020\060\016\006\003\125\004\007\014\007\110\157\165 -\163\164\157\156\061\030\060\026\006\003\125\004\012\014\017\123 -\123\114\040\103\157\162\160\157\162\141\164\151\157\156\061\061 -\060\057\006\003\125\004\003\014\050\123\123\114\056\143\157\155 -\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\040\105\103 -\103\060\036\027\015\061\066\060\062\061\062\061\070\061\064\060 -\063\132\027\015\064\061\060\062\061\062\061\070\061\064\060\063 -\132\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163 -\061\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164 -\157\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114 -\040\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057 -\006\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122 -\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171\040\105\103\103\060 -\166\060\020\006\007\052\206\110\316\075\002\001\006\005\053\201 -\004\000\042\003\142\000\004\105\156\251\120\304\246\043\066\236 -\137\050\215\027\313\226\042\144\077\334\172\216\035\314\010\263 -\242\161\044\272\216\111\271\004\033\107\226\130\253\055\225\310 -\355\236\010\065\310\047\353\211\214\123\130\353\142\212\376\360 -\133\017\153\061\122\143\101\073\211\315\354\354\266\215\031\323 -\064\007\334\273\306\006\177\302\105\225\354\313\177\250\043\340 -\011\351\201\372\363\107\323\243\143\060\141\060\035\006\003\125 -\035\016\004\026\004\024\202\321\205\163\060\347\065\004\323\216 -\002\222\373\345\244\321\304\041\350\315\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\037\006\003\125 -\035\043\004\030\060\026\200\024\202\321\205\163\060\347\065\004 -\323\216\002\222\373\345\244\321\304\041\350\315\060\016\006\003 -\125\035\017\001\001\377\004\004\003\002\001\206\060\012\006\010 -\052\206\110\316\075\004\003\002\003\147\000\060\144\002\060\157 -\347\353\131\021\244\140\317\141\260\226\173\355\005\371\057\023 -\221\334\355\345\374\120\153\021\106\106\263\034\041\000\142\273 -\276\303\347\350\315\007\231\371\015\013\135\162\076\304\252\002 -\060\037\274\272\013\342\060\044\373\174\155\200\125\012\231\076 -\200\015\063\345\146\243\263\243\273\245\325\213\217\011\054\246 -\135\176\342\360\007\010\150\155\322\174\151\156\137\337\345\152 -\145 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "SSL.com Root Certification Authority ECC" -# Issuer: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Serial Number:75:e6:df:cb:c1:68:5b:a8 -# Subject: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Not Valid Before: Fri Feb 12 18:14:03 2016 -# Not Valid After : Tue Feb 12 18:14:03 2041 -# Fingerprint (SHA-256): 34:17:BB:06:CC:60:07:DA:1B:96:1C:92:0B:8A:B4:CE:3F:AD:82:0E:4A:A3:0B:9A:CB:C4:A7:4E:BD:CE:BC:65 -# Fingerprint (SHA1): C3:19:7C:39:24:E6:54:AF:1B:C4:AB:20:95:7A:E2:C3:0E:13:02:6A -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SSL.com Root Certification Authority ECC" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\303\031\174\071\044\346\124\257\033\304\253\040\225\172\342\303 -\016\023\002\152 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\056\332\344\071\177\234\217\067\321\160\237\046\027\121\072\216 -END -CKA_ISSUER MULTILINE_OCTAL -\060\174\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 -\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 -\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 -\103\157\162\160\157\162\141\164\151\157\156\061\061\060\057\006 -\003\125\004\003\014\050\123\123\114\056\143\157\155\040\122\157 -\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156 -\040\101\165\164\150\157\162\151\164\171\040\105\103\103 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\165\346\337\313\301\150\133\250 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "SSL.com EV Root Certification Authority RSA R2" -# -# Issuer: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Serial Number:56:b6:29:cd:34:bc:78:f6 -# Subject: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Not Valid Before: Wed May 31 18:14:37 2017 -# Not Valid After : Fri May 30 18:14:37 2042 -# Fingerprint (SHA-256): 2E:7B:F1:6C:C2:24:85:A7:BB:E2:AA:86:96:75:07:61:B0:AE:39:BE:3B:2F:E9:D0:CC:6D:4E:F7:34:91:42:5C -# Fingerprint (SHA1): 74:3A:F0:52:9B:D0:32:A0:F4:4A:83:CD:D4:BA:A9:7B:7C:2E:C4:9A -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SSL.com EV Root Certification Authority RSA R2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163 -\061\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164 -\157\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114 -\040\103\157\162\160\157\162\141\164\151\157\156\061\067\060\065 -\006\003\125\004\003\014\056\123\123\114\056\143\157\155\040\105 -\126\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\122 -\123\101\040\122\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163 -\061\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164 -\157\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114 -\040\103\157\162\160\157\162\141\164\151\157\156\061\067\060\065 -\006\003\125\004\003\014\056\123\123\114\056\143\157\155\040\105 -\126\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\122 -\123\101\040\122\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\126\266\051\315\064\274\170\366 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\353\060\202\003\323\240\003\002\001\002\002\010\126 -\266\051\315\064\274\170\366\060\015\006\011\052\206\110\206\367 -\015\001\001\013\005\000\060\201\202\061\013\060\011\006\003\125 -\004\006\023\002\125\123\061\016\060\014\006\003\125\004\010\014 -\005\124\145\170\141\163\061\020\060\016\006\003\125\004\007\014 -\007\110\157\165\163\164\157\156\061\030\060\026\006\003\125\004 -\012\014\017\123\123\114\040\103\157\162\160\157\162\141\164\151 -\157\156\061\067\060\065\006\003\125\004\003\014\056\123\123\114 -\056\143\157\155\040\105\126\040\122\157\157\164\040\103\145\162 -\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 -\162\151\164\171\040\122\123\101\040\122\062\060\036\027\015\061 -\067\060\065\063\061\061\070\061\064\063\067\132\027\015\064\062 -\060\065\063\060\061\070\061\064\063\067\132\060\201\202\061\013 -\060\011\006\003\125\004\006\023\002\125\123\061\016\060\014\006 -\003\125\004\010\014\005\124\145\170\141\163\061\020\060\016\006 -\003\125\004\007\014\007\110\157\165\163\164\157\156\061\030\060 -\026\006\003\125\004\012\014\017\123\123\114\040\103\157\162\160 -\157\162\141\164\151\157\156\061\067\060\065\006\003\125\004\003 -\014\056\123\123\114\056\143\157\155\040\105\126\040\122\157\157 -\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040 -\101\165\164\150\157\162\151\164\171\040\122\123\101\040\122\062 -\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 -\000\217\066\145\100\341\326\115\300\327\264\351\106\332\153\352 -\063\107\315\114\371\175\175\276\275\055\075\360\333\170\341\206 -\245\331\272\011\127\150\355\127\076\240\320\010\101\203\347\050 -\101\044\037\343\162\025\320\001\032\373\136\160\043\262\313\237 -\071\343\317\305\116\306\222\155\046\306\173\273\263\332\047\235 -\012\206\351\201\067\005\376\360\161\161\354\303\034\351\143\242 -\027\024\235\357\033\147\323\205\125\002\002\326\111\311\314\132 -\341\261\367\157\062\237\311\324\073\210\101\250\234\275\313\253 -\333\155\173\011\037\242\114\162\220\332\053\010\374\317\074\124 -\316\147\017\250\317\135\226\031\013\304\343\162\353\255\321\175 -\035\047\357\222\353\020\277\133\353\073\257\317\200\335\301\322 -\226\004\133\172\176\244\251\074\070\166\244\142\216\240\071\136 -\352\167\317\135\000\131\217\146\054\076\007\242\243\005\046\021 -\151\227\352\205\267\017\226\013\113\310\100\341\120\272\056\212 -\313\367\017\232\042\347\177\232\067\023\315\362\115\023\153\041 -\321\300\314\042\362\241\106\366\104\151\234\312\141\065\007\000 -\157\326\141\010\021\352\272\270\366\351\263\140\345\115\271\354 -\237\024\146\311\127\130\333\315\207\151\370\212\206\022\003\107 -\277\146\023\166\254\167\175\064\044\205\203\315\327\252\234\220 -\032\237\041\054\177\170\267\144\270\330\350\246\364\170\263\125 -\313\204\322\062\304\170\256\243\217\141\335\316\010\123\255\354 -\210\374\025\344\232\015\346\237\032\167\316\114\217\270\024\025 -\075\142\234\206\070\006\000\146\022\344\131\166\132\123\300\002 -\230\242\020\053\150\104\173\216\171\316\063\112\166\252\133\201 -\026\033\265\212\330\320\000\173\136\142\264\011\326\206\143\016 -\246\005\225\111\272\050\213\210\223\262\064\034\330\244\125\156 -\267\034\320\336\231\125\073\043\364\042\340\371\051\146\046\354 -\040\120\167\333\112\013\217\276\345\002\140\160\101\136\324\256 -\120\071\042\024\046\313\262\073\163\164\125\107\007\171\201\071 -\250\060\023\104\345\004\212\256\226\023\045\102\017\271\123\304 -\233\374\315\344\034\336\074\372\253\326\006\112\037\147\246\230 -\060\034\335\054\333\334\030\225\127\146\306\377\134\213\126\365 -\167\002\003\001\000\001\243\143\060\141\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\037\006\003\125 -\035\043\004\030\060\026\200\024\371\140\273\324\343\325\064\366 -\270\365\006\200\045\247\163\333\106\151\250\236\060\035\006\003 -\125\035\016\004\026\004\024\371\140\273\324\343\325\064\366\270 -\365\006\200\045\247\163\333\106\151\250\236\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\206\060\015\006\011\052 -\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\126 -\263\216\313\012\235\111\216\277\244\304\221\273\146\027\005\121 -\230\165\373\345\120\054\172\236\361\024\372\253\323\212\076\377 -\221\051\217\143\213\330\264\251\124\001\015\276\223\206\057\371 -\112\155\307\136\365\127\371\312\125\034\022\276\107\017\066\305 -\337\152\267\333\165\302\107\045\177\271\361\143\370\150\055\125 -\004\321\362\215\260\244\317\274\074\136\037\170\347\245\240\040 -\160\260\004\305\267\367\162\247\336\042\015\275\063\045\106\214 -\144\222\046\343\076\056\143\226\332\233\214\075\370\030\011\327 -\003\314\175\206\202\340\312\004\007\121\120\327\377\222\325\014 -\357\332\206\237\231\327\353\267\257\150\342\071\046\224\272\150 -\267\277\203\323\352\172\147\075\142\147\256\045\345\162\350\342 -\344\354\256\022\366\113\053\074\237\351\260\100\363\070\124\263 -\375\267\150\310\332\306\217\121\074\262\373\221\334\034\347\233 -\235\341\267\015\162\217\342\244\304\251\170\371\353\024\254\306 -\103\005\302\145\071\050\030\002\303\202\262\235\005\276\145\355 -\226\137\145\164\074\373\011\065\056\173\234\023\375\033\017\135 -\307\155\201\072\126\017\314\073\341\257\002\057\042\254\106\312 -\106\074\240\034\114\326\104\264\136\056\134\025\146\011\341\046 -\051\376\306\122\141\272\261\163\377\303\014\234\345\154\152\224 -\077\024\312\100\026\225\204\363\131\251\254\137\114\141\223\155 -\321\073\314\242\225\014\042\246\147\147\104\056\271\331\322\212 -\101\263\146\013\132\373\175\043\245\362\032\260\377\336\233\203 -\224\056\321\077\337\222\267\221\257\005\073\145\307\240\154\261 -\315\142\022\303\220\033\343\045\316\064\274\157\167\166\261\020 -\303\367\005\032\300\326\257\164\142\110\027\167\222\151\220\141 -\034\336\225\200\164\124\217\030\034\303\363\003\320\277\244\103 -\165\206\123\030\172\012\056\011\034\066\237\221\375\202\212\042 -\113\321\016\120\045\335\313\003\014\027\311\203\000\010\116\065 -\115\212\213\355\360\002\224\146\054\104\177\313\225\047\226\027 -\255\011\060\254\266\161\027\156\213\027\366\034\011\324\055\073 -\230\245\161\323\124\023\331\140\363\365\113\146\117\372\361\356 -\040\022\215\264\254\127\261\105\143\241\254\166\251\302\373 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "SSL.com EV Root Certification Authority RSA R2" -# Issuer: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Serial Number:56:b6:29:cd:34:bc:78:f6 -# Subject: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Not Valid Before: Wed May 31 18:14:37 2017 -# Not Valid After : Fri May 30 18:14:37 2042 -# Fingerprint (SHA-256): 2E:7B:F1:6C:C2:24:85:A7:BB:E2:AA:86:96:75:07:61:B0:AE:39:BE:3B:2F:E9:D0:CC:6D:4E:F7:34:91:42:5C -# Fingerprint (SHA1): 74:3A:F0:52:9B:D0:32:A0:F4:4A:83:CD:D4:BA:A9:7B:7C:2E:C4:9A -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SSL.com EV Root Certification Authority RSA R2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\164\072\360\122\233\320\062\240\364\112\203\315\324\272\251\173 -\174\056\304\232 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\341\036\061\130\032\256\124\123\002\366\027\152\021\173\115\225 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163 -\061\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164 -\157\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114 -\040\103\157\162\160\157\162\141\164\151\157\156\061\067\060\065 -\006\003\125\004\003\014\056\123\123\114\056\143\157\155\040\105 -\126\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141 -\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\122 -\123\101\040\122\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\126\266\051\315\064\274\170\366 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "SSL.com EV Root Certification Authority ECC" -# -# Issuer: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Serial Number:2c:29:9c:5b:16:ed:05:95 -# Subject: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Not Valid Before: Fri Feb 12 18:15:23 2016 -# Not Valid After : Tue Feb 12 18:15:23 2041 -# Fingerprint (SHA-256): 22:A2:C1:F7:BD:ED:70:4C:C1:E7:01:B5:F4:08:C3:10:88:0F:E9:56:B5:DE:2A:4A:44:F9:9C:87:3A:25:A7:C8 -# Fingerprint (SHA1): 4C:DD:51:A3:D1:F5:20:32:14:B0:C6:C5:32:23:03:91:C7:46:42:6D -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SSL.com EV Root Certification Authority ECC" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\177\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 -\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 -\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 -\103\157\162\160\157\162\141\164\151\157\156\061\064\060\062\006 -\003\125\004\003\014\053\123\123\114\056\143\157\155\040\105\126 -\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\040\105\103 -\103 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\177\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 -\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 -\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 -\103\157\162\160\157\162\141\164\151\157\156\061\064\060\062\006 -\003\125\004\003\014\053\123\123\114\056\143\157\155\040\105\126 -\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\040\105\103 -\103 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\054\051\234\133\026\355\005\225 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\224\060\202\002\032\240\003\002\001\002\002\010\054 -\051\234\133\026\355\005\225\060\012\006\010\052\206\110\316\075 -\004\003\002\060\177\061\013\060\011\006\003\125\004\006\023\002 -\125\123\061\016\060\014\006\003\125\004\010\014\005\124\145\170 -\141\163\061\020\060\016\006\003\125\004\007\014\007\110\157\165 -\163\164\157\156\061\030\060\026\006\003\125\004\012\014\017\123 -\123\114\040\103\157\162\160\157\162\141\164\151\157\156\061\064 -\060\062\006\003\125\004\003\014\053\123\123\114\056\143\157\155 -\040\105\126\040\122\157\157\164\040\103\145\162\164\151\146\151 -\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 -\040\105\103\103\060\036\027\015\061\066\060\062\061\062\061\070 -\061\065\062\063\132\027\015\064\061\060\062\061\062\061\070\061 -\065\062\063\132\060\177\061\013\060\011\006\003\125\004\006\023 -\002\125\123\061\016\060\014\006\003\125\004\010\014\005\124\145 -\170\141\163\061\020\060\016\006\003\125\004\007\014\007\110\157 -\165\163\164\157\156\061\030\060\026\006\003\125\004\012\014\017 -\123\123\114\040\103\157\162\160\157\162\141\164\151\157\156\061 -\064\060\062\006\003\125\004\003\014\053\123\123\114\056\143\157 -\155\040\105\126\040\122\157\157\164\040\103\145\162\164\151\146 -\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164 -\171\040\105\103\103\060\166\060\020\006\007\052\206\110\316\075 -\002\001\006\005\053\201\004\000\042\003\142\000\004\252\022\107 -\220\230\033\373\357\303\100\007\203\040\116\361\060\202\242\006 -\321\362\222\206\141\362\366\041\150\312\000\304\307\352\103\000 -\124\206\334\375\037\337\000\270\101\142\134\334\160\026\062\336 -\037\231\324\314\305\007\310\010\037\141\026\007\121\075\175\134 -\007\123\343\065\070\214\337\315\237\331\056\015\112\266\031\056 -\132\160\132\006\355\276\360\241\260\312\320\011\051\243\143\060 -\141\060\035\006\003\125\035\016\004\026\004\024\133\312\136\345 -\336\322\201\252\315\250\055\144\121\266\331\162\233\227\346\117 -\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001 -\377\060\037\006\003\125\035\043\004\030\060\026\200\024\133\312 -\136\345\336\322\201\252\315\250\055\144\121\266\331\162\233\227 -\346\117\060\016\006\003\125\035\017\001\001\377\004\004\003\002 -\001\206\060\012\006\010\052\206\110\316\075\004\003\002\003\150 -\000\060\145\002\061\000\212\346\100\211\067\353\351\325\023\331 -\312\324\153\044\363\260\075\207\106\130\032\354\261\337\157\373 -\126\272\160\153\307\070\314\350\261\214\117\017\367\361\147\166 -\016\203\320\036\121\217\002\060\075\366\043\050\046\114\306\140 -\207\223\046\233\262\065\036\272\326\367\074\321\034\316\372\045 -\074\246\032\201\025\133\363\022\017\154\356\145\212\311\207\250 -\371\007\340\142\232\214\134\112 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "SSL.com EV Root Certification Authority ECC" -# Issuer: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Serial Number:2c:29:9c:5b:16:ed:05:95 -# Subject: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US -# Not Valid Before: Fri Feb 12 18:15:23 2016 -# Not Valid After : Tue Feb 12 18:15:23 2041 -# Fingerprint (SHA-256): 22:A2:C1:F7:BD:ED:70:4C:C1:E7:01:B5:F4:08:C3:10:88:0F:E9:56:B5:DE:2A:4A:44:F9:9C:87:3A:25:A7:C8 -# Fingerprint (SHA1): 4C:DD:51:A3:D1:F5:20:32:14:B0:C6:C5:32:23:03:91:C7:46:42:6D -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "SSL.com EV Root Certification Authority ECC" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\114\335\121\243\321\365\040\062\024\260\306\305\062\043\003\221 -\307\106\102\155 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\131\123\042\145\203\102\001\124\300\316\102\271\132\174\362\220 -END -CKA_ISSUER MULTILINE_OCTAL -\060\177\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\016\060\014\006\003\125\004\010\014\005\124\145\170\141\163\061 -\020\060\016\006\003\125\004\007\014\007\110\157\165\163\164\157 -\156\061\030\060\026\006\003\125\004\012\014\017\123\123\114\040 -\103\157\162\160\157\162\141\164\151\157\156\061\064\060\062\006 -\003\125\004\003\014\053\123\123\114\056\143\157\155\040\105\126 -\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164 -\151\157\156\040\101\165\164\150\157\162\151\164\171\040\105\103 -\103 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\010\054\051\234\133\026\355\005\225 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "GlobalSign Root CA - R6" -# -# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R6 -# Serial Number:45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51 -# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R6 -# Not Valid Before: Wed Dec 10 00:00:00 2014 -# Not Valid After : Sun Dec 10 00:00:00 2034 -# Fingerprint (SHA-256): 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69 -# Fingerprint (SHA1): 80:94:64:0E:B5:A7:A1:CA:11:9C:1F:DD:D5:9F:81:02:63:A7:FB:D1 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GlobalSign Root CA - R6" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 -\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 -\055\040\122\066\061\023\060\021\006\003\125\004\012\023\012\107 -\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 -\004\003\023\012\107\154\157\142\141\154\123\151\147\156 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 -\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 -\055\040\122\066\061\023\060\021\006\003\125\004\012\023\012\107 -\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 -\004\003\023\012\107\154\157\142\141\154\123\151\147\156 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\016\105\346\273\003\203\063\303\205\145\110\346\377\105\121 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\203\060\202\003\153\240\003\002\001\002\002\016\105 -\346\273\003\203\063\303\205\145\110\346\377\105\121\060\015\006 -\011\052\206\110\206\367\015\001\001\014\005\000\060\114\061\040 -\060\036\006\003\125\004\013\023\027\107\154\157\142\141\154\123 -\151\147\156\040\122\157\157\164\040\103\101\040\055\040\122\066 -\061\023\060\021\006\003\125\004\012\023\012\107\154\157\142\141 -\154\123\151\147\156\061\023\060\021\006\003\125\004\003\023\012 -\107\154\157\142\141\154\123\151\147\156\060\036\027\015\061\064 -\061\062\061\060\060\060\060\060\060\060\132\027\015\063\064\061 -\062\061\060\060\060\060\060\060\060\132\060\114\061\040\060\036 -\006\003\125\004\013\023\027\107\154\157\142\141\154\123\151\147 -\156\040\122\157\157\164\040\103\101\040\055\040\122\066\061\023 -\060\021\006\003\125\004\012\023\012\107\154\157\142\141\154\123 -\151\147\156\061\023\060\021\006\003\125\004\003\023\012\107\154 -\157\142\141\154\123\151\147\156\060\202\002\042\060\015\006\011 -\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000 -\060\202\002\012\002\202\002\001\000\225\007\350\163\312\146\371 -\354\024\312\173\074\367\015\010\361\264\105\013\054\202\264\110 -\306\353\133\074\256\203\270\101\222\063\024\244\157\177\351\052 -\314\306\260\210\153\305\266\211\321\306\262\377\024\316\121\024 -\041\354\112\335\033\132\306\326\207\356\115\072\025\006\355\144 -\146\013\222\200\312\104\336\163\224\116\363\247\211\177\117\170 -\143\010\310\022\120\155\102\146\057\115\271\171\050\115\122\032 -\212\032\200\267\031\201\016\176\304\212\274\144\114\041\034\103 -\150\327\075\074\212\305\262\146\325\220\232\267\061\006\305\276 -\342\155\062\006\246\036\371\271\353\252\243\270\277\276\202\143 -\120\320\360\030\211\337\344\017\171\365\352\242\037\052\322\160 -\056\173\347\274\223\273\155\123\342\110\174\214\020\007\070\377 -\146\262\167\141\176\340\352\214\074\252\264\244\366\363\225\112 -\022\007\155\375\214\262\211\317\320\240\141\167\310\130\164\260 -\324\043\072\367\135\072\312\242\333\235\011\336\135\104\055\220 -\361\201\315\127\222\372\176\274\120\004\143\064\337\153\223\030 -\276\153\066\262\071\344\254\044\066\267\360\357\266\034\023\127 -\223\266\336\262\370\342\205\267\163\242\270\065\252\105\362\340 -\235\066\241\157\124\212\361\162\126\156\056\210\305\121\102\104 -\025\224\356\243\305\070\226\233\116\116\132\013\107\363\006\066 -\111\167\060\274\161\067\345\246\354\041\010\165\374\346\141\026 -\077\167\325\331\221\227\204\012\154\324\002\115\164\300\024\355 -\375\071\373\203\362\136\024\241\004\260\013\351\376\356\217\341 -\156\013\262\010\263\141\146\011\152\261\006\072\145\226\131\300 -\360\065\375\311\332\050\215\032\021\207\160\201\012\250\232\165 -\035\236\072\206\005\000\236\333\200\326\045\371\334\005\236\047 -\131\114\166\071\133\352\371\245\241\330\203\017\321\377\337\060 -\021\371\205\317\063\110\365\312\155\144\024\054\172\130\117\323 -\113\010\111\305\225\144\032\143\016\171\075\365\263\214\312\130 -\255\234\102\105\171\156\016\207\031\134\124\261\145\266\277\214 -\233\334\023\351\015\157\270\056\334\147\156\311\213\021\265\204 -\024\212\000\031\160\203\171\221\227\221\324\032\047\277\067\036 -\062\007\330\024\143\074\050\114\257\002\003\001\000\001\243\143 -\060\141\060\016\006\003\125\035\017\001\001\377\004\004\003\002 -\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003 -\001\001\377\060\035\006\003\125\035\016\004\026\004\024\256\154 -\005\243\223\023\342\242\347\342\327\034\326\307\360\177\310\147 -\123\240\060\037\006\003\125\035\043\004\030\060\026\200\024\256 -\154\005\243\223\023\342\242\347\342\327\034\326\307\360\177\310 -\147\123\240\060\015\006\011\052\206\110\206\367\015\001\001\014 -\005\000\003\202\002\001\000\203\045\355\350\321\375\225\122\315 -\236\300\004\240\221\151\346\134\320\204\336\334\255\242\117\350 -\107\170\326\145\230\251\133\250\074\207\174\002\212\321\156\267 -\026\163\346\137\300\124\230\325\164\276\301\315\342\021\221\255 -\043\030\075\335\341\162\104\226\264\225\136\300\173\216\231\170 -\026\103\023\126\127\263\242\263\073\265\167\334\100\162\254\243 -\353\233\065\076\261\010\041\241\347\304\103\067\171\062\276\265 -\347\234\054\114\274\103\051\231\216\060\323\254\041\340\343\035 -\372\330\007\063\166\124\000\042\052\271\115\040\056\160\150\332 -\345\123\374\203\134\323\235\362\377\104\014\104\146\362\322\343 -\275\106\000\032\155\002\272\045\135\215\241\061\121\335\124\106 -\034\115\333\231\226\357\032\034\004\134\246\025\357\170\340\171 -\376\135\333\076\252\114\125\375\232\025\251\157\341\246\373\337 -\160\060\351\303\356\102\106\355\302\223\005\211\372\175\143\173 -\077\320\161\201\174\000\350\230\256\016\170\064\303\045\373\257 -\012\237\040\153\335\073\023\217\022\214\342\101\032\110\172\163 -\240\167\151\307\266\134\177\202\310\036\376\130\033\050\053\250 -\154\255\136\155\300\005\322\173\267\353\200\376\045\067\376\002 -\233\150\254\102\135\303\356\365\314\334\360\120\165\322\066\151 -\234\346\173\004\337\156\006\151\266\336\012\011\110\131\207\353 -\173\024\140\172\144\252\151\103\357\221\307\114\354\030\335\154 -\357\123\055\214\231\341\136\362\162\076\317\124\310\275\147\354 -\244\017\114\105\377\323\271\060\043\007\114\217\020\277\206\226 -\331\231\132\264\231\127\034\244\314\273\025\211\123\272\054\005 -\017\344\304\236\031\261\030\064\325\114\235\272\355\367\037\257 -\044\225\004\170\250\003\273\356\201\345\332\137\174\213\112\241 -\220\164\045\247\263\076\113\310\054\126\275\307\310\357\070\342 -\134\222\360\171\367\234\204\272\164\055\141\001\040\176\176\321 -\362\117\007\131\137\213\055\103\122\353\106\014\224\341\365\146 -\107\171\167\325\124\133\037\255\044\067\313\105\132\116\240\104 -\110\310\330\260\231\305\025\204\011\366\326\111\111\300\145\270 -\346\032\161\156\240\250\361\202\350\105\076\154\326\002\327\012 -\147\203\005\132\311\244\020 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "GlobalSign Root CA - R6" -# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R6 -# Serial Number:45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51 -# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R6 -# Not Valid Before: Wed Dec 10 00:00:00 2014 -# Not Valid After : Sun Dec 10 00:00:00 2034 -# Fingerprint (SHA-256): 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69 -# Fingerprint (SHA1): 80:94:64:0E:B5:A7:A1:CA:11:9C:1F:DD:D5:9F:81:02:63:A7:FB:D1 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GlobalSign Root CA - R6" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\200\224\144\016\265\247\241\312\021\234\037\335\325\237\201\002 -\143\247\373\321 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\117\335\007\344\324\042\144\071\036\014\067\102\352\321\306\256 -END -CKA_ISSUER MULTILINE_OCTAL -\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 -\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 -\055\040\122\066\061\023\060\021\006\003\125\004\012\023\012\107 -\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 -\004\003\023\012\107\154\157\142\141\154\123\151\147\156 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\016\105\346\273\003\203\063\303\205\145\110\346\377\105\121 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "OISTE WISeKey Global Root GC CA" -# -# Issuer: CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH -# Serial Number:21:2a:56:0c:ae:da:0c:ab:40:45:bf:2b:a2:2d:3a:ea -# Subject: CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH -# Not Valid Before: Tue May 09 09:48:34 2017 -# Not Valid After : Fri May 09 09:58:33 2042 -# Fingerprint (SHA-256): 85:60:F9:1C:36:24:DA:BA:95:70:B5:FE:A0:DB:E3:6F:F1:1A:83:23:BE:94:86:85:4F:B3:F3:4A:55:71:19:8D -# Fingerprint (SHA1): E0:11:84:5E:34:DE:BE:88:81:B9:9C:F6:16:26:D1:96:1F:C3:B9:31 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OISTE WISeKey Global Root GC CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061 -\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145 -\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124 -\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144 -\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037 -\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154 -\157\142\141\154\040\122\157\157\164\040\107\103\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061 -\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145 -\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124 -\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144 -\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037 -\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154 -\157\142\141\154\040\122\157\157\164\040\107\103\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\041\052\126\014\256\332\014\253\100\105\277\053\242\055 -\072\352 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\151\060\202\001\357\240\003\002\001\002\002\020\041 -\052\126\014\256\332\014\253\100\105\277\053\242\055\072\352\060 -\012\006\010\052\206\110\316\075\004\003\003\060\155\061\013\060 -\011\006\003\125\004\006\023\002\103\110\061\020\060\016\006\003 -\125\004\012\023\007\127\111\123\145\113\145\171\061\042\060\040 -\006\003\125\004\013\023\031\117\111\123\124\105\040\106\157\165 -\156\144\141\164\151\157\156\040\105\156\144\157\162\163\145\144 -\061\050\060\046\006\003\125\004\003\023\037\117\111\123\124\105 -\040\127\111\123\145\113\145\171\040\107\154\157\142\141\154\040 -\122\157\157\164\040\107\103\040\103\101\060\036\027\015\061\067 -\060\065\060\071\060\071\064\070\063\064\132\027\015\064\062\060 -\065\060\071\060\071\065\070\063\063\132\060\155\061\013\060\011 -\006\003\125\004\006\023\002\103\110\061\020\060\016\006\003\125 -\004\012\023\007\127\111\123\145\113\145\171\061\042\060\040\006 -\003\125\004\013\023\031\117\111\123\124\105\040\106\157\165\156 -\144\141\164\151\157\156\040\105\156\144\157\162\163\145\144\061 -\050\060\046\006\003\125\004\003\023\037\117\111\123\124\105\040 -\127\111\123\145\113\145\171\040\107\154\157\142\141\154\040\122 -\157\157\164\040\107\103\040\103\101\060\166\060\020\006\007\052 -\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 -\004\114\351\120\300\306\017\162\030\274\330\361\272\263\211\342 -\171\112\243\026\247\153\124\044\333\121\377\352\364\011\044\303 -\013\042\237\313\152\047\202\201\015\322\300\257\061\344\164\202 -\156\312\045\331\214\165\235\361\333\320\232\242\113\041\176\026 -\247\143\220\322\071\324\261\207\170\137\030\226\017\120\033\065 -\067\017\152\306\334\331\023\115\244\216\220\067\346\275\133\061 -\221\243\124\060\122\060\016\006\003\125\035\017\001\001\377\004 -\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004 -\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004 -\024\110\207\024\254\343\303\236\220\140\072\327\312\211\356\323 -\255\214\264\120\146\060\020\006\011\053\006\001\004\001\202\067 -\025\001\004\003\002\001\000\060\012\006\010\052\206\110\316\075 -\004\003\003\003\150\000\060\145\002\060\046\307\151\133\334\325 -\347\262\347\310\014\214\214\303\335\171\214\033\143\325\311\122 -\224\116\115\202\112\163\036\262\200\204\251\045\300\114\132\155 -\111\051\140\170\023\342\176\110\353\144\002\061\000\333\064\040 -\062\010\377\232\111\002\266\210\336\024\257\135\154\231\161\215 -\032\077\213\327\340\242\066\206\034\007\202\072\166\123\375\302 -\242\355\357\173\260\200\117\130\017\113\123\071\275 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "OISTE WISeKey Global Root GC CA" -# Issuer: CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH -# Serial Number:21:2a:56:0c:ae:da:0c:ab:40:45:bf:2b:a2:2d:3a:ea -# Subject: CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH -# Not Valid Before: Tue May 09 09:48:34 2017 -# Not Valid After : Fri May 09 09:58:33 2042 -# Fingerprint (SHA-256): 85:60:F9:1C:36:24:DA:BA:95:70:B5:FE:A0:DB:E3:6F:F1:1A:83:23:BE:94:86:85:4F:B3:F3:4A:55:71:19:8D -# Fingerprint (SHA1): E0:11:84:5E:34:DE:BE:88:81:B9:9C:F6:16:26:D1:96:1F:C3:B9:31 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OISTE WISeKey Global Root GC CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\340\021\204\136\064\336\276\210\201\271\234\366\026\046\321\226 -\037\303\271\061 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\251\326\271\055\057\223\144\370\245\151\312\221\351\150\007\043 -END -CKA_ISSUER MULTILINE_OCTAL -\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061 -\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145 -\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124 -\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144 -\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037 -\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154 -\157\142\141\154\040\122\157\157\164\040\107\103\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\041\052\126\014\256\332\014\253\100\105\277\053\242\055 -\072\352 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "GTS Root R1" -# -# Issuer: CN=GTS Root R1,O=Google Trust Services LLC,C=US -# Serial Number:6e:47:a9:c5:4b:47:0c:0d:ec:33:d0:89:b9:1c:f4:e1 -# Subject: CN=GTS Root R1,O=Google Trust Services LLC,C=US -# Not Valid Before: Wed Jun 22 00:00:00 2016 -# Not Valid After : Sun Jun 22 00:00:00 2036 -# Fingerprint (SHA-256): 2A:57:54:71:E3:13:40:BC:21:58:1C:BD:2C:F1:3E:15:84:63:20:3E:CE:94:BC:F9:D3:CC:19:6B:F0:9A:54:72 -# Fingerprint (SHA1): E1:C9:50:E6:EF:22:F8:4C:56:45:72:8B:92:20:60:D7:D5:A7:A3:E8 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GTS Root R1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 -\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 -\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 -\123\040\122\157\157\164\040\122\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 -\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 -\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 -\123\040\122\157\157\164\040\122\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\156\107\251\305\113\107\014\015\354\063\320\211\271\034 -\364\341 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\132\060\202\003\102\240\003\002\001\002\002\020\156 -\107\251\305\113\107\014\015\354\063\320\211\271\034\364\341\060 -\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\107 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\042\060 -\040\006\003\125\004\012\023\031\107\157\157\147\154\145\040\124 -\162\165\163\164\040\123\145\162\166\151\143\145\163\040\114\114 -\103\061\024\060\022\006\003\125\004\003\023\013\107\124\123\040 -\122\157\157\164\040\122\061\060\036\027\015\061\066\060\066\062 -\062\060\060\060\060\060\060\132\027\015\063\066\060\066\062\062 -\060\060\060\060\060\060\132\060\107\061\013\060\011\006\003\125 -\004\006\023\002\125\123\061\042\060\040\006\003\125\004\012\023 -\031\107\157\157\147\154\145\040\124\162\165\163\164\040\123\145 -\162\166\151\143\145\163\040\114\114\103\061\024\060\022\006\003 -\125\004\003\023\013\107\124\123\040\122\157\157\164\040\122\061 -\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 -\000\266\021\002\213\036\343\241\167\233\073\334\277\224\076\267 -\225\247\100\074\241\375\202\371\175\062\006\202\161\366\366\214 -\177\373\350\333\274\152\056\227\227\243\214\113\371\053\366\261 -\371\316\204\035\261\371\305\227\336\357\271\362\243\351\274\022 -\211\136\247\252\122\253\370\043\047\313\244\261\234\143\333\327 -\231\176\360\012\136\353\150\246\364\306\132\107\015\115\020\063 -\343\116\261\023\243\310\030\154\113\354\374\011\220\337\235\144 -\051\045\043\007\241\264\322\075\056\140\340\317\322\011\207\273 -\315\110\360\115\302\302\172\210\212\273\272\317\131\031\326\257 -\217\260\007\260\236\061\361\202\301\300\337\056\246\155\154\031 -\016\265\330\176\046\032\105\003\075\260\171\244\224\050\255\017 -\177\046\345\250\010\376\226\350\074\150\224\123\356\203\072\210 -\053\025\226\011\262\340\172\214\056\165\326\234\353\247\126\144 -\217\226\117\150\256\075\227\302\204\217\300\274\100\300\013\134 -\275\366\207\263\065\154\254\030\120\177\204\340\114\315\222\323 -\040\351\063\274\122\231\257\062\265\051\263\045\052\264\110\371 -\162\341\312\144\367\346\202\020\215\350\235\302\212\210\372\070 -\146\212\374\143\371\001\371\170\375\173\134\167\372\166\207\372 -\354\337\261\016\171\225\127\264\275\046\357\326\001\321\353\026 -\012\273\216\013\265\305\305\212\125\253\323\254\352\221\113\051 -\314\031\244\062\045\116\052\361\145\104\320\002\316\252\316\111 -\264\352\237\174\203\260\100\173\347\103\253\247\154\243\217\175 -\211\201\372\114\245\377\325\216\303\316\113\340\265\330\263\216 -\105\317\166\300\355\100\053\375\123\017\260\247\325\073\015\261 -\212\242\003\336\061\255\314\167\352\157\173\076\326\337\221\042 -\022\346\276\372\330\062\374\020\143\024\121\162\336\135\326\026 -\223\275\051\150\063\357\072\146\354\007\212\046\337\023\327\127 -\145\170\047\336\136\111\024\000\242\000\177\232\250\041\266\251 -\261\225\260\245\271\015\026\021\332\307\154\110\074\100\340\176 -\015\132\315\126\074\321\227\005\271\313\113\355\071\113\234\304 -\077\322\125\023\156\044\260\326\161\372\364\301\272\314\355\033 -\365\376\201\101\330\000\230\075\072\310\256\172\230\067\030\005 -\225\002\003\001\000\001\243\102\060\100\060\016\006\003\125\035 -\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125 -\035\016\004\026\004\024\344\257\053\046\161\032\053\110\047\205 -\057\122\146\054\357\360\211\023\161\076\060\015\006\011\052\206 -\110\206\367\015\001\001\014\005\000\003\202\002\001\000\070\226 -\012\356\075\264\226\036\137\357\235\234\013\063\237\053\340\312 -\375\322\216\012\037\101\164\245\174\252\204\324\345\362\036\346 -\067\122\062\234\013\321\141\035\277\050\301\266\104\051\065\165 -\167\230\262\174\331\275\164\254\212\150\343\251\061\011\051\001 -\140\163\343\107\174\123\250\220\112\047\357\113\327\237\223\347 -\202\066\316\232\150\014\202\347\317\324\020\026\157\137\016\231 -\134\366\037\161\175\357\357\173\057\176\352\066\326\227\160\013 -\025\356\327\134\126\152\063\245\343\111\070\014\270\175\373\215 -\205\244\261\131\136\364\152\341\335\241\366\144\104\256\346\121 -\203\041\146\306\021\076\363\316\107\356\234\050\037\045\332\377 -\254\146\225\335\065\017\134\357\040\054\142\375\221\272\251\314 -\374\132\234\223\201\203\051\227\112\174\132\162\264\071\320\267 -\167\313\171\375\151\072\222\067\355\156\070\145\106\176\351\140 -\275\171\210\227\137\070\022\364\356\257\133\202\310\206\325\341 -\231\155\214\004\362\166\272\111\366\156\351\155\036\137\240\357 -\047\202\166\100\370\246\323\130\134\017\054\102\332\102\306\173 -\210\064\307\301\330\105\233\301\076\305\141\035\331\143\120\111 -\366\064\205\152\340\030\305\156\107\253\101\102\051\233\366\140 -\015\322\061\323\143\230\043\223\132\000\201\110\264\357\315\212 -\315\311\317\231\356\331\236\252\066\341\150\113\161\111\024\066 -\050\072\075\035\316\232\217\045\346\200\161\141\053\265\173\314 -\371\045\026\201\341\061\137\241\243\176\026\244\234\026\152\227 -\030\275\166\162\245\013\236\035\066\346\057\241\057\276\160\221 -\017\250\346\332\370\304\222\100\154\045\176\173\263\011\334\262 -\027\255\200\104\360\150\245\217\224\165\377\164\132\350\250\002 -\174\014\011\342\251\113\013\240\205\013\142\271\357\241\061\222 -\373\357\366\121\004\211\154\350\251\164\241\273\027\263\265\375 -\111\017\174\074\354\203\030\040\103\116\325\223\272\264\064\261 -\037\026\066\037\014\346\144\071\026\114\334\340\376\035\310\251 -\142\075\100\352\312\305\064\002\264\256\211\210\063\065\334\054 -\023\163\330\047\361\320\162\356\165\073\042\336\230\150\146\133 -\361\306\143\107\125\034\272\245\010\121\165\246\110\045 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "GTS Root R1" -# Issuer: CN=GTS Root R1,O=Google Trust Services LLC,C=US -# Serial Number:6e:47:a9:c5:4b:47:0c:0d:ec:33:d0:89:b9:1c:f4:e1 -# Subject: CN=GTS Root R1,O=Google Trust Services LLC,C=US -# Not Valid Before: Wed Jun 22 00:00:00 2016 -# Not Valid After : Sun Jun 22 00:00:00 2036 -# Fingerprint (SHA-256): 2A:57:54:71:E3:13:40:BC:21:58:1C:BD:2C:F1:3E:15:84:63:20:3E:CE:94:BC:F9:D3:CC:19:6B:F0:9A:54:72 -# Fingerprint (SHA1): E1:C9:50:E6:EF:22:F8:4C:56:45:72:8B:92:20:60:D7:D5:A7:A3:E8 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GTS Root R1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\341\311\120\346\357\042\370\114\126\105\162\213\222\040\140\327 -\325\247\243\350 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\202\032\357\324\322\112\362\237\342\075\227\006\024\160\162\205 -END -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 -\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 -\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 -\123\040\122\157\157\164\040\122\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\156\107\251\305\113\107\014\015\354\063\320\211\271\034 -\364\341 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "GTS Root R2" -# -# Issuer: CN=GTS Root R2,O=Google Trust Services LLC,C=US -# Serial Number:6e:47:a9:c6:5a:b3:e7:20:c5:30:9a:3f:68:52:f2:6f -# Subject: CN=GTS Root R2,O=Google Trust Services LLC,C=US -# Not Valid Before: Wed Jun 22 00:00:00 2016 -# Not Valid After : Sun Jun 22 00:00:00 2036 -# Fingerprint (SHA-256): C4:5D:7B:B0:8E:6D:67:E6:2E:42:35:11:0B:56:4E:5F:78:FD:92:EF:05:8C:84:0A:EA:4E:64:55:D7:58:5C:60 -# Fingerprint (SHA1): D2:73:96:2A:2A:5E:39:9F:73:3F:E1:C7:1E:64:3F:03:38:34:FC:4D -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GTS Root R2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 -\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 -\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 -\123\040\122\157\157\164\040\122\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 -\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 -\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 -\123\040\122\157\157\164\040\122\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\156\107\251\306\132\263\347\040\305\060\232\077\150\122 -\362\157 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\132\060\202\003\102\240\003\002\001\002\002\020\156 -\107\251\306\132\263\347\040\305\060\232\077\150\122\362\157\060 -\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\107 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\042\060 -\040\006\003\125\004\012\023\031\107\157\157\147\154\145\040\124 -\162\165\163\164\040\123\145\162\166\151\143\145\163\040\114\114 -\103\061\024\060\022\006\003\125\004\003\023\013\107\124\123\040 -\122\157\157\164\040\122\062\060\036\027\015\061\066\060\066\062 -\062\060\060\060\060\060\060\132\027\015\063\066\060\066\062\062 -\060\060\060\060\060\060\132\060\107\061\013\060\011\006\003\125 -\004\006\023\002\125\123\061\042\060\040\006\003\125\004\012\023 -\031\107\157\157\147\154\145\040\124\162\165\163\164\040\123\145 -\162\166\151\143\145\163\040\114\114\103\061\024\060\022\006\003 -\125\004\003\023\013\107\124\123\040\122\157\157\164\040\122\062 -\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 -\000\316\336\375\246\373\354\354\024\064\074\007\006\132\154\131 -\367\031\065\335\367\301\235\125\252\323\315\073\244\223\162\357 -\012\372\155\235\366\360\205\200\133\241\110\122\237\071\305\267 -\356\050\254\357\313\166\150\024\271\337\255\001\154\231\037\304 -\042\035\237\376\162\167\340\054\133\257\344\004\277\117\162\240 -\032\064\230\350\071\150\354\225\045\173\166\241\346\151\271\205 -\031\275\211\214\376\255\355\066\352\163\274\377\203\342\313\175 -\301\322\316\112\263\215\005\236\213\111\223\337\301\133\320\156 -\136\360\056\060\056\202\374\372\274\264\027\012\110\345\210\233 -\305\233\153\336\260\312\264\003\360\332\364\220\270\145\144\367 -\134\114\255\350\176\146\136\231\327\270\302\076\310\320\023\235 -\255\356\344\105\173\211\125\367\212\037\142\122\204\022\263\302 -\100\227\343\212\037\107\221\246\164\132\322\370\261\143\050\020 -\270\263\011\270\126\167\100\242\046\230\171\306\376\337\045\356 -\076\345\240\177\324\141\017\121\113\074\077\214\332\341\160\164 -\330\302\150\241\371\301\014\351\241\342\177\273\125\074\166\006 -\356\152\116\314\222\210\060\115\232\275\117\013\110\232\204\265 -\230\243\325\373\163\301\127\141\335\050\126\165\023\256\207\216 -\347\014\121\011\020\165\210\114\274\215\371\173\074\324\042\110 -\037\052\334\353\153\273\104\261\313\063\161\062\106\257\255\112 -\361\214\350\164\072\254\347\032\042\163\200\322\060\367\045\102 -\307\042\073\073\022\255\226\056\306\303\166\007\252\040\267\065 -\111\127\351\222\111\350\166\026\162\061\147\053\226\176\212\243 -\307\224\126\042\277\152\113\176\001\041\262\043\062\337\344\232 -\104\155\131\133\135\365\000\240\034\233\306\170\227\215\220\377 -\233\310\252\264\257\021\121\071\136\331\373\147\255\325\133\021 -\235\062\232\033\275\325\272\133\245\311\313\045\151\123\125\047 -\134\340\312\066\313\210\141\373\036\267\320\313\356\026\373\323 -\246\114\336\222\245\324\342\337\365\006\124\336\056\235\113\264 -\223\060\252\201\316\335\032\334\121\163\015\117\160\351\345\266 -\026\041\031\171\262\346\211\013\165\144\312\325\253\274\011\301 -\030\241\377\324\124\241\205\074\375\024\044\003\262\207\323\244 -\267\002\003\001\000\001\243\102\060\100\060\016\006\003\125\035 -\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125 -\035\016\004\026\004\024\273\377\312\216\043\237\117\231\312\333 -\342\150\246\245\025\047\027\036\331\016\060\015\006\011\052\206 -\110\206\367\015\001\001\014\005\000\003\202\002\001\000\266\151 -\360\246\167\376\236\356\013\201\255\341\300\251\307\371\065\035 -\100\202\253\346\004\264\337\313\367\035\017\203\360\176\023\115 -\215\214\356\343\063\042\303\071\374\100\337\156\101\113\102\123 -\276\026\210\361\322\070\136\304\150\231\034\230\122\223\214\347 -\150\355\033\152\163\172\005\100\115\177\145\073\326\130\361\316 -\203\107\140\343\377\227\251\234\140\167\030\125\265\176\010\223 -\317\320\366\074\147\003\025\141\011\371\201\171\365\354\123\244 -\237\311\217\001\213\163\304\167\166\334\203\242\365\014\111\032 -\250\166\336\222\233\144\370\263\054\305\047\323\007\300\010\200 -\244\230\222\343\001\226\002\252\002\356\217\073\305\321\155\012 -\063\060\163\170\271\117\124\026\277\013\007\241\244\134\346\313 -\311\134\204\217\017\340\025\167\054\176\046\176\332\304\113\333 -\247\026\167\007\260\315\165\350\162\102\326\225\204\235\206\203 -\362\344\220\315\011\107\324\213\003\160\332\132\306\003\102\364 -\355\067\242\360\033\120\124\113\016\330\204\336\031\050\231\201 -\107\256\011\033\077\110\321\303\157\342\260\140\027\365\356\043 -\002\245\332\000\133\155\220\253\356\242\351\033\073\351\307\104 -\047\105\216\153\237\365\244\204\274\167\371\153\227\254\076\121 -\105\242\021\246\314\205\356\012\150\362\076\120\070\172\044\142 -\036\027\040\067\155\152\115\267\011\233\311\374\244\130\365\266 -\373\234\116\030\273\225\002\347\241\255\233\007\356\066\153\044 -\322\071\206\301\223\203\120\322\201\106\250\137\142\127\054\273 -\154\144\210\010\156\357\023\124\137\335\055\304\147\143\323\317 -\211\067\277\235\040\364\373\172\203\233\240\036\201\000\120\302 -\344\014\042\131\122\020\355\103\126\207\000\370\024\122\247\035 -\213\223\214\242\115\106\177\047\306\161\233\044\336\344\332\206 -\213\015\176\153\040\301\300\236\341\145\330\152\243\246\350\205 -\213\072\007\010\034\272\365\217\125\232\030\165\176\345\354\201 -\146\321\041\163\241\065\104\013\200\075\133\234\136\157\052\027 -\226\321\203\043\210\146\155\346\206\342\160\062\057\122\042\347 -\310\347\177\304\054\140\135\057\303\257\236\105\005\303\204\002 -\267\375\054\010\122\117\202\335\243\360\324\206\011\002 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "GTS Root R2" -# Issuer: CN=GTS Root R2,O=Google Trust Services LLC,C=US -# Serial Number:6e:47:a9:c6:5a:b3:e7:20:c5:30:9a:3f:68:52:f2:6f -# Subject: CN=GTS Root R2,O=Google Trust Services LLC,C=US -# Not Valid Before: Wed Jun 22 00:00:00 2016 -# Not Valid After : Sun Jun 22 00:00:00 2036 -# Fingerprint (SHA-256): C4:5D:7B:B0:8E:6D:67:E6:2E:42:35:11:0B:56:4E:5F:78:FD:92:EF:05:8C:84:0A:EA:4E:64:55:D7:58:5C:60 -# Fingerprint (SHA1): D2:73:96:2A:2A:5E:39:9F:73:3F:E1:C7:1E:64:3F:03:38:34:FC:4D -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GTS Root R2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\322\163\226\052\052\136\071\237\163\077\341\307\036\144\077\003 -\070\064\374\115 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\104\355\232\016\244\011\073\000\362\256\114\243\306\141\260\213 -END -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 -\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 -\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 -\123\040\122\157\157\164\040\122\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\156\107\251\306\132\263\347\040\305\060\232\077\150\122 -\362\157 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "GTS Root R3" -# -# Issuer: CN=GTS Root R3,O=Google Trust Services LLC,C=US -# Serial Number:6e:47:a9:c7:6c:a9:73:24:40:89:0f:03:55:dd:8d:1d -# Subject: CN=GTS Root R3,O=Google Trust Services LLC,C=US -# Not Valid Before: Wed Jun 22 00:00:00 2016 -# Not Valid After : Sun Jun 22 00:00:00 2036 -# Fingerprint (SHA-256): 15:D5:B8:77:46:19:EA:7D:54:CE:1C:A6:D0:B0:C4:03:E0:37:A9:17:F1:31:E8:A0:4E:1E:6B:7A:71:BA:BC:E5 -# Fingerprint (SHA1): 30:D4:24:6F:07:FF:DB:91:89:8A:0B:E9:49:66:11:EB:8C:5E:46:E5 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GTS Root R3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 -\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 -\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 -\123\040\122\157\157\164\040\122\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 -\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 -\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 -\123\040\122\157\157\164\040\122\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\156\107\251\307\154\251\163\044\100\211\017\003\125\335 -\215\035 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\014\060\202\001\221\240\003\002\001\002\002\020\156 -\107\251\307\154\251\163\044\100\211\017\003\125\335\215\035\060 -\012\006\010\052\206\110\316\075\004\003\003\060\107\061\013\060 -\011\006\003\125\004\006\023\002\125\123\061\042\060\040\006\003 -\125\004\012\023\031\107\157\157\147\154\145\040\124\162\165\163 -\164\040\123\145\162\166\151\143\145\163\040\114\114\103\061\024 -\060\022\006\003\125\004\003\023\013\107\124\123\040\122\157\157 -\164\040\122\063\060\036\027\015\061\066\060\066\062\062\060\060 -\060\060\060\060\132\027\015\063\066\060\066\062\062\060\060\060 -\060\060\060\132\060\107\061\013\060\011\006\003\125\004\006\023 -\002\125\123\061\042\060\040\006\003\125\004\012\023\031\107\157 -\157\147\154\145\040\124\162\165\163\164\040\123\145\162\166\151 -\143\145\163\040\114\114\103\061\024\060\022\006\003\125\004\003 -\023\013\107\124\123\040\122\157\157\164\040\122\063\060\166\060 -\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000 -\042\003\142\000\004\037\117\063\207\063\051\212\241\204\336\313 -\307\041\130\101\211\352\126\235\053\113\205\306\035\114\047\274 -\177\046\121\162\157\342\237\326\243\312\314\105\024\106\213\255 -\357\176\206\214\354\261\176\057\377\251\161\235\030\204\105\004 -\101\125\156\053\352\046\177\273\220\001\343\113\031\272\344\124 -\226\105\011\261\325\154\221\104\255\204\023\216\232\214\015\200 -\014\062\366\340\047\243\102\060\100\060\016\006\003\125\035\017 -\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035 -\016\004\026\004\024\301\361\046\272\240\055\256\205\201\317\323 -\361\052\022\275\270\012\147\375\274\060\012\006\010\052\206\110 -\316\075\004\003\003\003\151\000\060\146\002\061\000\200\133\244 -\174\043\300\225\245\054\334\276\211\157\043\271\243\335\145\000 -\122\136\221\254\310\235\162\164\202\123\013\175\251\100\275\150 -\140\305\341\270\124\073\301\066\027\045\330\301\275\002\061\000 -\236\065\222\164\205\045\121\365\044\354\144\122\044\120\245\037 -\333\350\313\311\166\354\354\202\156\365\205\030\123\350\270\343 -\232\051\252\226\323\203\043\311\244\173\141\263\314\002\350\135 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "GTS Root R3" -# Issuer: CN=GTS Root R3,O=Google Trust Services LLC,C=US -# Serial Number:6e:47:a9:c7:6c:a9:73:24:40:89:0f:03:55:dd:8d:1d -# Subject: CN=GTS Root R3,O=Google Trust Services LLC,C=US -# Not Valid Before: Wed Jun 22 00:00:00 2016 -# Not Valid After : Sun Jun 22 00:00:00 2036 -# Fingerprint (SHA-256): 15:D5:B8:77:46:19:EA:7D:54:CE:1C:A6:D0:B0:C4:03:E0:37:A9:17:F1:31:E8:A0:4E:1E:6B:7A:71:BA:BC:E5 -# Fingerprint (SHA1): 30:D4:24:6F:07:FF:DB:91:89:8A:0B:E9:49:66:11:EB:8C:5E:46:E5 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GTS Root R3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\060\324\044\157\007\377\333\221\211\212\013\351\111\146\021\353 -\214\136\106\345 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\032\171\133\153\004\122\234\135\307\164\063\033\045\232\371\045 -END -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 -\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 -\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 -\123\040\122\157\157\164\040\122\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\156\107\251\307\154\251\163\044\100\211\017\003\125\335 -\215\035 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "GTS Root R4" -# -# Issuer: CN=GTS Root R4,O=Google Trust Services LLC,C=US -# Serial Number:6e:47:a9:c8:8b:94:b6:e8:bb:3b:2a:d8:a2:b2:c1:99 -# Subject: CN=GTS Root R4,O=Google Trust Services LLC,C=US -# Not Valid Before: Wed Jun 22 00:00:00 2016 -# Not Valid After : Sun Jun 22 00:00:00 2036 -# Fingerprint (SHA-256): 71:CC:A5:39:1F:9E:79:4B:04:80:25:30:B3:63:E1:21:DA:8A:30:43:BB:26:66:2F:EA:4D:CA:7F:C9:51:A4:BD -# Fingerprint (SHA1): 2A:1D:60:27:D9:4A:B1:0A:1C:4D:91:5C:CD:33:A0:CB:3E:2D:54:CB -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GTS Root R4" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 -\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 -\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 -\123\040\122\157\157\164\040\122\064 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 -\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 -\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 -\123\040\122\157\157\164\040\122\064 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\156\107\251\310\213\224\266\350\273\073\052\330\242\262 -\301\231 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\012\060\202\001\221\240\003\002\001\002\002\020\156 -\107\251\310\213\224\266\350\273\073\052\330\242\262\301\231\060 -\012\006\010\052\206\110\316\075\004\003\003\060\107\061\013\060 -\011\006\003\125\004\006\023\002\125\123\061\042\060\040\006\003 -\125\004\012\023\031\107\157\157\147\154\145\040\124\162\165\163 -\164\040\123\145\162\166\151\143\145\163\040\114\114\103\061\024 -\060\022\006\003\125\004\003\023\013\107\124\123\040\122\157\157 -\164\040\122\064\060\036\027\015\061\066\060\066\062\062\060\060 -\060\060\060\060\132\027\015\063\066\060\066\062\062\060\060\060 -\060\060\060\132\060\107\061\013\060\011\006\003\125\004\006\023 -\002\125\123\061\042\060\040\006\003\125\004\012\023\031\107\157 -\157\147\154\145\040\124\162\165\163\164\040\123\145\162\166\151 -\143\145\163\040\114\114\103\061\024\060\022\006\003\125\004\003 -\023\013\107\124\123\040\122\157\157\164\040\122\064\060\166\060 -\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000 -\042\003\142\000\004\363\164\163\247\150\213\140\256\103\270\065 -\305\201\060\173\113\111\235\373\301\141\316\346\336\106\275\153 -\325\141\030\065\256\100\335\163\367\211\221\060\132\353\074\356 -\205\174\242\100\166\073\251\306\270\107\330\052\347\222\221\152 -\163\351\261\162\071\237\051\237\242\230\323\137\136\130\206\145 -\017\241\204\145\006\321\334\213\311\307\163\310\214\152\057\345 -\304\253\321\035\212\243\102\060\100\060\016\006\003\125\035\017 -\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035 -\016\004\026\004\024\200\114\326\353\164\377\111\066\243\325\330 -\374\265\076\305\152\360\224\035\214\060\012\006\010\052\206\110 -\316\075\004\003\003\003\147\000\060\144\002\060\152\120\122\164 -\010\304\160\334\236\120\164\041\350\215\172\041\303\117\226\156 -\025\321\042\065\141\055\372\010\067\356\031\155\255\333\262\314 -\175\007\064\365\140\031\054\265\064\331\157\040\002\060\003\161 -\261\272\243\140\013\206\355\232\010\152\225\150\237\342\263\341 -\223\144\174\136\223\246\337\171\055\215\205\343\224\317\043\135 -\161\314\362\260\115\326\376\231\310\224\251\165\242\343 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "GTS Root R4" -# Issuer: CN=GTS Root R4,O=Google Trust Services LLC,C=US -# Serial Number:6e:47:a9:c8:8b:94:b6:e8:bb:3b:2a:d8:a2:b2:c1:99 -# Subject: CN=GTS Root R4,O=Google Trust Services LLC,C=US -# Not Valid Before: Wed Jun 22 00:00:00 2016 -# Not Valid After : Sun Jun 22 00:00:00 2036 -# Fingerprint (SHA-256): 71:CC:A5:39:1F:9E:79:4B:04:80:25:30:B3:63:E1:21:DA:8A:30:43:BB:26:66:2F:EA:4D:CA:7F:C9:51:A4:BD -# Fingerprint (SHA1): 2A:1D:60:27:D9:4A:B1:0A:1C:4D:91:5C:CD:33:A0:CB:3E:2D:54:CB -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "GTS Root R4" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\052\035\140\047\331\112\261\012\034\115\221\134\315\063\240\313 -\076\055\124\313 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\135\266\152\304\140\027\044\152\032\231\250\113\356\136\264\046 -END -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 -\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 -\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 -\123\040\122\157\157\164\040\122\064 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\156\107\251\310\213\224\266\350\273\073\052\330\242\262 -\301\231 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "UCA Global G2 Root" -# -# Issuer: CN=UCA Global G2 Root,O=UniTrust,C=CN -# Serial Number:5d:df:b1:da:5a:a3:ed:5d:be:5a:65:20:65:03:90:ef -# Subject: CN=UCA Global G2 Root,O=UniTrust,C=CN -# Not Valid Before: Fri Mar 11 00:00:00 2016 -# Not Valid After : Mon Dec 31 00:00:00 2040 -# Fingerprint (SHA-256): 9B:EA:11:C9:76:FE:01:47:64:C1:BE:56:A6:F9:14:B5:A5:60:31:7A:BD:99:88:39:33:82:E5:16:1A:A0:49:3C -# Fingerprint (SHA1): 28:F9:78:16:19:7A:FF:18:25:18:AA:44:FE:C1:A0:CE:5C:B6:4C:8A -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "UCA Global G2 Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\075\061\013\060\011\006\003\125\004\006\023\002\103\116\061 -\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 -\163\164\061\033\060\031\006\003\125\004\003\014\022\125\103\101 -\040\107\154\157\142\141\154\040\107\062\040\122\157\157\164 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\075\061\013\060\011\006\003\125\004\006\023\002\103\116\061 -\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 -\163\164\061\033\060\031\006\003\125\004\003\014\022\125\103\101 -\040\107\154\157\142\141\154\040\107\062\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\135\337\261\332\132\243\355\135\276\132\145\040\145\003 -\220\357 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\106\060\202\003\056\240\003\002\001\002\002\020\135 -\337\261\332\132\243\355\135\276\132\145\040\145\003\220\357\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\075 -\061\013\060\011\006\003\125\004\006\023\002\103\116\061\021\060 -\017\006\003\125\004\012\014\010\125\156\151\124\162\165\163\164 -\061\033\060\031\006\003\125\004\003\014\022\125\103\101\040\107 -\154\157\142\141\154\040\107\062\040\122\157\157\164\060\036\027 -\015\061\066\060\063\061\061\060\060\060\060\060\060\132\027\015 -\064\060\061\062\063\061\060\060\060\060\060\060\132\060\075\061 -\013\060\011\006\003\125\004\006\023\002\103\116\061\021\060\017 -\006\003\125\004\012\014\010\125\156\151\124\162\165\163\164\061 -\033\060\031\006\003\125\004\003\014\022\125\103\101\040\107\154 -\157\142\141\154\040\107\062\040\122\157\157\164\060\202\002\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\002\017\000\060\202\002\012\002\202\002\001\000\305\346\053 -\157\174\357\046\005\047\243\201\044\332\157\313\001\371\231\232 -\251\062\302\042\207\141\101\221\073\313\303\150\033\006\305\114 -\251\053\301\147\027\042\035\053\355\371\051\211\223\242\170\275 -\222\153\240\243\015\242\176\312\223\263\246\321\214\065\325\165 -\371\027\366\317\105\305\345\172\354\167\223\240\217\043\256\016 -\032\003\177\276\324\320\355\056\173\253\106\043\133\377\054\346 -\124\172\224\300\052\025\360\311\215\260\172\073\044\341\327\150 -\342\061\074\006\063\106\266\124\021\246\245\057\042\124\052\130 -\015\001\002\361\372\025\121\147\154\300\372\327\266\033\177\321 -\126\210\057\032\072\215\073\273\202\021\340\107\000\320\122\207 -\253\373\206\176\017\044\153\100\235\064\147\274\215\307\055\206 -\157\171\076\216\251\074\027\113\177\260\231\343\260\161\140\334 -\013\365\144\303\316\103\274\155\161\271\322\336\047\133\212\350 -\330\306\256\341\131\175\317\050\055\065\270\225\126\032\361\262 -\130\113\267\022\067\310\174\263\355\113\200\341\215\372\062\043 -\266\157\267\110\225\010\261\104\116\205\214\072\002\124\040\057 -\337\277\127\117\073\072\220\041\327\301\046\065\124\040\354\307 -\077\107\354\357\132\277\113\172\301\255\073\027\120\134\142\330 -\017\113\112\334\053\372\156\274\163\222\315\354\307\120\350\101 -\226\327\251\176\155\330\351\035\217\212\265\271\130\222\272\112 -\222\053\014\126\375\200\353\010\360\136\051\156\033\034\014\257 -\217\223\211\255\333\275\243\236\041\312\211\031\354\337\265\303 -\032\353\026\376\170\066\114\326\156\320\076\027\034\220\027\153 -\046\272\373\172\057\277\021\034\030\016\055\163\003\217\240\345 -\065\240\132\342\114\165\035\161\341\071\070\123\170\100\314\203 -\223\327\012\236\235\133\217\212\344\345\340\110\344\110\262\107 -\315\116\052\165\052\173\362\042\366\311\276\011\221\226\127\172 -\210\210\254\356\160\254\371\334\051\343\014\034\073\022\116\104 -\326\247\116\260\046\310\363\331\032\227\221\150\352\357\215\106 -\006\322\126\105\130\232\074\014\017\203\270\005\045\303\071\317 -\073\244\064\211\267\171\022\057\107\305\347\251\227\151\374\246 -\167\147\265\337\173\361\172\145\025\344\141\126\145\002\003\001 -\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026 -\004\024\201\304\214\314\365\344\060\377\245\014\010\137\214\025 -\147\041\164\001\337\337\060\015\006\011\052\206\110\206\367\015 -\001\001\013\005\000\003\202\002\001\000\023\145\042\365\216\053 -\255\104\344\313\377\271\150\346\303\200\110\075\004\173\372\043 -\057\172\355\066\332\262\316\155\366\346\236\345\137\130\217\313 -\067\062\241\310\145\266\256\070\075\065\033\076\274\073\266\004 -\320\274\371\111\365\233\367\205\305\066\266\313\274\370\310\071 -\325\344\137\007\275\025\124\227\164\312\312\355\117\272\272\144 -\166\237\201\270\204\105\111\114\215\157\242\353\261\314\321\303 -\224\332\104\302\346\342\352\030\350\242\037\047\005\272\327\345 -\326\251\315\335\357\166\230\215\000\016\315\033\372\003\267\216 -\200\130\016\047\077\122\373\224\242\312\136\145\311\326\204\332 -\271\065\161\363\046\300\117\167\346\201\047\322\167\073\232\024 -\157\171\364\366\320\341\323\224\272\320\127\121\275\047\005\015 -\301\375\310\022\060\356\157\215\021\053\010\235\324\324\277\200 -\105\024\232\210\104\332\060\352\264\247\343\356\357\133\202\325 -\076\326\255\170\222\333\134\074\363\330\255\372\270\153\177\304 -\066\050\266\002\025\212\124\054\234\260\027\163\216\320\067\243 -\024\074\230\225\000\014\051\005\133\236\111\111\261\137\307\343 -\313\317\047\145\216\065\027\267\127\310\060\331\101\133\271\024 -\266\350\302\017\224\061\247\224\230\314\152\353\265\341\047\365 -\020\250\001\350\216\022\142\350\210\314\265\177\106\227\300\233 -\020\146\070\032\066\106\137\042\150\075\337\311\306\023\047\253 -\123\006\254\242\074\206\006\145\157\261\176\261\051\104\232\243 -\272\111\151\050\151\217\327\345\137\255\004\206\144\157\032\240 -\014\305\010\142\316\200\243\320\363\354\150\336\276\063\307\027 -\133\177\200\304\114\114\261\246\204\212\303\073\270\011\315\024 -\201\272\030\343\124\127\066\376\333\057\174\107\241\072\063\310 -\371\130\073\104\117\261\312\002\211\004\226\050\150\305\113\270 -\046\211\273\326\063\057\120\325\376\232\211\272\030\062\222\124 -\306\133\340\235\371\136\345\015\042\233\366\332\342\310\041\262 -\142\041\252\206\100\262\056\144\323\137\310\343\176\021\147\105 -\037\005\376\343\242\357\263\250\263\363\175\217\370\014\037\042 -\037\055\160\264\270\001\064\166\060\000\345\043\170\247\126\327 -\120\037\212\373\006\365\302\031\360\320 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "UCA Global G2 Root" -# Issuer: CN=UCA Global G2 Root,O=UniTrust,C=CN -# Serial Number:5d:df:b1:da:5a:a3:ed:5d:be:5a:65:20:65:03:90:ef -# Subject: CN=UCA Global G2 Root,O=UniTrust,C=CN -# Not Valid Before: Fri Mar 11 00:00:00 2016 -# Not Valid After : Mon Dec 31 00:00:00 2040 -# Fingerprint (SHA-256): 9B:EA:11:C9:76:FE:01:47:64:C1:BE:56:A6:F9:14:B5:A5:60:31:7A:BD:99:88:39:33:82:E5:16:1A:A0:49:3C -# Fingerprint (SHA1): 28:F9:78:16:19:7A:FF:18:25:18:AA:44:FE:C1:A0:CE:5C:B6:4C:8A -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "UCA Global G2 Root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\050\371\170\026\031\172\377\030\045\030\252\104\376\301\240\316 -\134\266\114\212 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\200\376\360\304\112\360\134\142\062\237\034\272\170\251\120\370 -END -CKA_ISSUER MULTILINE_OCTAL -\060\075\061\013\060\011\006\003\125\004\006\023\002\103\116\061 -\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 -\163\164\061\033\060\031\006\003\125\004\003\014\022\125\103\101 -\040\107\154\157\142\141\154\040\107\062\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\135\337\261\332\132\243\355\135\276\132\145\040\145\003 -\220\357 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "UCA Extended Validation Root" -# -# Issuer: CN=UCA Extended Validation Root,O=UniTrust,C=CN -# Serial Number:4f:d2:2b:8f:f5:64:c8:33:9e:4f:34:58:66:23:70:60 -# Subject: CN=UCA Extended Validation Root,O=UniTrust,C=CN -# Not Valid Before: Fri Mar 13 00:00:00 2015 -# Not Valid After : Fri Dec 31 00:00:00 2038 -# Fingerprint (SHA-256): D4:3A:F9:B3:54:73:75:5C:96:84:FC:06:D7:D8:CB:70:EE:5C:28:E7:73:FB:29:4E:B4:1E:E7:17:22:92:4D:24 -# Fingerprint (SHA1): A3:A1:B0:6F:24:61:23:4A:E3:36:A5:C2:37:FC:A6:FF:DD:F0:D7:3A -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "UCA Extended Validation Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\103\116\061 -\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 -\163\164\061\045\060\043\006\003\125\004\003\014\034\125\103\101 -\040\105\170\164\145\156\144\145\144\040\126\141\154\151\144\141 -\164\151\157\156\040\122\157\157\164 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\103\116\061 -\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 -\163\164\061\045\060\043\006\003\125\004\003\014\034\125\103\101 -\040\105\170\164\145\156\144\145\144\040\126\141\154\151\144\141 -\164\151\157\156\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\117\322\053\217\365\144\310\063\236\117\064\130\146\043 -\160\140 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\132\060\202\003\102\240\003\002\001\002\002\020\117 -\322\053\217\365\144\310\063\236\117\064\130\146\043\160\140\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\107 -\061\013\060\011\006\003\125\004\006\023\002\103\116\061\021\060 -\017\006\003\125\004\012\014\010\125\156\151\124\162\165\163\164 -\061\045\060\043\006\003\125\004\003\014\034\125\103\101\040\105 -\170\164\145\156\144\145\144\040\126\141\154\151\144\141\164\151 -\157\156\040\122\157\157\164\060\036\027\015\061\065\060\063\061 -\063\060\060\060\060\060\060\132\027\015\063\070\061\062\063\061 -\060\060\060\060\060\060\132\060\107\061\013\060\011\006\003\125 -\004\006\023\002\103\116\061\021\060\017\006\003\125\004\012\014 -\010\125\156\151\124\162\165\163\164\061\045\060\043\006\003\125 -\004\003\014\034\125\103\101\040\105\170\164\145\156\144\145\144 -\040\126\141\154\151\144\141\164\151\157\156\040\122\157\157\164 -\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 -\000\251\011\007\050\023\002\260\231\340\144\252\036\103\026\172 -\163\261\221\240\165\076\250\372\343\070\000\172\354\211\152\040 -\017\213\305\260\233\063\003\132\206\306\130\206\325\301\205\273 -\117\306\234\100\115\312\276\356\151\226\270\255\201\060\232\174 -\222\005\353\005\053\232\110\320\270\166\076\226\310\040\273\322 -\260\361\217\330\254\105\106\377\252\147\140\264\167\176\152\037 -\074\032\122\172\004\075\007\074\205\015\204\320\037\166\012\367 -\152\024\337\162\343\064\174\127\116\126\001\076\171\361\252\051 -\073\154\372\370\217\155\115\310\065\337\256\353\334\044\356\171 -\105\247\205\266\005\210\336\210\135\045\174\227\144\147\011\331 -\277\132\025\005\206\363\011\036\354\130\062\063\021\363\167\144 -\260\166\037\344\020\065\027\033\362\016\261\154\244\052\243\163 -\374\011\037\036\062\031\123\021\347\331\263\054\056\166\056\241 -\243\336\176\152\210\011\350\362\007\212\370\262\315\020\347\342 -\163\100\223\273\010\321\077\341\374\013\224\263\045\357\174\246 -\327\321\257\237\377\226\232\365\221\173\230\013\167\324\176\350 -\007\322\142\265\225\071\343\363\361\155\017\016\145\204\212\143 -\124\305\200\266\340\236\113\175\107\046\247\001\010\135\321\210 -\236\327\303\062\104\372\202\112\012\150\124\177\070\123\003\314 -\244\000\063\144\121\131\013\243\202\221\172\136\354\026\302\363 -\052\346\142\332\052\333\131\142\020\045\112\052\201\013\107\007 -\103\006\160\207\322\372\223\021\051\172\110\115\353\224\307\160 -\115\257\147\325\121\261\200\040\001\001\264\172\010\246\220\177 -\116\340\357\007\101\207\257\152\245\136\213\373\317\120\262\232 -\124\257\303\211\272\130\055\365\060\230\261\066\162\071\176\111 -\004\375\051\247\114\171\344\005\127\333\224\271\026\123\215\106 -\263\035\225\141\127\126\177\257\360\026\133\141\130\157\066\120 -\021\013\330\254\053\225\026\032\016\037\010\315\066\064\145\020 -\142\146\325\200\137\024\040\137\055\014\240\170\012\150\326\054 -\327\351\157\053\322\112\005\223\374\236\157\153\147\377\210\361 -\116\245\151\112\122\067\005\352\306\026\215\322\304\231\321\202 -\053\073\272\065\165\367\121\121\130\363\310\007\335\344\264\003 -\177\002\003\001\000\001\243\102\060\100\060\035\006\003\125\035 -\016\004\026\004\024\331\164\072\344\060\075\015\367\022\334\176 -\132\005\237\036\064\232\367\341\024\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035 -\017\001\001\377\004\004\003\002\001\206\060\015\006\011\052\206 -\110\206\367\015\001\001\013\005\000\003\202\002\001\000\066\215 -\227\314\102\025\144\051\067\233\046\054\326\373\256\025\151\054 -\153\032\032\367\137\266\371\007\114\131\352\363\311\310\271\256 -\314\272\056\172\334\300\365\260\055\300\073\257\237\160\005\021 -\152\237\045\117\001\051\160\343\345\014\341\352\132\174\334\111 -\273\301\036\052\201\365\026\113\162\221\310\242\061\271\252\332 -\374\235\037\363\135\100\002\023\374\116\034\006\312\263\024\220 -\124\027\031\022\032\361\037\327\014\151\132\366\161\170\364\224 -\175\221\013\216\354\220\124\216\274\157\241\114\253\374\164\144 -\375\161\232\370\101\007\241\315\221\344\074\232\340\233\062\071 -\163\253\052\325\151\310\170\221\046\061\175\342\307\060\361\374 -\024\170\167\022\016\023\364\335\026\224\277\113\147\173\160\123 -\205\312\260\273\363\070\115\054\220\071\300\015\302\135\153\351 -\342\345\325\210\215\326\054\277\253\033\276\265\050\207\022\027 -\164\156\374\175\374\217\320\207\046\260\033\373\271\154\253\342 -\236\075\025\301\073\056\147\002\130\221\237\357\370\102\037\054 -\267\150\365\165\255\317\265\366\377\021\175\302\360\044\245\255 -\323\372\240\074\251\372\135\334\245\240\357\104\244\276\326\350 -\345\344\023\226\027\173\006\076\062\355\307\267\102\274\166\243 -\330\145\070\053\070\065\121\041\016\016\157\056\064\023\100\341 -\053\147\014\155\112\101\060\030\043\132\062\125\231\311\027\340 -\074\336\366\354\171\255\053\130\031\242\255\054\042\032\225\216 -\276\226\220\135\102\127\304\371\024\003\065\053\034\055\121\127 -\010\247\072\336\077\344\310\264\003\163\302\301\046\200\273\013 -\102\037\255\015\257\046\162\332\314\276\263\243\203\130\015\202 -\305\037\106\121\343\234\030\314\215\233\215\354\111\353\165\120 -\325\214\050\131\312\164\064\332\214\013\041\253\036\352\033\345 -\307\375\025\076\300\027\252\373\043\156\046\106\313\372\371\261 -\162\153\151\317\042\204\013\142\017\254\331\031\000\224\242\166 -\074\324\055\232\355\004\236\055\006\142\020\067\122\034\205\162 -\033\047\345\314\306\061\354\067\354\143\131\233\013\035\166\314 -\176\062\232\210\225\010\066\122\273\336\166\137\166\111\111\255 -\177\275\145\040\262\311\301\053\166\030\166\237\126\261 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "UCA Extended Validation Root" -# Issuer: CN=UCA Extended Validation Root,O=UniTrust,C=CN -# Serial Number:4f:d2:2b:8f:f5:64:c8:33:9e:4f:34:58:66:23:70:60 -# Subject: CN=UCA Extended Validation Root,O=UniTrust,C=CN -# Not Valid Before: Fri Mar 13 00:00:00 2015 -# Not Valid After : Fri Dec 31 00:00:00 2038 -# Fingerprint (SHA-256): D4:3A:F9:B3:54:73:75:5C:96:84:FC:06:D7:D8:CB:70:EE:5C:28:E7:73:FB:29:4E:B4:1E:E7:17:22:92:4D:24 -# Fingerprint (SHA1): A3:A1:B0:6F:24:61:23:4A:E3:36:A5:C2:37:FC:A6:FF:DD:F0:D7:3A -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "UCA Extended Validation Root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\243\241\260\157\044\141\043\112\343\066\245\302\067\374\246\377 -\335\360\327\072 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\241\363\137\103\306\064\233\332\277\214\176\005\123\255\226\342 -END -CKA_ISSUER MULTILINE_OCTAL -\060\107\061\013\060\011\006\003\125\004\006\023\002\103\116\061 -\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 -\163\164\061\045\060\043\006\003\125\004\003\014\034\125\103\101 -\040\105\170\164\145\156\144\145\144\040\126\141\154\151\144\141 -\164\151\157\156\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\117\322\053\217\365\144\310\063\236\117\064\130\146\043 -\160\140 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Certigna Root CA" -# -# Issuer: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR -# Serial Number:00:ca:e9:1b:89:f1:55:03:0d:a3:e6:41:6d:c4:e3:a6:e1 -# Subject: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR -# Not Valid Before: Tue Oct 01 08:32:27 2013 -# Not Valid After : Sat Oct 01 08:32:27 2033 -# Fingerprint (SHA-256): D4:8D:3D:23:EE:DB:50:A4:59:E5:51:97:60:1C:27:77:4B:9D:7B:18:C9:4D:5A:05:95:11:A1:02:50:B9:31:68 -# Fingerprint (SHA1): 2D:0D:52:14:FF:9E:AD:99:24:01:74:20:47:6E:6C:85:27:27:F5:43 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certigna Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157 -\164\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060 -\060\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063 -\066\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164 -\151\147\156\141\040\122\157\157\164\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157 -\164\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060 -\060\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063 -\066\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164 -\151\147\156\141\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\312\351\033\211\361\125\003\015\243\346\101\155\304 -\343\246\341 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\006\133\060\202\004\103\240\003\002\001\002\002\021\000 -\312\351\033\211\361\125\003\015\243\346\101\155\304\343\246\341 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061\022 -\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157\164 -\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060\060 -\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063\066 -\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164\151 -\147\156\141\040\122\157\157\164\040\103\101\060\036\027\015\061 -\063\061\060\060\061\060\070\063\062\062\067\132\027\015\063\063 -\061\060\060\061\060\070\063\062\062\067\132\060\132\061\013\060 -\011\006\003\125\004\006\023\002\106\122\061\022\060\020\006\003 -\125\004\012\014\011\104\150\151\155\171\157\164\151\163\061\034 -\060\032\006\003\125\004\013\014\023\060\060\060\062\040\064\070 -\061\064\066\063\060\070\061\060\060\060\063\066\061\031\060\027 -\006\003\125\004\003\014\020\103\145\162\164\151\147\156\141\040 -\122\157\157\164\040\103\101\060\202\002\042\060\015\006\011\052 -\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060 -\202\002\012\002\202\002\001\000\315\030\071\145\032\131\261\352 -\144\026\016\214\224\044\225\174\203\323\305\071\046\334\014\357 -\026\127\215\327\330\254\243\102\177\202\312\355\315\133\333\016 -\267\055\355\105\010\027\262\331\263\313\326\027\122\162\050\333 -\216\116\236\212\266\013\371\236\204\232\115\166\336\042\051\134 -\322\263\322\006\076\060\071\251\164\243\222\126\034\241\157\114 -\012\040\155\237\043\172\264\306\332\054\344\035\054\334\263\050 -\320\023\362\114\116\002\111\241\124\100\236\346\345\005\240\055 -\204\310\377\230\154\320\353\212\032\204\010\036\267\150\043\356 -\043\325\160\316\155\121\151\020\356\241\172\302\321\042\061\302 -\202\205\322\362\125\166\120\174\045\172\311\204\134\013\254\335 -\102\116\053\347\202\242\044\211\313\220\262\320\356\043\272\146 -\114\273\142\244\371\123\132\144\173\174\230\372\243\110\236\017 -\225\256\247\030\364\152\354\056\003\105\257\360\164\370\052\315 -\172\135\321\276\104\046\062\051\361\361\365\154\314\176\002\041 -\013\237\157\244\077\276\235\123\342\317\175\251\054\174\130\032 -\227\341\075\067\067\030\146\050\322\100\305\121\212\214\303\055 -\316\123\210\044\130\144\060\026\305\252\340\326\012\246\100\337 -\170\366\365\004\174\151\023\204\274\321\321\247\006\317\001\367 -\150\300\250\127\273\072\141\255\004\214\223\343\255\374\360\333 -\104\155\131\334\111\131\256\254\232\231\066\060\101\173\166\063 -\042\207\243\302\222\206\156\371\160\356\256\207\207\225\033\304 -\172\275\061\363\324\322\345\231\377\276\110\354\165\365\170\026 -\035\246\160\301\177\074\033\241\222\373\317\310\074\326\305\223 -\012\217\365\125\072\166\225\316\131\230\212\011\225\167\062\232 -\203\272\054\004\072\227\275\324\057\276\327\154\233\242\312\175 -\155\046\311\125\325\317\303\171\122\010\011\231\007\044\055\144 -\045\153\246\041\151\233\152\335\164\115\153\227\172\101\275\253 -\027\371\220\027\110\217\066\371\055\325\305\333\356\252\205\105 -\101\372\315\072\105\261\150\346\066\114\233\220\127\354\043\271 -\207\010\302\304\011\361\227\206\052\050\115\342\164\300\332\304 -\214\333\337\342\241\027\131\316\044\131\164\061\332\177\375\060 -\155\331\334\341\152\341\374\137\002\003\001\000\001\243\202\001 -\032\060\202\001\026\060\017\006\003\125\035\023\001\001\377\004 -\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004 -\024\030\207\126\340\156\167\356\044\065\074\116\163\232\037\326 -\341\342\171\176\053\060\037\006\003\125\035\043\004\030\060\026 -\200\024\030\207\126\340\156\167\356\044\065\074\116\163\232\037 -\326\341\342\171\176\053\060\104\006\003\125\035\040\004\075\060 -\073\060\071\006\004\125\035\040\000\060\061\060\057\006\010\053 -\006\001\005\005\007\002\001\026\043\150\164\164\160\163\072\057 -\057\167\167\167\167\056\143\145\162\164\151\147\156\141\056\146 -\162\057\141\165\164\157\162\151\164\145\163\057\060\155\006\003 -\125\035\037\004\146\060\144\060\057\240\055\240\053\206\051\150 -\164\164\160\072\057\057\143\162\154\056\143\145\162\164\151\147 -\156\141\056\146\162\057\143\145\162\164\151\147\156\141\162\157 -\157\164\143\141\056\143\162\154\060\061\240\057\240\055\206\053 -\150\164\164\160\072\057\057\143\162\154\056\144\150\151\155\171 -\157\164\151\163\056\143\157\155\057\143\145\162\164\151\147\156 -\141\162\157\157\164\143\141\056\143\162\154\060\015\006\011\052 -\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\224 -\270\236\117\360\343\225\010\042\347\315\150\101\367\034\125\325 -\174\000\342\055\072\211\135\150\070\057\121\042\013\112\215\313 -\351\273\135\076\273\134\075\261\050\376\344\123\125\023\317\241 -\220\033\002\035\137\146\106\011\063\050\341\015\044\227\160\323 -\020\037\352\144\127\226\273\135\332\347\304\214\117\114\144\106 -\035\134\207\343\131\336\102\321\233\250\176\246\211\335\217\034 -\311\060\202\355\073\234\315\300\351\031\340\152\330\002\165\067 -\253\367\064\050\050\221\362\004\012\117\065\343\140\046\001\372 -\320\021\214\371\021\152\356\257\075\303\120\323\217\137\063\171 -\074\206\250\163\105\220\214\040\266\162\163\027\043\276\007\145 -\345\170\222\015\272\001\300\353\214\034\146\277\254\206\167\001 -\224\015\234\346\351\071\215\037\246\121\214\231\014\071\167\341 -\264\233\372\034\147\127\157\152\152\216\251\053\114\127\171\172 -\127\042\317\315\137\143\106\215\134\131\072\206\370\062\107\142 -\243\147\015\030\221\334\373\246\153\365\110\141\163\043\131\216 -\002\247\274\104\352\364\111\235\361\124\130\371\140\257\332\030 -\244\057\050\105\334\172\240\210\206\135\363\073\347\377\051\065 -\200\374\144\103\224\346\343\034\157\276\255\016\052\143\231\053 -\311\176\205\366\161\350\006\003\225\376\336\217\110\034\132\324 -\222\350\053\356\347\061\333\272\004\152\207\230\347\305\137\357 -\175\247\042\367\001\330\115\371\211\320\016\232\005\131\244\236 -\230\331\157\053\312\160\276\144\302\125\243\364\351\257\303\222 -\051\334\210\026\044\231\074\215\046\230\266\133\267\314\316\267 -\067\007\375\046\331\230\205\044\377\131\043\003\232\355\235\235 -\250\344\136\070\316\327\122\015\157\322\077\155\261\005\153\111 -\316\212\221\106\163\364\366\057\360\250\163\167\016\145\254\241 -\215\146\122\151\176\113\150\014\307\036\067\047\203\245\214\307 -\002\344\024\315\111\001\260\163\263\375\306\220\072\157\322\154 -\355\073\356\354\221\276\242\103\135\213\000\112\146\045\104\160 -\336\100\017\370\174\025\367\242\316\074\327\136\023\214\201\027 -\030\027\321\275\361\167\020\072\324\145\071\301\047\254\127\054 -\045\124\377\242\332\117\212\141\071\136\256\075\112\214\275 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Certigna Root CA" -# Issuer: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR -# Serial Number:00:ca:e9:1b:89:f1:55:03:0d:a3:e6:41:6d:c4:e3:a6:e1 -# Subject: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR -# Not Valid Before: Tue Oct 01 08:32:27 2013 -# Not Valid After : Sat Oct 01 08:32:27 2033 -# Fingerprint (SHA-256): D4:8D:3D:23:EE:DB:50:A4:59:E5:51:97:60:1C:27:77:4B:9D:7B:18:C9:4D:5A:05:95:11:A1:02:50:B9:31:68 -# Fingerprint (SHA1): 2D:0D:52:14:FF:9E:AD:99:24:01:74:20:47:6E:6C:85:27:27:F5:43 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certigna Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\055\015\122\024\377\236\255\231\044\001\164\040\107\156\154\205 -\047\047\365\103 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\016\134\060\142\047\353\133\274\327\256\142\272\351\325\337\167 -END -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157 -\164\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060 -\060\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063 -\066\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164 -\151\147\156\141\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\312\351\033\211\361\125\003\015\243\346\101\155\304 -\343\246\341 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "emSign Root CA - G1" -# -# Issuer: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN -# Serial Number:31:f5:e4:62:0c:6c:58:ed:d6:d8 -# Subject: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN -# Not Valid Before: Sun Feb 18 18:30:00 2018 -# Not Valid After : Wed Feb 18 18:30:00 2043 -# Fingerprint (SHA-256): 40:F6:AF:03:46:A9:9A:A1:CD:1D:55:5A:4E:9C:CE:62:C7:F9:63:46:03:EE:40:66:15:83:3D:C8:C8:D0:03:67 -# Fingerprint (SHA1): 8A:C7:AD:8F:73:AC:4E:C1:B5:75:4D:A5:40:F4:FC:CF:7C:B5:8E:8C -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "emSign Root CA - G1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116\061 -\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 -\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 -\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 -\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032\006 -\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157 -\164\040\103\101\040\055\040\107\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116\061 -\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 -\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 -\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 -\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032\006 -\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157 -\164\040\103\101\040\055\040\107\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\012\061\365\344\142\014\154\130\355\326\330 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\224\060\202\002\174\240\003\002\001\002\002\012\061 -\365\344\142\014\154\130\355\326\330\060\015\006\011\052\206\110 -\206\367\015\001\001\013\005\000\060\147\061\013\060\011\006\003 -\125\004\006\023\002\111\116\061\023\060\021\006\003\125\004\013 -\023\012\145\155\123\151\147\156\040\120\113\111\061\045\060\043 -\006\003\125\004\012\023\034\145\115\165\144\150\162\141\040\124 -\145\143\150\156\157\154\157\147\151\145\163\040\114\151\155\151 -\164\145\144\061\034\060\032\006\003\125\004\003\023\023\145\155 -\123\151\147\156\040\122\157\157\164\040\103\101\040\055\040\107 -\061\060\036\027\015\061\070\060\062\061\070\061\070\063\060\060 -\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060\060 -\132\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116 -\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147 -\156\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034 -\145\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157 -\147\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032 -\006\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157 -\157\164\040\103\101\040\055\040\107\061\060\202\001\042\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001 -\017\000\060\202\001\012\002\202\001\001\000\223\113\273\351\146 -\212\356\235\133\325\064\223\320\033\036\303\347\236\270\144\063 -\177\143\170\150\264\315\056\161\165\327\233\040\306\115\051\274 -\266\150\140\212\367\041\232\126\065\132\363\166\275\330\315\232 -\377\223\126\113\245\131\006\241\223\064\051\335\026\064\165\116 -\362\201\264\307\226\116\255\031\025\122\112\376\074\160\165\160 -\315\257\053\253\025\232\063\074\252\263\213\252\315\103\375\365 -\352\160\377\355\317\021\073\224\316\116\062\026\323\043\100\052 -\167\263\257\074\001\054\154\355\231\054\213\331\116\151\230\262 -\367\217\101\260\062\170\141\326\015\137\303\372\242\100\222\035 -\134\027\346\160\076\065\347\242\267\302\142\342\253\244\070\114 -\265\071\065\157\352\003\151\372\072\124\150\205\155\326\362\057 -\103\125\036\221\015\016\330\325\152\244\226\321\023\074\054\170 -\120\350\072\222\322\027\126\345\065\032\100\034\076\215\054\355 -\071\337\102\340\203\101\164\337\243\315\302\206\140\110\150\343 -\151\013\124\000\213\344\166\151\041\015\171\116\064\010\136\024 -\302\314\261\267\255\327\174\160\212\307\205\002\003\001\000\001 -\243\102\060\100\060\035\006\003\125\035\016\004\026\004\024\373 -\357\015\206\236\260\343\335\251\271\361\041\027\177\076\374\360 -\167\053\032\060\016\006\003\125\035\017\001\001\377\004\004\003 -\002\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\015\006\011\052\206\110\206\367\015\001\001 -\013\005\000\003\202\001\001\000\131\377\362\214\365\207\175\161 -\075\243\237\033\133\321\332\370\323\234\153\066\275\233\251\141 -\353\336\026\054\164\075\236\346\165\332\327\272\247\274\102\027 -\347\075\221\353\345\175\335\076\234\361\317\222\254\154\110\314 -\302\042\077\151\073\305\266\025\057\243\065\306\150\052\034\127 -\257\071\357\215\320\065\303\030\014\173\000\126\034\315\213\031 -\164\336\276\017\022\340\320\252\241\077\002\064\261\160\316\235 -\030\326\010\003\011\106\356\140\340\176\266\304\111\004\121\175 -\160\140\274\252\262\377\171\162\172\246\035\075\137\052\370\312 -\342\375\071\267\107\271\353\176\337\004\043\257\372\234\006\007 -\351\373\143\223\200\100\265\306\154\012\061\050\316\014\237\317 -\263\043\065\200\101\215\154\304\067\173\201\057\200\241\100\102 -\205\351\331\070\215\350\241\123\315\001\277\151\350\132\006\362 -\105\013\220\372\256\341\277\235\362\256\127\074\245\256\262\126 -\364\213\145\100\351\375\061\201\054\364\071\011\330\356\153\247 -\264\246\035\025\245\230\367\001\201\330\205\175\363\121\134\161 -\210\336\272\314\037\200\176\112 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "emSign Root CA - G1" -# Issuer: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN -# Serial Number:31:f5:e4:62:0c:6c:58:ed:d6:d8 -# Subject: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN -# Not Valid Before: Sun Feb 18 18:30:00 2018 -# Not Valid After : Wed Feb 18 18:30:00 2043 -# Fingerprint (SHA-256): 40:F6:AF:03:46:A9:9A:A1:CD:1D:55:5A:4E:9C:CE:62:C7:F9:63:46:03:EE:40:66:15:83:3D:C8:C8:D0:03:67 -# Fingerprint (SHA1): 8A:C7:AD:8F:73:AC:4E:C1:B5:75:4D:A5:40:F4:FC:CF:7C:B5:8E:8C -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "emSign Root CA - G1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\212\307\255\217\163\254\116\301\265\165\115\245\100\364\374\317 -\174\265\216\214 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\234\102\204\127\335\313\013\247\056\225\255\266\363\332\274\254 -END -CKA_ISSUER MULTILINE_OCTAL -\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116\061 -\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 -\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 -\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 -\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032\006 -\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157 -\164\040\103\101\040\055\040\107\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\012\061\365\344\142\014\154\130\355\326\330 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "emSign ECC Root CA - G3" -# -# Issuer: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN -# Serial Number:3c:f6:07:a9:68:70:0e:da:8b:84 -# Subject: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN -# Not Valid Before: Sun Feb 18 18:30:00 2018 -# Not Valid After : Wed Feb 18 18:30:00 2043 -# Fingerprint (SHA-256): 86:A1:EC:BA:08:9C:4A:8D:3B:BE:27:34:C6:12:BA:34:1D:81:3E:04:3C:F9:E8:A8:62:CD:5C:57:A3:6B:BE:6B -# Fingerprint (SHA1): 30:43:FA:4F:F2:57:DC:A0:C3:80:EE:2E:58:EA:78:B2:3F:E6:BB:C1 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "emSign ECC Root CA - G3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\153\061\013\060\011\006\003\125\004\006\023\002\111\116\061 -\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 -\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 -\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 -\151\145\163\040\114\151\155\151\164\145\144\061\040\060\036\006 -\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103 -\040\122\157\157\164\040\103\101\040\055\040\107\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\153\061\013\060\011\006\003\125\004\006\023\002\111\116\061 -\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 -\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 -\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 -\151\145\163\040\114\151\155\151\164\145\144\061\040\060\036\006 -\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103 -\040\122\157\157\164\040\103\101\040\055\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\012\074\366\007\251\150\160\016\332\213\204 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\116\060\202\001\323\240\003\002\001\002\002\012\074 -\366\007\251\150\160\016\332\213\204\060\012\006\010\052\206\110 -\316\075\004\003\003\060\153\061\013\060\011\006\003\125\004\006 -\023\002\111\116\061\023\060\021\006\003\125\004\013\023\012\145 -\155\123\151\147\156\040\120\113\111\061\045\060\043\006\003\125 -\004\012\023\034\145\115\165\144\150\162\141\040\124\145\143\150 -\156\157\154\157\147\151\145\163\040\114\151\155\151\164\145\144 -\061\040\060\036\006\003\125\004\003\023\027\145\155\123\151\147 -\156\040\105\103\103\040\122\157\157\164\040\103\101\040\055\040 -\107\063\060\036\027\015\061\070\060\062\061\070\061\070\063\060 -\060\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060 -\060\132\060\153\061\013\060\011\006\003\125\004\006\023\002\111 -\116\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151 -\147\156\040\120\113\111\061\045\060\043\006\003\125\004\012\023 -\034\145\115\165\144\150\162\141\040\124\145\143\150\156\157\154 -\157\147\151\145\163\040\114\151\155\151\164\145\144\061\040\060 -\036\006\003\125\004\003\023\027\145\155\123\151\147\156\040\105 -\103\103\040\122\157\157\164\040\103\101\040\055\040\107\063\060 -\166\060\020\006\007\052\206\110\316\075\002\001\006\005\053\201 -\004\000\042\003\142\000\004\043\245\014\270\055\022\365\050\363 -\261\262\335\342\002\022\200\236\071\137\111\115\237\311\045\064 -\131\164\354\273\006\034\347\300\162\257\350\256\057\341\101\124 -\207\024\250\112\262\350\174\202\346\133\152\265\334\263\165\316 -\213\006\320\206\043\277\106\325\216\017\077\004\364\327\034\222 -\176\366\245\143\302\365\137\216\056\117\241\030\031\002\053\062 -\012\202\144\175\026\223\321\243\102\060\100\060\035\006\003\125 -\035\016\004\026\004\024\174\135\002\204\023\324\314\212\233\201 -\316\027\034\056\051\036\234\110\143\102\060\016\006\003\125\035 -\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\012\006\010\052 -\206\110\316\075\004\003\003\003\151\000\060\146\002\061\000\276 -\363\141\317\002\020\035\144\225\007\270\030\156\210\205\005\057 -\203\010\027\220\312\037\212\114\350\015\033\172\261\255\325\201 -\011\107\357\073\254\010\004\174\134\231\261\355\107\007\322\002 -\061\000\235\272\125\374\251\112\350\355\355\346\166\001\102\173 -\310\370\140\331\215\121\213\125\073\373\214\173\353\145\011\303 -\370\226\315\107\250\202\362\026\125\167\044\176\022\020\225\004 -\054\243 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "emSign ECC Root CA - G3" -# Issuer: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN -# Serial Number:3c:f6:07:a9:68:70:0e:da:8b:84 -# Subject: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN -# Not Valid Before: Sun Feb 18 18:30:00 2018 -# Not Valid After : Wed Feb 18 18:30:00 2043 -# Fingerprint (SHA-256): 86:A1:EC:BA:08:9C:4A:8D:3B:BE:27:34:C6:12:BA:34:1D:81:3E:04:3C:F9:E8:A8:62:CD:5C:57:A3:6B:BE:6B -# Fingerprint (SHA1): 30:43:FA:4F:F2:57:DC:A0:C3:80:EE:2E:58:EA:78:B2:3F:E6:BB:C1 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "emSign ECC Root CA - G3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\060\103\372\117\362\127\334\240\303\200\356\056\130\352\170\262 -\077\346\273\301 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\316\013\162\321\237\210\216\320\120\003\350\343\270\213\147\100 -END -CKA_ISSUER MULTILINE_OCTAL -\060\153\061\013\060\011\006\003\125\004\006\023\002\111\116\061 -\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 -\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 -\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 -\151\145\163\040\114\151\155\151\164\145\144\061\040\060\036\006 -\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103 -\040\122\157\157\164\040\103\101\040\055\040\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\012\074\366\007\251\150\160\016\332\213\204 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "emSign Root CA - C1" -# -# Issuer: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US -# Serial Number:00:ae:cf:00:ba:c4:cf:32:f8:43:b2 -# Subject: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US -# Not Valid Before: Sun Feb 18 18:30:00 2018 -# Not Valid After : Wed Feb 18 18:30:00 2043 -# Fingerprint (SHA-256): 12:56:09:AA:30:1D:A0:A2:49:B9:7A:82:39:CB:6A:34:21:6F:44:DC:AC:9F:39:54:B1:42:92:F2:E8:C8:60:8F -# Fingerprint (SHA1): E7:2E:F1:DF:FC:B2:09:28:CF:5D:D4:D5:67:37:B1:51:CB:86:4F:01 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "emSign Root CA - C1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 -\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 -\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006\003 -\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157\164 -\040\103\101\040\055\040\103\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 -\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 -\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006\003 -\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157\164 -\040\103\101\040\055\040\103\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\000\256\317\000\272\304\317\062\370\103\262 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\163\060\202\002\133\240\003\002\001\002\002\013\000 -\256\317\000\272\304\317\062\370\103\262\060\015\006\011\052\206 -\110\206\367\015\001\001\013\005\000\060\126\061\013\060\011\006 -\003\125\004\006\023\002\125\123\061\023\060\021\006\003\125\004 -\013\023\012\145\155\123\151\147\156\040\120\113\111\061\024\060 -\022\006\003\125\004\012\023\013\145\115\165\144\150\162\141\040 -\111\156\143\061\034\060\032\006\003\125\004\003\023\023\145\155 -\123\151\147\156\040\122\157\157\164\040\103\101\040\055\040\103 -\061\060\036\027\015\061\070\060\062\061\070\061\070\063\060\060 -\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060\060 -\132\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147 -\156\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013 -\145\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006 -\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157 -\164\040\103\101\040\055\040\103\061\060\202\001\042\060\015\006 -\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017 -\000\060\202\001\012\002\202\001\001\000\317\353\251\271\361\231 -\005\314\330\050\041\112\363\163\064\121\204\126\020\365\240\117 -\054\022\343\372\023\232\047\320\317\371\171\032\164\137\035\171 -\071\374\133\370\160\216\340\222\122\367\344\045\371\124\203\331 -\035\323\310\132\205\077\136\307\266\007\356\076\300\316\232\257 -\254\126\102\052\071\045\160\326\277\265\173\066\255\254\366\163 -\334\315\327\035\212\203\245\373\053\220\025\067\153\034\046\107 -\334\073\051\126\223\152\263\301\152\072\235\075\365\301\227\070 -\130\005\213\034\021\343\344\264\270\135\205\035\203\376\170\137 -\013\105\150\030\110\245\106\163\064\073\376\017\310\166\273\307 -\030\363\005\321\206\363\205\355\347\271\331\062\255\125\210\316 -\246\266\221\260\117\254\176\025\043\226\366\077\360\040\064\026 -\336\012\306\304\004\105\171\177\247\375\276\322\251\245\257\234 -\305\043\052\367\074\041\154\275\257\217\116\305\072\262\363\064 -\022\374\337\200\032\111\244\324\251\225\367\236\211\136\242\211 -\254\224\313\250\150\233\257\212\145\047\315\211\356\335\214\265 -\153\051\160\103\240\151\013\344\271\017\002\003\001\000\001\243 -\102\060\100\060\035\006\003\125\035\016\004\026\004\024\376\241 -\340\160\036\052\003\071\122\132\102\276\134\221\205\172\030\252 -\115\265\060\016\006\003\125\035\017\001\001\377\004\004\003\002 -\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003 -\001\001\377\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\003\202\001\001\000\302\112\126\372\025\041\173\050\242 -\351\345\035\373\370\055\304\071\226\101\114\073\047\054\304\154 -\030\025\200\306\254\257\107\131\057\046\013\343\066\260\357\073 -\376\103\227\111\062\231\022\025\133\337\021\051\377\253\123\370 -\273\301\170\017\254\234\123\257\127\275\150\214\075\151\063\360 -\243\240\043\143\073\144\147\042\104\255\325\161\313\126\052\170 -\222\243\117\022\061\066\066\342\336\376\000\304\243\140\017\047 -\255\240\260\212\265\066\172\122\241\275\047\364\040\047\142\350 -\115\224\044\023\344\012\004\351\074\253\056\310\103\011\112\306 -\141\004\345\111\064\176\323\304\310\365\017\300\252\351\272\124 -\136\363\143\053\117\117\120\324\376\271\173\231\214\075\300\056 -\274\002\053\323\304\100\344\212\007\061\036\233\316\046\231\023 -\373\021\352\232\042\014\021\031\307\136\033\201\120\060\310\226 -\022\156\347\313\101\177\221\073\242\107\267\124\200\033\334\000 -\314\232\220\352\303\303\120\006\142\014\060\300\025\110\247\250 -\131\174\341\256\042\242\342\012\172\017\372\142\253\122\114\341 -\361\337\312\276\203\015\102 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "emSign Root CA - C1" -# Issuer: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US -# Serial Number:00:ae:cf:00:ba:c4:cf:32:f8:43:b2 -# Subject: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US -# Not Valid Before: Sun Feb 18 18:30:00 2018 -# Not Valid After : Wed Feb 18 18:30:00 2043 -# Fingerprint (SHA-256): 12:56:09:AA:30:1D:A0:A2:49:B9:7A:82:39:CB:6A:34:21:6F:44:DC:AC:9F:39:54:B1:42:92:F2:E8:C8:60:8F -# Fingerprint (SHA1): E7:2E:F1:DF:FC:B2:09:28:CF:5D:D4:D5:67:37:B1:51:CB:86:4F:01 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "emSign Root CA - C1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\347\056\361\337\374\262\011\050\317\135\324\325\147\067\261\121 -\313\206\117\001 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\330\343\135\001\041\372\170\132\260\337\272\322\356\052\137\150 -END -CKA_ISSUER MULTILINE_OCTAL -\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 -\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 -\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006\003 -\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157\164 -\040\103\101\040\055\040\103\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\013\000\256\317\000\272\304\317\062\370\103\262 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "emSign ECC Root CA - C3" -# -# Issuer: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US -# Serial Number:7b:71:b6:82:56:b8:12:7c:9c:a8 -# Subject: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US -# Not Valid Before: Sun Feb 18 18:30:00 2018 -# Not Valid After : Wed Feb 18 18:30:00 2043 -# Fingerprint (SHA-256): BC:4D:80:9B:15:18:9D:78:DB:3E:1D:8C:F4:F9:72:6A:79:5D:A1:64:3C:A5:F1:35:8E:1D:DB:0E:DC:0D:7E:B3 -# Fingerprint (SHA1): B6:AF:43:C2:9B:81:53:7D:F6:EF:6B:C3:1F:1F:60:15:0C:EE:48:66 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "emSign ECC Root CA - C3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 -\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 -\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006\003 -\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103\040 -\122\157\157\164\040\103\101\040\055\040\103\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 -\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 -\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006\003 -\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103\040 -\122\157\157\164\040\103\101\040\055\040\103\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\012\173\161\266\202\126\270\022\174\234\250 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\053\060\202\001\261\240\003\002\001\002\002\012\173 -\161\266\202\126\270\022\174\234\250\060\012\006\010\052\206\110 -\316\075\004\003\003\060\132\061\013\060\011\006\003\125\004\006 -\023\002\125\123\061\023\060\021\006\003\125\004\013\023\012\145 -\155\123\151\147\156\040\120\113\111\061\024\060\022\006\003\125 -\004\012\023\013\145\115\165\144\150\162\141\040\111\156\143\061 -\040\060\036\006\003\125\004\003\023\027\145\155\123\151\147\156 -\040\105\103\103\040\122\157\157\164\040\103\101\040\055\040\103 -\063\060\036\027\015\061\070\060\062\061\070\061\070\063\060\060 -\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060\060 -\132\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147 -\156\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013 -\145\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006 -\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103 -\040\122\157\157\164\040\103\101\040\055\040\103\063\060\166\060 -\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000 -\042\003\142\000\004\375\245\141\256\173\046\020\035\351\267\042 -\060\256\006\364\201\263\261\102\161\225\071\274\323\122\343\257 -\257\371\362\227\065\222\066\106\016\207\225\215\271\071\132\351 -\273\337\320\376\310\007\101\074\273\125\157\203\243\152\373\142 -\260\201\211\002\160\175\110\305\112\343\351\042\124\042\115\223 -\273\102\014\257\167\234\043\246\175\327\141\021\316\145\307\370 -\177\376\365\362\251\243\102\060\100\060\035\006\003\125\035\016 -\004\026\004\024\373\132\110\320\200\040\100\362\250\351\000\007 -\151\031\167\247\346\303\364\317\060\016\006\003\125\035\017\001 -\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023\001 -\001\377\004\005\060\003\001\001\377\060\012\006\010\052\206\110 -\316\075\004\003\003\003\150\000\060\145\002\061\000\264\330\057 -\002\211\375\266\114\142\272\103\116\023\204\162\265\256\335\034 -\336\326\265\334\126\217\130\100\132\055\336\040\114\042\203\312 -\223\250\176\356\022\100\307\326\207\117\370\337\205\002\060\034 -\024\144\344\174\226\203\021\234\260\321\132\141\113\246\017\111 -\323\000\374\241\374\344\245\377\177\255\327\060\320\307\167\177 -\276\201\007\125\060\120\040\024\365\127\070\012\250\061\121 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "emSign ECC Root CA - C3" -# Issuer: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US -# Serial Number:7b:71:b6:82:56:b8:12:7c:9c:a8 -# Subject: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US -# Not Valid Before: Sun Feb 18 18:30:00 2018 -# Not Valid After : Wed Feb 18 18:30:00 2043 -# Fingerprint (SHA-256): BC:4D:80:9B:15:18:9D:78:DB:3E:1D:8C:F4:F9:72:6A:79:5D:A1:64:3C:A5:F1:35:8E:1D:DB:0E:DC:0D:7E:B3 -# Fingerprint (SHA1): B6:AF:43:C2:9B:81:53:7D:F6:EF:6B:C3:1F:1F:60:15:0C:EE:48:66 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "emSign ECC Root CA - C3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\266\257\103\302\233\201\123\175\366\357\153\303\037\037\140\025 -\014\356\110\146 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\076\123\263\243\201\356\327\020\370\323\260\035\027\222\365\325 -END -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 -\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 -\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006\003 -\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103\040 -\122\157\157\164\040\103\101\040\055\040\103\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\012\173\161\266\202\126\270\022\174\234\250 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Hongkong Post Root CA 3" -# -# Issuer: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK -# Serial Number:08:16:5f:8a:4c:a5:ec:00:c9:93:40:df:c4:c6:ae:23:b8:1c:5a:a4 -# Subject: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK -# Not Valid Before: Sat Jun 03 02:29:46 2017 -# Not Valid After : Tue Jun 03 02:29:46 2042 -# Fingerprint (SHA-256): 5A:2F:C0:3F:0C:83:B0:90:BB:FA:40:60:4B:09:88:44:6C:76:36:18:3D:F9:84:6E:17:10:1A:44:7F:B8:EF:D6 -# Fingerprint (SHA1): 58:A2:D0:EC:20:52:81:5B:C1:F3:F8:64:02:24:4E:C2:8E:02:4B:02 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Hongkong Post Root CA 3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\157\061\013\060\011\006\003\125\004\006\023\002\110\113\061 -\022\060\020\006\003\125\004\010\023\011\110\157\156\147\040\113 -\157\156\147\061\022\060\020\006\003\125\004\007\023\011\110\157 -\156\147\040\113\157\156\147\061\026\060\024\006\003\125\004\012 -\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164\061 -\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153\157 -\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101\040 -\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\157\061\013\060\011\006\003\125\004\006\023\002\110\113\061 -\022\060\020\006\003\125\004\010\023\011\110\157\156\147\040\113 -\157\156\147\061\022\060\020\006\003\125\004\007\023\011\110\157 -\156\147\040\113\157\156\147\061\026\060\024\006\003\125\004\012 -\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164\061 -\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153\157 -\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101\040 -\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\024\010\026\137\212\114\245\354\000\311\223\100\337\304\306 -\256\043\270\034\132\244 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\317\060\202\003\267\240\003\002\001\002\002\024\010 -\026\137\212\114\245\354\000\311\223\100\337\304\306\256\043\270 -\034\132\244\060\015\006\011\052\206\110\206\367\015\001\001\013 -\005\000\060\157\061\013\060\011\006\003\125\004\006\023\002\110 -\113\061\022\060\020\006\003\125\004\010\023\011\110\157\156\147 -\040\113\157\156\147\061\022\060\020\006\003\125\004\007\023\011 -\110\157\156\147\040\113\157\156\147\061\026\060\024\006\003\125 -\004\012\023\015\110\157\156\147\153\157\156\147\040\120\157\163 -\164\061\040\060\036\006\003\125\004\003\023\027\110\157\156\147 -\153\157\156\147\040\120\157\163\164\040\122\157\157\164\040\103 -\101\040\063\060\036\027\015\061\067\060\066\060\063\060\062\062 -\071\064\066\132\027\015\064\062\060\066\060\063\060\062\062\071 -\064\066\132\060\157\061\013\060\011\006\003\125\004\006\023\002 -\110\113\061\022\060\020\006\003\125\004\010\023\011\110\157\156 -\147\040\113\157\156\147\061\022\060\020\006\003\125\004\007\023 -\011\110\157\156\147\040\113\157\156\147\061\026\060\024\006\003 -\125\004\012\023\015\110\157\156\147\153\157\156\147\040\120\157 -\163\164\061\040\060\036\006\003\125\004\003\023\027\110\157\156 -\147\153\157\156\147\040\120\157\163\164\040\122\157\157\164\040 -\103\101\040\063\060\202\002\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012 -\002\202\002\001\000\263\210\327\352\316\017\040\116\276\346\326 -\003\155\356\131\374\302\127\337\051\150\241\203\016\076\150\307 -\150\130\234\034\140\113\211\103\014\271\324\025\262\356\301\116 -\165\351\265\247\357\345\351\065\231\344\314\034\347\113\137\215 -\063\060\040\063\123\331\246\273\325\076\023\216\351\037\207\111 -\255\120\055\120\312\030\276\001\130\242\023\160\226\273\211\210 -\126\200\134\370\275\054\074\341\114\127\210\273\323\271\225\357 -\313\307\366\332\061\164\050\246\346\124\211\365\101\061\312\345 -\046\032\315\202\340\160\332\073\051\273\325\003\365\231\272\125 -\365\144\321\140\016\263\211\111\270\212\057\005\322\204\105\050 -\174\217\150\120\022\170\374\013\265\123\313\302\230\034\204\243 -\236\260\276\043\244\332\334\310\053\036\332\156\105\036\211\230 -\332\371\000\056\006\351\014\073\160\325\120\045\210\231\313\315 -\163\140\367\325\377\065\147\305\241\274\136\253\315\112\270\105 -\353\310\150\036\015\015\024\106\022\343\322\144\142\212\102\230 -\274\264\306\010\010\370\375\250\114\144\234\166\001\275\057\251 -\154\063\017\330\077\050\270\074\151\001\102\206\176\151\301\311 -\006\312\345\172\106\145\351\302\326\120\101\056\077\267\344\355 -\154\327\277\046\001\021\242\026\051\112\153\064\006\220\354\023 -\322\266\373\152\166\322\074\355\360\326\055\335\341\025\354\243 -\233\057\054\311\076\053\344\151\073\377\162\045\261\066\206\133 -\307\177\153\213\125\033\112\305\040\141\075\256\313\120\341\010 -\072\276\260\217\143\101\123\060\010\131\074\230\035\167\272\143 -\221\172\312\020\120\140\277\360\327\274\225\207\217\227\305\376 -\227\152\001\224\243\174\133\205\035\052\071\072\320\124\241\321 -\071\161\235\375\041\371\265\173\360\342\340\002\217\156\226\044 -\045\054\240\036\054\250\304\211\247\357\355\231\006\057\266\012 -\114\117\333\242\314\067\032\257\107\205\055\212\137\304\064\064 -\114\000\375\030\223\147\023\321\067\346\110\264\213\006\305\127 -\173\031\206\012\171\313\000\311\122\257\102\377\067\217\341\243 -\036\172\075\120\253\143\006\347\025\265\077\266\105\067\224\067 -\261\176\362\110\303\177\305\165\376\227\215\105\217\032\247\032 -\162\050\032\100\017\002\003\001\000\001\243\143\060\141\060\017 -\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 -\037\006\003\125\035\043\004\030\060\026\200\024\027\235\315\036 -\213\326\071\053\160\323\134\324\240\270\037\260\000\374\305\141 -\060\035\006\003\125\035\016\004\026\004\024\027\235\315\036\213 -\326\071\053\160\323\134\324\240\270\037\260\000\374\305\141\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202 -\002\001\000\126\325\173\156\346\042\001\322\102\233\030\325\016 -\327\146\043\134\343\376\240\307\222\322\351\224\255\113\242\306 -\354\022\174\164\325\110\322\131\024\231\300\353\271\321\353\364 -\110\060\133\255\247\127\163\231\251\323\345\267\321\056\131\044 -\130\334\150\056\056\142\330\152\344\160\013\055\040\120\040\244 -\062\225\321\000\230\273\323\375\367\062\362\111\256\306\172\340 -\107\276\156\316\313\243\162\072\055\151\135\313\310\350\105\071 -\324\372\102\301\021\114\167\135\222\373\152\377\130\104\345\353 -\201\236\257\240\231\255\276\251\001\146\313\070\035\074\337\103 -\037\364\115\156\264\272\027\106\374\175\375\207\201\171\152\015 -\063\017\372\057\370\024\271\200\263\135\115\252\227\341\371\344 -\030\305\370\325\070\214\046\074\375\362\050\342\356\132\111\210 -\054\337\171\075\216\236\220\074\275\101\112\072\335\133\366\232 -\264\316\077\045\060\177\062\175\242\003\224\320\334\172\241\122 -\336\156\223\215\030\046\375\125\254\275\217\233\322\317\257\347 -\206\054\313\037\011\157\243\157\251\204\324\163\277\115\241\164 -\033\116\043\140\362\314\016\252\177\244\234\114\045\250\262\146 -\073\070\377\331\224\060\366\162\204\276\150\125\020\017\306\163 -\054\026\151\223\007\376\261\105\355\273\242\125\152\260\332\265 -\112\002\045\047\205\327\267\267\206\104\026\211\154\200\053\076 -\227\251\234\325\176\125\114\306\336\105\020\034\352\351\073\237 -\003\123\356\356\172\001\002\026\170\324\350\302\276\106\166\210 -\023\077\042\273\110\022\035\122\000\264\002\176\041\032\036\234 -\045\364\363\075\136\036\322\034\371\263\055\266\367\067\134\306 -\313\041\116\260\367\231\107\030\205\301\053\272\125\256\006\352 -\320\007\262\334\253\320\202\226\165\316\322\120\376\231\347\317 -\057\237\347\166\321\141\052\373\041\273\061\320\252\237\107\244 -\262\042\312\026\072\120\127\304\133\103\147\305\145\142\003\111 -\001\353\103\331\330\370\236\255\317\261\143\016\105\364\240\132 -\054\233\055\305\246\300\255\250\107\364\047\114\070\015\056\033 -\111\073\122\364\350\210\203\053\124\050\324\362\065\122\264\062 -\203\142\151\144\014\221\234\237\227\352\164\026\375\037\021\006 -\232\233\364 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Hongkong Post Root CA 3" -# Issuer: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK -# Serial Number:08:16:5f:8a:4c:a5:ec:00:c9:93:40:df:c4:c6:ae:23:b8:1c:5a:a4 -# Subject: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK -# Not Valid Before: Sat Jun 03 02:29:46 2017 -# Not Valid After : Tue Jun 03 02:29:46 2042 -# Fingerprint (SHA-256): 5A:2F:C0:3F:0C:83:B0:90:BB:FA:40:60:4B:09:88:44:6C:76:36:18:3D:F9:84:6E:17:10:1A:44:7F:B8:EF:D6 -# Fingerprint (SHA1): 58:A2:D0:EC:20:52:81:5B:C1:F3:F8:64:02:24:4E:C2:8E:02:4B:02 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Hongkong Post Root CA 3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\130\242\320\354\040\122\201\133\301\363\370\144\002\044\116\302 -\216\002\113\002 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\021\374\237\275\163\060\002\212\375\077\363\130\271\313\040\360 -END -CKA_ISSUER MULTILINE_OCTAL -\060\157\061\013\060\011\006\003\125\004\006\023\002\110\113\061 -\022\060\020\006\003\125\004\010\023\011\110\157\156\147\040\113 -\157\156\147\061\022\060\020\006\003\125\004\007\023\011\110\157 -\156\147\040\113\157\156\147\061\026\060\024\006\003\125\004\012 -\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164\061 -\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153\157 -\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101\040 -\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\024\010\026\137\212\114\245\354\000\311\223\100\337\304\306 -\256\043\270\034\132\244 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Entrust Root Certification Authority - G4" -# -# Issuer: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US -# Serial Number:00:d9:b5:43:7f:af:a9:39:0f:00:00:00:00:55:65:ad:58 -# Subject: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US -# Not Valid Before: Wed May 27 11:11:16 2015 -# Not Valid After : Sun Dec 27 11:41:16 2037 -# Fingerprint (SHA-256): DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88 -# Fingerprint (SHA1): 14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Entrust Root Certification Authority - G4" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 -\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 -\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 -\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 -\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 -\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 -\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 -\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 -\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 -\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 -\064 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 -\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 -\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 -\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 -\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 -\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 -\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 -\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 -\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 -\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 -\064 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\331\265\103\177\257\251\071\017\000\000\000\000\125 -\145\255\130 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\006\113\060\202\004\063\240\003\002\001\002\002\021\000 -\331\265\103\177\257\251\071\017\000\000\000\000\125\145\255\130 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165\163 -\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 -\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165\163 -\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162\155 -\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051\040 -\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111\156 -\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162\151 -\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060\060 -\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040\122 -\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107\064 -\060\036\027\015\061\065\060\065\062\067\061\061\061\061\061\066 -\132\027\015\063\067\061\062\062\067\061\061\064\061\061\066\132 -\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 -\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 -\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 -\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 -\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 -\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 -\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 -\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 -\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 -\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 -\064\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001 -\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002 -\001\000\261\354\054\102\356\342\321\060\377\245\222\107\342\055 -\303\272\144\227\155\312\367\015\265\131\301\263\313\250\150\031 -\330\257\204\155\060\160\135\176\363\056\322\123\231\341\376\037 -\136\331\110\257\135\023\215\333\377\143\063\115\323\000\002\274 -\304\370\321\006\010\224\171\130\212\025\336\051\263\375\375\304 -\117\350\252\342\240\073\171\315\277\153\103\062\335\331\164\020 -\271\367\364\150\324\273\320\207\325\252\113\212\052\157\052\004 -\265\262\246\307\240\172\346\110\253\322\321\131\314\326\176\043 -\346\227\154\360\102\345\334\121\113\025\101\355\111\112\311\336 -\020\227\326\166\301\357\245\265\066\024\227\065\330\170\042\065 -\122\357\103\275\333\047\333\141\126\202\064\334\313\210\140\014 -\013\132\345\054\001\306\124\257\327\252\301\020\173\322\005\132 -\270\100\236\206\247\303\220\206\002\126\122\011\172\234\322\047 -\202\123\112\145\122\152\365\074\347\250\362\234\257\213\275\323 -\016\324\324\136\156\207\236\152\075\105\035\321\135\033\364\351 -\012\254\140\231\373\211\264\377\230\054\317\174\035\351\002\252 -\004\232\036\270\334\210\156\045\263\154\146\367\074\220\363\127 -\301\263\057\365\155\362\373\312\241\370\051\235\106\213\263\152 -\366\346\147\007\276\054\147\012\052\037\132\262\076\127\304\323 -\041\041\143\145\122\221\033\261\231\216\171\176\346\353\215\000 -\331\132\252\352\163\350\244\202\002\107\226\376\133\216\124\141 -\243\353\057\113\060\260\213\043\165\162\174\041\074\310\366\361 -\164\324\034\173\243\005\125\356\273\115\073\062\276\232\167\146 -\236\254\151\220\042\007\037\141\072\226\276\345\232\117\314\005 -\074\050\131\323\301\014\124\250\131\141\275\310\162\114\350\334 -\237\207\177\275\234\110\066\136\225\243\016\271\070\044\125\374 -\165\146\353\002\343\010\064\051\112\306\343\053\057\063\240\332 -\243\206\245\022\227\375\200\053\332\024\102\343\222\275\076\362 -\135\136\147\164\056\034\210\107\051\064\137\342\062\250\234\045 -\067\214\272\230\000\227\213\111\226\036\375\045\212\254\334\332 -\330\135\164\156\146\260\377\104\337\241\030\306\276\110\057\067 -\224\170\370\225\112\077\177\023\136\135\131\375\164\206\103\143 -\163\111\002\003\001\000\001\243\102\060\100\060\017\006\003\125 -\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003 -\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003 -\125\035\016\004\026\004\024\237\070\304\126\043\303\071\350\240 -\161\154\350\124\114\344\350\072\261\277\147\060\015\006\011\052 -\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\022 -\345\102\246\173\213\017\014\344\106\245\266\140\100\207\214\045 -\176\255\270\150\056\133\306\100\166\074\003\370\311\131\364\363 -\253\142\316\020\215\264\132\144\214\150\300\260\162\103\064\322 -\033\013\366\054\123\322\312\220\113\206\146\374\252\203\042\364 -\213\032\157\046\110\254\166\167\010\277\305\230\134\364\046\211 -\236\173\303\271\144\062\001\177\323\303\335\130\155\354\261\253 -\204\125\164\167\204\004\047\122\153\206\114\316\335\271\145\377 -\326\306\136\237\232\020\231\113\165\152\376\152\351\227\040\344 -\344\166\172\306\320\044\252\220\315\040\220\272\107\144\373\177 -\007\263\123\170\265\012\142\362\163\103\316\101\053\201\152\056 -\205\026\224\123\324\153\137\162\042\253\121\055\102\325\000\234 -\231\277\336\273\224\073\127\375\232\365\206\313\126\073\133\210 -\001\345\174\050\113\003\371\111\203\174\262\177\174\343\355\216 -\241\177\140\123\216\125\235\120\064\022\017\267\227\173\154\207 -\112\104\347\365\155\354\200\067\360\130\031\156\112\150\166\360 -\037\222\344\352\265\222\323\141\121\020\013\255\247\331\137\307 -\137\334\037\243\134\214\241\176\233\267\236\323\126\157\146\136 -\007\226\040\355\013\164\373\146\116\213\021\025\351\201\111\176 -\157\260\324\120\177\042\327\137\145\002\015\246\364\205\036\330 -\256\006\113\112\247\322\061\146\302\370\316\345\010\246\244\002 -\226\104\150\127\304\325\063\317\031\057\024\304\224\034\173\244 -\331\360\237\016\261\200\342\321\236\021\144\251\210\021\072\166 -\202\345\142\302\200\330\244\203\355\223\357\174\057\220\260\062 -\114\226\025\150\110\122\324\231\010\300\044\350\034\343\263\245 -\041\016\222\300\220\037\317\040\137\312\073\070\307\267\155\072 -\363\346\104\270\016\061\153\210\216\160\353\234\027\122\250\101 -\224\056\207\266\347\246\022\305\165\337\133\300\012\156\173\244 -\344\136\206\371\066\224\337\167\303\351\015\300\071\361\171\273 -\106\216\253\103\131\047\267\040\273\043\351\126\100\041\354\061 -\075\145\252\103\362\075\337\160\104\341\272\115\046\020\073\230 -\237\363\310\216\033\070\126\041\152\121\223\323\221\312\106\332 -\211\267\075\123\203\054\010\037\213\217\123\335\377\254\037 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "Entrust Root Certification Authority - G4" -# Issuer: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US -# Serial Number:00:d9:b5:43:7f:af:a9:39:0f:00:00:00:00:55:65:ad:58 -# Subject: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US -# Not Valid Before: Wed May 27 11:11:16 2015 -# Not Valid After : Sun Dec 27 11:41:16 2037 -# Fingerprint (SHA-256): DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88 -# Fingerprint (SHA1): 14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Entrust Root Certification Authority - G4" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\024\210\116\206\046\067\260\046\257\131\142\134\100\167\354\065 -\051\272\226\001 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\211\123\361\203\043\267\174\216\005\361\214\161\070\116\037\210 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 -\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 -\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 -\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 -\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 -\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 -\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 -\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 -\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 -\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 -\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 -\064 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\331\265\103\177\257\251\071\017\000\000\000\000\125 -\145\255\130 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Microsoft ECC Root Certificate Authority 2017" -# -# Issuer: CN=Microsoft ECC Root Certificate Authority 2017,O=Microsoft Corporation,C=US -# Serial Number:66:f2:3d:af:87:de:8b:b1:4a:ea:0c:57:31:01:c2:ec -# Subject: CN=Microsoft ECC Root Certificate Authority 2017,O=Microsoft Corporation,C=US -# Not Valid Before: Wed Dec 18 23:06:45 2019 -# Not Valid After : Fri Jul 18 23:16:04 2042 -# Fingerprint (SHA-256): 35:8D:F3:9D:76:4A:F9:E1:B7:66:E9:C9:72:DF:35:2E:E1:5C:FA:C2:27:AF:6A:D1:D7:0E:8E:4A:6E:DC:BA:02 -# Fingerprint (SHA1): 99:9A:64:C3:7F:F4:7D:9F:AB:95:F1:47:69:89:14:60:EE:C4:C3:C5 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Microsoft ECC Root Certificate Authority 2017" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\036\060\034\006\003\125\004\012\023\025\115\151\143\162\157\163 -\157\146\164\040\103\157\162\160\157\162\141\164\151\157\156\061 -\066\060\064\006\003\125\004\003\023\055\115\151\143\162\157\163 -\157\146\164\040\105\103\103\040\122\157\157\164\040\103\145\162 -\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151 -\164\171\040\062\060\061\067 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\036\060\034\006\003\125\004\012\023\025\115\151\143\162\157\163 -\157\146\164\040\103\157\162\160\157\162\141\164\151\157\156\061 -\066\060\064\006\003\125\004\003\023\055\115\151\143\162\157\163 -\157\146\164\040\105\103\103\040\122\157\157\164\040\103\145\162 -\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151 -\164\171\040\062\060\061\067 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\146\362\075\257\207\336\213\261\112\352\014\127\061\001 -\302\354 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\131\060\202\001\337\240\003\002\001\002\002\020\146 -\362\075\257\207\336\213\261\112\352\014\127\061\001\302\354\060 -\012\006\010\052\206\110\316\075\004\003\003\060\145\061\013\060 -\011\006\003\125\004\006\023\002\125\123\061\036\060\034\006\003 -\125\004\012\023\025\115\151\143\162\157\163\157\146\164\040\103 -\157\162\160\157\162\141\164\151\157\156\061\066\060\064\006\003 -\125\004\003\023\055\115\151\143\162\157\163\157\146\164\040\105 -\103\103\040\122\157\157\164\040\103\145\162\164\151\146\151\143 -\141\164\145\040\101\165\164\150\157\162\151\164\171\040\062\060 -\061\067\060\036\027\015\061\071\061\062\061\070\062\063\060\066 -\064\065\132\027\015\064\062\060\067\061\070\062\063\061\066\060 -\064\132\060\145\061\013\060\011\006\003\125\004\006\023\002\125 -\123\061\036\060\034\006\003\125\004\012\023\025\115\151\143\162 -\157\163\157\146\164\040\103\157\162\160\157\162\141\164\151\157 -\156\061\066\060\064\006\003\125\004\003\023\055\115\151\143\162 -\157\163\157\146\164\040\105\103\103\040\122\157\157\164\040\103 -\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157 -\162\151\164\171\040\062\060\061\067\060\166\060\020\006\007\052 -\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 -\004\324\274\075\002\102\165\101\023\043\315\200\004\206\002\121 -\057\152\250\201\142\013\145\314\366\312\235\036\157\112\146\121 -\242\003\331\235\221\372\266\026\261\214\156\336\174\315\333\171 -\246\057\316\273\316\161\057\345\245\253\050\354\143\004\146\231 -\370\372\362\223\020\005\341\201\050\102\343\306\150\364\346\033 -\204\140\112\211\257\355\171\017\073\316\361\366\104\365\001\170 -\300\243\124\060\122\060\016\006\003\125\035\017\001\001\377\004 -\004\003\002\001\206\060\017\006\003\125\035\023\001\001\377\004 -\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004 -\024\310\313\231\162\160\122\014\370\346\276\262\004\127\051\052 -\317\102\020\355\065\060\020\006\011\053\006\001\004\001\202\067 -\025\001\004\003\002\001\000\060\012\006\010\052\206\110\316\075 -\004\003\003\003\150\000\060\145\002\060\130\362\115\352\014\371 -\137\136\356\140\051\313\072\362\333\326\062\204\031\077\174\325 -\057\302\261\314\223\256\120\273\011\062\306\306\355\176\311\066 -\224\022\344\150\205\006\242\033\320\057\002\061\000\231\351\026 -\264\016\372\126\110\324\244\060\026\221\170\333\124\214\145\001 -\212\347\120\146\302\061\267\071\272\270\032\042\007\116\374\153 -\124\026\040\377\053\265\347\114\014\115\246\117\163 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Microsoft ECC Root Certificate Authority 2017" -# Issuer: CN=Microsoft ECC Root Certificate Authority 2017,O=Microsoft Corporation,C=US -# Serial Number:66:f2:3d:af:87:de:8b:b1:4a:ea:0c:57:31:01:c2:ec -# Subject: CN=Microsoft ECC Root Certificate Authority 2017,O=Microsoft Corporation,C=US -# Not Valid Before: Wed Dec 18 23:06:45 2019 -# Not Valid After : Fri Jul 18 23:16:04 2042 -# Fingerprint (SHA-256): 35:8D:F3:9D:76:4A:F9:E1:B7:66:E9:C9:72:DF:35:2E:E1:5C:FA:C2:27:AF:6A:D1:D7:0E:8E:4A:6E:DC:BA:02 -# Fingerprint (SHA1): 99:9A:64:C3:7F:F4:7D:9F:AB:95:F1:47:69:89:14:60:EE:C4:C3:C5 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Microsoft ECC Root Certificate Authority 2017" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\231\232\144\303\177\364\175\237\253\225\361\107\151\211\024\140 -\356\304\303\305 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\335\241\003\346\112\223\020\321\277\360\031\102\313\376\355\147 -END -CKA_ISSUER MULTILINE_OCTAL -\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\036\060\034\006\003\125\004\012\023\025\115\151\143\162\157\163 -\157\146\164\040\103\157\162\160\157\162\141\164\151\157\156\061 -\066\060\064\006\003\125\004\003\023\055\115\151\143\162\157\163 -\157\146\164\040\105\103\103\040\122\157\157\164\040\103\145\162 -\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151 -\164\171\040\062\060\061\067 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\146\362\075\257\207\336\213\261\112\352\014\127\061\001 -\302\354 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Microsoft RSA Root Certificate Authority 2017" -# -# Issuer: CN=Microsoft RSA Root Certificate Authority 2017,O=Microsoft Corporation,C=US -# Serial Number:1e:d3:97:09:5f:d8:b4:b3:47:70:1e:aa:be:7f:45:b3 -# Subject: CN=Microsoft RSA Root Certificate Authority 2017,O=Microsoft Corporation,C=US -# Not Valid Before: Wed Dec 18 22:51:22 2019 -# Not Valid After : Fri Jul 18 23:00:23 2042 -# Fingerprint (SHA-256): C7:41:F7:0F:4B:2A:8D:88:BF:2E:71:C1:41:22:EF:53:EF:10:EB:A0:CF:A5:E6:4C:FA:20:F4:18:85:30:73:E0 -# Fingerprint (SHA1): 73:A5:E6:4A:3B:FF:83:16:FF:0E:DC:CC:61:8A:90:6E:4E:AE:4D:74 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Microsoft RSA Root Certificate Authority 2017" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\036\060\034\006\003\125\004\012\023\025\115\151\143\162\157\163 -\157\146\164\040\103\157\162\160\157\162\141\164\151\157\156\061 -\066\060\064\006\003\125\004\003\023\055\115\151\143\162\157\163 -\157\146\164\040\122\123\101\040\122\157\157\164\040\103\145\162 -\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151 -\164\171\040\062\060\061\067 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\036\060\034\006\003\125\004\012\023\025\115\151\143\162\157\163 -\157\146\164\040\103\157\162\160\157\162\141\164\151\157\156\061 -\066\060\064\006\003\125\004\003\023\055\115\151\143\162\157\163 -\157\146\164\040\122\123\101\040\122\157\157\164\040\103\145\162 -\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151 -\164\171\040\062\060\061\067 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\036\323\227\011\137\330\264\263\107\160\036\252\276\177 -\105\263 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\250\060\202\003\220\240\003\002\001\002\002\020\036 -\323\227\011\137\330\264\263\107\160\036\252\276\177\105\263\060 -\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\145 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\036\060 -\034\006\003\125\004\012\023\025\115\151\143\162\157\163\157\146 -\164\040\103\157\162\160\157\162\141\164\151\157\156\061\066\060 -\064\006\003\125\004\003\023\055\115\151\143\162\157\163\157\146 -\164\040\122\123\101\040\122\157\157\164\040\103\145\162\164\151 -\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171 -\040\062\060\061\067\060\036\027\015\061\071\061\062\061\070\062 -\062\065\061\062\062\132\027\015\064\062\060\067\061\070\062\063 -\060\060\062\063\132\060\145\061\013\060\011\006\003\125\004\006 -\023\002\125\123\061\036\060\034\006\003\125\004\012\023\025\115 -\151\143\162\157\163\157\146\164\040\103\157\162\160\157\162\141 -\164\151\157\156\061\066\060\064\006\003\125\004\003\023\055\115 -\151\143\162\157\163\157\146\164\040\122\123\101\040\122\157\157 -\164\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165 -\164\150\157\162\151\164\171\040\062\060\061\067\060\202\002\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\002\017\000\060\202\002\012\002\202\002\001\000\312\133\276 -\224\063\214\051\225\221\026\012\225\275\107\142\301\211\363\231 -\066\337\106\220\311\245\355\170\152\157\107\221\150\370\047\147 -\120\063\035\241\246\373\340\345\103\243\204\002\127\001\135\234 -\110\100\202\123\020\274\277\307\073\150\220\266\202\055\345\364 -\145\320\314\155\031\314\225\371\173\254\112\224\255\016\336\113 -\103\035\207\007\222\023\220\200\203\144\065\071\004\374\345\351 -\154\263\266\037\120\224\070\145\120\134\027\106\271\266\205\265 -\034\265\027\350\326\105\235\330\262\046\260\312\304\160\112\256 -\140\244\335\263\331\354\374\073\325\127\162\274\077\310\311\262 -\336\113\153\370\043\154\003\300\005\275\225\307\315\163\073\146 -\200\144\343\032\254\056\371\107\005\362\006\266\233\163\365\170 -\063\133\307\241\373\047\052\241\264\232\221\214\221\323\072\202 -\076\166\100\264\315\122\141\121\160\050\077\305\305\132\362\311 -\214\111\273\024\133\115\310\377\147\115\114\022\226\255\365\376 -\170\250\227\207\327\375\136\040\200\334\241\113\042\373\324\211 -\255\272\316\107\227\107\125\173\217\105\310\147\050\204\225\034 -\150\060\357\357\111\340\065\173\144\347\230\260\224\332\115\205 -\073\076\125\304\050\257\127\363\236\023\333\106\047\237\036\242 -\136\104\203\244\245\312\325\023\263\113\077\304\343\302\346\206 -\141\244\122\060\271\172\040\117\157\017\070\123\313\063\014\023 -\053\217\326\232\275\052\310\055\261\034\175\113\121\312\107\321 -\110\047\162\135\207\353\325\105\346\110\145\235\257\122\220\272 -\133\242\030\145\127\022\237\150\271\324\025\153\224\304\151\042 -\230\364\063\340\355\371\121\216\101\120\311\064\117\166\220\254 -\374\070\301\330\341\173\271\343\343\224\341\106\151\313\016\012 -\120\153\023\272\254\017\067\132\267\022\265\220\201\036\126\256 -\127\042\206\331\311\322\321\327\121\343\253\073\306\125\375\036 -\016\323\164\012\321\332\252\352\151\270\227\050\217\110\304\007 -\370\122\103\072\364\312\125\065\054\260\246\152\300\234\371\362 -\201\341\022\152\300\105\331\147\263\316\377\043\242\211\012\124 -\324\024\271\052\250\327\354\371\253\315\045\130\062\171\217\220 -\133\230\071\304\010\006\301\254\177\016\075\000\245\002\003\001 -\000\001\243\124\060\122\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\206\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026 -\004\024\011\313\131\177\206\262\160\217\032\303\071\343\300\331 -\351\277\273\115\262\043\060\020\006\011\053\006\001\004\001\202 -\067\025\001\004\003\002\001\000\060\015\006\011\052\206\110\206 -\367\015\001\001\014\005\000\003\202\002\001\000\254\257\076\135 -\302\021\226\211\216\243\347\222\326\227\025\270\023\242\246\102 -\056\002\315\026\005\131\047\312\040\350\272\270\350\032\354\115 -\250\227\126\256\145\103\261\217\000\233\122\315\125\315\123\071 -\155\142\114\213\015\133\174\056\104\277\203\020\217\363\123\202 -\200\303\117\072\307\156\021\077\346\343\026\221\204\373\155\204 -\177\064\164\255\211\247\316\271\327\327\237\204\144\222\276\225 -\241\255\011\123\063\335\356\012\352\112\121\216\157\125\253\272 -\265\224\106\256\214\177\330\242\120\045\145\140\200\106\333\063 -\004\256\154\265\230\164\124\045\334\223\344\370\343\125\025\075 -\270\155\303\012\244\022\301\151\205\156\337\144\361\123\231\341 -\112\165\040\235\225\017\344\326\334\003\361\131\030\350\107\211 -\262\127\132\224\266\251\330\027\053\027\111\345\166\313\301\126 -\231\072\067\261\377\151\054\221\221\223\341\337\114\243\067\166 -\115\241\237\370\155\036\035\323\372\354\373\364\105\035\023\155 -\317\367\131\345\042\047\162\053\206\363\127\273\060\355\044\115 -\334\175\126\273\243\263\370\064\171\211\301\340\362\002\141\367 -\246\374\017\273\034\027\013\256\101\331\174\275\047\243\375\056 -\072\321\223\224\261\163\035\044\213\257\133\040\211\255\267\147 -\146\171\365\072\306\246\226\063\376\123\222\310\106\261\021\221 -\306\231\177\217\311\326\146\061\040\101\020\207\055\014\326\301 -\257\064\230\312\144\203\373\023\127\321\301\360\074\172\214\245 -\301\375\225\041\240\161\301\223\147\161\022\352\217\210\012\151 -\031\144\231\043\126\373\254\052\056\160\276\146\304\014\204\357 -\345\213\363\223\001\370\152\220\223\147\113\262\150\243\265\142 -\217\351\077\214\172\073\136\017\347\214\270\306\174\357\067\375 -\164\342\310\117\063\162\341\224\071\155\275\022\257\276\014\116 -\160\174\033\157\215\263\062\223\163\104\026\155\350\364\367\340 -\225\200\217\226\135\070\244\364\253\336\012\060\207\223\330\115 -\000\161\142\105\047\113\072\102\204\133\177\145\267\147\064\122 -\055\234\026\153\252\250\330\173\243\102\114\161\307\014\312\076 -\203\344\246\357\267\001\060\136\121\243\171\365\160\151\246\101 -\104\017\206\260\054\221\306\075\352\256\017\204 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "Microsoft RSA Root Certificate Authority 2017" -# Issuer: CN=Microsoft RSA Root Certificate Authority 2017,O=Microsoft Corporation,C=US -# Serial Number:1e:d3:97:09:5f:d8:b4:b3:47:70:1e:aa:be:7f:45:b3 -# Subject: CN=Microsoft RSA Root Certificate Authority 2017,O=Microsoft Corporation,C=US -# Not Valid Before: Wed Dec 18 22:51:22 2019 -# Not Valid After : Fri Jul 18 23:00:23 2042 -# Fingerprint (SHA-256): C7:41:F7:0F:4B:2A:8D:88:BF:2E:71:C1:41:22:EF:53:EF:10:EB:A0:CF:A5:E6:4C:FA:20:F4:18:85:30:73:E0 -# Fingerprint (SHA1): 73:A5:E6:4A:3B:FF:83:16:FF:0E:DC:CC:61:8A:90:6E:4E:AE:4D:74 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Microsoft RSA Root Certificate Authority 2017" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\163\245\346\112\073\377\203\026\377\016\334\314\141\212\220\156 -\116\256\115\164 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\020\377\000\377\317\311\370\307\172\300\356\065\216\311\017\107 -END -CKA_ISSUER MULTILINE_OCTAL -\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\036\060\034\006\003\125\004\012\023\025\115\151\143\162\157\163 -\157\146\164\040\103\157\162\160\157\162\141\164\151\157\156\061 -\066\060\064\006\003\125\004\003\023\055\115\151\143\162\157\163 -\157\146\164\040\122\123\101\040\122\157\157\164\040\103\145\162 -\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151 -\164\171\040\062\060\061\067 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\036\323\227\011\137\330\264\263\107\160\036\252\276\177 -\105\263 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "e-Szigno Root CA 2017" -# -# Issuer: CN=e-Szigno Root CA 2017,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU -# Serial Number:01:54:48:ef:21:fd:97:59:0d:f5:04:0a -# Subject: CN=e-Szigno Root CA 2017,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU -# Not Valid Before: Tue Aug 22 12:07:06 2017 -# Not Valid After : Fri Aug 22 12:07:06 2042 -# Fingerprint (SHA-256): BE:B0:0B:30:83:9B:9B:C3:2C:32:E4:44:79:05:95:06:41:F2:64:21:B1:5E:D0:89:19:8B:51:8A:E2:EA:1B:99 -# Fingerprint (SHA1): 89:D4:83:03:4F:9E:9A:48:80:5F:72:37:D4:A9:A6:EF:CB:7C:1F:D1 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "e-Szigno Root CA 2017" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\161\061\013\060\011\006\003\125\004\006\023\002\110\125\061 -\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145 -\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151\143 -\162\157\163\145\143\040\114\164\144\056\061\027\060\025\006\003 -\125\004\141\014\016\126\101\124\110\125\055\062\063\065\070\064 -\064\071\067\061\036\060\034\006\003\125\004\003\014\025\145\055 -\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040\062 -\060\061\067 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\161\061\013\060\011\006\003\125\004\006\023\002\110\125\061 -\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145 -\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151\143 -\162\157\163\145\143\040\114\164\144\056\061\027\060\025\006\003 -\125\004\141\014\016\126\101\124\110\125\055\062\063\065\070\064 -\064\071\067\061\036\060\034\006\003\125\004\003\014\025\145\055 -\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040\062 -\060\061\067 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\014\001\124\110\357\041\375\227\131\015\365\004\012 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\100\060\202\001\345\240\003\002\001\002\002\014\001 -\124\110\357\041\375\227\131\015\365\004\012\060\012\006\010\052 -\206\110\316\075\004\003\002\060\161\061\013\060\011\006\003\125 -\004\006\023\002\110\125\061\021\060\017\006\003\125\004\007\014 -\010\102\165\144\141\160\145\163\164\061\026\060\024\006\003\125 -\004\012\014\015\115\151\143\162\157\163\145\143\040\114\164\144 -\056\061\027\060\025\006\003\125\004\141\014\016\126\101\124\110 -\125\055\062\063\065\070\064\064\071\067\061\036\060\034\006\003 -\125\004\003\014\025\145\055\123\172\151\147\156\157\040\122\157 -\157\164\040\103\101\040\062\060\061\067\060\036\027\015\061\067 -\060\070\062\062\061\062\060\067\060\066\132\027\015\064\062\060 -\070\062\062\061\062\060\067\060\066\132\060\161\061\013\060\011 -\006\003\125\004\006\023\002\110\125\061\021\060\017\006\003\125 -\004\007\014\010\102\165\144\141\160\145\163\164\061\026\060\024 -\006\003\125\004\012\014\015\115\151\143\162\157\163\145\143\040 -\114\164\144\056\061\027\060\025\006\003\125\004\141\014\016\126 -\101\124\110\125\055\062\063\065\070\064\064\071\067\061\036\060 -\034\006\003\125\004\003\014\025\145\055\123\172\151\147\156\157 -\040\122\157\157\164\040\103\101\040\062\060\061\067\060\131\060 -\023\006\007\052\206\110\316\075\002\001\006\010\052\206\110\316 -\075\003\001\007\003\102\000\004\226\334\075\212\330\260\173\157 -\306\047\276\104\220\261\263\126\025\173\216\103\044\175\032\204 -\131\356\143\150\262\306\136\207\320\025\110\036\250\220\255\275 -\123\242\332\336\072\220\246\140\137\150\062\265\206\101\337\207 -\133\054\173\305\376\174\172\332\243\143\060\141\060\017\006\003 -\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006 -\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006 -\003\125\035\016\004\026\004\024\207\021\025\010\321\252\301\170 -\014\261\257\316\306\311\220\357\277\060\004\300\060\037\006\003 -\125\035\043\004\030\060\026\200\024\207\021\025\010\321\252\301 -\170\014\261\257\316\306\311\220\357\277\060\004\300\060\012\006 -\010\052\206\110\316\075\004\003\002\003\111\000\060\106\002\041 -\000\265\127\335\327\212\125\013\066\341\206\104\372\324\331\150 -\215\270\334\043\212\212\015\324\057\175\352\163\354\277\115\154 -\250\002\041\000\313\245\264\022\372\347\265\350\317\176\223\374 -\363\065\217\157\116\132\174\264\274\116\262\374\162\252\133\131 -\371\347\334\061 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "e-Szigno Root CA 2017" -# Issuer: CN=e-Szigno Root CA 2017,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU -# Serial Number:01:54:48:ef:21:fd:97:59:0d:f5:04:0a -# Subject: CN=e-Szigno Root CA 2017,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU -# Not Valid Before: Tue Aug 22 12:07:06 2017 -# Not Valid After : Fri Aug 22 12:07:06 2042 -# Fingerprint (SHA-256): BE:B0:0B:30:83:9B:9B:C3:2C:32:E4:44:79:05:95:06:41:F2:64:21:B1:5E:D0:89:19:8B:51:8A:E2:EA:1B:99 -# Fingerprint (SHA1): 89:D4:83:03:4F:9E:9A:48:80:5F:72:37:D4:A9:A6:EF:CB:7C:1F:D1 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "e-Szigno Root CA 2017" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\211\324\203\003\117\236\232\110\200\137\162\067\324\251\246\357 -\313\174\037\321 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\336\037\366\236\204\256\247\264\041\316\036\130\175\321\204\230 -END -CKA_ISSUER MULTILINE_OCTAL -\060\161\061\013\060\011\006\003\125\004\006\023\002\110\125\061 -\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145 -\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151\143 -\162\157\163\145\143\040\114\164\144\056\061\027\060\025\006\003 -\125\004\141\014\016\126\101\124\110\125\055\062\063\065\070\064 -\064\071\067\061\036\060\034\006\003\125\004\003\014\025\145\055 -\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040\062 -\060\061\067 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\014\001\124\110\357\041\375\227\131\015\365\004\012 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "certSIGN Root CA G2" -# -# Issuer: OU=certSIGN ROOT CA G2,O=CERTSIGN SA,C=RO -# Serial Number:11:00:34:b6:4e:c6:36:2d:36 -# Subject: OU=certSIGN ROOT CA G2,O=CERTSIGN SA,C=RO -# Not Valid Before: Mon Feb 06 09:27:35 2017 -# Not Valid After : Thu Feb 06 09:27:35 2042 -# Fingerprint (SHA-256): 65:7C:FE:2F:A7:3F:AA:38:46:25:71:F3:32:A2:36:3A:46:FC:E7:02:09:51:71:07:02:CD:FB:B6:EE:DA:33:05 -# Fingerprint (SHA1): 26:F9:93:B4:ED:3D:28:27:B0:B9:4B:A7:E9:15:1D:A3:8D:92:E5:32 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "certSIGN Root CA G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\101\061\013\060\011\006\003\125\004\006\023\002\122\117\061 -\024\060\022\006\003\125\004\012\023\013\103\105\122\124\123\111 -\107\116\040\123\101\061\034\060\032\006\003\125\004\013\023\023 -\143\145\162\164\123\111\107\116\040\122\117\117\124\040\103\101 -\040\107\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\101\061\013\060\011\006\003\125\004\006\023\002\122\117\061 -\024\060\022\006\003\125\004\012\023\013\103\105\122\124\123\111 -\107\116\040\123\101\061\034\060\032\006\003\125\004\013\023\023 -\143\145\162\164\123\111\107\116\040\122\117\117\124\040\103\101 -\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\021\000\064\266\116\306\066\055\066 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\107\060\202\003\057\240\003\002\001\002\002\011\021 -\000\064\266\116\306\066\055\066\060\015\006\011\052\206\110\206 -\367\015\001\001\013\005\000\060\101\061\013\060\011\006\003\125 -\004\006\023\002\122\117\061\024\060\022\006\003\125\004\012\023 -\013\103\105\122\124\123\111\107\116\040\123\101\061\034\060\032 -\006\003\125\004\013\023\023\143\145\162\164\123\111\107\116\040 -\122\117\117\124\040\103\101\040\107\062\060\036\027\015\061\067 -\060\062\060\066\060\071\062\067\063\065\132\027\015\064\062\060 -\062\060\066\060\071\062\067\063\065\132\060\101\061\013\060\011 -\006\003\125\004\006\023\002\122\117\061\024\060\022\006\003\125 -\004\012\023\013\103\105\122\124\123\111\107\116\040\123\101\061 -\034\060\032\006\003\125\004\013\023\023\143\145\162\164\123\111 -\107\116\040\122\117\117\124\040\103\101\040\107\062\060\202\002 -\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000 -\003\202\002\017\000\060\202\002\012\002\202\002\001\000\300\305 -\165\031\221\175\104\164\164\207\376\016\073\226\334\330\001\026 -\314\356\143\221\347\013\157\316\073\012\151\032\174\302\343\257 -\202\216\206\327\136\217\127\353\323\041\131\375\071\067\102\060 -\276\120\352\266\017\251\210\330\056\055\151\041\347\321\067\030 -\116\175\221\325\026\137\153\133\000\302\071\103\015\066\205\122 -\271\123\145\017\035\102\345\217\317\005\323\356\334\014\032\331 -\270\213\170\042\147\344\151\260\150\305\074\344\154\132\106\347 -\315\307\372\357\304\354\113\275\152\244\254\375\314\050\121\357 -\222\264\051\253\253\065\232\114\344\304\010\306\046\314\370\151 -\237\344\234\360\051\323\134\371\306\026\045\236\043\303\040\301 -\075\017\077\070\100\260\376\202\104\070\252\132\032\212\153\143 -\130\070\264\025\323\266\021\151\173\036\124\356\214\032\042\254 -\162\227\077\043\131\233\311\042\204\301\007\117\314\177\342\127 -\312\022\160\273\246\145\363\151\165\143\275\225\373\033\227\315 -\344\250\257\366\321\116\250\331\212\161\044\315\066\075\274\226 -\304\361\154\251\256\345\317\015\156\050\015\260\016\265\312\121 -\173\170\024\303\040\057\177\373\024\125\341\021\231\375\325\012 -\241\236\002\343\142\137\353\065\113\054\270\162\350\076\075\117 -\254\054\273\056\206\342\243\166\217\345\223\052\317\245\253\310 -\134\215\113\006\377\022\106\254\170\313\024\007\065\340\251\337 -\213\351\257\025\117\026\211\133\275\366\215\306\131\256\210\205 -\016\301\211\353\037\147\305\105\216\377\155\067\066\053\170\146 -\203\221\121\053\075\377\121\167\166\142\241\354\147\076\076\201 -\203\340\126\251\120\037\037\172\231\253\143\277\204\027\167\361 -\015\073\337\367\234\141\263\065\230\212\072\262\354\074\032\067 -\077\176\217\222\317\331\022\024\144\332\020\002\025\101\377\117 -\304\353\034\243\311\372\231\367\106\351\341\030\331\261\270\062 -\055\313\024\014\120\330\203\145\203\356\271\134\317\313\005\132 -\114\372\031\227\153\326\135\023\323\302\134\124\274\062\163\240 -\170\365\361\155\036\313\237\245\246\237\042\334\321\121\236\202 -\171\144\140\051\023\076\243\375\117\162\152\253\342\324\345\270 -\044\125\054\104\113\212\210\104\234\312\204\323\052\073\002\003 -\001\000\001\243\102\060\100\060\017\006\003\125\035\023\001\001 -\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017\001 -\001\377\004\004\003\002\001\006\060\035\006\003\125\035\016\004 -\026\004\024\202\041\055\146\306\327\240\340\025\353\316\114\011 -\167\304\140\236\124\156\003\060\015\006\011\052\206\110\206\367 -\015\001\001\013\005\000\003\202\002\001\000\140\336\032\270\347 -\362\140\202\325\003\063\201\313\006\212\361\042\111\351\350\352 -\221\177\306\063\136\150\031\003\206\073\103\001\317\007\160\344 -\010\036\145\205\221\346\021\042\267\365\002\043\216\256\271\036 -\175\037\176\154\346\275\045\325\225\032\362\005\246\257\205\002 -\157\256\370\326\061\377\045\311\112\310\307\212\251\331\237\113 -\111\233\021\127\231\222\103\021\336\266\063\244\314\327\215\144 -\175\324\315\074\050\054\264\232\226\352\115\365\304\104\304\045 -\252\040\200\330\051\125\367\340\101\374\006\046\377\271\066\365 -\103\024\003\146\170\341\021\261\332\040\137\106\000\170\000\041 -\245\036\000\050\141\170\157\250\001\001\217\235\064\232\377\364 -\070\220\373\270\321\263\162\006\311\161\346\201\305\171\355\013 -\246\171\362\023\013\234\367\135\016\173\044\223\264\110\333\206 -\137\336\120\206\170\347\100\346\061\250\220\166\160\141\257\234 -\067\054\021\265\202\267\252\256\044\064\133\162\014\151\015\315 -\131\237\366\161\257\234\013\321\012\070\371\006\042\203\123\045 -\014\374\121\304\346\276\342\071\225\013\044\255\257\321\225\344 -\226\327\164\144\153\161\116\002\074\252\205\363\040\243\103\071 -\166\133\154\120\376\232\234\024\036\145\024\212\025\275\243\202 -\105\132\111\126\152\322\234\261\143\062\345\141\340\123\042\016 -\247\012\111\352\313\176\037\250\342\142\200\366\020\105\122\230 -\006\030\336\245\315\057\177\252\324\351\076\010\162\354\043\003 -\002\074\246\252\330\274\147\164\075\024\027\373\124\113\027\343 -\323\171\075\155\153\111\311\050\016\056\164\120\277\014\331\106 -\072\020\206\311\247\077\351\240\354\177\353\245\167\130\151\161 -\346\203\012\067\362\206\111\152\276\171\010\220\366\002\026\144 -\076\345\332\114\176\014\064\311\371\137\266\263\050\121\247\247 -\053\252\111\372\215\145\051\116\343\153\023\247\224\243\055\121 -\155\170\014\104\313\337\336\010\157\316\243\144\253\323\225\204 -\324\271\122\124\162\173\226\045\314\274\151\343\110\156\015\320 -\307\235\047\232\252\370\023\222\335\036\337\143\237\065\251\026 -\066\354\214\270\203\364\075\211\217\315\264\027\136\327\263\027 -\101\020\135\047\163\140\205\127\111\042\007 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE - -# Trust for "certSIGN Root CA G2" -# Issuer: OU=certSIGN ROOT CA G2,O=CERTSIGN SA,C=RO -# Serial Number:11:00:34:b6:4e:c6:36:2d:36 -# Subject: OU=certSIGN ROOT CA G2,O=CERTSIGN SA,C=RO -# Not Valid Before: Mon Feb 06 09:27:35 2017 -# Not Valid After : Thu Feb 06 09:27:35 2042 -# Fingerprint (SHA-256): 65:7C:FE:2F:A7:3F:AA:38:46:25:71:F3:32:A2:36:3A:46:FC:E7:02:09:51:71:07:02:CD:FB:B6:EE:DA:33:05 -# Fingerprint (SHA1): 26:F9:93:B4:ED:3D:28:27:B0:B9:4B:A7:E9:15:1D:A3:8D:92:E5:32 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "certSIGN Root CA G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\046\371\223\264\355\075\050\047\260\271\113\247\351\025\035\243 -\215\222\345\062 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\214\361\165\212\306\031\317\224\267\367\145\040\207\303\227\307 -END -CKA_ISSUER MULTILINE_OCTAL -\060\101\061\013\060\011\006\003\125\004\006\023\002\122\117\061 -\024\060\022\006\003\125\004\012\023\013\103\105\122\124\123\111 -\107\116\040\123\101\061\034\060\032\006\003\125\004\013\023\023 -\143\145\162\164\123\111\107\116\040\122\117\117\124\040\103\101 -\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\021\000\064\266\116\306\066\055\066 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE diff --git a/SPECS/cairo/cairo.spec b/SPECS/cairo/cairo.spec deleted file mode 100644 index 08a5c5c0fe..0000000000 --- a/SPECS/cairo/cairo.spec +++ /dev/null @@ -1,124 +0,0 @@ -Summary: A 2D graphics library. -Name: cairo -Version: 1.17.6 -Release: 8%{?dist} -License: LGPLv2 or MPLv1.1 -URL: https://cairographics.org -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://cairographics.org/releases/%{name}-%{version}.tar.xz -%define sha512 %{name}=15d9a82097b9c5a43071ff9fbfe90d7aaee5fddb84f519cdddfe312c5fc7248a50b73a5351922de2aaafa4b2e86f911b3147609538346f8a7635f34d631c9146 - -BuildRequires: pkg-config -BuildRequires: libpng-devel -BuildRequires: libxml2-devel -BuildRequires: pixman-devel -BuildRequires: freetype2-devel -BuildRequires: fontconfig-devel -BuildRequires: glib-devel -BuildRequires: libX11-devel -BuildRequires: libXext-devel - -Requires: pixman -Requires: glib -Requires: libpng -Requires: expat -Requires: freetype2 -Requires: fontconfig -Requires: binutils-libs -Requires: libX11 -Requires: libXext - -%description -Cairo is a 2D graphics library with support for multiple output devices. - -%package devel -Summary: Header and development files -Requires: %{name} = %{version}-%{release} -Requires: freetype2-devel -Requires: pixman-devel -Requires: libpng-devel -Requires: libX11-devel -Requires: libXext-devel - -%description devel -It contains the libraries and header files to create applications - -%prep -%autosetup -p1 - -%build -export CFLAGS="-O3 -fPIC" -# Fix build with latest binutils -sed 's/PTR/void */' -i util/cairo-trace/lookup-symbol.c - -%configure \ - --enable-xlib=yes \ - --enable-xlib-render=no \ - --enable-win32=no \ - --disable-static \ - -%make_build - -%install -%make_install %{?_smp_mflags} - -%ldconfig_scriptlets - -%post -/sbin/ldconfig - -%postun -/sbin/ldconfig - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/*.so.* -%{_libdir}/%{name}/*.so - -%files devel -%defattr(-,root,root) -%dir %{_includedir}/%{name} -%{_includedir}/%{name}/* -%{_libdir}/*.so -%{_libdir}/pkgconfig/*.pc -%{_datadir}/gtk-doc/html/%{name}/* - -%changelog -* Wed Jun 14 2023 Shivani Agarwal 1.17.6-8 -- Bump version as a part of libX11 upgrade -* Thu Apr 20 2023 Ashwin Dayanand Kamat 1.17.6-7 -- Bump version as a part of libxml2 upgrade -* Wed Apr 19 2023 Ashwin Dayanand Kamat 1.17.6-6 -- Bump version as a part of freetype2 upgrade -* Tue Dec 13 2022 Guruswamy Basavaiah 1.17.6-5 -- Bump release as a part of libpng upgrade -* Wed Nov 30 2022 Shivani Agarwal 1.17.6-4 -- Enabled xlib -* Sun Nov 13 2022 Shreenidhi Shedi 1.17.6-3 -- Fix packaging and spec improvements -* Thu Sep 01 2022 Vamsi Krishna Brahmajosyula 1.17.6-2 -- Fix build with latest binutils -* Fri May 20 2022 Gerrit Photon 1.17.6-1 -- Automatic Version Bump -* Mon Apr 12 2021 Gerrit Photon 1.17.4-1 -- Automatic Version Bump -* Tue Jul 14 2020 Gerrit Photon 1.17.2-1 -- Automatic Version Bump -* Thu Mar 14 2019 Michelle Wang 1.16.0-1 -- Upgrade cairo to 1.16.0 for CVE-2018-18064 -- CVE-2018-18064 is for version up to (including) 1.15.14 -* Tue Sep 11 2018 Dheeraj Shetty 1.14.12-1 -- Update to version 1.14.12 -* Tue Oct 10 2017 Dheeraj Shetty 1.14.8-3 -- Fix CVE-2017-9814 -* Tue Jun 06 2017 Chang Lee 1.14.8-2 -- Remove %check -* Wed Apr 05 2017 Dheeraj Shetty 1.14.8-1 -- Initial version diff --git a/SPECS/calico-bgp-daemon/calico-bgp-daemon.spec b/SPECS/calico-bgp-daemon/calico-bgp-daemon.spec deleted file mode 100644 index cbdad96618..0000000000 --- a/SPECS/calico-bgp-daemon/calico-bgp-daemon.spec +++ /dev/null @@ -1,81 +0,0 @@ -Summary: GoBGP based Calico BGP Daemon -Name: calico-bgp-daemon -Version: 0.2.2 -Release: 15%{?dist} -Group: Applications/System -Vendor: VMware, Inc. -License: Apache-2.0 -URL: /~https://github.com/projectcalico/calico-bgp-daemon -Distribution: Photon - -Source0: /~https://github.com/projectcalico/calico-bgp-daemon/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 calico-bgp-daemon=d5d68d52797e419f8cf99cf276ae6ffefe4764a3ed321e495b39bf6a8e72ca608a32f6cede08e296b2643a7b648fe9554ea44bd3eade7eb40a1bf0c289464cef -Source1: glide-cache-for-%{name}-%{version}.tar.xz -%define sha512 glide-cache-for-%{name}=ff17046029e4295c3c2fcf1f93b0a4ce23645ccf53227657d02ce75aad3f3cc2966ef2680fb315ba11216eb07e9dc28d106aca9a49924c0ac5b707721647e68d - -BuildRequires: git -BuildRequires: glide -BuildRequires: go >= 1.7 - -%description -GoBGP based Calico BGP Daemon, an alternative to BIRD in calico/node. - -%define debug_package %{nil} - -%prep -%autosetup -p1 - -%build -export GO111MODULE=auto -mkdir -p /root/.glide -tar -C ~/.glide -xf %{SOURCE1} -mkdir -p ${GOPATH}/src/github.com/projectcalico/calico-bgp-daemon -cp -r * ${GOPATH}/src/github.com/projectcalico/calico-bgp-daemon/. -pushd ${GOPATH}/src/github.com/projectcalico/calico-bgp-daemon -mkdir -p dist -#glide install checks by default .glide dir before downloading from internet. -glide install --strip-vendor -go build -v -o dist/calico-bgp-daemon -ldflags "-X main.VERSION=%{version} -s -w" main.go ipam.go - -%install -install -vdm 755 %{buildroot}%{_bindir} -install ${GOPATH}/src/github.com/projectcalico/calico-bgp-daemon/dist/calico-bgp-daemon %{buildroot}%{_bindir}/ - -#%%check -# No tests available for this pkg - -%files -%defattr(-,root,root) -%{_bindir}/calico-bgp-daemon - -%changelog -* Wed Oct 11 2023 Piyush Gupta 0.2.2-15 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 0.2.2-14 -- Bump up version to compile with new go -* Mon Jul 17 2023 Piyush Gupta 0.2.2-13 -- Bump up version to compile with new go -* Mon Jul 03 2023 Piyush Gupta 0.2.2-12 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 0.2.2-11 -- Bump up version to compile with new go -* Thu Mar 09 2023 Piyush Gupta 0.2.2-10 -- Bump up version to compile with new go -* Mon Nov 21 2022 Piyush Gupta 0.2.2-9 -- Bump up version to compile with new go -* Wed Oct 26 2022 Piyush Gupta 0.2.2-8 -- Bump up version to compile with new go -* Fri Jun 17 2022 Piyush Gupta 0.2.2-7 -- Bump up version to compile with new go -* Fri Jun 11 2021 Piyush Gupta 0.2.2-6 -- Bump up version to compile with new go -* Fri Feb 05 2021 Harinadh D 0.2.2-5 -- Bump up version to compile with new go -* Fri Jan 15 2021 Piyush Gupta 0.2.2-4 -- Bump up version to compile with new go -* Tue Jun 09 2020 Ashwin H 0.2.2-3 -- Use cache for dependencies -* Mon Sep 11 2017 Vinay Kulkarni 0.2.2-2 -- gobgp comes from the Go BGP package. -* Thu Aug 17 2017 Vinay Kulkarni 0.2.2-1 -- Calico BGP daemon for PhotonOS. diff --git a/SPECS/calico-bird/calico-bird-gcc-10.patch b/SPECS/calico-bird/calico-bird-gcc-10.patch deleted file mode 100644 index 2e9b0365de..0000000000 --- a/SPECS/calico-bird/calico-bird-gcc-10.patch +++ /dev/null @@ -1,38 +0,0 @@ -From e67f00b3fcf685c6a3a1da4c0f7bfc20081813cd Mon Sep 17 00:00:00 2001 -From: Neil Jerram -Date: Fri, 17 Jul 2020 12:05:39 +0100 -Subject: [PATCH] Add -fcommon to CFLAGS - -To fix this problem, which we've been seeing since gcc:latest became -GCC 10: - - LD -r -o all.o cf-parse.tab.o cf-lex.o conf.o - /usr/bin/ld: cf-lex.o:/code/obj/amd64/conf/../lib/krt.h:115: multiple definition of `kif_proto'; cf-parse.tab.o:/code/obj/amd64/conf/../lib/krt.h:115: first defined here - collect2: error: ld returned 1 exit status - -The GCC 10 release notes say: - - GCC now defaults to -fno-common. As a result, global variable - accesses are more efficient on various targets. In C, global - variables with multiple tentative definitions now result in linker - errors. With -fcommon such definitions are silently merged during - linking. - -(https://gcc.gnu.org/gcc-10/changes.html) ---- - configure.ac | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/configure.in b/configure.in -index 5fbf9136..b6468a65 100644 ---- a/configure.in -+++ b/configure.in -@@ -92,6 +92,8 @@ if test -z "$GCC" ; then - # esac - #fi - -+CFLAGS="$CFLAGS -fcommon" -+ - if test "$enable_pthreads" != no ; then - BIRD_CHECK_PTHREADS - diff --git a/SPECS/calico-bird/calico-bird.spec b/SPECS/calico-bird/calico-bird.spec deleted file mode 100644 index 6a03dc169f..0000000000 --- a/SPECS/calico-bird/calico-bird.spec +++ /dev/null @@ -1,79 +0,0 @@ -Summary: Project Calico fork of the BIRD Internet Routing Daemon -Name: calico-bird -Version: 0.3.3 -Release: 3%{?dist} -Group: Applications/System -Vendor: VMware, Inc. -License: GPL -URL: /~https://github.com/projectcalico/bird -Distribution: Photon - -Source0: %{name}-%{version}.tar.gz -%define sha512 calico-bird=eeb0d839521f6f66c64bc752c92703a5ade7743967674b322a676b8f1fe702555815a4b16b270dc2d66292409e05e5303c993c96f82a76e55fd2abec5f173623 - -Patch0: calico-bird-gcc-10.patch - -BuildRequires: autoconf -BuildRequires: bison - -%description -Project Calico fork of the BIRD Internet Routing Daemon. - -%prep -%autosetup -p1 -n bird-%{version} -p1 - -%build -mkdir -p dist -autoconf -# IPv6 bird + bird client -%configure \ - --with-protocols="bgp pipe static" \ - --enable-ipv6=yes \ - --enable-client=yes \ - --enable-pthreads=yes - -make %{?_smp_mflags} - -# Remove the dynmaic binaries and rerun make to create static binaries -rm bird birdcl -make %{?_smp_mflags} CC="gcc -static" -cp bird dist/bird6 -cp birdcl dist/birdcl -# IPv4 bird -make clean %{?_smp_mflags} - -%configure \ - --with-protocols="bgp pipe static" \ - --enable-client=no \ - --enable-pthreads=yes -make %{?_smp_mflags} -rm bird -make CC="gcc -static" %{?_smp_mflags} -cp bird dist/bird - -%install -install -vdm 755 %{buildroot}%{_bindir} -install -vpm 0755 -t %{buildroot}%{_bindir}/ dist/bird -install -vpm 0755 -t %{buildroot}%{_bindir}/ dist/bird6 -install -vpm 0755 -t %{buildroot}%{_bindir}/ dist/birdcl - -#%%check -# No tests available for this pkg - -%files -%defattr(-,root,root) -%{_bindir}/bird -%{_bindir}/bird6 -%{_bindir}/birdcl - -%changelog -* Tue Sep 07 2021 Keerthana K 0.3.3-3 -- Bump up version to compile with new glibc -* Fri Jan 15 2021 Alexey Makhalov 0.3.3-2 -- GCC-10 support. -* Tue Jun 23 2020 Gerrit Photon 0.3.3-1 -- Automatic Version Bump -* Fri Oct 13 2017 Alexey Makhalov 0.3.1-2 -- Use standard configure macros -* Wed Aug 16 2017 Vinay Kulkarni 0.3.1-1 -- Calico BIRD routing daemon for PhotonOS. diff --git a/SPECS/calico-confd/calico-confd.spec b/SPECS/calico-confd/calico-confd.spec deleted file mode 100644 index 97437a93da..0000000000 --- a/SPECS/calico-confd/calico-confd.spec +++ /dev/null @@ -1,73 +0,0 @@ -Summary: confd is a lightweight configuration management tool -Name: calico-confd -Version: 0.16.0 -Release: 14%{?dist} -Group: Applications/System -Vendor: VMware, Inc. -License: MIT -URL: /~https://github.com/kelseyhightower/confd/releases -Source0: /~https://github.com/kelseyhightower/confd/archive/refs/tags/%{name}-%{version}.tar.gz -Distribution: Photon -BuildRequires: glide -BuildRequires: go -%define sha512 calico-confd=eafabf85d1d7193847a78dcfde7b9961bdf5b634165d27acc760aff6e4ef79cac9688abdfcac049773a28f997f87ea94e6a7606ee7f7d7aaaeaa8ba67f7e48b7 - -%description -confd is a lightweight configuration management tool that keeps local configuration files up-to-date, and reloading applications to pick up new config file changes. - -%prep -%autosetup -p1 -n confd-%{version} - -%build -mkdir -p ${GOPATH}/src/github.com/kelseyhightower/confd -cp -r * ${GOPATH}/src/github.com/kelseyhightower/confd/. -pushd ${GOPATH}/src/github.com/kelseyhightower/confd -go mod init -%make_build - -%install -pushd ${GOPATH}/src/github.com/kelseyhightower/confd -install -vdm 755 %{buildroot}%{_bindir} -install -vpm 0755 -t %{buildroot}%{_bindir}/ bin/confd - -%files -%defattr(-,root,root) -%{_bindir}/confd - -%changelog -* Wed Oct 11 2023 Piyush Gupta 0.16.0-14 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 0.16.0-13 -- Bump up version to compile with new go -* Mon Jul 17 2023 Piyush Gupta 0.16.0-12 -- Bump up version to compile with new go -* Mon Jul 03 2023 Piyush Gupta 0.16.0-11 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 0.16.0-10 -- Bump up version to compile with new go -* Thu Mar 09 2023 Piyush Gupta 0.16.0-9 -- Bump up version to compile with new go -* Mon Nov 21 2022 Piyush Gupta 0.16.0-8 -- Bump up version to compile with new go -* Wed Oct 26 2022 Piyush Gupta 0.16.0-7 -- Bump up version to compile with new go -* Fri Jun 17 2022 Piyush Gupta 0.16.0-6 -- Bump up version to compile with new go -* Fri Jun 11 2021 Piyush Gupta 0.16.0-5 -- Bump up version to compile with new go -* Fri Feb 05 2021 Harinadh D 0.16.0-4 -- Bump up version to compile with new go -* Fri Jan 15 2021 Piyush Gupta 0.16.0-3 -- Bump up version to compile with new go -* Tue Oct 06 2020 Ashwin H 0.16.0-2 -- Build using go 1.14 -* Mon Jun 22 2020 Gerrit Photon 0.16.0-1 -- Automatic Version Bump -* Mon Jan 21 2019 Bo Gan 0.14.0-3 -- Build using go 1.9.7 -* Mon Sep 24 2018 Tapas Kundu 0.14.0-2 -- Build using go version 1.9 -* Fri Nov 03 2017 Vinay Kulkarni 0.14.0-1 -- Calico confd v0.14.0 -* Fri Aug 18 2017 Vinay Kulkarni 0.12.0-1 -- Calico confd for PhotonOS. diff --git a/SPECS/calico-libnetwork/calico-libnetwork.spec b/SPECS/calico-libnetwork/calico-libnetwork.spec deleted file mode 100644 index e12cedd06a..0000000000 --- a/SPECS/calico-libnetwork/calico-libnetwork.spec +++ /dev/null @@ -1,90 +0,0 @@ -Summary: Docker libnetwork plugin for Calico -Name: calico-libnetwork -Version: 1.1.3 -Release: 14%{?dist} -Group: Applications/System -Vendor: VMware, Inc. -License: Apache-2.0 -URL: /~https://github.com/projectcalico/libnetwork-plugin -Source0: /~https://github.com/projectcalico/libnetwork-plugin/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 calico-libnetwork=40b7b0962e58fced7a02fa743b0f92aae2c6d1e43046cd0d59153f4022ad22ca0b29ac3a9cbc6e67218a35dce3306a1a88194d22248a2f589ee385d0c1ce3852 -Source1: glide-cache-for-calico-libnetwork-%{version}.tar.xz -%define sha512 glide-cache-for-%{name}=6e852994910b3ab31dd453f641b939a10a9bdee4f7122445322a4ce4e6673d4a959b9e6a8fad050abe644e993d510a09e26975b47349521a4247f6d2f3dc274a -Distribution: Photon -BuildRequires: git -BuildRequires: glide -BuildRequires: go -%define debug_package %{nil} - -%description -Docker libnetwork plugin for Calico. - -%prep -%autosetup -p1 -n libnetwork-plugin-%{version} - -%build -export GO111MODULE=auto -mkdir -p /root/.glide -tar -C ~/.glide -xf %{SOURCE1} -pushd /root/.glide/cache/src -ln -s https-cloud.google.com-go https-code.googlesource.com-gocloud -popd - -mkdir -p ${GOPATH}/src/github.com/projectcalico/libnetwork-plugin -cp -r * ${GOPATH}/src/github.com/projectcalico/libnetwork-plugin/. -pushd ${GOPATH}/src/github.com/projectcalico/libnetwork-plugin -mkdir -p dist - -glide mirror set https://cloud.google.com/go https://code.googlesource.com/gocloud -#glide install checks by default .glide dir before downloading from internet. -glide install --force --strip-vendor -CGO_ENABLED=0 go build -v -o dist/libnetwork-plugin -ldflags "-X main.VERSION=%{version} -s -w" main.go - -%install -pushd ${GOPATH}/src/github.com/projectcalico/libnetwork-plugin -install -vdm 0755 %{buildroot}%{_datadir}/calico/docker -install -vpm 0755 -t %{buildroot}%{_datadir}/calico/docker/ dist/libnetwork-plugin - -%files -%defattr(-,root,root) -%{_datadir}/calico/docker/libnetwork-plugin - -%changelog -* Wed Oct 11 2023 Piyush Gupta 1.1.3-14 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 1.1.3-13 -- Bump up version to compile with new go -* Mon Jul 17 2023 Piyush Gupta 1.1.3-12 -- Bump up version to compile with new go -* Mon Jul 03 2023 Piyush Gupta 1.1.3-11 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 1.1.3-10 -- Bump up version to compile with new go -* Thu Mar 09 2023 Piyush Gupta 1.1.3-9 -- Bump up version to compile with new go -* Mon Nov 21 2022 Piyush Gupta 1.1.3-8 -- Bump up version to compile with new go -* Wed Oct 26 2022 Piyush Gupta 1.1.3-7 -- Bump up version to compile with new go -* Fri Jun 17 2022 Piyush Gupta 1.1.3-6 -- Bump up version to compile with new go -* Fri Jun 11 2021 Piyush Gupta 1.1.3-5 -- Bump up version to compile with new go -* Fri Feb 05 2021 Harinadh D 1.1.3-4 -- Bump up version to compile with new go -* Fri Jan 15 2021 Piyush Gupta 1.1.3-3 -- Bump up version to compile with new go -* Mon Jan 11 2021 Shreenidhi Shedi 1.1.3-2 -- Pass `--force` option to glide install to fix build error -* Mon Jun 22 2020 Gerrit Photon 1.1.3-1 -- Automatic Version Bump -* Wed Jun 17 2020 Ashwin H 1.1.0-5 -- Fix dependency for cloud.google.com-go -* Tue Jun 09 2020 Ashwin H 1.1.0-4 -- Use cache for dependencies -* Mon Jan 21 2019 Bo Gan 1.1.0-3 -- Build using go 1.9.7 -* Mon Sep 24 2018 Tapas Kundu 1.1.0-2 -- Build using go version 1.9 -* Fri Aug 18 2017 Vinay Kulkarni 1.1.0-1 -- Calico libnetwork plugin for PhotonOS. diff --git a/SPECS/calico/calico.spec b/SPECS/calico/calico.spec deleted file mode 100644 index 4f88f6aa33..0000000000 --- a/SPECS/calico/calico.spec +++ /dev/null @@ -1,193 +0,0 @@ -Summary: Calico node and documentation for project calico. -Name: calico -Version: 3.26.1 -Release: 4%{?dist} -License: Apache-2.0 -URL: /~https://github.com/projectcalico/calico -Source0: /~https://github.com/projectcalico/calico/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 calico=2571bbae94ca0c80b11a347ffc4601e7ab5feba3bd9fb93e78e0b3ec9998a2871ba7abf3fe8029f8738ed9cf616b4e0a7ddb6a0556b08873045fefe1c2656d99 -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon -BuildRequires: git -BuildRequires: go - -%description -Calico node is a container that bundles together various components reqiured for networking -containers using project calico. -This includes key components such as felix agent for programming routes and ACLs, -BIRD routing daemon, and confd datastore monitor engine. - -%package cni -Summary: Calico networking for CNI -Group: Development/Tools -Requires: cni - -%description cni -Project Calico network plugin for CNI. This allows kubernetes to use Calico networking. This repository includes a top-level CNI networking plugin, as well as a CNI IPAM plugin which makes use of Calico IPAM. - -%package felix -Summary: A per-host daemon for Calico -Group: Applications/System - -%description felix -Main task is to program routes and ACLs, and anything else required on the host to provide -desired connectivity for the endpoints on that host. Runs on each machine that hosts endpoints. -Runs as an agent daemon. - -%package k8s-policy -Summary: Calico Network Policy for Kubernetes -Group: Development/Tools -Requires: python3 -Requires: python3-setuptools - -%description k8s-policy -Calico Network Policy enables Calico to enforce network policy on top of Calico BGP, Flannel, or GCE native. - -%package -n confd -Summary: confd is a lightweight configuration management tool -Group: Development/Tools - -%description -n confd -This is a Calico-specific version of confd. It is heavily modified from the original and only supports a single backend type - namely a Calico datastore. It has a single purpose which is to monitor Calico BGP configuration and to autogenerate bird BGP templates from that config. - -%prep -%autosetup -p1 -n calico-%{version} - -%build -#node -mkdir -p node/dist -CGO_ENABLED=0 go build -v -o node/dist/calico-node ./node/cmd/calico-node/main.go - -#cni -mkdir -p cni-plugin/dist -CGO_ENABLED=0 go build -v -o cni-plugin/dist/calico -ldflags "-X main.VERSION= -s -w" ./cni-plugin/cmd/calico -CGO_ENABLED=0 go build -v -o cni-plugin/dist/calico-ipam -ldflags "-X main.VERSION= -s -w" ./cni-plugin/cmd/calico -CGO_ENABLED=0 go build -v -o cni-plugin/dist/install -ldflags "-X main.VERSION= -s -w" ./cni-plugin/cmd/calico - -#felix -mkdir -p felix/dist -CGO_ENABLED=0 go build -v -o felix/dist/calico-felix -v \ - -ldflags " -X github.com/projectcalico/felix/buildinfo.GitVersion=" \ - ./felix/cmd/calico-felix - -#k8s-policy -mkdir -p kube-controllers/dist -CGO_ENABLED=0 go build -v -o kube-controllers/dist/controller -ldflags "-X main.VERSION=%{version}" ./kube-controllers/cmd/kube-controllers/ - -#confd -mkdir -p confd/dist -CGO_ENABLED=0 go build -v -o confd/dist/confd ./confd/ - -%install -#node -install -vdm 755 %{buildroot}%{_bindir} -install node/dist/calico-node %{buildroot}%{_bindir}/ -install -vdm 0755 %{buildroot}%{_datadir}/calico/docker/fs -cp -r node/filesystem/etc %{buildroot}%{_datadir}/calico/docker/fs/ -cp -r node/filesystem/sbin %{buildroot}/usr/share/calico/docker/fs/ -sed -i 's/. startup.env/source \/startup.env/g' %{buildroot}/usr/share/calico/docker/fs/etc/rc.local -sed -i 's/. startup.env/source \/startup.env/g' %{buildroot}/usr/share/calico/docker/fs/sbin/start_runit - -#cni -install -vdm 755 %{buildroot}/opt/cni/bin -install -vpm 0755 -t %{buildroot}/opt/cni/bin/ cni-plugin/dist/calico -install -vpm 0755 -t %{buildroot}/opt/cni/bin/ cni-plugin/dist/calico-ipam -install -vpm 0755 -t %{buildroot}/opt/cni/bin/ cni-plugin/dist/install - -#felix -install -vdm 755 %{buildroot}%{_bindir} -install felix/dist/calico-felix %{buildroot}%{_bindir}/ - -#k8s-policy -install -vdm 755 %{buildroot}%{_bindir} -install -vpm 0755 -t %{buildroot}%{_bindir}/ kube-controllers/dist/controller - -#confd -install -vdm 755 %{buildroot}/%{_bindir} -install -vpm 0755 -t %{buildroot}/%{_bindir} confd/dist/confd -cp -r confd/etc/ %{buildroot}%{_sysconfdir} - -%files -%defattr(-,root,root) -%{_bindir}/calico-node -/usr/share/calico/docker/fs/* - -%files cni -%defattr(-,root,root) -/opt/cni/bin/calico -/opt/cni/bin/calico-ipam -/opt/cni/bin/install - -%files felix -%defattr(-,root,root) -%{_bindir}/calico-felix - -%files k8s-policy -%defattr(-,root,root) -%{_bindir}/controller - -%files -n confd -%defattr(-,root,root) -%{_bindir}/confd -%config(noreplace) %{_sysconfdir}/calico - -%changelog -* Wed Oct 11 2023 Piyush Gupta 3.26.1-4 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 3.26.1-3 -- Bump up version to compile with new go -* Mon Jul 17 2023 Piyush Gupta 3.26.1-2 -- Bump up version to compile with new go -* Tue Jul 04 2023 Prashant S Chauhan 3.26.1-1 -- Update to 3.26.1, Fixes multiple second level CVEs -* Mon Jul 03 2023 Piyush Gupta 3.25.0-5 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 3.25.0-4 -- Bump up version to compile with new go -* Wed Apr 19 2023 Ashwin Dayanand Kamat 3.25.0-3 -- Bump version as a part of libbpf upgrade -* Mon Apr 17 2023 Prashant S Chauhan 3.25.0-2 -- Create single spec for all calico subpackages -* Thu Mar 09 2023 Prashant S Chauhan 3.25.0-1 -- Update to 3.25.0 -* Thu Mar 09 2023 Piyush Gupta 3.17.1-6 -- Bump up version to compile with new go -* Mon Nov 21 2022 Piyush Gupta 3.17.1-5 -- Bump up version to compile with new go -* Wed Oct 26 2022 Piyush Gupta 3.17.1-4 -- Bump up version to compile with new go -* Fri Jun 17 2022 Piyush Gupta 3.17.1-3 -- Bump up version to compile with new go -* Fri Jun 11 2021 Piyush Gupta 3.17.1-2 -- Bump up version to compile with new go -* Tue Feb 09 2021 Prashant S Chauhan 3.17.1-1 -- Update to version 3.17.1 -* Fri Feb 05 2021 Harinadh D 3.15.2-3 -- Bump up version to compile with new go -* Fri Jan 15 2021 Piyush Gupta 3.15.2-2 -- Bump up version to compile with new go -* Sat Aug 29 2020 Ashwin H 3.15.2-1 -- Update to 3.15.2 -* Wed Jun 17 2020 Ashwin H 3.6.1-3 -- Fix dependency for cloud.google.com-go -* Tue Jun 09 2020 Ashwin H 3.6.1-2 -- Use cache for dependencies -* Wed May 08 2019 Ashwin H 3.6.1-1 -- Update to 3.6.1 -* Mon Jan 28 2019 Bo Gan 2.6.7-4 -- Fix CVE-2018-17846 and CVE-2018-17143 -* Mon Jan 21 2019 Bo Gan 2.6.7-3 -- Build using go 1.9.7 -* Mon Sep 24 2018 Tapas Kundu 2.6.7-2 -- Build using go version 1.9 -* Fri May 18 2018 Srivatsa S. Bhat 2.6.7-1 -- Calico Node v2.6.7. -* Tue Dec 05 2017 Vinay Kulkarni 2.6.3-1 -- Calico Node v2.6.3. -* Fri Nov 03 2017 Vinay Kulkarni 2.6.2-1 -- Calico Node v2.6.2. -* Wed Nov 01 2017 Vinay Kulkarni 2.5.1-1 -- Calico Node v2.5.1. -* Wed Aug 16 2017 Vinay Kulkarni 2.4.1-1 -- Calico Node for PhotonOS. diff --git a/SPECS/capstone/capstone.spec b/SPECS/capstone/capstone.spec deleted file mode 100644 index a1388c5ad2..0000000000 --- a/SPECS/capstone/capstone.spec +++ /dev/null @@ -1,55 +0,0 @@ -Summary: Disassembly framework -Name: capstone -Version: 4.0.2 -Release: 1%{?dist} -License: BSD -URL: /~https://github.com/aquynh/capstone -Source0: /~https://github.com/aquynh/%{name}/archive/%{name}-%{version}.tar.gz -%define sha1 %{name}=c0dfa4f6236a4505916ce67d63b856bf806b0d83 -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon -%description -Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community. - -%package devel -Summary: Development libraries and header files for capstone -Requires: %{name} = %{version}-%{release} -%description devel -The package contains libraries and header files for -developing applications that use capstone. - -%prep -%setup -q - -%build -CAPSTONE_ARCHS="x86_64 aarch64" ./make.sh - -%install -DESTDIR=%{buildroot} ./make.sh install -rm %{buildroot}/%{_libdir}/libcapstone.a - -%check -make %{?_smp_mflags} test_basic test_detail test_iter test_skipdata test_arm64 test_x86 test_basic.static test_detail.static test_iter.static test_skipdata.static test_arm64.static test_x86.static - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_bindir}/cstool -%{_libdir}/libcapstone.so.4 - -%files devel -%defattr(-,root,root) -%dir %{_includedir}/capstone -%{_includedir}/capstone/* -%{_libdir}/libcapstone.so -%{_libdir}/pkgconfig/capstone.pc - -%changelog -* Wed Jul 22 2020 Gerrit Photon 4.0.2-1 -- Automatic Version Bump -* Tue Nov 19 2019 Alexey Makhalov 4.0.1-1 -- Initial build. First version - diff --git a/SPECS/cassandra/cassandra.service b/SPECS/cassandra/cassandra.service deleted file mode 100644 index 502af7fa15..0000000000 --- a/SPECS/cassandra/cassandra.service +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=Apache Cassandra -After=network.target - -[Service] -EnvironmentFile=/etc/sysconfig/cassandra -Type=simple -PIDFile=/var/run/cassandra.pid -ExecStart=/usr/sbin/cassandra -f -p /var/run/cassandra.pid -User=cassandra -Group=cassandra -StandardError=journal -StandardOutput=journal -Restart=always -RestartSec=30 -LimitNOFILE=infinity -SuccessExitStatus=143 - -[Install] -WantedBy=multi-user.target diff --git a/SPECS/cassandra/cassandra.spec b/SPECS/cassandra/cassandra.spec deleted file mode 100644 index d3d430cac0..0000000000 --- a/SPECS/cassandra/cassandra.spec +++ /dev/null @@ -1,186 +0,0 @@ -%global debug_package %{nil} -%global __os_install_post %{nil} - -Summary: Cassandra is a highly scalable, eventually consistent, distributed, structured key-value store -Name: cassandra -Version: 4.0.8 -Release: 5%{?dist} -URL: http://cassandra.apache.org/ -License: Apache License, Version 2.0 -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://archive.apache.org/dist/cassandra/%{version}/apache-%{name}-%{version}-src.tar.gz -%define sha512 apache-%{name}=c34a23940ea7e935a6ba629f30614a700b0d58ddbe3257b918fe1da0c666eb75820961b9f8cb9b315614bb98c3f536565402027efa17a142a57a3c404dda1077 - -Source1: %{name}.service -Source2: %{name}.sysusers - -BuildRequires: apache-ant -BuildRequires: unzip -BuildRequires: zip -BuildRequires: openjdk11 -BuildRequires: wget -BuildRequires: git -BuildRequires: systemd-devel - -Requires: openjdk11-jre -Requires: gawk -Requires: shadow -Requires(pre): systemd-rpm-macros -Requires(post): /usr/bin/chown -%{?systemd_requires} - -%description -Cassandra is a highly scalable, eventually consistent, distributed, structured key-value store. -Cassandra brings together the distributed systems technologies from Dynamo and the log-structured storage engine from Google's BigTable. - -%prep -%autosetup -p1 -n apache-%{name}-%{version}-src - -%build -export JAVA_HOME=$(echo %{_libdir}/jvm/OpenJDK-*) -ant jar javadoc -Drelease=true -Duse.jdk11=true -#Remove libraries of other arch -%ifarch x86_64 -rm $(find lib/sigar-bin -type f -name "*" ! -name "libsigar-amd64-linux.so") -%endif -%ifarch aarch64 -rm -r lib/sigar-bin -%endif - -%install -mkdir -p %{buildroot}%{_localstatedir}/opt/%{name}/data \ - %{buildroot}%{_localstatedir}/log/%{name} \ - %{buildroot}%{_bindir} \ - %{buildroot}%{_sbindir} \ - %{buildroot}%{_datadir}/%{name} \ - %{buildroot}%{_sysconfdir}/%{name} \ - %{buildroot}%{_sysconfdir}/sysconfig \ - %{buildroot}%{_sysconfdir}/profile.d \ - %{buildroot}%{_unitdir} - -cp -pr conf/* %{buildroot}%{_sysconfdir}/%{name} - -rm -f bin/cqlsh bin/cqlsh.py -mv bin/%{name} %{buildroot}%{_sbindir} -mv bin/%{name}.in.sh %{buildroot}%{_datadir}/%{name}/ -cp -p bin/* tools/bin/* %{buildroot}%{_bindir}/ -cp -r lib build %{buildroot}%{_localstatedir}/opt/%{name}/ - -cp -p build/tools/lib/stress.jar build/apache-%{name}-%{version}.jar %{buildroot}%{_localstatedir}/opt/%{name}/lib - -install -p -D -m 644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service -install -p -D -m 0644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.sysusers - -cat >> %{buildroot}%{_sysconfdir}/sysconfig/%{name} <<- "EOF" -CASSANDRA_HOME=%{_localstatedir}/opt/%{name}/ -CASSANDRA_CONF=%{_sysconfdir}/%{name}/ -EOF - -cat >> %{buildroot}%{_sysconfdir}/profile.d/%{name}.sh <<- "EOF" -export CASSANDRA_HOME=%{_localstatedir}/opt/%{name}/ -export CASSANDRA_CONF=%{_sysconfdir}/%{name}/ -EOF - -%pre -%sysusers_create_compat %{SOURCE2} - -%post -%{_sbindir}/ldconfig -chown -R %{name}: %{_localstatedir}/opt/%{name} -source %{_sysconfdir}/profile.d/%{name}.sh -%systemd_post %{name}.service - -%preun -%systemd_preun %{name}.service - -%postun -%{_sbindir}/ldconfig -%systemd_postun_with_restart %{name}.service - -%files -%defattr(-,root,root) -%doc README.asc CHANGES.txt NEWS.txt conf/cqlshrc.sample LICENSE.txt NOTICE.txt -%dir %{_localstatedir}/opt/%{name} -%{_bindir}/* -%{_datadir}/%{name} -%{_localstatedir}/opt/%{name} -%{_sbindir} -%{_sysconfdir}/%{name} -%{_sysconfdir}/sysconfig/%{name} -%{_sysconfdir}/profile.d/%{name}.sh -%{_unitdir}/%{name}.service -%{_sysusersdir}/%{name}.sysusers -%exclude %{_localstatedir}/opt/%{name}/build/lib - -%changelog -* Sun Aug 27 2023 Shreenidhi Shedi 4.0.8-5 -- Require jdk11 -- cassandra doesn't work with jdk17 yet -- https://issues.apache.org/jira/browse/CASSANDRA-16895 -* Tue Aug 08 2023 Mukul Sikka 4.0.8-4 -- Resolving systemd-rpm-macros for group creation -* Sat Jun 17 2023 Shreenidhi Shedi 4.0.8-3 -- Bump version as a part of openjdk11 upgrade -* Fri Mar 10 2023 Mukul Sikka 4.0.8-2 -- Use systemd-rpm-macros for user creation -* Tue Feb 21 2023 Ankit Jain 4.0.8-1 -- Updated to v4.0.8. This version added support for python-3.11 -* Mon Oct 31 2022 Gerrit Photon 4.0.7-1 -- Automatic Version Bump -* Fri Oct 07 2022 Vamsi Krishna Brahmajosuyula 4.0.6-1 -- Use openjdk11 -- Upgrade to 4.0.6 -* Mon Jul 11 2022 Gerrit Photon 4.0.4-1 -- Automatic Version Bump -* Sun May 29 2022 Shreenidhi Shedi 4.0.3-2 -- Fix binary path -* Mon Apr 18 2022 Gerrit Photon 4.0.3-1 -- Automatic Version Bump -* Thu Nov 11 2021 Shreenidhi Shedi 4.0.1-1 -- Update to 4.0.1 -* Wed Jun 09 2021 Ankit Jain 3.11.10-2 -- Remove cqlsh and cqlsh.py, since it requires python2 to run -- python3-cqlsh is introduced -- fix post and postun script failure -* Tue Mar 09 2021 Ankit Jain 3.11.10-1 -- Update to 3.11.10 to fix CVE-2020-17516 -* Thu Oct 29 2020 Ankit Jain 3.11.8-2 -- Added cqlsh and cqlsh.py. -- Since, python-cqlsh is deprecated. -* Tue Sep 01 2020 Gerrit Photon 3.11.8-1 -- Automatic Version Bump -* Mon Aug 24 2020 Gerrit Photon 3.11.7-1 -- Automatic Version Bump -* Mon Jun 22 2020 Gerrit Photon 3.11.6-1 -- Automatic Version Bump -* Wed Feb 05 2020 Ankit Jain 3.11.5-3 -- Bump jackson version to >= 2.9.5 -* Wed Feb 05 2020 Shreyas B. 3.11.5-2 -- Shadow require by Cassandra for the installation. -* Fri Jan 17 2020 Ankit Jain 3.11.5-1 -- Central maven repository not responding, Updated to 3.11.5 -* Tue Dec 17 2019 Shreyas B. 3.11.3-3 -- Bumping up the thrift version to 0.9.3.1 to fix vulnerability. -* Mon Nov 05 2018 Alexey Makhalov 3.11.3-2 -- Removed dependency on JAVA8_VERSION macro -* Mon Sep 03 2018 Keerthana K 3.11.3-1 -- Updated to version 3.11.3. -* Tue Apr 24 2018 Harish Udaiya Kumar 3.10-8 -- Remove patch to build on openjdk-1.8.0.162, updated openjdk to 1.8.0.172 -* Sat Jan 20 2018 Harish Udaiya Kumar 3.10-7 -- Add patch to build on openjdk-1.8.0.162 -* Thu Aug 17 2017 Harish Udaiya Kumar 3.10-6 -- Add SuccessExitStatus to cassandra service file -* Thu Aug 10 2017 Harish Udaiya Kumar 3.10-5 -- Remove the build/libs directory from the cassandra package -* Tue Jul 25 2017 Harish Udaiya Kumar 3.10-4 -- Remove hadoop jars, upgrade logback jars and change service type to simple -* Mon Jul 10 2017 Xiaolin Li 3.10-3 -- Remove cqlsh and cqlsh.py. -* Mon Jun 19 2017 Divya Thaluru 3.10-2 -- Removed dependency on ANT_HOME -* Mon May 08 2017 Harish Udaiya Kumar 3.10-1 -- Initial build. First version diff --git a/SPECS/cassandra/cassandra.sysusers b/SPECS/cassandra/cassandra.sysusers deleted file mode 100644 index d20291a2aa..0000000000 --- a/SPECS/cassandra/cassandra.sysusers +++ /dev/null @@ -1,3 +0,0 @@ -g cassandra - -u cassandra - "Cassandra" /var/opt/cassandra/data /bin/bash -m cassandra cassandra diff --git a/SPECS/cdrkit/cdrkit-1.1.11-gcc10.patch b/SPECS/cdrkit/cdrkit-1.1.11-gcc10.patch deleted file mode 100644 index 99f0c106d5..0000000000 --- a/SPECS/cdrkit/cdrkit-1.1.11-gcc10.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up cdrkit-1.1.11/genisoimage/genisoimage.h.me cdrkit-1.1.11/genisoimage/genisoimage.h ---- cdrkit-1.1.11/genisoimage/genisoimage.h.me 2020-02-24 15:10:35.542998992 +0100 -+++ cdrkit-1.1.11/genisoimage/genisoimage.h 2020-02-24 15:10:50.011130450 +0100 -@@ -377,7 +377,7 @@ extern int use_fileversion; - extern int split_SL_component; - extern int split_SL_field; - extern char *trans_tbl; --char *outfile; -+extern char *outfile; - - #define JMAX 64 /* maximum Joliet file name length (spec) */ - #define JLONGMAX 103 /* out of spec Joliet file name length */ diff --git a/SPECS/cdrkit/cdrkit-1.1.9-efi-boot.patch b/SPECS/cdrkit/cdrkit-1.1.9-efi-boot.patch deleted file mode 100644 index 45f910b03e..0000000000 --- a/SPECS/cdrkit/cdrkit-1.1.9-efi-boot.patch +++ /dev/null @@ -1,204 +0,0 @@ -diff --git a/doc/icedax/tracknames.pl b/doc/icedax/tracknames.pl -old mode 100755 -new mode 100644 -index 09f0fcf..801b89e ---- a/doc/icedax/tracknames.pl -+++ b/doc/icedax/tracknames.pl -@@ -1,4 +1,4 @@ --#!/usr/local/bin/perl -+#!/usr/bin/perl - # A quick perl hack to get rename files pulled in with icedax. - # by billo@billo.com - # -diff --git a/genisoimage/eltorito.c b/genisoimage/eltorito.c -index b97bdf1..5d7c2d1 100644 ---- a/genisoimage/eltorito.c -+++ b/genisoimage/eltorito.c -@@ -59,7 +59,7 @@ static void get_torito_desc(struct eltorito_boot_descriptor *boot_desc); - static void fill_boot_desc(struct eltorito_defaultboot_entry *boot_desc_entry, - struct eltorito_boot_entry_info *boot_entry); - void get_boot_entry(void); --void new_boot_entry(void); -+void new_boot_entry(); - static int tvd_write(FILE *outfile); - - -@@ -283,6 +283,7 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc) - int i; - int offset; - struct eltorito_defaultboot_entry boot_desc_record; -+ struct eltorito_sectionheader_entry section_header; - - memset(boot_desc, 0, sizeof (*boot_desc)); - boot_desc->type[0] = 0; -@@ -317,7 +318,7 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc) - */ - memset(&valid_desc, 0, sizeof (valid_desc)); - valid_desc.headerid[0] = 1; -- valid_desc.arch[0] = EL_TORITO_ARCH_x86; -+ valid_desc.arch[0] = first_boot_entry->arch; - - /* - * we'll shove start of publisher id into id field, -@@ -347,10 +348,53 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc) - /* now write it to the virtual boot catalog */ - memcpy(de2->table, &valid_desc, 32); - -- for (current_boot_entry = first_boot_entry, offset = sizeof (valid_desc); -- current_boot_entry != NULL; -- current_boot_entry = current_boot_entry->next, -- offset += sizeof (boot_desc_record)) { -+ /* Fill the first entry, since it's special and already has the -+ * matching header via the validation header... */ -+ offset = sizeof (valid_desc); -+ current_boot_entry = first_boot_entry; -+ -+ if (offset >= SECTOR_SIZE) { -+#ifdef USE_LIBSCHILY -+ comerrno(EX_BAD, "Too many El Torito boot entries\n"); -+#else -+ fprintf(stderr, "Too many El Torito boot entries\n"); -+ exit(1); -+#endif -+ } -+ fill_boot_desc(&boot_desc_record, current_boot_entry); -+ memcpy(de2->table + offset, &boot_desc_record, -+ sizeof (boot_desc_record)); -+ -+ offset += sizeof(boot_desc_record); -+ -+ for (current_boot_entry = current_boot_entry->next; -+ current_boot_entry != NULL; -+ current_boot_entry = current_boot_entry->next) { -+ struct eltorito_sectionheader_entry section_header; -+ -+ if (offset >= SECTOR_SIZE) { -+#ifdef USE_LIBSCHILY -+ comerrno(EX_BAD, -+ "Too many El Torito boot entries\n"); -+#else -+ fprintf(stderr, -+ "Too many El Torito boot entries\n"); -+ exit(1); -+#endif -+ } -+ -+ memset(§ion_header, '\0', sizeof(section_header)); -+ if (current_boot_entry->next) -+ section_header.headerid[0] = EL_TORITO_SECTION_HEADER; -+ else -+ section_header.headerid[0] = EL_TORITO_LAST_SECTION_HEADER; -+ -+ section_header.arch[0] = current_boot_entry->arch; -+ set_721(section_header.num_entries, 1); -+ -+ memcpy(de2->table + offset, §ion_header, -+ sizeof(section_header)); -+ offset += sizeof(section_header); - - if (offset >= SECTOR_SIZE) { - #ifdef USE_LIBSCHILY -@@ -365,6 +409,8 @@ get_torito_desc(struct eltorito_boot_descriptor *boot_desc) - fill_boot_desc(&boot_desc_record, current_boot_entry); - memcpy(de2->table + offset, &boot_desc_record, - sizeof (boot_desc_record)); -+ offset += sizeof (boot_desc_record); -+ - } - }/* get_torito_desc(... */ - -diff --git a/genisoimage/genisoimage.c b/genisoimage/genisoimage.c -index a5b0b46..8add1ac 100644 ---- a/genisoimage/genisoimage.c -+++ b/genisoimage/genisoimage.c -@@ -47,6 +47,7 @@ - - #include - #include "genisoimage.h" -+#include "iso9660.h" - #include - #include - #include -@@ -523,6 +524,8 @@ static const struct ld_option ld_options[] = - '\0', NULL, "Set debug flag", ONE_DASH}, - {{"eltorito-boot", required_argument, NULL, 'b'}, - 'b', "FILE", "Set El Torito boot image name", ONE_DASH}, -+ {{"efi-boot", required_argument, NULL, 'e'}, -+ 'e', "FILE", "Set EFI boot image name", ONE_DASH}, - {{"eltorito-alt-boot", no_argument, NULL, OPTION_ALT_BOOT}, - '\0', NULL, "Start specifying alternative El Torito boot parameters", ONE_DASH}, - {{"sparc-boot", required_argument, NULL, 'B'}, -@@ -1502,6 +1505,7 @@ int main(int argc, char *argv[]) - all_files = 0; - break; - case 'b': -+ case 'e': - do_sort++; /* We sort bootcat/botimage */ - use_eltorito++; - boot_image = optarg; /* pathname of the boot image */ -@@ -1517,6 +1521,10 @@ int main(int argc, char *argv[]) - #endif - } - get_boot_entry(); -+ if (c == 'e') -+ current_boot_entry->arch = EL_TORITO_ARCH_EFI; -+ else -+ current_boot_entry->arch = EL_TORITO_ARCH_x86; - current_boot_entry->boot_image = boot_image; - break; - case OPTION_ALT_BOOT: -diff --git a/genisoimage/genisoimage.h b/genisoimage/genisoimage.h -index bbedfb0..76e5e21 100644 ---- a/genisoimage/genisoimage.h -+++ b/genisoimage/genisoimage.h -@@ -293,6 +293,7 @@ struct deferred_write { - struct eltorito_boot_entry_info { - struct eltorito_boot_entry_info *next; - char *boot_image; -+ char arch; - int not_bootable; - int no_emul_boot; - int hard_disk_boot; -diff --git a/genisoimage/iso9660.h b/genisoimage/iso9660.h -index c74c2a9..c8b7a05 100644 ---- a/genisoimage/iso9660.h -+++ b/genisoimage/iso9660.h -@@ -62,10 +62,14 @@ struct iso_volume_descriptor { - #define EL_TORITO_ARCH_x86 0 - #define EL_TORITO_ARCH_PPC 1 - #define EL_TORITO_ARCH_MAC 2 -+#define EL_TORITO_ARCH_EFI 0xef - - #define EL_TORITO_BOOTABLE 0x88 - #define EL_TORITO_NOT_BOOTABLE 0 - -+#define EL_TORITO_SECTION_HEADER 0x90 -+#define EL_TORITO_LAST_SECTION_HEADER 0x91 -+ - #define EL_TORITO_MEDIA_NOEMUL 0 - #define EL_TORITO_MEDIA_12FLOP 1 - #define EL_TORITO_MEDIA_144FLOP 2 -@@ -173,7 +177,7 @@ struct eltorito_validation_entry { - struct eltorito_defaultboot_entry { - char boot_id [ISODCL(1, 1)]; /* 711 */ - char boot_media [ISODCL(2, 2)]; -- char loadseg [ISODCL(3, 4)]; /* 711 */ -+ char loadseg [ISODCL(3, 4)]; /* 712 */ - char sys_type [ISODCL(5, 5)]; - char pad1 [ISODCL(6, 6)]; - char nsect [ISODCL(7, 8)]; -@@ -181,6 +185,14 @@ struct eltorito_defaultboot_entry { - char pad2 [ISODCL(13, 32)]; - }; - -+/* El Torito Section Header Entry in boot catalog */ -+struct eltorito_sectionheader_entry { -+ char headerid [ISODCL(1, 1)]; /* 711 */ -+ char arch [ISODCL(2, 2)]; -+ char num_entries [ISODCL(3, 4)]; /* 711 */ -+ char id [ISODCL(5, 32)]; -+}; -+ - /* - * XXX JS: The next two structures have odd lengths! - * Some compilers (e.g. on Sun3/mc68020) padd the structures to even length. diff --git a/SPECS/cdrkit/cdrkit.spec b/SPECS/cdrkit/cdrkit.spec deleted file mode 100644 index 56e8191b08..0000000000 --- a/SPECS/cdrkit/cdrkit.spec +++ /dev/null @@ -1,57 +0,0 @@ -Summary: Utilities for writing cds. -Name: cdrkit -Version: 1.1.11 -Release: 5%{?dist} -License: GPLv2+ -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon -URL: http://gd.tuwien.ac.at/utils/schilling/cdrtools/ - -Source0: %{name}-%{version}.tar.gz -%define sha512 %{name}=e5afcd2cb68d39aeff680a0d5b0a7877f94cf6de111b3cb7388261c665fbd3209ce98a20a01911875af7d6b832a156801b1fa46a4481f7c8ba60b22eac0a5b05 - -Patch0: cdrkit-1.1.9-efi-boot.patch -Patch1: cdrkit-1.1.11-gcc10.patch - -Requires: bash -Requires: libcap - -BuildRequires: cmake -BuildRequires: libcap-devel -BuildRequires: bzip2-devel - -%description -The Cdrtools package contains CD recording utilities. These are useful for reading, creating or writing (burning) Compact Discs. - -%prep -%autosetup -p1 - -%build -%make_build - -%install -export PREFIX=%{_prefix} -%make_install %{?_smp_mflags} -ln -sfv genisoimage %{buildroot}%{_bindir}/mkisofs - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_sbindir}/* -%{_datadir}/man/* - -%changelog -* Thu Jan 14 2021 Alexey Makhalov 1.1.11-5 -- GCC-10 support. -* Fri Oct 13 2017 Alexey Makhalov 1.1.11-4 -- Remove BuildArch -* Mon Mar 6 2017 Alexey Makhalov 1.1.11-3 -- Support for efi boot (.patch) -* Tue May 24 2016 Priyesh Padmavilasom 1.1.11-2 -- GA - Bump release of all rpms -* Sat Feb 14 2015 Sharath George -- first packaging diff --git a/SPECS/cereal/cereal.spec b/SPECS/cereal/cereal.spec deleted file mode 100644 index c028151a7a..0000000000 --- a/SPECS/cereal/cereal.spec +++ /dev/null @@ -1,71 +0,0 @@ -%global debug_package %{nil} - -Name: cereal -Version: 1.3.2 -Release: 1%{?dist} -Summary: A header-only C++11 serialization library -License: BSD -Url: http://uscilab.github.io/cereal -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/USCiLab/cereal/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=98d306d6292789129675f1c5c5aedcb90cfcc1029c4482893a8f9b23f3c9755e5ed4762d7a528f215345cae6392e87cd8d89467115b6f031b41c8673d6b4b109 - -BuildRequires: gcc -BuildRequires: boost-devel -BuildRequires: cmake >= 3.0 - -Requires: boost - -%description -cereal is a header-only C++11 serialization library. cereal takes arbitrary -data types and reversibly turns them into different representations, such as -compact binary encodings, XML, or JSON. cereal was designed to be fast, -light-weight, and easy to extend - it has no external dependencies and can be -easily bundled with other code or used standalone. - -%package devel -Summary: Development headers and libraries for %{name} -Provides: %{name} = %{version}-%{release} - -%description devel -cereal is a header-only C++11 serialization library. cereal takes arbitrary -data types and reversibly turns them into different representations, such as -compact binary encodings, XML, or JSON. cereal was designed to be fast, -light-weight, and easy to extend - it has no external dependencies and can be -easily bundled with other code or used standalone. - -This package contains development headers and libraries for the cereal library - -%prep -%autosetup -p1 - -%build -%cmake \ - -DSKIP_PORTABILITY_TEST=ON \ - -DWITH_WERROR=OFF \ - -DCMAKE_INSTALL_LIBDIR=%{_libdir} \ - -DCMAKE_BUILD_TYPE=Debug - -%cmake_build - -%install -%cmake_install - -%if 0%{?with_check} -%check -%ctest --output-on-failure %{?testargs} -%endif - -%files devel -%defattr(-,root,root) -%doc README.md -%license LICENSE -%{_includedir}/%{name} -%{_libdir}/cmake/%{name} - -%changelog -* Wed Sep 28 2022 Shreenidhi Shedi 1.3.2-1 -- First build, needed for bpftrace. diff --git a/SPECS/check/check.spec b/SPECS/check/check.spec deleted file mode 100644 index 57b912ee7a..0000000000 --- a/SPECS/check/check.spec +++ /dev/null @@ -1,83 +0,0 @@ -Summary: Check-0.12.0 -Name: check -Version: 0.15.2 -Release: 2%{?dist} -License: LGPLv2+ -URL: /~https://github.com/libcheck/check -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/libcheck/check/archive/%{name}-%{version}.tar.gz -%define sha512 %{name}=77fb34348bc1b1517801865afee5064121a245c10685e6bb6b8f743552646a0643cfdf9fd3dfbf9b2297d9430dfdd49616cf7daf41298d2dbd699f10d654a025 - -Requires: gawk - -%description -Check is a unit testing framework for C. It features a simple interface for defining unit tests, -putting little in the way of the developer. Tests are run in a separate address space, -so both assertion failures and code errors that cause segmentation faults or other signals can be caught. - -%package devel -Summary: Libraries and headers for developing programs with check -Requires: %{name} = %{version}-%{release} - -%description devel -Libraries and headers for developing programs with check - -%prep -%autosetup -p1 - -%build -autoreconf --install -%configure -%make_build - -%install -%make_install -find %{buildroot} -name '*.la' -delete -rm %{buildroot}%{_infodir}/dir - -%if 0%{?with_check} -%check -make %{?_smp_mflags} check -%endif - -%ldconfig_scriptlets - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/*.so.* - -%files devel -%defattr(-,root,root) -%{_includedir}/* -%{_libdir}/*.so -%{_libdir}/*.a -%{_mandir}/man1/* -%{_infodir}/* -%{_docdir}/%{name}/* -%{_libdir}/pkgconfig/* -%{_datadir}/aclocal/* - -%changelog -* Thu Sep 15 2022 Shreenidhi Shedi 0.15.2-2 -- Introduce devel subpackage -* Tue Sep 01 2020 Gerrit Photon 0.15.2-1 -- Automatic Version Bump -* Wed Jul 08 2020 Gerrit Photon 0.14.0-1 -- Automatic Version Bump -* Thu Nov 08 2018 Alexey Makhalov 0.12.0-2 -- Cross compilation support -- Added required gawk -* Wed Sep 19 2018 Ajay Kaher 0.12.0-1 -- Upgraded to version 0.12.0 -* Tue May 24 2016 Priyesh Padmavilasom 0.10.0-2 -- GA - Bump release of all rpms -* Tue Feb 23 2016 Xiaolin Li 0.10.0-1 -- Updated to version 0.10.0 -* Wed May 20 2015 Touseef Liaqat 0.9.14-2 -- Updated group. -* Tue Nov 25 2014 Divya Thaluru 0.9.14-1 -- Initial build. First version diff --git a/SPECS/checkpolicy/checkpolicy.spec b/SPECS/checkpolicy/checkpolicy.spec deleted file mode 100644 index e65130e6e3..0000000000 --- a/SPECS/checkpolicy/checkpolicy.spec +++ /dev/null @@ -1,52 +0,0 @@ -Summary: SELinux policy compiler -Name: checkpolicy -Version: 3.5 -Release: 1%{?dist} -License: GPLv2 -Group: System Environment/Libraries -Url: /~https://github.com/SELinuxProject/selinux/wiki -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz -%define sha512 %{name}=fcd490d865af3b4350c32c5dd9916f8406219841e1e255d8945c6dcc958535247aa27af5597a6988e19f11faea7beeabcb46e8ba2431112bb4aa5c7697bca529 - -BuildRequires: libsemanage-devel = %{version} -BuildRequires: bison - -%description -checkpolicy is a program that checks and compiles a SELinux security policy configuration -into a binary representation that can be loaded into the kernel. - -%prep -%autosetup -p1 - -%build -make %{?_smp_mflags} - -%install -make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" \ - BINDIR="%{_bindir}" SBINDIR="%{_sbindir}" %{?_smp_mflags} install -# do not package ru man pages -rm -rf %{buildroot}%{_mandir}/ru - -%files -%defattr(-,root,root,-) -%{_bindir}/%{name} -%{_bindir}/checkmodule -%{_mandir}/man8/checkpolicy.8.gz -%{_mandir}/man8/checkmodule.8.gz - -%changelog -* Wed Apr 05 2023 Gerrit Photon 3.5-1 -- Automatic Version Bump -* Sun Aug 21 2022 Vamsi Krishna Brahmajosyula 3.4-1 -- Upgrade v3.4 -* Fri Apr 08 2022 Shreenidhi Shedi 3.3-1 -- Upgrade v3.3 -* Mon Apr 12 2021 Gerrit Photon 3.2-1 -- Automatic Version Bump -* Thu Jul 23 2020 Gerrit Photon 3.1-1 -- Automatic Version Bump -* Thu Apr 30 2020 Alexey Makhalov 3.0-1 -- Initial build. diff --git a/SPECS/chkconfig/chkconfig-runlevel.patch b/SPECS/chkconfig/chkconfig-runlevel.patch deleted file mode 100644 index 6ec16033c0..0000000000 --- a/SPECS/chkconfig/chkconfig-runlevel.patch +++ /dev/null @@ -1,31 +0,0 @@ -diff --git a/leveldb.c b/leveldb.c -index 5a4d9de..b42a57e 100644 ---- a/leveldb.c -+++ b/leveldb.c -@@ -743,24 +743,8 @@ int parseServiceInfo(int fd, char *name, struct service *service, int honorHide, - - /* returns -1 on error */ - int currentRunlevel(void) { -- FILE *p; -- char response[50]; -- -- p = popen("/sbin/runlevel", "r"); -- if (!p) -- return -1; -- -- if (!fgets(response, sizeof(response), p)) { -- pclose(p); -- return -1; -- } -- -- pclose(p); -- -- if (response[1] != ' ' || !isdigit(response[2]) || response[3] != '\n') -- return -1; -- -- return response[2] - '0'; -+ // Photon OS only supports running chkconfig from runlevel 3 -+ return 3; - } - - int findServiceEntries(char *name, int level, glob_t *globresptr) { diff --git a/SPECS/chkconfig/chkconfig-shortopt.patch b/SPECS/chkconfig/chkconfig-shortopt.patch deleted file mode 100644 index 757fc652e2..0000000000 --- a/SPECS/chkconfig/chkconfig-shortopt.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/chkconfig.c b/chkconfig.c -index 8730cfb..fdc2bc5 100644 ---- a/chkconfig.c -+++ b/chkconfig.c -@@ -696,8 +696,8 @@ int main(int argc, const char **argv) { - struct service s; - poptContext optCon; - struct poptOption optionsTable[] = { -- {"add", '\0', 0, &addItem, 0}, -- {"del", '\0', 0, &delItem, 0}, -+ {"add", 'a', 0, &addItem, 0}, -+ {"del", 'd', 0, &delItem, 0}, - {"override", '\0', 0, &overrideItem, 0}, - {"no-redirect", '\0', 0, &noRedirectItem, 0}, - {"list", '\0', 0, &listItem, 0}, diff --git a/SPECS/chkconfig/chkconfig.spec b/SPECS/chkconfig/chkconfig.spec deleted file mode 100644 index dd51508ef4..0000000000 --- a/SPECS/chkconfig/chkconfig.spec +++ /dev/null @@ -1,489 +0,0 @@ -Summary: A system tool for maintaining the /etc/rc*.d hierarchy -Name: chkconfig -Version: 1.21 -Release: 2%{?dist} -License: GPLv2 -Group: System Environment/Base -URL: https://git.fedorahosted.org/git/chkconfig.git -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://fedorahosted.org/releases/c/h/chkconfig/%{name}-%{version}.tar.gz -%define sha512 %{name}=92cb420ec0247d48a672705c87417a3955e603de267e123aa1aa8c26c73707283a21b82a8321288498312b6612a723b7d557e85ce8ca9cfabae268f16bfe9ce6 - -Patch0: chkconfig-shortopt.patch -Patch1: ignore-priorities.patch -Patch2: chkconfig-runlevel.patch -Patch3: print-service-on-off.patch - -Requires: libselinux -Requires: libsepol -Requires: newt -Requires: popt -Requires: slang -Requires: systemd - -BuildRequires: systemd-devel -BuildRequires: newt-devel -BuildRequires: gettext-devel -BuildRequires: popt-devel -BuildRequires: libselinux-devel - -Conflicts: initscripts <= 5.30-1 - -%description -Chkconfig is a basic system utility. It updates and queries runlevel -information for system services. Chkconfig manipulates the numerous -symbolic links in /etc/rc.d, to relieve system administrators of some -of the drudgery of manually editing the symbolic links. - -%package -n ntsysv -Summary: A tool to set the stop/start of system services in a runlevel -Group: System Environment/Base -Requires: chkconfig - -%description -n ntsysv -Ntsysv provides a simple interface for setting which system services -are started or stopped in various runlevels (instead of directly -manipulating the numerous symbolic links in /etc/rc.d). Unless you -specify a runlevel or runlevels on the command line (see the man -page), ntsysv configures the current runlevel (5 if you're using X). - -%prep -%autosetup -p1 - -%build -%make_build - -%install -%make_install %{?_smp_mflags} \ - MANDIR=%{_mandir} SBINDIR=%{_sbindir} - -ln -sv rc.d/init.d %{buildroot}%{_sysconfdir}/init.d - -mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d \ - %{buildroot}%{_sysconfdir}/rc.d/rc{0..6}.d \ - %{buildroot}%{_sysconfdir}/chkconfig.d - -for n in 0 1 2 3 4 5 6; do - ln -s rc.d/rc${n}.d %{buildroot}%{_sysconfdir}/rc${n}.d -done - -%find_lang %{name} - -%clean -rm -rf %{buildroot} - -%files -f %{name}.lang -%defattr(-,root,root) -%{!?_licensedir:%global license %%doc} -%license COPYING -%dir %{_sysconfdir}/alternatives -%{_sbindir}/chkconfig -%{_sbindir}/update-alternatives -%{_sbindir}/alternatives -%{_sysconfdir}/chkconfig.d -%{_sysconfdir}/init.d -%{_sysconfdir}/rc.d -%{_sysconfdir}/rc.d/init.d -%{_sysconfdir}/rc[0-6].d -%{_sysconfdir}/rc.d/rc[0-6].d -%dir %{_sharedstatedir}/alternatives -%{_mandir}/*/chkconfig* -%{_mandir}/*/update-alternatives* -%{_mandir}/*/alternatives* -%{_libdir}/systemd/systemd-sysv-install - -%files -n ntsysv -%defattr(-,root,root) -%{_sbindir}/ntsysv -%{_mandir}/*/ntsysv.8* - -%changelog -* Sat Jan 14 2023 Ashwin Dayanand Kamat 1.21-2 -- Bump version as a part of gettext upgrade -* Fri Oct 28 2022 Gerrit Photon 1.21-1 -- Automatic Version Bump -* Thu Jun 24 2021 Nitesh Kumar 1.9-2 -- Added Vendor, Distribution and fixed bogus date -* Fri Apr 07 2017 Anish Swaminathan 1.9-1 -- Upgrade to 1.9 -* Mon Oct 31 2016 Anish Swaminathan 1.5-7 -- Chkconfig patch to fix interaction with systemd -* Tue Sep 13 2016 Anish Swaminathan 1.5-6 -- Chkconfig patch to return runlevel 3 on Photon OS -* Tue May 24 2016 Priyesh Padmavilasom 1.5-5 -- GA - Bump release of all rpms -* Mon Dec 07 2015 Mahmoud Bassiouny -- Ability for chkconfig to ignore priorities. -* Tue Dec 01 2015 Mahmoud Bassiouny -- Allowing chkconfing to print service on/off status on the current runlevel. -* Fri Nov 20 2015 Sharath George -- Adding shortopt for add and delete. -* Tue Oct 27 2015 Mahmoud Bassiouny -- Initial build for PhotonOS. First version -* Mon Jun 01 2015 Lukáš Nykrýn - 1.5-1 -- add systemd-sysv-install alias -- don't create symlinks if they already exist -- fix wrongly behaving LDFLAGS -* Thu Mar 26 2015 Lukáš Nykrýn - 1.4-1 -- ntsysv: show systemd services and sockets -- fix combination --type xinetd --list service -- leveldb: restore selinux context for xinetd conf files -- alternatives: remove unused variable -- alternatives: warn if the target is not a symlink -- spec: add link to git -- lets simplify version -* Wed Nov 05 2014 Lukáš Nykrýn - 1.3.63-1 -- alternatives: during install don't call preset on enabled services -* Tue Aug 12 2014 Lukáš Nykrýn - 1.3.62-1 -- use systemctl preset, not systemctl enable -- fix typo in manpage -- partly support socket activated services -* Wed Jul 31 2013 Lukáš Nykrýn - 1.3.61-1 -- try to make install_initd work -- fix permission issues with xinetd services -* Tue Mar 12 2013 Lukáš Nykrýn - 1.3.60-1 -- don't completely override LDFLAGS -- pass along any rpm-configured LD flags -- make sure install_initd/remove_initd provides appropriate help output for those commands (#803818) -- check for overridden services in /etc too (#850899) -- chconfig should own /etc/rc.d (#894328) -- isXinetdEnabled should also ask systemd (#820363) -- alternatives: look for service file also in /etc -- alternatives: add --list option (#622635) -- chkconfig: add hint to call systemctl list-unit-files and list-dependencies (#800334) -- chkconfig: correctly handle unreadable init.d (#913807) -- alternatives: call systemctl enable with --force (#915667) -* Wed Mar 7 2012 Bill Nottingham 1.3.59-1 -- translation updates -- xinetd may be a systemd service. Make sure we can still reload it (#800490) -* Fri Feb 10 2012 Bill Nottingham 1.3.58-1 -- fix forwarding to systemctl with systemd >= 41 (#789256) -- assorted regression fixes from 1.3.57 (#782152, etc.) -* Wed Jan 04 2012 Bill Nottingham 1.3.57-1 -- assorted cleanups to LSB dependency support (#693202 fixed properly, #701573) -- fix stop values for LSB-only scripts (#696305, ) -- don't apply start deps for services that aren't starting anywhere (#750446) -* Tue Oct 11 2011 Bill Nottingham 1.3.56-1 -- add the systemd warning when no arguments are passed () -* Wed Aug 31 2011 Bill Nottingham 1.3.55-1 -- update translations (#734631) -* Tue Jul 19 2011 Bill Nottingham 1.3.54-1 -- alternatives: fix --initscript systemd support (#714830) -- revert forwarding of 'chkconfig --del' to 'systemctl disable' -* Fri Jul 15 2011 Bill Nottingham 1.3.53-1 -- ntsysv: change the default to configure runlevels 2/3/4/5 (#709254) -- alternatives: check whether the --initscript param is a systemd service, act appropriately (#714830) -- forward chkconfig --del to systemctl deactivate where necessary -* Wed Apr 27 2011 Bill Nottingham 1.3.52-1 -- set state before frobbing dependencies (#693202) -- ntsysv: don't list or configure service overridden by systemd (#691224) -- chkconfig: don't show services overridden by systemd in --list (#693504, #693500) -- don't forward to systemd if it's not installed () -- update translations -* Wed Mar 09 2011 Bill Nottingham 1.3.51-1 -- further fixes to systemctl integration (, ) -* Wed Feb 16 2011 Bill Nottingham 1.3.50-1 -- forward actions to systemctl when necessary () -- assorted translation updates -* Tue Nov 9 2010 Bill Nottingham 1.3.49-1 -- fix stop on free of uninitialized data. (#649227) -* Wed Oct 27 2010 Bill Nottingham 1.3.48-1 -- fix install_initd invocation for services that require $local_fs (#632294) -* Tue Aug 10 2010 Bill Nottingham 1.3.47-1 -- Fix regression introduced in 1.3.45 (#622799) -* Wed May 05 2010 Bill Nottingham 1.3.46-1 -- translation updates: hu, kn, ko (#589187) -* Thu Mar 04 2010 Bill Nottingham 1.3.45-1 -- add support for Should-Start, Should-Stop (#98470, ) -- ntsysv: don't drop initscripts with '.' in the name (#556751) -- translation updates: el, id -* Tue Sep 29 2009 Bill Nottingham 1.3.44-1 -- alternatives: update symlinks if they exist on installation (#104940) -- alternatives: clarify error messages with more context (#441443) -- alternatives: fix removal of manual links (#525021, ) -- translation updates: ml, mr, pl, ta, uk -* Mon Sep 14 2009 Bill Nottingham 1.3.43-1 -- ntsysv man page tweak (#516599) -- another minor LSB tweak (#474223) -- translation updates -* Fri Mar 6 2009 Bill Nottingham 1.3.42-1 -- further LSB fixes (#474223) -- throw errors on various malformed init scripts (#481198) -- man page updates re: LSB (#487979) -- translation updates: mai, gu, pt_BR, ro, ca, pa, sr, fr, hu -* Tue Jan 20 2009 Bill Nottingham 1.3.41-1 -- restore return code & error on unconfigured services (#480805) -* Fri Dec 5 2008 Bill Nottingham 1.3.40-1 -- fix some overflows. (#176944) -- add --type parameter to specify either xinetd or sysv services. - (#467863, -- do a permissions check before add/remove/on/off/resetpriorities. (#450254) -- parse Short-Description correctly (#441813, ) -* Thu Dec 4 2008 Bill Nottingham 1.3.39-1 -- fail if dependencies fail on add/remove in LSB mode (#474223) -* Wed Oct 29 2008 Bill Nottingham 1.3.38-1 -- Fix runlevel list in man page (#466739) -- translation updates -* Thu Nov 8 2007 Bill Nottingham 1.3.37-1 -- make no options do --list (#290241, #176184) -- sr@Latn -> sr@latin -* Tue Sep 25 2007 Bill Nottingham 1.3.36-1 -- buildreq popt-devel, link it dynamically (#279531) -- translation updates: kn, ko, mr, ro -* Fri Aug 3 2007 Bill Nottingham 1.3.35-1 -- clarify licensing -* Mon Apr 16 2007 Bill Nottingham 1.3.34-1 -- translation updates: as, bg, bn_IN, bs, ca, de, fr, hi, hu, id, ja, - ka, ml, ms, nb, or, sk, sl -- add resetpriorities to the man page (#197399) -* Tue Feb 6 2007 Bill Nottingham 1.3.33-1 -- various changes from review - support alternate %%{_sbindir}, fix - summaries, add version to requires, assorted other bits -* Fri Feb 2 2007 Bill Nottingham 1.3.32-1 -- support overriding various defaults via /etc/chkconfig.d () -* Thu Feb 1 2007 Bill Nottingham 1.3.31-1 -- fix man page (#220558, ) -- add some more verbiage in alternatives man page (#221089) -- don't print usage message on a nonexstent service (#226804) -* Fri Dec 1 2006 Bill Nottingham 1.3.30.1-1 -- translation updates: as, ka, lv, ml, te (#216617) -* Thu Sep 7 2006 Bill Nottingham 1.3.30-1 -- license cleanup -* Fri Feb 24 2006 Bill Nottingham 1.3.29-1 -- fix accidental enabling of services on --add (#182729) -* Mon Feb 13 2006 Bill Nottingham 1.3.27-1 -- translation updates -* Thu Feb 2 2006 Bill Nottingham 1.3.26-1 -- add support for resetting priorities without on/off status (#178864) -* Wed Nov 30 2005 Bill Nottingham 1.3.25-1 -- return an error if changing services fails (#150235) -* Fri Nov 18 2005 Bill Nottingham 1.3.24-1 -- when removing alternatives links, check to make sure they're - actually links (#173685) -* Fri Nov 11 2005 Bill Nottingham 1.3.23-1 -- fix ntsysv (#172996) -* Wed Nov 9 2005 Bill Nottingham -- fix doSetService call in frobOneDependencies -* Tue Nov 8 2005 Bill Nottingham -- for LSB scripts, use any chkconfig: priorities as a basis, - instead of 50/50 (#172599) -- fix LSB script dependency setting when no chkconfig: line - is present (#161870, ) -- fix LSB script dependency setting when one of Required-Stop - or Required-Start: is missing (#168457) -* Fri Oct 7 2005 Bill Nottingham -- fix segfault on directories in /etc/xinetd.d (#166385) -- don't needlessly rewrite xinetd files (#81008) -* Thu May 5 2005 Bill Nottingham 1.3.20-1 -- fix deletion of orphaned secondary links (#131496, ) -* Fri Apr 29 2005 Bill Nottingham 1.3.19-1 -- build with updated translations -* Thu Mar 3 2005 Bill Nottingham 1.3.18-1 -- actually return an error code if changing a service info fails -* Tue Feb 22 2005 Bill Nottingham 1.3.17-1 -- more chkconfig: vs. LSB fixes (#149066) -* Thu Feb 10 2005 Bill Nottingham 1.3.16-1 -- prefer chkconfig: start/stop priorities in LSB mode unless - Required-Start/Stop are used -* Mon Feb 7 2005 Bill Nottingham 1.3.15-1 -- print usage when various invalid args are passed (#147393) -* Wed Feb 2 2005 Bill Nottingham 1.3.14-1 -- resize reasonably with larger screens (#74156) -- don't error out completely on bad symlink (#74324) -- use ngettext (#106176) -- error out on invalid start/stop values (#109858) -- some man page updates -- fix return code of chkconfig for xinetd services (#63123) -- sort chkconfig --list display (#61576, ) -* Tue Jan 11 2005 Bill Nottingham 1.3.13-1 -- fix LSB comment parsing some more (#144739) -* Thu Oct 28 2004 Bill Nottingham 1.3.11.2-1 -- fix manpage reference (#137492) -* Fri Oct 1 2004 Bill Nottingham 1.3.11.1-1 -- rebuild with updated translations -* Fri Jun 4 2004 Bill Nottingham 1.3.11-1 -- fix LSB comment parsing (#85678) -* Sat May 29 2004 Bill Nottingham 1.3.10-1 -- mark alternatives help output for translation (#110526) -* Wed Oct 22 2003 Bill Nottingham 1.3.9-1 -- update translations -* Mon Jul 28 2003 Bill Nottingham 1.3.8-4 -- rebuild -* Tue May 13 2003 Dan Walsh 1.3.8-3 -- Update for RHEL -* Thu May 8 2003 Dan Walsh 1.3.8-2 -- Fix readXinetdServiceInfo to return error on not regular files -- Fix chkconfig to not write messages if readXinetdServiceInfo gets an error -* Fri Jan 31 2003 Bill Nottingham 1.3.8-1 -- fix some wording in alternatives (#76213) -- actually mark alternatives for translation -* Thu Dec 12 2002 Elliot Lee 1.3.7-1 -- Link to libpopt in a multilib-safe fashion. -* Thu Aug 29 2002 Trond Eivind Glomsrød 1.3.6-3 -- bump -* Thu Aug 15 2002 Bill Nottingham 1.3.6-2 -- rebuild against new newt -* Mon Aug 12 2002 Bill Nottingham 1.3.6-1 -- make on and off handle runlevel 2 too (#70766) -* Mon Apr 15 2002 Trond Eivind Glomsrød 1.3.5-3 -- Update translations -* Mon Apr 15 2002 Trond Eivind Glomsrød 1.3.5-2 -- Update translations -* Sun Apr 7 2002 Jeremy Katz 1.3.5-1 -- alternatives: handle default with --config properly (#62009) -* Thu Mar 14 2002 Bill Nottingham 1.3.4-1 -- don't apply the dependency logic to things that already have - start/stop priorities -- fix silly display bug in --config -* Tue Mar 12 2002 Bill Nottingham 1.3.2-1 -- chkconfig: LSB support -* Fri Mar 8 2002 Bill Nottingham -- alternatives: handle initscripts too; --initscript command-line option -- chkconfig/ntsysv (and serviceconf, indirectly): services with - *no* links in /etc/rc*.d are no longer displayed with --list, or - available for configuration except via chkconfig command-line options -- alternatives: fix trying to enable deactivate a null service -* Tue Mar 5 2002 Bill Nottingham -- alternatives: handle things with different numbers of secondary links -* Mon Mar 4 2002 Bill Nottingham -- minor alternatives tweaks: don't install the same thing multiple times -* Wed Jan 30 2002 Bill Nottingham -- actually, put the alternatives stuff back in /usr/sbin -- ship /etc/alternatives dir -- random alternatives fixes -* Sun Jan 27 2002 Erik Troan -- reimplemented update-alternatives as just alternatives -* Fri Jan 25 2002 Bill Nottingham -- add in update-alternatives stuff (perl ATM) -* Mon Aug 27 2001 Trond Eivind Glomsrød -- Update translations -* Tue Jun 12 2001 Bill Nottingham -- don't segfault on files that are exactly the length of a page size - (#44199, ) -* Sun Mar 4 2001 Bill Nottingham -- don't show xinetd services in ntsysv if xinetd doesn't appear to be - installed (#30565) -* Wed Feb 14 2001 Preston Brown -- final translation update. -* Tue Feb 13 2001 Preston Brown -- warn in ntsysv if not running as root. -* Fri Feb 2 2001 Preston Brown -- use lang finder script -* Fri Feb 2 2001 Bill Nottingham -- finally fix the bug Nalin keeps complaining about :) -* Wed Jan 24 2001 Preston Brown -- final i18n update before Beta. -* Wed Oct 18 2000 Bill Nottingham -- ignore .rpmnew files (#18915) -- fix typo in error message (#17575) -* Wed Aug 30 2000 Nalin Dahyabhai -- make xinetd config files mode 0644, not 644 -* Thu Aug 24 2000 Erik Troan -- updated it and es translations -* Sun Aug 20 2000 Bill Nottingham -- get man pages in proper packages -* Sun Aug 20 2000 Matt Wilson -- new translations -* Wed Aug 16 2000 Nalin Dahyabhai -- don't worry about extra whitespace on chkconfig: lines (#16150) -* Thu Aug 10 2000 Trond Eivind Glomsrød -- i18n merge -* Wed Jul 26 2000 Matt Wilson -- new translations for de fr it es -* Tue Jul 25 2000 Bill Nottingham -- change prereqs -* Sun Jul 23 2000 Bill Nottingham -- fix ntsysv's handling of xinetd/init files with the same name -* Fri Jul 21 2000 Bill Nottingham -- fix segv when reading malformed files -* Wed Jul 19 2000 Bill Nottingham -- put links, rc[0-6].d dirs back, those are necessary -* Tue Jul 18 2000 Bill Nottingham -- add quick hack support for reading descriptions from xinetd files -* Mon Jul 17 2000 Bernhard Rosenkraenzer -- don't own the /etc/rc[0-6].d symlinks; they're owned by initscripts -* Sat Jul 15 2000 Matt Wilson -- move back to old file layout -* Thu Jul 13 2000 Preston Brown -- bump copyright date -* Tue Jul 11 2000 Bill Nottingham -- no %%pre today. Maybe tomorrow. -* Thu Jul 6 2000 Bill Nottingham -- put initscripts %%pre here too -* Mon Jul 3 2000 Bill Nottingham -- oops, if we don't prereq initscripts, we *need* to own /etc/rc[0-6].d -* Sun Jul 2 2000 Bill Nottingham -- add xinetd support -* Tue Jun 27 2000 Matt Wilson -- changed Prereq: initscripts >= 5.18 to Conflicts: initscripts < 5.18 -- fixed sumary and description where a global string replace nuked them -* Mon Jun 26 2000 Matt Wilson -- what Bill said, but actually build this version -* Thu Jun 15 2000 Bill Nottingham -- don't own /etc/rc.* -* Fri Feb 11 2000 Bill Nottingham -- typo in man page -* Wed Feb 02 2000 Cristian Gafton -- fix description -* Wed Jan 12 2000 Bill Nottingham -- link chkconfig statically against popt -* Mon Oct 18 1999 Bill Nottingham -- fix querying alternate levels -* Mon Aug 23 1999 Jeff Johnson -- don't use strchr to skip unwanted files, look at extension instead (#4166). -* Thu Aug 5 1999 Bill Nottingham -- fix --help, --verson -* Mon Aug 2 1999 Matt Wilson -- rebuilt ntsysv against newt 0.50 -* Mon Aug 2 1999 Jeff Johnson -- fix i18n problem in usage message (#4233). -- add --help and --version. -* Mon Apr 19 1999 Cristian Gafton -- release for Red Hat 6.0 -* Thu Apr 8 1999 Matt Wilson -- added support for a "hide: true" tag in initscripts that will make - services not appear in ntsysv when run with the "--hide" flag -* Thu Apr 1 1999 Matt Wilson -- added --hide flag for ntsysv that allows you to hide a service from the - user. -* Mon Mar 22 1999 Bill Nottingham -- fix glob, once and for all. Really. We mean it. -* Thu Mar 18 1999 Bill Nottingham -- revert fix for services@levels, it's broken -- change default to only edit the current runlevel -* Mon Mar 15 1999 Bill Nottingham -- don't remove scripts that don't support chkconfig -* Tue Mar 09 1999 Erik Troan -- made glob a bit more specific so xinetd and inetd don't cause improper matches -* Thu Feb 18 1999 Matt Wilson -- removed debugging output when starting ntsysv -* Thu Feb 18 1999 Preston Brown -- fixed globbing error -- fixed ntsysv running services not at their specified levels. -* Tue Feb 16 1999 Matt Wilson -- print the value of errno on glob failures. -* Sun Jan 10 1999 Matt Wilson -- rebuilt for newt 0.40 (ntsysv) -* Tue Dec 15 1998 Jeff Johnson -- add ru.po. -* Thu Oct 22 1998 Bill Nottingham -- build for Raw Hide (slang-1.2.2) -* Wed Oct 14 1998 Cristian Gafton -- translation updates -* Thu Oct 08 1998 Cristian Gafton -- updated czech translation (and use cs instead of cz) -* Tue Sep 22 1998 Arnaldo Carvalho de Melo -- added pt_BR translations -- added more translatable strings -- support for i18n init.d scripts description -* Sun Aug 02 1998 Erik Troan -- built against newt 0.30 -- split ntsysv into a separate package -* Thu May 07 1998 Erik Troan -- added numerous translations -* Mon Mar 23 1998 Erik Troan -- added i18n support -* Sun Mar 22 1998 Erik Troan -- added --back diff --git a/SPECS/chkconfig/ignore-priorities.patch b/SPECS/chkconfig/ignore-priorities.patch deleted file mode 100644 index 8942a2ebc1..0000000000 --- a/SPECS/chkconfig/ignore-priorities.patch +++ /dev/null @@ -1,100 +0,0 @@ -diff --git a/chkconfig.c b/chkconfig.c -index fdc2bc5..3e7ec54 100644 ---- a/chkconfig.c -+++ b/chkconfig.c -@@ -29,6 +29,7 @@ - #include - - static char *progname; -+static char ignorePriorities; - - #define _(String) gettext((String)) - -@@ -164,7 +165,7 @@ static int delService(char *name, int type, int level) { - } - - static inline int laterThan(int i, int j) { -- if (i <= j) { -+ if (!ignorePriorities && i <= j) { - i = j + 1; - if (i > 99) - i = 99; -@@ -173,7 +174,7 @@ static inline int laterThan(int i, int j) { - } - - static inline int earlierThan(int i, int j) { -- if (i >= j) { -+ if (!ignorePriorities && i >= j) { - i = j - 1; - if (i < 0) - i = 0; -@@ -725,6 +726,7 @@ int main(int argc, const char **argv) { - bindtextdomain("chkconfig", "/usr/share/locale"); - textdomain("chkconfig"); - -+ ignorePriorities = checkIgnorePriorities(); - optCon = poptGetContext("chkconfig", argc, argv, optionsTable, 0); - poptReadDefaultConfig(optCon, 1); - -diff --git a/leveldb.c b/leveldb.c -index 7b8c1bd..5a4d9de 100644 ---- a/leveldb.c -+++ b/leveldb.c -@@ -490,15 +490,23 @@ static struct dep *parseDeps(char *pos, char *end) { - return deps; - } - -+char checkIgnorePriorities() { -+ int fd = open(IGNORE_PRIORITIES_FLAG, O_RDONLY); -+ char ret = fd < 0 ? 0 : 1; -+ close(fd); -+ return ret; -+} -+ - int parseServiceInfo(int fd, char *name, struct service *service, int honorHide, - int partialOk) { - struct stat sb; - char *bufstart, *bufstop, *start, *end, *next, *tmpbufstart; -+ char ignorePriorities = checkIgnorePriorities(); - struct service serv = { - name : NULL, - levels : -1, -- kPriority : 100, -- sPriority : -1, -+ kPriority : (ignorePriorities ? 50 : 100), -+ sPriority : (ignorePriorities ? 50 : -1), - currentLevels : 0, - desc : NULL, - startDeps : NULL, -@@ -575,7 +583,7 @@ int parseServiceInfo(int fd, char *name, struct service *service, int honorHide, - } - } - -- if (!strncmp(start, "chkconfig:", 10)) { -+ if (!ignorePriorities && !strncmp(start, "chkconfig:", 10)) { - int spri, kpri; - - start += 10; -diff --git a/leveldb.h b/leveldb.h -index e308d86..2581b03 100644 ---- a/leveldb.h -+++ b/leveldb.h -@@ -34,6 +34,10 @@ - #define SYSTEMD_LOCAL_SERVICE_PATH "/etc/systemd/system" - #endif - -+#ifndef IGNORE_PRIORITIES_FLAG -+#define IGNORE_PRIORITIES_FLAG "/etc/init.d/ignore_priorities" -+#endif -+ - struct dep { - char *name; - int handled; -@@ -63,6 +67,7 @@ int readServiceInfo(char *name, int type, struct service *service, - int readServices(struct service **services); - int readServiceDifferences(char *name, int type, struct service *service, - struct service *service_overrides, int honorHide); -+char checkIgnorePriorities(); - int parseServiceInfo(int fd, char *name, struct service *service, int honorHide, - int partialOk); - int currentRunlevel(void); diff --git a/SPECS/chkconfig/print-service-on-off.patch b/SPECS/chkconfig/print-service-on-off.patch deleted file mode 100644 index 6f2e25514f..0000000000 --- a/SPECS/chkconfig/print-service-on-off.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff --git a/chkconfig.c b/chkconfig.c -index 3e7ec54..f4f358b 100644 ---- a/chkconfig.c -+++ b/chkconfig.c -@@ -874,17 +874,29 @@ int main(int argc, const char **argv) { - } - } - rc = readServiceInfo(name, type, &s, 0); -- if (rc) -+ if (rc) { -+ fprintf(stderr, "%s: unknown service\n", name); - return 1; -+ } - if (s.type == TYPE_XINETD) { - if (isXinetdEnabled()) - return !s.levels; - else - return 1; - } else { -- if (level == -1) -+ if (level == -1) { - level = currentRunlevel(); -- return s.currentLevels & (1 << level) ? 0 : 1; -+ if (level == -1) { -+ fprintf(stderr, "can not detect the current runlevel\n"); -+ return 1; -+ } -+ } -+ if (s.currentLevels & (1 << level)) { -+ printf("%s on\n", name); -+ } else { -+ printf("%s off\n", name); -+ } -+ return 0; - } - } else if (!strcmp(state, "on")) { - if (!noRedirectItem) { diff --git a/SPECS/chromium/chromium.spec b/SPECS/chromium/chromium.spec deleted file mode 100644 index 6b15ef30f6..0000000000 --- a/SPECS/chromium/chromium.spec +++ /dev/null @@ -1,90 +0,0 @@ -%global debug_package %{nil} -%define chromium_path %{_libdir}/%{name}-browser -%define builddir out/headless - -Summary: chromium -Name: chromium -# Don't bump or upgrade version of this spec -# This is a special package & needs some manual effort -Version: 119.0.6045.176 -Release: 1%{?dist} -License: BSD 3 -URL: https://chromium.googlesource.com/chromium/src -Group: System Utility -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/chromium/chromium/archive/%{name}-%{version}.tar.gz -%define sha512 %{name}=5d61521688875d198a185b304a82c855fa97ec871441bc65adb812fdabd5f92d8ba08dabe13b8ae81779582d829d18532e4adb9709fc4b50841c0ecc84f44d9d - -# git clone --depth 1 https://chromium.googlesource.com/chromium/tools/depot_tools.git -# tar cJf depot_tools-.tar.xz depot_tools -Source1: depot_tools-eb48a6a.tar.xz -%define sha512 depot_tools=5b83f5afd6d50f525c25a0f70096de150e54b6b9c42f62900a34ea5142fb00bd1564470297af673a73af499391ef82e70a23972584906dc7595cb5e677abb606 - -Source2: headless.gn - -BuildRequires: git -BuildRequires: nss-devel -BuildRequires: dbus-devel -BuildRequires: glib-devel -BuildRequires: glibc-devel -BuildRequires: nspr-devel -BuildRequires: ninja-build -BuildRequires: gperf - -# TODO: need to revisit for aarch64 -BuildArch: x86_64 - -Requires: glibc -Requires: nspr -Requires: nss-libs -Requires: open-sans-fonts - -%description -Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. - -%prep -%autosetup -a0 -a1 -p1 -n src - -%build -pushd %{_builddir}/src/build/linux/debian_bullseye_amd64-sysroot%{_libdir}/pkgconfig - -cp glib-2.0.pc \ - dbus-1.pc \ - nss.pc \ - nspr.pc \ - %{_libdir}/pkgconfig - -popd - -mkdir -p %{builddir} -cp %{SOURCE2} %{builddir}/args.gn - -%{_builddir}/src/depot_tools/gn gen %{builddir} - -ninja -C %{builddir} headless_shell -j $(nproc) - -%install -mkdir -p %{buildroot}%{chromium_path} -cp -pr %{builddir}/headless_lib_data.pak \ - %{builddir}/headless_lib_strings.pak \ - %{builddir}/headless_shell \ - %{builddir}/libvk_swiftshader.so* \ - %{builddir}/libvulkan.so* \ - %{builddir}/libEGL.so* \ - %{builddir}/libGLESv2.so* \ - %{builddir}/vk_swiftshader_icd.json \ - %{buildroot}%{chromium_path} - -%files -%defattr(-,root,root) -%{chromium_path} - -%changelog -* Mon Nov 20 2023 Shreenidhi Shedi 119.0.6045.176-1 -- Upgrade to v119.0.6045.176 -* Thu Aug 24 2023 Shreenidhi Shedi 116.0.5845.96-1 -- Upgrade to v116.0.5845.93, fixes a bunch of CVEs -* Wed May 31 2023 Shreenidhi Shedi 113.0.5672.95-1 -- Initial packaging with Photon OS diff --git a/SPECS/chromium/headless.gn b/SPECS/chromium/headless.gn deleted file mode 100644 index 404eb518e9..0000000000 --- a/SPECS/chromium/headless.gn +++ /dev/null @@ -1,54 +0,0 @@ -# GN args template for the Headless Chrome library -# -# Add import to arg.gn in out directory and run gn gen on the directory to use. -# E.g. for out directory out/foo: -# echo 'import("//build/args/headless.gn")' > out/foo/args.gn -# gn gen out/foo -# -# Use gn args to add your own build preference args. -use_ozone = true -ozone_auto_platforms = false -ozone_platform = "headless" -ozone_platform_headless = true -angle_enable_vulkan = true -angle_enable_swiftshader = true -# Embed resource.pak into binary to simplify deployment. -headless_use_embedded_resources = true -# Disable headless commands support. -headless_enable_commands = false -# Don't use Prefs component, disabling access to Local State prefs. -headless_use_prefs = false -# Don't use Policy component, disabling all policies. -headless_use_policy = false -# Remove a dependency on a system fontconfig library. -use_bundled_fontconfig = true -# In order to simplify deployment we build ICU data file -# into binary. -icu_use_data_file = false -# Use embedded data instead external files for headless in order -# to simplify deployment. -v8_use_external_startup_data = false -enable_nacl = false -use_goma=false -enable_print_preview = false -enable_remoting = false -use_alsa = false -use_bluez = false -use_cups = false -use_dbus = false -use_gio = false -use_kerberos = false -use_libpci = false -use_pulseaudio = false -use_udev = false -rtc_use_pipewire = false -v8_enable_lazy_source_positions = false -use_glib = false -use_gtk = false -use_pangocairo = false - -is_debug=false -is_official_build=true -symbol_level=0 -blink_symbol_level=0 -chrome_pgo_phase=0 diff --git a/SPECS/chrony/chrony.spec b/SPECS/chrony/chrony.spec deleted file mode 100644 index 520490955d..0000000000 --- a/SPECS/chrony/chrony.spec +++ /dev/null @@ -1,131 +0,0 @@ -Name: chrony -Version: 4.3 -Release: 1%{?dist} -Summary: An NTP client/server -License: GPLv2 -Vendor: VMware, Inc. -Distribution: Photon -Group: System Environment/NetworkingPrograms -URL: https://chrony.tuxfamily.org - -Source0: https://download.tuxfamily.org/chrony/chrony-%{version}.tar.gz -%define sha512 %{name}=1394bac3ed684352fe89b7fef7da50e61f9f522abee807627ae1fc4c2dde891017bc8e5b13759fced028f3a1e875d5e4e5a4f85de65c63b5f83d0ca03bb4c5df - -BuildRequires: systemd -BuildRequires: libcap-devel -BuildRequires: nettle-devel -BuildRequires: libseccomp-devel -BuildRequires: bison - -Requires: nettle -Requires: libcap -Requires: libseccomp - -%description -chrony is a versatile implementation of the Network Time Protocol (NTP). -It can synchronise the system clock with NTP servers, reference clocks -(e.g. GPS receiver), and manual input using wristwatch and keyboard. It -can also operate as an NTPv4 (RFC 5905) server and peer to provide a time -service to other computers in the network. - -%prep -%autosetup -p1 - -cp examples/chrony.conf.example2 chrony.conf - -# regenerate the file from getdate.y -rm -f getdate.c - -%build -%configure \ - --enable-ntp-signd \ - --enable-scfilter \ - --docdir=%{_docdir} \ - --with-ntp-era=$(date -d '1970-01-01 00:00:00+00:00' +'%s') - -%make_build - -%install -%make_install %{?_smp_mflags} - -mkdir -p %{buildroot}%{_sysconfdir}/{sysconfig,logrotate.d} \ - %{buildroot}%{_localstatedir}/{lib,log}/chrony \ - %{buildroot}%{_sysconfdir}/dhcp/dhclient.d \ - %{buildroot}%{_libexecdir} \ - %{buildroot}{%{_unitdir},%{_libdir}/systemd/ntp-units.d} - -install -m 644 -p chrony.conf %{buildroot}%{_sysconfdir}/chrony.conf - -install -m 640 -p examples/chrony.keys.example \ - %{buildroot}%{_sysconfdir}/chrony.keys - -install -m 644 -p examples/chrony.logrotate \ - %{buildroot}%{_sysconfdir}/logrotate.d/chrony - -install -m 644 -p examples/chronyd.service \ - %{buildroot}%{_unitdir}/chronyd.service - -install -m 644 -p examples/chrony-wait.service \ - %{buildroot}%{_unitdir}/chrony-wait.service - -cat > %{buildroot}%{_sysconfdir}/sysconfig/chronyd < \ - %{buildroot}%{_libdir}/systemd/ntp-units.d/50-chronyd.list - -%if 0%{?with_check} -%check -make %{?_smp_mflags} -make quickcheck %{?_smp_mflags} -%endif - -%post -%systemd_post chronyd.service chrony-wait.service - -%preun -%systemd_preun chronyd.service chrony-wait.service - -%postun -%systemd_postun_with_restart chronyd.service - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root) -%license COPYING -%doc FAQ NEWS README -%config(noreplace) %{_sysconfdir}/chrony.conf -%config(noreplace) %verify(not md5 size mtime) %attr(640,root,root) %{_sysconfdir}/chrony.keys -%config(noreplace) %{_sysconfdir}/logrotate.d/chrony -%config(noreplace) %{_sysconfdir}/sysconfig/chronyd -%{_bindir}/chronyc -%{_sbindir}/chronyd -%{_libdir}/systemd/ntp-units.d/*.list -%{_unitdir}/chrony*.service -%{_mandir}/man[158]/%{name}*.[158]* -%dir %attr(-,root,root) %{_sharedstatedir}/chrony -%ghost %attr(-,root,root) %{_sharedstatedir}/chrony/drift -%ghost %attr(-,root,root) %{_sharedstatedir}/chrony/rtc -%dir %attr(-,root,root) %{_localstatedir}/log/chrony - -%changelog -* Fri Oct 28 2022 Gerrit Photon 4.3-1 -- Automatic Version Bump -* Wed Aug 24 2022 Shreenidhi Shedi 4.2-2 -- Bump version as a part of nettle upgrade -* Mon Apr 18 2022 Gerrit Photon 4.2-1 -- Automatic Version Bump -* Tue Aug 17 2021 Shreenidhi Shedi 4.0-4 -- Bump version as a part of nettle upgrade -* Wed Jul 07 2021 Tapas Kundu 4.0-3 -- Added requires -* Thu Nov 19 2020 Piyush Gupta 4.0-2 -- Make check fix -* Mon Jul 06 2020 Siddharth Chandrasekaran 4.0-1 -- Initial version for Photon diff --git a/SPECS/chrpath/chrpath.spec b/SPECS/chrpath/chrpath.spec deleted file mode 100644 index 9231740beb..0000000000 --- a/SPECS/chrpath/chrpath.spec +++ /dev/null @@ -1,39 +0,0 @@ -Summary: Change rpath of binaries -Name: chrpath -Version: 0.16 -Release: 1%{?dist} -License: GPL+ -URL: https://chrpath.alioth.debian.org/ -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon -Source0: https://alioth.debian.org/frs/download.php/file/3979/%{name}-%{version}.tar.gz -%define sha1 chrpath=174bb38c899229f4c928734b20e730f61191795a - -%description -Command line tool to adjust the RPATH or RUNPATH of ELF binaries. - -%prep -%setup -q - - -%build -%configure -make %{?_smp_mflags} - -%check -make check - -%install -make install DESTDIR=%{buildroot} INSTALL="install -p" -rm -rf %{buildroot}/usr/doc - - -%files -%doc AUTHORS README NEWS ChangeLog* COPYING -%{_bindir}/chrpath -%{_mandir}/man1/chrpath.1* - -%changelog -* Wed Apr 05 2017 Anish Swaminathan 0.16-1 -- Initial packaging diff --git a/SPECS/cifs-utils/cifs-utils.spec b/SPECS/cifs-utils/cifs-utils.spec deleted file mode 100644 index 5452fb2380..0000000000 --- a/SPECS/cifs-utils/cifs-utils.spec +++ /dev/null @@ -1,73 +0,0 @@ -Summary: cifs client utils -Name: cifs-utils -Version: 7.0 -Release: 1%{?dist} -License: GPLv3 -URL: http://wiki.samba.org/index.php/LinuxCIFS_utils -Group: Applications/Nfs-utils-client -Source0: https://ftp.samba.org/pub/linux-cifs/cifs-utils/cifs-utils-%{version}.tar.bz2 -%define sha512 cifs-utils=4c57741af0c4567a78f352c73caca998881666a5ed36536275cfa775efd66ff1a44ebe539a8ed96c409c5b08a1378266964ce667a27e9fc7f2d43999c63dd0eb -Vendor: VMware, Inc. -Distribution: Photon -BuildRequires: libcap-ng-devel -BuildRequires: libtalloc-devel -Requires: libcap-ng - -%description -Cifs-utils, a package of utilities for doing and managing mounts of the Linux CIFS filesystem. - -%package devel -Summary: The libraries and header files needed for Cifs-Utils development. -Group: Development/Libraries -Requires: cifs-utils = %{version}-%{release} - -%description devel -Provides header files needed for Cifs-Utils development. - -%prep -%autosetup - -%build -%configure \ - ROOTSBINDIR=/usr/sbin \ - --disable-pam \ - --disable-systemd && -%make_build - -%install -%make_install - -%check -make %{?_smp_mflags} check - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_sbindir}/mount.cifs -%{_sbindir}/mount.smb3 - -%files devel -%defattr(-,root,root) -%{_includedir}/cifsidmap.h - -%changelog -* Thu Dec 15 2022 Ashwin Dayanand Kamat 7.0-1 -- Upgrade to version 7.0 -* Tue Dec 06 2022 Ashwin Dayanand Kamat 6.14-2 -- Bump version as a part of libtalloc upgrade -* Mon Apr 18 2022 Gerrit Photon 6.14-1 -- Automatic Version Bump -* Mon Apr 12 2021 Gerrit Photon 6.13-1 -- Automatic Version Bump -* Wed Sep 09 2020 Gerrit Photon 6.11-1 -- Automatic Version Bump -* Wed Jul 08 2020 Gerrit Photon 6.10-1 -- Automatic Version Bump -* Fri Sep 07 2018 Ajay Kaher 6.8-1 -- Upgraded to version 6.8 -* Thu Apr 06 2017 Anish Swaminathan 6.7-1 -- Upgraded to version 6.7 -* Tue May 24 2016 Priyesh Padmavilasom 6.4-2 -- GA - Bump release of all rpms -* Mon Jan 25 2016 Divya Thaluru 6.4-1 -- Initial build. First version. diff --git a/SPECS/clang/clang.spec b/SPECS/clang/clang.spec deleted file mode 100644 index fff2cefde0..0000000000 --- a/SPECS/clang/clang.spec +++ /dev/null @@ -1,143 +0,0 @@ -%global debug_package %{nil} - -Summary: C, C++, Objective C and Objective C++ front-end for the LLVM compiler. -Name: clang -Version: 15.0.7 -Release: 4%{?dist} -License: NCSA -URL: http://clang.llvm.org -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/llvm/llvm-project/releases/tag/%{name}-%{version}.src.tar.xz -%define sha512 %{name}=9fd2736a9f5993ddbb5b3c507fe497234a6def64f6f418f379d1ca56c9c361ad1ae9a5445ab938230fbc1671ec00b4f802a412b048569023863c20dc6bb46a1f - -BuildRequires: cmake -BuildRequires: llvm-devel = %{version} -BuildRequires: ncurses-devel -BuildRequires: zlib-devel -BuildRequires: libxml2-devel -BuildRequires: python3-devel -BuildRequires: ninja-build - -Requires: libstdc++-devel -Requires: ncurses -Requires: llvm -Requires: zlib -Requires: libxml2 -Requires: python3 - -%description -The goal of the Clang project is to create a new C based language front-end: -C, C++, Objective C/C++, OpenCL C and others for the LLVM compiler. You can get and build the source today. - -%package devel -Summary: Development headers for clang -Requires: %{name} = %{version}-%{release} -Requires: ncurses-devel -%description devel -The clang-devel package contains libraries, header files and documentation for developing applications that use clang. - -%prep -%autosetup -p1 -n %{name}-%{version}.src - -%build -# LLVM_PARALLEL_LINK_JOBS=4 is chosen as a middle ground number -# if we use a bigger value, we will hit OOM, so don't increase it -# unless you are absolutely sure - -%ifarch aarch64 -%define build_concurrency 4 -%define link_concurrency 2 -%else -%define build_concurrency $(nproc) -%define link_concurrency 4 -%endif - -%cmake -G Ninja \ - -DCMAKE_INSTALL_PREFIX=%{_usr} \ - -DCMAKE_BUILD_TYPE=Release \ - -DLLVM_MAIN_INCLUDE_DIR=%{_includedir} \ - -DLLVM_PARALLEL_LINK_JOBS=%{link_concurrency} \ - -DLLVM_PARALLEL_COMPILE_JOBS=%{build_concurrency} \ - -DBUILD_SHARED_LIBS=OFF \ - -Wno-dev - -%cmake_build - -%install -%cmake_install - -mkdir -p %{buildroot}%{python3_sitelib} -mv %{buildroot}%{_libdir}/{libear,libscanbuild} %{buildroot}%{python3_sitelib} - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%if 0%{?with_check} -%check -cd %{__cmake_builddir} -make clang-check %{?_smp_mflags} -%endif - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_libexecdir}/* -%{_libdir}/*.so.* -%{_datadir}/* - -%files devel -%defattr(-,root,root) -%{_libdir}/*.so -%{_libdir}/*.a -%{_libdir}/cmake/* -%{_libdir}/clang/* -%{_includedir}/* -%{python3_sitelib}/libear -%{python3_sitelib}/libscanbuild - -%changelog -* Fri Jun 09 2023 Nitesh Kumar 15.0.7-4 -- Bump version as a part of ncurses upgrade to v6.4 -* Wed Apr 19 2023 Ashwin Dayanand Kamat 15.0.7-3 -- Bump version as a part of libxml2 upgrade -* Fri Apr 14 2023 Shreenidhi Shedi 15.0.7-2 -- Bump version as a part of zlib upgrade -* Sat Feb 18 2023 Vamsi Krishna Brahmajosyula 15.0.7-1 -- Upgrade to v15.0.7 -* Fri Dec 02 2022 Shreenidhi Shedi 15.0.6-1 -- Upgrade to v15.0.6 -* Mon Oct 17 2022 Prashant S Chauhan 15.0.1-2 -- Update release to compile with python 3.11 -* Tue Sep 27 2022 Shreenidhi Shedi 15.0.1-1 -- Upgrade to v15.0.1 -* Thu Jul 14 2022 Shreenidhi Shedi 12.0.0-4 -- Further fixes to cmake macro usages -* Mon Jun 20 2022 Shreenidhi Shedi 12.0.0-3 -- Use cmake macros for build and install -* Wed Nov 17 2021 Nitesh Kumar 12.0.0-2 -- Release bump up to use libxml2 2.9.12-1. -* Mon Apr 12 2021 Gerrit Photon 12.0.0-1 -- Automatic Version Bump -* Tue Mar 16 2021 Michael Paquier 11.0.1-2 -- Addition of required dependency to ncurses-devel for devel package. -* Thu Feb 04 2021 Shreenidhi Shedi 11.0.1-1 -- Upgrade to v11.0.1 -* Mon Aug 24 2020 Gerrit Photon 10.0.1-1 -- Automatic Version Bump -* Tue Jun 23 2020 Tapas Kundu 6.0.1-2 -- Build with python3 -- Mass removal python2 -* Thu Aug 09 2018 Srivatsa S. Bhat 6.0.1-1 -- Update to version 6.0.1 to get it to build with gcc 7.3 -* Wed Jun 28 2017 Chang Lee 4.0.0-2 -- Updated %check -* Fri Apr 7 2017 Alexey Makhalov 4.0.0-1 -- Version update -* Wed Jan 11 2017 Xiaolin Li 3.9.1-1 -- Initial build. diff --git a/SPECS/cloud-init/0001-azure-ds.patch b/SPECS/cloud-init/0001-azure-ds.patch deleted file mode 100644 index 56c9f07192..0000000000 --- a/SPECS/cloud-init/0001-azure-ds.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 6a4476407b8f43c5d290a2909a463c9081941c23 Mon Sep 17 00:00:00 2001 -From: Shreenidhi Shedi -Date: Thu, 7 Sep 2023 12:53:58 +0530 -Subject: [PATCH 1/5] azure ds - -Signed-off-by: Shreenidhi Shedi ---- - cloudinit/sources/helpers/azure.py | 30 ++++++++++++++++++++++++++++++ - 1 file changed, 30 insertions(+) - -diff --git a/cloudinit/sources/helpers/azure.py b/cloudinit/sources/helpers/azure.py -index 6e5c1f4..155b037 100644 ---- a/cloudinit/sources/helpers/azure.py -+++ b/cloudinit/sources/helpers/azure.py -@@ -1,5 +1,6 @@ - # This file is part of cloud-init. See LICENSE file for license information. - import base64 -+import configobj - import json - import logging - import os -@@ -11,6 +12,7 @@ import zlib - from contextlib import contextmanager - from datetime import datetime - from errno import ENOENT -+from io import StringIO - from time import sleep, time - from typing import TYPE_CHECKING, Callable, List, Optional, TypeVar, Union - from xml.etree import ElementTree -@@ -48,6 +50,8 @@ azure_ds_reporter = events.ReportEventStack( - - T = TypeVar("T") - -+NETWORKD_LEASES_DIR = '/run/systemd/netif/leases' -+ - - def azure_ds_telemetry_reporter(func: Callable[..., T]) -> Callable[..., T]: - def impl(*args, **kwargs): -@@ -926,6 +930,32 @@ class WALinuxAgentShim: - report_diagnostic_event(msg, logger_func=LOG.debug) - return goal_state - -+ @staticmethod -+ def networkd_parse_lease(content): -+ """Parse a systemd lease file content as in /run/systemd/netif/leases/ -+ Parse this (almost) ini style file even though it says: -+ # This is private data. Do not parse. -+ Simply return a dictionary of key/values.""" -+ -+ return dict(configobj.ConfigObj(StringIO(content), list_values=False)) -+ -+ @staticmethod -+ def networkd_load_leases(leases_d=None): -+ """Return a dictionary of dictionaries representing each lease -+ found in lease_d.i -+ The top level key will be the filename, which is typically the ifindex.""" -+ -+ if leases_d is None: -+ leases_d = NETWORKD_LEASES_DIR -+ -+ ret = {} -+ if not os.path.isdir(leases_d): -+ return ret -+ for lfile in os.listdir(leases_d): -+ ret[lfile] = WALinuxAgentShim.networkd_parse_lease( -+ util.load_file(os.path.join(leases_d, lfile))) -+ return ret -+ - @azure_ds_telemetry_reporter - def _get_user_pubkeys( - self, goal_state: GoalState, pubkey_info: list --- -2.25.1 - diff --git a/SPECS/cloud-init/0002-Change-default-policy.patch b/SPECS/cloud-init/0002-Change-default-policy.patch deleted file mode 100644 index 191c285f21..0000000000 --- a/SPECS/cloud-init/0002-Change-default-policy.patch +++ /dev/null @@ -1,29 +0,0 @@ -From d0f1cfa3b3fbe009932a28038784881df083e06f Mon Sep 17 00:00:00 2001 -From: Shreenidhi Shedi -Date: Wed, 25 Aug 2021 19:48:43 +0530 -Subject: [PATCH 2/5] Change default policy - -Let's have DI_DEFAULT_POLICY as DI_ENABLED if no DS is found, or else -cloud-init services won't get started during boot and gosc tests fail. - -Signed-off-by: Shreenidhi Shedi ---- - tools/ds-identify | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tools/ds-identify b/tools/ds-identify -index d7254c3..46a8926 100755 ---- a/tools/ds-identify -+++ b/tools/ds-identify -@@ -94,7 +94,7 @@ DI_MAIN=${DI_MAIN:-main} - - DI_BLKID_EXPORT_OUT="" - DI_GEOM_LABEL_STATUS_OUT="" --DI_DEFAULT_POLICY="search,found=all,maybe=all,notfound=${DI_DISABLED}" -+DI_DEFAULT_POLICY="search,found=all,maybe=all,notfound=${DI_ENABLED}" - DI_DEFAULT_POLICY_NO_DMI="search,found=all,maybe=all,notfound=${DI_ENABLED}" - DI_DMI_BOARD_NAME="" - DI_DMI_CHASSIS_ASSET_TAG="" --- -2.25.1 - diff --git a/SPECS/cloud-init/0003-Patch-VMware-DS-to-handle-network-settings-from-vmto.patch b/SPECS/cloud-init/0003-Patch-VMware-DS-to-handle-network-settings-from-vmto.patch deleted file mode 100644 index 4c9abada5f..0000000000 --- a/SPECS/cloud-init/0003-Patch-VMware-DS-to-handle-network-settings-from-vmto.patch +++ /dev/null @@ -1,198 +0,0 @@ -From 133930012096c20c3baa958b87a843ba76a555bf Mon Sep 17 00:00:00 2001 -From: Shreenidhi Shedi -Date: Thu, 17 Feb 2022 11:47:22 +0530 -Subject: [PATCH 3/5] Patch VMware DS to handle network settings from vmtoolsd - -Signed-off-by: Shreenidhi Shedi ---- - cloudinit/sources/DataSourceVMware.py | 132 +++++++++++++++++++++++++- - 1 file changed, 129 insertions(+), 3 deletions(-) - -diff --git a/cloudinit/sources/DataSourceVMware.py b/cloudinit/sources/DataSourceVMware.py -index 616a08f..5677631 100644 ---- a/cloudinit/sources/DataSourceVMware.py -+++ b/cloudinit/sources/DataSourceVMware.py -@@ -75,6 +75,7 @@ import netifaces - - from cloudinit import atomic_helper, dmi - from cloudinit import log as logging -+from cloudinit.net import network_state - from cloudinit import net, sources, util - from cloudinit.sources.helpers.vmware.imc import guestcust_util - from cloudinit.subp import ProcessExecutionError, subp, which -@@ -88,6 +89,7 @@ NOVAL = "No value found" - DATA_ACCESS_METHOD_ENVVAR = "envvar" - DATA_ACCESS_METHOD_GUESTINFO = "guestinfo" - DATA_ACCESS_METHOD_IMC = "imc" -+DATA_ACCESS_METHOD_VMTOOLSD = "vmtoolsd-guestinfo" - - VMWARE_RPCTOOL = which("vmware-rpctool") - REDACT = "redact" -@@ -161,6 +163,110 @@ class DataSourceVMware(sources.DataSource): - (DATA_ACCESS_METHOD_IMC, self.get_imc_data_fn, True), - ] - -+ def get_nwk_cfgs_from_guestinfo(self): -+ net_cfg = {'version': 2, 'ethernets': {}} -+ eth_cfg = net_cfg['ethernets'] -+ -+ dev_index = 0 -+ while True: -+ key_prefix = f"interface.{dev_index}" -+ -+ iface_name = guestinfo(f"{key_prefix}.name") -+ if not iface_name: -+ break -+ -+ eth_cfg[iface_name] = {'match': {}} -+ iface_cfg = eth_cfg[iface_name] -+ iface_cfg['match'].update({'name': iface_name}) -+ -+ mac = guestinfo(f"{key_prefix}.mac") -+ if mac: -+ iface_cfg['match'].update({'macaddress': mac}) -+ -+ key_proto = f"{key_prefix}.dhcp" -+ dhcp_val = guestinfo(key_proto) -+ -+ dhcp_cfg_map = { -+ 'yes': {'dhcp4': True, 'dhcp6': True}, -+ 'ipv4': {'dhcp4': True, 'dhcp6': False}, -+ 'ipv6': {'dhcp4': False, 'dhcp6': True}, -+ 'no': {'dhcp4': False, 'dhcp6': False}, -+ } -+ -+ address = guestinfo(f"{key_prefix}.address") -+ if dhcp_val and dhcp_val in {'yes', 'ipv4', 'ipv6', 'no'}: -+ iface_cfg.update(dhcp_cfg_map[dhcp_val]) -+ -+ if (dhcp_val and dhcp_val == 'no') or address: -+ if address: -+ netmask = guestinfo(f"{key_prefix}.netmask") -+ if netmask: -+ netmask = network_state.mask_to_net_prefix(netmask) -+ address = f"{address}/{netmask}" -+ -+ iface_cfg['addresses'] = [address] -+ iface_cfg.update(dhcp_cfg_map['no']) -+ -+ if (not dhcp_val and not address) or \ -+ (dhcp_val == 'no' and not address): -+ LOG.warning("No static IP/DHCP given, using DHCP as default") -+ iface_cfg.update(dhcp_cfg_map['yes']) -+ -+ dnsserver = guestinfo('dns.servers') -+ if dnsserver: -+ iface_cfg['nameservers'] = {'addresses': []} -+ dnsdomain = [x.strip() for x in dnsserver.split(',')] -+ for d in dnsdomain: -+ iface_cfg['nameservers']['addresses'].append(d) -+ -+ dnsdomain = guestinfo('dns.domains') -+ if dnsdomain: -+ if 'nameservers' in iface_cfg: -+ iface_cfg['nameservers'].update({'search': []}) -+ else: -+ iface_cfg['nameservers'] = {'search': []} -+ dnsdomain = [x.strip() for x in dnsdomain.split(',')] -+ for d in dnsdomain: -+ iface_cfg['nameservers']['search'].append(d) -+ -+ route_index = 0 -+ default_destination_set = False -+ while True: -+ key_route = f"{key_prefix}.route.{route_index}" -+ route = guestinfo(key_route) -+ if not route: -+ break -+ if 'routes' not in iface_cfg: -+ iface_cfg['routes'] = [] -+ route = [x.strip() for x in route.split(',')] -+ len_route = len(route) -+ if len_route > 2: -+ LOG.debug( -+ f"Route information for {route_index} " -+ f"route in {dev_index} device incorrect - " -+ "expected 2 values" -+ ) -+ continue -+ -+ if len_route == 2: -+ # Gateway Destination -+ d = {'via': route[0], 'to': route[1]} -+ iface_cfg['routes'].append(d) -+ else: -+ # length = 1 -+ if not default_destination_set: -+ d = {'via': route[0], 'to': '0.0.0.0'} -+ default_destination_set = True -+ else: -+ LOG.debug( -+ "Default destination set previously, not " -+ f"setting route {route_index}" -+ ) -+ route_index += 1 -+ dev_index += 1 -+ -+ return net_cfg if eth_cfg else None -+ - def __str__(self): - root = sources.DataSource.__str__(self) - return "%s [seed=%s]" % (root, self.data_access_method) -@@ -197,6 +303,24 @@ class DataSourceVMware(sources.DataSource): - self.data_access_method = data_access_method - break - -+ if not self.data_access_method: -+ md = {} -+ key = 'local-hostname' -+ hostname = guestinfo('hostname') -+ if hostname: -+ LOG.info('Setting local-hostname: %s', hostname) -+ md[key] = hostname -+ -+ key = 'network' -+ net_cfg = self.get_nwk_cfgs_from_guestinfo() -+ if net_cfg: -+ LOG.info('Setting network cfg: %s', net_cfg) -+ md[key] = {'config': copy.deepcopy(net_cfg)} -+ -+ if md: -+ self.metadata = md -+ self.data_access_method = DATA_ACCESS_METHOD_VMTOOLSD -+ - if not self.data_access_method: - LOG.error("failed to find a valid data access method") - return False -@@ -204,7 +328,8 @@ class DataSourceVMware(sources.DataSource): - LOG.info("using data access method %s", self._get_subplatform()) - - # Get the metadata. -- self.metadata = process_metadata(load_json_or_yaml(md)) -+ if not self.metadata: -+ self.metadata = process_metadata(load_json_or_yaml(md)) - - # Get the user data. - self.userdata_raw = ud -@@ -219,8 +344,7 @@ class DataSourceVMware(sources.DataSource): - # userdata, or vendordata. - if self.metadata or self.userdata_raw or self.vendordata_raw: - return True -- else: -- return False -+ return False - - def setup(self, is_new_instance): - """setup(is_new_instance) -@@ -258,6 +382,8 @@ class DataSourceVMware(sources.DataSource): - get_key_name_fn = get_guestinfo_key_name - elif self.data_access_method == DATA_ACCESS_METHOD_IMC: - get_key_name_fn = get_imc_key_name -+ elif self.data_access_method == DATA_ACCESS_METHOD_VMTOOLSD: -+ get_key_name_fn = get_guestinfo_key_name - else: - return sources.METADATA_UNKNOWN - --- -2.25.1 - diff --git a/SPECS/cloud-init/0004-Add-default-DS-list-few-other-changes-to-cloud.cfg.patch b/SPECS/cloud-init/0004-Add-default-DS-list-few-other-changes-to-cloud.cfg.patch deleted file mode 100644 index 9e339d8171..0000000000 --- a/SPECS/cloud-init/0004-Add-default-DS-list-few-other-changes-to-cloud.cfg.patch +++ /dev/null @@ -1,44 +0,0 @@ -From a95b4cae7f7a3f2d49a59e4f500e0cac439f90b3 Mon Sep 17 00:00:00 2001 -From: Shreenidhi Shedi -Date: Wed, 25 Aug 2021 19:14:01 +0530 -Subject: [PATCH 4/5] Add default DS list & few other changes to cloud.cfg - -Add mount_default_fields to avoid contention with systemd default -services at random intervals. - -Comments in the file describe why they are needed - -Signed-off-by: Shreenidhi Shedi ---- - config/cloud.cfg.tmpl | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl -index de0bf7b..4a7d205 100644 ---- a/config/cloud.cfg.tmpl -+++ b/config/cloud.cfg.tmpl -@@ -87,12 +87,21 @@ apt: - - # If you use datasource_list array, keep array items in a single line. - # If you use multi line array, ds-identify script won't read array items. -+{% if variant in ["photon"] %} -+datasource_list: ['NoCloud', 'ConfigDrive', 'OpenStack', 'VMware', None] -+{% endif -%} -+ - # Example datasource config - # datasource: - # Ec2: - # metadata_urls: [ 'blah.com' ] - # timeout: 5 # (defaults to 50 seconds) - # max_wait: 10 # (defaults to 120 seconds) -+# Set allow_raw_data to true if you want VMware to support raw data feature -+# this will wait 15 sec for cust.cfg -+datasource: -+ VMware: -+ allow_raw_data: false - - {% if variant == "amazon" %} - # Amazon Linux relies on ec2-net-utils for network configuration --- -2.25.1 - diff --git a/SPECS/cloud-init/0005-test_vmware.py-fix-pkg-test-failure.patch b/SPECS/cloud-init/0005-test_vmware.py-fix-pkg-test-failure.patch deleted file mode 100644 index be80b60ee7..0000000000 --- a/SPECS/cloud-init/0005-test_vmware.py-fix-pkg-test-failure.patch +++ /dev/null @@ -1,26 +0,0 @@ -From b2c5dd1cf70eec0d1b5a2a93467cc15671025dc8 Mon Sep 17 00:00:00 2001 -From: Shreenidhi Shedi -Date: Tue, 14 Mar 2023 14:49:58 +0530 -Subject: [PATCH 5/5] test_vmware.py: fix pkg test failure - -Signed-off-by: Shreenidhi Shedi ---- - tests/unittests/sources/test_vmware.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/unittests/sources/test_vmware.py b/tests/unittests/sources/test_vmware.py -index a2c43b1..cd6f602 100644 ---- a/tests/unittests/sources/test_vmware.py -+++ b/tests/unittests/sources/test_vmware.py -@@ -492,7 +492,7 @@ class TestDataSourceVMwareGuestInfo_InvalidPlatform(FilesystemMockingTestCase): - system_type = dmi.read_dmi_data("system-product-name") - self.assertEqual(system_type, None) - -- m_fn.side_effect = [VMW_METADATA_YAML, "", "", "", "", ""] -+ m_fn.side_effect = ["", "", "", "", "", ""] - ds = get_ds(self.tmp) - ds.vmware_rpctool = "vmware-rpctool" - ret = ds.get_data() --- -2.25.1 - diff --git a/SPECS/cloud-init/cloud-init.spec b/SPECS/cloud-init/cloud-init.spec deleted file mode 100644 index c47d861eef..0000000000 --- a/SPECS/cloud-init/cloud-init.spec +++ /dev/null @@ -1,340 +0,0 @@ -%define cl_services cloud-config.service cloud-config.target cloud-final.service cloud-init.service cloud-init.target cloud-init-local.service - -Name: cloud-init -Version: 23.3.2 -Release: 1%{?dist} -Summary: Cloud instance init scripts -Group: System Environment/Base -License: GPLv3 -URL: http://launchpad.net/cloud-init -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://launchpad.net/cloud-init/trunk/%{version}/+download/%{name}-%{version}.tar.gz -%define sha512 %{name}=a91313fce1e3387dd68113da9eea9bd24be092177f5e1028755d72c28521bb8046ac3ff6a62dffb5dc0d243075720fb9988485f9e2ac7cb790cef61304a70844 - -Patch0: 0001-azure-ds.patch -Patch1: 0002-Change-default-policy.patch -Patch2: 0003-Patch-VMware-DS-to-handle-network-settings-from-vmto.patch -Patch3: 0004-Add-default-DS-list-few-other-changes-to-cloud.cfg.patch - -%if 0%{?with_check} -Patch4: 0005-test_vmware.py-fix-pkg-test-failure.patch -%endif - -BuildRequires: python3-devel -BuildRequires: systemd-devel -BuildRequires: dbus -BuildRequires: python3-ipaddr -BuildRequires: iproute2 -BuildRequires: python3-setuptools -BuildRequires: python3-xml -BuildRequires: python3-six -BuildRequires: python3-requests -BuildRequires: python3-PyYAML -BuildRequires: python3-urllib3 -BuildRequires: python3-chardet -BuildRequires: python3-certifi -BuildRequires: python3-idna -BuildRequires: python3-jinja2 -BuildRequires: systemd-rpm-macros -BuildRequires: python3-macros - -%if 0%{?with_check} -BuildRequires: python3-pip -BuildRequires: python3-configobj -BuildRequires: python3-jsonpatch -BuildRequires: python3-pytest -BuildRequires: python3-jsonschema -BuildRequires: python3-pyserial -BuildRequires: python3-mock -BuildRequires: python3-attrs -BuildRequires: python3-iniconfig -BuildRequires: python3-netifaces -BuildRequires: shadow -%endif - -Requires: shadow -Requires: iproute2 -Requires: systemd -Requires: net-tools -Requires: python3 -Requires: python3-configobj -Requires: python3-prettytable -Requires: python3-requests -Requires: python3-PyYAML -Requires: python3-jsonpatch -Requires: python3-oauthlib -Requires: python3-jinja2 -Requires: python3-markupsafe -Requires: python3-six -Requires: python3-setuptools -Requires: python3-xml -Requires: python3-jsonschema -Requires: python3-netifaces -Requires: python3-pyserial -Requires: dhcp-client - -BuildArch: noarch - -%description -Cloud-init is a set of init scripts for cloud instances. Cloud instances -need special scripts to run during initialization to retrieve and install -ssh keys and to let the user run various scripts. - -%prep -%autosetup -p1 - -find systemd -name "cloud*.service*" | \ - xargs sed -i s/StandardOutput=journal+console/StandardOutput=journal/g - -%build -%{py3_build} - -%install -%py3_install -- --init-system=systemd - -%{python3} tools/render-cloudcfg --variant photon > \ - %{buildroot}%{_sysconfdir}/cloud/cloud.cfg - -%if "%{_arch}" == "aarch64" -# OpenStack DS in aarch64 adds a boot time of ~10 seconds by searching -# for DS from a remote location, let's remove it. -sed -i -e "0,/'OpenStack', / s/'OpenStack', //" \ - %{buildroot}%{_sysconfdir}/cloud/cloud.cfg -%endif - -mkdir -p %{buildroot}%{_sharedstatedir}/cloud \ - %{buildroot}%{_sysconfdir}/cloud/cloud.cfg.d - -%check -%define pkglist pytest-metadata unittest2 responses pytest-mock passlib - -pip3 install --upgrade %{pkglist} -%make_build check - -%clean -rm -rf %{buildroot} - -%post -%systemd_post %{cl_services} - -%preun -%systemd_preun %{cl_services} - -%postun -%systemd_postun %{cl_services} - -%files -%defattr(-,root,root) -%{_bindir}/* -%{python3_sitelib}/* -%{_docdir}/%{name}/* -%{_libdir}/%{name}/* -%dir %{_sharedstatedir}/cloud -%dir %{_sysconfdir}/cloud/templates -%doc %{_sysconfdir}/cloud/cloud.cfg.d/README -%doc %{_sysconfdir}/cloud/clean.d/README -%config(noreplace) %{_sysconfdir}/cloud/templates/* -%config(noreplace) %{_sysconfdir}/cloud/cloud.cfg -%config(noreplace) %{_sysconfdir}/cloud/cloud.cfg.d/05_logging.cfg -%{_unitdir}/* -%{_systemdgeneratordir}/cloud-init-generator -%{_udevrulesdir}/66-azure-ephemeral.rules -%{_datadir}/bash-completion/completions/cloud-init -%{_sysconfdir}/systemd/system/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf - -%changelog -* Tue Oct 17 2023 Shreenidhi Shedi 23.3.2-1 -- Upgrade to v23.3.2 -* Thu Sep 07 2023 Shreenidhi Shedi 23.3.1-1 -- Upgrade to v23.3.1 -* Thu Jul 27 2023 Shreenidhi Shedi 23.2.2-1 -- Upgrade to v23.2.2 -* Wed Jul 12 2023 Piyush Gupta 23.2-2 -- Remove btrfs-progs as requires. -* Fri Jun 09 2023 Shreenidhi Shedi 23.2-1 -- Upgrade to v23.2 -* Thu Apr 27 2023 Shreenidhi Shedi 23.1.1-3 -- Fix CVE-2023-1786 -* Thu Mar 23 2023 Shreenidhi Shedi 23.1.1-2 -- sources/vmware/imc: fix missing catch few negtive scenarios -* Tue Mar 14 2023 Shreenidhi Shedi 23.1.1-1 -- Upgrade to v23.1.1 -* Fri Mar 10 2023 Shivani Agarwal 22.4.2-5 -- Add btrfs-progs to requires -* Sun Feb 12 2023 Shreenidhi Shedi 22.4.2-4 -- Fix requires -* Thu Jan 12 2023 Shreenidhi Shedi 22.4.2-3 -- Add mount_default_fields in cloud.cfg -* Mon Nov 28 2022 Shreenidhi Shedi 22.4.2-2 -- Fix ifarch mishap -* Thu Nov 24 2022 Shreenidhi Shedi 22.4.2-1 -- Upgrade to v22.4.2 -* Tue Aug 23 2022 Shivani Agarwal 22.3-1 -- Upgrade to v22.3 -- Add patch to fix interface matching when no MAC -* Sat Aug 13 2022 Shreenidhi Shedi 22.2.2-2 -- Fix hostname setting issue -* Fri Jul 01 2022 Shreenidhi Shedi 22.2.2-1 -- Upgrade to v22.2.2 to fix CVE-2022-2084 -* Thu May 19 2022 Shivani Agarwal 22.2-1 -- Upgrade to v22.2 -* Thu Feb 17 2022 Shreenidhi Shedi 22.1-1 -- Upgrade to v22.1 -* Mon Nov 15 2021 Shreenidhi Shedi 21.4-1 -- Upgrade to version 21.4 -* Wed Oct 06 2021 Shreenidhi Shedi 21.3-2 -- Remove dscheck_VMwareGuestInfo script -* Wed Aug 25 2021 Shreenidhi Shedi 21.3-1 -- Upgrade to version 21.3 -* Fri Aug 13 2021 Shreenidhi Shedi 21.2-5 -- Fix a silly mistake in sed command -* Tue Aug 03 2021 Shreenidhi Shedi 21.2-4 -- Fix hostname handling -- Remove OpenStack from aarch64 DS list -* Wed Jul 21 2021 Shreenidhi Shedi 21.2-2 -- Support ntp configs -* Mon Jun 21 2021 Shreenidhi Shedi 21.2-1 -- Upgrade to version 21.2 -- Refactored ds-guestinfo-photon.patch to generate netcfg v2 -- Added fallback-netcfg.patch to handle net configs when no DS present -* Tue Apr 20 2021 Shreenidhi Shedi 21.1-2 -- Further fixes to network config handler -* Sun Feb 28 2021 Shreenidhi Shedi 21.1-1 -- Upgrade to version 21.1 -* Wed Jan 20 2021 Shreenidhi Shedi 20.4.1-1 -- Upgrade to version 20.4.1 -* Thu Dec 10 2020 Shreenidhi Shedi 20.4-1 -- Upgrade to version 20.4 -* Sun Nov 22 2020 Shreenidhi Shedi 20.3-4 -- Added support for network config v1 & v2 -* Fri Nov 06 2020 Tapas Kundu 20.3-3 -- Updated using python 3.9 lib -* Mon Oct 12 2020 Shreenidhi Shedi 20.3-2 -- Fixed subp import in photon.py -- Fixed creating `[Route]` entries while creating network files -* Thu Sep 24 2020 Shreenidhi Shedi 20.3-1 -- Upgrade cloud-init to 20.3 -- Updated DataSourceVMwareGuestInfo (till commit abc387c7) -* Tue Sep 08 2020 Shreenidhi Shedi 20.2-5 -- Further fixes to 'passwd' field -- Fixed an issue with setting fqdn as hostname -* Thu Jul 30 2020 Tapas Kundu 20.2-4 -- Updated using python 3.8 lib -* Thu Jul 30 2020 Shreenidhi Shedi 20.2-3 -- Bring back 'passwd' field in create_user -* Mon Jul 27 2020 Shreenidhi Shedi 20.2-2 -- 1. add support to configure DHCP4 UseDomains= in Networking Config Version 2 -- 2. add support for DEFAULT-RUN-POST-CUSTOM-SCRIPT -- 3. fix distro patch for multiple NICs -* Fri Jul 10 2020 Shreenidhi Shedi 20.2-1 -- Upgrade version to 20.2 -- Support for Networking Config Version 2 -* Fri Mar 27 2020 Shreenidhi Shedi 19.1-7 -- Fixed make check -- Enable all harmless options -- Generate cloud.cfg using render-cloudcfg script -* Fri Mar 27 2020 Shreenidhi Shedi 19.1-6 -- Updated ds-guestinfo-photon.patch -- Fixed dhcp issue in photon-distro.patch -- Updated DataSourceVMwareGuestInfo.patch (till commit bf996d9 from mainline) -* Fri Feb 14 2020 Shreenidhi Shedi 19.1-5 -- Fix for CVE-2020-8631 -* Tue Feb 11 2020 Shreenidhi Shedi 19.1-4 -- Fix for CVE-2020-8632 -* Fri Dec 13 2019 Shreenidhi Shedi 19.1-3 -- Enabled power-state-change in cloud-photon.cfg file -- Updated DataSourceVMwareGuestInfo.patch (till commit 9e69060 from mainline) -- Updated dscheck_VMwareGuestInfo and ds-guestinfo-photon.patch -* Thu Oct 17 2019 Keerthana K 19.1-2 -- Fix to deactivate custom script by default in DatasourceOVF. -- add kubeadm module -* Thu Sep 19 2019 Keerthana K 19.1-1 -- Update to 19.1 -- Patches for enable custom script feature. -* Thu Sep 05 2019 Keerthana K 18.3-6 -- Fix socket.getfqdn() in DataSourceVMwareGuestInfo -- Return False when no data is found in get_data() of DataSourceVMwareGuestInfo. -- Disable manage_etc_hosts by default as cloud-init tries to write its default template /etc/hosts file if enabled. -* Mon Aug 12 2019 Keerthana K 18.3-5 -- Downgrade to 18.3 to fix azure dhcp lease issue. -* Tue Jul 23 2019 Keerthana K 19.1-2 -- support for additional features in VMGuestInfo Datasource. -* Tue Jun 25 2019 Keerthana K 19.1-1 -- Upgrade to version 19.1 and fix cloud-init GOS logic. -* Thu Jun 13 2019 Keerthana K 18.3-4 -- Fix to delete the contents of /etc/systemd/network dir at the beginning -- of write_network instead of looping through each NIC and delete the contents -- before writing a custom network file. -* Tue May 28 2019 Keerthana K 18.3-3 -- Delete the contents of network directory before adding the custom network files. -* Tue Dec 04 2018 Ajay Kaher 18.3-2 -- Fix auto startup at boot time -* Wed Oct 24 2018 Ajay Kaher 18.3-1 -- Upgraded version to 18.3 -* Sun Oct 07 2018 Tapas Kundu 0.7.9-15 -- Updated using python 3.7 lib -* Wed Feb 28 2018 Anish Swaminathan 0.7.9-14 -- Add support for systemd constructs for azure DS -* Mon Oct 16 2017 Vinay Kulkarni 0.7.9-13 -- Support configuration of systemd resolved.conf -* Wed Sep 20 2017 Alexey Makhalov 0.7.9-12 -- Requires net-tools or toybox -* Wed Sep 20 2017 Anish Swaminathan 0.7.9-11 -- Fix the interface id returned from vmxguestinfo -* Tue Aug 22 2017 Chang Lee 0.7.9-10 -- Fixed %check -* Wed Jul 19 2017 Divya Thaluru 0.7.9-9 -- Enabled openstack provider -* Wed Jun 28 2017 Anish Swaminathan 0.7.9-8 -- Restart network service in bring_up_interfaces -* Thu Jun 22 2017 Xiaolin Li 0.7.9-7 -- Add python3-setuptools and python3-xml to requires. -* Wed Jun 07 2017 Xiaolin Li 0.7.9-6 -- Add python3-setuptools and python3-xml to python3 sub package Buildrequires. -* Mon Jun 5 2017 Julian Vassev 0.7.9-5 -- Enable OVF datasource by default -* Mon May 22 2017 Kumar Kaushik 0.7.9-4 -- Making cloud-init to use python3. -* Mon May 15 2017 Anish Swaminathan 0.7.9-3 -- Disable networking config by cloud-init -* Thu May 04 2017 Anish Swaminathan 0.7.9-2 -- Support userdata in vmx guestinfo -* Thu Apr 27 2017 Anish Swaminathan 0.7.9-1 -- Upgraded to version 0.7.9 -- Enabled VmxGuestinfo datasource -* Thu Apr 27 2017 Priyesh Padmavilasom 0.7.6-17 -- Fix Arch -* Wed Mar 29 2017 Kumar Kaushik 0.7.6-16 -- Adding support for disk partition and resize fs -* Thu Dec 15 2016 Dheeraj Shetty 0.7.6-15 -- Adding template file and python-jinja2 dependency to update hosts -* Tue Dec 13 2016 Dheeraj Shetty 0.7.6-14 -- Fixed restarting of sshd daemon -* Tue Nov 22 2016 Kumar Kaushik 0.7.6-13 -- Adding flag for vmware customization in config. -* Tue Nov 1 2016 Divya Thaluru 0.7.6-12 -- Fixed logic to not restart services after upgrade -* Mon Oct 24 2016 Divya Thaluru 0.7.6-11 -- Enabled ssh module in cloud-init -* Thu May 26 2016 Divya Thaluru 0.7.6-10 -- Fixed logic to restart the active services after upgrade -* Tue May 24 2016 Priyesh Padmavilasom 0.7.6-9 -- GA - Bump release of all rpms -* Tue May 3 2016 Divya Thaluru 0.7.6-8 -- Clean up post, preun, postun sections in spec file. -* Thu Dec 10 2015 Xiaolin Li -- Add systemd to Requires and BuildRequires. -* Thu Sep 17 2015 Kumar Kaushik -- Removing netstat and replacing with ip route. -* Tue Aug 11 2015 Kumar Kaushik -- VCA initial password issue fix. -* Thu Jun 25 2015 Kumar Kaushik -- Removing systemd-service.patch. No longer needed. -* Thu Jun 18 2015 Vinay Kulkarni -- Add patch to enable logging to /var/log/cloud-init.log -* Mon May 18 2015 Touseef Liaqat -- Update according to UsrMove. -* Wed Mar 04 2015 Mahmoud Bassiouny -- Initial packaging for Photon diff --git a/SPECS/cloud-network-setup/cloud-network-setup.spec b/SPECS/cloud-network-setup/cloud-network-setup.spec deleted file mode 100644 index 1f4080fd3e..0000000000 --- a/SPECS/cloud-network-setup/cloud-network-setup.spec +++ /dev/null @@ -1,124 +0,0 @@ -%global debug_package %{nil} - -%ifarch aarch64 -%global gohostarch arm64 -%else -%global gohostarch amd64 -%endif - -Summary: Configures network interfaces in cloud enviroment -Name: cloud-network-setup -Version: 0.2.2 -Release: 6%{?dist} -License: Apache-2.0 -Group: Networking -Vendor: VMware, Inc. -Distribution: Photon -URL: /~https://github.com/vmware/%{name}/archive/refs/tags/v%{version}.tar.gz - -Source0: /~https://github.com/vmware/%{name}/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=bf1e917dc016e46dbb3012dc3603f8e24696ce26e9a671bcc98d8d248312bcbb7f5711c4344f230bda374b3c00c8f63121e420ea75110f032acdd43b4ff47882 -Source1: %{name}.sysusers - -BuildRequires: go -BuildRequires: systemd-devel - -Requires(pre): systemd-rpm-macros -Requires: systemd - -%description -cloud-network configures network in cloud environment. In cloud environment -instances are set public IPs and private IPs. If more than one private IP is -configured then except the IP which is provided by DHCP others can't be fetched -and configured. This project is adopting towards cloud network environment such -as Azure, GCP and Amazon EC2. - -%prep -p exit -%autosetup -p1 -n %{name}-%{version} - -%build -export ARCH=%{gohostarch} -export VERSION=%{version} -export PKG=github.com/%{name}/%{name} -export GOARCH=${ARCH} -export GOHOSTARCH=${ARCH} -export GOOS=linux -export GOHOSTOS=linux -export GOROOT=/usr/lib/golang -export GOPATH=/usr/share/gocode -export GOBIN=/usr/share/gocode/bin -export PATH=$PATH:$GOBIN - -mkdir -p ${GOPATH}/src/${PKG} -cp -rf . ${GOPATH}/src/${PKG} -pushd ${GOPATH}/src/${PKG} - -go build -o bin/cloud-network ./cmd/cloud-network -go build -o bin/cnctl ./cmd/cnctl - -popd - -%install -install -m 755 -d %{buildroot}%{_bindir} -install -m 755 -d %{buildroot}%{_sysconfdir}/cloud-network -install -m 755 -d %{buildroot}%{_unitdir} - -install -pm 755 -t %{buildroot}%{_bindir} ${GOPATH}/src/github.com/%{name}/%{name}/bin/cloud-network -install -pm 755 -t %{buildroot}%{_bindir} ${GOPATH}/src/github.com/%{name}/%{name}/bin/cnctl - -install -pm 755 -t %{buildroot}%{_sysconfdir}/cloud-network ${GOPATH}/src/github.com/%{name}/%{name}/distribution/cloud-network.toml -install -pm 755 -t %{buildroot}%{_unitdir}/ ${GOPATH}/src/github.com/%{name}/%{name}/distribution/cloud-network.service -install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/%{name}.sysusers - -%clean -rm -rf %{buildroot}/* - -%pre -%sysusers_create_compat %{SOURCE1} - -%post -%systemd_post cloud-network.service - -%preun -%systemd_preun cloud-network.service - -%postun -%systemd_postun_with_restart cloud-network.service - -%files -%defattr(-,root,root) -%{_bindir}/cloud-network -%{_bindir}/cnctl -%{_sysconfdir}/cloud-network/cloud-network.toml -%{_sysusersdir}/%{name}.sysusers -%{_unitdir}/cloud-network.service - -%changelog -* Wed Oct 11 2023 Piyush Gupta 0.2.2-6 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 0.2.2-5 -- Bump up version to compile with new go -* Mon Jul 17 2023 Piyush Gupta 0.2.2-4 -- Bump up version to compile with new go -* Mon Jul 03 2023 Piyush Gupta 0.2.2-3 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 0.2.2-2 -- Bump up version to compile with new go -* Mon Mar 20 2023 Nitesh Kumar 0.2.2-1 -- Version upgrade to v0.2.2 -* Sun Mar 12 2023 Piyush Gupta 0.2.1-6 -- Bump up version to compile with new go -* Fri Mar 10 2023 Mukul Sikka 0.2.1-5 -- Use systemd-rpm-macros for user creation -* Mon Nov 21 2022 Piyush Gupta 0.2.1-4 -- Bump up version to compile with new go -* Wed Oct 26 2022 Piyush Gupta 0.2.1-3 -- Bump up version to compile with new go -* Fri Jun 17 2022 Piyush Gupta 0.2.1-2 -- Bump up version to compile with new go -* Thu Mar 03 2022 Susant Sahani 0.2.1-1 -- Version bump. -* Sun Feb 13 2022 Susant Sahani 0.2-1 -- Version bump. -* Wed Jun 30 2021 Susant Sahani 0.1-1 -- Initial rpm release. diff --git a/SPECS/cloud-network-setup/cloud-network-setup.sysusers b/SPECS/cloud-network-setup/cloud-network-setup.sysusers deleted file mode 100644 index 45a35e7a8f..0000000000 --- a/SPECS/cloud-network-setup/cloud-network-setup.sysusers +++ /dev/null @@ -1,2 +0,0 @@ -g cloud-network 89 -u cloud-network 89 - /home/cloud-network /sbin/nologin diff --git a/SPECS/cloud-utils/cloud-utils.spec b/SPECS/cloud-utils/cloud-utils.spec deleted file mode 100644 index a4a4aa4735..0000000000 --- a/SPECS/cloud-utils/cloud-utils.spec +++ /dev/null @@ -1,53 +0,0 @@ -Summary: Shell script to auto detect free size on disk and grow partition. -Name: cloud-utils -Version: 0.32 -Release: 2%{?dist} -URL: https://launchpad.net/cloud-utils -License: GPLv3 -Group: System Environment -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://launchpad.net/cloud-utils/trunk/%{version}/+download/cloud-utils-%{version}.tar.gz -%define sha512 %{name}=e501ac4503c1d4086a89c966a263bc3a9d25c5454a7dcedd854baa17885247f85db720fd124c2a6e47c27d17a1fa33d914073ff05d0d3da1ea7befe35056ab9c - -Requires: gptfdisk -Requires: gawk -Requires: util-linux - -BuildArch: noarch - -%description -Cloud-utils brings in growpart script. This script is very useful for -detecting available disk size and grow the partition. -This is generally used by cloud-init for disk space manangement on cloud images. - -%prep -%autosetup -p1 - -%build -%install -mkdir -p %{buildroot}%{_bindir} \ - %{buildroot}%{_mandir}/man1 - -cp -p bin/growpart %{buildroot}%{_bindir}/ -cp -p man/growpart.* %{buildroot}%{_mandir}/man1/ - -%files -%defattr(-,root,root) -%{_bindir}/growpart -%doc %{_mandir}/man1/growpart.* - -%changelog -* Sun Feb 12 2023 Shreenidhi Shedi 0.32-2 -- Fix requires -* Mon Apr 12 2021 Gerrit Photon 0.32-1 -- Automatic Version Bump -* Mon Jun 22 2020 Gerrit Photon 0.31-1 -- Automatic Version Bump -* Mon Sep 18 2017 Alexey Makhalov 0.30-3 -- Requires util-linux or toybox -* Tue Apr 25 2017 Priyesh Padmavilasom 0.30-2 -- Fix arch -* Wed Mar 29 2017 Kumar Kaushik 0.30-1 -- Initial build. First version diff --git a/SPECS/cmake/cmake.spec b/SPECS/cmake/cmake.spec deleted file mode 100644 index 0f8dc76f7c..0000000000 --- a/SPECS/cmake/cmake.spec +++ /dev/null @@ -1,136 +0,0 @@ -%global major_version 3 - -Summary: Cross-platform make system -Name: cmake -Version: 3.25.2 -Release: 3%{?dist} -License: BSD and LGPLv2+ -URL: http://www.cmake.org -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/Kitware/CMake/releases/download/v%{version}/%{name}-%{version}.tar.gz -%define sha512 %{name}=20146d06a1722c36249192944a58e4780aad334d2bc5ce2a3d8c4f24656630c5b71ca0ae7ed53587e3d46f488bd773452fa60c3fc7045fe54db2dbc6ffd86390 - -Source1: macros.cmake - -BuildRequires: ncurses-devel -BuildRequires: xz-devel -BuildRequires: curl-devel -BuildRequires: expat-devel -BuildRequires: zlib-devel -BuildRequires: libarchive-devel -BuildRequires: bzip2-devel -BuildRequires: libgcrypt-devel -BuildRequires: (coreutils or coreutils-selinux) - -Requires: libgcrypt -Requires: ncurses -Requires: expat -Requires: zlib -Requires: libarchive -Requires: bzip2 - -%description -CMake is an extensible, open-source system that manages the build process in an -operating system and in a compiler-independent manner. - -%prep -%autosetup -p1 - -%build -./bootstrap --prefix=%{_prefix} \ - --system-expat \ - --system-zlib \ - --system-libarchive \ - --system-bzip2 \ - --parallel=$(nproc) - -%make_build - -%install -%make_install %{?_smp_mflags} -install -Dpm0644 %{SOURCE1} %{buildroot}%{_rpmmacrodir}/macros.%{name} -sed -i -e "s|@@CMAKE_VERSION@@|%{version}|" -e "s|@@CMAKE_MAJOR_VERSION@@|%{major_version}|" %{buildroot}%{_rpmmacrodir}/macros.%{name} -touch -r %{SOURCE1} %{buildroot}%{_rpmmacrodir}/macros.%{name} - -%if 0%{?with_check} -%check -make %{?_smp_mflags} test -%endif - -%files -%defattr(-,root,root) -%{_datadir}/%{name}-*/* -%{_datadir}/bash-completion/completions/* -%{_datadir}/emacs/site-lisp/cmake-mode.el -%{_datadir}/vim/vimfiles/* -%{_bindir}/* -%{_usr}/doc/%{name}-*/* -%{_datadir}/aclocal/* -%{_rpmmacrodir}/macros.%{name} - -%changelog -* Fri Jun 09 2023 Nitesh Kumar 3.25.2-3 -- Bump version as a part of ncurses upgrade to v6.4 -* Fri Apr 14 2023 Shreenidhi Shedi 3.25.2-2 -- Bump version as a part of zlib upgrade -* Thu Feb 16 2023 Gerrit Photon 3.25.2-1 -- Automatic Version Bump -* Sun Feb 12 2023 Shreenidhi Shedi 3.25.1-3 -- Fix requires -* Fri Dec 23 2022 Oliver Kurth 3.25.1-2 -- bump version as a part of xz upgrade -* Thu Dec 01 2022 Shreenidhi Shedi 3.25.1-1 -- Upgrade to v3.25.1 -* Wed Sep 07 2022 Shreenidhi Shedi 3.24.1-1 -- Upgrade to v3.24.1 -* Tue Jun 14 2022 Shreenidhi Shedi 3.23.2-1 -- Upgrade to v3.23.2 -* Wed Aug 04 2021 Satya Naga Vasamsetty 3.18.3-4 -- Bump up release for openssl -* Tue Dec 15 2020 Shreenidhi Shedi 3.18.3-3 -- Fix build with new rpm -* Tue Sep 29 2020 Satya Naga Vasamsetty 3.18.3-2 -- Bump for openssl 1.1.1 compatibility -* Tue Sep 22 2020 Gerrit Photon 3.18.3-1 -- Automatic Version Bump -* Wed Aug 26 2020 Gerrit Photon 3.18.2-1 -- Automatic Version Bump -* Wed Aug 12 2020 Gerrit Photon 3.18.1-1 -- Automatic Version Bump -* Tue Jul 14 2020 Gerrit Photon 3.18.0-1 -- Automatic Version Bump -* Mon Dec 16 2019 Sriram Nambakam 3.16.1-1 -- Upgraded to 3.16.1 -* Thu Jan 17 2019 Ankit Jain 3.12.1-4 -- Removed unnecessary libgcc-devel buildrequires -* Thu Dec 06 2018 3.12.1-3 -- Bug Fix 2243672. Add system provided libs. -* Sun Sep 30 2018 Bo Gan 3.12.1-2 -- smp make (make -jN) -- specify /usr/lib as CMAKE_INSTALL_LIBDIR -* Fri Sep 07 2018 Ajay Kaher 3.12.1-1 -- Upgrading version to 3.12.1 -- Adding macros.cmake -* Fri Sep 29 2017 Kumar Kaushik 3.8.0-4 -- Building using system expat libs. -* Thu Aug 17 2017 Kumar Kaushik 3.8.0-3 -- Fixing make check bug # 1632102. -* Tue May 23 2017 Harish Udaiya Kumar 3.8.0-2 -- bug 1448414: Updated to build in parallel -* Fri Apr 07 2017 Anish Swaminathan 3.8.0-1 -- Upgrade to 3.8.0 -* Thu Oct 06 2016 ChangLee 3.4.3-3 -- Modified %check -* Tue May 24 2016 Priyesh Padmavilasom 3.4.3-2 -- GA - Bump release of all rpms -* Thu Feb 25 2016 Kumar Kaushik 3.4.3-1 -- Updated version. -* Wed May 20 2015 Touseef Liaqat 3.2.1.2 -- Updated group. -* Mon Apr 6 2015 Priyesh Padmavilasom 3.2.1-1 -- Update to 3.2.1 -* Tue Nov 25 2014 Divya Thaluru 3.0.2-1 -- Initial build. First version diff --git a/SPECS/cmake/macros.cmake b/SPECS/cmake/macros.cmake deleted file mode 100644 index 1efd0951c5..0000000000 --- a/SPECS/cmake/macros.cmake +++ /dev/null @@ -1,63 +0,0 @@ -# Taken from Fedora -# https://src.fedoraproject.org/rpms/cmake/raw/rawhide/f/macros.cmake -# -# Macros for cmake -# -%_cmake_lib_suffix64 -DLIB_SUFFIX=64 -%_cmake_shared_libs -DBUILD_SHARED_LIBS:BOOL=ON -%_cmake_skip_rpath -DCMAKE_SKIP_RPATH:BOOL=ON -%_cmake_version @@CMAKE_VERSION@@ -%__cmake /usr/bin/cmake -%__ctest /usr/bin/ctest -%__cmake_builddir %{!?__cmake_in_source_build:%{_vpath_builddir}}%{?__cmake_in_source_build:.} - -# - Set default compile flags -# - CMAKE_*_FLAGS_RELEASE are added *after* the *FLAGS environment variables -# and default to -O3 -DNDEBUG. Strip the -O3 so we can override with *FLAGS -# - Turn on verbose makefiles so we can see and verify compile flags -# - Turn off stripping by default so RPM can do it separately -# - Set default install prefixes and library install directories -# - Turn on shared libraries by default -%cmake \ -%if 0%{?set_build_flags} \ - %set_build_flags \ -%else \ - CFLAGS="${CFLAGS:-%optflags}" ; export CFLAGS ; \ - CXXFLAGS="${CXXFLAGS:-%optflags}" ; export CXXFLAGS ; \ - FFLAGS="${FFLAGS:-%optflags%{?_fmoddir: -I%_fmoddir}}" ; export FFLAGS ; \ - FCFLAGS="${FCFLAGS:-%optflags%{?_fmoddir: -I%_fmoddir}}" ; export FCFLAGS ; \ - %{?__global_ldflags:LDFLAGS="${LDFLAGS:-%__global_ldflags}" ; export LDFLAGS ;} \ -%endif \ - %__cmake \\\ - %{!?__cmake_in_source_build:-S "%{_vpath_srcdir}"} \\\ - %{!?__cmake_in_source_build:-B "%{__cmake_builddir}"} \\\ - -DCMAKE_C_FLAGS_RELEASE:STRING="-DNDEBUG" \\\ - -DCMAKE_CXX_FLAGS_RELEASE:STRING="-DNDEBUG" \\\ - -DCMAKE_Fortran_FLAGS_RELEASE:STRING="-DNDEBUG" \\\ - -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON \\\ - -DCMAKE_INSTALL_DO_STRIP:BOOL=OFF \\\ - -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} \\\ - -DINCLUDE_INSTALL_DIR:PATH=%{_includedir} \\\ - -DLIB_INSTALL_DIR:PATH=%{_libdir} \\\ - -DSYSCONF_INSTALL_DIR:PATH=%{_sysconfdir} \\\ - -DSHARE_INSTALL_PREFIX:PATH=%{_datadir} \\\ -%if "%{?_lib}" == "lib64" \ - %{?_cmake_lib_suffix64} \\\ -%endif \ - %{?_cmake_shared_libs} - -%cmake_build \ - %__cmake --build "%{__cmake_builddir}" %{?_smp_mflags} --verbose - -%cmake_install \ - DESTDIR="%{buildroot}" %__cmake --install "%{__cmake_builddir}" - -%ctest(:-:) \ - cd "%{__cmake_builddir}" \ - %__ctest --output-on-failure --force-new-ctest-process %{?_smp_mflags} %{**} \ - cd - - -%cmake@@CMAKE_MAJOR_VERSION@@ %cmake -%cmake@@CMAKE_MAJOR_VERSION@@_build %cmake_build -%cmake@@CMAKE_MAJOR_VERSION@@_install %cmake_install -%ctest@@CMAKE_MAJOR_VERSION@@(:-:) %ctest %{**} diff --git a/SPECS/cmocka/cmocka.spec b/SPECS/cmocka/cmocka.spec deleted file mode 100644 index 1b42fbc801..0000000000 --- a/SPECS/cmocka/cmocka.spec +++ /dev/null @@ -1,74 +0,0 @@ -Summary: unit testing framework for C -Name: cmocka -Version: 1.1.5 -Release: 3%{?dist} -Group: Development/Libraries -Vendor: VMware, Inc. -License: Apache 2.0 -URL: https://cmocka.org -Distribution: Photon - -Source0: https://cmocka.org/files/1.1/%{name}-%{version}.tar.xz -%define sha512 %{name}=cad7f04757183d004f6eaad39036fc0e24c5e0e987f80e85bc43bc66dba22389cb02b08e25531cc28a541d0a24a86b29be134a2d6fc339128e87d66952f502bd - -BuildRequires: cmake - -%description -an elegant unit testing framework for C with support for mock objects. It only requires the standard C library, works on a range of computing platforms (including embedded) and with different compilers. - -%package devel -Summary: Develeopment headers and libraries for %{name}. -Requires: %{name} = %{version}-%{release} - -%description devel -Develeopment headers and libraries for %{name}. - -%prep -%autosetup -p1 - -%build -%cmake \ - -DCMAKE_INSTALL_LIBDIR=%{_libdir} \ - -DCMAKE_BUILD_TYPE=Debug \ - -DWITH_CMOCKERY_SUPPORT=ON \ - -DUNIT_TESTING=ON - -%cmake_build - -%install -%cmake_install - -%if 0%{?with_check} -%check -%ctest -%endif - -%postun -/sbin/ldconfig - -%post -/sbin/ldconfig - -%clean -rm -rf %{buildroot}/* - -%files -%{_libdir}/libcmocka.* - -%files devel -%{_libdir}/cmake -%{_libdir}/pkgconfig/cmocka.pc -%{_includedir}/* - -%changelog -* Mon Jun 20 2022 Shreenidhi Shedi 1.1.5-3 -- Introduce devel sub package -- Use cmake macros for build -* Thu Jun 25 2020 Ajay Kaher 1.1.5-2 -- Corrected include file path -* Mon Jun 22 2020 Gerrit Photon 1.1.5-1 -- Automatic Version Bump -* Fri Sep 07 2018 Ajay Kaher 1.1.2-1 -- Upgraded to version 1.1.2 -* Fri Jun 29 2018 Priyesh Padmavilasom 1.1.1-1 -- Initial diff --git a/SPECS/cni/cni.spec b/SPECS/cni/cni.spec deleted file mode 100644 index 740981a80d..0000000000 --- a/SPECS/cni/cni.spec +++ /dev/null @@ -1,88 +0,0 @@ -Summary: Container Network Interface (CNI) plugins -Name: cni -Version: 1.1.1 -Release: 7%{?dist} -License: ASL 2.0 -URL: /~https://github.com/containernetworking/plugins -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/containernetworking/plugins/archive/%{name}-v%{version}.tar.gz -%define sha512 %{name}=03da31caee5f9595abf65d4a551984b995bc18c5e97409549f08997c5a6a2b41a8950144f8a5b4f810cb401ddbe312232d2be76ec977acf8108eb490786b1817 - -BuildRequires: go - -%define _default_cni_plugins_dir /opt/cni/bin - -%description -The CNI (Container Network Interface) project consists of a specification and -libraries for writing plugins to configure network interfaces in Linux containers, -along with a number of supported plugins. - -%prep -%autosetup -p1 -n plugins-%{version} - -%build -sh ./build_linux.sh - -%install -install -vdm 755 %{buildroot}%{_default_cni_plugins_dir} -install -vpm 0755 -t %{buildroot}%{_default_cni_plugins_dir} bin/* - -%if 0%{?with_check} -%check -make -k check %{?_smp_mflags} -%endif - -%files -%defattr(-,root,root) -%{_default_cni_plugins_dir}/* - -%changelog -* Wed Oct 11 2023 Piyush Gupta 1.1.1-7 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 1.1.1-6 -- Bump up version to compile with new go -* Mon Jul 17 2023 Piyush Gupta 1.1.1-5 -- Bump up version to compile with new go -* Mon Jul 03 2023 Piyush Gupta 1.1.1-4 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 1.1.1-3 -- Bump up version to compile with new go -* Thu Mar 09 2023 Piyush Gupta 1.1.1-2 -- Bump up version to compile with new go -* Thu Nov 24 2022 Shreenidhi Shedi 1.1.1-1 -- Upgrade v1.1.1 -* Mon Nov 21 2022 Piyush Gupta 0.9.1-5 -- Bump up version to compile with new go -* Wed Oct 26 2022 Piyush Gupta 0.9.1-4 -- Bump up version to compile with new go -* Fri Jun 17 2022 Piyush Gupta 0.9.1-3 -- Bump up version to compile with new go -* Fri Jun 11 2021 Piyush Gupta 0.9.1-2 -- Bump up version to compile with new go -* Thu Apr 29 2021 Gerrit Photon 0.9.1-1 -- Automatic Version Bump -* Fri Feb 05 2021 Harinadh D 0.8.7-3 -- Bump up version to compile with new go -* Fri Jan 15 2021 Piyush Gupta 0.8.7-2 -- Bump up version to compile with new go -* Wed Aug 26 2020 Gerrit Photon 0.8.7-1 -- Automatic Version Bump -* Mon Jul 13 2020 Susant Sahani 0.8.6-1 -- Bump up version -* Fri Apr 10 2020 Harinadh D 0.8.3-2 -- Bump up version to compile with go 1.13.3-2 -* Fri Dec 6 2019 Ashwin H 0.8.3-1 -- Update cni to v0.8.3 -* Tue Oct 22 2019 Ashwin H 0.7.5-3 -- Bump up version to compile with go 1.13.3 -* Fri Aug 30 2019 Ashwin H 0.7.5-2 -- Bump up version to compile with new go -* Tue Apr 02 2019 Ashwin H 0.7.5-1 -- Update cni to v0.7.5 -* Fri Apr 7 2017 Alexey Makhalov 0.5.1-1 -- Version update -* Thu Feb 16 2017 Vinay Kulkarni 0.4.0-1 -- Add CNI plugins package to PhotonOS. diff --git a/SPECS/colm/colm-0.14.7-disable-static-lib.patch b/SPECS/colm/colm-0.14.7-disable-static-lib.patch deleted file mode 100644 index 53555e76d5..0000000000 --- a/SPECS/colm/colm-0.14.7-disable-static-lib.patch +++ /dev/null @@ -1,17 +0,0 @@ -From: Ferdinand Thiessen -Date: 2021-04-26T19:48:55+0000 - -Link shared library as the static one is disabled in the openSUSE build. - -diff -Nur colm-0.14.7/src/main.cc new/src/main.cc ---- colm-0.14.7/src/main.cc 2020-12-24 00:37:24.000000000 +0100 -+++ new/src/main.cc 2021-04-26 17:51:25.913611725 +0200 -@@ -485,7 +485,7 @@ - " -I%s/../aapl" - " -I%s/include" - " -L%s" -- " %s/libcolm.a", -+ " %s/libcolm.so", - binaryFn, intermedFn, srcLocation, - srcLocation, location, location ); - } diff --git a/SPECS/colm/colm.spec b/SPECS/colm/colm.spec deleted file mode 100644 index 66c5570890..0000000000 --- a/SPECS/colm/colm.spec +++ /dev/null @@ -1,86 +0,0 @@ -Name: colm -Version: 0.14.7 -Release: 1%{?dist} -Summary: Programming language designed for the analysis of computer languages -# aapl/ and some headers from src/ are the LGPLv2+ -License: MIT and LGPLv2+ -URL: /~https://github.com/adrian-thurston/colm -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/adrian-thurston/colm/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=9328689be147ec5310a45e5a1adf8e420c01cc5c1a10def22229721698fabb320d99f4ecd3a599b1d92abc75e579d46a73a6a1fc16f9c6c46f1f5da9c39cbdf4 - -Patch0: colm-0.14.7-disable-static-lib.patch - -BuildRequires: build-essential -BuildRequires: asciidoc3 - -%description -Colm is a programming language designed for the analysis and transformation -of computer languages. Colm is influenced primarily by TXL. It is -in the family of program transformation languages. - -%package devel -Summary: Development libraries and header files for %{name} -Requires: %{name} = %{version}-%{release} - -%description devel -%{summary}. - -%prep -%autosetup -p1 - -%build -autoreconf -vfi -%configure --disable-manual --disable-static -%make_build - -%install -%make_install %{?_smp_mflags} - -find %{buildroot} -type f -name '*.la' -print -delete - -mkdir -p %{buildroot}%{_datadir}/%{name} -mv %{buildroot}%{_datadir}/*.lm %{buildroot}%{_datadir}/%{name} -mv %{buildroot}%{_datadir}/runtests %{buildroot}%{_datadir}/%{name} - -ln -sfv %{buildroot}%{_libdir}/lib%{name}-%{version}.so %{_libdir}/lib%{name}.so - -mkdir -p %{buildroot}%{_datadir}/vim/vimfiles/syntax/ -mv %{buildroot}%{_docdir}/%{name}/%{name}.vim %{buildroot}%{_datadir}/vim/vimfiles/syntax/ - -%ldconfig_scriptlets - -%if 0%{?with_check} -%check -export LD_LIBRARY_PATH=%{buildroot}%{_libdir} -cd test && ./runtests -%endif - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root,-) -%license COPYING -%{_bindir}/%{name} -%{_bindir}/%{name}-wrap -%{_libdir}/libcolm-%{version}.so -%{_libdir}/libfsm-%{version}.so -%{_datadir}/vim/vimfiles/syntax/%{name}.vim - -%files devel -%defattr(-,root,root,-) -%{_libdir}/libfsm.so -%{_libdir}/libcolm.so -%{_datadir}/%{name}/*.lm -%{_datadir}/%{name}/runtests -%{_includedir}/%{name}/ -%{_includedir}/aapl/*.h -%{_includedir}/libfsm/*.h - -%changelog -* Mon Sep 12 2022 Shreenidhi Shedi 0.14.7-1 -- Initial build, needed for ragel. diff --git a/SPECS/commons-daemon/commons-daemon.spec b/SPECS/commons-daemon/commons-daemon.spec deleted file mode 100644 index 838cd557cb..0000000000 --- a/SPECS/commons-daemon/commons-daemon.spec +++ /dev/null @@ -1,112 +0,0 @@ -Summary: Apache Commons Daemon -Name: commons-daemon -Version: 1.3.3 -Release: 3%{?dist} -License: Apache -URL: https://commons.apache.org/proper/commons-daemon/download_daemon.cgi -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://mirrors.ocf.berkeley.edu/apache//commons/daemon/source/%{name}-%{version}-src.tar.gz -%define sha512 %{name}-%{version}-src=ec246e2c05d66408374ba56b3715b13f8f24f89af11fa00c2381dc19c188f1b6228f19351c97d5774808a804b83fdbdfb8f537d099db062c39ffd281c142ee77 - -Source1: https://mirrors.ocf.berkeley.edu/apache//commons/daemon/binaries/%{name}-%{version}-bin.tar.gz -%define sha512 %{name}-%{version}-bin=6600f3c182a46005928a77ade2a7f7e32ba29ebdfdc2255275cbd07445c4d278a96de4d8555031fa90eef29c4f50325b3b79eec0e4e09308d152583807189578 - -BuildRequires: apache-ant -BuildRequires: openjdk11 - -Requires: (openjdk11-jre or openjdk17-jre) - -%description -The Daemon Component contains a set of Java and native code, -including a set of Java interfaces applications must implement -and Unix native code to control a Java daemon from a Unix operating system. - -%prep -%autosetup -p1 -n %{name}-%{version}-src - -mkdir dist && cd dist -tar -xf %{SOURCE1} --no-same-owner - -%build -export JAVA_HOME=$(echo %{_libdir}/jvm/OpenJDK-*) - -%ifarch x86_64 -export CFLAGS=-m64 -export LDFLAGS=-m64 -%endif - -%ifarch aarch64 -sed -i 's/supported_os="aarch64"/supported_os="linux"/' src/native/unix/configure -%endif - -pushd src/native/unix -%configure -%make_build -popd - -%install -export JAVA_HOME=$(echo %{_libdir}/jvm/OpenJDK-*) -DIST_DIR=%{buildroot}%{_datadir}/java - -mkdir -p -m 755 $DIST_DIR \ - %{buildroot}%{_bindir} - -cp %{_builddir}/%{name}-%{version}-src/src/native/unix/jsvc %{buildroot}%{_bindir} -cp %{_builddir}/%{name}-%{version}-src/dist/%{name}-%{version}/%{name}-%{version}.jar $DIST_DIR/%{name}.jar -chmod -R 755 $DIST_DIR - -%files -%defattr(-,root,root) -%{_bindir}/jsvc -%{_datadir}/java/*.jar - -%changelog -* Sat Aug 26 2023 Shreenidhi Shedi 1.3.3-3 -- Require jdk11 or jdk17 -* Sat Jun 17 2023 Shreenidhi Shedi 1.3.3-2 -- Bump version as a part of openjdk11 upgrade -* Fri Oct 28 2022 Gerrit Photon 1.3.3-1 -- Automatic Version Bump -* Wed Sep 21 2022 Vamsi Krishna Brahmajosuyula 1.3.1-2 -- Use openjdk11 -* Mon Apr 18 2022 Gerrit Photon 1.3.1-1 -- Automatic Version Bump -* Mon Apr 12 2021 Gerrit Photon 1.2.4-1 -- Automatic Version Bump -* Mon Sep 21 2020 Gerrit Photon 1.2.3-1 -- Automatic Version Bump -* Mon Jun 22 2020 Gerrit Photon 1.2.2-1 -- Automatic Version Bump -* Mon Nov 05 2018 Alexey Makhalov 1.1.0-2 -- Removed dependency on JAVA8_VERSION macro -* Tue Dec 26 2017 Alexey Makhalov 1.1.0-1 -- Version update to support aarch64 -* Fri Oct 13 2017 Alexey Makhalov 1.0.15-12 -- Remove BuildArch -* Tue Jun 20 2017 Divya Thaluru 1.0.15-11 -- Packaged jar files to /usr/share/java -- Removed version information from jar files -- Removed dependency on ANT_HOME -* Thu May 18 2017 Harish Udaiya Kumar 1.0.15-10 -- Renamed openjdk to openjdk8 -* Fri Mar 31 2017 Priyesh Padmavilasom 1.0.15-9 -- use java rpm macros to determine versions -* Wed Dec 21 2016 Priyesh Padmavilasom 1.0.15-8 -- Updated JAVA_HOME path to point to latest JDK. -* Tue Oct 04 2016 Priyesh Padmavilasom 1.0.15-7 -- Updated JAVA_HOME path to point to latest JDK. -* Tue May 24 2016 Priyesh Padmavilasom 1.0.15-6 -- GA - Bump release of all rpms -* Fri May 20 2016 Divya Thaluru 1.0.15-5 -- Updated JAVA_HOME path to point to latest JDK. -* Fri Feb 26 2016 Kumar Kaushik 1.0.15-4 -- Updated JAVA_HOME path to point to latest JDK. -* Mon Nov 16 2015 Sharath George 1.0.15-3 -- Changing path to /var/opt. -* Wed Sep 16 2015 Harish Udaiya Kumar 1.0.15-2 -- Updated dependencies after repackaging openjdk. -* Wed Jul 15 2015 Sriram Nambakam 1.0.15-1 -- Initial commit. diff --git a/SPECS/commons-httpclient/06_fix_CVE-2012-5783.patch b/SPECS/commons-httpclient/06_fix_CVE-2012-5783.patch deleted file mode 100644 index 08080ff828..0000000000 --- a/SPECS/commons-httpclient/06_fix_CVE-2012-5783.patch +++ /dev/null @@ -1,382 +0,0 @@ -Description: Fixed CN extraction from DN of X500 principal and wildcard validation - - commons-httpclient (3.1-10.2) unstable; urgency=low - - * Fixed CN extraction from DN of X500 principal and wildcard validation - - -Author: Alberto Fernández Martínez - - -Origin: other -Forwarded: https://issues.apache.org/jira/browse/HTTPCLIENT-1265 -Last-Update: <2012-12-06> - ---- commons-httpclient-3.1.orig/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java -+++ commons-httpclient-3.1/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java -@@ -31,10 +31,25 @@ - package org.apache.commons.httpclient.protocol; - - import java.io.IOException; -+import java.io.InputStream; - import java.net.InetAddress; - import java.net.Socket; - import java.net.UnknownHostException; -+import java.security.cert.Certificate; -+import java.security.cert.CertificateParsingException; -+import java.security.cert.X509Certificate; -+import java.util.Arrays; -+import java.util.Collection; -+import java.util.Iterator; -+import java.util.LinkedList; -+import java.util.List; -+import java.util.Locale; -+import java.util.StringTokenizer; -+import java.util.regex.Pattern; - -+import javax.net.ssl.SSLException; -+import javax.net.ssl.SSLSession; -+import javax.net.ssl.SSLSocket; - import javax.net.ssl.SSLSocketFactory; - - import org.apache.commons.httpclient.ConnectTimeoutException; -@@ -55,6 +70,11 @@ public class SSLProtocolSocketFactory im - */ - private static final SSLProtocolSocketFactory factory = new SSLProtocolSocketFactory(); - -+ // This is a a sorted list, if you insert new elements do it orderdered. -+ private final static String[] BAD_COUNTRY_2LDS = -+ {"ac", "co", "com", "ed", "edu", "go", "gouv", "gov", "info", -+ "lg", "ne", "net", "or", "org"}; -+ - /** - * Gets an singleton instance of the SSLProtocolSocketFactory. - * @return a SSLProtocolSocketFactory -@@ -79,12 +99,14 @@ public class SSLProtocolSocketFactory im - InetAddress clientHost, - int clientPort) - throws IOException, UnknownHostException { -- return SSLSocketFactory.getDefault().createSocket( -+ Socket sslSocket = SSLSocketFactory.getDefault().createSocket( - host, - port, - clientHost, - clientPort - ); -+ verifyHostName(host, (SSLSocket) sslSocket); -+ return sslSocket; - } - - /** -@@ -124,16 +146,19 @@ public class SSLProtocolSocketFactory im - } - int timeout = params.getConnectionTimeout(); - if (timeout == 0) { -- return createSocket(host, port, localAddress, localPort); -+ Socket sslSocket = createSocket(host, port, localAddress, localPort); -+ verifyHostName(host, (SSLSocket) sslSocket); -+ return sslSocket; - } else { - // To be eventually deprecated when migrated to Java 1.4 or above -- Socket socket = ReflectionSocketFactory.createSocket( -+ Socket sslSocket = ReflectionSocketFactory.createSocket( - "javax.net.ssl.SSLSocketFactory", host, port, localAddress, localPort, timeout); -- if (socket == null) { -- socket = ControllerThreadSocketFactory.createSocket( -+ if (sslSocket == null) { -+ sslSocket = ControllerThreadSocketFactory.createSocket( - this, host, port, localAddress, localPort, timeout); - } -- return socket; -+ verifyHostName(host, (SSLSocket) sslSocket); -+ return sslSocket; - } - } - -@@ -142,10 +167,12 @@ public class SSLProtocolSocketFactory im - */ - public Socket createSocket(String host, int port) - throws IOException, UnknownHostException { -- return SSLSocketFactory.getDefault().createSocket( -+ Socket sslSocket = SSLSocketFactory.getDefault().createSocket( - host, - port - ); -+ verifyHostName(host, (SSLSocket) sslSocket); -+ return sslSocket; - } - - /** -@@ -157,13 +184,271 @@ public class SSLProtocolSocketFactory im - int port, - boolean autoClose) - throws IOException, UnknownHostException { -- return ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket( -+ Socket sslSocket = ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket( - socket, - host, - port, - autoClose - ); -+ verifyHostName(host, (SSLSocket) sslSocket); -+ return sslSocket; - } -+ -+ -+ -+ -+ /** -+ * Verifies that the given hostname in certicifate is the hostname we are trying to connect to -+ * http://www.cvedetails.com/cve/CVE-2012-5783/ -+ * @param host -+ * @param ssl -+ * @throws IOException -+ */ -+ -+ private static void verifyHostName(String host, SSLSocket ssl) -+ throws IOException { -+ if (host == null) { -+ throw new IllegalArgumentException("host to verify was null"); -+ } -+ -+ SSLSession session = ssl.getSession(); -+ if (session == null) { -+ // In our experience this only happens under IBM 1.4.x when -+ // spurious (unrelated) certificates show up in the server's chain. -+ // Hopefully this will unearth the real problem: -+ InputStream in = ssl.getInputStream(); -+ in.available(); -+ /* -+ If you're looking at the 2 lines of code above because you're -+ running into a problem, you probably have two options: -+ -+ #1. Clean up the certificate chain that your server -+ is presenting (e.g. edit "/etc/apache2/server.crt" or -+ wherever it is your server's certificate chain is -+ defined). -+ -+ OR -+ -+ #2. Upgrade to an IBM 1.5.x or greater JVM, or switch to a -+ non-IBM JVM. -+ */ -+ -+ // If ssl.getInputStream().available() didn't cause an exception, -+ // maybe at least now the session is available? -+ session = ssl.getSession(); -+ if (session == null) { -+ // If it's still null, probably a startHandshake() will -+ // unearth the real problem. -+ ssl.startHandshake(); -+ -+ // Okay, if we still haven't managed to cause an exception, -+ // might as well go for the NPE. Or maybe we're okay now? -+ session = ssl.getSession(); -+ } -+ } -+ -+ Certificate[] certs = session.getPeerCertificates(); -+ verifyHostName(host.trim().toLowerCase(Locale.US), (X509Certificate) certs[0]); -+ } -+ /** -+ * Extract the names from the certificate and tests host matches one of them -+ * @param host -+ * @param cert -+ * @throws SSLException -+ */ -+ -+ private static void verifyHostName(final String host, X509Certificate cert) -+ throws SSLException { -+ // I'm okay with being case-insensitive when comparing the host we used -+ // to establish the socket to the hostname in the certificate. -+ // Don't trim the CN, though. -+ -+ String cn = getCN(cert); -+ String[] subjectAlts = getDNSSubjectAlts(cert); -+ verifyHostName(host, cn.toLowerCase(Locale.US), subjectAlts); -+ -+ } -+ -+ /** -+ * Extract all alternative names from a certificate. -+ * @param cert -+ * @return -+ */ -+ private static String[] getDNSSubjectAlts(X509Certificate cert) { -+ LinkedList subjectAltList = new LinkedList(); -+ Collection c = null; -+ try { -+ c = cert.getSubjectAlternativeNames(); -+ } catch (CertificateParsingException cpe) { -+ // Should probably log.debug() this? -+ cpe.printStackTrace(); -+ } -+ if (c != null) { -+ Iterator it = c.iterator(); -+ while (it.hasNext()) { -+ List list = (List) it.next(); -+ int type = ((Integer) list.get(0)).intValue(); -+ // If type is 2, then we've got a dNSName -+ if (type == 2) { -+ String s = (String) list.get(1); -+ subjectAltList.add(s); -+ } -+ } -+ } -+ if (!subjectAltList.isEmpty()) { -+ String[] subjectAlts = new String[subjectAltList.size()]; -+ subjectAltList.toArray(subjectAlts); -+ return subjectAlts; -+ } else { -+ return new String[0]; -+ } -+ -+ } -+ /** -+ * Verifies -+ * @param host -+ * @param cn -+ * @param subjectAlts -+ * @throws SSLException -+ */ -+ -+ private static void verifyHostName(final String host, String cn, String[] subjectAlts)throws SSLException{ -+ StringBuffer cnTested = new StringBuffer(); -+ -+ for (int i = 0; i < subjectAlts.length; i++){ -+ String name = subjectAlts[i]; -+ if (name != null) { -+ name = name.toLowerCase(); -+ if (verifyHostName(host, name)){ -+ return; -+ } -+ cnTested.append("/").append(name); -+ } -+ } -+ if (cn != null && verifyHostName(host, cn)){ -+ return; -+ } -+ cnTested.append("/").append(cn); -+ throw new SSLException("hostname in certificate didn't match: <" -+ + host + "> != <" + cnTested + ">"); -+ -+ } -+ -+ private static boolean verifyHostName(final String host, final String cn){ -+ if (doWildCard(cn) && !isIPAddress(host)) { -+ return matchesWildCard(cn, host); -+ } -+ return host.equalsIgnoreCase(cn); -+ } -+ private static boolean doWildCard(String cn) { -+ // Contains a wildcard -+ // wildcard in the first block -+ // not an ipaddress (ip addres must explicitily be equal) -+ // not using 2nd level common tld : ex: not for *.co.uk -+ String parts[] = cn.split("\\."); -+ return parts.length >= 3 && -+ parts[0].endsWith("*") && -+ acceptableCountryWildcard(cn) && -+ !isIPAddress(cn); -+ } -+ -+ -+ private static final Pattern IPV4_PATTERN = -+ Pattern.compile("^(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}$"); -+ -+ private static final Pattern IPV6_STD_PATTERN = -+ Pattern.compile("^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$"); -+ -+ private static final Pattern IPV6_HEX_COMPRESSED_PATTERN = -+ Pattern.compile("^((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)::((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)$"); -+ -+ -+ private static boolean isIPAddress(final String hostname) { -+ return hostname != null -+ && ( -+ IPV4_PATTERN.matcher(hostname).matches() -+ || IPV6_STD_PATTERN.matcher(hostname).matches() -+ || IPV6_HEX_COMPRESSED_PATTERN.matcher(hostname).matches() -+ ); -+ -+ } -+ -+ private static boolean acceptableCountryWildcard(final String cn) { -+ // The CN better have at least two dots if it wants wildcard action, -+ // but can't be [*.co.uk] or [*.co.jp] or [*.org.uk], etc... -+ // The [*.co.uk] problem is an interesting one. Should we just -+ // hope that CA's would never foolishly allow such a -+ // certificate to happen? -+ -+ String[] parts = cn.split("\\."); -+ // Only checks for 3 levels, with country code of 2 letters. -+ if (parts.length > 3 || parts[parts.length - 1].length() != 2) { -+ return true; -+ } -+ String countryCode = parts[parts.length - 2]; -+ return Arrays.binarySearch(BAD_COUNTRY_2LDS, countryCode) < 0; -+ } -+ -+ private static boolean matchesWildCard(final String cn, -+ final String hostName) { -+ String parts[] = cn.split("\\."); -+ boolean match = false; -+ String firstpart = parts[0]; -+ if (firstpart.length() > 1) { -+ // server∗ -+ // e.g. server -+ String prefix = firstpart.substring(0, firstpart.length() - 1); -+ // skipwildcard part from cn -+ String suffix = cn.substring(firstpart.length()); -+ // skip wildcard part from host -+ String hostSuffix = hostName.substring(prefix.length()); -+ match = hostName.startsWith(prefix) && hostSuffix.endsWith(suffix); -+ } else { -+ match = hostName.endsWith(cn.substring(1)); -+ } -+ if (match) { -+ // I f we're in strict mode , -+ // [ ∗.foo.com] is not allowed to match [a.b.foo.com] -+ match = countDots(hostName) == countDots(cn); -+ } -+ return match; -+ } -+ -+ private static int countDots(final String data) { -+ int dots = 0; -+ for (int i = 0; i < data.length(); i++) { -+ if (data.charAt(i) == '.') { -+ dots += 1; -+ } -+ } -+ return dots; -+ } -+ -+ private static String getCN(X509Certificate cert) { -+ // Note: toString() seems to do a better job than getName() -+ // -+ // For example, getName() gives me this: -+ // 1.2.840.113549.1.9.1=#16166a756c6975736461766965734063756362632e636f6d -+ // -+ // whereas toString() gives me this: -+ // EMAILADDRESS=juliusdavies@cucbc.com -+ String subjectPrincipal = cert.getSubjectX500Principal().toString(); -+ -+ return getCN(subjectPrincipal); -+ -+ } -+ private static String getCN(String subjectPrincipal) { -+ StringTokenizer st = new StringTokenizer(subjectPrincipal, ","); -+ while(st.hasMoreTokens()) { -+ String tok = st.nextToken().trim(); -+ if (tok.length() > 3) { -+ if (tok.substring(0, 3).equalsIgnoreCase("CN=")) { -+ return tok.substring(3); -+ } -+ } -+ } -+ return null; -+ } - - /** - * All instances of SSLProtocolSocketFactory are the same. diff --git a/SPECS/commons-httpclient/CVE-2014-3577.patch b/SPECS/commons-httpclient/CVE-2014-3577.patch deleted file mode 100644 index 0e44c073c4..0000000000 --- a/SPECS/commons-httpclient/CVE-2014-3577.patch +++ /dev/null @@ -1,110 +0,0 @@ -From: Markus Koschany -Date: Mon, 23 Mar 2015 22:45:14 +0100 -Subject: CVE-2014-3577 - -It was found that the fix for CVE-2012-6153 was incomplete: the code added to -check that the server hostname matches the domain name in a subject's Common -Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker -could use this flaw to spoof an SSL server using a specially crafted X.509 -certificate. -The fix for CVE-2012-6153 was intended to address the incomplete patch for -CVE-2012-5783. This means the issue is now completely resolved by applying -this patch and the 06_fix_CVE-2012-5783.patch. - -References: - -upstream announcement: -https://mail-archives.apache.org/mod_mbox/www-announce/201408.mbox/CVE-2014-3577 - -Fedora-Fix: -http://pkgs.fedoraproject.org/cgit/jakarta-commons-httpclient.git/tree/jakarta-commons-httpclient-CVE-2014-3577.patch - -CentOS-Fix: -https://git.centos.org/blob/rpms!jakarta-commons-httpclient/SOURCES!jakarta-commons-httpclient-CVE-2014-3577.patch - -Debian-Bug: https://bugs.debian.org/758086 -Forwarded: not-needed, already fixed ---- - .../protocol/SSLProtocolSocketFactory.java | 57 ++++++++++++++-------- - 1 file changed, 37 insertions(+), 20 deletions(-) - -diff --git a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java -index fa0acc7..e6ce513 100644 ---- a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java -+++ b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java -@@ -44,9 +44,15 @@ import java.util.Iterator; - import java.util.LinkedList; - import java.util.List; - import java.util.Locale; --import java.util.StringTokenizer; -+import java.util.NoSuchElementException; - import java.util.regex.Pattern; - -+import javax.naming.InvalidNameException; -+import javax.naming.NamingException; -+import javax.naming.directory.Attribute; -+import javax.naming.directory.Attributes; -+import javax.naming.ldap.LdapName; -+import javax.naming.ldap.Rdn; - import javax.net.ssl.SSLException; - import javax.net.ssl.SSLSession; - import javax.net.ssl.SSLSocket; -@@ -424,28 +430,39 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory { - return dots; - } - -- private static String getCN(X509Certificate cert) { -- // Note: toString() seems to do a better job than getName() -- // -- // For example, getName() gives me this: -- // 1.2.840.113549.1.9.1=#16166a756c6975736461766965734063756362632e636f6d -- // -- // whereas toString() gives me this: -- // EMAILADDRESS=juliusdavies@cucbc.com -- String subjectPrincipal = cert.getSubjectX500Principal().toString(); -- -- return getCN(subjectPrincipal); -- -+ private static String getCN(final X509Certificate cert) { -+ final String subjectPrincipal = cert.getSubjectX500Principal().toString(); -+ try { -+ return extractCN(subjectPrincipal); -+ } catch (SSLException ex) { -+ return null; -+ } - } -- private static String getCN(String subjectPrincipal) { -- StringTokenizer st = new StringTokenizer(subjectPrincipal, ","); -- while(st.hasMoreTokens()) { -- String tok = st.nextToken().trim(); -- if (tok.length() > 3) { -- if (tok.substring(0, 3).equalsIgnoreCase("CN=")) { -- return tok.substring(3); -+ -+ private static String extractCN(final String subjectPrincipal) throws SSLException { -+ if (subjectPrincipal == null) { -+ return null; -+ } -+ try { -+ final LdapName subjectDN = new LdapName(subjectPrincipal); -+ final List rdns = subjectDN.getRdns(); -+ for (int i = rdns.size() - 1; i >= 0; i--) { -+ final Rdn rds = rdns.get(i); -+ final Attributes attributes = rds.toAttributes(); -+ final Attribute cn = attributes.get("cn"); -+ if (cn != null) { -+ try { -+ final Object value = cn.get(); -+ if (value != null) { -+ return value.toString(); -+ } -+ } catch (NoSuchElementException ignore) { -+ } catch (NamingException ignore) { -+ } - } - } -+ } catch (InvalidNameException e) { -+ throw new SSLException(subjectPrincipal + " is not a valid X500 distinguished name"); - } - return null; - } diff --git a/SPECS/commons-httpclient/CVE-2015-5262.patch b/SPECS/commons-httpclient/CVE-2015-5262.patch deleted file mode 100644 index a8075467b6..0000000000 --- a/SPECS/commons-httpclient/CVE-2015-5262.patch +++ /dev/null @@ -1,38 +0,0 @@ -From: Markus Koschany -Date: Mon, 2 Nov 2015 15:15:37 +0100 -Subject: CVE-2015-5262 - -Fix CVE-2015-5262 jakarta-commons-httpclient: https calls ignore http.socket.timeout during -SSL Handshake -See also https://bugzilla.redhat.com/show_bug.cgi?id=1259892 -Thanks to Mikolaj Izdebski for the patch. - -Bug: https://bugs.debian.org/798650 -Forwarded: no ---- - .../apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java -index e6ce513..b7550a2 100644 ---- a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java -+++ b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java -@@ -152,7 +152,9 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory { - } - int timeout = params.getConnectionTimeout(); - if (timeout == 0) { -- Socket sslSocket = createSocket(host, port, localAddress, localPort); -+ Socket sslSocket = SSLSocketFactory.getDefault().createSocket( -+ host, port, localAddress, localPort); -+ sslSocket.setSoTimeout(params.getSoTimeout()); - verifyHostName(host, (SSLSocket) sslSocket); - return sslSocket; - } else { -@@ -163,6 +165,7 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory { - sslSocket = ControllerThreadSocketFactory.createSocket( - this, host, port, localAddress, localPort, timeout); - } -+ sslSocket.setSoTimeout(params.getSoTimeout()); - verifyHostName(host, (SSLSocket) sslSocket); - return sslSocket; - } diff --git a/SPECS/commons-httpclient/commons-httpclient.spec b/SPECS/commons-httpclient/commons-httpclient.spec deleted file mode 100644 index 54b28a75aa..0000000000 --- a/SPECS/commons-httpclient/commons-httpclient.spec +++ /dev/null @@ -1,96 +0,0 @@ -%define _prefix %{_var}/opt/%{name} - -Summary: Apache commons-httpclient -Name: commons-httpclient -Version: 3.1 -Release: 4%{?dist} -License: Apache -URL: http://ant.apache.org -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -BuildArch: noarch - -Source0: https://archive.apache.org/dist/httpcomponents/%{name}/source/%{name}-%{version}-src.tar.gz -%define sha512 %{name}=e73ceeba3f34a35c30b24a3c6cb8dfc2102ff21079a5ff9270935908cb2f707d366c2f31a53fbdafa99673cc2b82e05470a2bf40d96767c72b2ab037c0f55490 - -# Bundled below jar into tarball -# https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar -# https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.2/commons-codec-1.2.jar -# https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar -Source1: %{name}-buildrequires-jars-%{version}.tar.gz -%define sha512 %{name}-buildrequires-jars=0d1e4afda7dcb3b261c97a345a67ce9ec9e5e20ddd501637b8edd4a2ba6b02e848e3dbfb2ec3457c8347d46e0ac1343313afaa8841d7308fb070b382f085ec19 - -Patch0: jakarta-commons-httpclient-encoding.patch -Patch1: 06_fix_CVE-2012-5783.patch -Patch2: CVE-2014-3577.patch -Patch3: CVE-2015-5262.patch - -Requires: (openjdk11-jre or openjdk17-jre) - -BuildRequires: openjdk11 -BuildRequires: wget -BuildRequires: apache-ant - -%description -The Hyper-Text Transfer Protocol (HTTP) is perhaps the most significant -protocol used on the Internet today. Web services, network-enabled -appliances and the growth of network computing continue to expand the -role of the HTTP protocol beyond user-driven web browsers, while -increasing the number of applications that require HTTP support. - -%prep -%autosetup -p1 - -mkdir -p target/dependency -tar -xf %{SOURCE1} -C target/dependency --no-same-owner -pushd target/dependency -cp %{name}-buildrequires-jars-%{version}/*.jar . -popd - -%build -export JAVA_HOME=$(echo %{_libdir}/jvm/OpenJDK*) -ant -Ddist.dir="." -Dbuild.sysclasspath=first -Dtest.failonerror=false \ - -Dlib.dir=./target/dependency -Djavac.encoding=UTF-8 dist - -%install -export JAVA_HOME=$(echo %{_libdir}/jvm/OpenJDK*) -mkdir -p -m 700 %{buildroot}%{_prefix} -mkdir -p -m 700 %{buildroot}%{_datadir}/java/%{name} -cp -r dist/commons-httpclient.jar %{buildroot}%{_prefix}/ -cp -r dist/commons-httpclient.jar %{buildroot}%{_datadir}/java/%{name}/ - -pushd %{buildroot}%{_prefix} -ln -s commons-httpclient.jar apache-commons-httpclient.jar -popd - -pushd %{buildroot}%{_datadir}/java/%{name} -ln -s commons-httpclient.jar apache-commons-httpclient.jar -popd - -cp -r dist/LICENSE.txt dist/README.txt %{buildroot}%{_prefix}/ - -%check -export JAVA_HOME=$(echo %{_libdir}/jvm/OpenJDK*) -ant -Ddist.dir="." -Dbuild.sysclasspath=first -Dtest.failonerror=false \ - -Dlib.dir=./target/dependency -Djavac.encoding=UTF-8 test - -%files -%defattr(-,root,root) -%dir %{_prefix} -%{_prefix}/LICENSE.txt -%{_prefix}/README.txt -%{_prefix}/*.jar -%dir %{_datadir}/java/%{name} -%{_datadir}/java/%{name}/*.jar - -%changelog -* Sat Aug 26 2023 Shreenidhi Shedi 3.1-4 -- Require jdk11 or jdk17 -* Sat Jun 17 2023 Shreenidhi Shedi 3.1-3 -- Bump version as a part of openjdk11 upgrade -* Wed Sep 21 2022 Vamsi Krishna Brahmajosuyula 3.1-2 -- Use openjdk11 -* Thu Sep 10 2020 Ankit Jain 3.1-1 -- Initial build. First version diff --git a/SPECS/commons-httpclient/jakarta-commons-httpclient-encoding.patch b/SPECS/commons-httpclient/jakarta-commons-httpclient-encoding.patch deleted file mode 100644 index d1e3eb682b..0000000000 --- a/SPECS/commons-httpclient/jakarta-commons-httpclient-encoding.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff --git a/build.xml b/build.xml -index 7c339bd..b65b5c8 100644 ---- a/build.xml -+++ b/build.xml -@@ -179,6 +179,7 @@ - description="Compile shareable components"> - -@@ -186,6 +187,7 @@ - - -@@ -197,6 +199,7 @@ - description="Compile unit test cases"> - -@@ -241,6 +244,7 @@ - - 2.1.7-1 -- Upgrade to v2.1.7 -* Mon Dec 19 2022 Nitesh Kumar 2.1.5-1 -- Version upgrade to v2.1.5 -* Fri Sep 02 2022 Nitesh Kumar 2.1.4-1 -- Initial version diff --git a/SPECS/conntrack-tools/conntrack-tools.spec b/SPECS/conntrack-tools/conntrack-tools.spec deleted file mode 100644 index f8e091264f..0000000000 --- a/SPECS/conntrack-tools/conntrack-tools.spec +++ /dev/null @@ -1,99 +0,0 @@ -Summary: Connection tracking userspace tools for Linux. -Name: conntrack-tools -Version: 1.4.7 -Release: 2%{?dist} -License: GPLv2 -URL: http://conntrack-tools.netfilter.org -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://netfilter.org/projects/%{name}/files/%{name}-%{version}.tar.bz2 -%define sha512 %{name}=3d37a6b8cd13fd3c149ab80009d686d2184920ba2d0d5c1b57abed6e92e0dd92cba868bfe22f1a155479fe5ab2e291b8bb8a7e72123a73788032202ac142653b - -Source1: conntrackd.conf - -Source2: conntrackd.service - -BuildRequires: gcc -BuildRequires: systemd-devel -BuildRequires: libtirpc-devel -BuildRequires: libmnl-devel -BuildRequires: libnfnetlink-devel -BuildRequires: libnetfilter_conntrack-devel -BuildRequires: libnetfilter_cttimeout-devel -BuildRequires: libnetfilter_cthelper-devel -BuildRequires: libnetfilter_queue-devel -BuildRequires: bison -BuildRequires: flex - -Requires: systemd -Requires: libmnl -Requires: libnetfilter_conntrack -Requires: libnetfilter_cthelper -Requires: libnetfilter_cttimeout -Requires: libnetfilter_queue -Requires: libnfnetlink -Provides: conntrack - -%description -The conntrack-tools are a set of free software userspace tools for Linux that -allow system administrators interact with the Connection Tracking System, -which is the module that provides stateful packet inspection for iptables. - -%prep -%autosetup -p1 - -%build -autoreconf -fi -%configure \ - --disable-static \ - --enable-systemd - -%make_build %{?_smp_mflags} - -%install -%make_install %{?_smp_mflags} -mkdir -p %{buildroot}%{_sysconfdir}/conntrackd -install -d -m 0755 %{buildroot}%{_unitdir} -install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/conntrackd -install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir} - -%clean -rm -rf %{buildroot}/* - -%post -/sbin/ldconfig -%systemd_post conntrackd.service - -%preun -%systemd_preun conntrackd.service - -%postun -/sbin/ldconfig -%systemd_postun conntrackd.service - -%files -%defattr(-, root, root) -%dir %{_sysconfdir}/conntrackd -%config(noreplace) %{_sysconfdir}/conntrackd/conntrackd.conf -%{_unitdir}/conntrackd.service -%{_sbindir}/conntrack -%{_sbindir}/conntrackd -%{_sbindir}/nfct -%dir %{_libdir}/%{name} -%{_libdir}/%{name}/* -%{_mandir}/man5/* -%{_mandir}/man8/* - -%changelog -* Sun Nov 13 2022 Shreenidhi Shedi 1.4.7-2 -- Bump version as a part of libtirpc upgrade -* Tue Nov 01 2022 Susant Sahani 1.4.7-1 -- Version bump -* Sun Oct 17 2021 Susant Sahani 1.4.6-3 -- Rename conntrackd.conf eth2 -> eth0 -* Sat Feb 27 2021 Andrew Williams 1.4.6-2 -- Add provide for conntrack -* Tue Aug 25 2020 Ashwin H 1.4.6-1 -- Initial version diff --git a/SPECS/conntrack-tools/conntrackd.conf b/SPECS/conntrack-tools/conntrackd.conf deleted file mode 100644 index 4cfb024160..0000000000 --- a/SPECS/conntrack-tools/conntrackd.conf +++ /dev/null @@ -1,415 +0,0 @@ -# -# Synchronizer settings -# -Sync { - Mode FTFW { - # - # Size of the resend queue (in objects). This is the maximum - # number of objects that can be stored waiting to be confirmed - # via acknoledgment. If you keep this value low, the daemon - # will have less chances to recover state-changes under message - # omission. On the other hand, if you keep this value high, - # the daemon will consume more memory to store dead objects. - # Default is 131072 objects. - # - # ResendQueueSize 131072 - - # - # This parameter allows you to set an initial fixed timeout - # for the committed entries when this node goes from backup - # to primary. This mechanism provides a way to purge entries - # that were not recovered appropriately after the specified - # fixed timeout. If you set a low value, TCP entries in - # Established states with no traffic may hang. For example, - # an SSH connection without KeepAlive enabled. If not set, - # the daemon uses an approximate timeout value calculation - # mechanism. By default, this option is not set. - # - # CommitTimeout 180 - - # - # If the firewall replica goes from primary to backup, - # the conntrackd -t command is invoked in the script. - # This command schedules a flush of the table in N seconds. - # This is useful to purge the connection tracking table of - # zombie entries and avoid clashes with old entries if you - # trigger several consecutive hand-overs. Default is 60 seconds. - # - # PurgeTimeout 60 - - # Set the acknowledgement window size. If you decrease this - # value, the number of acknowlegdments increases. More - # acknowledgments means more overhead as conntrackd has to - # handle more control messages. On the other hand, if you - # increase this value, the resend queue gets more populated. - # This results in more overhead in the queue releasing. - # The following value is based on some practical experiments - # measuring the cycles spent by the acknowledgment handling - # with oprofile. If not set, default window size is 300. - # - # ACKWindowSize 300 - - # - # This clause allows you to deactivate the external cache. Thus, - # the state entries are directly injected into the kernel - # conntrack table. As a result, you save memory in user-space - # but you consume slots in the kernel conntrack table for - # backup state entries. Moreover, disabling the external cache - # means more CPU consumption. You need a Linux kernel - # >= 2.6.29 to use this feature. By default, this clause is - # set off. If you are installing conntrackd for first time, - # please read the user manual and I encourage you to consider - # using the fail-over scripts instead of enabling this option! - # - # DisableExternalCache Off - } - - # - # Multicast IP and interface where messages are - # broadcasted (dedicated link). IMPORTANT: Make sure - # that iptables accepts traffic for destination - # 225.0.0.50, eg: - # - # iptables -I INPUT -d 225.0.0.50 -j ACCEPT - # iptables -I OUTPUT -d 225.0.0.50 -j ACCEPT - # - Multicast { - # - # Multicast address: The address that you use as destination - # in the synchronization messages. You do not have to add - # this IP to any of your existing interfaces. If any doubt, - # do not modify this value. - # - IPv4_address 225.0.0.50 - - # - # The multicast group that identifies the cluster. If any - # doubt, do not modify this value. - # - Group 3780 - - # - # IP address of the interface that you are going to use to - # send the synchronization messages. Remember that you must - # use a dedicated link for the synchronization messages. - # - IPv4_interface 192.168.100.100 - - # - # The name of the interface that you are going to use to - # send the synchronization messages. - # - Interface eth0 - - # The multicast sender uses a buffer to enqueue the packets - # that are going to be transmitted. The default size of this - # socket buffer is available at /proc/sys/net/core/wmem_default. - # This value determines the chances to have an overrun in the - # sender queue. The overrun results packet loss, thus, losing - # state information that would have to be retransmitted. If you - # notice some packet loss, you may want to increase the size - # of the sender buffer. The default size is usually around - # ~100 KBytes which is fairly small for busy firewalls. - # - SndSocketBuffer 1249280 - - # The multicast receiver uses a buffer to enqueue the packets - # that the socket is pending to handle. The default size of this - # socket buffer is available at /proc/sys/net/core/rmem_default. - # This value determines the chances to have an overrun in the - # receiver queue. The overrun results packet loss, thus, losing - # state information that would have to be retransmitted. If you - # notice some packet loss, you may want to increase the size of - # the receiver buffer. The default size is usually around - # ~100 KBytes which is fairly small for busy firewalls. - # - RcvSocketBuffer 1249280 - - # - # Enable/Disable message checksumming. This is a good - # property to achieve fault-tolerance. In case of doubt, do - # not modify this value. - # - Checksum on - } - # - # You can specify more than one dedicated link. Thus, if one dedicated - # link fails, conntrackd can fail-over to another. Note that adding - # more than one dedicated link does not mean that state-updates will - # be sent to all of them. There is only one active dedicated link at - # a given moment. The `Default' keyword indicates that this interface - # will be selected as the initial dedicated link. You can have - # up to 4 redundant dedicated links. Note: Use different multicast - # groups for every redundant link. - # - # Multicast Default { - # IPv4_address 225.0.0.51 - # Group 3781 - # IPv4_interface 192.168.100.101 - # Interface eth3 - # # SndSocketBuffer 1249280 - # # RcvSocketBuffer 1249280 - # Checksum on - # } - - # - # You can use Unicast UDP instead of Multicast to propagate events. - # Note that you cannot use unicast UDP and Multicast at the same - # time, you can only select one. - # - # UDP { - # - # UDP address that this firewall uses to listen to events. - # - # IPv4_address 192.168.2.100 - # - # or you may want to use an IPv6 address: - # - # IPv6_address fe80::215:58ff:fe28:5a27 - - # - # Destination UDP address that receives events, ie. the other - # firewall's dedicated link address. - # - # IPv4_Destination_Address 192.168.2.101 - # - # or you may want to use an IPv6 address: - # - # IPv6_Destination_Address fe80::2d0:59ff:fe2a:775c - - # - # UDP port used - # - # Port 3780 - - # - # The name of the interface that you are going to use to - # send the synchronization messages. - # - # Interface eth2 - - # - # The sender socket buffer size - # - # SndSocketBuffer 1249280 - - # - # The receiver socket buffer size - # - # RcvSocketBuffer 1249280 - - # - # Enable/Disable message checksumming. - # - # Checksum on - # } - - # - # Other unsorted options that are related to the synchronization. - # - # Options { - # - # TCP state-entries have window tracking deactivated by default, - # you can enable it with this option. As said, default is off. - # This feature requires a Linux kernel >= 2.6.36. - # - # TCPWindowTracking Off - - # Set this option on if you want to enable the synchronization - # of expectations. You have to specify the list of helpers that - # you want to enable. Default is off. This feature requires - # a Linux kernel >= 3.5. - # - # ExpectationSync { - # ftp - # ras - # q.931 - # h.245 - # sip - # } - # - # You can use this alternatively: - # - # ExpectationSync On - # - # If you want to synchronize expectations of all helpers. - # } -} - -# -# General settings -# -General { - # - # Enable systemd support. If conntrackd is compiled with the proper - # configuration, you can use a systemd service unit of Type=notify - # and use conntrackd with systemd watchdog as well. - # Default is: on if built with --enable-systemd, off otherwhise - # - #Systemd on - - # - # Number of buckets in the cache hashtable. The bigger it is, - # the closer it gets to O(1) at the cost of consuming more memory. - # Read some documents about tuning hashtables for further reference. - # - HashSize 32768 - - # - # Maximum number of conntracks, it should be double of: - # $ cat /proc/sys/net/netfilter/nf_conntrack_max - # since the daemon may keep some dead entries cached for possible - # retransmission during state synchronization. - # - HashLimit 131072 - - # - # Logfile: on (/var/log/conntrackd.log), off, or a filename - # Default: off - # - LogFile on - - # - # Syslog: on, off or a facility name (daemon (default) or local0..7) - # Default: off - # - #Syslog on - - # - # Lockfile - # - LockFile /var/lock/conntrack.lock - - # - # Unix socket configuration - # - UNIX { - Path /var/run/conntrackd.ctl - } - - # - # Netlink event socket buffer size. If you do not specify this clause, - # the default buffer size value in /proc/sys/net/core/rmem_default is - # used. This default value is usually around 100 Kbytes which is - # fairly small for busy firewalls. This leads to event message dropping - # and high CPU consumption. This example configuration file sets the - # size to 2 MBytes to avoid this sort of problems. - # - NetlinkBufferSize 2097152 - - # - # The daemon doubles the size of the netlink event socket buffer size - # if it detects netlink event message dropping. This clause sets the - # maximum buffer size growth that can be reached. This example file - # sets the size to 8 MBytes. - # - NetlinkBufferSizeMaxGrowth 8388608 - - # - # If the daemon detects that Netlink is dropping state-change events, - # it automatically schedules a resynchronization against the Kernel - # after 30 seconds (default value). Resynchronizations are expensive - # in terms of CPU consumption since the daemon has to get the full - # kernel state-table and purge state-entries that do not exist anymore. - # Be careful of setting a very small value here. You have the following - # choices: On (enabled, use default 30 seconds value), Off (disabled) - # or Value (in seconds, to set a specific amount of time). If not - # specified, the daemon assumes that this option is enabled. - # - # NetlinkOverrunResync On - - # - # If you want reliable event reporting over Netlink, set on this - # option. If you set on this clause, it is a good idea to set off - # NetlinkOverrunResync. This option is off by default and you need - # a Linux kernel >= 2.6.31. - # - # NetlinkEventsReliable Off - - # - # By default, the daemon receives state updates following an - # event-driven model. You can modify this behaviour by switching to - # polling mode with the PollSecs clause. This clause tells conntrackd - # to dump the states in the kernel every N seconds. With regards to - # synchronization mode, the polling mode can only guarantee that - # long-lifetime states are recovered. The main advantage of this method - # is the reduction in the state replication at the cost of reducing the - # chances of recovering connections. - # - # PollSecs 15 - - # - # The daemon prioritizes the handling of state-change events coming - # from the core. With this clause, you can set the maximum number of - # state-change events (those coming from kernel-space) that the daemon - # will handle after which it will handle other events coming from the - # network or userspace. A low value improves interactivity (in terms of - # real-time behaviour) at the cost of extra CPU consumption. - # Default (if not set) is 100. - # - # EventIterationLimit 100 - - # - # Event filtering: This clause allows you to filter certain traffic, - # There are currently three filter-sets: Protocol, Address and - # State. The filter is attached to an action that can be: Accept or - # Ignore. Thus, you can define the event filtering policy of the - # filter-sets in positive or negative logic depending on your needs. - # You can select if conntrackd filters the event messages from - # user-space or kernel-space. The kernel-space event filtering - # saves some CPU cycles by avoiding the copy of the event message - # from kernel-space to user-space. The kernel-space event filtering - # is prefered, however, you require a Linux kernel >= 2.6.29 to - # filter from kernel-space. If you want to select kernel-space - # event filtering, use the keyword 'Kernelspace' instead of - # 'Userspace'. - # - Filter From Userspace { - # - # Accept only certain protocols: You may want to replicate - # the state of flows depending on their layer 4 protocol. - # - Protocol Accept { - TCP - SCTP - DCCP - # UDP - # ICMP # This requires a Linux kernel >= 2.6.31 - # IPv6-ICMP # This requires a Linux kernel >= 2.6.31 - } - - # - # Ignore traffic for a certain set of IP's: Usually all the - # IP assigned to the firewall since local traffic must be - # ignored, only forwarded connections are worth to replicate. - # Note that these values depends on the local IPs that are - # assigned to the firewall. - # - Address Ignore { - IPv4_address 127.0.0.1 # loopback - IPv4_address 192.168.0.100 # virtual IP 1 - IPv4_address 192.168.1.100 # virtual IP 2 - IPv4_address 192.168.0.1 - IPv4_address 192.168.1.1 - IPv4_address 192.168.100.100 # dedicated link ip - # - # You can also specify networks in format IP/cidr. - # IPv4_address 192.168.0.0/24 - # - # You can also specify an IPv6 address - # IPv6_address ::1 - } - - # - # Uncomment this line below if you want to filter by flow state. - # This option introduces a trade-off in the replication: it - # reduces CPU consumption at the cost of having lazy backup - # firewall replicas. The existing TCP states are: SYN_SENT, - # SYN_RECV, ESTABLISHED, FIN_WAIT, CLOSE_WAIT, LAST_ACK, - # TIME_WAIT, CLOSED, LISTEN. - # - # State Accept { - # ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP - # } - } -} diff --git a/SPECS/conntrack-tools/conntrackd.service b/SPECS/conntrack-tools/conntrackd.service deleted file mode 100644 index 82569874f7..0000000000 --- a/SPECS/conntrack-tools/conntrackd.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=connection tracking daemon -After=network-online.target -Wants=network-online.target -[Service] -Type=simple -ExecStartPre=/bin/rm -f /var/lock/conntrack.lock -ExecStart=/usr/sbin/conntrackd -C /etc/conntrackd/conntrackd.conf -[Install] -WantedBy=multi-user.target diff --git a/SPECS/consul/consul.service b/SPECS/consul/consul.service deleted file mode 100644 index 3d6a14b55e..0000000000 --- a/SPECS/consul/consul.service +++ /dev/null @@ -1,19 +0,0 @@ -[Unit] -Description=Consul Agent -Requires=network.target -After=network.target - -[Service] -ExecStartPre=/usr/bin/rm -rf /var/lib/consul/* -ExecStartPre=/usr/bin/mkdir -p /var/lib/consul/config -ExecStartPre=/usr/bin/mkdir -p /var/lib/consul/data -ExecStart=/usr/bin/consul agent -config-dir=/var/lib/consul/config -data-dir=/var/lib/consul/data -server -client=0.0.0.0 -advertise=127.0.0.1 -bootstrap -ui -ExecReload=/usr/bin/kill -HUP $MAINPID -KillSignal=SIGINT -User=consul -Group=consul -Restart=on-failure -LimitNOFILE=131072 - -[Install] -WantedBy=multi-user.target diff --git a/SPECS/consul/consul.spec b/SPECS/consul/consul.spec deleted file mode 100644 index 9f5bb66f95..0000000000 --- a/SPECS/consul/consul.spec +++ /dev/null @@ -1,151 +0,0 @@ -%global debug_package %{nil} - -Name: consul -Version: 1.15.4 -Release: 5%{?dist} -Summary: Consul is a tool for service discovery and configuration. -License: Mozilla Public License, version 2.0 -Group: System Environment/Daemons -Vendor: VMware, Inc. -Distribution: Photon -URL: /~https://github.com/hashicorp/consul - -Source0: /~https://github.com/hashicorp/consul/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}-%{version}=a03d0f71fc4f6e42a0c0efbc8477701356c40d7221ede565985ba6775a7a2ffb75cb99e609b0ec428875731ecc20941cc4bba7d1d1551ea859563a02a3c41e95 -Source1: %{name}.service -Source2: %{name}.sysusers - -BuildRequires: systemd-devel -BuildRequires: go -BuildRequires: ca-certificates - -Requires(pre): systemd-rpm-macros -Requires: systemd - -%description -Consul is a tool for service discovery and configuration. Consul is distributed, highly available, and extremely scalable. - -Consul provides several key features: - * Service Discovery - Consul makes it simple for services to register themselves and to discover other services via a DNS or HTTP interface. - - External services such as SaaS providers can be registered as well. - - * Health Checking - Health Checking enables Consul to quickly alert operators about any issues in a cluster. - - The integration with service discovery prevents routing traffic to unhealthy hosts and enables service level circuit breakers. - - * Key/Value Storage - A flexible key/value store enables storing dynamic configuration, feature flagging, coordination, leader election and more. - - The simple HTTP API makes it easy to use anywhere. - - * Multi-Datacenter - Consul is built to be datacenter aware, and can support any number of regions without complex configuration. - -%prep -%autosetup -p1 - -%build -go build -v -o %{name} - -%install -install -vdm 755 %{buildroot}%{_bindir} -install %{name} %{buildroot}%{_bindir} -install -vdm 755 %{buildroot}%{_sysconfdir}/%{name}.d -install -vdm 755 %{buildroot}%{_unitdir} -install -p -m 0644 %{SOURCE1} %{buildroot}%{_unitdir} -install -vdm 755 %{buildroot}%{_sharedstatedir}/%{name} -install -p -D -m 0644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.sysusers - -%pre -%sysusers_create_compat %{SOURCE2} - -%post -/sbin/ldconfig -%systemd_post %{name}.service -if [ $1 -ge 1 ]; then - chown -PR %{name}:%{name} %{_sharedstatedir}/%{name} -fi - -%postun -/sbin/ldconfig -%systemd_postun_with_restart %{name}.service - -%preun -/sbin/ldconfig -%systemd_preun %{name}.service - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root) -%{_bindir}/%{name} -%{_unitdir}/%{name}.service -%dir %{_sysconfdir}/%{name}.d -%dir %{_sharedstatedir}/%{name} -%{_sysusersdir}/%{name}.sysusers - -%changelog -* Wed Oct 11 2023 Piyush Gupta 1.15.4-5 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 1.15.4-4 -- Bump up version to compile with new go -* Tue Aug 08 2023 Mukul Sikka 1.15.4-3 -- Resolving systemd-rpm-macros for group creation -* Mon Jul 17 2023 Piyush Gupta 1.15.4-2 -- Bump up version to compile with new go -* Mon Jul 17 2023 Nitesh Kumar 1.15.4-1 -- Version upgrade to v1.15.4 to fix following CVE's: -- CVE-2023-1297, CVE-2023-0845 -* Mon Jul 03 2023 Piyush Gupta 1.14.2-5 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 1.14.2-4 -- Bump up version to compile with new go -* Sun Mar 12 2023 Piyush Gupta 1.14.2-3 -- Bump up version to compile with new go -* Fri Mar 10 2023 Mukul Sikka 1.14.2-2 -- Use systemd-rpm-macros for user creation -* Tue Dec 13 2022 Gerrit Photon 1.14.2-1 -- Automatic Version Bump -* Mon Nov 21 2022 Piyush Gupta 1.11.4-4 -- Bump up version to compile with new go -* Wed Oct 26 2022 Piyush Gupta 1.11.4-3 -- Bump up version to compile with new go -* Fri Jun 17 2022 Piyush Gupta 1.11.4-2 -- Bump up version to compile with new go -* Tue Apr 05 2022 Shreenidhi Shedi 1.11.4-1 -- Upgradeto v1.11.4 & fix spec issues -* Thu Mar 17 2022 Nitesh Kumar 1.10.8-1 -- Version upgrade to 1.10.8, fixes CVE-2022-24687 -* Tue Dec 21 2021 Nitesh Kumar 1.10.4-1 -- Version upgrade to 1.10.4, fixes CVE-2021-41805 -* Tue Aug 03 2021 Nitesh Kumar 1.10.1-1 -- Version upgrade to 1.10.1, fixes CVE-2021-32574 -* Fri Jun 11 2021 Piyush Gupta 1.9.5-2 -- Bump up version to compile with new go -* Mon Apr 12 2021 Gerrit Photon 1.9.5-1 -- Automatic Version Bump -* Fri Feb 05 2021 Harinadh D 1.9.1-3 -- Bump up version to compile with new go -* Fri Jan 15 2021 Piyush Gupta 1.9.1-2 -- Bump up version to compile with new go -* Wed Dec 16 2020 Shreenidhi Shedi 1.9.1-1 -- Bump version to fix CVE-2020-28053 -* Tue Nov 17 2020 Shreenidhi Shedi 1.8.5-1 -- Upgrade to v1.8.5, fixes CVE-2020-25201 -* Mon Sep 21 2020 Gerrit Photon 1.8.4-1 -- Automatic Version Bump -* Wed Aug 12 2020 Gerrit Photon 1.8.3-1 -- Automatic Version Bump -* Thu Jul 09 2020 Shreenidhi Shedi 1.8.0-1 -- Upgrade to version 1.8.0 -* Tue Mar 10 2020 Shreenidhi Shedi 1.7.1-1 -- Version upgrade to 1.7.1; fixes CVE-2020-7219 & CVE-2020-7955 -* Tue Oct 22 2019 Ashwin H 1.2.3-4 -- Bump up version to compile with go 1.13.3 -* Fri Aug 30 2019 Ashwin H 1.2.3-3 -- Bump up version to compile with new go -* Mon Jun 03 2019 Siju Maliakkal 1.2.3-2 -- Applied patch for CVE-2018-19653 -* Mon Oct 22 2018 Ajay Kaher 1.2.3-1 -- Upgraded to version 1.2.3 -* Mon Jul 09 2018 Alexey Makhalov 1.1.0-2 -- Modify command line parameters in .service file. -* Thu Jun 28 2018 Ankit Jain 1.1.0-1 -- Initial build. First version diff --git a/SPECS/consul/consul.sysusers b/SPECS/consul/consul.sysusers deleted file mode 100644 index ea2d1c2299..0000000000 --- a/SPECS/consul/consul.sysusers +++ /dev/null @@ -1,2 +0,0 @@ -g consul - -u consul - "Consul Agent" /var/lib/consul /bin/false diff --git a/SPECS/containerd/build-bin-gen-manpages-instead-of-using-go-run.patch b/SPECS/containerd/build-bin-gen-manpages-instead-of-using-go-run.patch deleted file mode 100644 index 85af162828..0000000000 --- a/SPECS/containerd/build-bin-gen-manpages-instead-of-using-go-run.patch +++ /dev/null @@ -1,33 +0,0 @@ -From fd704d3341738045e1b2695db4779014c40df25f Mon Sep 17 00:00:00 2001 -From: Kazuyoshi Kato -Date: Mon, 18 Apr 2022 21:02:06 +0000 -Subject: [PATCH] Build bin/gen-manpages instead of using "go run" - -Signed-off-by: Kazuyoshi Kato -Signed-off-by: Srivatsa S. Bhat (VMware) ---- - Makefile | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/Makefile b/Makefile -index f3ae858b043..a6bad72efec 100644 ---- a/Makefile -+++ b/Makefile -@@ -253,13 +253,13 @@ mandir: - # Kept for backwards compatibility - genman: man/containerd.8 man/ctr.8 - --man/containerd.8: FORCE -+man/containerd.8: bin/gen-manpages FORCE - @echo "$(WHALE) $@" -- $(GO) run -mod=readonly ${GO_TAGS} cmd/gen-manpages/main.go $(@F) $(@D) -+ $< $(@F) $(@D) - --man/ctr.8: FORCE -+man/ctr.8: bin/gen-manpages FORCE - @echo "$(WHALE) $@" -- $(GO) run -mod=readonly ${GO_TAGS} cmd/gen-manpages/main.go $(@F) $(@D) -+ $< $(@F) $(@D) - - man/%: docs/man/%.md FORCE - @echo "$(WHALE) $@" diff --git a/SPECS/containerd/containerd-config.toml b/SPECS/containerd/containerd-config.toml deleted file mode 100644 index c5ef2f6209..0000000000 --- a/SPECS/containerd/containerd-config.toml +++ /dev/null @@ -1,21 +0,0 @@ -#disabled_plugins = ["cri"] - -#root = "/var/lib/containerd" -#state = "/run/containerd" -#subreaper = true -#oom_score = 0 -version = 2 - -#[grpc] -# address = "/run/containerd/containerd.sock" -# uid = 0 -# gid = 0 - -[plugins."io.containerd.grpc.v1.cri"] -enable_selinux = true - -#[debug] -# address = "/run/containerd/debug.sock" -# uid = 0 -# gid = 0 -# level = "info" diff --git a/SPECS/containerd/containerd-service.patch b/SPECS/containerd/containerd-service.patch deleted file mode 100644 index 31fcf26e9f..0000000000 --- a/SPECS/containerd/containerd-service.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/containerd.service b/containerd.service -index d0f3be7..7bcc985 100644 ---- a/containerd.service -+++ b/containerd.service -@@ -19,7 +19,7 @@ After=network.target local-fs.target - - [Service] - ExecStartPre=-/sbin/modprobe overlay --ExecStart=/usr/local/bin/containerd -+ExecStart=/usr/bin/containerd - - Type=notify - Delegate=yes diff --git a/SPECS/containerd/containerd.spec b/SPECS/containerd/containerd.spec deleted file mode 100644 index c2e716afb5..0000000000 --- a/SPECS/containerd/containerd.spec +++ /dev/null @@ -1,185 +0,0 @@ -%define debug_package %{nil} -%define __os_install_post %{nil} -%define gopath_comp github.com/%{name}/%{name} - -Summary: Containerd -Name: containerd -Version: 1.6.17 -Release: 8%{?dist} -License: ASL 2.0 -URL: https://containerd.io/docs -Group: Applications/File -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/containerd/containerd/archive/containerd-%{version}.tar.gz -%define sha512 %{name}=673153b6007b2bd6b0148aef79a9e495c8fde47132c8f2880c22873ac8b8b428f94e8ecca5cf0b670658ab941d2e412f8c63cf1249f9e4765342547b4d30f196 - -# Must be in sync with package version -%define CONTAINERD_GITCOMMIT 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6 - -Source1: %{name}-config.toml -Source2: disable-%{name}-by-default.preset - -Patch0: %{name}-service.patch -Patch1: build-bin-gen-manpages-instead-of-using-go-run.patch - -BuildRequires: btrfs-progs -BuildRequires: btrfs-progs-devel -BuildRequires: libseccomp -BuildRequires: libseccomp-devel -# Upstream is unhappy with 1.14. 1.13 or 1.15+ is OK -BuildRequires: go >= 1.16 -BuildRequires: go-md2man -BuildRequires: systemd-devel - -Requires: libseccomp -Requires: systemd -# containerd 1.4.5 and above allow to use runc 1.0.0-rc94 and above. -# refer to v1.4.5/RUNC.md -Requires: runc - -%description -Containerd is an open source project. It is available as a daemon for Linux, -which manages the complete container lifecycle of its host system. - -%package extras -Summary: Extra binaries for containerd -Group: Applications/File -Requires: %{name} = %{version}-%{release} - -%description extras -Extra binaries for containerd - -%package doc -Summary: containerd -Requires: %{name} = %{version}-%{release} - -%description doc -Documentation for containerd. - -%prep -# Using autosetup is not feasible -%setup -q -c -mkdir -p "$(dirname "src/%{gopath_comp}")" -cd %{name}-%{version} -%autopatch -p1 -cd .. -mv %{name}-%{version} src/%{gopath_comp} - -%build -export GOPATH="${PWD}" -# We still have to use the GOPATH mode, as containerd only supports go.mod -# starting 1.5.0+ However, this mode might be soon removed -- -# /~https://github.com/golang/go/wiki/GOPATH - -# Also, attempting to create go.mod and re-vendor would be wrong in this case, -# as it could overwrite patches to vendor/, as well as fetching un-release -# upstream versions. Typically, embargoed CVEs can cause those versions to be hiddden. -export GO111MODULE=off -cd src/%{gopath_comp} - -make %{?_smp_mflags} VERSION=%{version} REVISION=%{CONTAINERD_GITCOMMIT} \ - BUILDTAGS='seccomp selinux apparmor' binaries man - -%install -cd src/%{gopath_comp} -install -v -m644 -D -t %{buildroot}%{_datadir}/licenses/%{name} LICENSE -install -v -m644 -D -t %{buildroot}%{_unitdir} %{name}.service -install -v -m644 -D %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/config.toml -install -v -m644 -D %{SOURCE2} %{buildroot}%{_presetdir}/50-%{name}.preset -make %{?_smp_mflags} DESTDIR=%{buildroot} PREFIX=%{_prefix} install -make %{?_smp_mflags} DESTDIR=%{buildroot} PREFIX=%{_prefix} install-man - -%post -%systemd_post %{name}.service - -%postun -%systemd_postun_with_restart %{name}.service - -%preun -%systemd_preun %{name}.service - -%clean -rm -rf %{buildroot}/* - -%if 0%{?with_check} -%check -export GOPATH="$(pwd)" -cd src/%{gopath_comp} -make %{?_smp_mflags} test -make %{?_smp_mflags} root-test -make %{?_smp_mflags} integration -%endif - -%files -%defattr(-,root,root) -%{_bindir}/ctr -%{_bindir}/%{name} -%{_bindir}/%{name}-shim -%{_datadir}/licenses/%{name} -%{_unitdir}/%{name}.service -%{_presetdir}/50-%{name}.preset -%config(noreplace) %{_sysconfdir}/%{name}/config.toml - -%files extras -%defattr(-,root,root) -%{_bindir}/%{name}-shim-runc-v1 -%{_bindir}/%{name}-shim-runc-v2 -%{_bindir}/%{name}-stress - -%files doc -%defattr(-,root,root) -%doc -%{_mandir}/man5/* -%{_mandir}/man8/* - -%changelog -* Wed Oct 11 2023 Piyush Gupta 1.6.17-8 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 1.6.17-7 -- Bump up version to compile with new go -* Mon Jul 17 2023 Piyush Gupta 1.6.17-6 -- Bump up version to compile with new go -* Mon Jul 03 2023 Piyush Gupta 1.6.17-5 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 1.6.17-4 -- Bump up version to compile with new go -* Fri Apr 28 2023 Nitesh Kumar 1.6.17-3 -- Version bump up to use latest runc v1.1.7 -* Thu Mar 09 2023 Piyush Gupta 1.6.17-2 -- Bump up version to compile with new go -* Fri Feb 10 2023 Gerrit Photon 1.6.17-1 -- Automatic Version Bump -* Wed Nov 30 2022 Gerrit Photon 1.6.9-1 -- Automatic Version Bump -* Mon Nov 21 2022 Piyush Gupta 1.6.6-6 -- Bump up version to compile with new go -* Wed Oct 26 2022 Piyush Gupta 1.6.6-5 -- Bump up version to compile with new go -* Thu Sep 08 2022 Srivatsa S. Bhat (VMware) 1.6.6-4 -- Restore GO111MODULE to off. -* Mon Aug 8 2022 Shivani Agarwal 1.6.6-3 -- Enable selinux -* Sun Jul 24 2022 Piyush Gupta 1.6.6-2 -- Bump up version to compile with new go. -* Wed Jul 20 2022 Tejaswini Jayaramaiah 1.6.6-1 -- Update to version 1.6.6 -* Mon Dec 13 2021 Nitesh Kumar 1.4.12-1 -- Upgrading to 1.4.12 to use latest runc. -* Fri Jun 11 2021 Piyush Gupta 1.4.4-2 -- Bump up version to compile with new go -* Mon Mar 22 2021 Ankit Jain 1.4.4-1 -- Update to 1.4.4 -* Fri Feb 05 2021 Harinadh D 1.4.1-4 -- Bump up version to compile with new go -* Fri Jan 15 2021 Piyush Gupta 1.4.1-3 -- Bump up version to compile with new go -* Wed Oct 07 2020 Tapas Kundu 1.4.1-2 -- Use latest runc -* Mon Sep 21 2020 Gerrit Photon 1.4.1-1 -- Automatic Version Bump -* Wed Aug 19 2020 Gerrit Photon 1.4.0-1 -- Automatic Version Bump -* Tue Aug 27 2019 Shreyas B. 1.2.8-1 -- Initial version of containerd spec. diff --git a/SPECS/containerd/disable-containerd-by-default.preset b/SPECS/containerd/disable-containerd-by-default.preset deleted file mode 100644 index 1f46632a80..0000000000 --- a/SPECS/containerd/disable-containerd-by-default.preset +++ /dev/null @@ -1 +0,0 @@ -disable containerd.service diff --git a/SPECS/containers-common/containers-common.spec b/SPECS/containers-common/containers-common.spec deleted file mode 100644 index 49308392fc..0000000000 --- a/SPECS/containers-common/containers-common.spec +++ /dev/null @@ -1,116 +0,0 @@ -# Please handle this spec with care, As this a custom spec file created -# for podman so it should be manually upgraded when required. Because -# it has specific files from multiple repos as mention in spec comment -# section itself. Also whenever upgrading podman please check the -# compaitable version of containers-common and upgrade this by picking -# the required files like below. -# Clone containers sub repo common, image, shortnames, skopeo and storage -# Checkout to specific tag for all sub repo & pick the files as per requirment -# Move those files into directory & create tarball -# -# For example: -# git clone git@github.com:containers/common.git -# cd common && git checkout -b v0.55.0 tags/v0.55.0 -# cp pkg/config/containers.conf pkg/seccomp/seccomp.json pkg/subscriptions/mounts.conf ../containers-common-4/ -# -# git clone git@github.com:containers/image.git -# cd image && git checkout -b v5.26.0 tags/v5.26.0 -# cp registries.conf ../containers-common-4/ -# -# git clone git@github.com:containers/shortnames.git -# cd shortnames && git checkout -b v2022.02.20 tags/v2022.02.20 -# cp shortnames.conf ../containers-common-4/ -# -# git clone git@github.com:containers/skopeo.git -# cd skopeo && git checkout -b v1.12.0 tags/v1.12.0 -# cp default.yaml default-policy.json ../containers-common-4/ -# -# git clone git@github.com:containers/storage.git -# cd storage && git checkout -b v1.48.0 tags/v1.48.0 -# cp storage.conf ../containers-common-4/ -# -# cd .. && tar czf containers-common-4.tar.gz containers-common-4 - -Summary: Common configuration and documentation for containers -Name: containers-common -Version: 4 -Release: 1%{?dist} -License: ASL 2.0 -URL: /~https://github.com/containers -Source0: %{name}-%{version}.tar.gz -%define sha512 %{name}=de6484566b3115a278bcbd1959ba31cd8ae58aed711cce90824bce50465d9553316651f6d5c883d681f0bc7b4aed7f2d608db5008c6b07fb128288353fff98e4 -Group: Tools/Podman -Vendor: VMware, Inc. -Distribution: Photon -BuildArch: noarch - -Requires: fuse-overlayfs -Requires: selinux-policy -Requires: cni - -%description -This package contains common configuration files and documentation for container -tools ecosystem, such as Podman, Buildah and Skopeo.It is required because the most -of configuration files and docs come from projects which are vendored into Podman, -Buildah, Skopeo, etc. but they are not packaged separately. - -%prep -%autosetup -n %{name}-%{version} -cp shortnames.conf 000-shortnames.conf -cp default-policy.json policy.json - -%install -# install config and policy files for registries -install -dp %{buildroot}%{_sysconfdir}/containers/{certs.d,oci/hooks.d} -install -dp %{buildroot}%{_sharedstatedir}/containers/sigstore -install -Dp -m0644 default.yaml -t %{buildroot}%{_sysconfdir}/containers/registries.d -install -Dp -m0644 storage.conf -t %{buildroot}%{_datadir}/containers -install -Dp -m0644 registries.conf -t %{buildroot}%{_sysconfdir}/containers -install -Dp -m0644 000-shortnames.conf -t %{buildroot}%{_sysconfdir}/containers/registries.conf.d -install -Dp -m0644 policy.json -t %{buildroot}%{_sysconfdir}/containers - -# install config files for mounts, containers and seccomp -install -m0644 mounts.conf %{buildroot}%{_datadir}/containers/mounts.conf -install -m0644 seccomp.json %{buildroot}%{_datadir}/containers/seccomp.json -install -m0644 containers.conf %{buildroot}%{_datadir}/containers/containers.conf - -# install secrets patch directory -install -d -p -m 755 %{buildroot}/%{_datadir}/rhel/secrets -# rhbz#1110876 - update symlinks for subscription management -ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement -ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm - -%files -%defattr(-,root,root) -%dir %{_sysconfdir}/containers -%dir %{_sysconfdir}/containers/certs.d -%dir %{_sysconfdir}/containers/oci -%dir %{_sysconfdir}/containers/oci/hooks.d -%dir %{_sysconfdir}/containers/registries.conf.d -%dir %{_sysconfdir}/containers/registries.d -%config(noreplace) %{_sysconfdir}/containers/policy.json -%config(noreplace) %{_sysconfdir}/containers/registries.conf -%config(noreplace) %{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf -%config(noreplace) %{_sysconfdir}/containers/registries.d/default.yaml -%ghost %{_sysconfdir}/containers/storage.conf -%ghost %{_sysconfdir}/containers/containers.conf -%dir %{_sharedstatedir}/containers/sigstore -%dir %{_datadir}/containers -%{_datadir}/containers/storage.conf -%{_datadir}/containers/containers.conf -%{_datadir}/containers/mounts.conf -%{_datadir}/containers/seccomp.json -%dir %{_datadir}/rhel/secrets -%{_datadir}/rhel/secrets/* - -%changelog -* Fri Jun 30 2023 Prashant S Chauhan 4-1 -- Upgrade to v4 -* Sun Feb 12 2023 Piyush Gupta 3-1 -- Version upgrade to v3 -* Mon Dec 19 2022 Nitesh Kumar 2-1 -- Version upgrade to v2 -* Mon Oct 03 2022 Shreenidhi Shedi 1-2 -- Bump version as a part of cni upgrade -* Fri Sep 02 2022 Nitesh Kumar 1-1 -- Initial version diff --git a/SPECS/copenapi/copenapi-fix-status-size.patch b/SPECS/copenapi/copenapi-fix-status-size.patch deleted file mode 100644 index 7fb9d402ff..0000000000 --- a/SPECS/copenapi/copenapi-fix-status-size.patch +++ /dev/null @@ -1,55 +0,0 @@ -diff --git a/cli/restclient.c b/cli/restclient.c -index b76e61b..142d229 100644 ---- a/cli/restclient.c -+++ b/cli/restclient.c -@@ -18,17 +18,6 @@ int trace_fn(CURL *handle, curl_infotype type, - char *data, size_t size, - void *userp); - --static size_t --write_mem_cb( -- void *contents, -- size_t size, -- size_t nmemb, -- void *userp) --{ -- printf("%s\n", (char *)contents); -- return size * nmemb; --} -- - uint32_t - call_rest_method( - const char *pszUrl, -@@ -39,7 +28,7 @@ call_rest_method( - uint32_t dwError = 0; - CURL *pCurl = NULL; - CURLcode res = CURLE_OK; -- int nStatus = 0; -+ long nStatus = 0; - - if(IsNullOrEmptyString(pszUrl) || !pMethod || !pArgs) - { -@@ -104,12 +93,11 @@ call_rest_method( - BAIL_ON_CURL_ERROR(dwError); - } - -- dwError = curl_easy_setopt(pCurl, CURLOPT_WRITEFUNCTION, write_mem_cb); -- BAIL_ON_CURL_ERROR(dwError); -- - dwError = curl_easy_perform(pCurl); - BAIL_ON_CURL_ERROR(dwError); - -+ fprintf(stdout, "\n"); -+ - dwError = curl_easy_getinfo(pCurl, CURLINFO_RESPONSE_CODE, &nStatus); - BAIL_ON_CURL_ERROR(dwError); - -@@ -122,7 +110,7 @@ call_rest_method( - } - else - { -- fprintf(stderr, "Error: server returned %d\n", nStatus); -+ fprintf(stderr, "Error: server returned %ld\n", nStatus); - } - dwError = 1; - BAIL_ON_ERROR(dwError); diff --git a/SPECS/copenapi/copenapi.spec b/SPECS/copenapi/copenapi.spec deleted file mode 100644 index b346115141..0000000000 --- a/SPECS/copenapi/copenapi.spec +++ /dev/null @@ -1,69 +0,0 @@ -Name: copenapi -Summary: c open api spec parser -Version: 0.0.2 -Release: 3%{?dist} -Group: Development/Libraries -Vendor: VMware, Inc. -Distribution: Photon -License: Apache 2.0 -URL: https://www.github.com/vmware/copenapi -Requires: jansson -Requires: curl -BuildRequires: jansson-devel -BuildRequires: curl-devel -Source0: %{name}-%{version}.tar.gz -%define sha1 copenapi=64d947d4eb6e671fc6284bbca6da0201f741653f -Patch0: copenapi-fix-status-size.patch - -%description -copenapi is an openapi parser written in c - -%package devel -Summary: copenapi development files -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} - -%description devel -copenapi development files - -%prep -%setup -q -%patch0 -p1 - -%build -autoreconf -mif -./configure \ - --prefix=%{_prefix} \ - --disable-static -make - -%install - -make install DESTDIR=$RPM_BUILD_ROOT -rm -f %{buildroot}%{_libdir}/*.la - -%post - /sbin/ldconfig - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/*.so.* - -%files devel -%{_libdir}/pkgconfig/copenapi.pc -%{_includedir}/* -%{_libdir}/*.so - -%changelog -* Fri Oct 13 2017 Alexey Makhalov 0.0.2-3 -- Remove BuildArch -* Sat Sep 30 2017 Priyesh Padmavilasom 0.0.2-2 -- Apply patch to correct response code status size. -* Thu Sep 28 2017 Priyesh Padmavilasom 0.0.2-1 -- Update to 0.0.2 -* Thu May 04 2017 Priyesh Padmavilasom 0.0.1-1 -- Initial build. First version diff --git a/SPECS/coredns/coredns.spec b/SPECS/coredns/coredns.spec deleted file mode 100644 index 3ff43f9283..0000000000 --- a/SPECS/coredns/coredns.spec +++ /dev/null @@ -1,104 +0,0 @@ -%ifarch aarch64 -%global gohostarch arm64 -%else -%global gohostarch amd64 -%endif -%define debug_package %{nil} - -Summary: CoreDNS -Name: coredns -Version: 1.11.1 -Release: 1%{?dist} -License: Apache License 2.0 -URL: /~https://github.com/%{name}/%{name} -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/coredns/coredns/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=f8752811e9e7913311f47ae13f35c755ac86ea240572be1c1dabc1712b6c42380c60ac385fa9573c77d6fcf4c144df2bc00574f18e8d7b70da21ed8ae4fb87cd - -BuildRequires: go -BuildRequires: git - -%description -CoreDNS is a DNS server that chains plugins - -%prep -p exit -%autosetup -p1 -n %{name}-%{version} - -%build -export ARCH=%{gohostarch} -export VERSION=%{version} -export PKG=github.com/%{name}/%{name} -export GOARCH=${ARCH} -export GOHOSTARCH=${ARCH} -export GOOS=linux -export GOHOSTOS=linux -export GOROOT=%{_libdir}/golang -export GOPATH=%{_datadir}/gocode -export GOBIN=%{_datadir}/gocode/bin -export PATH=$PATH:$GOBIN -mkdir -p ${GOPATH}/src/${PKG} -cp -rf . ${GOPATH}/src/${PKG} -pushd ${GOPATH}/src/${PKG} -# Just download (do not compile), since it's not compilable with go-1.9. -# TODO: use prefetched tarball instead. -sed -i 's#go get -u github.com/mholt/caddy#go get -u -d github.com/mholt/caddy#' Makefile -sed -i 's#go get -u github.com/miekg/dns#go get -u -d github.com/miekg/dns#' Makefile -%make_build - -%install -install -m 755 -d %{buildroot}%{_bindir} -install -pm 755 -t %{buildroot}%{_bindir} ${GOPATH}/src/github.com/%{name}/%{name}/%{name} - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_bindir}/%{name} - -%changelog -* Fri Nov 03 2023 Nitesh Kumar 1.11.1-1 -- Version upgrade to v1.11.1 to fix following CVE's: -- CVE-2021-28235 and CVE-2023-32082 -* Wed Oct 11 2023 Piyush Gupta 1.10.1-5 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 1.10.1-4 -- Bump up version to compile with new go -* Mon Jul 17 2023 Piyush Gupta 1.10.1-3 -- Bump up version to compile with new go -* Tue Jul 04 2023 Piyush Gupta 1.10.1-2 -- Bump up version to compile with new go -* Tue Jul 04 2023 Nitesh Kumar 1.10.1-1 -- Version upgrade to v1.10.1 to fix CVE-2023-0296 -* Wed May 03 2023 Piyush Gupta 1.10.0-4 -- Bump up version to compile with new go -* Thu Mar 09 2023 Piyush Gupta 1.10.0-3 -- Bump up version to compile with new go -* Mon Nov 21 2022 Piyush Gupta 1.10.0-2 -- Bump up version to compile with new go -* Thu Nov 03 2022 Nitesh Kumar 1.10.0-1 -- Version upgrade to v1.10.0 -* Fri Jun 17 2022 Piyush Gupta 1.8.3-3 -- Bump up version to compile with new go -* Fri Jun 11 2021 Piyush Gupta 1.8.3-2 -- Bump up version to compile with new go -* Thu Apr 29 2021 Gerrit Photon 1.8.3-1 -- Automatic Version Bump -* Fri Feb 05 2021 Harinadh D 1.7.1-3 -- Bump up version to compile with new go -* Fri Jan 15 2021 Piyush Gupta 1.7.1-2 -- Bump up version to compile with new go -* Mon Sep 21 2020 Gerrit Photon 1.7.1-1 -- Automatic Version Bump -* Wed Jul 22 2020 Gerrit Photon 1.7.0-1 -- Automatic Version Bump -* Sun Sep 22 2019 Alexey Makhalov 1.2.0-3 -- Fix compilation issue (do not compile mholt/caddy). -* Sun Sep 23 2018 Alexey Makhalov 1.2.0-2 -- Fix compilation issue. -- aarch64 support. -* Fri Aug 03 2018 Dheeraj Shetty 1.2.0-1 -- Initial version of coredns 1.2.0. diff --git a/SPECS/coreutils/coreutils-9.1-i18n-1.patch b/SPECS/coreutils/coreutils-9.1-i18n-1.patch deleted file mode 100644 index 2dbcb6e020..0000000000 --- a/SPECS/coreutils/coreutils-9.1-i18n-1.patch +++ /dev/null @@ -1,5533 +0,0 @@ -Submitted by: Xi Ruoyao -Date: 2022-04-19 -Initial Package Version: 9.1 -Upstream Status: Rejected -Origin: https://src.fedoraproject.org/rpms/coreutils/raw/9325dbb/f/coreutils-i18n.patch -Description: Fixes i18n issues with various Coreutils programs - -From 01010419a6499768563e7b2f3fd56cf16edda75e Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 4 Oct 2021 08:54:37 +0200 -Subject: [PATCH] coreutils-i18n.patch - ---- - bootstrap.conf | 1 + - configure.ac | 2 + - lib/linebuffer.h | 8 + - lib/mbfile.c | 3 + - lib/mbfile.h | 255 ++++++++++++ - m4/mbfile.m4 | 14 + - src/cut.c | 508 +++++++++++++++++++++-- - src/expand-common.c | 114 ++++++ - src/expand-common.h | 12 + - src/expand.c | 90 +++- - src/fold.c | 312 ++++++++++++-- - src/join.c | 359 ++++++++++++++-- - src/local.mk | 4 +- - src/pr.c | 443 ++++++++++++++++++-- - src/sort.c | 792 +++++++++++++++++++++++++++++++++--- - src/unexpand.c | 101 ++++- - src/uniq.c | 119 +++++- - tests/Coreutils.pm | 3 + - tests/expand/mb.sh | 183 +++++++++ - tests/i18n/sort.sh | 29 ++ - tests/local.mk | 4 + - tests/misc/expand.pl | 42 ++ - tests/misc/fold.pl | 50 ++- - tests/misc/join.pl | 50 +++ - tests/misc/sort-mb-tests.sh | 45 ++ - tests/misc/sort-merge.pl | 42 ++ - tests/misc/sort.pl | 40 +- - tests/misc/unexpand.pl | 39 ++ - tests/misc/uniq.pl | 55 +++ - tests/pr/pr-tests.pl | 49 +++ - tests/unexpand/mb.sh | 172 ++++++++ - 31 files changed, 3698 insertions(+), 242 deletions(-) - create mode 100644 lib/mbfile.c - create mode 100644 lib/mbfile.h - create mode 100644 m4/mbfile.m4 - create mode 100755 tests/expand/mb.sh - create mode 100755 tests/i18n/sort.sh - create mode 100755 tests/misc/sort-mb-tests.sh - create mode 100755 tests/unexpand/mb.sh - -diff --git a/bootstrap.conf b/bootstrap.conf -index c1399e3..60b39cf 100644 ---- a/bootstrap.conf -+++ b/bootstrap.conf -@@ -162,6 +162,7 @@ gnulib_modules=" - maintainer-makefile - malloc-gnu - manywarnings -+ mbfile - mbrlen - mbrtowc - mbsalign -diff --git a/configure.ac b/configure.ac -index 7e4afc9..4656a35 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -476,6 +476,8 @@ fi - # I'm leaving it here for now. This whole thing needs to be modernized... - gl_WINSIZE_IN_PTEM - -+gl_MBFILE -+ - gl_HEADER_TIOCGWINSZ_IN_TERMIOS_H - - if test $gl_cv_sys_tiocgwinsz_needs_termios_h = no && \ -diff --git a/lib/linebuffer.h b/lib/linebuffer.h -index 07d45ca..af62e6c 100644 ---- a/lib/linebuffer.h -+++ b/lib/linebuffer.h -@@ -22,6 +22,11 @@ - # include "idx.h" - # include - -+/* Get mbstate_t. */ -+# if HAVE_WCHAR_H -+# include -+# endif -+ - /* A 'struct linebuffer' holds a line of text. */ - - struct linebuffer -@@ -29,6 +34,9 @@ struct linebuffer - idx_t size; /* Allocated. */ - idx_t length; /* Used. */ - char *buffer; -+# if HAVE_WCHAR_H -+ mbstate_t state; -+# endif - }; - - /* Initialize linebuffer LINEBUFFER for use. */ -diff --git a/lib/mbfile.c b/lib/mbfile.c -new file mode 100644 -index 0000000..b0a468e ---- /dev/null -+++ b/lib/mbfile.c -@@ -0,0 +1,3 @@ -+#include -+#define MBFILE_INLINE _GL_EXTERN_INLINE -+#include "mbfile.h" -diff --git a/lib/mbfile.h b/lib/mbfile.h -new file mode 100644 -index 0000000..11f1b12 ---- /dev/null -+++ b/lib/mbfile.h -@@ -0,0 +1,255 @@ -+/* Multibyte character I/O: macros for multi-byte encodings. -+ Copyright (C) 2001, 2005, 2009-2015 Free Software Foundation, Inc. -+ -+ This program is free software: you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 3 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program. If not, see . */ -+ -+/* Written by Mitsuru Chinen -+ and Bruno Haible . */ -+ -+/* The macros in this file implement multi-byte character input from a -+ stream. -+ -+ mb_file_t -+ is the type for multibyte character input stream, usable for variable -+ declarations. -+ -+ mbf_char_t -+ is the type for multibyte character or EOF, usable for variable -+ declarations. -+ -+ mbf_init (mbf, stream) -+ initializes the MB_FILE for reading from stream. -+ -+ mbf_getc (mbc, mbf) -+ reads the next multibyte character from mbf and stores it in mbc. -+ -+ mb_iseof (mbc) -+ returns true if mbc represents the EOF value. -+ -+ Here are the function prototypes of the macros. -+ -+ extern void mbf_init (mb_file_t mbf, FILE *stream); -+ extern void mbf_getc (mbf_char_t mbc, mb_file_t mbf); -+ extern bool mb_iseof (const mbf_char_t mbc); -+ */ -+ -+#ifndef _MBFILE_H -+#define _MBFILE_H 1 -+ -+#include -+#include -+#include -+#include -+ -+/* Tru64 with Desktop Toolkit C has a bug: must be included before -+ . -+ BSD/OS 4.1 has a bug: and must be included before -+ . */ -+#include -+#include -+#include -+ -+#include "mbchar.h" -+ -+#ifndef _GL_INLINE_HEADER_BEGIN -+ #error "Please include config.h first." -+#endif -+_GL_INLINE_HEADER_BEGIN -+#ifndef MBFILE_INLINE -+# define MBFILE_INLINE _GL_INLINE -+#endif -+ -+struct mbfile_multi { -+ FILE *fp; -+ bool eof_seen; -+ bool have_pushback; -+ mbstate_t state; -+ unsigned int bufcount; -+ char buf[MBCHAR_BUF_SIZE]; -+ struct mbchar pushback; -+}; -+ -+MBFILE_INLINE void -+mbfile_multi_getc (struct mbchar *mbc, struct mbfile_multi *mbf) -+{ -+ size_t bytes; -+ -+ /* If EOF has already been seen, don't use getc. This matters if -+ mbf->fp is connected to an interactive tty. */ -+ if (mbf->eof_seen) -+ goto eof; -+ -+ /* Return character pushed back, if there is one. */ -+ if (mbf->have_pushback) -+ { -+ mb_copy (mbc, &mbf->pushback); -+ mbf->have_pushback = false; -+ return; -+ } -+ -+ /* Before using mbrtowc, we need at least one byte. */ -+ if (mbf->bufcount == 0) -+ { -+ int c = getc (mbf->fp); -+ if (c == EOF) -+ { -+ mbf->eof_seen = true; -+ goto eof; -+ } -+ mbf->buf[0] = (unsigned char) c; -+ mbf->bufcount++; -+ } -+ -+ /* Handle most ASCII characters quickly, without calling mbrtowc(). */ -+ if (mbf->bufcount == 1 && mbsinit (&mbf->state) && is_basic (mbf->buf[0])) -+ { -+ /* These characters are part of the basic character set. ISO C 99 -+ guarantees that their wide character code is identical to their -+ char code. */ -+ mbc->wc = mbc->buf[0] = mbf->buf[0]; -+ mbc->wc_valid = true; -+ mbc->ptr = &mbc->buf[0]; -+ mbc->bytes = 1; -+ mbf->bufcount = 0; -+ return; -+ } -+ -+ /* Use mbrtowc on an increasing number of bytes. Read only as many bytes -+ from mbf->fp as needed. This is needed to give reasonable interactive -+ behaviour when mbf->fp is connected to an interactive tty. */ -+ for (;;) -+ { -+ /* We don't know whether the 'mbrtowc' function updates the state when -+ it returns -2, - this is the ISO C 99 and glibc-2.2 behaviour - or -+ not - amended ANSI C, glibc-2.1 and Solaris 2.7 behaviour. We -+ don't have an autoconf test for this, yet. -+ The new behaviour would allow us to feed the bytes one by one into -+ mbrtowc. But the old behaviour forces us to feed all bytes since -+ the end of the last character into mbrtowc. Since we want to retry -+ with more bytes when mbrtowc returns -2, we must backup the state -+ before calling mbrtowc, because implementations with the new -+ behaviour will clobber it. */ -+ mbstate_t backup_state = mbf->state; -+ -+ bytes = mbrtowc (&mbc->wc, &mbf->buf[0], mbf->bufcount, &mbf->state); -+ -+ if (bytes == (size_t) -1) -+ { -+ /* An invalid multibyte sequence was encountered. */ -+ /* Return a single byte. */ -+ bytes = 1; -+ mbc->wc_valid = false; -+ break; -+ } -+ else if (bytes == (size_t) -2) -+ { -+ /* An incomplete multibyte character. */ -+ mbf->state = backup_state; -+ if (mbf->bufcount == MBCHAR_BUF_SIZE) -+ { -+ /* An overlong incomplete multibyte sequence was encountered. */ -+ /* Return a single byte. */ -+ bytes = 1; -+ mbc->wc_valid = false; -+ break; -+ } -+ else -+ { -+ /* Read one more byte and retry mbrtowc. */ -+ int c = getc (mbf->fp); -+ if (c == EOF) -+ { -+ /* An incomplete multibyte character at the end. */ -+ mbf->eof_seen = true; -+ bytes = mbf->bufcount; -+ mbc->wc_valid = false; -+ break; -+ } -+ mbf->buf[mbf->bufcount] = (unsigned char) c; -+ mbf->bufcount++; -+ } -+ } -+ else -+ { -+ if (bytes == 0) -+ { -+ /* A null wide character was encountered. */ -+ bytes = 1; -+ assert (mbf->buf[0] == '\0'); -+ assert (mbc->wc == 0); -+ } -+ mbc->wc_valid = true; -+ break; -+ } -+ } -+ -+ /* Return the multibyte sequence mbf->buf[0..bytes-1]. */ -+ mbc->ptr = &mbc->buf[0]; -+ memcpy (&mbc->buf[0], &mbf->buf[0], bytes); -+ mbc->bytes = bytes; -+ -+ mbf->bufcount -= bytes; -+ if (mbf->bufcount > 0) -+ { -+ /* It's not worth calling memmove() for so few bytes. */ -+ unsigned int count = mbf->bufcount; -+ char *p = &mbf->buf[0]; -+ -+ do -+ { -+ *p = *(p + bytes); -+ p++; -+ } -+ while (--count > 0); -+ } -+ return; -+ -+eof: -+ /* An mbchar_t with bytes == 0 is used to indicate EOF. */ -+ mbc->ptr = NULL; -+ mbc->bytes = 0; -+ mbc->wc_valid = false; -+ return; -+} -+ -+MBFILE_INLINE void -+mbfile_multi_ungetc (const struct mbchar *mbc, struct mbfile_multi *mbf) -+{ -+ mb_copy (&mbf->pushback, mbc); -+ mbf->have_pushback = true; -+} -+ -+typedef struct mbfile_multi mb_file_t; -+ -+typedef mbchar_t mbf_char_t; -+ -+#define mbf_init(mbf, stream) \ -+ ((mbf).fp = (stream), \ -+ (mbf).eof_seen = false, \ -+ (mbf).have_pushback = false, \ -+ memset (&(mbf).state, '\0', sizeof (mbstate_t)), \ -+ (mbf).bufcount = 0) -+ -+#define mbf_getc(mbc, mbf) mbfile_multi_getc (&(mbc), &(mbf)) -+ -+#define mbf_ungetc(mbc, mbf) mbfile_multi_ungetc (&(mbc), &(mbf)) -+ -+#define mb_iseof(mbc) ((mbc).bytes == 0) -+ -+#ifndef _GL_INLINE_HEADER_BEGIN -+ #error "Please include config.h first." -+#endif -+_GL_INLINE_HEADER_BEGIN -+ -+#endif /* _MBFILE_H */ -diff --git a/m4/mbfile.m4 b/m4/mbfile.m4 -new file mode 100644 -index 0000000..8589902 ---- /dev/null -+++ b/m4/mbfile.m4 -@@ -0,0 +1,14 @@ -+# mbfile.m4 serial 7 -+dnl Copyright (C) 2005, 2008-2015 Free Software Foundation, Inc. -+dnl This file is free software; the Free Software Foundation -+dnl gives unlimited permission to copy and/or distribute it, -+dnl with or without modifications, as long as this notice is preserved. -+ -+dnl autoconf tests required for use of mbfile.h -+dnl From Bruno Haible. -+ -+AC_DEFUN([gl_MBFILE], -+[ -+ AC_REQUIRE([AC_TYPE_MBSTATE_T]) -+ : -+]) -diff --git a/src/cut.c b/src/cut.c -index 6fd8978..faef877 100644 ---- a/src/cut.c -+++ b/src/cut.c -@@ -28,6 +28,11 @@ - #include - #include - #include -+ -+/* Get mbstate_t, mbrtowc(). */ -+#if HAVE_WCHAR_H -+# include -+#endif - #include "system.h" - - #include "error.h" -@@ -37,6 +42,18 @@ - - #include "set-fields.h" - -+/* MB_LEN_MAX is incorrectly defined to be 1 in at least one GCC -+ installation; work around this configuration error. */ -+#if !defined MB_LEN_MAX || MB_LEN_MAX < 2 -+# undef MB_LEN_MAX -+# define MB_LEN_MAX 16 -+#endif -+ -+/* Some systems, like BeOS, have multibyte encodings but lack mbstate_t. */ -+#if HAVE_MBRTOWC && defined mbstate_t -+# define mbrtowc(pwc, s, n, ps) (mbrtowc) (pwc, s, n, 0) -+#endif -+ - /* The official name of this program (e.g., no 'g' prefix). */ - #define PROGRAM_NAME "cut" - -@@ -53,6 +70,52 @@ - } \ - while (0) - -+/* Refill the buffer BUF to get a multibyte character. */ -+#define REFILL_BUFFER(BUF, BUFPOS, BUFLEN, STREAM) \ -+ do \ -+ { \ -+ if (BUFLEN < MB_LEN_MAX && !feof (STREAM) && !ferror (STREAM)) \ -+ { \ -+ memmove (BUF, BUFPOS, BUFLEN); \ -+ BUFLEN += fread (BUF + BUFLEN, sizeof(char), BUFSIZ, STREAM); \ -+ BUFPOS = BUF; \ -+ } \ -+ } \ -+ while (0) -+ -+/* Get wide character on BUFPOS. BUFPOS is not included after that. -+ If byte sequence is not valid as a character, CONVFAIL is true. Otherwise false. */ -+#define GET_NEXT_WC_FROM_BUFFER(WC, BUFPOS, BUFLEN, MBLENGTH, STATE, CONVFAIL) \ -+ do \ -+ { \ -+ mbstate_t state_bak; \ -+ \ -+ if (BUFLEN < 1) \ -+ { \ -+ WC = WEOF; \ -+ break; \ -+ } \ -+ \ -+ /* Get a wide character. */ \ -+ CONVFAIL = false; \ -+ state_bak = STATE; \ -+ MBLENGTH = mbrtowc ((wchar_t *)&WC, BUFPOS, BUFLEN, &STATE); \ -+ \ -+ switch (MBLENGTH) \ -+ { \ -+ case (size_t)-1: \ -+ case (size_t)-2: \ -+ CONVFAIL = true; \ -+ STATE = state_bak; \ -+ /* Fall througn. */ \ -+ \ -+ case 0: \ -+ MBLENGTH = 1; \ -+ break; \ -+ } \ -+ } \ -+ while (0) -+ - - /* Pointer inside RP. When checking if a byte or field is selected - by a finite range, we check if it is between CURRENT_RP.LO -@@ -60,6 +123,9 @@ - CURRENT_RP.HI then we make CURRENT_RP to point to the next range pair. */ - static struct field_range_pair *current_rp; - -+/* Length of the delimiter given as argument to -d. */ -+size_t delimlen; -+ - /* This buffer is used to support the semantics of the -s option - (or lack of same) when the specified field list includes (does - not include) the first field. In both of those cases, the entire -@@ -72,6 +138,29 @@ static char *field_1_buffer; - /* The number of bytes allocated for FIELD_1_BUFFER. */ - static size_t field_1_bufsize; - -+enum operating_mode -+ { -+ undefined_mode, -+ -+ /* Output bytes that are at the given positions. */ -+ byte_mode, -+ -+ /* Output characters that are at the given positions. */ -+ character_mode, -+ -+ /* Output the given delimiter-separated fields. */ -+ field_mode -+ }; -+ -+static enum operating_mode operating_mode; -+ -+/* If nonzero, when in byte mode, don't split multibyte characters. */ -+static int byte_mode_character_aware; -+ -+/* If nonzero, the function for single byte locale is work -+ if this program runs on multibyte locale. */ -+static int force_singlebyte_mode; -+ - /* If true do not output lines containing no delimiter characters. - Otherwise, all such lines are printed. This option is valid only - with field mode. */ -@@ -83,10 +172,16 @@ static bool complement; - - /* The delimiter character for field mode. */ - static unsigned char delim; -+#if HAVE_WCHAR_H -+static wchar_t wcdelim; -+#endif - - /* The delimiter for each line/record. */ - static unsigned char line_delim = '\n'; - -+/* True if the --output-delimiter=STRING option was specified. */ -+static bool output_delimiter_specified; -+ - /* The length of output_delimiter_string. */ - static size_t output_delimiter_length; - -@@ -94,9 +189,6 @@ static size_t output_delimiter_length; - string consisting of the input delimiter. */ - static char *output_delimiter_string; - --/* The output delimiter string contents, if the default. */ --static char output_delimiter_default[1]; -- - /* True if we have ever read standard input. */ - static bool have_read_stdin; - -@@ -150,7 +242,7 @@ Print selected parts of lines from each FILE to standard output.\n\ - -f, --fields=LIST select only these fields; also print any line\n\ - that contains no delimiter character, unless\n\ - the -s option is specified\n\ -- -n (ignored)\n\ -+ -n with -b: don't split multibyte characters\n\ - "), stdout); - fputs (_("\ - --complement complement the set of selected bytes, characters\n\ -@@ -250,7 +342,7 @@ cut_bytes (FILE *stream) - next_item (&byte_idx); - if (print_kth (byte_idx)) - { -- if (output_delimiter_string != output_delimiter_default) -+ if (output_delimiter_specified) - { - if (print_delimiter && is_range_start_index (byte_idx)) - { -@@ -266,6 +358,82 @@ cut_bytes (FILE *stream) - } - } - -+#if HAVE_MBRTOWC -+/* This function is in use for the following case. -+ -+ 1. Read from the stream STREAM, printing to standard output any selected -+ characters. -+ -+ 2. Read from stream STREAM, printing to standard output any selected bytes, -+ without splitting multibyte characters. */ -+ -+static void -+cut_characters_or_cut_bytes_no_split (FILE *stream) -+{ -+ uintmax_t idx; /* number of bytes or characters in the line so far. */ -+ char buf[MB_LEN_MAX + BUFSIZ]; /* For spooling a read byte sequence. */ -+ char *bufpos; /* Next read position of BUF. */ -+ size_t buflen; /* The length of the byte sequence in buf. */ -+ wint_t wc; /* A gotten wide character. */ -+ size_t mblength; /* The byte size of a multibyte character which shows -+ as same character as WC. */ -+ mbstate_t state; /* State of the stream. */ -+ bool convfail = false; /* true, when conversion failed. Otherwise false. */ -+ /* Whether to begin printing delimiters between ranges for the current line. -+ Set after we've begun printing data corresponding to the first range. */ -+ bool print_delimiter = false; -+ -+ idx = 0; -+ buflen = 0; -+ bufpos = buf; -+ memset (&state, '\0', sizeof(mbstate_t)); -+ -+ current_rp = frp; -+ -+ while (1) -+ { -+ REFILL_BUFFER (buf, bufpos, buflen, stream); -+ -+ GET_NEXT_WC_FROM_BUFFER (wc, bufpos, buflen, mblength, state, convfail); -+ (void) convfail; /* ignore unused */ -+ -+ if (wc == WEOF) -+ { -+ if (idx > 0) -+ putchar (line_delim); -+ break; -+ } -+ else if (wc == line_delim) -+ { -+ putchar (line_delim); -+ idx = 0; -+ print_delimiter = false; -+ current_rp = frp; -+ } -+ else -+ { -+ next_item (&idx); -+ if (print_kth (idx)) -+ { -+ if (output_delimiter_specified) -+ { -+ if (print_delimiter && is_range_start_index (idx)) -+ { -+ fwrite (output_delimiter_string, sizeof (char), -+ output_delimiter_length, stdout); -+ } -+ print_delimiter = true; -+ } -+ fwrite (bufpos, mblength, sizeof(char), stdout); -+ } -+ } -+ -+ buflen -= mblength; -+ bufpos += mblength; -+ } -+} -+#endif -+ - /* Read from stream STREAM, printing to standard output any selected fields. */ - - static void -@@ -411,11 +579,218 @@ cut_fields (FILE *stream) - } - } - --/* Process file FILE to standard output, using CUT_STREAM. -+#if HAVE_MBRTOWC -+static void -+cut_fields_mb (FILE *stream) -+{ -+ int c; -+ uintmax_t field_idx; -+ int found_any_selected_field; -+ int buffer_first_field; -+ int empty_input; -+ char buf[MB_LEN_MAX + BUFSIZ]; /* For spooling a read byte sequence. */ -+ char *bufpos; /* Next read position of BUF. */ -+ size_t buflen; /* The length of the byte sequence in buf. */ -+ wint_t wc = 0; /* A gotten wide character. */ -+ size_t mblength; /* The byte size of a multibyte character which shows -+ as same character as WC. */ -+ mbstate_t state; /* State of the stream. */ -+ bool convfail = false; /* true, when conversion failed. Otherwise false. */ -+ -+ current_rp = frp; -+ -+ found_any_selected_field = 0; -+ field_idx = 1; -+ bufpos = buf; -+ buflen = 0; -+ memset (&state, '\0', sizeof(mbstate_t)); -+ -+ c = getc (stream); -+ empty_input = (c == EOF); -+ if (c != EOF) -+ { -+ ungetc (c, stream); -+ wc = 0; -+ } -+ else -+ wc = WEOF; -+ -+ /* To support the semantics of the -s flag, we may have to buffer -+ all of the first field to determine whether it is `delimited.' -+ But that is unnecessary if all non-delimited lines must be printed -+ and the first field has been selected, or if non-delimited lines -+ must be suppressed and the first field has *not* been selected. -+ That is because a non-delimited line has exactly one field. */ -+ buffer_first_field = (suppress_non_delimited ^ !print_kth (1)); -+ -+ while (1) -+ { -+ if (field_idx == 1 && buffer_first_field) -+ { -+ int len = 0; -+ -+ while (1) -+ { -+ REFILL_BUFFER (buf, bufpos, buflen, stream); -+ -+ GET_NEXT_WC_FROM_BUFFER -+ (wc, bufpos, buflen, mblength, state, convfail); -+ -+ if (wc == WEOF) -+ break; -+ -+ field_1_buffer = xrealloc (field_1_buffer, len + mblength); -+ memcpy (field_1_buffer + len, bufpos, mblength); -+ len += mblength; -+ buflen -= mblength; -+ bufpos += mblength; -+ -+ if (!convfail && (wc == line_delim || wc == wcdelim)) -+ break; -+ } -+ -+ if (len <= 0 && wc == WEOF) -+ break; -+ -+ /* If the first field extends to the end of line (it is not -+ delimited) and we are printing all non-delimited lines, -+ print this one. */ -+ if (convfail || (!convfail && wc != wcdelim)) -+ { -+ if (suppress_non_delimited) -+ { -+ /* Empty. */ -+ } -+ else -+ { -+ fwrite (field_1_buffer, sizeof (char), len, stdout); -+ /* Make sure the output line is newline terminated. */ -+ if (convfail || (!convfail && wc != line_delim)) -+ putchar (line_delim); -+ } -+ continue; -+ } -+ -+ if (print_kth (1)) -+ { -+ /* Print the field, but not the trailing delimiter. */ -+ fwrite (field_1_buffer, sizeof (char), len - 1, stdout); -+ found_any_selected_field = 1; -+ } -+ next_item (&field_idx); -+ } -+ -+ if (wc != WEOF) -+ { -+ if (print_kth (field_idx)) -+ { -+ if (found_any_selected_field) -+ { -+ fwrite (output_delimiter_string, sizeof (char), -+ output_delimiter_length, stdout); -+ } -+ found_any_selected_field = 1; -+ } -+ -+ while (1) -+ { -+ REFILL_BUFFER (buf, bufpos, buflen, stream); -+ -+ GET_NEXT_WC_FROM_BUFFER -+ (wc, bufpos, buflen, mblength, state, convfail); -+ -+ if (wc == WEOF) -+ break; -+ else if (!convfail && (wc == wcdelim || wc == line_delim)) -+ { -+ buflen -= mblength; -+ bufpos += mblength; -+ break; -+ } -+ -+ if (print_kth (field_idx)) -+ fwrite (bufpos, mblength, sizeof(char), stdout); -+ -+ buflen -= mblength; -+ bufpos += mblength; -+ } -+ } -+ -+ if ((!convfail || wc == line_delim) && buflen < 1) -+ wc = WEOF; -+ -+ if (!convfail && wc == wcdelim) -+ next_item (&field_idx); -+ else if (wc == WEOF || (!convfail && wc == line_delim)) -+ { -+ if (found_any_selected_field -+ || (!empty_input && !(suppress_non_delimited && field_idx == 1))) -+ putchar (line_delim); -+ if (wc == WEOF) -+ break; -+ field_idx = 1; -+ current_rp = frp; -+ found_any_selected_field = 0; -+ } -+ } -+} -+#endif -+ -+static void -+cut_stream (FILE *stream) -+{ -+#if HAVE_MBRTOWC -+ if (MB_CUR_MAX > 1 && !force_singlebyte_mode) -+ { -+ switch (operating_mode) -+ { -+ case byte_mode: -+ if (byte_mode_character_aware) -+ cut_characters_or_cut_bytes_no_split (stream); -+ else -+ cut_bytes (stream); -+ break; -+ -+ case character_mode: -+ cut_characters_or_cut_bytes_no_split (stream); -+ break; -+ -+ case field_mode: -+ if (delimlen == 1) -+ { -+ /* Check if we have utf8 multibyte locale, so we can use this -+ optimization because of uniqueness of characters, which is -+ not true for e.g. SJIS */ -+ char * loc = setlocale(LC_CTYPE, NULL); -+ if (loc && (strstr (loc, "UTF-8") || strstr (loc, "utf-8") || -+ strstr (loc, "UTF8") || strstr (loc, "utf8"))) -+ { -+ cut_fields (stream); -+ break; -+ } -+ } -+ cut_fields_mb (stream); -+ break; -+ -+ default: -+ abort (); -+ } -+ } -+ else -+#endif -+ { -+ if (operating_mode == field_mode) -+ cut_fields (stream); -+ else -+ cut_bytes (stream); -+ } -+} -+ -+/* Process file FILE to standard output. - Return true if successful. */ - - static bool --cut_file (char const *file, void (*cut_stream) (FILE *)) -+cut_file (char const *file) - { - FILE *stream; - -@@ -459,8 +834,8 @@ main (int argc, char **argv) - int optc; - bool ok; - bool delim_specified = false; -- bool byte_mode = false; -- char *spec_list_string = NULL; -+ char *spec_list_string IF_LINT ( = NULL); -+ char mbdelim[MB_LEN_MAX + 1]; - - initialize_main (&argc, &argv); - set_program_name (argv[0]); -@@ -470,6 +845,8 @@ main (int argc, char **argv) - - atexit (close_stdout); - -+ operating_mode = undefined_mode; -+ - /* By default, all non-delimited lines are printed. */ - suppress_non_delimited = false; - -@@ -481,35 +858,77 @@ main (int argc, char **argv) - switch (optc) - { - case 'b': -- case 'c': - /* Build the byte list. */ -- byte_mode = true; -- FALLTHROUGH; -+ if (operating_mode != undefined_mode) -+ FATAL_ERROR (_("only one type of list may be specified")); -+ operating_mode = byte_mode; -+ spec_list_string = optarg; -+ break; -+ -+ case 'c': -+ /* Build the character list. */ -+ if (operating_mode != undefined_mode) -+ FATAL_ERROR (_("only one type of list may be specified")); -+ operating_mode = character_mode; -+ spec_list_string = optarg; -+ break; -+ - case 'f': - /* Build the field list. */ -- if (spec_list_string) -- FATAL_ERROR (_("only one list may be specified")); -+ if (operating_mode != undefined_mode) -+ FATAL_ERROR (_("only one type of list may be specified")); -+ operating_mode = field_mode; - spec_list_string = optarg; - break; - - case 'd': - /* New delimiter. */ - /* Interpret -d '' to mean 'use the NUL byte as the delimiter.' */ -- if (optarg[0] != '\0' && optarg[1] != '\0') -- FATAL_ERROR (_("the delimiter must be a single character")); -- delim = optarg[0]; -- delim_specified = true; -+ { -+#if HAVE_MBRTOWC -+ if(MB_CUR_MAX > 1) -+ { -+ mbstate_t state; -+ -+ memset (&state, '\0', sizeof(mbstate_t)); -+ delimlen = mbrtowc (&wcdelim, optarg, strnlen(optarg, MB_LEN_MAX), &state); -+ -+ if (delimlen == (size_t)-1 || delimlen == (size_t)-2) -+ ++force_singlebyte_mode; -+ else -+ { -+ delimlen = (delimlen < 1) ? 1 : delimlen; -+ if (wcdelim != L'\0' && *(optarg + delimlen) != '\0') -+ FATAL_ERROR (_("the delimiter must be a single character")); -+ memcpy (mbdelim, optarg, delimlen); -+ mbdelim[delimlen] = '\0'; -+ if (delimlen == 1) -+ delim = *optarg; -+ } -+ } -+ -+ if (MB_CUR_MAX <= 1 || force_singlebyte_mode) -+#endif -+ { -+ if (optarg[0] != '\0' && optarg[1] != '\0') -+ FATAL_ERROR (_("the delimiter must be a single character")); -+ delim = (unsigned char) optarg[0]; -+ } -+ delim_specified = true; -+ } - break; - - case OUTPUT_DELIMITER_OPTION: -+ output_delimiter_specified = true; - /* Interpret --output-delimiter='' to mean - 'use the NUL byte as the delimiter.' */ - output_delimiter_length = (optarg[0] == '\0' - ? 1 : strlen (optarg)); -- output_delimiter_string = optarg; -+ output_delimiter_string = xstrdup (optarg); - break; - - case 'n': -+ byte_mode_character_aware = 1; - break; - - case 's': -@@ -533,40 +952,57 @@ main (int argc, char **argv) - } - } - -- if (!spec_list_string) -+ if (operating_mode == undefined_mode) - FATAL_ERROR (_("you must specify a list of bytes, characters, or fields")); - -- if (byte_mode) -- { -- if (delim_specified) -- FATAL_ERROR (_("an input delimiter may be specified only\ -+ if (delim_specified && operating_mode != field_mode) -+ FATAL_ERROR (_("an input delimiter may be specified only\ - when operating on fields")); - -- if (suppress_non_delimited) -- FATAL_ERROR (_("suppressing non-delimited lines makes sense\n\ -+ if (suppress_non_delimited && operating_mode != field_mode) -+ FATAL_ERROR (_("suppressing non-delimited lines makes sense\n\ - \tonly when operating on fields")); -- } - - set_fields (spec_list_string, -- ((byte_mode ? SETFLD_ERRMSG_USE_POS : 0) -- | (complement ? SETFLD_COMPLEMENT : 0))); -+ ( (operating_mode == field_mode) ? 0 : SETFLD_ERRMSG_USE_POS) -+ | (complement ? SETFLD_COMPLEMENT : 0) ); - - if (!delim_specified) -- delim = '\t'; -+ { -+ delim = '\t'; -+#ifdef HAVE_MBRTOWC -+ wcdelim = L'\t'; -+ mbdelim[0] = '\t'; -+ mbdelim[1] = '\0'; -+ delimlen = 1; -+#endif -+ } - - if (output_delimiter_string == NULL) - { -- output_delimiter_default[0] = delim; -- output_delimiter_string = output_delimiter_default; -- output_delimiter_length = 1; -+#ifdef HAVE_MBRTOWC -+ if (MB_CUR_MAX > 1 && !force_singlebyte_mode) -+ { -+ output_delimiter_string = xstrdup(mbdelim); -+ output_delimiter_length = delimlen; -+ } -+ -+ if (MB_CUR_MAX <= 1 || force_singlebyte_mode) -+#endif -+ { -+ static char dummy[2]; -+ dummy[0] = delim; -+ dummy[1] = '\0'; -+ output_delimiter_string = dummy; -+ output_delimiter_length = 1; -+ } - } - -- void (*cut_stream) (FILE *) = byte_mode ? cut_bytes : cut_fields; - if (optind == argc) -- ok = cut_file ("-", cut_stream); -+ ok = cut_file ("-"); - else - for (ok = true; optind < argc; optind++) -- ok &= cut_file (argv[optind], cut_stream); -+ ok &= cut_file (argv[optind]); - - - if (have_read_stdin && fclose (stdin) == EOF) -diff --git a/src/expand-common.c b/src/expand-common.c -index deec1bd..b39f740 100644 ---- a/src/expand-common.c -+++ b/src/expand-common.c -@@ -19,6 +19,7 @@ - #include - #include - #include -+#include - #include "system.h" - #include "die.h" - #include "error.h" -@@ -125,6 +126,119 @@ set_increment_size (uintmax_t tabval) - return ok; - } - -+extern int -+set_utf_locale (void) -+{ -+ /*try using some predefined locale */ -+ const char* predef_locales[] = {"C.UTF8","en_US.UTF8","en_GB.UTF8"}; -+ -+ const int predef_locales_count=3; -+ for (int i=0;ibufcount=0; -+ if (c == 0xEF) -+ { -+ c=fgetc(fp); -+ } -+ else -+ { -+ if (c != EOF) -+ { -+ ungetc(c,fp); -+ } -+ return false; -+ } -+ -+ if (c == 0xBB) -+ { -+ c=fgetc(fp); -+ } -+ else -+ { -+ if ( c!= EOF ) -+ { -+ mbf->buf[0]=(unsigned char) 0xEF; -+ mbf->bufcount=1; -+ ungetc(c,fp); -+ return false; -+ } -+ else -+ { -+ ungetc(0xEF,fp); -+ return false; -+ } -+ } -+ if (c == 0xBF) -+ { -+ mbf->bufcount=0; -+ return true; -+ } -+ else -+ { -+ if (c != EOF) -+ { -+ mbf->buf[0]=(unsigned char) 0xEF; -+ mbf->buf[1]=(unsigned char) 0xBB; -+ mbf->bufcount=2; -+ ungetc(c,fp); -+ return false; -+ } -+ else -+ { -+ mbf->buf[0]=(unsigned char) 0xEF; -+ mbf->bufcount=1; -+ ungetc(0xBB,fp); -+ return false; -+ } -+ } -+ return false; -+} -+ -+extern void -+print_bom(void) -+{ -+ putc (0xEF, stdout); -+ putc (0xBB, stdout); -+ putc (0xBF, stdout); -+} -+ - /* Add the comma or blank separated list of tab stops STOPS - to the list of tab stops. */ - extern void -diff --git a/src/expand-common.h b/src/expand-common.h -index 5f59a0e..835b9d5 100644 ---- a/src/expand-common.h -+++ b/src/expand-common.h -@@ -25,6 +25,18 @@ extern size_t max_column_width; - /* The desired exit status. */ - extern int exit_status; - -+extern int -+set_utf_locale (void); -+ -+extern bool -+check_utf_locale(void); -+ -+extern bool -+check_bom(FILE* fp, mb_file_t *mbf); -+ -+extern void -+print_bom(void); -+ - /* Add tab stop TABVAL to the end of 'tab_list'. */ - extern void - add_tab_stop (uintmax_t tabval); -diff --git a/src/expand.c b/src/expand.c -index ed78ca8..a4cefa1 100644 ---- a/src/expand.c -+++ b/src/expand.c -@@ -37,6 +37,9 @@ - #include - #include - #include -+ -+#include -+ - #include "system.h" - #include "die.h" - -@@ -97,19 +100,41 @@ expand (void) - { - /* Input stream. */ - FILE *fp = next_file (NULL); -+ mb_file_t mbf; -+ mbf_char_t c; -+ /* True if the starting locale is utf8. */ -+ bool using_utf_locale; -+ -+ /* True if the first file contains BOM header. */ -+ bool found_bom; -+ using_utf_locale=check_utf_locale(); - - if (!fp) - return; -+ mbf_init (mbf, fp); -+ found_bom=check_bom(fp,&mbf); - -- while (true) -+ if (using_utf_locale == false && found_bom == true) -+ { -+ /*try using some predefined locale */ -+ -+ if (set_utf_locale () != 0) - { -- /* Input character, or EOF. */ -- int c; -+ error (EXIT_FAILURE, errno, _("cannot set UTF-8 locale")); -+ } -+ } -+ -+ -+ if (found_bom == true) -+ { -+ print_bom(); -+ } - -+ while (true) -+ { - /* If true, perform translations. */ - bool convert = true; - -- - /* The following variables have valid values only when CONVERT - is true: */ - -@@ -119,17 +144,48 @@ expand (void) - /* Index in TAB_LIST of next tab stop to examine. */ - size_t tab_index = 0; - -- - /* Convert a line of text. */ - - do - { -- while ((c = getc (fp)) < 0 && (fp = next_file (fp))) -- continue; -+ while (true) { -+ mbf_getc (c, mbf); -+ if ((mb_iseof (c)) && (fp = next_file (fp))) -+ { -+ mbf_init (mbf, fp); -+ if (fp!=NULL) -+ { -+ if (check_bom(fp,&mbf)==true) -+ { -+ /*Not the first file - check BOM header*/ -+ if (using_utf_locale==false && found_bom==false) -+ { -+ /*BOM header in subsequent file but not in the first one. */ -+ error (EXIT_FAILURE, errno, _("combination of files with and without BOM header")); -+ } -+ } -+ else -+ { -+ if(using_utf_locale==false && found_bom==true) -+ { -+ /*First file conatined BOM header - locale was switched to UTF -+ *all subsequent files should contain BOM. */ -+ error (EXIT_FAILURE, errno, _("combination of files with and without BOM header")); -+ } -+ } -+ } -+ continue; -+ } -+ else -+ { -+ break; -+ } -+ } -+ - - if (convert) - { -- if (c == '\t') -+ if (mb_iseq (c, '\t')) - { - /* Column the next input tab stop is on. */ - uintmax_t next_tab_column; -@@ -148,32 +204,34 @@ expand (void) - if (putchar (' ') < 0) - die (EXIT_FAILURE, errno, _("write error")); - -- c = ' '; -+ mb_setascii (&c, ' '); - } -- else if (c == '\b') -+ else if (mb_iseq (c, '\b')) - { - /* Go back one column, and force recalculation of the - next tab stop. */ - column -= !!column; - tab_index -= !!tab_index; - } -- else -+ /* A leading control character could make us trip over. */ -+ else if (!mb_iscntrl (c)) - { -- column++; -+ column += mb_width (c); - if (!column) - die (EXIT_FAILURE, 0, _("input line is too long")); - } - -- convert &= convert_entire_line || !! isblank (c); -+ convert &= convert_entire_line || mb_isblank (c); - } - -- if (c < 0) -+ if (mb_iseof (c)) - return; - -- if (putchar (c) < 0) -+ mb_putc (c, stdout); -+ if (ferror (stdout)) - die (EXIT_FAILURE, errno, _("write error")); - } -- while (c != '\n'); -+ while (!mb_iseq (c, '\n')); - } - } - -diff --git a/src/fold.c b/src/fold.c -index f07a90b..d32dbfd 100644 ---- a/src/fold.c -+++ b/src/fold.c -@@ -22,12 +22,34 @@ - #include - #include - -+/* Get mbstate_t, mbrtowc(), wcwidth(). */ -+#if HAVE_WCHAR_H -+# include -+#endif -+ -+/* Get iswprint(), iswblank(), wcwidth(). */ -+#if HAVE_WCTYPE_H -+# include -+#endif -+ - #include "system.h" - #include "die.h" - #include "error.h" - #include "fadvise.h" - #include "xdectoint.h" - -+/* MB_LEN_MAX is incorrectly defined to be 1 in at least one GCC -+ installation; work around this configuration error. */ -+#if !defined MB_LEN_MAX || MB_LEN_MAX < 2 -+# undef MB_LEN_MAX -+# define MB_LEN_MAX 16 -+#endif -+ -+/* Some systems, like BeOS, have multibyte encodings but lack mbstate_t. */ -+#if HAVE_MBRTOWC && defined mbstate_t -+# define mbrtowc(pwc, s, n, ps) (mbrtowc) (pwc, s, n, 0) -+#endif -+ - #define TAB_WIDTH 8 - - /* The official name of this program (e.g., no 'g' prefix). */ -@@ -35,20 +57,41 @@ - - #define AUTHORS proper_name ("David MacKenzie") - -+#define FATAL_ERROR(Message) \ -+ do \ -+ { \ -+ error (0, 0, (Message)); \ -+ usage (2); \ -+ } \ -+ while (0) -+ -+enum operating_mode -+{ -+ /* Fold texts by columns that are at the given positions. */ -+ column_mode, -+ -+ /* Fold texts by bytes that are at the given positions. */ -+ byte_mode, -+ -+ /* Fold texts by characters that are at the given positions. */ -+ character_mode, -+}; -+ -+/* The argument shows current mode. (Default: column_mode) */ -+static enum operating_mode operating_mode; -+ - /* If nonzero, try to break on whitespace. */ - static bool break_spaces; - --/* If nonzero, count bytes, not column positions. */ --static bool count_bytes; -- - /* If nonzero, at least one of the files we read was standard input. */ - static bool have_read_stdin; - --static char const shortopts[] = "bsw:0::1::2::3::4::5::6::7::8::9::"; -+static char const shortopts[] = "bcsw:0::1::2::3::4::5::6::7::8::9::"; - - static struct option const longopts[] = - { - {"bytes", no_argument, NULL, 'b'}, -+ {"characters", no_argument, NULL, 'c'}, - {"spaces", no_argument, NULL, 's'}, - {"width", required_argument, NULL, 'w'}, - {GETOPT_HELP_OPTION_DECL}, -@@ -76,6 +119,7 @@ Wrap input lines in each FILE, writing to standard output.\n\ - - fputs (_("\ - -b, --bytes count bytes rather than columns\n\ -+ -c, --characters count characters rather than columns\n\ - -s, --spaces break at spaces\n\ - -w, --width=WIDTH use WIDTH columns instead of 80\n\ - "), stdout); -@@ -93,7 +137,7 @@ Wrap input lines in each FILE, writing to standard output.\n\ - static size_t - adjust_column (size_t column, char c) - { -- if (!count_bytes) -+ if (operating_mode != byte_mode) - { - if (c == '\b') - { -@@ -116,30 +160,14 @@ adjust_column (size_t column, char c) - to stdout, with maximum line length WIDTH. - Return true if successful. */ - --static bool --fold_file (char const *filename, size_t width) -+static void -+fold_text (FILE *istream, size_t width, int *saved_errno) - { -- FILE *istream; - int c; - size_t column = 0; /* Screen column where next char will go. */ - size_t offset_out = 0; /* Index in 'line_out' for next char. */ - static char *line_out = NULL; - static size_t allocated_out = 0; -- int saved_errno; -- -- if (STREQ (filename, "-")) -- { -- istream = stdin; -- have_read_stdin = true; -- } -- else -- istream = fopen (filename, "r"); -- -- if (istream == NULL) -- { -- error (0, errno, "%s", quotef (filename)); -- return false; -- } - - fadvise (istream, FADVISE_SEQUENTIAL); - -@@ -169,6 +197,15 @@ fold_file (char const *filename, size_t width) - bool found_blank = false; - size_t logical_end = offset_out; - -+ /* If LINE_OUT has no wide character, -+ put a new wide character in LINE_OUT -+ if column is bigger than width. */ -+ if (offset_out == 0) -+ { -+ line_out[offset_out++] = c; -+ continue; -+ } -+ - /* Look for the last blank. */ - while (logical_end) - { -@@ -215,13 +252,225 @@ fold_file (char const *filename, size_t width) - line_out[offset_out++] = c; - } - -- saved_errno = errno; -+ *saved_errno = errno; - if (!ferror (istream)) -- saved_errno = 0; -+ *saved_errno = 0; - - if (offset_out) - fwrite (line_out, sizeof (char), (size_t) offset_out, stdout); - -+} -+ -+#if HAVE_MBRTOWC -+static void -+fold_multibyte_text (FILE *istream, size_t width, int *saved_errno) -+{ -+ char buf[MB_LEN_MAX + BUFSIZ]; /* For spooling a read byte sequence. */ -+ size_t buflen = 0; /* The length of the byte sequence in buf. */ -+ char *bufpos = buf; /* Next read position of BUF. */ -+ wint_t wc; /* A gotten wide character. */ -+ size_t mblength; /* The byte size of a multibyte character which shows -+ as same character as WC. */ -+ mbstate_t state, state_bak; /* State of the stream. */ -+ int convfail = 0; /* 1, when conversion is failed. Otherwise 0. */ -+ -+ static char *line_out = NULL; -+ size_t offset_out = 0; /* Index in `line_out' for next char. */ -+ static size_t allocated_out = 0; -+ -+ int increment; -+ size_t column = 0; -+ -+ size_t last_blank_pos; -+ size_t last_blank_column; -+ int is_blank_seen; -+ int last_blank_increment = 0; -+ int is_bs_following_last_blank; -+ size_t bs_following_last_blank_num; -+ int is_cr_after_last_blank; -+ -+#define CLEAR_FLAGS \ -+ do \ -+ { \ -+ last_blank_pos = 0; \ -+ last_blank_column = 0; \ -+ is_blank_seen = 0; \ -+ is_bs_following_last_blank = 0; \ -+ bs_following_last_blank_num = 0; \ -+ is_cr_after_last_blank = 0; \ -+ } \ -+ while (0) -+ -+#define START_NEW_LINE \ -+ do \ -+ { \ -+ putchar ('\n'); \ -+ column = 0; \ -+ offset_out = 0; \ -+ CLEAR_FLAGS; \ -+ } \ -+ while (0) -+ -+ CLEAR_FLAGS; -+ memset (&state, '\0', sizeof(mbstate_t)); -+ -+ for (;; bufpos += mblength, buflen -= mblength) -+ { -+ if (buflen < MB_LEN_MAX && !feof (istream) && !ferror (istream)) -+ { -+ memmove (buf, bufpos, buflen); -+ buflen += fread (buf + buflen, sizeof(char), BUFSIZ, istream); -+ bufpos = buf; -+ } -+ -+ if (buflen < 1) -+ break; -+ -+ /* Get a wide character. */ -+ state_bak = state; -+ mblength = mbrtowc ((wchar_t *)&wc, bufpos, buflen, &state); -+ -+ switch (mblength) -+ { -+ case (size_t)-1: -+ case (size_t)-2: -+ convfail++; -+ state = state_bak; -+ /* Fall through. */ -+ -+ case 0: -+ mblength = 1; -+ break; -+ } -+ -+rescan: -+ if (operating_mode == byte_mode) /* byte mode */ -+ increment = mblength; -+ else if (operating_mode == character_mode) /* character mode */ -+ increment = 1; -+ else /* column mode */ -+ { -+ if (convfail) -+ increment = 1; -+ else -+ { -+ switch (wc) -+ { -+ case L'\n': -+ fwrite (line_out, sizeof(char), offset_out, stdout); -+ START_NEW_LINE; -+ continue; -+ -+ case L'\b': -+ increment = (column > 0) ? -1 : 0; -+ break; -+ -+ case L'\r': -+ increment = -1 * column; -+ break; -+ -+ case L'\t': -+ increment = 8 - column % 8; -+ break; -+ -+ default: -+ increment = wcwidth (wc); -+ increment = (increment < 0) ? 0 : increment; -+ } -+ } -+ } -+ -+ if (column + increment > width && break_spaces && last_blank_pos) -+ { -+ fwrite (line_out, sizeof(char), last_blank_pos, stdout); -+ putchar ('\n'); -+ -+ offset_out = offset_out - last_blank_pos; -+ column = column - last_blank_column + ((is_cr_after_last_blank) -+ ? last_blank_increment : bs_following_last_blank_num); -+ memmove (line_out, line_out + last_blank_pos, offset_out); -+ CLEAR_FLAGS; -+ goto rescan; -+ } -+ -+ if (column + increment > width && column != 0) -+ { -+ fwrite (line_out, sizeof(char), offset_out, stdout); -+ START_NEW_LINE; -+ goto rescan; -+ } -+ -+ if (allocated_out < offset_out + mblength) -+ { -+ line_out = X2REALLOC (line_out, &allocated_out); -+ } -+ -+ memcpy (line_out + offset_out, bufpos, mblength); -+ offset_out += mblength; -+ column += increment; -+ -+ if (is_blank_seen && !convfail && wc == L'\r') -+ is_cr_after_last_blank = 1; -+ -+ if (is_bs_following_last_blank && !convfail && wc == L'\b') -+ ++bs_following_last_blank_num; -+ else -+ is_bs_following_last_blank = 0; -+ -+ if (break_spaces && !convfail && iswblank (wc)) -+ { -+ last_blank_pos = offset_out; -+ last_blank_column = column; -+ is_blank_seen = 1; -+ last_blank_increment = increment; -+ is_bs_following_last_blank = 1; -+ bs_following_last_blank_num = 0; -+ is_cr_after_last_blank = 0; -+ } -+ } -+ -+ *saved_errno = errno; -+ if (!ferror (istream)) -+ *saved_errno = 0; -+ -+ if (offset_out) -+ fwrite (line_out, sizeof (char), (size_t) offset_out, stdout); -+ -+} -+#endif -+ -+/* Fold file FILENAME, or standard input if FILENAME is "-", -+ to stdout, with maximum line length WIDTH. -+ Return 0 if successful, 1 if an error occurs. */ -+ -+static bool -+fold_file (char const *filename, size_t width) -+{ -+ FILE *istream; -+ int saved_errno; -+ -+ if (STREQ (filename, "-")) -+ { -+ istream = stdin; -+ have_read_stdin = 1; -+ } -+ else -+ istream = fopen (filename, "r"); -+ -+ if (istream == NULL) -+ { -+ error (0, errno, "%s", filename); -+ return 1; -+ } -+ -+ /* Define how ISTREAM is being folded. */ -+#if HAVE_MBRTOWC -+ if (MB_CUR_MAX > 1) -+ fold_multibyte_text (istream, width, &saved_errno); -+ else -+#endif -+ fold_text (istream, width, &saved_errno); -+ - if (STREQ (filename, "-")) - clearerr (istream); - else if (fclose (istream) != 0 && !saved_errno) -@@ -252,7 +501,8 @@ main (int argc, char **argv) - - atexit (close_stdout); - -- break_spaces = count_bytes = have_read_stdin = false; -+ operating_mode = column_mode; -+ break_spaces = have_read_stdin = false; - - while ((optc = getopt_long (argc, argv, shortopts, longopts, NULL)) != -1) - { -@@ -261,7 +511,15 @@ main (int argc, char **argv) - switch (optc) - { - case 'b': /* Count bytes rather than columns. */ -- count_bytes = true; -+ if (operating_mode != column_mode) -+ FATAL_ERROR (_("only one way of folding may be specified")); -+ operating_mode = byte_mode; -+ break; -+ -+ case 'c': -+ if (operating_mode != column_mode) -+ FATAL_ERROR (_("only one way of folding may be specified")); -+ operating_mode = character_mode; - break; - - case 's': /* Break at word boundaries. */ -diff --git a/src/join.c b/src/join.c -index f2fd172..6c7d1ed 100644 ---- a/src/join.c -+++ b/src/join.c -@@ -22,19 +22,33 @@ - #include - #include - -+/* Get mbstate_t, mbrtowc(), mbrtowc(), wcwidth(). */ -+#if HAVE_WCHAR_H -+# include -+#endif -+ -+/* Get iswblank(), towupper. */ -+#if HAVE_WCTYPE_H -+# include -+#endif -+ - #include "system.h" - #include "die.h" - #include "error.h" - #include "fadvise.h" - #include "hard-locale.h" - #include "linebuffer.h" --#include "memcasecmp.h" - #include "quote.h" - #include "stdio--.h" - #include "xmemcoll.h" - #include "xstrtol.h" - #include "argmatch.h" - -+/* Some systems, like BeOS, have multibyte encodings but lack mbstate_t. */ -+#if HAVE_MBRTOWC && defined mbstate_t -+# define mbrtowc(pwc, s, n, ps) (mbrtowc) (pwc, s, n, 0) -+#endif -+ - /* The official name of this program (e.g., no 'g' prefix). */ - #define PROGRAM_NAME "join" - -@@ -136,10 +150,12 @@ static struct outlist outlist_head; - /* Last element in 'outlist', where a new element can be added. */ - static struct outlist *outlist_end = &outlist_head; - --/* Tab character separating fields. If negative, fields are separated -- by any nonempty string of blanks, otherwise by exactly one -- tab character whose value (when cast to unsigned char) equals TAB. */ --static int tab = -1; -+/* Tab character separating fields. If NULL, fields are separated -+ by any nonempty string of blanks. */ -+static char *tab = NULL; -+ -+/* The number of bytes used for tab. */ -+static size_t tablen = 0; - - /* If nonzero, check that the input is correctly ordered. */ - static enum -@@ -280,13 +296,14 @@ xfields (struct line *line) - if (ptr == lim) - return; - -- if (0 <= tab && tab != '\n') -+ if (tab != NULL) - { -+ unsigned char t = tab[0]; - char *sep; -- for (; (sep = memchr (ptr, tab, lim - ptr)) != NULL; ptr = sep + 1) -+ for (; (sep = memchr (ptr, t, lim - ptr)) != NULL; ptr = sep + 1) - extract_field (line, ptr, sep - ptr); - } -- else if (tab < 0) -+ else - { - /* Skip leading blanks before the first field. */ - while (field_sep (*ptr)) -@@ -310,6 +327,147 @@ xfields (struct line *line) - extract_field (line, ptr, lim - ptr); - } - -+#if HAVE_MBRTOWC -+static void -+xfields_multibyte (struct line *line) -+{ -+ char *ptr = line->buf.buffer; -+ char const *lim = ptr + line->buf.length - 1; -+ wchar_t wc = 0; -+ size_t mblength = 1; -+ mbstate_t state, state_bak; -+ -+ memset (&state, 0, sizeof (mbstate_t)); -+ -+ if (ptr >= lim) -+ return; -+ -+ if (tab != NULL) -+ { -+ char *sep = ptr; -+ for (; ptr < lim; ptr = sep + mblength) -+ { -+ sep = ptr; -+ while (sep < lim) -+ { -+ state_bak = state; -+ mblength = mbrtowc (&wc, sep, lim - sep + 1, &state); -+ -+ if (mblength == (size_t)-1 || mblength == (size_t)-2) -+ { -+ mblength = 1; -+ state = state_bak; -+ } -+ mblength = (mblength < 1) ? 1 : mblength; -+ -+ if (mblength == tablen && !memcmp (sep, tab, mblength)) -+ break; -+ else -+ { -+ sep += mblength; -+ continue; -+ } -+ } -+ -+ if (sep >= lim) -+ break; -+ -+ extract_field (line, ptr, sep - ptr); -+ } -+ } -+ else -+ { -+ /* Skip leading blanks before the first field. */ -+ while(ptr < lim) -+ { -+ state_bak = state; -+ mblength = mbrtowc (&wc, ptr, lim - ptr + 1, &state); -+ -+ if (mblength == (size_t)-1 || mblength == (size_t)-2) -+ { -+ mblength = 1; -+ state = state_bak; -+ break; -+ } -+ mblength = (mblength < 1) ? 1 : mblength; -+ -+ if (!iswblank(wc) && wc != '\n') -+ break; -+ ptr += mblength; -+ } -+ -+ do -+ { -+ char *sep; -+ state_bak = state; -+ mblength = mbrtowc (&wc, ptr, lim - ptr + 1, &state); -+ if (mblength == (size_t)-1 || mblength == (size_t)-2) -+ { -+ mblength = 1; -+ state = state_bak; -+ break; -+ } -+ mblength = (mblength < 1) ? 1 : mblength; -+ -+ sep = ptr + mblength; -+ while (sep < lim) -+ { -+ state_bak = state; -+ mblength = mbrtowc (&wc, sep, lim - sep + 1, &state); -+ if (mblength == (size_t)-1 || mblength == (size_t)-2) -+ { -+ mblength = 1; -+ state = state_bak; -+ break; -+ } -+ mblength = (mblength < 1) ? 1 : mblength; -+ -+ if (iswblank (wc) || wc == '\n') -+ break; -+ -+ sep += mblength; -+ } -+ -+ extract_field (line, ptr, sep - ptr); -+ if (sep >= lim) -+ return; -+ -+ state_bak = state; -+ mblength = mbrtowc (&wc, sep, lim - sep + 1, &state); -+ if (mblength == (size_t)-1 || mblength == (size_t)-2) -+ { -+ mblength = 1; -+ state = state_bak; -+ break; -+ } -+ mblength = (mblength < 1) ? 1 : mblength; -+ -+ ptr = sep + mblength; -+ while (ptr < lim) -+ { -+ state_bak = state; -+ mblength = mbrtowc (&wc, ptr, lim - ptr + 1, &state); -+ if (mblength == (size_t)-1 || mblength == (size_t)-2) -+ { -+ mblength = 1; -+ state = state_bak; -+ break; -+ } -+ mblength = (mblength < 1) ? 1 : mblength; -+ -+ if (!iswblank (wc) && wc != '\n') -+ break; -+ -+ ptr += mblength; -+ } -+ } -+ while (ptr < lim); -+ } -+ -+ extract_field (line, ptr, lim - ptr); -+} -+#endif -+ - static void - freeline (struct line *line) - { -@@ -331,56 +489,133 @@ keycmp (struct line const *line1, struct line const *line2, - size_t jf_1, size_t jf_2) - { - /* Start of field to compare in each file. */ -- char *beg1; -- char *beg2; -- -- size_t len1; -- size_t len2; /* Length of fields to compare. */ -+ char *beg[2]; -+ char *copy[2]; -+ size_t len[2]; /* Length of fields to compare. */ - int diff; -+ int i, j; -+ int mallocd = 0; - - if (jf_1 < line1->nfields) - { -- beg1 = line1->fields[jf_1].beg; -- len1 = line1->fields[jf_1].len; -+ beg[0] = line1->fields[jf_1].beg; -+ len[0] = line1->fields[jf_1].len; - } - else - { -- beg1 = NULL; -- len1 = 0; -+ beg[0] = NULL; -+ len[0] = 0; - } - - if (jf_2 < line2->nfields) - { -- beg2 = line2->fields[jf_2].beg; -- len2 = line2->fields[jf_2].len; -+ beg[1] = line2->fields[jf_2].beg; -+ len[1] = line2->fields[jf_2].len; - } - else - { -- beg2 = NULL; -- len2 = 0; -+ beg[1] = NULL; -+ len[1] = 0; - } - -- if (len1 == 0) -- return len2 == 0 ? 0 : -1; -- if (len2 == 0) -+ if (len[0] == 0) -+ return len[1] == 0 ? 0 : -1; -+ if (len[1] == 0) - return 1; - - if (ignore_case) - { -- /* FIXME: ignore_case does not work with NLS (in particular, -- with multibyte chars). */ -- diff = memcasecmp (beg1, beg2, MIN (len1, len2)); -+#ifdef HAVE_MBRTOWC -+ if (MB_CUR_MAX > 1) -+ { -+ size_t mblength; -+ wchar_t wc, uwc; -+ mbstate_t state, state_bak; -+ -+ memset (&state, '\0', sizeof (mbstate_t)); -+ -+ for (i = 0; i < 2; i++) -+ { -+ mallocd = 1; -+ copy[i] = xmalloc (len[i] + 1); -+ memset (copy[i], '\0',len[i] + 1); -+ -+ for (j = 0; j < MIN (len[0], len[1]);) -+ { -+ state_bak = state; -+ mblength = mbrtowc (&wc, beg[i] + j, len[i] - j, &state); -+ -+ switch (mblength) -+ { -+ case (size_t) -1: -+ case (size_t) -2: -+ state = state_bak; -+ /* Fall through */ -+ case 0: -+ mblength = 1; -+ break; -+ -+ default: -+ uwc = towupper (wc); -+ -+ if (uwc != wc) -+ { -+ mbstate_t state_wc; -+ size_t mblen; -+ -+ memset (&state_wc, '\0', sizeof (mbstate_t)); -+ mblen = wcrtomb (copy[i] + j, uwc, &state_wc); -+ assert (mblen != (size_t)-1); -+ } -+ else -+ memcpy (copy[i] + j, beg[i] + j, mblength); -+ } -+ j += mblength; -+ } -+ copy[i][j] = '\0'; -+ } -+ } -+ else -+#endif -+ { -+ for (i = 0; i < 2; i++) -+ { -+ mallocd = 1; -+ copy[i] = xmalloc (len[i] + 1); -+ -+ for (j = 0; j < MIN (len[0], len[1]); j++) -+ copy[i][j] = toupper (beg[i][j]); -+ -+ copy[i][j] = '\0'; -+ } -+ } - } - else - { -- if (hard_LC_COLLATE) -- return xmemcoll (beg1, len1, beg2, len2); -- diff = memcmp (beg1, beg2, MIN (len1, len2)); -+ copy[0] = beg[0]; -+ copy[1] = beg[1]; - } - -+ if (hard_LC_COLLATE) -+ { -+ diff = xmemcoll ((char *) copy[0], len[0], (char *) copy[1], len[1]); -+ -+ if (mallocd) -+ for (i = 0; i < 2; i++) -+ free (copy[i]); -+ -+ return diff; -+ } -+ diff = memcmp (copy[0], copy[1], MIN (len[0], len[1])); -+ -+ if (mallocd) -+ for (i = 0; i < 2; i++) -+ free (copy[i]); -+ -+ - if (diff) - return diff; -- return len1 < len2 ? -1 : len1 != len2; -+ return len[0] - len[1]; - } - - /* Check that successive input lines PREV and CURRENT from input file -@@ -472,6 +707,11 @@ get_line (FILE *fp, struct line **linep, int which) - } - ++line_no[which - 1]; - -+#if HAVE_MBRTOWC -+ if (MB_CUR_MAX > 1) -+ xfields_multibyte (line); -+ else -+#endif - xfields (line); - - if (prevline[which - 1]) -@@ -567,21 +807,28 @@ prfield (size_t n, struct line const *line) - - /* Output all the fields in line, other than the join field. */ - -+#define PUT_TAB_CHAR \ -+ do \ -+ { \ -+ (tab != NULL) ? \ -+ fwrite(tab, sizeof(char), tablen, stdout) : putchar (' '); \ -+ } \ -+ while (0) -+ - static void - prfields (struct line const *line, size_t join_field, size_t autocount) - { - size_t i; - size_t nfields = autoformat ? autocount : line->nfields; -- char output_separator = tab < 0 ? ' ' : tab; - - for (i = 0; i < join_field && i < nfields; ++i) - { -- putchar (output_separator); -+ PUT_TAB_CHAR; - prfield (i, line); - } - for (i = join_field + 1; i < nfields; ++i) - { -- putchar (output_separator); -+ PUT_TAB_CHAR; - prfield (i, line); - } - } -@@ -592,7 +839,6 @@ static void - prjoin (struct line const *line1, struct line const *line2) - { - const struct outlist *outlist; -- char output_separator = tab < 0 ? ' ' : tab; - size_t field; - struct line const *line; - -@@ -626,7 +872,7 @@ prjoin (struct line const *line1, struct line const *line2) - o = o->next; - if (o == NULL) - break; -- putchar (output_separator); -+ PUT_TAB_CHAR; - } - putchar (eolchar); - } -@@ -1102,20 +1348,43 @@ main (int argc, char **argv) - - case 't': - { -- unsigned char newtab = optarg[0]; -+ char *newtab = NULL; -+ size_t newtablen; -+ newtab = xstrdup (optarg); -+#if HAVE_MBRTOWC -+ if (MB_CUR_MAX > 1) -+ { -+ mbstate_t state; -+ -+ memset (&state, 0, sizeof (mbstate_t)); -+ newtablen = mbrtowc (NULL, newtab, -+ strnlen (newtab, MB_LEN_MAX), -+ &state); -+ if (newtablen == (size_t) 0 -+ || newtablen == (size_t) -1 -+ || newtablen == (size_t) -2) -+ newtablen = 1; -+ } -+ else -+#endif -+ newtablen = 1; - if (! newtab) -- newtab = '\n'; /* '' => process the whole line. */ -+ newtab = (char*)"\n"; /* '' => process the whole line. */ - else if (optarg[1]) - { -- if (STREQ (optarg, "\\0")) -- newtab = '\0'; -- else -- die (EXIT_FAILURE, 0, _("multi-character tab %s"), -- quote (optarg)); -+ if (newtablen == 1 && newtab[1]) -+ { -+ if (STREQ (newtab, "\\0")) -+ newtab[0] = '\0'; -+ } -+ } -+ if (tab != NULL && strcmp (tab, newtab)) -+ { -+ free (newtab); -+ die (EXIT_FAILURE, 0, _("incompatible tabs")); - } -- if (0 <= tab && tab != newtab) -- die (EXIT_FAILURE, 0, _("incompatible tabs")); - tab = newtab; -+ tablen = newtablen; - } - break; - -diff --git a/src/local.mk b/src/local.mk -index e1d15ce..1a5ffaa 100644 ---- a/src/local.mk -+++ b/src/local.mk -@@ -434,8 +434,8 @@ src_base32_CPPFLAGS = -DBASE_TYPE=32 $(AM_CPPFLAGS) - src_basenc_SOURCES = src/basenc.c - src_basenc_CPPFLAGS = -DBASE_TYPE=42 $(AM_CPPFLAGS) - --src_expand_SOURCES = src/expand.c src/expand-common.c --src_unexpand_SOURCES = src/unexpand.c src/expand-common.c -+src_expand_SOURCES = src/expand.c src/expand-common.c lib/mbfile.c -+src_unexpand_SOURCES = src/unexpand.c src/expand-common.c lib/mbfile.c - - src_wc_SOURCES = src/wc.c - if USE_AVX2_WC_LINECOUNT -diff --git a/src/pr.c b/src/pr.c -index 4c17c00..b4fab1c 100644 ---- a/src/pr.c -+++ b/src/pr.c -@@ -311,6 +311,24 @@ - - #include - #include -+ -+/* Get MB_LEN_MAX. */ -+#include -+/* MB_LEN_MAX is incorrectly defined to be 1 in at least one GCC -+ installation; work around this configuration error. */ -+#if !defined MB_LEN_MAX || MB_LEN_MAX == 1 -+# define MB_LEN_MAX 16 -+#endif -+ -+/* Get MB_CUR_MAX. */ -+#include -+ -+/* Solaris 2.5 has a bug: must be included before . */ -+/* Get mbstate_t, mbrtowc(), wcwidth(). */ -+#if HAVE_WCHAR_H -+# include -+#endif -+ - #include "system.h" - #include "die.h" - #include "error.h" -@@ -325,6 +343,18 @@ - #include "xstrtol-error.h" - #include "xdectoint.h" - -+/* Some systems, like BeOS, have multibyte encodings but lack mbstate_t. */ -+#if HAVE_MBRTOWC && defined mbstate_t -+# define mbrtowc(pwc, s, n, ps) (mbrtowc) (pwc, s, n, 0) -+#endif -+ -+#ifndef HAVE_DECL_WCWIDTH -+"this configure-time declaration test was not run" -+#endif -+#if !HAVE_DECL_WCWIDTH -+extern int wcwidth (); -+#endif -+ - /* The official name of this program (e.g., no 'g' prefix). */ - #define PROGRAM_NAME "pr" - -@@ -417,7 +447,20 @@ struct COLUMN - - typedef struct COLUMN COLUMN; - --static int char_to_clump (char c); -+/* Funtion pointers to switch functions for single byte locale or for -+ multibyte locale. If multibyte functions do not exist in your sysytem, -+ these pointers always point the function for single byte locale. */ -+static void (*print_char) (char c); -+static int (*char_to_clump) (char c); -+ -+/* Functions for single byte locale. */ -+static void print_char_single (char c); -+static int char_to_clump_single (char c); -+ -+/* Functions for multibyte locale. */ -+static void print_char_multi (char c); -+static int char_to_clump_multi (char c); -+ - static bool read_line (COLUMN *p); - static bool print_page (void); - static bool print_stored (COLUMN *p); -@@ -429,6 +472,7 @@ static void add_line_number (COLUMN *p); - static void getoptnum (char const *n_str, int min, int *num, - char const *errfmt); - static void getoptarg (char *arg, char switch_char, char *character, -+ int *character_length, int *character_width, - int *number); - static void print_files (int number_of_files, char **av); - static void init_parameters (int number_of_files); -@@ -442,7 +486,6 @@ static void store_char (char c); - static void pad_down (unsigned int lines); - static void read_rest_of_line (COLUMN *p); - static void skip_read (COLUMN *p, int column_number); --static void print_char (char c); - static void cleanup (void); - static void print_sep_string (void); - static void separator_string (char const *optarg_S); -@@ -454,7 +497,7 @@ static COLUMN *column_vector; - we store the leftmost columns contiguously in buff. - To print a line from buff, get the index of the first character - from line_vector[i], and print up to line_vector[i + 1]. */ --static char *buff; -+static unsigned char *buff; - - /* Index of the position in buff where the next character - will be stored. */ -@@ -558,7 +601,7 @@ static int chars_per_column; - static bool untabify_input = false; - - /* (-e) The input tab character. */ --static char input_tab_char = '\t'; -+static char input_tab_char[MB_LEN_MAX] = "\t"; - - /* (-e) Tabstops are at chars_per_tab, 2*chars_per_tab, 3*chars_per_tab, ... - where the leftmost column is 1. */ -@@ -568,7 +611,10 @@ static int chars_per_input_tab = 8; - static bool tabify_output = false; - - /* (-i) The output tab character. */ --static char output_tab_char = '\t'; -+static char output_tab_char[MB_LEN_MAX] = "\t"; -+ -+/* (-i) The byte length of output tab character. */ -+static int output_tab_char_length = 1; - - /* (-i) The width of the output tab. */ - static int chars_per_output_tab = 8; -@@ -638,7 +684,13 @@ static int line_number; - static bool numbered_lines = false; - - /* (-n) Character which follows each line number. */ --static char number_separator = '\t'; -+static char number_separator[MB_LEN_MAX] = "\t"; -+ -+/* (-n) The byte length of the character which follows each line number. */ -+static int number_separator_length = 1; -+ -+/* (-n) The character width of the character which follows each line number. */ -+static int number_separator_width = 0; - - /* (-n) line counting starts with 1st line of input file (not with 1st - line of 1st page printed). */ -@@ -691,6 +743,7 @@ static bool use_col_separator = false; - -a|COLUMN|-m is a 'space' and with the -J option a 'tab'. */ - static char const *col_sep_string = ""; - static int col_sep_length = 0; -+static int col_sep_width = 0; - static char *column_separator = (char *) " "; - static char *line_separator = (char *) "\t"; - -@@ -853,6 +906,13 @@ separator_string (char const *optarg_S) - integer_overflow (); - col_sep_length = len; - col_sep_string = optarg_S; -+ -+#if HAVE_MBRTOWC -+ if (MB_CUR_MAX > 1) -+ col_sep_width = mbswidth (col_sep_string, 0); -+ else -+#endif -+ col_sep_width = col_sep_length; - } - - int -@@ -877,6 +937,21 @@ main (int argc, char **argv) - - atexit (close_stdout); - -+/* Define which functions are used, the ones for single byte locale or the ones -+ for multibyte locale. */ -+#if HAVE_MBRTOWC -+ if (MB_CUR_MAX > 1) -+ { -+ print_char = print_char_multi; -+ char_to_clump = char_to_clump_multi; -+ } -+ else -+#endif -+ { -+ print_char = print_char_single; -+ char_to_clump = char_to_clump_single; -+ } -+ - n_files = 0; - file_names = (argc > 1 - ? xnmalloc (argc - 1, sizeof (char *)) -@@ -953,8 +1028,12 @@ main (int argc, char **argv) - break; - case 'e': - if (optarg) -- getoptarg (optarg, 'e', &input_tab_char, -- &chars_per_input_tab); -+ { -+ int dummy_length, dummy_width; -+ -+ getoptarg (optarg, 'e', input_tab_char, &dummy_length, -+ &dummy_width, &chars_per_input_tab); -+ } - /* Could check tab width > 0. */ - untabify_input = true; - break; -@@ -967,8 +1046,12 @@ main (int argc, char **argv) - break; - case 'i': - if (optarg) -- getoptarg (optarg, 'i', &output_tab_char, -- &chars_per_output_tab); -+ { -+ int dummy_width; -+ -+ getoptarg (optarg, 'i', output_tab_char, &output_tab_char_length, -+ &dummy_width, &chars_per_output_tab); -+ } - /* Could check tab width > 0. */ - tabify_output = true; - break; -@@ -986,8 +1069,8 @@ main (int argc, char **argv) - case 'n': - numbered_lines = true; - if (optarg) -- getoptarg (optarg, 'n', &number_separator, -- &chars_per_number); -+ getoptarg (optarg, 'n', number_separator, &number_separator_length, -+ &number_separator_width, &chars_per_number); - break; - case 'N': - skip_count = false; -@@ -1012,6 +1095,7 @@ main (int argc, char **argv) - /* Reset an additional input of -s, -S dominates -s */ - col_sep_string = ""; - col_sep_length = 0; -+ col_sep_width = 0; - use_col_separator = true; - if (optarg) - separator_string (optarg); -@@ -1166,10 +1250,45 @@ getoptnum (char const *n_str, int min, int *num, char const *err) - a number. */ - - static void --getoptarg (char *arg, char switch_char, char *character, int *number) -+getoptarg (char *arg, char switch_char, char *character, int *character_length, -+ int *character_width, int *number) - { - if (!ISDIGIT (*arg)) -- *character = *arg++; -+ { -+#ifdef HAVE_MBRTOWC -+ if (MB_CUR_MAX > 1) /* for multibyte locale. */ -+ { -+ wchar_t wc; -+ size_t mblength; -+ int width; -+ mbstate_t state = {'\0'}; -+ -+ mblength = mbrtowc (&wc, arg, strnlen(arg, MB_LEN_MAX), &state); -+ -+ if (mblength == (size_t)-1 || mblength == (size_t)-2) -+ { -+ *character_length = 1; -+ *character_width = 1; -+ } -+ else -+ { -+ *character_length = (mblength < 1) ? 1 : mblength; -+ width = wcwidth (wc); -+ *character_width = (width < 0) ? 0 : width; -+ } -+ -+ strncpy (character, arg, *character_length); -+ arg += *character_length; -+ } -+ else /* for single byte locale. */ -+#endif -+ { -+ *character = *arg++; -+ *character_length = 1; -+ *character_width = 1; -+ } -+ } -+ - if (*arg) - { - long int tmp_long; -@@ -1191,6 +1310,11 @@ static void - init_parameters (int number_of_files) - { - int chars_used_by_number = 0; -+ int mb_len = 1; -+#if HAVE_MBRTOWC -+ if (MB_CUR_MAX > 1) -+ mb_len = MB_LEN_MAX; -+#endif - - lines_per_body = lines_per_page - lines_per_header - lines_per_footer; - if (lines_per_body <= 0) -@@ -1228,7 +1352,7 @@ init_parameters (int number_of_files) - else - col_sep_string = column_separator; - -- col_sep_length = 1; -+ col_sep_length = col_sep_width = 1; - use_col_separator = true; - } - /* It's rather pointless to define a TAB separator with column -@@ -1260,11 +1384,11 @@ init_parameters (int number_of_files) - + TAB_WIDTH (chars_per_input_tab, chars_per_number); */ - - /* Estimate chars_per_text without any margin and keep it constant. */ -- if (number_separator == '\t') -+ if (number_separator[0] == '\t') - number_width = (chars_per_number - + TAB_WIDTH (chars_per_default_tab, chars_per_number)); - else -- number_width = chars_per_number + 1; -+ number_width = chars_per_number + number_separator_width; - - /* The number is part of the column width unless we are - printing files in parallel. */ -@@ -1273,7 +1397,7 @@ init_parameters (int number_of_files) - } - - int sep_chars, useful_chars; -- if (INT_MULTIPLY_WRAPV (columns - 1, col_sep_length, &sep_chars)) -+ if (INT_MULTIPLY_WRAPV (columns - 1, col_sep_width, &sep_chars)) - sep_chars = INT_MAX; - if (INT_SUBTRACT_WRAPV (chars_per_line - chars_used_by_number, sep_chars, - &useful_chars)) -@@ -1296,7 +1420,7 @@ init_parameters (int number_of_files) - We've to use 8 as the lower limit, if we use chars_per_default_tab = 8 - to expand a tab which is not an input_tab-char. */ - free (clump_buff); -- clump_buff = xmalloc (MAX (8, chars_per_input_tab)); -+ clump_buff = xmalloc (mb_len * MAX (8, chars_per_input_tab)); - } - - /* Open the necessary files, -@@ -1402,7 +1526,7 @@ init_funcs (void) - - /* Enlarge p->start_position of first column to use the same form of - padding_not_printed with all columns. */ -- h = h + col_sep_length; -+ h = h + col_sep_width; - - /* This loop takes care of all but the rightmost column. */ - -@@ -1436,7 +1560,7 @@ init_funcs (void) - } - else - { -- h = h_next + col_sep_length; -+ h = h_next + col_sep_width; - h_next = h + chars_per_column; - } - } -@@ -1733,9 +1857,9 @@ static void - align_column (COLUMN *p) - { - padding_not_printed = p->start_position; -- if (col_sep_length < padding_not_printed) -+ if (col_sep_width < padding_not_printed) - { -- pad_across_to (padding_not_printed - col_sep_length); -+ pad_across_to (padding_not_printed - col_sep_width); - padding_not_printed = ANYWHERE; - } - -@@ -2010,13 +2134,13 @@ store_char (char c) - /* May be too generous. */ - buff = X2REALLOC (buff, &buff_allocated); - } -- buff[buff_current++] = c; -+ buff[buff_current++] = (unsigned char) c; - } - - static void - add_line_number (COLUMN *p) - { -- int i; -+ int i, j; - char *s; - int num_width; - -@@ -2033,22 +2157,24 @@ add_line_number (COLUMN *p) - /* Tabification is assumed for multiple columns, also for n-separators, - but 'default n-separator = TAB' hasn't been given priority over - equal column_width also specified by POSIX. */ -- if (number_separator == '\t') -+ if (number_separator[0] == '\t') - { - i = number_width - chars_per_number; - while (i-- > 0) - (p->char_func) (' '); - } - else -- (p->char_func) (number_separator); -+ for (j = 0; j < number_separator_length; j++) -+ (p->char_func) (number_separator[j]); - } - else - /* To comply with POSIX, we avoid any expansion of default TAB - separator with a single column output. No column_width requirement - has to be considered. */ - { -- (p->char_func) (number_separator); -- if (number_separator == '\t') -+ for (j = 0; j < number_separator_length; j++) -+ (p->char_func) (number_separator[j]); -+ if (number_separator[0] == '\t') - output_position = POS_AFTER_TAB (chars_per_output_tab, - output_position); - } -@@ -2207,7 +2333,7 @@ print_white_space (void) - while (goal - h_old > 1 - && (h_new = POS_AFTER_TAB (chars_per_output_tab, h_old)) <= goal) - { -- putchar (output_tab_char); -+ fwrite (output_tab_char, sizeof(char), output_tab_char_length, stdout); - h_old = h_new; - } - while (++h_old <= goal) -@@ -2227,6 +2353,7 @@ print_sep_string (void) - { - char const *s = col_sep_string; - int l = col_sep_length; -+ int not_space_flag; - - if (separators_not_printed <= 0) - { -@@ -2238,6 +2365,7 @@ print_sep_string (void) - { - for (; separators_not_printed > 0; --separators_not_printed) - { -+ not_space_flag = 0; - while (l-- > 0) - { - /* 3 types of sep_strings: spaces only, spaces and chars, -@@ -2251,12 +2379,15 @@ print_sep_string (void) - } - else - { -+ not_space_flag = 1; - if (spaces_not_printed > 0) - print_white_space (); - putchar (*s++); -- ++output_position; - } - } -+ if (not_space_flag) -+ output_position += col_sep_width; -+ - /* sep_string ends with some spaces */ - if (spaces_not_printed > 0) - print_white_space (); -@@ -2284,7 +2415,7 @@ print_clump (COLUMN *p, int n, char *clump) - required number of tabs and spaces. */ - - static void --print_char (char c) -+print_char_single (char c) - { - if (tabify_output) - { -@@ -2308,6 +2439,74 @@ print_char (char c) - putchar (c); - } - -+#ifdef HAVE_MBRTOWC -+static void -+print_char_multi (char c) -+{ -+ static size_t mbc_pos = 0; -+ static char mbc[MB_LEN_MAX] = {'\0'}; -+ static mbstate_t state = {'\0'}; -+ mbstate_t state_bak; -+ wchar_t wc; -+ size_t mblength; -+ int width; -+ -+ if (tabify_output) -+ { -+ state_bak = state; -+ mbc[mbc_pos++] = c; -+ mblength = mbrtowc (&wc, mbc, mbc_pos, &state); -+ -+ while (mbc_pos > 0) -+ { -+ switch (mblength) -+ { -+ case (size_t)-2: -+ state = state_bak; -+ return; -+ -+ case (size_t)-1: -+ state = state_bak; -+ ++output_position; -+ putchar (mbc[0]); -+ memmove (mbc, mbc + 1, MB_CUR_MAX - 1); -+ --mbc_pos; -+ break; -+ -+ case 0: -+ mblength = 1; -+ -+ default: -+ if (wc == L' ') -+ { -+ memmove (mbc, mbc + mblength, MB_CUR_MAX - mblength); -+ --mbc_pos; -+ ++spaces_not_printed; -+ return; -+ } -+ else if (spaces_not_printed > 0) -+ print_white_space (); -+ -+ /* Nonprintables are assumed to have width 0, except L'\b'. */ -+ if ((width = wcwidth (wc)) < 1) -+ { -+ if (wc == L'\b') -+ --output_position; -+ } -+ else -+ output_position += width; -+ -+ fwrite (mbc, sizeof(char), mblength, stdout); -+ memmove (mbc, mbc + mblength, MB_CUR_MAX - mblength); -+ mbc_pos -= mblength; -+ } -+ } -+ return; -+ } -+ putchar (c); -+} -+#endif -+ - /* Skip to page PAGE before printing. - PAGE may be larger than total number of pages. */ - -@@ -2485,9 +2684,9 @@ read_line (COLUMN *p) - align_empty_cols = false; - } - -- if (col_sep_length < padding_not_printed) -+ if (col_sep_width < padding_not_printed) - { -- pad_across_to (padding_not_printed - col_sep_length); -+ pad_across_to (padding_not_printed - col_sep_width); - padding_not_printed = ANYWHERE; - } - -@@ -2556,7 +2755,7 @@ print_stored (COLUMN *p) - COLUMN *q; - - int line = p->current_line++; -- char *first = &buff[line_vector[line]]; -+ unsigned char *first = &buff[line_vector[line]]; - /* FIXME - UMR: Uninitialized memory read: - * This is occurring while in: -@@ -2568,7 +2767,7 @@ print_stored (COLUMN *p) - xmalloc [xmalloc.c:94] - init_store_cols [pr.c:1648] - */ -- char *last = &buff[line_vector[line + 1]]; -+ unsigned char *last = &buff[line_vector[line + 1]]; - - pad_vertically = true; - -@@ -2588,9 +2787,9 @@ print_stored (COLUMN *p) - } - } - -- if (col_sep_length < padding_not_printed) -+ if (col_sep_width < padding_not_printed) - { -- pad_across_to (padding_not_printed - col_sep_length); -+ pad_across_to (padding_not_printed - col_sep_width); - padding_not_printed = ANYWHERE; - } - -@@ -2603,8 +2802,8 @@ print_stored (COLUMN *p) - if (spaces_not_printed == 0) - { - output_position = p->start_position + end_vector[line]; -- if (p->start_position - col_sep_length == chars_per_margin) -- output_position -= col_sep_length; -+ if (p->start_position - col_sep_width == chars_per_margin) -+ output_position -= col_sep_width; - } - - return true; -@@ -2623,7 +2822,7 @@ print_stored (COLUMN *p) - number of characters is 1.) */ - - static int --char_to_clump (char c) -+char_to_clump_single (char c) - { - unsigned char uc = c; - char *s = clump_buff; -@@ -2633,10 +2832,10 @@ char_to_clump (char c) - int chars; - int chars_per_c = 8; - -- if (c == input_tab_char) -+ if (c == input_tab_char[0]) - chars_per_c = chars_per_input_tab; - -- if (c == input_tab_char || c == '\t') -+ if (c == input_tab_char[0] || c == '\t') - { - width = TAB_WIDTH (chars_per_c, input_position); - -@@ -2717,6 +2916,164 @@ char_to_clump (char c) - return chars; - } - -+#ifdef HAVE_MBRTOWC -+static int -+char_to_clump_multi (char c) -+{ -+ static size_t mbc_pos = 0; -+ static char mbc[MB_LEN_MAX] = {'\0'}; -+ static mbstate_t state = {'\0'}; -+ mbstate_t state_bak; -+ wchar_t wc; -+ size_t mblength; -+ int wc_width; -+ register char *s = clump_buff; -+ register int i, j; -+ char esc_buff[4]; -+ int width; -+ int chars; -+ int chars_per_c = 8; -+ -+ state_bak = state; -+ mbc[mbc_pos++] = c; -+ mblength = mbrtowc (&wc, mbc, mbc_pos, &state); -+ -+ width = 0; -+ chars = 0; -+ while (mbc_pos > 0) -+ { -+ switch (mblength) -+ { -+ case (size_t)-2: -+ state = state_bak; -+ return 0; -+ -+ case (size_t)-1: -+ state = state_bak; -+ mblength = 1; -+ -+ if (use_esc_sequence || use_cntrl_prefix) -+ { -+ width = +4; -+ chars = +4; -+ *s++ = '\\'; -+ sprintf (esc_buff, "%03o", (unsigned char) mbc[0]); -+ for (i = 0; i <= 2; ++i) -+ *s++ = (int) esc_buff[i]; -+ } -+ else -+ { -+ width += 1; -+ chars += 1; -+ *s++ = mbc[0]; -+ } -+ break; -+ -+ case 0: -+ mblength = 1; -+ /* Fall through */ -+ -+ default: -+ if (memcmp (mbc, input_tab_char, mblength) == 0) -+ chars_per_c = chars_per_input_tab; -+ -+ if (memcmp (mbc, input_tab_char, mblength) == 0 || c == '\t') -+ { -+ int width_inc; -+ -+ width_inc = TAB_WIDTH (chars_per_c, input_position); -+ width += width_inc; -+ -+ if (untabify_input) -+ { -+ for (i = width_inc; i; --i) -+ *s++ = ' '; -+ chars += width_inc; -+ } -+ else -+ { -+ for (i = 0; i < mblength; i++) -+ *s++ = mbc[i]; -+ chars += mblength; -+ } -+ } -+ else if ((wc_width = wcwidth (wc)) < 1) -+ { -+ if (use_esc_sequence) -+ { -+ for (i = 0; i < mblength; i++) -+ { -+ width += 4; -+ chars += 4; -+ *s++ = '\\'; -+ sprintf (esc_buff, "%03o", (unsigned char) mbc[i]); -+ for (j = 0; j <= 2; ++j) -+ *s++ = (int) esc_buff[j]; -+ } -+ } -+ else if (use_cntrl_prefix) -+ { -+ if (wc < 0200) -+ { -+ width += 2; -+ chars += 2; -+ *s++ = '^'; -+ *s++ = wc ^ 0100; -+ } -+ else -+ { -+ for (i = 0; i < mblength; i++) -+ { -+ width += 4; -+ chars += 4; -+ *s++ = '\\'; -+ sprintf (esc_buff, "%03o", (unsigned char) mbc[i]); -+ for (j = 0; j <= 2; ++j) -+ *s++ = (int) esc_buff[j]; -+ } -+ } -+ } -+ else if (wc == L'\b') -+ { -+ width += -1; -+ chars += 1; -+ *s++ = c; -+ } -+ else -+ { -+ width += 0; -+ chars += mblength; -+ for (i = 0; i < mblength; i++) -+ *s++ = mbc[i]; -+ } -+ } -+ else -+ { -+ width += wc_width; -+ chars += mblength; -+ for (i = 0; i < mblength; i++) -+ *s++ = mbc[i]; -+ } -+ } -+ memmove (mbc, mbc + mblength, MB_CUR_MAX - mblength); -+ mbc_pos -= mblength; -+ } -+ -+ /* Too many backspaces must put us in position 0 -- never negative. */ -+ if (width < 0 && input_position == 0) -+ { -+ chars = 0; -+ input_position = 0; -+ } -+ else if (width < 0 && input_position <= -width) -+ input_position = 0; -+ else -+ input_position += width; -+ -+ return chars; -+} -+#endif -+ - /* We've just printed some files and need to clean up things before - looking for more options and printing the next batch of files. - -diff --git a/src/sort.c b/src/sort.c -index 3b775d6..a0ba243 100644 ---- a/src/sort.c -+++ b/src/sort.c -@@ -29,6 +29,14 @@ - #include - #include - #include -+#if HAVE_WCHAR_H -+# include -+#endif -+/* Get isw* functions. */ -+#if HAVE_WCTYPE_H -+# include -+#endif -+ - #include "system.h" - #include "argmatch.h" - #include "die.h" -@@ -159,14 +167,39 @@ static int thousands_sep; - /* We currently ignore multi-byte grouping chars. */ - static bool thousands_sep_ignored; - -+/* True if -f is specified. */ -+static bool folding; -+ - /* Nonzero if the corresponding locales are hard. */ - static bool hard_LC_COLLATE; --#if HAVE_NL_LANGINFO -+#if HAVE_LANGINFO_CODESET - static bool hard_LC_TIME; - #endif - - #define NONZERO(x) ((x) != 0) - -+/* get a multibyte character's byte length. */ -+#define GET_BYTELEN_OF_CHAR(LIM, PTR, MBLENGTH, STATE) \ -+ do \ -+ { \ -+ wchar_t wc; \ -+ mbstate_t state_bak; \ -+ \ -+ state_bak = STATE; \ -+ mblength = mbrtowc (&wc, PTR, LIM - PTR, &STATE); \ -+ \ -+ switch (MBLENGTH) \ -+ { \ -+ case (size_t)-1: \ -+ case (size_t)-2: \ -+ STATE = state_bak; \ -+ /* Fall through. */ \ -+ case 0: \ -+ MBLENGTH = 1; \ -+ } \ -+ } \ -+ while (0) -+ - /* The kind of blanks for '-b' to skip in various options. */ - enum blanktype { bl_start, bl_end, bl_both }; - -@@ -343,13 +376,11 @@ static bool stable; - /* An int value outside char range. */ - enum { NON_CHAR = CHAR_MAX + 1 }; - --/* If TAB has this value, blanks separate fields. */ --enum { TAB_DEFAULT = CHAR_MAX + 1 }; -- --/* Tab character separating fields. If TAB_DEFAULT, then fields are -+/* Tab character separating fields. If tab_length is 0, then fields are - separated by the empty string between a non-blank character and a blank - character. */ --static int tab = TAB_DEFAULT; -+static char tab[MB_LEN_MAX + 1]; -+static size_t tab_length = 0; - - /* Flag to remove consecutive duplicate lines from the output. - Only the last of a sequence of equal lines will be output. */ -@@ -805,6 +836,46 @@ reap_all (void) - reap (-1); - } - -+/* Function pointers. */ -+static void -+(*inittables) (void); -+static char * -+(*begfield) (const struct line*, const struct keyfield *); -+static char * -+(*limfield) (const struct line*, const struct keyfield *); -+static void -+(*skipblanks) (char **ptr, char *lim); -+static int -+(*getmonth) (char const *, size_t, char **); -+static int -+(*keycompare) (const struct line *, const struct line *); -+static int -+(*numcompare) (const char *, const char *); -+ -+/* Test for white space multibyte character. -+ Set LENGTH the byte length of investigated multibyte character. */ -+#if HAVE_MBRTOWC -+static int -+ismbblank (const char *str, size_t len, size_t *length) -+{ -+ size_t mblength; -+ wchar_t wc; -+ mbstate_t state; -+ -+ memset (&state, '\0', sizeof(mbstate_t)); -+ mblength = mbrtowc (&wc, str, len, &state); -+ -+ if (mblength == (size_t)-1 || mblength == (size_t)-2) -+ { -+ *length = 1; -+ return 0; -+ } -+ -+ *length = (mblength < 1) ? 1 : mblength; -+ return iswblank (wc) || wc == '\n'; -+} -+#endif -+ - /* Clean up any remaining temporary files. */ - - static void -@@ -1272,7 +1343,7 @@ zaptemp (char const *name) - free (node); - } - --#if HAVE_NL_LANGINFO -+#if HAVE_LANGINFO_CODESET - - static int - struct_month_cmp (void const *m1, void const *m2) -@@ -1287,7 +1358,7 @@ struct_month_cmp (void const *m1, void const *m2) - /* Initialize the character class tables. */ - - static void --inittables (void) -+inittables_uni (void) - { - size_t i; - -@@ -1299,7 +1370,7 @@ inittables (void) - fold_toupper[i] = toupper (i); - } - --#if HAVE_NL_LANGINFO -+#if HAVE_LANGINFO_CODESET - /* If we're not in the "C" locale, read different names for months. */ - if (hard_LC_TIME) - { -@@ -1381,6 +1452,84 @@ specify_nmerge (int oi, char c, char const *s) - xstrtol_fatal (e, oi, c, long_options, s); - } - -+#if HAVE_MBRTOWC -+static void -+inittables_mb (void) -+{ -+ int i, j, k, l; -+ char *name, *s, *lc_time, *lc_ctype; -+ size_t s_len, mblength; -+ char mbc[MB_LEN_MAX]; -+ wchar_t wc, pwc; -+ mbstate_t state_mb, state_wc; -+ -+ lc_time = setlocale (LC_TIME, ""); -+ if (lc_time) -+ lc_time = xstrdup (lc_time); -+ -+ lc_ctype = setlocale (LC_CTYPE, ""); -+ if (lc_ctype) -+ lc_ctype = xstrdup (lc_ctype); -+ -+ if (lc_time && lc_ctype) -+ /* temporarily set LC_CTYPE to match LC_TIME, so that we can convert -+ * the names of months to upper case */ -+ setlocale (LC_CTYPE, lc_time); -+ -+ for (i = 0; i < MONTHS_PER_YEAR; i++) -+ { -+ s = (char *) nl_langinfo (ABMON_1 + i); -+ s_len = strlen (s); -+ monthtab[i].name = name = (char *) xmalloc (s_len + 1); -+ monthtab[i].val = i + 1; -+ -+ memset (&state_mb, '\0', sizeof (mbstate_t)); -+ memset (&state_wc, '\0', sizeof (mbstate_t)); -+ -+ for (j = 0; j < s_len;) -+ { -+ if (!ismbblank (s + j, s_len - j, &mblength)) -+ break; -+ j += mblength; -+ } -+ -+ for (k = 0; j < s_len;) -+ { -+ mblength = mbrtowc (&wc, (s + j), (s_len - j), &state_mb); -+ assert (mblength != (size_t)-1 && mblength != (size_t)-2); -+ if (mblength == 0) -+ break; -+ -+ pwc = towupper (wc); -+ if (pwc == wc) -+ { -+ memcpy (mbc, s + j, mblength); -+ j += mblength; -+ } -+ else -+ { -+ j += mblength; -+ mblength = wcrtomb (mbc, pwc, &state_wc); -+ assert (mblength != (size_t)0 && mblength != (size_t)-1); -+ } -+ -+ for (l = 0; l < mblength; l++) -+ name[k++] = mbc[l]; -+ } -+ name[k] = '\0'; -+ } -+ qsort ((void *) monthtab, MONTHS_PER_YEAR, -+ sizeof (struct month), struct_month_cmp); -+ -+ if (lc_time && lc_ctype) -+ /* restore the original locales */ -+ setlocale (LC_CTYPE, lc_ctype); -+ -+ free (lc_ctype); -+ free (lc_time); -+} -+#endif -+ - /* Specify the amount of main memory to use when sorting. */ - static void - specify_sort_size (int oi, char c, char const *s) -@@ -1612,7 +1761,7 @@ buffer_linelim (struct buffer const *buf) - by KEY in LINE. */ - - static char * --begfield (struct line const *line, struct keyfield const *key) -+begfield_uni (const struct line *line, const struct keyfield *key) - { - char *ptr = line->text, *lim = ptr + line->length - 1; - size_t sword = key->sword; -@@ -1621,10 +1770,10 @@ begfield (struct line const *line, struct keyfield const *key) - /* The leading field separator itself is included in a field when -t - is absent. */ - -- if (tab != TAB_DEFAULT) -+ if (tab_length) - while (ptr < lim && sword--) - { -- while (ptr < lim && *ptr != tab) -+ while (ptr < lim && *ptr != tab[0]) - ++ptr; - if (ptr < lim) - ++ptr; -@@ -1650,12 +1799,71 @@ begfield (struct line const *line, struct keyfield const *key) - return ptr; - } - -+#if HAVE_MBRTOWC -+static char * -+begfield_mb (const struct line *line, const struct keyfield *key) -+{ -+ int i; -+ char *ptr = line->text, *lim = ptr + line->length - 1; -+ size_t sword = key->sword; -+ size_t schar = key->schar; -+ size_t mblength; -+ mbstate_t state; -+ -+ memset (&state, '\0', sizeof(mbstate_t)); -+ -+ if (tab_length) -+ while (ptr < lim && sword--) -+ { -+ while (ptr < lim && memcmp (ptr, tab, tab_length) != 0) -+ { -+ GET_BYTELEN_OF_CHAR (lim, ptr, mblength, state); -+ ptr += mblength; -+ } -+ if (ptr < lim) -+ { -+ GET_BYTELEN_OF_CHAR (lim, ptr, mblength, state); -+ ptr += mblength; -+ } -+ } -+ else -+ while (ptr < lim && sword--) -+ { -+ while (ptr < lim && ismbblank (ptr, lim - ptr, &mblength)) -+ ptr += mblength; -+ if (ptr < lim) -+ { -+ GET_BYTELEN_OF_CHAR (lim, ptr, mblength, state); -+ ptr += mblength; -+ } -+ while (ptr < lim && !ismbblank (ptr, lim - ptr, &mblength)) -+ ptr += mblength; -+ } -+ -+ if (key->skipsblanks) -+ while (ptr < lim && ismbblank (ptr, lim - ptr, &mblength)) -+ ptr += mblength; -+ -+ for (i = 0; i < schar; i++) -+ { -+ GET_BYTELEN_OF_CHAR (lim, ptr, mblength, state); -+ -+ if (ptr + mblength > lim) -+ break; -+ else -+ ptr += mblength; -+ } -+ -+ return ptr; -+} -+#endif -+ - /* Return the limit of (a pointer to the first character after) the field - in LINE specified by KEY. */ - - ATTRIBUTE_PURE - static char * --limfield (struct line const *line, struct keyfield const *key) -+limfield_uni (struct line const *line, struct keyfield const *key) - { - char *ptr = line->text, *lim = ptr + line->length - 1; - size_t eword = key->eword, echar = key->echar; -@@ -1670,10 +1878,10 @@ limfield (struct line const *line, struct keyfield const *key) - 'beginning' is the first character following the delimiting TAB. - Otherwise, leave PTR pointing at the first 'blank' character after - the preceding field. */ -- if (tab != TAB_DEFAULT) -+ if (tab_length) - while (ptr < lim && eword--) - { -- while (ptr < lim && *ptr != tab) -+ while (ptr < lim && *ptr != tab[0]) - ++ptr; - if (ptr < lim && (eword || echar)) - ++ptr; -@@ -1719,10 +1927,10 @@ limfield (struct line const *line, struct keyfield const *key) - */ - - /* Make LIM point to the end of (one byte past) the current field. */ -- if (tab != TAB_DEFAULT) -+ if (tab_length) - { - char *newlim; -- newlim = memchr (ptr, tab, lim - ptr); -+ newlim = memchr (ptr, tab[0], lim - ptr); - if (newlim) - lim = newlim; - } -@@ -1753,6 +1961,130 @@ limfield (struct line const *line, struct keyfield const *key) - return ptr; - } - -+#if HAVE_MBRTOWC -+static char * _GL_ATTRIBUTE_PURE -+limfield_mb (const struct line *line, const struct keyfield *key) -+{ -+ char *ptr = line->text, *lim = ptr + line->length - 1; -+ size_t eword = key->eword, echar = key->echar; -+ int i; -+ size_t mblength; -+ mbstate_t state; -+ -+ if (echar == 0) -+ eword++; /* skip all of end field. */ -+ -+ memset (&state, '\0', sizeof(mbstate_t)); -+ -+ if (tab_length) -+ while (ptr < lim && eword--) -+ { -+ while (ptr < lim && memcmp (ptr, tab, tab_length) != 0) -+ { -+ GET_BYTELEN_OF_CHAR (lim, ptr, mblength, state); -+ ptr += mblength; -+ } -+ if (ptr < lim && (eword | echar)) -+ { -+ GET_BYTELEN_OF_CHAR (lim, ptr, mblength, state); -+ ptr += mblength; -+ } -+ } -+ else -+ while (ptr < lim && eword--) -+ { -+ while (ptr < lim && ismbblank (ptr, lim - ptr, &mblength)) -+ ptr += mblength; -+ if (ptr < lim) -+ { -+ GET_BYTELEN_OF_CHAR (lim, ptr, mblength, state); -+ ptr += mblength; -+ } -+ while (ptr < lim && !ismbblank (ptr, lim - ptr, &mblength)) -+ ptr += mblength; -+ } -+ -+ -+# ifdef POSIX_UNSPECIFIED -+ /* Make LIM point to the end of (one byte past) the current field. */ -+ if (tab_length) -+ { -+ char *newlim, *p; -+ -+ newlim = NULL; -+ for (p = ptr; p < lim;) -+ { -+ if (memcmp (p, tab, tab_length) == 0) -+ { -+ newlim = p; -+ break; -+ } -+ -+ GET_BYTELEN_OF_CHAR (lim, ptr, mblength, state); -+ p += mblength; -+ } -+ } -+ else -+ { -+ char *newlim; -+ newlim = ptr; -+ -+ while (newlim < lim && ismbblank (newlim, lim - newlim, &mblength)) -+ newlim += mblength; -+ if (ptr < lim) -+ { -+ GET_BYTELEN_OF_CHAR (lim, ptr, mblength, state); -+ ptr += mblength; -+ } -+ while (newlim < lim && !ismbblank (newlim, lim - newlim, &mblength)) -+ newlim += mblength; -+ lim = newlim; -+ } -+# endif -+ -+ if (echar != 0) -+ { -+ /* If we're skipping leading blanks, don't start counting characters -+ * until after skipping past any leading blanks. */ -+ if (key->skipeblanks) -+ while (ptr < lim && ismbblank (ptr, lim - ptr, &mblength)) -+ ptr += mblength; -+ -+ memset (&state, '\0', sizeof(mbstate_t)); -+ -+ /* Advance PTR by ECHAR (if possible), but no further than LIM. */ -+ for (i = 0; i < echar; i++) -+ { -+ GET_BYTELEN_OF_CHAR (lim, ptr, mblength, state); -+ -+ if (ptr + mblength > lim) -+ break; -+ else -+ ptr += mblength; -+ } -+ } -+ -+ return ptr; -+} -+#endif -+ -+static void -+skipblanks_uni (char **ptr, char *lim) -+{ -+ while (*ptr < lim && blanks[to_uchar (**ptr)]) -+ ++(*ptr); -+} -+ -+#if HAVE_MBRTOWC -+static void -+skipblanks_mb (char **ptr, char *lim) -+{ -+ size_t mblength; -+ while (*ptr < lim && ismbblank (*ptr, lim - *ptr, &mblength)) -+ (*ptr) += mblength; -+} -+#endif -+ - /* Fill BUF reading from FP, moving buf->left bytes from the end - of buf->buf to the beginning first. If EOF is reached and the - file wasn't terminated by a newline, supply one. Set up BUF's line -@@ -1839,8 +2171,22 @@ fillbuf (struct buffer *buf, FILE *fp, char const *file) - else - { - if (key->skipsblanks) -- while (blanks[to_uchar (*line_start)]) -- line_start++; -+ { -+#if HAVE_MBRTOWC -+ if (MB_CUR_MAX > 1) -+ { -+ size_t mblength; -+ while (line_start < line->keylim && -+ ismbblank (line_start, -+ line->keylim - line_start, -+ &mblength)) -+ line_start += mblength; -+ } -+ else -+#endif -+ while (blanks[to_uchar (*line_start)]) -+ line_start++; -+ } - line->keybeg = line_start; - } - } -@@ -1976,12 +2322,10 @@ find_unit_order (char const *number) - - ATTRIBUTE_PURE - static int --human_numcompare (char const *a, char const *b) -+human_numcompare (char *a, char *b) - { -- while (blanks[to_uchar (*a)]) -- a++; -- while (blanks[to_uchar (*b)]) -- b++; -+ skipblanks(&a, a + strlen(a)); -+ skipblanks(&b, b + strlen(b)); - - int diff = find_unit_order (a) - find_unit_order (b); - return (diff ? diff : strnumcmp (a, b, decimal_point, thousands_sep)); -@@ -1993,7 +2337,7 @@ human_numcompare (char const *a, char const *b) - - ATTRIBUTE_PURE - static int --numcompare (char const *a, char const *b) -+numcompare_uni (const char *a, const char *b) - { - while (blanks[to_uchar (*a)]) - a++; -@@ -2003,6 +2347,25 @@ numcompare (char const *a, char const *b) - return strnumcmp (a, b, decimal_point, thousands_sep); - } - -+#if HAVE_MBRTOWC -+static int -+numcompare_mb (const char *a, const char *b) -+{ -+ size_t mblength, len; -+ len = strlen (a); /* okay for UTF-8 */ -+ while (*a && ismbblank (a, len > MB_CUR_MAX ? MB_CUR_MAX : len, &mblength)) -+ { -+ a += mblength; -+ len -= mblength; -+ } -+ len = strlen (b); /* okay for UTF-8 */ -+ while (*b && ismbblank (b, len > MB_CUR_MAX ? MB_CUR_MAX : len, &mblength)) -+ b += mblength; -+ -+ return strnumcmp (a, b, decimal_point, thousands_sep); -+} -+#endif /* HAV_EMBRTOWC */ -+ - /* Work around a problem whereby the long double value returned by glibc's - strtold ("NaN", ...) contains uninitialized bits: clear all bytes of - A and B before calling strtold. FIXME: remove this function if -@@ -2053,7 +2416,7 @@ general_numcompare (char const *sa, char const *sb) - Return 0 if the name in S is not recognized. */ - - static int --getmonth (char const *month, char **ea) -+getmonth_uni (char const *month, size_t len, char **ea) - { - size_t lo = 0; - size_t hi = MONTHS_PER_YEAR; -@@ -2329,15 +2692,14 @@ debug_key (struct line const *line, struct keyfield const *key) - char saved = *lim; - *lim = '\0'; - -- while (blanks[to_uchar (*beg)]) -- beg++; -+ skipblanks (&beg, lim); - - char *tighter_lim = beg; - - if (lim < beg) - tighter_lim = lim; - else if (key->month) -- getmonth (beg, &tighter_lim); -+ getmonth (beg, lim-beg, &tighter_lim); - else if (key->general_numeric) - ignore_value (strtold (beg, &tighter_lim)); - else if (key->numeric || key->human_numeric) -@@ -2483,7 +2845,7 @@ key_warnings (struct keyfield const *gkey, bool gkey_only) - /* Warn about significant leading blanks. */ - bool implicit_skip = key_numeric (key) || key->month; - bool line_offset = key->eword == 0 && key->echar != 0; /* -k1.x,1.y */ -- if (!zero_width && !gkey_only && tab == TAB_DEFAULT && !line_offset -+ if (!zero_width && !gkey_only && !tab_length && !line_offset - && ((!key->skipsblanks && !implicit_skip) - || (!key->skipsblanks && key->schar) - || (!key->skipeblanks && key->echar))) -@@ -2531,9 +2893,9 @@ key_warnings (struct keyfield const *gkey, bool gkey_only) - bool number_locale_warned = false; - if (basic_numeric_field_span) - { -- if (tab == TAB_DEFAULT -- ? thousands_sep != NON_CHAR && (isblank (to_uchar (thousands_sep))) -- : tab == thousands_sep) -+ if (tab_length -+ ? tab[0] == thousands_sep -+ : thousands_sep != NON_CHAR && (isblank (to_uchar (thousands_sep)))) - { - error (0, 0, - _("field separator %s is treated as a " -@@ -2544,9 +2906,9 @@ key_warnings (struct keyfield const *gkey, bool gkey_only) - } - if (basic_numeric_field_span || general_numeric_field_span) - { -- if (tab == TAB_DEFAULT -- ? thousands_sep != NON_CHAR && (isblank (to_uchar (decimal_point))) -- : tab == decimal_point) -+ if (tab_length -+ ? tab[0] == decimal_point -+ : thousands_sep != NON_CHAR && (isblank (to_uchar (decimal_point)))) - { - error (0, 0, - _("field separator %s is treated as a " -@@ -2554,19 +2916,19 @@ key_warnings (struct keyfield const *gkey, bool gkey_only) - quote (((char []) {decimal_point, 0}))); - number_locale_warned = true; - } -- else if (tab == '-') -+ else if (tab_length && tab[0] == '-') - { - error (0, 0, - _("field separator %s is treated as a " - "minus sign in numbers"), -- quote (((char []) {tab, 0}))); -+ quote (((char []) {tab[0], 0}))); - } -- else if (general_numeric_field_span && tab == '+') -+ else if (general_numeric_field_span && tab_length && tab[0] == '+') - { - error (0, 0, - _("field separator %s is treated as a " - "plus sign in numbers"), -- quote (((char []) {tab, 0}))); -+ quote (((char []) {tab[0], 0}))); - } - } - -@@ -2577,7 +2939,7 @@ key_warnings (struct keyfield const *gkey, bool gkey_only) - { - error (0, 0, - _("%snumbers use %s as a decimal point in this locale"), -- tab == decimal_point ? "" : _("note "), -+ (tab_length && tab[0] == decimal_point) ? "" : _("note "), - quote (((char []) {decimal_point, 0}))); - - } -@@ -2610,11 +2972,87 @@ key_warnings (struct keyfield const *gkey, bool gkey_only) - error (0, 0, _("option '-r' only applies to last-resort comparison")); - } - -+#if HAVE_MBRTOWC -+static int -+getmonth_mb (const char *s, size_t len, char **ea) -+{ -+ char *month; -+ register size_t i; -+ register int lo = 0, hi = MONTHS_PER_YEAR, result; -+ char *tmp; -+ size_t wclength, mblength; -+ const char *pp; -+ const wchar_t *wpp; -+ wchar_t *month_wcs; -+ mbstate_t state; -+ -+ while (len > 0 && ismbblank (s, len, &mblength)) -+ { -+ s += mblength; -+ len -= mblength; -+ } -+ -+ if (len == 0) -+ return 0; -+ -+ if (SIZE_MAX - len < 1) -+ xalloc_die (); -+ -+ month = (char *) xnmalloc (len + 1, MB_CUR_MAX); -+ -+ pp = tmp = (char *) xnmalloc (len + 1, MB_CUR_MAX); -+ memcpy (tmp, s, len); -+ tmp[len] = '\0'; -+ wpp = month_wcs = (wchar_t *) xnmalloc (len + 1, sizeof (wchar_t)); -+ memset (&state, '\0', sizeof (mbstate_t)); -+ -+ wclength = mbsrtowcs (month_wcs, &pp, len + 1, &state); -+ if (wclength == (size_t)-1 || pp != NULL) -+ error (SORT_FAILURE, 0, _("Invalid multibyte input %s."), quote(s)); -+ -+ for (i = 0; i < wclength; i++) -+ { -+ month_wcs[i] = towupper(month_wcs[i]); -+ if (iswblank (month_wcs[i])) -+ { -+ month_wcs[i] = L'\0'; -+ break; -+ } -+ } -+ -+ mblength = wcsrtombs (month, &wpp, (len + 1) * MB_CUR_MAX, &state); -+ assert (mblength != (-1) && wpp == NULL); -+ -+ do -+ { -+ int ix = (lo + hi) / 2; -+ -+ if (strncmp (month, monthtab[ix].name, strlen (monthtab[ix].name)) < 0) -+ hi = ix; -+ else -+ lo = ix; -+ } -+ while (hi - lo > 1); -+ -+ result = (!strncmp (month, monthtab[lo].name, strlen (monthtab[lo].name)) -+ ? monthtab[lo].val : 0); -+ -+ if (ea && result) -+ *ea = (char*) s + strlen (monthtab[lo].name); -+ -+ free (month); -+ free (tmp); -+ free (month_wcs); -+ -+ return result; -+} -+#endif -+ - /* Compare two lines A and B trying every key in sequence until there - are no more keys or a difference is found. */ - - static int --keycompare (struct line const *a, struct line const *b) -+keycompare_uni (const struct line *a, const struct line *b) - { - struct keyfield *key = keylist; - -@@ -2699,7 +3137,7 @@ keycompare (struct line const *a, struct line const *b) - else if (key->human_numeric) - diff = human_numcompare (ta, tb); - else if (key->month) -- diff = getmonth (ta, NULL) - getmonth (tb, NULL); -+ diff = getmonth (ta, tlena, NULL) - getmonth (tb, tlenb, NULL); - else if (key->random) - diff = compare_random (ta, tlena, tb, tlenb); - else if (key->version) -@@ -2815,6 +3253,211 @@ keycompare (struct line const *a, struct line const *b) - return key->reverse ? -diff : diff; - } - -+#if HAVE_MBRTOWC -+static int -+keycompare_mb (const struct line *a, const struct line *b) -+{ -+ struct keyfield *key = keylist; -+ -+ /* For the first iteration only, the key positions have been -+ precomputed for us. */ -+ char *texta = a->keybeg; -+ char *textb = b->keybeg; -+ char *lima = a->keylim; -+ char *limb = b->keylim; -+ -+ size_t mblength_a, mblength_b; -+ wchar_t wc_a, wc_b; -+ mbstate_t state_a, state_b; -+ -+ int diff = 0; -+ -+ memset (&state_a, '\0', sizeof(mbstate_t)); -+ memset (&state_b, '\0', sizeof(mbstate_t)); -+ /* Ignore keys with start after end. */ -+ if (a->keybeg - a->keylim > 0) -+ return 0; -+ -+ -+ /* Ignore and/or translate chars before comparing. */ -+# define IGNORE_CHARS(NEW_LEN, LEN, TEXT, COPY, WC, MBLENGTH, STATE) \ -+ do \ -+ { \ -+ wchar_t uwc; \ -+ char mbc[MB_LEN_MAX]; \ -+ mbstate_t state_wc; \ -+ \ -+ for (NEW_LEN = i = 0; i < LEN;) \ -+ { \ -+ mbstate_t state_bak; \ -+ \ -+ state_bak = STATE; \ -+ MBLENGTH = mbrtowc (&WC, TEXT + i, LEN - i, &STATE); \ -+ \ -+ if (MBLENGTH == (size_t)-2 || MBLENGTH == (size_t)-1 \ -+ || MBLENGTH == 0) \ -+ { \ -+ if (MBLENGTH == (size_t)-2 || MBLENGTH == (size_t)-1) \ -+ STATE = state_bak; \ -+ if (!ignore) \ -+ COPY[NEW_LEN++] = TEXT[i]; \ -+ i++; \ -+ continue; \ -+ } \ -+ \ -+ if (ignore) \ -+ { \ -+ if ((ignore == nonprinting && !iswprint (WC)) \ -+ || (ignore == nondictionary \ -+ && !iswalnum (WC) && !iswblank (WC))) \ -+ { \ -+ i += MBLENGTH; \ -+ continue; \ -+ } \ -+ } \ -+ \ -+ if (translate) \ -+ { \ -+ \ -+ uwc = towupper(WC); \ -+ if (WC == uwc) \ -+ { \ -+ memcpy (mbc, TEXT + i, MBLENGTH); \ -+ i += MBLENGTH; \ -+ } \ -+ else \ -+ { \ -+ i += MBLENGTH; \ -+ WC = uwc; \ -+ memset (&state_wc, '\0', sizeof (mbstate_t)); \ -+ \ -+ MBLENGTH = wcrtomb (mbc, WC, &state_wc); \ -+ assert (MBLENGTH != (size_t)-1 && MBLENGTH != 0); \ -+ } \ -+ \ -+ for (j = 0; j < MBLENGTH; j++) \ -+ COPY[NEW_LEN++] = mbc[j]; \ -+ } \ -+ else \ -+ for (j = 0; j < MBLENGTH; j++) \ -+ COPY[NEW_LEN++] = TEXT[i++]; \ -+ } \ -+ COPY[NEW_LEN] = '\0'; \ -+ } \ -+ while (0) -+ -+ /* Actually compare the fields. */ -+ -+ for (;;) -+ { -+ /* Find the lengths. */ -+ size_t lena = lima <= texta ? 0 : lima - texta; -+ size_t lenb = limb <= textb ? 0 : limb - textb; -+ -+ char enda IF_LINT (= 0); -+ char endb IF_LINT (= 0); -+ -+ char const *translate = key->translate; -+ bool const *ignore = key->ignore; -+ -+ if (ignore || translate) -+ { -+ if (SIZE_MAX - lenb - 2 < lena) -+ xalloc_die (); -+ char *copy_a = (char *) xnmalloc (lena + lenb + 2, MB_CUR_MAX); -+ char *copy_b = copy_a + lena * MB_CUR_MAX + 1; -+ size_t new_len_a, new_len_b; -+ size_t i, j; -+ -+ IGNORE_CHARS (new_len_a, lena, texta, copy_a, -+ wc_a, mblength_a, state_a); -+ IGNORE_CHARS (new_len_b, lenb, textb, copy_b, -+ wc_b, mblength_b, state_b); -+ texta = copy_a; textb = copy_b; -+ lena = new_len_a; lenb = new_len_b; -+ } -+ else -+ { -+ /* Use the keys in-place, temporarily null-terminated. */ -+ enda = texta[lena]; texta[lena] = '\0'; -+ endb = textb[lenb]; textb[lenb] = '\0'; -+ } -+ -+ if (key->random) -+ diff = compare_random (texta, lena, textb, lenb); -+ else if (key->numeric | key->general_numeric | key->human_numeric) -+ { -+ char savea = *lima, saveb = *limb; -+ -+ *lima = *limb = '\0'; -+ diff = (key->numeric ? numcompare (texta, textb) -+ : key->general_numeric ? general_numcompare (texta, textb) -+ : human_numcompare (texta, textb)); -+ *lima = savea, *limb = saveb; -+ } -+ else if (key->version) -+ diff = filevercmp (texta, textb); -+ else if (key->month) -+ diff = getmonth (texta, lena, NULL) - getmonth (textb, lenb, NULL); -+ else if (lena == 0) -+ diff = - NONZERO (lenb); -+ else if (lenb == 0) -+ diff = 1; -+ else if (hard_LC_COLLATE && !folding) -+ { -+ diff = xmemcoll0 (texta, lena + 1, textb, lenb + 1); -+ } -+ else -+ { -+ diff = memcmp (texta, textb, MIN (lena, lenb)); -+ if (diff == 0) -+ diff = lena < lenb ? -1 : lena != lenb; -+ } -+ -+ if (ignore || translate) -+ free (texta); -+ else -+ { -+ texta[lena] = enda; -+ textb[lenb] = endb; -+ } -+ -+ if (diff) -+ goto not_equal; -+ -+ key = key->next; -+ if (! key) -+ break; -+ -+ /* Find the beginning and limit of the next field. */ -+ if (key->eword != -1) -+ lima = limfield (a, key), limb = limfield (b, key); -+ else -+ lima = a->text + a->length - 1, limb = b->text + b->length - 1; -+ -+ if (key->sword != -1) -+ texta = begfield (a, key), textb = begfield (b, key); -+ else -+ { -+ texta = a->text, textb = b->text; -+ if (key->skipsblanks) -+ { -+ while (texta < lima && ismbblank (texta, lima - texta, &mblength_a)) -+ texta += mblength_a; -+ while (textb < limb && ismbblank (textb, limb - textb, &mblength_b)) -+ textb += mblength_b; -+ } -+ } -+ } -+ -+not_equal: -+ if (key && key->reverse) -+ return -diff; -+ else -+ return diff; -+} -+#endif -+ - /* Compare two lines A and B, returning negative, zero, or positive - depending on whether A compares less than, equal to, or greater than B. */ - -@@ -2842,7 +3485,7 @@ compare (struct line const *a, struct line const *b) - diff = - NONZERO (blen); - else if (blen == 0) - diff = 1; -- else if (hard_LC_COLLATE) -+ else if (hard_LC_COLLATE && !folding) - { - /* xmemcoll0 is a performance enhancement as - it will not unconditionally write '\0' after the -@@ -4226,6 +4869,7 @@ set_ordering (char const *s, struct keyfield *key, enum blanktype blanktype) - break; - case 'f': - key->translate = fold_toupper; -+ folding = true; - break; - case 'g': - key->general_numeric = true; -@@ -4305,7 +4949,7 @@ main (int argc, char **argv) - initialize_exit_failure (SORT_FAILURE); - - hard_LC_COLLATE = hard_locale (LC_COLLATE); --#if HAVE_NL_LANGINFO -+#if HAVE_LANGINFO_CODESET - hard_LC_TIME = hard_locale (LC_TIME); - #endif - -@@ -4328,6 +4972,29 @@ main (int argc, char **argv) - thousands_sep = NON_CHAR; - } - -+#if HAVE_MBRTOWC -+ if (MB_CUR_MAX > 1) -+ { -+ inittables = inittables_mb; -+ begfield = begfield_mb; -+ limfield = limfield_mb; -+ skipblanks = skipblanks_mb; -+ getmonth = getmonth_mb; -+ keycompare = keycompare_mb; -+ numcompare = numcompare_mb; -+ } -+ else -+#endif -+ { -+ inittables = inittables_uni; -+ begfield = begfield_uni; -+ limfield = limfield_uni; -+ skipblanks = skipblanks_uni; -+ getmonth = getmonth_uni; -+ keycompare = keycompare_uni; -+ numcompare = numcompare_uni; -+ } -+ - have_read_stdin = false; - inittables (); - -@@ -4602,13 +5269,34 @@ main (int argc, char **argv) - - case 't': - { -- char newtab = optarg[0]; -- if (! newtab) -+ char newtab[MB_LEN_MAX + 1]; -+ size_t newtab_length = 1; -+ strncpy (newtab, optarg, MB_LEN_MAX); -+ if (! newtab[0]) - die (SORT_FAILURE, 0, _("empty tab")); -- if (optarg[1]) -+#if HAVE_MBRTOWC -+ if (MB_CUR_MAX > 1) -+ { -+ wchar_t wc; -+ mbstate_t state; -+ -+ memset (&state, '\0', sizeof (mbstate_t)); -+ newtab_length = mbrtowc (&wc, newtab, strnlen (newtab, -+ MB_LEN_MAX), -+ &state); -+ switch (newtab_length) -+ { -+ case (size_t) -1: -+ case (size_t) -2: -+ case 0: -+ newtab_length = 1; -+ } -+ } -+#endif -+ if (newtab_length == 1 && optarg[1]) - { - if (STREQ (optarg, "\\0")) -- newtab = '\0'; -+ newtab[0] = '\0'; - else - { - /* Provoke with 'sort -txx'. Complain about -@@ -4619,9 +5307,11 @@ main (int argc, char **argv) - quote (optarg)); - } - } -- if (tab != TAB_DEFAULT && tab != newtab) -+ if (tab_length && (tab_length != newtab_length -+ || memcmp (tab, newtab, tab_length) != 0)) - die (SORT_FAILURE, 0, _("incompatible tabs")); -- tab = newtab; -+ memcpy (tab, newtab, newtab_length); -+ tab_length = newtab_length; - } - break; - -diff --git a/src/unexpand.c b/src/unexpand.c -index 7d6100f..04cd646 100644 ---- a/src/unexpand.c -+++ b/src/unexpand.c -@@ -38,6 +38,9 @@ - #include - #include - #include -+ -+#include -+ - #include "system.h" - #include "die.h" - -@@ -106,24 +109,47 @@ unexpand (void) - { - /* Input stream. */ - FILE *fp = next_file (NULL); -+ mb_file_t mbf; - - /* The array of pending blanks. In non-POSIX locales, blanks can - include characters other than spaces, so the blanks must be - stored, not merely counted. */ -- char *pending_blank; -+ mbf_char_t *pending_blank; -+ /* True if the starting locale is utf8. */ -+ bool using_utf_locale; -+ -+ /* True if the first file contains BOM header. */ -+ bool found_bom; -+ using_utf_locale=check_utf_locale(); - - if (!fp) - return; -+ mbf_init (mbf, fp); -+ found_bom=check_bom(fp,&mbf); -+ -+ if (using_utf_locale == false && found_bom == true) -+ { -+ /*try using some predefined locale */ - -+ if (set_utf_locale () != 0) -+ { -+ error (EXIT_FAILURE, errno, _("cannot set UTF-8 locale")); -+ } -+ } - /* The worst case is a non-blank character, then one blank, then a - tab stop, then MAX_COLUMN_WIDTH - 1 blanks, then a non-blank; so - allocate MAX_COLUMN_WIDTH bytes to store the blanks. */ -- pending_blank = xmalloc (max_column_width); -+ pending_blank = xmalloc (max_column_width * sizeof (mbf_char_t)); -+ -+ if (found_bom == true) -+ { -+ print_bom(); -+ } - - while (true) - { - /* Input character, or EOF. */ -- int c; -+ mbf_char_t c; - - /* If true, perform translations. */ - bool convert = true; -@@ -157,12 +183,44 @@ unexpand (void) - - do - { -- while ((c = getc (fp)) < 0 && (fp = next_file (fp))) -- continue; -+ while (true) { -+ mbf_getc (c, mbf); -+ if ((mb_iseof (c)) && (fp = next_file (fp))) -+ { -+ mbf_init (mbf, fp); -+ if (fp!=NULL) -+ { -+ if (check_bom(fp,&mbf)==true) -+ { -+ /*Not the first file - check BOM header*/ -+ if (using_utf_locale==false && found_bom==false) -+ { -+ /*BOM header in subsequent file but not in the first one. */ -+ error (EXIT_FAILURE, errno, _("combination of files with and without BOM header")); -+ } -+ } -+ else -+ { -+ if(using_utf_locale==false && found_bom==true) -+ { -+ /*First file conatined BOM header - locale was switched to UTF -+ *all subsequent files should contain BOM. */ -+ error (EXIT_FAILURE, errno, _("combination of files with and without BOM header")); -+ } -+ } -+ } -+ continue; -+ } -+ else -+ { -+ break; -+ } -+ } -+ - - if (convert) - { -- bool blank = !! isblank (c); -+ bool blank = mb_isblank (c); - - if (blank) - { -@@ -179,16 +237,16 @@ unexpand (void) - if (next_tab_column < column) - die (EXIT_FAILURE, 0, _("input line is too long")); - -- if (c == '\t') -+ if (mb_iseq (c, '\t')) - { - column = next_tab_column; - - if (pending) -- pending_blank[0] = '\t'; -+ mb_setascii (&pending_blank[0], '\t'); - } - else - { -- column++; -+ column += mb_width (c); - - if (! (prev_blank && column == next_tab_column)) - { -@@ -196,13 +254,14 @@ unexpand (void) - will be replaced by tabs. */ - if (column == next_tab_column) - one_blank_before_tab_stop = true; -- pending_blank[pending++] = c; -+ mb_copy (&pending_blank[pending++], &c); - prev_blank = true; - continue; - } - - /* Replace the pending blanks by a tab or two. */ -- pending_blank[0] = c = '\t'; -+ mb_setascii (&c, '\t'); -+ mb_setascii (&pending_blank[0], '\t'); - } - - /* Discard pending blanks, unless it was a single -@@ -210,7 +269,7 @@ unexpand (void) - pending = one_blank_before_tab_stop; - } - } -- else if (c == '\b') -+ else if (mb_iseq (c, '\b')) - { - /* Go back one column, and force recalculation of the - next tab stop. */ -@@ -218,9 +277,9 @@ unexpand (void) - next_tab_column = column; - tab_index -= !!tab_index; - } -- else -+ else if (!mb_iseq (c, '\n')) - { -- column++; -+ column += mb_width (c); - if (!column) - die (EXIT_FAILURE, 0, _("input line is too long")); - } -@@ -228,8 +287,11 @@ unexpand (void) - if (pending) - { - if (pending > 1 && one_blank_before_tab_stop) -- pending_blank[0] = '\t'; -- if (fwrite (pending_blank, 1, pending, stdout) != pending) -+ mb_setascii (&pending_blank[0], '\t'); -+ -+ for (int n = 0; n < pending; ++n) -+ mb_putc (pending_blank[n], stdout); -+ if (ferror (stdout)) - die (EXIT_FAILURE, errno, _("write error")); - pending = 0; - one_blank_before_tab_stop = false; -@@ -239,16 +301,17 @@ unexpand (void) - convert &= convert_entire_line || blank; - } - -- if (c < 0) -+ if (mb_iseof (c)) - { - free (pending_blank); - return; - } - -- if (putchar (c) < 0) -+ mb_putc (c, stdout); -+ if (ferror (stdout)) - die (EXIT_FAILURE, errno, _("write error")); - } -- while (c != '\n'); -+ while (!mb_iseq (c, '\n')); - } - } - -diff --git a/src/uniq.c b/src/uniq.c -index e5996f0..871d47c 100644 ---- a/src/uniq.c -+++ b/src/uniq.c -@@ -21,6 +21,17 @@ - #include - #include - -+/* Get mbstate_t, mbrtowc(). */ -+#if HAVE_WCHAR_H -+# include -+#endif -+ -+/* Get isw* functions. */ -+#if HAVE_WCTYPE_H -+# include -+#endif -+#include -+ - #include "system.h" - #include "argmatch.h" - #include "linebuffer.h" -@@ -33,6 +44,18 @@ - #include "memcasecmp.h" - #include "quote.h" - -+/* MB_LEN_MAX is incorrectly defined to be 1 in at least one GCC -+ installation; work around this configuration error. */ -+#if !defined MB_LEN_MAX || MB_LEN_MAX < 2 -+# define MB_LEN_MAX 16 -+#endif -+ -+/* Some systems, like BeOS, have multibyte encodings but lack mbstate_t. */ -+#if HAVE_MBRTOWC && defined mbstate_t -+# define mbrtowc(pwc, s, n, ps) (mbrtowc) (pwc, s, n, 0) -+#endif -+ -+ - /* The official name of this program (e.g., no 'g' prefix). */ - #define PROGRAM_NAME "uniq" - -@@ -139,6 +162,10 @@ enum - GROUP_OPTION = CHAR_MAX + 1 - }; - -+/* Function pointers. */ -+static char * -+(*find_field) (struct linebuffer *line); -+ - static struct option const longopts[] = - { - {"count", no_argument, NULL, 'c'}, -@@ -254,7 +281,7 @@ size_opt (char const *opt, char const *msgid) - - ATTRIBUTE_PURE - static char * --find_field (struct linebuffer const *line) -+find_field_uni (struct linebuffer *line) - { - size_t count; - char const *lp = line->buffer; -@@ -274,6 +301,83 @@ find_field (struct linebuffer const *line) - return line->buffer + i; - } - -+#if HAVE_MBRTOWC -+ -+# define MBCHAR_TO_WCHAR(WC, MBLENGTH, LP, POS, SIZE, STATEP, CONVFAIL) \ -+ do \ -+ { \ -+ mbstate_t state_bak; \ -+ \ -+ CONVFAIL = 0; \ -+ state_bak = *STATEP; \ -+ \ -+ MBLENGTH = mbrtowc (&WC, LP + POS, SIZE - POS, STATEP); \ -+ \ -+ switch (MBLENGTH) \ -+ { \ -+ case (size_t)-2: \ -+ case (size_t)-1: \ -+ *STATEP = state_bak; \ -+ CONVFAIL++; \ -+ /* Fall through */ \ -+ case 0: \ -+ MBLENGTH = 1; \ -+ } \ -+ } \ -+ while (0) -+ -+static char * -+find_field_multi (struct linebuffer *line) -+{ -+ size_t count; -+ char *lp = line->buffer; -+ size_t size = line->length - 1; -+ size_t pos; -+ size_t mblength; -+ wchar_t wc; -+ mbstate_t *statep; -+ int convfail = 0; -+ -+ pos = 0; -+ statep = &(line->state); -+ -+ /* skip fields. */ -+ for (count = 0; count < skip_fields && pos < size; count++) -+ { -+ while (pos < size) -+ { -+ MBCHAR_TO_WCHAR (wc, mblength, lp, pos, size, statep, convfail); -+ -+ if (convfail || !(iswblank (wc) || wc == '\n')) -+ { -+ pos += mblength; -+ break; -+ } -+ pos += mblength; -+ } -+ -+ while (pos < size) -+ { -+ MBCHAR_TO_WCHAR (wc, mblength, lp, pos, size, statep, convfail); -+ -+ if (!convfail && (iswblank (wc) || wc == '\n')) -+ break; -+ -+ pos += mblength; -+ } -+ } -+ -+ /* skip fields. */ -+ for (count = 0; count < skip_chars && pos < size; count++) -+ { -+ MBCHAR_TO_WCHAR (wc, mblength, lp, pos, size, statep, convfail); -+ pos += mblength; -+ } -+ -+ return lp + pos; -+} -+#endif -+ - /* Return false if two strings OLD and NEW match, true if not. - OLD and NEW point not to the beginnings of the lines - but rather to the beginnings of the fields to compare. -@@ -494,6 +598,19 @@ main (int argc, char **argv) - - atexit (close_stdout); - -+#if HAVE_MBRTOWC -+ if (MB_CUR_MAX > 1) -+ { -+ find_field = find_field_multi; -+ } -+ else -+#endif -+ { -+ find_field = find_field_uni; -+ } -+ -+ -+ - skip_chars = 0; - skip_fields = 0; - check_chars = SIZE_MAX; -diff --git a/tests/Coreutils.pm b/tests/Coreutils.pm -index fad7ab9..c9021a6 100644 ---- a/tests/Coreutils.pm -+++ b/tests/Coreutils.pm -@@ -264,6 +264,9 @@ sub run_tests ($$$$$) - # Yes, this is an arbitrary limit. If it causes trouble, - # consider removing it. - my $max = 30; -+ # The downstream i18n multi-byte tests have a "-mb" suffix. -+ # Therefore add 3 to the maximum test name length. -+ $max += 3; - if ($max < length $test_name) - { - warn "$program_name: $test_name: test name is too long (> $max)\n"; -diff --git a/tests/expand/mb.sh b/tests/expand/mb.sh -new file mode 100755 -index 0000000..dd6007c ---- /dev/null -+++ b/tests/expand/mb.sh -@@ -0,0 +1,183 @@ -+#!/bin/sh -+ -+# Copyright (C) 2012-2015 Free Software Foundation, Inc. -+ -+# This program is free software: you can redistribute it and/or modify -+# it under the terms of the GNU General Public License as published by -+# the Free Software Foundation, either version 3 of the License, or -+# (at your option) any later version. -+ -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+ -+# You should have received a copy of the GNU General Public License -+# along with this program. If not, see . -+ -+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src -+print_ver_ expand -+ -+export LC_ALL=en_US.UTF-8 -+ -+#input containing multibyte characters -+cat <<\EOF > in || framework_failure_ -+1234567812345678123456781 -+. . . . -+a b c d -+. . . . -+ä ö ü ß -+. . . . -+EOF -+env printf ' äöü\t. öüä. \tä xx\n' >> in || framework_failure_ -+ -+cat <<\EOF > exp || framework_failure_ -+1234567812345678123456781 -+. . . . -+a b c d -+. . . . -+ä ö ü ß -+. . . . -+ äöü . öüä. ä xx -+EOF -+ -+expand < in > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+#multiple files as an input -+cat <<\EOF >> exp || framework_failure_ -+1234567812345678123456781 -+. . . . -+a b c d -+. . . . -+ä ö ü ß -+. . . . -+ äöü . öüä. ä xx -+EOF -+ -+expand ./in ./in > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+#test characters with display widths != 1 -+env printf '12345678 -+e\t|ascii(1) -+\u00E9\t|composed(1) -+e\u0301\t|decomposed(1) -+\u3000\t|ideo-space(2) -+\uFF0D\t|full-hypen(2) -+' > in || framework_failure_ -+ -+env printf '12345678 -+e |ascii(1) -+\u00E9 |composed(1) -+e\u0301 |decomposed(1) -+\u3000 |ideo-space(2) -+\uFF0D |full-hypen(2) -+' > exp || framework_failure_ -+ -+expand < in > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+#shouldn't fail with "input line too long" -+#when a line starts with a control character -+env printf '\n' > in || framework_failure_ -+ -+expand < in > out || fail=1 -+compare in out > /dev/null 2>&1 || fail=1 -+ -+#non-Unicode characters interspersed between Unicode ones -+env printf '12345678 -+\t\xFF| -+\xFF\t| -+\t\xFFä| -+ä\xFF\t| -+\tä\xFF| -+\xFF\tä| -+äbcdef\xFF\t| -+' > in || framework_failure_ -+ -+env printf '12345678 -+ \xFF| -+\xFF | -+ \xFFä| -+ä\xFF | -+ ä\xFF| -+\xFF ä| -+äbcdef\xFF | -+' > exp || framework_failure_ -+ -+expand < in > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+ -+ -+#BOM header test 1 -+printf "\xEF\xBB\xBF" > in; cat <<\EOF >> in || framework_failure_ -+1234567812345678123456781 -+. . . . -+a b c d -+. . . . -+ä ö ü ß -+. . . . -+EOF -+env printf ' äöü\t. öüä. \tä xx\n' >> in || framework_failure_ -+ -+printf "\xEF\xBB\xBF" > exp; cat <<\EOF >> exp || framework_failure_ -+1234567812345678123456781 -+. . . . -+a b c d -+. . . . -+ä ö ü ß -+. . . . -+ äöü . öüä. ä xx -+EOF -+ -+ -+expand < in > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+LANG=C expand < in > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+LC_ALL=C expand < in > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+ -+printf '\xEF\xBB\xBF' > in1; cat <<\EOF >> in1 || framework_failure_ -+1234567812345678123456781 -+. . . . -+a b c d -+. . . . -+ä ö ü ß -+. . . . -+EOF -+env printf ' äöü\t. öüä. \tä xx\n' >> in1 || framework_failure_ -+ -+ -+printf '\xEF\xBB\xBF' > exp; cat <<\EOF >> exp || framework_failure_ -+1234567812345678123456781 -+. . . . -+a b c d -+. . . . -+ä ö ü ß -+. . . . -+ äöü . öüä. ä xx -+1234567812345678123456781 -+. . . . -+a b c d -+. . . . -+ä ö ü ß -+. . . . -+ äöü . öüä. ä xx -+EOF -+ -+expand in1 in1 > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+LANG=C expand in1 in1 > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+LC_ALL=C expand in1 in1 > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+exit $fail -diff --git a/tests/i18n/sort.sh b/tests/i18n/sort.sh -new file mode 100755 -index 0000000..26c95de ---- /dev/null -+++ b/tests/i18n/sort.sh -@@ -0,0 +1,29 @@ -+#!/bin/sh -+# Verify sort's multi-byte support. -+ -+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src -+print_ver_ sort -+ -+export LC_ALL=en_US.UTF-8 -+locale -k LC_CTYPE | grep -q "charmap.*UTF-8" \ -+ || skip_ "No UTF-8 locale available" -+ -+# Enable heap consistency checkng on older systems -+export MALLOC_CHECK_=2 -+ -+ -+# check buffer overflow issue due to -+# expanding multi-byte representation due to case conversion -+# https://bugzilla.suse.com/show_bug.cgi?id=928749 -+cat < exp -+. -+ɑ -+EOF -+cat < out || fail=1 -+. -+ɑ -+EOF -+compare exp out || { fail=1; cat out; } -+ -+ -+Exit $fail -diff --git a/tests/local.mk b/tests/local.mk -index 0f77786..dbe1843 100644 ---- a/tests/local.mk -+++ b/tests/local.mk -@@ -377,6 +377,8 @@ all_tests = \ - tests/misc/sort-discrim.sh \ - tests/misc/sort-files0-from.pl \ - tests/misc/sort-float.sh \ -+ tests/misc/sort-mb-tests.sh \ -+ tests/i18n/sort.sh \ - tests/misc/sort-h-thousands-sep.sh \ - tests/misc/sort-merge.pl \ - tests/misc/sort-merge-fdlimit.sh \ -@@ -576,6 +578,7 @@ all_tests = \ - tests/du/threshold.sh \ - tests/du/trailing-slash.sh \ - tests/du/two-args.sh \ -+ tests/expand/mb.sh \ - tests/id/gnu-zero-uids.sh \ - tests/id/no-context.sh \ - tests/id/context.sh \ -@@ -727,6 +730,7 @@ all_tests = \ - tests/touch/read-only.sh \ - tests/touch/relative.sh \ - tests/touch/trailing-slash.sh \ -+ tests/unexpand/mb.sh \ - $(all_root_tests) - - # See tests/factor/create-test.sh. -diff --git a/tests/misc/expand.pl b/tests/misc/expand.pl -index 7a77e6f..27f6652 100755 ---- a/tests/misc/expand.pl -+++ b/tests/misc/expand.pl -@@ -27,6 +27,15 @@ my $prog = 'expand'; - # Turn off localization of executable's output. - @ENV{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3; - -+#comment out next line to disable multibyte tests -+my $mb_locale = $ENV{LOCALE_FR_UTF8}; -+! defined $mb_locale || $mb_locale eq 'none' -+ and $mb_locale = 'C'; -+ -+my $prog = 'expand'; -+my $try = "Try \`$prog --help' for more information.\n"; -+my $inval = "$prog: invalid byte, character or field list\n$try"; -+ - my @Tests = - ( - ['t1', '--tabs=3', {IN=>"a\tb"}, {OUT=>"a b"}], -@@ -168,6 +177,8 @@ my @Tests = - - - # Test errors -+ # FIXME: The following tests contain ‘quoting’ specific to LC_MESSAGES -+ # So we force LC_MESSAGES=C to make them pass. - ['e1', '--tabs="a"', {IN=>''}, {OUT=>''}, {EXIT=>1}, - {ERR => "$prog: tab size contains invalid character(s): 'a'\n"}], - ['e2', "-t $UINTMAX_OFLOW", {IN=>''}, {OUT=>''}, {EXIT=>1}, -@@ -184,6 +195,37 @@ my @Tests = - {ERR => "$prog: '/' specifier not at start of number: '/'\n"}], - ); - -+if ($mb_locale ne 'C') -+ { -+ # Duplicate each test vector, appending "-mb" to the test name and -+ # inserting {ENV => "LC_ALL=$mb_locale"} in the copy, so that we -+ # provide coverage for the distro-added multi-byte code paths. -+ my @new; -+ foreach my $t (@Tests) -+ { -+ my @new_t = @$t; -+ my $test_name = shift @new_t; -+ -+ # Depending on whether expand is multi-byte-patched, -+ # it emits different diagnostics: -+ # non-MB: invalid byte or field list -+ # MB: invalid byte, character or field list -+ # Adjust the expected error output accordingly. -+ if (grep {ref $_ eq 'HASH' && exists $_->{ERR} && $_->{ERR} eq $inval} -+ (@new_t)) -+ { -+ my $sub = {ERR_SUBST => 's/, character//'}; -+ push @new_t, $sub; -+ push @$t, $sub; -+ } -+ push @new, ["$test_name-mb", @new_t, {ENV => "LANG=$mb_locale LC_MESSAGES=C"}]; -+ } -+ push @Tests, @new; -+ } -+ -+ -+@Tests = triple_test \@Tests; -+ - my $save_temps = $ENV{DEBUG}; - my $verbose = $ENV{VERBOSE}; - -diff --git a/tests/misc/fold.pl b/tests/misc/fold.pl -index 2834f92..bc1616a 100755 ---- a/tests/misc/fold.pl -+++ b/tests/misc/fold.pl -@@ -20,9 +20,18 @@ use strict; - - (my $program_name = $0) =~ s|.*/||; - -+my $prog = 'fold'; -+my $try = "Try \`$prog --help' for more information.\n"; -+my $inval = "$prog: invalid byte, character or field list\n$try"; -+ - # Turn off localization of executable's output. - @ENV{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3; - -+# uncommented to enable multibyte paths -+my $mb_locale = $ENV{LOCALE_FR_UTF8}; -+! defined $mb_locale || $mb_locale eq 'none' -+ and $mb_locale = 'C'; -+ - my @Tests = - ( - ['s1', '-w2 -s', {IN=>"a\t"}, {OUT=>"a\n\t"}], -@@ -31,9 +40,48 @@ my @Tests = - ['s4', '-w4 -s', {IN=>"abc ef\n"}, {OUT=>"abc \nef\n"}], - ); - -+# Add _POSIX2_VERSION=199209 to the environment of each test -+# that uses an old-style option like +1. -+if ($mb_locale ne 'C') -+ { -+ # Duplicate each test vector, appending "-mb" to the test name and -+ # inserting {ENV => "LC_ALL=$mb_locale"} in the copy, so that we -+ # provide coverage for the distro-added multi-byte code paths. -+ my @new; -+ foreach my $t (@Tests) -+ { -+ my @new_t = @$t; -+ my $test_name = shift @new_t; -+ -+ # Depending on whether fold is multi-byte-patched, -+ # it emits different diagnostics: -+ # non-MB: invalid byte or field list -+ # MB: invalid byte, character or field list -+ # Adjust the expected error output accordingly. -+ if (grep {ref $_ eq 'HASH' && exists $_->{ERR} && $_->{ERR} eq $inval} -+ (@new_t)) -+ { -+ my $sub = {ERR_SUBST => 's/, character//'}; -+ push @new_t, $sub; -+ push @$t, $sub; -+ } -+ push @new, ["$test_name-mb", @new_t, {ENV => "LC_ALL=$mb_locale"}]; -+ } -+ push @Tests, @new; -+ } -+ -+@Tests = triple_test \@Tests; -+ -+# Remember that triple_test creates from each test with exactly one "IN" -+# file two more tests (.p and .r suffix on name) corresponding to reading -+# input from a file and from a pipe. The pipe-reading test would fail -+# due to a race condition about 1 in 20 times. -+# Remove the IN_PIPE version of the "output-is-input" test above. -+# The others aren't susceptible because they have three inputs each. -+@Tests = grep {$_->[0] ne 'output-is-input.p'} @Tests; -+ - my $save_temps = $ENV{DEBUG}; - my $verbose = $ENV{VERBOSE}; - --my $prog = 'fold'; - my $fail = run_tests ($program_name, $prog, \@Tests, $save_temps, $verbose); - exit $fail; -diff --git a/tests/misc/join.pl b/tests/misc/join.pl -index 06ad777..be40204 100755 ---- a/tests/misc/join.pl -+++ b/tests/misc/join.pl -@@ -25,6 +25,15 @@ my $limits = getlimits (); - - my $prog = 'join'; - -+my $try = "Try \`$prog --help' for more information.\n"; -+my $inval = "$prog: invalid byte, character or field list\n$try"; -+ -+my $mb_locale; -+#Comment out next line to disable multibyte tests -+$mb_locale = $ENV{LOCALE_FR_UTF8}; -+! defined $mb_locale || $mb_locale eq 'none' -+ and $mb_locale = 'C'; -+ - my $delim = chr 0247; - sub t_subst ($) - { -@@ -333,8 +342,49 @@ foreach my $t (@tv) - push @Tests, $new_ent; - } - -+# Add _POSIX2_VERSION=199209 to the environment of each test -+# that uses an old-style option like +1. -+if ($mb_locale ne 'C') -+ { -+ # Duplicate each test vector, appending "-mb" to the test name and -+ # inserting {ENV => "LC_ALL=$mb_locale"} in the copy, so that we -+ # provide coverage for the distro-added multi-byte code paths. -+ my @new; -+ foreach my $t (@Tests) -+ { -+ my @new_t = @$t; -+ my $test_name = shift @new_t; -+ -+ # Depending on whether join is multi-byte-patched, -+ # it emits different diagnostics: -+ # non-MB: invalid byte or field list -+ # MB: invalid byte, character or field list -+ # Adjust the expected error output accordingly. -+ if (grep {ref $_ eq 'HASH' && exists $_->{ERR} && $_->{ERR} eq $inval} -+ (@new_t)) -+ { -+ my $sub = {ERR_SUBST => 's/, character//'}; -+ push @new_t, $sub; -+ push @$t, $sub; -+ } -+ #Adjust the output some error messages including test_name for mb -+ if (grep {ref $_ eq 'HASH' && exists $_->{ERR}} -+ (@new_t)) -+ { -+ my $sub2 = {ERR_SUBST => "s/$test_name-mb/$test_name/"}; -+ push @new_t, $sub2; -+ push @$t, $sub2; -+ } -+ push @new, ["$test_name-mb", @new_t, {ENV => "LC_ALL=$mb_locale"}]; -+ } -+ push @Tests, @new; -+ } -+ - @Tests = triple_test \@Tests; - -+#skip invalid-j-mb test, it is failing because of the format -+@Tests = grep {$_->[0] ne 'invalid-j-mb'} @Tests; -+ - my $save_temps = $ENV{DEBUG}; - my $verbose = $ENV{VERBOSE}; - -diff --git a/tests/misc/sort-mb-tests.sh b/tests/misc/sort-mb-tests.sh -new file mode 100755 -index 0000000..11836ba ---- /dev/null -+++ b/tests/misc/sort-mb-tests.sh -@@ -0,0 +1,45 @@ -+#!/bin/sh -+# Verify sort's multi-byte support. -+ -+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src -+print_ver_ sort -+ -+export LC_ALL=en_US.UTF-8 -+locale -k LC_CTYPE | grep -q "charmap.*UTF-8" \ -+ || skip_ "No UTF-8 locale available" -+ -+ -+cat < exp -+Banana@5 -+Apple@10 -+Citrus@20 -+Cherry@30 -+EOF -+ -+cat < out || fail=1 -+Apple@10 -+Banana@5 -+Citrus@20 -+Cherry@30 -+EOF -+ -+compare exp out || { fail=1; cat out; } -+ -+ -+cat < exp -+Citrus@AA20@@5 -+Cherry@AA30@@10 -+Apple@AA10@@20 -+Banana@AA5@@30 -+EOF -+ -+cat < out || fail=1 -+Apple@AA10@@20 -+Banana@AA5@@30 -+Citrus@AA20@@5 -+Cherry@AA30@@10 -+EOF -+ -+compare exp out || { fail=1; cat out; } -+ -+Exit $fail -diff --git a/tests/misc/sort-merge.pl b/tests/misc/sort-merge.pl -index 7eb4574..eda884c 100755 ---- a/tests/misc/sort-merge.pl -+++ b/tests/misc/sort-merge.pl -@@ -26,6 +26,15 @@ my $prog = 'sort'; - # Turn off localization of executable's output. - @ENV{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3; - -+my $mb_locale; -+# uncommented according to upstream commit enabling multibyte paths -+$mb_locale = $ENV{LOCALE_FR_UTF8}; -+! defined $mb_locale || $mb_locale eq 'none' -+ and $mb_locale = 'C'; -+ -+my $try = "Try \`$prog --help' for more information.\n"; -+my $inval = "$prog: invalid byte, character or field list\n$try"; -+ - # three empty files and one that says 'foo' - my @inputs = (+(map{{IN=> {"empty$_"=> ''}}}1..3), {IN=> {foo=> "foo\n"}}); - -@@ -77,6 +86,39 @@ my @Tests = - {OUT=>$big_input}], - ); - -+# Add _POSIX2_VERSION=199209 to the environment of each test -+# that uses an old-style option like +1. -+if ($mb_locale ne 'C') -+ { -+ # Duplicate each test vector, appending "-mb" to the test name and -+ # inserting {ENV => "LC_ALL=$mb_locale"} in the copy, so that we -+ # provide coverage for the distro-added multi-byte code paths. -+ my @new; -+ foreach my $t (@Tests) -+ { -+ my @new_t = @$t; -+ my $test_name = shift @new_t; -+ -+ # Depending on whether sort is multi-byte-patched, -+ # it emits different diagnostics: -+ # non-MB: invalid byte or field list -+ # MB: invalid byte, character or field list -+ # Adjust the expected error output accordingly. -+ if (grep {ref $_ eq 'HASH' && exists $_->{ERR} && $_->{ERR} eq $inval} -+ (@new_t)) -+ { -+ my $sub = {ERR_SUBST => 's/, character//'}; -+ push @new_t, $sub; -+ push @$t, $sub; -+ } -+ next if ($test_name =~ "nmerge-."); -+ push @new, ["$test_name-mb", @new_t, {ENV => "LC_ALL=$mb_locale"}]; -+ } -+ push @Tests, @new; -+ } -+ -+@Tests = triple_test \@Tests; -+ - my $save_temps = $ENV{DEBUG}; - my $verbose = $ENV{VERBOSE}; - -diff --git a/tests/misc/sort.pl b/tests/misc/sort.pl -index 0b0adca..fd27821 100755 ---- a/tests/misc/sort.pl -+++ b/tests/misc/sort.pl -@@ -24,10 +24,15 @@ my $prog = 'sort'; - # Turn off localization of executable's output. - @ENV{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3; - --my $mb_locale = $ENV{LOCALE_FR_UTF8}; -+my $mb_locale; -+#Comment out next line to disable multibyte tests -+$mb_locale = $ENV{LOCALE_FR_UTF8}; - ! defined $mb_locale || $mb_locale eq 'none' - and $mb_locale = 'C'; - -+my $try = "Try \`$prog --help' for more information.\n"; -+my $inval = "$prog: invalid byte, character or field list\n$try"; -+ - # Since each test is run with a file name and with redirected stdin, - # the name in the diagnostic is either the file name or "-". - # Normalize each diagnostic to use '-'. -@@ -423,6 +428,38 @@ foreach my $t (@Tests) - } - } - -+if ($mb_locale ne 'C') -+ { -+ # Duplicate each test vector, appending "-mb" to the test name and -+ # inserting {ENV => "LC_ALL=$mb_locale"} in the copy, so that we -+ # provide coverage for the distro-added multi-byte code paths. -+ my @new; -+ foreach my $t (@Tests) -+ { -+ my @new_t = @$t; -+ my $test_name = shift @new_t; -+ -+ # Depending on whether sort is multi-byte-patched, -+ # it emits different diagnostics: -+ # non-MB: invalid byte or field list -+ # MB: invalid byte, character or field list -+ # Adjust the expected error output accordingly. -+ if (grep {ref $_ eq 'HASH' && exists $_->{ERR} && $_->{ERR} eq $inval} -+ (@new_t)) -+ { -+ my $sub = {ERR_SUBST => 's/, character//'}; -+ push @new_t, $sub; -+ push @$t, $sub; -+ } -+ #disable several failing tests until investigation, disable all tests with envvars set -+ next if (grep {ref $_ eq 'HASH' && exists $_->{ENV}} (@new_t)); -+ next if ($test_name =~ "18g" or $test_name =~ "sort-numeric" or $test_name =~ "08[ab]" or $test_name =~ "03[def]" or $test_name =~ "h4" or $test_name =~ "n1" or $test_name =~ "2[01]a"); -+ next if ($test_name =~ "11[ab]"); # avoid FP: expected result differs to MB result due to collation rules. -+ push @new, ["$test_name-mb", @new_t, {ENV => "LC_ALL=$mb_locale"}]; -+ } -+ push @Tests, @new; -+ } -+ - @Tests = triple_test \@Tests; - - # Remember that triple_test creates from each test with exactly one "IN" -@@ -432,6 +469,7 @@ foreach my $t (@Tests) - # Remove the IN_PIPE version of the "output-is-input" test above. - # The others aren't susceptible because they have three inputs each. - @Tests = grep {$_->[0] ne 'output-is-input.p'} @Tests; -+@Tests = grep {$_->[0] ne 'output-is-input-mb.p'} @Tests; - - my $save_temps = $ENV{DEBUG}; - my $verbose = $ENV{VERBOSE}; -diff --git a/tests/misc/unexpand.pl b/tests/misc/unexpand.pl -index 2e1906f..fe66012 100755 ---- a/tests/misc/unexpand.pl -+++ b/tests/misc/unexpand.pl -@@ -27,6 +27,14 @@ my $limits = getlimits (); - - my $prog = 'unexpand'; - -+# comment out next line to disable multibyte tests -+my $mb_locale = $ENV{LOCALE_FR_UTF8}; -+! defined $mb_locale || $mb_locale eq 'none' -+ and $mb_locale = 'C'; -+ -+my $try = "Try \`$prog --help' for more information.\n"; -+my $inval = "$prog: invalid byte, character or field list\n$try"; -+ - my @Tests = - ( - ['a1', {IN=> ' 'x 1 ."y\n"}, {OUT=> ' 'x 1 ."y\n"}], -@@ -128,6 +136,37 @@ my @Tests = - ['ts2', '-t5,8', {IN=>"x\t \t y\n"}, {OUT=>"x\t\t y\n"}], - ); - -+if ($mb_locale ne 'C') -+ { -+ # Duplicate each test vector, appending "-mb" to the test name and -+ # inserting {ENV => "LC_ALL=$mb_locale"} in the copy, so that we -+ # provide coverage for the distro-added multi-byte code paths. -+ my @new; -+ foreach my $t (@Tests) -+ { -+ my @new_t = @$t; -+ my $test_name = shift @new_t; -+ -+ # Depending on whether unexpand is multi-byte-patched, -+ # it emits different diagnostics: -+ # non-MB: invalid byte or field list -+ # MB: invalid byte, character or field list -+ # Adjust the expected error output accordingly. -+ if (grep {ref $_ eq 'HASH' && exists $_->{ERR} && $_->{ERR} eq $inval} -+ (@new_t)) -+ { -+ my $sub = {ERR_SUBST => 's/, character//'}; -+ push @new_t, $sub; -+ push @$t, $sub; -+ } -+ next if ($test_name =~ 'b-1'); -+ push @new, ["$test_name-mb", @new_t, {ENV => "LC_ALL=$mb_locale"}]; -+ } -+ push @Tests, @new; -+ } -+ -+@Tests = triple_test \@Tests; -+ - my $save_temps = $ENV{DEBUG}; - my $verbose = $ENV{VERBOSE}; - -diff --git a/tests/misc/uniq.pl b/tests/misc/uniq.pl -index aa163cd..91d617d 100755 ---- a/tests/misc/uniq.pl -+++ b/tests/misc/uniq.pl -@@ -23,9 +23,17 @@ my $limits = getlimits (); - my $prog = 'uniq'; - my $try = "Try '$prog --help' for more information.\n"; - -+my $inval = "$prog: invalid byte, character or field list\n$try"; -+ - # Turn off localization of executable's output. - @ENV{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3; - -+my $mb_locale; -+#Comment out next line to disable multibyte tests -+$mb_locale = $ENV{LOCALE_FR_UTF8}; -+! defined $mb_locale || $mb_locale eq 'none' -+ and $mb_locale = 'C'; -+ - # When possible, create a "-z"-testing variant of each test. - sub add_z_variants($) - { -@@ -262,6 +270,53 @@ foreach my $t (@Tests) - and push @$t, {ENV=>'_POSIX2_VERSION=199209'}; - } - -+if ($mb_locale ne 'C') -+ { -+ # Duplicate each test vector, appending "-mb" to the test name and -+ # inserting {ENV => "LC_ALL=$mb_locale"} in the copy, so that we -+ # provide coverage for the distro-added multi-byte code paths. -+ my @new; -+ foreach my $t (@Tests) -+ { -+ my @new_t = @$t; -+ my $test_name = shift @new_t; -+ -+ # Depending on whether uniq is multi-byte-patched, -+ # it emits different diagnostics: -+ # non-MB: invalid byte or field list -+ # MB: invalid byte, character or field list -+ # Adjust the expected error output accordingly. -+ if (grep {ref $_ eq 'HASH' && exists $_->{ERR} && $_->{ERR} eq $inval} -+ (@new_t)) -+ { -+ my $sub = {ERR_SUBST => 's/, character//'}; -+ push @new_t, $sub; -+ push @$t, $sub; -+ } -+ # In test #145, replace the each ‘...’ by '...'. -+ if ($test_name =~ "145") -+ { -+ my $sub = { ERR_SUBST => "s/‘([^’]+)’/'\$1'/g"}; -+ push @new_t, $sub; -+ push @$t, $sub; -+ } -+ next if ( $test_name =~ "schar" -+ or $test_name =~ "^obs-plus" -+ or $test_name =~ "119"); -+ push @new, ["$test_name-mb", @new_t, {ENV => "LC_ALL=$mb_locale"}]; -+ } -+ push @Tests, @new; -+ } -+ -+# Remember that triple_test creates from each test with exactly one "IN" -+# file two more tests (.p and .r suffix on name) corresponding to reading -+# input from a file and from a pipe. The pipe-reading test would fail -+# due to a race condition about 1 in 20 times. -+# Remove the IN_PIPE version of the "output-is-input" test above. -+# The others aren't susceptible because they have three inputs each. -+ -+@Tests = grep {$_->[0] ne 'output-is-input.p'} @Tests; -+ - @Tests = add_z_variants \@Tests; - @Tests = triple_test \@Tests; - -diff --git a/tests/pr/pr-tests.pl b/tests/pr/pr-tests.pl -index 7ac6d4c..ae6cc35 100755 ---- a/tests/pr/pr-tests.pl -+++ b/tests/pr/pr-tests.pl -@@ -24,6 +24,15 @@ use strict; - my $prog = 'pr'; - my $normalize_strerror = "s/': .*/'/"; - -+my $mb_locale; -+#Uncomment the following line to enable multibyte tests -+$mb_locale = $ENV{LOCALE_FR_UTF8}; -+! defined $mb_locale || $mb_locale eq 'none' -+ and $mb_locale = 'C'; -+ -+my $try = "Try \`$prog --help' for more information.\n"; -+my $inval = "$prog: invalid byte, character or field list\n$try"; -+ - my @tv = ( - - # -b option is no longer an official option. But it's still working to -@@ -512,8 +521,48 @@ push @Tests, - {IN=>"x\tx\tx\tx\tx\nx\tx\tx\tx\tx\n"}, - {OUT=>"x\tx\tx\tx\tx\tx\tx\tx\tx\tx\n"} ]; - -+# Add _POSIX2_VERSION=199209 to the environment of each test -+# that uses an old-style option like +1. -+if ($mb_locale ne 'C') -+ { -+ # Duplicate each test vector, appending "-mb" to the test name and -+ # inserting {ENV => "LC_ALL=$mb_locale"} in the copy, so that we -+ # provide coverage for the distro-added multi-byte code paths. -+ my @new; -+ foreach my $t (@Tests) -+ { -+ my @new_t = @$t; -+ my $test_name = shift @new_t; -+ -+ # Depending on whether pr is multi-byte-patched, -+ # it emits different diagnostics: -+ # non-MB: invalid byte or field list -+ # MB: invalid byte, character or field list -+ # Adjust the expected error output accordingly. -+ if (grep {ref $_ eq 'HASH' && exists $_->{ERR} && $_->{ERR} eq $inval} -+ (@new_t)) -+ { -+ my $sub = {ERR_SUBST => 's/, character//'}; -+ push @new_t, $sub; -+ push @$t, $sub; -+ } -+ #temporarily skip some failing tests -+ next if ($test_name =~ "col-0" or $test_name =~ "col-inval" or $test_name =~ "asan1"); -+ push @new, ["$test_name-mb", @new_t, {ENV => "LC_ALL=$mb_locale"}]; -+ } -+ push @Tests, @new; -+ } -+ - @Tests = triple_test \@Tests; - -+# Remember that triple_test creates from each test with exactly one "IN" -+# file two more tests (.p and .r suffix on name) corresponding to reading -+# input from a file and from a pipe. The pipe-reading test would fail -+# due to a race condition about 1 in 20 times. -+# Remove the IN_PIPE version of the "output-is-input" test above. -+# The others aren't susceptible because they have three inputs each. -+@Tests = grep {$_->[0] ne 'output-is-input.p'} @Tests; -+ - my $save_temps = $ENV{DEBUG}; - my $verbose = $ENV{VERBOSE}; - -diff --git a/tests/unexpand/mb.sh b/tests/unexpand/mb.sh -new file mode 100755 -index 0000000..8a82d74 ---- /dev/null -+++ b/tests/unexpand/mb.sh -@@ -0,0 +1,172 @@ -+#!/bin/sh -+ -+# Copyright (C) 2012-2015 Free Software Foundation, Inc. -+ -+# This program is free software: you can redistribute it and/or modify -+# it under the terms of the GNU General Public License as published by -+# the Free Software Foundation, either version 3 of the License, or -+# (at your option) any later version. -+ -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+ -+# You should have received a copy of the GNU General Public License -+# along with this program. If not, see . -+ -+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src -+print_ver_ unexpand -+ -+export LC_ALL=en_US.UTF-8 -+ -+#input containing multibyte characters -+cat > in <<\EOF -+1234567812345678123456781 -+. . . . -+a b c d -+. . . . -+ä ö ü ß -+. . . . -+ äöü . öüä. ä xx -+EOF -+ -+cat > exp <<\EOF -+1234567812345678123456781 -+. . . . -+a b c d -+. . . . -+ä ö ü ß -+. . . . -+ äöü . öüä. ä xx -+EOF -+ -+unexpand -a < in > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+ -+#multiple files as an input -+cat >> exp <<\EOF -+1234567812345678123456781 -+. . . . -+a b c d -+. . . . -+ä ö ü ß -+. . . . -+ äöü . öüä. ä xx -+EOF -+ -+ -+unexpand -a ./in ./in > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+#test characters with a display width larger than 1 -+ -+env printf '12345678 -+e |ascii(1) -+\u00E9 |composed(1) -+e\u0301 |decomposed(1) -+\u3000 |ideo-space(2) -+\uFF0D |full-hypen(2) -+' > in || framework_failure_ -+ -+env printf '12345678 -+e\t|ascii(1) -+\u00E9\t|composed(1) -+e\u0301\t|decomposed(1) -+\u3000\t|ideo-space(2) -+\uFF0D\t|full-hypen(2) -+' > exp || framework_failure_ -+ -+unexpand -a < in > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+#test input where a blank of width > 1 is not being substituted -+in="$(LC_ALL=en_US.UTF-8 printf ' \u3000 ö ü ß')" -+exp='   ö ü ß' -+ -+unexpand -a < in > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+#non-Unicode characters interspersed between Unicode ones -+env printf '12345678 -+ \xFF| -+\xFF | -+ \xFFä| -+ä\xFF | -+ ä\xFF| -+\xFF ä| -+äbcdef\xFF | -+' > in || framework_failure_ -+ -+env printf '12345678 -+\t\xFF| -+\xFF\t| -+\t\xFFä| -+ä\xFF\t| -+\tä\xFF| -+\xFF\tä| -+äbcdef\xFF\t| -+' > exp || framework_failure_ -+ -+unexpand -a < in > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+#BOM header test 1 -+printf "\xEF\xBB\xBF" > in; cat <<\EOF >> in || framework_failure_ -+1234567812345678123456781 -+. . . . -+a b c d -+. . . . -+ä ö ü ß -+. . . . -+ äöü . öüä. ä xx -+EOF -+env printf ' äöü\t. öüä. \tä xx\n' >> in || framework_failure_ -+ -+printf "\xEF\xBB\xBF" > exp; cat <<\EOF >> exp || framework_failure_ -+1234567812345678123456781 -+. . . . -+a b c d -+. . . . -+ä ö ü ß -+. . . . -+ äöü . öüä. ä xx -+EOF -+ -+unexpand < in > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+LANG=C unexpand < in > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+LC_ALL=C unexpand < in > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+ -+printf "\xEF\xBB\xBF" > exp; cat <<\EOF >> exp || framework_failure_ -+1234567812345678123456781 -+. . . . -+a b c d -+. . . . -+ä ö ü ß -+. . . . -+ äöü . öüä. ä xx -+1234567812345678123456781 -+. . . . -+a b c d -+. . . . -+ä ö ü ß -+. . . . -+ äöü . öüä. ä xx -+EOF -+ -+ -+unexpand in in > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+LANG=C unexpand in in > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 -+ -+LC_ALL=C unexpand in in > out || fail=1 -+compare exp out > /dev/null 2>&1 || fail=1 --- -2.34.1 - diff --git a/SPECS/coreutils/coreutils-selinux.spec b/SPECS/coreutils/coreutils-selinux.spec deleted file mode 100644 index 8cd2fbbe55..0000000000 --- a/SPECS/coreutils/coreutils-selinux.spec +++ /dev/null @@ -1,126 +0,0 @@ -%define srcname coreutils - -# this is also used in toybox.spec -%define coreutils_selinux_present %{_sharedstatedir}/rpm-state/%{name} - -Summary: Basic system utilities (SELinux enabled) -Name: coreutils-selinux -Version: 9.1 -Release: 5%{?dist} -License: GPLv3 -URL: http://www.gnu.org/software/coreutils -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnu.org/gnu/coreutils/%{srcname}-%{version}.tar.xz -%define sha512 %{srcname}=a6ee2c549140b189e8c1b35e119d4289ec27244ec0ed9da0ac55202f365a7e33778b1dc7c4e64d1669599ff81a8297fe4f5adbcc8a3a2f75c919a43cd4b9bdfa -# make this package to own serial console profile since it utilizes stty tool -Source1: serial-console.sh - -# Patches are taken from: -# www.linuxfromscratch.org/patches/downloads/coreutils/ -Patch0: %{srcname}-%{version}-i18n-1.patch - -BuildRequires: libselinux-devel - -Requires: gmp - -Provides: sh-utils = %{version}-%{release} -Provides: %{srcname} = %{version}-%{release} - -Obsoletes: %{srcname} - -%description -SELinux enabled coreutils package. - -%package lang -Summary: Additional language files for coreutils -Group: System Environment/Base -Requires: %{name} = %{version}-%{release} -Provides: %{srcname}-lang = %{version}-%{release} -Obsoletes: %{srcname}-lang - -%description lang -These are the additional language files of coreutils. - -%prep -%autosetup -p1 -n %{srcname}-%{version} - -%build -autoreconf -fiv -export FORCE_UNSAFE_CONFIGURE=1 -%configure \ - --enable-no-install-program=kill,uptime \ - --with-selinux \ - --disable-silent-rules - -%make_build - -%install -%make_install %{?_smp_mflags} -install -vdm 755 %{buildroot}%{_sbindir} -install -vdm 755 %{buildroot}%{_mandir}/man8 -mv -v %{buildroot}%{_bindir}/chroot %{buildroot}%{_sbindir} -mv -v %{buildroot}%{_mandir}/man1/chroot.1 %{buildroot}%{_mandir}/man8/chroot.8 -sed -i 's/\"1\"/\"8\"/1' %{buildroot}%{_mandir}/man8/chroot.8 -rm -rf %{buildroot}%{_infodir} -install -vdm755 %{buildroot}%{_sysconfdir}/profile.d -install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/profile.d/ - -%find_lang %{srcname} - -%if 0%{?with_check} -%check -sed -i '/tests\/misc\/sort.pl/d' Makefile -sed -i 's/test-getlogin$(EXEEXT)//' gnulib-tests/Makefile -sed -i 's/PET/-05/g' tests/misc/date-debug.sh -sed -i 's/2>err\/merge-/2>\&1 > err\/merge-/g' tests/misc/sort-merge-fdlimit.sh -sed -i 's/)\" = \"10x0/| head -n 1)\" = \"10x0/g' tests/split/r-chunk.sh -sed -i '/mb.sh/d' Makefile -chown -Rv nobody . -env PATH="$PATH" NON_ROOT_USERNAME=nobody make -k check-root %{?_smp_mflags} -make NON_ROOT_USERNAME=nobody check %{?_smp_mflags} -%endif - -%clean -rm -rf %{buildroot}/* - -%post -/sbin/ldconfig -mkdir -p %{_sharedstatedir}/rpm-state -touch %{coreutils_selinux_present} - -%postun -/sbin/ldconfig -[ $1 = 0 ] && rm -f %{coreutils_selinux_present} - -%files -%defattr(-,root,root) -%{_sysconfdir}/profile.d/serial-console.sh -%{_libexecdir}/* -%{_bindir}/* -%{_sbindir}/* -%{_mandir}/*/* - -%files lang -f %{srcname}.lang -%defattr(-,root,root) - -%changelog -* Fri Feb 17 2023 Shreenidhi Shedi 9.1-5 -- Add lang sub package -* Wed Jan 25 2023 Shreenidhi Shedi 9.1-4 -- Add a flag file & use it in toybox trigger -* Sun May 29 2022 Shreenidhi Shedi 9.1-3 -- Fix binary path -* Mon Apr 25 2022 Shreenidhi Shedi 9.1-1 -- Upgrade to v9.1 -* Sat Apr 09 2022 Shreenidhi Shedi 9.0-1 -- Upgrade to v9.0 -* Thu Aug 13 2020 Shreenidhi Shedi 8.32-2 -- Fixed aarch64 build issue -* Wed Jul 08 2020 Gerrit Photon 8.32-1 -- Automatic Version Bump -* Sat Apr 18 2020 Alexey Makhalov 8.30-3 -- coreutils-selinux: new package, cloned from coreutils. -- keep version-release in sync with coreutils. diff --git a/SPECS/coreutils/coreutils.spec b/SPECS/coreutils/coreutils.spec deleted file mode 100644 index d26f933255..0000000000 --- a/SPECS/coreutils/coreutils.spec +++ /dev/null @@ -1,137 +0,0 @@ -# this is also used in toybox.spec -%define coreutils_present %{_sharedstatedir}/rpm-state/%{name} - -Summary: Basic system utilities -Name: coreutils -Version: 9.1 -Release: 3%{?dist} -License: GPLv3 -URL: http://www.gnu.org/software/coreutils -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnu.org/gnu/coreutils/%{name}-%{version}.tar.xz -%define sha512 %{name}=a6ee2c549140b189e8c1b35e119d4289ec27244ec0ed9da0ac55202f365a7e33778b1dc7c4e64d1669599ff81a8297fe4f5adbcc8a3a2f75c919a43cd4b9bdfa -# make this package to own serial console profile since it utilizes stty tool -Source1: serial-console.sh - -# Patches are taken from: -# www.linuxfromscratch.org/patches/downloads/coreutils/ -Patch0: coreutils-%{version}-i18n-1.patch - -Requires: gmp - -Provides: sh-utils - -Conflicts: toybox < 0.8.2-2 - -%description -The Coreutils package contains utilities for showing and setting -the basic system - -%package lang -Summary: Additional language files for coreutils -Group: System Environment/Base -Requires: %{name} = %{version}-%{release} - -%description lang -These are the additional language files of coreutils. - -%prep -%autosetup -p1 - -%build -autoreconf -fiv -export FORCE_UNSAFE_CONFIGURE=1 -%configure \ - --enable-no-install-program=kill,uptime \ - --disable-silent-rules - -%make_build - -%install -%make_install %{?_smp_mflags} -install -vdm 755 %{buildroot}%{_bindir} -install -vdm 755 %{buildroot}%{_sbindir} -install -vdm 755 %{buildroot}%{_mandir}/man8 -mv -v %{buildroot}%{_bindir}/chroot %{buildroot}%{_sbindir} -mv -v %{buildroot}%{_mandir}/man1/chroot.1 %{buildroot}%{_mandir}/man8/chroot.8 -sed -i 's/\"1\"/\"8\"/1' %{buildroot}%{_mandir}/man8/chroot.8 -rm -rf %{buildroot}%{_infodir} -install -vdm755 %{buildroot}%{_sysconfdir}/profile.d -install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/profile.d/ - -%find_lang %{name} - -%if 0%{?with_check} -%check -sed -i '37,40d' tests/df/df-symlink.sh -sed -i '/mb.sh/d' Makefile -chown -Rv nobody . -env PATH="$PATH" NON_ROOT_USERNAME=nobody make -k check-root %{?_smp_mflags} -make NON_ROOT_USERNAME=nobody check %{?_smp_mflags} -%endif - -%clean -rm -rf %{buildroot}/* - -%post -/sbin/ldconfig -mkdir -p %{_sharedstatedir}/rpm-state -touch %{coreutils_present} - -%postun -/sbin/ldconfig -[ $1 = 0 ] && rm -f %{coreutils_present} - -%files -%defattr(-,root,root) -%{_sysconfdir}/profile.d/serial-console.sh -%{_libexecdir}/* -%{_bindir}/* -%{_sbindir}/* -%{_mandir}/*/* - -%files lang -f %{name}.lang -%defattr(-,root,root) - -%changelog -* Mon Feb 13 2023 Shreenidhi Shedi 9.1-3 -- Add a flag file & use it in toybox trigger -* Sun May 29 2022 Shreenidhi Shedi 9.1-2 -- Fix binary path -* Mon Apr 25 2022 Shreenidhi Shedi 9.1-1 -- Upgrade to v9.1 -* Sat Apr 09 2022 Shreenidhi Shedi 9.0-1 -- Upgrade to v9.0 -* Sun Nov 15 2020 Prashant S Chauhan 8.32-3 -- Fix for makecheck failure added a patch -* Tue Aug 11 2020 Sujay G 8.32-2 -- Fix aarch64 build -* Wed Jul 08 2020 Gerrit Photon 8.32-1 -- Automatic Version Bump -* Thu Apr 16 2020 Alexey Makhalov 8.30-4 -- Do not conflict with toybox >= 0.8.2-2 -* Fri Nov 01 2019 Alexey Makhalov 8.30-3 -- Cross compilation support -* Thu Sep 12 2019 Prashant Singh Chauhan 8.30-2 -- Fix for makecheck failure added a patch -* Fri Sep 07 2018 Alexey Makhalov 8.30-1 -- Version update to support glibc-2.28 -* Tue Aug 28 2018 Alexey Makhalov 8.27-4 -- Add serial-console profile.d script -* Mon Oct 02 2017 Alexey Makhalov 8.27-3 -- Added conflicts toybox -* Wed Aug 09 2017 Rongrong Qiu 8.27-2 -- Fix make check for bug 1900253 -* Thu Apr 06 2017 Anish Swaminathan 8.27-1 -- Upgraded to version 8.27 -* Tue May 24 2016 Priyesh Padmavilasom 8.25-2 -- GA - Bump release of all rpms -* Tue May 17 2016 Divya Thaluru 8.25-1 -- Updated to version 8.25 -* Tue Jan 12 2016 Xiaolin Li 8.24-1 -- Updated to version 8.24 -* Wed Nov 5 2014 Divya Thaluru 8.22-1 -- Initial build. First version diff --git a/SPECS/coreutils/serial-console.sh b/SPECS/coreutils/serial-console.sh deleted file mode 100644 index 42c7b9a722..0000000000 --- a/SPECS/coreutils/serial-console.sh +++ /dev/null @@ -1,33 +0,0 @@ -# -# Copyright (C) 2018 VMware Inc. -# Author: Alexey Makhalov -# -# Expand screen terminal to the full screen mode. -# Known side effect: screen might be "garbaged" by reply string. - -full_screen () { - if [[ -t 0 ]] && [[ -t 1 ]]; then - # s - save cursor position - # [r;cH - set cursor position to r;c - # [6n - get cursor position - # u - restore cursor position - # - # reply from terminal: [r;cR - echo -ne '\es\e[999;999H\e[6n\eu' - read -sd '[' - read -sd ';' rows - read -sd 'R' cols - if [[ "$( stty size )" != "${rows} ${cols}" ]] ; then - stty rows ${rows} cols ${cols} - fi - fi -} - - -case $( tty ) in - /dev/ttyS*|/dev/ttyUSB*|/dev/ttyAMA*|/dev/ttyXRUSB*) - export TERM=screen - full_screen - ;; -esac - diff --git a/SPECS/cpio/cpio-2.12-gcc-10.patch b/SPECS/cpio/cpio-2.12-gcc-10.patch deleted file mode 100644 index 9c7d7edd88..0000000000 --- a/SPECS/cpio/cpio-2.12-gcc-10.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 641d3f489cf6238bb916368d4ba0d9325a235afb Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff -Date: Mon, 20 Jan 2020 07:45:39 +0200 -Subject: Minor fix * src/global.c: Remove superfluous declaration of - program_name - ---- - src/global.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/src/global.c b/src/global.c -index fb3abe9..acf92bc 100644 ---- a/src/global.c -+++ b/src/global.c -@@ -184,9 +184,6 @@ unsigned int warn_option = 0; - /* Extract to standard output? */ - bool to_stdout_option = false; - --/* The name this program was run with. */ --char *program_name; -- - /* A pointer to either lstat or stat, depending on whether - dereferencing of symlinks is done for input files. */ - int (*xstat) (); --- -cgit v1.2.1 - diff --git a/SPECS/cpio/cpio-CVE-2021-38185.patch b/SPECS/cpio/cpio-CVE-2021-38185.patch deleted file mode 100644 index e3b980e676..0000000000 --- a/SPECS/cpio/cpio-CVE-2021-38185.patch +++ /dev/null @@ -1,454 +0,0 @@ -From dd96882877721703e19272fe25034560b794061b Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff -Date: Sat, 7 Aug 2021 12:52:21 +0300 -Subject: Rewrite dynamic string support. - -* src/dstring.c (ds_init): Take a single argument. -(ds_free): New function. -(ds_resize): Take a single argument. Use x2nrealloc to expand -the storage. -(ds_reset,ds_append,ds_concat,ds_endswith): New function. -(ds_fgetstr): Rewrite. In particular, this fixes integer overflow. -* src/dstring.h (dynamic_string): Keep both the allocated length -(ds_size) and index of the next free byte in the string (ds_idx). -(ds_init,ds_resize): Change signature. -(ds_len): New macro. -(ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New protos. -* src/copyin.c: Use new ds_ functions. -* src/copyout.c: Likewise. -* src/copypass.c: Likewise. -* src/util.c: Likewise. ---- - src/copyin.c | 40 +++++++++++++------------- - src/copyout.c | 16 ++++------- - src/copypass.c | 34 +++++++++++------------ - src/dstring.c | 88 ++++++++++++++++++++++++++++++++++++++++++---------------- - src/dstring.h | 31 ++++++++++----------- - src/util.c | 6 ++-- - 6 files changed, 123 insertions(+), 92 deletions(-) - -diff --git a/src/copyin.c b/src/copyin.c -index b29f348..37e503a 100644 ---- a/src/copyin.c -+++ b/src/copyin.c -@@ -55,11 +55,12 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out, - char *str_res; /* Result for string function. */ - static dynamic_string new_name; /* New file name for rename option. */ - static int initialized_new_name = false; -+ - if (!initialized_new_name) -- { -- ds_init (&new_name, 128); -- initialized_new_name = true; -- } -+ { -+ ds_init (&new_name); -+ initialized_new_name = true; -+ } - - if (rename_flag) - { -@@ -779,37 +780,36 @@ long_format (struct cpio_file_stat *file_hdr, char const *link_name) - already in `save_patterns' (from the command line) are preserved. */ - - static void --read_pattern_file () -+read_pattern_file (void) - { -- int max_new_patterns; -- char **new_save_patterns; -- int new_num_patterns; -+ char **new_save_patterns = NULL; -+ size_t max_new_patterns; -+ size_t new_num_patterns; - int i; -- dynamic_string pattern_name; -+ dynamic_string pattern_name = DYNAMIC_STRING_INITIALIZER; - FILE *pattern_fp; - - if (num_patterns < 0) - num_patterns = 0; -- max_new_patterns = 1 + num_patterns; -- new_save_patterns = (char **) xmalloc (max_new_patterns * sizeof (char *)); - new_num_patterns = num_patterns; -- ds_init (&pattern_name, 128); -+ max_new_patterns = num_patterns; -+ new_save_patterns = xcalloc (max_new_patterns, sizeof (new_save_patterns[0])); - - pattern_fp = fopen (pattern_file_name, "r"); - if (pattern_fp == NULL) - open_fatal (pattern_file_name); - while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) - { -- if (new_num_patterns >= max_new_patterns) -- { -- max_new_patterns += 1; -- new_save_patterns = (char **) -- xrealloc ((char *) new_save_patterns, -- max_new_patterns * sizeof (char *)); -- } -+ if (new_num_patterns == max_new_patterns) -+ new_save_patterns = x2nrealloc (new_save_patterns, -+ &max_new_patterns, -+ sizeof (new_save_patterns[0])); - new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string); - ++new_num_patterns; - } -+ -+ ds_free (&pattern_name); -+ - if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) - close_error (pattern_file_name); - -@@ -1196,7 +1196,7 @@ swab_array (char *ptr, int count) - in the file system. */ - - void --process_copy_in () -+process_copy_in (void) - { - char done = false; /* True if trailer reached. */ - FILE *tty_in = NULL; /* Interactive file for rename option. */ -diff --git a/src/copyout.c b/src/copyout.c -index 8b0beb6..26e3dda 100644 ---- a/src/copyout.c -+++ b/src/copyout.c -@@ -594,9 +594,10 @@ assign_string (char **pvar, char *value) - The format of the header depends on the compatibility (-c) flag. */ - - void --process_copy_out () -+process_copy_out (void) - { -- dynamic_string input_name; /* Name of file read from stdin. */ -+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; -+ /* Name of file read from stdin. */ - struct stat file_stat; /* Stat record for file. */ - struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER; - /* Output header information. */ -@@ -605,7 +606,6 @@ process_copy_out () - char *orig_file_name = NULL; - - /* Initialize the copy out. */ -- ds_init (&input_name, 128); - file_hdr.c_magic = 070707; - - /* Check whether the output file might be a tape. */ -@@ -657,14 +657,9 @@ process_copy_out () - { - if (file_hdr.c_mode & CP_IFDIR) - { -- int len = strlen (input_name.ds_string); - /* Make sure the name ends with a slash */ -- if (input_name.ds_string[len-1] != '/') -- { -- ds_resize (&input_name, len + 2); -- input_name.ds_string[len] = '/'; -- input_name.ds_string[len+1] = 0; -- } -+ if (!ds_endswith (&input_name, '/')) -+ ds_append (&input_name, '/'); - } - } - -@@ -875,6 +870,7 @@ process_copy_out () - (unsigned long) blocks), (unsigned long) blocks); - } - cpio_file_stat_free (&file_hdr); -+ ds_free (&input_name); - } - - -diff --git a/src/copypass.c b/src/copypass.c -index dc13b5b..62f31c6 100644 ---- a/src/copypass.c -+++ b/src/copypass.c -@@ -48,10 +48,12 @@ set_copypass_perms (int fd, const char *name, struct stat *st) - If `link_flag', link instead of copying. */ - - void --process_copy_pass () -+process_copy_pass (void) - { -- dynamic_string input_name; /* Name of file from stdin. */ -- dynamic_string output_name; /* Name of new file. */ -+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; -+ /* Name of file from stdin. */ -+ dynamic_string output_name = DYNAMIC_STRING_INITIALIZER; -+ /* Name of new file. */ - size_t dirname_len; /* Length of `directory_name'. */ - int res; /* Result of functions. */ - char *slash; /* For moving past slashes in input name. */ -@@ -65,25 +67,18 @@ process_copy_pass () - created files */ - - /* Initialize the copy pass. */ -- ds_init (&input_name, 128); - - dirname_len = strlen (directory_name); - if (change_directory_option && !ISSLASH (directory_name[0])) - { - char *pwd = xgetcwd (); -- -- dirname_len += strlen (pwd) + 1; -- ds_init (&output_name, dirname_len + 2); -- strcpy (output_name.ds_string, pwd); -- strcat (output_name.ds_string, "/"); -- strcat (output_name.ds_string, directory_name); -+ -+ ds_concat (&output_name, pwd); -+ ds_append (&output_name, '/'); - } -- else -- { -- ds_init (&output_name, dirname_len + 2); -- strcpy (output_name.ds_string, directory_name); -- } -- output_name.ds_string[dirname_len] = '/'; -+ ds_concat (&output_name, directory_name); -+ ds_append (&output_name, '/'); -+ dirname_len = ds_len (&output_name); - output_is_seekable = true; - - change_dir (); -@@ -116,8 +111,8 @@ process_copy_pass () - /* Make the name of the new file. */ - for (slash = input_name.ds_string; *slash == '/'; ++slash) - ; -- ds_resize (&output_name, dirname_len + strlen (slash) + 2); -- strcpy (output_name.ds_string + dirname_len + 1, slash); -+ ds_reset (&output_name, dirname_len); -+ ds_concat (&output_name, slash); - - existing_dir = false; - if (lstat (output_name.ds_string, &out_file_stat) == 0) -@@ -333,6 +328,9 @@ process_copy_pass () - (unsigned long) blocks), - (unsigned long) blocks); - } -+ -+ ds_free (&input_name); -+ ds_free (&output_name); - } - - /* Try and create a hard link from FILE_NAME to another file -diff --git a/src/dstring.c b/src/dstring.c -index e9c063f..358f356 100644 ---- a/src/dstring.c -+++ b/src/dstring.c -@@ -20,8 +20,8 @@ - #if defined(HAVE_CONFIG_H) - # include - #endif -- - #include -+#include - #if defined(HAVE_STRING_H) || defined(STDC_HEADERS) - #include - #else -@@ -33,24 +33,41 @@ - /* Initialiaze dynamic string STRING with space for SIZE characters. */ - - void --ds_init (dynamic_string *string, int size) -+ds_init (dynamic_string *string) -+{ -+ memset (string, 0, sizeof *string); -+} -+ -+/* Free the dynamic string storage. */ -+ -+void -+ds_free (dynamic_string *string) - { -- string->ds_length = size; -- string->ds_string = (char *) xmalloc (size); -+ free (string->ds_string); - } - --/* Expand dynamic string STRING, if necessary, to hold SIZE characters. */ -+/* Expand dynamic string STRING, if necessary. */ - - void --ds_resize (dynamic_string *string, int size) -+ds_resize (dynamic_string *string) - { -- if (size > string->ds_length) -+ if (string->ds_idx == string->ds_size) - { -- string->ds_length = size; -- string->ds_string = (char *) xrealloc ((char *) string->ds_string, size); -+ string->ds_string = x2nrealloc (string->ds_string, &string->ds_size, -+ 1); - } - } - -+/* Reset the index of the dynamic string S to LEN. */ -+ -+void -+ds_reset (dynamic_string *s, size_t len) -+{ -+ while (len > s->ds_size) -+ ds_resize (s); -+ s->ds_idx = len; -+} -+ - /* Dynamic string S gets a string terminated by the EOS character - (which is removed) from file F. S will increase - in size during the function if the string from F is longer than -@@ -61,34 +78,50 @@ ds_resize (dynamic_string *string, int size) - char * - ds_fgetstr (FILE *f, dynamic_string *s, char eos) - { -- int insize; /* Amount needed for line. */ -- int strsize; /* Amount allocated for S. */ - int next_ch; - - /* Initialize. */ -- insize = 0; -- strsize = s->ds_length; -+ s->ds_idx = 0; - - /* Read the input string. */ -- next_ch = getc (f); -- while (next_ch != eos && next_ch != EOF) -+ while ((next_ch = getc (f)) != eos && next_ch != EOF) - { -- if (insize >= strsize - 1) -- { -- ds_resize (s, strsize * 2 + 2); -- strsize = s->ds_length; -- } -- s->ds_string[insize++] = next_ch; -- next_ch = getc (f); -+ ds_resize (s); -+ s->ds_string[s->ds_idx++] = next_ch; - } -- s->ds_string[insize++] = '\0'; -+ ds_resize (s); -+ s->ds_string[s->ds_idx] = '\0'; - -- if (insize == 1 && next_ch == EOF) -+ if (s->ds_idx == 0 && next_ch == EOF) - return NULL; - else - return s->ds_string; - } - -+void -+ds_append (dynamic_string *s, int c) -+{ -+ ds_resize (s); -+ s->ds_string[s->ds_idx] = c; -+ if (c) -+ { -+ s->ds_idx++; -+ ds_resize (s); -+ s->ds_string[s->ds_idx] = 0; -+ } -+} -+ -+void -+ds_concat (dynamic_string *s, char const *str) -+{ -+ size_t len = strlen (str); -+ while (len + 1 > s->ds_size) -+ ds_resize (s); -+ memcpy (s->ds_string + s->ds_idx, str, len); -+ s->ds_idx += len; -+ s->ds_string[s->ds_idx] = 0; -+} -+ - char * - ds_fgets (FILE *f, dynamic_string *s) - { -@@ -100,3 +133,10 @@ ds_fgetname (FILE *f, dynamic_string *s) - { - return ds_fgetstr (f, s, '\0'); - } -+ -+/* Return true if the dynamic string S ends with character C. */ -+int -+ds_endswith (dynamic_string *s, int c) -+{ -+ return (s->ds_idx > 0 && s->ds_string[s->ds_idx - 1] == c); -+} -diff --git a/src/dstring.h b/src/dstring.h -index b5135fe..f5b04ef 100644 ---- a/src/dstring.h -+++ b/src/dstring.h -@@ -17,10 +17,6 @@ - Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301 USA. */ - --#ifndef NULL --#define NULL 0 --#endif -- - /* A dynamic string consists of record that records the size of an - allocated string and the pointer to that string. The actual string - is a normal zero byte terminated string that can be used with the -@@ -30,22 +26,25 @@ - - typedef struct - { -- int ds_length; /* Actual amount of storage allocated. */ -- char *ds_string; /* String. */ -+ size_t ds_size; /* Actual amount of storage allocated. */ -+ size_t ds_idx; /* Index of the next free byte in the string. */ -+ char *ds_string; /* String storage. */ - } dynamic_string; - -+#define DYNAMIC_STRING_INITIALIZER { 0, 0, NULL } - --/* Macros that look similar to the original string functions. -- WARNING: These macros work only on pointers to dynamic string records. -- If used with a real record, an "&" must be used to get the pointer. */ --#define ds_strlen(s) strlen ((s)->ds_string) --#define ds_strcmp(s1, s2) strcmp ((s1)->ds_string, (s2)->ds_string) --#define ds_strncmp(s1, s2, n) strncmp ((s1)->ds_string, (s2)->ds_string, n) --#define ds_index(s, c) index ((s)->ds_string, c) --#define ds_rindex(s, c) rindex ((s)->ds_string, c) -+void ds_init (dynamic_string *string); -+void ds_free (dynamic_string *string); -+void ds_reset (dynamic_string *s, size_t len); - --void ds_init (dynamic_string *string, int size); --void ds_resize (dynamic_string *string, int size); -+/* All functions below guarantee that s->ds_string[s->ds_idx] == '\0' */ - char *ds_fgetname (FILE *f, dynamic_string *s); - char *ds_fgets (FILE *f, dynamic_string *s); - char *ds_fgetstr (FILE *f, dynamic_string *s, char eos); -+void ds_append (dynamic_string *s, int c); -+void ds_concat (dynamic_string *s, char const *str); -+ -+#define ds_len(s) ((s)->ds_idx) -+ -+int ds_endswith (dynamic_string *s, int c); -+ -diff --git a/src/util.c b/src/util.c -index 4421b20..6d6bbaa 100644 ---- a/src/util.c -+++ b/src/util.c -@@ -846,11 +846,9 @@ get_next_reel (int tape_des) - FILE *tty_out; /* File for interacting with user. */ - int old_tape_des; - char *next_archive_name; -- dynamic_string new_name; -+ dynamic_string new_name = DYNAMIC_STRING_INITIALIZER; - char *str_res; - -- ds_init (&new_name, 128); -- - /* Open files for interactive communication. */ - tty_in = fopen (TTY_NAME, "r"); - if (tty_in == NULL) -@@ -925,7 +923,7 @@ get_next_reel (int tape_des) - error (PAXEXIT_FAILURE, 0, _("internal error: tape descriptor changed from %d to %d"), - old_tape_des, tape_des); - -- free (new_name.ds_string); -+ ds_free (&new_name); - fclose (tty_in); - fclose (tty_out); - } diff --git a/SPECS/cpio/cpio-CVE-2021-38185_2.patch b/SPECS/cpio/cpio-CVE-2021-38185_2.patch deleted file mode 100644 index c090a8b4c4..0000000000 --- a/SPECS/cpio/cpio-CVE-2021-38185_2.patch +++ /dev/null @@ -1,35 +0,0 @@ -From dfc801c44a93bed7b3951905b188823d6a0432c8 Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff -Date: Wed, 11 Aug 2021 18:10:38 +0300 -Subject: Fix previous commit - -* src/dstring.c (ds_reset,ds_concat): Don't call ds_resize in a -loop. ---- - src/dstring.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/dstring.c b/src/dstring.c -index 692d3e7..b7e0bb5 100644 ---- a/src/dstring.c -+++ b/src/dstring.c -@@ -64,7 +64,7 @@ void - ds_reset (dynamic_string *s, size_t len) - { - while (len > s->ds_size) -- ds_resize (s); -+ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); - s->ds_idx = len; - } - -@@ -116,7 +116,7 @@ ds_concat (dynamic_string *s, char const *str) - { - size_t len = strlen (str); - while (len + 1 > s->ds_size) -- ds_resize (s); -+ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); - memcpy (s->ds_string + s->ds_idx, str, len); - s->ds_idx += len; - s->ds_string[s->ds_idx] = 0; --- -cgit v1.2.1 diff --git a/SPECS/cpio/cpio-CVE-2021-38185_3.patch b/SPECS/cpio/cpio-CVE-2021-38185_3.patch deleted file mode 100644 index 054573d066..0000000000 --- a/SPECS/cpio/cpio-CVE-2021-38185_3.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 236684f6deb3178043fe72a8e2faca538fa2aae1 Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff -Date: Wed, 18 Aug 2021 09:41:39 +0300 -Subject: Fix dynamic string reallocations - -* src/dstring.c (ds_resize): Take additional argument: number of -bytes to leave available after ds_idx. All uses changed. ---- - src/dstring.c | 18 ++++++++---------- - 1 file changed, 8 insertions(+), 10 deletions(-) - -diff --git a/src/dstring.c b/src/dstring.c -index b7e0bb5..fd4e030 100644 ---- a/src/dstring.c -+++ b/src/dstring.c -@@ -49,9 +49,9 @@ ds_free (dynamic_string *string) - /* Expand dynamic string STRING, if necessary. */ - - void --ds_resize (dynamic_string *string) -+ds_resize (dynamic_string *string, size_t len) - { -- if (string->ds_idx == string->ds_size) -+ while (len + string->ds_idx >= string->ds_size) - { - string->ds_string = x2nrealloc (string->ds_string, &string->ds_size, - 1); -@@ -63,8 +63,7 @@ ds_resize (dynamic_string *string) - void - ds_reset (dynamic_string *s, size_t len) - { -- while (len > s->ds_size) -- s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); -+ ds_resize (s, len); - s->ds_idx = len; - } - -@@ -86,10 +85,10 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos) - /* Read the input string. */ - while ((next_ch = getc (f)) != eos && next_ch != EOF) - { -- ds_resize (s); -+ ds_resize (s, 0); - s->ds_string[s->ds_idx++] = next_ch; - } -- ds_resize (s); -+ ds_resize (s, 0); - s->ds_string[s->ds_idx] = '\0'; - - if (s->ds_idx == 0 && next_ch == EOF) -@@ -101,12 +100,12 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos) - void - ds_append (dynamic_string *s, int c) - { -- ds_resize (s); -+ ds_resize (s, 0); - s->ds_string[s->ds_idx] = c; - if (c) - { - s->ds_idx++; -- ds_resize (s); -+ ds_resize (s, 0); - s->ds_string[s->ds_idx] = 0; - } - } -@@ -115,8 +114,7 @@ void - ds_concat (dynamic_string *s, char const *str) - { - size_t len = strlen (str); -- while (len + 1 > s->ds_size) -- s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); -+ ds_resize (s, len); - memcpy (s->ds_string + s->ds_idx, str, len); - s->ds_idx += len; - s->ds_string[s->ds_idx] = 0; --- -cgit v1.2.1 diff --git a/SPECS/cpio/cpio.spec b/SPECS/cpio/cpio.spec deleted file mode 100644 index 4e4e4ca496..0000000000 --- a/SPECS/cpio/cpio.spec +++ /dev/null @@ -1,106 +0,0 @@ -Summary: cpio archive utility -Name: cpio -Version: 2.13 -Release: 8%{?dist} -License: GPLv3+ -URL: http://www.gnu.org/software/cpio -Group: System Environment/System utilities -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnu.org/pub/gnu/cpio/%{name}-%{version}.tar.bz2 -%define sha512 %{name}=459398e69f7f48201c04d1080218c50f75edcf114ffcbb236644ff6fcade5fcc566929bdab2ebe9be5314828d6902e43b348a8adf28351df978c8989590e93a3 - -Patch0: newca-new-archive-format.patch -Patch1: newca-large-files-support.patch -Patch2: cpio-2.12-gcc-10.patch -Patch3: cpio-CVE-2021-38185.patch -Patch4: cpio-CVE-2021-38185_2.patch -Patch5: cpio-CVE-2021-38185_3.patch - -BuildRequires: lua - -Requires: lua - -%description -The cpio package contains tools for archiving. - -%package lang -Summary: Additional language files for cpio -Group: System Environment/System utilities -Requires: %{name} = %{version}-%{release} - -%description lang -These are the additional language files of cpio - -%prep -%autosetup -p1 - -%build -sed -i -e '/gets is a/d' gnu/stdio.in.h -%configure \ - --enable-mt \ - --with-rmt=%{_libexecdir}/rmt - -%make_build - -makeinfo --html -o doc/html doc/cpio.texi -makeinfo --html --no-split -o doc/cpio.html doc/cpio.texi -makeinfo --plaintext -o doc/cpio.txt doc/cpio.texi - -%install -%make_install %{?_smp_mflags} -install -v -m755 -d %{buildroot}%{_docdir}/%{name}-%{version}/html -install -v -m644 doc/html/* %{buildroot}%{_docdir}/%{name}-%{version}/html -install -v -m644 doc/cpio.{html,txt} %{buildroot}%{_docdir}/%{name}-%{version} -rm -rf %{buildroot}%{_infodir} - -%find_lang %{name} - -%if 0%{?with_check} -%check -make %{?_smp_mflags} check -%endif - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_mandir}/man1/* -%{_docdir}/%{name}-%{version}/* - -%files lang -f %{name}.lang -%defattr(-,root,root) - -%changelog -* Tue Jun 20 2023 Shreenidhi Shedi 2.13-8 -- Bump version as a part of lua upgrade -* Wed Mar 29 2023 Shivani Agarwal 2.13-7 -- Updated newca new archive format patch -* Mon Oct 04 2021 Alexey Makhalov 2.13-6 -- newca: large files support -- conflict toybox is not needed for next Photon OS release -* Wed Sep 01 2021 Ankit Jain 2.13-5 -- Additional changes to fix CVE-2021-38185 -* Fri Aug 20 2021 Ashwin Dayanand Kamat 2.13-4 -- Adding security patch for CVE-2021-38185 -* Mon Feb 01 2021 Shreenidhi Shedi 2.13-3 -- Fix build with new rpm -* Tue Jan 12 2021 Alexey Makhalov 2.13-2 -- GCC-10 support -* Thu May 28 2020 Alexey Makhalov 2.13-1 -- Version update -- newca: new archive format support -* Thu Apr 16 2020 Alexey Makhalov 2.12-5 -- Do not conflict with toybox >= 0.8.2-2 -* Mon Oct 02 2017 Alexey Makhalov 2.12-4 -- Added conflicts toybox -* Tue May 02 2017 Anish Swaminathan 2.12-3 -- Add lang package -* Tue May 24 2016 Priyesh Padmavilasom 2.12-2 -- GA - Bump release of all rpms -* Thu Jan 14 2016 Xiaolin Li 2.12-1 -- Updated to version 2.12 -* Fri Aug 14 2015 Divya Thaluru 2.11-2 -- Adding security patch for CVE-2014-9112 -* Tue Nov 04 2014 Divya Thaluru 2.11-1 -- Initial build. First version diff --git a/SPECS/cpio/newca-large-files-support.patch b/SPECS/cpio/newca-large-files-support.patch deleted file mode 100644 index e7f2f21195..0000000000 --- a/SPECS/cpio/newca-large-files-support.patch +++ /dev/null @@ -1,125 +0,0 @@ -From ece76ae1a0864096b844c8bd624265ba00297b9e Mon Sep 17 00:00:00 2001 -From: Alexey Makhalov -Date: Mon, 20 Sep 2021 15:21:09 -0700 -Subject: [PATCH] newca: large files support - -This is an extension to "newca" format which utilizes unused -chksum field in the header to hold 63-32 bits of filesize. - -No CPIO header changes required to support large files. -Previously created CPIO images will continue to work. - -chksum fiels was not used in "newca" and always contained 0. -So this change is forward and backward compatibile. - -Addition: do not add empty alignmenment page for zero sized files. - -Signed-off-by: Alexey Makhalov ---- - src/copyin.c | 5 ++++- - src/copyout.c | 20 ++++++++++++++++---- - src/cpiohdr.h | 6 ++++-- - src/util.c | 2 +- - 4 files changed, 25 insertions(+), 8 deletions(-) - -diff --git a/src/copyin.c b/src/copyin.c -index c9ded92..45453a7 100644 ---- a/src/copyin.c -+++ b/src/copyin.c -@@ -510,7 +510,7 @@ copyin_regular_file (struct cpio_file_stat* file_hdr, int in_file_des) - error (0, 0, _("cannot swap bytes of %s: odd number of bytes"), - file_hdr->c_name); - } -- if (archive_format == arf_newasciialigned) -+ if (file_hdr->c_filesize && archive_format == arf_newasciialigned) - { - off_t input_position = input_bytes + - (in_buff - input_buffer); -@@ -1123,6 +1123,9 @@ read_in_new_ascii (struct cpio_file_stat *file_hdr, int in_des) - file_hdr->c_rdev_maj = FROM_HEX (ascii_header.c_rdev_maj); - file_hdr->c_rdev_min = FROM_HEX (ascii_header.c_rdev_min); - file_hdr->c_chksum = FROM_HEX (ascii_header.c_chksum); -+ if (archive_format == arf_newasciialigned) -+ file_hdr->c_filesize |= (off_t) file_hdr->c_chksum << 32; -+ - read_name_from_file (file_hdr, in_des, FROM_HEX (ascii_header.c_namesize)); - - /* In SVR4 ASCII format, the amount of space allocated for the header -diff --git a/src/copyout.c b/src/copyout.c -index ca50a68..98c54bf 100644 ---- a/src/copyout.c -+++ b/src/copyout.c -@@ -354,9 +354,15 @@ write_out_new_ascii_header (const char *magic_string, - to_ascii_or_warn (p, file_hdr->c_mtime, 8, LG_16, file_hdr->c_name, - _("modification time")); - p += 8; -- if (to_ascii_or_error (p, file_hdr->c_filesize, 8, LG_16, file_hdr->c_name, -- _("file size"))) -- return 1; -+ if (archive_format == arf_newasciialigned) { -+ if (to_ascii_or_error (p, file_hdr->c_filesize & 0xffffffff, 8, LG_16, file_hdr->c_name, -+ _("file size low part"))) -+ return 1; -+ } else { -+ if (to_ascii_or_error (p, file_hdr->c_filesize, 8, LG_16, file_hdr->c_name, -+ _("file size"))) -+ return 1; -+ } - p += 8; - if (to_ascii_or_error (p, file_hdr->c_dev_maj, 8, LG_16, file_hdr->c_name, - _("device major number"))) -@@ -378,7 +384,13 @@ write_out_new_ascii_header (const char *magic_string, - _("name size"))) - return 1; - p += 8; -- to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16, false); -+ if (archive_format == arf_newasciialigned) { -+ if (to_ascii_or_error (p, file_hdr->c_filesize >> 32, 8, LG_16, file_hdr->c_name, -+ _("file size high part"))) -+ return 1; -+ } else { -+ to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16, false); -+ } - - tape_buffered_write (ascii_header, out_des, sizeof ascii_header); - -diff --git a/src/cpiohdr.h b/src/cpiohdr.h -index ff5f375..8bbdced 100644 ---- a/src/cpiohdr.h -+++ b/src/cpiohdr.h -@@ -92,7 +92,8 @@ struct old_ascii_header - struct new_ascii_header - { - char c_magic[6]; /* "070701" for "new" portable format -- "070702" for CRC format */ -+ "070702" for CRC format -+ "0707ca" for "new" portable page aligned format */ - char c_ino[8]; - char c_mode[8]; - char c_uid[8]; -@@ -106,7 +107,8 @@ struct new_ascii_header - char c_rdev_min[8]; /* only valid for chr and blk special files */ - char c_namesize[8]; /* count includes terminating NUL in pathname */ - char c_chksum[8]; /* 0 for "new" portable format; for CRC format -- the sum of all the bytes in the file */ -+ the sum of all the bytes in the file; for page -+ aligned format (63..32 bits) of c_filesize */ - } ATTRIB_PACKED; - - struct cpio_file_stat /* Internal representation of a CPIO header */ -diff --git a/src/util.c b/src/util.c -index cee3e7d..f284507 100644 ---- a/src/util.c -+++ b/src/util.c -@@ -479,7 +479,7 @@ copy_files_disk_to_tape (int in_des, int out_des, off_t num_bytes, - int rc; - off_t original_num_bytes; - -- if (archive_format == arf_newasciialigned) { -+ if (num_bytes && archive_format == arf_newasciialigned) { - /* Page align file content */ - size = io_block_size - output_size; - if (size > 0) { --- -2.11.0 - diff --git a/SPECS/cpio/newca-new-archive-format.patch b/SPECS/cpio/newca-new-archive-format.patch deleted file mode 100644 index 6e4aac686b..0000000000 --- a/SPECS/cpio/newca-new-archive-format.patch +++ /dev/null @@ -1,273 +0,0 @@ -From 28a832cca78dfe870f5f62f7b8f588972c44fa3a Mon Sep 17 00:00:00 2001 -From: Alexey Makhalov -Date: Wed, 20 May 2020 00:33:07 -0700 -Subject: [PATCH] newca: new archive format - -It is same as "newc" with only change that files data -starts at page aligned boundary. By default it is -4096 bytes. Can be set to different value by changing -io block size. -Extraction requires to specify -C option (e.g. -C 4096) ---- - src/copyin.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++----- - src/copyout.c | 11 +++++++++-- - src/extern.h | 3 ++- - src/global.c | 2 +- - src/main.c | 13 +++++++++++++ - src/util.c | 8 ++++++++ - 6 files changed, 81 insertions(+), 9 deletions(-) - -diff --git a/src/copyin.c b/src/copyin.c -index b29f348..7688baf 100644 ---- a/src/copyin.c -+++ b/src/copyin.c -@@ -91,7 +91,8 @@ tape_skip_padding (int in_file_des, off_t offset) - { - off_t pad; - -- if (archive_format == arf_crcascii || archive_format == arf_newascii) -+ if (archive_format == arf_crcascii || archive_format == arf_newascii -+ || archive_format == arf_newasciialigned) - pad = (4 - (offset % 4)) % 4; - else if (archive_format == arf_binary || archive_format == arf_hpbinary) - pad = (2 - (offset % 2)) % 2; -@@ -398,7 +399,8 @@ copyin_regular_file (struct cpio_file_stat* file_hdr, int in_file_des) - /* Can the current file be linked to a previously copied file? */ - if (file_hdr->c_nlink > 1 - && (archive_format == arf_newascii -- || archive_format == arf_crcascii) ) -+ || archive_format == arf_crcascii -+ || archive_format == arf_newasciialigned) ) - { - int link_res; - if (file_hdr->c_filesize == 0) -@@ -508,6 +510,14 @@ copyin_regular_file (struct cpio_file_stat* file_hdr, int in_file_des) - error (0, 0, _("cannot swap bytes of %s: odd number of bytes"), - file_hdr->c_name); - } -+ if (archive_format == arf_newasciialigned) -+ { -+ off_t input_position = input_bytes + -+ (in_buff - input_buffer); -+ int offset = input_position % io_block_size; -+ if (offset) -+ tape_toss_input (in_file_des, io_block_size - offset); -+ } - copy_files_tape_to_disk (in_file_des, out_file_des, file_hdr->c_filesize); - disk_empty_output_buffer (out_file_des, true); - -@@ -537,7 +547,8 @@ copyin_regular_file (struct cpio_file_stat* file_hdr, int in_file_des) - - tape_skip_padding (in_file_des, file_hdr->c_filesize); - if (file_hdr->c_nlink > 1 -- && (archive_format == arf_newascii || archive_format == arf_crcascii) ) -+ && (archive_format == arf_newascii || archive_format == arf_crcascii -+ || archive_format == arf_newasciialigned) ) - { - /* (see comment above for how the newc and crc formats - store multiple links). Now that we have the data -@@ -884,6 +895,7 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des) - struct old_cpio_header old_header; - } magic; - long bytes_skipped = 0; /* Bytes of junk found before magic number. */ -+ bool existing_dir = false; - - /* Search for a valid magic number. */ - -@@ -905,6 +917,8 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des) - - if (!strncmp (tmpbuf.s, "070701", 6)) - archive_format = arf_newascii; -+ else if (!strncmp (tmpbuf.s, "0707ca", 6)) -+ archive_format = arf_newasciialigned; - else if (!strncmp (tmpbuf.s, "070707", 6)) - archive_format = arf_oldascii; - else if (!strncmp (tmpbuf.s, "070702", 6)) -@@ -960,6 +974,33 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des) - read_in_new_ascii (file_hdr, in_des); - break; - } -+ if (archive_format == arf_newasciialigned -+ && !strncmp (magic.str, "0707ca", 6)) -+ { -+ if (bytes_skipped > 0) -+ { -+ if (!table_flag && try_existing_file (file_hdr, in_des, &existing_dir) == 0) -+ { -+ error (0, 0, _("warning: skipped %ld byte of junk. Page aligned " -+ "(newca) format detected. Current io_size is %ld, try different io_size" -+ "(e.g. -C 4096)"), bytes_skipped, io_block_size); -+ } -+ } -+ /* -+ * We cannot represent "0707ca" string in octal format. -+ * Good news, that file_hdr->c_magic for arf_newasciialigned -+ * is used only for debug print messages in main loop of -+ * process_copy_in(). It is safe to pick any non existing value. -+ * Decimal value we picked 070312 has 0x70ca hex represintation, -+ * which is lower 16 bits of full header 0x0707ca. -+ * We do not want 'newca' header to be octal representable as -+ * it can potentially conflict with newly added formats in future, -+ * and we won't upstream 'newca' format. -+ */ -+ file_hdr->c_magic = 070312; -+ read_in_new_ascii (file_hdr, in_des); -+ break; -+ } - if (archive_format == arf_crcascii - && !strncmp (magic.str, "070702", 6)) - { -@@ -1334,7 +1375,8 @@ process_copy_in () - data for the links. If it does, we'll copy in the data - to the links, but not to this file. */ - if (file_hdr.c_nlink > 1 && (archive_format == arf_newascii -- || archive_format == arf_crcascii) ) -+ || archive_format == arf_crcascii -+ || archive_format == arf_newasciialigned) ) - { - if (create_defered_links_to_skipped(&file_hdr, in_file_des) < 0) - { -@@ -1423,7 +1465,8 @@ process_copy_in () - if (append_flag) - return; - -- if (archive_format == arf_newascii || archive_format == arf_crcascii) -+ if (archive_format == arf_newascii || archive_format == arf_crcascii -+ || archive_format == arf_newasciialigned) - { - create_final_defers (); - } -diff --git a/src/copyout.c b/src/copyout.c -index 8b0beb6..ca50a68 100644 ---- a/src/copyout.c -+++ b/src/copyout.c -@@ -80,7 +80,8 @@ tape_pad_output (int out_file_des, int offset) - { - size_t pad; - -- if (archive_format == arf_newascii || archive_format == arf_crcascii) -+ if (archive_format == arf_newascii || archive_format == arf_crcascii || -+ archive_format == arf_newasciialigned) - pad = (4 - (offset % 4)) % 4; - else if (archive_format == arf_tar || archive_format == arf_ustar) - pad = (512 - (offset % 512)) % 512; -@@ -546,6 +547,11 @@ write_out_header (struct cpio_file_stat *file_hdr, int out_des) - case arf_crcascii: - return write_out_new_ascii_header ("070702", file_hdr, out_des); - -+ case arf_newasciialigned: -+ /* Pick 0707ca header. Hoping it won't conflict with any new -+ headers in future. */ -+ return write_out_new_ascii_header ("0707ca", file_hdr, out_des); -+ - case arf_oldascii: - return write_out_old_ascii_header (makedev (file_hdr->c_dev_maj, - file_hdr->c_dev_min), -@@ -690,7 +696,8 @@ process_copy_out () - break; - } - } -- if ( (archive_format == arf_newascii || archive_format == arf_crcascii) -+ if ( (archive_format == arf_newascii || archive_format == arf_crcascii || -+ archive_format == arf_newasciialigned) - && (file_hdr.c_nlink > 1) ) - { - if (last_link (&file_hdr) ) -diff --git a/src/extern.h b/src/extern.h -index 11ac6bf..d68cd53 100644 ---- a/src/extern.h -+++ b/src/extern.h -@@ -24,11 +24,12 @@ - enum archive_format - { - arf_unknown, arf_binary, arf_oldascii, arf_newascii, arf_crcascii, -- arf_tar, arf_ustar, arf_hpoldascii, arf_hpbinary -+ arf_tar, arf_ustar, arf_hpoldascii, arf_hpbinary, arf_newasciialigned - }; - - extern enum archive_format archive_format; - extern int reset_time_flag; -+#define IO_BLOCK_SIZE_DEFAULT 512 - extern int io_block_size; - extern int create_dir_flag; - extern int rename_flag; -diff --git a/src/global.c b/src/global.c -index fb3abe9..bb6cf55 100644 ---- a/src/global.c -+++ b/src/global.c -@@ -28,7 +28,7 @@ - int reset_time_flag = false; - - /* Block size value, initially 512. -B sets to 5120. */ --int io_block_size = 512; -+int io_block_size = IO_BLOCK_SIZE_DEFAULT; - - /* The header format to recognize and produce. */ - enum archive_format archive_format = arf_unknown; -diff --git a/src/main.c b/src/main.c -index b1bc70a..123b27f 100644 ---- a/src/main.c -+++ b/src/main.c -@@ -368,6 +368,8 @@ parse_opt (int key, char *arg, struct argp_state *state) - archive_format = arf_crcascii; - else if (!strcasecmp (arg, "newc")) - archive_format = arf_newascii; -+ else if (!strcasecmp (arg, "newca")) -+ archive_format = arf_newasciialigned; - else if (!strcasecmp (arg, "odc")) - archive_format = arf_oldascii; - else if (!strcasecmp (arg, "bin")) -@@ -574,6 +576,15 @@ usage (int status) - exit (status); - } - -+static inline void -+set_io_block_size() -+{ -+ /* Set io_block_size to page size if not defined */ -+ if (archive_format == arf_newasciialigned && -+ io_block_size == IO_BLOCK_SIZE_DEFAULT) -+ io_block_size = sysconf(_SC_PAGESIZE); -+} -+ - /* Process the arguments. Set all options and set up the copy pass - directory or the copy in patterns. */ - -@@ -629,6 +640,7 @@ process_args (int argc, char *argv[]) - save_patterns = &argv[index]; - if (input_archive_name) - archive_name = input_archive_name; -+ set_io_block_size(); - } - else if (copy_function == process_copy_out) - { -@@ -668,6 +680,7 @@ process_args (int argc, char *argv[]) - - if (!arf_stores_inode_p (archive_format)) - renumber_inodes_option = ignore_devno_option = 0; -+ set_io_block_size(); - } - else - { -diff --git a/src/util.c b/src/util.c -index 4421b20..96f5ffa 100644 ---- a/src/util.c -+++ b/src/util.c -@@ -479,6 +479,14 @@ copy_files_disk_to_tape (int in_des, int out_des, off_t num_bytes, - int rc; - off_t original_num_bytes; - -+ if (archive_format == arf_newasciialigned) { -+ /* Page align file content */ -+ size = io_block_size - output_size; -+ if (size > 0) { -+ write_nuls_to_file (size, out_des, tape_buffered_write); -+ } -+ } -+ - original_num_bytes = num_bytes; - - while (num_bytes > 0) --- -2.39.0 - diff --git a/SPECS/cppcheck/cppcheck.spec b/SPECS/cppcheck/cppcheck.spec deleted file mode 100644 index c039c07e6f..0000000000 --- a/SPECS/cppcheck/cppcheck.spec +++ /dev/null @@ -1,71 +0,0 @@ -Summary: Tool for static C/C++ code analysis -Name: cppcheck -Version: 2.9.3 -Release: 2%{?dist} -License: GPLv3+ -URL: https://cppcheck.sourceforge.io -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/danmar/cppcheck/archive/%{name}-%{version}.tar.gz -%define sha512 %{name}=c75162b988415ee2ed255f7c648bdea1903c6a2471923f8430ab52f4e7c1ab8d2d1249585ac9db81f7c02fa90e8c0cf59d2bc0402d286c63344def5a171d9967 - -BuildRequires: build-essential - -%if 0%{?with_check} -BuildRequires: libxml2-devel -BuildRequires: xmlstarlet -%endif - -Requires: glibc -Requires: libgcc -Requires: libstdc++ - -%description -Cppcheck is a static analysis tool for C/C++ code. Cppcheck detects the types of bugs -that the compilers normally do not detect. The goal is to detect only real -errors in the code (i.e. have zero false positives). - -%package addons -Summary: Add-ons package for Cppcheck. -Requires: python3 -Requires: %{name} = %{version}-%{release} - -%description addons -Add-ons package for Cppcheck. -Contains few helper python scripts. - -%prep -%autosetup -p1 - -%build -export FILESDIR=%{_datadir}/%{name} -%make_build - -%install -export FILESDIR=%{_datadir}/%{name} -%make_install %{?_smp_mflags} - -%if 0%{?with_check} -%check -make test %{?_smp_mflags} -make checkcfg %{?_smp_mflags} -%endif - -%files -%defattr(-,root,root) -%{_datadir}/%{name}/cfg/* -%{_datadir}/%{name}/platforms/* -%{_bindir}/%{name} - -%files addons -%defattr(-,root,root) -%{_bindir}/%{name}-htmlreport -%{_datadir}/%{name}/addons/* - -%changelog -* Wed Apr 19 2023 Ashwin Dayanand Kamat 2.9.3-2 -- Bump version as a part of libxml2 upgrade -* Fri Nov 25 2022 Ashwin Dayanand Kamat 2.9.3-1 -- Initial version diff --git a/SPECS/cppunit/cppunit.spec b/SPECS/cppunit/cppunit.spec deleted file mode 100644 index f7af27a32c..0000000000 --- a/SPECS/cppunit/cppunit.spec +++ /dev/null @@ -1,64 +0,0 @@ -Summary: C++ port of Junit test framework -Name: cppunit -Version: 1.12.1 -Release: 2%{?dist} -License: LGPLv2 -URL: https://sourceforge.net/projects/cppunit -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://sourceforge.net/projects/cppunit/files/%{name}/%{version}/%{name}-%{version}.tar.gz -%define sha512 cppunit=7af3569d028d5fa49106ece281f478cc2757cc5deca8c2512406796a7dbd6473928a1e730f28880467d19c6e59b31e55bf4f92f5cf2498a3a875ab32c5b2a081 - -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: make -BuildRequires: gcc -BuildRequires: libgcc -BuildRequires: libtool - -%description -CppUnit is the C++ port of the famous JUnit framework for unit testing. Test -output is in XML or text format for automatic testing and GUI based for -supervised tests - -%package devel -Summary: cppunit devel -Group: Development/Tools -%description devel -This contains headers and libs for development with cppunit. - -%prep -%autosetup -p1 -n %{name}-%{version} - -%build -%configure \ - --disable-silent-rules - -%make_build - -%install -%make_install %{?_smp_mflags} - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/libcppunit-*so.* - -%files devel -%defattr(-,root,root) -%{_includedir}/%{name}/* -%{_libdir}/libcppunit.a -%{_libdir}/libcppunit.so -%{_libdir}/pkgconfig* -%{_datadir}/* - -%changelog -* Fri Oct 13 2017 Alexey Makhalov 1.12.1-2 -- Use standard configure macros -* Sun Mar 26 2017 Vinay Kulkarni 1.12.1-1 -- Initial version of cppunit for Photon. diff --git a/SPECS/cpulimit/cpulimit.spec b/SPECS/cpulimit/cpulimit.spec deleted file mode 100644 index e0e37aa13d..0000000000 --- a/SPECS/cpulimit/cpulimit.spec +++ /dev/null @@ -1,52 +0,0 @@ -Name: cpulimit -Version: 2.8 -Release: 1%{?dist} -Summary: CPU Usage Limiter for Linux -Vendor: VMware, Inc. -Distribution: Photon -Group: Applications/System -License: GPLv2+ -URL: https://sourceforge.net/projects/limitcpu - -Source0: https://sourceforge.net/projects/limitcpu/files/limitcpu/%{name}-%{version}.tar.gz -%define sha512 %{name}=aeb121739a5dc9f94c6ddb0905ed05eb7d146c9d0e71c34ba46aad798bda2c30b7ccc548338b4c468f9885f09d97a4565c00199c8df6af74dc9b6f23940c540e - -BuildRequires: glibc-devel - -Requires: glibc - -%description -cpulimit is a simple program which attempts to limit the CPU usage of a process -(expressed in percentage, not in CPU time). This is useful to control batch -jobs, when you don't want them to eat too much CPU. It does not act on the nice -value or other scheduling priority stuff, but on the real CPU usage. Also, it -is able to adapt itself to the overall system load, dynamically and quickly. - -%prep -%autosetup -p1 - -%build -%make_build - -%install -export PREFIX=%{buildroot}%{_prefix} -%make_install %{?_smp_mflags} - -%clean -rm -rf %{buildroot} - -%ldconfig_scriptlets - -%files -%defattr(-,root,root) -%{_bindir}/%{name} -%{_mandir}/man1/* - -%changelog -* Mon Jul 11 2022 Gerrit Photon 2.8-1 -- Automatic Version Bump -* Mon May 30 2022 Shreenidhi Shedi 1.2-1 -- Upgrade to v1.2 -- Actual tag version is 0.2 but to maintain proper versioning, using 1.2 -* Tue May 10 2022 Benson Kwok 1.1-1 -- Initial build. First version diff --git a/SPECS/cracklib/cracklib.spec b/SPECS/cracklib/cracklib.spec deleted file mode 100644 index ae26c9102d..0000000000 --- a/SPECS/cracklib/cracklib.spec +++ /dev/null @@ -1,238 +0,0 @@ -Summary: A password strength-checking library. -Name: cracklib -Version: 2.9.8 -Release: 1%{?dist} -Group: System Environment/Libraries -URL: /~https://github.com/cracklib/cracklib -License: GPL -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/cracklib/cracklib/releases/download/v%{version}/%{name}-%{version}.tar.gz -%define sha512 %{name}-%{version}=03b97e3ab3bd73e4a5673254622d542e5ad5cae642183afe1c84f17b174284a0d618de71aa09e858b924018665bc5107cedaaa73ae2e289c0b0d1d89eed618e7 - -Source1: /~https://github.com/cracklib/cracklib/releases/download/v%{version}/%{name}-words-%{version}.gz -%define sha512 %{name}-words-%{version}=1700c56b9776b7ae4684b9ab1e784dd7707550bce2149301f662618a4f00a2eb0ba2d1a206c09aac22f7d95bc561544d412d2fdac5008fc3aabc4872e8a74afc - -BuildRequires: python3-devel -BuildRequires: python3-setuptools -BuildRequires: python3-xml - -# cross compilation requires native dicts generating tools -%define BuildRequiresNative %{name}-dicts - -Requires: /usr/bin/ln -Requires(post): /usr/bin/ln -Requires(postun): /usr/bin/rm - -%description -CrackLib tests passwords to determine whether they match certain -security-oriented characteristics. You can use CrackLib to stop -users from choosing passwords which would be easy to guess. CrackLib -performs certain tests: - -* It tries to generate words from a username and gecos entry and - checks those words against the password; -* It checks for simplistic patterns in passwords; -* It checks for the password in a dictionary. - -CrackLib is actually a library containing a particular -C function which is used to check the password, as well as -other C functions. CrackLib is not a replacement for a passwd -program; it must be used in conjunction with an existing passwd -program. - -Install the cracklib package if you need a program to check users' -passwords to see if they are at least minimally secure. If you -install CrackLib, you'll also want to install the cracklib-dicts -package. - -%package dicts -Summary: The standard CrackLib dictionaries. -Group: System Environment/Utilities -Requires: %{name} = %{version}-%{release} - -%description dicts -The cracklib-dicts package includes the CrackLib dictionaries. -CrackLib will need to use the dictionary appropriate to your system, -which is normally put in /usr/share/dict/words. Cracklib-dicts also contains -the utilities necessary for the creation of new dictionaries. - -If you are installing CrackLib, you should also install cracklib-dicts. - -%package devel -Summary: Cracklib link library & header file -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} - -%description devel -The cracklib devel package include the needed library link and -header files for development. - -%package -n python3-%{name} -Summary: The cracklib python module -Group: Development/Languages/Python -Requires: %{name} = %{version}-%{release} -Requires: python3 -Requires: python3-libs - -%description -n python3-%{name} -The cracklib python3 module - -%package lang -Summary: The CrackLib language pack. -Group: System Environment/Libraries - -%description lang -The CrackLib language pack. - -%prep -%autosetup -p1 -n %{name}-%{version} -chmod -R og+rX . -mkdir -p src/dicts -install %{SOURCE1} src/dicts/ - -%build -if [ %{_host} != %{_build} ]; then - export PYTHONXCPREFIX=/target-%{_arch}/usr - export CC=%{_host}-gcc - export LDSHARED='%{_host}-gcc -shared' - export LDFLAGS='-L/target-%{_arch}/usr/lib' -fi - -export CFLAGS="%{optflags}" - -pushd src - -./autogen.sh - -%configure \ - --disable-static \ - --without-python - -%make_build - -pushd python -%py3_build -popd -popd - -%install -pushd src -%make_install %{?_smp_mflags} -rm -f %{buildroot}%{_libdir}/*.la - -chmod 755 ./util/%{name}-format \ - ./util/%{name}-packer - -if [ %{_host} = %{_build} ]; then - export PATH=./util:$PATH -fi - -%{name}-format dicts/%{name}* | %{name}-packer %{buildroot}%{_datadir}/%{name}/words -echo password | %{name}-packer %{buildroot}%{_datadir}/%{name}/empty -rm -f %{buildroot}%{_datadir}/%{name}/%{name}-small -ln -sv %{name}-format %{buildroot}%{_sbindir}/mkdict -ln -sv %{name}-packer %{buildroot}%{_sbindir}/packer - -pushd python -%py3_install -popd -popd - -%if 0%{?with_check} -%check -mkdir -p %{_datadir}/%{name} -cp %{buildroot}%{_datadir}/%{name}/* %{_datadir}/%{name}/ -make %{?_smp_mflags} test -%endif - -%clean -rm -rf %{buildroot} - -%post -/sbin/ldconfig -[ $1 = 1 ] || exit 0 -echo "using empty dict to provide pw_dict" >&2 -ln -sf empty.hwm %{_datadir}/%{name}/pw_dict.hwm -ln -sf empty.pwd %{_datadir}/%{name}/pw_dict.pwd -ln -sf empty.pwi %{_datadir}/%{name}/pw_dict.pwi - -%triggerin -- %{name}-dicts -[ $2 = 1 ] || exit 0 -echo "switching pw_dict to cracklib-dicts" >&2 -ln -sf words.hwm %{_datadir}/%{name}/pw_dict.hwm -ln -sf words.pwd %{_datadir}/%{name}/pw_dict.pwd -ln -sf words.pwi %{_datadir}/%{name}/pw_dict.pwi - -%triggerun -- %{name}-dicts -[ $2 = 0 ] || exit 0 -echo "switching pw_dict to empty dict" >&2 -ln -sf empty.hwm %{_datadir}/%{name}/pw_dict.hwm -ln -sf empty.pwd %{_datadir}/%{name}/pw_dict.pwd -ln -sf empty.pwi %{_datadir}/%{name}/pw_dict.pwi - -%postun -/sbin/ldconfig -[ $1 = 0 ] || exit 0 -rm -f %{_datadir}/%{name}/pw_dict.hwm \ - %{_datadir}/%{name}/pw_dict.pwd \ - %{_datadir}/%{name}/pw_dict.pwi - -%files -%defattr(-,root,root) -%{_datadir}/%{name}/%{name}.magic -%{_datadir}/%{name}/empty* -%{_libdir}/libcrack.so.* - -%files devel -%defattr(-,root,root) -%{_includedir}/* -%{_libdir}/libcrack.so - -%files -n python3-%{name} -%defattr(-,root,root) -%{python3_sitelib}/* - -%files dicts -%defattr(-,root,root) -%{_sbindir}/* -%{_datadir}/%{name}/words* - -%files lang -%defattr(-,root,root) -%{_datadir}/locale/* - -%changelog -* Mon Oct 31 2022 Gerrit Photon 2.9.8-1 -- Automatic Version Bump -* Mon Aug 08 2022 Shreenidhi Shedi 2.9.7-2 -- Remove .la files -* Tue Jul 21 2020 Gerrit Photon 2.9.7-1 -- Automatic Version Bump -* Sun Jun 21 2020 Tapas Kundu 2.9.6-10 -- Mass removal python2 -* Thu Nov 15 2018 Alexey Makhalov 2.9.6-9 -- Cross compilation support -* Wed Jun 07 2017 Xiaolin Li 2.9.6-8 -- Add python3-setuptools and python3-xml to python3 sub package Buildrequires. -* Sun Jun 04 2017 Bo Gan 2.9.6-7 -- Fix script dependency -* Thu May 18 2017 Xiaolin Li 2.9.6-6 -- Move python2 requires to python subpackage and added python3. -* Thu Apr 13 2017 Bo Gan 2.9.6-5 -- Fix CVE-2016-6318, trigger for cracklib-dicts -- Trigger for dynamic symlink for dict -* Sun Nov 20 2016 Alexey Makhalov 2.9.6-4 -- Revert compressing pw_dict.pwd back. Python code - cracklib.VeryFascistCheck does not handle it. -* Tue Nov 15 2016 Alexey Makhalov 2.9.6-3 -- Remove any dicts from cracklib main package -- Compress pw_dict.pwd file -- Move doc folder to devel package -* Tue May 24 2016 Priyesh Padmavilasom 2.9.6-2 -- GA - Bump release of all rpms -* Thu Jan 14 2016 Xiaolin Li 2.9.6-1 -- Updated to version 2.9.6 -* Wed May 20 2015 Touseef Liaqat 2.9.2-2 -- Updated group. diff --git a/SPECS/crash-gcore-command/crash-gcore-command.spec b/SPECS/crash-gcore-command/crash-gcore-command.spec deleted file mode 100644 index 9525063896..0000000000 --- a/SPECS/crash-gcore-command/crash-gcore-command.spec +++ /dev/null @@ -1,57 +0,0 @@ -%global srcname crash-gcore - -Summary: Gcore extension module for the crash utility -Name: crash-gcore-command -Version: 1.6.3 -Release: 1%{?dist} -License: GPLv2 -URL: /~https://github.com/fujitsu/crash-gcore -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/fujitsu/crash-gcore/archive/v%{version}/%{name}-%{version}.tar.gz -%define sha512 %{srcname}=697952b7c55af5e4a7528cdd6fe616411d5147979fc90da55c0a3cee44510f39846e99bff3ac701c1ed98ee2c5d125e77c332b1f5b0be6e0ea1d98cf5d547a15 - -%ifarch aarch64 -Patch0: gcore_defs.patch -%endif - -BuildRequires: crash-devel - -Requires: crash - -Conflicts: crash < 8.0.2-5%{?dist} - -%description -Command for creating a core dump file of a user-space task that was -running in a kernel dump file. - -%prep -%autosetup -p1 - -%build -target="X86_64" - -%ifarch aarch64 -target="ARM64" -%endif - -%make_build -f gcore.mk ARCH=SUPPORTED TARGET="${target}" - -%install -install -m 0755 -d %{buildroot}%{_libdir}/crash/extensions - -install -m 0755 -t %{buildroot}%{_libdir}/crash/extensions \ - %{_builddir}/%{name}-%{version}/gcore.so - -%files -%defattr(-,root,root) -%license COPYING -%dir %{_libdir}/crash -%dir %{_libdir}/crash/extensions -%{_libdir}/crash/extensions/gcore.so - -%changelog -* Mon Sep 04 2023 Shreenidhi Shedi 1.6.3-1 -- Move crash-gcore-command out of crash spec. diff --git a/SPECS/crash-gcore-command/gcore_defs.patch b/SPECS/crash-gcore-command/gcore_defs.patch deleted file mode 100644 index 59544dc559..0000000000 --- a/SPECS/crash-gcore-command/gcore_defs.patch +++ /dev/null @@ -1,80 +0,0 @@ ---- crash-gcore-command-1.4.0/libgcore/gcore_defs.h.orig 2017-09-30 16:05:19.520000000 -0400 -+++ crash-gcore-command-1.4.0/libgcore/gcore_defs.h 2017-09-30 16:09:46.848000000 -0400 -@@ -584,16 +584,8 @@ - /* Type for a general-purpose register. */ - typedef unsigned long elf_greg_t; - --/* And the whole bunch of them. We could have used `struct -- pt_regs' directly in the typedef, but tradition says that -- the register set is an array, which does have some peculiar -- semantics, so leave it that way. */ --#define ELF_NGREG (sizeof (struct user_pt_regs) / sizeof(elf_greg_t)) - typedef elf_greg_t elf_gregset_t[ELF_NGREG]; - --/* Register set for the floating-point registers. */ --typedef struct user_fpsimd_state elf_fpregset_t; -- - #ifdef GCORE_ARCH_COMPAT - /* AArch32 registers. */ - struct user_regs_struct32{ -@@ -699,13 +691,6 @@ - PIDTYPE_MAX - }; - --struct elf_siginfo --{ -- int si_signo; /* signal number */ -- int si_code; /* extra code */ -- int si_errno; /* errno */ --}; -- - /* Parameters used to convert the timespec values: */ - #define NSEC_PER_USEC 1000L - #define NSEC_PER_SEC 1000000000L -@@ -796,24 +781,6 @@ - } - #endif - --struct elf_prstatus --{ -- struct elf_siginfo pr_info; /* Info associated with signal */ -- short pr_cursig; /* Current signal */ -- unsigned long pr_sigpend; /* Set of pending signals */ -- unsigned long pr_sighold; /* Set of held signals */ -- int pr_pid; -- int pr_ppid; -- int pr_pgrp; -- int pr_sid; -- struct timeval pr_utime; /* User time */ -- struct timeval pr_stime; /* System time */ -- struct timeval pr_cutime; /* Cumulative user time */ -- struct timeval pr_cstime; /* Cumulative system time */ -- elf_gregset_t pr_reg; /* GP registers */ -- int pr_fpvalid; /* True if math co-processor being used. */ --}; -- - #if defined(X86) || defined(X86_64) || defined(ARM) || defined(MIPS) - typedef unsigned short __kernel_old_uid_t; - typedef unsigned short __kernel_old_gid_t; -@@ -892,21 +859,6 @@ - - #define ELF_PRARGSZ (80) /* Number of chars for args */ - --struct elf_prpsinfo --{ -- char pr_state; /* numeric process state */ -- char pr_sname; /* char for pr_state */ -- char pr_zomb; /* zombie */ -- char pr_nice; /* nice val */ -- unsigned long pr_flag; /* flags */ -- __kernel_uid_t pr_uid; -- __kernel_gid_t pr_gid; -- pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid; -- /* Lots missing */ -- char pr_fname[16]; /* filename of executable */ -- char pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */ --}; -- - #ifdef GCORE_ARCH_COMPAT - - struct compat_elf_siginfo diff --git a/SPECS/crash/crash.spec b/SPECS/crash/crash.spec deleted file mode 100644 index 9af3d65b7b..0000000000 --- a/SPECS/crash/crash.spec +++ /dev/null @@ -1,120 +0,0 @@ -%define GDB_VERSION 10.2 - -Name: crash -Version: 8.0.2 -Release: 5%{?dist} -Summary: kernel crash analysis utility for live systems, netdump, diskdump, kdump, LKCD or mcore dumpfiles -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon -URL: http://people.redhat.com/anderson -License: GPL - -Source0: http://people.redhat.com/anderson/%{name}-%{version}.tar.gz -%define sha512 %{name}=9ff24d1206e9376e83690f76c817a48a68ff6adce677fad70335a73550a59c9af6e4753c1199f22eafa60c137156313244bbf98ed01bc2b066f41d324738ef6b - -Source2: https://ftp.gnu.org/gnu/gdb/gdb-%{GDB_VERSION}.tar.gz -%define sha512 gdb=aa89caf47c1c84366020377d47e7c51ddbc48e5b7686f244e38797c8eb88411cf57fcdc37eb669961efb41ceeac4181747f429625fd1acce7712cb9a1fea9c41 - -BuildRequires: binutils-devel -BuildRequires: glibc-devel -BuildRequires: ncurses-devel -BuildRequires: zlib-devel -BuildRequires: bison - -Requires: binutils -Requires: ncurses-libs -Requires: zlib - -%description -The core analysis suite is a self-contained tool that can be used to investigate either live systems, kernel core dumps created from the netdump, diskdump and kdump packages from Red Hat Linux, the mcore kernel patch offered by Mission Critical Linux, or the LKCD kernel patch. - -%package devel -Group: Development/Libraries -Summary: Libraries and headers for %{name} -Requires: %{name} = %{version}-%{release} -Requires: zlib-devel - -%description devel -The core analysis suite is a self-contained tool that can be used to investigate either live systems, kernel core dumps created from the netdump, diskdump and kdump packages from Red Hat Linux, the mcore kernel patch offered by Mission Critical Linux, or the LKCD kernel patch. - -This package contains libraries and header files need for development. - -%prep -%autosetup -p1 -cp %{SOURCE2} . - -%build -sed -i "s/tar --exclude-from/tar --no-same-owner --exclude-from/" Makefile - -%make_build \ - GDB=gdb-%{GDB_VERSION} \ - RPMPKG=%{version}-%{release} - -%install -mkdir -p %{buildroot}%{_bindir} \ - %{buildroot}%{_mandir}/man8 \ - %{buildroot}%{_includedir}/%{name} \ - %{buildroot}%{_libdir}/%{name} - -%make_install %{?_smp_mflags} - -install -pm 644 %{name}.8 %{buildroot}%{_mandir}/man8/%{name}.8 -chmod 0644 defs.h -cp -p defs.h %{buildroot}%{_includedir}/%{name} - -%clean -rm -rf "%{buildroot}" - -%post -/sbin/ldconfig - -%postun -/sbin/ldconfig - -%files -%defattr(-,root,root) -%{_bindir}/%{name} -%{_mandir}/man8/%{name}.8.gz - -%files devel -%defattr(-,root,root) -%dir %{_includedir}/%{name} -%{_includedir}/%{name}/*.h - -%changelog -* Mon Sep 04 2023 Shreenidhi Shedi 8.0.2-5 -- Fix devel package requires -* Fri Jun 09 2023 Nitesh Kumar 8.0.2-4 -- Bump version as a part of ncurses upgrade to v6.4 -* Fri Apr 14 2023 Shreenidhi Shedi 8.0.2-3 -- Bump version as a part of zlib upgrade -* Mon Feb 20 2023 Tapas Kundu 8.0.2-2 -- Add Bison in buildRequires. -* Tue Dec 13 2022 Gerrit Photon 8.0.2-1 -- Automatic Version Bump -* Mon May 03 2021 Gerrit Photon 7.3.0-1 -- Automatic Version Bump -* Mon Nov 30 2020 Alexey Makhalov 7.2.9-1 -- Version update -* Mon May 04 2020 Alexey Makhalov 7.2.8-1 -- Version update -* Fri Sep 07 2018 Ajay Kaher 7.2.3-1 -- Upgrading to version 7.2.3 -* Tue Nov 14 2017 Alexey Makhalov 7.1.8-2 -- Aarch64 support -* Wed Mar 22 2017 Alexey Makhalov 7.1.8-1 -- Update version to 7.1.8 (it supports linux-4.9) -- Disable a patch - it requires a verification. -* Fri Oct 07 2016 Alexey Makhalov 7.1.5-2 -- gcore-support-linux-4.4.patch -* Fri Sep 30 2016 Alexey Makhalov 7.1.5-1 -- Update version to 7.1.5 (it supports linux-4.4) -- Added gcore plugin -- Remove zlib-devel requirement from -devel subpackage -* Tue May 24 2016 Priyesh Padmavilasom 7.1.4-2 -- GA - Bump release of all rpms -* Fri Jan 22 2016 Xiaolin Li 7.1.4-1 -- Updated to version 7.1.4 -* Wed Nov 18 2015 Anish Swaminathan 7.1.3-1 -- Initial build. First version diff --git a/SPECS/createrepo_c/createrepo_c.spec b/SPECS/createrepo_c/createrepo_c.spec deleted file mode 100644 index b757bcea7d..0000000000 --- a/SPECS/createrepo_c/createrepo_c.spec +++ /dev/null @@ -1,141 +0,0 @@ -Summary: Creates a common metadata repository -Name: createrepo_c -Version: 0.20.1 -Release: 8%{?dist} -License: GPLv2+ -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon -URL: /~https://github.com/rpm-software-management/createrepo_c - -Source0: /~https://github.com/rpm-software-management/createrepo_c/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=54a2cc7c7cd3f3b9a0c23cd8c136ae1331e7fa7cc995189088e7e6f2276c78b2b84e21c2a2b93f4528b5e9e4018dd6525262c8aaba3bc8a1412a51dfafd101f7 - -BuildRequires: bzip2-devel -BuildRequires: cmake -BuildRequires: curl-devel -BuildRequires: file-devel -BuildRequires: glib-devel -BuildRequires: libffi-devel -BuildRequires: libxml2-devel -BuildRequires: rpm-devel -BuildRequires: xz-devel -BuildRequires: sqlite-devel -BuildRequires: python3-devel -BuildRequires: drpm-devel -BuildRequires: zchunk-devel -BuildRequires: rpm-devel -BuildRequires: zlib-devel - -Requires: zlib -Requires: drpm -Requires: zchunk-libs -Requires: rpm-libs -Requires: curl-libs -Requires: openssl-libs -Requires: xz-libs -Requires: file-libs -Requires: sqlite-libs -Requires: zchunk-libs -Requires: bzip2-libs -Requires: glib -Requires: popt -Requires: libxml2 - -Obsoletes: createrepo - -Provides: createrepo -Provides: /bin/mergerepo -Provides: /bin/modifyrepo - -%description -C implementation of the createrepo. - -%package devel -Summary: Library for repodata manipulation -Requires: %{name} = %{version}-%{release} -Requires: glib-devel -Requires: sqlite-devel -Requires: libxml2-devel - -Provides: createrepo-devel - -%description devel -headers and libraries for createrepo_c - -%prep -%autosetup -p1 - -%build -%{cmake} \ - -DWITH_LIBMODULEMD=OFF \ - -DCMAKE_INSTALL_LIBDIR=%{_libdir} \ - -DCMAKE_BUILD_TYPE=RelWithDebInfo - -%{cmake_build} - -%install -%{cmake_install} -pushd %{buildroot}%{_bindir} -for b in createrepo mergerepo modifyrepo; do - test -e ${b}_c && ln -srv ${b}_c ${b} || exit 1 -done -popd - -%clean -rm -rf %{buildroot} - -%files -%defattr(-, root, root) -%{_bindir}/* -%{_libdir}/*.so.* -%{_mandir}/* -%exclude %{_libdir}/python* - -%files devel -%defattr(-, root, root) -%{_includedir}/* -%{_libdir}/*.so -%{_libdir}/pkgconfig/%{name}.pc - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 0.20.1-8 -- Bump version as a part of openssl upgrade -* Thu Nov 09 2023 Shreenidhi Shedi 0.20.1-7 -- Bump version as a part of rpm upgrade -* Mon Sep 04 2023 Shreenidhi Shedi 0.20.1-6 -- Fix devel package requires -* Wed Apr 19 2023 Ashwin Dayanand Kamat 0.20.1-5 -- Bump version as a part of libxml2 upgrade -* Wed Jan 11 2023 Oliver Kurth 0.20.1-4 -- bump release as part of sqlite update -* Fri Jan 06 2023 Oliver Kurth 0.20.1-3 -- bump version as a part of xz upgrade -- add bzip2-devel to build requires -- relative symlinks -* Tue Jan 03 2023 Shreenidhi Shedi 0.20.1-2 -- Bump version as a part of rpm upgrade -* Wed Sep 28 2022 Shreenidhi Shedi 0.20.1-1 -- Upgrade to v0.20.1 -* Sat Jul 30 2022 Shreenidhi Shedi 0.16.0-7 -- Bump version as a part of sqlite upgrade -* Thu Jul 07 2022 Shreenidhi Shedi 0.16.0-6 -- Bump version as a part of rpm upgrade -* Mon Jun 20 2022 Shreenidhi Shedi 0.16.0-5 -- Use cmake macros for build and install -* Wed Nov 17 2021 Nitesh Kumar 0.16.0-4 -- Release bump up to use libxml2 2.9.12-1. -* Tue Nov 16 2021 Satya Naga Vasamsetty 0.16.0-3 -- Bump up release for openssl -* Fri Aug 20 2021 Shreenidhi Shedi 0.16.0-2 -- Bump version as a part of rpm upgrade -* Mon Jun 22 2020 Gerrit Photon 0.16.0-1 -- Automatic Version Bump -* Wed Jun 19 2019 Ankit Jain 0.11.1-2 -- Added libxml2 as Requires for makecheck. -* Tue Sep 04 2018 Keerthana K 0.11.1-1 -- Updated to version 0.11.1. -* Mon Jun 04 2018 Xiaolin Li 0.10.0-2 -- Provides modifyrepo and merge repo -* Wed Oct 04 2017 Priyesh Padmavilasom 0.10.0-1 -- Initial diff --git a/SPECS/cri-tools/cri-tools.spec b/SPECS/cri-tools/cri-tools.spec deleted file mode 100644 index a70ff69e76..0000000000 --- a/SPECS/cri-tools/cri-tools.spec +++ /dev/null @@ -1,89 +0,0 @@ -%define debug_package %{nil} - -Summary: CRI tools -Name: cri-tools -Version: 1.22.0 -Release: 11%{?dist} -License: Apache License Version 2.0 -URL: /~https://github.com/kubernetes-incubator/cri-tools -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/kubernetes-incubator/%{name}/releases/tag/archive/%{name}-%{version}.tar.gz -%define sha512 %{name}-%{version}.tar.gz=4a2751ebe0b1ed7cb739a71230272ace0cbddc516abba39c6bf07d5e2648bd60e2139935b77a5388028887915162c957f652ea05434ff7865256721d10f863df - -BuildRequires: go - -Requires: calico-cni - -%description -cri-tools aims to provide a series of debugging and validation tools for Kubelet CRI, which includes: -crictl: CLI for kubelet CRI. -critest: validation test suites for kubelet CRI. - -%prep -%autosetup -p1 - -%build -export GO111MODULE=on -export GOFLAGS="-mod=vendor" -# BUILDTAGS can be removed after cri-tools >= v1.24.1 -# /~https://github.com/kubernetes-sigs/cri-tools/pull/931 -export BUILDTAGS="selinux seccomp" - -%make_build VERSION="%{version}-%{release}" - -%install -mkdir -p %{buildroot}%{_bindir} -mv build/bin/crictl %{buildroot}%{_bindir} - -%clean -rm -rf %{buildroot}/* - -%check -%make_build test-e2e - -%files -%defattr(-,root,root) -%{_bindir}/crictl - -%changelog -* Wed Oct 11 2023 Piyush Gupta 1.22.0-11 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 1.22.0-10 -- Bump up version to compile with new go -* Mon Sep 04 2023 Shreenidhi Shedi 1.22.0-9 -- Add calico-cni to requires -* Mon Jul 17 2023 Piyush Gupta 1.22.0-8 -- Bump up version to compile with new go -* Mon Jul 03 2023 Piyush Gupta 1.22.0-7 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 1.22.0-6 -- Bump up version to compile with new go -* Thu Mar 09 2023 Piyush Gupta 1.22.0-5 -- Bump up version to compile with new go -* Mon Nov 21 2022 Piyush Gupta 1.22.0-4 -- Bump up version to compile with new go -* Wed Oct 26 2022 Piyush Gupta 1.22.0-3 -- Bump up version to compile with new go -* Tue Jul 19 2022 Piyush Gupta 1.22.0-2 -- Bump up version to compile with new go -* Thu May 26 2022 Gerrit Photon 1.22.0-1 -- Automatic Version Bump -* Fri May 06 2022 Shreenidhi Shedi 1.21.0-3 -- Fix spec -* Fri Jun 11 2021 Piyush Gupta 1.21.0-2 -- Bump up version to compile with new go -* Mon Apr 12 2021 Gerrit Photon 1.21.0-1 -- Automatic Version Bump -* Fri Feb 05 2021 Harinadh D 1.19.0-3 -- Bump up version to compile with new go -* Fri Jan 15 2021 Piyush Gupta 1.19.0-2 -- Bump up version to compile with new go -* Tue Sep 01 2020 Gerrit Photon 1.19.0-1 -- Automatic Version Bump -* Mon Jun 22 2020 Gerrit Photon 1.18.0-1 -- Automatic Version Bump -* Thu Jul 26 2018 Tapas Kundu 1.11.1-1 -- Initial build added for Photon. diff --git a/SPECS/cronie/cronie.spec b/SPECS/cronie/cronie.spec deleted file mode 100644 index b10a58843d..0000000000 --- a/SPECS/cronie/cronie.spec +++ /dev/null @@ -1,162 +0,0 @@ -Summary: Cron Daemon -Name: cronie -Version: 1.6.1 -Release: 1%{?dist} -License: GPLv2+ and MIT and BSD and ISC -URL: /~https://github.com/cronie-crond/cronie -Source0: /~https://github.com/cronie-crond/cronie/releases/download/cronie-%{version}/cronie-%{version}.tar.gz -%define sha512 cronie=1e095df9670ec25d6629f4cf2cacd82c6c1cb1487a859815a7881a1d130e4f18f9976396f773abae24dadc232166bb6467bbaeac1cb0254209fcadf3530d5e6f -Source1: run-parts.sh -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon -BuildRequires: libselinux-devel -BuildRequires: Linux-PAM-devel -BuildRequires: systemd -Requires: systemd -Requires: libselinux -Requires: Linux-PAM - -%description -Cronie contains the standard UNIX daemon crond that runs specified programs at -scheduled times and related tools. It is based on the original cron and -has security and configuration enhancements like the ability to use pam and -SELinux. - -%prep -%autosetup -n cronie-cronie-%{version} -sed -i 's/^\s*auth\s*include\s*password-auth$/auth include system-auth/g; - s/^\s*account\s*include\s*password-auth$/account include system-account/g; - s/^\s*session\s*include\s*password-auth$/session include system-session/g;' pam/crond - -%build -sh autogen.sh -%configure \ - --with-pam \ - --enable-anacron \ - --enable-pie \ - --enable-relro -make %{?_smp_mflags} - -%install -make DESTDIR=%{buildroot} %{?_smp_mflags} install -install -vdm700 %{buildroot}%{_localstatedir}/spool/cron - -install -vdm755 %{buildroot}%{_sysconfdir}/sysconfig/ -install -vm644 crond.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/crond - -install -vdm755 %{buildroot}%{_sysconfdir}/cron.d/ -install -vm644 contrib/0hourly %{buildroot}%{_sysconfdir}/cron.d/0hourly -install -vm644 contrib/dailyjobs %{buildroot}%{_sysconfdir}/cron.d/dailyjobs - -install -vdm755 %{buildroot}%{_sysconfdir}/cron.hourly -install -vm755 contrib/0anacron %{buildroot}%{_sysconfdir}/cron.hourly/0anacron - -install -vdm755 %{buildroot}%{_sysconfdir}/cron.daily -install -vdm755 %{buildroot}%{_sysconfdir}/cron.weekly -install -vdm755 %{buildroot}%{_sysconfdir}/cron.monthly - -install -vm644 contrib/anacrontab %{buildroot}%{_sysconfdir}/anacrontab - -touch %{buildroot}%{_sysconfdir}/cron.deny - -install -vdm755 %{buildroot}/var/spool/anacron -touch %{buildroot}/var/spool/anacron/cron.daily -touch %{buildroot}/var/spool/anacron/cron.weekly -touch %{buildroot}/var/spool/anacron/cron.monthly - -install -m755 %{SOURCE1} %{buildroot}/%{_bindir}/run-parts - -install -vdm755 %{buildroot}%{_libdir}/systemd/system/ -install -m644 contrib/cronie.systemd %{buildroot}%{_libdir}/systemd/system/crond.service -ln -sfv ./crond.service %{buildroot}%{_libdir}/systemd/system/cron.service - -%check -make %{?_smp_mflags} check - -%post -/sbin/ldconfig -%systemd_post crond.service - -%postun -/sbin/ldconfig -%systemd_postun_with_restart crond.service - -%preun -%systemd_preun crond.service - -%files -%defattr(-,root,root) -%{_lib}/systemd/system/cron.service -%{_libdir}/systemd/system/crond.service - -%config(noreplace) %{_sysconfdir}/pam.d/crond - -%dir %{_localstatedir}/spool/cron -%dir %{_sysconfdir}/cron.d -%config(noreplace) %{_sysconfdir}/cron.d/0hourly -%config(noreplace) %{_sysconfdir}/cron.d/dailyjobs -%dir %{_sysconfdir}/cron.hourly -%{_sysconfdir}/cron.hourly/0anacron -%dir %{_sysconfdir}/cron.daily -%dir %{_sysconfdir}/cron.weekly -%dir %{_sysconfdir}/cron.monthly - -%attr(4755,root,root) %{_bindir}/crontab -%{_bindir}/run-parts -%{_bindir}/cronnext -%{_sbindir}/crond -%{_sbindir}/anacron - -%{_mandir}/man1/* -%{_mandir}/man5/* -%{_mandir}/man8/* - -%config(noreplace) %{_sysconfdir}/cron.deny -%config(noreplace) %{_sysconfdir}/sysconfig/crond - -%dir /var/spool/anacron -%config(noreplace) %{_sysconfdir}/anacrontab -%ghost %attr(0600,root,root) %{_localstatedir}/spool/anacron/cron.daily -%ghost %attr(0600,root,root) %{_localstatedir}/spool/anacron/cron.monthly -%ghost %attr(0600,root,root) %{_localstatedir}/spool/anacron/cron.weekly - -%changelog -* Thu May 26 2022 Gerrit Photon 1.6.1-1 -- Automatic Version Bump -* Mon Apr 18 2022 Gerrit Photon 1.6.0-1 -- Automatic Version Bump -* Mon Apr 12 2021 Gerrit Photon 1.5.7-1 -- Automatic Version Bump -* Mon Jun 22 2020 Gerrit Photon 1.5.5-1 -- Automatic Version Bump -* Mon Apr 24 2017 Bo Gan 1.5.1-1 -- Update to 1.5.1 -* Wed Dec 07 2016 Xiaolin Li 1.5.0-13 -- BuildRequires Linux-PAM-devel -* Wed Oct 05 2016 ChangLee 1.5.0-12 -- Modified %check -* Mon Aug 29 2016 Divya Thaluru 1.5.0-11 -- Fixed pam configuration for crond -* Thu Aug 4 2016 Divya Thaluru 1.5.0-10 -- Added logic to not replace conf files in upgrade scenario -* Tue May 24 2016 Priyesh Padmavilasom 1.5.0-9 -- GA - Bump release of all rpms -* Tue May 3 2016 Divya Thaluru 1.5.0-8 -- Fixing spec file to handle rpm upgrade scenario correctly -* Thu Mar 24 2016 Xiaolin Li 1.5.0-7 -- Add run-parts command. -* Fri Mar 04 2016 Anish Swaminathan 1.5.0-6 -- Add folders to sysconfdir. -* Mon Feb 08 2016 Anish Swaminathan 1.5.0-5 -- Change default sysconfdir. -* Thu Dec 10 2015 Xiaolin Li 1.5.0-4 -- Add systemd to Requires and BuildRequires. -- Use systemctl to enable/disable service. -* Mon Nov 30 2015 Xiaolin Li 1.5.0-3 -- Symlink cron.service to crond.service. -- And move the /usr/etc/pam.d/crond to /etc/pam.d/crond -* Thu Nov 12 2015 Xiaolin Li 1.5.0-2 -- Add crond to systemd service. -* Wed Jun 17 2015 Divya Thaluru 1.5.0-1 -- Initial build. First version. diff --git a/SPECS/cronie/run-parts.sh b/SPECS/cronie/run-parts.sh deleted file mode 100644 index 8e8f7f9e02..0000000000 --- a/SPECS/cronie/run-parts.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -# run-parts - concept taken from Debian -set +e - -if [ $# -lt 1 ]; then - echo "Usage : run-parts " - exit 1 -fi - -if [ ! -d $1 ]; then - echo "$1 is not a directory" - exit 1 -fi - -# ignore *~ and *, scripts -for i in $(LC_ALL=C; echo $1/*[^~,]); do - # skip directory - [ -d $i ] && continue - #Don't run *.{rpmsave, rpmorig,rpmnew,swp,cfsaved} scripts - [ "${i%.rpmsave}" = "${i}" ] || continue - [ "${i%.rpmorig}" = "${i}" ] || continue - [ "${i%.rpmnew}" = "${i}" ] || continue - [ "${i%.swp}" = "${i}" ] || continue - [ "${i%.cfsaved}" = "${i}" ] || continue - [ "${i%,v}" = "${i}" ] || continue - - # jobs.deny and jobs.allow - if [ -r $1/jobs.deny ]; then - grep -q "^$(basename $i)$" $1/jobs.deny && continue - fi - if [ -r S1/jobs.allow ]; then - grep -q "^$(basename $i)$" $1/job.allow || continue - fi - - if [ -x $i ]; then - if [ -r $1/whitelist ]; then - grep -q "^$(basename $i)$" $1/whitelist && continue - fi - logger -p cron.notice -t "run-parts[$$]" "($1) starting $(basename $i)" - echo "${i}:" - echo - $i 2>&1 - logger -i -p cron.notice -t "run-parts[$$]" "($1) finished $(basename $i)" - fi -done - -exit 0 - diff --git a/SPECS/crun/crun.spec b/SPECS/crun/crun.spec deleted file mode 100644 index 90c54a2d32..0000000000 --- a/SPECS/crun/crun.spec +++ /dev/null @@ -1,65 +0,0 @@ -Name: crun -Version: 1.8 -Release: 2%{?dist} -Summary: OCI runtime in C -License: GPLv2+ -Group: Development/Other -Vendor: VMware, Inc. -Distribution: Photon -URL: /~https://github.com/containers/crun -Source0: /~https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.xz -%define sha512 crun=373d4fa69085b1ffecff32b4f2da0ab7dd0ec80d68e24ab262127e71cdfcbee50b932aa109980ad683444fdfe288a6495fc40cd81beb8b56af5c244218c7157c -BuildRequires: libcap-devel -BuildRequires: libseccomp-devel -BuildRequires: systemd-devel -BuildRequires: python3 -BuildRequires: yajl-devel -BuildRequires: git -BuildRequires: libgcrypt-devel -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: go-md2man -BuildRequires: libtool -BuildRequires: protobuf-c-devel -BuildRequires: make -BuildRequires: libselinux-devel -BuildRequires: gcc -BuildRequires: pkg-config - -Requires: glibc -Requires: libcap -Requires: libseccomp -Requires: systemd - -%description -A fast and low-memory footprint OCI Container Runtime fully written in C - -%prep -%autosetup -Sgit -n %{name}-%{version} - -%build -./autogen.sh - -%configure \ - --disable-silent-rules \ - --enable-embedded-yajl=yes -%make_build - -%install -%make_install -rm -f %{buildroot}%{_prefix}/lib/*.la \ - %{buildroot}%{_prefix}/lib/*.a - -%files -%defattr(-,root,root,-) -%doc COPYING -%{_bindir}/%{name} -%{_mandir}/* - -%changelog -* Sat Jun 10 2023 Shreenidhi Shedi 1.8-2 -- Bump version as a part of protobuf upgrade -* Fri Feb 10 2023 Gerrit Photon 1.8-1 -- Automatic Version Bump -* Wed Jun 08 2022 Satya Naga Vasamsetty 1.4.5-1 -- crun initial build diff --git a/SPECS/cryptsetup/cryptsetup.spec b/SPECS/cryptsetup/cryptsetup.spec deleted file mode 100644 index d5a2a41596..0000000000 --- a/SPECS/cryptsetup/cryptsetup.spec +++ /dev/null @@ -1,166 +0,0 @@ -Summary: Utility to setup encrypted disks -Name: cryptsetup -Version: 2.4.3 -Release: 3%{?dist} -License: GPLv2+ and LGPLv2+ -Group: System Environment/Base -Vendor: VMware, Inc. -URL: https://gitlab.com/cryptsetup/cryptsetup -Distribution: Photon - -Source0: %{name}-v%{version}.tar.gz -%define sha512 %{name}=c3d56a9d89253ad56e729a7faa334ca2b1650229e0527123f5fdb77e6801b920b9e2b5154db6247fadc08591c25c458666f5369e7a894f7ae635e1e31c09d2cf - -BuildRequires: systemd-devel -BuildRequires: openssl-devel -BuildRequires: popt-devel -BuildRequires: device-mapper-devel -BuildRequires: gcc -BuildRequires: make -BuildRequires: json-c-devel -BuildRequires: libpwquality-devel -BuildRequires: libargon2-devel -BuildRequires: libssh-devel - -Requires: cryptsetup-libs = %{version}-%{release} -Requires: libpwquality -Requires: util-linux-libs -Requires: openssl -Requires: device-mapper-libs -Requires: device-mapper - -%description -Cryptsetup is a utility used to conveniently set up disk encryption based -on the DMCrypt kernel module. - -%package -n %{name}-devel -Summary: Headers and Libraries for Cryptsetup -Group: Development/Libraries -Requires: %{name}-libs = %{version}-%{release} - -%description -n %{name}-devel -Headers and Libraries for integrating with Cryptsetup - -%package -n %{name}-libs -Summary: Shared Libraries for Cryptsetup -Group: Development/Libraries -Requires: util-linux-libs -Requires: libargon2 -Requires: json-c -Requires: openssl -Requires: device-mapper-libs - -%description -n %{name}-libs -Shared libraries for Cryptsetup - -%package -n veritysetup -Summary: Utility to set up dm-verity volumes -Requires: %{name}-libs = %{version}-%{release} - -%description -n veritysetup -Utility to set up dm-verity volumes. - -%package -n integritysetup -Summary: Utility to set up dm-integrity volumes -Requires: %{name}-libs = %{version}-%{release} - -%description -n integritysetup -Utility to set up dm-integrity volumes. - -%package -n %{name}-reencrypt -Summary: Utility to perform offline reencryption of LUKS enabled disks -Requires: %{name}-libs = %{version}-%{release} - -%description -n %{name}-reencrypt -Utility to perform offline reencryption of LUKS enabled disks. - -%package -n %{name}-ssh-token -Summary: Cryptsetup LUKS2 SSH token -Requires: %{name}-libs = %{version}-%{release} -Requires: libssh - -%description ssh-token -This package contains the LUKS2 SSH token. - -%prep -%autosetup -n %{name}-v%{version} - -%build -bash ./autogen.sh -%configure --enable-fips --enable-pwquality --enable-libargon2 -%make_build - -%install -%make_install -rm -rf %{buildroot}%{_libdir}/*.la - -%find_lang %{name} - -%post -n %{name}-libs -/sbin/ldconfig - -%postun -n %{name}-libs -/sbin/ldconfig - -%files -%defattr(-,root,root) -%license COPYING -%doc AUTHORS FAQ docs/*ReleaseNotes -%{_mandir}/man8/cryptsetup.8.gz -%{_sbindir}/cryptsetup - -%files -n veritysetup -%defattr(-,root,root) -%license COPYING -%{_mandir}/man8/veritysetup.8.gz -%{_sbindir}/veritysetup - -%files -n integritysetup -%defattr(-,root,root) -%license COPYING -%{_mandir}/man8/integritysetup.8.gz -%{_sbindir}/integritysetup - -%files reencrypt -%defattr(-,root,root) -%license COPYING -%doc misc/dracut_90reencrypt -%{_mandir}/man8/%{name}-reencrypt.8.gz -%{_sbindir}/%{name}-reencrypt - -%files devel -%defattr(-,root,root) -%doc docs/examples/* -%{_includedir}/libcryptsetup.h -%{_libdir}/libcryptsetup.so -%{_libdir}/pkgconfig/libcryptsetup.pc - -%files libs -f cryptsetup.lang -%defattr(-,root,root) -%license COPYING COPYING.LGPL -%{_libdir}/libcryptsetup.so.* -%{_tmpfilesdir}/cryptsetup.conf -%ghost %attr(700, -, -) %dir /run/cryptsetup - -%files ssh-token -%license COPYING COPYING.LGPL -%{_libdir}/%{name}/libcryptsetup-token-ssh.so -%{_mandir}/man8/cryptsetup-ssh.8.gz -%{_sbindir}/cryptsetup-ssh -%exclude %{_libdir}/%{name}/libcryptsetup-token-ssh.la - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 2.4.3-3 -- Bump version as a part of openssl upgrade -* Tue Sep 05 2023 Nitesh Kumar 2.4.3-2 -- Version bump up to use libssh v0.10.5 -* Wed Apr 20 2022 Gerrit Photon 2.4.3-1 -- Automatic Version Bump -* Wed Jan 12 2022 Tapas Kundu 2.4.2-1 -- Fix CVE-2021-4122 -- Update to 2.4.2 -* Tue Nov 30 2021 Satya Naga Vasamsetty 2.3.5-2 -- bump up version for openssl 3.0.0 compatibility -- Add device-mapper package dependency -* Thu Apr 8 2021 Vamsi Krishna Brahmajosyula 2.3.5-1 -- Initial package. diff --git a/SPECS/cscope/cscope.spec b/SPECS/cscope/cscope.spec deleted file mode 100644 index 1aa82c774e..0000000000 --- a/SPECS/cscope/cscope.spec +++ /dev/null @@ -1,38 +0,0 @@ -Summary: cscope is an interactive C code browser -Name: cscope -Version: 15.9 -Release: 1%{?dist} -License: BSD -Group: Development/Tools -URL: http://cscope.sourceforge.net -Source: http://downloads.sourceforge.net/cscope/%{name}-%{version}.tar.gz -%define sha1 cscope=e89c6a3458164552d9301ccc213181f463e5210e -Vendor: VMware, Inc. -Distribution: Photon - -%description -cscope is an interactive, screen-oriented tool that allows the user to browse -through C source files for specified elements of code. - -%prep -%setup -q - -%build -%configure -make %{?_smp_mflags} - -%install -%makeinstall - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root) -%doc TODO COPYING ChangeLog AUTHORS README NEWS INSTALL -%{_bindir}/* -%{_mandir}/man1/* - -%changelog -* Tue Feb 25 2020 Siddharth Chandrasekran 15.9-1 -- Initial version for Photon diff --git a/SPECS/ctags/ctags.spec b/SPECS/ctags/ctags.spec deleted file mode 100644 index b928afbb71..0000000000 --- a/SPECS/ctags/ctags.spec +++ /dev/null @@ -1,67 +0,0 @@ -%define upstreamversion 20230212.0 - -Summary: A C programming language indexing and/or cross-reference tool -Name: ctags -Version: 6.0 -Release: 2%{?dist} -License: GPL -URL: https://ctags.io/ -Source: /~https://github.com/universal-ctags/ctags/archive/%{name}-%{version}.%{upstreamversion}.tar.gz -%define sha512 ctags=976aaf8c87ab35019ea621ed67781f652ac43250a042708a80e063faa827fa9ecf69ad751a28a09ecb56a9f767a3c79d3a91fbb6cf9625daf3426f8c7f4eb871 -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: gcc -BuildRequires: jansson-devel -BuildRequires: libseccomp-devel -BuildRequires: libxml2-devel -BuildRequires: libyaml-devel -BuildRequires: make -BuildRequires: python3-docutils - -%description -Universal Ctags (abbreviated as u-ctags) is a maintained implementation of ctags. -ctags generates an index (or tag) file of language objects found in source files -for programming languages. This index makes it easy for text editors and other -tools to locate the indexed items. - -%prep -%autosetup -p1 -n %{name}-p%{version}.%{upstreamversion} - -%build -./autogen.sh -%configure - -%make_build - -%install -%make_install - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%license COPYING -%doc README.md -%{_bindir}/%{name} -%{_bindir}/optscript -%{_bindir}/readtags -%{_mandir}/man1/* -%{_mandir}/man5/* -%{_mandir}/man7/* - -%changelog -* Wed Apr 19 2023 Ashwin Dayanand Kamat 6.0-2 -- Bump version as a part of libxml2 upgrade -* Fri Feb 17 2023 Anmol Jain 6.0-1 -- Automatic Version Bump -* Mon Sep 19 2022 Anmol Jain 5.9-1 -- Migrate to Universal ctags -* Tue May 24 2016 Priyesh Padmavilasom 5.8-2 -- GA - Bump release of all rpms -* Tue Jul 14 2015 Luis Zuniga 5.8-1 -- Initial build for Photon diff --git a/SPECS/cups/cups.spec b/SPECS/cups/cups.spec deleted file mode 100644 index 035d942f57..0000000000 --- a/SPECS/cups/cups.spec +++ /dev/null @@ -1,114 +0,0 @@ -Summary: The Common UNIX Printing System -Name: cups -Version: 2.4.7 -Release: 2%{?dist} -License: LGPLv2+ -URL: https://openprinting.github.io/cups -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/OpenPrinting/cups/releases/download/v%{version}/cups-%{version}.tar.gz -%define sha512 %{name}=27ca505a2868aa7bc248bac892aafe2a837633e73b6059d3ab4812264e3b0e786ef075751e8cc4300ce6bc43ef095e3d77dd3fce88ce8e72ca69b65093427bca - -BuildRequires: automake -BuildRequires: dbus-devel -BuildRequires: pkg-config -BuildRequires: Linux-PAM-devel -BuildRequires: krb5-devel -BuildRequires: libusb-devel -BuildRequires: openssl-devel - -Requires: libusb -Requires: dbus -Requires: gnutls -Requires: krb5 -Requires: zlib - -%description -The Common Unix Printing System (CUPS) is a print spooler and associated utilities. -It is based on the "Internet Printing Protocol" and provides printing services to most PostScript and raster printers. - -%package devel -Summary: Header and development files -License: LGPLv2 -Group: Development/Libraries/C and C++ -Requires: %{name} = %{version}-%{release} - -%description devel -It contains the header files to create applications - -%prep -%autosetup -p1 - -%build -%configure \ - CFLAGS="%{optflags}" \ - CXXFLAGS="%{optflags}" - -%make_build - -%install -make %{?_smp_mflags} install BUILDROOT=%{buildroot} -find %{buildroot} -name '*.desktop' -delete -find %{buildroot} -name '*.png' -delete - -%ldconfig_scriptlets - -%check -make %{?_smp_mflags} check - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%config(noreplace) %attr(640,root,root) %{_sysconfdir}/cups/cups-files.conf -%config(noreplace) %attr(640,root,root) %{_sysconfdir}/cups/cupsd.conf -%config(noreplace) %attr(640,root,root) %{_sysconfdir}/cups/snmp.conf -%config %{_sysconfdir}/cups/cupsd.conf.default -%config %{_sysconfdir}/cups/cups-files.conf.default -%config %{_sysconfdir}/cups/snmp.conf.default -%dir %attr(755,root,root) %{_sysconfdir}/cups/ppd -%dir %attr(700,root,root) %{_sysconfdir}/cups/ssl -%config %{_sysconfdir}/rc.d/ -%config %{_sysconfdir}/dbus-1/system.d/cups.conf - -%{_bindir}/* -%{_sbindir}/* -%{_libdir}/libcups*.so.* -%dir %{_libdir}/cups -%{_libdir}/cups/* - -%doc %{_mandir}/* -%doc %{_docdir}/cups -%{_datadir}/cups/ -%{_datadir}/locale/ - -%files devel -%defattr(-,root,root) -%{_includedir}/cups/ -%{_libdir}/libcups*.so -%{_libdir}/pkgconfig/cups.pc - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 2.4.7-2 -- Bump version as a part of openssl upgrade -* Fri Sep 29 2023 Srish Srinivasan 2.4.7-1 -- Update to v2.4.7 to fix CVE-2023-4504 -* Fri Jul 28 2023 Srish Srinivasan 2.4.6-2 -- Bump version as a part of krb5 upgrade -* Mon Jul 10 2023 Ashwin Dayanand Kamat 2.4.6-1 -- Update to v2.4.6 -* Thu Jun 15 2023 Ashwin Dayanand Kamat 2.4.2-5 -- Fix for CVE-2023-34241 -* Wed May 24 2023 Ashwin Dayanand Kamat 2.4.2-4 -- Fix for CVE-2023-32324 -* Fri Apr 14 2023 Shreenidhi Shedi 2.4.2-3 -- Bump version as a part of zlib upgrade -* Thu Jan 26 2023 Ashwin Dayanand Kamat 2.4.2-2 -- Bump version as a part of krb5 upgrade -* Thu Dec 15 2022 Gerrit Photon 2.4.2-1 -- Automatic Version Bump -* Mon Jun 20 2022 Prashant S Chauhan 2.2.7-1 -- Build cups diff --git a/SPECS/curl/curl-CVE-2023-38039.patch b/SPECS/curl/curl-CVE-2023-38039.patch deleted file mode 100644 index b080237111..0000000000 --- a/SPECS/curl/curl-CVE-2023-38039.patch +++ /dev/null @@ -1,211 +0,0 @@ -From 3ee79c1674fd6f99e8efca52cd7510e08b766770 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Wed, 2 Aug 2023 23:34:48 +0200 -Subject: [PATCH] http: return error when receiving too large header set - -To avoid abuse. The limit is set to 300 KB for the accumulated size of -all received HTTP headers for a single response. Incomplete research -suggests that Chrome uses a 256-300 KB limit, while Firefox allows up to -1MB. - -Closes #11582 ---- - lib/c-hyper.c | 12 +++++++----- - lib/cf-h1-proxy.c | 4 +++- - lib/http.c | 34 ++++++++++++++++++++++++++++++---- - lib/http.h | 9 +++++++++ - lib/pingpong.c | 4 +++- - lib/urldata.h | 17 ++++++++--------- - 6 files changed, 60 insertions(+), 20 deletions(-) - -diff --git a/lib/c-hyper.c b/lib/c-hyper.c -index c29983c0b24a6..0b9d9ab478e67 100644 ---- a/lib/c-hyper.c -+++ b/lib/c-hyper.c -@@ -182,8 +182,11 @@ static int hyper_each_header(void *userdata, - } - } - -- data->info.header_size += (curl_off_t)len; -- data->req.headerbytecount += (curl_off_t)len; -+ result = Curl_bump_headersize(data, len, FALSE); -+ if(result) { -+ data->state.hresult = result; -+ return HYPER_ITER_BREAK; -+ } - return HYPER_ITER_CONTINUE; - } - -@@ -313,9 +316,8 @@ static CURLcode status_line(struct Curl_easy *data, - if(result) - return result; - } -- data->info.header_size += (curl_off_t)len; -- data->req.headerbytecount += (curl_off_t)len; -- return CURLE_OK; -+ result = Curl_bump_headersize(data, len, FALSE); -+ return result; - } - - /* -diff --git a/lib/cf-h1-proxy.c b/lib/cf-h1-proxy.c -index c9b157c9bccc7..b1d8cb618b7d1 100644 ---- a/lib/cf-h1-proxy.c -+++ b/lib/cf-h1-proxy.c -@@ -587,7 +587,9 @@ static CURLcode recv_CONNECT_resp(struct Curl_cfilter *cf, - return result; - } - -- data->info.header_size += (long)perline; -+ result = Curl_bump_headersize(data, perline, TRUE); -+ if(result) -+ return result; - - /* Newlines are CRLF, so the CR is ignored as the line isn't - really terminated until the LF comes. Treat a following CR -diff --git a/lib/http.c b/lib/http.c -index f7c71afd7d847..bc78ff97435c4 100644 ---- a/lib/http.c -+++ b/lib/http.c -@@ -3920,6 +3920,29 @@ static CURLcode verify_header(struct Curl_easy *data) - return CURLE_OK; - } - -+CURLcode Curl_bump_headersize(struct Curl_easy *data, -+ size_t delta, -+ bool connect_only) -+{ -+ size_t bad = 0; -+ if(delta < MAX_HTTP_RESP_HEADER_SIZE) { -+ if(!connect_only) -+ data->req.headerbytecount += (unsigned int)delta; -+ data->info.header_size += (unsigned int)delta; -+ if(data->info.header_size > MAX_HTTP_RESP_HEADER_SIZE) -+ bad = data->info.header_size; -+ } -+ else -+ bad = data->info.header_size + delta; -+ if(bad) { -+ failf(data, "Too large response headers: %zu > %zu", -+ bad, MAX_HTTP_RESP_HEADER_SIZE); -+ return CURLE_RECV_ERROR; -+ } -+ return CURLE_OK; -+} -+ -+ - /* - * Read any HTTP header lines from the server and pass them to the client app. - */ -@@ -4173,8 +4196,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, - if(result) - return result; - -- data->info.header_size += (long)headerlen; -- data->req.headerbytecount += (long)headerlen; -+ result = Curl_bump_headersize(data, headerlen, FALSE); -+ if(result) -+ return result; - - /* - * When all the headers have been parsed, see if we should give -@@ -4496,8 +4520,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, - if(result) - return result; - -- data->info.header_size += Curl_dyn_len(&data->state.headerb); -- data->req.headerbytecount += Curl_dyn_len(&data->state.headerb); -+ result = Curl_bump_headersize(data, Curl_dyn_len(&data->state.headerb), -+ FALSE); -+ if(result) -+ return result; - - Curl_dyn_reset(&data->state.headerb); - } -diff --git a/lib/http.h b/lib/http.h -index df3b4e38b8a88..4aeabc345938c 100644 ---- a/lib/http.h -+++ b/lib/http.h -@@ -64,6 +64,10 @@ extern const struct Curl_handler Curl_handler_wss; - - struct dynhds; - -+CURLcode Curl_bump_headersize(struct Curl_easy *data, -+ size_t delta, -+ bool connect_only); -+ - /* Header specific functions */ - bool Curl_compareheader(const char *headerline, /* line to check */ - const char *header, /* header keyword _with_ colon */ -@@ -183,6 +187,11 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data); - #define EXPECT_100_THRESHOLD (1024*1024) - #endif - -+/* MAX_HTTP_RESP_HEADER_SIZE is the maximum size of all response headers -+ combined that libcurl allows for a single HTTP response, any HTTP -+ version. This count includes CONNECT response headers. */ -+#define MAX_HTTP_RESP_HEADER_SIZE (300*1024) -+ - #endif /* CURL_DISABLE_HTTP */ - - /**************************************************************************** -diff --git a/lib/pingpong.c b/lib/pingpong.c -index f3f7cb93cb9b7..523bbec189fe6 100644 ---- a/lib/pingpong.c -+++ b/lib/pingpong.c -@@ -341,7 +341,9 @@ CURLcode Curl_pp_readresp(struct Curl_easy *data, - ssize_t clipamount = 0; - bool restart = FALSE; - -- data->req.headerbytecount += (long)gotbytes; -+ result = Curl_bump_headersize(data, gotbytes, FALSE); -+ if(result) -+ return result; - - pp->nread_resp += gotbytes; - for(i = 0; i < gotbytes; ptr++, i++) { -diff --git a/lib/urldata.h b/lib/urldata.h -index e5446b6840f63..d21aa415dc94b 100644 ---- a/lib/urldata.h -+++ b/lib/urldata.h -@@ -629,17 +629,16 @@ struct SingleRequest { - curl_off_t bytecount; /* total number of bytes read */ - curl_off_t writebytecount; /* number of bytes written */ - -- curl_off_t headerbytecount; /* only count received headers */ -- curl_off_t deductheadercount; /* this amount of bytes doesn't count when we -- check if anything has been transferred at -- the end of a connection. We use this -- counter to make only a 100 reply (without a -- following second response code) result in a -- CURLE_GOT_NOTHING error code */ -- - curl_off_t pendingheader; /* this many bytes left to send is actually - header and not body */ - struct curltime start; /* transfer started at this time */ -+ unsigned int headerbytecount; /* only count received headers */ -+ unsigned int deductheadercount; /* this amount of bytes doesn't count when -+ we check if anything has been transferred -+ at the end of a connection. We use this -+ counter to make only a 100 reply (without -+ a following second response code) result -+ in a CURLE_GOT_NOTHING error code */ - enum { - HEADER_NORMAL, /* no bad header at all */ - HEADER_PARTHEADER, /* part of the chunk is a bad header, the rest -@@ -1089,7 +1088,6 @@ struct PureInfo { - int httpversion; /* the http version number X.Y = X*10+Y */ - time_t filetime; /* If requested, this is might get set. Set to -1 if the - time was unretrievable. */ -- curl_off_t header_size; /* size of read header(s) in bytes */ - curl_off_t request_size; /* the amount of bytes sent in the request(s) */ - unsigned long proxyauthavail; /* what proxy auth types were announced */ - unsigned long httpauthavail; /* what host auth types were announced */ -@@ -1097,6 +1095,7 @@ struct PureInfo { - char *contenttype; /* the content type of the object */ - char *wouldredirect; /* URL this would've been redirected to if asked to */ - curl_off_t retry_after; /* info from Retry-After: header */ -+ unsigned int header_size; /* size of read header(s) in bytes */ - - /* PureInfo members 'conn_primary_ip', 'conn_primary_port', 'conn_local_ip' - and, 'conn_local_port' are copied over from the connectdata struct in diff --git a/SPECS/curl/curl.spec b/SPECS/curl/curl.spec deleted file mode 100644 index de517ce39e..0000000000 --- a/SPECS/curl/curl.spec +++ /dev/null @@ -1,208 +0,0 @@ -Summary: An URL retrieval utility and library -Name: curl -Version: 8.1.2 -Release: 4%{?dist} -License: MIT -URL: http://curl.haxx.se -Group: System Environment/NetworkingLibraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://curl.haxx.se/download/%{name}-%{version}.tar.xz -%define sha512 %{name}=532ab96eba6dea66d272f3be56f5af5c5da922480f9a10e203de98037c311f12f8145ba6bf813831e42815e068874ccfd108f84f7650743f5dbb3ebc3bc9c4f4 - -Patch0: curl-CVE-2023-38039.patch - -BuildRequires: ca-certificates -BuildRequires: openssl-devel -BuildRequires: krb5-devel -BuildRequires: libssh2-devel - -%if 0%{?with_check} -BuildRequires: python3 -%endif - -Requires: ca-certificates -Requires: openssl-libs -Requires: krb5 -Requires: libssh2 -Requires: %{name}-libs = %{version}-%{release} - -%description -The cURL package contains an utility and a library used for -transferring files with URL syntax to any of the following -protocols: FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, -DICT, LDAP, LDAPS and FILE. Its ability to both download and -upload files can be incorporated into other programs to support -functions like streaming media. - -%package devel -Summary: Libraries and header files for curl -Requires: %{name} = %{version}-%{release} - -%description devel -Static libraries and header files for the support library for curl - -%package libs -Summary: Libraries for curl -Group: System Environment/Libraries -Requires: ca-certificates-pki -Requires: libssh2 -Requires: krb5 - -%description libs -This package contains minimal set of shared curl libraries. - -%prep -%autosetup -p1 - -%build -%configure \ - CFLAGS="%{optflags}" \ - CXXFLAGS="%{optflags}" \ - --disable-static \ - --enable-threaded-resolver \ - --enable-hidden-symbols \ - --with-ssl \ - --with-gssapi \ - --with-libssh2 \ - --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt - -%make_build - -%install -%make_install %{?_smp_mflags} -install -v -d -m755 %{buildroot}%{_docdir}/%{name}-%{version} -%{_fixperms} %{buildroot}/* - -%if 0%{?with_check} -%check -%make_build check -%endif - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_mandir}/man1/* - -%files devel -%defattr(-,root,root) -%{_libdir}/*.so -%{_libdir}/pkgconfig/* -%{_includedir}/* -%{_mandir}/man3/* -%{_datadir}/aclocal/libcurl.m4 -%{_docdir}/%{name}-%{version} - -%files libs -%defattr(-,root,root) -%{_libdir}/libcurl.so.* - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 8.1.2-4 -- Bump version as a part of openssl upgrade -* Tue Sep 12 2023 Dweep Advani 8.1.2-3 -- Fix for CVE-2023-38039 -* Fri Jul 28 2023 Srish Srinivasan 8.1.2-2 -- Bump version as a part of krb5 upgrade -* Tue Jul 11 2023 Shreenidhi Shedi 8.1.2-1 -- Upgrade to v8.1.2 -* Wed Mar 08 2023 Shreenidhi Shedi 7.86.0-3 -- Require openssl-libs -* Thu Jan 26 2023 Ashwin Dayanand Kamat 7.86.0-2 -- Bump version as a part of krb5 upgrade -* Fri Oct 28 2022 Gerrit Photon 7.86.0-1 -- Automatic Version Bump -* Tue Jun 28 2022 Dweep Advani 7.84.0-1 -- Upgrade to latest version 7.84.0 to fix multiple CVEs -* Thu Jun 16 2022 Dweep Advani 7.83.1-1 -- Upgrade to 7.83.1 to fix multiple CVEs -* Mon Apr 18 2022 Gerrit Photon 7.82.0-1 -- Automatic Version Bump -* Fri Dec 10 2021 Harinadh D 7.78.0-4 -- Fix makecheck issues -* Fri Sep 17 2021 Satya Naga Vasamsetty 7.78.0-3 -- Bump up release for openssl -* Tue Sep 14 2021 Dweep Advani 7.78.0-2 -- Fixed CVE-2021-22945, CVE-2021-22946, CVE-2021-22947 -* Mon Aug 23 2021 Harinadh D 7.78.0-1 -- Version update -* Thu Aug 12 2021 Sujay G 7.77.0-3 -- Fix check_spec errors by replacing %setup with %autosetup -* Thu Jul 22 2021 Harinadh D 7.77.0-2 -- Fix CVE-2021-22924,CVE-2021-22925 -- Metalink disabled to fix CVE-2021-22922,CVE-2021-22923 -* Mon Jun 28 2021 Nitesh Kumar 7.77.0-1 -- Upgrade to 7.77.0, Fix for CVE-2021-22897 -* Fri May 21 2021 Harinadh D 7.75.0-2 -- Fix CVE-2021-22901, CVE-2021-22898 -* Mon Mar 29 2021 Harinadh D 7.75.0-1 -- Fix CVE-2021-22876, CVE-2021-22890 -* Wed Jan 13 2021 Siju Maliakkal 7.74.0-1 -- Upgrade to 7.74.0 -* Mon Dec 07 2020 Dweep Advani 7.72.0-3 -- Patched for CVE-2020-8284, CVE-2020-8285 and CVE-2020-8286 -* Tue Sep 29 2020 Satya Naga Vasamsetty 7.72.0-2 -- openssl 1.1.1 -* Tue Jul 14 2020 Gerrit Photon 7.72.0-1 -- Automatic Version Bump -* Wed Jun 17 2020 Ankit Jain 7.61.1-5 -- Fix for CVE-2020-8177 -* Thu Jun 04 2020 Tapas Kundu 7.61.1-4 -- Build with libmetalink support -* Tue Sep 24 2019 Dweep Advani 7.61.1-3 -- Fix CVEs CVE-2018-16890, CVE-2019-{3822/3823/5436/5481/5482} -* Tue Jan 08 2019 Dweep Advani 7.61.1-2 -- Fix of CVE-2018-16839, CVE-2018-16840 and CVE-2018-16842 -* Mon Sep 10 2018 Ajay Kaher 7.61.1-1 -- Upgraded to version 7.61.1 -* Wed Apr 04 2018 Dheeraj Shetty 7.59.0-1 -- Update to version 7.59.0 -* Thu Feb 08 2018 Xiaolin Li 7.58.0-1 -- Fix CVE-2017-8817. -* Thu Dec 21 2017 Xiaolin Li 7.56.1-2 -- Fix CVE-2017-8818. -* Wed Dec 13 2017 Xiaolin Li 7.56.1-1 -- Update to version 7.56.1 -* Mon Nov 27 2017 Xiaolin Li 7.54.1-4 -- Fix CVE-2017-1000257 -* Mon Nov 06 2017 Xiaolin Li 7.54.1-3 -- Fix CVE-2017-1000254 -* Thu Nov 02 2017 Xiaolin Li 7.54.1-2 -- Fix CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101 -* Tue Jul 11 2017 Divya Thaluru 7.54.1-1 -- Update to 7.54.1 -* Mon Apr 24 2017 Bo Gan 7.54.0-1 -- Update to 7.54.0 -* Fri Apr 14 2017 Alexey Makhalov 7.51.0-5 -- Added -libs subpackage -* Wed Dec 07 2016 Xiaolin Li 7.51.0-4 -- Added -devel subpackage. -* Wed Nov 30 2016 Xiaolin Li 7.51.0-3 -- Enable sftp support. -* Thu Nov 24 2016 Alexey Makhalov 7.51.0-2 -- Required krb5-devel. -* Wed Nov 02 2016 Anish Swaminathan 7.51.0-1 -- Upgrade curl to 7.51.0 -* Wed Oct 05 2016 ChangLee 7.50.3-2 -- Modified %check -* Thu Sep 15 2016 Xiaolin Li 7.50.3-1 -- Update curl to version 7.50.3. -* Tue Aug 23 2016 Xiaolin Li 7.47.1-3 -- Enable gssapi in curl. -* Tue May 24 2016 Priyesh Padmavilasom 7.47.1-2 -- GA - Bump release of all rpms -* Tue Feb 23 2016 Xiaolin Li 7.47.1-1 -- Updated to version 7.47.1 -* Thu Jan 14 2016 Xiaolin Li 7.46.0-1 -- Updated to version 7.46.0 -* Thu Aug 13 2015 Divya Thaluru 7.43.0-1 -- Update to version 7.43.0. -* Mon Apr 6 2015 Priyesh Padmavilasom 7.41.0-1 -- Update to version 7.41.0. diff --git a/SPECS/cve-check-tool/0001-Set-version-to-5.6.4.1.patch b/SPECS/cve-check-tool/0001-Set-version-to-5.6.4.1.patch deleted file mode 100644 index e661f549be..0000000000 --- a/SPECS/cve-check-tool/0001-Set-version-to-5.6.4.1.patch +++ /dev/null @@ -1,24 +0,0 @@ -From a7ada8ec40fe720a609c7e0e91e54f86e347a7b8 Mon Sep 17 00:00:00 2001 -From: Alexey Makhalov -Date: Tue, 29 Oct 2019 14:50:19 -0700 -Subject: [PATCH 1/9] Set version to 5.6.4.1 - -We consume latest version cve-check-tool from upstream repo, -with latest commit above 5.6.4 release. So mark this version as 5.6.4.1. ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 79c3542..a854902 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1,4 +1,4 @@ --AC_INIT([cve-check-tool], 5.6.4, [michael.i.doherty@intel.com], [cve-check-tool], [/~https://github.com/ikeydoherty/cve-check-tool]) -+AC_INIT([cve-check-tool], 5.6.4.1, [michael.i.doherty@intel.com], [cve-check-tool], [/~https://github.com/ikeydoherty/cve-check-tool]) - AM_INIT_AUTOMAKE([-Wno-portability no-dist-gzip dist-xz foreign subdir-objects]) - AC_PROG_CC - AC_PROG_CC_STDC --- -2.11.0 - diff --git a/SPECS/cve-check-tool/0002-Migrate-to-NVD-JSON-Feed-1.0.patch b/SPECS/cve-check-tool/0002-Migrate-to-NVD-JSON-Feed-1.0.patch deleted file mode 100644 index b1016313cf..0000000000 --- a/SPECS/cve-check-tool/0002-Migrate-to-NVD-JSON-Feed-1.0.patch +++ /dev/null @@ -1,754 +0,0 @@ -From 6d97926d1e442d90ce934044256ba291b9c19ee6 Mon Sep 17 00:00:00 2001 -From: Alexey Makhalov -Date: Tue, 29 Oct 2019 12:03:12 -0700 -Subject: [PATCH 2/9] Migrate to NVD JSON Feed 1.0 - -Origin: -/~https://github.com/clearlinux/cve-check-tool/pull/73/commits/3f90451b201f1587c7d601d0c8094274b7954358 - -Made it applicable on top of 5.6.4.1 version. - -Signed-off-by: Siju Maliakkal ---- - configure.ac | 7 +- - src/core.c | 481 +++++++++++++++++++++------------------------------ - src/library/common.h | 6 +- - src/library/util.c | 9 +- - src/library/util.h | 7 +- - src/update.c | 16 +- - 6 files changed, 216 insertions(+), 310 deletions(-) - -diff --git a/configure.ac b/configure.ac -index a854902..928804e 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -17,6 +17,7 @@ m4_define([gobject_required_version], [2.0]) - m4_define([check_required_version], [0.9]) - m4_define([json_required_version], [0.16.0]) - m4_define([openssl_required_version],[1.0.0]) -+m4_define([jansson_required_version], [2.6]) - # TODO: Set minimum sqlite - - AC_CHECK_FUNCS_ONCE(malloc_trim) -@@ -29,13 +30,15 @@ PKG_CHECK_MODULES(CVE_CHECK_TOOL, - libcurl >= curl_required_version, - gobject-2.0 >= gobject_required_version, - sqlite3, -- openssl >= openssl_required_version -+ openssl >= openssl_required_version, -+ jansson >= jansson_required_version - ]) - - PKG_CHECK_MODULES(MODULE_COMMON, - [ - libxml-2.0 >= libxml2_required_version, -- glib-2.0 >= glib_required_version -+ glib-2.0 >= glib_required_version, -+ jansson >= jansson_required_version - ]) - - PKG_CHECK_MODULES(CHECK, -diff --git a/src/core.c b/src/core.c -index 727ab8c..660e37e 100644 ---- a/src/core.c -+++ b/src/core.c -@@ -19,7 +19,7 @@ - #include - #include - #include --#include -+#include - #include - #include - #include -@@ -39,25 +39,7 @@ const char *nvd_dir = "NVDS"; - bool use_frac_compare = false; - - struct CveDB { -- /** XML traversal state */ -- bool in_list; -- bool in_entry; -- bool in_product; -- bool in_summary; -- -- bool in_link; -- bool in_vuln_cvss; -- bool in_base_metrics; -- bool in_score; -- bool in_vector; -- bool in_date; -- -- xmlChar *cur_id; -- xmlChar *summary; -- xmlChar *score; -- xmlChar *vector; -- xmlChar *modified; -- GList *uris; -+ const char *cur_id; - - /* SQL usage */ - sqlite3 *db; -@@ -88,7 +70,7 @@ static bool ensure_table(CveDB *self) - } - - query = "CREATE TABLE IF NOT EXISTS " TABLE_NAME " " -- "(ID TEXT UNIQUE, SUMMARY TEXT, SCORE TEXT, MODIFIED INTEGER, VECTOR TEXT);"; -+ "(ID TEXT UNIQUE, SUMMARY TEXT, SCORE DOUBLE, MODIFIED INTEGER, VECTOR TEXT);"; - rc = sqlite3_exec(self->db, query, NULL, NULL, &err); - if (rc != SQLITE_OK) { - fprintf(stderr, "ensure_table(): %s\n", err); -@@ -141,7 +123,7 @@ struct cve_entry_t *cve_db_get_cve(CveDB *self, char *id) - - t->id = g_strdup((const char*)sqlite3_column_text(self->get_cve, 0)); - t->summary = g_strdup((const char*)sqlite3_column_text(self->get_cve, 1)); -- t->score = g_strdup((const char*)sqlite3_column_text(self->get_cve, 2)); -+ t->score = g_strdup_printf("%f", sqlite3_column_double(self->get_cve, 2)); - t->modified = sqlite3_column_int64(self->get_cve, 3); - t->vector = g_strdup((const char*)sqlite3_column_text(self->get_cve, 4)); - -@@ -223,288 +205,228 @@ bail: - return list; - } - --static inline void free_vuln(struct vulnerability_t *t) --{ -- if (!t) { -- return; -- } -- if (t->vendor) { -- g_free(t->vendor); -- } -- if (t->product) { -- g_free(t->product); -- } -- if (t->version) { -- g_free(t->version); -- } -+ -+enum SqliteOrder { -+ SqliteOrderID = 1, -+ SqliteOrderSummary, -+ SqliteOrderScore, -+ SqliteOrderModified, -+ SqliteOrderVector -+}; -+ -+enum SqliteOrderVuln { -+ SqliteOrderVulnHash = 1, -+ SqliteOrderVulnID, -+ SqliteOrderVulnVendor, -+ SqliteOrderVulnProduct, -+ SqliteOrderVulnVersion -+}; -+ -+static void SqliteBindJsonText(sqlite3* db, sqlite3_stmt *stmt, size_t ordinal, json_t* str) { -+ if (sqlite3_bind_text(stmt, ordinal, json_string_value(str), -1, SQLITE_STATIC) != SQLITE_OK) -+ fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(db)); - } - --/** -- * Parse a CPE line into a consumable form -- * -- * @param inp cpe:/ identifier string -- * @param vuln Where to store the resulting vulnerability data -- * @return a boolean value, true if the operation succeeded -- */ --static bool parse_vuln(char *cve_id, const xmlChar* inp, struct vulnerability_t *vuln) --{ -- gchar *product = NULL; -- gchar *vendor = NULL; -- gchar *version = NULL; -- autofree(gchar) *hash = NULL; -+static void SqliteBindInt64(sqlite3* db, sqlite3_stmt *stmt, size_t ordinal, int64_t num) { -+ if (sqlite3_bind_int64(stmt, ordinal, num) != SQLITE_OK) -+ fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(db)); -+} -+static void SqliteBindJsonDouble(sqlite3* db, sqlite3_stmt *stmt, size_t ordinal, json_t* num) { -+ if (sqlite3_bind_double(stmt, ordinal, json_real_value(num)) != SQLITE_OK) -+ fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(db)); -+} - -- int len = 0; -- /* Example: cpe:/a:oracle:siebel_crm:8.1.1 */ -- gchar **splits = g_strsplit((const gchar*)inp, ":", 10); -- if ((len = g_strv_length(splits)) < 4) { -- g_strfreev(splits); -- return false; -- } -+static void SqliteBindJsonDescription(sqlite3* db, sqlite3_stmt *stmt, size_t ordinal, json_t* descr) { -+ json_t *data = json_object_get(descr, "description_data"); -+ size_t size = json_array_size(data); - -- vendor = g_strdup(splits[2]); -- product = g_strdup(splits[3]); -- if (len > 4) { -- version = g_strdup(splits[4]); -- } -- g_strfreev(splits); -+ for (size_t i = 0; i < size; ++i) { -+ json_t *item = json_array_get(data, i); -+ json_t *lang = json_object_get(item, "lang"); - -- vuln->vendor = vendor; -- vuln->product = product; -- vuln->version = version; -+ if (!strcmp(json_string_value(lang), "en")) { -+ json_t *value = json_object_get(item, "value"); - -- hash = g_strdup_printf("%s:%s:%s:%s", cve_id, vendor, product, version); -- if (!hash) { -- fprintf(stderr, "parse_vuln(): Out of memory\n"); -- free_vuln(vuln); -- return false; -+ SqliteBindJsonText(db, stmt, ordinal, value); -+ break; -+ } - } -- vuln->hash = g_str_hash(hash); -- -- return true; - } -+static void SqliteBindJsonCveMetadata(CveDB *self, size_t ordinal, json_t* descr) { -+ json_t* data = json_object_get(descr, "ID"); -+ const char* str = json_string_value(data); - --static inline void _cve_db_clean(CveDB *self) --{ -- if (self->uris) { -- g_list_free_full(self->uris, xmlFree); -- self->uris = NULL; -+ if (sqlite3_bind_text(self->insert, ordinal, str, -1, SQLITE_STATIC) != SQLITE_OK) { -+ fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); - } -+ /* Set current cve id for later use */ -+ self->cur_id = str; -+} - -- if (self->score) { -- xmlFree(self->score); -- self->score = NULL; -- } -- if (self->vector) { -- xmlFree(self->vector); -- self->vector = NULL; -- } -- if (self->cur_id) { -- xmlFree(self->cur_id); -- self->cur_id = NULL; -- } -- if (self->summary) { -- xmlFree(self->summary); -- self->summary = NULL; -+static void SqliteBindVuln(CveDB *self, struct vulnerability_t* vuln) { -+ autofree(gchar) *hash = NULL; -+ -+ if (vuln->version) { -+ hash = g_strdup_printf("%s:%s:%s:%s", self->cur_id, vuln->vendor, vuln->product, vuln->version); - } -- if (self->modified) { -- xmlFree(self->modified); -- self->modified = NULL; -+ else { -+ hash = g_strdup_printf("%s:%s:%s:*", self->cur_id, vuln->vendor, vuln->product); - } --} -+ vuln->hash = g_str_hash(hash); - --/** -- * Main iterator for XML parsing -- * -- * @param r A valid xmlTextReaderPtr (open) -- */ --static void process_node(CveDB *self, xmlTextReaderPtr r) --{ -- const xmlChar *name = NULL; -- const xmlChar *value = NULL; -- struct vulnerability_t vuln = {.vendor = 0}; -- xmlChar *uri = NULL; -- int64_t last_mod = -1; -- -- name = xmlTextReaderConstName(r); -- if (!name) { -- return; -+ -+ sqlite3_reset(self->insert_product); -+ -+ if (sqlite3_bind_int(self->insert_product, SqliteOrderVulnHash, vuln->hash) != SQLITE_OK) { -+ fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); - } -- /* New entry */ -- if (xmlStrEqual(name, BAD_CAST "entry")) { -- self->in_entry = !self->in_entry; -- if (!self->in_entry) { -- int rc = 0; -- last_mod = parse_xml_date((char*)self->modified); -- -- sqlite3_reset(self->insert); -- -- /* ID */ -- if (sqlite3_bind_text(self->insert, 1, (const char*)self->cur_id, -1, SQLITE_STATIC) != SQLITE_OK) { -- fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); -- goto next; -- } -- /* SUMMARY */ -- if (sqlite3_bind_text(self->insert, 2, (const char*)self->summary, -1, SQLITE_STATIC) != SQLITE_OK) { -- fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); -- goto next; -- } -- /* SCORE */ -- if (sqlite3_bind_text(self->insert, 3, (const char*)self->score, -1, SQLITE_STATIC) != SQLITE_OK) { -- fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); -- goto next; -- } -- /* MODIFIED */ -- if (sqlite3_bind_int64(self->insert, 4, last_mod)) { -- fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); -- goto next; -- } -- /* VECTOR */ -- if (sqlite3_bind_text(self->insert, 5, (const char*)self->vector, -1, SQLITE_STATIC) != SQLITE_OK) { -- fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); -- goto next; -- } -- -- rc = sqlite3_step(self->insert); -- if (rc != SQLITE_DONE) { -- fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); -- } --next: -- _cve_db_clean(self); -- return; -- } -- if (self->cur_id) { -- xmlFree(self->cur_id); -- } -- self->cur_id = xmlTextReaderGetAttribute(r, BAD_CAST "id"); -- return; -+ if (sqlite3_bind_text(self->insert_product, SqliteOrderVulnID, -+ self->cur_id, -1, SQLITE_STATIC) != SQLITE_OK) -+ { -+ fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); - } -- if (xmlStrEqual(name, BAD_CAST "vuln:references")) { -- self->in_link = !self->in_link; -- return; -+ if (sqlite3_bind_text(self->insert_product, SqliteOrderVulnVendor, -+ vuln->vendor, -1, SQLITE_STATIC) != SQLITE_OK) -+ { -+ fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); - } -- if (self->in_link && xmlStrEqual(name, BAD_CAST "vuln:reference")) { -- uri = xmlTextReaderGetAttribute(r, BAD_CAST "href"); -- if (!uri) { -- return; -- } -- self->uris = g_list_append(self->uris, uri); -- uri = NULL; -- } -- if (xmlStrEqual(name, BAD_CAST "vuln:vulnerable-software-list")) { -- self->in_list = !self->in_list; -- return; -+ if (sqlite3_bind_text(self->insert_product, SqliteOrderVulnProduct, -+ vuln->product, -1, SQLITE_STATIC) != SQLITE_OK) -+ { -+ fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); - } -- if (self->in_list && xmlStrEqual(name, BAD_CAST "vuln:product")) { -- self->in_product = !self->in_product; -- return; -+ if (sqlite3_bind_text(self->insert_product, SqliteOrderVulnVersion, -+ vuln->version, -1, SQLITE_STATIC) != SQLITE_OK) -+ { -+ fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); - } -- /* Score checking */ -- if (xmlStrEqual(name, BAD_CAST "vuln:cvss")) { -- self->in_vuln_cvss = !self->in_vuln_cvss; -- return; -+ -+ if (sqlite3_step(self->insert_product) != SQLITE_DONE) { -+ fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); - } -- if (self->in_vuln_cvss && xmlStrEqual(name, BAD_CAST "cvss:base_metrics")) { -- self->in_base_metrics = !self->in_base_metrics; -+} -+ -+static void process_versions(CveDB *self, json_t *r, struct vulnerability_t* vuln) { -+ size_t size = json_array_size(r); -+ -+ if (size == 0) { -+ vuln->version = NULL; -+ SqliteBindVuln(self, vuln); - return; - } -- if (self->in_base_metrics && xmlStrEqual(name, BAD_CAST "cvss:score")) { -- self->in_score = !self->in_score; -- } -- if (self->in_base_metrics && xmlStrEqual(name, BAD_CAST "cvss:access-vector")) { -- self->in_vector = !self->in_vector; -- } -- if (self->in_base_metrics && self->in_vector) { -- value = xmlTextReaderConstValue(r); -- if (!value) { -- return; -- } -- self->vector = xmlStrdup(value); -- } -- if (self->in_base_metrics && self->in_score) { -- value = xmlTextReaderConstValue(r); -- if (!value) { -- return; -- } -- self->score = xmlStrdup(value); -- } -- /* Get last modified */ -- if (xmlStrEqual(name, BAD_CAST "vuln:last-modified-datetime")) { -- self->in_date = !self->in_date; -- } -- if (self->in_date) { -- value = xmlTextReaderConstValue(r); -- if (!value) { -- return; -- } -- self->modified = xmlStrdup(value); -+ -+ for (size_t i = 0; i < size; ++i) { -+ json_t* version_node = json_array_get(r, i); -+ json_t* version_value = json_object_get(version_node, "version_value"); -+ -+ vuln->version = json_string_value(version_value); -+ -+ SqliteBindVuln(self, vuln); - } -- /* Product checking */ -- if (self->in_list && self->in_product) { -- value = xmlTextReaderConstValue(r); -- int rc = 0; -+} - -- if (!value) { -- return; -- } -- if (!parse_vuln((char*) self->cur_id, value, &vuln)) { -- return; -- } -+static void process_affects(CveDB *self, json_t *r) { -+ json_t *vendor = json_object_get(r, "vendor"); -+ json_t *vendor_data = json_object_get(vendor, "vendor_data"); -+ size_t size = json_array_size(vendor_data); - -- sqlite3_reset(self->insert_product); -+ struct vulnerability_t vuln; - -- /* HASH */ -- if (sqlite3_bind_int(self->insert_product, 1, vuln.hash) != SQLITE_OK) { -- fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); -- goto end_product; -- } -+ for (size_t v = 0; v < size; ++v) { -+ json_t *node = json_array_get(vendor_data, v); -+ json_t *vendor_name = json_object_get(node, "vendor_name"); - -- /* ID */ -- if (sqlite3_bind_text(self->insert_product, 2, (const char*)self->cur_id, -1, SQLITE_STATIC) != SQLITE_OK) { -- fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); -- goto end_product; -- } -- /* VENDOR */ -- if (sqlite3_bind_text(self->insert_product, 3, vuln.vendor, -1, SQLITE_STATIC) != SQLITE_OK) { -- fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); -- goto end_product; -- } -- /* PRODUCT */ -- if (sqlite3_bind_text(self->insert_product, 4, vuln.product, -1, SQLITE_STATIC) != SQLITE_OK) { -- fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); -- goto end_product; -- } -- /* VERSION */ -- if (sqlite3_bind_text(self->insert_product, 5, vuln.version, -1, SQLITE_STATIC) != SQLITE_OK) { -- fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); -- goto end_product; -- } -+ vuln.vendor = json_string_value(vendor_name); -+ -+ json_t *product = json_object_get(node, "product"); -+ json_t *product_data = json_object_get(product, "product_data"); -+ size_t products_size = json_array_size(product_data); -+ -+ for (size_t p = 0; p < products_size; ++p) { -+ json_t *product_node = json_array_get(product_data, p); -+ json_t *product_name = json_object_get(product_node, "product_name"); - -- /* Commit product. */ -- rc = sqlite3_step(self->insert_product); -- if (rc != SQLITE_DONE) { -- fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); -+ vuln.product = json_string_value(product_name); -+ -+ json_t *version = json_object_get(product_node, "version"); -+ json_t *version_data = json_object_get(version, "version_data"); -+ -+ process_versions(self, version_data, &vuln); - } -+ } -+} -+ -+static void process_cve(CveDB *self, json_t *r) { -+ json_t *cve_data_meta = json_object_get(r, "CVE_data_meta"); -+ json_t *description = json_object_get(r, "description"); -+ json_t *affects = json_object_get(r, "affects"); -+ -+ SqliteBindJsonCveMetadata(self, SqliteOrderID, cve_data_meta); -+ SqliteBindJsonDescription(self->db, self->insert, SqliteOrderSummary, description); -+ -+ process_affects(self, affects); -+} -+ -+static void process_impact(CveDB *self, json_t *r) { -+ json_t *metric = json_object_get(r, "baseMetricV2"); -+ json_t *cvss = json_object_get(metric, "cvssV2"); -+ json_t *score = json_object_get(cvss, "baseScore"); -+ json_t *vector = json_object_get(cvss, "accessVector"); -+ SqliteBindJsonDouble(self->db, self->insert, SqliteOrderScore, score); -+ SqliteBindJsonText (self->db, self->insert, SqliteOrderVector, vector); -+} -+ - --end_product: -- free_vuln(&vuln); -- return; -+static void process_last_modified(CveDB *self, json_t *r) { -+ const char *date = json_string_value(r); -+ int64_t last_mod = parse_date(date); -+ -+ SqliteBindInt64(self->db, self->insert, SqliteOrderModified, last_mod); -+} -+ -+static bool process_json(CveDB *self, json_t *r) { -+ json_t *cve_items = json_object_get(r, "CVE_Items"); -+ -+ size_t size = json_array_size(cve_items); -+ -+ if (size == 0) { -+ fprintf(stderr, "process_json(): 'CVE_Items array' not found or empty\n"); -+ return false; - } -- if (self->in_entry && xmlStrEqual(name, BAD_CAST "vuln:summary")) { -- self->in_summary = !self->in_summary; -- if (self->in_summary && self->summary) { -- xmlFree(self->summary); -- self->summary = NULL; -+ -+ for (size_t i = 0; i < size; ++i) { -+ sqlite3_reset(self->insert); -+ -+ json_t *node = json_array_get(cve_items, i); -+ -+ process_cve(self, json_object_get(node, "cve")); -+ process_last_modified(self, json_object_get(node, "lastModifiedDate")); -+ process_impact(self, json_object_get(node, "impact")); -+ -+ if (sqlite3_step(self->insert) != SQLITE_DONE) { -+ fprintf(stderr, "process_node(): %s\n", sqlite3_errmsg(self->db)); - } -- return; - } -- if (self->in_summary) { -- self->summary = xmlTextReaderValue(r); -- return; -+ -+ return true; -+} -+ -+static json_t *load_json(const char *filename) { -+ json_t *root; -+ json_error_t error; -+ -+ root = json_load_file(filename, 0, &error); -+ -+ if (root) { -+ return root; -+ } else { -+ fprintf(stderr, "Json error: %s:%d: %s\n", filename, error.line, error.text); -+ return (json_t*)0; - } - } - - /** -- * Parse an NVD xml database -+ * Parse an NVD json database - * - * @param fname Path to the nvd db - * @return a boolean value, true if the operation succeeded -@@ -517,34 +439,18 @@ bool cve_db_load(CveDB *self, const char *fname) - if (!self || !fname) { - return false; - } -- int fd = 0; -- -- fd = open(fname, O_RDONLY); -- if (fd < 0) { -- return false; -- } -- /* If it fails, it fails */ -- rc = posix_fadvise(fd, 0, 0, POSIX_FADV_SEQUENTIAL); -+ json_t* r = load_json(fname); - -- xmlTextReaderPtr r = xmlReaderForFd(fd, fname, NULL, 0); -- if (!r) { -- close(fd); -+ if (r == (json_t*)0) { - return false; - } -- int ret; -+ b = process_json(self, r); - -- while ((ret = xmlTextReaderRead(r)) > 0) { -- process_node(self, r); -- } -+ json_decref(r); - -- b = true; - #ifdef HAVE_MALLOC_TRIM - malloc_trim(0); - #endif -- xmlFreeTextReader(r); -- if (fd) { -- close(fd); -- } - - return b; - } -@@ -682,7 +588,6 @@ void cve_db_free(CveDB *self) - if (self->db) { - sqlite3_close(self->db); - } -- _cve_db_clean(self); - free(self); - } - -diff --git a/src/library/common.h b/src/library/common.h -index ee5663c..352ba1b 100644 ---- a/src/library/common.h -+++ b/src/library/common.h -@@ -33,9 +33,9 @@ typedef enum { - * Maps vulnerabilities into a consumable format - */ - struct vulnerability_t { -- gchar *product; /**str, 'T', tmp->len))) { - return -1; - } -- if (!(c = memchr(c, '-', tmp->len - (tmp->str -c)))) { -+ if (!(c = strpbrk(c, "+-Z"))) { - return -1; - } -- gint y, m, d, h, min, s; -- if (sscanf(date, "%4d-%2d-%2dT%2d:%2d:%2d", &y, &m, &d, -- &h, &min, &s) != 6) { -+ gint y, m, d, h = 0, min = 0, s = 0; -+ if (sscanf(date, "%4d-%2d-%2dT%2d:%2d:%2d", &y, &m, &d, &h, &min, &s) < 3) { - return -1; - } - tz = g_time_zone_new(c); -diff --git a/src/library/util.h b/src/library/util.h -index 2d549e9..fca9e3c 100644 ---- a/src/library/util.h -+++ b/src/library/util.h -@@ -17,7 +17,6 @@ - #include - #include - #include --#include - #include - #include - #include -@@ -55,12 +54,12 @@ gchar *demacro(CveHashmap *macros, gchar *str); - - - /** -- * Convert an XML formatted date into unix seconds -+ * Convert date into unix seconds - * -- * @param date XML input -+ * @param date input - * @return int64_t unix timestamp, or -1 if it doesn't parse - */ --int64_t parse_xml_date(const char *date); -+int64_t parse_date(const char *date); - - /** - * Search the repo source directory for all matching sources -diff --git a/src/update.c b/src/update.c -index 7c4d635..7442943 100644 ---- a/src/update.c -+++ b/src/update.c -@@ -39,7 +39,7 @@ - #include "update.h" - - #define YEAR_START 2002 --#define URI_PREFIX "https://static.nvd.nist.gov/feeds/xml/cve" -+#define URI_PREFIX "https://static.nvd.nist.gov/feeds/json/cve/1.0" - #include "fetch.h" - - #define UPDATE_THRESHOLD 7200 -@@ -104,10 +104,10 @@ cve_string *get_db_path(const char *path) - - static cve_string *nvdcve_make_fname(int year, const char *fext) - { -- if (year < 0) { -- return cve_string_dup_printf("nvdcve-2.0-Modified.%s", fext); -- } else { -- return cve_string_dup_printf("nvdcve-2.0-%d.%s", year, fext); -+ switch(year) { -+ case -2: return cve_string_dup_printf("nvdcve-1.0-recent.%s", fext); -+ case -1: return cve_string_dup_printf("nvdcve-1.0-modified.%s", fext); -+ default: return cve_string_dup_printf("nvdcve-1.0-%d.%s", year, fext); - } - } - -@@ -297,7 +297,7 @@ static int do_fetch_update(int year, const char *db_dir, CveDB *cve_db, - } - - /* Prepare NVD XML file/uri pathes */ -- nvd_xml = nvdcve_make_fname(year, "xml"); -+ nvd_xml = nvdcve_make_fname(year, "json"); - if (!nvd_xml) { - return ENOMEM; - } -@@ -456,8 +456,8 @@ bool update_db(bool quiet, const char *db_file, const char *cacert_file) - goto end; - } - -- for (int i = YEAR_START; i <= year+1; i++) { -- int y = i > year ? -1 : i; -+ for (int i = YEAR_START; i <= year + 2; i++) { -+ int y = i > year ? year - i : i; - int rc; - - rc = do_fetch_update(y, db_dir, cve_db, db_exist, !quiet, cacert_file); --- -2.11.0 - diff --git a/SPECS/cve-check-tool/0003-New-option-r-to-select-a-report-plugin.patch b/SPECS/cve-check-tool/0003-New-option-r-to-select-a-report-plugin.patch deleted file mode 100644 index 98fe50f16f..0000000000 --- a/SPECS/cve-check-tool/0003-New-option-r-to-select-a-report-plugin.patch +++ /dev/null @@ -1,178 +0,0 @@ -From da5e5d68da2c08aab7245c51117c48ed008470b7 Mon Sep 17 00:00:00 2001 -From: Alexey Makhalov -Date: Wed, 31 Aug 2016 11:11:31 +0000 -Subject: [PATCH 3/9] New option '-r' to select a report plugin - -Deprecate --csv and --no-html command line option, and -use single parameter to select output plugin -r -Available options: -r csv, -r cli, -r html. List of available -output plugins -r list. ---- - src/main.c | 69 +++++++++++++++++++++++++++++++++++++------------------------- - 1 file changed, 41 insertions(+), 28 deletions(-) - -diff --git a/src/main.c b/src/main.c -index 8593c17..5bb16c9 100644 ---- a/src/main.c -+++ b/src/main.c -@@ -283,8 +283,7 @@ static bool _show_version = false; - static bool skip_update = false; - static gchar *nvds = NULL; - static gchar *forced_type = NULL; --static bool no_html = false; --static bool csv_mode = false; -+static gchar *report_type = NULL; - static char *modified_stamp = NULL; - static gchar *mapping_file = NULL; - static gchar *output_file = NULL; -@@ -297,10 +296,9 @@ static GOptionEntry _entries[] = { - { "nvd-dir", 'd', 0, G_OPTION_ARG_STRING, &nvds, "NVD directory in filesystem", NULL }, - { "version", 'v', 0, G_OPTION_ARG_NONE, &_show_version, "Show version", NULL }, - { "type", 't', 0, G_OPTION_ARG_STRING, &forced_type, "Set package type to T", "T" }, -- { "no-html", 'N', 0, G_OPTION_ARG_NONE, &no_html, "Disable HTML report", NULL }, -+ { "report", 'r', 0, G_OPTION_ARG_STRING, &report_type, "Set report type to R", "R" }, - { "modified", 'm', 0, G_OPTION_ARG_STRING, &modified_stamp, "Ignore reports after modification date", "D" }, - { "srpm-dir", 's', 0, G_OPTION_ARG_STRING, &srpm_dir, "Source RPM directory", "S" }, -- { "csv", 'c', 0, G_OPTION_ARG_NONE, &csv_mode, "Output CSV formatted data only", NULL }, - { "mapping", 'M', 0, G_OPTION_ARG_STRING, &mapping_file, "Path to a mapping file", NULL}, - { "output-file", 'o', 0, G_OPTION_ARG_STRING, &output_file, "Path to the output file (output plugin specific)", NULL}, - { "use-fractional-compare", 'f', 0, G_OPTION_ARG_NONE, &use_frac_compare, "CVE version string fractional compare", NULL }, -@@ -387,7 +385,7 @@ end: - return ret; - } - --static gchar *supported_packages(GList *plugins) -+static gchar *supported_plugins(GList *plugins) - { - uint len; - CvePlugin *plugin = NULL; -@@ -400,7 +398,7 @@ static gchar *supported_packages(GList *plugins) - plugin = g_list_nth_data(plugins, 0); - - if (!asprintf(&r, "%s", plugin->name)) { -- fprintf(stderr, "supported_packages(): Out of memory\n"); -+ fprintf(stderr, "supported_plugins(): Out of memory\n"); - abort(); - } - -@@ -409,7 +407,7 @@ static gchar *supported_packages(GList *plugins) - - plugin = g_list_nth_data(plugins, i); - if (!asprintf(&t, "%s, %s", r, plugin->name)) { -- fprintf(stderr, "supported_packages(): Out of memory\n"); -+ fprintf(stderr, "supported_plugins(): Out of memory\n"); - abort(); - } - free(r); -@@ -479,6 +477,7 @@ int main(int argc, char **argv) - autofree(cve_string) *db_path = NULL; - autofree(CveDB) *cve_db = NULL; - GList *pkg_plugins = NULL; -+ GList *report_plugins = NULL; - int ret = EXIT_FAILURE; - CveToolInstance instance = { .pkg_plugin = NULL }; - time_t ti; -@@ -501,13 +500,10 @@ int main(int argc, char **argv) - goto cleanup_no_lock; - } - -- quiet = csv_mode || !no_html; - self->output_file = output_file; - self->cacert_file = cacert_file; - -- if (!csv_mode && self->output_file) { -- quiet = false; -- } -+ quiet = !self->output_file; - - if (_show_version) { - show_version(); -@@ -569,6 +565,12 @@ int main(int argc, char **argv) - goto cleanup; - } - -+ report_plugins = cve_plugin_get_by_cap(PLUGIN_TYPE_REPORT); -+ if (!report_plugins || g_list_length(report_plugins) < 1) { -+ fprintf(stderr, "Cannot find any reporting plugins on this system.\n"); -+ goto cleanup; -+ } -+ - if (srpm_dir) { - if (!cve_is_dir(srpm_dir)) { - fprintf(stderr, "srpm directory does not exist or is not a directory\n"); -@@ -581,7 +583,7 @@ int main(int argc, char **argv) - if (forced_type) { - if (g_str_equal(forced_type, "list")) { - /* Print a list of 'em */ -- autofree(gchar) *list = supported_packages(pkg_plugins); -+ autofree(gchar) *list = supported_plugins(pkg_plugins); - printf("Currently supported package types: %s\n", list); - goto cleanup; - } else { -@@ -599,6 +601,30 @@ int main(int argc, char **argv) - } - } - -+ if (!report_type) { -+ report_type = "html"; -+ } -+ if (g_str_equal(report_type, "list")) { -+ /* Print a list of 'em */ -+ autofree(gchar) *list = supported_plugins(report_plugins); -+ printf("Currently supported report types: %s\n", list); -+ goto cleanup; -+ } else { -+ report = cve_plugin_get_by_name(report_type); -+ if (!report) { -+ fprintf(stderr, "Plugin \'%s\' not found.\n", report_type); -+ goto cleanup; -+ } -+ if (!(report->flags & PLUGIN_TYPE_REPORT)) { -+ fprintf(stderr, "Plugin \'%s\' is not a PLUGIN_TYPE_REPORT.\n", report_type); -+ goto cleanup; -+ } -+ if (!report->report) { -+ fprintf(stderr, "No usable output module\n"); -+ goto cleanup; -+ } -+ } -+ - if (argc != 2) { - fprintf(stderr, "Usage: %s [path-to-source-spec|path-to-source-list-file]\n", argv[0]); - goto cleanup; -@@ -787,22 +813,6 @@ clean: - fprintf(stderr, "Scanned %d source file%s\n", size, size > 1 ? "s" : ""); - } - -- /* TODO: Switch to single output mode, with a report type set in -- * config and/or flags, i.e. -r html (preserve csv option though) -- */ -- if (csv_mode) { -- report = cve_plugin_get_by_name("csv"); -- } else if (!no_html) { -- report = cve_plugin_get_by_name("html"); -- } else { -- report = cve_plugin_get_by_name("cli"); -- } -- -- if (!report || !report->report) { -- fprintf(stderr, "No usable output module\n"); -- goto cleanup; -- } -- - if (!report->report(self)) { - fprintf(stderr, "Report generation failed\n"); - goto cleanup; -@@ -817,6 +827,9 @@ cleanup_no_lock: - if (pkg_plugins) { - g_list_free(pkg_plugins); - } -+ if (report_plugins) { -+ g_list_free(report_plugins); -+ } - if (self->db) { - g_hash_table_unref(self->db); - } --- -2.11.0 - diff --git a/SPECS/cve-check-tool/0004-Alternative-csv-output.patch b/SPECS/cve-check-tool/0004-Alternative-csv-output.patch deleted file mode 100644 index 1b50037fa3..0000000000 --- a/SPECS/cve-check-tool/0004-Alternative-csv-output.patch +++ /dev/null @@ -1,152 +0,0 @@ -From cb376fd00f9c5f0db03f861b3435aa02ea03dedd Mon Sep 17 00:00:00 2001 -From: Alexey Makhalov -Date: Wed, 31 Aug 2016 11:06:17 +0000 -Subject: [PATCH 4/9] Alternative csv output - ---- - src/plugins/Makefile.am | 1 + - src/plugins/output/csv2/Makefile.am | 16 +++++++ - src/plugins/output/csv2/csv2.c | 96 +++++++++++++++++++++++++++++++++++++ - 3 files changed, 113 insertions(+) - create mode 100644 src/plugins/output/csv2/Makefile.am - create mode 100644 src/plugins/output/csv2/csv2.c - -diff --git a/src/plugins/Makefile.am b/src/plugins/Makefile.am -index 0d56f8e..2c728af 100644 ---- a/src/plugins/Makefile.am -+++ b/src/plugins/Makefile.am -@@ -6,6 +6,7 @@ pkglib_LTLIBRARIES = - # Output plugins - include output/cli/Makefile.am - include output/csv/Makefile.am -+include output/csv2/Makefile.am - include output/html/Makefile.am - - # Packaging plugins -diff --git a/src/plugins/output/csv2/Makefile.am b/src/plugins/output/csv2/Makefile.am -new file mode 100644 -index 0000000..dd753d4 ---- /dev/null -+++ b/src/plugins/output/csv2/Makefile.am -@@ -0,0 +1,16 @@ -+pkglib_LTLIBRARIES += \ -+ csv2.la -+ -+csv2_la_SOURCES = \ -+ output/csv2/csv2.c -+ -+csv2_la_LIBADD = \ -+ $(MODULE_COMMON_LIBS) \ -+ ${top_builddir}/src/libcve.la -+ -+csv2_la_CFLAGS = \ -+ $(MODULE_COMMON_CFLAGS) \ -+ $(AM_CFLAGS) -+ -+csv2_la_LDFLAGS = \ -+ $(MODULE_FLAGS) -diff --git a/src/plugins/output/csv2/csv2.c b/src/plugins/output/csv2/csv2.c -new file mode 100644 -index 0000000..fe9f579 ---- /dev/null -+++ b/src/plugins/output/csv2/csv2.c -@@ -0,0 +1,96 @@ -+/* -+ * csv2.c - CSV output -+ * -+ * Copyright (C) 2016 Alexey Makhalov -+ * -+ * cve-check-tool is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ */ -+ -+#define _GNU_SOURCE -+ -+#include -+#include -+ -+#include "config.h" -+#include "util.h" -+#include "cve-check-tool.h" -+#include "plugin.h" -+ -+static bool csv_write_report(CveCheckTool *self) -+{ -+ GHashTableIter iter; -+ gchar *key = NULL; -+ struct source_package_t *v = NULL; -+ struct cve_entry_t *entry = NULL; -+ GList *c = NULL; -+ FILE *fd = NULL; -+ bool ret = false; -+ -+ if (self->output_file) { -+ fd = fopen(self->output_file, "w"); -+ if (!fd) { -+ fprintf(stderr, "Unable to open %s for writing: %s\n", self->output_file, strerror(errno)); -+ return false; -+ } -+ } else { -+ fd = stdout; -+ } -+ -+ /* CVE score|CVE number|package name|CVE summary */ -+ g_hash_table_iter_init(&iter, self->db); -+ while (g_hash_table_iter_next(&iter, (void**)&key, (void**)&v)) { -+ if (!v->issues && !v->patched && !self->show_unaffected) { -+ continue; -+ } -+ if (!v->issues && self->hide_patched) { -+ continue; -+ } -+ for (c = v->issues; c; c = c->next) { -+ entry = cve_db_get_cve(self->cve_db, (gchar*)c->data); -+ if (self->modified > 0 && entry->modified > self->modified) { -+ cve_free(entry); -+ continue; -+ } -+ if (fprintf(fd, "%s|%s|%s|%s\n", entry->score, entry->id, key, entry->summary) < 0) { -+ goto io_error; -+ } -+ } -+ } -+ -+ ret = true; -+ goto success; -+ -+io_error: -+ fprintf(stderr, "Error writing to file: %s\n", strerror(errno)); -+success: -+ ret = true; -+ if (fd != stdout && self->output_file) { -+ fclose(fd); -+ } -+ -+ return ret; -+} -+ -+_module_export_ bool cve_plugin_module_init(CvePlugin *self) -+{ -+ self->report = csv_write_report; -+ self->flags = PLUGIN_TYPE_REPORT; -+ self->name = "csv2"; -+ return true; -+} -+ -+/* -+ * Editor modelines - https://www.wireshark.org/tools/modelines.html -+ * -+ * Local variables: -+ * c-basic-offset: 8 -+ * tab-width: 8 -+ * indent-tabs-mode: nil -+ * End: -+ * -+ * vi: set shiftwidth=8 tabstop=8 expandtab: -+ * :indentSize=8:tabSize=8:noTabs=true: -+ */ --- -2.11.0 - diff --git a/SPECS/cve-check-tool/0005-Add-N-M-mapping-support.-Invert-key-values.patch b/SPECS/cve-check-tool/0005-Add-N-M-mapping-support.-Invert-key-values.patch deleted file mode 100644 index ecdb55c296..0000000000 --- a/SPECS/cve-check-tool/0005-Add-N-M-mapping-support.-Invert-key-values.patch +++ /dev/null @@ -1,113 +0,0 @@ -From a78313eee5af0619e94dc90a984ecdb1de3d5715 Mon Sep 17 00:00:00 2001 -From: Alexey Makhalov -Date: Thu, 10 Nov 2016 17:58:54 -0800 -Subject: [PATCH 5/9] Add N:M mapping support. Invert key-values. - ---- - src/core.c | 8 ++++---- - src/core.h | 5 +++-- - src/main.c | 28 +++++++++++++++++++++------- - 3 files changed, 28 insertions(+), 13 deletions(-) - -diff --git a/src/core.c b/src/core.c -index 660e37e..7af75b4 100644 ---- a/src/core.c -+++ b/src/core.c -@@ -130,10 +130,10 @@ struct cve_entry_t *cve_db_get_cve(CveDB *self, char *id) - return t; - } - --GList *cve_db_get_issues_frac_compare(CveDB *self, char *product, char *version) -+GList *cve_db_get_issues_frac_compare(CveDB *self, char *product, char *version, GList *in) - { - int rc = 0; -- GList *list = NULL; -+ GList *list = in; - int ret = 0; - - if (!self || !self->db) { -@@ -169,10 +169,10 @@ GList *cve_db_get_issues_frac_compare(CveDB *self, char *product, char *version) - return list; - } - --GList *cve_db_get_issues(CveDB *self, char *product, char *version) -+GList *cve_db_get_issues(CveDB *self, char *product, char *version, GList *in) - { - int rc = 0; -- GList *list = NULL; -+ GList *list = in; - - if (!self || !self->db) { - return NULL; -diff --git a/src/core.h b/src/core.h -index 48e295d..7a18b7d 100644 ---- a/src/core.h -+++ b/src/core.h -@@ -84,8 +84,9 @@ struct cve_entry_t *cve_db_get_cve(CveDB *db, char *id); - * - * @return A newly allocated list of strings if found, otherwise NULL - */ --GList *cve_db_get_issues(CveDB *db, char *product, char *version); --GList *cve_db_get_issues_frac_compare(CveDB *db, char *product, char *version); -+GList *cve_db_get_issues(CveDB *db, char *product, char *version, GList *in); -+GList *cve_db_get_issues_frac_compare(CveDB *db, char *product, char *version, -+ GList *in); - - /** - * Util to free a struct cve_entry_t -diff --git a/src/main.c b/src/main.c -index 5bb16c9..5ee6adb 100644 ---- a/src/main.c -+++ b/src/main.c -@@ -92,6 +92,8 @@ static void cve_add_package_internal(struct source_package_t *pkg) - GList *issues = NULL, *em = NULL; - gchar *cur_id = NULL; - gchar *q = NULL; -+ int i = 0; -+ gchar **t; - CvePlugin *pkg_plugin = self_priv->pkg_plugin; - - if (!pkg) { -@@ -107,11 +109,24 @@ static void cve_add_package_internal(struct source_package_t *pkg) - q = g_hash_table_lookup(self->mapping, pkg->name); - } - -- if (use_frac_compare) { -- issues = cve_db_get_issues_frac_compare(self->cve_db, q ? q : pkg->name, pkg->version); -- } else { -- issues = cve_db_get_issues(self->cve_db, q ? q : pkg->name, pkg->version); -- } -+ if (!q) -+ q = pkg->name; -+ -+ t = g_strsplit(q, " ", 10); -+ while (t[i]) { -+ if (strlen(t[i]) == 0) { -+ i++; -+ continue; -+ } -+ if (use_frac_compare) -+ issues = cve_db_get_issues_frac_compare(self->cve_db, -+ t[i], pkg->version, issues); -+ else -+ issues = cve_db_get_issues(self->cve_db, t[i], -+ pkg->version, issues); -+ i++; -+ } -+ g_strfreev(t); - - if (!issues) { - goto insert; -@@ -665,8 +680,7 @@ int main(int argc, char **argv) - fprintf(stderr, "Unable to load mapping string: %s\n", error->message); - goto cleanup; - } -- /* Reverse the mapping */ -- g_hash_table_insert(self->mapping, g_strdup(val), g_strdup(*c)); -+ g_hash_table_insert(self->mapping, g_strdup(*c), g_strdup(val)); - ++c; - } - } --- -2.11.0 - diff --git a/SPECS/cve-check-tool/0006-Mapping-supports-vendor-product-combination.patch b/SPECS/cve-check-tool/0006-Mapping-supports-vendor-product-combination.patch deleted file mode 100644 index fbee47b7e5..0000000000 --- a/SPECS/cve-check-tool/0006-Mapping-supports-vendor-product-combination.patch +++ /dev/null @@ -1,212 +0,0 @@ -From a99720ac804b91dfadee368b00b9c91bfb5aa409 Mon Sep 17 00:00:00 2001 -From: Alexey Makhalov -Date: Fri, 11 Nov 2016 04:22:35 +0000 -Subject: [PATCH 6/9] Mapping supports vendor:product combination - ---- - src/core.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++---------------- - src/core.h | 4 ++-- - src/main.c | 17 ++++++++++++--- - 3 files changed, 71 insertions(+), 23 deletions(-) - -diff --git a/src/core.c b/src/core.c -index 7af75b4..81fa8de 100644 ---- a/src/core.c -+++ b/src/core.c -@@ -45,7 +45,11 @@ struct CveDB { - sqlite3 *db; - sqlite3_stmt *insert; - sqlite3_stmt *insert_product; -- sqlite3_stmt *search_product; -+ /* -+ * index 0 - search by product -+ * index 1 - search by product and vendor -+ */ -+ sqlite3_stmt *search_product[2]; - sqlite3_stmt *get_cve; - }; - -@@ -130,32 +134,39 @@ struct cve_entry_t *cve_db_get_cve(CveDB *self, char *id) - return t; - } - --GList *cve_db_get_issues_frac_compare(CveDB *self, char *product, char *version, GList *in) -+GList *cve_db_get_issues_frac_compare(CveDB *self, char *vendor, char *product, char *version, GList *in) - { - int rc = 0; - GList *list = in; - int ret = 0; -+ int idx = vendor ? 1 : 0; - - if (!self || !self->db) { - return NULL; - } - -- sqlite3_reset(self->search_product); -+ sqlite3_reset(self->search_product[idx]); - -- if (sqlite3_bind_text(self->search_product, 1, product, -1, SQLITE_STATIC) != SQLITE_OK) { -+ if (sqlite3_bind_text(self->search_product[idx], 1, product, -1, SQLITE_STATIC) != SQLITE_OK) { - fprintf(stderr, "cve_db_get_issues_frac_compare(): %s\n", sqlite3_errmsg(self->db)); - return NULL; - } - -- while ((rc = sqlite3_step(self->search_product)) == SQLITE_ROW) { -- if ((const char *)sqlite3_column_text(self->search_product, 1) == NULL) /*skip over (null) product*/ -+ if (idx) -+ if (sqlite3_bind_text(self->search_product[idx], 2, vendor, -1, SQLITE_STATIC) != SQLITE_OK) { -+ fprintf(stderr, "cve_db_get_issues_frac_compare(): %s\n", sqlite3_errmsg(self->db)); -+ return NULL; -+ } -+ -+ while ((rc = sqlite3_step(self->search_product[idx])) == SQLITE_ROW) { -+ if ((const char *)sqlite3_column_text(self->search_product[idx], 1) == NULL) /*skip over (null) product*/ - continue; -- if ((const char *)sqlite3_column_text(self->search_product, 2) == NULL) /*skip over (null) version*/ -+ if ((const char *)sqlite3_column_text(self->search_product[idx], 2) == NULL) /*skip over (null) version*/ - continue; - -- ret = strverscmp(version, (const char *)sqlite3_column_text(self->search_product, 2)); -+ ret = strverscmp(version, (const char *)sqlite3_column_text(self->search_product[idx], 2)); - if (ret <= 0) { /* our version <= NVD version */ -- list = g_list_append(list, g_strdup((const char*)sqlite3_column_text(self->search_product, 0))); -+ list = g_list_append(list, g_strdup((const char*)sqlite3_column_text(self->search_product[idx], 0))); - } - } - -@@ -169,30 +180,38 @@ GList *cve_db_get_issues_frac_compare(CveDB *self, char *product, char *version, - return list; - } - --GList *cve_db_get_issues(CveDB *self, char *product, char *version, GList *in) -+GList *cve_db_get_issues(CveDB *self, char *vendor, char *product, char *version, GList *in) - { - int rc = 0; - GList *list = in; -+ int idx = vendor ? 1 : 0; - - if (!self || !self->db) { - return NULL; - } - -- sqlite3_reset(self->search_product); -+ sqlite3_reset(self->search_product[idx]); - - /* Product */ -- if (sqlite3_bind_text(self->search_product, 1, product, -1, SQLITE_STATIC) != SQLITE_OK) { -+ if (sqlite3_bind_text(self->search_product[idx], 1, product, -1, SQLITE_STATIC) != SQLITE_OK) { - fprintf(stderr, "cve_db_get_issues(): %s\n", sqlite3_errmsg(self->db)); - goto bail; - } - /* Version */ -- if (sqlite3_bind_text(self->search_product, 2, version, -1, SQLITE_STATIC) != SQLITE_OK) { -+ if (sqlite3_bind_text(self->search_product[idx], 2, version, -1, SQLITE_STATIC) != SQLITE_OK) { - fprintf(stderr, "cve_db_get_issues(): %s\n", sqlite3_errmsg(self->db)); - goto bail; - } - -- while ((rc = sqlite3_step(self->search_product) == SQLITE_ROW)) { -- list = g_list_append(list, g_strdup((const gchar*)sqlite3_column_text(self->search_product, 0))); -+ /* Version */ -+ if (idx) -+ if (sqlite3_bind_text(self->search_product[idx], 3, vendor, -1, SQLITE_STATIC) != SQLITE_OK) { -+ fprintf(stderr, "cve_db_get_issues(): %s\n", sqlite3_errmsg(self->db)); -+ goto bail; -+ } -+ -+ while ((rc = sqlite3_step(self->search_product[idx]) == SQLITE_ROW)) { -+ list = g_list_append(list, g_strdup((const gchar*)sqlite3_column_text(self->search_product[idx], 0))); - } - if (rc != SQLITE_OK) { - fprintf(stderr, "cve_db_get_issues(): %s\n", sqlite3_errmsg(self->db)); -@@ -551,7 +570,22 @@ CveDB *cve_db_new(const char *path) - cve_db_free(ret); - return NULL; - } -- ret->search_product = stm; -+ ret->search_product[0] = stm; -+ stm = NULL; -+ -+ /* Search product and vendor. */ -+ if (use_frac_compare) { -+ q = "select ID, PRODUCT, VERSION from PRODUCTS where PRODUCT = ? and VENDOR = ?"; -+ } else { -+ q = "SELECT ID FROM PRODUCTS WHERE PRODUCT = ? AND VERSION = ? COLLATE NOCASE and VENDOR = ?"; -+ } -+ rc = sqlite3_prepare_v2(ret->db, q, -1, &stm, NULL); -+ if (rc != SQLITE_OK) { -+ fprintf(stderr, "cve_db_new(): %s\n", sqlite3_errmsg(ret->db)); -+ cve_db_free(ret); -+ return NULL; -+ } -+ ret->search_product[1] = stm; - stm = NULL; - - /* Get CVE. */ -@@ -579,8 +613,11 @@ void cve_db_free(CveDB *self) - if (self->insert_product) { - sqlite3_finalize(self->insert_product); - } -- if (self->search_product) { -- sqlite3_finalize(self->search_product); -+ if (self->search_product[0]) { -+ sqlite3_finalize(self->search_product[0]); -+ } -+ if (self->search_product[1]) { -+ sqlite3_finalize(self->search_product[1]); - } - if (self->get_cve) { - sqlite3_finalize(self->get_cve); -diff --git a/src/core.h b/src/core.h -index 7a18b7d..4cdc785 100644 ---- a/src/core.h -+++ b/src/core.h -@@ -84,8 +84,8 @@ struct cve_entry_t *cve_db_get_cve(CveDB *db, char *id); - * - * @return A newly allocated list of strings if found, otherwise NULL - */ --GList *cve_db_get_issues(CveDB *db, char *product, char *version, GList *in); --GList *cve_db_get_issues_frac_compare(CveDB *db, char *product, char *version, -+GList *cve_db_get_issues(CveDB *db, char *vendor, char *product, char *version, GList *in); -+GList *cve_db_get_issues_frac_compare(CveDB *db, char *vendor, char *product, char *version, - GList *in); - - /** -diff --git a/src/main.c b/src/main.c -index 5ee6adb..26bfd1e 100644 ---- a/src/main.c -+++ b/src/main.c -@@ -114,16 +114,27 @@ static void cve_add_package_internal(struct source_package_t *pkg) - - t = g_strsplit(q, " ", 10); - while (t[i]) { -+ gchar **p; -+ gchar *vendor, *product; - if (strlen(t[i]) == 0) { - i++; - continue; - } -+ p = g_strsplit(t[i], ":", 2); -+ if (p[1]) { -+ vendor = p[0]; -+ product = p[1]; -+ } else { -+ vendor = NULL; -+ product = p[0]; -+ } - if (use_frac_compare) - issues = cve_db_get_issues_frac_compare(self->cve_db, -- t[i], pkg->version, issues); -+ vendor, product, pkg->version, issues); - else -- issues = cve_db_get_issues(self->cve_db, t[i], -- pkg->version, issues); -+ issues = cve_db_get_issues(self->cve_db, vendor, -+ product, pkg->version, issues); -+ g_strfreev(p); - i++; - } - g_strfreev(t); --- -2.11.0 - diff --git a/SPECS/cve-check-tool/0007-Search-for-CVE-xxxx-xxxx-comment-in-.spec-parser.patch b/SPECS/cve-check-tool/0007-Search-for-CVE-xxxx-xxxx-comment-in-.spec-parser.patch deleted file mode 100644 index 4e8bc08f3b..0000000000 --- a/SPECS/cve-check-tool/0007-Search-for-CVE-xxxx-xxxx-comment-in-.spec-parser.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 3091e664abdbac26e64e759c88fc64fb0bbb67a3 Mon Sep 17 00:00:00 2001 -From: Alexey Makhalov -Date: Fri, 23 Dec 2016 00:35:07 -0800 -Subject: [PATCH 7/9] Search for CVE-xxxx-xxxx comment in .spec parser - ---- - src/plugins/packaging/rpm/rpm.c | 31 +++++++++++++++++++++++++++++-- - 1 file changed, 29 insertions(+), 2 deletions(-) - -diff --git a/src/plugins/packaging/rpm/rpm.c b/src/plugins/packaging/rpm/rpm.c -index 8b2cc01..2778503 100644 ---- a/src/plugins/packaging/rpm/rpm.c -+++ b/src/plugins/packaging/rpm/rpm.c -@@ -53,6 +53,7 @@ struct source_package_t *rpm_inspect_spec(const char *filename) - autofree(gchar) *release = NULL; - autofree(CveHashmap) *macros = NULL; - GList *lpatches = NULL; -+ char *cve_patch_name = NULL; - - while ((read = g_data_input_stream_read_line(dis, NULL, NULL, NULL)) != NULL) { - autofree(gstrv) *strv = NULL; -@@ -61,6 +62,27 @@ struct source_package_t *rpm_inspect_spec(const char *filename) - - read = g_strstrip(read); - -+ /* assign comment like #fix for CVE-xxxx-xxxx for the next PatchX: line */ -+ if (g_str_has_prefix(read, "#")) { -+ char *ptr; -+ autofree(gchar) *str = g_ascii_strdown(read, -1); -+ if (cve_patch_name) -+ g_free(cve_patch_name); -+ cve_patch_name = NULL; -+ ptr = g_strstr_len(str, -1, "cve-"); -+ if (ptr && (strlen(ptr) > 12) && g_ascii_isdigit(ptr[4]) && g_ascii_isdigit(ptr[5]) && -+ g_ascii_isdigit(ptr[6]) && g_ascii_isdigit(ptr[7]) && (ptr[8] == '-') && -+ g_ascii_isdigit(ptr[9]) && g_ascii_isdigit(ptr[10]) && g_ascii_isdigit(ptr[11]) && -+ g_ascii_isdigit(ptr[12])) { -+ autofree(gchar) *cvenum = g_strndup(ptr, 13); -+ cve_patch_name = g_strdup_printf("%s.patch", cvenum); -+ } -+ } else if (!str_has_iprefix(read, "Patch")) { -+ if (cve_patch_name) -+ g_free(cve_patch_name); -+ cve_patch_name = NULL; -+ } -+ - if (g_str_has_prefix(read, "%define") || g_str_has_prefix(read, "%global")) { - strv = g_strsplit(read, " ", 3); - if (g_strv_length(strv) != 3) { -@@ -151,12 +173,17 @@ struct source_package_t *rpm_inspect_spec(const char *filename) - g_critical("Memory allocation failure"); - goto clean; - } -+ -+ if (cve_patch_name == NULL) -+ cve_patch_name = g_strdup(value); -+ - if (g_strv_length(splits) == 1 || !splits[1] || g_str_equal(splits[1], "")) { -- cve_hashmap_put(patches, g_strdup("0"), g_strdup(value)); -+ cve_hashmap_put(patches, g_strdup("0"), cve_patch_name); - - } else { -- cve_hashmap_put(patches, g_strdup(splits[1]), g_strdup(value)); -+ cve_hashmap_put(patches, g_strdup(splits[1]), cve_patch_name); - } -+ cve_patch_name = NULL; - - /* Store .nopatch in the pkg->extra */ - if (str_has_isuffix(value, ".nopatch")) { --- -2.11.0 - diff --git a/SPECS/cve-check-tool/0008-String-ignoring-case.patch b/SPECS/cve-check-tool/0008-String-ignoring-case.patch deleted file mode 100644 index 2191228daa..0000000000 --- a/SPECS/cve-check-tool/0008-String-ignoring-case.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 95e9b8f574829c17d5f77c96bf166d3648703be7 Mon Sep 17 00:00:00 2001 -From: Alexey Makhalov -Date: Tue, 29 Oct 2019 11:56:38 -0700 -Subject: [PATCH 8/9] String ignoring case - ---- - src/update.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/update.c b/src/update.c -index 7442943..a9ef2b5 100644 ---- a/src/update.c -+++ b/src/update.c -@@ -188,7 +188,7 @@ static bool nvdcve_data_ok(const char *meta, const char *data) - snprintf(&csum_data[idx], len, "%02hhx", digest[i]); - } - -- ret = streq(csum_meta, csum_data); -+ ret = !strcasecmp(csum_meta, csum_data); - - err_unmap: - munmap(buffer, length); --- -2.11.0 - diff --git a/SPECS/cve-check-tool/0009-Check-database.patch b/SPECS/cve-check-tool/0009-Check-database.patch deleted file mode 100644 index a564380361..0000000000 --- a/SPECS/cve-check-tool/0009-Check-database.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 2705944c84fbed10c396281a87c99a7ba45cd1f9 Mon Sep 17 00:00:00 2001 -From: Alexey Makhalov -Date: Tue, 29 Oct 2019 11:57:09 -0700 -Subject: [PATCH 9/9] Check database - ---- - tests/check-database.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/check-database.c b/tests/check-database.c -index 9987945..f4fc8e6 100644 ---- a/tests/check-database.c -+++ b/tests/check-database.c -@@ -58,7 +58,7 @@ START_TEST(cve_database_fetch) - fail_if(!cve_db_load(db, TOP_DIR "/tests/dummy_data/nvdcve-2.0-2002.xml"), - "Failed to load database"); - -- ret = cve_db_get_issues(db, "ssleay", "0.9"); -+ ret = cve_db_get_issues(db, NULL, "ssleay", "0.9", NULL); - fail_if(!ret, "Failed to get issues list for ssleay"); - - fail_if(g_list_length(ret) != 2, "Incorrect issue count for ssleay"); --- -2.11.0 - diff --git a/SPECS/cve-check-tool/cve-check-tool.spec b/SPECS/cve-check-tool/cve-check-tool.spec deleted file mode 100644 index 08da4cac12..0000000000 --- a/SPECS/cve-check-tool/cve-check-tool.spec +++ /dev/null @@ -1,125 +0,0 @@ -Summary: cve-check-tool, as its name suggests, is a tool for checking known (public) CVEs. -Name: cve-check-tool -Version: 5.6.4.1 -Release: 17%{?dist} -Group: System Environment/Security -License: GPLv2 -URL: /~https://github.com/ikeydoherty/cve-check-tool -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/clearlinux/cve-check-tool/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=1d46b764b6a58b7240c1a37443b350515606d97df130ed6455e1655dc84ee0e685673669cc1aa1515c6b5290003a5d555c9d5c94a905804e74edcfe20df395d5 - -Source1: packages-mapping.cfg - -Patch0: 0001-Set-version-to-5.6.4.1.patch -Patch1: 0002-Migrate-to-NVD-JSON-Feed-1.0.patch -Patch2: 0003-New-option-r-to-select-a-report-plugin.patch -Patch3: 0004-Alternative-csv-output.patch -Patch4: 0005-Add-N-M-mapping-support.-Invert-key-values.patch -Patch5: 0006-Mapping-supports-vendor-product-combination.patch -Patch6: 0007-Search-for-CVE-xxxx-xxxx-comment-in-.spec-parser.patch -Patch7: 0008-String-ignoring-case.patch -Patch8: 0009-Check-database.patch - -# We always run autogen.sh -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: libtool -BuildRequires: json-glib-devel -BuildRequires: check -BuildRequires: libxml2-devel -BuildRequires: sqlite-devel -BuildRequires: curl-devel -BuildRequires: openssl-devel -BuildRequires: jansson-devel - -Requires: libxml2 -Requires: curl -Requires: jansson -Requires: openssl -Requires: sqlite - -%global security_hardening nonow - -%description -The tool will identify potentially vunlnerable software packages within Linux distributions through version matching. Where possible it will also seek to determine (through a distribution implemention) if a vulnerability has been addressed by way of a patch. - -%prep -%autosetup -p1 - -%build -./autogen.sh -export CFLAGS="-w -g" -%make_build - -%install -%make_install %{?_smp_mflags} -install -m644 %{SOURCE1} %{buildroot}%{_datadir}/%{name} - -%if 0%{?with_check} -%check -make %{?_smp_mflags} check -%endif - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root,-) -%{_bindir}/cve-check-* -%{_libdir}/%{name}/* -%{_datadir}/%{name}/* -%doc %{_mandir}/man1/* - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 5.6.4.1-17 -- Bump version as a part of openssl upgrade -* Wed Apr 19 2023 Ashwin Dayanand Kamat 5.6.4.1-16 -- Bump version as a part of libxml2 upgrade -* Wed Jan 11 2023 Oliver Kurth 5.6.4.1-15 -- bump release as part of sqlite update -* Sat Jul 30 2022 Shreenidhi Shedi 5.6.4.1-14 -- Bump version as a part of sqlite upgrade -* Wed Aug 04 2021 Satya Naga Vasamsetty 5.6.4.1-13 -- Bump up release for openssl -* Tue Sep 29 2020 Satya Naga Vasamsetty 5.6.4.1-12 -- openssl 1.1.1 -* Tue Oct 29 2019 Alexey Makhalov 5.6.4.1-11 -- JSON feed support. -* Tue Sep 12 2017 Dheeraj Shetty 5.6.4.1-10 -- Added the patch to check-database to correct the func signature -* Wed Apr 26 2017 Siju Maliakkal 5.6.4.1-9 -- Added the patch for ignoring case of digest digits -* Thu Apr 06 2017 Anish Swaminathan 5.6.4.1-8 -- Remove vault entry from package mapping file -* Thu Dec 22 2016 Alexey Makhalov 5.6.4.1-7 -- Add more entries in package mapping file -- Improve jdk/jre version parsing -- Improve .spec parser to search comment with CVE-xxxx-xxxx mentioning -* Wed Dec 07 2016 Xiaolin Li 5.6.4.1-6 -- BuildRequires curl-devel. -* Wed Nov 16 2016 Alexey Makhalov 5.6.4.1-5 -- Use sqlite-devel -* Thu Nov 10 2016 Alexey Makhalov 5.6.4.1-4 -- 0004-Mapping-supports-vendor-product-combination.patch - to support package=vendor:product mapping -* Fri Oct 28 2016 Alexey Makhalov 5.6.4.1-3 -- N-to-M-mapping-support.patch - reverse key-values in the mapping file. Photon package name as a key - and NVD product name(s) as a value. -- mapping: added python[23]->python and curl->curl libcurl -* Wed Oct 05 2016 ChangLee 5.6.4.1-2 -- Modified %check -* Wed Aug 31 2016 Alexey Makhalov 5.6.4.1-1 -- Update to version 5.6.4.1 (commit 72e272d) -- Add packages mapping file for Photon OS -- new option '-r' to select report plugin to use -- csv2-output-plugin.patch for alternative csv output -* Tue May 24 2016 Priyesh Padmavilasom 5.6.2-2 -- GA - Bump release of all rpms -* Wed Feb 24 2016 Kumar Kaushik -- Updating version to 5.6.2. -* Wed Jul 29 2015 Luis Zuniga -- Added new version of cve-check-tool diff --git a/SPECS/cve-check-tool/packages-mapping.cfg b/SPECS/cve-check-tool/packages-mapping.cfg deleted file mode 100644 index b55e00ad45..0000000000 --- a/SPECS/cve-check-tool/packages-mapping.cfg +++ /dev/null @@ -1,47 +0,0 @@ -[Mapping] -Linux-PAM=linux-pam -NetworkManager=network-manager -XML-Parser=xml_parser -apache-maven=apache:maven -apache-tomcat=apache:tomcat -atftp=atftpd -audit=linux:audit -curl=curl libcurl -dbus=d-bus_project:d-bus -flex=flex_project:flex -httpd=apache:http_server -linux=linux_kernel -openjdk=oracle:jdk -openjdk8=oracle:jdk -python2=python -python3=python -wget=gnu:wget -cracklib=cracklib_project:cracklib -sqlite-autoconf=sqlite:sqlite -krb5=mit:kerberos -xerces-c=apache:xerces-c++ -nss=mozilla:network_security_services -xml-security-c=apache:xml_security_for_c++ -bash=gnu:bash -libselinux=selinux_project:selinux -coreutils=gnu:coreutils -lz4=lz4:lz4 -bindutils=isc:bind -nfs-utils=linux-nfs:nfs-utils -db=oracle:oracle_berkeley_db -freetype2=freetype:freetype2 -libdb=oracle:oracle_berkeley_db -git=git:git -subversion=apache:subversion -apr=apache:portable_runtime -pmd=vmware:pmd -libmspack=libmspack_project:libmspack -PyYAML=pyyaml -kubernetes=kubernetes:kubernetes -python-requests=python-requests:requests -jq=jq_project:jq -docker=moby:moby -zeromq=zeromq:libzmq -fleet=coreos:fleet -openssl=openssl:openssl -nxtgn-openssl=openssl:openssl diff --git a/SPECS/cyrus-sasl/cyrus-sasl.spec b/SPECS/cyrus-sasl/cyrus-sasl.spec deleted file mode 100644 index 81a6d875e0..0000000000 --- a/SPECS/cyrus-sasl/cyrus-sasl.spec +++ /dev/null @@ -1,201 +0,0 @@ -%define socket_dir /run/saslauthd - -Summary: Cyrus Simple Authentication Service Layer (SASL) library -Name: cyrus-sasl -Version: 2.1.28 -Release: 5%{?dist} -License: Custom -URL: /~https://github.com/cyrusimap/cyrus-sasl -Group: System Environment/Security -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/cyrusimap/cyrus-sasl/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz -%define sha512 %{name}=dbf908f3d08d97741e7bbee1943f7ed6cce14b30b23a255b41e1a44c317926d1e17394f9a11f2ed4c453f76e2c690eb5adcad3cb04c4ca573c6092da05e1e567 - -BuildRequires: systemd-devel -BuildRequires: openssl-devel -BuildRequires: krb5-devel >= 1.12 -BuildRequires: e2fsprogs-devel -BuildRequires: Linux-PAM-devel - -Requires: openssl -Requires: krb5 >= 1.12 -Requires: Linux-PAM -Requires: systemd - -%description -The Cyrus SASL package contains a Simple Authentication and Security -Layer, a method for adding authentication support to -connection-based protocols. To use SASL, a protocol includes a command -for identifying and authenticating a user to a server and for -optionally negotiating protection of subsequent protocol interactions. -If its use is negotiated, a security layer is inserted between the -protocol and the connection. - -%package devel -Requires: %{name} = %{version}-%{release} -Requires: pkg-config -Summary: Files needed for developing applications with Cyrus SASL - -%description devel -The %{name}-devel package contains files needed for developing and -compiling applications which use the Cyrus SASL library. - -%prep -%autosetup -p1 -n %{name}-%{name}-%{version} - -%build -sh ./autogen.sh -%configure \ - CFLAGS="%{optflags} -fPIC" \ - CXXFLAGS="%{optflags}" \ - --with-plugindir=%{_libdir}/sasl2 \ - --without-dblib \ - --with-saslauthd=%{socket_dir} \ - --without-authdaemond \ - --disable-macos-framework \ - --disable-sample \ - --disable-digest \ - --disable-otp \ - --enable-plain \ - --enable-login \ - --disable-anon \ - --enable-srp \ - --enable-gss_mutexes \ - --disable-static \ - --enable-shared \ - --enable-fast-install \ - --enable-krb4 - -%make_build - -%install -%make_install %{?_smp_mflags} -%{_fixperms} %{buildroot}/* - -mkdir -p %{buildroot}%{_sysconfdir}/sysconfig -cat << EOF >> %{buildroot}%{_sysconfdir}/sysconfig/saslauthd -# Directory in which to place saslauthd's listening socket, pid file, and so -# on. This directory must already exist. -SOCKETDIR=%{socket_dir} - -# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list -# of which mechanism your installation was compiled with the ablity to use. -MECH=pam - -# Additional flags to pass to saslauthd on the command line. See saslauthd(8) -# for the list of accepted flags. -FLAGS= -EOF - -mkdir -p %{buildroot}%{_unitdir} -cat << EOF >> %{buildroot}%{_unitdir}/saslauthd.service -[Unit] -Description=SASL authentication daemon. - -[Service] -Type=forking -PIDFile=%{socket_dir}/saslauthd.pid -EnvironmentFile=%{_sysconfdir}/sysconfig/saslauthd -ExecStart=%{_sbindir}/saslauthd -m \$SOCKETDIR -a \$MECH \$FLAGS -RuntimeDirectory=saslauthd - -[Install] -WantedBy=multi-user.target -EOF - -install -vdm755 %{buildroot}%{_presetdir} -echo "disable saslauthd.service" > %{buildroot}%{_presetdir}/50-saslauthd.preset - -%if 0%{?with_check} -%check -make %{?_smp_mflags} check -%endif - -%post -/sbin/ldconfig -%systemd_post saslauthd.service - -%postun -/sbin/ldconfig -%systemd_postun_with_restart saslauthd.service - -%preun -%systemd_preun saslauthd.service - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_sysconfdir}/sysconfig/saslauthd -%{_unitdir}/saslauthd.service -%{_presetdir}/50-saslauthd.preset -%{_libdir}/*.so.* -%{_libdir}/sasl2/*.so.* -%{_sbindir}/* - -%files devel -%defattr(-,root,root) -%{_libdir}/*.so -%{_libdir}/sasl2/*.so -%{_mandir}/man3/* -%{_mandir}/man8/saslauthd.8.gz -%{_mandir}/man8/testsaslauthd.8.gz -%{_libdir}/pkgconfig/* -%{_includedir}/* - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 2.1.28-5 -- Bump version as a part of openssl upgrade -* Fri Jul 28 2023 Srish Srinivasan 2.1.28-4 -- Bump version as a part of krb5 upgrade -* Tue Feb 07 2023 Shreenidhi Shedi 2.1.28-3 -- Add devel sub package -* Thu Jan 26 2023 Ashwin Dayanand Kamat 2.1.28-2 -- Bump version as a part of krb5 upgrade -* Mon Apr 18 2022 Gerrit Photon 2.1.28-1 -- Automatic Version Bump -* Fri Mar 04 2022 Nitesh Kumar 2.1.27-6 -- Fix CVE-2022-24407 -* Thu Sep 02 2021 Satya Naga Vasamsetty 2.1.27-5 -- Bump up release for openssl -* Fri Oct 30 2020 Satya Naga Vasamsetty 2.1.27-4 -- Fix CVE-2019-19906 -* Mon Oct 05 2020 Tapas Kundu 2.1.27-3 -- Enable login and plain -* Tue Sep 01 2020 Satya Naga Vasamsetty 2.1.27-2 -- Make openssl 1.1.1 compatible -* Mon Aug 17 2020 Gerrit Photon 2.1.27-1 -- Automatic Version Bump -* Thu Nov 15 2018 Alexey Makhalov 2.1.26-15 -- Cross compilation support -* Tue Nov 21 2017 Anish Swaminathan 2.1.26-14 -- Update patch for memory leak fix -* Tue Oct 10 2017 Anish Swaminathan 2.1.26-13 -- Add patch for memory leak fix -* Thu Jun 29 2017 Divya Thaluru 2.1.26-12 -- Disabled saslauthd service by default -* Wed Dec 07 2016 Xiaolin Li 2.1.26-11 -- BuildRequires Linux-PAM-devel -* Thu Nov 24 2016 Alexey Makhalov 2.1.26-10 -- Required krb5-devel. -* Wed Oct 05 2016 ChangLee 2.1.26-9 -- Modified %check -* Thu May 26 2016 Divya Thaluru 2.1.26-8 -- Fixed logic to restart the active services after upgrade -* Tue May 24 2016 Priyesh Padmavilasom 2.1.26-7 -- GA - Bump release of all rpms -* Tue May 3 2016 Divya Thaluru 2.1.26-6 -- Fixing spec file to handle rpm upgrade scenario correctly -* Thu Dec 10 2015 Xiaolin Li 2.1.26-5 -- Add systemd to Requires and BuildRequires. -* Wed Nov 11 2015 Xiaolin Li 2.1.26-4 -- Add saslauthd service to systemd. -* Tue Sep 01 2015 Vinay Kulkarni 2.1.26-3 -- Enable CRAM. -* Thu Jul 16 2015 Divya Thaluru 2.1.26-2 -- Disabling parallel threads in make -* Wed Nov 5 2014 Divya Thaluru 2.1.26-1 -- Initial build. First version. diff --git a/SPECS/cython3/cython3.spec b/SPECS/cython3/cython3.spec deleted file mode 100644 index 18ba31c917..0000000000 --- a/SPECS/cython3/cython3.spec +++ /dev/null @@ -1,79 +0,0 @@ -Summary: C extensions for Python3 -Name: cython3 -Version: 0.29.32 -Release: 2%{?dist} -Group: Development/Libraries -Vendor: VMware, Inc. -Distribution: Photon -License: Apache License -URL: http://cython.org/ -Source0: /~https://github.com/cython/cython/archive/Cython-%{version}.tar.gz -%define sha512 Cython=55462792fa70d8edf60aa470627ab494918d7297fd7d282a7a54da76ee5a180233108404a1c8f3d79f6408f19b6e4f46b36e59fd47c38ede24f061f374437b6f -BuildRequires: python3 -BuildRequires: python3-devel -BuildRequires: python3-libs -BuildRequires: python3-xml -Requires: python3 - -%description -Cython is an optimising static compiler for both the Python programming language, -and the extended Cython programming language (based on Pyrex). -It makes writing C extensions for Python as easy as Python itself. - -%prep -%autosetup -n cython-%{version} - -%build -%py3_build - -%install -python3 setup.py install --skip-build --root %{buildroot} -mv %{buildroot}%{_bindir}/cython %{buildroot}%{_bindir}/cython3 -mv %{buildroot}%{_bindir}/cythonize %{buildroot}%{_bindir}/cythonize3 -mv %{buildroot}%{_bindir}/cygdb %{buildroot}%{_bindir}/cygdb3 - -%check -sed -i 's/PYTHON?=python/PYTHON?=python3/g' Makefile -make %{?_smp_mflags} test - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root,-) -%{_bindir}/* -%{python3_sitelib}/*.egg-info -%{python3_sitelib}/Cython/* -%{python3_sitelib}/cython.py* -%{python3_sitelib}/pyximport/* -%{python3_sitelib}/__pycache__/* - -%changelog -* Mon Oct 31 2022 Prashant S Chauhan 0.29.32-2 -- Update release to compile with python 3.11 -* Thu May 26 2022 Gerrit Photon 0.29.32-1 -- Automatic Version Bump -* Mon Apr 18 2022 Gerrit Photon 0.29.28-1 -- Automatic Version Bump -* Wed Apr 14 2021 Gerrit Photon 0.29.23-1 -- Automatic Version Bump -* Wed Oct 14 2020 Tapas Kundu 3.0a6-1 -- Update to 3.0a6 -* Mon Jul 27 2020 Tapas Kundu 0.29.21-2 -- Build with python3 -* Thu Jul 09 2020 Gerrit Photon 0.29.21-1 -- Automatic Version Bump -* Fri Jan 11 2019 Michelle Wang 0.28.5-2 -- Fix make check tests for cython3. -* Mon Sep 10 2018 Ajay Kaher 0.28.5-1 -- Upgraded to version 0.28.5. -* Thu Jul 13 2017 Dheeraj Shetty 0.25.2-4 -- Keeping uniformity across all spec files. -* Wed Jun 07 2017 Xiaolin Li 0.25.2-3 -- Add python3-xml to python3 sub package Buildrequires. -* Wed Apr 26 2017 Siju Maliakkal 0.25.2-2 -- Updated python3 site path. -* Mon Apr 24 2017 Bo Gan 0.25.2-1 -- Update to 0.25.2. -* Fri Jan 27 2017 Dheeraj Shetty 0.23.4-1 -- Initial build. diff --git a/SPECS/dbus-broker/dbus-broker.spec b/SPECS/dbus-broker/dbus-broker.spec deleted file mode 100644 index 16585d9ebc..0000000000 --- a/SPECS/dbus-broker/dbus-broker.spec +++ /dev/null @@ -1,120 +0,0 @@ -Name: dbus-broker -Version: 33 -Release: 2%{?dist} -Summary: Linux D-Bus Message Broker -License: ASL 2.0 -Vendor: VMware, Inc. -Distribution: Photon -Group: System Environment/Security -URL: /~https://github.com/bus1/dbus-broker - -Source0: /~https://github.com/bus1/dbus-broker/releases/download/v%{version}/%{name}-%{version}.tar.xz -%define sha512 %{name}=776684a5d19a6c25fc46dff19821014a32d967f8132385b86c5281f2d69192dce64b3ad92ae6a158d1d64753e89d918385a1a31f32811f54060504113f065baa - -Source1: %{name}.sysusers - -Provides: bundled(c-dvar) = 1 -Provides: bundled(c-ini) = 1 -Provides: bundled(c-list) = 3 -Provides: bundled(c-rbtree) = 3 -Provides: bundled(c-shquote) = 1 - -BuildRequires: expat-devel -BuildRequires: libcap-ng -BuildRequires: gcc -BuildRequires: glibc-devel -BuildRequires: meson -BuildRequires: ninja-build -BuildRequires: python3-docutils -BuildRequires: systemd-devel -BuildRequires: audit-devel -BuildRequires: libcap-ng-devel - -Requires: systemd - -%description -dbus-broker is an implementation of a message bus as defined by the D-Bus -specification. Its aim is to provide high performance and reliability, while -keeping compatibility to the D-Bus reference implementation. It is exclusively -written for Linux systems, and makes use of many modern features provided by -recent Linux kernel releases. - -%prep -%autosetup -p1 - -%build -%{meson} \ - --prefix=%{_usr} \ - -Dselinux=true \ - -Daudit=true - -%{meson_build} - -%install -%{meson_install} -install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/%{name}.sysusers - -%check -%{meson_test} - -%pre -%sysusers_create_compat %{SOURCE1} - -%post -%systemd_post %{name}.service -%systemd_user_post %{name}.service -%journal_catalog_update - -%preun -%systemd_preun %{name}.service -%systemd_user_preun %{name}.service - -%postun -%systemd_postun %{name}.service -%systemd_user_postun %{name}.service - -%triggerpostun -- dbus -if [ $2 -eq 0 ] && [ -x %{_bindir}/systemctl ]; then - # The `dbus-daemon` package used to provide the default D-Bus - # implementation. We continue to make sure that if you uninstall it, we - # re-evaluate whether to enable dbus-broker to replace it. If we don't, - # you might end up without any bus implementation active. - systemctl --no-reload preset dbus-broker.service || : - systemctl --no-reload --global preset dbus-broker.service || : -fi - -%files -%license AUTHORS -%license LICENSE -%{_bindir}/%{name} -%{_bindir}/%{name}-launch -%{_journalcatalogdir}/%{name}.catalog -%{_journalcatalogdir}/%{name}-launch.catalog -%{_unitdir}/%{name}.service -%{_userunitdir}/%{name}.service -%{_sysusersdir}/%{name}.sysusers - -%changelog -* Wed Sep 06 2023 Shreenidhi Shedi 33-2 -- Fix spec issues -- Create dbus user -* Thu Feb 16 2023 Susant Sahani 33-1 -- Update version -* Tue Dec 06 2022 Prashant S Chauhan 32-2 -- Update release to compile with python 3.11 -* Tue Aug 30 2022 Susant Sahani 32-1 -- Update version -* Thu May 26 2022 Susant Sahani 31-1 -- Update version -* Wed Jul 14 2021 Susant Sahani 29-1 -- Update version and switch to meson -* Mon Apr 12 2021 Gerrit Photon 28-1 -- Automatic Version Bump -* Sat Jan 23 2021 Susant Sahani 26-1 -- Update version -* Wed Sep 09 2020 Gerrit Photon 24-1 -- Automatic Version Bump -* Fri Aug 14 2020 Susant Sahani 23-1 -- Update to v23 -* Tue May 05 2020 Susant Sahani 22-1 -- Initial RPM release diff --git a/SPECS/dbus-broker/dbus-broker.sysusers b/SPECS/dbus-broker/dbus-broker.sysusers deleted file mode 100644 index 87e5886168..0000000000 --- a/SPECS/dbus-broker/dbus-broker.sysusers +++ /dev/null @@ -1 +0,0 @@ -u dbus 81 "System message bus" / /sbin/nologin diff --git a/SPECS/dbus-glib/dbus-glib.spec b/SPECS/dbus-glib/dbus-glib.spec deleted file mode 100644 index 09dc0dc249..0000000000 --- a/SPECS/dbus-glib/dbus-glib.spec +++ /dev/null @@ -1,98 +0,0 @@ -Summary: Glib interfaces to D-Bus API -Name: dbus-glib -Version: 0.112 -Release: 4%{?dist} -License: AFL and GPLv2+ -Group: System Environment/Libraries -URL: https://dbus.freedesktop.org/doc/dbus-glib -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://dbus.freedesktop.org/releases/dbus-glib/%{name}-%{version}.tar.gz -%define sha512 %{name}=7c9f393f065dfb3d698f35e6554caf15fe539f5dd52d2b2bb6ed1770e130f5dab8e45379232520301455bae9bb77e25a109faf175153fcd4b9dd11d7de4a546e - -BuildRequires: glib-devel -BuildRequires: dbus-devel -BuildRequires: systemd-devel - -Requires: glib -Requires: dbus -Requires: libffi -Requires: systemd -Provides: pkgconfig(dbus-glib-1) - -%description -The D-Bus GLib package contains GLib interfaces to the D-Bus API. - -%package devel -Summary: Libraries and headers for the D-Bus GLib bindings -Requires: glib-devel -Requires: dbus-devel -Requires: %{name} = %{version}-%{release} - -%description devel -Headers and static libraries for the D-Bus GLib bindings - -%prep -%autosetup -p1 - -%build -%configure \ - --disable-static \ - --disable-gtk-doc - -%make_build - -%install -%make_install %{?_smp_mflags} - -%if 0%{?with_check} -%check -make %{?_smp_mflags} check -%endif - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_sysconfdir}/bash_completion.d/* -%{_bindir}/* -%{_libdir}/*.so.* -%{_libexecdir}/* -%{_mandir}/man1/* -%{_datadir}/gtk-doc/* - -%files devel -%defattr(-,root,root) -%{_includedir}/dbus-1.0/dbus/*.h -%{_libdir}/*.so -%{_libdir}/pkgconfig/*.pc - -%changelog -* Wed Sep 06 2023 Shreenidhi Shedi 0.112-4 -- Add URL to spec header -* Sun Aug 07 2022 Shreenidhi Shedi 0.112-3 -- Remove .la files -* Tue May 10 2022 Shreenidhi Shedi 0.112-2 -- Bump version as a part of libffi upgrade -* Mon Apr 12 2021 Gerrit Photon 0.112-1 -- Automatic Version Bump -* Mon Dec 14 2020 Susant Sahani 0.110-2 -- Add build requres and requires. -* Mon Sep 10 2018 Ajay Kaher 0.110-1 -- Upgraded to 0.110 -* Wed May 03 2017 Bo Gan 0.108-1 -- Update to 0.108 -* Wed Oct 05 2016 ChangLee 0.106-5 -- Modified %check -* Tue May 24 2016 Priyesh Padmavilasom 0.106-4 -- GA - Bump release of all rpms -* Mon Feb 22 2016 XIaolin Li 0.106-1 -- Updated to version 0.106 -* Thu Jan 28 2016 Anish Swaminathan 0.104-3 -- Add requires to dbus-glib-devel -* Tue Sep 22 2015 Harish Udaiya Kumar 0.104-2 -- Updated build requires after creating devel package for dbus -* Tue Jun 23 2015 Divya Thaluru 0.104-1 -- Initial build. diff --git a/SPECS/dbus-python/dbus-python.spec b/SPECS/dbus-python/dbus-python.spec deleted file mode 100644 index 8250007763..0000000000 --- a/SPECS/dbus-python/dbus-python.spec +++ /dev/null @@ -1,72 +0,0 @@ -Name: dbus-python3 -Version: 1.3.2 -Release: 2%{?dist} -Summary: Python bindings for D-Bus -License: MIT -Group: Development/Libraries/Python -Url: http://www.freedesktop.org/wiki/Software/DBusBindings/ -Source0: http://dbus.freedesktop.org/releases/dbus-python/dbus-python-%{version}.tar.gz -%define sha512 dbus-python=9b2885c9c2914142c72487f766b1cdd28a255d9f5a87eaf8f4eb420c6e096a77f210ac5a4fac9843c6531974872880cc28b7e45940e198856e984dcc0715519a -Vendor: VMware, Inc. -Distribution: Photon - -BuildRequires: python3-devel -BuildRequires: python3-docutils -BuildRequires: dbus-devel -BuildRequires: glib-devel -BuildRequires: python3-setuptools -BuildRequires: systemd-devel - -Requires: python3-xml -Requires: dbus - -%description -D-Bus python bindings for use with python programs. - -%package -n dbus-python3-devel -Summary: Python bindings for D-Bus -Group: Development/Libraries/Python -Requires: %{name} = %{version} -Requires: dbus-devel - -%description -n dbus-python3-devel -Developer files for Python bindings for D-Bus. - -%prep -%autosetup -n dbus-python-%{version} - -%build -%configure PYTHON="%{__python3}" -%make_build %{?_smp_mflags} - -%install -make %{?_smp_mflags} DESTDIR=%{buildroot} install -cp -r dbus_python*egg-info %{buildroot}%{python3_sitelib} -rm -f %{buildroot}%{python3_sitelib}/*.la - -%check -make check %{?_smp_mflags} - -%files -%defattr(-,root,root) -%doc NEWS -%license COPYING -%{python3_sitelib}/*.so -%{python3_sitelib}/dbus/ -%{python3_sitelib}/dbus_python*egg-info - -%files devel -%defattr(-,root,root) -%doc README ChangeLog doc/API_CHANGES.txt doc/tutorial.txt -%{_includedir}/dbus-1.0/dbus/dbus-python.h -%{_libdir}/pkgconfig/dbus-python.pc - -%changelog -* Fri Dec 02 2022 Prashant S Chauhan 1.3.2-2 -- Update release to compile with python 3.11 -* Tue Nov 01 2022 Susant Sahani 1.3.2-1 -- version bump -* Mon Dec 14 2020 Susant Sahani 1.2.16-2 -- Add build requires -* Thu Mar 19 2020 Tapas Kundu 1.2.16-1 -- Initial release diff --git a/SPECS/dbus/dbus.spec b/SPECS/dbus/dbus.spec deleted file mode 100644 index 6ed7789a8e..0000000000 --- a/SPECS/dbus/dbus.spec +++ /dev/null @@ -1,169 +0,0 @@ -Summary: DBus message bus -Name: dbus -Version: 1.15.4 -Release: 4%{?dist} -License: GPLv2+ or AFL -URL: http://www.freedesktop.org/wiki/Software/dbus -Group: Applications/File -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.xz -%define sha512 %{name}=53a5b7161940c5d4432b902c3c0ac1f1965978e3791a640d1a71f2d819474b727497f7a13c95d7c5850baef659062f1434296a3f5e56701383cc573dfbf187ee - -Source1: %{name}.sysusers - -BuildRequires: expat-devel -BuildRequires: systemd-devel -BuildRequires: xz-devel - -Requires: expat -Requires: systemd -Requires: xz - -%description -The dbus package contains dbus. - -%package devel -Summary: Header and development files -Requires: %{name} = %{version}-%{release} -Requires: expat-devel - -%description devel -It contains the libraries and header files to create applications - -%package user-session -Summary: simple interprocess messaging system (systemd --user integration) - -Requires: %{name} = %{version}-%{release} - -%description user-session -simple interprocess messaging system (systemd --user integration) - -%prep -%autosetup -p1 - -%build -%configure \ - --docdir=%{_docdir}/%{name}-%{version} \ - --enable-libaudit=no \ - --enable-selinux=no \ - --with-console-auth-dir=/run/console \ - --enable-user-session \ - --runstatedir=/run - -%make_build - -%install -%make_install %{?_smp_mflags} -install -vdm755 %{buildroot}%{_libdir} - -mkdir -p %{buildroot}%{_userunitdir} - -rm -f %{buildroot}%{_userunitdir}/sockets.target.wants/dbus.socket \ - %{buildroot}%{_libdir}/*.a \ - %{buildroot}%{_libdir}/*.la - -install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/%{name}.sysusers - -%check -%make_build check - -%pre -%sysusers_create_compat %{SOURCE1} - -%post -%systemd_post %{name}.socket -%systemd_user_post %{name}.socket -%systemd_post %{name}.service -%systemd_user_post %{name}.service - -%preun -%systemd_preun %{name}.socket -%systemd_user_preun %{name}.socket -%systemd_preun %{name}.service -%systemd_user_preun %{name}.service - -%postun -%systemd_postun %{name}.socket -%systemd_user_postun %{name}.socket -%systemd_postun %{name}.service -%systemd_user_postun %{name}.service - -%files -%defattr(-,root,root) -%{_sysconfdir}/%{name}-1 -%{_bindir}/* -%{_libdir}/libdbus-1.so.* -%{_tmpfilesdir}/%{name}.conf -%{_unitdir}/* -%exclude %{_sysusersdir} -%{_libexecdir}/* -%{_datadir}/%{name}-1 -%{_sysusersdir}/%{name}.sysusers - -%files devel -%defattr(-,root,root) -%{_docdir}/* -%{_includedir}/* -%{_datadir}/xml/%{name}-1 -%{_libdir}/cmake/DBus1 -%dir %{_libdir}/%{name}-1.0 -%{_libdir}/%{name}-1.0/include/ -%{_libdir}/pkgconfig/*.pc -%{_libdir}/*.so - -%files user-session -%defattr(-,root,root) -%{_userunitdir}/%{name}.service -%{_userunitdir}/%{name}.socket - -%changelog -* Fri Sep 22 2023 Shreenidhi Shedi 1.15.4-4 -- Create dbus user -* Thu Sep 21 2023 Shreenidhi Shedi 1.15.4-3 -- Use /run for runstatedir -* Tue Mar 14 2023 Shreenidhi Shedi 1.15.4-2 -- Enable user-session config flag -* Thu Feb 16 2023 Susant Sahani 1.15.4-1 -- Version bump -* Thu Jan 19 2023 Shreenidhi Shedi 1.15.2-3 -- Add dbus-user-session sub package, needed by rootless containers -* Fri Dec 23 2022 Oliver Kurth 1.15.2-2 -- bump version as part of xz upgrade -* Tue Nov 01 2022 Susant Sahani 1.15.2-1 -- Version bump -* Sat Oct 01 2022 Susant Sahani 1.15.0-1 -- Version bump -* Sun Aug 07 2022 Shreenidhi Shedi 1.14.0-2 -- Remove .la files -* Mon Apr 18 2022 Gerrit Photon 1.14.0-1 -- Automatic Version Bump -* Thu Jan 13 2022 Susant Sahani 1.13.20-1 -- Update to 1.13.20 -* Mon Jun 22 2020 Gerrit Photon 1.13.18-1 -- Automatic Version Bump -* Wed May 06 2020 Susant Sahani 1.13.14-1 -- Update to 1.13.14 -* Thu Nov 15 2018 Alexey Makhalov 1.13.6-2 -- Cross compilation support -* Mon Sep 10 2018 Ajay Kaher 1.13.6-1 -- Update to 1.13.6 -* Fri Apr 21 2017 Bo Gan 1.11.12-1 -- Update to 1.11.12 -* Tue Dec 20 2016 Xiaolin Li 1.8.8-8 -- Move all header files to devel subpackage. -* Fri Nov 18 2016 Anish Swaminathan 1.8.8-7 -- Change systemd dependency -* Wed Oct 05 2016 ChangLee 1.8.8-6 -- Modified %check -* Tue May 24 2016 Priyesh Padmavilasom 1.8.8-5 -- GA - Bump release of all rpms -* Tue Sep 22 2015 Harish Udaiya Kumar 1.8.8-4 -- Created devel sub-package -* Thu Jun 25 2015 Sharath George 1.8.8-3 -- Remove debug files. -* Mon May 18 2015 Touseef Liaqat 1.8.8-2 -- Update according to UsrMove. -* Sun Apr 06 2014 Sharath George 1.8.8 -- Initial build. First version diff --git a/SPECS/dbus/dbus.sysusers b/SPECS/dbus/dbus.sysusers deleted file mode 100644 index c98ae40de2..0000000000 --- a/SPECS/dbus/dbus.sysusers +++ /dev/null @@ -1,2 +0,0 @@ -#Type Name ID GECOS Home directory Shell -u dbus 81 "System Message Bus" - - diff --git a/SPECS/dbxtool/0001-Fix-build-with-efivar-38.patch b/SPECS/dbxtool/0001-Fix-build-with-efivar-38.patch deleted file mode 100644 index f746a8c2a8..0000000000 --- a/SPECS/dbxtool/0001-Fix-build-with-efivar-38.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 11ecd2ab55f320e5f81a19abe38f8750b65e0def Mon Sep 17 00:00:00 2001 -From: Vamsi Krishna Brahmajosyula -Date: Wed, 22 Feb 2023 13:26:33 +0530 -Subject: [PATCH] Fix build with efivar 38 - -Signed-off-by: Vamsi Krishna Brahmajosyula ---- - src/esl.h | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/src/esl.h b/src/esl.h -index 456f748..fc77024 100644 ---- a/src/esl.h -+++ b/src/esl.h -@@ -47,11 +47,6 @@ typedef struct { - uint8_t pad2; - } __attribute__((aligned (1))) EFI_TIME; - --#define EFI_TIME_ADJUST_DAYLIGHT 0x01 --#define EFI_TIME_IN_DAYLIGHT 0x02 -- --#define EFI_UNSPECIFIED_TIMEZONE 0x07ff -- - typedef struct _EFI_CERT_BLOCK_RSA_2048_SHA256 { - efi_guid_t HashType; - uint8_t PublicKey[256]; --- -2.39.2 - diff --git a/SPECS/dbxtool/0001-dbxtool-Don-t-apply-unless-force-if-PK-or-KEK-are-un.patch b/SPECS/dbxtool/0001-dbxtool-Don-t-apply-unless-force-if-PK-or-KEK-are-un.patch deleted file mode 100644 index 596bbf7fc5..0000000000 --- a/SPECS/dbxtool/0001-dbxtool-Don-t-apply-unless-force-if-PK-or-KEK-are-un.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 445d132c3c006bd92b31cc544d9d197c885041ed Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 18 Oct 2017 10:59:12 -0400 -Subject: [PATCH 01/13] dbxtool: Don't apply unless --force if PK or KEK are - unset. - -Some systems have correctly applied the UEFI 2.5 rule that global -EFI variables that aren't known to the firmware cannot be set, but don't -have Secure Boot as a feature, and will not let us set DBX. - -This adds warnings in those cases, which can be surpressed with --quiet, -and won't attempt to apply the update, which can be overridden with ---force. - -This also makes the systemd dbxtool.service invokation use both of those -flags. - -Resolves: rhbz#1489942 - -Signed-off-by: Peter Jones ---- - src/dbxtool.service | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/dbxtool.service b/src/dbxtool.service -index fcfb6e6..1a2a829 100644 ---- a/src/dbxtool.service -+++ b/src/dbxtool.service -@@ -7,4 +7,4 @@ WantedBy=multi-user.target - - [Service] - RemainAfterExit=yes --ExecStart=/usr/bin/dbxtool -a /usr/share/dbxtool/ -q -f -+ExecStart=/usr/bin/dbxtool -a /usr/share/dbxtool/ -q --- -2.23.1 - diff --git a/SPECS/dbxtool/0003-Treat-dbxtool-a-dir-with-an-empty-directory-correctl.patch b/SPECS/dbxtool/0003-Treat-dbxtool-a-dir-with-an-empty-directory-correctl.patch deleted file mode 100644 index b9ed718acf..0000000000 --- a/SPECS/dbxtool/0003-Treat-dbxtool-a-dir-with-an-empty-directory-correctl.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 18bcb743df2d39f9dcbe1c95d28f96d9de812816 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 18 Oct 2017 14:12:00 -0400 -Subject: [PATCH 03/13] Treat "dbxtool -a dir/" with an empty directory - correctly. - -So "make scan-build" found an error. Yay. - -Signed-off-by: Peter Jones ---- - src/dbxtool.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/dbxtool.c b/src/dbxtool.c -index 5d5efc7..717c991 100644 ---- a/src/dbxtool.c -+++ b/src/dbxtool.c -@@ -320,6 +320,8 @@ static inline void - sort_updates(struct db_update_file *updates, size_t num_updates) - { - vprintf("Sorting updates list\n"); -+ if (num_updates < 2) -+ return; - qsort(updates, num_updates, sizeof (struct db_update_file), - update_cmp); - } -@@ -732,9 +734,12 @@ main(int argc, char *argv[]) - &updates, - &new_num_updates); - num_updates = new_num_updates; -+ if (num_updates == 0) -+ warnx("Updates directory \"%s\" contains no updates.", -+ dirname); - } - } -- if (updates == NULL) { -+ if (updates == NULL && num_updates > 0) { - updates = calloc(num_updates, - sizeof (struct db_update_file)); - if (updates == NULL) --- -2.23.1 - diff --git a/SPECS/dbxtool/0006-fix-relop-in-esl_iter_next.patch b/SPECS/dbxtool/0006-fix-relop-in-esl_iter_next.patch deleted file mode 100644 index 06b6d0a68b..0000000000 --- a/SPECS/dbxtool/0006-fix-relop-in-esl_iter_next.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 50b302ea7b6bd41c38d50b2af9d89af5f715068a Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 16 May 2018 14:06:48 +0200 -Subject: [PATCH 06/13] fix relop in esl_iter_next() - -esl_iter_next() seeks to the next EFI_SIGNATURE_LIST object in the -signature database that's being processed. - -- The position of the current (just processed) EFI_SIGNATURE_LIST object - in the signature database is "iter->offset". - -- The size of the same is in "iter->esl->SignatureListSize". - -- The size of the whole signature dabatase (containing the current - EFI_SIGNATURE_LIST) is in "iter->len". - -Thus, we need to advance "iter->offset" by "iter->esl->SignatureListSize", -to reach the next EFI_SIGNATURE_LIST object. - -While advancing, we must not exceed the whole signature database. In other -words, the (exclusive) end of the just processed EFI_SIGNATURE_LIST object -is required to precede, or equal, the (exclusive) end of the signature -database. Hence the "good" condition is: - - iter->offset + iter->esl->SignatureListSize <= iter->len - -The "bad" condition is the negation of the above: - - iter->offset + iter->esl->SignatureListSize > iter->len - -Because we don't trust "iter->esl->SignatureListSize" (since that was -simply read from the binary blob, not computed by ourselves), we don't -want to add to it or subtract from it (integer overflow!), we just want to -use it naked for comparison. So we subtract "iter->offset" from both -sides: "iter->offset" and "iter->len" are known-good because we've checked -and computed them all along, so we can perform integer operations on them. -After the subtraction, we have the following condition for *bad*: - - iter->esl->SignatureListSize > iter->len - iter->offset - -Another way to put the same condition, for *bad*, is to swing the sides -around the relop (giving a spin to the relop as well): - - iter->len - iter->offset < iter->esl->SignatureListSize - -The controlling expression in esl_iter_next() is just this, except for the -typo in the relational operator. Fix it. - -Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1508808 -Signed-off-by: Laszlo Ersek ---- - src/iter.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/iter.c b/src/iter.c -index 45ee059..f19166a 100644 ---- a/src/iter.c -+++ b/src/iter.c -@@ -222,7 +222,7 @@ esl_iter_next(esl_iter *iter, efi_guid_t *type, - vprintf("Getting next EFI_SIGNATURE_LIST\n"); - efi_guid_t type; - esl_get_type(iter, &type); -- if (iter->len - iter->offset > iter->esl->SignatureListSize) { -+ if (iter->len - iter->offset < iter->esl->SignatureListSize) { - warnx("EFI Signature List is malformed"); - errx(1, "list has %zd bytes left, element is %"PRIu32" bytes", - iter->len - iter->offset, --- -2.23.1 - diff --git a/SPECS/dbxtool/dbxtool.spec b/SPECS/dbxtool/dbxtool.spec deleted file mode 100644 index cccb0af3e4..0000000000 --- a/SPECS/dbxtool/dbxtool.spec +++ /dev/null @@ -1,48 +0,0 @@ -Summary: Tool for managing dbx updates installed on a machine. -Name: dbxtool -Version: 8 -Release: 2%{?dist} -License: GPLv2 -URL: /~https://github.com/rhboot/dbxtool -Group: System Environment/System Utilities -Vendor: VMware, Inc. -Distribution: Photon -Source0: /~https://github.com/rhboot/dbxtool/releases/download/%{name}-%{version}/%{name}-%{version}.tar.bz2 -%define sha512 dbxtool=28918c05d3a2a55238f4267e969116bdd3c9fc9f308b1e0249fe22cc06e95a6388e54406273c3b3d076a619a6ac0723b05cacb84bd84f797c954d60f22a86b85 -Patch0: 0001-dbxtool-Don-t-apply-unless-force-if-PK-or-KEK-are-un.patch -Patch1: 0003-Treat-dbxtool-a-dir-with-an-empty-directory-correctl.patch -Patch2: 0006-fix-relop-in-esl_iter_next.patch -Patch3: 0001-Fix-build-with-efivar-38.patch -BuildRequires: popt-devel efivar-devel systemd-rpm-macros -Requires: efivar -%description -Tool for managing dbx updates installed on a machine. - -%prep -%autosetup -p1 -%build -%make_build - -%install -%make_install %{?_smp_mflags} -rm -rf %{buildroot}/etc \ - %{buildroot}/%{_datadir}/%{name}/DBXUpdate-2016-08-09-13-16-00.bin - -%check -make %{?_smp_mflags} test - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_bindir}/%{name} -%{_unitdir}/%{name}.service -%{_docdir}/%{name}/COPYING -%{_mandir}/man1/%{name}.1.gz - -%changelog -* Wed Feb 22 2023 Vamsi Krishna Brahmajosyula 8-2 -- Fix build with efivar 38 -* Wed Jul 29 2020 Alexey Makhalov 8-1 -- Initial build. First version diff --git a/SPECS/ddclient/ddclient.spec b/SPECS/ddclient/ddclient.spec deleted file mode 100644 index 73eb826360..0000000000 --- a/SPECS/ddclient/ddclient.spec +++ /dev/null @@ -1,70 +0,0 @@ -Name: ddclient -Version: 3.9.1 -Release: 1%{?dist} -Url: https://sourceforge.net/p/ddclient/wiki/Home/ -Summary: Perl client used to update dynamic DNS entries for accounts on Dynamic DNS Network Service Provider -License: GPLv2 -Group: Applications -Source0: http://downloads.sourceforge.net/project/ddclient/ddclient/ddclient-%{version}.tar.gz -%define sha1 ddclient=442d1fce361ac1d89c33a86d723f0dbbc74bc395 -Requires: perl -Requires: perl-IO-Socket-SSL -Requires: perl-JSON-Any -Requires: perl-Data-Validate-IP -Vendor: VMware, Inc. -Distribution: Photon - -%description -DDclient is a Perl client used to update dynamic DNS entries for accounts on Dynamic DNS Network Service Provider. -It was originally written by Paul Burry and is now mostly by wimpunk. -It has the capability to update more than just dyndns and it can fetch your WAN-ipaddress in a few different ways. - -%prep -%setup -q -n %{name}-%{version} - -%install - -install -vdm755 %{buildroot}/usr/sbin -cp ddclient %{buildroot}/usr/sbin/ - -install -vdm755 %{buildroot}/etc/ddclient -install -vdm755 %{buildroot}/var/cache/ddclient -install -vdm755 %{buildroot}/usr/lib/systemd/system - -cp sample-etc_ddclient.conf %{buildroot}/etc/ddclient/ddclient.conf - -cat << EOF >> %{buildroot}/usr/lib/systemd/system/ddclient.service -[Unit] -Description=Dynamic DNS Update Client -After=network.target -PartOf=network-online.target - -[Service] -Type=forking -PIDFile=/var/run/ddclient.pid -ExecStart=/usr/sbin/ddclient - -[Install] -WantedBy=network-online.target -EOF - -%files -%defattr(-,root,root) -%{_sysconfdir}/ddclient/ddclient.conf -%{_sbindir}/ddclient -%{_lib}/systemd/system/ddclient.service -%dir /var/cache/ddclient - -%changelog -* Thu May 06 2021 Gerrit Photon 3.9.1-1 -- Automatic Version Bump -* Thu Sep 27 2018 Srivatsa S. Bhat 3.9.0-2 -- Add perl-Data-Validate-IP as a runtime dependency. -* Mon Sep 10 2018 Ajay Kaher 3.9.0-1 -- Upgraded to version 3.9.0 -* Fri Oct 13 2017 Alexey Makhalov 3.8.3-3 -- Remove BuildArch -* Tue May 24 2016 Priyesh Padmavilasom 3.8.3-2 -- GA - Bump release of all rpms -* Tue Mar 22 2016 Mahmoud Bassiouny 3.8.3-1 -- Initial packaging for Photon diff --git a/SPECS/debugedit/debugedit.spec b/SPECS/debugedit/debugedit.spec deleted file mode 100644 index 336bf610d0..0000000000 --- a/SPECS/debugedit/debugedit.spec +++ /dev/null @@ -1,89 +0,0 @@ -Name: debugedit -Version: 5.0 -Release: 6%{?dist} -Summary: Tools for debuginfo creation -License: GPLv3+ and GPLv2+ and LGPLv2+ -URL: https://sourceware.org/debugedit -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://sourceware.org/ftp/debugedit/%{version}/%{name}-%{version}.tar.xz -%define sha512 %{name}=7e7f529eafe41b53f0b5bfc58282fdbfa0dfa93ed7908b70e81942d6d2b6f80fc9c6bff2ed9674fd98947e5750b615f4c8b222544989e2900c5f8ff5ae0efb92 - -Patch0: tweak-find-debuginfo.patch - -BuildRequires: make -BuildRequires: gcc -BuildRequires: help2man - -# For the testsuite. -BuildRequires: autoconf -BuildRequires: automake - -# The find-debuginfo.sh script has a couple of tools it needs at runtime. -# For strip_to_debug, eu-strip -Requires: elfutils -# For add_minidebug, readelf, awk, nm, sort, comm, objcopy, xz -Requires: gawk -Requires: xz -Requires: (coreutils or coreutils-selinux) -# For do_file, gdb_add_index -# We only need gdb-add-index, so suggest gdb-minimal (full gdb is also ok) -Requires: (gdb or gdb-minimal) -# For dwz -Requires: dwz - -Patch1: tests-Handle-zero-directory-entry-in-.debug_line-DWA.patch - -%description -The debugedit project provides programs and scripts for creating -debuginfo and source file distributions, collect build-ids and rewrite -source paths in DWARF data for debugging, tracing and profiling. - -It is based on code originally from the rpm project plus libiberty and -binutils. It depends on the elfutils libelf and libdw libraries to -read and write ELF files, DWARF data and build-ids. - -%prep -%autosetup -p1 - -%build -autoreconf -f -v -i -%configure -%make_build - -%install -%make_install -cd %{buildroot}%{_bindir} -ln -sfv find-debuginfo find-debuginfo.sh - -%if 0%{?with_check} -%check -sed -i 's/^\(C\|LD\)FLAGS=.*/\1FLAGS=""/' tests/atlocal -make check %{?_smp_mflags} -%endif - -%files -%defattr(-,root,root) -%{_bindir}/debugedit -%{_bindir}/sepdebugcrcfix -%{_bindir}/find-debuginfo -%{_bindir}/find-debuginfo.sh -%{_mandir}/man1/debugedit.1* -%{_mandir}/man1/sepdebugcrcfix.1* -%{_mandir}/man1/find-debuginfo.1* - -%changelog -* Fri Jul 14 2023 Shreenidhi Shedi 5.0-6 -- Fix gdb requires -* Tue Jul 11 2023 Shreenidhi Shedi 5.0-5 -- Bump version as a part of elfutils upgrade -* Wed Jan 25 2023 Shreenidhi Shedi 5.0-4 -- Fix requires -* Fri Jan 06 2023 Vamsi Krishna Brahmajosyula 5.0-3 -- Bump up due to change in elfutils -* Fri Jan 06 2023 Brennan Lamoreaux 5.0-2 -- Version bump for dwz upgrade. -* Fri Dec 10 2021 Shreenidhi Shedi 5.0-1 -- Intial version. Needed for rpm-4.17.0 diff --git a/SPECS/debugedit/tests-Handle-zero-directory-entry-in-.debug_line-DWA.patch b/SPECS/debugedit/tests-Handle-zero-directory-entry-in-.debug_line-DWA.patch deleted file mode 100644 index 2cadab259b..0000000000 --- a/SPECS/debugedit/tests-Handle-zero-directory-entry-in-.debug_line-DWA.patch +++ /dev/null @@ -1,130 +0,0 @@ -From ae27211cbbfb63a0ad3c141cd1310d7f583ec40e Mon Sep 17 00:00:00 2001 -From: Mark Wielaard -Date: Fri, 30 Jul 2021 18:09:46 +0200 -Subject: [PATCH] tests: Handle zero directory entry in .debug_line DWARF5 - debugedit.at - -We were skipping the zero directory entry, because it was always -the same as the directory entry at position one. But that isn't -true anymore with gcc 11.2.1. There the zero dir entry is unique. -Fix the debugedit.at .debug_line testcases using DWARF5 to also -include dir entry zero. - -Signed-off-by: Mark Wielaard ---- - configure.ac | 14 ++++++++++++++ - tests/atlocal.in | 1 + - tests/debugedit.at | 18 ++++++++++++------ - 3 files changed, 27 insertions(+), 6 deletions(-) - -diff --git a/configure.ac b/configure.ac -index e5c9230..6a53365 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -87,6 +87,20 @@ CFLAGS="$save_CFLAGS" - GDWARF_5_FLAG=$ac_cv_gdwarf_5 - AC_SUBST([GDWARF_5_FLAG]) - -+AC_CACHE_CHECK([whether -gdwarf-5 produced DWARF5 .debug_line], ac_cv_dwarf_5_debugline, [dnl -+save_CFLAGS="$CFLAGS" -+CFLAGS="-gdwarf-5" -+AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int i=0;]],[[/* empty main */]])], -+ [if readelf --debug-dump=line conftest.o 2>&1 | \ -+ grep "DWARF Version:" 2>&1 | grep "5" > /dev/null 2>&1; \ -+ then ac_cv_dwarf_5_debugline=yes; \ -+ else ac_cv_dwarf_5_debugline=no; fi], -+ ac_cv_dwarf_5_debugline=no) -+CFLAGS="$save_CFLAGS" -+]) -+DWARF_5_DEBUGLINE=$ac_cv_dwarf_5_debugline -+AC_SUBST([DWARF_5_DEBUGLINE]) -+ - AC_CACHE_CHECK([whether gcc supports -gz=none], ac_cv_gz_none, [dnl - save_CFLAGS="$CFLAGS" - CFLAGS="-gz=none" -diff --git a/tests/atlocal.in b/tests/atlocal.in -index 8399f8d..d916301 100644 ---- a/tests/atlocal.in -+++ b/tests/atlocal.in -@@ -13,3 +13,4 @@ READELF="@READELF@" - - GDWARF_5_FLAG=@GDWARF_5_FLAG@ - GZ_NONE_FLAG=@GZ_NONE_FLAG@ -+DWARF_5_DEBUGLINE=@DWARF_5_DEBUGLINE@ -diff --git a/tests/debugedit.at b/tests/debugedit.at -index 0311d26..725e68e 100644 ---- a/tests/debugedit.at -+++ b/tests/debugedit.at -@@ -488,10 +488,12 @@ AT_CLEANUP - AT_SETUP([debugedit .debug_line objects DWARF5]) - AT_KEYWORDS([debuginfo] [debugedit]) - AT_SKIP_IF([test "$GDWARF_5_FLAG" = "no"]) -+AT_SKIP_IF([test "$DWARF_5_DEBUGLINE" = "no"]) - DEBUGEDIT_SETUP([-gdwarf-5]) - - AT_DATA([expout], - [foo/bar/baz -+foo/bar/baz/subdir_bar - foo/bar/baz/subdir_headers - ]) - -@@ -500,8 +502,8 @@ AT_CHECK([[debugedit -b $(pwd) -d /foo/bar/baz ./subdir_bar/bar.o]]) - AT_CHECK([[debugedit -b $(pwd) -d /foo/bar/baz ./baz.o]]) - AT_CHECK([[ - readelf --debug-dump=line foo.o subdir_bar/bar.o baz.o \ -- | grep -A5 "The Directory Table" | grep "^ [123]" \ -- | cut -f2- -d/ | grep ^foo/ | sort -+ | grep -A5 "The Directory Table" | grep "^ [0123]" \ -+ | cut -f2- -d/ | grep ^foo/ | sort -u - ]],[0],[expout]) - - AT_CLEANUP -@@ -535,18 +537,20 @@ AT_CLEANUP - AT_SETUP([debugedit .debug_line partial DWARF5]) - AT_KEYWORDS([debuginfo] [debugedit]) - AT_SKIP_IF([test "$GDWARF_5_FLAG" = "no"]) -+AT_SKIP_IF([test "$DWARF_5_DEBUGLINE" = "no"]) - DEBUGEDIT_SETUP([-gdwarf-5]) - - AT_DATA([expout], - [foo/bar/baz -+foo/bar/baz/subdir_bar - foo/bar/baz/subdir_headers - ]) - - AT_CHECK([[debugedit -b $(pwd) -d /foo/bar/baz ./foobarbaz.part.o]]) - AT_CHECK([[ - readelf --debug-dump=line ./foobarbaz.part.o \ -- | grep -A5 "The Directory Table" | grep "^ [123]" \ -- | cut -f2- -d/ | grep ^foo/ | sort -+ | grep -A5 "The Directory Table" | grep "^ [0123]" \ -+ | cut -f2- -d/ | grep ^foo/ | sort -u - ]],[0],[expout]) - - AT_CLEANUP -@@ -580,18 +584,20 @@ AT_CLEANUP - AT_SETUP([debugedit .debug_line exe DWARF5]) - AT_KEYWORDS([debuginfo] [debugedit]) - AT_SKIP_IF([test "$GDWARF_5_FLAG" = "no"]) -+AT_SKIP_IF([test "$DWARF_5_DEBUGLINE" = "no"]) - DEBUGEDIT_SETUP([-gdwarf-5]) - - AT_DATA([expout], - [foo/bar/baz -+foo/bar/baz/subdir_bar - foo/bar/baz/subdir_headers - ]) - - AT_CHECK([[debugedit -b $(pwd) -d /foo/bar/baz ./foobarbaz.exe]]) - AT_CHECK([[ - readelf --debug-dump=line ./foobarbaz.exe \ -- | grep -A5 "The Directory Table" | grep "^ [123]" \ -- | cut -f2- -d/ | grep ^foo/ | sort -+ | grep -A5 "The Directory Table" | grep "^ [0123]" \ -+ | cut -f2- -d/ | grep ^foo/ | sort -u - ]],[0],[expout]) - - AT_CLEANUP --- -2.27.0 - diff --git a/SPECS/debugedit/tweak-find-debuginfo.patch b/SPECS/debugedit/tweak-find-debuginfo.patch deleted file mode 100644 index d2699da48f..0000000000 --- a/SPECS/debugedit/tweak-find-debuginfo.patch +++ /dev/null @@ -1,38 +0,0 @@ -From b9977a94becdc00d20912315a12c64f132daca7a Mon Sep 17 00:00:00 2001 -From: Shreenidhi Shedi -Date: Mon, 13 Dec 2021 16:54:28 +0530 -Subject: [PATCH] tweak find-debuginfo - -Signed-off-by: Shreenidhi Shedi ---- - scripts/find-debuginfo.in | 7 +------ - 1 file changed, 1 insertion(+), 6 deletions(-) - -diff --git a/scripts/find-debuginfo.in b/scripts/find-debuginfo.in -index 8b9ce77..8be3aa0 100755 ---- a/scripts/find-debuginfo.in -+++ b/scripts/find-debuginfo.in -@@ -649,11 +649,6 @@ if [ -s "$SOURCEFILE" ]; then - fi - - if [ -d "${RPM_BUILD_ROOT}/usr/lib" ] || [ -d "${RPM_BUILD_ROOT}/usr/src" ]; then -- ((nout > 0)) || -- test ! -d "${RPM_BUILD_ROOT}/usr/lib" || -- (cd "${RPM_BUILD_ROOT}/usr/lib"; find debug -type d) | -- sed 's,^,%dir /usr/lib/,' >> "$LISTFILE" -- - (cd "${RPM_BUILD_ROOT}/usr" - test ! -d lib/debug || find lib/debug ! -type d - test ! -d src/debug -o -n "$srcout" || find src/debug -mindepth 1 -maxdepth 1 -@@ -724,7 +719,7 @@ while ((i < nout)); do - mv "${LISTFILE}.new" "$LISTFILE" - ((++i)) - done --if ((nout > 0)); then -+if ((0 && nout > 0)); then - # Generate %dir lines for each output list. - generate_percent_dir() - { --- -2.25.1 - diff --git a/SPECS/dejagnu/dejagnu.spec b/SPECS/dejagnu/dejagnu.spec deleted file mode 100644 index b485d6de3c..0000000000 --- a/SPECS/dejagnu/dejagnu.spec +++ /dev/null @@ -1,67 +0,0 @@ -Summary: DejaGnu test framework -Name: dejagnu -Version: 1.6.2 -Release: 2%{?dist} -License: GPLv2+ -URL: http://www.gnu.org/software/%{name} -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://ftp.gnu.org/pub/gnu/dejagnu/%{name}-%{version}.tar.gz -%define sha512 %{name}=ae527ce245871d49b84773d0d14b1ea6b2316c88097eeb84091a3aa885ff007eeaa1cd9c5b002d94a956d218451079b5e170561ffa43a291d9d82283aa834042 - -BuildArch: noarch - -BuildRequires: expect-devel - -Requires: expect - -%description -DejaGnu is a framework for testing other programs. Its purpose is to provide -a single front end for all tests. Think of it as a custom library of Tcl -procedures crafted to support writing a test harness. A test harness is the -testing infrastructure that is created to support a specific program or tool. -Each program can have multiple testsuites, all supported by a single test -harness. DejaGnu is written in Expect, which in turn uses Tcl. - -%package devel -Summary: Headers and development libraries for dejagnu -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} -Requires: expect-devel - -%description devel -Headers and development libraries for dejagnu - -%prep -%autosetup -p1 - -%build -%configure -%make_build - -%install -%make_install %{?_smp_mflags} - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_datadir}/dejagnu/* -%{_infodir}/* -%exclude %{_infodir}/dir -%{_mandir}/* - -%files devel -%defattr(-,root,root) -%{_includedir}/* - -%changelog -* Sun Oct 15 2023 Shreenidhi Shedi 1.6.2-2 -- Fix spec issues -* Wed Jul 08 2020 Gerrit Photon 1.6.2-1 -- Automatic Version Bump -* Mon Sep 10 2018 Ajay Kaher 1.6-1 -- Upgraded to version 1.6 -* Thu Jul 13 2017 Alexey Makhalov 1.5.3-1 -- Initial build. First version diff --git a/SPECS/dejavu-fonts/dejavu-fonts.spec b/SPECS/dejavu-fonts/dejavu-fonts.spec deleted file mode 100644 index 46a0792815..0000000000 --- a/SPECS/dejavu-fonts/dejavu-fonts.spec +++ /dev/null @@ -1,45 +0,0 @@ -%global fontsdir %{_docdir}/packages/dejavu-fonts -%global ttfdir %{_datadir}/fonts/truetype - -Summary: The DejaVu fonts are a font family based on the Vera Fonts. -Name: dejavu-fonts -Version: 2.37 -Release: 1%{?dist} -License: GNU General Public License V2 -URL: https://dejavu-fonts.github.io/Download.html -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon -Source0: http://sourceforge.net/projects/dejavu/files/dejavu/%{version}/dejavu-fonts-ttf-%{version}.tar.bz2 -%define sha512 dejavu-fonts-ttf=bafa39321021097432777f0825d700190c23f917d754a4504722cd8946716c22c083836294dab7f3ae7cf20af63c4d0944f3423bf4aa25dbca562d1f30e00654 -BuildArch: noarch - -%description -The DejaVu font set is based on the “Bitstream Vera” fonts. Its -purpose is to provide a wider range of characters, while maintaining the -original style, using an open collaborative development process. -DejaVu contains a lot of mathematical and other symbols, arrows, braille patterns, etc - -%prep -%autosetup -n %{name}-ttf-%{version} - -%build - -%install -mkdir -p %{buildroot}%{fontsdir}/fontconfig %{buildroot}%{ttfdir} -install -m 0755 fontconfig/* %{buildroot}%{fontsdir}/fontconfig/ -install -m 0755 ttf/* %{buildroot}%{ttfdir} -install -m 0755 status.txt unicover.txt LICENSE README.md %{buildroot}%{fontsdir} - -%clean -rm -fr %{buildroot} - -%files -%defattr(-,root,root) -%{fontsdir}/fontconfig/* -%{ttfdir}/* -%{fontsdir}/* - -%changelog -* Thu Jun 15 2023 Harinadh D 2.37-1 -- Initial release diff --git a/SPECS/device-mapper-multipath/device-mapper-multipath.spec b/SPECS/device-mapper-multipath/device-mapper-multipath.spec deleted file mode 100644 index 3321efcea5..0000000000 --- a/SPECS/device-mapper-multipath/device-mapper-multipath.spec +++ /dev/null @@ -1,134 +0,0 @@ -Summary: Provide tools to manage multipath devices -Name: device-mapper-multipath -Version: 0.9.4 -Release: 2%{?dist} -License: GPL+ -Group: System Environment/Base -Vendor: VMware, Inc. -URL: http://christophe.varoqui.free.fr -Distribution: Photon - -Source0: /~https://github.com/opensvc/multipath-tools/archive/refs/tags/multipath-tools-%{version}.tar.gz -%define sha512 multipath-tools=5e0dcea610fc215e345444c04453a38f39c73e493c2bc53f6b3a90cd701266aabdf7c4693dfc321099af836d0019bf27355e265ad5db5deff48f8bb94ed4719d - -BuildRequires: userspace-rcu-devel -BuildRequires: libaio-devel -BuildRequires: device-mapper-devel -BuildRequires: readline-devel -BuildRequires: ncurses-devel -BuildRequires: systemd-devel -BuildRequires: json-c-devel - -Requires: userspace-rcu -Requires: libaio -Requires: device-mapper -Requires: libselinux -Requires: libsepol -Requires: readline -Requires: ncurses -Requires: systemd -Requires: kpartx = %{version}-%{release} - -%description -Device-mapper-multipath provides tools to manage multipath devices by -instructing the device-mapper multipath kernel module what to do. - -%package -n kpartx -Summary: Partition device manager for device-mapper devices -Requires: device-mapper -%description -n kpartx -kpartx manages partition creation and removal for device-mapper devices. - -%package devel -Summary: Development libraries and headers for %{name} -Requires: %{name} = %{version}-%{release} -%description devel -It contains the libraries and header files to create applications - -%prep -%autosetup -p1 -n multipath-tools-%{version} - -%build -%make_build - -%install -%make_install %{?_smp_mflags} \ - SYSTEMDPATH=%{_libdir} \ - bindir=%{_sbindir} \ - LIB=/lib \ - pkgconfdir=%{_libdir}/pkgconfig \ - includedir=%{_includedir} \ - prefix=%{_prefix} - -install -vd %{buildroot}%{_sysconfdir}/multipath - -%clean -rm -rf %{buildroot} - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root,-) -%{_sbindir}/mpathpersist -%{_sbindir}/multipath -%{_sbindir}/multipathd -%{_sbindir}/multipathc -%{_udevrulesdir}/* -%{_unitdir}/* -%{_libdir}/*.so.* -%{_libdir}/multipath/* -%{_mandir}/man5/* -%{_mandir}/man8/* -%dir %{_sysconfdir}/multipath -%config(noreplace) %{_libdir}/modules-load.d/multipath.conf -%config(noreplace) %{_tmpfilesdir}/multipath.conf -%exclude %{_mandir}/man8/kpartx.8.gz - -%files devel -%defattr(-,root,root,-) -%{_libdir}/*.so -%{_mandir}/man3/* -%{_includedir}/* -%{_libdir}/pkgconfig/* - -%files -n kpartx -%defattr(-,root,root,-) -%{_sbindir}/kpartx -%{_libdir}/udev/kpartx_id -%{_mandir}/man8/kpartx.8.gz - -%changelog -* Fri Jun 09 2023 Nitesh Kumar 0.9.4-2 -- Bump version as a part of ncurses upgrade to v6.4 -* Mon Jan 02 2023 Gerrit Photon 0.9.4-1 -- Automatic Version Bump to version 0.9.4 -* Tue Dec 20 2022 Guruswamy Basavaiah 0.9.2-2 -- Bump release as a part of readline upgrade -* Tue Oct 11 2022 Shreenidhi Shedi 0.9.2-1 -- Upgrade to v0.9.2 -* Sun Sep 18 2022 Vamsi Krishna Brahmajosyula 0.9.0-1 -- Upgrade to version 0.9.0 -* Thu Apr 29 2021 Gerrit Photon 0.8.6-1 -- Automatic Version Bump -* Wed Oct 07 2020 Shreenidhi Shedi 0.8.4-1 -- Upgrade to version 0.8.4 -* Tue Aug 18 2020 Michelle Wang 0.8.3-2 -- Fix how to call json_object_object_get_ex in ./libdmmp/libdmmp_private.h -- due to json-c 0.15 update json_object_object_get_ex return value -* Wed Apr 08 2020 Susant Sahani 0.8.3-1 -- Update to 0.8.3 -* Thu Dec 06 2018 Srivatsa S. Bhat (VMware) 0.7.3-3 -- Make device-mapper a runtime dependency of kpartx. -* Wed Sep 26 2018 Anish Swaminathan 0.7.3-2 -- Remove rados dependency -* Wed Oct 04 2017 Dheeraj Shetty 0.7.3-1 -- Update to 0.7.3 -* Tue May 9 2017 Bo Gan 0.7.1-1 -- Update to 0.7.1 -* Fri Nov 18 2016 Anish Swaminathan 0.5.0-3 -- Change systemd dependency -* Tue May 24 2016 Priyesh Padmavilasom 0.5.0-2 -- GA - Bump release of all rpms -* Mon Jun 22 2015 Divya Thaluru 0.5.0-1 -- Initial build. First version diff --git a/SPECS/dhcp/dhclient-script b/SPECS/dhcp/dhclient-script deleted file mode 100644 index 5f58112997..0000000000 --- a/SPECS/dhcp/dhclient-script +++ /dev/null @@ -1,975 +0,0 @@ -#!/bin/bash -# -# dhclient-script: Network interface configuration script run by -# dhclient based on DHCP client communication -# -# Copyright (C) 2008-2014 Red Hat, Inc. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# Author(s): David Cantrell -# Jiri Popelka -# -# ---------- -# This script is a rewrite/reworking on dhclient-script originally -# included as part of dhcp-970306: -# dhclient-script for Linux. Dan Halbert, March, 1997. -# Updated for Linux 2.[12] by Brian J. Murrell, January 1999. -# Modified by David Cantrell for Fedora and RHEL -# ---------- -# - -PATH=/bin:/usr/bin:/sbin -# scripts in dhclient.d/ use $SAVEDIR (#833054) -export SAVEDIR=/var/lib/dhclient - -LOGFACILITY="local7" -LOGLEVEL="notice" - -ETCDIR="/etc/dhcp" - -RESOLVCONF="/etc/resolv.conf" - -logmessage() { - msg="${1}" - logger -p "${LOGFACILITY}.${LOGLEVEL}" -t "NET" "dhclient: ${msg}" -} - -eventually_add_hostnames_domain_to_search() { -# For the case when hostname for this machine has a domain that is not in domain_search list -# 1) get a hostname with `ipcalc --hostname` or `hostnamectl --transient` -# 2) get the domain from this hostname -# 3) add this domain to search line in resolv.conf if it's not already -# there (domain list that we have recently added there is a parameter of this function) -# We can't do this directly when generating resolv.conf in make_resolv_conf(), because -# we need to first save the resolv.conf with obtained values before we can call `ipcalc --hostname`. -# See bug 637763 - search="${1}" - if need_hostname; then - status=1 - OLD_HOSTNAME=$HOSTNAME - if [ -n "${new_ip_address}" ]; then - eval $(/usr/bin/ipcalc --silent --hostname "${new_ip_address}" ; echo "status=$?") - elif [ -n "${new_ip6_address}" ]; then - eval $(/usr/bin/ipcalc --silent --hostname "${new_ip6_address}" ; echo "status=$?") - fi - - if [ ${status} -eq 0 ]; then - domain=$(echo "${HOSTNAME}" | cut -s -d "." -f 2-) - fi - HOSTNAME=$OLD_HOSTNAME - else - domain=$(hostnamectl --transient 2>/dev/null | cut -s -d "." -f 2-) - fi - - if [ -n "${domain}" ] && - [ ! "${domain}" = "localdomain" ] && - [ ! "${domain}" = "localdomain6" ] && - [ ! "${domain}" = "(none)" ] && - [[ ! "${domain}" = *\ * ]]; then - is_in="false" - for s in ${search}; do - if [ "${s}" = "${domain}" ] || - [ "${s}" = "${domain}." ]; then - is_in="true" - fi - done - - if [ "${is_in}" = "false" ]; then - # Add domain name to search list (#637763) - sed -i -e "s/${search}/${search} ${domain}/" "${RESOLVCONF}" - fi - fi -} - -make_resolv_conf() { - [ "${PEERDNS}" = "no" ] && return - - if [ "${reason}" = "RENEW" ] && - [ "${new_domain_name}" = "${old_domain_name}" ] && - [ "${new_domain_name_servers}" = "${old_domain_name_servers}" ]; then - return - fi - - if [ -n "${new_domain_name}" ] || - [ -n "${new_domain_name_servers}" ] || - [ -n "${new_domain_search}" ]; then - rscf="$(mktemp "${TMPDIR:-/tmp}/XXXXXX")" - [[ -z "${rscf}" ]] && return - echo "; generated by /usr/sbin/dhclient-script" > "${rscf}" - - if [ -n "${SEARCH}" ]; then - search="${SEARCH}" - else - if [ -n "${new_domain_search}" ]; then - # Remove instaces of \032 (#450042) - search="${new_domain_search//\\032/ }" - elif [ -n "${new_domain_name}" ]; then - # Note that the DHCP 'Domain Name Option' is really just a domain - # name, and that this practice of using the domain name option as - # a search path is both nonstandard and deprecated. - search="${new_domain_name}" - fi - fi - - if [ -n "${search}" ]; then - echo "search ${search}" >> "${rscf}" - fi - - if [ -n "${RES_OPTIONS}" ]; then - echo "options ${RES_OPTIONS}" >> "${rscf}" - fi - - if [ -n "${new_domain_name_servers}" ]; then - for nameserver in ${new_domain_name_servers} ; do - echo "nameserver ${nameserver}" >> "${rscf}" - done - else # keep 'old' nameservers - sed -n /^\w*[Nn][Aa][Mm][Ee][Ss][Ee][Rr][Vv][Ee][Rr]/p "${RESOLVCONF}" >> "${rscf}" - fi - - change_resolv_conf "${rscf}" - rm -f "${rscf}" - - if [ -n "${search}" ]; then - eventually_add_hostnames_domain_to_search "${search}" - fi - elif [ -n "${new_dhcp6_name_servers}" ] || - [ -n "${new_dhcp6_domain_search}" ]; then - rscf="$(mktemp "${TMPDIR:-/tmp}/XXXXXX")" - [[ -z "${rscf}" ]] && return - echo "; generated by /usr/sbin/dhclient-script" > "${rscf}" - - if [ -n "${SEARCH}" ]; then - search="${SEARCH}" - else - if [ -n "${new_dhcp6_domain_search}" ]; then - search="${new_dhcp6_domain_search//\\032/ }" - fi - fi - - if [ -n "${search}" ]; then - echo "search ${search}" >> "${rscf}" - fi - - if [ -n "${RES_OPTIONS}" ]; then - echo "options ${RES_OPTIONS}" >> "${rscf}" - fi - - shopt -s nocasematch - if [ -n "${new_dhcp6_name_servers}" ]; then - for nameserver in ${new_dhcp6_name_servers} ; do - # If the nameserver has a link-local address - # add a (interface name) to it. - if [[ "$nameserver" =~ ^fe80:: ]] - then - zone_id="%${interface}" - else - zone_id= - fi - echo "nameserver ${nameserver}$zone_id" >> "${rscf}" - done - else # keep 'old' nameservers - sed -n /^\w*[Nn][Aa][Mm][Ee][Ss][Ee][Rr][Vv][Ee][Rr]/p "${RESOLVCONF}" >> "${rscf}" - fi - shopt -u nocasematch - - change_resolv_conf "${rscf}" - rm -f "${rscf}" - - if [ -n "${search}" ]; then - eventually_add_hostnames_domain_to_search "${search}" - fi - fi -} - -# run given script -run_hook() { - local script - local exit_status - script="${1}" - - if [ -f ${script} ]; then - . ${script} - fi - - if [ -n "${exit_status}" ] && [ "${exit_status}" -ne 0 ]; then - logmessage "${script} returned non-zero exit status ${exit_status}" - fi - - return ${exit_status} -} - -# run scripts in given directory -run_hookdir() { - local dir - dir="${1}" - - if [ -d "${dir}" ]; then - for script in $(find $dir -executable ! -empty); do - run_hook ${script} || return $? - done - fi - - return 0 -} - -exit_with_hooks() { - # Source the documented exit-hook script, if it exists - run_hook "${ETCDIR}/dhclient-exit-hooks" || exit $? - # Now run scripts in the hooks directory. - run_hookdir "${ETCDIR}/dhclient-exit-hooks.d" || exit $? - - exit ${1} -} - -quad2num() { - if [ $# -eq 4 ]; then - let n="${1} << 24 | ${2} << 16 | ${3} << 8 | ${4}" - echo "${n}" - return 0 - else - echo "0" - return 1 - fi -} - -ip2num() { - IFS='.' quad2num ${1} -} - -num2ip() { - let n="${1}" - let o1="(${n} >> 24) & 0xff" - let o2="(${n} >> 16) & 0xff" - let o3="(${n} >> 8) & 0xff" - let o4="${n} & 0xff" - echo "${o1}.${o2}.${o3}.${o4}" -} - -get_network_address() { -# get network address for the given IP address and (netmask or prefix) - ip="${1}" - nm="${2}" - - if [ -n "${ip}" -a -n "${nm}" ]; then - if [[ "${nm}" = *.* ]]; then - ipcalc -s -n "${ip}" "${nm}" | cut -d '=' -f 2 - else - ipcalc -s -n "${ip}/${nm}" | cut -d '=' -f 2 - fi - fi -} - -get_prefix() { -# get prefix for the given IP address and mask - ip="${1}" - nm="${2}" - - if [ -n "${ip}" -a -n "${nm}" ]; then - ipcalc -s -p "${ip}" "${nm}" | cut -d '=' -f 2 - fi -} - -class_bits() { - let ip=$(IFS='.' ip2num "${1}") - let bits=32 - let mask='255' - for ((i=0; i <= 3; i++, 'mask<<=8')); do - let v='ip&mask' - if [ "$v" -eq 0 ] ; then - let bits-=8 - else - break - fi - done - echo $bits -} - -is_router_reachable() { - # handle DHCP servers that give us a router not on our subnet - router="${1}" - routersubnet="$(get_network_address "${router}" "${new_subnet_mask}")" - mysubnet="$(get_network_address "${new_ip_address}" "${new_subnet_mask}")" - - if [ ! "${routersubnet}" = "${mysubnet}" ]; then - # TODO: This function should not have side effects such as adding or - # removing routes. Can this be done with "ip route get" or similar - # instead? Are there cases that rely on this route being created here? - ip -4 route replace "${router}/32" dev "${interface}" - if [ "$?" -ne 0 ]; then - logmessage "failed to create host route for ${router}" - return 1 - fi - fi - - return 0 -} - -add_default_gateway() { - router="${1}" - - if is_router_reachable "${router}" ; then - if [ $# -gt 1 ] && [ -n "${2}" ] && [[ "${2}" -gt 0 ]]; then - ip -4 route replace default via "${router}" dev "${interface}" metric "${2}" - else - ip -4 route replace default via "${router}" dev "${interface}" - fi - if [ $? -ne 0 ]; then - logmessage "failed to create default route: ${router} dev ${interface} ${metric}" - return 1 - else - return 0 - fi - fi - - return 1 -} - -execute_client_side_configuration_scripts() { -# execute any additional client side configuration scripts we have - if [ "${1}" == "config" ] || [ "${1}" == "restore" ]; then - for f in ${ETCDIR}/dhclient.d/*.sh ; do - if [ -x "${f}" ]; then - subsystem="${f%.sh}" - subsystem="${subsystem##*/}" - . "${f}" - "${subsystem}_${1}" - fi - done - fi -} - -flush_dev() { -# Instead of bringing the interface down (#574568) -# explicitly clear ARP cache and flush all addresses & routes. - ip -4 addr flush dev "${1}" >/dev/null 2>&1 - ip -4 route flush dev "${1}" >/dev/null 2>&1 - ip -4 neigh flush dev "${1}" >/dev/null 2>&1 -} - -remove_old_addr() { - if [ -n "${old_ip_address}" ]; then - if [ -n "${old_prefix}" ]; then - ip -4 addr del "${old_ip_address}/${old_prefix}" dev "${interface}" >/dev/null 2>&1 - else - ip -4 addr del "${old_ip_address}" dev "${interface}" >/dev/null 2>&1 - fi - fi -} - -dhconfig() { - if [ -n "${old_ip_address}" ] && [ -n "${alias_ip_address}" ] && - [ ! "${alias_ip_address}" = "${old_ip_address}" ]; then - # possible new alias, remove old alias first - ip -4 addr del "${old_ip_address}" dev "${interface}" label "${interface}:0" - fi - - if [ -n "${old_ip_address}" ] && - [ ! "${old_ip_address}" = "${new_ip_address}" ]; then - # IP address changed. Delete all routes, and clear the ARP cache. - flush_dev "${interface}" - fi - - # make sure the interface is up - ip link set dev "${interface}" up - - # replace = add if it doesn't exist or override (update lifetimes) if it's there - ip -4 addr replace "${new_ip_address}/${new_prefix}" broadcast "${new_broadcast_address}" dev "${interface}" \ - valid_lft "${new_dhcp_lease_time}" preferred_lft "${new_dhcp_lease_time}" >/dev/null 2>&1 - - if [ "${reason}" = "BOUND" ] || [ "${reason}" = "REBOOT" ] || - [ ! "${old_ip_address}" = "${new_ip_address}" ] || - [ ! "${old_subnet_mask}" = "${new_subnet_mask}" ] || - [ ! "${old_network_number}" = "${new_network_number}" ] || - [ ! "${old_broadcast_address}" = "${new_broadcast_address}" ] || - [ ! "${old_routers}" = "${new_routers}" ] || - [ ! "${old_interface_mtu}" = "${new_interface_mtu}" ]; then - - # The 576 MTU is only used for X.25 and dialup connections - # where the admin wants low latency. Such a low MTU can cause - # problems with UDP traffic, among other things. As such, - # disallow MTUs from 576 and below by default, so that broken - # MTUs are ignored, but higher stuff is allowed (1492, 1500, etc). - if [ -n "${new_interface_mtu}" ] && [ "${new_interface_mtu}" -gt 576 ]; then - ip link set dev "${interface}" mtu "${new_interface_mtu}" - fi - - # static routes - if [ -n "${new_classless_static_routes}" ] || - [ -n "${new_static_routes}" ]; then - if [ -n "${new_classless_static_routes}" ]; then - IFS=', |' static_routes=(${new_classless_static_routes}) - # If the DHCP server returns both a Classless Static Routes option and - # a Router option, the DHCP client MUST ignore the Router option. (RFC3442) - new_routers="" - else - IFS=', |' static_routes=(${new_static_routes}) - fi - route_targets=() - - for((i=0; i<${#static_routes[@]}; i+=2)); do - target=${static_routes[$i]} - if [ -n "${new_classless_static_routes}" ]; then - if [ "${target}" = "0" ]; then - new_routers="${static_routes[$i+1]}" - continue - else - prefix=${target%%.*} - target=${target#*.} - IFS="." target_arr=(${target}) - unset IFS - ((pads=4-${#target_arr[@]})) - for j in $(seq $pads); do - target="${target}.0" - done - - # Client MUST zero any bits in the subnet number where the corresponding bit in the mask is zero. - # In other words, the subnet number installed in the routing table is the logical AND of - # the subnet number and subnet mask given in the Classless Static Routes option. (RFC3442) - target="$(get_network_address "${target}" "${prefix}")" - fi - else - prefix=$(class_bits "${target}") - fi - gateway=${static_routes[$i+1]} - - # special case 0.0.0.0 to allow static routing for link-local addresses - # (including IPv4 multicast) which will not have a next-hop (#769463, #787318) - if [ "${gateway}" = "0.0.0.0" ]; then - valid_gateway=0 - scope='scope link' - else - is_router_reachable "${gateway}" - valid_gateway=$? - scope='' - fi - if [ "${valid_gateway}" -eq 0 ]; then - metric='' - for t in "${route_targets[@]}"; do - if [ "${t}" = "${target}" ]; then - if [ -z "${metric}" ]; then - metric=1 - else - ((metric=metric+1)) - fi - fi - done - - if [ -n "${metric}" ]; then - metric="metric ${metric}" - fi - - ip -4 route replace "${target}/${prefix}" proto static via "${gateway}" dev "${interface}" ${metric} ${scope} - - if [ $? -ne 0 ]; then - logmessage "failed to create static route: ${target}/${prefix} via ${gateway} dev ${interface} ${metric}" - else - route_targets=(${route_targets[@]} ${target}) - fi - fi - done - fi - - # gateways - if [[ ( "${DEFROUTE}" != "no" ) && - (( -z "${GATEWAYDEV}" ) || ( "${GATEWAYDEV}" = "${interface}" )) ]]; then - if [[ ( -z "${GATEWAY}" ) || - (( -n "${DHCLIENT_IGNORE_GATEWAY}" ) && ( "${DHCLIENT_IGNORE_GATEWAY}" = [Yy]* )) ]]; then - metric="${METRIC:-}" - let i="${METRIC:-0}" - default_routers=() - - for router in ${new_routers} ; do - added_router=- - - for r in "${default_routers[@]}" ; do - if [ "${r}" = "${router}" ]; then - added_router=1 - fi - done - - if [ -z "${router}" ] || - [ "${added_router}" = "1" ] || - [ "$(IFS='.' ip2num ${router})" -le 0 ] || - [[ ( "${router}" = "${new_broadcast_address}" ) && - ( "${new_subnet_mask}" != "255.255.255.255" ) ]]; then - continue - fi - - default_routers=(${default_routers[@]} ${router}) - add_default_gateway "${router}" "${metric}" - let i=i+1 - metric=${i} - done - elif [ -n "${GATEWAY}" ]; then - routersubnet=$(get_network_address "${GATEWAY}" "${new_subnet_mask}") - mysubnet=$(get_network_address "${new_ip_address}" "${new_subnet_mask}") - - if [ "${routersubnet}" = "${mysubnet}" ]; then - ip -4 route replace default via "${GATEWAY}" dev "${interface}" - fi - fi - fi - fi - - if [ ! "${new_ip_address}" = "${alias_ip_address}" ] && - [ -n "${alias_ip_address}" ]; then - # Reset the alias address (fix: this should really only do this on changes) - ip -4 addr flush dev "${interface}" label "${interface}:0" >/dev/null 2>&1 - ip -4 addr replace "${alias_ip_address}/${alias_prefix}" broadcast "${alias_broadcast_address}" dev "${interface}" label "${interface}:0" - ip -4 route replace "${alias_ip_address}/32" dev "${interface}" - fi - - # After dhclient brings an interface UP with a new IP address, subnet mask, - # and routes, in the REBOOT/BOUND states -> search for "dhclient-up-hooks". - if [ "${reason}" = "BOUND" ] || [ "${reason}" = "REBOOT" ] || - [ ! "${old_ip_address}" = "${new_ip_address}" ] || - [ ! "${old_subnet_mask}" = "${new_subnet_mask}" ] || - [ ! "${old_network_number}" = "${new_network_number}" ] || - [ ! "${old_broadcast_address}" = "${new_broadcast_address}" ] || - [ ! "${old_routers}" = "${new_routers}" ] || - [ ! "${old_interface_mtu}" = "${new_interface_mtu}" ]; then - - if [ -x "${ETCDIR}/dhclient-${interface}-up-hooks" ]; then - . "${ETCDIR}/dhclient-${interface}-up-hooks" - elif [ -x ${ETCDIR}/dhclient-up-hooks ]; then - . ${ETCDIR}/dhclient-up-hooks - fi - fi - - make_resolv_conf - - if [ -n "${new_host_name}" ] && need_hostname; then - hostnamectl set-hostname --transient --no-ask-password "${new_host_name}" - fi - - if [[ ( "${DHCP_TIME_OFFSET_SETS_TIMEZONE}" = [yY1]* ) && - ( -n "${new_time_offset}" ) ]]; then - # DHCP option "time-offset" is requested by default and should be - # handled. The geographical zone abbreviation cannot be determined - # from the GMT offset, but the $ZONEINFO/Etc/GMT$offset file can be - # used - note: this disables DST. - ((z=new_time_offset/3600)) - ((hoursWest=$(printf '%+d' $z))) - - if (( $hoursWest < 0 )); then - # tzdata treats negative 'hours west' as positive 'gmtoff'! - ((hoursWest*=-1)) - fi - - tzfile=/usr/share/zoneinfo/Etc/GMT$(printf '%+d' ${hoursWest}) - if [ -e "${tzfile}" ]; then - cp -fp "${tzfile}" /etc/localtime - touch /etc/localtime - fi - fi - - execute_client_side_configuration_scripts "config" -} - -wait_for_link_local() { - # we need a link-local address to be ready (not tentative) - for i in $(seq 50); do - linklocal=$(ip -6 addr show dev "${interface}" scope link) - # tentative flag means DAD is still not complete - tentative=$(echo "${linklocal}" | grep tentative) - [[ -n "${linklocal}" && -z "${tentative}" ]] && exit_with_hooks 0 - sleep 0.1 - done -} - -# Section 18.1.8. (Receipt of Reply Messages) of RFC 3315 says: -# The client SHOULD perform duplicate address detection on each of -# the addresses in any IAs it receives in the Reply message before -# using that address for traffic. -add_ipv6_addr_with_DAD() { - ip -6 addr replace "${new_ip6_address}/${new_ip6_prefixlen}" \ - dev "${interface}" scope global valid_lft "${new_max_life}" \ - preferred_lft "${new_preferred_life}" - - # repeatedly test whether newly added address passed - # duplicate address detection (DAD) - for i in $(seq 5); do - sleep 1 # give the DAD some time - - addr=$(ip -6 addr show dev "${interface}" \ - | grep "${new_ip6_address}/${new_ip6_prefixlen}") - - # tentative flag == DAD is still not complete - tentative=$(echo "${addr}" | grep tentative) - # dadfailed flag == address is already in use somewhere else - dadfailed=$(echo "${addr}" | grep dadfailed) - - if [ -n "${dadfailed}" ] ; then - # address was added with valid_lft/preferred_lft 'forever', remove it - ip -6 addr del "${new_ip6_address}/${new_ip6_prefixlen}" dev "${interface}" - exit_with_hooks 3 - fi - if [ -z "${tentative}" ] ; then - if [ -n "${addr}" ]; then - # DAD is over - return 0 - else - # address was auto-removed (or not added at all) - exit_with_hooks 3 - fi - fi - done - return 0 -} - -dh6config() { - if [ -n "${old_ip6_prefix}" ] || - [ -n "${new_ip6_prefix}" ]; then - echo "Prefix ${reason} old=${old_ip6_prefix} new=${new_ip6_prefix}" - exit_with_hooks 0 - fi - - case "${reason}" in - BOUND6) - if [ -z "${new_ip6_address}" ] || - [ -z "${new_ip6_prefixlen}" ]; then - exit_with_hooks 2 - fi - - add_ipv6_addr_with_DAD - - make_resolv_conf - ;; - - RENEW6|REBIND6) - if [[ -n "${new_ip6_address}" ]] && - [[ -n "${new_ip6_prefixlen}" ]]; then - if [[ ! "${new_ip6_address}" = "${old_ip6_address}" ]]; then - [[ -n "${old_ip6_address}" ]] && ip -6 addr del "${old_ip6_address}" dev "${interface}" - fi - # call it even if new_ip6_address = old_ip6_address to update lifetimes - add_ipv6_addr_with_DAD - fi - - if [ ! "${new_dhcp6_name_servers}" = "${old_dhcp6_name_servers}" ] || - [ ! "${new_dhcp6_domain_search}" = "${old_dhcp6_domain_search}" ]; then - make_resolv_conf - fi - ;; - - DEPREF6) - if [ -z "${new_ip6_prefixlen}" ]; then - exit_with_hooks 2 - fi - - ip -6 addr change "${new_ip6_address}/${new_ip6_prefixlen}" \ - dev "${interface}" scope global preferred_lft 0 - ;; - esac - - execute_client_side_configuration_scripts "config" -} - -# Functions from /etc/sysconfig/network-scripts/network-functions - -need_hostname () -{ - CHECK_HOSTNAME=$(hostnamectl --transient) - if [[ "${CHECK_HOSTNAME}" = "(none)" ]] || - [[ "${CHECK_HOSTNAME}" = "localhost" ]] || - [[ "${CHECK_HOSTNAME}" = "localhost.localdomain" ]]; then - return 0 - else - return 1 - fi -} - -# Takes one argument - temporary resolv.conf file -change_resolv_conf () -{ - options=$(grep '^[\ \ ]*option' "${RESOLVCONF}" 2>/dev/null); - if [[ -n "${options}" ]]; then - # merge options from existing resolv.conf with specified resolv.conf content - newres="${options}"$'\n'$(grep -vF "${options}" "${1}"); - else - newres=$(cat "${1}"); - fi; - - eval $(echo "${newres}" > "${RESOLVCONF}"; echo "status=$?") - if [[ $status -eq 0 ]]; then - logger -p local7.notice -t "NET" -i "${0} : updated ${RESOLVCONF}"; - [[ -e /var/run/nscd/socket ]] && /usr/sbin/nscd -i hosts; # invalidate cache - fi; - return $status; -} - -get_config_by_name () -{ - LANG=C grep -E -i -l \ - "^[[:space:]]*NAME=\"(Auto |System )?${1}\"" \ - /etc/sysconfig/network-scripts/ifcfg-* \ - | LC_ALL=C sed -e "$__sed_discard_ignored_files" -} - -get_hwaddr () -{ - if [ -f /sys/class/net/${1}/address ]; then - awk '{ print toupper($0) }' < /sys/class/net/${1}/address - elif [ -d "/sys/class/net/${1}" ]; then - LC_ALL= LANG= ip -o link show ${1} 2>/dev/null | \ - awk '{ print toupper(gensub(/.*link\/[^ ]* ([[:alnum:]:]*).*/, - "\\1", 1)); }' - fi -} - -validate_resolv_conf() -{ - # It's possible to have broken symbolic link $RESOLVCONF -> - # https://bugzilla.redhat.com/1475279 - # Remove broken link and hope NM will survive - if [ -h "${RESOLVCONF}" -a ! -e "${RESOLVCONF}" ]; - then - logmessage "${RESOLVCONF} is broken symlink. Recreating..." - unlink "${RESOLVCONF}" - touch "${RESOLVCONF}" - fi; -} - - -get_config_by_hwaddr () -{ - LANG=C grep -il "^[[:space:]]*HWADDR=\"\?${1}\"\?\([[:space:]#]\|$\)" /etc/sysconfig/network-scripts/ifcfg-* \ - | LC_ALL=C sed -e "$__sed_discard_ignored_files" -} - -get_config_by_device () -{ - LANG=C grep -l "^[[:space:]]*DEVICE=\"\?${1}\"\?\([[:space:]#]\|$\)" \ - /etc/sysconfig/network-scripts/ifcfg-* \ - | LC_ALL=C sed -e "$__sed_discard_ignored_files" -} - -need_config () -{ - # A sed expression to filter out the files that is_ignored_file recognizes - __sed_discard_ignored_files='/\(~\|\.bak\|\.orig\|\.rpmnew\|\.rpmorig\|\.rpmsave\)$/d' - - local nconfig - - CONFIG="ifcfg-${1}" - [ -f "${CONFIG}" ] && return - CONFIG="${1##*/}" - [ -f "${CONFIG}" ] && return - nconfig=$(get_config_by_name "${1}") - if [ -n "$nconfig" ] && [ -f "$nconfig" ]; then - CONFIG=${nconfig##*/} - return - fi - local addr=$(get_hwaddr ${1}) - if [ -n "$addr" ]; then - nconfig=$(get_config_by_hwaddr ${addr}) - if [ -n "$nconfig" ] ; then - CONFIG=${nconfig##*/} - [ -f "${CONFIG}" ] && return - fi - fi - nconfig=$(get_config_by_device ${1}) - if [ -n "$nconfig" ] && [ -f "$nconfig" ]; then - CONFIG=${nconfig##*/} - return - fi -} - -# We need this because of PEERDNS -source_config () -{ - CONFIG=${CONFIG##*/} - . /etc/sysconfig/network-scripts/$CONFIG -} - -# -# ### MAIN -# - -# Invoke the local dhcp client enter hooks, if they exist. -run_hook "${ETCDIR}/dhclient-enter-hooks" || exit $? -run_hookdir "${ETCDIR}/dhclient-enter-hooks.d" || exit $? - -[ "${PEERDNS}" = "no" ] || validate_resolv_conf - -if [ -f /etc/sysconfig/network ]; then - . /etc/sysconfig/network -fi - -if [ -f /etc/sysconfig/networking/network ]; then - . /etc/sysconfig/networking/network -fi - -## it's possible initscripts package is not installed -## for example in container. Don't flood stderr then -if [ -d /etc/sysconfig/network-scripts ]; then - cd /etc/sysconfig/network-scripts - CONFIG="${interface}" - need_config "${CONFIG}" - source_config >/dev/null 2>&1 -fi; - -# In case there's some delay in rebinding, it might happen, that the valid_lft drops to 0, -# address is removed by kernel and then re-added few seconds later by dhclient-script. -# With this work-around the address lives a minute longer. -# "4294967235" = infinite (forever) - 60 -[[ "${new_dhcp_lease_time}" -lt "4294967235" ]] && new_dhcp_lease_time=$((new_dhcp_lease_time + 60)) -[[ "${new_max_life}" -lt "4294967235" ]] && new_max_life=$((new_max_life + 60)) - -new_prefix="$(get_prefix "${new_ip_address}" "${new_subnet_mask}")" -old_prefix="$(get_prefix "${old_ip_address}" "${old_subnet_mask}")" -alias_prefix="$(get_prefix "${alias_ip_address}" "${alias_subnet_mask}")" - -case "${reason}" in - MEDIUM|ARPCHECK|ARPSEND) - # Do nothing - exit_with_hooks 0 - ;; - - PREINIT) - if [ -n "${alias_ip_address}" ]; then - # Flush alias, its routes will disappear too. - ip -4 addr flush dev "${interface}" label "${interface}:0" >/dev/null 2>&1 - fi - - # upstream dhclient-script removes (ifconfig $interface 0 up) old adresses in PREINIT, - # but we sometimes (#125298) need (for iSCSI/nfs root to have a dhcp interface) to keep the existing ip - # flush_dev ${interface} - ip link set dev "${interface}" up - if [ -n "${DHCLIENT_DELAY}" ] && [ "${DHCLIENT_DELAY}" -gt 0 ]; then - # We need to give the kernel some time to get the interface up. - sleep "${DHCLIENT_DELAY}" - fi - - exit_with_hooks 0 - ;; - - PREINIT6) - # ensure interface is up - ip link set dev "${interface}" up - - # Removing stale addresses from aborted clients shouldn't be needed - # since we've been adding addresses with lifetimes. - # Which means that kernel eventually removes them automatically. - # ip -6 addr flush dev "${interface}" scope global permanent - - wait_for_link_local - - exit_with_hooks 0 - ;; - - BOUND|RENEW|REBIND|REBOOT) - if [ -z "${interface}" ] || [ -z "${new_ip_address}" ]; then - exit_with_hooks 2 - fi - if arping -D -q -c2 -I "${interface}" "${new_ip_address}"; then - dhconfig - exit_with_hooks 0 - else # DAD failed, i.e. address is already in use - ARP_REPLY=$(arping -D -c2 -I "${interface}" "${new_ip_address}" | grep reply | awk '{print toupper($5)}' | cut -d "[" -f2 | cut -d "]" -f1) - OUR_MACS=$(ip link show | grep link | awk '{print toupper($2)}' | uniq) - if [[ "${OUR_MACS}" = *"${ARP_REPLY}"* ]]; then - # the reply can come from our system, that's OK (#1116004#c33) - dhconfig - exit_with_hooks 0 - else - exit_with_hooks 1 - fi - fi - ;; - - BOUND6|RENEW6|REBIND6|DEPREF6) - dh6config - exit_with_hooks 0 - ;; - - EXPIRE6|RELEASE6|STOP6) - if [ -z "${old_ip6_address}" ] || [ -z "${old_ip6_prefixlen}" ]; then - exit_with_hooks 2 - fi - - ip -6 addr del "${old_ip6_address}/${old_ip6_prefixlen}" \ - dev "${interface}" - - execute_client_side_configuration_scripts "restore" - - if [ -x "${ETCDIR}/dhclient-${interface}-down-hooks" ]; then - . "${ETCDIR}/dhclient-${interface}-down-hooks" - elif [ -x ${ETCDIR}/dhclient-down-hooks ]; then - . ${ETCDIR}/dhclient-down-hooks - fi - - exit_with_hooks 0 - ;; - - EXPIRE|FAIL|RELEASE|STOP) - execute_client_side_configuration_scripts "restore" - - if [ -x "${ETCDIR}/dhclient-${interface}-down-hooks" ]; then - . "${ETCDIR}/dhclient-${interface}-down-hooks" - elif [ -x ${ETCDIR}/dhclient-down-hooks ]; then - . ${ETCDIR}/dhclient-down-hooks - fi - - if [ -n "${alias_ip_address}" ]; then - # Flush alias - ip -4 addr flush dev "${interface}" label "${interface}:0" >/dev/null 2>&1 - fi - - # upstream script sets interface down here, - # we only remove old ip address - #flush_dev ${interface} - remove_old_addr - - if [ -n "${alias_ip_address}" ]; then - ip -4 addr replace "${alias_ip_address}/${alias_prefix}" broadcast "${alias_broadcast_address}" dev "${interface}" label "${interface}:0" - ip -4 route replace "${alias_ip_address}/32" dev "${interface}" - fi - - exit_with_hooks 0 - ;; - - TIMEOUT) - if [ -n "${new_routers}" ]; then - if [ -n "${alias_ip_address}" ]; then - ip -4 addr flush dev "${interface}" label "${interface}:0" >/dev/null 2>&1 - fi - - ip -4 addr replace "${new_ip_address}/${new_prefix}" \ - broadcast "${new_broadcast_address}" dev "${interface}" \ - valid_lft "${new_dhcp_lease_time}" preferred_lft "${new_dhcp_lease_time}" - set ${new_routers} - - if ping -q -c 1 -w 10 -I "${interface}" "${1}"; then - dhconfig - exit_with_hooks 0 - fi - - #flush_dev ${interface} - remove_old_addr - exit_with_hooks 1 - else - exit_with_hooks 1 - fi - ;; - - *) - logmessage "unhandled state: ${reason}" - exit_with_hooks 1 - ;; -esac - -exit_with_hooks 0 diff --git a/SPECS/dhcp/dhclient.conf b/SPECS/dhcp/dhclient.conf deleted file mode 100644 index 586d822108..0000000000 --- a/SPECS/dhcp/dhclient.conf +++ /dev/null @@ -1,15 +0,0 @@ -# Begin /etc/dhcp/dhclient.conf -# -# Basic dhclient.conf(5) - -#prepend domain-name-servers 127.0.0.1; -request subnet-mask, broadcast-address, time-offset, routers, - domain-name, domain-name-servers, domain-search, host-name, - netbios-name-servers, netbios-scope, interface-mtu, - ntp-servers; -require subnet-mask, domain-name-servers; -#timeout 60; -#retry 60; -#reboot 10; -#select-timeout 5; -#initial-interval 2; diff --git a/SPECS/dhcp/dhcp.service b/SPECS/dhcp/dhcp.service deleted file mode 100644 index 1daf8516e9..0000000000 --- a/SPECS/dhcp/dhcp.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=ISC DHCP Server -Documentation=man:dhcpd(8) man:dhcpd.conf(5) -After=network.target - -[Service] -EnvironmentFile=/etc/default/dhcpd -ExecStart=/usr/sbin/dhcpd -f --no-pid $DHCPD_OPTS - -[Install] -WantedBy=multi-user.target diff --git a/SPECS/dhcp/dhcp.spec b/SPECS/dhcp/dhcp.spec deleted file mode 100644 index e9aee1c955..0000000000 --- a/SPECS/dhcp/dhcp.spec +++ /dev/null @@ -1,201 +0,0 @@ -Summary: Dynamic host configuration protocol -Name: dhcp -Version: 4.4.3 -Release: 2%{?dist} -License: ISC -Url: https://www.isc.org/dhcp -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://ftp.isc.org/isc/dhcp/%{version}/%{name}-%{version}.tar.gz -%define sha512 %{name}=4472d6794af80b482560956cee6895889cc1aca39980f851faf56824627e95731f2983cf7c7454bc3decb0a12c874fcbd29bd6c5a9695412def6bc14c6df17e0 - -Source1: dhclient-script -Source2: dhclient.conf -Source3: %{name}.service -Source4: dhcrelay.service - -BuildRequires: systemd-devel - -%description -The ISC DHCP package contains both the client and server programs for DHCP. -dhclient (the client) is used for connecting to a network which uses DHCP to -assign network addresses. dhcpd (the server) is used for assigning network -addresses on private networks. - -%package libs -Summary: Libraries for dhcp - -%description libs -Libraries for the dhcp. - -%package devel -Summary: Development Libraries and header files for dhcp -Requires: %{name}-libs = %{version}-%{release} - -%description devel -Headers and libraries for the dhcp. - -%package server -Summary: Provides the ISC DHCP server -Requires: %{name}-libs = %{version}-%{release} - -%description server -dhcpd is the name of a program that operates as a daemon on a server to -provide Dynamic Host Configuration Protocol (DHCP) service to a network. -Clients may solicit an IP address (IP) from a DHCP server when they need one - -%package client -Summary: Provides the ISC DHCP client daemon and dhclient-script -Requires: %{name}-libs = %{version}-%{release} -Requires: ipcalc -Requires: iputils -Provides: dhclient = %{version}-%{release} - -%description client -The ISC DHCP Client, dhclient, provides a means for configuring one or -more network interfaces using the Dynamic Host Configuration Protocol, -BOOTP protocol, or if these protocols fail, by statically assigning an address. - -%prep -%autosetup -p1 - -%build -autoreconf -vif - -export CFLAGS="-D_PATH_DHCLIENT_SCRIPT='\"/sbin/dhclient-script\"' \ - -D_PATH_DHCPD_CONF='\"/etc/%{name}/dhcpd.conf\"' \ - -D_PATH_DHCLIENT_CONF='\"/etc/%{name}/dhclient.conf\"'" - -%configure \ - --with-srv-lease-file=%{_sharedstatedir}/dhcpd/dhcpd.leases \ - --with-srv6-lease-file=%{_sharedstatedir}/dhcpd/dhcpd6.leases \ - --with-cli-lease-file=%{_sharedstatedir}/dhclient/dhclient.leases \ - --with-cli6-lease-file=%{_sharedstatedir}/dhclient/dhclient6.leases \ - --with-srv-pid-file=/run/dhcpd.pid \ - --with-srv6-pid-file=/run/dhcpd6.pid \ - --with-cli-pid-file=/run/dhclient.pid \ - --with-cli6-pid-file=/run/dhclient6.pid \ - --with-relay-pid-file=/run/dhcrelay.pid \ - --enable-log-pid \ - --enable-paranoia \ - --enable-early-chroot \ - --enable-binary-leases \ - --with-systemd - -%make_build - -%install -%make_install %{?_smp_mflags} -install -D -p -m 0755 %{SOURCE1} %{buildroot}%{_sbindir}/dhclient-script - -mkdir -p %{buildroot}%{_sysconfdir}/%{name} \ - %{buildroot}%{_unitdir} \ - %{buildroot}%{_sysconfdir}/%{name} \ - %{buildroot}%{_sharedstatedir}/dhcpd/ \ - %{buildroot}%{_sharedstatedir}/dhclient/ - -install -D -p -m 0755 %{SOURCE2} %{buildroot}%{_sysconfdir}/%{name}/ - -install -D -p -m 0755 %{SOURCE3} %{buildroot}%{_unitdir}/ -install -D -p -m 0755 %{SOURCE4} %{buildroot}%{_unitdir}/ - -install -v -dm 755 %{buildroot}%{_sharedstatedir}/dhclient -install -v -dm 755 %{buildroot}%{_sysconfdir}/default - -cat > %{buildroot}%{_sysconfdir}/default/dhcpd << "EOF" -DHCPD_OPTS= -EOF - -touch %{buildroot}%{_sysconfdir}/%{name}/{dhcpd.conf,dhcpd6.conf} - -touch %{buildroot}%{_sharedstatedir}/dhcpd/{dhcpd.leases,dhcpd6.leases} - -rm -f %{buildroot}%{_sysconfdir}/dhclient.conf.example \ - %{buildroot}%{_sysconfdir}/dhcpd.conf.example \ - %{buildroot}%{_libdir}/*.a - -%ldconfig_scriptlets - -%files -%defattr(-,root,root) - -%files libs -%defattr(-,root,root) - -%files devel -%defattr(-,root,root) -%{_includedir}/dhcpctl/dhcpctl.h -%{_includedir}/omapip/*.h - -%files server -%defattr(-,root,root) -%dir %{_sysconfdir}/%{name} -%dir %{_sharedstatedir}/dhcpd -%config(noreplace) %{_sysconfdir}/default/dhcpd -%config(noreplace) %{_sysconfdir}/%{name}/dhcpd.conf -%config(noreplace) %{_sysconfdir}/%{name}/dhcpd6.conf -%config(noreplace) %{_sharedstatedir}/dhcpd/dhcpd.leases -%config(noreplace) %{_sharedstatedir}/dhcpd/dhcpd6.leases -%{_bindir}/omshell -%{_sbindir}/dhcpd -%{_sbindir}/dhcrelay -%{_mandir}/man1/* -%{_mandir}/man3/* -%{_mandir}/man5/%{name}-eval.5.gz -%{_mandir}/man5/%{name}-options.5.gz -%{_mandir}/man5/dhcpd.conf.5.gz -%{_mandir}/man5/dhcpd.leases.5.gz -%{_mandir}/man8/dhcpd.8.gz -%{_mandir}/man8/dhcrelay.8.gz -%{_unitdir}/%{name}.service -%{_unitdir}/dhcrelay.service - -%files client -%defattr(-,root,root) -%dir %{_sysconfdir}/%{name} -%config(noreplace) %{_sysconfdir}/%{name}/dhclient.conf -%{_sbindir}/dhclient -%{_sbindir}/dhclient-script -%dir %{_sharedstatedir}/dhclient -%{_mandir}/man5/dhclient.conf.5.gz -%{_mandir}/man5/dhclient.leases.5.gz -%{_mandir}/man8/dhclient-script.8.gz -%{_mandir}/man8/dhclient.8.gz - -%changelog -* Thu Sep 07 2023 Shreenidhi Shedi 4.4.3-2 -- fix spec issues -* Tue Aug 30 2022 Susant Sahani 4.4.3-1 -- Version bump -* Tue Nov 02 2021 Susant Sahani 4.4.2-5 -- Add unit file dhcrelay.service -* Tue Aug 24 2021 Susant Sahani 4.4.2-4 -- Fix dhclient script -* Tue May 25 2021 Dweep Advani 4.4.2-3 -- Patched for CVE-2021-25217 -* Thu Jan 14 2021 Alexey Makhalov 4.4.2-2 -- GCC-10 support. -* Wed Jul 22 2020 Gerrit Photon 4.4.2-1 -- Automatic Version Bump -* Thu Sep 19 2019 Keerthana K 4.3.5-5 -- Fix dhcpd fails with "Unable to set up timer: out of range" -* Wed Jul 05 2017 Chang Lee 4.3.5-4 -- Commented out %check due to missing support of ATF. -* Thu Apr 20 2017 Divya Thaluru 4.3.5-3 -- Added default dhcp configuration and lease files -* Wed Dec 7 2016 Divya Thaluru 4.3.5-2 -- Added configuration file for dhcp service -* Mon Nov 14 2016 Harish Udaiya Kumar 4.3.5-1 -- Upgraded to version 4.3.5. -* Wed Oct 05 2016 ChangLee 4.3.3-4 -- Modified %check -* Tue May 24 2016 Priyesh Padmavilasom 4.3.3-3 -- GA - Bump release of all rpms -* Wed Mar 30 2016 Anish Swaminathan 4.3.3-2 -- Add patch for CVE-2016-2774 -* Fri Jan 22 2016 Xiaolin Li 4.3.3-1 -- Updated to version 4.3.3 -* Wed Jul 15 2015 Divya Thaluru 4.3.2-1 -- Initial build. diff --git a/SPECS/dhcp/dhcrelay.service b/SPECS/dhcp/dhcrelay.service deleted file mode 100644 index 67389cc07d..0000000000 --- a/SPECS/dhcp/dhcrelay.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=DHCP Relay Agent Daemon -Documentation=man:dhcrelay(8) -Wants=network-online.target -After=network-online.target - -[Service] -Type=notify -ExecStart=/usr/sbin/dhcrelay -d --no-pid - -[Install] -WantedBy=multi-user.target diff --git a/SPECS/dialog/dialog.spec b/SPECS/dialog/dialog.spec deleted file mode 100644 index 8b2a059c6e..0000000000 --- a/SPECS/dialog/dialog.spec +++ /dev/null @@ -1,106 +0,0 @@ -%global dialogsubversion 20220728 - -Summary: A utility for creating TTY dialog boxes -Name: dialog -Version: 1.3 -Release: 9.20220728%{?dist} -License: LGPLv2 -URL: http://invisible-island.net/dialog/dialog.html -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://invisible-mirror.net/archives/dialog/%{name}-%{version}-%{dialogsubversion}.tgz -%define sha512 %{name}=dddceaf00bfec4b53f2cf67e51d4c54841d9db337536657c21bc8f324a0eb9c6d621f00e09bfb741bd263f171dde38cfea87568f86daf04a9e88575a0ed61218 - -BuildRequires: ncurses-devel -BuildRequires: gettext-devel -BuildRequires: findutils -BuildRequires: libtool - -%description -Dialog is a utility that allows you to show dialog boxes (containing -questions or messages) in TTY (text mode) interfaces. Dialog is called -from within a shell script. The following dialog boxes are implemented: -yes/no, menu, input, message, text, info, checklist, radiolist, and -gauge. - -Install dialog if you would like to create TTY dialog boxes. - -%package devel -Summary: Development files for building applications with the dialog library -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} -Requires: ncurses-devel - -%description devel -Dialog is a utility that allows you to show dialog boxes (containing -questions or messages) in TTY (text mode) interfaces. This package -contains the files needed for developing applications, which use the -dialog library. - -%prep -%autosetup -p1 -n %{name}-%{version}-%{dialogsubversion} - -%build -%configure \ - --enable-nls \ - --with-libtool \ - --with-ncursesw - -%make_build - -%install -# prepare packaged samples -rm -rf _samples -mkdir _samples -cp -a samples _samples -rm -rf _samples/samples/install -find _samples -type f -print0 | xargs -0 chmod a-x -%make_install %{?_smp_mflags} - -# configure incorrectly use '-m 644' for library, fix it -chmod +x %{buildroot}%{_libdir}/* -rm -rf %{buildroot}%{_libdir}/.libs - -%find_lang %{name} - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -f %{name}.lang -%defattr(-,root,root,0755) -%doc COPYING dialog.lsm README _samples/samples -%{_bindir}/dialog -%{_libdir}/libdialog.so.* -%{_mandir}/man1/dialog.* - -%files devel -%defattr(-,root,root,0755) -%{_bindir}/dialog-config -%{_includedir}/*.h -%{_libdir}/libdialog.so -%exclude %{_libdir}/libdialog.a -%{_mandir}/man3/dialog.* - -%changelog -* Fri Jun 09 2023 Nitesh Kumar 1.3-9.20220728 -- Bump version as a part of ncurses upgrade to v6.4 -* Sat Jan 14 2023 Ashwin Dayanand Kamat 1.3-8.20220728 -- Bump version as a part of gettext upgrade -* Mon Oct 10 2022 Ashwin Dayanand Kamat 1.3-7.20220728 -- Update to 20220728 -* Sun Aug 07 2022 Shreenidhi Shedi 1.3-7.20220526 -- Remove .la files -* Wed Jun 01 2022 Gerrit Photon 1.3-6.20220526 -- Automatic Version Bump -* Fri Aug 28 2020 Michelle Wang 1.3-5.20200327 -- Update to 20200327 -* Mon Jan 28 2019 Bo Gan 1.3-4.20180621 -- Fix library permission. -* Wed Sep 19 2018 Bo Gan 1.3-3.20180621 -- Update to 20180621 -* Wed Apr 19 2017 Bo Gan 1.3-2.20170131 -- update to 20170131 -* Mon May 30 2016 Nick Shi 1.3-1.20160209 -- Initial version diff --git a/SPECS/diffutils/diffutils.spec b/SPECS/diffutils/diffutils.spec deleted file mode 100644 index b9520c8e5f..0000000000 --- a/SPECS/diffutils/diffutils.spec +++ /dev/null @@ -1,68 +0,0 @@ -Summary: Programs that show the differences between files or directories -Name: diffutils -Version: 3.8 -Release: 2%{?dist} -License: GPLv3+ -URL: http://www.gnu.org/software/diffutils -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnu.org/gnu/diffutils/%{name}-%{version}.tar.xz -%define sha512 %{name}=279441270987e70d5ecfaf84b6285a4866929c43ec877e50f154a788858d548a8a316f2fc26ad62f7348c8d289cb29a09d06dfadce1806e3d8b4ea88c8b1aa7c - -BuildRequires: (coreutils or coreutils-selinux) - -Conflicts: toybox < 0.8.2-2 - -%description -The Diffutils package contains programs that show the differences between files or directories. - -%prep -%autosetup -p1 -sed -i 's:= @mkdir_p@:= /bin/mkdir -p:' po/Makefile.in.in - -%build -%configure --disable-silent-rules -%make_build - -%install -%make_install %{?_smp_mflags} -rm -rf %{buildroot}%{_infodir} - -%find_lang %{name} - -%if 0%{?with_check} -%check -sed -i 's/test-update-copyright.sh //' gnulib-tests/Makefile -make %{?_smp_mflags} check -%endif - -%files -f %{name}.lang -%defattr(-,root,root) -%{_bindir}/* -%{_mandir}/*/* - -%changelog -* Sun Feb 12 2023 Shreenidhi Shedi 3.8-2 -- Fix build requires -* Mon Apr 18 2022 Gerrit Photon 3.8-1 -- Automatic Version Bump -* Wed Jul 08 2020 Gerrit Photon 3.7-1 -- Automatic Version Bump -* Thu Apr 16 2020 Alexey Makhalov 3.6-3 -- Do not conflict with toybox >= 0.8.2-2 -* Tue Oct 2 2018 Michelle Wang 3.6-2 -- Add conflicts toybox. -* Fri Aug 03 2018 Srivatsa S. Bhat 3.6-1 -- Update to version 3.6 to get it to build with gcc 7.3. -* Wed Apr 19 2017 Bo Gan 3.5-1 -- Update to 3.5. -* Wed Oct 05 2016 ChangLee 3.3-4 -- Modified %check. -* Tue May 24 2016 Priyesh Padmavilasom 3.3-3 -- GA Bump release of all rpms. -* Wed Jun 3 2015 Divya Thaluru 3.3-2 -- Adding coreutils package to build requires. -* Wed Nov 5 2014 Divya Thaluru 3.3-1 -- Initial build First version. diff --git a/SPECS/ding-libs/ding-libs.spec b/SPECS/ding-libs/ding-libs.spec deleted file mode 100644 index ff81fba51f..0000000000 --- a/SPECS/ding-libs/ding-libs.spec +++ /dev/null @@ -1,276 +0,0 @@ -Name: ding-libs -Version: 0.6.2 -Release: 1%{?dist} -Summary: "Ding is not GLib" assorted utility libraries -Vendor: VMware, Inc. -Distribution: Photon -Group: Development/Libraries -License: LGPLv3+ -URL: /~https://github.com/SSSD/ding-libs - -Source0: /~https://github.com/SSSD/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz -%define sha512 %{name}=566172e0addb0ee6e0ebd12874d3b72f2fa6bcb1ecc628c0c529984193290fae554efc40f52d2cec675bffab32a36183e47ec629db25e83ed2995f1049c64703 - -# ding-libs is a meta-package that will pull in all of its own -# sub-packages - -# Cannot set different version numbers for subpackages, otherwise build process fails -Requires: libpath-utils = %{version}-%{release} -Requires: libdhash = %{version}-%{release} -Requires: libcollection = %{version}-%{release} -Requires: libref-array = %{version}-%{release} -Requires: libini-config = %{version}-%{release} - -BuildRequires: build-essential -BuildRequires: m4 -BuildRequires: pkg-config -BuildRequires: check -BuildRequires: gettext-devel -BuildRequires: readline-devel - -%description -A meta-package that pulls in libcollection, libdhash, libini-config, -librefarray and libpath-utils. - -%package devel -Summary: Development packages for ding-libs -Group: Development/Libraries -License: LGPLv3+ - -Requires: %{name} = %{version}-%{release} -Requires: libpath-utils-devel = %{version}-%{release} -Requires: libdhash-devel = %{version}-%{release} -Requires: libcollection-devel = %{version}-%{release} -Requires: libref-array-devel = %{version}-%{release} -Requires: libbasicobjects-devel = %{version}-%{release} -Requires: libini-config-devel = %{version}-%{release} - -%description devel -Header files for ding-libs. - -%package -n libpath-utils -Summary: Filesystem Path Utilities -Group: Development/Libraries -License: LGPLv3+ - -%description -n libpath-utils -Utility functions to manipulate filesystem pathnames - -%package -n libpath-utils-devel -Summary: Development files for libpath-utils -Group: Development/Libraries -Requires: libpath-utils = %{version}-%{release} -License: LGPLv3+ - -%description -n libpath-utils-devel -Utility functions to manipulate filesystem pathnames - -%package -n libdhash -Group: Development/Libraries -Summary: Dynamic hash table -License: LGPLv3+ - -%description -n libdhash -A hash table which will dynamically resize to achieve optimal storage & access -time properties - -%package -n libdhash-devel -Summary: Development files for libdhash -Group: Development/Libraries -Requires: libdhash = %{version}-%{release} -License: LGPLv3+ - -%description -n libdhash-devel -A hash table which will dynamically resize to achieve optimal storage & access -time properties - -%package -n libcollection -Summary: Collection data-type for C -Group: Development/Libraries -License: LGPLv3+ - -%description -n libcollection -A data-type to collect data in a hierarchical structure for easy iteration -and serialization - -%package -n libcollection-devel -Summary: Development files for libcollection -Group: Development/Libraries -License: LGPLv3+ -Requires: libcollection = %{version}-%{release} - -%description -n libcollection-devel -Header/development files for libcollection. - -%package -n libref-array -Summary: A refcounted array for C -Group: Development/Libraries -License: LGPLv3+ - -%description -n libref-array -A dynamically-growing, reference-counted array - -%package -n libref-array-devel -Summary: Development files for libref-array -Group: Development/Libraries -Requires: libref-array = %{version}-%{release} -License: LGPLv3+ - -%description -n libref-array-devel -Header/development files for libref-array - -%package -n libbasicobjects -Summary: Basic object types for C -Group: Development/Libraries -License: GPLv3+ - -%description -n libbasicobjects -Basic object types - -%package -n libbasicobjects-devel -Summary: Development files for libbasicobjects -Group: Development/Libraries -License: GPLv3+ -Requires: libbasicobjects = %{version}-%{release} - -%description -n libbasicobjects-devel -Headers/development files for libbasicobjects - -%package -n libini-config -Summary: INI file parser for C -Group: Development/Libraries -License: LGPLv3+ -Requires: libcollection = %{version}-%{release} -Requires: libref-array = %{version}-%{release} -Requires: libbasicobjects = %{version}-%{release} -Requires: libpath-utils = %{version}-%{release} - -%description -n libini-config -Library to process config files in INI format into a libcollection data -structure - -%package -n libini-config-devel -Summary: Development files for libini-config -Group: Development/Libraries -License: LGPLv3+ -Requires: libini-config = %{version}-%{release} -Requires: libcollection-devel = %{version}-%{release} -Requires: libref-array-devel = %{version}-%{release} -Requires: libbasicobjects-devel = %{version}-%{release} - -%description -n libini-config-devel -Header/development files for libini-config. - -%prep -%autosetup - -%build -autoreconf -ivf -%configure --disable-static - -%make_build all docs - -%install -%make_install %{?_smp_mflags} - -# Remove document install script. RPM is handling this -rm -f */doc/html/installdox - -# Remove docs -rm -rf %{buildroot}%{_datadir}/doc/%{name}/* - -%if 0%{?with_check} -%check -%make_build check -%endif - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root,-) - -%files devel -%defattr(-,root,root,-) - -%files -n libpath-utils -%defattr(-,root,root,-) -%{_libdir}/libpath_utils.so.1 -%{_libdir}/libpath_utils.so.1.0.1 - -%files -n libpath-utils-devel -%defattr(-,root,root,-) -%{_includedir}/path_utils.h -%{_libdir}/libpath_utils.so -%{_libdir}/pkgconfig/path_utils.pc -%doc path_utils/README.path_utils - -%files -n libdhash -%defattr(-,root,root,-) -%{_libdir}/libdhash.so.1 -%{_libdir}/libdhash.so.1.1.0 - -%files -n libdhash-devel -%defattr(-,root,root,-) -%{_includedir}/dhash.h -%{_libdir}/libdhash.so -%{_libdir}/pkgconfig/dhash.pc -%doc dhash/README.dhash -%doc dhash/examples/*.c - -%files -n libcollection -%defattr(-,root,root,-) -%{_libdir}/libcollection.so.4 -%{_libdir}/libcollection.so.4.1.1 - -%files -n libcollection-devel -%defattr(-,root,root,-) -%{_includedir}/collection.h -%{_includedir}/collection_tools.h -%{_includedir}/collection_queue.h -%{_includedir}/collection_stack.h -%{_libdir}/libcollection.so -%{_libdir}/pkgconfig/collection.pc - -%files -n libref-array -%defattr(-,root,root,-) -%{_libdir}/libref_array.so.1 -%{_libdir}/libref_array.so.1.2.1 - -%files -n libref-array-devel -%defattr(-,root,root,-) -%{_includedir}/ref_array.h -%{_libdir}/libref_array.so -%{_libdir}/pkgconfig/ref_array.pc -%doc refarray/README.ref_array - -%files -n libbasicobjects -%defattr(-,root,root,-) -%{_libdir}/libbasicobjects.so.0 -%{_libdir}/libbasicobjects.so.0.1.0 - -%files -n libbasicobjects-devel -%defattr(-,root,root,-) -%{_includedir}/simplebuffer.h -%{_libdir}/libbasicobjects.so -%{_libdir}/pkgconfig/basicobjects.pc - -%files -n libini-config -%defattr(-,root,root,-) -%{_libdir}/libini_config.so.5 -%{_libdir}/libini_config.so.5.2.1 - -%files -n libini-config-devel -%defattr(-,root,root,-) -%{_includedir}/ini_config.h -%{_includedir}/ini_configobj.h -%{_includedir}/ini_valueobj.h -%{_includedir}/ini_comment.h -%{_includedir}/ini_configmod.h -%{_libdir}/libini_config.so -%{_libdir}/pkgconfig/ini_config.pc - -%changelog -* Tue Feb 14 2023 Brennan Lamoreaux 0.6.2-1 -- Initial addition to Photon. Needed for addition of SSSD. -- Modified from provided spec file in GitHub repository. diff --git a/SPECS/distcc/distcc.spec b/SPECS/distcc/distcc.spec deleted file mode 100644 index b713069017..0000000000 --- a/SPECS/distcc/distcc.spec +++ /dev/null @@ -1,111 +0,0 @@ -Name: distcc -Version: 3.4 -Release: 3%{?dist} -Summary: Distributed C/C++ compilation -License: GPLv2+ -URL: /~https://github.com/distcc/distcc -Group: Applications/File -Vendor: VMware, Inc. -Distribution: Photon -Source0: /~https://github.com/distcc/distcc/archive/v%{version}/%{name}-%{version}.tar.gz -%define sha512 %{name}=de09329fdfa25e08a9b9529190ddaa9ceccb34c8655692edb86f367a8db4a71b750c6e928cb8e5a670f51fbbc02fd1c8524f72e01b3ebaacc1106dc676d18eef -Source1: hosts.sample -Source2: distccd.service - -BuildRequires: automake -BuildRequires: autoconf -BuildRequires: which -BuildRequires: popt-devel -BuildRequires: python3-devel -BuildRequires: krb5-devel -BuildRequires: binutils-devel -BuildRequires: systemd-rpm-macros -BuildRequires: make - -Requires: krb5 -Requires: popt -Requires: python3 - -%description -distcc is a program to distribute builds of C, C++, Objective C or Objective -C++ code across several machines on a network. distcc should always generate -the same results as a local build, is simple to install and use, and is -usually much faster than a local compile. - -%package server -Summary: Server for distributed C/C++ compilation - -Requires: %{name} = %{version}-%{release} -Requires: krb5 -Requires: popt -Requires: systemd - -%description server -This package contains the compilation server needed to use %{name}. - -%prep -%autosetup -p1 - -%build -sh ./autogen.sh -%{configure} --with-auth -make %{?_smp_mflags} - -%install -make DESTDIR=%{buildroot} install %{?_smp_mflags} - -install -Dm 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/hosts -install -Dm 0644 contrib/redhat/sysconfig %{buildroot}%{_sysconfdir}/sysconfig/distccd -install -Dm 0644 %{SOURCE2} %{buildroot}%{_unitdir}/distccd.service -mkdir -p %{buildroot}/usr/lib/%{name} %{buildroot}/usr/lib/gcc-cross -rm -rf %{buildroot}%{_docdir}/* - -%post server -%systemd_post distccd.service -%{_sbindir}/update-distcc-symlinks > /dev/null 2>&1 - -%preun server -%systemd_preun distccd.service - -%postun server -%systemd_postun_with_restart distccd.service - -%files -%defattr(-,root,root) -%license COPYING -%doc AUTHORS doc/* NEWS README.pump TODO -%doc INSTALL README survey.txt -%{_bindir}/distcc -%{_bindir}/distccmon-text -%{_bindir}/lsdistcc -%{_bindir}/pump -%{_mandir}/man1/distcc.* -%{_mandir}/man1/distccmon* -%{_mandir}/man1/pump* -%{_mandir}/man1/include_server* -%{_mandir}/man1/lsdistcc* -%dir %{_sysconfdir}/%{name} -%config(noreplace) %{_sysconfdir}/%{name}/hosts -%{python3_sitearch}/include_server* - -%files server -%defattr(-,root,root) -%license COPYING -%doc README -%{_bindir}/distccd -%{_unitdir}/* -%{_sysconfdir}/default/distcc -%{_sysconfdir}/distcc/*allow* -%{_mandir}/man1/distccd* -%config(noreplace) %{_sysconfdir}/sysconfig/distccd -%{_sbindir}/update-distcc-symlinks -%dir /usr/lib/%{name} -%dir /usr/lib/gcc-cross - -%changelog -* Fri Jul 28 2023 Srish Srinivasan 3.4-3 -- Bump version as a part of krb5 upgrade -* Thu Jan 26 2023 Ashwin Dayanand Kamat 3.4-2 -- Bump version as a part of krb5 upgrade -* Tue Apr 12 2022 Oliver Kurth 3.4-1 -- initial build for Photon diff --git a/SPECS/distcc/distccd.service b/SPECS/distcc/distccd.service deleted file mode 100644 index 5eada120fa..0000000000 --- a/SPECS/distcc/distccd.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=distcc: a fast, free distributed C/C++ compiler -Documentation: https://www.distcc.org/ -After=network.target - -[Service] -DynamicUser=true -EnvironmentFile=-/etc/sysconfig/distccd -ExecStart=/usr/bin/distccd --no-detach --daemon --whitelist=/etc/distcc/clients.allow $OPTIONS - -[Install] -WantedBy=multi-user.target diff --git a/SPECS/distcc/hosts.sample b/SPECS/distcc/hosts.sample deleted file mode 100644 index bb9a289458..0000000000 --- a/SPECS/distcc/hosts.sample +++ /dev/null @@ -1,11 +0,0 @@ -# The grammar of the host file is, informally: -# -# DISTCC_HOSTS = HOSTSPEC ... -# HOSTSPEC = LOCAL_HOST | SSH_HOST | TCP_HOST | OLDSTYLE_TCP_HOST -# LOCAL_HOST = localhost[/LIMIT] -# SSH_HOST = [USER]@HOSTID[/LIMIT][:COMMAND][OPTIONS] -# TCP_HOST = HOSTID[:PORT][/LIMIT][OPTIONS] -# OLDSTYLE_TCP_HOST = HOSTID[/LIMIT][:PORT][OPTIONS] -# HOSTID = HOSTNAME | IPV4 -# OPTIONS = ,OPTION[OPTIONS] -# OPTION = lzo diff --git a/SPECS/distrib-compat/90-va-tune-up.conf b/SPECS/distrib-compat/90-va-tune-up.conf deleted file mode 100644 index 03cc7b2ced..0000000000 --- a/SPECS/distrib-compat/90-va-tune-up.conf +++ /dev/null @@ -1,28 +0,0 @@ -# Disable response to broadcasts. -# You don't want yourself becoming a Smurf amplifier. -net.ipv4.icmp_echo_ignore_broadcasts = 1 -# enable route verification on all interfaces -net.ipv4.conf.all.rp_filter = 1 -# enable ipV6 forwarding -#net.ipv6.conf.all.forwarding = 1 -# increase the number of possible inotify(7) watches -fs.inotify.max_user_watches = 65536 -# avoid deleting secondary IPs on deleting the primary IP -net.ipv4.conf.default.promote_secondaries = 1 -net.ipv4.conf.all.promote_secondaries = 1 -net.ipv4.conf.default.accept_source_route=0 -net.ipv4.tcp_max_syn_backlog=1280 -net.ipv4.conf.all.accept_redirects=0 -net.ipv4.conf.default.accept_redirects=0 -net.ipv4.conf.all.send_redirects=0 -net.ipv4.conf.default.send_redirects=0 -net.ipv4.conf.all.secure_redirects=0 -net.ipv4.conf.default.secure_redirects=0 -net.ipv4.conf.all.log_martians=1 -net.ipv4.conf.default.log_martians=1 -net.ipv4.conf.default.rp_filter=1 -net.ipv6.conf.all.accept_redirects=0 -net.ipv6.conf.default.accept_redirects=0 -net.ipv6.conf.all.router_solicitations=0 -net.ipv6.conf.default.router_solicitations=0 -kernel.printk = 3 4 1 7 diff --git a/SPECS/distrib-compat/distrib-compat-gen-debuginfo.patch b/SPECS/distrib-compat/distrib-compat-gen-debuginfo.patch deleted file mode 100644 index 8ef86c183c..0000000000 --- a/SPECS/distrib-compat/distrib-compat-gen-debuginfo.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff --git a/Makefile b/Makefile -index 49bfd68..891e045 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,4 +1,4 @@ --CFLAGS=-D_GNU_SOURCE -Wall -O2 -+CFLAGS=-D_GNU_SOURCE -Wall -O2 -g - PRG=proctools - DIR=${DESTDIR}/sbin - -@@ -12,7 +12,7 @@ clean: - - install: - install -dm 0755 $(DIR) -- install -sm 0755 $(PRG) $(DIR) -+ install -m 0755 $(PRG) $(DIR) - ln -sf $(PRG) ${DIR}/checkproc - ln -sf $(PRG) ${DIR}/killproc - ln -sf $(PRG) ${DIR}/startproc diff --git a/SPECS/distrib-compat/distrib-compat.spec b/SPECS/distrib-compat/distrib-compat.spec deleted file mode 100644 index 3c4e0a665f..0000000000 --- a/SPECS/distrib-compat/distrib-compat.spec +++ /dev/null @@ -1,54 +0,0 @@ -Summary: Set of scripts and tools to get compatbility with other distributions. -Name: distrib-compat -Version: 0.1 -Release: 3%{?dist} -License: GPLv2 -URL: http://photon.org -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: %{name}-%{version}.tar.bz2 -%define sha512 %{name}=9e63e33d0dd1506b4395da98c7adb66213ddb8074a4a3d45524904288cab3c70d2abe91a78bfdb8ccce259995f07c4d393a5a4e109553236c957a639074cb463 -Source1: rc.status -Source2: 90-va-tune-up.conf -Source3: ifup -Source4: ifdown - -Patch0: distrib-compat-gen-debuginfo.patch - -%description -Set of scripts and tools to get compatbility with other distributions. -It includes: rc.status, startproc, killproc, checkproc, ifup and ifdown. - -%prep -%autosetup -p1 - -%build -%make_build - -%install -%make_install %{?_smp_mflags} DIR=%{buildroot}%{_sbindir} -install -d -m 0755 %{buildroot}%{_sysconfdir}/sysctl.d -install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir} -install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysctl.d -install -m 0755 %{SOURCE3} %{buildroot}%{_sbindir} -install -m 0755 %{SOURCE4} %{buildroot}%{_sbindir} -touch %{buildroot}%{_sysconfdir}/sysctl.d/99-compat.conf -chmod 644 %{buildroot}%{_sysconfdir}/sysctl.d/99-compat.conf -ln -sfv sysctl.d/99-compat.conf %{buildroot}%{_sysconfdir}/sysctl.conf - -%files -%defattr(-,root,root) -%config(noreplace) %{_sysconfdir}/sysctl.d/*.conf -%{_sysconfdir}/sysctl.conf -%{_sysconfdir}/rc.status -%{_sbindir}/* - -%changelog -* Thu Aug 04 2022 Ankit Jain 0.1-3 -- preserve the configuartion -* Mon Feb 28 2022 Shreenidhi Shedi 0.1-2 -- Fix binary path -* Thu Feb 18 2021 Ankit Jain 0.1-1 -- Initial build. First version diff --git a/SPECS/distrib-compat/ifdown b/SPECS/distrib-compat/ifdown deleted file mode 100644 index d8c7ee9300..0000000000 --- a/SPECS/distrib-compat/ifdown +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -fail() { - local _red="\\033[1;31m" - local _normal="\\033[0;39m" - [ -n "$*" ] && printf "${_red}$*${_normal}\n" - exit 1 -} - -[ $# -ne 1 ] && fail "Incorrect args: ifup " - -interface=$1 - -#flush the adress -ip addr flush $interface || fail "Cannot flush IP address for $interface" - -#Bring the interface down -ip link set dev $interface down || fail "Cannot bring $interface down" - -exit 0 diff --git a/SPECS/distrib-compat/ifup b/SPECS/distrib-compat/ifup deleted file mode 100644 index 0adb827457..0000000000 --- a/SPECS/distrib-compat/ifup +++ /dev/null @@ -1,94 +0,0 @@ -#!/bin/bash - -fail() { - local _red="\\033[1;31m" - local _normal="\\033[0;39m" - [ -n "$*" ] && printf "${_red}$*${_normal}\n" - exit 1 -} - -print_message() { - printf "%s\n" "${1}" -} - -success() { - print_message "$*" - exit 0 -} - -SYSTEMD_NETWORK_CONF_DIR="/etc/systemd/network" - -[ $# -ne 1 ] && fail "Incorrect args: ifup " - -interface=$1 - -print_message "Make sure the interface is down or not assigned any IP" - -output=`ip addr show $interface` - -#check if the interface is up -echo $output | grep -o "state UP" -isupret=$? -echo $output | grep -o "inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*" -hasip=$? - -[ $isupret -eq 0 -a $hasip -eq 0 ] && success "The interface is already up and assigned an IP" - -print_message "$interface is DOWN or not assigned an IP. Bringnig $interface up..." - -manualfilename=`ls ${SYSTEMD_NETWORK_CONF_DIR}/*$interface*.network.manual 2>/dev/null` -if [[ -z $manualfilename ]] ; then - print_message "Can not find the manual filename, let us search for the auto filename" - filename=`ls ${SYSTEMD_NETWORK_CONF_DIR}/*$interface*.network 2>/dev/null` - [[ -z $filename ]] && fail "Can not find network interface file" -else - filename=$manualfilename -fi - -# Trying to parse the address from the file -while read line -do - key=`echo $line | cut -d'=' -f1` - if [ "$key" = "Address" ] - then - address=`echo $line | cut -d'=' -f2 | cut -d'/' -f1` - fi -done < $filename - -[[ -z $address ]] && print_message "Did not find address in the configuration file, may be it's dhcp, will not check for duplicates" - -#flush the adress -ip addr flush $interface || fail "Cannot flush IP address for $interface" - -#Bring the interface up -ip link set dev $interface up || fail "Cannot bring $interface up" - -if [[ -n $address ]] ; then - if [[ $address =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - echo "Performing duplicate address check for IPv4 address $address" - arping -D -q -I $interface -c 2 $address - retval=$? - [ $retval -eq 1 ] && fail "Error: IP already exists in the network" - [ $retval -eq 2 ] && fail "Cannot procceed. $interface is down" - [ $retval -ne 0 ] && fail "Unknown error!" - else - echo "Skipping duplicate address check for IPv6 address $address" - fi -fi - -print_message "Everything is good, IP is not assigned elsewhere, will restart systemd-networkd" - -if [[ -n $manualfilename ]] ; then - autofilename="${manualfilename%.*}" - print_message "The interface is set to manual, will rename $manualfilename to $autofilename" - mv $manualfilename $autofilename - print_message "Restarting systemd-networkd" - systemctl restart systemd-networkd - retval=$? - print_message "Rename back from $manualfilename to $autofilename" - mv $autofilename $manualfilename - [ $retval -eq 0 ] || fail "Failed to restart systemd-networkd" -else - systemctl restart systemd-networkd || fail "Failed to restart systemd-networkd" -fi -exit 0 diff --git a/SPECS/distrib-compat/rc.status b/SPECS/distrib-compat/rc.status deleted file mode 100644 index 7790eab6f0..0000000000 --- a/SPECS/distrib-compat/rc.status +++ /dev/null @@ -1,204 +0,0 @@ -# /etc/rc.status -# This file contains a functions to record, display, and return the actual -# rc status information in init scripts. -# See https://en.opensuse.org/openSUSE:Packaging_init_scripts#Status_Functions -# for more info. -# -# The following functions are provided: -# -# rc_active -# This function checks whether a service is enabled (by symlinks). -# It returns "0" if the service is enabled in a runlevel and -# returns "1" otherwise. -# -# rc_exit -# This function terminates an init script with the exit status -# appropriate to the overall rc status. -# -# rc_failed [num] -# This function sets the local and the overall rc status to a selected -# value defined by the parameter num. The value "1" is used by default. -# -# rc_check -# This function checks the exit status of the last command ($?) and sets -# the local rc status to this value if the value is different from "0". -# Then it sets the overall rc status to the value of the local rc status -# if it differs from "0". This function is used internally by other rc -# status functions. -# -# rc_reset -# This function sets both the local and the overall rc status to "0". -# -# rc_status [-r] [-s] [-u] [-v[num]] -# This function checks, sets, and displays the rc status. By default, -# it is quiet: it only calls rc_check. So, it must be called with an -# option to display the status. The options have the following meaning: -# -r calls rc_reset. This option is usable together with -v. The command -# rc_status -v -r checks, sets, and displays the current rc status. -# Then rc_reset is called. -# -s displays "skipped" and sets the status to "3". It means an -# unimplemented feature. -# -u displays "unused" and sets the status to "3". It means an -# unimplemented feature. -# -v[num] displays the actual status and resets local status to "0". -# By default, the status is displayed on the actual line. The -# parameter num defines that it should display num lines above the -# actual cursor position. - -if test -z "$PREVENT_LOOP" && test $PPID -ne 1 && test $# -eq 1 ; then - unit_name= - case "$0" in - /etc/init.d/*|/etc/rc.d/*) - unit_name=${0##*/} ;; - */rc*) - unit_name=`readlink "$0"` - unit_name=${unit_name##*/} - ;; - esac - if test -n "$unit_name"; then - if [ "$1" = "status" ]; then - PREVENT_LOOP=1 "$0" "$1" - exec /usr/bin/systemctl -l status "${unit_name}.service" - else - exec /usr/bin/systemctl --ignore-dependencies $1 "${unit_name}.service" - fi - fi - unset unit_name -fi - -# local rc status -rc_status=0 - -# overall rc status -rc_status_overall=0 - -# echo opt to enable interpretation of backslash escapes -# eopt="-e" - -# output messages -msg_done="done" -msg_failed="failed" -msg_missed="missed" -msg_skipped="skipped" -msg_unused="unused" -msg_running="running" -msg_dead="dead" -msg_unknown="unknown" - -# parent cmd -rc_action=$1 - -rc_active () -{ - local file - for file in /etc/rc*.d/S[0-9][0-9]$1 ; do - test -h $file && return 0 - done - return 1 -} - -rc_exit () -{ - exit $rc_status_overall -} - -rc_failed () -{ - if [ -z "$1" ] ; then - rc_status=1 - else - rc_status=$1 - fi - rc_status_overall=$rc_status - return $rc_status -} - -rc_check () -{ - result=$? - test $result -ne 0 && rc_status=$result - test $rc_status -ne 0 && rc_status_overall=$rc_status - return $result -} - -rc_reset () -{ - rc_status=0 - rc_status_overall=0 - return 0 -} - -if [ "$rc_action" = "status" ] ; then -rc_status () -{ - rc_check - ret=$rc_status - local op - for op ; do - case "$op" in - -v) case "$rc_status" in - 0) echo $eopt $msg_running ;; - 1|2) echo $eopt $msg_dead ;; - 3) echo $eopt $msg_unused ;; - 4) echo $eopt $msg_unknown ;; - esac - rc_status=0 ;; - -r) rc_reset ;; - -s) echo $eopt msg_skipped ; rc_failed 3 ;; - -u) echo $eopt msg_unused ; rc_failed 3 ;; - *) echo "rc_status: Usage [-v] [-r] [-s] [-u]" ;; - esac - done - return $ret -} -elif [ -n "$rc_action" ] ; then -# "start", "stop", etc... -rc_status () -{ - rc_check - ret=$rc_status - if [ "$rc_action" = "stop" -a $rc_status -eq 7 ] ; then - # we've stopped the service: 7 -> 0 - rc_failed 7 - fi - local op - for op ; do - case "$op" in - -v) case "$rc_status" in - 0) echo $eopt $msg_done ;; - 3) echo $eopt $msg_missed ;; - 5) echo $eopt $msg_skipped ;; - 6) echo $eopt $msg_unused ;; - *) echo $eopt $msg_failed ;; - esac - rc_status=0 ;; - -r) rc_reset ;; - -s) echo $eopt msg_skipped ; rc_failed 5 ;; - -u) echo $eopt msg_unused ; rc_failed 6 ;; - *) echo "rc_status: Usage [-v] [-r] [-s] [-u]" ;; - esac - done - return $ret -} -else -rc_status () -{ - rc_check - ret=$rc_status - local op - for op ; do - case "$op" in - -v) case "$rc_status" in - 0) echo $eopt $msg_done ;; - *) echo $eopt $msg_failed ;; - esac - rc_status=0 ;; - -r) rc_reset ;; - -s) echo $eopt msg_skipped ; rc_failed 0 ;; - -u) echo $eopt msg_unused ; rc_failed 0 ;; - *) echo "rc_status: Usage [-v] [-r] [-s] [-u]" ;; - esac - done - return $ret -} -fi diff --git a/SPECS/dkms/dkms.spec b/SPECS/dkms/dkms.spec deleted file mode 100644 index 4e858970ea..0000000000 --- a/SPECS/dkms/dkms.spec +++ /dev/null @@ -1,80 +0,0 @@ -Summary: Dynamic Kernel Module Support -Name: dkms -Version: 3.0.10 -Release: 2%{?dist} -License: GPLv2+ -URL: http://linux.dell.com/dkms -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/dell/dkms/archive/%{name}-%{version}.tar.gz -%define sha512 %{name}=b271453497a004177137e972cb45cacb2dd3ac124a1fd2526218cf690f5ce77250195e73b6f9c75de4661a718d928e546bd85770ab98c2fd9af44fe777492ad7 - -BuildArch: noarch - -BuildRequires: systemd-devel - -Requires: systemd -Requires: build-essential - -%description -Dynamic Kernel Module Support (DKMS) is a program/framework that enables generating Linux kernel modules whose sources generally reside outside the kernel source tree. -The concept is to have DKMS modules automatically rebuilt when a new kernel is installed. - -%prep -%autosetup -p1 - -%build - -%install -%make_install %{?_smp_mflags} install-redhat -install -vdm755 %{buildroot}%{_presetdir} -echo "disable %{name}.service" > %{buildroot}%{_presetdir}/50-%{name}.preset - -%post -%systemd_post %{name}.service - -%preun -%systemd_preun %{name}.service - -%postun -%systemd_postun_with_restart %{name}.service - -%files -%defattr(-,root,root) -%{_datadir}/bash-completion/completions/%{name} -%dir %{_sysconfdir}/%{name} -%config(noreplace) %{_sysconfdir}/%{name}/framework.conf -%dir %{_sysconfdir}/%{name}/framework.conf.d -%{_sysconfdir}/kernel/postinst.d/%{name} -%{_sysconfdir}/kernel/install.d/%{name} -%{_sysconfdir}/kernel/prerm.d/%{name} -%{_unitdir}/%{name}.service -%{_presetdir}/50-%{name}.preset -%{_libdir}/%{name}/* -%{_sbindir}/%{name} -%{_mandir}/man8/%{name}.8.gz - -%changelog -* Tue Sep 12 2023 Shreenidhi Shedi 3.0.10-2 -- Fix spec issues -* Fri Jan 20 2023 Alexey Makhalov 3.0.10-1 -- Version update -* Mon May 03 2021 Gerrit Photon 2.8.4-1 -- Automatic Version Bump -* Mon Jan 18 2021 Ajay Kaher 2.8.2-2 -- Modified Requires list. -* Mon Jun 22 2020 Gerrit Photon 2.8.2-1 -- Automatic Version Bump -* Mon Sep 10 2018 Ajay Kaher 2.6.1-1 -- Upgraded to version 2.6.1 -* Thu May 26 2016 Divya Thaluru 2.2.0.3-4 -- Fixed logic to restart the active services after upgrade -* Tue May 24 2016 Priyesh Padmavilasom 2.2.0.3-3 -- GA - Bump release of all rpms -* Tue Aug 25 2015 Alexey Makhalov 2.2.0.3-2 -- Added systemd preset file with 'disable' default value. -- Set BuildArch to noarch. -* Thu Aug 6 2015 Divya Thaluru 2.2.0.3-1 -- Initial version diff --git a/SPECS/dmidecode/dmidecode.spec b/SPECS/dmidecode/dmidecode.spec deleted file mode 100644 index 9b213d6869..0000000000 --- a/SPECS/dmidecode/dmidecode.spec +++ /dev/null @@ -1,54 +0,0 @@ -Summary: Tool to analyze BIOS DMI data -Name: dmidecode -Version: 3.5 -Release: 1%{?dist} -License: GPLv2+ -URL: http://www.nongnu.org/dmidecode -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://download.savannah.gnu.org/releases/dmidecode/%{name}-%{version}.tar.xz -%define sha512 %{name}=690c9bea391f6bbfc8cd48e8db408a61d5b551a07a2823c29d03a09607fc2043cc1bea44ee9fd27fd0e7bc0b287bf9de9f22a1a66053f5b1e63d77c03d93e1ae - -%description -Dmidecode reports information about your system's hardware as described in -your system BIOS according to the SMBIOS/DMI standard. This information -typically includes system manufacturer, model name, serial number, -BIOS version, asset tag as well as a lot of other details of varying -level of interest and reliability depending on the manufacturer. - -This will often include usage status for the CPU sockets, expansion -slots (e.g. AGP, PCI, ISA) and memory module slots, and the list of -I/O ports (e.g. serial, parallel, USB). - -%prep -%autosetup -p1 - -%build -%make_build - -%install -%make_install prefix=%{_prefix} %{?_smp_mflags} - -%files -%defattr(-,root,root) -%{_sbindir}/* -%{_docdir}/%{name}/* -%{_mandir}/man8/* - -%changelog -* Tue May 30 2023 Srish Srinivasan 3.5-1 -- Update to v3.5 to fix CVE-2023-30630 -* Wed Aug 17 2022 Shreenidhi Shedi 3.4-1 -- Upgrade to v3.4 -* Mon Apr 12 2021 Gerrit Photon 3.3-1 -- Automatic Version Bump -* Thu Jun 25 2020 Gerrit Photon 3.2-1 -- Automatic Version Bump -* Mon Sep 10 2018 Ajay Kaher 3.1-1 -- Upgraded to version 3.1 -* Tue May 24 2016 Priyesh Padmavilasom 3.0-2 -- GA - Bump release of all rpms -* Mon Nov 02 2015 Divya Thaluru 3.0-1 -- Initial build. First version diff --git a/SPECS/dnsmasq/dnsmasq.spec b/SPECS/dnsmasq/dnsmasq.spec deleted file mode 100644 index 3e67173f1b..0000000000 --- a/SPECS/dnsmasq/dnsmasq.spec +++ /dev/null @@ -1,140 +0,0 @@ -Summary: DNS proxy with integrated DHCP server -Name: dnsmasq -Version: 2.88 -Release: 1%{?dist} -License: GPLv2 or GPLv3 -Group: System Environment/Daemons -URL: https://thekelleys.org.uk/dnsmasq/doc.html -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://thekelleys.org.uk/dnsmasq/%{name}-%{version}.tar.xz -%define sha512 %{name}=109ee4513cb25fb0c9ff6f81d696c195a24ffa013847fdc3a507757137fff098248e2b907a87695075405039c4dc0eda40803395a52306ce673ca593cc4f4e00 - -Patch0: enable_dnssec.patch - -BuildRequires: nettle-devel -BuildRequires: systemd-rpm-macros - -Requires: systemd -Requires: nettle - -%description -Dnsmasq a lightweight, caching DNS proxy with integrated DHCP server. - -%package utils -Summary: Utilities for changing DHCP server leases - -%description utils -Utilities that use DHCP protocol to query and remove a DHCP server's leases - -%prep -%autosetup -p1 - -%build -%make_build -%make_build -C contrib/lease-tools - -%install -mkdir -p %{buildroot}%{_bindir} \ - %{buildroot}%{_sbindir} \ - %{buildroot}%{_mandir}/{man1,man8} \ - %{buildroot}%{_sharedstatedir}/%{name} \ - %{buildroot}%{_sysconfdir}/%{name}.d \ - %{buildroot}%{_sysconfdir}/dbus-1/system.d - -install src/%{name} %{buildroot}%{_sbindir}/%{name} -install %{name}.conf.example %{buildroot}%{_sysconfdir}/%{name}.conf -install dbus/%{name}.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/ -install -m 644 man/%{name}.8 %{buildroot}%{_mandir}/man8/ -install -D trust-anchors.conf %{buildroot}%{_datadir}/%{name}/trust-anchors.conf - -install -m 755 contrib/wrt/lease_update.sh %{buildroot}%{_sbindir}/lease_update.sh - -mkdir -p %{buildroot}%{_unitdir} -cat << EOF >> %{buildroot}%{_unitdir}/%{name}.service -[Unit] -Description=A lightweight, caching DNS proxy -After=network.target - -[Service] -ExecStart=%{_sbindir}/%{name} -k -Restart=always - -[Install] -WantedBy=multi-user.target -EOF - -#dnsmasq-utils subpackage -install -m 755 contrib/lease-tools/dhcp_release %{buildroot}%{_bindir}/dhcp_release -install -m 644 contrib/lease-tools/dhcp_release.1 %{buildroot}%{_mandir}/man1/dhcp_release.1 -install -m 755 contrib/lease-tools/dhcp_release6 %{buildroot}%{_bindir}/dhcp_release6 -install -m 644 contrib/lease-tools/dhcp_release6.1 %{buildroot}%{_mandir}/man1/dhcp_release6.1 -install -m 755 contrib/lease-tools/dhcp_lease_time %{buildroot}%{_bindir}/dhcp_lease_time -install -m 644 contrib/lease-tools/dhcp_lease_time.1 %{buildroot}%{_mandir}/man1/dhcp_lease_time.1 - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root,-) -%{_unitdir}/* -%exclude %dir %{_libdir}/debug -%{_sbindir}/* -%{_mandir}/* -%{_sysconfdir}/%{name}.d -%config(noreplace) %{_sysconfdir}/%{name}.conf -%config(noreplace) %{_sysconfdir}/dbus-1/system.d/%{name}.conf -%dir %{_sharedstatedir} -%config %{_datadir}/%{name}/trust-anchors.conf - -%files utils -%{_bindir}/* -%{_mandir}/man1/* - -%changelog -* Wed Dec 07 2022 Susant Sahai 2.88-1 -- Version bump -* Fri Oct 28 2022 Gerrit Photon 2.87-1 -- Automatic Version Bump -* Wed Aug 24 2022 Shreenidhi Shedi 2.86-3 -- Bump version as a part of nettle upgrade -* Sun May 29 2022 Shreenidhi Shedi 2.86-2 -- Fix binary path -* Mon Apr 18 2022 Gerrit Photon 2.86-1 -- Automatic Version Bump -* Mon Aug 30 2021 Shreenidhi Shedi 2.85-3 -- Spec improvements -* Tue Aug 17 2021 Shreenidhi Shedi 2.85-2 -- Bump version as a part of nettle upgrade -* Mon Apr 12 2021 Gerrit Photon 2.85-1 -- Automatic Version Bump -* Thu Feb 04 2021 Ankit Jain 2.84-1 -- Update to 2.84 -* Sat Jan 09 2021 Satya Naga Vasamsetty 2.82-3 -- Fix CVE-2020-25681,CVE-2020-25682,CVE-2020-25683,CVE-2020-25684 -- CVE-2020-25685,CVE-2020-25686,CVE-2020-25687 -* Mon Aug 24 2020 Ashwin H 2.82-2 -- Enable dnssec -* Mon Jun 22 2020 Gerrit Photon 2.82-1 -- Automatic Version Bump to version 2.82 -* Mon May 04 2020 Dweep Advani 2.79-3 -- Preserve configuration files during package upgrades -* Thu Mar 05 2020 Ashwin H 2.79-2 -- Fix CVE-2019-14834. Add utils package -* Mon Sep 10 2018 Ajay Kaher 2.79-1 -- Upgrading to version 2.79 -* Tue Feb 13 2018 Xiaolin Li 2.76-5 -- Fix CVE-2017-15107 -* Mon Nov 13 2017 Vinay Kulkarni 2.76-4 -- Always restart dnsmasq service on exit -* Wed Oct 11 2017 Alexey Makhalov 2.76-3 -- Fix CVE-2017-13704 -* Wed Sep 27 2017 Alexey Makhalov 2.76-2 -- Fix CVE-2017-14491..CVE-2017-14496 -* Sun Nov 27 2016 Vinay Kulkarni 2.76-1 -- Upgrade to 2.76 to address CVE-2015-8899 -* Tue May 24 2016 Priyesh Padmavilasom 2.75-2 -- GA - Bump release of all rpms -* Mon Apr 18 2016 Xiaolin Li 2.75-1 -- Initial version diff --git a/SPECS/dnsmasq/enable_dnssec.patch b/SPECS/dnsmasq/enable_dnssec.patch deleted file mode 100644 index bf1e166a35..0000000000 --- a/SPECS/dnsmasq/enable_dnssec.patch +++ /dev/null @@ -1,19 +0,0 @@ -commit aae30906fcbaf850373bbf13d9b190a6373f5d6b -Author: ashwin-h -Date: Tue Aug 25 02:33:55 2020 +0530 - - [dnsmasq] Enable dnssec - -diff --git a/Makefile b/Makefile -index 98ec760..d34e9c8 100644 ---- a/Makefile -+++ b/Makefile -@@ -26,7 +26,7 @@ BUILDDIR = $(SRC) - DESTDIR = - CFLAGS = -Wall -W -O2 - LDFLAGS = --COPTS = -+COPTS = -DHAVE_DNSSEC - RPM_OPT_FLAGS = - LIBS = - diff --git a/SPECS/docbook-xml/docbook-xml.spec b/SPECS/docbook-xml/docbook-xml.spec deleted file mode 100644 index e922450737..0000000000 --- a/SPECS/docbook-xml/docbook-xml.spec +++ /dev/null @@ -1,201 +0,0 @@ -Summary: Docbook-xml-%{version} -Name: docbook-xml -Version: 4.5 -Release: 10%{?dist} -License: MIT -URL: http://www.docbook.org -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://www.docbook.org/xml/4.5/%{name}-%{version}.zip -%define sha512 %{name}=1ee282fe86c9282610ee72c0e1d1acfc03f1afb9dc67166f438f2703109046479edb6329313ecb2949db27993077e077d111501c10b8769ebb20719eb6213d27 - -Requires: libxml2 - -BuildRequires: unzip - -BuildArch: noarch - -%description -The DocBook XML DTD-%{version} package contains document type definitions for -verification of XML data files against the DocBook rule set. These are -useful for structuring books and software documentation to a standard -allowing you to utilize transformations already written for that standard. -%prep -%autosetup -c -T -p1 -unzip %{SOURCE0} -if [ $(id -u) -eq 0 ]; then - chown -R root.root . - chmod -R a+rX,g-w,o-w . -fi - -%build - -%install -install -v -d -m755 %{buildroot}%{_datadir}/xml/docbook/%{name}-%{version} -install -v -d -m755 %{buildroot}%{_sysconfdir}/xml -chown -R root:root . -cp -v -af docbook.cat *.dtd ent/ *.mod %{buildroot}%{_datadir}/xml/docbook/%{name}-%{version} - -%post -if [ ! -e %{_sysconfdir}/xml/docbook ]; then - xmlcatalog --noout --create %{_sysconfdir}/xml/docbook -fi - -xmlcatalog --noout --add "public" \ - "-//OASIS//DTD DocBook XML V%{version}//EN" \ - "http://www.oasis-open.org/docbook/xml/%{version}/docbookx.dtd" \ - %{_sysconfdir}/xml/docbook - -xmlcatalog --noout --add "public" \ - "-//OASIS//DTD DocBook XML CALS Table Model V%{version}//EN" \ - "file://%{_datadir}/xml/docbook/docbook-xml-%{version}/calstblx.dtd" \ - %{_sysconfdir}/xml/docbook - -xmlcatalog --noout --add "public" \ - "-//OASIS//DTD XML Exchange Table Model 19990315//EN" \ - "file://%{_datadir}/xml/docbook/docbook-xml-%{version}/soextblx.dtd" \ - %{_sysconfdir}/xml/docbook - -xmlcatalog --noout --add "public" \ - "-//OASIS//ELEMENTS DocBook XML Information Pool V%{version}//EN" \ - "file://%{_datadir}/xml/docbook/docbook-xml-%{version}/dbpoolx.mod" \ - %{_sysconfdir}/xml/docbook - -xmlcatalog --noout --add "public" \ - "-//OASIS//ELEMENTS DocBook XML Document Hierarchy V%{version}//EN" \ - "file://%{_datadir}/xml/docbook/docbook-xml-%{version}/dbhierx.mod" \ - %{_sysconfdir}/xml/docbook - -xmlcatalog --noout --add "public" \ - "-//OASIS//ELEMENTS DocBook XML HTML Tables V%{version}//EN" \ - "file://%{_datadir}/xml/docbook/docbook-xml-%{version}/htmltblx.mod" \ - %{_sysconfdir}/xml/docbook - -xmlcatalog --noout --add "public" \ - "-//OASIS//ENTITIES DocBook XML Notations V%{version}//EN" \ - "file://%{_datadir}/xml/docbook/docbook-xml-%{version}/dbnotnx.mod" \ - %{_sysconfdir}/xml/docbook - -xmlcatalog --noout --add "public" \ - "-//OASIS//ENTITIES DocBook XML Character Entities V%{version}//EN" \ - "file://%{_datadir}/xml/docbook/docbook-xml-%{version}/dbcentx.mod" \ - %{_sysconfdir}/xml/docbook - -xmlcatalog --noout --add "public" \ - "-//OASIS//ENTITIES DocBook XML Additional General Entities V%{version}//EN" \ - "file://%{_datadir}/xml/docbook/docbook-xml-%{version}/dbgenent.mod" \ - %{_sysconfdir}/xml/docbook - -xmlcatalog --noout --add "rewriteSystem" \ - "http://www.oasis-open.org/docbook/xml/%{version}" \ - "file://%{_datadir}/xml/docbook/docbook-xml-%{version}" \ - %{_sysconfdir}/xml/docbook - -xmlcatalog --noout --add "rewriteURI" \ - "http://www.oasis-open.org/docbook/xml/%{version}" \ - "file://%{_datadir}/xml/docbook/docbook-xml-%{version}" \ - %{_sysconfdir}/xml/docbook - -if [ ! -e %{_sysconfdir}/xml/catalog ]; then - xmlcatalog --noout --create %{_sysconfdir}/xml/catalog -fi - -xmlcatalog --noout --add "delegatePublic" \ - "-//OASIS//ENTITIES DocBook XML" \ - "file://%{_sysconfdir}/xml/docbook" \ - %{_sysconfdir}/xml/catalog - -xmlcatalog --noout --add "delegatePublic" \ - "-//OASIS//DTD DocBook XML" \ - "file://%{_sysconfdir}/xml/docbook" \ - %{_sysconfdir}/xml/catalog - -xmlcatalog --noout --add "delegateSystem" \ - "http://www.oasis-open.org/docbook/" \ - "file://%{_sysconfdir}/xml/docbook" \ - %{_sysconfdir}/xml/catalog - -xmlcatalog --noout --add "delegateURI" \ - "http://www.oasis-open.org/docbook/" \ - "file://%{_sysconfdir}/xml/docbook" \ - %{_sysconfdir}/xml/catalog - -for DTDVERSION in 4.1.2 4.2 4.3 4.4; do - xmlcatalog --noout --add "public" \ - "-//OASIS//DTD DocBook XML V$DTDVERSION//EN" \ - "http://www.oasis-open.org/docbook/xml/$DTDVERSION/docbookx.dtd" \ - %{_sysconfdir}/xml/docbook - xmlcatalog --noout --add "rewriteSystem" \ - "http://www.oasis-open.org/docbook/xml/$DTDVERSION" \ - "file://%{_datadir}/xml/docbook/docbook-xml-%{version}" \ - %{_sysconfdir}/xml/docbook - xmlcatalog --noout --add "rewriteURI" \ - "http://www.oasis-open.org/docbook/xml/$DTDVERSION" \ - "file://%{_datadir}/xml/docbook/docbook-xml-%{version}" \ - %{_sysconfdir}/xml/docbook - xmlcatalog --noout --add "delegateSystem" \ - "http://www.oasis-open.org/docbook/xml/$DTDVERSION/" \ - "file://%{_sysconfdir}/xml/docbook" \ - %{_sysconfdir}/xml/catalog - xmlcatalog --noout --add "delegateURI" \ - "http://www.oasis-open.org/docbook/xml/$DTDVERSION/" \ - "file://%{_sysconfdir}/xml/docbook" \ - %{_sysconfdir}/xml/catalog -done - -%preun -if [ $1 -eq 0 ]; then - if [ -f %{_sysconfdir}/xml/catalog ]; then - xmlcatalog --noout --del \ - "file://%{_sysconfdir}/xml/docbook" %{_sysconfdir}/xml/catalog - fi - - if [ -f %{_sysconfdir}/xml/docbook ]; then - xmlcatalog --noout --del \ - "file://%{_datadir}/xml/docbook/docbook-xml-%{version}" %{_sysconfdir}/xml/docbook - - for DTDVERSION in 4.1.2 4.2 4.3 4.4 %{version}; do - xmlcatalog --noout --del \ - "http://www.oasis-open.org/docbook/xml/$DTDVERSION/docbookx.dtd" %{_sysconfdir}/xml/docbook - done - - for file in $(find %{_datadir}/xml/docbook/%{name}-%{version}/*.dtd -printf "%f\n"); do - xmlcatalog --noout --del \ - "file://%{_datadir}/xml/docbook/docbook-xml-%{version}/$file" %{_sysconfdir}/xml/docbook - done - - for file in $(find %{_datadir}/xml/docbook/%{name}-%{version}/*.mod -printf "%f\n"); do - xmlcatalog --noout --del \ - "file://%{_datadir}/xml/docbook/docbook-xml-%{version}/$file" %{_sysconfdir}/xml/docbook - done - fi -fi - -%files -%defattr(-,root,root) -%{_datadir}/xml/docbook/%{name}-%{version} -%{_sysconfdir}/xml - -%changelog -* Wed Apr 19 2023 Ashwin Dayanand Kamat 4.5-10 -- Bump version as a part of libxml2 upgrade -* Wed Nov 17 2021 Nitesh Kumar 4.5-9 -- Release bump up to use libxml2 2.9.12-1. -* Thu May 18 2017 Xiaolin Li 4.5-8 -- Remove libxml2-python from requires. -* Tue Apr 25 2017 Priyesh Padmavilasom 4.5-7 -- Fix arch -* Tue May 24 2016 Priyesh Padmavilasom 4.5-6 -- GA - Bump release of all rpms -* Tue May 3 2016 Divya Thaluru 4.5-5 -- Fixing spec file to handle rpm upgrade scenario correctly -* Thu Mar 10 2016 XIaolin Li 4.5.1-4 -- Correct the local folder name. -* Mon Jul 6 2015 Mahmoud Bassiouny 4.5.1-3 -- Updated dependencies. -* Wed May 20 2015 Touseef Liaqat 4.5.1-2 -- Updated group. -* Mon Nov 24 2014 Divya Thaluru 4.5-1 -- Initial build. First version diff --git a/SPECS/docbook-xsl/docbook-xsl.spec b/SPECS/docbook-xsl/docbook-xsl.spec deleted file mode 100644 index 8a369a2f8d..0000000000 --- a/SPECS/docbook-xsl/docbook-xsl.spec +++ /dev/null @@ -1,122 +0,0 @@ -Summary: Docbook-xsl-%{name} -Name: docbook-xsl -Version: 1.79.1 -Release: 10%{?dist} -License: Apache License -URL: http://www.docbook.org -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://downloads.sourceforge.net/docbook/%{name}-%{version}.tar.bz2 -%define sha512 %{name}=83325cbaf1545da6b9b8b77f5f0e6fdece26e3c455164b300a1aa3d19e3bd29ae71fd563553a714a5394968d1a65684c6c7987c77524469358d18b8c227025c7 - -Requires: libxml2 - -BuildRequires: zip - -BuildArch: noarch - -%description -The DocBook XML DTD-4.5 package contains document type definitions for -verification of XML data files against the DocBook rule set. These are -useful for structuring books and software documentation to a standard -allowing you to utilize transformations already written for that standard. - -%prep -%autosetup -p1 - -%build -zip -d tools/lib/jython.jar Lib/distutils/command/wininst-6.exe -zip -d tools/lib/jython.jar Lib/distutils/command/wininst-7.1.exe - -%install -install -v -m755 -d %{buildroot}%{_datadir}/xml/docbook/xsl-stylesheets-%{version} - -cp -v -R VERSION common eclipse epub extensions fo highlighting html \ - htmlhelp images javahelp lib manpages params profiling \ - roundtrip slides template tests tools webhelp website \ - xhtml xhtml-1_1 \ - %{buildroot}%{_datadir}/xml/docbook/xsl-stylesheets-%{version} - -pushd %{buildroot}%{_datadir}/xml/docbook/xsl-stylesheets-%{version} -rm extensions/saxon65.jar \ - tools/lib/saxon.jar \ - tools/lib/saxon9-ant.jar \ - tools/lib/saxon9he.jar -ln -s VERSION VERSION.xsl -popd - -install -v -m644 -D README \ - %{buildroot}%{_docdir}/%{name}-%{version}/README.txt - -install -v -m644 RELEASE-NOTES* NEWS* \ - %{buildroot}%{_docdir}/%{name}-%{version} - -%post -if [ ! -d %{_sysconfdir}/xml ]; then - install -v -m755 -d %{_sysconfdir}/xml -fi -if [ ! -f %{_sysconfdir}/xml/catalog ]; then - xmlcatalog --noout --create %{_sysconfdir}/xml/catalog -fi - -xmlcatalog --noout --add "rewriteSystem" \ - "http://docbook.sourceforge.net/release/xsl/%{version}" \ - "%{_datadir}/xml/docbook/xsl-stylesheets-%{version}" \ - %{_sysconfdir}/xml/catalog - -xmlcatalog --noout --add "rewriteURI" \ - "http://docbook.sourceforge.net/release/xsl/%{version}" \ - "%{_datadir}/xml/docbook/xsl-stylesheets-%{version}" \ - %{_sysconfdir}/xml/catalog - -xmlcatalog --noout --add "rewriteSystem" \ - "http://docbook.sourceforge.net/release/xsl/current" \ - "%{_datadir}/xml/docbook/xsl-stylesheets-%{version}" \ - %{_sysconfdir}/xml/catalog - -xmlcatalog --noout --add "rewriteURI" \ - "http://docbook.sourceforge.net/release/xsl/current" \ - "%{_datadir}/xml/docbook/xsl-stylesheets-%{version}" \ - %{_sysconfdir}/xml/catalog - -%postun -if [ $1 -eq 0 ]; then - if [ -f %{_sysconfdir}/xml/catalog ]; then - xmlcatalog --noout --del \ - "%{_datadir}/xml/docbook/xsl-stylesheets-%{version}" \ - %{_sysconfdir}/xml/catalog - fi -fi - -%files -%defattr(-,root,root) -%{_datadir}/xml/docbook/* -%{_docdir}/* - -%changelog -* Sun Jul 30 2023 Shreenidhi Shedi 1.79.1-10 -- Fix a typo error in postun -* Wed Apr 19 2023 Ashwin Dayanand Kamat 1.79.1-9 -- Bump version as a part of libxml2 upgrade -* Mon Nov 08 2021 Nitesh Kumar 1.79.1-8 -- Release bump up to use libxml2 2.9.12-1. -* Fri Jan 18 2019 Tapas Kundu 1.79.1-7 -- Removed saxon jar files while installing -* Tue Dec 04 2018 Ashwin H 1.79.1-6 -- Remove windows installers -* Fri Aug 18 2017 Rongrong Qiu 1.79.1-5 -- Update make check for bug 1635477 -* Tue Apr 25 2017 Priyesh Padmavilasom 1.79.1-4 -- Fix arch -* Tue May 24 2016 Priyesh Padmavilasom 1.79.1-3 -- GA - Bump release of all rpms -* Tue May 3 2016 Divya Thaluru 1.79.1-2 -- Fixing spec file to handle rpm upgrade scenario correctly -* Thu Feb 25 2016 Kumar Kaushik 1.79.1-1 -- Updated version. -* Wed May 20 2015 Touseef Liaqat 1.78.1-2 -- Updated group. -* Mon Nov 24 2014 Divya Thaluru 1.78.1-1 -- Initial build. First version diff --git a/SPECS/docker-compose/docker-compose.spec b/SPECS/docker-compose/docker-compose.spec deleted file mode 100644 index 3a19a4fb54..0000000000 --- a/SPECS/docker-compose/docker-compose.spec +++ /dev/null @@ -1,77 +0,0 @@ -%global debug_package %{nil} - -Name: docker-compose -Version: 2.20.2 -Release: 3%{?dist} -Summary: Multi-container orchestration for Docker -Group: Application/File -Vendor: VMware, Inc. -Distribution: Photon -License: ASL 2.0 -URL: /~https://github.com/docker/compose - -Source0: /~https://github.com/docker/compose/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz -%define sha512 %{name}=8b8ccece806edfaffef497ed8b8b64c6050aa35363e350a14b5a257c9230ed5656a0e5661ce6c314c2911b438780421f71714477a83e2e64db2cf6c921f86af1 - -BuildRequires: go -BuildRequires: ca-certificates - -%description -Docker Compose (V2) plugin for the Docker CLI. - -This plugin provides the 'docker compose' subcommand. - -The binary can also be run standalone as a direct replacement for -Docker Compose V1 ('docker-compose'). - -%prep -%autosetup -p1 -n compose-%{version} - -%build -make VERSION=%{version} build %{?_smp_mflags} - -%install -install -D -p -m 0755 bin/build/docker-compose %{buildroot}%{_bindir}/docker-compose -for f in LICENSE MAINTAINERS NOTICE README.md; do - install -D -p -m 0644 "$f" "docker-compose-docs/$f" -done - -%if 0%{?with_check} -%check -ver="$(%{buildroot}%{_bindir}/docker-compose docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $1 == "Version" { print $2 }')"; \ - test "$ver" = %{version} && echo "PASS: docker-compose version OK" || (echo "FAIL: docker-compose version ($ver) did not match" && exit 1) -%endif - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root,-) -%doc docker-compose-docs/* -%{_bindir}/* - -%changelog -* Wed Oct 11 2023 Piyush Gupta 2.20.2-3 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 2.20.2-2 -- Bump up version to compile with new go -* Tue Aug 08 2023 Piyush Gupta 2.20.2-1 -- Upgrade to 2.20.2. -* Tue Jul 04 2023 Piyush Gupta 2.19.0-1 -- Upgrade to v2.19.0. -* Mon Jul 03 2023 Piyush Gupta 2.14.0-4 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 2.14.0-3 -- Bump up version to compile with new go -* Thu Mar 09 2023 Piyush Gupta 2.14.0-2 -- Bump up version to compile with new go -* Tue Dec 13 2022 Gerrit Photon 2.14.0-1 -- Automatic Version Bump -* Mon Nov 21 2022 Piyush Gupta 2.12.2-2 -- Bump up version to compile with new go -* Wed Nov 2 2022 Gerrit Photon 2.12.2-1 -- Automatic Version Bump -* Wed Oct 26 2022 Piyush Gupta 2.11.0-2 -- Bump up version to compile with new go -* Mon Sep 19 2022 Mukul Sikka 2.11.0-1 -- Initial Build diff --git a/SPECS/docker-py/docker-py.spec b/SPECS/docker-py/docker-py.spec deleted file mode 100644 index 81dd689e28..0000000000 --- a/SPECS/docker-py/docker-py.spec +++ /dev/null @@ -1,80 +0,0 @@ -Name: docker-py3 -Version: 6.0.0 -Release: 2%{?dist} -Summary: Python API for docker -License: ASL2.0 -Group: Development/Languages/Python -Vendor: VMware, Inc. -Distribution: Photon -URL: /~https://github.com/docker/docker-py - -Source0: /~https://github.com/docker/docker-py/releases/download/%{version}/docker-%{version}.tar.gz -%define sha512 docker=09edf7b058d38d34d0fe0432b336d6fc494648c0e41cf4ae7f7bbf3db158143ca8fbea87e51d3b354c5f40bd7f1481e003e4b55f879ef562e91f19b62143c271 - -BuildRequires: python3-devel -BuildRequires: python3-ipaddress -BuildRequires: python3-pip -BuildRequires: python3-requests -BuildRequires: python3-setuptools -BuildRequires: python3-six -BuildRequires: python3-xml -BuildRequires: python3-macros - -%if 0%{?with_check} -BuildRequires: python3-pytest -BuildRequires: python3-websocket-client -BuildRequires: python3-paramiko -%endif - -Requires: python3 -Requires: docker-pycreds3 -Requires: python3-backports.ssl_match_hostname -Requires: python3-ipaddress -Requires: python3-requests -Requires: python3-six -Requires: python3-websocket-client - -BuildArch: noarch - -%description -Python API for docker - -%prep -%autosetup -p1 -n docker-%{version} - -%build -%{py3_build} - -%install -%{py3_install} - -%if 0%{?with_check} -%check -%{pytest} tests/unit -%endif - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root,-) -%{python3_sitelib}/* - -%changelog -* Tue Dec 06 2022 Prashant S Chauhan 6.0.0-2 -- Update release to compile with python 3.11 -* Mon Oct 24 2022 Shreenidhi Shedi 6.0.0-1 -- Upgrade to v6.0.0 -* Thu Oct 15 2020 Ashwin H 4.3.1-1 -- Upgrade to 4.3.1 release. -* Mon Jun 15 2020 Tapas Kundu 3.5.0-2 -- Mass removal python2 -* Tue Sep 04 2018 Tapas Kundu 3.5.0-1 -- Upgraded to 3.5.0 release. -* Fri Dec 01 2017 Xiaolin Li 2.3.0-3 -- Added docker-pycreds3, python3-requests, python3-six, -- python3-websocket-client to requires of docker-py3 -* Wed Jun 07 2017 Xiaolin Li 2.3.0-2 -- Add python3-setuptools and python3-xml to python3 sub package Buildrequires. -* Sun Jun 04 2017 Vinay Kulkarni 2.3.0-1 -- Initial version of docker-py for PhotonOS. diff --git a/SPECS/docker-pycreds/docker-pycreds.spec b/SPECS/docker-pycreds/docker-pycreds.spec deleted file mode 100644 index 780a7426c3..0000000000 --- a/SPECS/docker-pycreds/docker-pycreds.spec +++ /dev/null @@ -1,60 +0,0 @@ -Name: docker-pycreds3 -Version: 0.4.0 -Release: 2%{?dist} -Summary: Python API for docker credentials store -License: ASL2.0 -Group: Development/Languages/Python -Vendor: VMware, Inc. -Distribution: Photon -URL: /~https://github.com/shin-/dockerpy-creds - -Source0: /~https://github.com/shin-/dockerpy-creds/archive/refs/tags/docker-pycreds-%{version}.tar.gz -%define sha512 docker-pycreds=ca5f68ef2405cc57c0b54224d4f8199c9a4c9217d78f627bffeb950998b09a69b608d1e365cac6859661346fd078c3d081828bb4ff2e18bf7a9384451ae2225a - -BuildRequires: python3-devel -BuildRequires: python3-setuptools -%if 0%{?with_check} -BuildRequires: python3-pytest -%endif - -Requires: python3 - -BuildArch: noarch - -%description -Python API for docker credentials store - -%prep -%autosetup -p1 -n docker-pycreds-%{version} - -%build -%py3_build - -%install -%py3_install - -%clean -rm -rf %{buildroot} - -%if 0%{?with_check} -%check -%pytest -%endif - -%files -%defattr(-,root,root,-) -%{python3_sitelib}/* - -%changelog -* Tue Dec 06 2022 Prashant S Chauhan 0.4.0-2 -- Update release to compile with python 3.11 -* Thu Oct 15 2020 Ashwin H 0.4.0-1 -- Upgrade to 0.4.0 release. -* Thu Jun 18 2020 Tapas Kundu 0.3.0-2 -- Mass removal python2 -* Tue Sep 04 2018 Tapas Kundu 0.3.0-1 -- Upgraded to 0.3.0 version -* Wed Jun 07 2017 Xiaolin Li 0.2.1-2 -- Add python3-setuptools and python3-xml to python3 sub package Buildrequires. -* Sun Jun 04 2017 Vinay Kulkarni 0.2.1-1 -- Initial version of docker-pycreds for PhotonOS. diff --git a/SPECS/docker/default-disable.preset b/SPECS/docker/default-disable.preset deleted file mode 100644 index bd9ccf391b..0000000000 --- a/SPECS/docker/default-disable.preset +++ /dev/null @@ -1 +0,0 @@ -disable docker.service diff --git a/SPECS/docker/docker-post19.service b/SPECS/docker/docker-post19.service deleted file mode 100644 index a7d36cbf17..0000000000 --- a/SPECS/docker/docker-post19.service +++ /dev/null @@ -1,46 +0,0 @@ -[Unit] -Description=Docker Application Container Engine -Documentation=https://docs.docker.com -After=network-online.target containerd.service -Wants=network-online.target -Requires=docker.socket containerd.service - -[Service] -Type=notify -# the default is not to use systemd for cgroups because the delegate issues still -# exists and systemd currently does not support the cgroup feature set required -# for containers run by docker -ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -ExecReload=/bin/kill -s HUP $MAINPID -TimeoutSec=0 -RestartSec=2 -Restart=always - -# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229. -# Both the old, and new location are accepted by systemd 229 and up, so using the old location -# to make them work for either version of systemd. -StartLimitBurst=3 - -# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230. -# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make -# this option work for either version of systemd. -StartLimitInterval=60s - -# Having non-zero Limit*s causes performance problems due to accounting overhead -# in the kernel. We recommend using cgroups to do container-local accounting. -LimitNOFILE=infinity -LimitNPROC=infinity -LimitCORE=infinity - -# Comment TasksMax if your systemd version does not support it. -# Only systemd 226 and above support this option. -TasksMax=infinity - -# set delegate yes so that systemd does not reset the cgroups of docker containers -Delegate=yes - -# kill only the docker process, not all processes in the cgroup -KillMode=process - -[Install] -WantedBy=multi-user.target diff --git a/SPECS/docker/docker-post19.socket b/SPECS/docker/docker-post19.socket deleted file mode 100644 index 7dd95098e4..0000000000 --- a/SPECS/docker/docker-post19.socket +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Docker Socket for the API -PartOf=docker.service - -[Socket] -ListenStream=/var/run/docker.sock -SocketMode=0660 -SocketUser=root -SocketGroup=docker - -[Install] -WantedBy=sockets.target diff --git a/SPECS/docker/docker.spec b/SPECS/docker/docker.spec deleted file mode 100644 index b2e3b47afb..0000000000 --- a/SPECS/docker/docker.spec +++ /dev/null @@ -1,356 +0,0 @@ -%define debug_package %{nil} -%define __os_install_post %{nil} - -# Must be in sync with package version -%define DOCKER_ENGINE_GITCOMMIT a61e2b4 -%define DOCKER_CLI_GITCOMMIT ced0996 -%define TINI_GITCOMMIT de40ad0 - -%define gopath_comp_engine github.com/docker/docker -%define gopath_comp_cli github.com/docker/cli -%define gopath_comp_libnetwork github.com/docker/libnetwork - -Summary: Docker -Name: docker -Version: 24.0.5 -Release: 3%{?dist} -License: ASL 2.0 -URL: http://docs.docker.com -Group: Applications/File -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/moby/moby/archive/moby-%{version}.tar.gz -%define sha512 moby=cde2e47e7658b153399ee29154ec21eebf54b292185e07d43b968895dcfdfead95e4507fefb713859a4540f21d8007116d3ebeaa1fb7ba305fb2a0449ba1bee6 - -Source1: /~https://github.com/krallin/tini/archive/tini-0.19.0.tar.gz -%define sha512 tini=3591a6db54b8f35c30eafc6bbf8903926c382fd7fe2926faea5d95c7b562130b5264228df550f2ad83581856fd5291cf4aab44ee078aef3270c74be70886055c - -Source2: /~https://github.com/docker/libnetwork/archive/libnetwork-64b7a45.tar.gz -%define sha512 libnetwork=e4102a20d2ff681de7bc52381d473c6f6b13d1d59fb14a749e8e3ceda439a74dd7cf2046a2042019c646269173b55d4e78140fe5e8c59d913895a35d4a5f40a4 - -Source3: /~https://github.com/docker/cli/archive/refs/tags/docker-cli-%{version}.tar.gz -%define sha512 docker-cli=765c67634d91d248b156d3e407398b98b7a0a89507bbac0310d4a68b95aa1a05e3af43c8b90bc10166748749d8cc36670619fc9efca110beefbdcd4385dc96be - -Source4: docker-post19.service -Source5: docker-post19.socket -Source6: default-disable.preset - -Patch0: tini-disable-git.patch - -BuildRequires: systemd-devel -BuildRequires: device-mapper-devel -BuildRequires: btrfs-progs-devel -BuildRequires: libseccomp-devel -BuildRequires: libltdl-devel -BuildRequires: libgcc-devel -BuildRequires: glibc-devel -BuildRequires: go -BuildRequires: go-md2man -BuildRequires: cmake -BuildRequires: sed -BuildRequires: jq -BuildRequires: libapparmor-devel -BuildRequires: libslirp-devel -BuildRequires: slirp4netns - -Requires: docker-engine = %{version}-%{release} -Requires: docker-cli = %{version}-%{release} -# bash completion uses awk -Requires: gawk - -%description -Docker is an open source project to build, ship and run any application as a lightweight container. - -%package engine -Summary: Docker Engine -Requires: libapparmor -Requires: libseccomp -Requires: libltdl -Requires: device-mapper-libs -Requires: systemd -Requires: containerd -# 20.10 uses containerd v2 shim by default -Requires: /usr/bin/containerd-shim-runc-v2 - -%description engine -Docker is an open source project to build, ship and run any application as a lightweight container. - -%package cli -Summary: Docker CLI -Requires: libgcc -Requires: glibc - -%description cli -Docker is an open source project to build, ship and run any application as a lightweight container. - -%package doc -Summary: Documentation and vimfiles for docker -Requires: %{name} = %{version}-%{release} - -%description doc -Documentation and vimfiles for docker - -%package rootless -Summary: Rootless support for Docker -Requires: slirp4netns -Requires: libslirp -Requires: fuse -Requires: rootlesskit -Requires: %{name} = %{version}-%{release} -Requires: dbus-user-session - -%description rootless -Rootless support for Docker. -Use dockerd-rootless.sh to run the daemon. -Use dockerd-rootless-setuptool.sh to setup systemd for dockerd-rootless.sh. - -%prep -# Using autosetup is not feasible -%setup -q -c -n moby-%{version} - -mkdir -p "$(dirname "src/%{gopath_comp_engine}")" \ - "$(dirname "src/%{gopath_comp_cli}")" \ - "src/%{gopath_comp_libnetwork}" \ - tini \ - bin - -mv moby-%{version} src/%{gopath_comp_engine} - -tar -xf %{SOURCE3} -mv cli-%{version} src/%{gopath_comp_cli} - -tar -C tini -xf %{SOURCE1} - -tar -C src/%{gopath_comp_libnetwork} -xf %{SOURCE2} - -# Patch sources -pushd tini -%autopatch -p1 -M0 -popd - -%build -export GOPATH="${PWD}" -export GO111MODULE=off - -CONTAINERD_MIN_VER="1.2.0-beta.1" -BUILDTIME="$(date -u --rfc-3339 ns | sed -e 's/ /T/')" -PLATFORM="Docker Engine - Community" -DEFAULT_PRODUCT_LICENSE="Community Engine" -ENGINE_IMAGE="engine-community" - -# cli -pushd "src/%{gopath_comp_cli}" - DISABLE_WARN_OUTSIDE_CONTAINER=1 \ - VERSION=%{version} \ - BUILDTIME="$BUILDTIME" \ - PLATFORM="$PLATFORM" \ - GITCOMMIT=%{DOCKER_CLI_GITCOMMIT} \ - make dynbinary manpages %{?_smp_mflags} -popd - -# Don't use trimpath for now, see /~https://github.com/golang/go/issues/16860 -# Ideally we should remove the RPM build prefixes (.../BUILD/src/...) - -#BUILDFLAGS="-gcflags=all=-trimpath=$GOPATH -asmflags=all=-trimpath=$GOPATH" - -# daemon -pushd "src/%{gopath_comp_engine}" - VERSION=%{version} \ - DOCKER_GITCOMMIT=%{DOCKER_ENGINE_GITCOMMIT} \ - PRODUCT=docker \ - BUILDTIME="$BUILDTIME" \ - PLATFORM="$PLATFORM" \ - DEFAULT_PRODUCT_LICENSE="$DEFAULT_PRODUCT_LICENSE" \ - DOCKER_BUILDTAGS="seccomp selinux apparmor exclude_graphdriver_aufs" \ - ./hack/make.sh dynbinary -popd - -# proxy -pushd "src/%{gopath_comp_libnetwork}" - go build -buildmode=pie -ldflags=-linkmode=external -o "$GOPATH/bin/docker-proxy" %{gopath_comp_libnetwork}/cmd/proxy -popd - -# init -pushd tini -%cmake \ - -Dtini_VERSION_GIT:STRING=%{TINI_GITCOMMIT} \ - -Dgit_version_check_ret=0 - -cd %{__cmake_builddir} -make tini-static %{?_smp_mflags} -cp tini-static "$GOPATH/bin/docker-init" -popd - -jq -n \ - --arg platform "$PLATFORM" \ - --arg engine_image "$ENGINE_IMGE" \ - --arg containerd_min_ver "$CONTAINERD_MIN_VER" \ - --arg runtime "host_install" \ - '.platform = $platform | .engine_image = $engine_image | .containerd_min_version = $containerd_min_ver | .runtime = $runtime' \ - > distribution_based_engine.json - -%install -install -d -m755 %{buildroot}%{_mandir}/man1 -install -d -m755 %{buildroot}%{_mandir}/man5 -install -d -m755 %{buildroot}%{_mandir}/man8 -install -d -m755 %{buildroot}%{_bindir} -install -d -m755 %{buildroot}%{_unitdir} -install -d -m755 %{buildroot}%{_sharedstatedir}/docker-engine -install -d -m755 %{buildroot}%{_udevrulesdir} -install -d -m755 %{buildroot}%{_datadir}/bash-completion/completions - -# install binary -install -p -m 755 src/%{gopath_comp_cli}/build/docker %{buildroot}%{_bindir}/docker -install -p -m 755 src/%{gopath_comp_engine}/bundles/dynbinary-daemon/dockerd %{buildroot}%{_bindir}/dockerd - -# install proxy -install -p -m 755 bin/docker-proxy %{buildroot}%{_bindir}/docker-proxy - -# install tini -install -p -m 755 bin/docker-init %{buildroot}%{_bindir}/docker-init - -# install udev rules -install -p -m 644 src/%{gopath_comp_engine}/contrib/udev/80-docker.rules %{buildroot}%{_udevrulesdir}/80-docker.rules - -# add init scripts -install -p -m 644 %{SOURCE4} %{buildroot}%{_unitdir}/docker.service -install -p -m 644 %{SOURCE5} %{buildroot}%{_unitdir}/docker.socket - -# add docker-engine metadata -install -p -m 644 distribution_based_engine.json %{buildroot}%{_sharedstatedir}/docker-engine/distribution_based_engine.json - -# add bash completions -install -p -m 644 src/%{gopath_comp_cli}/contrib/completion/bash/docker %{buildroot}%{_datadir}/bash-completion/completions/docker - -# install manpages -install -p -m 644 src/%{gopath_comp_cli}/man/man1/*.1 %{buildroot}%{_mandir}/man1 -install -p -m 644 src/%{gopath_comp_cli}/man/man5/*.5 %{buildroot}%{_mandir}/man5 -install -p -m 644 src/%{gopath_comp_cli}/man/man8/*.8 %{buildroot}%{_mandir}/man8 - -# vimfiles are now upstream, no vim files installed - -mkdir -p build-docs -for engine_file in AUTHORS CONTRIBUTING.md LICENSE MAINTAINERS NOTICE README.md; do - cp "src/%{gopath_comp_engine}/$engine_file" "build-docs/engine-$engine_file" -done -for cli_file in AUTHORS LICENSE MAINTAINERS NOTICE README.md; do - cp "src/%{gopath_comp_cli}/$cli_file" "build-docs/cli-$cli_file" -done - -install -v -D -m 0644 %{SOURCE6} %{buildroot}%{_presetdir}/50-docker.preset - -# docker-rootless -install -D -p -m 0755 %{_builddir}/moby-%{version}/src/github.com/docker/docker/contrib/dockerd-rootless.sh %{buildroot}%{_bindir}/dockerd-rootless.sh -install -D -p -m 0755 %{_builddir}/moby-%{version}/src/github.com/docker/docker/contrib/dockerd-rootless-setuptool.sh %{buildroot}%{_bindir}/dockerd-rootless-setuptool.sh - -%pre engine -if [ $1 -gt 0 ] ; then - # package upgrade scenario, before new files are installed - - # clear any old state - rm -f %{_sharedstatedir}/rpm-state/docker-is-active > /dev/null 2>&1 || : - - # check if docker service is running - if systemctl is-active docker.service > /dev/null 2>&1; then - systemctl stop docker > /dev/null 2>&1 || : - touch %{_sharedstatedir}/rpm-state/docker-is-active > /dev/null 2>&1 || : - fi -fi - -%preun engine -%systemd_preun docker.service - -%post engine -if [ $1 -eq 1 ] ; then - getent group docker >/dev/null || groupadd -r docker -fi -%systemd_post docker.service - -%postun engine -%systemd_postun_with_restart docker.service -if [ $1 -eq 0 ] ; then - getent group docker >/dev/null && groupdel docker || : -fi - -%posttrans engine -if [ $1 -ge 0 ] ; then - # package upgrade scenario, after new files are installed - - # check if docker was running before upgrade - if [ -f %{_sharedstatedir}/rpm-state/docker-is-active ]; then - systemctl start docker > /dev/null 2>&1 || : - rm -f %{_sharedstatedir}/rpm-state/docker-is-active > /dev/null 2>&1 || : - fi -fi - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) - -%files engine -%defattr(-,root,root) -%{_unitdir}/docker.service -%{_unitdir}/docker.socket -%{_presetdir}/50-docker.preset -%{_bindir}/docker-proxy -%{_bindir}/docker-init -%{_bindir}/dockerd -%{_udevrulesdir}/80-docker.rules -%{_sharedstatedir}/docker-engine/distribution_based_engine.json - -%files cli -%defattr(-,root,root) -%{_bindir}/docker -%{_datadir}/bash-completion/completions/docker - -%files doc -%defattr(-,root,root) -%doc build-docs/engine-AUTHORS build-docs/engine-CONTRIBUTING.md build-docs/engine-LICENSE build-docs/engine-MAINTAINERS build-docs/engine-NOTICE build-docs/engine-README.md -%doc build-docs/cli-LICENSE build-docs/cli-MAINTAINERS build-docs/cli-NOTICE build-docs/cli-README.md -%doc -%{_mandir}/man1/* -%{_mandir}/man5/* -%{_mandir}/man8/* - -%files rootless -%{_bindir}/dockerd-rootless.sh -%{_bindir}/dockerd-rootless-setuptool.sh - -%changelog -* Wed Oct 11 2023 Piyush Gupta 24.0.5-3 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 24.0.5-2 -- Bump up version to compile with new go -* Mon Jul 17 2023 Piyush Gupta 24.0.5-1 -- Upgrade to v24.0.5. -* Mon Jul 03 2023 Piyush Gupta 23.0.2-3 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 23.0.2-2 -- Bump up version to compile with new go -* Thu Mar 30 2023 Prashant S Chauhan 23.0.2-1 -- Update to 23.0.2, Add libapparmor as requires -* Fri Mar 24 2023 Prashant S Chauhan 23.0.1-2 -- Add apparmor-profiles as Requires, fixes apparmor profile not applied -* Fri Mar 10 2023 Prashant S Chauhan 23.0.1-1 -- Update to 23.0.1 -* Thu Mar 09 2023 Piyush Gupta 20.10.14-9 -- Bump up version to compile with new go -* Sat Feb 11 2023 Shreenidhi Shedi 20.10.14-8 -- Bump version as a part of rootlesskit upgrade -* Thu Jan 19 2023 Shreenidhi Shedi 20.10.14-7 -- Add dbus-user-session to requires -* Thu Nov 24 2022 Shreenidhi Shedi 20.10.14-6 -- Bump version as a part of containerd upgrade -* Mon Nov 21 2022 Piyush Gupta 20.10.14-5 -- Bump up version to compile with new go -* Wed Oct 26 2022 Piyush Gupta 20.10.14-4 -- Bump up version to compile with new go -* Sun Jul 10 2022 Shreenidhi Shedi 20.10.14-3 -- Add seperate package for rootlesskit & add proper conflicts. -* Tue May 10 2022 Shreenidhi Shedi 20.10.14-2 -- Add docker-rootless support -* Wed Apr 27 2022 Shreenidhi Shedi 20.10.14-1 -- Initial packaging of 20.10 diff --git a/SPECS/docker/tini-disable-git.patch b/SPECS/docker/tini-disable-git.patch deleted file mode 100644 index c94f9eb841..0000000000 --- a/SPECS/docker/tini-disable-git.patch +++ /dev/null @@ -1,34 +0,0 @@ -From a778da75578051d31a4badcf781f6d3af2b6b65b Mon Sep 17 00:00:00 2001 -From: Bo Gan -Date: Mon, 28 Oct 2019 17:14:22 -0700 -Subject: [PATCH] disable git invocation - ---- - CMakeLists.txt | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 490bec8..0c897a7 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -13,6 +13,8 @@ if(MINIMAL) - add_definitions(-DTINI_MINIMAL=1) - endif() - -+if(FALSE) -+ - # Extract git version and dirty-ness - execute_process ( - COMMAND git --git-dir "${PROJECT_SOURCE_DIR}/.git" --work-tree "${PROJECT_SOURCE_DIR}" log -n 1 --date=local --pretty=format:%h -@@ -27,6 +29,8 @@ execute_process( - OUTPUT_VARIABLE git_dirty_check_out - ) - -+endif() -+ - if("${git_version_check_ret}" EQUAL 0) - set(tini_VERSION_GIT " - git.${tini_VERSION_GIT}") - if(NOT "${git_dirty_check_out}" STREQUAL "") --- -2.7.4 - diff --git a/SPECS/dool/dool.spec b/SPECS/dool/dool.spec deleted file mode 100644 index 65734f5a14..0000000000 --- a/SPECS/dool/dool.spec +++ /dev/null @@ -1,59 +0,0 @@ -Summary: Versatile resource statistics tool -Name: dool -Version: 1.2.0 -Release: 1%{?dist} -License: GPLv2 -URL: /~https://github.com/scottchiefbaker/dool -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/scottchiefbaker/dool/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=b194ea4ac735f93d494c6c227270867e728f55602d787db2e5a0d7997ddf74662eefd3fb549429400349f5f36a4c86a398389afca0d931d6e1f79e67dedfd670 - -%if 0%{?with_check} -BuildRequires: python3 -BuildRequires: python3-curses -%endif - -Requires: python3 -Requires: python3-curses - -Provides: dstat = %{version}-%{release} -Obsoletes: dstat <= 0.7.4 - -%description -Dstat gives you detailed selective information in columns and clearly -indicates in what magnitude and unit the output is displayed. -Less confusion, less mistakes. And most importantly, it makes it very -easy to write plugins to collect your own counters and extend in ways -you never expected. - -%prep -%autosetup -p1 - -%install -%make_install %{?_smp_mflags} - -ln -sv %{name} %{buildroot}%{_bindir}/dstat - -%if 0%{?with_check} -%check -export PATH=$PATH:%{buildroot}%{_bindir} -dool --version -dool -taf 1 3 -%endif - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root,0755) -%doc %{_mandir}/* -%{_bindir}/%{name} -%{_bindir}/dstat -%{_datadir}/%{name}/ - -%changelog -* Fri Jul 28 2023 Shreenidhi Shedi 1.2.0-1 -- Initial version. diff --git a/SPECS/dos2unix/dos2unix.spec b/SPECS/dos2unix/dos2unix.spec deleted file mode 100644 index 17faf27bc9..0000000000 --- a/SPECS/dos2unix/dos2unix.spec +++ /dev/null @@ -1,61 +0,0 @@ -Name: dos2unix -Version: 7.4.3 -Release: 2%{?dist} -License: BSD -Summary: Text file format converters -URL: https://waterlan.home.xs4all.nl/dos2unix.html -Vendor: VMware, Inc. -Distribution: Photon -Group: System/Tools - -Source0: https://waterlan.home.xs4all.nl/dos2unix/%{name}-%{version}.tar.gz -%define sha512 %{name}=1c6d81348de8aca451174794141d0802685487cf6847fa91f7de745d89bcf2af864fc2ec549b9af72031891d4efcb9731fe823ce05da36d1f9e9890ff2cb60fb - -BuildRequires: gcc -BuildRequires: gettext-devel -BuildRequires: make - -Provides: unix2dos - -Conflicts: toybox < 0.8.6-1 - -%description -Convert text files with DOS or Mac line endings to Unix line endings and -vice versa. - -%prep -%autosetup -p1 - -%build -%make_build - -%install -%make_install %{?_smp_mflags} -rm -rf %{buildroot}%{_docdir} -%find_lang %{name} --with-man --all-name - -%check -make test %{?_smp_mflags} - -%clean -rm -rf %{buildroot} - -%files -f %{name}.lang -%license COPYING.txt -%doc man/man1/dos2unix.htm ChangeLog.txt -%doc NEWS.txt README.txt TODO.txt -%{_bindir}/%{name} -%{_bindir}/mac2unix -%{_bindir}/unix2dos -%{_bindir}/unix2mac -%{_mandir}/man1/*.1* - -%changelog -* Sat Jan 14 2023 Ashwin Dayanand Kamat 7.4.3-2 -- Bump version as a part of gettext upgrade -* Mon Jul 11 2022 Gerrit Photon 7.4.3-1 -- Automatic Version Bump -* Tue Dec 07 2021 Shreenidhi Shedi 7.4.2-2 -- Conflict with toybox < 0.8.6-1 -* Mon Apr 26 2021 Shreenidhi Shedi 7.4.2-1 -- Initial version diff --git a/SPECS/dosfstools/dosfstools.spec b/SPECS/dosfstools/dosfstools.spec deleted file mode 100644 index 9516bab4b1..0000000000 --- a/SPECS/dosfstools/dosfstools.spec +++ /dev/null @@ -1,48 +0,0 @@ -Summary: Dos Filesystem tools -Name: dosfstools -Version: 4.2 -Release: 1%{?dist} -License: GPLv3+ -URL: http://github.com/dosfstools/dosfstools -Group: Filesystem Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz -%define sha1 %{name}=1aa7eef62a57339d0a275daf5c31f96d23429c11 - -%description -dosfstools contains utilities for making and checking MS-DOS FAT filesystems. - -%prep -%autosetup -p1 - -%build -./autogen.sh -%configure --enable-compat-symlinks -make %{?_smp_mflags} - -%install -[ %{buildroot} != "/" ] && rm -rf %{buildroot}/* -make DESTDIR=%{buildroot} PREFIX="/usr" install %{?_smp_mflags} - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_sbindir}/* -%{_mandir}/man8/* -%{_docdir}/dosfstools/* - -%changelog -* Mon Apr 12 2021 Gerrit Photon 4.2-1 -- Automatic Version Bump -* Thu May 04 2017 Chang Lee 4.1-2 -- Add .vfat and .msdos symlinks back. -* Fri Mar 31 2017 Chang Lee 4.1-1 -- Updated package version -* Tue May 24 2016 Priyesh Padmavilasom 3.0.26-2 -- GA - Bump release of all rpms -* Tue Jul 01 2014 Sharath George 3.0.26-1 -- Initial build. First version diff --git a/SPECS/dotnet-runtime/dotnet-runtime.spec b/SPECS/dotnet-runtime/dotnet-runtime.spec deleted file mode 100644 index 59de871d52..0000000000 --- a/SPECS/dotnet-runtime/dotnet-runtime.spec +++ /dev/null @@ -1,86 +0,0 @@ -%global debug_package %{nil} - -Summary: Microsoft .NET Core Runtime -Name: dotnet-runtime -Version: 7.0.2 -Release: 1%{?dist} -Vendor: VMware, Inc. -Distribution: Photon -License: MIT -Url: /~https://github.com/dotnet/core -Group: Development/Tools - -# Download source tarball from the links provided in: -# /~https://github.com/dotnet/core/tree/main/release-notes -# -# For example: -# /~https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.0/6.0.0.md -# https://download.visualstudio.microsoft.com/download/pr/0ce1c34f-0d9e-4d9b-964e-da676c8e605a/7a6c353b36477fa84f85b2821f2350c2/dotnet-runtime-6.0.0-linux-x64.tar.gz -Source0: %{name}-%{version}-linux-x64.tar.gz -%define sha512 %{name}=56f7f471052b955968b9a4caa27299ac003e0347ae80e8ef23de87d28a2707bdf7ceb70467cc3e9f0c80928a779841dd7e1392ed6b06e66a7a9cda696d5c0a1e - -BuildArch: x86_64 - -BuildRequires: lttng-ust-devel >= 2.13.4-2 - -Requires: curl -Requires: libunwind -Requires: krb5 -Requires: lttng-ust >= 2.13.4-2 - -%description -.NET Core is a development platform that you can use to build command-line -applications, microservices and modern websites. - -%prep -%autosetup -p1 -c %{name}-%{version} -p1 - -%build - -%install -mkdir -p %{buildroot}%{_libdir}/dotnet \ - %{buildroot}%{_docdir}/%{name}-%{version} \ - %{buildroot}%{_bindir} - -cp -pr * %{buildroot}%{_libdir}/dotnet -ln -sfrv %{buildroot}%{_libdir}/dotnet/dotnet %{buildroot}%{_bindir}/dotnet - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root,0755) -%exclude %dir %{_libdir}/debug -%{_docdir}/* -%{_bindir}/dotnet -%{_libdir}/* - -%changelog -* Sat Feb 11 2023 Shreenidhi Shedi 7.0.2-1 -- Upgrade to v7.0.2 -* Wed Oct 05 2022 Shreenidhi Shedi 7.0.0-rc1 -- Upgrade to v7.0.0-rc1 -* Thu Sep 29 2022 Shreenidhi Shedi 6.0.0-3 -- Bump version after lttng-ust upgrade -* Tue Mar 01 2022 Shreenidhi Shedi 6.0.0-2 -- Fix binary path -* Mon Nov 15 2021 Satya Naga Vasamsetty 6.0.0-1 -- Upgrade to version 6.0.0 -* Tue Oct 26 2021 Shreenidhi Shedi 5.0.11-1 -- Upgrade to version 5.0.11 -* Tue Mar 9 2021 Shreyas B. 5.0.3-1 -- Upgrade to v5.0.3 -* Thu Jun 25 2020 Gerrit Photon 3.1.5-1 -- Automatic Version Bump -* Mon Nov 11 2019 Shreyas B. 2.2.3-1 -- Upgraded to v2.2.3 -* Wed Dec 05 2018 Ajay Kaher 2.2.0-1 -- upgraded to version 2.2.0 -* Thu Sep 27 2018 Ajay Kaher 2.1.4-1 -- upgraded to version 2.1.4 -- add aarch64 support -* Wed Jan 31 2018 Priyesh Padmavilasom 2.0.5-1 -- Initial build for photon diff --git a/SPECS/dotnet-sdk/dotnet-sdk.spec b/SPECS/dotnet-sdk/dotnet-sdk.spec deleted file mode 100644 index f353d09c7c..0000000000 --- a/SPECS/dotnet-sdk/dotnet-sdk.spec +++ /dev/null @@ -1,69 +0,0 @@ -%define debug_package %{nil} - -Summary: Microsoft .NET Core SDK -Name: dotnet-sdk -Version: 7.0.102 -Release: 2%{?dist} -Vendor: VMware, Inc. -Distribution: Photon -License: MIT -Url: /~https://github.com/dotnet/core -Group: Development/Tools - -# Download source tarball from the links provided in: -# /~https://github.com/dotnet/core/tree/main/release-notes -# -# For example: -# /~https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.0/6.0.0.md -# https://download.visualstudio.microsoft.com/download/pr/17b6759f-1af0-41bc-ab12-209ba0377779/e8d02195dbf1434b940e0f05ae086453/dotnet-sdk-6.0.100-linux-x64.tar.gz -Source0: %{name}-%{version}-linux-x64.tar.gz -%define sha512 %{name}=7667aae20a9e50d31d1fc004cdc5cb033d2682d3aa793dde28fa2869de5ac9114e8215a87447eb734e87073cfe9496c1c9b940133567f12b3a7dea31a813967f - -BuildArch: x86_64 - -Requires: dotnet-runtime >= 7.0.2 -Requires: icu >= 70.1 - -%description -.NET Core is a development platform that you can use to build command-line -applications, microservices and modern websites. - -%prep -%autosetup -p1 -c %{name}-%{version} -p1 - -%build - -%install -mkdir -p %{buildroot}%{_libdir}/dotnet/sdk - -cp -pr sdk/%{version} %{buildroot}%{_libdir}/dotnet/sdk - -%files -%defattr(-,root,root,0755) -%{_libdir}/* - -%changelog -* Sun Feb 12 2023 Shreenidhi Shedi 7.0.102-2 -- Bump version as a part of icu upgrade -* Sat Feb 11 2023 Shreenidhi Shedi 7.0.102-1 -- Upgrade to v7.0.102 -* Thu Oct 06 2022 Shreenidhi Shedi 7.0.100-rc1.1 -- Bump version as a part of icu upgrade -* Wed Oct 05 2022 Shreenidhi Shedi 7.0.100-rc1 -- Upgrade to v7.0.100-rc1 -* Tue Dec 07 2021 Alexey Makhalov 6.0.100-2 -- Release bump to build with icu-70.1 -* Mon Nov 15 2021 Satya Naga Vasamsetty 6.0.100-1 -- Upgrade to version 6.0.100 -* Tue Oct 26 2021 Shreenidhi Shedi 5.0.402-1 -- Upgrade to version 5.0.402 -* Tue Mar 9 2021 Shreyas B. 5.0.103-1 -- upgrade to version 5.0.103 -* Thu Jun 25 2020 Gerrit Photon 3.1.201-1 -- Automatic Version Bump -* Thu Nov 07 2019 Shreyas B. 2.1.509-1 -- upgraded to version 2.1.509 -* Wed Dec 05 2018 Ajay Kaher 2.1.403-1 -- upgraded to version 2.1.403 -* Wed Jan 31 2018 Priyesh Padmavilasom 2.1.4-1 -- Initial build for photon diff --git a/SPECS/double-conversion/double-conversion.spec b/SPECS/double-conversion/double-conversion.spec deleted file mode 100644 index 6c43befeb2..0000000000 --- a/SPECS/double-conversion/double-conversion.spec +++ /dev/null @@ -1,73 +0,0 @@ -Summary: Library providing binary-decimal and decimal-binary routines for IEEE doubles -Name: double-conversion -Version: 3.2.1 -Release: 1%{?dist} -Group: Development/Libraries -License: BSD -Vendor: VMware, Inc. -Distribution: Photon -URL: /~https://github.com/google/double-conversion - -Source0: /~https://github.com/google/double-conversion/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 double-conversion=d2feb3098a1d4d6baab5f89bcc29ac2e06d314d552b8c747c6eb6dba5dd165a15dc71200191edb7f05d521c349e12d59cddba3c5db101e1623e0e76e19f21a49 - -BuildRequires: cmake - -Requires: glibc -Requires: libgcc -Requires: libstdc++ - -%description -This project (double-conversion) provides binary-decimal and decimal-binary routines for IEEE doubles. -The library consists of efficient conversion routines that have been extracted from the V8 JavaScript -engine.The code has been refactored and improved so that it can be used more easily in other projects. - -%package devel -Summary: Library providing binary-decimal and decimal-binary routines for IEEE doubles -Requires: %{name} = %{version}-%{release} - -%description devel -Contains header files for developing applications that use the %{name} -library. There is extensive documentation in src/double-conversion.h. Other -examples can be found in test/cctest/test-conversions.cc. - -%prep -%autosetup -p1 - -%build -export CFLAGS="%{optflags}" -export CXXFLAGS="%{optflags}" -%cmake . \ - -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix}\ - -DCMAKE_INSTALL_LIBDIR=%{_libdir}\ - -DBUILD_SHARED_LIBS:BOOL=ON\ - -DBUILD_TESTING:BOOL=ON -%cmake_build - -%install -%cmake_install - -%if 0%{?with_check} -%check -%ctest -%endif - -%ldconfig_scriptlets - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root) -%doc LICENSE README.md AUTHORS Changelog -%{_libdir}/libdouble-conversion.so.3* - -%files devel -%defattr(-,root,root) -%{_libdir}/libdouble-conversion.so -%{_libdir}/cmake/%{name} -%{_includedir}/%{name} - -%changelog -* Wed Oct 12 2022 Nitesh Kumar 3.2.1-1 -- Initial version,Needed by python3-ujson diff --git a/SPECS/doxygen/doxygen.spec b/SPECS/doxygen/doxygen.spec deleted file mode 100644 index 9c4f83e5b9..0000000000 --- a/SPECS/doxygen/doxygen.spec +++ /dev/null @@ -1,64 +0,0 @@ -Summary: C++ tool -Name: doxygen -Version: 1.9.5 -Release: 2%{?dist} -License: GPLv2+ -URL: https://www.doxygen.nl/download.html -Group: Build/Tool -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://doxygen.nl/files/doxygen-%{version}.src.tar.gz -%define sha512 %{name}=4ad4c1ecd4a12220442f354b90aa56f80e78fcaf288d5e36da421437d59811ed3d429ee13717692886a55b9628ae565d40ce13c51792ccc8bba15b1e018cb651 - -BuildRequires: cmake -BuildRequires: python3 -BuildRequires: python3-xml -BuildRequires: bison - -%description -Doxygen is the de facto standard tool for generating documentation from annotated C++ sources, -but it also supports other popular programming languages such as C, Objective-C, C#, PHP, Java, Python, IDL -(Corba, Microsoft, and UNO/OpenOffice flavors), Fortran, VHDL, and to some extent D. - -%prep -%autosetup -p1 - -%build -%cmake -DLIBCLANG_BUILD_STATIC=ON \ - -DBUILD_SHARED_LIBS=OFF \ - -DLLVM_ENABLE_PIC=OFF \ - -DLLVM_BUILD_LLVM_DYLIB=OFF \ - -DLLVM_BUILD_LLVM_C_DYLIB=OFF \ - -DLLVM_ENABLE_TERMINFO=OFF \ - -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} \ - .. - -%cmake_build - -%install -%cmake_install - -%if 0%{?with_check} -%check -cd %{__cmake_builddir} -make %{?_smp_mflags} check -%endif - -%files -%defattr(-,root,root) -%{_bindir}/%{name} - -%changelog -* Tue Dec 06 2022 Prashant S Chauhan 1.9.5-2 -- Update release to compile with python 3.11 -* Fri Aug 19 2022 Ajay Kaher 1.9.5-1 -- Version update -* Sun May 29 2022 Shreenidhi Shedi 1.9.4-2 -- Fix binary path -* Mon Apr 18 2022 Gerrit Photon 1.9.4-1 -- Automatic Version Bump -* Thu Apr 29 2021 Gerrit Photon 1.9.1-1 -- Automatic Version Bump -* Mon Oct 5 2020 Michelle Wang 1.8.20-1 -- Initial build and add this for libsigc++ build requires diff --git a/SPECS/dracut/0001-Add-mkinitrd-support-to-dracut.patch b/SPECS/dracut/0001-Add-mkinitrd-support-to-dracut.patch deleted file mode 100644 index d1b833e7d4..0000000000 --- a/SPECS/dracut/0001-Add-mkinitrd-support-to-dracut.patch +++ /dev/null @@ -1,369 +0,0 @@ -From 5089e404ea2f1b3bb65e878cd94c4f0a1379ca2e Mon Sep 17 00:00:00 2001 -From: Shreenidhi Shedi -Date: Mon, 12 Jul 2021 21:51:15 +0530 -Subject: [PATCH] Add mkinitrd support to dracut - -dracut upstream removed mkinitrd: -/~https://github.com/dracutdevs/dracut/commit/43df4ee274e7135aff87868bf3bf2fbab47aa8b4 - -Photon OS needs this tool. - -Signed-off-by: Shreenidhi Shedi ---- - Makefile | 4 +- - man/dracut.asc | 3 + - man/mkinitrd.8.asc | 66 +++++++++++++ - mkinitrd-dracut.sh | 225 +++++++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 297 insertions(+), 1 deletion(-) - create mode 100644 man/mkinitrd.8.asc - create mode 100755 mkinitrd-dracut.sh - -diff --git a/Makefile b/Makefile -index e7d69e10..e797a05b 100644 ---- a/Makefile -+++ b/Makefile -@@ -37,6 +37,7 @@ man7pages = man/dracut.cmdline.7 \ - man/dracut.modules.7 - - man8pages = man/dracut.8 \ -+ man/mkinitrd.8 \ - man/dracut-catimages.8 \ - modules.d/98dracut-systemd/dracut-cmdline.service.8 \ - modules.d/98dracut-systemd/dracut-initqueue.service.8 \ -@@ -148,6 +149,7 @@ install: all - mkdir -p $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(mandir)/man5 $(DESTDIR)$(mandir)/man7 $(DESTDIR)$(mandir)/man8 - install -m 0755 dracut.sh $(DESTDIR)$(bindir)/dracut - install -m 0755 dracut-catimages.sh $(DESTDIR)$(bindir)/dracut-catimages -+ install -m 0755 mkinitrd-dracut.sh $(DESTDIR)$(bindir)/mkinitrd - install -m 0755 lsinitrd.sh $(DESTDIR)$(bindir)/lsinitrd - install -m 0644 dracut.conf $(DESTDIR)$(sysconfdir)/dracut.conf - mkdir -p $(DESTDIR)$(sysconfdir)/dracut.conf.d -@@ -265,7 +267,7 @@ srpm: syncheck - endif - - syncheck: -- @ret=0;for i in dracut-initramfs-restore.sh modules.d/*/*.sh; do \ -+ @ret=0;for i in dracut-initramfs-restore.sh mkinitrd-dracut.sh modules.d/*/*.sh; do \ - [ "$${i##*/}" = "module-setup.sh" ] && continue; \ - read line < "$$i"; [ "$${line#*bash*}" != "$$line" ] && continue; \ - [ $$V ] && echo "posix syntax check: $$i"; bash --posix -n "$$i" ; ret=$$(($$ret+$$?)); \ -diff --git a/man/dracut.asc b/man/dracut.asc -index cc11d01e..f35535c2 100644 ---- a/man/dracut.asc -+++ b/man/dracut.asc -@@ -162,6 +162,9 @@ include::dracut.cmdline.7.asc[] - [[lsinitrd1]] - include::lsinitrd.1.asc[] - -+[[mkinitrd8]] -+include::mkinitrd.8.asc[] -+ - = Developer Manual - - :leveloffset: 1 -diff --git a/man/mkinitrd.8.asc b/man/mkinitrd.8.asc -new file mode 100644 -index 00000000..82afe2df ---- /dev/null -+++ b/man/mkinitrd.8.asc -@@ -0,0 +1,66 @@ -+MKINITRD(8) -+========= -+:doctype: manpage -+:man source: dracut -+:man manual: dracut -+:man version: {version} -+ -+NAME -+---- -+mkinitrd - is a compat wrapper, which calls dracut to generate an initramfs -+ -+SYNOPSIS -+-------- -+*mkinitrd* ['OPTION...'] [] -+ -+DESCRIPTION -+----------- -+mkinitrd creates an initramfs image for the kernel with -+version by calling "dracut". -+ -+[IMPORTANT] -+If a more fine grained control over the resulting image is needed, -+"dracut" should be called directly. -+ -+OPTIONS -+------- -+**--version**:: -+ print info about the version -+ -+**-v, --verbose**:: -+ increase verbosity level -+ -+**-f, --force**:: -+ overwrite existing initramfs file. -+ -+**--image-version*:: -+ append the kernel version to the target image -+ -. -+ -+**--with=**:: -+ add the kernel module to the initramfs. -+ -+**--preload=**:: -+ preload the kernel module in the initramfs before any other kernel -+ modules are loaded. This can be used to ensure a certain device naming, -+ which should in theory be avoided and the use of symbolic links in /dev is -+ encouraged. -+ -+**--nocompress**:: -+ do not compress the resulting image. -+ -+**--help**:: -+ print a help message and exit. -+ -+AVAILABILITY -+------------ -+The mkinitrd command is part of the dracut package and is available from -+link:$$https://dracut.wiki.kernel.org$$[https://dracut.wiki.kernel.org] -+ -+AUTHORS -+------- -+Harald Hoyer -+ -+SEE ALSO -+-------- -+*dracut*(8) -diff --git a/mkinitrd-dracut.sh b/mkinitrd-dracut.sh -new file mode 100755 -index 00000000..657e8b29 ---- /dev/null -+++ b/mkinitrd-dracut.sh -@@ -0,0 +1,225 @@ -+#!/bin/bash --norc -+kver=$(uname -r) -+ -+boot_dir="/boot" -+quiet=0 -+host_only=0 -+force=0 -+ -+error() { echo "$@" >&2; } -+ -+usage () { -+ [[ $1 = '-n' ]] && cmd=echo || cmd=error -+ -+ $cmd "usage: ${0##*/} [--version] [--help] [-v] [-f] [--preload ]" -+ $cmd " [--image-version] [--with=]" -+ $cmd " [--nocompress]" -+ $cmd " " -+ $cmd "" -+ $cmd " (ex: ${0##*/} /boot/initramfs-$kver.img $kver)" -+ -+ [[ $1 = '-n' ]] && exit 0 -+ exit 1 -+} -+ -+# Little helper function for reading args from the commandline. -+# it automatically handles -a b and -a=b variants, and returns 1 if -+# we need to shift $3. -+read_arg() { -+ # $1 = arg name -+ # $2 = arg value -+ # $3 = arg parameter -+ param="$1" -+ local rematch='^[^=]*=(.*)$' result -+ if [[ $2 =~ $rematch ]]; then -+ read "$param" <<< "${BASH_REMATCH[1]}" -+ else -+ for ((i=3; $i <= $#; i++)); do -+ # Only read next arg if it not an arg itself. -+ if [[ ${*:$i:1} = -* ]];then -+ break -+ fi -+ result="$result ${@:$i:1}" -+ # There is no way to shift our callers args, so -+ # return "no of args" to indicate they should do it instead. -+ done -+ read "$1" <<< "$result" -+ return $(($i - 3)) -+ fi -+} -+ -+# Taken over from SUSE mkinitrd -+default_kernel_images() { -+ local regex kernel_image kernel_version version_version initrd_image -+ local qf='%{NAME}-%{VERSION}-%{RELEASE}\n' -+ -+ case "${DRACUT_ARCH:-$(uname -m)}" in -+ s390|s390x) -+ regex='image' -+ ;; -+ ppc*) -+ regex='vmlinux' -+ ;; -+ i?86|x86_64) -+ regex='vmlinuz' -+ ;; -+ arm*) -+ regex='[uz]Image' -+ ;; -+ aarch64|riscv64) -+ regex='Image' -+ ;; -+ *) regex='vmlinu.' -+ ;; -+ esac -+ -+ # user mode linux -+ if grep -q UML /proc/cpuinfo; then -+ regex='linux' -+ fi -+ -+ kernel_images="" -+ initrd_images="" -+ for kernel_image in $(ls $boot_dir \ -+ | sed -ne "\|^$regex\(-[0-9.]\+-[0-9]\+-[a-z0-9]\+$\)\?|p" \ -+ | grep -v kdump$ ) ; do -+ -+ # Note that we cannot check the RPM database here -- this -+ # script is itself called from within the binary kernel -+ # packages, and rpm does not allow recursive calls. -+ -+ [ -L "$boot_dir/$kernel_image" ] && continue -+ [ "${kernel_image%%.gz}" != "$kernel_image" ] && continue -+ kernel_version=$(/usr/bin/get_kernel_version \ -+ $boot_dir/$kernel_image 2> /dev/null) -+ initrd_image=$(echo $kernel_image | sed -e "s|${regex}|initrd|") -+ if [ "$kernel_image" != "$initrd_image" -a \ -+ -n "$kernel_version" -a \ -+ -d "/lib/modules/$kernel_version" ]; then -+ kernel_images="$kernel_images $boot_dir/$kernel_image" -+ initrd_images="$initrd_images $boot_dir/$initrd_image" -+ fi -+ done -+ for kernel_image in $kernel_images;do -+ kernels="$kernels ${kernel_image#*-}" -+ done -+ for initrd_image in $initrd_images;do -+ targets="$targets $initrd_image" -+ done -+ host_only=1 -+ force=1 -+} -+ -+while (($# > 0)); do -+ case ${1%%=*} in -+ --with-usb) read_arg usbmodule "$@" || shift $? -+ basicmodules="$basicmodules ${usbmodule:-usb-storage}" -+ unset usbmodule;; -+ --with-avail) read_arg modname "$@" || shift $? -+ basicmodules="$basicmodules $modname";; -+ --with) read_arg modname "$@" || shift $? -+ basicmodules="$basicmodules $modname";; -+ --version) -+ echo "mkinitrd: dracut compatibility wrapper" -+ exit 0;; -+ -v|--verbose) dracut_args="${dracut_args} -v";; -+ -f|--force) force=1;; -+ --preload) read_arg modname "$@" || shift $? -+ basicmodules="$basicmodules $modname";; -+ --image-version) img_vers=yes;; -+ --rootfs|-d) read_arg rootfs "$@" || shift $? -+ dracut_args="${dracut_args} --filesystems $rootfs";; -+ --nocompress) dracut_args="$dracut_args --no-compress";; -+ --help) usage -n;; -+ --builtin) ;; -+ --without*) ;; -+ --without-usb) ;; -+ --fstab*) ;; -+ --ifneeded) ;; -+ --omit-scsi-modules) ;; -+ --omit-ide-modules) ;; -+ --omit-raid-modules) ;; -+ --omit-lvm-modules) ;; -+ --omit-dmraid) ;; -+ --allow-missing) ;; -+ --net-dev*) ;; -+ --noresume) ;; -+ --rootdev*) ;; -+ --thawdev*) ;; -+ --rootopts*) ;; -+ --root*) ;; -+ --loopdev*) ;; -+ --loopfs*) ;; -+ --loopopts*) ;; -+ --looppath*) ;; -+ --dsdt*) ;; -+ -s) ;; -+ --quiet|-q) quiet=1;; -+ -b) read_arg boot_dir "$@" || shift $? -+ if [ ! -d $boot_dir ];then -+ error "Boot directory $boot_dir does not exist" -+ exit 1 -+ fi -+ ;; -+ -k) # Would be nice to get a list of images here -+ read_arg kernel_images "$@" || shift $? -+ for kernel_image in $kernel_images;do -+ kernels="$kernels ${kernel_image#*-}" -+ done -+ host_only=1 -+ force=1 -+ ;; -+ -i) read_arg initrd_images "$@" || shift $? -+ for initrd_image in $initrd_images;do -+ targets="$targets $boot_dir/$initrd_image" -+ done -+ ;; -+ *) if [[ ! $targets ]]; then -+ targets=$1 -+ elif [[ ! $kernels ]]; then -+ kernels=$1 -+ else -+ usage -+ fi;; -+ esac -+ shift -+done -+ -+[[ $targets && $kernels ]] || default_kernel_images -+[[ $targets && $kernels ]] || (error "No kernel found in $boot_dir" && usage) -+ -+# We can have several targets/kernels, transform the list to an array -+targets=( $targets ) -+[[ $kernels ]] && kernels=( $kernels ) -+ -+[[ $host_only == 1 ]] && dracut_args="${dracut_args} -H" -+[[ $force == 1 ]] && dracut_args="${dracut_args} -f" -+ -+echo "Creating: target|kernel|dracut args|basicmodules " -+for ((i=0 ; $i<${#targets[@]} ; i++)); do -+ -+ if [[ $img_vers ]];then -+ target="${targets[$i]}-${kernels[$i]}" -+ else -+ target="${targets[$i]}" -+ fi -+ kernel="${kernels[$i]}" -+ -+ # Duplicate code: No way found how to redirect output based on $quiet -+ if [[ $quiet == 1 ]];then -+ echo "$target|$kernel|$dracut_args|$basicmodules" -+ if [[ $basicmodules ]]; then -+ dracut $dracut_args --add-drivers "$basicmodules" "$target" \ -+ "$kernel" &>/dev/null -+ else -+ dracut $dracut_args "$target" "$kernel" &>/dev/null -+ fi -+ else -+ if [[ $basicmodules ]]; then -+ dracut $dracut_args --add-drivers "$basicmodules" "$target" \ -+ "$kernel" -+ else -+ dracut $dracut_args "$target" "$kernel" -+ fi -+ fi -+done --- -2.17.1 - diff --git a/SPECS/dracut/0002-disable-xattr.patch b/SPECS/dracut/0002-disable-xattr.patch deleted file mode 100644 index e5545b71c2..0000000000 --- a/SPECS/dracut/0002-disable-xattr.patch +++ /dev/null @@ -1,31 +0,0 @@ -diff --git a/dracut-init.sh b/dracut-init.sh -index 40b66f5..f72de3d 100755 ---- a/dracut-init.sh -+++ b/dracut-init.sh -@@ -19,11 +19,7 @@ - # - export LC_MESSAGES=C - --if [[ $EUID == "0" ]] && ! [[ $DRACUT_NO_XATTR ]]; then -- export DRACUT_CP="cp --reflink=auto --sparse=auto --preserve=mode,timestamps,xattr,links -dfr" --else -- export DRACUT_CP="cp --reflink=auto --sparse=auto --preserve=mode,timestamps,links -dfr" --fi -+export DRACUT_CP="cp --reflink=auto --sparse=auto --preserve=mode,timestamps,links -dfr" - - # is_func - # Check whether $1 is a function. -diff --git a/src/install/dracut-install.c b/src/install/dracut-install.c -index 96b20e9..433ebf7 100644 ---- a/src/install/dracut-install.c -+++ b/src/install/dracut-install.c -@@ -329,8 +329,7 @@ static int cp(const char *src, const char *dst) - - normal_copy: - pid = fork(); -- const char *preservation = (geteuid() == 0 -- && no_xattr == false) ? "--preserve=mode,xattr,timestamps,ownership" : "--preserve=mode,timestamps,ownership"; -+ const char *preservation = "--preserve=mode,timestamps"; - if (pid == 0) { - execlp("cp", "cp", "--reflink=auto", "--sparse=auto", preservation, "-fL", src, dst, NULL); - _exit(errno == ENOENT ? 127 : 126); diff --git a/SPECS/dracut/0003-fix-initrd-naming-for-photon.patch b/SPECS/dracut/0003-fix-initrd-naming-for-photon.patch deleted file mode 100644 index 18e2681365..0000000000 --- a/SPECS/dracut/0003-fix-initrd-naming-for-photon.patch +++ /dev/null @@ -1,180 +0,0 @@ -diff --git a/lsinitrd.sh b/lsinitrd.sh -old mode 100755 -new mode 100644 -index eaadc76..46f7af5 ---- a/lsinitrd.sh -+++ b/lsinitrd.sh -@@ -109,41 +109,7 @@ if [[ $1 ]]; then - exit 1 - fi - else -- if [[ -d /efi/Default ]] || [[ -d /boot/Default ]] || [[ -d /boot/efi/Default ]]; then -- MACHINE_ID="Default" -- elif [[ -f /etc/machine-id ]]; then -- read -r MACHINE_ID < /etc/machine-id -- else -- MACHINE_ID="Default" -- fi -- -- if [[ -d /efi/loader/entries || -L /efi/loader/entries ]] \ -- && [[ $MACHINE_ID ]] \ -- && [[ -d /efi/${MACHINE_ID} || -L /efi/${MACHINE_ID} ]]; then -- image="/efi/${MACHINE_ID}/${KERNEL_VERSION}/initrd" -- elif [[ -d /boot/loader/entries || -L /boot/loader/entries ]] \ -- && [[ $MACHINE_ID ]] \ -- && [[ -d /boot/${MACHINE_ID} || -L /boot/${MACHINE_ID} ]]; then -- image="/boot/${MACHINE_ID}/${KERNEL_VERSION}/initrd" -- elif [[ -d /boot/efi/loader/entries || -L /boot/efi/loader/entries ]] \ -- && [[ $MACHINE_ID ]] \ -- && [[ -d /boot/efi/${MACHINE_ID} || -L /boot/efi/${MACHINE_ID} ]]; then -- image="/boot/efi/${MACHINE_ID}/${KERNEL_VERSION}/initrd" -- elif [[ -f /lib/modules/${KERNEL_VERSION}/initrd ]]; then -- image="/lib/modules/${KERNEL_VERSION}/initrd" -- elif [[ -f /lib/modules/${KERNEL_VERSION}/initramfs.img ]]; then -- image="/lib/modules/${KERNEL_VERSION}/initramfs.img" -- elif [[ -f /boot/initramfs-${KERNEL_VERSION}.img ]]; then -- image="/boot/initramfs-${KERNEL_VERSION}.img" -- elif [[ $MACHINE_ID ]] \ -- && mountpoint -q /efi; then -- image="/efi/${MACHINE_ID}/${KERNEL_VERSION}/initrd" -- elif [[ $MACHINE_ID ]] \ -- && mountpoint -q /boot/efi; then -- image="/boot/efi/${MACHINE_ID}/${KERNEL_VERSION}/initrd" -- else -- image="" -- fi -+ image="/boot/initrd.img-${KERNEL_VERSION}" - fi - - shift -diff --git a/mkinitrd-dracut.sh b/mkinitrd-dracut.sh -index 657e8b2..c1bcf19 100755 ---- a/mkinitrd-dracut.sh -+++ b/mkinitrd-dracut.sh -@@ -1,5 +1,6 @@ - #!/bin/bash --norc - kver=$(uname -r) -+kernel_ver_dir='/var/lib/initramfs/kernel' - - boot_dir="/boot" - quiet=0 -@@ -48,63 +49,14 @@ read_arg() { - fi - } - --# Taken over from SUSE mkinitrd -+# For PhotonOS - default_kernel_images() { -- local regex kernel_image kernel_version version_version initrd_image -- local qf='%{NAME}-%{VERSION}-%{RELEASE}\n' -- -- case "${DRACUT_ARCH:-$(uname -m)}" in -- s390|s390x) -- regex='image' -- ;; -- ppc*) -- regex='vmlinux' -- ;; -- i?86|x86_64) -- regex='vmlinuz' -- ;; -- arm*) -- regex='[uz]Image' -- ;; -- aarch64|riscv64) -- regex='Image' -- ;; -- *) regex='vmlinu.' -- ;; -- esac -- -- # user mode linux -- if grep -q UML /proc/cpuinfo; then -- regex='linux' -- fi -+ local kernel_version= - -- kernel_images="" -- initrd_images="" -- for kernel_image in $(ls $boot_dir \ -- | sed -ne "\|^$regex\(-[0-9.]\+-[0-9]\+-[a-z0-9]\+$\)\?|p" \ -- | grep -v kdump$ ) ; do -- -- # Note that we cannot check the RPM database here -- this -- # script is itself called from within the binary kernel -- # packages, and rpm does not allow recursive calls. -- -- [ -L "$boot_dir/$kernel_image" ] && continue -- [ "${kernel_image%%.gz}" != "$kernel_image" ] && continue -- kernel_version=$(/usr/bin/get_kernel_version \ -- $boot_dir/$kernel_image 2> /dev/null) -- initrd_image=$(echo $kernel_image | sed -e "s|${regex}|initrd|") -- if [ "$kernel_image" != "$initrd_image" -a \ -- -n "$kernel_version" -a \ -- -d "/lib/modules/$kernel_version" ]; then -- kernel_images="$kernel_images $boot_dir/$kernel_image" -- initrd_images="$initrd_images $boot_dir/$initrd_image" -- fi -- done -- for kernel_image in $kernel_images;do -- kernels="$kernels ${kernel_image#*-}" -- done -- for initrd_image in $initrd_images;do -- targets="$targets $initrd_image" -+ for kernel_version in $(ls $kernel_ver_dir); do -+ # Take this directory as the source of truth -+ kernels="$kernels $kernel_version" -+ targets="$targets $boot_dir/initrd.img-$kernel_version" - done - host_only=1 - force=1 -@@ -186,7 +138,7 @@ while (($# > 0)); do - done - - [[ $targets && $kernels ]] || default_kernel_images --[[ $targets && $kernels ]] || (error "No kernel found in $boot_dir" && usage) -+[[ $targets && $kernels ]] || (error "No Kernel Registered") - - # We can have several targets/kernels, transform the list to an array - targets=( $targets ) -@@ -195,7 +147,6 @@ targets=( $targets ) - [[ $host_only == 1 ]] && dracut_args="${dracut_args} -H" - [[ $force == 1 ]] && dracut_args="${dracut_args} -f" - --echo "Creating: target|kernel|dracut args|basicmodules " - for ((i=0 ; $i<${#targets[@]} ; i++)); do - - if [[ $img_vers ]];then -@@ -205,21 +156,27 @@ for ((i=0 ; $i<${#targets[@]} ; i++)); do - fi - kernel="${kernels[$i]}" - -+ if [[ -s "$kernel_ver_dir/$kernel" ]]; then -+ readarray -t kernel_cfg < <(xargs -n1 -a $kernel_ver_dir/$kernel) -+ else -+ kernel_cfg=() -+ fi -+ - # Duplicate code: No way found how to redirect output based on $quiet - if [[ $quiet == 1 ]];then -- echo "$target|$kernel|$dracut_args|$basicmodules" -+ echo "Creating $target" - if [[ $basicmodules ]]; then -- dracut $dracut_args --add-drivers "$basicmodules" "$target" \ -+ dracut $dracut_args --add-drivers "$basicmodules" "${kernel_cfg[@]}" "$target" \ - "$kernel" &>/dev/null - else -- dracut $dracut_args "$target" "$kernel" &>/dev/null -+ dracut $dracut_args "${kernel_cfg[@]}" "$target" "$kernel" &>/dev/null - fi - else - if [[ $basicmodules ]]; then -- dracut $dracut_args --add-drivers "$basicmodules" "$target" \ -+ dracut $dracut_args --add-drivers "$basicmodules" "${kernel_cfg[@]}" "$target" \ - "$kernel" - else -- dracut $dracut_args "$target" "$kernel" -+ dracut $dracut_args "${kernel_cfg[@]}" "$target" "$kernel" - fi - fi - done diff --git a/SPECS/dracut/0004-fix-hostonly.patch b/SPECS/dracut/0004-fix-hostonly.patch deleted file mode 100644 index 5c77a41566..0000000000 --- a/SPECS/dracut/0004-fix-hostonly.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 6be3e1787050f4dc338134c6204d2228e998d1c0 Mon Sep 17 00:00:00 2001 -From: Shreenidhi Shedi -Date: Mon, 12 Jul 2021 22:37:18 +0530 -Subject: [PATCH] Adjust host_only flag based on running environment - -host_only decides the nature of initrd. -If initrd is getting generated in docker/chroot environemnt, it should -be generic. Otherwise cloud-images & ova will have a host specific -initrd which may fail to boot on a different host. - -Added a command line option to manually set/unset host_only value. - -Signed-off-by: Shreenidhi Shedi ---- - mkinitrd-dracut.sh | 33 +++++++++++++++++++++++++++++++-- - 1 file changed, 31 insertions(+), 2 deletions(-) - -diff --git a/mkinitrd-dracut.sh b/mkinitrd-dracut.sh -index c1bcf197..0ef65bd0 100755 ---- a/mkinitrd-dracut.sh -+++ b/mkinitrd-dracut.sh -@@ -6,6 +6,8 @@ boot_dir="/boot" - quiet=0 - host_only=0 - force=0 -+set_hostonly=0 -+no_hostonly=0 - - error() { echo "$@" >&2; } - -@@ -15,6 +17,8 @@ usage () { - $cmd "usage: ${0##*/} [--version] [--help] [-v] [-f] [--preload ]" - $cmd " [--image-version] [--with=]" - $cmd " [--nocompress]" -+ $cmd " [--set-hostonly] - Generates host specific initrd.img" -+ $cmd " [--no-hostonly] - Generates generic initrd.img" - $cmd " " - $cmd "" - $cmd " (ex: ${0##*/} /boot/initramfs-$kver.img $kver)" -@@ -58,8 +62,6 @@ default_kernel_images() { - kernels="$kernels $kernel_version" - targets="$targets $boot_dir/initrd.img-$kernel_version" - done -- host_only=1 -- force=1 - } - - while (($# > 0)); do -@@ -82,6 +84,8 @@ while (($# > 0)); do - --rootfs|-d) read_arg rootfs "$@" || shift $? - dracut_args="${dracut_args} --filesystems $rootfs";; - --nocompress) dracut_args="$dracut_args --no-compress";; -+ --set-hostonly) set_hostonly=1;; -+ --no-hostonly) no_hostonly=1;; - --help) usage -n;; - --builtin) ;; - --without*) ;; -@@ -144,6 +148,31 @@ done - targets=( $targets ) - [[ $kernels ]] && kernels=( $kernels ) - -+# don't set hostonly flag if running in docker env -+# if set initrd will be incomplete -+# https://fedoraproject.org/wiki/Features/DracutHostOnly#Detailed_Description -+# https://man7.org/linux/man-pages/man5/dracut.conf.5.html -+if [ ${set_hostonly} -eq 0 ]; then -+ if grep -qc docker /proc/self/cgroup; then -+ echo "--- Generating initrd under docker environment ---" -+ host_only=0 -+ elif [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then -+ # set host_only=0 if initrd is generated in chroot -+ # otherwise cloud images generated in a Photon host will have bad initrd -+ echo "--- Generating initrd under chroot environment ---" -+ host_only=0 -+ else -+ host_only=1 -+ fi -+else -+ host_only=1 -+fi -+force=1 -+ -+if [ ${no_hostonly} -eq 1 ]; then -+ host_only=0 -+fi -+ - [[ $host_only == 1 ]] && dracut_args="${dracut_args} -H" - [[ $force == 1 ]] && dracut_args="${dracut_args} -f" - --- -2.17.1 - diff --git a/SPECS/dracut/0005-mkinitrd-verbose-fix.patch b/SPECS/dracut/0005-mkinitrd-verbose-fix.patch deleted file mode 100644 index 727af08dda..0000000000 --- a/SPECS/dracut/0005-mkinitrd-verbose-fix.patch +++ /dev/null @@ -1,462 +0,0 @@ -From c3069df73fa18c1b332e1057d35e98f3b8d9249f Mon Sep 17 00:00:00 2001 -From: Shreenidhi Shedi -Date: Wed, 1 Mar 2023 01:23:55 +0530 -Subject: [PATCH] mkinitrd: verbose fix - -Add a sanity check to verify initrd post creation. -If something is wrong with initrd, show an error on tty. - -If running in non tty, show all logs. - -mkinitrd logs will be captured at: `/var/log/mkinitrd-.log` - -Signed-off-by: Shreenidhi Shedi ---- - mkinitrd-dracut.sh | 393 ++++++++++++++++++++++++++++----------------- - 1 file changed, 246 insertions(+), 147 deletions(-) - -diff --git a/mkinitrd-dracut.sh b/mkinitrd-dracut.sh -index 0ef65bd..bbe4e79 100755 ---- a/mkinitrd-dracut.sh -+++ b/mkinitrd-dracut.sh -@@ -1,6 +1,6 @@ - #!/bin/bash --norc --kver=$(uname -r) --kernel_ver_dir='/var/lib/initramfs/kernel' -+ -+kver="$(uname -r)" - - boot_dir="/boot" - quiet=0 -@@ -8,145 +8,175 @@ host_only=0 - force=0 - set_hostonly=0 - no_hostonly=0 -+dracut_dbg=0 - --error() { echo "$@" >&2; } -+error() { -+ echo "$@" >&2 -+} - --usage () { -- [[ $1 = '-n' ]] && cmd=echo || cmd=error -+usage() { -+ local cmd="" - -- $cmd "usage: ${0##*/} [--version] [--help] [-v] [-f] [--preload ]" -- $cmd " [--image-version] [--with=]" -- $cmd " [--nocompress]" -- $cmd " [--set-hostonly] - Generates host specific initrd.img" -- $cmd " [--no-hostonly] - Generates generic initrd.img" -- $cmd " " -- $cmd "" -- $cmd " (ex: ${0##*/} /boot/initramfs-$kver.img $kver)" -+ [[ $1 = '-n' ]] && cmd=echo || cmd=error - -- [[ $1 = '-n' ]] && exit 0 -- exit 1 -+ $cmd "usage: ${0##*/} [--version] [--help] [-v] [-f] [--preload ]" -+ $cmd " [--image-version] [--with=]" -+ $cmd " [--nocompress]" -+ $cmd " [--set-hostonly] - Generates host specific initrd.img" -+ $cmd " [--no-hostonly] - Generates generic initrd.img" -+ $cmd " [--debug]" -+ $cmd " " -+ $cmd "" -+ $cmd " (ex: ${0##*/} /boot/initramfs-$kver.img $kver)" -+ -+ [[ $1 = '-n' ]] && exit 0 -+ exit 1 - } - - # Little helper function for reading args from the commandline. - # it automatically handles -a b and -a=b variants, and returns 1 if - # we need to shift $3. - read_arg() { -- # $1 = arg name -- # $2 = arg value -- # $3 = arg parameter -- param="$1" -- local rematch='^[^=]*=(.*)$' result -- if [[ $2 =~ $rematch ]]; then -- read "$param" <<< "${BASH_REMATCH[1]}" -- else -- for ((i=3; $i <= $#; i++)); do -- # Only read next arg if it not an arg itself. -- if [[ ${*:$i:1} = -* ]];then -- break -- fi -- result="$result ${@:$i:1}" -- # There is no way to shift our callers args, so -- # return "no of args" to indicate they should do it instead. -- done -- read "$1" <<< "$result" -- return $(($i - 3)) -- fi -+ # $1 = arg name -+ # $2 = arg value -+ # $3 = arg parameter -+ local param="$1" -+ local rematch='^[^=]*=(.*)$' result -+ if [[ $2 =~ $rematch ]]; then -+ read "$param" <<<"${BASH_REMATCH[1]}" -+ else -+ for ((i = 3; $i <= $#; i++)); do -+ # Only read next arg if it not an arg itself. -+ if [[ ${*:$i:1} = -* ]]; then -+ break -+ fi -+ result="$result ${@:$i:1}" -+ # There is no way to shift our callers args, so -+ # return "no of args" to indicate they should do it instead. -+ done -+ read "$1" <<<"$result" -+ return $(($i - 3)) -+ fi - } - - # For PhotonOS - default_kernel_images() { -- local kernel_version= -+ local kernel_version="" -+ local installed_kernels= - -- for kernel_version in $(ls $kernel_ver_dir); do -- # Take this directory as the source of truth -- kernels="$kernels $kernel_version" -- targets="$targets $boot_dir/initrd.img-$kernel_version" -- done -+ installed_kernels="$(find /boot/ -mindepth 1 -maxdepth 1 -type f \ -+ -iname "vmlinuz-*.ph[[:digit:]]*" -exec basename {} \; | \ -+ cut -d '-' -f 2-)" -+ -+ for kernel_version in ${installed_kernels}; do -+ local modules_dir="/lib/modules/${kernel_version}" -+ if [ ! -d "${modules_dir}" ]; then -+ echo -e "\nERROR: ${modules_dir} not found for vmlinuz-${kernel_version}\n" >&2 -+ continue -+ fi -+ # Take this directory as the source of truth -+ kernels="$kernels $kernel_version" -+ targets="$targets $boot_dir/initrd.img-$kernel_version" -+ done - } - - while (($# > 0)); do -- case ${1%%=*} in -- --with-usb) read_arg usbmodule "$@" || shift $? -- basicmodules="$basicmodules ${usbmodule:-usb-storage}" -- unset usbmodule;; -- --with-avail) read_arg modname "$@" || shift $? -- basicmodules="$basicmodules $modname";; -- --with) read_arg modname "$@" || shift $? -- basicmodules="$basicmodules $modname";; -- --version) -- echo "mkinitrd: dracut compatibility wrapper" -- exit 0;; -- -v|--verbose) dracut_args="${dracut_args} -v";; -- -f|--force) force=1;; -- --preload) read_arg modname "$@" || shift $? -- basicmodules="$basicmodules $modname";; -- --image-version) img_vers=yes;; -- --rootfs|-d) read_arg rootfs "$@" || shift $? -- dracut_args="${dracut_args} --filesystems $rootfs";; -- --nocompress) dracut_args="$dracut_args --no-compress";; -- --set-hostonly) set_hostonly=1;; -- --no-hostonly) no_hostonly=1;; -- --help) usage -n;; -- --builtin) ;; -- --without*) ;; -- --without-usb) ;; -- --fstab*) ;; -- --ifneeded) ;; -- --omit-scsi-modules) ;; -- --omit-ide-modules) ;; -- --omit-raid-modules) ;; -- --omit-lvm-modules) ;; -- --omit-dmraid) ;; -- --allow-missing) ;; -- --net-dev*) ;; -- --noresume) ;; -- --rootdev*) ;; -- --thawdev*) ;; -- --rootopts*) ;; -- --root*) ;; -- --loopdev*) ;; -- --loopfs*) ;; -- --loopopts*) ;; -- --looppath*) ;; -- --dsdt*) ;; -- -s) ;; -- --quiet|-q) quiet=1;; -- -b) read_arg boot_dir "$@" || shift $? -- if [ ! -d $boot_dir ];then -- error "Boot directory $boot_dir does not exist" -- exit 1 -- fi -- ;; -- -k) # Would be nice to get a list of images here -- read_arg kernel_images "$@" || shift $? -- for kernel_image in $kernel_images;do -- kernels="$kernels ${kernel_image#*-}" -- done -- host_only=1 -- force=1 -- ;; -- -i) read_arg initrd_images "$@" || shift $? -- for initrd_image in $initrd_images;do -- targets="$targets $boot_dir/$initrd_image" -- done -- ;; -- *) if [[ ! $targets ]]; then -- targets=$1 -- elif [[ ! $kernels ]]; then -- kernels=$1 -- else -- usage -- fi;; -- esac -- shift -+ case ${1%%=*} in -+ --with-usb) -+ read_arg usbmodule "$@" || shift $? -+ basicmodules="$basicmodules ${usbmodule:-usb-storage}" -+ unset usbmodule -+ ;; -+ --with-avail) -+ read_arg modname "$@" || shift $? -+ basicmodules="$basicmodules $modname" -+ ;; -+ --with) -+ read_arg modname "$@" || shift $? -+ basicmodules="$basicmodules $modname" -+ ;; -+ --version) -+ echo "mkinitrd: dracut compatibility wrapper" -+ exit 0 -+ ;; -+ -v | --verbose) dracut_args="${dracut_args} -v" ;; -+ -f | --force) force=1 ;; -+ --preload) -+ read_arg modname "$@" || shift $? -+ basicmodules="$basicmodules $modname" -+ ;; -+ --image-version) img_vers=yes ;; -+ --rootfs | -d) -+ read_arg rootfs "$@" || shift $? -+ dracut_args="${dracut_args} --filesystems $rootfs" -+ ;; -+ --nocompress) dracut_args="$dracut_args --no-compress" ;; -+ --set-hostonly) set_hostonly=1 ;; -+ --no-hostonly) no_hostonly=1 ;; -+ --debug) dracut_dbg=1;; -+ --help) usage -n ;; -+ --builtin) ;; -+ --without*) ;; -+ --without-usb) ;; -+ --fstab*) ;; -+ --ifneeded) ;; -+ --omit-scsi-modules) ;; -+ --omit-ide-modules) ;; -+ --omit-raid-modules) ;; -+ --omit-lvm-modules) ;; -+ --omit-dmraid) ;; -+ --allow-missing) ;; -+ --net-dev*) ;; -+ --noresume) ;; -+ --rootdev*) ;; -+ --thawdev*) ;; -+ --rootopts*) ;; -+ --root*) ;; -+ --loopdev*) ;; -+ --loopfs*) ;; -+ --loopopts*) ;; -+ --looppath*) ;; -+ --dsdt*) ;; -+ -s) ;; -+ --quiet | -q) quiet=1 ;; -+ -b) -+ read_arg boot_dir "$@" || shift $? -+ if [ ! -d $boot_dir ]; then -+ error "Boot directory $boot_dir does not exist" -+ exit 1 -+ fi -+ ;; -+ -k) # Would be nice to get a list of images here -+ read_arg kernel_images "$@" || shift $? -+ for kernel_image in $kernel_images; do -+ kernels="$kernels ${kernel_image#*-}" -+ done -+ host_only=1 -+ force=1 -+ ;; -+ -i) -+ read_arg initrd_images "$@" || shift $? -+ for initrd_image in $initrd_images; do -+ targets="$targets $boot_dir/$initrd_image" -+ done -+ ;; -+ *) if [[ ! $targets ]]; then -+ targets=$1 -+ elif [[ ! $kernels ]]; then -+ kernels=$1 -+ else -+ usage -+ fi ;; -+ esac -+ shift - done - - [[ $targets && $kernels ]] || default_kernel_images --[[ $targets && $kernels ]] || (error "No Kernel Registered") -+[[ $targets && $kernels ]] || error "No Kernel Registered" - - # We can have several targets/kernels, transform the list to an array --targets=( $targets ) --[[ $kernels ]] && kernels=( $kernels ) -+targets=($targets) -+[[ $kernels ]] && kernels=($kernels) - - # don't set hostonly flag if running in docker env - # if set initrd will be incomplete -@@ -174,38 +204,107 @@ if [ ${no_hostonly} -eq 1 ]; then - fi - - [[ $host_only == 1 ]] && dracut_args="${dracut_args} -H" --[[ $force == 1 ]] && dracut_args="${dracut_args} -f" -+[[ $force == 1 ]] && dracut_args="${dracut_args} -f" - --for ((i=0 ; $i<${#targets[@]} ; i++)); do -+initrd_sanity_check() { -+ local ret=0 -+ local status="$1" -+ local log_fn="$2" -+ local target="$3" -+ local errmsg="" - -- if [[ $img_vers ]];then -- target="${targets[$i]}-${kernels[$i]}" -- else -- target="${targets[$i]}" -- fi -- kernel="${kernels[$i]}" -+ # initrd issues can be fatal, so if anything goes wrong during initrd creation -+ # print errors to console -+ if [ ${status} -ne 0 ]; then -+ errmsg=$(cat << EOF -+\n\n------------------------ ERROR NOTICE ------------------------------ -+ DRACUT RETURNED NON-ZERO EXIT STATUS(${status}) - -- if [[ -s "$kernel_ver_dir/$kernel" ]]; then -- readarray -t kernel_cfg < <(xargs -n1 -a $kernel_ver_dir/$kernel) -- else -- kernel_cfg=() -- fi -+PROBABLY ${target} IS FAULTY -+SYSTEM MAY BECOME UNUSABLE POST REBOOT -+---------------------- PROCEED WITH CAUTION ------------------------ -+EOF -+) -+ echo -e "${errmsg}" 1>&2 |& tee -a "${log_fn}" -+ ret=1 -+ fi -+ -+ if ! lsinitrd ${target} 1>/dev/null; then -+ errmsg=$(cat << EOF -+\n\n------------------------ ERROR NOTICE ------------------------------ -+ lsinitrd ${target} FAILED -+ -+PROBABLY ${target} IS FAULTY -+SYSTEM MAY BECOME UNUSABLE POST REBOOT -+---------------------- PROCEED WITH CAUTION -----------------------\n\n -+EOF -+) -+ echo -e "${errmsg}" 1>&2 |& tee -a "${log_fn}" -+ ret=1 -+ fi -+ -+ return ${ret} -+} - -- # Duplicate code: No way found how to redirect output based on $quiet -- if [[ $quiet == 1 ]];then -- echo "Creating $target" -- if [[ $basicmodules ]]; then -- dracut $dracut_args --add-drivers "$basicmodules" "${kernel_cfg[@]}" "$target" \ -- "$kernel" &>/dev/null -- else -- dracut $dracut_args "${kernel_cfg[@]}" "$target" "$kernel" &>/dev/null -- fi -- else -- if [[ $basicmodules ]]; then -- dracut $dracut_args --add-drivers "$basicmodules" "${kernel_cfg[@]}" "$target" \ -- "$kernel" -- else -- dracut $dracut_args "${kernel_cfg[@]}" "$target" "$kernel" -- fi -+# If running in non tty, enable verbose -+# It's probably happening in some kind of build env, we need verbose. -+if ! test -t 1; then -+ quiet=0 -+fi -+ -+final_ret=0 -+ -+for ((i = 0; $i < ${#targets[@]}; i++)); do -+ ret=0 -+ if [[ $img_vers ]];then -+ target="${targets[$i]}-${kernels[$i]}" -+ else -+ target="${targets[$i]}" -+ fi -+ kernel="${kernels[$i]}" -+ -+ log_fn="/var/log/mkinitrd-${kernel}.log" -+ -+ echo "Creating $target" -+ -+ if [ $dracut_dbg -ne 0 ]; then -+ export DRACUT_INSTALL="/usr/lib/dracut/dracut-install --verbose" -+ dracut_cmd=(dracut -L 6 $dracut_args) -+ else -+ dracut_cmd=(dracut $dracut_args) -+ fi -+ -+ # this check is for combination of newer and older kernels -+ if [ -d "/lib/modules/${kernel}/dracut.conf.d" ]; then -+ dracut_cmd+=("--confdir \"/lib/modules/${kernel}/dracut.conf.d /etc/dracut.conf.d\"") -+ elif [ -d "/var/lib/initramfs/kernel" ]; then -+ kernel_ver_dir="/var/lib/initramfs/kernel" -+ if [ -s "$kernel_ver_dir/$kernel" ]; then -+ dracut_cmd+=("$(cat $kernel_ver_dir/$kernel)") - fi -+ unset kernel_ver_dir -+ else -+ error "ERROR: need /lib/modules/${kernel}/dracut.conf.d or /var/lib/initramfs/kernel" -+ exit 1 -+ fi -+ -+ if [[ $basicmodules ]]; then -+ dracut_cmd+=("--add-drivers \"$basicmodules\"") -+ fi -+ dracut_cmd+=("\"$target\" \"$kernel\"") -+ -+ if [ ${quiet} -eq 1 ]; then -+ eval "${dracut_cmd[@]}" &> "${log_fn}" -+ else -+ eval "${dracut_cmd[@]}" |& tee "${log_fn}" -+ fi -+ -+ ret=${PIPESTATUS[0]} -+ if ! initrd_sanity_check "${ret}" "${log_fn}" "${target}"; then -+ final_ret=1 -+ fi - done -+ -+[ $final_ret -ne 0 ] && error "--- ERROR: mkinitrd FAILED, SOMETHING WENT WRONG ---" -+ -+exit ${final_ret} --- -2.41.0 - diff --git a/SPECS/dracut/0006-dracut.sh-validate-instmods-calls.patch b/SPECS/dracut/0006-dracut.sh-validate-instmods-calls.patch deleted file mode 100644 index bd1f70642b..0000000000 --- a/SPECS/dracut/0006-dracut.sh-validate-instmods-calls.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 0e5ca3234d449e068a9f6951590689ea1a3a66fb Mon Sep 17 00:00:00 2001 -From: Shreenidhi Shedi -Date: Wed, 1 Mar 2023 01:29:02 +0530 -Subject: [PATCH 2/4] dracut.sh: validate instmods calls - -Signed-off-by: Shreenidhi Shedi ---- - dracut.sh | 15 ++++++++++++--- - modules.d/01fips/module-setup.sh | 8 +++++--- - 2 files changed, 17 insertions(+), 6 deletions(-) - -diff --git a/dracut.sh b/dracut.sh -index bbb3469..76998a6 100755 ---- a/dracut.sh -+++ b/dracut.sh -@@ -2104,11 +2104,17 @@ if [[ $no_kernel != yes ]]; then - - if [[ -n ${add_drivers// /} ]]; then - # shellcheck disable=SC2086 -- hostonly='' instmods -c $add_drivers -+ if ! hostonly='' instmods -c $add_drivers; then -+ dfatal "instmods failed for add_drivers: $add_drivers" -+ exit 1 -+ fi - fi - if [[ $force_drivers ]]; then - # shellcheck disable=SC2086 -- hostonly='' instmods -c $force_drivers -+ if ! hostonly='' instmods -c $force_drivers; then -+ dfatal "instmods failed for force_drivers: $force_drivers" -+ exit 1 -+ fi - rm -f "$initdir"/etc/cmdline.d/20-force_driver.conf - for mod in $force_drivers; do - echo "rd.driver.pre=$mod" >> "$initdir"/etc/cmdline.d/20-force_drivers.conf -@@ -2116,7 +2122,10 @@ if [[ $no_kernel != yes ]]; then - fi - if [[ $filesystems ]]; then - # shellcheck disable=SC2086 -- hostonly='' instmods -c $filesystems -+ if ! hostonly='' instmods -c $filesystems; then -+ dfatal "instmods failed for filesystems: $filesystems" -+ exit 1 -+ fi - fi - - dinfo "*** Installing kernel module dependencies ***" -diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh -index a3e5602..0b759f9 100755 ---- a/modules.d/01fips/module-setup.sh -+++ b/modules.d/01fips/module-setup.sh -@@ -43,10 +43,12 @@ installkernel() { - mkdir -m 0755 -p "${initdir}/etc/modprobe.d" - - for _mod in $_fipsmodules; do -- if hostonly='' instmods -c -s "$_mod"; then -- echo "$_mod" >> "${initdir}/etc/fipsmodules" -- echo "blacklist $_mod" >> "${initdir}/etc/modprobe.d/fips.conf" -+ if ! hostonly='' instmods -c -s "$_mod"; then -+ dfatal "ERROR: instmods -c -s $_mod failed" -+ return 1 - fi -+ echo "$_mod" >> "${initdir}/etc/fipsmodules" -+ echo "blacklist $_mod" >> "${initdir}/etc/modprobe.d/fips.conf" - done - - # with hostonly_default_device fs module for /boot is not installed by default --- -2.39.2 diff --git a/SPECS/dracut/0007-feat-dracut.sh-support-multiple-config-dirs.patch b/SPECS/dracut/0007-feat-dracut.sh-support-multiple-config-dirs.patch deleted file mode 100644 index da9178de7c..0000000000 --- a/SPECS/dracut/0007-feat-dracut.sh-support-multiple-config-dirs.patch +++ /dev/null @@ -1,121 +0,0 @@ -From d1b46f8b53ceccabf33d4cc479a85778ba83abfb Mon Sep 17 00:00:00 2001 -From: Shreenidhi Shedi -Date: Sat, 18 Feb 2023 18:11:51 +0530 -Subject: [PATCH 2/2] feat(dracut.sh): support multiple config dirs - -Configuration can come from many places, users should not be restricted -to keep all configuration files in one directory. - -Signed-off-by: Shreenidhi Shedi ---- - dracut.sh | 29 ++++++++++++++++++----------- - man/dracut.8.asc | 4 ++-- - mkinitrd-dracut.sh | 6 +++--- - 3 files changed, 23 insertions(+), 16 deletions(-) - -diff --git a/dracut.sh b/dracut.sh -index bbb3469..0787a92 100755 ---- a/dracut.sh -+++ b/dracut.sh -@@ -154,8 +154,9 @@ Creates initial ramdisk images for preloading modules - -q, --quiet Decrease verbosity level. - -c, --conf [FILE] Specify configuration file to use. - Default: /etc/dracut.conf -- --confdir [DIR] Specify configuration directory to use *.conf files -- from. Default: /etc/dracut.conf.d -+ --confdir [LIST] Specify a space separated list of configuration -+ directories to use *.conf files from. -+ Default: /etc/dracut.conf.d - --tmpdir [DIR] Temporary directory to be used instead of default - ${TMPDIR:-/var/tmp}. - -r, --sysroot [DIR] Specify sysroot directory to collect files from. -@@ -668,7 +669,7 @@ while :; do - shift - ;; - --confdir) -- confdir="$2" -+ confdirs_l=("$2") - PARMS_TO_STORE+=" '$2'" - shift - ;; -@@ -911,15 +912,20 @@ elif [[ ! -e $conffile ]]; then - exit 1 - fi - --if [[ -z $confdir ]]; then -+if [ ${#confdirs_l[@]} -eq 0 ]; then - if [[ $allowlocal ]]; then -- confdir="$dracutbasedir/dracut.conf.d" -+ confdirs_l=("$dracutbasedir/dracut.conf.d") - else -- confdir="$dracutsysrootdir/etc/dracut.conf.d" -+ confdirs_l=("$dracutsysrootdir/etc/dracut.conf.d") - fi --elif [[ ! -d $confdir ]]; then -- printf "%s\n" "dracut: Configuration directory '$confdir' not found." >&2 -- exit 1 -+else -+ # shellcheck disable=SC2068 -+ for d in ${confdirs_l[@]}; do -+ if [[ ! -d $d ]]; then -+ printf "%s\n" "dracut: Configuration directory '$d' not found." >&2 -+ exit 1 -+ fi -+ done - fi - - # source our config file -@@ -929,8 +935,9 @@ if [[ -f $conffile ]]; then - . "$conffile" - fi - --# source our config dir --for f in $(dropindirs_sort ".conf" "$confdir" "$dracutbasedir/dracut.conf.d"); do -+# source config files from all config dirs -+# shellcheck disable=SC2086 -+for f in $(dropindirs_sort ".conf" ${confdirs_l[@]} "$dracutbasedir/dracut.conf.d"); do - check_conf_file "$f" - # shellcheck disable=SC1090 - [[ -e $f ]] && . "$f" -diff --git a/man/dracut.8.asc b/man/dracut.8.asc -index 5c2b147..3eddb5a 100644 ---- a/man/dracut.8.asc -+++ b/man/dracut.8.asc -@@ -305,8 +305,8 @@ example: - Default: - _/etc/dracut.conf_ - --**--confdir** __:: -- Specify configuration directory to use. -+**--confdir** __:: -+ Specify a space-separated list of dracut configuration directories to use. - + - Default: - _/etc/dracut.conf.d_ -diff --git a/mkinitrd-dracut.sh b/mkinitrd-dracut.sh -index 1213d89..8cec7b9 100755 ---- a/mkinitrd-dracut.sh -+++ b/mkinitrd-dracut.sh -@@ -267,7 +267,7 @@ for ((i = 0; $i < ${#targets[@]}; i++)); do - - # this check is for combination of newer and older kernels - if [ -d "/lib/modules/${kernel}/dracut.conf.d" ]; then -- dracut_cmd+=("--confdir \"/lib/modules/${kernel}/dracut.conf.d /etc/dracut.conf.d\"") -+ dracut_cmd+=(--confdir \"/lib/modules/${kernel}/dracut.conf.d /etc/dracut.conf.d\") - elif [ -d "/var/lib/initramfs/kernel" ]; then - kernel_ver_dir="/var/lib/initramfs/kernel" - if [ -s "$kernel_ver_dir/$kernel" ]; then -@@ -280,9 +280,9 @@ for ((i = 0; $i < ${#targets[@]}; i++)); do - fi - - if [[ $basicmodules ]]; then -- dracut_cmd+=("--add-drivers \"$basicmodules\"") -+ dracut_cmd+=(--add-drivers \"$basicmodules\") - fi -- dracut_cmd+=("\"$target\" \"$kernel\"") -+ dracut_cmd+=("$target" "$kernel") - - if [ ${quiet} -eq 1 ]; then - eval "${dracut_cmd[@]}" &> "${log_fn}" --- -2.39.2 diff --git a/SPECS/dracut/0008-fix-dracut-systemd-rootfs-generator-cannot-write-out.patch b/SPECS/dracut/0008-fix-dracut-systemd-rootfs-generator-cannot-write-out.patch deleted file mode 100644 index 137d2fc7bc..0000000000 --- a/SPECS/dracut/0008-fix-dracut-systemd-rootfs-generator-cannot-write-out.patch +++ /dev/null @@ -1,194 +0,0 @@ -From a2b32ed976898188bc98d9b6c7eec3dc45f4abf0 Mon Sep 17 00:00:00 2001 -From: Antonio Alvarez Feijoo -Date: Wed, 1 Mar 2023 11:21:16 +0100 -Subject: [PATCH 1/3] fix(dracut-systemd): do not hardcode the systemd - generator directory - -The normal directory is the first argument passed to the systemd generator, -so use it instead of hardcoding /run/systemd/generator. ---- - modules.d/98dracut-systemd/rootfs-generator.sh | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/modules.d/98dracut-systemd/rootfs-generator.sh b/modules.d/98dracut-systemd/rootfs-generator.sh -index b98e4e577..32179fb40 100755 ---- a/modules.d/98dracut-systemd/rootfs-generator.sh -+++ b/modules.d/98dracut-systemd/rootfs-generator.sh -@@ -17,7 +17,7 @@ generator_wait_for_dev() { - # after remote-fs-pre.target since the initqueue is ordered before it so - # it will never actually show up (think Tang-pinned rootfs). - cat > "$hookdir/initqueue/finished/devexists-${_name}.sh" << EOF --if ! grep -q After=remote-fs-pre.target /run/systemd/generator/systemd-cryptsetup@*.service 2>/dev/null; then -+if ! grep -q After=remote-fs-pre.target "$GENERATOR_DIR"/systemd-cryptsetup@*.service 2>/dev/null; then - [ -e "$1" ] - fi - EOF -@@ -77,12 +77,12 @@ generator_fsck_after_pre_mount() { - [ -z "$1" ] && return 0 - - _name=$(dev_unit_name "$1") -- [ -d /run/systemd/generator/systemd-fsck@"${_name}".service.d ] || mkdir -p /run/systemd/generator/systemd-fsck@"${_name}".service.d -- if ! [ -f /run/systemd/generator/systemd-fsck@"${_name}".service.d/after-pre-mount.conf ]; then -+ [ -d "$GENERATOR_DIR"/systemd-fsck@"${_name}".service.d ] || mkdir -p "$GENERATOR_DIR"/systemd-fsck@"${_name}".service.d -+ if ! [ -f "$GENERATOR_DIR"/systemd-fsck@"${_name}".service.d/after-pre-mount.conf ]; then - { - echo "[Unit]" - echo "After=dracut-pre-mount.service" -- } > /run/systemd/generator/systemd-fsck@"${_name}".service.d/after-pre-mount.conf -+ } > "$GENERATOR_DIR"/systemd-fsck@"${_name}".service.d/after-pre-mount.conf - fi - - } - -From e21f8f7d5abaae37ada8c7a6dc91c2d878e0b501 Mon Sep 17 00:00:00 2001 -From: Antonio Alvarez Feijoo -Date: Wed, 1 Mar 2023 12:07:29 +0100 -Subject: [PATCH 2/3] fix(dracut-systemd): check and create generator dir - outside of inner function - ---- - modules.d/98dracut-systemd/rootfs-generator.sh | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/modules.d/98dracut-systemd/rootfs-generator.sh b/modules.d/98dracut-systemd/rootfs-generator.sh -index 32179fb40..0ba1709ba 100755 ---- a/modules.d/98dracut-systemd/rootfs-generator.sh -+++ b/modules.d/98dracut-systemd/rootfs-generator.sh -@@ -51,7 +51,6 @@ generator_mount_rootfs() { - [ -z "$1" ] && return 0 - - _name=$(dev_unit_name "$1") -- [ -d "$GENERATOR_DIR" ] || mkdir -p "$GENERATOR_DIR" - if ! [ -f "$GENERATOR_DIR"/sysroot.mount ]; then - { - echo "[Unit]" -@@ -101,9 +100,11 @@ case "${root#block:}" in - ;; - esac - --GENERATOR_DIR="$1" -- - if [ "$rootok" = "1" ]; then -+ GENERATOR_DIR="$1" -+ [ -z "$GENERATOR_DIR" ] && exit 1 -+ [ -d "$GENERATOR_DIR" ] || mkdir -p "$GENERATOR_DIR" -+ - generator_wait_for_dev "${root#block:}" "$RDRETRY" - generator_fsck_after_pre_mount "${root#block:}" - strstr "$(cat /proc/cmdline)" 'root=' || generator_mount_rootfs "${root#block:}" "$(getarg rootfstype=)" "$(getarg rootflags=)" - -From 9d37c2794339a1fac89d87b3acfd81b9397e26e3 Mon Sep 17 00:00:00 2001 -From: Antonio Alvarez Feijoo -Date: Wed, 8 Mar 2023 08:25:38 +0100 -Subject: [PATCH 3/3] fix(dracut-systemd): rootfs-generator cannot write - outside of generator dir - -Although it was already documented in systemd.generator(7) that generators must -not write to locations other than those passed as arguments, since -/~https://github.com/systemd/systemd/commit/ca6ce62d systemd executes generators -in a mount namespace "sandbox", so now the hooks created by the rootfs-generator -are lost. - -These hooks are created using the root= cmdline argument, so this patch moves -the creation of these hooks to a cmdline hook. - -Fixes issue #2211 -Fixes issue #2225 ---- - modules.d/98dracut-systemd/module-setup.sh | 2 + - modules.d/98dracut-systemd/parse-root.sh | 38 +++++++++++++++++++ - .../98dracut-systemd/rootfs-generator.sh | 20 +--------- - 3 files changed, 41 insertions(+), 19 deletions(-) - create mode 100755 modules.d/98dracut-systemd/parse-root.sh - -diff --git a/modules.d/98dracut-systemd/module-setup.sh b/modules.d/98dracut-systemd/module-setup.sh -index b7da86dba..31953773d 100755 ---- a/modules.d/98dracut-systemd/module-setup.sh -+++ b/modules.d/98dracut-systemd/module-setup.sh -@@ -37,6 +37,8 @@ install() { - - inst_script "$moddir/rootfs-generator.sh" "$systemdutildir"/system-generators/dracut-rootfs-generator - -+ inst_hook cmdline 00 "$moddir/parse-root.sh" -+ - for i in \ - dracut-cmdline.service \ - dracut-cmdline-ask.service \ -diff --git a/modules.d/98dracut-systemd/parse-root.sh b/modules.d/98dracut-systemd/parse-root.sh -new file mode 100755 -index 000000000..90f145afa ---- /dev/null -+++ b/modules.d/98dracut-systemd/parse-root.sh -@@ -0,0 +1,38 @@ -+#!/bin/sh -+ -+type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh -+ -+root=$(getarg root=) -+case "${root#block:}" in -+ LABEL=* | UUID=* | PARTUUID=* | PARTLABEL=*) -+ root="block:$(label_uuid_to_dev "$root")" -+ rootok=1 -+ ;; -+ /dev/nfs | /dev/root) # ignore legacy -+ ;; -+ /dev/*) -+ root="block:${root}" -+ rootok=1 -+ ;; -+esac -+ -+if [ "$rootok" = "1" ]; then -+ root_dev="${root#block:}" -+ root_name="$(str_replace "$root_dev" '/' '\x2f')" -+ if ! [ -e "$hookdir/initqueue/finished/devexists-${root_name}.sh" ]; then -+ -+ # If a LUKS device needs unlocking via systemd in the initrd, assume -+ # it's for the root device. In that case, don't block on it if it's -+ # after remote-fs-pre.target since the initqueue is ordered before it so -+ # it will never actually show up (think Tang-pinned rootfs). -+ cat > "$hookdir/initqueue/finished/devexists-${root_name}.sh" << EOF -+if ! grep -q After=remote-fs-pre.target /run/systemd/generator/systemd-cryptsetup@*.service 2>/dev/null; then -+ [ -e "$root_dev" ] -+fi -+EOF -+ { -+ printf '[ -e "%s" ] || ' "$root_dev" -+ printf 'warn "\"%s\" does not exist"\n' "$root_dev" -+ } >> "$hookdir/emergency/80-${root_name}.sh" -+ fi -+fi -diff --git a/modules.d/98dracut-systemd/rootfs-generator.sh b/modules.d/98dracut-systemd/rootfs-generator.sh -index 0ba1709ba..cef3f4905 100755 ---- a/modules.d/98dracut-systemd/rootfs-generator.sh -+++ b/modules.d/98dracut-systemd/rootfs-generator.sh -@@ -6,28 +6,10 @@ generator_wait_for_dev() { - local _name - local _timeout - -- _name="$(str_replace "$1" '/' '\x2f')" -+ _name=$(dev_unit_name "$1") - _timeout=$(getarg rd.timeout) - _timeout=${_timeout:-0} - -- if ! [ -e "$hookdir/initqueue/finished/devexists-${_name}.sh" ]; then -- -- # If a LUKS device needs unlocking via systemd in the initrd, assume -- # it's for the root device. In that case, don't block on it if it's -- # after remote-fs-pre.target since the initqueue is ordered before it so -- # it will never actually show up (think Tang-pinned rootfs). -- cat > "$hookdir/initqueue/finished/devexists-${_name}.sh" << EOF --if ! grep -q After=remote-fs-pre.target "$GENERATOR_DIR"/systemd-cryptsetup@*.service 2>/dev/null; then -- [ -e "$1" ] --fi --EOF -- { -- printf '[ -e "%s" ] || ' "$1" -- printf 'warn "\"%s\" does not exist"\n' "$1" -- } >> "$hookdir/emergency/80-${_name}.sh" -- fi -- -- _name=$(dev_unit_name "$1") - if ! [ -L "$GENERATOR_DIR"/initrd.target.wants/"${_name}".device ]; then - [ -d "$GENERATOR_DIR"/initrd.target.wants ] || mkdir -p "$GENERATOR_DIR"/initrd.target.wants - ln -s ../"${_name}".device "$GENERATOR_DIR"/initrd.target.wants/"${_name}".device diff --git a/SPECS/dracut/dracut.spec b/SPECS/dracut/dracut.spec deleted file mode 100644 index 2f22164d45..0000000000 --- a/SPECS/dracut/dracut.spec +++ /dev/null @@ -1,231 +0,0 @@ -%define dracutlibdir %{_libdir}/%{name} -%global __requires_exclude pkg-config - -Summary: dracut to create initramfs -Name: dracut -Version: 059 -Release: 10%{?dist} -Group: System Environment/Base -# The entire source code is GPLv2+; except install/* which is LGPLv2+ -License: GPLv2+ and LGPLv2+ -URL: /~https://github.com/dracutdevs/dracut/wiki -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/dracutdevs/dracut/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=196bc8bf18703c72bffb51a7e0493719c58173ad2da7d121eb42f9a8de47e953af36d109214dc4a10b2dc2d3bd19e844f7f51c2bdec087e064ea11f75124032d - -Patch0: 0001-Add-mkinitrd-support-to-dracut.patch -Patch1: 0002-disable-xattr.patch -Patch2: 0003-fix-initrd-naming-for-photon.patch -Patch4: 0004-fix-hostonly.patch -Patch5: 0005-mkinitrd-verbose-fix.patch -Patch6: 0006-dracut.sh-validate-instmods-calls.patch -Patch7: 0007-feat-dracut.sh-support-multiple-config-dirs.patch -Patch8: 0008-fix-dracut-systemd-rootfs-generator-cannot-write-out.patch - -BuildRequires: bash -BuildRequires: pkg-config -BuildRequires: kmod-devel -BuildRequires: asciidoc3 -BuildRequires: systemd-rpm-macros - -Requires: bash >= 4 -Requires: kmod -Requires: sed -Requires: grep -Requires: xz -Requires: gzip -Requires: cpio -Requires: filesystem -Requires: util-linux -Requires: findutils -Requires: procps-ng -Requires: systemd -Requires: systemd-udev -Requires: (coreutils or coreutils-selinux) - -%description -dracut contains tools to create a bootable initramfs for 2.6 Linux kernels. -Unlike existing implementations, dracut does hard-code as little as possible -into the initramfs. dracut contains various modules which are driven by the -event-based udev. Having root on MD, DM, LVM2, LUKS is supported as well as -NFS, iSCSI, NBD, FCoE with the dracut-network package. - -%package tools -Summary: dracut tools to build the local initramfs -Requires: %{name} = %{version}-%{release} - -%description tools -This package contains tools to assemble the local initrd and host configuration. - -%prep -%autosetup -n %{name}-%{version} -p1 - -%build -%configure --systemdsystemunitdir=%{_unitdir} \ - --bashcompletiondir=$(pkg-config --variable=completionsdir bash-completion) \ - --libdir=%{_libdir} \ - --disable-documentation - -%make_build - -%install -%make_install %{?_smp_mflags} libdir=%{_libdir} - -echo "DRACUT_VERSION=%{version}-%{release}" > %{buildroot}%{dracutlibdir}/%{name}-version.sh - -rm -fr -- %{buildroot}%{dracutlibdir}/modules.d/01fips - -# we do not support dash in the initramfs -rm -fr -- %{buildroot}%{dracutlibdir}/modules.d/00dash - -# remove gentoo specific modules -rm -fr -- %{buildroot}%{dracutlibdir}/modules.d/96securityfs \ - %{buildroot}%{dracutlibdir}/modules.d/97masterkey \ - %{buildroot}%{dracutlibdir}/modules.d/98integrity - -mkdir -p %{buildroot}/boot/%{name} \ - %{buildroot}%{_sharedstatedir}/%{name}/overlay \ - %{buildroot}%{_var}/log \ - %{buildroot}%{_var}/opt/%{name}/log \ - %{buildroot}%{_sharedstatedir}/initramfs \ - %{buildroot}%{_sbindir} - -touch %{buildroot}%{_var}/opt/%{name}/log/%{name}.log -ln -srv %{buildroot}%{_var}/opt/%{name}/log/%{name}.log %{buildroot}%{_var}/log/ - -# create compat symlink -ln -srv %{buildroot}%{_bindir}/%{name} %{buildroot}%{_sbindir}/%{name} - -%clean -rm -rf -- %{buildroot} - -%files -%defattr(-,root,root,0755) -%{_bindir}/%{name} -%{_bindir}/mkinitrd -%{_bindir}/lsinitrd -# compat symlink -%{_sbindir}/%{name} -%{_datadir}/bash-completion/completions/%{name} -%{_datadir}/bash-completion/completions/lsinitrd -%dir %{dracutlibdir} -%dir %{dracutlibdir}/modules.d -%{dracutlibdir}/modules.d/* -%exclude %{_libdir}/kernel -%{_libdir}/%{name}/%{name}-init.sh -%{_datadir}/pkgconfig/%{name}.pc -%{dracutlibdir}/%{name}-functions.sh -%{dracutlibdir}/%{name}-functions -%{dracutlibdir}/%{name}-version.sh -%{dracutlibdir}/%{name}-logger.sh -%{dracutlibdir}/%{name}-initramfs-restore -%{dracutlibdir}/%{name}-install -%{dracutlibdir}/skipcpio -%{dracutlibdir}/%{name}-util -%config(noreplace) %{_sysconfdir}/%{name}.conf -%dir %{_sysconfdir}/%{name}.conf.d -%dir %{dracutlibdir}/%{name}.conf.d -%dir %{_var}/opt/%{name}/log -%attr(0644,root,root) %ghost %config(missingok,noreplace) %{_var}/opt/%{name}/log/%{name}.log -%{_var}/log/%{name}.log -%dir %{_sharedstatedir}/initramfs -%{_unitdir}/%{name}-shutdown.service -%{_unitdir}/sysinit.target.wants/%{name}-shutdown.service -%{_unitdir}/%{name}-cmdline.service -%{_unitdir}/%{name}-initqueue.service -%{_unitdir}/%{name}-mount.service -%{_unitdir}/%{name}-pre-mount.service -%{_unitdir}/%{name}-pre-pivot.service -%{_unitdir}/%{name}-pre-trigger.service -%{_unitdir}/%{name}-pre-udev.service -%{_unitdir}/dracut-shutdown-onfailure.service -%{_unitdir}/initrd.target.wants/%{name}-cmdline.service -%{_unitdir}/initrd.target.wants/%{name}-initqueue.service -%{_unitdir}/initrd.target.wants/%{name}-mount.service -%{_unitdir}/initrd.target.wants/%{name}-pre-mount.service -%{_unitdir}/initrd.target.wants/%{name}-pre-pivot.service -%{_unitdir}/initrd.target.wants/%{name}-pre-trigger.service -%{_unitdir}/initrd.target.wants/%{name}-pre-udev.service - -%files tools -%defattr(-,root,root,0755) -%{_bindir}/%{name}-catimages -%dir /boot/%{name} -%dir %{_sharedstatedir}/%{name} -%dir %{_sharedstatedir}/%{name}/overlay - -%changelog -* Tue Oct 03 2023 Shreenidhi Shedi 059-10 -- Add gzip, procps-ng, xz to requires -* Thu Jul 27 2023 Piyush Gupta 059-9 -- fix(dracut-systemd): rootfs-generator cannot write outside of generator dir -* Mon Jul 17 2023 Shreenidhi Shedi 059-8 -- Fix a bug in finding installed kernel versions during mkinitrd -* Tue Apr 25 2023 Shreenidhi Shedi 059-7 -- Code improvements in multiple conf dir support -* Sat Apr 1 2023 Laszlo Gombos 059-6 -- Update wiki link and remove obsolete references -* Wed Mar 15 2023 Shreenidhi Shedi 059-5 -- Add systemd-udev to requires -* Wed Mar 08 2023 Shreenidhi Shedi 059-4 -- Add /etc/dracut.conf.d to conf dirs list during initrd creation -- Drop multiple conf file support -* Wed Mar 01 2023 Shreenidhi Shedi 059-3 -- Fix mkinitrd verbose & add a sanity check -* Wed Jan 25 2023 Shreenidhi Shedi 059-2 -- Fix requires -* Mon Jan 02 2023 Shreenidhi Shedi 059-1 -- Upgrade to v059 -* Wed Sep 28 2022 Shreenidhi Shedi 057-1 -- Upgrade to v057 -* Mon Jul 12 2021 Shreenidhi Shedi 055-1 -- Upgrade to version 055 -* Wed Jan 20 2021 Shreenidhi Shedi 050-7 -- Added a command line option to manually override host_only -* Tue Dec 15 2020 Shreenidhi Shedi 050-6 -- Adjust hostonly based on running environment -* Tue Nov 03 2020 Srinidhi Rao 050-5 -- Remove fipsify support -* Fri Oct 09 2020 Shreenidhi Shedi 050-4 -- Fixed hostonly setting logic to generate initrd properly -* Mon Oct 05 2020 Susant Sahani 050-3 -- Fix mkitnird and lsinitrd -* Sun Jun 21 2020 Tapas Kundu 050-2 -- Use asciidoc3 -* Fri Apr 24 2020 Susant Sahani 050-1 -- Update to 050 -* Fri Apr 03 2020 Vikash Bansal 048-4 -- Added fips module -* Wed Apr 01 2020 Susant Sahani 048-3 -- systemd: install systemd-tty-ask-password-agent systemd-ask-password -* Thu Oct 10 2019 Alexey Makhalov 048-2 -- lvm.conf: Do not set read-only locking. -* Mon Oct 01 2018 Alexey Makhalov 048-1 -- Version update -* Thu Dec 28 2017 Divya Thaluru 045-6 -- Fixed the log file directory structure -* Mon Sep 18 2017 Alexey Makhalov 045-5 -- Requires coreutils/util-linux/findutils or toybox, - /bin/grep, /bin/sed -* Fri Jun 23 2017 Xiaolin Li 045-4 -- Add kmod-devel to BuildRequires -* Fri May 26 2017 Bo Gan 045-3 -- Fix dependency -* Thu Apr 27 2017 Bo Gan 045-2 -- Disable xattr for cp -* Wed Apr 12 2017 Chang Lee 045-1 -- Updated to 045 -* Wed Jan 25 2017 Harish Udaiya Kumar 044-6 -- Added the patch for bash 4.4 support. -* Wed Nov 23 2016 Anish Swaminathan 044-5 -- Add systemd initrd root device target to list of modules -* Fri Oct 07 2016 ChangLee 044-4 -- Modified %check -* Tue May 24 2016 Priyesh Padmavilasom 044-3 -- GA - Bump release of all rpms -* Mon Apr 25 2016 Gengsheng Liu 044-2 -- Fix incorrect systemd directory. -* Thu Feb 25 2016 Kumar Kaushik 044-1 -- Updating Version. diff --git a/SPECS/drpm/drpm.spec b/SPECS/drpm/drpm.spec deleted file mode 100644 index ade3a357b6..0000000000 --- a/SPECS/drpm/drpm.spec +++ /dev/null @@ -1,91 +0,0 @@ -Name: drpm -Summary: A library for making, reading and applying deltarpm packages -Version: 0.5.2 -Release: 2%{?dist} -License: LGPLv2+ and BSD -URL: /~https://github.com/rpm-software-management/%{name} -Vendor: VMware, Inc. -Distribution: Photon -Group: System Environment/Base - -Source0: /~https://github.com/rpm-software-management/drpm/releases/download/%{version}/drpm-%{version}.tar.bz2 -%define sha512 %{name}=bda395d9dd34d67351cab2758a14a7fe358ee2a4b86b7b020338ef868c04f248d63cf599295087222a658710f80c80f832c5c347c5803fa3afb869249853204f - -BuildRequires: cmake -BuildRequires: gcc -BuildRequires: rpm-devel -BuildRequires: openssl-devel -BuildRequires: zlib-devel -BuildRequires: bzip2-devel -BuildRequires: xz-devel -BuildRequires: cmocka-devel -BuildRequires: pkg-config - -%description -The drpm package provides a library for making, reading and applying deltarpms, -compatible with the original deltarpm packages. - -%package devel -Summary: C interface for the drpm library -Requires: %{name} = %{version}-%{release} - -%description devel -The drpm-devel package provides a C interface (drpm.h) for the drpm library. - -%prep -%autosetup -p1 - -%build -%{cmake} \ - -DWITH_ZSTD:BOOL=yes \ - -DHAVE_LZLIB_DEVEL:BOOL=0 \ - -DCMAKE_INSTALL_LIBDIR=%{_libdir} \ - -DCMAKE_BUILD_TYPE=Debug - -%{cmake_build} - -%install -%{cmake_install} - -%check -cd %{__cmake_builddir} -%{ctest} - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%{_libdir}/lib%{name}.so.* -%license COPYING LICENSE.BSD - -%files devel -%defattr(-,root,root) -%{_libdir}/lib%{name}.so -%{_includedir}/%{name}.h -%{_libdir}/pkgconfig/%{name}.pc - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 0.5.2-2 -- Bump version as a part of openssl upgrade -* Sat Nov 04 2023 Shreenidhi Shedi 0.5.2-1 -- Upgrade to v0.5.2 -* Fri Apr 14 2023 Shreenidhi Shedi 0.5.1-6 -- Bump version as a part of zlib upgrade -* Fri Jan 06 2023 Oliver Kurth 0.5.1-5 -- bump version as a part of xz upgrade -* Tue Jan 03 2023 Shreenidhi Shedi 0.5.1-4 -- Bump version as a part of rpm upgrade -* Thu Jul 07 2022 Shreenidhi Shedi 0.5.1-3 -- Bump version as a part of rpm upgrade -* Mon Jun 20 2022 Shreenidhi Shedi 0.5.1-2 -- Use cmake macros for build and install -* Mon Apr 18 2022 Gerrit Photon 0.5.1-1 -- Automatic Version Bump -* Wed Aug 04 2021 Satya Naga Vasamsetty 0.5.0-4 -- Bump up release for openssl -* Fri Nov 13 2020 Prashant S Chauhan 0.5.0-3 -- make drpm build with zstd -* Tue Sep 29 2020 Satya Naga Vasamsetty 0.5.0-2 -- openssl 1.1.1 -* Fri Jun 26 2020 Keerthana K 0.5.0-1 -- Initial package for PhotonOS. diff --git a/SPECS/dtb-raspberrypi/0001-spi0-overlays-files.patch b/SPECS/dtb-raspberrypi/0001-spi0-overlays-files.patch deleted file mode 100644 index 920a2e475f..0000000000 --- a/SPECS/dtb-raspberrypi/0001-spi0-overlays-files.patch +++ /dev/null @@ -1,55 +0,0 @@ -From ce3ba1d1c46ff1c9e516a29e2c1bfc1de988a54d Mon Sep 17 00:00:00 2001 -From: Ajay Kaher -Date: Wed, 20 Jan 2021 18:58:44 +0000 -Subject: [PATCH 1/2] spi0 overlays files - ---- - arch/arm/boot/dts/overlays/Makefile | 2 ++ - arch/arm/boot/dts/overlays/rpi-disable-spi0-overlay.dts | 7 +++++++ - arch/arm/boot/dts/overlays/rpi-enable-spi0-overlay.dts | 7 +++++++ - 3 files changed, 16 insertions(+) - create mode 100644 arch/arm/boot/dts/overlays/rpi-disable-spi0-overlay.dts - create mode 100644 arch/arm/boot/dts/overlays/rpi-enable-spi0-overlay.dts - -diff --git a/arch/arm/boot/dts/overlays/Makefile b/arch/arm/boot/dts/overlays/Makefile -index 667c489..52b81cc 100644 ---- a/arch/arm/boot/dts/overlays/Makefile -+++ b/arch/arm/boot/dts/overlays/Makefile -@@ -152,6 +152,8 @@ dtbo-$(CONFIG_ARCH_BCM2835) += \ - rpi-sense.dtbo \ - rpi-sense-v2.dtbo \ - rpi-tv.dtbo \ -+ rpi-enable-spi0.dtbo \ -+ rpi-disable-spi0.dtbo \ - rra-digidac1-wm8741-audio.dtbo \ - sainsmart18.dtbo \ - sc16is750-i2c.dtbo \ -diff --git a/arch/arm/boot/dts/overlays/rpi-disable-spi0-overlay.dts b/arch/arm/boot/dts/overlays/rpi-disable-spi0-overlay.dts -new file mode 100644 -index 0000000..1c47d05 ---- /dev/null -+++ b/arch/arm/boot/dts/overlays/rpi-disable-spi0-overlay.dts -@@ -0,0 +1,7 @@ -+/dts-v1/; -+/plugin/; -+&spi0 { -+ #address-cells = <1>; -+ #size-cells = <0>; -+ status = "disable"; -+}; -diff --git a/arch/arm/boot/dts/overlays/rpi-enable-spi0-overlay.dts b/arch/arm/boot/dts/overlays/rpi-enable-spi0-overlay.dts -new file mode 100644 -index 0000000..1171b7a ---- /dev/null -+++ b/arch/arm/boot/dts/overlays/rpi-enable-spi0-overlay.dts -@@ -0,0 +1,7 @@ -+/dts-v1/; -+/plugin/; -+&spi0 { -+ #address-cells = <1>; -+ #size-cells = <0>; -+ status = "okay"; -+}; --- -2.19.0 - diff --git a/SPECS/dtb-raspberrypi/0001-upstream-pi4-overlay-enable-fb.patch b/SPECS/dtb-raspberrypi/0001-upstream-pi4-overlay-enable-fb.patch deleted file mode 100644 index 9963baf809..0000000000 --- a/SPECS/dtb-raspberrypi/0001-upstream-pi4-overlay-enable-fb.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 6cef8c70317df332cc56bc8dfac11b981b5452ab Mon Sep 17 00:00:00 2001 -From: Ajay Kaher -Date: Thu, 7 Jan 2021 17:29:28 +0000 -Subject: [PATCH] upstream-pi4-overlay: enable fb - -on rpi4, HDMI not working if fb is disabled. ---- - arch/arm/boot/dts/overlays/upstream-pi4-overlay.dts | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/arch/arm/boot/dts/overlays/upstream-pi4-overlay.dts b/arch/arm/boot/dts/overlays/upstream-pi4-overlay.dts -index e0f7cc8..e55a6ea 100644 ---- a/arch/arm/boot/dts/overlays/upstream-pi4-overlay.dts -+++ b/arch/arm/boot/dts/overlays/upstream-pi4-overlay.dts -@@ -88,7 +88,7 @@ - fragment@13 { - target = <&fb>; - __overlay__ { -- status = "disabled"; -+ status = "okay"; - }; - }; - fragment@14 { --- -2.19.0 - diff --git a/SPECS/dtb-raspberrypi/0002-audio-overlays-files.patch b/SPECS/dtb-raspberrypi/0002-audio-overlays-files.patch deleted file mode 100644 index ba04ebcd6f..0000000000 --- a/SPECS/dtb-raspberrypi/0002-audio-overlays-files.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 2acf340005da36aac9e93b56838fd7876753a9d1 Mon Sep 17 00:00:00 2001 -From: Ajay Kaher -Date: Wed, 20 Jan 2021 19:01:30 +0000 -Subject: [PATCH 2/2] audio overlays files - ---- - arch/arm/boot/dts/overlays/Makefile | 2 ++ - arch/arm/boot/dts/overlays/rpi-disable-audio-overlay.dts | 5 +++++ - arch/arm/boot/dts/overlays/rpi-enable-audio-overlay.dts | 5 +++++ - 3 files changed, 12 insertions(+) - create mode 100644 arch/arm/boot/dts/overlays/rpi-disable-audio-overlay.dts - create mode 100644 arch/arm/boot/dts/overlays/rpi-enable-audio-overlay.dts - -diff --git a/arch/arm/boot/dts/overlays/Makefile b/arch/arm/boot/dts/overlays/Makefile -index 52b81cc..0db9de5 100644 ---- a/arch/arm/boot/dts/overlays/Makefile -+++ b/arch/arm/boot/dts/overlays/Makefile -@@ -154,6 +154,8 @@ dtbo-$(CONFIG_ARCH_BCM2835) += \ - rpi-tv.dtbo \ - rpi-enable-spi0.dtbo \ - rpi-disable-spi0.dtbo \ -+ rpi-enable-audio.dtbo \ -+ rpi-disable-audio.dtbo \ - rra-digidac1-wm8741-audio.dtbo \ - sainsmart18.dtbo \ - sc16is750-i2c.dtbo \ -diff --git a/arch/arm/boot/dts/overlays/rpi-disable-audio-overlay.dts b/arch/arm/boot/dts/overlays/rpi-disable-audio-overlay.dts -new file mode 100644 -index 0000000..21bd4e3 ---- /dev/null -+++ b/arch/arm/boot/dts/overlays/rpi-disable-audio-overlay.dts -@@ -0,0 +1,5 @@ -+/dts-v1/; -+/plugin/; -+&audio { -+ status = "disable"; -+}; -diff --git a/arch/arm/boot/dts/overlays/rpi-enable-audio-overlay.dts b/arch/arm/boot/dts/overlays/rpi-enable-audio-overlay.dts -new file mode 100644 -index 0000000..ce7e880 ---- /dev/null -+++ b/arch/arm/boot/dts/overlays/rpi-enable-audio-overlay.dts -@@ -0,0 +1,5 @@ -+/dts-v1/; -+/plugin/; -+&audio { -+ status = "okay"; -+}; --- -2.19.0 - diff --git a/SPECS/dtb-raspberrypi/dtb-raspberrypi.spec b/SPECS/dtb-raspberrypi/dtb-raspberrypi.spec deleted file mode 100644 index eb8f07574e..0000000000 --- a/SPECS/dtb-raspberrypi/dtb-raspberrypi.spec +++ /dev/null @@ -1,104 +0,0 @@ -%define debug_package %{nil} -Summary: Device trees and overlays for Raspberry Pi -Name: dtb-raspberrypi -Version: 6.1.10.2023.02.28 -# Version Scheme: {kernel_ver}.{year}.{month}.{day} -Release: 1%{?dist} -License: GPLv2 -%define rpi_linux_branch rpi-6.1.y -%define rpi_linux_req 6.1.10 -URL: /~https://github.com/raspberrypi/linux -Source0: /~https://github.com/raspberrypi/linux/archive/rpi-linux-%{version}.tar.gz -%define sha512 rpi-linux=ec9c213d9a2d9be5e59a63c0f146a109095960aaa1e62f34d8f4b7744da7321678f4216ea15c64642f6e80d8e78486420da046be25a398809fc995b3b467b88f -Group: System/Boot -Vendor: VMware, Inc. -Distribution: Photon - -# enable fb to fix HDMI issue -Patch1: 0001-upstream-pi4-overlay-enable-fb.patch -# spi and audio overlays -Patch2: 0001-spi0-overlays-files.patch -Patch3: 0002-audio-overlays-files.patch - -BuildRequires: dtc -BuildRequires: bison -Requires: dtb-rpi3 = %{version}-%{release} -Requires: dtb-rpi4 = %{version}-%{release} -Requires: dtb-rpi-overlay = %{version}-%{release} -BuildArch: aarch64 - -%description -Metapackage to install all Kernel Device Tree and Overlay Blobs for Raspberry Pi - -%package -n dtb-rpi3 -Summary: Kernel Device Tree Blob files for Raspberry Pi3 -Group: System Environment/Kernel -Conflicts: linux < %{rpi_linux_req} -Conflicts: dtb-rpi-overlay < %{version}-%{release} -Conflicts: dtb-rpi-overlay > %{version}-%{release} -%description -n dtb-rpi3 -Kernel Device Tree Blob files for Raspberry Pi3 - -%package -n dtb-rpi4 -Summary: Kernel Device Tree Blob files for Raspberry Pi4 -Group: System Environment/Kernel -Conflicts: linux < %{rpi_linux_req} -Conflicts: dtb-rpi-overlay < %{version}-%{release} -Conflicts: dtb-rpi-overlay > %{version}-%{release} -%description -n dtb-rpi4 -Kernel Device Tree Blob files for Raspberry Pi4 - -%package -n dtb-rpi-overlay -Summary: Kernel Device Tree Overlay Blob files for Raspberry Pi -Group: System Environment/Kernel -Conflicts: linux < %{rpi_linux_req} -%description -n dtb-rpi-overlay -Kernel Device Tree Overlay Blob files for Raspberry Pi - -%prep -%autosetup -p1 -n rpi-linux-%{version} - -%build -# make doesn't support _smp_mflags -make mrproper -# make doesn't support _smp_mflags -make bcm2711_defconfig -make %{?_smp_mflags} dtbs - -%install -# make doesn't support _smp_mflags -make dtbs_install INSTALL_DTBS_PATH=%{buildroot}/boot/efi -pushd %{buildroot}/boot/efi -mv broadcom excluded -mv excluded/bcm2837-rpi-3-*.dtb ./ -mv excluded/bcm2711-rpi-4-*.dtb ./ -rm -rf excluded -popd - -%files -%defattr(-,root,root) - -%files -n dtb-rpi3 -%defattr(-,root,root) -/boot/efi/bcm2837-rpi-3-*.dtb - -%files -n dtb-rpi4 -%defattr(-,root,root) -/boot/efi/bcm2711-rpi-4-*.dtb - -%files -n dtb-rpi-overlay -%defattr(-,root,root,0755) -/boot/efi/overlays - -%changelog -* Mon Mar 06 2023 Ajay Kaher 6.1.10.2023.02.28-1 -- Update to v6.1.10.2023.02.28 -* Fri Mar 03 2023 Piyush Gupta 5.10.4.2021.01.07-3 -- Added bison as BuildRequires. -* Thu Jan 21 2021 Ajay Kaher 5.10.4.2021.01.07-2 -- Adding audio and spi overlay -* Thu Jan 07 2021 Ajay Kaher 5.10.4.2021.01.07-1 -- Update to v5.10.4.2021.01.07 -- Enable fb in upstream-pi4 overlay -* Fri Sep 11 2020 Bo Gan 5.9.0.2020.09.23-1 -- Initial packaging diff --git a/SPECS/dtc/dtc.spec b/SPECS/dtc/dtc.spec deleted file mode 100644 index dfb5fca6a3..0000000000 --- a/SPECS/dtc/dtc.spec +++ /dev/null @@ -1,68 +0,0 @@ -Summary: Device Tree Compiler -Name: dtc -Version: 1.6.1 -Release: 2%{?dist} -License: GPLv2+ -URL: https://devicetree.org -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://www.kernel.org/pub/software/utils/%{name}/%{name}-%{version}.tar.gz -%define sha512 %{name}=34b64f356070710fd78f34ed624a06cec02915c98ab53eddbb0843f2a4c62dc95a78aa8583d7f433db60d1233eb1a2babecd85cd8179e74f27fe46ca412cb2b3 - -BuildRequires: build-essential -BuildRequires: swig - -%description -Devicetree is a data structure for describing hardware. Rather than hard coding -every detail of a device into an operating system, many aspects of the hardware -can be described in a data structure that is passed to the operating system at -boot time. The devicetree is used by OpenFirmware, OpenPOWER Abstraction Layer -(OPAL), Power Architecture Platform Requirements (PAPR) and in the standalone -Flattened Device Tree (FDT) form. - -%package devel -Summary: Development headers for device tree library -Requires: %{name} = %{version}-%{release} - -%description devel -This package provides development files for libfdt - -%prep -%autosetup -p1 - -%build -%make_build - -%install -%make_install %{?_smp_mflags} \ - DESTDIR=%{buildroot} PREFIX=%{_prefix} \ - LIBDIR=%{_libdir} BINDIR=%{_bindir} INCLUDEDIR=%{_includedir} - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%license GPL -%doc Documentation/manual.txt -%{_bindir}/* -%{_libdir}/libfdt-%{version}.so -%{_libdir}/libfdt.so.* - -%files devel -%defattr(-,root,root) -%{_libdir}/libfdt.so -%{_libdir}/libfdt.a -%{_includedir}/* - -%changelog -* Thu Jan 12 2023 Him Kalyan Bordoloi 1.6.1-2 -- Bump up version no. as part of swig upgrade -* Fri Aug 19 2022 Ajay Kaher 1.6.1-1 -- Version update -* Wed Jul 22 2020 Gerrit Photon 1.6.0-1 -- Automatic Version Bump -* Wed Jul 24 2019 Ajay Kaher 1.5.0-1 -- Initial build. First version diff --git a/SPECS/duktape/duktape.pc.in b/SPECS/duktape/duktape.pc.in deleted file mode 100644 index 757c2cf6e8..0000000000 --- a/SPECS/duktape/duktape.pc.in +++ /dev/null @@ -1,10 +0,0 @@ -prefix=@prefix@ -exec_prefix=${prefix} -libdir=${exec_prefix}/@libdir@ -includedir=${prefix}/include - -Name: duktape -Description: Embeddable Javascript engine -Version: @PACKAGE_VERSION@ -Libs: -L${libdir} -lduktape -Cflags: -I${includedir}/ diff --git a/SPECS/duktape/duktape.spec b/SPECS/duktape/duktape.spec deleted file mode 100644 index 57f3fdcde1..0000000000 --- a/SPECS/duktape/duktape.spec +++ /dev/null @@ -1,80 +0,0 @@ -Name: duktape -Version: 2.7.0 -Release: 1%{?dist} -Summary: Embeddable Javascript engine -License: MIT -Vendor: VMware, Inc. -Group: Development/Tools -URL: http://duktape.org -Distribution: Photon - -Source0: http://duktape.org/%{name}-%{version}.tar.xz -%define sha512 %{name}=8ff5465c9c335ea08ebb0d4a06569c991b9dc4661b63e10da6b123b882e7375e82291d6b883c2644902d68071a29ccc880dae8229447cebe710c910b54496c1d - -Source1: duktape.pc.in - -BuildRequires: gcc -BuildRequires: make - -%description -Duktape is an embeddable Javascript engine, with a focus on portability and -compact footprint. - -%package devel -Summary: Development files for %{name} -Requires: %{name} = %{version}-%{release} - -%description devel -Embeddable Javascript engine. - -This package contains header files and libraries needed to develop -application that use %{name}. - -%prep -%autosetup -p1 - -sed -e's|@prefix@|%{_prefix}|' \ - -e's|@libdir@|%{_lib}|' \ - -e's|@PACKAGE_VERSION@|%{version}|' \ - < %{SOURCE1} > %{name}.pc.in - -mv Makefile.sharedlibrary Makefile - -%build -if false; then -sed -e '/^INSTALL_PREFIX/s|[^=]*$|%{_prefix}|' \ - -e '/install\:/a\\tinstall -d $(DESTDIR)$(INSTALL_PREFIX)/%{_lib}\n\tinstall -d $(DESTDIR)$(INSTALL_PREFIX)/include' \ - -e 's/\(\$.INSTALL_PREFIX.\)/$(DESTDIR)\1/g' \ - -e 's/\/lib\b/\/%{_lib}/g' \ - < Makefile.sharedlibrary > Makefile -fi - -%make_build - -%install -export INSTALL_PREFIX=%{_prefix} -%make_install %{?_smp_mflags} - -install -Dm0644 %{name}.pc.in %{buildroot}%{_libdir}/pkgconfig/%{name}.pc - -%ldconfig_scriptlets - -%files -%defattr(-,root,root) -%license LICENSE.txt -%doc AUTHORS.rst -%{_libdir}/libduktape.so.* -%{_libdir}/libduktaped.so.* - -%files devel -%defattr(-,root,root) -%doc examples/ README.rst -%{_includedir}/duk_config.h -%{_includedir}/duktape.h -%{_libdir}/libduktape.so -%{_libdir}/libduktaped.so -%{_libdir}/pkgconfig/duktape.pc - -%changelog -* Tue Oct 04 2022 Shreenidhi Shedi 2.7.0-1 -- First build. Needed by polkit. diff --git a/SPECS/dwarves/0001-btf_encoder-Add-extra-debug-info-for-unsupported-DWA.patch b/SPECS/dwarves/0001-btf_encoder-Add-extra-debug-info-for-unsupported-DWA.patch deleted file mode 100644 index 9c57244090..0000000000 --- a/SPECS/dwarves/0001-btf_encoder-Add-extra-debug-info-for-unsupported-DWA.patch +++ /dev/null @@ -1,38 +0,0 @@ -From d5012f7be79f1b81c9f7ac8855c11d3bf3488ea5 Mon Sep 17 00:00:00 2001 -From: Arnaldo Carvalho de Melo -Date: Tue, 4 Oct 2022 18:19:46 -0300 -Subject: [PATCH] btf_encoder: Add extra debug info for unsupported DWARF tags - -Recently we got a report of DW_TAG_unspecified_type triggering this -warning: - -[ 1413s] BTF .btf.vmlinux.bin.o -[ 1413s] Unsupported DW_TAG_unspecified_type(0x3b) -[ 1413s] Encountered error while encoding BTF. - -Probably tag->type is zero, but would be great to have this offhand, add -that info to the error message. - -Signed-off-by: Arnaldo Carvalho de Melo ---- - btf_encoder.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/btf_encoder.c b/btf_encoder.c -index 51d9897..7ad3f29 100644 ---- a/btf_encoder.c -+++ b/btf_encoder.c -@@ -963,8 +963,8 @@ static int btf_encoder__encode_tag(struct btf_encoder *encoder, struct tag *tag, - case DW_TAG_subroutine_type: - return btf_encoder__add_func_proto(encoder, tag__ftype(tag), type_id_off); - default: -- fprintf(stderr, "Unsupported DW_TAG_%s(0x%x)\n", -- dwarf_tag_name(tag->tag), tag->tag); -+ fprintf(stderr, "Unsupported DW_TAG_%s(0x%x): type: 0x%x\n", -+ dwarf_tag_name(tag->tag), tag->tag, ref_type_id); - return -1; - } - } --- -2.34.1 - diff --git a/SPECS/dwarves/0001-btf_encoder-Encode-DW_TAG_unspecified_type-returning.patch b/SPECS/dwarves/0001-btf_encoder-Encode-DW_TAG_unspecified_type-returning.patch deleted file mode 100644 index 6557855e55..0000000000 --- a/SPECS/dwarves/0001-btf_encoder-Encode-DW_TAG_unspecified_type-returning.patch +++ /dev/null @@ -1,153 +0,0 @@ -From bcc648a10cbcd0b96b84ff7c737d56ce70f7b501 Mon Sep 17 00:00:00 2001 -From: Arnaldo Carvalho de Melo -Date: Mon, 10 Oct 2022 11:20:07 -0300 -Subject: [PATCH] btf_encoder: Encode DW_TAG_unspecified_type returning - routines as void -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Since we don´t have how to encode this info in BTF, and from what we -saw, at least in this case: - -Built binutils from git://sourceware.org/git/binutils-gdb.git, then used -gcc's -B option to point to the directory with the new as, that is built -as as-new, so make a symlink, ending up with: - - 15e20ce2324a:~/git/linux # readelf -wi ./arch/x86/entry/entry.o - Contents of the .debug_info section: - - Compilation Unit @ offset 0: - Length: 0x35 (32-bit) - Version: 5 - Unit Type: DW_UT_compile (1) - Abbrev Offset: 0 - Pointer Size: 8 - <0>: Abbrev Number: 1 (DW_TAG_compile_unit) - DW_AT_stmt_list : 0 - <11> DW_AT_low_pc : 0 - <19> DW_AT_high_pc : 19 - <1a> DW_AT_name : (indirect string, offset: 0): arch/x86/entry/entry.S - <1e> DW_AT_comp_dir : (indirect string, offset: 0x17): /root/git/linux - <22> DW_AT_producer : (indirect string, offset: 0x27): GNU AS 2.39.50 - <26> DW_AT_language : 32769 (MIPS assembler) - <1><28>: Abbrev Number: 2 (DW_TAG_subprogram) - <29> DW_AT_name : (indirect string, offset: 0x36): entry_ibpb - <2d> DW_AT_external : 1 - <2d> DW_AT_type : <0x37> - <2e> DW_AT_low_pc : 0 - <36> DW_AT_high_pc : 19 - <1><37>: Abbrev Number: 3 (DW_TAG_unspecified_type) - <1><38>: Abbrev Number: 0 - -So we have that asm label encoded by GNU AS 2.39.50 as a -DW_TAG_subprogram that has as its DW_AT_type the DW_TAG_unspecified_type -0x37 that we convert to 0 (void): - - 15e20ce2324a:~/git/linux # pahole -J ./arch/x86/entry/entry.o - 15e20ce2324a:~/git/linux # pahole -JV ./arch/x86/entry/entry.o - btf_encoder__new: 'entry.o' doesn't have '.data..percpu' section - Found 0 per-CPU variables! - Found 1 functions! - File entry.o: - [1] FUNC_PROTO (anon) return=0 args=(void) - [2] FUNC entry_ibpb type_id=1 - 15e20ce2324a:~/git/linux # pfunct -F btf ./arch/x86/entry/entry.o - entry_ibpb - 15e20ce2324a:~/git/linux # pfunct --proto -F btf ./arch/x86/entry/entry.o - void entry_ibpb(void); - 15e20ce2324a:~/git/linux # - - 15e20ce2324a:~/git/linux # tools/bpf/bpftool/bpftool btf dump file ./arch/x86/entry/entry.o format raw - [1] FUNC_PROTO '(anon)' ret_type_id=0 vlen=0 - [2] FUNC 'entry_ibpb' type_id=1 linkage=static - 15e20ce2324a:~/git/linux # - -I think this is what can be done to avoid having to skip ASM DWARF when -gets widely used, i.e. binutils gets updated. - -Acked-by: Yonghong Song -Cc: Andrii Nakryiko , -Cc: Martin Liška -Link: https://lore.kernel.org/all/Y0R7uu3s%2FimnvPzM@kernel.org/ -Signed-off-by: Arnaldo Carvalho de Melo ---- - btf_encoder.c | 33 ++++++++++++++++++++++++++++++--- - 1 file changed, 30 insertions(+), 3 deletions(-) - -diff --git a/btf_encoder.c b/btf_encoder.c -index fb2ca77..a5fa04a 100644 ---- a/btf_encoder.c -+++ b/btf_encoder.c -@@ -593,6 +593,19 @@ static int32_t btf_encoder__add_func_param(struct btf_encoder *encoder, const ch - } - } - -+static int32_t btf_encoder__tag_type(struct btf_encoder *encoder, uint32_t type_id_off, uint32_t tag_type) -+{ -+ if (tag_type == 0) -+ return 0; -+ -+ if (encoder->cu->unspecified_type.tag && tag_type == encoder->cu->unspecified_type.type) { -+ // No provision for encoding this, turn it into void. -+ return 0; -+ } -+ -+ return type_id_off + tag_type; -+} -+ - static int32_t btf_encoder__add_func_proto(struct btf_encoder *encoder, struct ftype *ftype, uint32_t type_id_off) - { - struct btf *btf = encoder->btf; -@@ -603,7 +616,7 @@ static int32_t btf_encoder__add_func_proto(struct btf_encoder *encoder, struct f - - /* add btf_type for func_proto */ - nr_params = ftype->nr_parms + (ftype->unspec_parms ? 1 : 0); -- type_id = ftype->tag.type == 0 ? 0 : type_id_off + ftype->tag.type; -+ type_id = btf_encoder__tag_type(encoder, type_id_off, ftype->tag.type); - - id = btf__add_func_proto(btf, type_id); - if (id > 0) { -@@ -966,6 +979,15 @@ static int btf_encoder__encode_tag(struct btf_encoder *encoder, struct tag *tag, - return btf_encoder__add_enum_type(encoder, tag, conf_load); - case DW_TAG_subroutine_type: - return btf_encoder__add_func_proto(encoder, tag__ftype(tag), type_id_off); -+ case DW_TAG_unspecified_type: -+ /* Just don't encode this for now, converting anything with this type to void (0) instead. -+ * -+ * If we end up needing to encode this, one possible hack is to do as follows, as "const void". -+ * -+ * Returning zero means we skipped encoding a DWARF type. -+ */ -+ // btf_encoder__add_ref_type(encoder, BTF_KIND_CONST, 0, NULL, false); -+ return 0; - default: - fprintf(stderr, "Unsupported DW_TAG_%s(0x%x): type: 0x%x\n", - dwarf_tag_name(tag->tag), tag->tag, ref_type_id); -@@ -1487,7 +1509,7 @@ int btf_encoder__encode_cu(struct btf_encoder *encoder, struct cu *cu, struct co - { - uint32_t type_id_off = btf__type_cnt(encoder->btf) - 1; - struct llvm_annotation *annot; -- int btf_type_id, tag_type_id; -+ int btf_type_id, tag_type_id, skipped_types = 0; - uint32_t core_id; - struct function *fn; - struct tag *pos; -@@ -1510,8 +1532,13 @@ int btf_encoder__encode_cu(struct btf_encoder *encoder, struct cu *cu, struct co - cu__for_each_type(cu, core_id, pos) { - btf_type_id = btf_encoder__encode_tag(encoder, pos, type_id_off, conf_load); - -+ if (btf_type_id == 0) { -+ ++skipped_types; -+ continue; -+ } -+ - if (btf_type_id < 0 || -- tag__check_id_drift(pos, core_id, btf_type_id, type_id_off)) { -+ tag__check_id_drift(pos, core_id, btf_type_id + skipped_types, type_id_off)) { - err = -1; - goto out; - } --- -2.34.1 - diff --git a/SPECS/dwarves/0001-btf_encoder-Store-the-CU-being-processed-to-avoid-ch.patch b/SPECS/dwarves/0001-btf_encoder-Store-the-CU-being-processed-to-avoid-ch.patch deleted file mode 100644 index 9a87f318d4..0000000000 --- a/SPECS/dwarves/0001-btf_encoder-Store-the-CU-being-processed-to-avoid-ch.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 121a46a026afac197652cb8a4cdf2d3879d7f587 Mon Sep 17 00:00:00 2001 -From: Arnaldo Carvalho de Melo -Date: Mon, 10 Oct 2022 09:34:53 -0300 -Subject: [PATCH] btf_encoder: Store the CU being processed to avoid changing - many functions - -Having it as encoder->cu will make it available to nested function -without requiring changing all the functions leading to them. - -Signed-off-by: Arnaldo Carvalho de Melo ---- - btf_encoder.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/btf_encoder.c b/btf_encoder.c -index 7ad3f29..fb2ca77 100644 ---- a/btf_encoder.c -+++ b/btf_encoder.c -@@ -44,9 +44,13 @@ struct var_info { - uint32_t sz; - }; - -+/* -+ * cu: cu being processed. -+ */ - struct btf_encoder { - struct list_head node; - struct btf *btf; -+ struct cu *cu; - struct gobuffer percpu_secinfo; - const char *filename; - struct elf_symtab *symtab; -@@ -1255,8 +1259,9 @@ static bool ftype__has_arg_names(const struct ftype *ftype) - return true; - } - --static int btf_encoder__encode_cu_variables(struct btf_encoder *encoder, struct cu *cu, uint32_t type_id_off) -+static int btf_encoder__encode_cu_variables(struct btf_encoder *encoder, uint32_t type_id_off) - { -+ struct cu *cu = encoder->cu; - uint32_t core_id; - struct tag *pos; - int err = -1; -@@ -1488,6 +1493,7 @@ int btf_encoder__encode_cu(struct btf_encoder *encoder, struct cu *cu, struct co - struct tag *pos; - int err = 0; - -+ encoder->cu = cu; - - if (!encoder->has_index_type) { - /* cu__find_base_type_by_name() takes "type_id_t *id" */ -@@ -1603,8 +1609,9 @@ int btf_encoder__encode_cu(struct btf_encoder *encoder, struct cu *cu, struct co - } - - if (!encoder->skip_encoding_vars) -- err = btf_encoder__encode_cu_variables(encoder, cu, type_id_off); -+ err = btf_encoder__encode_cu_variables(encoder, type_id_off); - out: -+ encoder->cu = NULL; - return err; - } - --- -2.34.1 - diff --git a/SPECS/dwarves/0001-core-Record-if-a-CU-has-a-DW_TAG_unspecified_type.patch b/SPECS/dwarves/0001-core-Record-if-a-CU-has-a-DW_TAG_unspecified_type.patch deleted file mode 100644 index fb0987c054..0000000000 --- a/SPECS/dwarves/0001-core-Record-if-a-CU-has-a-DW_TAG_unspecified_type.patch +++ /dev/null @@ -1,85 +0,0 @@ -From cffe5e1f75e1612e1ffd8da5fab30e0230fbcdd4 Mon Sep 17 00:00:00 2001 -From: Arnaldo Carvalho de Melo -Date: Mon, 10 Oct 2022 09:42:30 -0300 -Subject: [PATCH] core: Record if a CU has a DW_TAG_unspecified_type - -So that the BTF encoder can turn such functions into returning void -instead, as BTF doesn't have a representation for such tags. - -First noticed with Linux circa v6.1 built with GNU AS 2.39.50, git -HEAD at the time building a .S file where the entry_ibpb assembly -"function" was encoded as DWARF with DW_TAG_unspecified_type as its -return type. - -Signed-off-by: Arnaldo Carvalho de Melo - -[ssrish: resolved a hunk failure] -Signed-off-by: Srish Srinivasan ---- - dwarf_loader.c | 7 ++++++- - dwarves.h | 8 ++++++++ - 2 files changed, 14 insertions(+), 1 deletion(-) - -diff --git a/dwarf_loader.c b/dwarf_loader.c -index c2ad2a0..41ba36b 100644 ---- a/dwarf_loader.c -+++ b/dwarf_loader.c -@@ -2000,9 +2000,11 @@ static struct tag *__die__process_tag(Dwarf_Die *die, struct cu *cu, - case DW_TAG_imported_module: - case DW_TAG_reference_type: - case DW_TAG_restrict_type: -- case DW_TAG_unspecified_type: - case DW_TAG_volatile_type: - tag = die__create_new_tag(die, cu); break; -+ case DW_TAG_unspecified_type: -+ cu->unspecified_type.tag = -+ tag = die__create_new_tag(die, cu); break; - case DW_TAG_pointer_type: - tag = die__create_new_pointer_tag(die, cu, conf); break; - case DW_TAG_ptr_to_member_type: -@@ -2063,6 +2065,8 @@ static int die__process_unit(Dwarf_Die *die, struct cu *cu, struct conf_load *co - cu__hash(cu, tag); - struct dwarf_tag *dtag = tag->priv; - dtag->small_id = id; -+ if (tag->tag == DW_TAG_unspecified_type) -+ cu->unspecified_type.type = id; - } while (dwarf_siblingof(die, die) == 0); - - return 0; -@@ -2498,6 +2502,7 @@ static int cu__recode_dwarf_types_table(struct cu *cu, - if (tag__recode_dwarf_type(tag, cu)) - return -1; - } -+ - return 0; - } - -diff --git a/dwarves.h b/dwarves.h -index bec9f08..6045e12 100644 ---- a/dwarves.h -+++ b/dwarves.h -@@ -230,6 +230,10 @@ struct debug_fmt_ops { - bool has_alignment_info; - }; - -+/* -+ * unspecified_type: If this CU has a DW_TAG_unspecified_type, as BTF doesn't have a representation for this -+ * and thus we need to check functions returning this to convert it to void. -+ */ - struct cu { - struct list_head node; - struct list_head tags; -@@ -238,6 +242,10 @@ struct cu { - struct ptr_table functions_table; - struct ptr_table tags_table; - struct rb_root functions; -+ struct { -+ struct tag *tag; -+ uint32_t type; -+ } unspecified_type; - char *name; - char *filename; - void *priv; --- -2.35.6 - diff --git a/SPECS/dwarves/0001-dwarves-Zero-initialize-struct-cu-in-cu__new-to-prev.patch b/SPECS/dwarves/0001-dwarves-Zero-initialize-struct-cu-in-cu__new-to-prev.patch deleted file mode 100644 index 5676c2b2eb..0000000000 --- a/SPECS/dwarves/0001-dwarves-Zero-initialize-struct-cu-in-cu__new-to-prev.patch +++ /dev/null @@ -1,93 +0,0 @@ -From b72f5188856df0abf45e1a707856bb4e4e86153c Mon Sep 17 00:00:00 2001 -From: Alan Maguire -Date: Fri, 21 Oct 2022 16:02:03 +0100 -Subject: [PATCH] dwarves: Zero-initialize struct cu in cu__new() to prevent - incorrect BTF types - -BTF deduplication was throwing some strange results, where core kernel -data types were failing to deduplicate due to the return values -of function type members being void (0) instead of the actual type -(unsigned int). An example of this can be seen below, where -"struct dst_ops" was failing to deduplicate between kernel and -module: - -struct dst_ops { - short unsigned int family; - unsigned int gc_thresh; - int (*gc)(struct dst_ops *); - struct dst_entry * (*check)(struct dst_entry *, __u32); - unsigned int (*default_advmss)(const struct dst_entry *); - unsigned int (*mtu)(const struct dst_entry *); -... - -struct dst_ops___2 { - short unsigned int family; - unsigned int gc_thresh; - int (*gc)(struct dst_ops___2 *); - struct dst_entry___2 * (*check)(struct dst_entry___2 *, __u32); - void (*default_advmss)(const struct dst_entry___2 *); - void (*mtu)(const struct dst_entry___2 *); -... - -This was seen with - -bcc648a10cbc ("btf_encoder: Encode DW_TAG_unspecified_type returning routines as void") - -...which rewrites the return value as 0 (void) when it is marked -as matching DW_TAG_unspecified_type: - -static int32_t btf_encoder__tag_type(struct btf_encoder *encoder, uint32_t type_id_off, uint32_t tag_type) -{ - if (tag_type == 0) - return 0; - - if (encoder->cu->unspecified_type.tag && tag_type == encoder->cu->unspecified_type.type) { - // No provision for encoding this, turn it into void. - return 0; - } - - return type_id_off + tag_type; -} - -However the odd thing was that on further examination, the unspecified type -was not being set, so why was this logic being tripped? Futher debugging -showed that the encoder->cu->unspecified_type.tag value was garbage, and -the type id happened to collide with "unsigned int"; as a result we -were replacing unsigned ints with void return values, and since this -was being done to function type members in structs, it triggered a -type mismatch which failed deduplication between kernel and module. - -The fix is simply to calloc() the cu in cu__new() instead. - -Committer notes: - -We have zalloc(size) as an alias to calloc(1, size), use it instead. - -Fixes: bcc648a10cbcd0b9 ("btf_encoder: Encode DW_TAG_unspecified_type returning routines as void") -Signed-off-by: Alan Maguire -Acked-by: Andrii Nakryiko -Acked-by: Jiri Olsa -Cc: bpf@vger.kernel.org -Cc: dwarves@vger.kernel.org -Link: https://lore.kernel.org/r/1666364523-9648-1-git-send-email-alan.maguire@oracle.com -Signed-off-by: Arnaldo Carvalho de Melo ---- - dwarves.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/dwarves.c b/dwarves.c -index fbebc1d..95a3bac 100644 ---- a/dwarves.c -+++ b/dwarves.c -@@ -626,7 +626,7 @@ struct cu *cu__new(const char *name, uint8_t addr_size, - const unsigned char *build_id, int build_id_len, - const char *filename, bool use_obstack) - { -- struct cu *cu = malloc(sizeof(*cu) + build_id_len); -+ struct cu *cu = zalloc(sizeof(*cu) + build_id_len); - - if (cu != NULL) { - uint32_t void_id; --- -2.34.1 - diff --git a/SPECS/dwarves/0001-pahole-Support-lang-lang_exclude-asm.patch b/SPECS/dwarves/0001-pahole-Support-lang-lang_exclude-asm.patch deleted file mode 100644 index 5aad1dc079..0000000000 --- a/SPECS/dwarves/0001-pahole-Support-lang-lang_exclude-asm.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 79d9a783ea74797aa4304009e0cf1bdb9235fcf4 Mon Sep 17 00:00:00 2001 -From: Arnaldo Carvalho de Melo -Date: Tue, 4 Oct 2022 18:09:33 -0300 -Subject: [PATCH] pahole: Support '--lang/--lang_exclude=asm' -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -It is disjoint from the other languages and then the first simple -implementation of language inclusion/exclusion didn't support it, add -an special case to test against 0x8001 (DW_LANG_Mips_Assembler) to cover -that. - -This is needed as recently compilers started to add DWARF constructs to -represent asm CUs that broke pahole as it didn't support -DW_TAG_unspecified_type as a "type", so add it in case in the future we -want to exclude such CUs. - -The DW_TAG_unspecified_type tag is going to be supported in the next -csets tho. - -We also may want this to exclude new tags that aren't supported in BTF, -etc. - -Cc: Martin Liška -Cc: Nick Clifton -Signed-off-by: Arnaldo Carvalho de Melo - -[ssrish: resolved a hunk failure] -Signed-off-by: Srish Srinivasan ---- - dwarves.c | 3 +++ - man-pages/pahole.1 | 2 +- - 2 files changed, 4 insertions(+), 1 deletion(-) - -diff --git a/dwarves.c b/dwarves.c -index db1dcf5..32bfec5 100644 ---- a/dwarves.c -+++ b/dwarves.c -@@ -2127,6 +2127,9 @@ int lang__str2int(const char *lang) - [DW_LANG_UPC] = "upc", - }; - -+ if (strcasecmp(lang, "asm") == 0) -+ return DW_LANG_Mips_Assembler; -+ - // c89 is the first, bliss is the last, see /usr/include/dwarf.h - for (int id = DW_LANG_C89; id <= DW_LANG_BLISS; ++id) - if (languages[id] && strcasecmp(lang, languages[id]) == 0) -diff --git a/man-pages/pahole.1 b/man-pages/pahole.1 -index bb88e2f..f60713a 100644 ---- a/man-pages/pahole.1 -+++ b/man-pages/pahole.1 -@@ -378,7 +378,7 @@ Only process compilation units built from source code written in the specified l - - Supported languages: - -- ada83, ada95, bliss, c, c89, c99, c11, c++, c++03, c++11, c++14, cobol74, -+ ada83, ada95, asm, bliss, c, c89, c99, c11, c++, c++03, c++11, c++14, cobol74, - cobol85, d, dylan, fortran77, fortran90, fortran95, fortran03, fortran08, - go, haskell, java, julia, modula2, modula3, objc, objc++, ocaml, opencl, - pascal83, pli, python, renderscript, rust, swift, upc --- -2.35.6 - diff --git a/SPECS/dwarves/dwarves.spec b/SPECS/dwarves/dwarves.spec deleted file mode 100644 index e4b6c05ad1..0000000000 --- a/SPECS/dwarves/dwarves.spec +++ /dev/null @@ -1,111 +0,0 @@ -Name: dwarves -Summary: Debugging Information Manipulation Tools (pahole & friends) -Version: 1.24 -Release: 3%{?dist} -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon -License: GPLv2 -URL: /~https://github.com/acmel/dwarves -Source0: http://fedorapeople.org/~acme/dwarves/%{name}-%{version}.tar.xz -%define sha512 %{name}-%{version}=3cdca183cf68ec46fd9a0301ae4a8a30b23a8139c65ffba64ae11f85f9e942f7341dca6f88a4a3b49f32bfd880927193a80fa011726e4a33d3e5a1a146326c06 -Patch0: 0001-pahole-Support-lang-lang_exclude-asm.patch -Patch1: 0001-btf_encoder-Add-extra-debug-info-for-unsupported-DWA.patch -Patch2: 0001-btf_encoder-Store-the-CU-being-processed-to-avoid-ch.patch -Patch3: 0001-core-Record-if-a-CU-has-a-DW_TAG_unspecified_type.patch -Patch4: 0001-btf_encoder-Encode-DW_TAG_unspecified_type-returning.patch -Patch5: 0001-dwarves-Zero-initialize-struct-cu-in-cu__new-to-prev.patch -BuildRequires: gcc -BuildRequires: cmake -BuildRequires: zlib-devel -BuildRequires: elfutils-devel -Requires: elfutils -Requires: elfutils-libelf -Requires: zlib -Requires: %{name}-libs = %{version}-%{release} - -%description -dwarves is a set of tools that use the debugging information inserted in -ELF binaries by compilers such as GCC, used by well known debuggers such as -GDB, and more recent ones such as systemtap. - -Utilities in the dwarves suite include pahole, that can be used to find -alignment holes in structs and classes in languages such as C, C++, but not -limited to these. - -It also extracts other information such as CPU cacheline alignment, helping -pack those structures to achieve more cache hits. - -These tools can also be used to encode and read the BTF type information format -used with the Linux kernel bpf syscall, using 'pahole -J' and 'pahole -F btf'. - -A diff like tool, codiff can be used to compare the effects changes in source -code generate on the resulting binaries. - -Another tool is pfunct, that can be used to find all sorts of information about -functions, inlines, decisions made by the compiler about inlining, etc. - -One example of pfunct usage is in the fullcircle tool, a shell that drivers -pfunct to generate compileable code out of a .o file and then build it using -gcc, with the same compiler flags, and then use codiff to make sure the -original .o file and the new one generated from debug info produces the same -debug info. - -Pahole also can be used to use all this type information to pretty print raw data -according to command line directions. - -Headers can have its data format described from debugging info and offsets from -it can be used to further format a number of records. - -The btfdiff utility compares the output of pahole from BTF and DWARF to make -sure they produce the same results. - -%package libs -Summary: Debugging information processing library - -%description libs -Debugging information processing library. - -%package devel -Summary: Debugging information library development files -Requires: %{name} = %{version}-%{release} - -%description devel -Debugging information processing library development files. - -%prep -%autosetup -p1 - -%build -%cmake -DCMAKE_BUILD_TYPE=Debug . -%cmake_build - -%install -%cmake_install - -%clean -rm -rf %{buildroot} - -%ldconfig_scriptlets - -%files -%defattr(-,root,root) -%{_bindir}/* - -%files libs -%defattr(-,root,root) -%{_libdir}/*.so.* - -%files devel -%defattr(-,root,root) -%{_includedir}/%{name}/*.h -%{_libdir}/*.so -%{_datadir}/* - -%changelog -* Tue Jul 11 2023 Shreenidhi Shedi 1.24-3 -- Bump version as a part of elfutils upgrade -* Fri Apr 14 2023 Shreenidhi Shedi 1.24-2 -- Bump version as a part of zlib upgrade -* Fri Apr 07 2023 Srish Srinivasan 1.24-1 -- Initial build. diff --git a/SPECS/dwz/dwz.spec b/SPECS/dwz/dwz.spec deleted file mode 100644 index 43ce16da58..0000000000 --- a/SPECS/dwz/dwz.spec +++ /dev/null @@ -1,61 +0,0 @@ -Summary: DWARF optimization and duplicate removal tool -Name: dwz -Version: 0.15 -Release: 3%{?dist} -License: GPLv2+ and GPLv3+ -URL: https://sourceware.org/dwz -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://sourceware.org/ftp/dwz/releases/%{name}-%{version}.tar.xz -%define sha512 %{name}=43eb4b08c1f529859dc3466697d5ad7e172d6efbf21409530a67a2492ae4acc3734d5134bbd6e07c089ecc358d915871b13e22f6e4f1dd4c3af19ef804f8fcc5 - -BuildRequires: gcc -BuildRequires: gdb -BuildRequires: dejagnu -BuildRequires: make -BuildRequires: elfutils-libelf-devel -BuildRequires: xxhash-devel - -Requires: elfutils-libelf - -%description -The dwz package contains a program that attempts to optimize DWARF -debugging information contained in ELF shared libraries and ELF executables -for size, by replacing DWARF information representation with equivalent -smaller representation where possible and by reducing the amount of -duplication using techniques from DWARF standard appendix E - creating -DW_TAG_partial_unit compilation units (CUs) for duplicated information -and using DW_TAG_imported_unit to import it into each CU that needs it. - -%prep -%autosetup -p1 -n %{name} - -%build -%make_build CFLAGS='%{optflags}' \ - prefix=%{_prefix} mandir=%{_mandir} bindir=%{_bindir} - -%install -rm -rf %{buildroot} -%make_install prefix=%{_prefix} mandir=%{_mandir} bindir=%{_bindir} - -%check -%if 0%{?with_check} -make check %{?_smp_mflags} -%endif - -%files -%defattr(-,root,root) -%{_bindir}/%{name} -%{_mandir}/man1/%{name}.1* - -%changelog -* Tue Jul 11 2023 Shreenidhi Shedi 0.15-3 -- Bump version as a part of elfutils upgrade -* Fri Jan 06 2023 Vamsi Krishna Brahmajosyula 0.15-2 -- Bump up due to change in elfutils -* Tue Dec 13 2022 Gerrit Photon 0.15-1 -- Automatic Version Bump. Add xxhash-devel as build requirement. -* Fri Dec 10 2021 Shreenidhi Shedi 0.14-1 -- Intial version. Needed for rpm-4.17.0 diff --git a/SPECS/e2fsprogs/e2fsprogs.spec b/SPECS/e2fsprogs/e2fsprogs.spec deleted file mode 100644 index 4c1313555f..0000000000 --- a/SPECS/e2fsprogs/e2fsprogs.spec +++ /dev/null @@ -1,187 +0,0 @@ -Summary: Contains the utilities for the ext2 file system -Name: e2fsprogs -Version: 1.46.5 -Release: 1%{?dist} -License: GPLv2+ -URL: http://e2fsprogs.sourceforge.net -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://prdownloads.sourceforge.net/e2fsprogs/%{name}-%{version}.tar.gz -%define sha512 %{name}=1a3496cb6ac575c7a5c523cc4eede39bc77c313a6d1fea2d303fc967792d75d94e42d7821e1a61b7513509320aae4a7170506decf5753ddbd1dda9d304cc392e - -Requires: %{name}-libs = %{version}-%{release} - -Conflicts: toybox < 0.8.2-2 - -BuildRequires: util-linux-devel - -Requires: util-linux-libs - -%description -The E2fsprogs package contains the utilities for handling the ext2 file system. - -%package libs -Summary: contains libraries used by other packages - -%description libs -It contains the libraries: libss and libcom_err - -%package devel -Summary: Header and development files for %{name} -Requires: %{name} = %{version}-%{release} - -%description devel -It contains the libraries and header files to create applications - -%package lang -Summary: Additional language files for %{name} -Group: System Environment/Base -Requires: %{name} = %{version}-%{release} - -%description lang -These are the additional language files of %{name} - -%prep -%autosetup -p1 -sed -i -e 's|^LD_LIBRARY_PATH.*|&:/tools/lib|' tests/test_config - -%build -export LIBS=-L/tools/libi; \ -export CFLAGS=-I/tools/include; \ -export PKG_CONFIG_PATH=/tools/lib/pkgconfig -%configure \ - --with-root-prefix='' \ - --enable-elf-shlibs \ - --disable-libblkid \ - --disable-libuuid \ - --disable-uuidd \ - --disable-fsck \ - --disable-silent-rules \ - --enable-symlink-install - -%make_build - -%install -%make_install %{?_smp_mflags} -make DESTDIR=%{buildroot} install-libs %{?_smp_mflags} -chmod -v u+w %{buildroot}%{_libdir}/{libcom_err,libe2p,libext2fs,libss}.a -rm -rf %{buildroot}%{_infodir} - -%find_lang %{name} - -%if 0%{?with_check} -%check -make %{?_smp_mflags} check -%endif - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%config %{_sysconfdir}/mke2fs.conf -%config %{_sysconfdir}/e2scrub.conf -%{_bindir}/compile_et -%{_bindir}/mk_cmds -%{_bindir}/chattr -%{_bindir}/lsattr -%{_libdir}/e2initrd_helper -%{_datadir}/ss/ct_c.awk -%{_datadir}/ss/ct_c.sed -%{_datadir}/et/et_h.awk -%{_datadir}/et/et_c.awk -%{_mandir}/man8/* -%{_mandir}/man1/* -%{_mandir}/man5/* -%{_sbindir}/* -%{_libdir}/libext2fs.so.2.4 -%{_libdir}/libe2p.so.2.3 -%{_libdir}/libe2p.so.2 -%{_libdir}/libext2fs.so.2 -%{_libdir}/libe2p.so -%{_libdir}/libext2fs.so - -%files libs -%{_libdir}/libss.so -%{_libdir}/libss.so.* -%{_libdir}/libcom_err.so -%{_libdir}/libcom_err.so.* - -%files devel -%{_includedir}/ss/ss_err.h -%{_includedir}/ss/ss.h -%{_includedir}/et/com_err.h -%{_includedir}/ext2fs/ext2_io.h -%{_includedir}/ext2fs/ext2_fs.h -%{_includedir}/ext2fs/tdb.h -%{_includedir}/ext2fs/qcow2.h -%{_includedir}/ext2fs/bitops.h -%{_includedir}/ext2fs/ext2_err.h -%{_includedir}/ext2fs/ext2fs.h -%{_includedir}/ext2fs/ext3_extents.h -%{_includedir}/ext2fs/ext2_types.h -%{_includedir}/ext2fs/ext2_ext_attr.h -%{_includedir}/ext2fs/hashmap.h -%{_includedir}/e2p/e2p.h -%{_includedir}/com_err.h -%{_libdir}/libcom_err.a -%{_libdir}/libss.a -%{_libdir}/pkgconfig/ss.pc -%{_libdir}/pkgconfig/ext2fs.pc -%{_libdir}/pkgconfig/com_err.pc -%{_libdir}/pkgconfig/e2p.pc -%{_libdir}/libe2p.a -%{_libdir}/libext2fs.a -%{_mandir}/man3/* - -%files lang -f %{name}.lang -%defattr(-,root,root) - -%changelog -* Mon Apr 18 2022 Gerrit Photon 1.46.5-1 -- Automatic Version Bump -* Mon Apr 12 2021 Gerrit Photon 1.46.2-1 -- Automatic Version Bump -* Mon Apr 12 2021 Gerrit Photon 1.46.2-3 -- Automatic Version Bump -* Mon Oct 05 2020 Tapas Kundu 1.45.6-2 -- Exclude .a file from libs -* Tue Sep 01 2020 Gerrit Photon 1.45.6-1 -- Automatic Version Bump -* Thu Apr 16 2020 Alexey Makhalov 1.45.5-2 -- Do not conflict with toybox >= 0.8.2-2 -* Mon Jan 27 2020 Shreyas B. 1.45.5-1 -- Make devel depend on the version-release instead of version alone. -- Upgrade to v1.45.5. -* Tue Nov 26 2019 Alexey Makhalov 1.44.3-4 -- Add util-linux dependencies. -* Tue Oct 22 2019 Shreyas B. 1.44.3-3 -- Fixes for CVE-2019-5094. -* Tue Oct 2 2018 Michelle Wang 1.44.3-2 -- Add conflicts toybox. -* Mon Sep 10 2018 Alexey Makhalov 1.44.3-1 -- Version update to fix compilation issue againts glibc-2.28. -* Tue May 02 2017 Anish Swaminathan 1.43.4-2 -- Add lang package. -* Mon Apr 03 2017 Chang Lee 1.43.4-1 -- Updated to version 1.43.4. -* Wed Dec 07 2016 Xiaolin Li 1.42.13-5 -- Moved man3 to devel subpackage. -* Wed Nov 16 2016 Alexey Makhalov 1.42.13-4 -- Create libs subpackage for krb5. -* Tue Sep 20 2016 Alexey Makhalov 1.42.13-3 -- Use symlinks - save a diskspace. -* Tue May 24 2016 Priyesh Padmavilasom 1.42.13-2 -- GA - Bump release of all rpms. -* Tue Jan 12 2016 Xiaolin Li 1.42.13-1 -- Updated to version 1.42.13. -* Wed Dec 09 2015 Anish Swaminathan 1.42.9-4 -- Edit post script. -* Tue Nov 10 2015 Xiaolin Li 1.42.9-3 -- Handled locale files with macro find_lang. -* Mon May 18 2015 Touseef Liaqat 1.42.9-2 -- Update according to UsrMove. -* Wed Nov 5 2014 Divya Thaluru 1.42.9-1 -- Initial build First version. diff --git a/SPECS/ebtables/0001-ebtables-Initialise-len-and-flags-in-ebt_nflog_info-.patch b/SPECS/ebtables/0001-ebtables-Initialise-len-and-flags-in-ebt_nflog_info-.patch deleted file mode 100644 index a669958383..0000000000 --- a/SPECS/ebtables/0001-ebtables-Initialise-len-and-flags-in-ebt_nflog_info-.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 6bdba673a1f2f03a211403cd7865ab1c7e737eaa Mon Sep 17 00:00:00 2001 -From: Ashwin Dayanand Kamat -Date: Wed, 2 Nov 2022 14:38:23 +0000 -Subject: [PATCH] ebtables: Initialise len and flags in ebt_nflog_info - structure - -The modern compilers might do this by default. -But for safe side and to have clean code, the below patch has been -added as per HCX Team requirement. ---- - extensions/ebt_nflog.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/extensions/ebt_nflog.c b/extensions/ebt_nflog.c -index 04c547d..d3bbf96 100644 ---- a/extensions/ebt_nflog.c -+++ b/extensions/ebt_nflog.c -@@ -50,6 +50,8 @@ static void init(struct ebt_entry_watcher *watcher) - struct ebt_nflog_info *info = (struct ebt_nflog_info *)watcher->data; - - info->prefix[0] = '\0'; -+ info->len = 0; -+ info->flags = 0; - info->group = EBT_NFLOG_DEFAULT_GROUP; - info->threshold = EBT_NFLOG_DEFAULT_THRESHOLD; - } --- -2.23.3 - diff --git a/SPECS/ebtables/ebtables b/SPECS/ebtables/ebtables deleted file mode 100644 index 516a0a378b..0000000000 --- a/SPECS/ebtables/ebtables +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/bash -set -o pipefail - -# compat for removed initscripts dependency - -success() { - echo "[ OK ]" - return 0 -} - -failure() { - echo "[FAILED]" - return 1 -} - -# internal variables -EBTABLES_CONFIG=/etc/sysconfig/ebtables-config -EBTABLES_DATA=/etc/sysconfig/ebtables -EBTABLES_TABLES="filter nat" -if ebtables --version | grep -q '(legacy)'; then - EBTABLES_TABLES+=" broute" -fi -VAR_SUBSYS_EBTABLES=/var/lock/subsys/ebtables - -# ebtables-config defaults -EBTABLES_SAVE_ON_STOP="no" -EBTABLES_SAVE_ON_RESTART="no" -EBTABLES_SAVE_COUNTER="no" - -# load config if existing -[ -f "$EBTABLES_CONFIG" ] && . "$EBTABLES_CONFIG" - -initialize() { - local ret=0 - local table='' - for table in $EBTABLES_TABLES; do - ebtables -v -t $table --init-table || ret=1 - done - return $ret -} - -sanitize_dump() { - local drop=false - local line='' - - export EBTABLES_TABLES - - while read -r line; - do - case $line in - \**) - drop=false - local table="${line#\*}" - local found=false - local t='' - for t in $EBTABLES_TABLES; do - if [[ $t == $table ]]; then - found=true - break - fi - done - $found || drop=true - ;; - esac - $drop || echo "$line" - done < $1 -} - -start() { - if [ -f $EBTABLES_DATA ]; then - echo -n "ebtables: loading ruleset from $EBTABLES_DATA: " - sanitize_dump $EBTABLES_DATA | ebtables-restore - else - echo -n "ebtables: no stored ruleset, initializing empty tables: " - initialize - fi - local ret=$? - touch $VAR_SUBSYS_EBTABLES - return $ret -} - -save() { - echo -n "ebtables: saving active ruleset to $EBTABLES_DATA: " - export EBTABLES_SAVE_COUNTER - ebtables-save >$EBTABLES_DATA && success || failure -} - -case $1 in - start) - [ -f "$VAR_SUBSYS_EBTABLES" ] && exit 0 - start && success || failure - RETVAL=$? - ;; - stop) - [ "x$EBTABLES_SAVE_ON_STOP" = "xyes" ] && save - echo -n "ebtables: stopping firewall: " - initialize && success || failure - RETVAL=$? - rm -f $VAR_SUBSYS_EBTABLES - ;; - save) - save - RETVAL=$? - ;; - *) - echo "usage: ${0##*/} {start|stop|save}" >&2 - RETVAL=2 - ;; -esac - -exit $RETVAL diff --git a/SPECS/ebtables/ebtables-config b/SPECS/ebtables/ebtables-config deleted file mode 100644 index 69d928942d..0000000000 --- a/SPECS/ebtables/ebtables-config +++ /dev/null @@ -1,11 +0,0 @@ -# Save current firewall rules on stop. -# Value: yes|no, default: no -# Saves all firewall rules if firewall gets stopped -# (e.g. on system shutdown). -EBTABLES_SAVE_ON_STOP="no" - -# Save (and restore) rule counters. -# Value: yes|no, default: no -# Save rule counters when saving a kernel table to a file. If the -# rule counters were saved, they will be restored when restoring the table. -EBTABLES_SAVE_COUNTER="no" diff --git a/SPECS/ebtables/ebtables.service b/SPECS/ebtables/ebtables.service deleted file mode 100644 index 22baa019a6..0000000000 --- a/SPECS/ebtables/ebtables.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Ethernet Bridge Filtering Tables -ConditionFileIsExecutable=/etc/systemd/scripts/ebtables -After=network.target - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/etc/systemd/scripts/ebtables start -ExecStop=/etc/systemd/scripts/ebtables stop - -[Install] -WantedBy=multi-user.target diff --git a/SPECS/ebtables/ebtables.spec b/SPECS/ebtables/ebtables.spec deleted file mode 100644 index 519a55aad8..0000000000 --- a/SPECS/ebtables/ebtables.spec +++ /dev/null @@ -1,112 +0,0 @@ -Summary: A filtering tool for a Linux-based bridging firewall. -Name: ebtables -Version: 2.0.11 -Release: 2%{?dist} -License: GPLv2+ -URL: http://ebtables.netfilter.org -Group: System Environment/Security -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://www.netfilter.org/pub/ebtables/%{name}-%{version}.tar.gz -%define sha512 %{name}=43a04c6174c8028c501591ef260526297e0f018016f226e2a3bcf80766fddf53d4605c347554d6da7c4ab5e2131584a18da20916ffddcbf2d26ac93b00c5777f -Source1: %{name} -Source2: %{name}.service -Source3: %{name}-config - -Patch0: 0001-ebtables-Initialise-len-and-flags-in-ebt_nflog_info-.patch - -BuildRequires: systemd-devel -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: libtool -BuildRequires: gcc -BuildRequires: make - -Requires: systemd -Requires: chkconfig - -%description -Ethernet bridge tables is a firewalling tool to transparently filter network -traffic passing a bridge. The filtering possibilities are limited to link -layer filtering and some basic filtering on higher network layers. - -This tool is the userspace control for the bridge and %{name} kernel -components (built by default in Fedora kernels). - -The %{name} tool can be used together with the other Linux filtering tools, -like iptables. There are no known incompatibility issues. - -%prep -%autosetup -p1 - -%build -sh ./autogen.sh -%configure --disable-silent-rules LOCKFILE=/run/%{name}.lock -%make_build - -%install -%make_install - -rm -f %{buildroot}%{_libdir}/*.la - -mkdir -p %{buildroot}%{_unitdir} -install -vdm755 %{buildroot}%{_sysconfdir}/systemd/scripts -install -m 755 %{SOURCE1} %{buildroot}%{_sysconfdir}/systemd/scripts/%{name} -install -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service -install -D -m 600 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/ebtables-config - -# prepare for alternatives -touch %{buildroot}%{_sbindir}/%{name}{,-save,-restore} - -install -vdm755 %{buildroot}%{_presetdir} -echo "disable %{name}.service" > %{buildroot}%{_presetdir}/50-%{name}.preset - -%preun -%systemd_preun ebtables.service - -%post -/sbin/ldconfig -alternatives --install %{_sbindir}/%{name} %{name} %{_sbindir}/%{name}-legacy 10000 \ - --slave %{_sbindir}/%{name}-save %{name}-save %{_sbindir}/%{name}-legacy-save \ - --slave %{_sbindir}/%{name}-restore %{name}-restore %{_sbindir}/%{name}-legacy-restore -%systemd_post ebtables.service - -%postun -# Do alternative remove only in case of uninstall -if [ $1 -eq 0 ]; then - alternatives --remove %{name} %{_sbindir}/%{name}-legacy -fi -/sbin/ldconfig -%systemd_postun_with_restart ebtables.service - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_sbindir}/* -%{_mandir}/man8/* -%{_libdir}/*.so -%{_libdir}/*.so.* -%{_unitdir}/* -%{_presetdir}/50-%{name}.preset -%config(noreplace) %{_sysconfdir}/ethertypes -%{_sysconfdir}/systemd/scripts/%{name} -%config(noreplace) %{_sysconfdir}/sysconfig/%{name}-config -%ghost %{_sbindir}/ebtables{,-save,-restore} - -%changelog -* Sun Jan 22 2023 Vamsi Krishna Brahmajosyula 2.0.11-2 -- Use alternatives for ebtables -* Wed May 11 2022 Shreenidhi Shedi 2.0.11-1 -- Upgrade to v2.0.11 -- Initialise len and flags in ebt_nflog_info structure -* Wed Jul 05 2017 Chang Lee 2.0.10-4 -- Commented out %check due to the limited chroot environment of bind. -* Thu Jun 29 2017 Divya Thaluru 2.0.10-3 -- Disabled ebtables service by default -* Mon May 15 2017 Xiaolin Li 2.0.10-2 -- Added systemd to Requires and BuildRequires. -* Wed Jan 18 2017 Xiaolin Li 2.0.10-1 -- Initial build. diff --git a/SPECS/ed/ed.spec b/SPECS/ed/ed.spec deleted file mode 100644 index 3b4a62764d..0000000000 --- a/SPECS/ed/ed.spec +++ /dev/null @@ -1,52 +0,0 @@ -Summary: Ed - A line-oriented text editor -Name: ed -Version: 1.19 -Release: 1%{?dist} -URL: https://www.gnu.org/software/ed/ -License: GPLv3 -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon -Source0: https://fossies.org/linux/privat/%{name}-%{version}.tar.gz -%define sha512 ed=5d515db9710ec485e5f4b727052a5237bdf7efcfd2efaee0ce8ff4f0b970dbfa444820d39fb86b3393cc342fab64f0ecc9c2e5572f63dc84adf17dca33a8fa1b -%description -Ed - A line-oriented text editor - -%prep -%autosetup -p1 - -%build -sh configure --prefix=/usr CC=%{_host}-gcc -make V=1 %{?_smp_mflags} - -%install -make DESTDIR=%{buildroot} install %{?_smp_mflags} -install -vdm 755 %{buildroot}%{_lib} - -%check -make %{?_smp_mflags} check - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_bindir}/ed -%{_bindir}/red -%{_infodir}/* -%exclude %{_datadir}/info/dir -%{_mandir}/man1/* - -%changelog -* Tue May 23 2023 Siju Maliakal 1.19-1 -- Upgrading to latest version for CVE-2017-5357 -* Fri Jun 18 2021 Nitesh Kumar 1.4-2 -- Removed devel Package -* Mon Apr 12 2021 Gerrit Photon 1.4-1 -- Automatic Version Bump -* Wed Jul 15 2020 Gerrit Photon 1.16-1 -- Automatic Version Bump -* Thu Nov 15 2018 Alexey Makhalov 1.14.2-2 -- Cross compilation support -* Thu Sep 27 2018 Sujay G 1.14.2-1 -- Initial build. diff --git a/SPECS/edgex/edgex-template.service b/SPECS/edgex/edgex-template.service deleted file mode 100644 index 8f855c160f..0000000000 --- a/SPECS/edgex/edgex-template.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=EdgeX SERVICE_NAME -Requires=network.target -After=network.target consul.service edgex-core-config-seed.service - -[Service] -ExecStart=/usr/bin/edgex-SERVICE_NAME -ExecReload=/usr/bin/kill -HUP $MAINPID -KillSignal=SIGINT -Restart=on-failure -WorkingDirectory=/usr/share/edgex/SERVICE_NAME - -[Install] -WantedBy=multi-user.target diff --git a/SPECS/edgex/edgex.spec b/SPECS/edgex/edgex.spec deleted file mode 100644 index a3ecfe3940..0000000000 --- a/SPECS/edgex/edgex.spec +++ /dev/null @@ -1,156 +0,0 @@ -%global security_hardening nopie -%define debug_package %{nil} -%define __os_install_post %{nil} - -Summary: EdgeX Foundry Go Services -Name: edgex -Version: 2.2.0 -Release: 11%{?dist} -License: Apache-2.0 -URL: /~https://github.com/edgexfoundry/edgex-go -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/edgexfoundry/edgex-go/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=446f34753fe095049095f3525d77b0b1b1cc3b04f22c9955c6a5262908526547e84ba48581dc3ca67c47a65d029291a204c9ca88cc791a136245915e5623fece - -Source1: %{name}-template.service - -BuildRequires: go -BuildRequires: make -BuildRequires: systemd-devel -BuildRequires: zeromq-devel - -Requires: systemd -Requires: zeromq -Requires: redis - -%description -EdgeX Foundry Go Services: -- core-command -- core-data -- core-metadata -- export-client -- export-distro -- support-logging -- support-notifications -- support-scheduler -- sys-mgmt-agent - -%prep -%autosetup -p1 -c -T -a0 -n src/github.com/edgexfoundry -mv %{_builddir}/src/github.com/edgexfoundry/%{name}-go-%{version} %{_builddir}/src/github.com/edgexfoundry/%{name}-go - -%build -cd %{_builddir}/src/github.com/edgexfoundry/%{name}-go - -go mod tidy -export GO111MODULE=auto - -# Disable consul [Registry] section for all services -find cmd -name configuration.toml | xargs sed -i "/^\[Registry\]/,+3 s/^/#/" - -%make_build build - -%install -# edgex-go -cd %{_builddir}/src/github.com/edgexfoundry/%{name}-go - -install -d -m755 %{buildroot}%{_bindir} -install -d -m755 %{buildroot}%{_datadir}/%{name} -install -d -m755 %{buildroot}%{_var}/log/%{name} -install -d -m755 %{buildroot}%{_unitdir} - -# install binary -for srv in core-command core-data core-metadata \ - security-proxy-setup security-secretstore-setup \ - support-notifications support-scheduler \ - sys-mgmt-agent; do - - install -p -m755 cmd/${srv}/${srv} %{buildroot}%{_bindir}/%{name}-${srv} - - install -d -m755 %{buildroot}%{_datadir}/%{name}/${srv}/res - - install -p -m644 cmd/${srv}/res/configuration.toml \ - %{buildroot}%{_datadir}/%{name}/${srv}/res/configuration.toml - - sed "s/SERVICE_NAME/${srv}/" %{SOURCE1} > %{buildroot}%{_unitdir}/%{name}-${srv}.service -done - -install -p -m755 cmd/security-file-token-provider/security-file-token-provider \ - %{buildroot}%{_bindir}/%{name}-security-file-token-provider - -sed "s/SERVICE_NAME/security-file-token-provider/" %{SOURCE1} > \ - %{buildroot}%{_unitdir}/%{name}-security-file-token-provider.service - -install -p -m755 cmd/sys-mgmt-executor/sys-mgmt-executor \ - %{buildroot}%{_bindir}/%{name}-sys-mgmt-executor - -sed "s/SERVICE_NAME/sys-mgmt-executor/" %{SOURCE1} > \ - %{buildroot}%{_unitdir}/%{name}-sys-mgmt-executor.service - -# core data does not stop on SIGINT, so use SIGKILL instead. -# It allows `systemctl stop edgex-core-data` to work properly. -sed -i "s/SIGINT/SIGKILL/" %{buildroot}%{_unitdir}/%{name}-core-data.service - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_datadir}/* -%{_libdir}/* -%{_var}/log/* - -%changelog -* Wed Oct 11 2023 Piyush Gupta 2.2.0-11 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 2.2.0-10 -- Bump up version to compile with new go -* Mon Sep 11 2023 Nitesh Kumar 2.2.0-9 -- Bump up version to consume redis v7.0.13 -* Mon Jul 17 2023 Piyush Gupta 2.2.0-8 -- Bump up version to compile with new go -* Thu Jul 13 2023 Nitesh Kumar 2.2.0-7 -- Bump up version to consume redis v7.0.12 -* Mon Jul 03 2023 Piyush Gupta 2.2.0-6 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 2.2.0-5 -- Bump up version to compile with new go -* Thu Mar 09 2023 Piyush Gupta 2.2.0-4 -- Bump up version to compile with new go -* Mon Nov 21 2022 Piyush Gupta 2.2.0-3 -- Bump up version to compile with new go -* Wed Oct 26 2022 Piyush Gupta 2.2.0-2 -- Bump up version to compile with new go -* Sun Aug 14 2022 Shreenidhi Shedi 2.2.0-1 -- Upgrade to v2.2.0 -* Wed Jul 27 2022 Shreenidhi Shedi 1.3.1-3 -- Bump version as a part of redis upgrade -* Tue Jul 19 2022 Piyush Gupta 1.3.1-2 -- Bump up version to compile with new go -* Sat Jul 02 2022 Shreenidhi Shedi 1.3.1-1 -- Upgrade to v1.3.1 -- security-secretstore-read has been removed from upstream -* Tue Oct 26 2021 Nitesh Kumar 1.2.1-7 -- Bump up to consume redis v6.2.6. -* Wed Aug 18 2021 Shreyas B 1.2.1-6 -- Bump up to consume redis v6.2.5 -* Fri Jun 11 2021 Piyush Gupta 1.2.1-5 -- Bump up version to compile with new go -* Tue May 25 2021 Shreyas B 1.2.1-4 -- Bump up version to consume redis v6.2.3 -* Fri Feb 05 2021 Harinadh D 1.2.1-3 -- Bump up version to compile with new go -* Fri Jan 15 2021 Piyush Gupta 1.2.1-2 -- Bump up version to compile with new go -* Mon Jun 22 2020 Gerrit Photon 1.2.1-1 -- Automatic Version Bump -* Mon Feb 04 2019 Alexey Makhalov 0.7.1-2 -- Remove consul dependency. -- Use SIGKILL for core-data to terminate the service. -* Wed Jan 16 2019 Alexey Makhalov 0.7.1-1 -- Version update. Use redis db. -* Wed Dec 05 2018 Alexey Makhalov 0.6.0-2 -- Remove 'Requires: mongodb'. But edgex still depends on mongo. -* Fri Jul 06 2018 Alexey Makhalov 0.6.0-1 -- Initial version diff --git a/SPECS/efibootmgr/efibootmgr.spec b/SPECS/efibootmgr/efibootmgr.spec deleted file mode 100644 index 9333aa00f8..0000000000 --- a/SPECS/efibootmgr/efibootmgr.spec +++ /dev/null @@ -1,52 +0,0 @@ -Summary: Tools and libraries to manipulate EFI variables -Name: efibootmgr -Version: 18 -Release: 2%{?dist} -License: GPLv2 -URL: /~https://github.com/rhinstaller/efibootmgr/ -Group: System Environment/System Utilities -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/rhinstaller/efibootmgr/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz -%define sha512 %{name}=04e40a705cb82440fd823043b598ef9fd1acc2ceda3e8d043a93e49d43ea9481b7386cad0f46de9862beff19b8a5480d79e7d6522ae584aff6655472f967764d - -BuildRequires: efivar-devel -BuildRequires: pciutils -BuildRequires: zlib - -%description -efibootmgr is a userspace application used to modify the Intel Extensible Firmware Interface (EFI) Boot Manager. This application can create and destroy boot entries, change the boot order, change the next running boot option, and more. - -%prep -%autosetup -p1 - -%build -%make_build EFIDIR=BOOT EFI_LOADER=grubx64.efi - -%install -%make_install %{?_smp_mflags} EFIDIR=BOOT EFI_LOADER=grubx64.efi - -gzip -9 %{buildroot}%{_mandir}/man8/%{name}.8 -gzip -9 %{buildroot}%{_mandir}/man8/efibootdump.8 - -%clean -rm -rf %{buildroot}/* -%files -%defattr(-,root,root) -%{_sbindir}/* -%{_mandir}/man8/* - -%changelog -* Fri Apr 14 2023 Shreenidhi Shedi 18-2 -- Bump version as a part of zlib upgrade -* Mon Feb 20 2023 Gerrit Photon 18-1 -- Automatic Version Bump -* Mon Jun 22 2020 Gerrit Photon 17-1 -- Automatic Version Bump -* Fri Apr 14 2017 Alexey Makhalov 15-1 -- Version update. -* Tue May 24 2016 Priyesh Padmavilasom 0.12-2 -- GA - Bump release of all rpms -* Mon Jul 6 2015 Sharath George 0.12-1 -- Initial build. First version. Install steps from spec file in source. diff --git a/SPECS/efivar/efisecdb.1 b/SPECS/efivar/efisecdb.1 deleted file mode 100644 index 8bd1e0eea5..0000000000 --- a/SPECS/efivar/efisecdb.1 +++ /dev/null @@ -1,208 +0,0 @@ -.\" Automatically generated from an mdoc input file. Do not edit. -.TH "EFISECDB" "1" "January 7, 2021" "" "General Commands Manual" -.nh -.if n .ad l -.SH "NAME" -\fBefisecdb\fR -\- utility for managing UEFI signature lists -.SH "SYNOPSIS" -.HP 9n -\fBefisecdb\fR -[\fB\-s\fR\ \fISORT\fR] -[\fB\-i\fR\ \fIfile\fR\ [\fB\-i\fR\ \fIfile\fR] -\&...] -\ \p -[\fB\-g\fR\ \fIguid\fR -\(la\fB\-a\fR\ |\ \fB\-r\fR\(ra -\(la[\fB\-t\fR\ \fIhash-type\fR]\ \fB\-h\fR\ \fIhash\fR\ | -\fB\-c\fR\ \fIfile\fR\(ra -\ \p -[\fB\-g\fR\ \fIguid\fR -\(la\fB\-a\fR\ |\ \fB\-r\fR\(ra -\(la[\fB\-t\fR\ \fIhash-type\fR]\ \fB\-h\fR\ \fIhash\fR\ | -\fB\-c\fR\ \fIfile\fR\(ra] -\&...] -\(la\fB\-d\fR\ [\fB\-A\fR] -| -\fB\-o\fR\ \fIfile\fR -| -\fB\-L\fR\(ra -.SH "DESCRIPTION" -\fBefisecdb\fR -is a command line utility for management of UEFI signature lists in detached -files. That is, it's for command line generation and management of files in the -format of KEK, DB, and DBX. -.sp -Operation occurs in three phases: -.PD 0 -.TP 5n -1.\& -Loading of security databases specified with \fB\-\-input\fR -.TP 5n -2.\& -Left-to-right processing of other options, using \fB\-\-hash-type,\fR \fB\-\-owner-guid,\fR \fB\-\-add,\fR -and \fB\-\-remove\fR -as state to build selectors to add or remove hashes and certificates specified by \fB\-\-hash\fR -and \fB\-\-certificate\fR.\fR -.TP 5n -3.\& -Generation of output -.PP -The accumulated state is persistent; once an Owner GUID, Add or Delete -operation, or hash type are specified, they need only be present again to -change the operations that follow. Operations are added to the list to process -when -\fB\-h\fR \fIhash\fR -or -\fB\-c\fR \fIcert\fR -are specified, and are processed in the order they appear. Additionally, -at least one -\fB\-g\fR -argument and either \fB\-\-add\fR -or \fB\-\-remove\fR -must appear before the first use of -\fB\-h\fR \fIhash\fR -or -\fB\-c\fR \fIcert\fR.\fR -.PD -.SH "OPTIONS" -.TP 2n -\(la\fB\-s\fR | \fB\-\-sort\fR\(ra \(la\fIall\fR | \fIdata\fR | \fInone\fR | \fItype\fR\(ra -Sort by data after sorting and grouping entry types, entry data, no sorting, or by entry type -.TP 2n -\(la\fB\-s\fR | \fB\-\-sort\fR\(ra \(la\fIascending\fR | \fIdescending\fR\(ra -Sort in ascending or descending order -.TP 2n -\fB\-i\fR \fIfile\fR | \fB\-\-infile\fR \fIfile\fR -Read EFI Security Database from -\fIfile\fR -.TP 2n -\fB\-g\fR \fIguid\fR | \fB\-\-owner-guid\fR \fIguid\fR -Use the specified GUID or symbolic refrence (i.e. {empty}) for forthcoming -addition and removal operations -.TP 2n -\fB\-a\fR | \fB\-\-add\fR | \fB\-r\fR | \fB\-\-remove\fR -Select -\fIadd\fR -or -\fIremove\fR -for forthcoming operations -.TP 2n -\fB\-t\fR \fIhash-type\fR | \fB\-\-hash-type\fR \fIhash-type\fR -Select -\fIhash-type\fR -for forthcoming addition and removal operations -(default \fIsha256\fR) -.sp -Use hash-type \fIhelp\fR to list supported hash types. -.TP 2n -\fB\-h\fR \fIhash\fR | \fB\-\-hash\fR \fIhash\fR -Add or remove the specified hash -.TP 2n -\fB\-c\fR \fIfile\fR | \fB\-\-certificate\fR \fIfile\fR -Add or remove the specified certificate -.TP 2n -\fB\-d\fR | \fB\-\-dump\fR -Produce a hex dump of the output -.TP 2n -\fB\-A\fR | \fB\-\-annotate\fR -Annotate the hex dump produced by \fB\-\-dump\fR -.TP 2n -\fB\-o\fR \fIfile\fR | \fB\-\-outfile\fR \fIfile\fR -Write EFI Security Database to -\fIfile\fR -.TP 2n -\fB\-L\fR | \fB\-\-list-guids\fR -List the well known guids -.sp -The output is tab delimited: GUID short_name desription -.SH "EXAMPLES" -.SS "Dumping the current system's \fIDBX\fP database with annotations" -.nf -.RS 0n -host:~$ \fBefisecdb -d -A -i /sys/firmware/efi/efivars/dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f\fR -00000000 26 16 c4 c1 4c 50 92 40 ac a9 41 f9 36 93 43 28 |&...LP.@..A.6.C(| esl[0].signature_type = {sha256} -00000010 60 00 00 00 |....| esl[0].signature_list_size = 96 -00000014 00 00 00 00 |....| esl[0].signature_header_size = 0 -00000018 30 00 00 00 |0...| esl[0].signature_size = 48 -0000001c esl[0].signature_header (end:0x0000001c) -0000001c bd 9a fa 77 |...w| esl[0].signature[0].owner = {microsoft} -00000020 59 03 32 4d bd 60 28 f4 e7 8f 78 4b |Y.2M.`(...xK| -0000002c fe cf b2 32 |...2| esl[0].signature[0].data (end:0x0000004c) -00000030 d1 2e 99 4b 6d 48 5d 2c 71 67 72 8a a5 52 59 84 |...KmH],qgr..RY.| -00000040 ad 5c a6 1e 75 16 22 1f 07 9a 14 36 |.\..u."....6| -0000004c bd 9a fa 77 |...w| esl[0].signature[1].owner = {microsoft} -00000050 59 03 32 4d bd 60 28 f4 e7 8f 78 4b |Y.2M.`(...xK| -0000005c fe 63 a8 4f |.c.O| esl[0].signature[1].data (end:0x0000007c) -00000060 78 2c c9 d3 fc f2 cc f9 fc 11 fb d0 37 60 87 87 |x,..........7`..| -00000070 58 d2 62 85 ed 12 66 9b dc 6e 6d 01 |X.b...f..nm.| -0000007c -.RE -.fi -.SS "Building a new EFI Security Database for use as \fIKEK\fP, replacing one certificate." -.nf -.RS 0n -# Figure out the original cert... the easy way -host:~$ \fBstrings KEK-* | grep microsoft.*crt\fR\p -Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0 - -# Find it, because --export isn't implemented yet -host:~$ \fBwget \e\p - --user-agent='Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko' \e\p - http://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt\fR\p ---2020-06-04 20:41:27-- http://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt -Resolving www.microsoft.com (www.microsoft.com)... 2600:141b:800:287::356e, 2600:141b:800:2a0::356e, 23.43.254.254 -Connecting to www.microsoft.com (www.microsoft.com)|2600:141b:800:287::356e|:80... connected. -HTTP request sent, awaiting response... 200 OK -Length: 1539 (1.5K) [application/octet-stream] -Saving to: \[u2018]MicCorThiParMarRoo_2010-10-05.crt\[u2019] - -MicCorThiParMarRoo_ 100%[===================>] 1.50K --.-KB/s in 0s - -2020-06-04 20:41:27 (177 MB/s) - \[u2018]MicCorThiParMarRoo_2010-10-05.crt\[u2019] saved [1539/1539] - -# Pick a GUID-like object, any GUID-like object... -host:~$ \fBuuidgen\fR -aab3960c-501e-485e-ac59-62805970a3dd - -# Remove the old KEK entry and add a different one -host:~$ \fBefisecdb -i KEK-8be4df61-93ca-11d2-aa0d-00e098032b8c \e\p - -g {microsoft} -r -c MicCorThiParMarRoo_2010-10-05.crt \e\p - -g aab3960c-501e-485e-ac59-62805970a3dd -a -c pjkek.cer \e\p - -o newkek.bin\fR\p -.RE -.fi -.SS "Searching the list of well-known GUIDs" -.nf -.RS 0n -host:~$ \fBefisecdb -L | grep shim\fR\p -{605dab50-e046-4300-abb6-3dd810dd8b23} {shim} shim -.RE -.fi -.SH "STANDARDS" -UEFI Specification Working Group, -\fIUnified Extensible Firmware Interface (UEFI) Specification Version 2.8\fR, -\fIUnified Extensible Firmware Interface Forum\fR, -https://uefi.org/specifications\ \&, -March 2019. -.SH "SEE ALSO" -authvar(1), -efikeygen(1), -pesign(1) -.SH "AUTHORS" -Peter Jones -.SH "BUGS" -\fBefisecdb\fR -is currently lacking several useful features: -.PD 0 -.TP 4n -\fB\(bu\fR -positional exporting of certificates -.TP 4n -\fB\(bu\fR -\fB\-\-dump\fR -and \fB\-\-annotate\fR -do not adjust the output width for the terminal -.TP 4n -\fB\(bu\fR -certificates can't be specified for removal by their \fIToBeSigned\fR hash diff --git a/SPECS/efivar/efivar.spec b/SPECS/efivar/efivar.spec deleted file mode 100644 index 0ee25178cb..0000000000 --- a/SPECS/efivar/efivar.spec +++ /dev/null @@ -1,82 +0,0 @@ -Summary: Tools and libraries to manipulate EFI variables -Name: efivar -Version: 38 -Release: 1%{?dist} -License: GPLv2 -URL: /~https://github.com/rhboot/efivar -Group: System Environment/System Utilities -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/rhboot/efivar/releases/download/%{version}/%{name}-%{version}.tar.bz2 -%define sha512 %{name}=c2f17297c863ece134a9dd758d237fd2df8c8d072f87af1d0bf2bcf9acfc7a53c25597f03fd4fb8cc664b205743d4ffa0ef1b068d0f73c58fa573d40993f3155 -# Generated using mandoc -# mandoc -mdoc -Tman -Ios=Linux efisecdb.1.mdoc > efisecdb.1 -Source1: efisecdb.1 - -BuildRequires: popt-devel - -%description -efivar provides a simle CLI to the UEFI variable facility - -%package devel -Summary: Header and development files for efivar -Requires: %{name} = %{version}-%{release} -%description devel -It contains the libraries and header files to create applications - -%prep -%autosetup -p1 -cp %{SOURCE1} docs -touch docs/efisecdb.1 - -%build -# This package implements symbol versioning with toplevel ASM statments which is -# incompatible with LTO. Disable LTO by overiding OPTIMIZE= - -%make_build OPTIMIZE="-O2 -Wno-error=stringop-truncation" - -%install -%make_install %{?_smp_mflags} LIBDIR=%{_libdir} BINDIR=%{_bindir} - -%if 0%{?with_check} -%check -make %{?_smp_mflags} test -%endif - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/*.so.* -%{_mandir}/man1/* - -%files devel -%defattr(-,root,root) -%{_includedir}/* -%{_libdir}/*.so -%{_libdir}/pkgconfig/* -%{_mandir}/man3/* - -%changelog -* Thu May 26 2022 Gerrit Photon 38-1 -- Automatic Version Bump -- Use pre generated man page for efisecdb. -* Thu Jan 14 2021 Alexey Makhalov 37-2 -- GCC-10 support. -* Mon Jun 22 2020 Gerrit Photon 37-1 -- Automatic Version Bump -* Thu Apr 02 2020 Alexey Makhalov 36-2 -- Fix compilation issue with gcc-8.4.0 -* Tue Sep 18 2018 Sujay G 36-1 -- Bump efivar version to 36 -* Fri Apr 14 2017 Alexey Makhalov 31-1 -- Version update. Added -devel subpackage. -* Tue May 24 2016 Priyesh Padmavilasom 0.20-3 -- GA - Bump release of all rpms -* Thu Apr 28 2016 Xiaolin Li 0.20-2 -- Fix build for linux 4.4. -* Mon Jul 6 2015 Sharath George 0.20-1 -- Initial build. First version diff --git a/SPECS/elfutils/elfutils.spec b/SPECS/elfutils/elfutils.spec deleted file mode 100644 index 6d11164a99..0000000000 --- a/SPECS/elfutils/elfutils.spec +++ /dev/null @@ -1,730 +0,0 @@ -%define _gnu %{nil} -%define _programprefix eu- - -Summary: A collection of utilities and DSOs to handle compiled objects -Name: elfutils -Version: 0.189 -Release: 3%{?dist} -License: GPLv3+ and (GPLv2+ or LGPLv3+) -Group: Development/Tools -URL: https://sourceware.org/elfutils -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://sourceware.org/elfutils/ftp/%{version}/%{name}-%{version}.tar.bz2 -%define sha512 %{name}=93a877e34db93e5498581d0ab2d702b08c0d87e4cafd9cec9d6636dfa85a168095c305c11583a5b0fb79374dd93bc8d0e9ce6016e6c172764bcea12861605b71 - -Requires: %{name}-libelf = %{version}-%{release} -Requires: glibc >= 2.7 -Requires: bzip2-libs -Requires: libmicrohttpd -Requires: curl -Requires: libarchive -Requires: zstd - -BuildRequires: gcc -BuildRequires: glibc -BuildRequires: bison -BuildRequires: flex -BuildRequires: m4 -BuildRequires: gettext-devel -BuildRequires: bzip2-devel -BuildRequires: libmicrohttpd-devel -BuildRequires: curl-devel -BuildRequires: libarchive-devel -BuildRequires: sqlite-devel -BuildRequires: zstd-devel - -%description -Elfutils is a collection of utilities, including ld (a linker), -nm (for listing symbols from object files), size (for listing the -section sizes of an object or archive file), strip (for discarding -symbols), readelf (to see the raw ELF file structures), and elflint -(to check for well-formed ELF files). Also included are numerous -helper libraries which implement DWARF, ELF, and machine-specific ELF -handling. - -%package devel -Summary: Development libraries to handle compiled objects. -Group: Development/Tools -License: GPLv2+ or LGPLv3+ -Requires: %{name} = %{version}-%{release} -Requires: %{name}-libelf-devel = %{version}-%{release} - -%description devel -The %{name}-devel package contains the libraries to create -applications for handling compiled objects. libebl provides some -higher-level ELF access functionality. libdw provides access to -the DWARF debugging information. libasm provides a programmable -assembler interface. - -%package devel-static -Summary: Static archives to handle compiled objects. -Group: Development/Tools -License: GPLv2+ or LGPLv3+ -Requires: %{name}-devel = %{version}-%{release} - -%description devel-static -The %{name}-devel-static archive contains the static archives -with the code the handle compiled objects. - -%package libelf -Summary: Library to read and write ELF files. -Group: Development/Tools -License: GPLv2+ or LGPLv3+ - -%description libelf -The %{name}-libelf package provides a DSO which allows reading and -writing ELF files on a high level. Third party programs depend on -this package to read internals of ELF files. The programs of the -%{name} package use it also to generate new ELF files. - -%package libelf-devel -Summary: Development support for libelf -Group: Development/Tools -License: GPLv2+ or LGPLv3+ -Requires: %{name}-libelf = %{version}-%{release} -Conflicts: libelf-devel - -%description libelf-devel -The %{name}-libelf-devel package contains the libraries to create -applications for handling compiled objects. libelf allows you to -access the internals of the ELF object file format, so you can see the -different sections of an ELF file. - -%package libelf-devel-static -Summary: Static archive of libelf -Group: Development/Tools -License: GPLv2+ or LGPLv3+ -Requires: %{name}-libelf-devel = %{version}-%{release} -Conflicts: libelf-devel - -%description libelf-devel-static -The %{name}-libelf-static package contains the static archive -for libelf. - -%package libelf-lang -Summary: Additional language files for %{name} -Group: Development/Tools -Requires: %{name}-libelf = %{version}-%{release} - -%description libelf-lang -These are the additional language files of %{name}. - -%prep -%autosetup -p1 - -%build -%configure \ - --program-prefix=%{_programprefix} - -%make_build - -%install -mkdir -p %{buildroot}%{_prefix} - -%make_install %{?_smp_mflags} - -chmod +x %{buildroot}%{_libdir}/lib*.so* -{ - pushd %{buildroot} - rm -f .%{_bindir}/eu-ld \ - .%{_includedir}/%{name}/libasm.h \ - .%{_libdir}/libasm.so \ - .%{_libdir}/libasm.a - popd -} - -%find_lang %{name} - -%if 0%{?with_check} -%check -%make_build check -%endif - -%clean -rm -rf %{buildroot} - -%ldconfig_scriptlets - -%ldconfig_scriptlets libelf - -%files -%defattr(-,root,root) -%{_bindir}/eu-* -%{_bindir}/debuginfod -%{_bindir}/debuginfod-find -%{_libdir}/libdebuginfod-%{version}.so -%{_libdir}/libasm-%{version}.so -%{_libdir}/libdw-%{version}.so -%{_libdir}/libasm.so.* -%{_libdir}/libdw.so.* -%{_libdir}/libdebuginfod.so.* -%{_mandir}/man1/eu-*.1* -%{_mandir}/man1/debuginfod*.1* -%{_sysconfdir}/profile.d/debuginfod.* - -%files devel -%defattr(-,root,root) -%{_includedir}/dwarf.h -%dir %{_includedir}/%{name} -%{_includedir}/%{name}/elf-knowledge.h -%{_includedir}/%{name}/libdw.h -%{_includedir}/%{name}/libdwfl.h -%{_includedir}/%{name}/known-dwarf.h -%{_includedir}/%{name}/libdwelf.h -%{_includedir}/%{name}/debuginfod.h -%{_libdir}/libdw.so -%{_libdir}/libdebuginfod.so -%{_libdir}/pkgconfig/*.pc -%{_mandir}/man3/elf_*.3* -%{_mandir}/man3/debuginfod*.3* -%{_mandir}/man8/debuginfod*.8* -%{_mandir}/man7/debuginfod-client-config.7.gz - -%files devel-static -%defattr(-,root,root) -%{_libdir}/libdw.a - -%files libelf -%defattr(-,root,root) -%{_libdir}/libelf-%{version}.so -%{_libdir}/libelf.so.* - -%files libelf-devel -%defattr(-,root,root) -%{_includedir}/libelf.h -%{_includedir}/gelf.h -%{_includedir}/nlist.h -%{_includedir}/%{name}/version.h -%{_libdir}/libelf.so - -%files libelf-devel-static -%defattr(-,root,root) -%{_libdir}/libelf.a - -%files libelf-lang -f %{name}.lang -%defattr(-,root,root) - -%changelog -* Wed Sep 13 2023 Srish Srinivasan 0.189-3 -- Version bump as a part of libmicrohttpd version update -* Tue Jul 11 2023 Shreenidhi Shedi 0.189-2 -- Bump version as a part of curl upgrade -* Tue Jul 11 2023 Shreenidhi Shedi 0.189-1 -- Upgrade to v0.189 -* Fri Apr 14 2023 Shreenidhi Shedi 0.188-5 -- Bump version as a part of zstd upgrade -* Sat Jan 14 2023 Ashwin Dayanand Kamat 0.188-4 -- Bump version as a part of gettext upgrade -* Wed Jan 11 2023 Oliver Kurth 0.188-3 -- bump release as part of sqlite update -* Fri Jan 06 2023 Vamsi Krishna Brahmajosyula 0.188-2 -- Bump up due to change in elfutils -* Tue Dec 13 2022 Gerrit Photon 0.188-1 -- Automatic Version Bump -* Wed Oct 05 2022 Shreenidhi Shedi 0.187-2 -- Add zstd to Requires & BuildRequires -* Wed Sep 28 2022 Shreenidhi Shedi 0.187-1 -- Upgrade to v0.187 -* Sat Jul 30 2022 Shreenidhi Shedi 0.186-2 -- Bump version as a part of sqlite upgrade -* Mon Apr 18 2022 Gerrit Photon 0.186-1 -- Automatic Version Bump -* Tue Aug 17 2021 Piyush Gupta 0.183-2 -- Added requires libarchive. -* Mon Apr 12 2021 Gerrit Photon 0.183-1 -- Automatic Version Bump -* Wed Oct 28 2020 Piyush Gupta 0.181-2 -- Moved libdebuginfod-%{version}.so from devel to elfutils -* Wed Sep 09 2020 Gerrit Photon 0.181-1 -- Automatic Version Bump -* Wed Jul 08 2020 Gerrit Photon 0.180-1 -- Automatic Version Bump -- Updated to 0.180 -- libdir/elfutils is removed -- libebl.h and libebl.a is removed -* Tue Mar 31 2020 Alexey Makhalov 0.174-3 -- Fix compilation issue with gcc-8.4.0 -* Thu Jan 24 2019 Keerthana K 0.174-2 -- Fix for CVE-2018-18310 -* Mon Oct 01 2018 Alexey Makhalov 0.174-1 -- Version update -* Mon Sep 18 2017 Alexey Makhalov 0.169-2 -- Requires bzip2-libs -* Tue Jul 11 2017 Divya Thaluru 0.169-1 -- Updated to 0.169 -* Mon Apr 03 2017 Chang Lee 0.168-1 -- Updated to 0.168 -* Wed Nov 23 2016 Alexey Makhalov 0.165-3 -- Added -libelf-lang subpackage -* Tue May 24 2016 Priyesh Padmavilasom 0.165-2 -- GA - Bump release of all rpms -* Thu Jan 14 2016 Xiaolin Li 0.165-1 -- Updated to version 0.165 -* Tue Nov 10 2015 Xiaolin Li 0.158-4 -- Handled locale files with macro find_lang -* Sat Aug 15 2015 Sharath George 0.158-3 -- Add in patch for CVE-2014-0172 -* Mon May 18 2015 Touseef Liaqat 0.158-2 -- Update according to UsrMove. -* Fri Jan 3 2014 Mark Wielaard 0.158-1 -- libdwfl: dwfl_core_file_report has new parameter executable. - New functions dwfl_module_getsymtab_first_global, - dwfl_module_getsym_info and dwfl_module_addrinfo. - Added unwinder with type Dwfl_Thread_Callbacks, opaque types - Dwfl_Thread and Dwfl_Frame and functions dwfl_attach_state, - dwfl_pid, dwfl_thread_dwfl, dwfl_thread_tid, dwfl_frame_thread, - dwfl_thread_state_registers, dwfl_thread_state_register_pc, - dwfl_getthread_frames, dwfl_getthreads, dwfl_thread_getframes - and dwfl_frame_pc. -- addr2line: New option -x to show the section an address was found in. -- stack: New utility that uses the new unwinder for processes and cores. -- backends: Unwinder support for i386, x86_64, s390, s390x, ppc and ppc64. - aarch64 support. -* Mon Sep 30 2013 Mark Wielaard 0.157-1 -- libdw: Add new functions dwarf_getlocations, dwarf_getlocation_attr - and dwarf_getlocation_die. -- readelf: Show contents of NT_SIGINFO and NT_FILE core notes. -- addr2line: Support -i, --inlines output option. -- backends: abi_cfi hook for arm, ppc and s390. -* Thu Jul 25 2013 Jan Kratochvil 0.156-1 -- lib: New macro COMPAT_VERSION_NEWPROTO. -- libdw: Handle GNU extension opcodes in dwarf_getlocation. -- libdwfl: Fix STB_GLOBAL over STB_WEAK preference in - dwfl_module_addrsym. Add minisymtab support. Add - parameter add_p_vaddr to dwfl_report_elf. Use DT_DEBUG - library search first. -- libebl: Handle new core note types in EBL. -- backends: Interpret NT_ARM_VFP. Implement core file - registers parsing for s390/s390x. -- readelf: Add --elf-section input option to inspect an embedded ELF - file. Add -U, --unresolved-address-offsets output control. - Add --debug-dump=decodedline support. Accept version - 8 .gdb_index section format. Adjust output formatting width. - When highpc is in constant form print it also as address. - Display raw .debug_aranges. Use libdw only for decodedaranges. -- elflint: Add __bss_start__ to the list of allowed symbols. -- tests: Add configure --enable-valgrind option to run all tests - under valgrind. Enable automake parallel-tests for make check. -- translations: Updated Polish translation. -- Updates for Automake 1.13. -* Fri Aug 24 2012 Mark Wielaard 0.155-1 -- libelf: elf*_xlatetomd now works for cross-endian ELF note data. - elf_getshdr now works consistently on non-mmaped ELF files after - calling elf_cntl(ELF_C_FDREAD). Implement support for - ar archives with 64-bit symbol table. -- libdw: dwarf.h corrected the DW_LANG_ObjC constant name (was - DW_LANG_Objc). Any existing sources using the old name will - have to be updated. Add DW_MACRO_GNU .debug_macro type - encodings constants, DW_ATE_UTF and DW_OP_GNU_parameter_ref to - dwarf.h. Experimental support for DWZ multifile forms - DW_FORM_GNU_ref_alt and DW_FORM_GNU_strp_alt. Disabled by - default. Use configure --enable-dwz to test it. -- readelf: Add .debug_macro parsing support. Add .gdb_index - version 7 parsing support. Recognize DW_OP_GNU_parameter_ref. -- backends: Add support for Tilera TILE-Gx processor. -- translations: Updated Ukrainian translation. -* Fri Jun 22 2012 Mark Wielaard 0.154-1 -- libelf: [g]elf[32|64]_offscn() do not match SHT_NOBITS sections at - OFFSET. -- libdw: dwarf_highpc function now handles DWARF 4 DW_AT_high_pc - constant form. Fix bug using dwarf_next_unit to iterate over - .debug_types. -- elflint: Now accepts gold linker produced executables. -- The license is now GPLv2/LGPLv3+ for the libraries and GPLv3+ for - stand-alone programs. There is now also a formal CONTRIBUTING - document describing how to submit patches. -* Thu Feb 23 2012 Mark Wielaard 0.153-1 -- libdw: Support reading .zdebug_* DWARF sections compressed via zlib. -- libdwfl: Speed up dwfl_module_addrsym. -- nm: Support C++ demangling. -- ar: Support D modifier for "deterministic output" with no - uid/gid/mtime info. The U modifier is the inverse. elfutils - can be configured with the --enable-deterministic-archives option - to make the D behavior the default when U is not specified. -- ranlib: Support -D and -U flags with same meaning. -- readelf: Improve output of -wline. Add support for printing SDT elf - notes. Add printing of .gdb_index section. Support for - typed DWARF stack, call_site and entry_value. -- strip: Add --reloc-debug-sections option. Improved SHT_GROUP - sections handling. -* Tue Feb 15 2011 0.152-1 -- Various build and warning nits fixed for newest GCC and Autoconf. -- libdwfl: Yet another prelink-related fix for another regression. - Look for Linux kernel images in files named with compression - suffixes. -- elfcmp: New flag --ignore-build-id to ignore differing build ID - bits. New flag -l/--verbose to print all differences. -* Wed Jan 12 2011 0.151-1 -- libdwfl: Fix for more prelink cases with separate debug file. -- strip: New flag --strip-sections to remove section headers entirely. -* Mon Nov 22 2010 0.150-1 -- libdw: Fix for handling huge .debug_aranges section. -- libdwfl: Fix for handling prelinked DSO with separate debug file. -- findtextrel: Fix diagnostics to work with usual section ordering. -- libebl: i386 backend fix for multi-register integer return value - location. -* Mon Sep 13 2010 0.149-1 -- libdw: Decode new DW_OP_GNU_implicit_pointer operation; new - function dwarf_getlocation_implicit_pointer. -- libdwfl: New function dwfl_dwarf_line. -- addr2line: New flag -F/--flags to print more DWARF line information - details. -- strip: -g recognizes .gdb_index as a debugging section. -* Mon Jun 28 2010 0.148-1 -- libdw: Accept DWARF 4 format: new functions dwarf_next_unit, - dwarf_offdie_types. New functions dwarf_lineisa, - dwarf_linediscriminator, dwarf_lineop_index. -- libdwfl: Fixes in core-file handling, support cores from PIEs. - When working from build IDs, don't open a named file that - mismatches. -- readelf: Handle DWARF 4 formats. -* Mon May 3 2010 Ulrich Drepper 0.147-1 -- libdw: Fixes in CFI handling, best possible handling of bogus CFA - ops. -- libdwfl: Ignore R_*_NONE relocs, works around old (binutils) ld -r - bugs. -* Wed Apr 21 2010 0.146-1 -- libdwfl: New function dwfl_core_file_report. -* Tue Feb 23 2010 Ulrich Drepper 0.145-1 -- Fix build with --disable-dependency-tracking. -- Fix build with most recent glibc headers. -- libelf: More robust to bogus section headers. -- libdw: Fix CFI decoding. -- libdwfl: Fix address bias returned by CFI accessors. Fix core - file module layout identification. -- readelf: Fix CFI decoding. -* Thu Jan 14 2010 0.144-1 -- libelf: New function elf_getphdrnum. Now support using more than - 65536 program headers in a file. -- libdw: New function dwarf_aggregate_size for computing (constant) - type sizes, including array_type cases with nontrivial - calculation. -- readelf: Don't give errors for missing info under -a. - Handle Linux "VMCOREINFO" notes under -n. -* Mon Sep 21 2009 0.143-1 -- libdw: Various convenience functions for individual attributes now - use dwarf_attr_integrate to look up indirect inherited - attributes. Location expression handling now supports - DW_OP_implicit_value. -- libdwfl: Support automatic decompression of files in XZ format, - and of Linux kernel images made with bzip2 or LZMA (as well - as gzip). -* Mon Jun 29 2009 0.142-1 -- libelf: Add elf_getshdrnum alias for elf_getshnum and elf_getshdrstrndx alias - for elf_getshstrndx and deprecate original names. Sun screwed up - their implementation and asked for a solution. -- libebl: Add support for STB_GNU_UNIQUE. -- elflint: Add support for STB_GNU_UNIQUE. -- readelf: Add -N option, speeds up DWARF printing without address->name lookups. -- libdw: Add support for decoding DWARF CFI into location description form. - Handle some new DWARF 3 expression operations previously omitted. - Basic handling of some new encodings slated for DWARF -* Thu Apr 23 2009 Ulrich Drepper 0.141-1 -- libebl: sparc backend fixes; some more arm backend support -- libdwfl: fix dwfl_module_build_id for prelinked DSO case; - fixes in core file support; dwfl_module_getsym interface - improved for non-address symbols -- strip: fix infinite loop on strange inputs with -f -- addr2line: take -j/--section=NAME option for binutils compatibility - (same effect as '(NAME)0x123' syntax already supported) -* Mon Feb 16 2009 Ulrich Drepper 0.140-1 -- libelf: Fix regression in creation of section header -- libdwfl: Less strict behavior if DWARF reader ist just used to - display data -* Thu Jan 22 2009 Ulrich Drepper 0.139-1 -- libcpu: Add Intel SSE4 disassembler support -- readelf: Implement call frame information and exception handling - dumping. Add -e option. Enable it implicitly for -a. -- elflint: Check PT_GNU_EH_FRAME program header entry. -- libdwfl: Support automatic gzip/bzip2 decompression of ELF files. -* Wed Dec 31 2008 Roland McGrath 0.138-1 -- Install header file for applications to use in - source version compatibility checks. -- libebl: backend fixes for i386 TLS relocs; backend support for - NT_386_IOPERM -- libcpu: disassembler fixes -- libdwfl: bug fixes -- libelf: bug fixes -- nm: bug fixes for handling corrupt input files -* Tue Aug 26 2008 Ulrich Drepper 0.137-1 -- Minor fixes for unreleased 0.136 release. -* Mon Aug 25 2008 Ulrich Drepper 0.136-1 -- libdwfl: bug fixes; new segment interfaces; all the libdwfl-based - tools now support --core=COREFILE option -* Mon May 12 2008 Ulrich Drepper 0.135-1 -- libdwfl: bug fixes -- strip: changed handling of ET_REL files wrt symbol tables and relocs -* Tue Apr 8 2008 Ulrich Drepper 0.134-1 -- elflint: backend improvements for sparc, alpha -- libdwfl, libelf: bug fixes -* Sat Mar 1 2008 Ulrich Drepper 0.133-1 -- readelf, elflint, libebl: SHT_GNU_ATTRIBUTE section handling (readelf -A) -- readelf: core note handling for NT_386_TLS, NT_PPC_SPE, Alpha NT_AUXV -- libdwfl: bug fixes and optimization in relocation handling -- elfcmp: bug fix for non-allocated section handling -- ld: implement newer features of binutils linker. -* Mon Jan 21 2008 Ulrich Drepper 0.132-1 -- libcpu: Implement x86 and x86-64 disassembler. -- libasm: Add interface for disassembler. -- all programs: add debugging of branch prediction. -- libelf: new function elf_scnshndx. -* Sun Nov 11 2007 Ulrich Drepper 0.131-1 -- libdw: DW_FORM_ref_addr support; dwarf_formref entry point now depreca -- ted; bug fixes for oddly-formatted DWARF -- libdwfl: bug fixes in offline archive support, symbol table handling -- apply partial relocations for dwfl_module_address_section on -- ET_REL -- libebl: powerpc backend support for Altivec registers -* Mon Oct 15 2007 Ulrich Drepper 0.130-1 -- readelf: -p option can take an argument like -x for one section, -- or no argument (as before) for all SHF_STRINGS sections; -- new option --archive-index (or -c); improved -n output for -- core files, on many machines -- libelf: new function elf_getdata_rawchunk, replaces gelf_rawchunk; - new functions gelf_getnote, gelf_getauxv, gelf_update_auxv -- readelf, elflint: handle SHT_NOTE sections without requiring phdrs -- elflint: stricter checks on debug sections -- libdwfl: new functions dwfl_build_id_find_elf, dwfl_build_id_find_debu - ginfo, dwfl_module_build_id, dwfl_module_report_build_id; suppo - rt dynamic symbol tables found via phdrs; dwfl_standard_find_de - buginfo now uses build IDs when available -- unstrip: new option --list (or -n) -- libebl: backend improvements for sparc, alpha, powerpc -* Tue Aug 14 2007 Ulrich Drepper 0.129-1 -- readelf: new options --hex-dump (or -x), --strings (or -p) -- addr2line: new option --symbols (or -S) -* Wed Apr 18 2007 Ulrich Drepper 0.127-1 -- libdw: new function dwarf_getsrcdirs -- libdwfl: new functions dwfl_module_addrsym, dwfl_report_begin_add, - dwfl_module_address_section -* Mon Feb 5 2007 Ulrich Drepper 0.126-1 -- new program: ar -* Mon Dec 18 2006 Ulrich Drepper 0.125-1 -- elflint: Compare DT_GNU_HASH tests. -- move archives into -static RPMs -- libelf, elflint: better support for core file handling -* Tue Oct 10 2006 Ulrich Drepper 0.124-1 -- libebl: sparc backend support for return value location -- libebl, libdwfl: backend register name support extended with more info -- libelf, libdw: bug fixes for unaligned accesses on machines that care -- readelf, elflint: trivial bugs fixed -* Mon Aug 14 2006 Roland McGrath 0.123-1 -- libebl: Backend build fixes, thanks to Stepan Kasal. -- libebl: ia64 backend support for register names, return value location -- libdwfl: Handle truncated linux kernel module section names. -- libdwfl: Look for linux kernel vmlinux files with .debug suffix. -- elflint: Fix checks to permit --hash-style=gnu format. -* Wed Jul 12 2006 Ulrich Drepper 0.122-1 -- libebl: add function to test for relative relocation -- elflint: fix and extend DT_RELCOUNT/DT_RELACOUNT checks -- elflint, readelf: add support for DT_GNU_HASHlibelf: add elf_gnu_hash -- elflint, readelf: add support for 64-bit SysV-style hash tables -- libdwfl: new functions dwfl_module_getsymtab, dwfl_module_getsym. -* Wed Jun 14 2006 0.121-1 -- libelf: bug fixes for rewriting existing files when using mmap. -- make all installed headers usable in C++ code. -- readelf: better output format. -- elflint: fix tests of dynamic section content. -- ld: Implement --as-needed, --execstack, PT_GNU_STACK. Many small patches. -- libdw, libdwfl: handle files without aranges info. -* Tue Apr 4 2006 Ulrich Drepper 0.120-1 -- Bug fixes. -- dwarf.h updated for DWARF 3.0 final specification. -- libdwfl: New function dwfl_version. -- The license is now GPL for most files. The libelf, libebl, libdw,and -- libdwfl libraries have additional exceptions. Add reference toOIN. -* Thu Jan 12 2006 Roland McGrath 0.119-1 -- elflint: more tests. -- libdwfl: New function dwfl_module_register_names. -- libebl: New backend hook for register names. -* Tue Dec 6 2005 Ulrich Drepper 0.118-1 -- elflint: more tests. -- libdwfl: New function dwfl_module_register_names. -- libebl: New backend hook for register names. -* Thu Nov 17 2005 Ulrich Drepper 0.117-1 -- libdwfl: New function dwfl_module_return_value_location. -- libebl: Backend improvements for several CPUs. -* Mon Oct 31 2005 Ulrich Drepper 0.116-1 -- libdw: New functions dwarf_ranges, dwarf_entrypc, dwarf_diecu, dwarf_entry_breakpoints. -- Removed Dwarf_Func type and functions; dwarf_func_name, dwarf_func_lowpc, -- dwarf_func_highpc, dwarf_func_entrypc, dwarf_func_die; dwarf_getfuncs -- callback now uses Dwarf_Die, and dwarf_func_file, dwarf_func_line, dwarf_func_col -- replaced by dwarf_decl_file, dwarf_decl_line, dwarf_decl_column; dwarf_func_inline, -- dwarf_func_inline_instances now take Dwarf_Die. Type Dwarf_Loc renamed to Dwarf_Op; -- dwarf_getloclist, dwarf_addrloclists renamed dwarf_getlocation, dwarf_getlocation_addr. -* Fri Sep 2 2005 Ulrich Drepper 0.115-1 -- libelf: speed-ups of non-mmap reading. -- strings: New program. -- Implement --enable-gcov option for configure. -- libdw: New function dwarf_getscopes_die. -* Wed Aug 24 2005 Ulrich Drepper 0.114-1 -- libelf: new function elf_getaroff -- libdw: Added dwarf_func_die, dwarf_func_inline, dwarf_func_inline_instances. -- libdwfl: New functions dwfl_report_offline, dwfl_offline_section_address, -- dwfl_linux_kernel_report_offline. -- ranlib: new program -* Mon Aug 15 2005 Ulrich Drepper 0.114-1 -- libelf: new function elf_getaroff -- ranlib: new program -* Wed Aug 10 2005 Ulrich Drepper <@redhat.com> 0.113-1 -- elflint: relax a bit. Allow version definitions for defined symbols against -- DSO versions also for symbols in nobits sections. Allow .rodata -- section to have STRINGS and MERGE flag set. -- strip: add some more compatibility with binutils. -* Sat Aug 6 2005 Ulrich Drepper <@redhat.com> 0.113-1 -- elflint: relax a bit. Allow version definitions for defined symbols -- against DSO versions also for symbols in nobits sections. Allow .rodata -- section to have STRINGS and MERGE flag set. -* Sat Aug 6 2005 Ulrich Drepper <@redhat.com> 0.113-1 -- elflint: relax a bit. Allow version definitions for defined symbols -- against DSO versions also for symbols in nobits sections. -* Fri Aug 5 2005 Ulrich Drepper <@redhat.com> 0.112-1 -- elfcmp: some more relaxation. -- elflint: many more tests, especially regarding to symbol versioning. -- libelf: Add elfXX_offscn and gelf_offscn. -- libasm: asm_begin interface changes. -- libebl: Add three new interfaces to directly access machine, class, -- and data encoding information. -- objdump: New program. Just the beginning. -* Thu Jul 28 2005 Ulrich Drepper <@redhat.com> 0.111-1 -- libdw: now contains all of libdwfl. The latter is not installed anymore. -- elfcmp: little usability tweak, name and index of differing section is -- printed. -* Sun Jul 24 2005 Ulrich Drepper <@redhat.com> 0.110-1 -- libelf: fix a numbe rof problems with elf_update -- elfcmp: fix a few bugs. Compare gaps. -- Fix a few PLT problems and mudflap build issues. -- libebl: Don't expose Ebl structure definition in libebl.h. It's now private. -* Thu Jul 21 2005 Ulrich Drepper <@redhat.com> 0.109-1 -- libebl: Check for matching modules. -- elflint: Check that copy relocations only happen for OBJECT or NOTYPE symbols. -- elfcmp: New program. -- libdwfl: New library. -* Mon May 9 2005 Ulrich Drepper <@redhat.com> 0.108-1 -- strip: fix bug introduced in last change -- libdw: records returned by dwarf_getsrclines are now sorted by address -* Sun May 8 2005 Ulrich Drepper <@redhat.com> 0.108-1 -- strip: fix bug introduced in last change -* Sun May 8 2005 Ulrich Drepper <@redhat.com> 0.107-1 -- readelf: improve DWARF output format -- strip: support Linux kernel modules -* Fri Apr 29 2005 Ulrich Drepper 0.107-1 -- readelf: improve DWARF output format -* Mon Apr 4 2005 Ulrich Drepper 0.106-1 -- libdw: Updated dwarf.h from DWARF3 speclibdw: add new funtions dwarf_func_entrypc, -- dwarf_func_file, dwarf_func_line,dwarf_func_col, dwarf_getsrc_file -* Fri Apr 1 2005 Ulrich Drepper 0.105-1 -- addr2line: New program -- libdw: add new functions: dwarf_addrdie, dwarf_macro_*, dwarf_getfuncs ,dwarf_func_*. -- findtextrel: use dwarf_addrdie -* Mon Mar 28 2005 Ulrich Drepper 0.104-1 -- findtextrel: New program. -* Mon Mar 21 2005 Ulrich Drepper 0.103-1 -- libdw: Fix using libdw.h with gcc < 4 and C++ code. Compiler bug. -* Tue Feb 22 2005 Ulrich Drepper 0.102-1 -- More Makefile and spec file cleanups. -* Fri Jan 16 2004 Jakub Jelinek 0.94-1 -- upgrade to 0.94 -* Fri Jan 16 2004 Jakub Jelinek 0.93-1 -- upgrade to 0.93 -* Thu Jan 8 2004 Jakub Jelinek 0.92-1 -- full version -- macroized spec file for GPL or OSL builds -- include only libelf under GPL plus wrapper scripts -* Wed Jan 7 2004 Jakub Jelinek 0.91-2 -- macroized spec file for GPL or OSL builds -* Wed Jan 7 2004 Ulrich Drepper -- split elfutils-devel into two packages. -* Wed Jan 7 2004 Jakub Jelinek 0.91-1 -- include only libelf under GPL plus wrapper scripts -* Tue Dec 23 2003 Jeff Johnson 0.89-3 -- readelf, not readline, in %%description (#111214). -* Fri Sep 26 2003 Bill Nottingham 0.89-1 -- update to 0.89 (fix eu-strip) -* Tue Sep 23 2003 Jakub Jelinek 0.86-3 -- update to 0.86 (fix eu-strip on s390x/alpha) -- libebl is an archive now; remove references to DSO -* Mon Jul 14 2003 Jeff Johnson 0.84-3 -- upgrade to 0.84 (readelf/elflint improvements, rawhide bugs fixed). -* Fri Jul 11 2003 Jeff Johnson 0.83-3 -- upgrade to 0.83 (fix invalid ELf handle on *.so strip, more). -* Wed Jul 9 2003 Jeff Johnson 0.82-3 -- upgrade to 0.82 (strip tests fixed on big-endian). -* Tue Jul 8 2003 Jeff Johnson 0.81-3 -- upgrade to 0.81 (strip excludes unused symtable entries, test borked). -* Thu Jun 26 2003 Jeff Johnson 0.80-3 -- upgrade to 0.80 (debugedit changes for kernel in progress). -* Wed Jun 04 2003 Elliot Lee -- rebuilt -* Wed May 21 2003 Jeff Johnson 0.79-2 -- upgrade to 0.79 (correct formats for size_t, more of libdw "works"). -* Mon May 19 2003 Jeff Johnson 0.78-2 -- upgrade to 0.78 (libdwarf bugfix, libdw additions). -* Mon Feb 24 2003 Elliot Lee -- debuginfo rebuild -* Thu Feb 20 2003 Jeff Johnson 0.76-2 -- use the correct way of identifying the section via the sh_info link. -* Sat Feb 15 2003 Jakub Jelinek 0.75-2 -- update to 0.75 (eu-strip -g fix) -* Tue Feb 11 2003 Jakub Jelinek 0.74-2 -- update to 0.74 (fix for writing with some non-dirty sections) -* Thu Feb 6 2003 Jeff Johnson 0.73-3 -- another -0.73 update (with sparc fixes). -- do "make check" in %%check, not %%install, section. -* Mon Jan 27 2003 Jeff Johnson 0.73-2 -- update to 0.73 (with s390 fixes). -* Wed Jan 22 2003 Tim Powers -- rebuilt -* Wed Jan 22 2003 Jakub Jelinek 0.72-4 -- fix arguments to gelf_getsymshndx and elf_getshstrndx -- fix other warnings -- reenable checks on s390x -* Sat Jan 11 2003 Karsten Hopp 0.72-3 -- temporarily deactivate checks on s390x, until someone has - time to look at it -* Thu Dec 12 2002 Jakub Jelinek 0.72-2 -- update to 0.72 -* Wed Dec 11 2002 Jakub Jelinek 0.71-2 -- update to 0.71 -* Wed Dec 11 2002 Jeff Johnson 0.69-4 -- update to 0.69. -- add "make check" and segfault avoidance patch. -- elfutils-libelf needs to run ldconfig. -* Tue Dec 10 2002 Jeff Johnson 0.68-2 -- update to 0.68. -* Fri Dec 6 2002 Jeff Johnson 0.67-2 -- update to 0.67. -* Tue Dec 3 2002 Jeff Johnson 0.65-2 -- update to 0.65. -* Mon Dec 2 2002 Jeff Johnson 0.64-2 -- update to 0.64. -* Sun Dec 1 2002 Ulrich Drepper 0.64 -- split packages further into elfutils-libelf -* Sat Nov 30 2002 Jeff Johnson 0.63-2 -- update to 0.63. -* Fri Nov 29 2002 Ulrich Drepper 0.62 -- Adjust for dropping libtool -* Sun Nov 24 2002 Jeff Johnson 0.59-2 -- update to 0.59 -* Thu Nov 14 2002 Jeff Johnson 0.56-2 -- update to 0.56 -* Thu Nov 7 2002 Jeff Johnson 0.54-2 -- update to 0.54 -* Sun Oct 27 2002 Jeff Johnson 0.53-2 -- update to 0.53 -- drop x86_64 hack, ICE fixed in gcc-3.2-11. -* Sat Oct 26 2002 Jeff Johnson 0.52-3 -- get beehive to punch a rhpkg generated package. -* Wed Oct 23 2002 Jeff Johnson 0.52-2 -- build in 8.0.1. -- x86_64: avoid gcc-3.2 ICE on x86_64 for now. -* Tue Oct 22 2002 Ulrich Drepper 0.52 -- Add libelf-devel to conflicts for elfutils-devel -* Mon Oct 21 2002 Ulrich Drepper 0.50 -- Split into runtime and devel package -* Fri Oct 18 2002 Ulrich Drepper 0.49 -- integrate into official sources -* Wed Oct 16 2002 Jeff Johnson 0.46-1 -- Swaddle. diff --git a/SPECS/elixir/elixir.spec b/SPECS/elixir/elixir.spec deleted file mode 100644 index aaf0e57a79..0000000000 --- a/SPECS/elixir/elixir.spec +++ /dev/null @@ -1,83 +0,0 @@ -%global debug_package %{nil} - -Name: elixir -Summary: A modern approach to programming for the Erlang VM -Version: 1.14.2 -Release: 2%{?dist} -License: ASL 2.0 -URL: http://elixir-lang.org -Vendor: VMware, Inc. -Distribution: Photon -Group: Development/Languages - -Source0: /~https://github.com/elixir-lang/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz -%define sha512 %{name}=ec492464553aa6bdaa37dbfd07b1fdc00d398242e269e73893d75b615e0fc44d360b2347378c45982281feed8d0c34c7fbdd09101ca12df0f7073cf52e43f04e - -BuildRequires: git -BuildRequires: sed -BuildRequires: erlang - -Requires: erlang - -Conflicts: toybox < 0.8.2-3 - -%description -Elixir is a programming language built on top of the Erlang VM. -As Erlang, it is a functional language built to support distributed, -fault-tolerant, non-stop applications with hot code swapping. - -%prep -%autosetup -p1 - -%build -export LANG="en_US.UTF-8" -make compile %{?_smp_mflags} - -%install -mkdir -p %{buildroot}%{_datadir}/%{name}/%{version} -cp -pra bin lib %{buildroot}%{_datadir}/%{name}/%{version} - -mkdir -p %{buildroot}%{_bindir} -# don't create relative symlinks, this must be absolute symlink -# or else some builds fail with weird errors (rabbimq for example) -ln -sfv %{_datadir}/%{name}/%{version}/bin/{elixir,elixirc,iex,mix} %{buildroot}%{_bindir} - -%if 0%{?with_check} -%check -export LANG="en_US.UTF-8" -make test %{?_smp_mflags} -%endif - -%files -%defattr(-,root,root) -%{_bindir}/elixir -%{_bindir}/elixirc -%{_bindir}/iex -%{_bindir}/mix -%{_datadir}/%{name} - -%changelog -* Wed Feb 08 2023 Shreenidhi Shedi 1.14.2-2 -- Bump version as a part of openldap upgrade -* Tue Dec 13 2022 Gerrit Photon 1.14.2-1 -- Automatic Version Bump -* Fri Oct 28 2022 Gerrit Photon 1.14.1-1 -- Automatic Version Bump -* Thu Sep 29 2022 Shreenidhi Shedi 1.14.0-1 -- Upgrade to v1.14.0 -* Mon Apr 18 2022 Gerrit Photon 1.13.4-1 -- Automatic Version Bump -* Thu Apr 29 2021 Gerrit Photon 1.11.4-1 -- Automatic Version Bump -* Mon Dec 21 2020 Sujay G 1.10.4-3 -- Fix %check -* Fri Aug 14 2020 Sujay G 1.10.4-2 -- Added openldap in buildrequires to fix package build issues -* Wed Jul 22 2020 Gerrit Photon 1.10.4-1 -- Automatic Version Bump -* Tue Jun 30 2020 Prashant S Chauhan 1.8.2-2 -- Do not conflict with toybox >= 0.8.2-3 -* Tue Oct 29 2019 Keerthana K 1.8.2-1 -- Update to 1.8.2 -* Mon Aug 26 2019 Keerthana K 1.5.0-1 -- Initial package for PhotonOS. diff --git a/SPECS/emacs/emacs.spec b/SPECS/emacs/emacs.spec deleted file mode 100644 index 5155e90287..0000000000 --- a/SPECS/emacs/emacs.spec +++ /dev/null @@ -1,88 +0,0 @@ -Summary: GNU Emacs text editor -Name: emacs -Version: 28.2 -Release: 1%{?dist} -License: GPLv3+ and CC0-1.0 -URL: http://www.gnu.org/software/emacs -Group: Applications/Editors -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://ftp.gnu.org/gnu/emacs/%{name}-%{version}.tar.xz -%define sha512 %{name}=a7cec7e3e82367815a1442f69af54102dbfc434069810a9dec5938a6660cb8b076e6f1fb0bfff9695b15603dbbe05eb9c7dfd92e90cf40fc4d1e5746bce83bd8 - -BuildRequires: gcc -BuildRequires: glibc-devel -BuildRequires: ncurses-devel -BuildRequires: systemd-devel -BuildRequires: gnutls-devel - -%description -Emacs is a powerful, customizable, self-documenting, modeless text -editor. Emacs contains special code editing features, a scripting -language (elisp), and the capability to read mail, news, and more -without leaving the editor. - -%prep -%autosetup -p1 - -%build -%configure \ - --without-xpm \ - --without-jpeg \ - --without-tiff \ - --without-gif \ - --without-png \ - --without-rsvg \ - --without-lcms2 \ - --without-xft \ - --without-harfbuzz \ - --without-m17n-flt \ - --without-toolkit-scroll-bars \ - --without-xaw3d \ - --without-xim \ - --without-makeinfo - -%make_build - -%install -%make_install %{?_smp_mflags} - -rm -rf %{buildroot}%{_infodir} \ - %{buildroot}%{_mandir} \ - %{buildroot}%{_datadir}/icons \ - %{buildroot}%{_bindir}/ctags \ - %{buildroot}%{_datadir}/applications/*.desktop - -%files -%defattr(-,root,root) -%{_bindir}/ebrowse -%{_bindir}/%{name} -%{_bindir}/%{name}-%{version} -%{_bindir}/emacsclient -%{_bindir}/etags -%{_includedir}/%{name}-module.h -%{_libdir}/systemd/user/%{name}.service -%{_libexecdir}/%{name}/%{version}/%{_arch}-unknown-linux-gnu/%{name}.pdmp -%{_libexecdir}/%{name}/%{version}/%{_arch}-unknown-linux-gnu/hexl -%{_libexecdir}/%{name}/%{version}/%{_arch}-unknown-linux-gnu/movemail -%{_libexecdir}/%{name}/%{version}/%{_arch}-unknown-linux-gnu/rcs2log -%{_datadir}/%{name}/%{version}/etc/* -%{_datadir}/%{name}/%{version}/lisp/* -%{_datadir}/%{name}/%{version}/site-lisp/subdirs.el -%{_datadir}/%{name}/site-lisp/subdirs.el -%{_datadir}/metainfo/%{name}.metainfo.xml - -%changelog -* Tue Nov 01 2022 Susant Sahani 28.2-1 -- Bump version -* Tue Aug 30 2022 Shreenidhi Shedi 28.1-2 -- Bump version as a part of gnutls upgrade -* Mon Apr 18 2022 Gerrit Photon 28.1-1 -- Automatic Version Bump -* Mon Apr 12 2021 Gerrit Photon 27.2-1 -- Automatic Version Bump -* Fri Oct 16 2020 Shreenidhi Shedi 27.1-2 -- Fix aarch64 build error -* Tue Oct 06 2020 Susant Sahani 27.1-1 -- Initial rpm release. diff --git a/SPECS/erlang-sd_notify/erlang-sd_notify.spec b/SPECS/erlang-sd_notify/erlang-sd_notify.spec deleted file mode 100644 index 50d015cd13..0000000000 --- a/SPECS/erlang-sd_notify/erlang-sd_notify.spec +++ /dev/null @@ -1,58 +0,0 @@ -%global debug_package %{nil} -%global realname sd_notify -%global output_dir _build/default/lib/sd_notify/ebin -%global elixir_version 1.14.2 - -Name: erlang-%{realname} -Summary: Erlang Bindings for sd_notify() -Version: 1.1 -Release: 4%{?dist} -License: MIT -URL: /~https://github.com/systemd/erlang-%{realname} -Vendor: VMware, Inc. -Distribution: Photon -Group: Development/Languages - -Source0: /~https://github.com/systemd/erlang-%{realname}/archive/%{name}-%{version}.tar.gz -%define sha512 %{name}=2c21e3e904b8b7d6c39b2ee81524537421994c80fe5a019bb37e8401da337ddf7e92c56deef757c505d9bdf9d16e8ab7de1e43fa93e4d0c129c36ee7fc4bfba9 - -BuildRequires: erlang >= 24 -BuildRequires: elixir >= 1.13.4 -BuildRequires: which -BuildRequires: systemd-devel - -%description -Erlang module for native access to the systemd-notify facilities. - -%prep -%autosetup -p1 -n %{name}-%{version} - -%build -cp %{_datadir}/elixir/%{elixir_version}/lib/mix/test/fixtures/rebar3 . -chmod +x rebar3 -%make_build all - -%install -mkdir -p %{buildroot}%{_libdir}/erlang/lib/%{realname}-%{version}/ebin -install -m 644 -p %{output_dir}/%{realname}.app %{buildroot}%{_libdir}/erlang/lib/%{realname}-%{version}/ebin -install -m 644 -p %{output_dir}/%{realname}.beam %{buildroot}%{_libdir}/erlang/lib/%{realname}-%{version}/ebin - -%files -%defattr(-,root,root) -%doc LICENSE -%dir %{_libdir}/erlang/lib/%{realname}-%{version}/ -%dir %{_libdir}/erlang/lib/%{realname}-%{version}/ebin/ -%{_libdir}/erlang/lib/%{realname}-%{version}/ebin/%{realname}.app -%{_libdir}/erlang/lib/%{realname}-%{version}/ebin/%{realname}.beam - -%changelog -* Mon Dec 19 2022 Shivani Agarwal 1.1-4 -- Bump version to build with new elixir -* Tue Nov 08 2022 Harinadh D 1.1-3 -- use reabr built with erlang >= 24 -* Thu Sep 29 2022 Shreenidhi Shedi 1.1-2 -- Bump version as a part of erlang upgrade -* Thu Jul 09 2020 Keerthana K 1.1-1 -- Update to 1.1 -* Mon Nov 04 2019 Keerthana K 1.0-1 -- Initial package for PhotonOS. diff --git a/SPECS/erlang/0001-erlang-fix-vernemq-build-fail.patch b/SPECS/erlang/0001-erlang-fix-vernemq-build-fail.patch deleted file mode 100644 index 9e90f2f59b..0000000000 --- a/SPECS/erlang/0001-erlang-fix-vernemq-build-fail.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 2c69a36203fde5327c3575d41da4e78d596ef71a Mon Sep 17 00:00:00 2001 -From: Shreenidhi Shedi -Date: Thu, 6 May 2021 17:30:35 +0530 -Subject: [PATCH] erlang: fix vernemq build fail - -Signed-off-by: Shreenidhi Shedi ---- - lib/crypto/c_src/openssl_config.h | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/lib/crypto/c_src/openssl_config.h b/lib/crypto/c_src/openssl_config.h -index 647ab25..8697744 100644 ---- a/lib/crypto/c_src/openssl_config.h -+++ b/lib/crypto/c_src/openssl_config.h -@@ -258,9 +258,6 @@ - # ifdef HAVE_DH - # define HAVE_EDDH - # endif --# if OPENSSL_VERSION_NUMBER >= (PACKED_OPENSSL_VERSION_PLAIN(1,1,1)) --# define HAVE_EDDSA --# endif - #endif - - #if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION_PLAIN(1,0,1) --- -2.37.3 - diff --git a/SPECS/erlang/erlang.spec b/SPECS/erlang/erlang.spec deleted file mode 100644 index 925144a231..0000000000 --- a/SPECS/erlang/erlang.spec +++ /dev/null @@ -1,92 +0,0 @@ -Name: erlang -Summary: erlang -Version: 25.1.2 -Release: 3%{?dist} -Group: Development/Languages -Vendor: VMware, Inc. -Distribution: Photon -License: ASL2.0 -URL: https://www.erlang.org - -Source0: /~https://github.com/erlang/otp/archive/refs/tags/OTP-%{version}.tar.gz -%define sha512 OTP=a478799cb7df70a552043da55757b811e8b97182be15ab928e05b58537bb7bc4899aee406648767f538d8bd5c09e0a9d7e3655c99a8df0e6a0b77db83a720fb8 - -Patch0: 0001-erlang-fix-vernemq-build-fail.patch - -Requires: ncurses-libs - -BuildRequires: unzip -BuildRequires: openssl-devel - -%description -Erlang is a general-purpose programming language and runtime -environment. Erlang has built-in support for concurrency, distribution -and fault tolerance. Erlang is used in several large telecommunication -systems from Ericsson. - -%prep -%autosetup -p1 -n otp-OTP-%{version} - -%build -export ERL_TOP="${PWD}" -export CFLAGS="-Wno-error=implicit-function-declaration -O2 -g" - -%configure \ - --enable-dynamic-ssl-lib \ - --enable-fips - -%make_build - -%install -%make_install %{?_smp_mflags} - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/%{name}/* -%exclude %dir %{_usrsrc} -%exclude %dir %{_libdir}/debug - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 25.1.2-3 -- Bump version as a part of openssl upgrade -* Fri Jun 09 2023 Nitesh Kumar 25.1.2-2 -- Bump version as a part of ncurses upgrade to v6.4 -* Fri Oct 28 2022 Gerrit Photon 25.1.2-1 -- Automatic Version Bump -* Wed Sep 28 2022 Shreenidhi Shedi 24.3.4.5-1 -- Upgrade to v24.3.4.5 -* Tue Mar 01 2022 Shreenidhi Shedi 23.3.2-4 -- Fix binary path -* Tue Jan 11 2022 Nitesh Kumar 23.3.2-3 -- Enable FIPS, Adding ncurses-libs as Requires. -* Fri Jun 04 2021 Satya Naga Vasamsetty 23.3.2-2 -- openssl 3.0.0 support -* Mon May 03 2021 Gerrit Photon 23.3.2-1 -- Automatic Version Bump -* Mon Apr 12 2021 Gerrit Photon 23.3.1-1 -- Automatic Version Bump -* Wed Sep 23 2020 Satya Naga Vasamsetty 23.1-2 -- Make openssl changes -* Wed Sep 23 2020 Gerrit Photon 23.1-1 -- Automatic Version Bump -* Mon Sep 21 2020 Gerrit Photon 23.0.4-1 -- Automatic Version Bump -* Fri Aug 21 2020 Gerrit Photon 23.0.3-1 -- Automatic Version Bump -* Mon Jun 22 2020 Gerrit Photon 23.0-1 -- Automatic Version Bump -* Tue Oct 29 2019 Keerthana K 22.1-1 -- Update to latest version 22.1 -* Thu Jan 31 2019 Siju Maliakkal 19.3-3 -- Revert to old version to fix rabbitmq-server startup failure -* Fri Dec 07 2018 Ashwin H 21.1.4-1 -- Update to version 21.1.4 -* Mon Sep 24 2018 Dweep Advani 21.0-1 -- Update to version 21.0 -* Fri Oct 13 2017 Alexey Makhalov 19.3-2 -- Remove BuildArch -* Thu Apr 06 2017 Chang Lee 19.3-1 -- Updated Version -* Mon Dec 12 2016 Priyesh Padmavilasom 19.1-1 -- Initial. diff --git a/SPECS/etcd/etcd.service b/SPECS/etcd/etcd.service deleted file mode 100644 index ba1589bc93..0000000000 --- a/SPECS/etcd/etcd.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Etcd Server -After=network.target - -[Service] -EnvironmentFile=-/etc/sysconfig/etcd -Type=notify -WorkingDirectory=/var/lib/etcd/ -ExecStart=/usr/bin/etcd --config-file /etc/etcd/etcd-default-conf.yml -Restart=on-failure -LimitNOFILE=65536 - -[Install] -WantedBy=multi-user.target diff --git a/SPECS/etcd/etcd.spec b/SPECS/etcd/etcd.spec deleted file mode 100644 index fc34ec8d78..0000000000 --- a/SPECS/etcd/etcd.spec +++ /dev/null @@ -1,179 +0,0 @@ -Summary: Distributed reliable key-value store -Name: etcd -Version: 3.5.9 -Release: 6%{?dist} -License: Apache License -URL: /~https://github.com/etcd-io/etcd -Group: System Environment/Security -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/etcd-io/etcd/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=c71c8bb532f0f7d7f2bb63f3eed0a2a0f05e3299a9dd7b7fd5a4ca7c0acb89ea0259797306053c7dc5ca3ad735711df6540bf134ce15975330a2fe1754bb27d5 - -Source1: %{name}.service -%ifarch aarch64 -Source2: %{name}.sysconfig -%endif -Source3: %{name}.sysusers - -BuildRequires: go -BuildRequires: git -BuildRequires: systemd-devel - -Requires: systemd - -Requires(pre): shadow -Requires(pre): systemd-rpm-macros -Requires(postun): /usr/sbin/userdel /usr/sbin/groupdel - -%description -A highly-available key value store for shared configuration and service discovery. - -%prep -%autosetup -p1 - -%build -go mod vendor -./build - -%install -install -vdm755 %{buildroot}%{_bindir} -install -vdm755 %{buildroot}%{_docdir}/%{name}-%{version} -install -vdm755 %{buildroot}%{_unitdir} -%ifarch aarch64 -install -vdm 0755 %{buildroot}%{_sysconfdir}/sysconfig -%endif -install -vdm 0755 %{buildroot}%{_sysconfdir}/%{name} -install -vpm 0755 -T %{name}.conf.yml.sample %{buildroot}%{_sysconfdir}/%{name}/%{name}-default-conf.yml -install -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysusersdir}/%{name}.sysusers - -chown -R root:root %{buildroot}%{_bindir} -chown -R root:root %{buildroot}/%{_docdir}/%{name}-%{version} - -mv %{_builddir}/%{name}-%{version}/bin/%{name} \ - %{_builddir}/%{name}-%{version}/bin/etcdctl \ - %{buildroot}%{_bindir} - -mv %{_builddir}/%{name}-%{version}/README.md %{buildroot}/%{_docdir}/%{name}-%{version}/ -mv %{_builddir}/%{name}-%{version}/etcdctl/README.md %{buildroot}/%{_docdir}/%{name}-%{version}/README-etcdctl.md -mv %{_builddir}/%{name}-%{version}/etcdctl/READMEv2.md %{buildroot}/%{_docdir}/%{name}-%{version}/READMEv2-etcdctl.md - -install -vdm755 %{buildroot}%{_presetdir} -echo "disable %{name}.service" > %{buildroot}%{_presetdir}/50-%{name}.preset - -cp %{SOURCE1} %{buildroot}%{_unitdir} -%ifarch aarch64 -cp %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/%{name} -%endif -install -vdm755 %{buildroot}%{_sharedstatedir}/%{name} - -%pre -%sysusers_create_compat %{SOURCE3} - -%post -/sbin/ldconfig - -%postun -/sbin/ldconfig - -%clean -rm -rf %{buildroot}/* - -%files -%{_bindir}/%{name}* -%{_docdir}/%{name}-%{version}/* -%{_unitdir}/%{name}.service -%{_presetdir}/50-%{name}.preset -%attr(0700,%{name},%{name}) %dir %{_sharedstatedir}/%{name} -%config(noreplace) %{_sysconfdir}/%{name}/%{name}-default-conf.yml -%{_sysusersdir}/%{name}.sysusers -%ifarch aarch64 -%config(noreplace) %{_sysconfdir}/sysconfig/%{name} -%endif - -%changelog -* Sun Nov 05 2023 Shreenidhi Shedi 3.5.9-6 -- Fix requires -* Wed Oct 11 2023 Piyush Gupta 3.5.9-5 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 3.5.9-4 -- Bump up version to compile with new go -* Tue Aug 08 2023 Mukul Sikka 3.5.9-3 -- Resolving systemd-rpm-macros for group creation -* Mon Jul 17 2023 Piyush Gupta 3.5.9-2 -- Bump up version to compile with new go -* Thu Jul 06 2023 Prashant S Chauhan 3.5.9-1 -- Update to 3.5.9 -* Mon Jul 03 2023 Piyush Gupta 3.5.7-3 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 3.5.7-2 -- Bump up version to compile with new go -* Sun Mar 12 2023 Prashant S Chauhan 3.5.7-1 -- Update to 3.5.7 -* Sun Mar 12 2023 Piyush Gupta 3.5.6-3 -- Bump up version to compile with new go -* Fri Mar 10 2023 Mukul Sikka 3.5.6-2 -- Use systemd-rpm-macros for user creation -* Tue Dec 13 2022 Gerrit Photon 3.5.6-1 -- Automatic Version Bump -* Mon Nov 21 2022 Piyush Gupta 3.5.1-3 -- Bump up version to compile with new go -* Wed Oct 26 2022 Piyush Gupta 3.5.1-2 -- Bump up version to compile with new go -* Fri Jun 17 2022 Prashant S Chauhan 3.5.1-1 -- Update to 3.5.1 -* Sun May 29 2022 Shreenidhi Shedi 3.4.18-2 -- Fix binary path -* Mon Apr 18 2022 Gerrit Photon 3.4.18-1 -- Automatic Version Bump -* Wed Jun 23 2021 Prashant S Chauhan 3.4.15-3 -- Change etcd data directory ownership to etcd:etcd as per CIS benchmark -* Fri Jun 11 2021 Piyush Gupta 3.4.15-2 -- Bump up version to compile with new go -* Mon Apr 12 2021 Gerrit Photon 3.4.15-1 -- Automatic Version Bump -* Fri Feb 05 2021 Harinadh D 3.4.13-3 -- Bump up version to compile with new go -* Fri Jan 15 2021 Piyush Gupta 3.4.13-2 -- Bump up version to compile with new go -* Wed Aug 26 2020 Gerrit Photon 3.4.13-1 -- Automatic Version Bump -* Wed Aug 19 2020 Gerrit Photon 3.4.12-1 -- Automatic Version Bump -* Mon Jul 27 2020 Gerrit Photon 3.4.10-1 -- Automatic Version Bump -* Mon Jun 22 2020 Gerrit Photon 3.4.9-1 -- Automatic Version Bump -* Wed Apr 08 2020 Shreyas B 3.4.3-2 -- Remove vendor dependencies, which is occurs due to Go v1.14. -* Mon Mar 16 2020 Ankit Jain 3.4.3-1 -- Update to 3.4.3 -* Mon Feb 25 2019 Keerthana K 3.3.9-2 -- Add env variable ETCD_UNSUPPORTED_ARCH=arm64 for arm to start etcd service. -* Fri Sep 21 2018 Sujay G 3.3.9-1 -- Bump etcd version to 3.3.9 -* Mon Sep 18 2017 Alexey Makhalov 3.1.5-4 -- Remove shadow requires -* Sun Aug 27 2017 Vinay Kulkarni 3.1.5-3 -- File based configuration for etcd service. -* Wed May 31 2017 Harish Udaiya Kumar 3.1.5-2 -- Provide preset file to deactivate service by default -* Thu Apr 06 2017 Anish Swaminathan 3.1.5-1 -- Upgraded to version 3.1.5, build from sources -* Fri Sep 2 2016 Xiaolin Li 3.0.9-1 -- Upgraded to version 3.0.9 -* Fri Jun 24 2016 Xiaolin Li 2.3.7-1 -- Upgraded to version 2.3.7 -* Wed May 25 2016 Nick Shi 2.2.5-3 -- Changing etcd service type from simple to notify -* Tue May 24 2016 Priyesh Padmavilasom 2.2.5-2 -- GA - Bump release of all rpms -* Tue Feb 23 2016 Harish Udaiya Kumar 2.2.5-1 -- Upgraded to version 2.2.5 -* Tue Jul 28 2015 Divya Thaluru 2.1.1-2 -- Adding etcd service file -* Tue Jul 21 2015 Vinay Kulkarni 2.1.1-1 -- Update to version etcd v2.1.1 -* Tue Mar 10 2015 Divya Thaluru 2.0.4-1 -- Initial build. First version diff --git a/SPECS/etcd/etcd.sysconfig b/SPECS/etcd/etcd.sysconfig deleted file mode 100644 index 9533eb5216..0000000000 --- a/SPECS/etcd/etcd.sysconfig +++ /dev/null @@ -1,2 +0,0 @@ -# Environment variables required for etcd service -ETCD_UNSUPPORTED_ARCH=arm64 diff --git a/SPECS/etcd/etcd.sysusers b/SPECS/etcd/etcd.sysusers deleted file mode 100644 index 46e2e02218..0000000000 --- a/SPECS/etcd/etcd.sysusers +++ /dev/null @@ -1,2 +0,0 @@ -g etcd - -u etcd - "etcd Daemon User" /var/lib/etcd /bin/bash diff --git a/SPECS/ethtool/ethtool.spec b/SPECS/ethtool/ethtool.spec deleted file mode 100644 index 7bad793d52..0000000000 --- a/SPECS/ethtool/ethtool.spec +++ /dev/null @@ -1,81 +0,0 @@ -Summary: Standard Linux utility for controlling network drivers and hardware -Name: ethtool -Version: 6.1 -Release: 1%{?dist} -License: GPLv2 -URL: https://www.kernel.org/pub/software/network/ethtool -Group: Productivity/Networking/Diagnostic -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://www.kernel.org/pub/software/network/%{name}/%{name}-%{version}.tar.xz -%define sha512 %{name}=6ca478ec75dae7cc347b859802e1965e6c78310ec4b276dec29bdf76d3464e4186c6e5ed0cb8f013171d6c0562c1156cb0442419f5b947c314e8b91ad9fd2d93 - -BuildRequires: libmnl-devel - -Requires: libmnl - -%description -ethtool is the standard Linux utility for controlling network drivers and hardware, -particularly for wired Ethernet devices - -%prep -%autosetup -p1 - -%build -autoreconf -fi -%configure -%make_build - -%install -%make_install %{?_smp_mflags} - -%if 0%{?with_check} -%check -make %{?_smp_mflags} check -%endif - -%clean -rm -rf %{buildroot}/* - -%files -%doc AUTHORS COPYING NEWS README ChangeLog -%defattr(-,root,root) -%{_sbindir}/ethtool -%{_datadir}/bash-completion/completions/ethtool -%{_mandir}/* - -%changelog -* Wed Dec 21 2022 Susant Sahani 6.1-1 -- Version bump -* Fri Oct 28 2022 Gerrit Photon 6.0-1 -- Automatic Version Bump -* Wed Sep 28 2022 Shreenidhi Shedi 5.19-1 -- Upgrade to v5.19 -* Sun May 29 2022 Shreenidhi Shedi 5.17-2 -- Fix binary path -* Mon Apr 18 2022 Gerrit Photon 5.17-1 -- Automatic Version Bump -* Tue Jan 11 2022 Susant Sahani 5.15-1 -- Version bump -* Mon May 03 2021 Gerrit Photon 5.12-1 -- Automatic Version Bump -* Sat Jan 23 2021 Susant Sahani 5.10-1 -- Version bump -* Sun Oct 11 2020 Prashant S Chauhan 5.8-2 -- Add libmnl as requires by ethtool. Fixes issue while -- installing ethtool as Build Requires in python3-ethtool -* Mon Aug 24 2020 Gerrit Photon 5.8-1 -- Automatic Version Bump -* Wed May 06 2020 Susant Sahani 5.4-1 -- Version update -* Mon Oct 01 2018 Alexey Makhalov 4.18-1 -- Version update -* Mon Apr 03 2017 Chang Lee 4.8-1 -- Upgraded to version 4.8 -* Tue May 24 2016 Priyesh Padmavilasom 4.2-3 -- GA - Bump release of all rpms -* Wed Jan 20 2016 Anish Swaminathan 4.2-2 -- Change file packaging. -* Mon Nov 30 2015 Harish Udaiya Kumar 4.2-1 -- Initial build. First version diff --git a/SPECS/eventlog/eventlog.spec b/SPECS/eventlog/eventlog.spec deleted file mode 100644 index 35b2025297..0000000000 --- a/SPECS/eventlog/eventlog.spec +++ /dev/null @@ -1,73 +0,0 @@ -Summary: Syslog event logger library -Name: eventlog -Version: 0.2.12 -Release: 4%{?dist} -License: GPL -URL: https://www.balabit.com -Group: System Environment/Daemons -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://www.balabit.com/downloads/files/eventlog/0.2/%{name}_%{version}.tar.gz -%define sha512 %{name}=a681ab2961f5bf38e106a5b0b4492e74098808e2bf1a100f545736902649c705db124c0847796a47485faa8b0befe691a789d752f313c5b65ad50ed2763d2cce - -BuildRequires: bison -BuildRequires: flex - -%description -The EventLog library aims to be a replacement of the simple syslog() API -provided on UNIX systems. The major difference between EventLog and syslog -is that EventLog tries to add structure to messages. - -EventLog provides an interface to build, format and output an event record. -The exact format and output method can be customized by the administrator -via a configuration file. - -This package is the runtime part of the library. - -%package devel -Summary: Development libraries & headers for %{name} -Requires: %{name} = %{version}-%{release} - -%description devel -Development libraries & headers for %{name} - -%prep -%autosetup -p1 - -%build -%configure --disable-silent-rules -%make_build - -%install -%make_install - -%if 0%{?with_check} -%check -make %{?_smp_mflags} check -%endif - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_libdir}/*.so.* - -%files devel -%defattr(-,root,root) -%{_libdir}/*.a -%{_libdir}/*.so -%{_includedir}/eventlog/*.h -%{_libdir}/pkgconfig/eventlog.pc - -%changelog -* Sun Aug 07 2022 Shreenidhi Shedi 0.2.12-4 -- Remove .la files -- Introduce devel package -* Fri Oct 13 2017 Alexey Makhalov 0.2.12-3 -- Use standard configure macros -* Tue May 24 2016 Priyesh Padmavilasom 0.2.12-2 -- GA - Bump release of all rpms -* Fri Jun 5 2015 Vinay Kulkarni 0.2.12-1 -- Add eventlog library for syslog-ng to photon diff --git a/SPECS/expat/expat.spec b/SPECS/expat/expat.spec deleted file mode 100644 index 7c476d7a0b..0000000000 --- a/SPECS/expat/expat.spec +++ /dev/null @@ -1,123 +0,0 @@ -Summary: An XML parser library -Name: expat -Version: 2.5.0 -Release: 1%{?dist} -License: MIT -URL: http://expat.sourceforge.net/ -Group: System Environment/GeneralLibraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://sourceforge.net/projects/%{name}/files/%{name}/%{version}/%{name}-%{version}.tar.xz -%define sha512 %{name}=2da73b991b7c0c54440485c787e5edeb3567230204e31b3cac1c3a6713ec6f9f1554d3afffc0f8336168dfd5df02db4a69bcf21b4d959723d14162d13ab87516 - -Requires: expat-libs = %{version}-%{release} - -%description -The Expat package contains a stream oriented C library for parsing XML. - -%package devel -Summary: Header and development files for expat -Requires: %{name} = %{version}-%{release} -%description devel -It contains the libraries and header files to create applications - -%package libs -Summary: Libraries for expat -Group: System Environment/Libraries -%description libs -This package contains minimal set of shared expat libraries. - -%package docs -Summary: expat docs -Group: Documentation -Requires: expat = %{version}-%{release} -%description docs -The package contains expat doc files. - -%prep -%autosetup -p1 - -%build -%configure \ - CFLAGS="%{optflags}" \ - CXXFLAGS="%{optflags}" \ - --bindir=%{_bindir} \ - --libdir=%{_libdir} \ - --disable-static - -make %{?_smp_mflags} - -%install -[ %{buildroot} != "/" ] && rm -rf %{buildroot}/* -make DESTDIR=%{buildroot} install %{?_smp_mflags} -find %{buildroot}/%{_libdir} -name '*.la' -delete -rm -rf %{buildroot}/%{_docdir}/%{name} -%{_fixperms} %{buildroot}/* - -%check -make %{?_smp_mflags} check - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%post libs -/sbin/ldconfig - -%postun libs -/sbin/ldconfig - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_bindir}/* - -## TODO: There's some change in man page build path according to release notes. -## /~https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes -## #158 #263 CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR -#%%{_mandir}/man1/* - -%files devel -%{_includedir}/* -%{_libdir}/pkgconfig/* -%{_libdir}/libexpat.so -%{_libdir}/cmake/expat-%{version}/*.cmake - -%files libs -%{_libdir}/libexpat.so.* - -%files docs -%defattr(-,root,root) -%doc AUTHORS Changes - -%changelog -* Fri Oct 28 2022 Gerrit Photon 2.5.0-1 -- Automatic Version Bump -* Mon Apr 18 2022 Gerrit Photon 2.4.8-1 -- Automatic Version Bump -* Mon Apr 12 2021 Gerrit Photon 2.3.0-1 -- Automatic Version Bump -* Fri Feb 19 2021 Satya Naga Vasamsetty 2.2.9-3 -- Move documents to docs sub-package -* Mon Oct 05 2020 Tapas Kundu 2.2.9-2 -- Use ldconfig to resolve dependencies for lib -* Tue Oct 29 2019 Tapas Kundu 2.2.9-1 -- Fix for CVE-2019-15903 -* Thu Oct 17 2019 Shreenidhi Shedi 2.2.7-1 -- Upgrade to version 2.2.7 -* Mon Jul 8 2019 Siddharth Chandrasekaran 2.2.6-2 -- Add patch for CVE-2018-20843 -* Thu Sep 20 2018 Sujay G 2.2.6-1 -- Bump expat version to 2.2.6 -* Tue Sep 26 2017 Anish Swaminathan 2.2.4-1 -- Updating version, fixes CVE-2017-9233, CVE-2016-9063, CVE-2016-0718 -* Fri Apr 14 2017 Alexey Makhalov 2.2.0-2 -- Added -libs and -devel subpackages -* Fri Oct 21 2016 Kumar Kaushik 2.2.0-1 -- Updating Source/Fixing CVE-2015-1283. -* Tue May 24 2016 Priyesh Padmavilasom 2.1.0-2 -- GA - Bump release of all rpms -* Wed Nov 5 2014 Divya Thaluru 2.1.0-1 -- Initial build. First version diff --git a/SPECS/expect/expect.spec b/SPECS/expect/expect.spec deleted file mode 100644 index ea786b1294..0000000000 --- a/SPECS/expect/expect.spec +++ /dev/null @@ -1,69 +0,0 @@ -Summary: Expect is a tool for automating interactive applications -Name: expect -Version: 5.45.4 -Release: 2%{?dist} -License: GPLv2+ -URL: https://sourceforge.net/projects/expect -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://sourceforge.net/projects/%{name}/files/Expect/%{version}/%{name}%{version}.tar.gz -%define sha512 %{name}=a8dc25e8175f67e029e15cbcfca1705165c1c4cb2dd37eaaaebffb61e3ba132d9519cd73ca5add4c3358a2b0b7a91e878279e8d0b72143ff2c287fce07e4659a - -Requires: tcl - -BuildRequires: tcl-devel - -%description -Expect is a tool for automating interactive applications such as -telnet, ftp, passwd, fsck, rlogin, tip, etc. Expect is also useful -for testing these same applications. - -%package devel -Summary: Headers and development libraries for expect -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} -Requires: tcl-devel - -%description devel -Headers and development libraries for expect - -%prep -%autosetup -p1 -n %{name}%{version} - -%build -%configure -%make_build - -%install -%make_install %{?_smp_mflags} - -%if 0%{?with_check} -%check -make %{?_smp_mflags} test -%endif - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/%{name}%{version}/* -%exclude %dir %{_libdir}/debug -%{_mandir}/man1/* - -%files devel -%defattr(-,root,root) -%{_includedir}/* -%{_mandir}/man3/* - -%changelog -* Mon Feb 28 2022 Shreenidhi Shedi 5.45.4-2 -- Fix binary path -* Thu Sep 20 2018 Sujay G 5.45.4-1 -- Bump expect version to 5.45.4 -* Fri Oct 13 2017 Alexey Makhalov 5.45-3 -- Use standard configure macros -* Tue Aug 8 2017 Alexey Makhalov 5.45-2 -- Fix %check section -* Wed Jul 12 2017 Alexey Makhalov 5.45-1 -- Initial build. First version diff --git a/SPECS/fail2ban/00-fail2ban-systemd.conf b/SPECS/fail2ban/00-fail2ban-systemd.conf deleted file mode 100644 index 0e5803023e..0000000000 --- a/SPECS/fail2ban/00-fail2ban-systemd.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is part of the fail2ban-systemd package to configure the use of -# the systemd journal as the default backend. You can remove this package -# (along with the empty fail2ban meta-package) if you do not want to use the -# journal backend -[DEFAULT] -backend=systemd diff --git a/SPECS/fail2ban/0001-Replace-2to3-binary-name-with-2to3-3.11.patch b/SPECS/fail2ban/0001-Replace-2to3-binary-name-with-2to3-3.11.patch deleted file mode 100644 index bb56833974..0000000000 --- a/SPECS/fail2ban/0001-Replace-2to3-binary-name-with-2to3-3.11.patch +++ /dev/null @@ -1,25 +0,0 @@ -From bfe0ca44db431d20ac2d155b6af1d0b9c431d4ac Mon Sep 17 00:00:00 2001 -From: Nitesh Kumar -Date: Wed, 15 Feb 2023 14:16:54 +0530 -Subject: [PATCH] Replace 2to3 binary name with 2to3-3.10 - ---- - fail2ban-2to3 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/fail2ban-2to3 b/fail2ban-2to3 -index 2015ed5..c8d955d 100755 ---- a/fail2ban-2to3 -+++ b/fail2ban-2to3 -@@ -5,7 +5,7 @@ - - set -eu - --if 2to3 -w --no-diffs bin/* fail2ban;then -+if 2to3-3.11 -w --no-diffs bin/* fail2ban;then - echo "Success!" >&2 - exit 0 - else --- -2.17.1 - diff --git a/SPECS/fail2ban/0001-Set-proper-config-path-in-include-section.patch b/SPECS/fail2ban/0001-Set-proper-config-path-in-include-section.patch deleted file mode 100644 index 2b4d373f6b..0000000000 --- a/SPECS/fail2ban/0001-Set-proper-config-path-in-include-section.patch +++ /dev/null @@ -1,26 +0,0 @@ -From a71a22c075c306d3ff252bf879ede69cc5e25477 Mon Sep 17 00:00:00 2001 -From: Nitesh Kumar -Date: Mon, 13 Feb 2023 22:51:58 +0530 -Subject: [PATCH] Set proper config path in include section - ---- - config/jail.conf | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/config/jail.conf b/config/jail.conf -index fe8db52..ae06348 100644 ---- a/config/jail.conf -+++ b/config/jail.conf -@@ -33,7 +33,8 @@ - [INCLUDES] - - #before = paths-distro.conf --before = paths-debian.conf -+#before = paths-debian.conf -+before = paths-common.conf - - # The DEFAULT allows a global definition of the options. They can be overridden - # in each jail afterwards. --- -2.17.1 - diff --git a/SPECS/fail2ban/fail2ban.spec b/SPECS/fail2ban/fail2ban.spec deleted file mode 100644 index fcf3b681c4..0000000000 --- a/SPECS/fail2ban/fail2ban.spec +++ /dev/null @@ -1,220 +0,0 @@ -Summary: Daemon to ban hosts that cause multiple authentication errors -Name: fail2ban -Version: 1.0.2 -Release: 1%{?dist} -License: GPLv2+ -Group: Productivity/Networking/Security -Vendor: VMware, Inc. -Distribution: Photon -URL: http://fail2ban.sourceforge.net - -Source0: /~https://github.com/%{name}/%{name}/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=688a84361b5794e1658f53d2d200ce752fe1e3320ddb1742c32c4b4b82a79ace16ae464e7ea3eeb94a0e862bcac73c2d3a0e61dd7b28e179a4c857f950d74dbb - -Source1: 00-fail2ban-systemd.conf - -Patch0: 0001-Set-proper-config-path-in-include-section.patch -Patch1: 0001-Replace-2to3-binary-name-with-2to3-3.11.patch - -BuildArch: noarch - -BuildRequires: python3-devel -BuildRequires: python3-setuptools -BuildRequires: python3-tools -BuildRequires: sqlite-devel -BuildRequires: systemd-devel - -%if 0%{?with_check} -BuildRequires: python3-systemd -%endif - -Requires: systemd -Requires: python3-systemd -Requires: nftables -Requires: perl -Requires: whois -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd - -# Default components -Requires: %{name} = %{version}-%{release} -Requires: %{name}-sendmail = %{version}-%{release} -Requires: %{name}-systemd = %{version}-%{release} - -%description -Fail2Ban scans log files and bans IP addresses that makes too many password -failures. It updates firewall rules to reject the IP address. These rules can -be defined by the user. Fail2Ban can read multiple log files such as sshd or -Apache web server ones. - -The main package contains the core server components for Fail2Ban with minimal -dependencies. You can install this directly if you want to have a small -installation and know what you are doing. - -%package hostsdeny -Summary: Hostsdeny (tcp_wrappers) support for Fail2Ban -Group: Productivity/Networking/Security -Requires: %{name} = %{version}-%{release} -Requires: ed -Requires: tcp_wrappers - -%description hostsdeny -This package enables support for manipulating tcp_wrapper's /etc/hosts.deny -files. - -%package devel -Summary: Fail2Ban testcases -Group: Productivity/Networking/Security -Requires: %{name} = %{version}-%{release} - -%description devel -This package contains Fail2Ban's testscases and scripts. - -%package mail -Summary: Mail actions for Fail2Ban -Group: Productivity/Networking/Security -Requires: %{name} = %{version}-%{release} -Requires: sendmail - -%description mail -This package installs Fail2Ban's mail actions. These are an alternative -to the default sendmail actions. - -%package sendmail -Summary: Sendmail actions for Fail2Ban -Group: Productivity/Networking/Security -Requires: %{name} = %{version}-%{release} -Requires: sendmail - -%description sendmail -This package installs Fail2Ban's sendmail actions. This is the default -mail actions for Fail2Ban. - -%package systemd -Summary: Systemd journal configuration for Fail2Ban -Group: Productivity/Networking/Security -Requires: %{name} = %{version}-%{release} - -%description systemd -This package configures Fail2Ban to use the systemd journal for its log input -by default. - -%prep -%autosetup -p1 - -%build -bash ./%{name}-2to3 -%{py3_build} - -%install -%{py3_install} -ln -sfv python3 %{buildroot}%{_bindir}/%{name}-python - -mkdir -p %{buildroot}%{_unitdir} \ - %{buildroot}%{_tmpfilesdir} \ - %{buildroot}%{_mandir}/man{1,5} \ - %{buildroot}%{_sysconfdir}/logrotate.d - -cp -p build/%{name}.service %{buildroot}%{_unitdir} - -install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1 -install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5 -install -p -m 644 files/%{name}-logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name} -install -d -m 0755 %{buildroot}/run/%{name}/ -install -d -m 0755 %{buildroot}%{_sharedstatedir}/%{name}/ -install -p -m 0644 files/%{name}-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/%{name}.conf - -# Remove non-Linux actions, config files for other distros, installed doc -rm -rf %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf \ - %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf \ - %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf \ - %{buildroot}%{_sysconfdir}/%{name}/paths-{arch,debian,freebsd,opensuse,osx}.conf \ - %{buildroot}%{_docdir}/%{name} - -# systemd journal configuration -cp -p %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/jail.d/ - -%if 0%{?with_check} -%check -%{python3} bin/%{name}-testcases --verbosity=2 --no-network -%endif - -%post -%systemd_post %{name}.service - -%preun -%systemd_preun %{name}.service - -%postun -%systemd_postun_with_restart %{name}.service - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root) -%{_bindir}/%{name}-client -%{_bindir}/%{name}-python -%{_bindir}/%{name}-regex -%{_bindir}/%{name}-server -%{python3_sitelib}/* -%exclude %{python3_sitelib}/%{name}/tests -%{_unitdir}/%{name}.service -%{_mandir}/man1/%{name}.1* -%{_mandir}/man1/%{name}-client.1* -%{_mandir}/man1/%{name}-python.1* -%{_mandir}/man1/%{name}-regex.1* -%{_mandir}/man1/%{name}-server.1* -%{_mandir}/man5/*.5* -%config(noreplace) %{_sysconfdir}/%{name}/filter.d/*.conf -%config(noreplace) %{_sysconfdir}/%{name}/action.d/*.conf -%config(noreplace) %{_sysconfdir}/%{name}/action.d/smtp.py -%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf -%config(noreplace) %{_sysconfdir}/%{name}/filter.d/ignorecommands/apache-fakegooglebot -%config(noreplace) %{_sysconfdir}/%{name}/jail.conf -%config(noreplace) %{_sysconfdir}/%{name}/paths-*.conf -%exclude %{_sysconfdir}/%{name}/filter.d/sendmail-*.conf -%exclude %{_sysconfdir}/%{name}/action.d/complain.conf -%exclude %{_sysconfdir}/%{name}/action.d/hostsdeny.conf -%exclude %{_sysconfdir}/%{name}/action.d/mail.conf -%exclude %{_sysconfdir}/%{name}/action.d/mail-buffered.conf -%exclude %{_sysconfdir}/%{name}/action.d/mail-whois.conf -%exclude %{_sysconfdir}/%{name}/action.d/mail-whois-lines.conf -%exclude %{_sysconfdir}/%{name}/action.d/sendmail-*.conf -%exclude %{_sysconfdir}/%{name}/jail.d/*.conf -%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} -%{_tmpfilesdir}/%{name}.conf -%dir %{_sharedstatedir}/%{name} -%dir /run/%{name}/ - -%files hostsdeny -%defattr(-,root,root) -%config(noreplace) %{_sysconfdir}/%{name}/action.d/hostsdeny.conf - -%files devel -%defattr(-,root,root) -%{_bindir}/%{name}-testcases -%{_mandir}/man1/%{name}-testcases.1* -%{python3_sitelib}/%{name}/tests - -%files mail -%defattr(-,root,root) -%config(noreplace) %{_sysconfdir}/%{name}/action.d/complain.conf -%config(noreplace) %{_sysconfdir}/%{name}/action.d/mail.conf -%config(noreplace) %{_sysconfdir}/%{name}/action.d/mail-buffered.conf -%config(noreplace) %{_sysconfdir}/%{name}/action.d/mail-whois.conf -%config(noreplace) %{_sysconfdir}/%{name}/action.d/mail-whois-lines.conf - -%files sendmail -%defattr(-,root,root) -%config(noreplace) %{_sysconfdir}/%{name}/action.d/sendmail-*.conf -%config(noreplace) %{_sysconfdir}/%{name}/filter.d/sendmail-*.conf - -%files systemd -%defattr(-,root,root) -%config(noreplace) %{_sysconfdir}/%{name}/jail.d/00-%{name}-systemd.conf - -%changelog -* Tue Feb 14 2023 Nitesh Kumar 1.0.2-1 -- Initial version diff --git a/SPECS/fakeroot-ng/Add-sched-h-to-process-cpp.patch b/SPECS/fakeroot-ng/Add-sched-h-to-process-cpp.patch deleted file mode 100644 index d62bea1f1d..0000000000 --- a/SPECS/fakeroot-ng/Add-sched-h-to-process-cpp.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/process.cpp b/process.cpp -index c0c6b51..c173ea2 100644 ---- a/process.cpp -+++ b/process.cpp -@@ -22,6 +22,7 @@ - #include - #include - #include -+#include - - #include - #include diff --git a/SPECS/fakeroot-ng/fakeroot-ng.spec b/SPECS/fakeroot-ng/fakeroot-ng.spec deleted file mode 100644 index 2af232fa79..0000000000 --- a/SPECS/fakeroot-ng/fakeroot-ng.spec +++ /dev/null @@ -1,60 +0,0 @@ -Summary: Fools programs into thinking they are running with root permission -Name: fakeroot-ng -Version: 0.18 -Release: 4%{?dist} -License: GPLv2+ -URL: http://fakeroot-ng.lingnu.com -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://downloads.sourceforge.net/project/fakerootng/fakeroot-ng/%{version}/fakeroot-ng-%{version}.tar.gz -%define sha512 %{name}=8ece6830d229b92537d9c0a2eb42cb9ec4ae6b83453303004dded5eab0707b9ae8eaa2c71aac6ea68226c43cf08db6b0939a9422aab32948f5ecb185ee01d854 - -Patch0: Add-sched-h-to-process-cpp.patch - -BuildArch: x86_64 - -%description -Fakeroot-ng is a clean re-implementation of fakeroot. The core idea -is to run a program, but wrap all system calls that program performs -so that it thinks it is running as root, while it is, in practice, -running as an unprivileged user. When the program is trying to perform -a privileged operation (such as modifying a file's owner or creating -a block device), this operation is emulated, so that an unprivileged -operation is actually carried out, but the result of the privileged -operation is reported to the program whenever it attempts to query -the result. - -%prep -%autosetup -p1 - -%build -%configure -%make_build - -%install -%make_install %{?_smp_mflags} - -%if 0%{?with_check} -%check -make %{?_smp_mflags} check -%endif - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root,-) -%{_bindir}/%{name} -%doc %{_mandir}/man1/%{name}.1.gz - -%changelog -* Mon Sep 19 2022 Vamsi Krishna Brahmajosyula 0.18-4 -- Fix build with latest tool chain -* Mon Oct 22 2018 Ajay Kaher 0.18-3 -- Adding BuildArch -* Tue May 24 2016 Priyesh Padmavilasom 0.18-2 -- GA - Bump release of all rpms -* Fri Jul 10 2015 Luis Zuniga 0.17-0.1 -- Initial build for Photon diff --git a/SPECS/falco/0001-build-plugins-locally.patch b/SPECS/falco/0001-build-plugins-locally.patch deleted file mode 100644 index 3a8c28729f..0000000000 --- a/SPECS/falco/0001-build-plugins-locally.patch +++ /dev/null @@ -1,100 +0,0 @@ -From c688a93e323f232dcea52240a35d7e2096a82741 Mon Sep 17 00:00:00 2001 -From: Brennan Lamoreaux -Date: Wed, 5 Jul 2023 21:38:28 +0000 -Subject: [PATCH] build plugins locally - -Build plugins locally with the updated Photon OS toolchain, -instead of downloading precompiled binaries compiled with -outdated Go versions. ---- - cmake/modules/plugins.cmake | 42 ++++++++++++++++--------------------- - 1 file changed, 18 insertions(+), 24 deletions(-) - -diff --git a/cmake/modules/plugins.cmake b/cmake/modules/plugins.cmake -index 8a4a1d28..e564f20a 100644 ---- a/cmake/modules/plugins.cmake -+++ b/cmake/modules/plugins.cmake -@@ -20,21 +20,19 @@ if(NOT DEFINED PLUGINS_COMPONENT_NAME) - endif() - - set(PLUGIN_K8S_AUDIT_VERSION "0.3.0") --if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64") -- set(PLUGIN_K8S_AUDIT_HASH "214915fc2a61d147d64aaf4cb29c3fc6a513eda621dad1dfe77f2fd7099b31e1") --else() # aarch64 -- set(PLUGIN_K8S_AUDIT_HASH "d9b4610714df581043db76ecb4caf3a41aae5494cf61ab8740a3749bfac8457e") --endif() -+set(PLUGIN_K8S_AUDIT_HASH "09a594f0a6471e39151b1908fccb855a52c6296a2593bd9f064313205e09b495") - - ExternalProject_Add( - k8saudit-plugin -- URL "https://download.falco.org/plugins/stable/k8saudit-${PLUGIN_K8S_AUDIT_VERSION}-${PLUGINS_SYSTEM_NAME}-${CMAKE_HOST_SYSTEM_PROCESSOR}.tar.gz" -+ URL "/~https://github.com/falcosecurity/plugins/archive/refs/tags/k8saudit-${PLUGIN_K8S_AUDIT_VERSION}.tar.gz" - URL_HASH "SHA256=${PLUGIN_K8S_AUDIT_HASH}" - CONFIGURE_COMMAND "" -- BUILD_COMMAND "" -+ SOURCE_DIR "plugins-k8saudit-${PLUGIN_K8S_AUDIT_VERSION}/" -+ BINARY_DIR "plugins-k8saudit-${PLUGIN_K8S_AUDIT_VERSION}/plugins/k8saudit" -+ BUILD_COMMAND "make" - INSTALL_COMMAND "") - --install(FILES "${PROJECT_BINARY_DIR}/k8saudit-plugin-prefix/src/k8saudit-plugin/libk8saudit.so" DESTINATION "${FALCO_PLUGINS_DIR}" COMPONENT "${PLUGINS_COMPONENT_NAME}") -+install(FILES "${PROJECT_BINARY_DIR}/plugins-k8saudit-${PLUGIN_K8S_AUDIT_VERSION}/plugins/k8saudit/libk8saudit.so" DESTINATION "${FALCO_PLUGINS_DIR}" COMPONENT "${PLUGINS_COMPONENT_NAME}") - - ExternalProject_Add( - k8saudit-rules -@@ -47,21 +45,19 @@ ExternalProject_Add( - install(FILES "${PROJECT_BINARY_DIR}/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml" DESTINATION "${FALCO_ETC_DIR}" COMPONENT "${PLUGINS_COMPONENT_NAME}") - - set(PLUGIN_CLOUDTRAIL_VERSION "0.5.0") --if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64") -- set(PLUGIN_CLOUDTRAIL_HASH "ca6c0d087b37090145ef0c92f10d1dd32bb2a08c7bae83cc6fb7a1ba712f3182") --else() # aarch64 -- set(PLUGIN_CLOUDTRAIL_HASH "f6e12d3bd16ae0f504ed2bb56d13531d15b7d55beb1b63932cbe603cff941372") --endif() -+set(PLUGIN_CLOUDTRAIL_HASH "6a3af4c3da0ab1ea9029247319866dc2054f2c0fb23e06116a4e96584122e750") - - ExternalProject_Add( - cloudtrail-plugin -- URL "https://download.falco.org/plugins/stable/cloudtrail-${PLUGIN_CLOUDTRAIL_VERSION}-${PLUGINS_SYSTEM_NAME}-${CMAKE_HOST_SYSTEM_PROCESSOR}.tar.gz" -+ URL "/~https://github.com/falcosecurity/plugins/archive/refs/tags/cloudtrail-${PLUGIN_CLOUDTRAIL_VERSION}.tar.gz" - URL_HASH "SHA256=${PLUGIN_CLOUDTRAIL_HASH}" - CONFIGURE_COMMAND "" -- BUILD_COMMAND "" -+ SOURCE_DIR "plugins-cloudtrail-${PLUGIN_CLOUDTRAIL_VERSION}/" -+ BINARY_DIR "plugins-cloudtrail-${PLUGIN_CLOUDTRAIL_VERSION}/plugins/cloudtrail" -+ BUILD_COMMAND "make" - INSTALL_COMMAND "") - --install(FILES "${PROJECT_BINARY_DIR}/cloudtrail-plugin-prefix/src/cloudtrail-plugin/libcloudtrail.so" DESTINATION "${FALCO_PLUGINS_DIR}" COMPONENT "${PLUGINS_COMPONENT_NAME}") -+install(FILES "${PROJECT_BINARY_DIR}/plugins-cloudtrail-${PLUGIN_CLOUDTRAIL_VERSION}/plugins/cloudtrail/libcloudtrail.so" DESTINATION "${FALCO_PLUGINS_DIR}" COMPONENT "${PLUGINS_COMPONENT_NAME}") - - ExternalProject_Add( - cloudtrail-rules -@@ -74,18 +70,16 @@ ExternalProject_Add( - install(FILES "${PROJECT_BINARY_DIR}/cloudtrail-rules-prefix/src/cloudtrail-rules/aws_cloudtrail_rules.yaml" DESTINATION "${FALCO_ETC_DIR}" COMPONENT "${PLUGINS_COMPONENT_NAME}") - - set(PLUGIN_JSON_VERSION "0.5.0") --if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64") -- set(PLUGIN_JSON_HASH "b422c4f08bb54ccd384a87c5922e120d5731028c87742ef657cacf936447c202") --else() # aarch64 -- set(PLUGIN_JSON_HASH "8358f04325d8a9e9675f38fae8d13a250fb132dcf6741fd0f9830e8c39f48aed") --endif() -+set(PLUGIN_JSON_HASH "14f216cfcfec4cf50ab4ac208c5008ac206178253b9e2470cc60589569956bd0") - - ExternalProject_Add( - json-plugin -- URL "https://download.falco.org/plugins/stable/json-${PLUGIN_JSON_VERSION}-${PLUGINS_SYSTEM_NAME}-${CMAKE_HOST_SYSTEM_PROCESSOR}.tar.gz" -+ URL "/~https://github.com/falcosecurity/plugins/archive/refs/tags/json-${PLUGIN_JSON_VERSION}.tar.gz" - URL_HASH "SHA256=${PLUGIN_JSON_HASH}" - CONFIGURE_COMMAND "" -- BUILD_COMMAND "" -+ SOURCE_DIR "plugins-json-${PLUGIN_JSON_VERSION}/" -+ BINARY_DIR "plugins-json-${PLUGIN_JSON_VERSION}/plugins/json" -+ BUILD_COMMAND "make" - INSTALL_COMMAND "") - --install(FILES "${PROJECT_BINARY_DIR}/json-plugin-prefix/src/json-plugin/libjson.so" DESTINATION "${FALCO_PLUGINS_DIR}" COMPONENT "${PLUGINS_COMPONENT_NAME}") -+install(FILES "${PROJECT_BINARY_DIR}/plugins-json-${PLUGIN_JSON_VERSION}/plugins/json/libjson.so" DESTINATION "${FALCO_PLUGINS_DIR}" COMPONENT "${PLUGINS_COMPONENT_NAME}") --- -2.39.0 - diff --git a/SPECS/falco/build-Distinguish-yamlcpp-in-USE_BUNDLED-macro.patch b/SPECS/falco/build-Distinguish-yamlcpp-in-USE_BUNDLED-macro.patch deleted file mode 100644 index e2ebf7ef6a..0000000000 --- a/SPECS/falco/build-Distinguish-yamlcpp-in-USE_BUNDLED-macro.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 0d7ce28afc3532544e2763b1727623dd2072db18 Mon Sep 17 00:00:00 2001 -From: Bo Gan -Date: Thu, 17 Sep 2020 04:09:56 -0700 -Subject: [PATCH] build: Distinguish yamlcpp in USE_BUNDLED macro - -This patch allows linking with bundled yamlcpp with USE_BUNDLED_DEPS=OFF. - -Signed-off-by: Bo Gan -Signed-off-by: Srivatsa S. Bhat (VMware) ---- - cmake/modules/yaml-cpp.cmake | 2 +- - userspace/falco/CMakeLists.txt | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/cmake/modules/yaml-cpp.cmake b/cmake/modules/yaml-cpp.cmake -index 5f47fae..b552fd4 100644 ---- a/cmake/modules/yaml-cpp.cmake -+++ b/cmake/modules/yaml-cpp.cmake -@@ -11,7 +11,7 @@ - # specific language governing permissions and limitations under the License. - # - mark_as_advanced(YAMLCPP_INCLUDE_DIR YAMLCPP_LIB) --if(NOT USE_BUNDLED_DEPS) -+if(NOT USE_BUNDLED_YAMLCPP) - find_path(YAMLCPP_INCLUDE_DIR NAMES yaml-cpp/yaml.h) - find_library(YAMLCPP_LIB NAMES yaml-cpp) - if(YAMLCPP_INCLUDE_DIR AND YAMLCPP_LIB) -diff --git a/userspace/falco/CMakeLists.txt b/userspace/falco/CMakeLists.txt -index 9d3e987..55f11ed 100644 ---- a/userspace/falco/CMakeLists.txt -+++ b/userspace/falco/CMakeLists.txt -@@ -56,7 +56,7 @@ set( - "${YAMLCPP_LIB}" - ) - --if(USE_BUNDLED_DEPS) -+if(USE_BUNDLED_YAMLCPP) - list(APPEND FALCO_DEPENDENCIES yamlcpp) - endif() - --- -2.25.1 - diff --git a/SPECS/falco/falco.spec b/SPECS/falco/falco.spec deleted file mode 100644 index e62a0a00d1..0000000000 --- a/SPECS/falco/falco.spec +++ /dev/null @@ -1,187 +0,0 @@ -%global security_hardening none -%define uname_r %{KERNEL_VERSION}-%{KERNEL_RELEASE} -%define _modulesdir /lib/modules/%{uname_r} - -Summary: The Behavioral Activity Monitor With Container Support -Name: falco -Version: 0.32.2 -Release: 11%{?kernelsubrelease}%{?dist} -License: GPLv2 -URL: https://falco.org -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/falcosecurity/falco/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=88a98e32285746c2c04bd640495c12a1114a511ef6a9ee276ddaf60ad441effffe8da4879442c82a7fbab76cbecb157bd2cddc01eaa17d3876eb1860e6ec6260 - -Patch0: build-Distinguish-yamlcpp-in-USE_BUNDLED-macro.patch -Patch1: 0001-build-plugins-locally.patch - -BuildArch: x86_64 - -BuildRequires: cmake -BuildRequires: openssl-devel -BuildRequires: curl-devel -BuildRequires: zlib-devel -BuildRequires: ncurses-devel -BuildRequires: linux-devel = %{uname_r} -BuildRequires: jq-devel -BuildRequires: git -BuildRequires: lua-devel -BuildRequires: libyaml-devel -BuildRequires: linux-api-headers -BuildRequires: wget -BuildRequires: which -BuildRequires: grpc-devel -BuildRequires: c-ares-devel -BuildRequires: protobuf-devel -BuildRequires: go -BuildRequires: re2-devel - -Requires: linux = %{uname_r} -Requires: zlib -Requires: ncurses -Requires: openssl -Requires: curl -Requires: libyaml -Requires: lua -Requires: sysdig -Requires: dkms -Requires: grpc -Requires: jq -Requires: protobuf -Requires: c-ares -Requires: re2 - -%package devel -Summary: falco -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} - -%description devel -Development files for %{name} - -%description -Sysdig %{name} is an open source, behavioral activity monitor designed to detect anomalous activity in your applications. -Falco lets you continuously monitor and detect container, application, host, and network activity; all in one place, from one source of data, with one set of customizable rules. - -%prep -%autosetup -p1 - -%build -%{cmake} \ - -DCMAKE_BUILD_TYPE=Debug \ - -DUSE_BUNDLED_DEPS:BOOL=OFF \ - -DUSE_BUNDLED_OPENSSL:BOOL=OFF \ - -DUSE_BUNDLED_JQ:BOOL=OFF \ - -DUSE_BUNDLED_YAMLCPP:BOOL=ON \ - -DBUILD_SHARED_LIBS:BOOL=OFF \ - -DCMAKE_INSTALL_LIBDIR=%{_libdir} \ - -DCMAKE_INSTALL_SYSCONFDIR=%{_sysconfdir} - -export KERNELDIR="%{_modulesdir}/build" -%{cmake_build} - -%install -export KERNELDIR="%{_modulesdir}/build" -%{cmake_install} -mkdir -p %{buildroot}%{_modulesdir}/extra -install -vm 644 %{__cmake_builddir}/driver/%{name}.ko %{buildroot}%{_modulesdir}/extra - -%clean -rm -rf %{buildroot}/* - -%post -/sbin/depmod -a - -%postun -/sbin/depmod -a - -%files -%defattr(-,root,root) -%{_bindir}/* -%exclude %{_usrsrc} -%{_sysconfdir}/%{name} -%{_datadir}/%{name} -%{_modulesdir}/extra/%{name}.ko - -%files devel -%defattr(-,root,root) -%{_libdir}/falcosecurity/* -%{_includedir}/falcosecurity/* - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 0.32.2-11 -- Bump version as a part of openssl upgrade -* Wed Oct 11 2023 Piyush Gupta 0.32.2-10 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 0.32.2-9 -- Bump up version to compile with new go -* Wed Aug 09 2023 Mukul Sikka 0.32.2-8 -- Bump version as a part of grpc upgrade -* Mon Jul 17 2023 Piyush Gupta 0.32.2-7 -- Bump up version to compile with new go -* Wed Jul 05 2023 Brennan Lamoreaux 0.32.2-6 -- Build Go plugins locally, instead of consuming precompiled binary -* Tue Jun 20 2023 Shreenidhi Shedi 0.32.2-5 -- Bump version as a part of lua upgrade -* Sat Jun 17 2023 Shreenidhi Shedi 0.32.2-4 -- Bump version as a part of protobuf upgrade -* Fri Jun 09 2023 Nitesh Kumar 0.32.2-3 -- Bump version as a part of ncurses upgrade to v6.4 -* Fri Apr 14 2023 Shreenidhi Shedi 0.32.2-2 -- Bump version as a part of zlib upgrade -* Thu Sep 15 2022 Vamsi Krishna Brahmajosyula 0.32.2-1 -- Upgrade to v0.32.2 -* Fri Jun 17 2022 Shreenidhi Shedi 0.32.0-1 -- Upgrade to v0.32.0 -- Introduce devel sub package -* Tue Nov 23 2021 Srivatsa S. Bhat (VMware) 0.30.0-1 -- Update to version 0.30.0. -- Add missing runtime dependency on linux. -* Wed Aug 04 2021 Satya Naga Vasamsetty 0.25.0-5 -- compile with openssl 3.0.0 -* Tue Aug 03 2021 Nitesh Kumar 0.25.0-4 -- Patched for CVE-2021-33505. -* Fri Feb 19 2021 Harinadh D 0.25.0-3 -- Version bump up to build with latest protobuf -* Tue Sep 29 2020 Satya Naga Vasamsetty 0.25.0-2 -- openssl 1.1.1 -* Wed Sep 16 2020 Bo Gan 0.25.0-1 -- Updated to 0.25.0 -* Mon Sep 14 2020 Ankit Jain 0.15.1-2 -- Fix build failure with grpc in patch -* Wed Jun 26 2019 Harinadh Dommaraju 0.15.1-1 -- Updated to fix CVE-2019-8339 -* Wed Dec 12 2018 Sujay G 0.12.1-4 -- Disabled bundled JQ, openssl and instead use Photon maintained packages. -* Wed Oct 24 2018 Ajay Kaher 0.12.1-3 -- Adding BuildArch -* Wed Oct 24 2018 Him Kalyan Bordoloi 0.12.1-2 -- Add depmod for falco-probe.ko and removed patch from new falco-probe-loader -* Mon Sep 24 2018 Srivatsa S. Bhat 0.12.1-1 -- Update falco and sysdig versions to fix build error with linux 4.18 -* Tue Jan 02 2018 Alexey Makhalov 0.8.1-1 -- Version update to build against linux-4.14.y kernel -* Thu Aug 24 2017 Rui Gu 0.6.0-3 -- Disable check section (Bug 1900272). -* Thu May 11 2017 Chang Lee 0.6.0-2 -- Add falco-probe.ko and change falco-probe.ko path in falco-probe-loader -* Mon Apr 03 2017 Chang Lee 0.6.0-1 -- Update to version 0.6.0 -* Wed Jan 11 2017 Alexey Makhalov 0.2.0-7 -- Fix building for linux-4.9.2 -* Mon Dec 19 2016 Xiaolin Li 0.2.0-6 -- BuildRequires curl-devel -* Thu Dec 15 2016 Alexey Makhalov 0.2.0-5 -- Fix building for linux-4.9 -* Wed Nov 30 2016 Alexey Makhalov 0.2.0-4 -- Expand uname -r to have release number -- Exclude /usr/src -* Fri Sep 2 2016 Alexey Makhalov 0.2.0-3 -- Use KERNEL_VERSION macro -* Wed Jul 27 2016 Divya Thaluru 0.2.0-2 -- Removed packaging of debug files -* Tue Jun 28 2016 Harish Udaiya Kumar 0.2.0-1 -- Initial build. First version diff --git a/SPECS/fatrace/fatrace.spec b/SPECS/fatrace/fatrace.spec deleted file mode 100644 index 640fc710e7..0000000000 --- a/SPECS/fatrace/fatrace.spec +++ /dev/null @@ -1,46 +0,0 @@ -Summary: fatrace reports file access events from all running processes. -Name: fatrace -Version: 0.15 -Release: 1%{?dist} -License: GNU GPLv3 -URL: https://launchpad.net/fatrace -Source0: https://launchpad.net/fatrace/trunk/%{version}/+download/%{name}-%{version}.tar.bz2 -%define sha1 fatrace=2740cff5fd8d0cc230a41c018ab651066e5d5d1f -Requires: python3 -Group: Utilities -Vendor: VMware, Inc. -Distribution: Photon - -%description -fatrace reports file access events from all running processes. -Its main purpose is to find processes which keep waking up the disk unnecessarily and thus prevent some power saving. - -%prep -%setup -q - -%build -make %{?_smp_mflags} - -%install -install -vdm 755 %{buildroot} -make DESTDIR=%{buildroot} PREFIX=%{_prefix} install - -%check -make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck} - -%files -%defattr(-,root,root) -%{_sbindir}/* -%{_mandir}/* - -%changelog -* Wed Sep 09 2020 Gerrit Photon 0.15-1 -- Automatic Version Bump -* Tue Jun 23 2020 Tapas Kundu 0.13-2 -- Require python3 -* Thu Sep 20 2018 Sujay G 0.13-1 -- Bump fatrace version to 0.13 -* Fri Mar 24 2017 Alexey Makhalov 0.12-2 -- Added fatrace-sysmacros.patch to fix build issue with glibc-2.25 -* Mon Feb 6 2017 Dheeraj Shetty 0.12-1 -- initial version diff --git a/SPECS/file/file.spec b/SPECS/file/file.spec deleted file mode 100644 index 93547c480a..0000000000 --- a/SPECS/file/file.spec +++ /dev/null @@ -1,99 +0,0 @@ -Summary: Contains a utility for determining file types -Name: file -Version: 5.43 -Release: 1%{?dist} -License: BSD -URL: http://www.darwinsys.com/file -Group: Applications/File -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.astron.com/pub/file/%{name}-%{version}.tar.gz -%define sha512 %{name}=9d02f4e7a69d90468d6bd35df5ec240ddee8c2408b7df3e73427d7f18736baf77db0638a1fe8283f4e6abd1d5ad653890ed3a5a0d48bb52d4023ca4070ecdf06 - -Requires: %{name}-libs = %{version}-%{release} - -Conflicts: toybox < 0.8.2-2 - -%description -The package contains a utility for determining the type of a -given file or files - -%package libs -Summary: Library files for file -%description libs -It contains the libraries to run the application. - -%package devel -Summary: Header and development files for file -Requires: %{name} = %{version}-%{release} - -%description devel -It contains the libraries and header files to create applications. - -%prep -%autosetup -p1 - -%build -%configure --disable-silent-rules -%make_build - -%install -%make_install %{?_smp_mflags} -find %{buildroot}%{_libdir} -name '*.la' -delete - -%check -make %{?_smp_mflags} check - -%post libs -p /sbin/ldconfig -%postun libs -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_mandir}/*man1/* -%{_mandir}/*man4/* - -%files libs -%defattr(-,root,root) -%{_libdir}/*.so.* -%{_datadir}/misc/magic.mgc - -%files devel -%{_libdir}/*.so -%{_includedir}/* -%{_mandir}/*man3/* -%{_libdir}/pkgconfig/libmagic.pc - -%changelog -* Fri Oct 28 2022 Gerrit Photon 5.43-1 -- Automatic Version Bump -* Mon Apr 18 2022 Gerrit Photon 5.41-1 -- Automatic Version Bump -* Mon Apr 12 2021 Gerrit Photon 5.40-1 -- Automatic Version Bump -* Thu Feb 18 2021 Shreenidhi Shedi 5.39-2 -- Fix close_on_exec multithreaded decompression issue -* Tue Sep 01 2020 Gerrit Photon 5.39-1 -- Automatic Version Bump -* Tue Jul 07 2020 Gerrit Photon 5.38-1 -- Automatic Version Bump -* Thu Apr 16 2020 Alexey Makhalov 5.34-3 -- Do not conflict with toybox >= 0.8.2-2 -* Tue Oct 29 2019 Siju Maliakkal 5.34-2 -- Apply patch for CVE-2019-18218 -* Thu Sep 20 2018 Sujay G 5.34-1 -- Bump file version to 5.34 -* Fri Dec 15 2017 Divya Thaluru 5.30-3 -- Added seperate package for libraries -- Added toybox as conflict package -* Fri Jun 23 2017 Xiaolin Li 5.30-2 -- Add devel package. -* Tue Apr 04 2017 Chang Lee 5.30-1 -- Updated to version 5.30 -* Tue May 24 2016 Priyesh Padmavilasom 5.24-2 -- GA - Bump release of all rpms -* Tue Jan 12 2016 Xiaolin Li 5.24-1 -- Updated to version 5.24 -* Mon Apr 6 2015 Divya Thaluru 5.22-1 -- Initial build. First version. diff --git a/SPECS/filesystem/filesystem.spec b/SPECS/filesystem/filesystem.spec deleted file mode 100644 index c35f604c7c..0000000000 --- a/SPECS/filesystem/filesystem.spec +++ /dev/null @@ -1,584 +0,0 @@ -Summary: Default file system -Name: filesystem -Version: 1.1 -Release: 4%{?dist} -License: GPLv3 -Group: System Environment/Base -Vendor: VMware, Inc. -URL: http://www.linuxfromscratch.org -Distribution: Photon - -%description -The filesystem package is one of the basic packages that is installed -on a Linux system. Filesystem contains the basic directory -layout for a Linux operating system, including the correct permissions -for the directories. This version is for a system configured with systemd. - -%prep - -%build - -%install -install -vdm 755 %{buildroot}/{dev,proc,run/{media/{floppy,cdrom},lock},sys} -install -vdm 755 %{buildroot}/{boot,etc/{opt,sysconfig},home,mnt} -install -vdm 755 %{buildroot}/{var} -install -dv -m 0750 %{buildroot}/root -install -dv -m 1777 %{buildroot}/tmp %{buildroot}%{_var}/tmp -install -vdm 755 %{buildroot}%{_usr}/{,local/}{bin,include,lib,sbin,src} -install -vdm 755 %{buildroot}%{_usr}/{,local/}share/{color,dict,doc,info,locale,man} -install -vdm 755 %{buildroot}%{_usr}/{,local/}share/{misc,terminfo,zoneinfo} -install -vdm 755 %{buildroot}%{_libexecdir} -install -vdm 755 %{buildroot}%{_usr}/{,local/}share/man/man{1..8} -install -vdm 755 %{buildroot}%{_sysconfdir}/profile.d -install -vdm 755 %{buildroot}%{_libdir}/debug/{lib,bin,sbin,usr} - -ln -svfn usr/lib %{buildroot}/lib -ln -svfn usr/bin %{buildroot}/bin -ln -svfn usr/sbin %{buildroot}/sbin -ln -svfn run/media %{buildroot}/media - -ln -svfn ../bin %{buildroot}%{_libdir}/debug%{_bindir} -ln -svfn ../sbin %{buildroot}%{_libdir}/debug%{_sbindir} -ln -svfn ../lib %{buildroot}%{_libdir}/debug%{_libdir} - -ln -svfn usr/lib %{buildroot}/lib64 -ln -svfn lib %{buildroot}%{_lib64dir} -ln -svfn lib %{buildroot}%{_usr}/local/lib64 -ln -svfn lib %{buildroot}%{_libdir}/debug/lib64 -ln -svfn ../lib %{buildroot}%{_libdir}/debug%{_lib64dir} - -install -vdm 755 %{buildroot}%{_var}/{log,mail,spool,mnt,srv} - -ln -svfn var/srv %{buildroot}/srv -ln -svfn ../run %{buildroot}%{_var}/run -ln -svfn ../run/lock %{buildroot}%{_var}/lock -install -vdm 755 %{buildroot}%{_var}/{opt,cache,lib/{color,misc,locate},local} -install -vdm 755 %{buildroot}/mnt/cdrom -install -vdm 755 %{buildroot}/mnt/hgfs - -# 6.6. Creating Essential Files and Symlinks -ln -svfn /proc/self/mounts %{buildroot}%{_sysconfdir}/mtab -#touch -f %{buildroot}%{_sysconfdir}/mtab - -touch %{buildroot}%{_var}/log/{btmp,lastlog,wtmp} - -# Configuration files -cat > %{buildroot}%{_sysconfdir}/passwd <<- "EOF" -root:x:0:0:root:/root:/bin/bash -bin:x:1:1:bin:/dev/null:/bin/false -daemon:x:6:6:Daemon User:/dev/null:/bin/false -messagebus:x:18:18:D-Bus Message Daemon User:%{_var}/run/dbus:/bin/false -systemd-bus-proxy:x:72:72:systemd Bus Proxy:/:/bin/false -systemd-journal-gateway:x:73:73:systemd Journal Gateway:/:/bin/false -systemd-journal-remote:x:74:74:systemd Journal Remote:/:/bin/false -systemd-journal-upload:x:75:75:systemd Journal Upload:/:/bin/false -systemd-network:x:76:76:systemd Network Management:/:/bin/false -systemd-resolve:x:77:77:systemd Resolver:/:/bin/false -systemd-timesync:x:78:78:systemd Time Synchronization:/:/bin/false -nobody:x:65534:65533:Unprivileged User:/dev/null:/bin/false -EOF - -cat > %{buildroot}%{_sysconfdir}/group <<- "EOF" -root:x:0: -bin:x:1:daemon -sys:x:2: -kmem:x:3: -tape:x:4: -tty:x:5: -daemon:x:6: -floppy:x:7: -disk:x:8: -lp:x:9: -dialout:x:10: -audio:x:11: -video:x:12: -utmp:x:13: -usb:x:14: -cdrom:x:15: -adm:x:16: -messagebus:x:18: -systemd-journal:x:23: -input:x:24: -mail:x:34: -lock:x:54: -dip:x:30: -systemd-bus-proxy:x:72: -systemd-journal-gateway:x:73: -systemd-journal-remote:x:74: -systemd-journal-upload:x:75: -systemd-network:x:76: -systemd-resolve:x:77: -systemd-timesync:x:78: -nogroup:x:65533: -users:x:100: -sudo:x:27: -wheel:x:28: -EOF - -# Creating Proxy Configuration" -cat > %{buildroot}%{_sysconfdir}/sysconfig/proxy <<- "EOF" -# Enable a generation of the proxy settings to the profile. -# This setting allows to turn the proxy on and off while -# preserving the particular proxy setup. -# -PROXY_ENABLED="no" - -# Some programs (e.g. wget) support proxies, if set in -# the environment. -# Example: HTTP_PROXY="http://proxy.provider.de:3128/" -HTTP_PROXY="" - -# Example: HTTPS_PROXY="https://proxy.provider.de:3128/" -HTTPS_PROXY="" - -# Example: FTP_PROXY="http://proxy.provider.de:3128/" -FTP_PROXY="" - -# Example: GOPHER_PROXY="http://proxy.provider.de:3128/" -GOPHER_PROXY="" - -# Example: SOCKS_PROXY="socks://proxy.example.com:8080" -SOCKS_PROXY="" - -# Example: SOCKS5_SERVER="office-proxy.example.com:8881" -SOCKS5_SERVER="" - -# Example: NO_PROXY="www.me.de, do.main, localhost" -NO_PROXY="localhost, 127.0.0.1" -EOF - -# 7.3. Customizing the /etc/hosts File" -cat > %{buildroot}%{_sysconfdir}/hosts <<- "EOF" -# Begin /etc/hosts (network card version) - -::1 ipv6-localhost ipv6-loopback -127.0.0.1 localhost.localdomain -127.0.0.1 localhost - -# End /etc/hosts (network card version) -EOF - -# 7.9. Configuring the setclock Script" -cat > %{buildroot}%{_sysconfdir}/sysconfig/clock <<- "EOF" -# Begin /etc/sysconfig/clock - -UTC=1 - -# Set this to any options you might need to give to hwclock, -# such as machine hardware clock type for Alphas. -CLOCKPARAMS= - -# End /etc/sysconfig/clock -EOF - -# 7.10. Configuring the Linux Console" -cat > %{buildroot}%{_sysconfdir}/sysconfig/console <<- "EOF" -# Begin /etc/sysconfig/console -# Begin /etc/sysconfig/console -# KEYMAP="us" -# FONT="lat1-16 -m utf8" -# FONT="lat1-16 -m 8859-1" -# KEYMAP_CORRECTIONS="euro2" -# UNICODE="1" -# LEGACY_CHARSET="iso-8859-1" -# End /etc/sysconfig/console -EOF - -# 7.13. The Bash Shell Startup Files -cat > %{buildroot}%{_sysconfdir}/profile <<- "EOF" -# Begin /etc/profile -# Written for Beyond Linux From Scratch -# by James Robertson -# modifications by Dagmar d'Surreal - -# System wide environment variables and startup programs. - -# System wide aliases and functions should go in /etc/bashrc. Personal -# environment variables and startup programs should go into -# ~/.bash_profile. Personal aliases and functions should go into -# ~/.bashrc. - -# Functions to help us manage paths. Second argument is the name of the -# path variable to be modified (default: PATH) -pathremove () { - local IFS=':' - local NEWPATH - local DIR - local PATHVARIABLE=${2:-PATH} - for DIR in ${!PATHVARIABLE}; do - if [ "$DIR" != "$1" ]; then - NEWPATH=${NEWPATH:+$NEWPATH:}$DIR - fi - done - export $PATHVARIABLE="$NEWPATH" -} - -pathprepend () { - pathremove $1 $2 - local PATHVARIABLE=${2:-PATH} - export $PATHVARIABLE="$1${!PATHVARIABLE:+:${!PATHVARIABLE}}" -} - -pathappend () { - pathremove $1 $2 - local PATHVARIABLE=${2:-PATH} - export $PATHVARIABLE="${!PATHVARIABLE:+${!PATHVARIABLE}:}$1" -} - -export -f pathremove pathprepend pathappend - -# Set the initial path -# Block unnessary as this is set elsewhere. -# export PATH=$PATH:/bin:/usr/bin - -# if [ $EUID -eq 0 ]; then -# pathappend /sbin:/usr/sbin -# unset HISTFILE -# fi - -# Setup some environment variables. -export HISTSIZE=1000 -export HISTIGNORE="&:[bf]g:exit" - -# Set some defaults for graphical systems -export XDG_DATA_DIRS=%{_datadir}/ -export XDG_CONFIG_DIRS=%{_sysconfdir}/xdg/ - -# Setup a red prompt for root and a green one for users. -NORMAL="\[\e[0m\]" -RED="\[\e[1;31m\]" -GREEN="\[\e[1;32m\]" -if [[ $EUID == 0 ]] ; then - PS1="$RED\u@\h [ $NORMAL\w$RED ]# $NORMAL" -else - PS1="$GREEN\u@\h [ $NORMAL\w$GREEN ]\$ $NORMAL" -fi - -for script in %{_sysconfdir}/profile.d/*.sh; do - if [ -r $script ] ; then - . $script - fi -done - -unset script RED GREEN NORMAL -umask 027 -# End /etc/profile -EOF - -# The Proxy Bash Shell Startup File -cat > %{buildroot}%{_sysconfdir}/profile.d/proxy.sh <<- "EOF" -# -# proxy.sh: Set proxy environment -# - -sys=%{_sysconfdir}/sysconfig/proxy -test -s $sys || exit 0 -while read line ; do - case "$line" in - \#*|"") continue ;; - esac - eval val=${line#*=} - case "$line" in - PROXY_ENABLED=*) - PROXY_ENABLED="${val}" - ;; - HTTP_PROXY=*) - test "$PROXY_ENABLED" = "yes" || continue - http_proxy="${val}" - export http_proxy - ;; - HTTPS_PROXY=*) - test "$PROXY_ENABLED" = "yes" || continue - https_proxy="${val}" - export https_proxy - ;; - FTP_PROXY=*) - test "$PROXY_ENABLED" = "yes" || continue - ftp_proxy="${val}" - export ftp_proxy - ;; - GOPHER_PROXY=*) - test "$PROXY_ENABLED" = "yes" || continue - gopher_proxy="${val}" - export gopher_proxy - ;; - SOCKS_PROXY=*) - test "$PROXY_ENABLED" = "yes" || continue - socks_proxy="${val}" - export socks_proxy - SOCKS_PROXY="${val}" - export SOCKS_PROXY - ;; - SOCKS5_SERVER=*) - test "$PROXY_ENABLED" = "yes" || continue - SOCKS5_SERVER="${val}" - export SOCKS5_SERVER - ;; - NO_PROXY=*) - test "$PROXY_ENABLED" = "yes" || continue - no_proxy="${val}" - export no_proxy - NO_PROXY="${val}" - export NO_PROXY - esac -done < $sys -unset sys line val - -if test "$PROXY_ENABLED" != "yes" ; then - unset http_proxy https_proxy ftp_proxy gopher_proxy no_proxy NO_PROXY socks_proxy SOCKS_PROXY SOCKS5_SERVER -fi -unset PROXY_ENABLED -# -# end of proxy.sh -EOF - -# 7.14. Creating the /etc/inputrc File -cat > %{buildroot}%{_sysconfdir}/inputrc <<- "EOF" -# Begin /etc/inputrc -# Modified by Chris Lynn - -# Allow the command prompt to wrap to the next line -set horizontal-scroll-mode Off - -# Enable 8bit input -set meta-flag On -set input-meta On - -# Turns off 8th bit stripping -set convert-meta Off - -# Keep the 8th bit for display -set output-meta On - -# none, visible or audible -set bell-style none - -# All of the following map the escape sequence of the value -# contained in the 1st argument to the readline specific functions -"\eOd": backward-word -"\eOc": forward-word - -# for linux console -"\e[1~": beginning-of-line -"\e[4~": end-of-line -# page up - history search backward -"\e[5~": history-search-backward -# page down - history search forward -"\e[6~": history-search-forward -"\e[3~": delete-char -"\e[2~": quoted-insert - -# for xterm -"\eOH": beginning-of-line -"\eOF": end-of-line - -# for Konsole -"\e[H": beginning-of-line -"\e[F": end-of-line - -# End /etc/inputrc -EOF - -# 8.2. Creating the /etc/fstab File -touch %{buildroot}%{_sysconfdir}/fstab - -# 8.3.2. Configuring Linux Module Load Order -install -vdm 755 %{buildroot}%{_sysconfdir}/modprobe.d -cat > %{buildroot}%{_sysconfdir}/modprobe.d/usb.conf <<- "EOF" -# Begin /etc/modprobe.d/usb.conf - -install ohci_hcd /sbin/modprobe ehci_hcd ; /sbin/modprobe -i ohci_hcd ; true -install uhci_hcd /sbin/modprobe ehci_hcd ; /sbin/modprobe -i uhci_hcd ; true - -# End /etc/modprobe.d/usb.conf -EOF -# chapter 9.1. The End - -%files -%defattr(-,root,root) -# Root filesystem -/bin -%dir /boot -%dir /dev -%dir %{_sysconfdir} -%dir /home -/lib - -/media -%dir /mnt -%dir /proc -%dir /root -%dir /run -/sbin -/srv -%dir /sys -%dir /tmp -%dir %{_usr} -%dir %{_var} -# etc fileystem -%dir %{_sysconfdir}/opt -%config(noreplace) %{_sysconfdir}/fstab -%config(noreplace) %{_sysconfdir}/group -%config(noreplace) %{_sysconfdir}/hosts -%config(noreplace) %{_sysconfdir}/inputrc -%config(noreplace) %{_sysconfdir}/mtab -%config(noreplace) %{_sysconfdir}/passwd -%config(noreplace) %{_sysconfdir}/profile -%dir %{_sysconfdir}/modprobe.d -%config(noreplace) %{_sysconfdir}/modprobe.d/usb.conf -%dir %{_sysconfdir}/sysconfig -%config(noreplace) %{_sysconfdir}/sysconfig/clock -%config(noreplace) %{_sysconfdir}/sysconfig/console -%config(noreplace) %{_sysconfdir}/sysconfig/proxy -%dir %{_sysconfdir}/profile.d -%config(noreplace) %{_sysconfdir}/profile.d/proxy.sh -# media filesystem -%dir /run/media/cdrom -%dir /run/media/floppy -# run filesystem -%dir /run/lock -# usr filesystem -%dir /mnt/cdrom -%dir /mnt/hgfs -%dir %{_bindir} -%dir %{_includedir} -%dir %{_libdir} -%dir %{_libdir}/debug -%dir %{_libdir}/debug/bin -%dir %{_libdir}/debug/lib -%dir %{_libdir}/debug/sbin -%{_libdir}/debug%{_bindir} -%{_libdir}/debug%{_libdir} -%{_libdir}/debug%{_sbindir} -%dir %{_libexecdir} -%dir %{_usr}/local -%dir %{_usr}/local/bin -%dir %{_usr}/local/include -%dir %{_usr}/local/lib -%dir %{_usr}/local/share -%dir %{_usr}/local/share/color -%dir %{_usr}/local/share/dict -%dir %{_usr}/local/share/doc -%dir %{_usr}/local/share/info -%dir %{_usr}/local/share/locale -%dir %{_usr}/local/share/man -%dir %{_usr}/local/share/man/man1 -%dir %{_usr}/local/share/man/man2 -%dir %{_usr}/local/share/man/man3 -%dir %{_usr}/local/share/man/man4 -%dir %{_usr}/local/share/man/man5 -%dir %{_usr}/local/share/man/man6 -%dir %{_usr}/local/share/man/man7 -%dir %{_usr}/local/share/man/man8 -%dir %{_usr}/local/share/misc -%dir %{_usr}/local/share/terminfo -%dir %{_usr}/local/share/zoneinfo -%dir %{_usr}/local/src -%dir %{_sbindir} -%dir %{_datadir} -%dir %{_datadir}/color -%dir %{_datadir}/dict -%dir %{_datadir}/doc -%dir %{_datadir}/info -%dir %{_datadir}/locale -%dir %{_mandir} -%dir %{_mandir}/man1 -%dir %{_mandir}/man2 -%dir %{_mandir}/man3 -%dir %{_mandir}/man4 -%dir %{_mandir}/man5 -%dir %{_mandir}/man6 -%dir %{_mandir}/man7 -%dir %{_mandir}/man8 -%dir %{_datadir}/misc -%dir %{_datadir}/terminfo -%dir %{_datadir}/zoneinfo -%dir %{_usrsrc} -# var filesystem -%dir %{_var}/cache -%dir %{_sharedstatedir} -%dir %{_sharedstatedir}/color -%dir %{_sharedstatedir}/locate -%dir %{_sharedstatedir}/misc -%dir %{_var}/local -%dir %{_var}/log -%dir %{_var}/mail -%dir %{_var}/mnt -%dir %{_var}/srv -%dir %{_var}/opt -%dir %{_var}/spool -%dir %{_var}/tmp -%attr(-,root,root) %{_var}/log/wtmp -%attr(664,root,utmp) %{_var}/log/lastlog -%attr(600,root,root) %{_var}/log/btmp -%{_var}/lock -%{_var}/run - -/lib64 -%{_lib64dir} -%{_usr}/local/lib64 -%{_libdir}/debug/lib64 -%{_libdir}/debug%{_lib64dir} - -%changelog -* Wed Sep 23 2020 Michelle Wang 1.1-4 -- Add sources0 for OSSTP tickets -* Wed May 8 2019 Alexey Makhalov 1.1-3 -- Set 'x' as a root password placeholder -* Tue Nov 14 2017 Alexey Makhalov 1.1-2 -- Aarch64 support -* Fri Sep 15 2017 Anish Swaminathan 1.1-1 -- Move network file from filesystem package -* Fri Apr 21 2017 Alexey Makhalov 1.0-13 -- make /var/run symlink to /run and keep it in rpm -* Thu Apr 20 2017 Bo Gan 1.0-12 -- Fix /usr/local/lib64 symlink -* Wed Mar 08 2017 Vinay Kulkarni 1.0-11 -- Create default DHCP net config in 99-dhcp-en.network instead of 10-dhcp-en.network -* Wed Aug 24 2016 Alexey Makhalov 1.0-10 -- /etc/inputrc PgUp/PgDown for history search -* Tue Jul 12 2016 Divya Thaluru 1.0-9 -- Added filesystem for debug libraries and binaries -* Fri Jul 8 2016 Divya Thaluru 1.0-8 -- Removing multiple entries of localhost in /etc/hosts file -* Fri May 27 2016 Divya Thaluru 1.0-7 -- Fixed nobody user uid and group gid -* Tue May 24 2016 Priyesh Padmavilasom 1.0-6 -- GA - Bump release of all rpms -* Wed May 4 2016 Divya Thaluru 1.0-5 -- Removing non-existent users from /etc/group file -* Fri Apr 29 2016 Mahmoud Bassiouny 1.0-4 -- Updating the /etc/hosts file -* Fri Apr 22 2016 Divya Thaluru 1.0-3 -- Setting default umask value to 027 -* Thu Apr 21 2016 Anish Swaminathan 1.0-2 -- Version update for network file change -* Mon Jan 18 2016 Anish Swaminathan 1.0-1 -- Reset version to match with Photon version -* Wed Jan 13 2016 Mahmoud Bassiouny 7.5-13 -- Support to set proxy configuration file - SLES proxy configuration implementation. -* Thu Jan 7 2016 Mahmoud Bassiouny 7.5-12 -- Removing /etc/sysconfig/network file. -* Mon Nov 16 2015 Mahmoud Bassiouny 7.5-11 -- Removing /etc/fstab mount entries. -* Mon Nov 16 2015 Sharath George 7.5-10 -- Removint /opt from filesystem. -* Fri Oct 02 2015 Vinay Kulkarni 7.5-9 -- Dump build-number and release version from macros. -* Fri Aug 14 2015 Sharath George 7.5-8 -- upgrading release to TP2 -* Tue Jun 30 2015 Alexey Makhalov 7.5-7 -- /etc/profile.d permission fix -* Tue Jun 23 2015 Divya Thaluru 7.5-6 -- Adding group dip -* Mon Jun 22 2015 Divya Thaluru 7.5-5 -- Fixing lsb-release file -* Tue Jun 16 2015 Alexey Makhalov 7.5-4 -- Change users group id to 100. -- Add audio group to users group. -* Mon Jun 15 2015 Sharath George 7.5-3 -- Change the network match for dhcp. -* Mon May 18 2015 Touseef Liaqat 7.5-2 -- Update according to UsrMove. -* Wed Nov 5 2014 Divya Thaluru 7.5-1 -- Initial build. First version diff --git a/SPECS/findutils/findutils.spec b/SPECS/findutils/findutils.spec deleted file mode 100644 index d234bbe301..0000000000 --- a/SPECS/findutils/findutils.spec +++ /dev/null @@ -1,111 +0,0 @@ -Summary: This package contains programs to find files -Name: findutils -Version: 4.9.0 -Release: 2%{?dist} -License: GPLv3+ -URL: http://www.gnu.org/software/findutils -Group: Applications/File -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnu.org/gnu/findutils/%{name}-%{version}.tar.xz -%define sha512 %{name}=ba4844f4403de0148ad14b46a3dbefd5a721f6257c864bf41a6789b11705408524751c627420b15a52af95564d8e5b52f0978474f640a62ab86a41d20cf14be9 - -Conflicts: toybox < 0.8.2-2 - -%description -These programs are provided to recursively search through a -directory tree and to create, maintain, and search a database -(often faster than the recursive find, but unreliable if the -database has not been recently updated). - -%package lang -Summary: Additional language files for findutils -Group: Applications/File -Requires: %{name} = %{version}-%{release} -%description lang -These are the additional language files of findutils - -%prep -%autosetup -p1 - -%build -#make some fixes required by glibc-2.28: -sed -i 's/IO_ftrylockfile/IO_EOF_SEEN/' gl/lib/*.c -sed -i '/unistd/a #include ' gl/lib/mountlist.c -echo "#define _IO_IN_BACKUP 0x100" >> gl/lib/stdio-impl.h - -CFLAGS="${CFLAGS:--O2 -g}" ; export CFLAGS ; -CXXFLAGS="${CXXFLAGS:--O2 -g}" ; export CXXFLAGS ; -FFLAGS="${FFLAGS:--O2 -g }" ; export FFLAGS ; -FCFLAGS="${FCFLAGS:--O2 -g }" ; export FCFLAGS ; -LDFLAGS="${LDFLAGS:-}" ; export LDFLAGS; - -sh ./configure --host=%{_arch}-unknown-linux-gnu --build=%{_arch}-unknown-linux-gnu \ - --program-prefix= \ - --disable-dependency-tracking \ - --prefix=%{_prefix} \ - --exec-prefix=%{_exec_prefix} \ - --bindir=%{_bindir} \ - --sbindir=%{_sbindir} \ - --sysconfdir=%{_sysconfdir} \ - --datadir=%{_datadir} \ - --includedir=%{_includedir} \ - --libdir=%{_libdir} \ - --libexecdir=%{_libexecdir} \ - --sharedstatedir=%{_sharedstatedir} \ - --mandir=%{_mandir} \ - --infodir=%{_infodir} \ - --localstatedir=%{_sharedstatedir}/locate \ - --disable-silent-rules - -%make_build - -%install -%make_install %{?_smp_mflags} -sed -i 's/find:=${BINDIR}/find:=\/usr\/bin/' %{buildroot}%{_bindir}/updatedb -rm -rf %{buildroot}%{_infodir} - -%find_lang %{name} - -%if 0%{?with_check} -%check -make %{?_smp_mflags} check -%endif - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_bindir}/find -%{_bindir}/* -%{_libexecdir}/* -%{_mandir}/*/* - -%files lang -f %{name}.lang -%defattr(-,root,root) - -%changelog -* Sun May 29 2022 Shreenidhi Shedi 4.9.0-2 -- Fix binary path -* Mon Apr 18 2022 Gerrit Photon 4.9.0-1 -- Automatic Version Bump -* Mon Apr 12 2021 Gerrit Photon 4.8.0-1 -- Automatic Version Bump -* Wed Jul 08 2020 Gerrit Photon 4.7.0-1 -- Automatic Version Bump -* Thu Apr 16 2020 Alexey Makhalov 4.8.0-6 -- Do not conflict with toybox >= 0.8.2-2 -* Sun Sep 09 2018 Alexey Makhalov 4.8.0-5 -- Fix compilation issue against glibc-2.28 -* Mon Oct 02 2017 Alexey Makhalov 4.8.0-4 -- Added conflicts toybox -* Tue May 02 2017 Anish Swaminathan 4.8.0-3 -- Add lang package. -* Tue May 24 2016 Priyesh Padmavilasom 4.8.0-2 -- GA - Bump release of all rpms -* Tue Apr 26 2016 Anish Swaminathan 4.8.0-1 -- Updated to version 4.8.0 -* Wed Nov 5 2014 Divya Thaluru 4.4.2-1 -- Initial build. First version. diff --git a/SPECS/finger/LICENSE b/SPECS/finger/LICENSE deleted file mode 100644 index 78254519a0..0000000000 --- a/SPECS/finger/LICENSE +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) 1989 The Regents of the University of California. - * All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Tony Nardo of the Johns Hopkins University/Applied Physics Lab. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - diff --git a/SPECS/finger/bsd-finger-time.patch b/SPECS/finger/bsd-finger-time.patch deleted file mode 100644 index 4b3e189c72..0000000000 --- a/SPECS/finger/bsd-finger-time.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -rupr b/finger/lprint.c c/finger/lprint.c ---- b/finger/lprint.c 1999-09-14 03:51:11.000000000 -0700 -+++ c/finger/lprint.c 2016-12-07 13:24:43.785452865 -0800 -@@ -48,7 +48,7 @@ char lprint_rcsid[] = - #include - #include - #include --#include -+#include - #include "finger.h" - - static void lprint(PERSON *pn); -diff -rupr b/finger/sprint.c c/finger/sprint.c ---- b/finger/sprint.c 1999-12-12 10:59:33.000000000 -0800 -+++ c/finger/sprint.c 2016-12-07 13:24:56.856976108 -0800 -@@ -40,7 +40,7 @@ char sprint_rcsid[] = "$Id: sprint.c,v 1 - #endif /* not lint */ - - #include --#include -+#include - #include - #include - #include diff --git a/SPECS/finger/finger.socket b/SPECS/finger/finger.socket deleted file mode 100644 index 2bd4f904bb..0000000000 --- a/SPECS/finger/finger.socket +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Finger Socket - -[Socket] -ListenStream=79 -Accept=yes - -[Install] -WantedBy=sockets.target diff --git a/SPECS/finger/finger.spec b/SPECS/finger/finger.spec deleted file mode 100644 index abffcd371f..0000000000 --- a/SPECS/finger/finger.spec +++ /dev/null @@ -1,95 +0,0 @@ -Summary: The finger client -Name: finger -Version: 0.17 -Release: 3%{?dist} -License: BSD/ -Group: Applications/Internet -Vendor: VMware, Inc. -Distribution: Photon -Source0: ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/bsd-finger-%{version}.tar.gz -%define sha1 bsd-finger=cc0ab33494c618cf6f75d3e91c744bd36628cfe5 -Source1: finger.socket -Source2: finger@.service -Source3: LICENSE -Patch0: bsd-finger-time.patch -Patch1: fix-manpage-typo.patch -BuildRequires: systemd - -%description -Finger is a utility that allows users to see information about system users -(login name, home directory, name, and more) on local and remote systems. - -%package server -License: BSD -Summary: A Server for Showing User Information -Group: System Environment/Daemons -Requires: finger -Requires: systemd -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd - -%description server -The finger daemon implements a simple protocol based on RFC1196 that provides an -interface to the Name and Finger programs at several network sites. The program -is supposed to return a friendly human-oriented status report on either the -system at the moment or a person. - -%prep -%setup -q -n bsd-finger-%{version} -%patch0 -p1 -%patch1 -p1 - -%build -sed -i 's/install -s/install/' finger/Makefile -sed -i 's/install -s/install/' fingerd/Makefile -if [ %{_host} != %{_build} ]; then -sed -i '/\.\/__conftest/d' configure -fi -sh configure --prefix=%{_prefix} --with-c-compiler=%{_host}-gcc - -make %{?_smp_mflags} - -%install -mkdir -p %{buildroot}%{_bindir} -mkdir -p %{buildroot}%{_mandir}/man{1,8} -mkdir -p %{buildroot}%{_sbindir} - -mkdir -p %{buildroot}%{_unitdir} -install -m 644 %{SOURCE1} %{buildroot}%{_unitdir} -install -m 644 %{SOURCE2} %{buildroot}%{_unitdir} -install -m 644 %{SOURCE3} LICENSE -make INSTALLROOT=%{buildroot} MANDIR=/usr/share/man install - -%check -make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck} - -%post server -%systemd_post finger.socket - -%preun server -%systemd_preun finger.socket - -%postun server -%systemd_postun_with_restart finger.socket - -%files -%license LICENSE -%attr(0755,root,root) %{_bindir}/finger -%{_mandir}/man1/finger.1* - -%files server -%license LICENSE -%{_unitdir}/finger.socket -%{_unitdir}/finger@.service -%attr(0755,root,root) %{_sbindir}/in.fingerd -%{_mandir}/man8/in.fingerd.8* -%{_mandir}/man8/fingerd.8* - -%changelog -* Thu Nov 15 2018 Alexey Makhalov 0.17-3 -- Cross compilation support -* Tue Apr 25 2017 Priyesh Padmavilasom 0.17-2 -- Apply patch to generate debuginfo -* Wed Dec 7 2016 Dheeraj Shetty 0.17-1 -- initial version diff --git a/SPECS/finger/finger@.service b/SPECS/finger/finger@.service deleted file mode 100644 index e71a15b7f5..0000000000 --- a/SPECS/finger/finger@.service +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=Finger Per-Connection Daemon - -[Service] -ExecStart=-/usr/bin/in.fingerd -StandardInput=socket -StandardError=syslog diff --git a/SPECS/finger/fix-manpage-typo.patch b/SPECS/finger/fix-manpage-typo.patch deleted file mode 100644 index 99915ce924..0000000000 --- a/SPECS/finger/fix-manpage-typo.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- bsd-finger-0.17/finger/finger.1~ 2012-02-21 07:18:46.236600851 +0000 -+++ bsd-finger-0.17/finger/finger.1 2012-02-21 07:19:26.979613738 +0000 -@@ -169,7 +169,7 @@ - must be able to see the - .Pa .nofinger - file. This generally means that the home directory containing the file --must have the other-users-execute bit set (o+w). See -+must have the other-users-execute bit set (o+x). See - .Xr chmod 1 . - If you use this feature for privacy, please test it with ``finger - @localhost'' before relying on it, just in case. diff --git a/SPECS/fio/fio.spec b/SPECS/fio/fio.spec deleted file mode 100644 index f141b0b2a9..0000000000 --- a/SPECS/fio/fio.spec +++ /dev/null @@ -1,94 +0,0 @@ -Summary: Multithreaded IO generation tool -Name: fio -Version: 3.33 -Release: 3%{?dist} -License: GPLv2 -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon -URL: http://git.kernel.dk/?p=fio.git;a=summary -Source0: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/fio.git/snapshot/%{name}-%{version}.tar.gz -%define sha512 %{name}=d75b0d4ad7bc7c3885d0a41065a80b82b5b3f0eb41e10e02cba9d527eba1ae6573548345f795954ffc6a45375161191a741290cbaf4fda05ab601b49a6aceb32 -BuildRequires: gcc -BuildRequires: gnupg -BuildRequires: zlib-devel -BuildRequires: python3-devel -BuildRequires: curl-devel -BuildRequires: openssl-devel -BuildRequires: make -BuildRequires: libaio-devel -Requires: libaio -Requires: zlib -Recommends: %{name}-engine-libaio -Recommends: %{name}-engine-http - -%description -Fio spawns a number of threads or processes doing a particular type of I/O -action as specified by the user. fio takes a number of global parameters, each -inherited by the thread unless otherwise parameters given to them overriding -that setting is given. The typical use of fio is to write a job file matching -the I/O load one wants to simulate. - -%package engine-libaio -Summary: Linux libaio engine for %{name}. -Requires: %{name} = %{version}-%{release} -Requires: libaio - -%description engine-libaio -Linux libaio engine for %{name}. - -%package docs -Summary: Files needed for development using %{name} protocol -Requires: %{name} = %{version}-%{release} - -%description docs -Package %{name}-docs provide man pages and other docs related to fio. - -%package engine-http -Summary: HTTP engine for %{name}. -Requires: %{name} = %{version}-%{release} -Requires: curl-libs -Requires: openssl - -%description engine-http -HTTP engine for %{name}. - -%prep -%autosetup -p1 -sed -e 's,/usr/local/lib/,%{_libdir}/,g' -i os/os-linux.h - -%build -sh ./configure --disable-optimizations --dynamic-libengines -%make_build - -%install -%make_install prefix=%{_prefix} mandir=%{_mandir} - -%files -%defattr(-,root,root) -%doc MORAL-LICENSE GFIO-TODO SERVER-TODO STEADYSTATE-TODO -%license COPYING -%dir %{_datadir}/%{name} -%{_bindir}/* -%{_datadir}/%{name}/* - -%files engine-http -%{_libdir}/fio/fio-http.so - -%files engine-libaio -%{_libdir}/fio/fio-libaio.so - -%files docs -%defattr(-,root,root) -%doc README.rst REPORTING-BUGS HOWTO.rst examples -%{_mandir}/man1/* - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 3.33-3 -- Bump version as a part of openssl upgrade -* Fri Apr 14 2023 Shreenidhi Shedi 3.33-2 -- Bump version as a part of zlib upgrade -* Tue Dec 13 2022 Gerrit Photon 3.33-1 -- Automatic Version Bump -* Mon Jun 06 2022 Piyush Gupta 3.30-1 -- Initial packaging for Photon OS. diff --git a/SPECS/flannel/flannel.spec b/SPECS/flannel/flannel.spec deleted file mode 100644 index c1f2dc8338..0000000000 --- a/SPECS/flannel/flannel.spec +++ /dev/null @@ -1,155 +0,0 @@ -%define debug_package %{nil} - -Summary: Overlay network for containers based on etcd -Name: flannel -Version: 0.22.0 -Release: 5%{?dist} -License: ASL 2.0 -URL: /~https://github.com/coreos/flannel -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/coreos/flannel/archive/%{name}-%{version}.tar.gz -%define sha512 %{name}=ddb13b0f23689f19a5ef84c311005a5dc3393e8c32a93af37de09ccebd625b6c7c9adad14264fd374df1f538b1387a01a05d107e4a461535737cc1e07118e361 - -BuildRequires: etcd -BuildRequires: gcc -BuildRequires: unzip -BuildRequires: go -BuildRequires: ca-certificates -BuildRequires: systemd-devel - -Requires: etcd >= 3.5.4 - -%description -flannel is a virtual network that provides a subnet to a container runtime -host OS for use with containers. flannel uses etcd to store the network -configuration, allocated subnets, and additional data. - -%prep -%autosetup -cn src/github.com/coreos/ -p1 - -%build -export GOPATH=%{_builddir} -echo $GOAPTH -mv %{name}-%{version} %{name} -pushd %{name} -%make_build dist/flanneld -popd - -%install -install -vdm 755 %{buildroot}%{_bindir} -install -vpm 0755 -t %{buildroot}%{_bindir}/ %{name}/dist/flanneld - -install -vdm 0755 %{buildroot}%{_datadir}/%{name}/docker -install -vpm 0755 -t %{buildroot}%{_datadir}/%{name}/docker/ %{name}/dist/mk-docker-opts.sh - -install -vdm 0755 %{buildroot}%{_sysconfdir}/flannel -cat << EOF >> %{buildroot}%{_sysconfdir}/flannel/flanneld.conf -# -# flanneld configuration -# - -# etcd endpoints -ETCD_ENDPOINTS="http://127.0.0.1:4001,http://127.0.0.1:2379" - -# flannel network config -FLANNEL_NETWORK_CONF='{"Network": "172.17.0.0/16"}' - -# kubernetes api server URL -KUBE_API_URL="http://localhost:8080" - -# additional flannel options -FLANNEL_OPTIONS="" -EOF - -mkdir -p %{buildroot}%{_unitdir} -cat << EOF > %{buildroot}%{_unitdir}/flanneld.service -[Unit] -Description=flanneld overlay network service -After=network.target etcd.service -Before=docker.service - -[Service] -Type=notify -EnvironmentFile=-/etc/flannel/flanneld.conf -ExecStartPre=-%{_bindir}/etcdctl mk /vmware/network/config \${FLANNEL_NETWORK_CONF} -ExecStart=%{_bindir}/flanneld -etcd-prefix=/vmware/network -etcd-endpoints=\${ETCD_ENDPOINTS} --kube-api-url=\${KUBE_API_URL} \${FLANNEL_OPTIONS} -Restart=on-failure - -[Install] -WantedBy=multi-user.target -RequiredBy=docker.service -EOF - -%check -cd %{name} -GOPATH=%{_builddir} %make_build test - -%files -%defattr(-,root,root) -%{_bindir}/flanneld -%{_unitdir}/flanneld.service -%{_datadir}/%{name}/docker/mk-docker-opts.sh -%config(noreplace) %{_sysconfdir}/%{name}/flanneld.conf - -%changelog -* Sun Nov 05 2023 Shreenidhi Shedi 0.22.0-5 -- Fix spec issues -* Wed Oct 11 2023 Piyush Gupta 0.22.0-4 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 0.22.0-3 -- Bump up version to compile with new go -* Mon Jul 17 2023 Piyush Gupta 0.22.0-2 -- Bump up version to compile with new go -* Tue Jul 04 2023 Prashant S Chauhan 0.22.0-1 -- Update to 0.22.0 -* Mon Jul 03 2023 Piyush Gupta 0.21.3-3 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 0.21.3-2 -- Bump up version to compile with new go -* Thu Mar 09 2023 Prashant S Chauhan 0.21.3-1 -- Update to 0.21.3 -* Thu Mar 09 2023 Piyush Gupta 0.20.2-2 -- Bump up version to compile with new go -* Tue Dec 13 2022 Gerrit Photon 0.20.2-1 -- Automatic Version Bump -* Wed Nov 30 2022 Gerrit Photon 0.20.0-1 -- Automatic Version Bump -* Mon Nov 21 2022 Piyush Gupta 0.13.0-6 -- Bump up version to compile with new go -* Wed Oct 26 2022 Piyush Gupta 0.13.0-5 -- Bump up version to compile with new go -* Fri Jun 17 2022 Piyush Gupta 0.13.0-4 -- Bump up version to compile with new go -* Tue Sep 07 2021 Keerthana K 0.13.0-3 -- Bump up version to compile with new glibc -* Fri Jun 11 2021 Piyush Gupta 0.13.0-2 -- Bump up version to compile with new go -* Tue Feb 09 2021 Prashant S Chauhan 0.13.0-1 -- Update to version 0.13.0 -* Fri Feb 05 2021 Harinadh D 0.12.0-3 -- Bump up version to compile with new go -* Fri Jan 15 2021 Piyush Gupta 0.12.0-2 -- Bump up version to compile with new go -* Mon Jun 22 2020 Gerrit Photon 0.12.0-1 -- Automatic Version Bump -* Tue Dec 05 2017 Vinay Kulkarni 0.9.1-1 -- Flannel 0.9.1. -* Tue Nov 14 2017 Vinay Kulkarni 0.9.0-1 -- Flannel 0.9.0. -* Fri Sep 01 2017 Chang Lee 0.8.0-2 -- Fixed %check according to version upgrade -* Tue Aug 08 2017 Vinay Kulkarni 0.8.0-1 -- Flannel 0.8.0 and systemd service file. -* Fri May 05 2017 Chang Lee 0.7.1-1 -- Updated to version 0.7.1 -* Tue Apr 04 2017 Chang Lee 0.7.0-1 -- Updated to version 0.7.0 -* Tue May 24 2016 Priyesh Padmavilasom 0.5.5-2 -- GA - Bump release of all rpms -* Tue Feb 23 2016 Harish Udaiya Kumar 0.5.5-1 -- Upgraded to version 0.5.5 -* Mon Aug 03 2015 Vinay Kulkarni 0.5.2-1 -- Add flannel package to photon. diff --git a/SPECS/flex/flex.spec b/SPECS/flex/flex.spec deleted file mode 100644 index 576305fa15..0000000000 --- a/SPECS/flex/flex.spec +++ /dev/null @@ -1,98 +0,0 @@ -Summary: A utility for generating programs that recognize patterns in text -Name: flex -Version: 2.6.4 -Release: 3%{?dist} -License: BSD -URL: /~https://github.com/westes/flex/releases -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/westes/flex/releases/%{name}-%{version}.tar.gz -%define sha512 %{name}=e9785f3d620a204b7d20222888917dc065c2036cae28667065bf7862dfa1b25235095a12fd04efdbd09bfd17d3452e6b9ef953a8c1137862ff671c97132a082e - -BuildRequires: m4 - -Requires: m4 - -%description -The Flex package contains a utility for generating programs -that recognize patterns in text. - -%package devel -Summary: Development libraries and header files for the flex library -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} - -%description devel -The flex-devel package contains the development libraries and header files for -flex. - -%prep -%autosetup -p1 -sed -i -e '/test-bison/d' tests/Makefile.in -sed -i "/math.h/a #include " src/flexdef.h - -%build -autoreconf -fiv -%configure \ - --docdir=%{_docdir}/%{name}-%{version} \ - --disable-silent-rules - -%make_build - -%install -%make_install %{?_smp_mflags} -cat > %{buildroot}%{_bindir}/lex <<- "EOF" -#!/bin/sh -# Begin /usr/bin/lex - - exec %{_bindir}/flex -l "$@" - -# End /usr/bin/lex -EOF -rm -rf %{buildroot}%{_infodir} -%find_lang %{name} - -%check -make %{?_smp_mflags} check - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -f %{name}.lang -%defattr(-,root,root) -%{_bindir}/flex -%{_bindir}/flex++ -%attr(755,root,root) %{_bindir}/lex -%{_libdir}/*.so.* -%{_docdir}/%{name}-%{version}/* -%{_mandir}/*/* - -%files devel -%defattr(-,root,root) -%{_libdir}/*.so -%{_libdir}/*.a -%{_includedir}/* - -%changelog -* Thu Nov 15 2018 Alexey Makhalov 2.6.4-3 -- Cross compilation support -* Fri Aug 4 2017 Alexey Makhalov 2.6.4-2 -- Use _GNU_SOURCE -* Thu May 11 2017 Chang Lee 2.6.4-1 -- Updated to version 2.6.4 -* Tue Apr 04 2017 Chang Lee 2.6.0-1 -- Updated to version 2.6.0 -* Thu Oct 13 2016 Kumar Kaushik 2.5.39-3 -- Fixing Security bug CVE-2016-6354. -* Tue May 24 2016 Priyesh Padmavilasom 2.5.39-2 -- GA - Bump release of all rpms -* Tue Jan 12 2016 Xiaolin Li 2.5.39-1 -- Updated to version 2.5.39 -* Mon Oct 12 2015 Xiaolin Li 2.5.38-3 -- Moving static lib files to devel package. -* Fri Jun 5 2015 Divya Thaluru 2.5.38-2 -- Adding m4 package to build and run time required package -* Wed Nov 5 2014 Divya Thaluru 2.5.38-1 -- Initial build. First version diff --git a/SPECS/font-util/font-util.spec b/SPECS/font-util/font-util.spec deleted file mode 100644 index 87a6b752e1..0000000000 --- a/SPECS/font-util/font-util.spec +++ /dev/null @@ -1,51 +0,0 @@ -Summary: X11 font utilities. -Name: font-util -Version: 1.3.3 -Release: 1%{?dist} -License: MIT -URL: http://www.x.org/ -Group: Development/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.x.org/pub/individual/font/%{name}-%{version}.tar.gz -%define sha512 font-util=332a53facd1c37ed8b72195e6fac016f656484583a4bb9dc8a0e7109a30342f2bfd3b756343737982ae65abd60f5272e2b6b4af72ab8a23b14817ae0d6649776 - -%description -The Xorg font utilities. - -%package devel -Summary: Header and development files -Requires: %{name} = %{version}-%{release} - -%description devel -It contains the libraries and header files to create applications. - -%prep -%autosetup -p1 - -%build -%configure -%make_build - -%install -%make_install %{?_smp_mflags} - -%ldconfig_scriptlets - -%files -%defattr(-,root,root) -%{_bindir}/* - -%files devel -%defattr(-,root,root) -%{_libdir}/pkgconfig/ -%{_datadir}/* - -%changelog -* Thu Dec 15 2022 Gerrit Photon 1.3.3-1 -- Automatic Version Bump -* Thu Oct 20 2022 Shivani Agarwal 1.3.2-1 -- Upgrade version to 1.3.2 -* Wed May 20 2015 Alexey Makhalov 1.3.1-1 -- initial version diff --git a/SPECS/fontconfig/fontconfig.spec b/SPECS/fontconfig/fontconfig.spec deleted file mode 100644 index 3cb4cb99bc..0000000000 --- a/SPECS/fontconfig/fontconfig.spec +++ /dev/null @@ -1,112 +0,0 @@ -Summary: library for configuring and customizing font access. -Name: fontconfig -Version: 2.14.1 -Release: 4%{?dist} -License: BSD/GPL -URL: https://www.freedesktop.org/wiki/Software/fontconfig -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://www.freedesktop.org/software/fontconfig/release/%{name}-%{version}.tar.gz -%define sha512 %{name}=5ad0b2ba0ffe9d50fa995543f5560360505d846f758696b8be8c01965e0f8ca17b53baee145d7fae861a1e1052935111b9879736f9dc6805cc98eae2ecf867c9 - -BuildRequires: freetype2-devel -BuildRequires: expat-devel -BuildRequires: gperf -BuildRequires: python3 - -Requires: freetype2 - -Provides: pkgconfig(fontconfig) - -%description -Fontconfig can discover new fonts when installed automatically, -removing a common source of configuration problems, perform font name substitution, -so that appropriate alternative fonts can be selected if fonts are missing, -identify the set of fonts required to completely cover a set of languages. - -%package devel -Summary: Header and development files -Requires: %{name} = %{version}-%{release} -Requires: expat-devel -Requires: freetype2-devel - -%description devel -It contains the libraries and header files to create applications - -%prep -%autosetup - -%build -export PYTHON=python3 - -%configure \ - --disable-docs \ - --docdir=%{_docdir}/%{name}-%{version} - -%make_build - -%install -%make_install %{?_smp_mflags} -install -v -dm755 %{buildroot}%{_datadir}/{man/man{1,3,5},doc/%{name}-%{version}/fontconfig-devel} -install -v -m644 fc-*/*.1 %{buildroot}%{_mandir}/man1 -install -v -m644 doc/*.3 %{buildroot}%{_mandir}/man3 -install -v -m644 doc/fonts-conf.5 %{buildroot}%{_mandir}/man5 -install -v -m644 doc/fontconfig-devel/* %{buildroot}%{_docdir}/%{name}-%{version}/fontconfig-devel -install -v -m644 doc/*.{pdf,sgml,txt,html} %{buildroot}%{_docdir}/%{name}-%{version} - -%check -make %{?_smp_mflags} -k check - -%post -/sbin/ldconfig - -%postun -/sbin/ldconfig - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/*.so.* -%{_datadir}/* -%{_mandir}/man1/* -%{_mandir}/man5/* -%config(noreplace) %{_sysconfdir}/fonts/* -%{_docdir}/%{name}-%{version}/* - -%files devel -%defattr(-,root,root) -%{_libdir}/libfontconfig.so -%{_includedir}/fontconfig/* -%{_libdir}/pkgconfig/* -%{_mandir}/man3/* - -%changelog -* Sat May 06 2023 Shreenidhi Shedi 2.14.1-4 -- Fix file packaging -* Thu Apr 20 2023 Ashwin Dayanand Kamat 2.14.1-3 -- Bump version as a part of libxml2 upgrade -* Wed Apr 19 2023 Ashwin Dayanand Kamat 2.14.1-2 -- Bump version as a part of freetype2 upgrade -* Fri Oct 28 2022 Gerrit Photon 2.14.1-1 -- Automatic Version Bump -* Tue Jul 12 2022 Shivani Agarwal 2.14.0-2 -- Fix fontconfig -> freetype2 dependency -* Mon Apr 18 2022 Gerrit Photon 2.14.0-1 -- Automatic Version Bump -* Wed Aug 11 2021 Alexey Makhalov 2.13.93-2 -- Add freetype2-devel requires for -devel subpackage. -* Tue Apr 13 2021 Gerrit Photon 2.13.93-1 -- Automatic Version Bump -* Wed Sep 12 2018 Sujay G 2.13.1-1 -- Bump version to 2.13.1 -* Thu Aug 03 2017 Chang Lee 2.12.1-3 -- Add a patch for run-test. This issue was introduced by freetype 2.7.1 -* Fri Apr 14 2017 Alexey Makhalov 2.12.1-2 -- Requires expat-devel -* Fri Nov 11 2016 Dheeraj Shetty 2.12.1-1 -- Initial version. diff --git a/SPECS/fping/fping.spec b/SPECS/fping/fping.spec deleted file mode 100644 index 547112f035..0000000000 --- a/SPECS/fping/fping.spec +++ /dev/null @@ -1,47 +0,0 @@ -Summary: Utility to send ICMP echo probes to network hosts -Name: fping -Version: 5.1 -Release: 1%{?dist} -License: Charityware -Group: Productivity/Networking/Diagnostic -Vendor: VMware, Inc. -Distribution: Photon -URL: http://www.fping.org/ -Source0: http://fping.org/dist/%{name}-%{version}.tar.gz -%define sha512 fping=1a208da8dcd99093d0512af5d85ba5e7b5743ec97993d24c1fe612bb58d93090ac1ba0952f648aa075f16d390a77c4be65e394ae56dbede2a6914e0e8c68e2bd -BuildRequires: autoconf -BuildRequires: automake - -%description -fping is a ping like program which uses the Internet Control Message Protocol -(ICMP) echo request to determine if a target host is responding. - -%prep -%autosetup - -%build -%configure -make %{?_smp_mflags} - -%install -make DESTDIR=%{buildroot} %{?_smp_mflags} install -ln -sf fping %{buildroot}%{_sbindir}/fping6 -rm -rf %{buildroot}%{_infodir} - -%clean -rm -rf %{buildroot} - -%files -%defattr(-, root, root) -%{_sbindir}/fping -%{_sbindir}/fping6 -%doc CHANGELOG.md COPYING -%doc %{_mandir}/man8/fping.8* - -%changelog -* Mon Apr 18 2022 Gerrit Photon 5.1-1 -- Automatic Version Bump -* Wed Jul 22 2020 Gerrit Photon 5.0-1 -- Automatic Version Bump -* Wed Jan 23 2019 Dweep Advani 4.1-1 -- Added fping package to Photon 2.0 diff --git a/SPECS/freetds/freetds.spec b/SPECS/freetds/freetds.spec deleted file mode 100644 index 4d77f26c24..0000000000 --- a/SPECS/freetds/freetds.spec +++ /dev/null @@ -1,119 +0,0 @@ -Summary: ODBC driver manager -Name: freetds -Version: 1.3.10 -Release: 3%{?dist} -License: GPLv2 -URL: http://www.unixodbc.org -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://www.freetds.org/files/stable/%{name}-%{version}.tar.gz -%define sha512 %{name}=3d656833dd3e0150bf1c343699aeb89f6cb30b357a86a2baf94ac9f53016a793c78b5dcabfdb357106a7736ceb8d1fd25d817fa0861a4209b8093e6a5065dcf1 - -BuildRequires: unixODBC-devel -BuildRequires: gnutls-devel - -Requires: gnutls -Requires: unixODBC - -%description -FreeTDS is a project to document and implement the TDS (Tabular DataStream) -protocol. TDS is used by Sybase and Microsoft for client to database server -communications. FreeTDS includes call level interfaces for DB-Lib, CT-Lib, -and ODBC. - -%package devel -Summary: Development files for unixODBC library -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} - -%description devel -The freetds-devel package contains the files necessary for development with -the FreeTDS libraries. - -%package unixODBC -Summary: FreeTDS ODBC Driver for unixODBC -Group: System Environment/Libraries -Requires: unixODBC - -%description unixODBC -The freetds-unixodbc package contains ODBC driver build for unixODBC. - -%package doc -Summary: User documentation for FreeTDS -Group: Documentation - -%description doc -The freetds-doc package contains the userguide and reference of FreeTDS -and can be installed even if FreeTDS main package is not installed - -%prep -%autosetup -p1 - -%build -%configure \ - --enable-static=no \ - --with-tdsver=auto \ - --with-unixodbc \ - --with-gnutls - -%make_build - -%install -%make_install %{?_smp_mflags} -find %{buildroot} -name '*.a' -delete - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%post unixODBC -echo "[FreeTDS] -Description = FreeTDS unixODBC Driver -Driver = %{_libdir}/libtdsodbc.so.0 -Setup = %{_libdir}/libtdsodbc.so.0" | odbcinst -i -d -r > /dev/null 2>&1 || true -echo "[SQL Server] -Description = FreeTDS unixODBC Driver -Driver = %{_libdir}/libtdsodbc.so.0 -Setup = %{_libdir}/libtdsodbc.so.0" | odbcinst -i -d -r > /dev/null 2>&1 || true - -%preun unixODBC -odbcinst -u -d -n 'FreeTDS' > /dev/null 2>&1 || true -odbcinst -u -d -n 'SQL Server' > /dev/null 2>&1 || true - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_mandir}/man?/* -%{_libdir}/libct.so.* -%{_libdir}/libsybdb.so.* -%config(noreplace) %{_sysconfdir}/locales.conf -%config(noreplace) %{_sysconfdir}/pool.conf -%config(noreplace) %{_sysconfdir}/freetds.conf - -%files devel -%defattr (-,root,root) -%{_libdir}/*.so -%{_includedir}/* - -%files unixODBC -%defattr(-,root,root) -%{_libdir}/libtdsodbc.so* - -%files doc -%defattr (-,root,root) -%{_docdir}/%{name}/* - -%changelog -* Thu Dec 22 2022 Shreenidhi Shedi 1.3.10-3 -- Bump version as a part of readline upgrade -* Tue Aug 30 2022 Shreenidhi Shedi 1.3.10-2 -- Bump version as a part of gnutls upgrade -* Mon Apr 18 2022 Gerrit Photon 1.3.10-1 -- Automatic Version Bump -* Sat Apr 24 2021 Gerrit Photon 1.2.21-1 -- Automatic Version Bump -* Tue Apr 13 2021 Gerrit Photon 1.2.20-1 -- Automatic Version Bump -* Thu Oct 01 2020 Dweep Advani 1.2.5-1 -- Adding package freetds diff --git a/SPECS/freetype2/freetype2.spec b/SPECS/freetype2/freetype2.spec deleted file mode 100644 index 1e28e74efa..0000000000 --- a/SPECS/freetype2/freetype2.spec +++ /dev/null @@ -1,83 +0,0 @@ -Summary: software font engine. -Name: freetype2 -Version: 2.13.0 -Release: 1%{?dist} -License: BSD/GPL -URL: http://www.freetype.org -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://download.savannah.gnu.org/releases/freetype/freetype-%{version}.tar.gz -%define sha512 freetype=0d2bfc3980313e1578b69568394666e1721c11dfdb47f21cb46ced48d0afcc674e175391ee0f64ffbcee814cded2d9a8fe6273029253c1adf642078ac8c0dd73 - -BuildRequires: libtool -BuildRequires: zlib-devel -BuildRequires: glibc -BuildRequires: pkg-config -BuildRequires: bash - -%description -FreeType is a software font engine that is designed to be small, efficient, highly customizable, and portable while capable of producing high-quality output (glyph images). It can be used in graphics libraries, display servers, font conversion tools, text image generation tools, and many other products as well. - -%package devel -Summary: Header and development files -Requires: freetype2 = %{version}-%{release} - -%description devel -It contains the libraries and header files to create applications - -%prep -%autosetup -p1 -n freetype-%{version} - -%build -%configure --with-harfbuzz=no -%make_build - -%install -%make_install %{?_smp_mflags} -find %{buildroot} -name '*.la' -delete -find %{buildroot} -name '*.a' -delete - -%check -make -k check %{?_smp_mflags} |& tee %{_specdir}/%{name}-check-log || %{nocheck} - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_libdir}/*.so* -%{_datadir}/* - -%files devel -%defattr(-,root,root) -%{_includedir}/* -%{_libdir}/*.so -%{_libdir}/pkgconfig/*.pc - -%changelog -* Wed Apr 19 2023 Ashwin Dayanand Kamat 2.13.0-1 -- Upgrade to v2.13.0 -* Fri Apr 14 2023 Shreenidhi Shedi 2.12.1-2 -- Bump version as a part of zlib upgrade -* Thu Sep 29 2022 Shreenidhi Shedi 2.12.1-1 -- Upgrade to v2.12.1 -* Mon Apr 18 2022 Gerrit Photon 2.12.0-1 -- Automatic Version Bump -* Tue Apr 13 2021 Gerrit Photon 2.10.4-1 -- Automatic Version Bump -* Tue Dec 15 2020 Shreenidhi Shedi 2.10.2-2 -- Fix build with new rpm -* Thu Jun 25 2020 Gerrit Photon 2.10.2-1 -- Automatic Version Bump -* Wed Sep 12 2018 Sujay G 2.9.1-1 -- Version bump to 2.9.1 -* Thu Jun 14 2018 Tapas Kundu 2.7.1-4 -- CVE-2018-6942 -* Mon May 15 2017 Priyesh Padmavilasom 2.7.1-3 -- CVE-2017-8287 -* Fri Apr 28 2017 Dheeraj Shetty 2.7.1-2 -- CVE-2017-7857, CVE-2017-7858 and CVE-2017-7864 -* Fri Nov 11 2016 Dheeraj Shetty 2.7.1-1 -- Initial version. diff --git a/SPECS/fribidi/fribidi.spec b/SPECS/fribidi/fribidi.spec deleted file mode 100644 index a51668a0a1..0000000000 --- a/SPECS/fribidi/fribidi.spec +++ /dev/null @@ -1,65 +0,0 @@ -Summary: GNU FriBidi is an implementation of the Unicode Bidirectional Algorithm (bidi). -Name: fribidi -Version: 1.0.12 -Release: 1%{?dist} -License: LGPLv2 or MPLv1.1 -URL: http://fribidi.org -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/fribidi/fribidi/releases/download/v%{version}/%{name}-%{version}.tar.xz -%define sha512 %{name}=cd624f519b270303e89139ced4020115abe3b6a0d774ba57f17fa69c6036edebd76c635a42c468786e76c6ffb0c7d63b435cd2663bc2fba08dec405840dd8e49 - -BuildRequires: meson -BuildRequires: ninja-build - -%description -A library to handle bidirectional scripts (for example Hebrew, Arabic), -so that the display is done in the proper way; while the text data itself -is always written in logical order. - -%package devel -Summary: Header and development files -Requires: %{name} = %{version}-%{release} - -%description devel -Include files and libraries needed for developing applications which use -FriBidi. - -%prep -%autosetup -p1 - -%build -%meson \ - -Ddocs=false - -%meson_build - -%install -%meson_install - -%if 0%{?with_check} -%check -%meson_test -%endif - -%clean -rm -rf %{buildroot}/* - -%ldconfig_scriptlets - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/*.so.* - -%files devel -%defattr(-,root,root) -%{_includedir}/* -%{_libdir}/*.so -%{_libdir}/pkgconfig/*.pc - -%changelog -* Tue Nov 8 2022 Michelle Wang 1.0.12-1 -- Initial version. Required by pango-1.50.11. diff --git a/SPECS/frr/0001-directly-link-libabsl_synchronization-for-grpc-test.patch b/SPECS/frr/0001-directly-link-libabsl_synchronization-for-grpc-test.patch deleted file mode 100644 index a392a56d22..0000000000 --- a/SPECS/frr/0001-directly-link-libabsl_synchronization-for-grpc-test.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 6a068c4c66411b0584c44fe4696dab2d2c036984 Mon Sep 17 00:00:00 2001 -From: Brennan Lamoreaux -Date: Thu, 13 Apr 2023 22:38:21 +0000 -Subject: [PATCH] directly link libabsl_synchronization for grpc test - ---- - tests/lib/subdir.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/lib/subdir.am b/tests/lib/subdir.am -index 62b1944..8f63a77 100644 ---- a/tests/lib/subdir.am -+++ b/tests/lib/subdir.am -@@ -19,7 +19,7 @@ EXTRA_DIST += tests/lib/test_frrscript.py - - - ############################################################################## --GRPC_TESTS_LDADD = staticd/libstatic.a grpc/libfrrgrpc_pb.la -lgrpc++ -lprotobuf $(ALL_TESTS_LDADD) $(LIBYANG_LIBS) -lm -+GRPC_TESTS_LDADD = staticd/libstatic.a grpc/libfrrgrpc_pb.la -lgrpc++ -lprotobuf -labsl_synchronization $(ALL_TESTS_LDADD) $(LIBYANG_LIBS) -lm - - if GRPC - check_PROGRAMS += tests/lib/test_grpc --- -2.39.0 - diff --git a/SPECS/frr/disable-eigrp-crypto.patch b/SPECS/frr/disable-eigrp-crypto.patch deleted file mode 100644 index cd43569939..0000000000 --- a/SPECS/frr/disable-eigrp-crypto.patch +++ /dev/null @@ -1,252 +0,0 @@ -diff --git a/eigrpd/eigrp_packet.c b/eigrpd/eigrp_packet.c -index bedaf15..8dc09bf 100644 ---- a/eigrpd/eigrp_packet.c -+++ b/eigrpd/eigrp_packet.c -@@ -40,8 +40,10 @@ - #include "log.h" - #include "sockopt.h" - #include "checksum.h" -+#ifdef CRYPTO_INTERNAL - #include "md5.h" - #include "sha256.h" -+#endif - #include "lib_errors.h" - - #include "eigrpd/eigrp_structs.h" -@@ -95,8 +97,12 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s, - struct key *key = NULL; - struct keychain *keychain; - -+ - unsigned char digest[EIGRP_AUTH_TYPE_MD5_LEN]; -+#ifdef CRYPTO_OPENSSL -+#elif CRYPTO_INTERNAL - MD5_CTX ctx; -+#endif - uint8_t *ibuf; - size_t backup_get, backup_end; - struct TLV_MD5_Authentication_Type *auth_TLV; -@@ -119,6 +125,9 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s, - return EIGRP_AUTH_TYPE_NONE; - } - -+#ifdef CRYPTO_OPENSSL -+//TBD when this is fixed in upstream -+#elif CRYPTO_INTERNAL - memset(&ctx, 0, sizeof(ctx)); - MD5Init(&ctx); - -@@ -146,7 +155,7 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s, - } - - MD5Final(digest, &ctx); -- -+#endif - /* Append md5 digest to the end of the stream. */ - memcpy(auth_TLV->digest, digest, EIGRP_AUTH_TYPE_MD5_LEN); - -@@ -162,7 +171,10 @@ int eigrp_check_md5_digest(struct stream *s, - struct TLV_MD5_Authentication_Type *authTLV, - struct eigrp_neighbor *nbr, uint8_t flags) - { -+#ifdef CRYPTO_OPENSSL -+#elif CRYPTO_INTERNAL - MD5_CTX ctx; -+#endif - unsigned char digest[EIGRP_AUTH_TYPE_MD5_LEN]; - unsigned char orig[EIGRP_AUTH_TYPE_MD5_LEN]; - struct key *key = NULL; -@@ -203,6 +215,9 @@ int eigrp_check_md5_digest(struct stream *s, - return 0; - } - -+#ifdef CRYPTO_OPENSSL -+ //TBD when eigrpd crypto is fixed in upstream -+#elif CRYPTO_INTERNAL - memset(&ctx, 0, sizeof(ctx)); - MD5Init(&ctx); - -@@ -230,6 +245,7 @@ int eigrp_check_md5_digest(struct stream *s, - } - - MD5Final(digest, &ctx); -+#endif - - /* compare the two */ - if (memcmp(orig, digest, EIGRP_AUTH_TYPE_MD5_LEN) != 0) { -@@ -254,7 +270,11 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s, - unsigned char digest[EIGRP_AUTH_TYPE_SHA256_LEN]; - unsigned char buffer[1 + PLAINTEXT_LENGTH + 45 + 1] = {0}; - -+#ifdef CRYPTO_OPENSSL -+ //TBD when eigrpd crypto is fixed in upstream -+#elif CRYPTO_INTERNAL - HMAC_SHA256_CTX ctx; -+#endif - void *ibuf; - size_t backup_get, backup_end; - struct TLV_SHA256_Authentication_Type *auth_TLV; -@@ -283,6 +303,9 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s, - - inet_ntop(AF_INET, &ei->address.u.prefix4, source_ip, PREFIX_STRLEN); - -+#ifdef CRYPTO_OPENSSL -+ //TBD when eigrpd crypto is fixed in upstream -+#elif CRYPTO_INTERNAL - memset(&ctx, 0, sizeof(ctx)); - buffer[0] = '\n'; - memcpy(buffer + 1, key, strlen(key->string)); -@@ -291,7 +314,7 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s, - 1 + strlen(key->string) + strlen(source_ip)); - HMAC__SHA256_Update(&ctx, ibuf, strlen(ibuf)); - HMAC__SHA256_Final(digest, &ctx); -- -+#endif - - /* Put hmac-sha256 digest to it's place */ - memcpy(auth_TLV->digest, digest, EIGRP_AUTH_TYPE_SHA256_LEN); -diff --git a/eigrpd/eigrp_filter.c b/eigrpd/eigrp_filter.c -index 93eed94..f1c7347 100644 ---- a/eigrpd/eigrp_filter.c -+++ b/eigrpd/eigrp_filter.c -@@ -47,7 +47,9 @@ - #include "if_rmap.h" - #include "plist.h" - #include "distribute.h" -+#ifdef CRYPTO_INTERNAL - #include "md5.h" -+#endif - #include "keychain.h" - #include "privs.h" - #include "vrf.h" -diff --git a/eigrpd/eigrp_hello.c b/eigrpd/eigrp_hello.c -index dacd5ca..b232cc5 100644 ---- a/eigrpd/eigrp_hello.c -+++ b/eigrpd/eigrp_hello.c -@@ -43,7 +43,9 @@ - #include "sockopt.h" - #include "checksum.h" - #include "vty.h" -+#ifdef CRYPTO_INTERNAL - #include "md5.h" -+#endif - - #include "eigrpd/eigrp_structs.h" - #include "eigrpd/eigrpd.h" -diff --git a/eigrpd/eigrp_query.c b/eigrpd/eigrp_query.c -index 84dcf5e..a2575e3 100644 ---- a/eigrpd/eigrp_query.c -+++ b/eigrpd/eigrp_query.c -@@ -38,7 +38,9 @@ - #include "log.h" - #include "sockopt.h" - #include "checksum.h" -+#ifdef CRYPTO_INTERNAL - #include "md5.h" -+#endif - #include "vty.h" - - #include "eigrpd/eigrp_structs.h" -diff --git a/eigrpd/eigrp_reply.c b/eigrpd/eigrp_reply.c -index ccf0496..2902365 100644 ---- a/eigrpd/eigrp_reply.c -+++ b/eigrpd/eigrp_reply.c -@@ -42,7 +42,9 @@ - #include "log.h" - #include "sockopt.h" - #include "checksum.h" -+#ifdef CRYPTO_INTERNAL - #include "md5.h" -+#endif - #include "vty.h" - #include "keychain.h" - #include "plist.h" -diff --git a/eigrpd/eigrp_siaquery.c b/eigrpd/eigrp_siaquery.c -index ff38325..09b9369 100644 ---- a/eigrpd/eigrp_siaquery.c -+++ b/eigrpd/eigrp_siaquery.c -@@ -38,7 +38,9 @@ - #include "log.h" - #include "sockopt.h" - #include "checksum.h" -+#ifdef CRYPTO_INTERNAL - #include "md5.h" -+#endif - #include "vty.h" - - #include "eigrpd/eigrp_structs.h" -diff --git a/eigrpd/eigrp_siareply.c b/eigrpd/eigrp_siareply.c -index d3dd123..f6a2bd6 100644 ---- a/eigrpd/eigrp_siareply.c -+++ b/eigrpd/eigrp_siareply.c -@@ -37,7 +37,9 @@ - #include "log.h" - #include "sockopt.h" - #include "checksum.h" -+#ifdef CRYPTO_INTERNAL - #include "md5.h" -+#endif - #include "vty.h" - - #include "eigrpd/eigrp_structs.h" -diff --git a/eigrpd/eigrp_snmp.c b/eigrpd/eigrp_snmp.c -index 21c9238..cfb8890 100644 ---- a/eigrpd/eigrp_snmp.c -+++ b/eigrpd/eigrp_snmp.c -@@ -42,7 +42,9 @@ - #include "log.h" - #include "sockopt.h" - #include "checksum.h" -+#ifdef CRYPTO_INTERNAL - #include "md5.h" -+#endif - #include "keychain.h" - #include "smux.h" - -diff --git a/eigrpd/eigrp_update.c b/eigrpd/eigrp_update.c -index 8db4903..2a4f0bb 100644 ---- a/eigrpd/eigrp_update.c -+++ b/eigrpd/eigrp_update.c -@@ -42,7 +42,9 @@ - #include "log.h" - #include "sockopt.h" - #include "checksum.h" -+#ifdef CRYPTO_INTERNAL - #include "md5.h" -+#endif - #include "vty.h" - #include "plist.h" - #include "plist_int.h" -diff --git a/eigrpd/eigrp_cli.c b/eigrpd/eigrp_cli.c -index a93d4c8..b01e121 100644 ---- a/eigrpd/eigrp_cli.c -+++ b/eigrpd/eigrp_cli.c -@@ -25,6 +25,7 @@ - #include "lib/command.h" - #include "lib/log.h" - #include "lib/northbound_cli.h" -+#include "lib/libfrr.h" - - #include "eigrp_structs.h" - #include "eigrpd.h" -@@ -726,6 +726,20 @@ DEFPY( - "Keyed message digest\n" - "HMAC SHA256 algorithm \n") - { -+ //EIGRP authentication is currently broken in FRR -+ switch (frr_get_cli_mode()) { -+ case FRR_CLI_CLASSIC: -+ vty_out(vty, "%% Eigrp Authentication is disabled\n\n"); -+ break; -+ case FRR_CLI_TRANSACTIONAL: -+ vty_out(vty, -+ "%% Failed to edit candidate configuration - " -+ "Eigrp Authentication is disabled.\n\n"); -+ break; -+ } -+ -+ return CMD_WARNING_CONFIG_FAILED; -+ - char xpath[XPATH_MAXLEN], xpath_auth[XPATH_MAXLEN + 64]; - - snprintf(xpath, sizeof(xpath), "./frr-eigrpd:eigrp/instance[asn='%s']", diff --git a/SPECS/frr/enable-openssl.patch b/SPECS/frr/enable-openssl.patch deleted file mode 100644 index fa30a88dbf..0000000000 --- a/SPECS/frr/enable-openssl.patch +++ /dev/null @@ -1,78 +0,0 @@ -diff --git a/lib/subdir.am b/lib/subdir.am -index 0b7af18..0533e24 100644 ---- a/lib/subdir.am -+++ b/lib/subdir.am -@@ -41,7 +41,6 @@ lib_libfrr_la_SOURCES = \ - lib/log.c \ - lib/log_filter.c \ - lib/log_vty.c \ -- lib/md5.c \ - lib/memory.c \ - lib/mlag.c \ - lib/module.c \ -@@ -64,7 +64,6 @@ lib_libfrr_la_SOURCES = \ - lib/routemap_northbound.c \ - lib/sbuf.c \ - lib/seqlock.c \ -- lib/sha256.c \ - lib/sigevent.c \ - lib/skiplist.c \ - lib/sockopt.c \ -@@ -170,7 +170,6 @@ pkginclude_HEADERS += \ - lib/link_state.h \ - lib/log.h \ - lib/log_vty.h \ -- lib/md5.h \ - lib/memory.h \ - lib/module.h \ - lib/monotime.h \ -@@ -191,7 +190,6 @@ pkginclude_HEADERS += \ - lib/route_opaque.h \ - lib/sbuf.h \ - lib/seqlock.h \ -- lib/sha256.h \ - lib/sigevent.h \ - lib/skiplist.h \ - lib/smux.h \ -diff --git a/isisd/isis_lsp.c b/isisd/isis_lsp.c -index 1991666..2e4fe55 100644 ---- a/isisd/isis_lsp.c -+++ b/isisd/isis_lsp.c -@@ -35,7 +35,9 @@ - #include "hash.h" - #include "if.h" - #include "checksum.h" -+#ifdef CRYPTO_INTERNAL - #include "md5.h" -+#endif - #include "table.h" - #include "srcdest_table.h" - #include "lib_errors.h" -diff --git a/isisd/isis_pdu.c b/isisd/isis_pdu.c -index 9c63311..7cf594c 100644 ---- a/isisd/isis_pdu.c -+++ b/isisd/isis_pdu.c -@@ -33,7 +33,9 @@ - #include "prefix.h" - #include "if.h" - #include "checksum.h" -+#ifdef CRYPTO_INTERNAL - #include "md5.h" -+#endif - #include "lib_errors.h" - - #include "isisd/isis_constants.h" -diff --git a/isisd/isis_te.c b/isisd/isis_te.c -index 4ea6c2c..72ff0d2 100644 ---- a/isisd/isis_te.c -+++ b/isisd/isis_te.c -@@ -38,7 +38,9 @@ - #include "if.h" - #include "vrf.h" - #include "checksum.h" -+#ifdef CRYPTO_INTERNAL - #include "md5.h" -+#endif - #include "sockunion.h" - #include "network.h" - #include "sbuf.h" diff --git a/SPECS/frr/fips-mode.patch b/SPECS/frr/fips-mode.patch deleted file mode 100644 index 573f549ae2..0000000000 --- a/SPECS/frr/fips-mode.patch +++ /dev/null @@ -1,143 +0,0 @@ -diff --git a/isisd/isis_circuit.c b/isisd/isis_circuit.c -index 1b04472..f244f16 100644 ---- a/isisd/isis_circuit.c -+++ b/isisd/isis_circuit.c -@@ -26,6 +26,9 @@ - #include - #endif - -+#include -+#include -+ - #include "log.h" - #include "memory.h" - #include "vrf.h" -@@ -1372,6 +1375,10 @@ ferr_r isis_circuit_passwd_set(struct isis_circuit *circuit, - return ferr_code_bug( - "circuit password too long (max 254 chars)"); - -+ //When in FIPS mode, the password never gets set in MD5 -+ if((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && EVP_default_properties_is_fips_enabled(NULL)) -+ return ferr_cfg_invalid("FIPS mode is enabled, md5 authentication is disabled"); -+ - circuit->passwd.len = len; - strlcpy((char *)circuit->passwd.passwd, passwd, - sizeof(circuit->passwd.passwd)); -diff --git a/isisd/isisd.c b/isisd/isisd.c -index 3fa2b7c..db4485c 100644 ---- a/isisd/isisd.c -+++ b/isisd/isisd.c -@@ -22,6 +22,9 @@ - - #include - -+#include -+#include -+ - #include "thread.h" - #include "vty.h" - #include "command.h" -@@ -2529,6 +2532,10 @@ static int isis_area_passwd_set(struct isis_area *area, int level, - if (len > 254) - return -1; - -+ //When in FIPS mode, the password never get set in MD5 -+ if ((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && (EVP_default_properties_is_fips_enabled(NULL))) -+ return ferr_cfg_invalid("FIPS mode is enabled, md5 authentication is disabled"); -+ - modified.len = len; - strlcpy((char *)modified.passwd, passwd, - sizeof(modified.passwd)); -diff --git a/ospfd/ospf_vty.c b/ospfd/ospf_vty.c -index 1adf42d..38be930 100644 ---- a/ospfd/ospf_vty.c -+++ b/ospfd/ospf_vty.c -@@ -22,6 +22,9 @@ - #include - #include - -+#include -+#include -+ - #include "printfrr.h" - #include "monotime.h" - #include "memory.h" -@@ -1069,6 +1072,11 @@ DEFUN (ospf_area_vlink, - - if (argv_find(argv, argc, "message-digest", &idx)) { - /* authentication message-digest */ -+ if(EVP_default_properties_is_fips_enabled(NULL)) -+ { -+ vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n"); -+ return CMD_WARNING_CONFIG_FAILED; -+ } - vl_config.auth_type = OSPF_AUTH_CRYPTOGRAPHIC; - } else if (argv_find(argv, argc, "null", &idx)) { - /* "authentication null" */ -@@ -1982,6 +1990,15 @@ DEFUN (ospf_area_authentication_message_digest, - ? OSPF_AUTH_NULL - : OSPF_AUTH_CRYPTOGRAPHIC; - -+ if(area->auth_type == OSPF_AUTH_CRYPTOGRAPHIC) -+ { -+ if(EVP_default_properties_is_fips_enabled(NULL)) -+ { -+ vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n"); -+ return CMD_WARNING_CONFIG_FAILED; -+ } -+ } -+ - return CMD_SUCCESS; - } - -@@ -7445,6 +7462,11 @@ DEFUN (ip_ospf_authentication_args, - - /* Handle message-digest authentication */ - if (argv[idx_encryption]->arg[0] == 'm') { -+ if(EVP_default_properties_is_fips_enabled(NULL)) -+ { -+ vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n"); -+ return CMD_WARNING_CONFIG_FAILED; -+ } - SET_IF_PARAM(params, auth_type); - params->auth_type = OSPF_AUTH_CRYPTOGRAPHIC; - return CMD_SUCCESS; -@@ -7751,6 +7773,11 @@ DEFUN (ip_ospf_message_digest_key, - "The OSPF password (key)\n" - "Address of interface\n") - { -+ if(EVP_default_properties_is_fips_enabled(NULL)) -+ { -+ vty_out(vty, "FIPS mode is enabled, md5 authentication is disabled\n"); -+ return CMD_WARNING_CONFIG_FAILED; -+ } - VTY_DECLVAR_CONTEXT(interface, ifp); - struct crypt_key *ck; - uint8_t key_id; -diff --git a/ripd/rip_cli.c b/ripd/rip_cli.c -index 58c28e5..0d37669 100644 ---- a/ripd/rip_cli.c -+++ b/ripd/rip_cli.c -@@ -20,6 +20,9 @@ - - #include - -+#include -+#include -+ - #include "if.h" - #include "vrf.h" - #include "log.h" -@@ -832,6 +835,12 @@ DEFPY_YANG (ip_rip_authentication_mode, - value = "20"; - } - -+ if(strmatch(mode, "md5") && EVP_default_properties_is_fips_enabled(NULL)) -+ { -+ vty_out(vty, "FIPS mode is enabled, md5 authentication id disabled\n"); -+ return CMD_WARNING_CONFIG_FAILED; -+ } -+ - nb_cli_enqueue_change(vty, "./authentication-scheme/mode", NB_OP_MODIFY, - strmatch(mode, "md5") ? "md5" : "plain-text"); - if (strmatch(mode, "md5")) diff --git a/SPECS/frr/frr-sysusers.conf b/SPECS/frr/frr-sysusers.conf deleted file mode 100644 index 9632955265..0000000000 --- a/SPECS/frr/frr-sysusers.conf +++ /dev/null @@ -1,4 +0,0 @@ -#Type Name ID GECOS Home directory Shell -g frrvty - -u frr - "FRRouting routing suite" /var/run/frr /sbin/nologin -m frr frrvty diff --git a/SPECS/frr/frr-tmpfiles.conf b/SPECS/frr/frr-tmpfiles.conf deleted file mode 100644 index c1613b269d..0000000000 --- a/SPECS/frr/frr-tmpfiles.conf +++ /dev/null @@ -1 +0,0 @@ -d /run/frr 0755 frr frr - diff --git a/SPECS/frr/frr.spec b/SPECS/frr/frr.spec deleted file mode 100644 index af3d72f159..0000000000 --- a/SPECS/frr/frr.spec +++ /dev/null @@ -1,244 +0,0 @@ -%global frr_libdir %{_libexecdir}/%{name} - -Summary: Internet Routing Protocol -Name: frr -Version: 8.5.2 -Release: 3%{?dist} -License: GPLv2+ -URL: https://frrouting.org -Group: System Environment/Daemons -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/FRRouting/frr/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=1afa6ca1a41096aa47dc2fc39ab87290b3cbf634a1632e7910a5b69d2816998fbccbca616f261a410aa146a21dd26d12b7e6812da4ec08545b1500f8b546b972 - -Source1: %{name}-tmpfiles.conf -Source2: %{name}-sysusers.conf - -Patch0: enable-openssl.patch -Patch1: disable-eigrp-crypto.patch -Patch2: fips-mode.patch - -%if 0%{?with_check} -Patch4: remove-grpc-test.patch -Patch5: 0001-directly-link-libabsl_synchronization-for-grpc-test.patch -%endif - -BuildRequires: build-essential -BuildRequires: c-ares-devel -BuildRequires: python3-devel -BuildRequires: python3-sphinx -BuildRequires: systemd-devel -BuildRequires: flex -BuildRequires: json-c-devel -BuildRequires: libcap-devel -BuildRequires: ncurses-devel -BuildRequires: readline-devel -BuildRequires: texinfo -BuildRequires: libyang-devel -BuildRequires: elfutils-devel -BuildRequires: pcre2-devel -BuildRequires: openssl-devel -BuildRequires: grpc-devel -BuildRequires: net-snmp-devel -BuildRequires: which -buildRequires: protobuf-devel - -%if 0%{?with_check} -BuildRequires: python3-pytest -%endif - -Requires: libcap -Requires: json-c -Requires: pcre2 -Requires: libyang -Requires: elfutils -Requires: readline -Requires: systemd -Requires: texinfo -Requires: c-ares -Requires: perl-libintl -Requires: libyang -Requires: pcre2-libs -Requires: ncurses-libs -Requires: openssl -Requires: glibc -Requires: python3 -Requires: protobuf -Requires(pre): shadow -Requires(postun): shadow - -%description -FRRouting is free software that manages TCP/IP based routing protocols. It takes -a multi-server and multi-threaded approach to resolve the current complexity -of the Internet. - -FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. - -FRRouting is a fork of Quagga. - -%prep -%autosetup -p1 -n %{name}-%{name}-%{version} - -autoreconf -ivf - -sh ./configure --host=%{_host} --build=%{_build} \ - --program-prefix=%{?_program_prefix} \ - --disable-dependency-tracking \ - --prefix=%{_prefix} \ - --exec-prefix=%{_exec_prefix} \ - --bindir=%{_bindir} \ - --datadir=%{_datadir} \ - --includedir=%{_includedir} \ - --sharedstatedir=%{_sharedstatedir} \ - --mandir=%{_mandir} \ - --infodir=%{_infodir} \ - --sbindir=%{frr_libdir} \ - --sysconfdir=%{_sysconfdir}/%{name} \ - --libdir=%{_libdir}/%{name} \ - --libexecdir=%{_libexecdir}/%{name} \ - --localstatedir=%{_localstatedir}/run/%{name} \ - --enable-multipath=64 \ - --enable-vtysh=yes \ - --disable-ospfclient \ - --disable-ospfapi \ - --enable-snmp=agentx \ - --enable-user=%{name} \ - --enable-group=%{name} \ - --enable-vty-group=frrvty \ - --enable-rtadv \ - --disable-exampledir \ - --enable-systemd=yes \ - --enable-static=no \ - --disable-ldpd \ - --disable-babeld \ - --with-moduledir=%{_libdir}/%{name}/modules \ - --with-crypto=openssl \ - --enable-fpm \ - --enable-grpc - -%build -%make_build PYTHON=%{__python3} - -%install -mkdir -p %{buildroot}%{_sysconfdir}/{%{name},rc.d/init.d,sysconfig,logrotate.d,pam.d,default} \ - %{buildroot}%{_localstatedir}/log/%{name} %{buildroot}%{_infodir} \ - %{buildroot}%{_unitdir} \ - %{buildroot}%{_libdir}/%{name} \ - %{buildroot}%{_tmpfilesdir} \ - %{buildroot}%{_sysusersdir} - -%make_install %{?_smp_mflags} - -install -p -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf -install -p -m 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf -install -p -m 644 tools/etc/%{name}/daemons %{buildroot}%{_sysconfdir}/%{name}/daemons -install -p -m 644 tools/%{name}.service %{buildroot}%{_unitdir}/%{name}.service -install -p -m 755 tools/frrinit.sh %{buildroot}%{frr_libdir}/%{name} -install -p -m 755 tools/frrcommon.sh %{buildroot}%{frr_libdir}/frrcommon.sh -install -p -m 755 tools/watchfrr.sh %{buildroot}%{frr_libdir}/watchfrr.sh - -install -p -m 644 redhat/%{name}.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name} -install -p -m 644 redhat/%{name}.pam %{buildroot}%{_sysconfdir}/pam.d/%{name} -install -d -m 775 %{buildroot}/run/%{name} - -# Delete libtool archives -find %{buildroot} -type f -name "*.la" -delete -print - -# Upstream does not maintain a stable API, these headers from -devel subpackage are no longer needed -rm -rf %{buildroot}%{_libdir}/%{name}/*.so \ - %{buildroot}%{_includedir}/%{name}/ \ - %{buildroot}%{_infodir}/dir - -%check -%make_build check - -%pre -%sysusers_create_compat %{SOURCE2} - -%post -/sbin/ldconfig -%systemd_post %{name}.service - -mkdir -p %{_sysconfdir}/%{name} -# Create dummy files if they don't exist so basic functions can be used. -if [ ! -e %{_sysconfdir}/%{name}/%{name}.conf ]; then - echo "hostname `hostname`" > %{_sysconfdir}/%{name}/%{name}.conf - chown %{name}:%{name} %{_sysconfdir}/%{name}/%{name}.conf - chmod 640 %{_sysconfdir}/%{name}/%{name}.conf -fi - -#still used by vtysh, this way no error is produced when using vtysh -if [ ! -e %{_sysconfdir}/%{name}/vtysh.conf ]; then - touch %{_sysconfdir}/%{name}/vtysh.conf - chmod 640 %{_sysconfdir}/%{name}/vtysh.conf - chown %{name}:frrvty %{_sysconfdir}/%{name}/vtysh.conf -fi - -%preun -%systemd_preun %{name}.service - -%postun -/sbin/ldconfig - -if [ $1 -ne 0 ]; then - %systemd_postun_with_restart %{name}.service -fi - -%files -%defattr(-,root,root) -%license COPYING -%doc doc/mpls -%dir %attr(750,%{name},%{name}) %{_sysconfdir}/%{name} -%dir %attr(755,%{name},%{name}) %{_localstatedir}/log/%{name} -%dir %attr(755,%{name},%{name}) /run/%{name} -%config(noreplace) %attr(644,root,root) %{_sysconfdir}/logrotate.d/%{name} -%config(noreplace) %attr(644,%{name},%{name}) %{_sysconfdir}/%{name}/daemons -%config(noreplace) %{_sysconfdir}/pam.d/%{name} -%dir %{_libdir}/%{name} -%{_libdir}/%{name}/*.so.* -%dir %{_libdir}/%{name}/modules -%{_libdir}/%{name}/modules/* -%{_unitdir}/%{name}.service -%dir %{_datadir}/yang -%{_datadir}/yang/*.yang -%{_tmpfilesdir}/%{name}.conf -%{_sysusersdir}/%{name}.conf -%{_infodir}/*info* -%{_bindir}/* -%dir %{frr_libdir}/ -%{frr_libdir}/* -%{_datadir}/man/* -%{_libdir}/%{name}/modules/*.so -%{frr_libdir}/*.py - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 8.5.2-3 -- Bump version as a part of openssl upgrade -* Tue Sep 26 2023 Shreenidhi Shedi 8.5.2-2 -- Remove systemd_postun from postun section -* Wed Aug 09 2023 Mukul Sikka 8.5.2-1 -- Update to latest version -* Mon Jul 31 2023 Shreenidhi Shedi 8.4.1-6 -- Add protobuf to requires -* Mon Jul 24 2023 Brennan Lamoreaux 8.4.1-5 -- Version bump as part of pcre2 update -* Tue Jul 11 2023 Shreenidhi Shedi 8.4.1-4 -- Bump version as a part of elfutils upgrade -* Fri Jun 09 2023 Nitesh Kumar 8.4.1-3 -- Bump version as a part of ncurses upgrade to v6.4 -* Tue Apr 11 2023 Brennan Lamoreaux 8.4.1-2 -- Bump version as part of libyang upgrade -* Tue Jan 31 2023 Gerrit Photon 8.4.1-1 -- Automatic Version Bump -* Fri Jan 06 2023 Vamsi Krishna Brahmajosyula 8.2.2-4 -- Bump up due to change in elfutils -* Tue Dec 20 2022 Guruswamy Basavaiah 8.2.2-3 -- Bump release as a part of readline upgrade -* Thu Oct 06 2022 Shreenidhi Shedi 8.2.2-2 -- Bump version as a part of libyang upgrade -* Wed Apr 20 2022 Roye Eshed 8.2.2-1 -- First Version created. Based off the frrouting Redhat spec file and modified for photon. -- [sshedi: fix the spec file] -- Reference: https://src.fedoraproject.org/rpms/frr/raw/rawhide/f/frr.spec diff --git a/SPECS/frr/remove-grpc-test.patch b/SPECS/frr/remove-grpc-test.patch deleted file mode 100644 index 42522fc250..0000000000 --- a/SPECS/frr/remove-grpc-test.patch +++ /dev/null @@ -1,42 +0,0 @@ -From b2e33852cea4c26e774c43f49678bf0b25ce0aad Mon Sep 17 00:00:00 2001 -From: Quentin Young -Date: Tue, 29 Mar 2022 16:16:35 -0400 -Subject: [PATCH] tests: skip grpc test if frr not installed - -it wants yang models installed which will only be there if frr has been -installed before, causing `make check` to fail when run on a system on -which frr has not been installed when GRPC is enabled (--enable-grpc) - -Signed-off-by: Quentin Young -[ Changed check from /usr/share/yang existence - which is created by libyang - already - to check specifically if any frr yang files exist. ] -Signed-off-by: Brennan Lamoreaux ---- - tests/lib/test_grpc.py | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/tests/lib/test_grpc.py b/tests/lib/test_grpc.py -index 7f722de..f3d9351 100644 ---- a/tests/lib/test_grpc.py -+++ b/tests/lib/test_grpc.py -@@ -1,7 +1,7 @@ - import inspect - import os - import subprocess -- -+import glob - import frrtest - import pytest - -@@ -14,7 +14,7 @@ class TestGRPC(object): - reason="GRPC not enabled", - ) - @pytest.mark.skipif( -- not os.path.isdir("/usr/share/yang"), -+ not glob.glob("/usr/share/yang/frr*.yang"), - reason="YANG models aren't installed in /usr/share/yang", - ) - def test_exits_cleanly(self): --- -2.39.0 - diff --git a/SPECS/fsarchiver/fsarchiver.spec b/SPECS/fsarchiver/fsarchiver.spec deleted file mode 100644 index 861e8c760a..0000000000 --- a/SPECS/fsarchiver/fsarchiver.spec +++ /dev/null @@ -1,67 +0,0 @@ -Summary: FSArchiver - Filesystem Archiver for Linux -Name: fsarchiver -Version: 0.8.6 -Release: 2%{?dist} -License: GPL-2.0 -URL: http://www.fsarchiver.org -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/fdupoux/fsarchiver/releases/download/%{version}/%{name}-%{version}.tar.gz -%define sha512 %{name}=26a2d7a68d162aabb778b14f29c52cf8fbadb8147cf5eae592352a36fbf93cc45c08c241253bd8dfe8cd0b77d0f156afcc8d89e8d24a238fd4427cb479827f14 - -BuildRequires: xz-devel -BuildRequires: lzo-devel -BuildRequires: libgcrypt-devel -BuildRequires: e2fsprogs-devel -BuildRequires: attr-devel - -%description -FSArchiver is a system tool that allows you to save the contents of a file-system to a compressed archive file. -The file-system can be restored on a partition which has a different size and it can be restored on a different file-system. -Unlike tar/dar, FSArchiver also creates the file-system when it extracts the data to partitions. -Everything is checksummed in the archive in order to protect the data. If the archive is corrupt, -you just loose the current file, not the whole archive. -Fsarchiver is released under the GPL-v2 license. -You should read the Quick start guide if you are using FSArchiver for the first time. - -%prep -%autosetup -p1 - -%build -#make some fixes required by glibc-2.28: -sed -i '/unistd/a #include ' src/filesys.c -sed -i '/unistd/a #include ' src/devinfo.c -%configure \ - --bindir=/bin \ - --disable-silent-rules \ - --disable-lz4 \ - --disable-zstd - -make %{?_smp_mflags} - -%install -make DESTDIR=%{buildroot} install %{?_smp_mflags} - -%check -%if 0%{?with_check} -make %{?_smp_mflags} check -%endif - -%files -%defattr(-,root,root) -%{_sbindir}/fsarchiver -%{_mandir}/man8/* - -%changelog -* Fri Dec 23 2022 Oliver Kurth 0.8.6-2 -- bump version as part of xz upgrade -* Tue Apr 13 2021 Gerrit Photon 0.8.6-1 -- Automatic Version Bump -* Wed Sep 19 2018 Alexey Makhalov 0.8.5-2 -- Fix compilation issue against glibc-2.28 -* Mon Sep 17 2018 Sujay G 0.8.5-1 -- Bump to version 0.8.5 -* Fri Apr 28 2017 Xiaolin Li 0.8.1-1 -- Initial build. diff --git a/SPECS/fuse-overlayfs-snapshotter/fuse-overlayfs-snapshotter.spec b/SPECS/fuse-overlayfs-snapshotter/fuse-overlayfs-snapshotter.spec deleted file mode 100644 index 9d625af1ef..0000000000 --- a/SPECS/fuse-overlayfs-snapshotter/fuse-overlayfs-snapshotter.spec +++ /dev/null @@ -1,72 +0,0 @@ -%define debug_package %{nil} -# git commit hash -# update commit id upon every new version release -%define commit_hash a705ae6f22850358821ec1e7d968bc79003934ef - -Summary: fuse-overlayfs plugin for rootless containerd -Name: fuse-overlayfs-snapshotter -Version: 1.0.6 -Release: 4%{?dist} -License: GPL3 -URL: /~https://github.com/containerd/fuse-overlayfs-snapshotter -Group: Applications/File -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/containerd/fuse-overlayfs-snapshotter/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=7ad7f1e433695045ecb09cda6a49b9822779c953105001fa20773b61128e73b1d57d15c05043ff52a2c9415ae899f75ce1ae5ac62843c4d94640c42aee26a7d3 - -BuildRequires: go -BuildRequires: ca-certificates -BuildRequires: build-essential - -Requires: rootlesskit -Requires: fuse3 -Requires: fuse-overlayfs - -%description -fuse-overlayfs snapshotter plugin for containerd. -fuse-overlayfs-snapshotter is a non-core sub-project of containerd. - -%prep -%autosetup -p1 - -%build -export VERSION="%{version}-%{release}" -export REVISION=%{commit_hash} -%make_build - -%install -export BINDIR="%{buildroot}%{_bindir}" -%make_install %{?_smp_mflags} - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_bindir}/containerd-fuse-overlayfs-grpc - -%changelog -* Wed Oct 11 2023 Piyush Gupta 1.0.6-4 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 1.0.6-3 -- Bump up version to compile with new go -* Tue Aug 08 2023 Piyush Gupta 1.0.6-2 -- Bump up version to compile with new go -* Thu Jul 13 2023 Prashant S Chauhan 1.0.6-1 -- Update to 1.0.6 -* Mon Jul 03 2023 Piyush Gupta 1.0.5-5 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 1.0.5-4 -- Bump up version to compile with new go -* Thu Mar 09 2023 Piyush Gupta 1.0.5-3 -- Bump up version to compile with new go -* Sat Feb 11 2023 Shreenidhi Shedi 1.0.5-2 -- Bump version as a part of rootlesskit upgrade -* Wed Dec 21 2022 Shreenidhi Shedi 1.0.5-1 -- Upgrade to v1.0.5 -* Mon Dec 19 2022 Nitesh Kumar 1.0.4-2 -- Version bump up to use fuse-overlayfs v1.10 -* Thu Nov 03 2022 Shreenidhi Shedi 1.0.4-1 -- Initial build. Needed by containerd-rootless. diff --git a/SPECS/fuse-overlayfs/fuse-overlayfs.spec b/SPECS/fuse-overlayfs/fuse-overlayfs.spec deleted file mode 100644 index 8888bfda9f..0000000000 --- a/SPECS/fuse-overlayfs/fuse-overlayfs.spec +++ /dev/null @@ -1,54 +0,0 @@ -Summary: FUSE overlay+shiftfs implementation for rootless containers -Name: fuse-overlayfs -Version: 1.12 -Release: 1%{?dist} -License: GPLv3+ -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -URL: /~https://github.com/containers/fuse-overlayfs -Source0: /~https://github.com/containers/fuse-overlayfs/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=f113ac20b389d2f1c5e5ff160a60c308017e74c9c85d74a7200bab81a4cfa30335a64740c173f17c91ab4feddffb138ca4378e92894645a67eea5ac73d42890f - -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: fuse3-devel -BuildRequires: make -BuildRequires: systemd-rpm-macros - -Requires: fuse3 -Requires: kmod - -%description -fuse-overlayfs provides an overlayfs FUSE implementation so that it can be used since -Linux 4.18 by unprivileged users in an user namespace. - -%prep -%autosetup -p1 - -%build -./autogen.sh -%configure -make %{?_smp_mflags} - -%install -%make_install -install -d %{buildroot}%{_modulesloaddir} -echo fuse > %{buildroot}%{_modulesloaddir}/fuse-overlayfs.conf - -%files -%defattr(-,root,root) -%license COPYING -%doc README.md -%{_bindir}/%{name} -%{_mandir}/man1/* -%config(noreplace) %{_modulesloaddir}/fuse-overlayfs.conf - -%changelog -* Fri Jun 30 2023 Prashant S Chauhan 1.12-1 -- Upgrade to 1.12 -* Mon Dec 19 2022 Nitesh Kumar 1.10-1 -- Version upgrade to 1.10 -* Fri Sep 02 2022 Nitesh Kumar 1.9-1 -- Initial version diff --git a/SPECS/fuse/fuse-prevent-silent-truncation.patch b/SPECS/fuse/fuse-prevent-silent-truncation.patch deleted file mode 100644 index d9cf4c037c..0000000000 --- a/SPECS/fuse/fuse-prevent-silent-truncation.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 9d89f28b3d1ecd056d4b536b94a1149fecb547a5 Mon Sep 17 00:00:00 2001 -From: Jann Horn -Date: Fri, 13 Jul 2018 14:51:17 -0700 -Subject: [PATCH] fusermount: prevent silent truncation of mount options - -Currently, in the kernel, copy_mount_options() copies in one page of -userspace memory (or less if some of that memory area is not mapped). -do_mount() then writes a null byte to the last byte of the copied page. -This means that mount option strings longer than PAGE_SIZE-1 bytes get -truncated silently. - -Therefore, this can happen: - -user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4000')" mount -sending file descriptor: Bad file descriptor -user@d9-ut:~$ grep /mount /proc/mounts -/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=1000 0 0 -user@d9-ut:~$ fusermount -u mount -user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4050')" mount -sending file descriptor: Bad file descriptor -user@d9-ut:~$ grep /mount /proc/mounts -/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=100 0 0 -user@d9-ut:~$ fusermount -u mount -user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4051')" mount -sending file descriptor: Bad file descriptor -user@d9-ut:~$ grep /mount /proc/mounts -/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=10 0 0 -user@d9-ut:~$ fusermount -u mount -user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4052')" mount -sending file descriptor: Bad file descriptor -user@d9-ut:~$ grep /mount /proc/mounts -/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=1 0 0 -user@d9-ut:~$ fusermount -u mount - -I'm not aware of any context in which this is actually exploitable - you'd -still need the UIDs to fit, and you can't do it if the three GIDs of the -process don't match (in the case of a typical setgid binary), but it does -look like something that should be fixed. - -I also plan to try to get this fixed on the kernel side. ---- - util/fusermount.c | 23 ++++++++++++++++++++--- - 1 file changed, 20 insertions(+), 3 deletions(-) - -diff --git a/util/fusermount.c b/util/fusermount.c -index 26a0b75..0f1d1ec 100644 ---- a/util/fusermount.c -+++ b/util/fusermount.c -@@ -712,6 +712,23 @@ static int get_string_opt(const char *s, unsigned len, const char *opt, - return 1; - } - -+/* The kernel silently truncates the "data" argument to PAGE_SIZE-1 characters. -+ * This can be dangerous if it e.g. truncates the option "group_id=1000" to -+ * "group_id=1". -+ * This wrapper detects this case and bails out with an error. -+ */ -+static int mount_notrunc(const char *source, const char *target, -+ const char *filesystemtype, unsigned long mountflags, -+ const char *data) { -+ if (strlen(data) > sysconf(_SC_PAGESIZE) - 1) { -+ fprintf(stderr, "%s: mount options too long\n", progname); -+ errno = EINVAL; -+ return -1; -+ } -+ return mount(source, target, filesystemtype, mountflags, data); -+} -+ -+ - static int do_mount(const char *mnt, char **typep, mode_t rootmode, - int fd, const char *opts, const char *dev, char **sourcep, - char **mnt_optsp, off_t rootsize) -@@ -836,7 +853,7 @@ static int do_mount(const char *mnt, char **typep, mode_t rootmode, - else - strcpy(source, subtype ? subtype : dev); - -- res = mount(source, mnt, type, flags, optbuf); -+ res = mount_notrunc(source, mnt, type, flags, optbuf); - if (res == -1 && errno == ENODEV && subtype) { - /* Probably missing subtype support */ - strcpy(type, blkdev ? "fuseblk" : "fuse"); -@@ -847,13 +864,13 @@ static int do_mount(const char *mnt, char **typep, mode_t rootmode, - strcpy(source, type); - } - -- res = mount(source, mnt, type, flags, optbuf); -+ res = mount_notrunc(source, mnt, type, flags, optbuf); - } - if (res == -1 && errno == EINVAL) { - /* It could be an old version not supporting group_id */ - sprintf(d, "fd=%i,rootmode=%o,user_id=%u", - fd, rootmode, getuid()); -- res = mount(source, mnt, type, flags, optbuf); -+ res = mount_notrunc(source, mnt, type, flags, optbuf); - } - if (res == -1) { - int errno_save = errno; diff --git a/SPECS/fuse/fuse-types.patch b/SPECS/fuse/fuse-types.patch deleted file mode 100644 index dc4de9b082..0000000000 --- a/SPECS/fuse/fuse-types.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- fuse-2.9.7/include/fuse_kernel.h.orig 2017-09-30 19:00:45.272000000 -0400 -+++ fuse-2.9.7/include/fuse_kernel.h 2017-09-30 19:08:40.988000000 -0400 -@@ -88,12 +88,7 @@ - #ifndef _LINUX_FUSE_H - #define _LINUX_FUSE_H - --#include --#define __u64 uint64_t --#define __s64 int64_t --#define __u32 uint32_t --#define __s32 int32_t --#define __u16 uint16_t -+#include - - /* - * Version negotiation: diff --git a/SPECS/fuse/fuse.spec b/SPECS/fuse/fuse.spec deleted file mode 100644 index d5b6dd7296..0000000000 --- a/SPECS/fuse/fuse.spec +++ /dev/null @@ -1,92 +0,0 @@ -Summary: File System in Userspace (FUSE) utilities -Name: fuse -Version: 2.9.9 -Release: 3%{?dist} -License: GPL+ -URL: /~https://github.com/libfuse/libfuse -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/libfuse/libfuse/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz -%define sha512 %{name}=1acd51a647ec3dbf9eaafb80cec92bd8542bcbb2cf4510fc8b079b4f8aaa8f4b301e469ddefe4f1cc4ae2bf941e028077601c20d97f187cc618cea8710cbe331 - -%ifarch aarch64 -Patch0: fuse-types.patch -%endif -Patch1: fuse-prevent-silent-truncation.patch -Patch2: fuse2-0007-util-ulockmgr_server.c-conditionally-define-closefro.patch - -%description -With FUSE it is possible to implement a fully functional filesystem in a -userspace program. - -%package devel -Summary: Header and development files -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} - -%description devel -It contains the libraries and header files to create fuse applications. - -%prep -%autosetup -p1 -n libfuse-%{name}-%{version} - -%build -export MOUNT_FUSE_PATH="%{_sbindir}" -sh ./makeconf.sh -%configure --disable-static INIT_D_PATH=/tmp/init.d -%make_build - -%install -mkdir -p %{buildroot}%{_libdir}/%{name} -%make_install %{?_smp_mflags} - -install -v -m755 -d %{_docdir}/%{name}-%{version} - -install -v -m644 doc/{how-fuse-works,kernel.txt} \ - %{_docdir}/%{name}-%{version} - -%files -%defattr(-,root,root) -%{_libdir}/libfuse.so.* -%{_libdir}/libulockmgr.so.* -%{_bindir}/* -%{_sbindir}/mount.fuse -%{_mandir}/man1/* -%exclude %{_mandir}/man8/* -%exclude /tmp/init.d/fuse -%exclude %{_sysconfdir}/udev/rules.d/99-fuse.rules - -%files devel -%defattr(-,root,root) -%{_libdir}/libfuse.so -%{_libdir}/libulockmgr.so -%{_includedir}/* -%{_libdir}/pkgconfig/fuse.pc - -%changelog -* Wed May 10 2023 Shreenidhi Shedi 2.9.9-3 -- Fix requires -* Mon Aug 22 2022 Vamsi Krishna Brahmajosyula 2.9.9-2 -- Fix build with glibc 2.36 -* Wed Jul 15 2020 Gerrit Photon 2.9.9-1 -- Automatic Version Bump -* Fri Jan 18 2019 Ankit Jain 2.9.7-5 -- Added patches for CVE-2018-10906 and hardening changes -* Mon Oct 8 2018 Sriram Nambakam 2.9.7-4 -- Use %configure and set DESTDIR -* Tue Nov 14 2017 Alexey Makhalov 2.9.7-3 -- Aarch64 support -* Wed Jul 05 2017 Xiaolin Li 2.9.7-2 -- Move pkgconfig folder to devel package. -* Mon Apr 17 2017 Danut Moraru 2.9.7-1 -- Update to 2.9.7 -* Tue May 24 2016 Priyesh Padmavilasom 2.9.5-2 -- GA - Bump release of all rpms -* Tue Jan 26 2016 Xiaolin Li 2.9.5-1 -- Updated to version 2.9.5 -* Fri Aug 28 2015 Alexey Makhalov 2.9.4-2 -- post/pre actions are removed. -* Tue Jun 16 2015 Harish Udaiya Kumar 2.9.4-1 -- Initial version. diff --git a/SPECS/fuse/fuse2-0007-util-ulockmgr_server.c-conditionally-define-closefro.patch b/SPECS/fuse/fuse2-0007-util-ulockmgr_server.c-conditionally-define-closefro.patch deleted file mode 100644 index 4cc2f8f6e6..0000000000 --- a/SPECS/fuse/fuse2-0007-util-ulockmgr_server.c-conditionally-define-closefro.patch +++ /dev/null @@ -1,55 +0,0 @@ -From: Sam James -Date: Sat, 24 Jul 2021 22:02:45 +0100 -Subject: [PATCH] util/ulockmgr_server.c: conditionally define closefrom (fix - glibc-2.34+) - -closefrom(3) has joined us in glibc-land from *BSD and Solaris. Since -it's available in glibc 2.34+, we want to detect it and only define our -fallback if the libc doesn't provide it. - -Bug: https://bugs.gentoo.org/803923 -Signed-off-by: Sam James - -diff --git a/configure.ac b/configure.ac -index 9946a0e..a2d481a 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -55,6 +55,7 @@ fi - - AC_CHECK_FUNCS([fork setxattr fdatasync splice vmsplice utimensat]) - AC_CHECK_FUNCS([posix_fallocate]) -+AC_CHECK_FUNCS([closefrom]) - AC_CHECK_MEMBERS([struct stat.st_atim]) - AC_CHECK_MEMBERS([struct stat.st_atimespec]) - -diff --git a/util/ulockmgr_server.c b/util/ulockmgr_server.c -index 273c7d9..a04dac5 100644 ---- a/util/ulockmgr_server.c -+++ b/util/ulockmgr_server.c -@@ -22,6 +22,10 @@ - #include - #include - -+#ifdef HAVE_CONFIG_H -+ #include "config.h" -+#endif -+ - struct message { - unsigned intr : 1; - unsigned nofd : 1; -@@ -124,6 +128,7 @@ static int receive_message(int sock, void *buf, size_t buflen, int *fdp, - return res; - } - -+#if !defined(HAVE_CLOSEFROM) - static int closefrom(int minfd) - { - DIR *dir = opendir("/proc/self/fd"); -@@ -141,6 +146,7 @@ static int closefrom(int minfd) - } - return 0; - } -+#endif - - static void send_reply(int cfd, struct message *msg) - { diff --git a/SPECS/fuse/fuse3.spec b/SPECS/fuse/fuse3.spec deleted file mode 100644 index e745b198e7..0000000000 --- a/SPECS/fuse/fuse3.spec +++ /dev/null @@ -1,107 +0,0 @@ -Summary: File System in Userspace (FUSE) utilities -Name: fuse3 -Version: 3.12.0 -Release: 2%{?dist} -License: GPL+ -Url: http://fuse.sourceforge.net/ -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/libfuse/libfuse/archive/%{name}-%{version}.tar.gz -%define sha512 %{name}=70acaa11ba976f4fb83ce25017725aa486d490ba8f7c1cdf9f98e93e6e0a331b5e3fd78c746d1b4dbb783987397ff30ccc5f6e49e150e34c5b2dfc977fc22d01 - -BuildRequires: meson -BuildRequires: systemd-devel -%if 0%{?with_check} -BuildRequires: python3-devel -BuildRequires: python3-setuptools -BuildRequires: python3-xml -BuildRequires: openssl-devel -BuildRequires: curl-devel -BuildRequires: python3-pytest -BuildRequires: python3-six -BuildRequires: python3-attrs -BuildRequires: python3-atomicwrites -BuildRequires: which -%endif - -%description -With FUSE3 it is possible to implement a fully functional filesystem in a -userspace program. - -%package devel -Summary: Header and development files -Group: Development/Libraries -Requires: %{name} = %{version} -Requires: systemd-devel - -%description devel -It contains the libraries and header files to create fuse applications. - -%prep -%autosetup -n libfuse-fuse-%{version} - -%build -export LANG=en_US.UTF-8 -export LC_ALL=en_US.UTF-8 - -CONFIGURE_OPTS=( - --prefix=/usr - -D examples=false -) - -meson build ${CONFIGURE_OPTS[@]} -ninja -C build - -%install -export LANG=en_US.UTF-8 -export LC_ALL=en_US.UTF-8 -DESTDIR=%{buildroot}/ ninja -C build install - -# change from 4755 to 0755 to allow stripping -- fixed later in files -chmod 0755 %{buildroot}/%{_bindir}/fusermount3 - -# Get rid of static libs -rm -f %{buildroot}/%{_libdir}/*.a - -# No need to create init-script -rm -f %{buildroot}%{_sysconfdir}/init.d/fuse3 - -%files -%defattr(-, root, root) -%{_libdir}/libfuse3.so* -%{_bindir}/* -%{_datadir}/man/* -%{_sbindir}/mount.fuse3 -%{_sysconfdir}/fuse* -%{_libdir}/udev/rules.d/99-fuse3.rules - -%files devel -%{_includedir}/* -%{_libdir}/pkgconfig/fuse3.pc -%{_libdir}/libfuse3.so* - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 3.12.0-2 -- Bump version as a part of openssl upgrade -* Wed Nov 30 2022 Piyush Gupta 3.12.0-1 -- Upgrade to 3.12.0. -* Wed Jun 01 2022 Gerrit Photon 3.11.0-1 -- Automatic Version Bump -* Tue Sep 29 2020 Satya Naga Vasamsetty 3.9.4-3 -- openssl 1.1.1 -* Sun Aug 16 2020 Susant Sahani 3.9.4-2 -- Use meson and ninja build system -* Wed Jul 15 2020 Gerrit Photon 3.9.4-1 -- Automatic Version Bump -* Tue Apr 07 2020 Susant Sahani 3.9.1-1 -- Update to 3.9.1 -* Fri Nov 23 2018 Ashwin H 3.2.6-2 -- Fix %check -* Mon Sep 24 2018 Srinidhi Rao 3.2.6-1 -- Update to version 3.2.6. -* Wed Jul 05 2017 Xiaolin Li 3.0.1-2 -- Move pkgconfig folder to devel package. -* Mon Apr 17 2017 Danut Moraru 3.0.1-1 -- Initial version. diff --git a/SPECS/gawk/gawk.spec b/SPECS/gawk/gawk.spec deleted file mode 100644 index 0e304f135f..0000000000 --- a/SPECS/gawk/gawk.spec +++ /dev/null @@ -1,87 +0,0 @@ -Summary: Contains programs for manipulating text files -Name: gawk -Version: 5.1.1 -Release: 2%{?dist} -License: GPLv3 -URL: http://www.gnu.org/software/gawk -Group: Applications/File -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnu.org/gnu/gawk/%{name}-%{version}.tar.xz -%define sha512 %{name}=794538fff03fdb9a8527a6898b26383d01988e8f8456f8d48131676387669a8bb3e706fa1a17f6b6316ddba0ebe653c24ad5dd769f357de509d6ec25f3ff1a43 - -Provides: /bin/awk -Provides: /bin/gawk -Provides: awk - -BuildRequires: readline-devel - -Requires: mpfr -Requires: gmp -Requires: readline - -%description -The Gawk package contains programs for manipulating text files. - -%prep -%autosetup -p1 - -%build -%configure --disable-silent-rules - -%make_build - -%install -%make_install %{?_smp_mflags} -install -vdm 755 %{buildroot}%{_docdir}/%{name}-%{version} -cp -v doc/{awkforai.txt,*.{eps,pdf,jpg}} %{buildroot}%{_docdir}/%{name}-%{version} -rm -rf %{buildroot}%{_infodir} - -%find_lang %{name} - -%if 0%{?with_check} -%check -sed -i 's/ pty1 / /' test/Makefile -make %{?_smp_mflags} check -%endif - -%ldconfig_scriptlets - -%files -f %{name}.lang -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/%{name}/* -%{_includedir}/* -%{_libexecdir}/* -%{_datadir}/awk/* -%{_docdir}/%{name}-%{version}/* -%{_mandir}/*/* -%{_sysconfdir}/profile.d/gawk.csh -%{_sysconfdir}/profile.d/gawk.sh - -%changelog -* Wed Dec 21 2022 Shreenidhi Shedi 5.1.1-2 -- Bump version as a part of readline upgrade -* Thu Dec 02 2021 Susant Sahani 5.1.1-1 -- Version Bump -* Tue Sep 01 2020 Gerrit Photon 5.1.0-1 -- Automatic Version Bump -* Wed Jul 08 2020 Gerrit Photon 5.0.1-1 -- Automatic Version Bump -* Mon Sep 17 2018 Sujay G 4.2.1-1 -- Bump version to 4.2.1 -* Wed Apr 05 2017 Danut Moraru 4.1.4-1 -- Upgrade to version 4.1.4 -* Wed Jan 18 2017 Dheeraj Shetty 4.1.3-4 -- Bump up for depending on readline 7.0 -* Sun Dec 18 2016 Alexey Makhalov 4.1.3-3 -- Provides /bin/awk -* Tue May 24 2016 Priyesh Padmavilasom 4.1.3-2 -- GA - Bump release of all rpms -* Tue Jan 12 2016 Xiaolin Li 4.1.3-1 -- Updated to version 4.1.3 -* Fri Jun 19 2015 Alexey Makhalov 4.1.0-2 -- Provide /bin/gawk. -* Wed Nov 5 2014 Divya Thaluru 4.1.0-1 -- Initial build. First version diff --git a/SPECS/gc/gc.spec b/SPECS/gc/gc.spec deleted file mode 100644 index 6f359b84e8..0000000000 --- a/SPECS/gc/gc.spec +++ /dev/null @@ -1,78 +0,0 @@ -Summary: A garbage collector for C and C++ -Name: gc -Version: 8.2.2 -Release: 1%{?dist} -License: BSD -Url: http://www.hboehm.info/gc -Group: System Environment/Base -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://www.hboehm.info/gc/gc_source/%{name}-%{version}.tar.gz -%define sha512 %{name}=4a7b26789ce22ab72bfaadf3029362c5fe26737df1e856e43db7d9b24ee8acf625e35d596bb3f698f91d6a5ddfb6c45a952a1dbd18d47359569696a544c9c248 - -BuildRequires: libatomic_ops-devel - -Requires: libatomic_ops - -%description -The Boehm-Demers-Weiser conservative garbage collector can be -used as a garbage collecting replacement for C malloc or C++ new. - -%package devel -Summary: Development libraries and header files for gc -Requires: %{name} = %{version}-%{release} - -%description devel -The package contains libraries and header files for -developing applications that use gc. - -%prep -%autosetup -p1 - -%build -%configure --enable-cplusplus - -%make_build - -%install -%make_install %{?_smp_mflags} - -rm -f %{buildroot}%{_libdir}/*.la - -%if 0%{?with_check} -%check -make %{?_smp_mflags} check -%endif - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_libdir}/*.so.* -%{_docdir}/%{name}/* -%{_mandir}/man3/* - -%files devel -%defattr(-,root,root) -%{_includedir}/*.h -%{_includedir}/%{name}/*.h -%{_libdir}/*.so -%{_libdir}/pkgconfig/*.pc - -%changelog -* Thu Sep 29 2022 Shreenidhi Shedi 8.2.2-1 -- Upgrade to v8.2.2 -* Sun Aug 07 2022 Shreenidhi Shedi 8.0.4-2 -- Remove .la files -* Thu Oct 17 2019 Shreenidhi Shedi 8.0.4-1 -- Upgrade to version 8.0.4 -* Mon Sep 17 2018 Sujay G 8.0.0-1 -- Bump to version 8.0.0 -* Wed Apr 05 2017 Danut Moraru 7.6.0-1 -- Upgrade gc to 7.6.0, libatomic_ops to 7.4.4 -* Tue May 24 2016 Priyesh Padmavilasom 7.4.2-2 -- GA - Bump release of all rpms -* Thu Jun 18 2015 Divya Thaluru 7.4.2-1 -- Initial build. First version diff --git a/SPECS/gcc/PLUGIN_TYPE_CAST.patch b/SPECS/gcc/PLUGIN_TYPE_CAST.patch deleted file mode 100644 index 1701ac62af..0000000000 --- a/SPECS/gcc/PLUGIN_TYPE_CAST.patch +++ /dev/null @@ -1,57 +0,0 @@ -diff -Naurp gcc-7.3.0-orig/gcc/c/c-typeck.cc gcc-7.3.0/gcc/c/c-typeck.cc ---- gcc-7.3.0-orig/gcc/c/c-typeck.cc 2017-06-08 12:12:38.381833000 -0700 -+++ gcc-7.3.0/gcc/c/c-typeck.cc 2018-04-24 14:44:50.222592671 -0700 -@@ -48,6 +48,8 @@ along with GCC; see the file COPYING3. - #include "c-family/c-objc.h" - #include "c-family/c-ubsan.h" - #include "gomp-constants.h" -+#include "plugin-api.h" -+#include "plugin.h" - #include "spellcheck-tree.h" - #include "gcc-rich-location.h" - #include "stringpool.h" -@@ -5452,6 +5454,12 @@ build_c_cast (location_t loc, tree type, - return error_mark_node; - } - -+ { -+ tree cast_info[] {type, TREE_TYPE(value)}; -+ invoke_plugin_callbacks (PLUGIN_TYPE_CAST, cast_info); -+ } -+ -+ - if (type == TYPE_MAIN_VARIANT (TREE_TYPE (value))) - { - if (RECORD_OR_UNION_TYPE_P (type)) -diff -Naurp gcc-7.3.0-orig/gcc/plugin.cc gcc-7.3.0/gcc/plugin.cc ---- gcc-7.3.0-orig/gcc/plugin.cc 2017-03-21 04:50:18.693898000 -0700 -+++ gcc-7.3.0/gcc/plugin.cc 2018-04-24 14:46:13.956372418 -0700 -@@ -471,6 +471,7 @@ register_callback (const char *plugin_na - case PLUGIN_NEW_PASS: - case PLUGIN_INCLUDE_FILE: - case PLUGIN_ANALYZER_INIT: -+ case PLUGIN_TYPE_CAST: - { - struct callback_info *new_callback; - if (!callback) -@@ -551,6 +552,7 @@ invoke_plugin_callbacks_full (int event, - case PLUGIN_NEW_PASS: - case PLUGIN_INCLUDE_FILE: - case PLUGIN_ANALYZER_INIT: -+ case PLUGIN_TYPE_CAST: - { - /* Iterate over every callback registered with this event and - call it. */ -diff -Naurp gcc-7.3.0-orig/gcc/plugin.def gcc-7.3.0/gcc/plugin.def ---- gcc-7.3.0-orig/gcc/plugin.def 2017-01-01 04:07:43.905435000 -0800 -+++ gcc-7.3.0/gcc/plugin.def 2018-04-24 14:47:02.209408557 -0700 -@@ -99,6 +99,9 @@ DEFEVENT (PLUGIN_NEW_PASS) - as a const char* pointer. */ - DEFEVENT (PLUGIN_INCLUDE_FILE) - -+/* Called when expression is casted to some type. */ -+DEFEVENT (PLUGIN_TYPE_CAST) -+ - /* Called when -fanalyzer starts. The event data is an - ana::plugin_analyzer_init_iface *. */ - DEFEVENT (PLUGIN_ANALYZER_INIT) diff --git a/SPECS/gcc/gcc.spec b/SPECS/gcc/gcc.spec deleted file mode 100644 index 62a351b036..0000000000 --- a/SPECS/gcc/gcc.spec +++ /dev/null @@ -1,302 +0,0 @@ -%global security_hardening nofortify -%define _use_internal_dependency_generator 0 - -Summary: Contains the GNU compiler collection -Name: gcc -Version: 12.2.0 -Release: 1%{?dist} -License: GPLv2+ -URL: http://gcc.gnu.org -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnu.org/gnu/gcc/%{name}-%{version}/%{name}-%{version}.tar.xz -%define sha512 %{name}=e9e857bd81bf7a370307d6848c81b2f5403db8c7b5207f54bce3f3faac3bde63445684092c2bc1a2427cddb6f7746496d9fbbef05fbbd77f2810b2998f1f9173 - -Patch0: PLUGIN_TYPE_CAST.patch - -Requires: libstdc++-devel = %{version}-%{release} -Requires: libgcc-devel = %{version}-%{release} -Requires: libgomp-devel = %{version}-%{release} -Requires: libgcc-atomic = %{version}-%{release} -Requires: gmp - -%if 0%{?with_check} -BuildRequires: autogen -BuildRequires: dejagnu -%endif - -# bison from publish RPMs will be used. -# We can't use BuildRequires here, as bison might not yet been built. -%define ExtraBuildRequires bison - -%description -The GCC package contains the GNU compiler collection, -which includes the C and C++ compilers. - -%package -n gfortran -Summary: GNU Fortran compiler. -Group: Development/Tools -%description -n gfortran -The gfortran package contains GNU Fortran compiler. - -%package -n libgcc -Summary: GNU C Library -Group: System Environment/Libraries -%description -n libgcc -The libgcc package contains GCC shared libraries for gcc. - -%package -n libgcc-atomic -Summary: GNU C Library for atomic counter updates -Group: System Environment/Libraries -Requires: libgcc = %{version}-%{release} -%description -n libgcc-atomic -The libgcc package contains GCC shared libraries for atomic counter updates. - -%package -n libgcc-devel -Summary: GNU C Library -Group: Development/Libraries -Requires: libgcc = %{version}-%{release} -%description -n libgcc-devel -The libgcc package contains GCC shared libraries for gcc . -This package contains development headers and static library for libgcc. - -%package -n libstdc++ -Summary: GNU C Library -Group: System Environment/Libraries -Requires: libgcc = %{version}-%{release} -%description -n libstdc++ -This package contains the GCC Standard C++ Library v3, an ongoing project to implement the ISO/IEC 14882:1998 Standard C++ library. - -%package -n libstdc++-devel -Summary: GNU C Library -Group: Development/Libraries -Requires: libstdc++ = %{version}-%{release} -%description -n libstdc++-devel -This is the GNU implementation of the standard C++ libraries. -This package includes the headers files and libraries needed for C++ development. - -%package -n libgomp -Summary: GNU C Library -Group: System Environment/Libraries -%description -n libgomp -An implementation of OpenMP for the C, C++, and Fortran 95 compilers in the GNU Compiler Collection. - -%package -n libgomp-devel -Summary: Development headers and static library for libgomp -Group: Development/Libraries -Requires: libgomp = %{version}-%{release} -%description -n libgomp-devel -An implementation of OpenMP for the C, C++, and Fortran 95 compilers in the GNU Compiler Collection. -This package contains development headers and static library for libgomp - -%prep -%autosetup -p1 - -# disable no-pie for gcc binaries -sed -i '/^NO_PIE_CFLAGS = /s/@NO_PIE_CFLAGS@//' gcc/Makefile.in - -%build -export glibcxx_cv_c99_math_cxx98=yes glibcxx_cv_c99_math_cxx11=yes -test %{_host} != %{_build} && export gcc_cv_objdump=%{_arch}-unknown-linux-gnu-objdump - -%configure \ - $(test %{_host} != %{_build} && echo "--target=%{_host}") \ - --enable-shared \ - --enable-threads=posix \ - --enable-__cxa_atexit \ - --enable-clocale=gnu \ - --enable-languages=c,c++,fortran\ - --disable-multilib \ - --enable-default-pie \ - --enable-default-ssp \ - --disable-bootstrap \ - --disable-libstdcxx-pch \ - --enable-linker-build-id \ - --enable-plugin \ - --with-system-zlib - -%make_build - -%install -%make_install %{?_smp_mflags} -install -vdm 755 %{buildroot}%{_lib} -ln -sv %{_bindir}/cpp %{buildroot}%{_lib} -ln -sv gcc %{buildroot}%{_bindir}/cc -install -vdm 755 %{buildroot}%{_datadir}/gdb/auto-load%{_lib} -mv -v %{buildroot}%{_lib64dir}/*gdb.py %{buildroot}%{_datadir}/gdb/auto-load%{_lib} -chmod 755 %{buildroot}/%{_lib64dir}/libgcc_s.so.1 -rm -rf %{buildroot}%{_infodir} -%find_lang %{name} --all-name - -%check -ulimit -s 32768 -# PCH tests fail with error: one ordd more PCH files were found, but they were invalid -# It happens if ASLR is on (due to bug in PCH) -# disable gcc PCH tests. -test `cat /proc/sys/kernel/randomize_va_space` -ne 0 && rm gcc/testsuite/gcc.dg/pch/pch.exp -# disable g++ PCH tests. -test `cat /proc/sys/kernel/randomize_va_space` -ne 0 && rm -rf gcc/testsuite/g++.dg/pch -# This test fails with warning: -# In file included from /usr/src/photon/BUILD/gcc-10.2.0/gcc/testsuite/gcc.dg/asan/pr80166.c:5: -# /usr/include/unistd.h:701:12: note: in a call to function 'getgroups' declared with attribute 'write_only (2, 1)' -# /usr/src/photon/BUILD/gcc-10.2.0/gcc/testsuite/gcc.dg/asan/pr80166.c:19:7: warning: argument 1 value -1 is negative [-Wstringop-overflow=] -# Ignore it. -rm gcc/testsuite/gcc.dg/asan/pr80166.c -# Skip two c++ tests -rm gcc/testsuite/g++.dg/coroutines/torture/co-ret-17-void-ret-coro.C -rm gcc/testsuite/g++.dg/coroutines/torture/pr95519-05-gro.C -# disable security hardening for tests -rm -f $(dirname $(gcc -print-libgcc-file-name))/../specs - -# run only gcc tests -make %{?_smp_mflags} check-gcc - -# No gcc failures -GCC_SUM_FILE=host-%{_host}/gcc/testsuite/gcc/gcc.sum -[ `grep ^FAIL $GCC_SUM_FILE | wc -l` -ne 0 -o `grep ^XPASS $GCC_SUM_FILE | wc -l` -ne 0 ] && exit 1 ||: - -# 1 g++ fail -CPP_SUM_FILE=host-%{_host}/gcc/testsuite/g++/g++.sum -[ `grep ^FAIL $CPP_SUM_FILE | wc -l` -ne 1 -o `grep ^XPASS $CPP_SUM_FILE | wc -l` -ne 0 ] && exit 1 ||: -[ `grep "^FAIL: g++.dg/asan/asan_test.C -O2 (test for excess errors)" $CPP_SUM_FILE | wc -l` -ne 1 ] && exit 1 ||: - -# 1 gfortran fail -GFORTRAN_SUM_FILE=host-%{_host}/gcc/testsuite/gfortran/gfortran.sum -[ `grep ^FAIL $GFORTRAN_SUM_FILE | wc -l` -ne 1 -o `grep ^XPASS $GFORTRAN_SUM_FILE | wc -l` -ne 0 ] && exit 1 ||: -[ `grep "^FAIL: gfortran.dg/analyzer/pr93993.f90 -O (test for excess errors)" $GFORTRAN_SUM_FILE | wc -l` -ne 1 ] && exit 1 ||: - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -f %{name}.lang -%defattr(-,root,root) -%{_lib}/cpp -# Executables -%exclude %{_bindir}/*gfortran -%{_bindir}/* -# Libraries -%{_lib64dir}/* -%exclude %{_libexecdir}/gcc/%{_arch}-unknown-linux-gnu/%{version}/f951 -%{_libdir}/gcc/* -# Library executables -%{_libexecdir}/gcc/* -# Man pages -%{_mandir}/man1/gcov.1.gz -%{_mandir}/man1/gcov-dump.1.gz -%{_mandir}/man1/gcov-tool.1.gz -%{_mandir}/man1/gcc.1.gz -%{_mandir}/man1/g++.1.gz -%{_mandir}/man1/cpp.1.gz -%{_mandir}/man1/lto-dump.1.gz -%{_mandir}/man7/*.gz -%{_datadir}/gdb/* - -%exclude %{_lib64dir}/libgcc* -%exclude %{_lib64dir}/libstdc++* -%exclude %{_lib64dir}/libgomp* - -%files -n gfortran -%defattr(-,root,root) -%{_bindir}/*gfortran -%{_mandir}/man1/gfortran.1.gz -%{_libexecdir}/gcc/%{_arch}-unknown-linux-gnu/%{version}/f951 - -%files -n libgcc -%defattr(-,root,root) -%{_lib64dir}/libgcc_s.so.* - -%files -n libgcc-atomic -%defattr(-,root,root) -%{_lib64dir}/libatomic.so* - -%files -n libgcc-devel -%defattr(-,root,root) -%{_lib64dir}/libgcc_s.so - -%files -n libstdc++ -%defattr(-,root,root) -%{_lib64dir}/libstdc++.so.* -%dir %{_datadir}/gcc-%{version}/python/libstdcxx -%{_datadir}/gcc-%{version}/python/libstdcxx/* - -%files -n libstdc++-devel -%defattr(-,root,root) -%{_lib64dir}/libstdc++.so -%{_lib64dir}/libstdc++.a - -%{_includedir}/c++/* - -%files -n libgomp -%defattr(-,root,root) -%{_lib64dir}/libgomp*.so.* - -%files -n libgomp-devel -%defattr(-,root,root) -%{_lib64dir}/libgomp.a -%{_lib64dir}/libgomp.so -%{_lib64dir}/libgomp.spec - -%changelog -* Fri Aug 19 2022 Ajay Kaher 12.2.0-1 -- Version update -* Sun Aug 07 2022 Shreenidhi Shedi 10.2.0-2 -- Remove .la files -* Thu Jan 28 2021 Alexey Makhalov 10.2.0-1 -- Version update -* Wed Jan 27 2021 Shreenidhi Shedi 8.4.0-2 -- Bump version with new openssl in publish rpms -* Thu May 07 2020 Alexey Makhalov 8.4.0-1 -- Version update -* Tue Mar 24 2020 Alexey Makhalov 7.3.0-6 -- Fix compilation issue with glibc-2.31 -* Tue Nov 06 2018 Alexey Makhalov 7.3.0-5 -- Cross compilation support -* Fri Nov 02 2018 Alexey Makhalov 7.3.0-4 -- Use nofortify security_hardening instead of sed hacking -- Use %configure -* Wed Sep 19 2018 Alexey Makhalov 7.3.0-3 -- Fix compilation issue for glibc-2.28 -* Thu Aug 30 2018 Keerthana K 7.3.0-2 -- Packaging .a files (libstdc++-static files). -* Wed Aug 01 2018 Srivatsa S. Bhat 7.3.0-1 -- Update to version 7.3.0 to get retpoline support. -* Tue Nov 14 2017 Alexey Makhalov 6.3.0-7 -- Aarch64 support -* Mon Oct 02 2017 Alexey Makhalov 6.3.0-6 -- Added smp_mflags for parallel build -* Mon Sep 25 2017 Alexey Makhalov 6.3.0-5 -- Enable elfdeps for libgcc_s to generate libgcc_s.so.1(*)(64bit) provides -* Mon Aug 28 2017 Alexey Makhalov 6.3.0-4 -- Fix makecheck -* Tue Aug 15 2017 Alexey Makhalov 6.3.0-3 -- Fix compilation issue for glibc-2.26 -* Tue Aug 15 2017 Alexey Makhalov 6.3.0-2 -- Improve make check -* Thu Mar 9 2017 Alexey Makhalov 6.3.0-1 -- Update version to 6.3 -* Thu Mar 02 2017 Xiaolin Li 5.3.0-6 -- Enabled fortran. -* Wed Feb 22 2017 Alexey Makhalov 5.3.0-5 -- Added new plugin entry point: PLUGIN_TYPE_CAST (.patch) -* Thu Sep 8 2016 Alexey Makhalov 5.3.0-4 -- Enable plugins and linker build id. -* Tue May 24 2016 Priyesh Padmavilasom 5.3.0-3 -- GA - Bump release of all rpms -* Tue May 17 2016 Anish Swaminathan 5.3.0-2 -- Change package dependencies -* Mon Mar 28 2016 Alexey Makhalov 5.3.0-1 -- Update version to 5.3 -* Tue Nov 10 2015 Xiaolin Li 4.8.2-6 -- Handled locale files with macro find_lang -* Mon Nov 02 2015 Vinay Kulkarni 4.8.2-5 -- Put libatomic.so into its own package. -* Wed May 20 2015 Touseef Liaqat 4.8.2-4 -- Updated group. -* Mon May 18 2015 Touseef Liaqat 4.8.2-3 -- Update according to UsrMove. -* Fri May 15 2015 Divya Thaluru 4.8.2-2 -- Packaging .la files -* Tue Apr 01 2014 baho-utot 4.8.2-1 -- Initial build. First version diff --git a/SPECS/gcovr/gcovr.spec b/SPECS/gcovr/gcovr.spec deleted file mode 100644 index 145c10b804..0000000000 --- a/SPECS/gcovr/gcovr.spec +++ /dev/null @@ -1,81 +0,0 @@ -Summary: The gcovr command provides a utility for managing the use of the GNU gcov utility -Name: gcovr -Version: 5.2 -Release: 3%{?dist} -License: BSD Clause-3 -URL: http://gcovr.com -Vendor: VMware, Inc. -Group: Development/Tools -Distribution: Photon - -Source0: /~https://github.com/gcovr/gcovr/archive/%{name}-%{version}.tar.gz -%define sha512 %{name}=d1a4dd63129ac1d2b9a892ced9b4a0644dc49dc3a115d81ddf348e43fea0e7809c6533104106da8f89a666a4af9ff5a62429b4270ff2272ca61bbebecb7fb921 - -BuildRequires: python3-devel -BuildRequires: python3-setuptools - -%if 0%{?with_check} -BuildRequires: openssl-devel -BuildRequires: curl-devel -BuildRequires: python3-six -BuildRequires: python3-attrs -BuildRequires: python3-lxml -BuildRequires: python3-pip -%endif - -Requires: python3 -Requires: python3-lxml - -Buildarch: noarch - -%description -The gcovr command provides a utility for managing the use of the GNU gcov utility and generating summarized code coverage results. This command is inspired by the Python coverage.py package, which provides a similar utility in Python. Gcovr produces either compact human-readable summary reports, machine readable XML reports or a simple HTML summary. - -%prep -%autosetup -p1 - -%build -%{py3_build} - -%install -%{py3_install} -mv %{buildroot}%{_bindir}/gcovr %{buildroot}%{_bindir}/gcovr3 -ln -sv gcovr3 %{buildroot}%{_bindir}/gcovr - -%if 0%{?with_check} -%check -pip3 install nox -python3 -m nox -%endif - -%files -%defattr(-,root,root) -%doc README.rst LICENSE.txt CHANGELOG.rst -%{_bindir}/gcovr* -%{python3_sitelib}* - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 5.2-3 -- Bump version as a part of openssl upgrade -* Fri Aug 04 2023 Shreenidhi Shedi 5.2-2 -- Fix requires -* Mon Dec 05 2022 Ashwin Dayanand Kamat 5.2-1 -- Update to v5.2 -* Mon Nov 28 2022 Prashant S Chauhan 4.2-4 -- Update release to compile with python 3.11 -* Mon Nov 16 2020 Prashant S Chauhan 4.2-3 -- Fix makecheck, install missing iniconfig module -* Tue Sep 29 2020 Satya Naga Vasamsetty 4.2-2 -- openssl 1.1.1 -* Wed Jul 29 2020 Gerrit Photon 4.2-1 -- Automatic Version Bump -* Tue Jun 16 2020 Tapas Kundu 4.1-4 -- Mass removal python2 -* Wed Sep 18 2019 Prashant Singh Chauhan 4.1-3 -- Fix for make check failure using pip instead of easy_install for python2 -* Wed Nov 21 2018 Ashwin H 4.1-2 -- Fix gcovr %check -* Tue Sep 18 2018 Sujay G 4.1-1 -- Bump gcovr version to 4.1 -* Fri Jun 09 2017 Harish Udaiya Kumar 3.3-1 -- Initial build. First version diff --git a/SPECS/gdb/gdb-7.12-pstack.patch b/SPECS/gdb/gdb-7.12-pstack.patch deleted file mode 100644 index 68b44f8469..0000000000 --- a/SPECS/gdb/gdb-7.12-pstack.patch +++ /dev/null @@ -1,233 +0,0 @@ -2017-07-19 Rui Gu - - * Makefile.in (uninstall-pstack, install-pstack): New rules, add - to install and uninstall. - * pstack.sh, pstack.1: New files. - -Index: gdb-7.12/gdb/Makefile.in -=================================================================== ---- gdb-7.12.orig/gdb/Makefile.in 2014-02-06 20:29:09.401214339 +0100 -+++ gdb-7.12/gdb/Makefile.in 2014-02-06 20:29:09.501214360 +0100 -@@ -1067,7 +1067,7 @@ info install-info clean-info dvi pdf ins - install: all - @$(MAKE) $(FLAGS_TO_PASS) install-only - --install-only: $(CONFIG_INSTALL) -+install-only: install-pstack $(CONFIG_INSTALL) - transformed_name=`t='$(program_transform_name)'; \ - echo gdb | sed -e "$$t"` ; \ - if test "x$$transformed_name" = x; then \ -@@ -1104,7 +1104,25 @@ install-strip: - install-python: - $(SHELL) $(srcdir)/../mkinstalldirs $(DESTDIR)$(GDB_DATADIR)/python/gdb - --uninstall: force $(CONFIG_UNINSTALL) -+PSTACK=pstack -+.PHONY: install-pstack -+install-pstack: -+ transformed_name=`t='$(program_transform_name)'; \ -+ echo $(PSTACK) | sed -e "$$t"` ; \ -+ if test "x$$transformed_name" = x; then \ -+ transformed_name=$(PSTACK) ; \ -+ else \ -+ true ; \ -+ fi ; \ -+ $(SHELL) $(srcdir)/../mkinstalldirs $(DESTDIR)$(bindir) ; \ -+ $(INSTALL_PROGRAM) $(srcdir)/$(PSTACK).sh \ -+ $(DESTDIR)$(bindir)/$$transformed_name$(EXEEXT) ; \ -+ : $(SHELL) $(srcdir)/../mkinstalldirs \ -+ $(DESTDIR)$(man1dir) ; \ -+ : $(INSTALL_DATA) $(srcdir)/pstack.1 \ -+ $(DESTDIR)$(man1dir)/$$transformed_name.1 -+ -+uninstall: force uninstall-pstack $(CONFIG_UNINSTALL) - transformed_name=`t='$(program_transform_name)'; \ - echo gdb | sed -e $$t` ; \ - if test "x$$transformed_name" = x; then \ -@@ -1127,6 +1145,18 @@ uninstall: force $(CONFIG_UNINSTALL) - fi - @$(MAKE) DO=uninstall "DODIRS=$(SUBDIRS)" $(FLAGS_TO_PASS) subdir_do - -+.PHONY: uninstall-pstack -+uninstall-pstack: -+ transformed_name=`t='$(program_transform_name)'; \ -+ echo $(PSTACK) | sed -e $$t` ; \ -+ if test "x$$transformed_name" = x; then \ -+ transformed_name=$(PSTACK) ; \ -+ else \ -+ true ; \ -+ fi ; \ -+ rm -f $(DESTDIR)$(bindir)/$$transformed_name$(EXEEXT) \ -+ $(DESTDIR)$(man1dir)/$$transformed_name.1 -+ - # The C++ name parser can be built standalone for testing. - test-cp-name-parser.o: cp-name-parser.c - $(COMPILE) -DTEST_CPNAMES cp-name-parser.c -Index: gdb-7.12/gdb/pstack.sh -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ gdb-7.12/gdb/pstack.sh 2014-02-06 20:29:09.501214360 +0100 -@@ -0,0 +1,43 @@ -+#!/bin/sh -+ -+if test $# -ne 1; then -+ echo "Usage: `basename $0 .sh` " 1>&2 -+ exit 1 -+fi -+ -+if test ! -r /proc/$1; then -+ echo "Process $1 not found." 1>&2 -+ exit 1 -+fi -+ -+# GDB doesn't allow "thread apply all bt" when the process isn't -+# threaded; need to peek at the process to determine if that or the -+# simpler "bt" should be used. -+ -+backtrace="bt" -+if test -d /proc/$1/task ; then -+ # Newer kernel; has a task/ directory. -+ if test `/bin/ls /proc/$1/task | /usr/bin/wc -l` -gt 1 2>/dev/null ; then -+ backtrace="thread apply all bt" -+ fi -+elif test -f /proc/$1/maps ; then -+ # Older kernel; go by it loading libpthread. -+ if /bin/grep -e libpthread /proc/$1/maps > /dev/null 2>&1 ; then -+ backtrace="thread apply all bt" -+ fi -+fi -+ -+GDB=${GDB:-gdb} -+ -+# Run GDB, strip out unwanted noise. -+# --readnever is no longer used since .gdb_index is now in use. -+$GDB --quiet -nx $GDBARGS /proc/$1/exe $1 <&1 | -+set width 0 -+set height 0 -+set pagination no -+$backtrace -+EOF -+/bin/sed -n \ -+ -e 's/^\((gdb) \)*//' \ -+ -e '/^#/p' \ -+ -e '/^Thread/p' -Index: gdb-7.12/gdb/testsuite/gdb.base/pstack.exp -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ gdb-7.12/gdb/testsuite/gdb.base/pstack.exp 2014-02-06 20:43:17.774747352 +0100 -@@ -0,0 +1,66 @@ -+# Copyright (C) 2012 Free Software Foundation, Inc. -+ -+# This program is free software; you can redistribute it and/or modify -+# it under the terms of the GNU General Public License as published by -+# the Free Software Foundation; either version 3 of the License, or -+# (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program. If not, see . -+ -+set testfile pstack -+set executable ${testfile} -+set binfile [standard_output_file $executable] -+if {[build_executable ${testfile} ${executable} "" {debug}] == -1} { -+ return -1 -+} -+ -+set test "spawn inferior" -+set command "${binfile}" -+set res [remote_spawn host $command]; -+if { $res < 0 || $res == "" } { -+ perror "Spawning $command failed." -+ fail $test -+ return -+} -+set use_gdb_stub 1 -+set pid [exp_pid -i $res] -+gdb_expect { -+ -re "looping\r\n" { -+ pass $test -+ } -+ eof { -+ fail "$test (eof)" -+ return -+ } -+ timeout { -+ fail "$test (timeout)" -+ return -+ } -+} -+gdb_exit -+ -+# Testcase uses the most simple notification not to get caught by attach on -+# exiting the function. Still we could retry the pstack command if we fail. -+ -+set test "spawn pstack" -+set command "sh -c GDB=$GDB\\ GDBARGS=-data-directory\\\\\\ $BUILD_DATA_DIRECTORY\\ sh\\ ${srcdir}/../pstack.sh\\ $pid\\;echo\\ GSTACK-END" -+set res [remote_spawn host $command]; -+if { $res < 0 || $res == "" } { -+ perror "Spawning $command failed." -+ fail $test -+} -+set pid [exp_pid -i $res] -+gdb_test_multiple "" $test { -+ -re "^#0 +(0x\[0-9a-f\]+ in )?\\.?func \\(\\) at \[^\r\n\]*\r\n#1 +0x\[0-9a-f\]+ in \\.?main \\(\\) at \[^\r\n\]*\r\nGSTACK-END\r\n\$" { -+ pass $test -+ } -+} -+gdb_exit -+ -+remote_exec host "kill -9 $pid" -Index: gdb-7.12/gdb/testsuite/gdb.base/pstack.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ gdb-7.12/gdb/testsuite/gdb.base/pstack.c 2014-02-06 20:29:09.502214360 +0100 -@@ -0,0 +1,43 @@ -+/* This testcase is part of GDB, the GNU debugger. -+ -+ Copyright 2005, 2007, 2008, 2009 Free Software Foundation, Inc. -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 3 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program. If not, see . */ -+ -+#include -+#include -+#include -+ -+void -+func (void) -+{ -+ const char msg[] = "looping\n"; -+ -+ /* Use the most simple notification not to get caught by attach on exiting -+ the function. */ -+ write (1, msg, strlen (msg)); -+ -+ for (;;); -+} -+ -+int -+main (void) -+{ -+ alarm (60); -+ nice (100); -+ -+ func (); -+ -+ return 0; -+} - diff --git a/SPECS/gdb/gdb-Stop-inaccessible-region-from-getting-dumped.patch b/SPECS/gdb/gdb-Stop-inaccessible-region-from-getting-dumped.patch deleted file mode 100644 index fa27f3695e..0000000000 --- a/SPECS/gdb/gdb-Stop-inaccessible-region-from-getting-dumped.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 8510e0e9287d51eb13f9792559ef9da5c5c6e88b Mon Sep 17 00:00:00 2001 -From: Vikash Bansal -Date: Mon, 5 Oct 2020 19:38:56 +0530 -Subject: [PATCH] gdb: Stop inaccessible region from getting dumped - -Background : 7.12 onward version of gdb started dumping some -inaccessible regions (e.g: alignment gaps) in coredump, which -is increasing the size of core file. Bug 2564068 was raised -for this issue. - -Fix: -If a memory region in smaps file is having anonymous keyword -and "read, write and execute" flags are "not set" -Then that memory region is inaccessible, so should not be dumped. ---- - gdb/linux-tdep.c | 26 +++++++++++++++++--------- - 1 file changed, 17 insertions(+), 9 deletions(-) - -diff --git a/gdb/linux-tdep.c b/gdb/linux-tdep.c -index d06fbc1..d936a63 100644 ---- a/gdb/linux-tdep.c -+++ b/gdb/linux-tdep.c -@@ -1537,15 +1537,23 @@ linux_find_memory_regions_full (struct gdbarch *gdbarch, - int should_dump_p = 0; - - if (map.has_anonymous) -- { -- should_dump_p -- = should_dump_mapping_p (filterflags, &map.vmflags, -- map.priv, -- map.mapping_anon_p, -- map.mapping_file_p, -- map.filename.c_str (), -- map.start_address, -- map.offset); -+ { -+ if (map.read == 0 && map.write == 0 && map.exec == 0) -+ { -+ /* This is an inaccessible region and should not be dumped */ -+ should_dump_p = 0; -+ } -+ else -+ { -+ should_dump_p -+ = should_dump_mapping_p (filterflags, &map.vmflags, -+ map.priv, -+ map.mapping_anon_p, -+ map.mapping_file_p, -+ map.filename.c_str (), -+ map.start_address, -+ map.offset); -+ } - } - else - { --- -2.25.1 - diff --git a/SPECS/gdb/gdb.spec b/SPECS/gdb/gdb.spec deleted file mode 100644 index 2df057a109..0000000000 --- a/SPECS/gdb/gdb.spec +++ /dev/null @@ -1,237 +0,0 @@ -%global build_minimal_gdb 1 - -Summary: C debugger -Name: gdb -Version: 11.2 -Release: 9%{?dist} -License: GPLv2+ -URL: http://www.gnu.org/software/%{name} -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnu.org/gnu/gdb/%{name}-%{version}.tar.xz -%define sha512 %{name}=07e9026423438049b11f4f784d57401ece4e940570f613bd6958b3714fe7fbc2c048470bcce3e7d7d9f93331cdf3881d30dcc964cb113a071143a02b28e5b127 - -Source1: gdbinit - -Patch0: gdb-7.12-pstack.patch -Patch1: gdb-Stop-inaccessible-region-from-getting-dumped.patch - -Requires: expat -Requires: ncurses -Requires: python3 -Requires: xz-libs -Requires: zlib - -BuildRequires: expat-devel -BuildRequires: ncurses-devel -BuildRequires: python3-devel -BuildRequires: python3-libs -BuildRequires: xz-devel -BuildRequires: zlib-devel -BuildRequires: texinfo - -%if 0%{?with_check} -BuildRequires: dejagnu -BuildRequires: systemtap-sdt-devel -%endif - -Requires: %{name}-minimal = %{version}-%{release} - -%description -GDB, the GNU Project debugger, allows you to see what is going on -`inside' another program while it executes -- or what -another program was doing at the moment it crashed. - -%if 0%{?build_minimal_gdb} -%package minimal -Summary: A GNU source-level debugger for C, C++, Fortran, Go and other languages (minimal version) -Conflicts: %{name} < 11.2-9%{?dist} - -%description minimal -GDB, the GNU debugger, allows you to debug programs written in C, C++, Java, and other languages, -by executing them in a controlled fashion and printing their data. -This package provides a minimal version of GDB, tailored to be used by the Photon buildroot. -It should probably not be used by end users. -%endif - -%prep -%autosetup -p1 - -%build -rm -rf zlib texinfo -mkdir -p build -pushd build - -sh ../configure \ - --host=%{_host} \ - --build=%{_build} \ - --prefix=%{_prefix} \ - --with-system-gdbinit=%{_sysconfdir}/gdbinit \ - --with-python=%{python3} \ - --with-system-zlib - -%make_build - -popd - -%if 0%{?build_minimal_gdb} -mkdir -p minimal-build -pushd minimal-build - -sh ../configure \ - --host=%{_host} \ - --build=%{_build} \ - --prefix=%{_prefix} \ - --without-babeltrace \ - --without-expat \ - --disable-tui \ - --without-python \ - --without-guile \ - --disable-inprocess-agent \ - --without-intel-pt \ - --disable-unit-tests \ - --disable-source-highlight \ - --with-system-zlib - -%make_build - -popd -%endif - -%install -pushd build - -%make_install %{?_smp_mflags} -rm %{buildroot}%{_infodir}/dir \ - %{buildroot}%{_libdir}/libctf-nobfd.a \ - %{buildroot}%{_libdir}/libctf.a - -# following files conflicts with binutils-2.24-1.x86_64 -rm %{buildroot}%{_includedir}/ansidecl.h \ - %{buildroot}%{_includedir}/bfd.h \ - %{buildroot}%{_includedir}/bfdlink.h \ - %{buildroot}%{_includedir}/dis-asm.h \ - %{buildroot}%{_libdir}/libbfd.a \ - %{buildroot}%{_libdir}/libopcodes.a - -# following files conflicts with binutils-2.25-1.x86_64 -rm %{buildroot}%{_datadir}/locale/de/LC_MESSAGES/opcodes.mo \ - %{buildroot}%{_datadir}/locale/fi/LC_MESSAGES/bfd.mo \ - %{buildroot}%{_datadir}/locale/fi/LC_MESSAGES/opcodes.mo - -popd - -%if 0%{?build_minimal_gdb} -mkdir -p %{buildroot}/minimal-%{name} -pushd minimal-build - -%make_install DESTDIR=%{buildroot}/minimal-%{name} %{?_smp_mflags} - -rm -rfv %{buildroot}/minimal-%{name}%{_prefix}/{include,lib*,share} \ - %{buildroot}/minimal-%{name}%{_bindir}/{gcore,gdbserver,gstack,%{name}-add-index,pstack,run} - -mv %{buildroot}/minimal-%{name}%{_bindir}/%{name} %{buildroot}%{_bindir}/%{name}.minimal - -popd -%endif - -%ifarch aarch64 -rm %{buildroot}%{_libdir}/libaarch64-unknown-linux-gnu-sim.a -%endif - -%find_lang %{name} --all-name %{name}.lang -mkdir -p %{buildroot}%{_sysconfdir}/gdbinit.d -install -m 0755 %{SOURCE1} %{buildroot}%{_sysconfdir}/gdbinit - -%if 0%{?with_check} -%check -# disable security hardening for tests -rm -f $(dirname $(gcc -print-libgcc-file-name))/../specs -# fix typo in test -sed -i 's/hex in)/hex in )/g' %{name}/testsuite/%{name}.arch/i386-signal.exp -# ignore exit code and check for expected number of failures -%make_build check || tail %{name}/testsuite/%{name}.sum | grep "# of unexpected failures.*1219\|# of unexpected failures.*1220" -%endif - -%files -f %{name}.lang -%defattr(-,root,root) -%exclude %{_datadir}/locale -%exclude %{_includedir}/*.h -%{_includedir}/%{name}/*.h -%{_includedir}/sim/*.h -%{_libdir}/*.so -%{_infodir}/*.gz -%{_datadir}/%{name}/python/* -%{_datadir}/%{name}/syscalls/* -%{_datadir}/%{name}/system-gdbinit/* -%{_bindir}/* -%exclude %{_bindir}/%{name}.minimal -%exclude %{_bindir}/%{name}-add-index -%{_mandir}/*/* -%{_sysconfdir}/gdbinit -%{_sysconfdir}/gdbinit.d - -%if 0%{?build_minimal_gdb} -%files minimal -%defattr(-,root,root) -%{_bindir}/%{name}.minimal -%{_bindir}/%{name}-add-index -%endif - -%changelog -* Tue Jul 25 2023 Shreenidhi Shedi 11.2-9 -- Add gdb-minimal to requires of gdb -* Tue Jun 20 2023 Shreenidhi Shedi 11.2-8 -- Fix spec issues -* Fri Jun 09 2023 Nitesh Kumar 11.2-7 -- Bump version as a part of ncurses upgrade to v6.4 -* Mon Feb 27 2023 Ajay Kaher 11.2-6 -- Compile with --with-system-gdbinit -* Fri Dec 23 2022 Oliver Kurth 11.2-5 -- bump version as a part of xz upgrade -* Wed Dec 07 2022 Shivani Agarwal 11.2-4 -- Bump version as a part of python upgrade -* Fri Dec 02 2022 Srinidhi Rao 11.2-3 -- Bump version as a part of systemtap upgrade -* Sun May 29 2022 Shreenidhi Shedi 11.2-2 -- Add gdb-minimal sub package -* Mon Apr 18 2022 Gerrit Photon 11.2-1 -- Automatic Version Bump -* Mon May 03 2021 Gerrit Photon 10.2-1 -- Automatic Version Bump -* Thu Jan 07 2021 Tapas Kundu 10.1-1 -- Update to version 10.1 -* Tue Jan 05 2021 Tapas Kundu 9.2-3 -- Fix compatibility with python 3.9 -* Mon Oct 05 2020 Vikash Bansal 9.2-2 -- Stop inaccessible region from getting dumped into coredump -* Mon Aug 24 2020 Keerthana K 9.2-1 -- Update to version 9.2 -* Mon Jul 22 2019 Alexey Makhalov 8.2-2 -- Cross compilation support -* Fri Sep 14 2018 Keerthana K 8.2-1 -- Update to version 8.2 -* Thu Dec 07 2017 Alexey Makhalov 7.12.1-8 -- Enable LZMA support -* Tue Nov 14 2017 Alexey Makhalov 7.12.1-7 -- Aarch64 support -* Mon Sep 11 2017 Rui Gu 7.12.1-6 -- Enable make check in docker with part of checks disabled -* Thu Aug 10 2017 Alexey Makhalov 7.12.1-5 -- Make check improvements -* Fri Jul 21 2017 Rui Gu 7.12.1-4 -- Add pstack wrapper which will invoke gdb. -* Wed Jul 12 2017 Alexey Makhalov 7.12.1-3 -- Get tcl, expect and dejagnu from packages -* Thu May 18 2017 Xiaolin Li 7.12.1-2 -- Build gdb with python3. -* Wed Mar 22 2017 Alexey Makhalov 7.12.1-1 -- Version update -* Tue May 24 2016 Priyesh Padmavilasom 7.8.2-3 -- GA - Bump release of all rpms -* Tue Nov 10 2015 Xiaolin Li 7.8.2-2 -- Handled locale files with macro find_lang -* Wed Apr 08 2015 Priyesh Padmavilasom 7.8.2-1 -- Initial build. First version diff --git a/SPECS/gdb/gdbinit b/SPECS/gdb/gdbinit deleted file mode 100644 index ee31f3540c..0000000000 --- a/SPECS/gdb/gdbinit +++ /dev/null @@ -1,8 +0,0 @@ -# System-wide GDB initialization file. -python -import glob -for f in glob.glob('/etc/gdbinit.d/*.gdb'): - gdb.execute('source %s' % f) -for f in glob.glob('/etc/gdbinit.d/*.py'): - gdb.execute('source %s' % f) -end diff --git a/SPECS/gdbm/gdbm.spec b/SPECS/gdbm/gdbm.spec deleted file mode 100644 index 340b002074..0000000000 --- a/SPECS/gdbm/gdbm.spec +++ /dev/null @@ -1,97 +0,0 @@ -Summary: The GNU Database Manager -Name: gdbm -Version: 1.23 -Release: 2%{?dist} -License: GPLv3+ -URL: http://www.gnu.org/software/gdbm -Group: Applications/Databases -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnu.org/gnu/gdbm/%{name}-%{version}.tar.gz -%define sha512 %{name}=918080cb0225b221c11eb7339634a95e00c526072395f7a3d46ccf42ef020dea7c4c5bec34aff2c4f16033e1fff6583252b7e978f68b8d7f8736b0e025838e10 - -%description -This is a disk file format database which stores key/data-pairs in -single files. The actual data of any record being stored is indexed -by a unique key, which can be retrieved in less time than if it was -stored in a text file. - -%package lang -Summary: Additional language files for gdbm -Group: Applications/Databases -Requires: %{name} = %{version}-%{release} -%description lang -These are the additional language files of gdbm - -%package devel -Summary: Header and development files for gdbm -Requires: %{name} = %{version}-%{release} -%description devel -It contains the libraries and header files to create applications. - -%prep -%autosetup -p1 - -%build -%configure \ - --enable-libgdbm-compat \ - --disable-silent-rules - -%make_build - -%install -%make_install %{?_smp_mflags} - -find %{buildroot}%{_libdir} -name '*.la' -delete -rm -rf %{buildroot}%{_infodir} -%find_lang %{name} - -%check -make %{?_smp_mflags} check - -%ldconfig_scriptlets - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/*.so.* -%{_mandir}/man1/* - -%files lang -f %{name}.lang -%defattr(-,root,root) - -%files devel -%defattr(-,root,root) -%{_libdir}/*.so -%{_libdir}/*.a -%{_includedir}/* -%{_mandir}/man3/* - -%changelog -* Wed Dec 21 2022 Shreenidhi Shedi 1.23-2 -- Bump version as a part of readline upgrade -* Tue Aug 30 2022 Susant Sahani 1.23-1 -- Version Bump -* Thu Dec 02 2021 Susant Sahani 1.22-1 -- Version Bump -* Thu Feb 11 2021 Tapas Kundu 1.19-1 -- Update to 1.19 -* Tue Jan 12 2021 Alexey Makhalov 1.18.1-2 -- GCC-10 support -* Mon Aug 24 2020 Keerthana K 1.18.1-1 -- Update to version 1.18.1 -* Fri Nov 09 2018 Alexey Makhalov 1.18-2 -- Cross compilation support -* Fri Sep 14 2018 Keerthana K 1.18-1 -- Update to version 1.18 -* Fri Jun 23 2017 Xiaolin Li 1.13-3 -- Add devel package. -* Tue May 02 2017 Anish Swaminathan 1.13-2 -- Add lang package. -* Wed Apr 05 2017 Danut Moraru 1.13-1 -- Upgrade gdbm to 1.13 -* Tue May 24 2016 Priyesh Padmavilasom 1.11-2 -- GA - Bump release of all rpms -* Wed Nov 5 2014 Divya Thaluru 1.11-1 -- Initial build. First version diff --git a/SPECS/gdk-pixbuf/gdk-pixbuf.spec b/SPECS/gdk-pixbuf/gdk-pixbuf.spec deleted file mode 100644 index dd387c90f8..0000000000 --- a/SPECS/gdk-pixbuf/gdk-pixbuf.spec +++ /dev/null @@ -1,94 +0,0 @@ -Summary: toolkit for image loading and pixel buffer manipulation. -Name: gdk-pixbuf -Version: 2.42.0 -Release: 4%{?dist} -License: LGPLv2+ -URL: http://www.gt.org -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnome.org/pub/gnome/sources/%{name}/2.42/%{name}-%{version}.tar.xz -%define sha512 %{name}=c9962d42e5bf13514091234342e259be1e06b2c4dea2936e16104a3b58f0b6837f070224c04be9541d75f5ea34d1da398f178a1eed1f9059f6429faf5c223e34 - -BuildRequires: meson -BuildRequires: cmake -BuildRequires: libpng-devel -BuildRequires: libtiff-devel -BuildRequires: libX11-devel -BuildRequires: gobject-introspection-devel -BuildRequires: gtk-doc -BuildRequires: libjpeg-turbo-devel -BuildRequires: shared-mime-info - -Requires: libpng -Requires: libtiff -Requires: libX11 -Requires: gobject-introspection -Requires: libjpeg-turbo - -%description -The Gdk Pixbuf is a toolkit for image loading and pixel buffer manipulation. It is used by GTK+ 2 and GTK+ 3 to load and manipulate images. - -%package devel -Summary: Header and development files -Requires: %{name} = %{version}-%{release} -Requires: libpng-devel -Requires: libtiff-devel -Requires: libX11-devel -Requires: shared-mime-info - -%description devel -It contains the libraries and header files to create applications - -%prep -%autosetup -p1 - -%build -%meson \ - -Dinstalled_tests=false - -%meson_build - -%install -%meson_install - -%post -/sbin/ldconfig -gdk-pixbuf-query-loaders --update-cache - -%postun -p /sbin/ldconfig - -%check -%meson_test - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/*.so.* -%{_libdir}/gdk-pixbuf-2.0 -%{_libdir}/girepository-1.0 - -%files devel -%defattr(-,root,root) -%{_includedir}/* -%{_datadir}/* -%{_libdir}/*.so -%{_libdir}/pkgconfig - -%changelog -* Tue Jun 27 2023 Ashwin Dayanand Kamat 2.42.0-4 -- Bump version as a part of libtiff upgrade -* Wed Jun 14 2023 Shivani Agarwal 2.42.0-3 -- Bump version as a part of libX11 upgrade -* Tue Dec 13 2022 Guruswamy Basavaiah 2.42.0-2 -- Bump release as a part of libpng upgrade -* Tue Sep 06 2022 Shivani Agarwal 2.42.0-1 -- Upgrade version -* Sun Jun 14 2015 Harish Udaiya Kumar 2.33.2-1 -- Updated to version 2.33.2 -* Thu May 21 2015 Alexey Makhalov 2.31.4-1 -- initial version diff --git a/SPECS/geoip-api-c/geoip-api-c.spec b/SPECS/geoip-api-c/geoip-api-c.spec deleted file mode 100644 index ed07c4201e..0000000000 --- a/SPECS/geoip-api-c/geoip-api-c.spec +++ /dev/null @@ -1,82 +0,0 @@ -Summary: Library to find geographical and network information of an IP address -Name: geoip-api-c -Version: 1.6.12 -Release: 3%{?dist} -License: LGPLv2+ -URL: /~https://github.com/maxmind/geoip-api-c -Group: Development/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/maxmind/geoip-api-c/releases/download/v%{version}/GeoIP-%{version}.tar.gz -%define sha512 GeoIP=a1c8120692a7ba6de5836550917f86f4797dd236a8b7d71b6f92b5389e4b071d89e57036654f5de1d4b762730a2a5c331c31414eab0c889c9befaa097941fee7 - -BuildRequires: (coreutils or coreutils-selinux) -BuildRequires: gcc -BuildRequires: make -BuildRequires: zlib-devel -BuildRequires: sed - -Requires: bash -Requires: glibc - -%description -The GeoIP Legacy C library enables the user to find geographical and network information of an IP address using Geolite Legacy country or city databases. - -%package devel -Summary: Development headers and libraries for GeoIP -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} -Provides: geoip-devel = %{version}-%{release} - -%description devel -Development headers and static libraries for building GeoIP applications. - -%prep -%autosetup -p1 -n GeoIP-%{version} - -%build -%configure \ - --disable-static \ - --disable-dependency-tracking - -%make_build - -%install -%make_install %{?_smp_mflags} - -%if 0%{?with_check} -%check -make %{?_smp_mflags} -k check -%endif - -%post -/sbin/ldconfig - -%postun -/sbin/ldconfig - -%files -%defattr(-,root,root) -%{_bindir}/geoiplookup -%{_bindir}/geoiplookup6 -%{_libdir}/libGeoIP.so.1* -%{_mandir}/man1/* - -%files devel -%defattr(-,root,root) -%{_includedir}/GeoIP*.h -%{_libdir}/libGeoIP.so -%{_libdir}/pkgconfig/geoip.pc - -%changelog -* Fri Apr 14 2023 Shreenidhi Shedi 1.6.12-3 -- Bump version as a part of zlib upgrade -* Sun Feb 12 2023 Shreenidhi Shedi 1.6.12-2 -- Fix build requires -* Fri Sep 14 2018 Keerthana K 1.6.12-1 -- Update to version 1.6.12 -* Wed Apr 05 2017 Danut Moraru 1.6.10-1 -- Upgrade geoip-api-c to 1.6.10 -* Wed Jul 27 2016 Anish Swaminathan 1.6.9-1 -- Initial build. First version diff --git a/SPECS/geos/geos.spec b/SPECS/geos/geos.spec deleted file mode 100644 index 3cc5889d41..0000000000 --- a/SPECS/geos/geos.spec +++ /dev/null @@ -1,80 +0,0 @@ -Summary: A C++11 library for performing operations on two-dimensional vector geometries -Name: geos -Version: 3.11.1 -Release: 1%{?dist} -License: LGPLv2 -URL: https://trac.osgeo.org/geos -Group: System Environment/Development -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://download.osgeo.org/geos/%{name}-%{version}.tar.bz2 -%define sha512 %{name}=708500aba9b04208ee46a531d55ddf63a213dfaa2922dae937b524300b2b46c95143ed6cd3ff1414e9099f2be95e5df5a2e0b49df43acf93a9478215259f20d3 - -BuildRequires: cmake - -%description -GEOS (Geometry Engine - Open Source) is a C++ port of the JTS Topology Suite (JTS). -It aims to contain the complete functionality of JTS in C++. - -%package devel -Summary: Header and development files -Requires: %{name} = %{version}-%{release} - -%description devel -It contains the libraries and header files - -%prep -%autosetup -p1 - -%build -%cmake \ - -DDEFAULT_BUILD_TYPE=Debug \ - -DCMAKE_INSTALL_LIBDIR=%{_libdir} - -%cmake_build - -%install -%cmake_install - -%if 0%{?with_check} -%check -make %{?_smp_mflags} check -%endif - -%clean -rm -rf %{buildroot}/* - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_bindir}/geos-config -%{_bindir}/geosop -%{_libdir}/*.so.* - -%files devel -%defattr(-,root,root) -%{_includedir}/geos -%{_includedir}/geos.h -%{_includedir}/geos_c.h -%{_libdir}/*.so -%{_libdir}/cmake/GEOS -%{_libdir}/pkgconfig/geos.pc - -%changelog -* Tue Dec 13 2022 Gerrit Photon 3.11.1-1 -- Automatic Version Bump -* Thu Sep 29 2022 Shreenidhi Shedi 3.11.0-1 -- Upgrade to v3.11.0 -* Fri Jun 17 2022 Shreenidhi Shedi 3.10.2-2 -- Fix build with latest cmake -* Mon Apr 18 2022 Gerrit Photon 3.10.2-1 -- Automatic Version Bump -* Tue Apr 13 2021 Gerrit Photon 3.9.1-1 -- Automatic Version Bump -* Wed Jul 22 2020 Gerrit Photon 3.8.1-1 -- Automatic Version Bump -* Mon Mar 09 2020 Ankit Jain 3.8.0-1 -- Initial build. First version. diff --git a/SPECS/getdns/getdns.spec b/SPECS/getdns/getdns.spec deleted file mode 100644 index 31dd472151..0000000000 --- a/SPECS/getdns/getdns.spec +++ /dev/null @@ -1,108 +0,0 @@ -Summary: Modern asynchronous API to the DNS -Name: getdns -Version: 1.7.2 -Release: 2%{?dist} -License: BSD -Url: http://www.getdnsapi.net -Group: Applications -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://www.getdnsapi.net/dist/%{name}-%{version}.tar.gz -%define sha512 %{name}=6c4a75a4696c46ec8bd9e9659a93fd81f3490b43da28a4c95f99a766027c7588fc493a8ac51563afb8f975c0e5b77d5ea67014d80e78ee2bb17fba1d1073d19f - -BuildRequires: cmake -BuildRequires: check-devel -BuildRequires: libev-devel -BuildRequires: libuv-devel -BuildRequires: glibc-devel -BuildRequires: openssl-devel - -Requires: openssl -Requires: glibc -Requires: libev -Requires: libuv - -%description -getdns is a modern asynchronous DNS API. It implements DNS entry points -from a design developed and vetted by application developers, in an API -specification edited by Paul Hoffman. With the development of this API, -we intend to offer application developers a modernized and flexible way -to access DNS security (DNSSEC) and other powerful new DNS features; a -particular hope is to inspire application developers towards innovative -security solutions in their applications. - -%package devel -Summary: Development package that includes getdns header files -Requires: %{name} = %{version}-%{release} - -%description devel -The devel package contains the getdns library and the include files and -some example C code. - -%package utils -Summary: getdns utilities -Requires: %{name} = %{version}-%{release} - -%description utils -The %{name}-utils package contains utilities using getdns library, -getdns_query and getdns_query_mon utilities. They can be used to analyze -responses from DNS servers over UDP, TCP and TLS, including support for -DNS security. - -getdns_query can be used for fetching details of DNS responses in json format. -getdns_query_mon is great for automated monitoring of DNS server replies. - -%prep -%autosetup -p1 - -%build -%cmake \ - -DCMAKE_BUILD_TYPE=Debug \ - -DUSE_LIBIDN2=OFF \ - -DENABLE_STUB_ONLY=ON \ - -DCMAKE_INSTALL_LIBDIR=%{_libdir} - -%cmake_build - -%install -%cmake_install - -rm -rf %{buildroot}%{_libdir}/*.la \ - %{buildroot}%{_docdir}/%{name} - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root) -%{_libdir}/libgetdns*.so.* -%doc README.md NEWS AUTHORS ChangeLog -%license LICENSE - -%files utils -%defattr(-,root,root) -%{_bindir}/getdns_query -%{_bindir}/getdns_server_mon - -%files devel -%defattr(-,root,root) -%{_libdir}/libgetdns*.a -%{_libdir}/libgetdns*.so -%{_includedir}/%{name}/ -%{_libdir}/pkgconfig/*.pc -%{_mandir}/*/*.3* -%doc spec - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 1.7.2-2 -- Bump version as a part of openssl upgrade -* Thu Sep 29 2022 Shreenidhi Shedi 1.7.2-1 -- Upgrade to v1.7.2 -* Fri Jun 17 2022 Shreenidhi Shedi 1.7.0-2 -- Fix build with latest cmake -* Mon Apr 11 2022 Mukul Sikka 1.7.0-1 -- Initial Build diff --git a/SPECS/gettext/gettext.spec b/SPECS/gettext/gettext.spec deleted file mode 100644 index e48b683d90..0000000000 --- a/SPECS/gettext/gettext.spec +++ /dev/null @@ -1,130 +0,0 @@ -Summary: Utilities for internationalization and localization -Name: gettext -Version: 0.22 -Release: 1%{?dist} -License: GPL-3.0-or-later and LGPL-2.0-or-later and GFDL-1.2-or-later -URL: http://www.gnu.org/software/gettext -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnu.org/gnu/gettext/%{name}-%{version}.tar.xz -%define sha512 %{name}=c6368344aa4e0f6fd7c4a93023a5f7b377c7bb97b8ea688fd54f4c385c069d9ff27611d8763b1aed6328b6d3c4db7b34bd89bfbf6525ecaef11eb58434a4d4fa - -Requires: libgcc -Requires: libstdc++ -Requires: %{name}-libs = %{version}-%{release} - -%description -These allow programs to be compiled with NLS -(Native Language Support), enabling them to output -messages in the user's native language. - -%package devel -Summary: Development files for %{name} -# autopoint is GPLv3+ -# libasprintf is LGPLv2+ -# libgettextpo is GPLv3+ -License: LGPL-2.0-or-later and GPL-3.0-or-later and GFDL-1.2-or-later -Requires: %{name} = %{version}-%{release} -Requires: %{name}-libs = %{version}-%{release} -Requires: xz -Requires: diffutils - -%description devel -This package contains all development related files necessary for -developing or compiling applications/libraries that needs -internationalization capability. You also need this package if you -want to add gettext support for your project. - -%package libs -Summary: Libraries for %{name} -# libasprintf is LGPLv2+ -# libgettextpo is GPLv3+ -License: LGPL-2.0-or-later and GPL-3.0-or-later - -%description libs -This package contains libraries used internationalization support. - -%prep -%autosetup -p1 - -%build -%configure \ - --docdir=%{_docdir}/%{name}-%{version} \ - --disable-silent-rules \ - --disable-static \ - --enable-shared \ - --without-emacs - -%make_build - -%install -%make_install -rm -rf %{buildroot}%{_docdir}/gettext-%{version}/examples \ - %{buildroot}%{_infodir} - -%find_lang %{name} --all-name - -%if 0%{?with_check} -%check -sed -i 's/test-term-ostream-xterm.sh//1' ./libtextstyle/tests/Makefile -make %{?_smp_mflags} check -%endif - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%post libs -p /sbin/ldconfig -%postun libs -p /sbin/ldconfig - -%files -f %{name}.lang -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/%{name}/* -%{_datadir}/%{name}/* -%{_datadir}/%{name}-%{version}/* - -%files libs -%defattr(-,root,root) -%{_libdir}/*.so.* -%{_libdir}/libgettextlib-0.*.so -%{_libdir}/libgettextsrc-0.*.so - -%files devel -%defattr(-,root,root) -%{_libdir}/*.so -%exclude %{_libdir}/libgettextlib-0.*.so -%exclude %{_libdir}/libgettextsrc-0.*.so -%{_includedir}/* -%{_datadir}/aclocal/* -%{_mandir}/* -%{_docdir}/* - -%changelog -* Mon Aug 14 2023 Susant Sahani 0.22-1 -- Version bump. -* Mon May 08 2023 Shreenidhi Shedi 0.21.1-2 -- Introduce deve & libs sub packages -* Thu Jan 12 2023 Ashwin Dayanand Kamat 0.21.1-1 -- Update to version 0.21.1 -* Mon Nov 16 2020 Prashant S Chauhan 0.21-2 -- Fix make check -* Wed Jul 08 2020 Gerrit Photon 0.21-1 -- Automatic Version Bump -* Thu Jun 18 2020 Ashwin H 0.19.8.1-3 -- Fix CVE-2018-18751 -* Thu Nov 08 2018 Alexey Makhalov 0.19.8.1-2 -- Cross compilation support -* Fri Sep 14 2018 Keerthana K 0.19.8.1-1 -- Update to version 0.19.8.1 -* Wed Apr 05 2017 Danut Moraru 0.19.8-1 -- Upgrade to 0.19.8 -* Tue May 24 2016 Priyesh Padmavilasom 0.19.5.1-2 -- GA - Bump release of all rpms -* Tue Jan 12 2016 Xiaolin Li 0.19.5.1-1 -- Updated to version 0.19.5.1 -* Tue Nov 10 2015 Xiaolin Li 0.18.3.2-2 -- Handled locale files with macro find_lang -* Wed Nov 5 2014 Divya Thaluru 0.18.3.2-1 -- Initial build. First version diff --git a/SPECS/gflags/gflags.spec b/SPECS/gflags/gflags.spec deleted file mode 100644 index 6ab161d873..0000000000 --- a/SPECS/gflags/gflags.spec +++ /dev/null @@ -1,71 +0,0 @@ -Summary: Library for commandline flag processing -Name: gflags -Version: 2.2.2 -Release: 1%{?dist} -License: MIT -Group: Development/Libraries/C++ -Vendor: VMware, Inc. -Distribution: Photon -Url: https://gflags.github.io/gflags - -Source0: /~https://github.com/%{name}/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz -%define sha512 %{name}=98c4703aab24e81fe551f7831ab797fb73d0f7dfc516addb34b9ff6d0914e5fd398207889b1ae555bac039537b1d4677067dae403b64903577078d99c1bdb447 - -BuildRequires: cmake -BuildRequires: gcc - -%description -The gflags package contains a C++ library that implements -commandline flags processing. It includes built-in support -for standard types such as string and the ability to define -flags in the source file in which they are used. - -%package devel -Summary: Development files for %{name} -Group: Development/Libraries/C++ -Requires: %{name} = %{version}-%{release} - -%description devel -Development files for %{name} library. - -%prep -%autosetup -p1 - -%build -%cmake -DBUILD_TESTING:BOOL=ON \ - -DINSTALL_HEADERS:BOOL=ON \ - -DREGISTER_BUILD_DIR:BOOL=OFF \ - -DREGISTER_INSTALL_PREFIX:BOOL=OFF - -%cmake_build - -%install -%cmake_install - -%if 0%{?with_check} -%check -%ctest -%endif - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%license COPYING.txt -%doc AUTHORS.txt ChangeLog.txt README.md -%{_bindir}/gflags_completions.sh -%{_libdir}/libgflags.so.* -%{_libdir}/libgflags_nothreads.so.* - -%files devel -%defattr(-,root,root) -%{_includedir}/%{name}/ -%{_libdir}/libgflags.so -%{_libdir}/libgflags_nothreads.so -%{_libdir}/cmake/%{name}/ -%{_libdir}/pkgconfig/%{name}.pc - -%changelog -* Mon Apr 04 2022 Prashant S Chauhan 2.2.2-1 -- gflags initial build diff --git a/SPECS/git-lfs/git-lfs.spec b/SPECS/git-lfs/git-lfs.spec deleted file mode 100644 index 9c4e376a0b..0000000000 --- a/SPECS/git-lfs/git-lfs.spec +++ /dev/null @@ -1,88 +0,0 @@ -%global debug_package %{nil} -%global gemdir %(IFS=: R=($(gem env gempath)); echo ${R[${#R[@]}-1]}) -Summary: Git extension for versioning large files -Name: git-lfs -Version: 3.2.0 -Release: 7%{?dist} -URL: /~https://github.com/git-lfs/git-lfs/archive/v%{version}.tar.gz -Source0: /~https://github.com/git-lfs/git-lfs/archive/refs/tags/%{name}-%{version}.tar.gz -License: MIT -Group: System Environment/Programming -%define sha512 %{name}=c2ba8cecd5b3519a032f446b0c3043352f37f3c67ff3c2304a38beb176f0ae8efd1deaeb8bd54a35d7dd7dcd988da67249c896dffd83fc293b165a3e6bb02d66 -Vendor: VMware, Inc. -Distribution: Photon -BuildRequires: go -BuildRequires: which -BuildRequires: rubygem-ronn -BuildRequires: tar -BuildRequires: git -Requires: git - -%description -Git LFS is a command line extension and specification for managing large files with Git - -%prep -%autosetup - -%build -make %{?_smp_mflags} -export PATH=$PATH:%{gemdir}/bin -make man %{?_smp_mflags} - -%install -rm -rf %{buildroot} -install -D bin/git-lfs %{buildroot}%{_bindir}/git-lfs -mkdir -p %{buildroot}%{_mandir}/man1 -mkdir -p %{buildroot}%{_mandir}/man5 -install -D man/man1/* %{buildroot}%{_mandir}/man1 -install -D man/man5/* %{buildroot}%{_mandir}/man5 - -%post -git lfs install --system - -%preun -git lfs uninstall - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root,-) -%doc LICENSE.md README.md -%{_bindir}/git-lfs -%{_mandir}/man1/* -%{_mandir}/man5/* - -%changelog -* Wed Oct 11 2023 Piyush Gupta 3.2.0-7 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 3.2.0-6 -- Bump up version to compile with new go -* Mon Jul 17 2023 Piyush Gupta 3.2.0-5 -- Bump up version to compile with new go -* Mon Jul 03 2023 Piyush Gupta 3.2.0-4 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 3.2.0-3 -- Bump up version to compile with new go -* Thu Mar 09 2023 Piyush Gupta 3.2.0-2 -- Bump up version to compile with new go -* Wed Nov 30 2022 Gerrit Photon 3.2.0-1 -- Automatic Version Bump -* Mon Nov 21 2022 Piyush Gupta 3.1.4-4 -- Bump up version to compile with new go -* Wed Oct 26 2022 Piyush Gupta 3.1.4-3 -- Bump up version to compile with new go -* Fri Jun 17 2022 Piyush Gupta 3.1.4-2 -- Bump up version to compile with new go -* Mon Apr 18 2022 Gerrit Photon 3.1.4-1 -- Automatic Version Bump -* Fri Jun 11 2021 Piyush Gupta 2.13.3-2 -- Bump up version to compile with new go -* Thu Apr 29 2021 Gerrit Photon 2.13.3-1 -- Automatic Version Bump -* Fri Feb 05 2021 Harinadh D 2.12.0-3 -- Bump up version to compile with new go -* Fri Jan 15 2021 Piyush Gupta 2.12.0-2 -- Bump up version to compile with new go -* Fri Sep 18 2020 Him Kalyan Bordoloi 2.12.0-1 -- Initial release. diff --git a/SPECS/git/git.spec b/SPECS/git/git.spec deleted file mode 100644 index 57f32fd9c4..0000000000 --- a/SPECS/git/git.spec +++ /dev/null @@ -1,223 +0,0 @@ -Summary: Fast distributed version control system -Name: git -Version: 2.39.0 -Release: 4%{?dist} -License: GPLv2 -URL: http://git-scm.com -Group: System Environment/Programming -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://www.kernel.org/pub/software/scm/git/%{name}-%{version}.tar.xz -%define sha512 %{name}=f072cae7738279b1c0f8202e83a243ff0164b03d3be22895aa875caa265150a5773e1f062724b3eb82bc64b163730b6f451b82fa0c904167a8fa53ced5d3b1df - -BuildRequires: curl-devel -BuildRequires: python3-devel -BuildRequires: openssl-devel - -Requires: expat -Requires: curl -Requires: openssl - -%description -Git is a free and open source, distributed version control system -designed to handle everything from small to very large projects with -speed and efficiency. Every Git clone is a full-fledged repository -with complete history and full revision tracking capabilities, not -dependent on network access or a central server. Branching and -merging are fast and easy to do. Git is used for version control of -files, much like tools such as Mercurial, Bazaar, -Subversion-1.7.8, CVS-1.11.23, Perforce, and Team Foundation Server. - -%package lang -Summary: Additional language files for git -Group: System Environment/Programming -Requires: %{name} = %{version}-%{release} -%description lang -These are the additional language files of git. - -%package extras -Summary: Git extra files to support perl, svn, gui, bash etc. -Group: System Environment/Programming -Requires: %{name} = %{version}-%{release} -Requires: perl -Requires: perl-CGI -Requires: perl-DBI -Requires: perl-YAML -Requires: subversion-perl -Requires: python3 - -Conflicts: %{name} < 2.39.0-3 - -%description extras -These are the supported files for perl interface to the git, core package of git, -graphical interface to git,git tools for interacting with subversion repositories -and git bash completion files. - -%prep -%autosetup -p1 - -%build -%configure \ - CFLAGS="%{optflags}" \ - CXXFLAGS="%{optflags}" \ - --libexec=%{_libexecdir} \ - --with-gitconfig=%{_sysconfdir}/gitconfig - -%make_build CFLAGS="%{optflags}" CXXFLAGS="%{optflags}" - -%install -%make_install %{?_smp_mflags} -install -vdm 755 %{buildroot}%{_datadir}/bash-completion/completions -install -m 0644 contrib/completion/git-completion.bash %{buildroot}%{_datadir}/bash-completion/completions/git -%find_lang %{name} -%{_fixperms} %{buildroot}/* - -%check -# git expect nonroot user to run tests -chmod g+w . -R -useradd test -G root -m -sudo -u test make %{?_smp_mflags} test - -%post -if [ $1 -eq 1 ];then - # This is first installation. - git config --system http.sslCAPath %{_sysconfdir}/ssl/certs - exit 0 -fi - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_datadir}/git-core/templates -%{_datadir}/bash-completion/ -%{_libexecdir}/git-core/* -%exclude %{_libexecdir}/git-core/git-svn -%exclude %{_libexecdir}/git-core/git-send-email -%exclude %{_libexecdir}/git-core/git-request-pull -%exclude %{_libexecdir}/git-core/git-p4 -%exclude %{_libexecdir}/git-core/git-instaweb -%exclude %{_libexecdir}/git-core/git-filter-branch -%exclude %{_libexecdir}/git-core/git-archimport -%exclude %{_libexecdir}/git-core/git-add--interactive -%exclude %{_libexecdir}/git-core/git-gui--askpass -%exclude %{_libexecdir}/git-core/git-gui -%exclude %{_libexecdir}/git-core/git-citool -%exclude %{_libexecdir}/git-core/git-cvsexportcommit -%exclude %{_libexecdir}/git-core/git-cvsimport -%exclude %{_libexecdir}/git-core/git-cvsserver -%exclude %{_bindir}/git-cvsserver -%exclude %{_datadir}/git-core/templates/hooks/*.sample - -%files extras -%defattr(-,root,root) -%{_bindir}/git-cvsserver -%{_libexecdir}/git-core/git-svn -%{_libexecdir}/git-core/git-send-email -%{_libexecdir}/git-core/git-request-pull -%{_libexecdir}/git-core/git-p4 -%{_libexecdir}/git-core/git-instaweb -%{_libexecdir}/git-core/git-filter-branch -%{_libexecdir}/git-core/git-archimport -%{_libexecdir}/git-core/git-add--interactive -%{_libexecdir}/git-core/git-gui--askpass -%{_libexecdir}/git-core/git-gui -%{_libexecdir}/git-core/git-citool -%{_libexecdir}/git-core/git-cvsexportcommit -%{_libexecdir}/git-core/git-cvsimport -%{_libexecdir}/git-core/git-cvsserver -%{_datadir}/perl5/* -%{_datadir}/git-gui/* -%{_datadir}/gitk/* -%{_datadir}/gitweb/* -%{_datadir}/git-core/templates/hooks/*.sample - -%files lang -f %{name}.lang -%defattr(-,root,root) - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 2.39.0-4 -- Bump version as a part of openssl upgrade -* Fri May 26 2023 Nitesh Kumar 2.39.0-3 -- Moving bash-completion to main package -* Tue Feb 28 2023 Nitesh Kumar 2.39.0-2 -- Adding subpackage to minimize git dependencies -* Fri Jan 06 2023 Susant Sahani 2.39.0-1 -- Update version -* Mon Oct 31 2022 Prashant S Chauhan 2.38.1-2 -- Update release to compile with python 3.11 -* Tue Oct 25 2022 Nitesh Kumar 2.38.1-1 -- Upgrade version to 2.38.1 -* Sun Sep 11 2022 Vamsi Krishna Brahmajosyula 2.37.3-1 -- Update version to 2.37.3 -* Fri Jul 29 2022 Nitesh Kumar 2.35.4-1 -- Minor version upgrade to address CVE-2022-29187 -* Tue May 10 2022 Nitesh Kumar 2.35.2-1 -- Update version to address CVE-2022-24765 -* Tue Sep 14 2021 Satya Naga Vasamsetty 2.31.1-3 -- Compatibility for openssl 3.0.0 -* Fri May 21 2021 Shreenidhi Shedi 2.31.1-2 -- Bump version as a part of rpm upgrade -* Tue Apr 13 2021 Gerrit Photon 2.31.1-1 -- Automatic Version Bump -* Tue Mar 09 2021 Prashant S Chauhan 2.30.0-3 -- Fix CVE-2021-21300 -* Mon Feb 01 2021 Shreenidhi Shedi 2.30.0-2 -- Fix build with new rpm -* Sat Jan 23 2021 Susant Sahani 2.30.0-1 -- Update version -* Tue Sep 01 2020 Satya Naga Vasamsetty 2.28.0-2 -- Compatibility for openssl 1.1.1 -* Sun Aug 09 2020 Gerrit Photon 2.28.0-1 -- Automatic Version Bump -* Tue Jun 23 2020 Tapas Kundu 2.26.2-2 -- Build python3 -* Tue May 19 2020 Prashant S Chauhan 2.26.2-1 -- Updated to version 2.26.2, fix CVE-2020-11008, CVE-2020-5260 -* Mon Apr 27 2020 Prashant S Chauhan 2.26.0-2 -- Added patch, Fixes CVE-2020-5260 -* Wed Apr 01 2020 Susant Sahani 2.26.0-1 -- Updated to version 2.26.0 -* Tue Feb 12 2019 Prashant S Chauhan 2.23.1-1 -- Updated to version 2.23.1 . Fixes CVE-2019-1348 -* Thu Jan 10 2019 Alexey Makhalov 2.19.0-3 -- Added Requires python2 -* Thu Oct 04 2018 Dweep Advani 2.19.0-2 -- Using %configure and changing for perl upgrade -* Tue Oct 02 2018 Siju Maliakkal 2.19.0-1 -- Update to latest version -* Tue Jul 31 2018 Ajay Kaher 2.14.2-2 -- Excluded the perllocal.pod for aarch64. -* Thu Oct 12 2017 Anish Swaminathan 2.14.2-1 -- Updated to version 2.14.2, fix CVE-2017-14867 -* Mon Aug 21 2017 Rui Gu 2.9.3-4 -- Fix make check with non-root mode. -* Wed May 31 2017 Xiaolin Li 2.9.3-3 -- Mass removal python2 from requires. -* Mon Apr 17 2017 Robert Qi 2.9.3-2 -- Update since perl version got updated. -* Mon Apr 10 2017 Danut Moraru 2.9.3-1 -- Updated to version 2.9.3 -* Wed Dec 07 2016 Xiaolin Li 2.8.1-7 -- BuildRequires curl-devel. -* Fri Aug 19 2016 Alexey Makhalov 2.8.1-6 -- Add bash completion file -* Thu May 26 2016 Harish Udaiya Kumar 2.8.1-5 -- Excluded the perllocal.pod log. -* Tue May 24 2016 Priyesh Padmavilasom 2.8.1-4 -- GA - Bump release of all rpms -* Wed May 18 2016 Priyesh Padmavilasom 2.8.1-3 -- Fix if syntax -* Thu May 05 2016 Kumar Kaushik 2.8.1-2 -- Handling the upgrade scenario. -* Fri Apr 15 2016 Anish Swaminathan 2.8.1-1 -- Updated to version 2.8.1 -* Tue Feb 23 2016 Harish Udaiya Kumar 2.7.1-1 -- Updated to version 2.7.1 -* Wed Jan 13 2016 Anish Swaminathan 2.1.2-2 -- Add requires for perl-CGI. -* Fri Apr 3 2015 Divya Thaluru 2.1.2-1 -- Initial build. First version diff --git a/SPECS/glib-networking/disable-pkcs-related-tests.patch b/SPECS/glib-networking/disable-pkcs-related-tests.patch deleted file mode 100644 index cbc0a06776..0000000000 --- a/SPECS/glib-networking/disable-pkcs-related-tests.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 07e9c6832863931b993b67801bf82d1f25845183 Mon Sep 17 00:00:00 2001 -From: Shreenidhi Shedi -Date: Thu, 20 Jan 2022 12:16:26 +0000 -Subject: [PATCH] Disable pkcs related tests - -p11-kit is disabled by default in Photon Os gnutls package. - -glib-networking assumes p11-kit is enabled in gnutls and tries to -run some pkcs related tests. This is not required. - -If we add p11-kit to Photon repo, it ends up in a nasty circular dependency. - -Let's dodge it for now by using this workaround. - -Signed-off-by: Shreenidhi Shedi ---- - tls/tests/certificate.c | 3 +++ - tls/tests/connection.c | 2 ++ - tls/tests/meson.build | 16 +--------------- - 3 files changed, 6 insertions(+), 15 deletions(-) - -diff --git a/tls/tests/certificate.c b/tls/tests/certificate.c -index 01c3c1a..b4db16f 100644 ---- a/tls/tests/certificate.c -+++ b/tls/tests/certificate.c -@@ -811,8 +811,11 @@ main (int argc, - module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL); - g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS)); - -+#if 0 - g_assert (gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL) == GNUTLS_E_SUCCESS); - g_assert (gnutls_pkcs11_add_provider (module_path, NULL) == GNUTLS_E_SUCCESS); -+#endif -+ - g_free (module_path); - #endif - -diff --git a/tls/tests/connection.c b/tls/tests/connection.c -index 2127cbf..67ccd65 100644 ---- a/tls/tests/connection.c -+++ b/tls/tests/connection.c -@@ -3062,10 +3062,12 @@ main (int argc, - module_path = g_strdup (spy_path); - } - -+#if 0 - ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL); - g_assert_cmpint (ret, ==, GNUTLS_E_SUCCESS); - ret = gnutls_pkcs11_add_provider (module_path, NULL); - g_assert_cmpint (ret, ==, GNUTLS_E_SUCCESS); -+#endif - g_free (module_path); - #endif - -diff --git a/tls/tests/meson.build b/tls/tests/meson.build -index 7415f91..e00413e 100644 ---- a/tls/tests/meson.build -+++ b/tls/tests/meson.build -@@ -21,21 +21,7 @@ envs = [ - 'G_TEST_BUILDDIR=' + meson.current_build_dir(), - ] - --if backends.contains('gnutls') -- mock_pkcs11_module = shared_module('mock-pkcs11', -- sources: 'mock-pkcs11.c', -- name_prefix: '', -- gnu_symbol_visibility: 'hidden', -- dependencies: [ -- gio_dep, -- gnutls_dep, -- ], -- install: enable_installed_tests, -- install_dir: installed_tests_execdir -- ) --else -- mock_pkcs11_module = [] --endif -+mock_pkcs11_module = [] - - if enable_installed_tests - install_subdir('files', install_dir: installed_tests_execdir) --- -2.31.1 - diff --git a/SPECS/glib-networking/glib-networking.spec b/SPECS/glib-networking/glib-networking.spec deleted file mode 100644 index 175520a9a2..0000000000 --- a/SPECS/glib-networking/glib-networking.spec +++ /dev/null @@ -1,118 +0,0 @@ -Summary: Glib networking modules -Name: glib-networking -Version: 2.74.0 -Release: 3%{?dist} -License: GPLv2 -URL: http://wiki.gnome.org/glib-networking -Group: System Environment/Development -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnome.org/pub/GNOME/sources/glib-networking/%{version}/%{name}-%{version}.tar.xz -%define sha512 %{name}=f266c106f2c9379b95773a852c1b5c62ae1d6a758d25c436c3558f620d8e0a211201b3c4dfd89cdbe28b88430bba0cca621e62c01ea23d473983e203919bb1e6 - -Patch0: disable-pkcs-related-tests.patch - -BuildRequires: nettle-devel -BuildRequires: autogen-libopts-devel -BuildRequires: libtasn1-devel -BuildRequires: ca-certificates -BuildRequires: gnutls-devel -BuildRequires: openssl-devel -BuildRequires: intltool -BuildRequires: glib-devel -BuildRequires: glib-schemas -BuildRequires: meson -BuildRequires: gnome-common -BuildRequires: ninja-build -BuildRequires: systemd-rpm-macros - -Requires: nettle -Requires: gnutls -Requires: libtasn1 -Requires: openssl -Requires: ca-certificates - -%description -Glib-netowkring contains networking related gio modules for Glib. - -%package lang -Summary: Additional language files for glib-networking -Group: System Environment/Development -Requires: %{name} = %{version}-%{release} - -Conflicts: %{name} < 2.74.0-2 - -%description lang -These are the additional language files of glib-networking. - -%prep -%autosetup -p1 - -%build -CONFIGURE_OPTS=( - -Dopenssl=enabled - -Dgnutls=enabled - -Dlibproxy=disabled - -Dgnome_proxy=disabled - -Dinstalled_tests=false - -Dstatic_modules=false -) -%meson "${CONFIGURE_OPTS[@]}" -%meson_build - -%install -%meson_install -%find_lang %{name} - -%if 0%{?with_check} -%check -%meson_test -%endif - -%files -%defattr(-,root,root) -%{_libdir}/gio/modules/libgioopenssl.so -%{_libdir}/gio/modules/libgiognutls.so -%{_libdir}/gio/modules/libgioenvironmentproxy.so - -%files lang -f %{name}.lang -%defattr(-,root,root) - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 2.74.0-3 -- Bump version as a part of openssl upgrade -* Wed May 31 2023 Shreenidhi Shedi 2.74.0-2 -- Package lang properly -* Tue Nov 01 2022 Susant Sahani 2.74.0-1 -- Bump version -* Tue Aug 30 2022 Shreenidhi Shedi 2.70.1-3 -- Bump version as a part of gnutls upgrade -* Wed Aug 24 2022 Shreenidhi Shedi 2.70.1-2 -- Bump version as a part of nettle upgrade -* Mon Dec 13 2021 Susant Sahani 2.70.1-1 -- Bump version -* Tue Aug 17 2021 Shreenidhi Shedi 2.66.0-2 -- Bump version as a part of nettle upgrade -* Tue Sep 29 2020 Gerrit Photon 2.66.0-1 -- Automatic Version Bump -* Tue Sep 29 2020 Satya Naga Vasamsetty 2.64.3-2 -- openssl 1.1.1 -* Fri Sep 04 2020 Gerrit Photon 2.64.3-1 -- Automatic Version Bump -* Wed Aug 19 2020 Shreenidhi Shedi 2.59.1-2 -- Bump version as a part of nettle-3.6 upgrade -* Wed Nov 21 2018 Ashwin H 2.59.1-1 -- Updated to 2.59.1 for make check fixes -* Fri Sep 14 2018 Keerthana K 2.58.0-1 -- Update to version 2.58.0 -* Mon Apr 10 2017 Danut Moraru 2.50.0-1 -- Updated to version 2.50.0 -* Wed Oct 05 2016 ChangLee 2.46.1-3 -- Modified %check -* Tue May 24 2016 Priyesh Padmavilasom 2.46.1-2 -- GA - Bump release of all rpms -* Tue Feb 23 2016 Kumar Kaushik 2.46.1-1 -- Updating to new version. -* Wed Aug 12 2015 Touseef Liaqat 2.45.1-1 -- Initial build. First version diff --git a/SPECS/glib/glib.spec b/SPECS/glib/glib.spec deleted file mode 100644 index 5d57cbc715..0000000000 --- a/SPECS/glib/glib.spec +++ /dev/null @@ -1,178 +0,0 @@ -Summary: Low-level libraries useful for providing data structure handling for C. -Name: glib -Version: 2.75.2 -Release: 3%{?dist} -License: LGPLv2+ -URL: https://developer.gnome.org/glib -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://gitlab.gnome.org/GNOME/glib/-/releases/{version}/glib-%{version}.tar.xz -%define sha512 %{name}=f8e34d112c720e17fbc2325e5091f55d120cc82aa2a9012c6e9e3b81a969af97e501910f3f986fa305ab1abfbd77e69ee9c71bcdda33c6795c3b087e684272f6 - -BuildRequires: pcre-devel -BuildRequires: libffi-devel -BuildRequires: pkg-config -BuildRequires: which -BuildRequires: python3-xml -BuildRequires: python3 -BuildRequires: python3-libs -BuildRequires: util-linux-devel -BuildRequires: elfutils-libelf-devel -BuildRequires: meson -BuildRequires: ninja-build -BuildRequires: libselinux-devel -BuildRequires: gtk-doc - -Requires: elfutils-libelf -Requires: pcre-libs -Requires: libffi -Requires: libselinux - -Provides: pkgconfig(glib-2.0) -Provides: pkgconfig(gmodule-2.0) -Provides: pkgconfig(gmodule-no-export-2.0) -Provides: pkgconfig(gobject-2.0) -Provides: pkgconfig(gio-2.0) -Provides: pkgconfig(gio-unix-2.0) -Provides: pkgconfig(gthread-2.0) - -%description -The GLib package contains a low-level libraries useful for providing data structure handling for C, -portability wrappers and interfaces for such runtime functionality as an event loop, threads, -dynamic loading and an object system. Development libs and headers are in glib-devel. - -%package devel -Summary: Header files for the glib library -Group: Development/Libraries -Requires: glib = %{version}-%{release} -Requires: python3-xml -Requires: pcre-devel -Requires: util-linux-devel -Requires: python3 -Requires: libffi-devel -Requires: elfutils-libelf-devel -Requires: libselinux-devel - -%description devel -Static libraries and header files for the support library for the glib library - -%package schemas -Summary: gsettings schemas compiling tool -Group: Development/Libraries -Requires: glib - -%description schemas -Gsettings schemas compiling tool - -%prep -%autosetup -p1 - -%build -CONFIGURE_OPTS=( - -Dlibelf=disabled - -Dgtk_doc=false - -Dtests=false - -Dinstalled_tests=false -) - -%meson "${CONFIGURE_OPTS[@]}" -%meson_build - -%install -%meson_install - -%ldconfig_scriptlets - -%files -%defattr(-,root,root) -%{_libdir}/libglib-*.so.* -%{_libdir}/libgthread-*.so.* -%{_libdir}/libgmodule-*.so.* -%{_libdir}/libgio-*.so.* -%{_libdir}/libgobject-*.so.* -%{_libexecdir}/gio-launch-desktop - -%files devel -%defattr(-, root, root) -%{_bindir}/* -%{_libdir}/*.so -%{_libdir}/pkgconfig/* -%{_libdir}/glib-*/* -%{_includedir}/* -%{_datadir}/* -%exclude %{_bindir}/glib-compile-schemas -%exclude %{_bindir}/gsettings -%exclude %{_datadir}/glib-2.0/schemas/* - -%files schemas -%defattr(-, root, root) -%{_bindir}/glib-compile-schemas -%{_bindir}/gsettings -%{_datadir}/glib-2.0/schemas/* - -%changelog -* Tue Jul 11 2023 Shreenidhi Shedi 2.75.2-3 -- Bump version as a part of elfutils upgrade -* Sat May 27 2023 Shreenidhi Shedi 2.75.2-2 -- Exclude duplicate packaged files -* Mon Jan 09 2023 Susant Sahani 2.75.2-1 -- Update version -* Fri Jan 06 2023 Vamsi Krishna Brahmajosyula 2.75.0-2 -- Bump up due to change in elfutils -* Fri Nov 25 2022 Susant Sahani 2.75.0-1 -- Update version -* Tue Nov 01 2022 Susant Sahani 2.74.1-1 -- Update version -* Tue May 10 2022 Shreenidhi Shedi 2.70.2-2 -- Bump version as a part of libffi upgrade -* Mon Dec 13 2021 Susant Sahani 2.70.2-1 -- Update to 2.70.2 -* Mon Jul 19 2021 Susant Sahani 2.69.0-1 -- Update to 2.69.0 -* Fri Mar 26 2021 Ankit Jain 2.68.0-1 -- Update to 2.68.0 -* Fri Feb 26 2021 Ankit Jain 2.66.7-1 -- Updated to 2.66.7 to fix CVE-2021-27218 and CVE-2021-27219 -* Mon Sep 21 2020 Gerrit Photon 2.66.1-1 -- Automatic Version Bump -* Mon Aug 24 2020 Keerthana K 2.64.5-1 -- Update to version 2.64.5 -* Thu Aug 13 2020 Ankit Jain 2.58.0-7 -- Enabled gtk-doc -* Tue Jun 23 2020 Tapas Kundu 2.58.0-6 -- Build with python3 -- Mass removal python2 -* Fri Aug 09 2019 Alexey Makhalov 2.58.0-5 -- Cross compilation support -* Tue Jul 09 2019 Ankit Jain 2.58.0-4 -- Fix for CVE-2019-13012 -* Mon Jun 03 2019 Ankit Jain 2.58.0-3 -- Fix for CVE-2019-12450 -* Mon Dec 10 2018 Alexey Makhalov 2.58.0-2 -- glib-devel requires python-xml. -* Tue Sep 11 2018 Anish Swaminathan 2.58.0-1 -- Update version to 2.58.0 -* Fri Apr 14 2017 Alexey Makhalov 2.52.1-2 -- Requires pcre-libs, BuildRequires libffi-devel. -* Wed Apr 12 2017 Danut Moraru 2.52.1-1 -- Updated to version 2.52.1-1 -* Thu Oct 06 2016 ChangLee 2.48.2-2 -- Modified %check -* Tue Sep 06 2016 Harish Udaiya Kumar 2.48.2-1 -- Updated to version 2.48.2-1 -* Thu Aug 11 2016 Priyesh Padmavilasom 2.47.6-3 -- Update glib require for devel to use the same version and release -* Tue May 24 2016 Priyesh Padmavilasom 2.47.6-2 -- GA - Bump release of all rpms -* Thu Apr 14 2016 Harish Udaiya Kumar 2.47.6-1 -- Updated to version 2.47.6 -* Thu Jan 14 2016 Xiaolin Li 2.46.2-1 -- Updated to version 2.46.2 -* Fri Jun 12 2015 Alexey Makhalov 2.42.0-3 -- Added glib-schemas package -* Thu Jun 11 2015 Alexey Makhalov 2.42.0-2 -- Added more 'Provides: pkgconfig(...)' for base package -* Thu Nov 06 2014 Sharath George 2.42.0-1 -- Initial version diff --git a/SPECS/glibc/0002-malloc-arena-fix.patch b/SPECS/glibc/0002-malloc-arena-fix.patch deleted file mode 100644 index 2176901e34..0000000000 --- a/SPECS/glibc/0002-malloc-arena-fix.patch +++ /dev/null @@ -1,250 +0,0 @@ -From d143b9757d87318c65140a5f9434be3325afd84d Mon Sep 17 00:00:00 2001 -From: Alexey Makhalov -Date: Thu, 18 Aug 2022 19:32:40 +0530 -Subject: [PATCH] malloc arena fix - -Signed-off-by: Vamsi Krishna Brahmajosyula ---- - elf/dl-tunables.list | 5 ++++ - malloc/arena.c | 62 ++++++++++++++++++++++++++++++++++++++++++++ - malloc/malloc.c | 31 ++++++++++++++++++++++ - malloc/malloc.h | 1 + - 4 files changed, 99 insertions(+) - -diff --git a/elf/dl-tunables.list b/elf/dl-tunables.list -index e6a56b30..31e6ea1f 100644 ---- a/elf/dl-tunables.list -+++ b/elf/dl-tunables.list -@@ -78,6 +78,11 @@ glibc { - minval: 1 - security_level: SXID_IGNORE - } -+ arena_stickiness { -+ type: SIZE_T -+ env_alias: MALLOC_ARENA_STICKINESS -+ security_level: SXID_IGNORE -+ } - tcache_max { - type: SIZE_T - } -diff --git a/malloc/arena.c b/malloc/arena.c -index 0a684a72..8b225f2e 100644 ---- a/malloc/arena.c -+++ b/malloc/arena.c -@@ -86,6 +86,12 @@ typedef struct _heap_info - char pad[-3 * SIZE_SZ & MALLOC_ALIGN_MASK]; - } heap_info; - -+typedef struct _arena_tracker -+{ -+ mstate arena; /* Arena most recently tracked for growth. */ -+ size_t growth; /* Current size in bytes. */ -+} arena_tracker; -+ - /* Get a compile-time error if the heap_info padding is not correct - to make alignment work as expected in sYSMALLOc. */ - extern int sanity_check_heap_info_alignment[(sizeof (heap_info) -@@ -96,6 +102,8 @@ extern int sanity_check_heap_info_alignment[(sizeof (heap_info) - - static __thread mstate thread_arena attribute_tls_model_ie; - -+static __thread arena_tracker thread_arena_tracker attribute_tls_model_ie; -+ - /* Arena free list. free_list_lock synchronizes access to the - free_list variable below, and the next_free and attached_threads - members of struct malloc_state objects. No other locks must be -@@ -256,6 +264,7 @@ TUNABLE_CALLBACK_FNDECL (set_perturb_byte, int32_t) - TUNABLE_CALLBACK_FNDECL (set_trim_threshold, size_t) - TUNABLE_CALLBACK_FNDECL (set_arena_max, size_t) - TUNABLE_CALLBACK_FNDECL (set_arena_test, size_t) -+TUNABLE_CALLBACK_FNDECL (set_arena_stickiness, size_t) - #if USE_TCACHE - TUNABLE_CALLBACK_FNDECL (set_tcache_max, size_t) - TUNABLE_CALLBACK_FNDECL (set_tcache_count, size_t) -@@ -356,6 +365,7 @@ ptmalloc_init (void) - TUNABLE_GET (mmap_max, int32_t, TUNABLE_CALLBACK (set_mmaps_max)); - TUNABLE_GET (arena_max, size_t, TUNABLE_CALLBACK (set_arena_max)); - TUNABLE_GET (arena_test, size_t, TUNABLE_CALLBACK (set_arena_test)); -+ TUNABLE_GET (arena_stickiness, size_t, TUNABLE_CALLBACK (set_arena_stickiness)); - # if USE_TCACHE - TUNABLE_GET (tcache_max, size_t, TUNABLE_CALLBACK (set_tcache_max)); - TUNABLE_GET (tcache_count, size_t, TUNABLE_CALLBACK (set_tcache_count)); -@@ -421,6 +431,13 @@ ptmalloc_init (void) - __libc_mallopt (M_MMAP_THRESHOLD, atoi (&envline[16])); - } - break; -+ case 16: -+ if (!__builtin_expect (__libc_enable_secure, 0)) -+ { -+ if (memcmp (envline, "ARENA_STICKINESS", 16) == 0) -+ __libc_mallopt (M_ARENA_STICKINESS, atoi (&envline[17])); -+ } -+ break; - default: - break; - } -@@ -994,6 +1011,51 @@ arena_get_retry (mstate ar_ptr, size_t bytes) - } - #endif - -+static void -+arena_stickiness_track_alloc (void *victim) -+{ -+ if (!victim || chunk_is_mmapped (mem2chunk (victim))) -+ return; -+ -+ if (thread_arena_tracker.arena != arena_for_chunk (mem2chunk (victim))) { -+ thread_arena_tracker.growth = 0; -+ thread_arena_tracker.arena = arena_for_chunk (mem2chunk (victim)); -+ } else { -+ thread_arena_tracker.growth += chunksize (mem2chunk (victim)); -+ if (thread_arena_tracker.growth >= mp_.arena_stickiness) { -+ /* Swtich thread to the next arena */ -+ mstate replaced_arena = thread_arena; -+ mstate next_to_use = replaced_arena->next; -+ -+ __libc_lock_lock (free_list_lock); -+ detach_arena (replaced_arena); -+#if 0 -+ /* If this was the last attached thread for this arena, put the -+ arena on the free list. */ -+ if (replaced_arena->attached_threads == 0) -+ { -+ replaced_arena->next_free = free_list; -+ free_list = replaced_arena; -+ } -+#endif -+ if (next_to_use->attached_threads == 0) -+ remove_from_free_list (next_to_use); -+ ++next_to_use->attached_threads; -+ -+ __libc_lock_unlock (free_list_lock); -+ thread_arena = next_to_use; -+ } -+ } -+} -+ -+/* chunk must be valid and not mmaped. */ -+static void -+arena_stickiness_track_free (mchunkptr chunk) -+{ -+ if (thread_arena_tracker.arena == arena_for_chunk (chunk)) -+ thread_arena_tracker.growth -= chunksize (chunk); -+} -+ - void - __malloc_arena_thread_freeres (void) - { -diff --git a/malloc/malloc.c b/malloc/malloc.c -index bd3c76ed..30b00ac5 100644 ---- a/malloc/malloc.c -+++ b/malloc/malloc.c -@@ -1873,6 +1873,7 @@ struct malloc_par - INTERNAL_SIZE_T mmap_threshold; - INTERNAL_SIZE_T arena_test; - INTERNAL_SIZE_T arena_max; -+ INTERNAL_SIZE_T arena_stickiness; - - #if HAVE_TUNABLES - /* Transparent Large Page support. */ -@@ -1933,6 +1934,7 @@ static struct malloc_par mp_ = - .mmap_threshold = DEFAULT_MMAP_THRESHOLD, - .trim_threshold = DEFAULT_TRIM_THRESHOLD, - #define NARENAS_FROM_NCORES(n) ((n) * (sizeof (long) == 4 ? 2 : 8)) -+ .arena_stickiness = 0, - .arena_test = NARENAS_FROM_NCORES (1) - #if USE_TCACHE - , -@@ -3337,6 +3339,10 @@ __libc_malloc (size_t bytes) - - assert (!victim || chunk_is_mmapped (mem2chunk (victim)) || - ar_ptr == arena_for_chunk (mem2chunk (victim))); -+ -+ if (mp_.arena_stickiness > 0) -+ arena_stickiness_track_alloc (victim); -+ - return victim; - } - libc_hidden_def (__libc_malloc) -@@ -3381,6 +3387,9 @@ __libc_free (void *mem) - /* Mark the chunk as belonging to the library again. */ - (void)tag_region (chunk2mem (p), memsize (p)); - -+ if (mp_.arena_stickiness > 0) -+ arena_stickiness_track_free (p); -+ - ar_ptr = arena_for_chunk (p); - _int_free (ar_ptr, p, 0); - } -@@ -3484,6 +3493,8 @@ __libc_realloc (void *oldmem, size_t bytes) - return newp; - } - -+ if (mp_.arena_stickiness > 0) -+ arena_stickiness_track_free (oldp); - __libc_lock_lock (ar_ptr->mutex); - - newp = _int_realloc (ar_ptr, oldp, oldsize, nb); -@@ -3492,6 +3503,9 @@ __libc_realloc (void *oldmem, size_t bytes) - assert (!newp || chunk_is_mmapped (mem2chunk (newp)) || - ar_ptr == arena_for_chunk (mem2chunk (newp))); - -+ if (mp_.arena_stickiness > 0) -+ arena_stickiness_track_alloc (newp); -+ - if (newp == NULL) - { - /* Try harder to allocate memory in other arenas. */ -@@ -3712,6 +3726,9 @@ __libc_calloc (size_t n, size_t elem_size) - return mem; - } - -+ if (mp_.arena_stickiness > 0) -+ arena_stickiness_track_alloc (mem); -+ - #if MORECORE_CLEARS - if (perturb_byte == 0 && (p == oldtop && csz > oldtopsize)) - { -@@ -5374,6 +5391,15 @@ do_set_arena_max (size_t value) - return 1; - } - -+static inline int -+__always_inline -+do_set_arena_stickiness (size_t value) -+{ -+ LIBC_PROBE (memory_mallopt_arena_stickiness, 2, value, mp_.arena_stickiness); -+ mp_.arena_stickiness = value; -+ return 1; -+} -+ - #if USE_TCACHE - static __always_inline int - do_set_tcache_max (size_t value) -@@ -5503,6 +5529,11 @@ __libc_mallopt (int param_number, int value) - if (value > 0) - res = do_set_arena_max (value); - break; -+ -+ case M_ARENA_STICKINESS: -+ if (value > 0) -+ res = do_set_arena_stickiness (value); -+ break; - } - __libc_lock_unlock (av->mutex); - return res; -diff --git a/malloc/malloc.h b/malloc/malloc.h -index 60a23e16..77dc31cb 100644 ---- a/malloc/malloc.h -+++ b/malloc/malloc.h -@@ -139,6 +139,7 @@ extern struct mallinfo2 mallinfo2 (void) __THROW; - #define M_PERTURB -6 - #define M_ARENA_TEST -7 - #define M_ARENA_MAX -8 -+#define M_ARENA_STICKINESS -9 - - /* General SVID/XPG interface to tunable parameters. */ - extern int mallopt (int __param, int __val) __THROW; --- -2.37.2 - diff --git a/SPECS/glibc/Fix-sys-mount.h-usage-with-kernel-headers.patch b/SPECS/glibc/Fix-sys-mount.h-usage-with-kernel-headers.patch deleted file mode 100644 index ce2ba89ec7..0000000000 --- a/SPECS/glibc/Fix-sys-mount.h-usage-with-kernel-headers.patch +++ /dev/null @@ -1,337 +0,0 @@ -From d245a3229865a6bf7e6b4a8e17b2085f0e1e5cb8 Mon Sep 17 00:00:00 2001 -From: Adhemerval Zanella -Date: Sun, 21 Aug 2022 15:42:22 +0530 -Subject: [PATCH] linux: Fix sys/mount.h usage with kernel headers - -Now that kernel exports linux/mount.h and includes it on linux/fs.h, -its definitions might clash with glibc exports sys/mount.h. To avoid -the need to rearrange the Linux header to be always after glibc one, -the glibc sys/mount.h is changed to: - - 1. Undefine the macros also used as enum constants. This covers prior - inclusion of (for instance MS_RDONLY). - - 2. Include based on the usual __has_include check - (needs to use __has_include ("linux/mount.h") to paper over GCC - bugs. - - 3. Define enum fsconfig_command only if FSOPEN_CLOEXEC is not defined. - (FSOPEN_CLOEXEC should be a very close proxy.) - - 4. Define struct mount_attr if MOUNT_ATTR_SIZE_VER0 is not defined. - (Added in the same commit on the Linux side.) - -This patch also adds some tests to check if including linux/fs.h and -linux/mount.h after and before sys/mount.h does work. - -Checked on x86_64-linux-gnu. - -Reviewed-by: Florian Weimer - -Signed-off-by: Vamsi Krishna Brahmajosyula ---- - sysdeps/unix/sysv/linux/Makefile | 8 +++ - sysdeps/unix/sysv/linux/sys/mount.h | 70 +++++++++++++++++--- - sysdeps/unix/sysv/linux/tst-mount-compile.py | 66 ++++++++++++++++++ - 3 files changed, 136 insertions(+), 8 deletions(-) - create mode 100755 sysdeps/unix/sysv/linux/tst-mount-compile.py - -diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile -index a139a165..3ceda9fd 100644 ---- a/sysdeps/unix/sysv/linux/Makefile -+++ b/sysdeps/unix/sysv/linux/Makefile -@@ -265,6 +265,14 @@ $(objpfx)tst-mount-consts.out: ../sysdeps/unix/sysv/linux/tst-mount-consts.py - < /dev/null > $@ 2>&1; $(evaluate-test) - $(objpfx)tst-mount-consts.out: $(sysdeps-linux-python-deps) - -+tests-special += $(objpfx)tst-mount-compile.out -+$(objpfx)tst-mount-compile.out: ../sysdeps/unix/sysv/linux/tst-mount-compile.py -+ $(sysdeps-linux-python) \ -+ ../sysdeps/unix/sysv/linux/tst-mount-compile.py \ -+ $(sysdeps-linux-python-cc) \ -+ < /dev/null > $@ 2>&1; $(evaluate-test) -+$(objpfx)tst-mount-compile.out: $(sysdeps-linux-python-deps) -+ - tst-rseq-disable-ENV = GLIBC_TUNABLES=glibc.pthread.rseq=0 - - endif # $(subdir) == misc -diff --git a/sysdeps/unix/sysv/linux/sys/mount.h b/sysdeps/unix/sysv/linux/sys/mount.h -index f965986b..2b2f7845 100644 ---- a/sysdeps/unix/sysv/linux/sys/mount.h -+++ b/sysdeps/unix/sysv/linux/sys/mount.h -@@ -27,6 +27,12 @@ - #include - #include - -+#ifdef __has_include -+# if __has_include ("linux/mount.h") -+# include "linux/mount.h" -+# endif -+#endif -+ - #define BLOCK_SIZE 1024 - #define BLOCK_SIZE_BITS 10 - -@@ -35,69 +41,98 @@ - supported */ - enum - { -+#undef MS_RDONLY - MS_RDONLY = 1, /* Mount read-only. */ - #define MS_RDONLY MS_RDONLY -+#undef MS_NOSUID - MS_NOSUID = 2, /* Ignore suid and sgid bits. */ - #define MS_NOSUID MS_NOSUID -+#undef MS_NODEV - MS_NODEV = 4, /* Disallow access to device special files. */ - #define MS_NODEV MS_NODEV -+#undef MS_NOEXEC - MS_NOEXEC = 8, /* Disallow program execution. */ - #define MS_NOEXEC MS_NOEXEC -+#undef MS_SYNCHRONOUS - MS_SYNCHRONOUS = 16, /* Writes are synced at once. */ - #define MS_SYNCHRONOUS MS_SYNCHRONOUS -+#undef MS_REMOUNT - MS_REMOUNT = 32, /* Alter flags of a mounted FS. */ - #define MS_REMOUNT MS_REMOUNT -+#undef MS_MANDLOCK - MS_MANDLOCK = 64, /* Allow mandatory locks on an FS. */ - #define MS_MANDLOCK MS_MANDLOCK -+#undef MS_DIRSYNC - MS_DIRSYNC = 128, /* Directory modifications are synchronous. */ - #define MS_DIRSYNC MS_DIRSYNC -+#undef MS_NOSYMFOLLOW - MS_NOSYMFOLLOW = 256, /* Do not follow symlinks. */ - #define MS_NOSYMFOLLOW MS_NOSYMFOLLOW -+#undef MS_NOATIME - MS_NOATIME = 1024, /* Do not update access times. */ - #define MS_NOATIME MS_NOATIME -+#undef MS_NODIRATIME - MS_NODIRATIME = 2048, /* Do not update directory access times. */ - #define MS_NODIRATIME MS_NODIRATIME -+#undef MS_BIND - MS_BIND = 4096, /* Bind directory at different place. */ - #define MS_BIND MS_BIND -+#undef MS_MOVE - MS_MOVE = 8192, - #define MS_MOVE MS_MOVE -+#undef MS_REC - MS_REC = 16384, - #define MS_REC MS_REC -+#undef MS_SILENT - MS_SILENT = 32768, - #define MS_SILENT MS_SILENT -+#undef MS_POSIXACL - MS_POSIXACL = 1 << 16, /* VFS does not apply the umask. */ - #define MS_POSIXACL MS_POSIXACL -+#undef MS_UNBINDABLE - MS_UNBINDABLE = 1 << 17, /* Change to unbindable. */ - #define MS_UNBINDABLE MS_UNBINDABLE -+#undef MS_PRIVATE - MS_PRIVATE = 1 << 18, /* Change to private. */ - #define MS_PRIVATE MS_PRIVATE -+#undef MS_SLAVE - MS_SLAVE = 1 << 19, /* Change to slave. */ - #define MS_SLAVE MS_SLAVE -+#undef MS_SHARED - MS_SHARED = 1 << 20, /* Change to shared. */ - #define MS_SHARED MS_SHARED -+#undef MS_RELATIME - MS_RELATIME = 1 << 21, /* Update atime relative to mtime/ctime. */ - #define MS_RELATIME MS_RELATIME -+#undef MS_KERNMOUNT - MS_KERNMOUNT = 1 << 22, /* This is a kern_mount call. */ - #define MS_KERNMOUNT MS_KERNMOUNT -+#undef MS_I_VERSION - MS_I_VERSION = 1 << 23, /* Update inode I_version field. */ - #define MS_I_VERSION MS_I_VERSION -+#undef MS_STRICTATIME - MS_STRICTATIME = 1 << 24, /* Always perform atime updates. */ - #define MS_STRICTATIME MS_STRICTATIME -+#undef MS_LAZYTIME - MS_LAZYTIME = 1 << 25, /* Update the on-disk [acm]times lazily. */ - #define MS_LAZYTIME MS_LAZYTIME -+#undef MS_ACTIVE - MS_ACTIVE = 1 << 30, - #define MS_ACTIVE MS_ACTIVE -+#undef MS_NOUSER - MS_NOUSER = 1 << 31 - #define MS_NOUSER MS_NOUSER - }; - - /* Flags that can be altered by MS_REMOUNT */ -+#undef MS_RMT_MASK - #define MS_RMT_MASK (MS_RDONLY|MS_SYNCHRONOUS|MS_MANDLOCK|MS_I_VERSION \ - |MS_LAZYTIME) - - - /* Magic mount flag number. Has to be or-ed to the flag values. */ - -+#undef MS_MGC_VAL - #define MS_MGC_VAL 0xc0ed0000 /* Magic flag number to indicate "new" flags */ - #define MS_MGC_MSK 0xffff0000 /* Magic flag number mask */ - -@@ -106,20 +141,35 @@ enum - is probably as bad and I don't want to create yet another include - file. */ - -+#undef BLKROSET - #define BLKROSET _IO(0x12, 93) /* Set device read-only (0 = read-write). */ -+#undef BLKROGET - #define BLKROGET _IO(0x12, 94) /* Get read-only status (0 = read_write). */ -+#undef BLKRRPART - #define BLKRRPART _IO(0x12, 95) /* Re-read partition table. */ -+#undef BLKGETSIZE - #define BLKGETSIZE _IO(0x12, 96) /* Return device size. */ -+#undef BLKFLSBUF - #define BLKFLSBUF _IO(0x12, 97) /* Flush buffer cache. */ -+#undef BLKRASET - #define BLKRASET _IO(0x12, 98) /* Set read ahead for block device. */ -+#undef BLKRAGET - #define BLKRAGET _IO(0x12, 99) /* Get current read ahead setting. */ -+#undef BLKFRASET - #define BLKFRASET _IO(0x12,100) /* Set filesystem read-ahead. */ -+#undef BLKFRAGET - #define BLKFRAGET _IO(0x12,101) /* Get filesystem read-ahead. */ -+#undef BLKSECTSET - #define BLKSECTSET _IO(0x12,102) /* Set max sectors per request. */ -+#undef BLKSECTGET - #define BLKSECTGET _IO(0x12,103) /* Get max sectors per request. */ -+#undef BLKSSZGET - #define BLKSSZGET _IO(0x12,104) /* Get block device sector size. */ -+#undef BLKBSZGET - #define BLKBSZGET _IOR(0x12,112,size_t) -+#undef BLKBSZSET - #define BLKBSZSET _IOW(0x12,113,size_t) -+#undef BLKGETSIZE64 - #define BLKGETSIZE64 _IOR(0x12,114,size_t) /* return device size. */ - - -@@ -157,6 +207,7 @@ enum - #define MOUNT_ATTR_NOSYMFOLLOW 0x00200000 /* Do not follow symlinks. */ - - -+#ifndef MOUNT_ATTR_SIZE_VER0 - /* For mount_setattr. */ - struct mount_attr - { -@@ -165,6 +216,7 @@ struct mount_attr - uint64_t propagation; - uint64_t userns_fd; - }; -+#endif - - #define MOUNT_ATTR_SIZE_VER0 32 /* sizeof first published struct */ - -@@ -185,26 +237,28 @@ struct mount_attr - #define FSPICK_EMPTY_PATH 0x00000008 - - -+#ifndef FSOPEN_CLOEXEC - /* The type of fsconfig call made. */ - enum fsconfig_command - { - FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */ --#define FSCONFIG_SET_FLAG FSCONFIG_SET_FLAG -+# define FSCONFIG_SET_FLAG FSCONFIG_SET_FLAG - FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */ --#define FSCONFIG_SET_STRING FSCONFIG_SET_STRING -+# define FSCONFIG_SET_STRING FSCONFIG_SET_STRING - FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */ --#define FSCONFIG_SET_BINARY FSCONFIG_SET_BINARY -+# define FSCONFIG_SET_BINARY FSCONFIG_SET_BINARY - FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */ --#define FSCONFIG_SET_PATH FSCONFIG_SET_PATH -+# define FSCONFIG_SET_PATH FSCONFIG_SET_PATH - FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */ --#define FSCONFIG_SET_PATH_EMPTY FSCONFIG_SET_PATH_EMPTY -+# define FSCONFIG_SET_PATH_EMPTY FSCONFIG_SET_PATH_EMPTY - FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */ --#define FSCONFIG_SET_FD FSCONFIG_SET_FD -+# define FSCONFIG_SET_FD FSCONFIG_SET_FD - FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */ --#define FSCONFIG_CMD_CREATE FSCONFIG_CMD_CREATE -+# define FSCONFIG_CMD_CREATE FSCONFIG_CMD_CREATE - FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */ --#define FSCONFIG_CMD_RECONFIGURE FSCONFIG_CMD_RECONFIGURE -+# define FSCONFIG_CMD_RECONFIGURE FSCONFIG_CMD_RECONFIGURE - }; -+#endif - - /* open_tree flags. */ - #define OPEN_TREE_CLONE 1 /* Clone the target tree and attach the clone */ -diff --git a/sysdeps/unix/sysv/linux/tst-mount-compile.py b/sysdeps/unix/sysv/linux/tst-mount-compile.py -new file mode 100755 -index 00000000..0ec74d4e ---- /dev/null -+++ b/sysdeps/unix/sysv/linux/tst-mount-compile.py -@@ -0,0 +1,66 @@ -+#!/usr/bin/python3 -+# Check if glibc provided sys/mount.h can be used along related kernel -+# headers. -+# Copyright (C) 2022 Free Software Foundation, Inc. -+# This file is part of the GNU C Library. -+# -+# The GNU C Library is free software; you can redistribute it and/or -+# modify it under the terms of the GNU Lesser General Public -+# License as published by the Free Software Foundation; either -+# version 2.1 of the License, or (at your option) any later version. -+# -+# The GNU C Library is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+# Lesser General Public License for more details. -+# -+# You should have received a copy of the GNU Lesser General Public -+# License along with the GNU C Library; if not, see -+# . -+ -+import argparse -+import sys -+ -+import glibcextract -+ -+ -+def main(): -+ """The main entry point.""" -+ parser = argparse.ArgumentParser( -+ description='Check if glibc provided sys/mount.h can be ' -+ ' used along related kernel headers.') -+ parser.add_argument('--cc', metavar='CC', -+ help='C compiler (including options) to use') -+ args = parser.parse_args() -+ -+ if glibcextract.compile_c_snippet( -+ '#include ', -+ args.cc).returncode != 0: -+ sys.exit (77) -+ -+ def check(testname, snippet): -+ # Add -Werror to catch macro redefinitions and _ISOMAC to avoid -+ # internal glibc definitions. -+ r = glibcextract.compile_c_snippet(snippet, args.cc, -+ '-Werror -D_ISOMAC') -+ if r.returncode != 0: -+ print('error: test {}:\n{}'.format(testname, r.output.decode())) -+ return r.returncode -+ -+ status = max( -+ check("sys/mount.h + linux/mount.h", -+ "#include \n" -+ "#include "), -+ check("sys/mount.h + linux/fs.h", -+ "#include \n" -+ "#include "), -+ check("linux/mount.h + sys/mount.h", -+ "#include \n" -+ "#include "), -+ check("linux/fs.h + sys/mount.h", -+ "#include \n" -+ "#include ")) -+ sys.exit(status) -+ -+if __name__ == '__main__': -+ main() --- -2.37.2 - diff --git a/SPECS/glibc/glibc-2.31-fhs-1.patch b/SPECS/glibc/glibc-2.31-fhs-1.patch deleted file mode 100644 index 4ac8d106bb..0000000000 --- a/SPECS/glibc/glibc-2.31-fhs-1.patch +++ /dev/null @@ -1,72 +0,0 @@ -Submitted By: Armin K. -Date: 2013-02-11 -Initial Package Version: 2.17 -Upstream Status: Not Applicable -Origin: Self -Description: This patch removes references to /var/db directory which is not part - of FHS and replaces them with more suitable directories in /var - hierarchy - /var/cache/nscd for nscd and /var/lib/nss_db for nss_db. - ---- a/Makeconfig 2012-12-25 04:02:13.000000000 +0100 -+++ b/Makeconfig 2013-02-11 01:32:32.500667439 +0100 -@@ -250,7 +250,7 @@ - - # Directory for the database files and Makefile for nss_db. - ifndef vardbdir --vardbdir = $(localstatedir)/db -+vardbdir = $(localstatedir)/lib/nss_db - endif - inst_vardbdir = $(install_root)$(vardbdir) - ---- a/nscd/nscd.h 2012-12-25 04:02:13.000000000 +0100 -+++ b/nscd/nscd.h 2013-02-11 01:32:32.500667439 +0100 -@@ -112,11 +112,11 @@ - - - /* Paths of the file for the persistent storage. */ --#define _PATH_NSCD_PASSWD_DB "/var/db/nscd/passwd" --#define _PATH_NSCD_GROUP_DB "/var/db/nscd/group" --#define _PATH_NSCD_HOSTS_DB "/var/db/nscd/hosts" --#define _PATH_NSCD_SERVICES_DB "/var/db/nscd/services" --#define _PATH_NSCD_NETGROUP_DB "/var/db/nscd/netgroup" -+#define _PATH_NSCD_PASSWD_DB "/var/cache/nscd/passwd" -+#define _PATH_NSCD_GROUP_DB "/var/cache/nscd/group" -+#define _PATH_NSCD_HOSTS_DB "/var/cache/nscd/hosts" -+#define _PATH_NSCD_SERVICES_DB "/var/cache/nscd/services" -+#define _PATH_NSCD_NETGROUP_DB "/var/cache/nscd/netgroup" - - /* Path used when not using persistent storage. */ - #define _PATH_NSCD_XYZ_DB_TMP "/var/run/nscd/dbXXXXXX" ---- a/nss/db-Makefile 2012-12-25 04:02:13.000000000 +0100 -+++ b/nss/db-Makefile 2013-02-11 01:32:32.500667439 +0100 -@@ -22,7 +22,7 @@ - /etc/rpc /etc/services /etc/shadow /etc/gshadow \ - /etc/netgroup) - --VAR_DB = /var/db -+VAR_DB = /var/lib/nss_db - - AWK = awk - MAKEDB = makedb --quiet ---- a/sysdeps/generic/paths.h 2012-12-25 04:02:13.000000000 +0100 -+++ b/sysdeps/generic/paths.h 2013-02-11 01:32:32.500667439 +0100 -@@ -68,7 +68,7 @@ - /* Provide trailing slash, since mostly used for building pathnames. */ - #define _PATH_DEV "/dev/" - #define _PATH_TMP "/tmp/" --#define _PATH_VARDB "/var/db/" -+#define _PATH_VARDB "/var/lib/nss_db/" - #define _PATH_VARRUN "/var/run/" - #define _PATH_VARTMP "/var/tmp/" - ---- a/sysdeps/unix/sysv/linux/paths.h 2012-12-25 04:02:13.000000000 +0100 -+++ b/sysdeps/unix/sysv/linux/paths.h 2013-02-11 01:32:32.504000831 +0100 -@@ -68,7 +68,7 @@ - /* Provide trailing slash, since mostly used for building pathnames. */ - #define _PATH_DEV "/dev/" - #define _PATH_TMP "/tmp/" --#define _PATH_VARDB "/var/db/" -+#define _PATH_VARDB "/var/lib/nss_db/" - #define _PATH_VARRUN "/var/run/" - #define _PATH_VARTMP "/var/tmp/" - diff --git a/SPECS/glibc/glibc.spec b/SPECS/glibc/glibc.spec deleted file mode 100644 index 8471fcc352..0000000000 --- a/SPECS/glibc/glibc.spec +++ /dev/null @@ -1,474 +0,0 @@ -%global security_hardening nonow -%define glibc_target_cpu %{_build} -%global __brp_elfperms /bin/true - -Summary: Main C library -Name: glibc -Version: 2.36 -Release: 5%{?dist} -License: LGPLv2+ -URL: http://www.gnu.org/software/libc -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnu.org/gnu/glibc/%{name}-%{version}.tar.xz -%define sha512 %{name}=9ea0bbda32f83a85b7da0c34f169607fb8a102f0a11a914e6bf531be47d1bef4f5307128286cffa1e2dc5879f0e6ccaef527dd353486883fa332a0b44bde8b3e - -Source1: locale-gen.sh -Source2: locale-gen.conf - -#Patch taken from http://www.linuxfromscratch.org/patches/downloads/glibc/glibc-2.31-fhs-1.patch -Patch0: glibc-2.31-fhs-1.patch -Patch1: 0002-malloc-arena-fix.patch -Patch2: Fix-sys-mount.h-usage-with-kernel-headers.patch - -Provides: rtld(GNU_HASH) -Provides: /sbin/ldconfig - -Requires: filesystem -Requires: %{name}-libs = %{version}-%{release} - -Conflicts: %{name}-i18n < 2.36-4 - -%define ExtraBuildRequires bison, python3, python3-libs - -%description -This library provides the basic routines for allocating memory, -searching directories, opening and closing files, reading and -writing files, string handling, pattern matching, arithmetic, -and so on. - -%package libs -Summary: glibc shared library -Group: System/Libraries -Conflicts: %{name} < 2.36-5 - -%description libs -This subpackage contains the implementation as a shared library. - -%package devel -Summary: Header files for glibc -Group: Applications/System -Requires: %{name} = %{version}-%{release} - -%description devel -These are the header files of glibc. - -%package lang -Summary: Additional language files for glibc -Group: Applications/System -Requires: %{name} = %{version}-%{release} - -%description lang -These are the additional language files of glibc. - -%package i18n -Summary: Additional internationalization files for glibc -Group: Applications/System -Requires: %{name} = %{version}-%{release} - -%description i18n -These are the additional internationalization files of glibc. - -%package iconv -Summary: gconv modules for glibc -Group: Applications/System -Requires: %{name} = %{version}-%{release} - -%description iconv -These is gconv modules for iconv() and iconv tools. - -%package tools -Summary: tools for glibc -Group: Applications/System -Requires: %{name} = %{version}-%{release} - -%description tools -Extra tools for glibc. - -%package nscd -Summary: Name Service Cache Daemon -Group: Applications/System -Requires: %{name} = %{version}-%{release} - -%description nscd -Name Service Cache Daemon - -%prep -%autosetup -p1 -sed -i 's/\\$$(pwd)/`pwd`/' timezone/Makefile -install -vdm 755 %{_builddir}/%{name}-build -# do not try to explicitly provide GLIBC_PRIVATE versioned libraries -%define __find_provides %{_builddir}/%{name}-%{version}/find_provides.sh -%define __find_requires %{_builddir}/%{name}-%{version}/find_requires.sh - -# create find-provides and find-requires script in order to ignore GLIBC_PRIVATE errors -cat > find_provides.sh << _EOF -#! /bin/sh -if [ -d /tools ]; then - /tools/lib/rpm/find-provides | grep -v GLIBC_PRIVATE -else - %{_libdir}/rpm/find-provides | grep -v GLIBC_PRIVATE -fi -exit 0 -_EOF -chmod +x find_provides.sh - -cat > find_requires.sh << _EOF -#! /bin/sh -if [ -d /tools ]; then - /tools/lib/rpm/find-requires %{buildroot} %{glibc_target_cpu} | grep -v GLIBC_PRIVATE -else - %{_libdir}/rpm/find-requires %{buildroot} %{glibc_target_cpu} | grep -v GLIBC_PRIVATE -fi -_EOF -chmod +x find_requires.sh - -%build - -cd %{_builddir}/%{name}-build -../%{name}-%{version}/configure \ - --host=%{_host} --build=%{_build} \ - CFLAGS="%{optflags}" \ - CXXFLAGS="%{optflags}" \ - --program-prefix=%{?_program_prefix} \ - --disable-dependency-tracking \ - --prefix=%{_prefix} \ - --exec-prefix=%{_prefix} \ - --bindir=%{_bindir} \ - --sbindir=%{_sbindir} \ - --sysconfdir=%{_sysconfdir} \ - --datadir=%{_datadir} \ - --includedir=%{_includedir} \ - --libdir=%{_libdir} \ - --libexecdir=%{_libexecdir} \ - --localstatedir=%{_localstatedir} \ - --sharedstatedir=%{_sharedstatedir} \ - --mandir=%{_mandir} \ - --infodir=%{_infodir} \ - --disable-profile \ - --disable-werror \ - --enable-kernel=3.2 \ - --enable-bind-now \ - --enable-stack-protector=strong \ - --disable-experimental-malloc \ - --disable-silent-rules \ - libc_cv_slibdir=%{_libdir} - -# Sometimes we have false "out of memory" make error -# just rerun/continue make to workaroung it. -%make_build || %make_build || %make_build - -%install -# Do not remove static libs -pushd %{_builddir}/glibc-build -# Create directories -make install_root=%{buildroot} install %{?_smp_mflags} -install -vdm 755 %{buildroot}%{_sysconfdir}/ld.so.conf.d -install -vdm 755 %{buildroot}%{_sharedstatedir}/cache/nscd -install -vdm 755 %{buildroot}%{_libdir}/locale -cp -v ../%{name}-%{version}/nscd/nscd.conf %{buildroot}%{_sysconfdir}/nscd.conf -# Install locale generation script and config file -cp -v %{SOURCE2} %{buildroot}%{_sysconfdir} -cp -v %{SOURCE1} %{buildroot}%{_sbindir} -# Remove unwanted cruft -rm -rf %{buildroot}%{_infodir} -# Install configuration files - -# Spaces should not be used in nsswitch.conf in the begining of new line -# Only tab should be used as it expects the same in source code. -# Otherwise "altfiles" will not be added. which may cause dbus.service failure -cat > %{buildroot}%{_sysconfdir}/nsswitch.conf <<- "EOF" -# Begin /etc/nsswitch.conf - -passwd: files -group: files -shadow: files - -hosts: files dns -networks: files - -protocols: files -services: files -ethers: files -rpc: files -# End /etc/nsswitch.conf -EOF -cat > %{buildroot}%{_sysconfdir}/ld.so.conf <<- "EOF" -# Begin /etc/ld.so.conf - /usr/local/lib - /opt/lib - include %{_sysconfdir}/ld.so.conf.d/*.conf -EOF -# Create empty ld.so.cache -:> %{buildroot}%{_sysconfdir}/ld.so.cache -popd - -%find_lang %{name} --all-name -pushd localedata -# Generate out of locale-archive an (en_US.) UTF-8 locale -mkdir -p %{buildroot}%{_libdir}/locale -if [ %{_host} != %{_build} ]; then - LOCALEDEF=localedef -else - LOCALEDEF=../../glibc-build/locale/localedef -fi - -I18NPATH=. GCONV_PATH=../../glibc-build/iconvdata LC_ALL=C ../../glibc-build/elf/ld.so --library-path ../../glibc-build $LOCALEDEF --no-archive --prefix=%{buildroot} -A ../intl/locale.alias -i locales/en_US -c -f charmaps/UTF-8 en_US.UTF-8 - -mv %{buildroot}%{_libdir}/locale/en_US.utf8 %{buildroot}%{_libdir}/locale/en_US.UTF-8 - -popd - -mv %{buildroot}/sbin/* %{buildroot}/%{_sbindir} -rmdir %{buildroot}/sbin - -%if 0%{?with_check} -%check -cd %{_builddir}/glibc-build -make %{?_smp_mflags} check ||: -# These 2 persistant false positives are OK -# XPASS for: elf/tst-protected1a and elf/tst-protected1b -[ $(grep ^XPASS tests.sum | wc -l) -ne 2 -a $(grep "^XPASS: elf/tst-protected1[ab]" tests.sum | wc -l) -ne 2 ] && exit 1 ||: - -# FAIL (intermittent) in chroot but PASS in container: -# posix/tst-spawn3 and stdio-common/test-vfprintf -n=0 - -grep "^FAIL: c++-types-check" tests.sum >/dev/null && n=$((n+1)) ||: -# can fail in chroot -grep "^FAIL: io/tst-fchownat" tests.sum >/dev/null && n=$((n+1)) ||: -grep "^FAIL: malloc/tst-tcfree2" tests.sum >/dev/null && n=$((n+1)) ||: -# can timeout -grep "^FAIL: nptl/tst-mutex10" tests.sum >/dev/null && n=$((n+1)) ||: -# can fail in chroot -grep "^FAIL: nptl/tst-setuid3" tests.sum >/dev/null && n=$((n+1)) ||: -grep "^FAIL: stdlib/tst-secure-getenv" tests.sum >/dev/null && n=$((n+1)) ||: -grep "^FAIL: support/tst-support_descriptors" tests.sum >/dev/null && n=$((n+1)) ||: -#https://sourceware.org/glibc/wiki/Testing/Testsuite -grep "^FAIL: nptl/tst-eintr1" tests.sum >/dev/null && n=$((n+1)) ||: -#This happens because the kernel fails to reap exiting threads fast enough, -#eventually resulting an EAGAIN when pthread_create is called within the test. - -# check for exact 'n' failures -[ $(grep ^FAIL tests.sum | wc -l) -ne $n ] && exit 1 ||: -%endif - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%post libs -p /sbin/ldconfig -%postun libs -p /sbin/ldconfig - -%posttrans iconv -%{_sbindir}/iconvconfig - -%postun iconv -if [ -e %{_lib64dir}/gconv/gconv-modules.cache ]; then - rm %{_lib64dir}/gconv/gconv-modules.cache -fi - -%files -%defattr(-,root,root) -%{_libdir}/locale/* -%dir %{_sysconfdir}/ld.so.conf.d -%config(noreplace) %{_sysconfdir}/nsswitch.conf -%config(noreplace) %{_sysconfdir}/ld.so.conf -%config(noreplace) %{_sysconfdir}/rpc -%attr(0644,root,root) %config(missingok,noreplace) %{_sysconfdir}/ld.so.cache -%config %{_sysconfdir}/locale-gen.conf -%{_sbindir}/ldconfig -%{_sbindir}/locale-gen.sh -%{_bindir}/* -%{_libexecdir}/* -%{_datadir}/i18n/charmaps/UTF-8.gz -%{_datadir}/i18n/charmaps/ISO-8859-1.gz -%{_datadir}/i18n/locales/en_US -%{_datadir}/i18n/locales/en_GB -%{_datadir}/i18n/locales/i18n* -%{_datadir}/i18n/locales/iso14651_t1 -%{_datadir}/i18n/locales/iso14651_t1_common -%{_datadir}/i18n/locales/translit_* -%{_datadir}/locale/locale.alias -%exclude %{_sharedstatedir}/nss_db/Makefile -%exclude %{_bindir}/iconv -%exclude %{_bindir}/mtrace -%exclude %{_bindir}/pcprofiledump -%exclude %{_bindir}/pldd -%exclude %{_bindir}/sotruss -%exclude %{_bindir}/sprof -%exclude %{_bindir}/xtrace - -%files libs -%defattr(-,root,root) -%{_libdir}/*.so -%{_libdir}/*.so.* -%exclude %{_libdir}/libpcprofile.so - -%files iconv -%defattr(-,root,root) -%{_libdir}/gconv/* -%{_bindir}/iconv -%{_sbindir}/iconvconfig - -%files tools -%defattr(-,root,root) -%{_bindir}/mtrace -%{_bindir}/pcprofiledump -%{_bindir}/pldd -%{_bindir}/sotruss -%{_bindir}/sprof -%{_bindir}/xtrace -%{_bindir}/zdump -%{_sbindir}/zic -%{_sbindir}/sln -%{_libdir}/audit/* -%{_libdir}/libpcprofile.so - -%files nscd -%defattr(-,root,root) -%config(noreplace) %{_sysconfdir}/nscd.conf -%{_sbindir}/nscd -%dir %{_sharedstatedir}/cache/nscd - -%files i18n -%defattr(-,root,root) -%{_datadir}/i18n/charmaps/*.gz -%{_datadir}/i18n/locales/* -%exclude %{_datadir}/i18n/charmaps/UTF-8.gz -%exclude %{_datadir}/i18n/charmaps/ISO-8859-1.gz -%exclude %{_datadir}/i18n/locales/en_US -%exclude %{_datadir}/i18n/locales/en_GB -%exclude %{_datadir}/i18n/locales/i18n* -%exclude %{_datadir}/i18n/locales/iso14651_t1 -%exclude %{_datadir}/i18n/locales/iso14651_t1_common -%exclude %{_datadir}/i18n/locales/translit_* - -%files devel -%defattr(-,root,root) -%{_libdir}/*.a -%{_libdir}/*.o -%{_includedir}/* - -%files -f %{name}.lang lang -%defattr(-,root,root) - -%changelog -* Thu May 11 2023 Shreenidhi Shedi 2.36-5 -- Add libs sub package -* Fri Apr 07 2023 Shreenidhi Shedi 2.36-4 -- Fix locale generation issue by packaging files properly -* Fri Jan 20 2023 Shreenidhi Shedi 2.36-3 -- Don't change elf permissions in glibc -* Tue Jan 17 2023 Piyush Gupta 2.36-2 -- Remove spaces from /etc/nsswitch.conf to avoid failure while adding altfiles. -* Wed Aug 17 2022 Vamsi Krishna Brahmajosyula 2.36-1 -- Upgrade to 2.36 -- catchsegv is removed, zdump is moved to /usr/bin from /usr/sbin -* Fri Sep 17 2021 Ashwin Dayanand Kamat 2.32-8 -- Fix LTP Testcase (semctl) failure issue -* Tue Sep 07 2021 Keerthana K 2.32-7 -- Fix CVE-2021-38604 -* Wed Aug 04 2021 Keerthana K 2.32-6 -- Fix CVE-2021-35942 -* Thu Apr 01 2021 Ajay Kaher 2.32-5 -- Fix CVE-2020-27618 -* Thu Mar 11 2021 Ajay Kaher 2.32-4 -- Fix CVE-2019-25013, CVE-2021-3326, CVE-2020-29562 -* Wed Mar 03 2021 Tapas Kundu 2.32-3 -- Fix FMA4 detection in ifunc -* Mon Nov 30 2020 Ajay Kaher 2.32-2 -- Added post for glibc-iconv, to have: -- fast-loading gconv module configuration cache file -* Mon Aug 24 2020 Keerthana K 2.32-1 -- Update to version 2.32 -* Thu Mar 12 2020 Alexey Makhalov 2.31-1 -- Version update. Use /lib -* Tue Sep 24 2019 Alexey Makhalov 2.28-5 -- Cross compilling support -- Create empty ld.so.cache file for all builds (native and cross) -- Use /lib64 for aarch64 -* Fri Jul 12 2019 Ankit Jain 2.28-4 -- Replaced spaces with tab in nsswitch.conf file -* Fri Mar 08 2019 Alexey Makhalov 2.28-3 -- Fix CVE-2019-9169 -* Tue Jan 22 2019 Anish Swaminathan 2.28-2 -- Fix CVE-2018-19591 -* Tue Aug 28 2018 Alexey Makhalov 2.28-1 -- Version update. Disable obsolete rpc (use libtirpc) and nsl. -* Tue Jan 23 2018 Xiaolin Li 2.26-10 -- Fix CVE-2018-1000001 and CVE-2018-6485 -* Mon Jan 08 2018 Xiaolin Li 2.26-9 -- Fix CVE-2017-16997 -* Thu Dec 21 2017 Xiaolin Li 2.26-8 -- Fix CVE-2017-17426 -* Tue Nov 14 2017 Alexey Makhalov 2.26-7 -- Aarch64 support -* Wed Oct 25 2017 Xiaolin Li 2.26-6 -- Fix CVE-2017-15670 and CVE-2017-15804 -* Tue Oct 10 2017 Alexey Makhalov 2.26-5 -- Compile out tcache. -* Fri Sep 15 2017 Bo Gan 2.26-4 -- exclude tst-eintr1 per official wiki recommendation. -* Tue Sep 12 2017 Alexey Makhalov 2.26-3 -- Fix makecheck for run in docker. -* Tue Aug 29 2017 Alexey Makhalov 2.26-2 -- Fix tunables setter. -- Add malloc arena fix. -- Fix makecheck. -* Tue Aug 15 2017 Alexey Makhalov 2.26-1 -- Version update -* Tue Aug 08 2017 Anish Swaminathan 2.25-4 -- Apply fix for CVE-2017-1000366 -* Thu May 4 2017 Bo Gan 2.25-3 -- Remove bash dependency in post/postun script -* Fri Apr 21 2017 Alexey Makhalov 2.25-2 -- Added -iconv -tools and -nscd subpackages -* Wed Mar 22 2017 Alexey Makhalov 2.25-1 -- Version update -* Wed Dec 14 2016 Alexey Makhalov 2.24-1 -- Version update -* Wed Nov 23 2016 Alexey Makhalov 2.22-13 -- Install en_US.UTF-8 locale by default -* Wed Nov 16 2016 Alexey Makhalov 2.22-12 -- Added i18n subpackage -* Tue Oct 25 2016 Alexey Makhalov 2.22-11 -- Workaround for build failure with "out of memory" message -* Wed Sep 28 2016 Alexey Makhalov 2.22-10 -- Added pthread_create-fix-use-after-free.patch -* Tue Jun 14 2016 Divya Thaluru 2.22-9 -- Enabling rpm debug package and stripping the libraries -* Tue May 24 2016 Priyesh Padmavilasom 2.22-8 -- GA - Bump release of all rpms -* Mon May 23 2016 Divya Thaluru 2.22-7 -- Added patch for CVE-2014-9761 -* Mon Mar 21 2016 Alexey Makhalov 2.22-6 -- Security hardening: nonow -* Fri Mar 18 2016 Anish Swaminathan 2.22-5 -- Change conf file qualifiers -* Fri Mar 11 2016 Priyesh Padmavilasom 2.22-4 -- Added patch for res_qeury assertion with bad dns config -- Details: https://sourceware.org/bugzilla/show_bug.cgi?id=19791 -* Tue Feb 16 2016 Anish Swaminathan 2.22-3 -- Added patch for CVE-2015-7547 -* Mon Feb 08 2016 Anish Swaminathan 2.22-2 -- Added patch for bindresvport blacklist -* Tue Jan 12 2016 Xiaolin Li 2.22-1 -- Updated to version 2.22 -* Tue Dec 1 2015 Divya Thaluru 2.19-8 -- Disabling rpm debug package and stripping the libraries -* Wed Nov 18 2015 Divya Thaluru 2.19-7 -- Adding patch to close nss files database -* Tue Nov 10 2015 Xiaolin Li 2.19-6 -- Handled locale files with macro find_lang -* Wed Aug 05 2015 Kumar Kaushik 2.19-5 -- Adding postun section for ldconfig. -* Tue Jul 28 2015 Alexey Makhalov 2.19-4 -- Support glibc building against current rpm version. -* Thu Jul 23 2015 Divya Thaluru 2.19-3 -- Packing locale-gen scripts -* Mon May 18 2015 Touseef Liaqat 2.19-2 -- Update according to UsrMove. -* Wed Nov 5 2014 Divya Thaluru 2.19-1 -- Initial build. First version diff --git a/SPECS/glibc/locale-gen.conf b/SPECS/glibc/locale-gen.conf deleted file mode 100644 index 04ed0bbca8..0000000000 --- a/SPECS/glibc/locale-gen.conf +++ /dev/null @@ -1,26 +0,0 @@ - -# Configuration file for locale-gen -# -# lists of locales that are to be generated by the locale-gen command. -# -# Each line is of the form: -# -# -# -# where is one of the locales given in /usr/share/i18n/locales -# and is one of the character sets listed in /usr/share/i18n/charmaps -# -# Examples: -# en_US ISO-8859-1 -# en_US.UTF-8 UTF-8 -# de_DE ISO-8859-1 -# de_DE@euro ISO-8859-15 -# -# The locale-gen command will generate all the locales, -# placing them in /usr/lib/locale. -# -# A list of supported locales is included in this file. -# Uncomment the ones you need. -# -en_US ISO-8859-1 -en_US.UTF-8 UTF-8 diff --git a/SPECS/glibc/locale-gen.sh b/SPECS/glibc/locale-gen.sh deleted file mode 100644 index a134aba6b7..0000000000 --- a/SPECS/glibc/locale-gen.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh -set -e -LOCALEGEN=/etc/locale-gen.conf -LOCALES=/usr/share/i18n/locales -if [ -n "$POSIXLY_CORRECT" ]; then - unset POSIXLY_CORRECT -fi -[ -f $LOCALEGEN -a -s $LOCALEGEN ] || exit 0; -# Remove all old locale dir and locale-archive before generating new -# locale data. -rm -rf /usr/lib/locale/* || true -umask 022 -is_entry_ok() { - if [ -n "$locale" -a -n "$charset" ] ; then - true - else - echo "error: Bad entry '$locale $charset'" - false - fi -} -echo "Generating locales..." -while read locale charset; do \ - case $locale in \#*) continue;; "") continue;; esac; \ - is_entry_ok || continue - echo -n " `echo $locale | sed 's/\([^.\@]*\).*/\1/'`"; \ - echo -n ".$charset"; \ - echo -n `echo $locale | sed 's/\([^\@]*\)\(\@.*\)*/\2/'`; \ - echo -n '...'; \ - if [ -f $LOCALES/$locale ]; then input=$locale; else \ - input=`echo $locale | sed 's/\([^.]*\)[^@]*\(.*\)/\1\2/'`; fi; \ - localedef -i $input -c -f $charset -A /usr/share/locale/locale.alias $locale; \ - echo ' done'; \ -done < $LOCALEGEN -echo "Generation complete." \ No newline at end of file diff --git a/SPECS/glibmm/glibmm.spec b/SPECS/glibmm/glibmm.spec deleted file mode 100644 index 6abd939292..0000000000 --- a/SPECS/glibmm/glibmm.spec +++ /dev/null @@ -1,111 +0,0 @@ -Summary: C++ interface to the glib -Name: glibmm -Version: 2.74.0 -Release: 1%{?dist} -License: LGPLv2+ -URL: http://ftp.gnome.org/pub/GNOME/sources/glibmm -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnome.org/pub/GNOME/sources/glibmm/2.74/%{name}-%{version}.tar.xz -%define sha512 %{name}=29c16a6c921fb135721c39b5328e0b45e09c500c65175199c1ec5ee75bdd5fb907072389c6980da3bf8fac0846235af5580f692706eb00d26947804daa1c99c9 - -BuildRequires: python3-devel -BuildRequires: libsigc++-devel >= 3.2.0 -BuildRequires: glib-devel >= 2.74.1 -BuildRequires: glib-schemas >= 2.74.1 -BuildRequires: meson - -%if 0%{?with_check} -BuildRequires: glib-networking -%endif - -Requires: libsigc++ >= 3.2.0 -Requires: glib >= 2.74.1 -Requires: gobject-introspection >= 1.74.0 -Requires: XML-Parser -Requires: perl - -%description -gtkmm provides a C++ interface to the GTK+ GUI library. gtkmm2 wraps GTK+ 2. -Highlights include typesafe callbacks, widgets extensible via inheritance and -a comprehensive set of widget classes that can be freely combined to quickly create complex user interfaces. - -%package devel -Summary: Header files for glibmm -Group: Applications/System -Requires: %{name} = %{version}-%{release} -Requires: glib-devel >= 2.74.1 -Requires: libsigc++ >= 3.2.0 - -%description devel -These are the header files of glibmm. - -%prep -%autosetup -p1 - -%build -%meson -%meson_build - -%install -%meson_install - -%if 0%{?with_check} -%check -%meson_test -%endif - -%clean -rm -rf %{buildroot}/* - -%ldconfig_scriptlets - -%files -%defattr(-,root,root) -%{_libdir}/*.so.* -%{_libdir}/glibmm-2.68/proc/* - -%files devel -%defattr(-,root,root) -%{_libdir}/*.so -%{_libdir}/glibmm-2.68/include/* -%{_libdir}/giomm-2.68/include/* -%{_includedir}/* -%{_libdir}/pkgconfig/*.pc - -%changelog -* Sun Nov 13 2022 Shreenidhi Shedi 2.74.0-1 -- Upgrade to v2.74.0 -* Sun Aug 07 2022 Shreenidhi Shedi 2.65.3-2 -- Remove .la files -* Mon Sep 21 2020 Gerrit Photon 2.65.3-1 -- Automatic Version Bump -* Tue Jun 23 2020 Tapas Kundu 2.56.0-2 -- Build with python3 -- Mass removal python2 -* Fri Sep 14 2018 Keerthana K 2.56.0-1 -- Update to version 2.56.0 -* Thu Aug 24 2017 Rongrong Qiu 2.50.1-2 -- add buildrequires for make check for bug 1900286 -* Fri May 26 2017 Harish Udaiya Kumar 2.50.1-1 -- Downgrade to stable version 2.50.1 -* Mon Apr 10 2017 Danut Moraru 2.53.1-1 -- Update to version 2.53.1 -* Thu Oct 06 2016 ChangLee 2.48.1-2 -- Modified %check -* Tue Sep 06 2016 Harish Udaiya Kumar 2.48.1-1 -- Updated to version 2.48.1-1 -* Tue May 24 2016 Priyesh Padmavilasom 2.47.3.1-2 -- GA - Bump release of all rpms -* Thu Apr 14 2016 Harish Udaiya Kumar 2.47.3.1-1 -- Updated to version 2.47.3.1 -* Mon Feb 22 2016 XIaolin Li 2.46.3-1 -- Updated to version 2.46.3 -* Tue Jul 7 2015 Alexey Makhalov 2.42.0-3 -- Created devel subpackage. Added Summary. -* Tue Jun 23 2015 Alexey Makhalov 2.42.0-2 -- Added glib-schemas to build requirements. -* Wed Nov 12 2014 Mahmoud Bassiouny 2.42.0-1 -- Initial version diff --git a/SPECS/glide/glide.spec b/SPECS/glide/glide.spec deleted file mode 100644 index 90c51add76..0000000000 --- a/SPECS/glide/glide.spec +++ /dev/null @@ -1,84 +0,0 @@ -Summary: Vendor Package Management for Goland -Name: glide -Version: 0.13.3 -Release: 14%{?dist} -License: MIT -URL: /~https://github.com/Masterminds/glide -Source0: /~https://github.com/Masterminds/glide/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=bb0cf1308a9ac0768db647552131867eaccbd8c449e10fb8c8f0fa41f0cca67983b15689ad307c5299a9a125a6a7bfea19fae39525eaf407c92d893918577945 -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon -BuildRequires: git -BuildRequires: go -BuildRequires: perl - -%description -Glide is a tool for managing the vendor directory within a Go package. - -%prep -%autosetup -p1 - -%build -mkdir -p ${GOPATH}/src/github.com/Masterminds/glide -cp -r * ${GOPATH}/src/github.com/Masterminds/glide/. -pushd ${GOPATH}/src/github.com/Masterminds/glide -go env -w GO111MODULE=auto -make VERSION=%{version} build %{?_smp_mflags} -popd - -%check -pushd ${GOPATH}/src/github.com/Masterminds/glide -make test %{?_smp_mflags} -popd - -%install -pushd ${GOPATH}/src/github.com/Masterminds/glide -make install %{?_smp_mflags} -install -vdm 755 %{buildroot}%{_bindir} -install -vpm 0755 -t %{buildroot}%{_bindir}/ ./glide -popd - -%files -%defattr(-,root,root) -%{_bindir}/glide - -%changelog -* Wed Oct 11 2023 Piyush Gupta 0.13.3-14 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 0.13.3-13 -- Bump up version to compile with new go -* Mon Jul 17 2023 Piyush Gupta 0.13.3-12 -- Bump up version to compile with new go -* Mon Jul 03 2023 Piyush Gupta 0.13.3-11 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 0.13.3-10 -- Bump up version to compile with new go -* Thu Mar 09 2023 Piyush Gupta 0.13.3-9 -- Bump up version to compile with new go -* Mon Nov 21 2022 Piyush Gupta 0.13.3-8 -- Bump up version to compile with new go -* Wed Oct 26 2022 Piyush Gupta 0.13.3-7 -- Bump up version to compile with new go -* Fri Jun 17 2022 Piyush Gupta 0.13.3-6 -- Bump up version to compile with new go -* Fri Jun 11 2021 Piyush Gupta 0.13.3-5 -- Bump up version to compile with new go -* Fri Feb 05 2021 Harinadh D 0.13.3-4 -- Bump up version to compile with new go -* Fri Jan 15 2021 Piyush Gupta 0.13.3-3 -- Bump up version to compile with new go -* Tue Oct 06 2020 Ashwin H 0.13.3-2 -- Build using go 1.14 -* Tue Jun 30 2020 Gerrit Photon 0.13.3-1 -- Automatic Version Bump -* Mon Jan 21 2019 Bo Gan 0.13.1-4 -- Build using go 1.9.7 -* Fri Nov 23 2018 Ashwin H 0.13.1-3 -- Fix %check -* Mon Sep 24 2018 Tapas Kundu 0.13.1-2 -- Build using go version 1.9 -* Thu Sep 13 2018 Michelle Wang 0.13.1-1 -- Update version to 0.13.1. -* Mon Aug 14 2017 Vinay Kulkarni 0.12.3-1 -- glide for PhotonOS. diff --git a/SPECS/glog/glog.spec b/SPECS/glog/glog.spec deleted file mode 100644 index ee80f53fcf..0000000000 --- a/SPECS/glog/glog.spec +++ /dev/null @@ -1,84 +0,0 @@ -Summary: Google's C++ logging module -Name: glog -Version: 0.6.0 -Release: 3%{?dist} -License: BSD -URL: /~https://github.com/google/glog -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/google/glog/archive/%{name}-%{version}.tar.gz -%define sha512 %{name}=fd2c42583d0dd72c790a8cf888f328a64447c5fb9d99b2e2a3833d70c102cb0eb9ae874632c2732424cc86216c8a076a3e24b23a793eaddb5da8a1dc52ba9226 - -BuildRequires: build-essential -BuildRequires: automake -BuildRequires: cmake -BuildRequires: gcc -BuildRequires: libgcc -BuildRequires: libtool - -%description -Google's C++ logging module - -%package devel -Summary: glog devel -Group: Development/Tools -Requires: %{name} = %{version}-%{release} - -%description devel -This contains development tools and libraries for glog. - -%prep -%autosetup -p1 - -%build -%cmake \ - -DCMAKE_INSTALL_LIBDIR=%{_libdir} \ - -DCMAKE_BUILD_TYPE=Release - -%cmake_build - -%install -%cmake_install - -%if 0%{?with_check} -%check -cd %{__cmake_builddir} -make test %{?_smp_mflags} -%endif - -%post -/sbin/ldconfig - -%postun -/sbin/ldconfig - -%files -%defattr(-,root,root) -%{_libdir}/libglog.so.* - -%files devel -%defattr(-,root,root) -%{_includedir}/%{name}/* -%{_libdir}/libglog.so -%{_libdir}/pkgconfig/libglog.pc -%{_libdir}/cmake/glog/*.cmake - -%changelog -* Mon Feb 20 2023 Shreenidhi Shedi 0.6.0-3 -- Fix spec issues -* Mon Jun 20 2022 Shreenidhi Shedi 0.6.0-2 -- Use cmake macros for build -* Tue Apr 13 2021 Gerrit Photon 0.6.0-1 -- Automatic Version Bump -* Mon Jun 22 2020 Gerrit Photon 0.4.0-1 -- Automatic Version Bump -* Mon Sep 10 2018 Michelle Wang 0.3.5-1 -- Update version to 0.3.5. -* Fri Oct 13 2017 Alexey Makhalov 0.3.4-3 -- Use standard configure macros -* Thu Jun 1 2017 Bo Gan 0.3.4-2 -- Fix file paths -* Sat Mar 25 2017 Vinay Kulkarni 0.3.4-1 -- Initial version of glog for Photon. diff --git a/SPECS/glslang/glslang.spec b/SPECS/glslang/glslang.spec deleted file mode 100644 index 89110a3d45..0000000000 --- a/SPECS/glslang/glslang.spec +++ /dev/null @@ -1,73 +0,0 @@ -Name: glslang -Version: 11.13.0 -Release: 2%{?dist} -Summary: OpenGL and OpenGL ES shader front end and validator -License: BSD and GPLv3+ and ASL 2.0 -URL: /~https://github.com/KhronosGroup/glslang -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/KhronosGroup/glslang/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=20c2a6543b002648f459f26bd36b5c445afd6d8eae175e400dbe45632f11ca8de1f9e6f6e98fd6f910aa75d90063e174c095e7df26d9d4982192b84d08b0dc8b - -BuildRequires: cmake -BuildRequires: gcc -BuildRequires: ninja-build -BuildRequires: python3-devel - -%description -%{name} is the official reference compiler front end for the OpenGL -ES and OpenGL shading languages. It implements a strict -interpretation of the specifications for these languages. - -%package devel -Summary: Development files for %{name} -Requires: %{name} = %{version}-%{release} - -%description devel -%{name} is the official reference compiler front end for the OpenGL -ES and OpenGL shading languages. It implements a strict -interpretation of the specifications for these languages. - -%prep -%autosetup -p1 - -%build -%cmake \ - -DCMAKE_INSTALL_LIBDIR=%{_libdir} \ - -DCMAKE_BUILD_TYPE=Debug - -%cmake_build - -%install -%cmake_install - -%ldconfig_scriptlets - -%files -%defattr(-,root,root) -%doc README.md README-spirv-remap.txt -%{_bindir}/%{name}Validator -%{_bindir}/spirv-remap -%{_libdir}/libglslang.so.* - -%files devel -%defattr(-,root,root) -%{_includedir}/%{name}/ -%{_libdir}/libHLSL.so -%{_libdir}/libSPIRV.so -%{_libdir}/libSPVRemapper.so -%{_libdir}/libglslang.so -%{_libdir}/libglslang-default-resource-limits.so -%{_libdir}/cmake/* - -%changelog -* Thu Dec 15 2022 Shivani Agarwal 11.13.0-2 -- Add support for shared libraries -* Thu Dec 15 2022 Gerrit Photon 11.13.0-1 -- Automatic Version Bump -* Tue Nov 1 2022 Gerrit Photon 11.12.0-1 -- Automatic Version Bump -* Tue Sep 27 2022 Shreenidhi Shedi 11.11.0-1 -- First build, needed for mesa-22.2.0 diff --git a/SPECS/gmp/gmp.spec b/SPECS/gmp/gmp.spec deleted file mode 100644 index c8fb461a8a..0000000000 --- a/SPECS/gmp/gmp.spec +++ /dev/null @@ -1,93 +0,0 @@ -Summary: Math libraries -Name: gmp -Version: 6.2.1 -Release: 2%{?dist} -License: LGPLv3+ -URL: http://www.gnu.org/software/gmp -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnu.org/gnu/gmp/%{name}-%{version}.tar.xz -%define sha512 %{name}=c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84 - -Patch0: mpz-inp_raw-avoid-bit-size-overflows.patch - -%description -The GMP package contains math libraries. These have useful functions -for arbitrary precision arithmetic. - -%package devel -Summary: Header and development files for gmp -Requires: %{name} = %{version}-%{release} - -%description devel -It contains the libraries and header files to create applications -for handling compiled objects. - -%prep -%autosetup -p1 - -%build - -%ifarch x86_64 -# Do not detect host's CPU. Generate generic library (-mtune=k8) -cp -v configfsf.guess config.guess -cp -v configfsf.sub config.sub -%endif - -%configure \ - --disable-silent-rules \ - --disable-static \ - --disable-assembly - -%make_build - -%install -%make_install %{?_smp_mflags} -install -vdm 755 %{buildroot}%{_docdir}/%{name}-%{version} -cp -v doc/{isa_abi_headache,configuration} doc/*.html %{buildroot}%{_docdir}/%{name}-%{version} -rm -rf %{buildroot}%{_infodir} - -%check -make %{?_smp_mflags} check - -%post -p /sbin/ldconfig - -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_libdir}/libgmp.so.* - -%files devel -%defattr(-,root,root) -%{_includedir}/gmp.h -%{_libdir}/libgmp.so -%{_libdir}/pkgconfig/*.pc -%{_docdir}/%{name}-%{version}/tasks.html -%{_docdir}/%{name}-%{version}/projects.html -%{_docdir}/%{name}-%{version}/configuration -%{_docdir}/%{name}-%{version}/isa_abi_headache - -%changelog -* Mon Nov 13 2023 Brennan Lamoreaux 6.2.1-2 -- Add patch to fix CVE-2021-43618 -* Tue Apr 13 2021 Gerrit Photon 6.2.1-1 -- Automatic Version Bump -* Wed Jul 08 2020 Gerrit Photon 6.2.0-1 -- Automatic Version Bump -* Wed Sep 04 2019 Alexey Makhalov 6.1.2-3 -- Use -mtune -march options for generic CPU (x86_64) -* Tue Apr 18 2017 Alexey Makhalov 6.1.2-2 -- Disable cxx (do not build libgmpxx). Disable static. -* Mon Apr 17 2017 Danut Moraru 6.1.2-1 -- Update to 6.1.2 -* Tue May 24 2016 Priyesh Padmavilasom 6.0.0a-3 -- GA - Bump release of all rpms -* Thu Apr 14 2016 Mahmoud Bassiouny 6.0.0a-2 -- Disable assembly and use generic C code -* Tue Jan 12 2016 Xiaolin Li 6.0.0a-1 -- Updated to version 6.0.0 -* Wed Nov 5 2014 Divya Thaluru 5.1.3-1 -- Initial build. First version diff --git a/SPECS/gmp/mpz-inp_raw-avoid-bit-size-overflows.patch b/SPECS/gmp/mpz-inp_raw-avoid-bit-size-overflows.patch deleted file mode 100644 index e78ed0c947..0000000000 --- a/SPECS/gmp/mpz-inp_raw-avoid-bit-size-overflows.patch +++ /dev/null @@ -1,23 +0,0 @@ -# HG changeset patch -# User Marco Bodrato -# Date 1634836009 -7200 -# Node ID 561a9c25298e17bb01896801ff353546c6923dbd -# Parent e1fd9db13b475209a864577237ea4b9105b3e96e -mpz/inp_raw.c: Avoid bit size overflows - -diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c ---- a/mpz/inp_raw.c Tue Dec 22 23:49:51 2020 +0100 -+++ b/mpz/inp_raw.c Thu Oct 21 19:06:49 2021 +0200 -@@ -88,8 +88,11 @@ - - abs_csize = ABS (csize); - -+ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8)) -+ return 0; /* Bit size overflows */ -+ - /* round up to a multiple of limbs */ -- abs_xsize = BITS_TO_LIMBS (abs_csize*8); -+ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8); - - if (abs_xsize != 0) - { diff --git a/SPECS/gnome-common/gnome-common.spec b/SPECS/gnome-common/gnome-common.spec deleted file mode 100644 index 4b060ae1de..0000000000 --- a/SPECS/gnome-common/gnome-common.spec +++ /dev/null @@ -1,57 +0,0 @@ -Summary: Common development macros for GNOME -Name: gnome-common -Version: 3.18.0 -Release: 4%{?dist} -License: GPL -URL: https://www.gnome.org/ -Source0: http://ftp.gnome.org/pub/GNOME/sources/%{name}/%{version}/%{name}-%{version}.tar.xz -%define sha1 gnome-common=332e514961374a54dc065b86032eaeb03d6d3cee -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon -BuildArch: noarch - -%description -This provides Common development macros for GNOME. - -%prep -%setup -q -./autogen.sh - -%build -%configure -make %{?_smp_mflags} - -%install -make DESTDIR=%{buildroot} install -# Rename the conflicting files to avoid install time conflicts with -# autoconf-archive package -%{__mv} %{buildroot}%{_datadir}/aclocal/ax_check_enable_debug.m4 \ - %{buildroot}%{_datadir}/aclocal/ax_check_enable_debug_%{name}.m4 -%{__mv} %{buildroot}%{_datadir}/aclocal/ax_code_coverage.m4 \ - %{buildroot}%{_datadir}/aclocal/ax_code_coverage_%{name}.m4 - -%check -make %{?_smp_mflags} check - -%post -p /sbin/ldconfig - -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_bindir}/gnome-autogen.sh -%{_datadir}/aclocal/*.m4 - -%changelog -* Fri Jan 22 2021 Dweep Advani 3.18.0-4 -- Fix install time conflicts with autoconf-archive -* Tue Apr 25 2017 Priyesh Padmavilasom 3.18.0-3 -- Fix arch -* Tue May 24 2016 Priyesh Padmavilasom 3.18.0-2 -- GA - Bump release of all rpms -* Tue Feb 23 2016 Anish Swaminathan 3.18.0-1 -- Upgrade to 3.18.0 -* Tue Aug 11 2015 Vinay Kulkarni 3.14.0-1 -- Add gnome-common v3.14.0 - diff --git a/SPECS/gnu-efi/aarch64-Fix-ld-RWX-warning.patch b/SPECS/gnu-efi/aarch64-Fix-ld-RWX-warning.patch deleted file mode 100644 index 95913dc15e..0000000000 --- a/SPECS/gnu-efi/aarch64-Fix-ld-RWX-warning.patch +++ /dev/null @@ -1,38 +0,0 @@ -From a24d76afa4f0dc4528ecc9e1cd8826951a41c6e5 Mon Sep 17 00:00:00 2001 -From: Vamsi Krishna Brahmajosyula -Date: Tue, 11 Oct 2022 00:09:35 +0530 -Subject: [PATCH] aarch64: Fix ld RWX warning - -The current ld script places .dynamic section right after .text, which -results in that one LOAD segment contains both data and code. Binutils -2.39 and later will throw a warning if RWX segments exist. Code and -data should be placed in different LOAD segments with different -permissions. This patch adds a gap between data and code sections which -is taken from the default ld script in riscv64. - -Ported from upstream, patch for riscv64 -[upstream 98f1250742bbe3d91a7aaf5d66cc2cb4bdb3c0dd] - -Co-developed-by: Moody Liu -Signed-off-by: Moody Liu -Signed-off-by: Letu Ren -Signed-off-by: Vamsi Krishna Brahmajosyula ---- - gnuefi/elf_aarch64_efi.lds | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/gnuefi/elf_aarch64_efi.lds b/gnuefi/elf_aarch64_efi.lds -index 836d982..f08f403 100644 ---- a/gnuefi/elf_aarch64_efi.lds -+++ b/gnuefi/elf_aarch64_efi.lds -@@ -15,6 +15,7 @@ SECTIONS - } - _etext = .; - _text_size = . - _text; -+ . = DATA_SEGMENT_ALIGN (CONSTANT (MAXPAGESIZE), CONSTANT (COMMONPAGESIZE)); - .dynamic : { *(.dynamic) } - .data : ALIGN(4096) - { --- -2.37.3 - diff --git a/SPECS/gnu-efi/gnu-efi.spec b/SPECS/gnu-efi/gnu-efi.spec deleted file mode 100644 index 892194a4c7..0000000000 --- a/SPECS/gnu-efi/gnu-efi.spec +++ /dev/null @@ -1,56 +0,0 @@ -Name: gnu-efi -Version: 3.0.15 -Release: 2%{?dist} -Summary: Development Libraries and headers for EFI -License: BSD -URL: https://sourceforge.net/projects/gnu-efi -Group: System Environment/Security -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://download.sourceforge.net/gnu-efi/%{name}-%{version}.tar.bz2 -%define sha512 %{name}=64d408b6d115bdc6eebae12fbd6cd907ed5f847f54e506c1e8f8ea5de38a95cf6fac66ab1009bd1d0bd2d54ad45ad598d29bcc303926a5899bf5cc25448cbb2f - -Patch0: aarch64-Fix-ld-RWX-warning.patch - -BuildRequires: binutils -BuildRequires: gcc -BuildRequires: make - -%define debug_package %{nil} - -%description -This package contains development headers and libraries for developing -applications that run under EFI (Extensible Firmware Interface). - -%prep -%autosetup -p1 -n %{name}-%{version} - -%build -export CFLAGS="${CFLAGS} -ffat-lto-objects" -%make_build -%make_build -C lib -%make_build -C gnuefi -%make_build -C inc - -export LDFLAGS="" -%make_build -C apps - -%install -%make_install %{?_smp_mflags} PREFIX=%{_prefix} LIBDIR=%{_libdir} INSTALLROOT=%{buildroot} - -%files -%defattr(-,root,root) -%{_includedir}/efi -%{_libdir}/elf_%{_arch}_efi.lds -%{_libdir}/crt0-efi-%{_arch}.o -%{_libdir}/libefi.a -%{_libdir}/libgnuefi.a - -%changelog -* Mon Oct 10 2022 Vamsi Krishna Brahmajosyula 3.0.15-2 -- Fix build for aarch64 -* Thu Sep 29 2022 Shreenidhi Shedi 3.0.15-1 -- Upgrade to v3.0.15 -* Tue Jan 11 2022 Shreenidhi Shedi 3.0.14-1 -- Intial version needed for systemd-250.x diff --git a/SPECS/gnupg/gnupg.spec b/SPECS/gnupg/gnupg.spec deleted file mode 100644 index 0d824d180f..0000000000 --- a/SPECS/gnupg/gnupg.spec +++ /dev/null @@ -1,89 +0,0 @@ -Summary: OpenPGP standard implementation used for encrypted communication and data storage. -Name: gnupg -Version: 2.2.27 -Release: 4%{?dist} -License: GPLv3+ -URL: https://gnupg.org/index.html -Group: Applications/Cryptography. -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://gnupg.org/ftp/gcrypt/gnupg/%{name}-%{version}.tar.bz2 -%define sha512 %{name}=cf336962116c9c08ac80b1299654b94948033ef51d6d5e7f54c2f07bbf7d92c7b0bddb606ceee2cdd837063f519b8d59af5a82816b840a0fc47d90c07b0e95ab - -BuildRequires: zlib-devel -BuildRequires: bzip2-devel -BuildRequires: readline-devel -BuildRequires: npth-devel -BuildRequires: libassuan-devel >= 2.5.0 -BuildRequires: libksba-devel -BuildRequires: libgcrypt-devel -BuildRequires: libgpg-error >= 1.24 - -Requires: libksba -Requires: libgcrypt >= 1.7.0 -Requires: npth -Requires: libassuan -Requires: pinentry - -Provides: gpg - -%description -GnuPG is a complete and free implementation of the OpenPGP standard as defined -by RFC4880 (also known as PGP). GnuPG allows to encrypt and sign your data and -communication, features a versatile key management system as well as access -modules for all kinds of public key directories. GnuPG, also known as GPG, is -a command line tool with features for easy integration with other applications. - -%prep -%autosetup -p1 -n %{name}-%{version} - -%build -%configure -make %{?_smp_mflags} - -%install -make DESTDIR=%{buildroot} install %{?_smp_mflags} - -%if 0%{?with_check} -%check -make %{?_smp_mflags} check -%endif - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_sbindir}/* -%{_datadir}/locale/*/*/* -%{_mandir}/* -%{_infodir}/gnupg* -%{_libexecdir}/* -%{_datadir}/%{name}/* -%exclude %{_infodir}/dir -%exclude %{_docdir}/* - -%changelog -* Fri Apr 14 2023 Shreenidhi Shedi 2.2.27-4 -- Bump version as a part of zlib upgrade -* Thu Dec 22 2022 Guruswamy Basavaiah 2.2.27-3 -- Bump release as a part of libgpg-error upgrade to 1.46 -* Tue Dec 20 2022 Guruswamy Basavaiah 2.2.27-2 -- Bump release as a part of readline upgrade -* Tue Apr 13 2021 Gerrit Photon 2.2.27-1 -- Automatic Version Bump -* Wed Sep 09 2020 Gerrit Photon 2.2.23-1 -- Automatic Version Bump -* Thu Jul 16 2020 Gerrit Photon 2.2.21-1 -- Automatic Version Bump -* Thu Apr 02 2020 Siddharth Chandrasekaran 2.2.18-1 -- Upgrade to 2.2.18 to fix CVE-2019-14855 -* Sat Oct 20 2018 Ankit Jain 2.2.10-1 -- Update to 2.2.10 -* Wed Aug 30 2017 Alexey Makhalov 2.1.20-3 -- Add requires libgcrypt -* Wed Jun 07 2017 Danut Moraru 2.1.20-2 -- Add pinentry dependency -* Tue Apr 11 2017 Danut Moraru 2.1.20-1 -- Update to 2.1.20 -* Wed Jul 27 2016 Kumar Kaushik 2.0.30-1 -- Initial Build. diff --git a/SPECS/gnuplot/gnuplot.spec b/SPECS/gnuplot/gnuplot.spec deleted file mode 100644 index eee79ec6bf..0000000000 --- a/SPECS/gnuplot/gnuplot.spec +++ /dev/null @@ -1,65 +0,0 @@ -Summary: Gnuplot is a portable command-line driven graphing utility. -Name: gnuplot -Version: 5.4.5 -Release: 3%{?dist} -License: Freeware -URL: http://www.gnuplot.info -Group: Applications -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz -%define sha512 %{name}=dbd0b338c5662304566fc0d790c8f53db071d7c486e7422f6ba4b7a9e0d8e50db756ab37dade9bdc01ed1a1ca6fe4e63749038c0ceec95b78bf8b92a0ae2dd20 - -BuildRequires: lua-devel -BuildRequires: readline-devel - -Requires: lua -Requires: readline - -%description -Gnuplot is a portable command-line driven graphing utility for Linux, OS/2, MS Windows, OSX, VMS, and many other platforms. The source code is copyrighted but freely distributed (i.e., you don't have to pay for it). It was originally created to allow scientists and students to visualize mathematical functions and data interactively, but has grown to support many non-interactive uses such as web scripting. It is also used as a plotting engine by third-party applications like Octave. Gnuplot has been supported and under active development since 1986. - -%prep -%autosetup -p1 - -%build -%configure --disable-static --enable-shared -%make_build - -%install -%make_install %{?_smp_mflags} - -%check -make check %{?_smp_mflags} - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_datadir}/* - -%changelog -* Tue Jun 20 2023 Shreenidhi Shedi 5.4.5-3 -- Bump version as a part of lua upgrade -* Thu Dec 22 2022 Shreenidhi Shedi 5.4.5-2 -- Bump version as a part of readline upgrade -* Fri Oct 28 2022 Gerrit Photon 5.4.5-1 -- Automatic Version Bump -* Mon Apr 18 2022 Gerrit Photon 5.4.3-1 -- Automatic Version Bump -* Wed Dec 01 2021 Shreenidhi Shedi 5.4.2-1 -- Upgrade to version 5.4.2 -* Tue Apr 13 2021 Gerrit Photon 5.4.1-1 -- Automatic Version Bump -* Mon Jul 27 2020 Gerrit Photon 5.4.0-1 -- Automatic Version Bump -* Mon Jun 22 2020 Gerrit Photon 5.2.8-1 -- Automatic Version Bump -* Sun Nov 25 2018 Ashwin H 5.2.4-2 -- Fix %check -* Thu Sep 06 2018 Anish Swaminathan 5.2.4-1 -- Update version to 5.2.4 -* Wed Apr 12 2017 Danut Moraru 5.0.6-1 -- Update version to 5.0.6 -* Tue Nov 29 2016 Xiaolin Li 5.0.5-1 -- Add gnuplot 5.0.5 package. diff --git a/SPECS/gnutls/CVE-2023-0361-1.patch b/SPECS/gnutls/CVE-2023-0361-1.patch deleted file mode 100644 index 139723b0cd..0000000000 --- a/SPECS/gnutls/CVE-2023-0361-1.patch +++ /dev/null @@ -1,66 +0,0 @@ -From a74fc2b7c7de520459984a2335468258ec3fc15c Mon Sep 17 00:00:00 2001 -From: Alexander Sosedkin -Date: Tue, 9 Aug 2022 16:05:53 +0200 -Subject: [PATCH 1/2] auth/rsa: side-step potential side-channel - -Remove branching that depends on secret data. - -Signed-off-by: Alexander Sosedkin -Signed-off-by: Hubert Kario -Tested-by: Hubert Kario - -[sshedi: ported fix to Photon's gnutls] -Signed-off-by: Shreenidhi Shedi ---- - lib/auth/rsa.c | 14 ++------------ - 1 file changed, 2 insertions(+), 12 deletions(-) - -diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c -index 8108ee8..bd2a5a8 100644 ---- a/lib/auth/rsa.c -+++ b/lib/auth/rsa.c -@@ -155,7 +155,6 @@ static int - proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, - size_t _data_size) - { -- const char attack_error[] = "auth_rsa: Possible PKCS #1 attack\n"; - gnutls_datum_t ciphertext; - int ret, dsize; - ssize_t data_size = _data_size; -@@ -165,7 +164,7 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, - - #ifdef ENABLE_SSL3 - if (get_num_version(session) == GNUTLS_SSL3) { -- /* SSL 3.0 -+ /* SSL 3.0 - */ - ciphertext.data = data; - ciphertext.size = data_size; -@@ -235,15 +234,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, - ok &= CONSTCHECK_NOT_EQUAL(check_ver_min, 0) & - CONSTCHECK_EQUAL(session->key.key.data[1], ver_min); - -- if (ok) { -- /* call logging function unconditionally so all branches are -- * indistinguishable for timing and cache access when debug -- * logging is disabled */ -- _gnutls_no_log("%s", attack_error); -- } else { -- _gnutls_debug_log("%s", attack_error); -- } -- - /* This is here to avoid the version check attack - * discussed above. - */ -@@ -255,7 +245,7 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, - - - --/* return RSA(random) using the peers public key -+/* return RSA(random) using the peers public key - */ - int - _gnutls_gen_rsa_client_kx(gnutls_session_t session, --- -2.39.1 - diff --git a/SPECS/gnutls/CVE-2023-0361-2.patch b/SPECS/gnutls/CVE-2023-0361-2.patch deleted file mode 100644 index 422529affd..0000000000 --- a/SPECS/gnutls/CVE-2023-0361-2.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 2e3a2f677dcb2a1bc875054a5d83f47bf16e59e3 Mon Sep 17 00:00:00 2001 -From: Hubert Kario -Date: Wed, 8 Feb 2023 14:32:09 +0100 -Subject: [PATCH 2/2] rsa: remove dead code - -since the `ok` variable isn't used any more, we can remove all code -used to calculate it - -Signed-off-by: Hubert Kario - -[sshedi: ported fix to Photon's gnutls] -Signed-off-by: Shreenidhi Shedi ---- - lib/auth/rsa.c | 20 +++----------------- - 1 file changed, 3 insertions(+), 17 deletions(-) - -diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c -index bd2a5a8..1158e37 100644 ---- a/lib/auth/rsa.c -+++ b/lib/auth/rsa.c -@@ -159,8 +159,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, - int ret, dsize; - ssize_t data_size = _data_size; - volatile uint8_t ver_maj, ver_min; -- volatile uint8_t check_ver_min; -- volatile uint32_t ok; - - #ifdef ENABLE_SSL3 - if (get_num_version(session) == GNUTLS_SSL3) { -@@ -186,7 +184,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, - - ver_maj = _gnutls_get_adv_version_major(session); - ver_min = _gnutls_get_adv_version_minor(session); -- check_ver_min = (session->internals.allow_wrong_pms == 0); - - session->key.key.data = gnutls_malloc(GNUTLS_MASTER_SIZE); - if (session->key.key.data == NULL) { -@@ -205,10 +202,9 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, - return ret; - } - -- ret = -- gnutls_privkey_decrypt_data2(session->internals.selected_key, -- 0, &ciphertext, session->key.key.data, -- session->key.key.size); -+ gnutls_privkey_decrypt_data2(session->internals.selected_key, -+ 0, &ciphertext, session->key.key.data, -+ session->key.key.size); - /* After this point, any conditional on failure that cause differences - * in execution may create a timing or cache access pattern side - * channel that can be used as an oracle, so treat very carefully */ -@@ -224,16 +220,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, - * Vlastimil Klima, Ondej Pokorny and Tomas Rosa. - */ - -- /* ok is 0 in case of error and 1 in case of success. */ -- -- /* if ret < 0 */ -- ok = CONSTCHECK_EQUAL(ret, 0); -- /* session->key.key.data[0] must equal ver_maj */ -- ok &= CONSTCHECK_EQUAL(session->key.key.data[0], ver_maj); -- /* if check_ver_min then session->key.key.data[1] must equal ver_min */ -- ok &= CONSTCHECK_NOT_EQUAL(check_ver_min, 0) & -- CONSTCHECK_EQUAL(session->key.key.data[1], ver_min); -- - /* This is here to avoid the version check attack - * discussed above. - */ --- -2.39.1 - diff --git a/SPECS/gnutls/gnutls.spec b/SPECS/gnutls/gnutls.spec deleted file mode 100644 index 066305cd14..0000000000 --- a/SPECS/gnutls/gnutls.spec +++ /dev/null @@ -1,174 +0,0 @@ -Summary: The GnuTLS Transport Layer Security Library -Name: gnutls -Version: 3.7.7 -Release: 4%{?dist} -License: GPLv3+ and LGPLv2+ -URL: http://www.gnutls.org -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz -%define sha512 %{name}=ba00b20126379ec7e96c6bfa606cfb7bb0d9a5853318b29b5278a42a85ae40d39d8442778938e1f165debcdb1adaf9c63bcec59a4eb3387dd1ac99b08bcc5c08 - -Patch0: CVE-2023-0361-1.patch -Patch1: CVE-2023-0361-2.patch - -BuildRequires: nettle-devel -BuildRequires: autogen-libopts-devel -BuildRequires: libtasn1-devel -BuildRequires: ca-certificates -BuildRequires: openssl-devel -BuildRequires: guile-devel -BuildRequires: gc-devel - -Requires: nettle -Requires: autogen-libopts -Requires: libtasn1 -Requires: openssl -Requires: ca-certificates -Requires: gmp -Requires: guile -Requires: gc - -%description -GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. -It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, -PKCS #12, OpenPGP and other required structures. It is aimed to be portable and efficient with focus on security and interoperability. - -%package devel -Summary: Development libraries and header files for gnutls -Requires: %{name} = %{version}-%{release} -Requires: libtasn1-devel -Requires: nettle-devel - -%description devel -The package contains libraries and header files for -developing applications that use gnutls. - -%prep -%autosetup -p1 - -%build -# check for trust store file presence -[ -f %{_sysconfdir}/pki/tls/certs/ca-bundle.crt ] || exit 1 -%configure \ - --without-p11-kit \ - --disable-static \ - --disable-openssl-compatibility \ - --with-included-unistring \ - --with-system-priority-file=%{_sysconfdir}/%{name}/default-priorities \ - --with-default-trust-store-file=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt - -%make_build - -%install -%make_install %{?_smp_mflags} - -rm %{buildroot}%{_infodir}/* -find %{buildroot}%{_libdir} -name '*.la' -delete -mkdir -p %{buildroot}/etc/%{name} -chmod 755 %{buildroot}/etc/%{name} -cat > %{buildroot}/etc/%{name}/default-priorities << "EOF" -SYSTEM=NONE:!VERS-SSL3.0:!VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL -EOF - -%if 0%{?with_check} -%check -sed -i 's/&&/||/' ./tests/system-override-default-priority-string.sh -make check %{?_smp_mflags} -%endif - -%ldconfig_scriptlets - -%files -%defattr(-,root,root) -%{_libdir}/*.so.* -%{_bindir}/* -%{_mandir}/man1/* -%{_datadir}/locale/* -%{_docdir}/%{name}/*.png -%{_libdir}/guile/2.2/extensions/*.so* -%{_libdir}/guile/2.2/site-ccache/%{name}* -%{_datadir}/guile/site/2.2/%{name}* -%config(noreplace) %{_sysconfdir}/%{name}/default-priorities - -%files devel -%defattr(-,root,root) -%{_includedir}/%{name}/*.h -%{_libdir}/*.so -%{_libdir}/pkgconfig/*.pc -%{_mandir}/man3/* - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 3.7.7-4 -- Bump version as a part of openssl upgrade -* Fri Feb 17 2023 Shreenidhi Shedi 3.7.7-3 -- Fix CVE-2023-0361 -* Sat Oct 01 2022 Shreenidhi Shedi 3.7.7-2 -- Bump version as a part of gc upgrade -* Tue Aug 30 2022 Shreenidhi Shedi 3.7.7-1 -- Upgrade to v3.7.7 -* Wed Aug 24 2022 Shreenidhi Shedi 3.7.4-2 -- Bump version as a part of nettle upgrade -* Mon May 09 2022 Gerrit Photon 3.7.4-1 -- Automatic Version Bump -* Wed May 04 2022 Shreenidhi Shedi 3.7.2-3 -- Disable fips140 module -* Wed Apr 06 2022 Susant Sahani 3.7.2-2 -- Enable fips140 mode -* Tue Dec 14 2021 Susant Sahani 3.7.2-1 -- Bump version -* Tue Aug 17 2021 Shreenidhi Shedi 3.7.1-3 -- Bump version as a part of nettle upgrade -* Tue Apr 13 2021 Gerrit Photon 3.7.1-2 -- Update gnutls with guile 2.2.7 -* Tue Apr 13 2021 Gerrit Photon 3.7.1-1 -- Automatic Version Bump -* Tue Oct 06 2020 Prashant S Chauhan 3.6.15-3 -- Fix make check -* Tue Sep 29 2020 Satya Naga Vasamsetty 3.6.15-2 -- openssl 1.1.1 -* Wed Sep 09 2020 Gerrit Photon 3.6.15-1 -- Automatic Version Bump -* Wed Aug 19 2020 Shreenidhi Shedi 3.6.13-3 -- Bump version as a part of nettle-3.6 upgrade -* Wed Jul 22 2020 Tapas Kundu 3.6.13-2 -- Bump to build with latest libffi -* Fri Apr 10 2020 Tapas Kundu 3.6.13-1 -- Update to 3.6.13 -- Fix CVE-2020-11501 -* Thu Oct 24 2019 Shreenidhi Shedi 3.6.9-2 -- Added default priority patch. -* Thu Oct 17 2019 Shreenidhi Shedi 3.6.9-1 -- Upgrade to version 3.6.9 -* Mon Apr 15 2019 Keerthana K 3.6.3-3 -- Fix CVE-2019-3829, CVE-2019-3836 -* Wed Oct 03 2018 Tapas Kundu 3.6.3-2 -- Including default-priority in the RPM packaging. -* Thu Sep 06 2018 Anish Swaminathan 3.6.3-1 -- Update version to 3.6.3 -* Fri Feb 09 2018 Xiaolin Li 3.5.15-2 -- Add default_priority.patch. -* Tue Oct 10 2017 Priyesh Padmavilasom 3.5.15-1 -- Update to 3.5.15. Fixes CVE-2017-7507 -* Thu Apr 13 2017 Danut Moraru 3.5.10-1 -- Update to version 3.5.10 -* Sun Dec 18 2016 Alexey Makhalov 3.4.11-4 -- configure to use default trust store file -* Wed Dec 07 2016 Xiaolin Li 3.4.11-3 -- Moved man3 to devel subpackage. -* Tue May 24 2016 Priyesh Padmavilasom 3.4.11-2 -- GA - Bump release of all rpms -* Wed Apr 27 2016 Xiaolin Li 3.4.11-1 -- Updated to version 3.4.11 -* Tue Feb 23 2016 Xiaolin Li 3.4.9-1 -- Updated to version 3.4.9 -* Thu Jan 14 2016 Xiaolin Li 3.4.8-1 -- Updated to version 3.4.8 -* Wed Dec 09 2015 Anish Swaminathan 3.4.2-3 -- Edit post script. -* Fri Oct 9 2015 Xiaolin Li 3.4.2-2 -- Removing la files from packages. -* Thu Jun 18 2015 Divya Thaluru 3.4.2-1 -- Initial build. First version diff --git a/SPECS/go-md2man/go-md2man.spec b/SPECS/go-md2man/go-md2man.spec deleted file mode 100644 index 3d5ba5eef6..0000000000 --- a/SPECS/go-md2man/go-md2man.spec +++ /dev/null @@ -1,73 +0,0 @@ -%define gopath_comp github.com/cpuguy83/go-md2man -Summary: Converts markdown into roff (man pages) -Name: go-md2man -Version: 2.0.2 -Release: 7%{?dist} -License: MIT -URL: /~https://github.com/cpuguy83/go-md2man -Source0: /~https://github.com/cpuguy83/go-md2man/archive/%{name}-%{version}.tar.gz -%define sha512 go-md2man=c81edfdc0b6647ef699cc908a1a7038d98da34df6d48b223b83a0699de91a7e322e70d67645acf1fc848918f4c1ea310160c7ccb75e6f97b53af7103c7aa18b3 -Group: Development/Libraries -Vendor: VMware, Inc. -Distribution: Photon -BuildRequires: go >= 1.11 -BuildRequires: which - -%description -Converts markdown into roff (man pages). - -%prep -%autosetup -cd ../ -mkdir -p "$(dirname "src/%{gopath_comp}")" -mkdir -p src/%{gopath_comp} -mv %{name}-%{version}/* src/%{gopath_comp}/ -mv src %{name}-%{version}/ - -%build -export GOPATH="$(pwd)" -cd src/%{gopath_comp} -# Disable GO Modules for now. go.mod has extraneous entries -make %{?_smp_mflags} GO111MODULE=off - -%install -cd src/%{gopath_comp} -install -v -m755 -D -t %{buildroot}%{_bindir} bin/go-md2man -install -v -m644 -D -t %{buildroot}%{_docdir}/licenses/%{name} LICENSE.md - -%files -%defattr(-,root,root) -%{_bindir}/go-md2man -%{_docdir}/licenses/%{name} - -%changelog -* Wed Oct 11 2023 Piyush Gupta 2.0.2-7 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 2.0.2-6 -- Bump up version to compile with new go -* Mon Jul 17 2023 Piyush Gupta 2.0.2-5 -- Bump up version to compile with new go -* Mon Jul 03 2023 Piyush Gupta 2.0.2-4 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 2.0.2-3 -- Bump up version to compile with new go -* Thu Mar 09 2023 Piyush Gupta 2.0.2-2 -- Bump up version to compile with new go -* Wed Nov 30 2022 Gerrit Photon 2.0.2-1 -- Automatic Version Bump -* Mon Nov 21 2022 Piyush Gupta 2.0.1-4 -- Bump up version to compile with new go -* Wed Oct 26 2022 Piyush Gupta 2.0.1-3 -- Bump up version to compile with new go -* Fri Jun 17 2022 Piyush Gupta 2.0.1-2 -- Bump up version to compile with new go -* Mon Apr 18 2022 Gerrit Photon 2.0.1-1 -- Automatic Version Bump -* Fri Jun 11 2021 Piyush Gupta 2.0.0-4 -- Bump up version to compile with new go -* Fri Feb 05 2021 Harinadh D 2.0.0-3 -- Bump up version to compile with new go -* Fri Jan 15 2021 Piyush Gupta 2.0.0-2 -- Bump up version to compile with new go -* Wed Aug 19 2020 Gerrit Photon 2.0.0-1 -- Initial packaging for go-md2man for containerd diff --git a/SPECS/go/go.spec b/SPECS/go/go.spec deleted file mode 100644 index 2ccd19fabf..0000000000 --- a/SPECS/go/go.spec +++ /dev/null @@ -1,152 +0,0 @@ -%global goroot /usr/lib/golang -%global gopath %{_datadir}/gocode -%ifarch aarch64 -%global gohostarch arm64 -%else -%global gohostarch amd64 -%endif -%define debug_package %{nil} -%define __strip /bin/true -# To disable rpm requires on libc.so -%define _use_internal_dependency_generator 0 -%define __find_requires %{nil} - -Summary: Go -Name: go -Version: 1.20.10 -Release: 1%{?dist} -License: BSD -URL: https://golang.org -Group: System Environment/Security -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://golang.org/dl/%{name}%{version}.src.tar.gz -%define sha512 go=1c6304abb8a7847cedb634380d43fcbf2b206f0e6af99e915b4735b4c5f9dfc08a01db6d41edaed91a2a8140fcd886343d39465bd6fb53bd37be0a7f41dc6525 -Requires: glibc -Requires: gcc - -%define ExtraBuildRequires go - -%description -Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. - -%prep -%autosetup -p1 -n %{name} - -%build -export GOHOSTOS=linux -export GOHOSTARCH=%{gohostarch} -export GOROOT_BOOTSTRAP=%{goroot} - -export GOROOT="`pwd`" -export GOPATH=%{gopath} -export GOROOT_FINAL=%{_bindir}/go -rm -f %{gopath}/src/runtime/*.c -pushd src -./make.bash --no-clean -popd - -%install -rm -rf %{buildroot} - -mkdir -p %{buildroot}%{_bindir} %{buildroot}%{goroot} - -cp -R api bin doc lib pkg src misc VERSION %{buildroot}%{goroot} - -# remove the unnecessary zoneinfo file (Go will always use the system one first) -rm -rfv %{buildroot}%{goroot}/lib/time - -# remove the doc Makefile -rm -rfv %{buildroot}%{goroot}/doc/Makefile - -# put binaries to bindir, linked to the arch we're building, -# leave the arch independent pieces in %{goroot} -mkdir -p %{buildroot}%{goroot}/bin/linux_%{gohostarch} -ln -sfv ../go %{buildroot}%{goroot}/bin/linux_%{gohostarch}/go -ln -sfv ../gofmt %{buildroot}%{goroot}/bin/linux_%{gohostarch}/gofmt -ln -sfv %{goroot}/bin/gofmt %{buildroot}%{_bindir}/gofmt -ln -sfv %{goroot}/bin/go %{buildroot}%{_bindir}/go - -# ensure these exist and are owned -mkdir -p %{buildroot}%{gopath}/src/github.com/ \ - %{buildroot}%{gopath}/src/bitbucket.org/ \ - %{buildroot}%{gopath}/src/code.google.com/ \ - %{buildroot}%{gopath}/src/code.google.com/p/ - -install -vdm755 %{buildroot}%{_sysconfdir}/profile.d -cat >> %{buildroot}%{_sysconfdir}/profile.d/go-exports.sh <<- "EOF" -export GOROOT=%{goroot} -export GOPATH=%{_datadir}/gocode -export GOHOSTOS=linux -export GOHOSTARCH=%{gohostarch} -export GOOS=linux -EOF - -#chown -R root:root %{buildroot}%{_sysconfdir}/profile.d/go-exports.sh -#%%{_fixperms} %{buildroot}/* - -%post -p /sbin/ldconfig - -%postun -/sbin/ldconfig -if [ $1 -eq 0 ]; then - #This is uninstall - rm -rf %{_sysconfdir}/profile.d/go-exports.sh \ - /opt/%{name} - exit 0 -fi - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%exclude %{goroot}/src/*.rc -%exclude %dir %{goroot}/include/plan9 -%{_sysconfdir}/profile.d/go-exports.sh -%{goroot}/* -%{gopath}/src -%exclude %dir %{goroot}/src/pkg/debug/dwarf/testdata -%exclude %dir %{goroot}/src/pkg/debug/elf/testdata -%ifarch aarch64 -%exclude %dir %{goroot}/src/debug/dwarf/testdata -%exclude %dir %{goroot}/src/debug/elf/testdata -%endif -%{_bindir}/* - -%changelog -* Wed Oct 11 2023 Piyush Gupta 1.20.10-1 -- Upgrade to 1.20.10. -* Tue Aug 08 2023 Piyush Gupta 1.20.8-1 -- Upgrade to 1.20.8. -* Tue Aug 08 2023 Piyush Gupta 1.20.7-1 -- Upgrade to 1.20.7 -* Mon Jul 03 2023 Piyush Gupta 1.20.5-1 -- Upgrade to 1.20.5 -* Wed May 03 2023 Piyush Gupta 1.20.4-1 -- Upgrade to 1.20.4 -* Thu Mar 09 2023 Piyush Gupta 1.20.2-1 -- Upgrade to 1.20.2 -* Fri Jan 20 2023 Vamsi Krishna Brahmajosyula 1.19.3-2 -- Remove requires on libc.so.6 -* Mon Nov 21 2022 Piyush Gupta 1.19.3-1 -- Upgrade to 1.19.3 -* Wed Oct 26 2022 Piyush Gupta 1.19.2-1 -- Upgrade to 1.19.2 -* Fri Jun 17 2022 Piyush Gupta 1.19-1 -- Upgrade to 1.19 -* Mon Feb 28 2022 Shreenidhi Shedi 1.16.5-2 -- Fix binary path -* Fri Jun 11 2021 Piyush Gupta 1.16.5-1 -- Update to 1.16.5 -* Fri Feb 05 2021 Harinadh D 1.15.8-1 -- Update to 1.15.8 -* Fri Jan 15 2021 Piyush Gupta 1.15.6-1 -- Update to 1.15.6 -* Wed Oct 28 2020 Him Kalyan Bordoloi 1.14.8-2 -- Fix glibc dependency on aarch64 -* Tue Oct 06 2020 Ashwin H 1.14.8-1 -- Update to 1.14.8 -* Thu Mar 05 2020 1.14-1 -- Initial build for 1.14 diff --git a/SPECS/gobgp/gobgp.spec b/SPECS/gobgp/gobgp.spec deleted file mode 100644 index d7de491ff0..0000000000 --- a/SPECS/gobgp/gobgp.spec +++ /dev/null @@ -1,90 +0,0 @@ -%define debug_package %{nil} -Summary: BGP implementation in Go -Name: gobgp -Version: 3.1.0 -Release: 10%{?dist} -Group: Applications/System -Vendor: VMware, Inc. -License: Apache-2.0 -URL: /~https://github.com/osrg/gobgp -Source0: /~https://github.com/osrg/gobgp/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 gobgp=7f2d3c2f8e267450bc9fc318e87c3740dab1b1ed11a458d5f4468e0fe902f9bd92697ffdd237b6722968a02f098839ddd8c95ebfce2d5b6a5c7c6426e3136e91 -Distribution: Photon -BuildRequires: git -BuildRequires: go - -%description -GoBGP is an open source BGP implementation designed from scratch for modern environment, -and implemented in a modern programming language, the Go Programming Language. - -%prep -%autosetup - -%build -mkdir -p ${GOPATH}/src/github.com/osrg/gobgp -cp -r * ${GOPATH}/src/github.com/osrg/gobgp/. -pushd ${GOPATH}/src/github.com/osrg/gobgp -go mod download -mkdir -p dist -pushd cmd/gobgp -go build -v -o ../../dist/gobgp -ldflags "-X main.VERSION=%{version} -s -w" -popd -pushd cmd/gobgpd -go build -v -o ../../dist/gobgpd -ldflags "-X main.VERSION=%{version} -s -w" -popd -popd - -%install -pushd ${GOPATH}/src/github.com/osrg/gobgp -install -vdm 755 %{buildroot}%{_bindir} -install ${GOPATH}/src/github.com/osrg/gobgp/dist/gobgp %{buildroot}%{_bindir}/ -install ${GOPATH}/src/github.com/osrg/gobgp/dist/gobgpd %{buildroot}%{_bindir}/ - -%files -%defattr(-,root,root) -%{_bindir}/gobgp -%{_bindir}/gobgpd -%doc LICENSE README.md - -%changelog -* Wed Oct 11 2023 Piyush Gupta 3.1.0-10 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 3.1.0-9 -- Bump up version to compile with new go -* Mon Jul 17 2023 Piyush Gupta 3.1.0-8 -- Bump up version to compile with new go -* Mon Jul 03 2023 Piyush Gupta 3.1.0-7 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 3.1.0-6 -- Bump up version to compile with new go -* Thu Mar 09 2023 Piyush Gupta 3.1.0-5 -- Bump up version to compile with new go -* Mon Nov 21 2022 Piyush Gupta 3.1.0-4 -- Bump up version to compile with new go -* Wed Oct 26 2022 Piyush Gupta 3.1.0-3 -- Bump up version to compile with new go -* Fri Jun 17 2022 Piyush Gupta 3.1.0-2 -- Bump up version to compile with new go -* Mon Apr 18 2022 Gerrit Photon 3.1.0-1 -- Automatic Version Bump -* Fri Jun 11 2021 Piyush Gupta 2.27.0-2 -- Bump up version to compile with new go -* Mon May 03 2021 Gerrit Photon 2.27.0-1 -- Automatic Version Bump -* Thu Apr 29 2021 Gerrit Photon 2.26.0-1 -- Automatic Version Bump -* Fri Feb 05 2021 Harinadh D 2.20.0-3 -- Bump up version to compile with new go -* Fri Jan 15 2021 Piyush Gupta 2.20.0-2 -- Bump up version to compile with new go -* Thu Oct 01 2020 Gerrit Photon 2.20.0-1 -- Automatic Version Bump -* Fri Jul 24 2020 Gerrit Photon 2.19.0-1 -- Automatic Version Bump -- Bump up version to compile with go 1.13.3-2 -* Mon Jan 21 2019 Bo Gan 1.33-2 -- Build using go 1.9.7 -* Mon Sep 24 2018 Tapas Kundu 1.33-1 -- Updated to 1.33 and Build using go version 1.9 -* Mon Sep 11 2017 Vinay Kulkarni 1.23-1 -- Go BGP daemon for PhotonOS. diff --git a/SPECS/gobject-introspection/gobject-introspection.spec b/SPECS/gobject-introspection/gobject-introspection.spec deleted file mode 100644 index be6c159c96..0000000000 --- a/SPECS/gobject-introspection/gobject-introspection.spec +++ /dev/null @@ -1,178 +0,0 @@ -Name: gobject-introspection -Summary: Introspection system for GObject-based libraries -Version: 1.74.0 -Release: 11%{?dist} -Group: Development/Libraries -License: GPLv2+, LGPLv2+, MIT -URL: http://live.gnome.org/GObjectIntrospection -Distribution: Photon -Vendor: VMware, Inc. - -Source0: https://gitlab.gnome.org/GNOME/gobject-introspection/-/archive/%{version}/%{name}-%{version}.tar.xz -%define sha512 %{name}=decff5dda0ec5ec0afda4d6bcd3bdadcbf34289002c0d9c0c77ecf8c5d3f15d196b24d8035041545031006acbdfe76af47c42da061c40e200c87f2c74cd301f0 - -BuildRequires: intltool -BuildRequires: flex -BuildRequires: bison -BuildRequires: which -BuildRequires: glib-devel -BuildRequires: libffi-devel -BuildRequires: go -BuildRequires: autoconf-archive -BuildRequires: python3-devel -BuildRequires: python3-xml -BuildRequires: meson -BuildRequires: cmake - -Requires: libffi -Requires: glib >= 2.58.0 - -%description -GObject Introspection can scan C header and source files in order to -generate introspection "typelib" files. It also provides an API to examine -typelib files, useful for creating language bindings among other -things. - -%package -n python3-%{name} -Summary: Python3 package for handling GObject introspection data -Group: Development/Languages -Requires: %{name} = %{version}-%{release} -Requires: python3-xml -Requires: python3 - -%description -n python3-%{name} -This package contains a Python package for handling the introspection -data from Python. - -%package devel -Summary: Libraries and headers for gobject-introspection -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} -Requires: python3-%{name} = %{version}-%{release} -Requires: libffi-devel -Requires: glib-devel - -%description devel -Libraries and headers for gobject-introspection. - -%prep -%autosetup -p1 - -%build -%{meson} \ - -Dpython=%{python3} \ - -Dcairo=disabled \ - -Ddoctool=disabled - -%{meson_build} - -%install -%{meson_install} -# Move the python3 modules to the correct location -mkdir -p %{buildroot}%{python3_sitelib} -mv %{buildroot}%{_libdir}/%{name}/giscanner %{buildroot}%{python3_sitelib} -rm -rf %{buildroot}%{_datadir}/gtk-doc/html - -%if 0%{?with_check} -%check -%{meson_test} -%endif - -%clean -rm -rf %{buildroot} - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root,-) -%{_libdir}/lib*.so.* -%dir %{_libdir}/girepository-1.0 -%{_libdir}/girepository-1.0/*.typelib - -%files -n python3-%{name} -%defattr(-,root,root,-) -%{python3_sitelib}/giscanner - -%files devel -%defattr(-,root,root,-) -%{_libdir}/lib*.so -%{_libdir}/pkgconfig/* -%{_includedir}/* -%{_bindir}/g-ir-* -%{_datadir}/gir-1.0 -%{_datadir}/aclocal/introspection.m4 -%{_datadir}/%{name}-1.0 -%doc %{_mandir}/man1/*.gz - -%changelog -* Wed Oct 11 2023 Piyush Gupta 1.74.0-11 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 1.74.0-10 -- Bump up version to compile with new go -* Mon Jul 17 2023 Piyush Gupta 1.74.0-9 -- Bump up version to compile with new go -* Mon Jul 03 2023 Piyush Gupta 1.74.0-8 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 1.74.0-7 -- Bump up version to compile with new go -* Thu Mar 09 2023 Piyush Gupta 1.74.0-6 -- Bump up version to compile with new go -* Sat Jan 14 2023 Ashwin Dayanand Kamat 1.74.0-5 -- Bump version as a part of gettext upgrade -* Tue Dec 06 2022 Prashant S Chauhan 1.74.0-4 -- Update release to compile with python 3.11 -* Mon Nov 21 2022 Piyush Gupta 1.74.0-3 -- Bump up version to compile with new go -* Sun Nov 13 2022 Shreenidhi Shedi 1.74.0-2 -- Bump version as a part of autoconf-archive upgrade -* Tue Nov 01 2022 Susant Sahani 1.74.0-1 -- Bump up version -* Wed Oct 26 2022 Piyush Gupta 1.68.0-5 -- Bump up version to compile with new go -* Fri Jun 17 2022 Piyush Gupta 1.68.0-4 -- Bump up version to compile with new go -* Tue May 10 2022 Shreenidhi Shedi 1.68.0-3 -- Bump version as a part of libffi upgrade -* Fri Jun 11 2021 Piyush Gupta 1.68.0-2 -- Bump up version to compile with new go -* Tue Apr 13 2021 Gerrit Photon 1.68.0-1 -- Automatic Version Bump -* Fri Feb 05 2021 Harinadh D 1.66.0-3 -- Bump up version to compile with new go -* Fri Jan 15 2021 Piyush Gupta 1.66.0-2 -- Bump up version to compile with new go -* Mon Sep 21 2020 Gerrit Photon 1.66.0-1 -- Automatic Version Bump -* Sun Aug 30 2020 Gerrit Photon 1.64.1-1 -- Automatic Version Bump -* Thu Aug 13 2020 Ankit Jain 1.58.0-4 -- Requires python3-libs -* Mon Jun 22 2020 Tapas Kundu 1.58.0-3 -- Mass removal python2 -* Mon Dec 10 2018 Alexey Makhalov 1.58.0-2 -- -devel requires -python. -* Thu Sep 06 2018 Anish Swaminathan 1.58.0-1 -- Update version to 1.58.0 -* Tue Jan 02 2018 Alexey Makhalov 1.52.1-5 -- Add autoreconf to support automake-1.15.1 -* Mon Aug 28 2017 Kumar Kaushik 1.52.1-4 -- Disabling make check for Regress-1.0.gir test, bug#1635886 -* Wed Jun 07 2017 Xiaolin Li 1.52.1-3 -- Add python3-xml to python3 sub package Buildrequires. -* Tue May 23 2017 Xiaolin Li 1.52.1-2 -- Added python3 subpackage. -* Wed Apr 12 2017 Danut Moraru 1.52.1-1 -- Updated to version 1.52.1 -* Thu Oct 06 2016 ChangLee 1.46.0-3 -- Modified %check -* Tue May 24 2016 Priyesh Padmavilasom 1.46.0-2 -- GA - Bump release of all rpms -* Thu Feb 25 2016 Kumar Kaushik 1.46.0-1 -- Updated version. -* Mon Oct 12 2015 Xiaolin Li 1.43.3-4 -- Moving static lib files to devel package. -* Fri Oct 9 2015 Xiaolin Li 1.43.3-3 -- Removing la files from packages. -* Mon Jul 6 2015 Alexey Makhalov 1.43.3-2 -- Added more requirements for devel subpackage. diff --git a/SPECS/google-benchmark/google-benchmark.spec b/SPECS/google-benchmark/google-benchmark.spec deleted file mode 100644 index 64449133be..0000000000 --- a/SPECS/google-benchmark/google-benchmark.spec +++ /dev/null @@ -1,77 +0,0 @@ -%global srcname benchmark - -Name: google-benchmark -Version: 1.7.1 -Release: 1%{?dist} -License: Apache-2.0 -Summary: A microbenchmark support library -URL: /~https://github.com/google/%{srcname} -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/google/benchmark/archive/refs/tags/%{name}-%{version}.tar.gz -%define sha512 %{name}=396af1c1d3eaa2b78c6d23b1472f6088db85a294056ae1c2366dc5c0becdc8f141ba8fc3a235033324ab0a41c2298f5d242ef09b9b6f69d9877de6bcb2062efd - -BuildRequires: gtest-devel -BuildRequires: gmock-devel -BuildRequires: ninja-build -BuildRequires: build-essential -BuildRequires: cmake - -%description -A library to support the benchmarking of functions, similar to unit-tests. - -%package devel -Summary: Development files for %{name} -Requires: %{name} = %{version}-%{release} - -%description devel -%{summary}. - -%prep -%autosetup -p1 -n %{srcname}-%{version} -sed -e '/get_git_version/d' -e '/-Werror/d' -i CMakeLists.txt - -%build -%{cmake} -G Ninja \ - -DCMAKE_BUILD_TYPE=Debug \ - -DGIT_VERSION=%{version} \ - -DBENCHMARK_ENABLE_DOXYGEN:BOOL=OFF \ - -DBENCHMARK_ENABLE_TESTING:BOOL=ON \ - -DBENCHMARK_USE_BUNDLED_GTEST:BOOL=OFF \ - -DBENCHMARK_ENABLE_GTEST_TESTS:BOOL=ON \ - -DBENCHMARK_ENABLE_INSTALL:BOOL=ON \ - -DBENCHMARK_INSTALL_DOCS:BOOL=OFF \ - -DCMAKE_INSTALL_LIBDIR=%{_libdir} - -%{cmake_build} - -%install -%{cmake_install} - -%if 0%{?with_check} -%check -%{ctest} -%endif - -%clean -rm -rf %{buildroot} - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_libdir}/libbenchmark*.so.* - -%files devel -%defattr(-,root,root) -%{_libdir}/libbenchmark*.so -%{_includedir}/%{srcname} -%{_libdir}/cmake/%{srcname} -%{_libdir}/pkgconfig/%{srcname}.pc - -%changelog -* Thu Jan 12 2023 Shreenidhi Shedi 1.7.1-1 -- Intial version. Needed by snappy. diff --git a/SPECS/google-compute-engine/google-compute-engine.spec b/SPECS/google-compute-engine/google-compute-engine.spec deleted file mode 100644 index f76173f75f..0000000000 --- a/SPECS/google-compute-engine/google-compute-engine.spec +++ /dev/null @@ -1,106 +0,0 @@ -%define debug_package %{nil} - -Summary: Package for Google Compute Engine Linux images -Name: google-compute-engine -Version: 20191210 -Release: 3%{?dist} -License: Apache License 2.0 -Group: Development/Languages/Python -Vendor: VMware, Inc. -Distribution: Photon -Url: /~https://github.com/GoogleCloudPlatform/compute-image-packages/ -Source0: /~https://github.com/GoogleCloudPlatform/compute-image-packages/archive/compute-image-packages-%{version}.tar.gz -%define sha512 compute-image-packages=107f4076cecf1d6501dd37d752fdae5836f8b843351ffdf1832e445f9b35a1cc653fceffcb21fb33788629a3c53ae280939dbc559bbee0d5987270ee19ac5fd4 -BuildRequires: python3-devel -BuildRequires: python3-setuptools -BuildRequires: python3-xml -Requires: python3 -Requires: python3-setuptools -Requires: python3-libs -Requires: python3-boto -Requires: python3-distro -Obsoletes: google-daemon -BuildArch: noarch - -%description -Collection of packages installed on Google supported Compute Engine images. - -%package -n google-compute-engine-services -Summary: Service files for compute engine package -#Requires: %{name}=%{version}-%{release} - -%description -n google-compute-engine-services -Collection of service files for packages installed on Google supported Compute Engine images. - -%prep -%autosetup -n compute-image-packages-%{version} - -%build -cd packages/python-google-compute-engine -%py3_build - -%install -cd packages/python-google-compute-engine -%py3_install -install -d %{buildroot}%{_libdir}/systemd/system -cd ../.. -cp packages/google-compute-engine/src/lib/systemd/system/*.service %{buildroot}%{_libdir}/systemd/system - -%post -n google-compute-engine-services -systemctl stop --no-block google-accounts-daemon -systemctl stop --no-block google-clock-skew-daemon -systemctl stop --no-block google-network-daemon - -systemctl enable google-accounts-daemon.service -systemctl enable google-clock-skew-daemon.service -systemctl enable google-instance-setup.service -systemctl enable google-network-daemon.service -systemctl enable google-shutdown-scripts.service -systemctl enable google-startup-scripts.service - -systemctl start --no-block google-accounts-daemon -systemctl start --no-block google-clock-skew-daemon -systemctl start --no-block google-network-daemon - -%postun -n google-compute-engine-services -systemctl stop --no-block google-accounts-daemon -systemctl stop --no-block google-clock-skew-daemon -systemctl stop --no-block google-network-daemon - -systemctl --no-reload disable google-accounts-daemon.service -systemctl --no-reload disable google-clock-skew-daemon.service -systemctl --no-reload disable google-instance-setup.service -systemctl --no-reload disable google-network-daemon.service -systemctl --no-reload disable google-shutdown-scripts.service -systemctl --no-reload disable google-startup-scripts.service - -%files -%defattr(-,root,root) -%{_bindir}/google_accounts_daemon -%{_bindir}/google_clock_skew_daemon -%{_bindir}/google_instance_setup -%{_bindir}/google_metadata_script_runner -%{_bindir}/google_network_daemon -%{python3_sitelib}/* - -%files -n google-compute-engine-services -%defattr(-,root,root) -%{_libdir}/systemd/system/*.service - -%changelog -* Mon Nov 28 2022 Prashant S Chauhan 20191210-3 -- Update release to compile with python 3.11 -* Mon Nov 02 2020 Prashant S Chauhan 20191210-2 -- Add python3-distro as requires -* Wed Sep 09 2020 Gerrit Photon 20191210-1 -- Automatic Version Bump -* Sat Jun 20 2020 Tapas Kundu 20180905-2 -- Mass removal python2 -* Wed Sep 12 2018 Anish Swaminathan 20180905-1 -- Upgrade to 20180905 -* Wed Aug 23 2017 Anish Swaminathan 20170426-3 -- Remove boto configuration from instance setup -* Wed Jun 07 2017 Xiaolin Li 20170426-2 -- Add python3-setuptools and python3-xml to python3 sub package Buildrequires. -* Fri Apr 28 2017 Anish Swaminathan 20170426-1 -- Initial packaging for Photon diff --git a/SPECS/govmomi/govmomi.spec b/SPECS/govmomi/govmomi.spec deleted file mode 100644 index 7248a5bd06..0000000000 --- a/SPECS/govmomi/govmomi.spec +++ /dev/null @@ -1,76 +0,0 @@ -Summary: GO interface to the VMware vSphere API. -Name: govmomi -Version: 0.29.0 -Release: 9%{?dist} -Group: Development/Languages -License: Apache License 2.0 -Vendor: VMware, Inc. -Distribution: Photon -URL: /~https://github.com/vmware/govmomi -Source0: /~https://github.com/vmware/govmomi/%{name}-%{version}.tar.gz -%define sha512 govmomi=f43cdb8333775689ede39bc2f488433de1a8c6be9cffd534f50023557f5fde3bddc6f2ead88d9f23d0de3a7ed16191bc4daa1e7f31dceb80055feb202c94ab7e -BuildRequires: go -BuildRequires: which -BuildRequires: ca-certificates - -%description -A Go library for interacting with VMware vSphere APIs (ESXi and/or vCenter). The code in the govmomi package is a wrapper for the code that is generated from the vSphere API description. -It primarily provides convenience functions for working with the vSphere API. - -%prep -%autosetup -n %{name}-%{version} - -%build -cd .. -mkdir -p build/src/github.com/vmware/%{name} -mkdir -p build/bin -mv %{name}-%{version}/* build/src/github.com/vmware/%{name} -cd build -export GOPATH=`pwd` -cd bin -export GOBIN=`pwd` -export PATH=$PATH:$GOBIN -export GO111MODULE=auto -cd ../src/github.com/vmware/%{name} -go build -cd govc -go build -go install -cd ../vcsim -go build -go install - -%install -mkdir -p %{buildroot}%{_bindir} -cp -r ../build/bin/govc %{buildroot}%{_bindir} -cp -r ../build/bin/vcsim %{buildroot}%{_bindir} - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_bindir}/govc -%{_bindir}/vcsim - -%changelog -* Wed Oct 11 2023 Piyush Gupta 0.29.0-9 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 0.29.0-8 -- Bump up version to compile with new go -* Mon Jul 17 2023 Piyush Gupta 0.29.0-7 -- Bump up version to compile with new go -* Mon Jul 03 2023 Piyush Gupta 0.29.0-6 -- Bump up version to compile with new go -* Wed May 03 2023 Piyush Gupta 0.29.0-5 -- Bump up version to compile with new go -* Thu Mar 09 2023 Piyush Gupta 0.29.0-4 -- Bump up version to compile with new go -* Mon Nov 21 2022 Piyush Gupta 0.29.0-3 -- Bump up version to compile with new go -* Wed Oct 26 2022 Piyush Gupta 0.29.0-2 -- Bump up version to compile with new go -* Thu Sep 15 2022 Shivani Agarwal 0.29.0-1 -- Upgrade Version -* Fri May 13 2022 Shivani Agarwal 0.28.0-1 -- Initial version of govmomi 0.28.0 diff --git a/SPECS/gperf/gperf.spec b/SPECS/gperf/gperf.spec deleted file mode 100644 index 993f67beef..0000000000 --- a/SPECS/gperf/gperf.spec +++ /dev/null @@ -1,53 +0,0 @@ -Summary: Gperf-3.0.4 -Name: gperf -Version: 3.1 -Release: 2%{?dist} -License: GPLv3+ -URL: https://www.gnu.org/software/gperf -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnu.org/gnu/gperf/%{name}-%{version}.tar.gz -%define sha512 %{name}=855ebce5ff36753238a44f14c95be7afdc3990b085960345ca2caf1a2db884f7db74d406ce9eec2f4a52abb8a063d4ed000a36b317c9a353ef4e25e2cca9a3f4 - -%description -Gperf generates a perfect hash function from a key set. - -%prep -%autosetup -p1 - -%build -%configure \ - --docdir=%{_docdir}/%{name}-%{version} - -%make_build - -%install -%make_install %{?_smp_mflags} -install -v -m644 doc/gperf.{dvi,ps,pdf} %{buildroot}/%{_docdir}/%{name}-%{version} -pushd %{buildroot}%{_datadir}/info -for FILENAME in *; do - install-info $FILENAME %{name}-%{version} 2>/dev/null -done -popd - -%check -make %{?_smp_mflags} check - -%files -%defattr(-,root,root) -%{_docdir}/%{name}-%{version}/* -%{_mandir}/man1/* -%{_datadir}/info/* -%{_bindir}/* - -%changelog -* Thu Nov 15 2018 Alexey Makhalov 3.1-2 -- Cross compilation support -* Thu Apr 13 2017 Danut Moraru 3.1-1 -- Updated to version 3.1 -* Tue May 24 2016 Priyesh Padmavilasom 3.0.4-2 -- GA - Bump release of all rpms -* Thu Oct 23 2014 Divya Thaluru 3.0.4-1 -- Initial build. First version diff --git a/SPECS/gperftools/gperftools.spec b/SPECS/gperftools/gperftools.spec deleted file mode 100644 index 623b705877..0000000000 --- a/SPECS/gperftools/gperftools.spec +++ /dev/null @@ -1,84 +0,0 @@ -Summary: A fast malloc tool for threads -Name: gperftools -Version: 2.10 -Release: 2%{?dist} -License: BSD -URL: /~https://github.com/gperftools/gperftools -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/gperftools/gperftools/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz -%define sha512 %{name}=81f3b913e76641c6e51cdfe741fd0028bf9237e3e0f3937ea692ff420c8d006ee01be220417833e55809514fb88eeb0b695fa0a2cac614e60234b8c019a6e92a - -%description -gperftools is a collection of a high-performance multi-threaded malloc() implementation, -plus some pretty nifty performance analysis tools. - -%package devel -Summary: gperftools devel -Group: Development/Tools -Requires: %{name} = %{version}-%{release} - -%description devel -This contains development tools and libraries for gperftools. - -%package docs -Summary: gperftools docs -Group: Development/Tools -%description docs -The contains gperftools package doc files. - -%prep -%autosetup -p1 - -%build -%configure \ - --docdir=%{_docdir}/%{name}-%{version} - -%make_build - -%install -%make_install %{?_smp_mflags} - -%check -TCMALLOC_SAMPLE_PARAMETER=128 \ - %make_build check - -%files -%defattr(-,root,root) -%{_bindir}/pprof -%{_bindir}/pprof-symbolize -%{_libdir}/libprofiler*.so.* -%{_libdir}/libtcmalloc*.so.* - -%files devel -%defattr(-,root,root) -%{_includedir}/google/* -%{_includedir}/gperftools/* -%{_libdir}/libprofiler*.a -%{_libdir}/libprofiler*.so -%{_libdir}/libtcmalloc*.a -%{_libdir}/libtcmalloc*.so -%{_libdir}/pkgconfig/lib* - -%files docs -%defattr(-,root,root) -%{_docdir}/%{name}-%{version}/* -%{_mandir}/man1/* - -%changelog -* Wed Sep 13 2023 Shreenidhi Shedi 2.10-2 -- devel package should require main package -* Mon Jul 11 2022 Gerrit Photon 2.10-1 -- Automatic Version Bump -* Tue Apr 13 2021 Gerrit Photon 2.9.1-1 -- Automatic Version Bump -* Fri Jul 17 2020 Gerrit Photon 2.8-1 -- Automatic Version Bump -* Tue Sep 11 2018 Anish Swaminathan 2.7-1 -- Update version to 2.7 -* Mon Jul 31 2017 Vinay Chang Lee 2.5-2 -- Fix %check -* Mon Feb 06 2017 Vinay Kulkarni 2.5-1 -- Initial version of gperftools package. diff --git a/SPECS/gpgme/gpgme.spec b/SPECS/gpgme/gpgme.spec deleted file mode 100644 index 77694bfad6..0000000000 --- a/SPECS/gpgme/gpgme.spec +++ /dev/null @@ -1,108 +0,0 @@ -Summary: High-Level Crypto API -Name: gpgme -Version: 1.18.0 -Release: 3%{?dist} -License: GPLv2+ -URL: https://www.gnupg.org/(it)/related_software/gpgme/index.html -Group: System Environment/Security -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://www.gnupg.org/ftp/gcrypt/%{name}/%{name}-%{version}.tar.bz2 -%define sha512 %{name}=c0cb0b337d017793a15dd477a7f5eaef24587fcda3d67676bf746bb342398d04792c51abe3c26ae496e799c769ce667d4196d91d86e8a690d02c6718c8f6b4ac - -Requires: libassuan -Requires: libgpg-error >= 1.32 -# gpgme uses gnupg binaries only at runtime -Requires: gnupg - -BuildRequires: gnupg -BuildRequires: libgpg-error-devel >= 1.32 -BuildRequires: libassuan-devel >= 2.2.0 - -%description -The GPGME package is a C language library that allows to add support for cryptography to a program. It is designed to make access to public key crypto engines like GnuPG or GpgSM easier for applications. GPGME provides a high-level crypto API for encryption, decryption, signing, signature verification and key management. - -%package devel -Group: Development/Libraries -Summary: Static libraries and header files from GPGME, GnuPG Made Easy. -Requires: %{name} = %{version}-%{release} -Requires: libassuan-devel -Requires: libgpg-error-devel >= 1.32 -Requires: glib-devel - -%description devel -Static libraries and header files from GPGME, GnuPG Made Easy. - -%prep -%autosetup -p1 - -%build -./autogen.sh -%configure \ - --disable-fd-passing \ - --disable-static \ - --enable-languages=cl \ - --disable-gpgsm-test - -%make_build - -%install -%make_install %{?_smp_mflags} - -rm -rf %{buildroot}%{_libdir}/*.la \ - %{buildroot}/%{_infodir} - -%check -cd tests -%make_build check-TESTS - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_libdir}/*.so.* - -%files devel -%defattr(-,root,root) -%{_bindir}/* -%{_includedir}/*.h -%{_libdir}/*.so -%{_datadir}/aclocal/* -%{_datadir}/common-lisp/source/gpgme/* -%{_libdir}/pkgconfig/*.pc - -%changelog -* Thu Sep 14 2023 Shreenidhi Shedi 1.18.0-3 -- Fix devel package requires -* Thu Dec 22 2022 Guruswamy Basavaiah 1.18.0-2 -- Bump release as a part of libgpg-error upgrade to 1.46 -* Wed Aug 17 2022 Gerrit Photon 1.18.0-1 -- Automatic Version Bump -* Mon Apr 18 2022 Gerrit Photon 1.17.1-1 -- Automatic Version Bump -* Tue Apr 13 2021 Gerrit Photon 1.15.1-1 -- Automatic Version Bump -* Thu Jul 16 2020 Gerrit Photon 1.14.0-1 -- Automatic Version Bump -* Sat Oct 20 2018 Ankit Jain 1.11.1-2 -- Removed gpg2, gnupg-2.2.10 doesn't provide gpg2 -* Tue Sep 11 2018 Anish Swaminathan 1.11.1-1 -- Update version to 1.11.1 -* Wed Aug 30 2017 Alexey Makhalov 1.9.0-3 -- Add requires gnupg -* Thu Apr 20 2017 Alexey Makhalov 1.9.0-2 -- Disabe C++ bindings -* Thu Apr 13 2017 Danut Moraru 1.9.0-1 -- Update to version 1.9.0 -* Thu Nov 24 2016 Alexey Makhalov 1.6.0-3 -- Required libgpg-error-devel. -* Tue May 24 2016 Priyesh Padmavilasom 1.6.0-2 -- GA - Bump release of all rpms -* Thu Jan 14 2016 Xiaolin Li 1.6.0-1 -- Updated to version 1.6.0 -* Wed May 20 2015 Touseef Liaqat 1.5.3-2 -- Updated group. -* Tue Dec 30 2014 Divya Thaluru 1.5.3-1 -- Initial version. diff --git a/SPECS/gpsd/gpsd.spec b/SPECS/gpsd/gpsd.spec deleted file mode 100644 index 4e9a85d30d..0000000000 --- a/SPECS/gpsd/gpsd.spec +++ /dev/null @@ -1,238 +0,0 @@ -Name: gpsd -Version: 3.25 -Release: 3%{?dist} -Summary: Service daemon for mediating access to a GPS -Group: System Environment -Vendor: VMware, Inc. -Distribution: Photon -License: BSD-2-Clause -URL: https://gpsd.gitlab.io/gpsd - -Source0: https://download-mirror.savannah.gnu.org/releases/%{name}/%{name}-%{version}.tar.gz -%define sha512 %{name}=0684cbd30defa1a328898589e1d61b2431462a774aff56c588bd00c1fbd92ac94cf6fc1f2b981debac78c34ab09fa24f48ed6334f3ecd09e6b8f5faa92ae1085 - -BuildRequires: dbus-devel -BuildRequires: dbus-glib-devel -BuildRequires: ncurses-devel -BuildRequires: xmlto -BuildRequires: python3-devel -BuildRequires: python3-setuptools -BuildRequires: scons -BuildRequires: python3-pygobject -BuildRequires: cairo -BuildRequires: fontconfig-devel -BuildRequires: freetype2-devel -BuildRequires: python3-pyserial -BuildRequires: bluez-devel -BuildRequires: systemd-devel -BuildRequires: libusb-devel - -Requires: %{name}-libs = %{version}-%{release} -Requires: dbus -Requires: systemd -Requires: libical -Requires: bluez -Requires: libusb -Requires: util-linux-libs -Requires: ncurses-libs -Requires: libcap -Requires: libgpg-error -Requires: xz-libs -Requires: glibc - -%description -gpsd is a service daemon that mediates access to a GPS sensor -connected to the host computer by serial or USB interface, making its -data on the location/course/velocity of the sensor available to be -queried on TCP port 2947 of the host computer. With gpsd, multiple -GPS client applications (such as navigational and wardriving software) -can share access to a GPS without contention or loss of data. Also, -gpsd responds to queries with a format that is substantially easier to -parse than NMEA 0183. - -%package libs -Summary: Client libraries in C for talking to a running gpsd or GPS -Requires: bluez - -%description libs -This package contains the gpsd libraries that manage access -to a GPS for applications. - -%package -n python3-%{name} -Summary: Python libraries and modules for use with gpsd -Requires: %{name}-libs = %{version}-%{release} -Requires: python3 -Provides: python-%{name} - -BuildArch: noarch - -%description -n python3-%{name} -This package contains the python3 modules that manage access to a GPS for -applications, and commonly useful python applications for use with gpsd. - -%package devel -Summary: Development files for the gpsd library -Requires: %{name} = %{version}-%{release} - -%description devel -This package provides C header files for the gpsd shared libraries that -manage access to a GPS for applications - -%package clients -Summary: Clients for gpsd -Requires: python3-%{name} = %{version}-%{release} -Requires: python3-pyserial -Requires: python3-pygobject -Requires: %{name}-libs = %{version}-%{release} - -%description clients -xgps is a simple test client for gpsd with an X interface. It displays -current GPS position/time/velocity information and (for GPSes that -support the feature) the locations of accessible satellites. - -xgpsspeed is a speedometer that uses position information from the GPS. -It accepts an -h option and optional argument as for gps, or a -v option -to dump the package version and exit. Additionally, it accepts -rv -(reverse video) and -nc (needle color) options. - -cgps resembles xgps, but without the pictorial satellite display. It -can run on a serial terminal or terminal emulator. - -gpsfake can feed data from files to simulate data coming from many -different gps devices. - -%prep -%autosetup -p1 - -%build -export CCFLAGS="%{optflags}" -export LINKFLAGS="-lm" - -# breaks with %{_smp_mflags} -scons \ - bindir=%{_bindir} \ - build packaging \ - dbus_export=yes \ - debug=yes \ - docdir=%{_docdir} \ - icondir=%{_datadir}/%{name} \ - includedir=%{_includedir} \ - leapfetch=no \ - libdir=%{_libdir} \ - libQgpsmm=no \ - manbuild=no \ - pkgconfigdir=%{_libdir}/pkgconfig \ - prefix=%{_prefix} \ - python_libdir=%{python3_sitearch} \ - python_shebang="%{python3}" \ - release=%{release} \ - sbindir=%{_sbindir} \ - sysconfdif=%{_sysconfdir} \ - systemd=yes \ - target_python=python3 \ - udevdir=$(dirname %{_udevrulesdir}) \ - unitdir=%{_unitdir} - -%install -# avoid rebuilding -export CCFLAGS="%{optflags}" -export LINKFLAGS="-lpthread" - -DESTDIR=%{buildroot} scons install systemd_install udev-install - -# use the old name for udev rules -mv %{buildroot}%{_udevrulesdir}/{25,99}-%{name}.rules - -install -d -m 0755 %{buildroot}%{_sysconfdir}/sysconfig -install -p -m 0644 packaging/rpm/%{name}.sysconfig \ - %{buildroot}%{_sysconfdir}/sysconfig/%{name} - -# Delete the .desktop files (no GUI in Photon) -rm -f packaging/X11/xgpsspeed.desktop packaging/X11/xgps.desktop - -# Don't package doc/man files -rm -rf INSTALL.adoc TODO %{buildroot}%{_datadir}/doc %{buildroot}/%{_mandir}/man* - -# Missed in scons install -install -p -m 0755 gpsinit %{buildroot}%{_sbindir} - -%post -%systemd_post %{name}.service %{name}.socket - -%preun -%systemd_preun %{name}.service %{name}.socket - -%postun -# Don't restart the service -%systemd_postun %{name}.service %{name}.socket - -%post libs -p /sbin/ldconfig -%postun libs -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%exclude %{_datadir}/snmp/mibs/%{name}/GPSD-MIB -%config(noreplace) %{_sysconfdir}/sysconfig/%{name} -%{_sbindir}/%{name} -%{_sbindir}/gpsdctl -%{_sbindir}/gpsinit -%{_bindir}/gpsdebuginfo -%{_bindir}/gpsmon -%{_bindir}/gpssnmp -%{_bindir}/gpsctl -%{_bindir}/ntpshmmon -%{_bindir}/ppscheck -%{_unitdir}/%{name}.service -%{_unitdir}/%{name}.socket -%{_unitdir}/gpsdctl@.service -%{_udevrulesdir}/*.rules - -%files libs -%defattr(-,root,root) -%{_libdir}/libgps.so.* -%{_libdir}/libgpsdpacket.so.* - -%files -n python3-%{name} -%defattr(-,root,root) -%{_bindir}/gpsprof -%{python3_sitearch}/gps* -%{python3_sitearch}/gps/fake* - -%files devel -%defattr(-,root,root) -%{_libdir}/libgps.so -%{_libdir}/libgpsdpacket.so -%{_libdir}/pkgconfig/libgps.pc -%{_includedir}/gps.h -%{_includedir}/libgpsmm.h - -%files clients -%defattr(-,root,root) -%{_bindir}/cgps -%{_bindir}/gegps -%{_bindir}/gps2udp -%{_bindir}/gpscat -%{_bindir}/gpscsv -%{_bindir}/gpsdecode -%{_bindir}/gpspipe -%{_bindir}/gpsplot -%{_bindir}/gpsrinex -%{_bindir}/gpssubframe -%{_bindir}/gpxlogger -%{_bindir}/lcdgps -%{_bindir}/xgps -%{_bindir}/xgpsspeed -%{_bindir}/gpsfake -%{_bindir}/ubxtool -%{_bindir}/zerk -%dir %{_datadir}/%{name} -%exclude %{_datadir}/%{name}/gpsd-logo.png - -%changelog -* Tue Oct 24 2023 Shreenidhi Shedi 3.25-3 -- Bump version as a part of scons upgrade -* Thu Sep 14 2023 Shreenidhi Shedi 3.25-2 -- Fix devel package requires -* Tue Jun 06 2023 Brennan Lamoreaux 3.25-1 -- Initial addition to Photon. Adapted from provided spec file -- in the gpsd gitlab repository. diff --git a/SPECS/gptfdisk/gptfdisk-1.0.9-convenience-1.patch b/SPECS/gptfdisk/gptfdisk-1.0.9-convenience-1.patch deleted file mode 100644 index 7fb4ae922b..0000000000 --- a/SPECS/gptfdisk/gptfdisk-1.0.9-convenience-1.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff --git a/Makefile b/Makefile -index af9701c..4389b15 100644 ---- a/Makefile -+++ b/Makefile -@@ -165,6 +165,11 @@ lint: #no pre-reqs - clean: #no pre-reqs - rm -f core *.o *~ $(ALL_EXE) - -+install: gdisk cgdisk sgdisk fixparts -+ install -dm 755 $(DESTDIR)/sbin $(DESTDIR)/usr/share/man/man8 -+ install -m755 gdisk cgdisk sgdisk fixparts $(DESTDIR)/sbin -+ install -m644 *.8 $(DESTDIR)/usr/share/man/man8 -+ - strip: #no pre-reqs - $(STRIP) $(ALL_EXE) - diff --git a/SPECS/gptfdisk/gptfdisk-Makefile.patch b/SPECS/gptfdisk/gptfdisk-Makefile.patch deleted file mode 100644 index 3a2d357524..0000000000 --- a/SPECS/gptfdisk/gptfdisk-Makefile.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/Makefile b/Makefile -index af9701c..974f9d8 100644 ---- a/Makefile -+++ b/Makefile -@@ -148,7 +148,7 @@ gdisk: $(LIB_OBJS) gdisk.o gpttext.o - $(CXX) $(LIB_OBJS) gdisk.o gpttext.o $(LDFLAGS) $(LDLIBS) $(FATBINFLAGS) -o gdisk$(FN_EXTENSION) - - cgdisk: $(LIB_OBJS) cgdisk.o gptcurses.o -- $(CXX) $(LIB_OBJS) cgdisk.o gptcurses.o $(LDFLAGS) $(LDLIBS) $(CGDISK_LDLIBS) -o cgdisk$(FN_EXTENSION) -+ $(CXX) $(LIB_OBJS) cgdisk.o gptcurses.o $(LDFLAGS) -ltinfo $(LDLIBS) $(CGDISK_LDLIBS) -o cgdisk$(FN_EXTENSION) - - sgdisk: $(LIB_OBJS) sgdisk.o gptcl.o - $(CXX) $(LIB_OBJS) sgdisk.o gptcl.o $(LDFLAGS) $(LDLIBS) $(SGDISK_LDLIBS) $(THINBINFLAGS) -o sgdisk$(FN_EXTENSION) diff --git a/SPECS/gptfdisk/gptfdisk.spec b/SPECS/gptfdisk/gptfdisk.spec deleted file mode 100644 index 7dbabdaf59..0000000000 --- a/SPECS/gptfdisk/gptfdisk.spec +++ /dev/null @@ -1,84 +0,0 @@ -Summary: gptfdisk-1.0.4 -Name: gptfdisk -Version: 1.0.9 -Release: 2%{?dist} -License: GPLv2+ -URL: http://sourceforge.net/projects/gptfdisk -Group: System Environment/Filesystem and Disk management -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://downloads.sourceforge.net/project/gptfdisk/%{version}/%{name}-%{version}.tar.gz -%define sha512 %{name}=c2489ac7e196cb53b9fdb18d0e421571eca43c366de8922c5c7f550aadf192558e7af69b181c30747d6cf607c1670126223465eaa5e231cc589402d94a4e97a2 - -# Patch0 taken from: -# http://ftp.oregonstate.edu/.1/blfs/conglomeration/gptfdisk/gptfdisk-1.0.9-convenience-1.patch -Patch0: %{name}-%{version}-convenience-1.patch -Patch1: gptfdisk-Makefile.patch - -BuildRequires: popt-devel -BuildRequires: ncurses-devel -BuildRequires: util-linux-devel - -Requires: popt >= 1.16 -Requires: ncurses -Requires: ncurses-devel -Requires: libstdc++ -Requires: util-linux - -%description -The gptfdisk package is a set of programs for creation and maintenance of GUID Partition -Table (GPT) disk drives. A GPT partitioned disk is required for drives greater than 2 TB -and is a modern replacement for legacy PC-BIOS partitioned disk drives that use a -Master Boot Record (MBR). The main program, gdisk, has an interface similar to the -classic fdisk program. - -%prep -%autosetup -p1 -n %{name}-%{version} - -%build -sed -i 's|ncursesw/||' gptcurses.cc -%make_build POPT=1 - -%install -%make_install %{?_smp_mflags} POPT=1 -mv %{buildroot}/sbin %{buildroot}%{_usr} - -%{_fixperms} %{buildroot}/* - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_sbindir}/* -%{_mandir}/man8/* - -%changelog -* Fri Jun 09 2023 Nitesh Kumar 1.0.9-2 -- Bump version as a part of ncurses upgrade to v6.4 -* Thu Sep 29 2022 Shreenidhi Shedi 1.0.9-1 -- Upgrade to v1.0.9 -* Mon Feb 28 2022 Shreenidhi Shedi 1.0.7-3 -- Fix binary path -* Fri Nov 19 2021 Oliver Kurth 1.0.7-2 -- Build with -tinfo -* Tue Apr 13 2021 Gerrit Photon 1.0.7-1 -- Automatic Version Bump -* Wed Jul 08 2020 Gerrit Photon 1.0.5-1 -- Automatic Version Bump -* Tue Sep 11 2018 Anish Swaminathan 1.0.4-1 -- Update version to 1.0.4 -* Mon Jun 05 2017 Bo Gan 1.0.1-4 -- Fix dependency -* Wed Oct 05 2016 ChangLee 1.0.1-3 -- Modified %check -* Tue May 24 2016 Priyesh Padmavilasom 1.0.1-2 -- GA - Bump release of all rpms -* Fri Feb 26 2016 Kumar Kaushik 1.0.1-1 -- Updated Version. -* Thu Oct 30 2014 Divya Thaluru 0.8.10-1 -- Initial build. First version diff --git a/SPECS/graphene/graphene.spec b/SPECS/graphene/graphene.spec deleted file mode 100644 index 7873273128..0000000000 --- a/SPECS/graphene/graphene.spec +++ /dev/null @@ -1,75 +0,0 @@ -Summary: Thin layer of types for graphic libraries. -Name: graphene -Version: 1.10.8 -Release: 2%{?dist} -License: MIT -URL: /~https://github.com/ebassi/graphene -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/ebassi/graphene/archive/refs/tags//%{name}-%{version}.tar.gz -%define sha512 %{name}=526b0c17049459b687ceb7f6c26c9d982535e4048e74a0b6282704f9811d3c2e7e0e6cfef166aa953306b6cf77add6677bc600ae0c66cc052dc04c3d0345bd68 - -BuildRequires: meson >= 0.50 -BuildRequires: ninja-build -BuildRequires: gobject-introspection-devel - -Requires: gobject-introspection - -%description -Graphene provides a small set of mathematical types needed to implement graphic -libraries that deal with 2D and 3D transformations and projections. - -%package devel -Summary: Header and development files -Requires: %{name} = %{version}-%{release} -Requires: glib-devel - -%description devel -The %{name}-devel package contains libraries and header files for -developing applications that use %{name}. - -%prep -%autosetup -p1 - -%build -%meson \ - -Dtests=true \ - -Dinstalled_tests=false \ - %{nil} - -%meson_build - -%install -%meson_install - -%ldconfig_scriptlets - -%check -%meson_test - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_libdir}/girepository-1.0/ -%{_libdir}/libgraphene-1.0.so.0* - -%files devel -%defattr(-,root,root) -%{_includedir}/graphene-1.0/ -%dir %{_libdir}/graphene-1.0 -%{_libdir}/graphene-1.0/include/ -%{_libdir}/libgraphene-1.0.so -%{_libdir}/pkgconfig/graphene-1.0.pc -%{_libdir}/pkgconfig/graphene-gobject-1.0.pc -%{_libexecdir}/installed-tests/* -%{_datadir}/gir-1.0/ - -%changelog -* Thu Sep 14 2023 Shreenidhi Shedi 1.10.8-2 -- Fix devel package requires -* Mon Sep 5 2022 Shivani Agarwal 1.10.8-1 -- Initial version diff --git a/SPECS/grep/grep.spec b/SPECS/grep/grep.spec deleted file mode 100644 index a6f43251b9..0000000000 --- a/SPECS/grep/grep.spec +++ /dev/null @@ -1,94 +0,0 @@ -Summary: Programs for searching through files -Name: grep -Version: 3.7 -Release: 3%{?dist} -License: GPLv3+ -URL: http://www.gnu.org/software/grep -Group: Applications/File -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnu.org/gnu/grep/%{name}-%{version}.tar.xz -%define sha512 %{name}=e9e45dcd40af8367f819f2b93c5e1b4e98a251a9aa251841fa67a875380fae52cfa27c68c6dbdd6a4dde1b1017ee0f6b9833ef6dd6e419d32d71b6df5e972b82 - -BuildRequires: pcre-devel - -Requires: pcre-libs - -Conflicts: toybox < 0.8.2-2 - -Provides: /bin/grep - -%description -The Grep package contains programs for searching through files. - -%package lang -Summary: Additional language files for grep -Group: System Environment/Base -Requires: %{name} = %{version}-%{release} - -%description lang -These are the additional language files of grep - -%prep -%autosetup -p1 - -%build -%configure \ - --with-included-regex \ - --enable-perl-regexp \ - --disable-silent-rules - -%make_build - -%install -%make_install %{?_smp_mflags} -rm -rf %{buildroot}%{_infodir} -%find_lang %{name} - -%if 0%{?with_check} -%check -make %{?_smp_mflags} check -%endif - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_mandir}/*/* - -%files lang -f %{name}.lang -%defattr(-,root,root) - -%changelog -* Tue Jan 31 2023 Shreenidhi Shedi 3.7-3 -- Enable perl regex support -* Sun May 29 2022 Shreenidhi Shedi 3.7-2 -- Fix binary path -* Mon Apr 18 2022 Gerrit Photon 3.7-1 -- Automatic Version Bump -* Tue Apr 13 2021 Gerrit Photon 3.6-1 -- Automatic Version Bump -* Wed Jul 08 2020 Gerrit Photon 3.4-1 -- Automatic Version Bump -* Thu Apr 16 2020 Alexey Makhalov 3.1-3 -- Do not conflict with toybox >= 0.8.2-2 -* Mon Aug 26 2019 Prashant Singh Chauhan 3.1-2 -- Fix for make check failure -* Wed Sep 12 2018 Anish Swaminathan 3.1-1 -- Update to version 3.1 -* Mon Oct 02 2017 Alexey Makhalov 3.0-4 -- Added conflicts toybox -* Wed Aug 23 2017 Rongrong Qiu 3.0-3 -- Disable grep -P for make check bug 1900287 -* Tue May 02 2017 Anish Swaminathan 3.0-2 -- Add lang package. -* Fri Mar 24 2017 Dheeraj Shetty 3.0-1 -- Upgrading grep to 3.0 version -* Thu Oct 06 2016 ChangLee 2.21-3 -- Modified %check -* Tue May 24 2016 Priyesh Padmavilasom 2.21-2 -- GA - Bump release of all rpms -* Mon Apr 6 2015 Mahmoud Bassiouny 2.21-1 -- Upgrading grep to 2.21 version, and adding -* Wed Nov 5 2014 Divya Thaluru 2.16-1 -- Initial build. First version. diff --git a/SPECS/groff/groff.spec b/SPECS/groff/groff.spec deleted file mode 100644 index 23bee131e6..0000000000 --- a/SPECS/groff/groff.spec +++ /dev/null @@ -1,67 +0,0 @@ -Summary: Programs for processing and formatting text -Name: groff -Version: 1.22.4 -Release: 1%{?dist} -License: GPLv3+ -URL: http://www.gnu.org/software/groff -Group: Applications/Text -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnu.org/gnu/groff/%{name}-%{version}.tar.gz -%define sha512 %{name}=1c42d3cd71efaf067b5850945d9097fa1f0fadd5e2b6ba7446bd9d4f439fe1ad058e4ddb0d4e0f503682137dfc7c822944ce1e3e5cf981673f8ba197ea77126d - -Provides: perl(oop_fh.pl) -Provides: perl(main_subs.pl) -Provides: perl(man.pl) -Provides: perl(subs.pl) - -Requires: perl -Requires: perl-DBI -Requires: perl-DBIx-Simple -Requires: perl-DBD-SQLite -Requires: perl-File-HomeDir - -%define BuildRequiresNative groff - -%description -The Groff package contains programs for processing -and formatting text. - -%prep -%autosetup -p1 - -%build -export PAGE=letter -%configure \ - --with-grofferdir=%{_datadir}/%{name}/%{version}/groffer -# package does not support parallel make -%make_build $(test %{_host} != %{_build} && echo "GROFFBIN=groff") - -%install -install -vdm 755 %{_docdir}/%{name}-1.22/pdf -%make_install %{?_smp_mflags} -rm -rf %{buildroot}%{_infodir} - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/groff/* -%{_datadir}/%{name}/* -%{_docdir}/%{name}-%{version}/* -%{_mandir}/*/* - -%changelog -* Wed Jul 08 2020 Gerrit Photon 1.22.4-1 -- Automatic Version Bump -* Thu Nov 15 2018 Alexey Makhalov 1.22.3-3 -- Cross compilation support -* Tue May 24 2016 Priyesh Padmavilasom 1.22.3-2 -- GA - Bump release of all rpms -* Tue Feb 23 2016 Xiaolin Li 1.22.3-1 -- Updated to version 1.22.3 -* Wed Nov 5 2014 Divya Thaluru 1.22.2-1 -- Initial build. First version diff --git a/SPECS/grpc/grpc.spec b/SPECS/grpc/grpc.spec deleted file mode 100644 index 7a4e8185e8..0000000000 --- a/SPECS/grpc/grpc.spec +++ /dev/null @@ -1,142 +0,0 @@ -%define abseil_ver 20220623.1 -%define envoy_api_commit 9c42588c956220b48eb3099d186487c2f04d32ec -%define opencensus_proto_version 0.3.0 -%define googleapis_commit 2f9af297c84c55c8b871ba4495e01ade42476c92 -%define xds_commit cb28da3451f158a947dfc45090fe92b07b243bc1 - -Summary: Google RPC -Name: grpc -Version: 1.54.2 -Release: 2%{?dist} -License: Apache License, Version 2.0 -URL: https://grpc.io -Group: Development/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/grpc/grpc/archive/%{name}-%{version}.tar.gz -%define sha512 %{name}=4e0527b3968b0b19991477037ef519a62961025d4f7823e32faaec517049feca96da3fd678d1fca69c1d81538f493e60a9a686643e11963bffe589460b9ef755 - -Source1: /~https://github.com/abseil/abseil-cpp/archive/abseil-cpp-%{abseil_ver}.tar.gz -%define sha512 abseil=ab4fccd9a2bfa0c5ad4b56c8e8f8b7ec7a8eca8b6cc6959802acadd1da785e1feb078c6ac621808cd699c82717a9e637dc426d94b70a8db7f2a807059d41cbc2 - -Source2: /~https://github.com/envoyproxy/data-plane-api/archive/%{envoy_api_commit}/data-plane-api-%{envoy_api_commit}.tar.gz -%define sha512 data-plane-api=9b1ceff5d018e70b36e02aa1b583f5495b0eb92506055bf6913d2e7ef401d3602cba8723efbc178ee31fdef9aba510fc2284612ebe22a24b5b4a703f07099897 - -Source3: /~https://github.com/googleapis/googleapis/archive/%{googleapis_commit}/googleapis-%{googleapis_commit}.tar.gz -%define sha512 googleapis=cdeefae807df7097174b4bb28c0900b06a68d424c00ebba4ff5add260c9c651351d5e429bfc5de42f95ebb75dadec313f7bd3991c2fa476c9104f9ea656acad4 - -Source4: /~https://github.com/census-instrumentation/opencensus-proto/archive/v%{opencensus_proto_version}/opencensus-proto-%{opencensus_proto_version}.tar.gz -%define sha512 opencensus-proto=39231a495dfdccfc8267d1e6af2ac624feea611a8691c10ec570de2194b352e4a9c3b0ce1606414fb98e5d77c66873bed4a9e56512efa12b267b8a91e0c5851e - -Source5: /~https://github.com/cncf/xds/archive/%{xds_commit}/xds-%{xds_commit}.tar.gz -%define sha512 xds=eb5878764503872c18b8750b20e2c2e2224e73d9601197752cea7e1e4171899474ad4f39aacc80d6c1b57a50b2161d39f219df64ffb250d045af482dae01ea79 - -BuildRequires: build-essential -BuildRequires: which -BuildRequires: c-ares-devel -BuildRequires: zlib-devel -BuildRequires: cmake -BuildRequires: gperftools-devel -BuildRequires: protobuf-devel >= 3.6.0 -BuildRequires: re2-devel - -Requires: protobuf >= 3.6.0 -Requires: protobuf-c -Requires: c-ares-devel -Requires: zlib-devel -Requires: openssl-devel -Requires: re2 - -%description -Remote Procedure Calls (RPCs) provide a useful abstraction for building -distributed applications and services. The libraries in this repository -provide a concrete implementation of the gRPC protocol, layered over HTTP/2. -These libraries enable communication between clients and servers using and -combination of the supported languages. - -%package devel -Summary: Development files for grpc -Group: Development/Libraries -Requires: grpc = %{version}-%{release} -Requires: protobuf-devel >= 3.6.0 -Requires: re2-devel -%description devel -The grpc-devel package contains libraries and header files for -developing applications that use grpc. - -%prep -%autosetup -p1 -# Using autosetup is not feasible -%setup -q -T -D -b 1 -b 2 -b 3 -b 4 -b 5 -# Overwrite third party sources -rm -r %{_builddir}/%{name}-%{version}/third_party/{envoy-api,googleapis,opencensus-proto,xds} -mv %{_builddir}/data-plane-api-%{envoy_api_commit} %{_builddir}/%{name}-%{version}/third_party/envoy-api -mv %{_builddir}/googleapis-%{googleapis_commit} %{_builddir}/%{name}-%{version}/third_party/googleapis -mv %{_builddir}/opencensus-proto-%{opencensus_proto_version} %{_builddir}/%{name}-%{version}/third_party/opencensus-proto -mv %{_builddir}/xds-%{xds_commit} %{_builddir}/%{name}-%{version}/third_party/xds - -%build -%cmake \ - -DBUILD_SHARED_LIBS=ON \ - -DABSL_PROPAGATE_CXX_STD=ON \ - -DgRPC_BUILD_TESTS=OFF \ - -DgRPC_ZLIB_PROVIDER=package \ - -DgRPC_SSL_PROVIDER=package \ - -DgRPC_PROTOBUF_PROVIDER=package \ - -DgRPC_CARES_PROVIDER=package \ - -DABSL_ROOT_DIR=%{_builddir}/abseil-cpp-%{abseil_ver} \ - -DgRPC_RE2_PROVIDER=package \ - -DCMAKE_INSTALL_LIBDIR=%{_libdir} \ - -DCMAKE_BUILD_TYPE=Debug - -%cmake_build - -%install -%cmake_install -# remove libre2 duplicates. -rm -rf %{buildroot}%{_lib64dir} - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root,-) -%{_bindir}/* -%{_libdir}/*.so.* -%{_datadir}/%{name} - -%files devel -%defattr(-,root,root,-) -%{_includedir}/* -%{_libdir}/pkgconfig/*.pc -%{_libdir}/cmake/* -%{_libdir}/*.so - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 1.54.2-2 -- Bump version as a part of openssl upgrade -* Wed Aug 09 2023 Mukul Sikka 1.54.2-1 -- Updated to latest version -* Sat Jun 10 2023 Shreenidhi Shedi 1.48.1-3 -- Bump version as a part of protobuf upgrade -* Fri Apr 14 2023 Shreenidhi Shedi 1.48.1-2 -- Bump version as a part of zlib upgrade -* Tue Aug 30 2022 Vamsi Krishna Brahmajosyula 1.48.1-1 -- Updated to latest version -* Wed Aug 04 2021 Satya Naga Vasamsetty 1.32.0-4 -- Bump up release for openssl -* Fri Feb 19 2021 Harinadh D 1.32.0-3 -- Version bump up to build with latest protobuf -* Tue Sep 29 2020 Satya Naga Vasamsetty 1.32.0-2 -- openssl 1.1.1 -* Wed Jul 22 2020 Gerrit Photon 1.32.0-1 -- Automatic Version Bump -* Thu Apr 02 2020 Alexey Makhalov 1.15.1-3 -- Fix compilation issue with gcc-8.4.0 -* Wed Mar 25 2020 Alexey Makhalov 1.15.1-2 -- Fix compilation issue with glibc >= 2.30. -* Thu Oct 04 2018 Siju Maliakkal 1.15.1-1 -- Updated to latest version -* Tue Mar 27 2018 Dheeraj Shetty 1.10.0-1 -- initial version diff --git a/SPECS/grub2-theme/grub2-theme.spec b/SPECS/grub2-theme/grub2-theme.spec deleted file mode 100644 index 48558c03f7..0000000000 --- a/SPECS/grub2-theme/grub2-theme.spec +++ /dev/null @@ -1,67 +0,0 @@ -Summary: Photon theme for grub2 -Name: grub2-theme -Version: 5.0 -Release: 1%{?dist} -License: Apache License -Group: System Environment/Base -URL: https://vmware.github.io/photon/ -Vendor: VMware, Inc. -Distribution: Photon -Source0: %{name}-%{version}.tar.xz -%define sha512 grub2-theme=de7a527723f7cacd18582d1c2c6b8ef15b2ae4cc82465f90b4ecf2af2de4fe743c44685b08dce81dfd8a595e672f6510351f28f9d9f54a062721a09c3dcc1a74 -BuildArch: noarch - -%description -grub2-theme provides content of /boot/grub2/themes/photon plus ascii font. - -%package ostree -Summary: GRUB fonts for Ostree -Group: System Environment/Base -Requires: %{name} = %{version}-%{release} -%description ostree -GRUB fonts required by Ostree - -%prep -%autosetup -p1 - -%install -install -d %{buildroot}/boot -cp -a grub2 %{buildroot}/boot/ -ln -s grub2 %{buildroot}/boot/grub - -%files -%defattr(-,root,root,-) -/boot/grub -/boot/grub2/fonts/ascii.pf2 -%dir /boot/grub2/themes -%dir /boot/grub2/themes/photon -/boot/grub2/themes/photon/photon.png -/boot/grub2/themes/photon/terminal_c.tga -/boot/grub2/themes/photon/terminal_e.tga -/boot/grub2/themes/photon/terminal_n.tga -/boot/grub2/themes/photon/terminal_ne.tga -/boot/grub2/themes/photon/terminal_nw.tga -/boot/grub2/themes/photon/terminal_s.tga -/boot/grub2/themes/photon/terminal_se.tga -/boot/grub2/themes/photon/terminal_sw.tga -/boot/grub2/themes/photon/terminal_w.tga -/boot/grub2/themes/photon/theme.txt - -%files ostree -%defattr(-,root,root,-) -/boot/grub2/fonts/unicode.pf2 -/boot/grub2/fonts/unifont.pf2 - -%changelog -* Wed Jan 18 2023 Piyush Gupta 5.0-1 -- Update 5.0 Beta boot splash image. -* Tue Feb 16 2021 Anish Swaminathan 4.0-2 -- Update GA boot splash image. -* Mon Nov 02 2020 Alexey Makhalov 4.0-1 -- Updated boot splash image. -* Tue May 12 2020 Ankit Jain 3.2-3 -- Added unicode.pf2 and unifont.pf2 to grub2/fonts folder. -* Wed Mar 11 2020 Alexey Makhalov 3.2-2 -- Move ascii.pf2 to grub2/fonts folder. -* Mon Mar 09 2020 Alexey Makhalov 3.2-1 -- Initial packaging diff --git a/SPECS/grub2/0001-grub2-emu-hide-menu-skip-retry.patch b/SPECS/grub2/0001-grub2-emu-hide-menu-skip-retry.patch deleted file mode 100644 index 4283258ce6..0000000000 --- a/SPECS/grub2/0001-grub2-emu-hide-menu-skip-retry.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 6ff44b1287bb17d5a53e9ae2abfe165d7a3a8875 Mon Sep 17 00:00:00 2001 -From: Ajay Kaher -Date: Thu, 29 Jun 2023 17:56:48 +0530 -Subject: [PATCH 1/2] grub2-emu: hide menu, skip retry - -- set timeout=0 so that grub2-emu don't display menu. -- exit grub incase any error -- don't wait after printing any message ---- - grub-core/normal/menu.c | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) - -diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index c8516a5..9ead05e 100644 ---- a/grub-core/normal/menu.c -+++ b/grub-core/normal/menu.c -@@ -61,6 +61,7 @@ struct timeout_style_name { - void - grub_wait_after_message (void) - { -+#ifndef GRUB_MACHINE_EMU - grub_uint64_t endtime; - grub_xputs ("\n"); - grub_printf_ (N_("Press any key to continue...")); -@@ -72,6 +73,7 @@ grub_wait_after_message (void) - && grub_getkey_noblock () == GRUB_TERM_NO_KEY); - - grub_xputs ("\n"); -+#endif - } - - /* Get a menu entry by its index in the entry list. */ -@@ -902,6 +904,16 @@ show_menu (grub_menu_t menu, int nested, int autobooted) - int auto_boot; - int notify_boot; - -+#ifdef GRUB_MACHINE_EMU -+ const char *val; -+ val = grub_env_get ("grub2-emu"); -+ if (!(val && !grub_strcmp ("false", val))) -+ { -+ grub_env_set ("timeout", "0"); -+ grub_dprintf ("debug", "set timeout=0\n"); -+ } -+#endif -+ - boot_entry = run_menu (menu, nested, &auto_boot, ¬ify_boot); - if (boot_entry < 0) - break; -@@ -919,6 +931,11 @@ show_menu (grub_menu_t menu, int nested, int autobooted) - grub_menu_execute_entry (e, 0); - if (autobooted) - break; -+ -+#ifdef GRUB_MACHINE_EMU -+ if (!(val && !grub_strcmp ("false", val))) -+ grub_exit (-1); -+#endif - } - - return GRUB_ERR_NONE; --- -2.7.4 - diff --git a/SPECS/grub2/0002-grub2-emu-fix-if-boot-as-partition.patch b/SPECS/grub2/0002-grub2-emu-fix-if-boot-as-partition.patch deleted file mode 100644 index a5626fd02a..0000000000 --- a/SPECS/grub2/0002-grub2-emu-fix-if-boot-as-partition.patch +++ /dev/null @@ -1,150 +0,0 @@ -From 47d22545e0b3ff3edfd1fb7dd2e3b386a8962f7b Mon Sep 17 00:00:00 2001 -From: Ajay Kaher -Date: Tue, 13 Jun 2023 11:09:20 +0530 -Subject: [PATCH 2/2] grub2-emu: fix if /boot as partition - -grub2-emu uses Kexec to switch the Kernel. -Kexec doesn't understand grub devices i.e. (hd*,gpt*), and if /boot is a -separate partition then need to append /boot for linux and initrd paths. - -grub2-emu using /proc/mounts finds if /boot is separate partition and -accordingly adds /boot to linux and initrd paths. ---- - grub-core/loader/emu/linux.c | 78 +++++++++++++++++++++++++++++++++++++++----- - 1 file changed, 70 insertions(+), 8 deletions(-) - -diff --git a/grub-core/loader/emu/linux.c b/grub-core/loader/emu/linux.c -index fda9e00..a00d5ca 100644 ---- a/grub-core/loader/emu/linux.c -+++ b/grub-core/loader/emu/linux.c -@@ -20,6 +20,8 @@ - #include - #include - #include -+#include -+#include - - #include - #include -@@ -33,6 +35,47 @@ static char *kernel_path; - static char *initrd_path; - static char *boot_cmdline; - -+#define GRUB_BOOT_PATH "/boot" -+#define GRUB_ROOT_PATH "/" -+ -+static int separate_boot = -1; -+ -+static char * -+get_boot_path() -+{ -+ grub_file_t f; -+ char *line = NULL; -+ -+ if (separate_boot != -1) -+ goto probed; -+ -+ separate_boot = 0; -+ -+ f = grub_file_open ("(host)/proc/mounts", GRUB_FILE_TYPE_CONFIG); -+ if (f == NULL) -+ goto probed; -+ -+ while ((line = grub_file_getline (f))) -+ { -+ if (grub_strstr (line, " " GRUB_BOOT_PATH " ")) -+ { -+ separate_boot = 1; -+ grub_free (line); -+ break; -+ } -+ -+ grub_free(line); -+ } -+ -+ grub_file_close (f); -+ probed: -+ if (!separate_boot) -+ return GRUB_ROOT_PATH; -+ -+ return GRUB_BOOT_PATH; -+} -+ -+ - static grub_err_t - grub_linux_boot (void) - { -@@ -100,19 +143,27 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), int argc, char *arg - { - int i; - char *tempstr; -+ char *boot_path; - - grub_dl_ref (my_mod); - - if (argc == 0) - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); - -- if ( !grub_util_is_regular(argv[0]) ) -- return grub_error(GRUB_ERR_FILE_NOT_FOUND, N_("Cannot find kernel file %s"), argv[0]); -- - if ( kernel_path != NULL ) - grub_free(kernel_path); - -- kernel_path = grub_xasprintf("%s", argv[0]); -+ boot_path = get_boot_path(); -+ kernel_path = grub_xasprintf("%s%s", boot_path, argv[0]); -+ -+ grub_dprintf ("debug", "kernel_path = %s\n",kernel_path); -+ -+ if ( !grub_util_is_regular(kernel_path)) { -+ if ( kernel_path != NULL ) -+ grub_free(kernel_path); -+ kernel_path = NULL; -+ return grub_error(GRUB_ERR_FILE_NOT_FOUND, N_("Cannot find kernel file %s"), argv[0]); -+ } - - if ( boot_cmdline != NULL ) { - grub_free(boot_cmdline); -@@ -129,6 +180,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), int argc, char *arg - } - } - -+ grub_dprintf ("debug", "boot_cmdline = %s\n",boot_cmdline); -+ - grub_loader_set (grub_linux_boot, grub_linux_unload, 0); - - return GRUB_ERR_NONE; -@@ -137,16 +190,25 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), int argc, char *arg - static grub_err_t - grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), int argc, char *argv[]) - { -+ char *boot_path; -+ - if (argc == 0) - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); - -- if ( !grub_util_is_regular(argv[0]) ) -- return grub_error(GRUB_ERR_FILE_NOT_FOUND, N_("Cannot find initrd file %s"), argv[0]); -- - if ( initrd_path != NULL ) - grub_free(initrd_path); - -- initrd_path = grub_xasprintf("%s", argv[0]); -+ boot_path = get_boot_path(boot_path); -+ initrd_path = grub_xasprintf("%s%s", boot_path, argv[0]); -+ -+ grub_dprintf ("debug", "initrd_path = %s\n",initrd_path); -+ -+ if ( !grub_util_is_regular(initrd_path) ) { -+ if ( initrd_path != NULL ) -+ grub_free(initrd_path); -+ initrd_path = NULL; -+ return grub_error(GRUB_ERR_FILE_NOT_FOUND, N_("Cannot find initrd file %s"), argv[0]); -+ } - - grub_dl_unref (my_mod); - --- -2.7.4 - diff --git a/SPECS/grub2/Tweak-grub-mkconfig.in-to-work-better-in-Photon.patch b/SPECS/grub2/Tweak-grub-mkconfig.in-to-work-better-in-Photon.patch deleted file mode 100644 index 904108d8fd..0000000000 --- a/SPECS/grub2/Tweak-grub-mkconfig.in-to-work-better-in-Photon.patch +++ /dev/null @@ -1,205 +0,0 @@ -From bc75e21a61cebf91c34ba7024d0cac3c84cedc33 Mon Sep 17 00:00:00 2001 -From: Shreenidhi Shedi -Date: Wed, 16 Jun 2021 19:34:42 +0530 -Subject: [PATCH] Tweak grub-mkconfig.in to work better in Photon - -Signed-off-by: Shreenidhi Shedi ---- - util/grub-mkconfig.in | 139 +++++++++++++++++++++++++++++++++++++++--- - 1 file changed, 132 insertions(+), 7 deletions(-) - -diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index f8cbb8d..cc262a0 100644 ---- a/util/grub-mkconfig.in -+++ b/util/grub-mkconfig.in -@@ -1,4 +1,4 @@ --#! /bin/sh -+#!/bin/sh - set -e - - # Generate grub.cfg by inspecting /boot contents. -@@ -55,15 +55,28 @@ export TEXTDOMAINDIR="@localedir@" - # Print the usage. - usage () { - gettext_printf "Usage: %s [OPTION]\n" "$self" -- gettext "Generate a grub config file"; echo -- echo -+ gettext_printf "Generate a grub config file\n\n" -+ - print_option_help "-o, --output=$(gettext FILE)" "$(gettext "output generated config to FILE [default=stdout]")" -+ print_option_help "-p, --photoncfg=$(gettext FILE)" "$(gettext "Generate Photon specific config to FILE [default=stdout]")" -+ print_option_help "-y" "$(gettext "Don't prompt for making changes and proceed")" - print_option_help "-h, --help" "$(gettext "print this message and exit")" - print_option_help "-V, --version" "$(gettext "print the version information and exit")" -- echo -- gettext "Report bugs to ."; echo -+ -+ gettext_printf "\nReport bugs to \n" - } - -+ShowWarningBanner() { -+ local pound_line="#######################" -+ gettext_printf "\n${pound_line}${pound_line}\n" -+ gettext_printf " Photon OS uses it's own customized grub.cfg\n" -+ gettext_printf " *** PROCEED WITH CAUTION ***\n\n" -+ usage -+ gettext_printf "${pound_line}${pound_line}\n\n" -+} -+ -+ShowWarningBanner -+ - argument () { - opt=$1 - shift -@@ -75,6 +88,9 @@ argument () { - echo $1 - } - -+isPhotonCfg=0 -+ShowWarning=1 -+ - # Check the arguments. - while test $# -gt 0 - do -@@ -83,13 +99,16 @@ do - - case "$option" in - -h | --help) -- usage -+ # we are showing help in warning banner - exit 0 ;; - -V | --version) - echo "$self (${PACKAGE_NAME}) ${PACKAGE_VERSION}" - exit 0 ;; - -o | --output) -- grub_cfg=`argument $option "$@"`; shift;; -+ grub_cfg=$(argument $option "$@"); isPhotonCfg=0; shift;; -+ -p | --photoncfg) -+ grub_cfg=$(argument $option "$@"); isPhotonCfg=1; shift;; -+ -y) ShowWarning=0;; - --output=*) - grub_cfg=`echo "$option" | sed 's/--output=//'` - ;; -@@ -102,6 +121,12 @@ do - esac - done - -+# for accidental usage of grub2-mkconfig -p -y -+if [ "$grub_cfg" = "-y" ]; then -+ gettext_printf "Invalid output file name: $grub_cfg" 1>&2 -+ exit 1 -+fi -+ - if [ "x$EUID" = "x" ] ; then - EUID=`id -u` - fi -@@ -123,6 +148,106 @@ if [ "$EUID" != 0 ] ; then - fi - fi - -+PromptUsr() { -+ local opt="n" -+ local PromptMsg="$1" -+ -+ gettext_printf "${PromptMsg}\n" -+ -+ while [ "${opt}" != "y" ]; do -+ read -p "Are you sure you want to continue [y/n]? " opt -+ case ${opt} in -+ [y] ) : break;; -+ [n] ) exit 1;; -+ * ) gettext_printf "Please answer y or n";; -+ esac -+ done -+} -+ -+if [ $ShowWarning = 1 ]; then -+ if [ $isPhotonCfg = 1 ]; then -+ PromptUsr "This will modify grub.cfg in Photon OS specific way." -+ else -+ gettext_printf "\nThis will modify grub.cfg with default method. Photon specific changes will be overwritten.\n" -+ fi -+fi -+ -+# This function takes a copy of existing grub.cfg -+# then modifies it as needed -+HandlePhotonGrubCfg() { -+ local i -+ local oldmask -+ -+ # For security reasons, maintain proper umask -+ if test "x${grub_cfg}" != "x"; then -+ rm -f "${grub_cfg}.new" -+ oldumask=$(umask); umask 077 -+ # redirecting stdout to ${grub_cfg}.new here, cool idea -+ exec > "${grub_cfg}.new" -+ umask $oldumask -+ fi -+ -+ gettext_printf "Generating grub configuration file ...\n" >&2 -+ -+ # get content of existing grub.cfg -+ cat /boot/grub2/grub.cfg > "${grub_cfg}.new" -+ sed '$d' "${grub_cfg}.new" -+ -+ for i in "${grub_mkconfig_dir}"/* ; do -+ # let's process only 01_users & 40_custom -+ # we can add other files on demand basis -+ if [ $i != "${grub_mkconfig_dir}/01_users" ] && \ -+ [ $i != "${grub_mkconfig_dir}/40_custom" ]; then -+ continue -+ fi -+ case "$i" in -+ *~) ;; -+ */\#*\#) ;; -+ *) -+ if grub_file_is_not_garbage "$i" && test -x "$i" ; then -+ echo -e "\n### BEGIN $i ###\n" -+ "$i" -+ echo "### END $i ###" -+ fi -+ ;; -+ esac -+ done -+ -+ if test "x${grub_cfg}" != "x" ; then -+ if ! ${grub_script_check} ${grub_cfg}.new; then -+ gettext_printf "Syntax errors are detected in generated GRUB config file. -+ Ensure that there are no errors in /etc/grub.d/* files -+ or please file a bug report with %s file attached.\n" "${grub_cfg}.new" >&2 -+ exit 1 -+ else -+ # none of the children aborted with error, install the new grub.cfg -+ gettext_printf "\n\n# End /boot/grub2/grub.cfg" >> "${grub_cfg}.new" -+ cat ${grub_cfg}.new > ${grub_cfg} -+ rm -f ${grub_cfg}.new -+ fi -+ fi -+ -+ gettext_printf "done\n" >&2 -+} -+ -+if [ $isPhotonCfg = 1 ]; then -+ HandlePhotonGrubCfg -+ exit 0 -+fi -+ -+# Backup default photon grub.cfg -+if [ "$(realpath $grub_cfg)" = "/boot/grub2/grub.cfg" ]; then -+ if [ ! -f /boot/grub2/photon-grub.cfg ]; then -+ if [ -f /boot/grub2/grub.cfg ]; then -+ echo "Taking backup of /boot/grub2/grub.cfg as /boot/grub2/photon-grub.cfg" -+ # Preserve original file permissions -+ cp -p /boot/grub2/grub.cfg /boot/grub2/photon-grub.cfg -+ fi -+ else -+ echo "Backup file /boot/grub2/photon-grub.cfg already exists" -+ fi -+fi -+ - set $grub_probe dummy - if test -f "$1"; then - : --- -2.30.0 - diff --git a/SPECS/grub2/fedora.patches b/SPECS/grub2/fedora.patches deleted file mode 100644 index 92c2fb12fa..0000000000 --- a/SPECS/grub2/fedora.patches +++ /dev/null @@ -1,331 +0,0 @@ -Patch1001: 0001-Revert-templates-Fix-user-facing-typo-with-an-incorr.patch -Patch1002: 0002-Revert-templates-Properly-disable-the-os-prober-by-d.patch -Patch1003: 0003-Revert-templates-Disable-the-os-prober-by-default.patch -Patch1004: 0004-Add-support-for-Linux-EFI-stub-loading.patch -Patch1005: 0005-Rework-linux-command.patch -Patch1006: 0006-Rework-linux16-command.patch -Patch1007: 0007-Add-secureboot-support-on-efi-chainloader.patch -Patch1008: 0008-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch -Patch1009: 0009-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch -#Patch1010: 0010-re-write-.gitignore.patch -#Patch1011: 0011-IBM-client-architecture-CAS-reboot-support.patch -#Patch1012: 0012-for-ppc-reset-console-display-attr-when-clear-screen.patch -#Patch1013: 0013-Disable-GRUB-video-support-for-IBM-power-machines.patch -Patch1014: 0014-Move-bash-completion-script-922997.patch -Patch1015: 0015-Allow-fallback-to-include-entries-by-title-not-just-.patch -Patch1016: 0016-Make-exit-take-a-return-code.patch -Patch1017: 0017-Make-efi-machines-load-an-env-block-from-a-variable.patch -#Patch1018: 0018-Migrate-PPC-from-Yaboot-to-Grub2.patch -Patch1019: 0019-Add-fw_path-variable-revised.patch -Patch1020: 0020-Pass-x-hex-hex-straight-through-unmolested.patch -Patch1021: 0021-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch -Patch1022: 0022-Add-devicetree-loading.patch -Patch1023: 0023-Enable-pager-by-default.-985860.patch -#Patch1024: 0024-Don-t-say-GNU-Linux-in-generated-menus.patch -Patch1025: 0025-Add-.eh_frame-to-list-of-relocations-stripped.patch -Patch1026: 0026-Don-t-require-a-password-to-boot-entries-generated-b.patch -Patch1027: 0027-use-fw_path-prefix-when-fallback-searching-for-grub-.patch -Patch1028: 0028-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch -#Patch1029: 0029-Generate-OS-and-CLASS-in-10_linux-from-etc-os-releas.patch -#Patch1030: 0030-Minimize-the-sort-ordering-for-.debug-and-rescue-ker.patch -Patch1031: 0031-Try-prefix-if-fw_path-doesn-t-work.patch -Patch1032: 0032-Make-grub2-mkconfig-construct-titles-that-look-like-.patch -#Patch1033: 0033-Add-friendly-grub2-password-config-tool-985962.patch -#Patch1034: 0034-tcp-add-window-scaling-support.patch -Patch1035: 0035-efinet-and-bootp-add-support-for-dhcpv6.patch -Patch1036: 0036-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch -#Patch1037: 0037-bz1374141-fix-incorrect-mask-for-ppc64.patch -Patch1038: 0038-Make-grub_fatal-also-backtrace.patch -Patch1039: 0039-Make-our-info-pages-say-grub2-where-appropriate.patch -Patch1040: 0040-macos-just-build-chainloader-entries-don-t-try-any-x.patch -Patch1041: 0041-grub2-btrfs-Add-ability-to-boot-from-subvolumes.patch -Patch1042: 0042-export-btrfs_subvol-and-btrfs_subvolid.patch -Patch1043: 0043-grub2-btrfs-03-follow_default.patch -Patch1044: 0044-grub2-btrfs-04-grub2-install.patch -Patch1045: 0045-grub2-btrfs-05-grub2-mkconfig.patch -Patch1046: 0046-grub2-btrfs-06-subvol-mount.patch -Patch1047: 0047-Fallback-to-old-subvol-name-scheme-to-support-old-sn.patch -Patch1048: 0048-Grub-not-working-correctly-with-btrfs-snapshots-bsc-.patch -Patch1049: 0049-Add-grub_efi_allocate_pool-and-grub_efi_free_pool-wr.patch -Patch1050: 0050-Use-grub_efi_.-memory-helpers-where-reasonable.patch -Patch1051: 0051-Add-PRIxGRUB_EFI_STATUS-and-use-it.patch -Patch1052: 0052-don-t-use-int-for-efi-status.patch -Patch1053: 0053-make-GRUB_MOD_INIT-declare-its-function-prototypes.patch -Patch1054: 0054-Don-t-guess-boot-efi-as-HFS-on-ppc-machines-in-grub-.patch -Patch1055: 0055-20_linux_xen-load-xen-or-multiboot-2-modules-as-need.patch -Patch1056: 0056-Make-pmtimer-tsc-calibration-not-take-51-seconds-to-.patch -Patch1057: 0057-align-struct-efi_variable-better.patch -#Patch1058: 0058-Add-BLS-support-to-grub-mkconfig.patch -Patch1059: 0059-Don-t-attempt-to-backtrace-on-grub_abort-for-grub-em.patch -Patch1060: 0060-Add-linux-and-initrd-commands-for-grub-emu.patch -#Patch1061: 0061-Add-grub2-switch-to-blscfg.patch -Patch1062: 0062-make-better-backtraces.patch -Patch1063: 0063-normal-don-t-draw-our-startup-message-if-debug-is-se.patch -Patch1064: 0064-Work-around-some-minor-include-path-weirdnesses.patch -Patch1065: 0065-Make-it-possible-to-enabled-build-id-sha1.patch -Patch1066: 0066-Add-grub_qdprintf-grub_dprintf-without-the-file-line.patch -Patch1067: 0067-Make-a-gdb-dprintf-that-tells-us-load-addresses.patch -Patch1068: 0068-Fixup-for-newer-compiler.patch -Patch1069: 0069-Don-t-attempt-to-export-the-start-and-_start-symbols.patch -Patch1070: 0070-Fixup-for-newer-compiler.patch -Patch1071: 0071-Add-support-for-non-Ethernet-network-cards.patch -Patch1072: 0072-net-read-bracketed-ipv6-addrs-and-port-numbers.patch -Patch1073: 0073-bootp-New-net_bootp6-command.patch -Patch1074: 0074-efinet-UEFI-IPv6-PXE-support.patch -Patch1075: 0075-grub.texi-Add-net_bootp6-doument.patch -Patch1076: 0076-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch -Patch1077: 0077-efinet-Setting-network-from-UEFI-device-path.patch -Patch1078: 0078-efinet-Setting-DNS-server-from-UEFI-protocol.patch -Patch1079: 0079-Support-UEFI-networking-protocols.patch -Patch1080: 0080-AUDIT-0-http-boot-tracker-bug.patch -Patch1081: 0081-grub-editenv-Add-incr-command-to-increment-integer-v.patch -#Patch1082: 0082-Add-auto-hide-menu-support.patch -Patch1083: 0083-Add-grub-set-bootflag-utility.patch -Patch1084: 0084-docs-Add-grub-boot-indeterminate.service-example.patch -Patch1085: 0085-gentpl-add-disable-support.patch -Patch1086: 0086-gentpl-add-pc-firmware-type.patch -Patch1087: 0087-efinet-also-use-the-firmware-acceleration-for-http.patch -Patch1088: 0088-efi-http-Make-root_url-reflect-the-protocol-hostname.patch -#Patch1089: 0089-Make-it-so-we-can-tell-configure-which-cflags-utils-.patch -Patch1090: 0090-module-verifier-make-it-possible-to-run-checkers-on-.patch -Patch1091: 0091-Rework-how-the-fdt-command-builds.patch -Patch1092: 0092-Disable-non-wordsize-allocations-on-arm.patch -Patch1093: 0093-Prepend-prefix-when-HTTP-path-is-relative.patch -Patch1094: 0094-Make-grub_error-more-verbose.patch -Patch1095: 0095-Make-reset-an-alias-for-the-reboot-command.patch -#Patch1096: 0096-Add-a-version-command.patch -Patch1097: 0097-Add-more-dprintf-and-nerf-dprintf-in-script.c.patch -Patch1098: 0098-arm-arm64-loader-Better-memory-allocation-and-error-.patch -Patch1099: 0099-Try-to-pick-better-locations-for-kernel-and-initrd.patch -Patch1100: 0100-Attempt-to-fix-up-all-the-places-Wsign-compare-error.patch -Patch1101: 0101-Don-t-use-Wno-sign-compare-Wno-conversion-Wno-error-.patch -Patch1102: 0102-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch -Patch1103: 0103-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch -Patch1104: 0104-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch -Patch1105: 0105-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch -Patch1106: 0106-Fix-getroot.c-s-trampolines.patch -Patch1107: 0107-Do-not-allow-stack-trampolines-anywhere.patch -#Patch1108: 0108-Reimplement-boot_counter.patch -Patch1109: 0109-Fix-menu-entry-selection-based-on-ID-and-title.patch -Patch1110: 0110-Make-the-menu-entry-users-option-argument-to-be-opti.patch -Patch1111: 0111-Add-efi-export-env-and-efi-load-env-commands.patch -Patch1112: 0112-Make-it-possible-to-subtract-conditions-from-debug.patch -Patch1113: 0113-Export-all-variables-from-the-initial-context-when-c.patch -#Patch1114: 0114-grub.d-Split-out-boot-success-reset-from-menu-auto-h.patch -#Patch1115: 0115-Fix-systemctl-kexec-exit-status-check.patch -#Patch1116: 0116-Print-grub-emu-linux-loader-messages-as-debug.patch -Patch1117: 0117-Don-t-assume-that-boot-commands-will-only-return-on-.patch -Patch1118: 0118-grub-set-bootflag-Update-comment-about-running-as-ro.patch -Patch1119: 0119-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch -#Patch1120: 0120-grub.d-Fix-boot_indeterminate-getting-set-on-boot_su.patch -Patch1121: 0121-Add-start-symbol-for-RISC-V.patch -#Patch1122: 0122-bootstrap.conf-Force-autogen.sh-to-use-python3.patch -Patch1123: 0123-efi-http-Export-fw-http-_path-variables-to-make-them.patch -Patch1124: 0124-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch -Patch1125: 0125-efi-net-Allow-to-specify-a-port-number-in-addresses.patch -Patch1126: 0126-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch -Patch1127: 0127-efi-net-Print-a-debug-message-if-parsing-the-address.patch -Patch1128: 0128-kern-term-Also-accept-F8-as-a-user-interrupt-key.patch -Patch1129: 0129-efi-Set-image-base-address-before-jumping-to-the-PE-.patch -Patch1130: 0130-tpm-Don-t-propagate-TPM-measurement-errors-to-the-ve.patch -Patch1131: 0131-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch -Patch1132: 0132-http-Prepend-prefix-when-the-HTTP-path-is-relative-a.patch -Patch1133: 0133-Fix-a-missing-return-in-efi-export-env-and-efi-load-.patch -Patch1134: 0134-efi-dhcp-fix-some-allocation-error-checking.patch -Patch1135: 0135-efi-http-fix-some-allocation-error-checking.patch -Patch1136: 0136-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch -Patch1137: 0137-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch -Patch1138: 0138-linuxefi-fail-kernel-validation-without-shim-protoco.patch -Patch1139: 0139-Fix-const-char-pointers-in-grub-core-net-bootp.c.patch -Patch1140: 0140-Fix-const-char-pointers-in-grub-core-net-efi-ip4_con.patch -Patch1141: 0141-Fix-const-char-pointers-in-grub-core-net-efi-ip6_con.patch -Patch1142: 0142-Fix-const-char-pointers-in-grub-core-net-efi-net.c.patch -Patch1143: 0143-Fix-const-char-pointers-in-grub-core-net-efi-pxe.c.patch -#Patch1144: 0144-Add-systemd-integration-scripts-to-make-systemctl-re.patch -#Patch1145: 0145-systemd-integration.sh-Also-set-old-menu_show_once-g.patch -Patch1146: 0146-at_keyboard-use-set-1-when-keyboard-is-in-Translate-.patch -Patch1147: 0147-grub-install-disable-support-for-EFI-platforms.patch -Patch1148: 0148-New-with-debug-timestamps-configure-flag-to-prepend-.patch -Patch1149: 0149-Added-debug-statements-to-grub_disk_open-and-grub_di.patch -Patch1150: 0150-Introduce-function-grub_debug_is_enabled-void-return.patch -Patch1151: 0151-Don-t-clear-screen-when-debugging-is-enabled.patch -Patch1152: 0152-kern-file-Fix-error-handling-in-grub_file_open.patch -Patch1153: 0153-grub_file_-instrumentation-new-file-debug-tag.patch -#Patch1154: 0154-ieee1275-Avoiding-many-unecessary-open-close.patch -#Patch1155: 0155-ieee1275-powerpc-implements-fibre-channel-discovery-.patch -#Patch1156: 0156-ieee1275-powerpc-enables-device-mapper-discovery.patch -Patch1157: 0157-Add-at_keyboard_fallback_set-var-to-force-the-set-ma.patch -Patch1158: 0158-Add-suport-for-signing-grub-with-an-appended-signatu.patch -Patch1159: 0159-docs-grub-Document-signing-grub-under-UEFI.patch -Patch1160: 0160-docs-grub-Document-signing-grub-with-an-appended-sig.patch -Patch1161: 0161-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch -Patch1162: 0162-pgp-factor-out-rsa_pad.patch -Patch1163: 0163-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch -Patch1164: 0164-posix_wrap-tweaks-in-preparation-for-libtasn1.patch -Patch1165: 0165-libtasn1-import-libtasn1-4.16.0.patch -Patch1166: 0166-libtasn1-disable-code-not-needed-in-grub.patch -Patch1167: 0167-libtasn1-changes-for-grub-compatibility.patch -Patch1168: 0168-libtasn1-compile-into-asn1-module.patch -#Patch1169: 0169-test_asn1-test-module-for-libtasn1.patch -Patch1170: 0170-grub-install-support-embedding-x509-certificates.patch -Patch1171: 0171-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch -Patch1172: 0172-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch -Patch1173: 0173-appended-signatures-support-verifying-appended-signa.patch -Patch1174: 0174-appended-signatures-verification-tests.patch -Patch1175: 0175-appended-signatures-documentation.patch -#Patch1176: 0176-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch -#Patch1177: 0177-ieee1275-drop-HEAP_MAX_ADDR-HEAP_MIN_SIZE.patch -#Patch1178: 0178-ieee1275-claim-more-memory.patch -#Patch1179: 0179-ieee1275-request-memory-with-ibm-client-architecture.patch -Patch1180: 0180-appendedsig-x509-Also-handle-the-Extended-Key-Usage-.patch -#Patch1181: 0181-ieee1275-ofdisk-retry-on-open-failure.patch -Patch1182: 0182-Allow-chainloading-EFI-apps-from-loop-mounts.patch -Patch1183: 0183-efinet-Add-DHCP-proxy-support.patch -Patch1184: 0184-fs-ext2-Ignore-checksum-seed-incompat-feature.patch -#Patch1185: 0185-Don-t-update-the-cmdline-when-generating-legacy-menu.patch -Patch1186: 0186-Suppress-gettext-error-message.patch -#Patch1187: 0187-grub-set-password-Always-use-boot-grub2-user.cfg-as-.patch -Patch1188: 0188-templates-Check-for-EFI-at-runtime-instead-of-config.patch -Patch1189: 0189-efi-Print-an-error-if-boot-to-firmware-setup-is-not-.patch -Patch1190: 0190-arm64-Fix-EFI-loader-kernel-image-allocation.patch -Patch1191: 0191-normal-main-Discover-the-device-to-read-the-config-f.patch -#Patch1192: 0192-powerpc-adjust-setting-of-prefix-for-signed-binary-c.patch -Patch1193: 0193-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch -Patch1194: 0194-Print-module-name-on-license-check-failure.patch -#Patch1195: 0195-powerpc-ieee1275-load-grub-at-4MB-not-2MB.patch -Patch1196: 0196-grub-mkconfig-restore-umask-for-grub.cfg.patch -Patch1197: 0197-fs-btrfs-Use-full-btrfs-bootloader-area.patch -#Patch1198: 0198-Add-Fedora-location-of-DejaVu-SANS-font.patch -Patch1199: 0199-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch -Patch1200: 0200-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch -Patch1201: 0201-EFI-console-Do-not-set-colorstate-until-the-first-te.patch -Patch1202: 0202-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch -#Patch1203: 0203-Use-visual-indentation-in-config.h.in.patch -Patch1204: 0204-Where-present-ensure-config-util.h-precedes-config.h.patch -#Patch1205: 0205-Drop-gnulib-fix-base64.patch.patch -#Patch1206: 0206-Drop-gnulib-no-abort.patch.patch -#Patch1207: 0207-Update-gnulib-version-and-drop-most-gnulib-patches.patch -Patch1208: 0208-commands-search-Fix-bug-stopping-iteration-when-no-f.patch -Patch1209: 0209-search-new-efidisk-only-option-on-EFI-systems.patch -Patch1210: 0210-efi-new-connectefi-command.patch -Patch1211: 0211-grub-core-loader-i386-efi-linux.c-do-not-validate-ke.patch -Patch1212: 0212-grub-core-loader-arm64-linux.c-do-not-validate-kerne.patch -Patch1213: 0213-grub-core-loader-efi-chainloader.c-do-not-validate-c.patch -Patch1214: 0214-grub-core-loader-efi-linux.c-drop-now-unused-grub_li.patch -#Patch1215: 0215-powerpc-do-CAS-in-a-more-compatible-way.patch -#Patch1216: 0216-powerpc-prefix-detection-support-device-names-with-c.patch -#Patch1217: 0217-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch -#Patch1218: 0218-make-ofdisk_retries-optional.patch -Patch1219: 0219-loader-efi-chainloader-grub_load_and_start_image-doe.patch -Patch1220: 0220-loader-efi-chainloader-simplify-the-loader-state.patch -Patch1221: 0221-commands-boot-Add-API-to-pass-context-to-loader.patch -Patch1222: 0222-loader-efi-chainloader-Use-grub_loader_set_ex.patch -Patch1223: 0223-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch -Patch1224: 0224-loader-i386-efi-linux-Use-grub_loader_set_ex.patch -Patch1225: 0225-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch - -# CVE-2022-2601 patch series -Patch1226: 0226-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch - -Patch1227: 0227-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch -Patch1228: 0228-video-readers-png-Abort-sooner-if-a-read-operation-f.patch -Patch1229: 0229-video-readers-png-Refuse-to-handle-multiple-image-he.patch -Patch1230: 0230-video-readers-png-Drop-greyscale-support-to-fix-heap.patch -Patch1231: 0231-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch -Patch1232: 0232-video-readers-png-Sanity-check-some-huffman-codes.patch -Patch1233: 0233-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch -Patch1234: 0234-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch -Patch1235: 0235-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch -Patch1236: 0236-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch - -# CVE-2022-2601 patch series -Patch1237: 0237-normal-charset-Fix-array-out-of-bounds-formatting-un.patch - -Patch1238: 0238-net-netbuff-Block-overly-large-netbuff-allocs.patch -Patch1239: 0239-net-ip-Do-IP-fragment-maths-safely.patch -Patch1240: 0240-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch -Patch1241: 0241-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch -Patch1242: 0242-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch -Patch1243: 0243-net-tftp-Avoid-a-trivial-UAF.patch -Patch1244: 0244-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch -Patch1245: 0245-net-http-Fix-OOB-write-for-split-http-headers.patch -Patch1246: 0246-net-http-Error-out-on-headers-with-LF-without-CR.patch -Patch1247: 0247-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch -Patch1248: 0248-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch -Patch1249: 0249-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch -Patch1250: 0250-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch -Patch1251: 0251-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch -Patch1252: 0252-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch -Patch1253: 0253-misc-Make-grub_min-and-grub_max-more-resilient.patch -Patch1254: 0254-ReiserFS-switch-to-using-grub_min-grub_max.patch -Patch1255: 0255-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch -Patch1256: 0256-modules-make-.module_license-read-only.patch -Patch1257: 0257-modules-strip-.llvm_addrsig-sections-and-similar.patch -Patch1258: 0258-modules-Don-t-allocate-space-for-non-allocable-secti.patch -Patch1259: 0259-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch -Patch1260: 0260-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch -Patch1261: 0261-modules-load-module-sections-at-page-aligned-address.patch -Patch1262: 0262-nx-add-memory-attribute-get-set-API.patch -Patch1263: 0263-nx-set-page-permissions-for-loaded-modules.patch -Patch1264: 0264-nx-set-attrs-in-our-kernel-loaders.patch -Patch1265: 0265-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch -Patch1266: 0266-grub-probe-document-the-behavior-of-multiple-v.patch -Patch1267: 0267-grub_fs_probe-dprint-errors-from-filesystems.patch -Patch1268: 0268-fs-fat-don-t-error-when-mtime-is-0.patch -Patch1269: 0269-Make-debug-file-show-which-file-filters-get-run.patch -Patch1270: 0270-efi-use-enumerated-array-positions-for-our-allocatio.patch -Patch1271: 0271-efi-split-allocation-policy-for-kernel-vs-initrd-mem.patch -Patch1272: 0272-efi-allocate-the-initrd-within-the-bounds-expressed-.patch -Patch1273: 0273-efi-use-EFI_LOADER_-CODE-DATA-for-kernel-and-initrd-.patch -#Patch1274: 0274-BLS-create-etc-kernel-cmdline-during-mkconfig.patch -#Patch1275: 0275-squish-don-t-dup-rhgb-quiet-check-mtimes.patch -#Patch1276: 0276-squish-give-up-on-rhgb-quiet.patch -#Patch1277: 0277-squish-BLS-only-write-etc-kernel-cmdline-if-writable.patch -#Patch1278: 0278-ieee1275-implement-vec5-for-cas-negotiation.patch -Patch1279: 0279-blscfg-Don-t-root-device-in-emu-builds.patch -Patch1280: 0280-loader-arm64-linux-Remove-magic-number-header-field-.patch -Patch1281: 0281-Correct-BSS-zeroing-on-aarch64.patch -Patch1282: 0282-linuxefi-Invalidate-i-cache-before-starting-the-kern.patch -Patch1283: 0283-x86-efi-Fix-an-incorrect-array-size-in-kernel-alloca.patch -Patch1284: 0284-commands-efi-tpm-Refine-the-status-of-log-event.patch -Patch1285: 0285-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch -Patch1286: 0286-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch - -# CVE-2022-2601 patch series -Patch1287: 0287-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch -Patch1288: 0288-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch -Patch1289: 0289-font-Fix-several-integer-overflows-in-grub_font_cons.patch -Patch1290: 0290-font-Remove-grub_font_dup_glyph.patch -Patch1291: 0291-font-Fix-integer-overflow-in-ensure_comb_space.patch -Patch1292: 0292-font-Fix-integer-overflow-in-BMP-index.patch -Patch1293: 0293-font-Fix-integer-underflow-in-binary-search-of-char-.patch - -# Don't verify font files in SB. Revert this after bundling font files in memdisk. -#Patch1294: 0294-kern-efi-sb-Enforce-verification-of-font-files.patch -Patch1295: 0295-fbutil-Fix-integer-overflow.patch -Patch1296: 0296-font-Fix-an-integer-underflow-in-blit_comb.patch -Patch1297: 0297-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch -Patch1298: 0298-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch -Patch1299: 0299-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch - -Patch1300: 0300-font-Try-opening-fonts-from-the-bundled-memdisk.patch -#Patch1301: 0301-Correction-in-vector-5-values.patch -Patch1302: 0302-mm-Clarify-grub_real_malloc.patch -Patch1303: 0303-mm-grub_real_malloc-Make-small-allocs-comment-match-.patch -Patch1304: 0304-mm-Document-grub_free.patch -Patch1305: 0305-mm-Document-grub_mm_init_region.patch -Patch1306: 0306-mm-Document-GRUB-internal-memory-management-structur.patch -Patch1307: 0307-mm-Assert-that-we-preserve-header-vs-region-alignmen.patch -Patch1308: 0308-mm-When-adding-a-region-merge-with-region-after-as-w.patch -Patch1309: 0309-mm-Debug-support-for-region-operations.patch -Patch1310: 0310-mm-Drop-unused-unloading-of-modules-on-OOM.patch -Patch1311: 0311-mm-Allow-dynamically-requesting-additional-memory-re.patch -Patch1312: 0312-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch -Patch1313: 0313-kern-efi-mm-Extract-function-to-add-memory-regions.patch -Patch1314: 0314-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch -Patch1315: 0315-kern-efi-mm-Implement-runtime-addition-of-pages.patch -Patch1316: 0316-efi-Increase-default-memory-allocation-to-32-MiB.patch -Patch1317: 0317-mm-Try-invalidate-disk-caches-last-when-out-of-memor.patch -#Patch1318: 0318-ppc64le-signed-boot-media-changes.patch -Patch1323: 0323-hostdisk-work-around-proc-not-reporting-size.patch -Patch1325: 0325-emu-linux-work-around-systemctl-kexec-returning.patch diff --git a/SPECS/grub2/fedora/0001-Revert-templates-Fix-user-facing-typo-with-an-incorr.patch b/SPECS/grub2/fedora/0001-Revert-templates-Fix-user-facing-typo-with-an-incorr.patch deleted file mode 100644 index 4824aa14ec..0000000000 --- a/SPECS/grub2/fedora/0001-Revert-templates-Fix-user-facing-typo-with-an-incorr.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Fri, 11 Jun 2021 12:10:45 +0200 -Subject: [PATCH] Revert "templates: Fix user-facing typo with an incorrect use - of "it's"" - -This reverts commit 722737630889607c3b5761f1f5a48f1674cd2821. ---- - util/grub.d/30_os-prober.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index 5984e92d29..9462248128 100644 ---- a/util/grub.d/30_os-prober.in -+++ b/util/grub.d/30_os-prober.in -@@ -36,7 +36,7 @@ if ! command -v os-prober > /dev/null || ! command -v linux-boot-prober > /dev/n - exit 0 - fi - --grub_warn "$(gettext_printf "os-prober will be executed to detect other bootable partitions.\nIts output will be used to detect bootable binaries on them and create new boot entries.")" -+grub_warn "$(gettext_printf "os-prober will be executed to detect other bootable partitions.\nIt's output will be used to detect bootable binaries on them and create new boot entries.")" - - OSPROBED="`os-prober | tr ' ' '^' | paste -s -d ' '`" - if [ -z "${OSPROBED}" ] ; then diff --git a/SPECS/grub2/fedora/0002-Revert-templates-Properly-disable-the-os-prober-by-d.patch b/SPECS/grub2/fedora/0002-Revert-templates-Properly-disable-the-os-prober-by-d.patch deleted file mode 100644 index 05ac0f8e78..0000000000 --- a/SPECS/grub2/fedora/0002-Revert-templates-Properly-disable-the-os-prober-by-d.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Fri, 11 Jun 2021 12:10:54 +0200 -Subject: [PATCH] Revert "templates: Properly disable the os-prober by default" - -This reverts commit 54e0a1bbf1e9106901a557195bb35e5e20fb3925. ---- - util/grub-mkconfig.in | 5 +---- - util/grub.d/30_os-prober.in | 8 ++++---- - 2 files changed, 5 insertions(+), 8 deletions(-) - -diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index f8cbb8d7a2..d3e879b8e5 100644 ---- a/util/grub-mkconfig.in -+++ b/util/grub-mkconfig.in -@@ -140,9 +140,6 @@ GRUB_DEVICE_PARTUUID="`${grub_probe} --device ${GRUB_DEVICE} --target=partuuid 2 - GRUB_DEVICE_BOOT="`${grub_probe} --target=device /boot`" - GRUB_DEVICE_BOOT_UUID="`${grub_probe} --device ${GRUB_DEVICE_BOOT} --target=fs_uuid 2> /dev/null`" || true - --# Disable os-prober by default due to security reasons. --GRUB_DISABLE_OS_PROBER="true" -- - # Filesystem for the device containing our userland. Used for stuff like - # choosing Hurd filesystem module. - GRUB_FS="`${grub_probe} --device ${GRUB_DEVICE} --target=fs 2> /dev/null || echo unknown`" -@@ -204,7 +201,6 @@ export GRUB_DEVICE \ - GRUB_DEVICE_PARTUUID \ - GRUB_DEVICE_BOOT \ - GRUB_DEVICE_BOOT_UUID \ -- GRUB_DISABLE_OS_PROBER \ - GRUB_FS \ - GRUB_FONT \ - GRUB_PRELOAD_MODULES \ -@@ -246,6 +242,7 @@ export GRUB_DEFAULT \ - GRUB_BACKGROUND \ - GRUB_THEME \ - GRUB_GFXPAYLOAD_LINUX \ -+ GRUB_DISABLE_OS_PROBER \ - GRUB_INIT_TUNE \ - GRUB_SAVEDEFAULT \ - GRUB_ENABLE_CRYPTODISK \ -diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index 9462248128..80685b15f4 100644 ---- a/util/grub.d/30_os-prober.in -+++ b/util/grub.d/30_os-prober.in -@@ -26,8 +26,8 @@ export TEXTDOMAINDIR="@localedir@" - - . "$pkgdatadir/grub-mkconfig_lib" - --if [ "x${GRUB_DISABLE_OS_PROBER}" = "xtrue" ]; then -- grub_warn "$(gettext_printf "os-prober will not be executed to detect other bootable partitions.\nSystems on them will not be added to the GRUB boot configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.")" -+if [ "x${GRUB_DISABLE_OS_PROBER}" = "xfalse" ]; then -+ gettext_printf "os-prober will not be executed to detect other bootable partitions.\nSystems on them will not be added to the GRUB boot configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.\n" - exit 0 - fi - -@@ -36,12 +36,12 @@ if ! command -v os-prober > /dev/null || ! command -v linux-boot-prober > /dev/n - exit 0 - fi - --grub_warn "$(gettext_printf "os-prober will be executed to detect other bootable partitions.\nIt's output will be used to detect bootable binaries on them and create new boot entries.")" -- - OSPROBED="`os-prober | tr ' ' '^' | paste -s -d ' '`" - if [ -z "${OSPROBED}" ] ; then - # empty os-prober output, nothing doing - exit 0 -+else -+ grub_warn "$(gettext_printf "os-prober was executed to detect other bootable partitions.\nIt's output will be used to detect bootable binaries on them and create new boot entries.")" - fi - - osx_entry() { diff --git a/SPECS/grub2/fedora/0003-Revert-templates-Disable-the-os-prober-by-default.patch b/SPECS/grub2/fedora/0003-Revert-templates-Disable-the-os-prober-by-default.patch deleted file mode 100644 index 94927953f0..0000000000 --- a/SPECS/grub2/fedora/0003-Revert-templates-Disable-the-os-prober-by-default.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Fri, 11 Jun 2021 12:10:58 +0200 -Subject: [PATCH] Revert "templates: Disable the os-prober by default" - -This reverts commit e346414725a70e5c74ee87ca14e580c66f517666. ---- - docs/grub.texi | 18 ++++++++---------- - util/grub.d/30_os-prober.in | 5 +---- - 2 files changed, 9 insertions(+), 14 deletions(-) - -diff --git a/docs/grub.texi b/docs/grub.texi -index f8b4b3b21a..69f08d289f 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -1519,13 +1519,10 @@ boot sequence. If you have problems, set this option to @samp{text} and - GRUB will tell Linux to boot in normal text mode. - - @item GRUB_DISABLE_OS_PROBER --The @command{grub-mkconfig} has a feature to use the external --@command{os-prober} program to discover other operating systems installed on --the same machine and generate appropriate menu entries for them. It is disabled --by default since automatic and silent execution of @command{os-prober}, and --creating boot entries based on that data, is a potential attack vector. Set --this option to @samp{false} to enable this feature in the --@command{grub-mkconfig} command. -+Normally, @command{grub-mkconfig} will try to use the external -+@command{os-prober} program, if installed, to discover other operating -+systems installed on the same system and generate appropriate menu entries -+for them. Set this option to @samp{true} to disable this. - - @item GRUB_OS_PROBER_SKIP_LIST - List of space-separated FS UUIDs of filesystems to be ignored from os-prober -@@ -1853,9 +1850,10 @@ than zero; otherwise 0. - @section Multi-boot manual config - - Currently autogenerating config files for multi-boot environments depends on --os-prober and has several shortcomings. Due to that it is disabled by default. --It is advised to use the power of GRUB syntax and do it yourself. A possible --configuration is detailed here, feel free to adjust to your needs. -+os-prober and has several shortcomings. While fixing it is scheduled for the -+next release, meanwhile you can make use of the power of GRUB syntax and do it -+yourself. A possible configuration is detailed here, feel free to adjust to your -+needs. - - First create a separate GRUB partition, big enough to hold GRUB. Some of the - following entries show how to load OS installer images from this same partition, -diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index 80685b15f4..1b91c102f3 100644 ---- a/util/grub.d/30_os-prober.in -+++ b/util/grub.d/30_os-prober.in -@@ -26,8 +26,7 @@ export TEXTDOMAINDIR="@localedir@" - - . "$pkgdatadir/grub-mkconfig_lib" - --if [ "x${GRUB_DISABLE_OS_PROBER}" = "xfalse" ]; then -- gettext_printf "os-prober will not be executed to detect other bootable partitions.\nSystems on them will not be added to the GRUB boot configuration.\nCheck GRUB_DISABLE_OS_PROBER documentation entry.\n" -+if [ "x${GRUB_DISABLE_OS_PROBER}" = "xtrue" ]; then - exit 0 - fi - -@@ -40,8 +39,6 @@ OSPROBED="`os-prober | tr ' ' '^' | paste -s -d ' '`" - if [ -z "${OSPROBED}" ] ; then - # empty os-prober output, nothing doing - exit 0 --else -- grub_warn "$(gettext_printf "os-prober was executed to detect other bootable partitions.\nIt's output will be used to detect bootable binaries on them and create new boot entries.")" - fi - - osx_entry() { diff --git a/SPECS/grub2/fedora/0004-Add-support-for-Linux-EFI-stub-loading.patch b/SPECS/grub2/fedora/0004-Add-support-for-Linux-EFI-stub-loading.patch deleted file mode 100644 index 745973e53e..0000000000 --- a/SPECS/grub2/fedora/0004-Add-support-for-Linux-EFI-stub-loading.patch +++ /dev/null @@ -1,983 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Tue, 10 Jul 2012 11:58:52 -0400 -Subject: [PATCH] Add support for Linux EFI stub loading. - -Also: - -commit 71c843745f22f81e16d259e2e19c99bf3c1855c1 -Author: Colin Watson -Date: Tue Oct 23 10:40:49 2012 -0400 - -Don't allow insmod when secure boot is enabled. - -Hi, - -Fedora's patch to forbid insmod in UEFI Secure Boot environments is fine -as far as it goes. However, the insmod command is not the only way that -modules can be loaded. In particular, the 'normal' command, which -implements the usual GRUB menu and the fully-featured command prompt, -will implicitly load commands not currently loaded into memory. This -permits trivial Secure Boot violations by writing commands implementing -whatever you want to do and pointing $prefix at the malicious code. - -I'm currently test-building this patch (replacing your current -grub-2.00-no-insmod-on-sb.patch), but this should be more correct. It -moves the check into grub_dl_load_file. ---- - grub-core/Makefile.core.def | 16 +- - grub-core/kern/dl.c | 21 +++ - grub-core/kern/efi/efi.c | 28 ++++ - grub-core/kern/efi/mm.c | 32 ++++ - grub-core/loader/arm64/linux.c | 118 +++++++------- - grub-core/loader/arm64/xen_boot.c | 1 - - grub-core/loader/efi/linux.c | 70 ++++++++ - grub-core/loader/i386/efi/linux.c | 335 ++++++++++++++++++++++++++++++++++++++ - grub-core/loader/i386/pc/linux.c | 10 +- - include/grub/arm/linux.h | 9 + - include/grub/arm64/linux.h | 9 + - include/grub/efi/efi.h | 7 +- - include/grub/efi/linux.h | 31 ++++ - 13 files changed, 618 insertions(+), 69 deletions(-) - create mode 100644 grub-core/loader/efi/linux.c - create mode 100644 grub-core/loader/i386/efi/linux.c - create mode 100644 include/grub/efi/linux.h - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 8022e1c0a7..45d3edaa4d 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -1734,13 +1734,6 @@ module = { - enable = i386_pc; - }; - -- --module = { -- name = linux16; -- common = loader/i386/pc/linux.c; -- enable = x86; --}; -- - module = { - name = ntldr; - i386_pc = loader/i386/pc/ntldr.c; -@@ -1796,7 +1789,9 @@ module = { - - module = { - name = linux; -- x86 = loader/i386/linux.c; -+ i386_pc = loader/i386/pc/linux.c; -+ x86_64_efi = loader/i386/efi/linux.c; -+ i386_efi = loader/i386/efi/linux.c; - i386_xen_pvh = loader/i386/linux.c; - xen = loader/i386/xen.c; - i386_pc = lib/i386/pc/vesa_modes_table.c; -@@ -1811,9 +1806,14 @@ module = { - arm64 = loader/arm64/linux.c; - riscv32 = loader/riscv/linux.c; - riscv64 = loader/riscv/linux.c; -+ emu = loader/emu/linux.c; -+ fdt = lib/fdt.c; -+ - common = loader/linux.c; - common = lib/cmdline.c; - enable = noemu; -+ -+ efi = loader/efi/linux.c; - }; - - module = { -diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 48f8a79073..b714937095 100644 ---- a/grub-core/kern/dl.c -+++ b/grub-core/kern/dl.c -@@ -38,6 +38,14 @@ - #define GRUB_MODULES_MACHINE_READONLY - #endif - -+#ifdef GRUB_MACHINE_EMU -+#include -+#endif -+ -+#ifdef GRUB_MACHINE_EFI -+#include -+#endif -+ - - - #pragma GCC diagnostic ignored "-Wcast-align" -@@ -695,6 +703,19 @@ grub_dl_load_file (const char *filename) - void *core = 0; - grub_dl_t mod = 0; - -+#ifdef GRUB_MACHINE_EFI -+ if (grub_efi_secure_boot ()) -+ { -+#if 0 -+ /* This is an error, but grub2-mkconfig still generates a pile of -+ * insmod commands, so emitting it would be mostly just obnoxious. */ -+ grub_error (GRUB_ERR_ACCESS_DENIED, -+ "Secure Boot forbids loading module from %s", filename); -+#endif -+ return 0; -+ } -+#endif -+ - grub_boot_time ("Loading module %s", filename); - - file = grub_file_open (filename, GRUB_FILE_TYPE_GRUB_MODULE); -diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 8cff7be028..35b8f67060 100644 ---- a/grub-core/kern/efi/efi.c -+++ b/grub-core/kern/efi/efi.c -@@ -286,6 +286,34 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, - return grub_efi_get_variable_with_attributes (var, guid, datasize_out, data_out, NULL); - } - -+grub_efi_boolean_t -+grub_efi_secure_boot (void) -+{ -+ grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID; -+ grub_size_t datasize; -+ char *secure_boot = NULL; -+ char *setup_mode = NULL; -+ grub_efi_boolean_t ret = 0; -+ -+ secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize); -+ -+ if (datasize != 1 || !secure_boot) -+ goto out; -+ -+ setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize); -+ -+ if (datasize != 1 || !setup_mode) -+ goto out; -+ -+ if (*secure_boot && !*setup_mode) -+ ret = 1; -+ -+ out: -+ grub_free (secure_boot); -+ grub_free (setup_mode); -+ return ret; -+} -+ - #pragma GCC diagnostic ignored "-Wcast-align" - - /* Search the mods section from the PE32/PE32+ image. This code uses -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 9838fb2f50..f6aef0ef64 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -113,6 +113,38 @@ grub_efi_drop_alloc (grub_efi_physical_address_t address, - } - } - -+/* Allocate pages below a specified address */ -+void * -+grub_efi_allocate_pages_max (grub_efi_physical_address_t max, -+ grub_efi_uintn_t pages) -+{ -+ grub_efi_status_t status; -+ grub_efi_boot_services_t *b; -+ grub_efi_physical_address_t address = max; -+ -+ if (max > 0xffffffff) -+ return 0; -+ -+ b = grub_efi_system_table->boot_services; -+ status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS, GRUB_EFI_LOADER_DATA, pages, &address); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ return 0; -+ -+ if (address == 0) -+ { -+ /* Uggh, the address 0 was allocated... This is too annoying, -+ so reallocate another one. */ -+ address = max; -+ status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS, GRUB_EFI_LOADER_DATA, pages, &address); -+ grub_efi_free_pages (0, pages); -+ if (status != GRUB_EFI_SUCCESS) -+ return 0; -+ } -+ -+ return (void *) ((grub_addr_t) address); -+} -+ - /* Allocate pages. Return the pointer to the first of allocated pages. */ - void * - grub_efi_allocate_pages_real (grub_efi_physical_address_t address, -diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index ef3e9f9444..a312c66868 100644 ---- a/grub-core/loader/arm64/linux.c -+++ b/grub-core/loader/arm64/linux.c -@@ -29,6 +29,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -41,6 +42,7 @@ static int loaded; - - static void *kernel_addr; - static grub_uint64_t kernel_size; -+static grub_uint32_t handover_offset; - - static char *linux_args; - static grub_uint32_t cmdline_size; -@@ -67,7 +69,8 @@ grub_arch_efi_linux_check_image (struct linux_arch_kernel_header * lh) - static grub_err_t - finalize_params_linux (void) - { -- int node, retval; -+ grub_efi_loaded_image_t *loaded_image = NULL; -+ int node, retval, len; - - void *fdt; - -@@ -102,79 +105,70 @@ finalize_params_linux (void) - if (grub_fdt_install() != GRUB_ERR_NONE) - goto failure; - -- return GRUB_ERR_NONE; -- --failure: -- grub_fdt_unload(); -- return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT"); --} -- --grub_err_t --grub_arch_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args) --{ -- grub_efi_memory_mapped_device_path_t *mempath; -- grub_efi_handle_t image_handle; -- grub_efi_boot_services_t *b; -- grub_efi_status_t status; -- grub_efi_loaded_image_t *loaded_image; -- int len; -- -- mempath = grub_malloc (2 * sizeof (grub_efi_memory_mapped_device_path_t)); -- if (!mempath) -- return grub_errno; -- -- mempath[0].header.type = GRUB_EFI_HARDWARE_DEVICE_PATH_TYPE; -- mempath[0].header.subtype = GRUB_EFI_MEMORY_MAPPED_DEVICE_PATH_SUBTYPE; -- mempath[0].header.length = grub_cpu_to_le16_compile_time (sizeof (*mempath)); -- mempath[0].memory_type = GRUB_EFI_LOADER_DATA; -- mempath[0].start_address = addr; -- mempath[0].end_address = addr + size; -- -- mempath[1].header.type = GRUB_EFI_END_DEVICE_PATH_TYPE; -- mempath[1].header.subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; -- mempath[1].header.length = sizeof (grub_efi_device_path_t); -- -- b = grub_efi_system_table->boot_services; -- status = b->load_image (0, grub_efi_image_handle, -- (grub_efi_device_path_t *) mempath, -- (void *) addr, size, &image_handle); -- if (status != GRUB_EFI_SUCCESS) -- return grub_error (GRUB_ERR_BAD_OS, "cannot load image"); -- -- grub_dprintf ("linux", "linux command line: '%s'\n", args); -+ grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n", -+ fdt); - - /* Convert command line to UCS-2 */ -- loaded_image = grub_efi_get_loaded_image (image_handle); -+ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); -+ if (!loaded_image) -+ goto failure; -+ - loaded_image->load_options_size = len = -- (grub_strlen (args) + 1) * sizeof (grub_efi_char16_t); -+ (grub_strlen (linux_args) + 1) * sizeof (grub_efi_char16_t); - loaded_image->load_options = - grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); - if (!loaded_image->load_options) -- return grub_errno; -+ return grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters"); - - loaded_image->load_options_size = - 2 * grub_utf8_to_utf16 (loaded_image->load_options, len, -- (grub_uint8_t *) args, len, NULL); -+ (grub_uint8_t *) linux_args, len, NULL); - -- grub_dprintf ("linux", "starting image %p\n", image_handle); -- status = b->start_image (image_handle, 0, NULL); -+ return GRUB_ERR_NONE; - -- /* When successful, not reached */ -- b->unload_image (image_handle); -- grub_efi_free_pages ((grub_addr_t) loaded_image->load_options, -- GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); -+failure: -+ grub_fdt_unload(); -+ return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT"); -+} - -- return grub_errno; -+static void -+free_params (void) -+{ -+ grub_efi_loaded_image_t *loaded_image = NULL; -+ -+ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); -+ if (loaded_image) -+ { -+ if (loaded_image->load_options) -+ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_efi_uintn_t)loaded_image->load_options, -+ GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); -+ loaded_image->load_options = NULL; -+ loaded_image->load_options_size = 0; -+ } -+} -+ -+grub_err_t -+grub_arch_efi_linux_boot_image (grub_addr_t addr, char *args) -+{ -+ grub_err_t retval; -+ -+ retval = finalize_params_linux (); -+ if (retval != GRUB_ERR_NONE) -+ return grub_errno; -+ -+ grub_dprintf ("linux", "linux command line: '%s'\n", args); -+ -+ retval = grub_efi_linux_boot ((char *)addr, handover_offset, (void *)addr); -+ -+ /* Never reached... */ -+ free_params(); -+ return retval; - } - - static grub_err_t - grub_linux_boot (void) - { -- if (finalize_params_linux () != GRUB_ERR_NONE) -- return grub_errno; -- -- return (grub_arch_efi_linux_boot_image((grub_addr_t)kernel_addr, -- kernel_size, linux_args)); -+ return (grub_arch_efi_linux_boot_image((grub_addr_t)kernel_addr, linux_args)); - } - - static grub_err_t -@@ -288,6 +282,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - { - grub_file_t file = 0; - struct linux_arch_kernel_header lh; -+ struct grub_armxx_linux_pe_header *pe; - grub_err_t err; - - grub_dl_ref (my_mod); -@@ -333,6 +328,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - - grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); - -+ if (!grub_linuxefi_secure_validate (kernel_addr, kernel_size)) -+ { -+ grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); -+ goto fail; -+ } -+ -+ pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset); -+ handover_offset = pe->opt.entry_addr; -+ - cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE); - linux_args = grub_malloc (cmdline_size); - if (!linux_args) -diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c -index 22cc25eccd..d9b7a9ba40 100644 ---- a/grub-core/loader/arm64/xen_boot.c -+++ b/grub-core/loader/arm64/xen_boot.c -@@ -266,7 +266,6 @@ xen_boot (void) - return err; - - return grub_arch_efi_linux_boot_image (xen_hypervisor->start, -- xen_hypervisor->size, - xen_hypervisor->cmdline); - } - -diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c -new file mode 100644 -index 0000000000..c24202a5dd ---- /dev/null -+++ b/grub-core/loader/efi/linux.c -@@ -0,0 +1,70 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2014 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#define SHIM_LOCK_GUID \ -+ { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } -+ -+struct grub_efi_shim_lock -+{ -+ grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size); -+}; -+typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; -+ -+grub_efi_boolean_t -+grub_linuxefi_secure_validate (void *data, grub_uint32_t size) -+{ -+ grub_efi_guid_t guid = SHIM_LOCK_GUID; -+ grub_efi_shim_lock_t *shim_lock; -+ -+ shim_lock = grub_efi_locate_protocol(&guid, NULL); -+ -+ if (!shim_lock) -+ return 1; -+ -+ if (shim_lock->verify(data, size) == GRUB_EFI_SUCCESS) -+ return 1; -+ -+ return 0; -+} -+ -+#pragma GCC diagnostic push -+#pragma GCC diagnostic ignored "-Wcast-align" -+ -+typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *); -+ -+grub_err_t -+grub_efi_linux_boot (void *kernel_addr, grub_off_t offset, -+ void *kernel_params) -+{ -+ handover_func hf; -+ -+ hf = (handover_func)((char *)kernel_addr + offset); -+ hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); -+ -+ return GRUB_ERR_BUG; -+} -+ -+#pragma GCC diagnostic pop -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -new file mode 100644 -index 0000000000..bb2616a809 ---- /dev/null -+++ b/grub-core/loader/i386/efi/linux.c -@@ -0,0 +1,335 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2012 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+GRUB_MOD_LICENSE ("GPLv3+"); -+ -+static grub_dl_t my_mod; -+static int loaded; -+static void *kernel_mem; -+static grub_uint64_t kernel_size; -+static grub_uint8_t *initrd_mem; -+static grub_uint32_t handover_offset; -+struct linux_kernel_params *params; -+static char *linux_cmdline; -+ -+#define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) -+ -+static grub_err_t -+grub_linuxefi_boot (void) -+{ -+ int offset = 0; -+ -+#ifdef __x86_64__ -+ offset = 512; -+#endif -+ asm volatile ("cli"); -+ -+ return grub_efi_linux_boot ((char *)kernel_mem, handover_offset + offset, -+ params); -+} -+ -+static grub_err_t -+grub_linuxefi_unload (void) -+{ -+ grub_dl_unref (my_mod); -+ loaded = 0; -+ if (initrd_mem) -+ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, -+ BYTES_TO_PAGES(params->ramdisk_size)); -+ if (linux_cmdline) -+ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t) -+ linux_cmdline, -+ BYTES_TO_PAGES(params->cmdline_size + 1)); -+ if (kernel_mem) -+ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, -+ BYTES_TO_PAGES(kernel_size)); -+ if (params) -+ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)params, -+ BYTES_TO_PAGES(16384)); -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), -+ int argc, char *argv[]) -+{ -+ grub_file_t *files = 0; -+ int i, nfiles = 0; -+ grub_size_t size = 0; -+ grub_uint8_t *ptr; -+ -+ if (argc == 0) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -+ goto fail; -+ } -+ -+ if (!loaded) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("you need to load the kernel first")); -+ goto fail; -+ } -+ -+ files = grub_zalloc (argc * sizeof (files[0])); -+ if (!files) -+ goto fail; -+ -+ for (i = 0; i < argc; i++) -+ { -+ files[i] = grub_file_open (argv[i], GRUB_FILE_TYPE_LINUX_INITRD | GRUB_FILE_TYPE_NO_DECOMPRESS); -+ if (! files[i]) -+ goto fail; -+ nfiles++; -+ size += ALIGN_UP (grub_file_size (files[i]), 4); -+ } -+ -+ initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size)); -+ if (!initrd_mem) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate initrd")); -+ goto fail; -+ } -+ -+ params->ramdisk_size = size; -+ params->ramdisk_image = (grub_uint32_t)(grub_addr_t) initrd_mem; -+ -+ ptr = initrd_mem; -+ -+ for (i = 0; i < nfiles; i++) -+ { -+ grub_ssize_t cursize = grub_file_size (files[i]); -+ if (grub_file_read (files[i], ptr, cursize) != cursize) -+ { -+ if (!grub_errno) -+ grub_error (GRUB_ERR_FILE_READ_ERROR, N_("premature end of file %s"), -+ argv[i]); -+ goto fail; -+ } -+ ptr += cursize; -+ grub_memset (ptr, 0, ALIGN_UP_OVERHEAD (cursize, 4)); -+ ptr += ALIGN_UP_OVERHEAD (cursize, 4); -+ } -+ -+ params->ramdisk_size = size; -+ -+ fail: -+ for (i = 0; i < nfiles; i++) -+ grub_file_close (files[i]); -+ grub_free (files); -+ -+ if (initrd_mem && grub_errno) -+ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, -+ BYTES_TO_PAGES(size)); -+ -+ return grub_errno; -+} -+ -+static grub_err_t -+grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), -+ int argc, char *argv[]) -+{ -+ grub_file_t file = 0; -+ struct linux_i386_kernel_header lh; -+ grub_ssize_t len, start, filelen; -+ void *kernel = NULL; -+ -+ grub_dl_ref (my_mod); -+ -+ if (argc == 0) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -+ goto fail; -+ } -+ -+ file = grub_file_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL); -+ if (! file) -+ goto fail; -+ -+ filelen = grub_file_size (file); -+ -+ kernel = grub_malloc(filelen); -+ -+ if (!kernel) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer")); -+ goto fail; -+ } -+ -+ if (grub_file_read (file, kernel, filelen) != filelen) -+ { -+ grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), argv[0]); -+ goto fail; -+ } -+ -+ if (! grub_linuxefi_secure_validate (kernel, filelen)) -+ { -+ grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), -+ argv[0]); -+ goto fail; -+ } -+ -+ params = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(16384)); -+ -+ if (! params) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate kernel parameters"); -+ goto fail; -+ } -+ -+ grub_memset (params, 0, 16384); -+ -+ grub_memcpy (&lh, kernel, sizeof (lh)); -+ -+ if (lh.boot_flag != grub_cpu_to_le16 (0xaa55)) -+ { -+ grub_error (GRUB_ERR_BAD_OS, N_("invalid magic number")); -+ goto fail; -+ } -+ -+ if (lh.setup_sects > GRUB_LINUX_MAX_SETUP_SECTS) -+ { -+ grub_error (GRUB_ERR_BAD_OS, N_("too many setup sectors")); -+ goto fail; -+ } -+ -+ if (lh.version < grub_cpu_to_le16 (0x020b)) -+ { -+ grub_error (GRUB_ERR_BAD_OS, N_("kernel too old")); -+ goto fail; -+ } -+ -+ if (!lh.handover_offset) -+ { -+ grub_error (GRUB_ERR_BAD_OS, N_("kernel doesn't support EFI handover")); -+ goto fail; -+ } -+ -+ grub_dprintf ("linux", "setting up cmdline\n"); -+ linux_cmdline = grub_efi_allocate_pages_max(0x3fffffff, -+ BYTES_TO_PAGES(lh.cmdline_size + 1)); -+ -+ if (!linux_cmdline) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate cmdline")); -+ goto fail; -+ } -+ -+ grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); -+ grub_create_loader_cmdline (argc, argv, -+ linux_cmdline + sizeof (LINUX_IMAGE) - 1, -+ lh.cmdline_size - (sizeof (LINUX_IMAGE) - 1), -+ GRUB_VERIFY_KERNEL_CMDLINE); -+ -+ lh.cmd_line_ptr = (grub_uint32_t)(grub_addr_t)linux_cmdline; -+ -+ handover_offset = lh.handover_offset; -+ -+ start = (lh.setup_sects + 1) * 512; -+ len = grub_file_size(file) - start; -+ -+ kernel_mem = grub_efi_allocate_pages_max(lh.pref_address, -+ BYTES_TO_PAGES(lh.init_size)); -+ -+ if (!kernel_mem) -+ kernel_mem = grub_efi_allocate_pages_max(0x3fffffff, -+ BYTES_TO_PAGES(lh.init_size)); -+ -+ if (!kernel_mem) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate kernel")); -+ goto fail; -+ } -+ -+ grub_memcpy (kernel_mem, (char *)kernel + start, len); -+ grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); -+ loaded=1; -+ -+ lh.code32_start = (grub_uint32_t)(grub_uint64_t) kernel_mem; -+ grub_memcpy (params, &lh, 2 * 512); -+ -+ params->type_of_loader = 0x21; -+ -+ fail: -+ -+ if (file) -+ grub_file_close (file); -+ -+ if (kernel) -+ grub_free (kernel); -+ -+ if (grub_errno != GRUB_ERR_NONE) -+ { -+ grub_dl_unref (my_mod); -+ loaded = 0; -+ } -+ -+ if (linux_cmdline && !loaded) -+ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t) -+ linux_cmdline, -+ BYTES_TO_PAGES(lh.cmdline_size + 1)); -+ -+ if (kernel_mem && !loaded) -+ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, -+ BYTES_TO_PAGES(kernel_size)); -+ -+ if (params && !loaded) -+ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)params, -+ BYTES_TO_PAGES(16384)); -+ -+ return grub_errno; -+} -+ -+static grub_command_t cmd_linux, cmd_initrd; -+static grub_command_t cmd_linuxefi, cmd_initrdefi; -+ -+GRUB_MOD_INIT(linux) -+{ -+ cmd_linux = -+ grub_register_command ("linux", grub_cmd_linux, -+ 0, N_("Load Linux.")); -+ cmd_linuxefi = -+ grub_register_command ("linuxefi", grub_cmd_linux, -+ 0, N_("Load Linux.")); -+ cmd_initrd = -+ grub_register_command ("initrd", grub_cmd_initrd, -+ 0, N_("Load initrd.")); -+ cmd_initrdefi = -+ grub_register_command ("initrdefi", grub_cmd_initrd, -+ 0, N_("Load initrd.")); -+ my_mod = mod; -+} -+ -+GRUB_MOD_FINI(linux) -+{ -+ grub_unregister_command (cmd_linux); -+ grub_unregister_command (cmd_linuxefi); -+ grub_unregister_command (cmd_initrd); -+ grub_unregister_command (cmd_initrdefi); -+} -diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c -index 2a29952016..8be4c3b3f4 100644 ---- a/grub-core/loader/i386/pc/linux.c -+++ b/grub-core/loader/i386/pc/linux.c -@@ -474,14 +474,20 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - return grub_errno; - } - --static grub_command_t cmd_linux, cmd_initrd; -+static grub_command_t cmd_linux, cmd_linux16, cmd_initrd, cmd_initrd16; - - GRUB_MOD_INIT(linux16) - { - cmd_linux = -+ grub_register_command ("linux", grub_cmd_linux, -+ 0, N_("Load Linux.")); -+ cmd_linux16 = - grub_register_command ("linux16", grub_cmd_linux, - 0, N_("Load Linux.")); - cmd_initrd = -+ grub_register_command ("initrd", grub_cmd_initrd, -+ 0, N_("Load initrd.")); -+ cmd_initrd16 = - grub_register_command ("initrd16", grub_cmd_initrd, - 0, N_("Load initrd.")); - my_mod = mod; -@@ -490,5 +496,7 @@ GRUB_MOD_INIT(linux16) - GRUB_MOD_FINI(linux16) - { - grub_unregister_command (cmd_linux); -+ grub_unregister_command (cmd_linux16); - grub_unregister_command (cmd_initrd); -+ grub_unregister_command (cmd_initrd16); - } -diff --git a/include/grub/arm/linux.h b/include/grub/arm/linux.h -index bcd5a7eb18..b582f67f66 100644 ---- a/include/grub/arm/linux.h -+++ b/include/grub/arm/linux.h -@@ -20,6 +20,7 @@ - #ifndef GRUB_ARM_LINUX_HEADER - #define GRUB_ARM_LINUX_HEADER 1 - -+#include - #include "system.h" - - #define GRUB_LINUX_ARM_MAGIC_SIGNATURE 0x016f2818 -@@ -34,9 +35,17 @@ struct linux_arm_kernel_header { - grub_uint32_t hdr_offset; - }; - -+struct grub_arm_linux_pe_header -+{ -+ grub_uint32_t magic; -+ struct grub_pe32_coff_header coff; -+ struct grub_pe32_optional_header opt; -+}; -+ - #if defined(__arm__) - # define GRUB_LINUX_ARMXX_MAGIC_SIGNATURE GRUB_LINUX_ARM_MAGIC_SIGNATURE - # define linux_arch_kernel_header linux_arm_kernel_header -+# define grub_armxx_linux_pe_header grub_arm_linux_pe_header - #endif - - #if defined GRUB_MACHINE_UBOOT -diff --git a/include/grub/arm64/linux.h b/include/grub/arm64/linux.h -index 7e22b4ab69..ea030312df 100644 ---- a/include/grub/arm64/linux.h -+++ b/include/grub/arm64/linux.h -@@ -19,6 +19,7 @@ - #ifndef GRUB_ARM64_LINUX_HEADER - #define GRUB_ARM64_LINUX_HEADER 1 - -+#include - #include - - #define GRUB_LINUX_ARM64_MAGIC_SIGNATURE 0x644d5241 /* 'ARM\x64' */ -@@ -38,9 +39,17 @@ struct linux_arm64_kernel_header - grub_uint32_t hdr_offset; /* Offset of PE/COFF header */ - }; - -+struct grub_arm64_linux_pe_header -+{ -+ grub_uint32_t magic; -+ struct grub_pe32_coff_header coff; -+ struct grub_pe64_optional_header opt; -+}; -+ - #if defined(__aarch64__) - # define GRUB_LINUX_ARMXX_MAGIC_SIGNATURE GRUB_LINUX_ARM64_MAGIC_SIGNATURE - # define linux_arch_kernel_header linux_arm64_kernel_header -+# define grub_armxx_linux_pe_header grub_arm64_linux_pe_header - #endif - - #endif /* ! GRUB_ARM64_LINUX_HEADER */ -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index 83d958f994..6295df85f3 100644 ---- a/include/grub/efi/efi.h -+++ b/include/grub/efi/efi.h -@@ -47,6 +47,9 @@ EXPORT_FUNC(grub_efi_allocate_fixed) (grub_efi_physical_address_t address, - grub_efi_uintn_t pages); - void * - EXPORT_FUNC(grub_efi_allocate_any_pages) (grub_efi_uintn_t pages); -+void * -+EXPORT_FUNC(grub_efi_allocate_pages_max) (grub_efi_physical_address_t max, -+ grub_efi_uintn_t pages); - void EXPORT_FUNC(grub_efi_free_pages) (grub_efi_physical_address_t address, - grub_efi_uintn_t pages); - grub_efi_uintn_t EXPORT_FUNC(grub_efi_find_mmap_size) (void); -@@ -88,6 +91,7 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var, - const grub_efi_guid_t *guid, - void *data, - grub_size_t datasize); -+grub_efi_boolean_t EXPORT_FUNC (grub_efi_secure_boot) (void); - int - EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1, - const grub_efi_device_path_t *dp2); -@@ -101,8 +105,7 @@ void *EXPORT_FUNC(grub_efi_get_firmware_fdt)(void); - grub_err_t EXPORT_FUNC(grub_efi_get_ram_base)(grub_addr_t *); - #include - grub_err_t grub_arch_efi_linux_check_image(struct linux_arch_kernel_header *lh); --grub_err_t grub_arch_efi_linux_boot_image(grub_addr_t addr, grub_size_t size, -- char *args); -+grub_err_t grub_arch_efi_linux_boot_image(grub_addr_t addr, char *args); - #endif - - grub_addr_t grub_efi_modules_addr (void); -diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h -new file mode 100644 -index 0000000000..d9ede36773 ---- /dev/null -+++ b/include/grub/efi/linux.h -@@ -0,0 +1,31 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2014 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+#ifndef GRUB_EFI_LINUX_HEADER -+#define GRUB_EFI_LINUX_HEADER 1 -+ -+#include -+#include -+#include -+ -+grub_efi_boolean_t -+EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size); -+grub_err_t -+EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset, -+ void *kernel_param); -+ -+#endif /* ! GRUB_EFI_LINUX_HEADER */ diff --git a/SPECS/grub2/fedora/0005-Rework-linux-command.patch b/SPECS/grub2/fedora/0005-Rework-linux-command.patch deleted file mode 100644 index 694e42373b..0000000000 --- a/SPECS/grub2/fedora/0005-Rework-linux-command.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Sun, 9 Aug 2015 16:12:39 -0700 -Subject: [PATCH] Rework linux command - -We want a single buffer that contains the entire kernel image in order to -perform a TPM measurement. Allocate one and copy the entire kernel into it -before pulling out the individual blocks later on. - -Signed-off-by: Matthew Garrett ---- - grub-core/loader/i386/linux.c | 35 +++++++++++++++++++++++------------ - 1 file changed, 23 insertions(+), 12 deletions(-) - -diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c -index 9f74a96b19..dccf3bb300 100644 ---- a/grub-core/loader/i386/linux.c -+++ b/grub-core/loader/i386/linux.c -@@ -649,13 +649,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - { - grub_file_t file = 0; - struct linux_i386_kernel_header lh; -+ grub_uint8_t *linux_params_ptr; - grub_uint8_t setup_sects; -- grub_size_t real_size, prot_size, prot_file_size; -+ grub_size_t real_size, prot_size, prot_file_size, kernel_offset; - grub_ssize_t len; - int i; - grub_size_t align, min_align; - int relocatable; - grub_uint64_t preferred_address = GRUB_LINUX_BZIMAGE_ADDR; -+ grub_uint8_t *kernel = NULL; - - grub_dl_ref (my_mod); - -@@ -669,7 +671,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - if (! file) - goto fail; - -- if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh)) -+ len = grub_file_size (file); -+ kernel = grub_malloc (len); -+ if (!kernel) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer")); -+ goto fail; -+ } -+ -+ if (grub_file_read (file, kernel, len) != len) - { - if (!grub_errno) - grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), -@@ -677,6 +687,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -+ grub_memcpy (&lh, kernel, sizeof (lh)); -+ kernel_offset = sizeof (lh); -+ - if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55)) - { - grub_error (GRUB_ERR_BAD_OS, "invalid magic number"); -@@ -784,13 +797,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - /* We've already read lh so there is no need to read it second time. */ - len -= sizeof(lh); - -- if ((len > 0) && -- (grub_file_read (file, (char *) &linux_params + sizeof (lh), len) != len)) -+ linux_params_ptr = (void *)&linux_params; -+ if (len > 0) - { -- if (!grub_errno) -- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), -- argv[0]); -- goto fail; -+ grub_memcpy (linux_params_ptr + sizeof (lh), kernel + kernel_offset, len); -+ kernel_offset += len; - } - - linux_params.code32_start = prot_mode_target + lh.code32_start - GRUB_LINUX_BZIMAGE_ADDR; -@@ -853,7 +864,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - - /* The other parameters are filled when booting. */ - -- grub_file_seek (file, real_size + GRUB_DISK_SECTOR_SIZE); -+ kernel_offset = real_size + GRUB_DISK_SECTOR_SIZE; - - grub_dprintf ("linux", "bzImage, setup=0x%x, size=0x%x\n", - (unsigned) real_size, (unsigned) prot_size); -@@ -1007,9 +1018,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - } - - len = prot_file_size; -- if (grub_file_read (file, prot_mode_mem, len) != len && !grub_errno) -- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), -- argv[0]); -+ grub_memcpy (prot_mode_mem, kernel + kernel_offset, len); - - if (grub_errno == GRUB_ERR_NONE) - { -@@ -1020,6 +1029,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - - fail: - -+ grub_free (kernel); -+ - if (file) - grub_file_close (file); - diff --git a/SPECS/grub2/fedora/0006-Rework-linux16-command.patch b/SPECS/grub2/fedora/0006-Rework-linux16-command.patch deleted file mode 100644 index 5adaaba608..0000000000 --- a/SPECS/grub2/fedora/0006-Rework-linux16-command.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Sun, 9 Aug 2015 16:20:58 -0700 -Subject: [PATCH] Rework linux16 command - -We want a single buffer that contains the entire kernel image in order to -perform a TPM measurement. Allocate one and copy the entire kernel int it -before pulling out the individual blocks later on. - -Signed-off-by: Matthew Garrett ---- - grub-core/loader/i386/pc/linux.c | 33 +++++++++++++++++++++------------ - 1 file changed, 21 insertions(+), 12 deletions(-) - -diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c -index 8be4c3b3f4..4b1750e360 100644 ---- a/grub-core/loader/i386/pc/linux.c -+++ b/grub-core/loader/i386/pc/linux.c -@@ -124,13 +124,14 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_file_t file = 0; - struct linux_i386_kernel_header lh; - grub_uint8_t setup_sects; -- grub_size_t real_size; -+ grub_size_t real_size, kernel_offset = 0; - grub_ssize_t len; - int i; - char *grub_linux_prot_chunk; - int grub_linux_is_bzimage; - grub_addr_t grub_linux_prot_target; - grub_err_t err; -+ grub_uint8_t *kernel = NULL; - - grub_dl_ref (my_mod); - -@@ -144,7 +145,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - if (! file) - goto fail; - -- if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh)) -+ len = grub_file_size (file); -+ kernel = grub_malloc (len); -+ if (!kernel) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer")); -+ goto fail; -+ } -+ -+ if (grub_file_read (file, kernel, len) != len) - { - if (!grub_errno) - grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), -@@ -152,6 +161,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -+ grub_memcpy (&lh, kernel, sizeof (lh)); -+ kernel_offset = sizeof (lh); -+ - if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55)) - { - grub_error (GRUB_ERR_BAD_OS, "invalid magic number"); -@@ -320,13 +332,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_memmove (grub_linux_real_chunk, &lh, sizeof (lh)); - - len = real_size + GRUB_DISK_SECTOR_SIZE - sizeof (lh); -- if (grub_file_read (file, grub_linux_real_chunk + sizeof (lh), len) != len) -- { -- if (!grub_errno) -- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), -- argv[0]); -- goto fail; -- } -+ grub_memcpy (grub_linux_real_chunk + sizeof (lh), kernel + kernel_offset, -+ len); -+ kernel_offset += len; - - if (lh.header != grub_cpu_to_le32_compile_time (GRUB_LINUX_I386_MAGIC_SIGNATURE) - || grub_le_to_cpu16 (lh.version) < 0x0200) -@@ -364,9 +372,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - } - - len = grub_linux16_prot_size; -- if (grub_file_read (file, grub_linux_prot_chunk, len) != len && !grub_errno) -- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), -- argv[0]); -+ grub_memcpy (grub_linux_prot_chunk, kernel + kernel_offset, len); -+ kernel_offset += len; - - if (grub_errno == GRUB_ERR_NONE) - { -@@ -376,6 +383,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - - fail: - -+ grub_free (kernel); -+ - if (file) - grub_file_close (file); - diff --git a/SPECS/grub2/fedora/0007-Add-secureboot-support-on-efi-chainloader.patch b/SPECS/grub2/fedora/0007-Add-secureboot-support-on-efi-chainloader.patch deleted file mode 100644 index 34ead63b26..0000000000 --- a/SPECS/grub2/fedora/0007-Add-secureboot-support-on-efi-chainloader.patch +++ /dev/null @@ -1,1401 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Raymund Will -Date: Mon, 8 Jul 2019 11:55:18 +0200 -Subject: [PATCH] Add secureboot support on efi chainloader - -Expand the chainloader to be able to verify the image by means of shim -lock protocol. The PE/COFF image is loaded and relocated by the -chainloader instead of calling LoadImage and StartImage UEFI boot -Service as they require positive verification result from keys enrolled -in KEK or DB. The shim will use MOK in addition to firmware enrolled -keys to verify the image. - -The chainloader module could be used to load other UEFI bootloaders, -such as xen.efi, and could be signed by any of MOK, KEK or DB. - -Based on https://build.opensuse.org/package/view_file/openSUSE:Factory/grub2/grub2-secureboot-chainloader.patch - -Signed-off-by: Peter Jones - -Also: - -commit cd7a8984d4fda905877b5bfe466339100156b3bc -Author: Raymund Will -Date: Fri Apr 10 01:45:02 2015 -0400 - -Use device part of chainloader target, if present. - -Otherwise chainloading is restricted to '$root', which might not even -be readable by EFI! - -v1. use grub_file_get_device_name() to get device name - -Signed-off-by: Michael Chang -Signed-off-by: Peter Jones - -Also: - -commit 0872a2310a0eeac4ecfe9e1b49dd2d72ab373039 -Author: Peter Jones -Date: Fri Jun 10 14:06:15 2016 -0400 - -Rework even more of efi chainload so non-sb cases work right. - -This ensures that if shim protocol is not loaded, or is loaded but shim -is disabled, we will fall back to a correct load method for the efi -chain loader. - -Here's what I tested with this version: - -results expected actual ------------------------------------------------------------- -sb + enabled + shim + fedora success success -sb + enabled + shim + win success success -sb + enabled + grub + fedora fail fail -sb + enabled + grub + win fail fail - -sb + mokdisabled + shim + fedora success success -sb + mokdisabled + shim + win success success -sb + mokdisabled + grub + fedora fail fail -sb + mokdisabled + grub + win fail fail - -sb disabled + shim + fedora success success* -sb disabled + shim + win success success* -sb disabled + grub + fedora success success -sb disabled + grub + win success success - -nosb + shim + fedora success success* -nosb + shim + win success success* -nosb + grub + fedora success success -nosb + grub + win success success - -* for some reason shim protocol is being installed in these cases, and I - can't see why, but I think it may be this firmware build returning an - erroneous value. But this effectively falls back to the mokdisabled - behavior, which works correctly, and the presence of the "grub" (i.e. - no shim) tests effectively tests the desired behavior here. - -Resolves: rhbz#1344512 - -Signed-off-by: Peter Jones - -Also: - -commit ff7b1cb7f69487870211aeb69ff4f54470fbcb58 -Author: Laszlo Ersek -Date: Mon Nov 21 15:34:00 2016 +0100 - -efi/chainloader: fix wrong sanity check in relocate_coff() - -In relocate_coff(), the relocation entries are parsed from the original -image (not the section-wise copied image). The original image is -pointed-to by the "orig" pointer. The current check - - (void *)reloc_end < data - -compares the addresses of independent memory allocations. "data" is a typo -here, it should be "orig". - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1347291 -Signed-off-by: Laszlo Ersek -Tested-by: Bogdan Costescu -Tested-by: Juan Orti - -Also: - -commit ab4ba9997ad4832449e54d930fa2aac6a160d0e9 -Author: Laszlo Ersek -Date: Wed Nov 23 06:27:09 2016 +0100 - -efi/chainloader: truncate overlong relocation section - -The UEFI Windows 7 boot loader ("EFI/Microsoft/Boot/bootmgfw.efi", SHA1 -31b410e029bba87d2068c65a80b88882f9f8ea25) has inconsistent headers. - -Compare: - -> The Data Directory -> ... -> Entry 5 00000000000d9000 00000574 Base Relocation Directory [.reloc] - -Versus: - -> Sections: -> Idx Name Size VMA LMA File off ... -> ... -> 10 .reloc 00000e22 00000000100d9000 00000000100d9000 000a1800 ... - -That is, the size reported by the RelocDir entry (0x574) is smaller than -the virtual size of the .reloc section (0xe22). - -Quoting the grub2 debug log for the same: - -> chainloader.c:595: reloc_dir: 0xd9000 reloc_size: 0x00000574 -> chainloader.c:603: reloc_base: 0x7d208000 reloc_base_end: 0x7d208573 -> ... -> chainloader.c:620: Section 10 ".reloc" at 0x7d208000..0x7d208e21 -> chainloader.c:661: section is not reloc section? -> chainloader.c:663: rds: 0x00001000, vs: 00000e22 -> chainloader.c:664: base: 0x7d208000 end: 0x7d208e21 -> chainloader.c:666: reloc_base: 0x7d208000 reloc_base_end: 0x7d208573 -> chainloader.c:671: Section characteristics are 42000040 -> chainloader.c:673: Section virtual size: 00000e22 -> chainloader.c:675: Section raw_data size: 00001000 -> chainloader.c:678: Discarding section - -After hexdumping "bootmgfw.efi" and manually walking its relocation blocks -(yes, really), I determined that the (smaller) RelocDir value is correct. -The remaining area that extends up to the .reloc section size (== 0xe22 - -0x574 == 0x8ae bytes) exists as zero padding in the file. - -This zero padding shouldn't be passed to relocate_coff() for parsing. In -order to cope with it, split the handling of .reloc sections into the -following branches: - -- original case (equal size): original behavior (--> relocation - attempted), - -- overlong .reloc section (longer than reported by RelocDir): truncate the - section to the RelocDir size for the purposes of relocate_coff(), and - attempt relocation, - -- .reloc section is too short, or other checks fail: original behavior - (--> relocation not attempted). - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1347291 -Signed-off-by: Laszlo Ersek - -Also: - -commit cc06f149fbd2d8c1da1e83173d21629ba97e0d92 -Author: Raymund Will - -chainloader: Define machine types for RISC-V - -The commit "Add secureboot support on efi chainloader" didn't add machine -types for RISC-V, so this patch adds them. - -Note, that grub-core/loader/riscv/linux.c is skipped because Linux is not -supported yet. This patch might need a new revision once that's the case. - -Signed-off-by: David Abdurachmanov ---- - grub-core/kern/efi/efi.c | 14 +- - grub-core/loader/arm64/linux.c | 4 +- - grub-core/loader/efi/chainloader.c | 820 +++++++++++++++++++++++++++++++++---- - grub-core/loader/efi/linux.c | 25 +- - grub-core/loader/i386/efi/linux.c | 17 +- - include/grub/efi/linux.h | 2 +- - include/grub/efi/pe32.h | 52 ++- - 7 files changed, 844 insertions(+), 90 deletions(-) - -diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 35b8f67060..4a2259aa1c 100644 ---- a/grub-core/kern/efi/efi.c -+++ b/grub-core/kern/efi/efi.c -@@ -296,14 +296,20 @@ grub_efi_secure_boot (void) - grub_efi_boolean_t ret = 0; - - secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize); -- - if (datasize != 1 || !secure_boot) -- goto out; -+ { -+ grub_dprintf ("secureboot", "No SecureBoot variable\n"); -+ goto out; -+ } -+ grub_dprintf ("secureboot", "SecureBoot: %d\n", *secure_boot); - - setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize); -- - if (datasize != 1 || !setup_mode) -- goto out; -+ { -+ grub_dprintf ("secureboot", "No SetupMode variable\n"); -+ goto out; -+ } -+ grub_dprintf ("secureboot", "SetupMode: %d\n", *setup_mode); - - if (*secure_boot && !*setup_mode) - ret = 1; -diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index a312c66868..04994d5c67 100644 ---- a/grub-core/loader/arm64/linux.c -+++ b/grub-core/loader/arm64/linux.c -@@ -284,6 +284,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - struct linux_arch_kernel_header lh; - struct grub_armxx_linux_pe_header *pe; - grub_err_t err; -+ int rc; - - grub_dl_ref (my_mod); - -@@ -328,7 +329,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - - grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); - -- if (!grub_linuxefi_secure_validate (kernel_addr, kernel_size)) -+ rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size); -+ if (rc < 0) - { - grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); - goto fail; -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 2bd80f4db3..e6a8d4ad0e 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -32,6 +32,8 @@ - #include - #include - #include -+#include -+#include - #include - #include - #include -@@ -46,9 +48,14 @@ static grub_dl_t my_mod; - - static grub_efi_physical_address_t address; - static grub_efi_uintn_t pages; -+static grub_ssize_t fsize; - static grub_efi_device_path_t *file_path; - static grub_efi_handle_t image_handle; - static grub_efi_char16_t *cmdline; -+static grub_ssize_t cmdline_len; -+static grub_efi_handle_t dev_handle; -+ -+static grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table); - - static grub_err_t - grub_chainloader_unload (void) -@@ -63,6 +70,7 @@ grub_chainloader_unload (void) - grub_free (cmdline); - cmdline = 0; - file_path = 0; -+ dev_handle = 0; - - grub_dl_unref (my_mod); - return GRUB_ERR_NONE; -@@ -213,20 +221,694 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) - return file_path; - } - -+#define SHIM_LOCK_GUID \ -+ { 0x605dab50, 0xe046, 0x4300, { 0xab,0xb6,0x3d,0xd8,0x10,0xdd,0x8b,0x23 } } -+ -+typedef union -+{ -+ struct grub_pe32_header_32 pe32; -+ struct grub_pe32_header_64 pe32plus; -+} grub_pe_header_t; -+ -+struct pe_coff_loader_image_context -+{ -+ grub_efi_uint64_t image_address; -+ grub_efi_uint64_t image_size; -+ grub_efi_uint64_t entry_point; -+ grub_efi_uintn_t size_of_headers; -+ grub_efi_uint16_t image_type; -+ grub_efi_uint16_t number_of_sections; -+ grub_efi_uint32_t section_alignment; -+ struct grub_pe32_section_table *first_section; -+ struct grub_pe32_data_directory *reloc_dir; -+ struct grub_pe32_data_directory *sec_dir; -+ grub_efi_uint64_t number_of_rva_and_sizes; -+ grub_pe_header_t *pe_hdr; -+}; -+ -+typedef struct pe_coff_loader_image_context pe_coff_loader_image_context_t; -+ -+struct grub_efi_shim_lock -+{ -+ grub_efi_status_t (*verify)(void *buffer, -+ grub_efi_uint32_t size); -+ grub_efi_status_t (*hash)(void *data, -+ grub_efi_int32_t datasize, -+ pe_coff_loader_image_context_t *context, -+ grub_efi_uint8_t *sha256hash, -+ grub_efi_uint8_t *sha1hash); -+ grub_efi_status_t (*context)(void *data, -+ grub_efi_uint32_t size, -+ pe_coff_loader_image_context_t *context); -+}; -+ -+typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; -+ -+static grub_efi_boolean_t -+read_header (void *data, grub_efi_uint32_t size, -+ pe_coff_loader_image_context_t *context) -+{ -+ grub_efi_guid_t guid = SHIM_LOCK_GUID; -+ grub_efi_shim_lock_t *shim_lock; -+ grub_efi_status_t status; -+ -+ shim_lock = grub_efi_locate_protocol (&guid, NULL); -+ if (!shim_lock) -+ { -+ grub_dprintf ("chain", "no shim lock protocol"); -+ return 0; -+ } -+ -+ status = shim_lock->context (data, size, context); -+ -+ if (status == GRUB_EFI_SUCCESS) -+ { -+ grub_dprintf ("chain", "context success\n"); -+ return 1; -+ } -+ -+ switch (status) -+ { -+ case GRUB_EFI_UNSUPPORTED: -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "context error unsupported"); -+ break; -+ case GRUB_EFI_INVALID_PARAMETER: -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "context error invalid parameter"); -+ break; -+ default: -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "context error code"); -+ break; -+ } -+ -+ return -1; -+} -+ -+static void* -+image_address (void *image, grub_efi_uint64_t sz, grub_efi_uint64_t adr) -+{ -+ if (adr > sz) -+ return NULL; -+ -+ return ((grub_uint8_t*)image + adr); -+} -+ -+static int -+image_is_64_bit (grub_pe_header_t *pe_hdr) -+{ -+ /* .Magic is the same offset in all cases */ -+ if (pe_hdr->pe32plus.optional_header.magic == GRUB_PE32_PE64_MAGIC) -+ return 1; -+ return 0; -+} -+ -+static const grub_uint16_t machine_type __attribute__((__unused__)) = -+#if defined(__x86_64__) -+ GRUB_PE32_MACHINE_X86_64; -+#elif defined(__aarch64__) -+ GRUB_PE32_MACHINE_ARM64; -+#elif defined(__arm__) -+ GRUB_PE32_MACHINE_ARMTHUMB_MIXED; -+#elif defined(__i386__) || defined(__i486__) || defined(__i686__) -+ GRUB_PE32_MACHINE_I386; -+#elif defined(__ia64__) -+ GRUB_PE32_MACHINE_IA64; -+#elif defined(__riscv) && (__riscv_xlen == 32) -+ GRUB_PE32_MACHINE_RISCV32; -+#elif defined(__riscv) && (__riscv_xlen == 64) -+ GRUB_PE32_MACHINE_RISCV64; -+#else -+#error this architecture is not supported by grub2 -+#endif -+ -+static grub_efi_status_t -+relocate_coff (pe_coff_loader_image_context_t *context, -+ struct grub_pe32_section_table *section, -+ void *orig, void *data) -+{ -+ struct grub_pe32_data_directory *reloc_base, *reloc_base_end; -+ grub_efi_uint64_t adjust; -+ struct grub_pe32_fixup_block *reloc, *reloc_end; -+ char *fixup, *fixup_base, *fixup_data = NULL; -+ grub_efi_uint16_t *fixup_16; -+ grub_efi_uint32_t *fixup_32; -+ grub_efi_uint64_t *fixup_64; -+ grub_efi_uint64_t size = context->image_size; -+ void *image_end = (char *)orig + size; -+ int n = 0; -+ -+ if (image_is_64_bit (context->pe_hdr)) -+ context->pe_hdr->pe32plus.optional_header.image_base = -+ (grub_uint64_t)(unsigned long)data; -+ else -+ context->pe_hdr->pe32.optional_header.image_base = -+ (grub_uint32_t)(unsigned long)data; -+ -+ /* Alright, so here's how this works: -+ * -+ * context->reloc_dir gives us two things: -+ * - the VA the table of base relocation blocks are (maybe) to be -+ * mapped at (reloc_dir->rva) -+ * - the virtual size (reloc_dir->size) -+ * -+ * The .reloc section (section here) gives us some other things: -+ * - the name! kind of. (section->name) -+ * - the virtual size (section->virtual_size), which should be the same -+ * as RelocDir->Size -+ * - the virtual address (section->virtual_address) -+ * - the file section size (section->raw_data_size), which is -+ * a multiple of optional_header->file_alignment. Only useful for image -+ * validation, not really useful for iteration bounds. -+ * - the file address (section->raw_data_offset) -+ * - a bunch of stuff we don't use that's 0 in our binaries usually -+ * - Flags (section->characteristics) -+ * -+ * and then the thing that's actually at the file address is an array -+ * of struct grub_pe32_fixup_block structs with some values packed behind -+ * them. The block_size field of this structure includes the -+ * structure itself, and adding it to that structure's address will -+ * yield the next entry in the array. -+ */ -+ -+ reloc_base = image_address (orig, size, section->raw_data_offset); -+ reloc_base_end = image_address (orig, size, section->raw_data_offset -+ + section->virtual_size); -+ -+ grub_dprintf ("chain", "relocate_coff(): reloc_base %p reloc_base_end %p\n", -+ reloc_base, reloc_base_end); -+ -+ if (!reloc_base && !reloc_base_end) -+ return GRUB_EFI_SUCCESS; -+ -+ if (!reloc_base || !reloc_base_end) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc table overflows binary"); -+ return GRUB_EFI_UNSUPPORTED; -+ } -+ -+ adjust = (grub_uint64_t)(grub_efi_uintn_t)data - context->image_address; -+ if (adjust == 0) -+ return GRUB_EFI_SUCCESS; -+ -+ while (reloc_base < reloc_base_end) -+ { -+ grub_uint16_t *entry; -+ reloc = (struct grub_pe32_fixup_block *)((char*)reloc_base); -+ -+ if ((reloc_base->size == 0) || -+ (reloc_base->size > context->reloc_dir->size)) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, -+ "Reloc %d block size %d is invalid\n", n, -+ reloc_base->size); -+ return GRUB_EFI_UNSUPPORTED; -+ } -+ -+ entry = &reloc->entries[0]; -+ reloc_end = (struct grub_pe32_fixup_block *) -+ ((char *)reloc_base + reloc_base->size); -+ -+ if ((void *)reloc_end < orig || (void *)reloc_end > image_end) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc entry %d overflows binary", -+ n); -+ return GRUB_EFI_UNSUPPORTED; -+ } -+ -+ fixup_base = image_address(data, size, reloc_base->rva); -+ -+ if (!fixup_base) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc %d Invalid fixupbase", n); -+ return GRUB_EFI_UNSUPPORTED; -+ } -+ -+ while ((void *)entry < (void *)reloc_end) -+ { -+ fixup = fixup_base + (*entry & 0xFFF); -+ switch ((*entry) >> 12) -+ { -+ case GRUB_PE32_REL_BASED_ABSOLUTE: -+ break; -+ case GRUB_PE32_REL_BASED_HIGH: -+ fixup_16 = (grub_uint16_t *)fixup; -+ *fixup_16 = (grub_uint16_t) -+ (*fixup_16 + ((grub_uint16_t)((grub_uint32_t)adjust >> 16))); -+ if (fixup_data != NULL) -+ { -+ *(grub_uint16_t *) fixup_data = *fixup_16; -+ fixup_data = fixup_data + sizeof (grub_uint16_t); -+ } -+ break; -+ case GRUB_PE32_REL_BASED_LOW: -+ fixup_16 = (grub_uint16_t *)fixup; -+ *fixup_16 = (grub_uint16_t) (*fixup_16 + (grub_uint16_t)adjust); -+ if (fixup_data != NULL) -+ { -+ *(grub_uint16_t *) fixup_data = *fixup_16; -+ fixup_data = fixup_data + sizeof (grub_uint16_t); -+ } -+ break; -+ case GRUB_PE32_REL_BASED_HIGHLOW: -+ fixup_32 = (grub_uint32_t *)fixup; -+ *fixup_32 = *fixup_32 + (grub_uint32_t)adjust; -+ if (fixup_data != NULL) -+ { -+ fixup_data = (char *)ALIGN_UP ((grub_addr_t)fixup_data, sizeof (grub_uint32_t)); -+ *(grub_uint32_t *) fixup_data = *fixup_32; -+ fixup_data += sizeof (grub_uint32_t); -+ } -+ break; -+ case GRUB_PE32_REL_BASED_DIR64: -+ fixup_64 = (grub_uint64_t *)fixup; -+ *fixup_64 = *fixup_64 + (grub_uint64_t)adjust; -+ if (fixup_data != NULL) -+ { -+ fixup_data = (char *)ALIGN_UP ((grub_addr_t)fixup_data, sizeof (grub_uint64_t)); -+ *(grub_uint64_t *) fixup_data = *fixup_64; -+ fixup_data += sizeof (grub_uint64_t); -+ } -+ break; -+ default: -+ grub_error (GRUB_ERR_BAD_ARGUMENT, -+ "Reloc %d unknown relocation type %d", -+ n, (*entry) >> 12); -+ return GRUB_EFI_UNSUPPORTED; -+ } -+ entry += 1; -+ } -+ reloc_base = (struct grub_pe32_data_directory *)reloc_end; -+ n++; -+ } -+ -+ return GRUB_EFI_SUCCESS; -+} -+ -+static grub_efi_device_path_t * -+grub_efi_get_media_file_path (grub_efi_device_path_t *dp) -+{ -+ while (1) -+ { -+ grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); -+ grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); -+ -+ if (type == GRUB_EFI_END_DEVICE_PATH_TYPE) -+ break; -+ else if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE -+ && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE) -+ return dp; -+ -+ dp = GRUB_EFI_NEXT_DEVICE_PATH (dp); -+ } -+ -+ return NULL; -+} -+ -+static grub_efi_boolean_t -+handle_image (void *data, grub_efi_uint32_t datasize) -+{ -+ grub_efi_boot_services_t *b; -+ grub_efi_loaded_image_t *li, li_bak; -+ grub_efi_status_t efi_status; -+ char *buffer = NULL; -+ char *buffer_aligned = NULL; -+ grub_efi_uint32_t i; -+ struct grub_pe32_section_table *section; -+ char *base, *end; -+ pe_coff_loader_image_context_t context; -+ grub_uint32_t section_alignment; -+ grub_uint32_t buffer_size; -+ int found_entry_point = 0; -+ int rc; -+ -+ b = grub_efi_system_table->boot_services; -+ -+ rc = read_header (data, datasize, &context); -+ if (rc < 0) -+ { -+ grub_dprintf ("chain", "Failed to read header\n"); -+ goto error_exit; -+ } -+ else if (rc == 0) -+ { -+ grub_dprintf ("chain", "Secure Boot is not enabled\n"); -+ return 0; -+ } -+ else -+ { -+ grub_dprintf ("chain", "Header read without error\n"); -+ } -+ -+ /* -+ * The spec says, uselessly, of SectionAlignment: -+ * ===== -+ * The alignment (in bytes) of sections when they are loaded into -+ * memory. It must be greater than or equal to FileAlignment. The -+ * default is the page size for the architecture. -+ * ===== -+ * Which doesn't tell you whose responsibility it is to enforce the -+ * "default", or when. It implies that the value in the field must -+ * be > FileAlignment (also poorly defined), but it appears visual -+ * studio will happily write 512 for FileAlignment (its default) and -+ * 0 for SectionAlignment, intending to imply PAGE_SIZE. -+ * -+ * We only support one page size, so if it's zero, nerf it to 4096. -+ */ -+ section_alignment = context.section_alignment; -+ if (section_alignment == 0) -+ section_alignment = 4096; -+ -+ buffer_size = context.image_size + section_alignment; -+ grub_dprintf ("chain", "image size is %08"PRIxGRUB_UINT64_T", datasize is %08x\n", -+ context.image_size, datasize); -+ -+ efi_status = efi_call_3 (b->allocate_pool, GRUB_EFI_LOADER_DATA, -+ buffer_size, &buffer); -+ -+ if (efi_status != GRUB_EFI_SUCCESS) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ goto error_exit; -+ } -+ -+ buffer_aligned = (char *)ALIGN_UP ((grub_addr_t)buffer, section_alignment); -+ if (!buffer_aligned) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ goto error_exit; -+ } -+ -+ grub_memcpy (buffer_aligned, data, context.size_of_headers); -+ -+ entry_point = image_address (buffer_aligned, context.image_size, -+ context.entry_point); -+ -+ grub_dprintf ("chain", "entry_point: %p\n", entry_point); -+ if (!entry_point) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid entry point"); -+ goto error_exit; -+ } -+ -+ char *reloc_base, *reloc_base_end; -+ grub_dprintf ("chain", "reloc_dir: %p reloc_size: 0x%08x\n", -+ (void *)(unsigned long)context.reloc_dir->rva, -+ context.reloc_dir->size); -+ reloc_base = image_address (buffer_aligned, context.image_size, -+ context.reloc_dir->rva); -+ /* RelocBaseEnd here is the address of the last byte of the table */ -+ reloc_base_end = image_address (buffer_aligned, context.image_size, -+ context.reloc_dir->rva -+ + context.reloc_dir->size - 1); -+ grub_dprintf ("chain", "reloc_base: %p reloc_base_end: %p\n", -+ reloc_base, reloc_base_end); -+ -+ struct grub_pe32_section_table *reloc_section = NULL, fake_reloc_section; -+ -+ section = context.first_section; -+ for (i = 0; i < context.number_of_sections; i++, section++) -+ { -+ char name[9]; -+ -+ base = image_address (buffer_aligned, context.image_size, -+ section->virtual_address); -+ end = image_address (buffer_aligned, context.image_size, -+ section->virtual_address + section->virtual_size -1); -+ -+ grub_strncpy(name, section->name, 9); -+ name[8] = '\0'; -+ grub_dprintf ("chain", "Section %d \"%s\" at %p..%p\n", i, -+ name, base, end); -+ -+ if (end < base) -+ { -+ grub_dprintf ("chain", " base is %p but end is %p... bad.\n", -+ base, end); -+ grub_error (GRUB_ERR_BAD_ARGUMENT, -+ "Image has invalid negative size"); -+ goto error_exit; -+ } -+ -+ if (section->virtual_address <= context.entry_point && -+ (section->virtual_address + section->raw_data_size - 1) -+ > context.entry_point) -+ { -+ found_entry_point++; -+ grub_dprintf ("chain", " section contains entry point\n"); -+ } -+ -+ /* We do want to process .reloc, but it's often marked -+ * discardable, so we don't want to memcpy it. */ -+ if (grub_memcmp (section->name, ".reloc\0\0", 8) == 0) -+ { -+ if (reloc_section) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, -+ "Image has multiple relocation sections"); -+ goto error_exit; -+ } -+ -+ /* If it has nonzero sizes, and our bounds check -+ * made sense, and the VA and size match RelocDir's -+ * versions, then we believe in this section table. */ -+ if (section->raw_data_size && section->virtual_size && -+ base && end && reloc_base == base) -+ { -+ if (reloc_base_end == end) -+ { -+ grub_dprintf ("chain", " section is relocation section\n"); -+ reloc_section = section; -+ } -+ else if (reloc_base_end && reloc_base_end < end) -+ { -+ /* Bogus virtual size in the reloc section -- RelocDir -+ * reported a smaller Base Relocation Directory. Decrease -+ * the section's virtual size so that it equal RelocDir's -+ * idea, but only for the purposes of relocate_coff(). */ -+ grub_dprintf ("chain", -+ " section is (overlong) relocation section\n"); -+ grub_memcpy (&fake_reloc_section, section, sizeof *section); -+ fake_reloc_section.virtual_size -= (end - reloc_base_end); -+ reloc_section = &fake_reloc_section; -+ } -+ } -+ -+ if (!reloc_section) -+ { -+ grub_dprintf ("chain", " section is not reloc section?\n"); -+ grub_dprintf ("chain", " rds: 0x%08x, vs: %08x\n", -+ section->raw_data_size, section->virtual_size); -+ grub_dprintf ("chain", " base: %p end: %p\n", base, end); -+ grub_dprintf ("chain", " reloc_base: %p reloc_base_end: %p\n", -+ reloc_base, reloc_base_end); -+ } -+ } -+ -+ grub_dprintf ("chain", " Section characteristics are %08x\n", -+ section->characteristics); -+ grub_dprintf ("chain", " Section virtual size: %08x\n", -+ section->virtual_size); -+ grub_dprintf ("chain", " Section raw_data size: %08x\n", -+ section->raw_data_size); -+ if (section->characteristics & GRUB_PE32_SCN_MEM_DISCARDABLE) -+ { -+ grub_dprintf ("chain", " Discarding section\n"); -+ continue; -+ } -+ -+ if (!base || !end) -+ { -+ grub_dprintf ("chain", " section is invalid\n"); -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid section size"); -+ goto error_exit; -+ } -+ -+ if (section->characteristics & GRUB_PE32_SCN_CNT_UNINITIALIZED_DATA) -+ { -+ if (section->raw_data_size != 0) -+ grub_dprintf ("chain", " UNINITIALIZED_DATA section has data?\n"); -+ } -+ else if (section->virtual_address < context.size_of_headers || -+ section->raw_data_offset < context.size_of_headers) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, -+ "Section %d is inside image headers", i); -+ goto error_exit; -+ } -+ -+ if (section->raw_data_size > 0) -+ { -+ grub_dprintf ("chain", " copying 0x%08x bytes to %p\n", -+ section->raw_data_size, base); -+ grub_memcpy (base, -+ (grub_efi_uint8_t*)data + section->raw_data_offset, -+ section->raw_data_size); -+ } -+ -+ if (section->raw_data_size < section->virtual_size) -+ { -+ grub_dprintf ("chain", " padding with 0x%08x bytes at %p\n", -+ section->virtual_size - section->raw_data_size, -+ base + section->raw_data_size); -+ grub_memset (base + section->raw_data_size, 0, -+ section->virtual_size - section->raw_data_size); -+ } -+ -+ grub_dprintf ("chain", " finished section %s\n", name); -+ } -+ -+ /* 5 == EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC */ -+ if (context.number_of_rva_and_sizes <= 5) -+ { -+ grub_dprintf ("chain", "image has no relocation entry\n"); -+ goto error_exit; -+ } -+ -+ if (context.reloc_dir->size && reloc_section) -+ { -+ /* run the relocation fixups */ -+ efi_status = relocate_coff (&context, reloc_section, data, -+ buffer_aligned); -+ -+ if (efi_status != GRUB_EFI_SUCCESS) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "relocation failed"); -+ goto error_exit; -+ } -+ } -+ -+ if (!found_entry_point) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "entry point is not within sections"); -+ goto error_exit; -+ } -+ if (found_entry_point > 1) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "%d sections contain entry point", -+ found_entry_point); -+ goto error_exit; -+ } -+ -+ li = grub_efi_get_loaded_image (grub_efi_image_handle); -+ if (!li) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "no loaded image available"); -+ goto error_exit; -+ } -+ -+ grub_memcpy (&li_bak, li, sizeof (grub_efi_loaded_image_t)); -+ li->image_base = buffer_aligned; -+ li->image_size = context.image_size; -+ li->load_options = cmdline; -+ li->load_options_size = cmdline_len; -+ li->file_path = grub_efi_get_media_file_path (file_path); -+ li->device_handle = dev_handle; -+ if (!li->file_path) -+ { -+ grub_error (GRUB_ERR_UNKNOWN_DEVICE, "no matching file path found"); -+ goto error_exit; -+ } -+ -+ grub_dprintf ("chain", "booting via entry point\n"); -+ efi_status = efi_call_2 (entry_point, grub_efi_image_handle, -+ grub_efi_system_table); -+ -+ grub_dprintf ("chain", "entry_point returned %ld\n", efi_status); -+ grub_memcpy (li, &li_bak, sizeof (grub_efi_loaded_image_t)); -+ efi_status = efi_call_1 (b->free_pool, buffer); -+ -+ return 1; -+ -+error_exit: -+ grub_dprintf ("chain", "error_exit: grub_errno: %d\n", grub_errno); -+ if (buffer) -+ efi_call_1 (b->free_pool, buffer); -+ -+ return 0; -+} -+ -+static grub_err_t -+grub_secureboot_chainloader_unload (void) -+{ -+ grub_efi_boot_services_t *b; -+ -+ b = grub_efi_system_table->boot_services; -+ efi_call_2 (b->free_pages, address, pages); -+ grub_free (file_path); -+ grub_free (cmdline); -+ cmdline = 0; -+ file_path = 0; -+ dev_handle = 0; -+ -+ grub_dl_unref (my_mod); -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+grub_load_and_start_image(void *boot_image) -+{ -+ grub_efi_boot_services_t *b; -+ grub_efi_status_t status; -+ grub_efi_loaded_image_t *loaded_image; -+ -+ b = grub_efi_system_table->boot_services; -+ -+ status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, -+ boot_image, fsize, &image_handle); -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ if (status == GRUB_EFI_OUT_OF_RESOURCES) -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources"); -+ else -+ grub_error (GRUB_ERR_BAD_OS, "cannot load image"); -+ return -1; -+ } -+ -+ /* LoadImage does not set a device handler when the image is -+ loaded from memory, so it is necessary to set it explicitly here. -+ This is a mess. */ -+ loaded_image = grub_efi_get_loaded_image (image_handle); -+ if (! loaded_image) -+ { -+ grub_error (GRUB_ERR_BAD_OS, "no loaded image available"); -+ return -1; -+ } -+ loaded_image->device_handle = dev_handle; -+ -+ if (cmdline) -+ { -+ loaded_image->load_options = cmdline; -+ loaded_image->load_options_size = cmdline_len; -+ } -+ -+ return 0; -+} -+ -+static grub_err_t -+grub_secureboot_chainloader_boot (void) -+{ -+ int rc; -+ rc = handle_image ((void *)(unsigned long)address, fsize); -+ if (rc == 0) -+ { -+ grub_load_and_start_image((void *)(unsigned long)address); -+ } -+ -+ grub_loader_unset (); -+ return grub_errno; -+} -+ - static grub_err_t - grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - int argc, char *argv[]) - { - grub_file_t file = 0; -- grub_ssize_t size; - grub_efi_status_t status; - grub_efi_boot_services_t *b; - grub_device_t dev = 0; - grub_efi_device_path_t *dp = 0; -- grub_efi_loaded_image_t *loaded_image; - char *filename; - void *boot_image = 0; -- grub_efi_handle_t dev_handle = 0; -+ int rc; - - if (argc == 0) - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -@@ -238,15 +920,45 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - address = 0; - image_handle = 0; - file_path = 0; -+ dev_handle = 0; - - b = grub_efi_system_table->boot_services; - -+ if (argc > 1) -+ { -+ int i; -+ grub_efi_char16_t *p16; -+ -+ for (i = 1, cmdline_len = 0; i < argc; i++) -+ cmdline_len += grub_strlen (argv[i]) + 1; -+ -+ cmdline_len *= sizeof (grub_efi_char16_t); -+ cmdline = p16 = grub_malloc (cmdline_len); -+ if (! cmdline) -+ goto fail; -+ -+ for (i = 1; i < argc; i++) -+ { -+ char *p8; -+ -+ p8 = argv[i]; -+ while (*p8) -+ *(p16++) = *(p8++); -+ -+ *(p16++) = ' '; -+ } -+ *(--p16) = 0; -+ } -+ - file = grub_file_open (filename, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE); - if (! file) - goto fail; - -- /* Get the root device's device path. */ -- dev = grub_device_open (0); -+ /* Get the device path from filename. */ -+ char *devname = grub_file_get_device_name (filename); -+ dev = grub_device_open (devname); -+ if (devname) -+ grub_free (devname); - if (! dev) - goto fail; - -@@ -283,17 +995,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - if (! file_path) - goto fail; - -- grub_printf ("file path: "); -- grub_efi_print_device_path (file_path); -- -- size = grub_file_size (file); -- if (!size) -+ fsize = grub_file_size (file); -+ if (!fsize) - { - grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), - filename); - goto fail; - } -- pages = (((grub_efi_uintn_t) size + ((1 << 12) - 1)) >> 12); -+ pages = (((grub_efi_uintn_t) fsize + ((1 << 12) - 1)) >> 12); - - status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_ANY_PAGES, - GRUB_EFI_LOADER_CODE, -@@ -307,7 +1016,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - } - - boot_image = (void *) ((grub_addr_t) address); -- if (grub_file_read (file, boot_image, size) != size) -+ if (grub_file_read (file, boot_image, fsize) != fsize) - { - if (grub_errno == GRUB_ERR_NONE) - grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), -@@ -317,7 +1026,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - } - - #if defined (__i386__) || defined (__x86_64__) -- if (size >= (grub_ssize_t) sizeof (struct grub_macho_fat_header)) -+ if (fsize >= (grub_ssize_t) sizeof (struct grub_macho_fat_header)) - { - struct grub_macho_fat_header *head = boot_image; - if (head->magic -@@ -326,6 +1035,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - grub_uint32_t i; - struct grub_macho_fat_arch *archs - = (struct grub_macho_fat_arch *) (head + 1); -+ -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ { -+ grub_error (GRUB_ERR_BAD_OS, -+ "MACHO binaries are forbidden with Secure Boot"); -+ goto fail; -+ } -+ - for (i = 0; i < grub_cpu_to_le32 (head->nfat_arch); i++) - { - if (GRUB_MACHO_CPUTYPE_IS_HOST_CURRENT (archs[i].cputype)) -@@ -340,79 +1057,39 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - > ~grub_cpu_to_le32 (archs[i].size) - || grub_cpu_to_le32 (archs[i].offset) - + grub_cpu_to_le32 (archs[i].size) -- > (grub_size_t) size) -+ > (grub_size_t) fsize) - { - grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), - filename); - goto fail; - } - boot_image = (char *) boot_image + grub_cpu_to_le32 (archs[i].offset); -- size = grub_cpu_to_le32 (archs[i].size); -+ fsize = grub_cpu_to_le32 (archs[i].size); - } - } - #endif - -- status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, -- boot_image, size, -- &image_handle); -- if (status != GRUB_EFI_SUCCESS) -+ rc = grub_linuxefi_secure_validate((void *)(unsigned long)address, fsize); -+ grub_dprintf ("chain", "linuxefi_secure_validate: %d\n", rc); -+ if (rc > 0) - { -- if (status == GRUB_EFI_OUT_OF_RESOURCES) -- grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources"); -- else -- grub_error (GRUB_ERR_BAD_OS, "cannot load image"); -- -- goto fail; -+ grub_file_close (file); -+ grub_device_close (dev); -+ grub_loader_set (grub_secureboot_chainloader_boot, -+ grub_secureboot_chainloader_unload, 0); -+ return 0; - } -- -- /* LoadImage does not set a device handler when the image is -- loaded from memory, so it is necessary to set it explicitly here. -- This is a mess. */ -- loaded_image = grub_efi_get_loaded_image (image_handle); -- if (! loaded_image) -+ else if (rc == 0) - { -- grub_error (GRUB_ERR_BAD_OS, "no loaded image available"); -- goto fail; -- } -- loaded_image->device_handle = dev_handle; -- -- if (argc > 1) -- { -- int i, len; -- grub_efi_char16_t *p16; -- -- for (i = 1, len = 0; i < argc; i++) -- len += grub_strlen (argv[i]) + 1; -- -- len *= sizeof (grub_efi_char16_t); -- cmdline = p16 = grub_malloc (len); -- if (! cmdline) -- goto fail; -+ grub_load_and_start_image(boot_image); -+ grub_file_close (file); -+ grub_device_close (dev); -+ grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); - -- for (i = 1; i < argc; i++) -- { -- char *p8; -- -- p8 = argv[i]; -- while (*p8) -- *(p16++) = *(p8++); -- -- *(p16++) = ' '; -- } -- *(--p16) = 0; -- -- loaded_image->load_options = cmdline; -- loaded_image->load_options_size = len; -+ return 0; - } - -- grub_file_close (file); -- grub_device_close (dev); -- -- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); -- return 0; -- -- fail: -- -+fail: - if (dev) - grub_device_close (dev); - -@@ -424,6 +1101,9 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - if (address) - efi_call_2 (b->free_pages, address, pages); - -+ if (cmdline) -+ grub_free (cmdline); -+ - grub_dl_unref (my_mod); - - return grub_errno; -diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c -index c24202a5dd..c8ecce6dfd 100644 ---- a/grub-core/loader/efi/linux.c -+++ b/grub-core/loader/efi/linux.c -@@ -33,21 +33,34 @@ struct grub_efi_shim_lock - }; - typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; - --grub_efi_boolean_t -+int - grub_linuxefi_secure_validate (void *data, grub_uint32_t size) - { - grub_efi_guid_t guid = SHIM_LOCK_GUID; - grub_efi_shim_lock_t *shim_lock; -+ grub_efi_status_t status; - - shim_lock = grub_efi_locate_protocol(&guid, NULL); -- -+ grub_dprintf ("secureboot", "shim_lock: %p\n", shim_lock); - if (!shim_lock) -- return 1; -+ { -+ grub_dprintf ("secureboot", "shim not available\n"); -+ return 0; -+ } - -- if (shim_lock->verify(data, size) == GRUB_EFI_SUCCESS) -- return 1; -+ grub_dprintf ("secureboot", "Asking shim to verify kernel signature\n"); -+ status = shim_lock->verify (data, size); -+ grub_dprintf ("secureboot", "shim_lock->verify(): %ld\n", (long int)status); -+ if (status == GRUB_EFI_SUCCESS) -+ { -+ grub_dprintf ("secureboot", "Kernel signature verification passed\n"); -+ return 1; -+ } - -- return 0; -+ grub_dprintf ("secureboot", "Kernel signature verification failed (0x%lx)\n", -+ (unsigned long) status); -+ -+ return -1; - } - - #pragma GCC diagnostic push -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index bb2616a809..6b24cbb948 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -117,6 +117,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -+ grub_dprintf ("linux", "initrd_mem = %lx\n", (unsigned long) initrd_mem); -+ - params->ramdisk_size = size; - params->ramdisk_image = (grub_uint32_t)(grub_addr_t) initrd_mem; - -@@ -159,6 +161,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - struct linux_i386_kernel_header lh; - grub_ssize_t len, start, filelen; - void *kernel = NULL; -+ int rc; - - grub_dl_ref (my_mod); - -@@ -184,11 +187,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - - if (grub_file_read (file, kernel, filelen) != filelen) - { -- grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), argv[0]); -+ grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), -+ argv[0]); - goto fail; - } - -- if (! grub_linuxefi_secure_validate (kernel, filelen)) -+ rc = grub_linuxefi_secure_validate (kernel, filelen); -+ if (rc < 0) - { - grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), - argv[0]); -@@ -203,6 +208,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -+ grub_dprintf ("linux", "params = %lx\n", (unsigned long) params); -+ - grub_memset (params, 0, 16384); - - grub_memcpy (&lh, kernel, sizeof (lh)); -@@ -241,6 +248,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -+ grub_dprintf ("linux", "linux_cmdline = %lx\n", -+ (unsigned long)linux_cmdline); -+ - grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); - grub_create_loader_cmdline (argc, argv, - linux_cmdline + sizeof (LINUX_IMAGE) - 1, -@@ -275,9 +285,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_memcpy (params, &lh, 2 * 512); - - params->type_of_loader = 0x21; -+ grub_dprintf("linux", "kernel_mem: %p handover_offset: %08x\n", -+ kernel_mem, handover_offset); - - fail: -- - if (file) - grub_file_close (file); - -diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h -index d9ede36773..0033d9305a 100644 ---- a/include/grub/efi/linux.h -+++ b/include/grub/efi/linux.h -@@ -22,7 +22,7 @@ - #include - #include - --grub_efi_boolean_t -+int - EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size); - grub_err_t - EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset, -diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h -index 0ed8781f03..a43adf2746 100644 ---- a/include/grub/efi/pe32.h -+++ b/include/grub/efi/pe32.h -@@ -223,7 +223,11 @@ struct grub_pe64_optional_header - struct grub_pe32_section_table - { - char name[8]; -- grub_uint32_t virtual_size; -+ union -+ { -+ grub_uint32_t physical_address; -+ grub_uint32_t virtual_size; -+ }; - grub_uint32_t virtual_address; - grub_uint32_t raw_data_size; - grub_uint32_t raw_data_offset; -@@ -234,12 +238,18 @@ struct grub_pe32_section_table - grub_uint32_t characteristics; - }; - -+#define GRUB_PE32_SCN_TYPE_NO_PAD 0x00000008 - #define GRUB_PE32_SCN_CNT_CODE 0x00000020 - #define GRUB_PE32_SCN_CNT_INITIALIZED_DATA 0x00000040 --#define GRUB_PE32_SCN_MEM_DISCARDABLE 0x02000000 --#define GRUB_PE32_SCN_MEM_EXECUTE 0x20000000 --#define GRUB_PE32_SCN_MEM_READ 0x40000000 --#define GRUB_PE32_SCN_MEM_WRITE 0x80000000 -+#define GRUB_PE32_SCN_CNT_UNINITIALIZED_DATA 0x00000080 -+#define GRUB_PE32_SCN_LNK_OTHER 0x00000100 -+#define GRUB_PE32_SCN_LNK_INFO 0x00000200 -+#define GRUB_PE32_SCN_LNK_REMOVE 0x00000800 -+#define GRUB_PE32_SCN_LNK_COMDAT 0x00001000 -+#define GRUB_PE32_SCN_GPREL 0x00008000 -+#define GRUB_PE32_SCN_MEM_16BIT 0x00020000 -+#define GRUB_PE32_SCN_MEM_LOCKED 0x00040000 -+#define GRUB_PE32_SCN_MEM_PRELOAD 0x00080000 - - #define GRUB_PE32_SCN_ALIGN_1BYTES 0x00100000 - #define GRUB_PE32_SCN_ALIGN_2BYTES 0x00200000 -@@ -248,10 +258,28 @@ struct grub_pe32_section_table - #define GRUB_PE32_SCN_ALIGN_16BYTES 0x00500000 - #define GRUB_PE32_SCN_ALIGN_32BYTES 0x00600000 - #define GRUB_PE32_SCN_ALIGN_64BYTES 0x00700000 -+#define GRUB_PE32_SCN_ALIGN_128BYTES 0x00800000 -+#define GRUB_PE32_SCN_ALIGN_256BYTES 0x00900000 -+#define GRUB_PE32_SCN_ALIGN_512BYTES 0x00A00000 -+#define GRUB_PE32_SCN_ALIGN_1024BYTES 0x00B00000 -+#define GRUB_PE32_SCN_ALIGN_2048BYTES 0x00C00000 -+#define GRUB_PE32_SCN_ALIGN_4096BYTES 0x00D00000 -+#define GRUB_PE32_SCN_ALIGN_8192BYTES 0x00E00000 - - #define GRUB_PE32_SCN_ALIGN_SHIFT 20 - #define GRUB_PE32_SCN_ALIGN_MASK 7 - -+#define GRUB_PE32_SCN_LNK_NRELOC_OVFL 0x01000000 -+#define GRUB_PE32_SCN_MEM_DISCARDABLE 0x02000000 -+#define GRUB_PE32_SCN_MEM_NOT_CACHED 0x04000000 -+#define GRUB_PE32_SCN_MEM_NOT_PAGED 0x08000000 -+#define GRUB_PE32_SCN_MEM_SHARED 0x10000000 -+#define GRUB_PE32_SCN_MEM_EXECUTE 0x20000000 -+#define GRUB_PE32_SCN_MEM_READ 0x40000000 -+#define GRUB_PE32_SCN_MEM_WRITE 0x80000000 -+ -+ -+ - #define GRUB_PE32_SIGNATURE_SIZE 4 - - struct grub_pe32_header -@@ -274,6 +302,20 @@ struct grub_pe32_header - #endif - }; - -+struct grub_pe32_header_32 -+{ -+ char signature[GRUB_PE32_SIGNATURE_SIZE]; -+ struct grub_pe32_coff_header coff_header; -+ struct grub_pe32_optional_header optional_header; -+}; -+ -+struct grub_pe32_header_64 -+{ -+ char signature[GRUB_PE32_SIGNATURE_SIZE]; -+ struct grub_pe32_coff_header coff_header; -+ struct grub_pe64_optional_header optional_header; -+}; -+ - struct grub_pe32_fixup_block - { - grub_uint32_t page_rva; diff --git a/SPECS/grub2/fedora/0008-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch b/SPECS/grub2/fedora/0008-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch deleted file mode 100644 index 487d5c0b27..0000000000 --- a/SPECS/grub2/fedora/0008-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch +++ /dev/null @@ -1,390 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 6 Oct 2015 16:09:25 -0400 -Subject: [PATCH] Make any of the loaders that link in efi mode honor secure - boot. - -And in this case "honor" means "even if somebody does link this in, they -won't register commands if SB is enabled." - -Signed-off-by: Peter Jones ---- - grub-core/commands/iorw.c | 7 +++++++ - grub-core/commands/memrw.c | 7 +++++++ - grub-core/kern/dl.c | 3 ++- - grub-core/kern/efi/efi.c | 34 ---------------------------------- - grub-core/loader/efi/appleloader.c | 7 +++++++ - grub-core/loader/efi/chainloader.c | 1 + - grub-core/loader/i386/bsd.c | 7 +++++++ - grub-core/loader/i386/linux.c | 7 +++++++ - grub-core/loader/i386/pc/linux.c | 7 +++++++ - grub-core/loader/multiboot.c | 7 +++++++ - grub-core/loader/xnu.c | 7 +++++++ - include/grub/efi/efi.h | 1 - - include/grub/ia64/linux.h | 0 - include/grub/mips/linux.h | 0 - include/grub/powerpc/linux.h | 0 - include/grub/sparc64/linux.h | 0 - 16 files changed, 59 insertions(+), 36 deletions(-) - create mode 100644 include/grub/ia64/linux.h - create mode 100644 include/grub/mips/linux.h - create mode 100644 include/grub/powerpc/linux.h - create mode 100644 include/grub/sparc64/linux.h - -diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c -index 584baec8f9..7b2999b14b 100644 ---- a/grub-core/commands/iorw.c -+++ b/grub-core/commands/iorw.c -@@ -24,6 +24,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -119,6 +120,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv) - - GRUB_MOD_INIT(memrw) - { -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ return; -+ - cmd_read_byte = - grub_register_extcmd ("inb", grub_cmd_read, 0, - N_("PORT"), N_("Read 8-bit value from PORT."), -@@ -147,6 +151,9 @@ GRUB_MOD_INIT(memrw) - - GRUB_MOD_FINI(memrw) - { -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ return; -+ - grub_unregister_extcmd (cmd_read_byte); - grub_unregister_extcmd (cmd_read_word); - grub_unregister_extcmd (cmd_read_dword); -diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c -index d401a6db0e..39cf3a06db 100644 ---- a/grub-core/commands/memrw.c -+++ b/grub-core/commands/memrw.c -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -121,6 +122,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv) - - GRUB_MOD_INIT(memrw) - { -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ return; -+ - cmd_read_byte = - grub_register_extcmd ("read_byte", grub_cmd_read, 0, - N_("ADDR"), N_("Read 8-bit value from ADDR."), -@@ -149,6 +153,9 @@ GRUB_MOD_INIT(memrw) - - GRUB_MOD_FINI(memrw) - { -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ return; -+ - grub_unregister_extcmd (cmd_read_byte); - grub_unregister_extcmd (cmd_read_word); - grub_unregister_extcmd (cmd_read_dword); -diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index b714937095..7afb9e6f72 100644 ---- a/grub-core/kern/dl.c -+++ b/grub-core/kern/dl.c -@@ -32,6 +32,7 @@ - #include - #include - #include -+#include - - /* Platforms where modules are in a readonly area of memory. */ - #if defined(GRUB_MACHINE_QEMU) -@@ -704,7 +705,7 @@ grub_dl_load_file (const char *filename) - grub_dl_t mod = 0; - - #ifdef GRUB_MACHINE_EFI -- if (grub_efi_secure_boot ()) -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) - { - #if 0 - /* This is an error, but grub2-mkconfig still generates a pile of -diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 4a2259aa1c..8cff7be028 100644 ---- a/grub-core/kern/efi/efi.c -+++ b/grub-core/kern/efi/efi.c -@@ -286,40 +286,6 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, - return grub_efi_get_variable_with_attributes (var, guid, datasize_out, data_out, NULL); - } - --grub_efi_boolean_t --grub_efi_secure_boot (void) --{ -- grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID; -- grub_size_t datasize; -- char *secure_boot = NULL; -- char *setup_mode = NULL; -- grub_efi_boolean_t ret = 0; -- -- secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize); -- if (datasize != 1 || !secure_boot) -- { -- grub_dprintf ("secureboot", "No SecureBoot variable\n"); -- goto out; -- } -- grub_dprintf ("secureboot", "SecureBoot: %d\n", *secure_boot); -- -- setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize); -- if (datasize != 1 || !setup_mode) -- { -- grub_dprintf ("secureboot", "No SetupMode variable\n"); -- goto out; -- } -- grub_dprintf ("secureboot", "SetupMode: %d\n", *setup_mode); -- -- if (*secure_boot && !*setup_mode) -- ret = 1; -- -- out: -- grub_free (secure_boot); -- grub_free (setup_mode); -- return ret; --} -- - #pragma GCC diagnostic ignored "-Wcast-align" - - /* Search the mods section from the PE32/PE32+ image. This code uses -diff --git a/grub-core/loader/efi/appleloader.c b/grub-core/loader/efi/appleloader.c -index 74888c463b..585f2b5738 100644 ---- a/grub-core/loader/efi/appleloader.c -+++ b/grub-core/loader/efi/appleloader.c -@@ -24,6 +24,7 @@ - #include - #include - #include -+#include - #include - #include - -@@ -227,6 +228,9 @@ static grub_command_t cmd; - - GRUB_MOD_INIT(appleloader) - { -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ return; -+ - cmd = grub_register_command ("appleloader", grub_cmd_appleloader, - N_("[OPTS]"), - /* TRANSLATORS: This command is used on EFI to -@@ -238,5 +242,8 @@ GRUB_MOD_INIT(appleloader) - - GRUB_MOD_FINI(appleloader) - { -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ return; -+ - grub_unregister_command (cmd); - } -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index e6a8d4ad0e..07c4937898 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -34,6 +34,7 @@ - #include - #include - #include -+#include - #include - #include - #include -diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c -index 5f3290ce17..54befc2662 100644 ---- a/grub-core/loader/i386/bsd.c -+++ b/grub-core/loader/i386/bsd.c -@@ -40,6 +40,7 @@ - #ifdef GRUB_MACHINE_PCBIOS - #include - #endif -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -2137,6 +2138,9 @@ static grub_command_t cmd_netbsd_module_elf, cmd_openbsd_ramdisk; - - GRUB_MOD_INIT (bsd) - { -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ return; -+ - /* Net and OpenBSD kernels are often compressed. */ - grub_dl_load ("gzio"); - -@@ -2176,6 +2180,9 @@ GRUB_MOD_INIT (bsd) - - GRUB_MOD_FINI (bsd) - { -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ return; -+ - grub_unregister_extcmd (cmd_freebsd); - grub_unregister_extcmd (cmd_openbsd); - grub_unregister_extcmd (cmd_netbsd); -diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c -index dccf3bb300..4aeb0e4b9a 100644 ---- a/grub-core/loader/i386/linux.c -+++ b/grub-core/loader/i386/linux.c -@@ -37,6 +37,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -1138,6 +1139,9 @@ static grub_command_t cmd_linux, cmd_initrd; - - GRUB_MOD_INIT(linux) - { -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ return; -+ - cmd_linux = grub_register_command ("linux", grub_cmd_linux, - 0, N_("Load Linux.")); - cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd, -@@ -1147,6 +1151,9 @@ GRUB_MOD_INIT(linux) - - GRUB_MOD_FINI(linux) - { -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ return; -+ - grub_unregister_command (cmd_linux); - grub_unregister_command (cmd_initrd); - } -diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c -index 4b1750e360..e3fa1221e8 100644 ---- a/grub-core/loader/i386/pc/linux.c -+++ b/grub-core/loader/i386/pc/linux.c -@@ -36,6 +36,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -487,6 +488,9 @@ static grub_command_t cmd_linux, cmd_linux16, cmd_initrd, cmd_initrd16; - - GRUB_MOD_INIT(linux16) - { -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ return; -+ - cmd_linux = - grub_register_command ("linux", grub_cmd_linux, - 0, N_("Load Linux.")); -@@ -504,6 +508,9 @@ GRUB_MOD_INIT(linux16) - - GRUB_MOD_FINI(linux16) - { -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ return; -+ - grub_unregister_command (cmd_linux); - grub_unregister_command (cmd_linux16); - grub_unregister_command (cmd_initrd); -diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c -index facb13f3d3..47e481f457 100644 ---- a/grub-core/loader/multiboot.c -+++ b/grub-core/loader/multiboot.c -@@ -50,6 +50,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -444,6 +445,9 @@ static grub_command_t cmd_multiboot, cmd_module; - - GRUB_MOD_INIT(multiboot) - { -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ return; -+ - cmd_multiboot = - #ifdef GRUB_USE_MULTIBOOT2 - grub_register_command ("multiboot2", grub_cmd_multiboot, -@@ -464,6 +468,9 @@ GRUB_MOD_INIT(multiboot) - - GRUB_MOD_FINI(multiboot) - { -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ return; -+ - grub_unregister_command (cmd_multiboot); - grub_unregister_command (cmd_module); - } -diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c -index 1c0cf6a430..baa54e652a 100644 ---- a/grub-core/loader/xnu.c -+++ b/grub-core/loader/xnu.c -@@ -35,6 +35,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -1497,6 +1498,9 @@ static grub_extcmd_t cmd_splash; - - GRUB_MOD_INIT(xnu) - { -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ return; -+ - cmd_kernel = grub_register_command ("xnu_kernel", grub_cmd_xnu_kernel, 0, - N_("Load XNU image.")); - cmd_kernel64 = grub_register_command ("xnu_kernel64", grub_cmd_xnu_kernel64, -@@ -1540,6 +1544,9 @@ GRUB_MOD_INIT(xnu) - - GRUB_MOD_FINI(xnu) - { -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -+ return; -+ - #ifndef GRUB_MACHINE_EMU - grub_unregister_command (cmd_resume); - #endif -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index 6295df85f3..585fa6662b 100644 ---- a/include/grub/efi/efi.h -+++ b/include/grub/efi/efi.h -@@ -91,7 +91,6 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var, - const grub_efi_guid_t *guid, - void *data, - grub_size_t datasize); --grub_efi_boolean_t EXPORT_FUNC (grub_efi_secure_boot) (void); - int - EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1, - const grub_efi_device_path_t *dp2); -diff --git a/include/grub/ia64/linux.h b/include/grub/ia64/linux.h -new file mode 100644 -index 0000000000..e69de29bb2 -diff --git a/include/grub/mips/linux.h b/include/grub/mips/linux.h -new file mode 100644 -index 0000000000..e69de29bb2 -diff --git a/include/grub/powerpc/linux.h b/include/grub/powerpc/linux.h -new file mode 100644 -index 0000000000..e69de29bb2 -diff --git a/include/grub/sparc64/linux.h b/include/grub/sparc64/linux.h -new file mode 100644 -index 0000000000..e69de29bb2 diff --git a/SPECS/grub2/fedora/0009-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch b/SPECS/grub2/fedora/0009-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch deleted file mode 100644 index 452f43c9ad..0000000000 --- a/SPECS/grub2/fedora/0009-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch +++ /dev/null @@ -1,264 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 8 Jul 2019 12:32:37 +0200 -Subject: [PATCH] Handle multi-arch (64-on-32) boot in linuxefi loader. - -Allow booting 64-bit kernels on 32-bit EFI on x86. - -Signed-off-by: Peter Jones ---- - grub-core/loader/efi/linux.c | 9 +++- - grub-core/loader/i386/efi/linux.c | 110 ++++++++++++++++++++++++++------------ - include/grub/i386/linux.h | 7 ++- - 3 files changed, 89 insertions(+), 37 deletions(-) - -diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c -index c8ecce6dfd..0622dfa48d 100644 ---- a/grub-core/loader/efi/linux.c -+++ b/grub-core/loader/efi/linux.c -@@ -69,12 +69,17 @@ grub_linuxefi_secure_validate (void *data, grub_uint32_t size) - typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *); - - grub_err_t --grub_efi_linux_boot (void *kernel_addr, grub_off_t offset, -+grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, - void *kernel_params) - { - handover_func hf; -+ int offset = 0; - -- hf = (handover_func)((char *)kernel_addr + offset); -+#ifdef __x86_64__ -+ offset = 512; -+#endif -+ -+ hf = (handover_func)((char *)kernel_addr + handover_offset + offset); - hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); - - return GRUB_ERR_BUG; -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 6b24cbb948..3017d0f3e5 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -44,14 +44,10 @@ static char *linux_cmdline; - static grub_err_t - grub_linuxefi_boot (void) - { -- int offset = 0; -- --#ifdef __x86_64__ -- offset = 512; --#endif - asm volatile ("cli"); - -- return grub_efi_linux_boot ((char *)kernel_mem, handover_offset + offset, -+ return grub_efi_linux_boot ((char *)kernel_mem, -+ handover_offset, - params); - } - -@@ -153,14 +149,20 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - return grub_errno; - } - -+#define MIN(a, b) \ -+ ({ typeof (a) _a = (a); \ -+ typeof (b) _b = (b); \ -+ _a < _b ? _a : _b; }) -+ - static grub_err_t - grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - int argc, char *argv[]) - { - grub_file_t file = 0; -- struct linux_i386_kernel_header lh; -- grub_ssize_t len, start, filelen; -+ struct linux_i386_kernel_header *lh = NULL; -+ grub_ssize_t start, filelen; - void *kernel = NULL; -+ int setup_header_end_offset; - int rc; - - grub_dl_ref (my_mod); -@@ -200,48 +202,79 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -- params = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(16384)); -- -+ params = grub_efi_allocate_pages_max (0x3fffffff, -+ BYTES_TO_PAGES(sizeof(*params))); - if (! params) - { - grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate kernel parameters"); - goto fail; - } - -- grub_dprintf ("linux", "params = %lx\n", (unsigned long) params); -+ grub_dprintf ("linux", "params = %p\n", params); - -- grub_memset (params, 0, 16384); -+ grub_memset (params, 0, sizeof(*params)); - -- grub_memcpy (&lh, kernel, sizeof (lh)); -- -- if (lh.boot_flag != grub_cpu_to_le16 (0xaa55)) -+ setup_header_end_offset = *((grub_uint8_t *)kernel + 0x201); -+ grub_dprintf ("linux", "copying %lu bytes from %p to %p\n", -+ MIN((grub_size_t)0x202+setup_header_end_offset, -+ sizeof (*params)) - 0x1f1, -+ (grub_uint8_t *)kernel + 0x1f1, -+ (grub_uint8_t *)params + 0x1f1); -+ grub_memcpy ((grub_uint8_t *)params + 0x1f1, -+ (grub_uint8_t *)kernel + 0x1f1, -+ MIN((grub_size_t)0x202+setup_header_end_offset,sizeof (*params)) - 0x1f1); -+ lh = (struct linux_i386_kernel_header *)params; -+ grub_dprintf ("linux", "lh is at %p\n", lh); -+ grub_dprintf ("linux", "checking lh->boot_flag\n"); -+ if (lh->boot_flag != grub_cpu_to_le16 (0xaa55)) - { - grub_error (GRUB_ERR_BAD_OS, N_("invalid magic number")); - goto fail; - } - -- if (lh.setup_sects > GRUB_LINUX_MAX_SETUP_SECTS) -+ grub_dprintf ("linux", "checking lh->setup_sects\n"); -+ if (lh->setup_sects > GRUB_LINUX_MAX_SETUP_SECTS) - { - grub_error (GRUB_ERR_BAD_OS, N_("too many setup sectors")); - goto fail; - } - -- if (lh.version < grub_cpu_to_le16 (0x020b)) -+ grub_dprintf ("linux", "checking lh->version\n"); -+ if (lh->version < grub_cpu_to_le16 (0x020b)) - { - grub_error (GRUB_ERR_BAD_OS, N_("kernel too old")); - goto fail; - } - -- if (!lh.handover_offset) -+ grub_dprintf ("linux", "checking lh->handover_offset\n"); -+ if (!lh->handover_offset) - { - grub_error (GRUB_ERR_BAD_OS, N_("kernel doesn't support EFI handover")); - goto fail; - } - -+#if defined(__x86_64__) || defined(__aarch64__) -+ grub_dprintf ("linux", "checking lh->xloadflags\n"); -+ if (!(lh->xloadflags & LINUX_XLF_KERNEL_64)) -+ { -+ grub_error (GRUB_ERR_BAD_OS, N_("kernel doesn't support 64-bit CPUs")); -+ goto fail; -+ } -+#endif -+ -+#if defined(__i386__) -+ if ((lh->xloadflags & LINUX_XLF_KERNEL_64) && -+ !(lh->xloadflags & LINUX_XLF_EFI_HANDOVER_32)) -+ { -+ grub_error (GRUB_ERR_BAD_OS, -+ N_("kernel doesn't support 32-bit handover")); -+ goto fail; -+ } -+#endif -+ - grub_dprintf ("linux", "setting up cmdline\n"); - linux_cmdline = grub_efi_allocate_pages_max(0x3fffffff, -- BYTES_TO_PAGES(lh.cmdline_size + 1)); -- -+ BYTES_TO_PAGES(lh->cmdline_size + 1)); - if (!linux_cmdline) - { - grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate cmdline")); -@@ -254,22 +287,24 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); - grub_create_loader_cmdline (argc, argv, - linux_cmdline + sizeof (LINUX_IMAGE) - 1, -- lh.cmdline_size - (sizeof (LINUX_IMAGE) - 1), -+ lh->cmdline_size - (sizeof (LINUX_IMAGE) - 1), - GRUB_VERIFY_KERNEL_CMDLINE); - -- lh.cmd_line_ptr = (grub_uint32_t)(grub_addr_t)linux_cmdline; -+ grub_dprintf ("linux", "cmdline:%s\n", linux_cmdline); -+ grub_dprintf ("linux", "setting lh->cmd_line_ptr\n"); -+ lh->cmd_line_ptr = (grub_uint32_t)(grub_addr_t)linux_cmdline; - -- handover_offset = lh.handover_offset; -+ grub_dprintf ("linux", "computing handover offset\n"); -+ handover_offset = lh->handover_offset; - -- start = (lh.setup_sects + 1) * 512; -- len = grub_file_size(file) - start; -+ start = (lh->setup_sects + 1) * 512; - -- kernel_mem = grub_efi_allocate_pages_max(lh.pref_address, -- BYTES_TO_PAGES(lh.init_size)); -+ kernel_mem = grub_efi_allocate_pages_max(lh->pref_address, -+ BYTES_TO_PAGES(lh->init_size)); - - if (!kernel_mem) - kernel_mem = grub_efi_allocate_pages_max(0x3fffffff, -- BYTES_TO_PAGES(lh.init_size)); -+ BYTES_TO_PAGES(lh->init_size)); - - if (!kernel_mem) - { -@@ -277,14 +312,21 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -- grub_memcpy (kernel_mem, (char *)kernel + start, len); -+ grub_dprintf ("linux", "kernel_mem = %lx\n", (unsigned long) kernel_mem); -+ - grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); - loaded=1; -+ grub_dprintf ("linux", "setting lh->code32_start to %p\n", kernel_mem); -+ lh->code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem; - -- lh.code32_start = (grub_uint32_t)(grub_uint64_t) kernel_mem; -- grub_memcpy (params, &lh, 2 * 512); -+ grub_memcpy (kernel_mem, (char *)kernel + start, filelen - start); - -- params->type_of_loader = 0x21; -+ grub_dprintf ("linux", "setting lh->type_of_loader\n"); -+ lh->type_of_loader = 0x6; -+ -+ grub_dprintf ("linux", "setting lh->ext_loader_{type,ver}\n"); -+ params->ext_loader_type = 0; -+ params->ext_loader_ver = 2; - grub_dprintf("linux", "kernel_mem: %p handover_offset: %08x\n", - kernel_mem, handover_offset); - -@@ -301,10 +343,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - loaded = 0; - } - -- if (linux_cmdline && !loaded) -+ if (linux_cmdline && lh && !loaded) - grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t) - linux_cmdline, -- BYTES_TO_PAGES(lh.cmdline_size + 1)); -+ BYTES_TO_PAGES(lh->cmdline_size + 1)); - - if (kernel_mem && !loaded) - grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, -diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h -index eddf9251d9..25ef52c04e 100644 ---- a/include/grub/i386/linux.h -+++ b/include/grub/i386/linux.h -@@ -138,7 +138,12 @@ struct linux_i386_kernel_header - grub_uint32_t kernel_alignment; - grub_uint8_t relocatable; - grub_uint8_t min_alignment; -- grub_uint8_t pad[2]; -+#define LINUX_XLF_KERNEL_64 (1<<0) -+#define LINUX_XLF_CAN_BE_LOADED_ABOVE_4G (1<<1) -+#define LINUX_XLF_EFI_HANDOVER_32 (1<<2) -+#define LINUX_XLF_EFI_HANDOVER_64 (1<<3) -+#define LINUX_XLF_EFI_KEXEC (1<<4) -+ grub_uint16_t xloadflags; - grub_uint32_t cmdline_size; - grub_uint32_t hardware_subarch; - grub_uint64_t hardware_subarch_data; diff --git a/SPECS/grub2/fedora/0014-Move-bash-completion-script-922997.patch b/SPECS/grub2/fedora/0014-Move-bash-completion-script-922997.patch deleted file mode 100644 index a84d66e594..0000000000 --- a/SPECS/grub2/fedora/0014-Move-bash-completion-script-922997.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 3 Apr 2013 14:35:34 -0400 -Subject: [PATCH] Move bash completion script (#922997) - -Apparently these go in a new place now. ---- - configure.ac | 11 +++++++++++ - util/bash-completion.d/Makefile.am | 1 - - 2 files changed, 11 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 7517fc49d9..8331f95b64 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -314,6 +314,14 @@ AC_SUBST(grubdirname) - AC_DEFINE_UNQUOTED(GRUB_DIR_NAME, "$grubdirname", - [Default grub directory name]) - -+PKG_PROG_PKG_CONFIG -+AS_IF([$($PKG_CONFIG --exists bash-completion)], [ -+ bashcompletiondir=$($PKG_CONFIG --variable=completionsdir bash-completion) -+] , [ -+ bashcompletiondir=${datadir}/bash-completion/completions -+]) -+AC_SUBST(bashcompletiondir) -+ - # - # Checks for build programs. - # -@@ -525,6 +533,9 @@ HOST_CFLAGS="$HOST_CFLAGS $grub_cv_cc_w_extra_flags" - # Check for target programs. - # - -+# This makes sure pkg.m4 is available. -+m4_pattern_forbid([^_?PKG_[A-Z_]+$],[*** pkg.m4 missing, please install pkg-config]) -+ - # Find tools for the target. - if test "x$target_alias" != x && test "x$host_alias" != "x$target_alias"; then - tmp_ac_tool_prefix="$ac_tool_prefix" -diff --git a/util/bash-completion.d/Makefile.am b/util/bash-completion.d/Makefile.am -index 136287cf1b..61108f0542 100644 ---- a/util/bash-completion.d/Makefile.am -+++ b/util/bash-completion.d/Makefile.am -@@ -6,7 +6,6 @@ EXTRA_DIST = $(bash_completion_source) - - CLEANFILES = $(bash_completion_script) config.log - --bashcompletiondir = $(sysconfdir)/bash_completion.d - bashcompletion_DATA = $(bash_completion_script) - - $(bash_completion_script): $(bash_completion_source) $(top_builddir)/config.status diff --git a/SPECS/grub2/fedora/0015-Allow-fallback-to-include-entries-by-title-not-just-.patch b/SPECS/grub2/fedora/0015-Allow-fallback-to-include-entries-by-title-not-just-.patch deleted file mode 100644 index 6450a543d5..0000000000 --- a/SPECS/grub2/fedora/0015-Allow-fallback-to-include-entries-by-title-not-just-.patch +++ /dev/null @@ -1,140 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 5 Sep 2014 10:07:04 -0400 -Subject: [PATCH] Allow "fallback" to include entries by title, not just - number. - -Resolves: rhbz#1026084 - -Signed-off-by: Peter Jones ---- - grub-core/normal/menu.c | 85 +++++++++++++++++++++++++++++++++---------------- - 1 file changed, 58 insertions(+), 27 deletions(-) - -diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index 8397886fa0..d7a222e681 100644 ---- a/grub-core/normal/menu.c -+++ b/grub-core/normal/menu.c -@@ -163,15 +163,40 @@ grub_menu_set_timeout (int timeout) - } - } - -+static int -+menuentry_eq (const char *id, const char *spec) -+{ -+ const char *ptr1, *ptr2; -+ ptr1 = id; -+ ptr2 = spec; -+ while (1) -+ { -+ if (*ptr2 == '>' && ptr2[1] != '>' && *ptr1 == 0) -+ return ptr2 - spec; -+ if (*ptr2 == '>' && ptr2[1] != '>') -+ return 0; -+ if (*ptr2 == '>') -+ ptr2++; -+ if (*ptr1 != *ptr2) -+ return 0; -+ if (*ptr1 == 0) -+ return ptr1 - id; -+ ptr1++; -+ ptr2++; -+ } -+ return 0; -+} -+ - /* Get the first entry number from the value of the environment variable NAME, - which is a space-separated list of non-negative integers. The entry number - which is returned is stripped from the value of NAME. If no entry number - can be found, -1 is returned. */ - static int --get_and_remove_first_entry_number (const char *name) -+get_and_remove_first_entry_number (grub_menu_t menu, const char *name) - { - const char *val, *tail; - int entry; -+ int sz = 0; - - val = grub_env_get (name); - if (! val) -@@ -181,9 +206,39 @@ get_and_remove_first_entry_number (const char *name) - - entry = (int) grub_strtoul (val, &tail, 0); - -+ if (grub_errno == GRUB_ERR_BAD_NUMBER) -+ { -+ /* See if the variable matches the title of a menu entry. */ -+ grub_menu_entry_t e = menu->entry_list; -+ int i; -+ -+ for (i = 0; e; i++) -+ { -+ sz = menuentry_eq (e->title, val); -+ if (sz < 1) -+ sz = menuentry_eq (e->id, val); -+ -+ if (sz >= 1) -+ { -+ entry = i; -+ break; -+ } -+ e = e->next; -+ } -+ -+ if (sz > 0) -+ grub_errno = GRUB_ERR_NONE; -+ -+ if (! e) -+ entry = -1; -+ } -+ - if (grub_errno == GRUB_ERR_NONE) - { -- /* Skip whitespace to find the next digit. */ -+ if (sz > 0) -+ tail += sz; -+ -+ /* Skip whitespace to find the next entry. */ - while (*tail && grub_isspace (*tail)) - tail++; - grub_env_set (name, tail); -@@ -346,7 +401,7 @@ grub_menu_execute_with_fallback (grub_menu_t menu, - grub_menu_execute_entry (entry, 1); - - /* Deal with fallback entries. */ -- while ((fallback_entry = get_and_remove_first_entry_number ("fallback")) -+ while ((fallback_entry = get_and_remove_first_entry_number (menu, "fallback")) - >= 0) - { - grub_print_error (); -@@ -464,30 +519,6 @@ grub_menu_register_viewer (struct grub_menu_viewer *viewer) - viewers = viewer; - } - --static int --menuentry_eq (const char *id, const char *spec) --{ -- const char *ptr1, *ptr2; -- ptr1 = id; -- ptr2 = spec; -- while (1) -- { -- if (*ptr2 == '>' && ptr2[1] != '>' && *ptr1 == 0) -- return 1; -- if (*ptr2 == '>' && ptr2[1] != '>') -- return 0; -- if (*ptr2 == '>') -- ptr2++; -- if (*ptr1 != *ptr2) -- return 0; -- if (*ptr1 == 0) -- return 1; -- ptr1++; -- ptr2++; -- } --} -- -- - /* Get the entry number from the variable NAME. */ - static int - get_entry_number (grub_menu_t menu, const char *name) diff --git a/SPECS/grub2/fedora/0016-Make-exit-take-a-return-code.patch b/SPECS/grub2/fedora/0016-Make-exit-take-a-return-code.patch deleted file mode 100644 index 654ef73b5f..0000000000 --- a/SPECS/grub2/fedora/0016-Make-exit-take-a-return-code.patch +++ /dev/null @@ -1,267 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 26 Feb 2014 21:49:12 -0500 -Subject: [PATCH] Make "exit" take a return code. - -This adds "exit" with a return code. With this patch, any "exit" -command /may/ include a return code, and on platforms that support -returning with an exit status, we will do so. By default we return the -same exit status we did before this patch. - -Signed-off-by: Peter Jones ---- - grub-core/commands/minicmd.c | 20 ++++++++++++++++---- - grub-core/kern/efi/efi.c | 9 +++++++-- - grub-core/kern/emu/main.c | 2 +- - grub-core/kern/emu/misc.c | 5 +++-- - grub-core/kern/i386/coreboot/init.c | 2 +- - grub-core/kern/i386/qemu/init.c | 2 +- - grub-core/kern/ieee1275/init.c | 2 +- - grub-core/kern/mips/arc/init.c | 2 +- - grub-core/kern/mips/loongson/init.c | 2 +- - grub-core/kern/mips/qemu_mips/init.c | 2 +- - grub-core/kern/misc.c | 11 ++++++++++- - grub-core/kern/uboot/init.c | 6 +++--- - grub-core/kern/xen/init.c | 2 +- - include/grub/misc.h | 2 +- - 14 files changed, 48 insertions(+), 21 deletions(-) - -diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c -index fa498931ed..2bd3ac76f2 100644 ---- a/grub-core/commands/minicmd.c -+++ b/grub-core/commands/minicmd.c -@@ -182,12 +182,24 @@ grub_mini_cmd_lsmod (struct grub_command *cmd __attribute__ ((unused)), - } - - /* exit */ --static grub_err_t __attribute__ ((noreturn)) -+static grub_err_t - grub_mini_cmd_exit (struct grub_command *cmd __attribute__ ((unused)), -- int argc __attribute__ ((unused)), -- char *argv[] __attribute__ ((unused))) -+ int argc, char *argv[]) - { -- grub_exit (); -+ int retval = -1; -+ unsigned long n; -+ -+ if (argc < 0 || argc > 1) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); -+ -+ if (argc == 1) -+ { -+ n = grub_strtoul (argv[0], 0, 10); -+ if (n != ~0UL) -+ retval = n; -+ } -+ -+ grub_exit (retval); - /* Not reached. */ - } - -diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 8cff7be028..05d8237a9b 100644 ---- a/grub-core/kern/efi/efi.c -+++ b/grub-core/kern/efi/efi.c -@@ -165,11 +165,16 @@ grub_reboot (void) - } - - void --grub_exit (void) -+grub_exit (int retval) - { -+ int rc = GRUB_EFI_LOAD_ERROR; -+ -+ if (retval == 0) -+ rc = GRUB_EFI_SUCCESS; -+ - grub_machine_fini (GRUB_LOADER_FLAG_NORETURN); - efi_call_4 (grub_efi_system_table->boot_services->exit, -- grub_efi_image_handle, GRUB_EFI_SUCCESS, 0, 0); -+ grub_efi_image_handle, rc, 0, 0); - for (;;) ; - } - -diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c -index 425bb96034..55ea5a11cc 100644 ---- a/grub-core/kern/emu/main.c -+++ b/grub-core/kern/emu/main.c -@@ -67,7 +67,7 @@ grub_reboot (void) - } - - void --grub_exit (void) -+grub_exit (int retval __attribute__((unused))) - { - grub_reboot (); - } -diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c -index dfd8a8ec48..0ff13bcaf8 100644 ---- a/grub-core/kern/emu/misc.c -+++ b/grub-core/kern/emu/misc.c -@@ -151,9 +151,10 @@ xasprintf (const char *fmt, ...) - - #if !defined (GRUB_MACHINE_EMU) || defined (GRUB_UTIL) - void --grub_exit (void) -+__attribute__ ((noreturn)) -+grub_exit (int rc) - { -- exit (1); -+ exit (rc < 0 ? 1 : rc); - } - #endif - -diff --git a/grub-core/kern/i386/coreboot/init.c b/grub-core/kern/i386/coreboot/init.c -index 3314f027fe..36f9134b7b 100644 ---- a/grub-core/kern/i386/coreboot/init.c -+++ b/grub-core/kern/i386/coreboot/init.c -@@ -41,7 +41,7 @@ extern grub_uint8_t _end[]; - extern grub_uint8_t _edata[]; - - void __attribute__ ((noreturn)) --grub_exit (void) -+grub_exit (int rc __attribute__((unused))) - { - /* We can't use grub_fatal() in this function. This would create an infinite - loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */ -diff --git a/grub-core/kern/i386/qemu/init.c b/grub-core/kern/i386/qemu/init.c -index 271b6fbfab..9fafe98f01 100644 ---- a/grub-core/kern/i386/qemu/init.c -+++ b/grub-core/kern/i386/qemu/init.c -@@ -42,7 +42,7 @@ extern grub_uint8_t _end[]; - extern grub_uint8_t _edata[]; - - void __attribute__ ((noreturn)) --grub_exit (void) -+grub_exit (int rc __attribute__((unused))) - { - /* We can't use grub_fatal() in this function. This would create an infinite - loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */ -diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index d483e35eed..e71d158416 100644 ---- a/grub-core/kern/ieee1275/init.c -+++ b/grub-core/kern/ieee1275/init.c -@@ -71,7 +71,7 @@ grub_addr_t grub_ieee1275_original_stack; - #endif - - void --grub_exit (void) -+grub_exit (int rc __attribute__((unused))) - { - grub_ieee1275_exit (); - } -diff --git a/grub-core/kern/mips/arc/init.c b/grub-core/kern/mips/arc/init.c -index 2ed3ff3191..5c40c34078 100644 ---- a/grub-core/kern/mips/arc/init.c -+++ b/grub-core/kern/mips/arc/init.c -@@ -276,7 +276,7 @@ grub_halt (void) - } - - void --grub_exit (void) -+grub_exit (int rc __attribute__((unused))) - { - GRUB_ARC_FIRMWARE_VECTOR->exit (); - -diff --git a/grub-core/kern/mips/loongson/init.c b/grub-core/kern/mips/loongson/init.c -index 7b96531b98..dff598ca7b 100644 ---- a/grub-core/kern/mips/loongson/init.c -+++ b/grub-core/kern/mips/loongson/init.c -@@ -304,7 +304,7 @@ grub_halt (void) - } - - void --grub_exit (void) -+grub_exit (int rc __attribute__((unused))) - { - grub_halt (); - } -diff --git a/grub-core/kern/mips/qemu_mips/init.c b/grub-core/kern/mips/qemu_mips/init.c -index be88b77d22..8b6c55ffc0 100644 ---- a/grub-core/kern/mips/qemu_mips/init.c -+++ b/grub-core/kern/mips/qemu_mips/init.c -@@ -75,7 +75,7 @@ grub_machine_fini (int flags __attribute__ ((unused))) - } - - void --grub_exit (void) -+grub_exit (int rc __attribute__((unused))) - { - grub_halt (); - } -diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 3af336ee22..63b586d09c 100644 ---- a/grub-core/kern/misc.c -+++ b/grub-core/kern/misc.c -@@ -1209,9 +1209,18 @@ grub_abort (void) - grub_getkey (); - } - -- grub_exit (); -+ grub_exit (1); - } - -+#if defined (__clang__) && !defined (GRUB_UTIL) -+/* clang emits references to abort(). */ -+void __attribute__ ((noreturn)) -+abort (void) -+{ -+ grub_abort (); -+} -+#endif -+ - void - grub_fatal (const char *fmt, ...) - { -diff --git a/grub-core/kern/uboot/init.c b/grub-core/kern/uboot/init.c -index 3e338645c5..be2a5be1d0 100644 ---- a/grub-core/kern/uboot/init.c -+++ b/grub-core/kern/uboot/init.c -@@ -39,9 +39,9 @@ extern grub_size_t grub_total_module_size; - static unsigned long timer_start; - - void --grub_exit (void) -+grub_exit (int rc) - { -- grub_uboot_return (0); -+ grub_uboot_return (rc < 0 ? 1 : rc); - } - - static grub_uint64_t -@@ -78,7 +78,7 @@ grub_machine_init (void) - if (!ver) - { - /* Don't even have a console to log errors to... */ -- grub_exit (); -+ grub_exit (-1); - } - else if (ver > API_SIG_VERSION) - { -diff --git a/grub-core/kern/xen/init.c b/grub-core/kern/xen/init.c -index 782ca72952..708b060f32 100644 ---- a/grub-core/kern/xen/init.c -+++ b/grub-core/kern/xen/init.c -@@ -584,7 +584,7 @@ grub_machine_init (void) - } - - void --grub_exit (void) -+grub_exit (int rc __attribute__((unused))) - { - struct sched_shutdown arg; - -diff --git a/include/grub/misc.h b/include/grub/misc.h -index 7d2b551969..fd18e6320b 100644 ---- a/include/grub/misc.h -+++ b/include/grub/misc.h -@@ -353,7 +353,7 @@ int EXPORT_FUNC(grub_vsnprintf) (char *str, grub_size_t n, const char *fmt, - char *EXPORT_FUNC(grub_xasprintf) (const char *fmt, ...) - __attribute__ ((format (GNU_PRINTF, 1, 2))) WARN_UNUSED_RESULT; - char *EXPORT_FUNC(grub_xvasprintf) (const char *fmt, va_list args) WARN_UNUSED_RESULT; --void EXPORT_FUNC(grub_exit) (void) __attribute__ ((noreturn)); -+void EXPORT_FUNC(grub_exit) (int rc) __attribute__ ((noreturn)); - grub_uint64_t EXPORT_FUNC(grub_divmod64) (grub_uint64_t n, - grub_uint64_t d, - grub_uint64_t *r); diff --git a/SPECS/grub2/fedora/0017-Make-efi-machines-load-an-env-block-from-a-variable.patch b/SPECS/grub2/fedora/0017-Make-efi-machines-load-an-env-block-from-a-variable.patch deleted file mode 100644 index ecfab5aea5..0000000000 --- a/SPECS/grub2/fedora/0017-Make-efi-machines-load-an-env-block-from-a-variable.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 7 Dec 2015 14:20:49 -0500 -Subject: [PATCH] Make efi machines load an env block from a variable - -Signed-off-by: Peter Jones ---- - grub-core/Makefile.core.def | 1 + - grub-core/kern/efi/init.c | 36 +++++++++++++++++++++++++++++++++++- - 2 files changed, 36 insertions(+), 1 deletion(-) - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 45d3edaa4d..c865a08b02 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -207,6 +207,7 @@ kernel = { - efi = kern/efi/acpi.c; - efi = kern/efi/sb.c; - efi = kern/lockdown.c; -+ efi = lib/envblk.c; - i386_coreboot = kern/i386/pc/acpi.c; - i386_multiboot = kern/i386/pc/acpi.c; - i386_coreboot = kern/acpi.c; -diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c -index 7facacf09c..6d39bd3ad2 100644 ---- a/grub-core/kern/efi/init.c -+++ b/grub-core/kern/efi/init.c -@@ -27,8 +27,11 @@ - #include - #include - #include -+ - #include - -+#include -+ - #ifdef GRUB_STACK_PROTECTOR - - static grub_efi_guid_t rng_protocol_guid = GRUB_EFI_RNG_PROTOCOL_GUID; -@@ -82,6 +85,36 @@ stack_protector_init (void) - - grub_addr_t grub_modbase; - -+#define GRUB_EFI_GRUB_VARIABLE_GUID \ -+ { 0x91376aff, 0xcba6, 0x42be, \ -+ { 0x94, 0x9d, 0x06, 0xfd, 0xe8, 0x11, 0x28, 0xe8 } \ -+ } -+ -+/* Helper for grub_efi_env_init */ -+static int -+set_var (const char *name, const char *value, -+ void *whitelist __attribute__((__unused__))) -+{ -+ grub_env_set (name, value); -+ return 0; -+} -+ -+static void -+grub_efi_env_init (void) -+{ -+ grub_efi_guid_t efi_grub_guid = GRUB_EFI_GRUB_VARIABLE_GUID; -+ struct grub_envblk envblk_s = { NULL, 0 }; -+ grub_envblk_t envblk = &envblk_s; -+ -+ grub_efi_get_variable ("GRUB_ENV", &efi_grub_guid, &envblk_s.size, -+ (void **) &envblk_s.buf); -+ if (!envblk_s.buf || envblk_s.size < 1) -+ return; -+ -+ grub_envblk_iterate (envblk, NULL, set_var); -+ grub_free (envblk_s.buf); -+} -+ - void - grub_efi_init (void) - { -@@ -108,10 +141,11 @@ grub_efi_init (void) - efi_call_4 (grub_efi_system_table->boot_services->set_watchdog_timer, - 0, 0, 0, NULL); - -+ grub_efi_env_init (); - grub_efidisk_init (); - } - --void (*grub_efi_net_config) (grub_efi_handle_t hnd, -+void (*grub_efi_net_config) (grub_efi_handle_t hnd, - char **device, - char **path); - diff --git a/SPECS/grub2/fedora/0019-Add-fw_path-variable-revised.patch b/SPECS/grub2/fedora/0019-Add-fw_path-variable-revised.patch deleted file mode 100644 index 804938bd7c..0000000000 --- a/SPECS/grub2/fedora/0019-Add-fw_path-variable-revised.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Paulo Flabiano Smorigo -Date: Wed, 19 Sep 2012 21:22:55 -0300 -Subject: [PATCH] Add fw_path variable (revised) - -This patch makes grub look for its config file on efi where the app was -found. It was originally written by Matthew Garrett, and adapted to fix the -"No modules are loaded on grub2 network boot" issue: - -https://bugzilla.redhat.com/show_bug.cgi?id=857936 - -Signed-off-by: Paulo Flabiano Smorigo -Signed-off-by: Robbie Harwood ---- - grub-core/kern/main.c | 13 ++++++------- - grub-core/normal/main.c | 25 ++++++++++++++++++++++++- - 2 files changed, 30 insertions(+), 8 deletions(-) - -diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c -index 73967e2f5b..d1de9fa687 100644 ---- a/grub-core/kern/main.c -+++ b/grub-core/kern/main.c -@@ -128,16 +128,15 @@ grub_set_prefix_and_root (void) - - grub_machine_get_bootlocation (&fwdevice, &fwpath); - -- if (fwdevice) -+ if (fwdevice && fwpath) - { -- char *cmdpath; -+ char *fw_path; - -- cmdpath = grub_xasprintf ("(%s)%s", fwdevice, fwpath ? : ""); -- if (cmdpath) -+ fw_path = grub_xasprintf ("(%s)/%s", fwdevice, fwpath); -+ if (fw_path) - { -- grub_env_set ("cmdpath", cmdpath); -- grub_env_export ("cmdpath"); -- grub_free (cmdpath); -+ grub_env_set ("fw_path", fw_path); -+ grub_free (fw_path); - } - } - -diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 70614de156..62571e6dfc 100644 ---- a/grub-core/normal/main.c -+++ b/grub-core/normal/main.c -@@ -339,7 +339,30 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), - /* Guess the config filename. It is necessary to make CONFIG static, - so that it won't get broken by longjmp. */ - char *config; -- const char *prefix; -+ const char *prefix, *fw_path; -+ -+ fw_path = grub_env_get ("fw_path"); -+ if (fw_path) -+ { -+ config = grub_xasprintf ("%s/grub.cfg", fw_path); -+ if (config) -+ { -+ grub_file_t file; -+ -+ file = grub_file_open (config, GRUB_FILE_TYPE_CONFIG); -+ if (file) -+ { -+ grub_file_close (file); -+ grub_enter_normal_mode (config); -+ } -+ else -+ { -+ /* Ignore all errors. */ -+ grub_errno = 0; -+ } -+ grub_free (config); -+ } -+ } - - prefix = grub_env_get ("prefix"); - if (prefix) diff --git a/SPECS/grub2/fedora/0020-Pass-x-hex-hex-straight-through-unmolested.patch b/SPECS/grub2/fedora/0020-Pass-x-hex-hex-straight-through-unmolested.patch deleted file mode 100644 index c2623acf8a..0000000000 --- a/SPECS/grub2/fedora/0020-Pass-x-hex-hex-straight-through-unmolested.patch +++ /dev/null @@ -1,173 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 1 Oct 2012 13:24:37 -0400 -Subject: [PATCH] Pass "\x[[:hex:]][[:hex:]]" straight through unmolested. - -Don't munge raw spaces when we're doing our cmdline escaping (#923374) - -Signed-off-by: Peter Jones ---- - grub-core/commands/wildcard.c | 16 +++++++++++++++- - grub-core/lib/cmdline.c | 25 +++++++++++++++++++++++-- - grub-core/script/execute.c | 43 +++++++++++++++++++++++++++++++++++++------ - 3 files changed, 75 insertions(+), 9 deletions(-) - -diff --git a/grub-core/commands/wildcard.c b/grub-core/commands/wildcard.c -index cc3290311f..8f67a4be7f 100644 ---- a/grub-core/commands/wildcard.c -+++ b/grub-core/commands/wildcard.c -@@ -488,6 +488,12 @@ check_file (const char *dir, const char *basename) - return ctx.found; - } - -+static int -+is_hex(char c) -+{ -+ return ((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F')); -+} -+ - static void - unescape (char *out, const char *in, const char *end) - { -@@ -496,7 +502,15 @@ unescape (char *out, const char *in, const char *end) - - for (optr = out, iptr = in; iptr < end;) - { -- if (*iptr == '\\' && iptr + 1 < end) -+ if (*iptr == '\\' && iptr + 3 < end && iptr[1] == 'x' && is_hex(iptr[2]) && is_hex(iptr[3])) -+ { -+ *optr++ = *iptr++; -+ *optr++ = *iptr++; -+ *optr++ = *iptr++; -+ *optr++ = *iptr++; -+ continue; -+ } -+ else if (*iptr == '\\' && iptr + 1 < end) - { - *optr++ = iptr[1]; - iptr += 2; -diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c -index ed0b149dca..8e2294d8ff 100644 ---- a/grub-core/lib/cmdline.c -+++ b/grub-core/lib/cmdline.c -@@ -20,6 +20,12 @@ - #include - #include - -+static int -+is_hex(char c) -+{ -+ return ((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F')); -+} -+ - static unsigned int check_arg (char *c, int *has_space) - { - int space = 0; -@@ -27,7 +33,13 @@ static unsigned int check_arg (char *c, int *has_space) - - while (*c) - { -- if (*c == '\\' || *c == '\'' || *c == '"') -+ if (*c == '\\' && *(c+1) == 'x' && is_hex(*(c+2)) && is_hex(*(c+3))) -+ { -+ size += 4; -+ c += 4; -+ continue; -+ } -+ else if (*c == '\\' || *c == '\'' || *c == '"') - size++; - else if (*c == ' ') - space = 1; -@@ -86,7 +98,16 @@ grub_create_loader_cmdline (int argc, char *argv[], char *buf, - - while (*c) - { -- if (*c == '\\' || *c == '\'' || *c == '"') -+ if (*c == '\\' && *(c+1) == 'x' && -+ is_hex(*(c+2)) && is_hex(*(c+3))) -+ { -+ *buf++ = *c++; -+ *buf++ = *c++; -+ *buf++ = *c++; -+ *buf++ = *c++; -+ continue; -+ } -+ else if (*c == '\\' || *c == '\'' || *c == '"') - *buf++ = '\\'; - - *buf++ = *c; -diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c -index ad80399246..0c6dd9c520 100644 ---- a/grub-core/script/execute.c -+++ b/grub-core/script/execute.c -@@ -56,6 +56,12 @@ static struct grub_script_scope *scope = 0; - /* Wildcard translator for GRUB script. */ - struct grub_script_wildcard_translator *grub_wildcard_translator; - -+static int -+is_hex(char c) -+{ -+ return ((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F')); -+} -+ - static char* - wildcard_escape (const char *s) - { -@@ -72,7 +78,15 @@ wildcard_escape (const char *s) - i = 0; - while ((ch = *s++)) - { -- if (ch == '*' || ch == '\\' || ch == '?') -+ if (ch == '\\' && s[0] == 'x' && is_hex(s[1]) && is_hex(s[2])) -+ { -+ p[i++] = ch; -+ p[i++] = *s++; -+ p[i++] = *s++; -+ p[i++] = *s++; -+ continue; -+ } -+ else if (ch == '*' || ch == '\\' || ch == '?') - p[i++] = '\\'; - p[i++] = ch; - } -@@ -96,7 +110,14 @@ wildcard_unescape (const char *s) - i = 0; - while ((ch = *s++)) - { -- if (ch == '\\') -+ if (ch == '\\' && s[0] == 'x' && is_hex(s[1]) && is_hex(s[2])) -+ { -+ p[i++] = '\\'; -+ p[i++] = *s++; -+ p[i++] = *s++; -+ p[i++] = *s++; -+ } -+ else if (ch == '\\') - p[i++] = *s++; - else - p[i++] = ch; -@@ -398,10 +419,20 @@ parse_string (const char *str, - switch (*ptr) - { - case '\\': -- escaped = !escaped; -- if (!escaped && put) -- *(put++) = '\\'; -- ptr++; -+ if (!escaped && put && *(ptr+1) == 'x' && is_hex(*(ptr+2)) && is_hex(*(ptr+3))) -+ { -+ *(put++) = *ptr++; -+ *(put++) = *ptr++; -+ *(put++) = *ptr++; -+ *(put++) = *ptr++; -+ } -+ else -+ { -+ escaped = !escaped; -+ if (!escaped && put) -+ *(put++) = '\\'; -+ ptr++; -+ } - break; - case '$': - if (escaped) diff --git a/SPECS/grub2/fedora/0021-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch b/SPECS/grub2/fedora/0021-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch deleted file mode 100644 index c452b5f869..0000000000 --- a/SPECS/grub2/fedora/0021-blscfg-add-blscfg-module-to-parse-Boot-Loader-Specif.patch +++ /dev/null @@ -1,1609 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 22 Jan 2013 06:31:38 +0100 -Subject: [PATCH] blscfg: add blscfg module to parse Boot Loader Specification - snippets - -The BootLoaderSpec (BLS) defines a scheme where different bootloaders can -share a format for boot items and a configuration directory that accepts -these common configurations as drop-in files. - -Signed-off-by: Peter Jones -Signed-off-by: Javier Martinez Canillas -[wjt: some cleanups and fixes] -Signed-off-by: Will Thompson ---- - grub-core/Makefile.core.def | 11 + - grub-core/commands/blscfg.c | 1177 ++++++++++++++++++++++++++++++++++++++++ - grub-core/commands/legacycfg.c | 5 +- - grub-core/commands/loadenv.c | 77 +-- - grub-core/commands/menuentry.c | 20 +- - grub-core/normal/main.c | 6 + - grub-core/commands/loadenv.h | 93 ++++ - include/grub/compiler.h | 2 + - include/grub/menu.h | 13 + - include/grub/normal.h | 2 +- - 10 files changed, 1324 insertions(+), 82 deletions(-) - create mode 100644 grub-core/commands/blscfg.c - create mode 100644 grub-core/commands/loadenv.h - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index c865a08b02..c15e91943b 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -814,6 +814,16 @@ module = { - common = commands/blocklist.c; - }; - -+module = { -+ name = blscfg; -+ common = commands/blscfg.c; -+ common = commands/loadenv.h; -+ enable = powerpc_ieee1275; -+ enable = efi; -+ enable = i386_pc; -+ enable = emu; -+}; -+ - module = { - name = boot; - common = commands/boot.c; -@@ -980,6 +990,7 @@ module = { - module = { - name = loadenv; - common = commands/loadenv.c; -+ common = commands/loadenv.h; - common = lib/envblk.c; - }; - -diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c -new file mode 100644 -index 0000000000..e907a6a5d2 ---- /dev/null -+++ b/grub-core/commands/blscfg.c -@@ -0,0 +1,1177 @@ -+/*-*- Mode: C; c-basic-offset: 2; indent-tabs-mode: t -*-*/ -+ -+/* bls.c - implementation of the boot loader spec */ -+ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+ -+GRUB_MOD_LICENSE ("GPLv3+"); -+ -+#include "loadenv.h" -+ -+#define GRUB_BLS_CONFIG_PATH "/loader/entries/" -+#ifdef GRUB_MACHINE_EMU -+#define GRUB_BOOT_DEVICE "/boot" -+#else -+#define GRUB_BOOT_DEVICE "($root)" -+#endif -+ -+struct keyval -+{ -+ const char *key; -+ char *val; -+}; -+ -+static struct bls_entry *entries = NULL; -+ -+#define FOR_BLS_ENTRIES(var) FOR_LIST_ELEMENTS (var, entries) -+ -+static int bls_add_keyval(struct bls_entry *entry, char *key, char *val) -+{ -+ char *k, *v; -+ struct keyval **kvs, *kv; -+ int new_n = entry->nkeyvals + 1; -+ -+ kvs = grub_realloc (entry->keyvals, new_n * sizeof (struct keyval *)); -+ if (!kvs) -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "couldn't find space for BLS entry"); -+ entry->keyvals = kvs; -+ -+ kv = grub_malloc (sizeof (struct keyval)); -+ if (!kv) -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "couldn't find space for BLS entry"); -+ -+ k = grub_strdup (key); -+ if (!k) -+ { -+ grub_free (kv); -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "couldn't find space for BLS entry"); -+ } -+ -+ v = grub_strdup (val); -+ if (!v) -+ { -+ grub_free (k); -+ grub_free (kv); -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "couldn't find space for BLS entry"); -+ } -+ -+ kv->key = k; -+ kv->val = v; -+ -+ entry->keyvals[entry->nkeyvals] = kv; -+ grub_dprintf("blscfg", "new keyval at %p:%s:%s\n", entry->keyvals[entry->nkeyvals], k, v); -+ entry->nkeyvals = new_n; -+ -+ return 0; -+} -+ -+/* Find they value of the key named by keyname. If there are allowed to be -+ * more than one, pass a pointer to an int set to -1 the first time, and pass -+ * the same pointer through each time after, and it'll return them in sorted -+ * order as defined in the BLS fragment file */ -+static char *bls_get_val(struct bls_entry *entry, const char *keyname, int *last) -+{ -+ int idx, start = 0; -+ struct keyval *kv = NULL; -+ -+ if (last) -+ start = *last + 1; -+ -+ for (idx = start; idx < entry->nkeyvals; idx++) { -+ kv = entry->keyvals[idx]; -+ -+ if (!grub_strcmp (keyname, kv->key)) -+ break; -+ } -+ -+ if (idx == entry->nkeyvals) { -+ if (last) -+ *last = -1; -+ return NULL; -+ } -+ -+ if (last) -+ *last = idx; -+ -+ return kv->val; -+} -+ -+#define goto_return(x) ({ ret = (x); goto finish; }) -+ -+/* compare alpha and numeric segments of two versions */ -+/* return 1: a is newer than b */ -+/* 0: a and b are the same version */ -+/* -1: b is newer than a */ -+static int vercmp(const char * a, const char * b) -+{ -+ char oldch1, oldch2; -+ char *abuf, *bbuf; -+ char *str1, *str2; -+ char * one, * two; -+ int rc; -+ int isnum; -+ int ret = 0; -+ -+ grub_dprintf("blscfg", "%s comparing %s and %s\n", __func__, a, b); -+ if (!grub_strcmp(a, b)) -+ return 0; -+ -+ abuf = grub_malloc(grub_strlen(a) + 1); -+ bbuf = grub_malloc(grub_strlen(b) + 1); -+ str1 = abuf; -+ str2 = bbuf; -+ grub_strcpy(str1, a); -+ grub_strcpy(str2, b); -+ -+ one = str1; -+ two = str2; -+ -+ /* loop through each version segment of str1 and str2 and compare them */ -+ while (*one || *two) { -+ while (*one && !grub_isalnum(*one) && *one != '~' && *one != '+') one++; -+ while (*two && !grub_isalnum(*two) && *two != '~' && *two != '+') two++; -+ -+ /* handle the tilde separator, it sorts before everything else */ -+ if (*one == '~' || *two == '~') { -+ if (*one != '~') goto_return (1); -+ if (*two != '~') goto_return (-1); -+ one++; -+ two++; -+ continue; -+ } -+ -+ /* -+ * Handle plus separator. Concept is the same as tilde, -+ * except that if one of the strings ends (base version), -+ * the other is considered as higher version. -+ */ -+ if (*one == '+' || *two == '+') { -+ if (!*one) return -1; -+ if (!*two) return 1; -+ if (*one != '+') goto_return (1); -+ if (*two != '+') goto_return (-1); -+ one++; -+ two++; -+ continue; -+ } -+ -+ /* If we ran to the end of either, we are finished with the loop */ -+ if (!(*one && *two)) break; -+ -+ str1 = one; -+ str2 = two; -+ -+ /* grab first completely alpha or completely numeric segment */ -+ /* leave one and two pointing to the start of the alpha or numeric */ -+ /* segment and walk str1 and str2 to end of segment */ -+ if (grub_isdigit(*str1)) { -+ while (*str1 && grub_isdigit(*str1)) str1++; -+ while (*str2 && grub_isdigit(*str2)) str2++; -+ isnum = 1; -+ } else { -+ while (*str1 && grub_isalpha(*str1)) str1++; -+ while (*str2 && grub_isalpha(*str2)) str2++; -+ isnum = 0; -+ } -+ -+ /* save character at the end of the alpha or numeric segment */ -+ /* so that they can be restored after the comparison */ -+ oldch1 = *str1; -+ *str1 = '\0'; -+ oldch2 = *str2; -+ *str2 = '\0'; -+ -+ /* this cannot happen, as we previously tested to make sure that */ -+ /* the first string has a non-null segment */ -+ if (one == str1) goto_return(-1); /* arbitrary */ -+ -+ /* take care of the case where the two version segments are */ -+ /* different types: one numeric, the other alpha (i.e. empty) */ -+ /* numeric segments are always newer than alpha segments */ -+ /* XXX See patch #60884 (and details) from bugzilla #50977. */ -+ if (two == str2) goto_return (isnum ? 1 : -1); -+ -+ if (isnum) { -+ grub_size_t onelen, twolen; -+ /* this used to be done by converting the digit segments */ -+ /* to ints using atoi() - it's changed because long */ -+ /* digit segments can overflow an int - this should fix that. */ -+ -+ /* throw away any leading zeros - it's a number, right? */ -+ while (*one == '0') one++; -+ while (*two == '0') two++; -+ -+ /* whichever number has more digits wins */ -+ onelen = grub_strlen(one); -+ twolen = grub_strlen(two); -+ if (onelen > twolen) goto_return (1); -+ if (twolen > onelen) goto_return (-1); -+ } -+ -+ /* grub_strcmp will return which one is greater - even if the two */ -+ /* segments are alpha or if they are numeric. don't return */ -+ /* if they are equal because there might be more segments to */ -+ /* compare */ -+ rc = grub_strcmp(one, two); -+ if (rc) goto_return (rc < 1 ? -1 : 1); -+ -+ /* restore character that was replaced by null above */ -+ *str1 = oldch1; -+ one = str1; -+ *str2 = oldch2; -+ two = str2; -+ } -+ -+ /* this catches the case where all numeric and alpha segments have */ -+ /* compared identically but the segment sepparating characters were */ -+ /* different */ -+ if ((!*one) && (!*two)) goto_return (0); -+ -+ /* whichever version still has characters left over wins */ -+ if (!*one) goto_return (-1); else goto_return (1); -+ -+finish: -+ grub_free (abuf); -+ grub_free (bbuf); -+ return ret; -+} -+ -+/* returns name/version/release */ -+/* NULL string pointer returned if nothing found */ -+static void -+split_package_string (char *package_string, char **name, -+ char **version, char **release) -+{ -+ char *package_version, *package_release; -+ -+ /* Release */ -+ package_release = grub_strrchr (package_string, '-'); -+ -+ if (package_release != NULL) -+ *package_release++ = '\0'; -+ -+ *release = package_release; -+ -+ if (name == NULL) -+ { -+ *version = package_string; -+ } -+ else -+ { -+ /* Version */ -+ package_version = grub_strrchr(package_string, '-'); -+ -+ if (package_version != NULL) -+ *package_version++ = '\0'; -+ -+ *version = package_version; -+ /* Name */ -+ *name = package_string; -+ } -+ -+ /* Bubble up non-null values from release to name */ -+ if (name != NULL && *name == NULL) -+ { -+ *name = (*version == NULL ? *release : *version); -+ *version = *release; -+ *release = NULL; -+ } -+ if (*version == NULL) -+ { -+ *version = *release; -+ *release = NULL; -+ } -+} -+ -+static int -+split_cmp(char *nvr0, char *nvr1, int has_name) -+{ -+ int ret = 0; -+ char *name0, *version0, *release0; -+ char *name1, *version1, *release1; -+ -+ split_package_string(nvr0, has_name ? &name0 : NULL, &version0, &release0); -+ split_package_string(nvr1, has_name ? &name1 : NULL, &version1, &release1); -+ -+ if (has_name) -+ { -+ ret = vercmp(name0 == NULL ? "" : name0, -+ name1 == NULL ? "" : name1); -+ if (ret != 0) -+ return ret; -+ } -+ -+ ret = vercmp(version0 == NULL ? "" : version0, -+ version1 == NULL ? "" : version1); -+ if (ret != 0) -+ return ret; -+ -+ ret = vercmp(release0 == NULL ? "" : release0, -+ release1 == NULL ? "" : release1); -+ return ret; -+} -+ -+/* return 1: e0 is newer than e1 */ -+/* 0: e0 and e1 are the same version */ -+/* -1: e1 is newer than e0 */ -+static int bls_cmp(const struct bls_entry *e0, const struct bls_entry *e1) -+{ -+ char *id0, *id1; -+ int r; -+ -+ id0 = grub_strdup(e0->filename); -+ id1 = grub_strdup(e1->filename); -+ -+ r = split_cmp(id0, id1, 1); -+ -+ grub_free(id0); -+ grub_free(id1); -+ -+ return r; -+} -+ -+static void list_add_tail(struct bls_entry *head, struct bls_entry *item) -+{ -+ item->next = head; -+ if (head->prev) -+ head->prev->next = item; -+ item->prev = head->prev; -+ head->prev = item; -+} -+ -+static int bls_add_entry(struct bls_entry *entry) -+{ -+ struct bls_entry *e, *last = NULL; -+ int rc; -+ -+ if (!entries) { -+ grub_dprintf ("blscfg", "Add entry with id \"%s\"\n", entry->filename); -+ entries = entry; -+ return 0; -+ } -+ -+ FOR_BLS_ENTRIES(e) { -+ rc = bls_cmp(entry, e); -+ -+ if (!rc) -+ return GRUB_ERR_BAD_ARGUMENT; -+ -+ if (rc == 1) { -+ grub_dprintf ("blscfg", "Add entry with id \"%s\"\n", entry->filename); -+ list_add_tail (e, entry); -+ if (e == entries) { -+ entries = entry; -+ entry->prev = NULL; -+ } -+ return 0; -+ } -+ last = e; -+ } -+ -+ if (last) { -+ grub_dprintf ("blscfg", "Add entry with id \"%s\"\n", entry->filename); -+ last->next = entry; -+ entry->prev = last; -+ } -+ -+ return 0; -+} -+ -+struct read_entry_info { -+ const char *devid; -+ const char *dirname; -+ grub_file_t file; -+}; -+ -+static int read_entry ( -+ const char *filename, -+ const struct grub_dirhook_info *dirhook_info UNUSED, -+ void *data) -+{ -+ grub_size_t m = 0, n, clip = 0; -+ int rc = 0; -+ char *p = NULL; -+ grub_file_t f = NULL; -+ struct bls_entry *entry; -+ struct read_entry_info *info = (struct read_entry_info *)data; -+ -+ grub_dprintf ("blscfg", "filename: \"%s\"\n", filename); -+ -+ n = grub_strlen (filename); -+ -+ if (info->file) -+ { -+ f = info->file; -+ } -+ else -+ { -+ if (filename[0] == '.') -+ return 0; -+ -+ if (n <= 5) -+ return 0; -+ -+ if (grub_strcmp (filename + n - 5, ".conf") != 0) -+ return 0; -+ -+ p = grub_xasprintf ("(%s)%s/%s", info->devid, info->dirname, filename); -+ -+ f = grub_file_open (p, GRUB_FILE_TYPE_CONFIG); -+ if (!f) -+ goto finish; -+ } -+ -+ entry = grub_zalloc (sizeof (*entry)); -+ if (!entry) -+ goto finish; -+ -+ if (info->file) -+ { -+ char *slash; -+ -+ if (n > 5 && !grub_strcmp (filename + n - 5, ".conf") == 0) -+ clip = 5; -+ -+ slash = grub_strrchr (filename, '/'); -+ if (!slash) -+ slash = grub_strrchr (filename, '\\'); -+ -+ while (*slash == '/' || *slash == '\\') -+ slash++; -+ -+ m = slash ? slash - filename : 0; -+ } -+ else -+ { -+ m = 0; -+ clip = 5; -+ } -+ n -= m; -+ -+ entry->filename = grub_strndup(filename + m, n - clip); -+ if (!entry->filename) -+ goto finish; -+ -+ entry->filename[n - 5] = '\0'; -+ -+ for (;;) -+ { -+ char *buf; -+ char *separator; -+ -+ buf = grub_file_getline (f); -+ if (!buf) -+ break; -+ -+ while (buf && buf[0] && (buf[0] == ' ' || buf[0] == '\t')) -+ buf++; -+ if (buf[0] == '#') -+ continue; -+ -+ separator = grub_strchr (buf, ' '); -+ -+ if (!separator) -+ separator = grub_strchr (buf, '\t'); -+ -+ if (!separator || separator[1] == '\0') -+ { -+ grub_free (buf); -+ break; -+ } -+ -+ separator[0] = '\0'; -+ -+ do { -+ separator++; -+ } while (*separator == ' ' || *separator == '\t'); -+ -+ rc = bls_add_keyval (entry, buf, separator); -+ grub_free (buf); -+ if (rc < 0) -+ break; -+ } -+ -+ if (!rc) -+ bls_add_entry(entry); -+ -+finish: -+ if (p) -+ grub_free (p); -+ -+ if (f) -+ grub_file_close (f); -+ -+ return 0; -+} -+ -+static grub_envblk_t saved_env = NULL; -+ -+static int UNUSED -+save_var (const char *name, const char *value, void *whitelist UNUSED) -+{ -+ const char *val = grub_env_get (name); -+ grub_dprintf("blscfg", "saving \"%s\"\n", name); -+ -+ if (val) -+ grub_envblk_set (saved_env, name, value); -+ -+ return 0; -+} -+ -+static int UNUSED -+unset_var (const char *name, const char *value UNUSED, void *whitelist) -+{ -+ grub_dprintf("blscfg", "restoring \"%s\"\n", name); -+ if (! whitelist) -+ { -+ grub_env_unset (name); -+ return 0; -+ } -+ -+ if (test_whitelist_membership (name, -+ (const grub_env_whitelist_t *) whitelist)) -+ grub_env_unset (name); -+ -+ return 0; -+} -+ -+static char **bls_make_list (struct bls_entry *entry, const char *key, int *num) -+{ -+ int last = -1; -+ char *val; -+ -+ int nlist = 0; -+ char **list = NULL; -+ -+ list = grub_malloc (sizeof (char *)); -+ if (!list) -+ return NULL; -+ list[0] = NULL; -+ -+ while (1) -+ { -+ char **new; -+ -+ val = bls_get_val (entry, key, &last); -+ if (!val) -+ break; -+ -+ new = grub_realloc (list, (nlist + 2) * sizeof (char *)); -+ if (!new) -+ break; -+ -+ list = new; -+ list[nlist++] = val; -+ list[nlist] = NULL; -+ } -+ -+ if (!nlist) -+ { -+ grub_free (list); -+ return NULL; -+ } -+ -+ if (num) -+ *num = nlist; -+ -+ return list; -+} -+ -+static char *field_append(bool is_var, char *buffer, const char *start, const char *end) -+{ -+ char *tmp = grub_strndup(start, end - start + 1); -+ const char *field = tmp; -+ int term = is_var ? 2 : 1; -+ -+ if (is_var) { -+ field = grub_env_get (tmp); -+ if (!field) -+ return buffer; -+ } -+ -+ if (!buffer) -+ buffer = grub_zalloc (grub_strlen(field) + term); -+ else -+ buffer = grub_realloc (buffer, grub_strlen(buffer) + grub_strlen(field) + term); -+ -+ if (!buffer) -+ return NULL; -+ -+ tmp = buffer + grub_strlen(buffer); -+ tmp = grub_stpcpy (tmp, field); -+ -+ if (is_var) -+ tmp = grub_stpcpy (tmp, " "); -+ -+ return buffer; -+} -+ -+static char *expand_val(const char *value) -+{ -+ char *buffer = NULL; -+ const char *start = value; -+ const char *end = value; -+ bool is_var = false; -+ -+ if (!value) -+ return NULL; -+ -+ while (*value) { -+ if (*value == '$') { -+ if (start != end) { -+ buffer = field_append(is_var, buffer, start, end); -+ if (!buffer) -+ return NULL; -+ } -+ -+ is_var = true; -+ start = value + 1; -+ } else if (is_var) { -+ if (!grub_isalnum(*value) && *value != '_') { -+ buffer = field_append(is_var, buffer, start, end); -+ is_var = false; -+ start = value; -+ if (*start == ' ') -+ start++; -+ } -+ } -+ -+ end = value; -+ value++; -+ } -+ -+ if (start != end) { -+ buffer = field_append(is_var, buffer, start, end); -+ if (!buffer) -+ return NULL; -+ } -+ -+ return buffer; -+} -+ -+static char **early_initrd_list (const char *initrd) -+{ -+ int nlist = 0; -+ char **list = NULL; -+ char *separator; -+ -+ while ((separator = grub_strchr (initrd, ' '))) -+ { -+ list = grub_realloc (list, (nlist + 2) * sizeof (char *)); -+ if (!list) -+ return NULL; -+ -+ list[nlist++] = grub_strndup(initrd, separator - initrd); -+ list[nlist] = NULL; -+ initrd = separator + 1; -+ } -+ -+ list = grub_realloc (list, (nlist + 2) * sizeof (char *)); -+ if (!list) -+ return NULL; -+ -+ list[nlist++] = grub_strndup(initrd, grub_strlen(initrd)); -+ list[nlist] = NULL; -+ -+ return list; -+} -+ -+static void create_entry (struct bls_entry *entry) -+{ -+ int argc = 0; -+ const char **argv = NULL; -+ -+ char *title = NULL; -+ char *clinux = NULL; -+ char *options = NULL; -+ char **initrds = NULL; -+ char *initrd = NULL; -+ const char *early_initrd = NULL; -+ char **early_initrds = NULL; -+ char *initrd_prefix = NULL; -+ char *devicetree = NULL; -+ char *dt = NULL; -+ char *id = entry->filename; -+ char *dotconf = id; -+ char *hotkey = NULL; -+ -+ char *users = NULL; -+ char **classes = NULL; -+ -+ char **args = NULL; -+ -+ char *src = NULL; -+ int i, index; -+ bool add_dt_prefix = false; -+ -+ grub_dprintf("blscfg", "%s got here\n", __func__); -+ clinux = bls_get_val (entry, "linux", NULL); -+ if (!clinux) -+ { -+ grub_dprintf ("blscfg", "Skipping file %s with no 'linux' key.\n", entry->filename); -+ goto finish; -+ } -+ -+ /* -+ * strip the ".conf" off the end before we make it our "id" field. -+ */ -+ do -+ { -+ dotconf = grub_strstr(dotconf, ".conf"); -+ } while (dotconf != NULL && dotconf[5] != '\0'); -+ if (dotconf) -+ dotconf[0] = '\0'; -+ -+ title = bls_get_val (entry, "title", NULL); -+ options = expand_val (bls_get_val (entry, "options", NULL)); -+ -+ if (!options) -+ options = expand_val (grub_env_get("default_kernelopts")); -+ -+ initrds = bls_make_list (entry, "initrd", NULL); -+ -+ devicetree = expand_val (bls_get_val (entry, "devicetree", NULL)); -+ -+ if (!devicetree) -+ { -+ devicetree = expand_val (grub_env_get("devicetree")); -+ add_dt_prefix = true; -+ } -+ -+ hotkey = bls_get_val (entry, "grub_hotkey", NULL); -+ users = expand_val (bls_get_val (entry, "grub_users", NULL)); -+ classes = bls_make_list (entry, "grub_class", NULL); -+ args = bls_make_list (entry, "grub_arg", &argc); -+ -+ argc += 1; -+ argv = grub_malloc ((argc + 1) * sizeof (char *)); -+ argv[0] = title ? title : clinux; -+ for (i = 1; i < argc; i++) -+ argv[i] = args[i-1]; -+ argv[argc] = NULL; -+ -+ early_initrd = grub_env_get("early_initrd"); -+ -+ grub_dprintf ("blscfg", "adding menu entry for \"%s\" with id \"%s\"\n", -+ title, id); -+ if (early_initrd) -+ { -+ early_initrds = early_initrd_list(early_initrd); -+ if (!early_initrds) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ goto finish; -+ } -+ -+ if (initrds != NULL && initrds[0] != NULL) -+ { -+ initrd_prefix = grub_strrchr (initrds[0], '/'); -+ initrd_prefix = grub_strndup(initrds[0], initrd_prefix - initrds[0] + 1); -+ } -+ else -+ { -+ initrd_prefix = grub_strrchr (clinux, '/'); -+ initrd_prefix = grub_strndup(clinux, initrd_prefix - clinux + 1); -+ } -+ -+ if (!initrd_prefix) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ goto finish; -+ } -+ } -+ -+ if (early_initrds || initrds) -+ { -+ int initrd_size = sizeof ("initrd"); -+ char *tmp; -+ -+ for (i = 0; early_initrds != NULL && early_initrds[i] != NULL; i++) -+ initrd_size += sizeof (" " GRUB_BOOT_DEVICE) \ -+ + grub_strlen(initrd_prefix) \ -+ + grub_strlen (early_initrds[i]) + 1; -+ -+ for (i = 0; initrds != NULL && initrds[i] != NULL; i++) -+ initrd_size += sizeof (" " GRUB_BOOT_DEVICE) \ -+ + grub_strlen (initrds[i]) + 1; -+ initrd_size += 1; -+ -+ initrd = grub_malloc (initrd_size); -+ if (!initrd) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ goto finish; -+ } -+ -+ tmp = grub_stpcpy(initrd, "initrd"); -+ for (i = 0; early_initrds != NULL && early_initrds[i] != NULL; i++) -+ { -+ grub_dprintf ("blscfg", "adding early initrd %s\n", early_initrds[i]); -+ tmp = grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE); -+ tmp = grub_stpcpy (tmp, initrd_prefix); -+ tmp = grub_stpcpy (tmp, early_initrds[i]); -+ grub_free(early_initrds[i]); -+ } -+ -+ for (i = 0; initrds != NULL && initrds[i] != NULL; i++) -+ { -+ grub_dprintf ("blscfg", "adding initrd %s\n", initrds[i]); -+ tmp = grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE); -+ tmp = grub_stpcpy (tmp, initrds[i]); -+ } -+ tmp = grub_stpcpy (tmp, "\n"); -+ } -+ -+ if (devicetree) -+ { -+ char *prefix = NULL; -+ int dt_size; -+ -+ if (add_dt_prefix) -+ { -+ prefix = grub_strrchr (clinux, '/'); -+ prefix = grub_strndup(clinux, prefix - clinux + 1); -+ if (!prefix) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ goto finish; -+ } -+ } -+ -+ dt_size = sizeof("devicetree " GRUB_BOOT_DEVICE) + grub_strlen(devicetree) + 1; -+ -+ if (add_dt_prefix) -+ { -+ dt_size += grub_strlen(prefix); -+ } -+ -+ dt = grub_malloc (dt_size); -+ if (!dt) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ goto finish; -+ } -+ char *tmp = dt; -+ tmp = grub_stpcpy (dt, "devicetree"); -+ tmp = grub_stpcpy (tmp, " " GRUB_BOOT_DEVICE); -+ if (add_dt_prefix) -+ tmp = grub_stpcpy (tmp, prefix); -+ tmp = grub_stpcpy (tmp, devicetree); -+ tmp = grub_stpcpy (tmp, "\n"); -+ -+ grub_free(prefix); -+ } -+ -+ grub_dprintf ("blscfg2", "devicetree %s for id:\"%s\"\n", dt, id); -+ -+ const char *sdval = grub_env_get("save_default"); -+ bool savedefault = ((NULL != sdval) && (grub_strcmp(sdval, "true") == 0)); -+ src = grub_xasprintf ("%sload_video\n" -+ "set gfxpayload=keep\n" -+ "insmod gzio\n" -+ "linux %s%s%s%s\n" -+ "%s%s", -+ savedefault ? "savedefault\n" : "", -+ GRUB_BOOT_DEVICE, clinux, options ? " " : "", options ? options : "", -+ initrd ? initrd : "", dt ? dt : ""); -+ -+ grub_normal_add_menu_entry (argc, argv, classes, id, users, hotkey, NULL, src, 0, &index, entry); -+ grub_dprintf ("blscfg", "Added entry %d id:\"%s\"\n", index, id); -+ -+finish: -+ grub_free (dt); -+ grub_free (initrd); -+ grub_free (initrd_prefix); -+ grub_free (early_initrds); -+ grub_free (devicetree); -+ grub_free (initrds); -+ grub_free (options); -+ grub_free (classes); -+ grub_free (args); -+ grub_free (argv); -+ grub_free (src); -+} -+ -+struct find_entry_info { -+ const char *dirname; -+ const char *devid; -+ grub_device_t dev; -+ grub_fs_t fs; -+}; -+ -+/* -+ * info: the filesystem object the file is on. -+ */ -+static int find_entry (struct find_entry_info *info) -+{ -+ struct read_entry_info read_entry_info; -+ grub_fs_t blsdir_fs = NULL; -+ grub_device_t blsdir_dev = NULL; -+ const char *blsdir = info->dirname; -+ int fallback = 0; -+ int r = 0; -+ -+ if (!blsdir) { -+ blsdir = grub_env_get ("blsdir"); -+ if (!blsdir) -+ blsdir = GRUB_BLS_CONFIG_PATH; -+ } -+ -+ read_entry_info.file = NULL; -+ read_entry_info.dirname = blsdir; -+ -+ grub_dprintf ("blscfg", "scanning blsdir: %s\n", blsdir); -+ -+ blsdir_dev = info->dev; -+ blsdir_fs = info->fs; -+ read_entry_info.devid = info->devid; -+ -+read_fallback: -+ r = blsdir_fs->fs_dir (blsdir_dev, read_entry_info.dirname, read_entry, -+ &read_entry_info); -+ if (r != 0) { -+ grub_dprintf ("blscfg", "read_entry returned error\n"); -+ grub_err_t e; -+ do -+ { -+ e = grub_error_pop(); -+ } while (e); -+ } -+ -+ if (r && !info->dirname && !fallback) { -+ read_entry_info.dirname = "/boot" GRUB_BLS_CONFIG_PATH; -+ grub_dprintf ("blscfg", "Entries weren't found in %s, fallback to %s\n", -+ blsdir, read_entry_info.dirname); -+ fallback = 1; -+ goto read_fallback; -+ } -+ -+ return 0; -+} -+ -+static grub_err_t -+bls_load_entries (const char *path) -+{ -+ grub_size_t len; -+ grub_fs_t fs; -+ grub_device_t dev; -+ static grub_err_t r; -+ const char *devid = NULL; -+ char *blsdir = NULL; -+ struct find_entry_info info = { -+ .dev = NULL, -+ .fs = NULL, -+ .dirname = NULL, -+ }; -+ struct read_entry_info rei = { -+ .devid = NULL, -+ .dirname = NULL, -+ }; -+ -+ if (path) { -+ len = grub_strlen (path); -+ if (grub_strcmp (path + len - 5, ".conf") == 0) { -+ rei.file = grub_file_open (path, GRUB_FILE_TYPE_CONFIG); -+ if (!rei.file) -+ return grub_errno; -+ /* -+ * read_entry() closes the file -+ */ -+ return read_entry(path, NULL, &rei); -+ } else if (path[0] == '(') { -+ devid = path + 1; -+ -+ blsdir = grub_strchr (path, ')'); -+ if (!blsdir) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Filepath isn't correct")); -+ -+ *blsdir = '\0'; -+ blsdir = blsdir + 1; -+ } -+ } -+ -+ if (!devid) { -+#ifdef GRUB_MACHINE_EMU -+ devid = "host"; -+#else -+ devid = grub_env_get ("root"); -+#endif -+ if (!devid) -+ return grub_error (GRUB_ERR_FILE_NOT_FOUND, -+ N_("variable `%s' isn't set"), "root"); -+ } -+ -+ grub_dprintf ("blscfg", "opening %s\n", devid); -+ dev = grub_device_open (devid); -+ if (!dev) -+ return grub_errno; -+ -+ grub_dprintf ("blscfg", "probing fs\n"); -+ fs = grub_fs_probe (dev); -+ if (!fs) -+ { -+ r = grub_errno; -+ goto finish; -+ } -+ -+ info.dirname = blsdir; -+ info.devid = devid; -+ info.dev = dev; -+ info.fs = fs; -+ find_entry(&info); -+ -+finish: -+ if (dev) -+ grub_device_close (dev); -+ -+ return r; -+} -+ -+static bool -+is_default_entry(const char *def_entry, struct bls_entry *entry, int idx) -+{ -+ const char *title; -+ int def_idx; -+ -+ if (!def_entry) -+ return false; -+ -+ if (grub_strcmp(def_entry, entry->filename) == 0) -+ return true; -+ -+ title = bls_get_val(entry, "title", NULL); -+ -+ if (title && grub_strcmp(def_entry, title) == 0) -+ return true; -+ -+ def_idx = (int)grub_strtol(def_entry, NULL, 0); -+ if (grub_errno == GRUB_ERR_BAD_NUMBER) { -+ grub_errno = GRUB_ERR_NONE; -+ return false; -+ } -+ -+ if (def_idx == idx) -+ return true; -+ -+ return false; -+} -+ -+static grub_err_t -+bls_create_entries (bool show_default, bool show_non_default, char *entry_id) -+{ -+ const char *def_entry = NULL; -+ struct bls_entry *entry = NULL; -+ int idx = 0; -+ -+ def_entry = grub_env_get("default"); -+ -+ grub_dprintf ("blscfg", "%s Creating entries from bls\n", __func__); -+ FOR_BLS_ENTRIES(entry) { -+ if (entry->visible) { -+ idx++; -+ continue; -+ } -+ -+ if ((show_default && is_default_entry(def_entry, entry, idx)) || -+ (show_non_default && !is_default_entry(def_entry, entry, idx)) || -+ (entry_id && grub_strcmp(entry_id, entry->filename) == 0)) { -+ create_entry(entry); -+ entry->visible = 1; -+ } -+ idx++; -+ } -+ -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+grub_cmd_blscfg (grub_extcmd_context_t ctxt UNUSED, -+ int argc, char **args) -+{ -+ grub_err_t r; -+ char *path = NULL; -+ char *entry_id = NULL; -+ bool show_default = true; -+ bool show_non_default = true; -+ -+ if (argc == 1) { -+ if (grub_strcmp (args[0], "default") == 0) { -+ show_non_default = false; -+ } else if (grub_strcmp (args[0], "non-default") == 0) { -+ show_default = false; -+ } else if (args[0][0] == '(') { -+ path = args[0]; -+ } else { -+ entry_id = args[0]; -+ show_default = false; -+ show_non_default = false; -+ } -+ } -+ -+ r = bls_load_entries(path); -+ if (r) -+ return r; -+ -+ return bls_create_entries(show_default, show_non_default, entry_id); -+} -+ -+static grub_extcmd_t cmd; -+static grub_extcmd_t oldcmd; -+ -+GRUB_MOD_INIT(blscfg) -+{ -+ grub_dprintf("blscfg", "%s got here\n", __func__); -+ cmd = grub_register_extcmd ("blscfg", -+ grub_cmd_blscfg, -+ 0, -+ NULL, -+ N_("Import Boot Loader Specification snippets."), -+ NULL); -+ oldcmd = grub_register_extcmd ("bls_import", -+ grub_cmd_blscfg, -+ 0, -+ NULL, -+ N_("Import Boot Loader Specification snippets."), -+ NULL); -+} -+ -+GRUB_MOD_FINI(blscfg) -+{ -+ grub_unregister_extcmd (cmd); -+ grub_unregister_extcmd (oldcmd); -+} -diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c -index cc5971f4db..782761c31a 100644 ---- a/grub-core/commands/legacycfg.c -+++ b/grub-core/commands/legacycfg.c -@@ -143,7 +143,7 @@ legacy_file (const char *filename) - args[0] = oldname; - grub_normal_add_menu_entry (1, args, NULL, NULL, "legacy", - NULL, NULL, -- entrysrc, 0); -+ entrysrc, 0, NULL, NULL); - grub_free (args); - entrysrc[0] = 0; - grub_free (oldname); -@@ -205,7 +205,8 @@ legacy_file (const char *filename) - } - args[0] = entryname; - grub_normal_add_menu_entry (1, args, NULL, NULL, NULL, -- NULL, NULL, entrysrc, 0); -+ NULL, NULL, entrysrc, 0, NULL, -+ NULL); - grub_free (args); - } - -diff --git a/grub-core/commands/loadenv.c b/grub-core/commands/loadenv.c -index 3fd664aac3..163b9a0904 100644 ---- a/grub-core/commands/loadenv.c -+++ b/grub-core/commands/loadenv.c -@@ -28,6 +28,8 @@ - #include - #include - -+#include "loadenv.h" -+ - GRUB_MOD_LICENSE ("GPLv3+"); - - static const struct grub_arg_option options[] = -@@ -79,81 +81,6 @@ open_envblk_file (char *filename, - return file; - } - --static grub_envblk_t --read_envblk_file (grub_file_t file) --{ -- grub_off_t offset = 0; -- char *buf; -- grub_size_t size = grub_file_size (file); -- grub_envblk_t envblk; -- -- buf = grub_malloc (size); -- if (! buf) -- return 0; -- -- while (size > 0) -- { -- grub_ssize_t ret; -- -- ret = grub_file_read (file, buf + offset, size); -- if (ret <= 0) -- { -- grub_free (buf); -- return 0; -- } -- -- size -= ret; -- offset += ret; -- } -- -- envblk = grub_envblk_open (buf, offset); -- if (! envblk) -- { -- grub_free (buf); -- grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid environment block"); -- return 0; -- } -- -- return envblk; --} -- --struct grub_env_whitelist --{ -- grub_size_t len; -- char **list; --}; --typedef struct grub_env_whitelist grub_env_whitelist_t; -- --static int --test_whitelist_membership (const char* name, -- const grub_env_whitelist_t* whitelist) --{ -- grub_size_t i; -- -- for (i = 0; i < whitelist->len; i++) -- if (grub_strcmp (name, whitelist->list[i]) == 0) -- return 1; /* found it */ -- -- return 0; /* not found */ --} -- --/* Helper for grub_cmd_load_env. */ --static int --set_var (const char *name, const char *value, void *whitelist) --{ -- if (! whitelist) -- { -- grub_env_set (name, value); -- return 0; -- } -- -- if (test_whitelist_membership (name, -- (const grub_env_whitelist_t *) whitelist)) -- grub_env_set (name, value); -- -- return 0; --} -- - static grub_err_t - grub_cmd_load_env (grub_extcmd_context_t ctxt, int argc, char **args) - { -diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c -index 720e6d8ea3..b194123eb6 100644 ---- a/grub-core/commands/menuentry.c -+++ b/grub-core/commands/menuentry.c -@@ -78,7 +78,7 @@ grub_normal_add_menu_entry (int argc, const char **args, - char **classes, const char *id, - const char *users, const char *hotkey, - const char *prefix, const char *sourcecode, -- int submenu) -+ int submenu, int *index, struct bls_entry *bls) - { - int menu_hotkey = 0; - char **menu_args = NULL; -@@ -149,9 +149,12 @@ grub_normal_add_menu_entry (int argc, const char **args, - if (! menu_title) - goto fail; - -+ grub_dprintf ("menu", "id:\"%s\"\n", id); -+ grub_dprintf ("menu", "title:\"%s\"\n", menu_title); - menu_id = grub_strdup (id ? : menu_title); - if (! menu_id) - goto fail; -+ grub_dprintf ("menu", "menu_id:\"%s\"\n", menu_id); - - /* Save argc, args to pass as parameters to block arg later. */ - menu_args = grub_calloc (argc + 1, sizeof (char *)); -@@ -170,8 +173,12 @@ grub_normal_add_menu_entry (int argc, const char **args, - } - - /* Add the menu entry at the end of the list. */ -+ int ind=0; - while (*last) -- last = &(*last)->next; -+ { -+ ind++; -+ last = &(*last)->next; -+ } - - *last = grub_zalloc (sizeof (**last)); - if (! *last) -@@ -188,8 +195,11 @@ grub_normal_add_menu_entry (int argc, const char **args, - (*last)->args = menu_args; - (*last)->sourcecode = menu_sourcecode; - (*last)->submenu = submenu; -+ (*last)->bls = bls; - - menu->size++; -+ if (index) -+ *index = ind; - return GRUB_ERR_NONE; - - fail: -@@ -286,7 +296,8 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args) - users, - ctxt->state[2].arg, 0, - ctxt->state[3].arg, -- ctxt->extcmd->cmd->name[0] == 's'); -+ ctxt->extcmd->cmd->name[0] == 's', -+ NULL, NULL); - - src = args[argc - 1]; - args[argc - 1] = NULL; -@@ -303,7 +314,8 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args) - ctxt->state[0].args, ctxt->state[4].arg, - users, - ctxt->state[2].arg, prefix, src + 1, -- ctxt->extcmd->cmd->name[0] == 's'); -+ ctxt->extcmd->cmd->name[0] == 's', NULL, -+ NULL); - - src[len - 1] = ch; - args[argc - 1] = src; -diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 62571e6dfc..7ca2e5400b 100644 ---- a/grub-core/normal/main.c -+++ b/grub-core/normal/main.c -@@ -21,6 +21,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -70,6 +71,11 @@ grub_normal_free_menu (grub_menu_t menu) - grub_free (entry->args); - } - -+ if (entry->bls) -+ { -+ entry->bls->visible = 0; -+ } -+ - grub_free ((void *) entry->id); - grub_free ((void *) entry->users); - grub_free ((void *) entry->title); -diff --git a/grub-core/commands/loadenv.h b/grub-core/commands/loadenv.h -new file mode 100644 -index 0000000000..952f46121b ---- /dev/null -+++ b/grub-core/commands/loadenv.h -@@ -0,0 +1,93 @@ -+/* loadenv.c - command to load/save environment variable. */ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2008,2009,2010 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+static grub_envblk_t UNUSED -+read_envblk_file (grub_file_t file) -+{ -+ grub_off_t offset = 0; -+ char *buf; -+ grub_size_t size = grub_file_size (file); -+ grub_envblk_t envblk; -+ -+ buf = grub_malloc (size); -+ if (! buf) -+ return 0; -+ -+ while (size > 0) -+ { -+ grub_ssize_t ret; -+ -+ ret = grub_file_read (file, buf + offset, size); -+ if (ret <= 0) -+ { -+ grub_free (buf); -+ return 0; -+ } -+ -+ size -= ret; -+ offset += ret; -+ } -+ -+ envblk = grub_envblk_open (buf, offset); -+ if (! envblk) -+ { -+ grub_free (buf); -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid environment block"); -+ return 0; -+ } -+ -+ return envblk; -+} -+ -+struct grub_env_whitelist -+{ -+ grub_size_t len; -+ char **list; -+}; -+typedef struct grub_env_whitelist grub_env_whitelist_t; -+ -+static int UNUSED -+test_whitelist_membership (const char* name, -+ const grub_env_whitelist_t* whitelist) -+{ -+ grub_size_t i; -+ -+ for (i = 0; i < whitelist->len; i++) -+ if (grub_strcmp (name, whitelist->list[i]) == 0) -+ return 1; /* found it */ -+ -+ return 0; /* not found */ -+} -+ -+/* Helper for grub_cmd_load_env. */ -+static int UNUSED -+set_var (const char *name, const char *value, void *whitelist) -+{ -+ if (! whitelist) -+ { -+ grub_env_set (name, value); -+ return 0; -+ } -+ -+ if (test_whitelist_membership (name, -+ (const grub_env_whitelist_t *) whitelist)) -+ grub_env_set (name, value); -+ -+ return 0; -+} -diff --git a/include/grub/compiler.h b/include/grub/compiler.h -index 8f3be3ae70..ebafec6895 100644 ---- a/include/grub/compiler.h -+++ b/include/grub/compiler.h -@@ -56,4 +56,6 @@ - # define CLANG_PREREQ(maj,min) 0 - #endif - -+#define UNUSED __attribute__((__unused__)) -+ - #endif /* ! GRUB_COMPILER_HEADER */ -diff --git a/include/grub/menu.h b/include/grub/menu.h -index ee2b5e9104..0acdc2aa6b 100644 ---- a/include/grub/menu.h -+++ b/include/grub/menu.h -@@ -20,6 +20,16 @@ - #ifndef GRUB_MENU_HEADER - #define GRUB_MENU_HEADER 1 - -+struct bls_entry -+{ -+ struct bls_entry *next; -+ struct bls_entry *prev; -+ struct keyval **keyvals; -+ int nkeyvals; -+ char *filename; -+ int visible; -+}; -+ - struct grub_menu_entry_class - { - char *name; -@@ -60,6 +70,9 @@ struct grub_menu_entry - - /* The next element. */ - struct grub_menu_entry *next; -+ -+ /* BLS used to populate the entry */ -+ struct bls_entry *bls; - }; - typedef struct grub_menu_entry *grub_menu_entry_t; - -diff --git a/include/grub/normal.h b/include/grub/normal.h -index 218cbabcca..8839ad85a1 100644 ---- a/include/grub/normal.h -+++ b/include/grub/normal.h -@@ -145,7 +145,7 @@ grub_normal_add_menu_entry (int argc, const char **args, char **classes, - const char *id, - const char *users, const char *hotkey, - const char *prefix, const char *sourcecode, -- int submenu); -+ int submenu, int *index, struct bls_entry *bls); - - grub_err_t - grub_normal_set_password (const char *user, const char *password); diff --git a/SPECS/grub2/fedora/0022-Add-devicetree-loading.patch b/SPECS/grub2/fedora/0022-Add-devicetree-loading.patch deleted file mode 100644 index 466ddba83b..0000000000 --- a/SPECS/grub2/fedora/0022-Add-devicetree-loading.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 14 Jan 2014 13:12:23 -0500 -Subject: [PATCH] Add devicetree loading - -Signed-off-by: Peter Jones - -Switch to use APM Mustang device tree, for hardware testing. - -Signed-off-by: David A. Marlin - -Use the default device tree from the grub default file - -instead of hardcoding a value. - -Signed-off-by: David A. Marlin ---- - util/grub-mkconfig.in | 3 ++- - util/grub.d/10_linux.in | 15 +++++++++++++++ - 2 files changed, 17 insertions(+), 1 deletion(-) - -diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index d3e879b8e5..8ea2315ebc 100644 ---- a/util/grub-mkconfig.in -+++ b/util/grub-mkconfig.in -@@ -248,7 +248,8 @@ export GRUB_DEFAULT \ - GRUB_ENABLE_CRYPTODISK \ - GRUB_BADRAM \ - GRUB_OS_PROBER_SKIP_LIST \ -- GRUB_DISABLE_SUBMENU -+ GRUB_DISABLE_SUBMENU \ -+ GRUB_DEFAULT_DTB - - if test "x${grub_cfg}" != "x"; then - rm -f "${grub_cfg}.new" -diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index e8b01c0d0c..dc75a1c30b 100644 ---- a/util/grub.d/10_linux.in -+++ b/util/grub.d/10_linux.in -@@ -153,6 +153,13 @@ EOF - sed "s/^/$submenu_indentation/" << EOF - echo '$(echo "$message" | grub_quote)' - initrd $(echo $initrd_path) -+EOF -+ fi -+ if test -n "${fdt}" ; then -+ message="$(gettext_printf "Loading fdt ...")" -+ sed "s/^/$submenu_indentation/" << EOF -+ echo '$(echo "$message" | grub_quote)' -+ devicetree ${rel_dirname}/${fdt} - EOF - fi - sed "s/^/$submenu_indentation/" << EOF -@@ -236,6 +243,14 @@ while [ "x$list" != "x" ] ; do - gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2 - fi - -+ fdt= -+ for i in "dtb-${version}" "dtb-${alt_version}"; do -+ if test -f "${dirname}/${i}/${GRUB_DEFAULT_DTB}" ; then -+ fdt="${i}/${GRUB_DEFAULT_DTB}" -+ break -+ fi -+ done -+ - config= - for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do - if test -e "${i}" ; then diff --git a/SPECS/grub2/fedora/0023-Enable-pager-by-default.-985860.patch b/SPECS/grub2/fedora/0023-Enable-pager-by-default.-985860.patch deleted file mode 100644 index 63cf787be0..0000000000 --- a/SPECS/grub2/fedora/0023-Enable-pager-by-default.-985860.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 28 Oct 2013 10:09:27 -0400 -Subject: [PATCH] Enable pager by default. (#985860) - -Signed-off-by: Peter Jones ---- - util/grub.d/00_header.in | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in -index 93a90233ea..858b526c92 100644 ---- a/util/grub.d/00_header.in -+++ b/util/grub.d/00_header.in -@@ -43,6 +43,8 @@ if [ "x${GRUB_DEFAULT_BUTTON}" = "xsaved" ] ; then GRUB_DEFAULT_BUTTON='${saved_ - if [ "x${GRUB_TIMEOUT_BUTTON}" = "x" ] ; then GRUB_TIMEOUT_BUTTON="$GRUB_TIMEOUT" ; fi - - cat << EOF -+set pager=1 -+ - if [ -s \$prefix/grubenv ]; then - load_env - fi diff --git a/SPECS/grub2/fedora/0025-Add-.eh_frame-to-list-of-relocations-stripped.patch b/SPECS/grub2/fedora/0025-Add-.eh_frame-to-list-of-relocations-stripped.patch deleted file mode 100644 index 0532a041f8..0000000000 --- a/SPECS/grub2/fedora/0025-Add-.eh_frame-to-list-of-relocations-stripped.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Fedora Ninjas -Date: Mon, 13 Jan 2014 21:50:59 -0500 -Subject: [PATCH] Add .eh_frame to list of relocations stripped - ---- - conf/Makefile.common | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/conf/Makefile.common b/conf/Makefile.common -index 2a1a886f6d..191b1a70c6 100644 ---- a/conf/Makefile.common -+++ b/conf/Makefile.common -@@ -38,7 +38,7 @@ CFLAGS_KERNEL = $(CFLAGS_PLATFORM) -ffreestanding - LDFLAGS_KERNEL = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) - CPPFLAGS_KERNEL = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) -DGRUB_KERNEL=1 - CCASFLAGS_KERNEL = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM) --STRIPFLAGS_KERNEL = -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx -+STRIPFLAGS_KERNEL = -R .eh_frame -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx - - CFLAGS_MODULE = $(CFLAGS_PLATFORM) -ffreestanding - LDFLAGS_MODULE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d diff --git a/SPECS/grub2/fedora/0026-Don-t-require-a-password-to-boot-entries-generated-b.patch b/SPECS/grub2/fedora/0026-Don-t-require-a-password-to-boot-entries-generated-b.patch deleted file mode 100644 index 40c4efc058..0000000000 --- a/SPECS/grub2/fedora/0026-Don-t-require-a-password-to-boot-entries-generated-b.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 11 Feb 2014 11:14:50 -0500 -Subject: [PATCH] Don't require a password to boot entries generated by - grub-mkconfig. - -When we set a password, we just want that to mean you can't /edit/ an entry. - -Resolves: rhbz#1030176 - -Signed-off-by: Peter Jones -[AM: fix conflict] -Signed-off-by: Alexey Makhalov ---- - util/grub.d/10_linux.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 4a499c53a6..cf8d118698 100644 ---- a/util/grub.d/10_linux.in -+++ b/util/grub.d/10_linux.in -@@ -26,7 +26,7 @@ datarootdir="@datarootdir@" - export TEXTDOMAIN=@PACKAGE@ - export TEXTDOMAINDIR="@localedir@" - --CLASS="--class gnu-linux --class gnu --class os" -+CLASS="--class gnu-linux --class gnu --class os --unrestricted" - - if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then - OS=GNU/Linux diff --git a/SPECS/grub2/fedora/0027-use-fw_path-prefix-when-fallback-searching-for-grub-.patch b/SPECS/grub2/fedora/0027-use-fw_path-prefix-when-fallback-searching-for-grub-.patch deleted file mode 100644 index 1da91e1061..0000000000 --- a/SPECS/grub2/fedora/0027-use-fw_path-prefix-when-fallback-searching-for-grub-.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Fedora Ninjas -Date: Wed, 19 Feb 2014 15:58:43 -0500 -Subject: [PATCH] use fw_path prefix when fallback searching for grub config - -When PXE booting via UEFI firmware, grub was searching for grub.cfg -in the fw_path directory where the grub application was found. If -that didn't exist, a fallback search would look for config file names -based on MAC and IP address. However, the search would look in the -prefix directory which may not be the same fw_path. This patch -changes that behavior to use the fw_path directory for the fallback -search. Only if fw_path is NULL will the prefix directory be searched. - -Signed-off-by: Mark Salter ---- - grub-core/normal/main.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 98372217ad..bf24e65713 100644 ---- a/grub-core/normal/main.c -+++ b/grub-core/normal/main.c -@@ -347,7 +347,7 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), - char *config; - const char *prefix, *fw_path; - -- fw_path = grub_env_get ("fw_path"); -+ prefix = fw_path = grub_env_get ("fw_path"); - if (fw_path) - { - config = grub_xasprintf ("%s/grub.cfg", fw_path); -@@ -370,7 +370,8 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), - } - } - -- prefix = grub_env_get ("prefix"); -+ if (! prefix) -+ prefix = grub_env_get ("prefix"); - if (prefix) - { - grub_size_t config_len; diff --git a/SPECS/grub2/fedora/0028-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch b/SPECS/grub2/fedora/0028-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch deleted file mode 100644 index 0d77281393..0000000000 --- a/SPECS/grub2/fedora/0028-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch +++ /dev/null @@ -1,127 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 8 Jul 2019 17:33:22 +0200 -Subject: [PATCH] Try mac/guid/etc before grub.cfg on tftp config files. - -Signed-off-by: Peter Jones ---- - grub-core/normal/main.c | 97 ++++++++++++++++++++++++++----------------------- - 1 file changed, 51 insertions(+), 46 deletions(-) - -diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index bf24e65713..0a99768f75 100644 ---- a/grub-core/normal/main.c -+++ b/grub-core/normal/main.c -@@ -345,61 +345,66 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), - /* Guess the config filename. It is necessary to make CONFIG static, - so that it won't get broken by longjmp. */ - char *config; -- const char *prefix, *fw_path; -- -- prefix = fw_path = grub_env_get ("fw_path"); -- if (fw_path) -- { -- config = grub_xasprintf ("%s/grub.cfg", fw_path); -- if (config) -- { -- grub_file_t file; -- -- file = grub_file_open (config, GRUB_FILE_TYPE_CONFIG); -- if (file) -- { -- grub_file_close (file); -- grub_enter_normal_mode (config); -- } -- else -- { -- /* Ignore all errors. */ -- grub_errno = 0; -- } -- grub_free (config); -- } -- } -+ const char *prefix; -+ const char *net_search_cfg; -+ int disable_net_search = 0; - -+ prefix = grub_env_get ("fw_path"); - if (! prefix) - prefix = grub_env_get ("prefix"); -+ -+ net_search_cfg = grub_env_get ("feature_net_search_cfg"); -+ if (net_search_cfg && net_search_cfg[0] == 'n') -+ disable_net_search = 1; -+ - if (prefix) - { -- grub_size_t config_len; -- int disable_net_search = 0; -- const char *net_search_cfg; -- -- config_len = grub_strlen (prefix) + -- sizeof ("/grub.cfg-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"); -- config = grub_malloc (config_len); -- -- if (!config) -- goto quit; -- -- grub_snprintf (config, config_len, "%s/grub.cfg", prefix); -- -- net_search_cfg = grub_env_get ("feature_net_search_cfg"); -- if (net_search_cfg && net_search_cfg[0] == 'n') -- disable_net_search = 1; -- - if (grub_strncmp (prefix + 1, "tftp", sizeof ("tftp") - 1) == 0 && - !disable_net_search) -- grub_net_search_config_file (config); -+ { -+ grub_size_t config_len; -+ config_len = grub_strlen (prefix) + -+ sizeof ("/grub.cfg-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"); -+ config = grub_malloc (config_len); - -- grub_enter_normal_mode (config); -- grub_free (config); -- } -+ if (! config) -+ goto quit; -+ -+ grub_snprintf (config, config_len, "%s/grub.cfg", prefix); -+ -+ grub_net_search_configfile (config); -+ -+ grub_enter_normal_mode (config); -+ grub_free (config); -+ config = NULL; -+ } -+ -+ if (!config) -+ { -+ config = grub_xasprintf ("%s/grub.cfg", prefix); -+ if (config) -+ { -+ grub_file_t file; -+ -+ file = grub_file_open (config, GRUB_FILE_TYPE_CONFIG); -+ if (file) -+ { -+ grub_file_close (file); -+ grub_enter_normal_mode (config); -+ } -+ else -+ { -+ /* Ignore all errors. */ -+ grub_errno = 0; -+ } -+ grub_free (config); -+ } -+ } -+ } - else -- grub_enter_normal_mode (0); -+ { -+ grub_enter_normal_mode (0); -+ } - } - else - grub_enter_normal_mode (argv[0]); diff --git a/SPECS/grub2/fedora/0031-Try-prefix-if-fw_path-doesn-t-work.patch b/SPECS/grub2/fedora/0031-Try-prefix-if-fw_path-doesn-t-work.patch deleted file mode 100644 index a1c0d9e9d2..0000000000 --- a/SPECS/grub2/fedora/0031-Try-prefix-if-fw_path-doesn-t-work.patch +++ /dev/null @@ -1,222 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 9 Jul 2019 10:35:16 +0200 -Subject: [PATCH] Try $prefix if $fw_path doesn't work. - -Related: rhbz#1148652 - -Signed-off-by: Peter Jones ---- - grub-core/kern/ieee1275/init.c | 28 +++++---- - grub-core/net/net.c | 2 +- - grub-core/normal/main.c | 134 ++++++++++++++++++++--------------------- - 3 files changed, 82 insertions(+), 82 deletions(-) - -diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index e71d158416..0cd2a62723 100644 ---- a/grub-core/kern/ieee1275/init.c -+++ b/grub-core/kern/ieee1275/init.c -@@ -127,23 +127,25 @@ grub_machine_get_bootlocation (char **device, char **path) - grub_free (canon); - } - else -- *device = grub_ieee1275_encode_devname (bootpath); -- grub_free (type); -- -- filename = grub_ieee1275_get_filename (bootpath); -- if (filename) - { -- char *lastslash = grub_strrchr (filename, '\\'); -- -- /* Truncate at last directory. */ -- if (lastslash) -+ filename = grub_ieee1275_get_filename (bootpath); -+ if (filename) - { -- *lastslash = '\0'; -- grub_translate_ieee1275_path (filename); -+ char *lastslash = grub_strrchr (filename, '\\'); - -- *path = filename; -- } -+ /* Truncate at last directory. */ -+ if (lastslash) -+ { -+ *lastslash = '\0'; -+ grub_translate_ieee1275_path (filename); -+ -+ *path = filename; -+ } -+ } -+ *device = grub_ieee1275_encode_devname (bootpath); - } -+ -+ grub_free (type); - grub_free (bootpath); - } - -diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index 4d3eb5c1a5..0ef148f4ad 100644 ---- a/grub-core/net/net.c -+++ b/grub-core/net/net.c -@@ -1869,7 +1869,7 @@ grub_net_search_config_file (char *config) - /* Remove the remaining minus sign at the end. */ - config[config_len] = '\0'; - -- return GRUB_ERR_NONE; -+ return GRUB_ERR_FILE_NOT_FOUND; - } - - static struct grub_preboot *fini_hnd; -diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 0a99768f75..55558cc0b9 100644 ---- a/grub-core/normal/main.c -+++ b/grub-core/normal/main.c -@@ -335,81 +335,79 @@ grub_enter_normal_mode (const char *config) - grub_boot_time ("Exiting normal mode"); - } - -+static grub_err_t -+grub_try_normal (const char *variable) -+{ -+ char *config; -+ const char *prefix; -+ grub_err_t err = GRUB_ERR_FILE_NOT_FOUND; -+ const char *net_search_cfg; -+ int disable_net_search = 0; -+ -+ prefix = grub_env_get (variable); -+ if (!prefix) -+ return GRUB_ERR_FILE_NOT_FOUND; -+ -+ net_search_cfg = grub_env_get ("feature_net_search_cfg"); -+ if (net_search_cfg && net_search_cfg[0] == 'n') -+ disable_net_search = 1; -+ -+ if (grub_strncmp (prefix + 1, "tftp", sizeof ("tftp") - 1) == 0 && -+ !disable_net_search) -+ { -+ grub_size_t config_len; -+ config_len = grub_strlen (prefix) + -+ sizeof ("/grub.cfg-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"); -+ config = grub_malloc (config_len); -+ -+ if (! config) -+ return GRUB_ERR_FILE_NOT_FOUND; -+ -+ grub_snprintf (config, config_len, "%s/grub.cfg", prefix); -+ err = grub_net_search_config_file (config); -+ } -+ -+ if (err != GRUB_ERR_NONE) -+ { -+ config = grub_xasprintf ("%s/grub.cfg", prefix); -+ if (config) -+ { -+ grub_file_t file; -+ file = grub_file_open (config, GRUB_FILE_TYPE_CONFIG); -+ if (file) -+ { -+ grub_file_close (file); -+ err = GRUB_ERR_NONE; -+ } -+ } -+ } -+ -+ if (err == GRUB_ERR_NONE) -+ grub_enter_normal_mode (config); -+ -+ grub_errno = 0; -+ grub_free (config); -+ return err; -+} -+ - /* Enter normal mode from rescue mode. */ - static grub_err_t - grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), - int argc, char *argv[]) - { -- if (argc == 0) -- { -- /* Guess the config filename. It is necessary to make CONFIG static, -- so that it won't get broken by longjmp. */ -- char *config; -- const char *prefix; -- const char *net_search_cfg; -- int disable_net_search = 0; -- -- prefix = grub_env_get ("fw_path"); -- if (! prefix) -- prefix = grub_env_get ("prefix"); -- -- net_search_cfg = grub_env_get ("feature_net_search_cfg"); -- if (net_search_cfg && net_search_cfg[0] == 'n') -- disable_net_search = 1; -- -- if (prefix) -- { -- if (grub_strncmp (prefix + 1, "tftp", sizeof ("tftp") - 1) == 0 && -- !disable_net_search) -- { -- grub_size_t config_len; -- config_len = grub_strlen (prefix) + -- sizeof ("/grub.cfg-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"); -- config = grub_malloc (config_len); -- -- if (! config) -- goto quit; -- -- grub_snprintf (config, config_len, "%s/grub.cfg", prefix); -- -- grub_net_search_configfile (config); -- -- grub_enter_normal_mode (config); -- grub_free (config); -- config = NULL; -- } -- -- if (!config) -- { -- config = grub_xasprintf ("%s/grub.cfg", prefix); -- if (config) -- { -- grub_file_t file; -- -- file = grub_file_open (config, GRUB_FILE_TYPE_CONFIG); -- if (file) -- { -- grub_file_close (file); -- grub_enter_normal_mode (config); -- } -- else -- { -- /* Ignore all errors. */ -- grub_errno = 0; -- } -- grub_free (config); -- } -- } -- } -- else -- { -- grub_enter_normal_mode (0); -- } -- } -- else -+ if (argc) - grub_enter_normal_mode (argv[0]); -+ else -+ { -+ /* Guess the config filename. */ -+ grub_err_t err; -+ err = grub_try_normal ("fw_path"); -+ if (err == GRUB_ERR_FILE_NOT_FOUND) -+ err = grub_try_normal ("prefix"); -+ if (err == GRUB_ERR_FILE_NOT_FOUND) -+ grub_enter_normal_mode (0); -+ } - --quit: - return 0; - } - diff --git a/SPECS/grub2/fedora/0032-Make-grub2-mkconfig-construct-titles-that-look-like-.patch b/SPECS/grub2/fedora/0032-Make-grub2-mkconfig-construct-titles-that-look-like-.patch deleted file mode 100644 index db101c0229..0000000000 --- a/SPECS/grub2/fedora/0032-Make-grub2-mkconfig-construct-titles-that-look-like-.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 28 Apr 2015 11:15:03 -0400 -Subject: [PATCH] Make grub2-mkconfig construct titles that look like the ones - we want elsewhere. - -Resolves: rhbz#1215839 - -Signed-off-by: Peter Jones ---- - util/grub.d/10_linux.in | 34 +++++++++++++++++++++++++++------- - 1 file changed, 27 insertions(+), 7 deletions(-) - -diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 5f6d3c8d52..786dbabb4a 100644 ---- a/util/grub.d/10_linux.in -+++ b/util/grub.d/10_linux.in -@@ -78,6 +78,32 @@ case x"$GRUB_FS" in - ;; - esac - -+mktitle () -+{ -+ local title_type -+ local version -+ local OS_NAME -+ local OS_VERS -+ -+ title_type=$1 && shift -+ version=$1 && shift -+ -+ OS_NAME="$(eval $(grep ^NAME= /etc/os-release) ; echo ${NAME})" -+ OS_VERS="$(eval $(grep ^VERSION= /etc/os-release) ; echo ${VERSION})" -+ -+ case $title_type in -+ recovery) -+ title=$(printf '%s (%s) %s (recovery mode)' \ -+ "${OS_NAME}" "${version}" "${OS_VERS}") -+ ;; -+ *) -+ title=$(printf '%s (%s) %s' \ -+ "${OS_NAME}" "${version}" "${OS_VERS}") -+ ;; -+ esac -+ echo -n ${title} -+} -+ - title_correction_code= - - linux_entry () -@@ -91,17 +117,11 @@ linux_entry () - boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" - fi - if [ x$type != xsimple ] ; then -- case $type in -- recovery) -- title="$(gettext_printf "%s, with Linux %s (recovery mode)" "${os}" "${version}")" ;; -- *) -- title="$(gettext_printf "%s, with Linux %s" "${os}" "${version}")" ;; -- esac -+ title=$(mktitle "$type" "$version") - if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then - replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')" - quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)" - title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;" -- grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "gnulinux-advanced-$boot_device_id>gnulinux-$version-$type-$boot_device_id")" - fi - echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/" - else diff --git a/SPECS/grub2/fedora/0035-efinet-and-bootp-add-support-for-dhcpv6.patch b/SPECS/grub2/fedora/0035-efinet-and-bootp-add-support-for-dhcpv6.patch deleted file mode 100644 index efeeee0adf..0000000000 --- a/SPECS/grub2/fedora/0035-efinet-and-bootp-add-support-for-dhcpv6.patch +++ /dev/null @@ -1,651 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 9 Jul 2019 11:47:37 +0200 -Subject: [PATCH] efinet and bootp: add support for dhcpv6 - -Signed-off-by: Peter Jones ---- - grub-core/net/bootp.c | 173 +++++++++++++++++++++++++++++++++++++ - grub-core/net/drivers/efi/efinet.c | 53 ++++++++++-- - grub-core/net/net.c | 72 +++++++++++++++ - grub-core/net/tftp.c | 4 + - include/grub/efi/api.h | 129 +++++++++++++++++++++++++-- - include/grub/net.h | 60 +++++++++++++ - 6 files changed, 477 insertions(+), 14 deletions(-) - -diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c -index 6fb5627025..e28fb6a09f 100644 ---- a/grub-core/net/bootp.c -+++ b/grub-core/net/bootp.c -@@ -902,6 +902,179 @@ grub_cmd_bootp (struct grub_command *cmd __attribute__ ((unused)), - - static grub_command_t cmd_getdhcp, cmd_bootp, cmd_dhcp; - -+struct grub_net_network_level_interface * -+grub_net_configure_by_dhcpv6_ack (const char *name, -+ struct grub_net_card *card, -+ grub_net_interface_flags_t flags -+ __attribute__((__unused__)), -+ const grub_net_link_level_address_t *hwaddr, -+ const struct grub_net_dhcpv6_packet *packet, -+ int is_def, char **device, char **path) -+{ -+ struct grub_net_network_level_interface *inter = NULL; -+ struct grub_net_network_level_address addr; -+ int mask = -1; -+ -+ if (!device || !path) -+ return NULL; -+ -+ *device = 0; -+ *path = 0; -+ -+ grub_dprintf ("net", "mac address is %02x:%02x:%02x:%02x:%02x:%02x\n", -+ hwaddr->mac[0], hwaddr->mac[1], hwaddr->mac[2], -+ hwaddr->mac[3], hwaddr->mac[4], hwaddr->mac[5]); -+ -+ if (is_def) -+ grub_net_default_server = 0; -+ -+ if (is_def && !grub_net_default_server && packet) -+ { -+ const grub_uint8_t *options = packet->dhcp_options; -+ unsigned int option_max = 1024 - OFFSET_OF (dhcp_options, packet); -+ unsigned int i; -+ -+ for (i = 0; i < option_max - sizeof (grub_net_dhcpv6_option_t); ) -+ { -+ grub_uint16_t num, len; -+ grub_net_dhcpv6_option_t *opt = -+ (grub_net_dhcpv6_option_t *)(options + i); -+ -+ num = grub_be_to_cpu16(opt->option_num); -+ len = grub_be_to_cpu16(opt->option_len); -+ -+ grub_dprintf ("net", "got dhcpv6 option %d len %d\n", num, len); -+ -+ if (len == 0) -+ break; -+ -+ if (len + i > 1024) -+ break; -+ -+ if (num == GRUB_NET_DHCP6_BOOTFILE_URL) -+ { -+ char *scheme, *userinfo, *host, *file; -+ char *tmp; -+ int hostlen; -+ int port; -+ int rc = extract_url_info ((const char *)opt->option_data, -+ (grub_size_t)len, -+ &scheme, &userinfo, &host, &port, -+ &file); -+ if (rc < 0) -+ continue; -+ -+ /* right now this only handles tftp. */ -+ if (grub_strcmp("tftp", scheme)) -+ { -+ grub_free (scheme); -+ grub_free (userinfo); -+ grub_free (host); -+ grub_free (file); -+ continue; -+ } -+ grub_free (userinfo); -+ -+ hostlen = grub_strlen (host); -+ if (hostlen > 2 && host[0] == '[' && host[hostlen-1] == ']') -+ { -+ tmp = host+1; -+ host[hostlen-1] = '\0'; -+ } -+ else -+ tmp = host; -+ -+ *device = grub_xasprintf ("%s,%s", scheme, tmp); -+ grub_free (scheme); -+ grub_free (host); -+ -+ if (file && *file) -+ { -+ tmp = grub_strrchr (file, '/'); -+ if (tmp) -+ *(tmp+1) = '\0'; -+ else -+ file[0] = '\0'; -+ } -+ else if (!file) -+ file = grub_strdup (""); -+ -+ if (file[0] == '/') -+ { -+ *path = grub_strdup (file+1); -+ grub_free (file); -+ } -+ else -+ *path = file; -+ } -+ else if (num == GRUB_NET_DHCP6_IA_NA) -+ { -+ const grub_net_dhcpv6_option_t *ia_na_opt; -+ const grub_net_dhcpv6_opt_ia_na_t *ia_na = -+ (const grub_net_dhcpv6_opt_ia_na_t *)opt; -+ unsigned int left = len - OFFSET_OF (options, ia_na); -+ unsigned int j; -+ -+ if ((grub_uint8_t *)ia_na + left > -+ (grub_uint8_t *)options + option_max) -+ left -= ((grub_uint8_t *)ia_na + left) -+ - ((grub_uint8_t *)options + option_max); -+ -+ if (len < OFFSET_OF (option_data, opt) -+ + sizeof (grub_net_dhcpv6_option_t)) -+ { -+ grub_dprintf ("net", -+ "found dhcpv6 ia_na option with no address\n"); -+ continue; -+ } -+ -+ for (j = 0; left > sizeof (grub_net_dhcpv6_option_t); ) -+ { -+ ia_na_opt = (const grub_net_dhcpv6_option_t *) -+ (ia_na->options + j); -+ grub_uint16_t ia_na_opt_num, ia_na_opt_len; -+ -+ ia_na_opt_num = grub_be_to_cpu16 (ia_na_opt->option_num); -+ ia_na_opt_len = grub_be_to_cpu16 (ia_na_opt->option_len); -+ if (ia_na_opt_len == 0) -+ break; -+ if (j + ia_na_opt_len > left) -+ break; -+ if (ia_na_opt_num == GRUB_NET_DHCP6_IA_ADDRESS) -+ { -+ const grub_net_dhcpv6_opt_ia_address_t *ia_addr; -+ -+ ia_addr = (const grub_net_dhcpv6_opt_ia_address_t *) -+ ia_na_opt; -+ addr.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; -+ grub_memcpy(addr.ipv6, ia_addr->ipv6_address, -+ sizeof (ia_addr->ipv6_address)); -+ inter = grub_net_add_addr (name, card, &addr, hwaddr, 0); -+ } -+ -+ j += ia_na_opt_len; -+ left -= ia_na_opt_len; -+ } -+ } -+ -+ i += len + 4; -+ } -+ -+ grub_print_error (); -+ } -+ -+ if (is_def) -+ { -+ grub_env_set ("net_default_interface", name); -+ grub_env_export ("net_default_interface"); -+ } -+ -+ if (inter) -+ grub_net_add_ipv6_local (inter, mask); -+ return inter; -+} -+ -+ - void - grub_bootp_init (void) - { -diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 5388f952ba..173fb63153 100644 ---- a/grub-core/net/drivers/efi/efinet.c -+++ b/grub-core/net/drivers/efi/efinet.c -@@ -18,11 +18,14 @@ - - #include - #include -+#include - #include - #include - #include - #include - #include -+#include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -329,7 +332,7 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, - char **path) - { - struct grub_net_card *card; -- grub_efi_device_path_t *dp; -+ grub_efi_device_path_t *dp, *ldp = NULL; - - dp = grub_efi_get_device_path (hnd); - if (! dp) -@@ -340,14 +343,19 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, - grub_efi_device_path_t *cdp; - struct grub_efi_pxe *pxe; - struct grub_efi_pxe_mode *pxe_mode; -+ - if (card->driver != &efidriver) - continue; -+ - cdp = grub_efi_get_device_path (card->efi_handle); - if (! cdp) - continue; -+ -+ ldp = grub_efi_find_last_device_path (dp); -+ - if (grub_efi_compare_device_paths (dp, cdp) != 0) - { -- grub_efi_device_path_t *ldp, *dup_dp, *dup_ldp; -+ grub_efi_device_path_t *dup_dp, *dup_ldp; - int match; - - /* EDK2 UEFI PXE driver creates pseudo devices with type IPv4/IPv6 -@@ -356,7 +364,6 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, - devices. We skip them when enumerating cards, so here we need to - find matching MAC device. - */ -- ldp = grub_efi_find_last_device_path (dp); - if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE - || (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE - && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE)) -@@ -373,16 +380,46 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, - if (!match) - continue; - } -+ - pxe = grub_efi_open_protocol (hnd, &pxe_io_guid, - GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); - if (! pxe) - continue; -+ - pxe_mode = pxe->mode; -- grub_net_configure_by_dhcp_ack (card->name, card, 0, -- (struct grub_net_bootp_packet *) -- &pxe_mode->dhcp_ack, -- sizeof (pxe_mode->dhcp_ack), -- 1, device, path); -+ if (pxe_mode->using_ipv6) -+ { -+ grub_net_link_level_address_t hwaddr; -+ struct grub_net_network_level_interface *intf; -+ -+ grub_dprintf ("efinet", "using ipv6 and dhcpv6\n"); -+ grub_dprintf ("efinet", "dhcp_ack_received: %s%s\n", -+ pxe_mode->dhcp_ack_received ? "yes" : "no", -+ pxe_mode->dhcp_ack_received ? "" : " cannot continue"); -+ if (!pxe_mode->dhcp_ack_received) -+ continue; -+ -+ hwaddr.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; -+ grub_memcpy (hwaddr.mac, -+ card->efi_net->mode->current_address, -+ sizeof (hwaddr.mac)); -+ -+ intf = grub_net_configure_by_dhcpv6_ack (card->name, card, 0, &hwaddr, -+ (const struct grub_net_dhcpv6_packet *)&pxe_mode->dhcp_ack.dhcpv6, -+ 1, device, path); -+ if (intf && device && path) -+ grub_dprintf ("efinet", "device: `%s' path: `%s'\n", *device, *path); -+ } -+ else -+ { -+ grub_dprintf ("efinet", "using ipv4 and dhcp\n"); -+ grub_net_configure_by_dhcp_ack (card->name, card, 0, -+ (struct grub_net_bootp_packet *) -+ &pxe_mode->dhcp_ack, -+ sizeof (pxe_mode->dhcp_ack), -+ 1, device, path); -+ grub_dprintf ("efinet", "device: `%s' path: `%s'\n", *device, *path); -+ } - return; - } - } -diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index 0ef148f4ad..22f2689aae 100644 ---- a/grub-core/net/net.c -+++ b/grub-core/net/net.c -@@ -960,6 +960,78 @@ grub_net_network_level_interface_register (struct grub_net_network_level_interfa - grub_net_network_level_interfaces = inter; - } - -+int -+grub_ipv6_get_masksize (grub_uint16_t be_mask[8]) -+{ -+ grub_uint8_t *mask; -+ grub_uint16_t mask16[8]; -+ int x, y; -+ int ret = 128; -+ -+ grub_memcpy (mask16, be_mask, sizeof (mask16)); -+ for (x = 0; x < 8; x++) -+ mask16[x] = grub_be_to_cpu16 (mask16[x]); -+ -+ mask = (grub_uint8_t *)mask16; -+ -+ for (x = 15; x >= 0; x--) -+ { -+ grub_uint8_t octet = mask[x]; -+ if (!octet) -+ { -+ ret -= 8; -+ continue; -+ } -+ for (y = 0; y < 8; y++) -+ { -+ if (octet & (1 << y)) -+ break; -+ else -+ ret--; -+ } -+ break; -+ } -+ -+ return ret; -+} -+ -+grub_err_t -+grub_net_add_ipv6_local (struct grub_net_network_level_interface *inter, -+ int mask) -+{ -+ struct grub_net_route *route; -+ -+ if (inter->address.type != GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6) -+ return 0; -+ -+ if (mask == -1) -+ mask = grub_ipv6_get_masksize ((grub_uint16_t *)inter->address.ipv6); -+ -+ if (mask == -1) -+ return 0; -+ -+ route = grub_zalloc (sizeof (*route)); -+ if (!route) -+ return grub_errno; -+ -+ route->name = grub_xasprintf ("%s:local", inter->name); -+ if (!route->name) -+ { -+ grub_free (route); -+ return grub_errno; -+ } -+ -+ route->target.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; -+ grub_memcpy (route->target.ipv6.base, inter->address.ipv6, -+ sizeof (inter->address.ipv6)); -+ route->target.ipv6.masksize = mask; -+ route->is_gateway = 0; -+ route->interface = inter; -+ -+ grub_net_route_register (route); -+ -+ return 0; -+} - - grub_err_t - grub_net_add_ipv4_local (struct grub_net_network_level_interface *inter, -diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c -index 7f44b30f52..4ab2f5c735 100644 ---- a/grub-core/net/tftp.c -+++ b/grub-core/net/tftp.c -@@ -358,18 +358,22 @@ tftp_open (struct grub_file *file, const char *filename) - file->not_easily_seekable = 1; - file->data = data; - -+ grub_dprintf("tftp", "resolving address for %s\n", file->device->net->server); - err = grub_net_resolve_address (file->device->net->server, &addr); - if (err) - { -+ grub_dprintf("tftp", "Address resolution failed: %d\n", err); - grub_free (data); - return err; - } - -+ grub_dprintf("tftp", "opening connection\n"); - data->sock = grub_net_udp_open (addr, - TFTP_SERVER_PORT, tftp_receive, - file); - if (!data->sock) - { -+ grub_dprintf("tftp", "connection failed\n"); - grub_free (data); - return grub_errno; - } -diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index f1a52210c0..117469450d 100644 ---- a/include/grub/efi/api.h -+++ b/include/grub/efi/api.h -@@ -592,10 +592,16 @@ typedef void *grub_efi_handle_t; - typedef void *grub_efi_event_t; - typedef grub_efi_uint64_t grub_efi_lba_t; - typedef grub_efi_uintn_t grub_efi_tpl_t; --typedef grub_uint8_t grub_efi_mac_address_t[32]; --typedef grub_uint8_t grub_efi_ipv4_address_t[4]; --typedef grub_uint16_t grub_efi_ipv6_address_t[8]; --typedef grub_uint8_t grub_efi_ip_address_t[8] __attribute__ ((aligned(4))); -+typedef grub_efi_uint8_t grub_efi_mac_address_t[32]; -+typedef grub_efi_uint8_t grub_efi_ipv4_address_t[4]; -+typedef grub_efi_uint8_t grub_efi_ipv6_address_t[16]; -+typedef union -+{ -+ grub_efi_uint32_t addr[4]; -+ grub_efi_ipv4_address_t v4; -+ grub_efi_ipv6_address_t v6; -+} grub_efi_ip_address_t __attribute__ ((aligned(4))); -+ - typedef grub_efi_uint64_t grub_efi_physical_address_t; - typedef grub_efi_uint64_t grub_efi_virtual_address_t; - -@@ -1474,16 +1480,127 @@ struct grub_efi_simple_text_output_interface - }; - typedef struct grub_efi_simple_text_output_interface grub_efi_simple_text_output_interface_t; - --typedef grub_uint8_t grub_efi_pxe_packet_t[1472]; -+typedef struct grub_efi_pxe_dhcpv4_packet -+{ -+ grub_efi_uint8_t bootp_opcode; -+ grub_efi_uint8_t bootp_hwtype; -+ grub_efi_uint8_t bootp_hwaddr_len; -+ grub_efi_uint8_t bootp_gate_hops; -+ grub_efi_uint32_t bootp_ident; -+ grub_efi_uint16_t bootp_seconds; -+ grub_efi_uint16_t bootp_flags; -+ grub_efi_uint8_t bootp_ci_addr[4]; -+ grub_efi_uint8_t bootp_yi_addr[4]; -+ grub_efi_uint8_t bootp_si_addr[4]; -+ grub_efi_uint8_t bootp_gi_addr[4]; -+ grub_efi_uint8_t bootp_hw_addr[16]; -+ grub_efi_uint8_t bootp_srv_name[64]; -+ grub_efi_uint8_t bootp_boot_file[128]; -+ grub_efi_uint32_t dhcp_magik; -+ grub_efi_uint8_t dhcp_options[56]; -+} grub_efi_pxe_dhcpv4_packet_t; -+ -+struct grub_efi_pxe_dhcpv6_packet -+{ -+ grub_efi_uint32_t message_type:8; -+ grub_efi_uint32_t transaction_id:24; -+ grub_efi_uint8_t dhcp_options[1024]; -+} GRUB_PACKED; -+typedef struct grub_efi_pxe_dhcpv6_packet grub_efi_pxe_dhcpv6_packet_t; -+ -+typedef union -+{ -+ grub_efi_uint8_t raw[1472]; -+ grub_efi_pxe_dhcpv4_packet_t dhcpv4; -+ grub_efi_pxe_dhcpv6_packet_t dhcpv6; -+} grub_efi_pxe_packet_t; -+ -+#define GRUB_EFI_PXE_MAX_IPCNT 8 -+#define GRUB_EFI_PXE_MAX_ARP_ENTRIES 8 -+#define GRUB_EFI_PXE_MAX_ROUTE_ENTRIES 8 -+ -+typedef struct grub_efi_pxe_ip_filter -+{ -+ grub_efi_uint8_t filters; -+ grub_efi_uint8_t ip_count; -+ grub_efi_uint8_t reserved; -+ grub_efi_ip_address_t ip_list[GRUB_EFI_PXE_MAX_IPCNT]; -+} grub_efi_pxe_ip_filter_t; -+ -+typedef struct grub_efi_pxe_arp_entry -+{ -+ grub_efi_ip_address_t ip_addr; -+ grub_efi_mac_address_t mac_addr; -+} grub_efi_pxe_arp_entry_t; -+ -+typedef struct grub_efi_pxe_route_entry -+{ -+ grub_efi_ip_address_t ip_addr; -+ grub_efi_ip_address_t subnet_mask; -+ grub_efi_ip_address_t gateway_addr; -+} grub_efi_pxe_route_entry_t; -+ -+typedef struct grub_efi_pxe_icmp_error -+{ -+ grub_efi_uint8_t type; -+ grub_efi_uint8_t code; -+ grub_efi_uint16_t checksum; -+ union -+ { -+ grub_efi_uint32_t reserved; -+ grub_efi_uint32_t mtu; -+ grub_efi_uint32_t pointer; -+ struct -+ { -+ grub_efi_uint16_t identifier; -+ grub_efi_uint16_t sequence; -+ } echo; -+ } u; -+ grub_efi_uint8_t data[494]; -+} grub_efi_pxe_icmp_error_t; -+ -+typedef struct grub_efi_pxe_tftp_error -+{ -+ grub_efi_uint8_t error_code; -+ grub_efi_char8_t error_string[127]; -+} grub_efi_pxe_tftp_error_t; - - typedef struct grub_efi_pxe_mode - { -- grub_uint8_t unused[52]; -+ grub_efi_boolean_t started; -+ grub_efi_boolean_t ipv6_available; -+ grub_efi_boolean_t ipv6_supported; -+ grub_efi_boolean_t using_ipv6; -+ grub_efi_boolean_t bis_supported; -+ grub_efi_boolean_t bis_detected; -+ grub_efi_boolean_t auto_arp; -+ grub_efi_boolean_t send_guid; -+ grub_efi_boolean_t dhcp_discover_valid; -+ grub_efi_boolean_t dhcp_ack_received; -+ grub_efi_boolean_t proxy_offer_received; -+ grub_efi_boolean_t pxe_discover_valid; -+ grub_efi_boolean_t pxe_reply_received; -+ grub_efi_boolean_t pxe_bis_reply_received; -+ grub_efi_boolean_t icmp_error_received; -+ grub_efi_boolean_t tftp_error_received; -+ grub_efi_boolean_t make_callbacks; -+ grub_efi_uint8_t ttl; -+ grub_efi_uint8_t tos; -+ grub_efi_ip_address_t station_ip; -+ grub_efi_ip_address_t subnet_mask; - grub_efi_pxe_packet_t dhcp_discover; - grub_efi_pxe_packet_t dhcp_ack; - grub_efi_pxe_packet_t proxy_offer; - grub_efi_pxe_packet_t pxe_discover; - grub_efi_pxe_packet_t pxe_reply; -+ grub_efi_pxe_packet_t pxe_bis_reply; -+ grub_efi_pxe_ip_filter_t ip_filter; -+ grub_efi_uint32_t arp_cache_entries; -+ grub_efi_pxe_arp_entry_t arp_cache[GRUB_EFI_PXE_MAX_ARP_ENTRIES]; -+ grub_efi_uint32_t route_table_entries; -+ grub_efi_pxe_route_entry_t route_table[GRUB_EFI_PXE_MAX_ROUTE_ENTRIES]; -+ grub_efi_pxe_icmp_error_t icmp_error; -+ grub_efi_pxe_tftp_error_t tftp_error; - } grub_efi_pxe_mode_t; - - typedef struct grub_efi_pxe -diff --git a/include/grub/net.h b/include/grub/net.h -index 7ae4b6bd80..8a05ec4fe7 100644 ---- a/include/grub/net.h -+++ b/include/grub/net.h -@@ -447,6 +447,51 @@ struct grub_net_bootp_packet - grub_uint8_t vendor[0]; - } GRUB_PACKED; - -+enum -+ { -+ GRUB_NET_DHCP6_IA_NA = 3, -+ GRUB_NET_DHCP6_IA_ADDRESS = 5, -+ GRUB_NET_DHCP6_BOOTFILE_URL = 59, -+ }; -+ -+struct grub_net_dhcpv6_option -+{ -+ grub_uint16_t option_num; -+ grub_uint16_t option_len; -+ grub_uint8_t option_data[]; -+} GRUB_PACKED; -+typedef struct grub_net_dhcpv6_option grub_net_dhcpv6_option_t; -+ -+struct grub_net_dhcpv6_opt_ia_na -+{ -+ grub_uint16_t option_num; -+ grub_uint16_t option_len; -+ grub_uint32_t iaid; -+ grub_uint32_t t1; -+ grub_uint32_t t2; -+ grub_uint8_t options[]; -+} GRUB_PACKED; -+typedef struct grub_net_dhcpv6_opt_ia_na grub_net_dhcpv6_opt_ia_na_t; -+ -+struct grub_net_dhcpv6_opt_ia_address -+{ -+ grub_uint16_t option_num; -+ grub_uint16_t option_len; -+ grub_uint64_t ipv6_address[2]; -+ grub_uint32_t preferred_lifetime; -+ grub_uint32_t valid_lifetime; -+ grub_uint8_t options[]; -+} GRUB_PACKED; -+typedef struct grub_net_dhcpv6_opt_ia_address grub_net_dhcpv6_opt_ia_address_t; -+ -+struct grub_net_dhcpv6_packet -+{ -+ grub_uint32_t message_type:8; -+ grub_uint32_t transaction_id:24; -+ grub_uint8_t dhcp_options[1024]; -+} GRUB_PACKED; -+typedef struct grub_net_dhcpv6_packet grub_net_dhcpv6_packet_t; -+ - #define GRUB_NET_BOOTP_RFC1048_MAGIC_0 0x63 - #define GRUB_NET_BOOTP_RFC1048_MAGIC_1 0x82 - #define GRUB_NET_BOOTP_RFC1048_MAGIC_2 0x53 -@@ -482,6 +527,21 @@ grub_net_configure_by_dhcp_ack (const char *name, - grub_size_t size, - int is_def, char **device, char **path); - -+struct grub_net_network_level_interface * -+grub_net_configure_by_dhcpv6_ack (const char *name, -+ struct grub_net_card *card, -+ grub_net_interface_flags_t flags, -+ const grub_net_link_level_address_t *hwaddr, -+ const struct grub_net_dhcpv6_packet *packet, -+ int is_def, char **device, char **path); -+ -+int -+grub_ipv6_get_masksize(grub_uint16_t *mask); -+ -+grub_err_t -+grub_net_add_ipv6_local (struct grub_net_network_level_interface *inf, -+ int mask); -+ - grub_err_t - grub_net_add_ipv4_local (struct grub_net_network_level_interface *inf, - int mask); diff --git a/SPECS/grub2/fedora/0036-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch b/SPECS/grub2/fedora/0036-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch deleted file mode 100644 index 95490cd079..0000000000 --- a/SPECS/grub2/fedora/0036-Add-grub-get-kernel-settings-and-use-it-in-10_linux.patch +++ /dev/null @@ -1,271 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 23 Jun 2016 11:01:39 -0400 -Subject: [PATCH] Add grub-get-kernel-settings and use it in 10_linux - -This patch adds grub-get-kernel-settings, which reads the system kernel -installation configuration from /etc/sysconfig/kernel, and outputs -${GRUB_...} variables suitable for evaluation by grub-mkconfig. Those -variables are then used by 10_linux to choose whether or not to create -debug stanzas. - -Resolves: rhbz#1226325 -[rharwood: migrate man page to h2m] ---- - configure.ac | 1 + - Makefile.util.def | 7 ++ - docs/man/grub-get-kernel-settings.h2m | 2 + - util/bash-completion.d/grub-completion.bash.in | 22 +++++++ - util/grub-get-kernel-settings.in | 88 ++++++++++++++++++++++++++ - util/grub-mkconfig.in | 3 + - util/grub.d/10_linux.in | 23 +++++-- - 7 files changed, 141 insertions(+), 5 deletions(-) - create mode 100644 docs/man/grub-get-kernel-settings.h2m - create mode 100644 util/grub-get-kernel-settings.in - -diff --git a/configure.ac b/configure.ac -index 7f59ad788f..0d0e6782a1 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -65,6 +65,7 @@ grub_TRANSFORM([grub-install]) - grub_TRANSFORM([grub-mkconfig]) - grub_TRANSFORM([grub-mkfont]) - grub_TRANSFORM([grub-mkimage]) -+grub_TRANSFORM([grub-get-kernel-settings]) - grub_TRANSFORM([grub-glue-efi]) - grub_TRANSFORM([grub-mklayout]) - grub_TRANSFORM([grub-mkpasswd-pbkdf2]) -diff --git a/Makefile.util.def b/Makefile.util.def -index 4ee22c5daa..18a9242776 100644 ---- a/Makefile.util.def -+++ b/Makefile.util.def -@@ -716,6 +716,13 @@ script = { - installdir = sbin; - }; - -+script = { -+ name = grub-get-kernel-settings; -+ common = util/grub-get-kernel-settings.in; -+ mansection = 3; -+ installdir = sbin; -+}; -+ - script = { - name = grub-set-default; - common = util/grub-set-default.in; -diff --git a/docs/man/grub-get-kernel-settings.h2m b/docs/man/grub-get-kernel-settings.h2m -new file mode 100644 -index 0000000000..b8051f01f3 ---- /dev/null -+++ b/docs/man/grub-get-kernel-settings.h2m -@@ -0,0 +1,2 @@ -+[NAME] -+grub-get-kernel-settings \- Evaluate the system's kernel installation settings for use while making a grub configuration file -diff --git a/util/bash-completion.d/grub-completion.bash.in b/util/bash-completion.d/grub-completion.bash.in -index 44bf135b9f..5c4acd496d 100644 ---- a/util/bash-completion.d/grub-completion.bash.in -+++ b/util/bash-completion.d/grub-completion.bash.in -@@ -264,6 +264,28 @@ have ${__grub_sparc64_setup_program} && \ - unset __grub_sparc64_setup_program - - -+# -+# grub-get-kernel-settings -+# -+_grub_get_kernel_settings () { -+ local cur -+ -+ COMPREPLY=() -+ cur=`_get_cword` -+ -+ if [[ "$cur" == -* ]]; then -+ __grubcomp "$(__grub_get_options_from_help)" -+ else -+ # Default complete with a filename -+ _filedir -+ fi -+} -+__grub_get_kernel_settings_program="@grub_get_kernel_settings@" -+have ${__grub_get_kernel_settings_program} && \ -+ complete -F _grub_get_kernel_settings -o filenames ${__grub_get_kernel_settings_program} -+unset __grub_get_kernel_settings_program -+ -+ - # - # grub-install - # -diff --git a/util/grub-get-kernel-settings.in b/util/grub-get-kernel-settings.in -new file mode 100644 -index 0000000000..7e87dfccc0 ---- /dev/null -+++ b/util/grub-get-kernel-settings.in -@@ -0,0 +1,88 @@ -+#!/bin/sh -+set -e -+ -+# Evaluate new-kernel-pkg's configuration file. -+# Copyright (C) 2016 Free Software Foundation, Inc. -+# -+# GRUB is free software: you can redistribute it and/or modify -+# it under the terms of the GNU General Public License as published by -+# the Free Software Foundation, either version 3 of the License, or -+# (at your option) any later version. -+# -+# GRUB is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with GRUB. If not, see . -+ -+PACKAGE_NAME=@PACKAGE_NAME@ -+PACKAGE_VERSION=@PACKAGE_VERSION@ -+datadir="@datadir@" -+if [ "x$pkgdatadir" = x ]; then -+ pkgdatadir="${datadir}/@PACKAGE@" -+fi -+ -+self=`basename $0` -+ -+export TEXTDOMAIN=@PACKAGE@ -+export TEXTDOMAINDIR="@localedir@" -+ -+. "${pkgdatadir}/grub-mkconfig_lib" -+ -+# Usage: usage -+# Print the usage. -+usage () { -+ gettext_printf "Usage: %s [OPTION]\n" "$self" -+ gettext "Evaluate new-kernel-pkg configuration"; echo -+ echo -+ print_option_help "-h, --help" "$(gettext "print this message and exit")" -+ print_option_help "-v, --version" "$(gettext "print the version information and exit")" -+ echo -+} -+ -+# Check the arguments. -+while test $# -gt 0 -+do -+ option=$1 -+ shift -+ -+ case "$option" in -+ -h | --help) -+ usage -+ exit 0 ;; -+ -v | --version) -+ echo "$self (${PACKAGE_NAME}) ${PACKAGE_VERSION}" -+ exit 0 ;; -+ -*) -+ gettext_printf "Unrecognized option \`%s'\n" "$option" 1>&2 -+ usage -+ exit 1 -+ ;; -+ # Explicitly ignore non-option arguments, for compatibility. -+ esac -+done -+ -+if test -f /etc/sysconfig/kernel ; then -+ . /etc/sysconfig/kernel -+fi -+ -+if [ "$MAKEDEBUG" = "yes" ]; then -+ echo GRUB_LINUX_MAKE_DEBUG=true -+ echo export GRUB_LINUX_MAKE_DEBUG -+ echo GRUB_CMDLINE_LINUX_DEBUG=\"systemd.log_level=debug systemd.log_target=kmsg\" -+ echo export GRUB_CMDLINE_LINUX_DEBUG -+ echo GRUB_LINUX_DEBUG_TITLE_POSTFIX=\" with debugging\" -+ echo export GRUB_LINUX_DEBUG_TITLE_POSTFIX -+fi -+if [ "$DEFAULTDEBUG" = "yes" ]; then -+ echo GRUB_DEFAULT_TO_DEBUG=true -+else -+ echo GRUB_DEFAULT_TO_DEBUG=false -+fi -+echo export GRUB_DEFAULT_TO_DEBUG -+if [ "$UPDATEDEFAULT" = "yes" ]; then -+ echo GRUB_UPDATE_DEFAULT_KERNEL=true -+ echo export GRUB_UPDATE_DEFAULT_KERNEL -+fi -diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index ba14cf6261..005f093809 100644 ---- a/util/grub-mkconfig.in -+++ b/util/grub-mkconfig.in -@@ -45,6 +45,7 @@ grub_probe="${sbindir}/@grub_probe@" - grub_file="${bindir}/@grub_file@" - grub_editenv="${bindir}/@grub_editenv@" - grub_script_check="${bindir}/@grub_script_check@" -+grub_get_kernel_settings="${sbindir}/@grub_get_kernel_settings@" - - export TEXTDOMAIN=@PACKAGE@ - export TEXTDOMAINDIR="@localedir@" -@@ -158,6 +159,8 @@ if test -f ${sysconfdir}/default/grub ; then - . ${sysconfdir}/default/grub - fi - -+eval "$("${grub_get_kernel_settings}")" || true -+ - if [ "x${GRUB_DISABLE_UUID}" = "xtrue" ]; then - if [ -z "${GRUB_DISABLE_LINUX_UUID}" ]; then - GRUB_DISABLE_LINUX_UUID="true" -diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 786dbabb4a..292e333324 100644 ---- a/util/grub.d/10_linux.in -+++ b/util/grub.d/10_linux.in -@@ -111,7 +111,8 @@ linux_entry () - os="$1" - version="$2" - type="$3" -- args="$4" -+ isdebug="$4" -+ args="$5" - - if [ -z "$boot_device_id" ]; then - boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" -@@ -123,6 +124,9 @@ linux_entry () - quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)" - title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;" - fi -+ if [ x$isdebug = xdebug ]; then -+ title="$title${GRUB_LINUX_DEBUG_TITLE_POSTFIX}" -+ fi - echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/" - else - echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" -@@ -306,11 +310,15 @@ while [ "x$list" != "x" ] ; do - fi - - if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xtrue ]; then -- linux_entry "${OS}" "${version}" simple \ -+ linux_entry "${OS}" "${version}" simple standard \ - "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" -+ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then -+ linux_entry "${OS}" "${version}" simple debug \ -+ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} ${GRUB_CMDLINE_LINUX_DEBUG}" -+ fi - - submenu_indentation="$grub_tab" -- -+ - if [ -z "$boot_device_id" ]; then - boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" - fi -@@ -319,10 +327,15 @@ while [ "x$list" != "x" ] ; do - is_top_level=false - fi - -- linux_entry "${OS}" "${version}" advanced \ -+ linux_entry "${OS}" "${version}" advanced standard \ - "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" -+ if [ "x$GRUB_LINUX_MAKE_DEBUG" = "xtrue" ]; then -+ linux_entry "${OS}" "${version}" advanced debug \ -+ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} ${GRUB_CMDLINE_LINUX_DEBUG}" -+ fi -+ - if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then -- linux_entry "${OS}" "${version}" recovery \ -+ linux_entry "${OS}" "${version}" recovery standard \ - "single ${GRUB_CMDLINE_LINUX}" - fi - diff --git a/SPECS/grub2/fedora/0038-Make-grub_fatal-also-backtrace.patch b/SPECS/grub2/fedora/0038-Make-grub_fatal-also-backtrace.patch deleted file mode 100644 index f876575f94..0000000000 --- a/SPECS/grub2/fedora/0038-Make-grub_fatal-also-backtrace.patch +++ /dev/null @@ -1,172 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 27 Jan 2016 09:22:42 -0500 -Subject: [PATCH] Make grub_fatal() also backtrace. - ---- - grub-core/Makefile.core.def | 3 ++ - grub-core/kern/misc.c | 8 +++++- - grub-core/lib/arm64/backtrace.c | 62 +++++++++++++++++++++++++++++++++++++++++ - grub-core/lib/backtrace.c | 2 ++ - grub-core/lib/i386/backtrace.c | 14 +++++++++- - 5 files changed, 87 insertions(+), 2 deletions(-) - create mode 100644 grub-core/lib/arm64/backtrace.c - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index c15e91943b..058c88ac3a 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -188,6 +188,9 @@ kernel = { - - softdiv = lib/division.c; - -+ x86 = lib/i386/backtrace.c; -+ x86 = lib/backtrace.c; -+ - i386 = kern/i386/dl.c; - i386_xen = kern/i386/dl.c; - i386_xen_pvh = kern/i386/dl.c; -diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 63b586d09c..a3e215155b 100644 ---- a/grub-core/kern/misc.c -+++ b/grub-core/kern/misc.c -@@ -24,6 +24,7 @@ - #include - #include - #include -+#include - - union printf_arg - { -@@ -1199,8 +1200,13 @@ grub_printf_fmt_check (const char *fmt, const char *fmt_expected) - static void __attribute__ ((noreturn)) - grub_abort (void) - { -+#ifndef GRUB_UTIL -+#if defined(__i386__) || defined(__x86_64__) -+ grub_backtrace(); -+#endif -+#endif - grub_printf ("\nAborted."); -- -+ - #ifndef GRUB_UTIL - if (grub_term_inputs) - #endif -diff --git a/grub-core/lib/arm64/backtrace.c b/grub-core/lib/arm64/backtrace.c -new file mode 100644 -index 0000000000..1079b5380e ---- /dev/null -+++ b/grub-core/lib/arm64/backtrace.c -@@ -0,0 +1,62 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2009 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#define MAX_STACK_FRAME 102400 -+ -+void -+grub_backtrace_pointer (int frame) -+{ -+ while (1) -+ { -+ void *lp = __builtin_return_address (frame); -+ if (!lp) -+ break; -+ -+ lp = __builtin_extract_return_addr (lp); -+ -+ grub_printf ("%p: ", lp); -+ grub_backtrace_print_address (lp); -+ grub_printf (" ("); -+ for (i = 0; i < 2; i++) -+ grub_printf ("%p,", ((void **)ptr) [i + 2]); -+ grub_printf ("%p)\n", ((void **)ptr) [i + 2]); -+ nptr = *(void **)ptr; -+ if (nptr < ptr || (void **) nptr - (void **) ptr > MAX_STACK_FRAME -+ || nptr == ptr) -+ { -+ grub_printf ("Invalid stack frame at %p (%p)\n", ptr, nptr); -+ break; -+ } -+ ptr = nptr; -+ } -+} -+ -+void -+grub_backtrace (void) -+{ -+ grub_backtrace_pointer (1); -+} -+ -diff --git a/grub-core/lib/backtrace.c b/grub-core/lib/backtrace.c -index 825a8800e2..c0ad6ab8be 100644 ---- a/grub-core/lib/backtrace.c -+++ b/grub-core/lib/backtrace.c -@@ -29,6 +29,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); - void - grub_backtrace_print_address (void *addr) - { -+#ifndef GRUB_UTIL - grub_dl_t mod; - - FOR_DL_MODULES (mod) -@@ -44,6 +45,7 @@ grub_backtrace_print_address (void *addr) - } - } - -+#endif - grub_printf ("%p", addr); - } - -diff --git a/grub-core/lib/i386/backtrace.c b/grub-core/lib/i386/backtrace.c -index c3e03c7275..c67273db3a 100644 ---- a/grub-core/lib/i386/backtrace.c -+++ b/grub-core/lib/i386/backtrace.c -@@ -15,11 +15,23 @@ - * You should have received a copy of the GNU General Public License - * along with GRUB. If not, see . - */ -+#include -+#ifdef GRUB_UTIL -+#define REALLY_GRUB_UTIL GRUB_UTIL -+#undef GRUB_UTIL -+#endif -+ -+#include -+#include -+ -+#ifdef REALLY_GRUB_UTIL -+#define GRUB_UTIL REALLY_GRUB_UTIL -+#undef REALLY_GRUB_UTIL -+#endif - - #include - #include - #include --#include - #include - #include - #include diff --git a/SPECS/grub2/fedora/0039-Make-our-info-pages-say-grub2-where-appropriate.patch b/SPECS/grub2/fedora/0039-Make-our-info-pages-say-grub2-where-appropriate.patch deleted file mode 100644 index afba285df6..0000000000 --- a/SPECS/grub2/fedora/0039-Make-our-info-pages-say-grub2-where-appropriate.patch +++ /dev/null @@ -1,1008 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 9 Jul 2019 12:59:58 +0200 -Subject: [PATCH] Make our info pages say "grub2" where appropriate. - -This needs to be hooked up to --program-transform=, but I haven't had -time. - -Signed-off-by: Peter Jones ---- - docs/grub-dev.texi | 4 +- - docs/grub.texi | 321 ++++++++++++++++++++++++++++------------------------- - 2 files changed, 171 insertions(+), 154 deletions(-) - -diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi -index 6c629a23e2..19f708ee66 100644 ---- a/docs/grub-dev.texi -+++ b/docs/grub-dev.texi -@@ -1,7 +1,7 @@ - \input texinfo - @c -*-texinfo-*- - @c %**start of header --@setfilename grub-dev.info -+@setfilename grub2-dev.info - @include version-dev.texi - @settitle GNU GRUB Developers Manual @value{VERSION} - @c Unify all our little indices for now. -@@ -32,7 +32,7 @@ Invariant Sections. - - @dircategory Kernel - @direntry --* grub-dev: (grub-dev). The GRand Unified Bootloader Dev -+* grub2-dev: (grub2-dev). The GRand Unified Bootloader Dev - @end direntry - - @setchapternewpage odd -diff --git a/docs/grub.texi b/docs/grub.texi -index 69f08d289f..0615d0ed97 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -1,7 +1,7 @@ - \input texinfo - @c -*-texinfo-*- - @c %**start of header --@setfilename grub.info -+@setfilename grub2.info - @include version.texi - @settitle GNU GRUB Manual @value{VERSION} - @c Unify all our little indices for now. -@@ -32,15 +32,15 @@ Invariant Sections. - - @dircategory Kernel - @direntry --* GRUB: (grub). The GRand Unified Bootloader --* grub-install: (grub)Invoking grub-install. Install GRUB on your drive --* grub-mkconfig: (grub)Invoking grub-mkconfig. Generate GRUB configuration --* grub-mkpasswd-pbkdf2: (grub)Invoking grub-mkpasswd-pbkdf2. --* grub-mkrelpath: (grub)Invoking grub-mkrelpath. --* grub-mkrescue: (grub)Invoking grub-mkrescue. Make a GRUB rescue image --* grub-mount: (grub)Invoking grub-mount. Mount a file system using GRUB --* grub-probe: (grub)Invoking grub-probe. Probe device information --* grub-script-check: (grub)Invoking grub-script-check. -+* GRUB2: (grub2). The GRand Unified Bootloader -+* grub2-install: (grub2)Invoking grub2-install. Install GRUB on your drive -+* grub2-mkconfig: (grub2)Invoking grub2-mkconfig. Generate GRUB configuration -+* grub2-mkpasswd-pbkdf2: (grub2)Invoking grub2-mkpasswd-pbkdf2. -+* grub2-mkrelpath: (grub2)Invoking grub2-mkrelpath. -+* grub2-mkrescue: (grub2)Invoking grub2-mkrescue. Make a GRUB rescue image -+* grub2-mount: (grub2)Invoking grub2-mount. Mount a file system using GRUB -+* grub2-probe: (grub2)Invoking grub2-probe. Probe device information -+* grub2-script-check: (grub2)Invoking grub2-script-check. - @end direntry - - @setchapternewpage odd -@@ -103,15 +103,15 @@ This edition documents version @value{VERSION}. - * Platform-specific operations:: Platform-specific operations - * Supported kernels:: The list of supported kernels - * Troubleshooting:: Error messages produced by GRUB --* Invoking grub-install:: How to use the GRUB installer --* Invoking grub-mkconfig:: Generate a GRUB configuration file --* Invoking grub-mkpasswd-pbkdf2:: -+* Invoking grub2-install:: How to use the GRUB installer -+* Invoking grub2-mkconfig:: Generate a GRUB configuration file -+* Invoking grub2-mkpasswd-pbkdf2:: - Generate GRUB password hashes --* Invoking grub-mkrelpath:: Make system path relative to its root --* Invoking grub-mkrescue:: Make a GRUB rescue image --* Invoking grub-mount:: Mount a file system using GRUB --* Invoking grub-probe:: Probe device information for GRUB --* Invoking grub-script-check:: Check GRUB script file for syntax errors -+* Invoking grub2-mkrelpath:: Make system path relative to its root -+* Invoking grub2-mkrescue:: Make a GRUB rescue image -+* Invoking grub2-mount:: Mount a file system using GRUB -+* Invoking grub2-probe:: Probe device information for GRUB -+* Invoking grub2-script-check:: Check GRUB script file for syntax errors - * Obtaining and Building GRUB:: How to obtain and build GRUB - * Reporting bugs:: Where you should send a bug report - * Future:: Some future plans on GRUB -@@ -230,7 +230,7 @@ surprising. - - @item - @file{grub.cfg} is typically automatically generated by --@command{grub-mkconfig} (@pxref{Simple configuration}). This makes it -+@command{grub2-mkconfig} (@pxref{Simple configuration}). This makes it - easier to handle versioned kernel upgrades. - - @item -@@ -244,7 +244,7 @@ scripting language: variables, conditionals, and loops are available. - @item - A small amount of persistent storage is available across reboots, using the - @command{save_env} and @command{load_env} commands in GRUB and the --@command{grub-editenv} utility. This is not available in all configurations -+@command{grub2-editenv} utility. This is not available in all configurations - (@pxref{Environment block}). - - @item -@@ -549,7 +549,7 @@ On OS which have device nodes similar to Unix-like OS GRUB tools use the - OS name. E.g. for GNU/Linux: - - @example --# @kbd{grub-install /dev/sda} -+# @kbd{grub2-install /dev/sda} - @end example - - On AROS we use another syntax. For volumes: -@@ -572,7 +572,7 @@ For disks we use syntax: - E.g. - - @example --# @kbd{grub-install //:ata.device/0/0} -+# @kbd{grub2-install //:ata.device/0/0} - @end example - - On Windows we use UNC path. For volumes it's typically -@@ -599,7 +599,7 @@ For disks it's - E.g. - - @example --# @kbd{grub-install \\?\PhysicalDrive0} -+# @kbd{grub2-install \\?\PhysicalDrive0} - @end example - - Beware that you may need to further escape the backslashes depending on your -@@ -609,7 +609,7 @@ When compiled with cygwin support then cygwin drive names are automatically - when needed. E.g. - - @example --# @kbd{grub-install /dev/sda} -+# @kbd{grub2-install /dev/sda} - @end example - - @node Installation -@@ -622,7 +622,7 @@ from the source tarball, or as a package for your OS. - - After you have done that, you need to install the boot loader on a - drive (floppy or hard disk) by using the utility --@command{grub-install} (@pxref{Invoking grub-install}) on a UNIX-like OS. -+@command{grub2-install} (@pxref{Invoking grub2-install}) on a UNIX-like OS. - - GRUB comes with boot images, which are normally put in the directory - @file{/usr/lib/grub/-} (for BIOS-based machines -@@ -633,22 +633,22 @@ loader needs to find them (usually @file{/boot}) will be called - the @dfn{boot directory}. - - @menu --* Installing GRUB using grub-install:: -+* Installing GRUB using grub2-install:: - * Making a GRUB bootable CD-ROM:: - * Device map:: - * BIOS installation:: - @end menu - - --@node Installing GRUB using grub-install --@section Installing GRUB using grub-install -+@node Installing GRUB using grub2-install -+@section Installing GRUB using grub2-install - - For information on where GRUB should be installed on PC BIOS platforms, - @pxref{BIOS installation}. - - In order to install GRUB under a UNIX-like OS (such --as @sc{gnu}), invoke the program @command{grub-install} (@pxref{Invoking --grub-install}) as the superuser (@dfn{root}). -+as @sc{gnu}), invoke the program @command{grub2-install} (@pxref{Invoking -+grub2-install}) as the superuser (@dfn{root}). - - The usage is basically very simple. You only need to specify one - argument to the program, namely, where to install the boot loader. The -@@ -657,13 +657,13 @@ For example, under Linux the following will install GRUB into the MBR - of the first IDE disk: - - @example --# @kbd{grub-install /dev/sda} -+# @kbd{grub2-install /dev/sda} - @end example - - Likewise, under GNU/Hurd, this has the same effect: - - @example --# @kbd{grub-install /dev/hd0} -+# @kbd{grub2-install /dev/hd0} - @end example - - But all the above examples assume that GRUB should put images under -@@ -677,7 +677,7 @@ boot floppy with a filesystem. Here is an example: - # @kbd{mke2fs /dev/fd0} - # @kbd{mount -t ext2 /dev/fd0 /mnt} - # @kbd{mkdir /mnt/boot} --# @kbd{grub-install --boot-directory=/mnt/boot /dev/fd0} -+# @kbd{grub2-install --boot-directory=/mnt/boot /dev/fd0} - # @kbd{umount /mnt} - @end group - @end example -@@ -689,30 +689,37 @@ floppy instead of exposing the USB drive as a hard disk (they call it - @example - # @kbd{losetup /dev/loop0 /dev/sdb1} - # @kbd{mount /dev/loop0 /mnt/usb} --# @kbd{grub-install --boot-directory=/mnt/usb/bugbios --force --allow-floppy /dev/loop0} -+# @kbd{grub2-install --boot-directory=/mnt/usb/bugbios --force --allow-floppy /dev/loop0} - @end example - - This install doesn't conflict with standard install as long as they are in - separate directories. - -+Note that @command{grub2-install} is actually just a shell script and the -+real task is done by other tools such as @command{grub2-mkimage}. Therefore, -+you may run those commands directly to install GRUB, without using -+@command{grub2-install}. Don't do that, however, unless you are very familiar -+with the internals of GRUB. Installing a boot loader on a running OS may be -+extremely dangerous. -+ - On EFI systems for fixed disk install you have to mount EFI System Partition. - If you mount it at @file{/boot/efi} then you don't need any special arguments: - - @example --# @kbd{grub-install} -+# @kbd{grub2-install} - @end example - - Otherwise you need to specify where your EFI System partition is mounted: - - @example --# @kbd{grub-install --efi-directory=/mnt/efi} -+# @kbd{grub2-install --efi-directory=/mnt/efi} - @end example - - For removable installs you have to use @option{--removable} and specify both - @option{--boot-directory} and @option{--efi-directory}: - - @example --# @kbd{grub-install --efi-directory=/mnt/usb --boot-directory=/mnt/usb/boot --removable} -+# @kbd{grub2-install --efi-directory=/mnt/usb --boot-directory=/mnt/usb/boot --removable} - @end example - - @node Making a GRUB bootable CD-ROM -@@ -732,10 +739,10 @@ usually also need to include a configuration file @file{grub.cfg} and some - other GRUB modules. - - To make a simple generic GRUB rescue CD, you can use the --@command{grub-mkrescue} program (@pxref{Invoking grub-mkrescue}): -+@command{grub2-mkrescue} program (@pxref{Invoking grub2-mkrescue}): - - @example --$ @kbd{grub-mkrescue -o grub.iso} -+$ @kbd{grub2-mkrescue -o grub.iso} - @end example - - You will often need to include other files in your image. To do this, first -@@ -758,7 +765,7 @@ directory @file{iso/}. - Finally, make the image: - - @example --$ @kbd{grub-mkrescue -o grub.iso iso} -+$ @kbd{grub2-mkrescue -o grub.iso iso} - @end example - - This produces a file named @file{grub.iso}, which then can be burned -@@ -774,7 +781,7 @@ storage devices. - @node Device map - @section The map between BIOS drives and OS devices - --If the device map file exists, the GRUB utilities (@command{grub-probe}, -+If the device map file exists, the GRUB utilities (@command{grub2-probe}, - etc.) read it to map BIOS drives to OS devices. This file consists of lines - like this: - -@@ -1254,23 +1261,23 @@ need to write the whole thing by hand. - @node Simple configuration - @section Simple configuration handling - --The program @command{grub-mkconfig} (@pxref{Invoking grub-mkconfig}) -+The program @command{grub2-mkconfig} (@pxref{Invoking grub2-mkconfig}) - generates @file{grub.cfg} files suitable for most cases. It is suitable for - use when upgrading a distribution, and will discover available kernels and - attempt to generate menu entries for them. - --@command{grub-mkconfig} does have some limitations. While adding extra -+@command{grub2-mkconfig} does have some limitations. While adding extra - custom menu entries to the end of the list can be done by editing --@file{/etc/grub.d/40_custom} or creating @file{/boot/grub/custom.cfg}, -+@file{/etc/grub.d/40_custom} or creating @file{/boot/grub2/custom.cfg}, - changing the order of menu entries or changing their titles may require - making complex changes to shell scripts stored in @file{/etc/grub.d/}. This - may be improved in the future. In the meantime, those who feel that it - would be easier to write @file{grub.cfg} directly are encouraged to do so - (@pxref{Booting}, and @ref{Shell-like scripting}), and to disable any system --provided by their distribution to automatically run @command{grub-mkconfig}. -+provided by their distribution to automatically run @command{grub2-mkconfig}. - - The file @file{/etc/default/grub} controls the operation of --@command{grub-mkconfig}. It is sourced by a shell script, and so must be -+@command{grub2-mkconfig}. It is sourced by a shell script, and so must be - valid POSIX shell input; normally, it will just be a sequence of - @samp{KEY=value} lines, but if the value contains spaces or other special - characters then it must be quoted. For example: -@@ -1308,7 +1315,7 @@ works it's not recommended since titles often contain unstable device names - and may be translated - - If you set this to @samp{saved}, then the default menu entry will be that --saved by @samp{GRUB_SAVEDEFAULT} or @command{grub-set-default}. This relies on -+saved by @samp{GRUB_SAVEDEFAULT} or @command{grub2-set-default}. This relies on - the environment block, which may not be available in all situations - (@pxref{Environment block}). - -@@ -1319,7 +1326,7 @@ If this option is set to @samp{true}, then, when an entry is selected, save - it as a new default entry for use by future runs of GRUB. This is only - useful if @samp{GRUB_DEFAULT=saved}; it is a separate option because - @samp{GRUB_DEFAULT=saved} is useful without this option, in conjunction with --@command{grub-set-default}. Unset by default. -+@command{grub2-set-default}. Unset by default. - This option relies on the environment block, which may not be available in - all situations (@pxref{Environment block}). - -@@ -1449,7 +1456,7 @@ intel-uc.img intel-ucode.img amd-uc.img amd-ucode.img early_ucode.cpio microcode - @end example - - @item GRUB_DISABLE_LINUX_UUID --Normally, @command{grub-mkconfig} will generate menu entries that use -+Normally, @command{grub2-mkconfig} will generate menu entries that use - universally-unique identifiers (UUIDs) to identify the root filesystem to - the Linux kernel, using a @samp{root=UUID=...} kernel parameter. This is - usually more reliable, but in some cases it may not be appropriate. To -@@ -1471,7 +1478,7 @@ If this option is set to @samp{true}, disable the generation of recovery - mode menu entries. - - @item GRUB_DISABLE_UUID --Normally, @command{grub-mkconfig} will generate menu entries that use -+Normally, @command{grub2-mkconfig} will generate menu entries that use - universally-unique identifiers (UUIDs) to identify various filesystems to - search for files. This is usually more reliable, but in some cases it may - not be appropriate. To disable this use of UUIDs, set this option to -@@ -1482,12 +1489,12 @@ not be appropriate. To disable this use of UUIDs, set this option to - @item GRUB_VIDEO_BACKEND - If graphical video support is required, either because the @samp{gfxterm} - graphical terminal is in use or because @samp{GRUB_GFXPAYLOAD_LINUX} is set, --then @command{grub-mkconfig} will normally load all available GRUB video -+then @command{grub2-mkconfig} will normally load all available GRUB video - drivers and use the one most appropriate for your hardware. If you need to - override this for some reason, then you can set this option. - --After @command{grub-install} has been run, the available video drivers are --listed in @file{/boot/grub/video.lst}. -+After @command{grub2-install} has been run, the available video drivers are -+listed in @file{/boot/grub2/video.lst}. - - @item GRUB_GFXMODE - Set the resolution used on the @samp{gfxterm} graphical terminal. Note that -@@ -1519,7 +1526,7 @@ boot sequence. If you have problems, set this option to @samp{text} and - GRUB will tell Linux to boot in normal text mode. - - @item GRUB_DISABLE_OS_PROBER --Normally, @command{grub-mkconfig} will try to use the external -+Normally, @command{grub2-mkconfig} will try to use the external - @command{os-prober} program, if installed, to discover other operating - systems installed on the same system and generate appropriate menu entries - for them. Set this option to @samp{true} to disable this. -@@ -1529,7 +1536,7 @@ List of space-separated FS UUIDs of filesystems to be ignored from os-prober - output. For efi chainloaders it's @@ - - @item GRUB_DISABLE_SUBMENU --Normally, @command{grub-mkconfig} will generate top level menu entry for -+Normally, @command{grub2-mkconfig} will generate top level menu entry for - the kernel with highest version number and put all other found kernels - or alternative menu entries for recovery mode in submenu. For entries returned - by @command{os-prober} first entry will be put on top level and all others -@@ -1537,11 +1544,11 @@ in submenu. If this option is set to @samp{true}, flat menu with all entries - on top level will be generated instead. Changing this option will require - changing existing values of @samp{GRUB_DEFAULT}, @samp{fallback} (@pxref{fallback}) - and @samp{default} (@pxref{default}) environment variables as well as saved --default entry using @command{grub-set-default} and value used with --@command{grub-reboot}. -+default entry using @command{grub2-set-default} and value used with -+@command{grub2-reboot}. - - @item GRUB_ENABLE_CRYPTODISK --If set to @samp{y}, @command{grub-mkconfig} and @command{grub-install} will -+If set to @samp{y}, @command{grub2-mkconfig} and @command{grub2-install} will - check for encrypted disks and generate additional commands needed to access - them during boot. Note that in this case unattended boot is not possible - because GRUB will wait for passphrase to unlock encrypted container. -@@ -1600,7 +1607,7 @@ confusing @samp{GRUB_TIMEOUT_STYLE=countdown} or - - @end table - --For more detailed customisation of @command{grub-mkconfig}'s output, you may -+For more detailed customisation of @command{grub2-mkconfig}'s output, you may - edit the scripts in @file{/etc/grub.d} directly. - @file{/etc/grub.d/40_custom} is particularly useful for adding entire custom - menu entries; simply type the menu entries you want to add at the end of -@@ -1862,7 +1869,7 @@ images as well. - Mount this partition on/mnt/boot and disable GRUB in all OSes and manually - install self-compiled latest GRUB with: - --@code{grub-install --boot-directory=/mnt/boot /dev/sda} -+@code{grub2-install --boot-directory=/mnt/boot /dev/sda} - - In all the OSes install GRUB tools but disable installing GRUB in bootsector, - so you'll have menu.lst and grub.cfg available for use. Also disable os-prober -@@ -1872,20 +1879,20 @@ use by setting: - - in /etc/default/grub - --Then write a grub.cfg (/mnt/boot/grub/grub.cfg): -+Then write a grub.cfg (/mnt/boot/grub2/grub.cfg): - - @example - - menuentry "OS using grub2" @{ - insmod xfs - search --set=root --label OS1 --hint hd0,msdos8 -- configfile /boot/grub/grub.cfg -+ configfile /boot/grub2/grub.cfg - @} - - menuentry "OS using grub2-legacy" @{ - insmod ext2 - search --set=root --label OS2 --hint hd0,msdos6 -- legacy_configfile /boot/grub/menu.lst -+ legacy_configfile /boot/grub2/menu.lst - @} - - menuentry "Windows XP" @{ -@@ -1948,15 +1955,15 @@ GRUB supports embedding a configuration file directly into the core image, - so that it is loaded before entering normal mode. This is useful, for - example, when it is not straightforward to find the real configuration file, - or when you need to debug problems with loading that file. --@command{grub-install} uses this feature when it is not using BIOS disk -+@command{grub2-install} uses this feature when it is not using BIOS disk - functions or when installing to a different disk from the one containing - @file{/boot/grub}, in which case it needs to use the @command{search} - command (@pxref{search}) to find @file{/boot/grub}. - - To embed a configuration file, use the @option{-c} option to --@command{grub-mkimage}. The file is copied into the core image, so it may -+@command{grub2-mkimage}. The file is copied into the core image, so it may - reside anywhere on the file system, and may be removed after running --@command{grub-mkimage}. -+@command{grub2-mkimage}. - - After the embedded configuration file (if any) is executed, GRUB will load - the @samp{normal} module (@pxref{normal}), which will then read the real -@@ -1991,13 +1998,13 @@ included in the core image: - @example - @group - search.fs_label grub root --if [ -e /boot/grub/example/test1.cfg ]; then -+if [ -e /boot/grub2/example/test1.cfg ]; then - set prefix=($root)/boot/grub -- configfile /boot/grub/example/test1.cfg -+ configfile /boot/grub2/example/test1.cfg - else -- if [ -e /boot/grub/example/test2.cfg ]; then -+ if [ -e /boot/grub2/example/test2.cfg ]; then - set prefix=($root)/boot/grub -- configfile /boot/grub/example/test2.cfg -+ configfile /boot/grub2/example/test2.cfg - else - echo "Could not find an example configuration file!" - fi -@@ -2521,7 +2528,7 @@ grub-mknetdir --net-directory=/srv/tftp --subdir=/boot/grub -d /usr/lib/grub/i38 - @end group - @end example - --Then follow instructions printed out by grub-mknetdir on configuring your DHCP -+Then follow instructions printed out by grub2-mknetdir on configuring your DHCP - server. - - The grub.cfg file is placed in the same directory as the path output by -@@ -2715,7 +2722,7 @@ team are: - @end table - - To take full advantage of this function, install GRUB into the MBR --(@pxref{Installing GRUB using grub-install}). -+(@pxref{Installing GRUB using grub2-install}). - - If you have a laptop which has a similar feature and not in the above list - could you figure your address and contribute? -@@ -2776,7 +2783,7 @@ bytes. - The sole function of @file{boot.img} is to read the first sector of the core - image from a local disk and jump to it. Because of the size restriction, - @file{boot.img} cannot understand any file system structure, so --@command{grub-install} hardcodes the location of the first sector of the -+@command{grub2-install} hardcodes the location of the first sector of the - core image into @file{boot.img} when installing GRUB. - - @item diskboot.img -@@ -2806,7 +2813,7 @@ images. - - @item core.img - This is the core image of GRUB. It is built dynamically from the kernel --image and an arbitrary list of modules by the @command{grub-mkimage} -+image and an arbitrary list of modules by the @command{grub2-mkimage} - program. Usually, it contains enough modules to access @file{/boot/grub}, - and loads everything else (including menu handling, the ability to load - target operating systems, and so on) from the file system at run-time. The -@@ -2858,7 +2865,7 @@ GRUB 2 has no single Stage 2 image. Instead, it loads modules from - In GRUB 2, images for booting from CD-ROM drives are now constructed using - @file{cdboot.img} and @file{core.img}, making sure that the core image - contains the @samp{iso9660} module. It is usually best to use the --@command{grub-mkrescue} program for this. -+@command{grub2-mkrescue} program for this. - - @item nbgrub - There is as yet no equivalent for @file{nbgrub} in GRUB 2; it was used by -@@ -3014,8 +3021,8 @@ There are two ways to specify files, by @dfn{absolute file name} and by - - An absolute file name resembles a Unix absolute file name, using - @samp{/} for the directory separator (not @samp{\} as in DOS). One --example is @samp{(hd0,1)/boot/grub/grub.cfg}. This means the file --@file{/boot/grub/grub.cfg} in the first partition of the first hard -+example is @samp{(hd0,1)/boot/grub2/grub.cfg}. This means the file -+@file{/boot/grub2/grub.cfg} in the first partition of the first hard - disk. If you omit the device name in an absolute file name, GRUB uses - GRUB's @dfn{root device} implicitly. So if you set the root device to, - say, @samp{(hd1,1)} by the command @samp{set root=(hd1,1)} (@pxref{set}), -@@ -3023,8 +3030,8 @@ then @code{/boot/kernel} is the same as @code{(hd1,1)/boot/kernel}. - - On ZFS filesystem the first path component must be - @var{volume}@samp{@@}[@var{snapshot}]. --So @samp{/rootvol@@snap-129/boot/grub/grub.cfg} refers to file --@samp{/boot/grub/grub.cfg} in snapshot of volume @samp{rootvol} with name -+So @samp{/rootvol@@snap-129/boot/grub2/grub.cfg} refers to file -+@samp{/boot/grub2/grub.cfg} in snapshot of volume @samp{rootvol} with name - @samp{snap-129}. Trailing @samp{@@} after volume name is mandatory even if - snapshot name is omitted. - -@@ -3427,7 +3434,7 @@ The more recent release of Minix would then be identified as - @samp{other>minix>minix-3.4.0}. - - This variable is often set by @samp{GRUB_DEFAULT} (@pxref{Simple --configuration}), @command{grub-set-default}, or @command{grub-reboot}. -+configuration}), @command{grub2-set-default}, or @command{grub2-reboot}. - - - @node fallback -@@ -3517,7 +3524,7 @@ If this variable is set, it names the language code that the - example, French would be named as @samp{fr}, and Simplified Chinese as - @samp{zh_CN}. - --@command{grub-mkconfig} (@pxref{Simple configuration}) will try to set a -+@command{grub2-mkconfig} (@pxref{Simple configuration}) will try to set a - reasonable default for this variable based on the system locale. - - -@@ -3525,10 +3532,10 @@ reasonable default for this variable based on the system locale. - @subsection locale_dir - - If this variable is set, it names the directory where translation files may --be found (@pxref{gettext}), usually @file{/boot/grub/locale}. Otherwise, -+be found (@pxref{gettext}), usually @file{/boot/grub2/locale}. Otherwise, - internationalization is disabled. - --@command{grub-mkconfig} (@pxref{Simple configuration}) will set a reasonable -+@command{grub2-mkconfig} (@pxref{Simple configuration}) will set a reasonable - default for this variable if internationalization is needed and any - translation files are available. - -@@ -3646,7 +3653,7 @@ input. The default is not to pause output. - - The location of the @samp{/boot/grub} directory as an absolute file name - (@pxref{File name syntax}). This is normally set by GRUB at startup based --on information provided by @command{grub-install}. GRUB modules are -+on information provided by @command{grub2-install}. GRUB modules are - dynamically loaded from this directory, so it must be set correctly in order - for many parts of GRUB to work. - -@@ -3737,17 +3744,17 @@ GRUB provides an ``environment block'' which can be used to save a small - amount of state. - - The environment block is a preallocated 1024-byte file, which normally lives --in @file{/boot/grub/grubenv} (although you should not assume this). At boot -+in @file{/boot/grub2/grubenv} (although you should not assume this). At boot - time, the @command{load_env} command (@pxref{load_env}) loads environment - variables from it, and the @command{save_env} (@pxref{save_env}) command - saves environment variables to it. From a running system, the --@command{grub-editenv} utility can be used to edit the environment block. -+@command{grub2-editenv} utility can be used to edit the environment block. - - For safety reasons, this storage is only available when installed on a plain - disk (no LVM or RAID), using a non-checksumming filesystem (no ZFS), and - using BIOS or EFI functions (no ATA, USB or IEEE1275). - --@command{grub-mkconfig} uses this facility to implement -+@command{grub2-mkconfig} uses this facility to implement - @samp{GRUB_SAVEDEFAULT} (@pxref{Simple configuration}). - - -@@ -4476,7 +4483,7 @@ Translate @var{string} into the current language. - - The current language code is stored in the @samp{lang} variable in GRUB's - environment (@pxref{lang}). Translation files in MO format are read from --@samp{locale_dir} (@pxref{locale_dir}), usually @file{/boot/grub/locale}. -+@samp{locale_dir} (@pxref{locale_dir}), usually @file{/boot/grub2/locale}. - @end deffn - - -@@ -4871,7 +4878,7 @@ Define a user named @var{user} with password @var{clear-password}. - - @deffn Command password_pbkdf2 user hashed-password - Define a user named @var{user} with password hash @var{hashed-password}. --Use @command{grub-mkpasswd-pbkdf2} (@pxref{Invoking grub-mkpasswd-pbkdf2}) -+Use @command{grub2-mkpasswd-pbkdf2} (@pxref{Invoking grub2-mkpasswd-pbkdf2}) - to generate password hashes. @xref{Security}. - @end deffn - -@@ -5814,8 +5821,8 @@ The @samp{password} (@pxref{password}) and @samp{password_pbkdf2} - which has an associated password. @samp{password} sets the password in - plain text, requiring @file{grub.cfg} to be secure; @samp{password_pbkdf2} - sets the password hashed using the Password-Based Key Derivation Function --(RFC 2898), requiring the use of @command{grub-mkpasswd-pbkdf2} --(@pxref{Invoking grub-mkpasswd-pbkdf2}) to generate password hashes. -+(RFC 2898), requiring the use of @command{grub2-mkpasswd-pbkdf2} -+(@pxref{Invoking grub2-mkpasswd-pbkdf2}) to generate password hashes. - - In order to enable authentication support, the @samp{superusers} environment - variable must be set to a list of usernames, separated by any of spaces, -@@ -5860,7 +5867,7 @@ menuentry "May be run by user1 or a superuser" --users user1 @{ - @end group - @end example - --The @command{grub-mkconfig} program does not yet have built-in support for -+The @command{grub2-mkconfig} program does not yet have built-in support for - generating configuration files with authentication. You can use - @file{/etc/grub.d/40_custom} to add simple superuser authentication, by - adding @kbd{set superusers=} and @kbd{password} or @kbd{password_pbkdf2} -@@ -5887,7 +5894,17 @@ may halt or otherwise impact the boot process. - - An initial trusted public key can be embedded within the GRUB @file{core.img} - using the @code{--pubkey} option to @command{grub-install} --(@pxref{Invoking grub-install}). -+(@pxref{Invoking grub2-install}). -+ -+@comment Unfortunately --pubkey is not yet supported by grub2-install, -+@comment but we should not bring up internal detail grub2-mkimage here -+@comment in the user guide (as opposed to developer's manual). -+ -+@comment An initial trusted public key can be embedded within the GRUB -+@comment @file{core.img} using the @code{--pubkey} option to -+@comment @command{grub2-mkimage} (@pxref{Invoking grub2-install}). Presently it -+@comment is necessary to write a custom wrapper around @command{grub2-mkimage} -+@comment using the @code{--grub-mkimage} flag to @command{grub2-install}. - - GRUB uses GPG-style detached signatures (meaning that a file - @file{foo.sig} will be produced when file @file{foo} is signed), and -@@ -5907,8 +5924,8 @@ gpg --detach-sign /path/to/file - For successful validation of all of GRUB's subcomponents and the - loaded OS kernel, they must all be signed. One way to accomplish this - is the following (after having already produced the desired --@file{grub.cfg} file, e.g., by running @command{grub-mkconfig} --(@pxref{Invoking grub-mkconfig}): -+@file{grub.cfg} file, e.g., by running @command{grub2-mkconfig} -+(@pxref{Invoking grub2-mkconfig}): - - @example - @group -@@ -5930,7 +5947,7 @@ See also: @ref{check_signatures}, @ref{verify_detached}, @ref{trust}, - Note that internally signature enforcement is controlled by setting - the environment variable @code{check_signatures} equal to - @code{enforce}. Passing one or more @code{--pubkey} options to --@command{grub-mkimage} implicitly defines @code{check_signatures} -+@command{grub2-mkimage} implicitly defines @code{check_signatures} - equal to @code{enforce} in @file{core.img} prior to processing any - configuration files. - -@@ -6388,10 +6405,10 @@ Required files are: - - GRUB's normal start-up procedure involves setting the @samp{prefix} - environment variable to a value set in the core image by --@command{grub-install}, setting the @samp{root} variable to match, loading -+@command{grub2-install}, setting the @samp{root} variable to match, loading - the @samp{normal} module from the prefix, and running the @samp{normal} - command (@pxref{normal}). This command is responsible for reading --@file{/boot/grub/grub.cfg}, running the menu, and doing all the useful -+@file{/boot/grub2/grub.cfg}, running the menu, and doing all the useful - things GRUB is supposed to do. - - If, instead, you only get a rescue shell, this usually means that GRUB -@@ -6417,8 +6434,8 @@ normal - - However, any problem that leaves you in the rescue shell probably means that - GRUB was not correctly installed. It may be more useful to try to reinstall --it properly using @kbd{grub-install @var{device}} (@pxref{Invoking --grub-install}). When doing this, there are a few things to remember: -+it properly using @kbd{grub2-install @var{device}} (@pxref{Invoking -+grub2-install}). When doing this, there are a few things to remember: - - @itemize @bullet{} - @item -@@ -6430,7 +6447,7 @@ is usually better to use UUIDs or file system labels and avoid depending on - drive ordering entirely. - - @item --At least on BIOS systems, if you tell @command{grub-install} to install GRUB -+At least on BIOS systems, if you tell @command{grub2-install} to install GRUB - to a partition but GRUB has already been installed in the master boot - record, then the GRUB installation in the partition will be ignored. - -@@ -6461,21 +6478,21 @@ entry which claims partition start at block 0. This change will not hamper - bootability on other machines. - - --@node Invoking grub-install --@chapter Invoking grub-install -+@node Invoking grub2-install -+@chapter Invoking grub2-install - --The program @command{grub-install} generates a GRUB core image using --@command{grub-mkimage} and installs it on your system. You must specify the -+The program @command{grub2-install} generates a GRUB core image using -+@command{grub2-mkimage} and installs it on your system. You must specify the - device name on which you want to install GRUB, like this: - - @example --grub-install @var{install_device} -+grub2-install @var{install_device} - @end example - - The device name @var{install_device} is an OS device name or a GRUB - device name. - --@command{grub-install} accepts the following options: -+@command{grub2-install} accepts the following options: - - @table @option - @item --help -@@ -6491,13 +6508,13 @@ separate partition or a removable disk. - If this option is not specified then it defaults to @file{/boot}, so - - @example --@kbd{grub-install /dev/sda} -+@kbd{grub2-install /dev/sda} - @end example - - is equivalent to - - @example --@kbd{grub-install --boot-directory=/boot/ /dev/sda} -+@kbd{grub2-install --boot-directory=/boot/ /dev/sda} - @end example - - Here is an example in which you have a separate @dfn{boot} partition which is -@@ -6505,16 +6522,16 @@ mounted on - @file{/mnt/boot}: - - @example --@kbd{grub-install --boot-directory=/mnt/boot /dev/sdb} -+@kbd{grub2-install --boot-directory=/mnt/boot /dev/sdb} - @end example - - @item --recheck --Recheck the device map, even if @file{/boot/grub/device.map} already -+Recheck the device map, even if @file{/boot/grub2/device.map} already - exists. You should use this option whenever you add/remove a disk - into/from your computer. - - @item --no-rs-codes --By default on x86 BIOS systems, @command{grub-install} will use some -+By default on x86 BIOS systems, @command{grub2-install} will use some - extra space in the bootloader embedding area for Reed-Solomon - error-correcting codes. This enables GRUB to still boot successfully - if some blocks are corrupted. The exact amount of protection offered -@@ -6527,17 +6544,17 @@ installation}) where GRUB does not reside in any unpartitioned space - outside of the MBR. Disable the Reed-Solomon codes with this option. - @end table - --@node Invoking grub-mkconfig --@chapter Invoking grub-mkconfig -+@node Invoking grub2-mkconfig -+@chapter Invoking grub2-mkconfig - --The program @command{grub-mkconfig} generates a configuration file for GRUB -+The program @command{grub2-mkconfig} generates a configuration file for GRUB - (@pxref{Simple configuration}). - - @example --grub-mkconfig -o /boot/grub/grub.cfg -+grub-mkconfig -o /boot/grub2/grub.cfg - @end example - --@command{grub-mkconfig} accepts the following options: -+@command{grub2-mkconfig} accepts the following options: - - @table @option - @item --help -@@ -6553,17 +6570,17 @@ it to standard output. - @end table - - --@node Invoking grub-mkpasswd-pbkdf2 --@chapter Invoking grub-mkpasswd-pbkdf2 -+@node Invoking grub2-mkpasswd-pbkdf2 -+@chapter Invoking grub2-mkpasswd-pbkdf2 - --The program @command{grub-mkpasswd-pbkdf2} generates password hashes for -+The program @command{grub2-mkpasswd-pbkdf2} generates password hashes for - GRUB (@pxref{Security}). - - @example - grub-mkpasswd-pbkdf2 - @end example - --@command{grub-mkpasswd-pbkdf2} accepts the following options: -+@command{grub2-mkpasswd-pbkdf2} accepts the following options: - - @table @option - @item -c @var{number} -@@ -6581,23 +6598,23 @@ Length of the salt. Defaults to 64. - @end table - - --@node Invoking grub-mkrelpath --@chapter Invoking grub-mkrelpath -+@node Invoking grub2-mkrelpath -+@chapter Invoking grub2-mkrelpath - --The program @command{grub-mkrelpath} makes a file system path relative to -+The program @command{grub2-mkrelpath} makes a file system path relative to - the root of its containing file system. For instance, if @file{/usr} is a - mount point, then: - - @example --$ @kbd{grub-mkrelpath /usr/share/grub/unicode.pf2} -+$ @kbd{grub2-mkrelpath /usr/share/grub/unicode.pf2} - @samp{/share/grub/unicode.pf2} - @end example - - This is mainly used internally by other GRUB utilities such as --@command{grub-mkconfig} (@pxref{Invoking grub-mkconfig}), but may -+@command{grub2-mkconfig} (@pxref{Invoking grub2-mkconfig}), but may - occasionally also be useful for debugging. - --@command{grub-mkrelpath} accepts the following options: -+@command{grub2-mkrelpath} accepts the following options: - - @table @option - @item --help -@@ -6608,17 +6625,17 @@ Print the version number of GRUB and exit. - @end table - - --@node Invoking grub-mkrescue --@chapter Invoking grub-mkrescue -+@node Invoking grub2-mkrescue -+@chapter Invoking grub2-mkrescue - --The program @command{grub-mkrescue} generates a bootable GRUB rescue image -+The program @command{grub2-mkrescue} generates a bootable GRUB rescue image - (@pxref{Making a GRUB bootable CD-ROM}). - - @example - grub-mkrescue -o grub.iso - @end example - --All arguments not explicitly listed as @command{grub-mkrescue} options are -+All arguments not explicitly listed as @command{grub2-mkrescue} options are - passed on directly to @command{xorriso} in @command{mkisofs} emulation mode. - Options passed to @command{xorriso} will normally be interpreted as - @command{mkisofs} options; if the option @samp{--} is used, then anything -@@ -6633,7 +6650,7 @@ mkdir -p disk/boot/grub - grub-mkrescue -o grub.iso disk - @end example - --@command{grub-mkrescue} accepts the following options: -+@command{grub2-mkrescue} accepts the following options: - - @table @option - @item --help -@@ -6661,15 +6678,15 @@ Use @var{file} as the @command{xorriso} program, rather than the built-in - default. - - @item --grub-mkimage=@var{file} --Use @var{file} as the @command{grub-mkimage} program, rather than the -+Use @var{file} as the @command{grub2-mkimage} program, rather than the - built-in default. - @end table - - --@node Invoking grub-mount --@chapter Invoking grub-mount -+@node Invoking grub2-mount -+@chapter Invoking grub2-mount - --The program @command{grub-mount} performs a read-only mount of any file -+The program @command{grub2-mount} performs a read-only mount of any file - system or file system image that GRUB understands, using GRUB's file system - drivers via FUSE. (It is only available if FUSE development files were - present when GRUB was built.) This has a number of uses: -@@ -6701,13 +6718,13 @@ even if nobody has yet written a FUSE module specifically for that file - system type. - @end itemize - --Using @command{grub-mount} is normally as simple as: -+Using @command{grub2-mount} is normally as simple as: - - @example - grub-mount /dev/sda1 /mnt - @end example - --@command{grub-mount} must be given one or more images and a mount point as -+@command{grub2-mount} must be given one or more images and a mount point as - non-option arguments (if it is given more than one image, it will treat them - as a RAID set), and also accepts the following options: - -@@ -6729,13 +6746,13 @@ Show debugging output for conditions matching @var{string}. - @item -K prompt|@var{file} - @itemx --zfs-key=prompt|@var{file} - Load a ZFS encryption key. If you use @samp{prompt} as the argument, --@command{grub-mount} will read a passphrase from the terminal; otherwise, it -+@command{grub2-mount} will read a passphrase from the terminal; otherwise, it - will read key material from the specified file. - - @item -r @var{device} - @itemx --root=@var{device} - Set the GRUB root device to @var{device}. You do not normally need to set --this; @command{grub-mount} will automatically set the root device to the -+this; @command{grub2-mount} will automatically set the root device to the - root of the supplied file system. - - If @var{device} is just a number, then it will be treated as a partition -@@ -6753,10 +6770,10 @@ Print verbose messages. - @end table - - --@node Invoking grub-probe --@chapter Invoking grub-probe -+@node Invoking grub2-probe -+@chapter Invoking grub2-probe - --The program @command{grub-probe} probes device information for a given path -+The program @command{grub2-probe} probes device information for a given path - or device. - - @example -@@ -6764,7 +6781,7 @@ grub-probe --target=fs /boot/grub - grub-probe --target=drive --device /dev/sda1 - @end example - --@command{grub-probe} must be given a path or device as a non-option -+@command{grub2-probe} must be given a path or device as a non-option - argument, and also accepts the following options: - - @table @option -@@ -6777,16 +6794,16 @@ Print the version number of GRUB and exit. - @item -d - @itemx --device - If this option is given, then the non-option argument is a system device --name (such as @samp{/dev/sda1}), and @command{grub-probe} will print -+name (such as @samp{/dev/sda1}), and @command{grub2-probe} will print - information about that device. If it is not given, then the non-option - argument is a filesystem path (such as @samp{/boot/grub}), and --@command{grub-probe} will print information about the device containing that -+@command{grub2-probe} will print information about the device containing that - part of the filesystem. - - @item -m @var{file} - @itemx --device-map=@var{file} - Use @var{file} as the device map (@pxref{Device map}) rather than the --default, usually @samp{/boot/grub/device.map}. -+default, usually @samp{/boot/grub2/device.map}. - - @item -t @var{target} - @itemx --target=@var{target} -@@ -6839,19 +6856,19 @@ Print verbose messages. - @end table - - --@node Invoking grub-script-check --@chapter Invoking grub-script-check -+@node Invoking grub2-script-check -+@chapter Invoking grub2-script-check - --The program @command{grub-script-check} takes a GRUB script file -+The program @command{grub2-script-check} takes a GRUB script file - (@pxref{Shell-like scripting}) and checks it for syntax errors, similar to - commands such as @command{sh -n}. It may take a @var{path} as a non-option - argument; if none is supplied, it will read from standard input. - - @example --grub-script-check /boot/grub/grub.cfg -+grub-script-check /boot/grub2/grub.cfg - @end example - --@command{grub-script-check} accepts the following options: -+@command{grub2-script-check} accepts the following options: - - @table @option - @item --help diff --git a/SPECS/grub2/fedora/0040-macos-just-build-chainloader-entries-don-t-try-any-x.patch b/SPECS/grub2/fedora/0040-macos-just-build-chainloader-entries-don-t-try-any-x.patch deleted file mode 100644 index 8d3139d62e..0000000000 --- a/SPECS/grub2/fedora/0040-macos-just-build-chainloader-entries-don-t-try-any-x.patch +++ /dev/null @@ -1,124 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 24 May 2017 12:42:32 -0400 -Subject: [PATCH] macos: just build chainloader entries, don't try any xnu xnu. - -Since our bugs tell us that the xnu boot entries really just don't work -most of the time, and they create piles of extra boot entries, because -they can't quite figure out 32-vs-64 and other stuff like that. - -It's rediculous, and we should just boot their bootloader through the -chainloader instead. - -So this patch does that. - -Resolves: rhbz#893179 - -Signed-off-by: Peter Jones ---- - util/grub.d/30_os-prober.in | 78 +++++++++++---------------------------------- - 1 file changed, 18 insertions(+), 60 deletions(-) - -diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index 1b91c102f3..4b27bd2015 100644 ---- a/util/grub.d/30_os-prober.in -+++ b/util/grub.d/30_os-prober.in -@@ -42,68 +42,25 @@ if [ -z "${OSPROBED}" ] ; then - fi - - osx_entry() { -- if [ x$2 = x32 ]; then -- # TRANSLATORS: it refers to kernel architecture (32-bit) -- bitstr="$(gettext "(32-bit)")" -- else -- # TRANSLATORS: it refers to kernel architecture (64-bit) -- bitstr="$(gettext "(64-bit)")" -- fi - # TRANSLATORS: it refers on the OS residing on device %s - onstr="$(gettext_printf "(on %s)" "${DEVICE}")" -- cat << EOF --menuentry '$(echo "${LONGNAME} $bitstr $onstr" | grub_quote)' --class osx --class darwin --class os \$menuentry_id_option 'osprober-xnu-$2-$(grub_get_device_id "${DEVICE}")' { -+ hints="" -+ for hint in `"${grub_probe}" --device ${device} --target=efi_hints 2> /dev/null` ; do -+ hints="${hints} --hint=${hint}" -+ done -+ cat << EOF -+menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' --class osx --class darwin --class os \$menuentry_id_option 'osprober-xnu-$2-$(grub_get_device_id "${DEVICE}")' { - EOF - save_default_entry | grub_add_tab - prepare_grub_to_access_device ${DEVICE} | grub_add_tab - cat << EOF -+ set gfxpayload=keep - load_video -- set do_resume=0 -- if [ /var/vm/sleepimage -nt10 / ]; then -- if xnu_resume /var/vm/sleepimage; then -- set do_resume=1 -- fi -- fi -- if [ \$do_resume = 0 ]; then -- xnu_uuid ${OSXUUID} uuid -- if [ -f /Extra/DSDT.aml ]; then -- acpi -e /Extra/DSDT.aml -- fi -- if [ /kernelcache -nt /System/Library/Extensions ]; then -- $1 /kernelcache boot-uuid=\${uuid} rd=*uuid -- elif [ -f /System/Library/Kernels/kernel ]; then -- $1 /System/Library/Kernels/kernel boot-uuid=\${uuid} rd=*uuid -- xnu_kextdir /System/Library/Extensions -- else -- $1 /mach_kernel boot-uuid=\${uuid} rd=*uuid -- if [ /System/Library/Extensions.mkext -nt /System/Library/Extensions ]; then -- xnu_mkext /System/Library/Extensions.mkext -- else -- xnu_kextdir /System/Library/Extensions -- fi -- fi -- if [ -f /Extra/Extensions.mkext ]; then -- xnu_mkext /Extra/Extensions.mkext -- fi -- if [ -d /Extra/Extensions ]; then -- xnu_kextdir /Extra/Extensions -- fi -- if [ -f /Extra/devprop.bin ]; then -- xnu_devprop_load /Extra/devprop.bin -- fi -- if [ -f /Extra/splash.jpg ]; then -- insmod jpeg -- xnu_splash /Extra/splash.jpg -- fi -- if [ -f /Extra/splash.png ]; then -- insmod png -- xnu_splash /Extra/splash.png -- fi -- if [ -f /Extra/splash.tga ]; then -- insmod tga -- xnu_splash /Extra/splash.tga -- fi -- fi -+ insmod part_gpt -+ insmod hfsplus -+ search --no-floppy --fs-uuid --set=root ${hints} $(grub_get_device_id "${DEVICE}") -+ chainloader (\$root)/System/Library/CoreServices/boot.efi -+ boot - } - EOF - } -@@ -292,11 +249,12 @@ EOF - echo "$title_correction_code" - ;; - macosx) -- if [ "${UUID}" ]; then -- OSXUUID="${UUID}" -- osx_entry xnu_kernel 32 -- osx_entry xnu_kernel64 64 -- fi -+ for subdevice in ${DEVICE%[[:digit:]]*}* ; do -+ parttype="`"${grub_probe}" --device ${device} --target=gpt_parttype "${subdevice}" 2> /dev/null`" -+ if [[ "$parttype" = "426f6f74-0000-11aa-aa11-00306543ecac" ]]; then -+ DEVICE="${subdevice}" osx_entry -+ fi -+ done - ;; - hurd) - onstr="$(gettext_printf "(on %s)" "${DEVICE}")" diff --git a/SPECS/grub2/fedora/0041-grub2-btrfs-Add-ability-to-boot-from-subvolumes.patch b/SPECS/grub2/fedora/0041-grub2-btrfs-Add-ability-to-boot-from-subvolumes.patch deleted file mode 100644 index 57d2391abb..0000000000 --- a/SPECS/grub2/fedora/0041-grub2-btrfs-Add-ability-to-boot-from-subvolumes.patch +++ /dev/null @@ -1,703 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Jeff Mahoney -Date: Tue, 9 Jul 2019 13:39:45 +0200 -Subject: [PATCH] grub2/btrfs: Add ability to boot from subvolumes - -This patch adds the ability to specify a different root on a btrfs -filesystem too boot from other than the default one. - -btrfs-list-snapshots will list the subvolumes available on the -filesystem. - -set btrfs_subvol= and set btrfs_subvolid= will specify -which subvolume to use and any pathnames provided with either of those -variables set will start using that root. If the subvolume or subvolume id -doesn't exist, then an error case will result. - -It is possible to boot into a separate GRUB instance by exporting the -variable and loading the config file from the subvolume. - -Signed-off-by: Jeff Mahoney ---- - grub-core/fs/btrfs.c | 552 +++++++++++++++++++++++++++++++++++++++++++++++++-- - include/grub/btrfs.h | 1 + - 2 files changed, 533 insertions(+), 20 deletions(-) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 63203034df..f1fff7385b 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -38,6 +38,9 @@ - #include - #include - #include -+#include -+#include -+#include - #include - #include - #include -@@ -79,9 +82,11 @@ struct grub_btrfs_superblock - grub_uint64_t generation; - grub_uint64_t root_tree; - grub_uint64_t chunk_tree; -- grub_uint8_t dummy2[0x20]; -+ grub_uint8_t dummy2[0x18]; -+ grub_uint64_t bytes_used; - grub_uint64_t root_dir_objectid; -- grub_uint8_t dummy3[0x41]; -+ grub_uint64_t num_devices; -+ grub_uint8_t dummy3[0x39]; - struct grub_btrfs_device this_device; - char label[0x100]; - grub_uint8_t dummy4[0x100]; -@@ -121,6 +126,7 @@ struct grub_btrfs_data - grub_uint64_t exttree; - grub_size_t extsize; - struct grub_btrfs_extent_data *extent; -+ grub_uint64_t fs_tree; - }; - - struct grub_btrfs_chunk_item -@@ -191,6 +197,14 @@ struct grub_btrfs_leaf_descriptor - } *data; - }; - -+struct grub_btrfs_root_ref -+{ -+ grub_uint64_t dirid; -+ grub_uint64_t sequence; -+ grub_uint16_t name_len; -+ const char name[0]; -+} __attribute__ ((packed)); -+ - struct grub_btrfs_time - { - grub_int64_t sec; -@@ -236,6 +250,14 @@ struct grub_btrfs_extent_data - - #define GRUB_BTRFS_OBJECT_ID_CHUNK 0x100 - -+#define GRUB_BTRFS_ROOT_TREE_OBJECTID 1ULL -+#define GRUB_BTRFS_FS_TREE_OBJECTID 5ULL -+#define GRUB_BTRFS_ROOT_REF_KEY 156 -+#define GRUB_BTRFS_ROOT_ITEM_KEY 132 -+ -+static grub_uint64_t btrfs_default_subvolid = 0; -+static char *btrfs_default_subvol = NULL; -+ - static grub_disk_addr_t superblock_sectors[] = { 64 * 2, 64 * 1024 * 2, - 256 * 1048576 * 2, 1048576ULL * 1048576ULL * 2 - }; -@@ -1173,6 +1195,62 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - return GRUB_ERR_NONE; - } - -+static grub_err_t -+get_fs_root(struct grub_btrfs_data *data, grub_uint64_t tree, -+ grub_uint64_t objectid, grub_uint64_t offset, -+ grub_uint64_t *fs_root); -+ -+static grub_err_t -+lookup_root_by_id(struct grub_btrfs_data *data, grub_uint64_t id) -+{ -+ grub_err_t err; -+ grub_uint64_t tree; -+ -+ err = get_fs_root(data, data->sblock.root_tree, id, -1, &tree); -+ if (!err) -+ data->fs_tree = tree; -+ return err; -+} -+ -+static grub_err_t -+find_path (struct grub_btrfs_data *data, -+ const char *path, struct grub_btrfs_key *key, -+ grub_uint64_t *tree, grub_uint8_t *type); -+ -+static grub_err_t -+lookup_root_by_name(struct grub_btrfs_data *data, const char *path) -+{ -+ grub_err_t err; -+ grub_uint64_t tree = 0; -+ grub_uint8_t type; -+ struct grub_btrfs_key key; -+ -+ err = find_path (data, path, &key, &tree, &type); -+ if (err) -+ return grub_error(GRUB_ERR_FILE_NOT_FOUND, "couldn't locate %s\n", path); -+ -+ if (key.object_id != grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK) || tree == 0) -+ return grub_error(GRUB_ERR_BAD_FILE_TYPE, "%s: not a subvolume\n", path); -+ -+ data->fs_tree = tree; -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+btrfs_handle_subvol(struct grub_btrfs_data *data __attribute__ ((unused))) -+{ -+ if (btrfs_default_subvol) -+ return lookup_root_by_name(data, btrfs_default_subvol); -+ -+ if (btrfs_default_subvolid) -+ return lookup_root_by_id(data, btrfs_default_subvolid); -+ -+ data->fs_tree = 0; -+ -+ return GRUB_ERR_NONE; -+} -+ -+ - static struct grub_btrfs_data * - grub_btrfs_mount (grub_device_t dev) - { -@@ -1208,6 +1286,13 @@ grub_btrfs_mount (grub_device_t dev) - data->devices_attached[0].dev = dev; - data->devices_attached[0].id = data->sblock.this_device.device_id; - -+ err = btrfs_handle_subvol (data); -+ if (err) -+ { -+ grub_free (data); -+ return NULL; -+ } -+ - return data; - } - -@@ -1673,6 +1758,91 @@ get_root (struct grub_btrfs_data *data, struct grub_btrfs_key *key, - return GRUB_ERR_NONE; - } - -+static grub_err_t -+find_pathname(struct grub_btrfs_data *data, grub_uint64_t objectid, -+ grub_uint64_t fs_root, const char *name, char **pathname) -+{ -+ grub_err_t err; -+ struct grub_btrfs_key key = { -+ .object_id = objectid, -+ .type = GRUB_BTRFS_ITEM_TYPE_INODE_REF, -+ .offset = 0, -+ }; -+ struct grub_btrfs_key key_out; -+ struct grub_btrfs_leaf_descriptor desc; -+ char *p = grub_strdup (name); -+ grub_disk_addr_t elemaddr; -+ grub_size_t elemsize; -+ grub_size_t alloc = grub_strlen(name) + 1; -+ -+ err = lower_bound(data, &key, &key_out, fs_root, -+ &elemaddr, &elemsize, &desc, 0); -+ if (err) -+ return grub_error(err, "lower_bound caught %d\n", err); -+ -+ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_INODE_REF) -+ next(data, &desc, &elemaddr, &elemsize, &key_out); -+ -+ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_INODE_REF) -+ { -+ return grub_error(GRUB_ERR_FILE_NOT_FOUND, -+ "Can't find inode ref for {%"PRIuGRUB_UINT64_T -+ ", %u, %"PRIuGRUB_UINT64_T"} %"PRIuGRUB_UINT64_T -+ "/%"PRIuGRUB_SIZE"\n", -+ key_out.object_id, key_out.type, -+ key_out.offset, elemaddr, elemsize); -+ } -+ -+ -+ while (key_out.type == GRUB_BTRFS_ITEM_TYPE_INODE_REF && -+ key_out.object_id != key_out.offset) { -+ struct grub_btrfs_inode_ref *inode_ref; -+ char *new; -+ -+ inode_ref = grub_malloc(elemsize + 1); -+ if (!inode_ref) -+ return grub_error(GRUB_ERR_OUT_OF_MEMORY, -+ "couldn't allocate memory for inode_ref (%"PRIuGRUB_SIZE")\n", elemsize); -+ -+ err = grub_btrfs_read_logical(data, elemaddr, inode_ref, elemsize, 0); -+ if (err) -+ return grub_error(err, "read_logical caught %d\n", err); -+ -+ alloc += grub_le_to_cpu16 (inode_ref->n) + 2; -+ new = grub_malloc(alloc); -+ if (!new) -+ return grub_error(GRUB_ERR_OUT_OF_MEMORY, -+ "couldn't allocate memory for name (%"PRIuGRUB_SIZE")\n", alloc); -+ -+ grub_memcpy(new, inode_ref->name, grub_le_to_cpu16 (inode_ref->n)); -+ if (p) -+ { -+ new[grub_le_to_cpu16 (inode_ref->n)] = '/'; -+ grub_strcpy (new + grub_le_to_cpu16 (inode_ref->n) + 1, p); -+ grub_free(p); -+ } -+ else -+ new[grub_le_to_cpu16 (inode_ref->n)] = 0; -+ grub_free(inode_ref); -+ -+ p = new; -+ -+ key.object_id = key_out.offset; -+ -+ err = lower_bound(data, &key, &key_out, fs_root, &elemaddr, -+ &elemsize, &desc, 0); -+ if (err) -+ return grub_error(err, "lower_bound caught %d\n", err); -+ -+ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_INODE_REF) -+ next(data, &desc, &elemaddr, &elemsize, &key_out); -+ -+ } -+ -+ *pathname = p; -+ return 0; -+} -+ - static grub_err_t - find_path (struct grub_btrfs_data *data, - const char *path, struct grub_btrfs_key *key, -@@ -1691,14 +1861,26 @@ find_path (struct grub_btrfs_data *data, - char *origpath = NULL; - unsigned symlinks_max = 32; - -- err = get_root (data, key, tree, type); -- if (err) -- return err; -- - origpath = grub_strdup (path); - if (!origpath) - return grub_errno; - -+ if (data->fs_tree) -+ { -+ *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; -+ *tree = data->fs_tree; -+ /* This is a tree root, so everything starts at objectid 256 */ -+ key->object_id = grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK); -+ key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM; -+ key->offset = 0; -+ } -+ else -+ { -+ err = get_root (data, key, tree, type); -+ if (err) -+ return err; -+ } -+ - while (1) - { - while (path[0] == '/') -@@ -1871,9 +2053,21 @@ find_path (struct grub_btrfs_data *data, - path = path_alloc = tmp; - if (path[0] == '/') - { -- err = get_root (data, key, tree, type); -- if (err) -- return err; -+ if (data->fs_tree) -+ { -+ *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; -+ *tree = data->fs_tree; -+ /* This is a tree root, so everything starts at objectid 256 */ -+ key->object_id = grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK); -+ key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM; -+ key->offset = 0; -+ } -+ else -+ { -+ err = get_root (data, key, tree, type); -+ if (err) -+ return err; -+ } - } - continue; - } -@@ -2114,18 +2308,10 @@ grub_btrfs_read (grub_file_t file, char *buf, grub_size_t len) - data->tree, file->offset, buf, len); - } - --static grub_err_t --grub_btrfs_uuid (grub_device_t device, char **uuid) -+static char * -+btrfs_unparse_uuid(struct grub_btrfs_data *data) - { -- struct grub_btrfs_data *data; -- -- *uuid = NULL; -- -- data = grub_btrfs_mount (device); -- if (!data) -- return grub_errno; -- -- *uuid = grub_xasprintf ("%04x%04x-%04x-%04x-%04x-%04x%04x%04x", -+ return grub_xasprintf ("%04x%04x-%04x-%04x-%04x-%04x%04x%04x", - grub_be_to_cpu16 (data->sblock.uuid[0]), - grub_be_to_cpu16 (data->sblock.uuid[1]), - grub_be_to_cpu16 (data->sblock.uuid[2]), -@@ -2134,6 +2320,20 @@ grub_btrfs_uuid (grub_device_t device, char **uuid) - grub_be_to_cpu16 (data->sblock.uuid[5]), - grub_be_to_cpu16 (data->sblock.uuid[6]), - grub_be_to_cpu16 (data->sblock.uuid[7])); -+} -+ -+static grub_err_t -+grub_btrfs_uuid (grub_device_t device, char **uuid) -+{ -+ struct grub_btrfs_data *data; -+ -+ *uuid = NULL; -+ -+ data = grub_btrfs_mount (device); -+ if (!data) -+ return grub_errno; -+ -+ *uuid = btrfs_unparse_uuid(data); - - grub_btrfs_unmount (data); - -@@ -2190,6 +2390,242 @@ grub_btrfs_embed (grub_device_t device __attribute__ ((unused)), - } - #endif - -+static grub_err_t -+grub_cmd_btrfs_info (grub_command_t cmd __attribute__ ((unused)), int argc, -+ char **argv) -+{ -+ grub_device_t dev; -+ char *devname; -+ struct grub_btrfs_data *data; -+ char *uuid; -+ -+ if (argc < 1) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required"); -+ -+ devname = grub_file_get_device_name(argv[0]); -+ -+ if (!devname) -+ return grub_errno; -+ -+ dev = grub_device_open (devname); -+ grub_free (devname); -+ if (!dev) -+ return grub_errno; -+ -+ data = grub_btrfs_mount (dev); -+ if (!data) -+ { -+ grub_device_close(dev); -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "failed to open fs"); -+ } -+ -+ if (data->sblock.label) -+ grub_printf("Label: '%s' ", data->sblock.label); -+ else -+ grub_printf("Label: none "); -+ -+ uuid = btrfs_unparse_uuid(data); -+ -+ grub_printf(" uuid: %s\n\tTotal devices %" PRIuGRUB_UINT64_T -+ " FS bytes used %" PRIuGRUB_UINT64_T "\n", -+ uuid, grub_cpu_to_le64(data->sblock.num_devices), -+ grub_cpu_to_le64(data->sblock.bytes_used)); -+ -+ grub_btrfs_unmount (data); -+ -+ return 0; -+} -+ -+static grub_err_t -+get_fs_root(struct grub_btrfs_data *data, grub_uint64_t tree, -+ grub_uint64_t objectid, grub_uint64_t offset, -+ grub_uint64_t *fs_root) -+{ -+ grub_err_t err; -+ struct grub_btrfs_key key_in = { -+ .object_id = objectid, -+ .type = GRUB_BTRFS_ROOT_ITEM_KEY, -+ .offset = offset, -+ }, key_out; -+ struct grub_btrfs_leaf_descriptor desc; -+ grub_disk_addr_t elemaddr; -+ grub_size_t elemsize; -+ struct grub_btrfs_root_item ri; -+ -+ err = lower_bound(data, &key_in, &key_out, tree, -+ &elemaddr, &elemsize, &desc, 0); -+ -+ if (err) -+ return err; -+ -+ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_ROOT_ITEM || elemaddr == 0) -+ return grub_error(GRUB_ERR_FILE_NOT_FOUND, -+ N_("can't find fs root for subvol %"PRIuGRUB_UINT64_T"\n"), -+ key_in.object_id); -+ -+ err = grub_btrfs_read_logical (data, elemaddr, &ri, sizeof (ri), 0); -+ if (err) -+ return err; -+ -+ *fs_root = ri.tree; -+ -+ return GRUB_ERR_NONE; -+} -+ -+static const struct grub_arg_option options[] = { -+ {"output", 'o', 0, N_("Output to a variable instead of the console."), -+ N_("VARNAME"), ARG_TYPE_STRING}, -+ {"path-only", 'p', 0, N_("Show only the path of the subvolume."), 0, 0}, -+ {"id-only", 'i', 0, N_("Show only the id of the subvolume."), 0, 0}, -+ {0, 0, 0, 0, 0, 0} -+}; -+ -+static grub_err_t -+grub_cmd_btrfs_list_subvols (struct grub_extcmd_context *ctxt, -+ int argc, char **argv) -+{ -+ struct grub_btrfs_data *data; -+ grub_device_t dev; -+ char *devname; -+ grub_uint64_t tree; -+ struct grub_btrfs_key key_in = { -+ .object_id = grub_cpu_to_le64_compile_time (GRUB_BTRFS_FS_TREE_OBJECTID), -+ .type = GRUB_BTRFS_ROOT_REF_KEY, -+ .offset = 0, -+ }, key_out; -+ struct grub_btrfs_leaf_descriptor desc; -+ grub_disk_addr_t elemaddr; -+ grub_uint64_t fs_root = 0; -+ grub_size_t elemsize; -+ grub_size_t allocated = 0; -+ int r = 0; -+ grub_err_t err; -+ char *buf = NULL; -+ int print = 1; -+ int path_only = ctxt->state[1].set; -+ int num_only = ctxt->state[2].set; -+ char *varname = NULL; -+ char *output = NULL; -+ -+ if (ctxt->state[0].set) { -+ varname = ctxt->state[0].arg; -+ print = 0; -+ } -+ -+ if (argc < 1) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required"); -+ -+ devname = grub_file_get_device_name(argv[0]); -+ if (!devname) -+ return grub_errno; -+ -+ dev = grub_device_open (devname); -+ grub_free (devname); -+ if (!dev) -+ return grub_errno; -+ -+ data = grub_btrfs_mount(dev); -+ if (!data) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "could not open device"); -+ -+ tree = data->sblock.root_tree; -+ err = get_fs_root(data, tree, grub_cpu_to_le64_compile_time (GRUB_BTRFS_FS_TREE_OBJECTID), -+ 0, &fs_root); -+ if (err) -+ goto out; -+ -+ err = lower_bound(data, &key_in, &key_out, tree, -+ &elemaddr, &elemsize, &desc, 0); -+ -+ if (err) -+ { -+ grub_btrfs_unmount(data); -+ return err; -+ } -+ -+ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_ROOT_REF || elemaddr == 0) -+ { -+ r = next(data, &desc, &elemaddr, &elemsize, &key_out); -+ } -+ -+ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_ROOT_REF) { -+ err = GRUB_ERR_FILE_NOT_FOUND; -+ grub_error(GRUB_ERR_FILE_NOT_FOUND, N_("can't find root refs")); -+ goto out; -+ } -+ -+ do -+ { -+ struct grub_btrfs_root_ref *ref; -+ char *p = NULL; -+ -+ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_ROOT_REF) -+ { -+ r = 0; -+ break; -+ } -+ -+ if (elemsize > allocated) -+ { -+ grub_free(buf); -+ allocated = 2 * elemsize; -+ buf = grub_malloc(allocated + 1); -+ if (!buf) -+ { -+ r = -grub_errno; -+ break; -+ } -+ } -+ ref = (struct grub_btrfs_root_ref *)buf; -+ -+ err = grub_btrfs_read_logical(data, elemaddr, buf, elemsize, 0); -+ if (err) -+ { -+ r = -err; -+ break; -+ } -+ buf[elemsize] = 0; -+ -+ find_pathname(data, ref->dirid, fs_root, ref->name, &p); -+ -+ if (print) -+ { -+ if (num_only) -+ grub_printf("ID %"PRIuGRUB_UINT64_T"\n", key_out.offset); -+ else if (path_only) -+ grub_printf("%s\n", p); -+ else -+ grub_printf("ID %"PRIuGRUB_UINT64_T" path %s\n", key_out.offset, p); -+ } else { -+ char *old = output; -+ if (num_only) -+ output = grub_xasprintf("%s%"PRIuGRUB_UINT64_T"\n", -+ old ?: "", key_out.offset); -+ else if (path_only) -+ output = grub_xasprintf("%s%s\n", old ?: "", p); -+ else -+ output = grub_xasprintf("%sID %"PRIuGRUB_UINT64_T" path %s\n", -+ old ?: "", key_out.offset, p); -+ -+ if (old) -+ grub_free(old); -+ } -+ -+ r = next(data, &desc, &elemaddr, &elemsize, &key_out); -+ } while(r > 0); -+ -+ if (output) -+ grub_env_set(varname, output); -+ -+out: -+ free_iterator(&desc); -+ grub_btrfs_unmount(data); -+ -+ grub_device_close (dev); -+ -+ return 0; -+} -+ - static struct grub_fs grub_btrfs_fs = { - .name = "btrfs", - .fs_dir = grub_btrfs_dir, -@@ -2205,12 +2641,88 @@ static struct grub_fs grub_btrfs_fs = { - #endif - }; - -+static grub_command_t cmd_info; -+static grub_extcmd_t cmd_list_subvols; -+ -+static char * -+subvolid_set_env (struct grub_env_var *var __attribute__ ((unused)), -+ const char *val) -+{ -+ unsigned long long result = 0; -+ -+ grub_errno = GRUB_ERR_NONE; -+ if (*val) -+ { -+ result = grub_strtoull(val, NULL, 10); -+ if (grub_errno) -+ return NULL; -+ } -+ -+ grub_free (btrfs_default_subvol); -+ btrfs_default_subvol = NULL; -+ btrfs_default_subvolid = result; -+ return grub_strdup(val); -+} -+ -+static const char * -+subvolid_get_env (struct grub_env_var *var __attribute__ ((unused)), -+ const char *val __attribute__ ((unused))) -+{ -+ if (btrfs_default_subvol) -+ return grub_xasprintf("subvol:%s", btrfs_default_subvol); -+ else if (btrfs_default_subvolid) -+ return grub_xasprintf("%"PRIuGRUB_UINT64_T, btrfs_default_subvolid); -+ else -+ return ""; -+} -+ -+static char * -+subvol_set_env (struct grub_env_var *var __attribute__ ((unused)), -+ const char *val) -+{ -+ grub_free (btrfs_default_subvol); -+ btrfs_default_subvol = grub_strdup (val); -+ btrfs_default_subvolid = 0; -+ return grub_strdup(val); -+} -+ -+static const char * -+subvol_get_env (struct grub_env_var *var __attribute__ ((unused)), -+ const char *val __attribute__ ((unused))) -+{ -+ if (btrfs_default_subvol) -+ return btrfs_default_subvol; -+ else if (btrfs_default_subvolid) -+ return grub_xasprintf("subvolid:%" PRIuGRUB_UINT64_T, -+ btrfs_default_subvolid); -+ else -+ return ""; -+} -+ - GRUB_MOD_INIT (btrfs) - { - grub_fs_register (&grub_btrfs_fs); -+ cmd_info = grub_register_command("btrfs-info", grub_cmd_btrfs_info, -+ "DEVICE", -+ "Print BtrFS info about DEVICE."); -+ cmd_list_subvols = grub_register_extcmd("btrfs-list-subvols", -+ grub_cmd_btrfs_list_subvols, 0, -+ "[-p|-n] [-o var] DEVICE", -+ "Print list of BtrFS subvolumes on " -+ "DEVICE.", options); -+ grub_register_variable_hook ("btrfs_subvol", subvol_get_env, -+ subvol_set_env); -+ grub_register_variable_hook ("btrfs_subvolid", subvolid_get_env, -+ subvolid_set_env); - } - - GRUB_MOD_FINI (btrfs) - { -+ grub_register_variable_hook ("btrfs_subvol", NULL, NULL); -+ grub_register_variable_hook ("btrfs_subvolid", NULL, NULL); -+ grub_unregister_command (cmd_info); -+ grub_unregister_extcmd (cmd_list_subvols); - grub_fs_unregister (&grub_btrfs_fs); - } -+ -+// vim: si et sw=2: -diff --git a/include/grub/btrfs.h b/include/grub/btrfs.h -index 9d93fb6c18..234ad97677 100644 ---- a/include/grub/btrfs.h -+++ b/include/grub/btrfs.h -@@ -29,6 +29,7 @@ enum - GRUB_BTRFS_ITEM_TYPE_ROOT_ITEM = 0x84, - GRUB_BTRFS_ITEM_TYPE_ROOT_BACKREF = 0x90, - GRUB_BTRFS_ITEM_TYPE_DEVICE = 0xd8, -+ GRUB_BTRFS_ITEM_TYPE_ROOT_REF = 0x9c, - GRUB_BTRFS_ITEM_TYPE_CHUNK = 0xe4 - }; - diff --git a/SPECS/grub2/fedora/0042-export-btrfs_subvol-and-btrfs_subvolid.patch b/SPECS/grub2/fedora/0042-export-btrfs_subvol-and-btrfs_subvolid.patch deleted file mode 100644 index 719866e158..0000000000 --- a/SPECS/grub2/fedora/0042-export-btrfs_subvol-and-btrfs_subvolid.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Wed, 18 Dec 2013 09:57:04 +0000 -Subject: [PATCH] export btrfs_subvol and btrfs_subvolid - -We should export btrfs_subvol and btrfs_subvolid to have both visible -to subsidiary configuration files loaded using configfile. - -Signed-off-by: Michael Chang ---- - grub-core/fs/btrfs.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index f1fff7385b..ad1b56b716 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -2714,6 +2714,8 @@ GRUB_MOD_INIT (btrfs) - subvol_set_env); - grub_register_variable_hook ("btrfs_subvolid", subvolid_get_env, - subvolid_set_env); -+ grub_env_export ("btrfs_subvol"); -+ grub_env_export ("btrfs_subvolid"); - } - - GRUB_MOD_FINI (btrfs) diff --git a/SPECS/grub2/fedora/0043-grub2-btrfs-03-follow_default.patch b/SPECS/grub2/fedora/0043-grub2-btrfs-03-follow_default.patch deleted file mode 100644 index 621f029e40..0000000000 --- a/SPECS/grub2/fedora/0043-grub2-btrfs-03-follow_default.patch +++ /dev/null @@ -1,198 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Thu, 21 Aug 2014 03:39:11 +0000 -Subject: [PATCH] grub2-btrfs-03-follow_default - -Signed-off-by: Michael Chang -Signed-off-by: Robbie Harwood ---- - grub-core/fs/btrfs.c | 107 ++++++++++++++++++++++++++++++++++++--------------- - 1 file changed, 76 insertions(+), 31 deletions(-) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index ad1b56b716..113c1f746c 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -1256,6 +1256,7 @@ grub_btrfs_mount (grub_device_t dev) - { - struct grub_btrfs_data *data; - grub_err_t err; -+ const char *relpath = grub_env_get ("btrfs_relative_path"); - - if (!dev->disk) - { -@@ -1286,11 +1287,14 @@ grub_btrfs_mount (grub_device_t dev) - data->devices_attached[0].dev = dev; - data->devices_attached[0].id = data->sblock.this_device.device_id; - -- err = btrfs_handle_subvol (data); -- if (err) -+ if (relpath && (relpath[0] == '1' || relpath[0] == 'y')) - { -- grub_free (data); -- return NULL; -+ err = btrfs_handle_subvol (data); -+ if (err) -+ { -+ grub_free (data); -+ return NULL; -+ } - } - - return data; -@@ -1855,24 +1859,39 @@ find_path (struct grub_btrfs_data *data, - grub_size_t allocated = 0; - struct grub_btrfs_dir_item *direl = NULL; - struct grub_btrfs_key key_out; -+ int follow_default; - const char *ctoken; - grub_size_t ctokenlen; - char *path_alloc = NULL; - char *origpath = NULL; - unsigned symlinks_max = 32; -+ const char *relpath = grub_env_get ("btrfs_relative_path"); - -+ follow_default = 0; - origpath = grub_strdup (path); - if (!origpath) - return grub_errno; - -- if (data->fs_tree) -+ if (relpath && (relpath[0] == '1' || relpath[0] == 'y')) - { -- *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; -- *tree = data->fs_tree; -- /* This is a tree root, so everything starts at objectid 256 */ -- key->object_id = grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK); -- key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM; -- key->offset = 0; -+ if (data->fs_tree) -+ { -+ *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; -+ *tree = data->fs_tree; -+ /* This is a tree root, so everything starts at objectid 256 */ -+ key->object_id = grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK); -+ key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM; -+ key->offset = 0; -+ } -+ else -+ { -+ *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; -+ *tree = data->sblock.root_tree; -+ key->object_id = data->sblock.root_dir_objectid; -+ key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM; -+ key->offset = 0; -+ follow_default = 1; -+ } - } - else - { -@@ -1883,15 +1902,23 @@ find_path (struct grub_btrfs_data *data, - - while (1) - { -- while (path[0] == '/') -- path++; -- if (!path[0]) -- break; -- slash = grub_strchr (path, '/'); -- if (!slash) -- slash = path + grub_strlen (path); -- ctoken = path; -- ctokenlen = slash - path; -+ if (!follow_default) -+ { -+ while (path[0] == '/') -+ path++; -+ if (!path[0]) -+ break; -+ slash = grub_strchr (path, '/'); -+ if (!slash) -+ slash = path + grub_strlen (path); -+ ctoken = path; -+ ctokenlen = slash - path; -+ } -+ else -+ { -+ ctoken = "default"; -+ ctokenlen = sizeof ("default") - 1; -+ } - - if (*type != GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY) - { -@@ -1902,7 +1929,9 @@ find_path (struct grub_btrfs_data *data, - - if (ctokenlen == 1 && ctoken[0] == '.') - { -- path = slash; -+ if (!follow_default) -+ path = slash; -+ follow_default = 0; - continue; - } - if (ctokenlen == 2 && ctoken[0] == '.' && ctoken[1] == '.') -@@ -1933,8 +1962,9 @@ find_path (struct grub_btrfs_data *data, - *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; - key->object_id = key_out.offset; - -- path = slash; -- -+ if (!follow_default) -+ path = slash; -+ follow_default = 0; - continue; - } - -@@ -2003,7 +2033,9 @@ find_path (struct grub_btrfs_data *data, - return err; - } - -- path = slash; -+ if (!follow_default) -+ path = slash; -+ follow_default = 0; - if (cdirel->type == GRUB_BTRFS_DIR_ITEM_TYPE_SYMLINK) - { - struct grub_btrfs_inode inode; -@@ -2053,14 +2085,26 @@ find_path (struct grub_btrfs_data *data, - path = path_alloc = tmp; - if (path[0] == '/') - { -- if (data->fs_tree) -+ if (relpath && (relpath[0] == '1' || relpath[0] == 'y')) - { -- *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; -- *tree = data->fs_tree; -- /* This is a tree root, so everything starts at objectid 256 */ -- key->object_id = grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK); -- key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM; -- key->offset = 0; -+ if (data->fs_tree) -+ { -+ *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; -+ *tree = data->fs_tree; -+ /* This is a tree root, so everything starts at objectid 256 */ -+ key->object_id = grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK); -+ key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM; -+ key->offset = 0; -+ } -+ else -+ { -+ *type = GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY; -+ *tree = data->sblock.root_tree; -+ key->object_id = data->sblock.root_dir_objectid; -+ key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM; -+ key->offset = 0; -+ follow_default = 1; -+ } - } - else - { -@@ -2716,6 +2760,7 @@ GRUB_MOD_INIT (btrfs) - subvolid_set_env); - grub_env_export ("btrfs_subvol"); - grub_env_export ("btrfs_subvolid"); -+ grub_env_export ("btrfs_relative_path"); - } - - GRUB_MOD_FINI (btrfs) diff --git a/SPECS/grub2/fedora/0044-grub2-btrfs-04-grub2-install.patch b/SPECS/grub2/fedora/0044-grub2-btrfs-04-grub2-install.patch deleted file mode 100644 index 6b2bc78eac..0000000000 --- a/SPECS/grub2/fedora/0044-grub2-btrfs-04-grub2-install.patch +++ /dev/null @@ -1,176 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Thu, 21 Aug 2014 03:39:11 +0000 -Subject: [PATCH] grub2-btrfs-04-grub2-install - -Signed-off-by: Michael Chang -Signed-off-by: Robbie Harwood ---- - grub-core/osdep/linux/getroot.c | 7 +++++++ - grub-core/osdep/unix/config.c | 17 +++++++++++++++-- - util/config.c | 10 ++++++++++ - util/grub-install.c | 15 +++++++++++++++ - util/grub-mkrelpath.c | 6 ++++++ - include/grub/emu/config.h | 1 + - 6 files changed, 54 insertions(+), 2 deletions(-) - -diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c -index 001b818fe5..caf9b1ccd3 100644 ---- a/grub-core/osdep/linux/getroot.c -+++ b/grub-core/osdep/linux/getroot.c -@@ -376,6 +376,7 @@ get_btrfs_fs_prefix (const char *mount_path) - return NULL; - } - -+int use_relative_path_on_btrfs = 0; - - char ** - grub_find_root_devices_from_mountinfo (const char *dir, char **relroot) -@@ -519,6 +520,12 @@ again: - { - ret = grub_find_root_devices_from_btrfs (dir); - fs_prefix = get_btrfs_fs_prefix (entries[i].enc_path); -+ if (use_relative_path_on_btrfs) -+ { -+ if (fs_prefix) -+ free (fs_prefix); -+ fs_prefix = xstrdup ("/"); -+ } - } - else if (!retry && grub_strcmp (entries[i].fstype, "autofs") == 0) - { -diff --git a/grub-core/osdep/unix/config.c b/grub-core/osdep/unix/config.c -index 7d6325138c..46a881530c 100644 ---- a/grub-core/osdep/unix/config.c -+++ b/grub-core/osdep/unix/config.c -@@ -82,6 +82,19 @@ grub_util_load_config (struct grub_util_config *cfg) - if (v) - cfg->grub_distributor = xstrdup (v); - -+ v = getenv ("SUSE_BTRFS_SNAPSHOT_BOOTING"); -+ if (v) -+ { -+ if (grub_strncmp(v, "true", sizeof ("true") - 1) == 0) -+ { -+ cfg->is_suse_btrfs_snapshot_enabled = 1; -+ } -+ else -+ { -+ cfg->is_suse_btrfs_snapshot_enabled = 0; -+ } -+ } -+ - cfgfile = grub_util_get_config_filename (); - if (!grub_util_is_regular (cfgfile)) - return; -@@ -105,8 +118,8 @@ grub_util_load_config (struct grub_util_config *cfg) - *ptr++ = *iptr; - } - -- strcpy (ptr, "'; printf \"GRUB_ENABLE_CRYPTODISK=%s\\nGRUB_DISTRIBUTOR=%s\\n\" " -- "\"$GRUB_ENABLE_CRYPTODISK\" \"$GRUB_DISTRIBUTOR\""); -+ strcpy (ptr, "'; printf \"GRUB_ENABLE_CRYPTODISK=%s\\nGRUB_DISTRIBUTOR=%s\\nSUSE_BTRFS_SNAPSHOT_BOOTING=%s\\n\" " -+ "\"$GRUB_ENABLE_CRYPTODISK\" \"$GRUB_DISTRIBUTOR\" \"$SUSE_BTRFS_SNAPSHOT_BOOTING\""); - - argv[2] = script; - argv[3] = '\0'; -diff --git a/util/config.c b/util/config.c -index ebcdd8f5e2..f044a880a7 100644 ---- a/util/config.c -+++ b/util/config.c -@@ -42,6 +42,16 @@ grub_util_parse_config (FILE *f, struct grub_util_config *cfg, int simple) - cfg->is_cryptodisk_enabled = 1; - continue; - } -+ if (grub_strncmp (ptr, "SUSE_BTRFS_SNAPSHOT_BOOTING=", -+ sizeof ("SUSE_BTRFS_SNAPSHOT_BOOTING=") - 1) == 0) -+ { -+ ptr += sizeof ("SUSE_BTRFS_SNAPSHOT_BOOTING=") - 1; -+ if (*ptr == '"' || *ptr == '\'') -+ ptr++; -+ if (grub_strncmp(ptr, "true", sizeof ("true") - 1) == 0) -+ cfg->is_suse_btrfs_snapshot_enabled = 1; -+ continue; -+ } - if (grub_strncmp (ptr, "GRUB_DISTRIBUTOR=", - sizeof ("GRUB_DISTRIBUTOR=") - 1) == 0) - { -diff --git a/util/grub-install.c b/util/grub-install.c -index 0fbe7f78c6..0f66f36d23 100644 ---- a/util/grub-install.c -+++ b/util/grub-install.c -@@ -827,6 +827,8 @@ fill_core_services (const char *core_services) - free (sysv_plist); - } - -+extern int use_relative_path_on_btrfs; -+ - int - main (int argc, char *argv[]) - { -@@ -860,6 +862,9 @@ main (int argc, char *argv[]) - - grub_util_load_config (&config); - -+ if (config.is_suse_btrfs_snapshot_enabled) -+ use_relative_path_on_btrfs = 1; -+ - if (!bootloader_id && config.grub_distributor) - { - char *ptr; -@@ -1352,6 +1357,16 @@ main (int argc, char *argv[]) - fprintf (load_cfg_f, "set debug='%s'\n", - debug_image); - } -+ -+ if (config.is_suse_btrfs_snapshot_enabled -+ && grub_strncmp(grub_fs->name, "btrfs", sizeof ("btrfs") - 1) == 0) -+ { -+ if (!load_cfg_f) -+ load_cfg_f = grub_util_fopen (load_cfg, "wb"); -+ have_load_cfg = 1; -+ fprintf (load_cfg_f, "set btrfs_relative_path='y'\n"); -+ } -+ - char *prefix_drive = NULL; - char *install_drive = NULL; - -diff --git a/util/grub-mkrelpath.c b/util/grub-mkrelpath.c -index 47a241a391..5db7a9a7d9 100644 ---- a/util/grub-mkrelpath.c -+++ b/util/grub-mkrelpath.c -@@ -40,9 +40,12 @@ struct arguments - }; - - static struct argp_option options[] = { -+ {"relative", 'r', 0, 0, "use relative path on btrfs", 0}, - { 0, 0, 0, 0, 0, 0 } - }; - -+extern int use_relative_path_on_btrfs; -+ - static error_t - argp_parser (int key, char *arg, struct argp_state *state) - { -@@ -52,6 +55,9 @@ argp_parser (int key, char *arg, struct argp_state *state) - - switch (key) - { -+ case 'r': -+ use_relative_path_on_btrfs = 1; -+ break; - case ARGP_KEY_ARG: - if (state->arg_num == 0) - arguments->pathname = xstrdup (arg); -diff --git a/include/grub/emu/config.h b/include/grub/emu/config.h -index 875d5896ce..c9a7e5f4ad 100644 ---- a/include/grub/emu/config.h -+++ b/include/grub/emu/config.h -@@ -37,6 +37,7 @@ struct grub_util_config - { - int is_cryptodisk_enabled; - char *grub_distributor; -+ int is_suse_btrfs_snapshot_enabled; - }; - - void diff --git a/SPECS/grub2/fedora/0045-grub2-btrfs-05-grub2-mkconfig.patch b/SPECS/grub2/fedora/0045-grub2-btrfs-05-grub2-mkconfig.patch deleted file mode 100644 index ca3f86b61f..0000000000 --- a/SPECS/grub2/fedora/0045-grub2-btrfs-05-grub2-mkconfig.patch +++ /dev/null @@ -1,129 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Thu, 21 Aug 2014 03:39:11 +0000 -Subject: [PATCH] grub2-btrfs-05-grub2-mkconfig - -Signed-off-by: Michael Chang ---- - util/grub-mkconfig.in | 3 ++- - util/grub-mkconfig_lib.in | 4 ++++ - util/grub.d/00_header.in | 25 ++++++++++++++++++++++++- - util/grub.d/10_linux.in | 4 ++++ - util/grub.d/20_linux_xen.in | 4 ++++ - 5 files changed, 38 insertions(+), 2 deletions(-) - -diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 005f093809..535c0f0249 100644 ---- a/util/grub-mkconfig.in -+++ b/util/grub-mkconfig.in -@@ -252,7 +252,8 @@ export GRUB_DEFAULT \ - GRUB_BADRAM \ - GRUB_OS_PROBER_SKIP_LIST \ - GRUB_DISABLE_SUBMENU \ -- GRUB_DEFAULT_DTB -+ GRUB_DEFAULT_DTB \ -+ SUSE_BTRFS_SNAPSHOT_BOOTING - - if test "x${grub_cfg}" != "x"; then - rm -f "${grub_cfg}.new" -diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in -index 0f6505bf3b..5e96f6cc5d 100644 ---- a/util/grub-mkconfig_lib.in -+++ b/util/grub-mkconfig_lib.in -@@ -49,7 +49,11 @@ grub_warn () - - make_system_path_relative_to_its_root () - { -+ if [ "x${SUSE_BTRFS_SNAPSHOT_BOOTING}" = "xtrue" ] ; then -+ "${grub_mkrelpath}" -r "$1" -+ else - "${grub_mkrelpath}" "$1" -+ fi - } - - is_path_readable_by_grub () -diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in -index 858b526c92..de727e6ee6 100644 ---- a/util/grub.d/00_header.in -+++ b/util/grub.d/00_header.in -@@ -27,6 +27,14 @@ export TEXTDOMAINDIR="@localedir@" - - . "$pkgdatadir/grub-mkconfig_lib" - -+if [ "x${SUSE_BTRFS_SNAPSHOT_BOOTING}" = "xtrue" ] && -+ [ "x${GRUB_FS}" = "xbtrfs" ] ; then -+ cat </dev/null || true` -diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in -index ada20775a1..e9e73b815f 100644 ---- a/util/grub.d/20_linux_xen.in -+++ b/util/grub.d/20_linux_xen.in -@@ -73,10 +73,14 @@ fi - - case x"$GRUB_FS" in - xbtrfs) -+ if [ "x${SUSE_BTRFS_SNAPSHOT_BOOTING}" = "xtrue" ]; then -+ GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX} \${extra_cmdline}" -+ else - rootsubvol="`make_system_path_relative_to_its_root /`" - rootsubvol="${rootsubvol#/}" - if [ "x${rootsubvol}" != x ]; then - GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}" -+ fi - fi;; - xzfs) - rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true` diff --git a/SPECS/grub2/fedora/0046-grub2-btrfs-06-subvol-mount.patch b/SPECS/grub2/fedora/0046-grub2-btrfs-06-subvol-mount.patch deleted file mode 100644 index 8cdf247df8..0000000000 --- a/SPECS/grub2/fedora/0046-grub2-btrfs-06-subvol-mount.patch +++ /dev/null @@ -1,539 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Tue, 9 Jul 2019 13:56:16 +0200 -Subject: [PATCH] grub2-btrfs-06-subvol-mount - -Signed-off-by: Michael Chang -Signed-off-by: Robbie Harwood ---- - grub-core/fs/btrfs.c | 195 +++++++++++++++++++++++++++++++++++++++- - grub-core/osdep/linux/getroot.c | 148 +++++++++++++++++++++++++++++- - util/grub-install.c | 49 ++++++++++ - include/grub/emu/getroot.h | 5 ++ - 4 files changed, 392 insertions(+), 5 deletions(-) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 113c1f746c..d323746ecf 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -41,6 +41,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -266,6 +267,12 @@ static grub_err_t - grub_btrfs_read_logical (struct grub_btrfs_data *data, - grub_disk_addr_t addr, void *buf, grub_size_t size, - int recursion_depth); -+static grub_err_t -+get_root (struct grub_btrfs_data *data, struct grub_btrfs_key *key, -+ grub_uint64_t *tree, grub_uint8_t *type); -+ -+grub_uint64_t -+find_mtab_subvol_tree (const char *path, char **path_in_subvol); - - static grub_err_t - read_sblock (grub_disk_t disk, struct grub_btrfs_superblock *sb) -@@ -1223,9 +1230,26 @@ lookup_root_by_name(struct grub_btrfs_data *data, const char *path) - grub_err_t err; - grub_uint64_t tree = 0; - grub_uint8_t type; -+ grub_uint64_t saved_tree; - struct grub_btrfs_key key; - -+ if (path[0] == '\0') -+ { -+ data->fs_tree = 0; -+ return GRUB_ERR_NONE; -+ } -+ -+ err = get_root (data, &key, &tree, &type); -+ if (err) -+ return err; -+ -+ saved_tree = data->fs_tree; -+ data->fs_tree = tree; -+ - err = find_path (data, path, &key, &tree, &type); -+ -+ data->fs_tree = saved_tree; -+ - if (err) - return grub_error(GRUB_ERR_FILE_NOT_FOUND, "couldn't locate %s\n", path); - -@@ -2199,11 +2223,20 @@ grub_btrfs_dir (grub_device_t device, const char *path, - int r = 0; - grub_uint64_t tree; - grub_uint8_t type; -+ char *new_path = NULL; - - if (!data) - return grub_errno; - -- err = find_path (data, path, &key_in, &tree, &type); -+ tree = find_mtab_subvol_tree (path, &new_path); -+ -+ if (tree) -+ data->fs_tree = tree; -+ -+ err = find_path (data, new_path ? new_path : path, &key_in, &tree, &type); -+ if (new_path) -+ grub_free (new_path); -+ - if (err) - { - grub_btrfs_unmount (data); -@@ -2305,11 +2338,21 @@ grub_btrfs_open (struct grub_file *file, const char *name) - struct grub_btrfs_inode inode; - grub_uint8_t type; - struct grub_btrfs_key key_in; -+ grub_uint64_t tree; -+ char *new_path = NULL; - - if (!data) - return grub_errno; - -- err = find_path (data, name, &key_in, &data->tree, &type); -+ tree = find_mtab_subvol_tree (name, &new_path); -+ -+ if (tree) -+ data->fs_tree = tree; -+ -+ err = find_path (data, new_path ? new_path : name, &key_in, &data->tree, &type); -+ if (new_path) -+ grub_free (new_path); -+ - if (err) - { - grub_btrfs_unmount (data); -@@ -2480,6 +2523,150 @@ grub_cmd_btrfs_info (grub_command_t cmd __attribute__ ((unused)), int argc, - return 0; - } - -+struct grub_btrfs_mtab -+{ -+ struct grub_btrfs_mtab *next; -+ struct grub_btrfs_mtab **prev; -+ char *path; -+ char *subvol; -+ grub_uint64_t tree; -+}; -+ -+typedef struct grub_btrfs_mtab* grub_btrfs_mtab_t; -+ -+static struct grub_btrfs_mtab *btrfs_mtab; -+ -+#define FOR_GRUB_MTAB(var) FOR_LIST_ELEMENTS (var, btrfs_mtab) -+#define FOR_GRUB_MTAB_SAFE(var, next) FOR_LIST_ELEMENTS_SAFE((var), (next), btrfs_mtab) -+ -+static void -+add_mountpoint (const char *path, const char *subvol, grub_uint64_t tree) -+{ -+ grub_btrfs_mtab_t m = grub_malloc (sizeof (*m)); -+ -+ m->path = grub_strdup (path); -+ m->subvol = grub_strdup (subvol); -+ m->tree = tree; -+ grub_list_push (GRUB_AS_LIST_P (&btrfs_mtab), GRUB_AS_LIST (m)); -+} -+ -+static grub_err_t -+grub_cmd_btrfs_mount_subvol (grub_command_t cmd __attribute__ ((unused)), int argc, -+ char **argv) -+{ -+ char *devname, *dirname, *subvol; -+ struct grub_btrfs_key key_in; -+ grub_uint8_t type; -+ grub_uint64_t tree; -+ grub_uint64_t saved_tree; -+ grub_err_t err; -+ struct grub_btrfs_data *data = NULL; -+ grub_device_t dev = NULL; -+ -+ if (argc < 3) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "required and "); -+ -+ devname = grub_file_get_device_name(argv[0]); -+ dev = grub_device_open (devname); -+ grub_free (devname); -+ -+ if (!dev) -+ { -+ err = grub_errno; -+ goto err_out; -+ } -+ -+ dirname = argv[1]; -+ subvol = argv[2]; -+ -+ data = grub_btrfs_mount (dev); -+ if (!data) -+ { -+ err = grub_errno; -+ goto err_out; -+ } -+ -+ err = find_path (data, dirname, &key_in, &tree, &type); -+ if (err) -+ goto err_out; -+ -+ if (type != GRUB_BTRFS_DIR_ITEM_TYPE_DIRECTORY) -+ { -+ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, N_("not a directory")); -+ goto err_out; -+ } -+ -+ err = get_root (data, &key_in, &tree, &type); -+ -+ if (err) -+ goto err_out; -+ -+ saved_tree = data->fs_tree; -+ data->fs_tree = tree; -+ err = find_path (data, subvol, &key_in, &tree, &type); -+ data->fs_tree = saved_tree; -+ -+ if (err) -+ goto err_out; -+ -+ if (key_in.object_id != grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK) || tree == 0) -+ { -+ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "%s: not a subvolume\n", subvol); -+ goto err_out; -+ } -+ -+ grub_btrfs_unmount (data); -+ grub_device_close (dev); -+ add_mountpoint (dirname, subvol, tree); -+ -+ return GRUB_ERR_NONE; -+ -+err_out: -+ -+ if (data) -+ grub_btrfs_unmount (data); -+ -+ if (dev) -+ grub_device_close (dev); -+ -+ return err; -+} -+ -+grub_uint64_t -+find_mtab_subvol_tree (const char *path, char **path_in_subvol) -+{ -+ grub_btrfs_mtab_t m, cm; -+ grub_uint64_t tree; -+ -+ if (!path || !path_in_subvol) -+ return 0; -+ -+ *path_in_subvol = NULL; -+ tree = 0; -+ cm = NULL; -+ -+ FOR_GRUB_MTAB (m) -+ { -+ if (grub_strncmp (path, m->path, grub_strlen (m->path)) == 0) -+ { -+ if (!cm) -+ cm = m; -+ else -+ if (grub_strcmp (m->path, cm->path) > 0) -+ cm = m; -+ } -+ } -+ -+ if (cm) -+ { -+ const char *s = path + grub_strlen (cm->path); -+ *path_in_subvol = (s[0] == '\0') ? grub_strdup ("/") : grub_strdup (s); -+ tree = cm->tree; -+ } -+ -+ return tree; -+} -+ - static grub_err_t - get_fs_root(struct grub_btrfs_data *data, grub_uint64_t tree, - grub_uint64_t objectid, grub_uint64_t offset, -@@ -2686,6 +2873,7 @@ static struct grub_fs grub_btrfs_fs = { - }; - - static grub_command_t cmd_info; -+static grub_command_t cmd_mount_subvol; - static grub_extcmd_t cmd_list_subvols; - - static char * -@@ -2749,6 +2937,9 @@ GRUB_MOD_INIT (btrfs) - cmd_info = grub_register_command("btrfs-info", grub_cmd_btrfs_info, - "DEVICE", - "Print BtrFS info about DEVICE."); -+ cmd_mount_subvol = grub_register_command("btrfs-mount-subvol", grub_cmd_btrfs_mount_subvol, -+ "DEVICE DIRECTORY SUBVOL", -+ "Set btrfs DEVICE the DIRECTORY a mountpoint of SUBVOL."); - cmd_list_subvols = grub_register_extcmd("btrfs-list-subvols", - grub_cmd_btrfs_list_subvols, 0, - "[-p|-n] [-o var] DEVICE", -diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c -index caf9b1ccd3..28790307e0 100644 ---- a/grub-core/osdep/linux/getroot.c -+++ b/grub-core/osdep/linux/getroot.c -@@ -107,6 +107,14 @@ struct btrfs_ioctl_search_key - grub_uint32_t unused[9]; - }; - -+struct btrfs_ioctl_search_header { -+ grub_uint64_t transid; -+ grub_uint64_t objectid; -+ grub_uint64_t offset; -+ grub_uint32_t type; -+ grub_uint32_t len; -+}; -+ - struct btrfs_ioctl_search_args { - struct btrfs_ioctl_search_key key; - grub_uint64_t buf[(4096 - sizeof(struct btrfs_ioctl_search_key)) -@@ -378,6 +386,109 @@ get_btrfs_fs_prefix (const char *mount_path) - - int use_relative_path_on_btrfs = 0; - -+static char * -+get_btrfs_subvol (const char *path) -+{ -+ struct btrfs_ioctl_ino_lookup_args args; -+ grub_uint64_t tree_id; -+ int fd = -1; -+ char *ret = NULL; -+ -+ fd = open (path, O_RDONLY); -+ -+ if (fd < 0) -+ return NULL; -+ -+ memset (&args, 0, sizeof(args)); -+ args.objectid = GRUB_BTRFS_TREE_ROOT_OBJECTID; -+ -+ if (ioctl (fd, BTRFS_IOC_INO_LOOKUP, &args) < 0) -+ goto error; -+ -+ tree_id = args.treeid; -+ -+ while (tree_id != GRUB_BTRFS_ROOT_VOL_OBJECTID) -+ { -+ struct btrfs_ioctl_search_args sargs; -+ struct grub_btrfs_root_backref *br; -+ struct btrfs_ioctl_search_header *search_header; -+ char *old; -+ grub_uint16_t len; -+ grub_uint64_t inode_id; -+ -+ memset (&sargs, 0, sizeof(sargs)); -+ -+ sargs.key.tree_id = 1; -+ sargs.key.min_objectid = tree_id; -+ sargs.key.max_objectid = tree_id; -+ -+ sargs.key.min_offset = 0; -+ sargs.key.max_offset = ~0ULL; -+ sargs.key.min_transid = 0; -+ sargs.key.max_transid = ~0ULL; -+ sargs.key.min_type = GRUB_BTRFS_ITEM_TYPE_ROOT_BACKREF; -+ sargs.key.max_type = GRUB_BTRFS_ITEM_TYPE_ROOT_BACKREF; -+ -+ sargs.key.nr_items = 1; -+ -+ if (ioctl (fd, BTRFS_IOC_TREE_SEARCH, &sargs) < 0) -+ goto error; -+ -+ if (sargs.key.nr_items == 0) -+ goto error; -+ -+ search_header = (struct btrfs_ioctl_search_header *)sargs.buf; -+ br = (struct grub_btrfs_root_backref *) (search_header + 1); -+ -+ len = grub_le_to_cpu16 (br->n); -+ inode_id = grub_le_to_cpu64 (br->inode_id); -+ tree_id = search_header->offset; -+ -+ old = ret; -+ ret = malloc (len + 1); -+ memcpy (ret, br->name, len); -+ ret[len] = '\0'; -+ -+ if (inode_id != GRUB_BTRFS_TREE_ROOT_OBJECTID) -+ { -+ char *s; -+ -+ memset(&args, 0, sizeof(args)); -+ args.treeid = search_header->offset; -+ args.objectid = inode_id; -+ -+ if (ioctl (fd, BTRFS_IOC_INO_LOOKUP, &args) < 0) -+ goto error; -+ -+ s = xasprintf ("%s%s", args.name, ret); -+ free (ret); -+ ret = s; -+ } -+ -+ if (old) -+ { -+ char *s = xasprintf ("%s/%s", ret, old); -+ free (ret); -+ free (old); -+ ret = s; -+ } -+ } -+ -+ close (fd); -+ return ret; -+ -+error: -+ -+ if (fd >= 0) -+ close (fd); -+ if (ret) -+ free (ret); -+ -+ return NULL; -+} -+ -+void (*grub_find_root_btrfs_mount_path_hook)(const char *mount_path); -+ - char ** - grub_find_root_devices_from_mountinfo (const char *dir, char **relroot) - { -@@ -519,12 +630,15 @@ again: - else if (grub_strcmp (entries[i].fstype, "btrfs") == 0) - { - ret = grub_find_root_devices_from_btrfs (dir); -- fs_prefix = get_btrfs_fs_prefix (entries[i].enc_path); - if (use_relative_path_on_btrfs) - { -- if (fs_prefix) -- free (fs_prefix); - fs_prefix = xstrdup ("/"); -+ if (grub_find_root_btrfs_mount_path_hook) -+ grub_find_root_btrfs_mount_path_hook (entries[i].enc_path); -+ } -+ else -+ { -+ fs_prefix = get_btrfs_fs_prefix (entries[i].enc_path); - } - } - else if (!retry && grub_strcmp (entries[i].fstype, "autofs") == 0) -@@ -1150,6 +1264,34 @@ grub_util_get_grub_dev_os (const char *os_dev) - return grub_dev; - } - -+ -+char * -+grub_util_get_btrfs_subvol (const char *path, char **mount_path) -+{ -+ char *mp = NULL; -+ -+ if (mount_path) -+ *mount_path = NULL; -+ -+ auto void -+ mount_path_hook (const char *m) -+ { -+ mp = strdup (m); -+ } -+ -+ grub_find_root_btrfs_mount_path_hook = mount_path_hook; -+ grub_free (grub_find_root_devices_from_mountinfo (path, NULL)); -+ grub_find_root_btrfs_mount_path_hook = NULL; -+ -+ if (!mp) -+ return NULL; -+ -+ if (mount_path) -+ *mount_path = mp; -+ -+ return get_btrfs_subvol (mp); -+} -+ - char * - grub_make_system_path_relative_to_its_root_os (const char *path) - { -diff --git a/util/grub-install.c b/util/grub-install.c -index 0f66f36d23..84ed6e88ec 100644 ---- a/util/grub-install.c -+++ b/util/grub-install.c -@@ -1569,6 +1569,55 @@ main (int argc, char *argv[]) - prefix_drive = xasprintf ("(%s)", grub_drives[0]); - } - -+#ifdef __linux__ -+ -+ if (config.is_suse_btrfs_snapshot_enabled -+ && grub_strncmp(grub_fs->name, "btrfs", sizeof ("btrfs") - 1) == 0) -+ { -+ char *subvol = NULL; -+ char *mount_path = NULL; -+ char **rootdir_devices = NULL; -+ char *rootdir_path = grub_util_path_concat (2, "/", rootdir); -+ -+ if (grub_util_is_directory (rootdir_path)) -+ rootdir_devices = grub_guess_root_devices (rootdir_path); -+ -+ free (rootdir_path); -+ -+ if (rootdir_devices && rootdir_devices[0]) -+ if (grub_strcmp (rootdir_devices[0], grub_devices[0]) == 0) -+ subvol = grub_util_get_btrfs_subvol (platdir, &mount_path); -+ -+ if (subvol && mount_path) -+ { -+ char *def_subvol; -+ -+ def_subvol = grub_util_get_btrfs_subvol ("/", NULL); -+ -+ if (def_subvol) -+ { -+ if (!load_cfg_f) -+ load_cfg_f = grub_util_fopen (load_cfg, "wb"); -+ have_load_cfg = 1; -+ -+ if (grub_strcmp (subvol, def_subvol) != 0) -+ fprintf (load_cfg_f, "btrfs-mount-subvol ($root) %s %s\n", mount_path, subvol); -+ free (def_subvol); -+ } -+ } -+ -+ for (curdev = rootdir_devices; *curdev; curdev++) -+ free (*curdev); -+ if (rootdir_devices) -+ free (rootdir_devices); -+ if (subvol) -+ free (subvol); -+ if (mount_path) -+ free (mount_path); -+ } -+ -+#endif -+ - char mkimage_target[200]; - const char *core_name = NULL; - -diff --git a/include/grub/emu/getroot.h b/include/grub/emu/getroot.h -index 73fa2d34ab..9c642ae3fe 100644 ---- a/include/grub/emu/getroot.h -+++ b/include/grub/emu/getroot.h -@@ -53,6 +53,11 @@ char ** - grub_find_root_devices_from_mountinfo (const char *dir, char **relroot); - #endif - -+#ifdef __linux__ -+char * -+grub_util_get_btrfs_subvol (const char *path, char **mount_path); -+#endif -+ - /* Devmapper functions provided by getroot_devmapper.c. */ - void - grub_util_pull_devmapper (const char *os_dev); diff --git a/SPECS/grub2/fedora/0047-Fallback-to-old-subvol-name-scheme-to-support-old-sn.patch b/SPECS/grub2/fedora/0047-Fallback-to-old-subvol-name-scheme-to-support-old-sn.patch deleted file mode 100644 index a5db09ae38..0000000000 --- a/SPECS/grub2/fedora/0047-Fallback-to-old-subvol-name-scheme-to-support-old-sn.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Andrei Borzenkov -Date: Tue, 21 Jun 2016 16:44:17 +0000 -Subject: [PATCH] Fallback to old subvol name scheme to support old snapshot - config - -Ref: bsc#953538 ---- - grub-core/fs/btrfs.c | 32 +++++++++++++++++++++++++++++++- - 1 file changed, 31 insertions(+), 1 deletion(-) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index d323746ecf..673ded0352 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -1260,11 +1260,41 @@ lookup_root_by_name(struct grub_btrfs_data *data, const char *path) - return GRUB_ERR_NONE; - } - -+static grub_err_t -+lookup_root_by_name_fallback(struct grub_btrfs_data *data, const char *path) -+{ -+ grub_err_t err; -+ grub_uint64_t tree = 0; -+ grub_uint8_t type; -+ struct grub_btrfs_key key; -+ -+ err = find_path (data, path, &key, &tree, &type); -+ if (err) -+ return grub_error(GRUB_ERR_FILE_NOT_FOUND, "couldn't locate %s\n", path); -+ -+ if (key.object_id != grub_cpu_to_le64_compile_time (GRUB_BTRFS_OBJECT_ID_CHUNK) || tree == 0) -+ return grub_error(GRUB_ERR_BAD_FILE_TYPE, "%s: not a subvolume\n", path); -+ -+ data->fs_tree = tree; -+ return GRUB_ERR_NONE; -+} -+ - static grub_err_t - btrfs_handle_subvol(struct grub_btrfs_data *data __attribute__ ((unused))) - { - if (btrfs_default_subvol) -- return lookup_root_by_name(data, btrfs_default_subvol); -+ { -+ grub_err_t err; -+ err = lookup_root_by_name(data, btrfs_default_subvol); -+ -+ /* Fallback to old schemes */ -+ if (err == GRUB_ERR_FILE_NOT_FOUND) -+ { -+ err = GRUB_ERR_NONE; -+ return lookup_root_by_name_fallback(data, btrfs_default_subvol); -+ } -+ return err; -+ } - - if (btrfs_default_subvolid) - return lookup_root_by_id(data, btrfs_default_subvolid); diff --git a/SPECS/grub2/fedora/0048-Grub-not-working-correctly-with-btrfs-snapshots-bsc-.patch b/SPECS/grub2/fedora/0048-Grub-not-working-correctly-with-btrfs-snapshots-bsc-.patch deleted file mode 100644 index 99c106d57b..0000000000 --- a/SPECS/grub2/fedora/0048-Grub-not-working-correctly-with-btrfs-snapshots-bsc-.patch +++ /dev/null @@ -1,274 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Thu, 11 May 2017 08:56:57 +0000 -Subject: [PATCH] Grub not working correctly with btrfs snapshots (bsc#1026511) - -Signed-off-by: Michael Chang -Signed-off-by: Robbie Harwood ---- - grub-core/fs/btrfs.c | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 238 insertions(+) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 673ded0352..2b21cbaa67 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -2887,6 +2887,238 @@ out: - return 0; - } - -+static grub_err_t -+grub_btrfs_get_parent_subvol_path (struct grub_btrfs_data *data, -+ grub_uint64_t child_id, -+ const char *child_path, -+ grub_uint64_t *parent_id, -+ char **path_out) -+{ -+ grub_uint64_t fs_root = 0; -+ struct grub_btrfs_key key_in = { -+ .object_id = child_id, -+ .type = GRUB_BTRFS_ITEM_TYPE_ROOT_BACKREF, -+ .offset = 0, -+ }, key_out; -+ struct grub_btrfs_root_ref *ref; -+ char *buf; -+ struct grub_btrfs_leaf_descriptor desc; -+ grub_size_t elemsize; -+ grub_disk_addr_t elemaddr; -+ grub_err_t err; -+ char *parent_path; -+ -+ *parent_id = 0; -+ *path_out = 0; -+ -+ err = lower_bound(data, &key_in, &key_out, data->sblock.root_tree, -+ &elemaddr, &elemsize, &desc, 0); -+ if (err) -+ return err; -+ -+ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_ROOT_BACKREF || elemaddr == 0) -+ next(data, &desc, &elemaddr, &elemsize, &key_out); -+ -+ if (key_out.type != GRUB_BTRFS_ITEM_TYPE_ROOT_BACKREF) -+ { -+ free_iterator(&desc); -+ return grub_error(GRUB_ERR_FILE_NOT_FOUND, N_("can't find root backrefs")); -+ } -+ -+ buf = grub_malloc(elemsize + 1); -+ if (!buf) -+ { -+ free_iterator(&desc); -+ return grub_errno; -+ } -+ -+ err = grub_btrfs_read_logical(data, elemaddr, buf, elemsize, 0); -+ if (err) -+ { -+ grub_free(buf); -+ free_iterator(&desc); -+ return err; -+ } -+ -+ buf[elemsize] = 0; -+ ref = (struct grub_btrfs_root_ref *)buf; -+ -+ err = get_fs_root(data, data->sblock.root_tree, grub_le_to_cpu64 (key_out.offset), -+ 0, &fs_root); -+ if (err) -+ { -+ grub_free(buf); -+ free_iterator(&desc); -+ return err; -+ } -+ -+ find_pathname(data, grub_le_to_cpu64 (ref->dirid), fs_root, ref->name, &parent_path); -+ -+ if (child_path) -+ { -+ *path_out = grub_xasprintf ("%s/%s", parent_path, child_path); -+ grub_free (parent_path); -+ } -+ else -+ *path_out = parent_path; -+ -+ *parent_id = grub_le_to_cpu64 (key_out.offset); -+ -+ grub_free(buf); -+ free_iterator(&desc); -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+grub_btrfs_get_default_subvolume_id (struct grub_btrfs_data *data, grub_uint64_t *id) -+{ -+ grub_err_t err; -+ grub_disk_addr_t elemaddr; -+ grub_size_t elemsize; -+ struct grub_btrfs_key key, key_out; -+ struct grub_btrfs_dir_item *direl = NULL; -+ const char *ctoken = "default"; -+ grub_size_t ctokenlen = sizeof ("default") - 1; -+ -+ *id = 0; -+ key.object_id = data->sblock.root_dir_objectid; -+ key.type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM; -+ key.offset = grub_cpu_to_le64 (~grub_getcrc32c (1, ctoken, ctokenlen)); -+ err = lower_bound (data, &key, &key_out, data->sblock.root_tree, &elemaddr, &elemsize, -+ NULL, 0); -+ if (err) -+ return err; -+ -+ if (key_cmp (&key, &key_out) != 0) -+ return grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("file not found")); -+ -+ struct grub_btrfs_dir_item *cdirel; -+ direl = grub_malloc (elemsize + 1); -+ err = grub_btrfs_read_logical (data, elemaddr, direl, elemsize, 0); -+ if (err) -+ { -+ grub_free (direl); -+ return err; -+ } -+ for (cdirel = direl; -+ (grub_uint8_t *) cdirel - (grub_uint8_t *) direl -+ < (grub_ssize_t) elemsize; -+ cdirel = (void *) ((grub_uint8_t *) (direl + 1) -+ + grub_le_to_cpu16 (cdirel->n) -+ + grub_le_to_cpu16 (cdirel->m))) -+ { -+ if (ctokenlen == grub_le_to_cpu16 (cdirel->n) -+ && grub_memcmp (cdirel->name, ctoken, ctokenlen) == 0) -+ break; -+ } -+ if ((grub_uint8_t *) cdirel - (grub_uint8_t *) direl -+ >= (grub_ssize_t) elemsize) -+ { -+ grub_free (direl); -+ err = grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("file not found")); -+ return err; -+ } -+ -+ if (cdirel->key.type != GRUB_BTRFS_ITEM_TYPE_ROOT_ITEM) -+ { -+ grub_free (direl); -+ err = grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("file not found")); -+ return err; -+ } -+ -+ *id = grub_le_to_cpu64 (cdirel->key.object_id); -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+grub_cmd_btrfs_get_default_subvol (struct grub_extcmd_context *ctxt, -+ int argc, char **argv) -+{ -+ char *devname; -+ grub_device_t dev; -+ struct grub_btrfs_data *data; -+ grub_err_t err; -+ grub_uint64_t id; -+ char *subvol = NULL; -+ grub_uint64_t subvolid = 0; -+ char *varname = NULL; -+ char *output = NULL; -+ int path_only = ctxt->state[1].set; -+ int num_only = ctxt->state[2].set; -+ -+ if (ctxt->state[0].set) -+ varname = ctxt->state[0].arg; -+ -+ if (argc < 1) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required"); -+ -+ devname = grub_file_get_device_name(argv[0]); -+ if (!devname) -+ return grub_errno; -+ -+ dev = grub_device_open (devname); -+ grub_free (devname); -+ if (!dev) -+ return grub_errno; -+ -+ data = grub_btrfs_mount(dev); -+ if (!data) -+ { -+ grub_device_close (dev); -+ grub_dprintf ("btrfs", "failed to open fs\n"); -+ grub_errno = GRUB_ERR_NONE; -+ return 0; -+ } -+ -+ err = grub_btrfs_get_default_subvolume_id (data, &subvolid); -+ if (err) -+ { -+ grub_btrfs_unmount (data); -+ grub_device_close (dev); -+ return err; -+ } -+ -+ id = subvolid; -+ while (id != GRUB_BTRFS_ROOT_VOL_OBJECTID) -+ { -+ grub_uint64_t parent_id; -+ char *path_out; -+ -+ err = grub_btrfs_get_parent_subvol_path (data, grub_cpu_to_le64 (id), subvol, &parent_id, &path_out); -+ if (err) -+ { -+ grub_btrfs_unmount (data); -+ grub_device_close (dev); -+ return err; -+ } -+ -+ if (subvol) -+ grub_free (subvol); -+ subvol = path_out; -+ id = parent_id; -+ } -+ -+ if (num_only && path_only) -+ output = grub_xasprintf ("%"PRIuGRUB_UINT64_T" /%s", subvolid, subvol); -+ else if (num_only) -+ output = grub_xasprintf ("%"PRIuGRUB_UINT64_T, subvolid); -+ else -+ output = grub_xasprintf ("/%s", subvol); -+ -+ if (varname) -+ grub_env_set(varname, output); -+ else -+ grub_printf ("%s\n", output); -+ -+ grub_free (output); -+ grub_free (subvol); -+ -+ grub_btrfs_unmount (data); -+ grub_device_close (dev); -+ -+ return GRUB_ERR_NONE; -+} -+ - static struct grub_fs grub_btrfs_fs = { - .name = "btrfs", - .fs_dir = grub_btrfs_dir, -@@ -2905,6 +3137,7 @@ static struct grub_fs grub_btrfs_fs = { - static grub_command_t cmd_info; - static grub_command_t cmd_mount_subvol; - static grub_extcmd_t cmd_list_subvols; -+static grub_extcmd_t cmd_get_default_subvol; - - static char * - subvolid_set_env (struct grub_env_var *var __attribute__ ((unused)), -@@ -2975,6 +3208,11 @@ GRUB_MOD_INIT (btrfs) - "[-p|-n] [-o var] DEVICE", - "Print list of BtrFS subvolumes on " - "DEVICE.", options); -+ cmd_get_default_subvol = grub_register_extcmd("btrfs-get-default-subvol", -+ grub_cmd_btrfs_get_default_subvol, 0, -+ "[-p|-n] [-o var] DEVICE", -+ "Print default BtrFS subvolume on " -+ "DEVICE.", options); - grub_register_variable_hook ("btrfs_subvol", subvol_get_env, - subvol_set_env); - grub_register_variable_hook ("btrfs_subvolid", subvolid_get_env, diff --git a/SPECS/grub2/fedora/0049-Add-grub_efi_allocate_pool-and-grub_efi_free_pool-wr.patch b/SPECS/grub2/fedora/0049-Add-grub_efi_allocate_pool-and-grub_efi_free_pool-wr.patch deleted file mode 100644 index d07dd27641..0000000000 --- a/SPECS/grub2/fedora/0049-Add-grub_efi_allocate_pool-and-grub_efi_free_pool-wr.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 1 Jun 2017 09:59:56 -0400 -Subject: [PATCH] Add grub_efi_allocate_pool() and grub_efi_free_pool() - wrappers. - -Signed-off-by: Peter Jones ---- - include/grub/efi/efi.h | 36 ++++++++++++++++++++++++++++++++---- - 1 file changed, 32 insertions(+), 4 deletions(-) - -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index 585fa6662b..03f9a9d011 100644 ---- a/include/grub/efi/efi.h -+++ b/include/grub/efi/efi.h -@@ -24,6 +24,10 @@ - #include - #include - -+/* Variables. */ -+extern grub_efi_system_table_t *EXPORT_VAR(grub_efi_system_table); -+extern grub_efi_handle_t EXPORT_VAR(grub_efi_image_handle); -+ - /* Functions. */ - void *EXPORT_FUNC(grub_efi_locate_protocol) (grub_efi_guid_t *protocol, - void *registration); -@@ -60,6 +64,33 @@ EXPORT_FUNC(grub_efi_get_memory_map) (grub_efi_uintn_t *memory_map_size, - grub_efi_uintn_t *descriptor_size, - grub_efi_uint32_t *descriptor_version); - void grub_efi_memory_fini (void); -+ -+static inline grub_efi_status_t -+__attribute__((__unused__)) -+grub_efi_allocate_pool (grub_efi_memory_type_t pool_type, -+ grub_efi_uintn_t buffer_size, -+ void **buffer) -+{ -+ grub_efi_boot_services_t *b; -+ grub_efi_status_t status; -+ -+ b = grub_efi_system_table->boot_services; -+ status = efi_call_3 (b->allocate_pool, pool_type, buffer_size, buffer); -+ return status; -+} -+ -+static inline grub_efi_status_t -+__attribute__((__unused__)) -+grub_efi_free_pool (void *buffer) -+{ -+ grub_efi_boot_services_t *b; -+ grub_efi_status_t status; -+ -+ b = grub_efi_system_table->boot_services; -+ status = efi_call_1 (b->free_pool, buffer); -+ return status; -+} -+ - grub_efi_loaded_image_t *EXPORT_FUNC(grub_efi_get_loaded_image) (grub_efi_handle_t image_handle); - void EXPORT_FUNC(grub_efi_print_device_path) (grub_efi_device_path_t *dp); - char *EXPORT_FUNC(grub_efi_get_filename) (grub_efi_device_path_t *dp); -@@ -115,10 +146,7 @@ void grub_efi_init (void); - void grub_efi_fini (void); - void grub_efi_set_prefix (void); - --/* Variables. */ --extern grub_efi_system_table_t *EXPORT_VAR(grub_efi_system_table); --extern grub_efi_handle_t EXPORT_VAR(grub_efi_image_handle); -- -+/* More variables. */ - extern int EXPORT_VAR(grub_efi_is_finished); - - struct grub_net_card; diff --git a/SPECS/grub2/fedora/0050-Use-grub_efi_.-memory-helpers-where-reasonable.patch b/SPECS/grub2/fedora/0050-Use-grub_efi_.-memory-helpers-where-reasonable.patch deleted file mode 100644 index 2a3d27b1fc..0000000000 --- a/SPECS/grub2/fedora/0050-Use-grub_efi_.-memory-helpers-where-reasonable.patch +++ /dev/null @@ -1,106 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 1 Jun 2017 10:06:38 -0400 -Subject: [PATCH] Use grub_efi_...() memory helpers where reasonable. - -This uses grub_efi_allocate_pool(), grub_efi_free_pool(), and -grub_efi_free_pages() instead of open-coded efi_call_N() calls, so we -get more reasonable type checking. - -Signed-off-by: Peter Jones ---- - grub-core/loader/efi/chainloader.c | 24 +++++++++--------------- - 1 file changed, 9 insertions(+), 15 deletions(-) - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 07c4937898..89ac84cc66 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -65,7 +65,7 @@ grub_chainloader_unload (void) - - b = grub_efi_system_table->boot_services; - efi_call_1 (b->unload_image, image_handle); -- efi_call_2 (b->free_pages, address, pages); -+ grub_efi_free_pages (address, pages); - - grub_free (file_path); - grub_free (cmdline); -@@ -108,7 +108,7 @@ grub_chainloader_boot (void) - } - - if (exit_data) -- efi_call_1 (b->free_pool, exit_data); -+ grub_efi_free_pool (exit_data); - - grub_loader_unset (); - -@@ -527,10 +527,9 @@ grub_efi_get_media_file_path (grub_efi_device_path_t *dp) - static grub_efi_boolean_t - handle_image (void *data, grub_efi_uint32_t datasize) - { -- grub_efi_boot_services_t *b; - grub_efi_loaded_image_t *li, li_bak; - grub_efi_status_t efi_status; -- char *buffer = NULL; -+ void *buffer = NULL; - char *buffer_aligned = NULL; - grub_efi_uint32_t i; - struct grub_pe32_section_table *section; -@@ -541,8 +540,6 @@ handle_image (void *data, grub_efi_uint32_t datasize) - int found_entry_point = 0; - int rc; - -- b = grub_efi_system_table->boot_services; -- - rc = read_header (data, datasize, &context); - if (rc < 0) - { -@@ -582,8 +579,8 @@ handle_image (void *data, grub_efi_uint32_t datasize) - grub_dprintf ("chain", "image size is %08"PRIxGRUB_UINT64_T", datasize is %08x\n", - context.image_size, datasize); - -- efi_status = efi_call_3 (b->allocate_pool, GRUB_EFI_LOADER_DATA, -- buffer_size, &buffer); -+ efi_status = grub_efi_allocate_pool (GRUB_EFI_LOADER_DATA, buffer_size, -+ &buffer); - - if (efi_status != GRUB_EFI_SUCCESS) - { -@@ -815,14 +812,14 @@ handle_image (void *data, grub_efi_uint32_t datasize) - - grub_dprintf ("chain", "entry_point returned %ld\n", efi_status); - grub_memcpy (li, &li_bak, sizeof (grub_efi_loaded_image_t)); -- efi_status = efi_call_1 (b->free_pool, buffer); -+ efi_status = grub_efi_free_pool (buffer); - - return 1; - - error_exit: - grub_dprintf ("chain", "error_exit: grub_errno: %d\n", grub_errno); - if (buffer) -- efi_call_1 (b->free_pool, buffer); -+ grub_efi_free_pool (buffer); - - return 0; - } -@@ -830,10 +827,7 @@ error_exit: - static grub_err_t - grub_secureboot_chainloader_unload (void) - { -- grub_efi_boot_services_t *b; -- -- b = grub_efi_system_table->boot_services; -- efi_call_2 (b->free_pages, address, pages); -+ grub_efi_free_pages (address, pages); - grub_free (file_path); - grub_free (cmdline); - cmdline = 0; -@@ -1100,7 +1094,7 @@ fail: - grub_free (file_path); - - if (address) -- efi_call_2 (b->free_pages, address, pages); -+ grub_efi_free_pages (address, pages); - - if (cmdline) - grub_free (cmdline); diff --git a/SPECS/grub2/fedora/0051-Add-PRIxGRUB_EFI_STATUS-and-use-it.patch b/SPECS/grub2/fedora/0051-Add-PRIxGRUB_EFI_STATUS-and-use-it.patch deleted file mode 100644 index f649c8c4ea..0000000000 --- a/SPECS/grub2/fedora/0051-Add-PRIxGRUB_EFI_STATUS-and-use-it.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 1 Jun 2017 10:07:50 -0400 -Subject: [PATCH] Add PRIxGRUB_EFI_STATUS and use it. - -This avoids syntax checkers getting confused about if it's llx or lx. - -Signed-off-by: Peter Jones ---- - grub-core/loader/efi/chainloader.c | 3 ++- - include/grub/efi/api.h | 9 +++++++++ - 2 files changed, 11 insertions(+), 1 deletion(-) - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 89ac84cc66..ac8dfd40c6 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -810,7 +810,8 @@ handle_image (void *data, grub_efi_uint32_t datasize) - efi_status = efi_call_2 (entry_point, grub_efi_image_handle, - grub_efi_system_table); - -- grub_dprintf ("chain", "entry_point returned %ld\n", efi_status); -+ grub_dprintf ("chain", "entry_point returned 0x%"PRIxGRUB_EFI_STATUS"\n", -+ efi_status); - grub_memcpy (li, &li_bak, sizeof (grub_efi_loaded_image_t)); - efi_status = grub_efi_free_pool (buffer); - -diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 117469450d..9962880147 100644 ---- a/include/grub/efi/api.h -+++ b/include/grub/efi/api.h -@@ -546,7 +546,16 @@ typedef grub_uint64_t grub_efi_uint64_t; - typedef grub_uint8_t grub_efi_char8_t; - typedef grub_uint16_t grub_efi_char16_t; - -+ - typedef grub_efi_uintn_t grub_efi_status_t; -+/* Make grub_efi_status_t reasonably printable. */ -+#if GRUB_CPU_SIZEOF_VOID_P == 8 -+#define PRIxGRUB_EFI_STATUS "lx" -+#define PRIdGRUB_EFI_STATUS "ld" -+#else -+#define PRIxGRUB_EFI_STATUS "llx" -+#define PRIdGRUB_EFI_STATUS "lld" -+#endif - - #define GRUB_EFI_ERROR_CODE(value) \ - ((((grub_efi_status_t) 1) << (sizeof (grub_efi_status_t) * 8 - 1)) | (value)) diff --git a/SPECS/grub2/fedora/0052-don-t-use-int-for-efi-status.patch b/SPECS/grub2/fedora/0052-don-t-use-int-for-efi-status.patch deleted file mode 100644 index 4d48e37635..0000000000 --- a/SPECS/grub2/fedora/0052-don-t-use-int-for-efi-status.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 26 Jun 2017 12:44:59 -0400 -Subject: [PATCH] don't use int for efi status - ---- - grub-core/kern/efi/efi.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 05d8237a9b..ae9885edb8 100644 ---- a/grub-core/kern/efi/efi.c -+++ b/grub-core/kern/efi/efi.c -@@ -167,7 +167,7 @@ grub_reboot (void) - void - grub_exit (int retval) - { -- int rc = GRUB_EFI_LOAD_ERROR; -+ grub_efi_status_t rc = GRUB_EFI_LOAD_ERROR; - - if (retval == 0) - rc = GRUB_EFI_SUCCESS; diff --git a/SPECS/grub2/fedora/0053-make-GRUB_MOD_INIT-declare-its-function-prototypes.patch b/SPECS/grub2/fedora/0053-make-GRUB_MOD_INIT-declare-its-function-prototypes.patch deleted file mode 100644 index fb71ea50f4..0000000000 --- a/SPECS/grub2/fedora/0053-make-GRUB_MOD_INIT-declare-its-function-prototypes.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 26 Jun 2017 12:46:23 -0400 -Subject: [PATCH] make GRUB_MOD_INIT() declare its function prototypes. - ---- - include/grub/dl.h | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/include/grub/dl.h b/include/grub/dl.h -index b3753c9ca2..91933b85f2 100644 ---- a/include/grub/dl.h -+++ b/include/grub/dl.h -@@ -54,6 +54,7 @@ grub_mod_fini (void) - - #define GRUB_MOD_INIT(name) \ - static void grub_mod_init (grub_dl_t mod __attribute__ ((unused))) __attribute__ ((used)); \ -+extern void grub_##name##_init (void); \ - void \ - grub_##name##_init (void) { grub_mod_init (0); } \ - static void \ -@@ -61,6 +62,7 @@ grub_mod_init (grub_dl_t mod __attribute__ ((unused))) - - #define GRUB_MOD_FINI(name) \ - static void grub_mod_fini (void) __attribute__ ((used)); \ -+extern void grub_##name##_fini (void); \ - void \ - grub_##name##_fini (void) { grub_mod_fini (); } \ - static void \ diff --git a/SPECS/grub2/fedora/0054-Don-t-guess-boot-efi-as-HFS-on-ppc-machines-in-grub-.patch b/SPECS/grub2/fedora/0054-Don-t-guess-boot-efi-as-HFS-on-ppc-machines-in-grub-.patch deleted file mode 100644 index ae8a8c688d..0000000000 --- a/SPECS/grub2/fedora/0054-Don-t-guess-boot-efi-as-HFS-on-ppc-machines-in-grub-.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 20 Apr 2017 13:29:06 -0400 -Subject: [PATCH] Don't guess /boot/efi/ as HFS+ on ppc machines in - grub-install - -This should never be trying this, and since we've consolidated the -grubenv to always be on /boot/efi/EFI/fedora/, this code causes it to -always make the wrong decision. - -Resolves: rhbz#1484474 - -Signed-off-by: Peter Jones ---- - util/grub-install.c | 12 +----------- - 1 file changed, 1 insertion(+), 11 deletions(-) - -diff --git a/util/grub-install.c b/util/grub-install.c -index 84ed6e88ec..a2bec7446c 100644 ---- a/util/grub-install.c -+++ b/util/grub-install.c -@@ -1190,18 +1190,8 @@ main (int argc, char *argv[]) - char *d; - - is_guess = 1; -- d = grub_util_path_concat (2, bootdir, "macppc"); -- if (!grub_util_is_directory (d)) -- { -- free (d); -- d = grub_util_path_concat (2, bootdir, "efi"); -- } - /* Find the Mac HFS(+) System Partition. */ -- if (!grub_util_is_directory (d)) -- { -- free (d); -- d = grub_util_path_concat (2, bootdir, "EFI"); -- } -+ d = grub_util_path_concat (2, bootdir, "macppc"); - if (!grub_util_is_directory (d)) - { - free (d); diff --git a/SPECS/grub2/fedora/0055-20_linux_xen-load-xen-or-multiboot-2-modules-as-need.patch b/SPECS/grub2/fedora/0055-20_linux_xen-load-xen-or-multiboot-2-modules-as-need.patch deleted file mode 100644 index cd58ff45a6..0000000000 --- a/SPECS/grub2/fedora/0055-20_linux_xen-load-xen-or-multiboot-2-modules-as-need.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 9 Jul 2019 14:31:19 +0200 -Subject: [PATCH] 20_linux_xen: load xen or multiboot{,2} modules as needed. - -Signed-off-by: Peter Jones ---- - util/grub.d/20_linux_xen.in | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in -index e9e73b815f..c23b064be6 100644 ---- a/util/grub.d/20_linux_xen.in -+++ b/util/grub.d/20_linux_xen.in -@@ -153,6 +153,7 @@ linux_entry_xsm () - else - xen_rm_opts="no-real-mode edd=off" - fi -+ insmod ${xen_module} - ${xen_loader} ${rel_xen_dirname}/${xen_basename} placeholder ${xen_args} \${xen_rm_opts} - echo '$(echo "$lmessage" | grub_quote)' - ${module_loader} ${rel_dirname}/${basename} placeholder root=${linux_root_device_thisversion} ro ${args} -@@ -166,6 +167,7 @@ EOF - done - sed "s/^/$submenu_indentation/" << EOF - echo '$(echo "$message" | grub_quote)' -+ insmod ${xen_module} - ${module_loader} --nounzip $(echo $initrd_path) - EOF - fi -@@ -253,13 +255,16 @@ while [ "x${xen_list}" != "x" ] ; do - echo " submenu '$(gettext_printf "Xen hypervisor, version %s" "${xen_version}" | grub_quote)' \$menuentry_id_option 'xen-hypervisor-$xen_version-$boot_device_id' {" - fi - if ($grub_file --is-arm64-efi $current_xen); then -+ xen_module="xen_boot" - xen_loader="xen_hypervisor" - module_loader="xen_module" - else - if ($grub_file --is-x86-multiboot2 $current_xen); then -+ xen_module="multiboot2" - xen_loader="multiboot2" - module_loader="module2" - else -+ xen_module="multiboot" - xen_loader="multiboot" - module_loader="module" - fi diff --git a/SPECS/grub2/fedora/0056-Make-pmtimer-tsc-calibration-not-take-51-seconds-to-.patch b/SPECS/grub2/fedora/0056-Make-pmtimer-tsc-calibration-not-take-51-seconds-to-.patch deleted file mode 100644 index beef0f3abe..0000000000 --- a/SPECS/grub2/fedora/0056-Make-pmtimer-tsc-calibration-not-take-51-seconds-to-.patch +++ /dev/null @@ -1,211 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 7 Nov 2017 17:12:17 -0500 -Subject: [PATCH] Make pmtimer tsc calibration not take 51 seconds to fail. - -On my laptop running at 2.4GHz, if I run a VM where tsc calibration -using pmtimer will fail presuming a broken pmtimer, it takes ~51 seconds -to do so (as measured with the stopwatch on my phone), with a tsc delta -of 0x1cd1c85300, or around 125 billion cycles. - -If instead of trying to wait for 5-200ms to show up on the pmtimer, we try -to wait for 5-200us, it decides it's broken in ~0x2626aa0 TSCs, aka ~2.4 -million cycles, or more or less instantly. - -Additionally, this reading the pmtimer was returning 0xffffffff anyway, -and that's obviously an invalid return. I've added a check for that and -0 so we don't bother waiting for the test if what we're seeing is dead -pins with no response at all. - -If "debug" is includes "pmtimer", you will see one of the following -three outcomes. If pmtimer gives all 0 or all 1 bits, you will see: - -kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 1 -kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 2 -kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 3 -kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 4 -kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 5 -kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 6 -kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 7 -kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 8 -kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 9 -kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 10 -kern/i386/tsc_pmtimer.c:78: timer is broken; giving up. - -This outcome was tested using qemu+kvm with UEFI (OVMF) firmware and -these options: -machine pc-q35-2.10 -cpu Broadwell-noTSX - -If pmtimer gives any other bit patterns but is not actually marching -forward fast enough to use for clock calibration, you will see: - -kern/i386/tsc_pmtimer.c:121: pmtimer delta is 0x0 (1904 iterations) -kern/i386/tsc_pmtimer.c:124: tsc delta is implausible: 0x2626aa0 - -This outcome was tested using grub compiled with GRUB_PMTIMER_IGNORE_BAD_READS -defined (so as not to trip the bad read test) using qemu+kvm with UEFI -(OVMF) firmware, and these options: -machine pc-q35-2.10 -cpu Broadwell-noTSX - -If pmtimer actually works, you'll see something like: - -kern/i386/tsc_pmtimer.c:121: pmtimer delta is 0x0 (1904 iterations) -kern/i386/tsc_pmtimer.c:124: tsc delta is implausible: 0x2626aa0 - -This outcome was tested using qemu+kvm with UEFI (OVMF) firmware, and -these options: -machine pc-i440fx-2.4 -cpu Broadwell-noTSX - -I've also tested this outcome on a real Intel Xeon E3-1275v3 on an Intel -Server Board S1200V3RPS using the SDV.RP.B8 "Release" build here: -https://firmware.intel.com/sites/default/files/UEFIDevKit_S1200RP_vB8.zip - -Signed-off-by: Peter Jones ---- - grub-core/kern/i386/tsc_pmtimer.c | 109 +++++++++++++++++++++++++++++++------- - 1 file changed, 89 insertions(+), 20 deletions(-) - -diff --git a/grub-core/kern/i386/tsc_pmtimer.c b/grub-core/kern/i386/tsc_pmtimer.c -index c9c3616997..ca15c3aacd 100644 ---- a/grub-core/kern/i386/tsc_pmtimer.c -+++ b/grub-core/kern/i386/tsc_pmtimer.c -@@ -28,40 +28,101 @@ - #include - #include - -+/* -+ * Define GRUB_PMTIMER_IGNORE_BAD_READS if you're trying to test a timer that's -+ * present but doesn't keep time well. -+ */ -+// #define GRUB_PMTIMER_IGNORE_BAD_READS -+ - grub_uint64_t - grub_pmtimer_wait_count_tsc (grub_port_t pmtimer, - grub_uint16_t num_pm_ticks) - { - grub_uint32_t start; -- grub_uint32_t last; -- grub_uint32_t cur, end; -+ grub_uint64_t cur, end; - grub_uint64_t start_tsc; - grub_uint64_t end_tsc; -- int num_iter = 0; -+ unsigned int num_iter = 0; -+#ifndef GRUB_PMTIMER_IGNORE_BAD_READS -+ int bad_reads = 0; -+#endif - -- start = grub_inl (pmtimer) & 0xffffff; -- last = start; -+ /* -+ * Some timers are 24-bit and some are 32-bit, but it doesn't make much -+ * difference to us. Caring which one we have isn't really worth it since -+ * the low-order digits will give us enough data to calibrate TSC. So just -+ * mask the top-order byte off. -+ */ -+ cur = start = grub_inl (pmtimer) & 0xffffffUL; - end = start + num_pm_ticks; - start_tsc = grub_get_tsc (); - while (1) - { -- cur = grub_inl (pmtimer) & 0xffffff; -- if (cur < last) -- cur |= 0x1000000; -- num_iter++; -+ cur &= 0xffffffffff000000ULL; -+ cur |= grub_inl (pmtimer) & 0xffffffUL; -+ -+ end_tsc = grub_get_tsc(); -+ -+#ifndef GRUB_PMTIMER_IGNORE_BAD_READS -+ /* -+ * If we get 10 reads in a row that are obviously dead pins, there's no -+ * reason to do this thousands of times. -+ */ -+ if (cur == 0xffffffUL || cur == 0) -+ { -+ bad_reads++; -+ grub_dprintf ("pmtimer", -+ "pmtimer: 0x%"PRIxGRUB_UINT64_T" bad_reads: %d\n", -+ cur, bad_reads); -+ grub_dprintf ("pmtimer", "timer is broken; giving up.\n"); -+ -+ if (bad_reads == 10) -+ return 0; -+ } -+#endif -+ -+ if (cur < start) -+ cur += 0x1000000; -+ - if (cur >= end) - { -- end_tsc = grub_get_tsc (); -+ grub_dprintf ("pmtimer", "pmtimer delta is 0x%"PRIxGRUB_UINT64_T"\n", -+ cur - start); -+ grub_dprintf ("pmtimer", "tsc delta is 0x%"PRIxGRUB_UINT64_T"\n", -+ end_tsc - start_tsc); - return end_tsc - start_tsc; - } -- /* Check for broken PM timer. -- 50000000 TSCs is between 5 ms (10GHz) and 200 ms (250 MHz) -- if after this time we still don't have 1 ms on pmtimer, then -- pmtimer is broken. -+ -+ /* -+ * Check for broken PM timer. 1ms at 10GHz should be 1E+7 TSCs; at -+ * 250MHz it should be 2.5E6. So if after 4E+7 TSCs on a 10GHz machine, -+ * we should have seen pmtimer show 4ms of change (i.e. cur =~ -+ * start+14320); on a 250MHz machine that should be 16ms (start+57280). -+ * If after this a time we still don't have 1ms on pmtimer, then pmtimer -+ * is broken. -+ * -+ * Likewise, if our code is perfectly efficient and introduces no delays -+ * whatsoever, on a 10GHz system we should see a TSC delta of 3580 in -+ * ~3580 iterations. On a 250MHz machine that should be ~900 iterations. -+ * -+ * With those factors in mind, there are two limits here. There's a hard -+ * limit here at 8x our desired pm timer delta, picked as an arbitrarily -+ * large value that's still not a lot of time to humans, because if we -+ * get that far this is either an implausibly fast machine or the pmtimer -+ * is not running. And there's another limit on 4x our 10GHz tsc delta -+ * without seeing cur converge on our target value. - */ -- if ((num_iter & 0xffffff) == 0 && grub_get_tsc () - start_tsc > 5000000) { -- return 0; -- } -+ if ((++num_iter > (grub_uint32_t)num_pm_ticks << 3UL) || -+ end_tsc - start_tsc > 40000000) -+ { -+ grub_dprintf ("pmtimer", -+ "pmtimer delta is 0x%"PRIxGRUB_UINT64_T" (%u iterations)\n", -+ cur - start, num_iter); -+ grub_dprintf ("pmtimer", -+ "tsc delta is implausible: 0x%"PRIxGRUB_UINT64_T"\n", -+ end_tsc - start_tsc); -+ return 0; -+ } - } - } - -@@ -74,12 +135,20 @@ grub_tsc_calibrate_from_pmtimer (void) - - fadt = grub_acpi_find_fadt (); - if (!fadt) -- return 0; -+ { -+ grub_dprintf ("pmtimer", "No FADT found; not using pmtimer.\n"); -+ return 0; -+ } - pmtimer = fadt->pmtimer; - if (!pmtimer) -- return 0; -+ { -+ grub_dprintf ("pmtimer", "FADT does not specify pmtimer; skipping.\n"); -+ return 0; -+ } - -- /* It's 3.579545 MHz clock. Wait 1 ms. */ -+ /* -+ * It's 3.579545 MHz clock. Wait 1 ms. -+ */ - tsc_diff = grub_pmtimer_wait_count_tsc (pmtimer, 3580); - if (tsc_diff == 0) - return 0; diff --git a/SPECS/grub2/fedora/0057-align-struct-efi_variable-better.patch b/SPECS/grub2/fedora/0057-align-struct-efi_variable-better.patch deleted file mode 100644 index 361cb1308b..0000000000 --- a/SPECS/grub2/fedora/0057-align-struct-efi_variable-better.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 27 Feb 2018 13:55:35 -0500 -Subject: [PATCH] align struct efi_variable better... - ---- - include/grub/efiemu/runtime.h | 2 +- - include/grub/types.h | 1 + - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/include/grub/efiemu/runtime.h b/include/grub/efiemu/runtime.h -index 36d2dedf47..9d93ba88ba 100644 ---- a/include/grub/efiemu/runtime.h -+++ b/include/grub/efiemu/runtime.h -@@ -33,5 +33,5 @@ struct efi_variable - grub_uint32_t namelen; - grub_uint32_t size; - grub_efi_uint32_t attributes; --} GRUB_PACKED; -+} GRUB_PACKED GRUB_ALIGNED(8); - #endif /* ! GRUB_EFI_EMU_RUNTIME_HEADER */ -diff --git a/include/grub/types.h b/include/grub/types.h -index 0a3ff15913..ba446d9904 100644 ---- a/include/grub/types.h -+++ b/include/grub/types.h -@@ -29,6 +29,7 @@ - #else - #define GRUB_PACKED __attribute__ ((packed)) - #endif -+#define GRUB_ALIGNED(x) __attribute__((aligned (x))) - - #ifdef GRUB_BUILD - # define GRUB_CPU_SIZEOF_VOID_P BUILD_SIZEOF_VOID_P diff --git a/SPECS/grub2/fedora/0059-Don-t-attempt-to-backtrace-on-grub_abort-for-grub-em.patch b/SPECS/grub2/fedora/0059-Don-t-attempt-to-backtrace-on-grub_abort-for-grub-em.patch deleted file mode 100644 index 1ac900c18a..0000000000 --- a/SPECS/grub2/fedora/0059-Don-t-attempt-to-backtrace-on-grub_abort-for-grub-em.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Tue, 6 Feb 2018 11:16:28 +0100 -Subject: [PATCH] Don't attempt to backtrace on grub_abort() for grub-emu - -The emu platform doesn't have a grub_backtrace() implementation, so this -causes a build error. Don't attempt to call this when building grub-emu. - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/kern/misc.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index a3e215155b..c60601b699 100644 ---- a/grub-core/kern/misc.c -+++ b/grub-core/kern/misc.c -@@ -1201,7 +1201,7 @@ static void __attribute__ ((noreturn)) - grub_abort (void) - { - #ifndef GRUB_UTIL --#if defined(__i386__) || defined(__x86_64__) -+#if (defined(__i386__) || defined(__x86_64__)) && !defined(GRUB_MACHINE_EMU) - grub_backtrace(); - #endif - #endif diff --git a/SPECS/grub2/fedora/0060-Add-linux-and-initrd-commands-for-grub-emu.patch b/SPECS/grub2/fedora/0060-Add-linux-and-initrd-commands-for-grub-emu.patch deleted file mode 100644 index 419fde38a1..0000000000 --- a/SPECS/grub2/fedora/0060-Add-linux-and-initrd-commands-for-grub-emu.patch +++ /dev/null @@ -1,350 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Raymund Will -Date: Tue, 6 Feb 2018 09:09:00 +0100 -Subject: [PATCH] Add linux and initrd commands for grub-emu - -When using grub-emu, the linux and initrd commands are used as arguments -to the kexec command line tool, to allow booting the selected menu entry. - -Signed-off-by: Raymund Will -Signed-off-by: Robbie Harwood ---- - grub-core/Makefile.core.def | 1 - - grub-core/kern/emu/main.c | 4 + - grub-core/kern/emu/misc.c | 18 ++++- - grub-core/loader/emu/linux.c | 172 +++++++++++++++++++++++++++++++++++++++++++ - include/grub/emu/exec.h | 4 +- - include/grub/emu/hostfile.h | 3 +- - include/grub/emu/misc.h | 3 + - grub-core/Makefile.am | 1 + - 8 files changed, 202 insertions(+), 4 deletions(-) - create mode 100644 grub-core/loader/emu/linux.c - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 058c88ac3a..5354f9613d 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -1826,7 +1826,6 @@ module = { - - common = loader/linux.c; - common = lib/cmdline.c; -- enable = noemu; - - efi = loader/efi/linux.c; - }; -diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c -index 55ea5a11cc..846fe9715e 100644 ---- a/grub-core/kern/emu/main.c -+++ b/grub-core/kern/emu/main.c -@@ -107,6 +107,7 @@ static struct argp_option options[] = { - N_("use GRUB files in the directory DIR [default=%s]"), 0}, - {"verbose", 'v', 0, 0, N_("print verbose messages."), 0}, - {"hold", 'H', N_("SECS"), OPTION_ARG_OPTIONAL, N_("wait until a debugger will attach"), 0}, -+ {"kexec", 'X', 0, 0, N_("try the untryable."), 0}, - { 0, 0, 0, 0, 0, 0 } - }; - -@@ -164,6 +165,9 @@ argp_parser (int key, char *arg, struct argp_state *state) - case 'v': - verbosity++; - break; -+ case 'X': -+ grub_util_set_kexecute(); -+ break; - - case ARGP_KEY_ARG: - { -diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c -index 0ff13bcaf8..eeea092752 100644 ---- a/grub-core/kern/emu/misc.c -+++ b/grub-core/kern/emu/misc.c -@@ -39,6 +39,7 @@ - #include - - int verbosity; -+int kexecute; - - void - grub_util_warn (const char *fmt, ...) -@@ -82,7 +83,7 @@ grub_util_error (const char *fmt, ...) - vfprintf (stderr, fmt, ap); - va_end (ap); - fprintf (stderr, ".\n"); -- exit (1); -+ grub_exit (1); - } - - void * -@@ -154,6 +155,9 @@ void - __attribute__ ((noreturn)) - grub_exit (int rc) - { -+#if defined (GRUB_KERNEL) -+ grub_reboot(); -+#endif - exit (rc < 0 ? 1 : rc); - } - #endif -@@ -215,3 +219,15 @@ grub_util_load_image (const char *path, char *buf) - - fclose (fp); - } -+ -+void -+grub_util_set_kexecute(void) -+{ -+ kexecute++; -+} -+ -+int -+grub_util_get_kexecute(void) -+{ -+ return kexecute; -+} -diff --git a/grub-core/loader/emu/linux.c b/grub-core/loader/emu/linux.c -new file mode 100644 -index 0000000000..fda9e00d24 ---- /dev/null -+++ b/grub-core/loader/emu/linux.c -@@ -0,0 +1,172 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+#include -+#include -+ -+#include -+#include -+#include -+ -+GRUB_MOD_LICENSE ("GPLv3+"); -+ -+static grub_dl_t my_mod; -+ -+static char *kernel_path; -+static char *initrd_path; -+static char *boot_cmdline; -+ -+static grub_err_t -+grub_linux_boot (void) -+{ -+ grub_err_t rc = GRUB_ERR_NONE; -+ char *initrd_param; -+ const char *kexec[] = { "kexec", "-l", kernel_path, boot_cmdline, NULL, NULL }; -+ const char *systemctl[] = { "systemctl", "kexec", NULL }; -+ int kexecute = grub_util_get_kexecute(); -+ -+ if (initrd_path) { -+ initrd_param = grub_xasprintf("--initrd=%s", initrd_path); -+ kexec[3] = initrd_param; -+ kexec[4] = boot_cmdline; -+ } else { -+ initrd_param = grub_xasprintf("%s", ""); -+ } -+ -+ grub_printf("%serforming 'kexec -l %s %s %s'\n", -+ (kexecute) ? "P" : "Not p", -+ kernel_path, initrd_param, boot_cmdline); -+ -+ if (kexecute) -+ rc = grub_util_exec(kexec); -+ -+ grub_free(initrd_param); -+ -+ if (rc != GRUB_ERR_NONE) { -+ grub_error (rc, N_("Error trying to perform kexec load operation.")); -+ grub_sleep (3); -+ return rc; -+ } -+ if (kexecute < 1) -+ grub_fatal (N_("Use '"PACKAGE"-emu --kexec' to force a system restart.")); -+ -+ grub_printf("Performing 'systemctl kexec' (%s) ", -+ (kexecute==1) ? "do-or-die" : "just-in-case"); -+ rc = grub_util_exec (systemctl); -+ -+ if (kexecute == 1) -+ grub_fatal (N_("Error trying to perform 'systemctl kexec'")); -+ -+ /* need to check read-only root before resetting hard!? */ -+ grub_printf("Performing 'kexec -e'"); -+ kexec[1] = "-e"; -+ kexec[2] = NULL; -+ rc = grub_util_exec(kexec); -+ if ( rc != GRUB_ERR_NONE ) -+ grub_fatal (N_("Error trying to directly perform 'kexec -e'.")); -+ -+ return rc; -+} -+ -+static grub_err_t -+grub_linux_unload (void) -+{ -+ grub_dl_unref (my_mod); -+ if ( boot_cmdline != NULL ) -+ grub_free (boot_cmdline); -+ boot_cmdline = NULL; -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), int argc, char *argv[]) -+{ -+ int i; -+ char *tempstr; -+ -+ grub_dl_ref (my_mod); -+ -+ if (argc == 0) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -+ -+ if ( !grub_util_is_regular(argv[0]) ) -+ return grub_error(GRUB_ERR_FILE_NOT_FOUND, N_("Cannot find kernel file %s"), argv[0]); -+ -+ if ( kernel_path != NULL ) -+ grub_free(kernel_path); -+ -+ kernel_path = grub_xasprintf("%s", argv[0]); -+ -+ if ( boot_cmdline != NULL ) { -+ grub_free(boot_cmdline); -+ boot_cmdline = NULL; -+ } -+ -+ if ( argc > 1 ) -+ { -+ boot_cmdline = grub_xasprintf("--command-line=%s", argv[1]); -+ for ( i = 2; i < argc; i++ ) { -+ tempstr = grub_xasprintf("%s %s", boot_cmdline, argv[i]); -+ grub_free(boot_cmdline); -+ boot_cmdline = tempstr; -+ } -+ } -+ -+ grub_loader_set (grub_linux_boot, grub_linux_unload, 0); -+ -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), int argc, char *argv[]) -+{ -+ if (argc == 0) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -+ -+ if ( !grub_util_is_regular(argv[0]) ) -+ return grub_error(GRUB_ERR_FILE_NOT_FOUND, N_("Cannot find initrd file %s"), argv[0]); -+ -+ if ( initrd_path != NULL ) -+ grub_free(initrd_path); -+ -+ initrd_path = grub_xasprintf("%s", argv[0]); -+ -+ grub_dl_unref (my_mod); -+ -+ return GRUB_ERR_NONE; -+} -+ -+static grub_command_t cmd_linux, cmd_initrd; -+ -+GRUB_MOD_INIT(linux) -+{ -+ cmd_linux = grub_register_command ("linux", grub_cmd_linux, 0, N_("Load Linux.")); -+ cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd, 0, N_("Load initrd.")); -+ my_mod = mod; -+ kernel_path = NULL; -+ initrd_path = NULL; -+ boot_cmdline = NULL; -+} -+ -+GRUB_MOD_FINI(linux) -+{ -+ grub_unregister_command (cmd_linux); -+ grub_unregister_command (cmd_initrd); -+} -diff --git a/include/grub/emu/exec.h b/include/grub/emu/exec.h -index d1073ef86a..1b61b4a2e5 100644 ---- a/include/grub/emu/exec.h -+++ b/include/grub/emu/exec.h -@@ -23,6 +23,8 @@ - #include - - #include -+#include -+ - pid_t - grub_util_exec_pipe (const char *const *argv, int *fd); - pid_t -@@ -32,7 +34,7 @@ int - grub_util_exec_redirect_all (const char *const *argv, const char *stdin_file, - const char *stdout_file, const char *stderr_file); - int --grub_util_exec (const char *const *argv); -+EXPORT_FUNC(grub_util_exec) (const char *const *argv); - int - grub_util_exec_redirect (const char *const *argv, const char *stdin_file, - const char *stdout_file); -diff --git a/include/grub/emu/hostfile.h b/include/grub/emu/hostfile.h -index cfb1e2b566..a61568e36e 100644 ---- a/include/grub/emu/hostfile.h -+++ b/include/grub/emu/hostfile.h -@@ -22,6 +22,7 @@ - #include - #include - #include -+#include - #include - - int -@@ -29,7 +30,7 @@ grub_util_is_directory (const char *path); - int - grub_util_is_special_file (const char *path); - int --grub_util_is_regular (const char *path); -+EXPORT_FUNC(grub_util_is_regular) (const char *path); - - char * - grub_util_path_concat (size_t n, ...); -diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h -index ff9c48a649..01056954b9 100644 ---- a/include/grub/emu/misc.h -+++ b/include/grub/emu/misc.h -@@ -57,6 +57,9 @@ void EXPORT_FUNC(grub_util_warn) (const char *fmt, ...) __attribute__ ((format ( - void EXPORT_FUNC(grub_util_info) (const char *fmt, ...) __attribute__ ((format (GNU_PRINTF, 1, 2))); - void EXPORT_FUNC(grub_util_error) (const char *fmt, ...) __attribute__ ((format (GNU_PRINTF, 1, 2), noreturn)); - -+void EXPORT_FUNC(grub_util_set_kexecute) (void); -+int EXPORT_FUNC(grub_util_get_kexecute) (void) WARN_UNUSED_RESULT; -+ - grub_uint64_t EXPORT_FUNC (grub_util_get_cpu_time_ms) (void); - - #ifdef HAVE_DEVICE_MAPPER -diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am -index ee88e44e97..80e7a83edf 100644 ---- a/grub-core/Makefile.am -+++ b/grub-core/Makefile.am -@@ -307,6 +307,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/net.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/hostdisk.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/hostfile.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/extcmd.h -+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/emu/exec.h - if COND_GRUB_EMU_SDL - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/sdl.h - endif diff --git a/SPECS/grub2/fedora/0062-make-better-backtraces.patch b/SPECS/grub2/fedora/0062-make-better-backtraces.patch deleted file mode 100644 index e6ae4e9615..0000000000 --- a/SPECS/grub2/fedora/0062-make-better-backtraces.patch +++ /dev/null @@ -1,910 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 9 Jul 2019 17:05:03 +0200 -Subject: [PATCH] make better backtraces - -Signed-off-by: Peter Jones ---- - Makefile.util.def | 6 ++ - grub-core/Makefile.core.def | 16 ++-- - grub-core/{lib => commands}/backtrace.c | 2 +- - grub-core/gdb/cstub.c | 1 - - grub-core/kern/arm64/backtrace.c | 94 ++++++++++++++++++++++++ - grub-core/kern/backtrace.c | 97 +++++++++++++++++++++++++ - grub-core/kern/dl.c | 45 ++++++++++++ - grub-core/kern/i386/backtrace.c | 125 ++++++++++++++++++++++++++++++++ - grub-core/kern/i386/pc/init.c | 4 +- - grub-core/kern/ieee1275/init.c | 1 - - grub-core/kern/misc.c | 13 ++-- - grub-core/kern/mm.c | 6 +- - grub-core/lib/arm64/backtrace.c | 62 ---------------- - grub-core/lib/i386/backtrace.c | 78 -------------------- - include/grub/backtrace.h | 10 ++- - include/grub/dl.h | 2 + - include/grub/kernel.h | 3 + - grub-core/kern/arm/efi/startup.S | 2 + - grub-core/kern/arm/startup.S | 2 + - grub-core/kern/arm64/efi/startup.S | 2 + - grub-core/kern/i386/qemu/startup.S | 3 +- - grub-core/kern/ia64/efi/startup.S | 3 +- - grub-core/kern/sparc64/ieee1275/crt0.S | 3 +- - grub-core/Makefile.am | 1 + - 24 files changed, 414 insertions(+), 167 deletions(-) - rename grub-core/{lib => commands}/backtrace.c (98%) - create mode 100644 grub-core/kern/arm64/backtrace.c - create mode 100644 grub-core/kern/backtrace.c - create mode 100644 grub-core/kern/i386/backtrace.c - delete mode 100644 grub-core/lib/arm64/backtrace.c - delete mode 100644 grub-core/lib/i386/backtrace.c - -diff --git a/Makefile.util.def b/Makefile.util.def -index 88f55e35c4..bda9fd1211 100644 ---- a/Makefile.util.def -+++ b/Makefile.util.def -@@ -51,6 +51,12 @@ library = { - common = grub-core/partmap/msdos.c; - common = grub-core/fs/proc.c; - common = grub-core/fs/archelp.c; -+ common = grub-core/kern/backtrace.c; -+ -+ x86 = grub-core/kern/i386/backtrace.c; -+ i386_xen = grub-core/kern/i386/backtrace.c; -+ x86_64_xen = grub-core/kern/i386/backtrace.c; -+ arm64 = grub-core/kern/arm64/backtrace.c; - }; - - library = { -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 5354f9613d..4b7c45a7b0 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -142,6 +142,12 @@ kernel = { - common = kern/rescue_reader.c; - common = kern/term.c; - common = kern/verifiers.c; -+ common = kern/backtrace.c; -+ -+ x86 = kern/i386/backtrace.c; -+ i386_xen = kern/i386/backtrace.c; -+ x86_64_xen = kern/i386/backtrace.c; -+ arm64 = kern/arm64/backtrace.c; - - noemu = kern/compiler-rt.c; - noemu = kern/mm.c; -@@ -188,9 +194,6 @@ kernel = { - - softdiv = lib/division.c; - -- x86 = lib/i386/backtrace.c; -- x86 = lib/backtrace.c; -- - i386 = kern/i386/dl.c; - i386_xen = kern/i386/dl.c; - i386_xen_pvh = kern/i386/dl.c; -@@ -2398,15 +2401,12 @@ module = { - - module = { - name = backtrace; -- x86 = lib/i386/backtrace.c; -- i386_xen_pvh = lib/i386/backtrace.c; -- i386_xen = lib/i386/backtrace.c; -- x86_64_xen = lib/i386/backtrace.c; -- common = lib/backtrace.c; -+ common = commands/backtrace.c; - enable = x86; - enable = i386_xen_pvh; - enable = i386_xen; - enable = x86_64_xen; -+ enable = arm64; - }; - - module = { -diff --git a/grub-core/lib/backtrace.c b/grub-core/commands/backtrace.c -similarity index 98% -rename from grub-core/lib/backtrace.c -rename to grub-core/commands/backtrace.c -index c0ad6ab8be..8b5ec3913b 100644 ---- a/grub-core/lib/backtrace.c -+++ b/grub-core/commands/backtrace.c -@@ -54,7 +54,7 @@ grub_cmd_backtrace (grub_command_t cmd __attribute__ ((unused)), - int argc __attribute__ ((unused)), - char **args __attribute__ ((unused))) - { -- grub_backtrace (); -+ grub_backtrace (1); - return 0; - } - -diff --git a/grub-core/gdb/cstub.c b/grub-core/gdb/cstub.c -index b64acd70fe..99281472d3 100644 ---- a/grub-core/gdb/cstub.c -+++ b/grub-core/gdb/cstub.c -@@ -215,7 +215,6 @@ grub_gdb_trap (int trap_no) - grub_printf ("Unhandled exception 0x%x at ", trap_no); - grub_backtrace_print_address ((void *) grub_gdb_regs[PC]); - grub_printf ("\n"); -- grub_backtrace_pointer ((void *) grub_gdb_regs[EBP]); - grub_fatal ("Unhandled exception"); - } - -diff --git a/grub-core/kern/arm64/backtrace.c b/grub-core/kern/arm64/backtrace.c -new file mode 100644 -index 0000000000..019c6fdfef ---- /dev/null -+++ b/grub-core/kern/arm64/backtrace.c -@@ -0,0 +1,94 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2009 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#define MAX_STACK_FRAME 102400 -+ -+struct fplr -+{ -+ void *lr; -+ struct fplr *fp; -+}; -+ -+void -+grub_backtrace_pointer (void *frame, unsigned int skip) -+{ -+ unsigned int x = 0; -+ struct fplr *fplr = (struct fplr *)frame; -+ -+ while (fplr) -+ { -+ const char *name = NULL; -+ char *addr = NULL; -+ -+ grub_dprintf("backtrace", "fp is %p next_fp is %p\n", -+ fplr, fplr->fp); -+ -+ if (x >= skip) -+ { -+ name = grub_get_symbol_by_addr (fplr->lr, 1); -+ if (name) -+ addr = grub_resolve_symbol (name); -+ grub_backtrace_print_address (fplr->lr); -+ -+ if (addr && addr != fplr->lr) -+ grub_printf (" %s() %p+%p \n", name ? name : "unknown", addr, -+ (void *)((grub_uint64_t)fplr->lr - (grub_uint64_t)addr)); -+ else -+ grub_printf(" %s() %p \n", name ? name : "unknown", addr); -+ -+ } -+ -+ x += 1; -+ -+ if (fplr->fp < fplr || -+ (grub_uint64_t)fplr->fp - (grub_uint64_t)fplr > MAX_STACK_FRAME || -+ fplr->fp == fplr) -+ { -+ break; -+ } -+ fplr = fplr->fp; -+ } -+} -+ -+asm ("\t.global \"_text\"\n" -+ "_text:\n" -+ "\t.quad .text\n" -+ "\t.global \"_data\"\n" -+ "_data:\n" -+ "\t.quad .data\n" -+ ); -+ -+extern grub_uint64_t _text; -+extern grub_uint64_t _data; -+ -+void -+grub_backtrace_arch (unsigned int skip) -+{ -+ grub_printf ("Backtrace (.text %p .data %p):\n", -+ (void *)_text, (void *)_data); -+ skip += 1; -+ grub_backtrace_pointer(__builtin_frame_address(0), skip); -+} -diff --git a/grub-core/kern/backtrace.c b/grub-core/kern/backtrace.c -new file mode 100644 -index 0000000000..4a82e865cc ---- /dev/null -+++ b/grub-core/kern/backtrace.c -@@ -0,0 +1,97 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2009 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+GRUB_MOD_LICENSE ("GPLv3+"); -+ -+static void -+grub_backtrace_print_address_default (void *addr) -+{ -+#ifndef GRUB_UTIL -+ grub_dl_t mod; -+ void *start_addr; -+ -+ FOR_DL_MODULES (mod) -+ { -+ grub_dl_segment_t segment; -+ for (segment = mod->segment; segment; segment = segment->next) -+ if (segment->addr <= addr && (grub_uint8_t *) segment->addr -+ + segment->size > (grub_uint8_t *) addr) -+ { -+ grub_printf ("%s.%x+%" PRIxGRUB_SIZE, mod->name, -+ segment->section, -+ (grub_size_t) -+ ((grub_uint8_t *)addr - (grub_uint8_t *)segment->addr)); -+ return; -+ } -+ } -+ -+ start_addr = grub_resolve_symbol ("_start"); -+ if (start_addr && start_addr < addr) -+ grub_printf ("kernel+%" PRIxGRUB_SIZE, -+ (grub_size_t) -+ ((grub_uint8_t *)addr - (grub_uint8_t *)start_addr)); -+ else -+#endif -+ grub_printf ("%p", addr); -+} -+ -+static void -+grub_backtrace_pointer_default (void *frame __attribute__((__unused__)), -+ unsigned int skip __attribute__((__unused__))) -+{ -+ return; -+} -+ -+void -+grub_backtrace_pointer (void *frame, unsigned int skip) -+ __attribute__((__weak__, -+ __alias__(("grub_backtrace_pointer_default")))); -+ -+void -+grub_backtrace_print_address (void *addr) -+ __attribute__((__weak__, -+ __alias__(("grub_backtrace_print_address_default")))); -+ -+static void -+grub_backtrace_arch_default(unsigned int skip) -+{ -+ grub_backtrace_pointer(__builtin_frame_address(0), skip + 1); -+} -+ -+void grub_backtrace_arch (unsigned int skip) -+ __attribute__((__weak__, __alias__(("grub_backtrace_arch_default")))); -+ -+void grub_backtrace (unsigned int skip) -+{ -+ grub_backtrace_arch(skip + 1); -+} -+ -+void grub_debug_backtrace (const char * const debug, -+ unsigned int skip) -+{ -+ if (grub_debug_enabled (debug)) -+ grub_backtrace (skip + 1); -+} -diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 7afb9e6f72..88d2077709 100644 ---- a/grub-core/kern/dl.c -+++ b/grub-core/kern/dl.c -@@ -124,6 +124,50 @@ grub_dl_resolve_symbol (const char *name) - return 0; - } - -+void * -+grub_resolve_symbol (const char *name) -+{ -+ grub_symbol_t sym; -+ -+ sym = grub_dl_resolve_symbol (name); -+ if (sym) -+ return sym->addr; -+ return NULL; -+} -+ -+const char * -+grub_get_symbol_by_addr(const void *addr, int isfunc) -+{ -+ unsigned int i; -+ grub_symbol_t before = NULL, after = NULL; -+ for (i = 0; i < GRUB_SYMTAB_SIZE; i++) -+ { -+ grub_symbol_t sym; -+ for (sym = grub_symtab[i]; sym; sym = sym->next) -+ { -+ //grub_printf ("addr 0x%08llx symbol %s\n", (unsigned long long)sym->addr, sym->name); -+ if (sym->addr > addr) -+ { -+ if (!after || sym->addr > after->addr) -+ after = sym; -+ } -+ -+ if (isfunc != sym->isfunc) -+ continue; -+ if (sym->addr > addr) -+ continue; -+ -+ if ((!before && sym->addr <= addr) || (before && before->addr <= sym->addr)) -+ before = sym; -+ } -+ } -+ -+ if (before && addr < after->addr) -+ return before->name; -+ -+ return NULL; -+} -+ - /* Register a symbol with the name NAME and the address ADDR. */ - grub_err_t - grub_dl_register_symbol (const char *name, void *addr, int isfunc, -@@ -336,6 +380,7 @@ grub_dl_resolve_symbols (grub_dl_t mod, Elf_Ehdr *e) - const char *str; - Elf_Word size, entsize; - -+ grub_dprintf ("modules", "Resolving symbols for \"%s\"\n", mod->name); - for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); - i < e->e_shnum; - i++, s = (Elf_Shdr *) ((char *) s + e->e_shentsize)) -diff --git a/grub-core/kern/i386/backtrace.c b/grub-core/kern/i386/backtrace.c -new file mode 100644 -index 0000000000..2413f9a57d ---- /dev/null -+++ b/grub-core/kern/i386/backtrace.c -@@ -0,0 +1,125 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2009 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#define MAX_STACK_FRAME 102400 -+ -+void -+grub_backtrace_pointer (void *frame, unsigned int skip) -+{ -+ void **ebp = (void **)frame; -+ unsigned long x = 0; -+ -+ while (ebp) -+ { -+ void **next_ebp = (void **)ebp[0]; -+ const char *name = NULL; -+ char *addr = NULL; -+ -+ grub_dprintf("backtrace", "ebp is %p next_ebp is %p\n", ebp, next_ebp); -+ -+ if (x >= skip) -+ { -+ name = grub_get_symbol_by_addr (ebp[1], 1); -+ if (name) -+ addr = grub_resolve_symbol (name); -+ grub_backtrace_print_address (ebp[1]); -+ -+ if (addr && addr != ebp[1]) -+ grub_printf (" %s() %p+%p \n", name ? name : "unknown", addr, -+ (char *)((char *)ebp[1] - addr)); -+ else -+ grub_printf(" %s() %p \n", name ? name : "unknown", addr); -+ -+#if 0 -+ grub_printf ("("); -+ for (i = 0, arg = ebp[2]; arg != next_ebp && i < 12; arg++, i++) -+ grub_printf ("%p,", arg); -+ grub_printf (")\n"); -+#endif -+ } -+ -+ x += 1; -+ -+ if (next_ebp < ebp || next_ebp - ebp > MAX_STACK_FRAME || next_ebp == ebp) -+ { -+ //grub_printf ("Invalid stack frame at %p (%p)\n", ebp, next_ebp); -+ break; -+ } -+ ebp = next_ebp; -+ } -+} -+ -+#if defined (__x86_64__) -+asm ("\t.global \"_text\"\n" -+ "_text:\n" -+ "\t.quad .text\n" -+ "\t.global \"_data\"\n" -+ "_data:\n" -+ "\t.quad .data\n" -+ ); -+#elif defined(__i386__) -+asm ("\t.global \"_text\"\n" -+ "_text:\n" -+ "\t.long .text\n" -+ "\t.global \"_data\"\n" -+ "_data:\n" -+ "\t.long .data\n" -+ ); -+#else -+#warning I dunno... -+#endif -+ -+extern unsigned long _text; -+extern unsigned long _data; -+ -+#ifdef GRUB_UTIL -+#define EXT_C(x) x -+#endif -+ -+void -+grub_backtrace_arch (unsigned int skip) -+{ -+ grub_printf ("Backtrace (.text %p .data %p):\n", -+ (void *)_text, (void *)_data); -+ skip += 1; -+#if defined (__x86_64__) -+ asm volatile ("movq %%rbp, %%rdi\n" -+ "movq 0, %%rsi\n" -+ "movl %0, %%esi\n" -+ "call " EXT_C("grub_backtrace_pointer") -+ : -+ : "r" (skip)); -+#elif defined(__i386__) -+ asm volatile ("addl $8, %%esp\n" -+ "pushl %0\n" -+ "pushl %%ebp\n" -+ "call " EXT_C("grub_backtrace_pointer") -+ : -+ : "r" (skip)); -+#else -+ grub_backtrace_pointer(__builtin_frame_address(0), skip); -+#endif -+} -diff --git a/grub-core/kern/i386/pc/init.c b/grub-core/kern/i386/pc/init.c -index 27bc68b8a5..b51d0abfa6 100644 ---- a/grub-core/kern/i386/pc/init.c -+++ b/grub-core/kern/i386/pc/init.c -@@ -153,7 +153,7 @@ compact_mem_regions (void) - } - - grub_addr_t grub_modbase; --extern grub_uint8_t _start[], _edata[]; -+extern grub_uint8_t _edata[]; - - /* Helper for grub_machine_init. */ - static int -@@ -217,7 +217,7 @@ grub_machine_init (void) - /* This has to happen before any BIOS calls. */ - grub_via_workaround_init (); - -- grub_modbase = GRUB_MEMORY_MACHINE_DECOMPRESSION_ADDR + (_edata - _start); -+ grub_modbase = GRUB_MEMORY_MACHINE_DECOMPRESSION_ADDR + (_edata - (grub_uint8_t *)_start); - - /* Initialize the console as early as possible. */ - grub_console_init (); -diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index 0cd2a62723..937c1bc44c 100644 ---- a/grub-core/kern/ieee1275/init.c -+++ b/grub-core/kern/ieee1275/init.c -@@ -63,7 +63,6 @@ - #define HEAP_MAX_ADDR (unsigned long) (32 * 1024 * 1024) - #endif - --extern char _start[]; - extern char _end[]; - - #ifdef __sparc__ -diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index c60601b699..a432a6be54 100644 ---- a/grub-core/kern/misc.c -+++ b/grub-core/kern/misc.c -@@ -1197,15 +1197,15 @@ grub_printf_fmt_check (const char *fmt, const char *fmt_expected) - - - /* Abort GRUB. This function does not return. */ --static void __attribute__ ((noreturn)) -+static inline void __attribute__ ((noreturn)) - grub_abort (void) - { --#ifndef GRUB_UTIL --#if (defined(__i386__) || defined(__x86_64__)) && !defined(GRUB_MACHINE_EMU) -- grub_backtrace(); -+#if !defined(GRUB_MACHINE_EMU) && !defined(GRUB_UTIL) -+ grub_backtrace (1); -+#else -+ grub_printf ("\n"); - #endif --#endif -- grub_printf ("\nAborted."); -+ grub_printf ("Aborted."); - - #ifndef GRUB_UTIL - if (grub_term_inputs) -@@ -1232,6 +1232,7 @@ grub_fatal (const char *fmt, ...) - { - va_list ap; - -+ grub_printf ("\n"); - va_start (ap, fmt); - grub_vprintf (_(fmt), ap); - va_end (ap); -diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c -index c070afc621..d8c8377578 100644 ---- a/grub-core/kern/mm.c -+++ b/grub-core/kern/mm.c -@@ -97,13 +97,13 @@ get_header_from_pointer (void *ptr, grub_mm_header_t *p, grub_mm_region_t *r) - break; - - if (! *r) -- grub_fatal ("out of range pointer %p", ptr); -+ grub_fatal ("out of range pointer %p\n", ptr); - - *p = (grub_mm_header_t) ptr - 1; - if ((*p)->magic == GRUB_MM_FREE_MAGIC) -- grub_fatal ("double free at %p", *p); -+ grub_fatal ("double free at %p\n", *p); - if ((*p)->magic != GRUB_MM_ALLOC_MAGIC) -- grub_fatal ("alloc magic is broken at %p: %lx", *p, -+ grub_fatal ("alloc magic is broken at %p: %lx\n", *p, - (unsigned long) (*p)->magic); - } - -diff --git a/grub-core/lib/arm64/backtrace.c b/grub-core/lib/arm64/backtrace.c -deleted file mode 100644 -index 1079b5380e..0000000000 ---- a/grub-core/lib/arm64/backtrace.c -+++ /dev/null -@@ -1,62 +0,0 @@ --/* -- * GRUB -- GRand Unified Bootloader -- * Copyright (C) 2009 Free Software Foundation, Inc. -- * -- * GRUB is free software: you can redistribute it and/or modify -- * it under the terms of the GNU General Public License as published by -- * the Free Software Foundation, either version 3 of the License, or -- * (at your option) any later version. -- * -- * GRUB is distributed in the hope that it will be useful, -- * but WITHOUT ANY WARRANTY; without even the implied warranty of -- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- * GNU General Public License for more details. -- * -- * You should have received a copy of the GNU General Public License -- * along with GRUB. If not, see . -- */ -- --#include --#include --#include --#include --#include --#include --#include -- --#define MAX_STACK_FRAME 102400 -- --void --grub_backtrace_pointer (int frame) --{ -- while (1) -- { -- void *lp = __builtin_return_address (frame); -- if (!lp) -- break; -- -- lp = __builtin_extract_return_addr (lp); -- -- grub_printf ("%p: ", lp); -- grub_backtrace_print_address (lp); -- grub_printf (" ("); -- for (i = 0; i < 2; i++) -- grub_printf ("%p,", ((void **)ptr) [i + 2]); -- grub_printf ("%p)\n", ((void **)ptr) [i + 2]); -- nptr = *(void **)ptr; -- if (nptr < ptr || (void **) nptr - (void **) ptr > MAX_STACK_FRAME -- || nptr == ptr) -- { -- grub_printf ("Invalid stack frame at %p (%p)\n", ptr, nptr); -- break; -- } -- ptr = nptr; -- } --} -- --void --grub_backtrace (void) --{ -- grub_backtrace_pointer (1); --} -- -diff --git a/grub-core/lib/i386/backtrace.c b/grub-core/lib/i386/backtrace.c -deleted file mode 100644 -index c67273db3a..0000000000 ---- a/grub-core/lib/i386/backtrace.c -+++ /dev/null -@@ -1,78 +0,0 @@ --/* -- * GRUB -- GRand Unified Bootloader -- * Copyright (C) 2009 Free Software Foundation, Inc. -- * -- * GRUB is free software: you can redistribute it and/or modify -- * it under the terms of the GNU General Public License as published by -- * the Free Software Foundation, either version 3 of the License, or -- * (at your option) any later version. -- * -- * GRUB is distributed in the hope that it will be useful, -- * but WITHOUT ANY WARRANTY; without even the implied warranty of -- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- * GNU General Public License for more details. -- * -- * You should have received a copy of the GNU General Public License -- * along with GRUB. If not, see . -- */ --#include --#ifdef GRUB_UTIL --#define REALLY_GRUB_UTIL GRUB_UTIL --#undef GRUB_UTIL --#endif -- --#include --#include -- --#ifdef REALLY_GRUB_UTIL --#define GRUB_UTIL REALLY_GRUB_UTIL --#undef REALLY_GRUB_UTIL --#endif -- --#include --#include --#include --#include --#include --#include -- --#define MAX_STACK_FRAME 102400 -- --void --grub_backtrace_pointer (void *ebp) --{ -- void *ptr, *nptr; -- unsigned i; -- -- ptr = ebp; -- while (1) -- { -- grub_printf ("%p: ", ptr); -- grub_backtrace_print_address (((void **) ptr)[1]); -- grub_printf (" ("); -- for (i = 0; i < 2; i++) -- grub_printf ("%p,", ((void **)ptr) [i + 2]); -- grub_printf ("%p)\n", ((void **)ptr) [i + 2]); -- nptr = *(void **)ptr; -- if (nptr < ptr || (void **) nptr - (void **) ptr > MAX_STACK_FRAME -- || nptr == ptr) -- { -- grub_printf ("Invalid stack frame at %p (%p)\n", ptr, nptr); -- break; -- } -- ptr = nptr; -- } --} -- --void --grub_backtrace (void) --{ --#ifdef __x86_64__ -- asm volatile ("movq %%rbp, %%rdi\n" -- "callq *%%rax": :"a"(grub_backtrace_pointer)); --#else -- asm volatile ("movl %%ebp, %%eax\n" -- "calll *%%ecx": :"c"(grub_backtrace_pointer)); --#endif --} -- -diff --git a/include/grub/backtrace.h b/include/grub/backtrace.h -index 395519762f..275cf85e2d 100644 ---- a/include/grub/backtrace.h -+++ b/include/grub/backtrace.h -@@ -19,8 +19,14 @@ - #ifndef GRUB_BACKTRACE_HEADER - #define GRUB_BACKTRACE_HEADER 1 - --void grub_backtrace (void); --void grub_backtrace_pointer (void *ptr); -+#include -+#include -+ -+void EXPORT_FUNC(grub_debug_backtrace) (const char * const debug, -+ unsigned int skip); -+void EXPORT_FUNC(grub_backtrace) (unsigned int skip); -+void grub_backtrace_arch (unsigned int skip); -+void grub_backtrace_pointer (void *ptr, unsigned int skip); - void grub_backtrace_print_address (void *addr); - - #endif -diff --git a/include/grub/dl.h b/include/grub/dl.h -index 91933b85f2..2f76e6b043 100644 ---- a/include/grub/dl.h -+++ b/include/grub/dl.h -@@ -259,6 +259,8 @@ grub_dl_is_persistent (grub_dl_t mod) - - #endif - -+void * EXPORT_FUNC(grub_resolve_symbol) (const char *name); -+const char * EXPORT_FUNC(grub_get_symbol_by_addr) (const void *addr, int isfunc); - grub_err_t grub_dl_register_symbol (const char *name, void *addr, - int isfunc, grub_dl_t mod); - -diff --git a/include/grub/kernel.h b/include/grub/kernel.h -index abbca5ea33..300a9766cd 100644 ---- a/include/grub/kernel.h -+++ b/include/grub/kernel.h -@@ -111,6 +111,9 @@ grub_addr_t grub_modules_get_end (void); - - #endif - -+void EXPORT_FUNC(start) (void); -+void EXPORT_FUNC(_start) (void); -+ - /* The start point of the C code. */ - void grub_main (void) __attribute__ ((noreturn)); - -diff --git a/grub-core/kern/arm/efi/startup.S b/grub-core/kern/arm/efi/startup.S -index 9f8265315a..f3bc41f9d0 100644 ---- a/grub-core/kern/arm/efi/startup.S -+++ b/grub-core/kern/arm/efi/startup.S -@@ -23,6 +23,8 @@ - .file "startup.S" - .text - .arm -+ .globl start, _start -+FUNCTION(start) - FUNCTION(_start) - /* - * EFI_SYSTEM_TABLE and EFI_HANDLE are passed in r1/r0. -diff --git a/grub-core/kern/arm/startup.S b/grub-core/kern/arm/startup.S -index 3946fe8e18..5679a1d00a 100644 ---- a/grub-core/kern/arm/startup.S -+++ b/grub-core/kern/arm/startup.S -@@ -48,6 +48,8 @@ - - .text - .arm -+ .globl start, _start -+FUNCTION(start) - FUNCTION(_start) - b codestart - -diff --git a/grub-core/kern/arm64/efi/startup.S b/grub-core/kern/arm64/efi/startup.S -index 666a7ee3c9..41676bdb2b 100644 ---- a/grub-core/kern/arm64/efi/startup.S -+++ b/grub-core/kern/arm64/efi/startup.S -@@ -19,7 +19,9 @@ - #include - - .file "startup.S" -+ .globl start, _start - .text -+FUNCTION(start) - FUNCTION(_start) - /* - * EFI_SYSTEM_TABLE and EFI_HANDLE are passed in x1/x0. -diff --git a/grub-core/kern/i386/qemu/startup.S b/grub-core/kern/i386/qemu/startup.S -index 0d89858d9b..939f182fc7 100644 ---- a/grub-core/kern/i386/qemu/startup.S -+++ b/grub-core/kern/i386/qemu/startup.S -@@ -24,7 +24,8 @@ - - .text - .code32 -- .globl _start -+ .globl start, _start -+start: - _start: - jmp codestart - -diff --git a/grub-core/kern/ia64/efi/startup.S b/grub-core/kern/ia64/efi/startup.S -index d75c6d7cc7..8f2a593e52 100644 ---- a/grub-core/kern/ia64/efi/startup.S -+++ b/grub-core/kern/ia64/efi/startup.S -@@ -24,8 +24,9 @@ - .psr lsb - .lsb - -- .global _start -+ .global start, _start - .proc _start -+start: - _start: - alloc loc0=ar.pfs,2,4,0,0 - mov loc1=rp -diff --git a/grub-core/kern/sparc64/ieee1275/crt0.S b/grub-core/kern/sparc64/ieee1275/crt0.S -index 03b916f053..701bf63abc 100644 ---- a/grub-core/kern/sparc64/ieee1275/crt0.S -+++ b/grub-core/kern/sparc64/ieee1275/crt0.S -@@ -22,7 +22,8 @@ - - .text - .align 4 -- .globl _start -+ .globl start, _start -+start: - _start: - ba codestart - mov %o4, %o0 -diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am -index 80e7a83edf..f512573c0d 100644 ---- a/grub-core/Makefile.am -+++ b/grub-core/Makefile.am -@@ -66,6 +66,7 @@ CLEANFILES += grub_script.yy.c grub_script.yy.h - - include $(srcdir)/Makefile.core.am - -+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/backtrace.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/cache.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/command.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/device.h diff --git a/SPECS/grub2/fedora/0063-normal-don-t-draw-our-startup-message-if-debug-is-se.patch b/SPECS/grub2/fedora/0063-normal-don-t-draw-our-startup-message-if-debug-is-se.patch deleted file mode 100644 index a91629905d..0000000000 --- a/SPECS/grub2/fedora/0063-normal-don-t-draw-our-startup-message-if-debug-is-se.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 9 Nov 2017 15:58:52 -0500 -Subject: [PATCH] normal: don't draw our startup message if debug is set - ---- - grub-core/normal/main.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 55558cc0b9..af9792c963 100644 ---- a/grub-core/normal/main.c -+++ b/grub-core/normal/main.c -@@ -430,6 +430,9 @@ grub_normal_reader_init (int nested) - const char *msg_esc = _("ESC at any time exits."); - char *msg_formatted; - -+ if (grub_env_get ("debug") != NULL) -+ return 0; -+ - msg_formatted = grub_xasprintf (_("Minimal BASH-like line editing is supported. For " - "the first word, TAB lists possible command completions. Anywhere " - "else TAB lists possible device or file completions. %s"), diff --git a/SPECS/grub2/fedora/0064-Work-around-some-minor-include-path-weirdnesses.patch b/SPECS/grub2/fedora/0064-Work-around-some-minor-include-path-weirdnesses.patch deleted file mode 100644 index c7ae8d0138..0000000000 --- a/SPECS/grub2/fedora/0064-Work-around-some-minor-include-path-weirdnesses.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 16 Mar 2018 13:28:57 -0400 -Subject: [PATCH] Work around some minor include path weirdnesses - -Signed-off-by: Peter Jones ---- - include/grub/arm/efi/console.h | 24 ++++++++++++++++++++++++ - include/grub/arm64/efi/console.h | 24 ++++++++++++++++++++++++ - include/grub/i386/efi/console.h | 24 ++++++++++++++++++++++++ - include/grub/x86_64/efi/console.h | 24 ++++++++++++++++++++++++ - 4 files changed, 96 insertions(+) - create mode 100644 include/grub/arm/efi/console.h - create mode 100644 include/grub/arm64/efi/console.h - create mode 100644 include/grub/i386/efi/console.h - create mode 100644 include/grub/x86_64/efi/console.h - -diff --git a/include/grub/arm/efi/console.h b/include/grub/arm/efi/console.h -new file mode 100644 -index 0000000000..1592f6f76b ---- /dev/null -+++ b/include/grub/arm/efi/console.h -@@ -0,0 +1,24 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2002,2005,2006,2007 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#ifndef GRUB_ARM_EFI_CONSOLE_H -+#define GRUB_ARM_EFI_CONSOLE_H -+ -+#include -+ -+#endif /* ! GRUB_ARM_EFI_CONSOLE_H */ -diff --git a/include/grub/arm64/efi/console.h b/include/grub/arm64/efi/console.h -new file mode 100644 -index 0000000000..9568933938 ---- /dev/null -+++ b/include/grub/arm64/efi/console.h -@@ -0,0 +1,24 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2002,2005,2006,2007 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#ifndef GRUB_ARM64_EFI_CONSOLE_H -+#define GRUB_ARM64_EFI_CONSOLE_H -+ -+#include -+ -+#endif /* ! GRUB_ARM64_EFI_CONSOLE_H */ -diff --git a/include/grub/i386/efi/console.h b/include/grub/i386/efi/console.h -new file mode 100644 -index 0000000000..9231375cb0 ---- /dev/null -+++ b/include/grub/i386/efi/console.h -@@ -0,0 +1,24 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2002,2005,2006,2007 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#ifndef GRUB_I386_EFI_CONSOLE_H -+#define GRUB_I386_EFI_CONSOLE_H -+ -+#include -+ -+#endif /* ! GRUB_I386_EFI_CONSOLE_H */ -diff --git a/include/grub/x86_64/efi/console.h b/include/grub/x86_64/efi/console.h -new file mode 100644 -index 0000000000..dba9d8678d ---- /dev/null -+++ b/include/grub/x86_64/efi/console.h -@@ -0,0 +1,24 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2002,2005,2006,2007 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#ifndef GRUB_X86_64_EFI_CONSOLE_H -+#define GRUB_X86_64_EFI_CONSOLE_H -+ -+#include -+ -+#endif /* ! GRUB_X86_64_EFI_CONSOLE_H */ diff --git a/SPECS/grub2/fedora/0065-Make-it-possible-to-enabled-build-id-sha1.patch b/SPECS/grub2/fedora/0065-Make-it-possible-to-enabled-build-id-sha1.patch deleted file mode 100644 index 99d80552ab..0000000000 --- a/SPECS/grub2/fedora/0065-Make-it-possible-to-enabled-build-id-sha1.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 25 Jun 2015 15:41:06 -0400 -Subject: [PATCH] Make it possible to enabled --build-id=sha1 - -Signed-off-by: Peter Jones ---- - configure.ac | 8 ++++++++ - acinclude.m4 | 19 +++++++++++++++++++ - 2 files changed, 27 insertions(+) - -diff --git a/configure.ac b/configure.ac -index 0d0e6782a1..302300711f 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1442,7 +1442,15 @@ grub_PROG_TARGET_CC - if test "x$TARGET_APPLE_LINKER" != x1 ; then - grub_PROG_OBJCOPY_ABSOLUTE - fi -+ -+AC_ARG_ENABLE([build-id], -+ [AS_HELP_STRING([--enable-build-id], -+ [ask the linker to supply build-id notes (default=no)])]) -+if test x$enable_build_id = xyes; then -+grub_PROG_LD_BUILD_ID_SHA1 -+else - grub_PROG_LD_BUILD_ID_NONE -+fi - if test "x$target_cpu" = xi386; then - if test "$platform" != emu && test "x$TARGET_APPLE_LINKER" != x1 ; then - if test ! -z "$TARGET_IMG_LDSCRIPT"; then -diff --git a/acinclude.m4 b/acinclude.m4 -index 6e14bb553c..21238fcfd0 100644 ---- a/acinclude.m4 -+++ b/acinclude.m4 -@@ -136,6 +136,25 @@ if test "x$grub_cv_prog_ld_build_id_none" = xyes; then - fi - ]) - -+dnl Supply --build-id=sha1 to ld if building modules. -+dnl This suppresses warnings from ld on some systems -+AC_DEFUN([grub_PROG_LD_BUILD_ID_SHA1], -+[AC_MSG_CHECKING([whether linker accepts --build-id=sha1]) -+AC_CACHE_VAL(grub_cv_prog_ld_build_id_sha1, -+[save_LDFLAGS="$LDFLAGS" -+LDFLAGS="$LDFLAGS -Wl,--build-id=sha1" -+AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], -+ [grub_cv_prog_ld_build_id_sha1=yes], -+ [grub_cv_prog_ld_build_id_sha1=no]) -+LDFLAGS="$save_LDFLAGS" -+]) -+AC_MSG_RESULT([$grub_cv_prog_ld_build_id_sha1]) -+ -+if test "x$grub_cv_prog_ld_build_id_sha1" = xyes; then -+ TARGET_LDFLAGS="$TARGET_LDFLAGS -Wl,--build-id=sha1" -+fi -+]) -+ - dnl Check nm - AC_DEFUN([grub_PROG_NM_WORKS], - [AC_MSG_CHECKING([whether nm works]) diff --git a/SPECS/grub2/fedora/0066-Add-grub_qdprintf-grub_dprintf-without-the-file-line.patch b/SPECS/grub2/fedora/0066-Add-grub_qdprintf-grub_dprintf-without-the-file-line.patch deleted file mode 100644 index 7658e9b8dd..0000000000 --- a/SPECS/grub2/fedora/0066-Add-grub_qdprintf-grub_dprintf-without-the-file-line.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Sun, 28 Jun 2015 13:09:58 -0400 -Subject: [PATCH] Add grub_qdprintf() - grub_dprintf() without the file+line - number. - -This just makes copy+paste of our debug loading info easier. - -Signed-off-by: Peter Jones ---- - grub-core/kern/misc.c | 18 ++++++++++++++++++ - include/grub/misc.h | 2 ++ - 2 files changed, 20 insertions(+) - -diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index a432a6be54..9a2fae6398 100644 ---- a/grub-core/kern/misc.c -+++ b/grub-core/kern/misc.c -@@ -191,6 +191,24 @@ grub_real_dprintf (const char *file, const int line, const char *condition, - } - } - -+void -+grub_qdprintf (const char *condition, const char *fmt, ...) -+{ -+ va_list args; -+ const char *debug = grub_env_get ("debug"); -+ -+ if (! debug) -+ return; -+ -+ if (grub_strword (debug, "all") || grub_strword (debug, condition)) -+ { -+ va_start (args, fmt); -+ grub_vprintf (fmt, args); -+ va_end (args); -+ grub_refresh (); -+ } -+} -+ - #define PREALLOC_SIZE 255 - - int -diff --git a/include/grub/misc.h b/include/grub/misc.h -index fd18e6320b..3adc4036e3 100644 ---- a/include/grub/misc.h -+++ b/include/grub/misc.h -@@ -345,6 +345,8 @@ void EXPORT_FUNC(grub_real_dprintf) (const char *file, - const int line, - const char *condition, - const char *fmt, ...) __attribute__ ((format (GNU_PRINTF, 4, 5))); -+void EXPORT_FUNC(grub_qdprintf) (const char *condition, -+ const char *fmt, ...) __attribute__ ((format (GNU_PRINTF, 2, 3))); - int EXPORT_FUNC(grub_vprintf) (const char *fmt, va_list args); - int EXPORT_FUNC(grub_snprintf) (char *str, grub_size_t n, const char *fmt, ...) - __attribute__ ((format (GNU_PRINTF, 3, 4))); diff --git a/SPECS/grub2/fedora/0067-Make-a-gdb-dprintf-that-tells-us-load-addresses.patch b/SPECS/grub2/fedora/0067-Make-a-gdb-dprintf-that-tells-us-load-addresses.patch deleted file mode 100644 index ccf34a5027..0000000000 --- a/SPECS/grub2/fedora/0067-Make-a-gdb-dprintf-that-tells-us-load-addresses.patch +++ /dev/null @@ -1,178 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 25 Jun 2015 15:11:36 -0400 -Subject: [PATCH] Make a "gdb" dprintf that tells us load addresses. - -This makes a grub_dprintf() call during platform init and during module -loading that tells us the virtual addresses of the .text and .data -sections of grub-core/kernel.exec and any modules it loads. - -Specifically, it displays them in the gdb "add-symbol-file" syntax, with -the presumption that there's a variable $grubdir that reflects the path -to any such binaries. - -Signed-off-by: Peter Jones ---- - grub-core/kern/dl.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++ - grub-core/kern/efi/efi.c | 4 ++-- - grub-core/kern/efi/init.c | 26 +++++++++++++++++++++++- - include/grub/efi/efi.h | 2 +- - 4 files changed, 78 insertions(+), 4 deletions(-) - -diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 88d2077709..9557254035 100644 ---- a/grub-core/kern/dl.c -+++ b/grub-core/kern/dl.c -@@ -501,6 +501,23 @@ grub_dl_find_section (Elf_Ehdr *e, const char *name) - return s; - return NULL; - } -+static long -+grub_dl_find_section_index (Elf_Ehdr *e, const char *name) -+{ -+ Elf_Shdr *s; -+ const char *str; -+ unsigned i; -+ -+ s = (Elf_Shdr *) ((char *) e + e->e_shoff + e->e_shstrndx * e->e_shentsize); -+ str = (char *) e + s->sh_offset; -+ -+ for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); -+ i < e->e_shnum; -+ i++, s = (Elf_Shdr *) ((char *) s + e->e_shentsize)) -+ if (grub_strcmp (str + s->sh_name, name) == 0) -+ return (long)i; -+ return -1; -+} - - /* Me, Vladimir Serbinenko, hereby I add this module check as per new - GNU module policy. Note that this license check is informative only. -@@ -653,6 +670,37 @@ grub_dl_relocate_symbols (grub_dl_t mod, void *ehdr) - - return GRUB_ERR_NONE; - } -+static void -+grub_dl_print_gdb_info (grub_dl_t mod, Elf_Ehdr *e) -+{ -+ void *text, *data = NULL; -+ long idx; -+ -+ idx = grub_dl_find_section_index (e, ".text"); -+ if (idx < 0) -+ return; -+ -+ text = grub_dl_get_section_addr (mod, idx); -+ if (!text) -+ return; -+ -+ idx = grub_dl_find_section_index (e, ".data"); -+ if (idx >= 0) -+ data = grub_dl_get_section_addr (mod, idx); -+ -+ if (data) -+ grub_qdprintf ("gdb", "add-symbol-file \\\n" -+ "/usr/lib/debug/usr/lib/grub/%s-%s/%s.debug " -+ "\\\n %p -s .data %p\n", -+ GRUB_TARGET_CPU, GRUB_PLATFORM, -+ mod->name, text, data); -+ else -+ grub_qdprintf ("gdb", "add-symbol-file \\\n" -+ "/usr/lib/debug/usr/lib/grub/%s-%s/%s.debug " -+ "\\\n%p\n", -+ GRUB_TARGET_CPU, GRUB_PLATFORM, -+ mod->name, text); -+} - - /* Load a module from core memory. */ - grub_dl_t -@@ -712,6 +760,8 @@ grub_dl_load_core_noinit (void *addr, grub_size_t size) - grub_dprintf ("modules", "module name: %s\n", mod->name); - grub_dprintf ("modules", "init function: %p\n", mod->init); - -+ grub_dl_print_gdb_info (mod, e); -+ - if (grub_dl_add (mod)) - { - grub_dl_unload (mod); -diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index ae9885edb8..d6a2fb5778 100644 ---- a/grub-core/kern/efi/efi.c -+++ b/grub-core/kern/efi/efi.c -@@ -296,7 +296,7 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, - /* Search the mods section from the PE32/PE32+ image. This code uses - a PE32 header, but should work with PE32+ as well. */ - grub_addr_t --grub_efi_modules_addr (void) -+grub_efi_section_addr (const char *section_name) - { - grub_efi_loaded_image_t *image; - struct grub_pe32_header *header; -@@ -321,7 +321,7 @@ grub_efi_modules_addr (void) - i < coff_header->num_sections; - i++, section++) - { -- if (grub_strcmp (section->name, "mods") == 0) -+ if (grub_strcmp (section->name, section_name) == 0) - break; - } - -diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c -index 6d39bd3ad2..2d12e6188f 100644 ---- a/grub-core/kern/efi/init.c -+++ b/grub-core/kern/efi/init.c -@@ -115,10 +115,33 @@ grub_efi_env_init (void) - grub_free (envblk_s.buf); - } - -+static void -+grub_efi_print_gdb_info (void) -+{ -+ grub_addr_t text; -+ grub_addr_t data; -+ -+ text = grub_efi_section_addr (".text"); -+ if (!text) -+ return; -+ -+ data = grub_efi_section_addr (".data"); -+ if (data) -+ grub_qdprintf ("gdb", -+ "add-symbol-file /usr/lib/debug/usr/lib/grub/%s-%s/" -+ "kernel.exec %p -s .data %p\n", -+ GRUB_TARGET_CPU, GRUB_PLATFORM, (void *)text, (void *)data); -+ else -+ grub_qdprintf ("gdb", -+ "add-symbol-file /usr/lib/debug/usr/lib/grub/%s-%s/" -+ "kernel.exec %p\n", -+ GRUB_TARGET_CPU, GRUB_PLATFORM, (void *)text); -+} -+ - void - grub_efi_init (void) - { -- grub_modbase = grub_efi_modules_addr (); -+ grub_modbase = grub_efi_section_addr ("mods"); - /* First of all, initialize the console so that GRUB can display - messages. */ - grub_console_init (); -@@ -142,6 +165,7 @@ grub_efi_init (void) - 0, 0, 0, NULL); - - grub_efi_env_init (); -+ grub_efi_print_gdb_info (); - grub_efidisk_init (); - } - -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index 03f9a9d011..2e0691454b 100644 ---- a/include/grub/efi/efi.h -+++ b/include/grub/efi/efi.h -@@ -138,7 +138,7 @@ grub_err_t grub_arch_efi_linux_check_image(struct linux_arch_kernel_header *lh); - grub_err_t grub_arch_efi_linux_boot_image(grub_addr_t addr, char *args); - #endif - --grub_addr_t grub_efi_modules_addr (void); -+grub_addr_t grub_efi_section_addr (const char *section); - - void grub_efi_mm_init (void); - void grub_efi_mm_fini (void); diff --git a/SPECS/grub2/fedora/0068-Fixup-for-newer-compiler.patch b/SPECS/grub2/fedora/0068-Fixup-for-newer-compiler.patch deleted file mode 100644 index ed23271ec4..0000000000 --- a/SPECS/grub2/fedora/0068-Fixup-for-newer-compiler.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 10 May 2018 13:40:19 -0400 -Subject: [PATCH] Fixup for newer compiler - ---- - grub-core/fs/btrfs.c | 2 +- - include/grub/gpt_partition.h | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 2b21cbaa67..4cc86e9b79 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -218,7 +218,7 @@ struct grub_btrfs_inode - grub_uint64_t size; - grub_uint8_t dummy2[0x70]; - struct grub_btrfs_time mtime; --} GRUB_PACKED; -+} GRUB_PACKED __attribute__ ((aligned(8))); - - struct grub_btrfs_extent_data - { -diff --git a/include/grub/gpt_partition.h b/include/grub/gpt_partition.h -index 7a93f43291..8212697bf6 100644 ---- a/include/grub/gpt_partition.h -+++ b/include/grub/gpt_partition.h -@@ -76,7 +76,7 @@ struct grub_gpt_partentry - grub_uint64_t end; - grub_uint64_t attrib; - char name[72]; --} GRUB_PACKED; -+} GRUB_PACKED __attribute__ ((aligned(8))); - - grub_err_t - grub_gpt_partition_map_iterate (grub_disk_t disk, diff --git a/SPECS/grub2/fedora/0069-Don-t-attempt-to-export-the-start-and-_start-symbols.patch b/SPECS/grub2/fedora/0069-Don-t-attempt-to-export-the-start-and-_start-symbols.patch deleted file mode 100644 index 9b78c00cdb..0000000000 --- a/SPECS/grub2/fedora/0069-Don-t-attempt-to-export-the-start-and-_start-symbols.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Sat, 12 May 2018 11:29:07 +0200 -Subject: [PATCH] Don't attempt to export the start and _start symbols for - grub-emu - -Commit 318ee04aadc ("make better backtraces") reworked the backtrace logic -but the changes lead to the following build error on the grub-emu platform: - -grub_emu_lite-symlist.o:(.data+0xf08): undefined reference to `start' -collect2: error: ld returned 1 exit status -make[3]: *** [Makefile:25959: grub-emu-lite] Error 1 -make[3]: *** Waiting for unfinished jobs.... -cat kernel_syms.input | grep -v '^#' | sed -n \ - -e '/EXPORT_FUNC *([a-zA-Z0-9_]*)/{s/.*EXPORT_FUNC *(\([a-zA-Z0-9_]*\)).*/defined kernel '""'\1/;p;}' \ - -e '/EXPORT_VAR *([a-zA-Z0-9_]*)/{s/.*EXPORT_VAR *(\([a-zA-Z0-9_]*\)).*/defined kernel '""'\1/;p;}' \ - | sort -u >kernel_syms.lst - -The problem is that start and _start symbols are exported unconditionally, -but these aren't defined for grub-emu since is an emultaed platform so it -doesn't have a startup logic. Don't attempt to export those for grub-emu. - -Signed-off-by: Javier Martinez Canillas ---- - include/grub/kernel.h | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/include/grub/kernel.h b/include/grub/kernel.h -index 300a9766cd..55849777ea 100644 ---- a/include/grub/kernel.h -+++ b/include/grub/kernel.h -@@ -111,8 +111,10 @@ grub_addr_t grub_modules_get_end (void); - - #endif - -+#if !defined(GRUB_MACHINE_EMU) - void EXPORT_FUNC(start) (void); - void EXPORT_FUNC(_start) (void); -+#endif - - /* The start point of the C code. */ - void grub_main (void) __attribute__ ((noreturn)); diff --git a/SPECS/grub2/fedora/0070-Fixup-for-newer-compiler.patch b/SPECS/grub2/fedora/0070-Fixup-for-newer-compiler.patch deleted file mode 100644 index 167dca1837..0000000000 --- a/SPECS/grub2/fedora/0070-Fixup-for-newer-compiler.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 10 May 2018 13:40:19 -0400 -Subject: [PATCH] Fixup for newer compiler - ---- - conf/Makefile.common | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/conf/Makefile.common b/conf/Makefile.common -index 191b1a70c6..5f0ef96985 100644 ---- a/conf/Makefile.common -+++ b/conf/Makefile.common -@@ -38,7 +38,7 @@ CFLAGS_KERNEL = $(CFLAGS_PLATFORM) -ffreestanding - LDFLAGS_KERNEL = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) - CPPFLAGS_KERNEL = $(CPPFLAGS_CPU) $(CPPFLAGS_PLATFORM) -DGRUB_KERNEL=1 - CCASFLAGS_KERNEL = $(CCASFLAGS_CPU) $(CCASFLAGS_PLATFORM) --STRIPFLAGS_KERNEL = -R .eh_frame -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx -+STRIPFLAGS_KERNEL = -R .eh_frame -R .rel.dyn -R .reginfo -R .note -R .comment -R .drectve -R .note.gnu.gold-version -R .MIPS.abiflags -R .ARM.exidx -R .note.gnu.property -R .gnu.build.attributes - - CFLAGS_MODULE = $(CFLAGS_PLATFORM) -ffreestanding - LDFLAGS_MODULE = $(LDFLAGS_PLATFORM) -nostdlib $(TARGET_LDFLAGS_OLDMAGIC) -Wl,-r,-d diff --git a/SPECS/grub2/fedora/0071-Add-support-for-non-Ethernet-network-cards.patch b/SPECS/grub2/fedora/0071-Add-support-for-non-Ethernet-network-cards.patch deleted file mode 100644 index fb446288eb..0000000000 --- a/SPECS/grub2/fedora/0071-Add-support-for-non-Ethernet-network-cards.patch +++ /dev/null @@ -1,766 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Andrzej Kacprowski -Date: Wed, 10 Jul 2019 15:22:29 +0200 -Subject: [PATCH] Add support for non-Ethernet network cards - -This patch replaces fixed 6-byte link layer address with -up to 32-byte variable sized address. -This allows supporting Infiniband and Omni-Path fabric -which use 20-byte address, but other network card types -can also take advantage of this change. -The network card driver is responsible for replacing L2 -header provided by grub2 if needed. -This approach is compatible with UEFI network stack which -also allows up to 32-byte variable size link address. - -The BOOTP/DHCP packet format is limited to 16 byte client -hardware address, if link address is more that 16-bytes -then chaddr field in BOOTP it will be set to 0 as per rfc4390. - -Resolves: rhbz#1370642 - -Signed-off-by: Andrzej Kacprowski -[msalter: Fix max string calculation in grub_net_hwaddr_to_str] -Signed-off-by: Mark Salter ---- - grub-core/net/arp.c | 155 ++++++++++++++++++++++----------- - grub-core/net/bootp.c | 15 ++-- - grub-core/net/drivers/efi/efinet.c | 8 +- - grub-core/net/drivers/emu/emunet.c | 1 + - grub-core/net/drivers/i386/pc/pxe.c | 13 +-- - grub-core/net/drivers/ieee1275/ofnet.c | 2 + - grub-core/net/drivers/uboot/ubootnet.c | 1 + - grub-core/net/ethernet.c | 88 +++++++++---------- - grub-core/net/icmp6.c | 15 ++-- - grub-core/net/ip.c | 4 +- - grub-core/net/net.c | 50 ++++++----- - include/grub/net.h | 19 ++-- - 12 files changed, 219 insertions(+), 152 deletions(-) - -diff --git a/grub-core/net/arp.c b/grub-core/net/arp.c -index 54306e3b16..67b409a8ac 100644 ---- a/grub-core/net/arp.c -+++ b/grub-core/net/arp.c -@@ -31,22 +31,12 @@ enum - ARP_REPLY = 2 - }; - --enum -- { -- /* IANA ARP constant to define hardware type as ethernet. */ -- GRUB_NET_ARPHRD_ETHERNET = 1 -- }; -- --struct arppkt { -+struct arphdr { - grub_uint16_t hrd; - grub_uint16_t pro; - grub_uint8_t hln; - grub_uint8_t pln; - grub_uint16_t op; -- grub_uint8_t sender_mac[6]; -- grub_uint32_t sender_ip; -- grub_uint8_t recv_mac[6]; -- grub_uint32_t recv_ip; - } GRUB_PACKED; - - static int have_pending; -@@ -57,12 +47,16 @@ grub_net_arp_send_request (struct grub_net_network_level_interface *inf, - const grub_net_network_level_address_t *proto_addr) - { - struct grub_net_buff nb; -- struct arppkt *arp_packet; -+ struct arphdr *arp_header; - grub_net_link_level_address_t target_mac_addr; - grub_err_t err; - int i; - grub_uint8_t *nbd; - grub_uint8_t arp_data[128]; -+ grub_uint8_t hln; -+ grub_uint8_t pln; -+ grub_uint8_t arp_packet_len; -+ grub_uint8_t *tmp_ptr; - - if (proto_addr->type != GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV4) - return grub_error (GRUB_ERR_BUG, "unsupported address family"); -@@ -73,23 +67,39 @@ grub_net_arp_send_request (struct grub_net_network_level_interface *inf, - grub_netbuff_clear (&nb); - grub_netbuff_reserve (&nb, 128); - -- err = grub_netbuff_push (&nb, sizeof (*arp_packet)); -+ hln = inf->card->default_address.len; -+ pln = sizeof (proto_addr->ipv4); -+ arp_packet_len = sizeof (*arp_header) + 2 * (hln + pln); -+ -+ err = grub_netbuff_push (&nb, arp_packet_len); - if (err) - return err; - -- arp_packet = (struct arppkt *) nb.data; -- arp_packet->hrd = grub_cpu_to_be16_compile_time (GRUB_NET_ARPHRD_ETHERNET); -- arp_packet->hln = 6; -- arp_packet->pro = grub_cpu_to_be16_compile_time (GRUB_NET_ETHERTYPE_IP); -- arp_packet->pln = 4; -- arp_packet->op = grub_cpu_to_be16_compile_time (ARP_REQUEST); -- /* Sender hardware address. */ -- grub_memcpy (arp_packet->sender_mac, &inf->hwaddress.mac, 6); -- arp_packet->sender_ip = inf->address.ipv4; -- grub_memset (arp_packet->recv_mac, 0, 6); -- arp_packet->recv_ip = proto_addr->ipv4; -- /* Target protocol address */ -- grub_memset (&target_mac_addr.mac, 0xff, 6); -+ arp_header = (struct arphdr *) nb.data; -+ arp_header->hrd = grub_cpu_to_be16 (inf->card->default_address.type); -+ arp_header->hln = hln; -+ arp_header->pro = grub_cpu_to_be16_compile_time (GRUB_NET_ETHERTYPE_IP); -+ arp_header->pln = pln; -+ arp_header->op = grub_cpu_to_be16_compile_time (ARP_REQUEST); -+ tmp_ptr = nb.data + sizeof (*arp_header); -+ -+ /* The source hardware address. */ -+ grub_memcpy (tmp_ptr, inf->hwaddress.mac, hln); -+ tmp_ptr += hln; -+ -+ /* The source protocol address. */ -+ grub_memcpy (tmp_ptr, &inf->address.ipv4, pln); -+ tmp_ptr += pln; -+ -+ /* The target hardware address. */ -+ grub_memset (tmp_ptr, 0, hln); -+ tmp_ptr += hln; -+ -+ /* The target protocol address */ -+ grub_memcpy (tmp_ptr, &proto_addr->ipv4, pln); -+ tmp_ptr += pln; -+ -+ grub_memset (&target_mac_addr.mac, 0xff, hln); - - nbd = nb.data; - send_ethernet_packet (inf, &nb, target_mac_addr, GRUB_NET_ETHERTYPE_ARP); -@@ -114,28 +124,53 @@ grub_err_t - grub_net_arp_receive (struct grub_net_buff *nb, struct grub_net_card *card, - grub_uint16_t *vlantag) - { -- struct arppkt *arp_packet = (struct arppkt *) nb->data; -+ struct arphdr *arp_header = (struct arphdr *) nb->data; - grub_net_network_level_address_t sender_addr, target_addr; - grub_net_link_level_address_t sender_mac_addr; - struct grub_net_network_level_interface *inf; -+ grub_uint16_t hw_type; -+ grub_uint8_t hln; -+ grub_uint8_t pln; -+ grub_uint8_t arp_packet_len; -+ grub_uint8_t *tmp_ptr; - -- if (arp_packet->pro != grub_cpu_to_be16_compile_time (GRUB_NET_ETHERTYPE_IP) -- || arp_packet->pln != 4 || arp_packet->hln != 6 -- || nb->tail - nb->data < (int) sizeof (*arp_packet)) -+ hw_type = card->default_address.type; -+ hln = card->default_address.len; -+ pln = sizeof(sender_addr.ipv4); -+ arp_packet_len = sizeof (*arp_header) + 2 * (pln + hln); -+ -+ if (arp_header->pro != grub_cpu_to_be16_compile_time (GRUB_NET_ETHERTYPE_IP) -+ || arp_header->hrd != grub_cpu_to_be16 (hw_type) -+ || arp_header->hln != hln || arp_header->pln != pln -+ || nb->tail - nb->data < (int) arp_packet_len) { - return GRUB_ERR_NONE; -+ } - -+ tmp_ptr = nb->data + sizeof (*arp_header); -+ -+ /* The source hardware address. */ -+ sender_mac_addr.type = hw_type; -+ sender_mac_addr.len = hln; -+ grub_memcpy (sender_mac_addr.mac, tmp_ptr, hln); -+ tmp_ptr += hln; -+ -+ /* The source protocol address. */ - sender_addr.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV4; -+ grub_memcpy(&sender_addr.ipv4, tmp_ptr, pln); -+ tmp_ptr += pln; -+ -+ grub_net_link_layer_add_address (card, &sender_addr, &sender_mac_addr, 1); -+ -+ /* The target hardware address. */ -+ tmp_ptr += hln; -+ -+ /* The target protocol address. */ - target_addr.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV4; -- sender_addr.ipv4 = arp_packet->sender_ip; -- target_addr.ipv4 = arp_packet->recv_ip; -- if (arp_packet->sender_ip == pending_req) -+ grub_memcpy(&target_addr.ipv4, tmp_ptr, pln); -+ -+ if (sender_addr.ipv4 == pending_req) - have_pending = 1; - -- sender_mac_addr.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; -- grub_memcpy (sender_mac_addr.mac, arp_packet->sender_mac, -- sizeof (sender_mac_addr.mac)); -- grub_net_link_layer_add_address (card, &sender_addr, &sender_mac_addr, 1); -- - FOR_NET_NETWORK_LEVEL_INTERFACES (inf) - { - /* Verify vlantag id */ -@@ -148,11 +183,11 @@ grub_net_arp_receive (struct grub_net_buff *nb, struct grub_net_card *card, - - /* Am I the protocol address target? */ - if (grub_net_addr_cmp (&inf->address, &target_addr) == 0 -- && arp_packet->op == grub_cpu_to_be16_compile_time (ARP_REQUEST)) -+ && arp_header->op == grub_cpu_to_be16_compile_time (ARP_REQUEST)) - { - grub_net_link_level_address_t target; - struct grub_net_buff nb_reply; -- struct arppkt *arp_reply; -+ struct arphdr *arp_reply; - grub_uint8_t arp_data[128]; - grub_err_t err; - -@@ -161,25 +196,39 @@ grub_net_arp_receive (struct grub_net_buff *nb, struct grub_net_card *card, - grub_netbuff_clear (&nb_reply); - grub_netbuff_reserve (&nb_reply, 128); - -- err = grub_netbuff_push (&nb_reply, sizeof (*arp_packet)); -+ err = grub_netbuff_push (&nb_reply, arp_packet_len); - if (err) - return err; - -- arp_reply = (struct arppkt *) nb_reply.data; -+ arp_reply = (struct arphdr *) nb_reply.data; - -- arp_reply->hrd = grub_cpu_to_be16_compile_time (GRUB_NET_ARPHRD_ETHERNET); -+ arp_reply->hrd = grub_cpu_to_be16 (hw_type); - arp_reply->pro = grub_cpu_to_be16_compile_time (GRUB_NET_ETHERTYPE_IP); -- arp_reply->pln = 4; -- arp_reply->hln = 6; -+ arp_reply->pln = pln; -+ arp_reply->hln = hln; - arp_reply->op = grub_cpu_to_be16_compile_time (ARP_REPLY); -- arp_reply->sender_ip = arp_packet->recv_ip; -- arp_reply->recv_ip = arp_packet->sender_ip; -- arp_reply->hln = 6; -- -- target.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; -- grub_memcpy (target.mac, arp_packet->sender_mac, 6); -- grub_memcpy (arp_reply->sender_mac, inf->hwaddress.mac, 6); -- grub_memcpy (arp_reply->recv_mac, arp_packet->sender_mac, 6); -+ -+ tmp_ptr = nb_reply.data + sizeof (*arp_reply); -+ -+ /* The source hardware address. */ -+ grub_memcpy (tmp_ptr, inf->hwaddress.mac, hln); -+ tmp_ptr += hln; -+ -+ /* The source protocol address. */ -+ grub_memcpy (tmp_ptr, &target_addr.ipv4, pln); -+ tmp_ptr += pln; -+ -+ /* The target hardware address. */ -+ grub_memcpy (tmp_ptr, sender_mac_addr.mac, hln); -+ tmp_ptr += hln; -+ -+ /* The target protocol address */ -+ grub_memcpy (tmp_ptr, &sender_addr.ipv4, pln); -+ tmp_ptr += pln; -+ -+ target.type = hw_type; -+ target.len = hln; -+ grub_memcpy (target.mac, sender_mac_addr.mac, hln); - - /* Change operation to REPLY and send packet */ - send_ethernet_packet (inf, &nb_reply, target, GRUB_NET_ETHERTYPE_ARP); -diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c -index e28fb6a09f..08b6b2b5d6 100644 ---- a/grub-core/net/bootp.c -+++ b/grub-core/net/bootp.c -@@ -233,7 +233,6 @@ grub_net_configure_by_dhcp_ack (const char *name, - int is_def, char **device, char **path) - { - grub_net_network_level_address_t addr; -- grub_net_link_level_address_t hwaddr; - struct grub_net_network_level_interface *inter; - int mask = -1; - char server_ip[sizeof ("xxx.xxx.xxx.xxx")]; -@@ -250,12 +249,8 @@ grub_net_configure_by_dhcp_ack (const char *name, - if (path) - *path = 0; - -- grub_memcpy (hwaddr.mac, bp->mac_addr, -- bp->hw_len < sizeof (hwaddr.mac) ? bp->hw_len -- : sizeof (hwaddr.mac)); -- hwaddr.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; -- -- inter = grub_net_add_addr (name, card, &addr, &hwaddr, flags); -+ grub_dprintf("dhcp", "configuring dhcp for %s\n", name); -+ inter = grub_net_add_addr (name, card, &addr, &card->default_address, flags); - if (!inter) - return 0; - -@@ -567,7 +562,9 @@ send_dhcp_packet (struct grub_net_network_level_interface *iface) - grub_memset (pack, 0, sizeof (*pack)); - pack->opcode = 1; - pack->hw_type = 1; -- pack->hw_len = 6; -+ pack->hw_len = iface->hwaddress.len > 16 ? 0 -+ : iface->hwaddress.len; -+ - err = grub_get_datetime (&date); - if (err || !grub_datetime2unixtime (&date, &t)) - { -@@ -580,7 +577,7 @@ send_dhcp_packet (struct grub_net_network_level_interface *iface) - else - pack->ident = iface->xid; - -- grub_memcpy (&pack->mac_addr, &iface->hwaddress.mac, 6); -+ grub_memcpy (&pack->mac_addr, &iface->hwaddress.mac, pack->hw_len); - - grub_netbuff_push (nb, sizeof (*udph)); - -diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 173fb63153..a673bea807 100644 ---- a/grub-core/net/drivers/efi/efinet.c -+++ b/grub-core/net/drivers/efi/efinet.c -@@ -279,6 +279,9 @@ grub_efinet_findcards (void) - /* This should not happen... Why? */ - continue; - -+ if (net->mode->hwaddr_size > GRUB_NET_MAX_LINK_ADDRESS_SIZE) -+ continue; -+ - if (net->mode->state == GRUB_EFI_NETWORK_STOPPED - && efi_call_1 (net->start, net) != GRUB_EFI_SUCCESS) - continue; -@@ -315,10 +318,11 @@ grub_efinet_findcards (void) - card->name = grub_xasprintf ("efinet%d", i++); - card->driver = &efidriver; - card->flags = 0; -- card->default_address.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; -+ card->default_address.type = net->mode->if_type; -+ card->default_address.len = net->mode->hwaddr_size; - grub_memcpy (card->default_address.mac, - net->mode->current_address, -- sizeof (card->default_address.mac)); -+ net->mode->hwaddr_size); - card->efi_net = net; - card->efi_handle = *handle; - -diff --git a/grub-core/net/drivers/emu/emunet.c b/grub-core/net/drivers/emu/emunet.c -index b194920861..5b6c5e16a6 100644 ---- a/grub-core/net/drivers/emu/emunet.c -+++ b/grub-core/net/drivers/emu/emunet.c -@@ -46,6 +46,7 @@ static struct grub_net_card emucard = - .mtu = 1500, - .default_address = { - .type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET, -+ . len = 6, - {.mac = {0, 1, 2, 3, 4, 5}} - }, - .flags = 0 -diff --git a/grub-core/net/drivers/i386/pc/pxe.c b/grub-core/net/drivers/i386/pc/pxe.c -index 3f4152d036..9f8fb4b6d2 100644 ---- a/grub-core/net/drivers/i386/pc/pxe.c -+++ b/grub-core/net/drivers/i386/pc/pxe.c -@@ -386,20 +386,21 @@ GRUB_MOD_INIT(pxe) - grub_memset (ui, 0, sizeof (*ui)); - grub_pxe_call (GRUB_PXENV_UNDI_GET_INFORMATION, ui, pxe_rm_entry); - -+ grub_pxe_card.default_address.len = 6; - grub_memcpy (grub_pxe_card.default_address.mac, ui->current_addr, -- sizeof (grub_pxe_card.default_address.mac)); -- for (i = 0; i < sizeof (grub_pxe_card.default_address.mac); i++) -+ grub_pxe_card.default_address.len); -+ for (i = 0; i < grub_pxe_card.default_address.len; i++) - if (grub_pxe_card.default_address.mac[i] != 0) - break; -- if (i != sizeof (grub_pxe_card.default_address.mac)) -+ if (i != grub_pxe_card.default_address.len) - { -- for (i = 0; i < sizeof (grub_pxe_card.default_address.mac); i++) -+ for (i = 0; i < grub_pxe_card.default_address.len; i++) - if (grub_pxe_card.default_address.mac[i] != 0xff) - break; - } -- if (i == sizeof (grub_pxe_card.default_address.mac)) -+ if (i == grub_pxe_card.default_address.len) - grub_memcpy (grub_pxe_card.default_address.mac, ui->permanent_addr, -- sizeof (grub_pxe_card.default_address.mac)); -+ grub_pxe_card.default_address.len); - grub_pxe_card.mtu = ui->mtu; - - grub_pxe_card.default_address.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; -diff --git a/grub-core/net/drivers/ieee1275/ofnet.c b/grub-core/net/drivers/ieee1275/ofnet.c -index 3860b6f78d..bcb3f9ea02 100644 ---- a/grub-core/net/drivers/ieee1275/ofnet.c -+++ b/grub-core/net/drivers/ieee1275/ofnet.c -@@ -160,6 +160,7 @@ grub_ieee1275_parse_bootpath (const char *devpath, char *bootpath, - grub_uint16_t vlantag = 0; - - hw_addr.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; -+ hw_addr.len = 6; - - args = bootpath + grub_strlen (devpath) + 1; - do -@@ -503,6 +504,7 @@ search_net_devices (struct grub_ieee1275_devalias *alias) - grub_memcpy (&lla.mac, pprop, 6); - - lla.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; -+ lla.len = 6; - card->default_address = lla; - - card->txbufsize = ALIGN_UP (card->mtu, 64) + 256; -diff --git a/grub-core/net/drivers/uboot/ubootnet.c b/grub-core/net/drivers/uboot/ubootnet.c -index 056052e40d..22ebcbf211 100644 ---- a/grub-core/net/drivers/uboot/ubootnet.c -+++ b/grub-core/net/drivers/uboot/ubootnet.c -@@ -131,6 +131,7 @@ GRUB_MOD_INIT (ubootnet) - - grub_memcpy (&(card->default_address.mac), &devinfo->di_net.hwaddr, 6); - card->default_address.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; -+ card->default_address.len = 6; - - card->txbufsize = ALIGN_UP (card->mtu, 64) + 256; - card->txbuf = grub_zalloc (card->txbufsize); -diff --git a/grub-core/net/ethernet.c b/grub-core/net/ethernet.c -index 4d7ceed6f9..9aae83a5eb 100644 ---- a/grub-core/net/ethernet.c -+++ b/grub-core/net/ethernet.c -@@ -29,13 +29,6 @@ - - #define LLCADDRMASK 0x7f - --struct etherhdr --{ -- grub_uint8_t dst[6]; -- grub_uint8_t src[6]; -- grub_uint16_t type; --} GRUB_PACKED; -- - struct llchdr - { - grub_uint8_t dsap; -@@ -55,13 +48,15 @@ send_ethernet_packet (struct grub_net_network_level_interface *inf, - grub_net_link_level_address_t target_addr, - grub_net_ethertype_t ethertype) - { -- struct etherhdr *eth; -+ grub_uint8_t *eth; - grub_err_t err; -- grub_uint8_t etherhdr_size; -- grub_uint16_t vlantag_id = VLANTAG_IDENTIFIER; -+ grub_uint32_t vlantag = 0; -+ grub_uint8_t hw_addr_len = inf->card->default_address.len; -+ grub_uint8_t etherhdr_size = 2 * hw_addr_len + 2; - -- etherhdr_size = sizeof (*eth); -- COMPILE_TIME_ASSERT (sizeof (*eth) + 4 < GRUB_NET_MAX_LINK_HEADER_SIZE); -+ /* Source and destination link addresses + ethertype + vlan tag */ -+ COMPILE_TIME_ASSERT ((GRUB_NET_MAX_LINK_ADDRESS_SIZE * 2 + 2 + 4) < -+ GRUB_NET_MAX_LINK_HEADER_SIZE); - - /* Increase ethernet header in case of vlantag */ - if (inf->vlantag != 0) -@@ -70,11 +65,22 @@ send_ethernet_packet (struct grub_net_network_level_interface *inf, - err = grub_netbuff_push (nb, etherhdr_size); - if (err) - return err; -- eth = (struct etherhdr *) nb->data; -- grub_memcpy (eth->dst, target_addr.mac, 6); -- grub_memcpy (eth->src, inf->hwaddress.mac, 6); -+ eth = nb->data; -+ grub_memcpy (eth, target_addr.mac, hw_addr_len); -+ eth += hw_addr_len; -+ grub_memcpy (eth, inf->hwaddress.mac, hw_addr_len); -+ eth += hw_addr_len; -+ -+ /* Check if a vlan-tag is present. */ -+ if (vlantag != 0) -+ { -+ *((grub_uint32_t *)eth) = grub_cpu_to_be32 (vlantag); -+ eth += sizeof (vlantag); -+ } -+ -+ /* Write ethertype */ -+ *((grub_uint16_t*) eth) = grub_cpu_to_be16 (ethertype); - -- eth->type = grub_cpu_to_be16 (ethertype); - if (!inf->card->opened) - { - err = GRUB_ERR_NONE; -@@ -85,18 +91,6 @@ send_ethernet_packet (struct grub_net_network_level_interface *inf, - inf->card->opened = 1; - } - -- /* Check and add a vlan-tag if needed. */ -- if (inf->vlantag != 0) -- { -- /* Move eth type to the right */ -- grub_memcpy ((char *) nb->data + etherhdr_size - 2, -- (char *) nb->data + etherhdr_size - 6, 2); -- -- /* Add the tag in the middle */ -- grub_memcpy ((char *) nb->data + etherhdr_size - 6, &vlantag_id, 2); -- grub_memcpy ((char *) nb->data + etherhdr_size - 4, (char *) &(inf->vlantag), 2); -- } -- - return inf->card->driver->send (inf->card, nb); - } - -@@ -104,31 +98,40 @@ grub_err_t - grub_net_recv_ethernet_packet (struct grub_net_buff *nb, - struct grub_net_card *card) - { -- struct etherhdr *eth; -+ grub_uint8_t *eth; - struct llchdr *llch; - struct snaphdr *snaph; - grub_net_ethertype_t type; - grub_net_link_level_address_t hwaddress; - grub_net_link_level_address_t src_hwaddress; - grub_err_t err; -- grub_uint8_t etherhdr_size = sizeof (*eth); -+ grub_uint8_t hw_addr_len = card->default_address.len; -+ grub_uint8_t etherhdr_size = 2 * hw_addr_len + 2; - grub_uint16_t vlantag = 0; - -+ eth = nb->data; - -- /* Check if a vlan-tag is present. If so, the ethernet header is 4 bytes */ -- /* longer than the original one. The vlantag id is extracted and the header */ -- /* is reseted to the original size. */ -- if (grub_get_unaligned16 (nb->data + etherhdr_size - 2) == VLANTAG_IDENTIFIER) -+ hwaddress.type = card->default_address.type; -+ hwaddress.len = hw_addr_len; -+ grub_memcpy (hwaddress.mac, eth, hw_addr_len); -+ eth += hw_addr_len; -+ -+ src_hwaddress.type = card->default_address.type; -+ src_hwaddress.len = hw_addr_len; -+ grub_memcpy (src_hwaddress.mac, eth, hw_addr_len); -+ eth += hw_addr_len; -+ -+ type = grub_be_to_cpu16 (*(grub_uint16_t*)(eth)); -+ if (type == VLANTAG_IDENTIFIER) - { -- vlantag = grub_get_unaligned16 (nb->data + etherhdr_size); -+ /* Skip vlan tag */ -+ eth += 2; -+ vlantag = grub_be_to_cpu16 (*(grub_uint16_t*)(eth)); - etherhdr_size += 4; -- /* Move eth type to the original position */ -- grub_memcpy((char *) nb->data + etherhdr_size - 6, -- (char *) nb->data + etherhdr_size - 2, 2); -+ eth += 2; -+ type = grub_be_to_cpu16 (*(grub_uint16_t*)(eth)); - } - -- eth = (struct etherhdr *) nb->data; -- type = grub_be_to_cpu16 (eth->type); - err = grub_netbuff_pull (nb, etherhdr_size); - if (err) - return err; -@@ -148,11 +151,6 @@ grub_net_recv_ethernet_packet (struct grub_net_buff *nb, - } - } - -- hwaddress.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; -- grub_memcpy (hwaddress.mac, eth->dst, sizeof (hwaddress.mac)); -- src_hwaddress.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; -- grub_memcpy (src_hwaddress.mac, eth->src, sizeof (src_hwaddress.mac)); -- - switch (type) - { - /* ARP packet. */ -diff --git a/grub-core/net/icmp6.c b/grub-core/net/icmp6.c -index 2cbd95dce2..56a3ec5c8e 100644 ---- a/grub-core/net/icmp6.c -+++ b/grub-core/net/icmp6.c -@@ -231,8 +231,9 @@ grub_net_recv_icmp6_packet (struct grub_net_buff *nb, - && ohdr->len == 1) - { - grub_net_link_level_address_t ll_address; -- ll_address.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; -- grub_memcpy (ll_address.mac, ohdr + 1, sizeof (ll_address.mac)); -+ ll_address.type = card->default_address.type; -+ ll_address.len = card->default_address.len; -+ grub_memcpy (ll_address.mac, ohdr + 1, ll_address.len); - grub_net_link_layer_add_address (card, source, &ll_address, 0); - } - } -@@ -335,8 +336,9 @@ grub_net_recv_icmp6_packet (struct grub_net_buff *nb, - && ohdr->len == 1) - { - grub_net_link_level_address_t ll_address; -- ll_address.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; -- grub_memcpy (ll_address.mac, ohdr + 1, sizeof (ll_address.mac)); -+ ll_address.type = card->default_address.type; -+ ll_address.len = card->default_address.len; -+ grub_memcpy (ll_address.mac, ohdr + 1, ll_address.len); - grub_net_link_layer_add_address (card, source, &ll_address, 0); - } - } -@@ -384,8 +386,9 @@ grub_net_recv_icmp6_packet (struct grub_net_buff *nb, - && ohdr->len == 1) - { - grub_net_link_level_address_t ll_address; -- ll_address.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; -- grub_memcpy (ll_address.mac, ohdr + 1, sizeof (ll_address.mac)); -+ ll_address.type = card->default_address.type; -+ ll_address.len = card->default_address.len; -+ grub_memcpy (ll_address.mac, ohdr + 1, ll_address.len); - grub_net_link_layer_add_address (card, source, &ll_address, 0); - } - if (ohdr->type == OPTION_PREFIX && ohdr->len == 4) -diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c -index ea5edf8f1f..a5896f6dc2 100644 ---- a/grub-core/net/ip.c -+++ b/grub-core/net/ip.c -@@ -276,8 +276,8 @@ handle_dgram (struct grub_net_buff *nb, - if (inf->card == card - && inf->address.type == GRUB_NET_NETWORK_LEVEL_PROTOCOL_DHCP_RECV - && inf->hwaddress.type == GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET -- && grub_memcmp (inf->hwaddress.mac, &bootp->mac_addr, -- sizeof (inf->hwaddress.mac)) == 0) -+ && (grub_memcmp (inf->hwaddress.mac, &bootp->mac_addr, -+ bootp->hw_len) == 0 || bootp->hw_len == 0)) - { - grub_net_process_dhcp (nb, inf); - grub_netbuff_free (nb); -diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index 22f2689aae..a46f82362e 100644 ---- a/grub-core/net/net.c -+++ b/grub-core/net/net.c -@@ -133,8 +133,9 @@ grub_net_link_layer_resolve (struct grub_net_network_level_interface *inf, - << 48) - && proto_addr->ipv6[1] == (grub_be_to_cpu64_compile_time (1)))) - { -- hw_addr->type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; -- grub_memset (hw_addr->mac, -1, 6); -+ hw_addr->type = inf->card->default_address.type; -+ hw_addr->len = inf->card->default_address.len; -+ grub_memset (hw_addr->mac, -1, hw_addr->len); - return GRUB_ERR_NONE; - } - -@@ -142,6 +143,7 @@ grub_net_link_layer_resolve (struct grub_net_network_level_interface *inf, - && ((grub_be_to_cpu64 (proto_addr->ipv6[0]) >> 56) == 0xff)) - { - hw_addr->type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; -+ hw_addr->len = inf->card->default_address.len; - hw_addr->mac[0] = 0x33; - hw_addr->mac[1] = 0x33; - hw_addr->mac[2] = ((grub_be_to_cpu64 (proto_addr->ipv6[1]) >> 24) & 0xff); -@@ -762,23 +764,23 @@ grub_net_addr_to_str (const grub_net_network_level_address_t *target, char *buf) - void - grub_net_hwaddr_to_str (const grub_net_link_level_address_t *addr, char *str) - { -- str[0] = 0; -- switch (addr->type) -+ char *ptr; -+ unsigned i; -+ int maxstr; -+ -+ if (addr->len > GRUB_NET_MAX_LINK_ADDRESS_SIZE) - { -- case GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET: -- { -- char *ptr; -- unsigned i; -- for (ptr = str, i = 0; i < ARRAY_SIZE (addr->mac); i++) -- { -- grub_snprintf (ptr, GRUB_NET_MAX_STR_HWADDR_LEN - (ptr - str), -- "%02x:", addr->mac[i] & 0xff); -- ptr += (sizeof ("XX:") - 1); -- } -- return; -- } -+ str[0] = 0; -+ grub_printf (_("Unsupported hw address type %d len %d\n"), -+ addr->type, addr->len); -+ return; -+ } -+ maxstr = addr->len * grub_strlen ("XX:"); -+ for (ptr = str, i = 0; i < addr->len; i++) -+ { -+ ptr += grub_snprintf (ptr, maxstr - (ptr - str), -+ "%02x:", addr->mac[i] & 0xff); - } -- grub_printf (_("Unsupported hw address type %d\n"), addr->type); - } - - int -@@ -789,13 +791,17 @@ grub_net_hwaddr_cmp (const grub_net_link_level_address_t *a, - return -1; - if (a->type > b->type) - return +1; -- switch (a->type) -+ if (a->len < b->len) -+ return -1; -+ if (a->len > b->len) -+ return +1; -+ if (a->len > GRUB_NET_MAX_LINK_ADDRESS_SIZE) - { -- case GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET: -- return grub_memcmp (a->mac, b->mac, sizeof (a->mac)); -+ grub_printf (_("Unsupported hw address type %d len %d\n"), -+ a->type, a->len); -+ return + 1; - } -- grub_printf (_("Unsupported hw address type %d\n"), a->type); -- return 1; -+ return grub_memcmp (a->mac, b->mac, a->len); - } - - int -diff --git a/include/grub/net.h b/include/grub/net.h -index 8a05ec4fe7..af0404db7e 100644 ---- a/include/grub/net.h -+++ b/include/grub/net.h -@@ -29,7 +29,8 @@ - - enum - { -- GRUB_NET_MAX_LINK_HEADER_SIZE = 64, -+ GRUB_NET_MAX_LINK_HEADER_SIZE = 96, -+ GRUB_NET_MAX_LINK_ADDRESS_SIZE = 32, - GRUB_NET_UDP_HEADER_SIZE = 8, - GRUB_NET_TCP_HEADER_SIZE = 20, - GRUB_NET_OUR_IPV4_HEADER_SIZE = 20, -@@ -42,15 +43,17 @@ enum - - typedef enum grub_link_level_protocol_id - { -- GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET -+ /* IANA ARP constant to define hardware type. */ -+ GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET = 1, - } grub_link_level_protocol_id_t; - - typedef struct grub_net_link_level_address - { - grub_link_level_protocol_id_t type; -+ grub_uint8_t len; - union - { -- grub_uint8_t mac[6]; -+ grub_uint8_t mac[GRUB_NET_MAX_LINK_ADDRESS_SIZE]; - }; - } grub_net_link_level_address_t; - -@@ -566,11 +569,13 @@ grub_net_addr_cmp (const grub_net_network_level_address_t *a, - #define GRUB_NET_MAX_STR_ADDR_LEN sizeof ("XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX") - - /* -- Currently suppoerted adresses: -- ethernet: XX:XX:XX:XX:XX:XX -+ Up to 32 byte hardware address supported, see GRUB_NET_MAX_LINK_ADDRESS_SIZE - */ -- --#define GRUB_NET_MAX_STR_HWADDR_LEN (sizeof ("XX:XX:XX:XX:XX:XX")) -+#define GRUB_NET_MAX_STR_HWADDR_LEN (sizeof (\ -+ "XX:XX:XX:XX:XX:XX:XX:XX:"\ -+ "XX:XX:XX:XX:XX:XX:XX:XX:"\ -+ "XX:XX:XX:XX:XX:XX:XX:XX:"\ -+ "XX:XX:XX:XX:XX:XX:XX:XX")) - - void - grub_net_addr_to_str (const grub_net_network_level_address_t *target, diff --git a/SPECS/grub2/fedora/0072-net-read-bracketed-ipv6-addrs-and-port-numbers.patch b/SPECS/grub2/fedora/0072-net-read-bracketed-ipv6-addrs-and-port-numbers.patch deleted file mode 100644 index 307e33cf7a..0000000000 --- a/SPECS/grub2/fedora/0072-net-read-bracketed-ipv6-addrs-and-port-numbers.patch +++ /dev/null @@ -1,270 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Aaron Miller -Date: Fri, 29 Jul 2016 17:41:38 +0800 -Subject: [PATCH] net: read bracketed ipv6 addrs and port numbers - -Allow specifying port numbers for http and tftp paths, and allow ipv6 addresses -to be recognized with brackets around them, which is required to specify a port -number - -Signed-off-by: Aaron Miller -[pjones: various bug fixes] -Signed-off-by: Peter Jones ---- - grub-core/net/http.c | 25 ++++++++++++--- - grub-core/net/net.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++++--- - grub-core/net/tftp.c | 8 +++-- - include/grub/net.h | 1 + - 4 files changed, 109 insertions(+), 12 deletions(-) - -diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index b616cf40b1..12a2632ea5 100644 ---- a/grub-core/net/http.c -+++ b/grub-core/net/http.c -@@ -289,7 +289,9 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)), - nb2 = grub_netbuff_alloc (data->chunk_rem); - if (!nb2) - return grub_errno; -- grub_netbuff_put (nb2, data->chunk_rem); -+ err = grub_netbuff_put (nb2, data->chunk_rem); -+ if (err) -+ return grub_errno; - grub_memcpy (nb2->data, nb->data, data->chunk_rem); - if (file->device->net->packs.count >= 20) - { -@@ -312,12 +314,14 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) - int i; - struct grub_net_buff *nb; - grub_err_t err; -+ char* server = file->device->net->server; -+ int port = file->device->net->port; - - nb = grub_netbuff_alloc (GRUB_NET_TCP_RESERVE_SIZE - + sizeof ("GET ") - 1 - + grub_strlen (data->filename) - + sizeof (" HTTP/1.1\r\nHost: ") - 1 -- + grub_strlen (file->device->net->server) -+ + grub_strlen (server) + sizeof (":XXXXXXXXXX") - + sizeof ("\r\nUser-Agent: " PACKAGE_STRING - "\r\n") - 1 - + sizeof ("Range: bytes=XXXXXXXXXXXXXXXXXXXX" -@@ -356,7 +360,7 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) - sizeof (" HTTP/1.1\r\nHost: ") - 1); - - ptr = nb->tail; -- err = grub_netbuff_put (nb, grub_strlen (file->device->net->server)); -+ err = grub_netbuff_put (nb, grub_strlen (server)); - if (err) - { - grub_netbuff_free (nb); -@@ -365,6 +369,15 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) - grub_memcpy (ptr, file->device->net->server, - grub_strlen (file->device->net->server)); - -+ if (port) -+ { -+ ptr = nb->tail; -+ grub_snprintf ((char *) ptr, -+ sizeof (":XXXXXXXXXX"), -+ ":%d", -+ port); -+ } -+ - ptr = nb->tail; - err = grub_netbuff_put (nb, - sizeof ("\r\nUser-Agent: " PACKAGE_STRING "\r\n") -@@ -390,8 +403,10 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) - grub_netbuff_put (nb, 2); - grub_memcpy (ptr, "\r\n", 2); - -- data->sock = grub_net_tcp_open (file->device->net->server, -- HTTP_PORT, http_receive, -+ grub_dprintf ("http", "opening path %s on host %s TCP port %d\n", -+ data->filename, server, port ? port : HTTP_PORT); -+ data->sock = grub_net_tcp_open (server, -+ port ? port : HTTP_PORT, http_receive, - http_err, NULL, - file); - if (!data->sock) -diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index a46f82362e..0ce5e675ed 100644 ---- a/grub-core/net/net.c -+++ b/grub-core/net/net.c -@@ -444,6 +444,13 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) - grub_uint16_t newip[8]; - const char *ptr = val; - int word, quaddot = -1; -+ int bracketed = 0; -+ -+ if (ptr[0] == '[') -+ { -+ bracketed = 1; -+ ptr++; -+ } - - if (ptr[0] == ':' && ptr[1] != ':') - return 0; -@@ -482,6 +489,8 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) - grub_memset (&newip[quaddot], 0, (7 - word) * sizeof (newip[0])); - } - grub_memcpy (ip, newip, 16); -+ if (bracketed && *ptr == ']') -+ ptr++; - if (rest) - *rest = ptr; - return 1; -@@ -1343,8 +1352,10 @@ grub_net_open_real (const char *name) - { - grub_net_app_level_t proto; - const char *protname, *server; -+ char *host; - grub_size_t protnamelen; - int try; -+ int port = 0; - - if (grub_strncmp (name, "pxe:", sizeof ("pxe:") - 1) == 0) - { -@@ -1382,6 +1393,72 @@ grub_net_open_real (const char *name) - return NULL; - } - -+ char* port_start; -+ /* ipv6 or port specified? */ -+ if ((port_start = grub_strchr (server, ':'))) -+ { -+ char* ipv6_begin; -+ if((ipv6_begin = grub_strchr (server, '['))) -+ { -+ char* ipv6_end = grub_strchr (server, ']'); -+ if(!ipv6_end) -+ { -+ grub_error (GRUB_ERR_NET_BAD_ADDRESS, -+ N_("mismatched [ in address")); -+ return NULL; -+ } -+ /* port number after bracketed ipv6 addr */ -+ if(ipv6_end[1] == ':') -+ { -+ port = grub_strtoul (ipv6_end + 2, NULL, 10); -+ if(port > 65535) -+ { -+ grub_error (GRUB_ERR_NET_BAD_ADDRESS, -+ N_("bad port number")); -+ return NULL; -+ } -+ } -+ host = grub_strndup (ipv6_begin, (ipv6_end - ipv6_begin) + 1); -+ } -+ else -+ { -+ if (grub_strchr (port_start + 1, ':')) -+ { -+ int iplen = grub_strlen (server); -+ /* bracket bare ipv6 addrs */ -+ host = grub_malloc (iplen + 3); -+ if(!host) -+ { -+ return NULL; -+ } -+ host[0] = '['; -+ grub_memcpy (host + 1, server, iplen); -+ host[iplen + 1] = ']'; -+ host[iplen + 2] = '\0'; -+ } -+ else -+ { -+ /* hostname:port or ipv4:port */ -+ port = grub_strtol (port_start + 1, NULL, 10); -+ if(port > 65535) -+ { -+ grub_error (GRUB_ERR_NET_BAD_ADDRESS, -+ N_("bad port number")); -+ return NULL; -+ } -+ host = grub_strndup (server, port_start - server); -+ } -+ } -+ } -+ else -+ { -+ host = grub_strdup (server); -+ } -+ if (!host) -+ { -+ return NULL; -+ } -+ - for (try = 0; try < 2; try++) - { - FOR_NET_APP_LEVEL (proto) -@@ -1391,14 +1468,13 @@ grub_net_open_real (const char *name) - { - grub_net_t ret = grub_zalloc (sizeof (*ret)); - if (!ret) -- return NULL; -- ret->protocol = proto; -- ret->server = grub_strdup (server); -- if (!ret->server) - { -- grub_free (ret); -+ grub_free (host); - return NULL; - } -+ ret->protocol = proto; -+ ret->port = port; -+ ret->server = host; - ret->fs = &grub_net_fs; - return ret; - } -@@ -1473,6 +1549,7 @@ grub_net_open_real (const char *name) - grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("disk `%s' not found"), - name); - -+ grub_free (host); - return NULL; - } - -diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c -index 4ab2f5c735..d54b13f09f 100644 ---- a/grub-core/net/tftp.c -+++ b/grub-core/net/tftp.c -@@ -295,6 +295,7 @@ tftp_open (struct grub_file *file, const char *filename) - grub_err_t err; - grub_uint8_t *nbd; - grub_net_network_level_address_t addr; -+ int port = file->device->net->port; - - data = grub_zalloc (sizeof (*data)); - if (!data) -@@ -362,14 +363,17 @@ tftp_open (struct grub_file *file, const char *filename) - err = grub_net_resolve_address (file->device->net->server, &addr); - if (err) - { -- grub_dprintf("tftp", "Address resolution failed: %d\n", err); -+ grub_dprintf ("tftp", "Address resolution failed: %d\n", err); -+ grub_dprintf ("tftp", "file_size is %llu, block_size is %llu\n", -+ (unsigned long long)data->file_size, -+ (unsigned long long)data->block_size); - grub_free (data); - return err; - } - - grub_dprintf("tftp", "opening connection\n"); - data->sock = grub_net_udp_open (addr, -- TFTP_SERVER_PORT, tftp_receive, -+ port ? port : TFTP_SERVER_PORT, tftp_receive, - file); - if (!data->sock) - { -diff --git a/include/grub/net.h b/include/grub/net.h -index af0404db7e..d55d505a03 100644 ---- a/include/grub/net.h -+++ b/include/grub/net.h -@@ -273,6 +273,7 @@ typedef struct grub_net - { - char *server; - char *name; -+ int port; - grub_net_app_level_t protocol; - grub_net_packets_t packs; - grub_off_t offset; diff --git a/SPECS/grub2/fedora/0073-bootp-New-net_bootp6-command.patch b/SPECS/grub2/fedora/0073-bootp-New-net_bootp6-command.patch deleted file mode 100644 index bef3acdc24..0000000000 --- a/SPECS/grub2/fedora/0073-bootp-New-net_bootp6-command.patch +++ /dev/null @@ -1,1368 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Wed, 10 Jul 2019 15:42:36 +0200 -Subject: [PATCH] bootp: New net_bootp6 command - -Implement new net_bootp6 command for IPv6 network auto configuration via the -DHCPv6 protocol (RFC3315). - -Signed-off-by: Michael Chang -Signed-off-by: Ken Lin -[pjones: Put back our code to add a local route] -Signed-off-by: Peter Jones ---- - grub-core/net/bootp.c | 1059 ++++++++++++++++++++++++++++++------ - grub-core/net/drivers/efi/efinet.c | 20 +- - grub-core/net/ip.c | 39 ++ - include/grub/efi/api.h | 2 +- - include/grub/net.h | 91 ++-- - 5 files changed, 1002 insertions(+), 209 deletions(-) - -diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c -index 08b6b2b5d6..fe93b80f1c 100644 ---- a/grub-core/net/bootp.c -+++ b/grub-core/net/bootp.c -@@ -24,6 +24,98 @@ - #include - #include - #include -+#include -+#include -+ -+static int -+dissect_url (const char *url, char **proto, char **host, char **path) -+{ -+ const char *p, *ps; -+ grub_size_t l; -+ -+ *proto = *host = *path = NULL; -+ ps = p = url; -+ -+ while ((p = grub_strchr (p, ':'))) -+ { -+ if (grub_strlen (p) < sizeof ("://") - 1) -+ break; -+ if (grub_memcmp (p, "://", sizeof ("://") - 1) == 0) -+ { -+ l = p - ps; -+ *proto = grub_malloc (l + 1); -+ if (!*proto) -+ { -+ grub_print_error (); -+ return 0; -+ } -+ -+ grub_memcpy (*proto, ps, l); -+ (*proto)[l] = '\0'; -+ p += sizeof ("://") - 1; -+ break; -+ } -+ ++p; -+ } -+ -+ if (!*proto) -+ { -+ grub_dprintf ("bootp", "url: %s is not valid, protocol not found\n", url); -+ return 0; -+ } -+ -+ ps = p; -+ p = grub_strchr (p, '/'); -+ -+ if (!p) -+ { -+ grub_dprintf ("bootp", "url: %s is not valid, host/path not found\n", url); -+ grub_free (*proto); -+ *proto = NULL; -+ return 0; -+ } -+ -+ l = p - ps; -+ -+ if (l > 2 && ps[0] == '[' && ps[l - 1] == ']') -+ { -+ *host = grub_malloc (l - 1); -+ if (!*host) -+ { -+ grub_print_error (); -+ grub_free (*proto); -+ *proto = NULL; -+ return 0; -+ } -+ grub_memcpy (*host, ps + 1, l - 2); -+ (*host)[l - 2] = 0; -+ } -+ else -+ { -+ *host = grub_malloc (l + 1); -+ if (!*host) -+ { -+ grub_print_error (); -+ grub_free (*proto); -+ *proto = NULL; -+ return 0; -+ } -+ grub_memcpy (*host, ps, l); -+ (*host)[l] = 0; -+ } -+ -+ *path = grub_strdup (p); -+ if (!*path) -+ { -+ grub_print_error (); -+ grub_free (*host); -+ grub_free (*proto); -+ *host = NULL; -+ *proto = NULL; -+ return 0; -+ } -+ return 1; -+} - - struct grub_dhcp_discover_options - { -@@ -604,6 +696,584 @@ out: - return err; - } - -+/* The default netbuff size for sending DHCPv6 packets which should be -+ large enough to hold the information */ -+#define GRUB_DHCP6_DEFAULT_NETBUFF_ALLOC_SIZE 512 -+ -+struct grub_dhcp6_options -+{ -+ grub_uint8_t *client_duid; -+ grub_uint16_t client_duid_len; -+ grub_uint8_t *server_duid; -+ grub_uint16_t server_duid_len; -+ grub_uint32_t iaid; -+ grub_uint32_t t1; -+ grub_uint32_t t2; -+ grub_net_network_level_address_t *ia_addr; -+ grub_uint32_t preferred_lifetime; -+ grub_uint32_t valid_lifetime; -+ grub_net_network_level_address_t *dns_server_addrs; -+ grub_uint16_t num_dns_server; -+ char *boot_file_proto; -+ char *boot_file_server_ip; -+ char *boot_file_path; -+}; -+ -+typedef struct grub_dhcp6_options *grub_dhcp6_options_t; -+ -+struct grub_dhcp6_session -+{ -+ struct grub_dhcp6_session *next; -+ struct grub_dhcp6_session **prev; -+ grub_uint32_t iaid; -+ grub_uint32_t transaction_id:24; -+ grub_uint64_t start_time; -+ struct grub_net_dhcp6_option_duid_ll duid; -+ struct grub_net_network_level_interface *iface; -+ -+ /* The associated dhcpv6 options */ -+ grub_dhcp6_options_t adv; -+ grub_dhcp6_options_t reply; -+}; -+ -+typedef struct grub_dhcp6_session *grub_dhcp6_session_t; -+ -+typedef void (*dhcp6_option_hook_fn) (const struct grub_net_dhcp6_option *opt, void *data); -+ -+static void -+foreach_dhcp6_option (const struct grub_net_dhcp6_option *opt, grub_size_t size, -+ dhcp6_option_hook_fn hook, void *hook_data); -+ -+static void -+parse_dhcp6_iaaddr (const struct grub_net_dhcp6_option *opt, void *data) -+{ -+ grub_dhcp6_options_t dhcp6 = (grub_dhcp6_options_t )data; -+ -+ grub_uint16_t code = grub_be_to_cpu16 (opt->code); -+ grub_uint16_t len = grub_be_to_cpu16 (opt->len); -+ -+ if (code == GRUB_NET_DHCP6_OPTION_IAADDR) -+ { -+ const struct grub_net_dhcp6_option_iaaddr *iaaddr; -+ iaaddr = (const struct grub_net_dhcp6_option_iaaddr *)opt->data; -+ -+ if (len < sizeof (*iaaddr)) -+ { -+ grub_dprintf ("bootp", "DHCPv6: code %u with insufficient length %u\n", code, len); -+ return; -+ } -+ if (!dhcp6->ia_addr) -+ { -+ dhcp6->ia_addr = grub_malloc (sizeof(*dhcp6->ia_addr)); -+ dhcp6->ia_addr->type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; -+ dhcp6->ia_addr->ipv6[0] = grub_get_unaligned64 (iaaddr->addr); -+ dhcp6->ia_addr->ipv6[1] = grub_get_unaligned64 (iaaddr->addr + 8); -+ dhcp6->preferred_lifetime = grub_be_to_cpu32 (iaaddr->preferred_lifetime); -+ dhcp6->valid_lifetime = grub_be_to_cpu32 (iaaddr->valid_lifetime); -+ } -+ } -+} -+ -+static void -+parse_dhcp6_option (const struct grub_net_dhcp6_option *opt, void *data) -+{ -+ grub_dhcp6_options_t dhcp6 = (grub_dhcp6_options_t)data; -+ grub_uint16_t code = grub_be_to_cpu16 (opt->code); -+ grub_uint16_t len = grub_be_to_cpu16 (opt->len); -+ -+ switch (code) -+ { -+ case GRUB_NET_DHCP6_OPTION_CLIENTID: -+ -+ if (dhcp6->client_duid || !len) -+ { -+ grub_dprintf ("bootp", "Skipped DHCPv6 CLIENTID with length %u\n", len); -+ break; -+ } -+ dhcp6->client_duid = grub_malloc (len); -+ grub_memcpy (dhcp6->client_duid, opt->data, len); -+ dhcp6->client_duid_len = len; -+ break; -+ -+ case GRUB_NET_DHCP6_OPTION_SERVERID: -+ -+ if (dhcp6->server_duid || !len) -+ { -+ grub_dprintf ("bootp", "Skipped DHCPv6 SERVERID with length %u\n", len); -+ break; -+ } -+ dhcp6->server_duid = grub_malloc (len); -+ grub_memcpy (dhcp6->server_duid, opt->data, len); -+ dhcp6->server_duid_len = len; -+ break; -+ -+ case GRUB_NET_DHCP6_OPTION_IA_NA: -+ { -+ const struct grub_net_dhcp6_option_iana *ia_na; -+ grub_uint16_t data_len; -+ -+ if (dhcp6->iaid || len < sizeof (*ia_na)) -+ { -+ grub_dprintf ("bootp", "Skipped DHCPv6 IA_NA with length %u\n", len); -+ break; -+ } -+ ia_na = (const struct grub_net_dhcp6_option_iana *)opt->data; -+ dhcp6->iaid = grub_be_to_cpu32 (ia_na->iaid); -+ dhcp6->t1 = grub_be_to_cpu32 (ia_na->t1); -+ dhcp6->t2 = grub_be_to_cpu32 (ia_na->t2); -+ -+ data_len = len - sizeof (*ia_na); -+ if (data_len) -+ foreach_dhcp6_option ((const struct grub_net_dhcp6_option *)ia_na->data, data_len, parse_dhcp6_iaaddr, dhcp6); -+ } -+ break; -+ -+ case GRUB_NET_DHCP6_OPTION_DNS_SERVERS: -+ { -+ const grub_uint8_t *po; -+ grub_uint16_t ln; -+ grub_net_network_level_address_t *la; -+ -+ if (!len || len & 0xf) -+ { -+ grub_dprintf ("bootp", "Skip invalid length DHCPv6 DNS_SERVERS \n"); -+ break; -+ } -+ dhcp6->num_dns_server = ln = len >> 4; -+ dhcp6->dns_server_addrs = la = grub_zalloc (ln * sizeof (*la)); -+ -+ for (po = opt->data; ln > 0; po += 0x10, la++, ln--) -+ { -+ la->type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; -+ la->ipv6[0] = grub_get_unaligned64 (po); -+ la->ipv6[1] = grub_get_unaligned64 (po + 8); -+ la->option = DNS_OPTION_PREFER_IPV6; -+ } -+ } -+ break; -+ -+ case GRUB_NET_DHCP6_OPTION_BOOTFILE_URL: -+ dissect_url ((const char *)opt->data, -+ &dhcp6->boot_file_proto, -+ &dhcp6->boot_file_server_ip, -+ &dhcp6->boot_file_path); -+ break; -+ -+ default: -+ break; -+ } -+} -+ -+static void -+foreach_dhcp6_option (const struct grub_net_dhcp6_option *opt, grub_size_t size, dhcp6_option_hook_fn hook, void *hook_data) -+{ -+ while (size) -+ { -+ grub_uint16_t code, len; -+ -+ if (size < sizeof (*opt)) -+ { -+ grub_dprintf ("bootp", "DHCPv6: Options stopped with remaining size %" PRIxGRUB_SIZE "\n", size); -+ break; -+ } -+ size -= sizeof (*opt); -+ len = grub_be_to_cpu16 (opt->len); -+ code = grub_be_to_cpu16 (opt->code); -+ if (size < len) -+ { -+ grub_dprintf ("bootp", "DHCPv6: Options stopped at out of bound length %u for option %u\n", len, code); -+ break; -+ } -+ if (!len) -+ { -+ grub_dprintf ("bootp", "DHCPv6: Options stopped at zero length option %u\n", code); -+ break; -+ } -+ else -+ { -+ if (hook) -+ hook (opt, hook_data); -+ size -= len; -+ opt = (const struct grub_net_dhcp6_option *)((grub_uint8_t *)opt + len + sizeof (*opt)); -+ } -+ } -+} -+ -+static grub_dhcp6_options_t -+grub_dhcp6_options_get (const struct grub_net_dhcp6_packet *v6h, -+ grub_size_t size) -+{ -+ grub_dhcp6_options_t options; -+ -+ if (size < sizeof (*v6h)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("DHCPv6 packet size too small")); -+ return NULL; -+ } -+ -+ options = grub_zalloc (sizeof(*options)); -+ if (!options) -+ return NULL; -+ -+ foreach_dhcp6_option ((const struct grub_net_dhcp6_option *)v6h->dhcp_options, -+ size - sizeof (*v6h), parse_dhcp6_option, options); -+ -+ return options; -+} -+ -+static void -+grub_dhcp6_options_free (grub_dhcp6_options_t options) -+{ -+ if (options->client_duid) -+ grub_free (options->client_duid); -+ if (options->server_duid) -+ grub_free (options->server_duid); -+ if (options->ia_addr) -+ grub_free (options->ia_addr); -+ if (options->dns_server_addrs) -+ grub_free (options->dns_server_addrs); -+ if (options->boot_file_proto) -+ grub_free (options->boot_file_proto); -+ if (options->boot_file_server_ip) -+ grub_free (options->boot_file_server_ip); -+ if (options->boot_file_path) -+ grub_free (options->boot_file_path); -+ -+ grub_free (options); -+} -+ -+static grub_dhcp6_session_t grub_dhcp6_sessions; -+#define FOR_DHCP6_SESSIONS_SAFE(var, next) FOR_LIST_ELEMENTS_SAFE (var, next, grub_dhcp6_sessions) -+#define FOR_DHCP6_SESSIONS(var) FOR_LIST_ELEMENTS (var, grub_dhcp6_sessions) -+ -+static void -+grub_net_configure_by_dhcp6_info (const char *name, -+ struct grub_net_card *card, -+ grub_dhcp6_options_t dhcp6, -+ int is_def, -+ int flags, -+ struct grub_net_network_level_interface **ret_inf) -+{ -+ grub_net_network_level_netaddress_t netaddr; -+ struct grub_net_network_level_interface *inf; -+ -+ if (dhcp6->ia_addr) -+ { -+ inf = grub_net_add_addr (name, card, dhcp6->ia_addr, &card->default_address, flags); -+ -+ netaddr.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; -+ netaddr.ipv6.base[0] = dhcp6->ia_addr->ipv6[0]; -+ netaddr.ipv6.base[1] = 0; -+ netaddr.ipv6.masksize = 64; -+ grub_net_add_route (name, netaddr, inf); -+ -+ if (ret_inf) -+ *ret_inf = inf; -+ } -+ -+ if (dhcp6->dns_server_addrs) -+ { -+ grub_uint16_t i; -+ -+ for (i = 0; i < dhcp6->num_dns_server; ++i) -+ grub_net_add_dns_server (dhcp6->dns_server_addrs + i); -+ } -+ -+ if (dhcp6->boot_file_path) -+ grub_env_set_net_property (name, "boot_file", dhcp6->boot_file_path, -+ grub_strlen (dhcp6->boot_file_path)); -+ -+ if (is_def && dhcp6->boot_file_server_ip) -+ { -+ grub_net_default_server = grub_strdup (dhcp6->boot_file_server_ip); -+ grub_env_set ("net_default_interface", name); -+ grub_env_export ("net_default_interface"); -+ } -+} -+ -+static void -+grub_dhcp6_session_add (struct grub_net_network_level_interface *iface, -+ grub_uint32_t iaid) -+{ -+ grub_dhcp6_session_t se; -+ struct grub_datetime date; -+ grub_err_t err; -+ grub_int32_t t = 0; -+ -+ se = grub_malloc (sizeof (*se)); -+ -+ err = grub_get_datetime (&date); -+ if (err || !grub_datetime2unixtime (&date, &t)) -+ { -+ grub_errno = GRUB_ERR_NONE; -+ t = 0; -+ } -+ -+ se->iface = iface; -+ se->iaid = iaid; -+ se->transaction_id = t; -+ se->start_time = grub_get_time_ms (); -+ se->duid.type = grub_cpu_to_be16_compile_time (3) ; -+ se->duid.hw_type = grub_cpu_to_be16_compile_time (1); -+ grub_memcpy (&se->duid.hwaddr, &iface->hwaddress.mac, sizeof (se->duid.hwaddr)); -+ se->adv = NULL; -+ se->reply = NULL; -+ grub_list_push (GRUB_AS_LIST_P (&grub_dhcp6_sessions), GRUB_AS_LIST (se)); -+} -+ -+static void -+grub_dhcp6_session_remove (grub_dhcp6_session_t se) -+{ -+ grub_list_remove (GRUB_AS_LIST (se)); -+ if (se->adv) -+ grub_dhcp6_options_free (se->adv); -+ if (se->reply) -+ grub_dhcp6_options_free (se->reply); -+ grub_free (se); -+} -+ -+static void -+grub_dhcp6_session_remove_all (void) -+{ -+ grub_dhcp6_session_t se, next; -+ -+ FOR_DHCP6_SESSIONS_SAFE (se, next) -+ { -+ grub_dhcp6_session_remove (se); -+ } -+ grub_dhcp6_sessions = NULL; -+} -+ -+static grub_err_t -+grub_dhcp6_session_configure_network (grub_dhcp6_session_t se) -+{ -+ char *name; -+ -+ name = grub_xasprintf ("%s:dhcp6", se->iface->card->name); -+ if (!name) -+ return grub_errno; -+ -+ grub_net_configure_by_dhcp6_info (name, se->iface->card, se->reply, 1, 0, 0); -+ grub_free (name); -+ -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+grub_dhcp6_session_send_request (grub_dhcp6_session_t se) -+{ -+ struct grub_net_buff *nb; -+ struct grub_net_dhcp6_option *opt; -+ struct grub_net_dhcp6_packet *v6h; -+ struct grub_net_dhcp6_option_iana *ia_na; -+ struct grub_net_dhcp6_option_iaaddr *iaaddr; -+ struct udphdr *udph; -+ grub_net_network_level_address_t multicast; -+ grub_net_link_level_address_t ll_multicast; -+ grub_uint64_t elapsed; -+ struct grub_net_network_level_interface *inf = se->iface; -+ grub_dhcp6_options_t dhcp6 = se->adv; -+ grub_err_t err = GRUB_ERR_NONE; -+ -+ multicast.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; -+ multicast.ipv6[0] = grub_cpu_to_be64_compile_time (0xff02ULL << 48); -+ multicast.ipv6[1] = grub_cpu_to_be64_compile_time (0x10002ULL); -+ -+ err = grub_net_link_layer_resolve (inf, &multicast, &ll_multicast); -+ if (err) -+ return err; -+ -+ nb = grub_netbuff_alloc (GRUB_DHCP6_DEFAULT_NETBUFF_ALLOC_SIZE); -+ -+ if (!nb) -+ return grub_errno; -+ -+ err = grub_netbuff_reserve (nb, GRUB_DHCP6_DEFAULT_NETBUFF_ALLOC_SIZE); -+ if (err) -+ { -+ grub_netbuff_free (nb); -+ return err; -+ } -+ -+ err = grub_netbuff_push (nb, dhcp6->client_duid_len + sizeof (*opt)); -+ if (err) -+ { -+ grub_netbuff_free (nb); -+ return err; -+ } -+ opt = (struct grub_net_dhcp6_option *)nb->data; -+ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_CLIENTID); -+ opt->len = grub_cpu_to_be16 (dhcp6->client_duid_len); -+ grub_memcpy (opt->data, dhcp6->client_duid , dhcp6->client_duid_len); -+ -+ err = grub_netbuff_push (nb, dhcp6->server_duid_len + sizeof (*opt)); -+ if (err) -+ { -+ grub_netbuff_free (nb); -+ return err; -+ } -+ opt = (struct grub_net_dhcp6_option *)nb->data; -+ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_SERVERID); -+ opt->len = grub_cpu_to_be16 (dhcp6->server_duid_len); -+ grub_memcpy (opt->data, dhcp6->server_duid , dhcp6->server_duid_len); -+ -+ err = grub_netbuff_push (nb, sizeof (*ia_na) + sizeof (*opt)); -+ if (err) -+ { -+ grub_netbuff_free (nb); -+ return err; -+ } -+ -+ if (dhcp6->ia_addr) -+ { -+ err = grub_netbuff_push (nb, sizeof(*iaaddr) + sizeof (*opt)); -+ if (err) -+ { -+ grub_netbuff_free (nb); -+ return err; -+ } -+ } -+ opt = (struct grub_net_dhcp6_option *)nb->data; -+ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_IA_NA); -+ opt->len = grub_cpu_to_be16 (sizeof (*ia_na)); -+ if (dhcp6->ia_addr) -+ opt->len += grub_cpu_to_be16 (sizeof(*iaaddr) + sizeof (*opt)); -+ -+ ia_na = (struct grub_net_dhcp6_option_iana *)opt->data; -+ ia_na->iaid = grub_cpu_to_be32 (dhcp6->iaid); -+ -+ ia_na->t1 = grub_cpu_to_be32 (dhcp6->t1); -+ ia_na->t2 = grub_cpu_to_be32 (dhcp6->t2); -+ -+ if (dhcp6->ia_addr) -+ { -+ opt = (struct grub_net_dhcp6_option *)ia_na->data; -+ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_IAADDR); -+ opt->len = grub_cpu_to_be16 (sizeof (*iaaddr)); -+ iaaddr = (struct grub_net_dhcp6_option_iaaddr *)opt->data; -+ grub_set_unaligned64 (iaaddr->addr, dhcp6->ia_addr->ipv6[0]); -+ grub_set_unaligned64 (iaaddr->addr + 8, dhcp6->ia_addr->ipv6[1]); -+ -+ iaaddr->preferred_lifetime = grub_cpu_to_be32 (dhcp6->preferred_lifetime); -+ iaaddr->valid_lifetime = grub_cpu_to_be32 (dhcp6->valid_lifetime); -+ } -+ -+ err = grub_netbuff_push (nb, sizeof (*opt) + 2 * sizeof (grub_uint16_t)); -+ if (err) -+ { -+ grub_netbuff_free (nb); -+ return err; -+ } -+ -+ opt = (struct grub_net_dhcp6_option*) nb->data; -+ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_ORO); -+ opt->len = grub_cpu_to_be16_compile_time (2 * sizeof (grub_uint16_t)); -+ grub_set_unaligned16 (opt->data, grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_BOOTFILE_URL)); -+ grub_set_unaligned16 (opt->data + 2, grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_DNS_SERVERS)); -+ -+ err = grub_netbuff_push (nb, sizeof (*opt) + sizeof (grub_uint16_t)); -+ if (err) -+ { -+ grub_netbuff_free (nb); -+ return err; -+ } -+ opt = (struct grub_net_dhcp6_option*) nb->data; -+ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_ELAPSED_TIME); -+ opt->len = grub_cpu_to_be16_compile_time (sizeof (grub_uint16_t)); -+ -+ /* the time is expressed in hundredths of a second */ -+ elapsed = grub_divmod64 (grub_get_time_ms () - se->start_time, 10, 0); -+ -+ if (elapsed > 0xffff) -+ elapsed = 0xffff; -+ -+ grub_set_unaligned16 (opt->data, grub_cpu_to_be16 ((grub_uint16_t)elapsed)); -+ -+ err = grub_netbuff_push (nb, sizeof (*v6h)); -+ if (err) -+ { -+ grub_netbuff_free (nb); -+ return err; -+ } -+ -+ v6h = (struct grub_net_dhcp6_packet *) nb->data; -+ v6h->message_type = GRUB_NET_DHCP6_REQUEST; -+ v6h->transaction_id = se->transaction_id; -+ -+ err = grub_netbuff_push (nb, sizeof (*udph)); -+ if (err) -+ { -+ grub_netbuff_free (nb); -+ return err; -+ } -+ -+ udph = (struct udphdr *) nb->data; -+ udph->src = grub_cpu_to_be16_compile_time (DHCP6_CLIENT_PORT); -+ udph->dst = grub_cpu_to_be16_compile_time (DHCP6_SERVER_PORT); -+ udph->chksum = 0; -+ udph->len = grub_cpu_to_be16 (nb->tail - nb->data); -+ -+ udph->chksum = grub_net_ip_transport_checksum (nb, GRUB_NET_IP_UDP, -+ &inf->address, -+ &multicast); -+ err = grub_net_send_ip_packet (inf, &multicast, &ll_multicast, nb, -+ GRUB_NET_IP_UDP); -+ -+ grub_netbuff_free (nb); -+ -+ return err; -+} -+ -+struct grub_net_network_level_interface * -+grub_net_configure_by_dhcpv6_reply (const char *name, -+ struct grub_net_card *card, -+ grub_net_interface_flags_t flags, -+ const struct grub_net_dhcp6_packet *v6h, -+ grub_size_t size, -+ int is_def, -+ char **device, char **path) -+{ -+ struct grub_net_network_level_interface *inf; -+ grub_dhcp6_options_t dhcp6; -+ int mask = -1; -+ -+ dhcp6 = grub_dhcp6_options_get (v6h, size); -+ if (!dhcp6) -+ { -+ grub_print_error (); -+ return NULL; -+ } -+ -+ grub_net_configure_by_dhcp6_info (name, card, dhcp6, is_def, flags, &inf); -+ -+ if (device && dhcp6->boot_file_proto && dhcp6->boot_file_server_ip) -+ { -+ *device = grub_xasprintf ("%s,%s", dhcp6->boot_file_proto, dhcp6->boot_file_server_ip); -+ grub_print_error (); -+ } -+ if (path && dhcp6->boot_file_path) -+ { -+ *path = grub_strdup (dhcp6->boot_file_path); -+ grub_print_error (); -+ if (*path) -+ { -+ char *slash; -+ slash = grub_strrchr (*path, '/'); -+ if (slash) -+ *slash = 0; -+ else -+ **path = 0; -+ } -+ } -+ -+ grub_dhcp6_options_free (dhcp6); -+ -+ if (inf) -+ grub_net_add_ipv6_local (inf, mask); -+ -+ return inf; -+} -+ - /* - * This is called directly from net/ip.c:handle_dgram(), because those - * BOOTP/DHCP packets are a bit special due to their improper -@@ -672,6 +1342,77 @@ grub_net_process_dhcp (struct grub_net_buff *nb, - } - } - -+grub_err_t -+grub_net_process_dhcp6 (struct grub_net_buff *nb, -+ struct grub_net_card *card __attribute__ ((unused))) -+{ -+ const struct grub_net_dhcp6_packet *v6h; -+ grub_dhcp6_session_t se; -+ grub_size_t size; -+ grub_dhcp6_options_t options; -+ -+ v6h = (const struct grub_net_dhcp6_packet *) nb->data; -+ size = nb->tail - nb->data; -+ -+ options = grub_dhcp6_options_get (v6h, size); -+ if (!options) -+ return grub_errno; -+ -+ if (!options->client_duid || !options->server_duid || !options->ia_addr) -+ { -+ grub_dhcp6_options_free (options); -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Bad DHCPv6 Packet"); -+ } -+ -+ FOR_DHCP6_SESSIONS (se) -+ { -+ if (se->transaction_id == v6h->transaction_id && -+ grub_memcmp (options->client_duid, &se->duid, sizeof (se->duid)) == 0 && -+ se->iaid == options->iaid) -+ break; -+ } -+ -+ if (!se) -+ { -+ grub_dprintf ("bootp", "DHCPv6 session not found\n"); -+ grub_dhcp6_options_free (options); -+ return GRUB_ERR_NONE; -+ } -+ -+ if (v6h->message_type == GRUB_NET_DHCP6_ADVERTISE) -+ { -+ if (se->adv) -+ { -+ grub_dprintf ("bootp", "Skipped DHCPv6 Advertised .. \n"); -+ grub_dhcp6_options_free (options); -+ return GRUB_ERR_NONE; -+ } -+ -+ se->adv = options; -+ return grub_dhcp6_session_send_request (se); -+ } -+ else if (v6h->message_type == GRUB_NET_DHCP6_REPLY) -+ { -+ if (!se->adv) -+ { -+ grub_dprintf ("bootp", "Skipped DHCPv6 Reply .. \n"); -+ grub_dhcp6_options_free (options); -+ return GRUB_ERR_NONE; -+ } -+ -+ se->reply = options; -+ grub_dhcp6_session_configure_network (se); -+ grub_dhcp6_session_remove (se); -+ return GRUB_ERR_NONE; -+ } -+ else -+ { -+ grub_dhcp6_options_free (options); -+ } -+ -+ return GRUB_ERR_NONE; -+} -+ - static grub_err_t - grub_cmd_dhcpopt (struct grub_command *cmd __attribute__ ((unused)), - int argc, char **args) -@@ -897,180 +1638,174 @@ grub_cmd_bootp (struct grub_command *cmd __attribute__ ((unused)), - return err; - } - --static grub_command_t cmd_getdhcp, cmd_bootp, cmd_dhcp; -- --struct grub_net_network_level_interface * --grub_net_configure_by_dhcpv6_ack (const char *name, -- struct grub_net_card *card, -- grub_net_interface_flags_t flags -- __attribute__((__unused__)), -- const grub_net_link_level_address_t *hwaddr, -- const struct grub_net_dhcpv6_packet *packet, -- int is_def, char **device, char **path) -+static grub_err_t -+grub_cmd_bootp6 (struct grub_command *cmd __attribute__ ((unused)), -+ int argc, char **args) - { -- struct grub_net_network_level_interface *inter = NULL; -- struct grub_net_network_level_address addr; -- int mask = -1; -+ struct grub_net_card *card; -+ grub_uint32_t iaid = 0; -+ int interval; -+ grub_err_t err; -+ grub_dhcp6_session_t se; - -- if (!device || !path) -- return NULL; -+ err = GRUB_ERR_NONE; - -- *device = 0; -- *path = 0; -+ FOR_NET_CARDS (card) -+ { -+ struct grub_net_network_level_interface *iface; - -- grub_dprintf ("net", "mac address is %02x:%02x:%02x:%02x:%02x:%02x\n", -- hwaddr->mac[0], hwaddr->mac[1], hwaddr->mac[2], -- hwaddr->mac[3], hwaddr->mac[4], hwaddr->mac[5]); -+ if (argc > 0 && grub_strcmp (card->name, args[0]) != 0) -+ continue; - -- if (is_def) -- grub_net_default_server = 0; -+ iface = grub_net_ipv6_get_link_local (card, &card->default_address); -+ if (!iface) -+ { -+ grub_dhcp6_session_remove_all (); -+ return grub_errno; -+ } - -- if (is_def && !grub_net_default_server && packet) -+ grub_dhcp6_session_add (iface, iaid++); -+ } -+ -+ for (interval = 200; interval < 10000; interval *= 2) - { -- const grub_uint8_t *options = packet->dhcp_options; -- unsigned int option_max = 1024 - OFFSET_OF (dhcp_options, packet); -- unsigned int i; -- -- for (i = 0; i < option_max - sizeof (grub_net_dhcpv6_option_t); ) -- { -- grub_uint16_t num, len; -- grub_net_dhcpv6_option_t *opt = -- (grub_net_dhcpv6_option_t *)(options + i); -- -- num = grub_be_to_cpu16(opt->option_num); -- len = grub_be_to_cpu16(opt->option_len); -- -- grub_dprintf ("net", "got dhcpv6 option %d len %d\n", num, len); -- -- if (len == 0) -- break; -- -- if (len + i > 1024) -- break; -- -- if (num == GRUB_NET_DHCP6_BOOTFILE_URL) -- { -- char *scheme, *userinfo, *host, *file; -- char *tmp; -- int hostlen; -- int port; -- int rc = extract_url_info ((const char *)opt->option_data, -- (grub_size_t)len, -- &scheme, &userinfo, &host, &port, -- &file); -- if (rc < 0) -- continue; -- -- /* right now this only handles tftp. */ -- if (grub_strcmp("tftp", scheme)) -- { -- grub_free (scheme); -- grub_free (userinfo); -- grub_free (host); -- grub_free (file); -- continue; -- } -- grub_free (userinfo); -- -- hostlen = grub_strlen (host); -- if (hostlen > 2 && host[0] == '[' && host[hostlen-1] == ']') -- { -- tmp = host+1; -- host[hostlen-1] = '\0'; -- } -- else -- tmp = host; -- -- *device = grub_xasprintf ("%s,%s", scheme, tmp); -- grub_free (scheme); -- grub_free (host); -- -- if (file && *file) -- { -- tmp = grub_strrchr (file, '/'); -- if (tmp) -- *(tmp+1) = '\0'; -- else -- file[0] = '\0'; -- } -- else if (!file) -- file = grub_strdup (""); -- -- if (file[0] == '/') -- { -- *path = grub_strdup (file+1); -- grub_free (file); -- } -- else -- *path = file; -- } -- else if (num == GRUB_NET_DHCP6_IA_NA) -- { -- const grub_net_dhcpv6_option_t *ia_na_opt; -- const grub_net_dhcpv6_opt_ia_na_t *ia_na = -- (const grub_net_dhcpv6_opt_ia_na_t *)opt; -- unsigned int left = len - OFFSET_OF (options, ia_na); -- unsigned int j; -- -- if ((grub_uint8_t *)ia_na + left > -- (grub_uint8_t *)options + option_max) -- left -= ((grub_uint8_t *)ia_na + left) -- - ((grub_uint8_t *)options + option_max); -- -- if (len < OFFSET_OF (option_data, opt) -- + sizeof (grub_net_dhcpv6_option_t)) -- { -- grub_dprintf ("net", -- "found dhcpv6 ia_na option with no address\n"); -- continue; -- } -- -- for (j = 0; left > sizeof (grub_net_dhcpv6_option_t); ) -- { -- ia_na_opt = (const grub_net_dhcpv6_option_t *) -- (ia_na->options + j); -- grub_uint16_t ia_na_opt_num, ia_na_opt_len; -- -- ia_na_opt_num = grub_be_to_cpu16 (ia_na_opt->option_num); -- ia_na_opt_len = grub_be_to_cpu16 (ia_na_opt->option_len); -- if (ia_na_opt_len == 0) -- break; -- if (j + ia_na_opt_len > left) -- break; -- if (ia_na_opt_num == GRUB_NET_DHCP6_IA_ADDRESS) -- { -- const grub_net_dhcpv6_opt_ia_address_t *ia_addr; -- -- ia_addr = (const grub_net_dhcpv6_opt_ia_address_t *) -- ia_na_opt; -- addr.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; -- grub_memcpy(addr.ipv6, ia_addr->ipv6_address, -- sizeof (ia_addr->ipv6_address)); -- inter = grub_net_add_addr (name, card, &addr, hwaddr, 0); -- } -- -- j += ia_na_opt_len; -- left -= ia_na_opt_len; -- } -- } -- -- i += len + 4; -- } -- -- grub_print_error (); -+ int done = 1; -+ -+ FOR_DHCP6_SESSIONS (se) -+ { -+ struct grub_net_buff *nb; -+ struct grub_net_dhcp6_option *opt; -+ struct grub_net_dhcp6_packet *v6h; -+ struct grub_net_dhcp6_option_duid_ll *duid; -+ struct grub_net_dhcp6_option_iana *ia_na; -+ grub_net_network_level_address_t multicast; -+ grub_net_link_level_address_t ll_multicast; -+ struct udphdr *udph; -+ -+ multicast.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; -+ multicast.ipv6[0] = grub_cpu_to_be64_compile_time (0xff02ULL << 48); -+ multicast.ipv6[1] = grub_cpu_to_be64_compile_time (0x10002ULL); -+ -+ err = grub_net_link_layer_resolve (se->iface, -+ &multicast, &ll_multicast); -+ if (err) -+ { -+ grub_dhcp6_session_remove_all (); -+ return err; -+ } -+ -+ nb = grub_netbuff_alloc (GRUB_DHCP6_DEFAULT_NETBUFF_ALLOC_SIZE); -+ -+ if (!nb) -+ { -+ grub_dhcp6_session_remove_all (); -+ return grub_errno; -+ } -+ -+ err = grub_netbuff_reserve (nb, GRUB_DHCP6_DEFAULT_NETBUFF_ALLOC_SIZE); -+ if (err) -+ { -+ grub_dhcp6_session_remove_all (); -+ grub_netbuff_free (nb); -+ return err; -+ } -+ -+ err = grub_netbuff_push (nb, sizeof (*opt) + sizeof (grub_uint16_t)); -+ if (err) -+ { -+ grub_dhcp6_session_remove_all (); -+ grub_netbuff_free (nb); -+ return err; -+ } -+ -+ opt = (struct grub_net_dhcp6_option *)nb->data; -+ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_ELAPSED_TIME); -+ opt->len = grub_cpu_to_be16_compile_time (sizeof (grub_uint16_t)); -+ grub_set_unaligned16 (opt->data, 0); -+ -+ err = grub_netbuff_push (nb, sizeof (*opt) + sizeof (*duid)); -+ if (err) -+ { -+ grub_dhcp6_session_remove_all (); -+ grub_netbuff_free (nb); -+ return err; -+ } -+ -+ opt = (struct grub_net_dhcp6_option *)nb->data; -+ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_CLIENTID); -+ opt->len = grub_cpu_to_be16 (sizeof (*duid)); -+ -+ duid = (struct grub_net_dhcp6_option_duid_ll *) opt->data; -+ grub_memcpy (duid, &se->duid, sizeof (*duid)); -+ -+ err = grub_netbuff_push (nb, sizeof (*opt) + sizeof (*ia_na)); -+ if (err) -+ { -+ grub_dhcp6_session_remove_all (); -+ grub_netbuff_free (nb); -+ return err; -+ } -+ -+ opt = (struct grub_net_dhcp6_option *)nb->data; -+ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_IA_NA); -+ opt->len = grub_cpu_to_be16 (sizeof (*ia_na)); -+ ia_na = (struct grub_net_dhcp6_option_iana *)opt->data; -+ ia_na->iaid = grub_cpu_to_be32 (se->iaid); -+ ia_na->t1 = 0; -+ ia_na->t2 = 0; -+ -+ err = grub_netbuff_push (nb, sizeof (*v6h)); -+ if (err) -+ { -+ grub_dhcp6_session_remove_all (); -+ grub_netbuff_free (nb); -+ return err; -+ } -+ -+ v6h = (struct grub_net_dhcp6_packet *)nb->data; -+ v6h->message_type = GRUB_NET_DHCP6_SOLICIT; -+ v6h->transaction_id = se->transaction_id; -+ -+ grub_netbuff_push (nb, sizeof (*udph)); -+ -+ udph = (struct udphdr *) nb->data; -+ udph->src = grub_cpu_to_be16_compile_time (DHCP6_CLIENT_PORT); -+ udph->dst = grub_cpu_to_be16_compile_time (DHCP6_SERVER_PORT); -+ udph->chksum = 0; -+ udph->len = grub_cpu_to_be16 (nb->tail - nb->data); -+ -+ udph->chksum = grub_net_ip_transport_checksum (nb, GRUB_NET_IP_UDP, -+ &se->iface->address, &multicast); -+ -+ err = grub_net_send_ip_packet (se->iface, &multicast, -+ &ll_multicast, nb, GRUB_NET_IP_UDP); -+ done = 0; -+ grub_netbuff_free (nb); -+ -+ if (err) -+ { -+ grub_dhcp6_session_remove_all (); -+ return err; -+ } -+ } -+ if (!done) -+ grub_net_poll_cards (interval, 0); - } - -- if (is_def) -+ FOR_DHCP6_SESSIONS (se) - { -- grub_env_set ("net_default_interface", name); -- grub_env_export ("net_default_interface"); -+ grub_error_push (); -+ err = grub_error (GRUB_ERR_FILE_NOT_FOUND, -+ N_("couldn't autoconfigure %s"), -+ se->iface->card->name); - } - -- if (inter) -- grub_net_add_ipv6_local (inter, mask); -- return inter; -+ grub_dhcp6_session_remove_all (); -+ -+ return err; - } - -+static grub_command_t cmd_getdhcp, cmd_bootp, cmd_dhcp, cmd_bootp6; - - void - grub_bootp_init (void) -@@ -1084,11 +1819,15 @@ grub_bootp_init (void) - cmd_getdhcp = grub_register_command ("net_get_dhcp_option", grub_cmd_dhcpopt, - N_("VAR INTERFACE NUMBER DESCRIPTION"), - N_("retrieve DHCP option and save it into VAR. If VAR is - then print the value.")); -+ cmd_bootp6 = grub_register_command ("net_bootp6", grub_cmd_bootp6, -+ N_("[CARD]"), -+ N_("perform a DHCPv6 autoconfiguration")); - } - - void - grub_bootp_fini (void) - { -+ grub_unregister_command (cmd_bootp6); - grub_unregister_command (cmd_getdhcp); - grub_unregister_command (cmd_bootp); - grub_unregister_command (cmd_dhcp); -diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index a673bea807..8e25680db0 100644 ---- a/grub-core/net/drivers/efi/efinet.c -+++ b/grub-core/net/drivers/efi/efinet.c -@@ -393,9 +393,6 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, - pxe_mode = pxe->mode; - if (pxe_mode->using_ipv6) - { -- grub_net_link_level_address_t hwaddr; -- struct grub_net_network_level_interface *intf; -- - grub_dprintf ("efinet", "using ipv6 and dhcpv6\n"); - grub_dprintf ("efinet", "dhcp_ack_received: %s%s\n", - pxe_mode->dhcp_ack_received ? "yes" : "no", -@@ -403,15 +400,14 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, - if (!pxe_mode->dhcp_ack_received) - continue; - -- hwaddr.type = GRUB_NET_LINK_LEVEL_PROTOCOL_ETHERNET; -- grub_memcpy (hwaddr.mac, -- card->efi_net->mode->current_address, -- sizeof (hwaddr.mac)); -- -- intf = grub_net_configure_by_dhcpv6_ack (card->name, card, 0, &hwaddr, -- (const struct grub_net_dhcpv6_packet *)&pxe_mode->dhcp_ack.dhcpv6, -- 1, device, path); -- if (intf && device && path) -+ grub_net_configure_by_dhcpv6_reply (card->name, card, 0, -+ (struct grub_net_dhcp6_packet *) -+ &pxe_mode->dhcp_ack, -+ sizeof (pxe_mode->dhcp_ack), -+ 1, device, path); -+ if (grub_errno) -+ grub_print_error (); -+ if (device && path) - grub_dprintf ("efinet", "device: `%s' path: `%s'\n", *device, *path); - } - else -diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c -index a5896f6dc2..ce6bdc75c6 100644 ---- a/grub-core/net/ip.c -+++ b/grub-core/net/ip.c -@@ -239,6 +239,45 @@ handle_dgram (struct grub_net_buff *nb, - { - struct udphdr *udph; - udph = (struct udphdr *) nb->data; -+ -+ if (proto == GRUB_NET_IP_UDP && udph->dst == grub_cpu_to_be16_compile_time (DHCP6_CLIENT_PORT)) -+ { -+ if (udph->chksum) -+ { -+ grub_uint16_t chk, expected; -+ chk = udph->chksum; -+ udph->chksum = 0; -+ expected = grub_net_ip_transport_checksum (nb, -+ GRUB_NET_IP_UDP, -+ source, -+ dest); -+ if (expected != chk) -+ { -+ grub_dprintf ("net", "Invalid UDP checksum. " -+ "Expected %x, got %x\n", -+ grub_be_to_cpu16 (expected), -+ grub_be_to_cpu16 (chk)); -+ grub_netbuff_free (nb); -+ return GRUB_ERR_NONE; -+ } -+ udph->chksum = chk; -+ } -+ -+ err = grub_netbuff_pull (nb, sizeof (*udph)); -+ if (err) -+ { -+ grub_netbuff_free (nb); -+ return err; -+ } -+ -+ err = grub_net_process_dhcp6 (nb, card); -+ if (err) -+ grub_print_error (); -+ -+ grub_netbuff_free (nb); -+ return GRUB_ERR_NONE; -+ } -+ - if (proto == GRUB_NET_IP_UDP && grub_be_to_cpu16 (udph->dst) == 68) - { - const struct grub_net_bootp_packet *bootp; -diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 9962880147..7614b58dca 100644 ---- a/include/grub/efi/api.h -+++ b/include/grub/efi/api.h -@@ -1532,7 +1532,7 @@ typedef struct grub_efi_pxe_ip_filter - { - grub_efi_uint8_t filters; - grub_efi_uint8_t ip_count; -- grub_efi_uint8_t reserved; -+ grub_efi_uint16_t reserved; - grub_efi_ip_address_t ip_list[GRUB_EFI_PXE_MAX_IPCNT]; - } grub_efi_pxe_ip_filter_t; - -diff --git a/include/grub/net.h b/include/grub/net.h -index d55d505a03..543251f727 100644 ---- a/include/grub/net.h -+++ b/include/grub/net.h -@@ -451,50 +451,65 @@ struct grub_net_bootp_packet - grub_uint8_t vendor[0]; - } GRUB_PACKED; - --enum -- { -- GRUB_NET_DHCP6_IA_NA = 3, -- GRUB_NET_DHCP6_IA_ADDRESS = 5, -- GRUB_NET_DHCP6_BOOTFILE_URL = 59, -- }; -- --struct grub_net_dhcpv6_option -+struct grub_net_dhcp6_packet - { -- grub_uint16_t option_num; -- grub_uint16_t option_len; -- grub_uint8_t option_data[]; -+ grub_uint32_t message_type:8; -+ grub_uint32_t transaction_id:24; -+ grub_uint8_t dhcp_options[0]; - } GRUB_PACKED; --typedef struct grub_net_dhcpv6_option grub_net_dhcpv6_option_t; - --struct grub_net_dhcpv6_opt_ia_na --{ -- grub_uint16_t option_num; -- grub_uint16_t option_len; -+struct grub_net_dhcp6_option { -+ grub_uint16_t code; -+ grub_uint16_t len; -+ grub_uint8_t data[0]; -+} GRUB_PACKED; -+ -+struct grub_net_dhcp6_option_iana { - grub_uint32_t iaid; - grub_uint32_t t1; - grub_uint32_t t2; -- grub_uint8_t options[]; -+ grub_uint8_t data[0]; - } GRUB_PACKED; --typedef struct grub_net_dhcpv6_opt_ia_na grub_net_dhcpv6_opt_ia_na_t; - --struct grub_net_dhcpv6_opt_ia_address --{ -- grub_uint16_t option_num; -- grub_uint16_t option_len; -- grub_uint64_t ipv6_address[2]; -+struct grub_net_dhcp6_option_iaaddr { -+ grub_uint8_t addr[16]; - grub_uint32_t preferred_lifetime; - grub_uint32_t valid_lifetime; -- grub_uint8_t options[]; -+ grub_uint8_t data[0]; - } GRUB_PACKED; --typedef struct grub_net_dhcpv6_opt_ia_address grub_net_dhcpv6_opt_ia_address_t; - --struct grub_net_dhcpv6_packet -+struct grub_net_dhcp6_option_duid_ll - { -- grub_uint32_t message_type:8; -- grub_uint32_t transaction_id:24; -- grub_uint8_t dhcp_options[1024]; -+ grub_uint16_t type; -+ grub_uint16_t hw_type; -+ grub_uint8_t hwaddr[6]; - } GRUB_PACKED; --typedef struct grub_net_dhcpv6_packet grub_net_dhcpv6_packet_t; -+ -+enum -+ { -+ GRUB_NET_DHCP6_SOLICIT = 1, -+ GRUB_NET_DHCP6_ADVERTISE = 2, -+ GRUB_NET_DHCP6_REQUEST = 3, -+ GRUB_NET_DHCP6_REPLY = 7 -+ }; -+ -+enum -+ { -+ DHCP6_CLIENT_PORT = 546, -+ DHCP6_SERVER_PORT = 547 -+ }; -+ -+enum -+ { -+ GRUB_NET_DHCP6_OPTION_CLIENTID = 1, -+ GRUB_NET_DHCP6_OPTION_SERVERID = 2, -+ GRUB_NET_DHCP6_OPTION_IA_NA = 3, -+ GRUB_NET_DHCP6_OPTION_IAADDR = 5, -+ GRUB_NET_DHCP6_OPTION_ORO = 6, -+ GRUB_NET_DHCP6_OPTION_ELAPSED_TIME = 8, -+ GRUB_NET_DHCP6_OPTION_DNS_SERVERS = 23, -+ GRUB_NET_DHCP6_OPTION_BOOTFILE_URL = 59 -+ }; - - #define GRUB_NET_BOOTP_RFC1048_MAGIC_0 0x63 - #define GRUB_NET_BOOTP_RFC1048_MAGIC_1 0x82 -@@ -532,12 +547,12 @@ grub_net_configure_by_dhcp_ack (const char *name, - int is_def, char **device, char **path); - - struct grub_net_network_level_interface * --grub_net_configure_by_dhcpv6_ack (const char *name, -- struct grub_net_card *card, -- grub_net_interface_flags_t flags, -- const grub_net_link_level_address_t *hwaddr, -- const struct grub_net_dhcpv6_packet *packet, -- int is_def, char **device, char **path); -+grub_net_configure_by_dhcpv6_reply (const char *name, -+ struct grub_net_card *card, -+ grub_net_interface_flags_t flags, -+ const struct grub_net_dhcp6_packet *v6, -+ grub_size_t size, -+ int is_def, char **device, char **path); - - int - grub_ipv6_get_masksize(grub_uint16_t *mask); -@@ -554,6 +569,10 @@ void - grub_net_process_dhcp (struct grub_net_buff *nb, - struct grub_net_network_level_interface *iface); - -+grub_err_t -+grub_net_process_dhcp6 (struct grub_net_buff *nb, -+ struct grub_net_card *card); -+ - int - grub_net_hwaddr_cmp (const grub_net_link_level_address_t *a, - const grub_net_link_level_address_t *b); diff --git a/SPECS/grub2/fedora/0074-efinet-UEFI-IPv6-PXE-support.patch b/SPECS/grub2/fedora/0074-efinet-UEFI-IPv6-PXE-support.patch deleted file mode 100644 index 988c178477..0000000000 --- a/SPECS/grub2/fedora/0074-efinet-UEFI-IPv6-PXE-support.patch +++ /dev/null @@ -1,126 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Wed, 15 Apr 2015 14:48:30 +0800 -Subject: [PATCH] efinet: UEFI IPv6 PXE support - -When grub2 image is booted from UEFI IPv6 PXE, the DHCPv6 Reply packet is -cached in firmware buffer which can be obtained by PXE Base Code protocol. The -network interface can be setup through the parameters in that obtained packet. - -Signed-off-by: Michael Chang -Signed-off-by: Ken Lin ---- - grub-core/net/drivers/efi/efinet.c | 2 ++ - include/grub/efi/api.h | 71 +++++++++++++++++++++++--------------- - 2 files changed, 46 insertions(+), 27 deletions(-) - -diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 8e25680db0..014e5bf980 100644 ---- a/grub-core/net/drivers/efi/efinet.c -+++ b/grub-core/net/drivers/efi/efinet.c -@@ -409,6 +409,8 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, - grub_print_error (); - if (device && path) - grub_dprintf ("efinet", "device: `%s' path: `%s'\n", *device, *path); -+ if (grub_errno) -+ grub_print_error (); - } - else - { -diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 7614b58dca..91ab528e4d 100644 ---- a/include/grub/efi/api.h -+++ b/include/grub/efi/api.h -@@ -1524,31 +1524,6 @@ typedef union - grub_efi_pxe_dhcpv6_packet_t dhcpv6; - } grub_efi_pxe_packet_t; - --#define GRUB_EFI_PXE_MAX_IPCNT 8 --#define GRUB_EFI_PXE_MAX_ARP_ENTRIES 8 --#define GRUB_EFI_PXE_MAX_ROUTE_ENTRIES 8 -- --typedef struct grub_efi_pxe_ip_filter --{ -- grub_efi_uint8_t filters; -- grub_efi_uint8_t ip_count; -- grub_efi_uint16_t reserved; -- grub_efi_ip_address_t ip_list[GRUB_EFI_PXE_MAX_IPCNT]; --} grub_efi_pxe_ip_filter_t; -- --typedef struct grub_efi_pxe_arp_entry --{ -- grub_efi_ip_address_t ip_addr; -- grub_efi_mac_address_t mac_addr; --} grub_efi_pxe_arp_entry_t; -- --typedef struct grub_efi_pxe_route_entry --{ -- grub_efi_ip_address_t ip_addr; -- grub_efi_ip_address_t subnet_mask; -- grub_efi_ip_address_t gateway_addr; --} grub_efi_pxe_route_entry_t; -- - typedef struct grub_efi_pxe_icmp_error - { - grub_efi_uint8_t type; -@@ -1574,6 +1549,48 @@ typedef struct grub_efi_pxe_tftp_error - grub_efi_char8_t error_string[127]; - } grub_efi_pxe_tftp_error_t; - -+typedef struct { -+ grub_uint8_t addr[4]; -+} grub_efi_pxe_ipv4_address_t; -+ -+typedef struct { -+ grub_uint8_t addr[16]; -+} grub_efi_pxe_ipv6_address_t; -+ -+typedef struct { -+ grub_uint8_t addr[32]; -+} grub_efi_pxe_mac_address_t; -+ -+typedef union { -+ grub_uint32_t addr[4]; -+ grub_efi_pxe_ipv4_address_t v4; -+ grub_efi_pxe_ipv6_address_t v6; -+} grub_efi_pxe_ip_address_t; -+ -+#define GRUB_EFI_PXE_BASE_CODE_MAX_IPCNT 8 -+typedef struct grub_efi_pxe_ip_filter -+{ -+ grub_efi_uint8_t filters; -+ grub_efi_uint8_t ip_count; -+ grub_efi_uint16_t reserved; -+ grub_efi_ip_address_t ip_list[GRUB_EFI_PXE_BASE_CODE_MAX_IPCNT]; -+} grub_efi_pxe_ip_filter_t; -+ -+typedef struct { -+ grub_efi_pxe_ip_address_t ip_addr; -+ grub_efi_pxe_mac_address_t mac_addr; -+} grub_efi_pxe_arp_entry_t; -+ -+typedef struct { -+ grub_efi_pxe_ip_address_t ip_addr; -+ grub_efi_pxe_ip_address_t subnet_mask; -+ grub_efi_pxe_ip_address_t gw_addr; -+} grub_efi_pxe_route_entry_t; -+ -+ -+#define GRUB_EFI_PXE_BASE_CODE_MAX_ARP_ENTRIES 8 -+#define GRUB_EFI_PXE_BASE_CODE_MAX_ROUTE_ENTRIES 8 -+ - typedef struct grub_efi_pxe_mode - { - grub_efi_boolean_t started; -@@ -1605,9 +1622,9 @@ typedef struct grub_efi_pxe_mode - grub_efi_pxe_packet_t pxe_bis_reply; - grub_efi_pxe_ip_filter_t ip_filter; - grub_efi_uint32_t arp_cache_entries; -- grub_efi_pxe_arp_entry_t arp_cache[GRUB_EFI_PXE_MAX_ARP_ENTRIES]; -+ grub_efi_pxe_arp_entry_t arp_cache[GRUB_EFI_PXE_BASE_CODE_MAX_ARP_ENTRIES]; - grub_efi_uint32_t route_table_entries; -- grub_efi_pxe_route_entry_t route_table[GRUB_EFI_PXE_MAX_ROUTE_ENTRIES]; -+ grub_efi_pxe_route_entry_t route_table[GRUB_EFI_PXE_BASE_CODE_MAX_ROUTE_ENTRIES]; - grub_efi_pxe_icmp_error_t icmp_error; - grub_efi_pxe_tftp_error_t tftp_error; - } grub_efi_pxe_mode_t; diff --git a/SPECS/grub2/fedora/0075-grub.texi-Add-net_bootp6-doument.patch b/SPECS/grub2/fedora/0075-grub.texi-Add-net_bootp6-doument.patch deleted file mode 100644 index b42e09bf8c..0000000000 --- a/SPECS/grub2/fedora/0075-grub.texi-Add-net_bootp6-doument.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Tue, 5 May 2015 14:19:24 +0800 -Subject: [PATCH] grub.texi: Add net_bootp6 doument - -Update grub documentation for net_bootp6 command. - -Signed-off-by: Michael Chang -Signed-off-by: Ken Lin ---- - docs/grub.texi | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) - -diff --git a/docs/grub.texi b/docs/grub.texi -index 0615d0ed97..04ed6ac1f0 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -5487,6 +5487,7 @@ This command is only available on AArch64 systems. - * net_add_dns:: Add a DNS server - * net_add_route:: Add routing entry - * net_bootp:: Perform a bootp/DHCP autoconfiguration -+* net_bootp6:: Perform a DHCPv6 autoconfiguration - * net_del_addr:: Remove IP address from interface - * net_del_dns:: Remove a DNS server - * net_del_route:: Remove a route entry -@@ -5611,6 +5612,22 @@ Sets environment variable @samp{net_}@var{}@samp{_boot_file} - - @end deffn - -+@node net_bootp6 -+@subsection net_bootp6 -+ -+@deffn Command net_bootp6 [@var{card}] -+Perform configuration of @var{card} using DHCPv6 protocol. If no card name is -+specified, try to configure all existing cards. If configuration was -+successful, interface with name @var{card}@samp{:dhcp6} and configured address -+is added to @var{card}. -+ -+@table @samp -+@item 1 (Domain Name Server) -+Adds all servers from option value to the list of servers used during name -+resolution. -+@end table -+ -+@end deffn - - @node net_get_dhcp_option - @subsection net_get_dhcp_option diff --git a/SPECS/grub2/fedora/0076-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch b/SPECS/grub2/fedora/0076-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch deleted file mode 100644 index abff9eb2be..0000000000 --- a/SPECS/grub2/fedora/0076-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Wed, 10 Jul 2019 23:58:28 +0200 -Subject: [PATCH] bootp: Add processing DHCPACK packet from HTTP Boot - -The vendor class identifier with the string "HTTPClient" is used to denote the -packet as responding to HTTP boot request. In DHCP4 config, the filename for -HTTP boot is the URL of the boot file while for PXE boot it is the path to the -boot file. As a consequence, the next-server becomes obseleted because the HTTP -URL already contains the server address for the boot file. For DHCP6 config, -there's no difference definition in existing config as dhcp6.bootfile-url can -be used to specify URL for both HTTP and PXE boot file. - -This patch adds processing for "HTTPClient" vendor class identifier in DHCPACK -packet by treating it as HTTP format, not as the PXE format. - -Signed-off-by: Michael Chang -Signed-off-by: Ken Lin ---- - grub-core/net/bootp.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++ - include/grub/net.h | 1 + - 2 files changed, 56 insertions(+) - -diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c -index fe93b80f1c..8fb8918ae7 100644 ---- a/grub-core/net/bootp.c -+++ b/grub-core/net/bootp.c -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -500,6 +501,60 @@ grub_net_configure_by_dhcp_ack (const char *name, - if (opt && opt_len) - grub_env_set_net_property (name, "rootpath", (const char *) opt, opt_len); - -+ opt = find_dhcp_option (bp, size, GRUB_NET_BOOTP_VENDOR_CLASS_IDENTIFIER, &opt_len); -+ if (opt && opt_len) -+ { -+ grub_env_set_net_property (name, "vendor_class_identifier", (const char *) opt, opt_len); -+ if (opt && grub_strcmp (opt, "HTTPClient") == 0) -+ { -+ char *proto, *ip, *pa; -+ -+ if (!dissect_url (bp->boot_file, &proto, &ip, &pa)) -+ return inter; -+ -+ grub_env_set_net_property (name, "boot_file", pa, grub_strlen (pa)); -+ if (is_def) -+ { -+ grub_net_default_server = grub_strdup (ip); -+ grub_env_set ("net_default_interface", name); -+ grub_env_export ("net_default_interface"); -+ } -+ if (device && !*device) -+ { -+ *device = grub_xasprintf ("%s,%s", proto, ip); -+ grub_print_error (); -+ } -+ if (path) -+ { -+ *path = grub_strdup (pa); -+ grub_print_error (); -+ if (*path) -+ { -+ char *slash; -+ slash = grub_strrchr (*path, '/'); -+ if (slash) -+ *slash = 0; -+ else -+ **path = 0; -+ } -+ } -+ grub_net_add_ipv4_local (inter, mask); -+ inter->dhcp_ack = grub_malloc (size); -+ if (inter->dhcp_ack) -+ { -+ grub_memcpy (inter->dhcp_ack, bp, size); -+ inter->dhcp_acklen = size; -+ } -+ else -+ grub_errno = GRUB_ERR_NONE; -+ -+ grub_free (proto); -+ grub_free (ip); -+ grub_free (pa); -+ return inter; -+ } -+ } -+ - opt = find_dhcp_option (bp, size, GRUB_NET_BOOTP_EXTENSIONS_PATH, &opt_len); - if (opt && opt_len) - grub_env_set_net_property (name, "extensionspath", (const char *) opt, opt_len); -diff --git a/include/grub/net.h b/include/grub/net.h -index 543251f727..42af7de250 100644 ---- a/include/grub/net.h -+++ b/include/grub/net.h -@@ -531,6 +531,7 @@ enum - GRUB_NET_DHCP_MESSAGE_TYPE = 53, - GRUB_NET_DHCP_SERVER_IDENTIFIER = 54, - GRUB_NET_DHCP_PARAMETER_REQUEST_LIST = 55, -+ GRUB_NET_BOOTP_VENDOR_CLASS_IDENTIFIER = 60, - GRUB_NET_BOOTP_CLIENT_ID = 61, - GRUB_NET_DHCP_TFTP_SERVER_NAME = 66, - GRUB_NET_DHCP_BOOTFILE_NAME = 67, diff --git a/SPECS/grub2/fedora/0077-efinet-Setting-network-from-UEFI-device-path.patch b/SPECS/grub2/fedora/0077-efinet-Setting-network-from-UEFI-device-path.patch deleted file mode 100644 index f4faf27036..0000000000 --- a/SPECS/grub2/fedora/0077-efinet-Setting-network-from-UEFI-device-path.patch +++ /dev/null @@ -1,405 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Sun, 10 Jul 2016 23:46:31 +0800 -Subject: [PATCH] efinet: Setting network from UEFI device path - -The PXE Base Code protocol used to obtain cached PXE DHCPACK packet is no -longer provided for HTTP Boot. Instead, we have to get the HTTP boot -information from the device path nodes defined in following UEFI Specification -sections. - - 9.3.5.12 IPv4 Device Path - 9.3.5.13 IPv6 Device Path - 9.3.5.23 Uniform Resource Identifiers (URI) Device Path - -This patch basically does: - -include/grub/efi/api.h: -Add new structure of Uniform Resource Identifiers (URI) Device Path - -grub-core/net/drivers/efi/efinet.c: -Check if PXE Base Code is available, if not it will try to obtain the netboot -information from the device path where the image booted from. The DHCPACK -packet is recoverd from the information in device patch and feed into the same -DHCP packet processing functions to ensure the network interface is setting up -the same way it used to be. - -Signed-off-by: Michael Chang -Signed-off-by: Ken Lin ---- - grub-core/net/drivers/efi/efinet.c | 284 +++++++++++++++++++++++++++++++++++-- - include/grub/efi/api.h | 11 ++ - 2 files changed, 280 insertions(+), 15 deletions(-) - -diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 014e5bf980..8171ecaa5e 100644 ---- a/grub-core/net/drivers/efi/efinet.c -+++ b/grub-core/net/drivers/efi/efinet.c -@@ -26,6 +26,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -331,6 +332,227 @@ grub_efinet_findcards (void) - grub_free (handles); - } - -+static struct grub_net_buff * -+grub_efinet_create_dhcp_ack_from_device_path (grub_efi_device_path_t *dp, int *use_ipv6) -+{ -+ grub_efi_uint16_t uri_len; -+ grub_efi_device_path_t *ldp, *ddp; -+ grub_efi_uri_device_path_t *uri_dp; -+ struct grub_net_buff *nb; -+ grub_err_t err; -+ -+ ddp = grub_efi_duplicate_device_path (dp); -+ if (!ddp) -+ return NULL; -+ -+ ldp = grub_efi_find_last_device_path (ddp); -+ -+ if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE -+ || GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_URI_DEVICE_PATH_SUBTYPE) -+ { -+ grub_free (ddp); -+ return NULL; -+ } -+ -+ uri_len = GRUB_EFI_DEVICE_PATH_LENGTH (ldp) > 4 ? GRUB_EFI_DEVICE_PATH_LENGTH (ldp) - 4 : 0; -+ -+ if (!uri_len) -+ { -+ grub_free (ddp); -+ return NULL; -+ } -+ -+ uri_dp = (grub_efi_uri_device_path_t *) ldp; -+ -+ ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; -+ ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; -+ ldp->length = sizeof (*ldp); -+ -+ ldp = grub_efi_find_last_device_path (ddp); -+ -+ if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE -+ || (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE -+ && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE)) -+ { -+ grub_free (ddp); -+ return NULL; -+ } -+ -+ nb = grub_netbuff_alloc (512); -+ if (!nb) -+ { -+ grub_free (ddp); -+ return NULL; -+ } -+ -+ if (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) == GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE) -+ { -+ grub_efi_ipv4_device_path_t *ipv4 = (grub_efi_ipv4_device_path_t *) ldp; -+ struct grub_net_bootp_packet *bp; -+ grub_uint8_t *ptr; -+ -+ bp = (struct grub_net_bootp_packet *) nb->tail; -+ err = grub_netbuff_put (nb, sizeof (*bp) + 4); -+ if (err) -+ { -+ grub_free (ddp); -+ grub_netbuff_free (nb); -+ return NULL; -+ } -+ -+ if (sizeof(bp->boot_file) < uri_len) -+ { -+ grub_free (ddp); -+ grub_netbuff_free (nb); -+ return NULL; -+ } -+ grub_memcpy (bp->boot_file, uri_dp->uri, uri_len); -+ grub_memcpy (&bp->your_ip, ipv4->local_ip_address, sizeof (bp->your_ip)); -+ grub_memcpy (&bp->server_ip, ipv4->remote_ip_address, sizeof (bp->server_ip)); -+ -+ bp->vendor[0] = GRUB_NET_BOOTP_RFC1048_MAGIC_0; -+ bp->vendor[1] = GRUB_NET_BOOTP_RFC1048_MAGIC_1; -+ bp->vendor[2] = GRUB_NET_BOOTP_RFC1048_MAGIC_2; -+ bp->vendor[3] = GRUB_NET_BOOTP_RFC1048_MAGIC_3; -+ -+ ptr = nb->tail; -+ err = grub_netbuff_put (nb, sizeof (ipv4->subnet_mask) + 2); -+ if (err) -+ { -+ grub_free (ddp); -+ grub_netbuff_free (nb); -+ return NULL; -+ } -+ *ptr++ = GRUB_NET_BOOTP_NETMASK; -+ *ptr++ = sizeof (ipv4->subnet_mask); -+ grub_memcpy (ptr, ipv4->subnet_mask, sizeof (ipv4->subnet_mask)); -+ -+ ptr = nb->tail; -+ err = grub_netbuff_put (nb, sizeof (ipv4->gateway_ip_address) + 2); -+ if (err) -+ { -+ grub_free (ddp); -+ grub_netbuff_free (nb); -+ return NULL; -+ } -+ *ptr++ = GRUB_NET_BOOTP_ROUTER; -+ *ptr++ = sizeof (ipv4->gateway_ip_address); -+ grub_memcpy (ptr, ipv4->gateway_ip_address, sizeof (ipv4->gateway_ip_address)); -+ -+ ptr = nb->tail; -+ err = grub_netbuff_put (nb, sizeof ("HTTPClient") + 1); -+ if (err) -+ { -+ grub_free (ddp); -+ grub_netbuff_free (nb); -+ return NULL; -+ } -+ *ptr++ = GRUB_NET_BOOTP_VENDOR_CLASS_IDENTIFIER; -+ *ptr++ = sizeof ("HTTPClient") - 1; -+ grub_memcpy (ptr, "HTTPClient", sizeof ("HTTPClient") - 1); -+ -+ ptr = nb->tail; -+ err = grub_netbuff_put (nb, 1); -+ if (err) -+ { -+ grub_free (ddp); -+ grub_netbuff_free (nb); -+ return NULL; -+ } -+ *ptr = GRUB_NET_BOOTP_END; -+ *use_ipv6 = 0; -+ -+ ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; -+ ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; -+ ldp->length = sizeof (*ldp); -+ ldp = grub_efi_find_last_device_path (ddp); -+ -+ if (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) == GRUB_EFI_MAC_ADDRESS_DEVICE_PATH_SUBTYPE) -+ { -+ grub_efi_mac_address_device_path_t *mac = (grub_efi_mac_address_device_path_t *) ldp; -+ bp->hw_type = mac->if_type; -+ bp->hw_len = sizeof (bp->mac_addr); -+ grub_memcpy (bp->mac_addr, mac->mac_address, bp->hw_len); -+ } -+ } -+ else -+ { -+ grub_efi_ipv6_device_path_t *ipv6 = (grub_efi_ipv6_device_path_t *) ldp; -+ -+ struct grub_net_dhcp6_packet *d6p; -+ struct grub_net_dhcp6_option *opt; -+ struct grub_net_dhcp6_option_iana *iana; -+ struct grub_net_dhcp6_option_iaaddr *iaaddr; -+ -+ d6p = (struct grub_net_dhcp6_packet *)nb->tail; -+ err = grub_netbuff_put (nb, sizeof(*d6p)); -+ if (err) -+ { -+ grub_free (ddp); -+ grub_netbuff_free (nb); -+ return NULL; -+ } -+ d6p->message_type = GRUB_NET_DHCP6_REPLY; -+ -+ opt = (struct grub_net_dhcp6_option *)nb->tail; -+ err = grub_netbuff_put (nb, sizeof(*opt)); -+ if (err) -+ { -+ grub_free (ddp); -+ grub_netbuff_free (nb); -+ return NULL; -+ } -+ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_IA_NA); -+ opt->len = grub_cpu_to_be16_compile_time (sizeof(*iana) + sizeof(*opt) + sizeof(*iaaddr)); -+ -+ err = grub_netbuff_put (nb, sizeof(*iana)); -+ if (err) -+ { -+ grub_free (ddp); -+ grub_netbuff_free (nb); -+ return NULL; -+ } -+ -+ opt = (struct grub_net_dhcp6_option *)nb->tail; -+ err = grub_netbuff_put (nb, sizeof(*opt)); -+ if (err) -+ { -+ grub_free (ddp); -+ grub_netbuff_free (nb); -+ return NULL; -+ } -+ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_IAADDR); -+ opt->len = grub_cpu_to_be16_compile_time (sizeof (*iaaddr)); -+ -+ iaaddr = (struct grub_net_dhcp6_option_iaaddr *)nb->tail; -+ err = grub_netbuff_put (nb, sizeof(*iaaddr)); -+ if (err) -+ { -+ grub_free (ddp); -+ grub_netbuff_free (nb); -+ return NULL; -+ } -+ grub_memcpy (iaaddr->addr, ipv6->local_ip_address, sizeof(ipv6->local_ip_address)); -+ -+ opt = (struct grub_net_dhcp6_option *)nb->tail; -+ err = grub_netbuff_put (nb, sizeof(*opt) + uri_len); -+ if (err) -+ { -+ grub_free (ddp); -+ grub_netbuff_free (nb); -+ return NULL; -+ } -+ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_BOOTFILE_URL); -+ opt->len = grub_cpu_to_be16 (uri_len); -+ grub_memcpy (opt->data, uri_dp->uri, uri_len); -+ -+ *use_ipv6 = 1; -+ } -+ -+ grub_free (ddp); -+ return nb; -+} -+ - static void - grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, - char **path) -@@ -346,7 +568,11 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, - { - grub_efi_device_path_t *cdp; - struct grub_efi_pxe *pxe; -- struct grub_efi_pxe_mode *pxe_mode; -+ struct grub_efi_pxe_mode *pxe_mode = NULL; -+ grub_uint8_t *packet_buf; -+ grub_size_t packet_bufsz ; -+ int ipv6; -+ struct grub_net_buff *nb = NULL; - - if (card->driver != &efidriver) - continue; -@@ -370,11 +596,21 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, - */ - if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE - || (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE -- && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE)) -+ && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE -+ && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_URI_DEVICE_PATH_SUBTYPE)) - continue; - dup_dp = grub_efi_duplicate_device_path (dp); - if (!dup_dp) - continue; -+ -+ if (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) == GRUB_EFI_URI_DEVICE_PATH_SUBTYPE) -+ { -+ dup_ldp = grub_efi_find_last_device_path (dup_dp); -+ dup_ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; -+ dup_ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; -+ dup_ldp->length = sizeof (*dup_ldp); -+ } -+ - dup_ldp = grub_efi_find_last_device_path (dup_dp); - dup_ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; - dup_ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; -@@ -387,23 +623,37 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, - - pxe = grub_efi_open_protocol (hnd, &pxe_io_guid, - GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); -- if (! pxe) -- continue; -+ if (!pxe) -+ { -+ nb = grub_efinet_create_dhcp_ack_from_device_path (dp, &ipv6); -+ if (!nb) -+ { -+ grub_print_error (); -+ continue; -+ } -+ packet_buf = nb->head; -+ packet_bufsz = nb->tail - nb->head; -+ } -+ else -+ { -+ pxe_mode = pxe->mode; -+ packet_buf = (grub_uint8_t *) &pxe_mode->dhcp_ack; -+ packet_bufsz = sizeof (pxe_mode->dhcp_ack); -+ ipv6 = pxe_mode->using_ipv6; -+ } - -- pxe_mode = pxe->mode; -- if (pxe_mode->using_ipv6) -+ if (ipv6) - { - grub_dprintf ("efinet", "using ipv6 and dhcpv6\n"); -- grub_dprintf ("efinet", "dhcp_ack_received: %s%s\n", -- pxe_mode->dhcp_ack_received ? "yes" : "no", -- pxe_mode->dhcp_ack_received ? "" : " cannot continue"); -- if (!pxe_mode->dhcp_ack_received) -- continue; -+ if (pxe_mode) -+ grub_dprintf ("efinet", "dhcp_ack_received: %s%s\n", -+ pxe_mode->dhcp_ack_received ? "yes" : "no", -+ pxe_mode->dhcp_ack_received ? "" : " cannot continue"); - - grub_net_configure_by_dhcpv6_reply (card->name, card, 0, - (struct grub_net_dhcp6_packet *) -- &pxe_mode->dhcp_ack, -- sizeof (pxe_mode->dhcp_ack), -+ packet_buf, -+ packet_bufsz, - 1, device, path); - if (grub_errno) - grub_print_error (); -@@ -417,11 +667,15 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, - grub_dprintf ("efinet", "using ipv4 and dhcp\n"); - grub_net_configure_by_dhcp_ack (card->name, card, 0, - (struct grub_net_bootp_packet *) -- &pxe_mode->dhcp_ack, -- sizeof (pxe_mode->dhcp_ack), -+ packet_buf, -+ packet_bufsz, - 1, device, path); - grub_dprintf ("efinet", "device: `%s' path: `%s'\n", *device, *path); - } -+ -+ if (nb) -+ grub_netbuff_free (nb); -+ - return; - } - } -diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 91ab528e4d..4a51667adb 100644 ---- a/include/grub/efi/api.h -+++ b/include/grub/efi/api.h -@@ -864,6 +864,8 @@ struct grub_efi_ipv4_device_path - grub_efi_uint16_t remote_port; - grub_efi_uint16_t protocol; - grub_efi_uint8_t static_ip_address; -+ grub_efi_ipv4_address_t gateway_ip_address; -+ grub_efi_ipv4_address_t subnet_mask; - } GRUB_PACKED; - typedef struct grub_efi_ipv4_device_path grub_efi_ipv4_device_path_t; - -@@ -918,6 +920,15 @@ struct grub_efi_sata_device_path - } GRUB_PACKED; - typedef struct grub_efi_sata_device_path grub_efi_sata_device_path_t; - -+#define GRUB_EFI_URI_DEVICE_PATH_SUBTYPE 24 -+ -+struct grub_efi_uri_device_path -+{ -+ grub_efi_device_path_t header; -+ grub_efi_uint8_t uri[0]; -+} GRUB_PACKED; -+typedef struct grub_efi_uri_device_path grub_efi_uri_device_path_t; -+ - #define GRUB_EFI_VENDOR_MESSAGING_DEVICE_PATH_SUBTYPE 10 - - /* Media Device Path. */ diff --git a/SPECS/grub2/fedora/0078-efinet-Setting-DNS-server-from-UEFI-protocol.patch b/SPECS/grub2/fedora/0078-efinet-Setting-DNS-server-from-UEFI-protocol.patch deleted file mode 100644 index 2d92ff0730..0000000000 --- a/SPECS/grub2/fedora/0078-efinet-Setting-DNS-server-from-UEFI-protocol.patch +++ /dev/null @@ -1,336 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Thu, 14 Jul 2016 17:48:45 +0800 -Subject: [PATCH] efinet: Setting DNS server from UEFI protocol - -In the URI device path node, any name rahter than address can be used for -looking up the resources so that DNS service become needed to get answer of the -name's address. Unfortunately the DNS is not defined in any of the device path -nodes so that we use the EFI_IP4_CONFIG2_PROTOCOL and EFI_IP6_CONFIG_PROTOCOL -to obtain it. - -These two protcols are defined the sections of UEFI specification. - - 27.5 EFI IPv4 Configuration II Protocol - 27.7 EFI IPv6 Configuration Protocol - -include/grub/efi/api.h: -Add new structure and protocol UUID of EFI_IP4_CONFIG2_PROTOCOL and -EFI_IP6_CONFIG_PROTOCOL. - -grub-core/net/drivers/efi/efinet.c: -Use the EFI_IP4_CONFIG2_PROTOCOL and EFI_IP6_CONFIG_PROTOCOL to obtain the list -of DNS server address for IPv4 and IPv6 respectively. The address of DNS -servers is structured into DHCPACK packet and feed into the same DHCP packet -processing functions to ensure the network interface is setting up the same way -it used to be. - -Signed-off-by: Michael Chang -Signed-off-by: Ken Lin ---- - grub-core/net/drivers/efi/efinet.c | 163 +++++++++++++++++++++++++++++++++++++ - include/grub/efi/api.h | 75 +++++++++++++++++ - 2 files changed, 238 insertions(+) - -diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 8171ecaa5e..715a6168d7 100644 ---- a/grub-core/net/drivers/efi/efinet.c -+++ b/grub-core/net/drivers/efi/efinet.c -@@ -33,6 +33,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); - /* GUID. */ - static grub_efi_guid_t net_io_guid = GRUB_EFI_SIMPLE_NETWORK_GUID; - static grub_efi_guid_t pxe_io_guid = GRUB_EFI_PXE_GUID; -+static grub_efi_guid_t ip4_config_guid = GRUB_EFI_IP4_CONFIG2_PROTOCOL_GUID; -+static grub_efi_guid_t ip6_config_guid = GRUB_EFI_IP6_CONFIG_PROTOCOL_GUID; - - static grub_err_t - send_card_buffer (struct grub_net_card *dev, -@@ -332,6 +334,125 @@ grub_efinet_findcards (void) - grub_free (handles); - } - -+static grub_efi_handle_t -+grub_efi_locate_device_path (grub_efi_guid_t *protocol, grub_efi_device_path_t *device_path, -+ grub_efi_device_path_t **r_device_path) -+{ -+ grub_efi_handle_t handle; -+ grub_efi_status_t status; -+ -+ status = efi_call_3 (grub_efi_system_table->boot_services->locate_device_path, -+ protocol, &device_path, &handle); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ return 0; -+ -+ if (r_device_path) -+ *r_device_path = device_path; -+ -+ return handle; -+} -+ -+static grub_efi_ipv4_address_t * -+grub_dns_server_ip4_address (grub_efi_device_path_t *dp, grub_efi_uintn_t *num_dns) -+{ -+ grub_efi_handle_t hnd; -+ grub_efi_status_t status; -+ grub_efi_ip4_config2_protocol_t *conf; -+ grub_efi_ipv4_address_t *addrs; -+ grub_efi_uintn_t data_size = 1 * sizeof (grub_efi_ipv4_address_t); -+ -+ hnd = grub_efi_locate_device_path (&ip4_config_guid, dp, NULL); -+ -+ if (!hnd) -+ return 0; -+ -+ conf = grub_efi_open_protocol (hnd, &ip4_config_guid, -+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); -+ -+ if (!conf) -+ return 0; -+ -+ addrs = grub_malloc (data_size); -+ if (!addrs) -+ return 0; -+ -+ status = efi_call_4 (conf->get_data, conf, -+ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_DNSSERVER, -+ &data_size, addrs); -+ -+ if (status == GRUB_EFI_BUFFER_TOO_SMALL) -+ { -+ grub_free (addrs); -+ addrs = grub_malloc (data_size); -+ if (!addrs) -+ return 0; -+ -+ status = efi_call_4 (conf->get_data, conf, -+ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_DNSSERVER, -+ &data_size, addrs); -+ } -+ -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_free (addrs); -+ return 0; -+ } -+ -+ *num_dns = data_size / sizeof (grub_efi_ipv4_address_t); -+ return addrs; -+} -+ -+static grub_efi_ipv6_address_t * -+grub_dns_server_ip6_address (grub_efi_device_path_t *dp, grub_efi_uintn_t *num_dns) -+{ -+ grub_efi_handle_t hnd; -+ grub_efi_status_t status; -+ grub_efi_ip6_config_protocol_t *conf; -+ grub_efi_ipv6_address_t *addrs; -+ grub_efi_uintn_t data_size = 1 * sizeof (grub_efi_ipv6_address_t); -+ -+ hnd = grub_efi_locate_device_path (&ip6_config_guid, dp, NULL); -+ -+ if (!hnd) -+ return 0; -+ -+ conf = grub_efi_open_protocol (hnd, &ip6_config_guid, -+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); -+ -+ if (!conf) -+ return 0; -+ -+ addrs = grub_malloc (data_size); -+ if (!addrs) -+ return 0; -+ -+ status = efi_call_4 (conf->get_data, conf, -+ GRUB_EFI_IP6_CONFIG_DATA_TYPE_DNSSERVER, -+ &data_size, addrs); -+ -+ if (status == GRUB_EFI_BUFFER_TOO_SMALL) -+ { -+ grub_free (addrs); -+ addrs = grub_malloc (data_size); -+ if (!addrs) -+ return 0; -+ -+ status = efi_call_4 (conf->get_data, conf, -+ GRUB_EFI_IP6_CONFIG_DATA_TYPE_DNSSERVER, -+ &data_size, addrs); -+ } -+ -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_free (addrs); -+ return 0; -+ } -+ -+ *num_dns = data_size / sizeof (grub_efi_ipv6_address_t); -+ return addrs; -+} -+ - static struct grub_net_buff * - grub_efinet_create_dhcp_ack_from_device_path (grub_efi_device_path_t *dp, int *use_ipv6) - { -@@ -390,6 +511,8 @@ grub_efinet_create_dhcp_ack_from_device_path (grub_efi_device_path_t *dp, int *u - grub_efi_ipv4_device_path_t *ipv4 = (grub_efi_ipv4_device_path_t *) ldp; - struct grub_net_bootp_packet *bp; - grub_uint8_t *ptr; -+ grub_efi_ipv4_address_t *dns; -+ grub_efi_uintn_t num_dns; - - bp = (struct grub_net_bootp_packet *) nb->tail; - err = grub_netbuff_put (nb, sizeof (*bp) + 4); -@@ -451,6 +574,25 @@ grub_efinet_create_dhcp_ack_from_device_path (grub_efi_device_path_t *dp, int *u - *ptr++ = sizeof ("HTTPClient") - 1; - grub_memcpy (ptr, "HTTPClient", sizeof ("HTTPClient") - 1); - -+ dns = grub_dns_server_ip4_address (dp, &num_dns); -+ if (dns) -+ { -+ grub_efi_uintn_t size_dns = sizeof (*dns) * num_dns; -+ -+ ptr = nb->tail; -+ err = grub_netbuff_put (nb, size_dns + 2); -+ if (err) -+ { -+ grub_free (ddp); -+ grub_netbuff_free (nb); -+ return NULL; -+ } -+ *ptr++ = GRUB_NET_BOOTP_DNS; -+ *ptr++ = size_dns; -+ grub_memcpy (ptr, dns, size_dns); -+ grub_free (dns); -+ } -+ - ptr = nb->tail; - err = grub_netbuff_put (nb, 1); - if (err) -@@ -483,6 +625,8 @@ grub_efinet_create_dhcp_ack_from_device_path (grub_efi_device_path_t *dp, int *u - struct grub_net_dhcp6_option *opt; - struct grub_net_dhcp6_option_iana *iana; - struct grub_net_dhcp6_option_iaaddr *iaaddr; -+ grub_efi_ipv6_address_t *dns; -+ grub_efi_uintn_t num_dns; - - d6p = (struct grub_net_dhcp6_packet *)nb->tail; - err = grub_netbuff_put (nb, sizeof(*d6p)); -@@ -546,6 +690,25 @@ grub_efinet_create_dhcp_ack_from_device_path (grub_efi_device_path_t *dp, int *u - opt->len = grub_cpu_to_be16 (uri_len); - grub_memcpy (opt->data, uri_dp->uri, uri_len); - -+ dns = grub_dns_server_ip6_address (dp, &num_dns); -+ if (dns) -+ { -+ grub_efi_uintn_t size_dns = sizeof (*dns) * num_dns; -+ -+ opt = (struct grub_net_dhcp6_option *)nb->tail; -+ err = grub_netbuff_put (nb, sizeof(*opt) + size_dns); -+ if (err) -+ { -+ grub_free (ddp); -+ grub_netbuff_free (nb); -+ return NULL; -+ } -+ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_DNS_SERVERS); -+ opt->len = grub_cpu_to_be16 (size_dns); -+ grub_memcpy (opt->data, dns, size_dns); -+ grub_free (dns); -+ } -+ - *use_ipv6 = 1; - } - -diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 4a51667adb..0b490195ad 100644 ---- a/include/grub/efi/api.h -+++ b/include/grub/efi/api.h -@@ -352,6 +352,15 @@ - #define GRUB_EFI_RNG_PROTOCOL_GUID \ - { 0x3152bca5, 0xeade, 0x433d, \ - { 0x86, 0x2e, 0xc0, 0x1c, 0xdc, 0x29, 0x1f, 0x44 } \ -+ -+#define GRUB_EFI_IP4_CONFIG2_PROTOCOL_GUID \ -+ { 0x5b446ed1, 0xe30b, 0x4faa, \ -+ { 0x87, 0x1a, 0x36, 0x54, 0xec, 0xa3, 0x60, 0x80 } \ -+ } -+ -+#define GRUB_EFI_IP6_CONFIG_PROTOCOL_GUID \ -+ { 0x937fe521, 0x95ae, 0x4d1a, \ -+ { 0x89, 0x29, 0x48, 0xbc, 0xd9, 0x0a, 0xd3, 0x1a } \ - } - - struct grub_efi_sal_system_table -@@ -1883,6 +1892,72 @@ struct grub_efi_rng_protocol - }; - typedef struct grub_efi_rng_protocol grub_efi_rng_protocol_t; - -+enum grub_efi_ip4_config2_data_type { -+ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_INTERFACEINFO, -+ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_POLICY, -+ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_MANUAL_ADDRESS, -+ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_GATEWAY, -+ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_DNSSERVER, -+ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_MAXIMUM -+}; -+typedef enum grub_efi_ip4_config2_data_type grub_efi_ip4_config2_data_type_t; -+ -+struct grub_efi_ip4_config2_protocol -+{ -+ grub_efi_status_t (*set_data) (struct grub_efi_ip4_config2_protocol *this, -+ grub_efi_ip4_config2_data_type_t data_type, -+ grub_efi_uintn_t data_size, -+ void *data); -+ -+ grub_efi_status_t (*get_data) (struct grub_efi_ip4_config2_protocol *this, -+ grub_efi_ip4_config2_data_type_t data_type, -+ grub_efi_uintn_t *data_size, -+ void *data); -+ -+ grub_efi_status_t (*register_data_notify) (struct grub_efi_ip4_config2_protocol *this, -+ grub_efi_ip4_config2_data_type_t data_type, -+ grub_efi_event_t event); -+ -+ grub_efi_status_t (*unregister_datanotify) (struct grub_efi_ip4_config2_protocol *this, -+ grub_efi_ip4_config2_data_type_t data_type, -+ grub_efi_event_t event); -+}; -+typedef struct grub_efi_ip4_config2_protocol grub_efi_ip4_config2_protocol_t; -+ -+enum grub_efi_ip6_config_data_type { -+ GRUB_EFI_IP6_CONFIG_DATA_TYPE_INTERFACEINFO, -+ GRUB_EFI_IP6_CONFIG_DATA_TYPE_ALT_INTERFACEID, -+ GRUB_EFI_IP6_CONFIG_DATA_TYPE_POLICY, -+ GRUB_EFI_IP6_CONFIG_DATA_TYPE_DUP_ADDR_DETECT_TRANSMITS, -+ GRUB_EFI_IP6_CONFIG_DATA_TYPE_MANUAL_ADDRESS, -+ GRUB_EFI_IP6_CONFIG_DATA_TYPE_GATEWAY, -+ GRUB_EFI_IP6_CONFIG_DATA_TYPE_DNSSERVER, -+ GRUB_EFI_IP6_CONFIG_DATA_TYPE_MAXIMUM -+}; -+typedef enum grub_efi_ip6_config_data_type grub_efi_ip6_config_data_type_t; -+ -+struct grub_efi_ip6_config_protocol -+{ -+ grub_efi_status_t (*set_data) (struct grub_efi_ip6_config_protocol *this, -+ grub_efi_ip6_config_data_type_t data_type, -+ grub_efi_uintn_t data_size, -+ void *data); -+ -+ grub_efi_status_t (*get_data) (struct grub_efi_ip6_config_protocol *this, -+ grub_efi_ip6_config_data_type_t data_type, -+ grub_efi_uintn_t *data_size, -+ void *data); -+ -+ grub_efi_status_t (*register_data_notify) (struct grub_efi_ip6_config_protocol *this, -+ grub_efi_ip6_config_data_type_t data_type, -+ grub_efi_event_t event); -+ -+ grub_efi_status_t (*unregister_datanotify) (struct grub_efi_ip6_config_protocol *this, -+ grub_efi_ip6_config_data_type_t data_type, -+ grub_efi_event_t event); -+}; -+typedef struct grub_efi_ip6_config_protocol grub_efi_ip6_config_protocol_t; -+ - #if (GRUB_TARGET_SIZEOF_VOID_P == 4) || defined (__ia64__) \ - || defined (__aarch64__) || defined (__MINGW64__) || defined (__CYGWIN__) \ - || defined(__riscv) diff --git a/SPECS/grub2/fedora/0079-Support-UEFI-networking-protocols.patch b/SPECS/grub2/fedora/0079-Support-UEFI-networking-protocols.patch deleted file mode 100644 index 740a9f87c7..0000000000 --- a/SPECS/grub2/fedora/0079-Support-UEFI-networking-protocols.patch +++ /dev/null @@ -1,5053 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Wed, 22 Feb 2017 14:27:50 +0800 -Subject: [PATCH] Support UEFI networking protocols - -References: fate#320130, bsc#1015589, bsc#1076132 -Patch-Mainline: no - -V1: - * Add preliminary support of UEFI networking protocols - * Support UEFI HTTPS Boot - -V2: - * Workaround http data access in firmware - * Fix DNS device path parsing for efinet device - * Relaxed UEFI Protocol requirement - * Support Intel OPA (Omni-Path Architecture) PXE Boot - -V3: - * Fix bufio in calculating address of next_buf - * Check HTTP respond code - * Use HEAD request method to test before GET - * Finish HTTP transaction in one go - * Fix bsc#1076132 - -Signed-off-by: Michael Chang -[pjones: make efi_netfs not duplicate symbols from efinet] -Signed-off-by: Peter Jones ---- - grub-core/Makefile.core.def | 12 + - grub-core/io/bufio.c | 2 +- - grub-core/kern/efi/efi.c | 96 ++- - grub-core/net/drivers/efi/efinet.c | 27 + - grub-core/net/efi/dhcp.c | 397 ++++++++++ - grub-core/net/efi/efi_netfs.c | 57 ++ - grub-core/net/efi/http.c | 419 +++++++++++ - grub-core/net/efi/ip4_config.c | 398 ++++++++++ - grub-core/net/efi/ip6_config.c | 422 +++++++++++ - grub-core/net/efi/net.c | 1428 ++++++++++++++++++++++++++++++++++++ - grub-core/net/efi/pxe.c | 424 +++++++++++ - grub-core/net/net.c | 74 ++ - util/grub-mknetdir.c | 23 +- - include/grub/efi/api.h | 180 ++++- - include/grub/efi/dhcp.h | 343 +++++++++ - include/grub/efi/http.h | 215 ++++++ - include/grub/net/efi.h | 144 ++++ - 17 files changed, 4620 insertions(+), 41 deletions(-) - create mode 100644 grub-core/net/efi/dhcp.c - create mode 100644 grub-core/net/efi/efi_netfs.c - create mode 100644 grub-core/net/efi/http.c - create mode 100644 grub-core/net/efi/ip4_config.c - create mode 100644 grub-core/net/efi/ip6_config.c - create mode 100644 grub-core/net/efi/net.c - create mode 100644 grub-core/net/efi/pxe.c - create mode 100644 include/grub/efi/dhcp.h - create mode 100644 include/grub/efi/http.h - create mode 100644 include/grub/net/efi.h - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 4b7c45a7b0..c40170f2dd 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -2299,6 +2299,12 @@ module = { - common = hook/datehook.c; - }; - -+module = { -+ name = efi_netfs; -+ common = net/efi/efi_netfs.c; -+ enable = efi; -+}; -+ - module = { - name = net; - common = net/net.c; -@@ -2312,6 +2318,12 @@ module = { - common = net/ethernet.c; - common = net/arp.c; - common = net/netbuff.c; -+ efi = net/efi/net.c; -+ efi = net/efi/http.c; -+ efi = net/efi/pxe.c; -+ efi = net/efi/ip4_config.c; -+ efi = net/efi/ip6_config.c; -+ efi = net/efi/dhcp.c; - }; - - module = { -diff --git a/grub-core/io/bufio.c b/grub-core/io/bufio.c -index a458c3aca7..1637731535 100644 ---- a/grub-core/io/bufio.c -+++ b/grub-core/io/bufio.c -@@ -139,7 +139,7 @@ grub_bufio_read (grub_file_t file, char *buf, grub_size_t len) - return res; - - /* Need to read some more. */ -- next_buf = (file->offset + res + len - 1) & ~((grub_off_t) bufio->block_size - 1); -+ next_buf = (grub_divmod64 (file->offset + res + len - 1, bufio->block_size, NULL)) * bufio->block_size; - /* Now read between file->offset + res and bufio->buffer_at. */ - if (file->offset + res < next_buf) - { -diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index d6a2fb5778..2a446f5031 100644 ---- a/grub-core/kern/efi/efi.c -+++ b/grub-core/kern/efi/efi.c -@@ -755,7 +755,7 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) - { - grub_efi_ipv4_device_path_t *ipv4 - = (grub_efi_ipv4_device_path_t *) dp; -- grub_printf ("/IPv4(%u.%u.%u.%u,%u.%u.%u.%u,%u,%u,%x,%x)", -+ grub_printf ("/IPv4(%u.%u.%u.%u,%u.%u.%u.%u,%u,%u,%x,%x", - (unsigned) ipv4->local_ip_address[0], - (unsigned) ipv4->local_ip_address[1], - (unsigned) ipv4->local_ip_address[2], -@@ -768,33 +768,60 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) - (unsigned) ipv4->remote_port, - (unsigned) ipv4->protocol, - (unsigned) ipv4->static_ip_address); -+ if (len == sizeof (*ipv4)) -+ { -+ grub_printf (",%u.%u.%u.%u,%u.%u.%u.%u", -+ (unsigned) ipv4->gateway_ip_address[0], -+ (unsigned) ipv4->gateway_ip_address[1], -+ (unsigned) ipv4->gateway_ip_address[2], -+ (unsigned) ipv4->gateway_ip_address[3], -+ (unsigned) ipv4->subnet_mask[0], -+ (unsigned) ipv4->subnet_mask[1], -+ (unsigned) ipv4->subnet_mask[2], -+ (unsigned) ipv4->subnet_mask[3]); -+ } -+ grub_printf (")"); - } - break; - case GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE: - { - grub_efi_ipv6_device_path_t *ipv6 - = (grub_efi_ipv6_device_path_t *) dp; -- grub_printf ("/IPv6(%x:%x:%x:%x:%x:%x:%x:%x,%x:%x:%x:%x:%x:%x:%x:%x,%u,%u,%x,%x)", -- (unsigned) ipv6->local_ip_address[0], -- (unsigned) ipv6->local_ip_address[1], -- (unsigned) ipv6->local_ip_address[2], -- (unsigned) ipv6->local_ip_address[3], -- (unsigned) ipv6->local_ip_address[4], -- (unsigned) ipv6->local_ip_address[5], -- (unsigned) ipv6->local_ip_address[6], -- (unsigned) ipv6->local_ip_address[7], -- (unsigned) ipv6->remote_ip_address[0], -- (unsigned) ipv6->remote_ip_address[1], -- (unsigned) ipv6->remote_ip_address[2], -- (unsigned) ipv6->remote_ip_address[3], -- (unsigned) ipv6->remote_ip_address[4], -- (unsigned) ipv6->remote_ip_address[5], -- (unsigned) ipv6->remote_ip_address[6], -- (unsigned) ipv6->remote_ip_address[7], -+ grub_printf ("/IPv6(%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x,%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x,%u,%u,%x,%x", -+ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[0]), -+ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[1]), -+ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[2]), -+ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[3]), -+ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[4]), -+ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[5]), -+ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[6]), -+ (unsigned) grub_be_to_cpu16 (ipv6->local_ip_address[7]), -+ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[0]), -+ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[1]), -+ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[2]), -+ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[3]), -+ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[4]), -+ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[5]), -+ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[6]), -+ (unsigned) grub_be_to_cpu16 (ipv6->remote_ip_address[7]), - (unsigned) ipv6->local_port, - (unsigned) ipv6->remote_port, - (unsigned) ipv6->protocol, - (unsigned) ipv6->static_ip_address); -+ if (len == sizeof (*ipv6)) -+ { -+ grub_printf (",%u,%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x", -+ (unsigned) ipv6->prefix_length, -+ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[0]), -+ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[1]), -+ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[2]), -+ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[3]), -+ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[4]), -+ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[5]), -+ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[6]), -+ (unsigned) grub_be_to_cpu16 (ipv6->gateway_ip_address[7])); -+ } -+ grub_printf (")"); - } - break; - case GRUB_EFI_INFINIBAND_DEVICE_PATH_SUBTYPE: -@@ -834,6 +861,39 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) - dump_vendor_path ("Messaging", - (grub_efi_vendor_device_path_t *) dp); - break; -+ case GRUB_EFI_URI_DEVICE_PATH_SUBTYPE: -+ { -+ grub_efi_uri_device_path_t *uri -+ = (grub_efi_uri_device_path_t *) dp; -+ grub_printf ("/URI(%s)", uri->uri); -+ } -+ break; -+ case GRUB_EFI_DNS_DEVICE_PATH_SUBTYPE: -+ { -+ grub_efi_dns_device_path_t *dns -+ = (grub_efi_dns_device_path_t *) dp; -+ if (dns->is_ipv6) -+ { -+ grub_printf ("/DNS(%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x)", -+ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[0]) >> 16), -+ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[0])), -+ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[1]) >> 16), -+ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[1])), -+ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[2]) >> 16), -+ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[2])), -+ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[3]) >> 16), -+ (grub_uint16_t)(grub_be_to_cpu32(dns->dns_server_ip[0].addr[3]))); -+ } -+ else -+ { -+ grub_printf ("/DNS(%d.%d.%d.%d)", -+ dns->dns_server_ip[0].v4.addr[0], -+ dns->dns_server_ip[0].v4.addr[1], -+ dns->dns_server_ip[0].v4.addr[2], -+ dns->dns_server_ip[0].v4.addr[3]); -+ } -+ } -+ break; - default: - grub_printf ("/UnknownMessaging(%x)", (unsigned) subtype); - break; -diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 715a6168d7..e11d759f19 100644 ---- a/grub-core/net/drivers/efi/efinet.c -+++ b/grub-core/net/drivers/efi/efinet.c -@@ -27,6 +27,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -491,6 +492,17 @@ grub_efinet_create_dhcp_ack_from_device_path (grub_efi_device_path_t *dp, int *u - - ldp = grub_efi_find_last_device_path (ddp); - -+ /* Skip the DNS Device */ -+ if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) == GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE -+ && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) == GRUB_EFI_DNS_DEVICE_PATH_SUBTYPE) -+ { -+ ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; -+ ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; -+ ldp->length = sizeof (*ldp); -+ -+ ldp = grub_efi_find_last_device_path (ddp); -+ } -+ - if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE - || (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE - && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE)) -@@ -760,6 +772,7 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, - if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE - || (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE - && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE -+ && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_DNS_DEVICE_PATH_SUBTYPE - && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_URI_DEVICE_PATH_SUBTYPE)) - continue; - dup_dp = grub_efi_duplicate_device_path (dp); -@@ -774,6 +787,15 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, - dup_ldp->length = sizeof (*dup_ldp); - } - -+ dup_ldp = grub_efi_find_last_device_path (dup_dp); -+ if (GRUB_EFI_DEVICE_PATH_SUBTYPE (dup_ldp) == GRUB_EFI_DNS_DEVICE_PATH_SUBTYPE) -+ { -+ dup_ldp = grub_efi_find_last_device_path (dup_dp); -+ dup_ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; -+ dup_ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; -+ dup_ldp->length = sizeof (*dup_ldp); -+ } -+ - dup_ldp = grub_efi_find_last_device_path (dup_dp); - dup_ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; - dup_ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; -@@ -845,6 +867,9 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, - - GRUB_MOD_INIT(efinet) - { -+ if (grub_efi_net_config) -+ return; -+ - grub_efinet_findcards (); - grub_efi_net_config = grub_efi_net_config_real; - } -@@ -856,5 +881,7 @@ GRUB_MOD_FINI(efinet) - FOR_NET_CARDS_SAFE (card, next) - if (card->driver == &efidriver) - grub_net_card_unregister (card); -+ -+ grub_efi_net_config = NULL; - } - -diff --git a/grub-core/net/efi/dhcp.c b/grub-core/net/efi/dhcp.c -new file mode 100644 -index 0000000000..dbef63d8c0 ---- /dev/null -+++ b/grub-core/net/efi/dhcp.c -@@ -0,0 +1,397 @@ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#ifdef GRUB_EFI_NET_DEBUG -+static void -+dhcp4_mode_print (grub_efi_dhcp4_mode_data_t *mode) -+{ -+ switch (mode->state) -+ { -+ case GRUB_EFI_DHCP4_STOPPED: -+ grub_printf ("STATE: STOPPED\n"); -+ break; -+ case GRUB_EFI_DHCP4_INIT: -+ grub_printf ("STATE: INIT\n"); -+ break; -+ case GRUB_EFI_DHCP4_SELECTING: -+ grub_printf ("STATE: SELECTING\n"); -+ break; -+ case GRUB_EFI_DHCP4_REQUESTING: -+ grub_printf ("STATE: REQUESTING\n"); -+ break; -+ case GRUB_EFI_DHCP4_BOUND: -+ grub_printf ("STATE: BOUND\n"); -+ break; -+ case GRUB_EFI_DHCP4_RENEWING: -+ grub_printf ("STATE: RENEWING\n"); -+ break; -+ case GRUB_EFI_DHCP4_REBINDING: -+ grub_printf ("STATE: REBINDING\n"); -+ break; -+ case GRUB_EFI_DHCP4_INIT_REBOOT: -+ grub_printf ("STATE: INIT_REBOOT\n"); -+ break; -+ case GRUB_EFI_DHCP4_REBOOTING: -+ grub_printf ("STATE: REBOOTING\n"); -+ break; -+ default: -+ grub_printf ("STATE: UNKNOWN\n"); -+ break; -+ } -+ -+ grub_printf ("CLIENT_ADDRESS: %u.%u.%u.%u\n", -+ mode->client_address[0], -+ mode->client_address[1], -+ mode->client_address[2], -+ mode->client_address[3]); -+ grub_printf ("SERVER_ADDRESS: %u.%u.%u.%u\n", -+ mode->server_address[0], -+ mode->server_address[1], -+ mode->server_address[2], -+ mode->server_address[3]); -+ grub_printf ("SUBNET_MASK: %u.%u.%u.%u\n", -+ mode->subnet_mask[0], -+ mode->subnet_mask[1], -+ mode->subnet_mask[2], -+ mode->subnet_mask[3]); -+ grub_printf ("ROUTER_ADDRESS: %u.%u.%u.%u\n", -+ mode->router_address[0], -+ mode->router_address[1], -+ mode->router_address[2], -+ mode->router_address[3]); -+} -+#endif -+ -+static grub_efi_ipv4_address_t * -+grub_efi_dhcp4_parse_dns (grub_efi_dhcp4_protocol_t *dhcp4, grub_efi_dhcp4_packet_t *reply_packet) -+{ -+ grub_efi_dhcp4_packet_option_t **option_list; -+ grub_efi_status_t status; -+ grub_efi_uint32_t option_count = 0; -+ grub_efi_uint32_t i; -+ -+ status = efi_call_4 (dhcp4->parse, dhcp4, reply_packet, &option_count, NULL); -+ -+ if (status != GRUB_EFI_BUFFER_TOO_SMALL) -+ return NULL; -+ -+ option_list = grub_malloc (option_count * sizeof(*option_list)); -+ if (!option_list) -+ return NULL; -+ -+ status = efi_call_4 (dhcp4->parse, dhcp4, reply_packet, &option_count, option_list); -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_free (option_list); -+ return NULL; -+ } -+ -+ for (i = 0; i < option_count; ++i) -+ { -+ if (option_list[i]->op_code == 6) -+ { -+ grub_efi_ipv4_address_t *dns_address; -+ -+ if (((option_list[i]->length & 0x3) != 0) || (option_list[i]->length == 0)) -+ continue; -+ -+ /* We only contact primary dns */ -+ dns_address = grub_malloc (sizeof (*dns_address)); -+ if (!dns_address) -+ { -+ grub_free (option_list); -+ return NULL; -+ } -+ grub_memcpy (dns_address, option_list[i]->data, sizeof (dns_address)); -+ grub_free (option_list); -+ return dns_address; -+ } -+ } -+ -+ grub_free (option_list); -+ return NULL; -+} -+ -+#if 0 -+/* Somehow this doesn't work ... */ -+static grub_err_t -+grub_cmd_efi_bootp (struct grub_command *cmd __attribute__ ((unused)), -+ int argc __attribute__ ((unused)), -+ char **args __attribute__ ((unused))) -+{ -+ struct grub_efi_net_device *dev; -+ for (dev = net_devices; dev; dev = dev->next) -+ { -+ grub_efi_pxe_t *pxe = dev->ip4_pxe; -+ grub_efi_pxe_mode_t *mode = pxe->mode; -+ grub_efi_status_t status; -+ -+ if (!mode->started) -+ { -+ status = efi_call_2 (pxe->start, pxe, 0); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ grub_printf ("Couldn't start PXE\n"); -+ } -+ -+ status = efi_call_2 (pxe->dhcp, pxe, 0); -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_printf ("dhcp4 configure failed, %d\n", (int)status); -+ continue; -+ } -+ -+ dev->prefer_ip6 = 0; -+ } -+ -+ return GRUB_ERR_NONE; -+} -+#endif -+ -+static grub_err_t -+grub_cmd_efi_bootp (struct grub_command *cmd __attribute__ ((unused)), -+ int argc, -+ char **args) -+{ -+ struct grub_efi_net_device *netdev; -+ -+ for (netdev = net_devices; netdev; netdev = netdev->next) -+ { -+ grub_efi_status_t status; -+ grub_efi_dhcp4_mode_data_t mode; -+ grub_efi_dhcp4_config_data_t config; -+ grub_efi_dhcp4_packet_option_t *options; -+ grub_efi_ipv4_address_t *dns_address; -+ grub_efi_net_ip_manual_address_t net_ip; -+ grub_efi_net_ip_address_t ip_addr; -+ grub_efi_net_interface_t *inf = NULL; -+ -+ if (argc > 0 && grub_strcmp (netdev->card_name, args[0]) != 0) -+ continue; -+ -+ grub_memset (&config, 0, sizeof(config)); -+ -+ config.option_count = 1; -+ options = grub_malloc (sizeof(*options) + 2); -+ /* Parameter request list */ -+ options->op_code = 55; -+ options->length = 3; -+ /* subnet mask */ -+ options->data[0] = 1; -+ /* router */ -+ options->data[1] = 3; -+ /* DNS */ -+ options->data[2] = 6; -+ config.option_list = &options; -+ -+ /* FIXME: What if the dhcp has bounded */ -+ status = efi_call_2 (netdev->dhcp4->configure, netdev->dhcp4, &config); -+ grub_free (options); -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_printf ("dhcp4 configure failed, %d\n", (int)status); -+ continue; -+ } -+ -+ status = efi_call_2 (netdev->dhcp4->start, netdev->dhcp4, NULL); -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_printf ("dhcp4 start failed, %d\n", (int)status); -+ continue; -+ } -+ -+ status = efi_call_2 (netdev->dhcp4->get_mode_data, netdev->dhcp4, &mode); -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_printf ("dhcp4 get mode failed, %d\n", (int)status); -+ continue; -+ } -+ -+#ifdef GRUB_EFI_NET_DEBUG -+ dhcp4_mode_print (&mode); -+#endif -+ -+ for (inf = netdev->net_interfaces; inf; inf = inf->next) -+ if (inf->prefer_ip6 == 0) -+ break; -+ -+ grub_memcpy (net_ip.ip4.address, mode.client_address, sizeof (net_ip.ip4.address)); -+ grub_memcpy (net_ip.ip4.subnet_mask, mode.subnet_mask, sizeof (net_ip.ip4.subnet_mask)); -+ -+ if (!inf) -+ { -+ char *name = grub_xasprintf ("%s:dhcp", netdev->card_name); -+ -+ net_ip.is_ip6 = 0; -+ inf = grub_efi_net_create_interface (netdev, -+ name, -+ &net_ip, -+ 1); -+ grub_free (name); -+ } -+ else -+ { -+ efi_net_interface_set_address (inf, &net_ip, 1); -+ } -+ -+ grub_memcpy (ip_addr.ip4, mode.router_address, sizeof (ip_addr.ip4)); -+ efi_net_interface_set_gateway (inf, &ip_addr); -+ -+ dns_address = grub_efi_dhcp4_parse_dns (netdev->dhcp4, mode.reply_packet); -+ if (dns_address) -+ efi_net_interface_set_dns (inf, (grub_efi_net_ip_address_t *)&dns_address); -+ -+ } -+ -+ return GRUB_ERR_NONE; -+} -+ -+ -+static grub_err_t -+grub_cmd_efi_bootp6 (struct grub_command *cmd __attribute__ ((unused)), -+ int argc, -+ char **args) -+{ -+ struct grub_efi_net_device *dev; -+ grub_efi_uint32_t ia_id; -+ -+ for (dev = net_devices, ia_id = 0; dev; dev = dev->next, ia_id++) -+ { -+ grub_efi_dhcp6_config_data_t config; -+ grub_efi_dhcp6_packet_option_t *option_list[1]; -+ grub_efi_dhcp6_packet_option_t *opt; -+ grub_efi_status_t status; -+ grub_efi_dhcp6_mode_data_t mode; -+ grub_efi_dhcp6_retransmission_t retrans; -+ grub_efi_net_ip_manual_address_t net_ip; -+ grub_efi_boot_services_t *b = grub_efi_system_table->boot_services; -+ grub_efi_net_interface_t *inf = NULL; -+ -+ if (argc > 0 && grub_strcmp (dev->card_name, args[0]) != 0) -+ continue; -+ -+ opt = grub_malloc (sizeof(*opt) + 2 * sizeof (grub_efi_uint16_t)); -+ -+#define GRUB_EFI_DHCP6_OPT_ORO 6 -+ -+ opt->op_code = grub_cpu_to_be16_compile_time (GRUB_EFI_DHCP6_OPT_ORO); -+ opt->op_len = grub_cpu_to_be16_compile_time (2 * sizeof (grub_efi_uint16_t)); -+ -+#define GRUB_EFI_DHCP6_OPT_BOOT_FILE_URL 59 -+#define GRUB_EFI_DHCP6_OPT_DNS_SERVERS 23 -+ -+ grub_set_unaligned16 (opt->data, grub_cpu_to_be16_compile_time(GRUB_EFI_DHCP6_OPT_BOOT_FILE_URL)); -+ grub_set_unaligned16 (opt->data + 1 * sizeof (grub_efi_uint16_t), -+ grub_cpu_to_be16_compile_time(GRUB_EFI_DHCP6_OPT_DNS_SERVERS)); -+ -+ option_list[0] = opt; -+ retrans.irt = 4; -+ retrans.mrc = 4; -+ retrans.mrt = 32; -+ retrans.mrd = 60; -+ -+ config.dhcp6_callback = NULL; -+ config.callback_context = NULL; -+ config.option_count = 1; -+ config.option_list = option_list; -+ config.ia_descriptor.ia_id = ia_id; -+ config.ia_descriptor.type = GRUB_EFI_DHCP6_IA_TYPE_NA; -+ config.ia_info_event = NULL; -+ config.reconfigure_accept = 0; -+ config.rapid_commit = 0; -+ config.solicit_retransmission = &retrans; -+ -+ status = efi_call_2 (dev->dhcp6->configure, dev->dhcp6, &config); -+ grub_free (opt); -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_printf ("dhcp6 configure failed, %d\n", (int)status); -+ continue; -+ } -+ status = efi_call_1 (dev->dhcp6->start, dev->dhcp6); -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_printf ("dhcp6 start failed, %d\n", (int)status); -+ continue; -+ } -+ -+ status = efi_call_3 (dev->dhcp6->get_mode_data, dev->dhcp6, &mode, NULL); -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_printf ("dhcp4 get mode failed, %d\n", (int)status); -+ continue; -+ } -+ -+ for (inf = dev->net_interfaces; inf; inf = inf->next) -+ if (inf->prefer_ip6 == 1) -+ break; -+ -+ grub_memcpy (net_ip.ip6.address, mode.ia->ia_address[0].ip_address, sizeof (net_ip.ip6.address)); -+ net_ip.ip6.prefix_length = 64; -+ net_ip.ip6.is_anycast = 0; -+ net_ip.is_ip6 = 1; -+ -+ if (!inf) -+ { -+ char *name = grub_xasprintf ("%s:dhcp", dev->card_name); -+ -+ inf = grub_efi_net_create_interface (dev, -+ name, -+ &net_ip, -+ 1); -+ grub_free (name); -+ } -+ else -+ { -+ efi_net_interface_set_address (inf, &net_ip, 1); -+ } -+ -+ { -+ grub_efi_uint32_t count = 0; -+ grub_efi_dhcp6_packet_option_t **options = NULL; -+ grub_efi_uint32_t i; -+ -+ status = efi_call_4 (dev->dhcp6->parse, dev->dhcp6, mode.ia->reply_packet, &count, NULL); -+ -+ if (status == GRUB_EFI_BUFFER_TOO_SMALL && count) -+ { -+ options = grub_malloc (count * sizeof(*options)); -+ status = efi_call_4 (dev->dhcp6->parse, dev->dhcp6, mode.ia->reply_packet, &count, options); -+ } -+ -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ if (options) -+ grub_free (options); -+ continue; -+ } -+ -+ for (i = 0; i < count; ++i) -+ { -+ if (options[i]->op_code == grub_cpu_to_be16_compile_time(GRUB_EFI_DHCP6_OPT_DNS_SERVERS)) -+ { -+ grub_efi_net_ip_address_t dns; -+ grub_memcpy (dns.ip6, options[i]->data, sizeof(net_ip.ip6)); -+ efi_net_interface_set_dns (inf, &dns); -+ break; -+ } -+ } -+ -+ if (options) -+ grub_free (options); -+ } -+ -+ efi_call_1 (b->free_pool, mode.client_id); -+ efi_call_1 (b->free_pool, mode.ia); -+ } -+ -+ return GRUB_ERR_NONE; -+} -+ -+grub_command_func_t grub_efi_net_bootp = grub_cmd_efi_bootp; -+grub_command_func_t grub_efi_net_bootp6 = grub_cmd_efi_bootp6; -diff --git a/grub-core/net/efi/efi_netfs.c b/grub-core/net/efi/efi_netfs.c -new file mode 100644 -index 0000000000..ef371d885e ---- /dev/null -+++ b/grub-core/net/efi/efi_netfs.c -@@ -0,0 +1,57 @@ -+#include -+#include -+#define EFI_NET_CMD_PREFIX "net_efi" -+#include -+ -+GRUB_MOD_LICENSE ("GPLv3+"); -+ -+static grub_command_t cmd_efi_lsroutes; -+static grub_command_t cmd_efi_lscards; -+static grub_command_t cmd_efi_lsaddrs; -+static grub_command_t cmd_efi_addaddr; -+static grub_command_t cmd_efi_bootp; -+static grub_command_t cmd_efi_bootp6; -+ -+static int initialized; -+ -+GRUB_MOD_INIT(efi_netfs) -+{ -+ if (grub_net_open) -+ return; -+ -+ if (grub_efi_net_fs_init ()) -+ { -+ cmd_efi_lsroutes = grub_register_command ("net_efi_ls_routes", grub_efi_net_list_routes, -+ "", N_("list network routes")); -+ cmd_efi_lscards = grub_register_command ("net_efi_ls_cards", grub_efi_net_list_cards, -+ "", N_("list network cards")); -+ cmd_efi_lsaddrs = grub_register_command ("net_efi_ls_addr", grub_efi_net_list_addrs, -+ "", N_("list network addresses")); -+ cmd_efi_addaddr = grub_register_command ("net_efi_add_addr", grub_efi_net_add_addr, -+ N_("SHORTNAME CARD ADDRESS [HWADDRESS]"), -+ N_("Add a network address.")); -+ cmd_efi_bootp = grub_register_command ("net_efi_bootp", grub_efi_net_bootp, -+ N_("[CARD]"), -+ N_("perform a bootp autoconfiguration")); -+ cmd_efi_bootp6 = grub_register_command ("net_efi_bootp6", grub_efi_net_bootp6, -+ N_("[CARD]"), -+ N_("perform a bootp autoconfiguration")); -+ initialized = 1; -+ } -+} -+ -+GRUB_MOD_FINI(efi_netfs) -+{ -+ if (initialized) -+ { -+ grub_unregister_command (cmd_efi_lsroutes); -+ grub_unregister_command (cmd_efi_lscards); -+ grub_unregister_command (cmd_efi_lsaddrs); -+ grub_unregister_command (cmd_efi_addaddr); -+ grub_unregister_command (cmd_efi_bootp); -+ grub_unregister_command (cmd_efi_bootp6); -+ grub_efi_net_fs_fini (); -+ initialized = 0; -+ return; -+ } -+} -diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c -new file mode 100644 -index 0000000000..3f61fd2fa5 ---- /dev/null -+++ b/grub-core/net/efi/http.c -@@ -0,0 +1,419 @@ -+ -+#include -+#include -+#include -+#include -+#include -+ -+static void -+http_configure (struct grub_efi_net_device *dev, int prefer_ip6) -+{ -+ grub_efi_http_config_data_t http_config; -+ grub_efi_httpv4_access_point_t httpv4_node; -+ grub_efi_httpv6_access_point_t httpv6_node; -+ grub_efi_status_t status; -+ -+ grub_efi_http_t *http = dev->http; -+ -+ grub_memset (&http_config, 0, sizeof(http_config)); -+ http_config.http_version = GRUB_EFI_HTTPVERSION11; -+ http_config.timeout_millisec = 5000; -+ -+ if (prefer_ip6) -+ { -+ grub_efi_uintn_t sz; -+ grub_efi_ip6_config_manual_address_t manual_address; -+ -+ http_config.local_address_is_ipv6 = 1; -+ sz = sizeof (manual_address); -+ status = efi_call_4 (dev->ip6_config->get_data, dev->ip6_config, -+ GRUB_EFI_IP6_CONFIG_DATA_TYPE_MANUAL_ADDRESS, -+ &sz, &manual_address); -+ -+ if (status == GRUB_EFI_NOT_FOUND) -+ { -+ grub_printf ("The MANUAL ADDRESS is not found\n"); -+ } -+ -+ /* FIXME: The manual interface would return BUFFER TOO SMALL !!! */ -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_printf ("??? %d\n",(int) status); -+ return; -+ } -+ -+ grub_memcpy (httpv6_node.local_address, manual_address.address, sizeof (httpv6_node.local_address)); -+ httpv6_node.local_port = 0; -+ http_config.access_point.ipv6_node = &httpv6_node; -+ } -+ else -+ { -+ http_config.local_address_is_ipv6 = 0; -+ grub_memset (&httpv4_node, 0, sizeof(httpv4_node)); -+ httpv4_node.use_default_address = 1; -+ -+ /* Use random port here */ -+ /* See TcpBind() in edk2/NetworkPkg/TcpDxe/TcpDispatcher.c */ -+ httpv4_node.local_port = 0; -+ http_config.access_point.ipv4_node = &httpv4_node; -+ } -+ -+ status = efi_call_2 (http->configure, http, &http_config); -+ -+ if (status == GRUB_EFI_ALREADY_STARTED) -+ { -+ /* XXX: This hangs HTTPS boot */ -+#if 0 -+ if (efi_call_2 (http->configure, http, NULL) != GRUB_EFI_SUCCESS) -+ { -+ grub_error (GRUB_ERR_IO, N_("couldn't reset http instance")); -+ grub_print_error (); -+ return; -+ } -+ status = efi_call_2 (http->configure, http, &http_config); -+#endif -+ return; -+ } -+ -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_error (GRUB_ERR_IO, N_("couldn't configure http protocol, reason: %d"), (int)status); -+ grub_print_error (); -+ return ; -+ } -+} -+ -+static grub_efi_boolean_t request_callback_done; -+static grub_efi_boolean_t response_callback_done; -+ -+static void -+grub_efi_http_request_callback (grub_efi_event_t event __attribute__ ((unused)), -+ void *context __attribute__ ((unused))) -+{ -+ request_callback_done = 1; -+} -+ -+static void -+grub_efi_http_response_callback (grub_efi_event_t event __attribute__ ((unused)), -+ void *context __attribute__ ((unused))) -+{ -+ response_callback_done = 1; -+} -+ -+static grub_err_t -+efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https, int headeronly, grub_off_t *file_size) -+{ -+ grub_efi_http_request_data_t request_data; -+ grub_efi_http_message_t request_message; -+ grub_efi_http_token_t request_token; -+ grub_efi_http_response_data_t response_data; -+ grub_efi_http_message_t response_message; -+ grub_efi_http_token_t response_token; -+ grub_efi_http_header_t request_headers[3]; -+ -+ grub_efi_status_t status; -+ grub_efi_boot_services_t *b = grub_efi_system_table->boot_services; -+ char *url = NULL; -+ -+ request_headers[0].field_name = (grub_efi_char8_t *)"Host"; -+ request_headers[0].field_value = (grub_efi_char8_t *)server; -+ request_headers[1].field_name = (grub_efi_char8_t *)"Accept"; -+ request_headers[1].field_value = (grub_efi_char8_t *)"*/*"; -+ request_headers[2].field_name = (grub_efi_char8_t *)"User-Agent"; -+ request_headers[2].field_value = (grub_efi_char8_t *)"UefiHttpBoot/1.0"; -+ -+ { -+ grub_efi_ipv6_address_t address; -+ const char *rest; -+ grub_efi_char16_t *ucs2_url; -+ grub_size_t url_len, ucs2_url_len; -+ const char *protocol = (use_https == 1) ? "https" : "http"; -+ -+ if (grub_efi_string_to_ip6_address (server, &address, &rest) && *rest == 0) -+ url = grub_xasprintf ("%s://[%s]%s", protocol, server, name); -+ else -+ url = grub_xasprintf ("%s://%s%s", protocol, server, name); -+ -+ if (!url) -+ { -+ return grub_errno; -+ } -+ -+ url_len = grub_strlen (url); -+ ucs2_url_len = url_len * GRUB_MAX_UTF16_PER_UTF8; -+ ucs2_url = grub_malloc ((ucs2_url_len + 1) * sizeof (ucs2_url[0])); -+ -+ if (!ucs2_url) -+ { -+ grub_free (url); -+ return grub_errno; -+ } -+ -+ ucs2_url_len = grub_utf8_to_utf16 (ucs2_url, ucs2_url_len, (grub_uint8_t *)url, url_len, NULL); /* convert string format from ascii to usc2 */ -+ ucs2_url[ucs2_url_len] = 0; -+ grub_free (url); -+ request_data.url = ucs2_url; -+ } -+ -+ request_data.method = (headeronly > 0) ? GRUB_EFI_HTTPMETHODHEAD : GRUB_EFI_HTTPMETHODGET; -+ -+ request_message.data.request = &request_data; -+ request_message.header_count = 3; -+ request_message.headers = request_headers; -+ request_message.body_length = 0; -+ request_message.body = NULL; -+ -+ /* request token */ -+ request_token.event = NULL; -+ request_token.status = GRUB_EFI_NOT_READY; -+ request_token.message = &request_message; -+ -+ request_callback_done = 0; -+ status = efi_call_5 (b->create_event, -+ GRUB_EFI_EVT_NOTIFY_SIGNAL, -+ GRUB_EFI_TPL_CALLBACK, -+ grub_efi_http_request_callback, -+ NULL, -+ &request_token.event); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_free (request_data.url); -+ return grub_error (GRUB_ERR_IO, "Fail to create an event! status=0x%x\n", status); -+ } -+ -+ status = efi_call_2 (http->request, http, &request_token); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ efi_call_1 (b->close_event, request_token.event); -+ grub_free (request_data.url); -+ return grub_error (GRUB_ERR_IO, "Fail to send a request! status=0x%x\n", status); -+ } -+ /* TODO: Add Timeout */ -+ while (!request_callback_done) -+ efi_call_1(http->poll, http); -+ -+ response_data.status_code = GRUB_EFI_HTTP_STATUS_UNSUPPORTED_STATUS; -+ response_message.data.response = &response_data; -+ /* herader_count will be updated by the HTTP driver on response */ -+ response_message.header_count = 0; -+ /* headers will be populated by the driver on response */ -+ response_message.headers = NULL; -+ /* use zero BodyLength to only receive the response headers */ -+ response_message.body_length = 0; -+ response_message.body = NULL; -+ response_token.event = NULL; -+ -+ status = efi_call_5 (b->create_event, -+ GRUB_EFI_EVT_NOTIFY_SIGNAL, -+ GRUB_EFI_TPL_CALLBACK, -+ grub_efi_http_response_callback, -+ NULL, -+ &response_token.event); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ efi_call_1 (b->close_event, request_token.event); -+ grub_free (request_data.url); -+ return grub_error (GRUB_ERR_IO, "Fail to create an event! status=0x%x\n", status); -+ } -+ -+ response_token.status = GRUB_EFI_SUCCESS; -+ response_token.message = &response_message; -+ -+ /* wait for HTTP response */ -+ response_callback_done = 0; -+ status = efi_call_2 (http->response, http, &response_token); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ efi_call_1 (b->close_event, response_token.event); -+ efi_call_1 (b->close_event, request_token.event); -+ grub_free (request_data.url); -+ return grub_error (GRUB_ERR_IO, "Fail to receive a response! status=%d\n", (int)status); -+ } -+ -+ /* TODO: Add Timeout */ -+ while (!response_callback_done) -+ efi_call_1 (http->poll, http); -+ -+ if (response_message.data.response->status_code != GRUB_EFI_HTTP_STATUS_200_OK) -+ { -+ grub_efi_http_status_code_t status_code = response_message.data.response->status_code; -+ -+ if (response_message.headers) -+ efi_call_1 (b->free_pool, response_message.headers); -+ efi_call_1 (b->close_event, response_token.event); -+ efi_call_1 (b->close_event, request_token.event); -+ grub_free (request_data.url); -+ if (status_code == GRUB_EFI_HTTP_STATUS_404_NOT_FOUND) -+ { -+ return grub_error (GRUB_ERR_FILE_NOT_FOUND, _("file `%s' not found"), name); -+ } -+ else -+ { -+ return grub_error (GRUB_ERR_NET_UNKNOWN_ERROR, -+ _("unsupported uefi http status code 0x%x"), status_code); -+ } -+ } -+ -+ if (file_size) -+ { -+ int i; -+ /* parse the length of the file from the ContentLength header */ -+ for (*file_size = 0, i = 0; i < (int)response_message.header_count; ++i) -+ { -+ if (!grub_strcmp((const char*)response_message.headers[i].field_name, "Content-Length")) -+ { -+ *file_size = grub_strtoul((const char*)response_message.headers[i].field_value, 0, 10); -+ break; -+ } -+ } -+ } -+ -+ if (response_message.headers) -+ efi_call_1 (b->free_pool, response_message.headers); -+ efi_call_1 (b->close_event, response_token.event); -+ efi_call_1 (b->close_event, request_token.event); -+ grub_free (request_data.url); -+ -+ return GRUB_ERR_NONE; -+} -+ -+static grub_ssize_t -+efihttp_read (struct grub_efi_net_device *dev, -+ char *buf, -+ grub_size_t len) -+{ -+ grub_efi_http_message_t response_message; -+ grub_efi_http_token_t response_token; -+ -+ grub_efi_status_t status; -+ grub_size_t sum = 0; -+ grub_efi_boot_services_t *b = grub_efi_system_table->boot_services; -+ grub_efi_http_t *http = dev->http; -+ -+ if (!len) -+ { -+ grub_error (GRUB_ERR_BUG, "Invalid arguments to EFI HTTP Read"); -+ return -1; -+ } -+ -+ efi_call_5 (b->create_event, -+ GRUB_EFI_EVT_NOTIFY_SIGNAL, -+ GRUB_EFI_TPL_CALLBACK, -+ grub_efi_http_response_callback, -+ NULL, -+ &response_token.event); -+ -+ while (len) -+ { -+ response_message.data.response = NULL; -+ response_message.header_count = 0; -+ response_message.headers = NULL; -+ response_message.body_length = len; -+ response_message.body = buf; -+ -+ response_token.message = &response_message; -+ response_token.status = GRUB_EFI_NOT_READY; -+ -+ response_callback_done = 0; -+ -+ status = efi_call_2 (http->response, http, &response_token); -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ efi_call_1 (b->close_event, response_token.event); -+ grub_error (GRUB_ERR_IO, "Error! status=%d\n", (int)status); -+ return -1; -+ } -+ -+ while (!response_callback_done) -+ efi_call_1(http->poll, http); -+ -+ sum += response_message.body_length; -+ buf += response_message.body_length; -+ len -= response_message.body_length; -+ } -+ -+ efi_call_1 (b->close_event, response_token.event); -+ -+ return sum; -+} -+ -+static grub_err_t -+grub_efihttp_open (struct grub_efi_net_device *dev, -+ int prefer_ip6 __attribute__ ((unused)), -+ grub_file_t file, -+ const char *filename __attribute__ ((unused)), -+ int type) -+{ -+ grub_err_t err; -+ grub_off_t size; -+ char *buf; -+ -+ err = efihttp_request (dev->http, file->device->net->server, file->device->net->name, type, 1, 0); -+ if (err != GRUB_ERR_NONE) -+ return err; -+ -+ err = efihttp_request (dev->http, file->device->net->server, file->device->net->name, type, 0, &size); -+ if (err != GRUB_ERR_NONE) -+ return err; -+ -+ buf = grub_malloc (size); -+ efihttp_read (dev, buf, size); -+ -+ file->size = size; -+ file->data = buf; -+ file->not_easily_seekable = 0; -+ file->device->net->offset = 0; -+ -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+grub_efihttp_close (struct grub_efi_net_device *dev __attribute__ ((unused)), -+ int prefer_ip6 __attribute__ ((unused)), -+ grub_file_t file) -+{ -+ if (file->data) -+ grub_free (file->data); -+ -+ file->data = 0; -+ file->offset = 0; -+ file->size = 0; -+ file->device->net->offset = 0; -+ return GRUB_ERR_NONE; -+} -+ -+static grub_ssize_t -+grub_efihttp_read (struct grub_efi_net_device *dev __attribute__((unused)), -+ int prefer_ip6 __attribute__((unused)), -+ grub_file_t file, -+ char *buf, -+ grub_size_t len) -+{ -+ grub_size_t r = len; -+ -+ if (!file->data || !buf || !len) -+ return 0; -+ -+ if ((file->device->net->offset + len) > file->size) -+ r = file->size - file->device->net->offset; -+ -+ if (r) -+ { -+ grub_memcpy (buf, (char *)file->data + file->device->net->offset, r); -+ file->device->net->offset += r; -+ } -+ -+ return r; -+} -+ -+struct grub_efi_net_io io_http = -+ { -+ .configure = http_configure, -+ .open = grub_efihttp_open, -+ .read = grub_efihttp_read, -+ .close = grub_efihttp_close -+ }; -diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c -new file mode 100644 -index 0000000000..b711a5d945 ---- /dev/null -+++ b/grub-core/net/efi/ip4_config.c -@@ -0,0 +1,398 @@ -+ -+#include -+#include -+#include -+#include -+#include -+ -+char * -+grub_efi_hw_address_to_string (grub_efi_uint32_t hw_address_size, grub_efi_mac_address_t hw_address) -+{ -+ char *hw_addr, *p; -+ int sz, s; -+ int i; -+ -+ sz = (int)hw_address_size * (sizeof ("XX:") - 1) + 1; -+ -+ hw_addr = grub_malloc (sz); -+ if (!hw_addr) -+ return NULL; -+ -+ p = hw_addr; -+ s = sz; -+ for (i = 0; i < (int)hw_address_size; i++) -+ { -+ grub_snprintf (p, sz, "%02x:", hw_address[i]); -+ p += sizeof ("XX:") - 1; -+ s -= sizeof ("XX:") - 1; -+ } -+ -+ hw_addr[sz - 2] = '\0'; -+ return hw_addr; -+} -+ -+char * -+grub_efi_ip4_address_to_string (grub_efi_ipv4_address_t *address) -+{ -+ char *addr; -+ -+ addr = grub_malloc (sizeof ("XXX.XXX.XXX.XXX")); -+ if (!addr) -+ return NULL; -+ -+ /* FIXME: Use grub_xasprintf ? */ -+ grub_snprintf (addr, -+ sizeof ("XXX.XXX.XXX.XXX"), -+ "%u.%u.%u.%u", -+ (*address)[0], -+ (*address)[1], -+ (*address)[2], -+ (*address)[3]); -+ -+ return addr; -+} -+ -+int -+grub_efi_string_to_ip4_address (const char *val, grub_efi_ipv4_address_t *address, const char **rest) -+{ -+ grub_uint32_t newip = 0; -+ int i; -+ const char *ptr = val; -+ -+ for (i = 0; i < 4; i++) -+ { -+ unsigned long t; -+ t = grub_strtoul (ptr, (char **) &ptr, 0); -+ if (grub_errno) -+ { -+ grub_errno = GRUB_ERR_NONE; -+ return 0; -+ } -+ if (*ptr != '.' && i == 0) -+ { -+ /* XXX: t is in host byte order */ -+ newip = t; -+ break; -+ } -+ if (t & ~0xff) -+ return 0; -+ newip <<= 8; -+ newip |= t; -+ if (i != 3 && *ptr != '.') -+ return 0; -+ ptr++; -+ } -+ -+ newip = grub_cpu_to_be32 (newip); -+ -+ grub_memcpy (address, &newip, sizeof(*address)); -+ -+ if (rest) -+ *rest = (ptr - 1); -+ return 1; -+} -+ -+static grub_efi_ip4_config2_interface_info_t * -+efi_ip4_config_interface_info (grub_efi_ip4_config2_protocol_t *ip4_config) -+{ -+ grub_efi_uintn_t sz; -+ grub_efi_status_t status; -+ grub_efi_ip4_config2_interface_info_t *interface_info; -+ -+ sz = sizeof (*interface_info) + sizeof (*interface_info->route_table); -+ interface_info = grub_malloc (sz); -+ if (!interface_info) -+ return NULL; -+ -+ status = efi_call_4 (ip4_config->get_data, ip4_config, -+ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_INTERFACEINFO, -+ &sz, interface_info); -+ -+ if (status == GRUB_EFI_BUFFER_TOO_SMALL) -+ { -+ grub_free (interface_info); -+ interface_info = grub_malloc (sz); -+ status = efi_call_4 (ip4_config->get_data, ip4_config, -+ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_INTERFACEINFO, -+ &sz, interface_info); -+ } -+ -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_free (interface_info); -+ return NULL; -+ } -+ -+ return interface_info; -+} -+ -+static grub_efi_ip4_config2_manual_address_t * -+efi_ip4_config_manual_address (grub_efi_ip4_config2_protocol_t *ip4_config) -+{ -+ grub_efi_uintn_t sz; -+ grub_efi_status_t status; -+ grub_efi_ip4_config2_manual_address_t *manual_address; -+ -+ sz = sizeof (*manual_address); -+ manual_address = grub_malloc (sz); -+ if (!manual_address) -+ return NULL; -+ -+ status = efi_call_4 (ip4_config->get_data, ip4_config, -+ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_MANUAL_ADDRESS, -+ &sz, manual_address); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_free (manual_address); -+ return NULL; -+ } -+ -+ return manual_address; -+} -+ -+char * -+grub_efi_ip4_interface_name (struct grub_efi_net_device *dev) -+{ -+ grub_efi_ip4_config2_interface_info_t *interface_info; -+ char *name; -+ -+ interface_info = efi_ip4_config_interface_info (dev->ip4_config); -+ -+ if (!interface_info) -+ return NULL; -+ -+ name = grub_malloc (GRUB_EFI_IP4_CONFIG2_INTERFACE_INFO_NAME_SIZE -+ * GRUB_MAX_UTF8_PER_UTF16 + 1); -+ *grub_utf16_to_utf8 ((grub_uint8_t *)name, interface_info->name, -+ GRUB_EFI_IP4_CONFIG2_INTERFACE_INFO_NAME_SIZE) = 0; -+ grub_free (interface_info); -+ return name; -+} -+ -+static char * -+grub_efi_ip4_interface_hw_address (struct grub_efi_net_device *dev) -+{ -+ grub_efi_ip4_config2_interface_info_t *interface_info; -+ char *hw_addr; -+ -+ interface_info = efi_ip4_config_interface_info (dev->ip4_config); -+ -+ if (!interface_info) -+ return NULL; -+ -+ hw_addr = grub_efi_hw_address_to_string (interface_info->hw_address_size, interface_info->hw_address); -+ grub_free (interface_info); -+ -+ return hw_addr; -+} -+ -+static char * -+grub_efi_ip4_interface_address (struct grub_efi_net_device *dev) -+{ -+ grub_efi_ip4_config2_manual_address_t *manual_address; -+ char *addr; -+ -+ manual_address = efi_ip4_config_manual_address (dev->ip4_config); -+ -+ if (!manual_address) -+ return NULL; -+ -+ addr = grub_efi_ip4_address_to_string (&manual_address->address); -+ grub_free (manual_address); -+ return addr; -+} -+ -+ -+static int -+address_mask_size (grub_efi_ipv4_address_t *address) -+{ -+ grub_uint8_t i; -+ grub_uint32_t u32_addr = grub_be_to_cpu32 (grub_get_unaligned32 (address)); -+ -+ if (u32_addr == 0) -+ return 0; -+ -+ for (i = 0; i < 32 ; ++i) -+ { -+ if (u32_addr == ((0xffffffff >> i) << i)) -+ return (32 - i); -+ } -+ -+ return -1; -+} -+ -+static char ** -+grub_efi_ip4_interface_route_table (struct grub_efi_net_device *dev) -+{ -+ grub_efi_ip4_config2_interface_info_t *interface_info; -+ char **ret; -+ int i, id; -+ -+ interface_info = efi_ip4_config_interface_info (dev->ip4_config); -+ if (!interface_info) -+ return NULL; -+ -+ ret = grub_malloc (sizeof (*ret) * (interface_info->route_table_size + 1)); -+ -+ if (!ret) -+ { -+ grub_free (interface_info); -+ return NULL; -+ } -+ -+ id = 0; -+ for (i = 0; i < (int)interface_info->route_table_size; i++) -+ { -+ char *subnet, *gateway, *mask; -+ grub_uint32_t u32_subnet, u32_gateway; -+ int mask_size; -+ grub_efi_ip4_route_table_t *route_table = interface_info->route_table + i; -+ grub_efi_net_interface_t *inf; -+ char *interface_name = NULL; -+ -+ for (inf = dev->net_interfaces; inf; inf = inf->next) -+ if (!inf->prefer_ip6) -+ interface_name = inf->name; -+ -+ u32_gateway = grub_get_unaligned32 (&route_table->gateway_address); -+ gateway = grub_efi_ip4_address_to_string (&route_table->gateway_address); -+ u32_subnet = grub_get_unaligned32 (&route_table->subnet_address); -+ subnet = grub_efi_ip4_address_to_string (&route_table->subnet_address); -+ mask_size = address_mask_size (&route_table->subnet_mask); -+ mask = grub_efi_ip4_address_to_string (&route_table->subnet_mask); -+ if (u32_subnet && !u32_gateway && interface_name) -+ ret[id++] = grub_xasprintf ("%s:local %s/%d %s", dev->card_name, subnet, mask_size, interface_name); -+ else if (u32_subnet && u32_gateway) -+ ret[id++] = grub_xasprintf ("%s:gw %s/%d gw %s", dev->card_name, subnet, mask_size, gateway); -+ else if (!u32_subnet && u32_gateway) -+ ret[id++] = grub_xasprintf ("%s:default %s/%d gw %s", dev->card_name, subnet, mask_size, gateway); -+ grub_free (subnet); -+ grub_free (gateway); -+ grub_free (mask); -+ } -+ -+ ret[id] = NULL; -+ grub_free (interface_info); -+ return ret; -+} -+ -+static grub_efi_net_interface_t * -+grub_efi_ip4_interface_match (struct grub_efi_net_device *dev, grub_efi_net_ip_address_t *ip_address) -+{ -+ grub_efi_ip4_config2_interface_info_t *interface_info; -+ grub_efi_net_interface_t *inf; -+ int i; -+ grub_efi_ipv4_address_t *address = &ip_address->ip4; -+ -+ interface_info = efi_ip4_config_interface_info (dev->ip4_config); -+ if (!interface_info) -+ return NULL; -+ -+ for (i = 0; i < (int)interface_info->route_table_size; i++) -+ { -+ grub_efi_ip4_route_table_t *route_table = interface_info->route_table + i; -+ grub_uint32_t u32_address, u32_mask, u32_subnet; -+ -+ u32_address = grub_get_unaligned32 (address); -+ u32_subnet = grub_get_unaligned32 (route_table->subnet_address); -+ u32_mask = grub_get_unaligned32 (route_table->subnet_mask); -+ -+ /* SKIP Default GATEWAY */ -+ if (!u32_subnet && !u32_mask) -+ continue; -+ -+ if ((u32_address & u32_mask) == u32_subnet) -+ { -+ for (inf = dev->net_interfaces; inf; inf = inf->next) -+ if (!inf->prefer_ip6) -+ { -+ grub_free (interface_info); -+ return inf; -+ } -+ } -+ } -+ -+ grub_free (interface_info); -+ return NULL; -+} -+ -+static int -+grub_efi_ip4_interface_set_manual_address (struct grub_efi_net_device *dev, -+ grub_efi_net_ip_manual_address_t *net_ip, -+ int with_subnet) -+{ -+ grub_efi_status_t status; -+ grub_efi_ip4_config2_manual_address_t *address = &net_ip->ip4; -+ -+ if (!with_subnet) -+ { -+ grub_efi_ip4_config2_manual_address_t *manual_address = -+ efi_ip4_config_manual_address (dev->ip4_config); -+ -+ if (manual_address) -+ { -+ grub_memcpy (address->subnet_mask, manual_address->subnet_mask, sizeof(address->subnet_mask)); -+ grub_free (manual_address); -+ } -+ else -+ { -+ /* XXX: */ -+ address->subnet_mask[0] = 0xff; -+ address->subnet_mask[1] = 0xff; -+ address->subnet_mask[2] = 0xff; -+ address->subnet_mask[3] = 0; -+ } -+ } -+ -+ status = efi_call_4 (dev->ip4_config->set_data, dev->ip4_config, -+ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_MANUAL_ADDRESS, -+ sizeof(*address), address); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ return 0; -+ -+ return 1; -+} -+ -+static int -+grub_efi_ip4_interface_set_gateway (struct grub_efi_net_device *dev, -+ grub_efi_net_ip_address_t *address) -+{ -+ grub_efi_status_t status; -+ -+ status = efi_call_4 (dev->ip4_config->set_data, dev->ip4_config, -+ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_GATEWAY, -+ sizeof (address->ip4), &address->ip4); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ return 0; -+ return 1; -+} -+ -+/* FIXME: Multiple DNS */ -+static int -+grub_efi_ip4_interface_set_dns (struct grub_efi_net_device *dev, -+ grub_efi_net_ip_address_t *address) -+{ -+ grub_efi_status_t status; -+ -+ status = efi_call_4 (dev->ip4_config->set_data, dev->ip4_config, -+ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_DNSSERVER, -+ sizeof (address->ip4), &address->ip4); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ return 0; -+ return 1; -+} -+ -+grub_efi_net_ip_config_t *efi_net_ip4_config = &(grub_efi_net_ip_config_t) -+ { -+ .get_hw_address = grub_efi_ip4_interface_hw_address, -+ .get_address = grub_efi_ip4_interface_address, -+ .get_route_table = grub_efi_ip4_interface_route_table, -+ .best_interface = grub_efi_ip4_interface_match, -+ .set_address = grub_efi_ip4_interface_set_manual_address, -+ .set_gateway = grub_efi_ip4_interface_set_gateway, -+ .set_dns = grub_efi_ip4_interface_set_dns -+ }; -diff --git a/grub-core/net/efi/ip6_config.c b/grub-core/net/efi/ip6_config.c -new file mode 100644 -index 0000000000..017c4d05bc ---- /dev/null -+++ b/grub-core/net/efi/ip6_config.c -@@ -0,0 +1,422 @@ -+#include -+#include -+#include -+#include -+#include -+ -+char * -+grub_efi_ip6_address_to_string (grub_efi_pxe_ipv6_address_t *address) -+{ -+ char *str = grub_malloc (sizeof ("XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX")); -+ char *p; -+ int i; -+ int squash; -+ -+ if (!str) -+ return NULL; -+ -+ p = str; -+ squash = 0; -+ for (i = 0; i < 8; ++i) -+ { -+ grub_uint16_t addr; -+ -+ if (i == 7) -+ squash = 2; -+ -+ addr = grub_get_unaligned16 (address->addr + i * 2); -+ -+ if (grub_be_to_cpu16 (addr)) -+ { -+ char buf[sizeof ("XXXX")]; -+ if (i > 0) -+ *p++ = ':'; -+ grub_snprintf (buf, sizeof (buf), "%x", grub_be_to_cpu16 (addr)); -+ grub_strcpy (p, buf); -+ p += grub_strlen (buf); -+ -+ if (squash == 1) -+ squash = 2; -+ } -+ else -+ { -+ if (squash == 0) -+ { -+ *p++ = ':'; -+ squash = 1; -+ } -+ else if (squash == 2) -+ { -+ *p++ = ':'; -+ *p++ = '0'; -+ } -+ } -+ } -+ *p = '\0'; -+ return str; -+} -+ -+int -+grub_efi_string_to_ip6_address (const char *val, grub_efi_ipv6_address_t *address, const char **rest) -+{ -+ grub_uint16_t newip[8]; -+ const char *ptr = val; -+ int word, quaddot = -1; -+ int bracketed = 0; -+ -+ if (ptr[0] == '[') { -+ bracketed = 1; -+ ptr++; -+ } -+ -+ if (ptr[0] == ':' && ptr[1] != ':') -+ return 0; -+ if (ptr[0] == ':') -+ ptr++; -+ -+ for (word = 0; word < 8; word++) -+ { -+ unsigned long t; -+ if (*ptr == ':') -+ { -+ quaddot = word; -+ word--; -+ ptr++; -+ continue; -+ } -+ t = grub_strtoul (ptr, (char **) &ptr, 16); -+ if (grub_errno) -+ { -+ grub_errno = GRUB_ERR_NONE; -+ break; -+ } -+ if (t & ~0xffff) -+ return 0; -+ newip[word] = grub_cpu_to_be16 (t); -+ if (*ptr != ':') -+ break; -+ ptr++; -+ } -+ if (quaddot == -1 && word < 7) -+ return 0; -+ if (quaddot != -1) -+ { -+ grub_memmove (&newip[quaddot + 7 - word], &newip[quaddot], -+ (word - quaddot + 1) * sizeof (newip[0])); -+ grub_memset (&newip[quaddot], 0, (7 - word) * sizeof (newip[0])); -+ } -+ grub_memcpy (address, newip, 16); -+ if (bracketed && *ptr == ']') { -+ ptr++; -+ } -+ if (rest) -+ *rest = ptr; -+ return 1; -+} -+ -+static grub_efi_ip6_config_interface_info_t * -+efi_ip6_config_interface_info (grub_efi_ip6_config_protocol_t *ip6_config) -+{ -+ grub_efi_uintn_t sz; -+ grub_efi_status_t status; -+ grub_efi_ip6_config_interface_info_t *interface_info; -+ -+ sz = sizeof (*interface_info) + sizeof (*interface_info->route_table); -+ interface_info = grub_malloc (sz); -+ -+ status = efi_call_4 (ip6_config->get_data, ip6_config, -+ GRUB_EFI_IP6_CONFIG_DATA_TYPE_INTERFACEINFO, -+ &sz, interface_info); -+ -+ if (status == GRUB_EFI_BUFFER_TOO_SMALL) -+ { -+ grub_free (interface_info); -+ interface_info = grub_malloc (sz); -+ status = efi_call_4 (ip6_config->get_data, ip6_config, -+ GRUB_EFI_IP6_CONFIG_DATA_TYPE_INTERFACEINFO, -+ &sz, interface_info); -+ } -+ -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_free (interface_info); -+ return NULL; -+ } -+ -+ return interface_info; -+} -+ -+static grub_efi_ip6_config_manual_address_t * -+efi_ip6_config_manual_address (grub_efi_ip6_config_protocol_t *ip6_config) -+{ -+ grub_efi_uintn_t sz; -+ grub_efi_status_t status; -+ grub_efi_ip6_config_manual_address_t *manual_address; -+ -+ sz = sizeof (*manual_address); -+ manual_address = grub_malloc (sz); -+ if (!manual_address) -+ return NULL; -+ -+ status = efi_call_4 (ip6_config->get_data, ip6_config, -+ GRUB_EFI_IP6_CONFIG_DATA_TYPE_MANUAL_ADDRESS, -+ &sz, manual_address); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_free (manual_address); -+ return NULL; -+ } -+ -+ return manual_address; -+} -+ -+char * -+grub_efi_ip6_interface_name (struct grub_efi_net_device *dev) -+{ -+ grub_efi_ip6_config_interface_info_t *interface_info; -+ char *name; -+ -+ interface_info = efi_ip6_config_interface_info (dev->ip6_config); -+ -+ if (!interface_info) -+ return NULL; -+ -+ name = grub_malloc (GRUB_EFI_IP4_CONFIG2_INTERFACE_INFO_NAME_SIZE -+ * GRUB_MAX_UTF8_PER_UTF16 + 1); -+ *grub_utf16_to_utf8 ((grub_uint8_t *)name, interface_info->name, -+ GRUB_EFI_IP4_CONFIG2_INTERFACE_INFO_NAME_SIZE) = 0; -+ grub_free (interface_info); -+ return name; -+} -+ -+static char * -+grub_efi_ip6_interface_hw_address (struct grub_efi_net_device *dev) -+{ -+ grub_efi_ip6_config_interface_info_t *interface_info; -+ char *hw_addr; -+ -+ interface_info = efi_ip6_config_interface_info (dev->ip6_config); -+ -+ if (!interface_info) -+ return NULL; -+ -+ hw_addr = grub_efi_hw_address_to_string (interface_info->hw_address_size, interface_info->hw_address); -+ grub_free (interface_info); -+ -+ return hw_addr; -+} -+ -+static char * -+grub_efi_ip6_interface_address (struct grub_efi_net_device *dev) -+{ -+ grub_efi_ip6_config_manual_address_t *manual_address; -+ char *addr; -+ -+ manual_address = efi_ip6_config_manual_address (dev->ip6_config); -+ -+ if (!manual_address) -+ return NULL; -+ -+ addr = grub_efi_ip6_address_to_string ((grub_efi_pxe_ipv6_address_t *)&manual_address->address); -+ grub_free (manual_address); -+ return addr; -+} -+ -+static char ** -+grub_efi_ip6_interface_route_table (struct grub_efi_net_device *dev) -+{ -+ grub_efi_ip6_config_interface_info_t *interface_info; -+ char **ret; -+ int i, id; -+ -+ interface_info = efi_ip6_config_interface_info (dev->ip6_config); -+ if (!interface_info) -+ return NULL; -+ -+ ret = grub_malloc (sizeof (*ret) * (interface_info->route_count + 1)); -+ -+ if (!ret) -+ { -+ grub_free (interface_info); -+ return NULL; -+ } -+ -+ id = 0; -+ for (i = 0; i < (int)interface_info->route_count ; i++) -+ { -+ char *gateway, *destination; -+ grub_uint64_t u64_gateway[2]; -+ grub_uint64_t u64_destination[2]; -+ grub_efi_ip6_route_table_t *route_table = interface_info->route_table + i; -+ grub_efi_net_interface_t *inf; -+ char *interface_name = NULL; -+ -+ gateway = grub_efi_ip6_address_to_string (&route_table->gateway); -+ destination = grub_efi_ip6_address_to_string (&route_table->destination); -+ -+ u64_gateway[0] = grub_get_unaligned64 (route_table->gateway.addr); -+ u64_gateway[1] = grub_get_unaligned64 (route_table->gateway.addr + 8); -+ u64_destination[0] = grub_get_unaligned64 (route_table->destination.addr); -+ u64_destination[1] = grub_get_unaligned64 (route_table->destination.addr + 8); -+ -+ for (inf = dev->net_interfaces; inf; inf = inf->next) -+ if (inf->prefer_ip6) -+ interface_name = inf->name; -+ -+ if ((!u64_gateway[0] && !u64_gateway[1]) -+ && (u64_destination[0] || u64_destination[1])) -+ { -+ if (interface_name) -+ { -+ if ((grub_be_to_cpu64 (u64_destination[0]) == 0xfe80000000000000ULL) -+ && (!u64_destination[1]) -+ && (route_table->prefix_length == 64)) -+ ret[id++] = grub_xasprintf ("%s:link %s/%d %s", dev->card_name, destination, route_table->prefix_length, interface_name); -+ else -+ ret[id++] = grub_xasprintf ("%s:local %s/%d %s", dev->card_name, destination, route_table->prefix_length, interface_name); -+ } -+ } -+ else if ((u64_gateway[0] || u64_gateway[1]) -+ && (u64_destination[0] || u64_destination[1])) -+ ret[id++] = grub_xasprintf ("%s:gw %s/%d gw %s", dev->card_name, destination, route_table->prefix_length, gateway); -+ else if ((u64_gateway[0] || u64_gateway[1]) -+ && (!u64_destination[0] && !u64_destination[1])) -+ ret[id++] = grub_xasprintf ("%s:default %s/%d gw %s", dev->card_name, destination, route_table->prefix_length, gateway); -+ -+ grub_free (gateway); -+ grub_free (destination); -+ } -+ -+ ret[id] = NULL; -+ grub_free (interface_info); -+ return ret; -+} -+ -+static grub_efi_net_interface_t * -+grub_efi_ip6_interface_match (struct grub_efi_net_device *dev, grub_efi_net_ip_address_t *ip_address) -+{ -+ grub_efi_ip6_config_interface_info_t *interface_info; -+ grub_efi_net_interface_t *inf; -+ int i; -+ grub_efi_ipv6_address_t *address = &ip_address->ip6; -+ -+ interface_info = efi_ip6_config_interface_info (dev->ip6_config); -+ if (!interface_info) -+ return NULL; -+ -+ for (i = 0; i < (int)interface_info->route_count ; i++) -+ { -+ grub_uint64_t u64_addr[2]; -+ grub_uint64_t u64_subnet[2]; -+ grub_uint64_t u64_mask[2]; -+ -+ grub_efi_ip6_route_table_t *route_table = interface_info->route_table + i; -+ -+ /* SKIP Default GATEWAY */ -+ if (route_table->prefix_length == 0) -+ continue; -+ -+ u64_addr[0] = grub_get_unaligned64 (address); -+ u64_addr[1] = grub_get_unaligned64 (address + 4); -+ u64_subnet[0] = grub_get_unaligned64 (route_table->destination.addr); -+ u64_subnet[1] = grub_get_unaligned64 (route_table->destination.addr + 8); -+ u64_mask[0] = (route_table->prefix_length <= 64) ? -+ 0xffffffffffffffffULL << (64 - route_table->prefix_length) : -+ 0xffffffffffffffffULL; -+ u64_mask[1] = (route_table->prefix_length <= 64) ? -+ 0 : -+ 0xffffffffffffffffULL << (128 - route_table->prefix_length); -+ -+ if (((u64_addr[0] & u64_mask[0]) == u64_subnet[0]) -+ && ((u64_addr[1] & u64_mask[1]) == u64_subnet[1])) -+ { -+ for (inf = dev->net_interfaces; inf; inf = inf->next) -+ if (inf->prefer_ip6) -+ { -+ grub_free (interface_info); -+ return inf; -+ } -+ } -+ } -+ -+ grub_free (interface_info); -+ return NULL; -+} -+ -+static int -+grub_efi_ip6_interface_set_manual_address (struct grub_efi_net_device *dev, -+ grub_efi_net_ip_manual_address_t *net_ip, -+ int with_subnet) -+{ -+ grub_efi_status_t status; -+ grub_efi_ip6_config_manual_address_t *address = &net_ip->ip6; -+ -+ if (!with_subnet) -+ { -+ grub_efi_ip6_config_manual_address_t *manual_address = -+ efi_ip6_config_manual_address (dev->ip6_config); -+ -+ if (manual_address) -+ { -+ address->prefix_length = manual_address->prefix_length; -+ grub_free (manual_address); -+ } -+ else -+ { -+ /* XXX: */ -+ address->prefix_length = 64; -+ } -+ } -+ -+ status = efi_call_4 (dev->ip6_config->set_data, dev->ip6_config, -+ GRUB_EFI_IP6_CONFIG_DATA_TYPE_MANUAL_ADDRESS, -+ sizeof(*address), address); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ return 0; -+ -+ return 1; -+} -+ -+static int -+grub_efi_ip6_interface_set_gateway (struct grub_efi_net_device *dev, -+ grub_efi_net_ip_address_t *address) -+{ -+ grub_efi_status_t status; -+ -+ status = efi_call_4 (dev->ip6_config->set_data, dev->ip6_config, -+ GRUB_EFI_IP6_CONFIG_DATA_TYPE_GATEWAY, -+ sizeof (address->ip6), &address->ip6); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ return 0; -+ return 1; -+} -+ -+static int -+grub_efi_ip6_interface_set_dns (struct grub_efi_net_device *dev, -+ grub_efi_net_ip_address_t *address) -+{ -+ -+ grub_efi_status_t status; -+ -+ status = efi_call_4 (dev->ip6_config->set_data, dev->ip6_config, -+ GRUB_EFI_IP6_CONFIG_DATA_TYPE_DNSSERVER, -+ sizeof (address->ip6), &address->ip6); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ return 0; -+ return 1; -+} -+ -+grub_efi_net_ip_config_t *efi_net_ip6_config = &(grub_efi_net_ip_config_t) -+ { -+ .get_hw_address = grub_efi_ip6_interface_hw_address, -+ .get_address = grub_efi_ip6_interface_address, -+ .get_route_table = grub_efi_ip6_interface_route_table, -+ .best_interface = grub_efi_ip6_interface_match, -+ .set_address = grub_efi_ip6_interface_set_manual_address, -+ .set_gateway = grub_efi_ip6_interface_set_gateway, -+ .set_dns = grub_efi_ip6_interface_set_dns -+ }; -diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c -new file mode 100644 -index 0000000000..86bce6535d ---- /dev/null -+++ b/grub-core/net/efi/net.c -@@ -0,0 +1,1428 @@ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+GRUB_MOD_LICENSE ("GPLv3+"); -+ -+#define GRUB_EFI_IP6_PREFIX_LENGTH 64 -+ -+static grub_efi_guid_t ip4_config_guid = GRUB_EFI_IP4_CONFIG2_PROTOCOL_GUID; -+static grub_efi_guid_t ip6_config_guid = GRUB_EFI_IP6_CONFIG_PROTOCOL_GUID; -+static grub_efi_guid_t http_service_binding_guid = GRUB_EFI_HTTP_SERVICE_BINDING_PROTOCOL_GUID; -+static grub_efi_guid_t http_guid = GRUB_EFI_HTTP_PROTOCOL_GUID; -+static grub_efi_guid_t pxe_io_guid = GRUB_EFI_PXE_GUID; -+static grub_efi_guid_t dhcp4_service_binding_guid = GRUB_EFI_DHCP4_SERVICE_BINDING_PROTOCOL_GUID; -+static grub_efi_guid_t dhcp4_guid = GRUB_EFI_DHCP4_PROTOCOL_GUID; -+static grub_efi_guid_t dhcp6_service_binding_guid = GRUB_EFI_DHCP6_SERVICE_BINDING_PROTOCOL_GUID; -+static grub_efi_guid_t dhcp6_guid = GRUB_EFI_DHCP6_PROTOCOL_GUID; -+ -+struct grub_efi_net_device *net_devices; -+ -+static char *default_server; -+static grub_efi_net_interface_t *net_interface; -+static grub_efi_net_interface_t *net_default_interface; -+ -+#define efi_net_interface_configure(inf) inf->io->configure (inf->dev, inf->prefer_ip6) -+#define efi_net_interface_open(inf, file, name) inf->io->open (inf->dev, inf->prefer_ip6, file, name, inf->io_type) -+#define efi_net_interface_read(inf, file, buf, sz) inf->io->read (inf->dev, inf->prefer_ip6, file, buf, sz) -+#define efi_net_interface_close(inf, file) inf->io->close (inf->dev, inf->prefer_ip6, file) -+#define efi_net_interface(m,...) efi_net_interface_ ## m (net_interface, ## __VA_ARGS__) -+ -+static grub_efi_handle_t -+grub_efi_locate_device_path (grub_efi_guid_t *protocol, grub_efi_device_path_t *device_path, -+ grub_efi_device_path_t **r_device_path) -+{ -+ grub_efi_handle_t handle; -+ grub_efi_status_t status; -+ -+ status = efi_call_3 (grub_efi_system_table->boot_services->locate_device_path, -+ protocol, &device_path, &handle); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ return 0; -+ -+ if (r_device_path) -+ *r_device_path = device_path; -+ -+ return handle; -+} -+ -+static int -+url_parse_fields (const char *url, char **proto, char **host, char **path) -+{ -+ const char *p, *ps; -+ grub_size_t l; -+ -+ *proto = *host = *path = NULL; -+ ps = p = url; -+ -+ while ((p = grub_strchr (p, ':'))) -+ { -+ if (grub_strlen (p) < sizeof ("://") - 1) -+ break; -+ if (grub_memcmp (p, "://", sizeof ("://") - 1) == 0) -+ { -+ l = p - ps; -+ *proto = grub_malloc (l + 1); -+ if (!*proto) -+ { -+ grub_print_error (); -+ return 0; -+ } -+ -+ grub_memcpy (*proto, ps, l); -+ (*proto)[l] = '\0'; -+ p += sizeof ("://") - 1; -+ break; -+ } -+ ++p; -+ } -+ -+ if (!*proto) -+ { -+ grub_dprintf ("bootp", "url: %s is not valid, protocol not found\n", url); -+ return 0; -+ } -+ -+ ps = p; -+ p = grub_strchr (p, '/'); -+ -+ if (!p) -+ { -+ grub_dprintf ("bootp", "url: %s is not valid, host/path not found\n", url); -+ grub_free (*proto); -+ *proto = NULL; -+ return 0; -+ } -+ -+ l = p - ps; -+ -+ if (l > 2 && ps[0] == '[' && ps[l - 1] == ']') -+ { -+ *host = grub_malloc (l - 1); -+ if (!*host) -+ { -+ grub_print_error (); -+ grub_free (*proto); -+ *proto = NULL; -+ return 0; -+ } -+ grub_memcpy (*host, ps + 1, l - 2); -+ (*host)[l - 2] = 0; -+ } -+ else -+ { -+ *host = grub_malloc (l + 1); -+ if (!*host) -+ { -+ grub_print_error (); -+ grub_free (*proto); -+ *proto = NULL; -+ return 0; -+ } -+ grub_memcpy (*host, ps, l); -+ (*host)[l] = 0; -+ } -+ -+ *path = grub_strdup (p); -+ if (!*path) -+ { -+ grub_print_error (); -+ grub_free (*host); -+ grub_free (*proto); -+ *host = NULL; -+ *proto = NULL; -+ return 0; -+ } -+ return 1; -+} -+ -+static void -+url_get_boot_location (const char *url, char **device, char **path, int is_default) -+{ -+ char *protocol, *server, *file; -+ char *slash; -+ -+ if (!url_parse_fields (url, &protocol, &server, &file)) -+ return; -+ -+ if ((slash = grub_strrchr (file, '/'))) -+ *slash = 0; -+ else -+ *file = 0; -+ -+ *device = grub_xasprintf ("%s,%s", protocol, server); -+ *path = grub_strdup(file); -+ -+ if (is_default) -+ default_server = server; -+ else -+ grub_free (server); -+ -+ grub_free (protocol); -+ grub_free (file); -+} -+ -+static void -+pxe_get_boot_location (const struct grub_net_bootp_packet *bp, -+ char **device, -+ char **path, -+ int is_default) -+{ -+ char *server = grub_xasprintf ("%d.%d.%d.%d", -+ ((grub_uint8_t *) &bp->server_ip)[0], -+ ((grub_uint8_t *) &bp->server_ip)[1], -+ ((grub_uint8_t *) &bp->server_ip)[2], -+ ((grub_uint8_t *) &bp->server_ip)[3]); -+ -+ *device = grub_xasprintf ("tftp,%s", server); -+ -+ *path = grub_strndup (bp->boot_file, sizeof (bp->boot_file)); -+ -+ if (*path) -+ { -+ char *slash; -+ slash = grub_strrchr (*path, '/'); -+ if (slash) -+ *slash = 0; -+ else -+ **path = 0; -+ } -+ -+ if (is_default) -+ default_server = server; -+ else -+ grub_free (server); -+} -+ -+static void -+pxe_get_boot_location_v6 (const struct grub_net_dhcp6_packet *dp, -+ grub_size_t dhcp_size, -+ char **device, -+ char **path) -+{ -+ -+ struct grub_net_dhcp6_option *dhcp_opt; -+ grub_size_t dhcp_remain_size; -+ *device = *path = 0; -+ -+ if (dhcp_size < sizeof (*dp)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("DHCPv6 packet size too small")); -+ return; -+ } -+ -+ dhcp_remain_size = dhcp_size - sizeof (*dp); -+ dhcp_opt = (struct grub_net_dhcp6_option *)dp->dhcp_options; -+ -+ while (dhcp_remain_size) -+ { -+ grub_uint16_t code = grub_be_to_cpu16 (dhcp_opt->code); -+ grub_uint16_t len = grub_be_to_cpu16 (dhcp_opt->len); -+ grub_uint16_t option_size = sizeof (*dhcp_opt) + len; -+ -+ if (dhcp_remain_size < option_size || code == 0) -+ break; -+ -+ if (code == GRUB_NET_DHCP6_OPTION_BOOTFILE_URL) -+ { -+ char *url = grub_malloc (len + 1); -+ -+ grub_memcpy (url, dhcp_opt->data, len); -+ url[len] = 0; -+ -+ url_get_boot_location ((const char *)url, device, path, 1); -+ grub_free (url); -+ break; -+ } -+ -+ dhcp_remain_size -= option_size; -+ dhcp_opt = (struct grub_net_dhcp6_option *)((grub_uint8_t *)dhcp_opt + option_size); -+ } -+} -+ -+static grub_efi_net_interface_t * -+grub_efi_net_config_from_device_path (grub_efi_device_path_t *dp, -+ struct grub_efi_net_device *netdev, -+ char **device, -+ char **path) -+{ -+ grub_efi_net_interface_t *inf = NULL; -+ -+ while (1) -+ { -+ grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); -+ grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); -+ grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); -+ -+ if (type == GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE) -+ { -+ if (subtype == GRUB_EFI_URI_DEVICE_PATH_SUBTYPE) -+ { -+ grub_efi_uri_device_path_t *uri_dp; -+ uri_dp = (grub_efi_uri_device_path_t *) dp; -+ /* Beware that uri_dp->uri may not be null terminated */ -+ url_get_boot_location ((const char *)uri_dp->uri, device, path, 1); -+ } -+ else if (subtype == GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE) -+ { -+ grub_efi_net_ip_manual_address_t net_ip; -+ grub_efi_ipv4_device_path_t *ipv4 = (grub_efi_ipv4_device_path_t *) dp; -+ -+ if (inf) -+ continue; -+ grub_memcpy (net_ip.ip4.address, ipv4->local_ip_address, sizeof (net_ip.ip4.address)); -+ grub_memcpy (net_ip.ip4.subnet_mask, ipv4->subnet_mask, sizeof (net_ip.ip4.subnet_mask)); -+ net_ip.is_ip6 = 0; -+ inf = grub_efi_net_create_interface (netdev, -+ netdev->card_name, -+ &net_ip, -+ 1); -+ } -+ else if (subtype == GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE) -+ { -+ grub_efi_net_ip_manual_address_t net_ip; -+ grub_efi_ipv6_device_path_t *ipv6 = (grub_efi_ipv6_device_path_t *) dp; -+ -+ if (inf) -+ continue; -+ grub_memcpy (net_ip.ip6.address, ipv6->local_ip_address, sizeof (net_ip.ip6.address)); -+ net_ip.ip6.prefix_length = GRUB_EFI_IP6_PREFIX_LENGTH; -+ net_ip.ip6.is_anycast = 0; -+ net_ip.is_ip6 = 1; -+ inf = grub_efi_net_create_interface (netdev, -+ netdev->card_name, -+ &net_ip, -+ 1); -+ } -+ } -+ -+ if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp)) -+ break; -+ dp = (grub_efi_device_path_t *) ((char *) dp + len); -+ } -+ -+ return inf; -+} -+ -+static grub_efi_net_interface_t * -+grub_efi_net_config_from_handle (grub_efi_handle_t *hnd, -+ struct grub_efi_net_device *netdev, -+ char **device, -+ char **path) -+{ -+ grub_efi_pxe_t *pxe = NULL; -+ -+ if (hnd == netdev->ip4_pxe_handle) -+ pxe = netdev->ip4_pxe; -+ else if (hnd == netdev->ip6_pxe_handle) -+ pxe = netdev->ip6_pxe; -+ -+ if (!pxe) -+ return (grub_efi_net_config_from_device_path ( -+ grub_efi_get_device_path (hnd), -+ netdev, -+ device, -+ path)); -+ -+ if (pxe->mode->using_ipv6) -+ { -+ grub_efi_net_ip_manual_address_t net_ip; -+ -+ pxe_get_boot_location_v6 ( -+ (const struct grub_net_dhcp6_packet *) &pxe->mode->dhcp_ack, -+ sizeof (pxe->mode->dhcp_ack), -+ device, -+ path); -+ -+ grub_memcpy (net_ip.ip6.address, pxe->mode->station_ip.v6, sizeof(net_ip.ip6.address)); -+ net_ip.ip6.prefix_length = GRUB_EFI_IP6_PREFIX_LENGTH; -+ net_ip.ip6.is_anycast = 0; -+ net_ip.is_ip6 = 1; -+ return (grub_efi_net_create_interface (netdev, -+ netdev->card_name, -+ &net_ip, -+ 1)); -+ } -+ else -+ { -+ grub_efi_net_ip_manual_address_t net_ip; -+ -+ pxe_get_boot_location ( -+ (const struct grub_net_bootp_packet *) &pxe->mode->dhcp_ack, -+ device, -+ path, -+ 1); -+ -+ grub_memcpy (net_ip.ip4.address, pxe->mode->station_ip.v4, sizeof (net_ip.ip4.address)); -+ grub_memcpy (net_ip.ip4.subnet_mask, pxe->mode->subnet_mask.v4, sizeof (net_ip.ip4.subnet_mask)); -+ net_ip.is_ip6 = 0; -+ return (grub_efi_net_create_interface (netdev, -+ netdev->card_name, -+ &net_ip, -+ 1)); -+ } -+} -+ -+static const char * -+grub_efi_net_var_get_address (struct grub_env_var *var, -+ const char *val __attribute__ ((unused))) -+{ -+ struct grub_efi_net_device *dev; -+ -+ for (dev = net_devices; dev; dev = dev->next) -+ { -+ grub_efi_net_interface_t *inf; -+ -+ for (inf = dev->net_interfaces; inf; inf = inf->next) -+ { -+ char *var_name; -+ -+ var_name = grub_xasprintf ("net_%s_ip", inf->name); -+ if (grub_strcmp (var_name, var->name) == 0) -+ return efi_net_interface_get_address (inf); -+ grub_free (var_name); -+ var_name = grub_xasprintf ("net_%s_mac", inf->name); -+ if (grub_strcmp (var_name, var->name) == 0) -+ return efi_net_interface_get_hw_address (inf); -+ grub_free (var_name); -+ } -+ } -+ -+ return NULL; -+} -+ -+static char * -+grub_efi_net_var_set_interface (struct grub_env_var *var __attribute__ ((unused)), -+ const char *val) -+{ -+ struct grub_efi_net_device *dev; -+ grub_efi_net_interface_t *inf; -+ -+ for (dev = net_devices; dev; dev = dev->next) -+ for (inf = dev->net_interfaces; inf; inf = inf->next) -+ if (grub_strcmp (inf->name, val) == 0) -+ { -+ net_default_interface = inf; -+ return grub_strdup (val); -+ } -+ -+ return NULL; -+} -+ -+static char * -+grub_efi_net_var_set_server (struct grub_env_var *var __attribute__ ((unused)), -+ const char *val) -+{ -+ grub_free (default_server); -+ default_server = grub_strdup (val); -+ return grub_strdup (val); -+} -+ -+static const char * -+grub_efi_net_var_get_server (struct grub_env_var *var __attribute__ ((unused)), -+ const char *val __attribute__ ((unused))) -+{ -+ return default_server ? : ""; -+} -+ -+static const char * -+grub_efi_net_var_get_ip (struct grub_env_var *var __attribute__ ((unused)), -+ const char *val __attribute__ ((unused))) -+{ -+ const char *intf = grub_env_get ("net_default_interface"); -+ const char *ret = NULL; -+ if (intf) -+ { -+ char *buf = grub_xasprintf ("net_%s_ip", intf); -+ if (buf) -+ ret = grub_env_get (buf); -+ grub_free (buf); -+ } -+ return ret; -+} -+ -+static const char * -+grub_efi_net_var_get_mac (struct grub_env_var *var __attribute__ ((unused)), -+ const char *val __attribute__ ((unused))) -+{ -+ const char *intf = grub_env_get ("net_default_interface"); -+ const char *ret = NULL; -+ if (intf) -+ { -+ char *buf = grub_xasprintf ("net_%s_mac", intf); -+ if (buf) -+ ret = grub_env_get (buf); -+ grub_free (buf); -+ } -+ return ret; -+} -+ -+static void -+grub_efi_net_export_interface_vars (void) -+{ -+ struct grub_efi_net_device *dev; -+ -+ for (dev = net_devices; dev; dev = dev->next) -+ { -+ grub_efi_net_interface_t *inf; -+ -+ for (inf = dev->net_interfaces; inf; inf = inf->next) -+ { -+ char *var; -+ -+ var = grub_xasprintf ("net_%s_ip", inf->name); -+ grub_register_variable_hook (var, grub_efi_net_var_get_address, 0); -+ grub_env_export (var); -+ grub_free (var); -+ var = grub_xasprintf ("net_%s_mac", inf->name); -+ grub_register_variable_hook (var, grub_efi_net_var_get_address, 0); -+ grub_env_export (var); -+ grub_free (var); -+ } -+ } -+} -+ -+static void -+grub_efi_net_unset_interface_vars (void) -+{ -+ struct grub_efi_net_device *dev; -+ -+ for (dev = net_devices; dev; dev = dev->next) -+ { -+ grub_efi_net_interface_t *inf; -+ -+ for (inf = dev->net_interfaces; inf; inf = inf->next) -+ { -+ char *var; -+ -+ var = grub_xasprintf ("net_%s_ip", inf->name); -+ grub_register_variable_hook (var, 0, 0); -+ grub_env_unset (var); -+ grub_free (var); -+ var = grub_xasprintf ("net_%s_mac", inf->name); -+ grub_register_variable_hook (var, 0, 0); -+ grub_env_unset (var); -+ grub_free (var); -+ } -+ } -+} -+ -+grub_efi_net_interface_t * -+grub_efi_net_create_interface (struct grub_efi_net_device *dev, -+ const char *interface_name, -+ grub_efi_net_ip_manual_address_t *net_ip, -+ int has_subnet) -+{ -+ grub_efi_net_interface_t *inf; -+ -+ for (inf = dev->net_interfaces; inf; inf = inf->next) -+ { -+ if (inf->prefer_ip6 == net_ip->is_ip6) -+ break; -+ } -+ -+ if (!inf) -+ { -+ inf = grub_malloc (sizeof(*inf)); -+ inf->name = grub_strdup (interface_name); -+ inf->prefer_ip6 = net_ip->is_ip6; -+ inf->dev = dev; -+ inf->next = dev->net_interfaces; -+ inf->ip_config = (net_ip->is_ip6) ? efi_net_ip6_config : efi_net_ip4_config ; -+ dev->net_interfaces = inf; -+ } -+ else -+ { -+ grub_free (inf->name); -+ inf->name = grub_strdup (interface_name); -+ } -+ -+ if (!efi_net_interface_set_address (inf, net_ip, has_subnet)) -+ { -+ grub_error (GRUB_ERR_BUG, N_("Set Address Failed")); -+ return NULL; -+ } -+ -+ return inf; -+} -+ -+static void -+grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, -+ char **path) -+{ -+ grub_efi_handle_t config_hnd; -+ -+ struct grub_efi_net_device *netdev; -+ grub_efi_net_interface_t *inf; -+ -+ config_hnd = grub_efi_locate_device_path (&ip4_config_guid, grub_efi_get_device_path (hnd), NULL); -+ -+ if (!config_hnd) -+ return; -+ -+ for (netdev = net_devices; netdev; netdev = netdev->next) -+ if (netdev->handle == config_hnd) -+ break; -+ -+ if (!netdev) -+ return; -+ -+ if (!(inf = grub_efi_net_config_from_handle (hnd, netdev, device, path))) -+ return; -+ -+ grub_env_set ("net_default_interface", inf->name); -+ grub_efi_net_export_interface_vars (); -+} -+ -+static grub_err_t -+grub_efi_netfs_dir (grub_device_t device, const char *path __attribute__ ((unused)), -+ grub_fs_dir_hook_t hook __attribute__ ((unused)), -+ void *hook_data __attribute__ ((unused))) -+{ -+ if (!device->net) -+ return grub_error (GRUB_ERR_BUG, "invalid net device"); -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+grub_efi_netfs_open (struct grub_file *file_out __attribute__ ((unused)), -+ const char *name __attribute__ ((unused))) -+{ -+ struct grub_file *file, *bufio; -+ -+ file = grub_malloc (sizeof (*file)); -+ if (!file) -+ return grub_errno; -+ -+ grub_memcpy (file, file_out, sizeof (struct grub_file)); -+ file->device->net->name = grub_strdup (name); -+ -+ if (!file->device->net->name) -+ { -+ grub_free (file); -+ return grub_errno; -+ } -+ -+ efi_net_interface(open, file, name); -+ grub_print_error (); -+ -+ bufio = grub_bufio_open (file, 32768); -+ if (!bufio) -+ { -+ grub_free (file->device->net->name); -+ grub_free (file); -+ return grub_errno; -+ } -+ grub_memcpy (file_out, bufio, sizeof (struct grub_file)); -+ grub_free (bufio); -+ -+ return GRUB_ERR_NONE; -+} -+ -+static grub_ssize_t -+grub_efihttp_chunk_read (grub_file_t file, char *buf, -+ grub_size_t len, grub_size_t chunk_size) -+{ -+ char *chunk = grub_malloc (chunk_size); -+ grub_size_t sum = 0; -+ -+ while (len) -+ { -+ grub_ssize_t rd; -+ grub_size_t sz = (len > chunk_size) ? chunk_size : len; -+ -+ rd = efi_net_interface (read, file, chunk, sz); -+ -+ if (rd <= 0) -+ return rd; -+ -+ if (buf) -+ { -+ grub_memcpy (buf, chunk, rd); -+ buf += rd; -+ } -+ sum += rd; -+ len -= rd; -+ } -+ -+ grub_free (chunk); -+ return sum; -+} -+ -+static grub_ssize_t -+grub_efi_netfs_read (grub_file_t file __attribute__ ((unused)), -+ char *buf __attribute__ ((unused)), grub_size_t len __attribute__ ((unused))) -+{ -+ if (file->offset > file->device->net->offset) -+ { -+ grub_efihttp_chunk_read (file, NULL, file->offset - file->device->net->offset, 10240); -+ } -+ else if (file->offset < file->device->net->offset) -+ { -+ efi_net_interface (close, file); -+ efi_net_interface (open, file, file->device->net->name); -+ if (file->offset) -+ grub_efihttp_chunk_read (file, NULL, file->offset, 10240); -+ } -+ -+ return efi_net_interface (read, file, buf, len); -+} -+ -+static grub_err_t -+grub_efi_netfs_close (grub_file_t file) -+{ -+ efi_net_interface (close, file); -+ return GRUB_ERR_NONE; -+} -+ -+static grub_efi_handle_t -+grub_efi_service_binding (grub_efi_handle_t dev, grub_efi_guid_t *service_binding_guid) -+{ -+ grub_efi_service_binding_t *service; -+ grub_efi_status_t status; -+ grub_efi_handle_t child_dev = NULL; -+ -+ service = grub_efi_open_protocol (dev, service_binding_guid, GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); -+ if (!service) -+ { -+ grub_error (GRUB_ERR_IO, N_("couldn't open efi service binding protocol")); -+ return NULL; -+ } -+ -+ status = efi_call_2 (service->create_child, service, &child_dev); -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_error (GRUB_ERR_IO, N_("Failed to create child device of http service %x"), status); -+ return NULL; -+ } -+ -+ return child_dev; -+} -+ -+static grub_err_t -+grub_efi_net_parse_address (const char *address, -+ grub_efi_ip4_config2_manual_address_t *ip4, -+ grub_efi_ip6_config_manual_address_t *ip6, -+ int *is_ip6, -+ int *has_cidr) -+{ -+ const char *rest; -+ -+ if (grub_efi_string_to_ip4_address (address, &ip4->address, &rest)) -+ { -+ *is_ip6 = 0; -+ if (*rest == '/') -+ { -+ grub_uint32_t subnet_mask_size; -+ -+ subnet_mask_size = grub_strtoul (rest + 1, (char **) &rest, 0); -+ -+ if (!grub_errno && subnet_mask_size <= 32 && *rest == 0) -+ { -+ grub_uint32_t subnet_mask; -+ -+ subnet_mask = grub_cpu_to_be32 ((0xffffffffU << (32 - subnet_mask_size))); -+ grub_memcpy (ip4->subnet_mask, &subnet_mask, sizeof (ip4->subnet_mask)); -+ if (has_cidr) -+ *has_cidr = 1; -+ return GRUB_ERR_NONE; -+ } -+ } -+ else if (*rest == 0) -+ { -+ grub_uint32_t subnet_mask = 0xffffffffU; -+ grub_memcpy (ip4->subnet_mask, &subnet_mask, sizeof (ip4->subnet_mask)); -+ if (has_cidr) -+ *has_cidr = 0; -+ return GRUB_ERR_NONE; -+ } -+ } -+ else if (grub_efi_string_to_ip6_address (address, &ip6->address, &rest)) -+ { -+ *is_ip6 = 1; -+ if (*rest == '/') -+ { -+ grub_efi_uint8_t prefix_length; -+ -+ prefix_length = grub_strtoul (rest + 1, (char **) &rest, 0); -+ if (!grub_errno && prefix_length <= 128 && *rest == 0) -+ { -+ ip6->prefix_length = prefix_length; -+ ip6->is_anycast = 0; -+ if (has_cidr) -+ *has_cidr = 1; -+ return GRUB_ERR_NONE; -+ } -+ } -+ else if (*rest == 0) -+ { -+ ip6->prefix_length = 128; -+ ip6->is_anycast = 0; -+ if (has_cidr) -+ *has_cidr = 0; -+ return GRUB_ERR_NONE; -+ } -+ } -+ -+ return grub_error (GRUB_ERR_NET_BAD_ADDRESS, -+ N_("unrecognised network address `%s'"), -+ address); -+} -+ -+static grub_efi_net_interface_t * -+match_route (const char *server) -+{ -+ grub_err_t err; -+ grub_efi_ip4_config2_manual_address_t ip4; -+ grub_efi_ip6_config_manual_address_t ip6; -+ grub_efi_net_interface_t *inf; -+ int is_ip6 = 0; -+ -+ err = grub_efi_net_parse_address (server, &ip4, &ip6, &is_ip6, 0); -+ -+ if (err) -+ { -+ grub_print_error (); -+ return NULL; -+ } -+ -+ if (is_ip6) -+ { -+ struct grub_efi_net_device *dev; -+ grub_efi_net_ip_address_t addr; -+ -+ grub_memcpy (addr.ip6, ip6.address, sizeof(ip6.address)); -+ -+ for (dev = net_devices; dev; dev = dev->next) -+ if ((inf = efi_net_ip6_config->best_interface (dev, &addr))) -+ return inf; -+ } -+ else -+ { -+ struct grub_efi_net_device *dev; -+ grub_efi_net_ip_address_t addr; -+ -+ grub_memcpy (addr.ip4, ip4.address, sizeof(ip4.address)); -+ -+ for (dev = net_devices; dev; dev = dev->next) -+ if ((inf = efi_net_ip4_config->best_interface (dev, &addr))) -+ return inf; -+ } -+ -+ return 0; -+} -+ -+static void -+grub_efi_net_add_pxebc_to_cards (void) -+{ -+ grub_efi_uintn_t num_handles; -+ grub_efi_handle_t *handles; -+ grub_efi_handle_t *handle; -+ -+ handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, &pxe_io_guid, -+ 0, &num_handles); -+ if (!handles) -+ return; -+ -+ for (handle = handles; num_handles--; handle++) -+ { -+ grub_efi_device_path_t *dp, *ddp, *ldp; -+ grub_efi_pxe_t *pxe; -+ struct grub_efi_net_device *d; -+ int is_ip6 = 0; -+ -+ dp = grub_efi_get_device_path (*handle); -+ if (!dp) -+ continue; -+ -+ ddp = grub_efi_duplicate_device_path (dp); -+ ldp = grub_efi_find_last_device_path (ddp); -+ -+ if (ldp->type == GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE -+ && ldp->subtype == GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE) -+ { -+ ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; -+ ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; -+ ldp->length = sizeof (*ldp); -+ } -+ else if (ldp->type == GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE -+ && ldp->subtype == GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE) -+ { -+ is_ip6 = 1; -+ ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; -+ ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; -+ ldp->length = sizeof (*ldp); -+ } -+ -+ for (d = net_devices; d; d = d->next) -+ if (grub_efi_compare_device_paths (ddp, grub_efi_get_device_path (d->handle)) == 0) -+ break; -+ -+ if (!d) -+ { -+ grub_free (ddp); -+ continue; -+ } -+ -+ pxe = grub_efi_open_protocol (*handle, &pxe_io_guid, -+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); -+ -+ if (!pxe) -+ { -+ grub_free (ddp); -+ continue; -+ } -+ -+ if (is_ip6) -+ { -+ d->ip6_pxe_handle = *handle; -+ d->ip6_pxe = pxe; -+ } -+ else -+ { -+ d->ip4_pxe_handle = *handle; -+ d->ip4_pxe = pxe; -+ } -+ -+ grub_free (ddp); -+ } -+ -+ grub_free (handles); -+} -+ -+static void -+set_ip_policy_to_static (void) -+{ -+ struct grub_efi_net_device *dev; -+ -+ for (dev = net_devices; dev; dev = dev->next) -+ { -+ grub_efi_ip4_config2_policy_t ip4_policy = GRUB_EFI_IP4_CONFIG2_POLICY_STATIC; -+ -+ if (efi_call_4 (dev->ip4_config->set_data, dev->ip4_config, -+ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_POLICY, -+ sizeof (ip4_policy), &ip4_policy) != GRUB_EFI_SUCCESS) -+ grub_dprintf ("efinetfs", "could not set GRUB_EFI_IP4_CONFIG2_POLICY_STATIC on dev `%s'", dev->card_name); -+ -+ if (dev->ip6_config) -+ { -+ grub_efi_ip6_config_policy_t ip6_policy = GRUB_EFI_IP6_CONFIG_POLICY_MANUAL; -+ -+ if (efi_call_4 (dev->ip6_config->set_data, dev->ip6_config, -+ GRUB_EFI_IP6_CONFIG_DATA_TYPE_POLICY, -+ sizeof (ip6_policy), &ip6_policy) != GRUB_EFI_SUCCESS) -+ grub_dprintf ("efinetfs", "could not set GRUB_EFI_IP6_CONFIG_POLICY_MANUAL on dev `%s'", dev->card_name); -+ } -+ } -+} -+ -+/* FIXME: Do not fail if the card did not support any of the protocol (Eg http) */ -+static void -+grub_efi_net_find_cards (void) -+{ -+ grub_efi_uintn_t num_handles; -+ grub_efi_handle_t *handles; -+ grub_efi_handle_t *handle; -+ int id; -+ -+ handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, &ip4_config_guid, -+ 0, &num_handles); -+ if (!handles) -+ return; -+ -+ for (id = 0, handle = handles; num_handles--; handle++, id++) -+ { -+ grub_efi_device_path_t *dp; -+ grub_efi_ip4_config2_protocol_t *ip4_config; -+ grub_efi_ip6_config_protocol_t *ip6_config; -+ grub_efi_handle_t http_handle; -+ grub_efi_http_t *http; -+ grub_efi_handle_t dhcp4_handle; -+ grub_efi_dhcp4_protocol_t *dhcp4; -+ grub_efi_handle_t dhcp6_handle; -+ grub_efi_dhcp6_protocol_t *dhcp6; -+ -+ struct grub_efi_net_device *d; -+ -+ dp = grub_efi_get_device_path (*handle); -+ if (!dp) -+ continue; -+ -+ ip4_config = grub_efi_open_protocol (*handle, &ip4_config_guid, -+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); -+ if (!ip4_config) -+ continue; -+ -+ ip6_config = grub_efi_open_protocol (*handle, &ip6_config_guid, -+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); -+ -+ http_handle = grub_efi_service_binding (*handle, &http_service_binding_guid); -+ grub_errno = GRUB_ERR_NONE; -+ http = (http_handle) -+ ? grub_efi_open_protocol (http_handle, &http_guid, GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL) -+ : NULL; -+ -+ dhcp4_handle = grub_efi_service_binding (*handle, &dhcp4_service_binding_guid); -+ grub_errno = GRUB_ERR_NONE; -+ dhcp4 = (dhcp4_handle) -+ ? grub_efi_open_protocol (dhcp4_handle, &dhcp4_guid, GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL) -+ : NULL; -+ -+ -+ dhcp6_handle = grub_efi_service_binding (*handle, &dhcp6_service_binding_guid); -+ grub_errno = GRUB_ERR_NONE; -+ dhcp6 = (dhcp6_handle) -+ ? grub_efi_open_protocol (dhcp6_handle, &dhcp6_guid, GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL) -+ : NULL; -+ -+ d = grub_malloc (sizeof (*d)); -+ if (!d) -+ { -+ grub_free (handles); -+ while (net_devices) -+ { -+ d = net_devices->next; -+ grub_free (net_devices); -+ net_devices = d; -+ } -+ return; -+ } -+ d->handle = *handle; -+ d->ip4_config = ip4_config; -+ d->ip6_config = ip6_config; -+ d->http_handle = http_handle; -+ d->http = http; -+ d->dhcp4_handle = dhcp4_handle; -+ d->dhcp4 = dhcp4; -+ d->dhcp6_handle = dhcp6_handle; -+ d->dhcp6 = dhcp6; -+ d->next = net_devices; -+ d->card_name = grub_xasprintf ("efinet%d", id); -+ d->net_interfaces = NULL; -+ net_devices = d; -+ } -+ -+ grub_efi_net_add_pxebc_to_cards (); -+ grub_free (handles); -+ set_ip_policy_to_static (); -+} -+ -+static void -+listroutes_ip4 (struct grub_efi_net_device *netdev) -+{ -+ char **routes; -+ -+ routes = NULL; -+ -+ if ((routes = efi_net_ip4_config->get_route_table (netdev))) -+ { -+ char **r; -+ -+ for (r = routes; *r; ++r) -+ grub_printf ("%s\n", *r); -+ } -+ -+ if (routes) -+ { -+ char **r; -+ -+ for (r = routes; *r; ++r) -+ grub_free (*r); -+ grub_free (routes); -+ } -+} -+ -+static void -+listroutes_ip6 (struct grub_efi_net_device *netdev) -+{ -+ char **routes; -+ -+ routes = NULL; -+ -+ if ((routes = efi_net_ip6_config->get_route_table (netdev))) -+ { -+ char **r; -+ -+ for (r = routes; *r; ++r) -+ grub_printf ("%s\n", *r); -+ } -+ -+ if (routes) -+ { -+ char **r; -+ -+ for (r = routes; *r; ++r) -+ grub_free (*r); -+ grub_free (routes); -+ } -+} -+ -+static grub_err_t -+grub_cmd_efi_listroutes (struct grub_command *cmd __attribute__ ((unused)), -+ int argc __attribute__ ((unused)), -+ char **args __attribute__ ((unused))) -+{ -+ struct grub_efi_net_device *netdev; -+ -+ for (netdev = net_devices; netdev; netdev = netdev->next) -+ { -+ listroutes_ip4 (netdev); -+ listroutes_ip6 (netdev); -+ } -+ -+ return GRUB_ERR_NONE; -+} -+static grub_err_t -+grub_cmd_efi_listcards (struct grub_command *cmd __attribute__ ((unused)), -+ int argc __attribute__ ((unused)), -+ char **args __attribute__ ((unused))) -+{ -+ struct grub_efi_net_device *dev; -+ -+ for (dev = net_devices; dev; dev = dev->next) -+ { -+ char *hw_addr; -+ -+ hw_addr = efi_net_ip4_config->get_hw_address (dev); -+ -+ if (hw_addr) -+ { -+ grub_printf ("%s %s\n", dev->card_name, hw_addr); -+ grub_free (hw_addr); -+ } -+ } -+ -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+grub_cmd_efi_listaddrs (struct grub_command *cmd __attribute__ ((unused)), -+ int argc __attribute__ ((unused)), -+ char **args __attribute__ ((unused))) -+{ -+ struct grub_efi_net_device *dev; -+ grub_efi_net_interface_t *inf; -+ -+ for (dev = net_devices; dev; dev = dev->next) -+ for (inf = dev->net_interfaces; inf; inf = inf->next) -+ { -+ char *hw_addr = NULL; -+ char *addr = NULL; -+ -+ if ((hw_addr = efi_net_interface_get_hw_address (inf)) -+ && (addr = efi_net_interface_get_address (inf))) -+ grub_printf ("%s %s %s\n", inf->name, hw_addr, addr); -+ -+ if (hw_addr) -+ grub_free (hw_addr); -+ if (addr) -+ grub_free (addr); -+ } -+ -+ return GRUB_ERR_NONE; -+} -+ -+/* FIXME: support MAC specifying. */ -+static grub_err_t -+grub_cmd_efi_addaddr (struct grub_command *cmd __attribute__ ((unused)), -+ int argc, char **args) -+{ -+ struct grub_efi_net_device *dev; -+ grub_err_t err; -+ grub_efi_ip4_config2_manual_address_t ip4; -+ grub_efi_ip6_config_manual_address_t ip6; -+ grub_efi_net_ip_manual_address_t net_ip; -+ int is_ip6 = 0; -+ int cidr = 0; -+ -+ if (argc != 3) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("three arguments expected")); -+ -+ for (dev = net_devices; dev; dev = dev->next) -+ { -+ if (grub_strcmp (dev->card_name, args[1]) == 0) -+ break; -+ } -+ -+ if (!dev) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("card not found")); -+ -+ err = grub_efi_net_parse_address (args[2], &ip4, &ip6, &is_ip6, &cidr); -+ -+ if (err) -+ return err; -+ -+ net_ip.is_ip6 = is_ip6; -+ if (is_ip6) -+ grub_memcpy (&net_ip.ip6, &ip6, sizeof(net_ip.ip6)); -+ else -+ grub_memcpy (&net_ip.ip4, &ip4, sizeof(net_ip.ip4)); -+ -+ if (!grub_efi_net_create_interface (dev, -+ args[0], -+ &net_ip, -+ cidr)) -+ return grub_errno; -+ -+ return GRUB_ERR_NONE; -+} -+ -+static struct grub_fs grub_efi_netfs; -+ -+static grub_net_t -+grub_net_open_real (const char *name __attribute__ ((unused))) -+{ -+ grub_size_t protnamelen; -+ const char *protname, *server; -+ grub_net_t ret; -+ -+ net_interface = NULL; -+ -+ if (grub_strncmp (name, "pxe:", sizeof ("pxe:") - 1) == 0) -+ { -+ protname = "tftp"; -+ protnamelen = sizeof ("tftp") - 1; -+ server = name + sizeof ("pxe:") - 1; -+ } -+ else if (grub_strcmp (name, "pxe") == 0) -+ { -+ protname = "tftp"; -+ protnamelen = sizeof ("tftp") - 1; -+ server = default_server; -+ } -+ else -+ { -+ const char *comma; -+ -+ comma = grub_strchr (name, ','); -+ if (comma) -+ { -+ protnamelen = comma - name; -+ server = comma + 1; -+ protname = name; -+ } -+ else -+ { -+ protnamelen = grub_strlen (name); -+ server = default_server; -+ protname = name; -+ } -+ } -+ -+ if (!server) -+ { -+ grub_error (GRUB_ERR_NET_BAD_ADDRESS, -+ N_("no server is specified")); -+ return NULL; -+ } -+ -+ /*FIXME: Use DNS translate name to address */ -+ net_interface = match_route (server); -+ -+ /*XXX: should we check device with default gateway ? */ -+ if (!net_interface && !(net_interface = net_default_interface)) -+ { -+ grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("disk `%s' no route found"), -+ name); -+ return NULL; -+ } -+ -+ if ((protnamelen == (sizeof ("https") - 1) -+ && grub_memcmp ("https", protname, protnamelen) == 0)) -+ { -+ net_interface->io = &io_http; -+ net_interface->io_type = 1; -+ } -+ else if ((protnamelen == (sizeof ("http") - 1) -+ && grub_memcmp ("http", protname, protnamelen) == 0)) -+ { -+ net_interface->io = &io_http; -+ net_interface->io_type = 0; -+ } -+ else if (protnamelen == (sizeof ("tftp") - 1) -+ && grub_memcmp ("tftp", protname, protnamelen) == 0) -+ { -+ net_interface->io = &io_pxe; -+ net_interface->io_type = 0; -+ } -+ else -+ { -+ grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("disk `%s' not found"), -+ name); -+ return NULL; -+ } -+ -+ /*XXX: Should we try to avoid doing excess "reconfigure" here ??? */ -+ efi_net_interface (configure); -+ -+ ret = grub_zalloc (sizeof (*ret)); -+ if (!ret) -+ return NULL; -+ -+ ret->server = grub_strdup (server); -+ if (!ret->server) -+ { -+ grub_free (ret); -+ return NULL; -+ } -+ -+ ret->fs = &grub_efi_netfs; -+ return ret; -+} -+#if 0 -+static grub_command_t cmd_efi_lsaddr; -+static grub_command_t cmd_efi_lscards; -+static grub_command_t cmd_efi_lsroutes; -+static grub_command_t cmd_efi_addaddr; -+#endif -+ -+static struct grub_fs grub_efi_netfs = -+ { -+ .name = "efi netfs", -+ .fs_dir = grub_efi_netfs_dir, -+ .fs_open = grub_efi_netfs_open, -+ .fs_read = grub_efi_netfs_read, -+ .fs_close = grub_efi_netfs_close, -+ .fs_label = NULL, -+ .fs_uuid = NULL, -+ .fs_mtime = NULL, -+ }; -+ -+int -+grub_efi_net_boot_from_https (void) -+{ -+ grub_efi_loaded_image_t *image = NULL; -+ grub_efi_device_path_t *dp; -+ -+ image = grub_efi_get_loaded_image (grub_efi_image_handle); -+ if (!image) -+ return 0; -+ -+ dp = grub_efi_get_device_path (image->device_handle); -+ -+ while (1) -+ { -+ grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); -+ grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); -+ grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); -+ -+ if ((type == GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE) -+ && (subtype == GRUB_EFI_URI_DEVICE_PATH_SUBTYPE)) -+ { -+ grub_efi_uri_device_path_t *uri_dp = (grub_efi_uri_device_path_t *) dp; -+ return (grub_strncmp ((const char*)uri_dp->uri, "https://", sizeof ("https://") - 1) == 0) ? 1 : 0; -+ } -+ -+ if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp)) -+ break; -+ dp = (grub_efi_device_path_t *) ((char *) dp + len); -+ } -+ -+ return 0; -+} -+ -+int -+grub_efi_net_boot_from_opa (void) -+{ -+ grub_efi_loaded_image_t *image = NULL; -+ grub_efi_device_path_t *dp; -+ -+ image = grub_efi_get_loaded_image (grub_efi_image_handle); -+ if (!image) -+ return 0; -+ -+ dp = grub_efi_get_device_path (image->device_handle); -+ -+ while (1) -+ { -+ grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); -+ grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); -+ grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); -+ -+ if ((type == GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE) -+ && (subtype == GRUB_EFI_MAC_ADDRESS_DEVICE_PATH_SUBTYPE)) -+ { -+ grub_efi_mac_address_device_path_t *mac_dp = (grub_efi_mac_address_device_path_t *)dp; -+ return (mac_dp->if_type == 0xC7) ? 1 : 0; -+ } -+ -+ if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp)) -+ break; -+ dp = (grub_efi_device_path_t *) ((char *) dp + len); -+ } -+ -+ return 0; -+} -+ -+static char * -+grub_env_write_readonly (struct grub_env_var *var __attribute__ ((unused)), -+ const char *val __attribute__ ((unused))) -+{ -+ return NULL; -+} -+ -+grub_command_func_t grub_efi_net_list_routes = grub_cmd_efi_listroutes; -+grub_command_func_t grub_efi_net_list_cards = grub_cmd_efi_listcards; -+grub_command_func_t grub_efi_net_list_addrs = grub_cmd_efi_listaddrs; -+grub_command_func_t grub_efi_net_add_addr = grub_cmd_efi_addaddr; -+ -+int -+grub_efi_net_fs_init () -+{ -+ grub_efi_net_find_cards (); -+ grub_efi_net_config = grub_efi_net_config_real; -+ grub_net_open = grub_net_open_real; -+ grub_register_variable_hook ("net_default_server", grub_efi_net_var_get_server, -+ grub_efi_net_var_set_server); -+ grub_env_export ("net_default_server"); -+ grub_register_variable_hook ("pxe_default_server", grub_efi_net_var_get_server, -+ grub_efi_net_var_set_server); -+ grub_env_export ("pxe_default_server"); -+ grub_register_variable_hook ("net_default_interface", 0, -+ grub_efi_net_var_set_interface); -+ grub_env_export ("net_default_interface"); -+ grub_register_variable_hook ("net_default_ip", grub_efi_net_var_get_ip, -+ 0); -+ grub_env_export ("net_default_ip"); -+ grub_register_variable_hook ("net_default_mac", grub_efi_net_var_get_mac, -+ 0); -+ grub_env_export ("net_default_mac"); -+ -+ grub_env_set ("grub_netfs_type", "efi"); -+ grub_register_variable_hook ("grub_netfs_type", 0, grub_env_write_readonly); -+ grub_env_export ("grub_netfs_type"); -+ -+ return 1; -+} -+ -+void -+grub_efi_net_fs_fini (void) -+{ -+ grub_env_unset ("grub_netfs_type"); -+ grub_efi_net_unset_interface_vars (); -+ grub_register_variable_hook ("net_default_server", 0, 0); -+ grub_env_unset ("net_default_server"); -+ grub_register_variable_hook ("net_default_interface", 0, 0); -+ grub_env_unset ("net_default_interface"); -+ grub_register_variable_hook ("pxe_default_server", 0, 0); -+ grub_env_unset ("pxe_default_server"); -+ grub_register_variable_hook ("net_default_ip", 0, 0); -+ grub_env_unset ("net_default_ip"); -+ grub_register_variable_hook ("net_default_mac", 0, 0); -+ grub_env_unset ("net_default_mac"); -+ grub_efi_net_config = NULL; -+ grub_net_open = NULL; -+ grub_fs_unregister (&grub_efi_netfs); -+} -diff --git a/grub-core/net/efi/pxe.c b/grub-core/net/efi/pxe.c -new file mode 100644 -index 0000000000..531949cba5 ---- /dev/null -+++ b/grub-core/net/efi/pxe.c -@@ -0,0 +1,424 @@ -+ -+#include -+#include -+#include -+#include -+#include -+ -+static grub_efi_ip6_config_manual_address_t * -+efi_ip6_config_manual_address (grub_efi_ip6_config_protocol_t *ip6_config) -+{ -+ grub_efi_uintn_t sz; -+ grub_efi_status_t status; -+ grub_efi_ip6_config_manual_address_t *manual_address; -+ -+ sz = sizeof (*manual_address); -+ manual_address = grub_malloc (sz); -+ if (!manual_address) -+ return NULL; -+ -+ status = efi_call_4 (ip6_config->get_data, ip6_config, -+ GRUB_EFI_IP6_CONFIG_DATA_TYPE_MANUAL_ADDRESS, -+ &sz, manual_address); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_free (manual_address); -+ return NULL; -+ } -+ -+ return manual_address; -+} -+ -+static grub_efi_ip4_config2_manual_address_t * -+efi_ip4_config_manual_address (grub_efi_ip4_config2_protocol_t *ip4_config) -+{ -+ grub_efi_uintn_t sz; -+ grub_efi_status_t status; -+ grub_efi_ip4_config2_manual_address_t *manual_address; -+ -+ sz = sizeof (*manual_address); -+ manual_address = grub_malloc (sz); -+ if (!manual_address) -+ return NULL; -+ -+ status = efi_call_4 (ip4_config->get_data, ip4_config, -+ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_MANUAL_ADDRESS, -+ &sz, manual_address); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_free (manual_address); -+ return NULL; -+ } -+ -+ return manual_address; -+} -+ -+static void -+pxe_configure (struct grub_efi_net_device *dev, int prefer_ip6) -+{ -+ grub_efi_pxe_t *pxe = (prefer_ip6) ? dev->ip6_pxe : dev->ip4_pxe; -+ -+ grub_efi_pxe_mode_t *mode = pxe->mode; -+ -+ if (!mode->started) -+ { -+ grub_efi_status_t status; -+ status = efi_call_2 (pxe->start, pxe, prefer_ip6); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ grub_printf ("Couldn't start PXE\n"); -+ } -+ -+#if 0 -+ grub_printf ("PXE STARTED: %u\n", mode->started); -+ grub_printf ("PXE USING IPV6: %u\n", mode->using_ipv6); -+#endif -+ -+ if (mode->using_ipv6) -+ { -+ grub_efi_ip6_config_manual_address_t *manual_address; -+ manual_address = efi_ip6_config_manual_address (dev->ip6_config); -+ -+ if (manual_address && -+ grub_memcmp (manual_address->address, mode->station_ip.v6, sizeof (manual_address->address)) != 0) -+ { -+ grub_efi_status_t status; -+ grub_efi_pxe_ip_address_t station_ip; -+ -+ grub_memcpy (station_ip.v6.addr, manual_address->address, sizeof (station_ip.v6.addr)); -+ status = efi_call_3 (pxe->set_station_ip, pxe, &station_ip, NULL); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ grub_printf ("Couldn't set station ip\n"); -+ -+ grub_free (manual_address); -+ } -+ } -+ else -+ { -+ grub_efi_ip4_config2_manual_address_t *manual_address; -+ manual_address = efi_ip4_config_manual_address (dev->ip4_config); -+ -+ if (manual_address && -+ grub_memcmp (manual_address->address, mode->station_ip.v4, sizeof (manual_address->address)) != 0) -+ { -+ grub_efi_status_t status; -+ grub_efi_pxe_ip_address_t station_ip; -+ grub_efi_pxe_ip_address_t subnet_mask; -+ -+ grub_memcpy (station_ip.v4.addr, manual_address->address, sizeof (station_ip.v4.addr)); -+ grub_memcpy (subnet_mask.v4.addr, manual_address->subnet_mask, sizeof (subnet_mask.v4.addr)); -+ -+ status = efi_call_3 (pxe->set_station_ip, pxe, &station_ip, &subnet_mask); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ grub_printf ("Couldn't set station ip\n"); -+ -+ grub_free (manual_address); -+ } -+ } -+ -+#if 0 -+ if (mode->using_ipv6) -+ { -+ grub_printf ("PXE STATION IP: %02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x\n", -+ mode->station_ip.v6.addr[0], -+ mode->station_ip.v6.addr[1], -+ mode->station_ip.v6.addr[2], -+ mode->station_ip.v6.addr[3], -+ mode->station_ip.v6.addr[4], -+ mode->station_ip.v6.addr[5], -+ mode->station_ip.v6.addr[6], -+ mode->station_ip.v6.addr[7], -+ mode->station_ip.v6.addr[8], -+ mode->station_ip.v6.addr[9], -+ mode->station_ip.v6.addr[10], -+ mode->station_ip.v6.addr[11], -+ mode->station_ip.v6.addr[12], -+ mode->station_ip.v6.addr[13], -+ mode->station_ip.v6.addr[14], -+ mode->station_ip.v6.addr[15]); -+ } -+ else -+ { -+ grub_printf ("PXE STATION IP: %d.%d.%d.%d\n", -+ mode->station_ip.v4.addr[0], -+ mode->station_ip.v4.addr[1], -+ mode->station_ip.v4.addr[2], -+ mode->station_ip.v4.addr[3]); -+ grub_printf ("PXE SUBNET MASK: %d.%d.%d.%d\n", -+ mode->subnet_mask.v4.addr[0], -+ mode->subnet_mask.v4.addr[1], -+ mode->subnet_mask.v4.addr[2], -+ mode->subnet_mask.v4.addr[3]); -+ } -+#endif -+ -+ /* TODO: Set The Station IP to the IP2 Config */ -+} -+ -+static int -+parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) -+{ -+ grub_uint16_t newip[8]; -+ const char *ptr = val; -+ int word, quaddot = -1; -+ int bracketed = 0; -+ -+ if (ptr[0] == '[') { -+ bracketed = 1; -+ ptr++; -+ } -+ -+ if (ptr[0] == ':' && ptr[1] != ':') -+ return 0; -+ if (ptr[0] == ':') -+ ptr++; -+ -+ for (word = 0; word < 8; word++) -+ { -+ unsigned long t; -+ if (*ptr == ':') -+ { -+ quaddot = word; -+ word--; -+ ptr++; -+ continue; -+ } -+ t = grub_strtoul (ptr, (char **) &ptr, 16); -+ if (grub_errno) -+ { -+ grub_errno = GRUB_ERR_NONE; -+ break; -+ } -+ if (t & ~0xffff) -+ return 0; -+ newip[word] = grub_cpu_to_be16 (t); -+ if (*ptr != ':') -+ break; -+ ptr++; -+ } -+ if (quaddot == -1 && word < 7) -+ return 0; -+ if (quaddot != -1) -+ { -+ grub_memmove (&newip[quaddot + 7 - word], &newip[quaddot], -+ (word - quaddot + 1) * sizeof (newip[0])); -+ grub_memset (&newip[quaddot], 0, (7 - word) * sizeof (newip[0])); -+ } -+ grub_memcpy (ip, newip, 16); -+ if (bracketed && *ptr == ']') { -+ ptr++; -+ } -+ if (rest) -+ *rest = ptr; -+ return 1; -+} -+ -+static grub_err_t -+pxe_open (struct grub_efi_net_device *dev, -+ int prefer_ip6, -+ grub_file_t file, -+ const char *filename, -+ int type __attribute__((unused))) -+{ -+ int i; -+ char *p; -+ grub_efi_status_t status; -+ grub_efi_pxe_ip_address_t server_ip; -+ grub_efi_uint64_t file_size = 0; -+ grub_efi_pxe_t *pxe = (prefer_ip6) ? dev->ip6_pxe : dev->ip4_pxe; -+ -+ if (pxe->mode->using_ipv6) -+ { -+ const char *rest; -+ grub_uint64_t ip6[2]; -+ if (parse_ip6 (file->device->net->server, ip6, &rest) && *rest == 0) -+ grub_memcpy (server_ip.v6.addr, ip6, sizeof (server_ip.v6.addr)); -+ /* TODO: ERROR Handling Here */ -+#if 0 -+ grub_printf ("PXE SERVER IP: %02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x\n", -+ server_ip.v6.addr[0], -+ server_ip.v6.addr[1], -+ server_ip.v6.addr[2], -+ server_ip.v6.addr[3], -+ server_ip.v6.addr[4], -+ server_ip.v6.addr[5], -+ server_ip.v6.addr[6], -+ server_ip.v6.addr[7], -+ server_ip.v6.addr[8], -+ server_ip.v6.addr[9], -+ server_ip.v6.addr[10], -+ server_ip.v6.addr[11], -+ server_ip.v6.addr[12], -+ server_ip.v6.addr[13], -+ server_ip.v6.addr[14], -+ server_ip.v6.addr[15]); -+#endif -+ } -+ else -+ { -+ for (i = 0, p = file->device->net->server; i < 4; ++i, ++p) -+ server_ip.v4.addr[i] = grub_strtoul (p, &p, 10); -+ } -+ -+ status = efi_call_10 (pxe->mtftp, -+ pxe, -+ GRUB_EFI_PXE_BASE_CODE_TFTP_GET_FILE_SIZE, -+ NULL, -+ 0, -+ &file_size, -+ NULL, -+ &server_ip, -+ (grub_efi_char8_t *)filename, -+ NULL, -+ 0); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ return grub_error (GRUB_ERR_IO, "Couldn't get file size"); -+ -+ file->size = (grub_off_t)file_size; -+ file->not_easily_seekable = 0; -+ file->data = 0; -+ file->device->net->offset = 0; -+ -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+pxe_close (struct grub_efi_net_device *dev __attribute__((unused)), -+ int prefer_ip6 __attribute__((unused)), -+ grub_file_t file __attribute__((unused))) -+{ -+ file->offset = 0; -+ file->size = 0; -+ file->device->net->offset = 0; -+ -+ if (file->data) -+ { -+ grub_free (file->data); -+ file->data = NULL; -+ } -+ -+ return GRUB_ERR_NONE; -+} -+ -+static grub_ssize_t -+pxe_read (struct grub_efi_net_device *dev, -+ int prefer_ip6, -+ grub_file_t file, -+ char *buf, -+ grub_size_t len) -+{ -+ int i; -+ char *p; -+ grub_efi_status_t status; -+ grub_efi_pxe_t *pxe = (prefer_ip6) ? dev->ip6_pxe : dev->ip4_pxe; -+ grub_efi_uint64_t bufsz = len; -+ grub_efi_pxe_ip_address_t server_ip; -+ char *buf2 = NULL; -+ -+ if (file->data) -+ { -+ /* TODO: RANGE Check for offset and file size */ -+ grub_memcpy (buf, (char*)file->data + file->device->net->offset, len); -+ file->device->net->offset += len; -+ return len; -+ } -+ -+ if (file->device->net->offset) -+ { -+ grub_error (GRUB_ERR_BUG, "No Offet Read Possible"); -+ grub_print_error (); -+ return 0; -+ } -+ -+ if (pxe->mode->using_ipv6) -+ { -+ const char *rest; -+ grub_uint64_t ip6[2]; -+ if (parse_ip6 (file->device->net->server, ip6, &rest) && *rest == 0) -+ grub_memcpy (server_ip.v6.addr, ip6, sizeof (server_ip.v6.addr)); -+ /* TODO: ERROR Handling Here */ -+ } -+ else -+ { -+ for (i = 0, p = file->device->net->server; i < 4; ++i, ++p) -+ server_ip.v4.addr[i] = grub_strtoul (p, &p, 10); -+ } -+ -+ status = efi_call_10 (pxe->mtftp, -+ pxe, -+ GRUB_EFI_PXE_BASE_CODE_TFTP_READ_FILE, -+ buf, -+ 0, -+ &bufsz, -+ NULL, -+ &server_ip, -+ (grub_efi_char8_t *)file->device->net->name, -+ NULL, -+ 0); -+ -+ if (bufsz != file->size) -+ { -+ grub_error (GRUB_ERR_BUG, "Short read should not happen here"); -+ grub_print_error (); -+ return 0; -+ } -+ -+ if (status == GRUB_EFI_BUFFER_TOO_SMALL) -+ { -+ -+ buf2 = grub_malloc (bufsz); -+ -+ if (!buf2) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, "ERROR OUT OF MEMORY"); -+ grub_print_error (); -+ return 0; -+ } -+ -+ status = efi_call_10 (pxe->mtftp, -+ pxe, -+ GRUB_EFI_PXE_BASE_CODE_TFTP_READ_FILE, -+ buf2, -+ 0, -+ &bufsz, -+ NULL, -+ &server_ip, -+ (grub_efi_char8_t *)file->device->net->name, -+ NULL, -+ 0); -+ } -+ -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ if (buf2) -+ grub_free (buf2); -+ -+ grub_error (GRUB_ERR_IO, "Failed to Read File"); -+ grub_print_error (); -+ return 0; -+ } -+ -+ if (buf2) -+ grub_memcpy (buf, buf2, len); -+ -+ file->device->net->offset = len; -+ -+ if (buf2) -+ file->data = buf2; -+ -+ return len; -+} -+ -+struct grub_efi_net_io io_pxe = -+ { -+ .configure = pxe_configure, -+ .open = pxe_open, -+ .read = pxe_read, -+ .close = pxe_close -+ }; -+ -diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index 0ce5e675ed..55aed92722 100644 ---- a/grub-core/net/net.c -+++ b/grub-core/net/net.c -@@ -32,6 +32,9 @@ - #include - #include - #include -+#ifdef GRUB_MACHINE_EFI -+#include -+#endif - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -2033,8 +2036,49 @@ static grub_command_t cmd_addaddr, cmd_deladdr, cmd_addroute, cmd_delroute; - static grub_command_t cmd_lsroutes, cmd_lscards; - static grub_command_t cmd_lsaddr, cmd_slaac; - -+#ifdef GRUB_MACHINE_EFI -+ -+static enum { -+ INIT_MODE_NONE, -+ INIT_MODE_GRUB, -+ INIT_MODE_EFI -+} init_mode; -+ -+static grub_command_t cmd_bootp, cmd_bootp6; -+ -+#endif -+ - GRUB_MOD_INIT(net) - { -+#ifdef GRUB_MACHINE_EFI -+ if (grub_net_open) -+ return; -+ -+ if ((grub_efi_net_boot_from_https () || grub_efi_net_boot_from_opa ()) -+ && grub_efi_net_fs_init ()) -+ { -+ cmd_lsroutes = grub_register_command ("net_ls_routes", grub_efi_net_list_routes, -+ "", N_("list network routes")); -+ cmd_lscards = grub_register_command ("net_ls_cards", grub_efi_net_list_cards, -+ "", N_("list network cards")); -+ cmd_lsaddr = grub_register_command ("net_ls_addr", grub_efi_net_list_addrs, -+ "", N_("list network addresses")); -+ cmd_addaddr = grub_register_command ("net_add_addr", grub_efi_net_add_addr, -+ /* TRANSLATORS: HWADDRESS stands for -+ "hardware address". */ -+ N_("SHORTNAME CARD ADDRESS [HWADDRESS]"), -+ N_("Add a network address.")); -+ cmd_bootp = grub_register_command ("net_bootp", grub_efi_net_bootp, -+ N_("[CARD]"), -+ N_("perform a bootp autoconfiguration")); -+ cmd_bootp6 = grub_register_command ("net_bootp6", grub_efi_net_bootp6, -+ N_("[CARD]"), -+ N_("perform a bootp autoconfiguration")); -+ init_mode = INIT_MODE_EFI; -+ return; -+ } -+#endif -+ - grub_register_variable_hook ("net_default_server", defserver_get_env, - defserver_set_env); - grub_env_export ("net_default_server"); -@@ -2082,10 +2126,37 @@ GRUB_MOD_INIT(net) - grub_net_restore_hw, - GRUB_LOADER_PREBOOT_HOOK_PRIO_DISK); - grub_net_poll_cards_idle = grub_net_poll_cards_idle_real; -+ -+#ifdef GRUB_MACHINE_EFI -+ grub_env_set ("grub_netfs_type", "grub"); -+ grub_register_variable_hook ("grub_netfs_type", 0, grub_env_write_readonly); -+ grub_env_export ("grub_netfs_type"); -+ init_mode = INIT_MODE_GRUB; -+#endif -+ - } - - GRUB_MOD_FINI(net) - { -+ -+#ifdef GRUB_MACHINE_EFI -+ if (init_mode == INIT_MODE_NONE) -+ return; -+ -+ if (init_mode == INIT_MODE_EFI) -+ { -+ grub_unregister_command (cmd_lsroutes); -+ grub_unregister_command (cmd_lscards); -+ grub_unregister_command (cmd_lsaddr); -+ grub_unregister_command (cmd_addaddr); -+ grub_unregister_command (cmd_bootp); -+ grub_unregister_command (cmd_bootp6); -+ grub_efi_net_fs_fini (); -+ init_mode = INIT_MODE_NONE; -+ return; -+ } -+#endif -+ - grub_register_variable_hook ("net_default_server", 0, 0); - grub_register_variable_hook ("pxe_default_server", 0, 0); - -@@ -2104,4 +2175,7 @@ GRUB_MOD_FINI(net) - grub_net_fini_hw (0); - grub_loader_unregister_preboot_hook (fini_hnd); - grub_net_poll_cards_idle = grub_net_poll_cards_idle_real; -+#ifdef GRUB_MACHINE_EFI -+ init_mode = INIT_MODE_NONE; -+#endif - } -diff --git a/util/grub-mknetdir.c b/util/grub-mknetdir.c -index a2461cda1c..77958dd9dd 100644 ---- a/util/grub-mknetdir.c -+++ b/util/grub-mknetdir.c -@@ -32,13 +32,15 @@ - - static char *rootdir = NULL, *subdir = NULL; - static char *debug_image = NULL; -+static char efi_netfs = 0; - - enum - { - OPTION_NET_DIRECTORY = 0x301, - OPTION_SUBDIR, - OPTION_DEBUG, -- OPTION_DEBUG_IMAGE -+ OPTION_DEBUG_IMAGE, -+ OPTION_DEBUG_EFI_NETFS - }; - - static struct argp_option options[] = { -@@ -49,6 +51,7 @@ static struct argp_option options[] = { - 0, N_("relative subdirectory on network server"), 2}, - {"debug", OPTION_DEBUG, 0, OPTION_HIDDEN, 0, 2}, - {"debug-image", OPTION_DEBUG_IMAGE, N_("STRING"), OPTION_HIDDEN, 0, 2}, -+ {"debug-efi-netfs", OPTION_DEBUG_EFI_NETFS, 0, OPTION_HIDDEN, 0, 2}, - {0, 0, 0, 0, 0, 0} - }; - -@@ -67,6 +70,9 @@ argp_parser (int key, char *arg, struct argp_state *state) - free (subdir); - subdir = xstrdup (arg); - return 0; -+ case OPTION_DEBUG_EFI_NETFS: -+ efi_netfs = 1; -+ return 0; - /* This is an undocumented feature... */ - case OPTION_DEBUG: - verbosity++; -@@ -82,7 +88,6 @@ argp_parser (int key, char *arg, struct argp_state *state) - } - } - -- - struct argp argp = { - options, argp_parser, NULL, - "\v"N_("Prepares GRUB network boot images at net_directory/subdir " -@@ -92,7 +97,7 @@ struct argp argp = { - - static char *base; - --static const struct -+static struct - { - const char *mkimage_target; - const char *netmodule; -@@ -156,6 +161,7 @@ process_input_dir (const char *input_dir, enum grub_install_plat platform) - grub_install_push_module (targets[platform].netmodule); - - output = grub_util_path_concat_ext (2, grubdir, "core", targets[platform].ext); -+ - grub_install_make_image_wrap (input_dir, prefix, output, - 0, load_cfg, - targets[platform].mkimage_target, 0); -@@ -195,7 +201,16 @@ main (int argc, char *argv[]) - - grub_install_mkdir_p (base); - -- grub_install_push_module ("tftp"); -+ if (!efi_netfs) -+ { -+ grub_install_push_module ("tftp"); -+ grub_install_push_module ("http"); -+ } -+ else -+ { -+ targets[GRUB_INSTALL_PLATFORM_I386_EFI].netmodule = "efi_netfs"; -+ targets[GRUB_INSTALL_PLATFORM_X86_64_EFI].netmodule = "efi_netfs"; -+ } - - if (!grub_install_source_directory) - { -diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 0b490195ad..f431f49973 100644 ---- a/include/grub/efi/api.h -+++ b/include/grub/efi/api.h -@@ -622,6 +622,23 @@ typedef union - - typedef grub_efi_uint64_t grub_efi_physical_address_t; - typedef grub_efi_uint64_t grub_efi_virtual_address_t; -+typedef struct { -+ grub_uint8_t addr[4]; -+} grub_efi_pxe_ipv4_address_t; -+ -+typedef struct { -+ grub_uint8_t addr[16]; -+} grub_efi_pxe_ipv6_address_t; -+ -+typedef struct { -+ grub_uint8_t addr[32]; -+} grub_efi_pxe_mac_address_t; -+ -+typedef union { -+ grub_uint32_t addr[4]; -+ grub_efi_pxe_ipv4_address_t v4; -+ grub_efi_pxe_ipv6_address_t v6; -+} grub_efi_pxe_ip_address_t; - - struct grub_efi_guid - { -@@ -889,6 +906,8 @@ struct grub_efi_ipv6_device_path - grub_efi_uint16_t remote_port; - grub_efi_uint16_t protocol; - grub_efi_uint8_t static_ip_address; -+ grub_efi_uint8_t prefix_length; -+ grub_efi_ipv6_address_t gateway_ip_address; - } GRUB_PACKED; - typedef struct grub_efi_ipv6_device_path grub_efi_ipv6_device_path_t; - -@@ -938,6 +957,15 @@ struct grub_efi_uri_device_path - } GRUB_PACKED; - typedef struct grub_efi_uri_device_path grub_efi_uri_device_path_t; - -+#define GRUB_EFI_DNS_DEVICE_PATH_SUBTYPE 31 -+struct grub_efi_dns_device_path -+{ -+ grub_efi_device_path_t header; -+ grub_efi_uint8_t is_ipv6; -+ grub_efi_pxe_ip_address_t dns_server_ip[0]; -+} GRUB_PACKED; -+typedef struct grub_efi_dns_device_path grub_efi_dns_device_path_t; -+ - #define GRUB_EFI_VENDOR_MESSAGING_DEVICE_PATH_SUBTYPE 10 - - /* Media Device Path. */ -@@ -1020,6 +1048,23 @@ struct grub_efi_bios_device_path - } GRUB_PACKED; - typedef struct grub_efi_bios_device_path grub_efi_bios_device_path_t; - -+/* Service Binding definitions */ -+struct grub_efi_service_binding; -+ -+typedef grub_efi_status_t -+(*grub_efi_service_binding_create_child) (struct grub_efi_service_binding *this, -+ grub_efi_handle_t *child_handle); -+ -+typedef grub_efi_status_t -+(*grub_efi_service_binding_destroy_child) (struct grub_efi_service_binding *this, -+ grub_efi_handle_t *child_handle); -+ -+typedef struct grub_efi_service_binding -+{ -+ grub_efi_service_binding_create_child create_child; -+ grub_efi_service_binding_destroy_child destroy_child; -+} grub_efi_service_binding_t; -+ - struct grub_efi_open_protocol_information_entry - { - grub_efi_handle_t agent_handle; -@@ -1569,23 +1614,27 @@ typedef struct grub_efi_pxe_tftp_error - grub_efi_char8_t error_string[127]; - } grub_efi_pxe_tftp_error_t; - --typedef struct { -- grub_uint8_t addr[4]; --} grub_efi_pxe_ipv4_address_t; -+typedef grub_efi_uint16_t grub_efi_pxe_base_code_udp_port_t; - --typedef struct { -- grub_uint8_t addr[16]; --} grub_efi_pxe_ipv6_address_t; -+typedef enum { -+ GRUB_EFI_PXE_BASE_CODE_TFTP_FIRST, -+ GRUB_EFI_PXE_BASE_CODE_TFTP_GET_FILE_SIZE, -+ GRUB_EFI_PXE_BASE_CODE_TFTP_READ_FILE, -+ GRUB_EFI_PXE_BASE_CODE_TFTP_WRITE_FILE, -+ GRUB_EFI_PXE_BASE_CODE_TFTP_READ_DIRECTORY, -+ GRUB_EFI_PXE_BASE_CODE_MTFTP_GET_FILE_SIZE, -+ GRUB_EFI_PXE_BASE_CODE_MTFTP_READ_FILE, -+ GRUB_EFI_PXE_BASE_CODE_MTFTP_READ_DIRECTORY, -+ GRUB_EFI_PXE_BASE_CODE_MTFTP_LAST -+} grub_efi_pxe_base_code_tftp_opcode_t; - - typedef struct { -- grub_uint8_t addr[32]; --} grub_efi_pxe_mac_address_t; -- --typedef union { -- grub_uint32_t addr[4]; -- grub_efi_pxe_ipv4_address_t v4; -- grub_efi_pxe_ipv6_address_t v6; --} grub_efi_pxe_ip_address_t; -+ grub_efi_ip_address_t mcast_ip; -+ grub_efi_pxe_base_code_udp_port_t c_port; -+ grub_efi_pxe_base_code_udp_port_t s_port; -+ grub_efi_uint16_t listen_timeout; -+ grub_efi_uint16_t transmit_timeout; -+} grub_efi_pxe_base_code_mtftp_info_t; - - #define GRUB_EFI_PXE_BASE_CODE_MAX_IPCNT 8 - typedef struct grub_efi_pxe_ip_filter -@@ -1652,17 +1701,31 @@ typedef struct grub_efi_pxe_mode - typedef struct grub_efi_pxe - { - grub_uint64_t rev; -- void (*start) (void); -+ grub_efi_status_t (*start) (struct grub_efi_pxe *this, grub_efi_boolean_t use_ipv6); - void (*stop) (void); -- void (*dhcp) (void); -+ grub_efi_status_t (*dhcp) (struct grub_efi_pxe *this, -+ grub_efi_boolean_t sort_offers); - void (*discover) (void); -- void (*mftp) (void); -+ grub_efi_status_t (*mtftp) (struct grub_efi_pxe *this, -+ grub_efi_pxe_base_code_tftp_opcode_t operation, -+ void *buffer_ptr, -+ grub_efi_boolean_t overwrite, -+ grub_efi_uint64_t *buffer_size, -+ grub_efi_uintn_t *block_size, -+ grub_efi_pxe_ip_address_t *server_ip, -+ //grub_efi_ip_address_t *server_ip, -+ grub_efi_char8_t *filename, -+ grub_efi_pxe_base_code_mtftp_info_t *info, -+ grub_efi_boolean_t dont_use_buffer); - void (*udpwrite) (void); - void (*udpread) (void); - void (*setipfilter) (void); - void (*arp) (void); - void (*setparams) (void); -- void (*setstationip) (void); -+ grub_efi_status_t (*set_station_ip) (struct grub_efi_pxe *this, -+ grub_efi_pxe_ip_address_t *new_station_ip, -+ grub_efi_pxe_ip_address_t *new_subnet_mask); -+ //void (*setstationip) (void); - void (*setpackets) (void); - struct grub_efi_pxe_mode *mode; - } grub_efi_pxe_t; -@@ -1924,6 +1987,44 @@ struct grub_efi_ip4_config2_protocol - }; - typedef struct grub_efi_ip4_config2_protocol grub_efi_ip4_config2_protocol_t; - -+struct grub_efi_ip4_route_table { -+ grub_efi_ipv4_address_t subnet_address; -+ grub_efi_ipv4_address_t subnet_mask; -+ grub_efi_ipv4_address_t gateway_address; -+}; -+ -+typedef struct grub_efi_ip4_route_table grub_efi_ip4_route_table_t; -+ -+#define GRUB_EFI_IP4_CONFIG2_INTERFACE_INFO_NAME_SIZE 32 -+ -+struct grub_efi_ip4_config2_interface_info { -+ grub_efi_char16_t name[GRUB_EFI_IP4_CONFIG2_INTERFACE_INFO_NAME_SIZE]; -+ grub_efi_uint8_t if_type; -+ grub_efi_uint32_t hw_address_size; -+ grub_efi_mac_address_t hw_address; -+ grub_efi_ipv4_address_t station_address; -+ grub_efi_ipv4_address_t subnet_mask; -+ grub_efi_uint32_t route_table_size; -+ grub_efi_ip4_route_table_t *route_table; -+}; -+ -+typedef struct grub_efi_ip4_config2_interface_info grub_efi_ip4_config2_interface_info_t; -+ -+enum grub_efi_ip4_config2_policy { -+ GRUB_EFI_IP4_CONFIG2_POLICY_STATIC, -+ GRUB_EFI_IP4_CONFIG2_POLICY_DHCP, -+ GRUB_EFI_IP4_CONFIG2_POLICY_MAX -+}; -+ -+typedef enum grub_efi_ip4_config2_policy grub_efi_ip4_config2_policy_t; -+ -+struct grub_efi_ip4_config2_manual_address { -+ grub_efi_ipv4_address_t address; -+ grub_efi_ipv4_address_t subnet_mask; -+}; -+ -+typedef struct grub_efi_ip4_config2_manual_address grub_efi_ip4_config2_manual_address_t; -+ - enum grub_efi_ip6_config_data_type { - GRUB_EFI_IP6_CONFIG_DATA_TYPE_INTERFACEINFO, - GRUB_EFI_IP6_CONFIG_DATA_TYPE_ALT_INTERFACEID, -@@ -1958,6 +2059,49 @@ struct grub_efi_ip6_config_protocol - }; - typedef struct grub_efi_ip6_config_protocol grub_efi_ip6_config_protocol_t; - -+enum grub_efi_ip6_config_policy { -+ GRUB_EFI_IP6_CONFIG_POLICY_MANUAL, -+ GRUB_EFI_IP6_CONFIG_POLICY_AUTOMATIC -+}; -+typedef enum grub_efi_ip6_config_policy grub_efi_ip6_config_policy_t; -+ -+struct grub_efi_ip6_address_info { -+ grub_efi_ipv6_address_t address; -+ grub_efi_uint8_t prefix_length; -+}; -+typedef struct grub_efi_ip6_address_info grub_efi_ip6_address_info_t; -+ -+struct grub_efi_ip6_route_table { -+ grub_efi_pxe_ipv6_address_t gateway; -+ grub_efi_pxe_ipv6_address_t destination; -+ grub_efi_uint8_t prefix_length; -+}; -+typedef struct grub_efi_ip6_route_table grub_efi_ip6_route_table_t; -+ -+struct grub_efi_ip6_config_interface_info { -+ grub_efi_char16_t name[32]; -+ grub_efi_uint8_t if_type; -+ grub_efi_uint32_t hw_address_size; -+ grub_efi_mac_address_t hw_address; -+ grub_efi_uint32_t address_info_count; -+ grub_efi_ip6_address_info_t *address_info; -+ grub_efi_uint32_t route_count; -+ grub_efi_ip6_route_table_t *route_table; -+}; -+typedef struct grub_efi_ip6_config_interface_info grub_efi_ip6_config_interface_info_t; -+ -+struct grub_efi_ip6_config_dup_addr_detect_transmits { -+ grub_efi_uint32_t dup_addr_detect_transmits; -+}; -+typedef struct grub_efi_ip6_config_dup_addr_detect_transmits grub_efi_ip6_config_dup_addr_detect_transmits_t; -+ -+struct grub_efi_ip6_config_manual_address { -+ grub_efi_ipv6_address_t address; -+ grub_efi_boolean_t is_anycast; -+ grub_efi_uint8_t prefix_length; -+}; -+typedef struct grub_efi_ip6_config_manual_address grub_efi_ip6_config_manual_address_t; -+ - #if (GRUB_TARGET_SIZEOF_VOID_P == 4) || defined (__ia64__) \ - || defined (__aarch64__) || defined (__MINGW64__) || defined (__CYGWIN__) \ - || defined(__riscv) -diff --git a/include/grub/efi/dhcp.h b/include/grub/efi/dhcp.h -new file mode 100644 -index 0000000000..fdb88eb810 ---- /dev/null -+++ b/include/grub/efi/dhcp.h -@@ -0,0 +1,343 @@ -+#ifndef GRUB_EFI_DHCP_HEADER -+#define GRUB_EFI_DHCP_HEADER 1 -+ -+#define GRUB_EFI_DHCP4_SERVICE_BINDING_PROTOCOL_GUID \ -+ { 0x9d9a39d8, 0xbd42, 0x4a73, \ -+ { 0xa4, 0xd5, 0x8e, 0xe9, 0x4b, 0xe1, 0x13, 0x80 } \ -+ } -+ -+#define GRUB_EFI_DHCP4_PROTOCOL_GUID \ -+ { 0x8a219718, 0x4ef5, 0x4761, \ -+ { 0x91, 0xc8, 0xc0, 0xf0, 0x4b, 0xda, 0x9e, 0x56 } \ -+ } -+ -+#define GRUB_EFI_DHCP6_SERVICE_BINDING_PROTOCOL_GUID \ -+ { 0x9fb9a8a1, 0x2f4a, 0x43a6, \ -+ { 0x88, 0x9c, 0xd0, 0xf7, 0xb6, 0xc4 ,0x7a, 0xd5 } \ -+ } -+ -+#define GRUB_EFI_DHCP6_PROTOCOL_GUID \ -+ { 0x87c8bad7, 0x595, 0x4053, \ -+ { 0x82, 0x97, 0xde, 0xde, 0x39, 0x5f, 0x5d, 0x5b } \ -+ } -+ -+typedef struct grub_efi_dhcp4_protocol grub_efi_dhcp4_protocol_t; -+ -+enum grub_efi_dhcp4_state { -+ GRUB_EFI_DHCP4_STOPPED, -+ GRUB_EFI_DHCP4_INIT, -+ GRUB_EFI_DHCP4_SELECTING, -+ GRUB_EFI_DHCP4_REQUESTING, -+ GRUB_EFI_DHCP4_BOUND, -+ GRUB_EFI_DHCP4_RENEWING, -+ GRUB_EFI_DHCP4_REBINDING, -+ GRUB_EFI_DHCP4_INIT_REBOOT, -+ GRUB_EFI_DHCP4_REBOOTING -+}; -+ -+typedef enum grub_efi_dhcp4_state grub_efi_dhcp4_state_t; -+ -+struct grub_efi_dhcp4_header { -+ grub_efi_uint8_t op_code; -+ grub_efi_uint8_t hw_type; -+ grub_efi_uint8_t hw_addr_len; -+ grub_efi_uint8_t hops; -+ grub_efi_uint32_t xid; -+ grub_efi_uint16_t seconds; -+ grub_efi_uint16_t reserved; -+ grub_efi_ipv4_address_t client_addr; -+ grub_efi_ipv4_address_t your_addr; -+ grub_efi_ipv4_address_t server_addr; -+ grub_efi_ipv4_address_t gateway_addr; -+ grub_efi_uint8_t client_hw_addr[16]; -+ grub_efi_char8_t server_name[64]; -+ grub_efi_char8_t boot_file_name[128]; -+} GRUB_PACKED; -+ -+typedef struct grub_efi_dhcp4_header grub_efi_dhcp4_header_t; -+ -+struct grub_efi_dhcp4_packet { -+ grub_efi_uint32_t size; -+ grub_efi_uint32_t length; -+ struct { -+ grub_efi_dhcp4_header_t header; -+ grub_efi_uint32_t magik; -+ grub_efi_uint8_t option[1]; -+ } dhcp4; -+} GRUB_PACKED; -+ -+typedef struct grub_efi_dhcp4_packet grub_efi_dhcp4_packet_t; -+ -+struct grub_efi_dhcp4_listen_point { -+ grub_efi_ipv4_address_t listen_address; -+ grub_efi_ipv4_address_t subnet_mask; -+ grub_efi_uint16_t listen_port; -+}; -+ -+typedef struct grub_efi_dhcp4_listen_point grub_efi_dhcp4_listen_point_t; -+ -+struct grub_efi_dhcp4_transmit_receive_token { -+ grub_efi_status_t status; -+ grub_efi_event_t completion_event; -+ grub_efi_ipv4_address_t remote_address; -+ grub_efi_uint16_t remote_port; -+ grub_efi_ipv4_address_t gateway_address; -+ grub_efi_uint32_t listen_point_count; -+ grub_efi_dhcp4_listen_point_t *listen_points; -+ grub_efi_uint32_t timeout_value; -+ grub_efi_dhcp4_packet_t *packet; -+ grub_efi_uint32_t response_count; -+ grub_efi_dhcp4_packet_t *response_list; -+}; -+ -+typedef struct grub_efi_dhcp4_transmit_receive_token grub_efi_dhcp4_transmit_receive_token_t; -+ -+enum grub_efi_dhcp4_event { -+ GRUB_EFI_DHCP4_SEND_DISCOVER = 0X01, -+ GRUB_EFI_DHCP4_RCVD_OFFER, -+ GRUB_EFI_DHCP4_SELECT_OFFER, -+ GRUB_EFI_DHCP4_SEND_REQUEST, -+ GRUB_EFI_DHCP4_RCVD_ACK, -+ GRUB_EFI_DHCP4_RCVD_NAK, -+ GRUB_EFI_DHCP4_SEND_DECLINE, -+ GRUB_EFI_DHCP4_BOUND_COMPLETED, -+ GRUB_EFI_DHCP4_ENTER_RENEWING, -+ GRUB_EFI_DHCP4_ENTER_REBINDING, -+ GRUB_EFI_DHCP4_ADDRESS_LOST, -+ GRUB_EFI_DHCP4_FAIL -+}; -+ -+typedef enum grub_efi_dhcp4_event grub_efi_dhcp4_event_t; -+ -+struct grub_efi_dhcp4_packet_option { -+ grub_efi_uint8_t op_code; -+ grub_efi_uint8_t length; -+ grub_efi_uint8_t data[1]; -+} GRUB_PACKED; -+ -+typedef struct grub_efi_dhcp4_packet_option grub_efi_dhcp4_packet_option_t; -+ -+struct grub_efi_dhcp4_config_data { -+ grub_efi_uint32_t discover_try_count; -+ grub_efi_uint32_t *discover_timeout; -+ grub_efi_uint32_t request_try_count; -+ grub_efi_uint32_t *request_timeout; -+ grub_efi_ipv4_address_t client_address; -+ grub_efi_status_t (*dhcp4_callback) ( -+ grub_efi_dhcp4_protocol_t *this, -+ void *context, -+ grub_efi_dhcp4_state_t current_state, -+ grub_efi_dhcp4_event_t dhcp4_event, -+ grub_efi_dhcp4_packet_t *packet, -+ grub_efi_dhcp4_packet_t **new_packet -+ ); -+ void *callback_context; -+ grub_efi_uint32_t option_count; -+ grub_efi_dhcp4_packet_option_t **option_list; -+}; -+ -+typedef struct grub_efi_dhcp4_config_data grub_efi_dhcp4_config_data_t; -+ -+struct grub_efi_dhcp4_mode_data { -+ grub_efi_dhcp4_state_t state; -+ grub_efi_dhcp4_config_data_t config_data; -+ grub_efi_ipv4_address_t client_address; -+ grub_efi_mac_address_t client_mac_address; -+ grub_efi_ipv4_address_t server_address; -+ grub_efi_ipv4_address_t router_address; -+ grub_efi_ipv4_address_t subnet_mask; -+ grub_efi_uint32_t lease_time; -+ grub_efi_dhcp4_packet_t *reply_packet; -+}; -+ -+typedef struct grub_efi_dhcp4_mode_data grub_efi_dhcp4_mode_data_t; -+ -+struct grub_efi_dhcp4_protocol { -+ grub_efi_status_t (*get_mode_data) (grub_efi_dhcp4_protocol_t *this, -+ grub_efi_dhcp4_mode_data_t *dhcp4_mode_data); -+ grub_efi_status_t (*configure) (grub_efi_dhcp4_protocol_t *this, -+ grub_efi_dhcp4_config_data_t *dhcp4_cfg_data); -+ grub_efi_status_t (*start) (grub_efi_dhcp4_protocol_t *this, -+ grub_efi_event_t completion_event); -+ grub_efi_status_t (*renew_rebind) (grub_efi_dhcp4_protocol_t *this, -+ grub_efi_boolean_t rebind_request, -+ grub_efi_event_t completion_event); -+ grub_efi_status_t (*release) (grub_efi_dhcp4_protocol_t *this); -+ grub_efi_status_t (*stop) (grub_efi_dhcp4_protocol_t *this); -+ grub_efi_status_t (*build) (grub_efi_dhcp4_protocol_t *this, -+ grub_efi_dhcp4_packet_t *seed_packet, -+ grub_efi_uint32_t delete_count, -+ grub_efi_uint8_t *delete_list, -+ grub_efi_uint32_t append_count, -+ grub_efi_dhcp4_packet_option_t *append_list[], -+ grub_efi_dhcp4_packet_t **new_packet); -+ grub_efi_status_t (*transmit_receive) (grub_efi_dhcp4_protocol_t *this, -+ grub_efi_dhcp4_transmit_receive_token_t *token); -+ grub_efi_status_t (*parse) (grub_efi_dhcp4_protocol_t *this, -+ grub_efi_dhcp4_packet_t *packet, -+ grub_efi_uint32_t *option_count, -+ grub_efi_dhcp4_packet_option_t *packet_option_list[]); -+}; -+ -+typedef struct grub_efi_dhcp6_protocol grub_efi_dhcp6_protocol_t; -+ -+struct grub_efi_dhcp6_retransmission { -+ grub_efi_uint32_t irt; -+ grub_efi_uint32_t mrc; -+ grub_efi_uint32_t mrt; -+ grub_efi_uint32_t mrd; -+}; -+ -+typedef struct grub_efi_dhcp6_retransmission grub_efi_dhcp6_retransmission_t; -+ -+enum grub_efi_dhcp6_event { -+ GRUB_EFI_DHCP6_SEND_SOLICIT, -+ GRUB_EFI_DHCP6_RCVD_ADVERTISE, -+ GRUB_EFI_DHCP6_SELECT_ADVERTISE, -+ GRUB_EFI_DHCP6_SEND_REQUEST, -+ GRUB_EFI_DHCP6_RCVD_REPLY, -+ GRUB_EFI_DHCP6_RCVD_RECONFIGURE, -+ GRUB_EFI_DHCP6_SEND_DECLINE, -+ GRUB_EFI_DHCP6_SEND_CONFIRM, -+ GRUB_EFI_DHCP6_SEND_RELEASE, -+ GRUB_EFI_DHCP6_SEND_RENEW, -+ GRUB_EFI_DHCP6_SEND_REBIND -+}; -+ -+typedef enum grub_efi_dhcp6_event grub_efi_dhcp6_event_t; -+ -+struct grub_efi_dhcp6_packet_option { -+ grub_efi_uint16_t op_code; -+ grub_efi_uint16_t op_len; -+ grub_efi_uint8_t data[1]; -+} GRUB_PACKED; -+ -+typedef struct grub_efi_dhcp6_packet_option grub_efi_dhcp6_packet_option_t; -+ -+struct grub_efi_dhcp6_header { -+ grub_efi_uint32_t transaction_id:24; -+ grub_efi_uint32_t message_type:8; -+} GRUB_PACKED; -+ -+typedef struct grub_efi_dhcp6_header grub_efi_dhcp6_header_t; -+ -+struct grub_efi_dhcp6_packet { -+ grub_efi_uint32_t size; -+ grub_efi_uint32_t length; -+ struct { -+ grub_efi_dhcp6_header_t header; -+ grub_efi_uint8_t option[1]; -+ } dhcp6; -+} GRUB_PACKED; -+ -+typedef struct grub_efi_dhcp6_packet grub_efi_dhcp6_packet_t; -+ -+struct grub_efi_dhcp6_ia_address { -+ grub_efi_ipv6_address_t ip_address; -+ grub_efi_uint32_t preferred_lifetime; -+ grub_efi_uint32_t valid_lifetime; -+}; -+ -+typedef struct grub_efi_dhcp6_ia_address grub_efi_dhcp6_ia_address_t; -+ -+enum grub_efi_dhcp6_state { -+ GRUB_EFI_DHCP6_INIT, -+ GRUB_EFI_DHCP6_SELECTING, -+ GRUB_EFI_DHCP6_REQUESTING, -+ GRUB_EFI_DHCP6_DECLINING, -+ GRUB_EFI_DHCP6_CONFIRMING, -+ GRUB_EFI_DHCP6_RELEASING, -+ GRUB_EFI_DHCP6_BOUND, -+ GRUB_EFI_DHCP6_RENEWING, -+ GRUB_EFI_DHCP6_REBINDING -+}; -+ -+typedef enum grub_efi_dhcp6_state grub_efi_dhcp6_state_t; -+ -+#define GRUB_EFI_DHCP6_IA_TYPE_NA 3 -+#define GRUB_EFI_DHCP6_IA_TYPE_TA 4 -+ -+struct grub_efi_dhcp6_ia_descriptor { -+ grub_efi_uint16_t type; -+ grub_efi_uint32_t ia_id; -+}; -+ -+typedef struct grub_efi_dhcp6_ia_descriptor grub_efi_dhcp6_ia_descriptor_t; -+ -+struct grub_efi_dhcp6_ia { -+ grub_efi_dhcp6_ia_descriptor_t descriptor; -+ grub_efi_dhcp6_state_t state; -+ grub_efi_dhcp6_packet_t *reply_packet; -+ grub_efi_uint32_t ia_address_count; -+ grub_efi_dhcp6_ia_address_t ia_address[1]; -+}; -+ -+typedef struct grub_efi_dhcp6_ia grub_efi_dhcp6_ia_t; -+ -+struct grub_efi_dhcp6_duid { -+ grub_efi_uint16_t length; -+ grub_efi_uint8_t duid[1]; -+}; -+ -+typedef struct grub_efi_dhcp6_duid grub_efi_dhcp6_duid_t; -+ -+struct grub_efi_dhcp6_mode_data { -+ grub_efi_dhcp6_duid_t *client_id; -+ grub_efi_dhcp6_ia_t *ia; -+}; -+ -+typedef struct grub_efi_dhcp6_mode_data grub_efi_dhcp6_mode_data_t; -+ -+struct grub_efi_dhcp6_config_data { -+ grub_efi_status_t (*dhcp6_callback) (grub_efi_dhcp6_protocol_t this, -+ void *context, -+ grub_efi_dhcp6_state_t current_state, -+ grub_efi_dhcp6_event_t dhcp6_event, -+ grub_efi_dhcp6_packet_t *packet, -+ grub_efi_dhcp6_packet_t **new_packet); -+ void *callback_context; -+ grub_efi_uint32_t option_count; -+ grub_efi_dhcp6_packet_option_t **option_list; -+ grub_efi_dhcp6_ia_descriptor_t ia_descriptor; -+ grub_efi_event_t ia_info_event; -+ grub_efi_boolean_t reconfigure_accept; -+ grub_efi_boolean_t rapid_commit; -+ grub_efi_dhcp6_retransmission_t *solicit_retransmission; -+}; -+ -+typedef struct grub_efi_dhcp6_config_data grub_efi_dhcp6_config_data_t; -+ -+struct grub_efi_dhcp6_protocol { -+ grub_efi_status_t (*get_mode_data) (grub_efi_dhcp6_protocol_t *this, -+ grub_efi_dhcp6_mode_data_t *dhcp6_mode_data, -+ grub_efi_dhcp6_config_data_t *dhcp6_config_data); -+ grub_efi_status_t (*configure) (grub_efi_dhcp6_protocol_t *this, -+ grub_efi_dhcp6_config_data_t *dhcp6_cfg_data); -+ grub_efi_status_t (*start) (grub_efi_dhcp6_protocol_t *this); -+ grub_efi_status_t (*info_request) (grub_efi_dhcp6_protocol_t *this, -+ grub_efi_boolean_t send_client_id, -+ grub_efi_dhcp6_packet_option_t *option_request, -+ grub_efi_uint32_t option_count, -+ grub_efi_dhcp6_packet_option_t *option_list[], -+ grub_efi_dhcp6_retransmission_t *retransmission, -+ grub_efi_event_t timeout_event, -+ grub_efi_status_t (*reply_callback) (grub_efi_dhcp6_protocol_t *this, -+ void *context, -+ grub_efi_dhcp6_packet_t *packet), -+ void *callback_context); -+ grub_efi_status_t (*renew_rebind) (grub_efi_dhcp6_protocol_t *this, -+ grub_efi_boolean_t rebind_request); -+ grub_efi_status_t (*decline) (grub_efi_dhcp6_protocol_t *this, -+ grub_efi_uint32_t address_count, -+ grub_efi_ipv6_address_t *addresses); -+ grub_efi_status_t (*release) (grub_efi_dhcp6_protocol_t *this, -+ grub_efi_uint32_t address_count, -+ grub_efi_ipv6_address_t *addresses); -+ grub_efi_status_t (*stop) (grub_efi_dhcp6_protocol_t *this); -+ grub_efi_status_t (*parse) (grub_efi_dhcp6_protocol_t *this, -+ grub_efi_dhcp6_packet_t *packet, -+ grub_efi_uint32_t *option_count, -+ grub_efi_dhcp6_packet_option_t *packet_option_list[]); -+}; -+ -+#endif /* ! GRUB_EFI_DHCP_HEADER */ -diff --git a/include/grub/efi/http.h b/include/grub/efi/http.h -new file mode 100644 -index 0000000000..c5e9a89f50 ---- /dev/null -+++ b/include/grub/efi/http.h -@@ -0,0 +1,215 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2006,2007,2008 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#ifndef GRUB_EFI_HTTP_HEADER -+#define GRUB_EFI_HTTP_HEADER 1 -+ -+#include -+#include -+#include -+ -+#define GRUB_EFI_HTTP_SERVICE_BINDING_PROTOCOL_GUID \ -+ { 0xbdc8e6af, 0xd9bc, 0x4379, \ -+ { 0xa7, 0x2a, 0xe0, 0xc4, 0xe7, 0x5d, 0xae, 0x1c } \ -+ } -+ -+#define GRUB_EFI_HTTP_PROTOCOL_GUID \ -+ { 0x7A59B29B, 0x910B, 0x4171, \ -+ { 0x82, 0x42, 0xA8, 0x5A, 0x0D, 0xF2, 0x5B, 0x5B } \ -+ } -+ -+#define EFIHTTP_WAIT_TIME 10000 // 10000ms = 10s -+#define EFIHTTP_RX_BUF_LEN 10240 -+ -+//****************************************** -+// Protocol Interface Structure -+//****************************************** -+struct grub_efi_http; -+ -+//****************************************** -+// EFI_HTTP_VERSION -+//****************************************** -+typedef enum { -+ GRUB_EFI_HTTPVERSION10, -+ GRUB_EFI_HTTPVERSION11, -+ GRUB_EFI_HTTPVERSIONUNSUPPORTED -+} grub_efi_http_version_t; -+ -+//****************************************** -+// EFI_HTTPv4_ACCESS_POINT -+//****************************************** -+typedef struct { -+ grub_efi_boolean_t use_default_address; -+ grub_efi_ipv4_address_t local_address; -+ grub_efi_ipv4_address_t local_subnet; -+ grub_efi_uint16_t local_port; -+} grub_efi_httpv4_access_point_t; -+ -+//****************************************** -+// EFI_HTTPv6_ACCESS_POINT -+//****************************************** -+typedef struct { -+ grub_efi_ipv6_address_t local_address; -+ grub_efi_uint16_t local_port; -+} grub_efi_httpv6_access_point_t; -+ -+//****************************************** -+// EFI_HTTP_CONFIG_DATA -+//****************************************** -+typedef struct { -+ grub_efi_http_version_t http_version; -+ grub_efi_uint32_t timeout_millisec; -+ grub_efi_boolean_t local_address_is_ipv6; -+ union { -+ grub_efi_httpv4_access_point_t *ipv4_node; -+ grub_efi_httpv6_access_point_t *ipv6_node; -+ } access_point; -+} grub_efi_http_config_data_t; -+ -+//****************************************** -+// EFI_HTTP_METHOD -+//****************************************** -+typedef enum { -+ GRUB_EFI_HTTPMETHODGET, -+ GRUB_EFI_HTTPMETHODPOST, -+ GRUB_EFI_HTTPMETHODPATCH, -+ GRUB_EFI_HTTPMETHODOPTIONS, -+ GRUB_EFI_HTTPMETHODCONNECT, -+ GRUB_EFI_HTTPMETHODHEAD, -+ GRUB_EFI_HTTPMETHODPUT, -+ GRUB_EFI_HTTPMETHODDELETE, -+ GRUB_EFI_HTTPMETHODTRACE, -+} grub_efi_http_method_t; -+ -+//****************************************** -+// EFI_HTTP_REQUEST_DATA -+//****************************************** -+typedef struct { -+ grub_efi_http_method_t method; -+ grub_efi_char16_t *url; -+} grub_efi_http_request_data_t; -+ -+typedef enum { -+ GRUB_EFI_HTTP_STATUS_UNSUPPORTED_STATUS = 0, -+ GRUB_EFI_HTTP_STATUS_100_CONTINUE, -+ GRUB_EFI_HTTP_STATUS_101_SWITCHING_PROTOCOLS, -+ GRUB_EFI_HTTP_STATUS_200_OK, -+ GRUB_EFI_HTTP_STATUS_201_CREATED, -+ GRUB_EFI_HTTP_STATUS_202_ACCEPTED, -+ GRUB_EFI_HTTP_STATUS_203_NON_AUTHORITATIVE_INFORMATION, -+ GRUB_EFI_HTTP_STATUS_204_NO_CONTENT, -+ GRUB_EFI_HTTP_STATUS_205_RESET_CONTENT, -+ GRUB_EFI_HTTP_STATUS_206_PARTIAL_CONTENT, -+ GRUB_EFI_HTTP_STATUS_300_MULTIPLE_CHIOCES, -+ GRUB_EFI_HTTP_STATUS_301_MOVED_PERMANENTLY, -+ GRUB_EFI_HTTP_STATUS_302_FOUND, -+ GRUB_EFI_HTTP_STATUS_303_SEE_OTHER, -+ GRUB_EFI_HTTP_STATUS_304_NOT_MODIFIED, -+ GRUB_EFI_HTTP_STATUS_305_USE_PROXY, -+ GRUB_EFI_HTTP_STATUS_307_TEMPORARY_REDIRECT, -+ GRUB_EFI_HTTP_STATUS_400_BAD_REQUEST, -+ GRUB_EFI_HTTP_STATUS_401_UNAUTHORIZED, -+ GRUB_EFI_HTTP_STATUS_402_PAYMENT_REQUIRED, -+ GRUB_EFI_HTTP_STATUS_403_FORBIDDEN, -+ GRUB_EFI_HTTP_STATUS_404_NOT_FOUND, -+ GRUB_EFI_HTTP_STATUS_405_METHOD_NOT_ALLOWED, -+ GRUB_EFI_HTTP_STATUS_406_NOT_ACCEPTABLE, -+ GRUB_EFI_HTTP_STATUS_407_PROXY_AUTHENTICATION_REQUIRED, -+ GRUB_EFI_HTTP_STATUS_408_REQUEST_TIME_OUT, -+ GRUB_EFI_HTTP_STATUS_409_CONFLICT, -+ GRUB_EFI_HTTP_STATUS_410_GONE, -+ GRUB_EFI_HTTP_STATUS_411_LENGTH_REQUIRED, -+ GRUB_EFI_HTTP_STATUS_412_PRECONDITION_FAILED, -+ GRUB_EFI_HTTP_STATUS_413_REQUEST_ENTITY_TOO_LARGE, -+ GRUB_EFI_HTTP_STATUS_414_REQUEST_URI_TOO_LARGE, -+ GRUB_EFI_HTTP_STATUS_415_UNSUPPORTED_MEDIA_TYPE, -+ GRUB_EFI_HTTP_STATUS_416_REQUESTED_RANGE_NOT_SATISFIED, -+ GRUB_EFI_HTTP_STATUS_417_EXPECTATION_FAILED, -+ GRUB_EFI_HTTP_STATUS_500_INTERNAL_SERVER_ERROR, -+ GRUB_EFI_HTTP_STATUS_501_NOT_IMPLEMENTED, -+ GRUB_EFI_HTTP_STATUS_502_BAD_GATEWAY, -+ GRUB_EFI_HTTP_STATUS_503_SERVICE_UNAVAILABLE, -+ GRUB_EFI_HTTP_STATUS_504_GATEWAY_TIME_OUT, -+ GRUB_EFI_HTTP_STATUS_505_HTTP_VERSION_NOT_SUPPORTED -+} grub_efi_http_status_code_t; -+ -+//****************************************** -+// EFI_HTTP_RESPONSE_DATA -+//****************************************** -+typedef struct { -+ grub_efi_http_status_code_t status_code; -+} grub_efi_http_response_data_t; -+ -+//****************************************** -+// EFI_HTTP_HEADER -+//****************************************** -+typedef struct { -+ grub_efi_char8_t *field_name; -+ grub_efi_char8_t *field_value; -+} grub_efi_http_header_t; -+ -+//****************************************** -+// EFI_HTTP_MESSAGE -+//****************************************** -+typedef struct { -+ union { -+ grub_efi_http_request_data_t *request; -+ grub_efi_http_response_data_t *response; -+ } data; -+ grub_efi_uint32_t header_count; -+ grub_efi_http_header_t *headers; -+ grub_efi_uint32_t body_length; -+ void *body; -+} grub_efi_http_message_t; -+ -+//****************************************** -+// EFI_HTTP_TOKEN -+//****************************************** -+typedef struct { -+ grub_efi_event_t event; -+ grub_efi_status_t status; -+ grub_efi_http_message_t *message; -+} grub_efi_http_token_t; -+ -+struct grub_efi_http { -+ grub_efi_status_t -+ (*get_mode_data) (struct grub_efi_http *this, -+ grub_efi_http_config_data_t *http_config_data); -+ -+ grub_efi_status_t -+ (*configure) (struct grub_efi_http *this, -+ grub_efi_http_config_data_t *http_config_data); -+ -+ grub_efi_status_t -+ (*request) (struct grub_efi_http *this, -+ grub_efi_http_token_t *token); -+ -+ grub_efi_status_t -+ (*cancel) (struct grub_efi_http *this, -+ grub_efi_http_token_t *token); -+ -+ grub_efi_status_t -+ (*response) (struct grub_efi_http *this, -+ grub_efi_http_token_t *token); -+ -+ grub_efi_status_t -+ (*poll) (struct grub_efi_http *this); -+}; -+typedef struct grub_efi_http grub_efi_http_t; -+ -+#endif /* !GRUB_EFI_HTTP_HEADER */ -diff --git a/include/grub/net/efi.h b/include/grub/net/efi.h -new file mode 100644 -index 0000000000..de90d223e8 ---- /dev/null -+++ b/include/grub/net/efi.h -@@ -0,0 +1,144 @@ -+#ifndef GRUB_NET_EFI_HEADER -+#define GRUB_NET_EFI_HEADER 1 -+ -+#include -+#include -+#include -+#include -+ -+typedef struct grub_efi_net_interface grub_efi_net_interface_t; -+typedef struct grub_efi_net_ip_config grub_efi_net_ip_config_t; -+typedef union grub_efi_net_ip_address grub_efi_net_ip_address_t; -+typedef struct grub_efi_net_ip_manual_address grub_efi_net_ip_manual_address_t; -+ -+struct grub_efi_net_interface -+{ -+ char *name; -+ int prefer_ip6; -+ struct grub_efi_net_device *dev; -+ struct grub_efi_net_io *io; -+ grub_efi_net_ip_config_t *ip_config; -+ int io_type; -+ struct grub_efi_net_interface *next; -+}; -+ -+#define efi_net_interface_get_hw_address(inf) inf->ip_config->get_hw_address (inf->dev) -+#define efi_net_interface_get_address(inf) inf->ip_config->get_address (inf->dev) -+#define efi_net_interface_get_route_table(inf) inf->ip_config->get_route_table (inf->dev) -+#define efi_net_interface_set_address(inf, addr, with_subnet) inf->ip_config->set_address (inf->dev, addr, with_subnet) -+#define efi_net_interface_set_gateway(inf, addr) inf->ip_config->set_gateway (inf->dev, addr) -+#define efi_net_interface_set_dns(inf, addr) inf->ip_config->set_dns (inf->dev, addr) -+ -+struct grub_efi_net_ip_config -+{ -+ char * (*get_hw_address) (struct grub_efi_net_device *dev); -+ char * (*get_address) (struct grub_efi_net_device *dev); -+ char ** (*get_route_table) (struct grub_efi_net_device *dev); -+ grub_efi_net_interface_t * (*best_interface) (struct grub_efi_net_device *dev, grub_efi_net_ip_address_t *address); -+ int (*set_address) (struct grub_efi_net_device *dev, grub_efi_net_ip_manual_address_t *net_ip, int with_subnet); -+ int (*set_gateway) (struct grub_efi_net_device *dev, grub_efi_net_ip_address_t *address); -+ int (*set_dns) (struct grub_efi_net_device *dev, grub_efi_net_ip_address_t *dns); -+}; -+ -+union grub_efi_net_ip_address -+{ -+ grub_efi_ipv4_address_t ip4; -+ grub_efi_ipv6_address_t ip6; -+}; -+ -+struct grub_efi_net_ip_manual_address -+{ -+ int is_ip6; -+ union -+ { -+ grub_efi_ip4_config2_manual_address_t ip4; -+ grub_efi_ip6_config_manual_address_t ip6; -+ }; -+}; -+ -+struct grub_efi_net_device -+{ -+ grub_efi_handle_t handle; -+ grub_efi_ip4_config2_protocol_t *ip4_config; -+ grub_efi_ip6_config_protocol_t *ip6_config; -+ grub_efi_handle_t http_handle; -+ grub_efi_http_t *http; -+ grub_efi_handle_t ip4_pxe_handle; -+ grub_efi_pxe_t *ip4_pxe; -+ grub_efi_handle_t ip6_pxe_handle; -+ grub_efi_pxe_t *ip6_pxe; -+ grub_efi_handle_t dhcp4_handle; -+ grub_efi_dhcp4_protocol_t *dhcp4; -+ grub_efi_handle_t dhcp6_handle; -+ grub_efi_dhcp6_protocol_t *dhcp6; -+ char *card_name; -+ grub_efi_net_interface_t *net_interfaces; -+ struct grub_efi_net_device *next; -+}; -+ -+struct grub_efi_net_io -+{ -+ void (*configure) (struct grub_efi_net_device *dev, int prefer_ip6); -+ grub_err_t (*open) (struct grub_efi_net_device *dev, -+ int prefer_ip6, -+ grub_file_t file, -+ const char *filename, -+ int type); -+ grub_ssize_t (*read) (struct grub_efi_net_device *dev, -+ int prefer_ip6, -+ grub_file_t file, -+ char *buf, -+ grub_size_t len); -+ grub_err_t (*close) (struct grub_efi_net_device *dev, -+ int prefer_ip6, -+ grub_file_t file); -+}; -+ -+extern struct grub_efi_net_device *net_devices; -+ -+extern struct grub_efi_net_io io_http; -+extern struct grub_efi_net_io io_pxe; -+ -+extern grub_efi_net_ip_config_t *efi_net_ip4_config; -+extern grub_efi_net_ip_config_t *efi_net_ip6_config; -+ -+char * -+grub_efi_ip4_address_to_string (grub_efi_ipv4_address_t *address); -+ -+char * -+grub_efi_ip6_address_to_string (grub_efi_pxe_ipv6_address_t *address); -+ -+char * -+grub_efi_hw_address_to_string (grub_efi_uint32_t hw_address_size, grub_efi_mac_address_t hw_address); -+ -+int -+grub_efi_string_to_ip4_address (const char *val, grub_efi_ipv4_address_t *address, const char **rest); -+ -+int -+grub_efi_string_to_ip6_address (const char *val, grub_efi_ipv6_address_t *address, const char **rest); -+ -+char * -+grub_efi_ip6_interface_name (struct grub_efi_net_device *dev); -+ -+char * -+grub_efi_ip4_interface_name (struct grub_efi_net_device *dev); -+ -+grub_efi_net_interface_t * -+grub_efi_net_create_interface (struct grub_efi_net_device *dev, -+ const char *interface_name, -+ grub_efi_net_ip_manual_address_t *net_ip, -+ int has_subnet); -+ -+int grub_efi_net_fs_init (void); -+void grub_efi_net_fs_fini (void); -+int grub_efi_net_boot_from_https (void); -+int grub_efi_net_boot_from_opa (void); -+ -+extern grub_command_func_t grub_efi_net_list_routes; -+extern grub_command_func_t grub_efi_net_list_cards; -+extern grub_command_func_t grub_efi_net_list_addrs; -+extern grub_command_func_t grub_efi_net_add_addr; -+extern grub_command_func_t grub_efi_net_bootp; -+extern grub_command_func_t grub_efi_net_bootp6; -+ -+#endif /* ! GRUB_NET_EFI_HEADER */ diff --git a/SPECS/grub2/fedora/0080-AUDIT-0-http-boot-tracker-bug.patch b/SPECS/grub2/fedora/0080-AUDIT-0-http-boot-tracker-bug.patch deleted file mode 100644 index b4872711fc..0000000000 --- a/SPECS/grub2/fedora/0080-AUDIT-0-http-boot-tracker-bug.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Sebastian Krahmer -Date: Tue, 28 Nov 2017 17:24:38 +0800 -Subject: [PATCH] AUDIT-0: http boot tracker bug - -Fixing a memory leak in case of error, and a integer overflow, leading to a -heap overflow due to overly large chunk sizes. - -We need to check against some maximum value, otherwise values like 0xffffffff -will eventually lead in the allocation functions to small sized buffers, since -the len is rounded up to the next reasonable alignment. The following memcpy -will then smash the heap, leading to RCE. - -This is no big issue for pure http boot, since its going to execute an -untrusted kernel anyway, but it will break trusted boot scenarios, where only -signed code is allowed to be executed. - -Signed-off-by: Michael Chang ---- - grub-core/net/efi/net.c | 4 +++- - grub-core/net/http.c | 5 ++++- - 2 files changed, 7 insertions(+), 2 deletions(-) - -diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c -index 86bce6535d..4bb308026c 100644 ---- a/grub-core/net/efi/net.c -+++ b/grub-core/net/efi/net.c -@@ -645,8 +645,10 @@ grub_efihttp_chunk_read (grub_file_t file, char *buf, - - rd = efi_net_interface (read, file, chunk, sz); - -- if (rd <= 0) -+ if (rd <= 0) { -+ grub_free (chunk); - return rd; -+ } - - if (buf) - { -diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index 12a2632ea5..b52b558d63 100644 ---- a/grub-core/net/http.c -+++ b/grub-core/net/http.c -@@ -31,7 +31,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); - - enum - { -- HTTP_PORT = 80 -+ HTTP_PORT = 80, -+ HTTP_MAX_CHUNK_SIZE = 0x80000000 - }; - - -@@ -78,6 +79,8 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) - if (data->in_chunk_len == 2) - { - data->chunk_rem = grub_strtoul (ptr, 0, 16); -+ if (data->chunk_rem > HTTP_MAX_CHUNK_SIZE) -+ return GRUB_ERR_NET_PACKET_TOO_BIG; - grub_errno = GRUB_ERR_NONE; - if (data->chunk_rem == 0) - { diff --git a/SPECS/grub2/fedora/0081-grub-editenv-Add-incr-command-to-increment-integer-v.patch b/SPECS/grub2/fedora/0081-grub-editenv-Add-incr-command-to-increment-integer-v.patch deleted file mode 100644 index 6e2e4e27ec..0000000000 --- a/SPECS/grub2/fedora/0081-grub-editenv-Add-incr-command-to-increment-integer-v.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Mon, 4 Jun 2018 19:49:47 +0200 -Subject: [PATCH] grub-editenv: Add "incr" command to increment integer value - env. variables - -To be able to automatically detect if the last boot was successful, -We want to keep count of succesful / failed boots in some integer -environment variable. - -This commit adds a grub-editenvt "incr" command to increment such -integer value env. variables by 1 for use from various boot scripts. - -Signed-off-by: Hans de Goede ---- - util/grub-editenv.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 50 insertions(+) - -diff --git a/util/grub-editenv.c b/util/grub-editenv.c -index db6f187cc6..948eec8a11 100644 ---- a/util/grub-editenv.c -+++ b/util/grub-editenv.c -@@ -53,6 +53,9 @@ static struct argp_option options[] = { - /* TRANSLATORS: "unset" is a keyword. It's a summary of "unset" subcommand. */ - {N_("unset [NAME ...]"), 0, 0, OPTION_DOC|OPTION_NO_USAGE, - N_("Delete variables."), 0}, -+ /* TRANSLATORS: "incr" is a keyword. It's a summary of "incr" subcommand. */ -+ {N_("incr [NAME ...]"), 0, 0, OPTION_DOC|OPTION_NO_USAGE, -+ N_("Increase value of integer variables."), 0}, - - {0, 0, 0, OPTION_DOC, N_("Options:"), -1}, - {"verbose", 'v', 0, 0, N_("print verbose messages."), 0}, -@@ -253,6 +256,51 @@ unset_variables (const char *name, int argc, char *argv[]) - grub_envblk_close (envblk); - } - -+struct get_int_value_params { -+ char *varname; -+ int value; -+}; -+ -+static int -+get_int_value (const char *varname, const char *value, void *hook_data) -+{ -+ struct get_int_value_params *params = hook_data; -+ -+ if (strcmp (varname, params->varname) == 0) { -+ params->value = strtol (value, NULL, 10); -+ return 1; -+ } -+ return 0; -+} -+ -+static void -+incr_variables (const char *name, int argc, char *argv[]) -+{ -+ grub_envblk_t envblk; -+ char buf[16]; -+ -+ envblk = open_envblk_file (name); -+ while (argc) -+ { -+ struct get_int_value_params params = { -+ .varname = argv[0], -+ .value = 0, /* Consider unset variables 0 */ -+ }; -+ -+ grub_envblk_iterate (envblk, ¶ms, get_int_value); -+ snprintf(buf, sizeof(buf), "%d", params.value + 1); -+ -+ if (! grub_envblk_set (envblk, argv[0], buf)) -+ grub_util_error ("%s", _("environment block too small")); -+ -+ argc--; -+ argv++; -+ } -+ -+ write_envblk (name, envblk); -+ grub_envblk_close (envblk); -+} -+ - int - main (int argc, char *argv[]) - { -@@ -292,6 +340,8 @@ main (int argc, char *argv[]) - set_variables (filename, argc - curindex, argv + curindex); - else if (strcmp (command, "unset") == 0) - unset_variables (filename, argc - curindex, argv + curindex); -+ else if (strcmp (command, "incr") == 0) -+ incr_variables (filename, argc - curindex, argv + curindex); - else - { - char *program = xstrdup(program_name); diff --git a/SPECS/grub2/fedora/0083-Add-grub-set-bootflag-utility.patch b/SPECS/grub2/fedora/0083-Add-grub-set-bootflag-utility.patch deleted file mode 100644 index 495bb1394a..0000000000 --- a/SPECS/grub2/fedora/0083-Add-grub-set-bootflag-utility.patch +++ /dev/null @@ -1,290 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Tue, 12 Jun 2018 13:25:16 +0200 -Subject: [PATCH] Add grub-set-bootflag utility - -This commit adds a new grub-set-bootflag utility, which can be used -to set known bootflags in the grubenv: boot_success or menu_show_once. - -grub-set-bootflag is different from grub-editenv in 2 ways: - -1) It is intended to be executed by regular users so must be installed -as suid root. As such it is written to not use any existing grubenv -related code for easy auditing. - -It can't be executed through pkexec because we want to call it under gdm -and pkexec does not work under gdm due the gdm user having /sbin/nologin -as shell. - -2) Since it can be executed by regular users it only allows setting -(assigning a value of 1 to) bootflags which it knows about. Currently -those are just boot_success and menu_show_once. - -This commit also adds a couple of example systemd and files which show -how this can be used to set boot_success from a user-session: - -docs/grub-boot-success.service -docs/grub-boot-success.timer - -The 2 grub-boot-success.systemd files should be placed in /lib/systemd/user -and a symlink to grub-boot-success.timer should be added to -/lib/systemd/user/timers.target.wants. - -Signed-off-by: Hans de Goede -[makhomed: grub-boot-success.timer: Only run if not in a container] -Signed-off-by: Gena Makhomed -[rharwood: migrate to h2m] -Signed-off-by: Robbie Harwood ---- - Makefile.util.def | 7 ++ - util/grub-set-bootflag.c | 172 +++++++++++++++++++++++++++++++++++++++++ - conf/Makefile.extra-dist | 3 + - docs/grub-boot-success.service | 6 ++ - docs/grub-boot-success.timer | 7 ++ - docs/man/grub-set-bootflag.h2m | 2 + - 6 files changed, 197 insertions(+) - create mode 100644 util/grub-set-bootflag.c - create mode 100644 docs/grub-boot-success.service - create mode 100644 docs/grub-boot-success.timer - create mode 100644 docs/man/grub-set-bootflag.h2m - -diff --git a/Makefile.util.def b/Makefile.util.def -index cb8e3c3270..d066652e9b 100644 ---- a/Makefile.util.def -+++ b/Makefile.util.def -@@ -1429,3 +1429,10 @@ program = { - ldadd = grub-core/lib/gnulib/libgnu.a; - ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)'; - }; -+ -+program = { -+ name = grub-set-bootflag; -+ installdir = sbin; -+ mansection = 1; -+ common = util/grub-set-bootflag.c; -+}; -diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c -new file mode 100644 -index 0000000000..d506f7e75b ---- /dev/null -+++ b/util/grub-set-bootflag.c -@@ -0,0 +1,172 @@ -+/* grub-set-bootflag.c - tool to set boot-flags in the grubenv. */ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2018 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+/* -+ * NOTE this gets run by users as root (through pkexec), so this does not -+ * use any grub library / util functions to allow for easy auditing. -+ * The grub headers are only included to get certain defines. -+ */ -+ -+#include /* For *_DIR_NAME defines */ -+#include -+#include /* For GRUB_ENVBLK_DEFCFG define */ -+#include -+#include -+#include -+#include -+ -+#include "progname.h" -+ -+#define GRUBENV "/" GRUB_BOOT_DIR_NAME "/" GRUB_DIR_NAME "/" GRUB_ENVBLK_DEFCFG -+#define GRUBENV_SIZE 1024 -+ -+const char *bootflags[] = { -+ "boot_success", -+ "menu_show_once", -+ NULL -+}; -+ -+static void usage(FILE *out) -+{ -+ int i; -+ -+ fprintf (out, "Usage: 'grub-set-bootflag ', where is one of:\n"); -+ for (i = 0; bootflags[i]; i++) -+ fprintf (out, " %s\n", bootflags[i]); -+} -+ -+int main(int argc, char *argv[]) -+{ -+ /* NOTE buf must be at least the longest bootflag length + 4 bytes */ -+ char env[GRUBENV_SIZE + 1], buf[64], *s; -+ const char *bootflag; -+ int i, len, ret; -+ FILE *f; -+ -+ if (argc != 2) -+ { -+ usage (stderr); -+ return 1; -+ } -+ else if (!strcmp (argv[1], "--help")) -+ { -+ usage (stdout); -+ return 0; -+ } -+ else if (!strcmp (argv[1], "--version")) -+ { -+ printf ("grub-set-bootflag (%s) %s\n", PACKAGE_NAME, PACKAGE_VERSION); -+ return 0; -+ } -+ -+ for (i = 0; bootflags[i]; i++) -+ if (!strcmp (argv[1], bootflags[i])) -+ break; -+ if (!bootflags[i]) -+ { -+ fprintf (stderr, "Invalid bootflag: '%s'\n", argv[1]); -+ usage (stderr); -+ return 1; -+ } -+ -+ bootflag = bootflags[i]; -+ len = strlen (bootflag); -+ -+ f = fopen (GRUBENV, "r"); -+ if (!f) -+ { -+ perror ("Error opening " GRUBENV " for reading"); -+ return 1; -+ } -+ -+ ret = fread (env, 1, GRUBENV_SIZE, f); -+ fclose (f); -+ if (ret != GRUBENV_SIZE) -+ { -+ errno = EINVAL; -+ perror ("Error reading from " GRUBENV); -+ return 1; -+ } -+ -+ /* 0 terminate env */ -+ env[GRUBENV_SIZE] = 0; -+ -+ if (strncmp (env, GRUB_ENVBLK_SIGNATURE, strlen (GRUB_ENVBLK_SIGNATURE))) -+ { -+ fprintf (stderr, "Error invalid environment block\n"); -+ return 1; -+ } -+ -+ /* Find a pre-existing definition of the bootflag */ -+ s = strstr (env, bootflag); -+ while (s && s[len] != '=') -+ s = strstr (s + len, bootflag); -+ -+ if (s && ((s[len + 1] != '0' && s[len + 1] != '1') || s[len + 2] != '\n')) -+ { -+ fprintf (stderr, "Pre-existing bootflag '%s' has unexpected value\n", bootflag); -+ return 1; -+ } -+ -+ /* No pre-existing bootflag? -> find free space */ -+ if (!s) -+ { -+ for (i = 0; i < (len + 3); i++) -+ buf[i] = '#'; -+ buf[i] = 0; -+ s = strstr (env, buf); -+ } -+ -+ if (!s) -+ { -+ fprintf (stderr, "No space in grubenv to store bootflag '%s'\n", bootflag); -+ return 1; -+ } -+ -+ /* The grubenv is not 0 terminated, so memcpy the name + '=' , '1', '\n' */ -+ snprintf(buf, sizeof(buf), "%s=1\n", bootflag); -+ memcpy(s, buf, len + 3); -+ -+ /* "r+", don't truncate so that the diskspace stays reserved */ -+ f = fopen (GRUBENV, "r+"); -+ if (!f) -+ { -+ perror ("Error opening " GRUBENV " for writing"); -+ return 1; -+ } -+ -+ ret = fwrite (env, 1, GRUBENV_SIZE, f); -+ if (ret != GRUBENV_SIZE) -+ { -+ perror ("Error writing to " GRUBENV); -+ return 1; -+ } -+ -+ ret = fflush (f); -+ if (ret) -+ { -+ perror ("Error flushing " GRUBENV); -+ return 1; -+ } -+ -+ fsync (fileno (f)); -+ fclose (f); -+ -+ return 0; -+} -diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist -index 8f1485d52a..ad235de7fc 100644 ---- a/conf/Makefile.extra-dist -+++ b/conf/Makefile.extra-dist -@@ -15,6 +15,9 @@ EXTRA_DIST += docs/man - EXTRA_DIST += docs/autoiso.cfg - EXTRA_DIST += docs/grub.cfg - EXTRA_DIST += docs/osdetect.cfg -+EXTRA_DIST += docs/org.gnu.grub.policy -+EXTRA_DIST += docs/grub-boot-success.service -+EXTRA_DIST += docs/grub-boot-success.timer - - EXTRA_DIST += conf/i386-cygwin-img-ld.sc - -diff --git a/docs/grub-boot-success.service b/docs/grub-boot-success.service -new file mode 100644 -index 0000000000..80e79584c9 ---- /dev/null -+++ b/docs/grub-boot-success.service -@@ -0,0 +1,6 @@ -+[Unit] -+Description=Mark boot as successful -+ -+[Service] -+Type=oneshot -+ExecStart=/usr/sbin/grub2-set-bootflag boot_success -diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer -new file mode 100644 -index 0000000000..406f172005 ---- /dev/null -+++ b/docs/grub-boot-success.timer -@@ -0,0 +1,7 @@ -+[Unit] -+Description=Mark boot as successful after the user session has run 2 minutes -+ConditionUser=!@system -+ConditionVirtualization=!container -+ -+[Timer] -+OnActiveSec=2min -diff --git a/docs/man/grub-set-bootflag.h2m b/docs/man/grub-set-bootflag.h2m -new file mode 100644 -index 0000000000..94ec0b92ed ---- /dev/null -+++ b/docs/man/grub-set-bootflag.h2m -@@ -0,0 +1,2 @@ -+[NAME] -+grub-set-bootflag \- set a bootflag in the GRUB environment block diff --git a/SPECS/grub2/fedora/0084-docs-Add-grub-boot-indeterminate.service-example.patch b/SPECS/grub2/fedora/0084-docs-Add-grub-boot-indeterminate.service-example.patch deleted file mode 100644 index 96eff36897..0000000000 --- a/SPECS/grub2/fedora/0084-docs-Add-grub-boot-indeterminate.service-example.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Tue, 19 Jun 2018 15:20:54 +0200 -Subject: [PATCH] docs: Add grub-boot-indeterminate.service example - -This is an example service file, for use from -/lib/systemd/system/system-update.target.wants -to increment the boot_indeterminate variable when -doing offline updates. - -Signed-off-by: Hans de Goede ---- - docs/grub-boot-indeterminate.service | 11 +++++++++++ - 1 file changed, 11 insertions(+) - create mode 100644 docs/grub-boot-indeterminate.service - -diff --git a/docs/grub-boot-indeterminate.service b/docs/grub-boot-indeterminate.service -new file mode 100644 -index 0000000000..6c8dcb186b ---- /dev/null -+++ b/docs/grub-boot-indeterminate.service -@@ -0,0 +1,11 @@ -+[Unit] -+Description=Mark boot as indeterminate -+DefaultDependencies=false -+Requires=sysinit.target -+After=sysinit.target -+Wants=system-update-pre.target -+Before=system-update-pre.target -+ -+[Service] -+Type=oneshot -+ExecStart=/usr/bin/grub2-editenv - incr boot_indeterminate diff --git a/SPECS/grub2/fedora/0085-gentpl-add-disable-support.patch b/SPECS/grub2/fedora/0085-gentpl-add-disable-support.patch deleted file mode 100644 index 3b305e65d9..0000000000 --- a/SPECS/grub2/fedora/0085-gentpl-add-disable-support.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 11 Jul 2018 13:43:15 -0400 -Subject: [PATCH] gentpl: add 'disable = ' support - -Signed-off-by: Peter Jones ---- - gentpl.py | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - -diff --git a/gentpl.py b/gentpl.py -index c86550d4f9..f3c5f84f85 100644 ---- a/gentpl.py -+++ b/gentpl.py -@@ -592,11 +592,21 @@ def platform_conditional(platform, closure): - # }; - # - def foreach_enabled_platform(defn, closure): -+ enabled = False -+ disabled = False - if 'enable' in defn: -+ enabled = True - for platform in GRUB_PLATFORMS: - if platform_tagged(defn, platform, "enable"): - platform_conditional(platform, closure) -- else: -+ -+ if 'disable' in defn: -+ disabled = True -+ for platform in GRUB_PLATFORMS: -+ if not platform_tagged(defn, platform, "disable"): -+ platform_conditional(platform, closure) -+ -+ if not enabled and not disabled: - for platform in GRUB_PLATFORMS: - platform_conditional(platform, closure) - -@@ -655,6 +665,8 @@ def first_time(defn, snippet): - def is_platform_independent(defn): - if 'enable' in defn: - return False -+ if 'disable' in defn: -+ return False - for suffix in [ "", "_nodist" ]: - template = platform_values(defn, GRUB_PLATFORMS[0], suffix) - for platform in GRUB_PLATFORMS[1:]: diff --git a/SPECS/grub2/fedora/0086-gentpl-add-pc-firmware-type.patch b/SPECS/grub2/fedora/0086-gentpl-add-pc-firmware-type.patch deleted file mode 100644 index 0bfd2eac99..0000000000 --- a/SPECS/grub2/fedora/0086-gentpl-add-pc-firmware-type.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 11 Jul 2019 11:04:24 +0200 -Subject: [PATCH] gentpl: add 'pc' firmware type - -Signed-off-by: Peter Jones ---- - gentpl.py | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/gentpl.py b/gentpl.py -index f3c5f84f85..f09b336869 100644 ---- a/gentpl.py -+++ b/gentpl.py -@@ -51,6 +51,7 @@ GROUPS["riscv32"] = [ "riscv32_efi" ] - GROUPS["riscv64"] = [ "riscv64_efi" ] - - # Groups based on firmware -+GROUPS["pc"] = [ "i386_pc" ] - GROUPS["efi"] = [ "i386_efi", "x86_64_efi", "ia64_efi", "arm_efi", "arm64_efi", - "riscv32_efi", "riscv64_efi" ] - GROUPS["ieee1275"] = [ "i386_ieee1275", "sparc64_ieee1275", "powerpc_ieee1275" ] diff --git a/SPECS/grub2/fedora/0087-efinet-also-use-the-firmware-acceleration-for-http.patch b/SPECS/grub2/fedora/0087-efinet-also-use-the-firmware-acceleration-for-http.patch deleted file mode 100644 index a3a9400214..0000000000 --- a/SPECS/grub2/fedora/0087-efinet-also-use-the-firmware-acceleration-for-http.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 30 Jul 2018 14:06:42 -0400 -Subject: [PATCH] efinet: also use the firmware acceleration for http - -Signed-off-by: Peter Jones ---- - grub-core/net/efi/net.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c -index 4bb308026c..6603cd83ed 100644 ---- a/grub-core/net/efi/net.c -+++ b/grub-core/net/efi/net.c -@@ -1324,7 +1324,9 @@ grub_efi_net_boot_from_https (void) - && (subtype == GRUB_EFI_URI_DEVICE_PATH_SUBTYPE)) - { - grub_efi_uri_device_path_t *uri_dp = (grub_efi_uri_device_path_t *) dp; -- return (grub_strncmp ((const char*)uri_dp->uri, "https://", sizeof ("https://") - 1) == 0) ? 1 : 0; -+ grub_dprintf ("efinet", "url:%s\n", (const char *)uri_dp->uri); -+ return (grub_strncmp ((const char *)uri_dp->uri, "https://", sizeof ("https://") - 1) == 0 || -+ grub_strncmp ((const char *)uri_dp->uri, "http://", sizeof ("http://") - 1) == 0); - } - - if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp)) diff --git a/SPECS/grub2/fedora/0088-efi-http-Make-root_url-reflect-the-protocol-hostname.patch b/SPECS/grub2/fedora/0088-efi-http-Make-root_url-reflect-the-protocol-hostname.patch deleted file mode 100644 index 90d97773fa..0000000000 --- a/SPECS/grub2/fedora/0088-efi-http-Make-root_url-reflect-the-protocol-hostname.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 30 Jul 2018 16:39:57 -0400 -Subject: [PATCH] efi/http: Make root_url reflect the protocol+hostname of our - boot url. - -This lets you write config files that don't know urls. - -Signed-off-by: Peter Jones ---- - grub-core/net/efi/http.c | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c -index 3f61fd2fa5..243acbaa35 100644 ---- a/grub-core/net/efi/http.c -+++ b/grub-core/net/efi/http.c -@@ -4,6 +4,7 @@ - #include - #include - #include -+#include - - static void - http_configure (struct grub_efi_net_device *dev, int prefer_ip6) -@@ -351,6 +352,24 @@ grub_efihttp_open (struct grub_efi_net_device *dev, - grub_err_t err; - grub_off_t size; - char *buf; -+ char *root_url; -+ grub_efi_ipv6_address_t address; -+ const char *rest; -+ -+ if (grub_efi_string_to_ip6_address (file->device->net->server, &address, &rest) && *rest == 0) -+ root_url = grub_xasprintf ("%s://[%s]", type ? "https" : "http", file->device->net->server); -+ else -+ root_url = grub_xasprintf ("%s://%s", type ? "https" : "http", file->device->net->server); -+ if (root_url) -+ { -+ grub_env_unset ("root_url"); -+ grub_env_set ("root_url", root_url); -+ grub_free (root_url); -+ } -+ else -+ { -+ return grub_errno; -+ } - - err = efihttp_request (dev->http, file->device->net->server, file->device->net->name, type, 1, 0); - if (err != GRUB_ERR_NONE) diff --git a/SPECS/grub2/fedora/0090-module-verifier-make-it-possible-to-run-checkers-on-.patch b/SPECS/grub2/fedora/0090-module-verifier-make-it-possible-to-run-checkers-on-.patch deleted file mode 100644 index 78c15d6f05..0000000000 --- a/SPECS/grub2/fedora/0090-module-verifier-make-it-possible-to-run-checkers-on-.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 1 Aug 2018 10:24:52 -0400 -Subject: [PATCH] module-verifier: make it possible to run checkers on - grub-module-verifierxx.c - -This makes it so you can treat grub-module-verifierxx.c as a file you can -build directly, so syntax checkers like vim's "syntastic" plugin, which uses -"gcc -x c -fsyntax-only" to build it, will work. - -One still has to do whatever setup is required to make it pick the right -include dirs, which -W options we use, etc., but this makes it so you can do -the checking on the file you're editing, rather than on a different file. - -v2: fix the typo in the #else clause in util/grub-module-verifierXX.c - -Signed-off-by: Peter Jones ---- - util/grub-module-verifier32.c | 2 ++ - util/grub-module-verifier64.c | 2 ++ - util/grub-module-verifierXX.c | 9 +++++++++ - 3 files changed, 13 insertions(+) - -diff --git a/util/grub-module-verifier32.c b/util/grub-module-verifier32.c -index 257229f8f0..ba7d41aafe 100644 ---- a/util/grub-module-verifier32.c -+++ b/util/grub-module-verifier32.c -@@ -1,2 +1,4 @@ - #define MODULEVERIFIER_ELF32 1 -+#ifndef GRUB_MODULE_VERIFIERXX - #include "grub-module-verifierXX.c" -+#endif -diff --git a/util/grub-module-verifier64.c b/util/grub-module-verifier64.c -index 4db6b4bedd..fc23ef800b 100644 ---- a/util/grub-module-verifier64.c -+++ b/util/grub-module-verifier64.c -@@ -1,2 +1,4 @@ - #define MODULEVERIFIER_ELF64 1 -+#ifndef GRUB_MODULE_VERIFIERXX - #include "grub-module-verifierXX.c" -+#endif -diff --git a/util/grub-module-verifierXX.c b/util/grub-module-verifierXX.c -index ceb24309ae..a98e2f9b1a 100644 ---- a/util/grub-module-verifierXX.c -+++ b/util/grub-module-verifierXX.c -@@ -1,3 +1,12 @@ -+#define GRUB_MODULE_VERIFIERXX -+#if !defined(MODULEVERIFIER_ELF32) && !defined(MODULEVERIFIER_ELF64) -+#if __SIZEOF_POINTER__ == 8 -+#include "grub-module-verifier64.c" -+#else -+#include "grub-module-verifier32.c" -+#endif -+#endif -+ - #include - - #include diff --git a/SPECS/grub2/fedora/0091-Rework-how-the-fdt-command-builds.patch b/SPECS/grub2/fedora/0091-Rework-how-the-fdt-command-builds.patch deleted file mode 100644 index a374f90e26..0000000000 --- a/SPECS/grub2/fedora/0091-Rework-how-the-fdt-command-builds.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 11 Jul 2019 13:01:41 +0200 -Subject: [PATCH] Rework how the fdt command builds. - -Trying to avoid all variants of: -cat syminfo.lst | sort | gawk -f ../../grub-core/genmoddep.awk > moddep.lst || (rm -f moddep.lst; exit 1) -grub_fdt_install in linux is not defined -grub_fdt_load in linux is not defined -grub_fdt_unload in linux is not defined -grub_fdt_install in xen_boot is not defined -grub_fdt_load in xen_boot is not defined -grub_fdt_unload in xen_boot is not defined - -Signed-off-by: Peter Jones -[javierm: Fix build with platform emu, aarch64, and risc-v] -Signed-off-by: Javier Martinez Canillas -Signed-off-by: Robbie Harwood ---- - grub-core/Makefile.core.def | 5 ++--- - grub-core/lib/fdt.c | 2 -- - grub-core/loader/efi/fdt.c | 2 ++ - include/grub/fdt.h | 6 ++++++ - grub-core/Makefile.am | 1 + - 5 files changed, 11 insertions(+), 5 deletions(-) - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index c40170f2dd..84a3d89de9 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -177,7 +177,6 @@ kernel = { - arm_coreboot = kern/arm/coreboot/init.c; - arm_coreboot = kern/arm/coreboot/timer.c; - arm_coreboot = kern/arm/coreboot/coreboot.S; -- arm_coreboot = lib/fdt.c; - arm_coreboot = bus/fdt.c; - arm_coreboot = term/ps2.c; - arm_coreboot = term/arm/pl050.c; -@@ -351,6 +350,8 @@ kernel = { - riscv64 = kern/riscv/cache_flush.S; - riscv64 = kern/riscv/dl.c; - -+ fdt = lib/fdt.c; -+ - emu = disk/host.c; - emu = kern/emu/cache_s.S; - emu = kern/emu/hostdisk.c; -@@ -1825,7 +1826,6 @@ module = { - riscv32 = loader/riscv/linux.c; - riscv64 = loader/riscv/linux.c; - emu = loader/emu/linux.c; -- fdt = lib/fdt.c; - - common = loader/linux.c; - common = lib/cmdline.c; -@@ -1836,7 +1836,6 @@ module = { - module = { - name = fdt; - efi = loader/efi/fdt.c; -- common = lib/fdt.c; - enable = fdt; - }; - -diff --git a/grub-core/lib/fdt.c b/grub-core/lib/fdt.c -index 0d371c5633..37e04bd69e 100644 ---- a/grub-core/lib/fdt.c -+++ b/grub-core/lib/fdt.c -@@ -21,8 +21,6 @@ - #include - #include - --GRUB_MOD_LICENSE ("GPLv3+"); -- - #define FDT_SUPPORTED_VERSION 17 - - #define FDT_BEGIN_NODE 0x00000001 -diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c -index c86f283d75..c572415d38 100644 ---- a/grub-core/loader/efi/fdt.c -+++ b/grub-core/loader/efi/fdt.c -@@ -27,6 +27,8 @@ - #include - #include - -+GRUB_MOD_LICENSE ("GPLv3+"); -+ - static void *loaded_fdt; - static void *fdt; - -diff --git a/include/grub/fdt.h b/include/grub/fdt.h -index e609c7e411..3514aa4a5b 100644 ---- a/include/grub/fdt.h -+++ b/include/grub/fdt.h -@@ -19,6 +19,9 @@ - #ifndef GRUB_FDT_HEADER - #define GRUB_FDT_HEADER 1 - -+#if !defined(GRUB_MACHINE_EMU) && \ -+ (defined(__arm__) || defined(__aarch64__) || defined(__riscv)) -+ - #include - #include - -@@ -144,4 +147,7 @@ int EXPORT_FUNC(grub_fdt_set_prop) (void *fdt, unsigned int nodeoffset, const ch - grub_fdt_set_prop ((fdt), (nodeoffset), "reg", reg_64, 16); \ - }) - -+#endif /* !defined(GRUB_MACHINE_EMU) && \ -+ (defined(__arm__) || defined(__aarch64__) || defined(__riscv)) */ -+ - #endif /* ! GRUB_FDT_HEADER */ -diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am -index f512573c0d..dd49939aaa 100644 ---- a/grub-core/Makefile.am -+++ b/grub-core/Makefile.am -@@ -76,6 +76,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/sb.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h -+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fdt.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/file.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fs.h - KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i18n.h diff --git a/SPECS/grub2/fedora/0092-Disable-non-wordsize-allocations-on-arm.patch b/SPECS/grub2/fedora/0092-Disable-non-wordsize-allocations-on-arm.patch deleted file mode 100644 index ea09b652e4..0000000000 --- a/SPECS/grub2/fedora/0092-Disable-non-wordsize-allocations-on-arm.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 2 Aug 2018 10:56:38 -0400 -Subject: [PATCH] Disable non-wordsize allocations on arm - -Signed-off-by: Peter Jones ---- - configure.ac | 20 ++++++++++++++++++++ - 1 file changed, 20 insertions(+) - -diff --git a/configure.ac b/configure.ac -index 008f6c273b..54462e0892 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1260,6 +1260,26 @@ if test "x$target_cpu" = xarm; then - done - ]) - -+ AC_CACHE_CHECK([for options to disable movt and movw relocations], -+ grub_cv_target_cc_mword_relocations, -+ [grub_cv_target_cc_mword_relocations=no -+ for cand in "-mword-relocations" ; do -+ if test x"$grub_cv_target_cc_mword_relocations" != xno ; then -+ break -+ fi -+ CFLAGS="$TARGET_CFLAGS $cand -Werror" -+ CPPFLAGS="$TARGET_CPPFLAGS" -+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], -+ [grub_cv_target_cc_mword_relocations="$cand"], -+ []) -+ done -+ ]) -+ if test x"$grub_cv_target_cc_mword_relocations" = xno ; then -+ AC_MSG_ERROR(["your compiler doesn't support disabling movw/movt relocations"]) -+ else -+ TARGET_CFLAGS="$TARGET_CFLAGS $grub_cv_target_cc_mword_relocations" -+ fi -+ - if test x"$grub_cv_target_cc_mno_movt" != xno ; then - # A trick so that clang doesn't see it on link stage - TARGET_CPPFLAGS="$TARGET_CPPFLAGS $grub_cv_target_cc_mno_movt" diff --git a/SPECS/grub2/fedora/0093-Prepend-prefix-when-HTTP-path-is-relative.patch b/SPECS/grub2/fedora/0093-Prepend-prefix-when-HTTP-path-is-relative.patch deleted file mode 100644 index 30d8075369..0000000000 --- a/SPECS/grub2/fedora/0093-Prepend-prefix-when-HTTP-path-is-relative.patch +++ /dev/null @@ -1,152 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Stephen Benjamin -Date: Thu, 16 Aug 2018 16:58:51 -0400 -Subject: [PATCH] Prepend prefix when HTTP path is relative - -This sets a couple of variables. With the url http://www.example.com/foo/bar : -http_path: /foo/bar -http_url: http://www.example.com/foo/bar - -Signed-off-by: Peter Jones -Signed-off-by: Stephen Benjamin -Signed-off-by: Robbie Harwood ---- - grub-core/kern/main.c | 10 +++++- - grub-core/net/efi/http.c | 82 ++++++++++++++++++++++++++++++++++++------------ - 2 files changed, 71 insertions(+), 21 deletions(-) - -diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c -index d1de9fa687..1c540fc8c2 100644 ---- a/grub-core/kern/main.c -+++ b/grub-core/kern/main.c -@@ -131,11 +131,19 @@ grub_set_prefix_and_root (void) - if (fwdevice && fwpath) - { - char *fw_path; -+ char separator[3] = ")"; - -- fw_path = grub_xasprintf ("(%s)/%s", fwdevice, fwpath); -+ grub_dprintf ("fw_path", "\n"); -+ grub_dprintf ("fw_path", "fwdevice:\"%s\" fwpath:\"%s\"\n", fwdevice, fwpath); -+ -+ if (!grub_strncmp(fwdevice, "http", 4) && fwpath[0] != '/') -+ grub_strcpy(separator, ")/"); -+ -+ fw_path = grub_xasprintf ("(%s%s%s", fwdevice, separator, fwpath); - if (fw_path) - { - grub_env_set ("fw_path", fw_path); -+ grub_dprintf ("fw_path", "fw_path:\"%s\"\n", fw_path); - grub_free (fw_path); - } - } -diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c -index 243acbaa35..de351b2cd0 100644 ---- a/grub-core/net/efi/http.c -+++ b/grub-core/net/efi/http.c -@@ -9,10 +9,52 @@ - static void - http_configure (struct grub_efi_net_device *dev, int prefer_ip6) - { -+ grub_efi_ipv6_address_t address; - grub_efi_http_config_data_t http_config; - grub_efi_httpv4_access_point_t httpv4_node; - grub_efi_httpv6_access_point_t httpv6_node; - grub_efi_status_t status; -+ int https; -+ char *http_url; -+ const char *rest, *http_server, *http_path = NULL; -+ -+ http_server = grub_env_get ("root"); -+ https = (grub_strncmp (http_server, "https", 5) == 0) ? 1 : 0; -+ -+ /* extract http server + port */ -+ if (http_server) -+ { -+ http_server = grub_strchr (http_server, ','); -+ if (http_server) -+ http_server++; -+ } -+ -+ /* fw_path is like (http,192.168.1.1:8000)/httpboot, extract path part */ -+ http_path = grub_env_get ("fw_path"); -+ if (http_path) -+ { -+ http_path = grub_strchr (http_path, ')'); -+ if (http_path) -+ { -+ http_path++; -+ grub_env_unset ("http_path"); -+ grub_env_set ("http_path", http_path); -+ } -+ } -+ -+ if (http_server && http_path) -+ { -+ if (grub_efi_string_to_ip6_address (http_server, &address, &rest) && *rest == 0) -+ http_url = grub_xasprintf ("%s://[%s]%s", https ? "https" : "http", http_server, http_path); -+ else -+ http_url = grub_xasprintf ("%s://%s%s", https ? "https" : "http", http_server, http_path); -+ if (http_url) -+ { -+ grub_env_unset ("http_url"); -+ grub_env_set ("http_url", http_url); -+ grub_free (http_url); -+ } -+ } - - grub_efi_http_t *http = dev->http; - -@@ -352,32 +394,32 @@ grub_efihttp_open (struct grub_efi_net_device *dev, - grub_err_t err; - grub_off_t size; - char *buf; -- char *root_url; -- grub_efi_ipv6_address_t address; -- const char *rest; -+ char *file_name = NULL; -+ const char *http_path; - -- if (grub_efi_string_to_ip6_address (file->device->net->server, &address, &rest) && *rest == 0) -- root_url = grub_xasprintf ("%s://[%s]", type ? "https" : "http", file->device->net->server); -- else -- root_url = grub_xasprintf ("%s://%s", type ? "https" : "http", file->device->net->server); -- if (root_url) -- { -- grub_env_unset ("root_url"); -- grub_env_set ("root_url", root_url); -- grub_free (root_url); -- } -- else -- { -+ /* If path is relative, prepend http_path */ -+ http_path = grub_env_get ("http_path"); -+ if (http_path && file->device->net->name[0] != '/') { -+ file_name = grub_xasprintf ("%s/%s", http_path, file->device->net->name); -+ if (!file_name) - return grub_errno; -- } -+ } - -- err = efihttp_request (dev->http, file->device->net->server, file->device->net->name, type, 1, 0); -+ err = efihttp_request (dev->http, file->device->net->server, -+ file_name ? file_name : file->device->net->name, type, 1, 0); - if (err != GRUB_ERR_NONE) -- return err; -+ { -+ grub_free (file_name); -+ return err; -+ } - -- err = efihttp_request (dev->http, file->device->net->server, file->device->net->name, type, 0, &size); -+ err = efihttp_request (dev->http, file->device->net->server, -+ file_name ? file_name : file->device->net->name, type, 0, &size); -+ grub_free (file_name); - if (err != GRUB_ERR_NONE) -- return err; -+ { -+ return err; -+ } - - buf = grub_malloc (size); - efihttp_read (dev, buf, size); diff --git a/SPECS/grub2/fedora/0094-Make-grub_error-more-verbose.patch b/SPECS/grub2/fedora/0094-Make-grub_error-more-verbose.patch deleted file mode 100644 index 306a3d367f..0000000000 --- a/SPECS/grub2/fedora/0094-Make-grub_error-more-verbose.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 27 Aug 2018 13:14:06 -0400 -Subject: [PATCH] Make grub_error() more verbose - -Signed-off-by: Peter Jones ---- - grub-core/kern/err.c | 13 +++++++++++-- - include/grub/err.h | 8 ++++++-- - 2 files changed, 17 insertions(+), 4 deletions(-) - -diff --git a/grub-core/kern/err.c b/grub-core/kern/err.c -index 53c734de70..aebfe0cf83 100644 ---- a/grub-core/kern/err.c -+++ b/grub-core/kern/err.c -@@ -33,15 +33,24 @@ static struct grub_error_saved grub_error_stack_items[GRUB_ERROR_STACK_SIZE]; - static int grub_error_stack_pos; - static int grub_error_stack_assert; - -+#ifdef grub_error -+#undef grub_error -+#endif -+ - grub_err_t --grub_error (grub_err_t n, const char *fmt, ...) -+grub_error (grub_err_t n, const char *file, const int line, const char *fmt, ...) - { - va_list ap; -+ int m; - - grub_errno = n; - -+ m = grub_snprintf (grub_errmsg, sizeof (grub_errmsg), "%s:%d:", file, line); -+ if (m < 0) -+ m = 0; -+ - va_start (ap, fmt); -- grub_vsnprintf (grub_errmsg, sizeof (grub_errmsg), _(fmt), ap); -+ grub_vsnprintf (grub_errmsg + m, sizeof (grub_errmsg) - m, _(fmt), ap); - va_end (ap); - - return n; -diff --git a/include/grub/err.h b/include/grub/err.h -index b08d5d0de4..c0f90ef07c 100644 ---- a/include/grub/err.h -+++ b/include/grub/err.h -@@ -85,8 +85,12 @@ struct grub_error_saved - extern grub_err_t EXPORT_VAR(grub_errno); - extern char EXPORT_VAR(grub_errmsg)[GRUB_MAX_ERRMSG]; - --grub_err_t EXPORT_FUNC(grub_error) (grub_err_t n, const char *fmt, ...) -- __attribute__ ((format (GNU_PRINTF, 2, 3))); -+grub_err_t EXPORT_FUNC(grub_error) (grub_err_t n, const char *file, const int line, const char *fmt, ...) -+ __attribute__ ((format (GNU_PRINTF, 4, 5))); -+ -+#define grub_error(n, fmt, ...) grub_error (n, __FILE__, __LINE__, fmt, ##__VA_ARGS__) -+ -+ - void EXPORT_FUNC(grub_fatal) (const char *fmt, ...) __attribute__ ((noreturn)); - void EXPORT_FUNC(grub_error_push) (void); - int EXPORT_FUNC(grub_error_pop) (void); diff --git a/SPECS/grub2/fedora/0095-Make-reset-an-alias-for-the-reboot-command.patch b/SPECS/grub2/fedora/0095-Make-reset-an-alias-for-the-reboot-command.patch deleted file mode 100644 index 22475d65e2..0000000000 --- a/SPECS/grub2/fedora/0095-Make-reset-an-alias-for-the-reboot-command.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 31 Aug 2018 16:42:03 -0400 -Subject: [PATCH] Make "reset" an alias for the "reboot" command. - -I'm really tired of half the tools I get to use having one and the other half -having the other. - -Signed-off-by: Peter Jones ---- - grub-core/commands/reboot.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/grub-core/commands/reboot.c b/grub-core/commands/reboot.c -index 46d364c99a..f5cc228363 100644 ---- a/grub-core/commands/reboot.c -+++ b/grub-core/commands/reboot.c -@@ -32,15 +32,18 @@ grub_cmd_reboot (grub_command_t cmd __attribute__ ((unused)), - grub_reboot (); - } - --static grub_command_t cmd; -+static grub_command_t reboot_cmd, reset_cmd; - - GRUB_MOD_INIT(reboot) - { -- cmd = grub_register_command ("reboot", grub_cmd_reboot, -- 0, N_("Reboot the computer.")); -+ reboot_cmd = grub_register_command ("reboot", grub_cmd_reboot, -+ 0, N_("Reboot the computer.")); -+ reset_cmd = grub_register_command ("reset", grub_cmd_reboot, -+ 0, N_("Reboot the computer.")); - } - - GRUB_MOD_FINI(reboot) - { -- grub_unregister_command (cmd); -+ grub_unregister_command (reboot_cmd); -+ grub_unregister_command (reset_cmd); - } diff --git a/SPECS/grub2/fedora/0097-Add-more-dprintf-and-nerf-dprintf-in-script.c.patch b/SPECS/grub2/fedora/0097-Add-more-dprintf-and-nerf-dprintf-in-script.c.patch deleted file mode 100644 index 72c8d30447..0000000000 --- a/SPECS/grub2/fedora/0097-Add-more-dprintf-and-nerf-dprintf-in-script.c.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 11 Sep 2018 15:58:29 -0400 -Subject: [PATCH] Add more dprintf, and nerf dprintf in script.c - -Signed-off-by: Peter Jones ---- - grub-core/disk/diskfilter.c | 3 +++ - grub-core/disk/efi/efidisk.c | 1 + - grub-core/kern/device.c | 1 + - grub-core/script/script.c | 5 +++++ - 4 files changed, 10 insertions(+) - -diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c -index 0320115662..7cdffe3ebd 100644 ---- a/grub-core/disk/diskfilter.c -+++ b/grub-core/disk/diskfilter.c -@@ -188,6 +188,8 @@ scan_disk (const char *name, int accept_diskfilter) - grub_disk_t disk; - static int scan_depth = 0; - -+ grub_dprintf ("diskfilter", "scanning %s\n", name); -+ - if (!accept_diskfilter && is_valid_diskfilter_name (name)) - return 0; - -@@ -1212,6 +1214,7 @@ insert_array (grub_disk_t disk, const struct grub_diskfilter_pv_id *id, - the same. */ - if (pv->disk && grub_disk_native_sectors (disk) >= pv->part_size) - return GRUB_ERR_NONE; -+ grub_dprintf ("diskfilter", "checking %s\n", disk->name); - pv->disk = grub_disk_open (disk->name); - if (!pv->disk) - return grub_errno; -diff --git a/grub-core/disk/efi/efidisk.c b/grub-core/disk/efi/efidisk.c -index f077b5f553..fe8ba6e6c9 100644 ---- a/grub-core/disk/efi/efidisk.c -+++ b/grub-core/disk/efi/efidisk.c -@@ -855,6 +855,7 @@ grub_efidisk_get_device_name (grub_efi_handle_t *handle) - return 0; - } - -+ grub_dprintf ("efidisk", "getting disk for %s\n", device_name); - parent = grub_disk_open (device_name); - grub_free (dup_dp); - -diff --git a/grub-core/kern/device.c b/grub-core/kern/device.c -index 73b8ecc0c0..f58b58c89d 100644 ---- a/grub-core/kern/device.c -+++ b/grub-core/kern/device.c -@@ -34,6 +34,7 @@ grub_device_open (const char *name) - { - grub_device_t dev = 0; - -+ grub_dprintf ("device", "opening device %s\n", name); - if (! name) - { - name = grub_env_get ("root"); -diff --git a/grub-core/script/script.c b/grub-core/script/script.c -index ec4d4337c6..844e8343ca 100644 ---- a/grub-core/script/script.c -+++ b/grub-core/script/script.c -@@ -22,6 +22,11 @@ - #include - #include - -+#ifdef grub_dprintf -+#undef grub_dprintf -+#endif -+#define grub_dprintf(no, fmt, ...) -+ - /* It is not possible to deallocate the memory when a syntax error was - found. Because of that it is required to keep track of all memory - allocations. The memory is freed in case of an error, or assigned diff --git a/SPECS/grub2/fedora/0098-arm-arm64-loader-Better-memory-allocation-and-error-.patch b/SPECS/grub2/fedora/0098-arm-arm64-loader-Better-memory-allocation-and-error-.patch deleted file mode 100644 index 57d937cd18..0000000000 --- a/SPECS/grub2/fedora/0098-arm-arm64-loader-Better-memory-allocation-and-error-.patch +++ /dev/null @@ -1,279 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 11 Jul 2019 14:38:57 +0200 -Subject: [PATCH] arm/arm64 loader: Better memory allocation and error - messages. - -On mustang, our memory map looks like: - -Type Physical start - end #Pages Size Attributes -reserved 0000004000000000-00000040001fffff 00000200 2MiB UC WC WT WB -conv-mem 0000004000200000-0000004393ffffff 00393e00 14654MiB UC WC WT WB -ldr-code 0000004394000000-00000043f7ffffff 00064000 1600MiB UC WC WT WB -BS-data 00000043f8000000-00000043f801ffff 00000020 128KiB UC WC WT WB -conv-mem 00000043f8020000-00000043fa15bfff 0000213c 34032KiB UC WC WT WB -ldr-code 00000043fa15c000-00000043fa2a1fff 00000146 1304KiB UC WC WT WB -ldr-data 00000043fa2a2000-00000043fa3e8fff 00000147 1308KiB UC WC WT WB -conv-mem 00000043fa3e9000-00000043fa3e9fff 00000001 4KiB UC WC WT WB -ldr-data 00000043fa3ea000-00000043fa3eafff 00000001 4KiB UC WC WT WB -ldr-code 00000043fa3eb000-00000043fa4affff 000000c5 788KiB UC WC WT WB -BS-code 00000043fa4b0000-00000043fa59ffff 000000f0 960KiB UC WC WT WB -RT-code 00000043fa5a0000-00000043fa5affff 00000010 64KiB RT UC WC WT WB -RT-data 00000043fa5b0000-00000043fa5bffff 00000010 64KiB RT UC WC WT WB -RT-code 00000043fa5c0000-00000043fa5cffff 00000010 64KiB RT UC WC WT WB -ldr-data 00000043fa5d0000-00000043fa5d0fff 00000001 4KiB UC WC WT WB -BS-code 00000043fa5d1000-00000043fa5ddfff 0000000d 52KiB UC WC WT WB -reserved 00000043fa5de000-00000043fa60ffff 00000032 200KiB UC WC WT WB -ACPI-rec 00000043fa610000-00000043fa6affff 000000a0 640KiB UC WC WT WB -ACPI-nvs 00000043fa6b0000-00000043fa6bffff 00000010 64KiB UC WC WT WB -ACPI-rec 00000043fa6c0000-00000043fa70ffff 00000050 320KiB UC WC WT WB -RT-code 00000043fa710000-00000043fa72ffff 00000020 128KiB RT UC WC WT WB -RT-data 00000043fa730000-00000043fa78ffff 00000060 384KiB RT UC WC WT WB -RT-code 00000043fa790000-00000043fa79ffff 00000010 64KiB RT UC WC WT WB -RT-data 00000043fa7a0000-00000043fa99ffff 00000200 2MiB RT UC WC WT WB -RT-code 00000043fa9a0000-00000043fa9affff 00000010 64KiB RT UC WC WT WB -RT-data 00000043fa9b0000-00000043fa9cffff 00000020 128KiB RT UC WC WT WB -BS-code 00000043fa9d0000-00000043fa9d9fff 0000000a 40KiB UC WC WT WB -reserved 00000043fa9da000-00000043fa9dbfff 00000002 8KiB UC WC WT WB -conv-mem 00000043fa9dc000-00000043fc29dfff 000018c2 25352KiB UC WC WT WB -BS-data 00000043fc29e000-00000043fc78afff 000004ed 5044KiB UC WC WT WB -conv-mem 00000043fc78b000-00000043fca01fff 00000277 2524KiB UC WC WT WB -BS-data 00000043fca02000-00000043fcea3fff 000004a2 4744KiB UC WC WT WB -conv-mem 00000043fcea4000-00000043fcea4fff 00000001 4KiB UC WC WT WB -BS-data 00000043fcea5000-00000043fd192fff 000002ee 3000KiB UC WC WT WB -conv-mem 00000043fd193000-00000043fd2b0fff 0000011e 1144KiB UC WC WT WB -BS-data 00000043fd2b1000-00000043ff80ffff 0000255f 38268KiB UC WC WT WB -BS-code 00000043ff810000-00000043ff99ffff 00000190 1600KiB UC WC WT WB -RT-code 00000043ff9a0000-00000043ff9affff 00000010 64KiB RT UC WC WT WB -conv-mem 00000043ff9b0000-00000043ff9bffff 00000010 64KiB UC WC WT WB -RT-data 00000043ff9c0000-00000043ff9effff 00000030 192KiB RT UC WC WT WB -conv-mem 00000043ff9f0000-00000043ffa05fff 00000016 88KiB UC WC WT WB -BS-data 00000043ffa06000-00000043ffffffff 000005fa 6120KiB UC WC WT WB -MMIO 0000000010510000-0000000010510fff 00000001 4KiB RT -MMIO 0000000010548000-0000000010549fff 00000002 8KiB RT -MMIO 0000000017000000-0000000017001fff 00000002 8KiB RT -MMIO 000000001c025000-000000001c025fff 00000001 4KiB RT - -This patch adds a requirement when we're trying to find the base of ram, that -the memory we choose is actually /allocatable/ conventional memory, not merely -write-combining. On this machine that means we wind up with an allocation -around 0x4392XXXXXX, which is a reasonable address. - -This also changes grub_efi_allocate_pages_real() so that if 0 is allocated, it -tries to allocate again starting with the same max address it did the first -time, rather than interposing GRUB_EFI_MAX_USABLE_ADDRESS there, so that any -per-platform constraints on its given address are maintained. - -Signed-off-by: Peter Jones ---- - grub-core/kern/efi/mm.c | 33 +++++++++++++++----- - grub-core/loader/arm64/linux.c | 68 +++++++++++++++++++++++++++++++----------- - 2 files changed, 76 insertions(+), 25 deletions(-) - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index f6aef0ef64..85ad4b4494 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -154,6 +154,7 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, - { - grub_efi_status_t status; - grub_efi_boot_services_t *b; -+ grub_efi_physical_address_t ret = address; - - /* Limit the memory access to less than 4GB for 32-bit platforms. */ - if (address > GRUB_EFI_MAX_USABLE_ADDRESS) -@@ -170,19 +171,22 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, - } - - b = grub_efi_system_table->boot_services; -- status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); -+ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &ret); - if (status != GRUB_EFI_SUCCESS) - { -+ grub_dprintf ("efi", -+ "allocate_pages(%d, %d, 0x%0lx, 0x%016lx) = 0x%016lx\n", -+ alloctype, memtype, pages, address, status); - grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); - return NULL; - } - -- if (address == 0) -+ if (ret == 0) - { - /* Uggh, the address 0 was allocated... This is too annoying, - so reallocate another one. */ -- address = GRUB_EFI_MAX_USABLE_ADDRESS; -- status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &address); -+ ret = address; -+ status = efi_call_4 (b->allocate_pages, alloctype, memtype, pages, &ret); - grub_efi_free_pages (0, pages); - if (status != GRUB_EFI_SUCCESS) - { -@@ -191,9 +195,9 @@ grub_efi_allocate_pages_real (grub_efi_physical_address_t address, - } - } - -- grub_efi_store_alloc (address, pages); -+ grub_efi_store_alloc (ret, pages); - -- return (void *) ((grub_addr_t) address); -+ return (void *) ((grub_addr_t) ret); - } - - void * -@@ -713,8 +717,21 @@ grub_efi_get_ram_base(grub_addr_t *base_addr) - for (desc = memory_map, *base_addr = GRUB_EFI_MAX_USABLE_ADDRESS; - (grub_addr_t) desc < ((grub_addr_t) memory_map + memory_map_size); - desc = NEXT_MEMORY_DESCRIPTOR (desc, desc_size)) -- if (desc->attribute & GRUB_EFI_MEMORY_WB) -- *base_addr = grub_min (*base_addr, desc->physical_start); -+ { -+ if (desc->type == GRUB_EFI_CONVENTIONAL_MEMORY && -+ (desc->attribute & GRUB_EFI_MEMORY_WB)) -+ { -+ *base_addr = grub_min (*base_addr, desc->physical_start); -+ grub_dprintf ("efi", "setting base_addr=0x%016lx\n", *base_addr); -+ } -+ else -+ { -+ grub_dprintf ("efi", "ignoring address 0x%016lx\n", desc->physical_start); -+ } -+ } -+ -+ if (*base_addr == GRUB_EFI_MAX_USABLE_ADDRESS) -+ grub_dprintf ("efi", "base_addr 0x%016lx is probably wrong.\n", *base_addr); - - grub_free(memory_map); - -diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index 04994d5c67..70a0075ec5 100644 ---- a/grub-core/loader/arm64/linux.c -+++ b/grub-core/loader/arm64/linux.c -@@ -71,20 +71,25 @@ finalize_params_linux (void) - { - grub_efi_loaded_image_t *loaded_image = NULL; - int node, retval, len; -- -+ grub_err_t err = GRUB_ERR_NONE; - void *fdt; - - fdt = grub_fdt_load (GRUB_EFI_LINUX_FDT_EXTRA_SPACE); -- - if (!fdt) -- goto failure; -+ { -+ err = grub_error(GRUB_ERR_BAD_OS, "failed to load FDT"); -+ goto failure; -+ } - - node = grub_fdt_find_subnode (fdt, 0, "chosen"); - if (node < 0) - node = grub_fdt_add_subnode (fdt, 0, "chosen"); - - if (node < 1) -- goto failure; -+ { -+ err = grub_error(grub_errno, "failed to load chosen fdt node."); -+ goto failure; -+ } - - /* Set initrd info */ - if (initrd_start && initrd_end > initrd_start) -@@ -95,15 +100,26 @@ finalize_params_linux (void) - retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-start", - initrd_start); - if (retval) -- goto failure; -+ { -+ err = grub_error(retval, "Failed to set linux,initrd-start property"); -+ goto failure; -+ } -+ - retval = grub_fdt_set_prop64 (fdt, node, "linux,initrd-end", - initrd_end); - if (retval) -- goto failure; -+ { -+ err = grub_error(retval, "Failed to set linux,initrd-end property"); -+ goto failure; -+ } - } - -- if (grub_fdt_install() != GRUB_ERR_NONE) -- goto failure; -+ retval = grub_fdt_install(); -+ if (retval != GRUB_ERR_NONE) -+ { -+ err = grub_error(retval, "Failed to install fdt"); -+ goto failure; -+ } - - grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n", - fdt); -@@ -111,14 +127,20 @@ finalize_params_linux (void) - /* Convert command line to UCS-2 */ - loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); - if (!loaded_image) -- goto failure; -+ { -+ err = grub_error(grub_errno, "Failed to install fdt"); -+ goto failure; -+ } - - loaded_image->load_options_size = len = - (grub_strlen (linux_args) + 1) * sizeof (grub_efi_char16_t); - loaded_image->load_options = - grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); - if (!loaded_image->load_options) -- return grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters"); -+ { -+ err = grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters"); -+ goto failure; -+ } - - loaded_image->load_options_size = - 2 * grub_utf8_to_utf16 (loaded_image->load_options, len, -@@ -128,7 +150,7 @@ finalize_params_linux (void) - - failure: - grub_fdt_unload(); -- return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT"); -+ return err; - } - - static void -@@ -212,16 +234,28 @@ grub_linux_unload (void) - static void * - allocate_initrd_mem (int initrd_pages) - { -- grub_addr_t max_addr; -+ grub_addr_t max_addr = 0; -+ grub_err_t err; -+ void *ret; - -- if (grub_efi_get_ram_base (&max_addr) != GRUB_ERR_NONE) -- return NULL; -+ err = grub_efi_get_ram_base (&max_addr); -+ if (err != GRUB_ERR_NONE) -+ { -+ grub_error (err, "grub_efi_get_ram_base() failed"); -+ return NULL; -+ } -+ -+ grub_dprintf ("linux", "max_addr: 0x%016lx, INITRD_MAX_ADDRESS_OFFSET: 0x%016llx\n", -+ max_addr, INITRD_MAX_ADDRESS_OFFSET); - - max_addr += INITRD_MAX_ADDRESS_OFFSET - 1; -+ grub_dprintf ("linux", "calling grub_efi_allocate_pages_real (0x%016lx, 0x%08x, EFI_ALLOCATE_MAX_ADDRESS, EFI_LOADER_DATA)", max_addr, initrd_pages); - -- return grub_efi_allocate_pages_real (max_addr, initrd_pages, -- GRUB_EFI_ALLOCATE_MAX_ADDRESS, -- GRUB_EFI_LOADER_DATA); -+ ret = grub_efi_allocate_pages_real (max_addr, initrd_pages, -+ GRUB_EFI_ALLOCATE_MAX_ADDRESS, -+ GRUB_EFI_LOADER_DATA); -+ grub_dprintf ("linux", "got 0x%016llx\n", (unsigned long long)ret); -+ return ret; - } - - static grub_err_t diff --git a/SPECS/grub2/fedora/0099-Try-to-pick-better-locations-for-kernel-and-initrd.patch b/SPECS/grub2/fedora/0099-Try-to-pick-better-locations-for-kernel-and-initrd.patch deleted file mode 100644 index 4f42ea5487..0000000000 --- a/SPECS/grub2/fedora/0099-Try-to-pick-better-locations-for-kernel-and-initrd.patch +++ /dev/null @@ -1,211 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 11 Jul 2019 17:17:02 +0200 -Subject: [PATCH] Try to pick better locations for kernel and initrd - -- Don't limit allocations on 64-bit platforms to < 0x[37f]fffffff if - we're using the "large" code model ; use __UINTPTR_MAX__. -- Get the comparison right to check the address we've allocated. -- Fix the allocation for the command line as well. - -*But*, when we did this some systems started failing badly; coudln't -parse partition tables, etc. What's going on here is the disk controller -is silently failing DMAs to addresses above 4GB, so we're trying to parse -uninitialized (or HW zeroed) ram when looking for the partition table, -etc. - -So to limit this, we make grub_malloc() pick addresses below 4GB on -x86_64, but the direct EFI page allocation functions can get addresses -above that. - -Additionally, we now try to locate kernel+initrd+cmdline+etc below -0x7fffffff, and if they're too big to fit any memory window there, then -we try a higher address. - -Signed-off-by: Peter Jones -[david.abdurachmanov: fix macro for riscv64] -Signed-off-by: David Abdurachmanov -Signed-off-by: Robbie Harwood ---- - grub-core/kern/efi/mm.c | 8 ++++---- - grub-core/loader/i386/efi/linux.c | 24 +++++++++++++++++------- - include/grub/arm/efi/memory.h | 1 + - include/grub/arm64/efi/memory.h | 1 + - include/grub/i386/efi/memory.h | 1 + - include/grub/ia64/efi/memory.h | 1 + - include/grub/riscv64/efi/memory.h | 1 + - include/grub/x86_64/efi/memory.h | 4 +++- - 8 files changed, 29 insertions(+), 12 deletions(-) - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 85ad4b4494..e84961d078 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -122,7 +122,7 @@ grub_efi_allocate_pages_max (grub_efi_physical_address_t max, - grub_efi_boot_services_t *b; - grub_efi_physical_address_t address = max; - -- if (max > 0xffffffff) -+ if (max > GRUB_EFI_MAX_USABLE_ADDRESS) - return 0; - - b = grub_efi_system_table->boot_services; -@@ -480,7 +480,7 @@ filter_memory_map (grub_efi_memory_descriptor_t *memory_map, - { - if (desc->type == GRUB_EFI_CONVENTIONAL_MEMORY - #if 1 -- && desc->physical_start <= GRUB_EFI_MAX_USABLE_ADDRESS -+ && desc->physical_start <= GRUB_EFI_MAX_ALLOCATION_ADDRESS - #endif - && desc->physical_start + PAGES_TO_BYTES (desc->num_pages) > 0x100000 - && desc->num_pages != 0) -@@ -498,9 +498,9 @@ filter_memory_map (grub_efi_memory_descriptor_t *memory_map, - #if 1 - if (BYTES_TO_PAGES (filtered_desc->physical_start) - + filtered_desc->num_pages -- > BYTES_TO_PAGES_DOWN (GRUB_EFI_MAX_USABLE_ADDRESS)) -+ > BYTES_TO_PAGES_DOWN (GRUB_EFI_MAX_ALLOCATION_ADDRESS)) - filtered_desc->num_pages -- = (BYTES_TO_PAGES_DOWN (GRUB_EFI_MAX_USABLE_ADDRESS) -+ = (BYTES_TO_PAGES_DOWN (GRUB_EFI_MAX_ALLOCATION_ADDRESS) - - BYTES_TO_PAGES (filtered_desc->physical_start)); - #endif - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 3017d0f3e5..33e981e76e 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -27,6 +27,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -106,7 +107,9 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - size += ALIGN_UP (grub_file_size (files[i]), 4); - } - -- initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size)); -+ initrd_mem = grub_efi_allocate_pages_max (GRUB_EFI_MAX_ALLOCATION_ADDRESS, BYTES_TO_PAGES(size)); -+ if (!initrd_mem) -+ initrd_mem = grub_efi_allocate_pages_max (GRUB_EFI_MAX_USABLE_ADDRESS, BYTES_TO_PAGES(size)); - if (!initrd_mem) - { - grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate initrd")); -@@ -202,8 +205,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -- params = grub_efi_allocate_pages_max (0x3fffffff, -+ params = grub_efi_allocate_pages_max (GRUB_EFI_MAX_ALLOCATION_ADDRESS, - BYTES_TO_PAGES(sizeof(*params))); -+ if (!params) -+ params = grub_efi_allocate_pages_max (GRUB_EFI_MAX_USABLE_ADDRESS, -+ BYTES_TO_PAGES(sizeof(*params))); - if (! params) - { - grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate kernel parameters"); -@@ -273,8 +279,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - #endif - - grub_dprintf ("linux", "setting up cmdline\n"); -- linux_cmdline = grub_efi_allocate_pages_max(0x3fffffff, -- BYTES_TO_PAGES(lh->cmdline_size + 1)); -+ linux_cmdline = grub_efi_allocate_pages_max(GRUB_EFI_MAX_ALLOCATION_ADDRESS, -+ BYTES_TO_PAGES(lh->cmdline_size + 1)); -+ if (!linux_cmdline) -+ linux_cmdline = grub_efi_allocate_pages_max(GRUB_EFI_MAX_USABLE_ADDRESS, -+ BYTES_TO_PAGES(lh->cmdline_size + 1)); - if (!linux_cmdline) - { - grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate cmdline")); -@@ -301,11 +310,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - - kernel_mem = grub_efi_allocate_pages_max(lh->pref_address, - BYTES_TO_PAGES(lh->init_size)); -- - if (!kernel_mem) -- kernel_mem = grub_efi_allocate_pages_max(0x3fffffff, -+ kernel_mem = grub_efi_allocate_pages_max(GRUB_EFI_MAX_ALLOCATION_ADDRESS, -+ BYTES_TO_PAGES(lh->init_size)); -+ if (!kernel_mem) -+ kernel_mem = grub_efi_allocate_pages_max(GRUB_EFI_MAX_USABLE_ADDRESS, - BYTES_TO_PAGES(lh->init_size)); -- - if (!kernel_mem) - { - grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate kernel")); -diff --git a/include/grub/arm/efi/memory.h b/include/grub/arm/efi/memory.h -index 2c64918e3f..a4c2ec8350 100644 ---- a/include/grub/arm/efi/memory.h -+++ b/include/grub/arm/efi/memory.h -@@ -2,5 +2,6 @@ - #include - - #define GRUB_EFI_MAX_USABLE_ADDRESS 0xffffffff -+#define GRUB_EFI_MAX_ALLOCATION_ADDRESS GRUB_EFI_MAX_USABLE_ADDRESS - - #endif /* ! GRUB_MEMORY_CPU_HEADER */ -diff --git a/include/grub/arm64/efi/memory.h b/include/grub/arm64/efi/memory.h -index c6cb324171..acb61dca44 100644 ---- a/include/grub/arm64/efi/memory.h -+++ b/include/grub/arm64/efi/memory.h -@@ -2,5 +2,6 @@ - #include - - #define GRUB_EFI_MAX_USABLE_ADDRESS 0xffffffffffffULL -+#define GRUB_EFI_MAX_ALLOCATION_ADDRESS GRUB_EFI_MAX_USABLE_ADDRESS - - #endif /* ! GRUB_MEMORY_CPU_HEADER */ -diff --git a/include/grub/i386/efi/memory.h b/include/grub/i386/efi/memory.h -index 2c64918e3f..a4c2ec8350 100644 ---- a/include/grub/i386/efi/memory.h -+++ b/include/grub/i386/efi/memory.h -@@ -2,5 +2,6 @@ - #include - - #define GRUB_EFI_MAX_USABLE_ADDRESS 0xffffffff -+#define GRUB_EFI_MAX_ALLOCATION_ADDRESS GRUB_EFI_MAX_USABLE_ADDRESS - - #endif /* ! GRUB_MEMORY_CPU_HEADER */ -diff --git a/include/grub/ia64/efi/memory.h b/include/grub/ia64/efi/memory.h -index 2c64918e3f..a4c2ec8350 100644 ---- a/include/grub/ia64/efi/memory.h -+++ b/include/grub/ia64/efi/memory.h -@@ -2,5 +2,6 @@ - #include - - #define GRUB_EFI_MAX_USABLE_ADDRESS 0xffffffff -+#define GRUB_EFI_MAX_ALLOCATION_ADDRESS GRUB_EFI_MAX_USABLE_ADDRESS - - #endif /* ! GRUB_MEMORY_CPU_HEADER */ -diff --git a/include/grub/riscv64/efi/memory.h b/include/grub/riscv64/efi/memory.h -index c6cb324171..acb61dca44 100644 ---- a/include/grub/riscv64/efi/memory.h -+++ b/include/grub/riscv64/efi/memory.h -@@ -2,5 +2,6 @@ - #include - - #define GRUB_EFI_MAX_USABLE_ADDRESS 0xffffffffffffULL -+#define GRUB_EFI_MAX_ALLOCATION_ADDRESS GRUB_EFI_MAX_USABLE_ADDRESS - - #endif /* ! GRUB_MEMORY_CPU_HEADER */ -diff --git a/include/grub/x86_64/efi/memory.h b/include/grub/x86_64/efi/memory.h -index 46e9145a30..e81cfb3221 100644 ---- a/include/grub/x86_64/efi/memory.h -+++ b/include/grub/x86_64/efi/memory.h -@@ -2,9 +2,11 @@ - #include - - #if defined (__code_model_large__) --#define GRUB_EFI_MAX_USABLE_ADDRESS 0xffffffff -+#define GRUB_EFI_MAX_USABLE_ADDRESS __UINTPTR_MAX__ -+#define GRUB_EFI_MAX_ALLOCATION_ADDRESS 0x7fffffff - #else - #define GRUB_EFI_MAX_USABLE_ADDRESS 0x7fffffff -+#define GRUB_EFI_MAX_ALLOCATION_ADDRESS GRUB_EFI_MAX_USABLE_ADDRESS - #endif - - #endif /* ! GRUB_MEMORY_CPU_HEADER */ diff --git a/SPECS/grub2/fedora/0100-Attempt-to-fix-up-all-the-places-Wsign-compare-error.patch b/SPECS/grub2/fedora/0100-Attempt-to-fix-up-all-the-places-Wsign-compare-error.patch deleted file mode 100644 index e94df4e71b..0000000000 --- a/SPECS/grub2/fedora/0100-Attempt-to-fix-up-all-the-places-Wsign-compare-error.patch +++ /dev/null @@ -1,199 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 11 Jul 2019 18:03:25 +0200 -Subject: [PATCH] Attempt to fix up all the places -Wsign-compare=error finds. - -Signed-off-by: Peter Jones ---- - grub-core/kern/emu/misc.c | 2 +- - grub-core/lib/reed_solomon.c | 4 ++-- - grub-core/osdep/linux/blocklist.c | 2 +- - grub-core/osdep/linux/getroot.c | 2 +- - grub-core/osdep/linux/hostdisk.c | 2 +- - util/grub-fstest.c | 2 +- - util/grub-menulst2cfg.c | 2 +- - util/grub-mkfont.c | 13 +++++++------ - util/grub-probe.c | 2 +- - util/setup.c | 2 +- - 10 files changed, 17 insertions(+), 16 deletions(-) - -diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c -index eeea092752..f08a1bb841 100644 ---- a/grub-core/kern/emu/misc.c -+++ b/grub-core/kern/emu/misc.c -@@ -189,7 +189,7 @@ grub_util_get_image_size (const char *path) - sz = ftello (f); - if (sz < 0) - grub_util_error (_("cannot open `%s': %s"), path, strerror (errno)); -- if (sz != (size_t) sz) -+ if (sz > (off_t)(GRUB_SIZE_MAX >> 1)) - grub_util_error (_("file `%s' is too big"), path); - ret = (size_t) sz; - -diff --git a/grub-core/lib/reed_solomon.c b/grub-core/lib/reed_solomon.c -index 467305b46a..79037c093f 100644 ---- a/grub-core/lib/reed_solomon.c -+++ b/grub-core/lib/reed_solomon.c -@@ -157,7 +157,7 @@ static void - rs_encode (gf_single_t *data, grub_size_t s, grub_size_t rs) - { - gf_single_t *rs_polynomial; -- int i, j; -+ unsigned int i, j; - gf_single_t *m; - m = xcalloc (s + rs, sizeof (gf_single_t)); - grub_memcpy (m, data, s * sizeof (gf_single_t)); -@@ -324,7 +324,7 @@ static void - encode_block (gf_single_t *ptr, grub_size_t s, - gf_single_t *rptr, grub_size_t rs) - { -- int i, j; -+ unsigned int i, j; - for (i = 0; i < SECTOR_SIZE; i++) - { - grub_size_t ds = (s + SECTOR_SIZE - 1 - i) / SECTOR_SIZE; -diff --git a/grub-core/osdep/linux/blocklist.c b/grub-core/osdep/linux/blocklist.c -index c77d6085cc..42a315031f 100644 ---- a/grub-core/osdep/linux/blocklist.c -+++ b/grub-core/osdep/linux/blocklist.c -@@ -109,7 +109,7 @@ grub_install_get_blocklist (grub_device_t root_dev, - else - { - struct fiemap *fie2; -- int i; -+ unsigned int i; - fie2 = xmalloc (sizeof (*fie2) - + fie1.fm_mapped_extents - * sizeof (fie1.fm_extents[1])); -diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c -index 28790307e0..9f730b3518 100644 ---- a/grub-core/osdep/linux/getroot.c -+++ b/grub-core/osdep/linux/getroot.c -@@ -236,7 +236,7 @@ grub_find_root_devices_from_btrfs (const char *dir) - { - int fd; - struct btrfs_ioctl_fs_info_args fsi; -- int i, j = 0; -+ unsigned int i, j = 0; - char **ret; - - fd = open (dir, 0); -diff --git a/grub-core/osdep/linux/hostdisk.c b/grub-core/osdep/linux/hostdisk.c -index da62f924e3..7bc99ac1c1 100644 ---- a/grub-core/osdep/linux/hostdisk.c -+++ b/grub-core/osdep/linux/hostdisk.c -@@ -83,7 +83,7 @@ grub_util_get_fd_size_os (grub_util_fd_t fd, const char *name, unsigned *log_sec - if (sector_size & (sector_size - 1) || !sector_size) - return -1; - for (log_sector_size = 0; -- (1 << log_sector_size) < sector_size; -+ (1U << log_sector_size) < sector_size; - log_sector_size++); - - if (log_secsize) -diff --git a/util/grub-fstest.c b/util/grub-fstest.c -index 8386564200..bfcef852d8 100644 ---- a/util/grub-fstest.c -+++ b/util/grub-fstest.c -@@ -323,7 +323,7 @@ cmd_cmp (char *src, char *dest) - read_file (src, cmp_hook, ff); - - { -- grub_uint64_t pre; -+ long long pre; - pre = ftell (ff); - fseek (ff, 0, SEEK_END); - if (pre != ftell (ff)) -diff --git a/util/grub-menulst2cfg.c b/util/grub-menulst2cfg.c -index a39f869394..358d604210 100644 ---- a/util/grub-menulst2cfg.c -+++ b/util/grub-menulst2cfg.c -@@ -34,7 +34,7 @@ main (int argc, char **argv) - char *buf = NULL; - size_t bufsize = 0; - char *suffix = xstrdup (""); -- int suffixlen = 0; -+ size_t suffixlen = 0; - const char *out_fname = 0; - - grub_util_host_init (&argc, &argv); -diff --git a/util/grub-mkfont.c b/util/grub-mkfont.c -index 0fe45a6103..3e09240b99 100644 ---- a/util/grub-mkfont.c -+++ b/util/grub-mkfont.c -@@ -138,7 +138,8 @@ add_glyph (struct grub_font_info *font_info, FT_UInt glyph_idx, FT_Face face, - int width, height; - int cuttop, cutbottom, cutleft, cutright; - grub_uint8_t *data; -- int mask, i, j, bitmap_size; -+ int mask, i, bitmap_size; -+ unsigned int j; - FT_GlyphSlot glyph; - int flag = FT_LOAD_RENDER | FT_LOAD_MONOCHROME; - FT_Error err; -@@ -183,7 +184,7 @@ add_glyph (struct grub_font_info *font_info, FT_UInt glyph_idx, FT_Face face, - cuttop = cutbottom = cutleft = cutright = 0; - else - { -- for (cuttop = 0; cuttop < glyph->bitmap.rows; cuttop++) -+ for (cuttop = 0; cuttop < (long)glyph->bitmap.rows; cuttop++) - { - for (j = 0; j < glyph->bitmap.width; j++) - if (glyph->bitmap.buffer[j / 8 + cuttop * glyph->bitmap.pitch] -@@ -203,10 +204,10 @@ add_glyph (struct grub_font_info *font_info, FT_UInt glyph_idx, FT_Face face, - break; - } - cutbottom = glyph->bitmap.rows - 1 - cutbottom; -- if (cutbottom + cuttop >= glyph->bitmap.rows) -+ if (cutbottom + cuttop >= (long)glyph->bitmap.rows) - cutbottom = 0; - -- for (cutleft = 0; cutleft < glyph->bitmap.width; cutleft++) -+ for (cutleft = 0; cutleft < (long)glyph->bitmap.width; cutleft++) - { - for (j = 0; j < glyph->bitmap.rows; j++) - if (glyph->bitmap.buffer[cutleft / 8 + j * glyph->bitmap.pitch] -@@ -225,7 +226,7 @@ add_glyph (struct grub_font_info *font_info, FT_UInt glyph_idx, FT_Face face, - break; - } - cutright = glyph->bitmap.width - 1 - cutright; -- if (cutright + cutleft >= glyph->bitmap.width) -+ if (cutright + cutleft >= (long)glyph->bitmap.width) - cutright = 0; - } - -@@ -262,7 +263,7 @@ add_glyph (struct grub_font_info *font_info, FT_UInt glyph_idx, FT_Face face, - - mask = 0; - data = &glyph_info->bitmap[0] - 1; -- for (j = cuttop; j < height + cuttop; j++) -+ for (j = cuttop; j < (long)height + cuttop; j++) - for (i = cutleft; i < width + cutleft; i++) - add_pixel (&data, &mask, - glyph->bitmap.buffer[i / 8 + j * glyph->bitmap.pitch] & -diff --git a/util/grub-probe.c b/util/grub-probe.c -index c08e46bbb4..c6fac732b4 100644 ---- a/util/grub-probe.c -+++ b/util/grub-probe.c -@@ -798,7 +798,7 @@ argp_parser (int key, char *arg, struct argp_state *state) - - case 't': - { -- int i; -+ unsigned int i; - - for (i = PRINT_FS; i < ARRAY_SIZE (targets); i++) - if (strcmp (arg, targets[i]) == 0) -diff --git a/util/setup.c b/util/setup.c -index da5f2c07f5..8b22bb8cca 100644 ---- a/util/setup.c -+++ b/util/setup.c -@@ -406,7 +406,7 @@ SETUP (const char *dir, - int is_ldm; - grub_err_t err; - grub_disk_addr_t *sectors; -- int i; -+ unsigned int i; - grub_fs_t fs; - unsigned int nsec, maxsec; - diff --git a/SPECS/grub2/fedora/0101-Don-t-use-Wno-sign-compare-Wno-conversion-Wno-error-.patch b/SPECS/grub2/fedora/0101-Don-t-use-Wno-sign-compare-Wno-conversion-Wno-error-.patch deleted file mode 100644 index 03b4bbf3ce..0000000000 --- a/SPECS/grub2/fedora/0101-Don-t-use-Wno-sign-compare-Wno-conversion-Wno-error-.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 11 Jul 2019 18:20:37 +0200 -Subject: [PATCH] Don't use -Wno-sign-compare -Wno-conversion -Wno-error, do - use -Wextra. - -Signed-off-by: Peter Jones ---- - configure.ac | 14 +++++++++++--- - conf/Makefile.common | 2 +- - 2 files changed, 12 insertions(+), 4 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 7b4e1854d3..490353713a 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1452,11 +1452,11 @@ fi - # Set them to their new values for the tests below. - CC="$TARGET_CC" - if test x"$platform" = xemu ; then --CFLAGS="$TARGET_CFLAGS -Wno-error" -+CFLAGS="$TARGET_CFLAGS" - elif test "x$TARGET_APPLE_LINKER" = x1 ; then --CFLAGS="$TARGET_CFLAGS -nostdlib -static -Wno-error" -+CFLAGS="$TARGET_CFLAGS -nostdlib -static" - else --CFLAGS="$TARGET_CFLAGS -nostdlib -Wno-error" -+CFLAGS="$TARGET_CFLAGS -nostdlib" - fi - CPPFLAGS="$TARGET_CPPFLAGS" - -@@ -1990,6 +1990,14 @@ if test x"$enable_werror" != xno ; then - HOST_CFLAGS="$HOST_CFLAGS -Werror" - fi - -+AC_ARG_ENABLE([wextra], -+ [AS_HELP_STRING([--disable-wextra], -+ [do not use -Wextra when building GRUB])]) -+if test x"$enable_wextra" != xno ; then -+ TARGET_CFLAGS="$TARGET_CFLAGS -Wextra" -+ HOST_CFLAGS="$HOST_CFLAGS -Wextra" -+fi -+ - TARGET_CPP="$TARGET_CC -E" - TARGET_CCAS=$TARGET_CC - -diff --git a/conf/Makefile.common b/conf/Makefile.common -index 2ff9b39357..35e14ff017 100644 ---- a/conf/Makefile.common -+++ b/conf/Makefile.common -@@ -66,7 +66,7 @@ grubconfdir = $(sysconfdir)/grub.d - platformdir = $(pkglibdir)/$(target_cpu)-$(platform) - starfielddir = $(pkgdatadir)/themes/starfield - --CFLAGS_GNULIB = -Wno-undef -Wno-sign-compare -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code -Wno-conversion -+CFLAGS_GNULIB = -Wno-undef -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code - CPPFLAGS_GNULIB = -I$(top_builddir)/grub-core/lib/gnulib -I$(top_srcdir)/grub-core/lib/gnulib - - CFLAGS_POSIX = -fno-builtin diff --git a/SPECS/grub2/fedora/0102-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch b/SPECS/grub2/fedora/0102-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch deleted file mode 100644 index 5a9c6f2475..0000000000 --- a/SPECS/grub2/fedora/0102-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 12 Jul 2019 09:53:32 +0200 -Subject: [PATCH] x86-efi: Use bounce buffers for reading to addresses > 4GB - -Lots of machines apparently can't DMA correctly above 4GB during UEFI, -so use bounce buffers for the initramfs read. - -Signed-off-by: Peter Jones ---- - grub-core/loader/i386/efi/linux.c | 52 +++++++++++++++++++++++++++++++++------ - 1 file changed, 45 insertions(+), 7 deletions(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 33e981e76e..2f0336809e 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -35,11 +35,16 @@ static grub_dl_t my_mod; - static int loaded; - static void *kernel_mem; - static grub_uint64_t kernel_size; --static grub_uint8_t *initrd_mem; -+static void *initrd_mem; - static grub_uint32_t handover_offset; - struct linux_kernel_params *params; - static char *linux_cmdline; - -+#define MIN(a, b) \ -+ ({ typeof (a) _a = (a); \ -+ typeof (b) _b = (b); \ -+ _a < _b ? _a : _b; }) -+ - #define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) - - static grub_err_t -@@ -73,6 +78,44 @@ grub_linuxefi_unload (void) - return GRUB_ERR_NONE; - } - -+#define BOUNCE_BUFFER_MAX 0x10000000ull -+ -+static grub_ssize_t -+read(grub_file_t file, grub_uint8_t *bufp, grub_size_t len) -+{ -+ grub_ssize_t bufpos = 0; -+ static grub_size_t bbufsz = 0; -+ static char *bbuf = NULL; -+ -+ if (bbufsz == 0) -+ bbufsz = MIN(BOUNCE_BUFFER_MAX, len); -+ -+ while (!bbuf && bbufsz) -+ { -+ bbuf = grub_malloc(bbufsz); -+ if (!bbuf) -+ bbufsz >>= 1; -+ } -+ if (!bbuf) -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate bounce buffer")); -+ -+ while (bufpos < (long long)len) -+ { -+ grub_ssize_t sz; -+ -+ sz = grub_file_read (file, bbuf, MIN(bbufsz, len - bufpos)); -+ if (sz < 0) -+ return sz; -+ if (sz == 0) -+ break; -+ -+ grub_memcpy(bufp + bufpos, bbuf, sz); -+ bufpos += sz; -+ } -+ -+ return bufpos; -+} -+ - static grub_err_t - grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - int argc, char *argv[]) -@@ -126,7 +169,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - for (i = 0; i < nfiles; i++) - { - grub_ssize_t cursize = grub_file_size (files[i]); -- if (grub_file_read (files[i], ptr, cursize) != cursize) -+ if (read (files[i], ptr, cursize) != cursize) - { - if (!grub_errno) - grub_error (GRUB_ERR_FILE_READ_ERROR, N_("premature end of file %s"), -@@ -152,11 +195,6 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - return grub_errno; - } - --#define MIN(a, b) \ -- ({ typeof (a) _a = (a); \ -- typeof (b) _b = (b); \ -- _a < _b ? _a : _b; }) -- - static grub_err_t - grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - int argc, char *argv[]) diff --git a/SPECS/grub2/fedora/0103-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch b/SPECS/grub2/fedora/0103-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch deleted file mode 100644 index 9b10d68829..0000000000 --- a/SPECS/grub2/fedora/0103-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 13 Sep 2018 14:42:34 -0400 -Subject: [PATCH] x86-efi: Re-arrange grub_cmd_linux() a little bit. - -This just helps the next patch be easier to read. - -Signed-off-by: Peter Jones ---- - grub-core/loader/i386/efi/linux.c | 75 +++++++++++++++++++++------------------ - 1 file changed, 41 insertions(+), 34 deletions(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 2f0336809e..5f48fa5561 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -243,32 +243,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -- params = grub_efi_allocate_pages_max (GRUB_EFI_MAX_ALLOCATION_ADDRESS, -- BYTES_TO_PAGES(sizeof(*params))); -- if (!params) -- params = grub_efi_allocate_pages_max (GRUB_EFI_MAX_USABLE_ADDRESS, -- BYTES_TO_PAGES(sizeof(*params))); -- if (! params) -- { -- grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate kernel parameters"); -- goto fail; -- } -+ lh = (struct linux_i386_kernel_header *)kernel; -+ grub_dprintf ("linux", "original lh is at %p\n", kernel); - -- grub_dprintf ("linux", "params = %p\n", params); -- -- grub_memset (params, 0, sizeof(*params)); -- -- setup_header_end_offset = *((grub_uint8_t *)kernel + 0x201); -- grub_dprintf ("linux", "copying %lu bytes from %p to %p\n", -- MIN((grub_size_t)0x202+setup_header_end_offset, -- sizeof (*params)) - 0x1f1, -- (grub_uint8_t *)kernel + 0x1f1, -- (grub_uint8_t *)params + 0x1f1); -- grub_memcpy ((grub_uint8_t *)params + 0x1f1, -- (grub_uint8_t *)kernel + 0x1f1, -- MIN((grub_size_t)0x202+setup_header_end_offset,sizeof (*params)) - 0x1f1); -- lh = (struct linux_i386_kernel_header *)params; -- grub_dprintf ("linux", "lh is at %p\n", lh); - grub_dprintf ("linux", "checking lh->boot_flag\n"); - if (lh->boot_flag != grub_cpu_to_le16 (0xaa55)) - { -@@ -316,6 +293,34 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - } - #endif - -+ params = grub_efi_allocate_pages_max (GRUB_EFI_MAX_ALLOCATION_ADDRESS, -+ BYTES_TO_PAGES(sizeof(*params))); -+ if (!params) -+ params = grub_efi_allocate_pages_max (GRUB_EFI_MAX_USABLE_ADDRESS, -+ BYTES_TO_PAGES(sizeof(*params))); -+ if (! params) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate kernel parameters"); -+ goto fail; -+ } -+ -+ grub_dprintf ("linux", "params = %p\n", params); -+ -+ grub_memset (params, 0, sizeof(*params)); -+ -+ setup_header_end_offset = *((grub_uint8_t *)kernel + 0x201); -+ grub_dprintf ("linux", "copying %lu bytes from %p to %p\n", -+ MIN((grub_size_t)0x202+setup_header_end_offset, -+ sizeof (*params)) - 0x1f1, -+ (grub_uint8_t *)kernel + 0x1f1, -+ (grub_uint8_t *)params + 0x1f1); -+ grub_memcpy ((grub_uint8_t *)params + 0x1f1, -+ (grub_uint8_t *)kernel + 0x1f1, -+ MIN((grub_size_t)0x202+setup_header_end_offset,sizeof (*params)) - 0x1f1); -+ -+ lh = (struct linux_i386_kernel_header *)params; -+ grub_dprintf ("linux", "new lh is at %p\n", lh); -+ - grub_dprintf ("linux", "setting up cmdline\n"); - linux_cmdline = grub_efi_allocate_pages_max(GRUB_EFI_MAX_ALLOCATION_ADDRESS, - BYTES_TO_PAGES(lh->cmdline_size + 1)); -@@ -341,8 +346,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_dprintf ("linux", "setting lh->cmd_line_ptr\n"); - lh->cmd_line_ptr = (grub_uint32_t)(grub_addr_t)linux_cmdline; - -- grub_dprintf ("linux", "computing handover offset\n"); - handover_offset = lh->handover_offset; -+ grub_dprintf("linux", "handover_offset: %08x\n", handover_offset); - - start = (lh->setup_sects + 1) * 512; - -@@ -359,26 +364,28 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate kernel")); - goto fail; - } -- -- grub_dprintf ("linux", "kernel_mem = %lx\n", (unsigned long) kernel_mem); -+ grub_dprintf("linux", "kernel_mem = %p\n", kernel_mem); - - grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); -- loaded=1; -+ -+ loaded = 1; -+ - grub_dprintf ("linux", "setting lh->code32_start to %p\n", kernel_mem); - lh->code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem; - - grub_memcpy (kernel_mem, (char *)kernel + start, filelen - start); - -- grub_dprintf ("linux", "setting lh->type_of_loader\n"); - lh->type_of_loader = 0x6; -+ grub_dprintf ("linux", "setting lh->type_of_loader = 0x%02x\n", -+ lh->type_of_loader); - -- grub_dprintf ("linux", "setting lh->ext_loader_{type,ver}\n"); - params->ext_loader_type = 0; - params->ext_loader_ver = 2; -- grub_dprintf("linux", "kernel_mem: %p handover_offset: %08x\n", -- kernel_mem, handover_offset); -+ grub_dprintf ("linux", -+ "setting lh->ext_loader_{type,ver} = {0x%02x,0x%02x}\n", -+ params->ext_loader_type, params->ext_loader_ver); - -- fail: -+fail: - if (file) - grub_file_close (file); - diff --git a/SPECS/grub2/fedora/0104-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch b/SPECS/grub2/fedora/0104-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch deleted file mode 100644 index 700c98b36a..0000000000 --- a/SPECS/grub2/fedora/0104-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch +++ /dev/null @@ -1,258 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 12 Sep 2018 16:03:55 -0400 -Subject: [PATCH] x86-efi: Make our own allocator for kernel stuff - -This helps enable allocations above 4GB. - -Signed-off-by: Peter Jones ---- - grub-core/loader/i386/efi/linux.c | 167 +++++++++++++++++++++----------------- - 1 file changed, 94 insertions(+), 73 deletions(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 5f48fa5561..3e4f7ef39f 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -47,6 +47,65 @@ static char *linux_cmdline; - - #define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) - -+struct allocation_choice { -+ grub_efi_physical_address_t addr; -+ grub_efi_allocate_type_t alloc_type; -+}; -+ -+static struct allocation_choice max_addresses[] = -+ { -+ { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, -+ { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, -+ { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, -+ { 0, 0 } -+ }; -+ -+static inline void -+kernel_free(void *addr, grub_efi_uintn_t size) -+{ -+ if (addr && size) -+ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)addr, -+ BYTES_TO_PAGES(size)); -+} -+ -+static void * -+kernel_alloc(grub_efi_uintn_t size, const char * const errmsg) -+{ -+ void *addr = 0; -+ unsigned int i; -+ grub_efi_physical_address_t prev_max = 0; -+ -+ for (i = 0; max_addresses[i].addr != 0 && addr == 0; i++) -+ { -+ grub_uint64_t max = max_addresses[i].addr; -+ grub_efi_uintn_t pages; -+ -+ if (max == prev_max) -+ continue; -+ -+ pages = BYTES_TO_PAGES(size); -+ grub_dprintf ("linux", "Trying to allocate %lu pages from %p\n", -+ pages, (void *)max); -+ -+ prev_max = max; -+ addr = grub_efi_allocate_pages_real (max, pages, -+ max_addresses[i].alloc_type, -+ GRUB_EFI_LOADER_DATA); -+ if (addr) -+ grub_dprintf ("linux", "Allocated at %p\n", addr); -+ } -+ -+ while (grub_error_pop ()) -+ { -+ ; -+ } -+ -+ if (addr == NULL) -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, "%s", errmsg); -+ -+ return addr; -+} -+ - static grub_err_t - grub_linuxefi_boot (void) - { -@@ -62,19 +121,12 @@ grub_linuxefi_unload (void) - { - grub_dl_unref (my_mod); - loaded = 0; -- if (initrd_mem) -- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, -- BYTES_TO_PAGES(params->ramdisk_size)); -- if (linux_cmdline) -- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t) -- linux_cmdline, -- BYTES_TO_PAGES(params->cmdline_size + 1)); -- if (kernel_mem) -- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, -- BYTES_TO_PAGES(kernel_size)); -- if (params) -- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)params, -- BYTES_TO_PAGES(16384)); -+ -+ kernel_free(initrd_mem, params->ramdisk_size); -+ kernel_free(linux_cmdline, params->cmdline_size + 1); -+ kernel_free(kernel_mem, kernel_size); -+ kernel_free(params, sizeof(*params)); -+ - return GRUB_ERR_NONE; - } - -@@ -150,19 +202,13 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - size += ALIGN_UP (grub_file_size (files[i]), 4); - } - -- initrd_mem = grub_efi_allocate_pages_max (GRUB_EFI_MAX_ALLOCATION_ADDRESS, BYTES_TO_PAGES(size)); -- if (!initrd_mem) -- initrd_mem = grub_efi_allocate_pages_max (GRUB_EFI_MAX_USABLE_ADDRESS, BYTES_TO_PAGES(size)); -- if (!initrd_mem) -- { -- grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate initrd")); -- goto fail; -- } -- -- grub_dprintf ("linux", "initrd_mem = %lx\n", (unsigned long) initrd_mem); -+ initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); -+ if (initrd_mem == NULL) -+ goto fail; -+ grub_dprintf ("linux", "initrd_mem = %p\n", initrd_mem); - - params->ramdisk_size = size; -- params->ramdisk_image = (grub_uint32_t)(grub_addr_t) initrd_mem; -+ params->ramdisk_image = initrd_mem; - - ptr = initrd_mem; - -@@ -221,7 +267,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - filelen = grub_file_size (file); - - kernel = grub_malloc(filelen); -- - if (!kernel) - { - grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer")); -@@ -274,7 +319,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - --#if defined(__x86_64__) || defined(__aarch64__) -+#if defined(__x86_64__) - grub_dprintf ("linux", "checking lh->xloadflags\n"); - if (!(lh->xloadflags & LINUX_XLF_KERNEL_64)) - { -@@ -293,17 +338,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - } - #endif - -- params = grub_efi_allocate_pages_max (GRUB_EFI_MAX_ALLOCATION_ADDRESS, -- BYTES_TO_PAGES(sizeof(*params))); -+ params = kernel_alloc (sizeof(*params), "cannot allocate kernel parameters"); - if (!params) -- params = grub_efi_allocate_pages_max (GRUB_EFI_MAX_USABLE_ADDRESS, -- BYTES_TO_PAGES(sizeof(*params))); -- if (! params) -- { -- grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate kernel parameters"); -- goto fail; -- } -- -+ goto fail; - grub_dprintf ("linux", "params = %p\n", params); - - grub_memset (params, 0, sizeof(*params)); -@@ -322,19 +359,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_dprintf ("linux", "new lh is at %p\n", lh); - - grub_dprintf ("linux", "setting up cmdline\n"); -- linux_cmdline = grub_efi_allocate_pages_max(GRUB_EFI_MAX_ALLOCATION_ADDRESS, -- BYTES_TO_PAGES(lh->cmdline_size + 1)); -+ linux_cmdline = kernel_alloc (lh->cmdline_size + 1, N_("can't allocate cmdline")); - if (!linux_cmdline) -- linux_cmdline = grub_efi_allocate_pages_max(GRUB_EFI_MAX_USABLE_ADDRESS, -- BYTES_TO_PAGES(lh->cmdline_size + 1)); -- if (!linux_cmdline) -- { -- grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate cmdline")); -- goto fail; -- } -- -- grub_dprintf ("linux", "linux_cmdline = %lx\n", -- (unsigned long)linux_cmdline); -+ goto fail; -+ grub_dprintf ("linux", "linux_cmdline = %p\n", linux_cmdline); - - grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); - grub_create_loader_cmdline (argc, argv, -@@ -343,27 +371,24 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - GRUB_VERIFY_KERNEL_CMDLINE); - - grub_dprintf ("linux", "cmdline:%s\n", linux_cmdline); -- grub_dprintf ("linux", "setting lh->cmd_line_ptr\n"); -- lh->cmd_line_ptr = (grub_uint32_t)(grub_addr_t)linux_cmdline; -+ grub_dprintf ("linux", "setting lh->cmd_line_ptr to 0x%08x\n", -+ linux_cmdline); -+ lh->cmd_line_ptr = linux_cmdline; - - handover_offset = lh->handover_offset; -- grub_dprintf("linux", "handover_offset: %08x\n", handover_offset); -+ grub_dprintf("linux", "handover_offset: 0x%08x\n", handover_offset); - - start = (lh->setup_sects + 1) * 512; - -- kernel_mem = grub_efi_allocate_pages_max(lh->pref_address, -- BYTES_TO_PAGES(lh->init_size)); -- if (!kernel_mem) -- kernel_mem = grub_efi_allocate_pages_max(GRUB_EFI_MAX_ALLOCATION_ADDRESS, -- BYTES_TO_PAGES(lh->init_size)); -- if (!kernel_mem) -- kernel_mem = grub_efi_allocate_pages_max(GRUB_EFI_MAX_USABLE_ADDRESS, -- BYTES_TO_PAGES(lh->init_size)); -- if (!kernel_mem) -+ grub_dprintf ("linux", "lh->pref_address: %p\n", (void *)(grub_addr_t)lh->pref_address); -+ if (lh->pref_address < (grub_uint64_t)GRUB_EFI_MAX_ALLOCATION_ADDRESS) - { -- grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate kernel")); -- goto fail; -+ max_addresses[0].addr = lh->pref_address; -+ max_addresses[0].alloc_type = GRUB_EFI_ALLOCATE_ADDRESS; - } -+ kernel_mem = kernel_alloc (lh->init_size, N_("can't allocate kernel")); -+ if (!kernel_mem) -+ goto fail; - grub_dprintf("linux", "kernel_mem = %p\n", kernel_mem); - - grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); -@@ -398,18 +423,14 @@ fail: - loaded = 0; - } - -- if (linux_cmdline && lh && !loaded) -- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t) -- linux_cmdline, -- BYTES_TO_PAGES(lh->cmdline_size + 1)); -+ if (!loaded) -+ { -+ if (lh) -+ kernel_free (linux_cmdline, lh->cmdline_size + 1); - -- if (kernel_mem && !loaded) -- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, -- BYTES_TO_PAGES(kernel_size)); -- -- if (params && !loaded) -- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)params, -- BYTES_TO_PAGES(16384)); -+ kernel_free (kernel_mem, kernel_size); -+ kernel_free (params, sizeof(*params)); -+ } - - return grub_errno; - } diff --git a/SPECS/grub2/fedora/0105-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch b/SPECS/grub2/fedora/0105-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch deleted file mode 100644 index 6ac11a1cd1..0000000000 --- a/SPECS/grub2/fedora/0105-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch +++ /dev/null @@ -1,171 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 12 Sep 2018 16:12:27 -0400 -Subject: [PATCH] x86-efi: Allow initrd+params+cmdline allocations above 4GB. - -This enables everything except the kernel itself to be above 4GB. -Putting the kernel up there still doesn't work, because of the way -params->code32_start is used. - -Signed-off-by: Peter Jones ---- - grub-core/loader/i386/efi/linux.c | 67 +++++++++++++++++++++++++++++++++++---- - include/grub/i386/linux.h | 6 +++- - 2 files changed, 65 insertions(+), 8 deletions(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 3e4f7ef39f..6bc18d5aef 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -52,13 +52,22 @@ struct allocation_choice { - grub_efi_allocate_type_t alloc_type; - }; - --static struct allocation_choice max_addresses[] = -+static struct allocation_choice max_addresses[4] = - { -+ /* the kernel overrides this one with pref_address and -+ * GRUB_EFI_ALLOCATE_ADDRESS */ - { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, -+ /* this one is always below 4GB, which we still *prefer* even if the flag -+ * is set. */ - { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, -+ /* If the flag in params is set, this one gets changed to be above 4GB. */ - { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, - { 0, 0 } - }; -+static struct allocation_choice saved_addresses[4]; -+ -+#define save_addresses() grub_memcpy(saved_addresses, max_addresses, sizeof(max_addresses)) -+#define restore_addresses() grub_memcpy(max_addresses, saved_addresses, sizeof(max_addresses)) - - static inline void - kernel_free(void *addr, grub_efi_uintn_t size) -@@ -80,6 +89,11 @@ kernel_alloc(grub_efi_uintn_t size, const char * const errmsg) - grub_uint64_t max = max_addresses[i].addr; - grub_efi_uintn_t pages; - -+ /* -+ * When we're *not* loading the kernel, or >4GB allocations aren't -+ * supported, these entries are basically all the same, so don't re-try -+ * the same parameters. -+ */ - if (max == prev_max) - continue; - -@@ -168,6 +182,9 @@ read(grub_file_t file, grub_uint8_t *bufp, grub_size_t len) - return bufpos; - } - -+#define LOW_U32(val) ((grub_uint32_t)(((grub_addr_t)(val)) & 0xffffffffull)) -+#define HIGH_U32(val) ((grub_uint32_t)(((grub_addr_t)(val) >> 32) & 0xffffffffull)) -+ - static grub_err_t - grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - int argc, char *argv[]) -@@ -207,8 +224,12 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - goto fail; - grub_dprintf ("linux", "initrd_mem = %p\n", initrd_mem); - -- params->ramdisk_size = size; -- params->ramdisk_image = initrd_mem; -+ params->ramdisk_size = LOW_U32(size); -+ params->ramdisk_image = LOW_U32(initrd_mem); -+#if defined(__x86_64__) -+ params->ext_ramdisk_size = HIGH_U32(size); -+ params->ext_ramdisk_image = HIGH_U32(initrd_mem); -+#endif - - ptr = initrd_mem; - -@@ -338,6 +359,18 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - } - #endif - -+#if defined(__x86_64__) -+ if (lh->xloadflags & LINUX_XLF_CAN_BE_LOADED_ABOVE_4G) -+ { -+ grub_dprintf ("linux", "Loading kernel above 4GB is supported; enabling.\n"); -+ max_addresses[2].addr = GRUB_EFI_MAX_USABLE_ADDRESS; -+ } -+ else -+ { -+ grub_dprintf ("linux", "Loading kernel above 4GB is not supported\n"); -+ } -+#endif -+ - params = kernel_alloc (sizeof(*params), "cannot allocate kernel parameters"); - if (!params) - goto fail; -@@ -372,21 +405,40 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - - grub_dprintf ("linux", "cmdline:%s\n", linux_cmdline); - grub_dprintf ("linux", "setting lh->cmd_line_ptr to 0x%08x\n", -- linux_cmdline); -- lh->cmd_line_ptr = linux_cmdline; -+ LOW_U32(linux_cmdline)); -+ lh->cmd_line_ptr = LOW_U32(linux_cmdline); -+#if defined(__x86_64__) -+ if ((grub_efi_uintn_t)linux_cmdline > 0xffffffffull) -+ { -+ grub_dprintf ("linux", "setting params->ext_cmd_line_ptr to 0x%08x\n", -+ HIGH_U32(linux_cmdline)); -+ params->ext_cmd_line_ptr = HIGH_U32(linux_cmdline); -+ } -+#endif - - handover_offset = lh->handover_offset; - grub_dprintf("linux", "handover_offset: 0x%08x\n", handover_offset); - - start = (lh->setup_sects + 1) * 512; - -+ /* -+ * AFAICS >4GB for kernel *cannot* work because of params->code32_start being -+ * 32-bit and getting called unconditionally in head_64.S from either entry -+ * point. -+ * -+ * so nerf that out here... -+ */ -+ save_addresses(); - grub_dprintf ("linux", "lh->pref_address: %p\n", (void *)(grub_addr_t)lh->pref_address); - if (lh->pref_address < (grub_uint64_t)GRUB_EFI_MAX_ALLOCATION_ADDRESS) - { - max_addresses[0].addr = lh->pref_address; - max_addresses[0].alloc_type = GRUB_EFI_ALLOCATE_ADDRESS; - } -+ max_addresses[1].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; -+ max_addresses[2].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; - kernel_mem = kernel_alloc (lh->init_size, N_("can't allocate kernel")); -+ restore_addresses(); - if (!kernel_mem) - goto fail; - grub_dprintf("linux", "kernel_mem = %p\n", kernel_mem); -@@ -395,8 +447,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - - loaded = 1; - -- grub_dprintf ("linux", "setting lh->code32_start to %p\n", kernel_mem); -- lh->code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem; -+ grub_dprintf ("linux", "setting lh->code32_start to 0x%08x\n", -+ LOW_U32(kernel_mem)); -+ lh->code32_start = LOW_U32(kernel_mem); - - grub_memcpy (kernel_mem, (char *)kernel + start, filelen - start); - -diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h -index 25ef52c04e..fac22476cc 100644 ---- a/include/grub/i386/linux.h -+++ b/include/grub/i386/linux.h -@@ -236,7 +236,11 @@ struct linux_kernel_params - grub_uint32_t ofw_cif_handler; /* b8 */ - grub_uint32_t ofw_idt; /* bc */ - -- grub_uint8_t padding7[0x1b8 - 0xc0]; -+ grub_uint32_t ext_ramdisk_image; /* 0xc0 */ -+ grub_uint32_t ext_ramdisk_size; /* 0xc4 */ -+ grub_uint32_t ext_cmd_line_ptr; /* 0xc8 */ -+ -+ grub_uint8_t padding7[0x1b8 - 0xcc]; - - union - { diff --git a/SPECS/grub2/fedora/0106-Fix-getroot.c-s-trampolines.patch b/SPECS/grub2/fedora/0106-Fix-getroot.c-s-trampolines.patch deleted file mode 100644 index e744b77947..0000000000 --- a/SPECS/grub2/fedora/0106-Fix-getroot.c-s-trampolines.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 28 Sep 2018 15:42:19 -0400 -Subject: [PATCH] Fix getroot.c's trampolines. - -This makes the stack executable on most of the grub utilities, which is -bad, and rpmdiff complains about it. - -Signed-off-by: Peter Jones ---- - grub-core/osdep/linux/getroot.c | 16 +++++++--------- - 1 file changed, 7 insertions(+), 9 deletions(-) - -diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c -index 9f730b3518..f0c503f43d 100644 ---- a/grub-core/osdep/linux/getroot.c -+++ b/grub-core/osdep/linux/getroot.c -@@ -1264,22 +1264,20 @@ grub_util_get_grub_dev_os (const char *os_dev) - return grub_dev; - } - -+static void *mp = NULL; -+static void -+btrfs_mount_path_hook(const char *m) -+{ -+ mp = strdup (m); -+} - - char * - grub_util_get_btrfs_subvol (const char *path, char **mount_path) - { -- char *mp = NULL; -- - if (mount_path) - *mount_path = NULL; - -- auto void -- mount_path_hook (const char *m) -- { -- mp = strdup (m); -- } -- -- grub_find_root_btrfs_mount_path_hook = mount_path_hook; -+ grub_find_root_btrfs_mount_path_hook = btrfs_mount_path_hook; - grub_free (grub_find_root_devices_from_mountinfo (path, NULL)); - grub_find_root_btrfs_mount_path_hook = NULL; - diff --git a/SPECS/grub2/fedora/0107-Do-not-allow-stack-trampolines-anywhere.patch b/SPECS/grub2/fedora/0107-Do-not-allow-stack-trampolines-anywhere.patch deleted file mode 100644 index 658c7a4c01..0000000000 --- a/SPECS/grub2/fedora/0107-Do-not-allow-stack-trampolines-anywhere.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 12 Jul 2019 10:06:50 +0200 -Subject: [PATCH] Do not allow stack trampolines, anywhere. - -Signed-off-by: Peter Jones ---- - configure.ac | 3 +++ - conf/Makefile.common | 2 +- - 2 files changed, 4 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 490353713a..a02d40a05b 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1998,6 +1998,9 @@ if test x"$enable_wextra" != xno ; then - HOST_CFLAGS="$HOST_CFLAGS -Wextra" - fi - -+TARGET_CFLAGS="$TARGET_CFLAGS -Werror=trampolines -fno-trampolines" -+HOST_CFLAGS="$HOST_CFLAGS -Werror=trampolines -fno-trampolines" -+ - TARGET_CPP="$TARGET_CC -E" - TARGET_CCAS=$TARGET_CC - -diff --git a/conf/Makefile.common b/conf/Makefile.common -index 35e14ff017..0647c53b91 100644 ---- a/conf/Makefile.common -+++ b/conf/Makefile.common -@@ -66,7 +66,7 @@ grubconfdir = $(sysconfdir)/grub.d - platformdir = $(pkglibdir)/$(target_cpu)-$(platform) - starfielddir = $(pkgdatadir)/themes/starfield - --CFLAGS_GNULIB = -Wno-undef -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code -+CFLAGS_GNULIB = -Wno-undef -Wno-unused -Wno-unused-parameter -Wno-redundant-decls -Wno-unreachable-code -Werror=trampolines -fno-trampolines - CPPFLAGS_GNULIB = -I$(top_builddir)/grub-core/lib/gnulib -I$(top_srcdir)/grub-core/lib/gnulib - - CFLAGS_POSIX = -fno-builtin diff --git a/SPECS/grub2/fedora/0109-Fix-menu-entry-selection-based-on-ID-and-title.patch b/SPECS/grub2/fedora/0109-Fix-menu-entry-selection-based-on-ID-and-title.patch deleted file mode 100644 index af74901204..0000000000 --- a/SPECS/grub2/fedora/0109-Fix-menu-entry-selection-based-on-ID-and-title.patch +++ /dev/null @@ -1,233 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 19 Oct 2018 10:57:52 -0400 -Subject: [PATCH] Fix menu entry selection based on ID and title - -Currently if grub_strtoul(saved_entry_value, NULL, 0) does not return an -error, we assume the value it has produced is a correct index into our -menu entry list, and do not try to interpret the value as the "id" or -"title" . In cases where "id" or "title" start with a numeral, this -makes them impossible to use as selection criteria. - -This patch splits the search into three phases - matching id, matching -title, and only once those have been exhausted, trying to interpret the -ID as a numeral. In that case, we also require that the entire string -is numeric, not merely a string with leading numeric characters. - -Resolves: rhbz#1640979 - -Signed-off-by: Peter Jones -[javierm: fix menu entry selection based on title] -Signed-off-by: Javier Martinez Canillas ---- - grub-core/normal/menu.c | 141 ++++++++++++++++++++++++------------------------ - 1 file changed, 71 insertions(+), 70 deletions(-) - -diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index d7a222e681..4a02aadb01 100644 ---- a/grub-core/normal/menu.c -+++ b/grub-core/normal/menu.c -@@ -164,12 +164,12 @@ grub_menu_set_timeout (int timeout) - } - - static int --menuentry_eq (const char *id, const char *spec) -+menuentry_eq (const char *id, const char *spec, int limit) - { - const char *ptr1, *ptr2; - ptr1 = id; - ptr2 = spec; -- while (1) -+ while (limit == -1 || ptr1 - id <= limit) - { - if (*ptr2 == '>' && ptr2[1] != '>' && *ptr1 == 0) - return ptr2 - spec; -@@ -178,7 +178,11 @@ menuentry_eq (const char *id, const char *spec) - if (*ptr2 == '>') - ptr2++; - if (*ptr1 != *ptr2) -- return 0; -+ { -+ if (limit > -1 && ptr1 - id == limit && !*ptr1 && grub_isspace(*ptr2)) -+ return ptr1 -id -1; -+ return 0; -+ } - if (*ptr1 == 0) - return ptr1 - id; - ptr1++; -@@ -187,6 +191,58 @@ menuentry_eq (const char *id, const char *spec) - return 0; - } - -+static int -+get_entry_number_helper(grub_menu_t menu, -+ const char * const val, const char ** const tail) -+{ -+ /* See if the variable matches the title of a menu entry. */ -+ int entry = -1; -+ grub_menu_entry_t e; -+ int i; -+ -+ for (i = 0, e = menu->entry_list; e; i++) -+ { -+ int l = 0; -+ while (val[l] && !grub_isspace(val[l])) -+ l++; -+ -+ if (menuentry_eq (e->id, val, l)) -+ { -+ if (tail) -+ *tail = val + l; -+ return i; -+ } -+ e = e->next; -+ } -+ -+ for (i = 0, e = menu->entry_list; e; i++) -+ { -+ -+ if (menuentry_eq (e->title, val, -1)) -+ { -+ if (tail) -+ *tail = NULL; -+ return i; -+ } -+ e = e->next; -+ } -+ -+ if (tail) -+ *tail = NULL; -+ -+ entry = (int) grub_strtoul (val, tail, 0); -+ if (grub_errno == GRUB_ERR_BAD_NUMBER || -+ (*tail && **tail && !grub_isspace(**tail))) -+ { -+ entry = -1; -+ if (tail) -+ *tail = NULL; -+ grub_errno = GRUB_ERR_NONE; -+ } -+ -+ return entry; -+} -+ - /* Get the first entry number from the value of the environment variable NAME, - which is a space-separated list of non-negative integers. The entry number - which is returned is stripped from the value of NAME. If no entry number -@@ -196,7 +252,6 @@ get_and_remove_first_entry_number (grub_menu_t menu, const char *name) - { - const char *val, *tail; - int entry; -- int sz = 0; - - val = grub_env_get (name); - if (! val) -@@ -204,50 +259,24 @@ get_and_remove_first_entry_number (grub_menu_t menu, const char *name) - - grub_error_push (); - -- entry = (int) grub_strtoul (val, &tail, 0); -+ entry = get_entry_number_helper(menu, val, &tail); -+ if (!(*tail == 0 || grub_isspace(*tail))) -+ entry = -1; - -- if (grub_errno == GRUB_ERR_BAD_NUMBER) -+ if (entry >= 0) - { -- /* See if the variable matches the title of a menu entry. */ -- grub_menu_entry_t e = menu->entry_list; -- int i; -- -- for (i = 0; e; i++) -- { -- sz = menuentry_eq (e->title, val); -- if (sz < 1) -- sz = menuentry_eq (e->id, val); -- -- if (sz >= 1) -- { -- entry = i; -- break; -- } -- e = e->next; -- } -- -- if (sz > 0) -- grub_errno = GRUB_ERR_NONE; -- -- if (! e) -- entry = -1; -- } -- -- if (grub_errno == GRUB_ERR_NONE) -- { -- if (sz > 0) -- tail += sz; -- - /* Skip whitespace to find the next entry. */ - while (*tail && grub_isspace (*tail)) - tail++; -- grub_env_set (name, tail); -+ if (*tail) -+ grub_env_set (name, tail); -+ else -+ grub_env_unset (name); - } - else - { - grub_env_unset (name); - grub_errno = GRUB_ERR_NONE; -- entry = -1; - } - - grub_error_pop (); -@@ -524,6 +553,7 @@ static int - get_entry_number (grub_menu_t menu, const char *name) - { - const char *val; -+ const char *tail; - int entry; - - val = grub_env_get (name); -@@ -531,38 +561,9 @@ get_entry_number (grub_menu_t menu, const char *name) - return -1; - - grub_error_push (); -- -- entry = (int) grub_strtoul (val, 0, 0); -- -- if (grub_errno == GRUB_ERR_BAD_NUMBER) -- { -- /* See if the variable matches the title of a menu entry. */ -- grub_menu_entry_t e = menu->entry_list; -- int i; -- -- grub_errno = GRUB_ERR_NONE; -- -- for (i = 0; e; i++) -- { -- if (menuentry_eq (e->title, val) -- || menuentry_eq (e->id, val)) -- { -- entry = i; -- break; -- } -- e = e->next; -- } -- -- if (! e) -- entry = -1; -- } -- -- if (grub_errno != GRUB_ERR_NONE) -- { -- grub_errno = GRUB_ERR_NONE; -- entry = -1; -- } -- -+ entry = get_entry_number_helper(menu, val, &tail); -+ if (tail && *tail != '\0') -+ entry = -1; - grub_error_pop (); - - return entry; diff --git a/SPECS/grub2/fedora/0110-Make-the-menu-entry-users-option-argument-to-be-opti.patch b/SPECS/grub2/fedora/0110-Make-the-menu-entry-users-option-argument-to-be-opti.patch deleted file mode 100644 index 68779ebf39..0000000000 --- a/SPECS/grub2/fedora/0110-Make-the-menu-entry-users-option-argument-to-be-opti.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Mon, 26 Nov 2018 10:06:42 +0100 -Subject: [PATCH] Make the menu entry users option argument to be optional - -The --users option is used to restrict the access to specific menu entries -only to a set of users. But the option requires an argument to either be a -constant or a variable that has been set. So for example the following: - - menuentry "May be run by superusers or users in $users" --users $users { - linux /vmlinuz - } - -Would fail if $users is not defined and grub would discard the menu entry. -Instead, allow the --users option to have an optional argument and ignore -the option if the argument was not set. - -Related: rhbz#1652434 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/commands/menuentry.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c -index b194123eb6..b175a1b43b 100644 ---- a/grub-core/commands/menuentry.c -+++ b/grub-core/commands/menuentry.c -@@ -29,7 +29,7 @@ static const struct grub_arg_option options[] = - { - {"class", 1, GRUB_ARG_OPTION_REPEATABLE, - N_("Menu entry type."), N_("STRING"), ARG_TYPE_STRING}, -- {"users", 2, 0, -+ {"users", 2, GRUB_ARG_OPTION_OPTIONAL, - N_("List of users allowed to boot this entry."), N_("USERNAME[,USERNAME]"), - ARG_TYPE_STRING}, - {"hotkey", 3, 0, -@@ -281,7 +281,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args) - if (! ctxt->state[3].set && ! ctxt->script) - return grub_error (GRUB_ERR_BAD_ARGUMENT, "no menuentry definition"); - -- if (ctxt->state[1].set) -+ if (ctxt->state[1].set && ctxt->state[1].arg) - users = ctxt->state[1].arg; - else if (ctxt->state[5].set) - users = NULL; diff --git a/SPECS/grub2/fedora/0111-Add-efi-export-env-and-efi-load-env-commands.patch b/SPECS/grub2/fedora/0111-Add-efi-export-env-and-efi-load-env-commands.patch deleted file mode 100644 index ac028764e0..0000000000 --- a/SPECS/grub2/fedora/0111-Add-efi-export-env-and-efi-load-env-commands.patch +++ /dev/null @@ -1,346 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 16 Jan 2019 13:21:46 -0500 -Subject: [PATCH] Add efi-export-env and efi-load-env commands - -This adds "efi-export-env VARIABLE" and "efi-load-env", which manipulate the -environment block stored in the EFI variable -GRUB_ENV-91376aff-cba6-42be-949d-06fde81128e8. - -Signed-off-by: Peter Jones ---- - grub-core/Makefile.core.def | 6 ++ - grub-core/commands/efi/env.c | 168 +++++++++++++++++++++++++++++++++++++++++++ - grub-core/kern/efi/efi.c | 3 + - grub-core/kern/efi/init.c | 5 -- - grub-core/lib/envblk.c | 43 +++++++++++ - util/grub-set-bootflag.c | 1 + - include/grub/efi/efi.h | 5 ++ - include/grub/lib/envblk.h | 3 + - 8 files changed, 229 insertions(+), 5 deletions(-) - create mode 100644 grub-core/commands/efi/env.c - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 1e15345107..81fc274148 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -820,6 +820,12 @@ module = { - enable = efi; - }; - -+module = { -+ name = efienv; -+ common = commands/efi/env.c; -+ enable = efi; -+}; -+ - module = { - name = efifwsetup; - efi = commands/efi/efifwsetup.c; -diff --git a/grub-core/commands/efi/env.c b/grub-core/commands/efi/env.c -new file mode 100644 -index 0000000000..cbd13e03e8 ---- /dev/null -+++ b/grub-core/commands/efi/env.c -@@ -0,0 +1,168 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2012 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+GRUB_MOD_LICENSE ("GPLv3+"); -+ -+static const grub_efi_guid_t grub_env_guid = GRUB_EFI_GRUB_VARIABLE_GUID; -+ -+static grub_err_t -+grub_efi_export_env(grub_command_t cmd __attribute__ ((unused)), -+ int argc, char *argv[]) -+{ -+ const char *value; -+ char *old_value; -+ struct grub_envblk envblk_s = { NULL, 0 }; -+ grub_envblk_t envblk = &envblk_s; -+ grub_err_t err; -+ int changed = 1; -+ grub_efi_status_t status; -+ -+ grub_dprintf ("efienv", "argc:%d\n", argc); -+ for (int i = 0; i < argc; i++) -+ grub_dprintf ("efienv", "argv[%d]: %s\n", i, argv[i]); -+ -+ if (argc != 1) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("variable name expected")); -+ -+ grub_efi_get_variable ("GRUB_ENV", &grub_env_guid, &envblk_s.size, -+ (void **) &envblk_s.buf); -+ if (!envblk_s.buf || envblk_s.size < 1) -+ { -+ char *buf = grub_malloc (1025); -+ if (!buf) -+ return grub_errno; -+ -+ grub_memcpy (buf, GRUB_ENVBLK_SIGNATURE, sizeof (GRUB_ENVBLK_SIGNATURE) - 1); -+ grub_memset (buf + sizeof (GRUB_ENVBLK_SIGNATURE) - 1, '#', -+ DEFAULT_ENVBLK_SIZE - sizeof (GRUB_ENVBLK_SIGNATURE) + 1); -+ buf[1024] = '\0'; -+ -+ envblk_s.buf = buf; -+ envblk_s.size = 1024; -+ } -+ else -+ { -+ char *buf = grub_realloc (envblk_s.buf, envblk_s.size + 1); -+ if (!buf) -+ return grub_errno; -+ -+ envblk_s.buf = buf; -+ envblk_s.buf[envblk_s.size] = '\0'; -+ } -+ -+ err = grub_envblk_get(envblk, argv[0], &old_value); -+ if (err != GRUB_ERR_NONE) -+ { -+ grub_dprintf ("efienv", "grub_envblk_get returned %d\n", err); -+ return err; -+ } -+ -+ value = grub_env_get(argv[0]); -+ if ((!value && !old_value) || -+ (value && old_value && !grub_strcmp(old_value, value))) -+ changed = 0; -+ -+ if (old_value) -+ grub_free(old_value); -+ -+ if (changed == 0) -+ { -+ grub_dprintf ("efienv", "No changes necessary\n"); -+ return 0; -+ } -+ -+ if (value) -+ { -+ grub_dprintf ("efienv", "setting \"%s\" to \"%s\"\n", argv[0], value); -+ grub_envblk_set(envblk, argv[0], value); -+ } -+ else -+ { -+ grub_dprintf ("efienv", "deleting \"%s\" from envblk\n", argv[0]); -+ grub_envblk_delete(envblk, argv[0]); -+ } -+ -+ grub_dprintf ("efienv", "envblk is %lu bytes:\n\"%s\"\n", envblk_s.size, envblk_s.buf); -+ -+ grub_dprintf ("efienv", "removing GRUB_ENV\n"); -+ status = grub_efi_set_variable ("GRUB_ENV", &grub_env_guid, NULL, 0); -+ if (status != GRUB_EFI_SUCCESS) -+ grub_dprintf ("efienv", "removal returned %ld\n", status); -+ -+ grub_dprintf ("efienv", "setting GRUB_ENV\n"); -+ status = grub_efi_set_variable ("GRUB_ENV", &grub_env_guid, -+ envblk_s.buf, envblk_s.size); -+ if (status != GRUB_EFI_SUCCESS) -+ grub_dprintf ("efienv", "setting GRUB_ENV returned %ld\n", status); -+ -+ return 0; -+} -+ -+static int -+set_var (const char *name, const char *value, -+ void *whitelist __attribute__((__unused__))) -+{ -+ grub_env_set (name, value); -+ return 0; -+} -+ -+static grub_err_t -+grub_efi_load_env(grub_command_t cmd __attribute__ ((unused)), -+ int argc, char *argv[] __attribute__((__unused__))) -+{ -+ struct grub_envblk envblk_s = { NULL, 0 }; -+ grub_envblk_t envblk = &envblk_s; -+ -+ grub_efi_get_variable ("GRUB_ENV", &grub_env_guid, &envblk_s.size, -+ (void **) &envblk_s.buf); -+ if (!envblk_s.buf || envblk_s.size < 1) -+ return 0; -+ -+ if (argc > 0) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("unexpected argument")); -+ -+ grub_envblk_iterate (envblk, NULL, set_var); -+ grub_free (envblk_s.buf); -+} -+ -+static grub_command_t export_cmd, loadenv_cmd; -+ -+GRUB_MOD_INIT(lsefi) -+{ -+ export_cmd = grub_register_command ("efi-export-env", grub_efi_export_env, -+ N_("VARIABLE_NAME"), N_("Export environment variable to UEFI.")); -+ loadenv_cmd = grub_register_command ("efi-load-env", grub_efi_load_env, -+ NULL, N_("Load the grub environment from UEFI.")); -+} -+ -+GRUB_MOD_FINI(lsefi) -+{ -+ grub_unregister_command (export_cmd); -+ grub_unregister_command (loadenv_cmd); -+} -diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 2a446f5031..14bc10eb56 100644 ---- a/grub-core/kern/efi/efi.c -+++ b/grub-core/kern/efi/efi.c -@@ -225,6 +225,9 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid, - if (status == GRUB_EFI_SUCCESS) - return GRUB_ERR_NONE; - -+ if (status == GRUB_EFI_NOT_FOUND && datasize == 0) -+ return GRUB_ERR_NONE; -+ - return grub_error (GRUB_ERR_IO, "could not set EFI variable `%s'", var); - } - -diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c -index 2d12e6188f..0574d8d621 100644 ---- a/grub-core/kern/efi/init.c -+++ b/grub-core/kern/efi/init.c -@@ -85,11 +85,6 @@ stack_protector_init (void) - - grub_addr_t grub_modbase; - --#define GRUB_EFI_GRUB_VARIABLE_GUID \ -- { 0x91376aff, 0xcba6, 0x42be, \ -- { 0x94, 0x9d, 0x06, 0xfd, 0xe8, 0x11, 0x28, 0xe8 } \ -- } -- - /* Helper for grub_efi_env_init */ - static int - set_var (const char *name, const char *value, -diff --git a/grub-core/lib/envblk.c b/grub-core/lib/envblk.c -index 2e4e78b132..874506da16 100644 ---- a/grub-core/lib/envblk.c -+++ b/grub-core/lib/envblk.c -@@ -223,6 +223,49 @@ grub_envblk_delete (grub_envblk_t envblk, const char *name) - } - } - -+struct get_var_state { -+ const char * const name; -+ char * value; -+ int found; -+}; -+ -+static int -+get_var (const char * const name, const char * const value, void *statep) -+{ -+ struct get_var_state *state = (struct get_var_state *)statep; -+ -+ if (!grub_strcmp(state->name, name)) -+ { -+ state->found = 1; -+ state->value = grub_strdup(value); -+ if (!state->value) -+ grub_errno = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ -+ return 1; -+ } -+ -+ return 0; -+} -+ -+grub_err_t -+grub_envblk_get (grub_envblk_t envblk, const char * const name, char ** const value) -+{ -+ struct get_var_state state = { -+ .name = name, -+ .value = NULL, -+ .found = 0, -+ }; -+ -+ grub_envblk_iterate(envblk, (void *)&state, get_var); -+ -+ *value = state.value; -+ -+ if (state.found && !state.value) -+ return grub_errno; -+ -+ return GRUB_ERR_NONE; -+} -+ - void - grub_envblk_iterate (grub_envblk_t envblk, - void *hook_data, -diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c -index d506f7e75b..a6ccc11383 100644 ---- a/util/grub-set-bootflag.c -+++ b/util/grub-set-bootflag.c -@@ -25,6 +25,7 @@ - - #include /* For *_DIR_NAME defines */ - #include -+#include - #include /* For GRUB_ENVBLK_DEFCFG define */ - #include - #include -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index 2e0691454b..8dfc89a33b 100644 ---- a/include/grub/efi/efi.h -+++ b/include/grub/efi/efi.h -@@ -24,6 +24,11 @@ - #include - #include - -+#define GRUB_EFI_GRUB_VARIABLE_GUID \ -+ { 0x91376aff, 0xcba6, 0x42be, \ -+ { 0x94, 0x9d, 0x06, 0xfd, 0xe8, 0x11, 0x28, 0xe8 } \ -+ } -+ - /* Variables. */ - extern grub_efi_system_table_t *EXPORT_VAR(grub_efi_system_table); - extern grub_efi_handle_t EXPORT_VAR(grub_efi_image_handle); -diff --git a/include/grub/lib/envblk.h b/include/grub/lib/envblk.h -index c3e6559217..ab969af246 100644 ---- a/include/grub/lib/envblk.h -+++ b/include/grub/lib/envblk.h -@@ -22,6 +22,8 @@ - #define GRUB_ENVBLK_SIGNATURE "# GRUB Environment Block\n" - #define GRUB_ENVBLK_DEFCFG "grubenv" - -+#define DEFAULT_ENVBLK_SIZE 1024 -+ - #ifndef ASM_FILE - - struct grub_envblk -@@ -33,6 +35,7 @@ typedef struct grub_envblk *grub_envblk_t; - - grub_envblk_t grub_envblk_open (char *buf, grub_size_t size); - int grub_envblk_set (grub_envblk_t envblk, const char *name, const char *value); -+grub_err_t grub_envblk_get (grub_envblk_t envblk, const char * const name, char ** const value); - void grub_envblk_delete (grub_envblk_t envblk, const char *name); - void grub_envblk_iterate (grub_envblk_t envblk, - void *hook_data, diff --git a/SPECS/grub2/fedora/0112-Make-it-possible-to-subtract-conditions-from-debug.patch b/SPECS/grub2/fedora/0112-Make-it-possible-to-subtract-conditions-from-debug.patch deleted file mode 100644 index 15305f85a9..0000000000 --- a/SPECS/grub2/fedora/0112-Make-it-possible-to-subtract-conditions-from-debug.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 17 Jan 2019 13:10:39 -0500 -Subject: [PATCH] Make it possible to subtract conditions from debug= - -This makes it so you can do set debug to "all,-scripting,-lexer" and get the -obvious outcome. Any negation present will take preference over that -conditional, so "all,-scripting,scripting" is the same thing as -"all,-scripting". - -Signed-off-by: Peter Jones ---- - grub-core/kern/misc.c | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - -diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 9a2fae6398..578bf51a5f 100644 ---- a/grub-core/kern/misc.c -+++ b/grub-core/kern/misc.c -@@ -164,12 +164,24 @@ int - grub_debug_enabled (const char * condition) - { - const char *debug; -+ char *negcond; -+ int negated = 0; - - debug = grub_env_get ("debug"); - if (!debug) - return 0; - -- if (grub_strword (debug, "all") || grub_strword (debug, condition)) -+ negcond = grub_zalloc (grub_strlen (condition) + 2); -+ if (negcond) -+ { -+ grub_strcpy (negcond, "-"); -+ grub_strcpy (negcond+1, condition); -+ negated = grub_strword (debug, negcond); -+ grub_free (negcond); -+ } -+ -+ if (!negated && -+ (grub_strword (debug, "all") || grub_strword (debug, condition))) - return 1; - - return 0; diff --git a/SPECS/grub2/fedora/0113-Export-all-variables-from-the-initial-context-when-c.patch b/SPECS/grub2/fedora/0113-Export-all-variables-from-the-initial-context-when-c.patch deleted file mode 100644 index 214fa4f3fa..0000000000 --- a/SPECS/grub2/fedora/0113-Export-all-variables-from-the-initial-context-when-c.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Tue, 22 Jan 2019 15:40:25 +0100 -Subject: [PATCH] Export all variables from the initial context when creating a - submenu - -When a submenu is created, only the exported variables are copied to the -new menu context. But we want the variables to be global, so export lets -export all variables to the new created submenu. - -Also, don't unset the default variable when a new submenu is created. - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/normal/context.c | 2 +- - grub-core/normal/menu.c | 2 -- - 2 files changed, 1 insertion(+), 3 deletions(-) - -diff --git a/grub-core/normal/context.c b/grub-core/normal/context.c -index ee53d4a68e..87edd254c4 100644 ---- a/grub-core/normal/context.c -+++ b/grub-core/normal/context.c -@@ -99,7 +99,7 @@ grub_env_new_context (int export_all) - grub_err_t - grub_env_context_open (void) - { -- return grub_env_new_context (0); -+ return grub_env_new_context (1); - } - - int grub_extractor_level = 0; -diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index 4a02aadb01..fe2e77a43e 100644 ---- a/grub-core/normal/menu.c -+++ b/grub-core/normal/menu.c -@@ -375,8 +375,6 @@ grub_menu_execute_entry(grub_menu_entry_t entry, int auto_boot) - - if (ptr && ptr[0] && ptr[1]) - grub_env_set ("default", ptr + 1); -- else -- grub_env_unset ("default"); - - grub_script_execute_new_scope (entry->sourcecode, entry->argc, entry->args); - diff --git a/SPECS/grub2/fedora/0117-Don-t-assume-that-boot-commands-will-only-return-on-.patch b/SPECS/grub2/fedora/0117-Don-t-assume-that-boot-commands-will-only-return-on-.patch deleted file mode 100644 index df365176fd..0000000000 --- a/SPECS/grub2/fedora/0117-Don-t-assume-that-boot-commands-will-only-return-on-.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Tue, 9 Apr 2019 13:12:40 +0200 -Subject: [PATCH] Don't assume that boot commands will only return on fail - -While it's true that for most loaders the boot command never returns, it -may be the case that it does. For example the GRUB emulator boot command -calls to systemctl kexec which in turn does an asynchonous call to kexec. - -So in this case GRUB will wrongly assume that the boot command fails and -print a "Failed to boot both default and fallback entries" even when the -kexec call later succeeds. - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/normal/menu.c | 23 +++++++++++++---------- - 1 file changed, 13 insertions(+), 10 deletions(-) - -diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index fe2e77a43e..ec0c92bade 100644 ---- a/grub-core/normal/menu.c -+++ b/grub-core/normal/menu.c -@@ -285,7 +285,7 @@ get_and_remove_first_entry_number (grub_menu_t menu, const char *name) - } - - /* Run a menu entry. */ --static void -+static grub_err_t - grub_menu_execute_entry(grub_menu_entry_t entry, int auto_boot) - { - grub_err_t err = GRUB_ERR_NONE; -@@ -302,7 +302,7 @@ grub_menu_execute_entry(grub_menu_entry_t entry, int auto_boot) - { - grub_print_error (); - grub_errno = GRUB_ERR_NONE; -- return; -+ return grub_errno; - } - - errs_before = grub_err_printed_errors; -@@ -315,7 +315,7 @@ grub_menu_execute_entry(grub_menu_entry_t entry, int auto_boot) - grub_env_context_open (); - menu = grub_zalloc (sizeof (*menu)); - if (! menu) -- return; -+ return grub_errno; - grub_env_set_menu (menu); - if (auto_boot) - grub_env_set ("timeout", "0"); -@@ -385,7 +385,7 @@ grub_menu_execute_entry(grub_menu_entry_t entry, int auto_boot) - - if (grub_errno == GRUB_ERR_NONE && grub_loader_is_loaded ()) - /* Implicit execution of boot, only if something is loaded. */ -- grub_command_execute ("boot", 0, 0); -+ err = grub_command_execute ("boot", 0, 0); - - if (errs_before != grub_err_printed_errors) - grub_wait_after_message (); -@@ -408,6 +408,8 @@ grub_menu_execute_entry(grub_menu_entry_t entry, int auto_boot) - else - grub_env_unset ("default"); - grub_env_unset ("timeout"); -+ -+ return err; - } - - /* Execute ENTRY from the menu MENU, falling back to entries specified -@@ -422,10 +424,13 @@ grub_menu_execute_with_fallback (grub_menu_t menu, - void *callback_data) - { - int fallback_entry; -+ grub_err_t err; - - callback->notify_booting (entry, callback_data); - -- grub_menu_execute_entry (entry, 1); -+ err = grub_menu_execute_entry (entry, 1); -+ if (err == GRUB_ERR_NONE) -+ return; - - /* Deal with fallback entries. */ - while ((fallback_entry = get_and_remove_first_entry_number (menu, "fallback")) -@@ -436,11 +441,9 @@ grub_menu_execute_with_fallback (grub_menu_t menu, - - entry = grub_menu_get_entry (menu, fallback_entry); - callback->notify_fallback (entry, callback_data); -- grub_menu_execute_entry (entry, 1); -- /* If the function call to execute the entry returns at all, then this is -- taken to indicate a boot failure. For menu entries that do something -- other than actually boot an operating system, this could assume -- incorrectly that something failed. */ -+ err = grub_menu_execute_entry (entry, 1); -+ if (err == GRUB_ERR_NONE) -+ return; - } - - if (!autobooted) diff --git a/SPECS/grub2/fedora/0118-grub-set-bootflag-Update-comment-about-running-as-ro.patch b/SPECS/grub2/fedora/0118-grub-set-bootflag-Update-comment-about-running-as-ro.patch deleted file mode 100644 index 9ffb3aec6d..0000000000 --- a/SPECS/grub2/fedora/0118-grub-set-bootflag-Update-comment-about-running-as-ro.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Wed, 13 Nov 2019 12:15:43 +0100 -Subject: [PATCH] grub-set-bootflag: Update comment about running as root - through pkexec - -We have stopped using pkexec for grub-set-bootflag, instead it is now -installed suid root, update the comment accordingly. - -Signed-off-by: Hans de Goede ---- - util/grub-set-bootflag.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c -index a6ccc11383..3eb04beb5e 100644 ---- a/util/grub-set-bootflag.c -+++ b/util/grub-set-bootflag.c -@@ -18,7 +18,7 @@ - */ - - /* -- * NOTE this gets run by users as root (through pkexec), so this does not -+ * NOTE this gets run by users as root (its suid root), so this does not - * use any grub library / util functions to allow for easy auditing. - * The grub headers are only included to get certain defines. - */ diff --git a/SPECS/grub2/fedora/0119-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch b/SPECS/grub2/fedora/0119-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch deleted file mode 100644 index 11722d17ee..0000000000 --- a/SPECS/grub2/fedora/0119-grub-set-bootflag-Write-new-env-to-tmpfile-and-then-.patch +++ /dev/null @@ -1,152 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Wed, 13 Nov 2019 13:02:01 +0100 -Subject: [PATCH] grub-set-bootflag: Write new env to tmpfile and then rename - -Make the grubenv writing code in grub-set-bootflag more robust by -writing the modified grubenv to a tmpfile first and then renaming the -tmpfile over the old grubenv (following symlinks). - -Signed-off-by: Hans de Goede ---- - util/grub-set-bootflag.c | 87 +++++++++++++++++++++++++++++++++++++++++++----- - 1 file changed, 78 insertions(+), 9 deletions(-) - -diff --git a/util/grub-set-bootflag.c b/util/grub-set-bootflag.c -index 3eb04beb5e..3b4c25ca2a 100644 ---- a/util/grub-set-bootflag.c -+++ b/util/grub-set-bootflag.c -@@ -28,7 +28,9 @@ - #include - #include /* For GRUB_ENVBLK_DEFCFG define */ - #include -+#include - #include -+#include - #include - #include - -@@ -56,8 +58,10 @@ int main(int argc, char *argv[]) - { - /* NOTE buf must be at least the longest bootflag length + 4 bytes */ - char env[GRUBENV_SIZE + 1], buf[64], *s; -+ /* +1 for 0 termination, +6 for "XXXXXX" in tmp filename */ -+ char env_filename[PATH_MAX + 1], tmp_filename[PATH_MAX + 6 + 1]; - const char *bootflag; -- int i, len, ret; -+ int i, fd, len, ret; - FILE *f; - - if (argc != 2) -@@ -89,7 +93,32 @@ int main(int argc, char *argv[]) - bootflag = bootflags[i]; - len = strlen (bootflag); - -- f = fopen (GRUBENV, "r"); -+ /* -+ * Really become root. setuid avoids an user killing us, possibly leaking -+ * the tmpfile. setgid avoids the new grubenv's gid being that of the user. -+ */ -+ ret = setuid(0); -+ if (ret) -+ { -+ perror ("Error setuid(0) failed"); -+ return 1; -+ } -+ -+ ret = setgid(0); -+ if (ret) -+ { -+ perror ("Error setgid(0) failed"); -+ return 1; -+ } -+ -+ /* Canonicalize GRUBENV filename, resolving symlinks, etc. */ -+ if (!realpath(GRUBENV, env_filename)) -+ { -+ perror ("Error canonicalizing " GRUBENV " filename"); -+ return 1; -+ } -+ -+ f = fopen (env_filename, "r"); - if (!f) - { - perror ("Error opening " GRUBENV " for reading"); -@@ -144,30 +173,70 @@ int main(int argc, char *argv[]) - snprintf(buf, sizeof(buf), "%s=1\n", bootflag); - memcpy(s, buf, len + 3); - -- /* "r+", don't truncate so that the diskspace stays reserved */ -- f = fopen (GRUBENV, "r+"); -+ -+ /* -+ * Create a tempfile for writing the new env. Use the canonicalized filename -+ * for the template so that the tmpfile is in the same dir / on same fs. -+ */ -+ snprintf(tmp_filename, sizeof(tmp_filename), "%sXXXXXX", env_filename); -+ fd = mkstemp(tmp_filename); -+ if (fd == -1) -+ { -+ perror ("Creating tmpfile failed"); -+ return 1; -+ } -+ -+ f = fdopen (fd, "w"); - if (!f) - { -- perror ("Error opening " GRUBENV " for writing"); -+ perror ("Error fdopen of tmpfile failed"); -+ unlink(tmp_filename); - return 1; - } - - ret = fwrite (env, 1, GRUBENV_SIZE, f); - if (ret != GRUBENV_SIZE) - { -- perror ("Error writing to " GRUBENV); -+ perror ("Error writing tmpfile"); -+ unlink(tmp_filename); - return 1; - } - - ret = fflush (f); - if (ret) - { -- perror ("Error flushing " GRUBENV); -+ perror ("Error flushing tmpfile"); -+ unlink(tmp_filename); - return 1; - } - -- fsync (fileno (f)); -- fclose (f); -+ ret = fsync (fileno (f)); -+ if (ret) -+ { -+ perror ("Error syncing tmpfile"); -+ unlink(tmp_filename); -+ return 1; -+ } -+ -+ ret = fclose (f); -+ if (ret) -+ { -+ perror ("Error closing tmpfile"); -+ unlink(tmp_filename); -+ return 1; -+ } -+ -+ /* -+ * And finally rename the tmpfile with the new env over the old env, the -+ * linux kernel guarantees that this is atomic (from a syscall pov). -+ */ -+ ret = rename(tmp_filename, env_filename); -+ if (ret) -+ { -+ perror ("Error renaming tmpfile to " GRUBENV " failed"); -+ unlink(tmp_filename); -+ return 1; -+ } - - return 0; - } diff --git a/SPECS/grub2/fedora/0121-Add-start-symbol-for-RISC-V.patch b/SPECS/grub2/fedora/0121-Add-start-symbol-for-RISC-V.patch deleted file mode 100644 index 2746fa250f..0000000000 --- a/SPECS/grub2/fedora/0121-Add-start-symbol-for-RISC-V.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: David Abdurachmanov -Date: Sat, 9 Nov 2019 19:51:57 +0000 -Subject: [PATCH] Add start symbol for RISC-V - -All other architectures have start symbol. - -Hopefully this resolves: - - BUILDSTDERR: ././grub-mkimage: error: undefined symbol start. - -Signed-off-by: David Abdurachmanov ---- - grub-core/kern/riscv/efi/startup.S | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/grub-core/kern/riscv/efi/startup.S b/grub-core/kern/riscv/efi/startup.S -index f2a7b2b1ed..781773136e 100644 ---- a/grub-core/kern/riscv/efi/startup.S -+++ b/grub-core/kern/riscv/efi/startup.S -@@ -29,6 +29,7 @@ - - .file "startup.S" - .text -+FUNCTION(start) - FUNCTION(_start) - /* - * EFI_SYSTEM_TABLE and EFI_HANDLE are passed in a1/a0. diff --git a/SPECS/grub2/fedora/0123-efi-http-Export-fw-http-_path-variables-to-make-them.patch b/SPECS/grub2/fedora/0123-efi-http-Export-fw-http-_path-variables-to-make-them.patch deleted file mode 100644 index f745782b31..0000000000 --- a/SPECS/grub2/fedora/0123-efi-http-Export-fw-http-_path-variables-to-make-them.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Thu, 5 Mar 2020 16:21:47 +0100 -Subject: [PATCH] efi/http: Export {fw,http}_path variables to make them global - -The fw_path environment variable is used by http_configure() function to -determine the HTTP path that should be used as prefix when using relative -HTTP paths. And this is stored in the http_path environment variable. - -Later, that variable is looked up by grub_efihttp_open() to generate the -complete path to be used in the HTTP request. - -But these variables are not exported, which means that are not global and -so are only found in the initial context. - -This can cause commands like configfile that create a new context to fail -because the fw_path and http_path variables will not be found. - -Resolves: rhbz#1616395 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/kern/main.c | 1 + - grub-core/net/efi/http.c | 1 + - 2 files changed, 2 insertions(+) - -diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c -index 1c540fc8c2..b573be6650 100644 ---- a/grub-core/kern/main.c -+++ b/grub-core/kern/main.c -@@ -143,6 +143,7 @@ grub_set_prefix_and_root (void) - if (fw_path) - { - grub_env_set ("fw_path", fw_path); -+ grub_env_export ("fw_path"); - grub_dprintf ("fw_path", "fw_path:\"%s\"\n", fw_path); - grub_free (fw_path); - } -diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c -index de351b2cd0..755b7a6d05 100644 ---- a/grub-core/net/efi/http.c -+++ b/grub-core/net/efi/http.c -@@ -39,6 +39,7 @@ http_configure (struct grub_efi_net_device *dev, int prefer_ip6) - http_path++; - grub_env_unset ("http_path"); - grub_env_set ("http_path", http_path); -+ grub_env_export ("http_path"); - } - } - diff --git a/SPECS/grub2/fedora/0124-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch b/SPECS/grub2/fedora/0124-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch deleted file mode 100644 index 03d85c2c59..0000000000 --- a/SPECS/grub2/fedora/0124-efi-http-Enclose-literal-IPv6-addresses-in-square-br.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Thu, 5 Mar 2020 16:21:58 +0100 -Subject: [PATCH] efi/http: Enclose literal IPv6 addresses in square brackets - -According to RFC 2732 (https://www.ietf.org/rfc/rfc2732.txt), literal IPv6 -addresses must be enclosed in square brackets. But GRUB currently does not -do this and is causing HTTP servers to send Bad Request (400) responses. - -For example, the following is the HTTP stream when fetching a config file: - -HEAD /EFI/BOOT/grub.cfg HTTP/1.1 -Host: 2000:dead:beef:a::1 -Accept: */* -User-Agent: UefiHttpBoot/1.0 - -HTTP/1.1 400 Bad Request -Date: Thu, 05 Mar 2020 14:46:02 GMT -Server: Apache/2.4.41 (Fedora) OpenSSL/1.1.1d -Connection: close -Content-Type: text/html; charset=iso-8859-1 - -and after enclosing the IPv6 address the HTTP request is successful: - -HEAD /EFI/BOOT/grub.cfg HTTP/1.1 -Host: [2000:dead:beef:a::1] -Accept: */* -User-Agent: UefiHttpBoot/1.0 - -HTTP/1.1 200 OK -Date: Thu, 05 Mar 2020 14:48:04 GMT -Server: Apache/2.4.41 (Fedora) OpenSSL/1.1.1d -Last-Modified: Thu, 27 Feb 2020 17:45:58 GMT -ETag: "206-59f924b24b1da" -Accept-Ranges: bytes -Content-Length: 518 - -Resolves: rhbz#1732765 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/net/efi/http.c | 37 ++++++++++++++++++++++++++++--------- - 1 file changed, 28 insertions(+), 9 deletions(-) - -diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c -index 755b7a6d05..fc8cb25ae0 100644 ---- a/grub-core/net/efi/http.c -+++ b/grub-core/net/efi/http.c -@@ -158,13 +158,7 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https, - grub_efi_status_t status; - grub_efi_boot_services_t *b = grub_efi_system_table->boot_services; - char *url = NULL; -- -- request_headers[0].field_name = (grub_efi_char8_t *)"Host"; -- request_headers[0].field_value = (grub_efi_char8_t *)server; -- request_headers[1].field_name = (grub_efi_char8_t *)"Accept"; -- request_headers[1].field_value = (grub_efi_char8_t *)"*/*"; -- request_headers[2].field_name = (grub_efi_char8_t *)"User-Agent"; -- request_headers[2].field_value = (grub_efi_char8_t *)"UefiHttpBoot/1.0"; -+ char *hostname = NULL; - - { - grub_efi_ipv6_address_t address; -@@ -174,9 +168,24 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https, - const char *protocol = (use_https == 1) ? "https" : "http"; - - if (grub_efi_string_to_ip6_address (server, &address, &rest) && *rest == 0) -- url = grub_xasprintf ("%s://[%s]%s", protocol, server, name); -+ { -+ hostname = grub_xasprintf ("[%s]", server); -+ if (!hostname) -+ return GRUB_ERR_OUT_OF_MEMORY; -+ -+ server = hostname; -+ -+ url = grub_xasprintf ("%s://%s%s", protocol, server, name); -+ if (!url) -+ { -+ grub_free (hostname); -+ return GRUB_ERR_OUT_OF_MEMORY; -+ } -+ } - else -- url = grub_xasprintf ("%s://%s%s", protocol, server, name); -+ { -+ url = grub_xasprintf ("%s://%s%s", protocol, server, name); -+ } - - if (!url) - { -@@ -199,6 +208,13 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https, - request_data.url = ucs2_url; - } - -+ request_headers[0].field_name = (grub_efi_char8_t *)"Host"; -+ request_headers[0].field_value = (grub_efi_char8_t *)server; -+ request_headers[1].field_name = (grub_efi_char8_t *)"Accept"; -+ request_headers[1].field_value = (grub_efi_char8_t *)"*/*"; -+ request_headers[2].field_name = (grub_efi_char8_t *)"User-Agent"; -+ request_headers[2].field_value = (grub_efi_char8_t *)"UefiHttpBoot/1.0"; -+ - request_data.method = (headeronly > 0) ? GRUB_EFI_HTTPMETHODHEAD : GRUB_EFI_HTTPMETHODGET; - - request_message.data.request = &request_data; -@@ -228,6 +244,9 @@ efihttp_request (grub_efi_http_t *http, char *server, char *name, int use_https, - - status = efi_call_2 (http->request, http, &request_token); - -+ if (hostname) -+ grub_free (hostname); -+ - if (status != GRUB_EFI_SUCCESS) - { - efi_call_1 (b->close_event, request_token.event); diff --git a/SPECS/grub2/fedora/0125-efi-net-Allow-to-specify-a-port-number-in-addresses.patch b/SPECS/grub2/fedora/0125-efi-net-Allow-to-specify-a-port-number-in-addresses.patch deleted file mode 100644 index 8fe26cd298..0000000000 --- a/SPECS/grub2/fedora/0125-efi-net-Allow-to-specify-a-port-number-in-addresses.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Mon, 9 Mar 2020 15:29:45 +0100 -Subject: [PATCH] efi/net: Allow to specify a port number in addresses - -The grub_efi_net_parse_address() function is not covering the case where a -port number is specified in an IPv4 or IPv6 address, so will fail to parse -the network address. - -For most cases the issue is harmless, because the function is only used to -match an address with a network interface and if fails the default is used. - -But still is a bug that has to be fixed and it causes error messages to be -printed like the following: - -error: net/efi/net.c:782:unrecognised network address '192.168.122.1:8080' - -error: net/efi/net.c:781:unrecognised network address '[2000:dead:beef:a::1]:8080' - -Resolves: rhbz#1732765 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/net/efi/net.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c -index 6603cd83ed..84573937b1 100644 ---- a/grub-core/net/efi/net.c -+++ b/grub-core/net/efi/net.c -@@ -742,7 +742,7 @@ grub_efi_net_parse_address (const char *address, - return GRUB_ERR_NONE; - } - } -- else if (*rest == 0) -+ else if (*rest == 0 || *rest == ':') - { - grub_uint32_t subnet_mask = 0xffffffffU; - grub_memcpy (ip4->subnet_mask, &subnet_mask, sizeof (ip4->subnet_mask)); -@@ -768,7 +768,7 @@ grub_efi_net_parse_address (const char *address, - return GRUB_ERR_NONE; - } - } -- else if (*rest == 0) -+ else if (*rest == 0 || *rest == ':') - { - ip6->prefix_length = 128; - ip6->is_anycast = 0; diff --git a/SPECS/grub2/fedora/0126-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch b/SPECS/grub2/fedora/0126-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch deleted file mode 100644 index 2dc700106c..0000000000 --- a/SPECS/grub2/fedora/0126-efi-ip4_config-Improve-check-to-detect-literal-IPv6-.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Mon, 9 Mar 2020 15:30:05 +0100 -Subject: [PATCH] efi/ip4_config: Improve check to detect literal IPv6 - addresses - -The grub_efi_string_to_ip4_address() function wrongly assumes that an IPv6 -address is an IPv4 address, because it doesn't take into account the case -of a caller passing an IPv6 address as a string. - -This leads to the grub_efi_net_parse_address() function to fail and print -the following error message: - -error: net/efi/net.c:785:unrecognised network address '2000:dead:beef:a::1' - -Resolves: rhbz#1732765 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/net/efi/ip4_config.c | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c -index b711a5d945..313c818b18 100644 ---- a/grub-core/net/efi/ip4_config.c -+++ b/grub-core/net/efi/ip4_config.c -@@ -56,9 +56,20 @@ int - grub_efi_string_to_ip4_address (const char *val, grub_efi_ipv4_address_t *address, const char **rest) - { - grub_uint32_t newip = 0; -- int i; -+ int i, ncolon = 0; - const char *ptr = val; - -+ /* Check that is not an IPv6 address */ -+ for (i = 0; i < grub_strlen(ptr); i++) -+ { -+ if (ptr[i] == '[' && i == 0) -+ return 0; -+ -+ if (ptr[i] == ':') -+ if (i == 0 || ++ncolon == 2) -+ return 0; -+ } -+ - for (i = 0; i < 4; i++) - { - unsigned long t; diff --git a/SPECS/grub2/fedora/0127-efi-net-Print-a-debug-message-if-parsing-the-address.patch b/SPECS/grub2/fedora/0127-efi-net-Print-a-debug-message-if-parsing-the-address.patch deleted file mode 100644 index da94e0815b..0000000000 --- a/SPECS/grub2/fedora/0127-efi-net-Print-a-debug-message-if-parsing-the-address.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Tue, 10 Mar 2020 11:23:49 +0100 -Subject: [PATCH] efi/net: Print a debug message if parsing the address fails - -Currently if parsing the address fails an error message is printed. But in -most cases this isn't a fatal error since the grub_efi_net_parse_address() -function is only used to match an address with a network interface to use. - -And if this fails, the default interface is used which is good enough for -most cases. So instead of printing an error that would pollute the console -just print a debug message if the address is not parsed correctly. - -A user can enable debug messages for the efinet driver to have information -about the failure and the fact that the default interface is being used. - -Related: rhbz#1732765 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/net/efi/net.c | 18 +++++++++++------- - 1 file changed, 11 insertions(+), 7 deletions(-) - -diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c -index 84573937b1..a3f0535d43 100644 ---- a/grub-core/net/efi/net.c -+++ b/grub-core/net/efi/net.c -@@ -778,9 +778,9 @@ grub_efi_net_parse_address (const char *address, - } - } - -- return grub_error (GRUB_ERR_NET_BAD_ADDRESS, -- N_("unrecognised network address `%s'"), -- address); -+ grub_dprintf ("efinet", "unrecognised network address '%s'\n", address); -+ -+ return GRUB_ERR_NET_BAD_ADDRESS; - } - - static grub_efi_net_interface_t * -@@ -795,10 +795,7 @@ match_route (const char *server) - err = grub_efi_net_parse_address (server, &ip4, &ip6, &is_ip6, 0); - - if (err) -- { -- grub_print_error (); - return NULL; -- } - - if (is_ip6) - { -@@ -1233,8 +1230,15 @@ grub_net_open_real (const char *name __attribute__ ((unused))) - /*FIXME: Use DNS translate name to address */ - net_interface = match_route (server); - -+ if (!net_interface && net_default_interface) -+ { -+ net_interface = net_default_interface; -+ grub_dprintf ("efinet", "interface lookup failed, using default '%s'\n", -+ net_interface->name); -+ } -+ - /*XXX: should we check device with default gateway ? */ -- if (!net_interface && !(net_interface = net_default_interface)) -+ if (!net_interface) - { - grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("disk `%s' no route found"), - name); diff --git a/SPECS/grub2/fedora/0128-kern-term-Also-accept-F8-as-a-user-interrupt-key.patch b/SPECS/grub2/fedora/0128-kern-term-Also-accept-F8-as-a-user-interrupt-key.patch deleted file mode 100644 index 8793b0dfb4..0000000000 --- a/SPECS/grub2/fedora/0128-kern-term-Also-accept-F8-as-a-user-interrupt-key.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Wed, 22 Apr 2020 12:41:52 +0200 -Subject: [PATCH] kern/term: Also accept F8 as a user interrupt key - -Make F8, which used to be the hotkey to show the Windows boot menu during -boot for a long long time, also interrupt sleeps / stop the menu countdown. - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/kern/term.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/grub-core/kern/term.c b/grub-core/kern/term.c -index 14d5964983..4d61f4e979 100644 ---- a/grub-core/kern/term.c -+++ b/grub-core/kern/term.c -@@ -144,9 +144,10 @@ grub_key_is_interrupt (int key) - /* - * ESC sometimes is the BIOS setup hotkey and may be hard to discover, also - * check F4, which was chosen because is not used as a hotkey to enter the -- * BIOS setup by any vendor. -+ * BIOS setup by any vendor. Also, F8 which was the key to get the Windows -+ * bootmenu for a long time. - */ -- if (key == GRUB_TERM_ESC || key == GRUB_TERM_KEY_F4) -+ if (key == GRUB_TERM_ESC || key == GRUB_TERM_KEY_F4 || key == GRUB_TERM_KEY_F8) - return 1; - - /* diff --git a/SPECS/grub2/fedora/0129-efi-Set-image-base-address-before-jumping-to-the-PE-.patch b/SPECS/grub2/fedora/0129-efi-Set-image-base-address-before-jumping-to-the-PE-.patch deleted file mode 100644 index 6aa5013620..0000000000 --- a/SPECS/grub2/fedora/0129-efi-Set-image-base-address-before-jumping-to-the-PE-.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Thu, 23 Apr 2020 15:06:46 +0200 -Subject: [PATCH] efi: Set image base address before jumping to the PE/COFF - entry point - -Upstream GRUB uses the EFI LoadImage() and StartImage() to boot the Linux -kernel. But our custom EFI loader that supports Secure Boot instead uses -the EFI handover protocol (for x86) or jumping directly to the PE/COFF -entry point (for aarch64). - -This is done to allow the bootloader to verify the images using the shim -lock protocol to avoid booting untrusted binaries. - -Since the bootloader loads the kernel from the boot media instead of using -LoadImage(), it is responsible to set the Loaded Image base address before -booting the kernel. - -Otherwise the kernel EFI stub will complain that it was not set correctly -and print the following warning message: - -EFI stub: ERROR: FIRMWARE BUG: efi_loaded_image_t::image_base has bogus value - -Resolves: rhbz#1814690 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/loader/efi/linux.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c -index 0622dfa48d..e8b9ecb17f 100644 ---- a/grub-core/loader/efi/linux.c -+++ b/grub-core/loader/efi/linux.c -@@ -72,6 +72,7 @@ grub_err_t - grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, - void *kernel_params) - { -+ grub_efi_loaded_image_t *loaded_image = NULL; - handover_func hf; - int offset = 0; - -@@ -79,6 +80,19 @@ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, - offset = 512; - #endif - -+ /* -+ * Since the EFI loader is not calling the LoadImage() and StartImage() -+ * services for loading the kernel and booting respectively, it has to -+ * set the Loaded Image base address. -+ */ -+ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); -+ if (loaded_image) -+ loaded_image->image_base = kernel_addr; -+ else -+ grub_dprintf ("linux", "Loaded Image base address could not be set\n"); -+ -+ grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n", -+ kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params); - hf = (handover_func)((char *)kernel_addr + handover_offset + offset); - hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); - diff --git a/SPECS/grub2/fedora/0130-tpm-Don-t-propagate-TPM-measurement-errors-to-the-ve.patch b/SPECS/grub2/fedora/0130-tpm-Don-t-propagate-TPM-measurement-errors-to-the-ve.patch deleted file mode 100644 index d1c7b17624..0000000000 --- a/SPECS/grub2/fedora/0130-tpm-Don-t-propagate-TPM-measurement-errors-to-the-ve.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Sat, 16 May 2020 11:33:18 +0200 -Subject: [PATCH] tpm: Don't propagate TPM measurement errors to the verifiers - layer - -Currently if the EFI firmware fails to do a TPM measurement for a file, -the error will be propagated to the verifiers framework and so opening -the file will not succeed. - -This mean that buggy firmwares will prevent the system to boot since the -loader won't be able to open any file. But failing to do TPM measurements -shouldn't be a fatal error and the system should still be able to boot. - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/commands/tpm.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/grub-core/commands/tpm.c b/grub-core/commands/tpm.c -index 2052c36eab..e287d042e6 100644 ---- a/grub-core/commands/tpm.c -+++ b/grub-core/commands/tpm.c -@@ -42,7 +42,8 @@ grub_tpm_verify_init (grub_file_t io, - static grub_err_t - grub_tpm_verify_write (void *context, void *buf, grub_size_t size) - { -- return grub_tpm_measure (buf, size, GRUB_BINARY_PCR, context); -+ grub_tpm_measure (buf, size, GRUB_BINARY_PCR, context); -+ return GRUB_ERR_NONE; - } - - static grub_err_t -@@ -50,7 +51,6 @@ grub_tpm_verify_string (char *str, enum grub_verify_string_type type) - { - const char *prefix = NULL; - char *description; -- grub_err_t status; - - switch (type) - { -@@ -66,15 +66,15 @@ grub_tpm_verify_string (char *str, enum grub_verify_string_type type) - } - description = grub_malloc (grub_strlen (str) + grub_strlen (prefix) + 1); - if (!description) -- return grub_errno; -+ return GRUB_ERR_NONE; - grub_memcpy (description, prefix, grub_strlen (prefix)); - grub_memcpy (description + grub_strlen (prefix), str, - grub_strlen (str) + 1); -- status = -- grub_tpm_measure ((unsigned char *) str, grub_strlen (str), -- GRUB_STRING_PCR, description); -+ -+ grub_tpm_measure ((unsigned char *) str, grub_strlen (str), GRUB_STRING_PCR, -+ description); - grub_free (description); -- return status; -+ return GRUB_ERR_NONE; - } - - struct grub_file_verifier grub_tpm_verifier = { diff --git a/SPECS/grub2/fedora/0131-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch b/SPECS/grub2/fedora/0131-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch deleted file mode 100644 index 7c41e87efe..0000000000 --- a/SPECS/grub2/fedora/0131-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Tue, 26 May 2020 16:59:28 +0200 -Subject: [PATCH] x86-efi: Reduce maximum bounce buffer size to 16 MiB - -The EFI linux loader allocates a bounce buffer to copy the initrd since in -some machines doing DMA on addresses above 4GB is not possible during EFI. - -But the verifiers framework also allocates a buffer to copy the initrd in -its grub_file_open() handler. It does this since the data to verify has to -be passed as a single chunk to modules that use the verifiers framework. - -If the initrd image size is big there may not be enough memory in the heap -to allocate two buffers of that size. This causes an allocation failure in -the verifiers framework and leads to the initrd not being read. - -To prevent these allocation failures, let's reduce the maximum size of the -bounce buffer used in the EFI loader. Since the data read can be copied to -the actual initrd address in multilple chunks. - -Resolves: rhbz#1838633 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/loader/i386/efi/linux.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 6bc18d5aef..15d40d6e35 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -144,7 +144,7 @@ grub_linuxefi_unload (void) - return GRUB_ERR_NONE; - } - --#define BOUNCE_BUFFER_MAX 0x10000000ull -+#define BOUNCE_BUFFER_MAX 0x1000000ull - - static grub_ssize_t - read(grub_file_t file, grub_uint8_t *bufp, grub_size_t len) diff --git a/SPECS/grub2/fedora/0132-http-Prepend-prefix-when-the-HTTP-path-is-relative-a.patch b/SPECS/grub2/fedora/0132-http-Prepend-prefix-when-the-HTTP-path-is-relative-a.patch deleted file mode 100644 index 7fef93ebae..0000000000 --- a/SPECS/grub2/fedora/0132-http-Prepend-prefix-when-the-HTTP-path-is-relative-a.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Tue, 2 Jun 2020 13:25:01 +0200 -Subject: [PATCH] http: Prepend prefix when the HTTP path is relative as done - in efi/http - -There are two different HTTP drivers that can be used when requesting an -HTTP resource: the efi/http that uses the EFI_HTTP_PROTOCOL and the http -that uses GRUB's HTTP and TCP/IP implementation. - -The efi/http driver appends a prefix that is defined in the variable -http_path, but the http driver doesn't. - -So using this driver and attempting to fetch a resource using a relative -path fails. - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/net/http.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index b52b558d63..7f878b5615 100644 ---- a/grub-core/net/http.c -+++ b/grub-core/net/http.c -@@ -501,13 +501,20 @@ http_open (struct grub_file *file, const char *filename) - { - grub_err_t err; - struct http_data *data; -+ const char *http_path; - - data = grub_zalloc (sizeof (*data)); - if (!data) - return grub_errno; - file->size = GRUB_FILE_SIZE_UNKNOWN; - -- data->filename = grub_strdup (filename); -+ /* If path is relative, prepend http_path */ -+ http_path = grub_env_get ("http_path"); -+ if (http_path && filename[0] != '/') -+ data->filename = grub_xasprintf ("%s/%s", http_path, filename); -+ else -+ data->filename = grub_strdup (filename); -+ - if (!data->filename) - { - grub_free (data); diff --git a/SPECS/grub2/fedora/0133-Fix-a-missing-return-in-efi-export-env-and-efi-load-.patch b/SPECS/grub2/fedora/0133-Fix-a-missing-return-in-efi-export-env-and-efi-load-.patch deleted file mode 100644 index f3b10c1460..0000000000 --- a/SPECS/grub2/fedora/0133-Fix-a-missing-return-in-efi-export-env-and-efi-load-.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 16 Jan 2019 13:21:46 -0500 -Subject: [PATCH] Fix a missing return in efi-export-env and efi-load-env - commands - -Somewhere along the way this got mis-merged to include a return without -a value. Fix it up. - -Signed-off-by: Peter Jones ---- - grub-core/commands/efi/env.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/grub-core/commands/efi/env.c b/grub-core/commands/efi/env.c -index cbd13e03e8..977edb6b06 100644 ---- a/grub-core/commands/efi/env.c -+++ b/grub-core/commands/efi/env.c -@@ -149,6 +149,8 @@ grub_efi_load_env(grub_command_t cmd __attribute__ ((unused)), - - grub_envblk_iterate (envblk, NULL, set_var); - grub_free (envblk_s.buf); -+ -+ return GRUB_ERR_NONE; - } - - static grub_command_t export_cmd, loadenv_cmd; diff --git a/SPECS/grub2/fedora/0134-efi-dhcp-fix-some-allocation-error-checking.patch b/SPECS/grub2/fedora/0134-efi-dhcp-fix-some-allocation-error-checking.patch deleted file mode 100644 index 90e7a34d91..0000000000 --- a/SPECS/grub2/fedora/0134-efi-dhcp-fix-some-allocation-error-checking.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Sun, 19 Jul 2020 17:11:06 -0400 -Subject: [PATCH] efi+dhcp: fix some allocation error checking. - -Signed-off-by: Peter Jones ---- - grub-core/net/efi/dhcp.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/grub-core/net/efi/dhcp.c b/grub-core/net/efi/dhcp.c -index dbef63d8c0..e5c79b748b 100644 ---- a/grub-core/net/efi/dhcp.c -+++ b/grub-core/net/efi/dhcp.c -@@ -80,7 +80,7 @@ grub_efi_dhcp4_parse_dns (grub_efi_dhcp4_protocol_t *dhcp4, grub_efi_dhcp4_packe - if (status != GRUB_EFI_BUFFER_TOO_SMALL) - return NULL; - -- option_list = grub_malloc (option_count * sizeof(*option_list)); -+ option_list = grub_calloc (option_count, sizeof(*option_list)); - if (!option_list) - return NULL; - -@@ -360,8 +360,11 @@ grub_cmd_efi_bootp6 (struct grub_command *cmd __attribute__ ((unused)), - - if (status == GRUB_EFI_BUFFER_TOO_SMALL && count) - { -- options = grub_malloc (count * sizeof(*options)); -- status = efi_call_4 (dev->dhcp6->parse, dev->dhcp6, mode.ia->reply_packet, &count, options); -+ options = grub_calloc (count, sizeof(*options)); -+ if (options) -+ status = efi_call_4 (dev->dhcp6->parse, dev->dhcp6, mode.ia->reply_packet, &count, options); -+ else -+ status = GRUB_EFI_OUT_OF_RESOURCES; - } - - if (status != GRUB_EFI_SUCCESS) diff --git a/SPECS/grub2/fedora/0135-efi-http-fix-some-allocation-error-checking.patch b/SPECS/grub2/fedora/0135-efi-http-fix-some-allocation-error-checking.patch deleted file mode 100644 index 149ada89fd..0000000000 --- a/SPECS/grub2/fedora/0135-efi-http-fix-some-allocation-error-checking.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Sun, 19 Jul 2020 17:14:15 -0400 -Subject: [PATCH] efi+http: fix some allocation error checking. - -Signed-off-by: Peter Jones ---- - grub-core/net/efi/http.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/grub-core/net/efi/http.c b/grub-core/net/efi/http.c -index fc8cb25ae0..26647a50fa 100644 ---- a/grub-core/net/efi/http.c -+++ b/grub-core/net/efi/http.c -@@ -412,8 +412,8 @@ grub_efihttp_open (struct grub_efi_net_device *dev, - int type) - { - grub_err_t err; -- grub_off_t size; -- char *buf; -+ grub_off_t size = 0; -+ char *buf = NULL; - char *file_name = NULL; - const char *http_path; - -@@ -441,8 +441,11 @@ grub_efihttp_open (struct grub_efi_net_device *dev, - return err; - } - -- buf = grub_malloc (size); -- efihttp_read (dev, buf, size); -+ if (size) -+ { -+ buf = grub_malloc (size); -+ efihttp_read (dev, buf, size); -+ } - - file->size = size; - file->data = buf; diff --git a/SPECS/grub2/fedora/0136-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch b/SPECS/grub2/fedora/0136-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch deleted file mode 100644 index 6413eb6d2e..0000000000 --- a/SPECS/grub2/fedora/0136-efi-ip-46-_config.c-fix-some-potential-allocation-ov.patch +++ /dev/null @@ -1,127 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Sun, 19 Jul 2020 17:27:00 -0400 -Subject: [PATCH] efi/ip[46]_config.c: fix some potential allocation overflows - -In theory all of this data comes from the firmware stack and it should -be safe, but it's better to be paranoid. - -Signed-off-by: Peter Jones ---- - grub-core/net/efi/ip4_config.c | 25 ++++++++++++++++++------- - grub-core/net/efi/ip6_config.c | 13 ++++++++++--- - 2 files changed, 28 insertions(+), 10 deletions(-) - -diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c -index 313c818b18..9725e928f7 100644 ---- a/grub-core/net/efi/ip4_config.c -+++ b/grub-core/net/efi/ip4_config.c -@@ -4,15 +4,20 @@ - #include - #include - #include -+#include - - char * - grub_efi_hw_address_to_string (grub_efi_uint32_t hw_address_size, grub_efi_mac_address_t hw_address) - { - char *hw_addr, *p; -- int sz, s; -- int i; -+ grub_size_t sz, s, i; - -- sz = (int)hw_address_size * (sizeof ("XX:") - 1) + 1; -+ if (grub_mul (hw_address_size, sizeof ("XX:") - 1, &sz) || -+ grub_add (sz, 1, &sz)) -+ { -+ grub_errno = GRUB_ERR_OUT_OF_RANGE; -+ return NULL; -+ } - - hw_addr = grub_malloc (sz); - if (!hw_addr) -@@ -20,7 +25,7 @@ grub_efi_hw_address_to_string (grub_efi_uint32_t hw_address_size, grub_efi_mac_a - - p = hw_addr; - s = sz; -- for (i = 0; i < (int)hw_address_size; i++) -+ for (i = 0; i < hw_address_size; i++) - { - grub_snprintf (p, sz, "%02x:", hw_address[i]); - p += sizeof ("XX:") - 1; -@@ -238,14 +243,20 @@ grub_efi_ip4_interface_route_table (struct grub_efi_net_device *dev) - { - grub_efi_ip4_config2_interface_info_t *interface_info; - char **ret; -- int i, id; -+ int id; -+ grub_size_t i, nmemb; - - interface_info = efi_ip4_config_interface_info (dev->ip4_config); - if (!interface_info) - return NULL; - -- ret = grub_malloc (sizeof (*ret) * (interface_info->route_table_size + 1)); -+ if (grub_add (interface_info->route_table_size, 1, &nmemb)) -+ { -+ grub_errno = GRUB_ERR_OUT_OF_RANGE; -+ return NULL; -+ } - -+ ret = grub_calloc (nmemb, sizeof (*ret)); - if (!ret) - { - grub_free (interface_info); -@@ -253,7 +264,7 @@ grub_efi_ip4_interface_route_table (struct grub_efi_net_device *dev) - } - - id = 0; -- for (i = 0; i < (int)interface_info->route_table_size; i++) -+ for (i = 0; i < interface_info->route_table_size; i++) - { - char *subnet, *gateway, *mask; - grub_uint32_t u32_subnet, u32_gateway; -diff --git a/grub-core/net/efi/ip6_config.c b/grub-core/net/efi/ip6_config.c -index 017c4d05bc..a46f6f9b68 100644 ---- a/grub-core/net/efi/ip6_config.c -+++ b/grub-core/net/efi/ip6_config.c -@@ -3,6 +3,7 @@ - #include - #include - #include -+#include - - char * - grub_efi_ip6_address_to_string (grub_efi_pxe_ipv6_address_t *address) -@@ -228,14 +229,20 @@ grub_efi_ip6_interface_route_table (struct grub_efi_net_device *dev) - { - grub_efi_ip6_config_interface_info_t *interface_info; - char **ret; -- int i, id; -+ int id; -+ grub_size_t i, nmemb; - - interface_info = efi_ip6_config_interface_info (dev->ip6_config); - if (!interface_info) - return NULL; - -- ret = grub_malloc (sizeof (*ret) * (interface_info->route_count + 1)); -+ if (grub_add (interface_info->route_count, 1, &nmemb)) -+ { -+ grub_errno = GRUB_ERR_OUT_OF_RANGE; -+ return NULL; -+ } - -+ ret = grub_calloc (nmemb, sizeof (*ret)); - if (!ret) - { - grub_free (interface_info); -@@ -243,7 +250,7 @@ grub_efi_ip6_interface_route_table (struct grub_efi_net_device *dev) - } - - id = 0; -- for (i = 0; i < (int)interface_info->route_count ; i++) -+ for (i = 0; i < interface_info->route_count ; i++) - { - char *gateway, *destination; - grub_uint64_t u64_gateway[2]; diff --git a/SPECS/grub2/fedora/0137-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch b/SPECS/grub2/fedora/0137-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch deleted file mode 100644 index 8e63d1d9d1..0000000000 --- a/SPECS/grub2/fedora/0137-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Colin Watson -Date: Fri, 24 Jul 2020 17:18:09 +0100 -Subject: [PATCH] efilinux: Fix integer overflows in grub_cmd_initrd - -These could be triggered by an extremely large number of arguments to -the initrd command on 32-bit architectures, or a crafted filesystem with -very large files on any architecture. - -Signed-off-by: Colin Watson ---- - grub-core/loader/i386/efi/linux.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 15d40d6e35..f992ceeef2 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -28,6 +28,8 @@ - #include - #include - #include -+#include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -206,7 +208,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -- files = grub_zalloc (argc * sizeof (files[0])); -+ files = grub_calloc (argc, sizeof (files[0])); - if (!files) - goto fail; - -@@ -216,7 +218,11 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - if (! files[i]) - goto fail; - nfiles++; -- size += ALIGN_UP (grub_file_size (files[i]), 4); -+ if (grub_add (size, ALIGN_UP (grub_file_size (files[i]), 4), &size)) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); -+ goto fail; -+ } - } - - initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); diff --git a/SPECS/grub2/fedora/0138-linuxefi-fail-kernel-validation-without-shim-protoco.patch b/SPECS/grub2/fedora/0138-linuxefi-fail-kernel-validation-without-shim-protoco.patch deleted file mode 100644 index 828fe16af7..0000000000 --- a/SPECS/grub2/fedora/0138-linuxefi-fail-kernel-validation-without-shim-protoco.patch +++ /dev/null @@ -1,130 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Dimitri John Ledkov -Date: Wed, 22 Jul 2020 11:31:43 +0100 -Subject: [PATCH] linuxefi: fail kernel validation without shim protocol. - -If certificates that signed grub are installed into db, grub can be -booted directly. It will then boot any kernel without signature -validation. The booted kernel will think it was booted in secureboot -mode and will implement lockdown, yet it could have been tampered. - -This version of the patch skips calling verification, when booted -without secureboot. And is indented with gnu ident. - -CVE-2020-15705 - -Reported-by: Mathieu Trudel-Lapierre -Signed-off-by: Dimitri John Ledkov ---- - grub-core/loader/arm64/linux.c | 13 +++++++++---- - grub-core/loader/efi/chainloader.c | 1 + - grub-core/loader/efi/linux.c | 1 + - grub-core/loader/i386/efi/linux.c | 17 +++++++++++------ - 4 files changed, 22 insertions(+), 10 deletions(-) - -diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index 70a0075ec5..47f8cf0d84 100644 ---- a/grub-core/loader/arm64/linux.c -+++ b/grub-core/loader/arm64/linux.c -@@ -34,6 +34,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -363,11 +364,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - - grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); - -- rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size); -- if (rc < 0) -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) - { -- grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); -- goto fail; -+ rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size); -+ if (rc <= 0) -+ { -+ grub_error (GRUB_ERR_INVALID_COMMAND, -+ N_("%s has invalid signature"), argv[0]); -+ goto fail; -+ } - } - - pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset); -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index ac8dfd40c6..d41e8ea14a 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -1084,6 +1084,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - - return 0; - } -+ // -1 fall-through to fail - - fail: - if (dev) -diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c -index e8b9ecb17f..9260731c10 100644 ---- a/grub-core/loader/efi/linux.c -+++ b/grub-core/loader/efi/linux.c -@@ -33,6 +33,7 @@ struct grub_efi_shim_lock - }; - typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; - -+// Returns 1 on success, -1 on error, 0 when not available - int - grub_linuxefi_secure_validate (void *data, grub_uint32_t size) - { -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index f992ceeef2..3cf0f9b330 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -30,6 +30,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -101,7 +102,7 @@ kernel_alloc(grub_efi_uintn_t size, const char * const errmsg) - - pages = BYTES_TO_PAGES(size); - grub_dprintf ("linux", "Trying to allocate %lu pages from %p\n", -- pages, (void *)max); -+ (unsigned long)pages, (void *)(unsigned long)max); - - prev_max = max; - addr = grub_efi_allocate_pages_real (max, pages, -@@ -307,12 +308,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -- rc = grub_linuxefi_secure_validate (kernel, filelen); -- if (rc < 0) -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) - { -- grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), -- argv[0]); -- goto fail; -+ rc = grub_linuxefi_secure_validate (kernel, filelen); -+ if (rc <= 0) -+ { -+ grub_error (GRUB_ERR_INVALID_COMMAND, -+ N_("%s has invalid signature"), argv[0]); -+ goto fail; -+ } - } - - lh = (struct linux_i386_kernel_header *)kernel; -@@ -386,6 +390,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - - setup_header_end_offset = *((grub_uint8_t *)kernel + 0x201); - grub_dprintf ("linux", "copying %lu bytes from %p to %p\n", -+ (unsigned long) - MIN((grub_size_t)0x202+setup_header_end_offset, - sizeof (*params)) - 0x1f1, - (grub_uint8_t *)kernel + 0x1f1, diff --git a/SPECS/grub2/fedora/0139-Fix-const-char-pointers-in-grub-core-net-bootp.c.patch b/SPECS/grub2/fedora/0139-Fix-const-char-pointers-in-grub-core-net-bootp.c.patch deleted file mode 100644 index f20f5c79a2..0000000000 --- a/SPECS/grub2/fedora/0139-Fix-const-char-pointers-in-grub-core-net-bootp.c.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 20 Jul 2020 12:24:02 -0400 -Subject: [PATCH] Fix const char ** pointers in grub-core/net/bootp.c - -This will need to get folded back in the right place on the next rebase, -but it's before "Make grub_strtol() "end" pointers have safer const -qualifiers" currently, so for now I'm leaving it here instead of merging -it back with the original patch. - -Signed-off-by: Peter Jones ---- - grub-core/net/bootp.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c -index 8fb8918ae7..7baf3540c8 100644 ---- a/grub-core/net/bootp.c -+++ b/grub-core/net/bootp.c -@@ -329,7 +329,7 @@ grub_net_configure_by_dhcp_ack (const char *name, - struct grub_net_network_level_interface *inter; - int mask = -1; - char server_ip[sizeof ("xxx.xxx.xxx.xxx")]; -- const grub_uint8_t *opt; -+ const char *opt; - grub_uint8_t opt_len, overload = 0; - const char *boot_file = 0, *server_name = 0; - grub_size_t boot_file_len, server_name_len; -@@ -505,7 +505,7 @@ grub_net_configure_by_dhcp_ack (const char *name, - if (opt && opt_len) - { - grub_env_set_net_property (name, "vendor_class_identifier", (const char *) opt, opt_len); -- if (opt && grub_strcmp (opt, "HTTPClient") == 0) -+ if (opt && grub_strcmp ((char *)opt, "HTTPClient") == 0) - { - char *proto, *ip, *pa; - diff --git a/SPECS/grub2/fedora/0140-Fix-const-char-pointers-in-grub-core-net-efi-ip4_con.patch b/SPECS/grub2/fedora/0140-Fix-const-char-pointers-in-grub-core-net-efi-ip4_con.patch deleted file mode 100644 index ea92110bdd..0000000000 --- a/SPECS/grub2/fedora/0140-Fix-const-char-pointers-in-grub-core-net-efi-ip4_con.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 20 Jul 2020 12:24:02 -0400 -Subject: [PATCH] Fix const char ** pointers in grub-core/net/efi/ip4_config.c - -This will need to get folded back in the right place on the next rebase, -but it's before "Make grub_strtol() "end" pointers have safer const -qualifiers" currently, so for now I'm leaving it here instead of merging -it back with the original patch. - -Signed-off-by: Peter Jones ---- - grub-core/net/efi/ip4_config.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/grub-core/net/efi/ip4_config.c b/grub-core/net/efi/ip4_config.c -index 9725e928f7..cb880fc3e8 100644 ---- a/grub-core/net/efi/ip4_config.c -+++ b/grub-core/net/efi/ip4_config.c -@@ -61,7 +61,8 @@ int - grub_efi_string_to_ip4_address (const char *val, grub_efi_ipv4_address_t *address, const char **rest) - { - grub_uint32_t newip = 0; -- int i, ncolon = 0; -+ grub_size_t i; -+ int ncolon = 0; - const char *ptr = val; - - /* Check that is not an IPv6 address */ -@@ -78,7 +79,7 @@ grub_efi_string_to_ip4_address (const char *val, grub_efi_ipv4_address_t *addres - for (i = 0; i < 4; i++) - { - unsigned long t; -- t = grub_strtoul (ptr, (char **) &ptr, 0); -+ t = grub_strtoul (ptr, &ptr, 0); - if (grub_errno) - { - grub_errno = GRUB_ERR_NONE; diff --git a/SPECS/grub2/fedora/0141-Fix-const-char-pointers-in-grub-core-net-efi-ip6_con.patch b/SPECS/grub2/fedora/0141-Fix-const-char-pointers-in-grub-core-net-efi-ip6_con.patch deleted file mode 100644 index 915e6d7281..0000000000 --- a/SPECS/grub2/fedora/0141-Fix-const-char-pointers-in-grub-core-net-efi-ip6_con.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 20 Jul 2020 12:24:02 -0400 -Subject: [PATCH] Fix const char ** pointers in grub-core/net/efi/ip6_config.c - -This will need to get folded back in the right place on the next rebase, -but it's before "Make grub_strtol() "end" pointers have safer const -qualifiers" currently, so for now I'm leaving it here instead of merging -it back with the original patch. - -Signed-off-by: Peter Jones ---- - grub-core/net/efi/ip6_config.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/net/efi/ip6_config.c b/grub-core/net/efi/ip6_config.c -index a46f6f9b68..1c5415d718 100644 ---- a/grub-core/net/efi/ip6_config.c -+++ b/grub-core/net/efi/ip6_config.c -@@ -85,7 +85,7 @@ grub_efi_string_to_ip6_address (const char *val, grub_efi_ipv6_address_t *addres - ptr++; - continue; - } -- t = grub_strtoul (ptr, (char **) &ptr, 16); -+ t = grub_strtoul (ptr, &ptr, 16); - if (grub_errno) - { - grub_errno = GRUB_ERR_NONE; diff --git a/SPECS/grub2/fedora/0142-Fix-const-char-pointers-in-grub-core-net-efi-net.c.patch b/SPECS/grub2/fedora/0142-Fix-const-char-pointers-in-grub-core-net-efi-net.c.patch deleted file mode 100644 index fbba65a787..0000000000 --- a/SPECS/grub2/fedora/0142-Fix-const-char-pointers-in-grub-core-net-efi-net.c.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 20 Jul 2020 12:24:02 -0400 -Subject: [PATCH] Fix const char ** pointers in grub-core/net/efi/net.c - -This will need to get folded back in the right place on the next rebase, -but it's before "Make grub_strtol() "end" pointers have safer const -qualifiers" currently, so for now I'm leaving it here instead of merging -it back with the original patch. - -Signed-off-by: Peter Jones ---- - grub-core/net/efi/net.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/net/efi/net.c b/grub-core/net/efi/net.c -index a3f0535d43..78e5442fc5 100644 ---- a/grub-core/net/efi/net.c -+++ b/grub-core/net/efi/net.c -@@ -729,7 +729,7 @@ grub_efi_net_parse_address (const char *address, - { - grub_uint32_t subnet_mask_size; - -- subnet_mask_size = grub_strtoul (rest + 1, (char **) &rest, 0); -+ subnet_mask_size = grub_strtoul (rest + 1, &rest, 0); - - if (!grub_errno && subnet_mask_size <= 32 && *rest == 0) - { -@@ -758,7 +758,7 @@ grub_efi_net_parse_address (const char *address, - { - grub_efi_uint8_t prefix_length; - -- prefix_length = grub_strtoul (rest + 1, (char **) &rest, 0); -+ prefix_length = grub_strtoul (rest + 1, &rest, 0); - if (!grub_errno && prefix_length <= 128 && *rest == 0) - { - ip6->prefix_length = prefix_length; diff --git a/SPECS/grub2/fedora/0143-Fix-const-char-pointers-in-grub-core-net-efi-pxe.c.patch b/SPECS/grub2/fedora/0143-Fix-const-char-pointers-in-grub-core-net-efi-pxe.c.patch deleted file mode 100644 index 9b9acfea2d..0000000000 --- a/SPECS/grub2/fedora/0143-Fix-const-char-pointers-in-grub-core-net-efi-pxe.c.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 20 Jul 2020 12:24:02 -0400 -Subject: [PATCH] Fix const char ** pointers in grub-core/net/efi/pxe.c - -This will need to get folded back in the right place on the next rebase, -but it's before "Make grub_strtol() "end" pointers have safer const -qualifiers" currently, so for now I'm leaving it here instead of merging -it back with the original patch. - -Signed-off-by: Peter Jones ---- - grub-core/net/efi/pxe.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/grub-core/net/efi/pxe.c b/grub-core/net/efi/pxe.c -index 531949cba5..73e2bb01c1 100644 ---- a/grub-core/net/efi/pxe.c -+++ b/grub-core/net/efi/pxe.c -@@ -187,7 +187,7 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) - ptr++; - continue; - } -- t = grub_strtoul (ptr, (char **) &ptr, 16); -+ t = grub_strtoul (ptr, &ptr, 16); - if (grub_errno) - { - grub_errno = GRUB_ERR_NONE; -@@ -225,7 +225,7 @@ pxe_open (struct grub_efi_net_device *dev, - int type __attribute__((unused))) - { - int i; -- char *p; -+ const char *p; - grub_efi_status_t status; - grub_efi_pxe_ip_address_t server_ip; - grub_efi_uint64_t file_size = 0; -@@ -313,7 +313,7 @@ pxe_read (struct grub_efi_net_device *dev, - grub_size_t len) - { - int i; -- char *p; -+ const char *p; - grub_efi_status_t status; - grub_efi_pxe_t *pxe = (prefer_ip6) ? dev->ip6_pxe : dev->ip4_pxe; - grub_efi_uint64_t bufsz = len; diff --git a/SPECS/grub2/fedora/0146-at_keyboard-use-set-1-when-keyboard-is-in-Translate-.patch b/SPECS/grub2/fedora/0146-at_keyboard-use-set-1-when-keyboard-is-in-Translate-.patch deleted file mode 100644 index f891a6952e..0000000000 --- a/SPECS/grub2/fedora/0146-at_keyboard-use-set-1-when-keyboard-is-in-Translate-.patch +++ /dev/null @@ -1,121 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Renaud=20M=C3=A9trich?= -Date: Thu, 3 Dec 2020 09:13:24 +0100 -Subject: [PATCH] at_keyboard: use set 1 when keyboard is in Translate mode -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When keyboard controller acts in Translate mode (0x40 mask), then use -set 1 since translation is done. -Otherwise use the mode queried from the controller (usually set 2). - -Added "atkeyb" debugging messages in at_keyboard module as well. - -Resolves: rhbz#1897587 - -Tested on: -- Asus N53SN (set 1 used) -- Dell Precision (set 1 used) -- HP Elitebook (set 2 used) -- HP G5430 (set 1 used, keyboard in XT mode!) -- Lenovo P71 & Lenovo T460s (set 2 used) -- QEMU/KVM (set 1 used) - -Signed-off-by: Renaud Métrich ---- - grub-core/term/at_keyboard.c | 29 ++++++++++++++++++++++++----- - include/grub/at_keyboard.h | 4 ++++ - 2 files changed, 28 insertions(+), 5 deletions(-) - -diff --git a/grub-core/term/at_keyboard.c b/grub-core/term/at_keyboard.c -index 597111077b..2601438260 100644 ---- a/grub-core/term/at_keyboard.c -+++ b/grub-core/term/at_keyboard.c -@@ -135,20 +135,28 @@ query_mode (void) - int e; - - e = write_mode (0); -- if (!e) -+ if (!e) { -+ grub_dprintf("atkeyb", "query_mode: write_mode(0) failed\n"); - return 0; -+ } - - do { - keyboard_controller_wait_until_ready (); - ret = grub_inb (KEYBOARD_REG_DATA); - } while (ret == GRUB_AT_ACK); - /* QEMU translates the set even in no-translate mode. */ -- if (ret == 0x43 || ret == 1) -+ if (ret == 0x43 || ret == 1) { -+ grub_dprintf("atkeyb", "query_mode: returning 1 (ret=0x%x)\n", ret); - return 1; -- if (ret == 0x41 || ret == 2) -+ } -+ if (ret == 0x41 || ret == 2) { -+ grub_dprintf("atkeyb", "query_mode: returning 2 (ret=0x%x)\n", ret); - return 2; -- if (ret == 0x3f || ret == 3) -+ } -+ if (ret == 0x3f || ret == 3) { -+ grub_dprintf("atkeyb", "query_mode: returning 3 (ret=0x%x)\n", ret); - return 3; -+ } - return 0; - } - -@@ -165,7 +173,13 @@ set_scancodes (void) - } - - #if !USE_SCANCODE_SET -- ps2_state.current_set = 1; -+ if ((grub_keyboard_controller_orig & KEYBOARD_AT_TRANSLATE) == KEYBOARD_AT_TRANSLATE) { -+ grub_dprintf ("atkeyb", "queried set is %d but keyboard in Translate mode, so actually in set 1\n", grub_keyboard_orig_set); -+ ps2_state.current_set = 1; -+ } else { -+ grub_dprintf ("atkeyb", "using queried set %d\n", grub_keyboard_orig_set); -+ ps2_state.current_set = grub_keyboard_orig_set; -+ } - return; - #else - -@@ -266,6 +280,7 @@ grub_keyboard_controller_init (void) - grub_keyboard_orig_set = 2; - #else - grub_keyboard_controller_orig = grub_keyboard_controller_read (); -+ grub_dprintf ("atkeyb", "grub_keyboard_controller_orig = 0x%x\n", grub_keyboard_controller_orig); - grub_keyboard_orig_set = query_mode (); - #endif - set_scancodes (); -@@ -275,11 +290,15 @@ grub_keyboard_controller_init (void) - static grub_err_t - grub_keyboard_controller_fini (struct grub_term_input *term __attribute__ ((unused))) - { -+/* In !USE_SCANCODE_SET mode, we didn't change anything, so nothing to restore */ -+#if USE_SCANCODE_SET - if (ps2_state.current_set == 0) - return GRUB_ERR_NONE; -+ grub_dprintf ("atkeyb", "restoring set %d, controller 0x%x\n", grub_keyboard_orig_set, grub_keyboard_controller_orig); - if (grub_keyboard_orig_set) - write_mode (grub_keyboard_orig_set); - grub_keyboard_controller_write (grub_keyboard_controller_orig); -+#endif - return GRUB_ERR_NONE; - } - -diff --git a/include/grub/at_keyboard.h b/include/grub/at_keyboard.h -index bcb4d9ba78..9414dc1b99 100644 ---- a/include/grub/at_keyboard.h -+++ b/include/grub/at_keyboard.h -@@ -19,6 +19,10 @@ - #ifndef GRUB_AT_KEYBOARD_HEADER - #define GRUB_AT_KEYBOARD_HEADER 1 - -+/* -+ * Refer to https://wiki.osdev.org/%228042%22_PS/2_Controller for details. -+ */ -+ - /* Used for sending commands to the controller. */ - #define KEYBOARD_COMMAND_ISREADY(x) !((x) & 0x02) - #define KEYBOARD_COMMAND_READ 0x20 diff --git a/SPECS/grub2/fedora/0147-grub-install-disable-support-for-EFI-platforms.patch b/SPECS/grub2/fedora/0147-grub-install-disable-support-for-EFI-platforms.patch deleted file mode 100644 index f6a7530469..0000000000 --- a/SPECS/grub2/fedora/0147-grub-install-disable-support-for-EFI-platforms.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Jan Hlavac -Date: Fri, 20 Nov 2020 23:51:47 +0100 -Subject: [PATCH] grub-install: disable support for EFI platforms - -For each platform, GRUB is shipped as a kernel image and a set of -modules. These files are then used by the grub-install utility to -install GRUB on a specific device. However, in order to support UEFI -Secure Boot, the resulting EFI binary must be signed by a recognized -private key. For this reason, for EFI platforms, most distributions also -ship prebuilt EFI binaries signed by a distribution-specific private -key. In this case, however, the grub-install utility should not be used -because it would overwrite the signed EFI binary. - -The current fix is suboptimal because it preserves all EFI-related code. -A better solution could be to modularize the code and provide a -build-time option. - -Resolves: rhbz#1737444 - -Signed-off-by: Jan Hlavac -[rharwood: drop man page] ---- - util/grub-install.c | 37 ++++++++++++++++--------------------- - docs/grub.texi | 7 +++++++ - 2 files changed, 23 insertions(+), 21 deletions(-) - -diff --git a/util/grub-install.c b/util/grub-install.c -index a2bec7446c..5babc7af55 100644 ---- a/util/grub-install.c -+++ b/util/grub-install.c -@@ -899,6 +899,22 @@ main (int argc, char *argv[]) - - platform = grub_install_get_target (grub_install_source_directory); - -+ switch (platform) -+ { -+ case GRUB_INSTALL_PLATFORM_ARM_EFI: -+ case GRUB_INSTALL_PLATFORM_ARM64_EFI: -+ case GRUB_INSTALL_PLATFORM_I386_EFI: -+ case GRUB_INSTALL_PLATFORM_IA64_EFI: -+ case GRUB_INSTALL_PLATFORM_X86_64_EFI: -+ is_efi = 1; -+ grub_util_error (_("this utility cannot be used for EFI platforms" -+ " because it does not support UEFI Secure Boot")); -+ break; -+ default: -+ is_efi = 0; -+ break; -+ } -+ - { - char *platname = grub_install_get_platform_name (platform); - fprintf (stderr, _("Installing for %s platform.\n"), platname); -@@ -1011,28 +1027,7 @@ main (int argc, char *argv[]) - grub_hostfs_init (); - grub_host_init (); - -- switch (platform) -- { -- case GRUB_INSTALL_PLATFORM_I386_EFI: -- case GRUB_INSTALL_PLATFORM_X86_64_EFI: -- case GRUB_INSTALL_PLATFORM_ARM_EFI: -- case GRUB_INSTALL_PLATFORM_ARM64_EFI: -- case GRUB_INSTALL_PLATFORM_RISCV32_EFI: -- case GRUB_INSTALL_PLATFORM_RISCV64_EFI: -- case GRUB_INSTALL_PLATFORM_IA64_EFI: -- is_efi = 1; -- break; -- default: -- is_efi = 0; -- break; -- -- /* pacify warning. */ -- case GRUB_INSTALL_PLATFORM_MAX: -- break; -- } -- - /* Find the EFI System Partition. */ -- - if (is_efi) - { - grub_fs_t fs; -diff --git a/docs/grub.texi b/docs/grub.texi -index 04ed6ac1f0..4870faaa00 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -6509,6 +6509,13 @@ grub2-install @var{install_device} - The device name @var{install_device} is an OS device name or a GRUB - device name. - -+In order to support UEFI Secure Boot, the resulting GRUB EFI binary must -+be signed by a recognized private key. For this reason, for EFI -+platforms, most distributions also ship prebuilt GRUB EFI binaries -+signed by a distribution-specific private key. In this case, however, -+@command{grub2-install} should not be used because it would overwrite -+the signed EFI binary. -+ - @command{grub2-install} accepts the following options: - - @table @option diff --git a/SPECS/grub2/fedora/0148-New-with-debug-timestamps-configure-flag-to-prepend-.patch b/SPECS/grub2/fedora/0148-New-with-debug-timestamps-configure-flag-to-prepend-.patch deleted file mode 100644 index ec5b30b08f..0000000000 --- a/SPECS/grub2/fedora/0148-New-with-debug-timestamps-configure-flag-to-prepend-.patch +++ /dev/null @@ -1,112 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Renaud=20M=C3=A9trich?= -Date: Sat, 23 Nov 2019 14:57:41 +0100 -Subject: [PATCH] New --with-debug-timestamps configure flag to prepend debug - traces with absolute and relative timestamp -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Renaud Métrich ---- - configure.ac | 18 ++++++++++++++++++ - grub-core/kern/misc.c | 20 ++++++++++++++++++++ - config.h.in | 1 + - 3 files changed, 39 insertions(+) - -diff --git a/configure.ac b/configure.ac -index a02d40a05b..ab0d326f00 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1585,6 +1585,17 @@ else - fi - AC_SUBST([BOOT_TIME_STATS]) - -+AC_ARG_WITH([debug-timestamps], -+ AS_HELP_STRING([--with-debug-timestamps], -+ [prepend debug traces with absolute and relative timestamps])) -+ -+if test x$with_debug_timestamps = xyes; then -+ DEBUG_WITH_TIMESTAMPS=1 -+else -+ DEBUG_WITH_TIMESTAMPS=0 -+fi -+AC_SUBST([DEBUG_WITH_TIMESTAMPS]) -+ - AC_ARG_ENABLE([grub-emu-sdl], - [AS_HELP_STRING([--enable-grub-emu-sdl], - [build and install the `grub-emu' debugging utility with SDL support (default=guessed)])]) -@@ -2136,6 +2147,7 @@ AM_CONDITIONAL([COND_APPLE_LINKER], [test x$TARGET_APPLE_LINKER = x1]) - AM_CONDITIONAL([COND_ENABLE_EFIEMU], [test x$enable_efiemu = xyes]) - AM_CONDITIONAL([COND_ENABLE_CACHE_STATS], [test x$DISK_CACHE_STATS = x1]) - AM_CONDITIONAL([COND_ENABLE_BOOT_TIME_STATS], [test x$BOOT_TIME_STATS = x1]) -+AM_CONDITIONAL([COND_DEBUG_WITH_TIMESTAMPS], [test x$DEBUG_WITH_TIMESTAMPS = x1]) - - AM_CONDITIONAL([COND_HAVE_CXX], [test x$HAVE_CXX = xyes]) - -@@ -2231,6 +2243,12 @@ else - echo With boot time statistics: No - fi - -+if [ x"$with_debug_timestamps" = xyes ]; then -+echo Debug traces with timestamps: Yes -+else -+echo Debug traces with timestamps: No -+fi -+ - if [ x"$efiemu_excuse" = x ]; then - echo efiemu runtime: Yes - else -diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 578bf51a5f..9f54b6b7d2 100644 ---- a/grub-core/kern/misc.c -+++ b/grub-core/kern/misc.c -@@ -25,6 +25,9 @@ - #include - #include - #include -+#if DEBUG_WITH_TIMESTAMPS -+#include -+#endif - - union printf_arg - { -@@ -192,9 +195,26 @@ grub_real_dprintf (const char *file, const int line, const char *condition, - const char *fmt, ...) - { - va_list args; -+#if DEBUG_WITH_TIMESTAMPS -+ static long unsigned int last_time = 0; -+ static int last_had_cr = 1; -+#endif - - if (grub_debug_enabled (condition)) - { -+#if DEBUG_WITH_TIMESTAMPS -+ /* Don't print timestamp if last printed message isn't terminated yet */ -+ if (last_had_cr) { -+ long unsigned int tmabs = (long unsigned int) grub_get_time_ms(); -+ long unsigned int tmrel = tmabs - last_time; -+ last_time = tmabs; -+ grub_printf ("%3lu.%03lus +%2lu.%03lus ", tmabs / 1000, tmabs % 1000, tmrel / 1000, tmrel % 1000); -+ } -+ if (fmt[grub_strlen(fmt)-1] == '\n') -+ last_had_cr = 1; -+ else -+ last_had_cr = 0; -+#endif - grub_printf ("%s:%d: ", file, line); - va_start (args, fmt); - grub_vprintf (fmt, args); -diff --git a/config.h.in b/config.h.in -index c7e316f0f1..c80e3e0aba 100644 ---- a/config.h.in -+++ b/config.h.in -@@ -12,6 +12,7 @@ - /* Define to 1 to enable disk cache statistics. */ - #define DISK_CACHE_STATS @DISK_CACHE_STATS@ - #define BOOT_TIME_STATS @BOOT_TIME_STATS@ -+#define DEBUG_WITH_TIMESTAMPS @DEBUG_WITH_TIMESTAMPS@ - - /* We don't need those. */ - #define MINILZO_CFG_SKIP_LZO_PTR 1 diff --git a/SPECS/grub2/fedora/0149-Added-debug-statements-to-grub_disk_open-and-grub_di.patch b/SPECS/grub2/fedora/0149-Added-debug-statements-to-grub_disk_open-and-grub_di.patch deleted file mode 100644 index d26027c7e0..0000000000 --- a/SPECS/grub2/fedora/0149-Added-debug-statements-to-grub_disk_open-and-grub_di.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Renaud=20M=C3=A9trich?= -Date: Sat, 23 Nov 2019 15:22:16 +0100 -Subject: [PATCH] Added debug statements to grub_disk_open() and - grub_disk_close() on success -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Renaud Métrich ---- - grub-core/kern/disk.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/grub-core/kern/disk.c b/grub-core/kern/disk.c -index e1b0e073e0..05a28ab142 100644 ---- a/grub-core/kern/disk.c -+++ b/grub-core/kern/disk.c -@@ -285,6 +285,8 @@ grub_disk_open (const char *name) - return 0; - } - -+ grub_dprintf ("disk", "Opening `%s' succeeded.\n", name); -+ - return disk; - } - -@@ -292,7 +294,7 @@ void - grub_disk_close (grub_disk_t disk) - { - grub_partition_t part; -- grub_dprintf ("disk", "Closing `%s'.\n", disk->name); -+ grub_dprintf ("disk", "Closing `%s'...\n", disk->name); - - if (disk->dev && disk->dev->disk_close) - (disk->dev->disk_close) (disk); -@@ -306,8 +308,10 @@ grub_disk_close (grub_disk_t disk) - grub_free (disk->partition); - disk->partition = part; - } -+ grub_dprintf ("disk", "Closing `%s' succeeded.\n", disk->name); - grub_free ((void *) disk->name); - grub_free (disk); -+ - } - - /* Small read (less than cache size and not pass across cache unit boundaries). diff --git a/SPECS/grub2/fedora/0150-Introduce-function-grub_debug_is_enabled-void-return.patch b/SPECS/grub2/fedora/0150-Introduce-function-grub_debug_is_enabled-void-return.patch deleted file mode 100644 index 9ce5d9df67..0000000000 --- a/SPECS/grub2/fedora/0150-Introduce-function-grub_debug_is_enabled-void-return.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Renaud=20M=C3=A9trich?= -Date: Mon, 25 Nov 2019 09:29:53 +0100 -Subject: [PATCH] Introduce function grub_debug_is_enabled(void) returning 1 if - 'debug' is in the environment and not empty -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Renaud Métrich ---- - grub-core/kern/misc.c | 13 +++++++++++++ - include/grub/misc.h | 1 + - 2 files changed, 14 insertions(+) - -diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 9f54b6b7d2..a186ad3dd4 100644 ---- a/grub-core/kern/misc.c -+++ b/grub-core/kern/misc.c -@@ -163,6 +163,19 @@ int grub_err_printf (const char *fmt, ...) - __attribute__ ((alias("grub_printf"))); - #endif - -+/* Return 1 if 'debug' is set and not empty */ -+int -+grub_debug_is_enabled (void) -+{ -+ const char *debug; -+ -+ debug = grub_env_get ("debug"); -+ if (!debug || debug[0] == '\0') -+ return 0; -+ -+ return 1; -+} -+ - int - grub_debug_enabled (const char * condition) - { -diff --git a/include/grub/misc.h b/include/grub/misc.h -index 3adc4036e3..6c4aa85ac5 100644 ---- a/include/grub/misc.h -+++ b/include/grub/misc.h -@@ -340,6 +340,7 @@ grub_puts (const char *s) - } - - int EXPORT_FUNC(grub_puts_) (const char *s); -+int EXPORT_FUNC(grub_debug_is_enabled) (void); - int EXPORT_FUNC(grub_debug_enabled) (const char *condition); - void EXPORT_FUNC(grub_real_dprintf) (const char *file, - const int line, diff --git a/SPECS/grub2/fedora/0151-Don-t-clear-screen-when-debugging-is-enabled.patch b/SPECS/grub2/fedora/0151-Don-t-clear-screen-when-debugging-is-enabled.patch deleted file mode 100644 index a577ffd036..0000000000 --- a/SPECS/grub2/fedora/0151-Don-t-clear-screen-when-debugging-is-enabled.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Renaud=20M=C3=A9trich?= -Date: Sat, 23 Nov 2019 16:23:54 +0100 -Subject: [PATCH] Don't clear screen when debugging is enabled -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Renaud Métrich -[rharwood@redhat.com: rebase fuzz] -Signed-off-by: Robbie Harwood -[AM: fix conflict] -Signed-off-by: Alexey Makhalov ---- - grub-core/normal/main.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index af9792c963..7de9e4c36d 100644 ---- a/grub-core/normal/main.c -+++ b/grub-core/normal/main.c -@@ -215,8 +215,9 @@ grub_normal_init_page (struct grub_term_output *term, - char *msg_formatted; - grub_uint32_t *unicode_msg; - grub_uint32_t *last_position; -- -- grub_term_cls (term); -+ -+ if (! grub_debug_is_enabled ()) -+ grub_term_cls (term); - - msg_formatted = grub_xasprintf (_("GNU GRUB version %s"), PACKAGE_VERSION); - if (!msg_formatted) diff --git a/SPECS/grub2/fedora/0152-kern-file-Fix-error-handling-in-grub_file_open.patch b/SPECS/grub2/fedora/0152-kern-file-Fix-error-handling-in-grub_file_open.patch deleted file mode 100644 index e444325098..0000000000 --- a/SPECS/grub2/fedora/0152-kern-file-Fix-error-handling-in-grub_file_open.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Steve McIntyre -Date: Tue, 6 Dec 2022 01:45:11 +0000 -Subject: [PATCH] kern/file: Fix error handling in grub_file_open() - -grub_file_open() calls grub_file_get_device_name(), but doesn't check -the return. Instead, it checks if grub_errno is set. - -However, nothing initialises grub_errno here when grub_file_open() -starts. This means that trying to open one file that doesn't exist and -then trying to open another file that does will (incorrectly) also -fail to open that second file. - -Let's fix that. - -Signed-off-by: Steve McIntyre ---- - grub-core/kern/file.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c -index 58454458c4..5b58f45cfd 100644 ---- a/grub-core/kern/file.c -+++ b/grub-core/kern/file.c -@@ -66,6 +66,9 @@ grub_file_open (const char *name, enum grub_file_type type) - const char *file_name; - grub_file_filter_id_t filter; - -+ /* Reset grub_errno before we start */ -+ grub_errno = GRUB_ERR_NONE; -+ - device_name = grub_file_get_device_name (name); - if (grub_errno) - goto fail; diff --git a/SPECS/grub2/fedora/0153-grub_file_-instrumentation-new-file-debug-tag.patch b/SPECS/grub2/fedora/0153-grub_file_-instrumentation-new-file-debug-tag.patch deleted file mode 100644 index 632789925a..0000000000 --- a/SPECS/grub2/fedora/0153-grub_file_-instrumentation-new-file-debug-tag.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Renaud=20M=C3=A9trich?= -Date: Fri, 29 Nov 2019 11:02:00 +0100 -Subject: [PATCH] grub_file_* instrumentation (new 'file' debug tag) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Renaud Métrich ---- - grub-core/kern/file.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c -index 5b58f45cfd..ec10e54fc0 100644 ---- a/grub-core/kern/file.c -+++ b/grub-core/kern/file.c -@@ -66,6 +66,8 @@ grub_file_open (const char *name, enum grub_file_type type) - const char *file_name; - grub_file_filter_id_t filter; - -+ grub_dprintf ("file", "Opening `%s' ...\n", name); -+ - /* Reset grub_errno before we start */ - grub_errno = GRUB_ERR_NONE; - -@@ -131,6 +133,8 @@ grub_file_open (const char *name, enum grub_file_type type) - if (!file) - grub_file_close (last_file); - -+ grub_dprintf ("file", "Opening `%s' succeeded.\n", name); -+ - return file; - - fail: -@@ -141,6 +145,8 @@ grub_file_open (const char *name, enum grub_file_type type) - - grub_free (file); - -+ grub_dprintf ("file", "Opening `%s' failed.\n", name); -+ - return 0; - } - -@@ -172,6 +178,7 @@ grub_file_read (grub_file_t file, void *buf, grub_size_t len) - - if (len == 0) - return 0; -+ - read_hook = file->read_hook; - read_hook_data = file->read_hook_data; - if (!file->read_hook) -@@ -192,11 +199,18 @@ grub_file_read (grub_file_t file, void *buf, grub_size_t len) - grub_err_t - grub_file_close (grub_file_t file) - { -+ grub_dprintf ("file", "Closing `%s' ...\n", file->name); - if (file->fs->fs_close) - (file->fs->fs_close) (file); - - if (file->device) - grub_device_close (file->device); -+ -+ if (grub_errno == GRUB_ERR_NONE) -+ grub_dprintf ("file", "Closing `%s' succeeded.\n", file->name); -+ else -+ grub_dprintf ("file", "Closing `%s' failed with %d.\n", file->name, grub_errno); -+ - grub_free (file->name); - grub_free (file); - return grub_errno; diff --git a/SPECS/grub2/fedora/0157-Add-at_keyboard_fallback_set-var-to-force-the-set-ma.patch b/SPECS/grub2/fedora/0157-Add-at_keyboard_fallback_set-var-to-force-the-set-ma.patch deleted file mode 100644 index f938fd1adf..0000000000 --- a/SPECS/grub2/fedora/0157-Add-at_keyboard_fallback_set-var-to-force-the-set-ma.patch +++ /dev/null @@ -1,245 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Renaud=20M=C3=A9trich?= -Date: Fri, 18 Dec 2020 15:39:26 +0100 -Subject: [PATCH] Add 'at_keyboard_fallback_set' var to force the set manually -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This seems required with HP DL380p Gen 8 systems. -Indeed, with this system, we can see the following sequence: - -1. controller is queried to get current configuration (returns 0x30 which is quite standard) -2. controller is queried to get the current keyboard set in used, using code 0xf0 (first part) -3. controller answers with 0xfa which means "ACK" (== ok) -4. then we send "0" to tell "we want to know which set your are supporting" -5. controller answers with 0xfa ("ACK") -6. controller should then give us 1, 2, 3 or 0x43, 0x41, 0x3f, but here it gives us 0xfe which means "NACK" - -Since there seems no way to determine the current set, and in fact the -controller expects set2 to be used, we need to rely on an environment -variable. -Everything has been tested on this system: using 0xFE (resend command), -making sure we wait for ACK in the 2 steps "write_mode", etc. - -Below is litterature I used to come up with "there is no other -solution": -- https://wiki.osdev.org/%228042%22_PS/2_Controller -- http://www-ug.eecg.toronto.edu/msl/nios_devices/datasheets/PS2%20Keyboard%20Protocol.htm -- http://www.s100computers.com/My%20System%20Pages/MSDOS%20Board/PC%20Keyboard.pdf - -Signed-off-by: Renaud Métrich -Signed-off-by: Robbie Harwood ---- - grub-core/term/at_keyboard.c | 121 ++++++++++++++++++++++++++++++++++--------- - 1 file changed, 96 insertions(+), 25 deletions(-) - -diff --git a/grub-core/term/at_keyboard.c b/grub-core/term/at_keyboard.c -index 2601438260..dac0f946fe 100644 ---- a/grub-core/term/at_keyboard.c -+++ b/grub-core/term/at_keyboard.c -@@ -31,6 +31,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); - static grub_uint8_t grub_keyboard_controller_orig; - static grub_uint8_t grub_keyboard_orig_set; - struct grub_ps2_state ps2_state; -+static int fallback_set; - - static int ping_sent; - -@@ -76,6 +77,8 @@ at_command (grub_uint8_t data) - break; - return 0; - } -+ if (i == GRUB_AT_TRIES) -+ grub_dprintf ("atkeyb", "at_command() timed out! (stopped after %d tries)\n", i); - return (i != GRUB_AT_TRIES); - } - -@@ -105,6 +108,21 @@ grub_keyboard_controller_read (void) - - #endif - -+static int -+resend_last_result (void) -+{ -+ grub_uint8_t ret; -+ keyboard_controller_wait_until_ready (); -+ grub_dprintf ("atkeyb", "resend_last_result: sending 0xfe\n"); -+ grub_outb (0xfe, KEYBOARD_REG_DATA); -+ ret = wait_ack (); -+ grub_dprintf ("atkeyb", "resend_last_result: wait_ack() returned 0x%x\n", ret); -+ keyboard_controller_wait_until_ready (); -+ ret = grub_inb (KEYBOARD_REG_DATA); -+ grub_dprintf ("atkeyb", "resend_last_result: read 0x%x from controller\n", ret); -+ return ret; -+} -+ - static int - write_mode (int mode) - { -@@ -113,11 +131,14 @@ write_mode (int mode) - { - grub_uint8_t ack; - keyboard_controller_wait_until_ready (); -+ grub_dprintf ("atkeyb", "write_mode: sending 0xf0\n"); - grub_outb (0xf0, KEYBOARD_REG_DATA); - keyboard_controller_wait_until_ready (); -+ grub_dprintf ("atkeyb", "write_mode: sending mode %d\n", mode); - grub_outb (mode, KEYBOARD_REG_DATA); - keyboard_controller_wait_until_ready (); - ack = wait_ack (); -+ grub_dprintf ("atkeyb", "write_mode: wait_ack() returned 0x%x\n", ack); - if (ack == GRUB_AT_NACK) - continue; - if (ack == GRUB_AT_ACK) -@@ -125,6 +146,9 @@ write_mode (int mode) - return 0; - } - -+ if (i == GRUB_AT_TRIES) -+ grub_dprintf ("atkeyb", "write_mode() timed out! (stopped after %d tries)\n", i); -+ - return (i != GRUB_AT_TRIES); - } - -@@ -132,31 +156,66 @@ static int - query_mode (void) - { - grub_uint8_t ret; -+ grub_uint64_t endtime; -+ unsigned i; - int e; -+ char *envvar; - -- e = write_mode (0); -- if (!e) { -- grub_dprintf("atkeyb", "query_mode: write_mode(0) failed\n"); -- return 0; -- } -+ for (i = 0; i < GRUB_AT_TRIES; i++) { -+ grub_dprintf ("atkeyb", "query_mode: sending command to controller\n"); -+ e = write_mode (0); -+ if (!e) { -+ grub_dprintf ("atkeyb", "query_mode: write_mode(0) failed\n"); -+ return 0; -+ } - -- do { -- keyboard_controller_wait_until_ready (); -- ret = grub_inb (KEYBOARD_REG_DATA); -- } while (ret == GRUB_AT_ACK); -- /* QEMU translates the set even in no-translate mode. */ -- if (ret == 0x43 || ret == 1) { -- grub_dprintf("atkeyb", "query_mode: returning 1 (ret=0x%x)\n", ret); -- return 1; -- } -- if (ret == 0x41 || ret == 2) { -- grub_dprintf("atkeyb", "query_mode: returning 2 (ret=0x%x)\n", ret); -- return 2; -+ endtime = grub_get_time_ms () + 20; -+ do { -+ keyboard_controller_wait_until_ready (); -+ ret = grub_inb (KEYBOARD_REG_DATA); -+ grub_dprintf ("atkeyb", "query_mode/loop: read 0x%x from controller\n", ret); -+ } while ((ret == GRUB_AT_ACK || ret == GRUB_AT_NACK) && grub_get_time_ms () < endtime); -+ if (ret == 0xfe) { -+ grub_dprintf ("atkeyb", "query_mode: asking controller to resend last result\n"); -+ ret = resend_last_result(); -+ grub_dprintf ("atkeyb", "query_mode: read 0x%x from controller\n", ret); -+ } -+ /* QEMU translates the set even in no-translate mode. */ -+ if (ret == 0x43 || ret == 1) { -+ grub_dprintf ("atkeyb", "query_mode: controller returned 0x%x, returning 1\n", ret); -+ return 1; -+ } -+ if (ret == 0x41 || ret == 2) { -+ grub_dprintf ("atkeyb", "query_mode: controller returned 0x%x, returning 2\n", ret); -+ return 2; -+ } -+ if (ret == 0x3f || ret == 3) { -+ grub_dprintf ("atkeyb", "query_mode: controller returned 0x%x, returning 3\n", ret); -+ return 3; -+ } -+ grub_dprintf ("atkeyb", "query_mode: controller returned unexpected value 0x%x, retrying\n", ret); - } -- if (ret == 0x3f || ret == 3) { -- grub_dprintf("atkeyb", "query_mode: returning 3 (ret=0x%x)\n", ret); -- return 3; -+ -+ /* -+ * Falling here means we tried querying and the controller returned something -+ * we don't understand, try to use 'at_keyboard_fallback_set' if it exists, -+ * otherwise return 0. -+ */ -+ envvar = grub_env_get ("at_keyboard_fallback_set"); -+ if (envvar) { -+ fallback_set = grub_strtoul (envvar, 0, 10); -+ if ((grub_errno) || (fallback_set < 1) || (fallback_set > 3)) { -+ grub_dprintf ("atkeyb", "WARNING: ignoring unexpected value '%s' for '%s' variable\n", -+ envvar, "at_keyboard_fallback_set"); -+ fallback_set = 0; -+ } else { -+ grub_dprintf ("atkeyb", "query_mode: '%s' specified in environment, returning %d\n", -+ "at_keyboard_fallback_set", fallback_set); -+ } -+ return fallback_set; - } -+ grub_dprintf ("atkeyb", "WARNING: no '%s' specified in environment, returning 0\n", -+ "at_keyboard_fallback_set"); - return 0; - } - -@@ -165,14 +224,25 @@ set_scancodes (void) - { - /* You must have visited computer museum. Keyboard without scancode set - knowledge. Assume XT. */ -- if (!grub_keyboard_orig_set) -- { -- grub_dprintf ("atkeyb", "No sets support assumed\n"); -- ps2_state.current_set = 1; -+ if (!grub_keyboard_orig_set) { -+ if (fallback_set) { -+ grub_dprintf ("atkeyb", "No sets support assumed but set forced to %d\n", fallback_set); -+ ps2_state.current_set = fallback_set; - return; - } -+ grub_dprintf ("atkeyb", "No sets support assumed, forcing to set 1\n"); -+ ps2_state.current_set = 1; -+ return; -+ } - - #if !USE_SCANCODE_SET -+ if (fallback_set) { -+ grub_dprintf ("atkeyb", "queried set is %d but set forced to %d\n", -+ grub_keyboard_orig_set, fallback_set); -+ ps2_state.current_set = fallback_set; -+ return; -+ } -+ - if ((grub_keyboard_controller_orig & KEYBOARD_AT_TRANSLATE) == KEYBOARD_AT_TRANSLATE) { - grub_dprintf ("atkeyb", "queried set is %d but keyboard in Translate mode, so actually in set 1\n", grub_keyboard_orig_set); - ps2_state.current_set = 1; -@@ -261,6 +331,7 @@ grub_at_keyboard_getkey (struct grub_term_input *term __attribute__ ((unused))) - static void - grub_keyboard_controller_init (void) - { -+ grub_dprintf ("atkeyb", "initializing the controller\n"); - ps2_state.at_keyboard_status = 0; - /* Drain input buffer. */ - while (1) -@@ -282,6 +353,7 @@ grub_keyboard_controller_init (void) - grub_keyboard_controller_orig = grub_keyboard_controller_read (); - grub_dprintf ("atkeyb", "grub_keyboard_controller_orig = 0x%x\n", grub_keyboard_controller_orig); - grub_keyboard_orig_set = query_mode (); -+ grub_dprintf ("atkeyb", "grub_keyboard_orig_set = %d\n", grub_keyboard_orig_set); - #endif - set_scancodes (); - keyboard_controller_led (ps2_state.led_status); -@@ -329,7 +401,6 @@ grub_at_restore_hw (void) - return GRUB_ERR_NONE; - } - -- - static struct grub_term_input grub_at_keyboard_term = - { - .name = "at_keyboard", diff --git a/SPECS/grub2/fedora/0158-Add-suport-for-signing-grub-with-an-appended-signatu.patch b/SPECS/grub2/fedora/0158-Add-suport-for-signing-grub-with-an-appended-signatu.patch deleted file mode 100644 index 81660d4dd4..0000000000 --- a/SPECS/grub2/fedora/0158-Add-suport-for-signing-grub-with-an-appended-signatu.patch +++ /dev/null @@ -1,309 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Rashmica Gupta -Date: Thu, 11 Jun 2020 11:26:23 +1000 -Subject: [PATCH] Add suport for signing grub with an appended signature - -Add infrastructure to allow firmware to verify the integrity of grub -by use of a Linux-kernel-module-style appended signature. We initially -target powerpc-ieee1275, but the code should be extensible to other -platforms. - -Usually these signatures are appended to a file without modifying the -ELF file itself. (This is what the 'sign-file' tool does, for example.) -The verifier loads the signed file from the file system and looks at the -end of the file for the appended signature. However, on powerpc-ieee1275 -platforms, the bootloader is often stored directly in the PReP partition -as raw bytes without a file-system. This makes determining the location -of an appended signature more difficult. - -To address this, we add a new ELF note. - -The name field of shall be the string "Appended-Signature", zero-padded -to 4 byte alignment. The type field shall be 0x41536967 (the ASCII values -for the string "ASig"). It must be the final section in the ELF binary. - -The description shall contain the appended signature structure as defined -by the Linux kernel. The description will also be padded to be a multiple -of 4 bytes. The padding shall be added before the appended signature -structure (not at the end) so that the final bytes of a signed ELF file -are the appended signature magic. - -A subsequent patch documents how to create a grub core.img validly signed -under this scheme. - -Signed-off-by: Daniel Axtens -Signed-off-by: Rashmica Gupta ---- - util/grub-install-common.c | 18 ++++++++++++++---- - util/grub-mkimage.c | 15 +++++++++++++-- - util/grub-mkimagexx.c | 39 ++++++++++++++++++++++++++++++++++++++- - util/mkimage.c | 13 +++++++------ - include/grub/util/install.h | 8 ++++++-- - include/grub/util/mkimage.h | 4 ++-- - 6 files changed, 80 insertions(+), 17 deletions(-) - -diff --git a/util/grub-install-common.c b/util/grub-install-common.c -index 4e212e690c..a74fee16e2 100644 ---- a/util/grub-install-common.c -+++ b/util/grub-install-common.c -@@ -461,10 +461,12 @@ static size_t npubkeys; - static char *sbat; - static int disable_shim_lock; - static grub_compression_t compression; -+static size_t appsig_size; - - int - grub_install_parse (int key, char *arg) - { -+ const char *end; - switch (key) - { - case 'C': -@@ -562,6 +564,12 @@ grub_install_parse (int key, char *arg) - grub_util_error (_("Unrecognized compression `%s'"), arg); - case GRUB_INSTALL_OPTIONS_GRUB_MKIMAGE: - return 1; -+ case GRUB_INSTALL_OPTIONS_APPENDED_SIGNATURE_SIZE: -+ grub_errno = 0; -+ appsig_size = grub_strtol(arg, &end, 10); -+ if (grub_errno) -+ return 0; -+ return 1; - default: - return 0; - } -@@ -661,11 +669,13 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, - " --output '%s' " - " --dtb '%s' " - "--sbat '%s' " -- "--format '%s' --compression '%s' %s %s %s\n", -+ "--format '%s' --compression '%s' " -+ "--appended-signature-size %zu %s %s %s\n", - dir, prefix, - outname, dtb ? : "", sbat ? : "", mkimage_target, -- compnames[compression], note ? "--note" : "", -- disable_shim_lock ? "--disable-shim-lock" : "", s); -+ compnames[compression], appsig_size, -+ disable_shim_lock ? "--disable-shim-lock" : "", -+ note ? "--note" : "", s); - free (s); - - tgt = grub_install_get_image_target (mkimage_target); -@@ -675,7 +685,7 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, - grub_install_generate_image (dir, prefix, fp, outname, - modules.entries, memdisk_path, - pubkeys, npubkeys, config_path, tgt, -- note, compression, dtb, sbat, -+ note, appsig_size, compression, dtb, sbat, - disable_shim_lock); - while (dc--) - grub_install_pop_module (); -diff --git a/util/grub-mkimage.c b/util/grub-mkimage.c -index c0d5599370..8a53310548 100644 ---- a/util/grub-mkimage.c -+++ b/util/grub-mkimage.c -@@ -84,6 +84,7 @@ static struct argp_option options[] = { - {"sbat", 's', N_("FILE"), 0, N_("SBAT metadata"), 0}, - {"disable-shim-lock", GRUB_INSTALL_OPTIONS_DISABLE_SHIM_LOCK, 0, 0, N_("disable shim_lock verifier"), 0}, - {"verbose", 'v', 0, 0, N_("print verbose messages."), 0}, -+ {"appended-signature-size", 'S', N_("SIZE"), 0, N_("Add a note segment reserving SIZE bytes for an appended signature"), 0}, - { 0, 0, 0, 0, 0, 0 } - }; - -@@ -128,6 +129,7 @@ struct arguments - char *sbat; - int note; - int disable_shim_lock; -+ size_t appsig_size; - const struct grub_install_image_target_desc *image_target; - grub_compression_t comp; - }; -@@ -138,6 +140,7 @@ argp_parser (int key, char *arg, struct argp_state *state) - /* Get the input argument from argp_parse, which we - know is a pointer to our arguments structure. */ - struct arguments *arguments = state->input; -+ const char* end; - - switch (key) - { -@@ -170,6 +173,13 @@ argp_parser (int key, char *arg, struct argp_state *state) - arguments->note = 1; - break; - -+ case 'S': -+ grub_errno = 0; -+ arguments->appsig_size = grub_strtol(arg, &end, 10); -+ if (grub_errno) -+ return 0; -+ break; -+ - case 'm': - if (arguments->memdisk) - free (arguments->memdisk); -@@ -324,8 +334,9 @@ main (int argc, char *argv[]) - arguments.memdisk, arguments.pubkeys, - arguments.npubkeys, arguments.config, - arguments.image_target, arguments.note, -- arguments.comp, arguments.dtb, -- arguments.sbat, arguments.disable_shim_lock); -+ arguments.appsig_size, arguments.comp, -+ arguments.dtb, arguments.sbat, -+ arguments.disable_shim_lock); - - if (grub_util_file_sync (fp) < 0) - grub_util_error (_("cannot sync `%s': %s"), arguments.output ? : "stdout", -diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c -index d78fa3e533..393119486d 100644 ---- a/util/grub-mkimagexx.c -+++ b/util/grub-mkimagexx.c -@@ -84,6 +84,15 @@ struct grub_ieee1275_note - struct grub_ieee1275_note_desc descriptor; - }; - -+#define GRUB_APPENDED_SIGNATURE_NOTE_NAME "Appended-Signature" -+#define GRUB_APPENDED_SIGNATURE_NOTE_TYPE 0x41536967 /* "ASig" */ -+ -+struct grub_appended_signature_note -+{ -+ Elf32_Nhdr header; -+ char name[ALIGN_UP(sizeof (GRUB_APPENDED_SIGNATURE_NOTE_NAME), 4)]; -+}; -+ - #define GRUB_XEN_NOTE_NAME "Xen" - - struct fixup_block_list -@@ -207,7 +216,7 @@ grub_arm_reloc_jump24 (grub_uint32_t *target, Elf32_Addr sym_addr) - - void - SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc *image_target, -- int note, char **core_img, size_t *core_size, -+ int note, size_t appsig_size, char **core_img, size_t *core_size, - Elf_Addr target_addr, - struct grub_mkimage_layout *layout) - { -@@ -221,6 +230,12 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc - int shnum = 4; - int string_size = sizeof (".text") + sizeof ("mods") + 1; - -+ if (appsig_size) -+ { -+ phnum++; -+ footer_size += ALIGN_UP(sizeof (struct grub_appended_signature_note) + appsig_size, 4); -+ } -+ - if (image_target->id != IMAGE_LOONGSON_ELF) - phnum += 2; - -@@ -484,6 +499,28 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc - phdr->p_offset = grub_host_to_target32 (header_size + program_size); - } - -+ if (appsig_size) { -+ int note_size = ALIGN_UP(sizeof (struct grub_appended_signature_note) + appsig_size, 4); -+ struct grub_appended_signature_note *note_ptr = (struct grub_appended_signature_note *) -+ (elf_img + program_size + header_size + (note ? sizeof (struct grub_ieee1275_note) : 0)); -+ -+ note_ptr->header.n_namesz = grub_host_to_target32 (sizeof (GRUB_APPENDED_SIGNATURE_NOTE_NAME)); -+ /* needs to sit at the end, so we round this up and sign some zero padding */ -+ note_ptr->header.n_descsz = grub_host_to_target32 (ALIGN_UP(appsig_size, 4)); -+ note_ptr->header.n_type = grub_host_to_target32 (GRUB_APPENDED_SIGNATURE_NOTE_TYPE); -+ strcpy (note_ptr->name, GRUB_APPENDED_SIGNATURE_NOTE_NAME); -+ -+ phdr++; -+ phdr->p_type = grub_host_to_target32 (PT_NOTE); -+ phdr->p_flags = grub_host_to_target32 (PF_R); -+ phdr->p_align = grub_host_to_target32 (image_target->voidp_sizeof); -+ phdr->p_vaddr = 0; -+ phdr->p_paddr = 0; -+ phdr->p_filesz = grub_host_to_target32 (note_size); -+ phdr->p_memsz = 0; -+ phdr->p_offset = grub_host_to_target32 (header_size + program_size + (note ? sizeof (struct grub_ieee1275_note) : 0)); -+ } -+ - { - char *str_start = (elf_img + sizeof (*ehdr) + phnum * sizeof (*phdr) - + shnum * sizeof (*shdr)); -diff --git a/util/mkimage.c b/util/mkimage.c -index a26cf76f72..bab1227601 100644 ---- a/util/mkimage.c -+++ b/util/mkimage.c -@@ -869,8 +869,9 @@ grub_install_generate_image (const char *dir, const char *prefix, - char *memdisk_path, char **pubkey_paths, - size_t npubkeys, char *config_path, - const struct grub_install_image_target_desc *image_target, -- int note, grub_compression_t comp, const char *dtb_path, -- const char *sbat_path, int disable_shim_lock) -+ int note, size_t appsig_size, grub_compression_t comp, -+ const char *dtb_path, const char *sbat_path, -+ int disable_shim_lock) - { - char *kernel_img, *core_img; - size_t total_module_size, core_size; -@@ -1773,11 +1774,11 @@ grub_install_generate_image (const char *dir, const char *prefix, - else - target_addr = image_target->link_addr; - if (image_target->voidp_sizeof == 4) -- grub_mkimage_generate_elf32 (image_target, note, &core_img, &core_size, -- target_addr, &layout); -+ grub_mkimage_generate_elf32 (image_target, note, appsig_size, &core_img, -+ &core_size, target_addr, &layout); - else -- grub_mkimage_generate_elf64 (image_target, note, &core_img, &core_size, -- target_addr, &layout); -+ grub_mkimage_generate_elf64 (image_target, note, appsig_size, &core_img, -+ &core_size, target_addr, &layout); - } - break; - } -diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 7df3191f47..cf4531e02b 100644 ---- a/include/grub/util/install.h -+++ b/include/grub/util/install.h -@@ -67,6 +67,9 @@ - N_("SBAT metadata"), 0 }, \ - { "disable-shim-lock", GRUB_INSTALL_OPTIONS_DISABLE_SHIM_LOCK, 0, 0, \ - N_("disable shim_lock verifier"), 0 }, \ -+ { "appended-signature-size", GRUB_INSTALL_OPTIONS_APPENDED_SIGNATURE_SIZE,\ -+ "SIZE", 0, N_("Add a note segment reserving SIZE bytes for an appended signature"), \ -+ 1}, \ - { "verbose", 'v', 0, 0, \ - N_("print verbose messages."), 1 } - -@@ -128,7 +131,8 @@ enum grub_install_options { - GRUB_INSTALL_OPTIONS_INSTALL_CORE_COMPRESS, - GRUB_INSTALL_OPTIONS_DTB, - GRUB_INSTALL_OPTIONS_SBAT, -- GRUB_INSTALL_OPTIONS_DISABLE_SHIM_LOCK -+ GRUB_INSTALL_OPTIONS_DISABLE_SHIM_LOCK, -+ GRUB_INSTALL_OPTIONS_APPENDED_SIGNATURE_SIZE - }; - - extern char *grub_install_source_directory; -@@ -188,7 +192,7 @@ grub_install_generate_image (const char *dir, const char *prefix, - size_t npubkeys, - char *config_path, - const struct grub_install_image_target_desc *image_target, -- int note, -+ int note, size_t appsig_size, - grub_compression_t comp, const char *dtb_file, - const char *sbat_path, const int disable_shim_lock); - -diff --git a/include/grub/util/mkimage.h b/include/grub/util/mkimage.h -index 3819a67441..6f1da89b9b 100644 ---- a/include/grub/util/mkimage.h -+++ b/include/grub/util/mkimage.h -@@ -51,12 +51,12 @@ grub_mkimage_load_image64 (const char *kernel_path, - const struct grub_install_image_target_desc *image_target); - void - grub_mkimage_generate_elf32 (const struct grub_install_image_target_desc *image_target, -- int note, char **core_img, size_t *core_size, -+ int note, size_t appsig_size, char **core_img, size_t *core_size, - Elf32_Addr target_addr, - struct grub_mkimage_layout *layout); - void - grub_mkimage_generate_elf64 (const struct grub_install_image_target_desc *image_target, -- int note, char **core_img, size_t *core_size, -+ int note, size_t appsig_size, char **core_img, size_t *core_size, - Elf64_Addr target_addr, - struct grub_mkimage_layout *layout); - diff --git a/SPECS/grub2/fedora/0159-docs-grub-Document-signing-grub-under-UEFI.patch b/SPECS/grub2/fedora/0159-docs-grub-Document-signing-grub-under-UEFI.patch deleted file mode 100644 index f2b5c17688..0000000000 --- a/SPECS/grub2/fedora/0159-docs-grub-Document-signing-grub-under-UEFI.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Sat, 15 Aug 2020 02:00:57 +1000 -Subject: [PATCH] docs/grub: Document signing grub under UEFI - -Before adding information about how grub is signed with an appended -signature scheme, it's worth adding some information about how it -can currently be signed for UEFI. - -Signed-off-by: Daniel Axtens ---- - docs/grub.texi | 22 +++++++++++++++++++++- - 1 file changed, 21 insertions(+), 1 deletion(-) - -diff --git a/docs/grub.texi b/docs/grub.texi -index 4870faaa00..365d1d6931 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -5817,6 +5817,7 @@ environment variables and commands are listed in the same order. - * Secure Boot Advanced Targeting:: Embedded information for generation number based revocation - * Measured Boot:: Measuring boot components - * Lockdown:: Lockdown when booting on a secure setup -+* Signing GRUB itself:: Ensuring the integrity of the GRUB core image - @end menu - - @node Authentication and authorisation -@@ -5895,7 +5896,7 @@ commands. - - GRUB's @file{core.img} can optionally provide enforcement that all files - subsequently read from disk are covered by a valid digital signature. --This document does @strong{not} cover how to ensure that your -+This section does @strong{not} cover how to ensure that your - platform's firmware (e.g., Coreboot) validates @file{core.img}. - - If environment variable @code{check_signatures} -@@ -6067,6 +6068,25 @@ be restricted and some operations/commands cannot be executed. - The @samp{lockdown} variable is set to @samp{y} when the GRUB is locked down. - Otherwise it does not exit. - -+@node Signing GRUB itself -+@section Signing GRUB itself -+ -+To ensure a complete secure-boot chain, there must be a way for the code that -+loads GRUB to verify the integrity of the core image. -+ -+This is ultimately platform-specific and individual platforms can define their -+own mechanisms. However, there are general-purpose mechanisms that can be used -+with GRUB. -+ -+@section Signing GRUB for UEFI secure boot -+ -+On UEFI platforms, @file{core.img} is a PE binary. Therefore, it can be signed -+with a tool such as @command{pesign} or @command{sbsign}. Refer to the -+suggestions in @pxref{UEFI secure boot and shim} to ensure that the final -+image works under UEFI secure boot and can maintain the secure-boot chain. It -+will also be necessary to enrol the public key used into a relevant firmware -+key database. -+ - @node Platform limitations - @chapter Platform limitations - diff --git a/SPECS/grub2/fedora/0160-docs-grub-Document-signing-grub-with-an-appended-sig.patch b/SPECS/grub2/fedora/0160-docs-grub-Document-signing-grub-with-an-appended-sig.patch deleted file mode 100644 index ee3d659409..0000000000 --- a/SPECS/grub2/fedora/0160-docs-grub-Document-signing-grub-with-an-appended-sig.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Sat, 15 Aug 2020 02:19:36 +1000 -Subject: [PATCH] docs/grub: Document signing grub with an appended signature - -Signing grub for firmware that verifies an appended signature is a -bit fiddly. I don't want people to have to figure it out from scratch -so document it here. - -Signed-off-by: Daniel Axtens ---- - docs/grub.texi | 42 ++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 42 insertions(+) - -diff --git a/docs/grub.texi b/docs/grub.texi -index 365d1d6931..afbde7c1f7 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -6087,6 +6087,48 @@ image works under UEFI secure boot and can maintain the secure-boot chain. It - will also be necessary to enrol the public key used into a relevant firmware - key database. - -+@section Signing GRUB with an appended signature -+ -+The @file{core.elf} itself can be signed with a Linux kernel module-style -+appended signature. -+ -+To support IEEE1275 platforms where the boot image is often loaded directly -+from a disk partition rather than from a file system, the @file{core.elf} -+can specify the size and location of the appended signature with an ELF -+note added by @command{grub-install}. -+ -+An image can be signed this way using the @command{sign-file} command from -+the Linux kernel: -+ -+@example -+@group -+# grub.key is your private key and certificate.der is your public key -+ -+# Determine the size of the appended signature. It depends on the signing -+# certificate and the hash algorithm -+touch empty -+sign-file SHA256 grub.key certificate.der empty empty.sig -+SIG_SIZE=`stat -c '%s' empty.sig` -+rm empty empty.sig -+ -+# Build a grub image with $SIG_SIZE reserved for the signature -+grub-install --appended-signature-size $SIG_SIZE --modules="..." ... -+ -+# Replace the reserved size with a signature: -+# cut off the last $SIG_SIZE bytes with truncate's minus modifier -+truncate -s -$SIG_SIZE /boot/grub/powerpc-ieee1275/core.elf core.elf.unsigned -+# sign the trimmed file with an appended signature, restoring the correct size -+sign-file SHA256 grub.key certificate.der core.elf.unsigned core.elf.signed -+ -+# Don't forget to install the signed image as required -+# (e.g. on powerpc-ieee1275, to the PReP partition) -+@end group -+@end example -+ -+As with UEFI secure boot, it is necessary to build in the required modules, -+or sign them separately. -+ -+ - @node Platform limitations - @chapter Platform limitations - diff --git a/SPECS/grub2/fedora/0161-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch b/SPECS/grub2/fedora/0161-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch deleted file mode 100644 index b23ce49d73..0000000000 --- a/SPECS/grub2/fedora/0161-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Thu, 30 Jul 2020 00:13:21 +1000 -Subject: [PATCH] dl: provide a fake grub_dl_set_persistent for the emu target - -Trying to start grub-emu with a module that calls grub_dl_set_persistent -will crash because grub-emu fakes modules and passes NULL to the module -init function. - -Provide an empty function for the emu case. - -Fixes: ee7808e2197c (dl: Add support for persistent modules) -Signed-off-by: Daniel Axtens ---- - include/grub/dl.h | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/include/grub/dl.h b/include/grub/dl.h -index 2f76e6b043..20d870f2a4 100644 ---- a/include/grub/dl.h -+++ b/include/grub/dl.h -@@ -245,11 +245,22 @@ grub_dl_get (const char *name) - return 0; - } - -+#ifdef GRUB_MACHINE_EMU -+/* -+ * Under grub-emu, modules are faked and NULL is passed to GRUB_MOD_INIT. -+ * So we fake this out to avoid a NULL deref. -+ */ -+static inline void -+grub_dl_set_persistent (grub_dl_t mod __attribute__((unused))) -+{ -+} -+#else - static inline void - grub_dl_set_persistent (grub_dl_t mod) - { - mod->persistent = 1; - } -+#endif - - static inline int - grub_dl_is_persistent (grub_dl_t mod) diff --git a/SPECS/grub2/fedora/0162-pgp-factor-out-rsa_pad.patch b/SPECS/grub2/fedora/0162-pgp-factor-out-rsa_pad.patch deleted file mode 100644 index f1e721db9e..0000000000 --- a/SPECS/grub2/fedora/0162-pgp-factor-out-rsa_pad.patch +++ /dev/null @@ -1,191 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Thu, 1 Oct 2020 20:23:48 +1000 -Subject: [PATCH] pgp: factor out rsa_pad - -rsa_pad does the PKCS#1 v1.5 padding for the RSA signature scheme. -We want to use it in other RSA signature verification applications. - -I considered and rejected putting it in lib/crypto.c. That file doesn't -currently require any MPI functions, but rsa_pad does. That's not so -much of a problem for the grub kernel and modules, but crypto.c also -gets built into all the grub utilities. So - despite the utils not -using any asymmetric ciphers - we would need to built the entire MPI -infrastructure in to them. - -A better and simpler solution is just to spin rsa_pad out into its own -PKCS#1 v1.5 module. - -Signed-off-by: Daniel Axtens ---- - grub-core/Makefile.core.def | 8 ++++++ - grub-core/commands/pgp.c | 28 ++------------------- - grub-core/lib/pkcs1_v15.c | 59 +++++++++++++++++++++++++++++++++++++++++++++ - include/grub/pkcs1_v15.h | 27 +++++++++++++++++++++ - 4 files changed, 96 insertions(+), 26 deletions(-) - create mode 100644 grub-core/lib/pkcs1_v15.c - create mode 100644 include/grub/pkcs1_v15.h - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 81fc274148..97347ae76f 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -2510,6 +2510,14 @@ module = { - cppflags = '$(CPPFLAGS_GCRY)'; - }; - -+module = { -+ name = pkcs1_v15; -+ common = lib/pkcs1_v15.c; -+ -+ cflags = '$(CFLAGS_GCRY) -Wno-redundant-decls -Wno-sign-compare'; -+ cppflags = '$(CPPFLAGS_GCRY)'; -+}; -+ - module = { - name = all_video; - common = lib/fake_module.c; -diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c -index 5daa1e9d00..2408db4994 100644 ---- a/grub-core/commands/pgp.c -+++ b/grub-core/commands/pgp.c -@@ -24,6 +24,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -411,32 +412,7 @@ static int - rsa_pad (gcry_mpi_t *hmpi, grub_uint8_t *hval, - const gcry_md_spec_t *hash, struct grub_public_subkey *sk) - { -- grub_size_t tlen, emlen, fflen; -- grub_uint8_t *em, *emptr; -- unsigned nbits = gcry_mpi_get_nbits (sk->mpis[0]); -- int ret; -- tlen = hash->mdlen + hash->asnlen; -- emlen = (nbits + 7) / 8; -- if (emlen < tlen + 11) -- return 1; -- -- em = grub_malloc (emlen); -- if (!em) -- return 1; -- -- em[0] = 0x00; -- em[1] = 0x01; -- fflen = emlen - tlen - 3; -- for (emptr = em + 2; emptr < em + 2 + fflen; emptr++) -- *emptr = 0xff; -- *emptr++ = 0x00; -- grub_memcpy (emptr, hash->asnoid, hash->asnlen); -- emptr += hash->asnlen; -- grub_memcpy (emptr, hval, hash->mdlen); -- -- ret = gcry_mpi_scan (hmpi, GCRYMPI_FMT_USG, em, emlen, 0); -- grub_free (em); -- return ret; -+ return grub_crypto_rsa_pad(hmpi, hval, hash, sk->mpis[0]); - } - - struct grub_pubkey_context -diff --git a/grub-core/lib/pkcs1_v15.c b/grub-core/lib/pkcs1_v15.c -new file mode 100644 -index 0000000000..dbacd563d0 ---- /dev/null -+++ b/grub-core/lib/pkcs1_v15.c -@@ -0,0 +1,59 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2013 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+ -+GRUB_MOD_LICENSE ("GPLv3+"); -+ -+/* -+ * Given a hash value 'hval', of hash specification 'hash', perform -+ * the EMSA-PKCS1-v1_5 padding suitable for a key with modulus 'mod' -+ * (see RFC 8017 s 9.2) and place the result in 'hmpi'. -+ */ -+gcry_err_code_t -+grub_crypto_rsa_pad (gcry_mpi_t * hmpi, grub_uint8_t * hval, -+ const gcry_md_spec_t * hash, gcry_mpi_t mod) -+{ -+ grub_size_t tlen, emlen, fflen; -+ grub_uint8_t *em, *emptr; -+ unsigned nbits = gcry_mpi_get_nbits (mod); -+ int ret; -+ tlen = hash->mdlen + hash->asnlen; -+ emlen = (nbits + 7) / 8; -+ if (emlen < tlen + 11) -+ return GPG_ERR_TOO_SHORT; -+ -+ em = grub_malloc (emlen); -+ if (!em) -+ return 1; -+ -+ em[0] = 0x00; -+ em[1] = 0x01; -+ fflen = emlen - tlen - 3; -+ for (emptr = em + 2; emptr < em + 2 + fflen; emptr++) -+ *emptr = 0xff; -+ *emptr++ = 0x00; -+ grub_memcpy (emptr, hash->asnoid, hash->asnlen); -+ emptr += hash->asnlen; -+ grub_memcpy (emptr, hval, hash->mdlen); -+ -+ ret = gcry_mpi_scan (hmpi, GCRYMPI_FMT_USG, em, emlen, 0); -+ grub_free (em); -+ return ret; -+} -diff --git a/include/grub/pkcs1_v15.h b/include/grub/pkcs1_v15.h -new file mode 100644 -index 0000000000..5c338c84a1 ---- /dev/null -+++ b/include/grub/pkcs1_v15.h -@@ -0,0 +1,27 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2013 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+/* -+ * Given a hash value 'hval', of hash specification 'hash', perform -+ * the EMSA-PKCS1-v1_5 padding suitable for a key with modulus 'mod' -+ * (See RFC 8017 s 9.2) -+ */ -+gcry_err_code_t -+grub_crypto_rsa_pad (gcry_mpi_t * hmpi, grub_uint8_t * hval, -+ const gcry_md_spec_t * hash, gcry_mpi_t mod); -+ diff --git a/SPECS/grub2/fedora/0163-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch b/SPECS/grub2/fedora/0163-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch deleted file mode 100644 index 541474e5e3..0000000000 --- a/SPECS/grub2/fedora/0163-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Fri, 2 Oct 2020 10:49:26 +1000 -Subject: [PATCH] crypto: move storage for grub_crypto_pk_* to crypto.c - -The way gcry_rsa and friends (the asymmetric ciphers) are loaded for the -pgp module is a bit quirky. - -include/grub/crypto.h contains: - extern struct gcry_pk_spec *grub_crypto_pk_rsa; - -commands/pgp.c contains the actual storage: - struct gcry_pk_spec *grub_crypto_pk_rsa; - -And the module itself saves to the storage in pgp.c: - GRUB_MOD_INIT(gcry_rsa) - { - grub_crypto_pk_rsa = &_gcry_pubkey_spec_rsa; - } - -This is annoying: gcry_rsa now has a dependency on pgp! - -We want to be able to bring in gcry_rsa without bringing in PGP, -so move the storage to crypto.c. - -Previously, gcry_rsa depended on pgp and mpi. Now it depends on -crypto and mpi. As pgp depends on crypto, this doesn't add any new -module dependencies using the PGP verfier. - -[FWIW, the story is different for the symmetric ciphers. cryptodisk -and friends (zfs encryption etc) use grub_crypto_lookup_cipher_by_name() -to get a cipher handle. That depends on grub_ciphers being populated -by people calling grub_cipher_register. import_gcry.py ensures that the -symmetric ciphers call it.] - -Signed-off-by: Daniel Axtens ---- - grub-core/commands/pgp.c | 4 ---- - grub-core/lib/crypto.c | 4 ++++ - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c -index 2408db4994..355a43844a 100644 ---- a/grub-core/commands/pgp.c -+++ b/grub-core/commands/pgp.c -@@ -147,10 +147,6 @@ const char *hashes[] = { - [0x0b] = "sha224" - }; - --struct gcry_pk_spec *grub_crypto_pk_dsa; --struct gcry_pk_spec *grub_crypto_pk_ecdsa; --struct gcry_pk_spec *grub_crypto_pk_rsa; -- - static int - dsa_pad (gcry_mpi_t *hmpi, grub_uint8_t *hval, - const gcry_md_spec_t *hash, struct grub_public_subkey *sk); -diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c -index ca334d5a40..c578128a59 100644 ---- a/grub-core/lib/crypto.c -+++ b/grub-core/lib/crypto.c -@@ -121,6 +121,10 @@ grub_md_unregister (gcry_md_spec_t *cipher) - } - } - -+struct gcry_pk_spec *grub_crypto_pk_dsa; -+struct gcry_pk_spec *grub_crypto_pk_ecdsa; -+struct gcry_pk_spec *grub_crypto_pk_rsa; -+ - void - grub_crypto_hash (const gcry_md_spec_t *hash, void *out, const void *in, - grub_size_t inlen) diff --git a/SPECS/grub2/fedora/0164-posix_wrap-tweaks-in-preparation-for-libtasn1.patch b/SPECS/grub2/fedora/0164-posix_wrap-tweaks-in-preparation-for-libtasn1.patch deleted file mode 100644 index 3176f1b714..0000000000 --- a/SPECS/grub2/fedora/0164-posix_wrap-tweaks-in-preparation-for-libtasn1.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Sat, 2 May 2020 00:27:57 +1000 -Subject: [PATCH] posix_wrap: tweaks in preparation for libtasn1 - - - Define SIZEOF_UNSIGNED_LONG_INT, it's the same as - SIZEOF_UNSIGNED_LONG. - - - Define WORD_BIT, the size in bits of an int. This is a defined - in the Single Unix Specification and in gnulib's limits.h. gnulib - assumes it's 32 bits on all our platforms, including 64 bit - platforms, so we also use that value. - - - Provide strto[u]l[l] preprocessor macros that resolve to - grub_strto[u]l[l]. To avoid gcrypt redefining strtoul, we - also define HAVE_STRTOUL here. - -Signed-off-by: Daniel Axtens ---- - grub-core/lib/posix_wrap/limits.h | 1 + - grub-core/lib/posix_wrap/stdlib.h | 8 ++++++++ - grub-core/lib/posix_wrap/sys/types.h | 1 + - 3 files changed, 10 insertions(+) - -diff --git a/grub-core/lib/posix_wrap/limits.h b/grub-core/lib/posix_wrap/limits.h -index 7217138ffd..591dbf3289 100644 ---- a/grub-core/lib/posix_wrap/limits.h -+++ b/grub-core/lib/posix_wrap/limits.h -@@ -37,5 +37,6 @@ - #define LONG_MAX GRUB_LONG_MAX - - #define CHAR_BIT 8 -+#define WORD_BIT 32 - - #endif -diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h -index 7a8d385e97..4634db09f2 100644 ---- a/grub-core/lib/posix_wrap/stdlib.h -+++ b/grub-core/lib/posix_wrap/stdlib.h -@@ -58,4 +58,12 @@ abs (int c) - return (c >= 0) ? c : -c; - } - -+#define strtol grub_strtol -+ -+/* for libgcrypt */ -+#define HAVE_STRTOUL -+#define strtoul grub_strtoul -+ -+#define strtoull grub_strtoull -+ - #endif -diff --git a/grub-core/lib/posix_wrap/sys/types.h b/grub-core/lib/posix_wrap/sys/types.h -index 854eb0122e..f63412c8da 100644 ---- a/grub-core/lib/posix_wrap/sys/types.h -+++ b/grub-core/lib/posix_wrap/sys/types.h -@@ -51,6 +51,7 @@ typedef grub_uint8_t byte; - typedef grub_addr_t uintptr_t; - - #define SIZEOF_UNSIGNED_LONG GRUB_CPU_SIZEOF_LONG -+#define SIZEOF_UNSIGNED_LONG_INT GRUB_CPU_SIZEOF_LONG - #define SIZEOF_UNSIGNED_INT 4 - #define SIZEOF_UNSIGNED_LONG_LONG 8 - #define SIZEOF_UNSIGNED_SHORT 2 diff --git a/SPECS/grub2/fedora/0165-libtasn1-import-libtasn1-4.16.0.patch b/SPECS/grub2/fedora/0165-libtasn1-import-libtasn1-4.16.0.patch deleted file mode 100644 index 9587661123..0000000000 --- a/SPECS/grub2/fedora/0165-libtasn1-import-libtasn1-4.16.0.patch +++ /dev/null @@ -1,8934 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Wed, 10 Jun 2020 16:31:22 +1000 -Subject: [PATCH] libtasn1: import libtasn1-4.16.0 - -Import a very trimmed-down set of libtasn1 files: - -pushd /tmp -wget https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.16.0.tar.gz -popd -pushd grub-core/lib -mkdir libtasn1 -cp /tmp/libtasn1-4.16.0/{README.md,LICENSE} libtasn1/ -mkdir libtasn1/lib -cp /tmp/libtasn1-4.16.0/lib/{coding.c,decoding.c,element.c,element.h,errors.c,gstr.c,gstr.h,int.h,parser_aux.c,parser_aux.h,structure.c,structure.h} libtasn1/lib -cp /tmp/libtasn1-4.16.0/lib/includes/libtasn1.h ../../include/grub/ -git add libtasn1/ ../../include/grub/libtasn1.h -popd - -Signed-off-by: Daniel Axtens ---- - grub-core/lib/libtasn1/lib/coding.c | 1415 ++++++++++++++++++ - grub-core/lib/libtasn1/lib/decoding.c | 2478 +++++++++++++++++++++++++++++++ - grub-core/lib/libtasn1/lib/element.c | 1111 ++++++++++++++ - grub-core/lib/libtasn1/lib/errors.c | 100 ++ - grub-core/lib/libtasn1/lib/gstr.c | 74 + - grub-core/lib/libtasn1/lib/parser_aux.c | 1173 +++++++++++++++ - grub-core/lib/libtasn1/lib/structure.c | 1220 +++++++++++++++ - grub-core/lib/libtasn1/lib/element.h | 40 + - grub-core/lib/libtasn1/lib/gstr.h | 47 + - grub-core/lib/libtasn1/lib/int.h | 221 +++ - grub-core/lib/libtasn1/lib/parser_aux.h | 172 +++ - grub-core/lib/libtasn1/lib/structure.h | 45 + - include/grub/libtasn1.h | 588 ++++++++ - grub-core/lib/libtasn1/LICENSE | 16 + - grub-core/lib/libtasn1/README.md | 91 ++ - 15 files changed, 8791 insertions(+) - create mode 100644 grub-core/lib/libtasn1/lib/coding.c - create mode 100644 grub-core/lib/libtasn1/lib/decoding.c - create mode 100644 grub-core/lib/libtasn1/lib/element.c - create mode 100644 grub-core/lib/libtasn1/lib/errors.c - create mode 100644 grub-core/lib/libtasn1/lib/gstr.c - create mode 100644 grub-core/lib/libtasn1/lib/parser_aux.c - create mode 100644 grub-core/lib/libtasn1/lib/structure.c - create mode 100644 grub-core/lib/libtasn1/lib/element.h - create mode 100644 grub-core/lib/libtasn1/lib/gstr.h - create mode 100644 grub-core/lib/libtasn1/lib/int.h - create mode 100644 grub-core/lib/libtasn1/lib/parser_aux.h - create mode 100644 grub-core/lib/libtasn1/lib/structure.h - create mode 100644 include/grub/libtasn1.h - create mode 100644 grub-core/lib/libtasn1/LICENSE - create mode 100644 grub-core/lib/libtasn1/README.md - -diff --git a/grub-core/lib/libtasn1/lib/coding.c b/grub-core/lib/libtasn1/lib/coding.c -new file mode 100644 -index 0000000000..245ea64cf0 ---- /dev/null -+++ b/grub-core/lib/libtasn1/lib/coding.c -@@ -0,0 +1,1415 @@ -+/* -+ * Copyright (C) 2002-2014 Free Software Foundation, Inc. -+ * -+ * This file is part of LIBTASN1. -+ * -+ * The LIBTASN1 library is free software; you can redistribute it -+ * and/or modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -+ * 02110-1301, USA -+ */ -+ -+ -+/*****************************************************/ -+/* File: coding.c */ -+/* Description: Functions to create a DER coding of */ -+/* an ASN1 type. */ -+/*****************************************************/ -+ -+#include -+#include "parser_aux.h" -+#include -+#include "element.h" -+#include "minmax.h" -+#include -+ -+#define MAX_TAG_LEN 16 -+ -+/******************************************************/ -+/* Function : _asn1_error_description_value_not_found */ -+/* Description: creates the ErrorDescription string */ -+/* for the ASN1_VALUE_NOT_FOUND error. */ -+/* Parameters: */ -+/* node: node of the tree where the value is NULL. */ -+/* ErrorDescription: string returned. */ -+/* Return: */ -+/******************************************************/ -+static void -+_asn1_error_description_value_not_found (asn1_node node, -+ char *ErrorDescription) -+{ -+ -+ if (ErrorDescription == NULL) -+ return; -+ -+ Estrcpy (ErrorDescription, ":: value of element '"); -+ _asn1_hierarchical_name (node, ErrorDescription + strlen (ErrorDescription), -+ ASN1_MAX_ERROR_DESCRIPTION_SIZE - 40); -+ Estrcat (ErrorDescription, "' not found"); -+ -+} -+ -+/** -+ * asn1_length_der: -+ * @len: value to convert. -+ * @der: buffer to hold the returned encoding (may be %NULL). -+ * @der_len: number of meaningful bytes of ANS (der[0]..der[der_len-1]). -+ * -+ * Creates the DER encoding of the provided length value. -+ * The @der buffer must have enough room for the output. The maximum -+ * length this function will encode is %ASN1_MAX_LENGTH_SIZE. -+ * -+ * To know the size of the DER encoding use a %NULL value for @der. -+ **/ -+void -+asn1_length_der (unsigned long int len, unsigned char *der, int *der_len) -+{ -+ int k; -+ unsigned char temp[ASN1_MAX_LENGTH_SIZE]; -+#if SIZEOF_UNSIGNED_LONG_INT > 8 -+ len &= 0xFFFFFFFFFFFFFFFF; -+#endif -+ -+ if (len < 128) -+ { -+ /* short form */ -+ if (der != NULL) -+ der[0] = (unsigned char) len; -+ *der_len = 1; -+ } -+ else -+ { -+ /* Long form */ -+ k = 0; -+ while (len) -+ { -+ temp[k++] = len & 0xFF; -+ len = len >> 8; -+ } -+ *der_len = k + 1; -+ if (der != NULL) -+ { -+ der[0] = ((unsigned char) k & 0x7F) + 128; -+ while (k--) -+ der[*der_len - 1 - k] = temp[k]; -+ } -+ } -+} -+ -+/******************************************************/ -+/* Function : _asn1_tag_der */ -+/* Description: creates the DER coding for the CLASS */ -+/* and TAG parameters. */ -+/* It is limited by the ASN1_MAX_TAG_SIZE variable */ -+/* Parameters: */ -+/* class: value to convert. */ -+/* tag_value: value to convert. */ -+/* ans: string returned. */ -+/* ans_len: number of meaningful bytes of ANS */ -+/* (ans[0]..ans[ans_len-1]). */ -+/* Return: */ -+/******************************************************/ -+static void -+_asn1_tag_der (unsigned char class, unsigned int tag_value, -+ unsigned char ans[ASN1_MAX_TAG_SIZE], int *ans_len) -+{ -+ int k; -+ unsigned char temp[ASN1_MAX_TAG_SIZE]; -+ -+ if (tag_value < 31) -+ { -+ /* short form */ -+ ans[0] = (class & 0xE0) + ((unsigned char) (tag_value & 0x1F)); -+ *ans_len = 1; -+ } -+ else -+ { -+ /* Long form */ -+ ans[0] = (class & 0xE0) + 31; -+ k = 0; -+ while (tag_value != 0) -+ { -+ temp[k++] = tag_value & 0x7F; -+ tag_value >>= 7; -+ -+ if (k > ASN1_MAX_TAG_SIZE - 1) -+ break; /* will not encode larger tags */ -+ } -+ *ans_len = k + 1; -+ while (k--) -+ ans[*ans_len - 1 - k] = temp[k] + 128; -+ ans[*ans_len - 1] -= 128; -+ } -+} -+ -+/** -+ * asn1_octet_der: -+ * @str: the input data. -+ * @str_len: STR length (str[0]..str[*str_len-1]). -+ * @der: encoded string returned. -+ * @der_len: number of meaningful bytes of DER (der[0]..der[der_len-1]). -+ * -+ * Creates a length-value DER encoding for the input data. -+ * The DER encoding of the input data will be placed in the @der variable. -+ * -+ * Note that the OCTET STRING tag is not included in the output. -+ * -+ * This function does not return any value because it is expected -+ * that @der_len will contain enough bytes to store the string -+ * plus the DER encoding. The DER encoding size can be obtained using -+ * asn1_length_der(). -+ **/ -+void -+asn1_octet_der (const unsigned char *str, int str_len, -+ unsigned char *der, int *der_len) -+{ -+ int len_len; -+ -+ if (der == NULL || str_len < 0) -+ return; -+ -+ asn1_length_der (str_len, der, &len_len); -+ memcpy (der + len_len, str, str_len); -+ *der_len = str_len + len_len; -+} -+ -+ -+/** -+ * asn1_encode_simple_der: -+ * @etype: The type of the string to be encoded (ASN1_ETYPE_) -+ * @str: the string data. -+ * @str_len: the string length -+ * @tl: the encoded tag and length -+ * @tl_len: the bytes of the @tl field -+ * -+ * Creates the DER encoding for various simple ASN.1 types like strings etc. -+ * It stores the tag and length in @tl, which should have space for at least -+ * %ASN1_MAX_TL_SIZE bytes. Initially @tl_len should contain the size of @tl. -+ * -+ * The complete DER encoding should consist of the value in @tl appended -+ * with the provided @str. -+ * -+ * Returns: %ASN1_SUCCESS if successful or an error value. -+ **/ -+int -+asn1_encode_simple_der (unsigned int etype, const unsigned char *str, -+ unsigned int str_len, unsigned char *tl, -+ unsigned int *tl_len) -+{ -+ int tag_len, len_len; -+ unsigned tlen; -+ unsigned char der_tag[ASN1_MAX_TAG_SIZE]; -+ unsigned char der_length[ASN1_MAX_LENGTH_SIZE]; -+ unsigned char *p; -+ -+ if (str == NULL) -+ return ASN1_VALUE_NOT_VALID; -+ -+ if (ETYPE_OK (etype) == 0) -+ return ASN1_VALUE_NOT_VALID; -+ -+ /* doesn't handle constructed classes */ -+ if (ETYPE_CLASS (etype) != ASN1_CLASS_UNIVERSAL) -+ return ASN1_VALUE_NOT_VALID; -+ -+ _asn1_tag_der (ETYPE_CLASS (etype), ETYPE_TAG (etype), der_tag, &tag_len); -+ -+ asn1_length_der (str_len, der_length, &len_len); -+ -+ if (tag_len <= 0 || len_len <= 0) -+ return ASN1_VALUE_NOT_VALID; -+ -+ tlen = tag_len + len_len; -+ -+ if (*tl_len < tlen) -+ return ASN1_MEM_ERROR; -+ -+ p = tl; -+ memcpy (p, der_tag, tag_len); -+ p += tag_len; -+ memcpy (p, der_length, len_len); -+ -+ *tl_len = tlen; -+ -+ return ASN1_SUCCESS; -+} -+ -+/******************************************************/ -+/* Function : _asn1_time_der */ -+/* Description: creates the DER coding for a TIME */ -+/* type (length included). */ -+/* Parameters: */ -+/* str: TIME null-terminated string. */ -+/* der: string returned. */ -+/* der_len: number of meaningful bytes of DER */ -+/* (der[0]..der[ans_len-1]). Initially it */ -+/* if must store the lenght of DER. */ -+/* Return: */ -+/* ASN1_MEM_ERROR when DER isn't big enough */ -+/* ASN1_SUCCESS otherwise */ -+/******************************************************/ -+static int -+_asn1_time_der (unsigned char *str, int str_len, unsigned char *der, -+ int *der_len) -+{ -+ int len_len; -+ int max_len; -+ -+ if (der == NULL) -+ return ASN1_VALUE_NOT_VALID; -+ -+ max_len = *der_len; -+ -+ asn1_length_der (str_len, (max_len > 0) ? der : NULL, &len_len); -+ -+ if ((len_len + str_len) <= max_len) -+ memcpy (der + len_len, str, str_len); -+ *der_len = len_len + str_len; -+ -+ if ((*der_len) > max_len) -+ return ASN1_MEM_ERROR; -+ -+ return ASN1_SUCCESS; -+} -+ -+ -+/* -+void -+_asn1_get_utctime_der(unsigned char *der,int *der_len,unsigned char *str) -+{ -+ int len_len,str_len; -+ char temp[20]; -+ -+ if(str==NULL) return; -+ str_len=asn1_get_length_der(der,*der_len,&len_len); -+ if (str_len<0) return; -+ memcpy(temp,der+len_len,str_len); -+ *der_len=str_len+len_len; -+ switch(str_len) -+ { -+ case 11: -+ temp[10]=0; -+ strcat(temp,"00+0000"); -+ break; -+ case 13: -+ temp[12]=0; -+ strcat(temp,"+0000"); -+ break; -+ case 15: -+ temp[15]=0; -+ memmove(temp+12,temp+10,6); -+ temp[10]=temp[11]='0'; -+ break; -+ case 17: -+ temp[17]=0; -+ break; -+ default: -+ return; -+ } -+ strcpy(str,temp); -+} -+*/ -+ -+static -+void encode_val(uint64_t val, unsigned char *der, int max_len, int *der_len) -+{ -+ int first, k; -+ unsigned char bit7; -+ -+ first = 0; -+ for (k = sizeof(val); k >= 0; k--) -+ { -+ bit7 = (val >> (k * 7)) & 0x7F; -+ if (bit7 || first || !k) -+ { -+ if (k) -+ bit7 |= 0x80; -+ if (max_len > (*der_len)) -+ der[*der_len] = bit7; -+ (*der_len)++; -+ first = 1; -+ } -+ } -+} -+ -+/******************************************************/ -+/* Function : _asn1_object_id_der */ -+/* Description: creates the DER coding for an */ -+/* OBJECT IDENTIFIER type (length included). */ -+/* Parameters: */ -+/* str: OBJECT IDENTIFIER null-terminated string. */ -+/* der: string returned. */ -+/* der_len: number of meaningful bytes of DER */ -+/* (der[0]..der[ans_len-1]). Initially it */ -+/* must store the length of DER. */ -+/* Return: */ -+/* ASN1_MEM_ERROR when DER isn't big enough */ -+/* ASN1_SUCCESS if succesful */ -+/* or an error value. */ -+/******************************************************/ -+static int -+_asn1_object_id_der (const char *str, unsigned char *der, int *der_len) -+{ -+ int len_len, counter, max_len; -+ char *temp, *n_end, *n_start; -+ uint64_t val, val1 = 0; -+ int str_len = _asn1_strlen (str); -+ -+ max_len = *der_len; -+ *der_len = 0; -+ -+ if (der == NULL && max_len > 0) -+ return ASN1_VALUE_NOT_VALID; -+ -+ temp = malloc (str_len + 2); -+ if (temp == NULL) -+ return ASN1_MEM_ALLOC_ERROR; -+ -+ memcpy (temp, str, str_len); -+ temp[str_len] = '.'; -+ temp[str_len + 1] = 0; -+ -+ counter = 0; -+ n_start = temp; -+ while ((n_end = strchr (n_start, '.'))) -+ { -+ *n_end = 0; -+ val = _asn1_strtou64 (n_start, NULL, 10); -+ counter++; -+ -+ if (counter == 1) -+ { -+ val1 = val; -+ } -+ else if (counter == 2) -+ { -+ uint64_t val0; -+ -+ if (val1 > 2) -+ { -+ free(temp); -+ return ASN1_VALUE_NOT_VALID; -+ } -+ else if ((val1 == 0 || val1 == 1) && val > 39) -+ { -+ free(temp); -+ return ASN1_VALUE_NOT_VALID; -+ } -+ -+ val0 = 40 * val1 + val; -+ encode_val(val0, der, max_len, der_len); -+ } -+ else -+ { -+ encode_val(val, der, max_len, der_len); -+ } -+ n_start = n_end + 1; -+ } -+ -+ asn1_length_der (*der_len, NULL, &len_len); -+ if (max_len >= (*der_len + len_len)) -+ { -+ memmove (der + len_len, der, *der_len); -+ asn1_length_der (*der_len, der, &len_len); -+ } -+ *der_len += len_len; -+ -+ free (temp); -+ -+ if (max_len < (*der_len)) -+ return ASN1_MEM_ERROR; -+ -+ return ASN1_SUCCESS; -+} -+ -+/** -+ * asn1_object_id_der: -+ * @str: An object identifier in numeric, dot format. -+ * @der: buffer to hold the returned encoding (may be %NULL). -+ * @der_len: initially the size of @der; will hold the final size. -+ * @flags: must be zero -+ * -+ * Creates the DER encoding of the provided object identifier. -+ * -+ * Returns: %ASN1_SUCCESS if DER encoding was OK, %ASN1_VALUE_NOT_VALID -+ * if @str is not a valid OID, %ASN1_MEM_ERROR if the @der -+ * vector isn't big enough and in this case @der_len will contain the -+ * length needed. -+ **/ -+int asn1_object_id_der(const char *str, unsigned char *der, int *der_len, unsigned flags) -+{ -+ unsigned char tag_der[MAX_TAG_LEN]; -+ int tag_len = 0, r; -+ int max_len = *der_len; -+ -+ *der_len = 0; -+ -+ _asn1_tag_der (ETYPE_CLASS (ASN1_ETYPE_OBJECT_ID), ETYPE_TAG (ASN1_ETYPE_OBJECT_ID), -+ tag_der, &tag_len); -+ -+ if (max_len > tag_len) -+ { -+ memcpy(der, tag_der, tag_len); -+ } -+ max_len -= tag_len; -+ der += tag_len; -+ -+ r = _asn1_object_id_der (str, der, &max_len); -+ if (r == ASN1_MEM_ERROR || r == ASN1_SUCCESS) -+ { -+ *der_len = max_len + tag_len; -+ } -+ -+ return r; -+} -+ -+static const unsigned char bit_mask[] = -+ { 0xFF, 0xFE, 0xFC, 0xF8, 0xF0, 0xE0, 0xC0, 0x80 }; -+ -+/** -+ * asn1_bit_der: -+ * @str: BIT string. -+ * @bit_len: number of meaningful bits in STR. -+ * @der: string returned. -+ * @der_len: number of meaningful bytes of DER -+ * (der[0]..der[ans_len-1]). -+ * -+ * Creates a length-value DER encoding for the input data -+ * as it would have been for a BIT STRING. -+ * The DER encoded data will be copied in @der. -+ * -+ * Note that the BIT STRING tag is not included in the output. -+ * -+ * This function does not return any value because it is expected -+ * that @der_len will contain enough bytes to store the string -+ * plus the DER encoding. The DER encoding size can be obtained using -+ * asn1_length_der(). -+ **/ -+void -+asn1_bit_der (const unsigned char *str, int bit_len, -+ unsigned char *der, int *der_len) -+{ -+ int len_len, len_byte, len_pad; -+ -+ if (der == NULL) -+ return; -+ -+ len_byte = bit_len >> 3; -+ len_pad = 8 - (bit_len & 7); -+ if (len_pad == 8) -+ len_pad = 0; -+ else -+ len_byte++; -+ asn1_length_der (len_byte + 1, der, &len_len); -+ der[len_len] = len_pad; -+ -+ if (str) -+ memcpy (der + len_len + 1, str, len_byte); -+ der[len_len + len_byte] &= bit_mask[len_pad]; -+ *der_len = len_byte + len_len + 1; -+} -+ -+ -+/******************************************************/ -+/* Function : _asn1_complete_explicit_tag */ -+/* Description: add the length coding to the EXPLICIT */ -+/* tags. */ -+/* Parameters: */ -+/* node: pointer to the tree element. */ -+/* der: string with the DER coding of the whole tree*/ -+/* counter: number of meaningful bytes of DER */ -+/* (der[0]..der[*counter-1]). */ -+/* max_len: size of der vector */ -+/* Return: */ -+/* ASN1_MEM_ERROR if der vector isn't big enough, */ -+/* otherwise ASN1_SUCCESS. */ -+/******************************************************/ -+static int -+_asn1_complete_explicit_tag (asn1_node node, unsigned char *der, -+ int *counter, int *max_len) -+{ -+ asn1_node p; -+ int is_tag_implicit, len2, len3; -+ unsigned char temp[SIZEOF_UNSIGNED_INT]; -+ -+ if (der == NULL && *max_len > 0) -+ return ASN1_VALUE_NOT_VALID; -+ -+ is_tag_implicit = 0; -+ -+ if (node->type & CONST_TAG) -+ { -+ p = node->down; -+ if (p == NULL) -+ return ASN1_DER_ERROR; -+ /* When there are nested tags we must complete them reverse to -+ the order they were created. This is because completing a tag -+ modifies all data within it, including the incomplete tags -+ which store buffer positions -- simon@josefsson.org 2002-09-06 -+ */ -+ while (p->right) -+ p = p->right; -+ while (p && p != node->down->left) -+ { -+ if (type_field (p->type) == ASN1_ETYPE_TAG) -+ { -+ if (p->type & CONST_EXPLICIT) -+ { -+ len2 = strtol (p->name, NULL, 10); -+ _asn1_set_name (p, NULL); -+ -+ asn1_length_der (*counter - len2, temp, &len3); -+ if (len3 <= (*max_len)) -+ { -+ memmove (der + len2 + len3, der + len2, -+ *counter - len2); -+ memcpy (der + len2, temp, len3); -+ } -+ *max_len -= len3; -+ *counter += len3; -+ is_tag_implicit = 0; -+ } -+ else -+ { /* CONST_IMPLICIT */ -+ if (!is_tag_implicit) -+ { -+ is_tag_implicit = 1; -+ } -+ } -+ } -+ p = p->left; -+ } -+ } -+ -+ if (*max_len < 0) -+ return ASN1_MEM_ERROR; -+ -+ return ASN1_SUCCESS; -+} -+ -+const tag_and_class_st _asn1_tags[] = { -+ [ASN1_ETYPE_GENERALSTRING] = -+ {ASN1_TAG_GENERALSTRING, ASN1_CLASS_UNIVERSAL, "type:GENERALSTRING"}, -+ [ASN1_ETYPE_NUMERIC_STRING] = -+ {ASN1_TAG_NUMERIC_STRING, ASN1_CLASS_UNIVERSAL, "type:NUMERIC_STR"}, -+ [ASN1_ETYPE_IA5_STRING] = -+ {ASN1_TAG_IA5_STRING, ASN1_CLASS_UNIVERSAL, "type:IA5_STR"}, -+ [ASN1_ETYPE_TELETEX_STRING] = -+ {ASN1_TAG_TELETEX_STRING, ASN1_CLASS_UNIVERSAL, "type:TELETEX_STR"}, -+ [ASN1_ETYPE_PRINTABLE_STRING] = -+ {ASN1_TAG_PRINTABLE_STRING, ASN1_CLASS_UNIVERSAL, "type:PRINTABLE_STR"}, -+ [ASN1_ETYPE_UNIVERSAL_STRING] = -+ {ASN1_TAG_UNIVERSAL_STRING, ASN1_CLASS_UNIVERSAL, "type:UNIVERSAL_STR"}, -+ [ASN1_ETYPE_BMP_STRING] = -+ {ASN1_TAG_BMP_STRING, ASN1_CLASS_UNIVERSAL, "type:BMP_STR"}, -+ [ASN1_ETYPE_UTF8_STRING] = -+ {ASN1_TAG_UTF8_STRING, ASN1_CLASS_UNIVERSAL, "type:UTF8_STR"}, -+ [ASN1_ETYPE_VISIBLE_STRING] = -+ {ASN1_TAG_VISIBLE_STRING, ASN1_CLASS_UNIVERSAL, "type:VISIBLE_STR"}, -+ [ASN1_ETYPE_OCTET_STRING] = -+ {ASN1_TAG_OCTET_STRING, ASN1_CLASS_UNIVERSAL, "type:OCT_STR"}, -+ [ASN1_ETYPE_BIT_STRING] = -+ {ASN1_TAG_BIT_STRING, ASN1_CLASS_UNIVERSAL, "type:BIT_STR"}, -+ [ASN1_ETYPE_OBJECT_ID] = -+ {ASN1_TAG_OBJECT_ID, ASN1_CLASS_UNIVERSAL, "type:OBJ_ID"}, -+ [ASN1_ETYPE_NULL] = {ASN1_TAG_NULL, ASN1_CLASS_UNIVERSAL, "type:NULL"}, -+ [ASN1_ETYPE_BOOLEAN] = -+ {ASN1_TAG_BOOLEAN, ASN1_CLASS_UNIVERSAL, "type:BOOLEAN"}, -+ [ASN1_ETYPE_INTEGER] = -+ {ASN1_TAG_INTEGER, ASN1_CLASS_UNIVERSAL, "type:INTEGER"}, -+ [ASN1_ETYPE_ENUMERATED] = -+ {ASN1_TAG_ENUMERATED, ASN1_CLASS_UNIVERSAL, "type:ENUMERATED"}, -+ [ASN1_ETYPE_SEQUENCE] = -+ {ASN1_TAG_SEQUENCE, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, -+ "type:SEQUENCE"}, -+ [ASN1_ETYPE_SEQUENCE_OF] = -+ {ASN1_TAG_SEQUENCE, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, -+ "type:SEQ_OF"}, -+ [ASN1_ETYPE_SET] = -+ {ASN1_TAG_SET, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, "type:SET"}, -+ [ASN1_ETYPE_SET_OF] = -+ {ASN1_TAG_SET, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, -+ "type:SET_OF"}, -+ [ASN1_ETYPE_GENERALIZED_TIME] = -+ {ASN1_TAG_GENERALIZEDTime, ASN1_CLASS_UNIVERSAL, "type:GENERALIZED_TIME"}, -+ [ASN1_ETYPE_UTC_TIME] = -+ {ASN1_TAG_UTCTime, ASN1_CLASS_UNIVERSAL, "type:UTC_TIME"}, -+}; -+ -+unsigned int _asn1_tags_size = sizeof (_asn1_tags) / sizeof (_asn1_tags[0]); -+ -+/******************************************************/ -+/* Function : _asn1_insert_tag_der */ -+/* Description: creates the DER coding of tags of one */ -+/* NODE. */ -+/* Parameters: */ -+/* node: pointer to the tree element. */ -+/* der: string returned */ -+/* counter: number of meaningful bytes of DER */ -+/* (counter[0]..der[*counter-1]). */ -+/* max_len: size of der vector */ -+/* Return: */ -+/* ASN1_GENERIC_ERROR if the type is unknown, */ -+/* ASN1_MEM_ERROR if der vector isn't big enough, */ -+/* otherwise ASN1_SUCCESS. */ -+/******************************************************/ -+static int -+_asn1_insert_tag_der (asn1_node node, unsigned char *der, int *counter, -+ int *max_len) -+{ -+ asn1_node p; -+ int tag_len, is_tag_implicit; -+ unsigned char class, class_implicit = 0, temp[MAX(SIZEOF_UNSIGNED_INT * 3 + 1, LTOSTR_MAX_SIZE)]; -+ unsigned long tag_implicit = 0; -+ unsigned char tag_der[MAX_TAG_LEN]; -+ -+ is_tag_implicit = 0; -+ -+ if (node->type & CONST_TAG) -+ { -+ p = node->down; -+ while (p) -+ { -+ if (type_field (p->type) == ASN1_ETYPE_TAG) -+ { -+ if (p->type & CONST_APPLICATION) -+ class = ASN1_CLASS_APPLICATION; -+ else if (p->type & CONST_UNIVERSAL) -+ class = ASN1_CLASS_UNIVERSAL; -+ else if (p->type & CONST_PRIVATE) -+ class = ASN1_CLASS_PRIVATE; -+ else -+ class = ASN1_CLASS_CONTEXT_SPECIFIC; -+ -+ if (p->type & CONST_EXPLICIT) -+ { -+ if (is_tag_implicit) -+ _asn1_tag_der (class_implicit, tag_implicit, tag_der, -+ &tag_len); -+ else -+ _asn1_tag_der (class | ASN1_CLASS_STRUCTURED, -+ _asn1_strtoul (p->value, NULL, 10), -+ tag_der, &tag_len); -+ -+ *max_len -= tag_len; -+ if (der && *max_len >= 0) -+ memcpy (der + *counter, tag_der, tag_len); -+ *counter += tag_len; -+ -+ _asn1_ltostr (*counter, (char *) temp); -+ _asn1_set_name (p, (const char *) temp); -+ -+ is_tag_implicit = 0; -+ } -+ else -+ { /* CONST_IMPLICIT */ -+ if (!is_tag_implicit) -+ { -+ if ((type_field (node->type) == ASN1_ETYPE_SEQUENCE) || -+ (type_field (node->type) == ASN1_ETYPE_SEQUENCE_OF) -+ || (type_field (node->type) == ASN1_ETYPE_SET) -+ || (type_field (node->type) == ASN1_ETYPE_SET_OF)) -+ class |= ASN1_CLASS_STRUCTURED; -+ class_implicit = class; -+ tag_implicit = _asn1_strtoul (p->value, NULL, 10); -+ is_tag_implicit = 1; -+ } -+ } -+ } -+ p = p->right; -+ } -+ } -+ -+ if (is_tag_implicit) -+ { -+ _asn1_tag_der (class_implicit, tag_implicit, tag_der, &tag_len); -+ } -+ else -+ { -+ unsigned type = type_field (node->type); -+ switch (type) -+ { -+ CASE_HANDLED_ETYPES: -+ _asn1_tag_der (_asn1_tags[type].class, _asn1_tags[type].tag, -+ tag_der, &tag_len); -+ break; -+ case ASN1_ETYPE_TAG: -+ case ASN1_ETYPE_CHOICE: -+ case ASN1_ETYPE_ANY: -+ tag_len = 0; -+ break; -+ default: -+ return ASN1_GENERIC_ERROR; -+ } -+ } -+ -+ *max_len -= tag_len; -+ if (der && *max_len >= 0) -+ memcpy (der + *counter, tag_der, tag_len); -+ *counter += tag_len; -+ -+ if (*max_len < 0) -+ return ASN1_MEM_ERROR; -+ -+ return ASN1_SUCCESS; -+} -+ -+/******************************************************/ -+/* Function : _asn1_ordering_set */ -+/* Description: puts the elements of a SET type in */ -+/* the correct order according to DER rules. */ -+/* Parameters: */ -+/* der: string with the DER coding. */ -+/* node: pointer to the SET element. */ -+/* Return: */ -+/* ASN1_SUCCESS if successful */ -+/* or an error value. */ -+/******************************************************/ -+static int -+_asn1_ordering_set (unsigned char *der, int der_len, asn1_node node) -+{ -+ struct vet -+ { -+ int end; -+ unsigned long value; -+ struct vet *next, *prev; -+ }; -+ -+ int counter, len, len2; -+ struct vet *first, *last, *p_vet, *p2_vet; -+ asn1_node p; -+ unsigned char class, *temp; -+ unsigned long tag, t; -+ int err; -+ -+ counter = 0; -+ -+ if (type_field (node->type) != ASN1_ETYPE_SET) -+ return ASN1_VALUE_NOT_VALID; -+ -+ p = node->down; -+ while (p && ((type_field (p->type) == ASN1_ETYPE_TAG) || -+ (type_field (p->type) == ASN1_ETYPE_SIZE))) -+ p = p->right; -+ -+ if ((p == NULL) || (p->right == NULL)) -+ return ASN1_SUCCESS; -+ -+ first = last = NULL; -+ while (p) -+ { -+ p_vet = malloc (sizeof (struct vet)); -+ if (p_vet == NULL) -+ { -+ err = ASN1_MEM_ALLOC_ERROR; -+ goto error; -+ } -+ -+ p_vet->next = NULL; -+ p_vet->prev = last; -+ if (first == NULL) -+ first = p_vet; -+ else -+ last->next = p_vet; -+ last = p_vet; -+ -+ /* tag value calculation */ -+ err = asn1_get_tag_der (der + counter, der_len - counter, &class, &len2, -+ &tag); -+ if (err != ASN1_SUCCESS) -+ goto error; -+ -+ t = ((unsigned int)class) << 24; -+ p_vet->value = t | tag; -+ counter += len2; -+ -+ /* extraction and length */ -+ len2 = asn1_get_length_der (der + counter, der_len - counter, &len); -+ if (len2 < 0) -+ { -+ err = ASN1_DER_ERROR; -+ goto error; -+ } -+ counter += len + len2; -+ -+ p_vet->end = counter; -+ p = p->right; -+ } -+ -+ p_vet = first; -+ -+ while (p_vet) -+ { -+ p2_vet = p_vet->next; -+ counter = 0; -+ while (p2_vet) -+ { -+ if (p_vet->value > p2_vet->value) -+ { -+ /* change position */ -+ temp = malloc (p_vet->end - counter); -+ if (temp == NULL) -+ { -+ err = ASN1_MEM_ALLOC_ERROR; -+ goto error; -+ } -+ -+ memcpy (temp, der + counter, p_vet->end - counter); -+ memcpy (der + counter, der + p_vet->end, -+ p2_vet->end - p_vet->end); -+ memcpy (der + counter + p2_vet->end - p_vet->end, temp, -+ p_vet->end - counter); -+ free (temp); -+ -+ tag = p_vet->value; -+ p_vet->value = p2_vet->value; -+ p2_vet->value = tag; -+ -+ p_vet->end = counter + (p2_vet->end - p_vet->end); -+ } -+ counter = p_vet->end; -+ -+ p2_vet = p2_vet->next; -+ p_vet = p_vet->next; -+ } -+ -+ if (p_vet != first) -+ p_vet->prev->next = NULL; -+ else -+ first = NULL; -+ free (p_vet); -+ p_vet = first; -+ } -+ return ASN1_SUCCESS; -+ -+error: -+ while (first != NULL) -+ { -+ p_vet = first; -+ first = first->next; -+ free(p_vet); -+ } -+ return err; -+} -+ -+struct vet -+{ -+ unsigned char *ptr; -+ int size; -+}; -+ -+static int setof_compar(const void *_e1, const void *_e2) -+{ -+ unsigned length; -+ const struct vet *e1 = _e1, *e2 = _e2; -+ int rval; -+ -+ /* The encodings of the component values of a set-of value shall -+ * appear in ascending order, the encodings being compared -+ * as octet strings with the shorter components being -+ * padded at their trailing end with 0-octets. -+ * The padding octets are for comparison purposes and -+ * do not appear in the encodings. -+ */ -+ length = MIN(e1->size, e2->size); -+ -+ rval = memcmp(e1->ptr, e2->ptr, length); -+ if (rval == 0 && e1->size != e2->size) -+ { -+ if (e1->size > e2->size) -+ rval = 1; -+ else if (e2->size > e1->size) -+ rval = -1; -+ } -+ -+ return rval; -+} -+ -+/******************************************************/ -+/* Function : _asn1_ordering_set_of */ -+/* Description: puts the elements of a SET OF type in */ -+/* the correct order according to DER rules. */ -+/* Parameters: */ -+/* der: string with the DER coding. */ -+/* node: pointer to the SET OF element. */ -+/* Return: */ -+/* ASN1_SUCCESS if successful */ -+/* or an error value. */ -+/******************************************************/ -+static int -+_asn1_ordering_set_of (unsigned char *der, int der_len, asn1_node node) -+{ -+ int counter, len, len2; -+ struct vet *list = NULL, *tlist; -+ unsigned list_size = 0; -+ struct vet *p_vet; -+ asn1_node p; -+ unsigned char class; -+ unsigned i; -+ unsigned char *out = NULL; -+ int err; -+ -+ if (der == NULL) -+ return ASN1_VALUE_NOT_VALID; -+ -+ counter = 0; -+ -+ if (type_field (node->type) != ASN1_ETYPE_SET_OF) -+ return ASN1_VALUE_NOT_VALID; -+ -+ p = node->down; -+ while (p && ((type_field (p->type) == ASN1_ETYPE_TAG) || -+ (type_field (p->type) == ASN1_ETYPE_SIZE))) -+ p = p->right; -+ if (p == NULL) -+ return ASN1_VALUE_NOT_VALID; -+ p = p->right; -+ -+ if ((p == NULL) || (p->right == NULL)) -+ return ASN1_SUCCESS; -+ -+ while (p) -+ { -+ list_size++; -+ tlist = realloc (list, list_size*sizeof(struct vet)); -+ if (tlist == NULL) -+ { -+ err = ASN1_MEM_ALLOC_ERROR; -+ goto error; -+ } -+ list = tlist; -+ p_vet = &list[list_size-1]; -+ -+ p_vet->ptr = der+counter; -+ p_vet->size = 0; -+ -+ /* extraction of tag and length */ -+ if (der_len - counter > 0) -+ { -+ err = asn1_get_tag_der (der + counter, der_len - counter, &class, -+ &len, NULL); -+ if (err != ASN1_SUCCESS) -+ goto error; -+ counter += len; -+ p_vet->size += len; -+ -+ len2 = asn1_get_length_der (der + counter, der_len - counter, &len); -+ if (len2 < 0) -+ { -+ err = ASN1_DER_ERROR; -+ goto error; -+ } -+ counter += len + len2; -+ p_vet->size += len + len2; -+ -+ } -+ else -+ { -+ err = ASN1_DER_ERROR; -+ goto error; -+ } -+ p = p->right; -+ } -+ -+ if (counter > der_len) -+ { -+ err = ASN1_DER_ERROR; -+ goto error; -+ } -+ -+ qsort(list, list_size, sizeof(struct vet), setof_compar); -+ -+ out = malloc(der_len); -+ if (out == NULL) -+ { -+ err = ASN1_MEM_ERROR; -+ goto error; -+ } -+ -+ /* the sum of p_vet->size == der_len */ -+ counter = 0; -+ for (i = 0; i < list_size; i++) -+ { -+ p_vet = &list[i]; -+ memcpy(out+counter, p_vet->ptr, p_vet->size); -+ counter += p_vet->size; -+ } -+ memcpy(der, out, der_len); -+ free(out); -+ -+ err = ASN1_SUCCESS; -+ -+error: -+ free(list); -+ return err; -+} -+ -+/** -+ * asn1_der_coding: -+ * @element: pointer to an ASN1 element -+ * @name: the name of the structure you want to encode (it must be -+ * inside *POINTER). -+ * @ider: vector that will contain the DER encoding. DER must be a -+ * pointer to memory cells already allocated. -+ * @len: number of bytes of *@ider: @ider[0]..@ider[len-1], Initialy -+ * holds the sizeof of der vector. -+ * @ErrorDescription: return the error description or an empty -+ * string if success. -+ * -+ * Creates the DER encoding for the NAME structure (inside *POINTER -+ * structure). -+ * -+ * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND -+ * if @name is not a valid element, %ASN1_VALUE_NOT_FOUND if there -+ * is an element without a value, %ASN1_MEM_ERROR if the @ider -+ * vector isn't big enough and in this case @len will contain the -+ * length needed. -+ **/ -+int -+asn1_der_coding (asn1_node_const element, const char *name, void *ider, int *len, -+ char *ErrorDescription) -+{ -+ asn1_node node, p, p2; -+ unsigned char temp[MAX(LTOSTR_MAX_SIZE, SIZEOF_UNSIGNED_LONG_INT * 3 + 1)]; -+ int counter, counter_old, len2, len3, move, max_len, max_len_old; -+ int err; -+ unsigned char *der = ider; -+ -+ if (ErrorDescription) -+ ErrorDescription[0] = 0; -+ -+ node = asn1_find_node (element, name); -+ if (node == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ /* Node is now a locally allocated variable. -+ * That is because in some point we modify the -+ * structure, and I don't know why! --nmav -+ */ -+ node = _asn1_copy_structure3 (node); -+ if (node == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ max_len = *len; -+ -+ if (der == NULL && max_len > 0) -+ return ASN1_VALUE_NOT_VALID; -+ -+ counter = 0; -+ move = DOWN; -+ p = node; -+ -+ while (1) -+ { -+ -+ counter_old = counter; -+ max_len_old = max_len; -+ if (move != UP) -+ { -+ p->start = counter; -+ err = _asn1_insert_tag_der (p, der, &counter, &max_len); -+ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) -+ goto error; -+ } -+ switch (type_field (p->type)) -+ { -+ case ASN1_ETYPE_NULL: -+ max_len--; -+ if (der != NULL && max_len >= 0) -+ der[counter] = 0; -+ counter++; -+ move = RIGHT; -+ break; -+ case ASN1_ETYPE_BOOLEAN: -+ if ((p->type & CONST_DEFAULT) && (p->value == NULL)) -+ { -+ counter = counter_old; -+ max_len = max_len_old; -+ } -+ else -+ { -+ if (p->value == NULL) -+ { -+ _asn1_error_description_value_not_found (p, -+ ErrorDescription); -+ err = ASN1_VALUE_NOT_FOUND; -+ goto error; -+ } -+ max_len -= 2; -+ if (der != NULL && max_len >= 0) -+ { -+ der[counter++] = 1; -+ if (p->value[0] == 'F') -+ der[counter++] = 0; -+ else -+ der[counter++] = 0xFF; -+ } -+ else -+ counter += 2; -+ } -+ move = RIGHT; -+ break; -+ case ASN1_ETYPE_INTEGER: -+ case ASN1_ETYPE_ENUMERATED: -+ if ((p->type & CONST_DEFAULT) && (p->value == NULL)) -+ { -+ counter = counter_old; -+ max_len = max_len_old; -+ } -+ else -+ { -+ if (p->value == NULL) -+ { -+ _asn1_error_description_value_not_found (p, -+ ErrorDescription); -+ err = ASN1_VALUE_NOT_FOUND; -+ goto error; -+ } -+ len2 = asn1_get_length_der (p->value, p->value_len, &len3); -+ if (len2 < 0) -+ { -+ err = ASN1_DER_ERROR; -+ goto error; -+ } -+ max_len -= len2 + len3; -+ if (der != NULL && max_len >= 0) -+ memcpy (der + counter, p->value, len3 + len2); -+ counter += len3 + len2; -+ } -+ move = RIGHT; -+ break; -+ case ASN1_ETYPE_OBJECT_ID: -+ if ((p->type & CONST_DEFAULT) && (p->value == NULL)) -+ { -+ counter = counter_old; -+ max_len = max_len_old; -+ } -+ else -+ { -+ if (p->value == NULL) -+ { -+ _asn1_error_description_value_not_found (p, -+ ErrorDescription); -+ err = ASN1_VALUE_NOT_FOUND; -+ goto error; -+ } -+ len2 = max_len; -+ err = _asn1_object_id_der ((char*)p->value, der + counter, &len2); -+ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) -+ goto error; -+ -+ max_len -= len2; -+ counter += len2; -+ } -+ move = RIGHT; -+ break; -+ case ASN1_ETYPE_GENERALIZED_TIME: -+ case ASN1_ETYPE_UTC_TIME: -+ if (p->value == NULL) -+ { -+ _asn1_error_description_value_not_found (p, ErrorDescription); -+ err = ASN1_VALUE_NOT_FOUND; -+ goto error; -+ } -+ len2 = max_len; -+ err = _asn1_time_der (p->value, p->value_len, der + counter, &len2); -+ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) -+ goto error; -+ -+ max_len -= len2; -+ counter += len2; -+ move = RIGHT; -+ break; -+ case ASN1_ETYPE_OCTET_STRING: -+ case ASN1_ETYPE_GENERALSTRING: -+ case ASN1_ETYPE_NUMERIC_STRING: -+ case ASN1_ETYPE_IA5_STRING: -+ case ASN1_ETYPE_TELETEX_STRING: -+ case ASN1_ETYPE_PRINTABLE_STRING: -+ case ASN1_ETYPE_UNIVERSAL_STRING: -+ case ASN1_ETYPE_BMP_STRING: -+ case ASN1_ETYPE_UTF8_STRING: -+ case ASN1_ETYPE_VISIBLE_STRING: -+ case ASN1_ETYPE_BIT_STRING: -+ if (p->value == NULL) -+ { -+ _asn1_error_description_value_not_found (p, ErrorDescription); -+ err = ASN1_VALUE_NOT_FOUND; -+ goto error; -+ } -+ len2 = asn1_get_length_der (p->value, p->value_len, &len3); -+ if (len2 < 0) -+ { -+ err = ASN1_DER_ERROR; -+ goto error; -+ } -+ max_len -= len2 + len3; -+ if (der != NULL && max_len >= 0) -+ memcpy (der + counter, p->value, len3 + len2); -+ counter += len3 + len2; -+ move = RIGHT; -+ break; -+ case ASN1_ETYPE_SEQUENCE: -+ case ASN1_ETYPE_SET: -+ if (move != UP) -+ { -+ p->tmp_ival = counter; -+ if (p->down == NULL) -+ { -+ move = UP; -+ continue; -+ } -+ else -+ { -+ p2 = p->down; -+ while (p2 && (type_field (p2->type) == ASN1_ETYPE_TAG)) -+ p2 = p2->right; -+ if (p2) -+ { -+ p = p2; -+ move = RIGHT; -+ continue; -+ } -+ move = UP; -+ continue; -+ } -+ } -+ else -+ { /* move==UP */ -+ len2 = p->tmp_ival; -+ p->tmp_ival = 0; -+ if ((type_field (p->type) == ASN1_ETYPE_SET) && (max_len >= 0)) -+ { -+ err = _asn1_ordering_set (der + len2, counter - len2, p); -+ if (err != ASN1_SUCCESS) -+ goto error; -+ } -+ asn1_length_der (counter - len2, temp, &len3); -+ max_len -= len3; -+ if (der != NULL && max_len >= 0) -+ { -+ memmove (der + len2 + len3, der + len2, counter - len2); -+ memcpy (der + len2, temp, len3); -+ } -+ counter += len3; -+ move = RIGHT; -+ } -+ break; -+ case ASN1_ETYPE_SEQUENCE_OF: -+ case ASN1_ETYPE_SET_OF: -+ if (move != UP) -+ { -+ p->tmp_ival = counter; -+ p = p->down; -+ while ((type_field (p->type) == ASN1_ETYPE_TAG) -+ || (type_field (p->type) == ASN1_ETYPE_SIZE)) -+ p = p->right; -+ if (p->right) -+ { -+ p = p->right; -+ move = RIGHT; -+ continue; -+ } -+ else -+ p = _asn1_find_up (p); -+ move = UP; -+ } -+ if (move == UP) -+ { -+ len2 = p->tmp_ival; -+ p->tmp_ival = 0; -+ if ((type_field (p->type) == ASN1_ETYPE_SET_OF) -+ && (counter - len2 > 0) && (max_len >= 0)) -+ { -+ err = _asn1_ordering_set_of (der + len2, counter - len2, p); -+ if (err != ASN1_SUCCESS) -+ goto error; -+ } -+ asn1_length_der (counter - len2, temp, &len3); -+ max_len -= len3; -+ if (der != NULL && max_len >= 0) -+ { -+ memmove (der + len2 + len3, der + len2, counter - len2); -+ memcpy (der + len2, temp, len3); -+ } -+ counter += len3; -+ move = RIGHT; -+ } -+ break; -+ case ASN1_ETYPE_ANY: -+ if (p->value == NULL) -+ { -+ _asn1_error_description_value_not_found (p, ErrorDescription); -+ err = ASN1_VALUE_NOT_FOUND; -+ goto error; -+ } -+ len2 = asn1_get_length_der (p->value, p->value_len, &len3); -+ if (len2 < 0) -+ { -+ err = ASN1_DER_ERROR; -+ goto error; -+ } -+ max_len -= len2; -+ if (der != NULL && max_len >= 0) -+ memcpy (der + counter, p->value + len3, len2); -+ counter += len2; -+ move = RIGHT; -+ break; -+ default: -+ move = (move == UP) ? RIGHT : DOWN; -+ break; -+ } -+ -+ if ((move != DOWN) && (counter != counter_old)) -+ { -+ p->end = counter - 1; -+ err = _asn1_complete_explicit_tag (p, der, &counter, &max_len); -+ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) -+ goto error; -+ } -+ -+ if (p == node && move != DOWN) -+ break; -+ -+ if (move == DOWN) -+ { -+ if (p->down) -+ p = p->down; -+ else -+ move = RIGHT; -+ } -+ if (move == RIGHT) -+ { -+ if (p->right) -+ p = p->right; -+ else -+ move = UP; -+ } -+ if (move == UP) -+ p = _asn1_find_up (p); -+ } -+ -+ *len = counter; -+ -+ if (max_len < 0) -+ { -+ err = ASN1_MEM_ERROR; -+ goto error; -+ } -+ -+ err = ASN1_SUCCESS; -+ -+error: -+ asn1_delete_structure (&node); -+ return err; -+} -diff --git a/grub-core/lib/libtasn1/lib/decoding.c b/grub-core/lib/libtasn1/lib/decoding.c -new file mode 100644 -index 0000000000..ff04eb778c ---- /dev/null -+++ b/grub-core/lib/libtasn1/lib/decoding.c -@@ -0,0 +1,2478 @@ -+/* -+ * Copyright (C) 2002-2016 Free Software Foundation, Inc. -+ * -+ * This file is part of LIBTASN1. -+ * -+ * The LIBTASN1 library is free software; you can redistribute it -+ * and/or modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -+ * 02110-1301, USA -+ */ -+ -+ -+/*****************************************************/ -+/* File: decoding.c */ -+/* Description: Functions to manage DER decoding */ -+/*****************************************************/ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#ifdef DEBUG -+# define warn() fprintf(stderr, "%s: %d\n", __func__, __LINE__) -+#else -+# define warn() -+#endif -+ -+#define IS_ERR(len, flags) (len < -1 || ((flags & ASN1_DECODE_FLAG_STRICT_DER) && len < 0)) -+ -+#define HAVE_TWO(x) (x>=2?1:0) -+ -+/* Decoding flags (dflags) used in several decoding functions. -+ * DECODE_FLAG_HAVE_TAG: The provided buffer includes a tag -+ * DECODE_FLAG_CONSTRUCTED: The provided buffer is of indefinite encoding (useful -+ * when no tags are present). -+ * DECODE_FLAG_LEVEL1: Internal flag to indicate a level of recursion for BER strings. -+ * DECODE_FLAG_LEVEL2: Internal flag to indicate two levels of recursion for BER strings. -+ * DECODE_FLAG_LEVEL3: Internal flag to indicate three levels of recursion for BER strings. -+ * This is the maximum levels of recursion possible to prevent stack -+ * exhaustion. -+ */ -+ -+#define DECODE_FLAG_HAVE_TAG 1 -+#define DECODE_FLAG_CONSTRUCTED (1<<1) -+#define DECODE_FLAG_LEVEL1 (1<<2) -+#define DECODE_FLAG_LEVEL2 (1<<3) -+#define DECODE_FLAG_LEVEL3 (1<<4) -+ -+#define DECR_LEN(l, s) do { \ -+ l -= s; \ -+ if (l < 0) { \ -+ warn(); \ -+ result = ASN1_DER_ERROR; \ -+ goto cleanup; \ -+ } \ -+ } while (0) -+ -+static int -+_asn1_get_indefinite_length_string (const unsigned char *der, int der_len, int *len); -+ -+static int -+_asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, -+ unsigned int _der_len, unsigned char **str, -+ unsigned int *str_len, unsigned int *ber_len, -+ unsigned dflags); -+ -+static int -+_asn1_decode_simple_der (unsigned int etype, const unsigned char *der, -+ unsigned int _der_len, const unsigned char **str, -+ unsigned int *str_len, unsigned dflags); -+ -+static void -+_asn1_error_description_tag_error (asn1_node node, char *ErrorDescription) -+{ -+ -+ Estrcpy (ErrorDescription, ":: tag error near element '"); -+ _asn1_hierarchical_name (node, ErrorDescription + strlen (ErrorDescription), -+ ASN1_MAX_ERROR_DESCRIPTION_SIZE - 40); -+ Estrcat (ErrorDescription, "'"); -+ -+} -+ -+/** -+ * asn1_get_length_der: -+ * @der: DER data to decode. -+ * @der_len: Length of DER data to decode. -+ * @len: Output variable containing the length of the DER length field. -+ * -+ * Extract a length field from DER data. -+ * -+ * Returns: Return the decoded length value, or -1 on indefinite -+ * length, or -2 when the value was too big to fit in a int, or -4 -+ * when the decoded length value plus @len would exceed @der_len. -+ **/ -+long -+asn1_get_length_der (const unsigned char *der, int der_len, int *len) -+{ -+ unsigned int ans; -+ int k, punt, sum; -+ -+ *len = 0; -+ if (der_len <= 0) -+ return 0; -+ -+ if (!(der[0] & 128)) -+ { -+ /* short form */ -+ *len = 1; -+ ans = der[0]; -+ } -+ else -+ { -+ /* Long form */ -+ k = der[0] & 0x7F; -+ punt = 1; -+ if (k) -+ { /* definite length method */ -+ ans = 0; -+ while (punt <= k && punt < der_len) -+ { -+ if (INT_MULTIPLY_OVERFLOW (ans, 256)) -+ return -2; -+ ans *= 256; -+ -+ if (INT_ADD_OVERFLOW (ans, ((unsigned) der[punt]))) -+ return -2; -+ ans += der[punt]; -+ punt++; -+ } -+ } -+ else -+ { /* indefinite length method */ -+ *len = punt; -+ return -1; -+ } -+ -+ *len = punt; -+ } -+ -+ sum = ans; -+ if (ans >= INT_MAX || INT_ADD_OVERFLOW (sum, (*len))) -+ return -2; -+ sum += *len; -+ -+ if (sum > der_len) -+ return -4; -+ -+ return ans; -+} -+ -+/** -+ * asn1_get_tag_der: -+ * @der: DER data to decode. -+ * @der_len: Length of DER data to decode. -+ * @cls: Output variable containing decoded class. -+ * @len: Output variable containing the length of the DER TAG data. -+ * @tag: Output variable containing the decoded tag (may be %NULL). -+ * -+ * Decode the class and TAG from DER code. -+ * -+ * Returns: Returns %ASN1_SUCCESS on success, or an error. -+ **/ -+int -+asn1_get_tag_der (const unsigned char *der, int der_len, -+ unsigned char *cls, int *len, unsigned long *tag) -+{ -+ unsigned int ris; -+ int punt; -+ -+ if (der == NULL || der_len < 2 || len == NULL) -+ return ASN1_DER_ERROR; -+ -+ *cls = der[0] & 0xE0; -+ if ((der[0] & 0x1F) != 0x1F) -+ { -+ /* short form */ -+ *len = 1; -+ ris = der[0] & 0x1F; -+ } -+ else -+ { -+ /* Long form */ -+ punt = 1; -+ ris = 0; -+ while (punt < der_len && der[punt] & 128) -+ { -+ -+ if (INT_MULTIPLY_OVERFLOW (ris, 128)) -+ return ASN1_DER_ERROR; -+ ris *= 128; -+ -+ if (INT_ADD_OVERFLOW (ris, ((unsigned) (der[punt] & 0x7F)))) -+ return ASN1_DER_ERROR; -+ ris += (der[punt] & 0x7F); -+ punt++; -+ } -+ -+ if (punt >= der_len) -+ return ASN1_DER_ERROR; -+ -+ if (INT_MULTIPLY_OVERFLOW (ris, 128)) -+ return ASN1_DER_ERROR; -+ ris *= 128; -+ -+ if (INT_ADD_OVERFLOW (ris, ((unsigned) (der[punt] & 0x7F)))) -+ return ASN1_DER_ERROR; -+ ris += (der[punt] & 0x7F); -+ punt++; -+ -+ *len = punt; -+ } -+ -+ if (tag) -+ *tag = ris; -+ return ASN1_SUCCESS; -+} -+ -+/** -+ * asn1_get_length_ber: -+ * @ber: BER data to decode. -+ * @ber_len: Length of BER data to decode. -+ * @len: Output variable containing the length of the BER length field. -+ * -+ * Extract a length field from BER data. The difference to -+ * asn1_get_length_der() is that this function will return a length -+ * even if the value has indefinite encoding. -+ * -+ * Returns: Return the decoded length value, or negative value when -+ * the value was too big. -+ * -+ * Since: 2.0 -+ **/ -+long -+asn1_get_length_ber (const unsigned char *ber, int ber_len, int *len) -+{ -+ int ret; -+ long err; -+ -+ ret = asn1_get_length_der (ber, ber_len, len); -+ -+ if (ret == -1 && ber_len > 1) -+ { /* indefinite length method */ -+ err = _asn1_get_indefinite_length_string (ber + 1, ber_len-1, &ret); -+ if (err != ASN1_SUCCESS) -+ return -3; -+ } -+ -+ return ret; -+} -+ -+/** -+ * asn1_get_octet_der: -+ * @der: DER data to decode containing the OCTET SEQUENCE. -+ * @der_len: The length of the @der data to decode. -+ * @ret_len: Output variable containing the encoded length of the DER data. -+ * @str: Pre-allocated output buffer to put decoded OCTET SEQUENCE in. -+ * @str_size: Length of pre-allocated output buffer. -+ * @str_len: Output variable containing the length of the contents of the OCTET SEQUENCE. -+ * -+ * Extract an OCTET SEQUENCE from DER data. Note that this function -+ * expects the DER data past the tag field, i.e., the length and -+ * content octets. -+ * -+ * Returns: Returns %ASN1_SUCCESS on success, or an error. -+ **/ -+int -+asn1_get_octet_der (const unsigned char *der, int der_len, -+ int *ret_len, unsigned char *str, int str_size, -+ int *str_len) -+{ -+ int len_len = 0; -+ -+ if (der_len <= 0) -+ return ASN1_GENERIC_ERROR; -+ -+ *str_len = asn1_get_length_der (der, der_len, &len_len); -+ -+ if (*str_len < 0) -+ return ASN1_DER_ERROR; -+ -+ *ret_len = *str_len + len_len; -+ if (str_size >= *str_len) -+ { -+ if (*str_len > 0 && str != NULL) -+ memcpy (str, der + len_len, *str_len); -+ } -+ else -+ { -+ return ASN1_MEM_ERROR; -+ } -+ -+ return ASN1_SUCCESS; -+} -+ -+ -+/*- -+ * _asn1_get_time_der: -+ * @type: %ASN1_ETYPE_GENERALIZED_TIME or %ASN1_ETYPE_UTC_TIME -+ * @der: DER data to decode containing the time -+ * @der_len: Length of DER data to decode. -+ * @ret_len: Output variable containing the length of the DER data. -+ * @str: Pre-allocated output buffer to put the textual time in. -+ * @str_size: Length of pre-allocated output buffer. -+ * @flags: Zero or %ASN1_DECODE_FLAG_STRICT_DER -+ * -+ * Performs basic checks in the DER encoded time object and returns its textual form. -+ * The textual form will be in the YYYYMMDD000000Z format for GeneralizedTime -+ * and YYMMDD000000Z for UTCTime. -+ * -+ * Returns: %ASN1_SUCCESS on success, or an error. -+ -*/ -+static int -+_asn1_get_time_der (unsigned type, const unsigned char *der, int der_len, int *ret_len, -+ char *str, int str_size, unsigned flags) -+{ -+ int len_len, str_len; -+ unsigned i; -+ unsigned sign_count = 0; -+ unsigned dot_count = 0; -+ const unsigned char *p; -+ -+ if (der_len <= 0 || str == NULL) -+ return ASN1_DER_ERROR; -+ -+ str_len = asn1_get_length_der (der, der_len, &len_len); -+ if (str_len <= 0 || str_size < str_len) -+ return ASN1_DER_ERROR; -+ -+ /* perform some sanity checks on the data */ -+ if (str_len < 8) -+ { -+ warn(); -+ return ASN1_TIME_ENCODING_ERROR; -+ } -+ -+ if ((flags & ASN1_DECODE_FLAG_STRICT_DER) && !(flags & ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME)) -+ { -+ p = &der[len_len]; -+ for (i=0;i<(unsigned)(str_len-1);i++) -+ { -+ if (c_isdigit(p[i]) == 0) -+ { -+ if (type == ASN1_ETYPE_GENERALIZED_TIME) -+ { -+ /* tolerate lax encodings */ -+ if (p[i] == '.' && dot_count == 0) -+ { -+ dot_count++; -+ continue; -+ } -+ -+ /* This is not really valid DER, but there are -+ * structures using that */ -+ if (!(flags & ASN1_DECODE_FLAG_STRICT_DER) && -+ (p[i] == '+' || p[i] == '-') && sign_count == 0) -+ { -+ sign_count++; -+ continue; -+ } -+ } -+ -+ warn(); -+ return ASN1_TIME_ENCODING_ERROR; -+ } -+ } -+ -+ if (sign_count == 0 && p[str_len-1] != 'Z') -+ { -+ warn(); -+ return ASN1_TIME_ENCODING_ERROR; -+ } -+ } -+ memcpy (str, der + len_len, str_len); -+ str[str_len] = 0; -+ *ret_len = str_len + len_len; -+ -+ return ASN1_SUCCESS; -+} -+ -+/** -+ * asn1_get_object_id_der: -+ * @der: DER data to decode containing the OBJECT IDENTIFIER -+ * @der_len: Length of DER data to decode. -+ * @ret_len: Output variable containing the length of the DER data. -+ * @str: Pre-allocated output buffer to put the textual object id in. -+ * @str_size: Length of pre-allocated output buffer. -+ * -+ * Converts a DER encoded object identifier to its textual form. This -+ * function expects the DER object identifier without the tag. -+ * -+ * Returns: %ASN1_SUCCESS on success, or an error. -+ **/ -+int -+asn1_get_object_id_der (const unsigned char *der, int der_len, int *ret_len, -+ char *str, int str_size) -+{ -+ int len_len, len, k; -+ int leading, parsed; -+ char temp[LTOSTR_MAX_SIZE]; -+ uint64_t val, val1, val0; -+ -+ *ret_len = 0; -+ if (str && str_size > 0) -+ str[0] = 0; /* no oid */ -+ -+ if (str == NULL || der_len <= 0) -+ return ASN1_GENERIC_ERROR; -+ -+ len = asn1_get_length_der (der, der_len, &len_len); -+ -+ if (len <= 0 || len + len_len > der_len) -+ return ASN1_DER_ERROR; -+ -+ /* leading octet can never be 0x80 */ -+ if (der[len_len] == 0x80) -+ return ASN1_DER_ERROR; -+ -+ val0 = 0; -+ -+ for (k = 0; k < len; k++) -+ { -+ if (INT_LEFT_SHIFT_OVERFLOW (val0, 7)) -+ return ASN1_DER_ERROR; -+ -+ val0 <<= 7; -+ val0 |= der[len_len + k] & 0x7F; -+ if (!(der[len_len + k] & 0x80)) -+ break; -+ } -+ parsed = ++k; -+ -+ /* val0 = (X*40) + Y, X={0,1,2}, Y<=39 when X={0,1} */ -+ /* X = val, Y = val1 */ -+ -+ /* check if X == 0 */ -+ val = 0; -+ val1 = val0; -+ if (val1 > 39) -+ { -+ val = 1; -+ val1 = val0 - 40; -+ if (val1 > 39) -+ { -+ val = 2; -+ val1 = val0 - 80; -+ } -+ } -+ -+ _asn1_str_cpy (str, str_size, _asn1_ltostr (val, temp)); -+ _asn1_str_cat (str, str_size, "."); -+ _asn1_str_cat (str, str_size, _asn1_ltostr (val1, temp)); -+ -+ val = 0; -+ leading = 1; -+ for (k = parsed; k < len; k++) -+ { -+ /* X.690 mandates that the leading byte must never be 0x80 -+ */ -+ if (leading != 0 && der[len_len + k] == 0x80) -+ return ASN1_DER_ERROR; -+ leading = 0; -+ -+ /* check for wrap around */ -+ if (INT_LEFT_SHIFT_OVERFLOW (val, 7)) -+ return ASN1_DER_ERROR; -+ -+ val = val << 7; -+ val |= der[len_len + k] & 0x7F; -+ -+ if (!(der[len_len + k] & 0x80)) -+ { -+ _asn1_str_cat (str, str_size, "."); -+ _asn1_str_cat (str, str_size, _asn1_ltostr (val, temp)); -+ val = 0; -+ leading = 1; -+ } -+ } -+ -+ if (INT_ADD_OVERFLOW (len, len_len)) -+ return ASN1_DER_ERROR; -+ -+ *ret_len = len + len_len; -+ -+ return ASN1_SUCCESS; -+} -+ -+/** -+ * asn1_get_bit_der: -+ * @der: DER data to decode containing the BIT SEQUENCE. -+ * @der_len: Length of DER data to decode. -+ * @ret_len: Output variable containing the length of the DER data. -+ * @str: Pre-allocated output buffer to put decoded BIT SEQUENCE in. -+ * @str_size: Length of pre-allocated output buffer. -+ * @bit_len: Output variable containing the size of the BIT SEQUENCE. -+ * -+ * Extract a BIT SEQUENCE from DER data. -+ * -+ * Returns: %ASN1_SUCCESS on success, or an error. -+ **/ -+int -+asn1_get_bit_der (const unsigned char *der, int der_len, -+ int *ret_len, unsigned char *str, int str_size, -+ int *bit_len) -+{ -+ int len_len = 0, len_byte; -+ -+ if (der_len <= 0) -+ return ASN1_GENERIC_ERROR; -+ -+ len_byte = asn1_get_length_der (der, der_len, &len_len) - 1; -+ if (len_byte < 0) -+ return ASN1_DER_ERROR; -+ -+ *ret_len = len_byte + len_len + 1; -+ *bit_len = len_byte * 8 - der[len_len]; -+ -+ if (*bit_len < 0) -+ return ASN1_DER_ERROR; -+ -+ if (str_size >= len_byte) -+ { -+ if (len_byte > 0 && str) -+ memcpy (str, der + len_len + 1, len_byte); -+ } -+ else -+ { -+ return ASN1_MEM_ERROR; -+ } -+ -+ return ASN1_SUCCESS; -+} -+ -+/* tag_len: the total tag length (explicit+inner) -+ * inner_tag_len: the inner_tag length -+ */ -+static int -+_asn1_extract_tag_der (asn1_node node, const unsigned char *der, int der_len, -+ int *tag_len, int *inner_tag_len, unsigned flags) -+{ -+ asn1_node p; -+ int counter, len2, len3, is_tag_implicit; -+ int result; -+ unsigned long tag, tag_implicit = 0; -+ unsigned char class, class2, class_implicit = 0; -+ -+ if (der_len <= 0) -+ return ASN1_GENERIC_ERROR; -+ -+ counter = is_tag_implicit = 0; -+ -+ if (node->type & CONST_TAG) -+ { -+ p = node->down; -+ while (p) -+ { -+ if (type_field (p->type) == ASN1_ETYPE_TAG) -+ { -+ if (p->type & CONST_APPLICATION) -+ class2 = ASN1_CLASS_APPLICATION; -+ else if (p->type & CONST_UNIVERSAL) -+ class2 = ASN1_CLASS_UNIVERSAL; -+ else if (p->type & CONST_PRIVATE) -+ class2 = ASN1_CLASS_PRIVATE; -+ else -+ class2 = ASN1_CLASS_CONTEXT_SPECIFIC; -+ -+ if (p->type & CONST_EXPLICIT) -+ { -+ if (asn1_get_tag_der -+ (der + counter, der_len, &class, &len2, -+ &tag) != ASN1_SUCCESS) -+ return ASN1_DER_ERROR; -+ -+ DECR_LEN(der_len, len2); -+ counter += len2; -+ -+ if (flags & ASN1_DECODE_FLAG_STRICT_DER) -+ len3 = -+ asn1_get_length_der (der + counter, der_len, -+ &len2); -+ else -+ len3 = -+ asn1_get_length_ber (der + counter, der_len, -+ &len2); -+ if (len3 < 0) -+ return ASN1_DER_ERROR; -+ -+ DECR_LEN(der_len, len2); -+ counter += len2; -+ -+ if (!is_tag_implicit) -+ { -+ if ((class != (class2 | ASN1_CLASS_STRUCTURED)) || -+ (tag != strtoul ((char *) p->value, NULL, 10))) -+ return ASN1_TAG_ERROR; -+ } -+ else -+ { /* ASN1_TAG_IMPLICIT */ -+ if ((class != class_implicit) || (tag != tag_implicit)) -+ return ASN1_TAG_ERROR; -+ } -+ is_tag_implicit = 0; -+ } -+ else -+ { /* ASN1_TAG_IMPLICIT */ -+ if (!is_tag_implicit) -+ { -+ if ((type_field (node->type) == ASN1_ETYPE_SEQUENCE) || -+ (type_field (node->type) == ASN1_ETYPE_SEQUENCE_OF) -+ || (type_field (node->type) == ASN1_ETYPE_SET) -+ || (type_field (node->type) == ASN1_ETYPE_SET_OF)) -+ class2 |= ASN1_CLASS_STRUCTURED; -+ class_implicit = class2; -+ tag_implicit = strtoul ((char *) p->value, NULL, 10); -+ is_tag_implicit = 1; -+ } -+ } -+ } -+ p = p->right; -+ } -+ } -+ -+ if (is_tag_implicit) -+ { -+ if (asn1_get_tag_der -+ (der + counter, der_len, &class, &len2, -+ &tag) != ASN1_SUCCESS) -+ return ASN1_DER_ERROR; -+ -+ DECR_LEN(der_len, len2); -+ -+ if ((class != class_implicit) || (tag != tag_implicit)) -+ { -+ if (type_field (node->type) == ASN1_ETYPE_OCTET_STRING) -+ { -+ class_implicit |= ASN1_CLASS_STRUCTURED; -+ if ((class != class_implicit) || (tag != tag_implicit)) -+ return ASN1_TAG_ERROR; -+ } -+ else -+ return ASN1_TAG_ERROR; -+ } -+ } -+ else -+ { -+ unsigned type = type_field (node->type); -+ if (type == ASN1_ETYPE_TAG) -+ { -+ *tag_len = 0; -+ if (inner_tag_len) -+ *inner_tag_len = 0; -+ return ASN1_SUCCESS; -+ } -+ -+ if (asn1_get_tag_der -+ (der + counter, der_len, &class, &len2, -+ &tag) != ASN1_SUCCESS) -+ return ASN1_DER_ERROR; -+ -+ DECR_LEN(der_len, len2); -+ -+ switch (type) -+ { -+ case ASN1_ETYPE_NULL: -+ case ASN1_ETYPE_BOOLEAN: -+ case ASN1_ETYPE_INTEGER: -+ case ASN1_ETYPE_ENUMERATED: -+ case ASN1_ETYPE_OBJECT_ID: -+ case ASN1_ETYPE_GENERALSTRING: -+ case ASN1_ETYPE_NUMERIC_STRING: -+ case ASN1_ETYPE_IA5_STRING: -+ case ASN1_ETYPE_TELETEX_STRING: -+ case ASN1_ETYPE_PRINTABLE_STRING: -+ case ASN1_ETYPE_UNIVERSAL_STRING: -+ case ASN1_ETYPE_BMP_STRING: -+ case ASN1_ETYPE_UTF8_STRING: -+ case ASN1_ETYPE_VISIBLE_STRING: -+ case ASN1_ETYPE_BIT_STRING: -+ case ASN1_ETYPE_SEQUENCE: -+ case ASN1_ETYPE_SEQUENCE_OF: -+ case ASN1_ETYPE_SET: -+ case ASN1_ETYPE_SET_OF: -+ case ASN1_ETYPE_GENERALIZED_TIME: -+ case ASN1_ETYPE_UTC_TIME: -+ if ((class != _asn1_tags[type].class) -+ || (tag != _asn1_tags[type].tag)) -+ return ASN1_DER_ERROR; -+ break; -+ -+ case ASN1_ETYPE_OCTET_STRING: -+ /* OCTET STRING is handled differently to allow -+ * BER encodings (structured class). */ -+ if (((class != ASN1_CLASS_UNIVERSAL) -+ && (class != (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED))) -+ || (tag != ASN1_TAG_OCTET_STRING)) -+ return ASN1_DER_ERROR; -+ break; -+ case ASN1_ETYPE_ANY: -+ counter -= len2; -+ break; -+ case ASN1_ETYPE_CHOICE: -+ counter -= len2; -+ break; -+ default: -+ return ASN1_DER_ERROR; -+ break; -+ } -+ } -+ -+ counter += len2; -+ *tag_len = counter; -+ if (inner_tag_len) -+ *inner_tag_len = len2; -+ return ASN1_SUCCESS; -+ -+cleanup: -+ return result; -+} -+ -+static int -+extract_tag_der_recursive(asn1_node node, const unsigned char *der, int der_len, -+ int *ret_len, int *inner_len, unsigned flags) -+{ -+asn1_node p; -+int ris = ASN1_DER_ERROR; -+ -+ if (type_field (node->type) == ASN1_ETYPE_CHOICE) -+ { -+ p = node->down; -+ while (p) -+ { -+ ris = _asn1_extract_tag_der (p, der, der_len, ret_len, inner_len, flags); -+ if (ris == ASN1_SUCCESS) -+ break; -+ p = p->right; -+ } -+ -+ *ret_len = 0; -+ return ris; -+ } -+ else -+ return _asn1_extract_tag_der (node, der, der_len, ret_len, inner_len, flags); -+} -+ -+static int -+_asn1_delete_not_used (asn1_node node) -+{ -+ asn1_node p, p2; -+ -+ if (node == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ p = node; -+ while (p) -+ { -+ if (p->type & CONST_NOT_USED) -+ { -+ p2 = NULL; -+ if (p != node) -+ { -+ p2 = _asn1_find_left (p); -+ if (!p2) -+ p2 = _asn1_find_up (p); -+ } -+ asn1_delete_structure (&p); -+ p = p2; -+ } -+ -+ if (!p) -+ break; /* reach node */ -+ -+ if (p->down) -+ { -+ p = p->down; -+ } -+ else -+ { -+ if (p == node) -+ p = NULL; -+ else if (p->right) -+ p = p->right; -+ else -+ { -+ while (1) -+ { -+ p = _asn1_find_up (p); -+ if (p == node) -+ { -+ p = NULL; -+ break; -+ } -+ if (p->right) -+ { -+ p = p->right; -+ break; -+ } -+ } -+ } -+ } -+ } -+ return ASN1_SUCCESS; -+} -+ -+static int -+_asn1_get_indefinite_length_string (const unsigned char *der, -+ int der_len, int *len) -+{ -+ int len2, len3, counter, indefinite; -+ int result; -+ unsigned long tag; -+ unsigned char class; -+ -+ counter = indefinite = 0; -+ -+ while (1) -+ { -+ if (HAVE_TWO(der_len) && (der[counter] == 0) && (der[counter + 1] == 0)) -+ { -+ counter += 2; -+ DECR_LEN(der_len, 2); -+ -+ indefinite--; -+ if (indefinite <= 0) -+ break; -+ else -+ continue; -+ } -+ -+ if (asn1_get_tag_der -+ (der + counter, der_len, &class, &len2, -+ &tag) != ASN1_SUCCESS) -+ return ASN1_DER_ERROR; -+ -+ DECR_LEN(der_len, len2); -+ counter += len2; -+ -+ len2 = asn1_get_length_der (der + counter, der_len, &len3); -+ if (len2 < -1) -+ return ASN1_DER_ERROR; -+ -+ if (len2 == -1) -+ { -+ indefinite++; -+ counter += 1; -+ DECR_LEN(der_len, 1); -+ } -+ else -+ { -+ counter += len2 + len3; -+ DECR_LEN(der_len, len2+len3); -+ } -+ } -+ -+ *len = counter; -+ return ASN1_SUCCESS; -+ -+cleanup: -+ return result; -+} -+ -+static void delete_unneeded_choice_fields(asn1_node p) -+{ -+ asn1_node p2; -+ -+ while (p->right) -+ { -+ p2 = p->right; -+ asn1_delete_structure (&p2); -+ } -+} -+ -+ -+/** -+ * asn1_der_decoding2 -+ * @element: pointer to an ASN1 structure. -+ * @ider: vector that contains the DER encoding. -+ * @max_ider_len: pointer to an integer giving the information about the -+ * maximal number of bytes occupied by *@ider. The real size of the DER -+ * encoding is returned through this pointer. -+ * @flags: flags controlling the behaviour of the function. -+ * @errorDescription: null-terminated string contains details when an -+ * error occurred. -+ * -+ * Fill the structure *@element with values of a DER encoding string. The -+ * structure must just be created with function asn1_create_element(). -+ * -+ * If %ASN1_DECODE_FLAG_ALLOW_PADDING flag is set then the function will ignore -+ * padding after the decoded DER data. Upon a successful return the value of -+ * *@max_ider_len will be set to the number of bytes decoded. -+ * -+ * If %ASN1_DECODE_FLAG_STRICT_DER flag is set then the function will -+ * not decode any BER-encoded elements. -+ * -+ * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND -+ * if @ELEMENT is %NULL, and %ASN1_TAG_ERROR or -+ * %ASN1_DER_ERROR if the der encoding doesn't match the structure -+ * name (*@ELEMENT deleted). -+ **/ -+int -+asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len, -+ unsigned int flags, char *errorDescription) -+{ -+ asn1_node node, p, p2, p3; -+ char temp[128]; -+ int counter, len2, len3, len4, move, ris, tlen; -+ struct node_tail_cache_st tcache = {NULL, NULL}; -+ unsigned char class; -+ unsigned long tag; -+ int tag_len; -+ int indefinite, result, total_len = *max_ider_len, ider_len = *max_ider_len; -+ int inner_tag_len; -+ unsigned char *ptmp; -+ const unsigned char *ptag; -+ const unsigned char *der = ider; -+ -+ node = *element; -+ -+ if (errorDescription != NULL) -+ errorDescription[0] = 0; -+ -+ if (node == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ if (node->type & CONST_OPTION) -+ { -+ result = ASN1_GENERIC_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ -+ counter = 0; -+ move = DOWN; -+ p = node; -+ while (1) -+ { -+ tag_len = 0; -+ inner_tag_len = 0; -+ ris = ASN1_SUCCESS; -+ if (move != UP) -+ { -+ if (p->type & CONST_SET) -+ { -+ p2 = _asn1_find_up (p); -+ len2 = p2->tmp_ival; -+ if (len2 == -1) -+ { -+ if (HAVE_TWO(ider_len) && !der[counter] && !der[counter + 1]) -+ { -+ p = p2; -+ move = UP; -+ counter += 2; -+ DECR_LEN(ider_len, 2); -+ continue; -+ } -+ } -+ else if (counter == len2) -+ { -+ p = p2; -+ move = UP; -+ continue; -+ } -+ else if (counter > len2) -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ p2 = p2->down; -+ while (p2) -+ { -+ if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED)) -+ { -+ ris = -+ extract_tag_der_recursive (p2, der + counter, -+ ider_len, &len2, NULL, flags); -+ if (ris == ASN1_SUCCESS) -+ { -+ p2->type &= ~CONST_NOT_USED; -+ p = p2; -+ break; -+ } -+ } -+ p2 = p2->right; -+ } -+ if (p2 == NULL) -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ } -+ -+ /* the position in the DER structure this starts */ -+ p->start = counter; -+ p->end = total_len - 1; -+ -+ if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT)) -+ { -+ p2 = _asn1_find_up (p); -+ len2 = p2->tmp_ival; -+ if (counter == len2) -+ { -+ if (p->right) -+ { -+ p2 = p->right; -+ move = RIGHT; -+ } -+ else -+ move = UP; -+ -+ if (p->type & CONST_OPTION) -+ asn1_delete_structure (&p); -+ -+ p = p2; -+ continue; -+ } -+ } -+ -+ if (type_field (p->type) == ASN1_ETYPE_CHOICE) -+ { -+ while (p->down) -+ { -+ ris = -+ extract_tag_der_recursive (p->down, der + counter, -+ ider_len, &len2, NULL, flags); -+ -+ if (ris == ASN1_SUCCESS) -+ { -+ delete_unneeded_choice_fields(p->down); -+ break; -+ } -+ else if (ris == ASN1_ERROR_TYPE_ANY) -+ { -+ result = ASN1_ERROR_TYPE_ANY; -+ warn(); -+ goto cleanup; -+ } -+ else -+ { -+ p2 = p->down; -+ asn1_delete_structure (&p2); -+ } -+ } -+ -+ if (p->down == NULL) -+ { -+ if (!(p->type & CONST_OPTION)) -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ } -+ else if (type_field (p->type) != ASN1_ETYPE_CHOICE) -+ p = p->down; -+ -+ p->start = counter; -+ } -+ -+ if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT)) -+ { -+ p2 = _asn1_find_up (p); -+ len2 = p2->tmp_ival; -+ -+ if ((len2 != -1) && (counter > len2)) -+ ris = ASN1_TAG_ERROR; -+ } -+ -+ if (ris == ASN1_SUCCESS) -+ ris = -+ extract_tag_der_recursive (p, der + counter, ider_len, -+ &tag_len, &inner_tag_len, flags); -+ -+ if (ris != ASN1_SUCCESS) -+ { -+ if (p->type & CONST_OPTION) -+ { -+ p->type |= CONST_NOT_USED; -+ move = RIGHT; -+ } -+ else if (p->type & CONST_DEFAULT) -+ { -+ _asn1_set_value (p, NULL, 0); -+ move = RIGHT; -+ } -+ else -+ { -+ if (errorDescription != NULL) -+ _asn1_error_description_tag_error (p, errorDescription); -+ -+ result = ASN1_TAG_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ } -+ else -+ { -+ DECR_LEN(ider_len, tag_len); -+ counter += tag_len; -+ } -+ } -+ -+ if (ris == ASN1_SUCCESS) -+ { -+ switch (type_field (p->type)) -+ { -+ case ASN1_ETYPE_NULL: -+ DECR_LEN(ider_len, 1); -+ if (der[counter]) -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ counter++; -+ move = RIGHT; -+ break; -+ case ASN1_ETYPE_BOOLEAN: -+ DECR_LEN(ider_len, 2); -+ -+ if (der[counter++] != 1) -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ if (der[counter++] == 0) -+ _asn1_set_value (p, "F", 1); -+ else -+ _asn1_set_value (p, "T", 1); -+ move = RIGHT; -+ break; -+ case ASN1_ETYPE_INTEGER: -+ case ASN1_ETYPE_ENUMERATED: -+ len2 = -+ asn1_get_length_der (der + counter, ider_len, &len3); -+ if (len2 < 0) -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ -+ DECR_LEN(ider_len, len3+len2); -+ -+ _asn1_set_value (p, der + counter, len3 + len2); -+ counter += len3 + len2; -+ move = RIGHT; -+ break; -+ case ASN1_ETYPE_OBJECT_ID: -+ result = -+ asn1_get_object_id_der (der + counter, ider_len, &len2, -+ temp, sizeof (temp)); -+ if (result != ASN1_SUCCESS) -+ { -+ warn(); -+ goto cleanup; -+ } -+ -+ DECR_LEN(ider_len, len2); -+ -+ tlen = strlen (temp); -+ if (tlen > 0) -+ _asn1_set_value (p, temp, tlen + 1); -+ -+ counter += len2; -+ move = RIGHT; -+ break; -+ case ASN1_ETYPE_GENERALIZED_TIME: -+ case ASN1_ETYPE_UTC_TIME: -+ result = -+ _asn1_get_time_der (type_field (p->type), der + counter, ider_len, &len2, temp, -+ sizeof (temp) - 1, flags); -+ if (result != ASN1_SUCCESS) -+ { -+ warn(); -+ goto cleanup; -+ } -+ -+ DECR_LEN(ider_len, len2); -+ -+ tlen = strlen (temp); -+ if (tlen > 0) -+ _asn1_set_value (p, temp, tlen); -+ -+ counter += len2; -+ move = RIGHT; -+ break; -+ case ASN1_ETYPE_OCTET_STRING: -+ if (counter < inner_tag_len) -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ -+ ptag = der + counter - inner_tag_len; -+ if ((flags & ASN1_DECODE_FLAG_STRICT_DER) || !(ptag[0] & ASN1_CLASS_STRUCTURED)) -+ { -+ if (ptag[0] & ASN1_CLASS_STRUCTURED) -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ -+ len2 = -+ asn1_get_length_der (der + counter, ider_len, &len3); -+ if (len2 < 0) -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ -+ DECR_LEN(ider_len, len3+len2); -+ -+ _asn1_set_value (p, der + counter, len3 + len2); -+ counter += len3 + len2; -+ } -+ else -+ { -+ unsigned dflags = 0, vlen, ber_len; -+ -+ if (ptag[0] & ASN1_CLASS_STRUCTURED) -+ dflags |= DECODE_FLAG_CONSTRUCTED; -+ -+ result = _asn1_decode_simple_ber(type_field (p->type), der+counter, ider_len, &ptmp, &vlen, &ber_len, dflags); -+ if (result != ASN1_SUCCESS) -+ { -+ warn(); -+ goto cleanup; -+ } -+ -+ DECR_LEN(ider_len, ber_len); -+ -+ _asn1_set_value_lv (p, ptmp, vlen); -+ -+ counter += ber_len; -+ free(ptmp); -+ } -+ move = RIGHT; -+ break; -+ case ASN1_ETYPE_GENERALSTRING: -+ case ASN1_ETYPE_NUMERIC_STRING: -+ case ASN1_ETYPE_IA5_STRING: -+ case ASN1_ETYPE_TELETEX_STRING: -+ case ASN1_ETYPE_PRINTABLE_STRING: -+ case ASN1_ETYPE_UNIVERSAL_STRING: -+ case ASN1_ETYPE_BMP_STRING: -+ case ASN1_ETYPE_UTF8_STRING: -+ case ASN1_ETYPE_VISIBLE_STRING: -+ case ASN1_ETYPE_BIT_STRING: -+ len2 = -+ asn1_get_length_der (der + counter, ider_len, &len3); -+ if (len2 < 0) -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ -+ DECR_LEN(ider_len, len3+len2); -+ -+ _asn1_set_value (p, der + counter, len3 + len2); -+ counter += len3 + len2; -+ move = RIGHT; -+ break; -+ case ASN1_ETYPE_SEQUENCE: -+ case ASN1_ETYPE_SET: -+ if (move == UP) -+ { -+ len2 = p->tmp_ival; -+ p->tmp_ival = 0; -+ if (len2 == -1) -+ { /* indefinite length method */ -+ DECR_LEN(ider_len, 2); -+ if ((der[counter]) || der[counter + 1]) -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ counter += 2; -+ } -+ else -+ { /* definite length method */ -+ if (len2 != counter) -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ } -+ move = RIGHT; -+ } -+ else -+ { /* move==DOWN || move==RIGHT */ -+ len3 = -+ asn1_get_length_der (der + counter, ider_len, &len2); -+ if (IS_ERR(len3, flags)) -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ -+ DECR_LEN(ider_len, len2); -+ counter += len2; -+ -+ if (len3 > 0) -+ { -+ p->tmp_ival = counter + len3; -+ move = DOWN; -+ } -+ else if (len3 == 0) -+ { -+ p2 = p->down; -+ while (p2) -+ { -+ if (type_field (p2->type) != ASN1_ETYPE_TAG) -+ { -+ p3 = p2->right; -+ asn1_delete_structure (&p2); -+ p2 = p3; -+ } -+ else -+ p2 = p2->right; -+ } -+ move = RIGHT; -+ } -+ else -+ { /* indefinite length method */ -+ p->tmp_ival = -1; -+ move = DOWN; -+ } -+ } -+ break; -+ case ASN1_ETYPE_SEQUENCE_OF: -+ case ASN1_ETYPE_SET_OF: -+ if (move == UP) -+ { -+ len2 = p->tmp_ival; -+ if (len2 == -1) -+ { /* indefinite length method */ -+ if (!HAVE_TWO(ider_len) || ((der[counter]) || der[counter + 1])) -+ { -+ result = _asn1_append_sequence_set (p, &tcache); -+ if (result != 0) -+ { -+ warn(); -+ goto cleanup; -+ } -+ p = tcache.tail; -+ move = RIGHT; -+ continue; -+ } -+ -+ p->tmp_ival = 0; -+ tcache.tail = NULL; /* finished decoding this structure */ -+ tcache.head = NULL; -+ DECR_LEN(ider_len, 2); -+ counter += 2; -+ } -+ else -+ { /* definite length method */ -+ if (len2 > counter) -+ { -+ result = _asn1_append_sequence_set (p, &tcache); -+ if (result != 0) -+ { -+ warn(); -+ goto cleanup; -+ } -+ p = tcache.tail; -+ move = RIGHT; -+ continue; -+ } -+ -+ p->tmp_ival = 0; -+ tcache.tail = NULL; /* finished decoding this structure */ -+ tcache.head = NULL; -+ -+ if (len2 != counter) -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ } -+ } -+ else -+ { /* move==DOWN || move==RIGHT */ -+ len3 = -+ asn1_get_length_der (der + counter, ider_len, &len2); -+ if (IS_ERR(len3, flags)) -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ -+ DECR_LEN(ider_len, len2); -+ counter += len2; -+ if (len3) -+ { -+ if (len3 > 0) -+ { /* definite length method */ -+ p->tmp_ival = counter + len3; -+ } -+ else -+ { /* indefinite length method */ -+ p->tmp_ival = -1; -+ } -+ -+ p2 = p->down; -+ if (p2 == NULL) -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ -+ while ((type_field (p2->type) == ASN1_ETYPE_TAG) -+ || (type_field (p2->type) == ASN1_ETYPE_SIZE)) -+ p2 = p2->right; -+ if (p2->right == NULL) -+ { -+ result = _asn1_append_sequence_set (p, &tcache); -+ if (result != 0) -+ { -+ warn(); -+ goto cleanup; -+ } -+ } -+ p = p2; -+ } -+ } -+ move = RIGHT; -+ break; -+ case ASN1_ETYPE_ANY: -+ /* Check indefinite lenth method in an EXPLICIT TAG */ -+ -+ if (!(flags & ASN1_DECODE_FLAG_STRICT_DER) && (p->type & CONST_TAG) && -+ tag_len == 2 && (der[counter - 1] == 0x80)) -+ indefinite = 1; -+ else -+ indefinite = 0; -+ -+ if (asn1_get_tag_der -+ (der + counter, ider_len, &class, &len2, -+ &tag) != ASN1_SUCCESS) -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ -+ DECR_LEN(ider_len, len2); -+ -+ len4 = -+ asn1_get_length_der (der + counter + len2, -+ ider_len, &len3); -+ if (IS_ERR(len4, flags)) -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ if (len4 != -1) /* definite */ -+ { -+ len2 += len4; -+ -+ DECR_LEN(ider_len, len4+len3); -+ _asn1_set_value_lv (p, der + counter, len2 + len3); -+ counter += len2 + len3; -+ } -+ else /* == -1 */ -+ { /* indefinite length */ -+ ider_len += len2; /* undo DECR_LEN */ -+ -+ if (counter == 0) -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ -+ result = -+ _asn1_get_indefinite_length_string (der + counter, ider_len, &len2); -+ if (result != ASN1_SUCCESS) -+ { -+ warn(); -+ goto cleanup; -+ } -+ -+ DECR_LEN(ider_len, len2); -+ _asn1_set_value_lv (p, der + counter, len2); -+ counter += len2; -+ -+ } -+ -+ /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with -+ an indefinite length method. */ -+ if (indefinite) -+ { -+ DECR_LEN(ider_len, 2); -+ if (!der[counter] && !der[counter + 1]) -+ { -+ counter += 2; -+ } -+ else -+ { -+ result = ASN1_DER_ERROR; -+ warn(); -+ goto cleanup; -+ } -+ } -+ -+ move = RIGHT; -+ break; -+ default: -+ move = (move == UP) ? RIGHT : DOWN; -+ break; -+ } -+ } -+ -+ if (p) -+ { -+ p->end = counter - 1; -+ } -+ -+ if (p == node && move != DOWN) -+ break; -+ -+ if (move == DOWN) -+ { -+ if (p->down) -+ p = p->down; -+ else -+ move = RIGHT; -+ } -+ if ((move == RIGHT) && !(p->type & CONST_SET)) -+ { -+ if (p->right) -+ p = p->right; -+ else -+ move = UP; -+ } -+ if (move == UP) -+ p = _asn1_find_up (p); -+ } -+ -+ _asn1_delete_not_used (*element); -+ -+ if ((ider_len < 0) || -+ (!(flags & ASN1_DECODE_FLAG_ALLOW_PADDING) && (ider_len != 0))) -+ { -+ warn(); -+ result = ASN1_DER_ERROR; -+ goto cleanup; -+ } -+ -+ *max_ider_len = total_len - ider_len; -+ -+ return ASN1_SUCCESS; -+ -+cleanup: -+ asn1_delete_structure (element); -+ return result; -+} -+ -+ -+/** -+ * asn1_der_decoding: -+ * @element: pointer to an ASN1 structure. -+ * @ider: vector that contains the DER encoding. -+ * @ider_len: number of bytes of *@ider: @ider[0]..@ider[len-1]. -+ * @errorDescription: null-terminated string contains details when an -+ * error occurred. -+ * -+ * Fill the structure *@element with values of a DER encoding -+ * string. The structure must just be created with function -+ * asn1_create_element(). -+ * -+ * Note that the *@element variable is provided as a pointer for -+ * historical reasons. -+ * -+ * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND -+ * if @ELEMENT is %NULL, and %ASN1_TAG_ERROR or -+ * %ASN1_DER_ERROR if the der encoding doesn't match the structure -+ * name (*@ELEMENT deleted). -+ **/ -+int -+asn1_der_decoding (asn1_node * element, const void *ider, int ider_len, -+ char *errorDescription) -+{ -+ return asn1_der_decoding2 (element, ider, &ider_len, 0, errorDescription); -+} -+ -+/** -+ * asn1_der_decoding_element: -+ * @structure: pointer to an ASN1 structure -+ * @elementName: name of the element to fill -+ * @ider: vector that contains the DER encoding of the whole structure. -+ * @len: number of bytes of *der: der[0]..der[len-1] -+ * @errorDescription: null-terminated string contains details when an -+ * error occurred. -+ * -+ * Fill the element named @ELEMENTNAME with values of a DER encoding -+ * string. The structure must just be created with function -+ * asn1_create_element(). The DER vector must contain the encoding -+ * string of the whole @STRUCTURE. If an error occurs during the -+ * decoding procedure, the *@STRUCTURE is deleted and set equal to -+ * %NULL. -+ * -+ * This function is deprecated and may just be an alias to asn1_der_decoding -+ * in future versions. Use asn1_der_decoding() instead. -+ * -+ * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND -+ * if ELEMENT is %NULL or @elementName == NULL, and -+ * %ASN1_TAG_ERROR or %ASN1_DER_ERROR if the der encoding doesn't -+ * match the structure @structure (*ELEMENT deleted). -+ **/ -+int -+asn1_der_decoding_element (asn1_node * structure, const char *elementName, -+ const void *ider, int len, char *errorDescription) -+{ -+ return asn1_der_decoding(structure, ider, len, errorDescription); -+} -+ -+/** -+ * asn1_der_decoding_startEnd: -+ * @element: pointer to an ASN1 element -+ * @ider: vector that contains the DER encoding. -+ * @ider_len: number of bytes of *@ider: @ider[0]..@ider[len-1] -+ * @name_element: an element of NAME structure. -+ * @start: the position of the first byte of NAME_ELEMENT decoding -+ * (@ider[*start]) -+ * @end: the position of the last byte of NAME_ELEMENT decoding -+ * (@ider[*end]) -+ * -+ * Find the start and end point of an element in a DER encoding -+ * string. I mean that if you have a der encoding and you have already -+ * used the function asn1_der_decoding() to fill a structure, it may -+ * happen that you want to find the piece of string concerning an -+ * element of the structure. -+ * -+ * One example is the sequence "tbsCertificate" inside an X509 -+ * certificate. -+ * -+ * Note that since libtasn1 3.7 the @ider and @ider_len parameters -+ * can be omitted, if the element is already decoded using asn1_der_decoding(). -+ * -+ * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND -+ * if ELEMENT is %asn1_node EMPTY or @name_element is not a valid -+ * element, %ASN1_TAG_ERROR or %ASN1_DER_ERROR if the der encoding -+ * doesn't match the structure ELEMENT. -+ **/ -+int -+asn1_der_decoding_startEnd (asn1_node element, const void *ider, int ider_len, -+ const char *name_element, int *start, int *end) -+{ -+ asn1_node node, node_to_find; -+ int result = ASN1_DER_ERROR; -+ -+ node = element; -+ -+ if (node == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ node_to_find = asn1_find_node (node, name_element); -+ -+ if (node_to_find == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ *start = node_to_find->start; -+ *end = node_to_find->end; -+ -+ if (*start == 0 && *end == 0) -+ { -+ if (ider == NULL || ider_len == 0) -+ return ASN1_GENERIC_ERROR; -+ -+ /* it seems asn1_der_decoding() wasn't called before. Do it now */ -+ result = asn1_der_decoding (&node, ider, ider_len, NULL); -+ if (result != ASN1_SUCCESS) -+ { -+ warn(); -+ return result; -+ } -+ -+ node_to_find = asn1_find_node (node, name_element); -+ if (node_to_find == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ *start = node_to_find->start; -+ *end = node_to_find->end; -+ } -+ -+ if (*end < *start) -+ return ASN1_GENERIC_ERROR; -+ -+ return ASN1_SUCCESS; -+} -+ -+/** -+ * asn1_expand_any_defined_by: -+ * @definitions: ASN1 definitions -+ * @element: pointer to an ASN1 structure -+ * -+ * Expands every "ANY DEFINED BY" element of a structure created from -+ * a DER decoding process (asn1_der_decoding function). The element -+ * ANY must be defined by an OBJECT IDENTIFIER. The type used to -+ * expand the element ANY is the first one following the definition of -+ * the actual value of the OBJECT IDENTIFIER. -+ * -+ * Returns: %ASN1_SUCCESS if Substitution OK, %ASN1_ERROR_TYPE_ANY if -+ * some "ANY DEFINED BY" element couldn't be expanded due to a -+ * problem in OBJECT_ID -> TYPE association, or other error codes -+ * depending on DER decoding. -+ **/ -+int -+asn1_expand_any_defined_by (asn1_node_const definitions, asn1_node * element) -+{ -+ char name[2 * ASN1_MAX_NAME_SIZE + 2], -+ value[ASN1_MAX_NAME_SIZE]; -+ int retCode = ASN1_SUCCESS, result; -+ int len, len2, len3; -+ asn1_node_const p2; -+ asn1_node p, p3, aux = NULL; -+ char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; -+ const char *definitionsName; -+ -+ if ((definitions == NULL) || (*element == NULL)) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ definitionsName = definitions->name; -+ -+ p = *element; -+ while (p) -+ { -+ -+ switch (type_field (p->type)) -+ { -+ case ASN1_ETYPE_ANY: -+ if ((p->type & CONST_DEFINED_BY) && (p->value)) -+ { -+ /* search the "DEF_BY" element */ -+ p2 = p->down; -+ while ((p2) && (type_field (p2->type) != ASN1_ETYPE_CONSTANT)) -+ p2 = p2->right; -+ -+ if (!p2) -+ { -+ retCode = ASN1_ERROR_TYPE_ANY; -+ break; -+ } -+ -+ p3 = _asn1_find_up (p); -+ -+ if (!p3) -+ { -+ retCode = ASN1_ERROR_TYPE_ANY; -+ break; -+ } -+ -+ p3 = p3->down; -+ while (p3) -+ { -+ if (!(strcmp (p3->name, p2->name))) -+ break; -+ p3 = p3->right; -+ } -+ -+ if ((!p3) || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) || -+ (p3->value == NULL)) -+ { -+ -+ p3 = _asn1_find_up (p); -+ p3 = _asn1_find_up (p3); -+ -+ if (!p3) -+ { -+ retCode = ASN1_ERROR_TYPE_ANY; -+ break; -+ } -+ -+ p3 = p3->down; -+ -+ while (p3) -+ { -+ if (!(strcmp (p3->name, p2->name))) -+ break; -+ p3 = p3->right; -+ } -+ -+ if ((!p3) || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) -+ || (p3->value == NULL)) -+ { -+ retCode = ASN1_ERROR_TYPE_ANY; -+ break; -+ } -+ } -+ -+ /* search the OBJECT_ID into definitions */ -+ p2 = definitions->down; -+ while (p2) -+ { -+ if ((type_field (p2->type) == ASN1_ETYPE_OBJECT_ID) && -+ (p2->type & CONST_ASSIGN)) -+ { -+ snprintf(name, sizeof(name), "%s.%s", definitionsName, p2->name); -+ -+ len = ASN1_MAX_NAME_SIZE; -+ result = -+ asn1_read_value (definitions, name, value, &len); -+ -+ if ((result == ASN1_SUCCESS) -+ && (!_asn1_strcmp (p3->value, value))) -+ { -+ p2 = p2->right; /* pointer to the structure to -+ use for expansion */ -+ while ((p2) && (p2->type & CONST_ASSIGN)) -+ p2 = p2->right; -+ -+ if (p2) -+ { -+ snprintf(name, sizeof(name), "%s.%s", definitionsName, p2->name); -+ -+ result = -+ asn1_create_element (definitions, name, &aux); -+ if (result == ASN1_SUCCESS) -+ { -+ _asn1_cpy_name (aux, p); -+ len2 = -+ asn1_get_length_der (p->value, -+ p->value_len, &len3); -+ if (len2 < 0) -+ return ASN1_DER_ERROR; -+ -+ result = -+ asn1_der_decoding (&aux, p->value + len3, -+ len2, -+ errorDescription); -+ if (result == ASN1_SUCCESS) -+ { -+ -+ _asn1_set_right (aux, p->right); -+ _asn1_set_right (p, aux); -+ -+ result = asn1_delete_structure (&p); -+ if (result == ASN1_SUCCESS) -+ { -+ p = aux; -+ aux = NULL; -+ break; -+ } -+ else -+ { /* error with asn1_delete_structure */ -+ asn1_delete_structure (&aux); -+ retCode = result; -+ break; -+ } -+ } -+ else -+ { /* error with asn1_der_decoding */ -+ retCode = result; -+ break; -+ } -+ } -+ else -+ { /* error with asn1_create_element */ -+ retCode = result; -+ break; -+ } -+ } -+ else -+ { /* error with the pointer to the structure to exapand */ -+ retCode = ASN1_ERROR_TYPE_ANY; -+ break; -+ } -+ } -+ } -+ p2 = p2->right; -+ } /* end while */ -+ -+ if (!p2) -+ { -+ retCode = ASN1_ERROR_TYPE_ANY; -+ break; -+ } -+ -+ } -+ break; -+ default: -+ break; -+ } -+ -+ -+ if (p->down) -+ { -+ p = p->down; -+ } -+ else if (p == *element) -+ { -+ p = NULL; -+ break; -+ } -+ else if (p->right) -+ p = p->right; -+ else -+ { -+ while (1) -+ { -+ p = _asn1_find_up (p); -+ if (p == *element) -+ { -+ p = NULL; -+ break; -+ } -+ if (p->right) -+ { -+ p = p->right; -+ break; -+ } -+ } -+ } -+ } -+ -+ return retCode; -+} -+ -+/** -+ * asn1_expand_octet_string: -+ * @definitions: ASN1 definitions -+ * @element: pointer to an ASN1 structure -+ * @octetName: name of the OCTECT STRING field to expand. -+ * @objectName: name of the OBJECT IDENTIFIER field to use to define -+ * the type for expansion. -+ * -+ * Expands an "OCTET STRING" element of a structure created from a DER -+ * decoding process (the asn1_der_decoding() function). The type used -+ * for expansion is the first one following the definition of the -+ * actual value of the OBJECT IDENTIFIER indicated by OBJECTNAME. -+ * -+ * Returns: %ASN1_SUCCESS if substitution OK, %ASN1_ELEMENT_NOT_FOUND -+ * if @objectName or @octetName are not correct, -+ * %ASN1_VALUE_NOT_VALID if it wasn't possible to find the type to -+ * use for expansion, or other errors depending on DER decoding. -+ **/ -+int -+asn1_expand_octet_string (asn1_node_const definitions, asn1_node * element, -+ const char *octetName, const char *objectName) -+{ -+ char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE]; -+ int retCode = ASN1_SUCCESS, result; -+ int len, len2, len3; -+ asn1_node_const p2; -+ asn1_node aux = NULL; -+ asn1_node octetNode = NULL, objectNode = NULL; -+ char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; -+ -+ if ((definitions == NULL) || (*element == NULL)) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ octetNode = asn1_find_node (*element, octetName); -+ if (octetNode == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ if (type_field (octetNode->type) != ASN1_ETYPE_OCTET_STRING) -+ return ASN1_ELEMENT_NOT_FOUND; -+ if (octetNode->value == NULL) -+ return ASN1_VALUE_NOT_FOUND; -+ -+ objectNode = asn1_find_node (*element, objectName); -+ if (objectNode == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ if (type_field (objectNode->type) != ASN1_ETYPE_OBJECT_ID) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ if (objectNode->value == NULL) -+ return ASN1_VALUE_NOT_FOUND; -+ -+ -+ /* search the OBJECT_ID into definitions */ -+ p2 = definitions->down; -+ while (p2) -+ { -+ if ((type_field (p2->type) == ASN1_ETYPE_OBJECT_ID) && -+ (p2->type & CONST_ASSIGN)) -+ { -+ strcpy (name, definitions->name); -+ strcat (name, "."); -+ strcat (name, p2->name); -+ -+ len = sizeof (value); -+ result = asn1_read_value (definitions, name, value, &len); -+ -+ if ((result == ASN1_SUCCESS) -+ && (!_asn1_strcmp (objectNode->value, value))) -+ { -+ -+ p2 = p2->right; /* pointer to the structure to -+ use for expansion */ -+ while ((p2) && (p2->type & CONST_ASSIGN)) -+ p2 = p2->right; -+ -+ if (p2) -+ { -+ strcpy (name, definitions->name); -+ strcat (name, "."); -+ strcat (name, p2->name); -+ -+ result = asn1_create_element (definitions, name, &aux); -+ if (result == ASN1_SUCCESS) -+ { -+ _asn1_cpy_name (aux, octetNode); -+ len2 = -+ asn1_get_length_der (octetNode->value, -+ octetNode->value_len, &len3); -+ if (len2 < 0) -+ return ASN1_DER_ERROR; -+ -+ result = -+ asn1_der_decoding (&aux, octetNode->value + len3, -+ len2, errorDescription); -+ if (result == ASN1_SUCCESS) -+ { -+ -+ _asn1_set_right (aux, octetNode->right); -+ _asn1_set_right (octetNode, aux); -+ -+ result = asn1_delete_structure (&octetNode); -+ if (result == ASN1_SUCCESS) -+ { -+ aux = NULL; -+ break; -+ } -+ else -+ { /* error with asn1_delete_structure */ -+ asn1_delete_structure (&aux); -+ retCode = result; -+ break; -+ } -+ } -+ else -+ { /* error with asn1_der_decoding */ -+ retCode = result; -+ break; -+ } -+ } -+ else -+ { /* error with asn1_create_element */ -+ retCode = result; -+ break; -+ } -+ } -+ else -+ { /* error with the pointer to the structure to exapand */ -+ retCode = ASN1_VALUE_NOT_VALID; -+ break; -+ } -+ } -+ } -+ -+ p2 = p2->right; -+ -+ } -+ -+ if (!p2) -+ retCode = ASN1_VALUE_NOT_VALID; -+ -+ return retCode; -+} -+ -+/*- -+ * _asn1_decode_simple_der: -+ * @etype: The type of the string to be encoded (ASN1_ETYPE_) -+ * @der: the encoded string -+ * @_der_len: the bytes of the encoded string -+ * @str: a pointer to the data -+ * @str_len: the length of the data -+ * @dflags: DECODE_FLAG_* -+ * -+ * Decodes a simple DER encoded type (e.g. a string, which is not constructed). -+ * The output is a pointer inside the @der. -+ * -+ * Returns: %ASN1_SUCCESS if successful or an error value. -+ -*/ -+static int -+_asn1_decode_simple_der (unsigned int etype, const unsigned char *der, -+ unsigned int _der_len, const unsigned char **str, -+ unsigned int *str_len, unsigned dflags) -+{ -+ int tag_len, len_len; -+ const unsigned char *p; -+ int der_len = _der_len; -+ unsigned char class; -+ unsigned long tag; -+ long ret; -+ -+ if (der == NULL || der_len == 0) -+ return ASN1_VALUE_NOT_VALID; -+ -+ if (ETYPE_OK (etype) == 0 || ETYPE_IS_STRING(etype) == 0) -+ return ASN1_VALUE_NOT_VALID; -+ -+ /* doesn't handle constructed classes */ -+ class = ETYPE_CLASS(etype); -+ if (class != ASN1_CLASS_UNIVERSAL) -+ return ASN1_VALUE_NOT_VALID; -+ -+ p = der; -+ -+ if (dflags & DECODE_FLAG_HAVE_TAG) -+ { -+ ret = asn1_get_tag_der (p, der_len, &class, &tag_len, &tag); -+ if (ret != ASN1_SUCCESS) -+ return ret; -+ -+ if (class != ETYPE_CLASS (etype) || tag != ETYPE_TAG (etype)) -+ { -+ warn(); -+ return ASN1_DER_ERROR; -+ } -+ -+ p += tag_len; -+ der_len -= tag_len; -+ if (der_len <= 0) -+ return ASN1_DER_ERROR; -+ } -+ -+ ret = asn1_get_length_der (p, der_len, &len_len); -+ if (ret < 0) -+ return ASN1_DER_ERROR; -+ -+ p += len_len; -+ der_len -= len_len; -+ if (der_len <= 0) -+ return ASN1_DER_ERROR; -+ -+ *str_len = ret; -+ *str = p; -+ -+ return ASN1_SUCCESS; -+} -+ -+/** -+ * asn1_decode_simple_der: -+ * @etype: The type of the string to be encoded (ASN1_ETYPE_) -+ * @der: the encoded string -+ * @_der_len: the bytes of the encoded string -+ * @str: a pointer to the data -+ * @str_len: the length of the data -+ * -+ * Decodes a simple DER encoded type (e.g. a string, which is not constructed). -+ * The output is a pointer inside the @der. -+ * -+ * Returns: %ASN1_SUCCESS if successful or an error value. -+ **/ -+int -+asn1_decode_simple_der (unsigned int etype, const unsigned char *der, -+ unsigned int _der_len, const unsigned char **str, -+ unsigned int *str_len) -+{ -+ return _asn1_decode_simple_der(etype, der, _der_len, str, str_len, DECODE_FLAG_HAVE_TAG); -+} -+ -+static int append(uint8_t **dst, unsigned *dst_size, const unsigned char *src, unsigned src_size) -+{ -+ if (src_size == 0) -+ return ASN1_SUCCESS; -+ -+ *dst = _asn1_realloc(*dst, *dst_size+src_size); -+ if (*dst == NULL) -+ return ASN1_MEM_ALLOC_ERROR; -+ memcpy(*dst + *dst_size, src, src_size); -+ *dst_size += src_size; -+ return ASN1_SUCCESS; -+} -+ -+/*- -+ * _asn1_decode_simple_ber: -+ * @etype: The type of the string to be encoded (ASN1_ETYPE_) -+ * @der: the encoded string -+ * @_der_len: the bytes of the encoded string -+ * @str: a pointer to the data -+ * @str_len: the length of the data -+ * @ber_len: the total length occupied by BER (may be %NULL) -+ * @have_tag: whether a DER tag is included -+ * -+ * Decodes a BER encoded type. The output is an allocated value -+ * of the data. This decodes BER STRINGS only. Other types are -+ * decoded as DER. -+ * -+ * Returns: %ASN1_SUCCESS if successful or an error value. -+ -*/ -+static int -+_asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, -+ unsigned int _der_len, unsigned char **str, -+ unsigned int *str_len, unsigned int *ber_len, -+ unsigned dflags) -+{ -+ int tag_len, len_len; -+ const unsigned char *p; -+ int der_len = _der_len; -+ uint8_t *total = NULL; -+ unsigned total_size = 0; -+ unsigned char class; -+ unsigned long tag; -+ unsigned char *out = NULL; -+ const unsigned char *cout = NULL; -+ unsigned out_len; -+ long result; -+ -+ if (ber_len) *ber_len = 0; -+ -+ if (der == NULL || der_len == 0) -+ { -+ warn(); -+ return ASN1_VALUE_NOT_VALID; -+ } -+ -+ if (ETYPE_OK (etype) == 0) -+ { -+ warn(); -+ return ASN1_VALUE_NOT_VALID; -+ } -+ -+ /* doesn't handle constructed + definite classes */ -+ class = ETYPE_CLASS (etype); -+ if (class != ASN1_CLASS_UNIVERSAL) -+ { -+ warn(); -+ return ASN1_VALUE_NOT_VALID; -+ } -+ -+ p = der; -+ -+ if (dflags & DECODE_FLAG_HAVE_TAG) -+ { -+ result = asn1_get_tag_der (p, der_len, &class, &tag_len, &tag); -+ if (result != ASN1_SUCCESS) -+ { -+ warn(); -+ return result; -+ } -+ -+ if (tag != ETYPE_TAG (etype)) -+ { -+ warn(); -+ return ASN1_DER_ERROR; -+ } -+ -+ p += tag_len; -+ -+ DECR_LEN(der_len, tag_len); -+ -+ if (ber_len) *ber_len += tag_len; -+ } -+ -+ /* indefinite constructed */ -+ if ((((dflags & DECODE_FLAG_CONSTRUCTED) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype)) && -+ !(dflags & DECODE_FLAG_LEVEL3)) -+ { -+ if (der_len == 0) -+ { -+ warn(); -+ result = ASN1_DER_ERROR; -+ goto cleanup; -+ } -+ -+ if (der_len > 0 && p[0] == 0x80) /* indefinite */ -+ { -+ len_len = 1; -+ DECR_LEN(der_len, len_len); -+ p += len_len; -+ -+ if (ber_len) *ber_len += len_len; -+ -+ /* decode the available octet strings */ -+ do -+ { -+ unsigned tmp_len; -+ unsigned flags = DECODE_FLAG_HAVE_TAG; -+ -+ if (dflags & DECODE_FLAG_LEVEL1) -+ flags |= DECODE_FLAG_LEVEL2; -+ else if (dflags & DECODE_FLAG_LEVEL2) -+ flags |= DECODE_FLAG_LEVEL3; -+ else -+ flags |= DECODE_FLAG_LEVEL1; -+ -+ result = _asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len, -+ flags); -+ if (result != ASN1_SUCCESS) -+ { -+ warn(); -+ goto cleanup; -+ } -+ -+ p += tmp_len; -+ DECR_LEN(der_len, tmp_len); -+ -+ if (ber_len) *ber_len += tmp_len; -+ -+ DECR_LEN(der_len, 2); /* we need the EOC */ -+ -+ result = append(&total, &total_size, out, out_len); -+ if (result != ASN1_SUCCESS) -+ { -+ warn(); -+ goto cleanup; -+ } -+ -+ free(out); -+ out = NULL; -+ -+ if (p[0] == 0 && p[1] == 0) /* EOC */ -+ { -+ if (ber_len) *ber_len += 2; -+ break; -+ } -+ -+ /* no EOC */ -+ der_len += 2; -+ -+ if (der_len == 2) -+ { -+ warn(); -+ result = ASN1_DER_ERROR; -+ goto cleanup; -+ } -+ } -+ while(1); -+ } -+ else /* constructed */ -+ { -+ long const_len; -+ -+ result = asn1_get_length_ber(p, der_len, &len_len); -+ if (result < 0) -+ { -+ warn(); -+ result = ASN1_DER_ERROR; -+ goto cleanup; -+ } -+ -+ DECR_LEN(der_len, len_len); -+ p += len_len; -+ -+ const_len = result; -+ -+ if (ber_len) *ber_len += len_len; -+ -+ /* decode the available octet strings */ -+ while(const_len > 0) -+ { -+ unsigned tmp_len; -+ unsigned flags = DECODE_FLAG_HAVE_TAG; -+ -+ if (dflags & DECODE_FLAG_LEVEL1) -+ flags |= DECODE_FLAG_LEVEL2; -+ else if (dflags & DECODE_FLAG_LEVEL2) -+ flags |= DECODE_FLAG_LEVEL3; -+ else -+ flags |= DECODE_FLAG_LEVEL1; -+ -+ result = _asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len, -+ flags); -+ if (result != ASN1_SUCCESS) -+ { -+ warn(); -+ goto cleanup; -+ } -+ -+ p += tmp_len; -+ DECR_LEN(der_len, tmp_len); -+ DECR_LEN(const_len, tmp_len); -+ -+ if (ber_len) *ber_len += tmp_len; -+ -+ result = append(&total, &total_size, out, out_len); -+ if (result != ASN1_SUCCESS) -+ { -+ warn(); -+ goto cleanup; -+ } -+ -+ free(out); -+ out = NULL; -+ } -+ } -+ } -+ else if (class == ETYPE_CLASS(etype)) -+ { -+ if (ber_len) -+ { -+ result = asn1_get_length_der (p, der_len, &len_len); -+ if (result < 0) -+ { -+ warn(); -+ result = ASN1_DER_ERROR; -+ goto cleanup; -+ } -+ *ber_len += result + len_len; -+ } -+ -+ /* non-string values are decoded as DER */ -+ result = _asn1_decode_simple_der(etype, der, _der_len, &cout, &out_len, dflags); -+ if (result != ASN1_SUCCESS) -+ { -+ warn(); -+ goto cleanup; -+ } -+ -+ result = append(&total, &total_size, cout, out_len); -+ if (result != ASN1_SUCCESS) -+ { -+ warn(); -+ goto cleanup; -+ } -+ } -+ else -+ { -+ warn(); -+ result = ASN1_DER_ERROR; -+ goto cleanup; -+ } -+ -+ *str = total; -+ *str_len = total_size; -+ -+ return ASN1_SUCCESS; -+cleanup: -+ free(out); -+ free(total); -+ return result; -+} -+ -+/** -+ * asn1_decode_simple_ber: -+ * @etype: The type of the string to be encoded (ASN1_ETYPE_) -+ * @der: the encoded string -+ * @_der_len: the bytes of the encoded string -+ * @str: a pointer to the data -+ * @str_len: the length of the data -+ * @ber_len: the total length occupied by BER (may be %NULL) -+ * -+ * Decodes a BER encoded type. The output is an allocated value -+ * of the data. This decodes BER STRINGS only. Other types are -+ * decoded as DER. -+ * -+ * Returns: %ASN1_SUCCESS if successful or an error value. -+ **/ -+int -+asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, -+ unsigned int _der_len, unsigned char **str, -+ unsigned int *str_len, unsigned int *ber_len) -+{ -+ return _asn1_decode_simple_ber(etype, der, _der_len, str, str_len, ber_len, DECODE_FLAG_HAVE_TAG); -+} -diff --git a/grub-core/lib/libtasn1/lib/element.c b/grub-core/lib/libtasn1/lib/element.c -new file mode 100644 -index 0000000000..997eb2725d ---- /dev/null -+++ b/grub-core/lib/libtasn1/lib/element.c -@@ -0,0 +1,1111 @@ -+/* -+ * Copyright (C) 2000-2014 Free Software Foundation, Inc. -+ * -+ * This file is part of LIBTASN1. -+ * -+ * The LIBTASN1 library is free software; you can redistribute it -+ * and/or modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -+ * 02110-1301, USA -+ */ -+ -+/*****************************************************/ -+/* File: element.c */ -+/* Description: Functions with the read and write */ -+/* functions. */ -+/*****************************************************/ -+ -+ -+#include -+#include "parser_aux.h" -+#include -+#include "structure.h" -+#include "c-ctype.h" -+#include "element.h" -+ -+void -+_asn1_hierarchical_name (asn1_node_const node, char *name, int name_size) -+{ -+ asn1_node_const p; -+ char tmp_name[64]; -+ -+ p = node; -+ -+ name[0] = 0; -+ -+ while (p != NULL) -+ { -+ if (p->name[0] != 0) -+ { -+ _asn1_str_cpy (tmp_name, sizeof (tmp_name), name), -+ _asn1_str_cpy (name, name_size, p->name); -+ _asn1_str_cat (name, name_size, "."); -+ _asn1_str_cat (name, name_size, tmp_name); -+ } -+ p = _asn1_find_up (p); -+ } -+ -+ if (name[0] == 0) -+ _asn1_str_cpy (name, name_size, "ROOT"); -+} -+ -+ -+/******************************************************************/ -+/* Function : _asn1_convert_integer */ -+/* Description: converts an integer from a null terminated string */ -+/* to der decoding. The convertion from a null */ -+/* terminated string to an integer is made with */ -+/* the 'strtol' function. */ -+/* Parameters: */ -+/* value: null terminated string to convert. */ -+/* value_out: convertion result (memory must be already */ -+/* allocated). */ -+/* value_out_size: number of bytes of value_out. */ -+/* len: number of significant byte of value_out. */ -+/* Return: ASN1_MEM_ERROR or ASN1_SUCCESS */ -+/******************************************************************/ -+int -+_asn1_convert_integer (const unsigned char *value, unsigned char *value_out, -+ int value_out_size, int *len) -+{ -+ char negative; -+ unsigned char val[SIZEOF_UNSIGNED_LONG_INT]; -+ long valtmp; -+ int k, k2; -+ -+ valtmp = _asn1_strtol (value, NULL, 10); -+ -+ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++) -+ { -+ val[SIZEOF_UNSIGNED_LONG_INT - k - 1] = (valtmp >> (8 * k)) & 0xFF; -+ } -+ -+ if (val[0] & 0x80) -+ negative = 1; -+ else -+ negative = 0; -+ -+ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT - 1; k++) -+ { -+ if (negative && (val[k] != 0xFF)) -+ break; -+ else if (!negative && val[k]) -+ break; -+ } -+ -+ if ((negative && !(val[k] & 0x80)) || (!negative && (val[k] & 0x80))) -+ k--; -+ -+ *len = SIZEOF_UNSIGNED_LONG_INT - k; -+ -+ if (SIZEOF_UNSIGNED_LONG_INT - k > value_out_size) -+ /* VALUE_OUT is too short to contain the value conversion */ -+ return ASN1_MEM_ERROR; -+ -+ if (value_out != NULL) -+ { -+ for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++) -+ value_out[k2 - k] = val[k2]; -+ } -+ -+#if 0 -+ printf ("_asn1_convert_integer: valueIn=%s, lenOut=%d", value, *len); -+ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++) -+ printf (", vOut[%d]=%d", k, value_out[k]); -+ printf ("\n"); -+#endif -+ -+ return ASN1_SUCCESS; -+} -+ -+/* Appends a new element into the sequence (or set) defined by this -+ * node. The new element will have a name of '?number', where number -+ * is a monotonically increased serial number. -+ * -+ * The last element in the list may be provided in @pcache, to avoid -+ * traversing the list, an expensive operation in long lists. -+ * -+ * On success it returns in @pcache the added element (which is the -+ * tail in the list of added elements). -+ */ -+int -+_asn1_append_sequence_set (asn1_node node, struct node_tail_cache_st *pcache) -+{ -+ asn1_node p, p2; -+ char temp[LTOSTR_MAX_SIZE]; -+ long n; -+ -+ if (!node || !(node->down)) -+ return ASN1_GENERIC_ERROR; -+ -+ p = node->down; -+ while ((type_field (p->type) == ASN1_ETYPE_TAG) -+ || (type_field (p->type) == ASN1_ETYPE_SIZE)) -+ p = p->right; -+ -+ p2 = _asn1_copy_structure3 (p); -+ if (p2 == NULL) -+ return ASN1_GENERIC_ERROR; -+ -+ if (pcache == NULL || pcache->tail == NULL || pcache->head != node) -+ { -+ while (p->right) -+ { -+ p = p->right; -+ } -+ } -+ else -+ { -+ p = pcache->tail; -+ } -+ -+ _asn1_set_right (p, p2); -+ if (pcache) -+ { -+ pcache->head = node; -+ pcache->tail = p2; -+ } -+ -+ if (p->name[0] == 0) -+ _asn1_str_cpy (temp, sizeof (temp), "?1"); -+ else -+ { -+ n = strtol (p->name + 1, NULL, 0); -+ n++; -+ temp[0] = '?'; -+ _asn1_ltostr (n, temp + 1); -+ } -+ _asn1_set_name (p2, temp); -+ /* p2->type |= CONST_OPTION; */ -+ -+ return ASN1_SUCCESS; -+} -+ -+ -+/** -+ * asn1_write_value: -+ * @node_root: pointer to a structure -+ * @name: the name of the element inside the structure that you want to set. -+ * @ivalue: vector used to specify the value to set. If len is >0, -+ * VALUE must be a two's complement form integer. if len=0 *VALUE -+ * must be a null terminated string with an integer value. -+ * @len: number of bytes of *value to use to set the value: -+ * value[0]..value[len-1] or 0 if value is a null terminated string -+ * -+ * Set the value of one element inside a structure. -+ * -+ * If an element is OPTIONAL and you want to delete it, you must use -+ * the value=NULL and len=0. Using "pkix.asn": -+ * -+ * result=asn1_write_value(cert, "tbsCertificate.issuerUniqueID", -+ * NULL, 0); -+ * -+ * Description for each type: -+ * -+ * INTEGER: VALUE must contain a two's complement form integer. -+ * -+ * value[0]=0xFF , len=1 -> integer=-1. -+ * value[0]=0xFF value[1]=0xFF , len=2 -> integer=-1. -+ * value[0]=0x01 , len=1 -> integer= 1. -+ * value[0]=0x00 value[1]=0x01 , len=2 -> integer= 1. -+ * value="123" , len=0 -> integer= 123. -+ * -+ * ENUMERATED: As INTEGER (but only with not negative numbers). -+ * -+ * BOOLEAN: VALUE must be the null terminated string "TRUE" or -+ * "FALSE" and LEN != 0. -+ * -+ * value="TRUE" , len=1 -> boolean=TRUE. -+ * value="FALSE" , len=1 -> boolean=FALSE. -+ * -+ * OBJECT IDENTIFIER: VALUE must be a null terminated string with -+ * each number separated by a dot (e.g. "1.2.3.543.1"). LEN != 0. -+ * -+ * value="1 2 840 10040 4 3" , len=1 -> OID=dsa-with-sha. -+ * -+ * UTCTime: VALUE must be a null terminated string in one of these -+ * formats: "YYMMDDhhmmssZ", "YYMMDDhhmmssZ", -+ * "YYMMDDhhmmss+hh'mm'", "YYMMDDhhmmss-hh'mm'", -+ * "YYMMDDhhmm+hh'mm'", or "YYMMDDhhmm-hh'mm'". LEN != 0. -+ * -+ * value="9801011200Z" , len=1 -> time=Jannuary 1st, 1998 -+ * at 12h 00m Greenwich Mean Time -+ * -+ * GeneralizedTime: VALUE must be in one of this format: -+ * "YYYYMMDDhhmmss.sZ", "YYYYMMDDhhmmss.sZ", -+ * "YYYYMMDDhhmmss.s+hh'mm'", "YYYYMMDDhhmmss.s-hh'mm'", -+ * "YYYYMMDDhhmm+hh'mm'", or "YYYYMMDDhhmm-hh'mm'" where ss.s -+ * indicates the seconds with any precision like "10.1" or "01.02". -+ * LEN != 0 -+ * -+ * value="2001010112001.12-0700" , len=1 -> time=Jannuary -+ * 1st, 2001 at 12h 00m 01.12s Pacific Daylight Time -+ * -+ * OCTET STRING: VALUE contains the octet string and LEN is the -+ * number of octets. -+ * -+ * value="$\backslash$x01$\backslash$x02$\backslash$x03" , -+ * len=3 -> three bytes octet string -+ * -+ * GeneralString: VALUE contains the generalstring and LEN is the -+ * number of octets. -+ * -+ * value="$\backslash$x01$\backslash$x02$\backslash$x03" , -+ * len=3 -> three bytes generalstring -+ * -+ * BIT STRING: VALUE contains the bit string organized by bytes and -+ * LEN is the number of bits. -+ * -+ * value="$\backslash$xCF" , len=6 -> bit string="110011" (six -+ * bits) -+ * -+ * CHOICE: if NAME indicates a choice type, VALUE must specify one of -+ * the alternatives with a null terminated string. LEN != 0. Using -+ * "pkix.asn"\: -+ * -+ * result=asn1_write_value(cert, -+ * "certificate1.tbsCertificate.subject", "rdnSequence", -+ * 1); -+ * -+ * ANY: VALUE indicates the der encoding of a structure. LEN != 0. -+ * -+ * SEQUENCE OF: VALUE must be the null terminated string "NEW" and -+ * LEN != 0. With this instruction another element is appended in -+ * the sequence. The name of this element will be "?1" if it's the -+ * first one, "?2" for the second and so on. -+ * -+ * Using "pkix.asn"\: -+ * -+ * result=asn1_write_value(cert, -+ * "certificate1.tbsCertificate.subject.rdnSequence", "NEW", 1); -+ * -+ * SET OF: the same as SEQUENCE OF. Using "pkix.asn": -+ * -+ * result=asn1_write_value(cert, -+ * "tbsCertificate.subject.rdnSequence.?LAST", "NEW", 1); -+ * -+ * Returns: %ASN1_SUCCESS if the value was set, -+ * %ASN1_ELEMENT_NOT_FOUND if @name is not a valid element, and -+ * %ASN1_VALUE_NOT_VALID if @ivalue has a wrong format. -+ **/ -+int -+asn1_write_value (asn1_node node_root, const char *name, -+ const void *ivalue, int len) -+{ -+ asn1_node node, p, p2; -+ unsigned char *temp, *value_temp = NULL, *default_temp = NULL; -+ int len2, k, k2, negative; -+ size_t i; -+ const unsigned char *value = ivalue; -+ unsigned int type; -+ -+ node = asn1_find_node (node_root, name); -+ if (node == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ if ((node->type & CONST_OPTION) && (value == NULL) && (len == 0)) -+ { -+ asn1_delete_structure (&node); -+ return ASN1_SUCCESS; -+ } -+ -+ type = type_field (node->type); -+ -+ if ((type == ASN1_ETYPE_SEQUENCE_OF || type == ASN1_ETYPE_SET_OF) && (value == NULL) && (len == 0)) -+ { -+ p = node->down; -+ while ((type_field (p->type) == ASN1_ETYPE_TAG) -+ || (type_field (p->type) == ASN1_ETYPE_SIZE)) -+ p = p->right; -+ -+ while (p->right) -+ asn1_delete_structure (&p->right); -+ -+ return ASN1_SUCCESS; -+ } -+ -+ /* Don't allow element deletion for other types */ -+ if (value == NULL) -+ { -+ return ASN1_VALUE_NOT_VALID; -+ } -+ -+ switch (type) -+ { -+ case ASN1_ETYPE_BOOLEAN: -+ if (!_asn1_strcmp (value, "TRUE")) -+ { -+ if (node->type & CONST_DEFAULT) -+ { -+ p = node->down; -+ while (type_field (p->type) != ASN1_ETYPE_DEFAULT) -+ p = p->right; -+ if (p->type & CONST_TRUE) -+ _asn1_set_value (node, NULL, 0); -+ else -+ _asn1_set_value (node, "T", 1); -+ } -+ else -+ _asn1_set_value (node, "T", 1); -+ } -+ else if (!_asn1_strcmp (value, "FALSE")) -+ { -+ if (node->type & CONST_DEFAULT) -+ { -+ p = node->down; -+ while (type_field (p->type) != ASN1_ETYPE_DEFAULT) -+ p = p->right; -+ if (p->type & CONST_FALSE) -+ _asn1_set_value (node, NULL, 0); -+ else -+ _asn1_set_value (node, "F", 1); -+ } -+ else -+ _asn1_set_value (node, "F", 1); -+ } -+ else -+ return ASN1_VALUE_NOT_VALID; -+ break; -+ case ASN1_ETYPE_INTEGER: -+ case ASN1_ETYPE_ENUMERATED: -+ if (len == 0) -+ { -+ if ((c_isdigit (value[0])) || (value[0] == '-')) -+ { -+ value_temp = malloc (SIZEOF_UNSIGNED_LONG_INT); -+ if (value_temp == NULL) -+ return ASN1_MEM_ALLOC_ERROR; -+ -+ _asn1_convert_integer (value, value_temp, -+ SIZEOF_UNSIGNED_LONG_INT, &len); -+ } -+ else -+ { /* is an identifier like v1 */ -+ if (!(node->type & CONST_LIST)) -+ return ASN1_VALUE_NOT_VALID; -+ p = node->down; -+ while (p) -+ { -+ if (type_field (p->type) == ASN1_ETYPE_CONSTANT) -+ { -+ if (!_asn1_strcmp (p->name, value)) -+ { -+ value_temp = malloc (SIZEOF_UNSIGNED_LONG_INT); -+ if (value_temp == NULL) -+ return ASN1_MEM_ALLOC_ERROR; -+ -+ _asn1_convert_integer (p->value, -+ value_temp, -+ SIZEOF_UNSIGNED_LONG_INT, -+ &len); -+ break; -+ } -+ } -+ p = p->right; -+ } -+ if (p == NULL) -+ return ASN1_VALUE_NOT_VALID; -+ } -+ } -+ else -+ { /* len != 0 */ -+ value_temp = malloc (len); -+ if (value_temp == NULL) -+ return ASN1_MEM_ALLOC_ERROR; -+ memcpy (value_temp, value, len); -+ } -+ -+ if (value_temp[0] & 0x80) -+ negative = 1; -+ else -+ negative = 0; -+ -+ if (negative && (type_field (node->type) == ASN1_ETYPE_ENUMERATED)) -+ { -+ free (value_temp); -+ return ASN1_VALUE_NOT_VALID; -+ } -+ -+ for (k = 0; k < len - 1; k++) -+ if (negative && (value_temp[k] != 0xFF)) -+ break; -+ else if (!negative && value_temp[k]) -+ break; -+ -+ if ((negative && !(value_temp[k] & 0x80)) || -+ (!negative && (value_temp[k] & 0x80))) -+ k--; -+ -+ _asn1_set_value_lv (node, value_temp + k, len - k); -+ -+ if (node->type & CONST_DEFAULT) -+ { -+ p = node->down; -+ while (type_field (p->type) != ASN1_ETYPE_DEFAULT) -+ p = p->right; -+ if ((c_isdigit (p->value[0])) || (p->value[0] == '-')) -+ { -+ default_temp = malloc (SIZEOF_UNSIGNED_LONG_INT); -+ if (default_temp == NULL) -+ { -+ free (value_temp); -+ return ASN1_MEM_ALLOC_ERROR; -+ } -+ -+ _asn1_convert_integer (p->value, default_temp, -+ SIZEOF_UNSIGNED_LONG_INT, &len2); -+ } -+ else -+ { /* is an identifier like v1 */ -+ if (!(node->type & CONST_LIST)) -+ { -+ free (value_temp); -+ return ASN1_VALUE_NOT_VALID; -+ } -+ p2 = node->down; -+ while (p2) -+ { -+ if (type_field (p2->type) == ASN1_ETYPE_CONSTANT) -+ { -+ if (!_asn1_strcmp (p2->name, p->value)) -+ { -+ default_temp = malloc (SIZEOF_UNSIGNED_LONG_INT); -+ if (default_temp == NULL) -+ { -+ free (value_temp); -+ return ASN1_MEM_ALLOC_ERROR; -+ } -+ -+ _asn1_convert_integer (p2->value, -+ default_temp, -+ SIZEOF_UNSIGNED_LONG_INT, -+ &len2); -+ break; -+ } -+ } -+ p2 = p2->right; -+ } -+ if (p2 == NULL) -+ { -+ free (value_temp); -+ return ASN1_VALUE_NOT_VALID; -+ } -+ } -+ -+ -+ if ((len - k) == len2) -+ { -+ for (k2 = 0; k2 < len2; k2++) -+ if (value_temp[k + k2] != default_temp[k2]) -+ { -+ break; -+ } -+ if (k2 == len2) -+ _asn1_set_value (node, NULL, 0); -+ } -+ free (default_temp); -+ } -+ free (value_temp); -+ break; -+ case ASN1_ETYPE_OBJECT_ID: -+ for (i = 0; i < _asn1_strlen (value); i++) -+ if ((!c_isdigit (value[i])) && (value[i] != '.') && (value[i] != '+')) -+ return ASN1_VALUE_NOT_VALID; -+ if (node->type & CONST_DEFAULT) -+ { -+ p = node->down; -+ while (type_field (p->type) != ASN1_ETYPE_DEFAULT) -+ p = p->right; -+ if (!_asn1_strcmp (value, p->value)) -+ { -+ _asn1_set_value (node, NULL, 0); -+ break; -+ } -+ } -+ _asn1_set_value (node, value, _asn1_strlen (value) + 1); -+ break; -+ case ASN1_ETYPE_UTC_TIME: -+ { -+ len = _asn1_strlen (value); -+ if (len < 11) -+ return ASN1_VALUE_NOT_VALID; -+ for (k = 0; k < 10; k++) -+ if (!c_isdigit (value[k])) -+ return ASN1_VALUE_NOT_VALID; -+ switch (len) -+ { -+ case 11: -+ if (value[10] != 'Z') -+ return ASN1_VALUE_NOT_VALID; -+ break; -+ case 13: -+ if ((!c_isdigit (value[10])) || (!c_isdigit (value[11])) || -+ (value[12] != 'Z')) -+ return ASN1_VALUE_NOT_VALID; -+ break; -+ case 15: -+ if ((value[10] != '+') && (value[10] != '-')) -+ return ASN1_VALUE_NOT_VALID; -+ for (k = 11; k < 15; k++) -+ if (!c_isdigit (value[k])) -+ return ASN1_VALUE_NOT_VALID; -+ break; -+ case 17: -+ if ((!c_isdigit (value[10])) || (!c_isdigit (value[11]))) -+ return ASN1_VALUE_NOT_VALID; -+ if ((value[12] != '+') && (value[12] != '-')) -+ return ASN1_VALUE_NOT_VALID; -+ for (k = 13; k < 17; k++) -+ if (!c_isdigit (value[k])) -+ return ASN1_VALUE_NOT_VALID; -+ break; -+ default: -+ return ASN1_VALUE_NOT_FOUND; -+ } -+ _asn1_set_value (node, value, len); -+ } -+ break; -+ case ASN1_ETYPE_GENERALIZED_TIME: -+ len = _asn1_strlen (value); -+ _asn1_set_value (node, value, len); -+ break; -+ case ASN1_ETYPE_OCTET_STRING: -+ case ASN1_ETYPE_GENERALSTRING: -+ case ASN1_ETYPE_NUMERIC_STRING: -+ case ASN1_ETYPE_IA5_STRING: -+ case ASN1_ETYPE_TELETEX_STRING: -+ case ASN1_ETYPE_PRINTABLE_STRING: -+ case ASN1_ETYPE_UNIVERSAL_STRING: -+ case ASN1_ETYPE_BMP_STRING: -+ case ASN1_ETYPE_UTF8_STRING: -+ case ASN1_ETYPE_VISIBLE_STRING: -+ if (len == 0) -+ len = _asn1_strlen (value); -+ _asn1_set_value_lv (node, value, len); -+ break; -+ case ASN1_ETYPE_BIT_STRING: -+ if (len == 0) -+ len = _asn1_strlen (value); -+ asn1_length_der ((len >> 3) + 2, NULL, &len2); -+ temp = malloc ((len >> 3) + 2 + len2); -+ if (temp == NULL) -+ return ASN1_MEM_ALLOC_ERROR; -+ -+ asn1_bit_der (value, len, temp, &len2); -+ _asn1_set_value_m (node, temp, len2); -+ temp = NULL; -+ break; -+ case ASN1_ETYPE_CHOICE: -+ p = node->down; -+ while (p) -+ { -+ if (!_asn1_strcmp (p->name, value)) -+ { -+ p2 = node->down; -+ while (p2) -+ { -+ if (p2 != p) -+ { -+ asn1_delete_structure (&p2); -+ p2 = node->down; -+ } -+ else -+ p2 = p2->right; -+ } -+ break; -+ } -+ p = p->right; -+ } -+ if (!p) -+ return ASN1_ELEMENT_NOT_FOUND; -+ break; -+ case ASN1_ETYPE_ANY: -+ _asn1_set_value_lv (node, value, len); -+ break; -+ case ASN1_ETYPE_SEQUENCE_OF: -+ case ASN1_ETYPE_SET_OF: -+ if (_asn1_strcmp (value, "NEW")) -+ return ASN1_VALUE_NOT_VALID; -+ _asn1_append_sequence_set (node, NULL); -+ break; -+ default: -+ return ASN1_ELEMENT_NOT_FOUND; -+ break; -+ } -+ -+ return ASN1_SUCCESS; -+} -+ -+ -+#define PUT_VALUE( ptr, ptr_size, data, data_size) \ -+ *len = data_size; \ -+ if (ptr_size < data_size) { \ -+ return ASN1_MEM_ERROR; \ -+ } else { \ -+ if (ptr && data_size > 0) \ -+ memcpy (ptr, data, data_size); \ -+ } -+ -+#define PUT_STR_VALUE( ptr, ptr_size, data) \ -+ *len = _asn1_strlen (data) + 1; \ -+ if (ptr_size < *len) { \ -+ return ASN1_MEM_ERROR; \ -+ } else { \ -+ /* this strcpy is checked */ \ -+ if (ptr) { \ -+ _asn1_strcpy (ptr, data); \ -+ } \ -+ } -+ -+#define PUT_AS_STR_VALUE( ptr, ptr_size, data, data_size) \ -+ *len = data_size + 1; \ -+ if (ptr_size < *len) { \ -+ return ASN1_MEM_ERROR; \ -+ } else { \ -+ /* this strcpy is checked */ \ -+ if (ptr) { \ -+ if (data_size > 0) \ -+ memcpy (ptr, data, data_size); \ -+ ptr[data_size] = 0; \ -+ } \ -+ } -+ -+#define ADD_STR_VALUE( ptr, ptr_size, data) \ -+ *len += _asn1_strlen(data); \ -+ if (ptr_size < (int) *len) { \ -+ (*len)++; \ -+ return ASN1_MEM_ERROR; \ -+ } else { \ -+ /* this strcat is checked */ \ -+ if (ptr) _asn1_strcat (ptr, data); \ -+ } -+ -+/** -+ * asn1_read_value: -+ * @root: pointer to a structure. -+ * @name: the name of the element inside a structure that you want to read. -+ * @ivalue: vector that will contain the element's content, must be a -+ * pointer to memory cells already allocated (may be %NULL). -+ * @len: number of bytes of *value: value[0]..value[len-1]. Initialy -+ * holds the sizeof value. -+ * -+ * Returns the value of one element inside a structure. -+ * If an element is OPTIONAL and this returns -+ * %ASN1_ELEMENT_NOT_FOUND, it means that this element wasn't present -+ * in the der encoding that created the structure. The first element -+ * of a SEQUENCE_OF or SET_OF is named "?1". The second one "?2" and -+ * so on. If the @root provided is a node to specific sequence element, -+ * then the keyword "?CURRENT" is also acceptable and indicates the -+ * current sequence element of this node. -+ * -+ * Note that there can be valid values with length zero. In these case -+ * this function will succeed and @len will be zero. -+ * -+ * INTEGER: VALUE will contain a two's complement form integer. -+ * -+ * integer=-1 -> value[0]=0xFF , len=1. -+ * integer=1 -> value[0]=0x01 , len=1. -+ * -+ * ENUMERATED: As INTEGER (but only with not negative numbers). -+ * -+ * BOOLEAN: VALUE will be the null terminated string "TRUE" or -+ * "FALSE" and LEN=5 or LEN=6. -+ * -+ * OBJECT IDENTIFIER: VALUE will be a null terminated string with -+ * each number separated by a dot (i.e. "1.2.3.543.1"). -+ * -+ * LEN = strlen(VALUE)+1 -+ * -+ * UTCTime: VALUE will be a null terminated string in one of these -+ * formats: "YYMMDDhhmmss+hh'mm'" or "YYMMDDhhmmss-hh'mm'". -+ * LEN=strlen(VALUE)+1. -+ * -+ * GeneralizedTime: VALUE will be a null terminated string in the -+ * same format used to set the value. -+ * -+ * OCTET STRING: VALUE will contain the octet string and LEN will be -+ * the number of octets. -+ * -+ * GeneralString: VALUE will contain the generalstring and LEN will -+ * be the number of octets. -+ * -+ * BIT STRING: VALUE will contain the bit string organized by bytes -+ * and LEN will be the number of bits. -+ * -+ * CHOICE: If NAME indicates a choice type, VALUE will specify the -+ * alternative selected. -+ * -+ * ANY: If NAME indicates an any type, VALUE will indicate the DER -+ * encoding of the structure actually used. -+ * -+ * Returns: %ASN1_SUCCESS if value is returned, -+ * %ASN1_ELEMENT_NOT_FOUND if @name is not a valid element, -+ * %ASN1_VALUE_NOT_FOUND if there isn't any value for the element -+ * selected, and %ASN1_MEM_ERROR if The value vector isn't big enough -+ * to store the result, and in this case @len will contain the number of -+ * bytes needed. On the occasion that the stored data are of zero-length -+ * this function may return %ASN1_SUCCESS even if the provided @len is zero. -+ **/ -+int -+asn1_read_value (asn1_node_const root, const char *name, void *ivalue, int *len) -+{ -+ return asn1_read_value_type (root, name, ivalue, len, NULL); -+} -+ -+/** -+ * asn1_read_value_type: -+ * @root: pointer to a structure. -+ * @name: the name of the element inside a structure that you want to read. -+ * @ivalue: vector that will contain the element's content, must be a -+ * pointer to memory cells already allocated (may be %NULL). -+ * @len: number of bytes of *value: value[0]..value[len-1]. Initialy -+ * holds the sizeof value. -+ * @etype: The type of the value read (ASN1_ETYPE) -+ * -+ * Returns the type and value of one element inside a structure. -+ * If an element is OPTIONAL and this returns -+ * %ASN1_ELEMENT_NOT_FOUND, it means that this element wasn't present -+ * in the der encoding that created the structure. The first element -+ * of a SEQUENCE_OF or SET_OF is named "?1". The second one "?2" and -+ * so on. If the @root provided is a node to specific sequence element, -+ * then the keyword "?CURRENT" is also acceptable and indicates the -+ * current sequence element of this node. -+ * -+ * Note that there can be valid values with length zero. In these case -+ * this function will succeed and @len will be zero. -+ * -+ * -+ * INTEGER: VALUE will contain a two's complement form integer. -+ * -+ * integer=-1 -> value[0]=0xFF , len=1. -+ * integer=1 -> value[0]=0x01 , len=1. -+ * -+ * ENUMERATED: As INTEGER (but only with not negative numbers). -+ * -+ * BOOLEAN: VALUE will be the null terminated string "TRUE" or -+ * "FALSE" and LEN=5 or LEN=6. -+ * -+ * OBJECT IDENTIFIER: VALUE will be a null terminated string with -+ * each number separated by a dot (i.e. "1.2.3.543.1"). -+ * -+ * LEN = strlen(VALUE)+1 -+ * -+ * UTCTime: VALUE will be a null terminated string in one of these -+ * formats: "YYMMDDhhmmss+hh'mm'" or "YYMMDDhhmmss-hh'mm'". -+ * LEN=strlen(VALUE)+1. -+ * -+ * GeneralizedTime: VALUE will be a null terminated string in the -+ * same format used to set the value. -+ * -+ * OCTET STRING: VALUE will contain the octet string and LEN will be -+ * the number of octets. -+ * -+ * GeneralString: VALUE will contain the generalstring and LEN will -+ * be the number of octets. -+ * -+ * BIT STRING: VALUE will contain the bit string organized by bytes -+ * and LEN will be the number of bits. -+ * -+ * CHOICE: If NAME indicates a choice type, VALUE will specify the -+ * alternative selected. -+ * -+ * ANY: If NAME indicates an any type, VALUE will indicate the DER -+ * encoding of the structure actually used. -+ * -+ * Returns: %ASN1_SUCCESS if value is returned, -+ * %ASN1_ELEMENT_NOT_FOUND if @name is not a valid element, -+ * %ASN1_VALUE_NOT_FOUND if there isn't any value for the element -+ * selected, and %ASN1_MEM_ERROR if The value vector isn't big enough -+ * to store the result, and in this case @len will contain the number of -+ * bytes needed. On the occasion that the stored data are of zero-length -+ * this function may return %ASN1_SUCCESS even if the provided @len is zero. -+ **/ -+int -+asn1_read_value_type (asn1_node_const root, const char *name, void *ivalue, -+ int *len, unsigned int *etype) -+{ -+ asn1_node_const node, p, p2; -+ int len2, len3, result; -+ int value_size = *len; -+ unsigned char *value = ivalue; -+ unsigned type; -+ -+ node = asn1_find_node (root, name); -+ if (node == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ type = type_field (node->type); -+ -+ if ((type != ASN1_ETYPE_NULL) && -+ (type != ASN1_ETYPE_CHOICE) && -+ !(node->type & CONST_DEFAULT) && !(node->type & CONST_ASSIGN) && -+ (node->value == NULL)) -+ return ASN1_VALUE_NOT_FOUND; -+ -+ if (etype) -+ *etype = type; -+ switch (type) -+ { -+ case ASN1_ETYPE_NULL: -+ PUT_STR_VALUE (value, value_size, "NULL"); -+ break; -+ case ASN1_ETYPE_BOOLEAN: -+ if ((node->type & CONST_DEFAULT) && (node->value == NULL)) -+ { -+ p = node->down; -+ while (type_field (p->type) != ASN1_ETYPE_DEFAULT) -+ p = p->right; -+ if (p->type & CONST_TRUE) -+ { -+ PUT_STR_VALUE (value, value_size, "TRUE"); -+ } -+ else -+ { -+ PUT_STR_VALUE (value, value_size, "FALSE"); -+ } -+ } -+ else if (node->value[0] == 'T') -+ { -+ PUT_STR_VALUE (value, value_size, "TRUE"); -+ } -+ else -+ { -+ PUT_STR_VALUE (value, value_size, "FALSE"); -+ } -+ break; -+ case ASN1_ETYPE_INTEGER: -+ case ASN1_ETYPE_ENUMERATED: -+ if ((node->type & CONST_DEFAULT) && (node->value == NULL)) -+ { -+ p = node->down; -+ while (type_field (p->type) != ASN1_ETYPE_DEFAULT) -+ p = p->right; -+ if ((c_isdigit (p->value[0])) || (p->value[0] == '-') -+ || (p->value[0] == '+')) -+ { -+ result = _asn1_convert_integer -+ (p->value, value, value_size, len); -+ if (result != ASN1_SUCCESS) -+ return result; -+ } -+ else -+ { /* is an identifier like v1 */ -+ p2 = node->down; -+ while (p2) -+ { -+ if (type_field (p2->type) == ASN1_ETYPE_CONSTANT) -+ { -+ if (!_asn1_strcmp (p2->name, p->value)) -+ { -+ result = _asn1_convert_integer -+ (p2->value, value, value_size, -+ len); -+ if (result != ASN1_SUCCESS) -+ return result; -+ break; -+ } -+ } -+ p2 = p2->right; -+ } -+ } -+ } -+ else -+ { -+ len2 = -1; -+ result = asn1_get_octet_der -+ (node->value, node->value_len, &len2, value, value_size, -+ len); -+ if (result != ASN1_SUCCESS) -+ return result; -+ } -+ break; -+ case ASN1_ETYPE_OBJECT_ID: -+ if (node->type & CONST_ASSIGN) -+ { -+ *len = 0; -+ if (value) -+ value[0] = 0; -+ p = node->down; -+ while (p) -+ { -+ if (type_field (p->type) == ASN1_ETYPE_CONSTANT) -+ { -+ ADD_STR_VALUE (value, value_size, p->value); -+ if (p->right) -+ { -+ ADD_STR_VALUE (value, value_size, "."); -+ } -+ } -+ p = p->right; -+ } -+ (*len)++; -+ } -+ else if ((node->type & CONST_DEFAULT) && (node->value == NULL)) -+ { -+ p = node->down; -+ while (type_field (p->type) != ASN1_ETYPE_DEFAULT) -+ p = p->right; -+ PUT_STR_VALUE (value, value_size, p->value); -+ } -+ else -+ { -+ PUT_STR_VALUE (value, value_size, node->value); -+ } -+ break; -+ case ASN1_ETYPE_GENERALIZED_TIME: -+ case ASN1_ETYPE_UTC_TIME: -+ PUT_AS_STR_VALUE (value, value_size, node->value, node->value_len); -+ break; -+ case ASN1_ETYPE_OCTET_STRING: -+ case ASN1_ETYPE_GENERALSTRING: -+ case ASN1_ETYPE_NUMERIC_STRING: -+ case ASN1_ETYPE_IA5_STRING: -+ case ASN1_ETYPE_TELETEX_STRING: -+ case ASN1_ETYPE_PRINTABLE_STRING: -+ case ASN1_ETYPE_UNIVERSAL_STRING: -+ case ASN1_ETYPE_BMP_STRING: -+ case ASN1_ETYPE_UTF8_STRING: -+ case ASN1_ETYPE_VISIBLE_STRING: -+ len2 = -1; -+ result = asn1_get_octet_der -+ (node->value, node->value_len, &len2, value, value_size, -+ len); -+ if (result != ASN1_SUCCESS) -+ return result; -+ break; -+ case ASN1_ETYPE_BIT_STRING: -+ len2 = -1; -+ result = asn1_get_bit_der -+ (node->value, node->value_len, &len2, value, value_size, -+ len); -+ if (result != ASN1_SUCCESS) -+ return result; -+ break; -+ case ASN1_ETYPE_CHOICE: -+ PUT_STR_VALUE (value, value_size, node->down->name); -+ break; -+ case ASN1_ETYPE_ANY: -+ len3 = -1; -+ len2 = asn1_get_length_der (node->value, node->value_len, &len3); -+ if (len2 < 0) -+ return ASN1_DER_ERROR; -+ PUT_VALUE (value, value_size, node->value + len3, len2); -+ break; -+ default: -+ return ASN1_ELEMENT_NOT_FOUND; -+ break; -+ } -+ return ASN1_SUCCESS; -+} -+ -+ -+/** -+ * asn1_read_tag: -+ * @root: pointer to a structure -+ * @name: the name of the element inside a structure. -+ * @tagValue: variable that will contain the TAG value. -+ * @classValue: variable that will specify the TAG type. -+ * -+ * Returns the TAG and the CLASS of one element inside a structure. -+ * CLASS can have one of these constants: %ASN1_CLASS_APPLICATION, -+ * %ASN1_CLASS_UNIVERSAL, %ASN1_CLASS_PRIVATE or -+ * %ASN1_CLASS_CONTEXT_SPECIFIC. -+ * -+ * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if -+ * @name is not a valid element. -+ **/ -+int -+asn1_read_tag (asn1_node_const root, const char *name, int *tagValue, -+ int *classValue) -+{ -+ asn1_node node, p, pTag; -+ -+ node = asn1_find_node (root, name); -+ if (node == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ p = node->down; -+ -+ /* pTag will points to the IMPLICIT TAG */ -+ pTag = NULL; -+ if (node->type & CONST_TAG) -+ { -+ while (p) -+ { -+ if (type_field (p->type) == ASN1_ETYPE_TAG) -+ { -+ if ((p->type & CONST_IMPLICIT) && (pTag == NULL)) -+ pTag = p; -+ else if (p->type & CONST_EXPLICIT) -+ pTag = NULL; -+ } -+ p = p->right; -+ } -+ } -+ -+ if (pTag) -+ { -+ *tagValue = _asn1_strtoul (pTag->value, NULL, 10); -+ -+ if (pTag->type & CONST_APPLICATION) -+ *classValue = ASN1_CLASS_APPLICATION; -+ else if (pTag->type & CONST_UNIVERSAL) -+ *classValue = ASN1_CLASS_UNIVERSAL; -+ else if (pTag->type & CONST_PRIVATE) -+ *classValue = ASN1_CLASS_PRIVATE; -+ else -+ *classValue = ASN1_CLASS_CONTEXT_SPECIFIC; -+ } -+ else -+ { -+ unsigned type = type_field (node->type); -+ *classValue = ASN1_CLASS_UNIVERSAL; -+ -+ switch (type) -+ { -+ CASE_HANDLED_ETYPES: -+ *tagValue = _asn1_tags[type].tag; -+ break; -+ case ASN1_ETYPE_TAG: -+ case ASN1_ETYPE_CHOICE: -+ case ASN1_ETYPE_ANY: -+ *tagValue = -1; -+ break; -+ default: -+ break; -+ } -+ } -+ -+ return ASN1_SUCCESS; -+} -+ -+/** -+ * asn1_read_node_value: -+ * @node: pointer to a node. -+ * @data: a point to a asn1_data_node_st -+ * -+ * Returns the value a data node inside a asn1_node structure. -+ * The data returned should be handled as constant values. -+ * -+ * Returns: %ASN1_SUCCESS if the node exists. -+ **/ -+int -+asn1_read_node_value (asn1_node_const node, asn1_data_node_st * data) -+{ -+ data->name = node->name; -+ data->value = node->value; -+ data->value_len = node->value_len; -+ data->type = type_field (node->type); -+ -+ return ASN1_SUCCESS; -+} -diff --git a/grub-core/lib/libtasn1/lib/errors.c b/grub-core/lib/libtasn1/lib/errors.c -new file mode 100644 -index 0000000000..cee74daf79 ---- /dev/null -+++ b/grub-core/lib/libtasn1/lib/errors.c -@@ -0,0 +1,100 @@ -+/* -+ * Copyright (C) 2002-2014 Free Software Foundation, Inc. -+ * -+ * This file is part of LIBTASN1. -+ * -+ * The LIBTASN1 library is free software; you can redistribute it -+ * and/or modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -+ * 02110-1301, USA -+ */ -+ -+#include -+#ifdef STDC_HEADERS -+#include -+#endif -+ -+#define LIBTASN1_ERROR_ENTRY(name) { #name, name } -+ -+struct libtasn1_error_entry -+{ -+ const char *name; -+ int number; -+}; -+typedef struct libtasn1_error_entry libtasn1_error_entry; -+ -+static const libtasn1_error_entry error_algorithms[] = { -+ LIBTASN1_ERROR_ENTRY (ASN1_SUCCESS), -+ LIBTASN1_ERROR_ENTRY (ASN1_FILE_NOT_FOUND), -+ LIBTASN1_ERROR_ENTRY (ASN1_ELEMENT_NOT_FOUND), -+ LIBTASN1_ERROR_ENTRY (ASN1_IDENTIFIER_NOT_FOUND), -+ LIBTASN1_ERROR_ENTRY (ASN1_DER_ERROR), -+ LIBTASN1_ERROR_ENTRY (ASN1_VALUE_NOT_FOUND), -+ LIBTASN1_ERROR_ENTRY (ASN1_GENERIC_ERROR), -+ LIBTASN1_ERROR_ENTRY (ASN1_VALUE_NOT_VALID), -+ LIBTASN1_ERROR_ENTRY (ASN1_TAG_ERROR), -+ LIBTASN1_ERROR_ENTRY (ASN1_TAG_IMPLICIT), -+ LIBTASN1_ERROR_ENTRY (ASN1_ERROR_TYPE_ANY), -+ LIBTASN1_ERROR_ENTRY (ASN1_SYNTAX_ERROR), -+ LIBTASN1_ERROR_ENTRY (ASN1_MEM_ERROR), -+ LIBTASN1_ERROR_ENTRY (ASN1_MEM_ALLOC_ERROR), -+ LIBTASN1_ERROR_ENTRY (ASN1_DER_OVERFLOW), -+ LIBTASN1_ERROR_ENTRY (ASN1_NAME_TOO_LONG), -+ LIBTASN1_ERROR_ENTRY (ASN1_ARRAY_ERROR), -+ LIBTASN1_ERROR_ENTRY (ASN1_ELEMENT_NOT_EMPTY), -+ LIBTASN1_ERROR_ENTRY (ASN1_TIME_ENCODING_ERROR), -+ LIBTASN1_ERROR_ENTRY (ASN1_RECURSION), -+ {0, 0} -+}; -+ -+/** -+ * asn1_perror: -+ * @error: is an error returned by a libtasn1 function. -+ * -+ * Prints a string to stderr with a description of an error. This -+ * function is like perror(). The only difference is that it accepts -+ * an error returned by a libtasn1 function. -+ * -+ * Since: 1.6 -+ **/ -+void -+asn1_perror (int error) -+{ -+ const char *str = asn1_strerror (error); -+ fprintf (stderr, "LIBTASN1 ERROR: %s\n", str ? str : "(null)"); -+} -+ -+/** -+ * asn1_strerror: -+ * @error: is an error returned by a libtasn1 function. -+ * -+ * Returns a string with a description of an error. This function is -+ * similar to strerror. The only difference is that it accepts an -+ * error (number) returned by a libtasn1 function. -+ * -+ * Returns: Pointer to static zero-terminated string describing error -+ * code. -+ * -+ * Since: 1.6 -+ **/ -+const char * -+asn1_strerror (int error) -+{ -+ const libtasn1_error_entry *p; -+ -+ for (p = error_algorithms; p->name != NULL; p++) -+ if (p->number == error) -+ return p->name + sizeof ("ASN1_") - 1; -+ -+ return NULL; -+} -diff --git a/grub-core/lib/libtasn1/lib/gstr.c b/grub-core/lib/libtasn1/lib/gstr.c -new file mode 100644 -index 0000000000..e91a3a151c ---- /dev/null -+++ b/grub-core/lib/libtasn1/lib/gstr.c -@@ -0,0 +1,74 @@ -+/* -+ * Copyright (C) 2002-2014 Free Software Foundation, Inc. -+ * -+ * This file is part of LIBTASN1. -+ * -+ * The LIBTASN1 library is free software; you can redistribute it -+ * and/or modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -+ * 02110-1301, USA -+ */ -+ -+#include -+#include "gstr.h" -+ -+/* These function are like strcat, strcpy. They only -+ * do bounds checking (they shouldn't cause buffer overruns), -+ * and they always produce null terminated strings. -+ * -+ * They should be used only with null terminated strings. -+ */ -+void -+_asn1_str_cat (char *dest, size_t dest_tot_size, const char *src) -+{ -+ size_t str_size = strlen (src); -+ size_t dest_size = strlen (dest); -+ -+ if (dest_tot_size - dest_size > str_size) -+ { -+ strcat (dest, src); -+ } -+ else -+ { -+ if (dest_tot_size - dest_size > 0) -+ { -+ strncat (dest, src, (dest_tot_size - dest_size) - 1); -+ dest[dest_tot_size - 1] = 0; -+ } -+ } -+} -+ -+/* Returns the bytes copied (not including the null terminator) */ -+unsigned int -+_asn1_str_cpy (char *dest, size_t dest_tot_size, const char *src) -+{ -+ size_t str_size = strlen (src); -+ -+ if (dest_tot_size > str_size) -+ { -+ strcpy (dest, src); -+ return str_size; -+ } -+ else -+ { -+ if (dest_tot_size > 0) -+ { -+ str_size = dest_tot_size - 1; -+ memcpy (dest, src, str_size); -+ dest[str_size] = 0; -+ return str_size; -+ } -+ else -+ return 0; -+ } -+} -diff --git a/grub-core/lib/libtasn1/lib/parser_aux.c b/grub-core/lib/libtasn1/lib/parser_aux.c -new file mode 100644 -index 0000000000..d5dbbf8765 ---- /dev/null -+++ b/grub-core/lib/libtasn1/lib/parser_aux.c -@@ -0,0 +1,1173 @@ -+/* -+ * Copyright (C) 2000-2016 Free Software Foundation, Inc. -+ * -+ * This file is part of LIBTASN1. -+ * -+ * The LIBTASN1 library is free software; you can redistribute it -+ * and/or modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -+ * 02110-1301, USA -+ */ -+ -+#include // WORD_BIT -+ -+#include "int.h" -+#include "parser_aux.h" -+#include "gstr.h" -+#include "structure.h" -+#include "element.h" -+#include "c-ctype.h" -+ -+char _asn1_identifierMissing[ASN1_MAX_NAME_SIZE + 1]; /* identifier name not found */ -+ -+/* Return a hash of the N bytes of X using the method described by -+ Bruno Haible in https://www.haible.de/bruno/hashfunc.html. -+ Note that while many hash functions reduce their result via modulo -+ to a 0..table_size-1 range, this function does not do that. -+ -+ This implementation has been changed from size_t -> unsigned int. */ -+ -+#ifdef __clang__ -+__attribute__((no_sanitize("integer"))) -+#endif -+_GL_ATTRIBUTE_PURE -+static unsigned int -+_asn1_hash_name (const char *x) -+{ -+ const unsigned char *s = (unsigned char *) x; -+ unsigned h = 0; -+ -+ while (*s) -+ h = (*s++) + ((h << 9) | (h >> (WORD_BIT - 9))); -+ -+ return h; -+} -+ -+/******************************************************/ -+/* Function : _asn1_add_static_node */ -+/* Description: creates a new NODE_ASN element and */ -+/* puts it in the list pointed by e_list. */ -+/* Parameters: */ -+/* e_list: of type list_type; must be NULL initially */ -+/* type: type of the new element (see ASN1_ETYPE_ */ -+/* and CONST_ constants). */ -+/* Return: pointer to the new element. */ -+/******************************************************/ -+asn1_node -+_asn1_add_static_node (list_type **e_list, unsigned int type) -+{ -+ list_type *p; -+ asn1_node punt; -+ -+ punt = calloc (1, sizeof (struct asn1_node_st)); -+ if (punt == NULL) -+ return NULL; -+ -+ p = malloc (sizeof (list_type)); -+ if (p == NULL) -+ { -+ free (punt); -+ return NULL; -+ } -+ -+ p->node = punt; -+ p->next = *e_list; -+ *e_list = p; -+ -+ punt->type = type; -+ -+ return punt; -+} -+ -+static -+int _asn1_add_static_node2 (list_type **e_list, asn1_node node) -+{ -+ list_type *p; -+ -+ p = malloc (sizeof (list_type)); -+ if (p == NULL) -+ { -+ return -1; -+ } -+ -+ p->node = node; -+ p->next = *e_list; -+ *e_list = p; -+ -+ return 0; -+} -+ -+/** -+ * asn1_find_node: -+ * @pointer: NODE_ASN element pointer. -+ * @name: null terminated string with the element's name to find. -+ * -+ * Searches for an element called @name starting from @pointer. The -+ * name is composed by different identifiers separated by dots. When -+ * *@pointer has a name, the first identifier must be the name of -+ * *@pointer, otherwise it must be the name of one child of *@pointer. -+ * -+ * Returns: the search result, or %NULL if not found. -+ **/ -+asn1_node -+asn1_find_node (asn1_node_const pointer, const char *name) -+{ -+ asn1_node_const p; -+ char *n_end, n[ASN1_MAX_NAME_SIZE + 1]; -+ const char *n_start; -+ unsigned int nsize; -+ unsigned int nhash; -+ -+ if (pointer == NULL) -+ return NULL; -+ -+ if (name == NULL) -+ return NULL; -+ -+ p = pointer; -+ n_start = name; -+ -+ if (name[0] == '?' && name[1] == 'C' && p->name[0] == '?') -+ { /* ?CURRENT */ -+ n_start = strchr(n_start, '.'); -+ if (n_start) -+ n_start++; -+ } -+ else if (p->name[0] != 0) -+ { /* has *pointer got a name ? */ -+ n_end = strchr (n_start, '.'); /* search the first dot */ -+ if (n_end) -+ { -+ nsize = n_end - n_start; -+ if (nsize >= sizeof(n)) -+ return NULL; -+ -+ memcpy (n, n_start, nsize); -+ n[nsize] = 0; -+ n_start = n_end; -+ n_start++; -+ -+ nhash = _asn1_hash_name (n); -+ } -+ else -+ { -+ _asn1_str_cpy (n, sizeof (n), n_start); -+ nhash = _asn1_hash_name (n); -+ -+ n_start = NULL; -+ } -+ -+ while (p) -+ { -+ if (nhash == p->name_hash && (!strcmp (p->name, n))) -+ break; -+ else -+ p = p->right; -+ } /* while */ -+ -+ if (p == NULL) -+ return NULL; -+ } -+ else -+ { /* *pointer doesn't have a name */ -+ if (n_start[0] == 0) -+ return (asn1_node) p; -+ } -+ -+ while (n_start) -+ { /* Has the end of NAME been reached? */ -+ n_end = strchr (n_start, '.'); /* search the next dot */ -+ if (n_end) -+ { -+ nsize = n_end - n_start; -+ if (nsize >= sizeof(n)) -+ return NULL; -+ -+ memcpy (n, n_start, nsize); -+ n[nsize] = 0; -+ n_start = n_end; -+ n_start++; -+ -+ nhash = _asn1_hash_name (n); -+ } -+ else -+ { -+ _asn1_str_cpy (n, sizeof (n), n_start); -+ nhash = _asn1_hash_name (n); -+ n_start = NULL; -+ } -+ -+ if (p->down == NULL) -+ return NULL; -+ -+ p = p->down; -+ if (p == NULL) -+ return NULL; -+ -+ /* The identifier "?LAST" indicates the last element -+ in the right chain. */ -+ if (n[0] == '?' && n[1] == 'L') /* ?LAST */ -+ { -+ while (p->right) -+ p = p->right; -+ } -+ else -+ { /* no "?LAST" */ -+ while (p) -+ { -+ if (p->name_hash == nhash && !strcmp (p->name, n)) -+ break; -+ else -+ p = p->right; -+ } -+ } -+ if (p == NULL) -+ return NULL; -+ } /* while */ -+ -+ return (asn1_node) p; -+} -+ -+ -+/******************************************************************/ -+/* Function : _asn1_set_value */ -+/* Description: sets the field VALUE in a NODE_ASN element. The */ -+/* previous value (if exist) will be lost */ -+/* Parameters: */ -+/* node: element pointer. */ -+/* value: pointer to the value that you want to set. */ -+/* len: character number of value. */ -+/* Return: pointer to the NODE_ASN element. */ -+/******************************************************************/ -+asn1_node -+_asn1_set_value (asn1_node node, const void *value, unsigned int len) -+{ -+ if (node == NULL) -+ return node; -+ if (node->value) -+ { -+ if (node->value != node->small_value) -+ free (node->value); -+ node->value = NULL; -+ node->value_len = 0; -+ } -+ -+ if (!len) -+ return node; -+ -+ if (len < sizeof (node->small_value)) -+ { -+ node->value = node->small_value; -+ } -+ else -+ { -+ node->value = malloc (len); -+ if (node->value == NULL) -+ return NULL; -+ } -+ node->value_len = len; -+ -+ memcpy (node->value, value, len); -+ return node; -+} -+ -+/******************************************************************/ -+/* Function : _asn1_set_value_lv */ -+/* Description: sets the field VALUE in a NODE_ASN element. The */ -+/* previous value (if exist) will be lost. The value */ -+/* given is stored as an length-value format (LV */ -+/* Parameters: */ -+/* node: element pointer. */ -+/* value: pointer to the value that you want to set. */ -+/* len: character number of value. */ -+/* Return: pointer to the NODE_ASN element. */ -+/******************************************************************/ -+asn1_node -+_asn1_set_value_lv (asn1_node node, const void *value, unsigned int len) -+{ -+ int len2; -+ void *temp; -+ -+ if (node == NULL) -+ return node; -+ -+ asn1_length_der (len, NULL, &len2); -+ temp = malloc (len + len2); -+ if (temp == NULL) -+ return NULL; -+ -+ asn1_octet_der (value, len, temp, &len2); -+ return _asn1_set_value_m (node, temp, len2); -+} -+ -+/* the same as _asn1_set_value except that it sets an already malloc'ed -+ * value. -+ */ -+asn1_node -+_asn1_set_value_m (asn1_node node, void *value, unsigned int len) -+{ -+ if (node == NULL) -+ return node; -+ -+ if (node->value) -+ { -+ if (node->value != node->small_value) -+ free (node->value); -+ node->value = NULL; -+ node->value_len = 0; -+ } -+ -+ if (!len) -+ return node; -+ -+ node->value = value; -+ node->value_len = len; -+ -+ return node; -+} -+ -+/******************************************************************/ -+/* Function : _asn1_append_value */ -+/* Description: appends to the field VALUE in a NODE_ASN element. */ -+/* */ -+/* Parameters: */ -+/* node: element pointer. */ -+/* value: pointer to the value that you want to be appended. */ -+/* len: character number of value. */ -+/* Return: pointer to the NODE_ASN element. */ -+/******************************************************************/ -+asn1_node -+_asn1_append_value (asn1_node node, const void *value, unsigned int len) -+{ -+ if (node == NULL) -+ return node; -+ -+ if (node->value == NULL) -+ return _asn1_set_value (node, value, len); -+ -+ if (len == 0) -+ return node; -+ -+ if (node->value == node->small_value) -+ { -+ /* value is in node */ -+ int prev_len = node->value_len; -+ node->value_len += len; -+ node->value = malloc (node->value_len); -+ if (node->value == NULL) -+ { -+ node->value_len = 0; -+ return NULL; -+ } -+ -+ if (prev_len > 0) -+ memcpy (node->value, node->small_value, prev_len); -+ -+ memcpy (&node->value[prev_len], value, len); -+ -+ return node; -+ } -+ else /* if (node->value != NULL && node->value != node->small_value) */ -+ { -+ /* value is allocated */ -+ int prev_len = node->value_len; -+ node->value_len += len; -+ -+ node->value = _asn1_realloc (node->value, node->value_len); -+ if (node->value == NULL) -+ { -+ node->value_len = 0; -+ return NULL; -+ } -+ -+ memcpy (&node->value[prev_len], value, len); -+ -+ return node; -+ } -+} -+ -+/******************************************************************/ -+/* Function : _asn1_set_name */ -+/* Description: sets the field NAME in a NODE_ASN element. The */ -+/* previous value (if exist) will be lost */ -+/* Parameters: */ -+/* node: element pointer. */ -+/* name: a null terminated string with the name that you want */ -+/* to set. */ -+/* Return: pointer to the NODE_ASN element. */ -+/******************************************************************/ -+asn1_node -+_asn1_set_name (asn1_node node, const char *name) -+{ -+ if (node == NULL) -+ return node; -+ -+ _asn1_str_cpy (node->name, sizeof (node->name), name ? name : ""); -+ node->name_hash = _asn1_hash_name (node->name); -+ -+ return node; -+} -+ -+/******************************************************************/ -+/* Function : _asn1_cpy_name */ -+/* Description: copies the field NAME in a NODE_ASN element. */ -+/* Parameters: */ -+/* dst: a dest element pointer. */ -+/* src: a source element pointer. */ -+/* Return: pointer to the NODE_ASN element. */ -+/******************************************************************/ -+asn1_node -+_asn1_cpy_name (asn1_node dst, asn1_node_const src) -+{ -+ if (dst == NULL) -+ return dst; -+ -+ if (src == NULL) -+ { -+ dst->name[0] = 0; -+ dst->name_hash = _asn1_hash_name (dst->name); -+ return dst; -+ } -+ -+ _asn1_str_cpy (dst->name, sizeof (dst->name), src->name); -+ dst->name_hash = src->name_hash; -+ -+ return dst; -+} -+ -+/******************************************************************/ -+/* Function : _asn1_set_right */ -+/* Description: sets the field RIGHT in a NODE_ASN element. */ -+/* Parameters: */ -+/* node: element pointer. */ -+/* right: pointer to a NODE_ASN element that you want be pointed*/ -+/* by NODE. */ -+/* Return: pointer to *NODE. */ -+/******************************************************************/ -+asn1_node -+_asn1_set_right (asn1_node node, asn1_node right) -+{ -+ if (node == NULL) -+ return node; -+ node->right = right; -+ if (right) -+ right->left = node; -+ return node; -+} -+ -+ -+/******************************************************************/ -+/* Function : _asn1_get_last_right */ -+/* Description: return the last element along the right chain. */ -+/* Parameters: */ -+/* node: starting element pointer. */ -+/* Return: pointer to the last element along the right chain. */ -+/******************************************************************/ -+asn1_node -+_asn1_get_last_right (asn1_node_const node) -+{ -+ asn1_node_const p; -+ -+ if (node == NULL) -+ return NULL; -+ p = node; -+ while (p->right) -+ p = p->right; -+ return (asn1_node) p; -+} -+ -+/******************************************************************/ -+/* Function : _asn1_remove_node */ -+/* Description: gets free the memory allocated for an NODE_ASN */ -+/* element (not the elements pointed by it). */ -+/* Parameters: */ -+/* node: NODE_ASN element pointer. */ -+/* flags: ASN1_DELETE_FLAG_* */ -+/******************************************************************/ -+void -+_asn1_remove_node (asn1_node node, unsigned int flags) -+{ -+ if (node == NULL) -+ return; -+ -+ if (node->value != NULL) -+ { -+ if (flags & ASN1_DELETE_FLAG_ZEROIZE) -+ { -+ safe_memset(node->value, 0, node->value_len); -+ } -+ -+ if (node->value != node->small_value) -+ free (node->value); -+ } -+ free (node); -+} -+ -+/******************************************************************/ -+/* Function : _asn1_find_up */ -+/* Description: return the father of the NODE_ASN element. */ -+/* Parameters: */ -+/* node: NODE_ASN element pointer. */ -+/* Return: Null if not found. */ -+/******************************************************************/ -+asn1_node -+_asn1_find_up (asn1_node_const node) -+{ -+ asn1_node_const p; -+ -+ if (node == NULL) -+ return NULL; -+ -+ p = node; -+ -+ while ((p->left != NULL) && (p->left->right == p)) -+ p = p->left; -+ -+ return p->left; -+} -+ -+static -+unsigned _asn1_is_up (asn1_node_const up_cand, asn1_node_const down) -+{ -+ asn1_node_const d, u; -+ -+ if (up_cand == NULL || down == NULL) -+ return 0; -+ -+ d = down; -+ -+ while ((u = _asn1_find_up(d)) != NULL && u != d) -+ { -+ if (u == up_cand) -+ return 1; -+ d = u; -+ } -+ -+ return 0; -+} -+ -+/******************************************************************/ -+/* Function : _asn1_delete_node_from_list */ -+/* Description: deletes the list element given */ -+/******************************************************************/ -+void -+_asn1_delete_node_from_list (list_type *list, asn1_node node) -+{ -+ list_type *p = list; -+ -+ while (p) -+ { -+ if (p->node == node) -+ p->node = NULL; -+ p = p->next; -+ } -+} -+ -+/******************************************************************/ -+/* Function : _asn1_delete_list */ -+/* Description: deletes the list elements (not the elements */ -+/* pointed by them). */ -+/******************************************************************/ -+void -+_asn1_delete_list (list_type *e_list) -+{ -+ list_type *p; -+ -+ while (e_list) -+ { -+ p = e_list; -+ e_list = e_list->next; -+ free (p); -+ } -+} -+ -+/******************************************************************/ -+/* Function : _asn1_delete_list_and nodes */ -+/* Description: deletes the list elements and the elements */ -+/* pointed by them. */ -+/******************************************************************/ -+void -+_asn1_delete_list_and_nodes (list_type *e_list) -+{ -+ list_type *p; -+ -+ while (e_list) -+ { -+ p = e_list; -+ e_list = e_list->next; -+ _asn1_remove_node (p->node, 0); -+ free (p); -+ } -+} -+ -+ -+char * -+_asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE]) -+{ -+ uint64_t d, r; -+ char temp[LTOSTR_MAX_SIZE]; -+ int count, k, start; -+ uint64_t val; -+ -+ if (v < 0) -+ { -+ str[0] = '-'; -+ start = 1; -+ val = -((uint64_t)v); -+ } -+ else -+ { -+ val = v; -+ start = 0; -+ } -+ -+ count = 0; -+ do -+ { -+ d = val / 10; -+ r = val - d * 10; -+ temp[start + count] = '0' + (char) r; -+ count++; -+ val = d; -+ } -+ while (val && ((start+count) < LTOSTR_MAX_SIZE-1)); -+ -+ for (k = 0; k < count; k++) -+ str[k + start] = temp[start + count - k - 1]; -+ str[count + start] = 0; -+ return str; -+} -+ -+ -+/******************************************************************/ -+/* Function : _asn1_change_integer_value */ -+/* Description: converts into DER coding the value assign to an */ -+/* INTEGER constant. */ -+/* Parameters: */ -+/* node: root of an ASN1element. */ -+/* Return: */ -+/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */ -+/* otherwise ASN1_SUCCESS */ -+/******************************************************************/ -+int -+_asn1_change_integer_value (asn1_node node) -+{ -+ asn1_node p; -+ unsigned char val[SIZEOF_UNSIGNED_LONG_INT]; -+ unsigned char val2[SIZEOF_UNSIGNED_LONG_INT + 1]; -+ int len; -+ -+ if (node == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ p = node; -+ while (p) -+ { -+ if ((type_field (p->type) == ASN1_ETYPE_INTEGER) -+ && (p->type & CONST_ASSIGN)) -+ { -+ if (p->value) -+ { -+ _asn1_convert_integer (p->value, val, sizeof (val), &len); -+ asn1_octet_der (val, len, val2, &len); -+ _asn1_set_value (p, val2, len); -+ } -+ } -+ -+ if (p->down) -+ { -+ p = p->down; -+ } -+ else -+ { -+ if (p == node) -+ p = NULL; -+ else if (p->right) -+ p = p->right; -+ else -+ { -+ while (1) -+ { -+ p = _asn1_find_up (p); -+ if (p == node) -+ { -+ p = NULL; -+ break; -+ } -+ if (p && p->right) -+ { -+ p = p->right; -+ break; -+ } -+ } -+ } -+ } -+ } -+ -+ return ASN1_SUCCESS; -+} -+ -+#define MAX_CONSTANTS 1024 -+/******************************************************************/ -+/* Function : _asn1_expand_object_id */ -+/* Description: expand the IDs of an OBJECT IDENTIFIER constant. */ -+/* Parameters: */ -+/* list: root of an object list */ -+/* node: root of an ASN1 element. */ -+/* Return: */ -+/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */ -+/* otherwise ASN1_SUCCESS */ -+/******************************************************************/ -+int -+_asn1_expand_object_id (list_type **list, asn1_node node) -+{ -+ asn1_node p, p2, p3, p4, p5; -+ char name_root[ASN1_MAX_NAME_SIZE], name2[2 * ASN1_MAX_NAME_SIZE + 1]; -+ int move, tlen, tries; -+ unsigned max_constants; -+ -+ if (node == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ _asn1_str_cpy (name_root, sizeof (name_root), node->name); -+ -+ p = node; -+ move = DOWN; -+ tries = 0; -+ -+ while (!((p == node) && (move == UP))) -+ { -+ if (move != UP) -+ { -+ if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) -+ && (p->type & CONST_ASSIGN)) -+ { -+ p2 = p->down; -+ if (p2 && (type_field (p2->type) == ASN1_ETYPE_CONSTANT)) -+ { -+ if (p2->value && !c_isdigit (p2->value[0])) -+ { -+ _asn1_str_cpy (name2, sizeof (name2), name_root); -+ _asn1_str_cat (name2, sizeof (name2), "."); -+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); -+ p3 = asn1_find_node (node, name2); -+ if (!p3 || _asn1_is_up(p2, p3) || -+ (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) || -+ !(p3->type & CONST_ASSIGN)) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ _asn1_set_down (p, p2->right); -+ if (p2->down) -+ _asn1_delete_structure (*list, &p2->down, 0); -+ _asn1_delete_node_from_list(*list, p2); -+ _asn1_remove_node (p2, 0); -+ p2 = p; -+ p4 = p3->down; -+ max_constants = 0; -+ while (p4) -+ { -+ if (type_field (p4->type) == ASN1_ETYPE_CONSTANT) -+ { -+ max_constants++; -+ if (max_constants == MAX_CONSTANTS) -+ return ASN1_RECURSION; -+ -+ p5 = -+ _asn1_add_single_node (ASN1_ETYPE_CONSTANT); -+ _asn1_set_name (p5, p4->name); -+ if (p4->value) -+ { -+ tlen = _asn1_strlen (p4->value); -+ if (tlen > 0) -+ _asn1_set_value (p5, p4->value, tlen + 1); -+ } -+ _asn1_add_static_node2(list, p5); -+ -+ if (p2 == p) -+ { -+ _asn1_set_right (p5, p->down); -+ _asn1_set_down (p, p5); -+ } -+ else -+ { -+ _asn1_set_right (p5, p2->right); -+ _asn1_set_right (p2, p5); -+ } -+ p2 = p5; -+ } -+ p4 = p4->right; -+ } -+ move = DOWN; -+ -+ tries++; -+ if (tries >= EXPAND_OBJECT_ID_MAX_RECURSION) -+ return ASN1_RECURSION; -+ -+ continue; -+ } -+ } -+ } -+ move = DOWN; -+ } -+ else -+ move = RIGHT; -+ -+ tries = 0; -+ if (move == DOWN) -+ { -+ if (p->down) -+ p = p->down; -+ else -+ move = RIGHT; -+ } -+ -+ if (p == node) -+ { -+ move = UP; -+ continue; -+ } -+ -+ if (move == RIGHT) -+ { -+ if (p && p->right) -+ p = p->right; -+ else -+ move = UP; -+ } -+ if (move == UP) -+ p = _asn1_find_up (p); -+ } -+ -+ /*******************************/ -+ /* expand DEFAULT */ -+ /*******************************/ -+ p = node; -+ move = DOWN; -+ -+ while (!((p == node) && (move == UP))) -+ { -+ if (move != UP) -+ { -+ if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) && -+ (p->type & CONST_DEFAULT)) -+ { -+ p2 = p->down; -+ if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) -+ { -+ _asn1_str_cpy (name2, sizeof (name2), name_root); -+ _asn1_str_cat (name2, sizeof (name2), "."); -+ if (p2->value) -+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); -+ p3 = asn1_find_node (node, name2); -+ if (!p3 || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) -+ || !(p3->type & CONST_ASSIGN)) -+ return ASN1_ELEMENT_NOT_FOUND; -+ p4 = p3->down; -+ name2[0] = 0; -+ while (p4) -+ { -+ if (type_field (p4->type) == ASN1_ETYPE_CONSTANT) -+ { -+ if (p4->value == NULL) -+ return ASN1_VALUE_NOT_FOUND; -+ -+ if (name2[0]) -+ _asn1_str_cat (name2, sizeof (name2), "."); -+ _asn1_str_cat (name2, sizeof (name2), -+ (char *) p4->value); -+ } -+ p4 = p4->right; -+ } -+ tlen = strlen (name2); -+ if (tlen > 0) -+ _asn1_set_value (p2, name2, tlen + 1); -+ } -+ } -+ move = DOWN; -+ } -+ else -+ move = RIGHT; -+ -+ if (move == DOWN) -+ { -+ if (p->down) -+ p = p->down; -+ else -+ move = RIGHT; -+ } -+ -+ if (p == node) -+ { -+ move = UP; -+ continue; -+ } -+ -+ if (move == RIGHT) -+ { -+ if (p && p->right) -+ p = p->right; -+ else -+ move = UP; -+ } -+ if (move == UP) -+ p = _asn1_find_up (p); -+ } -+ -+ return ASN1_SUCCESS; -+} -+ -+ -+/******************************************************************/ -+/* Function : _asn1_type_set_config */ -+/* Description: sets the CONST_SET and CONST_NOT_USED properties */ -+/* in the fields of the SET elements. */ -+/* Parameters: */ -+/* node: root of an ASN1 element. */ -+/* Return: */ -+/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */ -+/* otherwise ASN1_SUCCESS */ -+/******************************************************************/ -+int -+_asn1_type_set_config (asn1_node node) -+{ -+ asn1_node p, p2; -+ int move; -+ -+ if (node == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ p = node; -+ move = DOWN; -+ -+ while (!((p == node) && (move == UP))) -+ { -+ if (move != UP) -+ { -+ if (type_field (p->type) == ASN1_ETYPE_SET) -+ { -+ p2 = p->down; -+ while (p2) -+ { -+ if (type_field (p2->type) != ASN1_ETYPE_TAG) -+ p2->type |= CONST_SET | CONST_NOT_USED; -+ p2 = p2->right; -+ } -+ } -+ move = DOWN; -+ } -+ else -+ move = RIGHT; -+ -+ if (move == DOWN) -+ { -+ if (p->down) -+ p = p->down; -+ else -+ move = RIGHT; -+ } -+ -+ if (p == node) -+ { -+ move = UP; -+ continue; -+ } -+ -+ if (move == RIGHT) -+ { -+ if (p && p->right) -+ p = p->right; -+ else -+ move = UP; -+ } -+ if (move == UP) -+ p = _asn1_find_up (p); -+ } -+ -+ return ASN1_SUCCESS; -+} -+ -+ -+/******************************************************************/ -+/* Function : _asn1_check_identifier */ -+/* Description: checks the definitions of all the identifiers */ -+/* and the first element of an OBJECT_ID (e.g. {pkix 0 4}). */ -+/* The _asn1_identifierMissing global variable is filled if */ -+/* necessary. */ -+/* Parameters: */ -+/* node: root of an ASN1 element. */ -+/* Return: */ -+/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */ -+/* ASN1_IDENTIFIER_NOT_FOUND if an identifier is not defined, */ -+/* otherwise ASN1_SUCCESS */ -+/******************************************************************/ -+int -+_asn1_check_identifier (asn1_node_const node) -+{ -+ asn1_node_const p, p2; -+ char name2[ASN1_MAX_NAME_SIZE * 2 + 2]; -+ -+ if (node == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ p = node; -+ while (p) -+ { -+ if (p->value && type_field (p->type) == ASN1_ETYPE_IDENTIFIER) -+ { -+ _asn1_str_cpy (name2, sizeof (name2), node->name); -+ _asn1_str_cat (name2, sizeof (name2), "."); -+ _asn1_str_cat (name2, sizeof (name2), (char *) p->value); -+ p2 = asn1_find_node (node, name2); -+ if (p2 == NULL) -+ { -+ if (p->value) -+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); -+ else -+ _asn1_strcpy (_asn1_identifierMissing, "(null)"); -+ return ASN1_IDENTIFIER_NOT_FOUND; -+ } -+ } -+ else if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) && -+ (p->type & CONST_DEFAULT)) -+ { -+ p2 = p->down; -+ if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) -+ { -+ _asn1_str_cpy (name2, sizeof (name2), node->name); -+ if (p2->value) -+ { -+ _asn1_str_cat (name2, sizeof (name2), "."); -+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); -+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); -+ } -+ else -+ _asn1_strcpy (_asn1_identifierMissing, "(null)"); -+ -+ p2 = asn1_find_node (node, name2); -+ if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || -+ !(p2->type & CONST_ASSIGN)) -+ return ASN1_IDENTIFIER_NOT_FOUND; -+ else -+ _asn1_identifierMissing[0] = 0; -+ } -+ } -+ else if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) && -+ (p->type & CONST_ASSIGN)) -+ { -+ p2 = p->down; -+ if (p2 && (type_field (p2->type) == ASN1_ETYPE_CONSTANT)) -+ { -+ if (p2->value && !c_isdigit (p2->value[0])) -+ { -+ _asn1_str_cpy (name2, sizeof (name2), node->name); -+ _asn1_str_cat (name2, sizeof (name2), "."); -+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); -+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); -+ -+ p2 = asn1_find_node (node, name2); -+ if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) -+ || !(p2->type & CONST_ASSIGN)) -+ return ASN1_IDENTIFIER_NOT_FOUND; -+ else -+ _asn1_identifierMissing[0] = 0; -+ } -+ } -+ } -+ -+ if (p->down) -+ { -+ p = p->down; -+ } -+ else if (p->right) -+ p = p->right; -+ else -+ { -+ while (p) -+ { -+ p = _asn1_find_up (p); -+ if (p == node) -+ { -+ p = NULL; -+ break; -+ } -+ if (p && p->right) -+ { -+ p = p->right; -+ break; -+ } -+ } -+ } -+ } -+ -+ return ASN1_SUCCESS; -+} -+ -+ -+/******************************************************************/ -+/* Function : _asn1_set_default_tag */ -+/* Description: sets the default IMPLICIT or EXPLICIT property in */ -+/* the tagged elements that don't have this declaration. */ -+/* Parameters: */ -+/* node: pointer to a DEFINITIONS element. */ -+/* Return: */ -+/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL or not a pointer to */ -+/* a DEFINITIONS element, */ -+/* otherwise ASN1_SUCCESS */ -+/******************************************************************/ -+int -+_asn1_set_default_tag (asn1_node node) -+{ -+ asn1_node p; -+ -+ if ((node == NULL) || (type_field (node->type) != ASN1_ETYPE_DEFINITIONS)) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ p = node; -+ while (p) -+ { -+ if ((type_field (p->type) == ASN1_ETYPE_TAG) && -+ !(p->type & CONST_EXPLICIT) && !(p->type & CONST_IMPLICIT)) -+ { -+ if (node->type & CONST_EXPLICIT) -+ p->type |= CONST_EXPLICIT; -+ else -+ p->type |= CONST_IMPLICIT; -+ } -+ -+ if (p->down) -+ { -+ p = p->down; -+ } -+ else if (p->right) -+ p = p->right; -+ else -+ { -+ while (1) -+ { -+ p = _asn1_find_up (p); -+ if (p == node) -+ { -+ p = NULL; -+ break; -+ } -+ if (p && p->right) -+ { -+ p = p->right; -+ break; -+ } -+ } -+ } -+ } -+ -+ return ASN1_SUCCESS; -+} -diff --git a/grub-core/lib/libtasn1/lib/structure.c b/grub-core/lib/libtasn1/lib/structure.c -new file mode 100644 -index 0000000000..8189c56a4c ---- /dev/null -+++ b/grub-core/lib/libtasn1/lib/structure.c -@@ -0,0 +1,1220 @@ -+/* -+ * Copyright (C) 2002-2014 Free Software Foundation, Inc. -+ * -+ * This file is part of LIBTASN1. -+ * -+ * The LIBTASN1 library is free software; you can redistribute it -+ * and/or modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -+ * 02110-1301, USA -+ */ -+ -+ -+/*****************************************************/ -+/* File: structure.c */ -+/* Description: Functions to create and delete an */ -+/* ASN1 tree. */ -+/*****************************************************/ -+ -+ -+#include -+#include -+#include "parser_aux.h" -+#include -+ -+ -+extern char _asn1_identifierMissing[]; -+ -+ -+/******************************************************/ -+/* Function : _asn1_add_single_node */ -+/* Description: creates a new NODE_ASN element. */ -+/* Parameters: */ -+/* type: type of the new element (see ASN1_ETYPE_ */ -+/* and CONST_ constants). */ -+/* Return: pointer to the new element. */ -+/******************************************************/ -+asn1_node -+_asn1_add_single_node (unsigned int type) -+{ -+ asn1_node punt; -+ -+ punt = calloc (1, sizeof (struct asn1_node_st)); -+ if (punt == NULL) -+ return NULL; -+ -+ punt->type = type; -+ -+ return punt; -+} -+ -+ -+/******************************************************************/ -+/* Function : _asn1_find_left */ -+/* Description: returns the NODE_ASN element with RIGHT field that*/ -+/* points the element NODE. */ -+/* Parameters: */ -+/* node: NODE_ASN element pointer. */ -+/* Return: NULL if not found. */ -+/******************************************************************/ -+asn1_node -+_asn1_find_left (asn1_node_const node) -+{ -+ if ((node == NULL) || (node->left == NULL) || (node->left->down == node)) -+ return NULL; -+ -+ return node->left; -+} -+ -+ -+int -+_asn1_create_static_structure (asn1_node_const pointer, char *output_file_name, -+ char *vector_name) -+{ -+ FILE *file; -+ asn1_node_const p; -+ unsigned long t; -+ -+ file = fopen (output_file_name, "w"); -+ -+ if (file == NULL) -+ return ASN1_FILE_NOT_FOUND; -+ -+ fprintf (file, "#if HAVE_CONFIG_H\n"); -+ fprintf (file, "# include \"config.h\"\n"); -+ fprintf (file, "#endif\n\n"); -+ -+ fprintf (file, "#include \n\n"); -+ -+ fprintf (file, "const asn1_static_node %s[] = {\n", vector_name); -+ -+ p = pointer; -+ -+ while (p) -+ { -+ fprintf (file, " { "); -+ -+ if (p->name[0] != 0) -+ fprintf (file, "\"%s\", ", p->name); -+ else -+ fprintf (file, "NULL, "); -+ -+ t = p->type; -+ if (p->down) -+ t |= CONST_DOWN; -+ if (p->right) -+ t |= CONST_RIGHT; -+ -+ fprintf (file, "%lu, ", t); -+ -+ if (p->value) -+ fprintf (file, "\"%s\"},\n", p->value); -+ else -+ fprintf (file, "NULL },\n"); -+ -+ if (p->down) -+ { -+ p = p->down; -+ } -+ else if (p->right) -+ { -+ p = p->right; -+ } -+ else -+ { -+ while (1) -+ { -+ p = _asn1_find_up (p); -+ if (p == pointer) -+ { -+ p = NULL; -+ break; -+ } -+ if (p->right) -+ { -+ p = p->right; -+ break; -+ } -+ } -+ } -+ } -+ -+ fprintf (file, " { NULL, 0, NULL }\n};\n"); -+ -+ fclose (file); -+ -+ return ASN1_SUCCESS; -+} -+ -+ -+/** -+ * asn1_array2tree: -+ * @array: specify the array that contains ASN.1 declarations -+ * @definitions: return the pointer to the structure created by -+ * *ARRAY ASN.1 declarations -+ * @errorDescription: return the error description. -+ * -+ * Creates the structures needed to manage the ASN.1 definitions. -+ * @array is a vector created by asn1_parser2array(). -+ * -+ * Returns: %ASN1_SUCCESS if structure was created correctly, -+ * %ASN1_ELEMENT_NOT_EMPTY if *@definitions not NULL, -+ * %ASN1_IDENTIFIER_NOT_FOUND if in the file there is an identifier -+ * that is not defined (see @errorDescription for more information), -+ * %ASN1_ARRAY_ERROR if the array pointed by @array is wrong. -+ **/ -+int -+asn1_array2tree (const asn1_static_node * array, asn1_node * definitions, -+ char *errorDescription) -+{ -+ asn1_node p, p_last = NULL; -+ unsigned long k; -+ int move; -+ int result; -+ unsigned int type; -+ list_type *e_list = NULL; -+ -+ if (errorDescription) -+ errorDescription[0] = 0; -+ -+ if (*definitions != NULL) -+ return ASN1_ELEMENT_NOT_EMPTY; -+ -+ move = UP; -+ -+ for (k = 0; array[k].value || array[k].type || array[k].name; k++) -+ { -+ type = convert_old_type (array[k].type); -+ -+ p = _asn1_add_static_node (&e_list, type & (~CONST_DOWN)); -+ if (array[k].name) -+ _asn1_set_name (p, array[k].name); -+ if (array[k].value) -+ _asn1_set_value (p, array[k].value, strlen (array[k].value) + 1); -+ -+ if (*definitions == NULL) -+ *definitions = p; -+ -+ if (move == DOWN) -+ { -+ if (p_last && p_last->down) -+ _asn1_delete_structure (e_list, &p_last->down, 0); -+ _asn1_set_down (p_last, p); -+ } -+ else if (move == RIGHT) -+ { -+ if (p_last && p_last->right) -+ _asn1_delete_structure (e_list, &p_last->right, 0); -+ _asn1_set_right (p_last, p); -+ } -+ -+ p_last = p; -+ -+ if (type & CONST_DOWN) -+ move = DOWN; -+ else if (type & CONST_RIGHT) -+ move = RIGHT; -+ else -+ { -+ while (p_last != *definitions) -+ { -+ p_last = _asn1_find_up (p_last); -+ -+ if (p_last == NULL) -+ break; -+ -+ if (p_last->type & CONST_RIGHT) -+ { -+ p_last->type &= ~CONST_RIGHT; -+ move = RIGHT; -+ break; -+ } -+ } /* while */ -+ } -+ } /* while */ -+ -+ if (p_last == *definitions) -+ { -+ result = _asn1_check_identifier (*definitions); -+ if (result == ASN1_SUCCESS) -+ { -+ _asn1_change_integer_value (*definitions); -+ result = _asn1_expand_object_id (&e_list, *definitions); -+ } -+ } -+ else -+ { -+ result = ASN1_ARRAY_ERROR; -+ } -+ -+ if (errorDescription != NULL) -+ { -+ if (result == ASN1_IDENTIFIER_NOT_FOUND) -+ { -+ Estrcpy (errorDescription, ":: identifier '"); -+ Estrcat (errorDescription, _asn1_identifierMissing); -+ Estrcat (errorDescription, "' not found"); -+ } -+ else -+ errorDescription[0] = 0; -+ } -+ -+ if (result != ASN1_SUCCESS) -+ { -+ _asn1_delete_list_and_nodes (e_list); -+ *definitions = NULL; -+ } -+ else -+ _asn1_delete_list (e_list); -+ -+ return result; -+} -+ -+/** -+ * asn1_delete_structure: -+ * @structure: pointer to the structure that you want to delete. -+ * -+ * Deletes the structure *@structure. At the end, *@structure is set -+ * to NULL. -+ * -+ * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if -+ * *@structure was NULL. -+ **/ -+int -+asn1_delete_structure (asn1_node * structure) -+{ -+ return _asn1_delete_structure (NULL, structure, 0); -+} -+ -+/** -+ * asn1_delete_structure2: -+ * @structure: pointer to the structure that you want to delete. -+ * @flags: additional flags (see %ASN1_DELETE_FLAG) -+ * -+ * Deletes the structure *@structure. At the end, *@structure is set -+ * to NULL. -+ * -+ * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if -+ * *@structure was NULL. -+ **/ -+int -+asn1_delete_structure2 (asn1_node * structure, unsigned int flags) -+{ -+ return _asn1_delete_structure (NULL, structure, flags); -+} -+ -+int -+_asn1_delete_structure (list_type *e_list, asn1_node * structure, unsigned int flags) -+{ -+ asn1_node p, p2, p3; -+ -+ if (*structure == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ p = *structure; -+ while (p) -+ { -+ if (p->down) -+ { -+ p = p->down; -+ } -+ else -+ { /* no down */ -+ p2 = p->right; -+ if (p != *structure) -+ { -+ p3 = _asn1_find_up (p); -+ _asn1_set_down (p3, p2); -+ if (e_list) -+ _asn1_delete_node_from_list (e_list, p); -+ _asn1_remove_node (p, flags); -+ p = p3; -+ } -+ else -+ { /* p==root */ -+ p3 = _asn1_find_left (p); -+ if (!p3) -+ { -+ p3 = _asn1_find_up (p); -+ if (p3) -+ _asn1_set_down (p3, p2); -+ else -+ { -+ if (p->right) -+ p->right->left = NULL; -+ } -+ } -+ else -+ _asn1_set_right (p3, p2); -+ if (e_list) -+ _asn1_delete_node_from_list (e_list, p); -+ _asn1_remove_node (p, flags); -+ p = NULL; -+ } -+ } -+ } -+ -+ *structure = NULL; -+ return ASN1_SUCCESS; -+} -+ -+ -+/** -+ * asn1_delete_element: -+ * @structure: pointer to the structure that contains the element you -+ * want to delete. -+ * @element_name: element's name you want to delete. -+ * -+ * Deletes the element named *@element_name inside *@structure. -+ * -+ * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if -+ * the @element_name was not found. -+ **/ -+int -+asn1_delete_element (asn1_node structure, const char *element_name) -+{ -+ asn1_node p2, p3, source_node; -+ -+ source_node = asn1_find_node (structure, element_name); -+ -+ if (source_node == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ p2 = source_node->right; -+ p3 = _asn1_find_left (source_node); -+ if (!p3) -+ { -+ p3 = _asn1_find_up (source_node); -+ if (p3) -+ _asn1_set_down (p3, p2); -+ else if (source_node->right) -+ source_node->right->left = NULL; -+ } -+ else -+ _asn1_set_right (p3, p2); -+ -+ return asn1_delete_structure (&source_node); -+} -+ -+#ifndef __clang_analyzer__ -+asn1_node -+_asn1_copy_structure3 (asn1_node_const source_node) -+{ -+ asn1_node_const p_s; -+ asn1_node dest_node, p_d, p_d_prev; -+ int move; -+ -+ if (source_node == NULL) -+ return NULL; -+ -+ dest_node = _asn1_add_single_node (source_node->type); -+ -+ p_s = source_node; -+ p_d = dest_node; -+ -+ move = DOWN; -+ -+ do -+ { -+ if (move != UP) -+ { -+ if (p_s->name[0] != 0) -+ _asn1_cpy_name (p_d, p_s); -+ if (p_s->value) -+ _asn1_set_value (p_d, p_s->value, p_s->value_len); -+ if (p_s->down) -+ { -+ p_s = p_s->down; -+ p_d_prev = p_d; -+ p_d = _asn1_add_single_node (p_s->type); -+ _asn1_set_down (p_d_prev, p_d); -+ continue; -+ } -+ p_d->start = p_s->start; -+ p_d->end = p_s->end; -+ } -+ -+ if (p_s == source_node) -+ break; -+ -+ if (p_s->right) -+ { -+ move = RIGHT; -+ p_s = p_s->right; -+ p_d_prev = p_d; -+ p_d = _asn1_add_single_node (p_s->type); -+ _asn1_set_right (p_d_prev, p_d); -+ } -+ else -+ { -+ move = UP; -+ p_s = _asn1_find_up (p_s); -+ p_d = _asn1_find_up (p_d); -+ } -+ } -+ while (p_s != source_node); -+ return dest_node; -+} -+#else -+ -+/* Non-production code */ -+asn1_node -+_asn1_copy_structure3 (asn1_node_const source_node) -+{ -+ return NULL; -+} -+#endif /* __clang_analyzer__ */ -+ -+ -+static asn1_node -+_asn1_copy_structure2 (asn1_node_const root, const char *source_name) -+{ -+ asn1_node source_node; -+ -+ source_node = asn1_find_node (root, source_name); -+ -+ return _asn1_copy_structure3 (source_node); -+ -+} -+ -+ -+static int -+_asn1_type_choice_config (asn1_node node) -+{ -+ asn1_node p, p2, p3, p4; -+ int move, tlen; -+ -+ if (node == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ p = node; -+ move = DOWN; -+ -+ while (!((p == node) && (move == UP))) -+ { -+ if (move != UP) -+ { -+ if ((type_field (p->type) == ASN1_ETYPE_CHOICE) -+ && (p->type & CONST_TAG)) -+ { -+ p2 = p->down; -+ while (p2) -+ { -+ if (type_field (p2->type) != ASN1_ETYPE_TAG) -+ { -+ p2->type |= CONST_TAG; -+ p3 = _asn1_find_left (p2); -+ while (p3) -+ { -+ if (type_field (p3->type) == ASN1_ETYPE_TAG) -+ { -+ p4 = _asn1_add_single_node (p3->type); -+ tlen = _asn1_strlen (p3->value); -+ if (tlen > 0) -+ _asn1_set_value (p4, p3->value, tlen + 1); -+ _asn1_set_right (p4, p2->down); -+ _asn1_set_down (p2, p4); -+ } -+ p3 = _asn1_find_left (p3); -+ } -+ } -+ p2 = p2->right; -+ } -+ p->type &= ~(CONST_TAG); -+ p2 = p->down; -+ while (p2) -+ { -+ p3 = p2->right; -+ if (type_field (p2->type) == ASN1_ETYPE_TAG) -+ asn1_delete_structure (&p2); -+ p2 = p3; -+ } -+ } -+ move = DOWN; -+ } -+ else -+ move = RIGHT; -+ -+ if (move == DOWN) -+ { -+ if (p->down) -+ p = p->down; -+ else -+ move = RIGHT; -+ } -+ -+ if (p == node) -+ { -+ move = UP; -+ continue; -+ } -+ -+ if (move == RIGHT) -+ { -+ if (p->right) -+ p = p->right; -+ else -+ move = UP; -+ } -+ if (move == UP) -+ p = _asn1_find_up (p); -+ } -+ -+ return ASN1_SUCCESS; -+} -+ -+ -+static int -+_asn1_expand_identifier (asn1_node * node, asn1_node_const root) -+{ -+ asn1_node p, p2, p3; -+ char name2[ASN1_MAX_NAME_SIZE + 2]; -+ int move; -+ -+ if (node == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ p = *node; -+ move = DOWN; -+ -+ while (!((p == *node) && (move == UP))) -+ { -+ if (move != UP) -+ { -+ if (type_field (p->type) == ASN1_ETYPE_IDENTIFIER) -+ { -+ snprintf (name2, sizeof (name2), "%s.%s", root->name, p->value); -+ p2 = _asn1_copy_structure2 (root, name2); -+ if (p2 == NULL) -+ { -+ return ASN1_IDENTIFIER_NOT_FOUND; -+ } -+ _asn1_cpy_name (p2, p); -+ p2->right = p->right; -+ p2->left = p->left; -+ if (p->right) -+ p->right->left = p2; -+ p3 = p->down; -+ if (p3) -+ { -+ while (p3->right) -+ p3 = p3->right; -+ _asn1_set_right (p3, p2->down); -+ _asn1_set_down (p2, p->down); -+ } -+ -+ p3 = _asn1_find_left (p); -+ if (p3) -+ _asn1_set_right (p3, p2); -+ else -+ { -+ p3 = _asn1_find_up (p); -+ if (p3) -+ _asn1_set_down (p3, p2); -+ else -+ { -+ p2->left = NULL; -+ } -+ } -+ -+ if (p->type & CONST_SIZE) -+ p2->type |= CONST_SIZE; -+ if (p->type & CONST_TAG) -+ p2->type |= CONST_TAG; -+ if (p->type & CONST_OPTION) -+ p2->type |= CONST_OPTION; -+ if (p->type & CONST_DEFAULT) -+ p2->type |= CONST_DEFAULT; -+ if (p->type & CONST_SET) -+ p2->type |= CONST_SET; -+ if (p->type & CONST_NOT_USED) -+ p2->type |= CONST_NOT_USED; -+ -+ if (p == *node) -+ *node = p2; -+ _asn1_remove_node (p, 0); -+ p = p2; -+ move = DOWN; -+ continue; -+ } -+ move = DOWN; -+ } -+ else -+ move = RIGHT; -+ -+ if (move == DOWN) -+ { -+ if (p->down) -+ p = p->down; -+ else -+ move = RIGHT; -+ } -+ -+ if (p == *node) -+ { -+ move = UP; -+ continue; -+ } -+ -+ if (move == RIGHT) -+ { -+ if (p->right) -+ p = p->right; -+ else -+ move = UP; -+ } -+ if (move == UP) -+ p = _asn1_find_up (p); -+ } -+ -+ return ASN1_SUCCESS; -+} -+ -+ -+/** -+ * asn1_create_element: -+ * @definitions: pointer to the structure returned by "parser_asn1" function -+ * @source_name: the name of the type of the new structure (must be -+ * inside p_structure). -+ * @element: pointer to the structure created. -+ * -+ * Creates a structure of type @source_name. Example using -+ * "pkix.asn": -+ * -+ * rc = asn1_create_element(cert_def, "PKIX1.Certificate", certptr); -+ * -+ * Returns: %ASN1_SUCCESS if creation OK, %ASN1_ELEMENT_NOT_FOUND if -+ * @source_name is not known. -+ **/ -+int -+asn1_create_element (asn1_node_const definitions, const char *source_name, -+ asn1_node * element) -+{ -+ asn1_node dest_node; -+ int res; -+ -+ dest_node = _asn1_copy_structure2 (definitions, source_name); -+ -+ if (dest_node == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ _asn1_set_name (dest_node, ""); -+ -+ res = _asn1_expand_identifier (&dest_node, definitions); -+ _asn1_type_choice_config (dest_node); -+ -+ *element = dest_node; -+ -+ return res; -+} -+ -+ -+/** -+ * asn1_print_structure: -+ * @out: pointer to the output file (e.g. stdout). -+ * @structure: pointer to the structure that you want to visit. -+ * @name: an element of the structure -+ * @mode: specify how much of the structure to print, can be -+ * %ASN1_PRINT_NAME, %ASN1_PRINT_NAME_TYPE, -+ * %ASN1_PRINT_NAME_TYPE_VALUE, or %ASN1_PRINT_ALL. -+ * -+ * Prints on the @out file descriptor the structure's tree starting -+ * from the @name element inside the structure @structure. -+ **/ -+void -+asn1_print_structure (FILE * out, asn1_node_const structure, const char *name, -+ int mode) -+{ -+ asn1_node_const p, root; -+ int k, indent = 0, len, len2, len3; -+ -+ if (out == NULL) -+ return; -+ -+ root = asn1_find_node (structure, name); -+ -+ if (root == NULL) -+ return; -+ -+ p = root; -+ while (p) -+ { -+ if (mode == ASN1_PRINT_ALL) -+ { -+ for (k = 0; k < indent; k++) -+ fprintf (out, " "); -+ fprintf (out, "name:"); -+ if (p->name[0] != 0) -+ fprintf (out, "%s ", p->name); -+ else -+ fprintf (out, "NULL "); -+ } -+ else -+ { -+ switch (type_field (p->type)) -+ { -+ case ASN1_ETYPE_CONSTANT: -+ case ASN1_ETYPE_TAG: -+ case ASN1_ETYPE_SIZE: -+ break; -+ default: -+ for (k = 0; k < indent; k++) -+ fprintf (out, " "); -+ fprintf (out, "name:"); -+ if (p->name[0] != 0) -+ fprintf (out, "%s ", p->name); -+ else -+ fprintf (out, "NULL "); -+ } -+ } -+ -+ if (mode != ASN1_PRINT_NAME) -+ { -+ unsigned type = type_field (p->type); -+ switch (type) -+ { -+ case ASN1_ETYPE_CONSTANT: -+ if (mode == ASN1_PRINT_ALL) -+ fprintf (out, "type:CONST"); -+ break; -+ case ASN1_ETYPE_TAG: -+ if (mode == ASN1_PRINT_ALL) -+ fprintf (out, "type:TAG"); -+ break; -+ case ASN1_ETYPE_SIZE: -+ if (mode == ASN1_PRINT_ALL) -+ fprintf (out, "type:SIZE"); -+ break; -+ case ASN1_ETYPE_DEFAULT: -+ fprintf (out, "type:DEFAULT"); -+ break; -+ case ASN1_ETYPE_IDENTIFIER: -+ fprintf (out, "type:IDENTIFIER"); -+ break; -+ case ASN1_ETYPE_ANY: -+ fprintf (out, "type:ANY"); -+ break; -+ case ASN1_ETYPE_CHOICE: -+ fprintf (out, "type:CHOICE"); -+ break; -+ case ASN1_ETYPE_DEFINITIONS: -+ fprintf (out, "type:DEFINITIONS"); -+ break; -+ CASE_HANDLED_ETYPES: -+ fprintf (out, "%s", _asn1_tags[type].desc); -+ break; -+ default: -+ break; -+ } -+ } -+ -+ if ((mode == ASN1_PRINT_NAME_TYPE_VALUE) || (mode == ASN1_PRINT_ALL)) -+ { -+ switch (type_field (p->type)) -+ { -+ case ASN1_ETYPE_CONSTANT: -+ if (mode == ASN1_PRINT_ALL) -+ if (p->value) -+ fprintf (out, " value:%s", p->value); -+ break; -+ case ASN1_ETYPE_TAG: -+ if (mode == ASN1_PRINT_ALL) -+ if (p->value) -+ fprintf (out, " value:%s", p->value); -+ break; -+ case ASN1_ETYPE_SIZE: -+ if (mode == ASN1_PRINT_ALL) -+ if (p->value) -+ fprintf (out, " value:%s", p->value); -+ break; -+ case ASN1_ETYPE_DEFAULT: -+ if (p->value) -+ fprintf (out, " value:%s", p->value); -+ else if (p->type & CONST_TRUE) -+ fprintf (out, " value:TRUE"); -+ else if (p->type & CONST_FALSE) -+ fprintf (out, " value:FALSE"); -+ break; -+ case ASN1_ETYPE_IDENTIFIER: -+ if (p->value) -+ fprintf (out, " value:%s", p->value); -+ break; -+ case ASN1_ETYPE_INTEGER: -+ if (p->value) -+ { -+ len2 = -1; -+ len = asn1_get_length_der (p->value, p->value_len, &len2); -+ fprintf (out, " value:0x"); -+ if (len > 0) -+ for (k = 0; k < len; k++) -+ fprintf (out, "%02x", (unsigned) (p->value)[k + len2]); -+ } -+ break; -+ case ASN1_ETYPE_ENUMERATED: -+ if (p->value) -+ { -+ len2 = -1; -+ len = asn1_get_length_der (p->value, p->value_len, &len2); -+ fprintf (out, " value:0x"); -+ if (len > 0) -+ for (k = 0; k < len; k++) -+ fprintf (out, "%02x", (unsigned) (p->value)[k + len2]); -+ } -+ break; -+ case ASN1_ETYPE_BOOLEAN: -+ if (p->value) -+ { -+ if (p->value[0] == 'T') -+ fprintf (out, " value:TRUE"); -+ else if (p->value[0] == 'F') -+ fprintf (out, " value:FALSE"); -+ } -+ break; -+ case ASN1_ETYPE_BIT_STRING: -+ if (p->value) -+ { -+ len2 = -1; -+ len = asn1_get_length_der (p->value, p->value_len, &len2); -+ if (len > 0) -+ { -+ fprintf (out, " value(%i):", -+ (len - 1) * 8 - (p->value[len2])); -+ for (k = 1; k < len; k++) -+ fprintf (out, "%02x", (unsigned) (p->value)[k + len2]); -+ } -+ } -+ break; -+ case ASN1_ETYPE_GENERALIZED_TIME: -+ case ASN1_ETYPE_UTC_TIME: -+ if (p->value) -+ { -+ fprintf (out, " value:"); -+ for (k = 0; k < p->value_len; k++) -+ fprintf (out, "%c", (p->value)[k]); -+ } -+ break; -+ case ASN1_ETYPE_GENERALSTRING: -+ case ASN1_ETYPE_NUMERIC_STRING: -+ case ASN1_ETYPE_IA5_STRING: -+ case ASN1_ETYPE_TELETEX_STRING: -+ case ASN1_ETYPE_PRINTABLE_STRING: -+ case ASN1_ETYPE_UNIVERSAL_STRING: -+ case ASN1_ETYPE_UTF8_STRING: -+ case ASN1_ETYPE_VISIBLE_STRING: -+ if (p->value) -+ { -+ len2 = -1; -+ len = asn1_get_length_der (p->value, p->value_len, &len2); -+ fprintf (out, " value:"); -+ if (len > 0) -+ for (k = 0; k < len; k++) -+ fprintf (out, "%c", (p->value)[k + len2]); -+ } -+ break; -+ case ASN1_ETYPE_BMP_STRING: -+ case ASN1_ETYPE_OCTET_STRING: -+ if (p->value) -+ { -+ len2 = -1; -+ len = asn1_get_length_der (p->value, p->value_len, &len2); -+ fprintf (out, " value:"); -+ if (len > 0) -+ for (k = 0; k < len; k++) -+ fprintf (out, "%02x", (unsigned) (p->value)[k + len2]); -+ } -+ break; -+ case ASN1_ETYPE_OBJECT_ID: -+ if (p->value) -+ fprintf (out, " value:%s", p->value); -+ break; -+ case ASN1_ETYPE_ANY: -+ if (p->value) -+ { -+ len3 = -1; -+ len2 = asn1_get_length_der (p->value, p->value_len, &len3); -+ fprintf (out, " value:"); -+ if (len2 > 0) -+ for (k = 0; k < len2; k++) -+ fprintf (out, "%02x", (unsigned) (p->value)[k + len3]); -+ } -+ break; -+ case ASN1_ETYPE_SET: -+ case ASN1_ETYPE_SET_OF: -+ case ASN1_ETYPE_CHOICE: -+ case ASN1_ETYPE_DEFINITIONS: -+ case ASN1_ETYPE_SEQUENCE_OF: -+ case ASN1_ETYPE_SEQUENCE: -+ case ASN1_ETYPE_NULL: -+ break; -+ default: -+ break; -+ } -+ } -+ -+ if (mode == ASN1_PRINT_ALL) -+ { -+ if (p->type & 0x1FFFFF00) -+ { -+ fprintf (out, " attr:"); -+ if (p->type & CONST_UNIVERSAL) -+ fprintf (out, "UNIVERSAL,"); -+ if (p->type & CONST_PRIVATE) -+ fprintf (out, "PRIVATE,"); -+ if (p->type & CONST_APPLICATION) -+ fprintf (out, "APPLICATION,"); -+ if (p->type & CONST_EXPLICIT) -+ fprintf (out, "EXPLICIT,"); -+ if (p->type & CONST_IMPLICIT) -+ fprintf (out, "IMPLICIT,"); -+ if (p->type & CONST_TAG) -+ fprintf (out, "TAG,"); -+ if (p->type & CONST_DEFAULT) -+ fprintf (out, "DEFAULT,"); -+ if (p->type & CONST_TRUE) -+ fprintf (out, "TRUE,"); -+ if (p->type & CONST_FALSE) -+ fprintf (out, "FALSE,"); -+ if (p->type & CONST_LIST) -+ fprintf (out, "LIST,"); -+ if (p->type & CONST_MIN_MAX) -+ fprintf (out, "MIN_MAX,"); -+ if (p->type & CONST_OPTION) -+ fprintf (out, "OPTION,"); -+ if (p->type & CONST_1_PARAM) -+ fprintf (out, "1_PARAM,"); -+ if (p->type & CONST_SIZE) -+ fprintf (out, "SIZE,"); -+ if (p->type & CONST_DEFINED_BY) -+ fprintf (out, "DEF_BY,"); -+ if (p->type & CONST_GENERALIZED) -+ fprintf (out, "GENERALIZED,"); -+ if (p->type & CONST_UTC) -+ fprintf (out, "UTC,"); -+ if (p->type & CONST_SET) -+ fprintf (out, "SET,"); -+ if (p->type & CONST_NOT_USED) -+ fprintf (out, "NOT_USED,"); -+ if (p->type & CONST_ASSIGN) -+ fprintf (out, "ASSIGNMENT,"); -+ } -+ } -+ -+ if (mode == ASN1_PRINT_ALL) -+ { -+ fprintf (out, "\n"); -+ } -+ else -+ { -+ switch (type_field (p->type)) -+ { -+ case ASN1_ETYPE_CONSTANT: -+ case ASN1_ETYPE_TAG: -+ case ASN1_ETYPE_SIZE: -+ break; -+ default: -+ fprintf (out, "\n"); -+ } -+ } -+ -+ if (p->down) -+ { -+ p = p->down; -+ indent += 2; -+ } -+ else if (p == root) -+ { -+ p = NULL; -+ break; -+ } -+ else if (p->right) -+ p = p->right; -+ else -+ { -+ while (1) -+ { -+ p = _asn1_find_up (p); -+ if (p == root) -+ { -+ p = NULL; -+ break; -+ } -+ indent -= 2; -+ if (p->right) -+ { -+ p = p->right; -+ break; -+ } -+ } -+ } -+ } -+} -+ -+ -+ -+/** -+ * asn1_number_of_elements: -+ * @element: pointer to the root of an ASN1 structure. -+ * @name: the name of a sub-structure of ROOT. -+ * @num: pointer to an integer where the result will be stored -+ * -+ * Counts the number of elements of a sub-structure called NAME with -+ * names equal to "?1","?2", ... -+ * -+ * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if -+ * @name is not known, %ASN1_GENERIC_ERROR if pointer @num is %NULL. -+ **/ -+int -+asn1_number_of_elements (asn1_node_const element, const char *name, int *num) -+{ -+ asn1_node_const node, p; -+ -+ if (num == NULL) -+ return ASN1_GENERIC_ERROR; -+ -+ *num = 0; -+ -+ node = asn1_find_node (element, name); -+ if (node == NULL) -+ return ASN1_ELEMENT_NOT_FOUND; -+ -+ p = node->down; -+ -+ while (p) -+ { -+ if (p->name[0] == '?') -+ (*num)++; -+ p = p->right; -+ } -+ -+ return ASN1_SUCCESS; -+} -+ -+ -+/** -+ * asn1_find_structure_from_oid: -+ * @definitions: ASN1 definitions -+ * @oidValue: value of the OID to search (e.g. "1.2.3.4"). -+ * -+ * Search the structure that is defined just after an OID definition. -+ * -+ * Returns: %NULL when @oidValue not found, otherwise the pointer to a -+ * constant string that contains the element name defined just after -+ * the OID. -+ **/ -+const char * -+asn1_find_structure_from_oid (asn1_node_const definitions, const char *oidValue) -+{ -+ char name[2 * ASN1_MAX_NAME_SIZE + 2]; -+ char value[ASN1_MAX_NAME_SIZE]; -+ asn1_node p; -+ int len; -+ int result; -+ const char *definitionsName; -+ -+ if ((definitions == NULL) || (oidValue == NULL)) -+ return NULL; /* ASN1_ELEMENT_NOT_FOUND; */ -+ -+ definitionsName = definitions->name; -+ -+ /* search the OBJECT_ID into definitions */ -+ p = definitions->down; -+ while (p) -+ { -+ if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) && -+ (p->type & CONST_ASSIGN)) -+ { -+ snprintf(name, sizeof(name), "%s.%s", definitionsName, p->name); -+ -+ len = ASN1_MAX_NAME_SIZE; -+ result = asn1_read_value (definitions, name, value, &len); -+ -+ if ((result == ASN1_SUCCESS) && (!strcmp (oidValue, value))) -+ { -+ p = p->right; -+ if (p == NULL) /* reach the end of ASN1 definitions */ -+ return NULL; /* ASN1_ELEMENT_NOT_FOUND; */ -+ -+ return p->name; -+ } -+ } -+ p = p->right; -+ } -+ -+ return NULL; /* ASN1_ELEMENT_NOT_FOUND; */ -+} -+ -+/** -+ * asn1_copy_node: -+ * @dst: Destination asn1 node. -+ * @dst_name: Field name in destination node. -+ * @src: Source asn1 node. -+ * @src_name: Field name in source node. -+ * -+ * Create a deep copy of a asn1_node variable. That -+ * function requires @dst to be expanded using asn1_create_element(). -+ * -+ * Returns: Return %ASN1_SUCCESS on success. -+ **/ -+int -+asn1_copy_node (asn1_node dst, const char *dst_name, -+ asn1_node_const src, const char *src_name) -+{ -+ int result; -+ asn1_node dst_node; -+ void *data = NULL; -+ int size = 0; -+ -+ result = asn1_der_coding (src, src_name, NULL, &size, NULL); -+ if (result != ASN1_MEM_ERROR) -+ return result; -+ -+ data = malloc (size); -+ if (data == NULL) -+ return ASN1_MEM_ERROR; -+ -+ result = asn1_der_coding (src, src_name, data, &size, NULL); -+ if (result != ASN1_SUCCESS) -+ { -+ free (data); -+ return result; -+ } -+ -+ dst_node = asn1_find_node (dst, dst_name); -+ if (dst_node == NULL) -+ { -+ free (data); -+ return ASN1_ELEMENT_NOT_FOUND; -+ } -+ -+ result = asn1_der_decoding (&dst_node, data, size, NULL); -+ -+ free (data); -+ -+ return result; -+} -+ -+/** -+ * asn1_dup_node: -+ * @src: Source asn1 node. -+ * @src_name: Field name in source node. -+ * -+ * Create a deep copy of a asn1_node variable. This function -+ * will return an exact copy of the provided structure. -+ * -+ * Returns: Return %NULL on failure. -+ **/ -+asn1_node -+asn1_dup_node (asn1_node_const src, const char *src_name) -+{ -+ return _asn1_copy_structure2(src, src_name); -+} -diff --git a/grub-core/lib/libtasn1/lib/element.h b/grub-core/lib/libtasn1/lib/element.h -new file mode 100644 -index 0000000000..440a33f4bb ---- /dev/null -+++ b/grub-core/lib/libtasn1/lib/element.h -@@ -0,0 +1,40 @@ -+/* -+ * Copyright (C) 2000-2014 Free Software Foundation, Inc. -+ * -+ * This file is part of LIBTASN1. -+ * -+ * The LIBTASN1 library is free software; you can redistribute it -+ * and/or modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -+ * 02110-1301, USA -+ */ -+ -+#ifndef _ELEMENT_H -+#define _ELEMENT_H -+ -+ -+struct node_tail_cache_st -+{ -+ asn1_node head; /* the first element of the sequence */ -+ asn1_node tail; -+}; -+ -+int _asn1_append_sequence_set (asn1_node node, struct node_tail_cache_st *pcached); -+ -+int _asn1_convert_integer (const unsigned char *value, -+ unsigned char *value_out, -+ int value_out_size, int *len); -+ -+void _asn1_hierarchical_name (asn1_node_const node, char *name, int name_size); -+ -+#endif -diff --git a/grub-core/lib/libtasn1/lib/gstr.h b/grub-core/lib/libtasn1/lib/gstr.h -new file mode 100644 -index 0000000000..48229844ff ---- /dev/null -+++ b/grub-core/lib/libtasn1/lib/gstr.h -@@ -0,0 +1,47 @@ -+/* -+ * Copyright (C) 2002-2014 Free Software Foundation, Inc. -+ * -+ * This file is part of LIBTASN1. -+ * -+ * The LIBTASN1 library is free software; you can redistribute it -+ * and/or modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -+ * 02110-1301, USA -+ */ -+ -+#ifndef GSTR_H -+# define GSTR_H -+ -+unsigned int _asn1_str_cpy (char *dest, size_t dest_tot_size, -+ const char *src); -+void _asn1_str_cat (char *dest, size_t dest_tot_size, const char *src); -+ -+#define Estrcpy(x,y) _asn1_str_cpy(x,ASN1_MAX_ERROR_DESCRIPTION_SIZE,y) -+#define Estrcat(x,y) _asn1_str_cat(x,ASN1_MAX_ERROR_DESCRIPTION_SIZE,y) -+ -+inline static -+void safe_memset(void *data, int c, size_t size) -+{ -+ volatile unsigned volatile_zero = 0; -+ volatile char *vdata = (volatile char*)data; -+ -+ /* This is based on a nice trick for safe memset, -+ * sent by David Jacobson in the openssl-dev mailing list. -+ */ -+ -+ if (size > 0) do { -+ memset(data, c, size); -+ } while(vdata[volatile_zero] != c); -+} -+ -+#endif /* GSTR_H */ -diff --git a/grub-core/lib/libtasn1/lib/int.h b/grub-core/lib/libtasn1/lib/int.h -new file mode 100644 -index 0000000000..ea1625786c ---- /dev/null -+++ b/grub-core/lib/libtasn1/lib/int.h -@@ -0,0 +1,221 @@ -+/* -+ * Copyright (C) 2002-2014 Free Software Foundation, Inc. -+ * -+ * This file is part of LIBTASN1. -+ * -+ * The LIBTASN1 library is free software; you can redistribute it -+ * and/or modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -+ * 02110-1301, USA -+ */ -+ -+#ifndef INT_H -+#define INT_H -+ -+#ifdef HAVE_CONFIG_H -+#include -+#endif -+ -+#include -+#include -+#include -+#include -+ -+#ifdef HAVE_SYS_TYPES_H -+#include -+#endif -+ -+#include -+ -+#define ASN1_SMALL_VALUE_SIZE 16 -+ -+/* This structure is also in libtasn1.h, but then contains less -+ fields. You cannot make any modifications to these first fields -+ without breaking ABI. */ -+struct asn1_node_st -+{ -+ /* public fields: */ -+ char name[ASN1_MAX_NAME_SIZE + 1]; /* Node name */ -+ unsigned int name_hash; -+ unsigned int type; /* Node type */ -+ unsigned char *value; /* Node value */ -+ int value_len; -+ asn1_node down; /* Pointer to the son node */ -+ asn1_node right; /* Pointer to the brother node */ -+ asn1_node left; /* Pointer to the next list element */ -+ /* private fields: */ -+ unsigned char small_value[ASN1_SMALL_VALUE_SIZE]; /* For small values */ -+ -+ /* values used during decoding/coding */ -+ int tmp_ival; -+ unsigned start; /* the start of the DER sequence - if decoded */ -+ unsigned end; /* the end of the DER sequence - if decoded */ -+}; -+ -+typedef struct tag_and_class_st -+{ -+ unsigned tag; -+ unsigned class; -+ const char *desc; -+} tag_and_class_st; -+ -+/* the types that are handled in _asn1_tags */ -+#define CASE_HANDLED_ETYPES \ -+ case ASN1_ETYPE_NULL: \ -+ case ASN1_ETYPE_BOOLEAN: \ -+ case ASN1_ETYPE_INTEGER: \ -+ case ASN1_ETYPE_ENUMERATED: \ -+ case ASN1_ETYPE_OBJECT_ID: \ -+ case ASN1_ETYPE_OCTET_STRING: \ -+ case ASN1_ETYPE_GENERALSTRING: \ -+ case ASN1_ETYPE_NUMERIC_STRING: \ -+ case ASN1_ETYPE_IA5_STRING: \ -+ case ASN1_ETYPE_TELETEX_STRING: \ -+ case ASN1_ETYPE_PRINTABLE_STRING: \ -+ case ASN1_ETYPE_UNIVERSAL_STRING: \ -+ case ASN1_ETYPE_BMP_STRING: \ -+ case ASN1_ETYPE_UTF8_STRING: \ -+ case ASN1_ETYPE_VISIBLE_STRING: \ -+ case ASN1_ETYPE_BIT_STRING: \ -+ case ASN1_ETYPE_SEQUENCE: \ -+ case ASN1_ETYPE_SEQUENCE_OF: \ -+ case ASN1_ETYPE_SET: \ -+ case ASN1_ETYPE_UTC_TIME: \ -+ case ASN1_ETYPE_GENERALIZED_TIME: \ -+ case ASN1_ETYPE_SET_OF -+ -+#define ETYPE_TAG(etype) (_asn1_tags[etype].tag) -+#define ETYPE_CLASS(etype) (_asn1_tags[etype].class) -+#define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \ -+ (etype) <= _asn1_tags_size && \ -+ _asn1_tags[(etype)].desc != NULL)?1:0) -+ -+#define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \ -+ etype == ASN1_ETYPE_NUMERIC_STRING || etype == ASN1_ETYPE_IA5_STRING || \ -+ etype == ASN1_ETYPE_TELETEX_STRING || etype == ASN1_ETYPE_PRINTABLE_STRING || \ -+ etype == ASN1_ETYPE_UNIVERSAL_STRING || etype == ASN1_ETYPE_BMP_STRING || \ -+ etype == ASN1_ETYPE_UTF8_STRING || etype == ASN1_ETYPE_VISIBLE_STRING || \ -+ etype == ASN1_ETYPE_OCTET_STRING)?1:0) -+ -+extern unsigned int _asn1_tags_size; -+extern const tag_and_class_st _asn1_tags[]; -+ -+#define _asn1_strlen(s) strlen((const char *) s) -+#define _asn1_strtol(n,e,b) strtol((const char *) n, e, b) -+#define _asn1_strtoul(n,e,b) strtoul((const char *) n, e, b) -+#define _asn1_strcmp(a,b) strcmp((const char *)a, (const char *)b) -+#define _asn1_strcpy(a,b) strcpy((char *)a, (const char *)b) -+#define _asn1_strcat(a,b) strcat((char *)a, (const char *)b) -+ -+#if SIZEOF_UNSIGNED_LONG_INT == 8 -+# define _asn1_strtou64(n,e,b) strtoul((const char *) n, e, b) -+#else -+# define _asn1_strtou64(n,e,b) strtoull((const char *) n, e, b) -+#endif -+ -+#define MAX_LOG_SIZE 1024 /* maximum number of characters of a log message */ -+ -+/* Define used for visiting trees. */ -+#define UP 1 -+#define RIGHT 2 -+#define DOWN 3 -+ -+/***********************************************************************/ -+/* List of constants to better specify the type of typedef asn1_node_st. */ -+/***********************************************************************/ -+/* Used with TYPE_TAG */ -+#define CONST_UNIVERSAL (1U<<8) -+#define CONST_PRIVATE (1U<<9) -+#define CONST_APPLICATION (1U<<10) -+#define CONST_EXPLICIT (1U<<11) -+#define CONST_IMPLICIT (1U<<12) -+ -+#define CONST_TAG (1U<<13) /* Used in ASN.1 assignement */ -+#define CONST_OPTION (1U<<14) -+#define CONST_DEFAULT (1U<<15) -+#define CONST_TRUE (1U<<16) -+#define CONST_FALSE (1U<<17) -+ -+#define CONST_LIST (1U<<18) /* Used with TYPE_INTEGER and TYPE_BIT_STRING */ -+#define CONST_MIN_MAX (1U<<19) -+ -+#define CONST_1_PARAM (1U<<20) -+ -+#define CONST_SIZE (1U<<21) -+ -+#define CONST_DEFINED_BY (1U<<22) -+ -+/* Those two are deprecated and used for backwards compatibility */ -+#define CONST_GENERALIZED (1U<<23) -+#define CONST_UTC (1U<<24) -+ -+/* #define CONST_IMPORTS (1U<<25) */ -+ -+#define CONST_NOT_USED (1U<<26) -+#define CONST_SET (1U<<27) -+#define CONST_ASSIGN (1U<<28) -+ -+#define CONST_DOWN (1U<<29) -+#define CONST_RIGHT (1U<<30) -+ -+ -+#define ASN1_ETYPE_TIME 17 -+/****************************************/ -+/* Returns the first 8 bits. */ -+/* Used with the field type of asn1_node_st */ -+/****************************************/ -+inline static unsigned int -+type_field (unsigned int ntype) -+{ -+ return (ntype & 0xff); -+} -+ -+/* To convert old types from a static structure */ -+inline static unsigned int -+convert_old_type (unsigned int ntype) -+{ -+ unsigned int type = ntype & 0xff; -+ if (type == ASN1_ETYPE_TIME) -+ { -+ if (ntype & CONST_UTC) -+ type = ASN1_ETYPE_UTC_TIME; -+ else -+ type = ASN1_ETYPE_GENERALIZED_TIME; -+ -+ ntype &= ~(CONST_UTC | CONST_GENERALIZED); -+ ntype &= 0xffffff00; -+ ntype |= type; -+ -+ return ntype; -+ } -+ else -+ return ntype; -+} -+ -+static inline -+void *_asn1_realloc(void *ptr, size_t size) -+{ -+ void *ret; -+ -+ if (size == 0) -+ return ptr; -+ -+ ret = realloc(ptr, size); -+ if (ret == NULL) -+ { -+ free(ptr); -+ } -+ return ret; -+} -+ -+#endif /* INT_H */ -diff --git a/grub-core/lib/libtasn1/lib/parser_aux.h b/grub-core/lib/libtasn1/lib/parser_aux.h -new file mode 100644 -index 0000000000..598e684b35 ---- /dev/null -+++ b/grub-core/lib/libtasn1/lib/parser_aux.h -@@ -0,0 +1,172 @@ -+/* -+ * Copyright (C) 2000-2014 Free Software Foundation, Inc. -+ * -+ * This file is part of LIBTASN1. -+ * -+ * The LIBTASN1 library is free software; you can redistribute it -+ * and/or modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -+ * 02110-1301, USA -+ */ -+ -+#ifndef _PARSER_AUX_H -+#define _PARSER_AUX_H -+ -+/***********************************************/ -+/* Type: list_type */ -+/* Description: type used in the list during */ -+/* the structure creation. */ -+/***********************************************/ -+typedef struct list_struct -+{ -+ asn1_node node; -+ struct list_struct *next; -+} list_type; -+ -+/***************************************/ -+/* Functions used by ASN.1 parser */ -+/***************************************/ -+asn1_node _asn1_add_static_node (list_type **e_list, unsigned int type); -+ -+void _asn1_delete_list (list_type *e_list); -+ -+void _asn1_delete_list_and_nodes (list_type *e_list); -+ -+void _asn1_delete_node_from_list (list_type *list, asn1_node node); -+ -+asn1_node -+_asn1_set_value (asn1_node node, const void *value, unsigned int len); -+ -+asn1_node _asn1_set_value_m (asn1_node node, void *value, unsigned int len); -+ -+asn1_node -+_asn1_set_value_lv (asn1_node node, const void *value, unsigned int len); -+ -+asn1_node -+_asn1_append_value (asn1_node node, const void *value, unsigned int len); -+ -+asn1_node _asn1_set_name (asn1_node node, const char *name); -+ -+asn1_node _asn1_cpy_name (asn1_node dst, asn1_node_const src); -+ -+asn1_node _asn1_set_right (asn1_node node, asn1_node right); -+ -+asn1_node _asn1_get_last_right (asn1_node_const node); -+ -+void _asn1_remove_node (asn1_node node, unsigned int flags); -+ -+/* Max 64-bit integer length is 20 chars + 1 for sign + 1 for null termination */ -+#define LTOSTR_MAX_SIZE 22 -+char *_asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE]); -+ -+asn1_node _asn1_find_up (asn1_node_const node); -+ -+int _asn1_change_integer_value (asn1_node node); -+ -+#define EXPAND_OBJECT_ID_MAX_RECURSION 16 -+int _asn1_expand_object_id (list_type **list, asn1_node node); -+ -+int _asn1_type_set_config (asn1_node node); -+ -+int _asn1_check_identifier (asn1_node_const node); -+ -+int _asn1_set_default_tag (asn1_node node); -+ -+/******************************************************************/ -+/* Function : _asn1_get_right */ -+/* Description: returns the element pointed by the RIGHT field of */ -+/* a NODE_ASN element. */ -+/* Parameters: */ -+/* node: NODE_ASN element pointer. */ -+/* Return: field RIGHT of NODE. */ -+/******************************************************************/ -+inline static asn1_node -+_asn1_get_right (asn1_node_const node) -+{ -+ if (node == NULL) -+ return NULL; -+ return node->right; -+} -+ -+/******************************************************************/ -+/* Function : _asn1_set_down */ -+/* Description: sets the field DOWN in a NODE_ASN element. */ -+/* Parameters: */ -+/* node: element pointer. */ -+/* down: pointer to a NODE_ASN element that you want be pointed */ -+/* by NODE. */ -+/* Return: pointer to *NODE. */ -+/******************************************************************/ -+inline static asn1_node -+_asn1_set_down (asn1_node node, asn1_node down) -+{ -+ if (node == NULL) -+ return node; -+ node->down = down; -+ if (down) -+ down->left = node; -+ return node; -+} -+ -+/******************************************************************/ -+/* Function : _asn1_get_down */ -+/* Description: returns the element pointed by the DOWN field of */ -+/* a NODE_ASN element. */ -+/* Parameters: */ -+/* node: NODE_ASN element pointer. */ -+/* Return: field DOWN of NODE. */ -+/******************************************************************/ -+inline static asn1_node -+_asn1_get_down (asn1_node_const node) -+{ -+ if (node == NULL) -+ return NULL; -+ return node->down; -+} -+ -+/******************************************************************/ -+/* Function : _asn1_get_name */ -+/* Description: returns the name of a NODE_ASN element. */ -+/* Parameters: */ -+/* node: NODE_ASN element pointer. */ -+/* Return: a null terminated string. */ -+/******************************************************************/ -+inline static char * -+_asn1_get_name (asn1_node_const node) -+{ -+ if (node == NULL) -+ return NULL; -+ return (char *) node->name; -+} -+ -+/******************************************************************/ -+/* Function : _asn1_mod_type */ -+/* Description: change the field TYPE of an NODE_ASN element. */ -+/* The new value is the old one | (bitwise or) the */ -+/* paramener VALUE. */ -+/* Parameters: */ -+/* node: NODE_ASN element pointer. */ -+/* value: the integer value that must be or-ed with the current */ -+/* value of field TYPE. */ -+/* Return: NODE pointer. */ -+/******************************************************************/ -+inline static asn1_node -+_asn1_mod_type (asn1_node node, unsigned int value) -+{ -+ if (node == NULL) -+ return node; -+ node->type |= value; -+ return node; -+} -+ -+#endif -diff --git a/grub-core/lib/libtasn1/lib/structure.h b/grub-core/lib/libtasn1/lib/structure.h -new file mode 100644 -index 0000000000..99e685da07 ---- /dev/null -+++ b/grub-core/lib/libtasn1/lib/structure.h -@@ -0,0 +1,45 @@ -+/* -+ * Copyright (C) 2002-2014 Free Software Foundation, Inc. -+ * -+ * This file is part of LIBTASN1. -+ * -+ * The LIBTASN1 library is free software; you can redistribute it -+ * and/or modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -+ * 02110-1301, USA -+ */ -+ -+/*************************************************/ -+/* File: structure.h */ -+/* Description: list of exported object by */ -+/* "structure.c" */ -+/*************************************************/ -+ -+#ifndef _STRUCTURE_H -+#define _STRUCTURE_H -+ -+#include "parser_aux.h" // list_type -+ -+int _asn1_create_static_structure (asn1_node_const pointer, -+ char *output_file_name, char *vector_name); -+ -+asn1_node _asn1_copy_structure3 (asn1_node_const source_node); -+ -+asn1_node _asn1_add_single_node (unsigned int type); -+ -+asn1_node _asn1_find_left (asn1_node_const node); -+ -+int -+_asn1_delete_structure (list_type *e_list, asn1_node *structure, unsigned int flags); -+ -+#endif -diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h -new file mode 100644 -index 0000000000..6fd7a30dc3 ---- /dev/null -+++ b/include/grub/libtasn1.h -@@ -0,0 +1,588 @@ -+/* -+ * Copyright (C) 2002-2014 Free Software Foundation, Inc. -+ * -+ * This file is part of LIBTASN1. -+ * -+ * LIBTASN1 is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU Lesser General Public License as -+ * published by the Free Software Foundation; either version 2.1 of -+ * the License, or (at your option) any later version. -+ * -+ * LIBTASN1 is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with LIBTASN1; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -+ * 02110-1301, USA -+ * -+ */ -+ -+/** -+ * libtasn1:Short_Description: -+ * -+ * GNU ASN.1 library -+ */ -+/** -+ * libtasn1:Long_Description: -+ * -+ * The Libtasn1 library provides Abstract Syntax Notation One (ASN.1, as -+ * specified by the X.680 ITU-T recommendation) parsing and structures -+ * management, and Distinguished Encoding Rules (DER, as per X.690) -+ * encoding and decoding functions. -+ */ -+ -+ -+#ifndef LIBTASN1_H -+#define LIBTASN1_H -+ -+#ifndef ASN1_API -+#if defined ASN1_BUILDING && defined HAVE_VISIBILITY && HAVE_VISIBILITY -+#define ASN1_API __attribute__((__visibility__("default"))) -+#elif defined ASN1_BUILDING && defined _MSC_VER && ! defined ASN1_STATIC -+#define ASN1_API __declspec(dllexport) -+#elif defined _MSC_VER && ! defined ASN1_STATIC -+#define ASN1_API __declspec(dllimport) -+#else -+#define ASN1_API -+#endif -+#endif -+ -+#ifdef __GNUC__ -+# define __LIBTASN1_CONST__ __attribute__((const)) -+# define __LIBTASN1_PURE__ __attribute__((pure)) -+#else -+# define __LIBTASN1_CONST__ -+# define __LIBTASN1_PURE__ -+#endif -+ -+#include -+#include -+#include /* for FILE* */ -+ -+#ifdef __cplusplus -+extern "C" -+{ -+#endif -+ -+/** -+ * ASN1_VERSION: -+ * -+ * Version of the library as a string. -+ */ -+#define ASN1_VERSION "4.16.0" -+ -+/** -+ * ASN1_VERSION_MAJOR: -+ * -+ * Major version number of the library. -+ */ -+#define ASN1_VERSION_MAJOR 4 -+ -+/** -+ * ASN1_VERSION_MINOR: -+ * -+ * Minor version number of the library. -+ */ -+#define ASN1_VERSION_MINOR 16 -+ -+/** -+ * ASN1_VERSION_PATCH: -+ * -+ * Patch version number of the library. -+ */ -+#define ASN1_VERSION_PATCH 0 -+ -+/** -+ * ASN1_VERSION_NUMBER: -+ * -+ * Version number of the library as a number. -+ */ -+#define ASN1_VERSION_NUMBER 0x041000 -+ -+ -+#if defined __GNUC__ && !defined ASN1_INTERNAL_BUILD -+# define _ASN1_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) -+# if _ASN1_GCC_VERSION >= 30100 -+# define _ASN1_GCC_ATTR_DEPRECATED __attribute__ ((__deprecated__)) -+# endif -+#endif -+ -+#ifndef _ASN1_GCC_ATTR_DEPRECATED -+#define _ASN1_GCC_ATTR_DEPRECATED -+#endif -+ -+/*****************************************/ -+/* Errors returned by libtasn1 functions */ -+/*****************************************/ -+#define ASN1_SUCCESS 0 -+#define ASN1_FILE_NOT_FOUND 1 -+#define ASN1_ELEMENT_NOT_FOUND 2 -+#define ASN1_IDENTIFIER_NOT_FOUND 3 -+#define ASN1_DER_ERROR 4 -+#define ASN1_VALUE_NOT_FOUND 5 -+#define ASN1_GENERIC_ERROR 6 -+#define ASN1_VALUE_NOT_VALID 7 -+#define ASN1_TAG_ERROR 8 -+#define ASN1_TAG_IMPLICIT 9 -+#define ASN1_ERROR_TYPE_ANY 10 -+#define ASN1_SYNTAX_ERROR 11 -+#define ASN1_MEM_ERROR 12 -+#define ASN1_MEM_ALLOC_ERROR 13 -+#define ASN1_DER_OVERFLOW 14 -+#define ASN1_NAME_TOO_LONG 15 -+#define ASN1_ARRAY_ERROR 16 -+#define ASN1_ELEMENT_NOT_EMPTY 17 -+#define ASN1_TIME_ENCODING_ERROR 18 -+#define ASN1_RECURSION 19 -+ -+/*************************************/ -+/* Constants used in asn1_visit_tree */ -+/*************************************/ -+#define ASN1_PRINT_NAME 1 -+#define ASN1_PRINT_NAME_TYPE 2 -+#define ASN1_PRINT_NAME_TYPE_VALUE 3 -+#define ASN1_PRINT_ALL 4 -+ -+/*****************************************/ -+/* Constants returned by asn1_read_tag */ -+/*****************************************/ -+#define ASN1_CLASS_UNIVERSAL 0x00 /* old: 1 */ -+#define ASN1_CLASS_APPLICATION 0x40 /* old: 2 */ -+#define ASN1_CLASS_CONTEXT_SPECIFIC 0x80 /* old: 3 */ -+#define ASN1_CLASS_PRIVATE 0xC0 /* old: 4 */ -+#define ASN1_CLASS_STRUCTURED 0x20 -+ -+/*****************************************/ -+/* Constants returned by asn1_read_tag */ -+/*****************************************/ -+#define ASN1_TAG_BOOLEAN 0x01 -+#define ASN1_TAG_INTEGER 0x02 -+#define ASN1_TAG_SEQUENCE 0x10 -+#define ASN1_TAG_SET 0x11 -+#define ASN1_TAG_OCTET_STRING 0x04 -+#define ASN1_TAG_BIT_STRING 0x03 -+#define ASN1_TAG_UTCTime 0x17 -+#define ASN1_TAG_GENERALIZEDTime 0x18 -+#define ASN1_TAG_OBJECT_ID 0x06 -+#define ASN1_TAG_ENUMERATED 0x0A -+#define ASN1_TAG_NULL 0x05 -+#define ASN1_TAG_GENERALSTRING 0x1B -+#define ASN1_TAG_NUMERIC_STRING 0x12 -+#define ASN1_TAG_IA5_STRING 0x16 -+#define ASN1_TAG_TELETEX_STRING 0x14 -+#define ASN1_TAG_PRINTABLE_STRING 0x13 -+#define ASN1_TAG_UNIVERSAL_STRING 0x1C -+#define ASN1_TAG_BMP_STRING 0x1E -+#define ASN1_TAG_UTF8_STRING 0x0C -+#define ASN1_TAG_VISIBLE_STRING 0x1A -+ -+/** -+ * asn1_node: -+ * -+ * Structure definition used for the node of the tree -+ * that represents an ASN.1 DEFINITION. -+ */ -+typedef struct asn1_node_st asn1_node_st; -+ -+typedef asn1_node_st *asn1_node; -+typedef const asn1_node_st *asn1_node_const; -+ -+/** -+ * ASN1_MAX_NAME_SIZE: -+ * -+ * Maximum number of characters of a name -+ * inside a file with ASN1 definitions. -+ */ -+#define ASN1_MAX_NAME_SIZE 64 -+ -+ -+/** -+ * asn1_static_node: -+ * @name: Node name -+ * @type: Node typ -+ * @value: Node value -+ * -+ * For the on-disk format of ASN.1 trees, created by asn1_parser2array(). -+ */ -+struct asn1_static_node_st -+{ -+ const char *name; /* Node name */ -+ unsigned int type; /* Node type */ -+ const void *value; /* Node value */ -+}; -+typedef struct asn1_static_node_st asn1_static_node; -+ -+/* List of constants for field type of node_asn */ -+#define ASN1_ETYPE_INVALID 0 -+#define ASN1_ETYPE_CONSTANT 1 -+#define ASN1_ETYPE_IDENTIFIER 2 -+#define ASN1_ETYPE_INTEGER 3 -+#define ASN1_ETYPE_BOOLEAN 4 -+#define ASN1_ETYPE_SEQUENCE 5 -+#define ASN1_ETYPE_BIT_STRING 6 -+#define ASN1_ETYPE_OCTET_STRING 7 -+#define ASN1_ETYPE_TAG 8 -+#define ASN1_ETYPE_DEFAULT 9 -+#define ASN1_ETYPE_SIZE 10 -+#define ASN1_ETYPE_SEQUENCE_OF 11 -+#define ASN1_ETYPE_OBJECT_ID 12 -+#define ASN1_ETYPE_ANY 13 -+#define ASN1_ETYPE_SET 14 -+#define ASN1_ETYPE_SET_OF 15 -+#define ASN1_ETYPE_DEFINITIONS 16 -+#define ASN1_ETYPE_CHOICE 18 -+#define ASN1_ETYPE_IMPORTS 19 -+#define ASN1_ETYPE_NULL 20 -+#define ASN1_ETYPE_ENUMERATED 21 -+#define ASN1_ETYPE_GENERALSTRING 27 -+#define ASN1_ETYPE_NUMERIC_STRING 28 -+#define ASN1_ETYPE_IA5_STRING 29 -+#define ASN1_ETYPE_TELETEX_STRING 30 -+#define ASN1_ETYPE_PRINTABLE_STRING 31 -+#define ASN1_ETYPE_UNIVERSAL_STRING 32 -+#define ASN1_ETYPE_BMP_STRING 33 -+#define ASN1_ETYPE_UTF8_STRING 34 -+#define ASN1_ETYPE_VISIBLE_STRING 35 -+#define ASN1_ETYPE_UTC_TIME 36 -+#define ASN1_ETYPE_GENERALIZED_TIME 37 -+ -+/** -+ * ASN1_DELETE_FLAG_ZEROIZE: -+ * -+ * Used by: asn1_delete_structure2() -+ * -+ * Zeroize values prior to deinitialization. -+ */ -+#define ASN1_DELETE_FLAG_ZEROIZE 1 -+ -+/** -+ * ASN1_DECODE_FLAG_ALLOW_PADDING: -+ * -+ * Used by: asn1_der_decoding2() -+ * -+ * This flag would allow arbitrary data past the DER data. -+ */ -+#define ASN1_DECODE_FLAG_ALLOW_PADDING 1 -+/** -+ * ASN1_DECODE_FLAG_STRICT_DER: -+ * -+ * Used by: asn1_der_decoding2() -+ * -+ * This flag would ensure that no BER decoding takes place. -+ */ -+#define ASN1_DECODE_FLAG_STRICT_DER (1<<1) -+/** -+ * ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME: -+ * -+ * Used by: asn1_der_decoding2() -+ * -+ * This flag will tolerate Time encoding errors when in strict DER. -+ */ -+#define ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME (1<<2) -+ -+ -+/** -+ * asn1_data_node_st: -+ * @name: Node name -+ * @value: Node value -+ * @value_len: Node value size -+ * @type: Node value type (ASN1_ETYPE_*) -+ * -+ * Data node inside a #asn1_node structure. -+ */ -+struct asn1_data_node_st -+{ -+ const char *name; /* Node name */ -+ const void *value; /* Node value */ -+ unsigned int value_len; /* Node value size */ -+ unsigned int type; /* Node value type (ASN1_ETYPE_*) */ -+}; -+typedef struct asn1_data_node_st asn1_data_node_st; -+ -+/***********************************/ -+/* Fixed constants */ -+/***********************************/ -+ -+/** -+ * ASN1_MAX_ERROR_DESCRIPTION_SIZE: -+ * -+ * Maximum number of characters -+ * of a description message -+ * (null character included). -+ */ -+#define ASN1_MAX_ERROR_DESCRIPTION_SIZE 128 -+ -+/***********************************/ -+/* Functions definitions */ -+/***********************************/ -+ -+extern ASN1_API int -+ asn1_parser2tree (const char *file, -+ asn1_node * definitions, char *error_desc); -+ -+extern ASN1_API int -+ asn1_parser2array (const char *inputFileName, -+ const char *outputFileName, -+ const char *vectorName, char *error_desc); -+ -+extern ASN1_API int -+ asn1_array2tree (const asn1_static_node * array, -+ asn1_node * definitions, char *errorDescription); -+ -+extern ASN1_API void -+ asn1_print_structure (FILE * out, asn1_node_const structure, -+ const char *name, int mode); -+ -+extern ASN1_API int -+ asn1_create_element (asn1_node_const definitions, -+ const char *source_name, asn1_node * element); -+ -+extern ASN1_API int asn1_delete_structure (asn1_node * structure); -+ -+extern ASN1_API int asn1_delete_structure2 (asn1_node * structure, unsigned int flags); -+ -+extern ASN1_API int -+ asn1_delete_element (asn1_node structure, const char *element_name); -+ -+extern ASN1_API int -+ asn1_write_value (asn1_node node_root, const char *name, -+ const void *ivalue, int len); -+ -+extern ASN1_API int -+ asn1_read_value (asn1_node_const root, const char *name, -+ void *ivalue, int *len); -+ -+extern ASN1_API int -+ asn1_read_value_type (asn1_node_const root, const char *name, -+ void *ivalue, int *len, unsigned int *etype); -+ -+extern ASN1_API int -+ asn1_read_node_value (asn1_node_const node, asn1_data_node_st * data); -+ -+extern ASN1_API int -+ asn1_number_of_elements (asn1_node_const element, const char *name, int *num); -+ -+extern ASN1_API int -+ asn1_der_coding (asn1_node_const element, const char *name, -+ void *ider, int *len, char *ErrorDescription); -+ -+extern ASN1_API int -+ asn1_der_decoding2 (asn1_node *element, const void *ider, -+ int *max_ider_len, unsigned int flags, -+ char *errorDescription); -+ -+extern ASN1_API int -+ asn1_der_decoding (asn1_node * element, const void *ider, -+ int ider_len, char *errorDescription); -+ -+/* Do not use. Use asn1_der_decoding() instead. */ -+extern ASN1_API int -+ asn1_der_decoding_element (asn1_node * structure, -+ const char *elementName, -+ const void *ider, int len, -+ char *errorDescription) _ASN1_GCC_ATTR_DEPRECATED; -+ -+extern ASN1_API int -+ asn1_der_decoding_startEnd (asn1_node element, -+ const void *ider, int ider_len, -+ const char *name_element, -+ int *start, int *end); -+ -+extern ASN1_API int -+ asn1_expand_any_defined_by (asn1_node_const definitions, asn1_node * element); -+ -+extern ASN1_API int -+ asn1_expand_octet_string (asn1_node_const definitions, -+ asn1_node * element, -+ const char *octetName, const char *objectName); -+ -+extern ASN1_API int -+ asn1_read_tag (asn1_node_const root, const char *name, -+ int *tagValue, int *classValue); -+ -+extern ASN1_API const char *asn1_find_structure_from_oid (asn1_node_const -+ definitions, -+ const char -+ *oidValue); -+ -+__LIBTASN1_PURE__ -+extern ASN1_API const char *asn1_check_version (const char *req_version); -+ -+__LIBTASN1_PURE__ -+extern ASN1_API const char *asn1_strerror (int error); -+ -+extern ASN1_API void asn1_perror (int error); -+ -+#define ASN1_MAX_TAG_SIZE 4 -+#define ASN1_MAX_LENGTH_SIZE 9 -+#define ASN1_MAX_TL_SIZE (ASN1_MAX_TAG_SIZE+ASN1_MAX_LENGTH_SIZE) -+extern ASN1_API long -+ asn1_get_length_der (const unsigned char *der, int der_len, int *len); -+ -+extern ASN1_API long -+ asn1_get_length_ber (const unsigned char *ber, int ber_len, int *len); -+ -+extern ASN1_API void -+ asn1_length_der (unsigned long int len, unsigned char *der, int *der_len); -+ -+/* Other utility functions. */ -+ -+extern ASN1_API -+ int asn1_decode_simple_der (unsigned int etype, const unsigned char *der, -+ unsigned int _der_len, -+ const unsigned char **str, -+ unsigned int *str_len); -+ -+extern ASN1_API -+ int asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, -+ unsigned int _der_len, -+ unsigned char **str, -+ unsigned int *str_len, -+ unsigned int *ber_len); -+ -+extern ASN1_API int -+ asn1_encode_simple_der (unsigned int etype, const unsigned char *str, -+ unsigned int str_len, unsigned char *tl, -+ unsigned int *tl_len); -+ -+extern ASN1_API asn1_node -+ asn1_find_node (asn1_node_const pointer, const char *name); -+ -+extern ASN1_API int -+ asn1_copy_node (asn1_node dst, const char *dst_name, -+ asn1_node_const src, const char *src_name); -+extern ASN1_API asn1_node -+ asn1_dup_node (asn1_node_const src, const char *src_name); -+ -+/* Internal and low-level DER utility functions. */ -+ -+extern ASN1_API int -+ asn1_get_tag_der (const unsigned char *der, int der_len, -+ unsigned char *cls, int *len, unsigned long *tag); -+ -+extern ASN1_API void -+ asn1_octet_der (const unsigned char *str, int str_len, -+ unsigned char *der, int *der_len); -+ -+extern ASN1_API int -+ asn1_get_octet_der (const unsigned char *der, int der_len, -+ int *ret_len, unsigned char *str, -+ int str_size, int *str_len); -+ -+extern ASN1_API void asn1_bit_der (const unsigned char *str, int bit_len, -+ unsigned char *der, int *der_len); -+ -+extern ASN1_API int -+ asn1_get_bit_der (const unsigned char *der, int der_len, -+ int *ret_len, unsigned char *str, -+ int str_size, int *bit_len); -+ -+extern ASN1_API int -+ asn1_get_object_id_der (const unsigned char *der, -+ int der_len, int *ret_len, -+ char *str, int str_size); -+ -+extern ASN1_API int -+ asn1_object_id_der (const char *str, unsigned char *der, int *der_len, -+ unsigned flags); -+ -+/* Compatibility types */ -+ -+/** -+ * asn1_retCode: -+ * -+ * Type formerly returned by libtasn1 functions. -+ * -+ * Deprecated: 3.0: Use int instead. -+ */ -+typedef int asn1_retCode; -+ -+/** -+ * node_asn_struct: -+ * -+ * Compat #define. -+ * -+ * Deprecated: 3.0: Use #asn1_node instead. -+ */ -+#define node_asn_struct asn1_node_st -+ -+/** -+ * node_asn: -+ * -+ * Compat #define. -+ * -+ * Deprecated: 3.0: Use #asn1_node instead. -+ */ -+#define node_asn asn1_node_st -+ -+/** -+ * ASN1_TYPE: -+ * -+ * Compat #define. -+ * -+ * Deprecated: 3.0: Use #asn1_node instead. -+ */ -+#define ASN1_TYPE asn1_node -+ -+/** -+ * ASN1_TYPE_EMPTY: -+ * -+ * Compat #define. -+ * -+ * Deprecated: 3.0: Use NULL instead. -+ */ -+#define ASN1_TYPE_EMPTY NULL -+ -+/** -+ * static_struct_asn: -+ * -+ * Compat #define. -+ * -+ * Deprecated: 3.0: Use #asn1_static_node instead. -+ */ -+#define static_struct_asn asn1_static_node_st -+ -+/** -+ * ASN1_ARRAY_TYPE: -+ * -+ * Compat #define. -+ * -+ * Deprecated: 3.0: Use #asn1_static_node instead. -+ */ -+#define ASN1_ARRAY_TYPE asn1_static_node -+ -+/** -+ * asn1_static_node_t: -+ * -+ * Compat #define. -+ * -+ * Deprecated: 3.0: Use #asn1_static_node instead. -+ */ -+#define asn1_static_node_t asn1_static_node -+ -+/** -+ * node_data_struct: -+ * -+ * Compat #define. -+ * -+ * Deprecated: 3.0: Use #asn1_data_node_st instead. -+ */ -+#define node_data_struct asn1_data_node_st -+ -+/** -+ * ASN1_DATA_NODE: -+ * -+ * Compat #define. -+ * -+ * Deprecated: 3.0: Use #asn1_data_node_st instead. -+ */ -+#define ASN1_DATA_NODE asn1_data_node_st -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* LIBTASN1_H */ -diff --git a/grub-core/lib/libtasn1/LICENSE b/grub-core/lib/libtasn1/LICENSE -new file mode 100644 -index 0000000000..e8b3628db9 ---- /dev/null -+++ b/grub-core/lib/libtasn1/LICENSE -@@ -0,0 +1,16 @@ -+LICENSING -+========= -+ -+The libtasn1 library is released under the GNU Lesser General Public -+License (LGPL) version 2.1 or later; see [COPYING.LESSER](doc/COPYING.LESSER) -+for the license terms. -+ -+The GNU LGPL applies to the main libtasn1 library, while the -+included applications library are under the GNU GPL version 3. -+The libtasn1 library is located in the lib directory, while the applications -+in src/. -+ -+The documentation in doc/ is under the GNU FDL license 1.3. -+ -+For any copyright year range specified as YYYY-ZZZZ in this package -+note that the range specifies every single year in that closed interval. -diff --git a/grub-core/lib/libtasn1/README.md b/grub-core/lib/libtasn1/README.md -new file mode 100644 -index 0000000000..50a8642296 ---- /dev/null -+++ b/grub-core/lib/libtasn1/README.md -@@ -0,0 +1,91 @@ -+|Branch|CI system|Status| -+|:----:|:-------:|-----:| -+|Master|Gitlab|[![build status](https://gitlab.com/gnutls/libtasn1/badges/master/pipeline.svg)](https://gitlab.com/gnutls/libtasn1/commits/master)[![coverage report](https://gitlab.com/gnutls/libtasn1/badges/master/coverage.svg)](https://gnutls.gitlab.io/libtasn1/coverage)| -+ -+# libtasn1 -+ -+This is GNU Libtasn1, a small ASN.1 library. -+ -+The C library (libtasn1.*) is licensed under the GNU Lesser General -+Public License version 2.1 or later. See the file COPYING.LIB. -+ -+The command line tool, self tests, examples, and other auxilliary -+files, are licensed under the GNU General Public License version 3.0 -+or later. See the file COPYING. -+ -+## Building the library -+ -+We require several tools to build the software, including: -+ -+* [Make](https://www.gnu.org/software/make/) -+* [Automake](https://www.gnu.org/software/automake/) (use 1.11.3 or later) -+* [Autoconf](https://www.gnu.org/software/autoconf/) -+* [Libtool](https://www.gnu.org/software/libtool/) -+* [Texinfo](https://www.gnu.org/software/texinfo/) -+* [help2man](http://www.gnu.org/software/help2man/) -+* [Tar](https://www.gnu.org/software/tar/) -+* [Gzip](https://www.gnu.org/software/gzip/) -+* [bison](https://www.gnu.org/software/bison/) -+* [Texlive & epsf](https://www.tug.org/texlive/) (for PDF manual) -+* [GTK-DOC](https://www.gtk.org/gtk-doc/) (for API manual) -+* [Git](https://git-scm.com/) -+* [libabigail](https://pagure.io/libabigail/) (for abi comparison in make dist) -+* [Valgrind](https://valgrind.org/) (optional) -+ -+The required software is typically distributed with your operating -+system, and the instructions for installing them differ. Here are -+some hints: -+ -+gNewSense/Debian/Ubuntu: -+``` -+sudo apt-get install make git-core autoconf automake libtool -+sudo apt-get install texinfo texlive texlive-generic-recommended texlive-extra-utils -+sudo apt-get install help2man gtk-doc-tools valgrind abigail-tools -+``` -+ -+The next step is to run autoreconf, ./configure, etc: -+ -+``` -+$ ./bootstrap -+``` -+ -+Then build the project normally: -+ -+``` -+$ make -+$ make check -+``` -+ -+Happy hacking! -+ -+ -+## Manual -+ -+The manual is in the `doc/` directory of the release. You can also browse -+the manual online at: -+ -+ - https://gnutls.gitlab.io/libtasn1/ -+ -+ -+## Code coverage report -+ -+The coverage report is at: -+ -+ - https://gnutls.gitlab.io/libtasn1/coverage -+ -+ -+## Issue trackers -+ -+ - [Main issue tracker](https://gitlab.com/gnutls/libtasn1/issues) -+ - [oss-fuzz found issues](https://bugs.chromium.org/p/oss-fuzz/issues/list?q=libtasn1&can=2) -+ -+ -+## Homepage -+ -+The project homepage at the gnu site is at: -+ -+http://www.gnu.org/software/libtasn1/ -+ -+ -+For any copyright year range specified as YYYY-ZZZZ in this package -+note that the range specifies every single year in that closed interval. diff --git a/SPECS/grub2/fedora/0166-libtasn1-disable-code-not-needed-in-grub.patch b/SPECS/grub2/fedora/0166-libtasn1-disable-code-not-needed-in-grub.patch deleted file mode 100644 index 84dcbf05ca..0000000000 --- a/SPECS/grub2/fedora/0166-libtasn1-disable-code-not-needed-in-grub.patch +++ /dev/null @@ -1,307 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Fri, 1 May 2020 17:12:23 +1000 -Subject: [PATCH] libtasn1: disable code not needed in grub - -We don't expect to be able to write ASN.1, only read it, -so we can disable some code. - -Do that with #if 0/#endif, rather than deletion. This means -that the difference between upstream and grub is smaller, -which should make updating libtasn1 easier in the future. - -With these exclusions we also avoid the need for minmax.h, -which is convenient because it means we don't have to -import it from gnulib. - -Signed-off-by: Daniel Axtens ---- - grub-core/lib/libtasn1/lib/coding.c | 12 ++++++++++-- - grub-core/lib/libtasn1/lib/decoding.c | 2 ++ - grub-core/lib/libtasn1/lib/element.c | 4 ++-- - grub-core/lib/libtasn1/lib/errors.c | 3 +++ - grub-core/lib/libtasn1/lib/structure.c | 10 ++++++---- - include/grub/libtasn1.h | 15 +++++++++++++++ - 6 files changed, 38 insertions(+), 8 deletions(-) - -diff --git a/grub-core/lib/libtasn1/lib/coding.c b/grub-core/lib/libtasn1/lib/coding.c -index 245ea64cf0..52def59836 100644 ---- a/grub-core/lib/libtasn1/lib/coding.c -+++ b/grub-core/lib/libtasn1/lib/coding.c -@@ -30,11 +30,11 @@ - #include "parser_aux.h" - #include - #include "element.h" --#include "minmax.h" - #include - - #define MAX_TAG_LEN 16 - -+#if 0 - /******************************************************/ - /* Function : _asn1_error_description_value_not_found */ - /* Description: creates the ErrorDescription string */ -@@ -58,6 +58,7 @@ _asn1_error_description_value_not_found (asn1_node node, - Estrcat (ErrorDescription, "' not found"); - - } -+#endif - - /** - * asn1_length_der: -@@ -244,6 +245,7 @@ asn1_encode_simple_der (unsigned int etype, const unsigned char *str, - return ASN1_SUCCESS; - } - -+#if 0 - /******************************************************/ - /* Function : _asn1_time_der */ - /* Description: creates the DER coding for a TIME */ -@@ -281,7 +283,7 @@ _asn1_time_der (unsigned char *str, int str_len, unsigned char *der, - - return ASN1_SUCCESS; - } -- -+#endif - - /* - void -@@ -520,6 +522,7 @@ asn1_bit_der (const unsigned char *str, int bit_len, - } - - -+#if 0 - /******************************************************/ - /* Function : _asn1_complete_explicit_tag */ - /* Description: add the length coding to the EXPLICIT */ -@@ -596,6 +599,7 @@ _asn1_complete_explicit_tag (asn1_node node, unsigned char *der, - - return ASN1_SUCCESS; - } -+#endif - - const tag_and_class_st _asn1_tags[] = { - [ASN1_ETYPE_GENERALSTRING] = -@@ -648,6 +652,8 @@ const tag_and_class_st _asn1_tags[] = { - - unsigned int _asn1_tags_size = sizeof (_asn1_tags) / sizeof (_asn1_tags[0]); - -+ -+#if 0 - /******************************************************/ - /* Function : _asn1_insert_tag_der */ - /* Description: creates the DER coding of tags of one */ -@@ -1413,3 +1419,5 @@ error: - asn1_delete_structure (&node); - return err; - } -+ -+#endif -\ No newline at end of file -diff --git a/grub-core/lib/libtasn1/lib/decoding.c b/grub-core/lib/libtasn1/lib/decoding.c -index ff04eb778c..42f9a92b5d 100644 ---- a/grub-core/lib/libtasn1/lib/decoding.c -+++ b/grub-core/lib/libtasn1/lib/decoding.c -@@ -1613,6 +1613,7 @@ asn1_der_decoding (asn1_node * element, const void *ider, int ider_len, - return asn1_der_decoding2 (element, ider, &ider_len, 0, errorDescription); - } - -+#if 0 - /** - * asn1_der_decoding_element: - * @structure: pointer to an ASN1 structure -@@ -1643,6 +1644,7 @@ asn1_der_decoding_element (asn1_node * structure, const char *elementName, - { - return asn1_der_decoding(structure, ider, len, errorDescription); - } -+#endif - - /** - * asn1_der_decoding_startEnd: -diff --git a/grub-core/lib/libtasn1/lib/element.c b/grub-core/lib/libtasn1/lib/element.c -index 997eb2725d..539008d8e9 100644 ---- a/grub-core/lib/libtasn1/lib/element.c -+++ b/grub-core/lib/libtasn1/lib/element.c -@@ -191,7 +191,7 @@ _asn1_append_sequence_set (asn1_node node, struct node_tail_cache_st *pcache) - return ASN1_SUCCESS; - } - -- -+#if 0 - /** - * asn1_write_value: - * @node_root: pointer to a structure -@@ -645,7 +645,7 @@ asn1_write_value (asn1_node node_root, const char *name, - - return ASN1_SUCCESS; - } -- -+#endif - - #define PUT_VALUE( ptr, ptr_size, data, data_size) \ - *len = data_size; \ -diff --git a/grub-core/lib/libtasn1/lib/errors.c b/grub-core/lib/libtasn1/lib/errors.c -index cee74daf79..42785e8622 100644 ---- a/grub-core/lib/libtasn1/lib/errors.c -+++ b/grub-core/lib/libtasn1/lib/errors.c -@@ -57,6 +57,8 @@ static const libtasn1_error_entry error_algorithms[] = { - {0, 0} - }; - -+ -+#if 0 - /** - * asn1_perror: - * @error: is an error returned by a libtasn1 function. -@@ -73,6 +75,7 @@ asn1_perror (int error) - const char *str = asn1_strerror (error); - fprintf (stderr, "LIBTASN1 ERROR: %s\n", str ? str : "(null)"); - } -+#endif - - /** - * asn1_strerror: -diff --git a/grub-core/lib/libtasn1/lib/structure.c b/grub-core/lib/libtasn1/lib/structure.c -index 8189c56a4c..fcfde01a39 100644 ---- a/grub-core/lib/libtasn1/lib/structure.c -+++ b/grub-core/lib/libtasn1/lib/structure.c -@@ -76,7 +76,7 @@ _asn1_find_left (asn1_node_const node) - return node->left; - } - -- -+#if 0 - int - _asn1_create_static_structure (asn1_node_const pointer, char *output_file_name, - char *vector_name) -@@ -155,7 +155,7 @@ _asn1_create_static_structure (asn1_node_const pointer, char *output_file_name, - - return ASN1_SUCCESS; - } -- -+#endif - - /** - * asn1_array2tree: -@@ -718,7 +718,7 @@ asn1_create_element (asn1_node_const definitions, const char *source_name, - return res; - } - -- -+#if 0 - /** - * asn1_print_structure: - * @out: pointer to the output file (e.g. stdout). -@@ -1058,7 +1058,7 @@ asn1_print_structure (FILE * out, asn1_node_const structure, const char *name, - } - } - } -- -+#endif - - - /** -@@ -1153,6 +1153,7 @@ asn1_find_structure_from_oid (asn1_node_const definitions, const char *oidValue) - return NULL; /* ASN1_ELEMENT_NOT_FOUND; */ - } - -+#if 0 - /** - * asn1_copy_node: - * @dst: Destination asn1 node. -@@ -1202,6 +1203,7 @@ asn1_copy_node (asn1_node dst, const char *dst_name, - - return result; - } -+#endif - - /** - * asn1_dup_node: -diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h -index 6fd7a30dc3..785eda2ae3 100644 ---- a/include/grub/libtasn1.h -+++ b/include/grub/libtasn1.h -@@ -319,6 +319,8 @@ typedef struct asn1_data_node_st asn1_data_node_st; - /* Functions definitions */ - /***********************************/ - -+/* These functions are not used in grub and should not be referenced. */ -+#if 0 - extern ASN1_API int - asn1_parser2tree (const char *file, - asn1_node * definitions, char *error_desc); -@@ -327,14 +329,17 @@ extern ASN1_API int - asn1_parser2array (const char *inputFileName, - const char *outputFileName, - const char *vectorName, char *error_desc); -+#endif - - extern ASN1_API int - asn1_array2tree (const asn1_static_node * array, - asn1_node * definitions, char *errorDescription); - -+#if 0 - extern ASN1_API void - asn1_print_structure (FILE * out, asn1_node_const structure, - const char *name, int mode); -+#endif - - extern ASN1_API int - asn1_create_element (asn1_node_const definitions, -@@ -347,9 +352,11 @@ extern ASN1_API int asn1_delete_structure2 (asn1_node * structure, unsigned int - extern ASN1_API int - asn1_delete_element (asn1_node structure, const char *element_name); - -+#if 0 - extern ASN1_API int - asn1_write_value (asn1_node node_root, const char *name, - const void *ivalue, int len); -+#endif - - extern ASN1_API int - asn1_read_value (asn1_node_const root, const char *name, -@@ -365,9 +372,11 @@ extern ASN1_API int - extern ASN1_API int - asn1_number_of_elements (asn1_node_const element, const char *name, int *num); - -+#if 0 - extern ASN1_API int - asn1_der_coding (asn1_node_const element, const char *name, - void *ider, int *len, char *ErrorDescription); -+#endif - - extern ASN1_API int - asn1_der_decoding2 (asn1_node *element, const void *ider, -@@ -378,12 +387,14 @@ extern ASN1_API int - asn1_der_decoding (asn1_node * element, const void *ider, - int ider_len, char *errorDescription); - -+#if 0 - /* Do not use. Use asn1_der_decoding() instead. */ - extern ASN1_API int - asn1_der_decoding_element (asn1_node * structure, - const char *elementName, - const void *ider, int len, - char *errorDescription) _ASN1_GCC_ATTR_DEPRECATED; -+#endif - - extern ASN1_API int - asn1_der_decoding_startEnd (asn1_node element, -@@ -408,13 +419,17 @@ extern ASN1_API const char *asn1_find_structure_from_oid (asn1_node_const - const char - *oidValue); - -+#if 0 - __LIBTASN1_PURE__ - extern ASN1_API const char *asn1_check_version (const char *req_version); -+#endif - - __LIBTASN1_PURE__ - extern ASN1_API const char *asn1_strerror (int error); - -+#if 0 - extern ASN1_API void asn1_perror (int error); -+#endif - - #define ASN1_MAX_TAG_SIZE 4 - #define ASN1_MAX_LENGTH_SIZE 9 diff --git a/SPECS/grub2/fedora/0167-libtasn1-changes-for-grub-compatibility.patch b/SPECS/grub2/fedora/0167-libtasn1-changes-for-grub-compatibility.patch deleted file mode 100644 index 7c756bd430..0000000000 --- a/SPECS/grub2/fedora/0167-libtasn1-changes-for-grub-compatibility.patch +++ /dev/null @@ -1,202 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Fri, 1 May 2020 20:44:29 +1000 -Subject: [PATCH] libtasn1: changes for grub compatibility - -Do a few things to make libtasn1 compile as part of grub: - - - replace strcat. grub removed strcat so replace it with the appropriate - calls to memcpy and strlen. - - - replace c_isdigit with grub_isdigit (and don't import c-ctype from - gnulib) grub_isdigit provides the same functionality as c_isdigit: it - determines if the input is an ASCII digit without regard for locale. - - - replace GL_ATTRIBUTE_PURE with __attribute__((pure)) which been - supported since gcc-2.96. This avoids messing around with gnulib. - - - adjust libtasn1.h: drop the ASN1_API logic, it's not needed for our - modules. Unconditionally support const and pure attributes and adjust - header paths. - - - adjust header paths to "grub/libtasn1.h". - - - replace a 64 bit division with a call to grub_divmod64, preventing - creation of __udivdi3 calls on 32 bit platforms. - -Signed-off-by: Daniel Axtens ---- - grub-core/lib/libtasn1/lib/decoding.c | 11 ++++++----- - grub-core/lib/libtasn1/lib/element.c | 3 ++- - grub-core/lib/libtasn1/lib/gstr.c | 4 ++-- - grub-core/lib/libtasn1/lib/parser_aux.c | 7 ++++--- - grub-core/lib/libtasn1/lib/int.h | 4 ++-- - include/grub/libtasn1.h | 26 ++++++-------------------- - 6 files changed, 22 insertions(+), 33 deletions(-) - -diff --git a/grub-core/lib/libtasn1/lib/decoding.c b/grub-core/lib/libtasn1/lib/decoding.c -index 42f9a92b5d..7856858b27 100644 ---- a/grub-core/lib/libtasn1/lib/decoding.c -+++ b/grub-core/lib/libtasn1/lib/decoding.c -@@ -32,7 +32,8 @@ - #include - #include - #include --#include -+ -+#define c_isdigit grub_isdigit - - #ifdef DEBUG - # define warn() fprintf(stderr, "%s: %d\n", __func__, __LINE__) -@@ -2008,8 +2009,8 @@ asn1_expand_octet_string (asn1_node_const definitions, asn1_node * element, - (p2->type & CONST_ASSIGN)) - { - strcpy (name, definitions->name); -- strcat (name, "."); -- strcat (name, p2->name); -+ memcpy (name + strlen(name), ".", sizeof(" . ")); -+ memcpy (name + strlen(name), p2->name, strlen(p2->name) + 1); - - len = sizeof (value); - result = asn1_read_value (definitions, name, value, &len); -@@ -2026,8 +2027,8 @@ asn1_expand_octet_string (asn1_node_const definitions, asn1_node * element, - if (p2) - { - strcpy (name, definitions->name); -- strcat (name, "."); -- strcat (name, p2->name); -+ memcpy (name + strlen(name), ".", sizeof(" . ")); -+ memcpy (name + strlen(name), p2->name, strlen(p2->name) + 1); - - result = asn1_create_element (definitions, name, &aux); - if (result == ASN1_SUCCESS) -diff --git a/grub-core/lib/libtasn1/lib/element.c b/grub-core/lib/libtasn1/lib/element.c -index 539008d8e9..ed761ff56b 100644 ---- a/grub-core/lib/libtasn1/lib/element.c -+++ b/grub-core/lib/libtasn1/lib/element.c -@@ -30,9 +30,10 @@ - #include "parser_aux.h" - #include - #include "structure.h" --#include "c-ctype.h" - #include "element.h" - -+#define c_isdigit grub_isdigit -+ - void - _asn1_hierarchical_name (asn1_node_const node, char *name, int name_size) - { -diff --git a/grub-core/lib/libtasn1/lib/gstr.c b/grub-core/lib/libtasn1/lib/gstr.c -index e91a3a151c..e33875c2c7 100644 ---- a/grub-core/lib/libtasn1/lib/gstr.c -+++ b/grub-core/lib/libtasn1/lib/gstr.c -@@ -36,13 +36,13 @@ _asn1_str_cat (char *dest, size_t dest_tot_size, const char *src) - - if (dest_tot_size - dest_size > str_size) - { -- strcat (dest, src); -+ memcpy (dest + dest_size, src, str_size + 1); - } - else - { - if (dest_tot_size - dest_size > 0) - { -- strncat (dest, src, (dest_tot_size - dest_size) - 1); -+ memcpy (dest + dest_size, src, (dest_tot_size - dest_size) - 1); - dest[dest_tot_size - 1] = 0; - } - } -diff --git a/grub-core/lib/libtasn1/lib/parser_aux.c b/grub-core/lib/libtasn1/lib/parser_aux.c -index d5dbbf8765..89c9be69dc 100644 ---- a/grub-core/lib/libtasn1/lib/parser_aux.c -+++ b/grub-core/lib/libtasn1/lib/parser_aux.c -@@ -26,7 +26,8 @@ - #include "gstr.h" - #include "structure.h" - #include "element.h" --#include "c-ctype.h" -+ -+#define c_isdigit grub_isdigit - - char _asn1_identifierMissing[ASN1_MAX_NAME_SIZE + 1]; /* identifier name not found */ - -@@ -40,7 +41,7 @@ char _asn1_identifierMissing[ASN1_MAX_NAME_SIZE + 1]; /* identifier name not fou - #ifdef __clang__ - __attribute__((no_sanitize("integer"))) - #endif --_GL_ATTRIBUTE_PURE -+__attribute__((__pure__)) - static unsigned int - _asn1_hash_name (const char *x) - { -@@ -634,7 +635,7 @@ _asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE]) - count = 0; - do - { -- d = val / 10; -+ d = grub_divmod64(val, 10, NULL); - r = val - d * 10; - temp[start + count] = '0' + (char) r; - count++; -diff --git a/grub-core/lib/libtasn1/lib/int.h b/grub-core/lib/libtasn1/lib/int.h -index ea1625786c..4a568efee9 100644 ---- a/grub-core/lib/libtasn1/lib/int.h -+++ b/grub-core/lib/libtasn1/lib/int.h -@@ -35,7 +35,7 @@ - #include - #endif - --#include -+#include "grub/libtasn1.h" - - #define ASN1_SMALL_VALUE_SIZE 16 - -@@ -115,7 +115,7 @@ extern const tag_and_class_st _asn1_tags[]; - #define _asn1_strtoul(n,e,b) strtoul((const char *) n, e, b) - #define _asn1_strcmp(a,b) strcmp((const char *)a, (const char *)b) - #define _asn1_strcpy(a,b) strcpy((char *)a, (const char *)b) --#define _asn1_strcat(a,b) strcat((char *)a, (const char *)b) -+#define _asn1_strcat(a,b) memcpy((char *)a + strlen((const char *)a), (const char *)b, strlen((const char *)b) + 1) - - #if SIZEOF_UNSIGNED_LONG_INT == 8 - # define _asn1_strtou64(n,e,b) strtoul((const char *) n, e, b) -diff --git a/include/grub/libtasn1.h b/include/grub/libtasn1.h -index 785eda2ae3..28dbf16c4e 100644 ---- a/include/grub/libtasn1.h -+++ b/include/grub/libtasn1.h -@@ -38,29 +38,15 @@ - #ifndef LIBTASN1_H - #define LIBTASN1_H - --#ifndef ASN1_API --#if defined ASN1_BUILDING && defined HAVE_VISIBILITY && HAVE_VISIBILITY --#define ASN1_API __attribute__((__visibility__("default"))) --#elif defined ASN1_BUILDING && defined _MSC_VER && ! defined ASN1_STATIC --#define ASN1_API __declspec(dllexport) --#elif defined _MSC_VER && ! defined ASN1_STATIC --#define ASN1_API __declspec(dllimport) --#else -+/* grub: ASN1_API is not used */ - #define ASN1_API --#endif --#endif - --#ifdef __GNUC__ --# define __LIBTASN1_CONST__ __attribute__((const)) --# define __LIBTASN1_PURE__ __attribute__((pure)) --#else --# define __LIBTASN1_CONST__ --# define __LIBTASN1_PURE__ --#endif -+/* grub: all our supported compilers support these attributes */ -+#define __LIBTASN1_CONST__ __attribute__((const)) -+#define __LIBTASN1_PURE__ __attribute__((pure)) - --#include --#include --#include /* for FILE* */ -+#include -+#include - - #ifdef __cplusplus - extern "C" diff --git a/SPECS/grub2/fedora/0168-libtasn1-compile-into-asn1-module.patch b/SPECS/grub2/fedora/0168-libtasn1-compile-into-asn1-module.patch deleted file mode 100644 index b5574036eb..0000000000 --- a/SPECS/grub2/fedora/0168-libtasn1-compile-into-asn1-module.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Fri, 5 Jun 2020 17:47:25 +1000 -Subject: [PATCH] libtasn1: compile into asn1 module - -Create a wrapper file that specifies the module license. -Set up the makefile so it is built. - -Signed-off-by: Daniel Axtens ---- - grub-core/Makefile.core.def | 15 +++++++++++++++ - grub-core/lib/libtasn1_wrap/wrap.c | 26 ++++++++++++++++++++++++++ - 2 files changed, 41 insertions(+) - create mode 100644 grub-core/lib/libtasn1_wrap/wrap.c - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 97347ae76f..21d2c54185 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -2576,3 +2576,18 @@ module = { - common = commands/i386/wrmsr.c; - enable = x86; - }; -+ -+module = { -+ name = asn1; -+ common = lib/libtasn1/lib/decoding.c; -+ common = lib/libtasn1/lib/coding.c; -+ common = lib/libtasn1/lib/element.c; -+ common = lib/libtasn1/lib/structure.c; -+ common = lib/libtasn1/lib/parser_aux.c; -+ common = lib/libtasn1/lib/gstr.c; -+ common = lib/libtasn1/lib/errors.c; -+ common = lib/libtasn1_wrap/wrap.c; -+ cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)'; -+ // -Wno-type-limits comes from libtasn1's configure.ac -+ cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/libtasn1/lib -Wno-type-limits'; -+}; -diff --git a/grub-core/lib/libtasn1_wrap/wrap.c b/grub-core/lib/libtasn1_wrap/wrap.c -new file mode 100644 -index 0000000000..622ba942e3 ---- /dev/null -+++ b/grub-core/lib/libtasn1_wrap/wrap.c -@@ -0,0 +1,26 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2020 IBM Corporation -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+ -+/* -+ * libtasn1 is provided under LGPL2.1+, which is compatible -+ * with GPL3+. As Grub as a whole is under GPL3+, this module -+ * is therefore under GPL3+ also. -+ */ -+GRUB_MOD_LICENSE ("GPLv3+"); diff --git a/SPECS/grub2/fedora/0170-grub-install-support-embedding-x509-certificates.patch b/SPECS/grub2/fedora/0170-grub-install-support-embedding-x509-certificates.patch deleted file mode 100644 index c4c35f4b6d..0000000000 --- a/SPECS/grub2/fedora/0170-grub-install-support-embedding-x509-certificates.patch +++ /dev/null @@ -1,253 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Alastair D'Silva -Date: Mon, 6 Jul 2020 13:33:04 +1000 -Subject: [PATCH] grub-install: support embedding x509 certificates - -To support verification of appended signatures, we need a way to -embed the necessary public keys. Existing appended signature schemes -in the Linux kernel use X.509 certificates, so allow certificates to -be embedded in the grub core image in the same way as PGP keys. - -Signed-off-by: Alastair D'Silva -Signed-off-by: Daniel Axtens ---- - grub-core/commands/pgp.c | 2 +- - util/grub-install-common.c | 23 ++++++++++++++++++++++- - util/grub-mkimage.c | 15 +++++++++++++-- - util/mkimage.c | 38 ++++++++++++++++++++++++++++++++++++-- - include/grub/kernel.h | 4 +++- - include/grub/util/install.h | 7 +++++-- - 6 files changed, 80 insertions(+), 9 deletions(-) - -diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c -index 355a43844a..b81ac0ae46 100644 ---- a/grub-core/commands/pgp.c -+++ b/grub-core/commands/pgp.c -@@ -944,7 +944,7 @@ GRUB_MOD_INIT(pgp) - grub_memset (&pseudo_file, 0, sizeof (pseudo_file)); - - /* Not an ELF module, skip. */ -- if (header->type != OBJ_TYPE_PUBKEY) -+ if (header->type != OBJ_TYPE_GPG_PUBKEY) - continue; - - pseudo_file.fs = &pseudo_fs; -diff --git a/util/grub-install-common.c b/util/grub-install-common.c -index a74fee16e2..c603f5b308 100644 ---- a/util/grub-install-common.c -+++ b/util/grub-install-common.c -@@ -460,6 +460,8 @@ static char **pubkeys; - static size_t npubkeys; - static char *sbat; - static int disable_shim_lock; -+static char **x509keys; -+static size_t nx509keys; - static grub_compression_t compression; - static size_t appsig_size; - -@@ -501,6 +503,12 @@ grub_install_parse (int key, char *arg) - case GRUB_INSTALL_OPTIONS_DISABLE_SHIM_LOCK: - disable_shim_lock = 1; - return 1; -+ case 'x': -+ x509keys = xrealloc (x509keys, -+ sizeof (x509keys[0]) -+ * (nx509keys + 1)); -+ x509keys[nx509keys++] = xstrdup (arg); -+ return 1; - - case GRUB_INSTALL_OPTIONS_VERBOSITY: - verbosity++; -@@ -627,6 +635,9 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, - for (pk = pubkeys; pk < pubkeys + npubkeys; pk++) - slen += 20 + grub_strlen (*pk); - -+ for (pk = x509keys; pk < x509keys + nx509keys; pk++) -+ slen += 10 + grub_strlen (*pk); -+ - for (md = modules.entries; *md; md++) - { - slen += 10 + grub_strlen (*md); -@@ -655,6 +666,14 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, - *p++ = ' '; - } - -+ for (pk = x509keys; pk < x509keys + nx509keys; pk++) -+ { -+ p = grub_stpcpy (p, "--x509 '"); -+ p = grub_stpcpy (p, *pk); -+ *p++ = '\''; -+ *p++ = ' '; -+ } -+ - for (md = modules.entries; *md; md++) - { - *p++ = '\''; -@@ -684,7 +703,9 @@ grub_install_make_image_wrap_file (const char *dir, const char *prefix, - - grub_install_generate_image (dir, prefix, fp, outname, - modules.entries, memdisk_path, -- pubkeys, npubkeys, config_path, tgt, -+ pubkeys, npubkeys, -+ x509keys, nx509keys, -+ config_path, tgt, - note, appsig_size, compression, dtb, sbat, - disable_shim_lock); - while (dc--) -diff --git a/util/grub-mkimage.c b/util/grub-mkimage.c -index 8a53310548..e1f1112784 100644 ---- a/util/grub-mkimage.c -+++ b/util/grub-mkimage.c -@@ -75,7 +75,8 @@ static struct argp_option options[] = { - /* TRANSLATORS: "embed" is a verb (command description). "*/ - {"config", 'c', N_("FILE"), 0, N_("embed FILE as an early config"), 0}, - /* TRANSLATORS: "embed" is a verb (command description). "*/ -- {"pubkey", 'k', N_("FILE"), 0, N_("embed FILE as public key for signature checking"), 0}, -+ {"pubkey", 'k', N_("FILE"), 0, N_("embed FILE as public key for PGP signature checking"), 0}, -+ {"x509", 'x', N_("FILE"), 0, N_("embed FILE as an x509 certificate for appended signature checking"), 0}, - /* TRANSLATORS: NOTE is a name of segment. */ - {"note", 'n', 0, 0, N_("add NOTE segment for CHRP IEEE1275"), 0}, - {"output", 'o', N_("FILE"), 0, N_("output a generated image to FILE [default=stdout]"), 0}, -@@ -124,6 +125,8 @@ struct arguments - char *dtb; - char **pubkeys; - size_t npubkeys; -+ char **x509keys; -+ size_t nx509keys; - char *font; - char *config; - char *sbat; -@@ -206,6 +209,13 @@ argp_parser (int key, char *arg, struct argp_state *state) - arguments->pubkeys[arguments->npubkeys++] = xstrdup (arg); - break; - -+ case 'x': -+ arguments->x509keys = xrealloc (arguments->x509keys, -+ sizeof (arguments->x509keys[0]) -+ * (arguments->nx509keys + 1)); -+ arguments->x509keys[arguments->nx509keys++] = xstrdup (arg); -+ break; -+ - case 'c': - if (arguments->config) - free (arguments->config); -@@ -332,7 +342,8 @@ main (int argc, char *argv[]) - grub_install_generate_image (arguments.dir, arguments.prefix, fp, - arguments.output, arguments.modules, - arguments.memdisk, arguments.pubkeys, -- arguments.npubkeys, arguments.config, -+ arguments.npubkeys, arguments.x509keys, -+ arguments.nx509keys, arguments.config, - arguments.image_target, arguments.note, - arguments.appsig_size, arguments.comp, - arguments.dtb, arguments.sbat, -diff --git a/util/mkimage.c b/util/mkimage.c -index bab1227601..8319e8dfbd 100644 ---- a/util/mkimage.c -+++ b/util/mkimage.c -@@ -867,7 +867,8 @@ void - grub_install_generate_image (const char *dir, const char *prefix, - FILE *out, const char *outname, char *mods[], - char *memdisk_path, char **pubkey_paths, -- size_t npubkeys, char *config_path, -+ size_t npubkeys, char **x509key_paths, -+ size_t nx509keys, char *config_path, - const struct grub_install_image_target_desc *image_target, - int note, size_t appsig_size, grub_compression_t comp, - const char *dtb_path, const char *sbat_path, -@@ -913,6 +914,19 @@ grub_install_generate_image (const char *dir, const char *prefix, - } - } - -+ { -+ size_t i; -+ for (i = 0; i < nx509keys; i++) -+ { -+ size_t curs; -+ curs = ALIGN_ADDR (grub_util_get_image_size (x509key_paths[i])); -+ grub_util_info ("the size of x509 public key %u is 0x%" -+ GRUB_HOST_PRIxLONG_LONG, -+ (unsigned) i, (unsigned long long) curs); -+ total_module_size += curs + sizeof (struct grub_module_header); -+ } -+ } -+ - if (memdisk_path) - { - memdisk_size = ALIGN_UP(grub_util_get_image_size (memdisk_path), 512); -@@ -1034,7 +1048,7 @@ grub_install_generate_image (const char *dir, const char *prefix, - curs = grub_util_get_image_size (pubkey_paths[i]); - - header = (struct grub_module_header *) (kernel_img + offset); -- header->type = grub_host_to_target32 (OBJ_TYPE_PUBKEY); -+ header->type = grub_host_to_target32 (OBJ_TYPE_GPG_PUBKEY); - header->size = grub_host_to_target32 (curs + sizeof (*header)); - offset += sizeof (*header); - -@@ -1043,6 +1057,26 @@ grub_install_generate_image (const char *dir, const char *prefix, - } - } - -+ { -+ size_t i; -+ for (i = 0; i < nx509keys; i++) -+ { -+ size_t curs; -+ struct grub_module_header *header; -+ -+ curs = grub_util_get_image_size (x509key_paths[i]); -+ -+ header = (struct grub_module_header *) (kernel_img + offset); -+ header->type = grub_host_to_target32 (OBJ_TYPE_X509_PUBKEY); -+ header->size = grub_host_to_target32 (curs + sizeof (*header)); -+ offset += sizeof (*header); -+ -+ grub_util_load_image (x509key_paths[i], kernel_img + offset); -+ offset += ALIGN_ADDR (curs); -+ } -+ } -+ -+ - if (memdisk_path) - { - struct grub_module_header *header; -diff --git a/include/grub/kernel.h b/include/grub/kernel.h -index 55849777ea..98edc0863f 100644 ---- a/include/grub/kernel.h -+++ b/include/grub/kernel.h -@@ -30,7 +30,9 @@ enum - OBJ_TYPE_PREFIX, - OBJ_TYPE_PUBKEY, - OBJ_TYPE_DTB, -- OBJ_TYPE_DISABLE_SHIM_LOCK -+ OBJ_TYPE_DISABLE_SHIM_LOCK, -+ OBJ_TYPE_GPG_PUBKEY, -+ OBJ_TYPE_X509_PUBKEY, - }; - - /* The module header. */ -diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index cf4531e02b..51f3b13ac1 100644 ---- a/include/grub/util/install.h -+++ b/include/grub/util/install.h -@@ -67,6 +67,8 @@ - N_("SBAT metadata"), 0 }, \ - { "disable-shim-lock", GRUB_INSTALL_OPTIONS_DISABLE_SHIM_LOCK, 0, 0, \ - N_("disable shim_lock verifier"), 0 }, \ -+ { "x509key", 'x', N_("FILE"), 0, \ -+ N_("embed FILE as an x509 certificate for signature checking"), 0}, \ - { "appended-signature-size", GRUB_INSTALL_OPTIONS_APPENDED_SIGNATURE_SIZE,\ - "SIZE", 0, N_("Add a note segment reserving SIZE bytes for an appended signature"), \ - 1}, \ -@@ -188,8 +190,9 @@ void - grub_install_generate_image (const char *dir, const char *prefix, - FILE *out, - const char *outname, char *mods[], -- char *memdisk_path, char **pubkey_paths, -- size_t npubkeys, -+ char *memdisk_path, -+ char **pubkey_paths, size_t npubkeys, -+ char **x509key_paths, size_t nx509keys, - char *config_path, - const struct grub_install_image_target_desc *image_target, - int note, size_t appsig_size, diff --git a/SPECS/grub2/fedora/0171-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch b/SPECS/grub2/fedora/0171-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch deleted file mode 100644 index 0ebc6c7690..0000000000 --- a/SPECS/grub2/fedora/0171-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch +++ /dev/null @@ -1,639 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Thu, 30 Jul 2020 01:35:10 +1000 -Subject: [PATCH] appended signatures: import GNUTLS's ASN.1 description files - -In order to parse PKCS#7 messages and X.509 certificates with libtasn1, -we need some information about how they are encoded. - -We get these from GNUTLS, which has the benefit that they support the -features we need and are well tested. - -The GNUTLS license is LGPLv2.1+, which is GPLv3 compatible, allowing -us to import it without issue. - -Signed-off-by: Daniel Axtens ---- - grub-core/commands/appendedsig/gnutls_asn1_tab.c | 121 ++++++ - grub-core/commands/appendedsig/pkix_asn1_tab.c | 484 +++++++++++++++++++++++ - 2 files changed, 605 insertions(+) - create mode 100644 grub-core/commands/appendedsig/gnutls_asn1_tab.c - create mode 100644 grub-core/commands/appendedsig/pkix_asn1_tab.c - -diff --git a/grub-core/commands/appendedsig/gnutls_asn1_tab.c b/grub-core/commands/appendedsig/gnutls_asn1_tab.c -new file mode 100644 -index 0000000000..ddd1314e63 ---- /dev/null -+++ b/grub-core/commands/appendedsig/gnutls_asn1_tab.c -@@ -0,0 +1,121 @@ -+#include -+#include -+ -+const asn1_static_node gnutls_asn1_tab[] = { -+ { "GNUTLS", 536872976, NULL }, -+ { NULL, 1073741836, NULL }, -+ { "RSAPublicKey", 1610612741, NULL }, -+ { "modulus", 1073741827, NULL }, -+ { "publicExponent", 3, NULL }, -+ { "RSAPrivateKey", 1610612741, NULL }, -+ { "version", 1073741827, NULL }, -+ { "modulus", 1073741827, NULL }, -+ { "publicExponent", 1073741827, NULL }, -+ { "privateExponent", 1073741827, NULL }, -+ { "prime1", 1073741827, NULL }, -+ { "prime2", 1073741827, NULL }, -+ { "exponent1", 1073741827, NULL }, -+ { "exponent2", 1073741827, NULL }, -+ { "coefficient", 1073741827, NULL }, -+ { "otherPrimeInfos", 16386, "OtherPrimeInfos"}, -+ { "ProvableSeed", 1610612741, NULL }, -+ { "algorithm", 1073741836, NULL }, -+ { "seed", 7, NULL }, -+ { "OtherPrimeInfos", 1612709899, NULL }, -+ { "MAX", 1074266122, "1"}, -+ { NULL, 2, "OtherPrimeInfo"}, -+ { "OtherPrimeInfo", 1610612741, NULL }, -+ { "prime", 1073741827, NULL }, -+ { "exponent", 1073741827, NULL }, -+ { "coefficient", 3, NULL }, -+ { "AlgorithmIdentifier", 1610612741, NULL }, -+ { "algorithm", 1073741836, NULL }, -+ { "parameters", 541081613, NULL }, -+ { "algorithm", 1, NULL }, -+ { "DigestInfo", 1610612741, NULL }, -+ { "digestAlgorithm", 1073741826, "DigestAlgorithmIdentifier"}, -+ { "digest", 7, NULL }, -+ { "DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, -+ { "DSAPublicKey", 1073741827, NULL }, -+ { "DSAParameters", 1610612741, NULL }, -+ { "p", 1073741827, NULL }, -+ { "q", 1073741827, NULL }, -+ { "g", 3, NULL }, -+ { "DSASignatureValue", 1610612741, NULL }, -+ { "r", 1073741827, NULL }, -+ { "s", 3, NULL }, -+ { "DSAPrivateKey", 1610612741, NULL }, -+ { "version", 1073741827, NULL }, -+ { "p", 1073741827, NULL }, -+ { "q", 1073741827, NULL }, -+ { "g", 1073741827, NULL }, -+ { "Y", 1073741827, NULL }, -+ { "priv", 3, NULL }, -+ { "DHParameter", 1610612741, NULL }, -+ { "prime", 1073741827, NULL }, -+ { "base", 1073741827, NULL }, -+ { "privateValueLength", 16387, NULL }, -+ { "ECParameters", 1610612754, NULL }, -+ { "namedCurve", 12, NULL }, -+ { "ECPrivateKey", 1610612741, NULL }, -+ { "Version", 1073741827, NULL }, -+ { "privateKey", 1073741831, NULL }, -+ { "parameters", 1610637314, "ECParameters"}, -+ { NULL, 2056, "0"}, -+ { "publicKey", 536895494, NULL }, -+ { NULL, 2056, "1"}, -+ { "PrincipalName", 1610612741, NULL }, -+ { "name-type", 1610620931, NULL }, -+ { NULL, 2056, "0"}, -+ { "name-string", 536879115, NULL }, -+ { NULL, 1073743880, "1"}, -+ { NULL, 27, NULL }, -+ { "KRB5PrincipalName", 1610612741, NULL }, -+ { "realm", 1610620955, NULL }, -+ { NULL, 2056, "0"}, -+ { "principalName", 536879106, "PrincipalName"}, -+ { NULL, 2056, "1"}, -+ { "RSAPSSParameters", 1610612741, NULL }, -+ { "hashAlgorithm", 1610637314, "AlgorithmIdentifier"}, -+ { NULL, 2056, "0"}, -+ { "maskGenAlgorithm", 1610637314, "AlgorithmIdentifier"}, -+ { NULL, 2056, "1"}, -+ { "saltLength", 1610653699, NULL }, -+ { NULL, 1073741833, "20"}, -+ { NULL, 2056, "2"}, -+ { "trailerField", 536911875, NULL }, -+ { NULL, 1073741833, "1"}, -+ { NULL, 2056, "3"}, -+ { "GOSTParameters", 1610612741, NULL }, -+ { "publicKeyParamSet", 1073741836, NULL }, -+ { "digestParamSet", 16396, NULL }, -+ { "GOSTParametersOld", 1610612741, NULL }, -+ { "publicKeyParamSet", 1073741836, NULL }, -+ { "digestParamSet", 1073741836, NULL }, -+ { "encryptionParamSet", 16396, NULL }, -+ { "GOSTPrivateKey", 1073741831, NULL }, -+ { "GOSTPrivateKeyOld", 1073741827, NULL }, -+ { "IssuerSignTool", 1610612741, NULL }, -+ { "signTool", 1073741858, NULL }, -+ { "cATool", 1073741858, NULL }, -+ { "signToolCert", 1073741858, NULL }, -+ { "cAToolCert", 34, NULL }, -+ { "Gost28147-89-EncryptedKey", 1610612741, NULL }, -+ { "encryptedKey", 1073741831, NULL }, -+ { "maskKey", 1610637319, NULL }, -+ { NULL, 4104, "0"}, -+ { "macKey", 7, NULL }, -+ { "SubjectPublicKeyInfo", 1610612741, NULL }, -+ { "algorithm", 1073741826, "AlgorithmIdentifier"}, -+ { "subjectPublicKey", 6, NULL }, -+ { "GostR3410-TransportParameters", 1610612741, NULL }, -+ { "encryptionParamSet", 1073741836, NULL }, -+ { "ephemeralPublicKey", 1610637314, "SubjectPublicKeyInfo"}, -+ { NULL, 4104, "0"}, -+ { "ukm", 7, NULL }, -+ { "GostR3410-KeyTransport", 536870917, NULL }, -+ { "sessionEncryptedKey", 1073741826, "Gost28147-89-EncryptedKey"}, -+ { "transportParameters", 536895490, "GostR3410-TransportParameters"}, -+ { NULL, 4104, "0"}, -+ { NULL, 0, NULL } -+}; -diff --git a/grub-core/commands/appendedsig/pkix_asn1_tab.c b/grub-core/commands/appendedsig/pkix_asn1_tab.c -new file mode 100644 -index 0000000000..adef69d95c ---- /dev/null -+++ b/grub-core/commands/appendedsig/pkix_asn1_tab.c -@@ -0,0 +1,484 @@ -+#include -+#include -+ -+const asn1_static_node pkix_asn1_tab[] = { -+ { "PKIX1", 536875024, NULL }, -+ { NULL, 1073741836, NULL }, -+ { "PrivateKeyUsagePeriod", 1610612741, NULL }, -+ { "notBefore", 1610637349, NULL }, -+ { NULL, 4104, "0"}, -+ { "notAfter", 536895525, NULL }, -+ { NULL, 4104, "1"}, -+ { "AuthorityKeyIdentifier", 1610612741, NULL }, -+ { "keyIdentifier", 1610637319, NULL }, -+ { NULL, 4104, "0"}, -+ { "authorityCertIssuer", 1610637314, "GeneralNames"}, -+ { NULL, 4104, "1"}, -+ { "authorityCertSerialNumber", 536895490, "CertificateSerialNumber"}, -+ { NULL, 4104, "2"}, -+ { "SubjectKeyIdentifier", 1073741831, NULL }, -+ { "KeyUsage", 1073741830, NULL }, -+ { "DirectoryString", 1610612754, NULL }, -+ { "teletexString", 1612709918, NULL }, -+ { "MAX", 524298, "1"}, -+ { "printableString", 1612709919, NULL }, -+ { "MAX", 524298, "1"}, -+ { "universalString", 1612709920, NULL }, -+ { "MAX", 524298, "1"}, -+ { "utf8String", 1612709922, NULL }, -+ { "MAX", 524298, "1"}, -+ { "bmpString", 1612709921, NULL }, -+ { "MAX", 524298, "1"}, -+ { "ia5String", 538968093, NULL }, -+ { "MAX", 524298, "1"}, -+ { "SubjectAltName", 1073741826, "GeneralNames"}, -+ { "GeneralNames", 1612709899, NULL }, -+ { "MAX", 1074266122, "1"}, -+ { NULL, 2, "GeneralName"}, -+ { "GeneralName", 1610612754, NULL }, -+ { "otherName", 1610620930, "AnotherName"}, -+ { NULL, 4104, "0"}, -+ { "rfc822Name", 1610620957, NULL }, -+ { NULL, 4104, "1"}, -+ { "dNSName", 1610620957, NULL }, -+ { NULL, 4104, "2"}, -+ { "x400Address", 1610620941, NULL }, -+ { NULL, 4104, "3"}, -+ { "directoryName", 1610620939, NULL }, -+ { NULL, 1073743880, "4"}, -+ { NULL, 2, "RelativeDistinguishedName"}, -+ { "ediPartyName", 1610620941, NULL }, -+ { NULL, 4104, "5"}, -+ { "uniformResourceIdentifier", 1610620957, NULL }, -+ { NULL, 4104, "6"}, -+ { "iPAddress", 1610620935, NULL }, -+ { NULL, 4104, "7"}, -+ { "registeredID", 536879116, NULL }, -+ { NULL, 4104, "8"}, -+ { "AnotherName", 1610612741, NULL }, -+ { "type-id", 1073741836, NULL }, -+ { "value", 541073421, NULL }, -+ { NULL, 1073743880, "0"}, -+ { "type-id", 1, NULL }, -+ { "IssuerAltName", 1073741826, "GeneralNames"}, -+ { "BasicConstraints", 1610612741, NULL }, -+ { "cA", 1610645508, NULL }, -+ { NULL, 131081, NULL }, -+ { "pathLenConstraint", 537411587, NULL }, -+ { "0", 10, "MAX"}, -+ { "CRLDistributionPoints", 1612709899, NULL }, -+ { "MAX", 1074266122, "1"}, -+ { NULL, 2, "DistributionPoint"}, -+ { "DistributionPoint", 1610612741, NULL }, -+ { "distributionPoint", 1610637314, "DistributionPointName"}, -+ { NULL, 2056, "0"}, -+ { "reasons", 1610637314, "ReasonFlags"}, -+ { NULL, 4104, "1"}, -+ { "cRLIssuer", 536895490, "GeneralNames"}, -+ { NULL, 4104, "2"}, -+ { "DistributionPointName", 1610612754, NULL }, -+ { "fullName", 1610620930, "GeneralNames"}, -+ { NULL, 4104, "0"}, -+ { "nameRelativeToCRLIssuer", 536879106, "RelativeDistinguishedName"}, -+ { NULL, 4104, "1"}, -+ { "ReasonFlags", 1073741830, NULL }, -+ { "ExtKeyUsageSyntax", 1612709899, NULL }, -+ { "MAX", 1074266122, "1"}, -+ { NULL, 12, NULL }, -+ { "AuthorityInfoAccessSyntax", 1612709899, NULL }, -+ { "MAX", 1074266122, "1"}, -+ { NULL, 2, "AccessDescription"}, -+ { "AccessDescription", 1610612741, NULL }, -+ { "accessMethod", 1073741836, NULL }, -+ { "accessLocation", 2, "GeneralName"}, -+ { "Attribute", 1610612741, NULL }, -+ { "type", 1073741836, NULL }, -+ { "values", 536870927, NULL }, -+ { NULL, 13, NULL }, -+ { "AttributeTypeAndValue", 1610612741, NULL }, -+ { "type", 1073741836, NULL }, -+ { "value", 13, NULL }, -+ { "Name", 1610612754, NULL }, -+ { "rdnSequence", 536870923, NULL }, -+ { NULL, 2, "RelativeDistinguishedName"}, -+ { "DistinguishedName", 1610612747, NULL }, -+ { NULL, 2, "RelativeDistinguishedName"}, -+ { "RelativeDistinguishedName", 1612709903, NULL }, -+ { "MAX", 1074266122, "1"}, -+ { NULL, 2, "AttributeTypeAndValue"}, -+ { "Certificate", 1610612741, NULL }, -+ { "tbsCertificate", 1073741826, "TBSCertificate"}, -+ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, -+ { "signature", 6, NULL }, -+ { "TBSCertificate", 1610612741, NULL }, -+ { "version", 1610653699, NULL }, -+ { NULL, 1073741833, "0"}, -+ { NULL, 2056, "0"}, -+ { "serialNumber", 1073741826, "CertificateSerialNumber"}, -+ { "signature", 1073741826, "AlgorithmIdentifier"}, -+ { "issuer", 1073741826, "Name"}, -+ { "validity", 1073741826, "Validity"}, -+ { "subject", 1073741826, "Name"}, -+ { "subjectPublicKeyInfo", 1073741826, "SubjectPublicKeyInfo"}, -+ { "issuerUniqueID", 1610637314, "UniqueIdentifier"}, -+ { NULL, 4104, "1"}, -+ { "subjectUniqueID", 1610637314, "UniqueIdentifier"}, -+ { NULL, 4104, "2"}, -+ { "extensions", 536895490, "Extensions"}, -+ { NULL, 2056, "3"}, -+ { "CertificateSerialNumber", 1073741827, NULL }, -+ { "Validity", 1610612741, NULL }, -+ { "notBefore", 1073741826, "Time"}, -+ { "notAfter", 2, "Time"}, -+ { "Time", 1610612754, NULL }, -+ { "utcTime", 1073741860, NULL }, -+ { "generalTime", 37, NULL }, -+ { "UniqueIdentifier", 1073741830, NULL }, -+ { "SubjectPublicKeyInfo", 1610612741, NULL }, -+ { "algorithm", 1073741826, "AlgorithmIdentifier"}, -+ { "subjectPublicKey", 6, NULL }, -+ { "Extensions", 1612709899, NULL }, -+ { "MAX", 1074266122, "1"}, -+ { NULL, 2, "Extension"}, -+ { "Extension", 1610612741, NULL }, -+ { "extnID", 1073741836, NULL }, -+ { "critical", 1610645508, NULL }, -+ { NULL, 131081, NULL }, -+ { "extnValue", 7, NULL }, -+ { "CertificateList", 1610612741, NULL }, -+ { "tbsCertList", 1073741826, "TBSCertList"}, -+ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, -+ { "signature", 6, NULL }, -+ { "TBSCertList", 1610612741, NULL }, -+ { "version", 1073758211, NULL }, -+ { "signature", 1073741826, "AlgorithmIdentifier"}, -+ { "issuer", 1073741826, "Name"}, -+ { "thisUpdate", 1073741826, "Time"}, -+ { "nextUpdate", 1073758210, "Time"}, -+ { "revokedCertificates", 1610629131, NULL }, -+ { NULL, 536870917, NULL }, -+ { "userCertificate", 1073741826, "CertificateSerialNumber"}, -+ { "revocationDate", 1073741826, "Time"}, -+ { "crlEntryExtensions", 16386, "Extensions"}, -+ { "crlExtensions", 536895490, "Extensions"}, -+ { NULL, 2056, "0"}, -+ { "AlgorithmIdentifier", 1610612741, NULL }, -+ { "algorithm", 1073741836, NULL }, -+ { "parameters", 541081613, NULL }, -+ { "algorithm", 1, NULL }, -+ { "Dss-Sig-Value", 1610612741, NULL }, -+ { "r", 1073741827, NULL }, -+ { "s", 3, NULL }, -+ { "Dss-Parms", 1610612741, NULL }, -+ { "p", 1073741827, NULL }, -+ { "q", 1073741827, NULL }, -+ { "g", 3, NULL }, -+ { "pkcs-7-ContentInfo", 1610612741, NULL }, -+ { "contentType", 1073741836, NULL }, -+ { "content", 541073421, NULL }, -+ { NULL, 1073743880, "0"}, -+ { "contentType", 1, NULL }, -+ { "pkcs-7-DigestInfo", 1610612741, NULL }, -+ { "digestAlgorithm", 1073741826, "AlgorithmIdentifier"}, -+ { "digest", 7, NULL }, -+ { "pkcs-7-SignedData", 1610612741, NULL }, -+ { "version", 1073741827, NULL }, -+ { "digestAlgorithms", 1073741826, "pkcs-7-DigestAlgorithmIdentifiers"}, -+ { "encapContentInfo", 1073741826, "pkcs-7-EncapsulatedContentInfo"}, -+ { "certificates", 1610637314, "pkcs-7-CertificateSet"}, -+ { NULL, 4104, "0"}, -+ { "crls", 1610637314, "pkcs-7-CertificateRevocationLists"}, -+ { NULL, 4104, "1"}, -+ { "signerInfos", 2, "pkcs-7-SignerInfos"}, -+ { "pkcs-7-DigestAlgorithmIdentifiers", 1610612751, NULL }, -+ { NULL, 2, "AlgorithmIdentifier"}, -+ { "pkcs-7-EncapsulatedContentInfo", 1610612741, NULL }, -+ { "eContentType", 1073741836, NULL }, -+ { "eContent", 536895501, NULL }, -+ { NULL, 2056, "0"}, -+ { "pkcs-7-CertificateRevocationLists", 1610612751, NULL }, -+ { NULL, 13, NULL }, -+ { "pkcs-7-CertificateChoices", 1610612754, NULL }, -+ { "certificate", 13, NULL }, -+ { "pkcs-7-CertificateSet", 1610612751, NULL }, -+ { NULL, 2, "pkcs-7-CertificateChoices"}, -+ { "IssuerAndSerialNumber", 1610612741, NULL }, -+ { "issuer", 1073741826, "Name"}, -+ { "serialNumber", 2, "CertificateSerialNumber"}, -+ { "pkcs-7-SignerInfo", 1610612741, NULL }, -+ { "version", 1073741827, NULL }, -+ { "sid", 1073741826, "SignerIdentifier"}, -+ { "digestAlgorithm", 1073741826, "AlgorithmIdentifier"}, -+ { "signedAttrs", 1610637314, "SignedAttributes"}, -+ { NULL, 4104, "0"}, -+ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, -+ { "signature", 1073741831, NULL }, -+ { "unsignedAttrs", 536895490, "SignedAttributes"}, -+ { NULL, 4104, "1"}, -+ { "SignedAttributes", 1612709903, NULL }, -+ { "MAX", 1074266122, "1"}, -+ { NULL, 2, "Attribute"}, -+ { "SignerIdentifier", 1610612754, NULL }, -+ { "issuerAndSerialNumber", 1073741826, "IssuerAndSerialNumber"}, -+ { "subjectKeyIdentifier", 536879111, NULL }, -+ { NULL, 4104, "0"}, -+ { "pkcs-7-SignerInfos", 1610612751, NULL }, -+ { NULL, 2, "pkcs-7-SignerInfo"}, -+ { "pkcs-10-CertificationRequestInfo", 1610612741, NULL }, -+ { "version", 1073741827, NULL }, -+ { "subject", 1073741826, "Name"}, -+ { "subjectPKInfo", 1073741826, "SubjectPublicKeyInfo"}, -+ { "attributes", 536879106, "Attributes"}, -+ { NULL, 4104, "0"}, -+ { "Attributes", 1610612751, NULL }, -+ { NULL, 2, "Attribute"}, -+ { "pkcs-10-CertificationRequest", 1610612741, NULL }, -+ { "certificationRequestInfo", 1073741826, "pkcs-10-CertificationRequestInfo"}, -+ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, -+ { "signature", 6, NULL }, -+ { "pkcs-9-at-challengePassword", 1879048204, NULL }, -+ { "iso", 1073741825, "1"}, -+ { "member-body", 1073741825, "2"}, -+ { "us", 1073741825, "840"}, -+ { "rsadsi", 1073741825, "113549"}, -+ { "pkcs", 1073741825, "1"}, -+ { NULL, 1073741825, "9"}, -+ { NULL, 1, "7"}, -+ { "pkcs-9-challengePassword", 1610612754, NULL }, -+ { "printableString", 1073741855, NULL }, -+ { "utf8String", 34, NULL }, -+ { "pkcs-9-localKeyId", 1073741831, NULL }, -+ { "pkcs-8-PrivateKeyInfo", 1610612741, NULL }, -+ { "version", 1073741827, NULL }, -+ { "privateKeyAlgorithm", 1073741826, "AlgorithmIdentifier"}, -+ { "privateKey", 1073741831, NULL }, -+ { "attributes", 536895490, "Attributes"}, -+ { NULL, 4104, "0"}, -+ { "pkcs-8-EncryptedPrivateKeyInfo", 1610612741, NULL }, -+ { "encryptionAlgorithm", 1073741826, "AlgorithmIdentifier"}, -+ { "encryptedData", 2, "pkcs-8-EncryptedData"}, -+ { "pkcs-8-EncryptedData", 1073741831, NULL }, -+ { "pkcs-5-des-CBC-params", 1612709895, NULL }, -+ { NULL, 1048586, "8"}, -+ { "pkcs-5-des-EDE3-CBC-params", 1612709895, NULL }, -+ { NULL, 1048586, "8"}, -+ { "pkcs-5-aes128-CBC-params", 1612709895, NULL }, -+ { NULL, 1048586, "16"}, -+ { "pkcs-5-aes192-CBC-params", 1612709895, NULL }, -+ { NULL, 1048586, "16"}, -+ { "pkcs-5-aes256-CBC-params", 1612709895, NULL }, -+ { NULL, 1048586, "16"}, -+ { "Gost28147-89-Parameters", 1610612741, NULL }, -+ { "iv", 1073741831, NULL }, -+ { "encryptionParamSet", 12, NULL }, -+ { "pkcs-5-PBE-params", 1610612741, NULL }, -+ { "salt", 1073741831, NULL }, -+ { "iterationCount", 3, NULL }, -+ { "pkcs-5-PBES2-params", 1610612741, NULL }, -+ { "keyDerivationFunc", 1073741826, "AlgorithmIdentifier"}, -+ { "encryptionScheme", 2, "AlgorithmIdentifier"}, -+ { "pkcs-5-PBKDF2-params", 1610612741, NULL }, -+ { "salt", 1610612754, NULL }, -+ { "specified", 1073741831, NULL }, -+ { "otherSource", 2, "AlgorithmIdentifier"}, -+ { "iterationCount", 1611137027, NULL }, -+ { "1", 10, "MAX"}, -+ { "keyLength", 1611153411, NULL }, -+ { "1", 10, "MAX"}, -+ { "prf", 16386, "AlgorithmIdentifier"}, -+ { "pkcs-12-PFX", 1610612741, NULL }, -+ { "version", 1610874883, NULL }, -+ { "v3", 1, "3"}, -+ { "authSafe", 1073741826, "pkcs-7-ContentInfo"}, -+ { "macData", 16386, "pkcs-12-MacData"}, -+ { "pkcs-12-PbeParams", 1610612741, NULL }, -+ { "salt", 1073741831, NULL }, -+ { "iterations", 3, NULL }, -+ { "pkcs-12-MacData", 1610612741, NULL }, -+ { "mac", 1073741826, "pkcs-7-DigestInfo"}, -+ { "macSalt", 1073741831, NULL }, -+ { "iterations", 536903683, NULL }, -+ { NULL, 9, "1"}, -+ { "pkcs-12-AuthenticatedSafe", 1610612747, NULL }, -+ { NULL, 2, "pkcs-7-ContentInfo"}, -+ { "pkcs-12-SafeContents", 1610612747, NULL }, -+ { NULL, 2, "pkcs-12-SafeBag"}, -+ { "pkcs-12-SafeBag", 1610612741, NULL }, -+ { "bagId", 1073741836, NULL }, -+ { "bagValue", 1614815245, NULL }, -+ { NULL, 1073743880, "0"}, -+ { "badId", 1, NULL }, -+ { "bagAttributes", 536887311, NULL }, -+ { NULL, 2, "Attribute"}, -+ { "pkcs-12-CertBag", 1610612741, NULL }, -+ { "certId", 1073741836, NULL }, -+ { "certValue", 541073421, NULL }, -+ { NULL, 1073743880, "0"}, -+ { "certId", 1, NULL }, -+ { "pkcs-12-CRLBag", 1610612741, NULL }, -+ { "crlId", 1073741836, NULL }, -+ { "crlValue", 541073421, NULL }, -+ { NULL, 1073743880, "0"}, -+ { "crlId", 1, NULL }, -+ { "pkcs-12-SecretBag", 1610612741, NULL }, -+ { "secretTypeId", 1073741836, NULL }, -+ { "secretValue", 541073421, NULL }, -+ { NULL, 1073743880, "0"}, -+ { "secretTypeId", 1, NULL }, -+ { "pkcs-7-Data", 1073741831, NULL }, -+ { "pkcs-7-EncryptedData", 1610612741, NULL }, -+ { "version", 1073741827, NULL }, -+ { "encryptedContentInfo", 1073741826, "pkcs-7-EncryptedContentInfo"}, -+ { "unprotectedAttrs", 536895490, "pkcs-7-UnprotectedAttributes"}, -+ { NULL, 4104, "1"}, -+ { "pkcs-7-EncryptedContentInfo", 1610612741, NULL }, -+ { "contentType", 1073741836, NULL }, -+ { "contentEncryptionAlgorithm", 1073741826, "pkcs-7-ContentEncryptionAlgorithmIdentifier"}, -+ { "encryptedContent", 536895495, NULL }, -+ { NULL, 4104, "0"}, -+ { "pkcs-7-ContentEncryptionAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, -+ { "pkcs-7-UnprotectedAttributes", 1612709903, NULL }, -+ { "MAX", 1074266122, "1"}, -+ { NULL, 2, "Attribute"}, -+ { "ProxyCertInfo", 1610612741, NULL }, -+ { "pCPathLenConstraint", 1611153411, NULL }, -+ { "0", 10, "MAX"}, -+ { "proxyPolicy", 2, "ProxyPolicy"}, -+ { "ProxyPolicy", 1610612741, NULL }, -+ { "policyLanguage", 1073741836, NULL }, -+ { "policy", 16391, NULL }, -+ { "certificatePolicies", 1612709899, NULL }, -+ { "MAX", 1074266122, "1"}, -+ { NULL, 2, "PolicyInformation"}, -+ { "PolicyInformation", 1610612741, NULL }, -+ { "policyIdentifier", 1073741836, NULL }, -+ { "policyQualifiers", 538984459, NULL }, -+ { "MAX", 1074266122, "1"}, -+ { NULL, 2, "PolicyQualifierInfo"}, -+ { "PolicyQualifierInfo", 1610612741, NULL }, -+ { "policyQualifierId", 1073741836, NULL }, -+ { "qualifier", 541065229, NULL }, -+ { "policyQualifierId", 1, NULL }, -+ { "CPSuri", 1073741853, NULL }, -+ { "UserNotice", 1610612741, NULL }, -+ { "noticeRef", 1073758210, "NoticeReference"}, -+ { "explicitText", 16386, "DisplayText"}, -+ { "NoticeReference", 1610612741, NULL }, -+ { "organization", 1073741826, "DisplayText"}, -+ { "noticeNumbers", 536870923, NULL }, -+ { NULL, 3, NULL }, -+ { "DisplayText", 1610612754, NULL }, -+ { "ia5String", 1612709917, NULL }, -+ { "200", 524298, "1"}, -+ { "visibleString", 1612709923, NULL }, -+ { "200", 524298, "1"}, -+ { "bmpString", 1612709921, NULL }, -+ { "200", 524298, "1"}, -+ { "utf8String", 538968098, NULL }, -+ { "200", 524298, "1"}, -+ { "OCSPRequest", 1610612741, NULL }, -+ { "tbsRequest", 1073741826, "TBSRequest"}, -+ { "optionalSignature", 536895490, "Signature"}, -+ { NULL, 2056, "0"}, -+ { "TBSRequest", 1610612741, NULL }, -+ { "version", 1610653699, NULL }, -+ { NULL, 1073741833, "0"}, -+ { NULL, 2056, "0"}, -+ { "requestorName", 1610637314, "GeneralName"}, -+ { NULL, 2056, "1"}, -+ { "requestList", 1610612747, NULL }, -+ { NULL, 2, "Request"}, -+ { "requestExtensions", 536895490, "Extensions"}, -+ { NULL, 2056, "2"}, -+ { "Signature", 1610612741, NULL }, -+ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, -+ { "signature", 1073741830, NULL }, -+ { "certs", 536895499, NULL }, -+ { NULL, 1073743880, "0"}, -+ { NULL, 2, "Certificate"}, -+ { "Request", 1610612741, NULL }, -+ { "reqCert", 1073741826, "CertID"}, -+ { "singleRequestExtensions", 536895490, "Extensions"}, -+ { NULL, 2056, "0"}, -+ { "CertID", 1610612741, NULL }, -+ { "hashAlgorithm", 1073741826, "AlgorithmIdentifier"}, -+ { "issuerNameHash", 1073741831, NULL }, -+ { "issuerKeyHash", 1073741831, NULL }, -+ { "serialNumber", 2, "CertificateSerialNumber"}, -+ { "OCSPResponse", 1610612741, NULL }, -+ { "responseStatus", 1073741826, "OCSPResponseStatus"}, -+ { "responseBytes", 536895490, "ResponseBytes"}, -+ { NULL, 2056, "0"}, -+ { "OCSPResponseStatus", 1610874901, NULL }, -+ { "successful", 1073741825, "0"}, -+ { "malformedRequest", 1073741825, "1"}, -+ { "internalError", 1073741825, "2"}, -+ { "tryLater", 1073741825, "3"}, -+ { "sigRequired", 1073741825, "5"}, -+ { "unauthorized", 1, "6"}, -+ { "ResponseBytes", 1610612741, NULL }, -+ { "responseType", 1073741836, NULL }, -+ { "response", 7, NULL }, -+ { "BasicOCSPResponse", 1610612741, NULL }, -+ { "tbsResponseData", 1073741826, "ResponseData"}, -+ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, -+ { "signature", 1073741830, NULL }, -+ { "certs", 536895499, NULL }, -+ { NULL, 1073743880, "0"}, -+ { NULL, 2, "Certificate"}, -+ { "ResponseData", 1610612741, NULL }, -+ { "version", 1610653699, NULL }, -+ { NULL, 1073741833, "0"}, -+ { NULL, 2056, "0"}, -+ { "responderID", 1073741826, "ResponderID"}, -+ { "producedAt", 1073741861, NULL }, -+ { "responses", 1610612747, NULL }, -+ { NULL, 2, "SingleResponse"}, -+ { "responseExtensions", 536895490, "Extensions"}, -+ { NULL, 2056, "1"}, -+ { "ResponderID", 1610612754, NULL }, -+ { "byName", 1610620939, NULL }, -+ { NULL, 1073743880, "1"}, -+ { NULL, 2, "RelativeDistinguishedName"}, -+ { "byKey", 536879111, NULL }, -+ { NULL, 2056, "2"}, -+ { "SingleResponse", 1610612741, NULL }, -+ { "certID", 1073741826, "CertID"}, -+ { "certStatus", 1073741826, "CertStatus"}, -+ { "thisUpdate", 1073741861, NULL }, -+ { "nextUpdate", 1610637349, NULL }, -+ { NULL, 2056, "0"}, -+ { "singleExtensions", 536895490, "Extensions"}, -+ { NULL, 2056, "1"}, -+ { "CertStatus", 1610612754, NULL }, -+ { "good", 1610620948, NULL }, -+ { NULL, 4104, "0"}, -+ { "revoked", 1610620930, "RevokedInfo"}, -+ { NULL, 4104, "1"}, -+ { "unknown", 536879106, "UnknownInfo"}, -+ { NULL, 4104, "2"}, -+ { "RevokedInfo", 1610612741, NULL }, -+ { "revocationTime", 1073741861, NULL }, -+ { "revocationReason", 537157653, NULL }, -+ { NULL, 1073743880, "0"}, -+ { "unspecified", 1, "0"}, -+ { "UnknownInfo", 1073741844, NULL }, -+ { "NameConstraints", 1610612741, NULL }, -+ { "permittedSubtrees", 1610637314, "GeneralSubtrees"}, -+ { NULL, 4104, "0"}, -+ { "excludedSubtrees", 536895490, "GeneralSubtrees"}, -+ { NULL, 4104, "1"}, -+ { "GeneralSubtrees", 1612709899, NULL }, -+ { "MAX", 1074266122, "1"}, -+ { NULL, 2, "GeneralSubtree"}, -+ { "GeneralSubtree", 1610612741, NULL }, -+ { "base", 1073741826, "GeneralName"}, -+ { "minimum", 1610653699, NULL }, -+ { NULL, 1073741833, "0"}, -+ { NULL, 4104, "0"}, -+ { "maximum", 536895491, NULL }, -+ { NULL, 4104, "1"}, -+ { "TlsFeatures", 536870923, NULL }, -+ { NULL, 3, NULL }, -+ { NULL, 0, NULL } -+}; diff --git a/SPECS/grub2/fedora/0172-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch b/SPECS/grub2/fedora/0172-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch deleted file mode 100644 index 5a13d5bc24..0000000000 --- a/SPECS/grub2/fedora/0172-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch +++ /dev/null @@ -1,1528 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Thu, 30 Jul 2020 01:33:46 +1000 -Subject: [PATCH] appended signatures: parse PKCS#7 signedData and X.509 - certificates - -This code allows us to parse: - - - PKCS#7 signedData messages. Only a single signerInfo is supported, - which is all that the Linux sign-file utility supports creating - out-of-the-box. Only RSA, SHA-256 and SHA-512 are supported. - Any certificate embedded in the PKCS#7 message will be ignored. - - - X.509 certificates: at least enough to verify the signatures on the - PKCS#7 messages. We expect that the certificates embedded in grub will - be leaf certificates, not CA certificates. The parser enforces this. - -Signed-off-by: Daniel Axtens ---- - grub-core/commands/appendedsig/asn1util.c | 102 +++ - grub-core/commands/appendedsig/pkcs7.c | 305 +++++++++ - grub-core/commands/appendedsig/x509.c | 958 +++++++++++++++++++++++++++ - grub-core/commands/appendedsig/appendedsig.h | 110 +++ - 4 files changed, 1475 insertions(+) - create mode 100644 grub-core/commands/appendedsig/asn1util.c - create mode 100644 grub-core/commands/appendedsig/pkcs7.c - create mode 100644 grub-core/commands/appendedsig/x509.c - create mode 100644 grub-core/commands/appendedsig/appendedsig.h - -diff --git a/grub-core/commands/appendedsig/asn1util.c b/grub-core/commands/appendedsig/asn1util.c -new file mode 100644 -index 0000000000..eff095a9df ---- /dev/null -+++ b/grub-core/commands/appendedsig/asn1util.c -@@ -0,0 +1,102 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2020 IBM Corporation. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include "appendedsig.h" -+ -+asn1_node _gnutls_gnutls_asn = ASN1_TYPE_EMPTY; -+asn1_node _gnutls_pkix_asn = ASN1_TYPE_EMPTY; -+ -+extern const ASN1_ARRAY_TYPE gnutls_asn1_tab[]; -+extern const ASN1_ARRAY_TYPE pkix_asn1_tab[]; -+ -+/* -+ * Read a value from an ASN1 node, allocating memory to store it. -+ * -+ * It will work for anything where the size libtasn1 returns is right: -+ * - Integers -+ * - Octet strings -+ * - DER encoding of other structures -+ * It will _not_ work for things where libtasn1 size requires adjustment: -+ * - Strings that require an extra NULL byte at the end -+ * - Bit strings because libtasn1 returns the length in bits, not bytes. -+ * -+ * If the function returns a non-NULL value, the caller must free it. -+ */ -+void * -+grub_asn1_allocate_and_read (asn1_node node, const char *name, -+ const char *friendly_name, int *content_size) -+{ -+ int result; -+ grub_uint8_t *tmpstr = NULL; -+ int tmpstr_size = 0; -+ -+ result = asn1_read_value (node, name, NULL, &tmpstr_size); -+ if (result != ASN1_MEM_ERROR) -+ { -+ grub_snprintf (grub_errmsg, sizeof (grub_errmsg), -+ _ -+ ("Reading size of %s did not return expected status: %s"), -+ friendly_name, asn1_strerror (result)); -+ grub_errno = GRUB_ERR_BAD_FILE_TYPE; -+ return NULL; -+ } -+ -+ tmpstr = grub_malloc (tmpstr_size); -+ if (tmpstr == NULL) -+ { -+ grub_snprintf (grub_errmsg, sizeof (grub_errmsg), -+ "Could not allocate memory to store %s", friendly_name); -+ grub_errno = GRUB_ERR_OUT_OF_MEMORY; -+ return NULL; -+ } -+ -+ result = asn1_read_value (node, name, tmpstr, &tmpstr_size); -+ if (result != ASN1_SUCCESS) -+ { -+ grub_free (tmpstr); -+ grub_snprintf (grub_errmsg, sizeof (grub_errmsg), -+ "Error reading %s: %s", -+ friendly_name, asn1_strerror (result)); -+ grub_errno = GRUB_ERR_BAD_FILE_TYPE; -+ return NULL; -+ } -+ -+ *content_size = tmpstr_size; -+ -+ return tmpstr; -+} -+ -+int -+asn1_init (void) -+{ -+ int res; -+ res = asn1_array2tree (gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL); -+ if (res != ASN1_SUCCESS) -+ { -+ return res; -+ } -+ res = asn1_array2tree (pkix_asn1_tab, &_gnutls_pkix_asn, NULL); -+ return res; -+} -diff --git a/grub-core/commands/appendedsig/pkcs7.c b/grub-core/commands/appendedsig/pkcs7.c -new file mode 100644 -index 0000000000..dc6afe203f ---- /dev/null -+++ b/grub-core/commands/appendedsig/pkcs7.c -@@ -0,0 +1,305 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2020 IBM Corporation. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include "appendedsig.h" -+#include -+#include -+#include -+ -+ -+static char asn1_error[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; -+ -+/* -+ * RFC 5652 s 5.1 -+ */ -+const char *signedData_oid = "1.2.840.113549.1.7.2"; -+ -+/* -+ * RFC 4055 s 2.1 -+ */ -+const char *sha256_oid = "2.16.840.1.101.3.4.2.1"; -+const char *sha512_oid = "2.16.840.1.101.3.4.2.3"; -+ -+static grub_err_t -+process_content (grub_uint8_t * content, int size, -+ struct pkcs7_signedData *msg) -+{ -+ int res; -+ asn1_node signed_part; -+ grub_err_t err = GRUB_ERR_NONE; -+ char algo_oid[MAX_OID_LEN]; -+ int algo_oid_size = sizeof (algo_oid); -+ int algo_count; -+ char version; -+ int version_size = sizeof (version); -+ grub_uint8_t *result_buf; -+ int result_size = 0; -+ int crls_size = 0; -+ gcry_error_t gcry_err; -+ -+ res = asn1_create_element (_gnutls_pkix_asn, "PKIX1.pkcs-7-SignedData", -+ &signed_part); -+ if (res != ASN1_SUCCESS) -+ { -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "Could not create ASN.1 structure for PKCS#7 signed part."); -+ } -+ -+ res = asn1_der_decoding2 (&signed_part, content, &size, -+ ASN1_DECODE_FLAG_STRICT_DER, asn1_error); -+ if (res != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_SIGNATURE, -+ "Error reading PKCS#7 signed data: %s", asn1_error); -+ goto cleanup_signed_part; -+ } -+ -+ /* SignedData ::= SEQUENCE { -+ * version CMSVersion, -+ * digestAlgorithms DigestAlgorithmIdentifiers, -+ * encapContentInfo EncapsulatedContentInfo, -+ * certificates [0] IMPLICIT CertificateSet OPTIONAL, -+ * crls [1] IMPLICIT RevocationInfoChoices OPTIONAL, -+ * signerInfos SignerInfos } -+ */ -+ -+ /* version per the algo in 5.1, must be 1 */ -+ res = asn1_read_value (signed_part, "version", &version, &version_size); -+ if (res != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_SIGNATURE, -+ "Error reading signedData version: %s", -+ asn1_strerror (res)); -+ goto cleanup_signed_part; -+ } -+ -+ if (version != 1) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_SIGNATURE, -+ "Unexpected signature version v%d, only v1 supported", -+ version); -+ goto cleanup_signed_part; -+ } -+ -+ /* -+ * digestAlgorithms DigestAlgorithmIdentifiers -+ * -+ * DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier -+ * DigestAlgorithmIdentifer is an X.509 AlgorithmIdentifier (10.1.1) -+ * -+ * RFC 4055 s 2.1: -+ * sha256Identifier AlgorithmIdentifier ::= { id-sha256, NULL } -+ * sha512Identifier AlgorithmIdentifier ::= { id-sha512, NULL } -+ * -+ * We only support 1 element in the set, and we do not check parameters atm. -+ */ -+ res = -+ asn1_number_of_elements (signed_part, "digestAlgorithms", &algo_count); -+ if (res != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_SIGNATURE, -+ "Error counting number of digest algorithms: %s", -+ asn1_strerror (res)); -+ goto cleanup_signed_part; -+ } -+ -+ if (algo_count != 1) -+ { -+ err = -+ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, -+ "Only 1 digest algorithm is supported"); -+ goto cleanup_signed_part; -+ } -+ -+ res = -+ asn1_read_value (signed_part, "digestAlgorithms.?1.algorithm", algo_oid, -+ &algo_oid_size); -+ if (res != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_SIGNATURE, -+ "Error reading digest algorithm: %s", -+ asn1_strerror (res)); -+ goto cleanup_signed_part; -+ } -+ -+ if (grub_strncmp (sha512_oid, algo_oid, algo_oid_size) == 0) -+ { -+ msg->hash = grub_crypto_lookup_md_by_name ("sha512"); -+ } -+ else if (grub_strncmp (sha256_oid, algo_oid, algo_oid_size) == 0) -+ { -+ msg->hash = grub_crypto_lookup_md_by_name ("sha256"); -+ } -+ else -+ { -+ err = -+ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, -+ "Only SHA-256 and SHA-512 hashes are supported, found OID %s", -+ algo_oid); -+ goto cleanup_signed_part; -+ } -+ -+ if (!msg->hash) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_SIGNATURE, -+ "Hash algorithm for OID %s not loaded", algo_oid); -+ goto cleanup_signed_part; -+ } -+ -+ /* -+ * We ignore the certificates, but we don't permit CRLs. -+ * A CRL entry might be revoking the certificate we're using, and we have -+ * no way of dealing with that at the moment. -+ */ -+ res = asn1_read_value (signed_part, "crls", NULL, &crls_size); -+ if (res != ASN1_ELEMENT_NOT_FOUND) -+ { -+ err = -+ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, -+ "PKCS#7 messages with embedded CRLs are not supported"); -+ goto cleanup_signed_part; -+ } -+ -+ /* read the signature */ -+ result_buf = -+ grub_asn1_allocate_and_read (signed_part, "signerInfos.?1.signature", -+ "signature data", &result_size); -+ if (!result_buf) -+ { -+ err = grub_errno; -+ goto cleanup_signed_part; -+ } -+ -+ gcry_err = -+ gcry_mpi_scan (&(msg->sig_mpi), GCRYMPI_FMT_USG, result_buf, result_size, -+ NULL); -+ if (gcry_err != GPG_ERR_NO_ERROR) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_SIGNATURE, -+ "Error loading signature into MPI structure: %d", -+ gcry_err); -+ goto cleanup_result; -+ } -+ -+cleanup_result: -+ grub_free (result_buf); -+cleanup_signed_part: -+ asn1_delete_structure (&signed_part); -+ -+ return err; -+} -+ -+grub_err_t -+parse_pkcs7_signedData (void *sigbuf, grub_size_t data_size, -+ struct pkcs7_signedData *msg) -+{ -+ int res; -+ asn1_node content_info; -+ grub_err_t err = GRUB_ERR_NONE; -+ char content_oid[MAX_OID_LEN]; -+ grub_uint8_t *content; -+ int content_size; -+ int content_oid_size = sizeof (content_oid); -+ int size; -+ -+ if (data_size > GRUB_INT_MAX) -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, -+ "Cannot parse a PKCS#7 message where data size > INT_MAX"); -+ size = (int) data_size; -+ -+ res = asn1_create_element (_gnutls_pkix_asn, -+ "PKIX1.pkcs-7-ContentInfo", &content_info); -+ if (res != ASN1_SUCCESS) -+ { -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "Could not create ASN.1 structure for PKCS#7 data: %s", -+ asn1_strerror (res)); -+ } -+ -+ res = asn1_der_decoding2 (&content_info, sigbuf, &size, -+ ASN1_DECODE_FLAG_STRICT_DER, asn1_error); -+ if (res != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_SIGNATURE, -+ "Error decoding PKCS#7 message DER: %s", asn1_error); -+ goto cleanup; -+ } -+ -+ /* -+ * ContentInfo ::= SEQUENCE { -+ * contentType ContentType, -+ * content [0] EXPLICIT ANY DEFINED BY contentType } -+ * -+ * ContentType ::= OBJECT IDENTIFIER -+ */ -+ res = -+ asn1_read_value (content_info, "contentType", content_oid, -+ &content_oid_size); -+ if (res != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_SIGNATURE, -+ "Error reading PKCS#7 content type: %s", -+ asn1_strerror (res)); -+ goto cleanup; -+ } -+ -+ /* OID for SignedData defined in 5.1 */ -+ if (grub_strncmp (signedData_oid, content_oid, content_oid_size) != 0) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_SIGNATURE, -+ "Unexpected content type in PKCS#7 message: OID %s", -+ content_oid); -+ goto cleanup; -+ } -+ -+ content = -+ grub_asn1_allocate_and_read (content_info, "content", -+ "PKCS#7 message content", &content_size); -+ if (!content) -+ { -+ err = grub_errno; -+ goto cleanup; -+ } -+ -+ err = process_content (content, content_size, msg); -+ grub_free (content); -+ -+cleanup: -+ asn1_delete_structure (&content_info); -+ return err; -+} -+ -+/* -+ * Release all the storage associated with the PKCS#7 message. -+ * If the caller dynamically allocated the message, it must free it. -+ */ -+void -+pkcs7_signedData_release (struct pkcs7_signedData *msg) -+{ -+ gcry_mpi_release (msg->sig_mpi); -+} -diff --git a/grub-core/commands/appendedsig/x509.c b/grub-core/commands/appendedsig/x509.c -new file mode 100644 -index 0000000000..2b38b3670a ---- /dev/null -+++ b/grub-core/commands/appendedsig/x509.c -@@ -0,0 +1,958 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2020 IBM Corporation. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include "appendedsig.h" -+ -+static char asn1_error[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; -+ -+/* -+ * RFC 3279 2.3.1 RSA Keys -+ */ -+const char *rsaEncryption_oid = "1.2.840.113549.1.1.1"; -+ -+/* -+ * RFC 5280 Appendix A -+ */ -+const char *commonName_oid = "2.5.4.3"; -+ -+/* -+ * RFC 5280 4.2.1.3 Key Usage -+ */ -+const char *keyUsage_oid = "2.5.29.15"; -+ -+/* -+ * RFC 5280 4.2.1.9 Basic Constraints -+ */ -+const char *basicConstraints_oid = "2.5.29.19"; -+ -+/* -+ * RFC 3279 2.3.1 -+ * -+ * The RSA public key MUST be encoded using the ASN.1 type RSAPublicKey: -+ * -+ * RSAPublicKey ::= SEQUENCE { -+ * modulus INTEGER, -- n -+ * publicExponent INTEGER } -- e -+ * -+ * where modulus is the modulus n, and publicExponent is the public -+ * exponent e. -+ */ -+static grub_err_t -+grub_parse_rsa_pubkey (grub_uint8_t * der, int dersize, -+ struct x509_certificate *certificate) -+{ -+ int result; -+ asn1_node spk = ASN1_TYPE_EMPTY; -+ grub_uint8_t *m_data, *e_data; -+ int m_size, e_size; -+ grub_err_t err = GRUB_ERR_NONE; -+ gcry_error_t gcry_err; -+ -+ result = -+ asn1_create_element (_gnutls_gnutls_asn, "GNUTLS.RSAPublicKey", &spk); -+ if (result != ASN1_SUCCESS) -+ { -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "Cannot create storage for public key ASN.1 data"); -+ } -+ -+ result = asn1_der_decoding2 (&spk, der, &dersize, -+ ASN1_DECODE_FLAG_STRICT_DER, asn1_error); -+ if (result != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Cannot decode certificate public key DER: %s", -+ asn1_error); -+ goto cleanup; -+ } -+ -+ m_data = -+ grub_asn1_allocate_and_read (spk, "modulus", "RSA modulus", &m_size); -+ if (!m_data) -+ { -+ err = grub_errno; -+ goto cleanup; -+ } -+ -+ e_data = -+ grub_asn1_allocate_and_read (spk, "publicExponent", "RSA public exponent", -+ &e_size); -+ if (!e_data) -+ { -+ err = grub_errno; -+ goto cleanup_m_data; -+ } -+ -+ /* -+ * convert m, e to mpi -+ * -+ * nscanned is not set for FMT_USG, it's only set for FMT_PGP, -+ * so we can't verify it -+ */ -+ gcry_err = -+ gcry_mpi_scan (&certificate->mpis[0], GCRYMPI_FMT_USG, m_data, m_size, -+ NULL); -+ if (gcry_err != GPG_ERR_NO_ERROR) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error loading RSA modulus into MPI structure: %d", -+ gcry_err); -+ goto cleanup_e_data; -+ } -+ -+ gcry_err = -+ gcry_mpi_scan (&certificate->mpis[1], GCRYMPI_FMT_USG, e_data, e_size, -+ NULL); -+ if (gcry_err != GPG_ERR_NO_ERROR) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error loading RSA exponent into MPI structure: %d", -+ gcry_err); -+ goto cleanup_m_mpi; -+ } -+ -+ grub_free (e_data); -+ grub_free (m_data); -+ asn1_delete_structure (&spk); -+ return GRUB_ERR_NONE; -+ -+cleanup_m_mpi: -+ gcry_mpi_release (certificate->mpis[0]); -+cleanup_e_data: -+ grub_free (e_data); -+cleanup_m_data: -+ grub_free (m_data); -+cleanup: -+ asn1_delete_structure (&spk); -+ return err; -+} -+ -+ -+/* -+ * RFC 5280: -+ * SubjectPublicKeyInfo ::= SEQUENCE { -+ * algorithm AlgorithmIdentifier, -+ * subjectPublicKey BIT STRING } -+ * -+ * AlgorithmIdentifiers come from RFC 3279, we are not strictly compilant as we -+ * only support RSA Encryption. -+ */ -+ -+static grub_err_t -+grub_x509_read_subject_public_key (asn1_node asn, -+ struct x509_certificate *results) -+{ -+ int result; -+ grub_err_t err; -+ const char *algo_name = -+ "tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm"; -+ const char *params_name = -+ "tbsCertificate.subjectPublicKeyInfo.algorithm.parameters"; -+ const char *pk_name = -+ "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey"; -+ char algo_oid[MAX_OID_LEN]; -+ int algo_size = sizeof (algo_oid); -+ char params_value[2]; -+ int params_size = sizeof (params_value); -+ grub_uint8_t *key_data = NULL; -+ int key_size = 0; -+ unsigned int key_type; -+ -+ /* algorithm: see notes for rsaEncryption_oid */ -+ result = asn1_read_value (asn, algo_name, algo_oid, &algo_size); -+ if (result != ASN1_SUCCESS) -+ { -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error reading x509 public key algorithm: %s", -+ asn1_strerror (result)); -+ } -+ -+ if (grub_strncmp (algo_oid, rsaEncryption_oid, sizeof (rsaEncryption_oid)) -+ != 0) -+ { -+ return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, -+ "Unsupported x509 public key algorithm: %s", -+ algo_oid); -+ } -+ -+ /* -+ * RFC 3279 2.3.1 -+ * The rsaEncryption OID is intended to be used in the algorithm field -+ * of a value of type AlgorithmIdentifier. The parameters field MUST -+ * have ASN.1 type NULL for this algorithm identifier. -+ */ -+ result = asn1_read_value (asn, params_name, params_value, ¶ms_size); -+ if (result != ASN1_SUCCESS) -+ { -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error reading x509 public key parameters: %s", -+ asn1_strerror (result)); -+ } -+ -+ if (params_value[0] != ASN1_TAG_NULL) -+ { -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Invalid x509 public key parameters: expected NULL"); -+ } -+ -+ /* -+ * RFC 3279 2.3.1: The DER encoded RSAPublicKey is the value of the BIT -+ * STRING subjectPublicKey. -+ */ -+ result = asn1_read_value_type (asn, pk_name, NULL, &key_size, &key_type); -+ if (result != ASN1_MEM_ERROR) -+ { -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error reading size of x509 public key: %s", -+ asn1_strerror (result)); -+ } -+ if (key_type != ASN1_ETYPE_BIT_STRING) -+ { -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Unexpected ASN.1 type when reading x509 public key: %x", -+ key_type); -+ } -+ -+ /* length is in bits */ -+ key_size = (key_size + 7) / 8; -+ -+ key_data = grub_malloc (key_size); -+ if (!key_data) -+ { -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "Out of memory for x509 public key"); -+ } -+ -+ result = asn1_read_value (asn, pk_name, key_data, &key_size); -+ if (result != ASN1_SUCCESS) -+ { -+ grub_free (key_data); -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error reading public key data"); -+ } -+ key_size = (key_size + 7) / 8; -+ -+ err = grub_parse_rsa_pubkey (key_data, key_size, results); -+ grub_free (key_data); -+ -+ return err; -+} -+ -+/* Decode a string as defined in Appendix A */ -+static grub_err_t -+decode_string (char *der, int der_size, char **string, -+ grub_size_t * string_size) -+{ -+ asn1_node strasn; -+ int result; -+ char *choice; -+ int choice_size = 0; -+ int tmp_size = 0; -+ grub_err_t err = GRUB_ERR_NONE; -+ -+ result = -+ asn1_create_element (_gnutls_pkix_asn, "PKIX1.DirectoryString", &strasn); -+ if (result != ASN1_SUCCESS) -+ { -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "Could not create ASN.1 structure for certificate: %s", -+ asn1_strerror (result)); -+ } -+ -+ result = asn1_der_decoding2 (&strasn, der, &der_size, -+ ASN1_DECODE_FLAG_STRICT_DER, asn1_error); -+ if (result != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Could not parse DER for DirectoryString: %s", -+ asn1_error); -+ goto cleanup; -+ } -+ -+ choice = -+ grub_asn1_allocate_and_read (strasn, "", "DirectoryString choice", -+ &choice_size); -+ if (!choice) -+ { -+ err = grub_errno; -+ goto cleanup; -+ } -+ -+ if (grub_strncmp ("utf8String", choice, choice_size)) -+ { -+ err = -+ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, -+ "Only UTF-8 DirectoryStrings are supported, got %s", -+ choice); -+ goto cleanup_choice; -+ } -+ -+ result = asn1_read_value (strasn, "utf8String", NULL, &tmp_size); -+ if (result != ASN1_MEM_ERROR) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error reading size of UTF-8 string: %s", -+ asn1_strerror (result)); -+ goto cleanup_choice; -+ } -+ -+ /* read size does not include trailing null */ -+ tmp_size++; -+ -+ *string = grub_malloc (tmp_size); -+ if (!*string) -+ { -+ err = -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "Cannot allocate memory for DirectoryString contents"); -+ goto cleanup_choice; -+ } -+ -+ result = asn1_read_value (strasn, "utf8String", *string, &tmp_size); -+ if (result != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error reading out UTF-8 string in DirectoryString: %s", -+ asn1_strerror (result)); -+ grub_free (*string); -+ goto cleanup_choice; -+ } -+ *string_size = tmp_size + 1; -+ (*string)[tmp_size] = '\0'; -+ -+cleanup_choice: -+ grub_free (choice); -+cleanup: -+ asn1_delete_structure (&strasn); -+ return err; -+} -+ -+/* -+ * TBSCertificate ::= SEQUENCE { -+ * version [0] EXPLICIT Version DEFAULT v1, -+ * ... -+ * -+ * Version ::= INTEGER { v1(0), v2(1), v3(2) } -+ */ -+static grub_err_t -+check_version (asn1_node certificate) -+{ -+ int rc; -+ const char *name = "tbsCertificate.version"; -+ grub_uint8_t version; -+ int len = 1; -+ -+ rc = asn1_read_value (certificate, name, &version, &len); -+ -+ /* require version 3 */ -+ if (rc != ASN1_SUCCESS || len != 1) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error reading certificate version"); -+ -+ if (version != 0x02) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Invalid x509 certificate version, expected v3 (0x02), got 0x%02x", -+ version); -+ -+ return GRUB_ERR_NONE; -+} -+ -+/* -+ * This is an X.501 Name, which is complex. -+ * -+ * For simplicity, we extract only the CN. -+ */ -+static grub_err_t -+read_name (asn1_node asn, const char *name_path, char **name, -+ grub_size_t * name_size) -+{ -+ int seq_components, set_components; -+ int result; -+ int i, j; -+ char *top_path, *set_path, *type_path, *val_path; -+ char type[MAX_OID_LEN]; -+ int type_len = sizeof (type); -+ int string_size = 0; -+ char *string_der; -+ grub_err_t err; -+ -+ *name = NULL; -+ -+ top_path = grub_xasprintf ("%s.rdnSequence", name_path); -+ if (!top_path) -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "Could not allocate memory for %s name parsing path", -+ name_path); -+ -+ result = asn1_number_of_elements (asn, top_path, &seq_components); -+ if (result != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error counting name components: %s", -+ asn1_strerror (result)); -+ goto cleanup; -+ } -+ -+ for (i = 1; i <= seq_components; i++) -+ { -+ set_path = grub_xasprintf ("%s.?%d", top_path, i); -+ if (!set_path) -+ { -+ err = -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "Could not allocate memory for %s name set parsing path", -+ name_path); -+ goto cleanup_set; -+ } -+ /* this brings us, hopefully, to a set */ -+ result = asn1_number_of_elements (asn, set_path, &set_components); -+ if (result != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error counting name sub-components components (element %d): %s", -+ i, asn1_strerror (result)); -+ goto cleanup_set; -+ } -+ for (j = 1; j <= set_components; j++) -+ { -+ type_path = grub_xasprintf ("%s.?%d.?%d.type", top_path, i, j); -+ if (!type_path) -+ { -+ err = -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "Could not allocate memory for %s name component type path", -+ name_path); -+ goto cleanup_set; -+ } -+ type_len = sizeof (type); -+ result = asn1_read_value (asn, type_path, type, &type_len); -+ if (result != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error reading %s name component type: %s", -+ name_path, asn1_strerror (result)); -+ goto cleanup_type; -+ } -+ -+ if (grub_strncmp (type, commonName_oid, type_len) != 0) -+ { -+ grub_free (type_path); -+ continue; -+ } -+ -+ val_path = grub_xasprintf ("%s.?%d.?%d.value", top_path, i, j); -+ if (!val_path) -+ { -+ err = -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "Could not allocate memory for %s name component value path", -+ name_path); -+ goto cleanup_set; -+ } -+ -+ string_der = -+ grub_asn1_allocate_and_read (asn, val_path, name_path, -+ &string_size); -+ if (!string_der) -+ { -+ err = grub_errno; -+ goto cleanup_val_path; -+ } -+ -+ err = decode_string (string_der, string_size, name, name_size); -+ if (err) -+ goto cleanup_string; -+ -+ grub_free (string_der); -+ grub_free (type_path); -+ grub_free (val_path); -+ break; -+ } -+ grub_free (set_path); -+ -+ if (*name) -+ break; -+ } -+ -+ return GRUB_ERR_NONE; -+ -+cleanup_string: -+ grub_free (string_der); -+cleanup_val_path: -+ grub_free (val_path); -+cleanup_type: -+ grub_free (type_path); -+cleanup_set: -+ grub_free (set_path); -+cleanup: -+ grub_free (top_path); -+ return err; -+} -+ -+/* -+ * details here -+ */ -+static grub_err_t -+verify_key_usage (grub_uint8_t * value, int value_size) -+{ -+ asn1_node usageasn; -+ int result; -+ grub_err_t err = GRUB_ERR_NONE; -+ grub_uint8_t usage = 0xff; -+ int usage_size = 1; -+ -+ result = -+ asn1_create_element (_gnutls_pkix_asn, "PKIX1.KeyUsage", &usageasn); -+ if (result != ASN1_SUCCESS) -+ { -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "Could not create ASN.1 structure for key usage"); -+ } -+ -+ result = asn1_der_decoding2 (&usageasn, value, &value_size, -+ ASN1_DECODE_FLAG_STRICT_DER, asn1_error); -+ if (result != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error parsing DER for Key Usage: %s", asn1_error); -+ goto cleanup; -+ } -+ -+ result = asn1_read_value (usageasn, "", &usage, &usage_size); -+ if (result != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error reading Key Usage value: %s", -+ asn1_strerror (result)); -+ goto cleanup; -+ } -+ -+ /* Only the first bit is permitted to be set */ -+ if (usage != 0x80) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, "Unexpected Key Usage value: %x", -+ usage); -+ goto cleanup; -+ } -+ -+cleanup: -+ asn1_delete_structure (&usageasn); -+ return err; -+} -+ -+/* -+ * BasicConstraints ::= SEQUENCE { -+ * cA BOOLEAN DEFAULT FALSE, -+ * pathLenConstraint INTEGER (0..MAX) OPTIONAL } -+ */ -+static grub_err_t -+verify_basic_constraints (grub_uint8_t * value, int value_size) -+{ -+ asn1_node basicasn; -+ int result; -+ grub_err_t err = GRUB_ERR_NONE; -+ char cA[6]; /* FALSE or TRUE */ -+ int cA_size = sizeof (cA); -+ -+ result = -+ asn1_create_element (_gnutls_pkix_asn, "PKIX1.BasicConstraints", -+ &basicasn); -+ if (result != ASN1_SUCCESS) -+ { -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "Could not create ASN.1 structure for Basic Constraints"); -+ } -+ -+ result = asn1_der_decoding2 (&basicasn, value, &value_size, -+ ASN1_DECODE_FLAG_STRICT_DER, asn1_error); -+ if (result != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error parsing DER for Basic Constraints: %s", -+ asn1_error); -+ goto cleanup; -+ } -+ -+ result = asn1_read_value (basicasn, "cA", cA, &cA_size); -+ if (result == ASN1_ELEMENT_NOT_FOUND) -+ { -+ /* Not present, default is False, so this is OK */ -+ err = GRUB_ERR_NONE; -+ goto cleanup; -+ } -+ else if (result != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error reading Basic Constraints cA value: %s", -+ asn1_strerror (result)); -+ goto cleanup; -+ } -+ -+ /* The certificate must not be a CA certificate */ -+ if (grub_strncmp ("FALSE", cA, cA_size) != 0) -+ { -+ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Unexpected CA value: %s", -+ cA); -+ goto cleanup; -+ } -+ -+cleanup: -+ asn1_delete_structure (&basicasn); -+ return err; -+} -+ -+ -+/* -+ * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension -+ * -+ * Extension ::= SEQUENCE { -+ * extnID OBJECT IDENTIFIER, -+ * critical BOOLEAN DEFAULT FALSE, -+ * extnValue OCTET STRING -+ * -- contains the DER encoding of an ASN.1 value -+ * -- corresponding to the extension type identified -+ * -- by extnID -+ * } -+ * -+ * We require that a certificate: -+ * - contain the Digital Signature usage only -+ * - not be a CA -+ * - MUST not contain any other critical extensions (RFC 5280 s 4.2) -+ */ -+static grub_err_t -+verify_extensions (asn1_node cert) -+{ -+ int result; -+ int ext, num_extensions = 0; -+ int usage_present = 0, constraints_present = 0; -+ char *oid_path, *critical_path, *value_path; -+ char extnID[MAX_OID_LEN]; -+ int extnID_size; -+ grub_err_t err; -+ char critical[6]; /* we get either "TRUE" or "FALSE" */ -+ int critical_size; -+ grub_uint8_t *value; -+ int value_size; -+ -+ result = -+ asn1_number_of_elements (cert, "tbsCertificate.extensions", -+ &num_extensions); -+ if (result != ASN1_SUCCESS) -+ { -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error counting number of extensions: %s", -+ asn1_strerror (result)); -+ } -+ -+ if (num_extensions < 2) -+ { -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Insufficient number of extensions for certificate, need at least 2, got %d", -+ num_extensions); -+ } -+ -+ for (ext = 1; ext <= num_extensions; ext++) -+ { -+ oid_path = grub_xasprintf ("tbsCertificate.extensions.?%d.extnID", ext); -+ -+ extnID_size = sizeof (extnID); -+ result = asn1_read_value (cert, oid_path, extnID, &extnID_size); -+ if (result != GRUB_ERR_NONE) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error reading extension OID: %s", -+ asn1_strerror (result)); -+ goto cleanup_oid_path; -+ } -+ -+ critical_path = -+ grub_xasprintf ("tbsCertificate.extensions.?%d.critical", ext); -+ critical_size = sizeof (critical); -+ result = -+ asn1_read_value (cert, critical_path, critical, &critical_size); -+ if (result == ASN1_ELEMENT_NOT_FOUND) -+ { -+ critical[0] = '\0'; -+ } -+ else if (result != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error reading extension criticality: %s", -+ asn1_strerror (result)); -+ goto cleanup_critical_path; -+ } -+ -+ value_path = -+ grub_xasprintf ("tbsCertificate.extensions.?%d.extnValue", ext); -+ value = -+ grub_asn1_allocate_and_read (cert, value_path, -+ "certificate extension value", -+ &value_size); -+ if (!value) -+ { -+ err = grub_errno; -+ goto cleanup_value_path; -+ } -+ -+ /* -+ * Now we must see if we recognise the OID. -+ * If we have an unrecognised critical extension we MUST bail. -+ */ -+ if (grub_strncmp (keyUsage_oid, extnID, extnID_size) == 0) -+ { -+ err = verify_key_usage (value, value_size); -+ if (err != GRUB_ERR_NONE) -+ { -+ goto cleanup_value; -+ } -+ usage_present++; -+ } -+ else if (grub_strncmp (basicConstraints_oid, extnID, extnID_size) == 0) -+ { -+ err = verify_basic_constraints (value, value_size); -+ if (err != GRUB_ERR_NONE) -+ { -+ goto cleanup_value; -+ } -+ constraints_present++; -+ } -+ else if (grub_strncmp ("TRUE", critical, critical_size) == 0) -+ { -+ /* -+ * per the RFC, we must not process a certificate with -+ * a critical extension we do not understand. -+ */ -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Unhandled critical x509 extension with OID %s", -+ extnID); -+ goto cleanup_value; -+ } -+ -+ grub_free (value); -+ grub_free (value_path); -+ grub_free (critical_path); -+ grub_free (oid_path); -+ } -+ -+ if (usage_present != 1) -+ { -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Unexpected number of Key Usage extensions - expected 1, got %d", -+ usage_present); -+ } -+ if (constraints_present != 1) -+ { -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Unexpected number of basic constraints extensions - expected 1, got %d", -+ constraints_present); -+ } -+ return GRUB_ERR_NONE; -+ -+cleanup_value: -+ grub_free (value); -+cleanup_value_path: -+ grub_free (value_path); -+cleanup_critical_path: -+ grub_free (critical_path); -+cleanup_oid_path: -+ grub_free (oid_path); -+ return err; -+} -+ -+/* -+ * Parse a certificate whose DER-encoded form is in @data, of size @data_size. -+ * Return the results in @results, which must point to an allocated x509 certificate. -+ */ -+grub_err_t -+certificate_import (void *data, grub_size_t data_size, -+ struct x509_certificate *results) -+{ -+ int result = 0; -+ asn1_node cert; -+ grub_err_t err; -+ int size; -+ int tmp_size; -+ -+ if (data_size > GRUB_INT_MAX) -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, -+ "Cannot parse a certificate where data size > INT_MAX"); -+ size = (int) data_size; -+ -+ result = asn1_create_element (_gnutls_pkix_asn, "PKIX1.Certificate", &cert); -+ if (result != ASN1_SUCCESS) -+ { -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "Could not create ASN.1 structure for certificate: %s", -+ asn1_strerror (result)); -+ } -+ -+ result = asn1_der_decoding2 (&cert, data, &size, -+ ASN1_DECODE_FLAG_STRICT_DER, asn1_error); -+ if (result != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Could not parse DER for certificate: %s", asn1_error); -+ goto cleanup; -+ } -+ -+ /* -+ * TBSCertificate ::= SEQUENCE { -+ * version [0] EXPLICIT Version DEFAULT v1 -+ */ -+ err = check_version (cert); -+ if (err != GRUB_ERR_NONE) -+ { -+ goto cleanup; -+ } -+ -+ /* -+ * serialNumber CertificateSerialNumber, -+ * -+ * CertificateSerialNumber ::= INTEGER -+ */ -+ results->serial = -+ grub_asn1_allocate_and_read (cert, "tbsCertificate.serialNumber", -+ "certificate serial number", &tmp_size); -+ if (!results->serial) -+ { -+ err = grub_errno; -+ goto cleanup; -+ } -+ /* -+ * It's safe to cast the signed int to an unsigned here, we know -+ * length is non-negative -+ */ -+ results->serial_len = tmp_size; -+ -+ /* -+ * signature AlgorithmIdentifier, -+ * -+ * We don't load the signature or issuer at the moment, -+ * as we don't attempt x509 verification. -+ */ -+ -+ /* -+ * issuer Name, -+ * -+ * The RFC only requires the serial number to be unique within -+ * issuers, so to avoid ambiguity we _technically_ ought to make -+ * this available. -+ */ -+ -+ /* -+ * validity Validity, -+ * -+ * Validity ::= SEQUENCE { -+ * notBefore Time, -+ * notAfter Time } -+ * -+ * We can't validate this reasonably, we have no true time source on several -+ * platforms. For now we do not parse them. -+ */ -+ -+ /* -+ * subject Name, -+ * -+ * This is an X501 name, we parse out just the CN. -+ */ -+ err = -+ read_name (cert, "tbsCertificate.subject", &results->subject, -+ &results->subject_len); -+ if (err != GRUB_ERR_NONE) -+ goto cleanup_serial; -+ -+ /* -+ * TBSCertificate ::= SEQUENCE { -+ * ... -+ * subjectPublicKeyInfo SubjectPublicKeyInfo, -+ * ... -+ */ -+ err = grub_x509_read_subject_public_key (cert, results); -+ if (err != GRUB_ERR_NONE) -+ goto cleanup_name; -+ -+ /* -+ * TBSCertificate ::= SEQUENCE { -+ * ... -+ * extensions [3] EXPLICIT Extensions OPTIONAL -+ * -- If present, version MUST be v3 -+ * } -+ */ -+ -+ err = verify_extensions (cert); -+ if (err != GRUB_ERR_NONE) -+ goto cleanup_name; -+ -+ -+ /* -+ * We do not read or check the signature on the certificate: -+ * as discussed we do not try to validate the certificate but trust -+ * it implictly. -+ */ -+ -+ asn1_delete_structure (&cert); -+ return GRUB_ERR_NONE; -+ -+ -+cleanup_name: -+ grub_free (results->subject); -+cleanup_serial: -+ grub_free (results->serial); -+cleanup: -+ asn1_delete_structure (&cert); -+ return err; -+} -+ -+/* -+ * Release all the storage associated with the x509 certificate. -+ * If the caller dynamically allocated the certificate, it must free it. -+ * The caller is also responsible for maintenance of the linked list. -+ */ -+void -+certificate_release (struct x509_certificate *cert) -+{ -+ grub_free (cert->subject); -+ grub_free (cert->serial); -+ gcry_mpi_release (cert->mpis[0]); -+ gcry_mpi_release (cert->mpis[1]); -+} -diff --git a/grub-core/commands/appendedsig/appendedsig.h b/grub-core/commands/appendedsig/appendedsig.h -new file mode 100644 -index 0000000000..9792ef3901 ---- /dev/null -+++ b/grub-core/commands/appendedsig/appendedsig.h -@@ -0,0 +1,110 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2020 IBM Corporation. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+ -+extern asn1_node _gnutls_gnutls_asn; -+extern asn1_node _gnutls_pkix_asn; -+ -+#define MAX_OID_LEN 32 -+ -+/* -+ * One or more x509 certificates. -+ * -+ * We do limited parsing: extracting only the serial, CN and RSA public key. -+ */ -+struct x509_certificate -+{ -+ struct x509_certificate *next; -+ -+ grub_uint8_t *serial; -+ grub_size_t serial_len; -+ -+ char *subject; -+ grub_size_t subject_len; -+ -+ /* We only support RSA public keys. This encodes [modulus, publicExponent] */ -+ gcry_mpi_t mpis[2]; -+}; -+ -+/* -+ * A PKCS#7 signedData message. -+ * -+ * We make no attempt to match intelligently, so we don't save any info about -+ * the signer. We also support only 1 signerInfo, so we only store a single -+ * MPI for the signature. -+ */ -+struct pkcs7_signedData -+{ -+ const gcry_md_spec_t *hash; -+ gcry_mpi_t sig_mpi; -+}; -+ -+ -+/* Do libtasn1 init */ -+int asn1_init (void); -+ -+/* -+ * Import a DER-encoded certificate at 'data', of size 'size'. -+ * -+ * Place the results into 'results', which must be already allocated. -+ */ -+grub_err_t -+certificate_import (void *data, grub_size_t size, -+ struct x509_certificate *results); -+ -+/* -+ * Release all the storage associated with the x509 certificate. -+ * If the caller dynamically allocated the certificate, it must free it. -+ * The caller is also responsible for maintenance of the linked list. -+ */ -+void certificate_release (struct x509_certificate *cert); -+ -+/* -+ * Parse a PKCS#7 message, which must be a signedData message. -+ * -+ * The message must be in 'sigbuf' and of size 'data_size'. The result is -+ * placed in 'msg', which must already be allocated. -+ */ -+grub_err_t -+parse_pkcs7_signedData (void *sigbuf, grub_size_t data_size, -+ struct pkcs7_signedData *msg); -+ -+/* -+ * Release all the storage associated with the PKCS#7 message. -+ * If the caller dynamically allocated the message, it must free it. -+ */ -+void pkcs7_signedData_release (struct pkcs7_signedData *msg); -+ -+/* -+ * Read a value from an ASN1 node, allocating memory to store it. -+ * -+ * It will work for anything where the size libtasn1 returns is right: -+ * - Integers -+ * - Octet strings -+ * - DER encoding of other structures -+ * It will _not_ work for things where libtasn1 size requires adjustment: -+ * - Strings that require an extra NULL byte at the end -+ * - Bit strings because libtasn1 returns the length in bits, not bytes. -+ * -+ * If the function returns a non-NULL value, the caller must free it. -+ */ -+void *grub_asn1_allocate_and_read (asn1_node node, const char *name, -+ const char *friendly_name, -+ int *content_size); diff --git a/SPECS/grub2/fedora/0173-appended-signatures-support-verifying-appended-signa.patch b/SPECS/grub2/fedora/0173-appended-signatures-support-verifying-appended-signa.patch deleted file mode 100644 index 969293a42a..0000000000 --- a/SPECS/grub2/fedora/0173-appended-signatures-support-verifying-appended-signa.patch +++ /dev/null @@ -1,718 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Thu, 30 Jul 2020 01:35:43 +1000 -Subject: [PATCH] appended signatures: support verifying appended signatures - -Building on the parsers and the ability to embed x509 certificates, as -well as the existing gcrypt functionality, add a module for verifying -appended signatures. - -This includes a verifier that requires that Linux kernels and grub modules -have appended signatures, and commands to manage the list of trusted -certificates for verification. - -Verification must be enabled by setting check_appended_signatures. If -GRUB is locked down when the module is loaded, verification will be -enabled and locked automatically. - -As with the PGP verifier, it is not a complete secure-boot solution: -other mechanisms, such as a password or lockdown, must be used to ensure -that a user cannot drop to the grub shell and disable verification. - -Signed-off-by: Daniel Axtens -[pjones: fix missing format specifier] -Signed-off-by: Robbie Harwood ---- - grub-core/Makefile.core.def | 12 + - grub-core/commands/appendedsig/appendedsig.c | 645 +++++++++++++++++++++++++++ - include/grub/file.h | 2 + - 3 files changed, 659 insertions(+) - create mode 100644 grub-core/commands/appendedsig/appendedsig.c - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index b4aaccf7b5..77321d218c 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -980,6 +980,18 @@ module = { - cppflags = '-I$(srcdir)/lib/posix_wrap'; - }; - -+module = { -+ name = appendedsig; -+ common = commands/appendedsig/appendedsig.c; -+ common = commands/appendedsig/x509.c; -+ common = commands/appendedsig/pkcs7.c; -+ common = commands/appendedsig/asn1util.c; -+ common = commands/appendedsig/gnutls_asn1_tab.c; -+ common = commands/appendedsig/pkix_asn1_tab.c; -+ cflags = '$(CFLAGS_POSIX)'; -+ cppflags = '-I$(srcdir)/lib/posix_wrap'; -+}; -+ - module = { - name = hdparm; - common = commands/hdparm.c; -diff --git a/grub-core/commands/appendedsig/appendedsig.c b/grub-core/commands/appendedsig/appendedsig.c -new file mode 100644 -index 0000000000..bf8b18b620 ---- /dev/null -+++ b/grub-core/commands/appendedsig/appendedsig.c -@@ -0,0 +1,645 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2020-2021 IBM Corporation. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include "appendedsig.h" -+ -+GRUB_MOD_LICENSE ("GPLv3+"); -+ -+const char magic[] = "~Module signature appended~\n"; -+ -+/* -+ * This structure is extracted from scripts/sign-file.c in the linux kernel -+ * source. It was licensed as LGPLv2.1+, which is GPLv3+ compatible. -+ */ -+struct module_signature -+{ -+ grub_uint8_t algo; /* Public-key crypto algorithm [0] */ -+ grub_uint8_t hash; /* Digest algorithm [0] */ -+ grub_uint8_t id_type; /* Key identifier type [PKEY_ID_PKCS7] */ -+ grub_uint8_t signer_len; /* Length of signer's name [0] */ -+ grub_uint8_t key_id_len; /* Length of key identifier [0] */ -+ grub_uint8_t __pad[3]; -+ grub_uint32_t sig_len; /* Length of signature data */ -+} GRUB_PACKED; -+ -+ -+/* This represents an entire, parsed, appended signature */ -+struct grub_appended_signature -+{ -+ grub_size_t signature_len; /* Length of PKCS#7 data + -+ * metadata + magic */ -+ -+ struct module_signature sig_metadata; /* Module signature metadata */ -+ struct pkcs7_signedData pkcs7; /* Parsed PKCS#7 data */ -+}; -+ -+/* Trusted certificates for verifying appended signatures */ -+struct x509_certificate *grub_trusted_key; -+ -+/* -+ * Force gcry_rsa to be a module dependency. -+ * -+ * If we use grub_crypto_pk_rsa, then then the gcry_rsa module won't be built -+ * in if you add 'appendedsig' to grub-install --modules. You would need to -+ * add 'gcry_rsa' too. That's confusing and seems suboptimal, especially when -+ * we only support RSA. -+ * -+ * Dynamic loading also causes some concerns. We can't load gcry_rsa from the -+ * the filesystem after we install the verifier - we won't be able to verify -+ * it without having it already present. We also shouldn't load it before we -+ * install the verifier, because that would mean it wouldn't be verified - an -+ * attacker could insert any code they wanted into the module. -+ * -+ * So instead, reference the internal symbol from gcry_rsa. That creates a -+ * direct dependency on gcry_rsa, so it will be built in when this module -+ * is built in. Being built in (assuming the core image is itself signed!) -+ * also resolves our concerns about loading from the filesystem. -+ */ -+extern gcry_pk_spec_t _gcry_pubkey_spec_rsa; -+ -+static int check_sigs = 0; -+ -+static const char * -+grub_env_read_sec (struct grub_env_var *var __attribute__ ((unused)), -+ const char *val __attribute__ ((unused))) -+{ -+ if (check_sigs == 2) -+ return "forced"; -+ else if (check_sigs == 1) -+ return "enforce"; -+ else -+ return "no"; -+} -+ -+static char * -+grub_env_write_sec (struct grub_env_var *var __attribute__((unused)), -+ const char *val) -+{ -+ /* Do not allow the value to be changed if set to forced */ -+ if (check_sigs == 2) -+ return grub_strdup ("forced"); -+ -+ if ((*val == '2') || (*val == 'f')) -+ check_sigs = 2; -+ else if ((*val == '1') || (*val == 'e')) -+ check_sigs = 1; -+ else if ((*val == '0') || (*val == 'n')) -+ check_sigs = 0; -+ -+ return grub_strdup (grub_env_read_sec (NULL, NULL)); -+} -+ -+static grub_err_t -+read_cert_from_file (grub_file_t f, struct x509_certificate *certificate) -+{ -+ grub_err_t err; -+ grub_uint8_t *buf = NULL; -+ grub_ssize_t read_size; -+ grub_off_t total_read_size = 0; -+ grub_off_t file_size = grub_file_size (f); -+ -+ -+ if (file_size == GRUB_FILE_SIZE_UNKNOWN) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, -+ N_("Cannot parse a certificate file of unknown size")); -+ -+ buf = grub_zalloc (file_size); -+ if (!buf) -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ N_("Could not allocate buffer for certificate file contents")); -+ -+ while (total_read_size < file_size) -+ { -+ read_size = -+ grub_file_read (f, &buf[total_read_size], -+ file_size - total_read_size); -+ if (read_size < 0) -+ { -+ err = grub_error (GRUB_ERR_READ_ERROR, -+ N_("Error reading certificate file")); -+ goto cleanup_buf; -+ } -+ total_read_size += read_size; -+ } -+ -+ err = certificate_import (buf, total_read_size, certificate); -+ if (err != GRUB_ERR_NONE) -+ goto cleanup_buf; -+ -+ return GRUB_ERR_NONE; -+ -+cleanup_buf: -+ grub_free (buf); -+ return err; -+} -+ -+static grub_err_t -+extract_appended_signature (grub_uint8_t * buf, grub_size_t bufsize, -+ struct grub_appended_signature *sig) -+{ -+ grub_err_t err; -+ grub_size_t pkcs7_size; -+ grub_size_t remaining_len; -+ grub_uint8_t *appsigdata = buf + bufsize - grub_strlen (magic); -+ -+ if (bufsize < grub_strlen (magic)) -+ return grub_error (GRUB_ERR_BAD_SIGNATURE, -+ N_("File too short for signature magic")); -+ -+ if (grub_memcmp (appsigdata, (grub_uint8_t *) magic, grub_strlen (magic))) -+ return grub_error (GRUB_ERR_BAD_SIGNATURE, -+ N_("Missing or invalid signature magic")); -+ -+ remaining_len = bufsize - grub_strlen (magic); -+ -+ if (remaining_len < sizeof (struct module_signature)) -+ return grub_error (GRUB_ERR_BAD_SIGNATURE, -+ N_("File too short for signature metadata")); -+ -+ appsigdata -= sizeof (struct module_signature); -+ -+ /* extract the metadata */ -+ grub_memcpy (&(sig->sig_metadata), appsigdata, -+ sizeof (struct module_signature)); -+ -+ remaining_len -= sizeof (struct module_signature); -+ -+ if (sig->sig_metadata.id_type != 2) -+ return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("Wrong signature type")); -+ -+#ifdef GRUB_TARGET_WORDS_BIGENDIAN -+ pkcs7_size = sig->sig_metadata.sig_len; -+#else -+ pkcs7_size = __builtin_bswap32 (sig->sig_metadata.sig_len); -+#endif -+ -+ if (pkcs7_size > remaining_len) -+ return grub_error (GRUB_ERR_BAD_SIGNATURE, -+ N_("File too short for PKCS#7 message")); -+ -+ grub_dprintf ("appendedsig", "sig len %" PRIuGRUB_SIZE "\n", pkcs7_size); -+ -+ sig->signature_len = -+ grub_strlen (magic) + sizeof (struct module_signature) + pkcs7_size; -+ -+ /* rewind pointer and parse pkcs7 data */ -+ appsigdata -= pkcs7_size; -+ -+ err = parse_pkcs7_signedData (appsigdata, pkcs7_size, &sig->pkcs7); -+ if (err != GRUB_ERR_NONE) -+ return err; -+ -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+grub_verify_appended_signature (grub_uint8_t * buf, grub_size_t bufsize) -+{ -+ grub_err_t err = GRUB_ERR_NONE; -+ grub_size_t datasize; -+ void *context; -+ unsigned char *hash; -+ gcry_mpi_t hashmpi; -+ gcry_err_code_t rc; -+ struct x509_certificate *pk; -+ struct grub_appended_signature sig; -+ -+ if (!grub_trusted_key) -+ return grub_error (GRUB_ERR_BAD_SIGNATURE, -+ N_("No trusted keys to verify against")); -+ -+ err = extract_appended_signature (buf, bufsize, &sig); -+ if (err != GRUB_ERR_NONE) -+ return err; -+ -+ datasize = bufsize - sig.signature_len; -+ -+ context = grub_zalloc (sig.pkcs7.hash->contextsize); -+ if (!context) -+ return grub_errno; -+ -+ sig.pkcs7.hash->init (context); -+ sig.pkcs7.hash->write (context, buf, datasize); -+ sig.pkcs7.hash->final (context); -+ hash = sig.pkcs7.hash->read (context); -+ grub_dprintf ("appendedsig", -+ "data size %" PRIxGRUB_SIZE ", hash %02x%02x%02x%02x...\n", -+ datasize, hash[0], hash[1], hash[2], hash[3]); -+ -+ err = GRUB_ERR_BAD_SIGNATURE; -+ for (pk = grub_trusted_key; pk; pk = pk->next) -+ { -+ rc = grub_crypto_rsa_pad (&hashmpi, hash, sig.pkcs7.hash, pk->mpis[0]); -+ if (rc) -+ { -+ err = grub_error (GRUB_ERR_BAD_SIGNATURE, -+ N_("Error padding hash for RSA verification: %d"), -+ rc); -+ goto cleanup; -+ } -+ -+ rc = _gcry_pubkey_spec_rsa.verify (0, hashmpi, &sig.pkcs7.sig_mpi, -+ pk->mpis, NULL, NULL); -+ gcry_mpi_release (hashmpi); -+ -+ if (rc == 0) -+ { -+ grub_dprintf ("appendedsig", "verify with key '%s' succeeded\n", -+ pk->subject); -+ err = GRUB_ERR_NONE; -+ break; -+ } -+ -+ grub_dprintf ("appendedsig", "verify with key '%s' failed with %d\n", -+ pk->subject, rc); -+ } -+ -+ /* If we didn't verify, provide a neat message */ -+ if (err != GRUB_ERR_NONE) -+ err = grub_error (GRUB_ERR_BAD_SIGNATURE, -+ N_("Failed to verify signature against a trusted key")); -+ -+cleanup: -+ grub_free (context); -+ pkcs7_signedData_release (&sig.pkcs7); -+ -+ return err; -+} -+ -+static grub_err_t -+grub_cmd_verify_signature (grub_command_t cmd __attribute__((unused)), -+ int argc, char **args) -+{ -+ grub_file_t f; -+ grub_err_t err = GRUB_ERR_NONE; -+ grub_uint8_t *data; -+ grub_ssize_t read_size; -+ grub_off_t file_size, total_read_size = 0; -+ -+ if (argc < 1) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); -+ -+ grub_dprintf ("appendedsig", "verifying %s\n", args[0]); -+ -+ f = grub_file_open (args[0], GRUB_FILE_TYPE_VERIFY_SIGNATURE); -+ if (!f) -+ { -+ err = grub_errno; -+ goto cleanup; -+ } -+ -+ file_size = grub_file_size (f); -+ if (file_size == GRUB_FILE_SIZE_UNKNOWN) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, -+ N_("Cannot verify the signature of a file of unknown size")); -+ -+ data = grub_malloc (file_size); -+ if (!data) -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ N_("Could not allocate data buffer size %" -+ PRIuGRUB_UINT64_T " for verification"), file_size); -+ -+ while (total_read_size < file_size) -+ { -+ read_size = -+ grub_file_read (f, &data[total_read_size], -+ file_size - total_read_size); -+ if (read_size < 0) -+ { -+ err = grub_error (GRUB_ERR_READ_ERROR, -+ N_("Error reading file to verify")); -+ goto cleanup_data; -+ } -+ total_read_size += read_size; -+ } -+ -+ err = grub_verify_appended_signature (data, file_size); -+ -+cleanup_data: -+ grub_free (data); -+cleanup: -+ if (f) -+ grub_file_close (f); -+ return err; -+} -+ -+static grub_err_t -+grub_cmd_distrust (grub_command_t cmd __attribute__((unused)), -+ int argc, char **args) -+{ -+ unsigned long cert_num, i; -+ struct x509_certificate *cert, *prev; -+ -+ if (argc != 1) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("One argument expected")); -+ -+ grub_errno = GRUB_ERR_NONE; -+ cert_num = grub_strtoul (args[0], NULL, 10); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; -+ -+ if (cert_num < 1) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, -+ N_("Certificate number too small - numbers start at 1")); -+ -+ if (cert_num == 1) -+ { -+ cert = grub_trusted_key; -+ grub_trusted_key = cert->next; -+ -+ certificate_release (cert); -+ grub_free (cert); -+ return GRUB_ERR_NONE; -+ } -+ i = 2; -+ prev = grub_trusted_key; -+ cert = grub_trusted_key->next; -+ while (cert) -+ { -+ if (i == cert_num) -+ { -+ prev->next = cert->next; -+ certificate_release (cert); -+ grub_free (cert); -+ return GRUB_ERR_NONE; -+ } -+ i++; -+ prev = cert; -+ cert = cert->next; -+ } -+ -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, -+ N_("No certificate number %d found - only %d certificates in the store"), -+ cert_num, i - 1); -+} -+ -+static grub_err_t -+grub_cmd_trust (grub_command_t cmd __attribute__((unused)), -+ int argc, char **args) -+{ -+ grub_file_t certf; -+ struct x509_certificate *cert = NULL; -+ grub_err_t err; -+ -+ if (argc != 1) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); -+ -+ certf = grub_file_open (args[0], -+ GRUB_FILE_TYPE_CERTIFICATE_TRUST -+ | GRUB_FILE_TYPE_NO_DECOMPRESS); -+ if (!certf) -+ return grub_errno; -+ -+ -+ cert = grub_zalloc (sizeof (struct x509_certificate)); -+ if (!cert) -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ N_("Could not allocate memory for certificate")); -+ -+ err = read_cert_from_file (certf, cert); -+ grub_file_close (certf); -+ if (err != GRUB_ERR_NONE) -+ { -+ grub_free (cert); -+ return err; -+ } -+ grub_dprintf ("appendedsig", "Loaded certificate with CN: %s\n", -+ cert->subject); -+ -+ cert->next = grub_trusted_key; -+ grub_trusted_key = cert; -+ -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+grub_cmd_list (grub_command_t cmd __attribute__((unused)), -+ int argc __attribute__((unused)), -+ char **args __attribute__((unused))) -+{ -+ struct x509_certificate *cert; -+ int cert_num = 1; -+ grub_size_t i; -+ -+ for (cert = grub_trusted_key; cert; cert = cert->next) -+ { -+ grub_printf (N_("Certificate %d:\n"), cert_num); -+ -+ grub_printf (N_("\tSerial: ")); -+ for (i = 0; i < cert->serial_len - 1; i++) -+ { -+ grub_printf ("%02x:", cert->serial[i]); -+ } -+ grub_printf ("%02x\n", cert->serial[cert->serial_len - 1]); -+ -+ grub_printf ("\tCN: %s\n\n", cert->subject); -+ cert_num++; -+ -+ } -+ -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+appendedsig_init (grub_file_t io __attribute__((unused)), -+ enum grub_file_type type, -+ void **context __attribute__((unused)), -+ enum grub_verify_flags *flags) -+{ -+ if (!check_sigs) -+ { -+ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; -+ return GRUB_ERR_NONE; -+ } -+ -+ switch (type & GRUB_FILE_TYPE_MASK) -+ { -+ case GRUB_FILE_TYPE_CERTIFICATE_TRUST: -+ /* -+ * This is a certificate to add to trusted keychain. -+ * -+ * This needs to be verified or blocked. Ideally we'd write an x509 -+ * verifier, but we lack the hubris required to take this on. Instead, -+ * require that it have an appended signature. -+ */ -+ -+ /* Fall through */ -+ -+ case GRUB_FILE_TYPE_LINUX_KERNEL: -+ case GRUB_FILE_TYPE_GRUB_MODULE: -+ /* -+ * Appended signatures are only defined for ELF binaries. -+ * Out of an abundance of caution, we only verify Linux kernels and -+ * GRUB modules at this point. -+ */ -+ *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK; -+ return GRUB_ERR_NONE; -+ -+ case GRUB_FILE_TYPE_ACPI_TABLE: -+ case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE: -+ /* -+ * It is possible to use appended signature verification without -+ * lockdown - like the PGP verifier. When combined with an embedded -+ * config file in a signed grub binary, this could still be a meaningful -+ * secure-boot chain - so long as it isn't subverted by something like a -+ * rouge ACPI table or DT image. Defer them explicitly. -+ */ -+ *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH; -+ return GRUB_ERR_NONE; -+ -+ default: -+ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; -+ return GRUB_ERR_NONE; -+ } -+} -+ -+static grub_err_t -+appendedsig_write (void *ctxt __attribute__((unused)), -+ void *buf, grub_size_t size) -+{ -+ return grub_verify_appended_signature (buf, size); -+} -+ -+struct grub_file_verifier grub_appendedsig_verifier = { -+ .name = "appendedsig", -+ .init = appendedsig_init, -+ .write = appendedsig_write, -+}; -+ -+static grub_ssize_t -+pseudo_read (struct grub_file *file, char *buf, grub_size_t len) -+{ -+ grub_memcpy (buf, (grub_uint8_t *) file->data + file->offset, len); -+ return len; -+} -+ -+/* Filesystem descriptor. */ -+static struct grub_fs pseudo_fs = { -+ .name = "pseudo", -+ .fs_read = pseudo_read -+}; -+ -+static grub_command_t cmd_verify, cmd_list, cmd_distrust, cmd_trust; -+ -+GRUB_MOD_INIT (appendedsig) -+{ -+ int rc; -+ struct grub_module_header *header; -+ -+ /* If in lockdown, immediately enter forced mode */ -+ if (grub_is_lockdown () == GRUB_LOCKDOWN_ENABLED) -+ check_sigs = 2; -+ -+ grub_trusted_key = NULL; -+ -+ grub_register_variable_hook ("check_appended_signatures", -+ grub_env_read_sec, -+ grub_env_write_sec); -+ grub_env_export ("check_appended_signatures"); -+ -+ rc = asn1_init (); -+ if (rc) -+ grub_fatal ("Error initing ASN.1 data structures: %d: %s\n", rc, -+ asn1_strerror (rc)); -+ -+ FOR_MODULES (header) -+ { -+ struct grub_file pseudo_file; -+ struct x509_certificate *pk = NULL; -+ grub_err_t err; -+ -+ /* Not an ELF module, skip. */ -+ if (header->type != OBJ_TYPE_X509_PUBKEY) -+ continue; -+ -+ grub_memset (&pseudo_file, 0, sizeof (pseudo_file)); -+ pseudo_file.fs = &pseudo_fs; -+ pseudo_file.size = header->size - sizeof (struct grub_module_header); -+ pseudo_file.data = (char *) header + sizeof (struct grub_module_header); -+ -+ grub_dprintf ("appendedsig", -+ "Found an x509 key, size=%" PRIuGRUB_UINT64_T "\n", -+ pseudo_file.size); -+ -+ pk = grub_zalloc (sizeof (struct x509_certificate)); -+ if (!pk) -+ { -+ grub_fatal ("Out of memory loading initial certificates"); -+ } -+ -+ err = read_cert_from_file (&pseudo_file, pk); -+ if (err != GRUB_ERR_NONE) -+ grub_fatal ("Error loading initial key: %s", grub_errmsg); -+ -+ grub_dprintf ("appendedsig", "loaded certificate CN='%s'\n", pk->subject); -+ -+ pk->next = grub_trusted_key; -+ grub_trusted_key = pk; -+ } -+ -+ cmd_trust = -+ grub_register_command ("trust_certificate", grub_cmd_trust, -+ N_("X509_CERTIFICATE"), -+ N_("Add X509_CERTIFICATE to trusted certificates.")); -+ cmd_list = -+ grub_register_command ("list_certificates", grub_cmd_list, 0, -+ N_("Show the list of trusted x509 certificates.")); -+ cmd_verify = -+ grub_register_command ("verify_appended", grub_cmd_verify_signature, -+ N_("FILE"), -+ N_("Verify FILE against the trusted x509 certificates.")); -+ cmd_distrust = -+ grub_register_command ("distrust_certificate", grub_cmd_distrust, -+ N_("CERT_NUMBER"), -+ N_("Remove CERT_NUMBER (as listed by list_certificates) from trusted certificates.")); -+ -+ grub_verifier_register (&grub_appendedsig_verifier); -+ grub_dl_set_persistent (mod); -+} -+ -+GRUB_MOD_FINI (appendedsig) -+{ -+ /* -+ * grub_dl_set_persistent should prevent this from actually running, but -+ * it does still run under emu. -+ */ -+ -+ grub_verifier_unregister (&grub_appendedsig_verifier); -+ grub_unregister_command (cmd_verify); -+ grub_unregister_command (cmd_list); -+ grub_unregister_command (cmd_trust); -+ grub_unregister_command (cmd_distrust); -+} -diff --git a/include/grub/file.h b/include/grub/file.h -index 31567483cc..96827a4f89 100644 ---- a/include/grub/file.h -+++ b/include/grub/file.h -@@ -80,6 +80,8 @@ enum grub_file_type - GRUB_FILE_TYPE_PUBLIC_KEY, - /* File holding public key to add to trused keys. */ - GRUB_FILE_TYPE_PUBLIC_KEY_TRUST, -+ /* File holding x509 certificiate to add to trusted keys. */ -+ GRUB_FILE_TYPE_CERTIFICATE_TRUST, - /* File of which we intend to print a blocklist to the user. */ - GRUB_FILE_TYPE_PRINT_BLOCKLIST, - /* File we intend to use for test loading or testing speed. */ diff --git a/SPECS/grub2/fedora/0174-appended-signatures-verification-tests.patch b/SPECS/grub2/fedora/0174-appended-signatures-verification-tests.patch deleted file mode 100644 index 982b3c8269..0000000000 --- a/SPECS/grub2/fedora/0174-appended-signatures-verification-tests.patch +++ /dev/null @@ -1,897 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Thu, 30 Jul 2020 01:31:02 +1000 -Subject: [PATCH] appended signatures: verification tests - -These tests are run through all_functional_test and test a range -of commands and behaviours. - -Signed-off-by: Daniel Axtens ---- - grub-core/Makefile.core.def | 6 + - grub-core/tests/appended_signature_test.c | 281 +++++++++++++++ - grub-core/tests/lib/functional_test.c | 1 + - grub-core/tests/appended_signatures.h | 557 ++++++++++++++++++++++++++++++ - 4 files changed, 845 insertions(+) - create mode 100644 grub-core/tests/appended_signature_test.c - create mode 100644 grub-core/tests/appended_signatures.h - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 77321d218c..6bddc841b8 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -2161,6 +2161,12 @@ module = { - common = tests/setjmp_test.c; - }; - -+module = { -+ name = appended_signature_test; -+ common = tests/appended_signature_test.c; -+ common = tests/appended_signatures.h; -+}; -+ - module = { - name = signature_test; - common = tests/signature_test.c; -diff --git a/grub-core/tests/appended_signature_test.c b/grub-core/tests/appended_signature_test.c -new file mode 100644 -index 0000000000..88a485200d ---- /dev/null -+++ b/grub-core/tests/appended_signature_test.c -@@ -0,0 +1,281 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2020 IBM Corporation. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include "appended_signatures.h" -+ -+GRUB_MOD_LICENSE ("GPLv3+"); -+ -+#define DEFINE_TEST_CASE(case_name) \ -+static char * \ -+get_ ## case_name (grub_size_t *sz) \ -+{ \ -+ char *ret; \ -+ *sz = case_name ## _len; \ -+ ret = grub_malloc (*sz); \ -+ if (ret) \ -+ grub_memcpy (ret, case_name, *sz); \ -+ return ret; \ -+} \ -+\ -+static struct grub_procfs_entry case_name ## _entry = \ -+{ \ -+ .name = #case_name, \ -+ .get_contents = get_ ## case_name \ -+} -+ -+#define DO_TEST(case_name, is_valid) \ -+{ \ -+ grub_procfs_register (#case_name, &case_name ## _entry); \ -+ do_verify ("(proc)/" #case_name, is_valid); \ -+ grub_procfs_unregister (&case_name ## _entry); \ -+} -+ -+ -+DEFINE_TEST_CASE (hi_signed); -+DEFINE_TEST_CASE (hi_signed_sha256); -+DEFINE_TEST_CASE (hj_signed); -+DEFINE_TEST_CASE (short_msg); -+DEFINE_TEST_CASE (unsigned_msg); -+DEFINE_TEST_CASE (hi_signed_2nd); -+ -+static char * -+get_certificate_der (grub_size_t * sz) -+{ -+ char *ret; -+ *sz = certificate_der_len; -+ ret = grub_malloc (*sz); -+ if (ret) -+ grub_memcpy (ret, certificate_der, *sz); -+ return ret; -+} -+ -+static struct grub_procfs_entry certificate_der_entry = { -+ .name = "certificate.der", -+ .get_contents = get_certificate_der -+}; -+ -+static char * -+get_certificate2_der (grub_size_t * sz) -+{ -+ char *ret; -+ *sz = certificate2_der_len; -+ ret = grub_malloc (*sz); -+ if (ret) -+ grub_memcpy (ret, certificate2_der, *sz); -+ return ret; -+} -+ -+static struct grub_procfs_entry certificate2_der_entry = { -+ .name = "certificate2.der", -+ .get_contents = get_certificate2_der -+}; -+ -+static char * -+get_certificate_printable_der (grub_size_t * sz) -+{ -+ char *ret; -+ *sz = certificate_printable_der_len; -+ ret = grub_malloc (*sz); -+ if (ret) -+ grub_memcpy (ret, certificate_printable_der, *sz); -+ return ret; -+} -+ -+static struct grub_procfs_entry certificate_printable_der_entry = { -+ .name = "certificate_printable.der", -+ .get_contents = get_certificate_printable_der -+}; -+ -+ -+static void -+do_verify (const char *f, int is_valid) -+{ -+ grub_command_t cmd; -+ char *args[] = { (char *) f, NULL }; -+ grub_err_t err; -+ -+ cmd = grub_command_find ("verify_appended"); -+ if (!cmd) -+ { -+ grub_test_assert (0, "can't find command `%s'", "verify_appended"); -+ return; -+ } -+ err = (cmd->func) (cmd, 1, args); -+ if (is_valid) -+ { -+ grub_test_assert (err == GRUB_ERR_NONE, -+ "verification of %s failed: %d: %s", f, grub_errno, -+ grub_errmsg); -+ } -+ else -+ { -+ grub_test_assert (err == GRUB_ERR_BAD_SIGNATURE, -+ "verification of %s unexpectedly succeeded", f); -+ } -+ grub_errno = GRUB_ERR_NONE; -+ -+} -+ -+static void -+appended_signature_test (void) -+{ -+ grub_command_t cmd_trust, cmd_distrust; -+ char *trust_args[] = { (char *) "(proc)/certificate.der", NULL }; -+ char *trust_args2[] = { (char *) "(proc)/certificate2.der", NULL }; -+ char *trust_args_printable[] = { (char *) "(proc)/certificate_printable.der", -+ NULL }; -+ char *distrust_args[] = { (char *) "1", NULL }; -+ char *distrust2_args[] = { (char *) "2", NULL }; -+ grub_err_t err; -+ -+ grub_procfs_register ("certificate.der", &certificate_der_entry); -+ grub_procfs_register ("certificate2.der", &certificate2_der_entry); -+ grub_procfs_register ("certificate_printable.der", -+ &certificate_printable_der_entry); -+ -+ cmd_trust = grub_command_find ("trust_certificate"); -+ if (!cmd_trust) -+ { -+ grub_test_assert (0, "can't find command `%s'", "trust_certificate"); -+ return; -+ } -+ err = (cmd_trust->func) (cmd_trust, 1, trust_args); -+ -+ grub_test_assert (err == GRUB_ERR_NONE, -+ "loading certificate failed: %d: %s", grub_errno, -+ grub_errmsg); -+ -+ /* If we have no certificate the remainder of the tests are meaningless */ -+ if (err != GRUB_ERR_NONE) -+ return; -+ -+ /* -+ * Reload the command: this works around some 'interesting' behaviour in the -+ * dynamic command dispatcher. The first time you call cmd->func you get a -+ * dispatcher that loads the module, finds the real cmd, calls it, and then -+ * releases some internal storage. This means it's not safe to call a second -+ * time and we need to reload it. -+ */ -+ cmd_trust = grub_command_find ("trust_certificate"); -+ -+ DO_TEST (hi_signed, 1); -+ DO_TEST (hi_signed_sha256, 1); -+ DO_TEST (hj_signed, 0); -+ DO_TEST (short_msg, 0); -+ DO_TEST (unsigned_msg, 0); -+ -+ /* -+ * in enforcing mode, we shouldn't be able to load a certificate that isn't -+ * signed by an existing trusted key. -+ * -+ * However, procfs files automatically skip the verification test, so we can't -+ * easily test this. -+ */ -+ -+ /* -+ * verify that testing with 2 trusted certs works -+ */ -+ DO_TEST (hi_signed_2nd, 0); -+ -+ err = (cmd_trust->func) (cmd_trust, 1, trust_args2); -+ -+ grub_test_assert (err == GRUB_ERR_NONE, -+ "loading certificate 2 failed: %d: %s", grub_errno, -+ grub_errmsg); -+ -+ if (err != GRUB_ERR_NONE) -+ return; -+ -+ DO_TEST (hi_signed_2nd, 1); -+ DO_TEST (hi_signed, 1); -+ -+ /* -+ * Check certificate removal. They're added to the _top_ of the list and -+ * removed by position in the list. Current the list looks like [#2, #1]. -+ * -+ * First test removing the second certificate in the list, which is -+ * certificate #1, giving us just [#2]. -+ */ -+ cmd_distrust = grub_command_find ("distrust_certificate"); -+ if (!cmd_distrust) -+ { -+ grub_test_assert (0, "can't find command `%s'", "distrust_certificate"); -+ return; -+ } -+ -+ err = (cmd_distrust->func) (cmd_distrust, 1, distrust2_args); -+ grub_test_assert (err == GRUB_ERR_NONE, -+ "distrusting certificate 1 failed: %d: %s", grub_errno, -+ grub_errmsg); -+ DO_TEST (hi_signed_2nd, 1); -+ DO_TEST (hi_signed, 0); -+ -+ /* -+ * Now reload certificate #1. This will make the list look like [#1, #2] -+ */ -+ err = (cmd_trust->func) (cmd_trust, 1, trust_args); -+ -+ grub_test_assert (err == GRUB_ERR_NONE, -+ "reloading certificate 1 failed: %d: %s", grub_errno, -+ grub_errmsg); -+ DO_TEST (hi_signed, 1); -+ -+ /* Remove the first certificate in the list, giving us just [#2] */ -+ err = (cmd_distrust->func) (cmd_distrust, 1, distrust_args); -+ grub_test_assert (err == GRUB_ERR_NONE, -+ "distrusting certificate 1 (first time) failed: %d: %s", -+ grub_errno, grub_errmsg); -+ DO_TEST (hi_signed_2nd, 1); -+ DO_TEST (hi_signed, 0); -+ -+ /* -+ * Remove the first certificate again, giving an empty list. -+ * -+ * verify_appended should fail if there are no certificates to verify against. -+ */ -+ err = (cmd_distrust->func) (cmd_distrust, 1, distrust_args); -+ grub_test_assert (err == GRUB_ERR_NONE, -+ "distrusting certificate 1 (second time) failed: %d: %s", -+ grub_errno, grub_errmsg); -+ DO_TEST (hi_signed_2nd, 0); -+ -+ /* -+ * Lastly, check a certificate that uses printableString rather than -+ * utf8String loads properly. -+ */ -+ err = (cmd_trust->func) (cmd_trust, 1, trust_args_printable); -+ grub_test_assert (err == GRUB_ERR_NONE, -+ "distrusting printable certificate failed: %d: %s", -+ grub_errno, grub_errmsg); -+ -+ grub_procfs_unregister (&certificate_der_entry); -+ grub_procfs_unregister (&certificate2_der_entry); -+ grub_procfs_unregister (&certificate_printable_der_entry); -+} -+ -+GRUB_FUNCTIONAL_TEST (appended_signature_test, appended_signature_test); -diff --git a/grub-core/tests/lib/functional_test.c b/grub-core/tests/lib/functional_test.c -index 96781fb39b..403fa5c789 100644 ---- a/grub-core/tests/lib/functional_test.c -+++ b/grub-core/tests/lib/functional_test.c -@@ -73,6 +73,7 @@ grub_functional_all_tests (grub_extcmd_context_t ctxt __attribute__ ((unused)), - grub_dl_load ("xnu_uuid_test"); - grub_dl_load ("pbkdf2_test"); - grub_dl_load ("signature_test"); -+ grub_dl_load ("appended_signature_test"); - grub_dl_load ("sleep_test"); - grub_dl_load ("bswap_test"); - grub_dl_load ("ctz_test"); -diff --git a/grub-core/tests/appended_signatures.h b/grub-core/tests/appended_signatures.h -new file mode 100644 -index 0000000000..aa3dc6278e ---- /dev/null -+++ b/grub-core/tests/appended_signatures.h -@@ -0,0 +1,557 @@ -+unsigned char certificate_der[] = { -+ 0x30, 0x82, 0x03, 0x88, 0x30, 0x82, 0x02, 0x70, 0xa0, 0x03, 0x02, 0x01, -+ 0x02, 0x02, 0x14, 0x25, 0x2e, 0xb8, 0xfd, 0x12, 0x62, 0x2e, 0xcd, 0x5d, -+ 0xa7, 0x53, 0xd2, 0x0b, 0xc2, 0x61, 0x7c, 0x14, 0xe0, 0x0f, 0x5c, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, -+ 0x05, 0x00, 0x30, 0x49, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, -+ 0x03, 0x0c, 0x1f, 0x47, 0x72, 0x75, 0x62, 0x20, 0x41, 0x70, 0x70, 0x65, -+ 0x6e, 0x64, 0x65, 0x64, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, -+ 0x72, 0x65, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1d, -+ 0x30, 0x1b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, -+ 0x01, 0x16, 0x0e, 0x64, 0x6a, 0x61, 0x40, 0x61, 0x78, 0x74, 0x65, 0x6e, -+ 0x73, 0x2e, 0x6e, 0x65, 0x74, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x30, 0x30, -+ 0x37, 0x30, 0x39, 0x30, 0x36, 0x32, 0x32, 0x30, 0x37, 0x5a, 0x18, 0x0f, -+ 0x32, 0x31, 0x32, 0x30, 0x30, 0x36, 0x31, 0x35, 0x30, 0x36, 0x32, 0x32, -+ 0x30, 0x37, 0x5a, 0x30, 0x52, 0x31, 0x31, 0x30, 0x2f, 0x06, 0x03, 0x55, -+ 0x04, 0x03, 0x0c, 0x28, 0x47, 0x72, 0x75, 0x62, 0x20, 0x41, 0x70, 0x70, -+ 0x65, 0x6e, 0x64, 0x65, 0x64, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, -+ 0x75, 0x72, 0x65, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x69, 0x67, -+ 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x4b, 0x65, 0x79, 0x31, 0x1d, 0x30, 0x1b, -+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, -+ 0x0e, 0x64, 0x6a, 0x61, 0x40, 0x61, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x2e, -+ 0x6e, 0x65, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, -+ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, -+ 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, -+ 0xcd, 0xe8, 0x1c, 0x08, 0x68, 0x2e, 0xcb, 0xfe, 0x8c, 0x4b, 0x3b, 0x61, -+ 0xe7, 0x8e, 0x80, 0x58, 0x85, 0x85, 0xea, 0xc8, 0x3b, 0x42, 0xba, 0x72, -+ 0x84, 0x65, 0x20, 0xbc, 0x48, 0xa2, 0x25, 0x49, 0x6e, 0x1c, 0xb9, 0x7d, -+ 0xeb, 0xc1, 0x0c, 0xa8, 0xb7, 0xcc, 0x13, 0x78, 0xba, 0x11, 0xa4, 0x98, -+ 0xd7, 0xd0, 0x7c, 0xdd, 0xf5, 0x5a, 0xb7, 0xcd, 0x31, 0x0e, 0xcd, 0x9e, -+ 0xa7, 0x19, 0xf0, 0xbd, 0x0f, 0xa6, 0xfe, 0x8a, 0x11, 0x97, 0xed, 0x8b, -+ 0xe5, 0x16, 0xa6, 0x21, 0x13, 0x36, 0xad, 0x05, 0x49, 0xec, 0x29, 0x12, -+ 0x38, 0xa7, 0x4b, 0x0f, 0xa1, 0xfb, 0x72, 0xc0, 0xc0, 0x09, 0x67, 0x78, -+ 0xa8, 0xb6, 0xd6, 0x1a, 0x39, 0xc0, 0xa8, 0xbf, 0x5f, 0x14, 0x89, 0x5c, -+ 0xbc, 0x41, 0x0c, 0x0c, 0x5d, 0x42, 0x2e, 0x1c, 0xdf, 0x1f, 0x1d, 0xc9, -+ 0x43, 0x94, 0x5b, 0x6e, 0x8f, 0x15, 0x8c, 0x8f, 0x94, 0x73, 0x4f, 0x97, -+ 0x54, 0xf1, 0x86, 0x8a, 0xbc, 0xe4, 0xe4, 0x93, 0xc1, 0x5e, 0xc2, 0x3e, -+ 0x31, 0x5e, 0xd4, 0x85, 0x57, 0x14, 0xd0, 0x11, 0x07, 0x65, 0xf4, 0x7c, -+ 0x8f, 0x07, 0x57, 0xe1, 0x22, 0xd4, 0x78, 0x47, 0x65, 0x4e, 0xa9, 0xb3, -+ 0xaa, 0xce, 0xc7, 0x36, 0xfe, 0xda, 0x66, 0x02, 0xb6, 0x8d, 0x18, 0x2f, -+ 0x3b, 0x41, 0x8d, 0x02, 0x08, 0x72, 0x4b, 0x69, 0xbd, 0x1e, 0x58, 0xfc, -+ 0x1b, 0x64, 0x04, 0x52, 0x35, 0x35, 0xe2, 0x3d, 0x3e, 0xde, 0xd6, 0x64, -+ 0xf4, 0xec, 0x57, 0x7e, 0x65, 0x59, 0x00, 0xa6, 0xd3, 0x4b, 0x09, 0x93, -+ 0x2a, 0x95, 0x0f, 0x30, 0xb6, 0xa1, 0x8c, 0xe7, 0x8b, 0x49, 0xa4, 0x1d, -+ 0x25, 0x2d, 0x65, 0x48, 0x8a, 0x0f, 0xcf, 0x2a, 0xa2, 0xe1, 0xef, 0x72, -+ 0x92, 0xc3, 0xf5, 0x21, 0x37, 0x83, 0x9b, 0x6d, 0x0b, 0x1b, 0xb3, 0xa2, -+ 0x32, 0x38, 0x11, 0xb1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x5d, 0x30, -+ 0x5b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, -+ 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, -+ 0x03, 0x02, 0x07, 0x80, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, -+ 0x16, 0x04, 0x14, 0xe5, 0x2a, 0x4f, 0xf2, 0x84, 0x91, 0x57, 0x91, 0xaf, -+ 0x12, 0xd2, 0xf1, 0xa1, 0x87, 0x73, 0x0f, 0x90, 0x25, 0xa0, 0x7a, 0x30, -+ 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, -+ 0x56, 0xd1, 0xfd, 0xe2, 0x1e, 0x7e, 0x1c, 0x63, 0x4f, 0x47, 0xdb, 0xe4, -+ 0xc4, 0x51, 0x04, 0x03, 0x9a, 0x48, 0x35, 0x6e, 0x30, 0x0d, 0x06, 0x09, -+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, -+ 0x82, 0x01, 0x01, 0x00, 0x65, 0x82, 0xd5, 0x88, 0x30, 0xe2, 0x2c, 0x47, -+ 0xf3, 0x31, 0x39, 0xa1, 0x75, 0x9a, 0xb0, 0x8a, 0x6c, 0x4b, 0xac, 0xdf, -+ 0x09, 0x7b, 0x90, 0xb6, 0x9e, 0x76, 0x62, 0x94, 0xc1, 0x3a, 0x99, 0x49, -+ 0x68, 0x29, 0x47, 0x42, 0xc3, 0x06, 0xcb, 0x88, 0x75, 0xe6, 0x79, 0x13, -+ 0x8c, 0x4b, 0x49, 0x6a, 0xb5, 0x56, 0x95, 0xc0, 0x42, 0x21, 0x9b, 0xd4, -+ 0x61, 0xd0, 0x02, 0x41, 0xdd, 0x20, 0x61, 0xe5, 0x91, 0xdf, 0x75, 0x00, -+ 0x25, 0x0e, 0x99, 0x65, 0x5c, 0x54, 0x49, 0x32, 0xa3, 0xe2, 0xcd, 0xa1, -+ 0x5f, 0x40, 0xf3, 0xc5, 0x81, 0xd9, 0x3c, 0xa3, 0x63, 0x5a, 0x38, 0x79, -+ 0xab, 0x77, 0x98, 0xde, 0x8f, 0x4e, 0x9e, 0x26, 0xbc, 0x4e, 0x80, 0x9e, -+ 0x8f, 0xbe, 0xf1, 0x00, 0xb3, 0x78, 0xb9, 0x4b, 0x1d, 0xc7, 0xa4, 0x83, -+ 0x59, 0x56, 0x11, 0xd1, 0x11, 0x1e, 0x50, 0x39, 0xd5, 0x78, 0x14, 0xf3, -+ 0xb9, 0x1d, 0xda, 0xe4, 0xc4, 0x63, 0x74, 0x26, 0xab, 0xa3, 0xfd, 0x9d, -+ 0x58, 0xa2, 0xee, 0x7b, 0x28, 0x34, 0xa3, 0xbe, 0x85, 0x7e, 0xaa, 0x97, -+ 0xb7, 0x5b, 0x9d, 0xa9, 0x4d, 0x96, 0xdb, 0x6b, 0x21, 0xe1, 0x96, 0x5d, -+ 0xc7, 0xad, 0x23, 0x03, 0x9a, 0x16, 0xdb, 0xa4, 0x1f, 0x63, 0xef, 0xaf, -+ 0x1e, 0x4f, 0xf8, 0x27, 0xdc, 0x4b, 0xfc, 0x2b, 0x68, 0x2e, 0xa0, 0xd3, -+ 0xae, 0xf2, 0xce, 0xf5, 0xfc, 0x97, 0x92, 0xd2, 0x29, 0x0f, 0x4f, 0x4b, -+ 0x29, 0xeb, 0x06, 0xcb, 0xf8, 0x21, 0x6e, 0xbc, 0x8b, 0x5c, 0xc5, 0xc9, -+ 0xf7, 0xe2, 0x7c, 0x47, 0xcd, 0x43, 0x98, 0xc4, 0xa3, 0x9a, 0xd7, 0x3e, -+ 0xdc, 0x01, 0x13, 0x28, 0x96, 0xc4, 0x60, 0x83, 0xe2, 0x79, 0xa1, 0x46, -+ 0xef, 0xf5, 0xa4, 0x7b, 0x00, 0xe3, 0x3d, 0x7d, 0xbc, 0xa8, 0x98, 0x49, -+ 0xa8, 0xcf, 0x3b, 0x41, 0xb6, 0x09, 0x97, 0x07 -+}; -+unsigned int certificate_der_len = 908; -+ -+unsigned char hi_signed[] = { -+ 0x68, 0x69, 0x0a, 0x30, 0x82, 0x01, 0xc0, 0x06, 0x09, 0x2a, 0x86, 0x48, -+ 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x01, 0xb1, 0x30, 0x82, -+ 0x01, 0xad, 0x02, 0x01, 0x01, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, -+ 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x30, 0x0b, 0x06, 0x09, -+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x31, 0x82, 0x01, -+ 0x8a, 0x30, 0x82, 0x01, 0x86, 0x02, 0x01, 0x01, 0x30, 0x61, 0x30, 0x49, -+ 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1f, 0x47, -+ 0x72, 0x75, 0x62, 0x20, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x64, -+ 0x20, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x54, -+ 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x09, -+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x0e, 0x64, -+ 0x6a, 0x61, 0x40, 0x61, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x2e, 0x6e, 0x65, -+ 0x74, 0x02, 0x14, 0x25, 0x2e, 0xb8, 0xfd, 0x12, 0x62, 0x2e, 0xcd, 0x5d, -+ 0xa7, 0x53, 0xd2, 0x0b, 0xc2, 0x61, 0x7c, 0x14, 0xe0, 0x0f, 0x5c, 0x30, -+ 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, -+ 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, -+ 0x01, 0x05, 0x00, 0x04, 0x82, 0x01, 0x00, 0xc7, 0x69, 0x35, 0x21, 0x66, -+ 0x4d, 0x50, 0xd4, 0x73, 0xde, 0xbd, 0x3a, 0xf6, 0x45, 0xe3, 0xe4, 0xd0, -+ 0xb6, 0xa1, 0xe7, 0xc0, 0xa2, 0xc9, 0xf4, 0xf0, 0x05, 0x8c, 0xa4, 0x16, -+ 0x9e, 0x81, 0x0d, 0x21, 0x68, 0xf3, 0xfe, 0x03, 0x96, 0x77, 0x31, 0x69, -+ 0x01, 0xd8, 0x26, 0xd9, 0x48, 0x95, 0xcf, 0xd1, 0x17, 0xb1, 0x0b, 0x6b, -+ 0x2c, 0xf1, 0xb0, 0xab, 0x65, 0x65, 0x56, 0xf8, 0x0c, 0xa7, 0xf7, 0xbb, -+ 0xf6, 0x5a, 0x55, 0x98, 0x14, 0x07, 0x8d, 0x2a, 0xbc, 0x16, 0x48, 0x94, -+ 0xab, 0x2f, 0x85, 0x97, 0x90, 0x51, 0x78, 0xa0, 0xda, 0x60, 0xb5, 0x41, -+ 0x4b, 0xe8, 0x78, 0xc5, 0xa6, 0x04, 0x9d, 0x54, 0x2a, 0x85, 0xfd, 0x86, -+ 0x0b, 0x6d, 0xc2, 0xd2, 0xad, 0x07, 0xff, 0x16, 0x42, 0x82, 0xe3, 0x5c, -+ 0xaa, 0x22, 0x59, 0x78, 0x92, 0xea, 0x94, 0xc3, 0x41, 0xb7, 0xa1, 0x86, -+ 0x44, 0xea, 0xd1, 0xdb, 0xe5, 0xac, 0x30, 0x32, 0xfb, 0x7d, 0x3f, 0xf7, -+ 0x8b, 0x11, 0x7f, 0x80, 0x3b, 0xe5, 0xc7, 0x82, 0x0f, 0x92, 0x07, 0x14, -+ 0x66, 0x01, 0x6e, 0x85, 0xab, 0x3a, 0x14, 0xcf, 0x76, 0xd1, 0x7e, 0x14, -+ 0x85, 0xca, 0x01, 0x73, 0x72, 0x38, 0xdc, 0xde, 0x30, 0x5c, 0xfb, 0xc0, -+ 0x3d, 0x93, 0xef, 0x9c, 0xbc, 0xf8, 0xcc, 0xd2, 0xbf, 0x47, 0xec, 0xf8, -+ 0x88, 0x9b, 0xe1, 0x43, 0xbe, 0xa7, 0x47, 0x96, 0xb6, 0x5d, 0x46, 0x0e, -+ 0x7a, 0x78, 0x38, 0x19, 0xbc, 0xb5, 0xbc, 0x9b, 0x3c, 0x39, 0x92, 0x70, -+ 0x0d, 0x9d, 0x8a, 0x35, 0xaf, 0xb4, 0x9e, 0xf4, 0xef, 0xc1, 0xb8, 0x25, -+ 0xd0, 0x14, 0x91, 0xd6, 0xc2, 0xb6, 0xc7, 0x3c, 0x72, 0x91, 0x0f, 0xad, -+ 0xde, 0xb2, 0x36, 0xf8, 0x4e, 0x59, 0xd4, 0xa4, 0x21, 0x9f, 0x03, 0x95, -+ 0x48, 0x01, 0xb4, 0x05, 0xc3, 0x39, 0x60, 0x51, 0x08, 0xd0, 0xbe, 0x00, -+ 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xc4, 0x7e, -+ 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x20, 0x73, 0x69, 0x67, 0x6e, 0x61, -+ 0x74, 0x75, 0x72, 0x65, 0x20, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, -+ 0x64, 0x7e, 0x0a -+}; -+unsigned int hi_signed_len = 495; -+ -+unsigned char hj_signed[] = { -+ 0x68, 0x6a, 0x0a, 0x30, 0x82, 0x01, 0xc0, 0x06, 0x09, 0x2a, 0x86, 0x48, -+ 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x01, 0xb1, 0x30, 0x82, -+ 0x01, 0xad, 0x02, 0x01, 0x01, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, -+ 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x30, 0x0b, 0x06, 0x09, -+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x31, 0x82, 0x01, -+ 0x8a, 0x30, 0x82, 0x01, 0x86, 0x02, 0x01, 0x01, 0x30, 0x61, 0x30, 0x49, -+ 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1f, 0x47, -+ 0x72, 0x75, 0x62, 0x20, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x64, -+ 0x20, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x54, -+ 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x09, -+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x0e, 0x64, -+ 0x6a, 0x61, 0x40, 0x61, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x2e, 0x6e, 0x65, -+ 0x74, 0x02, 0x14, 0x25, 0x2e, 0xb8, 0xfd, 0x12, 0x62, 0x2e, 0xcd, 0x5d, -+ 0xa7, 0x53, 0xd2, 0x0b, 0xc2, 0x61, 0x7c, 0x14, 0xe0, 0x0f, 0x5c, 0x30, -+ 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, -+ 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, -+ 0x01, 0x05, 0x00, 0x04, 0x82, 0x01, 0x00, 0xc7, 0x69, 0x35, 0x21, 0x66, -+ 0x4d, 0x50, 0xd4, 0x73, 0xde, 0xbd, 0x3a, 0xf6, 0x45, 0xe3, 0xe4, 0xd0, -+ 0xb6, 0xa1, 0xe7, 0xc0, 0xa2, 0xc9, 0xf4, 0xf0, 0x05, 0x8c, 0xa4, 0x16, -+ 0x9e, 0x81, 0x0d, 0x21, 0x68, 0xf3, 0xfe, 0x03, 0x96, 0x77, 0x31, 0x69, -+ 0x01, 0xd8, 0x26, 0xd9, 0x48, 0x95, 0xcf, 0xd1, 0x17, 0xb1, 0x0b, 0x6b, -+ 0x2c, 0xf1, 0xb0, 0xab, 0x65, 0x65, 0x56, 0xf8, 0x0c, 0xa7, 0xf7, 0xbb, -+ 0xf6, 0x5a, 0x55, 0x98, 0x14, 0x07, 0x8d, 0x2a, 0xbc, 0x16, 0x48, 0x94, -+ 0xab, 0x2f, 0x85, 0x97, 0x90, 0x51, 0x78, 0xa0, 0xda, 0x60, 0xb5, 0x41, -+ 0x4b, 0xe8, 0x78, 0xc5, 0xa6, 0x04, 0x9d, 0x54, 0x2a, 0x85, 0xfd, 0x86, -+ 0x0b, 0x6d, 0xc2, 0xd2, 0xad, 0x07, 0xff, 0x16, 0x42, 0x82, 0xe3, 0x5c, -+ 0xaa, 0x22, 0x59, 0x78, 0x92, 0xea, 0x94, 0xc3, 0x41, 0xb7, 0xa1, 0x86, -+ 0x44, 0xea, 0xd1, 0xdb, 0xe5, 0xac, 0x30, 0x32, 0xfb, 0x7d, 0x3f, 0xf7, -+ 0x8b, 0x11, 0x7f, 0x80, 0x3b, 0xe5, 0xc7, 0x82, 0x0f, 0x92, 0x07, 0x14, -+ 0x66, 0x01, 0x6e, 0x85, 0xab, 0x3a, 0x14, 0xcf, 0x76, 0xd1, 0x7e, 0x14, -+ 0x85, 0xca, 0x01, 0x73, 0x72, 0x38, 0xdc, 0xde, 0x30, 0x5c, 0xfb, 0xc0, -+ 0x3d, 0x93, 0xef, 0x9c, 0xbc, 0xf8, 0xcc, 0xd2, 0xbf, 0x47, 0xec, 0xf8, -+ 0x88, 0x9b, 0xe1, 0x43, 0xbe, 0xa7, 0x47, 0x96, 0xb6, 0x5d, 0x46, 0x0e, -+ 0x7a, 0x78, 0x38, 0x19, 0xbc, 0xb5, 0xbc, 0x9b, 0x3c, 0x39, 0x92, 0x70, -+ 0x0d, 0x9d, 0x8a, 0x35, 0xaf, 0xb4, 0x9e, 0xf4, 0xef, 0xc1, 0xb8, 0x25, -+ 0xd0, 0x14, 0x91, 0xd6, 0xc2, 0xb6, 0xc7, 0x3c, 0x72, 0x91, 0x0f, 0xad, -+ 0xde, 0xb2, 0x36, 0xf8, 0x4e, 0x59, 0xd4, 0xa4, 0x21, 0x9f, 0x03, 0x95, -+ 0x48, 0x01, 0xb4, 0x05, 0xc3, 0x39, 0x60, 0x51, 0x08, 0xd0, 0xbe, 0x00, -+ 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xc4, 0x7e, -+ 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x20, 0x73, 0x69, 0x67, 0x6e, 0x61, -+ 0x74, 0x75, 0x72, 0x65, 0x20, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, -+ 0x64, 0x7e, 0x0a -+}; -+unsigned int hj_signed_len = 495; -+ -+unsigned char hi_signed_sha256[] = { -+ 0x68, 0x69, 0x0a, 0x30, 0x82, 0x01, 0xc0, 0x06, 0x09, 0x2a, 0x86, 0x48, -+ 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x01, 0xb1, 0x30, 0x82, -+ 0x01, 0xad, 0x02, 0x01, 0x01, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, -+ 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x30, 0x0b, 0x06, 0x09, -+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x31, 0x82, 0x01, -+ 0x8a, 0x30, 0x82, 0x01, 0x86, 0x02, 0x01, 0x01, 0x30, 0x61, 0x30, 0x49, -+ 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1f, 0x47, -+ 0x72, 0x75, 0x62, 0x20, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x64, -+ 0x20, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x54, -+ 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1d, 0x30, 0x1b, 0x06, 0x09, -+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x0e, 0x64, -+ 0x6a, 0x61, 0x40, 0x61, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x2e, 0x6e, 0x65, -+ 0x74, 0x02, 0x14, 0x25, 0x2e, 0xb8, 0xfd, 0x12, 0x62, 0x2e, 0xcd, 0x5d, -+ 0xa7, 0x53, 0xd2, 0x0b, 0xc2, 0x61, 0x7c, 0x14, 0xe0, 0x0f, 0x5c, 0x30, -+ 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, -+ 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, -+ 0x01, 0x05, 0x00, 0x04, 0x82, 0x01, 0x00, 0x7b, 0x5e, 0x82, 0x1d, 0x21, -+ 0xb6, 0x40, 0xd3, 0x33, 0x79, 0xa7, 0x52, 0x2b, 0xfc, 0x46, 0x51, 0x26, -+ 0xfe, 0x0f, 0x81, 0x90, 0x81, 0xab, 0x57, 0x5e, 0xf6, 0x45, 0x41, 0xa3, -+ 0x7b, 0x48, 0xdd, 0xd6, 0x59, 0x60, 0x51, 0x31, 0x14, 0x14, 0x7b, 0xb4, -+ 0x55, 0x7b, 0x4d, 0xfe, 0x09, 0x7a, 0x5d, 0xae, 0xc4, 0x58, 0x50, 0x80, -+ 0x75, 0xf2, 0x23, 0x20, 0x62, 0xe3, 0x7c, 0x26, 0x1d, 0x2a, 0x4d, 0x9f, -+ 0x89, 0xf0, 0x4f, 0x95, 0x8a, 0x80, 0x6e, 0x1a, 0xea, 0x87, 0xdb, 0x1f, -+ 0xf3, 0xda, 0x04, 0x91, 0x37, 0xea, 0x0a, 0xfb, 0x6c, 0xc9, 0x3d, 0x73, -+ 0xf9, 0x58, 0x7c, 0x15, 0x6b, 0xa2, 0x52, 0x5a, 0x97, 0xff, 0xd6, 0xb0, -+ 0xf1, 0xbf, 0xa5, 0x04, 0x6d, 0x91, 0xc1, 0x54, 0x05, 0xdc, 0x7f, 0x5d, -+ 0x19, 0xaf, 0x55, 0xec, 0x51, 0xfb, 0x66, 0x0a, 0xa4, 0x4e, 0x96, 0x47, -+ 0x43, 0x54, 0x7c, 0x64, 0xa8, 0xaa, 0xb4, 0x90, 0x02, 0xf3, 0xa7, 0x0b, -+ 0xb7, 0xbf, 0x06, 0xdb, 0x5e, 0x9c, 0x32, 0x6d, 0x45, 0x14, 0x1c, 0xaf, -+ 0x46, 0x30, 0x08, 0x55, 0x49, 0x78, 0xfa, 0x57, 0xda, 0x3d, 0xf5, 0xa0, -+ 0xef, 0x11, 0x0a, 0x81, 0x0d, 0x82, 0xcd, 0xaf, 0xdb, 0xda, 0x0e, 0x1a, -+ 0x44, 0xd1, 0xee, 0xc4, 0xb8, 0xde, 0x97, 0xb4, 0xda, 0xb4, 0x8b, 0x4f, -+ 0x58, 0x24, 0x59, 0xc0, 0xe0, 0x08, 0x97, 0x14, 0x68, 0xbe, 0x31, 0x09, -+ 0x5e, 0x67, 0x45, 0xf0, 0xcb, 0x81, 0x4f, 0x17, 0x44, 0x61, 0xe0, 0xe2, -+ 0xf0, 0xfc, 0x1e, 0xb9, 0x73, 0xaf, 0x42, 0xff, 0x33, 0xde, 0x61, 0x6b, -+ 0x7f, 0xc2, 0x69, 0x0d, 0x66, 0x54, 0xae, 0xf6, 0xde, 0x20, 0x47, 0x44, -+ 0x9b, 0x73, 0xd1, 0x07, 0x6e, 0x77, 0x37, 0x0a, 0xbb, 0x7f, 0xa0, 0x93, -+ 0x2d, 0x8d, 0x44, 0xba, 0xe2, 0xdd, 0x34, 0x32, 0xd7, 0x56, 0x71, 0x00, -+ 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xc4, 0x7e, -+ 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x20, 0x73, 0x69, 0x67, 0x6e, 0x61, -+ 0x74, 0x75, 0x72, 0x65, 0x20, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x65, -+ 0x64, 0x7e, 0x0a -+}; -+unsigned int hi_signed_sha256_len = 495; -+ -+unsigned char short_msg[] = { -+ 0x68, 0x69, 0x0a -+}; -+unsigned int short_msg_len = 3; -+ -+unsigned char unsigned_msg[] = { -+ 0x53, 0x65, 0x64, 0x20, 0x75, 0x74, 0x20, 0x70, 0x65, 0x72, 0x73, 0x70, -+ 0x69, 0x63, 0x69, 0x61, 0x74, 0x69, 0x73, 0x20, 0x75, 0x6e, 0x64, 0x65, -+ 0x20, 0x6f, 0x6d, 0x6e, 0x69, 0x73, 0x20, 0x69, 0x73, 0x74, 0x65, 0x20, -+ 0x6e, 0x61, 0x74, 0x75, 0x73, 0x20, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x20, -+ 0x73, 0x69, 0x74, 0x20, 0x76, 0x6f, 0x6c, 0x75, 0x70, 0x74, 0x61, 0x74, -+ 0x65, 0x6d, 0x20, 0x61, 0x63, 0x63, 0x75, 0x73, 0x61, 0x6e, 0x74, 0x69, -+ 0x75, 0x6d, 0x20, 0x64, 0x6f, 0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x71, 0x75, -+ 0x65, 0x20, 0x6c, 0x61, 0x75, 0x64, 0x61, 0x6e, 0x74, 0x69, 0x75, 0x6d, -+ 0x2c, 0x20, 0x74, 0x6f, 0x74, 0x61, 0x6d, 0x20, 0x72, 0x65, 0x6d, 0x20, -+ 0x61, 0x70, 0x65, 0x72, 0x69, 0x61, 0x6d, 0x2c, 0x20, 0x65, 0x61, 0x71, -+ 0x75, 0x65, 0x20, 0x69, 0x70, 0x73, 0x61, 0x20, 0x71, 0x75, 0x61, 0x65, -+ 0x20, 0x61, 0x62, 0x20, 0x69, 0x6c, 0x6c, 0x6f, 0x20, 0x69, 0x6e, 0x76, -+ 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x76, 0x65, 0x72, 0x69, 0x74, -+ 0x61, 0x74, 0x69, 0x73, 0x20, 0x65, 0x74, 0x20, 0x71, 0x75, 0x61, 0x73, -+ 0x69, 0x20, 0x61, 0x72, 0x63, 0x68, 0x69, 0x74, 0x65, 0x63, 0x74, 0x6f, -+ 0x20, 0x62, 0x65, 0x61, 0x74, 0x61, 0x65, 0x20, 0x76, 0x69, 0x74, 0x61, -+ 0x65, 0x20, 0x64, 0x69, 0x63, 0x74, 0x61, 0x20, 0x73, 0x75, 0x6e, 0x74, -+ 0x20, 0x65, 0x78, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x62, 0x6f, 0x2e, 0x20, -+ 0x4e, 0x65, 0x6d, 0x6f, 0x20, 0x65, 0x6e, 0x69, 0x6d, 0x20, 0x69, 0x70, -+ 0x73, 0x61, 0x6d, 0x20, 0x76, 0x6f, 0x6c, 0x75, 0x70, 0x74, 0x61, 0x74, -+ 0x65, 0x6d, 0x20, 0x71, 0x75, 0x69, 0x61, 0x20, 0x76, 0x6f, 0x6c, 0x75, -+ 0x70, 0x74, 0x61, 0x73, 0x20, 0x73, 0x69, 0x74, 0x20, 0x61, 0x73, 0x70, -+ 0x65, 0x72, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x20, 0x61, 0x75, 0x74, 0x20, -+ 0x6f, 0x64, 0x69, 0x74, 0x20, 0x61, 0x75, 0x74, 0x20, 0x66, 0x75, 0x67, -+ 0x69, 0x74, 0x2c, 0x20, 0x73, 0x65, 0x64, 0x20, 0x71, 0x75, 0x69, 0x61, -+ 0x20, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x71, 0x75, 0x75, 0x6e, 0x74, 0x75, -+ 0x72, 0x20, 0x6d, 0x61, 0x67, 0x6e, 0x69, 0x20, 0x64, 0x6f, 0x6c, 0x6f, -+ 0x72, 0x65, 0x73, 0x20, 0x65, 0x6f, 0x73, 0x20, 0x71, 0x75, 0x69, 0x20, -+ 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x65, 0x20, 0x76, 0x6f, 0x6c, 0x75, -+ 0x70, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x20, 0x73, 0x65, 0x71, 0x75, 0x69, -+ 0x20, 0x6e, 0x65, 0x73, 0x63, 0x69, 0x75, 0x6e, 0x74, 0x2e, 0x20, 0x4e, -+ 0x65, 0x71, 0x75, 0x65, 0x20, 0x70, 0x6f, 0x72, 0x72, 0x6f, 0x20, 0x71, -+ 0x75, 0x69, 0x73, 0x71, 0x75, 0x61, 0x6d, 0x20, 0x65, 0x73, 0x74, 0x2c, -+ 0x20, 0x71, 0x75, 0x69, 0x20, 0x64, 0x6f, 0x6c, 0x6f, 0x72, 0x65, 0x6d, -+ 0x20, 0x69, 0x70, 0x73, 0x75, 0x6d, 0x20, 0x71, 0x75, 0x69, 0x61, 0x20, -+ 0x64, 0x6f, 0x6c, 0x6f, 0x72, 0x20, 0x73, 0x69, 0x74, 0x20, 0x61, 0x6d, -+ 0x65, 0x74, 0x2c, 0x20, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x74, 0x65, -+ 0x74, 0x75, 0x72, 0x2c, 0x20, 0x61, 0x64, 0x69, 0x70, 0x69, 0x73, 0x63, -+ 0x69, 0x20, 0x76, 0x65, 0x6c, 0x69, 0x74, 0x2c, 0x20, 0x73, 0x65, 0x64, -+ 0x20, 0x71, 0x75, 0x69, 0x61, 0x20, 0x6e, 0x6f, 0x6e, 0x20, 0x6e, 0x75, -+ 0x6d, 0x71, 0x75, 0x61, 0x6d, 0x20, 0x65, 0x69, 0x75, 0x73, 0x20, 0x6d, -+ 0x6f, 0x64, 0x69, 0x20, 0x74, 0x65, 0x6d, 0x70, 0x6f, 0x72, 0x61, 0x20, -+ 0x69, 0x6e, 0x63, 0x69, 0x64, 0x75, 0x6e, 0x74, 0x20, 0x75, 0x74, 0x20, -+ 0x6c, 0x61, 0x62, 0x6f, 0x72, 0x65, 0x20, 0x65, 0x74, 0x20, 0x64, 0x6f, -+ 0x6c, 0x6f, 0x72, 0x65, 0x20, 0x6d, 0x61, 0x67, 0x6e, 0x61, 0x6d, 0x20, -+ 0x61, 0x6c, 0x69, 0x71, 0x75, 0x61, 0x6d, 0x20, 0x71, 0x75, 0x61, 0x65, -+ 0x72, 0x61, 0x74, 0x20, 0x76, 0x6f, 0x6c, 0x75, 0x70, 0x74, 0x61, 0x74, -+ 0x65, 0x6d, 0x2e, 0x20, 0x55, 0x74, 0x20, 0x65, 0x6e, 0x69, 0x6d, 0x20, -+ 0x61, 0x64, 0x20, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x61, 0x20, 0x76, 0x65, -+ 0x6e, 0x69, 0x61, 0x6d, 0x2c, 0x20, 0x71, 0x75, 0x69, 0x73, 0x20, 0x6e, -+ 0x6f, 0x73, 0x74, 0x72, 0x75, 0x6d, 0x20, 0x65, 0x78, 0x65, 0x72, 0x63, -+ 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x65, 0x6d, 0x20, 0x75, 0x6c, -+ 0x6c, 0x61, 0x6d, 0x20, 0x63, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x69, 0x73, -+ 0x20, 0x73, 0x75, 0x73, 0x63, 0x69, 0x70, 0x69, 0x74, 0x20, 0x6c, 0x61, -+ 0x62, 0x6f, 0x72, 0x69, 0x6f, 0x73, 0x61, 0x6d, 0x2c, 0x20, 0x6e, 0x69, -+ 0x73, 0x69, 0x20, 0x75, 0x74, 0x20, 0x61, 0x6c, 0x69, 0x71, 0x75, 0x69, -+ 0x64, 0x20, 0x65, 0x78, 0x20, 0x65, 0x61, 0x20, 0x63, 0x6f, 0x6d, 0x6d, -+ 0x6f, 0x64, 0x69, 0x20, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x71, 0x75, 0x61, -+ 0x74, 0x75, 0x72, 0x3f, 0x20, 0x51, 0x75, 0x69, 0x73, 0x20, 0x61, 0x75, -+ 0x74, 0x65, 0x6d, 0x20, 0x76, 0x65, 0x6c, 0x20, 0x65, 0x75, 0x6d, 0x20, -+ 0x69, 0x75, 0x72, 0x65, 0x20, 0x72, 0x65, 0x70, 0x72, 0x65, 0x68, 0x65, -+ 0x6e, 0x64, 0x65, 0x72, 0x69, 0x74, 0x20, 0x71, 0x75, 0x69, 0x20, 0x69, -+ 0x6e, 0x20, 0x65, 0x61, 0x20, 0x76, 0x6f, 0x6c, 0x75, 0x70, 0x74, 0x61, -+ 0x74, 0x65, 0x20, 0x76, 0x65, 0x6c, 0x69, 0x74, 0x20, 0x65, 0x73, 0x73, -+ 0x65, 0x20, 0x71, 0x75, 0x61, 0x6d, 0x20, 0x6e, 0x69, 0x68, 0x69, 0x6c, -+ 0x20, 0x6d, 0x6f, 0x6c, 0x65, 0x73, 0x74, 0x69, 0x61, 0x65, 0x20, 0x63, -+ 0x6f, 0x6e, 0x73, 0x65, 0x71, 0x75, 0x61, 0x74, 0x75, 0x72, 0x2c, 0x20, -+ 0x76, 0x65, 0x6c, 0x20, 0x69, 0x6c, 0x6c, 0x75, 0x6d, 0x20, 0x71, 0x75, -+ 0x69, 0x20, 0x64, 0x6f, 0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x65, 0x75, -+ 0x6d, 0x20, 0x66, 0x75, 0x67, 0x69, 0x61, 0x74, 0x20, 0x71, 0x75, 0x6f, -+ 0x20, 0x76, 0x6f, 0x6c, 0x75, 0x70, 0x74, 0x61, 0x73, 0x20, 0x6e, 0x75, -+ 0x6c, 0x6c, 0x61, 0x20, 0x70, 0x61, 0x72, 0x69, 0x61, 0x74, 0x75, 0x72, -+ 0x3f, 0x0a -+}; -+unsigned int unsigned_msg_len = 866; -+ -+unsigned char certificate2_der[] = { -+ 0x30, 0x82, 0x05, 0x52, 0x30, 0x82, 0x03, 0x3a, 0xa0, 0x03, 0x02, 0x01, -+ 0x02, 0x02, 0x14, 0x5b, 0x5e, 0x59, 0xf2, 0x5f, 0x75, 0x4c, 0x8e, 0xc5, -+ 0x3a, 0x91, 0x07, 0xe9, 0xe7, 0x6d, 0x3c, 0xd0, 0x7f, 0x91, 0xff, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, -+ 0x05, 0x00, 0x30, 0x3a, 0x31, 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, -+ 0x03, 0x0c, 0x2f, 0x47, 0x72, 0x75, 0x62, 0x20, 0x32, 0x6e, 0x64, 0x20, -+ 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, -+ 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, -+ 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, -+ 0x74, 0x79, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x30, 0x30, 0x37, 0x32, 0x38, -+ 0x31, 0x33, 0x32, 0x34, 0x32, 0x39, 0x5a, 0x18, 0x0f, 0x32, 0x31, 0x32, -+ 0x30, 0x30, 0x37, 0x30, 0x34, 0x31, 0x33, 0x32, 0x34, 0x32, 0x39, 0x5a, -+ 0x30, 0x2b, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, -+ 0x20, 0x47, 0x72, 0x75, 0x62, 0x20, 0x32, 0x6e, 0x64, 0x20, 0x43, 0x65, -+ 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x53, 0x69, -+ 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x4b, 0x65, 0x79, 0x30, 0x82, 0x02, -+ 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, -+ 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, -+ 0x0a, 0x02, 0x82, 0x02, 0x01, 0x00, 0xb0, 0x2f, 0x50, 0x01, 0x9c, 0x0e, -+ 0xd6, 0x8c, 0x07, 0xca, 0xc1, 0xcf, 0xbc, 0x03, 0xdd, 0xd3, 0xfa, 0xe3, -+ 0x4f, 0x71, 0xc1, 0x30, 0xaa, 0x09, 0x96, 0xe4, 0xd0, 0x6c, 0x42, 0x93, -+ 0xdb, 0x35, 0xf6, 0x7e, 0x1b, 0x67, 0xc0, 0xc2, 0x2d, 0x5b, 0xec, 0xca, -+ 0x35, 0x06, 0x32, 0x6c, 0x7b, 0x2c, 0xd3, 0x71, 0x2b, 0xe9, 0x7a, 0x19, -+ 0xd1, 0xf2, 0xa0, 0x7f, 0xd7, 0x4d, 0x6e, 0x28, 0xbb, 0xae, 0x49, 0x4a, -+ 0xbc, 0xea, 0x47, 0x67, 0xb8, 0x36, 0xa6, 0xf5, 0x0d, 0x0e, 0x20, 0x14, -+ 0x0c, 0x66, 0x67, 0x28, 0xb5, 0x97, 0x8b, 0x1f, 0x5e, 0x32, 0x06, 0x29, -+ 0x9c, 0x99, 0x92, 0x0f, 0x73, 0xac, 0xfd, 0xd2, 0x1d, 0xf2, 0xa8, 0x55, -+ 0x9d, 0x1b, 0xd8, 0x3d, 0xb0, 0x76, 0x9a, 0xb6, 0x6c, 0x9f, 0x62, 0x37, -+ 0x2f, 0xc0, 0xef, 0x44, 0xb3, 0x0d, 0x4a, 0x3e, 0x4f, 0x7d, 0xbd, 0xdb, -+ 0xd8, 0x75, 0x5f, 0x68, 0xe3, 0xf0, 0xec, 0x82, 0x66, 0x7c, 0x31, 0x70, -+ 0xa9, 0xa1, 0x6f, 0x38, 0x9f, 0xdf, 0xf5, 0xf0, 0x7d, 0x23, 0x9d, 0x34, -+ 0xa5, 0x85, 0xd3, 0xdf, 0x68, 0x41, 0xfc, 0x4f, 0x89, 0x45, 0x3c, 0x24, -+ 0x81, 0xa6, 0xf2, 0x3c, 0x02, 0x26, 0x09, 0x48, 0xdd, 0xfe, 0x4b, 0xb6, -+ 0x66, 0xbf, 0x8f, 0xe5, 0x5f, 0xf0, 0x5d, 0x8a, 0x61, 0x2e, 0x5f, 0x9f, -+ 0x80, 0xd9, 0xd5, 0xe6, 0x41, 0xd8, 0x10, 0x5e, 0x7a, 0xc6, 0xdb, 0x89, -+ 0xc7, 0xca, 0x6c, 0x5b, 0xb1, 0x4e, 0x7d, 0x0c, 0x03, 0xfd, 0x50, 0xca, -+ 0xbf, 0xbb, 0xe2, 0x69, 0x4b, 0x4e, 0xc2, 0x3d, 0x75, 0xfa, 0xd1, 0xcc, -+ 0xd6, 0xf9, 0x39, 0xb9, 0xdc, 0x53, 0xad, 0x62, 0xfb, 0x1b, 0x94, 0x26, -+ 0x7f, 0x21, 0x54, 0x5c, 0xb7, 0xdc, 0xe7, 0x96, 0x8c, 0xce, 0x75, 0xe0, -+ 0x17, 0x01, 0x3a, 0x3c, 0x77, 0x6e, 0xa4, 0x8b, 0x7a, 0x83, 0x28, 0x7a, -+ 0xf7, 0xb0, 0x5f, 0xfc, 0x7f, 0x2d, 0x2e, 0xec, 0xf5, 0xeb, 0x9c, 0x63, -+ 0x74, 0xd0, 0xe5, 0xdc, 0x19, 0xe4, 0x71, 0xc5, 0x4a, 0x8a, 0x54, 0xa4, -+ 0xe0, 0x7d, 0x4e, 0xbf, 0x53, 0x30, 0xaf, 0xd0, 0xeb, 0x96, 0xc3, 0xbb, -+ 0x65, 0xf7, 0x67, 0xf5, 0xae, 0xd3, 0x96, 0xf2, 0x63, 0xc8, 0x69, 0xf7, -+ 0x47, 0xcb, 0x27, 0x79, 0xe1, 0xff, 0x2f, 0x68, 0xdf, 0x1e, 0xb3, 0xb8, -+ 0x0c, 0xc5, 0x58, 0x73, 0xcc, 0xfe, 0x8c, 0xda, 0x4e, 0x3b, 0x01, 0x04, -+ 0xcd, 0xcb, 0xb8, 0x3e, 0x06, 0xfd, 0x4c, 0x0a, 0x9f, 0x5e, 0x76, 0x8c, -+ 0x0c, 0x83, 0x75, 0x09, 0x08, 0xb2, 0xdb, 0xf4, 0x49, 0x4e, 0xa0, 0xf2, -+ 0x0c, 0x7b, 0x87, 0x38, 0x9e, 0x22, 0x67, 0xbd, 0xd1, 0x97, 0x57, 0x24, -+ 0xf1, 0x46, 0x07, 0xf9, 0xd2, 0x1b, 0xec, 0x25, 0x5e, 0x67, 0xd9, 0x66, -+ 0x23, 0x1b, 0xd3, 0xe4, 0xaa, 0xec, 0x88, 0xf0, 0x7e, 0x15, 0x83, 0x51, -+ 0x31, 0x67, 0x51, 0x76, 0x5f, 0x55, 0xd7, 0x36, 0xdf, 0x4a, 0x84, 0x0b, -+ 0x6f, 0x5c, 0xbb, 0x5b, 0x8f, 0x37, 0x23, 0x7f, 0xf8, 0x17, 0x84, 0xa2, -+ 0x70, 0x20, 0x07, 0x0c, 0x90, 0x3a, 0x04, 0xfd, 0xf0, 0x08, 0x4a, 0xb1, -+ 0x16, 0x0f, 0xe6, 0xf6, 0x40, 0x51, 0x83, 0xd2, 0x87, 0x40, 0x9c, 0x1c, -+ 0x9f, 0x13, 0x38, 0x17, 0xd3, 0x34, 0x58, 0xad, 0x05, 0x71, 0xa0, 0x73, -+ 0xca, 0x40, 0xa6, 0xa4, 0x81, 0x02, 0xee, 0xa8, 0x72, 0x41, 0xa1, 0x41, -+ 0x18, 0x64, 0x8a, 0x86, 0x8a, 0x5d, 0xe6, 0x4f, 0x0a, 0xc5, 0x95, 0x98, -+ 0xf9, 0x78, 0xfe, 0x19, 0x0d, 0xc9, 0xb3, 0x89, 0xc1, 0x2b, 0x09, 0xbe, -+ 0xf1, 0xd2, 0x04, 0x5d, 0xcc, 0x28, 0xf5, 0x4b, 0xd2, 0x20, 0x4f, 0xc5, -+ 0x41, 0x9d, 0x8c, 0x85, 0xd8, 0xb0, 0x68, 0x5e, 0xc1, 0x0c, 0xb7, 0x24, -+ 0x4d, 0x67, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x5d, 0x30, 0x5b, 0x30, -+ 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, -+ 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, -+ 0x07, 0x80, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, -+ 0x14, 0xac, 0xf5, 0x47, 0x17, 0xd9, 0x7d, 0xc1, 0xb1, 0xc4, 0x41, 0xe1, -+ 0x41, 0x60, 0xcb, 0x37, 0x11, 0x60, 0x28, 0x78, 0x5f, 0x30, 0x1f, 0x06, -+ 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x21, 0x94, -+ 0xfb, 0xf9, 0xb2, 0x43, 0xe9, 0x33, 0xd7, 0x50, 0x7d, 0xc7, 0x37, 0xdb, -+ 0xd5, 0x82, 0x5a, 0x4e, 0xbe, 0x1b, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, -+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, -+ 0x01, 0x00, 0x96, 0x70, 0x65, 0x26, 0x42, 0xf8, 0xdc, 0x69, 0xde, 0xcf, -+ 0x41, 0x3a, 0x2e, 0x7f, 0x5b, 0xf1, 0xf9, 0x3b, 0x9b, 0xd2, 0x4e, 0x64, -+ 0x48, 0x81, 0xe4, 0x5d, 0x1e, 0x22, 0xce, 0x68, 0x63, 0x62, 0xe5, 0x1b, -+ 0x9b, 0xf2, 0xc7, 0x12, 0xda, 0x1e, 0x9b, 0x90, 0x84, 0x79, 0x48, 0x12, -+ 0xe6, 0x21, 0x6f, 0x2f, 0x7e, 0x18, 0x77, 0xdb, 0x8c, 0xc4, 0xd1, 0x0d, -+ 0x91, 0xbf, 0x39, 0x22, 0x0f, 0x64, 0xcf, 0x25, 0x2e, 0x8c, 0x1f, 0x91, -+ 0x81, 0xb5, 0xe9, 0x6c, 0x02, 0x3a, 0xf8, 0x07, 0xa2, 0x6f, 0x46, 0x5d, -+ 0x7b, 0xfd, 0x43, 0xff, 0x41, 0x0f, 0xe2, 0x57, 0x1c, 0xbd, 0x48, 0x60, -+ 0x53, 0x11, 0x48, 0x87, 0x88, 0x9d, 0x13, 0x82, 0x40, 0x68, 0x44, 0x2c, -+ 0xc6, 0xc8, 0x95, 0x27, 0x4f, 0xb6, 0xb9, 0x4a, 0x22, 0x0a, 0xfd, 0xe4, -+ 0x46, 0x8f, 0x35, 0x12, 0x98, 0x5a, 0x34, 0x6f, 0x2b, 0x57, 0x62, 0xa1, -+ 0x4d, 0x8d, 0x79, 0x37, 0xe4, 0x6b, 0x8a, 0x32, 0x5b, 0xcb, 0xef, 0x79, -+ 0x11, 0xed, 0xa7, 0xf8, 0x7a, 0x1c, 0xbd, 0x86, 0xdc, 0x0e, 0x2e, 0xfd, -+ 0xd3, 0x51, 0xbb, 0x73, 0xad, 0x00, 0xa0, 0x1b, 0xf9, 0x1d, 0xd1, 0x4a, -+ 0xe4, 0xd4, 0x02, 0x63, 0x2b, 0x39, 0x5f, 0x18, 0x08, 0x2f, 0x42, 0xb7, -+ 0x23, 0x4b, 0x48, 0x46, 0x1f, 0x63, 0x87, 0xae, 0x6d, 0xd5, 0xdb, 0x60, -+ 0xf8, 0x5f, 0xd3, 0x13, 0xec, 0xca, 0xdd, 0x60, 0x60, 0x79, 0x52, 0x70, -+ 0x47, 0xae, 0x1d, 0x38, 0x78, 0x71, 0xcf, 0xb3, 0x04, 0x03, 0xbe, 0xba, -+ 0x81, 0xba, 0x74, 0xb1, 0x30, 0x35, 0xdc, 0xea, 0x21, 0x4a, 0x9b, 0x70, -+ 0xfb, 0xd6, 0x60, 0x59, 0x78, 0x0c, 0x4d, 0x39, 0x19, 0x1d, 0xe5, 0x75, -+ 0xba, 0x07, 0xf4, 0x22, 0x37, 0x64, 0xb7, 0xf2, 0x9a, 0xc9, 0x11, 0x2d, -+ 0x8e, 0x58, 0xa6, 0xcf, 0x83, 0xf1, 0xcb, 0x6c, 0x7f, 0x02, 0xbd, 0xda, -+ 0x03, 0x92, 0xa9, 0x45, 0x24, 0x56, 0xc5, 0xbd, 0x41, 0xd1, 0x20, 0x86, -+ 0xc0, 0xb6, 0xb7, 0xe8, 0xa7, 0xb2, 0x46, 0xf7, 0x8e, 0xa9, 0x38, 0x0e, -+ 0x23, 0x77, 0x3c, 0x0d, 0x66, 0x83, 0x6a, 0x1a, 0x6b, 0x7f, 0x54, 0x11, -+ 0x58, 0x0d, 0x4a, 0xb5, 0x74, 0x60, 0xca, 0xed, 0xff, 0x91, 0x47, 0xd9, -+ 0x29, 0xe0, 0xaa, 0x8c, 0xa8, 0x8f, 0x10, 0x4c, 0x15, 0x7d, 0xce, 0x95, -+ 0xf9, 0x87, 0x1e, 0x18, 0x38, 0x18, 0xfc, 0xcc, 0xaf, 0x91, 0x17, 0x3f, -+ 0xfa, 0xf0, 0x8a, 0x09, 0x6f, 0xba, 0x4e, 0x53, 0xf7, 0xfa, 0x4f, 0x20, -+ 0xa3, 0xf4, 0x4a, 0x5a, 0xde, 0x17, 0x1c, 0x29, 0x6a, 0x6f, 0x03, 0x48, -+ 0xdf, 0xad, 0x4f, 0xe4, 0xbc, 0x71, 0xc4, 0x72, 0x32, 0x11, 0x84, 0xac, -+ 0x09, 0xd2, 0x18, 0x44, 0x35, 0xf1, 0xcd, 0xaf, 0xa8, 0x98, 0xe0, 0x8b, -+ 0xec, 0xa0, 0x83, 0x37, 0xc3, 0x35, 0x85, 0xd6, 0xd8, 0x1b, 0xe0, 0x75, -+ 0xdc, 0xfd, 0xde, 0xc9, 0xeb, 0xd5, 0x18, 0x0f, 0xd3, 0x4c, 0x2f, 0x71, -+ 0xdc, 0x48, 0xe3, 0x14, 0xeb, 0xda, 0x00, 0x24, 0x24, 0x9e, 0xa3, 0x8e, -+ 0x3e, 0x08, 0x6f, 0x22, 0x24, 0xd6, 0xc4, 0x85, 0x8f, 0x68, 0x00, 0x4a, -+ 0x82, 0x4c, 0x33, 0x6e, 0xa5, 0x35, 0x7b, 0xeb, 0x4b, 0xdc, 0xa0, 0xa6, -+ 0x65, 0x6f, 0x5a, 0x7a, 0xdf, 0x8a, 0x01, 0x52, 0xa1, 0x6c, 0xff, 0x59, -+ 0x22, 0x7f, 0xe1, 0x96, 0x1b, 0x19, 0xb8, 0xf9, 0x5d, 0x44, 0x9f, 0x91, -+ 0x03, 0x3c, 0x3d, 0xa1, 0x2a, 0xb6, 0x5a, 0x51, 0xa0, 0xce, 0x4a, 0x88, -+ 0x22, 0x72, 0x9c, 0xdc, 0xc0, 0x47, 0x76, 0x35, 0x84, 0x75, 0x9b, 0x87, -+ 0x5c, 0xd3, 0xcf, 0xe7, 0xdd, 0xa3, 0x57, 0x14, 0xdf, 0x00, 0xfd, 0x19, -+ 0x2a, 0x7d, 0x89, 0x27, 0x1c, 0x78, 0x97, 0x04, 0x58, 0x48 -+}; -+unsigned int certificate2_der_len = 1366; -+ -+unsigned char hi_signed_2nd[] = { -+ 0x68, 0x69, 0x0a, 0x30, 0x82, 0x02, 0xb1, 0x06, 0x09, 0x2a, 0x86, 0x48, -+ 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x02, 0xa2, 0x30, 0x82, -+ 0x02, 0x9e, 0x02, 0x01, 0x01, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, -+ 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x30, 0x0b, 0x06, 0x09, -+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x31, 0x82, 0x02, -+ 0x7b, 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x01, 0x30, 0x52, 0x30, 0x3a, -+ 0x31, 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x2f, 0x47, -+ 0x72, 0x75, 0x62, 0x20, 0x32, 0x6e, 0x64, 0x20, 0x43, 0x65, 0x72, 0x74, -+ 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x54, 0x65, 0x73, 0x74, -+ 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, -+ 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x02, 0x14, -+ 0x5b, 0x5e, 0x59, 0xf2, 0x5f, 0x75, 0x4c, 0x8e, 0xc5, 0x3a, 0x91, 0x07, -+ 0xe9, 0xe7, 0x6d, 0x3c, 0xd0, 0x7f, 0x91, 0xff, 0x30, 0x0b, 0x06, 0x09, -+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x30, 0x0d, 0x06, -+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, -+ 0x04, 0x82, 0x02, 0x00, 0x0e, 0xc2, 0x30, 0x38, 0x81, 0x23, 0x68, 0x90, -+ 0xae, 0x5f, 0xce, 0xf7, 0x27, 0xb1, 0x8c, 0x2e, 0x12, 0x10, 0xc6, 0x99, -+ 0xdc, 0x4d, 0x4b, 0x79, 0xda, 0xe4, 0x32, 0x10, 0x46, 0x1c, 0x16, 0x07, -+ 0x87, 0x66, 0x55, 0xff, 0x64, 0x1c, 0x61, 0x25, 0xd5, 0xb9, 0xe1, 0xfe, -+ 0xea, 0x5a, 0xcd, 0x56, 0xa5, 0xc3, 0xbe, 0xb1, 0x61, 0xc7, 0x6f, 0x5f, -+ 0x69, 0x20, 0x64, 0x50, 0x6f, 0x12, 0x78, 0xb6, 0x0c, 0x72, 0x44, 0x4f, -+ 0x60, 0x0f, 0x9f, 0xa2, 0x83, 0x3b, 0xc2, 0x83, 0xd5, 0x14, 0x1f, 0x6f, -+ 0x3e, 0xb2, 0x47, 0xb5, 0x58, 0xc5, 0xa7, 0xb4, 0x82, 0x53, 0x2e, 0x53, -+ 0x95, 0x4e, 0x3d, 0xe4, 0x62, 0xe8, 0xa1, 0xaf, 0xae, 0xbf, 0xa9, 0xd2, -+ 0x22, 0x07, 0xbe, 0x71, 0x37, 0x2c, 0x5a, 0xa7, 0x6c, 0xaf, 0x14, 0xc0, -+ 0x6c, 0x2f, 0xbf, 0x4f, 0x15, 0xc2, 0x0f, 0x8b, 0xdc, 0x68, 0x45, 0xdf, -+ 0xf3, 0xa5, 0x7f, 0x11, 0x6a, 0x54, 0xcd, 0x67, 0xb9, 0x2e, 0x7d, 0x05, -+ 0xe3, 0x1c, 0x1d, 0xcc, 0x77, 0x8e, 0x97, 0xb1, 0xa0, 0x11, 0x09, 0x3d, -+ 0x90, 0x54, 0xfc, 0x7e, 0xbb, 0xbb, 0x21, 0x23, 0x03, 0x44, 0xbf, 0x7d, -+ 0x2c, 0xc9, 0x15, 0x42, 0xe5, 0xa0, 0x3b, 0xa2, 0xd1, 0x5b, 0x73, 0x81, -+ 0xff, 0xfa, 0x90, 0xfc, 0x27, 0x7b, 0x2f, 0x86, 0x9c, 0x1d, 0x14, 0x36, -+ 0x94, 0xa2, 0x6e, 0xe8, 0x9d, 0xa0, 0x5f, 0xfc, 0x5a, 0x0d, 0xa4, 0xd5, -+ 0x2f, 0x8d, 0xd6, 0x00, 0xfa, 0x93, 0x5b, 0x09, 0x7f, 0x42, 0x78, 0xcc, -+ 0x8c, 0x49, 0xda, 0xd9, 0xf6, 0x43, 0xe7, 0xe1, 0x3c, 0xa2, 0xe2, 0x70, -+ 0xe2, 0x6a, 0x99, 0xc5, 0xd6, 0xa2, 0xe3, 0x0b, 0xd4, 0x09, 0xac, 0x94, -+ 0xaf, 0xb7, 0xf0, 0xb3, 0x0c, 0x1e, 0xf5, 0x16, 0x4f, 0x53, 0x9a, 0xe3, -+ 0xcc, 0xe2, 0x0c, 0x4a, 0xb9, 0xe6, 0x06, 0xbb, 0xf7, 0x41, 0x43, 0x20, -+ 0x04, 0xee, 0x99, 0x2f, 0xd8, 0x9f, 0xda, 0x3f, 0xfd, 0x49, 0xb8, 0xc2, -+ 0xbd, 0xd9, 0xc5, 0x72, 0xfd, 0xe3, 0xce, 0x1c, 0xbc, 0xe4, 0x39, 0xac, -+ 0x2a, 0x99, 0xe9, 0xb4, 0x3e, 0x74, 0x10, 0xeb, 0xd5, 0x14, 0xcc, 0xdb, -+ 0xf1, 0x04, 0x63, 0x36, 0xfb, 0x1f, 0x2b, 0xe2, 0x73, 0xd4, 0xd8, 0x49, -+ 0x31, 0xa8, 0x55, 0xcc, 0xa7, 0x76, 0x36, 0x6e, 0x18, 0xdc, 0xb9, 0xb0, -+ 0x29, 0x99, 0xcf, 0x49, 0xbf, 0xf9, 0xdb, 0x7f, 0x24, 0x42, 0x02, 0xcb, -+ 0xc1, 0xaa, 0xcb, 0xba, 0x18, 0x85, 0x86, 0xc7, 0xf4, 0x1c, 0x62, 0x76, -+ 0xbc, 0x73, 0xfb, 0xe4, 0x15, 0xb8, 0xdd, 0x5d, 0xa6, 0x68, 0x39, 0xa5, -+ 0x3d, 0x33, 0xaf, 0xd5, 0x92, 0x4d, 0x48, 0xdb, 0x22, 0xc0, 0xdc, 0x49, -+ 0x5f, 0x7b, 0xa8, 0xd2, 0x62, 0x2d, 0xa7, 0x39, 0x93, 0x48, 0xe7, 0x6b, -+ 0x23, 0xba, 0xd4, 0xe0, 0xc1, 0x29, 0x55, 0xc4, 0x34, 0xe3, 0xac, 0x25, -+ 0xa7, 0x15, 0xad, 0xab, 0xb3, 0xb7, 0x25, 0xca, 0x37, 0x88, 0x40, 0x2e, -+ 0x47, 0x6e, 0x92, 0x20, 0x09, 0x2e, 0x5a, 0xec, 0xf2, 0xfb, 0xb3, 0xa0, -+ 0x16, 0xb6, 0x93, 0xf2, 0xf5, 0x8b, 0xfe, 0xaf, 0x25, 0xee, 0x2e, 0x98, -+ 0x6c, 0x0a, 0xfe, 0xae, 0x0b, 0x57, 0xf5, 0x9f, 0x3c, 0x80, 0xe9, 0x8b, -+ 0xaf, 0x92, 0x8a, 0xad, 0xe7, 0xa0, 0xe4, 0xe6, 0x0a, 0xa0, 0xc7, 0x83, -+ 0xb5, 0x48, 0x58, 0x5f, 0x55, 0x9e, 0x9b, 0x27, 0xcd, 0x31, 0x1f, 0x3e, -+ 0x50, 0x5a, 0x91, 0xad, 0x21, 0x1b, 0x97, 0x5b, 0xe8, 0xfa, 0x29, 0x8a, -+ 0xa4, 0x17, 0xe8, 0xab, 0x87, 0x02, 0xd6, 0x18, 0x8c, 0x9f, 0x65, 0xb7, -+ 0x2a, 0xfa, 0xde, 0x5f, 0x77, 0x30, 0x6c, 0x04, 0x22, 0xe6, 0x58, 0x26, -+ 0x14, 0x0d, 0x9c, 0x41, 0x0a, 0x82, 0x77, 0xdb, 0x40, 0xa1, 0x58, 0xac, -+ 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xb5, -+ 0x7e, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x20, 0x73, 0x69, 0x67, 0x6e, -+ 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, -+ 0x65, 0x64, 0x7e, 0x0a -+}; -+unsigned int hi_signed_2nd_len = 736; -+ -+unsigned char certificate_printable_der[] = { -+ 0x30, 0x82, 0x03, 0x39, 0x30, 0x82, 0x02, 0x21, 0xa0, 0x03, 0x02, 0x01, -+ 0x02, 0x02, 0x09, 0x00, 0xde, 0xf6, 0x22, 0xc4, 0xf2, 0xf1, 0x86, 0x02, -+ 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, -+ 0x0b, 0x05, 0x00, 0x30, 0x2a, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, -+ 0x04, 0x03, 0x13, 0x1f, 0x52, 0x65, 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, -+ 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x42, 0x6f, 0x6f, 0x74, 0x20, -+ 0x43, 0x41, 0x20, 0x32, 0x20, 0x28, 0x62, 0x65, 0x74, 0x61, 0x29, 0x30, -+ 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30, 0x33, 0x31, 0x31, 0x34, 0x31, -+ 0x39, 0x32, 0x33, 0x5a, 0x17, 0x0d, 0x33, 0x37, 0x31, 0x30, 0x32, 0x35, -+ 0x31, 0x34, 0x31, 0x39, 0x32, 0x33, 0x5a, 0x30, 0x2f, 0x31, 0x2d, 0x30, -+ 0x2b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x24, 0x52, 0x65, 0x64, 0x20, -+ 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x42, -+ 0x6f, 0x6f, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, -+ 0x33, 0x20, 0x28, 0x62, 0x65, 0x74, 0x61, 0x29, 0x30, 0x82, 0x01, 0x22, -+ 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, -+ 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, -+ 0x02, 0x82, 0x01, 0x01, 0x00, 0xbd, 0xda, 0xa1, 0xed, 0x8d, 0x8e, 0x15, -+ 0x5c, 0xf8, 0x01, 0x77, 0x48, 0x4a, 0x60, 0x96, 0xf9, 0x27, 0xfa, 0xe2, -+ 0xb1, 0x69, 0x0f, 0x51, 0x19, 0x52, 0x7e, 0xc4, 0x34, 0x8e, 0xe1, 0x9b, -+ 0x9c, 0xa4, 0xb1, 0x5c, 0xd6, 0x81, 0x98, 0x78, 0xfe, 0xa9, 0xe5, 0x0b, -+ 0x00, 0xba, 0x9c, 0x64, 0x7e, 0xc7, 0xcc, 0x72, 0xb1, 0x73, 0x4b, 0x11, -+ 0x07, 0x52, 0xf0, 0x20, 0x96, 0x8b, 0x99, 0x39, 0xde, 0xdb, 0xfa, 0x3d, -+ 0x45, 0xe2, 0x98, 0x7b, 0x0c, 0x41, 0xe4, 0x0c, 0xb5, 0x5d, 0x92, 0x74, -+ 0x39, 0x96, 0xe1, 0x97, 0x97, 0xa1, 0xad, 0x2e, 0xcc, 0xd0, 0x1b, 0x4d, -+ 0x9d, 0xbd, 0x3e, 0xa9, 0x36, 0x8e, 0xcc, 0xc7, 0x5f, 0x6a, 0x7d, 0x39, -+ 0x5e, 0x0b, 0x8d, 0xca, 0xe4, 0x83, 0xe9, 0x3b, 0x5c, 0x86, 0x47, 0xd4, -+ 0xba, 0x7d, 0x98, 0x26, 0xa1, 0xf4, 0xe8, 0x90, 0x6b, 0x0f, 0xf1, 0x6b, -+ 0x8c, 0xe3, 0xa2, 0x80, 0x3c, 0x96, 0xf1, 0x0a, 0xb6, 0x66, 0xc0, 0x4b, -+ 0x61, 0xf7, 0x74, 0xcd, 0xd3, 0x7b, 0x8e, 0x5e, 0x39, 0xda, 0x99, 0x20, -+ 0x33, 0x93, 0xd3, 0xf0, 0x7f, 0xad, 0x35, 0xe9, 0x88, 0x8d, 0x9c, 0xbf, -+ 0x65, 0xf1, 0x47, 0x02, 0xf9, 0x7c, 0xed, 0x27, 0x5f, 0x4a, 0x65, 0x3c, -+ 0xcf, 0x5f, 0x0e, 0x88, 0x95, 0x74, 0xde, 0xfb, 0x9e, 0x2e, 0x91, 0x9b, -+ 0x45, 0x37, 0xc8, 0x85, 0xff, 0xe3, 0x41, 0x70, 0xfe, 0xd5, 0xef, 0x0e, -+ 0x82, 0x22, 0x08, 0xb7, 0x3b, 0x44, 0x3e, 0xdc, 0x5b, 0x7f, 0xba, 0xbf, -+ 0xe6, 0x58, 0x9d, 0x02, 0x6e, 0x75, 0xbf, 0x50, 0xec, 0xcf, 0x3f, 0xa5, -+ 0x91, 0x0a, 0xe2, 0x59, 0x2c, 0xc3, 0xe7, 0x05, 0x03, 0xe8, 0xf2, 0x6f, -+ 0x2a, 0x04, 0x68, 0x9a, 0x31, 0x32, 0x8f, 0x04, 0x35, 0xcd, 0x1f, 0x34, -+ 0xcc, 0x4f, 0x79, 0x5a, 0x99, 0x8d, 0x9d, 0x5c, 0xf5, 0x02, 0x03, 0x01, -+ 0x00, 0x01, 0xa3, 0x5d, 0x30, 0x5b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, -+ 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06, 0x03, -+ 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x1d, 0x06, -+ 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x65, 0xc5, 0xbe, 0xca, -+ 0xe6, 0x59, 0x6a, 0xfd, 0x6c, 0x71, 0xc4, 0xa7, 0x98, 0xc6, 0x25, 0x8d, -+ 0x7b, 0x67, 0x05, 0xd0, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, -+ 0x18, 0x30, 0x16, 0x80, 0x14, 0x81, 0xf8, 0xee, 0x47, 0x5c, 0x3e, 0xed, -+ 0xfb, 0xce, 0xa5, 0x84, 0xbe, 0xd7, 0xae, 0xdb, 0xd3, 0x7d, 0x64, 0xb3, -+ 0x2a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, -+ 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x66, 0x1e, 0x3d, -+ 0x1d, 0x53, 0x33, 0xde, 0x4e, 0xc7, 0xc4, 0xf4, 0xdf, 0xda, 0x18, 0x19, -+ 0x8a, 0xa9, 0xff, 0xe2, 0x63, 0x2b, 0xbe, 0xf2, 0x61, 0x63, 0xe2, 0xf6, -+ 0xed, 0x47, 0x1a, 0x71, 0x02, 0xec, 0x2a, 0xef, 0x89, 0x77, 0xe3, 0xfd, -+ 0x86, 0x69, 0xf1, 0x3f, 0x0d, 0xf9, 0x6e, 0xf9, 0x3b, 0xad, 0x26, 0x47, -+ 0xb7, 0xf2, 0x0d, 0xad, 0x23, 0xa3, 0x67, 0x3b, 0xcb, 0x6d, 0x9e, 0x03, -+ 0x0f, 0xbc, 0x69, 0x73, 0x9f, 0xd4, 0xa5, 0x0f, 0x6f, 0xf8, 0xab, 0x4d, -+ 0x36, 0xd1, 0xe0, 0xe0, 0x5d, 0x20, 0x43, 0x90, 0xc4, 0x65, 0x61, 0x93, -+ 0xe2, 0x0f, 0x51, 0x59, 0x0a, 0xf7, 0x88, 0x70, 0x57, 0xb9, 0x04, 0xa9, -+ 0x32, 0x57, 0x9c, 0xb3, 0x57, 0x38, 0x8b, 0x8e, 0x46, 0xc8, 0x32, 0x6c, -+ 0xb4, 0xf3, 0x96, 0x7f, 0x4b, 0xf0, 0x88, 0xf9, 0x7f, 0xe2, 0x71, 0xe1, -+ 0x8b, 0xe2, 0x14, 0xf1, 0x4b, 0x25, 0x00, 0x48, 0x1c, 0x7e, 0xe5, 0x8d, -+ 0x65, 0x2d, 0xeb, 0x72, 0x4f, 0x92, 0x44, 0xf3, 0xe6, 0xe0, 0xd0, 0xdf, -+ 0x85, 0xa8, 0x13, 0x4a, 0xfb, 0x99, 0xca, 0x14, 0x2c, 0x97, 0x80, 0x93, -+ 0x27, 0xd3, 0x20, 0xf8, 0x6d, 0x29, 0x28, 0x2c, 0xb9, 0x77, 0xea, 0xb1, -+ 0x63, 0xbd, 0x7d, 0x53, 0xfd, 0x4a, 0x62, 0x64, 0x0b, 0x98, 0xa8, 0xae, -+ 0x11, 0xfc, 0x6e, 0x8d, 0x63, 0xd4, 0x15, 0x55, 0xc6, 0x4c, 0x74, 0xf5, -+ 0x5f, 0xa0, 0xb9, 0x2c, 0x2d, 0x9a, 0x7a, 0x87, 0x6e, 0xf0, 0x5e, 0x25, -+ 0xed, 0xfc, 0xd8, 0xc4, 0x34, 0x33, 0x32, 0xad, 0x01, 0xd4, 0x4b, 0x49, -+ 0x51, 0xc2, 0x07, 0x7f, 0x90, 0x6d, 0xea, 0xf5, 0x4c, 0x41, 0x71, 0x64, -+ 0xeb, 0x1f, 0x29, 0xa3, 0x1f, 0x64, 0xa2, 0x1e, 0x0e, 0x6f, 0xa1, 0x67, -+ 0x99, 0x8d, 0x98, 0x1c, 0xb8, 0x53, 0x9d, 0x30, 0x1d, 0xae, 0x32, 0x56, -+ 0xd2 -+}; -+unsigned int certificate_printable_der_len = 829; diff --git a/SPECS/grub2/fedora/0175-appended-signatures-documentation.patch b/SPECS/grub2/fedora/0175-appended-signatures-documentation.patch deleted file mode 100644 index eb580464d8..0000000000 --- a/SPECS/grub2/fedora/0175-appended-signatures-documentation.patch +++ /dev/null @@ -1,341 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Thu, 1 Oct 2020 13:02:09 +1000 -Subject: [PATCH] appended signatures: documentation - -This explains how appended signatures can be used to form part of -a secure boot chain, and documents the commands and variables -introduced. - -Signed-off-by: Daniel Axtens ---- - docs/grub.texi | 199 ++++++++++++++++++++++++++++++++++++++++++++++++++++----- - 1 file changed, 182 insertions(+), 17 deletions(-) - -diff --git a/docs/grub.texi b/docs/grub.texi -index afbde7c1f7..4816be8561 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -3214,6 +3214,7 @@ These variables have special meaning to GRUB. - - @menu - * biosnum:: -+* check_appended_signatures:: - * check_signatures:: - * chosen:: - * cmdpath:: -@@ -3273,11 +3274,18 @@ For an alternative approach which also changes BIOS drive mappings for the - chain-loaded system, @pxref{drivemap}. - - -+@node check_appended_signatures -+@subsection check_appended_signatures -+ -+This variable controls whether GRUB enforces appended signature validation on -+certain loaded files. @xref{Using appended signatures}. -+ -+ - @node check_signatures - @subsection check_signatures - --This variable controls whether GRUB enforces digital signature --validation on loaded files. @xref{Using digital signatures}. -+This variable controls whether GRUB enforces GPG-style digital signature -+validation on loaded files. @xref{Using GPG-style digital signatures}. - - @node chosen - @subsection chosen -@@ -3994,6 +4002,7 @@ you forget a command, you can run the command @command{help} - * date:: Display or set current date and time - * devicetree:: Load a device tree blob - * distrust:: Remove a pubkey from trusted keys -+* distrust_certificate:: Remove a certificate from the list of trusted certificates - * drivemap:: Map a drive to another - * echo:: Display a line of text - * eval:: Evaluate agruments as GRUB commands -@@ -4010,6 +4019,7 @@ you forget a command, you can run the command @command{help} - * keystatus:: Check key modifier status - * linux:: Load a Linux kernel - * linux16:: Load a Linux kernel (16-bit mode) -+* list_certificates:: List trusted certificates - * list_env:: List variables in environment block - * list_trusted:: List trusted public keys - * load_env:: Load variables from environment block -@@ -4047,8 +4057,10 @@ you forget a command, you can run the command @command{help} - * test:: Check file types and compare values - * true:: Do nothing, successfully - * trust:: Add public key to list of trusted keys -+* trust_certificate:: Add an x509 certificate to the list of trusted certificates - * unset:: Unset an environment variable - @comment * vbeinfo:: List available video modes -+* verify_appended:: Verify appended digital signature - * verify_detached:: Verify detached digital signature - * videoinfo:: List available video modes - @comment * xen_*:: Xen boot commands for AArch64 -@@ -4376,9 +4388,28 @@ These keys are used to validate signatures when environment variable - @code{check_signatures} is set to @code{enforce} - (@pxref{check_signatures}), and by some invocations of - @command{verify_detached} (@pxref{verify_detached}). @xref{Using --digital signatures}, for more information. -+GPG-style digital signatures}, for more information. - @end deffn - -+ -+@node distrust_certificate -+@subsection distrust_certificate -+ -+@deffn Command distrust_certificate cert_number -+Remove the x509 certificate numbered @var{cert_number} from GRUB's keyring of -+trusted x509 certificates for verifying appended signatures. -+ -+@var{cert_number} is the certificate number as listed by -+@command{list_certificates} (@pxref{list_certificates}). -+ -+These certificates are used to validate appended signatures when environment -+variable @code{check_appended_signatures} is set to @code{enforce} or -+@code{forced} (@pxref{check_appended_signatures}), and by -+@command{verify_appended} (@pxref{verify_appended}). See -+@xref{Using appended signatures} for more information. -+@end deffn -+ -+ - @node drivemap - @subsection drivemap - -@@ -4636,6 +4667,21 @@ This command is only available on x86 systems. - @end deffn - - -+@node list_certificates -+@subsection list_certificates -+ -+@deffn Command list_certificates -+List all x509 certificates trusted by GRUB for validating appended signatures. -+The output is a numbered list of certificates, showing the certificate's serial -+number and Common Name. -+ -+The certificate number can be used as an argument to -+@command{distrust_certificate} (@pxref{distrust_certificate}). -+ -+See @xref{Using appended signatures} for more information. -+@end deffn -+ -+ - @node list_env - @subsection list_env - -@@ -4655,7 +4701,7 @@ The output is in GPG's v4 key fingerprint format (i.e., the output of - @code{gpg --fingerprint}). The least significant four bytes (last - eight hexadecimal digits) can be used as an argument to - @command{distrust} (@pxref{distrust}). --@xref{Using digital signatures}, for more information about uses for -+@xref{Using GPG-style digital signatures}, for more information about uses for - these keys. - @end deffn - -@@ -4690,8 +4736,13 @@ When used with care, @option{--skip-sig} and the whitelist enable an - administrator to configure a system to boot only signed - configurations, but to allow the user to select from among multiple - configurations, and to enable ``one-shot'' boot attempts and --``savedefault'' behavior. @xref{Using digital signatures}, for more -+``savedefault'' behavior. @xref{Using GPG-style digital signatures}, for more - information. -+ -+Extra care should be taken when combining this command with appended signatures -+(@pxref{Using appended signatures}), as this file is not validated by an -+appended signature and could set @code{check_appended_signatures=no} if GRUB is -+not in @pxref{Lockdown} mode. - @end deffn - - -@@ -4987,7 +5038,7 @@ read. It is possible to modify a digitally signed environment block - file from within GRUB using this command, such that its signature will - no longer be valid on subsequent boots. Care should be taken in such - advanced configurations to avoid rendering the system --unbootable. @xref{Using digital signatures}, for more information. -+unbootable. @xref{Using GPG-style digital signatures}, for more information. - @end deffn - - -@@ -5387,11 +5438,32 @@ signatures when environment variable @code{check_signatures} is set to - must itself be properly signed. The @option{--skip-sig} option can be - used to disable signature-checking when reading @var{pubkey_file} - itself. It is expected that @option{--skip-sig} is useful for testing --and manual booting. @xref{Using digital signatures}, for more -+and manual booting. @xref{Using GPG-style digital signatures}, for more - information. - @end deffn - - -+@node trust_certificate -+@subsection trust_certificate -+ -+@deffn Command trust_certificate x509_certificate -+Read an DER-formatted x509 certificate from the file @var{x509_certificate} -+and add it to GRUB's internal list of trusted x509 certificates. These -+certificates are used to validate appended signatures when the environment -+variable @code{check_appended_signatures} is set to @code{enforce} or -+@code{forced}. -+ -+Note that if @code{check_appended_signatures} is set to @code{enforce} or -+@code{forced} when @command{trust_certificate} is executed, then -+@var{x509_certificate} must itself bear an appended signature. (It is not -+sufficient that @var{x509_certificate} be signed by a trusted certificate -+according to the x509 rules: grub does not include support for validating -+signatures within x509 certificates themselves.) -+ -+See @xref{Using appended signatures} for more information. -+@end deffn -+ -+ - @node unset - @subsection unset - -@@ -5410,6 +5482,18 @@ only on PC BIOS platforms. - @end deffn - @end ignore - -+@node verify_appended -+@subsection verify_appended -+ -+@deffn Command verify_appended file -+Verifies an appended signature on @var{file} against the trusted certificates -+known to GRUB (See @pxref{list_certificates}, @pxref{trust_certificate}, and -+@pxref{distrust_certificate}). -+ -+Exit code @code{$?} is set to 0 if the signature validates -+successfully. If validation fails, it is set to a non-zero value. -+See @xref{Using appended signatures}, for more information. -+@end deffn - - @node verify_detached - @subsection verify_detached -@@ -5428,7 +5512,7 @@ tried. - - Exit code @code{$?} is set to 0 if the signature validates - successfully. If validation fails, it is set to a non-zero value. --@xref{Using digital signatures}, for more information. -+@xref{Using GPG-style digital signatures}, for more information. - @end deffn - - @node videoinfo -@@ -5811,13 +5895,14 @@ environment variables and commands are listed in the same order. - @chapter Security - - @menu --* Authentication and authorisation:: Users and access control --* Using digital signatures:: Booting digitally signed code --* UEFI secure boot and shim:: Booting digitally signed PE files --* Secure Boot Advanced Targeting:: Embedded information for generation number based revocation --* Measured Boot:: Measuring boot components --* Lockdown:: Lockdown when booting on a secure setup --* Signing GRUB itself:: Ensuring the integrity of the GRUB core image -+* Authentication and authorisation:: Users and access control -+* Using GPG-style digital signatures:: Booting digitally signed code -+* Using appended signatures:: An alternative approach to booting digitally signed code -+* UEFI secure boot and shim:: Booting digitally signed PE files -+* Secure Boot Advanced Targeting:: Embedded information for generation number based revocation -+* Measured Boot:: Measuring boot components -+* Lockdown:: Lockdown when booting on a secure setup -+* Signing GRUB itself:: Ensuring the integrity of the GRUB core image - @end menu - - @node Authentication and authorisation -@@ -5891,8 +5976,8 @@ generating configuration files with authentication. You can use - adding @kbd{set superusers=} and @kbd{password} or @kbd{password_pbkdf2} - commands. - --@node Using digital signatures --@section Using digital signatures in GRUB -+@node Using GPG-style digital signatures -+@section Using GPG-style digital signatures in GRUB - - GRUB's @file{core.img} can optionally provide enforcement that all files - subsequently read from disk are covered by a valid digital signature. -@@ -5985,6 +6070,86 @@ or BIOS) configuration to cause the machine to boot from a different - (attacker-controlled) device. GRUB is at best only one link in a - secure boot chain. - -+@node Using appended signatures -+@section Using appended signatures in GRUB -+ -+GRUB supports verifying Linux-style 'appended signatures' for secure boot. -+Appended signatures are PKCS#7 messages containing a signature over the -+contents of a file, plus some metadata, appended to the end of a file. A file -+with an appended signature ends with the magic string: -+ -+@example -+~Module signature appended~\n -+@end example -+ -+where @code{\n} represents the line-feed character, @code{0x0a}. -+ -+Certificates can be managed at boot time using the @pxref{trust_certificate}, -+@pxref{distrust_certificate} and @pxref{list_certificates} commands. -+Certificates can also be built in to the core image using the @code{--x509} -+parameter to @command{grub-install} or @command{grub-mkimage}. -+ -+A file can be explictly verified using the @pxref{verify_appended} command. -+ -+Only signatures made with the SHA-256 or SHA-512 hash algorithm are supported, -+and only RSA signatures are supported. -+ -+A file can be signed with the @command{sign-file} utility supplied with the -+Linux kernel source. For example, if you have @code{signing.key} as the private -+key and @code{certificate.der} as the x509 certificate containing the public key: -+ -+@example -+sign-file SHA256 signing.key certificate.der vmlinux vmlinux.signed -+@end example -+ -+Enforcement of signature verification is controlled by the -+@code{check_appended_signatures} variable. -+ -+@itemize -+@item @samp{no}: no verification is performed. This is the default when GRUB -+ is not in @pxref{Lockdown} mode. -+@item @samp{enforce}: verification is performed. Verification can be disabled -+ by setting the variable back to @samp{no}. -+@item @samp{forced}: verification is performed and cannot be disabled. This is -+ set when GRUB is in Lockdown when the appendedsig module is loaded. -+@end itemize -+ -+Unlike GPG-style signatures, not all files loaded by GRUB are required to be -+signed. Once verification is turned on, the following file types will have -+appended signatures verified: -+ -+@itemize -+@item Linux kernels -+@item GRUB modules, except those built into the core image -+@item Any new certificate files to be trusted -+@end itemize -+ -+ACPI tables and Device Tree images will not be checked for appended signatures -+but must be verified by another mechanism such as GPG-style signatures before -+they will be loaded. -+ -+Unless lockdown mode is enabled, signature checking does @strong{not} -+stop an attacker with console access from dropping manually to the GRUB -+console and executing: -+ -+@example -+set check_appended_signatures=no -+@end example -+ -+Refer to the section on password-protecting GRUB (@pxref{Authentication -+and authorisation}) for more information on preventing this. -+ -+Additionally, unless lockdown mode is enabled: -+ -+@itemize -+@item Special care must be taken around the @command{loadenv} command, which -+ can be used to turn off @code{check_appended_signature}. -+ -+@item If the grub configuration file is loaded from the disk, anyone who can -+ modify the file on disk can turn off @code{check_appended_signature}. -+ Consider embedding the configuration into the core grub image. -+@end itemize -+ - @node UEFI secure boot and shim - @section UEFI secure boot and shim support - diff --git a/SPECS/grub2/fedora/0180-appendedsig-x509-Also-handle-the-Extended-Key-Usage-.patch b/SPECS/grub2/fedora/0180-appendedsig-x509-Also-handle-the-Extended-Key-Usage-.patch deleted file mode 100644 index 5728f26de3..0000000000 --- a/SPECS/grub2/fedora/0180-appendedsig-x509-Also-handle-the-Extended-Key-Usage-.patch +++ /dev/null @@ -1,315 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Sat, 8 May 2021 02:27:58 +0200 -Subject: [PATCH] appendedsig/x509: Also handle the Extended Key Usage - extension - -Red Hat certificates have both Key Usage and Extended Key Usage extensions -present, but the appended signatures x509 parser doesn't handle the latter -and so buils due finding an unrecognised critical extension: - -Error loading initial key: -../../grub-core/commands/appendedsig/x509.c:780:Unhandled critical x509 extension with OID 2.5.29.37 - -Fix this by also parsing the Extended Key Usage extension and handle it by -verifying that the certificate has a single purpose, that is code signing. - -Signed-off-by: Javier Martinez Canillas -Signed-off-by: Daniel Axtens ---- - grub-core/commands/appendedsig/x509.c | 94 ++++++++++++++++++++++++++++++- - grub-core/tests/appended_signature_test.c | 29 +++++++++- - grub-core/tests/appended_signatures.h | 81 ++++++++++++++++++++++++++ - 3 files changed, 201 insertions(+), 3 deletions(-) - -diff --git a/grub-core/commands/appendedsig/x509.c b/grub-core/commands/appendedsig/x509.c -index 2b38b3670a..42ec65c54a 100644 ---- a/grub-core/commands/appendedsig/x509.c -+++ b/grub-core/commands/appendedsig/x509.c -@@ -47,6 +47,12 @@ const char *keyUsage_oid = "2.5.29.15"; - */ - const char *basicConstraints_oid = "2.5.29.19"; - -+/* -+ * RFC 5280 4.2.1.12 Extended Key Usage -+ */ -+const char *extendedKeyUsage_oid = "2.5.29.37"; -+const char *codeSigningUsage_oid = "1.3.6.1.5.5.7.3.3"; -+ - /* - * RFC 3279 2.3.1 - * -@@ -637,6 +643,77 @@ cleanup: - return err; - } - -+/* -+ * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId -+ * -+ * KeyPurposeId ::= OBJECT IDENTIFIER -+ */ -+static grub_err_t -+verify_extended_key_usage (grub_uint8_t * value, int value_size) -+{ -+ asn1_node extendedasn; -+ int result, count; -+ grub_err_t err = GRUB_ERR_NONE; -+ char usage[MAX_OID_LEN]; -+ int usage_size = sizeof (usage); -+ -+ result = -+ asn1_create_element (_gnutls_pkix_asn, "PKIX1.ExtKeyUsageSyntax", -+ &extendedasn); -+ if (result != ASN1_SUCCESS) -+ { -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "Could not create ASN.1 structure for Extended Key Usage"); -+ } -+ -+ result = asn1_der_decoding2 (&extendedasn, value, &value_size, -+ ASN1_DECODE_FLAG_STRICT_DER, asn1_error); -+ if (result != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error parsing DER for Extended Key Usage: %s", -+ asn1_error); -+ goto cleanup; -+ } -+ -+ /* -+ * If EKUs are present, there must be exactly 1 and it must be a -+ * codeSigning usage. -+ */ -+ result = asn1_number_of_elements(extendedasn, "", &count); -+ if (result != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error counting number of Extended Key Usages: %s", -+ asn1_strerror (result)); -+ goto cleanup; -+ } -+ -+ result = asn1_read_value (extendedasn, "?1", usage, &usage_size); -+ if (result != ASN1_SUCCESS) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Error reading Extended Key Usage: %s", -+ asn1_strerror (result)); -+ goto cleanup; -+ } -+ -+ if (grub_strncmp (codeSigningUsage_oid, usage, usage_size) != 0) -+ { -+ err = -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Unexpected Extended Key Usage OID, got: %s", -+ usage); -+ goto cleanup; -+ } -+ -+cleanup: -+ asn1_delete_structure (&extendedasn); -+ return err; -+} - - /* - * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension -@@ -660,7 +737,7 @@ verify_extensions (asn1_node cert) - { - int result; - int ext, num_extensions = 0; -- int usage_present = 0, constraints_present = 0; -+ int usage_present = 0, constraints_present = 0, extended_usage_present = 0; - char *oid_path, *critical_path, *value_path; - char extnID[MAX_OID_LEN]; - int extnID_size; -@@ -754,6 +831,15 @@ verify_extensions (asn1_node cert) - } - constraints_present++; - } -+ else if (grub_strncmp (extendedKeyUsage_oid, extnID, extnID_size) == 0) -+ { -+ err = verify_extended_key_usage (value, value_size); -+ if (err != GRUB_ERR_NONE) -+ { -+ goto cleanup_value; -+ } -+ extended_usage_present++; -+ } - else if (grub_strncmp ("TRUE", critical, critical_size) == 0) - { - /* -@@ -785,6 +871,12 @@ verify_extensions (asn1_node cert) - "Unexpected number of basic constraints extensions - expected 1, got %d", - constraints_present); - } -+ if (extended_usage_present > 1) -+ { -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "Unexpected number of Extended Key Usage extensions - expected 0 or 1, got %d", -+ extended_usage_present); -+ } - return GRUB_ERR_NONE; - - cleanup_value: -diff --git a/grub-core/tests/appended_signature_test.c b/grub-core/tests/appended_signature_test.c -index 88a485200d..dbba061662 100644 ---- a/grub-core/tests/appended_signature_test.c -+++ b/grub-core/tests/appended_signature_test.c -@@ -111,6 +111,22 @@ static struct grub_procfs_entry certificate_printable_der_entry = { - .get_contents = get_certificate_printable_der - }; - -+static char * -+get_certificate_eku_der (grub_size_t * sz) -+{ -+ char *ret; -+ *sz = certificate_eku_der_len; -+ ret = grub_malloc (*sz); -+ if (ret) -+ grub_memcpy (ret, certificate_eku_der, *sz); -+ return ret; -+} -+ -+static struct grub_procfs_entry certificate_eku_der_entry = { -+ .name = "certificate_eku.der", -+ .get_contents = get_certificate_eku_der -+}; -+ - - static void - do_verify (const char *f, int is_valid) -@@ -149,6 +165,7 @@ appended_signature_test (void) - char *trust_args2[] = { (char *) "(proc)/certificate2.der", NULL }; - char *trust_args_printable[] = { (char *) "(proc)/certificate_printable.der", - NULL }; -+ char *trust_args_eku[] = { (char *) "(proc)/certificate_eku.der", NULL }; - char *distrust_args[] = { (char *) "1", NULL }; - char *distrust2_args[] = { (char *) "2", NULL }; - grub_err_t err; -@@ -157,6 +174,7 @@ appended_signature_test (void) - grub_procfs_register ("certificate2.der", &certificate2_der_entry); - grub_procfs_register ("certificate_printable.der", - &certificate_printable_der_entry); -+ grub_procfs_register ("certificate_eku.der", &certificate_eku_der_entry); - - cmd_trust = grub_command_find ("trust_certificate"); - if (!cmd_trust) -@@ -266,16 +284,23 @@ appended_signature_test (void) - - /* - * Lastly, check a certificate that uses printableString rather than -- * utf8String loads properly. -+ * utf8String loads properly, and that a certificate with an appropriate -+ * extended key usage loads. - */ - err = (cmd_trust->func) (cmd_trust, 1, trust_args_printable); - grub_test_assert (err == GRUB_ERR_NONE, -- "distrusting printable certificate failed: %d: %s", -+ "trusting printable certificate failed: %d: %s", -+ grub_errno, grub_errmsg); -+ -+ err = (cmd_trust->func) (cmd_trust, 1, trust_args_eku); -+ grub_test_assert (err == GRUB_ERR_NONE, -+ "trusting certificate with extended key usage failed: %d: %s", - grub_errno, grub_errmsg); - - grub_procfs_unregister (&certificate_der_entry); - grub_procfs_unregister (&certificate2_der_entry); - grub_procfs_unregister (&certificate_printable_der_entry); -+ grub_procfs_unregister (&certificate_eku_der_entry); - } - - GRUB_FUNCTIONAL_TEST (appended_signature_test, appended_signature_test); -diff --git a/grub-core/tests/appended_signatures.h b/grub-core/tests/appended_signatures.h -index aa3dc6278e..2e5ebd7d8b 100644 ---- a/grub-core/tests/appended_signatures.h -+++ b/grub-core/tests/appended_signatures.h -@@ -555,3 +555,84 @@ unsigned char certificate_printable_der[] = { - 0xd2 - }; - unsigned int certificate_printable_der_len = 829; -+ -+unsigned char certificate_eku_der[] = { -+ 0x30, 0x82, 0x03, 0x90, 0x30, 0x82, 0x02, 0x78, 0xa0, 0x03, 0x02, 0x01, -+ 0x02, 0x02, 0x09, 0x00, 0xd3, 0x9c, 0x41, 0x33, 0xdd, 0x6b, 0x5f, 0x45, -+ 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, -+ 0x0b, 0x05, 0x00, 0x30, 0x47, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, -+ 0x04, 0x03, 0x0c, 0x18, 0x52, 0x65, 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, -+ 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x42, 0x6f, 0x6f, 0x74, 0x20, -+ 0x43, 0x41, 0x20, 0x36, 0x31, 0x22, 0x30, 0x20, 0x06, 0x09, 0x2a, 0x86, -+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x73, 0x65, 0x63, -+ 0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65, 0x64, 0x68, 0x61, 0x74, -+ 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, -+ 0x31, 0x35, 0x31, 0x34, 0x30, 0x30, 0x34, 0x34, 0x5a, 0x17, 0x0d, 0x33, -+ 0x38, 0x30, 0x31, 0x31, 0x37, 0x31, 0x34, 0x30, 0x30, 0x34, 0x34, 0x5a, -+ 0x30, 0x4e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, -+ 0x1f, 0x52, 0x65, 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, -+ 0x75, 0x72, 0x65, 0x20, 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x53, 0x69, 0x67, -+ 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x36, 0x30, 0x32, 0x31, 0x22, 0x30, 0x20, -+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, -+ 0x13, 0x73, 0x65, 0x63, 0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65, -+ 0x64, 0x68, 0x61, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, -+ 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, -+ 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, -+ 0x02, 0x82, 0x01, 0x01, 0x00, 0xaa, 0x6f, 0xbb, 0x92, 0x77, 0xd7, 0x15, -+ 0xef, 0x88, 0x80, 0x88, 0xc0, 0xe7, 0x89, 0xeb, 0x35, 0x76, 0xf4, 0x85, -+ 0x05, 0x0f, 0x19, 0xe4, 0x5f, 0x25, 0xdd, 0xc1, 0xa2, 0xe5, 0x5c, 0x06, -+ 0xfb, 0xf1, 0x06, 0xb5, 0x65, 0x45, 0xcb, 0xbd, 0x19, 0x33, 0x54, 0xb5, -+ 0x1a, 0xcd, 0xe4, 0xa8, 0x35, 0x2a, 0xfe, 0x9c, 0x53, 0xf4, 0xc6, 0x76, -+ 0xdb, 0x1f, 0x8a, 0xd4, 0x7b, 0x18, 0x11, 0xaf, 0xa3, 0x90, 0xd4, 0xdd, -+ 0x4d, 0xd5, 0x42, 0xcc, 0x14, 0x9a, 0x64, 0x6b, 0xc0, 0x7f, 0xaa, 0x1c, -+ 0x94, 0x47, 0x4d, 0x79, 0xbd, 0x57, 0x9a, 0xbf, 0x99, 0x4e, 0x96, 0xa9, -+ 0x31, 0x2c, 0xa9, 0xe7, 0x14, 0x65, 0x86, 0xc8, 0xac, 0x79, 0x5e, 0x78, -+ 0xa4, 0x3c, 0x00, 0x24, 0xd3, 0xf7, 0xe1, 0xf5, 0x12, 0xad, 0xa0, 0x29, -+ 0xe5, 0xfe, 0x80, 0xae, 0xf8, 0xaa, 0x60, 0x36, 0xe7, 0xe8, 0x94, 0xcb, -+ 0xe9, 0xd1, 0xcc, 0x0b, 0x4d, 0xf7, 0xde, 0xeb, 0x52, 0xd2, 0x73, 0x09, -+ 0x28, 0xdf, 0x48, 0x99, 0x53, 0x9f, 0xc5, 0x9a, 0xd4, 0x36, 0xa3, 0xc6, -+ 0x5e, 0x8d, 0xbe, 0xd5, 0xdc, 0x76, 0xb4, 0x74, 0xb8, 0x26, 0x18, 0x27, -+ 0xfb, 0xf2, 0xfb, 0xd0, 0x9b, 0x3d, 0x7f, 0x10, 0xe2, 0xab, 0x44, 0xc7, -+ 0x88, 0x7f, 0xb4, 0x3d, 0x3e, 0xa3, 0xff, 0x6d, 0x06, 0x4b, 0x3e, 0x55, -+ 0xb2, 0x84, 0xf4, 0xad, 0x54, 0x88, 0x81, 0xc3, 0x9c, 0xf8, 0xb6, 0x68, -+ 0x96, 0x38, 0x8b, 0xcd, 0x90, 0x6d, 0x25, 0x4b, 0xbf, 0x0c, 0x44, 0x90, -+ 0xa5, 0x5b, 0x98, 0xd0, 0x40, 0x2f, 0xbb, 0x0d, 0xa8, 0x4b, 0x8a, 0x62, -+ 0x82, 0x46, 0x46, 0x18, 0x38, 0xae, 0x82, 0x07, 0xd0, 0xb4, 0x2f, 0x16, -+ 0x79, 0x55, 0x9f, 0x1b, 0xc5, 0x08, 0x6d, 0x85, 0xdf, 0x3f, 0xa9, 0x9b, -+ 0x4b, 0xc6, 0x28, 0xd3, 0x58, 0x72, 0x3d, 0x37, 0x11, 0x02, 0x03, 0x01, -+ 0x00, 0x01, 0xa3, 0x78, 0x30, 0x76, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, -+ 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0e, 0x06, 0x03, -+ 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, -+ 0x30, 0x16, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x0c, -+ 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03, -+ 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x6c, -+ 0xe4, 0x6c, 0x27, 0xaa, 0xcd, 0x0d, 0x4b, 0x74, 0x21, 0xa4, 0xf6, 0x5f, -+ 0x87, 0xb5, 0x31, 0xfe, 0x10, 0xbb, 0xa7, 0x30, 0x1f, 0x06, 0x03, 0x55, -+ 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xe8, 0x6a, 0x1c, 0xab, -+ 0x2c, 0x48, 0xf9, 0x60, 0x36, 0xa2, 0xf0, 0x7b, 0x8e, 0xd2, 0x9d, 0xb4, -+ 0x2a, 0x28, 0x98, 0xc8, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, -+ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, -+ 0x55, 0x34, 0xe2, 0xfa, 0xf6, 0x89, 0x86, 0xad, 0x92, 0x21, 0xec, 0xb9, -+ 0x54, 0x0e, 0x18, 0x47, 0x0d, 0x1b, 0xa7, 0x58, 0xad, 0x69, 0xe4, 0xef, -+ 0x3b, 0xe6, 0x8d, 0xdd, 0xda, 0x0c, 0x45, 0xf6, 0xe8, 0x96, 0xa4, 0x29, -+ 0x0f, 0xbb, 0xcf, 0x16, 0xae, 0x93, 0xd0, 0xcb, 0x2a, 0x26, 0x1a, 0x7b, -+ 0xfc, 0x51, 0x22, 0x76, 0x98, 0x31, 0xa7, 0x0f, 0x29, 0x35, 0x79, 0xbf, -+ 0xe2, 0x4f, 0x0f, 0x14, 0xf5, 0x1f, 0xcb, 0xbf, 0x87, 0x65, 0x13, 0x32, -+ 0xa3, 0x19, 0x4a, 0xd1, 0x3f, 0x45, 0xd4, 0x4b, 0xe2, 0x00, 0x26, 0xa9, -+ 0x3e, 0xd7, 0xa5, 0x37, 0x9f, 0xf5, 0xad, 0x61, 0xe2, 0x40, 0xa9, 0x74, -+ 0x24, 0x53, 0xf2, 0x78, 0xeb, 0x10, 0x9b, 0x2c, 0x27, 0x88, 0x46, 0xcb, -+ 0xe4, 0x60, 0xca, 0xf5, 0x06, 0x24, 0x40, 0x2a, 0x97, 0x3a, 0xcc, 0xd0, -+ 0x81, 0xb1, 0x15, 0xa3, 0x4f, 0xd0, 0x2b, 0x4f, 0xca, 0x6e, 0xaa, 0x24, -+ 0x31, 0xb3, 0xac, 0xa6, 0x75, 0x05, 0xfe, 0x8a, 0xf4, 0x41, 0xc4, 0x06, -+ 0x8a, 0xc7, 0x0a, 0x83, 0x4e, 0x49, 0xd4, 0x3f, 0x83, 0x50, 0xec, 0x57, -+ 0x04, 0x97, 0x14, 0x49, 0xf5, 0xe1, 0xb1, 0x7a, 0x9c, 0x09, 0x4f, 0x61, -+ 0x87, 0xc3, 0x97, 0x22, 0x17, 0xc2, 0xeb, 0xcc, 0x32, 0x81, 0x31, 0x21, -+ 0x3f, 0x10, 0x57, 0x5b, 0x43, 0xbe, 0xcd, 0x68, 0x82, 0xbe, 0xe5, 0xc1, -+ 0x65, 0x94, 0x7e, 0xc2, 0x34, 0x76, 0x2b, 0xcf, 0x89, 0x3c, 0x2b, 0x81, -+ 0x23, 0x72, 0x95, 0xcf, 0xc9, 0x67, 0x19, 0x2a, 0xd5, 0x5c, 0xca, 0xa3, -+ 0x46, 0xbd, 0x48, 0x06, 0x0b, 0xa6, 0xa3, 0x96, 0x50, 0x28, 0xc7, 0x7e, -+ 0xcf, 0x62, 0xf2, 0xfa, 0xc4, 0xf2, 0x53, 0xe3, 0xc9, 0xe8, 0x2e, 0xdd, -+ 0x29, 0x37, 0x07, 0x47, 0xff, 0xff, 0x8a, 0x32, 0xbd, 0xa2, 0xb7, 0x21, -+ 0x89, 0xa0, 0x55, 0xf7 -+}; -+unsigned int certificate_eku_der_len = 916; diff --git a/SPECS/grub2/fedora/0182-Allow-chainloading-EFI-apps-from-loop-mounts.patch b/SPECS/grub2/fedora/0182-Allow-chainloading-EFI-apps-from-loop-mounts.patch deleted file mode 100644 index c3101e1011..0000000000 --- a/SPECS/grub2/fedora/0182-Allow-chainloading-EFI-apps-from-loop-mounts.patch +++ /dev/null @@ -1,138 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Dimitri John Ledkov -Date: Fri, 11 Jun 2021 13:51:20 +0200 -Subject: [PATCH] Allow chainloading EFI apps from loop mounts. - -Signed-off-by: Dimitri John Ledkov -Signed-off-by: Robbie Harwood ---- - grub-core/disk/loopback.c | 9 +-------- - grub-core/loader/efi/chainloader.c | 23 +++++++++++++++++++++++ - include/grub/loopback.h | 30 ++++++++++++++++++++++++++++++ - 3 files changed, 54 insertions(+), 8 deletions(-) - create mode 100644 include/grub/loopback.h - -diff --git a/grub-core/disk/loopback.c b/grub-core/disk/loopback.c -index 41bebd14fe..99f47924ec 100644 ---- a/grub-core/disk/loopback.c -+++ b/grub-core/disk/loopback.c -@@ -21,20 +21,13 @@ - #include - #include - #include -+#include - #include - #include - #include - - GRUB_MOD_LICENSE ("GPLv3+"); - --struct grub_loopback --{ -- char *devname; -- grub_file_t file; -- struct grub_loopback *next; -- unsigned long id; --}; -- - static struct grub_loopback *loopback_list; - static unsigned long last_id = 0; - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index d41e8ea14a..3af6b12292 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -24,6 +24,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -901,6 +902,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - grub_efi_status_t status; - grub_efi_boot_services_t *b; - grub_device_t dev = 0; -+ grub_device_t orig_dev = 0; - grub_efi_device_path_t *dp = 0; - char *filename; - void *boot_image = 0; -@@ -958,6 +960,15 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - if (! dev) - goto fail; - -+ /* if device is loopback, use underlying dev */ -+ if (dev->disk->dev->id == GRUB_DISK_DEVICE_LOOPBACK_ID) -+ { -+ struct grub_loopback *d; -+ orig_dev = dev; -+ d = dev->disk->data; -+ dev = d->file->device; -+ } -+ - if (dev->disk) - dev_handle = grub_efidisk_get_device_handle (dev->disk); - else if (dev->net && dev->net->server) -@@ -1065,6 +1076,12 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - } - #endif - -+ if (orig_dev) -+ { -+ dev = orig_dev; -+ orig_dev = 0; -+ } -+ - rc = grub_linuxefi_secure_validate((void *)(unsigned long)address, fsize); - grub_dprintf ("chain", "linuxefi_secure_validate: %d\n", rc); - if (rc > 0) -@@ -1087,6 +1104,12 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - // -1 fall-through to fail - - fail: -+ if (orig_dev) -+ { -+ dev = orig_dev; -+ orig_dev = 0; -+ } -+ - if (dev) - grub_device_close (dev); - -diff --git a/include/grub/loopback.h b/include/grub/loopback.h -new file mode 100644 -index 0000000000..3b9a9e32e8 ---- /dev/null -+++ b/include/grub/loopback.h -@@ -0,0 +1,30 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2019 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#ifndef GRUB_LOOPBACK_HEADER -+#define GRUB_LOOPBACK_HEADER 1 -+ -+struct grub_loopback -+{ -+ char *devname; -+ grub_file_t file; -+ struct grub_loopback *next; -+ unsigned long id; -+}; -+ -+#endif /* ! GRUB_LOOPBACK_HEADER */ diff --git a/SPECS/grub2/fedora/0183-efinet-Add-DHCP-proxy-support.patch b/SPECS/grub2/fedora/0183-efinet-Add-DHCP-proxy-support.patch deleted file mode 100644 index eed2dbb0d0..0000000000 --- a/SPECS/grub2/fedora/0183-efinet-Add-DHCP-proxy-support.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Ian Page Hands -Date: Tue, 8 Jun 2021 13:48:56 -0400 -Subject: [PATCH] efinet: Add DHCP proxy support - -If a proxyDHCP configuration is used, the server name, server IP and boot -file values should be taken from the DHCP proxy offer instead of the DHCP -server ack packet. Currently that case is not handled, add support for it. - -Signed-off-by: Ian Page Hands -Signed-off-by: Robbie Harwood ---- - grub-core/net/drivers/efi/efinet.c | 25 +++++++++++++++++++++++-- - 1 file changed, 23 insertions(+), 2 deletions(-) - -diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index e11d759f19..1a24f38a21 100644 ---- a/grub-core/net/drivers/efi/efinet.c -+++ b/grub-core/net/drivers/efi/efinet.c -@@ -850,10 +850,31 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, - else - { - grub_dprintf ("efinet", "using ipv4 and dhcp\n"); -+ -+ struct grub_net_bootp_packet *dhcp_ack = &pxe_mode->dhcp_ack; -+ -+ if (pxe_mode->proxy_offer_received) -+ { -+ grub_dprintf ("efinet", "proxy offer receive"); -+ struct grub_net_bootp_packet *proxy_offer = &pxe_mode->proxy_offer; -+ -+ if (proxy_offer && dhcp_ack->boot_file[0] == '\0') -+ { -+ grub_dprintf ("efinet", "setting values from proxy offer"); -+ /* Here we got a proxy offer and the dhcp_ack has a nil boot_file -+ * Copy the proxy DHCP offer details into the bootp_packet we are -+ * sending forward as they are the deatils we need. -+ */ -+ *dhcp_ack->server_name = *proxy_offer->server_name; -+ *dhcp_ack->boot_file = *proxy_offer->boot_file; -+ dhcp_ack->server_ip = proxy_offer->server_ip; -+ } -+ } -+ - grub_net_configure_by_dhcp_ack (card->name, card, 0, - (struct grub_net_bootp_packet *) -- packet_buf, -- packet_bufsz, -+ &pxe_mode->dhcp_ack, -+ sizeof (pxe_mode->dhcp_ack), - 1, device, path); - grub_dprintf ("efinet", "device: `%s' path: `%s'\n", *device, *path); - } diff --git a/SPECS/grub2/fedora/0184-fs-ext2-Ignore-checksum-seed-incompat-feature.patch b/SPECS/grub2/fedora/0184-fs-ext2-Ignore-checksum-seed-incompat-feature.patch deleted file mode 100644 index 3d7c641aa8..0000000000 --- a/SPECS/grub2/fedora/0184-fs-ext2-Ignore-checksum-seed-incompat-feature.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Fri, 11 Jun 2021 00:01:29 +0200 -Subject: [PATCH] fs/ext2: Ignore checksum seed incompat feature - -This incompat feature is used to denote that the filesystem stored its -metadata checksum seed in the superblock. This is used to allow tune2fs -to change the UUID on a mounted metadata_csum filesystem without having -to rewrite all the disk metadata. - -But GRUB doesn't use the metadata checksum in anyway, so can just ignore -this feature if is enabled. This is consistent with GRUB filesystem code -in general which just does a best effort to access the filesystem's data. - -It may be removed from the ignored list in the future if supports to do -metadata checksumming verification is added to the read-only FS driver. - -Suggested-by: Eric Sandeen -Suggested-by: Lukas Czerner -Signed-off-by: Javier Martinez Canillas ---- - grub-core/fs/ext2.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c -index e7dd78e663..731d346f88 100644 ---- a/grub-core/fs/ext2.c -+++ b/grub-core/fs/ext2.c -@@ -103,6 +103,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); - #define EXT4_FEATURE_INCOMPAT_64BIT 0x0080 - #define EXT4_FEATURE_INCOMPAT_MMP 0x0100 - #define EXT4_FEATURE_INCOMPAT_FLEX_BG 0x0200 -+#define EXT4_FEATURE_INCOMPAT_CSUM_SEED 0x2000 - #define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000 - - /* The set of back-incompatible features this driver DOES support. Add (OR) -@@ -123,9 +124,16 @@ GRUB_MOD_LICENSE ("GPLv3+"); - * mmp: Not really back-incompatible - was added as such to - * avoid multiple read-write mounts. Safe to ignore for this - * RO driver. -+ * checksum seed: Not really back-incompatible - was added to allow tools -+ * such as tune2fs to change the UUID on a mounted metadata -+ * checksummed filesystem. Safe to ignore for now since the -+ * driver doesn't support checksum verification. But it must -+ * be removed from this list if that support is added later. -+ * - */ - #define EXT2_DRIVER_IGNORED_INCOMPAT ( EXT3_FEATURE_INCOMPAT_RECOVER \ -- | EXT4_FEATURE_INCOMPAT_MMP) -+ | EXT4_FEATURE_INCOMPAT_MMP \ -+ | EXT4_FEATURE_INCOMPAT_CSUM_SEED) - - - #define EXT3_JOURNAL_MAGIC_NUMBER 0xc03b3998U diff --git a/SPECS/grub2/fedora/0186-Suppress-gettext-error-message.patch b/SPECS/grub2/fedora/0186-Suppress-gettext-error-message.patch deleted file mode 100644 index 64b219a8c5..0000000000 --- a/SPECS/grub2/fedora/0186-Suppress-gettext-error-message.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Paulo Flabiano Smorigo -Date: Tue, 29 Jun 2021 13:17:42 +0200 -Subject: [PATCH] Suppress gettext error message - -Colin Watson's patch from comment #11 on the upstream bug: -https://savannah.gnu.org/bugs/?35880#comment11 - -Resolves: rhbz#1592124 - -Signed-off-by: Paulo Flabiano Smorigo ---- - grub-core/gettext/gettext.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c -index 4d02e62c10..7ec81ca0b4 100644 ---- a/grub-core/gettext/gettext.c -+++ b/grub-core/gettext/gettext.c -@@ -424,6 +424,13 @@ grub_gettext_init_ext (struct grub_gettext_context *ctx, - grub_free (lang); - } - -+ /* If no translations are available, fall back to untranslated text. */ -+ if (err == GRUB_ERR_FILE_NOT_FOUND) -+ { -+ grub_errno = GRUB_ERR_NONE; -+ return 0; -+ } -+ - if (locale[0] == 'e' && locale[1] == 'n' - && (locale[2] == '\0' || locale[2] == '_')) - grub_errno = err = GRUB_ERR_NONE; diff --git a/SPECS/grub2/fedora/0188-templates-Check-for-EFI-at-runtime-instead-of-config.patch b/SPECS/grub2/fedora/0188-templates-Check-for-EFI-at-runtime-instead-of-config.patch deleted file mode 100644 index 265b9672dd..0000000000 --- a/SPECS/grub2/fedora/0188-templates-Check-for-EFI-at-runtime-instead-of-config.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Tue, 6 Jul 2021 00:38:40 +0200 -Subject: [PATCH] templates: Check for EFI at runtime instead of config - generation time - -The 30_uefi-firmware template checks if an OsIndicationsSupported UEFI var -exists and EFI_OS_INDICATIONS_BOOT_TO_FW_UI bit is set, to decide whether -a "fwsetup" menu entry would be added or not to the GRUB menu. - -But this has the problem that it will only work if the configuration file -was created on an UEFI machine that supports booting to a firmware UI. - -This for example doesn't support creating GRUB config files when executing -on systems that support both UEFI and legacy BIOS booting. Since creating -the config file from legacy BIOS wouldn't allow to access the firmware UI. - -To prevent this, make the template to unconditionally create the grub.cfg -snippet but check at runtime if was booted through UEFI to decide if this -entry should be added. That way it won't be added when booting with BIOS. - -There's no need to check if EFI_OS_INDICATIONS_BOOT_TO_FW_UI bit is set, -since that's already done by the "fwsetup" command when is executed. - -Resolves: rhbz#1823864 - -Signed-off-by: Javier Martinez Canillas ---- - util/grub.d/30_uefi-firmware.in | 21 ++++++++------------- - 1 file changed, 8 insertions(+), 13 deletions(-) - -diff --git a/util/grub.d/30_uefi-firmware.in b/util/grub.d/30_uefi-firmware.in -index d344d3883d..b6041b55e2 100644 ---- a/util/grub.d/30_uefi-firmware.in -+++ b/util/grub.d/30_uefi-firmware.in -@@ -26,19 +26,14 @@ export TEXTDOMAINDIR="@localedir@" - - . "$pkgdatadir/grub-mkconfig_lib" - --EFI_VARS_DIR=/sys/firmware/efi/efivars --EFI_GLOBAL_VARIABLE=8be4df61-93ca-11d2-aa0d-00e098032b8c --OS_INDICATIONS="$EFI_VARS_DIR/OsIndicationsSupported-$EFI_GLOBAL_VARIABLE" -+LABEL="UEFI Firmware Settings" - --if [ -e "$OS_INDICATIONS" ] && \ -- [ "$(( $(printf 0x%x \'"$(cat $OS_INDICATIONS | cut -b5)"\') & 1 ))" = 1 ]; then -- LABEL="UEFI Firmware Settings" -+gettext_printf "Adding boot menu entry for UEFI Firmware Settings ...\n" >&2 - -- gettext_printf "Adding boot menu entry for UEFI Firmware Settings ...\n" >&2 -- -- cat << EOF --menuentry '$LABEL' \$menuentry_id_option 'uefi-firmware' { -- fwsetup --} --EOF -+cat << EOF -+if [ "\$grub_platform" = "efi" ]; then -+ menuentry '$LABEL' \$menuentry_id_option 'uefi-firmware' { -+ fwsetup -+ } - fi -+EOF diff --git a/SPECS/grub2/fedora/0189-efi-Print-an-error-if-boot-to-firmware-setup-is-not-.patch b/SPECS/grub2/fedora/0189-efi-Print-an-error-if-boot-to-firmware-setup-is-not-.patch deleted file mode 100644 index 3b1a219df9..0000000000 --- a/SPECS/grub2/fedora/0189-efi-Print-an-error-if-boot-to-firmware-setup-is-not-.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Tue, 6 Jul 2021 01:10:18 +0200 -Subject: [PATCH] efi: Print an error if boot to firmware setup is not - supported - -The "fwsetup" command is only registered if the firmware supports booting -to the firmware setup UI. But it could be possible that the GRUB config -already contains a "fwsetup" entry, because it was generated in a machine -that has support for this feature. - -To prevent users getting a "can't find command `fwsetup`" error if it is -not supported by the firmware, let's just always register the command but -print a more accurate message if the firmware doesn't support this option. - -Resolves: rhbz#1823864 - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/commands/efi/efifwsetup.c | 43 ++++++++++++++++++++----------------- - 1 file changed, 23 insertions(+), 20 deletions(-) - -diff --git a/grub-core/commands/efi/efifwsetup.c b/grub-core/commands/efi/efifwsetup.c -index eaca032838..328c45e82e 100644 ---- a/grub-core/commands/efi/efifwsetup.c -+++ b/grub-core/commands/efi/efifwsetup.c -@@ -27,6 +27,25 @@ - - GRUB_MOD_LICENSE ("GPLv3+"); - -+static grub_efi_boolean_t -+efifwsetup_is_supported (void) -+{ -+ grub_efi_uint64_t *os_indications_supported = NULL; -+ grub_size_t oi_size = 0; -+ grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID; -+ -+ grub_efi_get_variable ("OsIndicationsSupported", &global, &oi_size, -+ (void **) &os_indications_supported); -+ -+ if (!os_indications_supported) -+ return 0; -+ -+ if (*os_indications_supported & GRUB_EFI_OS_INDICATIONS_BOOT_TO_FW_UI) -+ return 1; -+ -+ return 0; -+} -+ - static grub_err_t - grub_cmd_fwsetup (grub_command_t cmd __attribute__ ((unused)), - int argc __attribute__ ((unused)), -@@ -38,6 +57,10 @@ grub_cmd_fwsetup (grub_command_t cmd __attribute__ ((unused)), - grub_size_t oi_size; - grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID; - -+ if (!efifwsetup_is_supported ()) -+ return grub_error (GRUB_ERR_INVALID_COMMAND, -+ N_("Reboot to firmware setup is not supported")); -+ - grub_efi_get_variable ("OsIndications", &global, &oi_size, - (void **) &old_os_indications); - -@@ -56,28 +79,8 @@ grub_cmd_fwsetup (grub_command_t cmd __attribute__ ((unused)), - - static grub_command_t cmd = NULL; - --static grub_efi_boolean_t --efifwsetup_is_supported (void) --{ -- grub_efi_uint64_t *os_indications_supported = NULL; -- grub_size_t oi_size = 0; -- grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID; -- -- grub_efi_get_variable ("OsIndicationsSupported", &global, &oi_size, -- (void **) &os_indications_supported); -- -- if (!os_indications_supported) -- return 0; -- -- if (*os_indications_supported & GRUB_EFI_OS_INDICATIONS_BOOT_TO_FW_UI) -- return 1; -- -- return 0; --} -- - GRUB_MOD_INIT (efifwsetup) - { -- if (efifwsetup_is_supported ()) - cmd = grub_register_command ("fwsetup", grub_cmd_fwsetup, NULL, - N_("Reboot into firmware setup menu.")); - diff --git a/SPECS/grub2/fedora/0190-arm64-Fix-EFI-loader-kernel-image-allocation.patch b/SPECS/grub2/fedora/0190-arm64-Fix-EFI-loader-kernel-image-allocation.patch deleted file mode 100644 index cc5458ccb9..0000000000 --- a/SPECS/grub2/fedora/0190-arm64-Fix-EFI-loader-kernel-image-allocation.patch +++ /dev/null @@ -1,218 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Benjamin Herrenschmidt -Date: Mon, 2 Aug 2021 23:10:01 +1000 -Subject: [PATCH] arm64: Fix EFI loader kernel image allocation - -We are currently allocating just enough memory for the file size, -which means that the kernel BSS is in limbo (and not even zeroed). - -We are also not honoring the alignment specified in the image -PE header. - -This makes us use the PE optional header in which the kernel puts the -actual size it needs, including BSS, and make sure we clear it, and -honors the specified alignment for the image. - -Signed-off-by: Benjamin Herrenschmidt -[pjones: arm: check for the PE magic for the compiled arch] -Signed-off-by: Peter Jones -Signed-off-by: Robbie Harwood ---- - grub-core/loader/arm64/linux.c | 100 +++++++++++++++++++++++++++-------------- - include/grub/arm/linux.h | 1 + - include/grub/arm64/linux.h | 1 + - 3 files changed, 68 insertions(+), 34 deletions(-) - -diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index 47f8cf0d84..f18d90bd74 100644 ---- a/grub-core/loader/arm64/linux.c -+++ b/grub-core/loader/arm64/linux.c -@@ -41,6 +41,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); - static grub_dl_t my_mod; - static int loaded; - -+static void *kernel_alloc_addr; -+static grub_uint32_t kernel_alloc_pages; - static void *kernel_addr; - static grub_uint64_t kernel_size; - static grub_uint32_t handover_offset; -@@ -204,9 +206,8 @@ grub_linux_unload (void) - GRUB_EFI_BYTES_TO_PAGES (initrd_end - initrd_start)); - initrd_start = initrd_end = 0; - grub_free (linux_args); -- if (kernel_addr) -- grub_efi_free_pages ((grub_addr_t) kernel_addr, -- GRUB_EFI_BYTES_TO_PAGES (kernel_size)); -+ if (kernel_alloc_addr) -+ grub_efi_free_pages ((grub_addr_t) kernel_alloc_addr, kernel_alloc_pages); - grub_fdt_unload (); - return GRUB_ERR_NONE; - } -@@ -311,14 +312,35 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - return grub_errno; - } - -+static grub_err_t -+parse_pe_header (void *kernel, grub_uint64_t *total_size, -+ grub_uint32_t *entry_offset, -+ grub_uint32_t *alignment) -+{ -+ struct linux_arch_kernel_header *lh = kernel; -+ struct grub_armxx_linux_pe_header *pe; -+ -+ pe = (void *)((unsigned long)kernel + lh->hdr_offset); -+ -+ if (pe->opt.magic != GRUB_PE32_PEXX_MAGIC) -+ return grub_error(GRUB_ERR_BAD_OS, "Invalid PE optional header magic"); -+ -+ *total_size = pe->opt.image_size; -+ *entry_offset = pe->opt.entry_addr; -+ *alignment = pe->opt.section_alignment; -+ -+ return GRUB_ERR_NONE; -+} -+ - static grub_err_t - grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - int argc, char *argv[]) - { - grub_file_t file = 0; -- struct linux_arch_kernel_header lh; -- struct grub_armxx_linux_pe_header *pe; - grub_err_t err; -+ grub_off_t filelen; -+ grub_uint32_t align; -+ void *kernel = NULL; - int rc; - - grub_dl_ref (my_mod); -@@ -333,40 +355,24 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - if (!file) - goto fail; - -- kernel_size = grub_file_size (file); -- -- if (grub_file_read (file, &lh, sizeof (lh)) < (long) sizeof (lh)) -- return grub_errno; -- -- if (grub_arch_efi_linux_check_image (&lh) != GRUB_ERR_NONE) -- goto fail; -- -- grub_loader_unset(); -- -- grub_dprintf ("linux", "kernel file size: %lld\n", (long long) kernel_size); -- kernel_addr = grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (kernel_size)); -- grub_dprintf ("linux", "kernel numpages: %lld\n", -- (long long) GRUB_EFI_BYTES_TO_PAGES (kernel_size)); -- if (!kernel_addr) -+ filelen = grub_file_size (file); -+ kernel = grub_malloc(filelen); -+ if (!kernel) - { -- grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel load buffer")); - goto fail; - } - -- grub_file_seek (file, 0); -- if (grub_file_read (file, kernel_addr, kernel_size) -- < (grub_int64_t) kernel_size) -+ if (grub_file_read (file, kernel, filelen) < (grub_ssize_t)filelen) - { -- if (!grub_errno) -- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), argv[0]); -+ grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), -+ argv[0]); - goto fail; - } - -- grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); -- - if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) - { -- rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size); -+ rc = grub_linuxefi_secure_validate (kernel, filelen); - if (rc <= 0) - { - grub_error (GRUB_ERR_INVALID_COMMAND, -@@ -375,8 +381,32 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - } - } - -- pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset); -- handover_offset = pe->opt.entry_addr; -+ if (grub_arch_efi_linux_check_image (kernel) != GRUB_ERR_NONE) -+ goto fail; -+ if (parse_pe_header (kernel, &kernel_size, &handover_offset, &align) != GRUB_ERR_NONE) -+ goto fail; -+ grub_dprintf ("linux", "kernel mem size : %lld\n", (long long) kernel_size); -+ grub_dprintf ("linux", "kernel entry offset : %d\n", handover_offset); -+ grub_dprintf ("linux", "kernel alignment : 0x%x\n", align); -+ -+ grub_loader_unset(); -+ -+ kernel_alloc_pages = GRUB_EFI_BYTES_TO_PAGES (kernel_size + align - 1); -+ kernel_alloc_addr = grub_efi_allocate_any_pages (kernel_alloc_pages); -+ grub_dprintf ("linux", "kernel numpages: %d\n", kernel_alloc_pages); -+ if (!kernel_alloc_addr) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); -+ goto fail; -+ } -+ kernel_addr = (void *)ALIGN_UP((grub_uint64_t)kernel_alloc_addr, align); -+ -+ grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); -+ grub_memcpy (kernel_addr, kernel, grub_min(filelen, kernel_size)); -+ if (kernel_size > filelen) -+ grub_memset ((char *)kernel_addr + filelen, 0, kernel_size - filelen); -+ grub_free(kernel); -+ kernel = NULL; - - cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE); - linux_args = grub_malloc (cmdline_size); -@@ -400,6 +430,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - } - - fail: -+ if (kernel) -+ grub_free (kernel); -+ - if (file) - grub_file_close (file); - -@@ -412,9 +445,8 @@ fail: - if (linux_args && !loaded) - grub_free (linux_args); - -- if (kernel_addr && !loaded) -- grub_efi_free_pages ((grub_addr_t) kernel_addr, -- GRUB_EFI_BYTES_TO_PAGES (kernel_size)); -+ if (kernel_alloc_addr && !loaded) -+ grub_efi_free_pages ((grub_addr_t) kernel_alloc_addr, kernel_alloc_pages); - - return grub_errno; - } -diff --git a/include/grub/arm/linux.h b/include/grub/arm/linux.h -index b582f67f66..966a5074f5 100644 ---- a/include/grub/arm/linux.h -+++ b/include/grub/arm/linux.h -@@ -44,6 +44,7 @@ struct grub_arm_linux_pe_header - - #if defined(__arm__) - # define GRUB_LINUX_ARMXX_MAGIC_SIGNATURE GRUB_LINUX_ARM_MAGIC_SIGNATURE -+# define GRUB_PE32_PEXX_MAGIC GRUB_PE32_PE32_MAGIC - # define linux_arch_kernel_header linux_arm_kernel_header - # define grub_armxx_linux_pe_header grub_arm_linux_pe_header - #endif -diff --git a/include/grub/arm64/linux.h b/include/grub/arm64/linux.h -index ea030312df..422bf2bf24 100644 ---- a/include/grub/arm64/linux.h -+++ b/include/grub/arm64/linux.h -@@ -48,6 +48,7 @@ struct grub_arm64_linux_pe_header - - #if defined(__aarch64__) - # define GRUB_LINUX_ARMXX_MAGIC_SIGNATURE GRUB_LINUX_ARM64_MAGIC_SIGNATURE -+# define GRUB_PE32_PEXX_MAGIC GRUB_PE32_PE64_MAGIC - # define linux_arch_kernel_header linux_arm64_kernel_header - # define grub_armxx_linux_pe_header grub_arm64_linux_pe_header - #endif diff --git a/SPECS/grub2/fedora/0191-normal-main-Discover-the-device-to-read-the-config-f.patch b/SPECS/grub2/fedora/0191-normal-main-Discover-the-device-to-read-the-config-f.patch deleted file mode 100644 index 2c9ca3a484..0000000000 --- a/SPECS/grub2/fedora/0191-normal-main-Discover-the-device-to-read-the-config-f.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Mon, 30 Aug 2021 12:31:18 +0200 -Subject: [PATCH] normal/main: Discover the device to read the config from as a - fallback - -The GRUB core.img is generated locally, when this is done the grub2-probe -tool figures out the device and partition that needs to be read to parse -the GRUB configuration file. - -But in some cases the core.img can't be generated on the host and instead -has to be done at package build time. For example, if needs to get signed -with a key that's only available on the package building infrastructure. - -If that's the case, the prefix variable won't have a device and partition -but only a directory path. So there's no way for GRUB to know from which -device has to read the configuration file. - -To allow GRUB to continue working on that scenario, fallback to iterating -over all the available devices, if reading the config failed when using -the prefix and fw_path variables. - -Signed-off-by: Javier Martinez Canillas ---- - grub-core/normal/main.c | 58 +++++++++++++++++++++++++++++++++++++++++++------ - 1 file changed, 51 insertions(+), 7 deletions(-) - -diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 7de9e4c36d..8f5fd81003 100644 ---- a/grub-core/normal/main.c -+++ b/grub-core/normal/main.c -@@ -337,18 +337,13 @@ grub_enter_normal_mode (const char *config) - } - - static grub_err_t --grub_try_normal (const char *variable) -+grub_try_normal_prefix (const char *prefix) - { - char *config; -- const char *prefix; - grub_err_t err = GRUB_ERR_FILE_NOT_FOUND; - const char *net_search_cfg; - int disable_net_search = 0; - -- prefix = grub_env_get (variable); -- if (!prefix) -- return GRUB_ERR_FILE_NOT_FOUND; -- - net_search_cfg = grub_env_get ("feature_net_search_cfg"); - if (net_search_cfg && net_search_cfg[0] == 'n') - disable_net_search = 1; -@@ -362,7 +357,7 @@ grub_try_normal (const char *variable) - config = grub_malloc (config_len); - - if (! config) -- return GRUB_ERR_FILE_NOT_FOUND; -+ return err; - - grub_snprintf (config, config_len, "%s/grub.cfg", prefix); - err = grub_net_search_config_file (config); -@@ -391,6 +386,53 @@ grub_try_normal (const char *variable) - return err; - } - -+static int -+grub_try_normal_dev (const char *name, void *data) -+{ -+ grub_err_t err; -+ const char *prefix = grub_xasprintf ("(%s)%s", name, (char *)data); -+ -+ if (!prefix) -+ return 0; -+ -+ err = grub_try_normal_prefix (prefix); -+ if (err == GRUB_ERR_NONE) -+ return 1; -+ -+ return 0; -+} -+ -+static grub_err_t -+grub_try_normal_discover (void) -+{ -+ char *prefix = grub_env_get ("prefix"); -+ grub_err_t err = GRUB_ERR_FILE_NOT_FOUND; -+ -+ if (!prefix) -+ return err; -+ -+ if (grub_device_iterate (grub_try_normal_dev, (void *)prefix)) -+ return GRUB_ERR_NONE; -+ -+ return err; -+} -+ -+static grub_err_t -+grub_try_normal (const char *variable) -+{ -+ grub_err_t err = GRUB_ERR_FILE_NOT_FOUND; -+ const char *prefix; -+ -+ if (!variable) -+ return err; -+ -+ prefix = grub_env_get (variable); -+ if (!prefix) -+ return err; -+ -+ return grub_try_normal_prefix (prefix); -+} -+ - /* Enter normal mode from rescue mode. */ - static grub_err_t - grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), -@@ -405,6 +447,8 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), - err = grub_try_normal ("fw_path"); - if (err == GRUB_ERR_FILE_NOT_FOUND) - err = grub_try_normal ("prefix"); -+ if (err == GRUB_ERR_FILE_NOT_FOUND) -+ err = grub_try_normal_discover (); - if (err == GRUB_ERR_FILE_NOT_FOUND) - grub_enter_normal_mode (0); - } diff --git a/SPECS/grub2/fedora/0193-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch b/SPECS/grub2/fedora/0193-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch deleted file mode 100644 index 7fc40f1ff7..0000000000 --- a/SPECS/grub2/fedora/0193-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch +++ /dev/null @@ -1,118 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Erwan Velu -Date: Wed, 25 Aug 2021 15:31:52 +0200 -Subject: [PATCH] fs/xfs: Fix unreadable filesystem with v4 superblock - -The commit 8b1e5d193 (fs/xfs: Add bigtime incompat feature support) -introduced the bigtime support by adding some features in v3 inodes. -This change extended grub_xfs_inode struct by 76 bytes but also changed -the computation of XFS_V2_INODE_SIZE and XFS_V3_INODE_SIZE. Prior this -commit, XFS_V2_INODE_SIZE was 100 bytes. After the commit it's 84 bytes -XFS_V2_INODE_SIZE becomes 16 bytes too small. - -As a result, the data structures aren't properly aligned and the GRUB -generates "attempt to read or write outside of partition" errors when -trying to read the XFS filesystem: - - GNU GRUB version 2.11 - .... - grub> set debug=efi,gpt,xfs - grub> insmod part_gpt - grub> ls (hd0,gpt1)/ - partmap/gpt.c:93: Read a valid GPT header - partmap/gpt.c:115: GPT entry 0: start=4096, length=1953125 - fs/xfs.c:931: Reading sb - fs/xfs.c:270: Validating superblock - fs/xfs.c:295: XFS v4 superblock detected - fs/xfs.c:962: Reading root ino 128 - fs/xfs.c:515: Reading inode (128) - 64, 0 - fs/xfs.c:515: Reading inode (739521961424144223) - 344365866970255880, 3840 - error: attempt to read or write outside of partition. - -This commit change the XFS_V2_INODE_SIZE computation by subtracting 76 -bytes instead of 92 bytes from the actual size of grub_xfs_inode struct. -This 76 bytes value comes from added members: - 20 grub_uint8_t unused5 - 1 grub_uint64_t flags2 - 48 grub_uint8_t unused6 - -This patch explicitly splits the v2 and v3 parts of the structure. -The unused4 is still ending of the v2 structures and the v3 starts -at unused5. Thanks to this we will avoid future corruptions of v2 -or v3 inodes. - -The XFS_V2_INODE_SIZE is returning to its expected size and the -filesystem is back to a readable state: - - GNU GRUB version 2.11 - .... - grub> set debug=efi,gpt,xfs - grub> insmod part_gpt - grub> ls (hd0,gpt1)/ - partmap/gpt.c:93: Read a valid GPT header - partmap/gpt.c:115: GPT entry 0: start=4096, length=1953125 - fs/xfs.c:931: Reading sb - fs/xfs.c:270: Validating superblock - fs/xfs.c:295: XFS v4 superblock detected - fs/xfs.c:962: Reading root ino 128 - fs/xfs.c:515: Reading inode (128) - 64, 0 - fs/xfs.c:515: Reading inode (128) - 64, 0 - fs/xfs.c:931: Reading sb - fs/xfs.c:270: Validating superblock - fs/xfs.c:295: XFS v4 superblock detected - fs/xfs.c:962: Reading root ino 128 - fs/xfs.c:515: Reading inode (128) - 64, 0 - fs/xfs.c:515: Reading inode (128) - 64, 0 - fs/xfs.c:515: Reading inode (128) - 64, 0 - fs/xfs.c:515: Reading inode (131) - 64, 768 - efi/ fs/xfs.c:515: Reading inode (3145856) - 1464904, 0 - grub2/ fs/xfs.c:515: Reading inode (132) - 64, 1024 - grub/ fs/xfs.c:515: Reading inode (139) - 64, 2816 - grub> - -Fixes: 8b1e5d193 (fs/xfs: Add bigtime incompat feature support) - -Signed-off-by: Erwan Velu -Tested-by: Carlos Maiolino -Reviewed-by: Daniel Kiper -(cherry picked from commit a4b495520e4dc41a896a8b916a64eda9970c50ea) ---- - grub-core/fs/xfs.c | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c -index 0f524c3a8a..e3816d1ec4 100644 ---- a/grub-core/fs/xfs.c -+++ b/grub-core/fs/xfs.c -@@ -192,6 +192,11 @@ struct grub_xfs_time_legacy - grub_uint32_t nanosec; - } GRUB_PACKED; - -+/* -+ * The struct grub_xfs_inode layout was taken from the -+ * struct xfs_dinode_core which is described here: -+ * https://mirrors.edge.kernel.org/pub/linux/utils/fs/xfs/docs/xfs_filesystem_structure.pdf -+ */ - struct grub_xfs_inode - { - grub_uint8_t magic[2]; -@@ -208,14 +213,15 @@ struct grub_xfs_inode - grub_uint32_t nextents; - grub_uint16_t unused3; - grub_uint8_t fork_offset; -- grub_uint8_t unused4[37]; -+ grub_uint8_t unused4[17]; /* Last member of inode v2. */ -+ grub_uint8_t unused5[20]; /* First member of inode v3. */ - grub_uint64_t flags2; -- grub_uint8_t unused5[48]; -+ grub_uint8_t unused6[48]; /* Last member of inode v3. */ - } GRUB_PACKED; - - #define XFS_V3_INODE_SIZE sizeof(struct grub_xfs_inode) --/* Size of struct grub_xfs_inode until fork_offset (included). */ --#define XFS_V2_INODE_SIZE (XFS_V3_INODE_SIZE - 92) -+/* Size of struct grub_xfs_inode v2, up to unused4 member included. */ -+#define XFS_V2_INODE_SIZE (XFS_V3_INODE_SIZE - 76) - - struct grub_xfs_dirblock_tail - { diff --git a/SPECS/grub2/fedora/0194-Print-module-name-on-license-check-failure.patch b/SPECS/grub2/fedora/0194-Print-module-name-on-license-check-failure.patch deleted file mode 100644 index 5c308593a9..0000000000 --- a/SPECS/grub2/fedora/0194-Print-module-name-on-license-check-failure.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 12 Oct 2021 12:34:23 -0400 -Subject: [PATCH] Print module name on license check failure - -At the very least, this will make it easier to track down the problem -module - or, if something else has gone wrong, provide more information -for debugging. - -Signed-off-by: Robbie Harwood ---- - grub-core/kern/dl.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 9557254035..f304494574 100644 ---- a/grub-core/kern/dl.c -+++ b/grub-core/kern/dl.c -@@ -528,14 +528,16 @@ grub_dl_find_section_index (Elf_Ehdr *e, const char *name) - Be sure to understand your license obligations. - */ - static grub_err_t --grub_dl_check_license (Elf_Ehdr *e) -+grub_dl_check_license (grub_dl_t mod, Elf_Ehdr *e) - { - Elf_Shdr *s = grub_dl_find_section (e, ".module_license"); - if (s && (grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3") == 0 - || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3+") == 0 - || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv2+") == 0)) - return GRUB_ERR_NONE; -- return grub_error (GRUB_ERR_BAD_MODULE, "incompatible license"); -+ return grub_error (GRUB_ERR_BAD_MODULE, -+ "incompatible license in module %s: %s", mod->name, -+ (char *) e + s->sh_offset); - } - - static grub_err_t -@@ -743,8 +745,8 @@ grub_dl_load_core_noinit (void *addr, grub_size_t size) - constitutes linking) and GRUB core being licensed under GPLv3+. - Be sure to understand your license obligations. - */ -- if (grub_dl_check_license (e) -- || grub_dl_resolve_name (mod, e) -+ if (grub_dl_resolve_name (mod, e) -+ || grub_dl_check_license (mod, e) - || grub_dl_resolve_dependencies (mod, e) - || grub_dl_load_segments (mod, e) - || grub_dl_resolve_symbols (mod, e) diff --git a/SPECS/grub2/fedora/0196-grub-mkconfig-restore-umask-for-grub.cfg.patch b/SPECS/grub2/fedora/0196-grub-mkconfig-restore-umask-for-grub.cfg.patch deleted file mode 100644 index 76b73f52c8..0000000000 --- a/SPECS/grub2/fedora/0196-grub-mkconfig-restore-umask-for-grub.cfg.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Michael Chang via Grub-devel -Date: Fri, 3 Dec 2021 16:13:28 +0800 -Subject: [PATCH] grub-mkconfig: restore umask for grub.cfg - -Since commit: - - ab2e53c8a grub-mkconfig: Honor a symlink when generating configuration -by grub-mkconfig - -has inadvertently discarded umask for creating grub.cfg in the process -of grub-mkconfig. The resulting wrong permission (0644) would allow -unprivileged users to read grub's configuration file content. This -presents a low confidentiality risk as grub.cfg may contain non-secured -plain-text passwords. - -This patch restores the missing umask and set the file mode of creation -to 0600 preventing unprivileged access. - -Fixes: CVE-2021-3981 - -Signed-off-by: Michael Chang ---- - util/grub-mkconfig.in | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index f55339a3f6..520a672cd2 100644 ---- a/util/grub-mkconfig.in -+++ b/util/grub-mkconfig.in -@@ -311,7 +311,9 @@ and /etc/grub.d/* files or please file a bug report with - exit 1 - else - # none of the children aborted with error, install the new grub.cfg -+ oldumask=$(umask); umask 077 - cat ${grub_cfg}.new > ${grub_cfg} -+ umask $oldumask - rm -f ${grub_cfg}.new - fi - fi diff --git a/SPECS/grub2/fedora/0197-fs-btrfs-Use-full-btrfs-bootloader-area.patch b/SPECS/grub2/fedora/0197-fs-btrfs-Use-full-btrfs-bootloader-area.patch deleted file mode 100644 index 3f7198f817..0000000000 --- a/SPECS/grub2/fedora/0197-fs-btrfs-Use-full-btrfs-bootloader-area.patch +++ /dev/null @@ -1,160 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Michael Chang -Date: Mon, 13 Dec 2021 14:25:49 +0800 -Subject: [PATCH] fs/btrfs: Use full btrfs bootloader area - -Up to now GRUB can only embed to the first 64 KiB before primary -superblock of btrfs, effectively limiting the GRUB core size. That -could consequently pose restrictions to feature enablement like -advanced zstd compression. - -This patch attempts to utilize full unused area reserved by btrfs for -the bootloader outlined in the document [1]: - - The first 1MiB on each device is unused with the exception of primary - superblock that is on the offset 64KiB and spans 4KiB. - -Apart from that, adjacent sectors to superblock and first block group -are not used for embedding in case of overflow and logged access to -adjacent sectors could be useful for tracing it up. - -This patch has been tested to provide out of the box support for btrfs -zstd compression with which GRUB has been installed to the partition. - -[1] https://btrfs.wiki.kernel.org/index.php/Manpage/btrfs(5)#BOOTLOADER_SUPPORT - -Signed-off-by: Michael Chang -Reviewed-by: Daniel Kiper -(cherry picked from commit b0f06a81c6f31b6fa20be67a96b6683bba8210c9) ---- - grub-core/fs/btrfs.c | 90 ++++++++++++++++++++++++++++++++++++++++++++-------- - include/grub/disk.h | 2 ++ - 2 files changed, 79 insertions(+), 13 deletions(-) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 4cc86e9b79..07c0ff874b 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -2476,6 +2476,33 @@ grub_btrfs_label (grub_device_t device, char **label) - } - - #ifdef GRUB_UTIL -+ -+struct embed_region { -+ unsigned int start; -+ unsigned int secs; -+}; -+ -+/* -+ * https://btrfs.wiki.kernel.org/index.php/Manpage/btrfs(5)#BOOTLOADER_SUPPORT -+ * The first 1 MiB on each device is unused with the exception of primary -+ * superblock that is on the offset 64 KiB and spans 4 KiB. -+ */ -+ -+static const struct { -+ struct embed_region available; -+ struct embed_region used[6]; -+} btrfs_head = { -+ .available = {0, GRUB_DISK_KiB_TO_SECTORS (1024)}, /* The first 1 MiB. */ -+ .used = { -+ {0, 1}, /* boot.S. */ -+ {GRUB_DISK_KiB_TO_SECTORS (64) - 1, 1}, /* Overflow guard. */ -+ {GRUB_DISK_KiB_TO_SECTORS (64), GRUB_DISK_KiB_TO_SECTORS (4)}, /* 4 KiB superblock. */ -+ {GRUB_DISK_KiB_TO_SECTORS (68), 1}, /* Overflow guard. */ -+ {GRUB_DISK_KiB_TO_SECTORS (1024) - 1, 1}, /* Overflow guard. */ -+ {0, 0} /* Array terminator. */ -+ } -+}; -+ - static grub_err_t - grub_btrfs_embed (grub_device_t device __attribute__ ((unused)), - unsigned int *nsectors, -@@ -2483,25 +2510,62 @@ grub_btrfs_embed (grub_device_t device __attribute__ ((unused)), - grub_embed_type_t embed_type, - grub_disk_addr_t **sectors) - { -- unsigned i; -+ unsigned int i, j, n = 0; -+ const struct embed_region *u; -+ grub_disk_addr_t *map; - - if (embed_type != GRUB_EMBED_PCBIOS) - return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, - "BtrFS currently supports only PC-BIOS embedding"); - -- if (64 * 2 - 1 < *nsectors) -- return grub_error (GRUB_ERR_OUT_OF_RANGE, -- N_("your core.img is unusually large. " -- "It won't fit in the embedding area")); -- -- *nsectors = 64 * 2 - 1; -- if (*nsectors > max_nsectors) -- *nsectors = max_nsectors; -- *sectors = grub_calloc (*nsectors, sizeof (**sectors)); -- if (!*sectors) -+ map = grub_calloc (btrfs_head.available.secs, sizeof (*map)); -+ if (map == NULL) - return grub_errno; -- for (i = 0; i < *nsectors; i++) -- (*sectors)[i] = i + 1; -+ -+ /* -+ * Populating the map array so that it can be used to index if a disk -+ * address is available to embed: -+ * - 0: available, -+ * - 1: unavailable. -+ */ -+ for (u = btrfs_head.used; u->secs; ++u) -+ { -+ unsigned int end = u->start + u->secs; -+ -+ if (end > btrfs_head.available.secs) -+ end = btrfs_head.available.secs; -+ for (i = u->start; i < end; ++i) -+ map[i] = 1; -+ } -+ -+ /* Adding up n until it matches total size of available embedding area. */ -+ for (i = 0; i < btrfs_head.available.secs; ++i) -+ if (map[i] == 0) -+ n++; -+ -+ if (n < *nsectors) -+ { -+ grub_free (map); -+ return grub_error (GRUB_ERR_OUT_OF_RANGE, -+ N_("your core.img is unusually large. " -+ "It won't fit in the embedding area")); -+ } -+ -+ if (n > max_nsectors) -+ n = max_nsectors; -+ -+ /* -+ * Populating the array so that it can used to index disk block address for -+ * an image file's offset to be embedded on disk (the unit is in sectors): -+ * - i: The disk block address relative to btrfs_head.available.start, -+ * - j: The offset in image file. -+ */ -+ for (i = 0, j = 0; i < btrfs_head.available.secs && j < n; ++i) -+ if (map[i] == 0) -+ map[j++] = btrfs_head.available.start + i; -+ -+ *nsectors = n; -+ *sectors = map; - - return GRUB_ERR_NONE; - } -diff --git a/include/grub/disk.h b/include/grub/disk.h -index f95aca929a..06210a7049 100644 ---- a/include/grub/disk.h -+++ b/include/grub/disk.h -@@ -182,6 +182,8 @@ typedef struct grub_disk_memberlist *grub_disk_memberlist_t; - /* Return value of grub_disk_native_sectors() in case disk size is unknown. */ - #define GRUB_DISK_SIZE_UNKNOWN 0xffffffffffffffffULL - -+#define GRUB_DISK_KiB_TO_SECTORS(x) ((x) << (10 - GRUB_DISK_SECTOR_BITS)) -+ - /* Convert sector number from one sector size to another. */ - static inline grub_disk_addr_t - grub_convert_sector (grub_disk_addr_t sector, diff --git a/SPECS/grub2/fedora/0199-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch b/SPECS/grub2/fedora/0199-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch deleted file mode 100644 index 200cd51a9c..0000000000 --- a/SPECS/grub2/fedora/0199-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Fri, 28 Jan 2022 11:30:32 +0100 -Subject: [PATCH] normal/menu: Don't show "Booting `%s'" msg when auto-booting - with TIMEOUT_STYLE_HIDDEN - -When the user has asked the menu code to be hidden/quiet and the current -entry is being autobooted because the timeout has expired don't show -the "Booting `%s'" msg. - -This is necessary to let flicker-free boots really be flicker free, -otherwise the "Booting `%s'" msg will kick the EFI fb into text mode -and show the msg, breaking the flicker-free experience. - -Signed-off-by: Hans de Goede ---- - grub-core/normal/menu.c | 24 ++++++++++++++++-------- - 1 file changed, 16 insertions(+), 8 deletions(-) - -diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index ec0c92bade..c8516a5a08 100644 ---- a/grub-core/normal/menu.c -+++ b/grub-core/normal/menu.c -@@ -606,13 +606,15 @@ print_countdown (struct grub_term_coordinate *pos, int n) - entry to be executed is a result of an automatic default selection because - of the timeout. */ - static int --run_menu (grub_menu_t menu, int nested, int *auto_boot) -+run_menu (grub_menu_t menu, int nested, int *auto_boot, int *notify_boot) - { - grub_uint64_t saved_time; - int default_entry, current_entry; - int timeout; - enum timeout_style timeout_style; - -+ *notify_boot = 1; -+ - default_entry = get_entry_number (menu, "default"); - - /* If DEFAULT_ENTRY is not within the menu entries, fall back to -@@ -687,6 +689,7 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot) - if (timeout == 0) - { - *auto_boot = 1; -+ *notify_boot = timeout_style != TIMEOUT_STYLE_HIDDEN; - return default_entry; - } - -@@ -840,12 +843,16 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot) - - /* Callback invoked immediately before a menu entry is executed. */ - static void --notify_booting (grub_menu_entry_t entry, -- void *userdata __attribute__((unused))) -+notify_booting (grub_menu_entry_t entry, void *userdata) - { -- grub_printf (" "); -- grub_printf_ (N_("Booting `%s'"), entry->title); -- grub_printf ("\n\n"); -+ int *notify_boot = userdata; -+ -+ if (*notify_boot) -+ { -+ grub_printf (" "); -+ grub_printf_ (N_("Booting `%s'"), entry->title); -+ grub_printf ("\n\n"); -+ } - } - - /* Callback invoked when a default menu entry executed because of a timeout -@@ -893,8 +900,9 @@ show_menu (grub_menu_t menu, int nested, int autobooted) - int boot_entry; - grub_menu_entry_t e; - int auto_boot; -+ int notify_boot; - -- boot_entry = run_menu (menu, nested, &auto_boot); -+ boot_entry = run_menu (menu, nested, &auto_boot, ¬ify_boot); - if (boot_entry < 0) - break; - -@@ -906,7 +914,7 @@ show_menu (grub_menu_t menu, int nested, int autobooted) - - if (auto_boot) - grub_menu_execute_with_fallback (menu, e, autobooted, -- &execution_callback, 0); -+ &execution_callback, ¬ify_boot); - else - grub_menu_execute_entry (e, 0); - if (autobooted) diff --git a/SPECS/grub2/fedora/0200-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch b/SPECS/grub2/fedora/0200-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch deleted file mode 100644 index 0f99c2296f..0000000000 --- a/SPECS/grub2/fedora/0200-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Fri, 28 Jan 2022 11:30:33 +0100 -Subject: [PATCH] EFI: suppress the "Welcome to GRUB!" message in EFI builds - -Grub EFI builds are now often used in combination with flicker-free -boot, but this breaks with upstream grub because the "Welcome to GRUB!" -message will kick the EFI fb into text mode and show the msg, -breaking the flicker-free experience. - -EFI systems are so fast, that when the menu or the countdown are enabled -the message will be immediately overwritten, so in these cases not -printing the message does not matter. - -And in case when the timeout_style is set to TIMEOUT_STYLE_HIDDEN, -the user has asked grub to be quiet (for example to allow flickfree -boot) annd thus the message should not be printed. - -Signed-off-by: Hans de Goede ---- - grub-core/kern/main.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c -index 3fc3401472..993b8a8598 100644 ---- a/grub-core/kern/main.c -+++ b/grub-core/kern/main.c -@@ -317,10 +317,13 @@ grub_main (void) - - grub_boot_time ("After machine init."); - -+ /* This breaks flicker-free boot on EFI systems, so disable it there. */ -+#ifndef GRUB_MACHINE_EFI - /* Hello. */ - grub_setcolorstate (GRUB_TERM_COLOR_HIGHLIGHT); - grub_printf ("Welcome to GRUB!\n\n"); - grub_setcolorstate (GRUB_TERM_COLOR_STANDARD); -+#endif - - /* Init verifiers API. */ - grub_verifiers_init (); diff --git a/SPECS/grub2/fedora/0201-EFI-console-Do-not-set-colorstate-until-the-first-te.patch b/SPECS/grub2/fedora/0201-EFI-console-Do-not-set-colorstate-until-the-first-te.patch deleted file mode 100644 index ade6aae02c..0000000000 --- a/SPECS/grub2/fedora/0201-EFI-console-Do-not-set-colorstate-until-the-first-te.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Fri, 28 Jan 2022 12:43:48 +0100 -Subject: [PATCH] EFI: console: Do not set colorstate until the first text - output - -GRUB_MOD_INIT(normal) does an unconditional: - -grub_env_set ("color_normal", "light-gray/black"); - -which triggers a grub_term_setcolorstate() call. The original version -of the "efi/console: Do not set text-mode until we actually need it" patch: -https://lists.gnu.org/archive/html/grub-devel/2018-03/msg00125.html - -Protected against this by caching the requested state in -grub_console_setcolorstate () and then only applying it when the first -text output actually happens. During refactoring to move the -grub_console_setcolorstate () up higher in the grub-core/term/efi/console.c -file the code to cache the color-state + bail early was accidentally -dropped. - -Restore the cache the color-state + bail early behavior from the original. - -Cc: Javier Martinez Canillas -Fixes: 2d7c3abd871f ("efi/console: Do not set text-mode until we actually need it") -Signed-off-by: Hans de Goede ---- - grub-core/term/efi/console.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/grub-core/term/efi/console.c b/grub-core/term/efi/console.c -index 2f1ae85ba7..c44b2ac318 100644 ---- a/grub-core/term/efi/console.c -+++ b/grub-core/term/efi/console.c -@@ -82,6 +82,16 @@ grub_console_setcolorstate (struct grub_term_output *term - { - grub_efi_simple_text_output_interface_t *o; - -+ if (grub_efi_is_finished || text_mode != GRUB_TEXT_MODE_AVAILABLE) -+ { -+ /* -+ * Cache colorstate changes before the first text-output, this avoids -+ * "color_normal" environment writes causing a switch to textmode. -+ */ -+ text_colorstate = state; -+ return; -+ } -+ - if (grub_efi_is_finished) - return; - diff --git a/SPECS/grub2/fedora/0202-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch b/SPECS/grub2/fedora/0202-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch deleted file mode 100644 index 5fab5db82e..0000000000 --- a/SPECS/grub2/fedora/0202-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Fri, 28 Jan 2022 12:43:49 +0100 -Subject: [PATCH] EFI: console: Do not set cursor until the first text output - -To allow flickerfree boot the EFI console code does not call -grub_efi_set_text_mode (1) until some text is actually output. - -Depending on if the output text is because of an error loading -e.g. the .cfg file; or because of showing the menu the cursor needs -to be on or off when the first text is shown. - -So far the cursor was hardcoded to being on, but this is causing -drawing artifacts + slow drawing of the menu as reported here: -https://bugzilla.redhat.com/show_bug.cgi?id=1946969 - -Handle the cursorstate in the same way as the colorstate to fix this, -when no text has been output yet, just cache the cursorstate and -then use the last set value when the first text is output. - -Fixes: 2d7c3abd871f ("efi/console: Do not set text-mode until we actually need it") -Signed-off-by: Hans de Goede ---- - grub-core/term/efi/console.c | 19 ++++++++++++++++--- - 1 file changed, 16 insertions(+), 3 deletions(-) - -diff --git a/grub-core/term/efi/console.c b/grub-core/term/efi/console.c -index c44b2ac318..a3622e4fe5 100644 ---- a/grub-core/term/efi/console.c -+++ b/grub-core/term/efi/console.c -@@ -31,7 +31,15 @@ typedef enum { - } - grub_text_mode; - -+typedef enum { -+ GRUB_CURSOR_MODE_UNDEFINED = -1, -+ GRUB_CURSOR_MODE_OFF = 0, -+ GRUB_CURSUR_MODE_ON -+} -+grub_cursor_mode; -+ - static grub_text_mode text_mode = GRUB_TEXT_MODE_UNDEFINED; -+static grub_cursor_mode cursor_mode = GRUB_CURSOR_MODE_UNDEFINED; - static grub_term_color_state text_colorstate = GRUB_TERM_COLOR_UNDEFINED; - - static grub_uint32_t -@@ -119,8 +127,12 @@ grub_console_setcursor (struct grub_term_output *term __attribute__ ((unused)), - { - grub_efi_simple_text_output_interface_t *o; - -- if (grub_efi_is_finished) -- return; -+ if (grub_efi_is_finished || text_mode != GRUB_TEXT_MODE_AVAILABLE) -+ { -+ /* Cache cursor changes before the first text-output */ -+ cursor_mode = on; -+ return; -+ } - - o = grub_efi_system_table->con_out; - efi_call_2 (o->enable_cursor, o, on); -@@ -143,7 +155,8 @@ grub_prepare_for_text_output (struct grub_term_output *term) - return GRUB_ERR_BAD_DEVICE; - } - -- grub_console_setcursor (term, 1); -+ if (cursor_mode != GRUB_CURSOR_MODE_UNDEFINED) -+ grub_console_setcursor (term, cursor_mode); - if (text_colorstate != GRUB_TERM_COLOR_UNDEFINED) - grub_console_setcolorstate (term, text_colorstate); - text_mode = GRUB_TEXT_MODE_AVAILABLE; diff --git a/SPECS/grub2/fedora/0204-Where-present-ensure-config-util.h-precedes-config.h.patch b/SPECS/grub2/fedora/0204-Where-present-ensure-config-util.h-precedes-config.h.patch deleted file mode 100644 index 626c4b4d30..0000000000 --- a/SPECS/grub2/fedora/0204-Where-present-ensure-config-util.h-precedes-config.h.patch +++ /dev/null @@ -1,275 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 22 Feb 2022 16:57:54 -0500 -Subject: [PATCH] Where present, ensure config-util.h precedes config.h - -gnulib defines go in config-util.h, and we need to know whether to -provide duplicates in config.h or not. - -Signed-off-by: Robbie Harwood -(cherry picked from commit 46e82b28e1a75703d0424c7e13d009171310c6cd) -[rharwood: gensymlist isn't part of tarballs] ---- - grub-core/disk/host.c | 2 +- - grub-core/kern/emu/argp_common.c | 2 +- - grub-core/kern/emu/main.c | 2 +- - grub-core/osdep/aros/config.c | 2 +- - grub-core/osdep/basic/emunet.c | 2 +- - grub-core/osdep/basic/init.c | 2 +- - grub-core/osdep/haiku/getroot.c | 2 +- - grub-core/osdep/linux/emunet.c | 2 +- - grub-core/osdep/unix/config.c | 2 +- - grub-core/osdep/unix/cputime.c | 2 +- - grub-core/osdep/unix/dl.c | 2 +- - grub-core/osdep/unix/emuconsole.c | 2 +- - grub-core/osdep/unix/getroot.c | 2 +- - grub-core/osdep/windows/config.c | 2 +- - grub-core/osdep/windows/cputime.c | 2 +- - grub-core/osdep/windows/dl.c | 2 +- - grub-core/osdep/windows/emuconsole.c | 2 +- - grub-core/osdep/windows/init.c | 2 +- - 18 files changed, 18 insertions(+), 18 deletions(-) - -diff --git a/grub-core/disk/host.c b/grub-core/disk/host.c -index c151d225df..f34529f86a 100644 ---- a/grub-core/disk/host.c -+++ b/grub-core/disk/host.c -@@ -20,8 +20,8 @@ - /* When using the disk, make a reference to this module. Otherwise - the user will end up with a useless module :-). */ - --#include - #include -+#include - - #include - #include -diff --git a/grub-core/kern/emu/argp_common.c b/grub-core/kern/emu/argp_common.c -index 1668858703..8cb4608c3d 100644 ---- a/grub-core/kern/emu/argp_common.c -+++ b/grub-core/kern/emu/argp_common.c -@@ -17,8 +17,8 @@ - * along with GRUB. If not, see . - */ - --#include - #include -+#include - - #pragma GCC diagnostic ignored "-Wmissing-prototypes" - #pragma GCC diagnostic ignored "-Wmissing-declarations" -diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c -index 846fe9715e..3e7929cc4a 100644 ---- a/grub-core/kern/emu/main.c -+++ b/grub-core/kern/emu/main.c -@@ -16,8 +16,8 @@ - * along with GRUB. If not, see . - */ - --#include - #include -+#include - - #include - #include -diff --git a/grub-core/osdep/aros/config.c b/grub-core/osdep/aros/config.c -index c82d0ea8e7..55f5728efc 100644 ---- a/grub-core/osdep/aros/config.c -+++ b/grub-core/osdep/aros/config.c -@@ -16,8 +16,8 @@ - * along with GRUB. If not, see . - */ - --#include - #include -+#include - - #include - #include -diff --git a/grub-core/osdep/basic/emunet.c b/grub-core/osdep/basic/emunet.c -index 6362e5cfbb..dbfd316d61 100644 ---- a/grub-core/osdep/basic/emunet.c -+++ b/grub-core/osdep/basic/emunet.c -@@ -16,8 +16,8 @@ - * along with GRUB. If not, see . - */ - --#include - #include -+#include - - #include - #include -diff --git a/grub-core/osdep/basic/init.c b/grub-core/osdep/basic/init.c -index c54c710dbc..b104c7e162 100644 ---- a/grub-core/osdep/basic/init.c -+++ b/grub-core/osdep/basic/init.c -@@ -16,8 +16,8 @@ - * along with GRUB. If not, see . - */ - --#include - #include -+#include - - #include - #include -diff --git a/grub-core/osdep/haiku/getroot.c b/grub-core/osdep/haiku/getroot.c -index 4e123c0903..927a1ebc94 100644 ---- a/grub-core/osdep/haiku/getroot.c -+++ b/grub-core/osdep/haiku/getroot.c -@@ -1,5 +1,5 @@ --#include - #include -+#include - #include - #include - #include -diff --git a/grub-core/osdep/linux/emunet.c b/grub-core/osdep/linux/emunet.c -index 19b188f09e..d5a6417355 100644 ---- a/grub-core/osdep/linux/emunet.c -+++ b/grub-core/osdep/linux/emunet.c -@@ -16,8 +16,8 @@ - * along with GRUB. If not, see . - */ - --#include - #include -+#include - - #include - #include -diff --git a/grub-core/osdep/unix/config.c b/grub-core/osdep/unix/config.c -index 46a881530c..0ce0e309ac 100644 ---- a/grub-core/osdep/unix/config.c -+++ b/grub-core/osdep/unix/config.c -@@ -16,8 +16,8 @@ - * along with GRUB. If not, see . - */ - --#include - #include -+#include - - #include - #include -diff --git a/grub-core/osdep/unix/cputime.c b/grub-core/osdep/unix/cputime.c -index cff359a3b9..fb6ff55a1a 100644 ---- a/grub-core/osdep/unix/cputime.c -+++ b/grub-core/osdep/unix/cputime.c -@@ -1,5 +1,5 @@ --#include - #include -+#include - - #include - #include -diff --git a/grub-core/osdep/unix/dl.c b/grub-core/osdep/unix/dl.c -index 562b101a28..99b189bc1c 100644 ---- a/grub-core/osdep/unix/dl.c -+++ b/grub-core/osdep/unix/dl.c -@@ -16,8 +16,8 @@ - * along with GRUB. If not, see . - */ - --#include - #include -+#include - - #include - #include -diff --git a/grub-core/osdep/unix/emuconsole.c b/grub-core/osdep/unix/emuconsole.c -index 7308798efe..cac159424d 100644 ---- a/grub-core/osdep/unix/emuconsole.c -+++ b/grub-core/osdep/unix/emuconsole.c -@@ -17,8 +17,8 @@ - * along with GRUB. If not, see . - */ - --#include - #include -+#include - - #include - #include -diff --git a/grub-core/osdep/unix/getroot.c b/grub-core/osdep/unix/getroot.c -index 46d7116c6e..4f436284ce 100644 ---- a/grub-core/osdep/unix/getroot.c -+++ b/grub-core/osdep/unix/getroot.c -@@ -16,8 +16,8 @@ - * along with GRUB. If not, see . - */ - --#include - #include -+#include - - #include - #include -diff --git a/grub-core/osdep/windows/config.c b/grub-core/osdep/windows/config.c -index 928ab1a49b..2bb8a2fd88 100644 ---- a/grub-core/osdep/windows/config.c -+++ b/grub-core/osdep/windows/config.c -@@ -16,8 +16,8 @@ - * along with GRUB. If not, see . - */ - --#include - #include -+#include - - #include - #include -diff --git a/grub-core/osdep/windows/cputime.c b/grub-core/osdep/windows/cputime.c -index 3568aa2d35..5d06d79dd5 100644 ---- a/grub-core/osdep/windows/cputime.c -+++ b/grub-core/osdep/windows/cputime.c -@@ -1,5 +1,5 @@ --#include - #include -+#include - - #include - #include -diff --git a/grub-core/osdep/windows/dl.c b/grub-core/osdep/windows/dl.c -index eec6a24ad7..8eab7057e4 100644 ---- a/grub-core/osdep/windows/dl.c -+++ b/grub-core/osdep/windows/dl.c -@@ -16,8 +16,8 @@ - * along with GRUB. If not, see . - */ - --#include - #include -+#include - - #include - #include -diff --git a/grub-core/osdep/windows/emuconsole.c b/grub-core/osdep/windows/emuconsole.c -index 4fb3693cc0..17a44de469 100644 ---- a/grub-core/osdep/windows/emuconsole.c -+++ b/grub-core/osdep/windows/emuconsole.c -@@ -16,8 +16,8 @@ - * along with GRUB. If not, see . - */ - --#include - #include -+#include - - #include - #include -diff --git a/grub-core/osdep/windows/init.c b/grub-core/osdep/windows/init.c -index 6297de6326..51a9647dde 100644 ---- a/grub-core/osdep/windows/init.c -+++ b/grub-core/osdep/windows/init.c -@@ -16,8 +16,8 @@ - * along with GRUB. If not, see . - */ - --#include - #include -+#include - #include - #include - #include diff --git a/SPECS/grub2/fedora/0208-commands-search-Fix-bug-stopping-iteration-when-no-f.patch b/SPECS/grub2/fedora/0208-commands-search-Fix-bug-stopping-iteration-when-no-f.patch deleted file mode 100644 index 4f7feb933d..0000000000 --- a/SPECS/grub2/fedora/0208-commands-search-Fix-bug-stopping-iteration-when-no-f.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Renaud=20M=C3=A9trich?= -Date: Tue, 8 Feb 2022 08:39:10 +0100 -Subject: [PATCH] commands/search: Fix bug stopping iteration when --no-floppy - is used -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When using --no-floppy and a floppy was encountered, iterate_device() -was returning 1, causing the iteration to stop instead of continuing. - -Signed-off-by: Renaud Métrich -Reviewed-by: Daniel Kiper -(cherry picked from commit 68ba54c2298604146be83cae144dafd1cfd1fe2d) -Signed-off-by: Robbie Harwood ---- - grub-core/commands/search.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/commands/search.c b/grub-core/commands/search.c -index ed090b3af8..51656e361c 100644 ---- a/grub-core/commands/search.c -+++ b/grub-core/commands/search.c -@@ -64,7 +64,7 @@ iterate_device (const char *name, void *data) - /* Skip floppy drives when requested. */ - if (ctx->no_floppy && - name[0] == 'f' && name[1] == 'd' && name[2] >= '0' && name[2] <= '9') -- return 1; -+ return 0; - - #ifdef DO_SEARCH_FS_UUID - #define compare_fn grub_strcasecmp diff --git a/SPECS/grub2/fedora/0209-search-new-efidisk-only-option-on-EFI-systems.patch b/SPECS/grub2/fedora/0209-search-new-efidisk-only-option-on-EFI-systems.patch deleted file mode 100644 index 3f6194ab72..0000000000 --- a/SPECS/grub2/fedora/0209-search-new-efidisk-only-option-on-EFI-systems.patch +++ /dev/null @@ -1,168 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Renaud=20M=C3=A9trich?= -Date: Tue, 8 Feb 2022 08:39:11 +0100 -Subject: [PATCH] search: new --efidisk-only option on EFI systems -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When using 'search' on EFI systems, we sometimes want to exclude devices -that are not EFI disks (e.g. md, lvm). -This is typically used when wanting to chainload when having a software -raid (md) for EFI partition: -with no option, 'search --file /EFI/redhat/shimx64.efi' sets root envvar -to 'md/boot_efi' which cannot be used for chainloading since there is no -effective EFI device behind. - -This commit also refactors handling of --no-floppy option. - -Signed-off-by: Renaud Métrich -[rharwood: apply rmetrich's flags initialization fix] -Signed-off-by: Robbie Harwood ---- - grub-core/commands/search.c | 27 +++++++++++++++++++++++---- - grub-core/commands/search_wrap.c | 18 ++++++++++++------ - include/grub/search.h | 15 ++++++++++++--- - 3 files changed, 47 insertions(+), 13 deletions(-) - -diff --git a/grub-core/commands/search.c b/grub-core/commands/search.c -index 51656e361c..57d26ced8a 100644 ---- a/grub-core/commands/search.c -+++ b/grub-core/commands/search.c -@@ -47,7 +47,7 @@ struct search_ctx - { - const char *key; - const char *var; -- int no_floppy; -+ enum search_flags flags; - char **hints; - unsigned nhints; - int count; -@@ -62,10 +62,29 @@ iterate_device (const char *name, void *data) - int found = 0; - - /* Skip floppy drives when requested. */ -- if (ctx->no_floppy && -+ if (ctx->flags & SEARCH_FLAGS_NO_FLOPPY && - name[0] == 'f' && name[1] == 'd' && name[2] >= '0' && name[2] <= '9') - return 0; - -+ /* Limit to EFI disks when requested. */ -+ if (ctx->flags & SEARCH_FLAGS_EFIDISK_ONLY) -+ { -+ grub_device_t dev; -+ dev = grub_device_open (name); -+ if (! dev) -+ { -+ grub_errno = GRUB_ERR_NONE; -+ return 0; -+ } -+ if (! dev->disk || dev->disk->dev->id != GRUB_DISK_DEVICE_EFIDISK_ID) -+ { -+ grub_device_close (dev); -+ grub_errno = GRUB_ERR_NONE; -+ return 0; -+ } -+ grub_device_close (dev); -+ } -+ - #ifdef DO_SEARCH_FS_UUID - #define compare_fn grub_strcasecmp - #else -@@ -261,13 +280,13 @@ try (struct search_ctx *ctx) - } - - void --FUNC_NAME (const char *key, const char *var, int no_floppy, -+FUNC_NAME (const char *key, const char *var, enum search_flags flags, - char **hints, unsigned nhints) - { - struct search_ctx ctx = { - .key = key, - .var = var, -- .no_floppy = no_floppy, -+ .flags = flags, - .hints = hints, - .nhints = nhints, - .count = 0, -diff --git a/grub-core/commands/search_wrap.c b/grub-core/commands/search_wrap.c -index 47fc8eb996..0b62acf853 100644 ---- a/grub-core/commands/search_wrap.c -+++ b/grub-core/commands/search_wrap.c -@@ -40,6 +40,7 @@ static const struct grub_arg_option options[] = - N_("Set a variable to the first device found."), N_("VARNAME"), - ARG_TYPE_STRING}, - {"no-floppy", 'n', 0, N_("Do not probe any floppy drive."), 0, 0}, -+ {"efidisk-only", 0, 0, N_("Only probe EFI disks."), 0, 0}, - {"hint", 'h', GRUB_ARG_OPTION_REPEATABLE, - N_("First try the device HINT. If HINT ends in comma, " - "also try subpartitions"), N_("HINT"), ARG_TYPE_STRING}, -@@ -73,6 +74,7 @@ enum options - SEARCH_FS_UUID, - SEARCH_SET, - SEARCH_NO_FLOPPY, -+ SEARCH_EFIDISK_ONLY, - SEARCH_HINT, - SEARCH_HINT_IEEE1275, - SEARCH_HINT_BIOS, -@@ -89,6 +91,7 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args) - const char *id = 0; - int i = 0, j = 0, nhints = 0; - char **hints = NULL; -+ enum search_flags flags = 0; - - if (state[SEARCH_HINT].set) - for (i = 0; state[SEARCH_HINT].args[i]; i++) -@@ -180,15 +183,18 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args) - goto out; - } - -+ if (state[SEARCH_NO_FLOPPY].set) -+ flags |= SEARCH_FLAGS_NO_FLOPPY; -+ -+ if (state[SEARCH_EFIDISK_ONLY].set) -+ flags |= SEARCH_FLAGS_EFIDISK_ONLY; -+ - if (state[SEARCH_LABEL].set) -- grub_search_label (id, var, state[SEARCH_NO_FLOPPY].set, -- hints, nhints); -+ grub_search_label (id, var, flags, hints, nhints); - else if (state[SEARCH_FS_UUID].set) -- grub_search_fs_uuid (id, var, state[SEARCH_NO_FLOPPY].set, -- hints, nhints); -+ grub_search_fs_uuid (id, var, flags, hints, nhints); - else if (state[SEARCH_FILE].set) -- grub_search_fs_file (id, var, state[SEARCH_NO_FLOPPY].set, -- hints, nhints); -+ grub_search_fs_file (id, var, flags, hints, nhints); - else - grub_error (GRUB_ERR_INVALID_COMMAND, "unspecified search type"); - -diff --git a/include/grub/search.h b/include/grub/search.h -index d80347df34..4190aeb2cb 100644 ---- a/include/grub/search.h -+++ b/include/grub/search.h -@@ -19,11 +19,20 @@ - #ifndef GRUB_SEARCH_HEADER - #define GRUB_SEARCH_HEADER 1 - --void grub_search_fs_file (const char *key, const char *var, int no_floppy, -+enum search_flags -+ { -+ SEARCH_FLAGS_NO_FLOPPY = 1, -+ SEARCH_FLAGS_EFIDISK_ONLY = 2 -+ }; -+ -+void grub_search_fs_file (const char *key, const char *var, -+ enum search_flags flags, - char **hints, unsigned nhints); --void grub_search_fs_uuid (const char *key, const char *var, int no_floppy, -+void grub_search_fs_uuid (const char *key, const char *var, -+ enum search_flags flags, - char **hints, unsigned nhints); --void grub_search_label (const char *key, const char *var, int no_floppy, -+void grub_search_label (const char *key, const char *var, -+ enum search_flags flags, - char **hints, unsigned nhints); - - #endif diff --git a/SPECS/grub2/fedora/0210-efi-new-connectefi-command.patch b/SPECS/grub2/fedora/0210-efi-new-connectefi-command.patch deleted file mode 100644 index 55a49fd1c0..0000000000 --- a/SPECS/grub2/fedora/0210-efi-new-connectefi-command.patch +++ /dev/null @@ -1,395 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Renaud=20M=C3=A9trich?= -Date: Tue, 15 Feb 2022 14:05:22 +0100 -Subject: [PATCH] efi: new 'connectefi' command -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When efi.quickboot is enabled on VMWare (which is the default for -hardware release 16 and later), it may happen that not all EFI devices -are connected. Due to this, browsing the devices in make_devices() just -fails to find devices, in particular disks or partitions for a given -disk. -This typically happens when network booting, then trying to chainload to -local disk (this is used in deployment tools such as Red Hat Satellite), -which is done through using the following grub.cfg snippet: --------- 8< ---------------- 8< ---------------- 8< -------- -unset prefix -search --file --set=prefix /EFI/redhat/grubx64.efi -if [ -n "$prefix" ]; then - chainloader ($prefix)/EFI/redhat/grubx64/efi -... --------- 8< ---------------- 8< ---------------- 8< -------- - -With efi.quickboot, none of the devices are connected, causing "search" -to fail. Sometimes devices are connected but not the partition of the -disk matching $prefix, causing partition to not be found by -"chainloader". - -This patch introduces a new "connectefi pciroot|scsi" command which -recursively connects all EFI devices starting from a given controller -type: -- if 'pciroot' is specified, recursion is performed for all PCI root - handles -- if 'scsi' is specified, recursion is performed for all SCSI I/O - handles (recommended usage to avoid connecting unwanted handles which - may impact Grub performances) - -Typical grub.cfg snippet would then be: --------- 8< ---------------- 8< ---------------- 8< -------- -connectefi scsi -unset prefix -search --file --set=prefix /EFI/redhat/grubx64.efi -if [ -n "$prefix" ]; then - chainloader ($prefix)/EFI/redhat/grubx64/efi -... --------- 8< ---------------- 8< ---------------- 8< -------- - -The code is easily extensible to handle other arguments in the future if -needed. - -Signed-off-by: Renaud Métrich -Signed-off-by: Robbie Harwood ---- - grub-core/Makefile.core.def | 6 ++ - grub-core/commands/efi/connectefi.c | 205 ++++++++++++++++++++++++++++++++++++ - grub-core/commands/efi/lsefi.c | 1 + - grub-core/disk/efi/efidisk.c | 13 +++ - grub-core/kern/efi/efi.c | 13 +++ - include/grub/efi/disk.h | 2 + - include/grub/efi/efi.h | 5 + - NEWS | 2 +- - 8 files changed, 246 insertions(+), 1 deletion(-) - create mode 100644 grub-core/commands/efi/connectefi.c - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 39233096f2..3c0ac3b7bd 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -836,6 +836,12 @@ module = { - enable = efi; - }; - -+module = { -+ name = connectefi; -+ common = commands/efi/connectefi.c; -+ enable = efi; -+}; -+ - module = { - name = blocklist; - common = commands/blocklist.c; -diff --git a/grub-core/commands/efi/connectefi.c b/grub-core/commands/efi/connectefi.c -new file mode 100644 -index 0000000000..8ab75bd51b ---- /dev/null -+++ b/grub-core/commands/efi/connectefi.c -@@ -0,0 +1,205 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2022 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+GRUB_MOD_LICENSE ("GPLv3+"); -+ -+typedef struct handle_list -+{ -+ grub_efi_handle_t handle; -+ struct handle_list *next; -+} handle_list_t; -+ -+static handle_list_t *already_handled = NULL; -+ -+static grub_err_t -+add_handle (grub_efi_handle_t handle) -+{ -+ handle_list_t *e; -+ e = grub_malloc (sizeof (*e)); -+ if (! e) -+ return grub_errno; -+ e->handle = handle; -+ e->next = already_handled; -+ already_handled = e; -+ return GRUB_ERR_NONE; -+} -+ -+static int -+is_in_list (grub_efi_handle_t handle) -+{ -+ handle_list_t *e; -+ for (e = already_handled; e != NULL; e = e->next) -+ if (e->handle == handle) -+ return 1; -+ return 0; -+} -+ -+static void -+free_handle_list (void) -+{ -+ handle_list_t *e; -+ while ((e = already_handled) != NULL) -+ { -+ already_handled = already_handled->next; -+ grub_free (e); -+ } -+} -+ -+typedef enum searched_item_flag -+{ -+ SEARCHED_ITEM_FLAG_LOOP = 1, -+ SEARCHED_ITEM_FLAG_RECURSIVE = 2 -+} searched_item_flags; -+ -+typedef struct searched_item -+{ -+ grub_efi_guid_t guid; -+ const char *name; -+ searched_item_flags flags; -+} searched_items; -+ -+static grub_err_t -+grub_cmd_connectefi (grub_command_t cmd __attribute__ ((unused)), -+ int argc, char **args) -+{ -+ unsigned s; -+ searched_items pciroot_items[] = -+ { -+ { GRUB_EFI_PCI_ROOT_IO_GUID, "PCI root", SEARCHED_ITEM_FLAG_RECURSIVE } -+ }; -+ searched_items scsi_items[] = -+ { -+ { GRUB_EFI_PCI_ROOT_IO_GUID, "PCI root", 0 }, -+ { GRUB_EFI_PCI_IO_GUID, "PCI", SEARCHED_ITEM_FLAG_LOOP }, -+ { GRUB_EFI_SCSI_IO_PROTOCOL_GUID, "SCSI I/O", SEARCHED_ITEM_FLAG_RECURSIVE } -+ }; -+ searched_items *items = NULL; -+ unsigned nitems = 0; -+ grub_err_t grub_err = GRUB_ERR_NONE; -+ unsigned total_connected = 0; -+ -+ if (argc != 1) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); -+ -+ if (grub_strcmp(args[0], N_("pciroot")) == 0) -+ { -+ items = pciroot_items; -+ nitems = ARRAY_SIZE (pciroot_items); -+ } -+ else if (grub_strcmp(args[0], N_("scsi")) == 0) -+ { -+ items = scsi_items; -+ nitems = ARRAY_SIZE (scsi_items); -+ } -+ else -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, -+ N_("unexpected argument `%s'"), args[0]); -+ -+ for (s = 0; s < nitems; s++) -+ { -+ grub_efi_handle_t *handles; -+ grub_efi_uintn_t num_handles; -+ unsigned i, connected = 0, loop = 0; -+ -+loop: -+ loop++; -+ grub_dprintf ("efi", "step '%s' loop %d:\n", items[s].name, loop); -+ -+ handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, -+ &items[s].guid, 0, &num_handles); -+ -+ if (!handles) -+ continue; -+ -+ for (i = 0; i < num_handles; i++) -+ { -+ grub_efi_handle_t handle = handles[i]; -+ grub_efi_status_t status; -+ unsigned j; -+ -+ /* Skip already handled handles */ -+ if (is_in_list (handle)) -+ { -+ grub_dprintf ("efi", " handle %p: already processed\n", -+ handle); -+ continue; -+ } -+ -+ status = grub_efi_connect_controller(handle, NULL, NULL, -+ items[s].flags & SEARCHED_ITEM_FLAG_RECURSIVE ? 1 : 0); -+ if (status == GRUB_EFI_SUCCESS) -+ { -+ connected++; -+ total_connected++; -+ grub_dprintf ("efi", " handle %p: connected\n", handle); -+ } -+ else -+ grub_dprintf ("efi", " handle %p: failed to connect (%d)\n", -+ handle, (grub_efi_int8_t) status); -+ -+ if ((grub_err = add_handle (handle)) != GRUB_ERR_NONE) -+ break; /* fatal */ -+ } -+ -+ grub_free (handles); -+ if (grub_err != GRUB_ERR_NONE) -+ break; /* fatal */ -+ -+ if (items[s].flags & SEARCHED_ITEM_FLAG_LOOP && connected) -+ { -+ connected = 0; -+ goto loop; -+ } -+ -+ free_handle_list (); -+ } -+ -+ free_handle_list (); -+ -+ if (total_connected) -+ grub_efidisk_reenumerate_disks (); -+ -+ return grub_err; -+} -+ -+static grub_command_t cmd; -+ -+GRUB_MOD_INIT(connectefi) -+{ -+ cmd = grub_register_command ("connectefi", grub_cmd_connectefi, -+ N_("pciroot|scsi"), -+ N_("Connect EFI handles." -+ " If 'pciroot' is specified, connect PCI" -+ " root EFI handles recursively." -+ " If 'scsi' is specified, connect SCSI" -+ " I/O EFI handles recursively.")); -+} -+ -+GRUB_MOD_FINI(connectefi) -+{ -+ grub_unregister_command (cmd); -+} -diff --git a/grub-core/commands/efi/lsefi.c b/grub-core/commands/efi/lsefi.c -index d1ce99af43..f2d2430e66 100644 ---- a/grub-core/commands/efi/lsefi.c -+++ b/grub-core/commands/efi/lsefi.c -@@ -19,6 +19,7 @@ - #include - #include - #include -+#include - #include - #include - #include -diff --git a/grub-core/disk/efi/efidisk.c b/grub-core/disk/efi/efidisk.c -index fe8ba6e6c9..062143dfff 100644 ---- a/grub-core/disk/efi/efidisk.c -+++ b/grub-core/disk/efi/efidisk.c -@@ -396,6 +396,19 @@ enumerate_disks (void) - free_devices (devices); - } - -+void -+grub_efidisk_reenumerate_disks (void) -+{ -+ free_devices (fd_devices); -+ free_devices (hd_devices); -+ free_devices (cd_devices); -+ fd_devices = 0; -+ hd_devices = 0; -+ cd_devices = 0; -+ -+ enumerate_disks (); -+} -+ - static int - grub_efidisk_iterate (grub_disk_dev_iterate_hook_t hook, void *hook_data, - grub_disk_pull_t pull) -diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 14bc10eb56..7fcca69c17 100644 ---- a/grub-core/kern/efi/efi.c -+++ b/grub-core/kern/efi/efi.c -@@ -95,6 +95,19 @@ grub_efi_locate_handle (grub_efi_locate_search_type_t search_type, - return buffer; - } - -+grub_efi_status_t -+grub_efi_connect_controller (grub_efi_handle_t controller_handle, -+ grub_efi_handle_t *driver_image_handle, -+ grub_efi_device_path_protocol_t *remaining_device_path, -+ grub_efi_boolean_t recursive) -+{ -+ grub_efi_boot_services_t *b; -+ -+ b = grub_efi_system_table->boot_services; -+ return efi_call_4 (b->connect_controller, controller_handle, -+ driver_image_handle, remaining_device_path, recursive); -+} -+ - void * - grub_efi_open_protocol (grub_efi_handle_t handle, - grub_efi_guid_t *protocol, -diff --git a/include/grub/efi/disk.h b/include/grub/efi/disk.h -index 254475c842..6845c2f1fd 100644 ---- a/include/grub/efi/disk.h -+++ b/include/grub/efi/disk.h -@@ -27,6 +27,8 @@ grub_efi_handle_t - EXPORT_FUNC(grub_efidisk_get_device_handle) (grub_disk_t disk); - char *EXPORT_FUNC(grub_efidisk_get_device_name) (grub_efi_handle_t *handle); - -+void EXPORT_FUNC(grub_efidisk_reenumerate_disks) (void); -+ - void grub_efidisk_init (void); - void grub_efidisk_fini (void); - -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index 8dfc89a33b..ec52083c49 100644 ---- a/include/grub/efi/efi.h -+++ b/include/grub/efi/efi.h -@@ -41,6 +41,11 @@ EXPORT_FUNC(grub_efi_locate_handle) (grub_efi_locate_search_type_t search_type, - grub_efi_guid_t *protocol, - void *search_key, - grub_efi_uintn_t *num_handles); -+grub_efi_status_t -+EXPORT_FUNC(grub_efi_connect_controller) (grub_efi_handle_t controller_handle, -+ grub_efi_handle_t *driver_image_handle, -+ grub_efi_device_path_protocol_t *remaining_device_path, -+ grub_efi_boolean_t recursive); - void *EXPORT_FUNC(grub_efi_open_protocol) (grub_efi_handle_t handle, - grub_efi_guid_t *protocol, - grub_efi_uint32_t attributes); -diff --git a/NEWS b/NEWS -index 73b8492bc4..d7c1d23aed 100644 ---- a/NEWS -+++ b/NEWS -@@ -98,7 +98,7 @@ New in 2.02: - * Prefer pmtimer for TSC calibration. - - * New/improved platform support: -- * New `efifwsetup' and `lsefi' commands on EFI platforms. -+ * New `efifwsetup', `lsefi' and `connectefi` commands on EFI platforms. - * New `cmosdump' and `cmosset' commands on platforms with CMOS support. - * New command `pcidump' for PCI platforms. - * Improve opcode parsing in ACPI halt implementation. diff --git a/SPECS/grub2/fedora/0211-grub-core-loader-i386-efi-linux.c-do-not-validate-ke.patch b/SPECS/grub2/fedora/0211-grub-core-loader-i386-efi-linux.c-do-not-validate-ke.patch deleted file mode 100644 index 4fe8adf713..0000000000 --- a/SPECS/grub2/fedora/0211-grub-core-loader-i386-efi-linux.c-do-not-validate-ke.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Dimitri John Ledkov -Date: Thu, 3 Mar 2022 13:10:56 +0100 -Subject: [PATCH] grub-core/loader/i386/efi/linux.c: do not validate kernels - twice - -On codebases that have shim-lock-verifier built into the grub core -(like 2.06 upstream), shim-lock-verifier is in enforcing mode when -booted with secureboot. It means that grub_cmd_linux() command -attempts to perform shim validate upon opening linux kernel image, -including kernel measurement. And the verifier correctly returns file -open error when shim validate protocol is not present or shim fails to -validate the kernel. - -This makes the call to grub_linuxefi_secure_validate() redundant, but -also harmful. As validating the kernel image twice, extends the PCRs -with the same measurement twice. Which breaks existing sealing -policies when upgrading from grub2.04+rhboot+sb+linuxefi to -grub2.06+rhboot+sb+linuxefi builds. It is also incorrect to measure -the kernel twice. - -This patch must not be ported to older editions of grub code bases -that do not have verifiers framework, or it is not builtin, or -shim-lock-verifier is an optional module. - -This patch is tested to ensure that unsigned kernels are not possible -to boot in secureboot mode when shim rejects kernel, or shim protocol -is missing, and that the measurements become stable once again. The -above also ensures that CVE-2020-15705 is not reintroduced. - -Signed-off-by: Dimitri John Ledkov ---- - grub-core/loader/i386/efi/linux.c | 13 ------------- - 1 file changed, 13 deletions(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 3cf0f9b330..941df6400b 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -30,7 +30,6 @@ - #include - #include - #include --#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -278,7 +277,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_ssize_t start, filelen; - void *kernel = NULL; - int setup_header_end_offset; -- int rc; - - grub_dl_ref (my_mod); - -@@ -308,17 +306,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -- if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -- { -- rc = grub_linuxefi_secure_validate (kernel, filelen); -- if (rc <= 0) -- { -- grub_error (GRUB_ERR_INVALID_COMMAND, -- N_("%s has invalid signature"), argv[0]); -- goto fail; -- } -- } -- - lh = (struct linux_i386_kernel_header *)kernel; - grub_dprintf ("linux", "original lh is at %p\n", kernel); - diff --git a/SPECS/grub2/fedora/0212-grub-core-loader-arm64-linux.c-do-not-validate-kerne.patch b/SPECS/grub2/fedora/0212-grub-core-loader-arm64-linux.c-do-not-validate-kerne.patch deleted file mode 100644 index 5b450f9f45..0000000000 --- a/SPECS/grub2/fedora/0212-grub-core-loader-arm64-linux.c-do-not-validate-kerne.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Dimitri John Ledkov -Date: Fri, 4 Mar 2022 11:29:31 +0100 -Subject: [PATCH] grub-core/loader/arm64/linux.c: do not validate kernel twice - -Call to grub_file_open(, GRUB_FILE_TYPE_LINUX_KERNEL) already passes -the kernel file through shim-lock verifier when secureboot is on. Thus -there is no need to validate the kernel image again. And when doing so -again, duplicate PCR measurement is performed, breaking measurements -compatibility with 2.04+linuxefi. - -This patch must not be ported to older editions of grub code bases -that do not have verifiers framework, or it is not builtin, or -shim-lock-verifier is an optional module. - -Signed-off-by: Dimitri John Ledkov ---- - grub-core/loader/arm64/linux.c | 13 ------------- - 1 file changed, 13 deletions(-) - -diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index f18d90bd74..d2af47c2c0 100644 ---- a/grub-core/loader/arm64/linux.c -+++ b/grub-core/loader/arm64/linux.c -@@ -34,7 +34,6 @@ - #include - #include - #include --#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -341,7 +340,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_off_t filelen; - grub_uint32_t align; - void *kernel = NULL; -- int rc; - - grub_dl_ref (my_mod); - -@@ -370,17 +368,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -- if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) -- { -- rc = grub_linuxefi_secure_validate (kernel, filelen); -- if (rc <= 0) -- { -- grub_error (GRUB_ERR_INVALID_COMMAND, -- N_("%s has invalid signature"), argv[0]); -- goto fail; -- } -- } -- - if (grub_arch_efi_linux_check_image (kernel) != GRUB_ERR_NONE) - goto fail; - if (parse_pe_header (kernel, &kernel_size, &handover_offset, &align) != GRUB_ERR_NONE) diff --git a/SPECS/grub2/fedora/0213-grub-core-loader-efi-chainloader.c-do-not-validate-c.patch b/SPECS/grub2/fedora/0213-grub-core-loader-efi-chainloader.c-do-not-validate-c.patch deleted file mode 100644 index 4c56d60da0..0000000000 --- a/SPECS/grub2/fedora/0213-grub-core-loader-efi-chainloader.c-do-not-validate-c.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Dimitri John Ledkov -Date: Fri, 4 Mar 2022 09:31:43 +0100 -Subject: [PATCH] grub-core/loader/efi/chainloader.c: do not validate - chainloader twice - -On secureboot systems, with shimlock verifier, call to -grub_file_open(, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE) will already -pass the chainloader target through shim-lock protocol verify -call. And create a TPM measurement. If verification fails, -grub_cmd_chainloader will fail at file open time. - -This makes previous code paths for negative, and zero return codes -from grub_linuxefi_secure_validate unreachable under secureboot. But -also breaking measurements compatibility with 2.04+linuxefi codebases, -as the chainloader file is passed through shim_lock->verify() twice -(via verifier & direct call to grub_linuxefi_secure_validate) -extending the PCRs twice. - -This reduces grub_loader options to perform -grub_secureboot_chainloader when secureboot is on, and otherwise -attempt grub_chainloader_boot. - -It means that booting with secureboot off, yet still with shim (which -always verifies things successfully), will stop choosing -grub_secureboot_chainloader, and opting for a more regular -loadimage/startimage codepath. If we want to use the -grub_secureboot_chainloader codepath in such scenarios we should adapt -the code to simply check for shim_lock protocol presence / -shim_lock->context() success?! But I am not sure if that is necessary. - -This patch must not be ported to older editions of grub code bases -that do not have verifiers framework, or it is not builtin, or -shim-lock-verifier is an optional module. - -Signed-off-by: Dimitri John Ledkov ---- - grub-core/loader/efi/chainloader.c | 8 ++------ - 1 file changed, 2 insertions(+), 6 deletions(-) - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 3af6b12292..644cd2e56f 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -906,7 +906,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - grub_efi_device_path_t *dp = 0; - char *filename; - void *boot_image = 0; -- int rc; - - if (argc == 0) - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -@@ -1082,9 +1081,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - orig_dev = 0; - } - -- rc = grub_linuxefi_secure_validate((void *)(unsigned long)address, fsize); -- grub_dprintf ("chain", "linuxefi_secure_validate: %d\n", rc); -- if (rc > 0) -+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) - { - grub_file_close (file); - grub_device_close (dev); -@@ -1092,7 +1089,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - grub_secureboot_chainloader_unload, 0); - return 0; - } -- else if (rc == 0) -+ else - { - grub_load_and_start_image(boot_image); - grub_file_close (file); -@@ -1101,7 +1098,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - - return 0; - } -- // -1 fall-through to fail - - fail: - if (orig_dev) diff --git a/SPECS/grub2/fedora/0214-grub-core-loader-efi-linux.c-drop-now-unused-grub_li.patch b/SPECS/grub2/fedora/0214-grub-core-loader-efi-linux.c-drop-now-unused-grub_li.patch deleted file mode 100644 index c683fcb7fd..0000000000 --- a/SPECS/grub2/fedora/0214-grub-core-loader-efi-linux.c-drop-now-unused-grub_li.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Dimitri John Ledkov -Date: Fri, 4 Mar 2022 11:36:09 +0100 -Subject: [PATCH] grub-core/loader/efi/linux.c: drop now unused - grub_linuxefi_secure_validate - -Drop the now unused grub_linuxefi_secure_validate() as all prior users -of this API now rely on the shim-lock-verifier codepath instead. - -This patch must not be ported to older editions of grub code bases -that do not have verifiers framework, or it is not builtin, or -shim-lock-verifier is an optional module. - -Signed-off-by: Dimitri John Ledkov ---- - grub-core/loader/efi/linux.c | 40 ---------------------------------------- - include/grub/efi/linux.h | 2 -- - 2 files changed, 42 deletions(-) - -diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c -index 9260731c10..9265cf4200 100644 ---- a/grub-core/loader/efi/linux.c -+++ b/grub-core/loader/efi/linux.c -@@ -24,46 +24,6 @@ - #include - #include - --#define SHIM_LOCK_GUID \ -- { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } -- --struct grub_efi_shim_lock --{ -- grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size); --}; --typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; -- --// Returns 1 on success, -1 on error, 0 when not available --int --grub_linuxefi_secure_validate (void *data, grub_uint32_t size) --{ -- grub_efi_guid_t guid = SHIM_LOCK_GUID; -- grub_efi_shim_lock_t *shim_lock; -- grub_efi_status_t status; -- -- shim_lock = grub_efi_locate_protocol(&guid, NULL); -- grub_dprintf ("secureboot", "shim_lock: %p\n", shim_lock); -- if (!shim_lock) -- { -- grub_dprintf ("secureboot", "shim not available\n"); -- return 0; -- } -- -- grub_dprintf ("secureboot", "Asking shim to verify kernel signature\n"); -- status = shim_lock->verify (data, size); -- grub_dprintf ("secureboot", "shim_lock->verify(): %ld\n", (long int)status); -- if (status == GRUB_EFI_SUCCESS) -- { -- grub_dprintf ("secureboot", "Kernel signature verification passed\n"); -- return 1; -- } -- -- grub_dprintf ("secureboot", "Kernel signature verification failed (0x%lx)\n", -- (unsigned long) status); -- -- return -1; --} -- - #pragma GCC diagnostic push - #pragma GCC diagnostic ignored "-Wcast-align" - -diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h -index 0033d9305a..887b02fd9f 100644 ---- a/include/grub/efi/linux.h -+++ b/include/grub/efi/linux.h -@@ -22,8 +22,6 @@ - #include - #include - --int --EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size); - grub_err_t - EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset, - void *kernel_param); diff --git a/SPECS/grub2/fedora/0219-loader-efi-chainloader-grub_load_and_start_image-doe.patch b/SPECS/grub2/fedora/0219-loader-efi-chainloader-grub_load_and_start_image-doe.patch deleted file mode 100644 index f61ed28281..0000000000 --- a/SPECS/grub2/fedora/0219-loader-efi-chainloader-grub_load_and_start_image-doe.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Thu, 28 Apr 2022 21:53:36 +0100 -Subject: [PATCH] loader/efi/chainloader: grub_load_and_start_image doesn't - load and start - -grub_load_and_start_image only loads an image - it still requires the -caller to start it. This renames it to grub_load_image. - -It's called from 2 places: -- grub_cmd_chainloader when not using the shim protocol. -- grub_secureboot_chainloader_boot if handle_image returns an error. -In this case, the image is loaded and then nothing else happens which -seems strange. I assume the intention is that it falls back to LoadImage -and StartImage if handle_image fails, so I've made it do that. - -Signed-off-by: Chris Coulson -(cherry picked from commit b4d70820a65c00561045856b7b8355461a9545f6) ---- - grub-core/loader/efi/chainloader.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 644cd2e56f..d3bf02ed8a 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -841,7 +841,7 @@ grub_secureboot_chainloader_unload (void) - } - - static grub_err_t --grub_load_and_start_image(void *boot_image) -+grub_load_image(void *boot_image) - { - grub_efi_boot_services_t *b; - grub_efi_status_t status; -@@ -883,13 +883,23 @@ grub_load_and_start_image(void *boot_image) - static grub_err_t - grub_secureboot_chainloader_boot (void) - { -+ grub_efi_boot_services_t *b; - int rc; -+ - rc = handle_image ((void *)(unsigned long)address, fsize); - if (rc == 0) - { -- grub_load_and_start_image((void *)(unsigned long)address); -+ /* We weren't able to attempt to execute the image, so fall back -+ * to LoadImage / StartImage. -+ */ -+ rc = grub_load_image((void *)(unsigned long)address); -+ if (rc == 0) -+ grub_chainloader_boot (); - } - -+ b = grub_efi_system_table->boot_services; -+ efi_call_1 (b->unload_image, image_handle); -+ - grub_loader_unset (); - return grub_errno; - } -@@ -1091,7 +1101,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - } - else - { -- grub_load_and_start_image(boot_image); -+ grub_load_image(boot_image); - grub_file_close (file); - grub_device_close (dev); - grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); diff --git a/SPECS/grub2/fedora/0220-loader-efi-chainloader-simplify-the-loader-state.patch b/SPECS/grub2/fedora/0220-loader-efi-chainloader-simplify-the-loader-state.patch deleted file mode 100644 index 205124e4d6..0000000000 --- a/SPECS/grub2/fedora/0220-loader-efi-chainloader-simplify-the-loader-state.patch +++ /dev/null @@ -1,330 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Fri, 29 Apr 2022 21:13:08 +0100 -Subject: [PATCH] loader/efi/chainloader: simplify the loader state - -When not using the shim lock protocol, the chainloader command retains -the source buffer and device path passed to LoadImage, requiring the -unload hook passed to grub_loader_set to free them. It isn't required -to retain this state though - they aren't required by StartImage or -anything else in the boot hook, so clean them up before -grub_cmd_chainloader finishes. - -This also wraps the loader state when using the shim lock protocol -inside a struct. - -Signed-off-by: Chris Coulson -(cherry picked from commit fa39862933b3be1553a580a3a5c28073257d8046) -[rharwood: fix unitialized handle and double-frees of file/dev] -Signed-off-by: Robbie Harwood ---- - grub-core/loader/efi/chainloader.c | 160 +++++++++++++++++++++++-------------- - 1 file changed, 102 insertions(+), 58 deletions(-) - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index d3bf02ed8a..3342492ff1 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -48,38 +48,21 @@ GRUB_MOD_LICENSE ("GPLv3+"); - - static grub_dl_t my_mod; - --static grub_efi_physical_address_t address; --static grub_efi_uintn_t pages; --static grub_ssize_t fsize; --static grub_efi_device_path_t *file_path; - static grub_efi_handle_t image_handle; --static grub_efi_char16_t *cmdline; --static grub_ssize_t cmdline_len; --static grub_efi_handle_t dev_handle; - --static grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table); -+struct grub_secureboot_chainloader_context { -+ grub_efi_physical_address_t address; -+ grub_efi_uintn_t pages; -+ grub_ssize_t fsize; -+ grub_efi_device_path_t *file_path; -+ grub_efi_char16_t *cmdline; -+ grub_ssize_t cmdline_len; -+ grub_efi_handle_t dev_handle; -+}; -+static struct grub_secureboot_chainloader_context *sb_context; - - static grub_err_t --grub_chainloader_unload (void) --{ -- grub_efi_boot_services_t *b; -- -- b = grub_efi_system_table->boot_services; -- efi_call_1 (b->unload_image, image_handle); -- grub_efi_free_pages (address, pages); -- -- grub_free (file_path); -- grub_free (cmdline); -- cmdline = 0; -- file_path = 0; -- dev_handle = 0; -- -- grub_dl_unref (my_mod); -- return GRUB_ERR_NONE; --} -- --static grub_err_t --grub_chainloader_boot (void) -+grub_start_image (grub_efi_handle_t handle) - { - grub_efi_boot_services_t *b; - grub_efi_status_t status; -@@ -87,7 +70,7 @@ grub_chainloader_boot (void) - grub_efi_char16_t *exit_data = NULL; - - b = grub_efi_system_table->boot_services; -- status = efi_call_3 (b->start_image, image_handle, &exit_data_size, &exit_data); -+ status = efi_call_3 (b->start_image, handle, &exit_data_size, &exit_data); - if (status != GRUB_EFI_SUCCESS) - { - if (exit_data) -@@ -111,11 +94,37 @@ grub_chainloader_boot (void) - if (exit_data) - grub_efi_free_pool (exit_data); - -- grub_loader_unset (); -- - return grub_errno; - } - -+static grub_err_t -+grub_chainloader_unload (void) -+{ -+ grub_efi_loaded_image_t *loaded_image; -+ grub_efi_boot_services_t *b; -+ -+ loaded_image = grub_efi_get_loaded_image (image_handle); -+ if (loaded_image != NULL) -+ grub_free (loaded_image->load_options); -+ -+ b = grub_efi_system_table->boot_services; -+ efi_call_1 (b->unload_image, image_handle); -+ -+ grub_dl_unref (my_mod); -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+grub_chainloader_boot (void) -+{ -+ grub_err_t err; -+ -+ err = grub_start_image (image_handle); -+ -+ grub_loader_unset (); -+ return err; -+} -+ - static grub_err_t - copy_file_path (grub_efi_file_path_device_path_t *fp, - const char *str, grub_efi_uint16_t len) -@@ -150,7 +159,7 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) - char *dir_start; - char *dir_end; - grub_size_t size; -- grub_efi_device_path_t *d; -+ grub_efi_device_path_t *d, *file_path; - - dir_start = grub_strchr (filename, ')'); - if (! dir_start) -@@ -526,10 +535,12 @@ grub_efi_get_media_file_path (grub_efi_device_path_t *dp) - } - - static grub_efi_boolean_t --handle_image (void *data, grub_efi_uint32_t datasize) -+handle_image (struct grub_secureboot_chainloader_context *load_context) - { - grub_efi_loaded_image_t *li, li_bak; - grub_efi_status_t efi_status; -+ void *data = (void *)(unsigned long)load_context->address; -+ grub_efi_uint32_t datasize = load_context->fsize; - void *buffer = NULL; - char *buffer_aligned = NULL; - grub_efi_uint32_t i; -@@ -540,6 +551,7 @@ handle_image (void *data, grub_efi_uint32_t datasize) - grub_uint32_t buffer_size; - int found_entry_point = 0; - int rc; -+ grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table); - - rc = read_header (data, datasize, &context); - if (rc < 0) -@@ -797,10 +809,10 @@ handle_image (void *data, grub_efi_uint32_t datasize) - grub_memcpy (&li_bak, li, sizeof (grub_efi_loaded_image_t)); - li->image_base = buffer_aligned; - li->image_size = context.image_size; -- li->load_options = cmdline; -- li->load_options_size = cmdline_len; -- li->file_path = grub_efi_get_media_file_path (file_path); -- li->device_handle = dev_handle; -+ li->load_options = load_context->cmdline; -+ li->load_options_size = load_context->cmdline_len; -+ li->file_path = grub_efi_get_media_file_path (load_context->file_path); -+ li->device_handle = load_context->dev_handle; - if (!li->file_path) - { - grub_error (GRUB_ERR_UNKNOWN_DEVICE, "no matching file path found"); -@@ -829,19 +841,22 @@ error_exit: - static grub_err_t - grub_secureboot_chainloader_unload (void) - { -- grub_efi_free_pages (address, pages); -- grub_free (file_path); -- grub_free (cmdline); -- cmdline = 0; -- file_path = 0; -- dev_handle = 0; -+ grub_efi_free_pages (sb_context->address, sb_context->pages); -+ grub_free (sb_context->file_path); -+ grub_free (sb_context->cmdline); -+ grub_free (sb_context); -+ -+ sb_context = 0; - - grub_dl_unref (my_mod); - return GRUB_ERR_NONE; - } - - static grub_err_t --grub_load_image(void *boot_image) -+grub_load_image(grub_efi_device_path_t *file_path, void *boot_image, -+ grub_efi_uintn_t image_size, grub_efi_handle_t dev_handle, -+ grub_efi_char16_t *cmdline, grub_ssize_t cmdline_len, -+ grub_efi_handle_t *image_handle_out) - { - grub_efi_boot_services_t *b; - grub_efi_status_t status; -@@ -850,7 +865,7 @@ grub_load_image(void *boot_image) - b = grub_efi_system_table->boot_services; - - status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, -- boot_image, fsize, &image_handle); -+ boot_image, image_size, image_handle_out); - if (status != GRUB_EFI_SUCCESS) - { - if (status == GRUB_EFI_OUT_OF_RESOURCES) -@@ -863,7 +878,7 @@ grub_load_image(void *boot_image) - /* LoadImage does not set a device handler when the image is - loaded from memory, so it is necessary to set it explicitly here. - This is a mess. */ -- loaded_image = grub_efi_get_loaded_image (image_handle); -+ loaded_image = grub_efi_get_loaded_image (*image_handle_out); - if (! loaded_image) - { - grub_error (GRUB_ERR_BAD_OS, "no loaded image available"); -@@ -885,20 +900,25 @@ grub_secureboot_chainloader_boot (void) - { - grub_efi_boot_services_t *b; - int rc; -+ grub_efi_handle_t handle = 0; - -- rc = handle_image ((void *)(unsigned long)address, fsize); -+ rc = handle_image (sb_context); - if (rc == 0) - { - /* We weren't able to attempt to execute the image, so fall back - * to LoadImage / StartImage. - */ -- rc = grub_load_image((void *)(unsigned long)address); -+ rc = grub_load_image(sb_context->file_path, -+ (void *)(unsigned long)sb_context->address, -+ sb_context->fsize, sb_context->dev_handle, -+ sb_context->cmdline, sb_context->cmdline_len, -+ &handle); - if (rc == 0) -- grub_chainloader_boot (); -+ grub_start_image (handle); - } - - b = grub_efi_system_table->boot_services; -- efi_call_1 (b->unload_image, image_handle); -+ efi_call_1 (b->unload_image, handle); - - grub_loader_unset (); - return grub_errno; -@@ -913,9 +933,15 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - grub_efi_boot_services_t *b; - grub_device_t dev = 0; - grub_device_t orig_dev = 0; -- grub_efi_device_path_t *dp = 0; -+ grub_efi_device_path_t *dp = 0, *file_path = 0; - char *filename; - void *boot_image = 0; -+ grub_efi_physical_address_t address = 0; -+ grub_ssize_t fsize; -+ grub_efi_uintn_t pages = 0; -+ grub_efi_char16_t *cmdline = 0; -+ grub_ssize_t cmdline_len = 0; -+ grub_efi_handle_t dev_handle = 0; - - if (argc == 0) - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -@@ -923,12 +949,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - - grub_dl_ref (my_mod); - -- /* Initialize some global variables. */ -- address = 0; -- image_handle = 0; -- file_path = 0; -- dev_handle = 0; -- - b = grub_efi_system_table->boot_services; - - if (argc > 1) -@@ -1093,17 +1113,35 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - - if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED) - { -+ sb_context = grub_malloc (sizeof (*sb_context)); -+ if (sb_context == NULL) -+ goto fail; -+ sb_context->address = address; -+ sb_context->fsize = fsize; -+ sb_context->pages = pages; -+ sb_context->file_path = file_path; -+ sb_context->cmdline = cmdline; -+ sb_context->cmdline_len = cmdline_len; -+ sb_context->dev_handle = dev_handle; -+ - grub_file_close (file); - grub_device_close (dev); -+ - grub_loader_set (grub_secureboot_chainloader_boot, - grub_secureboot_chainloader_unload, 0); - return 0; - } - else - { -- grub_load_image(boot_image); -+ grub_load_image(file_path, boot_image, fsize, dev_handle, cmdline, -+ cmdline_len, &image_handle); - grub_file_close (file); - grub_device_close (dev); -+ -+ /* We're finished with the source image buffer and file path now */ -+ efi_call_2 (b->free_pages, address, pages); -+ grub_free (file_path); -+ - grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); - - return 0; -@@ -1130,6 +1168,12 @@ fail: - if (cmdline) - grub_free (cmdline); - -+ if (image_handle != 0) -+ { -+ efi_call_1 (b->unload_image, image_handle); -+ image_handle = 0; -+ } -+ - grub_dl_unref (my_mod); - - return grub_errno; diff --git a/SPECS/grub2/fedora/0221-commands-boot-Add-API-to-pass-context-to-loader.patch b/SPECS/grub2/fedora/0221-commands-boot-Add-API-to-pass-context-to-loader.patch deleted file mode 100644 index 63a2d76ebe..0000000000 --- a/SPECS/grub2/fedora/0221-commands-boot-Add-API-to-pass-context-to-loader.patch +++ /dev/null @@ -1,158 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Fri, 29 Apr 2022 21:16:02 +0100 -Subject: [PATCH] commands/boot: Add API to pass context to loader - -Loaders rely on global variables for saving context which is consumed -in the boot hook and freed in the unload hook. In the case where a loader -command is executed twice, calling grub_loader_set a second time executes -the unload hook, but in some cases this runs when the loader's global -context has already been updated, resulting in the updated context being -freed and potential use-after-free bugs when the boot hook is subsequently -called. - -This adds a new API (grub_loader_set_ex) which allows a loader to specify -context that is passed to its boot and unload hooks. This is an alternative -to requiring that loaders call grub_loader_unset before mutating their -global context. - -Signed-off-by: Chris Coulson -(cherry picked from commit 4322a64dde7e8fedb58e50b79408667129d45dd3) ---- - grub-core/commands/boot.c | 66 +++++++++++++++++++++++++++++++++++++++++------ - include/grub/loader.h | 5 ++++ - 2 files changed, 63 insertions(+), 8 deletions(-) - -diff --git a/grub-core/commands/boot.c b/grub-core/commands/boot.c -index bbca81e947..53691a62d9 100644 ---- a/grub-core/commands/boot.c -+++ b/grub-core/commands/boot.c -@@ -27,10 +27,20 @@ - - GRUB_MOD_LICENSE ("GPLv3+"); - --static grub_err_t (*grub_loader_boot_func) (void); --static grub_err_t (*grub_loader_unload_func) (void); -+static grub_err_t (*grub_loader_boot_func) (void *); -+static grub_err_t (*grub_loader_unload_func) (void *); -+static void *grub_loader_context; - static int grub_loader_flags; - -+struct grub_simple_loader_hooks -+{ -+ grub_err_t (*boot) (void); -+ grub_err_t (*unload) (void); -+}; -+ -+/* Don't heap allocate this to avoid making grub_loader_set fallible. */ -+static struct grub_simple_loader_hooks simple_loader_hooks; -+ - struct grub_preboot - { - grub_err_t (*preboot_func) (int); -@@ -44,6 +54,29 @@ static int grub_loader_loaded; - static struct grub_preboot *preboots_head = 0, - *preboots_tail = 0; - -+static grub_err_t -+grub_simple_boot_hook (void *context) -+{ -+ struct grub_simple_loader_hooks *hooks; -+ -+ hooks = (struct grub_simple_loader_hooks *) context; -+ return hooks->boot (); -+} -+ -+static grub_err_t -+grub_simple_unload_hook (void *context) -+{ -+ struct grub_simple_loader_hooks *hooks; -+ grub_err_t ret; -+ -+ hooks = (struct grub_simple_loader_hooks *) context; -+ -+ ret = hooks->unload (); -+ grub_memset (hooks, 0, sizeof (*hooks)); -+ -+ return ret; -+} -+ - int - grub_loader_is_loaded (void) - { -@@ -110,28 +143,45 @@ grub_loader_unregister_preboot_hook (struct grub_preboot *hnd) - } - - void --grub_loader_set (grub_err_t (*boot) (void), -- grub_err_t (*unload) (void), -- int flags) -+grub_loader_set_ex (grub_err_t (*boot) (void *), -+ grub_err_t (*unload) (void *), -+ void *context, -+ int flags) - { - if (grub_loader_loaded && grub_loader_unload_func) -- grub_loader_unload_func (); -+ grub_loader_unload_func (grub_loader_context); - - grub_loader_boot_func = boot; - grub_loader_unload_func = unload; -+ grub_loader_context = context; - grub_loader_flags = flags; - - grub_loader_loaded = 1; - } - -+void -+grub_loader_set (grub_err_t (*boot) (void), -+ grub_err_t (*unload) (void), -+ int flags) -+{ -+ grub_loader_set_ex (grub_simple_boot_hook, -+ grub_simple_unload_hook, -+ &simple_loader_hooks, -+ flags); -+ -+ simple_loader_hooks.boot = boot; -+ simple_loader_hooks.unload = unload; -+} -+ - void - grub_loader_unset(void) - { - if (grub_loader_loaded && grub_loader_unload_func) -- grub_loader_unload_func (); -+ grub_loader_unload_func (grub_loader_context); - - grub_loader_boot_func = 0; - grub_loader_unload_func = 0; -+ grub_loader_context = 0; - - grub_loader_loaded = 0; - } -@@ -158,7 +208,7 @@ grub_loader_boot (void) - return err; - } - } -- err = (grub_loader_boot_func) (); -+ err = (grub_loader_boot_func) (grub_loader_context); - - for (cur = preboots_tail; cur; cur = cur->prev) - if (! err) -diff --git a/include/grub/loader.h b/include/grub/loader.h -index b208642821..1846fa6c5f 100644 ---- a/include/grub/loader.h -+++ b/include/grub/loader.h -@@ -40,6 +40,11 @@ void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void), - grub_err_t (*unload) (void), - int flags); - -+void EXPORT_FUNC (grub_loader_set_ex) (grub_err_t (*boot) (void *), -+ grub_err_t (*unload) (void *), -+ void *context, -+ int flags); -+ - /* Unset current loader, if any. */ - void EXPORT_FUNC (grub_loader_unset) (void); - diff --git a/SPECS/grub2/fedora/0222-loader-efi-chainloader-Use-grub_loader_set_ex.patch b/SPECS/grub2/fedora/0222-loader-efi-chainloader-Use-grub_loader_set_ex.patch deleted file mode 100644 index fc15b842ee..0000000000 --- a/SPECS/grub2/fedora/0222-loader-efi-chainloader-Use-grub_loader_set_ex.patch +++ /dev/null @@ -1,147 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Fri, 29 Apr 2022 21:30:56 +0100 -Subject: [PATCH] loader/efi/chainloader: Use grub_loader_set_ex - -This ports the EFI chainloader to use grub_loader_set_ex in order to fix -a use-after-free bug that occurs when grub_cmd_chainloader is executed -more than once before a boot attempt is performed. - -Signed-off-by: Chris Coulson -(cherry picked from commit 4b7f0402b7cb0f67a93be736f2b75b818d7f44c9) -[rharwood: context sludge from other change] -Signed-off-by: Robbie Harwood ---- - grub-core/loader/efi/chainloader.c | 38 ++++++++++++++++++++++---------------- - 1 file changed, 22 insertions(+), 16 deletions(-) - -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index 3342492ff1..fb874f1855 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -48,8 +48,6 @@ GRUB_MOD_LICENSE ("GPLv3+"); - - static grub_dl_t my_mod; - --static grub_efi_handle_t image_handle; -- - struct grub_secureboot_chainloader_context { - grub_efi_physical_address_t address; - grub_efi_uintn_t pages; -@@ -59,7 +57,6 @@ struct grub_secureboot_chainloader_context { - grub_ssize_t cmdline_len; - grub_efi_handle_t dev_handle; - }; --static struct grub_secureboot_chainloader_context *sb_context; - - static grub_err_t - grub_start_image (grub_efi_handle_t handle) -@@ -98,11 +95,14 @@ grub_start_image (grub_efi_handle_t handle) - } - - static grub_err_t --grub_chainloader_unload (void) -+grub_chainloader_unload (void *context) - { -+ grub_efi_handle_t image_handle; - grub_efi_loaded_image_t *loaded_image; - grub_efi_boot_services_t *b; - -+ image_handle = (grub_efi_handle_t) context; -+ - loaded_image = grub_efi_get_loaded_image (image_handle); - if (loaded_image != NULL) - grub_free (loaded_image->load_options); -@@ -115,10 +115,12 @@ grub_chainloader_unload (void) - } - - static grub_err_t --grub_chainloader_boot (void) -+grub_chainloader_boot (void *context) - { -+ grub_efi_handle_t image_handle; - grub_err_t err; - -+ image_handle = (grub_efi_handle_t) context; - err = grub_start_image (image_handle); - - grub_loader_unset (); -@@ -839,15 +841,17 @@ error_exit: - } - - static grub_err_t --grub_secureboot_chainloader_unload (void) -+grub_secureboot_chainloader_unload (void *context) - { -+ struct grub_secureboot_chainloader_context *sb_context; -+ -+ sb_context = (struct grub_secureboot_chainloader_context *) context; -+ - grub_efi_free_pages (sb_context->address, sb_context->pages); - grub_free (sb_context->file_path); - grub_free (sb_context->cmdline); - grub_free (sb_context); - -- sb_context = 0; -- - grub_dl_unref (my_mod); - return GRUB_ERR_NONE; - } -@@ -896,12 +900,15 @@ grub_load_image(grub_efi_device_path_t *file_path, void *boot_image, - } - - static grub_err_t --grub_secureboot_chainloader_boot (void) -+grub_secureboot_chainloader_boot (void *context) - { -+ struct grub_secureboot_chainloader_context *sb_context; - grub_efi_boot_services_t *b; - int rc; - grub_efi_handle_t handle = 0; - -+ sb_context = (struct grub_secureboot_chainloader_context *) context; -+ - rc = handle_image (sb_context); - if (rc == 0) - { -@@ -942,6 +949,8 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - grub_efi_char16_t *cmdline = 0; - grub_ssize_t cmdline_len = 0; - grub_efi_handle_t dev_handle = 0; -+ grub_efi_handle_t image_handle = 0; -+ struct grub_secureboot_chainloader_context *sb_context = 0; - - if (argc == 0) - return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -@@ -1127,8 +1136,8 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - grub_file_close (file); - grub_device_close (dev); - -- grub_loader_set (grub_secureboot_chainloader_boot, -- grub_secureboot_chainloader_unload, 0); -+ grub_loader_set_ex (grub_secureboot_chainloader_boot, -+ grub_secureboot_chainloader_unload, sb_context, 0); - return 0; - } - else -@@ -1142,7 +1151,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - efi_call_2 (b->free_pages, address, pages); - grub_free (file_path); - -- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); -+ grub_loader_set_ex (grub_chainloader_boot, grub_chainloader_unload, image_handle, 0); - - return 0; - } -@@ -1169,10 +1178,7 @@ fail: - grub_free (cmdline); - - if (image_handle != 0) -- { -- efi_call_1 (b->unload_image, image_handle); -- image_handle = 0; -- } -+ efi_call_1 (b->unload_image, image_handle); - - grub_dl_unref (my_mod); - diff --git a/SPECS/grub2/fedora/0223-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch b/SPECS/grub2/fedora/0223-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch deleted file mode 100644 index b79c78c577..0000000000 --- a/SPECS/grub2/fedora/0223-loader-i386-efi-linux-Avoid-a-use-after-free-in-the-.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Mon, 2 May 2022 14:39:31 +0200 -Subject: [PATCH] loader/i386/efi/linux: Avoid a use-after-free in the linuxefi - loader - -In some error paths in grub_cmd_linux, the pointer to lh may be -dereferenced after the buffer it points to has been freed. There aren't -any security implications from this because nothing else uses the -allocator after the buffer is freed and before the pointer is -dereferenced, but fix it anyway. - -Signed-off-by: Chris Coulson -(cherry picked from commit 8224f5a71af94bec8697de17e7e579792db9f9e2) ---- - grub-core/loader/i386/efi/linux.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 941df6400b..27bc2aa161 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -465,9 +465,6 @@ fail: - if (file) - grub_file_close (file); - -- if (kernel) -- grub_free (kernel); -- - if (grub_errno != GRUB_ERR_NONE) - { - grub_dl_unref (my_mod); -@@ -483,6 +480,8 @@ fail: - kernel_free (params, sizeof(*params)); - } - -+ grub_free (kernel); -+ - return grub_errno; - } - diff --git a/SPECS/grub2/fedora/0224-loader-i386-efi-linux-Use-grub_loader_set_ex.patch b/SPECS/grub2/fedora/0224-loader-i386-efi-linux-Use-grub_loader_set_ex.patch deleted file mode 100644 index 1a129dbe6e..0000000000 --- a/SPECS/grub2/fedora/0224-loader-i386-efi-linux-Use-grub_loader_set_ex.patch +++ /dev/null @@ -1,296 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Mon, 2 May 2022 17:04:23 +0200 -Subject: [PATCH] loader/i386/efi/linux: Use grub_loader_set_ex - -This ports the linuxefi loader to use grub_loader_set_ex in order to fix -a use-after-fre bug that occurs when grub_cmd_linux is executed more than -once before a boot attempt is performed. - -This is more complicated than for the chainloader command, as the initrd -command needs access to the loader state. To solve this, the linuxefi -module registers a dummy initrd command at startup that returns an error. -The linuxefi command then registers a proper initrd command with a higher -priority that is passed the loader state. - -Signed-off-by: Chris Coulson -(cherry picked from commit 7cf736436b4c934df5ddfa6f44b46a7e07d99fdc) -[rharwood/pjones: set kernel_size in context] -Signed-off-by: Robbie Harwood ---- - grub-core/loader/i386/efi/linux.c | 146 +++++++++++++++++++++++--------------- - 1 file changed, 87 insertions(+), 59 deletions(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 27bc2aa161..e3c2d6fe0b 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -34,13 +34,19 @@ - GRUB_MOD_LICENSE ("GPLv3+"); - - static grub_dl_t my_mod; --static int loaded; --static void *kernel_mem; --static grub_uint64_t kernel_size; --static void *initrd_mem; --static grub_uint32_t handover_offset; --struct linux_kernel_params *params; --static char *linux_cmdline; -+ -+static grub_command_t cmd_linux, cmd_initrd; -+static grub_command_t cmd_linuxefi, cmd_initrdefi; -+ -+struct grub_linuxefi_context { -+ void *kernel_mem; -+ grub_uint64_t kernel_size; -+ grub_uint32_t handover_offset; -+ struct linux_kernel_params *params; -+ char *cmdline; -+ -+ void *initrd_mem; -+}; - - #define MIN(a, b) \ - ({ typeof (a) _a = (a); \ -@@ -123,25 +129,32 @@ kernel_alloc(grub_efi_uintn_t size, const char * const errmsg) - } - - static grub_err_t --grub_linuxefi_boot (void) -+grub_linuxefi_boot (void *data) - { -+ struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) data; -+ - asm volatile ("cli"); - -- return grub_efi_linux_boot ((char *)kernel_mem, -- handover_offset, -- params); -+ return grub_efi_linux_boot ((char *)context->kernel_mem, -+ context->handover_offset, -+ context->params); - } - - static grub_err_t --grub_linuxefi_unload (void) -+grub_linuxefi_unload (void *data) - { -+ struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) data; -+ struct linux_kernel_params *params = context->params; -+ - grub_dl_unref (my_mod); -- loaded = 0; - -- kernel_free(initrd_mem, params->ramdisk_size); -- kernel_free(linux_cmdline, params->cmdline_size + 1); -- kernel_free(kernel_mem, kernel_size); -- kernel_free(params, sizeof(*params)); -+ kernel_free (context->initrd_mem, params->ramdisk_size); -+ kernel_free (context->cmdline, params->cmdline_size + 1); -+ kernel_free (context->kernel_mem, context->kernel_size); -+ kernel_free (params, sizeof(*params)); -+ cmd_initrd->data = 0; -+ cmd_initrdefi->data = 0; -+ grub_free (context); - - return GRUB_ERR_NONE; - } -@@ -188,13 +201,14 @@ read(grub_file_t file, grub_uint8_t *bufp, grub_size_t len) - #define HIGH_U32(val) ((grub_uint32_t)(((grub_addr_t)(val) >> 32) & 0xffffffffull)) - - static grub_err_t --grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), -- int argc, char *argv[]) -+grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) - { - grub_file_t *files = 0; - int i, nfiles = 0; - grub_size_t size = 0; - grub_uint8_t *ptr; -+ struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) cmd->data; -+ struct linux_kernel_params *params; - - if (argc == 0) - { -@@ -202,12 +216,14 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -- if (!loaded) -+ if (!context) - { - grub_error (GRUB_ERR_BAD_ARGUMENT, N_("you need to load the kernel first")); - goto fail; - } - -+ params = context->params; -+ - files = grub_calloc (argc, sizeof (files[0])); - if (!files) - goto fail; -@@ -225,19 +241,19 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - } - } - -- initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); -- if (initrd_mem == NULL) -+ context->initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); -+ if (context->initrd_mem == NULL) - goto fail; -- grub_dprintf ("linux", "initrd_mem = %p\n", initrd_mem); -+ grub_dprintf ("linux", "initrd_mem = %p\n", context->initrd_mem); - - params->ramdisk_size = LOW_U32(size); -- params->ramdisk_image = LOW_U32(initrd_mem); -+ params->ramdisk_image = LOW_U32(context->initrd_mem); - #if defined(__x86_64__) - params->ext_ramdisk_size = HIGH_U32(size); -- params->ext_ramdisk_image = HIGH_U32(initrd_mem); -+ params->ext_ramdisk_image = HIGH_U32(context->initrd_mem); - #endif - -- ptr = initrd_mem; -+ ptr = context->initrd_mem; - - for (i = 0; i < nfiles; i++) - { -@@ -261,8 +277,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - grub_file_close (files[i]); - grub_free (files); - -- if (initrd_mem && grub_errno) -- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, -+ if (context->initrd_mem && grub_errno) -+ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)context->initrd_mem, - BYTES_TO_PAGES(size)); - - return grub_errno; -@@ -277,6 +293,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_ssize_t start, filelen; - void *kernel = NULL; - int setup_header_end_offset; -+ void *kernel_mem = 0; -+ grub_uint64_t kernel_size = 0; -+ grub_uint32_t handover_offset; -+ struct linux_kernel_params *params = 0; -+ char *cmdline = 0; -+ struct grub_linuxefi_context *context = 0; - - grub_dl_ref (my_mod); - -@@ -390,27 +412,27 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_dprintf ("linux", "new lh is at %p\n", lh); - - grub_dprintf ("linux", "setting up cmdline\n"); -- linux_cmdline = kernel_alloc (lh->cmdline_size + 1, N_("can't allocate cmdline")); -- if (!linux_cmdline) -+ cmdline = kernel_alloc (lh->cmdline_size + 1, N_("can't allocate cmdline")); -+ if (!cmdline) - goto fail; -- grub_dprintf ("linux", "linux_cmdline = %p\n", linux_cmdline); -+ grub_dprintf ("linux", "cmdline = %p\n", cmdline); - -- grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); -+ grub_memcpy (cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); - grub_create_loader_cmdline (argc, argv, -- linux_cmdline + sizeof (LINUX_IMAGE) - 1, -+ cmdline + sizeof (LINUX_IMAGE) - 1, - lh->cmdline_size - (sizeof (LINUX_IMAGE) - 1), - GRUB_VERIFY_KERNEL_CMDLINE); - -- grub_dprintf ("linux", "cmdline:%s\n", linux_cmdline); -+ grub_dprintf ("linux", "cmdline:%s\n", cmdline); - grub_dprintf ("linux", "setting lh->cmd_line_ptr to 0x%08x\n", -- LOW_U32(linux_cmdline)); -- lh->cmd_line_ptr = LOW_U32(linux_cmdline); -+ LOW_U32(cmdline)); -+ lh->cmd_line_ptr = LOW_U32(cmdline); - #if defined(__x86_64__) -- if ((grub_efi_uintn_t)linux_cmdline > 0xffffffffull) -+ if ((grub_efi_uintn_t)cmdline > 0xffffffffull) - { - grub_dprintf ("linux", "setting params->ext_cmd_line_ptr to 0x%08x\n", -- HIGH_U32(linux_cmdline)); -- params->ext_cmd_line_ptr = HIGH_U32(linux_cmdline); -+ HIGH_U32(cmdline)); -+ params->ext_cmd_line_ptr = HIGH_U32(cmdline); - } - #endif - -@@ -435,16 +457,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - } - max_addresses[1].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; - max_addresses[2].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; -- kernel_mem = kernel_alloc (lh->init_size, N_("can't allocate kernel")); -+ kernel_size = lh->init_size; -+ kernel_mem = kernel_alloc (kernel_size, N_("can't allocate kernel")); - restore_addresses(); - if (!kernel_mem) - goto fail; - grub_dprintf("linux", "kernel_mem = %p\n", kernel_mem); - -- grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); -- -- loaded = 1; -- - grub_dprintf ("linux", "setting lh->code32_start to 0x%08x\n", - LOW_U32(kernel_mem)); - lh->code32_start = LOW_U32(kernel_mem); -@@ -461,33 +480,42 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - "setting lh->ext_loader_{type,ver} = {0x%02x,0x%02x}\n", - params->ext_loader_type, params->ext_loader_ver); - -+ context = grub_zalloc (sizeof (*context)); -+ if (!context) -+ goto fail; -+ context->kernel_mem = kernel_mem; -+ context->kernel_size = kernel_size; -+ context->handover_offset = handover_offset; -+ context->params = params; -+ context->cmdline = cmdline; -+ -+ grub_loader_set_ex (grub_linuxefi_boot, grub_linuxefi_unload, context, 0); -+ -+ cmd_initrd->data = context; -+ cmd_initrdefi->data = context; -+ -+ grub_file_close (file); -+ grub_free (kernel); -+ return 0; -+ - fail: - if (file) - grub_file_close (file); - -- if (grub_errno != GRUB_ERR_NONE) -- { -- grub_dl_unref (my_mod); -- loaded = 0; -- } -+ grub_dl_unref (my_mod); - -- if (!loaded) -- { -- if (lh) -- kernel_free (linux_cmdline, lh->cmdline_size + 1); -+ if (lh) -+ kernel_free (cmdline, lh->cmdline_size + 1); - -- kernel_free (kernel_mem, kernel_size); -- kernel_free (params, sizeof(*params)); -- } -+ kernel_free (kernel_mem, kernel_size); -+ kernel_free (params, sizeof(*params)); - -+ grub_free (context); - grub_free (kernel); - - return grub_errno; - } - --static grub_command_t cmd_linux, cmd_initrd; --static grub_command_t cmd_linuxefi, cmd_initrdefi; -- - GRUB_MOD_INIT(linux) - { - cmd_linux = diff --git a/SPECS/grub2/fedora/0225-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch b/SPECS/grub2/fedora/0225-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch deleted file mode 100644 index 51953fd394..0000000000 --- a/SPECS/grub2/fedora/0225-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Tue, 3 May 2022 09:47:35 +0200 -Subject: [PATCH] loader/i386/efi/linux: Fix a memory leak in the initrd - command - -Subsequent invocations of the initrd command result in the previous -initrd being leaked, so fix that. - -Signed-off-by: Chris Coulson -(cherry picked from commit d98af31ce1e31bb22163960d53f5eb28c66582a0) ---- - grub-core/loader/i386/efi/linux.c | 21 ++++++++++++--------- - 1 file changed, 12 insertions(+), 9 deletions(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index e3c2d6fe0b..9e5c11ac69 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -209,6 +209,7 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) - grub_uint8_t *ptr; - struct grub_linuxefi_context *context = (struct grub_linuxefi_context *) cmd->data; - struct linux_kernel_params *params; -+ void *initrd_mem = 0; - - if (argc == 0) - { -@@ -241,19 +242,19 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) - } - } - -- context->initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); -- if (context->initrd_mem == NULL) -+ initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); -+ if (initrd_mem == NULL) - goto fail; -- grub_dprintf ("linux", "initrd_mem = %p\n", context->initrd_mem); -+ grub_dprintf ("linux", "initrd_mem = %p\n", initrd_mem); - - params->ramdisk_size = LOW_U32(size); -- params->ramdisk_image = LOW_U32(context->initrd_mem); -+ params->ramdisk_image = LOW_U32(initrd_mem); - #if defined(__x86_64__) - params->ext_ramdisk_size = HIGH_U32(size); -- params->ext_ramdisk_image = HIGH_U32(context->initrd_mem); -+ params->ext_ramdisk_image = HIGH_U32(initrd_mem); - #endif - -- ptr = context->initrd_mem; -+ ptr = initrd_mem; - - for (i = 0; i < nfiles; i++) - { -@@ -270,6 +271,9 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) - ptr += ALIGN_UP_OVERHEAD (cursize, 4); - } - -+ kernel_free(context->initrd_mem, params->ramdisk_size); -+ -+ context->initrd_mem = initrd_mem; - params->ramdisk_size = size; - - fail: -@@ -277,9 +281,8 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) - grub_file_close (files[i]); - grub_free (files); - -- if (context->initrd_mem && grub_errno) -- grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)context->initrd_mem, -- BYTES_TO_PAGES(size)); -+ if (initrd_mem && grub_errno) -+ kernel_free (initrd_mem, size); - - return grub_errno; - } diff --git a/SPECS/grub2/fedora/0226-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch b/SPECS/grub2/fedora/0226-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch deleted file mode 100644 index 715e6e1dc6..0000000000 --- a/SPECS/grub2/fedora/0226-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Julian Andres Klode -Date: Thu, 2 Dec 2021 15:03:53 +0100 -Subject: [PATCH] kern/efi/sb: Reject non-kernel files in the shim_lock - verifier - -We must not allow other verifiers to pass things like the GRUB modules. -Instead of maintaining a blocklist, maintain an allowlist of things -that we do not care about. - -This allowlist really should be made reusable, and shared by the -lockdown verifier, but this is the minimal patch addressing -security concerns where the TPM verifier was able to mark modules -as verified (or the OpenPGP verifier for that matter), when it -should not do so on shim-powered secure boot systems. - -Fixes: CVE-2022-28735 - -Signed-off-by: Julian Andres Klode -Reviewed-by: Daniel Kiper -(cherry picked from commit fa61ad69861c1cb3f68bf853d78fae7fd93986a0) ---- - grub-core/kern/efi/sb.c | 39 ++++++++++++++++++++++++++++++++++++--- - include/grub/verify.h | 1 + - 2 files changed, 37 insertions(+), 3 deletions(-) - -diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c -index c52ec6226a..89c4bb3fd1 100644 ---- a/grub-core/kern/efi/sb.c -+++ b/grub-core/kern/efi/sb.c -@@ -119,10 +119,11 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), - void **context __attribute__ ((unused)), - enum grub_verify_flags *flags) - { -- *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; -+ *flags = GRUB_VERIFY_FLAGS_NONE; - - switch (type & GRUB_FILE_TYPE_MASK) - { -+ /* Files we check. */ - case GRUB_FILE_TYPE_LINUX_KERNEL: - case GRUB_FILE_TYPE_MULTIBOOT_KERNEL: - case GRUB_FILE_TYPE_BSD_KERNEL: -@@ -130,11 +131,43 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)), - case GRUB_FILE_TYPE_PLAN9_KERNEL: - case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE: - *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK; -+ return GRUB_ERR_NONE; - -- /* Fall through. */ -+ /* Files that do not affect secureboot state. */ -+ case GRUB_FILE_TYPE_NONE: -+ case GRUB_FILE_TYPE_LOOPBACK: -+ case GRUB_FILE_TYPE_LINUX_INITRD: -+ case GRUB_FILE_TYPE_OPENBSD_RAMDISK: -+ case GRUB_FILE_TYPE_XNU_RAMDISK: -+ case GRUB_FILE_TYPE_SIGNATURE: -+ case GRUB_FILE_TYPE_PUBLIC_KEY: -+ case GRUB_FILE_TYPE_PUBLIC_KEY_TRUST: -+ case GRUB_FILE_TYPE_PRINT_BLOCKLIST: -+ case GRUB_FILE_TYPE_TESTLOAD: -+ case GRUB_FILE_TYPE_GET_SIZE: -+ case GRUB_FILE_TYPE_FONT: -+ case GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY: -+ case GRUB_FILE_TYPE_CAT: -+ case GRUB_FILE_TYPE_HEXCAT: -+ case GRUB_FILE_TYPE_CMP: -+ case GRUB_FILE_TYPE_HASHLIST: -+ case GRUB_FILE_TYPE_TO_HASH: -+ case GRUB_FILE_TYPE_KEYBOARD_LAYOUT: -+ case GRUB_FILE_TYPE_PIXMAP: -+ case GRUB_FILE_TYPE_GRUB_MODULE_LIST: -+ case GRUB_FILE_TYPE_CONFIG: -+ case GRUB_FILE_TYPE_THEME: -+ case GRUB_FILE_TYPE_GETTEXT_CATALOG: -+ case GRUB_FILE_TYPE_FS_SEARCH: -+ case GRUB_FILE_TYPE_LOADENV: -+ case GRUB_FILE_TYPE_SAVEENV: -+ case GRUB_FILE_TYPE_VERIFY_SIGNATURE: -+ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION; -+ return GRUB_ERR_NONE; - -+ /* Other files. */ - default: -- return GRUB_ERR_NONE; -+ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("prohibited by secure boot policy")); - } - } - -diff --git a/include/grub/verify.h b/include/grub/verify.h -index cd129c398f..672ae16924 100644 ---- a/include/grub/verify.h -+++ b/include/grub/verify.h -@@ -24,6 +24,7 @@ - - enum grub_verify_flags - { -+ GRUB_VERIFY_FLAGS_NONE = 0, - GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1, - GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2, - /* Defer verification to another authority. */ diff --git a/SPECS/grub2/fedora/0227-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch b/SPECS/grub2/fedora/0227-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch deleted file mode 100644 index 59f94718f9..0000000000 --- a/SPECS/grub2/fedora/0227-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Fri, 25 Jun 2021 02:19:05 +1000 -Subject: [PATCH] kern/file: Do not leak device_name on error in - grub_file_open() - -If we have an error in grub_file_open() before we free device_name, we -will leak it. - -Free device_name in the error path and null out the pointer in the good -path once we free it there. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 1499a5068839fa37cb77ecef4b5bdacbd1ed12ea) ---- - grub-core/kern/file.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c -index ec10e54fc0..db938e099d 100644 ---- a/grub-core/kern/file.c -+++ b/grub-core/kern/file.c -@@ -84,6 +84,7 @@ grub_file_open (const char *name, enum grub_file_type type) - - device = grub_device_open (device_name); - grub_free (device_name); -+ device_name = NULL; - if (! device) - goto fail; - -@@ -138,6 +139,7 @@ grub_file_open (const char *name, enum grub_file_type type) - return file; - - fail: -+ grub_free (device_name); - if (device) - grub_device_close (device); - diff --git a/SPECS/grub2/fedora/0228-video-readers-png-Abort-sooner-if-a-read-operation-f.patch b/SPECS/grub2/fedora/0228-video-readers-png-Abort-sooner-if-a-read-operation-f.patch deleted file mode 100644 index 385d3ed018..0000000000 --- a/SPECS/grub2/fedora/0228-video-readers-png-Abort-sooner-if-a-read-operation-f.patch +++ /dev/null @@ -1,198 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 6 Jul 2021 14:02:55 +1000 -Subject: [PATCH] video/readers/png: Abort sooner if a read operation fails - -Fuzzing revealed some inputs that were taking a long time, potentially -forever, because they did not bail quickly upon encountering an I/O error. - -Try to catch I/O errors sooner and bail out. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 882be97d1df6449b9fd4d593f0cb70005fde3494) ---- - grub-core/video/readers/png.c | 55 ++++++++++++++++++++++++++++++++++++------- - 1 file changed, 47 insertions(+), 8 deletions(-) - -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index 0157ff7420..e2a6b1cf3c 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -142,6 +142,7 @@ static grub_uint8_t - grub_png_get_byte (struct grub_png_data *data) - { - grub_uint8_t r; -+ grub_ssize_t bytes_read = 0; - - if ((data->inside_idat) && (data->idat_remain == 0)) - { -@@ -175,7 +176,14 @@ grub_png_get_byte (struct grub_png_data *data) - } - - r = 0; -- grub_file_read (data->file, &r, 1); -+ bytes_read = grub_file_read (data->file, &r, 1); -+ -+ if (bytes_read != 1) -+ { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "png: unexpected end of data"); -+ return 0; -+ } - - if (data->inside_idat) - data->idat_remain--; -@@ -231,15 +239,16 @@ grub_png_decode_image_palette (struct grub_png_data *data, - if (len == 0) - return GRUB_ERR_NONE; - -- for (i = 0; 3 * i < len && i < 256; i++) -+ grub_errno = GRUB_ERR_NONE; -+ for (i = 0; 3 * i < len && i < 256 && grub_errno == GRUB_ERR_NONE; i++) - for (j = 0; j < 3; j++) - data->palette[i][j] = grub_png_get_byte (data); -- for (i *= 3; i < len; i++) -+ for (i *= 3; i < len && grub_errno == GRUB_ERR_NONE; i++) - grub_png_get_byte (data); - - grub_png_get_dword (data); - -- return GRUB_ERR_NONE; -+ return grub_errno; - } - - static grub_err_t -@@ -256,9 +265,13 @@ grub_png_decode_image_header (struct grub_png_data *data) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "png: invalid image size"); - - color_bits = grub_png_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - data->is_16bit = (color_bits == 16); - - color_type = grub_png_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - /* According to PNG spec, no other types are valid. */ - if ((color_type & ~(PNG_COLOR_MASK_ALPHA | PNG_COLOR_MASK_COLOR)) -@@ -340,14 +353,20 @@ grub_png_decode_image_header (struct grub_png_data *data) - if (grub_png_get_byte (data) != PNG_COMPRESSION_BASE) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "png: compression method not supported"); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - if (grub_png_get_byte (data) != PNG_FILTER_TYPE_BASE) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "png: filter method not supported"); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - if (grub_png_get_byte (data) != PNG_INTERLACE_NONE) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "png: interlace method not supported"); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - /* Skip crc checksum. */ - grub_png_get_dword (data); -@@ -449,7 +468,7 @@ grub_png_get_huff_code (struct grub_png_data *data, struct huff_table *ht) - int code, i; - - code = 0; -- for (i = 0; i < ht->max_length; i++) -+ for (i = 0; i < ht->max_length && grub_errno == GRUB_ERR_NONE; i++) - { - code = (code << 1) + grub_png_get_bits (data, 1); - if (code < ht->maxval[i]) -@@ -504,8 +523,14 @@ grub_png_init_dynamic_block (struct grub_png_data *data) - grub_uint8_t lens[DEFLATE_HCLEN_MAX]; - - nl = DEFLATE_HLIT_BASE + grub_png_get_bits (data, 5); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - nd = DEFLATE_HDIST_BASE + grub_png_get_bits (data, 5); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - nb = DEFLATE_HCLEN_BASE + grub_png_get_bits (data, 4); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - if ((nl > DEFLATE_HLIT_MAX) || (nd > DEFLATE_HDIST_MAX) || - (nb > DEFLATE_HCLEN_MAX)) -@@ -533,7 +558,7 @@ grub_png_init_dynamic_block (struct grub_png_data *data) - data->dist_offset); - - prev = 0; -- for (i = 0; i < nl + nd; i++) -+ for (i = 0; i < nl + nd && grub_errno == GRUB_ERR_NONE; i++) - { - int n, code; - struct huff_table *ht; -@@ -721,17 +746,21 @@ grub_png_read_dynamic_block (struct grub_png_data *data) - len = cplens[n]; - if (cplext[n]) - len += grub_png_get_bits (data, cplext[n]); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - n = grub_png_get_huff_code (data, &data->dist_table); - dist = cpdist[n]; - if (cpdext[n]) - dist += grub_png_get_bits (data, cpdext[n]); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - pos = data->wp - dist; - if (pos < 0) - pos += WSIZE; - -- while (len > 0) -+ while (len > 0 && grub_errno == GRUB_ERR_NONE) - { - data->slide[data->wp] = data->slide[pos]; - grub_png_output_byte (data, data->slide[data->wp]); -@@ -759,7 +788,11 @@ grub_png_decode_image_data (struct grub_png_data *data) - int final; - - cmf = grub_png_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - flg = grub_png_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - if ((cmf & 0xF) != Z_DEFLATED) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, -@@ -774,7 +807,11 @@ grub_png_decode_image_data (struct grub_png_data *data) - int block_type; - - final = grub_png_get_bits (data, 1); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - block_type = grub_png_get_bits (data, 2); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - switch (block_type) - { -@@ -790,7 +827,7 @@ grub_png_decode_image_data (struct grub_png_data *data) - grub_png_get_byte (data); - grub_png_get_byte (data); - -- for (i = 0; i < len; i++) -+ for (i = 0; i < len && grub_errno == GRUB_ERR_NONE; i++) - grub_png_output_byte (data, grub_png_get_byte (data)); - - break; -@@ -1045,6 +1082,8 @@ grub_png_decode_png (struct grub_png_data *data) - - len = grub_png_get_dword (data); - type = grub_png_get_dword (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ break; - data->next_offset = data->file->offset + len + 4; - - switch (type) diff --git a/SPECS/grub2/fedora/0229-video-readers-png-Refuse-to-handle-multiple-image-he.patch b/SPECS/grub2/fedora/0229-video-readers-png-Refuse-to-handle-multiple-image-he.patch deleted file mode 100644 index 9168fe58fe..0000000000 --- a/SPECS/grub2/fedora/0229-video-readers-png-Refuse-to-handle-multiple-image-he.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 6 Jul 2021 14:13:40 +1000 -Subject: [PATCH] video/readers/png: Refuse to handle multiple image headers - -This causes the bitmap to be leaked. Do not permit multiple image headers. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 8ce433557adeadbc46429aabb9f850b02ad2bdfb) ---- - grub-core/video/readers/png.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index e2a6b1cf3c..8955b8ecfd 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -258,6 +258,9 @@ grub_png_decode_image_header (struct grub_png_data *data) - int color_bits; - enum grub_video_blit_format blt; - -+ if (data->image_width || data->image_height) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "png: two image headers found"); -+ - data->image_width = grub_png_get_dword (data); - data->image_height = grub_png_get_dword (data); - diff --git a/SPECS/grub2/fedora/0230-video-readers-png-Drop-greyscale-support-to-fix-heap.patch b/SPECS/grub2/fedora/0230-video-readers-png-Drop-greyscale-support-to-fix-heap.patch deleted file mode 100644 index 4529cb8e3a..0000000000 --- a/SPECS/grub2/fedora/0230-video-readers-png-Drop-greyscale-support-to-fix-heap.patch +++ /dev/null @@ -1,170 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 6 Jul 2021 18:51:35 +1000 -Subject: [PATCH] video/readers/png: Drop greyscale support to fix heap - out-of-bounds write - -A 16-bit greyscale PNG without alpha is processed in the following loop: - - for (i = 0; i < (data->image_width * data->image_height); - i++, d1 += 4, d2 += 2) - { - d1[R3] = d2[1]; - d1[G3] = d2[1]; - d1[B3] = d2[1]; - } - -The increment of d1 is wrong. d1 is incremented by 4 bytes per iteration, -but there are only 3 bytes allocated for storage. This means that image -data will overwrite somewhat-attacker-controlled parts of memory - 3 bytes -out of every 4 following the end of the image. - -This has existed since greyscale support was added in 2013 in commit -3ccf16dff98f (grub-core/video/readers/png.c: Support grayscale). - -Saving starfield.png as a 16-bit greyscale image without alpha in the gimp -and attempting to load it causes grub-emu to crash - I don't think this code -has ever worked. - -Delete all PNG greyscale support. - -Fixes: CVE-2021-3695 - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 0e1d163382669bd734439d8864ee969616d971d9) -[rharwood: context conflict] -Signed-off-by: Robbie Harwood ---- - grub-core/video/readers/png.c | 85 +++---------------------------------------- - 1 file changed, 6 insertions(+), 79 deletions(-) - -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index 8955b8ecfd..a3161e25b6 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -100,7 +100,7 @@ struct grub_png_data - - unsigned image_width, image_height; - int bpp, is_16bit; -- int raw_bytes, is_gray, is_alpha, is_palette; -+ int raw_bytes, is_alpha, is_palette; - int row_bytes, color_bits; - grub_uint8_t *image_data; - -@@ -296,13 +296,13 @@ grub_png_decode_image_header (struct grub_png_data *data) - data->bpp = 3; - else - { -- data->is_gray = 1; -- data->bpp = 1; -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "png: color type not supported"); - } - - if ((color_bits != 8) && (color_bits != 16) - && (color_bits != 4 -- || !(data->is_gray || data->is_palette))) -+ || !data->is_palette)) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "png: bit depth must be 8 or 16"); - -@@ -331,7 +331,7 @@ grub_png_decode_image_header (struct grub_png_data *data) - } - - #ifndef GRUB_CPU_WORDS_BIGENDIAN -- if (data->is_16bit || data->is_gray || data->is_palette) -+ if (data->is_16bit || data->is_palette) - #endif - { - data->image_data = grub_calloc (data->image_height, data->row_bytes); -@@ -899,27 +899,8 @@ grub_png_convert_image (struct grub_png_data *data) - int shift; - int mask = (1 << data->color_bits) - 1; - unsigned j; -- if (data->is_gray) -- { -- /* Generic formula is -- (0xff * i) / ((1U << data->color_bits) - 1) -- but for allowed bit depth of 1, 2 and for it's -- equivalent to -- (0xff / ((1U << data->color_bits) - 1)) * i -- Precompute the multipliers to avoid division. -- */ - -- const grub_uint8_t multipliers[5] = { 0xff, 0xff, 0x55, 0x24, 0x11 }; -- for (i = 0; i < (1U << data->color_bits); i++) -- { -- grub_uint8_t col = multipliers[data->color_bits] * i; -- palette[i][0] = col; -- palette[i][1] = col; -- palette[i][2] = col; -- } -- } -- else -- grub_memcpy (palette, data->palette, 3 << data->color_bits); -+ grub_memcpy (palette, data->palette, 3 << data->color_bits); - d1c = d1; - d2c = d2; - for (j = 0; j < data->image_height; j++, d1c += data->image_width * 3, -@@ -956,60 +937,6 @@ grub_png_convert_image (struct grub_png_data *data) - } - return; - } -- -- if (data->is_gray) -- { -- switch (data->bpp) -- { -- case 4: -- /* 16-bit gray with alpha. */ -- for (i = 0; i < (data->image_width * data->image_height); -- i++, d1 += 4, d2 += 4) -- { -- d1[R4] = d2[3]; -- d1[G4] = d2[3]; -- d1[B4] = d2[3]; -- d1[A4] = d2[1]; -- } -- break; -- case 2: -- if (data->is_16bit) -- /* 16-bit gray without alpha. */ -- { -- for (i = 0; i < (data->image_width * data->image_height); -- i++, d1 += 4, d2 += 2) -- { -- d1[R3] = d2[1]; -- d1[G3] = d2[1]; -- d1[B3] = d2[1]; -- } -- } -- else -- /* 8-bit gray with alpha. */ -- { -- for (i = 0; i < (data->image_width * data->image_height); -- i++, d1 += 4, d2 += 2) -- { -- d1[R4] = d2[1]; -- d1[G4] = d2[1]; -- d1[B4] = d2[1]; -- d1[A4] = d2[0]; -- } -- } -- break; -- /* 8-bit gray without alpha. */ -- case 1: -- for (i = 0; i < (data->image_width * data->image_height); -- i++, d1 += 3, d2++) -- { -- d1[R3] = d2[0]; -- d1[G3] = d2[0]; -- d1[B3] = d2[0]; -- } -- break; -- } -- return; -- } - - { - /* Only copy the upper 8 bit. */ diff --git a/SPECS/grub2/fedora/0231-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch b/SPECS/grub2/fedora/0231-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch deleted file mode 100644 index 51dddfe5f5..0000000000 --- a/SPECS/grub2/fedora/0231-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 6 Jul 2021 23:25:07 +1000 -Subject: [PATCH] video/readers/png: Avoid heap OOB R/W inserting huff table - items - -In fuzzing we observed crashes where a code would attempt to be inserted -into a huffman table before the start, leading to a set of heap OOB reads -and writes as table entries with negative indices were shifted around and -the new code written in. - -Catch the case where we would underflow the array and bail. - -Fixes: CVE-2021-3696 - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 1ae9a91d42cb40da8a6f11fac65541858e340afa) ---- - grub-core/video/readers/png.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index a3161e25b6..d7ed5aa6cf 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -438,6 +438,13 @@ grub_png_insert_huff_item (struct huff_table *ht, int code, int len) - for (i = len; i < ht->max_length; i++) - n += ht->maxval[i]; - -+ if (n > ht->num_values) -+ { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "png: out of range inserting huffman table item"); -+ return; -+ } -+ - for (i = 0; i < n; i++) - ht->values[ht->num_values - i] = ht->values[ht->num_values - i - 1]; - diff --git a/SPECS/grub2/fedora/0232-video-readers-png-Sanity-check-some-huffman-codes.patch b/SPECS/grub2/fedora/0232-video-readers-png-Sanity-check-some-huffman-codes.patch deleted file mode 100644 index c9cef259be..0000000000 --- a/SPECS/grub2/fedora/0232-video-readers-png-Sanity-check-some-huffman-codes.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 6 Jul 2021 19:19:11 +1000 -Subject: [PATCH] video/readers/png: Sanity check some huffman codes - -ASAN picked up two OOB global reads: we weren't checking if some code -values fit within the cplens or cpdext arrays. Check and throw an error -if not. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit c3a8ab0cbd24153ec7b1f84a96ddfdd72ef8d117) ---- - grub-core/video/readers/png.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c -index d7ed5aa6cf..7f2ba7849b 100644 ---- a/grub-core/video/readers/png.c -+++ b/grub-core/video/readers/png.c -@@ -753,6 +753,9 @@ grub_png_read_dynamic_block (struct grub_png_data *data) - int len, dist, pos; - - n -= 257; -+ if (((unsigned int) n) >= ARRAY_SIZE (cplens)) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "png: invalid huff code"); - len = cplens[n]; - if (cplext[n]) - len += grub_png_get_bits (data, cplext[n]); -@@ -760,6 +763,9 @@ grub_png_read_dynamic_block (struct grub_png_data *data) - return grub_errno; - - n = grub_png_get_huff_code (data, &data->dist_table); -+ if (((unsigned int) n) >= ARRAY_SIZE (cpdist)) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "png: invalid huff code"); - dist = cpdist[n]; - if (cpdext[n]) - dist += grub_png_get_bits (data, cpdext[n]); diff --git a/SPECS/grub2/fedora/0233-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch b/SPECS/grub2/fedora/0233-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch deleted file mode 100644 index 54918163af..0000000000 --- a/SPECS/grub2/fedora/0233-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch +++ /dev/null @@ -1,255 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Mon, 28 Jun 2021 14:16:14 +1000 -Subject: [PATCH] video/readers/jpeg: Abort sooner if a read operation fails - -Fuzzing revealed some inputs that were taking a long time, potentially -forever, because they did not bail quickly upon encountering an I/O error. - -Try to catch I/O errors sooner and bail out. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit ab2e5d2e4bff488bbb557ed435a61ae102ef9f0c) ---- - grub-core/video/readers/jpeg.c | 86 ++++++++++++++++++++++++++++++++++-------- - 1 file changed, 70 insertions(+), 16 deletions(-) - -diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c -index e31602f766..10225abd53 100644 ---- a/grub-core/video/readers/jpeg.c -+++ b/grub-core/video/readers/jpeg.c -@@ -109,9 +109,17 @@ static grub_uint8_t - grub_jpeg_get_byte (struct grub_jpeg_data *data) - { - grub_uint8_t r; -+ grub_ssize_t bytes_read; - - r = 0; -- grub_file_read (data->file, &r, 1); -+ bytes_read = grub_file_read (data->file, &r, 1); -+ -+ if (bytes_read != 1) -+ { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: unexpected end of data"); -+ return 0; -+ } - - return r; - } -@@ -120,9 +128,17 @@ static grub_uint16_t - grub_jpeg_get_word (struct grub_jpeg_data *data) - { - grub_uint16_t r; -+ grub_ssize_t bytes_read; - - r = 0; -- grub_file_read (data->file, &r, sizeof (grub_uint16_t)); -+ bytes_read = grub_file_read (data->file, &r, sizeof (grub_uint16_t)); -+ -+ if (bytes_read != sizeof (grub_uint16_t)) -+ { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: unexpected end of data"); -+ return 0; -+ } - - return grub_be_to_cpu16 (r); - } -@@ -135,6 +151,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) - if (data->bit_mask == 0) - { - data->bit_save = grub_jpeg_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: file read error"); -+ return 0; -+ } - if (data->bit_save == JPEG_ESC_CHAR) - { - if (grub_jpeg_get_byte (data) != 0) -@@ -143,6 +164,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data) - "jpeg: invalid 0xFF in data stream"); - return 0; - } -+ if (grub_errno != GRUB_ERR_NONE) -+ { -+ grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: file read error"); -+ return 0; -+ } - } - data->bit_mask = 0x80; - } -@@ -161,7 +187,7 @@ grub_jpeg_get_number (struct grub_jpeg_data *data, int num) - return 0; - - msb = value = grub_jpeg_get_bit (data); -- for (i = 1; i < num; i++) -+ for (i = 1; i < num && grub_errno == GRUB_ERR_NONE; i++) - value = (value << 1) + (grub_jpeg_get_bit (data) != 0); - if (!msb) - value += 1 - (1 << num); -@@ -202,6 +228,8 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data) - while (data->file->offset + sizeof (count) + 1 <= next_marker) - { - id = grub_jpeg_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - ac = (id >> 4) & 1; - id &= 0xF; - if (id > 1) -@@ -252,6 +280,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) - - next_marker = data->file->offset; - next_marker += grub_jpeg_get_word (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - - if (next_marker > data->file->size) - { -@@ -263,6 +293,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data) - <= next_marker) - { - id = grub_jpeg_get_byte (data); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - if (id >= 0x10) /* Upper 4-bit is precision. */ - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "jpeg: only 8-bit precision is supported"); -@@ -294,6 +326,9 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) - next_marker = data->file->offset; - next_marker += grub_jpeg_get_word (data); - -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; -+ - if (grub_jpeg_get_byte (data) != 8) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "jpeg: only 8-bit precision is supported"); -@@ -319,6 +354,8 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); - - ss = grub_jpeg_get_byte (data); /* Sampling factor. */ -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - if (!id) - { - grub_uint8_t vs, hs; -@@ -498,7 +535,7 @@ grub_jpeg_idct_transform (jpeg_data_unit_t du) - } - } - --static void -+static grub_err_t - grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) - { - int h1, h2, qt; -@@ -513,6 +550,9 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) - data->dc_value[id] += - grub_jpeg_get_number (data, grub_jpeg_get_huff_code (data, h1)); - -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; -+ - du[0] = data->dc_value[id] * (int) data->quan_table[qt][0]; - pos = 1; - while (pos < ARRAY_SIZE (data->quan_table[qt])) -@@ -527,11 +567,13 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) - num >>= 4; - pos += num; - -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; -+ - if (pos >= ARRAY_SIZE (jpeg_zigzag_order)) - { -- grub_error (GRUB_ERR_BAD_FILE_TYPE, -- "jpeg: invalid position in zigzag order!?"); -- return; -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: invalid position in zigzag order!?"); - } - - du[jpeg_zigzag_order[pos]] = val * (int) data->quan_table[qt][pos]; -@@ -539,6 +581,7 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du) - } - - grub_jpeg_idct_transform (du); -+ return GRUB_ERR_NONE; - } - - static void -@@ -597,7 +640,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) - data_offset += grub_jpeg_get_word (data); - - cc = grub_jpeg_get_byte (data); -- -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - if (cc != 3 && cc != 1) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "jpeg: component count must be 1 or 3"); -@@ -610,7 +654,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) - id = grub_jpeg_get_byte (data) - 1; - if ((id < 0) || (id >= 3)) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index"); -- -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - ht = grub_jpeg_get_byte (data); - data->comp_index[id][1] = (ht >> 4); - data->comp_index[id][2] = (ht & 0xF) + 2; -@@ -618,11 +663,14 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) - if ((data->comp_index[id][1] < 0) || (data->comp_index[id][1] > 3) || - (data->comp_index[id][2] < 0) || (data->comp_index[id][2] > 3)) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid hufftable index"); -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - } - - grub_jpeg_get_byte (data); /* Skip 3 unused bytes. */ - grub_jpeg_get_word (data); -- -+ if (grub_errno != GRUB_ERR_NONE) -+ return grub_errno; - if (data->file->offset != data_offset) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); - -@@ -640,6 +688,7 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) - { - unsigned c1, vb, hb, nr1, nc1; - int rst = data->dri; -+ grub_err_t err = GRUB_ERR_NONE; - - vb = 8 << data->log_vs; - hb = 8 << data->log_hs; -@@ -660,17 +709,22 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) - - for (r2 = 0; r2 < (1U << data->log_vs); r2++) - for (c2 = 0; c2 < (1U << data->log_hs); c2++) -- grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); -+ { -+ err = grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]); -+ if (err != GRUB_ERR_NONE) -+ return err; -+ } - - if (data->color_components >= 3) - { -- grub_jpeg_decode_du (data, 1, data->cbdu); -- grub_jpeg_decode_du (data, 2, data->crdu); -+ err = grub_jpeg_decode_du (data, 1, data->cbdu); -+ if (err != GRUB_ERR_NONE) -+ return err; -+ err = grub_jpeg_decode_du (data, 2, data->crdu); -+ if (err != GRUB_ERR_NONE) -+ return err; - } - -- if (grub_errno) -- return grub_errno; -- - nr2 = (data->r1 == nr1 - 1) ? (data->image_height - data->r1 * vb) : vb; - nc2 = (c1 == nc1 - 1) ? (data->image_width - c1 * hb) : hb; - diff --git a/SPECS/grub2/fedora/0234-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch b/SPECS/grub2/fedora/0234-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch deleted file mode 100644 index 199ec32cd1..0000000000 --- a/SPECS/grub2/fedora/0234-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Mon, 28 Jun 2021 14:16:58 +1000 -Subject: [PATCH] video/readers/jpeg: Do not reallocate a given huff table - -Fix a memory leak where an invalid file could cause us to reallocate -memory for a huffman table we had already allocated memory for. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit bc06e12b4de55cc6f926af9f064170c82b1403e9) ---- - grub-core/video/readers/jpeg.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c -index 10225abd53..caa211f06d 100644 ---- a/grub-core/video/readers/jpeg.c -+++ b/grub-core/video/readers/jpeg.c -@@ -245,6 +245,9 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data) - n += count[i]; - - id += ac * 2; -+ if (data->huff_value[id] != NULL) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: attempt to reallocate huffman table"); - data->huff_value[id] = grub_malloc (n); - if (grub_errno) - return grub_errno; diff --git a/SPECS/grub2/fedora/0235-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch b/SPECS/grub2/fedora/0235-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch deleted file mode 100644 index 179238bec6..0000000000 --- a/SPECS/grub2/fedora/0235-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Mon, 28 Jun 2021 14:25:17 +1000 -Subject: [PATCH] video/readers/jpeg: Refuse to handle multiple start of - streams - -An invalid file could contain multiple start of stream blocks, which -would cause us to reallocate and leak our bitmap. Refuse to handle -multiple start of streams. - -Additionally, fix a grub_error() call formatting. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit f3a854def3e281b7ad4bbea730cd3046de1da52f) ---- - grub-core/video/readers/jpeg.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c -index caa211f06d..1df1171d78 100644 ---- a/grub-core/video/readers/jpeg.c -+++ b/grub-core/video/readers/jpeg.c -@@ -677,6 +677,9 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data) - if (data->file->offset != data_offset) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos"); - -+ if (*data->bitmap) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: too many start of scan blocks"); -+ - if (grub_video_bitmap_create (data->bitmap, data->image_width, - data->image_height, - GRUB_VIDEO_BLIT_FORMAT_RGB_888)) -@@ -699,8 +702,8 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) - nc1 = (data->image_width + hb - 1) >> (3 + data->log_hs); - - if (data->bitmap_ptr == NULL) -- return grub_error(GRUB_ERR_BAD_FILE_TYPE, -- "jpeg: attempted to decode data before start of stream"); -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: attempted to decode data before start of stream"); - - for (; data->r1 < nr1 && (!data->dri || rst); - data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) diff --git a/SPECS/grub2/fedora/0236-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch b/SPECS/grub2/fedora/0236-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch deleted file mode 100644 index 99eeb62109..0000000000 --- a/SPECS/grub2/fedora/0236-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Wed, 7 Jul 2021 15:38:19 +1000 -Subject: [PATCH] video/readers/jpeg: Block int underflow -> wild pointer write - -Certain 1 px wide images caused a wild pointer write in -grub_jpeg_ycrcb_to_rgb(). This was caused because in grub_jpeg_decode_data(), -we have the following loop: - -for (; data->r1 < nr1 && (!data->dri || rst); - data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) - -We did not check if vb * width >= hb * nc1. - -On a 64-bit platform, if that turns out to be negative, it will underflow, -be interpreted as unsigned 64-bit, then be added to the 64-bit pointer, so -we see data->bitmap_ptr jump, e.g.: - -0x6180_0000_0480 to -0x6181_0000_0498 - ^ - ~--- carry has occurred and this pointer is now far away from - any object. - -On a 32-bit platform, it will decrement the pointer, creating a pointer -that won't crash but will overwrite random data. - -Catch the underflow and error out. - -Fixes: CVE-2021-3697 - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 41aeb2004db9924fecd9f2dd64bc2a5a5594a4b5) ---- - grub-core/video/readers/jpeg.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c -index 1df1171d78..2da04094b3 100644 ---- a/grub-core/video/readers/jpeg.c -+++ b/grub-core/video/readers/jpeg.c -@@ -705,6 +705,10 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data) - return grub_error (GRUB_ERR_BAD_FILE_TYPE, - "jpeg: attempted to decode data before start of stream"); - -+ if (vb * data->image_width <= hb * nc1) -+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, -+ "jpeg: cannot decode image with these dimensions"); -+ - for (; data->r1 < nr1 && (!data->dri || rst); - data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) - for (c1 = 0; c1 < nc1 && (!data->dri || rst); diff --git a/SPECS/grub2/fedora/0237-normal-charset-Fix-array-out-of-bounds-formatting-un.patch b/SPECS/grub2/fedora/0237-normal-charset-Fix-array-out-of-bounds-formatting-un.patch deleted file mode 100644 index 6e64ed86bf..0000000000 --- a/SPECS/grub2/fedora/0237-normal-charset-Fix-array-out-of-bounds-formatting-un.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 13 Jul 2021 13:24:38 +1000 -Subject: [PATCH] normal/charset: Fix array out-of-bounds formatting unicode - for display - -In some cases attempting to display arbitrary binary strings leads -to ASAN splats reading the widthspec array out of bounds. - -Check the index. If it would be out of bounds, return a width of 1. -I don't know if that's strictly correct, but we're not really expecting -great display of arbitrary binary data, and it's certainly not worse than -an OOB read. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit fdf32abc7a3928852422c0f291d8cd1dd6b34a8d) ---- - grub-core/normal/charset.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c -index 4dfcc31078..7a5a7c153c 100644 ---- a/grub-core/normal/charset.c -+++ b/grub-core/normal/charset.c -@@ -395,6 +395,8 @@ grub_unicode_estimate_width (const struct grub_unicode_glyph *c) - { - if (grub_unicode_get_comb_type (c->base)) - return 0; -+ if (((unsigned long) (c->base >> 3)) >= ARRAY_SIZE (widthspec)) -+ return 1; - if (widthspec[c->base >> 3] & (1 << (c->base & 7))) - return 2; - else diff --git a/SPECS/grub2/fedora/0238-net-netbuff-Block-overly-large-netbuff-allocs.patch b/SPECS/grub2/fedora/0238-net-netbuff-Block-overly-large-netbuff-allocs.patch deleted file mode 100644 index 2e10d49e5f..0000000000 --- a/SPECS/grub2/fedora/0238-net-netbuff-Block-overly-large-netbuff-allocs.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 8 Mar 2022 23:47:46 +1100 -Subject: [PATCH] net/netbuff: Block overly large netbuff allocs - -A netbuff shouldn't be too huge. It's bounded by MTU and TCP segment -reassembly. - -This helps avoid some bugs (and provides a spot to instrument to catch -them at their source). - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit ee9591103004cd13b4efadda671536090ca7fd57) ---- - grub-core/net/netbuff.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/grub-core/net/netbuff.c b/grub-core/net/netbuff.c -index dbeeefe478..d5e9e9a0d7 100644 ---- a/grub-core/net/netbuff.c -+++ b/grub-core/net/netbuff.c -@@ -79,10 +79,23 @@ grub_netbuff_alloc (grub_size_t len) - - COMPILE_TIME_ASSERT (NETBUFF_ALIGN % sizeof (grub_properly_aligned_t) == 0); - -+ /* -+ * The largest size of a TCP packet is 64 KiB, and everything else -+ * should be a lot smaller - most MTUs are 1500 or less. Cap data -+ * size at 64 KiB + a buffer. -+ */ -+ if (len > 0xffffUL + 0x1000UL) -+ { -+ grub_error (GRUB_ERR_BUG, -+ "attempted to allocate a packet that is too big"); -+ return NULL; -+ } -+ - if (len < NETBUFFMINLEN) - len = NETBUFFMINLEN; - - len = ALIGN_UP (len, NETBUFF_ALIGN); -+ - #ifdef GRUB_MACHINE_EMU - data = grub_malloc (len + sizeof (*nb)); - #else diff --git a/SPECS/grub2/fedora/0239-net-ip-Do-IP-fragment-maths-safely.patch b/SPECS/grub2/fedora/0239-net-ip-Do-IP-fragment-maths-safely.patch deleted file mode 100644 index 118448d15d..0000000000 --- a/SPECS/grub2/fedora/0239-net-ip-Do-IP-fragment-maths-safely.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Mon, 20 Dec 2021 19:41:21 +1100 -Subject: [PATCH] net/ip: Do IP fragment maths safely - -This avoids an underflow and subsequent unpleasantness. - -Fixes: CVE-2022-28733 - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit eb74e5743ca7e18a5e75c392fe0b21d1549a1936) ---- - grub-core/net/ip.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c -index ce6bdc75c6..cf74f1f794 100644 ---- a/grub-core/net/ip.c -+++ b/grub-core/net/ip.c -@@ -25,6 +25,7 @@ - #include - #include - #include -+#include - #include - - struct iphdr { -@@ -551,7 +552,14 @@ grub_net_recv_ip4_packets (struct grub_net_buff *nb, - { - rsm->total_len = (8 * (grub_be_to_cpu16 (iph->frags) & OFFSET_MASK) - + (nb->tail - nb->data)); -- rsm->total_len -= ((iph->verhdrlen & 0xf) * sizeof (grub_uint32_t)); -+ -+ if (grub_sub (rsm->total_len, (iph->verhdrlen & 0xf) * sizeof (grub_uint32_t), -+ &rsm->total_len)) -+ { -+ grub_dprintf ("net", "IP reassembly size underflow\n"); -+ return GRUB_ERR_NONE; -+ } -+ - rsm->asm_netbuff = grub_netbuff_alloc (rsm->total_len); - if (!rsm->asm_netbuff) - { diff --git a/SPECS/grub2/fedora/0240-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch b/SPECS/grub2/fedora/0240-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch deleted file mode 100644 index 19701b6aa5..0000000000 --- a/SPECS/grub2/fedora/0240-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Thu, 16 Sep 2021 01:29:54 +1000 -Subject: [PATCH] net/dns: Fix double-free addresses on corrupt DNS response - -grub_net_dns_lookup() takes as inputs a pointer to an array of addresses -("addresses") for the given name, and pointer to a number of addresses -("naddresses"). grub_net_dns_lookup() is responsible for allocating -"addresses", and the caller is responsible for freeing it if -"naddresses" > 0. - -The DNS recv_hook will sometimes set and free the addresses array, -for example if the packet is too short: - - if (ptr + 10 >= nb->tail) - { - if (!*data->naddresses) - grub_free (*data->addresses); - grub_netbuff_free (nb); - return GRUB_ERR_NONE; - } - -Later on the nslookup command code unconditionally frees the "addresses" -array. Normally this is fine: the array is either populated with valid -data or is NULL. But in these sorts of error cases it is neither NULL -nor valid and we get a double-free. - -Only free "addresses" if "naddresses" > 0. - -It looks like the other use of grub_net_dns_lookup() is not affected. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit eb2e69fcf51307757e43f55ee8c9354d1ee42dd1) ---- - grub-core/net/dns.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c -index 906ec7d678..135faac035 100644 ---- a/grub-core/net/dns.c -+++ b/grub-core/net/dns.c -@@ -667,9 +667,11 @@ grub_cmd_nslookup (struct grub_command *cmd __attribute__ ((unused)), - grub_net_addr_to_str (&addresses[i], buf); - grub_printf ("%s\n", buf); - } -- grub_free (addresses); - if (naddresses) -- return GRUB_ERR_NONE; -+ { -+ grub_free (addresses); -+ return GRUB_ERR_NONE; -+ } - return grub_error (GRUB_ERR_NET_NO_DOMAIN, N_("no DNS record found")); - } - diff --git a/SPECS/grub2/fedora/0241-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch b/SPECS/grub2/fedora/0241-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch deleted file mode 100644 index ab0d4712ec..0000000000 --- a/SPECS/grub2/fedora/0241-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Mon, 20 Dec 2021 21:55:43 +1100 -Subject: [PATCH] net/dns: Don't read past the end of the string we're checking - against - -I don't really understand what's going on here but fuzzing found -a bug where we read past the end of check_with. That's a C string, -so use grub_strlen() to make sure we don't overread it. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 6a97b3f4b1d5173aa516edc6dedbc63de7306d21) ---- - grub-core/net/dns.c | 19 ++++++++++++++++--- - 1 file changed, 16 insertions(+), 3 deletions(-) - -diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c -index 135faac035..17961a9f18 100644 ---- a/grub-core/net/dns.c -+++ b/grub-core/net/dns.c -@@ -146,11 +146,18 @@ check_name_real (const grub_uint8_t *name_at, const grub_uint8_t *head, - int *length, char *set) - { - const char *readable_ptr = check_with; -+ int readable_len; - const grub_uint8_t *ptr; - char *optr = set; - int bytes_processed = 0; - if (length) - *length = 0; -+ -+ if (readable_ptr != NULL) -+ readable_len = grub_strlen (readable_ptr); -+ else -+ readable_len = 0; -+ - for (ptr = name_at; ptr < tail && bytes_processed < tail - head + 2; ) - { - /* End marker. */ -@@ -172,13 +179,16 @@ check_name_real (const grub_uint8_t *name_at, const grub_uint8_t *head, - ptr = head + (((ptr[0] & 0x3f) << 8) | ptr[1]); - continue; - } -- if (readable_ptr && grub_memcmp (ptr + 1, readable_ptr, *ptr) != 0) -+ if (readable_ptr != NULL && (*ptr > readable_len || grub_memcmp (ptr + 1, readable_ptr, *ptr) != 0)) - return 0; - if (grub_memchr (ptr + 1, 0, *ptr) - || grub_memchr (ptr + 1, '.', *ptr)) - return 0; - if (readable_ptr) -- readable_ptr += *ptr; -+ { -+ readable_ptr += *ptr; -+ readable_len -= *ptr; -+ } - if (readable_ptr && *readable_ptr != '.' && *readable_ptr != 0) - return 0; - bytes_processed += *ptr + 1; -@@ -192,7 +202,10 @@ check_name_real (const grub_uint8_t *name_at, const grub_uint8_t *head, - if (optr) - *optr++ = '.'; - if (readable_ptr && *readable_ptr) -- readable_ptr++; -+ { -+ readable_ptr++; -+ readable_len--; -+ } - ptr += *ptr + 1; - } - return 0; diff --git a/SPECS/grub2/fedora/0242-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch b/SPECS/grub2/fedora/0242-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch deleted file mode 100644 index 3ff7b6bb64..0000000000 --- a/SPECS/grub2/fedora/0242-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch +++ /dev/null @@ -1,112 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Mon, 20 Sep 2021 01:12:24 +1000 -Subject: [PATCH] net/tftp: Prevent a UAF and double-free from a failed seek - -A malicious tftp server can cause UAFs and a double free. - -An attempt to read from a network file is handled by grub_net_fs_read(). If -the read is at an offset other than the current offset, grub_net_seek_real() -is invoked. - -In grub_net_seek_real(), if a backwards seek cannot be satisfied from the -currently received packets, and the underlying transport does not provide -a seek method, then grub_net_seek_real() will close and reopen the network -protocol layer. - -For tftp, the ->close() call goes to tftp_close() and frees the tftp_data_t -file->data. The file->data pointer is not nulled out after the free. - -If the ->open() call fails, the file->data will not be reallocated and will -continue point to a freed memory block. This could happen from a server -refusing to send the requisite ack to the new tftp request, for example. - -The seek and the read will then fail, but the grub_file continues to exist: -the failed seek does not necessarily cause the entire file to be thrown -away (e.g. where the file is checked to see if it is gzipped/lzio/xz/etc., -a read failure is interpreted as a decompressor passing on the file, not as -an invalidation of the entire grub_file_t structure). - -This means subsequent attempts to read or seek the file will use the old -file->data after free. Eventually, the file will be close()d again and -file->data will be freed again. - -Mark a net_fs file that doesn't reopen as broken. Do not permit read() or -close() on a broken file (seek is not exposed directly to the file API - -it is only called as part of read, so this blocks seeks as well). - -As an additional defence, null out the ->data pointer if tftp_open() fails. -That would have lead to a simple null pointer dereference rather than -a mess of UAFs. - -This may affect other protocols, I haven't checked. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit dada1dda695439bb55b2848dddc2d89843552f81) ---- - grub-core/net/net.c | 11 +++++++++-- - grub-core/net/tftp.c | 1 + - include/grub/net.h | 1 + - 3 files changed, 11 insertions(+), 2 deletions(-) - -diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index 55aed92722..1001c611d1 100644 ---- a/grub-core/net/net.c -+++ b/grub-core/net/net.c -@@ -1625,7 +1625,8 @@ grub_net_fs_close (grub_file_t file) - grub_netbuff_free (file->device->net->packs.first->nb); - grub_net_remove_packet (file->device->net->packs.first); - } -- file->device->net->protocol->close (file); -+ if (!file->device->net->broken) -+ file->device->net->protocol->close (file); - grub_free (file->device->net->name); - return GRUB_ERR_NONE; - } -@@ -1847,7 +1848,10 @@ grub_net_seek_real (struct grub_file *file, grub_off_t offset) - file->device->net->stall = 0; - err = file->device->net->protocol->open (file, file->device->net->name); - if (err) -- return err; -+ { -+ file->device->net->broken = 1; -+ return err; -+ } - grub_net_fs_read_real (file, NULL, offset); - return grub_errno; - } -@@ -1856,6 +1860,9 @@ grub_net_seek_real (struct grub_file *file, grub_off_t offset) - static grub_ssize_t - grub_net_fs_read (grub_file_t file, char *buf, grub_size_t len) - { -+ if (file->device->net->broken) -+ return -1; -+ - if (file->offset != file->device->net->offset) - { - grub_err_t err; -diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c -index d54b13f09f..788ad1dc44 100644 ---- a/grub-core/net/tftp.c -+++ b/grub-core/net/tftp.c -@@ -408,6 +408,7 @@ tftp_open (struct grub_file *file, const char *filename) - { - grub_net_udp_close (data->sock); - grub_free (data); -+ file->data = NULL; - return grub_errno; - } - -diff --git a/include/grub/net.h b/include/grub/net.h -index 42af7de250..9e4898cc6b 100644 ---- a/include/grub/net.h -+++ b/include/grub/net.h -@@ -280,6 +280,7 @@ typedef struct grub_net - grub_fs_t fs; - int eof; - int stall; -+ int broken; - } *grub_net_t; - - extern grub_net_t (*EXPORT_VAR (grub_net_open)) (const char *name); diff --git a/SPECS/grub2/fedora/0243-net-tftp-Avoid-a-trivial-UAF.patch b/SPECS/grub2/fedora/0243-net-tftp-Avoid-a-trivial-UAF.patch deleted file mode 100644 index 4ec3b56281..0000000000 --- a/SPECS/grub2/fedora/0243-net-tftp-Avoid-a-trivial-UAF.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 18 Jan 2022 14:29:20 +1100 -Subject: [PATCH] net/tftp: Avoid a trivial UAF - -Under tftp errors, we print a tftp error message from the tftp header. -However, the tftph pointer is a pointer inside nb, the netbuff. Previously, -we were freeing the nb and then dereferencing it. Don't do that, use it -and then free it later. - -This isn't really _bad_ per se, especially as we're single-threaded, but -it trips up fuzzers. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 956f4329cec23e4375182030ca9b2be631a61ba5) ---- - grub-core/net/tftp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c -index 788ad1dc44..a95766dcbd 100644 ---- a/grub-core/net/tftp.c -+++ b/grub-core/net/tftp.c -@@ -251,9 +251,9 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), - return GRUB_ERR_NONE; - case TFTP_ERROR: - data->have_oack = 1; -- grub_netbuff_free (nb); - grub_error (GRUB_ERR_IO, "%s", tftph->u.err.errmsg); - grub_error_save (&data->save_err); -+ grub_netbuff_free (nb); - return GRUB_ERR_NONE; - default: - grub_netbuff_free (nb); diff --git a/SPECS/grub2/fedora/0244-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch b/SPECS/grub2/fedora/0244-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch deleted file mode 100644 index 186f0c3d77..0000000000 --- a/SPECS/grub2/fedora/0244-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 1 Mar 2022 23:14:15 +1100 -Subject: [PATCH] net/http: Do not tear down socket if it's already been torn - down - -It's possible for data->sock to get torn down in tcp error handling. -If we unconditionally tear it down again we will end up doing writes -to an offset of the NULL pointer when we go to tear it down again. - -Detect if it has been torn down and don't do it again. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit ec233d3ecf995293304de443579aab5c46c49e85) ---- - grub-core/net/http.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index 7f878b5615..19cb8768e3 100644 ---- a/grub-core/net/http.c -+++ b/grub-core/net/http.c -@@ -427,7 +427,7 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) - return err; - } - -- for (i = 0; !data->headers_recv && i < 100; i++) -+ for (i = 0; data->sock && !data->headers_recv && i < 100; i++) - { - grub_net_tcp_retransmit (); - grub_net_poll_cards (300, &data->headers_recv); -@@ -435,7 +435,8 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) - - if (!data->headers_recv) - { -- grub_net_tcp_close (data->sock, GRUB_NET_TCP_ABORT); -+ if (data->sock) -+ grub_net_tcp_close (data->sock, GRUB_NET_TCP_ABORT); - if (data->err) - { - char *str = data->errmsg; diff --git a/SPECS/grub2/fedora/0245-net-http-Fix-OOB-write-for-split-http-headers.patch b/SPECS/grub2/fedora/0245-net-http-Fix-OOB-write-for-split-http-headers.patch deleted file mode 100644 index f22960b1de..0000000000 --- a/SPECS/grub2/fedora/0245-net-http-Fix-OOB-write-for-split-http-headers.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 8 Mar 2022 18:17:03 +1100 -Subject: [PATCH] net/http: Fix OOB write for split http headers - -GRUB has special code for handling an http header that is split -across two packets. - -The code tracks the end of line by looking for a "\n" byte. The -code for split headers has always advanced the pointer just past the -end of the line, whereas the code that handles unsplit headers does -not advance the pointer. This extra advance causes the length to be -one greater, which breaks an assumption in parse_line(), leading to -it writing a NUL byte one byte past the end of the buffer where we -reconstruct the line from the two packets. - -It's conceivable that an attacker controlled set of packets could -cause this to zero out the first byte of the "next" pointer of the -grub_mm_region structure following the current_line buffer. - -Do not advance the pointer in the split header case. - -Fixes: CVE-2022-28734 - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit e9fb459638811c12b0989dbf64e3e124974ef617) ---- - grub-core/net/http.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index 19cb8768e3..58546739a2 100644 ---- a/grub-core/net/http.c -+++ b/grub-core/net/http.c -@@ -193,9 +193,7 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)), - int have_line = 1; - char *t; - ptr = grub_memchr (nb->data, '\n', nb->tail - nb->data); -- if (ptr) -- ptr++; -- else -+ if (ptr == NULL) - { - have_line = 0; - ptr = (char *) nb->tail; diff --git a/SPECS/grub2/fedora/0246-net-http-Error-out-on-headers-with-LF-without-CR.patch b/SPECS/grub2/fedora/0246-net-http-Error-out-on-headers-with-LF-without-CR.patch deleted file mode 100644 index b73c169157..0000000000 --- a/SPECS/grub2/fedora/0246-net-http-Error-out-on-headers-with-LF-without-CR.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 8 Mar 2022 19:04:40 +1100 -Subject: [PATCH] net/http: Error out on headers with LF without CR - -In a similar vein to the previous patch, parse_line() would write -a NUL byte past the end of the buffer if there was an HTTP header -with a LF rather than a CRLF. - -RFC-2616 says: - - Many HTTP/1.1 header field values consist of words separated by LWS - or special characters. These special characters MUST be in a quoted - string to be used within a parameter value (as defined in section 3.6). - -We don't support quoted sections or continuation lines, etc. - -If we see an LF that's not part of a CRLF, bail out. - -Fixes: CVE-2022-28734 - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit d232ad41ac4979a9de4d746e5fdff9caf0e303de) ---- - grub-core/net/http.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index 58546739a2..57d2721719 100644 ---- a/grub-core/net/http.c -+++ b/grub-core/net/http.c -@@ -69,7 +69,15 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len) - char *end = ptr + len; - while (end > ptr && *(end - 1) == '\r') - end--; -+ -+ /* LF without CR. */ -+ if (end == ptr + len) -+ { -+ data->errmsg = grub_strdup (_("invalid HTTP header - LF without CR")); -+ return GRUB_ERR_NONE; -+ } - *end = 0; -+ - /* Trailing CRLF. */ - if (data->in_chunk_len == 1) - { diff --git a/SPECS/grub2/fedora/0247-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch b/SPECS/grub2/fedora/0247-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch deleted file mode 100644 index 79df1c2499..0000000000 --- a/SPECS/grub2/fedora/0247-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Sudhakar Kuppusamy -Date: Wed, 6 Apr 2022 18:03:37 +0530 -Subject: [PATCH] fs/f2fs: Do not read past the end of nat journal entries - -A corrupt f2fs file system could specify a nat journal entry count -that is beyond the maximum NAT_JOURNAL_ENTRIES. - -Check if the specified nat journal entry count before accessing the -array, and throw an error if it is too large. - -Signed-off-by: Sudhakar Kuppusamy -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit a3988cb3f0a108dd67ac127a79a4c8479d23334e) ---- - grub-core/fs/f2fs.c | 21 ++++++++++++++------- - 1 file changed, 14 insertions(+), 7 deletions(-) - -diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c -index 8a9992ca9e..63702214b0 100644 ---- a/grub-core/fs/f2fs.c -+++ b/grub-core/fs/f2fs.c -@@ -632,23 +632,27 @@ get_nat_journal (struct grub_f2fs_data *data) - return err; - } - --static grub_uint32_t --get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid) -+static grub_err_t -+get_blkaddr_from_nat_journal (struct grub_f2fs_data *data, grub_uint32_t nid, -+ grub_uint32_t *blkaddr) - { - grub_uint16_t n = grub_le_to_cpu16 (data->nat_j.n_nats); -- grub_uint32_t blkaddr = 0; - grub_uint16_t i; - -+ if (n >= NAT_JOURNAL_ENTRIES) -+ return grub_error (GRUB_ERR_BAD_FS, -+ "invalid number of nat journal entries"); -+ - for (i = 0; i < n; i++) - { - if (grub_le_to_cpu32 (data->nat_j.entries[i].nid) == nid) - { -- blkaddr = grub_le_to_cpu32 (data->nat_j.entries[i].ne.block_addr); -+ *blkaddr = grub_le_to_cpu32 (data->nat_j.entries[i].ne.block_addr); - break; - } - } - -- return blkaddr; -+ return GRUB_ERR_NONE; - } - - static grub_uint32_t -@@ -656,10 +660,13 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid) - { - struct grub_f2fs_nat_block *nat_block; - grub_uint32_t seg_off, block_off, entry_off, block_addr; -- grub_uint32_t blkaddr; -+ grub_uint32_t blkaddr = 0; - grub_err_t err; - -- blkaddr = get_blkaddr_from_nat_journal (data, nid); -+ err = get_blkaddr_from_nat_journal (data, nid, &blkaddr); -+ if (err != GRUB_ERR_NONE) -+ return 0; -+ - if (blkaddr) - return blkaddr; - diff --git a/SPECS/grub2/fedora/0248-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch b/SPECS/grub2/fedora/0248-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch deleted file mode 100644 index 855e882670..0000000000 --- a/SPECS/grub2/fedora/0248-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Sudhakar Kuppusamy -Date: Wed, 6 Apr 2022 18:49:09 +0530 -Subject: [PATCH] fs/f2fs: Do not read past the end of nat bitmap - -A corrupt f2fs filesystem could have a block offset or a bitmap -offset that would cause us to read beyond the bounds of the nat -bitmap. - -Introduce the nat_bitmap_size member in grub_f2fs_data which holds -the size of nat bitmap. - -Set the size when loading the nat bitmap in nat_bitmap_ptr(), and -catch when an invalid offset would create a pointer past the end of -the allocated space. - -Check against the bitmap size in grub_f2fs_test_bit() test bit to avoid -reading past the end of the nat bitmap. - -Signed-off-by: Sudhakar Kuppusamy -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 62d63d5e38c67a6e349148bf7cb87c560e935a7e) ---- - grub-core/fs/f2fs.c | 33 +++++++++++++++++++++++++++------ - 1 file changed, 27 insertions(+), 6 deletions(-) - -diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c -index 63702214b0..8898b235e0 100644 ---- a/grub-core/fs/f2fs.c -+++ b/grub-core/fs/f2fs.c -@@ -122,6 +122,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); - #define F2FS_INLINE_DOTS 0x10 /* File having implicit dot dentries. */ - - #define MAX_VOLUME_NAME 512 -+#define MAX_NAT_BITMAP_SIZE 3900 - - enum FILE_TYPE - { -@@ -183,7 +184,7 @@ struct grub_f2fs_checkpoint - grub_uint32_t checksum_offset; - grub_uint64_t elapsed_time; - grub_uint8_t alloc_type[MAX_ACTIVE_LOGS]; -- grub_uint8_t sit_nat_version_bitmap[3900]; -+ grub_uint8_t sit_nat_version_bitmap[MAX_NAT_BITMAP_SIZE]; - grub_uint32_t checksum; - } GRUB_PACKED; - -@@ -302,6 +303,7 @@ struct grub_f2fs_data - - struct grub_f2fs_nat_journal nat_j; - char *nat_bitmap; -+ grub_uint32_t nat_bitmap_size; - - grub_disk_t disk; - struct grub_f2fs_node *inode; -@@ -377,15 +379,20 @@ sum_blk_addr (struct grub_f2fs_data *data, int base, int type) - } - - static void * --nat_bitmap_ptr (struct grub_f2fs_data *data) -+nat_bitmap_ptr (struct grub_f2fs_data *data, grub_uint32_t *nat_bitmap_size) - { - struct grub_f2fs_checkpoint *ckpt = &data->ckpt; - grub_uint32_t offset; -+ *nat_bitmap_size = MAX_NAT_BITMAP_SIZE; - - if (grub_le_to_cpu32 (data->sblock.cp_payload) > 0) - return ckpt->sit_nat_version_bitmap; - - offset = grub_le_to_cpu32 (ckpt->sit_ver_bitmap_bytesize); -+ if (offset >= MAX_NAT_BITMAP_SIZE) -+ return NULL; -+ -+ *nat_bitmap_size = *nat_bitmap_size - offset; - - return ckpt->sit_nat_version_bitmap + offset; - } -@@ -438,11 +445,15 @@ grub_f2fs_crc_valid (grub_uint32_t blk_crc, void *buf, const grub_uint32_t len) - } - - static int --grub_f2fs_test_bit (grub_uint32_t nr, const char *p) -+grub_f2fs_test_bit (grub_uint32_t nr, const char *p, grub_uint32_t len) - { - int mask; -+ grub_uint32_t shifted_nr = (nr >> 3); - -- p += (nr >> 3); -+ if (shifted_nr >= len) -+ return -1; -+ -+ p += shifted_nr; - mask = 1 << (7 - (nr & 0x07)); - - return mask & *p; -@@ -662,6 +673,7 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid) - grub_uint32_t seg_off, block_off, entry_off, block_addr; - grub_uint32_t blkaddr = 0; - grub_err_t err; -+ int result_bit; - - err = get_blkaddr_from_nat_journal (data, nid, &blkaddr); - if (err != GRUB_ERR_NONE) -@@ -682,8 +694,15 @@ get_node_blkaddr (struct grub_f2fs_data *data, grub_uint32_t nid) - ((seg_off * data->blocks_per_seg) << 1) + - (block_off & (data->blocks_per_seg - 1)); - -- if (grub_f2fs_test_bit (block_off, data->nat_bitmap)) -+ result_bit = grub_f2fs_test_bit (block_off, data->nat_bitmap, -+ data->nat_bitmap_size); -+ if (result_bit > 0) - block_addr += data->blocks_per_seg; -+ else if (result_bit == -1) -+ { -+ grub_free (nat_block); -+ return 0; -+ } - - err = grub_f2fs_block_read (data, block_addr, nat_block); - if (err) -@@ -833,7 +852,9 @@ grub_f2fs_mount (grub_disk_t disk) - if (err) - goto fail; - -- data->nat_bitmap = nat_bitmap_ptr (data); -+ data->nat_bitmap = nat_bitmap_ptr (data, &data->nat_bitmap_size); -+ if (data->nat_bitmap == NULL) -+ goto fail; - - err = get_nat_journal (data); - if (err) diff --git a/SPECS/grub2/fedora/0249-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch b/SPECS/grub2/fedora/0249-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch deleted file mode 100644 index 0553d606fc..0000000000 --- a/SPECS/grub2/fedora/0249-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Sudhakar Kuppusamy -Date: Wed, 6 Apr 2022 18:17:43 +0530 -Subject: [PATCH] fs/f2fs: Do not copy file names that are too long - -A corrupt f2fs file system might specify a name length which is greater -than the maximum name length supported by the GRUB f2fs driver. - -We will allocate enough memory to store the overly long name, but there -are only F2FS_NAME_LEN bytes in the source, so we would read past the end -of the source. - -While checking directory entries, do not copy a file name with an invalid -length. - -Signed-off-by: Sudhakar Kuppusamy -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 9a891f638509e031d322c94e3cbcf38d36f3993a) ---- - grub-core/fs/f2fs.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c -index 8898b235e0..df6beb544c 100644 ---- a/grub-core/fs/f2fs.c -+++ b/grub-core/fs/f2fs.c -@@ -1003,6 +1003,10 @@ grub_f2fs_check_dentries (struct grub_f2fs_dir_iter_ctx *ctx) - - ftype = ctx->dentry[i].file_type; - name_len = grub_le_to_cpu16 (ctx->dentry[i].name_len); -+ -+ if (name_len >= F2FS_NAME_LEN) -+ return 0; -+ - filename = grub_malloc (name_len + 1); - if (!filename) - return 0; diff --git a/SPECS/grub2/fedora/0250-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch b/SPECS/grub2/fedora/0250-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch deleted file mode 100644 index 7ff58218a8..0000000000 --- a/SPECS/grub2/fedora/0250-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Darren Kenny -Date: Tue, 29 Mar 2022 10:49:56 +0000 -Subject: [PATCH] fs/btrfs: Fix several fuzz issues with invalid dir item - sizing - -According to the btrfs code in Linux, the structure of a directory item -leaf should be of the form: - - |struct btrfs_dir_item|name|data| - -in GRUB the name len and data len are in the grub_btrfs_dir_item -structure's n and m fields respectively. - -The combined size of the structure, name and data should be less than -the allocated memory, a difference to the Linux kernel's struct -btrfs_dir_item is that the grub_btrfs_dir_item has an extra field for -where the name is stored, so we adjust for that too. - -Signed-off-by: Darren Kenny -Reviewed-by: Daniel Kiper -(cherry picked from commit 6d3f06c0b6a8992b9b1bb0e62af93ac5ff2781f0) -[rharwood: we've an extra variable here] -Signed-off-by: Robbie Harwood ---- - grub-core/fs/btrfs.c | 26 ++++++++++++++++++++++++++ - 1 file changed, 26 insertions(+) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 07c0ff874b..2fcfb738fe 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -2254,6 +2254,7 @@ grub_btrfs_dir (grub_device_t device, const char *path, - grub_uint64_t tree; - grub_uint8_t type; - char *new_path = NULL; -+ grub_size_t est_size = 0; - - if (!data) - return grub_errno; -@@ -2320,6 +2321,18 @@ grub_btrfs_dir (grub_device_t device, const char *path, - break; - } - -+ if (direl == NULL || -+ grub_add (grub_le_to_cpu16 (direl->n), -+ grub_le_to_cpu16 (direl->m), &est_size) || -+ grub_add (est_size, sizeof (*direl), &est_size) || -+ grub_sub (est_size, sizeof (direl->name), &est_size) || -+ est_size > allocated) -+ { -+ grub_errno = GRUB_ERR_OUT_OF_RANGE; -+ r = -grub_errno; -+ goto out; -+ } -+ - for (cdirel = direl; - (grub_uint8_t *) cdirel - (grub_uint8_t *) direl - < (grub_ssize_t) elemsize; -@@ -2330,6 +2343,19 @@ grub_btrfs_dir (grub_device_t device, const char *path, - char c; - struct grub_btrfs_inode inode; - struct grub_dirhook_info info; -+ -+ if (cdirel == NULL || -+ grub_add (grub_le_to_cpu16 (cdirel->n), -+ grub_le_to_cpu16 (cdirel->m), &est_size) || -+ grub_add (est_size, sizeof (*cdirel), &est_size) || -+ grub_sub (est_size, sizeof (cdirel->name), &est_size) || -+ est_size > allocated) -+ { -+ grub_errno = GRUB_ERR_OUT_OF_RANGE; -+ r = -grub_errno; -+ goto out; -+ } -+ - err = grub_btrfs_read_inode (data, &inode, cdirel->key.object_id, - tree); - grub_memset (&info, 0, sizeof (info)); diff --git a/SPECS/grub2/fedora/0251-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch b/SPECS/grub2/fedora/0251-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch deleted file mode 100644 index d638c11754..0000000000 --- a/SPECS/grub2/fedora/0251-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch +++ /dev/null @@ -1,134 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Darren Kenny -Date: Tue, 29 Mar 2022 15:52:46 +0000 -Subject: [PATCH] fs/btrfs: Fix more ASAN and SEGV issues found with fuzzing - -The fuzzer is generating btrfs file systems that have chunks with -invalid combinations of stripes and substripes for the given RAID -configurations. - -After examining the Linux kernel fs/btrfs/tree-checker.c code, it -appears that sub-stripes should only be applied to RAID10, and in that -case there should only ever be 2 of them. - -Similarly, RAID single should only have 1 stripe, and RAID1/1C3/1C4 -should have 2. 3 or 4 stripes respectively, which is what redundancy -corresponds. - -Some of the chunks ended up with a size of 0, which grub_malloc() still -returned memory for and in turn generated ASAN errors later when -accessed. - -While it would be possible to specifically limit the number of stripes, -a more correct test was on the combination of the chunk item, and the -number of stripes by the size of the chunk stripe structure in -comparison to the size of the chunk itself. - -Signed-off-by: Darren Kenny -Reviewed-by: Daniel Kiper -(cherry picked from commit 3849647b4b98a4419366708fc4b7f339c6f55ec7) ---- - grub-core/fs/btrfs.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 55 insertions(+) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 2fcfb738fe..0e9b450413 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -941,6 +941,12 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - return grub_error (GRUB_ERR_BAD_FS, - "couldn't find the chunk descriptor"); - -+ if (!chsize) -+ { -+ grub_dprintf ("btrfs", "zero-size chunk\n"); -+ return grub_error (GRUB_ERR_BAD_FS, -+ "got an invalid zero-size chunk"); -+ } - chunk = grub_malloc (chsize); - if (!chunk) - return grub_errno; -@@ -999,6 +1005,16 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - stripe_length = grub_divmod64 (grub_le_to_cpu64 (chunk->size), - nstripes, - NULL); -+ -+ /* For single, there should be exactly 1 stripe. */ -+ if (grub_le_to_cpu16 (chunk->nstripes) != 1) -+ { -+ grub_dprintf ("btrfs", "invalid RAID_SINGLE: nstripes != 1 (%u)\n", -+ grub_le_to_cpu16 (chunk->nstripes)); -+ return grub_error (GRUB_ERR_BAD_FS, -+ "invalid RAID_SINGLE: nstripes != 1 (%u)", -+ grub_le_to_cpu16 (chunk->nstripes)); -+ } - if (stripe_length == 0) - stripe_length = 512; - stripen = grub_divmod64 (off, stripe_length, &stripe_offset); -@@ -1018,6 +1034,19 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - stripen = 0; - stripe_offset = off; - csize = grub_le_to_cpu64 (chunk->size) - off; -+ -+ /* -+ * Redundancy, and substripes only apply to RAID10, and there -+ * should be exactly 2 sub-stripes. -+ */ -+ if (grub_le_to_cpu16 (chunk->nstripes) != redundancy) -+ { -+ grub_dprintf ("btrfs", "invalid RAID1: nstripes != %u (%u)\n", -+ redundancy, grub_le_to_cpu16 (chunk->nstripes)); -+ return grub_error (GRUB_ERR_BAD_FS, -+ "invalid RAID1: nstripes != %u (%u)", -+ redundancy, grub_le_to_cpu16 (chunk->nstripes)); -+ } - break; - } - case GRUB_BTRFS_CHUNK_TYPE_RAID0: -@@ -1054,6 +1083,20 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - stripe_offset = low + chunk_stripe_length - * high; - csize = chunk_stripe_length - low; -+ -+ /* -+ * Substripes only apply to RAID10, and there -+ * should be exactly 2 sub-stripes. -+ */ -+ if (grub_le_to_cpu16 (chunk->nsubstripes) != 2) -+ { -+ grub_dprintf ("btrfs", "invalid RAID10: nsubstripes != 2 (%u)", -+ grub_le_to_cpu16 (chunk->nsubstripes)); -+ return grub_error (GRUB_ERR_BAD_FS, -+ "invalid RAID10: nsubstripes != 2 (%u)", -+ grub_le_to_cpu16 (chunk->nsubstripes)); -+ } -+ - break; - } - case GRUB_BTRFS_CHUNK_TYPE_RAID5: -@@ -1153,6 +1196,8 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - - for (j = 0; j < 2; j++) - { -+ grub_size_t est_chunk_alloc = 0; -+ - grub_dprintf ("btrfs", "chunk 0x%" PRIxGRUB_UINT64_T - "+0x%" PRIxGRUB_UINT64_T - " (%d stripes (%d substripes) of %" -@@ -1165,6 +1210,16 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - grub_dprintf ("btrfs", "reading laddr 0x%" PRIxGRUB_UINT64_T "\n", - addr); - -+ if (grub_mul (sizeof (struct grub_btrfs_chunk_stripe), -+ grub_le_to_cpu16 (chunk->nstripes), &est_chunk_alloc) || -+ grub_add (est_chunk_alloc, -+ sizeof (struct grub_btrfs_chunk_item), &est_chunk_alloc) || -+ est_chunk_alloc > chunk->size) -+ { -+ err = GRUB_ERR_BAD_FS; -+ break; -+ } -+ - if (is_raid56) - { - err = btrfs_read_from_chunk (data, chunk, stripen, diff --git a/SPECS/grub2/fedora/0252-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch b/SPECS/grub2/fedora/0252-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch deleted file mode 100644 index 2e5145fe7b..0000000000 --- a/SPECS/grub2/fedora/0252-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Darren Kenny -Date: Thu, 7 Apr 2022 15:18:12 +0000 -Subject: [PATCH] fs/btrfs: Fix more fuzz issues related to chunks - -The corpus we generating issues in grub_btrfs_read_logical() when -attempting to iterate over nstripes entries in the boot mapping. - -In most cases the reason for the failure was that the number of strips -exceeded the possible space statically allocated in superblock bootmapping -space. Each stripe entry in the bootmapping block consists of -a grub_btrfs_key followed by a grub_btrfs_chunk_stripe. - -Another issue that came up was that while calculating the chunk size, -in an earlier piece of code in that function, depending on the data -provided in the btrfs file system, it would end up calculating a size -that was too small to contain even 1 grub_btrfs_chunk_item, which is -obviously invalid too. - -Signed-off-by: Darren Kenny -Reviewed-by: Daniel Kiper -(cherry picked from commit e00cd76cbadcc897a9cc4087cb2fcb5dbe15e596) ---- - grub-core/fs/btrfs.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 0e9b450413..47325f6ad7 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -947,6 +947,17 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - return grub_error (GRUB_ERR_BAD_FS, - "got an invalid zero-size chunk"); - } -+ -+ /* -+ * The space being allocated for a chunk should at least be able to -+ * contain one chunk item. -+ */ -+ if (chsize < sizeof (struct grub_btrfs_chunk_item)) -+ { -+ grub_dprintf ("btrfs", "chunk-size too small\n"); -+ return grub_error (GRUB_ERR_BAD_FS, -+ "got an invalid chunk size"); -+ } - chunk = grub_malloc (chsize); - if (!chunk) - return grub_errno; -@@ -1194,6 +1205,13 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - if (csize > (grub_uint64_t) size) - csize = size; - -+ /* -+ * The space for a chunk stripe is limited to the space provide in the super-block's -+ * bootstrap mapping with an initial btrfs key at the start of each chunk. -+ */ -+ grub_size_t avail_stripes = sizeof (data->sblock.bootstrap_mapping) / -+ (sizeof (struct grub_btrfs_key) + sizeof (struct grub_btrfs_chunk_stripe)); -+ - for (j = 0; j < 2; j++) - { - grub_size_t est_chunk_alloc = 0; -@@ -1220,6 +1238,12 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr, - break; - } - -+ if (grub_le_to_cpu16 (chunk->nstripes) > avail_stripes) -+ { -+ err = GRUB_ERR_BAD_FS; -+ break; -+ } -+ - if (is_raid56) - { - err = btrfs_read_from_chunk (data, chunk, stripen, diff --git a/SPECS/grub2/fedora/0253-misc-Make-grub_min-and-grub_max-more-resilient.patch b/SPECS/grub2/fedora/0253-misc-Make-grub_min-and-grub_max-more-resilient.patch deleted file mode 100644 index eb2e8fda0a..0000000000 --- a/SPECS/grub2/fedora/0253-misc-Make-grub_min-and-grub_max-more-resilient.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 21 Mar 2022 16:06:10 -0400 -Subject: [PATCH] misc: Make grub_min() and grub_max() more resilient. - -grub_min(a,b) and grub_max(a,b) use a relatively naive implementation -which leads to several problems: -- they evaluate their parameters more than once -- the naive way to address this, to declare temporary variables in a - statement-expression, isn't resilient against nested uses, because - MIN(a,MIN(b,c)) results in the temporary variables being declared in - two nested scopes, which may result in a build warning depending on - your build options. - -This patch changes our implementation to use a statement-expression -inside a helper macro, and creates the symbols for the temporary -variables with __COUNTER__ (A GNU C cpp extension) and token pasting to -create uniquely named internal variables. - -Signed-off-by: Peter Jones ---- - grub-core/loader/multiboot_elfxx.c | 4 +--- - include/grub/misc.h | 25 +++++++++++++++++++++++-- - 2 files changed, 24 insertions(+), 5 deletions(-) - -diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c -index f2318e0d16..87f6e31aa6 100644 ---- a/grub-core/loader/multiboot_elfxx.c -+++ b/grub-core/loader/multiboot_elfxx.c -@@ -35,9 +35,7 @@ - #endif - - #include -- --#define CONCAT(a,b) CONCAT_(a, b) --#define CONCAT_(a,b) a ## b -+#include - - #pragma GCC diagnostic ignored "-Wcast-align" - -diff --git a/include/grub/misc.h b/include/grub/misc.h -index 6c4aa85ac5..cf84aec1db 100644 ---- a/include/grub/misc.h -+++ b/include/grub/misc.h -@@ -35,6 +35,14 @@ - #define ARRAY_SIZE(array) (sizeof (array) / sizeof (array[0])) - #define COMPILE_TIME_ASSERT(cond) switch (0) { case 1: case !(cond): ; } - -+#ifndef CONCAT_ -+#define CONCAT_(a, b) a ## b -+#endif -+ -+#ifndef CONCAT -+#define CONCAT(a, b) CONCAT_(a, b) -+#endif -+ - #define grub_dprintf(condition, ...) grub_real_dprintf(GRUB_FILE, __LINE__, condition, __VA_ARGS__) - - void *EXPORT_FUNC(grub_memmove) (void *dest, const void *src, grub_size_t n); -@@ -498,8 +506,21 @@ void EXPORT_FUNC(grub_real_boot_time) (const char *file, - #define grub_boot_time(...) - #endif - --#define grub_max(a, b) (((a) > (b)) ? (a) : (b)) --#define grub_min(a, b) (((a) < (b)) ? (a) : (b)) -+#define _grub_min(a, b, _a, _b) \ -+ ({ typeof (a) _a = (a); \ -+ typeof (b) _b = (b); \ -+ _a < _b ? _a : _b; }) -+#define grub_min(a, b) _grub_min(a, b, \ -+ CONCAT(_a_,__COUNTER__), \ -+ CONCAT(_b_,__COUNTER__)) -+ -+#define _grub_max(a, b, _a, _b) \ -+ ({ typeof (a) _a = (a); \ -+ typeof (b) _b = (b); \ -+ _a > _b ? _a : _b; }) -+#define grub_max(a, b) _grub_max(a, b, \ -+ CONCAT(_a_,__COUNTER__), \ -+ CONCAT(_b_,__COUNTER__)) - - #define grub_log2ull(n) (GRUB_TYPE_BITS (grub_uint64_t) - __builtin_clzll (n) - 1) - diff --git a/SPECS/grub2/fedora/0254-ReiserFS-switch-to-using-grub_min-grub_max.patch b/SPECS/grub2/fedora/0254-ReiserFS-switch-to-using-grub_min-grub_max.patch deleted file mode 100644 index 0707af3e58..0000000000 --- a/SPECS/grub2/fedora/0254-ReiserFS-switch-to-using-grub_min-grub_max.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 21 Apr 2022 16:31:17 -0400 -Subject: [PATCH] ReiserFS: switch to using grub_min()/grub_max() - -This is a minor cleanup patch to remove the bespoke MIN() and MAX() -definitions from the reiserfs driver, and uses grub_min() / grub_max() -instead. - -Signed-off-by: Peter Jones ---- - grub-core/fs/reiserfs.c | 28 +++++++++------------------- - 1 file changed, 9 insertions(+), 19 deletions(-) - -diff --git a/grub-core/fs/reiserfs.c b/grub-core/fs/reiserfs.c -index af6a226a7f..b8253da7fe 100644 ---- a/grub-core/fs/reiserfs.c -+++ b/grub-core/fs/reiserfs.c -@@ -42,16 +42,6 @@ - - GRUB_MOD_LICENSE ("GPLv3+"); - --#define MIN(a, b) \ -- ({ typeof (a) _a = (a); \ -- typeof (b) _b = (b); \ -- _a < _b ? _a : _b; }) -- --#define MAX(a, b) \ -- ({ typeof (a) _a = (a); \ -- typeof (b) _b = (b); \ -- _a > _b ? _a : _b; }) -- - #define REISERFS_SUPER_BLOCK_OFFSET 0x10000 - #define REISERFS_MAGIC_LEN 12 - #define REISERFS_MAGIC_STRING "ReIsEr" -@@ -1076,7 +1066,7 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, - grub_reiserfs_set_key_type (&key, GRUB_REISERFS_ANY, 2); - initial_position = off; - current_position = 0; -- final_position = MIN (len + initial_position, node->size); -+ final_position = grub_min (len + initial_position, node->size); - grub_dprintf ("reiserfs", - "Reading from %lld to %lld (%lld instead of requested %ld)\n", - (unsigned long long) initial_position, -@@ -1115,8 +1105,8 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, - grub_dprintf ("reiserfs_blocktype", "D: %u\n", (unsigned) block); - if (initial_position < current_position + item_size) - { -- offset = MAX ((signed) (initial_position - current_position), 0); -- length = (MIN (item_size, final_position - current_position) -+ offset = grub_max ((signed) (initial_position - current_position), 0); -+ length = (grub_min (item_size, final_position - current_position) - - offset); - grub_dprintf ("reiserfs", - "Reading direct block %u from %u to %u...\n", -@@ -1161,9 +1151,9 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, - grub_dprintf ("reiserfs_blocktype", "I: %u\n", (unsigned) block); - if (current_position + block_size >= initial_position) - { -- offset = MAX ((signed) (initial_position - current_position), -- 0); -- length = (MIN (block_size, final_position - current_position) -+ offset = grub_max ((signed) (initial_position - current_position), -+ 0); -+ length = (grub_min (block_size, final_position - current_position) - - offset); - grub_dprintf ("reiserfs", - "Reading indirect block %u from %u to %u...\n", -@@ -1205,7 +1195,7 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, - switch (found.type) - { - case GRUB_REISERFS_DIRECT: -- read_length = MIN (len, item_size - file->offset); -+ read_length = grub_min (len, item_size - file->offset); - grub_disk_read (found.data->disk, - (found.block_number * block_size) / GRUB_DISK_SECTOR_SIZE, - grub_le_to_cpu16 (found.header.item_location) + file->offset, -@@ -1224,12 +1214,12 @@ grub_reiserfs_read_real (struct grub_fshelp_node *node, - item_size, (char *) indirect_block_ptr); - if (grub_errno) - goto fail; -- len = MIN (len, file->size - file->offset); -+ len = grub_min (len, file->size - file->offset); - for (indirect_block = file->offset / block_size; - indirect_block < indirect_block_count && read_length < len; - indirect_block++) - { -- read = MIN (block_size, len - read_length); -+ read = grub_min (block_size, len - read_length); - grub_disk_read (found.data->disk, - (grub_le_to_cpu32 (indirect_block_ptr[indirect_block]) * block_size) / GRUB_DISK_SECTOR_SIZE, - file->offset % block_size, read, diff --git a/SPECS/grub2/fedora/0255-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch b/SPECS/grub2/fedora/0255-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch deleted file mode 100644 index a7ac6f2a40..0000000000 --- a/SPECS/grub2/fedora/0255-misc-make-grub_boot_time-also-call-grub_dprintf-boot.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 24 Mar 2022 14:40:01 -0400 -Subject: [PATCH] misc: make grub_boot_time() also call - grub_dprintf("boot",...) - -Currently grub_boot_time() includes valuable debugging messages, but if -you build without BOOT_TIME_STATS enabled, they are silently and -confusingly compiled away. - -This patch changes grub_boot_time() to also log when "boot" is enabled -in DEBUG, regardless of BOOT_TIME_STATS. - -Signed-off-by: Peter Jones ---- - grub-core/kern/misc.c | 3 ++- - include/grub/misc.h | 2 +- - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index a186ad3dd4..cb45461402 100644 ---- a/grub-core/kern/misc.c -+++ b/grub-core/kern/misc.c -@@ -1334,7 +1334,8 @@ grub_real_boot_time (const char *file, - n->next = 0; - - va_start (args, fmt); -- n->msg = grub_xvasprintf (fmt, args); -+ n->msg = grub_xvasprintf (fmt, args); -+ grub_dprintf ("boot", "%s\n", n->msg); - va_end (args); - - *boot_time_last = n; -diff --git a/include/grub/misc.h b/include/grub/misc.h -index cf84aec1db..faae0ae860 100644 ---- a/include/grub/misc.h -+++ b/include/grub/misc.h -@@ -503,7 +503,7 @@ void EXPORT_FUNC(grub_real_boot_time) (const char *file, - const char *fmt, ...) __attribute__ ((format (GNU_PRINTF, 3, 4))); - #define grub_boot_time(...) grub_real_boot_time(GRUB_FILE, __LINE__, __VA_ARGS__) - #else --#define grub_boot_time(...) -+#define grub_boot_time(fmt, ...) grub_dprintf("boot", fmt "\n", ##__VA_ARGS__) - #endif - - #define _grub_min(a, b, _a, _b) \ diff --git a/SPECS/grub2/fedora/0256-modules-make-.module_license-read-only.patch b/SPECS/grub2/fedora/0256-modules-make-.module_license-read-only.patch deleted file mode 100644 index ba3b31371a..0000000000 --- a/SPECS/grub2/fedora/0256-modules-make-.module_license-read-only.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 24 Feb 2022 16:32:51 -0500 -Subject: [PATCH] modules: make .module_license read-only - -Currently .module_license is set writable (that is, the section has the -SHF_WRITE flag set) in the module's ELF headers. This probably never -actually matters, but it can't possibly be correct. - -This patch sets that data as "const", which causes that flag not to be -set. - -Signed-off-by: Peter Jones ---- - include/grub/dl.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/include/grub/dl.h b/include/grub/dl.h -index 20d870f2a4..618ae6f474 100644 ---- a/include/grub/dl.h -+++ b/include/grub/dl.h -@@ -121,7 +121,7 @@ grub_mod_fini (void) - #define ATTRIBUTE_USED __unused__ - #endif - #define GRUB_MOD_LICENSE(license) \ -- static char grub_module_license[] __attribute__ ((section (GRUB_MOD_SECTION (module_license)), ATTRIBUTE_USED)) = "LICENSE=" license; -+ static const char grub_module_license[] __attribute__ ((section (GRUB_MOD_SECTION (module_license)), ATTRIBUTE_USED)) = "LICENSE=" license; - #define GRUB_MOD_DEP(name) \ - static const char grub_module_depend_##name[] \ - __attribute__((section(GRUB_MOD_SECTION(moddeps)), ATTRIBUTE_USED)) = #name diff --git a/SPECS/grub2/fedora/0257-modules-strip-.llvm_addrsig-sections-and-similar.patch b/SPECS/grub2/fedora/0257-modules-strip-.llvm_addrsig-sections-and-similar.patch deleted file mode 100644 index 9f26115d6f..0000000000 --- a/SPECS/grub2/fedora/0257-modules-strip-.llvm_addrsig-sections-and-similar.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 24 Feb 2022 16:40:11 -0500 -Subject: [PATCH] modules: strip .llvm_addrsig sections and similar. - -Currently grub modules built with clang or gcc have several sections -which we don't actually need or support. - -We already have a list of section to skip in genmod.sh, and this patch -adds the following sections to that list (as well as a few newlines): - -.note.gnu.property -.llvm* - -Note that the glob there won't work without a new enough linker, but the -failure is just reversion to the status quo, so that's not a big problem. - -Signed-off-by: Peter Jones ---- - grub-core/genmod.sh.in | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/grub-core/genmod.sh.in b/grub-core/genmod.sh.in -index 1250589b3f..c2c5280d75 100644 ---- a/grub-core/genmod.sh.in -+++ b/grub-core/genmod.sh.in -@@ -57,8 +57,11 @@ if test x@TARGET_APPLE_LINKER@ != x1; then - @TARGET_STRIP@ --strip-unneeded \ - -K grub_mod_init -K grub_mod_fini \ - -K _grub_mod_init -K _grub_mod_fini \ -- -R .note.gnu.gold-version -R .note.GNU-stack \ -+ -R .note.GNU-stack \ -+ -R .note.gnu.gold-version \ -+ -R .note.gnu.property \ - -R .gnu.build.attributes \ -+ -R '.llvm*' \ - -R .rel.gnu.build.attributes \ - -R .rela.gnu.build.attributes \ - -R .eh_frame -R .rela.eh_frame -R .rel.eh_frame \ diff --git a/SPECS/grub2/fedora/0258-modules-Don-t-allocate-space-for-non-allocable-secti.patch b/SPECS/grub2/fedora/0258-modules-Don-t-allocate-space-for-non-allocable-secti.patch deleted file mode 100644 index d07d8386c7..0000000000 --- a/SPECS/grub2/fedora/0258-modules-Don-t-allocate-space-for-non-allocable-secti.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 21 Mar 2022 16:56:10 -0400 -Subject: [PATCH] modules: Don't allocate space for non-allocable sections. - -Currently when loading grub modules, we allocate space for all sections, -including those without SHF_ALLOC set. We then copy the sections that -/do/ have SHF_ALLOC set into the allocated memory, leaving some of our -allocation untouched forever. Additionally, on platforms with GOT -fixups and trampolines, we currently compute alignment round-ups for the -sections and sections with sh_size = 0. - -This patch removes the extra space from the allocation computation, and -makes the allocation computation loop skip empty sections as the loading -loop does. - -Signed-off-by: Peter Jones ---- - grub-core/kern/dl.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index f304494574..aef8af8aa7 100644 ---- a/grub-core/kern/dl.c -+++ b/grub-core/kern/dl.c -@@ -289,6 +289,9 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) - i < e->e_shnum; - i++, s = (const Elf_Shdr *)((const char *) s + e->e_shentsize)) - { -+ if (s->sh_size == 0 || !(s->sh_flags & SHF_ALLOC)) -+ continue; -+ - tsize = ALIGN_UP (tsize, s->sh_addralign) + s->sh_size; - if (talign < s->sh_addralign) - talign = s->sh_addralign; diff --git a/SPECS/grub2/fedora/0259-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch b/SPECS/grub2/fedora/0259-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch deleted file mode 100644 index ef51214fef..0000000000 --- a/SPECS/grub2/fedora/0259-pe-add-the-DOS-header-struct-and-fix-some-bad-naming.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 25 Mar 2022 15:40:12 -0400 -Subject: [PATCH] pe: add the DOS header struct and fix some bad naming. - -In order to properly validate a loaded kernel's support for being loaded -without a writable stack or executable, we need to be able to properly -parse arbitrary PE headers. - -Currently, pe32.h is written in such a way that the MS-DOS header that -tells us where to find the PE header in the binary can't be accessed. -Further, for some reason it calls the DOS MZ magic "GRUB_PE32_MAGIC". - -This patch adds the structure for the DOS header, renames the DOS magic -define, and adds defines for the actual PE magic. - -Signed-off-by: Peter Jones ---- - grub-core/loader/arm64/linux.c | 2 +- - include/grub/efi/pe32.h | 28 ++++++++++++++++++++++++++-- - 2 files changed, 27 insertions(+), 3 deletions(-) - -diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index d2af47c2c0..cc67f43906 100644 ---- a/grub-core/loader/arm64/linux.c -+++ b/grub-core/loader/arm64/linux.c -@@ -58,7 +58,7 @@ grub_arch_efi_linux_check_image (struct linux_arch_kernel_header * lh) - if (lh->magic != GRUB_LINUX_ARMXX_MAGIC_SIGNATURE) - return grub_error(GRUB_ERR_BAD_OS, "invalid magic number"); - -- if ((lh->code0 & 0xffff) != GRUB_PE32_MAGIC) -+ if ((lh->code0 & 0xffff) != GRUB_DOS_MAGIC) - return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, - N_("plain image kernel not supported - rebuild with CONFIG_(U)EFI_STUB enabled")); - -diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h -index a43adf2746..2a5e1ee003 100644 ---- a/include/grub/efi/pe32.h -+++ b/include/grub/efi/pe32.h -@@ -46,7 +46,30 @@ - - #define GRUB_PE32_MSDOS_STUB_SIZE 0x80 - --#define GRUB_PE32_MAGIC 0x5a4d -+#define GRUB_DOS_MAGIC 0x5a4d -+ -+struct grub_dos_header -+{ -+ grub_uint16_t magic; -+ grub_uint16_t cblp; -+ grub_uint16_t cp; -+ grub_uint16_t crlc; -+ grub_uint16_t cparhdr; -+ grub_uint16_t minalloc; -+ grub_uint16_t maxalloc; -+ grub_uint16_t ss; -+ grub_uint16_t sp; -+ grub_uint16_t csum; -+ grub_uint16_t ip; -+ grub_uint16_t cs; -+ grub_uint16_t lfarlc; -+ grub_uint16_t ovno; -+ grub_uint16_t res0[4]; -+ grub_uint16_t oemid; -+ grub_uint16_t oeminfo; -+ grub_uint16_t res1[10]; -+ grub_uint32_t lfanew; -+}; - - /* According to the spec, the minimal alignment is 512 bytes... - But some examples (such as EFI drivers in the Intel -@@ -280,7 +303,8 @@ struct grub_pe32_section_table - - - --#define GRUB_PE32_SIGNATURE_SIZE 4 -+#define GRUB_PE32_SIGNATURE_SIZE 4 -+#define GRUB_PE32_SIGNATURE "PE\0\0" - - struct grub_pe32_header - { diff --git a/SPECS/grub2/fedora/0260-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch b/SPECS/grub2/fedora/0260-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch deleted file mode 100644 index c6688cd12a..0000000000 --- a/SPECS/grub2/fedora/0260-EFI-allocate-kernel-in-EFI_RUNTIME_SERVICES_CODE-ins.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 9 Feb 2022 16:08:20 -0500 -Subject: [PATCH] EFI: allocate kernel in EFI_RUNTIME_SERVICES_CODE instead of - EFI_LOADER_DATA. - -On some of the firmwares with more security mitigations, EFI_LOADER_DATA -doesn't get you executable memory, and we take a fault and reboot when -we enter kernel. - -This patch correctly allocates the kernel code as EFI_RUNTIME_SERVICES_CODE -rather than EFI_LOADER_DATA. - -Signed-off-by: Peter Jones -[rharwood: use kernel_size] -Signed-off-by: Robbie Harwood ---- - grub-core/loader/i386/efi/linux.c | 19 +++++++++++++------ - 1 file changed, 13 insertions(+), 6 deletions(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 9e5c11ac69..92b2fb5091 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -86,7 +86,9 @@ kernel_free(void *addr, grub_efi_uintn_t size) - } - - static void * --kernel_alloc(grub_efi_uintn_t size, const char * const errmsg) -+kernel_alloc(grub_efi_uintn_t size, -+ grub_efi_memory_type_t memtype, -+ const char * const errmsg) - { - void *addr = 0; - unsigned int i; -@@ -112,7 +114,7 @@ kernel_alloc(grub_efi_uintn_t size, const char * const errmsg) - prev_max = max; - addr = grub_efi_allocate_pages_real (max, pages, - max_addresses[i].alloc_type, -- GRUB_EFI_LOADER_DATA); -+ memtype); - if (addr) - grub_dprintf ("linux", "Allocated at %p\n", addr); - } -@@ -242,7 +244,8 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) - } - } - -- initrd_mem = kernel_alloc(size, N_("can't allocate initrd")); -+ initrd_mem = kernel_alloc(size, GRUB_EFI_RUNTIME_SERVICES_DATA, -+ N_("can't allocate initrd")); - if (initrd_mem == NULL) - goto fail; - grub_dprintf ("linux", "initrd_mem = %p\n", initrd_mem); -@@ -393,7 +396,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - } - #endif - -- params = kernel_alloc (sizeof(*params), "cannot allocate kernel parameters"); -+ params = kernel_alloc (sizeof(*params), GRUB_EFI_RUNTIME_SERVICES_DATA, -+ "cannot allocate kernel parameters"); - if (!params) - goto fail; - grub_dprintf ("linux", "params = %p\n", params); -@@ -415,7 +419,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_dprintf ("linux", "new lh is at %p\n", lh); - - grub_dprintf ("linux", "setting up cmdline\n"); -- cmdline = kernel_alloc (lh->cmdline_size + 1, N_("can't allocate cmdline")); -+ cmdline = kernel_alloc (lh->cmdline_size + 1, -+ GRUB_EFI_RUNTIME_SERVICES_DATA, -+ N_("can't allocate cmdline")); - if (!cmdline) - goto fail; - grub_dprintf ("linux", "cmdline = %p\n", cmdline); -@@ -461,7 +467,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - max_addresses[1].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; - max_addresses[2].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; - kernel_size = lh->init_size; -- kernel_mem = kernel_alloc (kernel_size, N_("can't allocate kernel")); -+ kernel_mem = kernel_alloc (kernel_size, GRUB_EFI_RUNTIME_SERVICES_CODE, -+ N_("can't allocate kernel")); - restore_addresses(); - if (!kernel_mem) - goto fail; diff --git a/SPECS/grub2/fedora/0261-modules-load-module-sections-at-page-aligned-address.patch b/SPECS/grub2/fedora/0261-modules-load-module-sections-at-page-aligned-address.patch deleted file mode 100644 index 9a5048ce90..0000000000 --- a/SPECS/grub2/fedora/0261-modules-load-module-sections-at-page-aligned-address.patch +++ /dev/null @@ -1,378 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 21 Mar 2022 17:45:40 -0400 -Subject: [PATCH] modules: load module sections at page-aligned addresses - -Currently we load module sections at whatever alignment gcc+ld happened -to dump into the ELF section header, which is often pretty useless. For -example, by default time.mod has these sections on a current x86_64 -build: - -$ eu-readelf -a grub-core/time.mod |& grep ^Section -A13 -Section Headers: -[Nr] Name Type Addr Off Size ES Flags Lk Inf Al -[ 0] NULL 0 00000000 00000000 0 0 0 0 -[ 1] .text PROGBITS 0 00000040 0000015e 0 AX 0 0 1 -[ 2] .rela.text RELA 0 00000458 000001e0 24 I 8 1 8 -[ 3] .rodata.str1.1 PROGBITS 0 0000019e 000000a1 1 AMS 0 0 1 -[ 4] .module_license PROGBITS 0 00000240 0000000f 0 A 0 0 8 -[ 5] .data PROGBITS 0 0000024f 00000000 0 WA 0 0 1 -[ 6] .bss NOBITS 0 00000250 00000008 0 WA 0 0 8 -[ 7] .modname PROGBITS 0 00000250 00000005 0 0 0 1 -[ 8] .symtab SYMTAB 0 00000258 00000150 24 9 6 8 -[ 9] .strtab STRTAB 0 000003a8 000000ab 0 0 0 1 -[10] .shstrtab STRTAB 0 00000638 00000059 0 0 0 1 - -With NX protections being page based, loading sections with either a 1 -or 8 *byte* alignment does absolutely nothing to help us out. - -This patch switches most EFI platforms to load module sections at 4kB -page-aligned addresses. To do so, it adds an new per-arch function, -grub_arch_dl_min_alignment(), which returns the alignment needed for -dynamically loaded sections (in bytes). Currently it sets it to 4096 -when GRUB_MACHINE_EFI is true on x86_64, i386, arm, arm64, and emu, and -1-byte alignment on everything else. - -It then changes the allocation size computation and the loader code in -grub_dl_load_segments() to align the locations and sizes up to these -boundaries, and fills any added padding with zeros. - -All of this happens before relocations are applied, so the relocations -factor that in with no change. - -As an aside, initially Daniel Kiper and I thought that it might be a -better idea to split the modules up into top-level sections as -.text.modules, .rodata.modules, .data.modules, etc., so that their page -permissions would get set by the loader that's loading grub itself. -This turns out to have two significant downsides: 1) either in mkimage -or in grub_dl_relocate_symbols(), you wind up having to dynamically -process the relocations to accommodate the moved module sections, and 2) -you then need to change the permissions on the modules and change them -back while relocating them in grub_dl_relocate_symbols(), which means -that any loader that /does/ honor the section flags but does /not/ -generally support NX with the memory attributes API will cause grub to -fail. - -Signed-off-by: Peter Jones ---- - grub-core/kern/arm/dl.c | 13 +++++++++++++ - grub-core/kern/arm64/dl.c | 13 +++++++++++++ - grub-core/kern/dl.c | 29 +++++++++++++++++++++-------- - grub-core/kern/emu/full.c | 13 +++++++++++++ - grub-core/kern/i386/dl.c | 13 +++++++++++++ - grub-core/kern/ia64/dl.c | 9 +++++++++ - grub-core/kern/mips/dl.c | 8 ++++++++ - grub-core/kern/powerpc/dl.c | 9 +++++++++ - grub-core/kern/riscv/dl.c | 13 +++++++++++++ - grub-core/kern/sparc64/dl.c | 9 +++++++++ - grub-core/kern/x86_64/dl.c | 13 +++++++++++++ - include/grub/dl.h | 2 ++ - docs/grub-dev.texi | 6 +++--- - 13 files changed, 139 insertions(+), 11 deletions(-) - -diff --git a/grub-core/kern/arm/dl.c b/grub-core/kern/arm/dl.c -index eab9d17ff2..9260737936 100644 ---- a/grub-core/kern/arm/dl.c -+++ b/grub-core/kern/arm/dl.c -@@ -278,3 +278,16 @@ grub_arch_dl_check_header (void *ehdr) - - return GRUB_ERR_NONE; - } -+ -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+#ifdef GRUB_MACHINE_EFI -+ return 4096; -+#else -+ return 1; -+#endif -+} -diff --git a/grub-core/kern/arm64/dl.c b/grub-core/kern/arm64/dl.c -index 512e5a80b0..0d4a26857f 100644 ---- a/grub-core/kern/arm64/dl.c -+++ b/grub-core/kern/arm64/dl.c -@@ -196,3 +196,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - - return GRUB_ERR_NONE; - } -+ -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+#ifdef GRUB_MACHINE_EFI -+ return 4096; -+#else -+ return 1; -+#endif -+} -diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index aef8af8aa7..8c7aacef39 100644 ---- a/grub-core/kern/dl.c -+++ b/grub-core/kern/dl.c -@@ -277,7 +277,7 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) - { - unsigned i; - const Elf_Shdr *s; -- grub_size_t tsize = 0, talign = 1; -+ grub_size_t tsize = 0, talign = 1, arch_addralign = 1; - #if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) - grub_size_t tramp; - grub_size_t got; -@@ -285,16 +285,24 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) - #endif - char *ptr; - -+ arch_addralign = grub_arch_dl_min_alignment (); -+ - for (i = 0, s = (const Elf_Shdr *)((const char *) e + e->e_shoff); - i < e->e_shnum; - i++, s = (const Elf_Shdr *)((const char *) s + e->e_shentsize)) - { -+ grub_size_t sh_addralign; -+ grub_size_t sh_size; -+ - if (s->sh_size == 0 || !(s->sh_flags & SHF_ALLOC)) - continue; - -- tsize = ALIGN_UP (tsize, s->sh_addralign) + s->sh_size; -- if (talign < s->sh_addralign) -- talign = s->sh_addralign; -+ sh_addralign = ALIGN_UP(s->sh_addralign, arch_addralign); -+ sh_size = ALIGN_UP(s->sh_size, sh_addralign); -+ -+ tsize = ALIGN_UP (tsize, sh_addralign) + sh_size; -+ if (talign < sh_addralign) -+ talign = sh_addralign; - } - - #if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) -@@ -323,6 +331,9 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) - i < e->e_shnum; - i++, s = (Elf_Shdr *)((char *) s + e->e_shentsize)) - { -+ grub_size_t sh_addralign = ALIGN_UP(s->sh_addralign, arch_addralign); -+ grub_size_t sh_size = ALIGN_UP(s->sh_size, sh_addralign); -+ - if (s->sh_flags & SHF_ALLOC) - { - grub_dl_segment_t seg; -@@ -335,17 +346,19 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) - { - void *addr; - -- ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, s->sh_addralign); -+ ptr = (char *) ALIGN_UP ((grub_addr_t) ptr, sh_addralign); - addr = ptr; -- ptr += s->sh_size; -+ ptr += sh_size; - - switch (s->sh_type) - { - case SHT_PROGBITS: - grub_memcpy (addr, (char *) e + s->sh_offset, s->sh_size); -+ grub_memset ((char *)addr + s->sh_size, 0, -+ sh_size - s->sh_size); - break; - case SHT_NOBITS: -- grub_memset (addr, 0, s->sh_size); -+ grub_memset (addr, 0, sh_size); - break; - } - -@@ -354,7 +367,7 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) - else - seg->addr = 0; - -- seg->size = s->sh_size; -+ seg->size = sh_size; - seg->section = i; - seg->next = mod->segment; - mod->segment = seg; -diff --git a/grub-core/kern/emu/full.c b/grub-core/kern/emu/full.c -index e8d63b1f5f..1de1c28eb0 100644 ---- a/grub-core/kern/emu/full.c -+++ b/grub-core/kern/emu/full.c -@@ -67,3 +67,16 @@ grub_arch_dl_init_linker (void) - } - #endif - -+ -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+#ifdef GRUB_MACHINE_EFI -+ return 4096; -+#else -+ return 1; -+#endif -+} -diff --git a/grub-core/kern/i386/dl.c b/grub-core/kern/i386/dl.c -index 1346da5cc9..d6b4681fc9 100644 ---- a/grub-core/kern/i386/dl.c -+++ b/grub-core/kern/i386/dl.c -@@ -79,3 +79,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - - return GRUB_ERR_NONE; - } -+ -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+#ifdef GRUB_MACHINE_EFI -+ return 4096; -+#else -+ return 1; -+#endif -+} -diff --git a/grub-core/kern/ia64/dl.c b/grub-core/kern/ia64/dl.c -index db59300fea..92d82c5750 100644 ---- a/grub-core/kern/ia64/dl.c -+++ b/grub-core/kern/ia64/dl.c -@@ -148,3 +148,12 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - } - return GRUB_ERR_NONE; - } -+ -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+ return 1; -+} -diff --git a/grub-core/kern/mips/dl.c b/grub-core/kern/mips/dl.c -index 5d7d299c74..6d83bd71e9 100644 ---- a/grub-core/kern/mips/dl.c -+++ b/grub-core/kern/mips/dl.c -@@ -272,3 +272,11 @@ grub_arch_dl_init_linker (void) - grub_dl_register_symbol ("_gp_disp", &_gp_disp_dummy, 0, 0); - } - -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+ return 1; -+} -diff --git a/grub-core/kern/powerpc/dl.c b/grub-core/kern/powerpc/dl.c -index cdd61b305f..5d9ba2e158 100644 ---- a/grub-core/kern/powerpc/dl.c -+++ b/grub-core/kern/powerpc/dl.c -@@ -167,3 +167,12 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - - return GRUB_ERR_NONE; - } -+ -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+ return 1; -+} -diff --git a/grub-core/kern/riscv/dl.c b/grub-core/kern/riscv/dl.c -index f26b12aaa4..aa18f9e990 100644 ---- a/grub-core/kern/riscv/dl.c -+++ b/grub-core/kern/riscv/dl.c -@@ -343,3 +343,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - - return GRUB_ERR_NONE; - } -+ -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+#ifdef GRUB_MACHINE_EFI -+ return 4096; -+#else -+ return 1; -+#endif -+} -diff --git a/grub-core/kern/sparc64/dl.c b/grub-core/kern/sparc64/dl.c -index f3d960186b..f054f08241 100644 ---- a/grub-core/kern/sparc64/dl.c -+++ b/grub-core/kern/sparc64/dl.c -@@ -189,3 +189,12 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - - return GRUB_ERR_NONE; - } -+ -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+ return 1; -+} -diff --git a/grub-core/kern/x86_64/dl.c b/grub-core/kern/x86_64/dl.c -index e5a8bdcf4f..a105dc50ce 100644 ---- a/grub-core/kern/x86_64/dl.c -+++ b/grub-core/kern/x86_64/dl.c -@@ -119,3 +119,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - - return GRUB_ERR_NONE; - } -+ -+/* -+ * Tell the loader what our minimum section alignment is. -+ */ -+grub_size_t -+grub_arch_dl_min_alignment (void) -+{ -+#ifdef GRUB_MACHINE_EFI -+ return 4096; -+#else -+ return 1; -+#endif -+} -diff --git a/include/grub/dl.h b/include/grub/dl.h -index 618ae6f474..f36ed5cb17 100644 ---- a/include/grub/dl.h -+++ b/include/grub/dl.h -@@ -280,6 +280,8 @@ grub_err_t grub_arch_dl_check_header (void *ehdr); - grub_err_t - grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - Elf_Shdr *s, grub_dl_segment_t seg); -+grub_size_t -+grub_arch_dl_min_alignment (void); - #endif - - #if defined (_mips) -diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi -index 90083772c8..c23ba313dc 100644 ---- a/docs/grub-dev.texi -+++ b/docs/grub-dev.texi -@@ -755,9 +755,9 @@ declare startup asm file ($cpu_$platform_startup) as well as any other files - (e.g. init.c and callwrap.S) (e.g. $cpu_$platform = kern/$cpu/$platform/init.c). - At this stage you will also need to add dummy dl.c and cache.S with functions - grub_err_t grub_arch_dl_check_header (void *ehdr), grub_err_t --grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr) (dl.c) and --void grub_arch_sync_caches (void *address, grub_size_t len) (cache.S). They --won't be used for now. -+grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr) (dl.c), grub_uint32_t -+grub_arch_dl_min_alignment (void), and void grub_arch_sync_caches (void -+*address, grub_size_t len) (cache.S). They won't be used for now. - - You will need to create directory include/$cpu/$platform and a file - include/$cpu/types.h. The later folowing this template: diff --git a/SPECS/grub2/fedora/0262-nx-add-memory-attribute-get-set-API.patch b/SPECS/grub2/fedora/0262-nx-add-memory-attribute-get-set-API.patch deleted file mode 100644 index 91c9d2f528..0000000000 --- a/SPECS/grub2/fedora/0262-nx-add-memory-attribute-get-set-API.patch +++ /dev/null @@ -1,317 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 22 Mar 2022 10:56:21 -0400 -Subject: [PATCH] nx: add memory attribute get/set API - -For NX, we need to set the page access permission attributes for write -and execute permissions. - -This patch adds two new primitives, grub_set_mem_attrs() and -grub_clear_mem_attrs(), and associated constant definitions, to be used -for that purpose. - -For most platforms, it adds a dummy implementation that returns -GRUB_ERR_NONE. On EFI platforms, it adds a common helper function, -grub_efi_status_to_err(), which translates EFI error codes to grub error -codes, adds headers for the EFI Memory Attribute Protocol (still pending -standardization), and an implementation of the grub nx primitives using -it. - -Signed-off-by: Peter Jones -[rharwood: add pjones's none/nyi fixup] -Signed-off-by: Robbie Harwood ---- - grub-core/kern/efi/efi.c | 36 +++++++++++++ - grub-core/kern/efi/mm.c | 131 +++++++++++++++++++++++++++++++++++++++++++++++ - include/grub/efi/api.h | 25 +++++++++ - include/grub/efi/efi.h | 2 + - include/grub/mm.h | 32 ++++++++++++ - 5 files changed, 226 insertions(+) - -diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 7fcca69c17..4ac2b2754e 100644 ---- a/grub-core/kern/efi/efi.c -+++ b/grub-core/kern/efi/efi.c -@@ -1096,3 +1096,39 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1, - - return 0; - } -+ -+grub_err_t -+grub_efi_status_to_err (grub_efi_status_t status) -+{ -+ grub_err_t err; -+ switch (status) -+ { -+ case GRUB_EFI_SUCCESS: -+ err = GRUB_ERR_NONE; -+ break; -+ case GRUB_EFI_INVALID_PARAMETER: -+ default: -+ err = GRUB_ERR_BAD_ARGUMENT; -+ break; -+ case GRUB_EFI_OUT_OF_RESOURCES: -+ err = GRUB_ERR_OUT_OF_MEMORY; -+ break; -+ case GRUB_EFI_DEVICE_ERROR: -+ err = GRUB_ERR_IO; -+ break; -+ case GRUB_EFI_WRITE_PROTECTED: -+ err = GRUB_ERR_WRITE_ERROR; -+ break; -+ case GRUB_EFI_SECURITY_VIOLATION: -+ err = GRUB_ERR_ACCESS_DENIED; -+ break; -+ case GRUB_EFI_NOT_FOUND: -+ err = GRUB_ERR_FILE_NOT_FOUND; -+ break; -+ case GRUB_EFI_ABORTED: -+ err = GRUB_ERR_WAIT; -+ break; -+ } -+ -+ return err; -+} -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index e84961d078..2c33758ed7 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -738,3 +738,134 @@ grub_efi_get_ram_base(grub_addr_t *base_addr) - return GRUB_ERR_NONE; - } - #endif -+ -+static inline grub_uint64_t -+grub_mem_attrs_to_uefi_mem_attrs (grub_uint64_t attrs) -+{ -+ grub_uint64_t ret = GRUB_EFI_MEMORY_RP | -+ GRUB_EFI_MEMORY_RO | -+ GRUB_EFI_MEMORY_XP; -+ -+ if (attrs & GRUB_MEM_ATTR_R) -+ ret &= ~GRUB_EFI_MEMORY_RP; -+ -+ if (attrs & GRUB_MEM_ATTR_W) -+ ret &= ~GRUB_EFI_MEMORY_RO; -+ -+ if (attrs & GRUB_MEM_ATTR_X) -+ ret &= ~GRUB_EFI_MEMORY_XP; -+ -+ return ret; -+} -+ -+static inline grub_uint64_t -+uefi_mem_attrs_to_grub_mem_attrs (grub_uint64_t attrs) -+{ -+ grub_uint64_t ret = GRUB_MEM_ATTR_R | -+ GRUB_MEM_ATTR_W | -+ GRUB_MEM_ATTR_X; -+ -+ if (attrs & GRUB_EFI_MEMORY_RP) -+ ret &= ~GRUB_MEM_ATTR_R; -+ -+ if (attrs & GRUB_EFI_MEMORY_RO) -+ ret &= ~GRUB_MEM_ATTR_W; -+ -+ if (attrs & GRUB_EFI_MEMORY_XP) -+ ret &= ~GRUB_MEM_ATTR_X; -+ -+ return ret; -+} -+ -+grub_err_t -+grub_get_mem_attrs (grub_addr_t addr, grub_size_t size, grub_uint64_t *attrs) -+{ -+ grub_efi_memory_attribute_protocol_t *proto; -+ grub_efi_physical_address_t physaddr = addr; -+ grub_efi_guid_t protocol_guid = GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; -+ grub_efi_status_t efi_status; -+ -+ proto = grub_efi_locate_protocol (&protocol_guid, 0); -+ if (!proto) -+ return GRUB_ERR_NOT_IMPLEMENTED_YET; -+ -+ if (physaddr & 0xfff || size & 0xfff || size == 0 || attrs == NULL) -+ { -+ grub_dprintf ("nx", "%s called on 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" and attrs %p\n", -+ __func__, physaddr, physaddr+size-1, attrs); -+ return 0; -+ } -+ -+ efi_status = efi_call_4(proto->get_memory_attributes, -+ proto, physaddr, size, attrs); -+ *attrs = uefi_mem_attrs_to_grub_mem_attrs (*attrs); -+ -+ return grub_efi_status_to_err (efi_status); -+} -+ -+grub_err_t -+grub_update_mem_attrs (grub_addr_t addr, grub_size_t size, -+ grub_uint64_t set_attrs, grub_uint64_t clear_attrs) -+{ -+ grub_efi_memory_attribute_protocol_t *proto; -+ grub_efi_physical_address_t physaddr = addr; -+ grub_efi_guid_t protocol_guid = GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; -+ grub_efi_status_t efi_status = GRUB_EFI_SUCCESS; -+ grub_uint64_t before = 0, after = 0, uefi_set_attrs, uefi_clear_attrs; -+ grub_err_t err; -+ -+ proto = grub_efi_locate_protocol (&protocol_guid, 0); -+ if (!proto) -+ return GRUB_ERR_NONE; -+ -+ err = grub_get_mem_attrs (addr, size, &before); -+ if (err) -+ grub_dprintf ("nx", "grub_get_mem_attrs(0x%"PRIxGRUB_ADDR", %"PRIuGRUB_SIZE", %p) -> 0x%x\n", -+ addr, size, &before, err); -+ -+ if (physaddr & 0xfff || size & 0xfff || size == 0) -+ { -+ grub_dprintf ("nx", "%s called on 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" +%s%s%s -%s%s%s\n", -+ __func__, physaddr, physaddr + size - 1, -+ (set_attrs & GRUB_MEM_ATTR_R) ? "r" : "", -+ (set_attrs & GRUB_MEM_ATTR_W) ? "w" : "", -+ (set_attrs & GRUB_MEM_ATTR_X) ? "x" : "", -+ (clear_attrs & GRUB_MEM_ATTR_R) ? "r" : "", -+ (clear_attrs & GRUB_MEM_ATTR_W) ? "w" : "", -+ (clear_attrs & GRUB_MEM_ATTR_X) ? "x" : ""); -+ return 0; -+ } -+ -+ uefi_set_attrs = grub_mem_attrs_to_uefi_mem_attrs (set_attrs); -+ grub_dprintf ("nx", "translating set_attrs from 0x%lx to 0x%lx\n", set_attrs, uefi_set_attrs); -+ uefi_clear_attrs = grub_mem_attrs_to_uefi_mem_attrs (clear_attrs); -+ grub_dprintf ("nx", "translating clear_attrs from 0x%lx to 0x%lx\n", clear_attrs, uefi_clear_attrs); -+ if (uefi_set_attrs) -+ efi_status = efi_call_4(proto->set_memory_attributes, -+ proto, physaddr, size, uefi_set_attrs); -+ if (efi_status == GRUB_EFI_SUCCESS && uefi_clear_attrs) -+ efi_status = efi_call_4(proto->clear_memory_attributes, -+ proto, physaddr, size, uefi_clear_attrs); -+ -+ err = grub_get_mem_attrs (addr, size, &after); -+ if (err) -+ grub_dprintf ("nx", "grub_get_mem_attrs(0x%"PRIxGRUB_ADDR", %"PRIuGRUB_SIZE", %p) -> 0x%x\n", -+ addr, size, &after, err); -+ -+ grub_dprintf ("nx", "set +%s%s%s -%s%s%s on 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" before:%c%c%c after:%c%c%c\n", -+ (set_attrs & GRUB_MEM_ATTR_R) ? "r" : "", -+ (set_attrs & GRUB_MEM_ATTR_W) ? "w" : "", -+ (set_attrs & GRUB_MEM_ATTR_X) ? "x" : "", -+ (clear_attrs & GRUB_MEM_ATTR_R) ? "r" : "", -+ (clear_attrs & GRUB_MEM_ATTR_W) ? "w" : "", -+ (clear_attrs & GRUB_MEM_ATTR_X) ? "x" : "", -+ addr, addr + size - 1, -+ (before & GRUB_MEM_ATTR_R) ? 'r' : '-', -+ (before & GRUB_MEM_ATTR_W) ? 'w' : '-', -+ (before & GRUB_MEM_ATTR_X) ? 'x' : '-', -+ (after & GRUB_MEM_ATTR_R) ? 'r' : '-', -+ (after & GRUB_MEM_ATTR_W) ? 'w' : '-', -+ (after & GRUB_MEM_ATTR_X) ? 'x' : '-'); -+ -+ return grub_efi_status_to_err (efi_status); -+} -diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index f431f49973..464842ba37 100644 ---- a/include/grub/efi/api.h -+++ b/include/grub/efi/api.h -@@ -363,6 +363,11 @@ - { 0x89, 0x29, 0x48, 0xbc, 0xd9, 0x0a, 0xd3, 0x1a } \ - } - -+#define GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID \ -+ { 0xf4560cf6, 0x40ec, 0x4b4a, \ -+ { 0xa1, 0x92, 0xbf, 0x1d, 0x57, 0xd0, 0xb1, 0x89 } \ -+ } -+ - struct grub_efi_sal_system_table - { - grub_uint32_t signature; -@@ -2102,6 +2107,26 @@ struct grub_efi_ip6_config_manual_address { - }; - typedef struct grub_efi_ip6_config_manual_address grub_efi_ip6_config_manual_address_t; - -+struct grub_efi_memory_attribute_protocol -+{ -+ grub_efi_status_t (*get_memory_attributes) ( -+ struct grub_efi_memory_attribute_protocol *this, -+ grub_efi_physical_address_t base_address, -+ grub_efi_uint64_t length, -+ grub_efi_uint64_t *attributes); -+ grub_efi_status_t (*set_memory_attributes) ( -+ struct grub_efi_memory_attribute_protocol *this, -+ grub_efi_physical_address_t base_address, -+ grub_efi_uint64_t length, -+ grub_efi_uint64_t attributes); -+ grub_efi_status_t (*clear_memory_attributes) ( -+ struct grub_efi_memory_attribute_protocol *this, -+ grub_efi_physical_address_t base_address, -+ grub_efi_uint64_t length, -+ grub_efi_uint64_t attributes); -+}; -+typedef struct grub_efi_memory_attribute_protocol grub_efi_memory_attribute_protocol_t; -+ - #if (GRUB_TARGET_SIZEOF_VOID_P == 4) || defined (__ia64__) \ - || defined (__aarch64__) || defined (__MINGW64__) || defined (__CYGWIN__) \ - || defined(__riscv) -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index ec52083c49..34825c4adc 100644 ---- a/include/grub/efi/efi.h -+++ b/include/grub/efi/efi.h -@@ -164,4 +164,6 @@ struct grub_net_card; - grub_efi_handle_t - grub_efinet_get_device_handle (struct grub_net_card *card); - -+grub_err_t EXPORT_FUNC(grub_efi_status_to_err) (grub_efi_status_t status); -+ - #endif /* ! GRUB_EFI_EFI_HEADER */ -diff --git a/include/grub/mm.h b/include/grub/mm.h -index 9c38dd3ca5..d81623d226 100644 ---- a/include/grub/mm.h -+++ b/include/grub/mm.h -@@ -22,6 +22,7 @@ - - #include - #include -+#include - #include - - #ifndef NULL -@@ -38,6 +39,37 @@ void *EXPORT_FUNC(grub_realloc) (void *ptr, grub_size_t size); - void *EXPORT_FUNC(grub_memalign) (grub_size_t align, grub_size_t size); - #endif - -+#define GRUB_MEM_ATTR_R 0x0000000000000004LLU -+#define GRUB_MEM_ATTR_W 0x0000000000000002LLU -+#define GRUB_MEM_ATTR_X 0x0000000000000001LLU -+ -+#ifdef GRUB_MACHINE_EFI -+grub_err_t EXPORT_FUNC(grub_get_mem_attrs) (grub_addr_t addr, -+ grub_size_t size, -+ grub_uint64_t *attrs); -+grub_err_t EXPORT_FUNC(grub_update_mem_attrs) (grub_addr_t addr, -+ grub_size_t size, -+ grub_uint64_t set_attrs, -+ grub_uint64_t clear_attrs); -+#else /* !GRUB_MACHINE_EFI */ -+static inline grub_err_t -+grub_get_mem_attrs (grub_addr_t addr __attribute__((__unused__)), -+ grub_size_t size __attribute__((__unused__)), -+ grub_uint64_t *attrs __attribute__((__unused__))) -+{ -+ return GRUB_ERR_NONE; -+} -+ -+static inline grub_err_t -+grub_update_mem_attrs (grub_addr_t addr __attribute__((__unused__)), -+ grub_size_t size __attribute__((__unused__)), -+ grub_uint64_t set_attrs __attribute__((__unused__)), -+ grub_uint64_t clear_attrs __attribute__((__unused__))) -+{ -+ return GRUB_ERR_NONE; -+} -+#endif /* GRUB_MACHINE_EFI */ -+ - void grub_mm_check_real (const char *file, int line); - #define grub_mm_check() grub_mm_check_real (GRUB_FILE, __LINE__); - diff --git a/SPECS/grub2/fedora/0263-nx-set-page-permissions-for-loaded-modules.patch b/SPECS/grub2/fedora/0263-nx-set-page-permissions-for-loaded-modules.patch deleted file mode 100644 index 9e0aebbcbc..0000000000 --- a/SPECS/grub2/fedora/0263-nx-set-page-permissions-for-loaded-modules.patch +++ /dev/null @@ -1,263 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 21 Mar 2022 17:46:35 -0400 -Subject: [PATCH] nx: set page permissions for loaded modules. - -For NX, we need to set write and executable permissions on the sections -of grub modules when we load them. - -On sections with SHF_ALLOC set, which is typically everything except -.modname and the symbol and string tables, this patch clears the Read -Only flag on sections that have the ELF flag SHF_WRITE set, and clears -the No eXecute flag on sections with SHF_EXECINSTR set. In all other -cases it sets both flags. - -Signed-off-by: Peter Jones -[rharwood: arm tgptr -> tgaddr] -Signed-off-by: Robbie Harwood ---- - grub-core/kern/dl.c | 120 +++++++++++++++++++++++++++++++++++++++------------- - include/grub/dl.h | 44 +++++++++++++++++++ - 2 files changed, 134 insertions(+), 30 deletions(-) - -diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 8c7aacef39..d5de80186f 100644 ---- a/grub-core/kern/dl.c -+++ b/grub-core/kern/dl.c -@@ -285,6 +285,8 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) - #endif - char *ptr; - -+ grub_dprintf ("modules", "loading segments for \"%s\"\n", mod->name); -+ - arch_addralign = grub_arch_dl_min_alignment (); - - for (i = 0, s = (const Elf_Shdr *)((const char *) e + e->e_shoff); -@@ -384,6 +386,7 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e) - ptr += got; - #endif - -+ grub_dprintf ("modules", "done loading segments for \"%s\"\n", mod->name); - return GRUB_ERR_NONE; - } - -@@ -517,23 +520,6 @@ grub_dl_find_section (Elf_Ehdr *e, const char *name) - return s; - return NULL; - } --static long --grub_dl_find_section_index (Elf_Ehdr *e, const char *name) --{ -- Elf_Shdr *s; -- const char *str; -- unsigned i; -- -- s = (Elf_Shdr *) ((char *) e + e->e_shoff + e->e_shstrndx * e->e_shentsize); -- str = (char *) e + s->sh_offset; -- -- for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); -- i < e->e_shnum; -- i++, s = (Elf_Shdr *) ((char *) s + e->e_shentsize)) -- if (grub_strcmp (str + s->sh_name, name) == 0) -- return (long)i; -- return -1; --} - - /* Me, Vladimir Serbinenko, hereby I add this module check as per new - GNU module policy. Note that this license check is informative only. -@@ -662,6 +648,7 @@ grub_dl_relocate_symbols (grub_dl_t mod, void *ehdr) - Elf_Shdr *s; - unsigned i; - -+ grub_dprintf ("modules", "relocating symbols for \"%s\"\n", mod->name); - for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); - i < e->e_shnum; - i++, s = (Elf_Shdr *) ((char *) s + e->e_shentsize)) -@@ -670,24 +657,95 @@ grub_dl_relocate_symbols (grub_dl_t mod, void *ehdr) - grub_dl_segment_t seg; - grub_err_t err; - -- /* Find the target segment. */ -- for (seg = mod->segment; seg; seg = seg->next) -- if (seg->section == s->sh_info) -- break; -+ seg = grub_dl_find_segment(mod, s->sh_info); -+ if (!seg) -+ continue; - -- if (seg) -- { -- if (!mod->symtab) -- return grub_error (GRUB_ERR_BAD_MODULE, "relocation without symbol table"); -+ if (!mod->symtab) -+ return grub_error (GRUB_ERR_BAD_MODULE, "relocation without symbol table"); - -- err = grub_arch_dl_relocate_symbols (mod, ehdr, s, seg); -- if (err) -- return err; -- } -+ err = grub_arch_dl_relocate_symbols (mod, ehdr, s, seg); -+ if (err) -+ return err; - } - -+ grub_dprintf ("modules", "done relocating symbols for \"%s\"\n", mod->name); - return GRUB_ERR_NONE; - } -+ -+static grub_err_t -+grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr) -+{ -+ unsigned i; -+ const Elf_Shdr *s; -+ const Elf_Ehdr *e = ehdr; -+#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) -+ grub_size_t arch_addralign = grub_arch_dl_min_alignment (); -+ grub_addr_t tgaddr; -+ grub_uint64_t tgsz; -+#endif -+ -+ grub_dprintf ("modules", "updating memory attributes for \"%s\"\n", -+ mod->name); -+ for (i = 0, s = (const Elf_Shdr *)((const char *) e + e->e_shoff); -+ i < e->e_shnum; -+ i++, s = (const Elf_Shdr *)((const char *) s + e->e_shentsize)) -+ { -+ grub_dl_segment_t seg; -+ grub_uint64_t set_attrs = GRUB_MEM_ATTR_R; -+ grub_uint64_t clear_attrs = GRUB_MEM_ATTR_W|GRUB_MEM_ATTR_X; -+ -+ seg = grub_dl_find_segment(mod, i); -+ if (!seg) -+ continue; -+ -+ if (seg->size == 0 || !(s->sh_flags & SHF_ALLOC)) -+ continue; -+ -+ if (s->sh_flags & SHF_WRITE) -+ { -+ set_attrs |= GRUB_MEM_ATTR_W; -+ clear_attrs &= ~GRUB_MEM_ATTR_W; -+ } -+ -+ if (s->sh_flags & SHF_EXECINSTR) -+ { -+ set_attrs |= GRUB_MEM_ATTR_X; -+ clear_attrs &= ~GRUB_MEM_ATTR_X; -+ } -+ -+ grub_dprintf ("modules", "setting memory attrs for section \"%s\" to -%s%s%s+%s%s%s\n", -+ grub_dl_get_section_name(e, s), -+ (clear_attrs & GRUB_MEM_ATTR_R) ? "r" : "", -+ (clear_attrs & GRUB_MEM_ATTR_W) ? "w" : "", -+ (clear_attrs & GRUB_MEM_ATTR_X) ? "x" : "", -+ (set_attrs & GRUB_MEM_ATTR_R) ? "r" : "", -+ (set_attrs & GRUB_MEM_ATTR_W) ? "w" : "", -+ (set_attrs & GRUB_MEM_ATTR_X) ? "x" : ""); -+ grub_update_mem_attrs ((grub_addr_t)(seg->addr), seg->size, set_attrs, clear_attrs); -+ } -+ -+#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) -+ tgaddr = grub_min((grub_addr_t)mod->tramp, (grub_addr_t)mod->got); -+ tgsz = grub_max((grub_addr_t)mod->trampptr, (grub_addr_t)mod->gotptr) - tgaddr; -+ -+ if (tgsz) -+ { -+ tgsz = ALIGN_UP(tgsz, arch_addralign); -+ -+ grub_dprintf ("modules", "updating attributes for GOT and trampolines\n", -+ mod->name); -+ grub_update_mem_attrs (tgaddr, tgsz, GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_X, -+ GRUB_MEM_ATTR_W); -+ } -+#endif -+ -+ grub_dprintf ("modules", "done updating module memory attributes for \"%s\"\n", -+ mod->name); -+ -+ return GRUB_ERR_NONE; -+} -+ - static void - grub_dl_print_gdb_info (grub_dl_t mod, Elf_Ehdr *e) - { -@@ -753,6 +811,7 @@ grub_dl_load_core_noinit (void *addr, grub_size_t size) - mod->ref_count = 1; - - grub_dprintf ("modules", "relocating to %p\n", mod); -+ - /* Me, Vladimir Serbinenko, hereby I add this module check as per new - GNU module policy. Note that this license check is informative only. - Modules have to be licensed under GPLv3 or GPLv3+ (optionally -@@ -766,7 +825,8 @@ grub_dl_load_core_noinit (void *addr, grub_size_t size) - || grub_dl_resolve_dependencies (mod, e) - || grub_dl_load_segments (mod, e) - || grub_dl_resolve_symbols (mod, e) -- || grub_dl_relocate_symbols (mod, e)) -+ || grub_dl_relocate_symbols (mod, e) -+ || grub_dl_set_mem_attrs (mod, e)) - { - mod->fini = 0; - grub_dl_unload (mod); -diff --git a/include/grub/dl.h b/include/grub/dl.h -index f36ed5cb17..45ac8e339f 100644 ---- a/include/grub/dl.h -+++ b/include/grub/dl.h -@@ -27,6 +27,7 @@ - #include - #include - #include -+#include - #endif - - /* -@@ -268,6 +269,49 @@ grub_dl_is_persistent (grub_dl_t mod) - return mod->persistent; - } - -+static inline const char * -+grub_dl_get_section_name (const Elf_Ehdr *e, const Elf_Shdr *s) -+{ -+ Elf_Shdr *str_s; -+ const char *str; -+ -+ str_s = (Elf_Shdr *) ((char *) e + e->e_shoff + e->e_shstrndx * e->e_shentsize); -+ str = (char *) e + str_s->sh_offset; -+ -+ return str + s->sh_name; -+} -+ -+static inline long -+grub_dl_find_section_index (Elf_Ehdr *e, const char *name) -+{ -+ Elf_Shdr *s; -+ const char *str; -+ unsigned i; -+ -+ s = (Elf_Shdr *) ((char *) e + e->e_shoff + e->e_shstrndx * e->e_shentsize); -+ str = (char *) e + s->sh_offset; -+ -+ for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); -+ i < e->e_shnum; -+ i++, s = (Elf_Shdr *) ((char *) s + e->e_shentsize)) -+ if (grub_strcmp (str + s->sh_name, name) == 0) -+ return (long)i; -+ return -1; -+} -+ -+/* Return the segment for a section of index N */ -+static inline grub_dl_segment_t -+grub_dl_find_segment (grub_dl_t mod, unsigned n) -+{ -+ grub_dl_segment_t seg; -+ -+ for (seg = mod->segment; seg; seg = seg->next) -+ if (seg->section == n) -+ return seg; -+ -+ return NULL; -+} -+ - #endif - - void * EXPORT_FUNC(grub_resolve_symbol) (const char *name); diff --git a/SPECS/grub2/fedora/0264-nx-set-attrs-in-our-kernel-loaders.patch b/SPECS/grub2/fedora/0264-nx-set-attrs-in-our-kernel-loaders.patch deleted file mode 100644 index 514df1feca..0000000000 --- a/SPECS/grub2/fedora/0264-nx-set-attrs-in-our-kernel-loaders.patch +++ /dev/null @@ -1,565 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 22 Mar 2022 10:57:07 -0400 -Subject: [PATCH] nx: set attrs in our kernel loaders - -For NX, our kernel loaders need to set write and execute page -permissions on allocated pages and the stack. - -This patch adds those calls. - -Signed-off-by: Peter Jones -[rharwood: fix stack_attrs undefined, fix aarch64 callsites] -Signed-off-by: Robbie Harwood ---- - grub-core/kern/efi/mm.c | 77 +++++++++++++++++ - grub-core/loader/arm64/linux.c | 16 +++- - grub-core/loader/arm64/xen_boot.c | 4 +- - grub-core/loader/efi/chainloader.c | 11 +++ - grub-core/loader/efi/linux.c | 164 ++++++++++++++++++++++++++++++++++++- - grub-core/loader/i386/efi/linux.c | 26 +++++- - grub-core/loader/i386/linux.c | 5 ++ - include/grub/efi/efi.h | 6 +- - include/grub/efi/linux.h | 16 +++- - include/grub/efi/pe32.h | 2 + - 10 files changed, 312 insertions(+), 15 deletions(-) - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 2c33758ed7..e460b072e6 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -610,6 +610,81 @@ print_memory_map (grub_efi_memory_descriptor_t *memory_map, - } - #endif - -+grub_addr_t grub_stack_addr = (grub_addr_t)-1ll; -+grub_size_t grub_stack_size = 0; -+ -+static void -+grub_nx_init (void) -+{ -+ grub_uint64_t attrs, stack_attrs; -+ grub_err_t err; -+ grub_addr_t stack_current, stack_end; -+ const grub_uint64_t page_size = 4096; -+ const grub_uint64_t page_mask = ~(page_size - 1); -+ -+ /* -+ * These are to confirm that the flags are working as expected when -+ * debugging. -+ */ -+ attrs = 0; -+ stack_current = (grub_addr_t)grub_nx_init & page_mask; -+ err = grub_get_mem_attrs (stack_current, page_size, &attrs); -+ if (err) -+ { -+ grub_dprintf ("nx", -+ "grub_get_mem_attrs(0x%"PRIxGRUB_UINT64_T", ...) -> 0x%x\n", -+ stack_current, err); -+ grub_error_pop (); -+ } -+ else -+ grub_dprintf ("nx", "page attrs for grub_nx_init (%p) are %c%c%c\n", -+ grub_dl_load_core, -+ (attrs & GRUB_MEM_ATTR_R) ? 'r' : '-', -+ (attrs & GRUB_MEM_ATTR_R) ? 'w' : '-', -+ (attrs & GRUB_MEM_ATTR_R) ? 'x' : '-'); -+ -+ stack_current = (grub_addr_t)&stack_current & page_mask; -+ err = grub_get_mem_attrs (stack_current, page_size, &stack_attrs); -+ if (err) -+ { -+ grub_dprintf ("nx", -+ "grub_get_mem_attrs(0x%"PRIxGRUB_UINT64_T", ...) -> 0x%x\n", -+ stack_current, err); -+ grub_error_pop (); -+ } -+ else -+ { -+ attrs = stack_attrs; -+ grub_dprintf ("nx", "page attrs for stack (%p) are %c%c%c\n", -+ &attrs, -+ (attrs & GRUB_MEM_ATTR_R) ? 'r' : '-', -+ (attrs & GRUB_MEM_ATTR_R) ? 'w' : '-', -+ (attrs & GRUB_MEM_ATTR_R) ? 'x' : '-'); -+ } -+ for (stack_end = stack_current + page_size ; -+ !(attrs & GRUB_MEM_ATTR_R); -+ stack_end += page_size) -+ { -+ err = grub_get_mem_attrs (stack_current, page_size, &attrs); -+ if (err) -+ { -+ grub_dprintf ("nx", -+ "grub_get_mem_attrs(0x%"PRIxGRUB_UINT64_T", ...) -> 0x%x\n", -+ stack_current, err); -+ grub_error_pop (); -+ break; -+ } -+ } -+ if (stack_end > stack_current) -+ { -+ grub_stack_addr = stack_current; -+ grub_stack_size = stack_end - stack_current; -+ grub_dprintf ("nx", -+ "detected stack from 0x%"PRIxGRUB_ADDR" to 0x%"PRIxGRUB_ADDR"\n", -+ grub_stack_addr, grub_stack_addr + grub_stack_size - 1); -+ } -+} -+ - void - grub_efi_mm_init (void) - { -@@ -623,6 +698,8 @@ grub_efi_mm_init (void) - grub_efi_uint64_t required_pages; - int mm_status; - -+ grub_nx_init (); -+ - /* Prepare a memory region to store two memory maps. */ - memory_map = grub_efi_allocate_any_pages (2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE)); - if (! memory_map) -diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index cc67f43906..de85583487 100644 ---- a/grub-core/loader/arm64/linux.c -+++ b/grub-core/loader/arm64/linux.c -@@ -172,7 +172,8 @@ free_params (void) - } - - grub_err_t --grub_arch_efi_linux_boot_image (grub_addr_t addr, char *args) -+grub_arch_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args, -+ int nx_supported) - { - grub_err_t retval; - -@@ -182,7 +183,8 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, char *args) - - grub_dprintf ("linux", "linux command line: '%s'\n", args); - -- retval = grub_efi_linux_boot ((char *)addr, handover_offset, (void *)addr); -+ retval = grub_efi_linux_boot (addr, size, handover_offset, -+ (void *)addr, nx_supported); - - /* Never reached... */ - free_params(); -@@ -192,7 +194,10 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, char *args) - static grub_err_t - grub_linux_boot (void) - { -- return (grub_arch_efi_linux_boot_image((grub_addr_t)kernel_addr, linux_args)); -+ return grub_arch_efi_linux_boot_image((grub_addr_t)kernel_addr, -+ (grub_size_t)kernel_size, -+ linux_args, -+ 0); - } - - static grub_err_t -@@ -340,6 +345,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_off_t filelen; - grub_uint32_t align; - void *kernel = NULL; -+ int nx_supported = 1; - - grub_dl_ref (my_mod); - -@@ -376,6 +382,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_dprintf ("linux", "kernel entry offset : %d\n", handover_offset); - grub_dprintf ("linux", "kernel alignment : 0x%x\n", align); - -+ err = grub_efi_check_nx_image_support((grub_addr_t)kernel, filelen, &nx_supported); -+ if (err != GRUB_ERR_NONE) -+ goto fail; -+ - grub_loader_unset(); - - kernel_alloc_pages = GRUB_EFI_BYTES_TO_PAGES (kernel_size + align - 1); -diff --git a/grub-core/loader/arm64/xen_boot.c b/grub-core/loader/arm64/xen_boot.c -index d9b7a9ba40..6e7e920416 100644 ---- a/grub-core/loader/arm64/xen_boot.c -+++ b/grub-core/loader/arm64/xen_boot.c -@@ -266,7 +266,9 @@ xen_boot (void) - return err; - - return grub_arch_efi_linux_boot_image (xen_hypervisor->start, -- xen_hypervisor->cmdline); -+ xen_hypervisor->size, -+ xen_hypervisor->cmdline, -+ 0); - } - - static void -diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c -index fb874f1855..dd31ac9bb3 100644 ---- a/grub-core/loader/efi/chainloader.c -+++ b/grub-core/loader/efi/chainloader.c -@@ -1070,6 +1070,17 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -+ /* -+ * The OS kernel is going to set its own permissions when it takes over -+ * paging a few million instructions from now, and load_image() will set up -+ * anything that's needed based on the section headers, so there's no point -+ * in doing anything but clearing the protection bits here. -+ */ -+ grub_dprintf("nx", "setting attributes for %p (%lu bytes) to %llx\n", -+ (void *)(grub_addr_t)address, fsize, 0llu); -+ grub_update_mem_attrs (address, fsize, -+ GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_W|GRUB_MEM_ATTR_X, 0); -+ - #if defined (__i386__) || defined (__x86_64__) - if (fsize >= (grub_ssize_t) sizeof (struct grub_macho_fat_header)) - { -diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c -index 9265cf4200..277f352e0c 100644 ---- a/grub-core/loader/efi/linux.c -+++ b/grub-core/loader/efi/linux.c -@@ -26,16 +26,127 @@ - - #pragma GCC diagnostic push - #pragma GCC diagnostic ignored "-Wcast-align" -+#pragma GCC diagnostic ignored "-Wint-to-pointer-cast" -+ -+grub_err_t -+grub_efi_check_nx_image_support (grub_addr_t kernel_addr, -+ grub_size_t kernel_size, -+ int *nx_supported) -+{ -+ struct grub_dos_header *doshdr; -+ grub_size_t sz = sizeof (*doshdr); -+ -+ struct grub_pe32_header_32 *pe32; -+ struct grub_pe32_header_64 *pe64; -+ -+ int image_is_compatible = 0; -+ int is_64_bit; -+ -+ if (kernel_size < sz) -+ return grub_error (GRUB_ERR_BAD_OS, N_("kernel is too small")); -+ -+ doshdr = (void *)kernel_addr; -+ -+ if ((doshdr->magic & 0xffff) != GRUB_DOS_MAGIC) -+ return grub_error (GRUB_ERR_BAD_OS, N_("kernel DOS magic is invalid")); -+ -+ sz = doshdr->lfanew + sizeof (*pe32); -+ if (kernel_size < sz) -+ return grub_error (GRUB_ERR_BAD_OS, N_("kernel is too small")); -+ -+ pe32 = (struct grub_pe32_header_32 *)(kernel_addr + doshdr->lfanew); -+ pe64 = (struct grub_pe32_header_64 *)pe32; -+ -+ if (grub_memcmp (pe32->signature, GRUB_PE32_SIGNATURE, -+ GRUB_PE32_SIGNATURE_SIZE) != 0) -+ return grub_error (GRUB_ERR_BAD_OS, N_("kernel PE magic is invalid")); -+ -+ switch (pe32->coff_header.machine) -+ { -+ case GRUB_PE32_MACHINE_ARMTHUMB_MIXED: -+ case GRUB_PE32_MACHINE_I386: -+ case GRUB_PE32_MACHINE_RISCV32: -+ is_64_bit = 0; -+ break; -+ case GRUB_PE32_MACHINE_ARM64: -+ case GRUB_PE32_MACHINE_IA64: -+ case GRUB_PE32_MACHINE_RISCV64: -+ case GRUB_PE32_MACHINE_X86_64: -+ is_64_bit = 1; -+ break; -+ default: -+ return grub_error (GRUB_ERR_BAD_OS, N_("PE machine type 0x%04hx unknown"), -+ pe32->coff_header.machine); -+ } -+ -+ if (is_64_bit) -+ { -+ sz = doshdr->lfanew + sizeof (*pe64); -+ if (kernel_size < sz) -+ return grub_error (GRUB_ERR_BAD_OS, N_("kernel is too small")); -+ -+ if (pe64->optional_header.dll_characteristics & GRUB_PE32_NX_COMPAT) -+ image_is_compatible = 1; -+ } -+ else -+ { -+ if (pe32->optional_header.dll_characteristics & GRUB_PE32_NX_COMPAT) -+ image_is_compatible = 1; -+ } -+ -+ *nx_supported = image_is_compatible; -+ return GRUB_ERR_NONE; -+} -+ -+grub_err_t -+grub_efi_check_nx_required (int *nx_required) -+{ -+ grub_efi_status_t status; -+ grub_efi_guid_t guid = GRUB_EFI_SHIM_LOCK_GUID; -+ grub_size_t mok_policy_sz = 0; -+ char *mok_policy = NULL; -+ grub_uint32_t mok_policy_attrs = 0; -+ -+ status = grub_efi_get_variable_with_attributes ("MokPolicy", &guid, -+ &mok_policy_sz, -+ (void **)&mok_policy, -+ &mok_policy_attrs); -+ if (status == GRUB_EFI_NOT_FOUND || -+ mok_policy_sz == 0 || -+ mok_policy == NULL) -+ { -+ *nx_required = 0; -+ return GRUB_ERR_NONE; -+ } -+ -+ *nx_required = 0; -+ if (mok_policy_sz < 1 || -+ mok_policy_attrs != (GRUB_EFI_VARIABLE_BOOTSERVICE_ACCESS | -+ GRUB_EFI_VARIABLE_RUNTIME_ACCESS) || -+ (mok_policy[mok_policy_sz-1] & GRUB_MOK_POLICY_NX_REQUIRED)) -+ *nx_required = 1; -+ -+ return GRUB_ERR_NONE; -+} - - typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *); - - grub_err_t --grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, -- void *kernel_params) -+grub_efi_linux_boot (grub_addr_t kernel_addr, grub_size_t kernel_size, -+ grub_off_t handover_offset, void *kernel_params, -+ int nx_supported) - { - grub_efi_loaded_image_t *loaded_image = NULL; - handover_func hf; - int offset = 0; -+ grub_uint64_t stack_set_attrs = GRUB_MEM_ATTR_R | -+ GRUB_MEM_ATTR_W | -+ GRUB_MEM_ATTR_X; -+ grub_uint64_t stack_clear_attrs = 0; -+ grub_uint64_t kernel_set_attrs = stack_set_attrs; -+ grub_uint64_t kernel_clear_attrs = stack_clear_attrs; -+ grub_uint64_t attrs; -+ int nx_required = 0; - - #ifdef __x86_64__ - offset = 512; -@@ -48,12 +159,57 @@ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, - */ - loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); - if (loaded_image) -- loaded_image->image_base = kernel_addr; -+ loaded_image->image_base = (void *)kernel_addr; - else - grub_dprintf ("linux", "Loaded Image base address could not be set\n"); - - grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n", -- kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params); -+ (void *)kernel_addr, (void *)handover_offset, kernel_params); -+ -+ -+ if (nx_required && !nx_supported) -+ return grub_error (GRUB_ERR_BAD_OS, N_("kernel does not support NX loading required by policy")); -+ -+ if (nx_supported) -+ { -+ kernel_set_attrs &= ~GRUB_MEM_ATTR_W; -+ kernel_clear_attrs |= GRUB_MEM_ATTR_W; -+ stack_set_attrs &= ~GRUB_MEM_ATTR_X; -+ stack_clear_attrs |= GRUB_MEM_ATTR_X; -+ } -+ -+ grub_dprintf ("nx", "Setting attributes for 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" to r%cx\n", -+ kernel_addr, kernel_addr + kernel_size - 1, -+ (kernel_set_attrs & GRUB_MEM_ATTR_W) ? 'w' : '-'); -+ grub_update_mem_attrs (kernel_addr, kernel_size, -+ kernel_set_attrs, kernel_clear_attrs); -+ -+ grub_get_mem_attrs (kernel_addr, 4096, &attrs); -+ grub_dprintf ("nx", "permissions for 0x%"PRIxGRUB_ADDR" are %s%s%s\n", -+ (grub_addr_t)kernel_addr, -+ (attrs & GRUB_MEM_ATTR_R) ? "r" : "-", -+ (attrs & GRUB_MEM_ATTR_W) ? "w" : "-", -+ (attrs & GRUB_MEM_ATTR_X) ? "x" : "-"); -+ if (grub_stack_addr != (grub_addr_t)-1ll) -+ { -+ grub_dprintf ("nx", "Setting attributes for stack at 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" to rw%c\n", -+ grub_stack_addr, grub_stack_addr + grub_stack_size - 1, -+ (stack_set_attrs & GRUB_MEM_ATTR_X) ? 'x' : '-'); -+ grub_update_mem_attrs (grub_stack_addr, grub_stack_size, -+ stack_set_attrs, stack_clear_attrs); -+ -+ grub_get_mem_attrs (grub_stack_addr, 4096, &attrs); -+ grub_dprintf ("nx", "permissions for 0x%"PRIxGRUB_ADDR" are %s%s%s\n", -+ grub_stack_addr, -+ (attrs & GRUB_MEM_ATTR_R) ? "r" : "-", -+ (attrs & GRUB_MEM_ATTR_W) ? "w" : "-", -+ (attrs & GRUB_MEM_ATTR_X) ? "x" : "-"); -+ } -+ -+#if defined(__i386__) || defined(__x86_64__) -+ asm volatile ("cli"); -+#endif -+ - hf = (handover_func)((char *)kernel_addr + handover_offset + offset); - hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 92b2fb5091..91ae274299 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -44,7 +44,7 @@ struct grub_linuxefi_context { - grub_uint32_t handover_offset; - struct linux_kernel_params *params; - char *cmdline; -- -+ int nx_supported; - void *initrd_mem; - }; - -@@ -110,13 +110,19 @@ kernel_alloc(grub_efi_uintn_t size, - pages = BYTES_TO_PAGES(size); - grub_dprintf ("linux", "Trying to allocate %lu pages from %p\n", - (unsigned long)pages, (void *)(unsigned long)max); -+ size = pages * GRUB_EFI_PAGE_SIZE; - - prev_max = max; - addr = grub_efi_allocate_pages_real (max, pages, - max_addresses[i].alloc_type, - memtype); - if (addr) -- grub_dprintf ("linux", "Allocated at %p\n", addr); -+ { -+ grub_dprintf ("linux", "Allocated at %p\n", addr); -+ grub_update_mem_attrs ((grub_addr_t)addr, size, -+ GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_W, -+ GRUB_MEM_ATTR_X); -+ } - } - - while (grub_error_pop ()) -@@ -137,9 +143,11 @@ grub_linuxefi_boot (void *data) - - asm volatile ("cli"); - -- return grub_efi_linux_boot ((char *)context->kernel_mem, -+ return grub_efi_linux_boot ((grub_addr_t)context->kernel_mem, -+ context->kernel_size, - context->handover_offset, -- context->params); -+ context->params, -+ context->nx_supported); - } - - static grub_err_t -@@ -304,7 +312,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_uint32_t handover_offset; - struct linux_kernel_params *params = 0; - char *cmdline = 0; -+ int nx_supported = 1; - struct grub_linuxefi_context *context = 0; -+ grub_err_t err; - - grub_dl_ref (my_mod); - -@@ -334,6 +344,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } - -+ err = grub_efi_check_nx_image_support ((grub_addr_t)kernel, filelen, -+ &nx_supported); -+ if (err != GRUB_ERR_NONE) -+ return err; -+ grub_dprintf ("linux", "nx is%s supported by this kernel\n", -+ nx_supported ? "" : " not"); -+ - lh = (struct linux_i386_kernel_header *)kernel; - grub_dprintf ("linux", "original lh is at %p\n", kernel); - -@@ -498,6 +515,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - context->handover_offset = handover_offset; - context->params = params; - context->cmdline = cmdline; -+ context->nx_supported = nx_supported; - - grub_loader_set_ex (grub_linuxefi_boot, grub_linuxefi_unload, context, 0); - -diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c -index 4aeb0e4b9a..3c1ff64763 100644 ---- a/grub-core/loader/i386/linux.c -+++ b/grub-core/loader/i386/linux.c -@@ -805,6 +805,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - kernel_offset += len; - } - -+ grub_dprintf("efi", "setting attributes for %p (%zu bytes) to +rw-x\n", -+ &linux_params, sizeof (lh) + len); -+ grub_update_mem_attrs ((grub_addr_t)&linux_params, sizeof (lh) + len, -+ GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_W, GRUB_MEM_ATTR_X); -+ - linux_params.code32_start = prot_mode_target + lh.code32_start - GRUB_LINUX_BZIMAGE_ADDR; - linux_params.kernel_alignment = (1 << align); - linux_params.ps_mouse = linux_params.padding11 = 0; -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index 34825c4adc..449e55269f 100644 ---- a/include/grub/efi/efi.h -+++ b/include/grub/efi/efi.h -@@ -140,12 +140,16 @@ extern void (*EXPORT_VAR(grub_efi_net_config)) (grub_efi_handle_t hnd, - char **device, - char **path); - -+extern grub_addr_t EXPORT_VAR(grub_stack_addr); -+extern grub_size_t EXPORT_VAR(grub_stack_size); -+ - #if defined(__arm__) || defined(__aarch64__) || defined(__riscv) - void *EXPORT_FUNC(grub_efi_get_firmware_fdt)(void); - grub_err_t EXPORT_FUNC(grub_efi_get_ram_base)(grub_addr_t *); - #include - grub_err_t grub_arch_efi_linux_check_image(struct linux_arch_kernel_header *lh); --grub_err_t grub_arch_efi_linux_boot_image(grub_addr_t addr, char *args); -+grub_err_t grub_arch_efi_linux_boot_image(grub_addr_t addr, grub_size_t size, -+ char *args, int nx_enabled); - #endif - - grub_addr_t grub_efi_section_addr (const char *section); -diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h -index 887b02fd9f..b82f71006a 100644 ---- a/include/grub/efi/linux.h -+++ b/include/grub/efi/linux.h -@@ -22,8 +22,20 @@ - #include - #include - -+#define GRUB_MOK_POLICY_NX_REQUIRED 0x1 -+ - grub_err_t --EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset, -- void *kernel_param); -+EXPORT_FUNC(grub_efi_linux_boot) (grub_addr_t kernel_address, -+ grub_size_t kernel_size, -+ grub_off_t handover_offset, -+ void *kernel_param, int nx_enabled); -+ -+grub_err_t -+EXPORT_FUNC(grub_efi_check_nx_image_support) (grub_addr_t kernel_addr, -+ grub_size_t kernel_size, -+ int *nx_supported); -+ -+grub_err_t -+EXPORT_FUNC(grub_efi_check_nx_required) (int *nx_required); - - #endif /* ! GRUB_EFI_LINUX_HEADER */ -diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h -index 2a5e1ee003..a5e623eb04 100644 ---- a/include/grub/efi/pe32.h -+++ b/include/grub/efi/pe32.h -@@ -181,6 +181,8 @@ struct grub_pe32_optional_header - struct grub_pe32_data_directory reserved_entry; - }; - -+#define GRUB_PE32_NX_COMPAT 0x0100 -+ - struct grub_pe64_optional_header - { - grub_uint16_t magic; diff --git a/SPECS/grub2/fedora/0265-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch b/SPECS/grub2/fedora/0265-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch deleted file mode 100644 index 7da75a813c..0000000000 --- a/SPECS/grub2/fedora/0265-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 22 Mar 2022 10:57:20 -0400 -Subject: [PATCH] nx: set the nx compatible flag in EFI grub images - -For NX, we need the grub binary to announce that it is compatible with -the NX feature. This implies that when loading the executable grub -image, several attributes are true: - -- the binary doesn't need an executable stack -- the binary doesn't need sections to be both executable and writable -- the binary knows how to use the EFI Memory Attributes protocol on code - it is loading. - -This patch adds a definition for the PE DLL Characteristics flag -GRUB_PE32_NX_COMPAT, and changes grub-mkimage to set that flag. - -Signed-off-by: Peter Jones ---- - util/mkimage.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/util/mkimage.c b/util/mkimage.c -index 8319e8dfbd..c3d33aaac8 100644 ---- a/util/mkimage.c -+++ b/util/mkimage.c -@@ -1418,6 +1418,7 @@ grub_install_generate_image (const char *dir, const char *prefix, - section = (struct grub_pe32_section_table *)(o64 + 1); - } - -+ PE_OHDR (o32, o64, dll_characteristics) = grub_host_to_target16 (GRUB_PE32_NX_COMPAT); - PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size); - PE_OHDR (o32, o64, entry_addr) = grub_host_to_target32 (layout.start_address); - PE_OHDR (o32, o64, image_base) = 0; diff --git a/SPECS/grub2/fedora/0266-grub-probe-document-the-behavior-of-multiple-v.patch b/SPECS/grub2/fedora/0266-grub-probe-document-the-behavior-of-multiple-v.patch deleted file mode 100644 index 4e9d7ccfeb..0000000000 --- a/SPECS/grub2/fedora/0266-grub-probe-document-the-behavior-of-multiple-v.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Fri, 15 Jul 2022 15:49:25 -0400 -Subject: [PATCH] grub-probe: document the behavior of multiple -v - -Signed-off-by: Robbie Harwood -(cherry picked from commit 51a55233eed08f7f12276afd6b3724b807a0b680) ---- - util/grub-probe.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/util/grub-probe.c b/util/grub-probe.c -index c6fac732b4..ba867319a7 100644 ---- a/util/grub-probe.c -+++ b/util/grub-probe.c -@@ -732,7 +732,8 @@ static struct argp_option options[] = { - {"device-map", 'm', N_("FILE"), 0, - N_("use FILE as the device map [default=%s]"), 0}, - {"target", 't', N_("TARGET"), 0, 0, 0}, -- {"verbose", 'v', 0, 0, N_("print verbose messages."), 0}, -+ {"verbose", 'v', 0, 0, -+ N_("print verbose messages (pass twice to enable debug printing)."), 0}, - {0, '0', 0, 0, N_("separate items in output using ASCII NUL characters"), 0}, - { 0, 0, 0, 0, 0, 0 } - }; diff --git a/SPECS/grub2/fedora/0267-grub_fs_probe-dprint-errors-from-filesystems.patch b/SPECS/grub2/fedora/0267-grub_fs_probe-dprint-errors-from-filesystems.patch deleted file mode 100644 index 1455ae4bb4..0000000000 --- a/SPECS/grub2/fedora/0267-grub_fs_probe-dprint-errors-from-filesystems.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Fri, 15 Jul 2022 15:39:41 -0400 -Subject: [PATCH] grub_fs_probe(): dprint errors from filesystems - -When filesystem detection fails, all that's currently debug-logged is a -series of messages like: - - grub-core/kern/fs.c:56:fs: Detecting ntfs... - grub-core/kern/fs.c:76:fs: ntfs detection failed. - -repeated for each filesystem. Any messages provided to grub_error() by -the filesystem are lost, and one has to break out gdb to figure out what -went wrong. - -With this change, one instead sees: - - grub-core/kern/fs.c:56:fs: Detecting fat... - grub-core/osdep/hostdisk.c:357:hostdisk: reusing open device - `/path/to/device' - grub-core/kern/fs.c:77:fs: error: invalid modification timestamp for /. - grub-core/kern/fs.c:79:fs: fat detection failed. - -in the debug prints. - -Signed-off-by: Robbie Harwood -(cherry picked from commit 838c79d658797d0662ee7f9e033e38ee88059e02) ---- - grub-core/kern/fs.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c -index c698295bcb..b58e2ae1d2 100644 ---- a/grub-core/kern/fs.c -+++ b/grub-core/kern/fs.c -@@ -74,6 +74,7 @@ grub_fs_probe (grub_device_t device) - if (grub_errno == GRUB_ERR_NONE) - return p; - -+ grub_dprintf ("fs", _("error: %s.\n"), grub_errmsg); - grub_error_push (); - grub_dprintf ("fs", "%s detection failed.\n", p->name); - grub_error_pop (); diff --git a/SPECS/grub2/fedora/0268-fs-fat-don-t-error-when-mtime-is-0.patch b/SPECS/grub2/fedora/0268-fs-fat-don-t-error-when-mtime-is-0.patch deleted file mode 100644 index f014f6c9bb..0000000000 --- a/SPECS/grub2/fedora/0268-fs-fat-don-t-error-when-mtime-is-0.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Fri, 15 Jul 2022 15:42:41 -0400 -Subject: [PATCH] fs/fat: don't error when mtime is 0 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -In the wild, we occasionally see valid ESPs where some file modification times -are 0. For instance: - - ├── [Dec 31 1979] EFI - │ ├── [Dec 31 1979] BOOT - │ │ ├── [Dec 31 1979] BOOTX64.EFI - │ │ └── [Dec 31 1979] fbx64.efi - │ └── [Jun 27 02:41] fedora - │ ├── [Dec 31 1979] BOOTX64.CSV - │ ├── [Dec 31 1979] fonts - │ ├── [Mar 14 03:35] fw - │ │ ├── [Mar 14 03:35] fwupd-359c1169-abd6-4a0d-8bce-e4d4713335c1.cap - │ │ ├── [Mar 14 03:34] fwupd-9d255c4b-2d88-4861-860d-7ee52ade9463.cap - │ │ └── [Mar 14 03:34] fwupd-b36438d8-9128-49d2-b280-487be02d948b.cap - │ ├── [Dec 31 1979] fwupdx64.efi - │ ├── [May 10 10:47] grub.cfg - │ ├── [Jun 3 12:38] grub.cfg.new.new - │ ├── [May 10 10:41] grub.cfg.old - │ ├── [Jun 27 02:41] grubenv - │ ├── [Dec 31 1979] grubx64.efi - │ ├── [Dec 31 1979] mmx64.efi - │ ├── [Dec 31 1979] shim.efi - │ ├── [Dec 31 1979] shimx64.efi - │ └── [Dec 31 1979] shimx64-fedora.efi - └── [Dec 31 1979] FSCK0000.REC - - 5 directories, 17 files - -This causes grub-probe failure, which in turn causes grub-mkconfig -failure. They are valid filesystems that appear intact, and the Linux -FAT stack is able to mount and manipulate them without complaint. - -The check for mtime of 0 has been present since -20def1a3c3952982395cd7c3ea7e78638527962b ("fat: support file -modification times"). - -Signed-off-by: Robbie Harwood -(cherry picked from commit 0615c4887352e32d7bb7198e9ad0d695f9dc2c31) ---- - grub-core/fs/fat.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/grub-core/fs/fat.c b/grub-core/fs/fat.c -index dd82e4ee35..ff6200c5be 100644 ---- a/grub-core/fs/fat.c -+++ b/grub-core/fs/fat.c -@@ -1027,9 +1027,6 @@ grub_fat_dir (grub_device_t device, const char *path, grub_fs_dir_hook_t hook, - grub_le_to_cpu16 (ctxt.dir.w_date), - &info.mtime); - #endif -- if (info.mtimeset == 0) -- grub_error (GRUB_ERR_OUT_OF_RANGE, -- "invalid modification timestamp for %s", path); - - if (hook (ctxt.filename, &info, hook_data)) - break; diff --git a/SPECS/grub2/fedora/0269-Make-debug-file-show-which-file-filters-get-run.patch b/SPECS/grub2/fedora/0269-Make-debug-file-show-which-file-filters-get-run.patch deleted file mode 100644 index 78bc095dfe..0000000000 --- a/SPECS/grub2/fedora/0269-Make-debug-file-show-which-file-filters-get-run.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 29 Jul 2022 15:56:00 -0400 -Subject: [PATCH] Make debug=file show which file filters get run. - -If one of the file filters breaks things, it's hard to figure out where -it has happened. - -This makes grub log which filter is being run, which makes it easier to -figure out where you are in the sequence of events. - -Signed-off-by: Peter Jones ---- - grub-core/kern/file.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c -index db938e099d..868ce3b63e 100644 ---- a/grub-core/kern/file.c -+++ b/grub-core/kern/file.c -@@ -30,6 +30,14 @@ void (*EXPORT_VAR (grub_grubnet_fini)) (void); - - grub_file_filter_t grub_file_filters[GRUB_FILE_FILTER_MAX]; - -+static const char *filter_names[] = { -+ [GRUB_FILE_FILTER_VERIFY] = "GRUB_FILE_FILTER_VERIFY", -+ [GRUB_FILE_FILTER_GZIO] = "GRUB_FILE_FILTER_GZIO", -+ [GRUB_FILE_FILTER_XZIO] = "GRUB_FILE_FILTER_XZIO", -+ [GRUB_FILE_FILTER_LZOPIO] = "GRUB_FILE_FILTER_LZOPIO", -+ [GRUB_FILE_FILTER_MAX] = "GRUB_FILE_FILTER_MAX" -+}; -+ - /* Get the device part of the filename NAME. It is enclosed by parentheses. */ - char * - grub_file_get_device_name (const char *name) -@@ -124,6 +132,9 @@ grub_file_open (const char *name, enum grub_file_type type) - if (grub_file_filters[filter]) - { - last_file = file; -+ if (filter < GRUB_FILE_FILTER_MAX) -+ grub_dprintf ("file", "Running %s file filter\n", -+ filter_names[filter]); - file = grub_file_filters[filter] (file, type); - if (file && file != last_file) - { diff --git a/SPECS/grub2/fedora/0270-efi-use-enumerated-array-positions-for-our-allocatio.patch b/SPECS/grub2/fedora/0270-efi-use-enumerated-array-positions-for-our-allocatio.patch deleted file mode 100644 index 206e3a639e..0000000000 --- a/SPECS/grub2/fedora/0270-efi-use-enumerated-array-positions-for-our-allocatio.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 1 Aug 2022 14:06:30 -0400 -Subject: [PATCH] efi: use enumerated array positions for our allocation - choices - -In our kernel allocator on EFI systems, we currently have a growing -amount of code that references the various allocation policies by -position in the array, and of course maintenance of this code scales -very poorly. - -This patch changes them to be enumerated, so they're easier to refer to -farther along in the code without confusion. - -Signed-off-by: Peter Jones ---- - grub-core/loader/i386/efi/linux.c | 31 ++++++++++++++++++++----------- - 1 file changed, 20 insertions(+), 11 deletions(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 91ae274299..8daa070132 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -60,17 +60,26 @@ struct allocation_choice { - grub_efi_allocate_type_t alloc_type; - }; - --static struct allocation_choice max_addresses[4] = -+enum { -+ KERNEL_PREF_ADDRESS, -+ KERNEL_4G_LIMIT, -+ KERNEL_NO_LIMIT, -+}; -+ -+static struct allocation_choice max_addresses[] = - { - /* the kernel overrides this one with pref_address and - * GRUB_EFI_ALLOCATE_ADDRESS */ -- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, -+ [KERNEL_PREF_ADDRESS] = -+ { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, -+ /* If the flag in params is set, this one gets changed to be above 4GB. */ -+ [KERNEL_4G_LIMIT] = -+ { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, - /* this one is always below 4GB, which we still *prefer* even if the flag - * is set. */ -- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, -- /* If the flag in params is set, this one gets changed to be above 4GB. */ -- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, -- { 0, 0 } -+ [KERNEL_NO_LIMIT] = -+ { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, -+ { NO_MEM, 0, 0 } - }; - static struct allocation_choice saved_addresses[4]; - -@@ -405,7 +414,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - if (lh->xloadflags & LINUX_XLF_CAN_BE_LOADED_ABOVE_4G) - { - grub_dprintf ("linux", "Loading kernel above 4GB is supported; enabling.\n"); -- max_addresses[2].addr = GRUB_EFI_MAX_USABLE_ADDRESS; -+ max_addresses[KERNEL_NO_LIMIT].addr = GRUB_EFI_MAX_USABLE_ADDRESS; - } - else - { -@@ -478,11 +487,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_dprintf ("linux", "lh->pref_address: %p\n", (void *)(grub_addr_t)lh->pref_address); - if (lh->pref_address < (grub_uint64_t)GRUB_EFI_MAX_ALLOCATION_ADDRESS) - { -- max_addresses[0].addr = lh->pref_address; -- max_addresses[0].alloc_type = GRUB_EFI_ALLOCATE_ADDRESS; -+ max_addresses[KERNEL_PREF_ADDRESS].addr = lh->pref_address; -+ max_addresses[KERNEL_PREF_ADDRESS].alloc_type = GRUB_EFI_ALLOCATE_ADDRESS; - } -- max_addresses[1].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; -- max_addresses[2].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; -+ max_addresses[KERNEL_4G_LIMIT].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; -+ max_addresses[KERNEL_NO_LIMIT].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; - kernel_size = lh->init_size; - kernel_mem = kernel_alloc (kernel_size, GRUB_EFI_RUNTIME_SERVICES_CODE, - N_("can't allocate kernel")); diff --git a/SPECS/grub2/fedora/0271-efi-split-allocation-policy-for-kernel-vs-initrd-mem.patch b/SPECS/grub2/fedora/0271-efi-split-allocation-policy-for-kernel-vs-initrd-mem.patch deleted file mode 100644 index d25cf3065f..0000000000 --- a/SPECS/grub2/fedora/0271-efi-split-allocation-policy-for-kernel-vs-initrd-mem.patch +++ /dev/null @@ -1,127 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 1 Aug 2022 14:24:39 -0400 -Subject: [PATCH] efi: split allocation policy for kernel vs initrd memories. - -Currently in our kernel allocator, we use the same set of choices for -all of our various kernel and initramfs allocations, though they do not -have exactly the same constraints. - -This patch adds the concept of an allocation purpose, which currently -can be KERNEL_MEM or INITRD_MEM, and updates kernel_alloc() calls -appropriately, but does not change any current policy decision. It -also adds a few debug prints. - -Signed-off-by: Peter Jones ---- - grub-core/loader/i386/efi/linux.c | 35 +++++++++++++++++++++++++++-------- - 1 file changed, 27 insertions(+), 8 deletions(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 8daa070132..e6b8998e5e 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -55,7 +55,14 @@ struct grub_linuxefi_context { - - #define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) - -+typedef enum { -+ NO_MEM, -+ KERNEL_MEM, -+ INITRD_MEM, -+} kernel_alloc_purpose_t; -+ - struct allocation_choice { -+ kernel_alloc_purpose_t purpose; - grub_efi_physical_address_t addr; - grub_efi_allocate_type_t alloc_type; - }; -@@ -64,6 +71,7 @@ enum { - KERNEL_PREF_ADDRESS, - KERNEL_4G_LIMIT, - KERNEL_NO_LIMIT, -+ INITRD_MAX_ADDRESS, - }; - - static struct allocation_choice max_addresses[] = -@@ -71,14 +79,17 @@ static struct allocation_choice max_addresses[] = - /* the kernel overrides this one with pref_address and - * GRUB_EFI_ALLOCATE_ADDRESS */ - [KERNEL_PREF_ADDRESS] = -- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, -+ { KERNEL_MEM, GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, - /* If the flag in params is set, this one gets changed to be above 4GB. */ - [KERNEL_4G_LIMIT] = -- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, -+ { KERNEL_MEM, GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, - /* this one is always below 4GB, which we still *prefer* even if the flag - * is set. */ - [KERNEL_NO_LIMIT] = -- { GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, -+ { KERNEL_MEM, GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, -+ /* this is for the initrd */ -+ [INITRD_MAX_ADDRESS] = -+ { INITRD_MEM, GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, - { NO_MEM, 0, 0 } - }; - static struct allocation_choice saved_addresses[4]; -@@ -95,7 +106,8 @@ kernel_free(void *addr, grub_efi_uintn_t size) - } - - static void * --kernel_alloc(grub_efi_uintn_t size, -+kernel_alloc(kernel_alloc_purpose_t purpose, -+ grub_efi_uintn_t size, - grub_efi_memory_type_t memtype, - const char * const errmsg) - { -@@ -108,6 +120,9 @@ kernel_alloc(grub_efi_uintn_t size, - grub_uint64_t max = max_addresses[i].addr; - grub_efi_uintn_t pages; - -+ if (purpose != max_addresses[i].purpose) -+ continue; -+ - /* - * When we're *not* loading the kernel, or >4GB allocations aren't - * supported, these entries are basically all the same, so don't re-try -@@ -261,7 +276,8 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) - } - } - -- initrd_mem = kernel_alloc(size, GRUB_EFI_RUNTIME_SERVICES_DATA, -+ grub_dprintf ("linux", "Trying to allocate initrd mem\n"); -+ initrd_mem = kernel_alloc(INITRD_MEM, size, GRUB_EFI_RUNTIME_SERVICES_DATA, - N_("can't allocate initrd")); - if (initrd_mem == NULL) - goto fail; -@@ -422,7 +438,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - } - #endif - -- params = kernel_alloc (sizeof(*params), GRUB_EFI_RUNTIME_SERVICES_DATA, -+ params = kernel_alloc (KERNEL_MEM, sizeof(*params), -+ GRUB_EFI_RUNTIME_SERVICES_DATA, - "cannot allocate kernel parameters"); - if (!params) - goto fail; -@@ -445,7 +462,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_dprintf ("linux", "new lh is at %p\n", lh); - - grub_dprintf ("linux", "setting up cmdline\n"); -- cmdline = kernel_alloc (lh->cmdline_size + 1, -+ cmdline = kernel_alloc (KERNEL_MEM, lh->cmdline_size + 1, - GRUB_EFI_RUNTIME_SERVICES_DATA, - N_("can't allocate cmdline")); - if (!cmdline) -@@ -493,7 +510,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - max_addresses[KERNEL_4G_LIMIT].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; - max_addresses[KERNEL_NO_LIMIT].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; - kernel_size = lh->init_size; -- kernel_mem = kernel_alloc (kernel_size, GRUB_EFI_RUNTIME_SERVICES_CODE, -+ grub_dprintf ("linux", "Trying to allocate kernel mem\n"); -+ kernel_mem = kernel_alloc (KERNEL_MEM, kernel_size, -+ GRUB_EFI_RUNTIME_SERVICES_CODE, - N_("can't allocate kernel")); - restore_addresses(); - if (!kernel_mem) diff --git a/SPECS/grub2/fedora/0272-efi-allocate-the-initrd-within-the-bounds-expressed-.patch b/SPECS/grub2/fedora/0272-efi-allocate-the-initrd-within-the-bounds-expressed-.patch deleted file mode 100644 index 47e31e2fe6..0000000000 --- a/SPECS/grub2/fedora/0272-efi-allocate-the-initrd-within-the-bounds-expressed-.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 1 Aug 2022 14:07:50 -0400 -Subject: [PATCH] efi: allocate the initrd within the bounds expressed by the - kernel - -Currently on x86, only linux kernels built with CONFIG_RELOCATABLE for -x86_64 can be loaded above 4G, but the maximum address for the initramfs -is specified via a HdrS field. This allows us to utilize that value, -and unless loading the kernel above 4G, uses the value present there. -If loading kernel above 4G is allowed, we assume loading the initramfs -above 4G also works; in practice this has been true in the kernel code -for quite some time. - -Resolves: rhbz#2112134 - -Signed-off-by: Peter Jones ---- - grub-core/loader/i386/efi/linux.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index e6b8998e5e..d003b474ee 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -190,6 +190,8 @@ grub_linuxefi_unload (void *data) - cmd_initrdefi->data = 0; - grub_free (context); - -+ max_addresses[INITRD_MAX_ADDRESS].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; -+ - return GRUB_ERR_NONE; - } - -@@ -426,11 +428,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - } - #endif - -+ max_addresses[INITRD_MAX_ADDRESS].addr = lh->initrd_addr_max; - #if defined(__x86_64__) - if (lh->xloadflags & LINUX_XLF_CAN_BE_LOADED_ABOVE_4G) - { - grub_dprintf ("linux", "Loading kernel above 4GB is supported; enabling.\n"); - max_addresses[KERNEL_NO_LIMIT].addr = GRUB_EFI_MAX_USABLE_ADDRESS; -+ max_addresses[INITRD_MAX_ADDRESS].addr = GRUB_EFI_MAX_USABLE_ADDRESS; - } - else - { -@@ -560,6 +564,8 @@ fail: - - grub_dl_unref (my_mod); - -+ max_addresses[INITRD_MAX_ADDRESS].addr = GRUB_EFI_MAX_ALLOCATION_ADDRESS; -+ - if (lh) - kernel_free (cmdline, lh->cmdline_size + 1); - diff --git a/SPECS/grub2/fedora/0273-efi-use-EFI_LOADER_-CODE-DATA-for-kernel-and-initrd-.patch b/SPECS/grub2/fedora/0273-efi-use-EFI_LOADER_-CODE-DATA-for-kernel-and-initrd-.patch deleted file mode 100644 index 8451dbfc36..0000000000 --- a/SPECS/grub2/fedora/0273-efi-use-EFI_LOADER_-CODE-DATA-for-kernel-and-initrd-.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 1 Aug 2022 13:04:43 -0400 -Subject: [PATCH] efi: use EFI_LOADER_(CODE|DATA) for kernel and initrd - allocations - -At some point due to an erroneous kernel warning, we switched kernel and -initramfs to being loaded in EFI_RUNTIME_SERVICES_CODE and -EFI_RUNTIME_SERVICES_DATA memory pools. This doesn't appear to be -correct according to the spec, and that kernel warning has gone away. - -This patch puts them back in EFI_LOADER_CODE and EFI_LOADER_DATA -allocations, respectively. - -Resolves: rhbz#2108456 - -Signed-off-by: Peter Jones ---- - grub-core/loader/i386/efi/linux.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index d003b474ee..ac5ef50bdb 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -279,7 +279,7 @@ grub_cmd_initrd (grub_command_t cmd, int argc, char *argv[]) - } - - grub_dprintf ("linux", "Trying to allocate initrd mem\n"); -- initrd_mem = kernel_alloc(INITRD_MEM, size, GRUB_EFI_RUNTIME_SERVICES_DATA, -+ initrd_mem = kernel_alloc(INITRD_MEM, size, GRUB_EFI_LOADER_DATA, - N_("can't allocate initrd")); - if (initrd_mem == NULL) - goto fail; -@@ -443,7 +443,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - #endif - - params = kernel_alloc (KERNEL_MEM, sizeof(*params), -- GRUB_EFI_RUNTIME_SERVICES_DATA, -+ GRUB_EFI_LOADER_DATA, - "cannot allocate kernel parameters"); - if (!params) - goto fail; -@@ -467,7 +467,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - - grub_dprintf ("linux", "setting up cmdline\n"); - cmdline = kernel_alloc (KERNEL_MEM, lh->cmdline_size + 1, -- GRUB_EFI_RUNTIME_SERVICES_DATA, -+ GRUB_EFI_LOADER_DATA, - N_("can't allocate cmdline")); - if (!cmdline) - goto fail; -@@ -516,7 +516,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - kernel_size = lh->init_size; - grub_dprintf ("linux", "Trying to allocate kernel mem\n"); - kernel_mem = kernel_alloc (KERNEL_MEM, kernel_size, -- GRUB_EFI_RUNTIME_SERVICES_CODE, -+ GRUB_EFI_LOADER_CODE, - N_("can't allocate kernel")); - restore_addresses(); - if (!kernel_mem) diff --git a/SPECS/grub2/fedora/0279-blscfg-Don-t-root-device-in-emu-builds.patch b/SPECS/grub2/fedora/0279-blscfg-Don-t-root-device-in-emu-builds.patch deleted file mode 100644 index 3fe8baf22f..0000000000 --- a/SPECS/grub2/fedora/0279-blscfg-Don-t-root-device-in-emu-builds.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Thu, 25 Aug 2022 17:57:55 -0400 -Subject: [PATCH] blscfg: Don't root device in emu builds - -Otherwise, we end up looking for kernel/initrd in /boot/boot which -doesn't work at all. Non-emu builds need to be looking in -($root)/boot/, which is what this is for. - -Signed-off-by: Robbie Harwood ---- - grub-core/commands/blscfg.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/commands/blscfg.c b/grub-core/commands/blscfg.c -index e907a6a5d2..dbd0899acf 100644 ---- a/grub-core/commands/blscfg.c -+++ b/grub-core/commands/blscfg.c -@@ -41,7 +41,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); - - #define GRUB_BLS_CONFIG_PATH "/loader/entries/" - #ifdef GRUB_MACHINE_EMU --#define GRUB_BOOT_DEVICE "/boot" -+#define GRUB_BOOT_DEVICE "" - #else - #define GRUB_BOOT_DEVICE "($root)" - #endif diff --git a/SPECS/grub2/fedora/0280-loader-arm64-linux-Remove-magic-number-header-field-.patch b/SPECS/grub2/fedora/0280-loader-arm64-linux-Remove-magic-number-header-field-.patch deleted file mode 100644 index faaa07135e..0000000000 --- a/SPECS/grub2/fedora/0280-loader-arm64-linux-Remove-magic-number-header-field-.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Thu, 11 Aug 2022 16:51:57 +0200 -Subject: [PATCH] loader/arm64/linux: Remove magic number header field check - -The "ARM\x64" magic number in the file header identifies an image as one -that implements the bare metal boot protocol, allowing the loader to -simply move the file to a suitably aligned address in memory, with -sufficient headroom for the trailing .bss segment (the required memory -size is described in the header as well). - -Note of this matters for GRUB, as it only supports EFI boot. EFI does -not care about this magic number, and nor should GRUB: this prevents us -from booting other PE linux images, such as the generic EFI zboot -decompressor, which is a pure PE/COFF image, and does not implement the -bare metal boot protocol. - -So drop the magic number check. - -Signed-off-by: Ard Biesheuvel -Reviewed-by: Daniel Kiper -Resolves: rhbz#2125069 -Signed-off-by: Jeremy Linton -(cherry-picked from commit 69edb31205602c29293a8c6e67363bba2a4a1e66) -Signed-off-by: Robbie Harwood ---- - grub-core/loader/arm64/linux.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index de85583487..489d0c7173 100644 ---- a/grub-core/loader/arm64/linux.c -+++ b/grub-core/loader/arm64/linux.c -@@ -55,9 +55,6 @@ static grub_addr_t initrd_end; - grub_err_t - grub_arch_efi_linux_check_image (struct linux_arch_kernel_header * lh) - { -- if (lh->magic != GRUB_LINUX_ARMXX_MAGIC_SIGNATURE) -- return grub_error(GRUB_ERR_BAD_OS, "invalid magic number"); -- - if ((lh->code0 & 0xffff) != GRUB_DOS_MAGIC) - return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, - N_("plain image kernel not supported - rebuild with CONFIG_(U)EFI_STUB enabled")); diff --git a/SPECS/grub2/fedora/0281-Correct-BSS-zeroing-on-aarch64.patch b/SPECS/grub2/fedora/0281-Correct-BSS-zeroing-on-aarch64.patch deleted file mode 100644 index 4f9a2b78c7..0000000000 --- a/SPECS/grub2/fedora/0281-Correct-BSS-zeroing-on-aarch64.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Jeremy Linton -Date: Tue, 6 Sep 2022 15:33:03 -0500 -Subject: [PATCH] Correct BSS zeroing on aarch64 - -The aarch64 loader doesn't use efi bootservices, and -therefor it has a very minimal loader which makes a lot -of assumptions about the kernel layout. With the ZBOOT -changes, the layout has changed a bit and we not should -really be parsing the PE sections to determine how much -data to copy, otherwise the BSS won't be setup properly. - -This code still makes a lot of assumptions about the -the kernel layout, so its far from ideal, but it works. - -Resolves: rhbz#2125069 - -Signed-off-by: Jeremy Linton ---- - grub-core/loader/arm64/linux.c | 27 ++++++++++++++++++++++----- - 1 file changed, 22 insertions(+), 5 deletions(-) - -diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c -index 489d0c7173..419f2201df 100644 ---- a/grub-core/loader/arm64/linux.c -+++ b/grub-core/loader/arm64/linux.c -@@ -316,10 +316,12 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - static grub_err_t - parse_pe_header (void *kernel, grub_uint64_t *total_size, - grub_uint32_t *entry_offset, -- grub_uint32_t *alignment) -+ grub_uint32_t *alignment,grub_uint32_t *code_size) - { - struct linux_arch_kernel_header *lh = kernel; - struct grub_armxx_linux_pe_header *pe; -+ grub_uint16_t i; -+ struct grub_pe32_section_table *sections; - - pe = (void *)((unsigned long)kernel + lh->hdr_offset); - -@@ -329,6 +331,19 @@ parse_pe_header (void *kernel, grub_uint64_t *total_size, - *total_size = pe->opt.image_size; - *entry_offset = pe->opt.entry_addr; - *alignment = pe->opt.section_alignment; -+ *code_size = pe->opt.section_alignment; -+ -+ sections = (struct grub_pe32_section_table *) ((char *)&pe->opt + -+ pe->coff.optional_header_size); -+ grub_dprintf ("linux", "num_sections : %d\n", pe->coff.num_sections ); -+ for (i = 0 ; i < pe->coff.num_sections; i++) -+ { -+ grub_dprintf ("linux", "raw_size : %lld\n", -+ (long long) sections[i].raw_data_size); -+ grub_dprintf ("linux", "virt_size : %lld\n", -+ (long long) sections[i].virtual_size); -+ *code_size += sections[i].raw_data_size; -+ } - - return GRUB_ERR_NONE; - } -@@ -341,6 +356,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - grub_err_t err; - grub_off_t filelen; - grub_uint32_t align; -+ grub_uint32_t code_size; - void *kernel = NULL; - int nx_supported = 1; - -@@ -373,11 +389,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - - if (grub_arch_efi_linux_check_image (kernel) != GRUB_ERR_NONE) - goto fail; -- if (parse_pe_header (kernel, &kernel_size, &handover_offset, &align) != GRUB_ERR_NONE) -+ if (parse_pe_header (kernel, &kernel_size, &handover_offset, &align, &code_size) != GRUB_ERR_NONE) - goto fail; - grub_dprintf ("linux", "kernel mem size : %lld\n", (long long) kernel_size); - grub_dprintf ("linux", "kernel entry offset : %d\n", handover_offset); - grub_dprintf ("linux", "kernel alignment : 0x%x\n", align); -+ grub_dprintf ("linux", "kernel size : 0x%x\n", code_size); - - err = grub_efi_check_nx_image_support((grub_addr_t)kernel, filelen, &nx_supported); - if (err != GRUB_ERR_NONE) -@@ -396,9 +413,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - kernel_addr = (void *)ALIGN_UP((grub_uint64_t)kernel_alloc_addr, align); - - grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); -- grub_memcpy (kernel_addr, kernel, grub_min(filelen, kernel_size)); -- if (kernel_size > filelen) -- grub_memset ((char *)kernel_addr + filelen, 0, kernel_size - filelen); -+ grub_memcpy (kernel_addr, kernel, grub_min(code_size, kernel_size)); -+ if (kernel_size > code_size) -+ grub_memset ((char *)kernel_addr + code_size, 0, kernel_size - code_size); - grub_free(kernel); - kernel = NULL; - diff --git a/SPECS/grub2/fedora/0282-linuxefi-Invalidate-i-cache-before-starting-the-kern.patch b/SPECS/grub2/fedora/0282-linuxefi-Invalidate-i-cache-before-starting-the-kern.patch deleted file mode 100644 index eff155d1d3..0000000000 --- a/SPECS/grub2/fedora/0282-linuxefi-Invalidate-i-cache-before-starting-the-kern.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: dann frazier -Date: Thu, 25 Aug 2022 17:08:09 -0600 -Subject: [PATCH] linuxefi: Invalidate i-cache before starting the kernel - -We need to flush the memory range of the code we are about to execute -from the instruction cache before we can safely execute it. Not doing -so appears to be the source of rare synchronous exceptions a user -is seeing on a Cortex-A72-based platform while executing the Linux EFI -stub. Notably they seem to correlate with an instruction on a cache -line boundary. - -Signed-off-by: dann frazier ---- - grub-core/loader/efi/linux.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c -index 277f352e0c..e413bdcc23 100644 ---- a/grub-core/loader/efi/linux.c -+++ b/grub-core/loader/efi/linux.c -@@ -16,6 +16,7 @@ - * along with GRUB. If not, see . - */ - -+#include - #include - #include - #include -@@ -210,6 +211,9 @@ grub_efi_linux_boot (grub_addr_t kernel_addr, grub_size_t kernel_size, - asm volatile ("cli"); - #endif - -+ /* Invalidate the instruction cache */ -+ grub_arch_sync_caches((void *)kernel_addr, kernel_size); -+ - hf = (handover_func)((char *)kernel_addr + handover_offset + offset); - hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); - diff --git a/SPECS/grub2/fedora/0283-x86-efi-Fix-an-incorrect-array-size-in-kernel-alloca.patch b/SPECS/grub2/fedora/0283-x86-efi-Fix-an-incorrect-array-size-in-kernel-alloca.patch deleted file mode 100644 index 007975030d..0000000000 --- a/SPECS/grub2/fedora/0283-x86-efi-Fix-an-incorrect-array-size-in-kernel-alloca.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 11 Oct 2022 17:00:50 -0400 -Subject: [PATCH] x86-efi: Fix an incorrect array size in kernel allocation - -In 81a6ebf62bbe166ddc968463df2e8bd481bf697c ("efi: split allocation -policy for kernel vs initrd memories."), I introduced a split in the -kernel allocator to allow for different dynamic policies for the kernel -and the initrd allocations. - -Unfortunately, that change increased the size of the policy data used to -make decisions, but did not change the size of the temporary storage we -use to back it up and restore. This results in some of .data getting -clobbered at runtime, and hilarity ensues. - -This patch makes the size of the backup storage be based on the size of -the initial policy data. - -Signed-off-by: Peter Jones ---- - grub-core/loader/i386/efi/linux.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index ac5ef50bdb..9854b0defa 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -92,7 +92,7 @@ static struct allocation_choice max_addresses[] = - { INITRD_MEM, GRUB_EFI_MAX_ALLOCATION_ADDRESS, GRUB_EFI_ALLOCATE_MAX_ADDRESS }, - { NO_MEM, 0, 0 } - }; --static struct allocation_choice saved_addresses[4]; -+static struct allocation_choice saved_addresses[sizeof(max_addresses) / sizeof(max_addresses[0])]; - - #define save_addresses() grub_memcpy(saved_addresses, max_addresses, sizeof(max_addresses)) - #define restore_addresses() grub_memcpy(max_addresses, saved_addresses, sizeof(max_addresses)) diff --git a/SPECS/grub2/fedora/0284-commands-efi-tpm-Refine-the-status-of-log-event.patch b/SPECS/grub2/fedora/0284-commands-efi-tpm-Refine-the-status-of-log-event.patch deleted file mode 100644 index 896e49b523..0000000000 --- a/SPECS/grub2/fedora/0284-commands-efi-tpm-Refine-the-status-of-log-event.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Lu Ken -Date: Wed, 13 Jul 2022 10:06:10 +0800 -Subject: [PATCH] commands/efi/tpm: Refine the status of log event - -1. Use macro GRUB_ERR_NONE instead of hard code 0. -2. Keep lowercase of the first char for the status string of log event. - -Signed-off-by: Lu Ken -Reviewed-by: Daniel Kiper -(cherry picked from commit 922898573e37135f5dedc16f3e15a1d1d4c53f8a) ---- - grub-core/commands/efi/tpm.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c -index a97d85368a..7acf510499 100644 ---- a/grub-core/commands/efi/tpm.c -+++ b/grub-core/commands/efi/tpm.c -@@ -135,17 +135,17 @@ grub_efi_log_event_status (grub_efi_status_t status) - switch (status) - { - case GRUB_EFI_SUCCESS: -- return 0; -+ return GRUB_ERR_NONE; - case GRUB_EFI_DEVICE_ERROR: -- return grub_error (GRUB_ERR_IO, N_("Command failed")); -+ return grub_error (GRUB_ERR_IO, N_("command failed")); - case GRUB_EFI_INVALID_PARAMETER: -- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter")); -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("invalid parameter")); - case GRUB_EFI_BUFFER_TOO_SMALL: -- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small")); -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("output buffer too small")); - case GRUB_EFI_NOT_FOUND: - return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); - default: -- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); -+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("unknown TPM error")); - } - } - diff --git a/SPECS/grub2/fedora/0285-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch b/SPECS/grub2/fedora/0285-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch deleted file mode 100644 index e04dcbc710..0000000000 --- a/SPECS/grub2/fedora/0285-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Lu Ken -Date: Wed, 13 Jul 2022 10:06:11 +0800 -Subject: [PATCH] commands/efi/tpm: Use grub_strcpy() instead of grub_memcpy() - -The event description is a string, so using grub_strcpy() is cleaner than -using grub_memcpy(). - -Signed-off-by: Lu Ken -Reviewed-by: Daniel Kiper -(cherry picked from commit ef8679b645a63eb9eb191bb9539d7d25a9d6ff3b) ---- - grub-core/commands/efi/tpm.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c -index 7acf510499..bb59599721 100644 ---- a/grub-core/commands/efi/tpm.c -+++ b/grub-core/commands/efi/tpm.c -@@ -175,7 +175,7 @@ grub_tpm1_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf, - event->PCRIndex = pcr; - event->EventType = EV_IPL; - event->EventSize = grub_strlen (description) + 1; -- grub_memcpy (event->Event, description, event->EventSize); -+ grub_strcpy ((char *) event->Event, description); - - algorithm = TCG_ALG_SHA; - status = efi_call_7 (tpm->log_extend_event, tpm, (grub_addr_t) buf, (grub_uint64_t) size, -@@ -212,7 +212,7 @@ grub_tpm2_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf, - event->Header.EventType = EV_IPL; - event->Size = - sizeof (*event) - sizeof (event->Event) + grub_strlen (description) + 1; -- grub_memcpy (event->Event, description, grub_strlen (description) + 1); -+ grub_strcpy ((char *) event->Event, description); - - status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, (grub_addr_t) buf, - (grub_uint64_t) size, event); diff --git a/SPECS/grub2/fedora/0286-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch b/SPECS/grub2/fedora/0286-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch deleted file mode 100644 index 610c81ace7..0000000000 --- a/SPECS/grub2/fedora/0286-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch +++ /dev/null @@ -1,258 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Lu Ken -Date: Wed, 13 Jul 2022 10:06:12 +0800 -Subject: [PATCH] efi/tpm: Add EFI_CC_MEASUREMENT_PROTOCOL support - -The EFI_CC_MEASUREMENT_PROTOCOL abstracts the measurement for virtual firmware -in confidential computing environment. It is similar to the EFI_TCG2_PROTOCOL. -It was proposed by Intel and ARM and approved by UEFI organization. - -It is defined in Intel GHCI specification: https://cdrdv2.intel.com/v1/dl/getContent/726790 . -The EDKII header file is available at /~https://github.com/tianocore/edk2/blob/master/MdePkg/Include/Protocol/CcMeasurement.h . - -Signed-off-by: Lu Ken -Reviewed-by: Daniel Kiper -(cherry picked from commit 4c76565b6cb885b7e144dc27f3612066844e2d19) ---- - grub-core/commands/efi/tpm.c | 48 ++++++++++++++ - include/grub/efi/cc.h | 151 +++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 199 insertions(+) - create mode 100644 include/grub/efi/cc.h - -diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c -index bb59599721..ae09c1bf8b 100644 ---- a/grub-core/commands/efi/tpm.c -+++ b/grub-core/commands/efi/tpm.c -@@ -22,6 +22,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -31,6 +32,7 @@ typedef TCG_PCR_EVENT grub_tpm_event_t; - - static grub_efi_guid_t tpm_guid = EFI_TPM_GUID; - static grub_efi_guid_t tpm2_guid = EFI_TPM2_GUID; -+static grub_efi_guid_t cc_measurement_guid = GRUB_EFI_CC_MEASUREMENT_PROTOCOL_GUID; - - static grub_efi_handle_t *grub_tpm_handle; - static grub_uint8_t grub_tpm_version; -@@ -221,6 +223,50 @@ grub_tpm2_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf, - return grub_efi_log_event_status (status); - } - -+static void -+grub_cc_log_event (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, -+ const char *description) -+{ -+ grub_efi_cc_event_t *event; -+ grub_efi_status_t status; -+ grub_efi_cc_protocol_t *cc; -+ grub_efi_cc_mr_index_t mr; -+ -+ cc = grub_efi_locate_protocol (&cc_measurement_guid, NULL); -+ if (cc == NULL) -+ return; -+ -+ status = efi_call_3 (cc->map_pcr_to_mr_index, cc, pcr, &mr); -+ if (status != GRUB_EFI_SUCCESS) -+ { -+ grub_efi_log_event_status (status); -+ return; -+ } -+ -+ event = grub_zalloc (sizeof (grub_efi_cc_event_t) + -+ grub_strlen (description) + 1); -+ if (event == NULL) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate CC event buffer")); -+ return; -+ } -+ -+ event->Header.HeaderSize = sizeof (grub_efi_cc_event_header_t); -+ event->Header.HeaderVersion = GRUB_EFI_CC_EVENT_HEADER_VERSION; -+ event->Header.MrIndex = mr; -+ event->Header.EventType = EV_IPL; -+ event->Size = sizeof (*event) + grub_strlen (description) + 1; -+ grub_strcpy ((char *) event->Event, description); -+ -+ status = efi_call_5 (cc->hash_log_extend_event, cc, 0, -+ (grub_efi_physical_address_t)(grub_addr_t) buf, -+ (grub_efi_uint64_t) size, event); -+ grub_free (event); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ grub_efi_log_event_status (status); -+} -+ - grub_err_t - grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, - const char *description) -@@ -228,6 +274,8 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, - grub_efi_handle_t tpm_handle; - grub_efi_uint8_t protocol_version; - -+ grub_cc_log_event(buf, size, pcr, description); -+ - if (!grub_tpm_handle_find (&tpm_handle, &protocol_version)) - return 0; - -diff --git a/include/grub/efi/cc.h b/include/grub/efi/cc.h -new file mode 100644 -index 0000000000..8960306890 ---- /dev/null -+++ b/include/grub/efi/cc.h -@@ -0,0 +1,151 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2022 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#ifndef GRUB_EFI_CC_H -+#define GRUB_EFI_CC_H 1 -+ -+#include -+#include -+#include -+ -+#define GRUB_EFI_CC_MEASUREMENT_PROTOCOL_GUID \ -+ { 0x96751a3d, 0x72f4, 0x41a6, \ -+ { 0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b } \ -+ }; -+ -+struct grub_efi_cc_version -+{ -+ grub_efi_uint8_t Major; -+ grub_efi_uint8_t Minor; -+}; -+typedef struct grub_efi_cc_version grub_efi_cc_version_t; -+ -+/* EFI_CC Type/SubType definition. */ -+#define GRUB_EFI_CC_TYPE_NONE 0 -+#define GRUB_EFI_CC_TYPE_SEV 1 -+#define GRUB_EFI_CC_TYPE_TDX 2 -+ -+struct grub_efi_cc_type -+{ -+ grub_efi_uint8_t Type; -+ grub_efi_uint8_t SubType; -+}; -+typedef struct grub_efi_cc_type grub_efi_cc_type_t; -+ -+typedef grub_efi_uint32_t grub_efi_cc_event_log_bitmap_t; -+typedef grub_efi_uint32_t grub_efi_cc_event_log_format_t; -+typedef grub_efi_uint32_t grub_efi_cc_event_algorithm_bitmap_t; -+typedef grub_efi_uint32_t grub_efi_cc_mr_index_t; -+ -+/* Intel TDX measure register index. */ -+#define GRUB_TDX_MR_INDEX_MRTD 0 -+#define GRUB_TDX_MR_INDEX_RTMR0 1 -+#define GRUB_TDX_MR_INDEX_RTMR1 2 -+#define GRUB_TDX_MR_INDEX_RTMR2 3 -+#define GRUB_TDX_MR_INDEX_RTMR3 4 -+ -+#define GRUB_EFI_CC_EVENT_LOG_FORMAT_TCG_2 0x00000002 -+#define GRUB_EFI_CC_BOOT_HASH_ALG_SHA384 0x00000004 -+#define GRUB_EFI_CC_EVENT_HEADER_VERSION 1 -+ -+struct grub_efi_cc_event_header -+{ -+ /* Size of the event header itself (sizeof(EFI_TD_EVENT_HEADER)). */ -+ grub_efi_uint32_t HeaderSize; -+ -+ /* -+ * Header version. For this version of this specification, -+ * the value shall be 1. -+ */ -+ grub_efi_uint16_t HeaderVersion; -+ -+ /* Index of the MR that shall be extended. */ -+ grub_efi_cc_mr_index_t MrIndex; -+ -+ /* Type of the event that shall be extended (and optionally logged). */ -+ grub_efi_uint32_t EventType; -+} GRUB_PACKED; -+typedef struct grub_efi_cc_event_header grub_efi_cc_event_header_t; -+ -+struct grub_efi_cc_event -+{ -+ /* Total size of the event including the Size component, the header and the Event data. */ -+ grub_efi_uint32_t Size; -+ grub_efi_cc_event_header_t Header; -+ grub_efi_uint8_t Event[0]; -+} GRUB_PACKED; -+typedef struct grub_efi_cc_event grub_efi_cc_event_t; -+ -+struct grub_efi_cc_boot_service_capability -+{ -+ /* Allocated size of the structure. */ -+ grub_efi_uint8_t Size; -+ -+ /* -+ * Version of the grub_efi_cc_boot_service_capability_t structure itself. -+ * For this version of the protocol, the Major version shall be set to 1 -+ * and the Minor version shall be set to 1. -+ */ -+ grub_efi_cc_version_t StructureVersion; -+ -+ /* -+ * Version of the EFI TD protocol. -+ * For this version of the protocol, the Major version shall be set to 1 -+ * and the Minor version shall be set to 1. -+ */ -+ grub_efi_cc_version_t ProtocolVersion; -+ -+ /* Supported hash algorithms. */ -+ grub_efi_cc_event_algorithm_bitmap_t HashAlgorithmBitmap; -+ -+ /* Bitmap of supported event log formats. */ -+ grub_efi_cc_event_log_bitmap_t SupportedEventLogs; -+ -+ /* Indicates the CC type. */ -+ grub_efi_cc_type_t CcType; -+}; -+typedef struct grub_efi_cc_boot_service_capability grub_efi_cc_boot_service_capability_t; -+ -+struct grub_efi_cc_protocol -+{ -+ grub_efi_status_t -+ (*get_capability) (struct grub_efi_cc_protocol *this, -+ grub_efi_cc_boot_service_capability_t *ProtocolCapability); -+ -+ grub_efi_status_t -+ (*get_event_log) (struct grub_efi_cc_protocol *this, -+ grub_efi_cc_event_log_format_t EventLogFormat, -+ grub_efi_physical_address_t *EventLogLocation, -+ grub_efi_physical_address_t *EventLogLastEntry, -+ grub_efi_boolean_t *EventLogTruncated); -+ -+ grub_efi_status_t -+ (*hash_log_extend_event) (struct grub_efi_cc_protocol *this, -+ grub_efi_uint64_t Flags, -+ grub_efi_physical_address_t DataToHash, -+ grub_efi_uint64_t DataToHashLen, -+ grub_efi_cc_event_t *EfiCcEvent); -+ -+ grub_efi_status_t -+ (*map_pcr_to_mr_index) (struct grub_efi_cc_protocol *this, -+ grub_efi_uint32_t PcrIndex, -+ grub_efi_cc_mr_index_t *MrIndex); -+}; -+typedef struct grub_efi_cc_protocol grub_efi_cc_protocol_t; -+ -+#endif diff --git a/SPECS/grub2/fedora/0287-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch b/SPECS/grub2/fedora/0287-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch deleted file mode 100644 index e0dd347d04..0000000000 --- a/SPECS/grub2/fedora/0287-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Wed, 3 Aug 2022 19:45:33 +0800 -Subject: [PATCH] font: Reject glyphs exceeds font->max_glyph_width or - font->max_glyph_height - -Check glyph's width and height against limits specified in font's -metadata. Reject the glyph (and font) if such limits are exceeded. - -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper -(cherry picked from commit 5760fcfd466cc757540ea0d591bad6a08caeaa16) ---- - grub-core/font/font.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index d09bb38d89..2f09a4a55b 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -760,7 +760,9 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) - || read_be_uint16 (font->file, &height) != 0 - || read_be_int16 (font->file, &xoff) != 0 - || read_be_int16 (font->file, &yoff) != 0 -- || read_be_int16 (font->file, &dwidth) != 0) -+ || read_be_int16 (font->file, &dwidth) != 0 -+ || width > font->max_char_width -+ || height > font->max_char_height) - { - remove_font (font); - return 0; diff --git a/SPECS/grub2/fedora/0288-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch b/SPECS/grub2/fedora/0288-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch deleted file mode 100644 index b5f10f6e47..0000000000 --- a/SPECS/grub2/fedora/0288-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Fri, 5 Aug 2022 00:51:20 +0800 -Subject: [PATCH] font: Fix size overflow in grub_font_get_glyph_internal() - -The length of memory allocation and file read may overflow. This patch -fixes the problem by using safemath macros. - -There is a lot of code repetition like "(x * y + 7) / 8". It is unsafe -if overflow happens. This patch introduces grub_video_bitmap_calc_1bpp_bufsz(). -It is safe replacement for such code. It has safemath-like prototype. - -This patch also introduces grub_cast(value, pointer), it casts value to -typeof(*pointer) then store the value to *pointer. It returns true when -overflow occurs or false if there is no overflow. The semantics of arguments -and return value are designed to be consistent with other safemath macros. - -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper -(cherry picked from commit 941d10ad6f1dcbd12fb613002249e29ba035f985) ---- - grub-core/font/font.c | 17 +++++++++++++---- - include/grub/bitmap.h | 18 ++++++++++++++++++ - include/grub/safemath.h | 2 ++ - 3 files changed, 33 insertions(+), 4 deletions(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 2f09a4a55b..6a3fbebbd8 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -739,7 +739,8 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) - grub_int16_t xoff; - grub_int16_t yoff; - grub_int16_t dwidth; -- int len; -+ grub_ssize_t len; -+ grub_size_t sz; - - if (index_entry->glyph) - /* Return cached glyph. */ -@@ -768,9 +769,17 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code) - return 0; - } - -- len = (width * height + 7) / 8; -- glyph = grub_malloc (sizeof (struct grub_font_glyph) + len); -- if (!glyph) -+ /* Calculate real struct size of current glyph. */ -+ if (grub_video_bitmap_calc_1bpp_bufsz (width, height, &len) || -+ grub_add (sizeof (struct grub_font_glyph), len, &sz)) -+ { -+ remove_font (font); -+ return 0; -+ } -+ -+ /* Allocate and initialize the glyph struct. */ -+ glyph = grub_malloc (sz); -+ if (glyph == NULL) - { - remove_font (font); - return 0; -diff --git a/include/grub/bitmap.h b/include/grub/bitmap.h -index 5728f8ca3a..0d9603f619 100644 ---- a/include/grub/bitmap.h -+++ b/include/grub/bitmap.h -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - - struct grub_video_bitmap - { -@@ -79,6 +80,23 @@ grub_video_bitmap_get_height (struct grub_video_bitmap *bitmap) - return bitmap->mode_info.height; - } - -+/* -+ * Calculate and store the size of data buffer of 1bit bitmap in result. -+ * Equivalent to "*result = (width * height + 7) / 8" if no overflow occurs. -+ * Return true when overflow occurs or false if there is no overflow. -+ * This function is intentionally implemented as a macro instead of -+ * an inline function. Although a bit awkward, it preserves data types for -+ * safemath macros and reduces macro side effects as much as possible. -+ * -+ * XXX: Will report false overflow if width * height > UINT64_MAX. -+ */ -+#define grub_video_bitmap_calc_1bpp_bufsz(width, height, result) \ -+({ \ -+ grub_uint64_t _bitmap_pixels; \ -+ grub_mul ((width), (height), &_bitmap_pixels) ? 1 : \ -+ grub_cast (_bitmap_pixels / GRUB_CHAR_BIT + !!(_bitmap_pixels % GRUB_CHAR_BIT), (result)); \ -+}) -+ - void EXPORT_FUNC (grub_video_bitmap_get_mode_info) (struct grub_video_bitmap *bitmap, - struct grub_video_mode_info *mode_info); - -diff --git a/include/grub/safemath.h b/include/grub/safemath.h -index c17b89bba1..bb0f826de1 100644 ---- a/include/grub/safemath.h -+++ b/include/grub/safemath.h -@@ -30,6 +30,8 @@ - #define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res) - #define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) - -+#define grub_cast(a, res) grub_add ((a), 0, (res)) -+ - #else - #error gcc 5.1 or newer or clang 3.8 or newer is required - #endif diff --git a/SPECS/grub2/fedora/0289-font-Fix-several-integer-overflows-in-grub_font_cons.patch b/SPECS/grub2/fedora/0289-font-Fix-several-integer-overflows-in-grub_font_cons.patch deleted file mode 100644 index 3c76eb46ac..0000000000 --- a/SPECS/grub2/fedora/0289-font-Fix-several-integer-overflows-in-grub_font_cons.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Fri, 5 Aug 2022 01:58:27 +0800 -Subject: [PATCH] font: Fix several integer overflows in - grub_font_construct_glyph() - -This patch fixes several integer overflows in grub_font_construct_glyph(). -Glyphs of invalid size, zero or leading to an overflow, are rejected. -The inconsistency between "glyph" and "max_glyph_size" when grub_malloc() -returns NULL is fixed too. - -Fixes: CVE-2022-2601 - -Reported-by: Zhang Boyang -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper -(cherry picked from commit b1805f251b31a9d3cfae5c3572ddfa630145dbbf) ---- - grub-core/font/font.c | 29 +++++++++++++++++------------ - 1 file changed, 17 insertions(+), 12 deletions(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 6a3fbebbd8..1fa181d4ca 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -1517,6 +1517,7 @@ grub_font_construct_glyph (grub_font_t hinted_font, - struct grub_video_signed_rect bounds; - static struct grub_font_glyph *glyph = 0; - static grub_size_t max_glyph_size = 0; -+ grub_size_t cur_glyph_size; - - ensure_comb_space (glyph_id); - -@@ -1533,29 +1534,33 @@ grub_font_construct_glyph (grub_font_t hinted_font, - if (!glyph_id->ncomb && !glyph_id->attributes) - return main_glyph; - -- if (max_glyph_size < sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) -+ if (grub_video_bitmap_calc_1bpp_bufsz (bounds.width, bounds.height, &cur_glyph_size) || -+ grub_add (sizeof (*glyph), cur_glyph_size, &cur_glyph_size)) -+ return main_glyph; -+ -+ if (max_glyph_size < cur_glyph_size) - { - grub_free (glyph); -- max_glyph_size = (sizeof (*glyph) + (bounds.width * bounds.height + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT) * 2; -- if (max_glyph_size < 8) -- max_glyph_size = 8; -- glyph = grub_malloc (max_glyph_size); -+ if (grub_mul (cur_glyph_size, 2, &max_glyph_size)) -+ max_glyph_size = 0; -+ glyph = max_glyph_size > 0 ? grub_malloc (max_glyph_size) : NULL; - } - if (!glyph) - { -+ max_glyph_size = 0; - grub_errno = GRUB_ERR_NONE; - return main_glyph; - } - -- grub_memset (glyph, 0, sizeof (*glyph) -- + (bounds.width * bounds.height -- + GRUB_CHAR_BIT - 1) / GRUB_CHAR_BIT); -+ grub_memset (glyph, 0, cur_glyph_size); - - glyph->font = main_glyph->font; -- glyph->width = bounds.width; -- glyph->height = bounds.height; -- glyph->offset_x = bounds.x; -- glyph->offset_y = bounds.y; -+ if (bounds.width == 0 || bounds.height == 0 || -+ grub_cast (bounds.width, &glyph->width) || -+ grub_cast (bounds.height, &glyph->height) || -+ grub_cast (bounds.x, &glyph->offset_x) || -+ grub_cast (bounds.y, &glyph->offset_y)) -+ return main_glyph; - - if (glyph_id->attributes & GRUB_UNICODE_GLYPH_ATTRIBUTE_MIRROR) - grub_font_blit_glyph_mirror (glyph, main_glyph, diff --git a/SPECS/grub2/fedora/0290-font-Remove-grub_font_dup_glyph.patch b/SPECS/grub2/fedora/0290-font-Remove-grub_font_dup_glyph.patch deleted file mode 100644 index 4c3db92335..0000000000 --- a/SPECS/grub2/fedora/0290-font-Remove-grub_font_dup_glyph.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Fri, 5 Aug 2022 02:13:29 +0800 -Subject: [PATCH] font: Remove grub_font_dup_glyph() - -Remove grub_font_dup_glyph() since nobody is using it since 2013, and -I'm too lazy to fix the integer overflow problem in it. - -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper -(cherry picked from commit 25ad31c19c331aaa2dbd9bd2b2e2655de5766a9d) ---- - grub-core/font/font.c | 14 -------------- - 1 file changed, 14 deletions(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 1fa181d4ca..a115a63b0c 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -1055,20 +1055,6 @@ grub_font_get_glyph_with_fallback (grub_font_t font, grub_uint32_t code) - return best_glyph; - } - --#if 0 --static struct grub_font_glyph * --grub_font_dup_glyph (struct grub_font_glyph *glyph) --{ -- static struct grub_font_glyph *ret; -- ret = grub_malloc (sizeof (*ret) + (glyph->width * glyph->height + 7) / 8); -- if (!ret) -- return NULL; -- grub_memcpy (ret, glyph, sizeof (*ret) -- + (glyph->width * glyph->height + 7) / 8); -- return ret; --} --#endif -- - /* FIXME: suboptimal. */ - static void - grub_font_blit_glyph (struct grub_font_glyph *target, diff --git a/SPECS/grub2/fedora/0291-font-Fix-integer-overflow-in-ensure_comb_space.patch b/SPECS/grub2/fedora/0291-font-Fix-integer-overflow-in-ensure_comb_space.patch deleted file mode 100644 index 6b73038d4e..0000000000 --- a/SPECS/grub2/fedora/0291-font-Fix-integer-overflow-in-ensure_comb_space.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Fri, 5 Aug 2022 02:27:05 +0800 -Subject: [PATCH] font: Fix integer overflow in ensure_comb_space() - -In fact it can't overflow at all because glyph_id->ncomb is only 8-bit -wide. But let's keep safe if somebody changes the width of glyph_id->ncomb -in the future. This patch also fixes the inconsistency between -render_max_comb_glyphs and render_combining_glyphs when grub_malloc() -returns NULL. - -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper -(cherry picked from commit b2740b7e4a03bb8331d48b54b119afea76bb9d5f) ---- - grub-core/font/font.c | 14 +++++++++----- - 1 file changed, 9 insertions(+), 5 deletions(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index a115a63b0c..d0e6340404 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -1468,14 +1468,18 @@ ensure_comb_space (const struct grub_unicode_glyph *glyph_id) - if (glyph_id->ncomb <= render_max_comb_glyphs) - return; - -- render_max_comb_glyphs = 2 * glyph_id->ncomb; -- if (render_max_comb_glyphs < 8) -+ if (grub_mul (glyph_id->ncomb, 2, &render_max_comb_glyphs)) -+ render_max_comb_glyphs = 0; -+ if (render_max_comb_glyphs > 0 && render_max_comb_glyphs < 8) - render_max_comb_glyphs = 8; - grub_free (render_combining_glyphs); -- render_combining_glyphs = grub_malloc (render_max_comb_glyphs -- * sizeof (render_combining_glyphs[0])); -+ render_combining_glyphs = (render_max_comb_glyphs > 0) ? -+ grub_calloc (render_max_comb_glyphs, sizeof (render_combining_glyphs[0])) : NULL; - if (!render_combining_glyphs) -- grub_errno = 0; -+ { -+ render_max_comb_glyphs = 0; -+ grub_errno = GRUB_ERR_NONE; -+ } - } - - int diff --git a/SPECS/grub2/fedora/0292-font-Fix-integer-overflow-in-BMP-index.patch b/SPECS/grub2/fedora/0292-font-Fix-integer-overflow-in-BMP-index.patch deleted file mode 100644 index 5e106991e1..0000000000 --- a/SPECS/grub2/fedora/0292-font-Fix-integer-overflow-in-BMP-index.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Mon, 15 Aug 2022 02:04:58 +0800 -Subject: [PATCH] font: Fix integer overflow in BMP index - -The BMP index (font->bmp_idx) is designed as a reverse lookup table of -char entries (font->char_index), in order to speed up lookups for BMP -chars (i.e. code < 0x10000). The values in BMP index are the subscripts -of the corresponding char entries, stored in grub_uint16_t, while 0xffff -means not found. - -This patch fixes the problem of large subscript truncated to grub_uint16_t, -leading BMP index to return wrong char entry or report false miss. The -code now checks for bounds and uses BMP index as a hint, and fallbacks -to binary-search if necessary. - -On the occasion add a comment about BMP index is initialized to 0xffff. - -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper -(cherry picked from commit afda8b60ba0712abe01ae1e64c5f7a067a0e6492) ---- - grub-core/font/font.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index d0e6340404..b208a28717 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -300,6 +300,8 @@ load_font_index (grub_file_t file, grub_uint32_t sect_length, struct - font->bmp_idx = grub_malloc (0x10000 * sizeof (grub_uint16_t)); - if (!font->bmp_idx) - return 1; -+ -+ /* Init the BMP index array to 0xffff. */ - grub_memset (font->bmp_idx, 0xff, 0x10000 * sizeof (grub_uint16_t)); - - -@@ -328,7 +330,7 @@ load_font_index (grub_file_t file, grub_uint32_t sect_length, struct - return 1; - } - -- if (entry->code < 0x10000) -+ if (entry->code < 0x10000 && i < 0xffff) - font->bmp_idx[entry->code] = i; - - last_code = entry->code; -@@ -696,9 +698,12 @@ find_glyph (const grub_font_t font, grub_uint32_t code) - /* Use BMP index if possible. */ - if (code < 0x10000 && font->bmp_idx) - { -- if (font->bmp_idx[code] == 0xffff) -- return 0; -- return &table[font->bmp_idx[code]]; -+ if (font->bmp_idx[code] < 0xffff) -+ return &table[font->bmp_idx[code]]; -+ /* -+ * When we are here then lookup in BMP index result in miss, -+ * fallthough to binary-search. -+ */ - } - - /* Do a binary search in `char_index', which is ordered by code point. */ diff --git a/SPECS/grub2/fedora/0293-font-Fix-integer-underflow-in-binary-search-of-char-.patch b/SPECS/grub2/fedora/0293-font-Fix-integer-underflow-in-binary-search-of-char-.patch deleted file mode 100644 index e81824bae4..0000000000 --- a/SPECS/grub2/fedora/0293-font-Fix-integer-underflow-in-binary-search-of-char-.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Sun, 14 Aug 2022 18:09:38 +0800 -Subject: [PATCH] font: Fix integer underflow in binary search of char index - -If search target is less than all entries in font->index then "hi" -variable is set to -1, which translates to SIZE_MAX and leads to errors. - -This patch fixes the problem by replacing the entire binary search code -with the libstdc++'s std::lower_bound() implementation. - -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper -(cherry picked from commit c140a086838e7c9af87842036f891b8393a8c4bc) ---- - grub-core/font/font.c | 40 ++++++++++++++++++++++------------------ - 1 file changed, 22 insertions(+), 18 deletions(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index b208a28717..193dfec045 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -688,12 +688,12 @@ read_be_int16 (grub_file_t file, grub_int16_t * value) - static inline struct char_index_entry * - find_glyph (const grub_font_t font, grub_uint32_t code) - { -- struct char_index_entry *table; -- grub_size_t lo; -- grub_size_t hi; -- grub_size_t mid; -+ struct char_index_entry *table, *first, *end; -+ grub_size_t len; - - table = font->char_index; -+ if (table == NULL) -+ return NULL; - - /* Use BMP index if possible. */ - if (code < 0x10000 && font->bmp_idx) -@@ -706,25 +706,29 @@ find_glyph (const grub_font_t font, grub_uint32_t code) - */ - } - -- /* Do a binary search in `char_index', which is ordered by code point. */ -- lo = 0; -- hi = font->num_chars - 1; -+ /* -+ * Do a binary search in char_index which is ordered by code point. -+ * The code below is the same as libstdc++'s std::lower_bound(). -+ */ -+ first = table; -+ len = font->num_chars; -+ end = first + len; - -- if (!table) -- return 0; -- -- while (lo <= hi) -+ while (len > 0) - { -- mid = lo + (hi - lo) / 2; -- if (code < table[mid].code) -- hi = mid - 1; -- else if (code > table[mid].code) -- lo = mid + 1; -+ grub_size_t half = len >> 1; -+ struct char_index_entry *middle = first + half; -+ -+ if (middle->code < code) -+ { -+ first = middle + 1; -+ len = len - half - 1; -+ } - else -- return &table[mid]; -+ len = half; - } - -- return 0; -+ return (first < end && first->code == code) ? first : NULL; - } - - /* Get a glyph for the Unicode character CODE in FONT. The glyph is loaded diff --git a/SPECS/grub2/fedora/0295-fbutil-Fix-integer-overflow.patch b/SPECS/grub2/fedora/0295-fbutil-Fix-integer-overflow.patch deleted file mode 100644 index 4d32dbda8f..0000000000 --- a/SPECS/grub2/fedora/0295-fbutil-Fix-integer-overflow.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Tue, 6 Sep 2022 03:03:21 +0800 -Subject: [PATCH] fbutil: Fix integer overflow - -Expressions like u64 = u32 * u32 are unsafe because their products are -truncated to u32 even if left hand side is u64. This patch fixes all -problems like that one in fbutil. - -To get right result not only left hand side have to be u64 but it's also -necessary to cast at least one of the operands of all leaf operators of -right hand side to u64, e.g. u64 = u32 * u32 + u32 * u32 should be -u64 = (u64)u32 * u32 + (u64)u32 * u32. - -For 1-bit bitmaps grub_uint64_t have to be used. It's safe because any -combination of values in (grub_uint64_t)u32 * u32 + u32 expression will -not overflow grub_uint64_t. - -Other expressions like ptr + u32 * u32 + u32 * u32 are also vulnerable. -They should be ptr + (grub_addr_t)u32 * u32 + (grub_addr_t)u32 * u32. - -This patch also adds a comment to grub_video_fb_get_video_ptr() which -says it's arguments must be valid and no sanity check is performed -(like its siblings in grub-core/video/fb/fbutil.c). - -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper -(cherry picked from commit 50a11a81bc842c58962244a2dc86bbd31a426e12) ---- - grub-core/video/fb/fbutil.c | 4 ++-- - include/grub/fbutil.h | 13 +++++++++---- - 2 files changed, 11 insertions(+), 6 deletions(-) - -diff --git a/grub-core/video/fb/fbutil.c b/grub-core/video/fb/fbutil.c -index b98bb51fe8..25ef39f47d 100644 ---- a/grub-core/video/fb/fbutil.c -+++ b/grub-core/video/fb/fbutil.c -@@ -67,7 +67,7 @@ get_pixel (struct grub_video_fbblit_info *source, - case 1: - if (source->mode_info->blit_format == GRUB_VIDEO_BLIT_FORMAT_1BIT_PACKED) - { -- int bit_index = y * source->mode_info->width + x; -+ grub_uint64_t bit_index = (grub_uint64_t) y * source->mode_info->width + x; - grub_uint8_t *ptr = source->data + bit_index / 8; - int bit_pos = 7 - bit_index % 8; - color = (*ptr >> bit_pos) & 0x01; -@@ -138,7 +138,7 @@ set_pixel (struct grub_video_fbblit_info *source, - case 1: - if (source->mode_info->blit_format == GRUB_VIDEO_BLIT_FORMAT_1BIT_PACKED) - { -- int bit_index = y * source->mode_info->width + x; -+ grub_uint64_t bit_index = (grub_uint64_t) y * source->mode_info->width + x; - grub_uint8_t *ptr = source->data + bit_index / 8; - int bit_pos = 7 - bit_index % 8; - *ptr = (*ptr & ~(1 << bit_pos)) | ((color & 0x01) << bit_pos); -diff --git a/include/grub/fbutil.h b/include/grub/fbutil.h -index 4205eb917f..78a1ab3b45 100644 ---- a/include/grub/fbutil.h -+++ b/include/grub/fbutil.h -@@ -31,14 +31,19 @@ struct grub_video_fbblit_info - grub_uint8_t *data; - }; - --/* Don't use for 1-bit bitmaps, addressing needs to be done at the bit level -- and it doesn't make sense, in general, to ask for a pointer -- to a particular pixel's data. */ -+/* -+ * Don't use for 1-bit bitmaps, addressing needs to be done at the bit level -+ * and it doesn't make sense, in general, to ask for a pointer -+ * to a particular pixel's data. -+ * -+ * This function assumes that bounds checking has been done in previous phase -+ * and they are opted out in here. -+ */ - static inline void * - grub_video_fb_get_video_ptr (struct grub_video_fbblit_info *source, - unsigned int x, unsigned int y) - { -- return source->data + y * source->mode_info->pitch + x * source->mode_info->bytes_per_pixel; -+ return source->data + (grub_addr_t) y * source->mode_info->pitch + (grub_addr_t) x * source->mode_info->bytes_per_pixel; - } - - /* Advance pointer by VAL bytes. If there is no unaligned access available, diff --git a/SPECS/grub2/fedora/0296-font-Fix-an-integer-underflow-in-blit_comb.patch b/SPECS/grub2/fedora/0296-font-Fix-an-integer-underflow-in-blit_comb.patch deleted file mode 100644 index 72f4308eb9..0000000000 --- a/SPECS/grub2/fedora/0296-font-Fix-an-integer-underflow-in-blit_comb.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Mon, 24 Oct 2022 08:05:35 +0800 -Subject: [PATCH] font: Fix an integer underflow in blit_comb() - -The expression (ctx.bounds.height - combining_glyphs[i]->height) / 2 may -evaluate to a very big invalid value even if both ctx.bounds.height and -combining_glyphs[i]->height are small integers. For example, if -ctx.bounds.height is 10 and combining_glyphs[i]->height is 12, this -expression evaluates to 2147483647 (expected -1). This is because -coordinates are allowed to be negative but ctx.bounds.height is an -unsigned int. So, the subtraction operates on unsigned ints and -underflows to a very big value. The division makes things even worse. -The quotient is still an invalid value even if converted back to int. - -This patch fixes the problem by casting ctx.bounds.height to int. As -a result the subtraction will operate on int and grub_uint16_t which -will be promoted to an int. So, the underflow will no longer happen. Other -uses of ctx.bounds.height (and ctx.bounds.width) are also casted to int, -to ensure coordinates are always calculated on signed integers. - -Fixes: CVE-2022-3775 - -Reported-by: Daniel Axtens -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper -(cherry picked from commit 6d2668dea3774ed74c4cd1eadd146f1b846bc3d4) ---- - grub-core/font/font.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 193dfec045..12a5f0d08c 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -1203,12 +1203,12 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, - ctx.bounds.height = main_glyph->height; - - above_rightx = main_glyph->offset_x + main_glyph->width; -- above_righty = ctx.bounds.y + ctx.bounds.height; -+ above_righty = ctx.bounds.y + (int) ctx.bounds.height; - - above_leftx = main_glyph->offset_x; -- above_lefty = ctx.bounds.y + ctx.bounds.height; -+ above_lefty = ctx.bounds.y + (int) ctx.bounds.height; - -- below_rightx = ctx.bounds.x + ctx.bounds.width; -+ below_rightx = ctx.bounds.x + (int) ctx.bounds.width; - below_righty = ctx.bounds.y; - - comb = grub_unicode_get_comb (glyph_id); -@@ -1221,7 +1221,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, - - if (!combining_glyphs[i]) - continue; -- targetx = (ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x; -+ targetx = ((int) ctx.bounds.width - combining_glyphs[i]->width) / 2 + ctx.bounds.x; - /* CGJ is to avoid diacritics reordering. */ - if (comb[i].code - == GRUB_UNICODE_COMBINING_GRAPHEME_JOINER) -@@ -1231,8 +1231,8 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, - case GRUB_UNICODE_COMB_OVERLAY: - do_blit (combining_glyphs[i], - targetx, -- (ctx.bounds.height - combining_glyphs[i]->height) / 2 -- - (ctx.bounds.height + ctx.bounds.y), &ctx); -+ ((int) ctx.bounds.height - combining_glyphs[i]->height) / 2 -+ - ((int) ctx.bounds.height + ctx.bounds.y), &ctx); - if (min_devwidth < combining_glyphs[i]->width) - min_devwidth = combining_glyphs[i]->width; - break; -@@ -1305,7 +1305,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, - /* Fallthrough. */ - case GRUB_UNICODE_STACK_ATTACHED_ABOVE: - do_blit (combining_glyphs[i], targetx, -- -(ctx.bounds.height + ctx.bounds.y + space -+ -((int) ctx.bounds.height + ctx.bounds.y + space - + combining_glyphs[i]->height), &ctx); - if (min_devwidth < combining_glyphs[i]->width) - min_devwidth = combining_glyphs[i]->width; -@@ -1313,7 +1313,7 @@ blit_comb (const struct grub_unicode_glyph *glyph_id, - - case GRUB_UNICODE_COMB_HEBREW_DAGESH: - do_blit (combining_glyphs[i], targetx, -- -(ctx.bounds.height / 2 + ctx.bounds.y -+ -((int) ctx.bounds.height / 2 + ctx.bounds.y - + combining_glyphs[i]->height / 2), &ctx); - if (min_devwidth < combining_glyphs[i]->width) - min_devwidth = combining_glyphs[i]->width; diff --git a/SPECS/grub2/fedora/0297-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch b/SPECS/grub2/fedora/0297-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch deleted file mode 100644 index 5207c128c5..0000000000 --- a/SPECS/grub2/fedora/0297-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Mon, 24 Oct 2022 07:15:41 +0800 -Subject: [PATCH] font: Harden grub_font_blit_glyph() and - grub_font_blit_glyph_mirror() - -As a mitigation and hardening measure add sanity checks to -grub_font_blit_glyph() and grub_font_blit_glyph_mirror(). This patch -makes these two functions do nothing if target blitting area isn't fully -contained in target bitmap. Therefore, if complex calculations in caller -overflows and malicious coordinates are given, we are still safe because -any coordinates which result in out-of-bound-write are rejected. However, -this patch only checks for invalid coordinates, and doesn't provide any -protection against invalid source glyph or destination glyph, e.g. -mismatch between glyph size and buffer size. - -This hardening measure is designed to mitigate possible overflows in -blit_comb(). If overflow occurs, it may return invalid bounding box -during dry run and call grub_font_blit_glyph() with malicious -coordinates during actual blitting. However, we are still safe because -the scratch glyph itself is valid, although its size makes no sense, and -any invalid coordinates are rejected. - -It would be better to call grub_fatal() if illegal parameter is detected. -However, doing this may end up in a dangerous recursion because grub_fatal() -would print messages to the screen and we are in the progress of drawing -characters on the screen. - -Reported-by: Daniel Axtens -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper -(cherry picked from commit fcd7aa0c278f7cf3fb9f93f1a3966e1792339eb6) ---- - grub-core/font/font.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 12a5f0d08c..29fbb94294 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -1069,8 +1069,15 @@ static void - grub_font_blit_glyph (struct grub_font_glyph *target, - struct grub_font_glyph *src, unsigned dx, unsigned dy) - { -+ grub_uint16_t max_x, max_y; - unsigned src_bit, tgt_bit, src_byte, tgt_byte; - unsigned i, j; -+ -+ /* Harden against out-of-bound writes. */ -+ if ((grub_add (dx, src->width, &max_x) || max_x > target->width) || -+ (grub_add (dy, src->height, &max_y) || max_y > target->height)) -+ return; -+ - for (i = 0; i < src->height; i++) - { - src_bit = (src->width * i) % 8; -@@ -1102,9 +1109,16 @@ grub_font_blit_glyph_mirror (struct grub_font_glyph *target, - struct grub_font_glyph *src, - unsigned dx, unsigned dy) - { -+ grub_uint16_t max_x, max_y; - unsigned tgt_bit, src_byte, tgt_byte; - signed src_bit; - unsigned i, j; -+ -+ /* Harden against out-of-bound writes. */ -+ if ((grub_add (dx, src->width, &max_x) || max_x > target->width) || -+ (grub_add (dy, src->height, &max_y) || max_y > target->height)) -+ return; -+ - for (i = 0; i < src->height; i++) - { - src_bit = (src->width * i + src->width - 1) % 8; diff --git a/SPECS/grub2/fedora/0298-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch b/SPECS/grub2/fedora/0298-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch deleted file mode 100644 index c2bcc18f27..0000000000 --- a/SPECS/grub2/fedora/0298-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Fri, 28 Oct 2022 17:29:16 +0800 -Subject: [PATCH] font: Assign null_font to glyphs in ascii_font_glyph[] - -The calculations in blit_comb() need information from glyph's font, e.g. -grub_font_get_xheight(main_glyph->font). However, main_glyph->font is -NULL if main_glyph comes from ascii_font_glyph[]. Therefore -grub_font_get_*() crashes because of NULL pointer. - -There is already a solution, the null_font. So, assign it to those glyphs -in ascii_font_glyph[]. - -Reported-by: Daniel Axtens -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper -(cherry picked from commit dd539d695482069d28b40f2d3821f710cdcf6ee6) ---- - grub-core/font/font.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index 29fbb94294..e6616e610c 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -137,7 +137,7 @@ ascii_glyph_lookup (grub_uint32_t code) - ascii_font_glyph[current]->offset_x = 0; - ascii_font_glyph[current]->offset_y = -2; - ascii_font_glyph[current]->device_width = 8; -- ascii_font_glyph[current]->font = NULL; -+ ascii_font_glyph[current]->font = &null_font; - - grub_memcpy (ascii_font_glyph[current]->bitmap, - &ascii_bitmaps[current * ASCII_BITMAP_SIZE], diff --git a/SPECS/grub2/fedora/0299-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch b/SPECS/grub2/fedora/0299-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch deleted file mode 100644 index ec2184f079..0000000000 --- a/SPECS/grub2/fedora/0299-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Fri, 28 Oct 2022 21:31:39 +0800 -Subject: [PATCH] normal/charset: Fix an integer overflow in - grub_unicode_aglomerate_comb() - -The out->ncomb is a bit-field of 8 bits. So, the max possible value is 255. -However, code in grub_unicode_aglomerate_comb() doesn't check for an -overflow when incrementing out->ncomb. If out->ncomb is already 255, -after incrementing it will get 0 instead of 256, and cause illegal -memory access in subsequent processing. - -This patch introduces GRUB_UNICODE_NCOMB_MAX to represent the max -acceptable value of ncomb. The code now checks for this limit and -ignores additional combining characters when limit is reached. - -Reported-by: Daniel Axtens -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper -(cherry picked from commit da90d62316a3b105d2fbd7334d6521936bd6dcf6) ---- - grub-core/normal/charset.c | 3 +++ - include/grub/unicode.h | 2 ++ - 2 files changed, 5 insertions(+) - -diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c -index 7a5a7c153c..c243ca6dae 100644 ---- a/grub-core/normal/charset.c -+++ b/grub-core/normal/charset.c -@@ -472,6 +472,9 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, - if (!haveout) - continue; - -+ if (out->ncomb == GRUB_UNICODE_NCOMB_MAX) -+ continue; -+ - if (comb_type == GRUB_UNICODE_COMB_MC - || comb_type == GRUB_UNICODE_COMB_ME - || comb_type == GRUB_UNICODE_COMB_MN) -diff --git a/include/grub/unicode.h b/include/grub/unicode.h -index 4de986a857..c4f6fca043 100644 ---- a/include/grub/unicode.h -+++ b/include/grub/unicode.h -@@ -147,7 +147,9 @@ struct grub_unicode_glyph - grub_uint8_t bidi_level:6; /* minimum: 6 */ - enum grub_bidi_type bidi_type:5; /* minimum: :5 */ - -+#define GRUB_UNICODE_NCOMB_MAX ((1 << 8) - 1) - unsigned ncomb:8; -+ - /* Hint by unicode subsystem how wide this character usually is. - Real width is determined by font. Set only in UTF-8 stream. */ - int estimated_width:8; diff --git a/SPECS/grub2/fedora/0300-font-Try-opening-fonts-from-the-bundled-memdisk.patch b/SPECS/grub2/fedora/0300-font-Try-opening-fonts-from-the-bundled-memdisk.patch deleted file mode 100644 index bad9d90317..0000000000 --- a/SPECS/grub2/fedora/0300-font-Try-opening-fonts-from-the-bundled-memdisk.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Wed, 16 Nov 2022 14:40:04 +0000 -Subject: [PATCH] font: Try opening fonts from the bundled memdisk - -Signed-off-by: Robbie Harwood ---- - grub-core/font/font.c | 48 +++++++++++++++++++++++++++++++----------------- - 1 file changed, 31 insertions(+), 17 deletions(-) - -diff --git a/grub-core/font/font.c b/grub-core/font/font.c -index e6616e610c..e421d1ae6f 100644 ---- a/grub-core/font/font.c -+++ b/grub-core/font/font.c -@@ -409,6 +409,27 @@ read_section_as_short (struct font_file_section *section, - return 0; - } - -+static grub_file_t -+try_open_from_prefix (const char *prefix, const char *filename) -+{ -+ grub_file_t file; -+ char *fullname, *ptr; -+ -+ fullname = grub_malloc (grub_strlen (prefix) + grub_strlen (filename) + 1 -+ + sizeof ("/fonts/") + sizeof (".pf2")); -+ if (!fullname) -+ return 0; -+ ptr = grub_stpcpy (fullname, prefix); -+ ptr = grub_stpcpy (ptr, "/fonts/"); -+ ptr = grub_stpcpy (ptr, filename); -+ ptr = grub_stpcpy (ptr, ".pf2"); -+ *ptr = 0; -+ -+ file = grub_buffile_open (fullname, GRUB_FILE_TYPE_FONT, 1024); -+ grub_free (fullname); -+ return file; -+} -+ - /* Load a font and add it to the beginning of the global font list. - Returns 0 upon success, nonzero upon failure. */ - grub_font_t -@@ -427,25 +448,18 @@ grub_font_load (const char *filename) - file = grub_buffile_open (filename, GRUB_FILE_TYPE_FONT, 1024); - else - { -- const char *prefix = grub_env_get ("prefix"); -- char *fullname, *ptr; -- if (!prefix) -+ file = try_open_from_prefix ("(memdisk)", filename); -+ if (!file) - { -- grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("variable `%s' isn't set"), -- "prefix"); -- goto fail; -+ const char *prefix = grub_env_get ("prefix"); -+ if (!prefix) -+ { -+ grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("variable `%s' isn't set"), -+ "prefix"); -+ goto fail; -+ } -+ file = try_open_from_prefix (prefix, filename); - } -- fullname = grub_malloc (grub_strlen (prefix) + grub_strlen (filename) + 1 -- + sizeof ("/fonts/") + sizeof (".pf2")); -- if (!fullname) -- goto fail; -- ptr = grub_stpcpy (fullname, prefix); -- ptr = grub_stpcpy (ptr, "/fonts/"); -- ptr = grub_stpcpy (ptr, filename); -- ptr = grub_stpcpy (ptr, ".pf2"); -- *ptr = 0; -- file = grub_buffile_open (fullname, GRUB_FILE_TYPE_FONT, 1024); -- grub_free (fullname); - } - if (!file) - goto fail; diff --git a/SPECS/grub2/fedora/0302-mm-Clarify-grub_real_malloc.patch b/SPECS/grub2/fedora/0302-mm-Clarify-grub_real_malloc.patch deleted file mode 100644 index 0a99c08184..0000000000 --- a/SPECS/grub2/fedora/0302-mm-Clarify-grub_real_malloc.patch +++ /dev/null @@ -1,183 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Thu, 25 Nov 2021 02:22:46 +1100 -Subject: [PATCH] mm: Clarify grub_real_malloc() - -When iterating through the singly linked list of free blocks, -grub_real_malloc() uses p and q for the current and previous blocks -respectively. This isn't super clear, so swap to using prev and cur. - -This makes another quirk more obvious. The comment at the top of -grub_real_malloc() might lead you to believe that the function will -allocate from *first if there is space in that block. - -It actually doesn't do that, and it can't do that with the current -data structures. If we used up all of *first, we would need to change -the ->next of the previous block to point to *first->next, but we -can't do that because it's a singly linked list and we don't have -access to *first's previous block. - -What grub_real_malloc() actually does is set *first to the initial -previous block, and *first->next is the block we try to allocate -from. That allows us to keep all the data structures consistent. - -Document that. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 246ad6a44c281bb13486ddea0a26bb661db73106) ---- - grub-core/kern/mm.c | 76 +++++++++++++++++++++++++++++------------------------ - 1 file changed, 41 insertions(+), 35 deletions(-) - -diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c -index d8c8377578..fb20e93acf 100644 ---- a/grub-core/kern/mm.c -+++ b/grub-core/kern/mm.c -@@ -178,13 +178,20 @@ grub_mm_init_region (void *addr, grub_size_t size) - } - - /* Allocate the number of units N with the alignment ALIGN from the ring -- buffer starting from *FIRST. ALIGN must be a power of two. Both N and -- ALIGN are in units of GRUB_MM_ALIGN. Return a non-NULL if successful, -- otherwise return NULL. */ -+ * buffer given in *FIRST. ALIGN must be a power of two. Both N and -+ * ALIGN are in units of GRUB_MM_ALIGN. Return a non-NULL if successful, -+ * otherwise return NULL. -+ * -+ * Note: because in certain circumstances we need to adjust the ->next -+ * pointer of the previous block, we iterate over the singly linked -+ * list with the pair (prev, cur). *FIRST is our initial previous, and -+ * *FIRST->next is our initial current pointer. So we will actually -+ * allocate from *FIRST->next first and *FIRST itself last. -+ */ - static void * - grub_real_malloc (grub_mm_header_t *first, grub_size_t n, grub_size_t align) - { -- grub_mm_header_t p, q; -+ grub_mm_header_t cur, prev; - - /* When everything is allocated side effect is that *first will have alloc - magic marked, meaning that there is no room in this region. */ -@@ -192,24 +199,24 @@ grub_real_malloc (grub_mm_header_t *first, grub_size_t n, grub_size_t align) - return 0; - - /* Try to search free slot for allocation in this memory region. */ -- for (q = *first, p = q->next; ; q = p, p = p->next) -+ for (prev = *first, cur = prev->next; ; prev = cur, cur = cur->next) - { - grub_off_t extra; - -- extra = ((grub_addr_t) (p + 1) >> GRUB_MM_ALIGN_LOG2) & (align - 1); -+ extra = ((grub_addr_t) (cur + 1) >> GRUB_MM_ALIGN_LOG2) & (align - 1); - if (extra) - extra = align - extra; - -- if (! p) -+ if (! cur) - grub_fatal ("null in the ring"); - -- if (p->magic != GRUB_MM_FREE_MAGIC) -- grub_fatal ("free magic is broken at %p: 0x%x", p, p->magic); -+ if (cur->magic != GRUB_MM_FREE_MAGIC) -+ grub_fatal ("free magic is broken at %p: 0x%x", cur, cur->magic); - -- if (p->size >= n + extra) -+ if (cur->size >= n + extra) - { -- extra += (p->size - extra - n) & (~(align - 1)); -- if (extra == 0 && p->size == n) -+ extra += (cur->size - extra - n) & (~(align - 1)); -+ if (extra == 0 && cur->size == n) - { - /* There is no special alignment requirement and memory block - is complete match. -@@ -222,9 +229,9 @@ grub_real_malloc (grub_mm_header_t *first, grub_size_t n, grub_size_t align) - | alloc, size=n | | - +---------------+ v - */ -- q->next = p->next; -+ prev->next = cur->next; - } -- else if (align == 1 || p->size == n + extra) -+ else if (align == 1 || cur->size == n + extra) - { - /* There might be alignment requirement, when taking it into - account memory block fits in. -@@ -241,23 +248,22 @@ grub_real_malloc (grub_mm_header_t *first, grub_size_t n, grub_size_t align) - | alloc, size=n | | - +---------------+ v - */ -- -- p->size -= n; -- p += p->size; -+ cur->size -= n; -+ cur += cur->size; - } - else if (extra == 0) - { - grub_mm_header_t r; - -- r = p + extra + n; -+ r = cur + extra + n; - r->magic = GRUB_MM_FREE_MAGIC; -- r->size = p->size - extra - n; -- r->next = p->next; -- q->next = r; -+ r->size = cur->size - extra - n; -+ r->next = cur->next; -+ prev->next = r; - -- if (q == p) -+ if (prev == cur) - { -- q = r; -+ prev = r; - r->next = r; - } - } -@@ -284,32 +290,32 @@ grub_real_malloc (grub_mm_header_t *first, grub_size_t n, grub_size_t align) - */ - grub_mm_header_t r; - -- r = p + extra + n; -+ r = cur + extra + n; - r->magic = GRUB_MM_FREE_MAGIC; -- r->size = p->size - extra - n; -- r->next = p; -+ r->size = cur->size - extra - n; -+ r->next = cur; - -- p->size = extra; -- q->next = r; -- p += extra; -+ cur->size = extra; -+ prev->next = r; -+ cur += extra; - } - -- p->magic = GRUB_MM_ALLOC_MAGIC; -- p->size = n; -+ cur->magic = GRUB_MM_ALLOC_MAGIC; -+ cur->size = n; - - /* Mark find as a start marker for next allocation to fasten it. - This will have side effect of fragmenting memory as small - pieces before this will be un-used. */ - /* So do it only for chunks under 64K. */ - if (n < (0x8000 >> GRUB_MM_ALIGN_LOG2) -- || *first == p) -- *first = q; -+ || *first == cur) -+ *first = prev; - -- return p + 1; -+ return cur + 1; - } - - /* Search was completed without result. */ -- if (p == *first) -+ if (cur == *first) - break; - } - diff --git a/SPECS/grub2/fedora/0303-mm-grub_real_malloc-Make-small-allocs-comment-match-.patch b/SPECS/grub2/fedora/0303-mm-grub_real_malloc-Make-small-allocs-comment-match-.patch deleted file mode 100644 index a5601c9201..0000000000 --- a/SPECS/grub2/fedora/0303-mm-grub_real_malloc-Make-small-allocs-comment-match-.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Thu, 25 Nov 2021 02:22:47 +1100 -Subject: [PATCH] mm: grub_real_malloc(): Make small allocs comment match code - -Small allocations move the region's *first pointer. The comment -says that this happens for allocations under 64K. The code says -it's for allocations under 32K. Commit 45bf8b3a7549 changed the -code intentionally: make the comment match. - -Fixes: 45bf8b3a7549 (* grub-core/kern/mm.c (grub_real_malloc): Decrease cut-off of moving the) - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit a847895a8d000bdf27ad4d4326f883a0eed769ca) ---- - grub-core/kern/mm.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c -index fb20e93acf..db7e0b2a5b 100644 ---- a/grub-core/kern/mm.c -+++ b/grub-core/kern/mm.c -@@ -306,7 +306,7 @@ grub_real_malloc (grub_mm_header_t *first, grub_size_t n, grub_size_t align) - /* Mark find as a start marker for next allocation to fasten it. - This will have side effect of fragmenting memory as small - pieces before this will be un-used. */ -- /* So do it only for chunks under 64K. */ -+ /* So do it only for chunks under 32K. */ - if (n < (0x8000 >> GRUB_MM_ALIGN_LOG2) - || *first == cur) - *first = prev; diff --git a/SPECS/grub2/fedora/0304-mm-Document-grub_free.patch b/SPECS/grub2/fedora/0304-mm-Document-grub_free.patch deleted file mode 100644 index 6c9b7cc63e..0000000000 --- a/SPECS/grub2/fedora/0304-mm-Document-grub_free.patch +++ /dev/null @@ -1,120 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Thu, 25 Nov 2021 02:22:48 +1100 -Subject: [PATCH] mm: Document grub_free() - -The grub_free() possesses a surprising number of quirks, and also -uses single-letter variable names confusingly to iterate through -the free list. - -Document what's going on. - -Use prev and cur to iterate over the free list. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 1f8d0b01738e49767d662d6426af3570a64565f0) ---- - grub-core/kern/mm.c | 63 ++++++++++++++++++++++++++++++++++------------------- - 1 file changed, 41 insertions(+), 22 deletions(-) - -diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c -index db7e0b2a5b..0351171cf9 100644 ---- a/grub-core/kern/mm.c -+++ b/grub-core/kern/mm.c -@@ -446,54 +446,73 @@ grub_free (void *ptr) - } - else - { -- grub_mm_header_t q, s; -+ grub_mm_header_t cur, prev; - - #if 0 -- q = r->first; -+ cur = r->first; - do - { - grub_printf ("%s:%d: q=%p, q->size=0x%x, q->magic=0x%x\n", -- GRUB_FILE, __LINE__, q, q->size, q->magic); -- q = q->next; -+ GRUB_FILE, __LINE__, cur, cur->size, cur->magic); -+ cur = cur->next; - } -- while (q != r->first); -+ while (cur != r->first); - #endif -- -- for (s = r->first, q = s->next; q <= p || q->next >= p; s = q, q = s->next) -+ /* Iterate over all blocks in the free ring. -+ * -+ * The free ring is arranged from high addresses to low -+ * addresses, modulo wraparound. -+ * -+ * We are looking for a block with a higher address than p or -+ * whose next address is lower than p. -+ */ -+ for (prev = r->first, cur = prev->next; cur <= p || cur->next >= p; -+ prev = cur, cur = prev->next) - { -- if (q->magic != GRUB_MM_FREE_MAGIC) -- grub_fatal ("free magic is broken at %p: 0x%x", q, q->magic); -+ if (cur->magic != GRUB_MM_FREE_MAGIC) -+ grub_fatal ("free magic is broken at %p: 0x%x", cur, cur->magic); - -- if (q <= q->next && (q > p || q->next < p)) -+ /* Deal with wrap-around */ -+ if (cur <= cur->next && (cur > p || cur->next < p)) - break; - } - -+ /* mark p as free and insert it between cur and cur->next */ - p->magic = GRUB_MM_FREE_MAGIC; -- p->next = q->next; -- q->next = p; -+ p->next = cur->next; -+ cur->next = p; - -+ /* -+ * If the block we are freeing can be merged with the next -+ * free block, do that. -+ */ - if (p->next + p->next->size == p) - { - p->magic = 0; - - p->next->size += p->size; -- q->next = p->next; -+ cur->next = p->next; - p = p->next; - } - -- r->first = q; -+ r->first = cur; - -- if (q == p + p->size) -+ /* Likewise if can be merged with the preceeding free block */ -+ if (cur == p + p->size) - { -- q->magic = 0; -- p->size += q->size; -- if (q == s) -- s = p; -- s->next = p; -- q = s; -+ cur->magic = 0; -+ p->size += cur->size; -+ if (cur == prev) -+ prev = p; -+ prev->next = p; -+ cur = prev; - } - -- r->first = q; -+ /* -+ * Set r->first such that the just free()d block is tried first. -+ * (An allocation is tried from *first->next, and cur->next == p.) -+ */ -+ r->first = cur; - } - } - diff --git a/SPECS/grub2/fedora/0305-mm-Document-grub_mm_init_region.patch b/SPECS/grub2/fedora/0305-mm-Document-grub_mm_init_region.patch deleted file mode 100644 index 0173f045e9..0000000000 --- a/SPECS/grub2/fedora/0305-mm-Document-grub_mm_init_region.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Thu, 25 Nov 2021 02:22:49 +1100 -Subject: [PATCH] mm: Document grub_mm_init_region() - -The grub_mm_init_region() does some things that seem magical, especially -around region merging. Make it a bit clearer. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 246d69b7ea619fc1e77dcc5960e37aea45a9808c) ---- - grub-core/kern/mm.c | 31 ++++++++++++++++++++++++++++++- - 1 file changed, 30 insertions(+), 1 deletion(-) - -diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c -index 0351171cf9..1cbf98c7ab 100644 ---- a/grub-core/kern/mm.c -+++ b/grub-core/kern/mm.c -@@ -128,23 +128,52 @@ grub_mm_init_region (void *addr, grub_size_t size) - if (((grub_addr_t) addr + 0x1000) > ~(grub_addr_t) size) - size = ((grub_addr_t) -0x1000) - (grub_addr_t) addr; - -+ /* Attempt to merge this region with every existing region */ - for (p = &grub_mm_base, q = *p; q; p = &(q->next), q = *p) -+ /* -+ * Is the new region immediately below an existing region? That -+ * is, is the address of the memory we're adding now (addr) + size -+ * of the memory we're adding (size) + the bytes we couldn't use -+ * at the start of the region we're considering (q->pre_size) -+ * equal to the address of q? In other words, does the memory -+ * looks like this? -+ * -+ * addr q -+ * |----size-----|-q->pre_size-|| -+ */ - if ((grub_uint8_t *) addr + size + q->pre_size == (grub_uint8_t *) q) - { -+ /* -+ * Yes, we can merge the memory starting at addr into the -+ * existing region from below. Align up addr to GRUB_MM_ALIGN -+ * so that our new region has proper alignment. -+ */ - r = (grub_mm_region_t) ALIGN_UP ((grub_addr_t) addr, GRUB_MM_ALIGN); -+ /* Copy the region data across */ - *r = *q; -+ /* Consider all the new size as pre-size */ - r->pre_size += size; -- -+ -+ /* -+ * If we have enough pre-size to create a block, create a -+ * block with it. Mark it as allocated and pass it to -+ * grub_free (), which will sort out getting it into the free -+ * list. -+ */ - if (r->pre_size >> GRUB_MM_ALIGN_LOG2) - { - h = (grub_mm_header_t) (r + 1); -+ /* block size is pre-size converted to cells */ - h->size = (r->pre_size >> GRUB_MM_ALIGN_LOG2); - h->magic = GRUB_MM_ALLOC_MAGIC; -+ /* region size grows by block size converted back to bytes */ - r->size += h->size << GRUB_MM_ALIGN_LOG2; -+ /* adjust pre_size to be accurate */ - r->pre_size &= (GRUB_MM_ALIGN - 1); - *p = r; - grub_free (h + 1); - } -+ /* Replace the old region with the new region */ - *p = r; - return; - } diff --git a/SPECS/grub2/fedora/0306-mm-Document-GRUB-internal-memory-management-structur.patch b/SPECS/grub2/fedora/0306-mm-Document-GRUB-internal-memory-management-structur.patch deleted file mode 100644 index c793926467..0000000000 --- a/SPECS/grub2/fedora/0306-mm-Document-GRUB-internal-memory-management-structur.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Thu, 25 Nov 2021 02:22:45 +1100 -Subject: [PATCH] mm: Document GRUB internal memory management structures - -I spent more than a trivial quantity of time figuring out pre_size and -whether a memory region's size contains the header cell or not. - -Document the meanings of all the properties. Hopefully now no-one else -has to figure it out! - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit a6c5c52ccffd2674d43db25fb4baa9c528526aa0) ---- - include/grub/mm_private.h | 28 ++++++++++++++++++++++++++++ - 1 file changed, 28 insertions(+) - -diff --git a/include/grub/mm_private.h b/include/grub/mm_private.h -index c2c4cb1511..203533cc3d 100644 ---- a/include/grub/mm_private.h -+++ b/include/grub/mm_private.h -@@ -21,15 +21,27 @@ - - #include - -+/* For context, see kern/mm.c */ -+ - /* Magic words. */ - #define GRUB_MM_FREE_MAGIC 0x2d3c2808 - #define GRUB_MM_ALLOC_MAGIC 0x6db08fa4 - -+/* A header describing a block of memory - either allocated or free */ - typedef struct grub_mm_header - { -+ /* -+ * The 'next' free block in this region's circular free list. -+ * Only meaningful if the block is free. -+ */ - struct grub_mm_header *next; -+ /* The block size, not in bytes but the number of cells of -+ * GRUB_MM_ALIGN bytes. Includes the header cell. -+ */ - grub_size_t size; -+ /* either free or alloc magic, depending on the block type. */ - grub_size_t magic; -+ /* pad to cell size: see the top of kern/mm.c. */ - #if GRUB_CPU_SIZEOF_VOID_P == 4 - char padding[4]; - #elif GRUB_CPU_SIZEOF_VOID_P == 8 -@@ -48,11 +60,27 @@ typedef struct grub_mm_header - - #define GRUB_MM_ALIGN (1 << GRUB_MM_ALIGN_LOG2) - -+/* A region from which we can make allocations. */ - typedef struct grub_mm_region - { -+ /* The first free block in this region. */ - struct grub_mm_header *first; -+ -+ /* -+ * The next region in the linked list of regions. Regions are initially -+ * sorted in order of increasing size, but can grow, in which case the -+ * ordering may not be preserved. -+ */ - struct grub_mm_region *next; -+ -+ /* -+ * A grub_mm_region will always be aligned to cell size. The pre-size is -+ * the number of bytes we were given but had to skip in order to get that -+ * alignment. -+ */ - grub_size_t pre_size; -+ -+ /* How many bytes are in this region? (free and allocated) */ - grub_size_t size; - } - *grub_mm_region_t; diff --git a/SPECS/grub2/fedora/0307-mm-Assert-that-we-preserve-header-vs-region-alignmen.patch b/SPECS/grub2/fedora/0307-mm-Assert-that-we-preserve-header-vs-region-alignmen.patch deleted file mode 100644 index 2893784af6..0000000000 --- a/SPECS/grub2/fedora/0307-mm-Assert-that-we-preserve-header-vs-region-alignmen.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Thu, 21 Apr 2022 15:24:14 +1000 -Subject: [PATCH] mm: Assert that we preserve header vs region alignment - -grub_mm_region_init() does: - - h = (grub_mm_header_t) (r + 1); - -where h is a grub_mm_header_t and r is a grub_mm_region_t. - -Cells are supposed to be GRUB_MM_ALIGN aligned, but while grub_mm_dump -ensures this vs the region header, grub_mm_region_init() does not. - -It's better to be explicit than implicit here: rather than changing -grub_mm_region_init() to ALIGN_UP(), require that the struct is -explicitly a multiple of the header size. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -Tested-by: Patrick Steinhardt -(cherry picked from commit 1df8fe66c57087eb33bd6dc69f786ed124615aa7) ---- - include/grub/mm_private.h | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/include/grub/mm_private.h b/include/grub/mm_private.h -index 203533cc3d..a688b92a83 100644 ---- a/include/grub/mm_private.h -+++ b/include/grub/mm_private.h -@@ -20,6 +20,7 @@ - #define GRUB_MM_PRIVATE_H 1 - - #include -+#include - - /* For context, see kern/mm.c */ - -@@ -89,4 +90,17 @@ typedef struct grub_mm_region - extern grub_mm_region_t EXPORT_VAR (grub_mm_base); - #endif - -+static inline void -+grub_mm_size_sanity_check (void) { -+ /* Ensure we preserve alignment when doing h = (grub_mm_header_t) (r + 1). */ -+ COMPILE_TIME_ASSERT ((sizeof (struct grub_mm_region) % -+ sizeof (struct grub_mm_header)) == 0); -+ -+ /* -+ * GRUB_MM_ALIGN is supposed to represent cell size, and a mm_header is -+ * supposed to be 1 cell. -+ */ -+ COMPILE_TIME_ASSERT (sizeof (struct grub_mm_header) == GRUB_MM_ALIGN); -+} -+ - #endif diff --git a/SPECS/grub2/fedora/0308-mm-When-adding-a-region-merge-with-region-after-as-w.patch b/SPECS/grub2/fedora/0308-mm-When-adding-a-region-merge-with-region-after-as-w.patch deleted file mode 100644 index 52cfeee0af..0000000000 --- a/SPECS/grub2/fedora/0308-mm-When-adding-a-region-merge-with-region-after-as-w.patch +++ /dev/null @@ -1,203 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Thu, 21 Apr 2022 15:24:15 +1000 -Subject: [PATCH] mm: When adding a region, merge with region after as well as - before - -On x86_64-efi (at least) regions seem to be added from top down. The mm -code will merge a new region with an existing region that comes -immediately before the new region. This allows larger allocations to be -satisfied that would otherwise be the case. - -On powerpc-ieee1275, however, regions are added from bottom up. So if -we add 3x 32MB regions, we can still only satisfy a 32MB allocation, -rather than the 96MB allocation we might otherwise be able to satisfy. - - * Define 'post_size' as being bytes lost to the end of an allocation - due to being given weird sizes from firmware that are not multiples - of GRUB_MM_ALIGN. - - * Allow merging of regions immediately _after_ existing regions, not - just before. As with the other approach, we create an allocated - block to represent the new space and the pass it to grub_free() to - get the metadata right. - -Signed-off-by: Daniel Axtens -Tested-by: Stefan Berger -Reviewed-by: Daniel Kiper -Tested-by: Patrick Steinhardt -(cherry picked from commit 052e6068be622ff53f1238b449c300dbd0a8abcd) ---- - grub-core/kern/mm.c | 128 +++++++++++++++++++++++++++++----------------- - include/grub/mm_private.h | 9 ++++ - 2 files changed, 91 insertions(+), 46 deletions(-) - -diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c -index 1cbf98c7ab..7be33e23bf 100644 ---- a/grub-core/kern/mm.c -+++ b/grub-core/kern/mm.c -@@ -130,53 +130,88 @@ grub_mm_init_region (void *addr, grub_size_t size) - - /* Attempt to merge this region with every existing region */ - for (p = &grub_mm_base, q = *p; q; p = &(q->next), q = *p) -- /* -- * Is the new region immediately below an existing region? That -- * is, is the address of the memory we're adding now (addr) + size -- * of the memory we're adding (size) + the bytes we couldn't use -- * at the start of the region we're considering (q->pre_size) -- * equal to the address of q? In other words, does the memory -- * looks like this? -- * -- * addr q -- * |----size-----|-q->pre_size-|| -- */ -- if ((grub_uint8_t *) addr + size + q->pre_size == (grub_uint8_t *) q) -- { -- /* -- * Yes, we can merge the memory starting at addr into the -- * existing region from below. Align up addr to GRUB_MM_ALIGN -- * so that our new region has proper alignment. -- */ -- r = (grub_mm_region_t) ALIGN_UP ((grub_addr_t) addr, GRUB_MM_ALIGN); -- /* Copy the region data across */ -- *r = *q; -- /* Consider all the new size as pre-size */ -- r->pre_size += size; -+ { -+ /* -+ * Is the new region immediately below an existing region? That -+ * is, is the address of the memory we're adding now (addr) + size -+ * of the memory we're adding (size) + the bytes we couldn't use -+ * at the start of the region we're considering (q->pre_size) -+ * equal to the address of q? In other words, does the memory -+ * looks like this? -+ * -+ * addr q -+ * |----size-----|-q->pre_size-|| -+ */ -+ if ((grub_uint8_t *) addr + size + q->pre_size == (grub_uint8_t *) q) -+ { -+ /* -+ * Yes, we can merge the memory starting at addr into the -+ * existing region from below. Align up addr to GRUB_MM_ALIGN -+ * so that our new region has proper alignment. -+ */ -+ r = (grub_mm_region_t) ALIGN_UP ((grub_addr_t) addr, GRUB_MM_ALIGN); -+ /* Copy the region data across */ -+ *r = *q; -+ /* Consider all the new size as pre-size */ -+ r->pre_size += size; - -- /* -- * If we have enough pre-size to create a block, create a -- * block with it. Mark it as allocated and pass it to -- * grub_free (), which will sort out getting it into the free -- * list. -- */ -- if (r->pre_size >> GRUB_MM_ALIGN_LOG2) -- { -- h = (grub_mm_header_t) (r + 1); -- /* block size is pre-size converted to cells */ -- h->size = (r->pre_size >> GRUB_MM_ALIGN_LOG2); -- h->magic = GRUB_MM_ALLOC_MAGIC; -- /* region size grows by block size converted back to bytes */ -- r->size += h->size << GRUB_MM_ALIGN_LOG2; -- /* adjust pre_size to be accurate */ -- r->pre_size &= (GRUB_MM_ALIGN - 1); -- *p = r; -- grub_free (h + 1); -- } -- /* Replace the old region with the new region */ -- *p = r; -- return; -- } -+ /* -+ * If we have enough pre-size to create a block, create a -+ * block with it. Mark it as allocated and pass it to -+ * grub_free (), which will sort out getting it into the free -+ * list. -+ */ -+ if (r->pre_size >> GRUB_MM_ALIGN_LOG2) -+ { -+ h = (grub_mm_header_t) (r + 1); -+ /* block size is pre-size converted to cells */ -+ h->size = (r->pre_size >> GRUB_MM_ALIGN_LOG2); -+ h->magic = GRUB_MM_ALLOC_MAGIC; -+ /* region size grows by block size converted back to bytes */ -+ r->size += h->size << GRUB_MM_ALIGN_LOG2; -+ /* adjust pre_size to be accurate */ -+ r->pre_size &= (GRUB_MM_ALIGN - 1); -+ *p = r; -+ grub_free (h + 1); -+ } -+ /* Replace the old region with the new region */ -+ *p = r; -+ return; -+ } -+ -+ /* -+ * Is the new region immediately above an existing region? That -+ * is: -+ * q addr -+ * ||-q->post_size-|----size-----| -+ */ -+ if ((grub_uint8_t *) q + sizeof (*q) + q->size + q->post_size == -+ (grub_uint8_t *) addr) -+ { -+ /* -+ * Yes! Follow a similar pattern to above, but simpler. -+ * Our header starts at address - post_size, which should align us -+ * to a cell boundary. -+ * -+ * Cast to (void *) first to avoid the following build error: -+ * kern/mm.c: In function ‘grub_mm_init_region’: -+ * kern/mm.c:211:15: error: cast increases required alignment of target type [-Werror=cast-align] -+ * 211 | h = (grub_mm_header_t) ((grub_uint8_t *) addr - q->post_size); -+ * | ^ -+ * It is safe to do that because proper alignment is enforced in grub_mm_size_sanity_check(). -+ */ -+ h = (grub_mm_header_t)(void *) ((grub_uint8_t *) addr - q->post_size); -+ /* our size is the allocated size plus post_size, in cells */ -+ h->size = (size + q->post_size) >> GRUB_MM_ALIGN_LOG2; -+ h->magic = GRUB_MM_ALLOC_MAGIC; -+ /* region size grows by block size converted back to bytes */ -+ q->size += h->size << GRUB_MM_ALIGN_LOG2; -+ /* adjust new post_size to be accurate */ -+ q->post_size = (q->post_size + size) & (GRUB_MM_ALIGN - 1); -+ grub_free (h + 1); -+ return; -+ } -+ } - - /* Allocate a region from the head. */ - r = (grub_mm_region_t) ALIGN_UP ((grub_addr_t) addr, GRUB_MM_ALIGN); -@@ -195,6 +230,7 @@ grub_mm_init_region (void *addr, grub_size_t size) - r->first = h; - r->pre_size = (grub_addr_t) r - (grub_addr_t) addr; - r->size = (h->size << GRUB_MM_ALIGN_LOG2); -+ r->post_size = size - r->size; - - /* Find where to insert this region. Put a smaller one before bigger ones, - to prevent fragmentation. */ -diff --git a/include/grub/mm_private.h b/include/grub/mm_private.h -index a688b92a83..96c2d816be 100644 ---- a/include/grub/mm_private.h -+++ b/include/grub/mm_private.h -@@ -81,8 +81,17 @@ typedef struct grub_mm_region - */ - grub_size_t pre_size; - -+ /* -+ * Likewise, the post-size is the number of bytes we wasted at the end -+ * of the allocation because it wasn't a multiple of GRUB_MM_ALIGN -+ */ -+ grub_size_t post_size; -+ - /* How many bytes are in this region? (free and allocated) */ - grub_size_t size; -+ -+ /* pad to a multiple of cell size */ -+ char padding[3 * GRUB_CPU_SIZEOF_VOID_P]; - } - *grub_mm_region_t; - diff --git a/SPECS/grub2/fedora/0309-mm-Debug-support-for-region-operations.patch b/SPECS/grub2/fedora/0309-mm-Debug-support-for-region-operations.patch deleted file mode 100644 index f434260fc5..0000000000 --- a/SPECS/grub2/fedora/0309-mm-Debug-support-for-region-operations.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Thu, 21 Apr 2022 15:24:16 +1000 -Subject: [PATCH] mm: Debug support for region operations - -This is handy for debugging. Enable with "set debug=regions". - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -Tested-by: Patrick Steinhardt -(cherry picked from commit 8afa5ef45b797ba5d8147ceee85ac2c59dcc7f09) ---- - grub-core/kern/mm.c | 19 ++++++++++++++++--- - 1 file changed, 16 insertions(+), 3 deletions(-) - -diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c -index 7be33e23bf..38bfb01df9 100644 ---- a/grub-core/kern/mm.c -+++ b/grub-core/kern/mm.c -@@ -115,9 +115,8 @@ grub_mm_init_region (void *addr, grub_size_t size) - grub_mm_header_t h; - grub_mm_region_t r, *p, q; - --#if 0 -- grub_printf ("Using memory for heap: start=%p, end=%p\n", addr, addr + (unsigned int) size); --#endif -+ grub_dprintf ("regions", "Using memory for heap: start=%p, end=%p\n", -+ addr, (char *) addr + (unsigned int) size); - - /* Exclude last 4K to avoid overflows. */ - /* If addr + 0x1000 overflows then whole region is in excluded zone. */ -@@ -142,8 +141,14 @@ grub_mm_init_region (void *addr, grub_size_t size) - * addr q - * |----size-----|-q->pre_size-|| - */ -+ grub_dprintf ("regions", "Can we extend into region above?" -+ " %p + %" PRIxGRUB_SIZE " + %" PRIxGRUB_SIZE " ?=? %p\n", -+ (grub_uint8_t *) addr, size, q->pre_size, (grub_uint8_t *) q); - if ((grub_uint8_t *) addr + size + q->pre_size == (grub_uint8_t *) q) - { -+ grub_dprintf ("regions", "Yes: extending a region: (%p -> %p) -> (%p -> %p)\n", -+ q, (grub_uint8_t *) q + sizeof (*q) + q->size, -+ addr, (grub_uint8_t *) q + sizeof (*q) + q->size); - /* - * Yes, we can merge the memory starting at addr into the - * existing region from below. Align up addr to GRUB_MM_ALIGN -@@ -185,9 +190,15 @@ grub_mm_init_region (void *addr, grub_size_t size) - * q addr - * ||-q->post_size-|----size-----| - */ -+ grub_dprintf ("regions", "Can we extend into region below?" -+ " %p + %" PRIxGRUB_SIZE " + %" PRIxGRUB_SIZE " + %" PRIxGRUB_SIZE " ?=? %p\n", -+ (grub_uint8_t *) q, sizeof(*q), q->size, q->post_size, (grub_uint8_t *) addr); - if ((grub_uint8_t *) q + sizeof (*q) + q->size + q->post_size == - (grub_uint8_t *) addr) - { -+ grub_dprintf ("regions", "Yes: extending a region: (%p -> %p) -> (%p -> %p)\n", -+ q, (grub_uint8_t *) q + sizeof (*q) + q->size, -+ q, (grub_uint8_t *) addr + size); - /* - * Yes! Follow a similar pattern to above, but simpler. - * Our header starts at address - post_size, which should align us -@@ -213,6 +224,8 @@ grub_mm_init_region (void *addr, grub_size_t size) - } - } - -+ grub_dprintf ("regions", "No: considering a new region at %p of size %" PRIxGRUB_SIZE "\n", -+ addr, size); - /* Allocate a region from the head. */ - r = (grub_mm_region_t) ALIGN_UP ((grub_addr_t) addr, GRUB_MM_ALIGN); - diff --git a/SPECS/grub2/fedora/0310-mm-Drop-unused-unloading-of-modules-on-OOM.patch b/SPECS/grub2/fedora/0310-mm-Drop-unused-unloading-of-modules-on-OOM.patch deleted file mode 100644 index a18d91224b..0000000000 --- a/SPECS/grub2/fedora/0310-mm-Drop-unused-unloading-of-modules-on-OOM.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Patrick Steinhardt -Date: Thu, 21 Apr 2022 15:24:17 +1000 -Subject: [PATCH] mm: Drop unused unloading of modules on OOM - -In grub_memalign(), there's a commented section which would allow for -unloading of unneeded modules in case where there is not enough free -memory available to satisfy a request. Given that this code is never -compiled in, let's remove it together with grub_dl_unload_unneeded(). - -Signed-off-by: Patrick Steinhardt -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -Tested-by: Patrick Steinhardt -(cherry picked from commit 139fd9b134a01e0b5fe0ebefafa7f48d1ffb6d60) ---- - grub-core/kern/dl.c | 20 -------------------- - grub-core/kern/mm.c | 8 -------- - include/grub/dl.h | 1 - - 3 files changed, 29 deletions(-) - -diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index d5de80186f..ab9101a5ad 100644 ---- a/grub-core/kern/dl.c -+++ b/grub-core/kern/dl.c -@@ -998,23 +998,3 @@ grub_dl_unload (grub_dl_t mod) - grub_free (mod); - return 1; - } -- --/* Unload unneeded modules. */ --void --grub_dl_unload_unneeded (void) --{ -- /* Because grub_dl_remove modifies the list of modules, this -- implementation is tricky. */ -- grub_dl_t p = grub_dl_head; -- -- while (p) -- { -- if (grub_dl_unload (p)) -- { -- p = grub_dl_head; -- continue; -- } -- -- p = p->next; -- } --} -diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c -index 38bfb01df9..1825dc8289 100644 ---- a/grub-core/kern/mm.c -+++ b/grub-core/kern/mm.c -@@ -444,14 +444,6 @@ grub_memalign (grub_size_t align, grub_size_t size) - count++; - goto again; - --#if 0 -- case 1: -- /* Unload unneeded modules. */ -- grub_dl_unload_unneeded (); -- count++; -- goto again; --#endif -- - default: - break; - } -diff --git a/include/grub/dl.h b/include/grub/dl.h -index 45ac8e339f..6bc2560bf0 100644 ---- a/include/grub/dl.h -+++ b/include/grub/dl.h -@@ -206,7 +206,6 @@ grub_dl_t EXPORT_FUNC(grub_dl_load) (const char *name); - grub_dl_t grub_dl_load_core (void *addr, grub_size_t size); - grub_dl_t EXPORT_FUNC(grub_dl_load_core_noinit) (void *addr, grub_size_t size); - int EXPORT_FUNC(grub_dl_unload) (grub_dl_t mod); --extern void grub_dl_unload_unneeded (void); - extern int EXPORT_FUNC(grub_dl_ref) (grub_dl_t mod); - extern int EXPORT_FUNC(grub_dl_unref) (grub_dl_t mod); - extern int EXPORT_FUNC(grub_dl_ref_count) (grub_dl_t mod); diff --git a/SPECS/grub2/fedora/0311-mm-Allow-dynamically-requesting-additional-memory-re.patch b/SPECS/grub2/fedora/0311-mm-Allow-dynamically-requesting-additional-memory-re.patch deleted file mode 100644 index d225c108ee..0000000000 --- a/SPECS/grub2/fedora/0311-mm-Allow-dynamically-requesting-additional-memory-re.patch +++ /dev/null @@ -1,130 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Patrick Steinhardt -Date: Thu, 21 Apr 2022 15:24:18 +1000 -Subject: [PATCH] mm: Allow dynamically requesting additional memory regions - -Currently, all platforms will set up their heap on initialization of the -platform code. While this works mostly fine, it poses some limitations -on memory management on us. Most notably, allocating big chunks of -memory in the gigabyte range would require us to pre-request this many -bytes from the firmware and add it to the heap from the beginning on -some platforms like EFI. As this isn't needed for most configurations, -it is inefficient and may even negatively impact some usecases when, -e.g., chainloading. Nonetheless, allocating big chunks of memory is -required sometimes, where one example is the upcoming support for the -Argon2 key derival function in LUKS2. - -In order to avoid pre-allocating big chunks of memory, this commit -implements a runtime mechanism to add more pages to the system. When -a given allocation cannot be currently satisfied, we'll call a given -callback set up by the platform's own memory management subsystem, -asking it to add a memory area with at least "n" bytes. If this -succeeds, we retry searching for a valid memory region, which should -now succeed. - -If this fails, we try asking for "n" bytes, possibly spread across -multiple regions, in hopes that region merging means that we end up -with enough memory for things to work out. - -Signed-off-by: Patrick Steinhardt -Signed-off-by: Daniel Axtens -Tested-by: Stefan Berger -Reviewed-by: Daniel Kiper -Tested-by: Patrick Steinhardt -(cherry picked from commit 887f98f0db43e33fba4ec1f85e42fae1185700bc) ---- - grub-core/kern/mm.c | 30 ++++++++++++++++++++++++++++++ - include/grub/mm.h | 18 ++++++++++++++++++ - 2 files changed, 48 insertions(+) - -diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c -index 1825dc8289..f2e27f263b 100644 ---- a/grub-core/kern/mm.c -+++ b/grub-core/kern/mm.c -@@ -28,6 +28,9 @@ - - multiple regions may be used as free space. They may not be - contiguous. - -+ - if existing regions are insufficient to satisfy an allocation, a new -+ region can be requested from firmware. -+ - Regions are managed by a singly linked list, and the meta information is - stored in the beginning of each region. Space after the meta information - is used to allocate memory. -@@ -81,6 +84,7 @@ - - - grub_mm_region_t grub_mm_base; -+grub_mm_add_region_func_t grub_mm_add_region_fn; - - /* Get a header from the pointer PTR, and set *P and *R to a pointer - to the header and a pointer to its region, respectively. PTR must -@@ -444,6 +448,32 @@ grub_memalign (grub_size_t align, grub_size_t size) - count++; - goto again; - -+ case 1: -+ /* Request additional pages, contiguous */ -+ count++; -+ -+ if (grub_mm_add_region_fn != NULL && -+ grub_mm_add_region_fn (size, GRUB_MM_ADD_REGION_CONSECUTIVE) == GRUB_ERR_NONE) -+ goto again; -+ -+ /* fallthrough */ -+ -+ case 2: -+ /* Request additional pages, anything at all */ -+ count++; -+ -+ if (grub_mm_add_region_fn != NULL) -+ { -+ /* -+ * Try again even if this fails, in case it was able to partially -+ * satisfy the request -+ */ -+ grub_mm_add_region_fn (size, GRUB_MM_ADD_REGION_NONE); -+ goto again; -+ } -+ -+ /* fallthrough */ -+ - default: - break; - } -diff --git a/include/grub/mm.h b/include/grub/mm.h -index d81623d226..7c6f925ffd 100644 ---- a/include/grub/mm.h -+++ b/include/grub/mm.h -@@ -20,6 +20,7 @@ - #ifndef GRUB_MM_H - #define GRUB_MM_H 1 - -+#include - #include - #include - #include -@@ -29,6 +30,23 @@ - # define NULL ((void *) 0) - #endif - -+#define GRUB_MM_ADD_REGION_NONE 0 -+#define GRUB_MM_ADD_REGION_CONSECUTIVE (1 << 0) -+ -+/* -+ * Function used to request memory regions of `grub_size_t` bytes. The second -+ * parameter is a bitfield of `GRUB_MM_ADD_REGION` flags. -+ */ -+typedef grub_err_t (*grub_mm_add_region_func_t) (grub_size_t, unsigned int); -+ -+/* -+ * Set this function pointer to enable adding memory-regions at runtime in case -+ * a memory allocation cannot be satisfied with existing regions. -+ */ -+#ifndef GRUB_MACHINE_EMU -+extern grub_mm_add_region_func_t EXPORT_VAR(grub_mm_add_region_fn); -+#endif -+ - void grub_mm_init_region (void *addr, grub_size_t size); - void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size); - void *EXPORT_FUNC(grub_malloc) (grub_size_t size); diff --git a/SPECS/grub2/fedora/0312-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch b/SPECS/grub2/fedora/0312-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch deleted file mode 100644 index 6fa378c953..0000000000 --- a/SPECS/grub2/fedora/0312-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Patrick Steinhardt -Date: Thu, 21 Apr 2022 15:24:19 +1000 -Subject: [PATCH] kern/efi/mm: Always request a fixed number of pages on init - -When initializing the EFI memory subsystem, we will by default request -a quarter of the available memory, bounded by a minimum/maximum value. -Given that we're about to extend the EFI memory system to dynamically -request additional pages from the firmware as required, this scaling of -requested memory based on available memory will not make a lot of sense -anymore. - -Remove this logic as a preparatory patch such that we'll instead defer -to the runtime memory allocator. Note that ideally, we'd want to change -this after dynamic requesting of pages has been implemented for the EFI -platform. But because we'll need to split up initialization of the -memory subsystem and the request of pages from the firmware, we'd have -to duplicate quite some logic at first only to remove it afterwards -again. This seems quite pointless, so we instead have patches slightly -out of order. - -Signed-off-by: Patrick Steinhardt -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -Tested-by: Patrick Steinhardt -(cherry picked from commit 938c3760b8c0fca759140be48307179b50107ff6) ---- - grub-core/kern/efi/mm.c | 35 +++-------------------------------- - 1 file changed, 3 insertions(+), 32 deletions(-) - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index e460b072e6..782a1365a1 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -38,9 +38,8 @@ - a multiplier of 4KB. */ - #define MEMORY_MAP_SIZE 0x3000 - --/* The minimum and maximum heap size for GRUB itself. */ --#define MIN_HEAP_SIZE 0x100000 --#define MAX_HEAP_SIZE (1600 * 0x100000) -+/* The default heap size for GRUB itself in bytes. */ -+#define DEFAULT_HEAP_SIZE 0x100000 - - static void *finish_mmap_buf = 0; - static grub_efi_uintn_t finish_mmap_size = 0; -@@ -514,23 +513,6 @@ filter_memory_map (grub_efi_memory_descriptor_t *memory_map, - return filtered_desc; - } - --/* Return the total number of pages. */ --static grub_efi_uint64_t --get_total_pages (grub_efi_memory_descriptor_t *memory_map, -- grub_efi_uintn_t desc_size, -- grub_efi_memory_descriptor_t *memory_map_end) --{ -- grub_efi_memory_descriptor_t *desc; -- grub_efi_uint64_t total = 0; -- -- for (desc = memory_map; -- desc < memory_map_end; -- desc = NEXT_MEMORY_DESCRIPTOR (desc, desc_size)) -- total += desc->num_pages; -- -- return total; --} -- - /* Add memory regions. */ - static void - add_memory_regions (grub_efi_memory_descriptor_t *memory_map, -@@ -694,8 +676,6 @@ grub_efi_mm_init (void) - grub_efi_memory_descriptor_t *filtered_memory_map_end; - grub_efi_uintn_t map_size; - grub_efi_uintn_t desc_size; -- grub_efi_uint64_t total_pages; -- grub_efi_uint64_t required_pages; - int mm_status; - - grub_nx_init (); -@@ -737,22 +717,13 @@ grub_efi_mm_init (void) - filtered_memory_map_end = filter_memory_map (memory_map, filtered_memory_map, - desc_size, memory_map_end); - -- /* By default, request a quarter of the available memory. */ -- total_pages = get_total_pages (filtered_memory_map, desc_size, -- filtered_memory_map_end); -- required_pages = (total_pages >> 2); -- if (required_pages < BYTES_TO_PAGES (MIN_HEAP_SIZE)) -- required_pages = BYTES_TO_PAGES (MIN_HEAP_SIZE); -- else if (required_pages > BYTES_TO_PAGES (MAX_HEAP_SIZE)) -- required_pages = BYTES_TO_PAGES (MAX_HEAP_SIZE); -- - /* Sort the filtered descriptors, so that GRUB can allocate pages - from smaller regions. */ - sort_memory_map (filtered_memory_map, desc_size, filtered_memory_map_end); - - /* Allocate memory regions for GRUB's memory management. */ - add_memory_regions (filtered_memory_map, desc_size, -- filtered_memory_map_end, required_pages); -+ filtered_memory_map_end, BYTES_TO_PAGES (DEFAULT_HEAP_SIZE)); - - #if 0 - /* For debug. */ diff --git a/SPECS/grub2/fedora/0313-kern-efi-mm-Extract-function-to-add-memory-regions.patch b/SPECS/grub2/fedora/0313-kern-efi-mm-Extract-function-to-add-memory-regions.patch deleted file mode 100644 index 28cf2e75e4..0000000000 --- a/SPECS/grub2/fedora/0313-kern-efi-mm-Extract-function-to-add-memory-regions.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Patrick Steinhardt -Date: Thu, 21 Apr 2022 15:24:20 +1000 -Subject: [PATCH] kern/efi/mm: Extract function to add memory regions - -In preparation of support for runtime-allocating additional memory -region, this patch extracts the function to retrieve the EFI memory -map and add a subset of it to GRUB's own memory regions. - -Signed-off-by: Patrick Steinhardt -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -Tested-by: Patrick Steinhardt -(cherry picked from commit 96a7ea29e3cb61b6c2302e260e8e6a6117e17fa3) -[rharwood: backport around our nx] ---- - grub-core/kern/efi/mm.c | 21 +++++++++++++++------ - 1 file changed, 15 insertions(+), 6 deletions(-) - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 782a1365a1..a1d3b51fe6 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -667,8 +667,8 @@ grub_nx_init (void) - } - } - --void --grub_efi_mm_init (void) -+static grub_err_t -+grub_efi_mm_add_regions (grub_size_t required_bytes) - { - grub_efi_memory_descriptor_t *memory_map; - grub_efi_memory_descriptor_t *memory_map_end; -@@ -683,7 +683,7 @@ grub_efi_mm_init (void) - /* Prepare a memory region to store two memory maps. */ - memory_map = grub_efi_allocate_any_pages (2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE)); - if (! memory_map) -- grub_fatal ("cannot allocate memory"); -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate memory for memory map"); - - /* Obtain descriptors for available memory. */ - map_size = MEMORY_MAP_SIZE; -@@ -701,14 +701,14 @@ grub_efi_mm_init (void) - - memory_map = grub_efi_allocate_any_pages (2 * BYTES_TO_PAGES (map_size)); - if (! memory_map) -- grub_fatal ("cannot allocate memory"); -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate memory for new memory map"); - - mm_status = grub_efi_get_memory_map (&map_size, memory_map, 0, - &desc_size, 0); - } - - if (mm_status < 0) -- grub_fatal ("cannot get memory map"); -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "error fetching memory map from EFI"); - - memory_map_end = NEXT_MEMORY_DESCRIPTOR (memory_map, map_size); - -@@ -723,7 +723,7 @@ grub_efi_mm_init (void) - - /* Allocate memory regions for GRUB's memory management. */ - add_memory_regions (filtered_memory_map, desc_size, -- filtered_memory_map_end, BYTES_TO_PAGES (DEFAULT_HEAP_SIZE)); -+ filtered_memory_map_end, BYTES_TO_PAGES (required_bytes)); - - #if 0 - /* For debug. */ -@@ -741,6 +741,15 @@ grub_efi_mm_init (void) - /* Release the memory maps. */ - grub_efi_free_pages ((grub_addr_t) memory_map, - 2 * BYTES_TO_PAGES (MEMORY_MAP_SIZE)); -+ -+ return GRUB_ERR_NONE; -+} -+ -+void -+grub_efi_mm_init (void) -+{ -+ if (grub_efi_mm_add_regions (DEFAULT_HEAP_SIZE) != GRUB_ERR_NONE) -+ grub_fatal ("%s", grub_errmsg); - } - - #if defined (__aarch64__) || defined (__arm__) || defined (__riscv) diff --git a/SPECS/grub2/fedora/0314-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch b/SPECS/grub2/fedora/0314-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch deleted file mode 100644 index b4b7891b41..0000000000 --- a/SPECS/grub2/fedora/0314-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Patrick Steinhardt -Date: Thu, 21 Apr 2022 15:24:21 +1000 -Subject: [PATCH] kern/efi/mm: Pass up errors from add_memory_regions() - -The function add_memory_regions() is currently only called on system -initialization to allocate a fixed amount of pages. As such, it didn't -need to return any errors: in case it failed, we cannot proceed anyway. -This will change with the upcoming support for requesting more memory -from the firmware at runtime, where it doesn't make sense anymore to -fail hard. - -Refactor the function to return an error to prepare for this. Note that -this does not change the behaviour when initializing the memory system -because grub_efi_mm_init() knows to call grub_fatal() in case -grub_efi_mm_add_regions() returns an error. - -Signed-off-by: Patrick Steinhardt -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -Tested-by: Patrick Steinhardt -(cherry picked from commit 15a015698921240adc1ac266a3b5bc5fcbd81521) ---- - grub-core/kern/efi/mm.c | 22 +++++++++++++++------- - 1 file changed, 15 insertions(+), 7 deletions(-) - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index a1d3b51fe6..e0ebc65dba 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -514,7 +514,7 @@ filter_memory_map (grub_efi_memory_descriptor_t *memory_map, - } - - /* Add memory regions. */ --static void -+static grub_err_t - add_memory_regions (grub_efi_memory_descriptor_t *memory_map, - grub_efi_uintn_t desc_size, - grub_efi_memory_descriptor_t *memory_map_end, -@@ -542,9 +542,9 @@ add_memory_regions (grub_efi_memory_descriptor_t *memory_map, - GRUB_EFI_ALLOCATE_ADDRESS, - GRUB_EFI_LOADER_CODE); - if (! addr) -- grub_fatal ("cannot allocate conventional memory %p with %u pages", -- (void *) ((grub_addr_t) start), -- (unsigned) pages); -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "Memory starting at %p (%u pages) marked as free, but EFI would not allocate", -+ (void *) ((grub_addr_t) start), (unsigned) pages); - - grub_mm_init_region (addr, PAGES_TO_BYTES (pages)); - -@@ -554,7 +554,11 @@ add_memory_regions (grub_efi_memory_descriptor_t *memory_map, - } - - if (required_pages > 0) -- grub_fatal ("too little memory"); -+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, -+ "could not allocate all requested memory: %" PRIuGRUB_UINT64_T " pages still required after iterating EFI memory map", -+ required_pages); -+ -+ return GRUB_ERR_NONE; - } - - void -@@ -676,6 +680,7 @@ grub_efi_mm_add_regions (grub_size_t required_bytes) - grub_efi_memory_descriptor_t *filtered_memory_map_end; - grub_efi_uintn_t map_size; - grub_efi_uintn_t desc_size; -+ grub_err_t err; - int mm_status; - - grub_nx_init (); -@@ -722,8 +727,11 @@ grub_efi_mm_add_regions (grub_size_t required_bytes) - sort_memory_map (filtered_memory_map, desc_size, filtered_memory_map_end); - - /* Allocate memory regions for GRUB's memory management. */ -- add_memory_regions (filtered_memory_map, desc_size, -- filtered_memory_map_end, BYTES_TO_PAGES (required_bytes)); -+ err = add_memory_regions (filtered_memory_map, desc_size, -+ filtered_memory_map_end, -+ BYTES_TO_PAGES (required_bytes)); -+ if (err != GRUB_ERR_NONE) -+ return err; - - #if 0 - /* For debug. */ diff --git a/SPECS/grub2/fedora/0315-kern-efi-mm-Implement-runtime-addition-of-pages.patch b/SPECS/grub2/fedora/0315-kern-efi-mm-Implement-runtime-addition-of-pages.patch deleted file mode 100644 index 1f52581fb7..0000000000 --- a/SPECS/grub2/fedora/0315-kern-efi-mm-Implement-runtime-addition-of-pages.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Patrick Steinhardt -Date: Thu, 21 Apr 2022 15:24:22 +1000 -Subject: [PATCH] kern/efi/mm: Implement runtime addition of pages - -Adjust the interface of grub_efi_mm_add_regions() to take a set of -GRUB_MM_ADD_REGION_* flags, which most notably is currently only the -GRUB_MM_ADD_REGION_CONSECUTIVE flag. This allows us to set the function -up as callback for the memory subsystem and have it call out to us in -case there's not enough pages available in the current heap. - -Signed-off-by: Patrick Steinhardt -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -Tested-by: Patrick Steinhardt -(cherry picked from commit 1df2934822df4c1170dde069d97cfbf7a9572bba) ---- - grub-core/kern/efi/mm.c | 15 +++++++++++---- - 1 file changed, 11 insertions(+), 4 deletions(-) - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index e0ebc65dba..016ba6cf2f 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -518,7 +518,8 @@ static grub_err_t - add_memory_regions (grub_efi_memory_descriptor_t *memory_map, - grub_efi_uintn_t desc_size, - grub_efi_memory_descriptor_t *memory_map_end, -- grub_efi_uint64_t required_pages) -+ grub_efi_uint64_t required_pages, -+ unsigned int flags) - { - grub_efi_memory_descriptor_t *desc; - -@@ -532,6 +533,10 @@ add_memory_regions (grub_efi_memory_descriptor_t *memory_map, - - start = desc->physical_start; - pages = desc->num_pages; -+ -+ if (pages < required_pages && (flags & GRUB_MM_ADD_REGION_CONSECUTIVE)) -+ continue; -+ - if (pages > required_pages) - { - start += PAGES_TO_BYTES (pages - required_pages); -@@ -672,7 +677,7 @@ grub_nx_init (void) - } - - static grub_err_t --grub_efi_mm_add_regions (grub_size_t required_bytes) -+grub_efi_mm_add_regions (grub_size_t required_bytes, unsigned int flags) - { - grub_efi_memory_descriptor_t *memory_map; - grub_efi_memory_descriptor_t *memory_map_end; -@@ -729,7 +734,8 @@ grub_efi_mm_add_regions (grub_size_t required_bytes) - /* Allocate memory regions for GRUB's memory management. */ - err = add_memory_regions (filtered_memory_map, desc_size, - filtered_memory_map_end, -- BYTES_TO_PAGES (required_bytes)); -+ BYTES_TO_PAGES (required_bytes), -+ flags); - if (err != GRUB_ERR_NONE) - return err; - -@@ -756,8 +762,9 @@ grub_efi_mm_add_regions (grub_size_t required_bytes) - void - grub_efi_mm_init (void) - { -- if (grub_efi_mm_add_regions (DEFAULT_HEAP_SIZE) != GRUB_ERR_NONE) -+ if (grub_efi_mm_add_regions (DEFAULT_HEAP_SIZE, GRUB_MM_ADD_REGION_NONE) != GRUB_ERR_NONE) - grub_fatal ("%s", grub_errmsg); -+ grub_mm_add_region_fn = grub_efi_mm_add_regions; - } - - #if defined (__aarch64__) || defined (__arm__) || defined (__riscv) diff --git a/SPECS/grub2/fedora/0316-efi-Increase-default-memory-allocation-to-32-MiB.patch b/SPECS/grub2/fedora/0316-efi-Increase-default-memory-allocation-to-32-MiB.patch deleted file mode 100644 index b70c3cce52..0000000000 --- a/SPECS/grub2/fedora/0316-efi-Increase-default-memory-allocation-to-32-MiB.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens -Date: Tue, 20 Sep 2022 00:30:30 +1000 -Subject: [PATCH] efi: Increase default memory allocation to 32 MiB - -We have multiple reports of things being slower with a 1 MiB initial static -allocation, and a report (more difficult to nail down) of a boot failure -as a result of the smaller initial allocation. - -Make the initial memory allocation 32 MiB. - -Signed-off-by: Daniel Axtens -Reviewed-by: Daniel Kiper -(cherry picked from commit 75e38e86e7d9202f050b093f20500d9ad4c6dad9) ---- - grub-core/kern/efi/mm.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index 016ba6cf2f..b27e966e1f 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -39,7 +39,7 @@ - #define MEMORY_MAP_SIZE 0x3000 - - /* The default heap size for GRUB itself in bytes. */ --#define DEFAULT_HEAP_SIZE 0x100000 -+#define DEFAULT_HEAP_SIZE 0x2000000 - - static void *finish_mmap_buf = 0; - static grub_efi_uintn_t finish_mmap_size = 0; diff --git a/SPECS/grub2/fedora/0317-mm-Try-invalidate-disk-caches-last-when-out-of-memor.patch b/SPECS/grub2/fedora/0317-mm-Try-invalidate-disk-caches-last-when-out-of-memor.patch deleted file mode 100644 index c919891c9d..0000000000 --- a/SPECS/grub2/fedora/0317-mm-Try-invalidate-disk-caches-last-when-out-of-memor.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Zhang Boyang -Date: Sat, 15 Oct 2022 22:15:11 +0800 -Subject: [PATCH] mm: Try invalidate disk caches last when out of memory - -Every heap grow will cause all disk caches invalidated which decreases -performance severely. This patch moves disk cache invalidation code to -the last of memory squeezing measures. So, disk caches are released only -when there are no other ways to get free memory. - -Signed-off-by: Zhang Boyang -Reviewed-by: Daniel Kiper -Reviewed-by: Patrick Steinhardt -(cherry picked from commit 17975d10a80e2457e5237f87fa58a7943031983e) ---- - grub-core/kern/mm.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c -index f2e27f263b..da1ac9427c 100644 ---- a/grub-core/kern/mm.c -+++ b/grub-core/kern/mm.c -@@ -443,12 +443,6 @@ grub_memalign (grub_size_t align, grub_size_t size) - switch (count) - { - case 0: -- /* Invalidate disk caches. */ -- grub_disk_cache_invalidate_all (); -- count++; -- goto again; -- -- case 1: - /* Request additional pages, contiguous */ - count++; - -@@ -458,7 +452,7 @@ grub_memalign (grub_size_t align, grub_size_t size) - - /* fallthrough */ - -- case 2: -+ case 1: - /* Request additional pages, anything at all */ - count++; - -@@ -474,6 +468,12 @@ grub_memalign (grub_size_t align, grub_size_t size) - - /* fallthrough */ - -+ case 2: -+ /* Invalidate disk caches. */ -+ grub_disk_cache_invalidate_all (); -+ count++; -+ goto again; -+ - default: - break; - } diff --git a/SPECS/grub2/fedora/0323-hostdisk-work-around-proc-not-reporting-size.patch b/SPECS/grub2/fedora/0323-hostdisk-work-around-proc-not-reporting-size.patch deleted file mode 100644 index 5f2fa08cd0..0000000000 --- a/SPECS/grub2/fedora/0323-hostdisk-work-around-proc-not-reporting-size.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Thu, 9 Mar 2023 11:18:19 -0500 -Subject: [PATCH] hostdisk: work around /proc not reporting size - -fstat(2) of files in /proc will yield st_size == 0 regardless of file -contents. Use a negative value in grub_file_t's size to denote "ignore" -and plumb through. - -Signed-off-by: Robbie Harwood ---- - grub-core/kern/file.c | 28 ++++++++++++++++------------ - grub-core/lib/progress.c | 2 +- - grub-core/osdep/unix/hostdisk.c | 6 ++++++ - 3 files changed, 23 insertions(+), 13 deletions(-) - -diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c -index 868ce3b63e..4ea6d1ce95 100644 ---- a/grub-core/kern/file.c -+++ b/grub-core/kern/file.c -@@ -172,26 +172,30 @@ grub_file_read (grub_file_t file, void *buf, grub_size_t len) - grub_disk_read_hook_t read_hook; - void *read_hook_data; - -- if (file->offset > file->size) -- { -- grub_error (GRUB_ERR_OUT_OF_RANGE, -- N_("attempt to read past the end of file")); -- return -1; -- } -- - if (len == 0) - return 0; - -- if (len > file->size - file->offset) -- len = file->size - file->offset; -+#ifdef GRUB_MACHINE_EMU -+ if (file->size >= 0) -+ { -+#endif -+ if (file->offset > file->size) -+ { -+ grub_error (GRUB_ERR_OUT_OF_RANGE, -+ N_("attempt to read past the end of file")); -+ return -1; -+ } -+ -+ if (len > file->size - file->offset) -+ len = file->size - file->offset; -+#ifdef GRUB_MACHINE_EMU -+ } -+#endif - - /* Prevent an overflow. */ - if ((grub_ssize_t) len < 0) - len >>= 1; - -- if (len == 0) -- return 0; -- - read_hook = file->read_hook; - read_hook_data = file->read_hook_data; - if (!file->read_hook) -diff --git a/grub-core/lib/progress.c b/grub-core/lib/progress.c -index 4b7cbbca6d..f3226b6898 100644 ---- a/grub-core/lib/progress.c -+++ b/grub-core/lib/progress.c -@@ -71,7 +71,7 @@ grub_file_progress_hook_real (grub_disk_addr_t sector __attribute__ ((unused)), - * 100ULL * 1000ULL, - now - file->last_progress_time, 0); - -- if (file->size == 0) -+ if (file->size <= 0) - percent = 100; - else - percent = grub_divmod64 (100 * file->progress_offset, -diff --git a/grub-core/osdep/unix/hostdisk.c b/grub-core/osdep/unix/hostdisk.c -index 3a00d7451a..e5f4b4d5f9 100644 ---- a/grub-core/osdep/unix/hostdisk.c -+++ b/grub-core/osdep/unix/hostdisk.c -@@ -71,6 +71,12 @@ grub_util_get_fd_size (grub_util_fd_t fd, const char *name, unsigned *log_secsiz - if (log_secsize) - *log_secsize = 9; - -+#ifdef GRUB_MACHINE_EMU -+ /* /proc doesn't behave itself and gives 0 for file sizes to stat. */ -+ if (st.st_size == 0 && !grub_strncmp ("/proc", name, 5)) -+ return -1; -+#endif -+ - return st.st_size; - } - diff --git a/SPECS/grub2/fedora/0325-emu-linux-work-around-systemctl-kexec-returning.patch b/SPECS/grub2/fedora/0325-emu-linux-work-around-systemctl-kexec-returning.patch deleted file mode 100644 index 1c61bccbdc..0000000000 --- a/SPECS/grub2/fedora/0325-emu-linux-work-around-systemctl-kexec-returning.patch +++ /dev/null @@ -1,46 +0,0 @@ -From f763b8d1be32f9b33eeef8f1c689708c5a584cec Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Fri, 18 Aug 2023 13:47:02 +0530 -Subject: [PATCH] emu/linux: work around systemctl kexec returning - -Per systemctl(1), it "is asynchronous; it will return after the reboot -operation is enqueued, without waiting for it to complete". This -differs from kexec(8), which calls reboot(2) and therefore does not -return. - -When not using fallback, this results in the confusing-but-harmless: - - error trying to perform 'systemctl kexec': 0 - Aborted. Press any key to exit. - -on screen for a bit, followed by successful kexec. - -To reduce the liklihood of hitting this case, add a delay on succesful -return. Ultimately, the systemd interface is racy: we can't avoid it -entirely unless we never fallback on success. - -Signed-off-by: Robbie Harwood -[Ajay: regenerated for Photon 5.0] -Signed-off-by: Ajay Kaher ---- - grub-core/loader/emu/linux.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/grub-core/loader/emu/linux.c b/grub-core/loader/emu/linux.c -index fda9e00..b984931 100644 ---- a/grub-core/loader/emu/linux.c -+++ b/grub-core/loader/emu/linux.c -@@ -71,6 +71,10 @@ grub_linux_boot (void) - (kexecute==1) ? "do-or-die" : "just-in-case"); - rc = grub_util_exec (systemctl); - -+ /* `systemctl kexec` is "asynchronous" and will return even on success. */ -+ if (rc == 0) -+ grub_sleep (10); -+ - if (kexecute == 1) - grub_fatal (N_("Error trying to perform 'systemctl kexec'")); - --- -2.7.4 - diff --git a/SPECS/grub2/grub-sbat.csv.in b/SPECS/grub2/grub-sbat.csv.in deleted file mode 100644 index 2747cabb4d..0000000000 --- a/SPECS/grub2/grub-sbat.csv.in +++ /dev/null @@ -1,3 +0,0 @@ -sbat,1,SBAT Version,sbat,1,/~https://github.com/rhboot/shim/blob/main/SBAT.md -grub,1,Free Software Foundation,grub,@@VERSION@@,https//www.gnu.org/software/grub/ -grub.photon,@@GRUB_PH_GEN@@,VMware Photon OS,grub2,@@VERSION_RELEASE@@,/~https://github.com/vmware/photon diff --git a/SPECS/grub2/grub2.spec b/SPECS/grub2/grub2.spec deleted file mode 100644 index 532e03ca82..0000000000 --- a/SPECS/grub2/grub2.spec +++ /dev/null @@ -1,317 +0,0 @@ -%define debug_package %{nil} - -%define grub_photon_generation 2 - -Summary: GRand Unified Bootloader -Name: grub2 -Version: 2.06 -Release: 12%{?dist} -License: GPLv3+ -URL: http://www.gnu.org/software/grub -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://ftp.gnu.org/gnu/grub/grub-%{version}.tar.xz -%define sha512 grub=4f11c648f3078567e53fc0c74d5026fdc6da4be27d188975e79d9a4df817ade0fe5ad2ddd694238a07edc45adfa02943d83c57767dd51548102b375e529e8efe - -Source1: fedora.patches -Source2: grub-sbat.csv.in - -Patch0: Tweak-grub-mkconfig.in-to-work-better-in-Photon.patch - -#fedora patches -%include %{SOURCE1} - -#grub2-emu -Patch1501: 0001-grub2-emu-hide-menu-skip-retry.patch -Patch1502: 0002-grub2-emu-fix-if-boot-as-partition.patch - -BuildRequires: device-mapper-devel -BuildRequires: xz-devel -BuildRequires: systemd-devel -BuildRequires: bison - -Requires: xz-libs -Requires: device-mapper-libs -Requires: systemd-udev - -%description -The GRUB package contains the GRand Unified Bootloader. - -%package lang -Summary: Additional language files for grub -Group: System Environment/Programming -Requires: %{name} = %{version}-%{release} -%description lang -These are the additional language files of grub. - -%ifarch x86_64 -%package pc -Summary: GRUB Library for BIOS -Group: System Environment/Programming -Requires: %{name} = %{version}-%{release} -%description pc -Additional library files for grub -%endif - -%package emu -Summary: GRUB user space emulator -Group: System Environment/Programming -Requires: %{name} = %{version}-%{release} -%description emu -GRUB Emulator - -%package efi -Summary: GRUB Library for UEFI -Group: System Environment/Programming -Requires: %{name} = %{version}-%{release} -%description efi -Additional library files for grub - -%package efi-image -Summary: GRUB UEFI image -Group: System Environment/Base -%ifarch x86_64 -Requires: shim-signed >= 15.4 -%endif -%description efi-image -GRUB UEFI image signed by vendor key - -%prep -%autosetup -p1 -n grub-%{version} - -%build -sh ./autogen.sh -%ifarch x86_64 -mkdir -p build-for-pc -pushd build-for-pc -sh ../configure \ - --prefix=%{_prefix} \ - --sbindir=%{_sbindir} \ - --sysconfdir=%{_sysconfdir} \ - --disable-werror \ - --disable-efiemu \ - --disable-nls \ - --with-grubdir=grub2 \ - --with-platform=pc \ - --target=i386 \ - --program-transform-name=s,grub,%{name}, \ - --with-bootdir="/boot" - -%make_build - -%make_install DESTDIR=${PWD}/../install-for-pc %{?_smp_mflags} -popd -%endif - -mkdir -p build-for-emu -pushd build-for-emu -sh ../configure \ - --prefix=%{_prefix} \ - --sbindir=%{_sbindir} \ - --sysconfdir=%{_sysconfdir} \ - --disable-werror \ - --disable-nls \ - --with-grubdir=grub2 \ - --with-platform=emu \ - --target=%{_arch} \ - --program-transform-name=s,grub,%{name}, \ - --with-bootdir="/boot" - -%make_build - -%make_install DESTDIR=${PWD}/../install-for-emu %{?_smp_mflags} -popd - -mkdir -p build-for-efi -pushd build-for-efi -sh ../configure \ - --prefix=%{_prefix} \ - --sbindir=%{_sbindir} \ - --sysconfdir=%{_sysconfdir} \ - --disable-werror \ - --disable-efiemu \ - --with-grubdir=grub2 \ - --with-platform=efi \ - --target=%{_arch} \ - --program-transform-name=s,grub,%{name}, \ - --with-bootdir="/boot" - -%make_build - -%make_install DESTDIR=${PWD}/../install-for-efi %{?_smp_mflags} -popd - -%install -mkdir -p %{buildroot}%{_sysconfdir}/default \ - %{buildroot}%{_sysconfdir}/sysconfig \ - %{buildroot}/boot/%{name} - -cp -apr install-for-emu/. %{buildroot}/. -cp -apr install-for-efi/. %{buildroot}/. -%ifarch x86_64 -cp -apr install-for-pc/. %{buildroot}/. -%endif -touch %{buildroot}%{_sysconfdir}/default/grub -ln -sf %{_sysconfdir}/default/grub %{buildroot}%{_sysconfdir}/sysconfig/grub -touch %{buildroot}/boot/%{name}/grub.cfg -rm -rf %{buildroot}%{_infodir} -# Generate grub efi image -install -d %{buildroot}/boot/efi/EFI/BOOT - -sed -e "s,@@VERSION@@,%{version},g" \ - -e "s,@@VERSION_RELEASE@@,%{version}-%{release},g" \ - -e "s,@@GRUB_PH_GEN@@,%{grub_photon_generation},g" \ - %{SOURCE2} > grub-sbat.csv - -%ifarch x86_64 -./install-for-efi/%{_bindir}/grub2-mkimage -d ./install-for-efi/%{_libdir}/grub/x86_64-efi/ -o %{buildroot}/boot/efi/EFI/BOOT/grubx64.efi -p /boot/grub2 -O x86_64-efi --sbat=grub-sbat.csv fat iso9660 part_gpt part_msdos normal boot linux configfile loopback chain efifwsetup efi_gop efi_uga ls search search_label search_fs_uuid search_fs_file gfxterm gfxterm_background gfxterm_menu test all_video loadenv exfat ext2 udf halt gfxmenu png tga lsefi help probe echo lvm -%endif - -%ifarch aarch64 -cat > grub-embed-config.cfg << EOF -search.fs_label rootfs root -configfile /boot/grub2/grub.cfg -EOF - -./install-for-efi/%{_bindir}/grub2-mkimage -d ./install-for-efi/%{_libdir}/grub/arm64-efi/ -o %{buildroot}/boot/efi/EFI/BOOT/bootaa64.efi -p /boot/grub2 -O arm64-efi -c grub-embed-config.cfg --sbat=grub-sbat.csv fat iso9660 part_gpt part_msdos normal boot linux configfile loopback chain efifwsetup efi_gop efinet ls search search_label search_fs_uuid search_fs_file gfxterm gfxterm_background gfxterm_menu test all_video loadenv exfat ext2 udf halt gfxmenu png tga lsefi help all_video probe echo -%endif - -%if 0%{?with_check} -# make sure all files are same between two configure except the /usr/lib/grub -%check -%ifarch x86_64 -diff -sr install-for-efi/sbin install-for-pc/sbin -diff -sr install-for-efi%{_bindir} install-for-pc%{_bindir} -diff -sr install-for-efi%{_sysconfdir} install-for-pc%{_sysconfdir} -diff -sr install-for-efi%{_datadir} install-for-pc%{_datadir} -%endif -%endif - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%dir %{_sysconfdir}/grub.d -%config() %{_sysconfdir}/grub.d/00_header -%config() %{_sysconfdir}/grub.d/10_linux -%config() %{_sysconfdir}/grub.d/20_linux_xen -%config() %{_sysconfdir}/grub.d/30_os-prober -%config() %{_sysconfdir}/grub.d/30_uefi-firmware -%config(noreplace) %{_sysconfdir}/grub.d/40_custom -%config(noreplace) %{_sysconfdir}/grub.d/41_custom -%{_sysconfdir}/grub.d/README -%{_sbindir}/* -%{_bindir}/* -%{_datadir}/bash-completion/completions/grub -%{_datadir}/grub/* -%{_sysconfdir}/sysconfig/grub -%{_sysconfdir}/default/grub -%ghost %config(noreplace) /boot/%{name}/grub.cfg - -%ifarch x86_64 -%files pc -%defattr(-,root,root) -%{_libdir}/grub/i386-pc - -%files efi -%defattr(-,root,root) -%{_libdir}/grub/x86_64-efi - -%files emu -%defattr(-,root,root) -%{_libdir}/grub/x86_64-emu -%endif - -%ifarch aarch64 -%files efi -%defattr(-,root,root) -%{_libdir}/grub/* -%endif - -%files efi-image -%defattr(-,root,root) -/boot/efi/EFI/BOOT/* - -%files lang -%defattr(-,root,root) -%{_datadir}/locale/* - -%changelog -* Thu Aug 31 2023 Ajay Kaher 2.06-12 -- Fix path issues if /boot is mounted to boot partition -* Thu Aug 31 2023 Ajay Kaher 2.06-11 -- Add grub2-emu sub pkg -* Tue Mar 28 2023 Piyush Gupta 2.06-10 -- Remove verification for font files during secure boot. -* Tue Mar 14 2023 Alexey Makhalov 2.06-9 -- Fix Photon URL in sbat table. -* Fri Mar 03 2023 Shreenidhi Shedi 2.06-8 -- Fix aarch64 build error -* Fri Feb 24 2023 Alexey Makhalov 2.06-7 -- Generate efi image during the build. -- Remove unneeded patches. -* Wed Feb 15 2023 Alexey Makhalov 2.06-6 -- Go back to Fedora/RHEL style of SecureBoot with their latest features - such as NX_COMPAT and security fixes. -* Fri Dec 23 2022 Oliver Kurth 2.06-5 -- bump version as a part of xz upgrade -* Tue Dec 20 2022 Shreenidhi Shedi 2.06-4 -- Fix CVE-2022-2601 -* Thu Jun 09 2022 Shreenidhi Shedi 2.06-3 -- Add systemd-udev to Requires -* Wed Aug 18 2021 Ankit Jain 2.06-2 -- Remove prompt message for default -o option in grub2-mkconfig -* Wed Jun 16 2021 Shreenidhi Shedi 2.06-1 -- Upgrade to version 2.06 -* Wed Apr 28 2021 Alexey Makhalov 2.06~rc1-2 -- Update signed grubx64.efi with recent fixes and SBAT support. -* Mon Mar 15 2021 Ajay Kaher 2.06~rc1-1 -- upgrade to 2.06.rc1-1 -* Mon Mar 01 2021 Alexey Makhalov 2.04-3 -- Fixes for CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, - CVE-2020-27749, CVE-2020-27779, CVE-2021-3418, CVE-2021-20225, - CVE-2021-20233. -* Fri Oct 30 2020 Bo Gan 2.04-2 -- Fix boot failure on aarch64 -- ERROR: (FIRMWARE BUG: efi_loaded_image_t::image_base has bogus value) -* Thu Oct 29 2020 Alexey Makhalov 2.04-1 -- Fixes for CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, - CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706 - CVE-2020-15707. -* Mon Oct 26 2020 Alexey Makhalov 2.02-15 -- Use prebuilt and presigned grubx64.efi. -* Tue Mar 10 2020 Alexey Makhalov 2.02-14 -- Package grubx64.efi (bootaa64.efi) into -efi-image subpackage. -* Wed Aug 14 2019 Alexey Makhalov 2.02-13 -- Add one more patch from fc30 to fix arm64 build. -* Thu Feb 21 2019 Alexey Makhalov 2.02-12 -- Update grub version from ~rc3 to release. -- Enhance SB + TPM support (19 patches from grub2-2.02-70.fc30) -- Remove i386-pc modules from grub2-efi -* Fri Jan 25 2019 Alexey Makhalov 2.02-11 -- Disable efinet for aarch64 to workwround NXP ls1012a frwy PFE bug. -* Tue Nov 14 2017 Alexey Makhalov 2.02-10 -- Aarch64 support -* Fri Jun 2 2017 Bo Gan 2.02-9 -- Split grub2 to grub2 and grub2-pc, remove grub2-efi spec -* Fri Apr 14 2017 Alexey Makhalov 2.02-8 -- Version update to 2.02~rc2 -* Fri Nov 18 2016 Anish Swaminathan 2.02-7 -- Add fix for CVE-2015-8370 -* Fri Nov 18 2016 Anish Swaminathan 2.02-6 -- Change systemd dependency -* Thu Oct 06 2016 ChangLee 2.02-5 -- Modified %check -* Tue May 24 2016 Priyesh Padmavilasom 2.02-4 -- GA - Bump release of all rpms -* Fri Oct 02 2015 Divya Thaluru 2.02-3 -- Adding patch to boot entries with out password. -* Wed Jul 22 2015 Divya Thaluru 2.02-2 -- Changing program name from grub to grub2. -* Mon Jun 29 2015 Divya Thaluru 2.02-1 -- Updating grub to 2.02 -* Wed Nov 5 2014 Divya Thaluru 2.00-1 -- Initial build. First version diff --git a/SPECS/gssntlmssp/gssntlmssp.spec b/SPECS/gssntlmssp/gssntlmssp.spec deleted file mode 100644 index 6f7e484d52..0000000000 --- a/SPECS/gssntlmssp/gssntlmssp.spec +++ /dev/null @@ -1,123 +0,0 @@ -Summary: GSSAPI NTLMSSP Mechanism -Name: gssntlmssp -Version: 1.1.0 -Release: 12%{?dist} -Vendor: VMware, Inc. -Distribution: Photon -License: LGPLv3+ -URL: /~https://github.com/gssapi/gss-ntlmssp -Group: Applications/System - -Source0: /~https://github.com/gssapi/gss-ntlmssp/releases/download/v%{version}/%{name}-%{version}.tar.gz -%define sha512 %{name}=6cd20542aa18dba6f2b777cea8f481e7d73eb1034e14c8aba4ce8984f138ba445a82547b10297ee99f7042920bd910ca10dd67692f3b242696fcc27dfcab123f - -Requires: krb5 -Requires: libtasn1 -Requires: openssl -Requires: e2fsprogs-libs -Requires: libunistring -Requires: libwbclient -Requires: zlib -Requires: gnutls - -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: libtool -BuildRequires: m4 -BuildRequires: libxslt-devel -BuildRequires: docbook-xsl -BuildRequires: doxygen -BuildRequires: gettext-devel -BuildRequires: pkg-config -BuildRequires: krb5-devel -BuildRequires: libunistring-devel -BuildRequires: openssl-devel -BuildRequires: gnutls-devel -BuildRequires: libtasn1-devel -BuildRequires: libtirpc-devel -BuildRequires: openldap-devel -BuildRequires: Linux-PAM-devel -BuildRequires: jansson-devel -BuildRequires: gnutls-devel -BuildRequires: samba-client-libs -BuildRequires: libwbclient -BuildRequires: libwbclient-devel -BuildRequires: zlib-devel -BuildRequires: make - -%description -A GSSAPI Mechanism that implements NTLMSSP - -%package devel -Summary: Development header for GSSAPI NTLMSSP -License: LGPLv3+ -Requires: %{name} = %{version}-%{release} - -%description devel -Adds a header file with definition for custom GSSAPI extensions for NTLMSSP - -%prep -%autosetup -n gss-ntlmssp-%{version} -p1 - -%build -autoreconf -fiv -%configure \ - --with-wbclient \ - --disable-static \ - --disable-rpath \ - --with-manpages=no - -%make_build - -%install -%make_install %{?_smp_mflags} -mkdir -p %{buildroot}%{_sysconfdir}/gss/mech.d -install -pm644 examples/mech.ntlmssp %{buildroot}%{_sysconfdir}/gss/mech.d/ntlmssp.conf -%{find_lang} %{name} - -%if 0%{?with_check} -%check -make %{?_smp_mflags} test_gssntlmssp -%endif - -%clean -rm -rf %{buildroot}/* - -%files -f %{name}.lang -%defattr(-,root,root) -%config(noreplace) %{_sysconfdir}/gss/mech.d/ntlmssp.conf -%{_libdir}/%{name}/%{name}.so - -%files devel -%defattr(-,root,root) -%{_includedir}/gssapi/gssapi_ntlmssp.h - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 1.1.0-12 -- Bump version as a part of openssl upgrade -* Tue Sep 19 2023 Nitesh Kumar 1.1.0-11 -- Bump version as a part of openldap v2.6.4 upgrade -* Fri Jul 28 2023 Srish Srinivasan 1.1.0-10 -- Bump version as a part of krb5 upgrade -* Wed Apr 19 2023 Ashwin Dayanand Kamat 1.1.0-9 -- Bump version as a part of libxml2 upgrade -* Fri Apr 14 2023 Shreenidhi Shedi 1.1.0-8 -- Bump version as a part of zlib upgrade -* Wed Feb 08 2023 Shreenidhi Shedi 1.1.0-7 -- Bump version as a part of openldap upgrade -* Thu Jan 26 2023 Ashwin Dayanand Kamat 1.1.0-6 -- Bump version as a part of krb5 upgrade -* Sat Jan 14 2023 Ashwin Dayanand Kamat 1.1.0-5 -- Bump version as a part of gettext upgrade -* Sun Nov 13 2022 Shreenidhi Shedi 1.1.0-4 -- Bump version as a part of libtirpc upgrade -* Fri Oct 07 2022 Shreenidhi Shedi 1.1.0-3 -- Bump version as a part of libxslt upgrade -* Tue Aug 30 2022 Shreenidhi Shedi 1.1.0-2 -- Bump version as a part of gnutls upgrade -* Mon Jul 11 2022 Gerrit Photon 1.1.0-1 -- Automatic Version Bump -* Thu Jun 16 2022 Ashwin Dayanand Kamat 1.0.0-2 -- Bump version as a part of libxslt upgrade -* Thu May 06 2021 Shreyas B. 1.0.0-1 -- Initial version of gssntlmssp spec. diff --git a/SPECS/gst-plugins-bad/gst-plugins-bad.spec b/SPECS/gst-plugins-bad/gst-plugins-bad.spec deleted file mode 100644 index 0888df2eec..0000000000 --- a/SPECS/gst-plugins-bad/gst-plugins-bad.spec +++ /dev/null @@ -1,76 +0,0 @@ -Summary: The GStreamer Bad Plug-ins package contains a set a set of plug-ins that aren't up to par compared to the rest -Name: gst-plugins-bad -Version: 1.21.3 -Release: 1%{?dist} -License: LGPLv2 -URL: http://gstreamer.freedesktop.org/ -Group: Applications/Multimedia -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://gstreamer.freedesktop.org/src/%{name}/%{name}-%{version}.tar.xz -%define sha512 %{name}=706b77adcb9d73cbfa5148eacc5c9efc4ad904d25a23b70b5bd80b0891c94ac5c5400416de1cf9aa86558e606d1928af9bae7acc68491ca7414f63604fa6cf71 - -BuildRequires: meson -BuildRequires: cmake -BuildRequires: gstreamer-plugins-base-devel -Requires: gstreamer-plugins-base - -%description -The GStreamer Good Plug-ins is a set of plug-ins considered by the GStreamer developers -to have good quality code, correct functionality, and the preferred license (LGPL). -A wide range of video and audio decoders, encoders, and filters are included. - -%package devel -Summary: GStreamer Plugin Library Headers -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} -Requires: gstreamer-plugins-base-devel - -%description devel -The GStreamer Bad Plug-ins package contains a set a set of plug-ins that aren't up to par compared to the rest - -%prep -%autosetup -p1 - -%build -%meson \ - --auto-features=auto \ - %{nil} - -%meson_build - -%install -%meson_install - -%ldconfig_scriptlets - -%check -%meson_test - -%clean -rm -rf %{buildroot} - -%files -%defattr(-, root, root) -%{_bindir}/* -%{_libdir}/*.so.* - -%files devel -%defattr(-, root, root) -%{_libdir}/gstreamer-1.0/*.so -%{_libdir}/*.so -%{_libdir}/pkgconfig -%{_libdir}/girepository-1.0 -%{_includedir}/gstreamer-1.0 -%{_datadir}/locale -%{_datadir}/gstreamer-1.0 -%{_datadir}/gir-1.0 - -%changelog -* Tue Dec 13 2022 Gerrit Photon 1.21.3-1 -- Automatic Version Bump -* Tue Sep 06 2022 Shivani Agarwal 1.17.1-1 -- Upgrade version -* Mon Jul 13 2015 Harish Udaiya Kumar 1.5.1-1 -- initial version diff --git a/SPECS/gstreamer-plugins-base/gstreamer-plugins-base.spec b/SPECS/gstreamer-plugins-base/gstreamer-plugins-base.spec deleted file mode 100644 index daffab2aa0..0000000000 --- a/SPECS/gstreamer-plugins-base/gstreamer-plugins-base.spec +++ /dev/null @@ -1,104 +0,0 @@ -Summary: GStreamer streaming media framework plug-ins -Name: gstreamer-plugins-base -Version: 1.21.3 -Release: 2%{?dist} -License: LGPLv2+ -URL: http://gstreamer.freedesktop.org -Group: Applications/Multimedia -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-base-%{version}.tar.xz -%define sha512 gst-plugins-base=06fc939f967efb60118245613ca13ddeb75701a994f93e519f306165290063d6a3dc3b8b393adfe56878bae7d9e8675ad51f73059af65bab0cb560754923d8e0 - -BuildRequires: meson -BuildRequires: cmake -BuildRequires: gstreamer-devel -BuildRequires: pango-devel -BuildRequires: alsa-lib-devel -BuildRequires: libX11-devel -BuildRequires: libXext-devel -BuildRequires: fribidi-devel - -Requires: gstreamer -Requires: pango -Requires: alsa-lib -Requires: libX11 -Requires: libXext -Requires: cairo - -%description -GStreamer is a streaming media framework, based on graphs of filters which -operate on media data. Applications using this library can do anything -from real-time sound processing to playing videos, and just about anything -else media-related. Its plugin-based architecture means that new data -types or processing capabilities can be added simply by installing new -plug-ins. - -%package devel -Summary: GStreamer Plugin Library Headers -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} -Requires: gstreamer-devel -Requires: pango-devel -Requires: cairo-devel -Requires: alsa-lib-devel -Requires: libX11-devel -Requires: libXext-devel -Requires: fribidi-devel - -%description devel -GStreamer Plugins Base library development and header files. - -%prep -%autosetup -n gst-plugins-base-%{version} -p1 - -%build -%meson \ - --auto-features=auto \ - %{nil} - -%meson_build - -%install -%meson_install - -%ldconfig_scriptlets - -%check -%meson_test - -%clean -rm -rf %{buildroot} - -%files -%defattr(-, root, root) -%{_bindir}/gst-discoverer-1.0 -%{_bindir}/gst-play-1.0 -%{_bindir}/gst-device-monitor-1.0 -%{_mandir}/man1/gst-discoverer-1.0* -%{_mandir}/man1/gst-play-1.0* -%{_mandir}/man1/gst-device-monitor-1.0* -%{_libdir}/*.so.* -%{_libdir}/gstreamer-1.0/*.so - -%files devel -%defattr(-, root, root) -%{_includedir}/* -%{_libdir}/*.so -%{_libdir}/pkgconfig/*.pc -%{_libdir}/gstreamer-1.0/*.so -%{_libdir}/girepository-1.0/*.typelib -%{_datadir}/* - -%changelog -* Wed Jun 14 2023 Shivani Agarwal 1.21.3-2 -- Bump version as a part of libX11 upgrade -* Thu Dec 15 2022 Gerrit Photon 1.21.3-1 -- Automatic Version Bump -* Tue Sep 06 2022 Shivani Agarwal 1.17.1-1 -- Upgrade version -* Wed Nov 15 2017 Harish Udaiya Kumar 1.5.1-2 -- Updated build requires & requires to build with Photon 2.0 -* Thu Jun 25 2015 Harish Udaiya Kumar 1.5.1-1 -- initial version diff --git a/SPECS/gstreamer/gstreamer.spec b/SPECS/gstreamer/gstreamer.spec deleted file mode 100644 index a1bd030a3e..0000000000 --- a/SPECS/gstreamer/gstreamer.spec +++ /dev/null @@ -1,89 +0,0 @@ -Summary: A streaming media framework -Name: gstreamer -Version: 1.21.3 -Release: 2%{?dist} -License: LGPLv2+ -URL: http://gstreamer.freedesktop.org/ -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon -Source0: https://gstreamer.freedesktop.org/src/%{name}/%{name}-%{version}.tar.xz -%define sha512 gstreamer=d8b60101aab4f5d77c85756a4cef97f5a17f3aff0ce1fbe2f65f160e210f284fcc2929e7a807ff73c7586f53212d8dab000642882b019fe45cefab683243df86 - -BuildRequires: meson -BuildRequires: cmake -BuildRequires: glib-devel -BuildRequires: libxml2-devel -BuildRequires: gobject-introspection-devel -BuildRequires: python3-gobject-introspection -BuildRequires: bison - -Requires: glib -Requires: libxml2 - -Provides: pkgconfig(gstreamer-1.0) -Provides: pkgconfig(gstreamer-base-1.0) - -%description -GStreamer is a streaming media framework that enables applications to share a -common set of plugins for things like video encoding and decoding, audio encoding -and decoding, audio and video filters, audio visualisation, web streaming -and anything else that streams in real-time or otherwise. - -%package devel -Summary: Header and development files -Requires: %{name} = %{version}-%{release} -Requires: glib-devel -Requires: libxml2-devel -Requires: gobject-introspection-devel -Requires: python3-gobject-introspection - -%description devel -It contains the libraries and header files to create applications - -%prep -%autosetup -n gstreamer-%{version} -p1 - -%build -%meson \ - --auto-features=auto \ - %{nil} - -%meson_build - -%install -%meson_install - -%ldconfig_scriptlets - -%check -%meson_test - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root,-) -%{_bindir} -%{_libdir}/*.so* -%{_libexecdir} -%{_libdir}/gstreamer-1.0/*.so - -%files devel -%defattr(-,root,root) -%{_includedir}/* -%{_libdir}/*.so -%{_libdir}/pkgconfig/*.pc -%{_libdir}/gstreamer-1.0/*.so -%{_libdir}/girepository-1.0/* -%{_datadir}/* - -%changelog -* Wed Apr 19 2023 Ashwin Dayanand Kamat 1.21.3-2 -- Bump version as a part of libxml2 upgrade -* Tue Dec 13 2022 Gerrit Photon 1.21.3-1 -- Automatic Version Bump -* Tue Sep 06 2022 Shivani Agarwal 1.17.1-1 -- Upgrade version -* Wed Jun 24 2015 Harish Udaiya Kumar 1.5.1-1 -- initial version diff --git a/SPECS/gtest/gtest.spec b/SPECS/gtest/gtest.spec deleted file mode 100644 index 1b912d52f4..0000000000 --- a/SPECS/gtest/gtest.spec +++ /dev/null @@ -1,130 +0,0 @@ -Summary: Google's C++ gtest framework -Name: gtest -Version: 1.12.1 -Release: 2%{?dist} -License: ASL 2.0 -URL: /~https://github.com/google/googletest -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/google/googletest/archive/googletest-%{version}.tar.gz -%define sha512 googletest=a9104dc6c53747e36e7dd7bb93dfce51a558bd31b487a9ef08def095518e1296da140e0db263e0644d9055dbd903c0cb69380cb2322941dbfb04780ef247df9c - -BuildRequires: build-essential -BuildRequires: cmake - -%description -Google's C++ test framework that combines the GoogleTest and GoogleMock projects. -This package provides gtest shared libraries. - -%package devel -Summary: libgtest headers -Group: Development/Tools -Requires: %{name} = %{version}-%{release} - -%description devel -This contains libgtest header files. - -%package -n gmock -Summary: Google's C++ gmock framework -Group: Development/Tools -Requires: %{name} = %{version}-%{release} - -%description -n gmock -Google's C++ test framework that combines the GoogleTest and GoogleMock projects. -This package provides gmock shared libraries. - -%package -n gmock-devel -Summary: libgmock headers -Group: Development/Tools -Requires: gmock = %{version}-%{release} - -%description -n gmock-devel -This contains libgmock header files. - -%prep -%autosetup -p1 -n googletest-release-%{version} - -%build -%{cmake} \ - -DBUILD_SHARED_LIBS=OFF \ - -DCMAKE_INSTALL_LIBDIR=%{_libdir} - -%{cmake_build} - -%{cmake} \ - -DBUILD_SHARED_LIBS=ON \ - -DCMAKE_INSTALL_LIBDIR=%{_libdir} - -%{cmake_build} - -%install -%{cmake_install} - -mv %{__cmake_builddir}/lib/*.a %{buildroot}%{_libdir} -chmod 644 %{buildroot}%{_libdir}/*.a - -install -vdm 755 %{buildroot}%{_usrsrc}/gtest/src/ -install -vdm 755 %{buildroot}%{_usrsrc}/gmock/src/ -cp googletest/src/* %{buildroot}%{_usrsrc}/gtest/src/ -cp googlemock/src/* %{buildroot}%{_usrsrc}/gmock/src/ - -%clean -rm -rf %{buildroot}/* - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%post -n gmock -p /sbin/ldconfig -%postun -n gmock -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_libdir}/libgtest.so.* -%{_libdir}/libgtest_main.so.* - -%files -n gmock -%defattr(-,root,root) -%{_libdir}/libgmock.so.* -%{_libdir}/libgmock_main.so.* - -%files devel -%defattr(-,root,root) -%{_includedir}/gtest/* -%{_usrsrc}/gtest/ -%{_libdir}/cmake/GTest/*.cmake -%{_libdir}/pkgconfig/*.pc -%{_libdir}/libgtest.so -%{_libdir}/libgtest_main.so -%{_libdir}/libgtest.a -%{_libdir}/libgtest_main.a - -%files -n gmock-devel -%defattr(-,root,root) -%{_includedir}/gmock/* -%{_libdir}/libgmock.so -%{_libdir}/libgmock_main.so -%{_usrsrc}/gmock/ -%{_libdir}/libgmock.a -%{_libdir}/libgmock_main.a - -%changelog -* Thu Jan 12 2023 Shreenidhi Shedi 1.12.1-2 -- Fix requires in all packages -* Mon Jul 11 2022 Gerrit Photon 1.12.1-1 -- Automatic Version Bump -* Mon Jun 20 2022 Shreenidhi Shedi 1.11.0-2 -- Use cmake macros for build -* Mon Apr 18 2022 Gerrit Photon 1.11.0-1 -- Automatic Version Bump -* Mon Jun 22 2020 Gerrit Photon 1.10.0-1 -- Automatic Version Bump -* Sun Sep 23 2018 Sharath George 1.8.1-2 -- Add gmock subpackage -* Wed Sep 12 2018 Anish Swaminathan 1.8.1-1 -- Update version to 1.8.1 -* Thu May 04 2017 Anish Swaminathan 1.8.0-2 -- Add gtest sources in devel package -* Mon Apr 10 2017 Vinay Kulkarni 1.8.0-1 -- Initial version of libgtest package for Photon. diff --git a/SPECS/gtk-doc/gtk-doc.spec b/SPECS/gtk-doc/gtk-doc.spec deleted file mode 100644 index 1f6b9c4357..0000000000 --- a/SPECS/gtk-doc/gtk-doc.spec +++ /dev/null @@ -1,79 +0,0 @@ -Summary: Program to generate documenation -Name: gtk-doc -Version: 1.33.2 -Release: 3%{?dist} -License: GPLv2+ -URL: http://www.gnu.org/software/%{name} -Group: Development/Tools -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.acc.umu.se/pub/gnome/sources/gtk-doc/1.33/gtk-doc-%{version}.tar.xz -%define sha512 %{name}=f50f68ab6b4bc59f55e84b49c1481f05700171cbf79eca9ba8f3a142a30a4ba88fe096983ebb8d117a9ef8bcea40934674096683d956f5c54cae457d31f651ab - -BuildRequires: docbook-xml >= 4.5 -BuildRequires: docbook-xsl >= 1.78.1 -BuildRequires: itstool >= 2.0.2 -BuildRequires: libxslt-devel >= 1.1.28 -BuildRequires: which -BuildRequires: cmake -BuildRequires: check-devel -BuildRequires: python3-devel - -Requires: libxslt -Requires: docbook-xml -Requires: docbook-xsl -Requires: python3-Pygments -Requires: python3 -Provides: perl(gtkdoc-common.pl) - -BuildArch: noarch - -%description -The GTK-Doc package contains a code documenter. This is useful for extracting -specially formatted comments from the code to create API documentation. - -%prep -%autosetup -p1 - -%build -sh ./autogen.sh -%configure -%make_build - -%install -%make_install %{?_smp_mflags} - -%check -cd tests && make check-TESTS %{?_smp_mflags} - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_datadir}/* - -%changelog -* Fri Oct 07 2022 Shreenidhi Shedi 1.33.2-3 -- Bump version as a part of libxslt upgrade -* Thu Jun 16 2022 Ashwin Dayanand Kamat 1.33.2-2 -- Bump version as a part of libxslt upgrade -* Tue Apr 13 2021 Gerrit Photon 1.33.2-1 -- Automatic Version Bump -* Mon Oct 5 2020 Michelle Wang 1.33.0-1 -- Update to version 1.33.0 -* Wed Aug 26 2020 Keerthana K 1.32-1 -- Update to version 1.32. -* Wed Sep 12 2018 Anish Swaminathan 1.29-1 -- Upgrade to 1.29 -* Tue Apr 25 2017 Priyesh Padmavilasom 1.25-2 -- Fix arch -* Fri Mar 24 2017 Dheeraj Shetty 1.25-1 -- Upgrade to 1.25 -* Tue May 24 2016 Priyesh Padmavilasom 1.24-3 -- GA - Bump release of all rpms -* Thu Feb 25 2016 Anish Swaminathan 1.24-1 -- Upgrade to 1.24 -* Wed May 20 2015 Touseef Liaqat 1.21.1-2 -- Updated group. -* Mon Nov 24 2014 Divya Thaluru 1.21-1 -- Initial build. First version diff --git a/SPECS/gtk3/gtk3.spec b/SPECS/gtk3/gtk3.spec deleted file mode 100644 index 9b05a59994..0000000000 --- a/SPECS/gtk3/gtk3.spec +++ /dev/null @@ -1,184 +0,0 @@ -Summary: GUI library. -Name: gtk3 -Version: 3.23.3 -Release: 7%{?dist} -License: LGPLv2+ -URL: http://www.gtk.org -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnome.org/pub/gnome/sources/gtk/3.23/gtk+-%{version}.tar.xz -%define sha512 gtk+-3=c4d519735d0292e1e503e2dfdf764f9a5b039a77d055ba4d8b98e9acd0451a2f9f4b92ec4051722f234e652f895a2712a5e56d1387a52ea583c4bf6ef346403c - -BuildRequires: meson >= 0.50 -BuildRequires: cmake -BuildRequires: gobject-introspection-devel -BuildRequires: atk-devel -BuildRequires: libXi-devel -BuildRequires: libglvnd-devel -BuildRequires: libepoxy-devel -BuildRequires: at-spi2-core-devel -BuildRequires: glib-devel >= 2.68.0 -BuildRequires: glib-schemas >= 2.68.0 -BuildRequires: fontconfig-devel -BuildRequires: libpng-devel -BuildRequires: harfbuzz-devel -BuildRequires: cairo-devel -BuildRequires: fribidi-devel -BuildRequires: pango-devel -BuildRequires: shared-mime-info -BuildRequires: gdk-pixbuf-devel -BuildRequires: libXfixes-devel -BuildRequires: libxkbcommon-x11 -BuildRequires: libxkbcommon-devel -BuildRequires: libX11-devel -BuildRequires: libxml2-devel -BuildRequires: graphene-devel -BuildRequires: libXrandr-devel -BuildRequires: gst-plugins-bad-devel -BuildRequires: cups-devel -BuildRequires: wayland-devel -BuildRequires: wayland-protocols-devel -BuildRequires: libXinerama-devel -BuildRequires: libXcomposite-devel -BuildRequires: libXdamage-devel - -Requires: libXdamage -Requires: libXcomposite -Requires: libXinerama -Requires: gobject-introspection -Requires: glib >= 2.68.0 -Requires: cairo -Requires: cups -Requires: harfbuzz -Requires: gdk-pixbuf -Requires: at-spi2-core -Requires: pango -Requires: libX11 -Requires: libXi -Requires: libXext -Requires: libXrandr -Requires: libXfixes -Requires: atk -Requires: at-spi2-core -Requires: fontconfig -Requires: freetype2 -Requires: graphene -Requires: gst-plugins-bad -Requires: libglvnd-egl -Requires: libglvnd-glx -Requires: libglvnd-gles -Requires: libepoxy - -%description -The GTK+ 3 package contains libraries used for creating graphical user interfaces for applications. - -%package devel -Summary: Header and development files -Requires: %{name} = %{version}-%{release} -Requires: gobject-introspection-devel -Requires: libglvnd-devel -Requires: libepoxy-devel -Requires: pango-devel -Requires: libXi-devel -Requires: libXfixes-devel -Requires: libX11-devel -Requires: libxml2-devel -Requires: libxkbcommon-x11 -Requires: libxkbcommon-devel -Requires: glib-devel >= 2.68.0 -Requires: glib-schemas >= 2.68.0 -Requires: harfbuzz-devel -Requires: atk-devel -Requires: at-spi2-core-devel -Requires: fontconfig-devel -Requires: graphene-devel -Requires: cairo-devel -Requires: gdk-pixbuf-devel -Requires: libXext-devel -Requires: libXrandr-devel - -%description devel -It contains the libraries and header files to create applications - -%prep -%autosetup -n gtk+-%{version} -p1 - -%build -export CFLAGS="-Wno-maybe-uninitialized" -%configure --enable-xkb \ - --enable-xinerama \ - --enable-xrandr \ - --enable-xfixes \ - --enable-xcomposite \ - --enable-xdamage \ - --enable-wayland-backend \ - --enable-x11-backend - -%make_build - -%install -%make_install %{?_smp_mflags} - -%ldconfig_scriptlets - -%check -cd tests -make %{?_smp_mflags} -fns=$(find -name 'test*' -executable -maxdepth 1) -for fn in $fns; do - $fn || : -done - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/*.so.* -%{_libdir}/gtk-3.0/* -%{_libdir}/girepository-1.0/ -%{_datadir}/glib-2.0/* -%{_datadir}/locale/* -%{_datadir}/gettext/* -%{_datadir}/gtk-doc -%{_datadir}/man - -%files devel -%defattr(-,root,root) -%{_includedir}/* -%{_libdir}/*.so -%{_libdir}/pkgconfig/ -%{_datadir}/gir-1.0/* -%{_datadir}/gtk-3.0/* -%{_datadir}/icons -%{_datadir}/applications -%{_datadir}/themes -%{_datadir}/aclocal -%{_sysconfdir}/gtk-3.0/ - -%changelog -* Fri Sep 29 2023 Srish Srinivasan 3.23.3-7 -- Version bump as a part of cups upgrade -* Wed Jun 21 2023 Kuntal Nayak 3.23.3-6 -- Bump version as a part of libXi upgrade -* Wed Jun 14 2023 Shivani Agarwal 3.23.3-5 -- Bump version as a part of libX11 upgrade -* Thu Apr 20 2023 Ashwin Dayanand Kamat 3.23.3-4 -- Bump version as a part of libxml2 upgrade -* Wed Apr 19 2023 Ashwin Dayanand Kamat 3.23.3-3 -- Bump version as a part of freetype2 upgrade -* Tue Dec 13 2022 Guruswamy Basavaiah 3.23.3-2 -- Bump release as a part of libpng upgrade -* Mon Aug 22 2022 Shivani Agarwal 3.23.3-1 -- Updated to version 3.23.3 -* Wed Nov 15 2017 Harish Udaiya Kumar 3.20.8-2 -- Updated build requires & requires to build with Photon 2.0 -* Thu Mar 03 2016 Harish Udaiya Kumar 3.20.8-1 -- Updated to version 3.20.8 -* Thu Mar 03 2016 Harish Udaiya Kumar 3.19.11-1 -- Updated to version 3.19.11 -* Wed May 27 2015 Alexey Makhalov 3.14.13-1 -- initial version diff --git a/SPECS/guile/guile.spec b/SPECS/guile/guile.spec deleted file mode 100644 index 26321c34e3..0000000000 --- a/SPECS/guile/guile.spec +++ /dev/null @@ -1,108 +0,0 @@ -%define guile_major_ver 2.2 - -Summary: GNU Ubiquitous Intelligent Language for Extensions -Name: guile -Version: 2.2.7 -Release: 6%{?dist} -License: LGPLv3+ -URL: http://www.gnu.org/software/guile -Group: Development/Languages -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://ftp.gnu.org/gnu/guile/%{name}-%{version}.tar.gz -%define sha512 %{name}=ad11885ffeb7655ef6c8543e67233992dc37bdcf91ed82188e6a144169c6b7d4e31cf7a6d01509c573d00904cb002719b851f71cdf1359a86de401daf613d773 - -BuildRequires: libltdl-devel -BuildRequires: libunistring-devel -BuildRequires: gc-devel -BuildRequires: libffi-devel - -Requires: libltdl -Requires: libunistring -Requires: gc -Requires: libffi -Requires: gmp -Requires: glibc-iconv - -%description -GUILE (GNU's Ubiquitous Intelligent Language for Extension) is a library -implementation of the Scheme programming language, written in C. GUILE -provides a machine-independent execution platform that can be linked in -as a library during the building of extensible programs. - -%package devel -Summary: Development libraries and header files for guile -Requires: %{name} = %{version}-%{release} -Requires: libltdl-devel -Requires: libunistring-devel -Requires: gc-devel - -%description devel -The package contains libraries and header files for -developing applications that use guile. - -%prep -%autosetup -p1 - -%build -%configure \ - --disable-static \ - --disable-error-on-warning - -%make_build - -%install -%make_install %{?_smp_mflags} - -rm -f %{buildroot}%{_libdir}/*.scm \ - %{buildroot}%{_infodir}/* \ - %{buildroot}%{_libdir}/*.la - -%check -%make_build check - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/*.so.* -%{_libdir}/%{name}/* -%{_mandir}/man1/* - -%files devel -%defattr(-,root,root) -%{_datadir}/aclocal/*.m4 -%{_includedir}/%{name}/%{guile_major_ver}/*.h -%{_includedir}/%{name}/%{guile_major_ver}/libguile/*.h -%{_libdir}/*.so -%{_libdir}/pkgconfig/*.pc -%{_datadir}/%{name}/* - -%changelog -* Thu Sep 14 2023 Shreenidhi Shedi 2.2.7-6 -- Fix devel package requires -* Thu Dec 22 2022 Shreenidhi Shedi 2.2.7-5 -- Bump version as a part of readline upgrade -* Sat Oct 01 2022 Shreenidhi Shedi 2.2.7-4 -- Bump version as a part of gc upgrade -* Sun Aug 07 2022 Shreenidhi Shedi 2.2.7-3 -- Remove .la files -* Tue May 10 2022 Shreenidhi Shedi 2.2.7-2 -- Bump version as a part of libffi upgrade -* Mon May 03 2021 Gerrit Photon 2.2.7-1 -- Automatic Version Bump -* Thu Jul 16 2020 Tapas Kundu 2.0.13-3 -- Bump to build with latest libffi -* Wed May 03 2017 Dheeraj Shetty 2.0.13-2 -- Adding glibc-iconv to Requires section -* Wed Jan 18 2017 Dheeraj Shetty 2.0.13-1 -- Bumped to latest version 2.0.13 to handle CVE-2016-8606 -* Thu Oct 06 2016 ChangLee 2.0.11-3 -- Modified %check -* Tue May 24 2016 Priyesh Padmavilasom 2.0.11-2 -- GA - Bump release of all rpms -* Thu Jun 18 2015 Divya Thaluru 2.0.11-1 -- Initial build. First version diff --git a/SPECS/guile/guile3.spec b/SPECS/guile/guile3.spec deleted file mode 100644 index aee1886eef..0000000000 --- a/SPECS/guile/guile3.spec +++ /dev/null @@ -1,93 +0,0 @@ -%define guile_major_ver 3.0 - -Summary: GNU Ubiquitous Intelligent Language for Extensions -Name: guile3 -Version: 3.0.8 -Release: 3%{?dist} -License: LGPLv3+ -URL: http://www.gnu.org/software/guile -Group: Development/Languages -Vendor: VMware, Inc. -Distribution: Photon - -Source0: https://ftp.gnu.org/gnu/guile/guile-%{version}.tar.xz -%define sha512 guile=5d1d93e3e22c524ea3c2fe28cf3c343ab8ba99bf5c7b8750c4ebcaf556ae21485fb99e5ccc50c4b07037cdc678552557753d67ef2c93d8c1b62603e1809418f6 - -BuildRequires: libltdl-devel -BuildRequires: libunistring-devel -BuildRequires: gc-devel -BuildRequires: libffi-devel -BuildRequires: readline-devel - -Requires: readline -Requires: libltdl -Requires: libunistring -Requires: gc -Requires: libffi -Requires: gmp -Requires: glibc-iconv - -%description -GUILE (GNU's Ubiquitous Intelligent Language for Extension) is a library -implementation of the Scheme programming language, written in C. GUILE -provides a machine-independent execution platform that can be linked in -as a library during the building of extensible programs. - -%package devel -Summary: Development libraries and header files for guile -Requires: %{name} = %{version}-%{release} -Requires: libltdl-devel -Requires: libunistring-devel -Requires: gc-devel - -%description devel -The package contains libraries and header files for -developing applications that use guile. - -%prep -%autosetup -p1 -n guile-%{version} - -%build -%configure \ - --disable-static \ - --disable-error-on-warning \ - --program-suffix=%{guile_major_ver} - -%make_build - -%install -%make_install %{?_smp_mflags} - -rm -f %{buildroot}%{_libdir}/*.scm \ - %{buildroot}%{_infodir}/* \ - %{buildroot}%{_libdir}/*.la - -%check -%make_build check - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_libdir}/*.so.* -%{_libdir}/guile/* -%{_mandir}/man1/* - -%files devel -%defattr(-,root,root) -%{_datadir}/aclocal/*.m4 -%{_includedir}/guile/%{guile_major_ver}/*.h -%{_includedir}/guile/%{guile_major_ver}/libguile/*.h -%{_libdir}/*.so -%{_libdir}/pkgconfig/*.pc -%{_datadir}/guile/* - -%changelog -* Thu Sep 14 2023 Shreenidhi Shedi 3.0.8-3 -- Fix devel package requires -* Thu Dec 22 2022 Shreenidhi Shedi 3.0.8-2 -- Bump version as a part of readline upgrade -* Sat Oct 01 2022 Shreenidhi Shedi 3.0.8-1 -- First build, guile3. diff --git a/SPECS/gzip/gzip.spec b/SPECS/gzip/gzip.spec deleted file mode 100644 index 9bd452385d..0000000000 --- a/SPECS/gzip/gzip.spec +++ /dev/null @@ -1,64 +0,0 @@ -Summary: Programs for compressing and decompressing files -Name: gzip -Version: 1.12 -Release: 2%{?dist} -License: GPLv3+ -URL: http://www.gnu.org/software -Group: Applications/File -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://ftp.gnu.org/gnu/gzip/%{name}-%{version}.tar.xz -%define sha512 %{name}=116326fe991828227de150336a0c016f4fe932dfbb728a16b4a84965256d9929574a4f5cfaf3cf6bb4154972ef0d110f26ab472c93e62ec9a5fd7a5d65abea24 - -BuildRequires: less - -%description -The Gzip package contains programs for compressing and -decompressing files. - -%prep -%autosetup -p1 - -%build -#make some fixes required by glibc-2.28: -sed -i 's/IO_ftrylockfile/IO_EOF_SEEN/' lib/*.c -echo "#define _IO_IN_BACKUP 0x100" >> lib/stdio-impl.h - -%configure --disable-silent-rules -make %{?_smp_mflags} - -%install -make DESTDIR=%{buildroot} install %{?_smp_mflags} -install -vdm 755 %{buildroot}%{_bindir} -rm -rf %{buildroot}%{_infodir} - -%check -%if 0%{?with_check} -make %{?_smp_mflags} check -%endif - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_mandir}/*/* - -%changelog -* Wed May 18 2022 Shreenidhi Shedi 1.12-2 -- Add less to BuildRequires, required to build zless binary -* Mon Apr 18 2022 Gerrit Photon 1.12-1 -- Automatic Version Bump -* Wed Jul 08 2020 Gerrit Photon 1.10-1 -- Automatic Version Bump -* Thu Aug 22 2019 Prashant Singh Chauhan 1.9-2 -- Fix for make check failure -* Wed Sep 12 2018 Anish Swaminathan 1.9-1 -- Update to version 1.9 -* Sat Sep 08 2018 Alexey Makhalov 1.8-2 -- Fix compilation issue against glibc-2.28 -* Fri Mar 24 2017 Dheeraj Shetty 1.8-1 -- Upgrading to version 1.8 -* Tue May 24 2016 Priyesh Padmavilasom 1.6-2 -- GA - Bump release of all rpms -* Wed Nov 5 2014 Divya Thaluru 1.6-1 -- Initial build. First version. diff --git a/SPECS/haproxy-dataplaneapi/haproxy-dataplaneapi.spec b/SPECS/haproxy-dataplaneapi/haproxy-dataplaneapi.spec deleted file mode 100644 index 0c42e64ba3..0000000000 --- a/SPECS/haproxy-dataplaneapi/haproxy-dataplaneapi.spec +++ /dev/null @@ -1,93 +0,0 @@ -%global commit 68bd22b2219d043e2f4f982ff8aa03262888a277 -%global commitdate 20210115 -%global version 2.2.0 -%global shortcommit %(c=%{commit}; echo ${c:0:7}) -%global repo dataplaneapi -%global cmd %{repo} -%global build_date %(date '+%%Y-%%m-%%dT%%H:%%M:%%S') -# Required to avoid an error once integrating the Go Build ID. -%global debug_package %{nil} - -Summary: A sidecar process for managing HAProxy. -Name: haproxy-%{repo} -Version: 2.7.1 -Release: 10%{?dist} -License: Apache License 2.0 -URL: /~https://github.com/haproxytech/%{repo} -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/haproxytech/%{name}-%{version}.tar.gz -%define sha512 %{name}=f534e6a6622e09cfe505201317f9a6237df6bf347758b844c92266fb9606d493fc43bdb11f6bd16e63372caf1fb3642c6c944805a5c1e7e5791433b64a73dacc - -BuildRequires: go -BuildRequires: ca-certificates - -Requires: haproxy >= 2.0.10 - -%description -HAProxy Data Plane API is a sidecar process that runs next to HAProxy -and provides API endpoints for managing HAProxy. - -%prep -%autosetup -n %{repo}-%{version} - -%build -%define gcflags -N -l -# The build_id and ldflags_for_build_id are the solution for the issue -# that the Build ID in Go binaries: -# - the issue /~https://github.com/rpm-software-management/rpm/issues/367 -# - the work-around /~https://github.com/aws/amazon-ssm-agent/issues/268 -%define build_id %(head -c20 /dev/urandom|od -An -tx1|tr -d '[:space:]') -%define ldflags_for_build_id -s -w -B 0x%{build_id} -extldflags=-Wl,-z,now,-z,relro,-z,defs -%define ldflags_for_build_metadata -X main.GitRepo=%{SOURCE0} -X main.GitTag=v%{version} -X main.GitCommit=%{commit} -X main.GitDirty= -X main.BuildTime=%{build_date} -%define ldflags %{ldflags_for_build_id} %{ldflags_for_build_metadata} -export CGO_ENABLED=0 -go build -gcflags "%{gcflags}" -ldflags "%{ldflags}" -o %{cmd} ./cmd/%{cmd}/ - -%install -install -m 755 -D %{cmd} %{buildroot}%{_libexecdir}/haproxy/%{cmd} - -%clean -rm -rf %{buildroot}/* - -%files -%defattr(-,root,root) -%{_libexecdir}/haproxy/%{cmd} - -%changelog -* Wed Oct 11 2023 Piyush Gupta 2.7.1-10 -- Bump up version to compile with new go -* Mon Sep 18 2023 Piyush Gupta 2.7.1-9 -- Bump up version to compile with new go -* Thu Sep 14 2023 Shreenidhi Shedi 2.7.1-8 -- Fix a source0 mishap while building -* Mon Aug 21 2023 Nitesh Kumar 2.7.1-7 -- Version bump up to use haproxy v2.7.10 -* Mon Jul 17 2023 Piyush Gupta 2.7.1-6 -- Bump up version to compile with new go -* Mon Jul 03 2023 Piyush Gupta 2.7.1-5 -- Bump up version to compile with new go -* Thu May 18 2023 Nitesh Kumar 2.7.1-4 -- Version bump up to use haproxy v2.7.3 -* Wed May 03 2023 Piyush Gupta 2.7.1-3 -- Bump up version to compile with new go -* Thu Mar 09 2023 Piyush Gupta 2.7.1-2 -- Bump up version to compile with new go -* Tue Dec 13 2022 Gerrit Photon 2.7.1-1 -- Automatic Version Bump -* Mon Nov 21 2022 Piyush Gupta 2.6.1-2 -- Bump up version to compile with new go -* Thu Nov 03 2022 Nitesh Kumar 2.6.1-1 -- Version upgrade to v2.6.1 -* Fri Sep 16 2022 Nitesh Kumar 2.5.4-3 -- Version bump up to use haproxy-2.6.4 -* Tue Jul 19 2022 Piyush Gupta 2.5.4-2 -- Bump up version to compile with new go -* Sun May 29 2022 Gerrit Photon 2.5.4-1 -- Automatic Version Bump -* Tue Mar 15 2022 Nitesh Kumar 2.2.0-2 -- Version bump up to use haproxy-2.5.5 -* Fri Feb 19 2021 HarinadhD 2.2.0-1 -- Initial release diff --git a/SPECS/haproxy/haproxy.spec b/SPECS/haproxy/haproxy.spec deleted file mode 100644 index 4a395fef6a..0000000000 --- a/SPECS/haproxy/haproxy.spec +++ /dev/null @@ -1,123 +0,0 @@ -Summary: A fast, reliable HA, load balancing, and proxy solution. -Name: haproxy -Version: 2.7.10 -Release: 2%{?dist} -License: GPL -URL: http://www.haproxy.org -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://www.haproxy.org/download/2.7/src/%{name}-%{version}.tar.gz -%define sha512 %{name}=47896b1084eb02a84ef6d08697c0e57147bdda1abc9b2e0eec4403297236f49f81011656a4d4f53379a8259d1dc3a55abc639905983f8cb0e97f41ac83ff871e - -BuildRequires: openssl-devel -BuildRequires: pcre-devel -BuildRequires: lua-devel -BuildRequires: pkg-config -BuildRequires: zlib-devel -BuildRequires: systemd-devel - -Requires: systemd - -%description -HAProxy is a fast and reliable solution offering high availability, load -balancing, and proxying for TCP and HTTP-based applications. It is suitable -for very high traffic web-sites. - -%package doc -Summary: Documentation for haproxy -Requires: %{name} = %{version}-%{release} - -%description doc -It contains the documentation and manpages for haproxy package. - -%prep -%autosetup -p1 - -%build -make %{?_smp_mflags} TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 \ - USE_GETADDRINFO=1 USE_ZLIB=1 USE_SYSTEMD=1 -make %{?_smp_mflags} -C admin/systemd -sed -i s/"local\/"/""/g admin/systemd/haproxy.service -sed -i "s/\/run/\/var\/run/g" admin/systemd/haproxy.service -sed -i "s/192.168.1.22/127.0.0.0/g" examples/transparent_proxy.cfg - -%install -[ %{buildroot} != "/" ] && rm -rf %{buildroot}/* -make DESTDIR=%{buildroot} PREFIX=%{_prefix} DOCDIR=%{_docdir}/haproxy TARGET=linux-glibc install %{?_smp_mflags} -install -vDm755 admin/systemd/haproxy.service \ - %{buildroot}/usr/lib/systemd/system/haproxy.service -install -vDm644 examples/transparent_proxy.cfg %{buildroot}/%{_sysconfdir}/haproxy/haproxy.cfg - -%files -%defattr(-,root,root) -%{_sbindir}/* -%{_libdir}/systemd/system/haproxy.service -%{_sysconfdir}/haproxy/haproxy.cfg - -%files doc -%defattr(-,root,root,-) -%{_docdir}/haproxy/* -%{_mandir}/* - -%changelog -* Sun Nov 19 2023 Shreenidhi Shedi 2.7.10-2 -- Bump version as a part of openssl upgrade -* Mon Aug 21 2023 Nitesh Kumar 2.7.10-1 -- Version upgrade to v2.7.10 to fix CVE-2023-40225 -* Tue Jun 20 2023 Shreenidhi Shedi 2.7.3-2 -- Bump version as a part of lua upgrade -* Thu May 18 2023 Nitesh Kumar 2.7.3-1 -- Version upgrade to v2.7.3 to fix CVE-2023-25725 -* Fri Apr 14 2023 Shreenidhi Shedi 2.7.0-3 -- Bump version as a part of zlib upgrade -* Wed Apr 05 2023 Nitesh Kumar 2.7.0-2 -- Fix CVE-2023-0056, CVE-2023-0836 -* Tue Dec 13 2022 Gerrit Photon 2.7.0-1 -- Automatic Version Bump -* Fri Oct 28 2022 Gerrit Photon 2.6.6-1 -- Automatic Version Bump -* Fri Sep 16 2022 Nitesh Kumar 2.6.4-1 -- Upgrade to v2.6.4 -* Tue Mar 15 2022 Nitesh Kumar 2.5.5-1 -- Upgrade to 2.5.5, Address CVE-2022-0711 -* Wed Nov 10 2021 Satya Naga Vasamsetty 2.3.10-3 -- openssl 3.0.0 -* Fri Sep 17 2021 Nitesh Kumar 2.3.10-2 -- Fix CVE-2021-40346 -* Thu May 06 2021 Gerrit Photon 2.3.10-1 -- Automatic Version Bump -* Fri Feb 05 2021 Susant Sahani 2.3.4-1 -- Version bump -* Tue Sep 29 2020 Satya Naga Vasamsetty 2.2.2-2 -- openssl 1.1.1 -* Mon Jun 22 2020 Gerrit Photon 2.2.2-1 -- Automatic Version Bump -* Thu Mar 05 2020 Ashwin H 2.0.10-1 -- Update to version 2.0.10 to fix CVE-2019-19330 -* Thu Nov 7 2019 Satya Naga Vasamsetty 2.0.6-1 -- Update to 2.0.6 -* Tue Apr 2 2019 Priyesh Padmavilasom 1.9.6-1 -- Update to 1.9.6 -* Thu Feb 28 2019 Priyesh Padmavilasom 1.8.14-2 -- Patch for CVE_2018_20102 -- Patch for CVE_2018_20103 -* Tue Dec 04 2018 Ajay Kaher 1.8.14-1 -- Update to version 1.8.14 -* Thu Oct 25 2018 Srivatsa S. Bhat (VMware) 1.8.13-2 -- Build with USE_SYSTEMD=1 to fix service startup. -* Wed Sep 12 2018 Anish Swaminathan 1.8.13-1 -- Update to version 1.8.13 -* Tue Apr 04 2017 Dheeraj Shetty 1.6.12-1 -- Updated to version 1.6.12 -* Sun Nov 27 2016 Vinay Kulkarni 1.6.10-1 -- Upgrade to 1.6.10 to address CVE-2016-5360 -* Tue May 24 2016 Priyesh Padmavilasom 1.6.3-3 -- GA - Bump release of all rpms -* Fri May 20 2016 Xiaolin Li 1.6.3-2 -- Add haproxy-systemd-wrapper to package, add a default configuration file. -* Mon Feb 22 2016 Xiaolin Li 1.6.3-1 -- Updated to version 1.6.3 -* Thu Oct 01 2015 Vinay Kulkarni 1.5.14-1 -- Add haproxy v1.5 package. diff --git a/SPECS/harfbuzz/harfbuzz.spec b/SPECS/harfbuzz/harfbuzz.spec deleted file mode 100644 index 4aad851034..0000000000 --- a/SPECS/harfbuzz/harfbuzz.spec +++ /dev/null @@ -1,88 +0,0 @@ -Summary: opentype text shaping engine -Name: harfbuzz -Version: 7.0.1 -Release: 2%{?dist} -License: MIT -URL: /~https://github.com/harfbuzz/harfbuzz -Group: System Environment/Libraries -Vendor: VMware, Inc. -Distribution: Photon - -Source0: /~https://github.com/harfbuzz/harfbuzz/releases/download/%{version}/%{name}-%{version}.tar.xz -%define sha512 %{name}=2f2fe4604c062549bf5975cde4022bb137fc04f05ef99fcb566411408cfd136371eae2139b943f70bd17eb758690cbd5183acd552bc901d13c634da11eea404c - -BuildRequires: glib-devel -BuildRequires: freetype2-devel -BuildRequires: gobject-introspection-devel - -Requires: glib -Requires: freetype2 - -%description -HarfBuzz is an implementation of the OpenType Layout engine. - -%package devel -Summary: Header and development files -Requires: %{name} = %{version}-%{release} -Requires: glib-devel - -%description devel -It contains the libraries and header files to create applications - -%prep -%autosetup -p1 - -%build -%configure --with-gobject --enable-introspection -%make_build - -%install -%make_install %{?_smp_mflags} - -%if 0%{?with_check} -%check -make %{?_smp_mflags} check -%endif - -%clean -rm -rf %{buildroot}/* - -%post -/sbin/ldconfig - -%postun -/sbin/ldconfig - -%files -%defattr(-,root,root) -%{_libdir}/*.so.* -%{_bindir}/* -%{_libdir}/girepository-1.0/* - -%files devel -%defattr(-,root,root) -%doc %{_datadir}/gtk-doc -%dir %{_includedir}/%{name} -%{_includedir}/%{name}/* -%{_libdir}/*.so -%{_libdir}/pkgconfig/*.pc -%{_libdir}/cmake/harfbuzz/harfbuzz-config.cmake -%{_datadir}/gir-1.0/HarfBuzz-0.0.gir - -%changelog -* Wed Apr 19 2023 Ashwin Dayanand Kamat 7.0.1-2 -- Bump version as a part of freetype2 upgrade -* Tue Feb 21 2023 Shivani Agarwal 7.0.1-1 -- Update version 7.0.1 -* Wed Nov 23 2022 Shivani Agarwal 2.6.7-3 -- Enabled introspection -* Sun Nov 13 2022 Shreenidhi Shedi 2.6.7-2 -- Spec fixes -* Thu Jul 16 2020 Gerrit Photon 2.6.7-1 -- Automatic Version Bump -* Wed Sep 12 2018 Anish Swaminathan 1.9.0-1 -- Update to version 1.9.0 -* Thu Dec 07 2017 Alexey Makhalov 1.4.5-2 -- Add glib requirement -* Wed Apr 05 2017 Dheeraj Shetty 1.4.5-1 -- Initial version diff --git a/SPECS/haveged/haveged.service b/SPECS/haveged/haveged.service deleted file mode 100644 index 0077ef2771..0000000000 --- a/SPECS/haveged/haveged.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Entropy Daemon based on the HAVEGE algorithm -Documentation=man:haveged(8) http://www.issihosts.com/haveged/ -DefaultDependencies=no -Before=cloud-init-local.service - -[Service] -Type=simple -ExecStart=/usr/sbin/haveged -w 1024 -v 1 --Foreground -SuccessExitStatus=143 - -[Install] -WantedBy=multi-user.target diff --git a/SPECS/haveged/haveged.spec b/SPECS/haveged/haveged.spec deleted file mode 100644 index 1e7b060576..0000000000 --- a/SPECS/haveged/haveged.spec +++ /dev/null @@ -1,156 +0,0 @@ -Summary: A Linux entropy source using the HAVEGE algorithm -Name: haveged -Version: 1.9.18 -Release: 2%{?dist} -License: GPLv3+ -Vendor: VMware, Inc. -Distribution: Photon -Group: System Environment/Daemons -URL: http://www.irisa.fr/caps/projects/hipsor - -Source0: http://www.issihosts.com/haveged/%{name}-%{version}.tar.gz -%define sha512 %{name}=ef2e0ae3be68a8fba16371c3347d52ecf9748269ae30eef2e5c26aad6cfb516f87295e1e56be902df1064e7d4ace04863dd094d62b69e584608f779d63b42d8e - -Source1: %{name}.service - -Requires: systemd - -BuildRequires: systemd-devel -BuildRequires: automake -BuildRequires: (coreutils or coreutils-selinux) -BuildRequires: glibc - -%description -A Linux entropy source using the HAVEGE algorithm - -Haveged is a user space entropy daemon which is not dependent upon the -standard mechanisms for harvesting randomness for the system entropy -pool. This is important in systems with high entropy needs or limited -user interaction (e.g. headless servers). - -Haveged uses HAVEGE (HArdware Volatile Entropy Gathering and Expansion) -to maintain a 1M pool of random bytes used to fill /dev/random -whenever the supply of random bits in /dev/random falls below the low -water mark of the device. The principle inputs to haveged are the -sizes of the processor instruction and data caches used to setup the -HAVEGE collector. The haveged default is a 4kb data cache and a 16kb -instruction cache. On machines with a cpuid instruction, haveged will -attempt to select appropriate values from internal tables. - -%package devel -Summary: Headers and shared development libraries for HAVEGE algorithm -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} - -%description devel -Headers and shared object symbolic links for the HAVEGE algorithm - -%prep -%autosetup -p1 - -%build -%configure -%make_build - -%install -%make_install %{?_smp_mflags} - -rm -rf %{buildroot}%{_sysconfdir}/init.d \ - %{buildroot}%{_libdir}/libhavege.*a - -mkdir -p %{buildroot}%{_unitdir} -install -p -m644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service - -%if 0%{?with_check} -%check -make check %{?_smp_mflags} -%endif - -%clean -rm -rf %{buildroot} - -%post -/sbin/ldconfig -%systemd_post %{name}.service - -%preun -%systemd_preun %{name}.service - -%postun -/sbin/ldconfig -%systemd_postun_with_restart %{name}.service - -%files -%defattr(-, root, root, -) -%{_sbindir}/%{name} -%{_unitdir}/%{name}.service -%{_libdir}/*so.* - -%files devel -%defattr(-, root, root, -) -%{_mandir}/man8/%{name}.8* -%{_mandir}/man3/libhavege.3* -%dir %{_includedir}/%{name} -%{_includedir}/%{name}/havege.h -%{_libdir}/*.so - -%changelog -* Sun Feb 12 2023 Shreenidhi Shedi 1.9.18-2 -- Fix build requires -* Sun May 29 2022 Gerrit Photon 1.9.18-1 -- Automatic Version Bump -* Tue Apr 13 2021 Gerrit Photon 1.9.14-1 -- Automatic Version Bump -* Thu Jul 16 2020 Gerrit Photon 1.9.13-1 -- Automatic Version Bump -* Thu May 10 2018 Srivatsa S. Bhat 1.9.1-4 -- Start haveged before cloud-init-local.service to speed up booting. -* Tue May 24 2016 Priyesh Padmavilasom 1.9.1-3 -- GA - Bump release of all rpms -* Wed Dec 09 2015 Anish Swaminathan 1.9.1-2 -- Add systemd requirement. -* Sun Jan 13 2013 Jirka Hladky - 1.7h-0 -- Couple of minor updates -* Sat Jan 12 2013 Jirka Hladky - 1.7g-0 -- Updated to the version 1.7 -- Version 1.7 brings developement libraries -- Added devel package -* Sat Oct 13 2012 Jirka Hladky - 1.5-2 -- BZ 850144 -- Introduce new systemd-rpm macros in haveged spec file -- Fedora 19 changes the way how to work with services in spec files. -- It introduces new macros - systemd_post, systemd_preun and systemd_postun; -- which replace scriptlets from Fedora 18 and older -- see https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd -* Tue Aug 14 2012 Jirka Hladky - 1.5-1 -- Update to the version 1.5 -- Main new feature is a run time verification of the produced random numbers -- PIDFILE set to /run/haveged.pid -- converted README and man page to UTF-8. Informed the upstream to fix it. -* Wed Feb 15 2012 Jirka Hladky - 1.4-3 -- PIDFile should be stored at /run instead of the default location /var/run -- There is long term plan that directory /var/run will not further exist in the future Fedora versions -- Asked upstream to add -p switch to influence the location of the PID File -- Set PIDFile=/var/run/haveged.pid This is needed as long -p option is not implemented -- https://bugzilla.redhat.com/show_bug.cgi?id=770306#c10 -* Wed Feb 15 2012 Jirka Hladky - 1.4-2 -- Updated systemd service file, https://bugzilla.redhat.com/show_bug.cgi?id=770306 -* Tue Feb 14 2012 Jirka Hladky - 1.4-1 -- Update to the version 1.4 -- Conversion to systemd, drop init script -* Sun Nov 06 2011 Jirka Hladky - 1.3-2 -- Fixed a bug on non x86 systems -* Sat Nov 05 2011 Jirka Hladky - 1.3-1 -- update from the upstream (1.3 stable) -* Mon Oct 03 2011 Jirka Hladky - 1.3-0 --version 1.3 beta -* Fri Sep 30 2011 Jirka Hladky - 1.2-4 -- ppc64 build -* Mon Sep 26 2011 Jirka Hladky - 1.2-3 -- Cleaned spec file according to https://bugzilla.redhat.com/show_bug.cgi?id=739347#c11 -* Sat Sep 24 2011 Jirka Hladky - 1.2-2 -- Added comment to explain why we need use Fedora specific start script -* Wed Sep 21 2011 Jirka Hladky - 1.2-1 -- Cleaned spec file according to https://bugzilla.redhat.com/show_bug.cgi?id=739347#c1 -* Wed Sep 07 2011 Jirka Hladky - 1.2-0 -- Initial build diff --git a/SPECS/hdparm/hdparm.spec b/SPECS/hdparm/hdparm.spec deleted file mode 100644 index 846f87e774..0000000000 --- a/SPECS/hdparm/hdparm.spec +++ /dev/null @@ -1,55 +0,0 @@ -Summary: command line utility to set and view hardware parameters -Name: hdparm -Version: 9.65 -Release: 1%{?dist} -License: BSD -URL: http://sourceforge.net/projects/%{name}/ -Group: Applications/System -Vendor: VMware, Inc. -Distribution: Photon - -Source0: http://downloads.sourceforge.net/hdparm/%{name}-%{version}.tar.gz -%define sha512 hdparm=4ffc8902b90cee10d68af8ddb9f3b9454d523ecd49cdaaed254b4d7a999462a8ad5ec1bb5d7684b09fefa41b5941ab533b167dad290003b51c795a633ca88913 - -%description -The Hdparm package contains a utility that is useful for controlling ATA/IDE -controllers and hard drives both to increase performance and sometimes to increase stability. - -%prep -%autosetup -p1 - -%build -sed -i 's/STRIP ?= strip/STRIP=$(STRIP)/' Makefile -sed -i 's/LDFLAGS = -s/LDFLAGS=$(LDFLAGS)/' Makefile -make %{?_smp_mflags} CFLAGS="%{optflags}" LDFLAGS="" STRIP="/bin/true" - -%install -make DESTDIR=%{buildroot} binprefix=%{_prefix} install %{?_smp_mflags} - -#%%check -#Commented out %check due to no test existence - -%files -%defattr(-,root,root) -%{_sbindir}/hdparm -%{_mandir}/man8/hdparm.8* - -%changelog -* Fri Oct 28 2022 Gerrit Photon 9.65-1 -- Automatic Version Bump -* Wed Aug 17 2022 Gerrit Photon 9.64-1 -- Automatic Version Bump -* Mon Apr 18 2022 Gerrit Photon 9.63-1 -- Automatic Version Bump -* Tue Apr 13 2021 Gerrit Photon 9.60-1 -- Automatic Version Bump -* Thu Jul 16 2020 Gerrit Photon 9.58-1 -- Automatic Version Bump -* Mon Sep 10 2018 Alexey Makhalov 9.56-1 -- Version update to fix compilation issue againts glibc-2.28 -* Wed Jul 05 2017 Chang Lee 9.51-3 -- Removed %check due to no test existence. -* Tue Apr 25 2017 Priyesh Padmavilasom 9.51-2 -- Ensure non empty debuginfo -* Wed Jan 25 2017 Dheeraj Shetty 9.51-1 -- Initial build. First version diff --git a/SPECS/heapster/go-27704.patch b/SPECS/heapster/go-27704.patch deleted file mode 100644 index 0b50c8774c..0000000000 --- a/SPECS/heapster/go-27704.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 2f5d2388922f370f4355f327fcf4cfe9f5583908 Mon Sep 17 00:00:00 2001 -From: Kunpei Sakai -Date: Fri, 21 Sep 2018 04:40:41 +0800 -Subject: [PATCH] html: avoid panic even if unconsidered and