Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libksba for openSUSE:Factory checked in at 2026-05-17 18:56:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libksba (Old) and /work/SRC/openSUSE:Factory/.libksba.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libksba" Sun May 17 18:56:27 2026 rev:52 rq:1353458 version:1.8.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libksba/libksba.changes 2026-05-12 19:26:40.211091857 +0200 +++ /work/SRC/openSUSE:Factory/.libksba.new.1966/libksba.changes 2026-05-17 18:56:33.103634498 +0200 @@ -1,0 +2,9 @@ +Fri May 15 08:02:11 UTC 2026 - Pedro Monreal <[email protected]> + +- Update to 1.8.0: + * New function ksba_cms_get_attribute. [rKf40bfced7c] + * Support building of unsigned attributes with + ksba_cms_add_attribute. [rK54d7e3bea8] + * Release-info: https://dev.gnupg.org/T8253 + +------------------------------------------------------------------- Old: ---- libksba-1.7.0.tar.bz2 libksba-1.7.0.tar.bz2.sig New: ---- libksba-1.8.0.tar.bz2 libksba-1.8.0.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libksba.spec ++++++ --- /var/tmp/diff_new_pack.ArrqxE/_old 2026-05-17 18:56:33.971669912 +0200 +++ /var/tmp/diff_new_pack.ArrqxE/_new 2026-05-17 18:56:33.971669912 +0200 @@ -18,7 +18,7 @@ %define soname 8 Name: libksba -Version: 1.7.0 +Version: 1.8.0 Release: 0 Summary: A X.509 Library License: (GPL-2.0-or-later OR LGPL-3.0-or-later) AND GPL-3.0-or-later AND MIT ++++++ libksba-1.7.0.tar.bz2 -> libksba-1.8.0.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.7.0/ChangeLog new/libksba-1.8.0/ChangeLog --- old/libksba-1.7.0/ChangeLog 2026-05-07 10:05:17.000000000 +0200 +++ new/libksba-1.8.0/ChangeLog 2026-05-13 12:04:57.000000000 +0200 @@ -1,3 +1,37 @@ +2026-05-13 Werner Koch <[email protected]> + + Release 1.8.0. + + commit 476c602e2f35f1ddd769a613fa44681df33d0101 + + +2026-05-12 Werner Koch <[email protected]> + + Implement building of unsigned attributes. + + commit 54d7e3bea86640023e7e9eac25774c2071d8f526 + * src/cms.c (ksba_cms_get_attribute): Fix tree walking. + (build_signed_data_rest): Support unsigned attributes. + * src/der-encoder.c (copy_nhdr_and_len): Make context tag work. + + * tests/t-cms-parser.c (one_file): Print also unsigned attributes. + Factor some code out to ... + (dump_one_attribute_set): new. + (main): New option --all. + + New function ksba_cms_get_attribute. + + commit f40bfced7c07acafae01d502aa0fdd97269d39ac + * src/cms.c (ksba_cms_get_attribute): New. + * src/visibility.c (ksba_cms_get_attribute): New. + * src/ksba.h.in: Add new function. + * src/libksba.def: + * src/libksba.vers: + + * tests/t-common.h (print_hex): Add arg wrapindent and adjust all + callers. + * tests/t-cms-parser.c: Include oidtranstbl.h + (get_oid_desc): Copied from cert-basic.c + (print_oid_and_desc): Ditto. + (one_file): Print all attributes in --verbose mode. + 2026-05-07 Werner Koch <[email protected]> Release 1.7.0. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.7.0/NEWS new/libksba-1.8.0/NEWS --- old/libksba-1.7.0/NEWS 2026-05-07 09:52:59.000000000 +0200 +++ new/libksba-1.8.0/NEWS 2026-05-13 12:02:20.000000000 +0200 @@ -1,3 +1,14 @@ +Noteworthy changes in version 1.8.0 (2026-05-13) [C24/A16/R0] +------------------------------------------------ + + * New function ksba_cms_get_attribute. [rKf40bfced7c] + + * Support building of unsigned attributes with + ksba_cms_add_attribute. [rK54d7e3bea8] + + Release-info: https://dev.gnupg.org/T8253 + + Noteworthy changes in version 1.7.0 (2026-05-07) [C23/A15/R0] ------------------------------------------------ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.7.0/configure new/libksba-1.8.0/configure --- old/libksba-1.7.0/configure 2026-05-07 10:05:12.000000000 +0200 +++ new/libksba-1.8.0/configure 2026-05-13 12:04:51.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for libksba 1.7.0. +# Generated by GNU Autoconf 2.71 for libksba 1.8.0. # # Report bugs to <https://bugs.gnupg.org>. # @@ -621,8 +621,8 @@ # Identity of this package. PACKAGE_NAME='libksba' PACKAGE_TARNAME='libksba' -PACKAGE_VERSION='1.7.0' -PACKAGE_STRING='libksba 1.7.0' +PACKAGE_VERSION='1.8.0' +PACKAGE_STRING='libksba 1.8.0' PACKAGE_BUGREPORT='https://bugs.gnupg.org' PACKAGE_URL='' @@ -1408,7 +1408,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libksba 1.7.0 to adapt to many kinds of systems. +\`configure' configures libksba 1.8.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1479,7 +1479,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libksba 1.7.0:";; + short | recursive ) echo "Configuration of libksba 1.8.0:";; esac cat <<\_ACEOF @@ -1616,7 +1616,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libksba configure 1.7.0 +libksba configure 1.8.0 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2161,7 +2161,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libksba $as_me 1.7.0, which was +It was created by libksba $as_me 1.8.0, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -2924,8 +2924,8 @@ # (Interfaces added: CURRENT++, AGE++, REVISION=0) # (No interfaces changed: REVISION++) # Please remember to document interface changes in the NEWS file. -LIBKSBA_LT_CURRENT=23 -LIBKSBA_LT_AGE=15 +LIBKSBA_LT_CURRENT=24 +LIBKSBA_LT_AGE=16 LIBKSBA_LT_REVISION=0 #------------------- # If the API is changed in an incompatible way: increment the next counter. @@ -3451,7 +3451,7 @@ # Define the identity of the package. PACKAGE='libksba' - VERSION='1.7.0' + VERSION='1.8.0' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -13778,7 +13778,7 @@ -VERSION_NUMBER=0x010700 +VERSION_NUMBER=0x010800 @@ -16548,11 +16548,11 @@ # Generate extended version information for W32. if test "$have_w32_system" = yes; then BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'` - BUILD_FILEVERSION="${BUILD_FILEVERSION}37918" + BUILD_FILEVERSION="${BUILD_FILEVERSION}18284" fi -BUILD_REVISION="941eed8" +BUILD_REVISION="476c602" printf "%s\n" "#define BUILD_REVISION \"$BUILD_REVISION\"" >>confdefs.h @@ -17148,7 +17148,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libksba $as_me 1.7.0, which was +This file was extended by libksba $as_me 1.8.0, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -17216,7 +17216,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -libksba config.status 1.7.0 +libksba config.status 1.8.0 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" @@ -19172,7 +19172,7 @@ echo " Libksba v${VERSION} has been configured as follows: - Revision: 941eed8 (37918) + Revision: 476c602 (18284) Platform: $host " diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.7.0/configure.ac new/libksba-1.8.0/configure.ac --- old/libksba-1.7.0/configure.ac 2026-05-07 09:57:57.000000000 +0200 +++ new/libksba-1.8.0/configure.ac 2026-05-13 12:02:07.000000000 +0200 @@ -29,7 +29,7 @@ # for the LT versions. m4_define([mym4_package],[libksba]) m4_define([mym4_major], [1]) -m4_define([mym4_minor], [7]) +m4_define([mym4_minor], [8]) m4_define([mym4_micro], [0]) # Below is m4 magic to extract and compute the git revision number, @@ -50,8 +50,8 @@ # (Interfaces added: CURRENT++, AGE++, REVISION=0) # (No interfaces changed: REVISION++) # Please remember to document interface changes in the NEWS file. -LIBKSBA_LT_CURRENT=23 -LIBKSBA_LT_AGE=15 +LIBKSBA_LT_CURRENT=24 +LIBKSBA_LT_AGE=16 LIBKSBA_LT_REVISION=0 #------------------- # If the API is changed in an incompatible way: increment the next counter. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.7.0/doc/ksba.info new/libksba-1.8.0/doc/ksba.info --- old/libksba-1.7.0/doc/ksba.info 2026-05-05 11:49:23.000000000 +0200 +++ new/libksba-1.8.0/doc/ksba.info 2026-05-12 14:52:28.000000000 +0200 @@ -8,8 +8,8 @@ This file documents the KSBA library to access X.509 and CMS data structures. - This is edition 1.7.0, last updated 22 November 2023, of 'The KSBA -Reference Manual', for Version 1.7.0. + This is edition 1.8.0, last updated 22 November 2023, of 'The KSBA +Reference Manual', for Version 1.8.0. Copyright (C) 2002, 2003, 2004 g10 Code GmbH @@ -25,8 +25,8 @@ Main Menu ********* -This is edition 1.7.0, last updated 22 November 2023, of 'The KSBA -Reference Manual', for Version 1.7.0 of the KSBA library. +This is edition 1.8.0, last updated 22 November 2023, of 'The KSBA +Reference Manual', for Version 1.8.0 of the KSBA library. Copyright (C) 2002, 2003, 2004 g10 Code GmbH diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.7.0/doc/stamp-vti new/libksba-1.8.0/doc/stamp-vti --- old/libksba-1.7.0/doc/stamp-vti 2026-05-07 10:05:17.000000000 +0200 +++ new/libksba-1.8.0/doc/stamp-vti 2026-05-13 12:04:57.000000000 +0200 @@ -1,4 +1,4 @@ @set UPDATED 22 November 2023 @set UPDATED-MONTH November 2023 -@set EDITION 1.7.0 -@set VERSION 1.7.0 +@set EDITION 1.8.0 +@set VERSION 1.8.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.7.0/doc/version.texi new/libksba-1.8.0/doc/version.texi --- old/libksba-1.7.0/doc/version.texi 2026-05-03 17:07:21.000000000 +0200 +++ new/libksba-1.8.0/doc/version.texi 2026-05-12 14:28:10.000000000 +0200 @@ -1,4 +1,4 @@ @set UPDATED 22 November 2023 @set UPDATED-MONTH November 2023 -@set EDITION 1.7.0 -@set VERSION 1.7.0 +@set EDITION 1.8.0 +@set VERSION 1.8.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.7.0/src/cms.c new/libksba-1.8.0/src/cms.c --- old/libksba-1.7.0/src/cms.c 2026-05-06 17:26:19.000000000 +0200 +++ new/libksba-1.8.0/src/cms.c 2026-05-12 18:22:33.000000000 +0200 @@ -1047,11 +1047,117 @@ } +/* Return the signed or unsigned attribute for SIGNER at IDX. Set + * UNPROTECTED to return the unsigned attributes of the signer. The + * caller must release the values returned at R_OID, R_DER, and + * R_DERLEN. On error or if no value was found a NULL is stored + * there. R_OID always receives a value (if not passed as NULL) but + * R_DER might receive NULL. + * + * An error code GPG_ERR_NOT_FOUND indicates that there is no signer + * with the signer index SIGNER. An error code GPG_ERR_EOF indicates + * that there is no attribute under the index IDX. + * + * To enumerate all signed attributes this pseudo code can be used: + * + * char *oid = NULL; + * unsigned char *der = NULL; + * size_t derlen; + * for (signer=0; signer >= 0; signer++) + * for (idx=0; idx >= 0; idx++) + * { + * ksba_free (oid); + * ksba_free (der); + * err = ksba_cms_get_attribute (cms, signer, idx, 0,&oid,&der,&derlen); + * if (gpg_err_code (err) == GPG_ERR_EOF) + * idx = -2; + * else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) + * idx = signer = -2; + * else + * handle_err_or_process_values (err, oid, der, derlen); + * } + * ksba_free (oid); + * ksba_free (der); + */ +gpg_error_t +ksba_cms_get_attribute (ksba_cms_t cms, int signer, int idx, int unprotected, + char **r_oid, unsigned char **r_der, size_t *r_derlen) +{ + gpg_error_t err; + AsnNode topnode, node, n; + struct signer_info_s *si; + + if (r_oid) + *r_oid = NULL; + if (r_der) + *r_der = NULL; + if (r_derlen) + *r_derlen = 0; + + if (!cms) + return gpg_error (GPG_ERR_INV_VALUE); + if (!cms->signer_info) + return gpg_error (GPG_ERR_NO_DATA); + if (signer < 0 || idx < 0) + return gpg_error (GPG_ERR_INV_INDEX); + + for (si=cms->signer_info; si && signer; si = si->next, signer-- ) + ; + if (!si) + return gpg_error (GPG_ERR_NOT_FOUND); /* No more signers */ + + node = _ksba_asn_find_node (si->root, + unprotected? "SignerInfo.unsignedAttrs" + /* */ : "SignerInfo.signedAttrs"); + topnode = node; + if (node && node->type == TYPE_TAG) + node = node->down; + else + node = NULL; /* Bad CMS: not a context tag - ignore this. */ + for (; node && idx >= 0; node = _ksba_asn_walk_tree (topnode, node)) + { + if (node->type == TYPE_SEQUENCE + && (n = node->down) && n->type == TYPE_OBJECT_ID + && n->off != -1 && n->right && n->right->type == TYPE_SET_OF) + { + if (idx--) + continue; /* Not yet at the desired index. */ + if (r_oid) + { + *r_oid = _ksba_oid_to_str (si->image + n->off + n->nhdr, n->len); + if (!*r_oid) + return gpg_error_from_syserror (); + } + n = n->right; /* Point to the set. */ + if (n->off != -1 && n->len && r_der && r_derlen) + { + *r_der = xtrymalloc (n->len); + if (!*r_der) + { + err = gpg_error_from_syserror (); + if (r_oid) + { + xfree (*r_oid); + *r_oid = NULL; + } + return err; + } + memcpy (*r_der, si->image + n->off + n->nhdr, n->len); + *r_derlen = n->len; + } + return 0; + } + } + + return gpg_error (GPG_ERR_EOF); /* No more signed attributes for signer. */ +} + + /* In the case of signed data return the extension attribute * messageDigest. In case of AUTHENVELOPEDDATA return either the MAC * (with IDX 0) or the attributes (with IDX 1). Note that the parser * currently returns a not-implemented error when it encounters - * attributes; we firs need to have some solid sample data to + * attributes; we first need to have some solid sample data to * implement that. */ gpg_error_t ksba_cms_get_message_digest (ksba_cms_t cms, int idx, @@ -1122,8 +1228,8 @@ oid_messageDigest, DIM(oid_messageDigest))) return gpg_error (GPG_ERR_DUP_VALUE); - /* the value is is a SET OF OCTECT STRING but the set must have - excactly one OCTECT STRING. (rfc2630 11.2) */ + /* The value is is a SET OF OCTECT STRING but the set must have + excactly one OCTECT STRING. (rfc5652 11.2) */ if ( !(n->type == TYPE_SET_OF && n->down && n->down->type == TYPE_OCTET_STRING && !n->down->right)) return gpg_error (GPG_ERR_INV_CMS_OBJ); @@ -1177,7 +1283,7 @@ return gpg_error (GPG_ERR_DUP_VALUE); /* the value is is a SET OF CHOICE but the set must have - excactly one CHOICE of generalized or utctime. (rfc2630 11.3) */ + excactly one CHOICE of generalized or utctime. (rfc5652 11.3) */ if ( !(n->type == TYPE_SET_OF && n->down && (n->down->type == TYPE_GENERALIZED_TIME || n->down->type == TYPE_UTC_TIME) @@ -1236,8 +1342,6 @@ { char *line, *p; - /* the value is is a SET OF OBJECT ID but the set must have - excactly one OBJECT ID. (rfc2630 11.1) */ if ( !(n->type == TYPE_SET_OF && n->down && n->down->type == TYPE_OBJECT_ID && !n->down->right)) { @@ -3360,8 +3464,6 @@ } - - /* The user has calculated the signatures and we can therefore write everything left over to do. */ static gpg_error_t @@ -3374,9 +3476,15 @@ struct oidlist_s *digestlist; struct signer_info_s *si; struct sig_val_s *sv; + struct oidparmlist_s *opl; ksba_writer_t tmpwrt = NULL; AsnNode root = NULL; ksba_der_t dbld = NULL; + struct attrarray_s *attrarray = NULL; + int attridx = 0; + unsigned int attrsize; + AsnNode attr = NULL; + int i; /* Now we can really write the signer info */ err = ksba_asn_create_tree ("cms", &cms_tree); @@ -3582,6 +3690,116 @@ goto leave; } + /* If we have any unsigned attributes we can now insert them + * directly into the tree. Note that the list may contain + * different (i.e. more) unsigned items than when the signed + * attributes were hashed. */ + for (attrsize = 0, opl = cms->attribute_list; opl; opl = opl->next) + { + if (!opl->unprotected) + continue; + if (!(opl->signeridx == -1 || opl->signeridx == signer)) + continue; + attrsize++; + } + + if (attrsize) /* We have unsigned attributes - insert them. */ + { + /* Allocate slots. */ + attrarray = xtrycalloc (attrsize, sizeof *attrarray); + if (!attrarray) + { + err = gpg_error_from_syserror (); + goto leave; + } + + for (opl = cms->attribute_list; opl; opl = opl->next) + { + if (!opl->unprotected) + continue; + if (!(opl->signeridx == -1 || opl->signeridx == signer)) + continue; + + attr = _ksba_asn_expand_tree (cms_tree->parse_tree, + "CryptographicMessageSyntax.Attribute"); + if (!attr) + { + err = gpg_error (GPG_ERR_ELEMENT_NOT_FOUND); + goto leave; + } + n = _ksba_asn_find_node (attr, "Attribute.attrType"); + if (!n) + { + err = gpg_error (GPG_ERR_ELEMENT_NOT_FOUND); + goto leave; + } + err = _ksba_der_store_oid (n, opl->oid); + if (err) + goto leave; + n = _ksba_asn_find_node (attr, "Attribute.attrValues"); + if (!n || !n->down) + { + err = gpg_error (GPG_ERR_ELEMENT_NOT_FOUND); + goto leave; + } + n = n->down; + gpgrt_log_printhex (opl->parm, opl->parmlen, + "signer %d, oid=%s der=", signer, opl->oid); + err = _ksba_der_store_set_of (n, opl->parm, opl->parmlen); + if (err) + goto leave; + + err = _ksba_der_encode_tree (attr, &image, &imagelen); + if (err) + goto leave; + + assert (attridx < attrsize); + attrarray[attridx].root = attr; + attr = NULL; + attrarray[attridx].image = image; + attrarray[attridx].imagelen = imagelen; + attridx++; + } + + qsort (attrarray, attridx, sizeof (struct attrarray_s), + compare_attrarray); + /* Now insert them to an SignerInfo tree. */ + n = _ksba_asn_find_node (root, "SignerInfo.unsignedAttrs"); + if (!n || !n->down) + { + err = gpg_error (GPG_ERR_ELEMENT_NOT_FOUND); + goto leave; + } + for (n = n->down->down; n && n->type != TYPE_SEQUENCE; n = n->right) + ; + if (!n) + { + err = gpg_error (GPG_ERR_ELEMENT_NOT_FOUND); + goto leave; + } + + assert (attridx <= attrsize); + for (i=0; i < attridx; i++) + { + if (i) + { + if ( !(n=_ksba_asn_insert_copy (n))) + { + err = gpg_error (GPG_ERR_ENOMEM); + goto leave; + } + } + err = _ksba_der_copy_tree (n, attrarray[i].root, + attrarray[i].image); + if (err) + goto leave; + _ksba_asn_release_nodes (attrarray[i].root); + free (attrarray[i].image); + attrarray[i].root = NULL; + attrarray[i].image = NULL; + } + } /* End inserting unsigned attributes. */ + /* Make the DER encoding and write it out. */ err = _ksba_der_encode_tree (root, &image, &imagelen); if (err) @@ -3623,8 +3841,14 @@ leave: ksba_asn_tree_release (cms_tree); _ksba_asn_release_nodes (root); + _ksba_asn_release_nodes (attr); ksba_writer_release (tmpwrt); _ksba_der_release (dbld); + for (i = 0; i < attridx; i++) + { + _ksba_asn_release_nodes (attrarray[i].root); + xfree (attrarray[i].image); + } return err; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.7.0/src/der-encoder.c new/libksba-1.8.0/src/der-encoder.c --- old/libksba-1.7.0/src/der-encoder.c 2026-05-06 15:56:00.000000000 +0200 +++ new/libksba-1.8.0/src/der-encoder.c 2026-05-12 18:21:57.000000000 +0200 @@ -496,7 +496,7 @@ if (tag < 0x1f) { *p = (class << 6) | tag; - if (!_ksba_asn_is_primitive (tag)) + if (class == CLASS_CONTEXT || !_ksba_asn_is_primitive (tag)) *p |= 0x20; p++; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.7.0/src/ksba.h new/libksba-1.8.0/src/ksba.h --- old/libksba-1.7.0/src/ksba.h 2026-05-07 10:05:16.000000000 +0200 +++ new/libksba-1.8.0/src/ksba.h 2026-05-13 12:04:56.000000000 +0200 @@ -45,11 +45,11 @@ /* The version of this header should match the one of the library. Do * not use this symbol in your application; use assuan_check_version * instead. */ -#define KSBA_VERSION "1.7.0" +#define KSBA_VERSION "1.8.0" /* The version number of this header. It may be used to handle minor * API incompatibilities. */ -#define KSBA_VERSION_NUMBER 0x010700 +#define KSBA_VERSION_NUMBER 0x010800 @@ -369,6 +369,9 @@ ksba_isotime_t r_sigtime); gpg_error_t ksba_cms_get_sigattr_oids (ksba_cms_t cms, int idx, const char *reqoid, char **r_value); +gpg_error_t ksba_cms_get_attribute (ksba_cms_t cms, int signer, int idx, + int unprotected, char **r_oid, + unsigned char **r_der, size_t *r_derlen); ksba_sexp_t ksba_cms_get_sig_val (ksba_cms_t cms, int idx); ksba_sexp_t ksba_cms_get_enc_val (ksba_cms_t cms, int idx); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.7.0/src/ksba.h.in new/libksba-1.8.0/src/ksba.h.in --- old/libksba-1.7.0/src/ksba.h.in 2026-05-05 14:12:16.000000000 +0200 +++ new/libksba-1.8.0/src/ksba.h.in 2026-05-12 11:18:35.000000000 +0200 @@ -369,6 +369,9 @@ ksba_isotime_t r_sigtime); gpg_error_t ksba_cms_get_sigattr_oids (ksba_cms_t cms, int idx, const char *reqoid, char **r_value); +gpg_error_t ksba_cms_get_attribute (ksba_cms_t cms, int signer, int idx, + int unprotected, char **r_oid, + unsigned char **r_der, size_t *r_derlen); ksba_sexp_t ksba_cms_get_sig_val (ksba_cms_t cms, int idx); ksba_sexp_t ksba_cms_get_enc_val (ksba_cms_t cms, int idx); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.7.0/src/libksba.def new/libksba-1.8.0/src/libksba.def --- old/libksba-1.7.0/src/libksba.def 2026-05-06 15:43:41.000000000 +0200 +++ new/libksba-1.8.0/src/libksba.def 2026-05-12 11:18:59.000000000 +0200 @@ -209,3 +209,4 @@ ksba_der_builder_get @163 ksba_cms_add_attribute @164 + ksba_cms_get_attribute @165 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.7.0/src/libksba.vers new/libksba-1.8.0/src/libksba.vers --- old/libksba-1.7.0/src/libksba.vers 2026-05-05 14:12:16.000000000 +0200 +++ new/libksba-1.8.0/src/libksba.vers 2026-05-12 11:35:29.000000000 +0200 @@ -75,6 +75,7 @@ ksba_cms_set_sig_val; ksba_cms_set_signing_time; ksba_cms_add_smime_capability; ksba_cms_add_attribute; + ksba_cms_get_attribute; ksba_crl_get_digest_algo; ksba_crl_get_issuer; ksba_crl_get_item; ksba_crl_get_sig_val; ksba_crl_get_update_times; ksba_crl_new; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.7.0/src/visibility.c new/libksba-1.8.0/src/visibility.c --- old/libksba-1.7.0/src/visibility.c 2026-05-05 14:12:16.000000000 +0200 +++ new/libksba-1.8.0/src/visibility.c 2026-05-12 11:27:21.000000000 +0200 @@ -411,6 +411,15 @@ gpg_error_t +ksba_cms_get_attribute (ksba_cms_t cms, int signer, int idx, int unprotected, + char **r_oid, unsigned char **r_der, size_t *r_derlen) +{ + return _ksba_cms_get_attribute (cms, signer, idx, unprotected, + r_oid, r_der, r_derlen); +} + + +gpg_error_t ksba_cms_get_message_digest (ksba_cms_t cms, int idx, char **r_digest, size_t *r_digest_len) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.7.0/src/visibility.h new/libksba-1.8.0/src/visibility.h --- old/libksba-1.7.0/src/visibility.h 2026-05-05 14:12:16.000000000 +0200 +++ new/libksba-1.8.0/src/visibility.h 2026-05-12 11:53:13.000000000 +0200 @@ -119,6 +119,7 @@ #define ksba_cms_set_signing_time _ksba_cms_set_signing_time #define ksba_cms_add_smime_capability _ksba_cms_add_smime_capability #define ksba_cms_add_attribute _ksba_cms_add_attribute +#define ksba_cms_get_attribute _ksba_cms_get_attribute #define ksba_crl_get_digest_algo _ksba_crl_get_digest_algo #define ksba_crl_get_issuer _ksba_crl_get_issuer @@ -327,6 +328,7 @@ #undef ksba_cms_set_signing_time #undef ksba_cms_add_smime_capability #undef ksba_cms_add_attribute +#undef ksba_cms_get_attribute #undef ksba_crl_get_digest_algo #undef ksba_crl_get_issuer @@ -504,6 +506,7 @@ MARK_VISIBLE (ksba_cms_set_signing_time) MARK_VISIBLE (ksba_cms_add_smime_capability) MARK_VISIBLE (ksba_cms_add_attribute) +MARK_VISIBLE (ksba_cms_get_attribute) MARK_VISIBLE (ksba_crl_get_digest_algo) MARK_VISIBLE (ksba_crl_get_issuer) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.7.0/tests/cert-basic.c new/libksba-1.8.0/tests/cert-basic.c --- old/libksba-1.7.0/tests/cert-basic.c 2025-11-28 16:12:30.000000000 +0100 +++ new/libksba-1.8.0/tests/cert-basic.c 2026-05-12 13:56:58.000000000 +0200 @@ -552,7 +552,7 @@ if (verbose) { fputs (" pubkey-DER: ", stdout); - print_hex (der, derlen); + print_hex (der, derlen, 0); putchar ('\n'); } err = _ksba_keyinfo_to_sexp (der, derlen, &tmp); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.7.0/tests/t-cms-parser.c new/libksba-1.8.0/tests/t-cms-parser.c --- old/libksba-1.7.0/tests/t-cms-parser.c 2022-09-16 12:24:38.000000000 +0200 +++ new/libksba-1.8.0/tests/t-cms-parser.c 2026-05-12 17:36:58.000000000 +0200 @@ -26,6 +26,7 @@ #include "../src/ksba.h" +#include "oidtranstbl.h" #include "t-common.h" @@ -50,6 +51,74 @@ return 0; } +/* Return the description for OID; if no description is available + NULL is returned. */ +static const char * +get_oid_desc (const char *oid) +{ + int i; + + if (oid) + for (i=0; oidtranstbl[i].oid; i++) + if (!strcmp (oidtranstbl[i].oid, oid)) + return oidtranstbl[i].desc; + return NULL; +} + + +static void +print_oid_and_desc (const char *oid, int with_lf) +{ + const char *s = get_oid_desc (oid); + printf ("%s%s%s%s", + oid, s?" (":"", s?s:"", s?")":""); + if (with_lf) + putchar ('\n'); +} + + + +static gpg_error_t +dump_one_attribute_set (ksba_cms_t cms, int signer, int unprotected) +{ + gpg_error_t err; + int idx; + char *oid = NULL; + unsigned char *der = NULL; + size_t derlen; + int plen; + + for (idx=0; ; idx++) + { + ksba_free (oid); + ksba_free (der); + err = ksba_cms_get_attribute (cms, signer, idx, unprotected, + &oid, &der, &derlen); + if (err) + break; + plen = printf ("signer %d - %sattr %d: ", + signer, unprotected?"u":"s", idx); + print_oid_and_desc (oid, 1); + if (der) + { + printf ("%*s", plen, ""); + if (derlen > 96 && verbose < 2) + { + print_hex (der, 96, plen); + printf ("\n%*s[... --all prints more]",plen,""); + } + else + print_hex (der, derlen, plen); + putchar ('\n'); + } + } + ksba_free (oid); + ksba_free (der); + + if (gpg_err_code (err) == GPG_ERR_EOF) + err = 0; + return err; +} static void @@ -236,7 +305,7 @@ if (!quiet) { printf ("signer %d - messageDigest: ", idx); - print_hex (dn, n); + print_hex (dn, n, 0); putchar ('\n'); } ksba_free (dn); @@ -280,6 +349,23 @@ } } + if (verbose) + { + int signer; + + for (signer=0; ; signer++) + { + err = dump_one_attribute_set (cms, signer, 0); + if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) + break; /* No more signer. */ + fail_if_err2 (fname, err); + err = dump_one_attribute_set (cms, signer, 1); + if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) + break; /* No more signer. */ + fail_if_err2 (fname, err); + } + } + ksba_cms_release (cms); ksba_writer_release (w); ksba_reader_release (r); @@ -301,6 +387,11 @@ verbose = 1; argc--; argv++; } + if (argc && !strcmp (*argv, "--all")) + { + verbose = 2; + argc--; argv++; + } if (argc) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.7.0/tests/t-common.h new/libksba-1.8.0/tests/t-common.h --- old/libksba-1.7.0/tests/t-common.h 2026-05-05 13:47:08.000000000 +0200 +++ new/libksba-1.8.0/tests/t-common.h 2026-05-12 14:06:43.000000000 +0200 @@ -79,14 +79,21 @@ void -print_hex (const unsigned char *p, size_t n) +print_hex (const unsigned char *p, size_t n, int wrapindent) { + int count = 0; + if (!p) fputs ("none", stdout); else { for (; n; n--, p++) - printf ("%02X", *p); + { + if (wrapindent && count && !(count % 32)) + printf ("\n%*s", wrapindent, ""); + printf ("%02X", *p); + count++; + } } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.7.0/tests/t-ocsp.c new/libksba-1.8.0/tests/t-ocsp.c --- old/libksba-1.7.0/tests/t-ocsp.c 2025-11-28 16:12:30.000000000 +0100 +++ new/libksba-1.8.0/tests/t-ocsp.c 2026-05-12 13:57:25.000000000 +0200 @@ -313,7 +313,7 @@ crit? "crit. ":"", crit?"":"......", s?"(":"", s?s:"", s?") ":"", oid); - print_hex (der, derlen); + print_hex (der, derlen, 0); putchar (')'); putchar ('\n'); } @@ -329,7 +329,7 @@ crit? "crit. ":"", crit?"":"......", s?"(":"", s?s:"", s?") ":"", oid); - print_hex (der, derlen); + print_hex (der, derlen, 0); putchar (')'); putchar ('\n'); }
