Accepting request 294022 from home:ecsos

update to 1.2.0 OBS-URL: https://build.opensuse.org/request/show/294022 OBS-URL: https://build.opensuse.org/package/show/security/xca?expand=0&rev=4
2015-04-01 18:04:57 +00:00 · 2015-04-01 18:04:57 +00:00 · 7155e33474
commit 7155e33474
parent c4c7d739af
7 changed files with 73 additions and 216 deletions
--- a/0001-Fix-for-openssl-1.0.1i.patch
+++ b/0001-Fix-for-openssl-1.0.1i.patch
@ -1,57 +0,0 @@
 From abd9d530776e8bb6d8f05312fc3ae3044796139c Mon Sep 17 00:00:00 2001
 From: Oliver Winker <oliver@oli1170.net>
 Date: Tue, 12 Aug 2014 19:08:05 +0200
 Subject: [PATCH] Fix for openssl 1.0.1i
 Fixes following application error
 ---
 Errors
 error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
 ---
 Due to openssl 1.0.1i change:
 ---
 commit 03b04ddac162c7b7fa3c57eadccc5a583a00d291
 Author: Emilia Kasper <emilia@openssl.org>
 Date:   Wed Jul 2 19:02:33 2014 +0200
    Fix OID handling:
    - Upon parsing, reject OIDs with invalid base-128 encoding.
    - Always NUL-terminate the destination buffer in OBJ_obj2txt printing function.
    CVE-2014-3508
    Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
    Reviewed-by: Kurt Roeckx <kurt@openssl.org>
    Reviewed-by: Tim Hudson <tjh@openssl.org>
 ---
 ---
 lib/x509v3ext.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
 diff --git a/lib/x509v3ext.cpp b/lib/x509v3ext.cpp
 index cf74c32..d94cbda 100644
 --- a/lib/x509v3ext.cpp
 +++ b/lib/x509v3ext.cpp
@@ -27,6 +27,8 @@ x509v3ext::x509v3ext(const X509_EXTENSION *n)
 x509v3ext::x509v3ext(const x509v3ext &n)
 {
 	ext = NULL;
 +	if (!n.isValid())
 +		return;
 	set(n.ext);
 }
@@ -743,7 +745,7 @@ X509_EXTENSION *x509v3ext::get() const
 bool x509v3ext::isValid() const
 {
 -	return ext->value->length > 0 &&
 +	return ext && ext->value && ext->value->length > 0 &&
 		OBJ_obj2nid(ext->object) != NID_undef;
 }
 -- 
 2.0.1
--- a/xca-0.9.3.tar.gz
+++ b/xca-0.9.3.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:6842b50c8b4478070d8af743cb72aee1f53a2c4ff2b8285fcec5f856119cc6ba
 size 755165
--- a/xca-1.2.0.tar.gz
+++ b/xca-1.2.0.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:04dc7eaae9596fe69df962ea3051171b7335a204fc6c33e91fb7310803e6ab67
 size 859899
--- a/xca-configure.patch
+++ b/xca-configure.patch
@ -1,127 +0,0 @@
 Index: configure
 ===================================================================
 --- configure.orig
 +++ configure
@@ -49,13 +49,16 @@ for dir in $@; do
 done
 DIRS="$QTDIR $DIRS /usr /usr/X11R6 /usr/local"
 +lib=${lib:=lib}
 +libdir=${libdir:=/usr/lib}
 STDINC="-I/usr/include"
 -STDLIB="-L/usr/lib"
 +STDLIB="-L${libdir}"
 prefix=${prefix:=/usr/local}
 +mandir=${mandir:=${prefix}/man}
 CFLAGS=${CFLAGS:=-Wall -ggdb -O2}
 CC=${CC:=gcc}
 -LDFLAGS=""
 -LIBS="-lstdc++"
 +LDFLAGS=${LDFLAGS:=""}
 +LIBS=${LIBS:=$STDLIB -lstdc++}
 LDIRS=
 MOC=moc
 UIC=uic
@@ -161,10 +164,10 @@ search_lib() {
   for dir in ${DIRS};  do
     for dbn in $@; do
       for suffix in so dylib obj a; do
 -        for lib in lib lib64 lib32 out; do
 -          if test -r "${dir}/${lib}/lib${dbn}.${suffix}"; then
 -            add_lib "${dir}/${lib}" "${dbn}" "${suffix}"
 -	    echo "Found: lib${dbn}.${suffix} at ${dir}/${lib}"
 +        for libs in ${lib} out; do
 +          if test -r "${dir}/${libs}/lib${dbn}.${suffix}"; then
 +            add_lib "${dir}/${libs}" "${dbn}" "${suffix}"
 +	    echo "Found: lib${dbn}.${suffix} at ${dir}/${libs}"
             return 0
 	  fi
 	done
@@ -189,7 +192,7 @@ if test "$#" = "0" && test -z "$DARWIN"
    pkg-config QtGui openssl --libs >/dev/null;
 then
   CF="`pkg-config QtGui openssl --cflags`"
 -  LIBS="`pkg-config QtGui openssl --libs` -lltdl"
 +  LIBS="${LIBS} `pkg-config QtGui openssl --libs` -lltdl"
 else
   by_hand=true
 fi
@@ -197,7 +200,7 @@ fi
 if test "$by_hand" = "true"; then
   ######################### QT
   if test -z "$DARWIN"; then
 -    subdirs="/qt /qt4"
 +    subdirs="/qt /qt4 /qt/QT /qt4/QT"
     search_includes QtCore/QObject || err "The QT Library headerfiles were not found. Set QTDIR appropriately."
     search_lib QtCore4 QtCore || err "The QT Core library was not found."
     search_lib QtGui4 QtGui || err "The QT Gui library was not found."
@@ -282,16 +285,12 @@ else
 fi
 -if which linuxdoc 2>&1; then
 -  LINUXDOC="linuxdoc"
 +if which sgml2html 2>&1; then
 +  SGML2HTML="sgml2html"
 else
 -  echo "Application 'linuxdoc' not found."
 -  if tar ztf ${TOPDIR}/doc/xca-doc.tgz xca.html >/dev/null 2>&1; then
 -    echo "But Found a valid documentation package 'doc/xca-doc.tgz'"
 -  else
 +  echo "Application 'sgml2html' not found."
    echo "No documentation will be generated."
 -  fi
 -  LINUXDOC=":"
 +  SGML2HTML=":"
 fi
 findapp() {
@@ -341,12 +340,15 @@ LD=${LD:=ld}
 STRIP=${STRIP:=strip}
 WINDRES=${WINDRES:=windres}
 MAKENSIS=${MAKENSIS:=makensis.exe}
 -LINUXDOC=${LINUXDOC:=linuxdoc}
 +SGML2HTML=${SGML2HTML:=sgml2html}
 SUFFIX=${SUFFIX}
 HOST=linux
 prefix=${prefix}
 docdir=${docdir}
 +lib=${lib}
 +libdir=${libdir}
 +mandir=${mandir}
 EOF
 test -z "$etc" && etc=/etc/xca
 Index: doc/Makefile
 ===================================================================
 --- doc/Makefile.orig
 +++ doc/Makefile
@@ -8,8 +8,6 @@ DELFILES=xca*.html xca.1.gz
 doc: xca.1.gz xca.html
 include $(TOPDIR)/Rules.mak
 -mandir=man
 -
 xca.1.gz: xca.1
 	gzip -9 <$^ >$@
@@ -18,13 +16,13 @@ xca.html: xca.sgml
 	echo 'The documentation for XCA can be viewed online at: <a href="http://xca.sourceforge.net/">http://xca.sourceforge.net/</a>.' > $@
 	test ! -f xca-doc.tgz || tar zxf xca-doc.tgz
 	@$(PRINT) "  DOC    [$(BASENAME)] $@"
 -	$(LINUXDOC) -B html $< >/dev/null
 +	$(SGML2HTML) -s 1 $< >/dev/null
 install: xca.1.gz xca.html
 -	install -m 755 -d $(destdir)$(docdir) \
 -		$(destdir)$(prefix)/$(mandir)/man1
 -	install -m 644 xca*.html $(destdir)$(docdir)
 -	install xca.1.gz $(destdir)$(prefix)/$(mandir)/man1
 +	install -m 755 -d $(destdir)$(prefix)/share/xca \
 +		$(destdir)/$(mandir)/man1
 +	install -m 644 xca*.html $(destdir)$(prefix)/share/xca
 +	install -m 644 xca.1.gz $(destdir)/$(mandir)/man1
 app: xca.html
 	mkdir -p $(APPDIR)/Resources
--- a/xca-desktop.patch
+++ b/xca-desktop.patch
@ -1,14 +0,0 @@
 Index: misc/xca.desktop
 ===================================================================
 --- misc/xca.desktop.orig
 +++ misc/xca.desktop
@@ -7,7 +7,7 @@ Comment[de]=Eine graphische Oberfläche
 Comment[fi]=Graafinen X.509-varmenteiden hallintatyökalu
 Comment[fr]=Création et gestion de certificats conformes à la norme X.509
 Exec=xca %F
 -Icon=xca-32x32.xpm
 +Icon=xca-32x32
 Terminal=false
 -Categories=Application;Utility;Qt;
 +Categories=Utility;DesktopUtility;
 MimeType=application/x-xca-database;application/x-xca-template;application/x-x509-ca-cert;application/pkcs10;application/x-pkcs7-certificates;application/x-pkcs12;
--- a/xca.changes
+++ b/xca.changes
@ -1,3 +1,62 @@
 -------------------------------------------------------------------
 Tue Mar 31 09:28:37 UTC 2015 - ecsos@opensuse.org
 - update to 1.2.0
  - Update to OpenSSL 1.0.2a for Windows and MAC drop brainpool 
    extra builds
  - Use CTRL +/- to change the font size in the view
  - Add Row numbering for easy item counting
  - Support SSH2 public key format for import and export
  - Add support for SHA-224
  - add "xca extract" to export items from the database on the 
    commandline
 - previous changes from 1.1.0
  - SF Bug #79 Template export from WinXP cannot be imported in 
    Linux and Mac OS X
  - Support for Brainpool windows and MacOSX binaries
  - SF Feat. Req. #70 ability to search certificates
  - SF Feat. Req. #75 show SHA-256 digest
  - RedHat Bug #1164340 - segfault when viewing a RHEL 
    entitlement certificate
  - Database hardening
  - Delete invalid items (on demand)
  - Be more tolerant against database errors
  - Gracefully handle and repair corrupt databases
  - Add "xca_db_stat(.exe)" binary to all installations
  - Translation updates
  - Optionally allow hash algos not supported by the token
  - Select whether to translate established x509 terms
  - Finish Token EC and DSA support - generate, import, export, 
    sign
  - SF Feat. Req. #57 More options for Distinguished Name
  - Switch to autoconf for the configure script
  - SF Feature Req. #76 Export private keys to clipboard
  - EC Keys: show Curve name in table
  - Support EC key generation on PKCS#11 token
  - PKCS#11: Make EC and RSA signatures work
  - PKCS#11: Fix reading EC keys from card
  - SF Bug #82 Certificate Creation out of Spec
  - SF Bug #95 XCA 1.0 only runs in French on a UK English Mac
 - previous changes from 1.0.0
  - SF Bug #89 Validating CRL distribution point results in error
  - SF Feature Req. #69 Create "Recent databases..." file menu item
  - SF Bug #75 authorityInfoAccess set error
  - SF Bug #88 Minor spelling error
  - SF Bug #87 Unable to set default key length The Key generation 
    dialog now allows to remember the current settings
  - Do not interpret HTML tags in message boxes
  - Overwite extensions from the PKCS#10 request by local 
    extensions. This avoids duplication errors and allows to 
    overwrite some extensions from the request
  - SF Bug #78 replace path separators in export filenames
  - SF Feature Req. #71 Add KDC Authentication OIDs to default 
    files
  - SF Bug #82 Certificate Creation out of Spec
  - Add Croatian translation
  - SF Bug #83 Inappropriate gcc argument order in configure script
 -------------------------------------------------------------------
 Thu Oct  9 10:29:12 UTC 2014 - mrueckert@suse.de
--- a/xca.spec
+++ b/xca.spec
@ -19,16 +19,13 @@
 Name:           xca
 Summary:        An RSA key and certificate management tool
 Summary(de):    Ein RSA Schlüssel- und Zertifikat-Managmentprogramm
-Version:        0.9.3
+Version:        1.2.0
 Release:        0
 License:        BSD-3-Clause
 Group:          Productivity/Networking/Security
 Url:            http://sourceforge.net/projects/xca/
 Autoreqprov:    on
-Source:         %{name}-%{version}.tar.gz
+Source:         http://downloads.sourceforge.net/project/xca/xca/%{version}/%{name}-%{version}.tar.gz
 Patch0:         %{name}-configure.patch
 Patch1:         %{name}-desktop.patch
 Patch2:         0001-Fix-for-openssl-1.0.1i.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  gcc-c++ >= 3.1.0
 %if 0%{?sles_version} == 10
@ -42,14 +39,14 @@ BuildRequires:  update-desktop-files
 %else
 BuildRequires:  libtool-ltdl-devel
 %endif
-BuildRequires:  openssl-devel >= 0.9.8
+BuildRequires:  openssl-devel >= 1.0.1
 BuildRequires:  sgmltool
 %if 0%{?sles_version} == 10
 Requires:       qt >= 4.3.0
 %else
 Requires:       libqt4 >= 4.3.0
 %endif
-Requires:       openssl >= 0.9.8
+Requires:       openssl >= 1.0.1
 Requires:       db
 %description
@ -60,32 +57,31 @@ Graphical certification authority is an interface for managing RSA keys and cert
 %prep
 %setup -n %{name}-%{version}
 %patch0
 %patch1
 %patch2 -p1
 CFLAGS="$RPM_OPT_FLAGS" \
 prefix=%{_prefix} lib=%{_lib} libdir=%{_libdir} mandir=%{_mandir} ./configure
 %build
 CFLAGS="$RPM_OPT_FLAGS" prefix=%{_prefix} lib=%{_lib} libdir=%{_libdir} mandir=%{_mandir} \
 ./configure --docdir=%{_docdir}/%{name}
 %{__make} destdir=$PRM_BUILD_ROOT prefix=%{_prefix} %{?_smp_mflags}
 %install
 %{__make} destdir=$RPM_BUILD_ROOT prefix=/usr install
-%suse_update_desktop_file -i %{name} DesktopUtility
+%suse_update_desktop_file -i -r %{name} Utility DesktopUtility
 %clean
 %{__rm} -rf $RPM_BUILD_ROOT
 %files
 %defattr(-,root,root)
-%doc AUTHORS changelog COPYRIGHT VERSION
+%doc AUTHORS changelog COPYRIGHT VERSION 
 %{_bindir}/%{name}
 %{_bindir}/xca_db_stat
 %{_datadir}/applications/%{name}.desktop
 %{_datadir}/mime/packages/%{name}.xml
 %{_datadir}/pixmaps/%{name}*
 %{_datadir}/%{name}
 %{_mandir}/man1/%{name}.1.gz
 %{_mandir}/man1/xca_db_stat.1.gz
 %changelog