Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ghc-x509-validation for
openSUSE:Factory checked in at 2022-02-11 23:10:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ghc-x509-validation (Old)
and /work/SRC/openSUSE:Factory/.ghc-x509-validation.new.1956 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-x509-validation"
Fri Feb 11 23:10:05 2022 rev:17 rq:953569 version:1.6.12
Changes:
--------
--- /work/SRC/openSUSE:Factory/ghc-x509-validation/ghc-x509-validation.changes
2020-12-22 11:49:22.658003736 +0100
+++
/work/SRC/openSUSE:Factory/.ghc-x509-validation.new.1956/ghc-x509-validation.changes
2022-02-11 23:12:04.995409964 +0100
@@ -1,0 +2,6 @@
+Mon Jan 17 07:57:12 UTC 2022 - Peter Simons <[email protected]>
+
+- Update x509-validation to version 1.6.12.
+ Upstream does not provide a change log file.
+
+-------------------------------------------------------------------
Old:
----
x509-validation-1.6.11.tar.gz
New:
----
x509-validation-1.6.12.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ghc-x509-validation.spec ++++++
--- /var/tmp/diff_new_pack.vwsBnc/_old 2022-02-11 23:12:05.383411087 +0100
+++ /var/tmp/diff_new_pack.vwsBnc/_new 2022-02-11 23:12:05.387411098 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ghc-x509-validation
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
%global pkg_name x509-validation
%bcond_with tests
Name: ghc-%{pkg_name}
-Version: 1.6.11
+Version: 1.6.12
Release: 0
Summary: X.509 Certificate and CRL validation
License: BSD-3-Clause
++++++ x509-validation-1.6.11.tar.gz -> x509-validation-1.6.12.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/x509-validation-1.6.11/Data/X509/Validation/Fingerprint.hs
new/x509-validation-1.6.12/Data/X509/Validation/Fingerprint.hs
--- old/x509-validation-1.6.11/Data/X509/Validation/Fingerprint.hs
2018-07-21 10:17:34.000000000 +0200
+++ new/x509-validation-1.6.12/Data/X509/Validation/Fingerprint.hs
2021-08-03 08:57:34.000000000 +0200
@@ -19,9 +19,7 @@
-- | Fingerprint of a certificate
newtype Fingerprint = Fingerprint ByteString
- deriving (Show,Eq)
-
-instance ByteArrayAccess Fingerprint
+ deriving (Show,Eq,ByteArrayAccess)
-- | Get the fingerprint of the whole signed object
-- using the hashing algorithm specified
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/x509-validation-1.6.11/Data/X509/Validation.hs
new/x509-validation-1.6.12/Data/X509/Validation.hs
--- old/x509-validation-1.6.11/Data/X509/Validation.hs 2018-07-21
10:17:34.000000000 +0200
+++ new/x509-validation-1.6.12/Data/X509/Validation.hs 2022-01-10
04:45:31.000000000 +0100
@@ -23,6 +23,7 @@
, defaultHooks
-- * Validation
, validate
+ , validatePure
, validateDefault
, getFingerprint
-- * Cache
@@ -201,43 +202,43 @@
ValidationCacheDenied s -> return [CacheSaysNo s]
ValidationCacheUnknown -> do
validationTime <- maybe (timeConvert <$> timeCurrent) return $
checkAtTime checks
- failedReasons <- doValidate validationTime hooks checks store
ident cc
+ let failedReasons = validatePure validationTime hooks checks store
ident cc
when (null failedReasons) $ (cacheAdd cache) ident fingerPrint
(getCertificate top)
return failedReasons
where fingerPrint = getFingerprint top hashAlg
--- | Validate a certificate chain with explicit parameters
-doValidate :: DateTime
- -> ValidationHooks
- -> ValidationChecks
- -> CertificateStore
- -> ServiceID
- -> CertificateChain
- -> IO [FailedReason]
-doValidate _ _ _ _ _ (CertificateChain [])
= return [EmptyChain]
-doValidate validationTime hooks checks store (fqhn,_) (CertificateChain
(top:rchain)) =
- (hookFilterReason hooks) <$> (return doLeafChecks |> doCheckChain 0 top
rchain)
+-- | Validate a certificate chain with explicit pure parameters
+validatePure :: DateTime -- ^ The time for which to check validity for
+ -> ValidationHooks -- ^ Hooks to use
+ -> ValidationChecks -- ^ Checks to do
+ -> CertificateStore -- ^ The trusted certificate store for CA
+ -> ServiceID -- ^ Identification of the connection
+ -> CertificateChain -- ^ The certificate chain we want to validate
+ -> [FailedReason] -- ^ the return failed reasons (empty list is
no failure)
+validatePure _ _ _ _ _ (CertificateChain [])
= [EmptyChain]
+validatePure validationTime hooks checks store (fqhn,_) (CertificateChain
(top:rchain)) =
+ hookFilterReason hooks (doLeafChecks |> doCheckChain 0 top rchain)
where isExhaustive = checkExhaustive checks
a |> b = exhaustive isExhaustive a b
doLeafChecks = doNameCheck top ++ doV3Check topCert ++ doKeyUsageCheck
topCert
where topCert = getCertificate top
- doCheckChain :: Int -> SignedCertificate -> [SignedCertificate] -> IO
[FailedReason]
- doCheckChain level current chain = do
- r <- doCheckCertificate (getCertificate current)
+ doCheckChain :: Int -> SignedCertificate -> [SignedCertificate] ->
[FailedReason]
+ doCheckChain level current chain =
+ doCheckCertificate (getCertificate current)
-- check if we have a trusted certificate in the store belonging
to this issuer.
- return r |> (case findCertificate (certIssuerDN cert) store of
- Just trustedSignedCert -> return $ checkSignature current
trustedSignedCert
- Nothing | isSelfSigned cert -> return [SelfSigned] |> return
(checkSignature current current)
- | null chain -> return [UnknownCA]
+ |> (case findCertificate (certIssuerDN cert) store of
+ Just trustedSignedCert -> checkSignature current
trustedSignedCert
+ Nothing | isSelfSigned cert -> [SelfSigned] |> checkSignature
current current
+ | null chain -> [UnknownCA]
| otherwise ->
case findIssuer (certIssuerDN cert) chain of
- Nothing -> return [UnknownCA]
+ Nothing -> [UnknownCA]
Just (issuer, remaining) ->
- return (checkCA level $ getCertificate
issuer)
- |> return (checkSignature current issuer)
+ checkCA level (getCertificate issuer)
+ |> checkSignature current issuer
|> doCheckChain (level+1) issuer remaining)
where cert = getCertificate current
-- in a strict ordering check the next certificate has to be the
issuer.
@@ -306,7 +307,7 @@
doCheckCertificate cert =
exhaustiveList (checkExhaustive checks)
- [ (checkTimeValidity checks, return ((hookValidateTime hooks)
validationTime cert))
+ [ (checkTimeValidity checks, hookValidateTime hooks
validationTime cert)
]
isSelfSigned :: Certificate -> Bool
isSelfSigned cert = certSubjectDN cert == certIssuerDN cert
@@ -392,15 +393,14 @@
matchSI :: DistinguishedName -> Certificate -> Bool
matchSI issuerDN issuer = certSubjectDN issuer == issuerDN
-exhaustive :: Monad m => Bool -> m [FailedReason] -> m [FailedReason] -> m
[FailedReason]
-exhaustive isExhaustive f1 f2 = f1 >>= cont
- where cont l1
- | null l1 = f2
- | isExhaustive = f2 >>= \l2 -> return (l1 ++ l2)
- | otherwise = return l1
+exhaustive :: Bool -> [FailedReason] -> [FailedReason] -> [FailedReason]
+exhaustive isExhaustive l1 l2
+ | null l1 = l2
+ | isExhaustive = l1 ++ l2
+ | otherwise = l1
-exhaustiveList :: Monad m => Bool -> [(Bool, m [FailedReason])] -> m
[FailedReason]
-exhaustiveList _ [] = return []
+exhaustiveList :: Bool -> [(Bool, [FailedReason])] -> [FailedReason]
+exhaustiveList _ [] = []
exhaustiveList isExhaustive ((performCheck,c):cs)
| performCheck = exhaustive isExhaustive c (exhaustiveList isExhaustive cs)
| otherwise = exhaustiveList isExhaustive cs
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/x509-validation-1.6.11/x509-validation.cabal
new/x509-validation-1.6.12/x509-validation.cabal
--- old/x509-validation-1.6.11/x509-validation.cabal 2018-11-04
12:43:25.000000000 +0100
+++ new/x509-validation-1.6.12/x509-validation.cabal 2022-01-17
08:49:03.000000000 +0100
@@ -1,5 +1,5 @@
Name: x509-validation
-version: 1.6.11
+version: 1.6.12
Description: X.509 Certificate and CRL validation. please see README
License: BSD3
License-file: LICENSE
