rpm/xca
SHA256
1
0
Fork 0
forked from pool/xca
Code Pull Requests Activity

Accepting request 294022 from home:ecsos

Browse Source 
update to 1.2.0

OBS-URL: https://build.opensuse.org/request/show/294022
OBS-URL: https://build.opensuse.org/package/show/security/xca?expand=0&rev=4
This commit is contained in:
Marcus Meissner 2015-04-01 18:04:57 +00:00 committed by Git OBS Bridge
parent c4c7d739af
commit 7155e33474
7 changed files with 73 additions and 216 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
0001-Fix-for-openssl-1.0.1i.patch
View File

@ -1,57 +0,0 @@
From abd9d530776e8bb6d8f05312fc3ae3044796139c Mon Sep 17 00:00:00 2001
From: Oliver Winker <oliver@oli1170.net>
Date: Tue, 12 Aug 2014 19:08:05 +0200
Subject: [PATCH] Fix for openssl 1.0.1i
Fixes following application error
---
Errors
error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
---
Due to openssl 1.0.1i change:
---
commit 03b04ddac162c7b7fa3c57eadccc5a583a00d291
Author: Emilia Kasper <emilia@openssl.org>
Date: Wed Jul 2 19:02:33 2014 +0200
Fix OID handling:
- Upon parsing, reject OIDs with invalid base-128 encoding.
- Always NUL-terminate the destination buffer in OBJ_obj2txt printing function.
CVE-2014-3508
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
---
---
lib/x509v3ext.cpp | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/x509v3ext.cpp b/lib/x509v3ext.cpp
index cf74c32..d94cbda 100644
--- a/lib/x509v3ext.cpp
+++ b/lib/x509v3ext.cpp
@@ -27,6 +27,8 @@ x509v3ext::x509v3ext(const X509_EXTENSION *n)
x509v3ext::x509v3ext(const x509v3ext &n)
{
ext = NULL;
+ if (!n.isValid())
+ return;
set(n.ext);
}
@@ -743,7 +745,7 @@ X509_EXTENSION *x509v3ext::get() const
bool x509v3ext::isValid() const
{
- return ext->value->length > 0 &&
+ return ext && ext->value && ext->value->length > 0 &&
OBJ_obj2nid(ext->object) != NID_undef;
}
--
2.0.1

3
xca-0.9.3.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6842b50c8b4478070d8af743cb72aee1f53a2c4ff2b8285fcec5f856119cc6ba
size 755165

3
xca-1.2.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:04dc7eaae9596fe69df962ea3051171b7335a204fc6c33e91fb7310803e6ab67
size 859899

127
xca-configure.patch
View File

@ -1,127 +0,0 @@
Index: configure
===================================================================
--- configure.orig
+++ configure
@@ -49,13 +49,16 @@ for dir in $@; do
done
DIRS="$QTDIR $DIRS /usr /usr/X11R6 /usr/local"
+lib=${lib:=lib}
+libdir=${libdir:=/usr/lib}
STDINC="-I/usr/include"
-STDLIB="-L/usr/lib"
+STDLIB="-L${libdir}"
prefix=${prefix:=/usr/local}
+mandir=${mandir:=${prefix}/man}
CFLAGS=${CFLAGS:=-Wall -ggdb -O2}
CC=${CC:=gcc}
-LDFLAGS=""
-LIBS="-lstdc++"
+LDFLAGS=${LDFLAGS:=""}
+LIBS=${LIBS:=$STDLIB -lstdc++}
LDIRS=
MOC=moc
UIC=uic
@@ -161,10 +164,10 @@ search_lib() {
for dir in ${DIRS}; do
for dbn in $@; do
for suffix in so dylib obj a; do
- for lib in lib lib64 lib32 out; do
- if test -r "${dir}/${lib}/lib${dbn}.${suffix}"; then
- add_lib "${dir}/${lib}" "${dbn}" "${suffix}"
- echo "Found: lib${dbn}.${suffix} at ${dir}/${lib}"
+ for libs in ${lib} out; do
+ if test -r "${dir}/${libs}/lib${dbn}.${suffix}"; then
+ add_lib "${dir}/${libs}" "${dbn}" "${suffix}"
+ echo "Found: lib${dbn}.${suffix} at ${dir}/${libs}"
return 0
fi
done
@@ -189,7 +192,7 @@ if test "$#" = "0" && test -z "$DARWIN"
pkg-config QtGui openssl --libs >/dev/null;
then
CF="`pkg-config QtGui openssl --cflags`"
- LIBS="`pkg-config QtGui openssl --libs` -lltdl"
+ LIBS="${LIBS} `pkg-config QtGui openssl --libs` -lltdl"
else
by_hand=true
fi
@@ -197,7 +200,7 @@ fi
if test "$by_hand" = "true"; then
######################### QT
if test -z "$DARWIN"; then
- subdirs="/qt /qt4"
+ subdirs="/qt /qt4 /qt/QT /qt4/QT"
search_includes QtCore/QObject || err "The QT Library headerfiles were not found. Set QTDIR appropriately."
search_lib QtCore4 QtCore || err "The QT Core library was not found."
search_lib QtGui4 QtGui || err "The QT Gui library was not found."
@@ -282,16 +285,12 @@ else
fi
-if which linuxdoc 2>&1; then
- LINUXDOC="linuxdoc"
+if which sgml2html 2>&1; then
+ SGML2HTML="sgml2html"
else
- echo "Application 'linuxdoc' not found."
- if tar ztf ${TOPDIR}/doc/xca-doc.tgz xca.html >/dev/null 2>&1; then
- echo "But Found a valid documentation package 'doc/xca-doc.tgz'"
- else
+ echo "Application 'sgml2html' not found."
echo "No documentation will be generated."
- fi
- LINUXDOC=":"
+ SGML2HTML=":"
fi
findapp() {
@@ -341,12 +340,15 @@ LD=${LD:=ld}
STRIP=${STRIP:=strip}
WINDRES=${WINDRES:=windres}
MAKENSIS=${MAKENSIS:=makensis.exe}
-LINUXDOC=${LINUXDOC:=linuxdoc}
+SGML2HTML=${SGML2HTML:=sgml2html}
SUFFIX=${SUFFIX}
HOST=linux
prefix=${prefix}
docdir=${docdir}
+lib=${lib}
+libdir=${libdir}
+mandir=${mandir}
EOF
test -z "$etc" && etc=/etc/xca
Index: doc/Makefile
===================================================================
--- doc/Makefile.orig
+++ doc/Makefile
@@ -8,8 +8,6 @@ DELFILES=xca*.html xca.1.gz
doc: xca.1.gz xca.html
include $(TOPDIR)/Rules.mak
-mandir=man
-
xca.1.gz: xca.1
gzip -9 <$^ >$@
@@ -18,13 +16,13 @@ xca.html: xca.sgml
echo 'The documentation for XCA can be viewed online at: <a href="http://xca.sourceforge.net/">http://xca.sourceforge.net/</a>.' > $@
test ! -f xca-doc.tgz || tar zxf xca-doc.tgz
@$(PRINT) " DOC [$(BASENAME)] $@"
- $(LINUXDOC) -B html $< >/dev/null
+ $(SGML2HTML) -s 1 $< >/dev/null
install: xca.1.gz xca.html
- install -m 755 -d $(destdir)$(docdir) \
- $(destdir)$(prefix)/$(mandir)/man1
- install -m 644 xca*.html $(destdir)$(docdir)
- install xca.1.gz $(destdir)$(prefix)/$(mandir)/man1
+ install -m 755 -d $(destdir)$(prefix)/share/xca \
+ $(destdir)/$(mandir)/man1
+ install -m 644 xca*.html $(destdir)$(prefix)/share/xca
+ install -m 644 xca.1.gz $(destdir)/$(mandir)/man1
app: xca.html
mkdir -p $(APPDIR)/Resources

14
xca-desktop.patch
View File

@ -1,14 +0,0 @@
Index: misc/xca.desktop
===================================================================
--- misc/xca.desktop.orig
+++ misc/xca.desktop
@@ -7,7 +7,7 @@ Comment[de]=Eine graphische Oberfläche
Comment[fi]=Graafinen X.509-varmenteiden hallintatyökalu
Comment[fr]=Création et gestion de certificats conformes à la norme X.509
Exec=xca %F
-Icon=xca-32x32.xpm
+Icon=xca-32x32
Terminal=false
-Categories=Application;Utility;Qt;
+Categories=Utility;DesktopUtility;
MimeType=application/x-xca-database;application/x-xca-template;application/x-x509-ca-cert;application/pkcs10;application/x-pkcs7-certificates;application/x-pkcs12;

59
xca.changes
View File

@ -1,3 +1,62 @@
-------------------------------------------------------------------
Tue Mar 31 09:28:37 UTC 2015 - ecsos@opensuse.org
- update to 1.2.0
- Update to OpenSSL 1.0.2a for Windows and MAC drop brainpool
extra builds
- Use CTRL +/- to change the font size in the view
- Add Row numbering for easy item counting
- Support SSH2 public key format for import and export
- Add support for SHA-224
- add "xca extract" to export items from the database on the
commandline
- previous changes from 1.1.0
- SF Bug #79 Template export from WinXP cannot be imported in
Linux and Mac OS X
- Support for Brainpool windows and MacOSX binaries
- SF Feat. Req. #70 ability to search certificates
- SF Feat. Req. #75 show SHA-256 digest
- RedHat Bug #1164340 - segfault when viewing a RHEL
entitlement certificate
- Database hardening
- Delete invalid items (on demand)
- Be more tolerant against database errors
- Gracefully handle and repair corrupt databases
- Add "xca_db_stat(.exe)" binary to all installations
- Translation updates
- Optionally allow hash algos not supported by the token
- Select whether to translate established x509 terms
- Finish Token EC and DSA support - generate, import, export,
sign
- SF Feat. Req. #57 More options for Distinguished Name
- Switch to autoconf for the configure script
- SF Feature Req. #76 Export private keys to clipboard
- EC Keys: show Curve name in table
- Support EC key generation on PKCS#11 token
- PKCS#11: Make EC and RSA signatures work
- PKCS#11: Fix reading EC keys from card
- SF Bug #82 Certificate Creation out of Spec
- SF Bug #95 XCA 1.0 only runs in French on a UK English Mac
- previous changes from 1.0.0
- SF Bug #89 Validating CRL distribution point results in error
- SF Feature Req. #69 Create "Recent databases..." file menu item
- SF Bug #75 authorityInfoAccess set error
- SF Bug #88 Minor spelling error
- SF Bug #87 Unable to set default key length The Key generation
dialog now allows to remember the current settings
- Do not interpret HTML tags in message boxes
- Overwite extensions from the PKCS#10 request by local
extensions. This avoids duplication errors and allows to
overwrite some extensions from the request
- SF Bug #78 replace path separators in export filenames
- SF Feature Req. #71 Add KDC Authentication OIDs to default
files
- SF Bug #82 Certificate Creation out of Spec
- Add Croatian translation
- SF Bug #83 Inappropriate gcc argument order in configure script
-------------------------------------------------------------------
Thu Oct 9 10:29:12 UTC 2014 - mrueckert@suse.de

26
xca.spec
View File

@ -19,16 +19,13 @@
Name: xca
Summary: An RSA key and certificate management tool
Summary(de): Ein RSA Schlüssel- und Zertifikat-Managmentprogramm
Version: 0.9.3
Version: 1.2.0
Release: 0
License: BSD-3-Clause
Group: Productivity/Networking/Security
Url: http://sourceforge.net/projects/xca/
Autoreqprov: on
Source: %{name}-%{version}.tar.gz
Patch0: %{name}-configure.patch
Patch1: %{name}-desktop.patch
Patch2: 0001-Fix-for-openssl-1.0.1i.patch
Source: http://downloads.sourceforge.net/project/xca/xca/%{version}/%{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gcc-c++ >= 3.1.0
%if 0%{?sles_version} == 10
@ -42,14 +39,14 @@ BuildRequires: update-desktop-files
%else
BuildRequires: libtool-ltdl-devel
%endif
BuildRequires: openssl-devel >= 0.9.8
BuildRequires: openssl-devel >= 1.0.1
BuildRequires: sgmltool
%if 0%{?sles_version} == 10
Requires: qt >= 4.3.0
%else
Requires: libqt4 >= 4.3.0
%endif
Requires: openssl >= 0.9.8
Requires: openssl >= 1.0.1
Requires: db
%description
@ -60,32 +57,31 @@ Graphical certification authority is an interface for managing RSA keys and cert
%prep
%setup -n %{name}-%{version}
%patch0
%patch1
%patch2 -p1
CFLAGS="$RPM_OPT_FLAGS" \
prefix=%{_prefix} lib=%{_lib} libdir=%{_libdir} mandir=%{_mandir} ./configure
%build
CFLAGS="$RPM_OPT_FLAGS" prefix=%{_prefix} lib=%{_lib} libdir=%{_libdir} mandir=%{_mandir} \
./configure --docdir=%{_docdir}/%{name}
%{__make} destdir=$PRM_BUILD_ROOT prefix=%{_prefix} %{?_smp_mflags}
%install
%{__make} destdir=$RPM_BUILD_ROOT prefix=/usr install
%suse_update_desktop_file -i %{name} DesktopUtility
%suse_update_desktop_file -i -r %{name} Utility DesktopUtility
%clean
%{__rm} -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
%doc AUTHORS changelog COPYRIGHT VERSION
%doc AUTHORS changelog COPYRIGHT VERSION
%{_bindir}/%{name}
%{_bindir}/xca_db_stat
%{_datadir}/applications/%{name}.desktop
%{_datadir}/mime/packages/%{name}.xml
%{_datadir}/pixmaps/%{name}*
%{_datadir}/%{name}
%{_mandir}/man1/%{name}.1.gz
%{_mandir}/man1/xca_db_stat.1.gz
%changelog