Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ghc-crypton-x509-system for
openSUSE:Factory checked in at 2026-06-10 15:59:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ghc-crypton-x509-system (Old)
and /work/SRC/openSUSE:Factory/.ghc-crypton-x509-system.new.2375 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-crypton-x509-system"
Wed Jun 10 15:59:02 2026 rev:2 rq:1358353 version:1.6.8
Changes:
--------
---
/work/SRC/openSUSE:Factory/ghc-crypton-x509-system/ghc-crypton-x509-system.changes
2023-11-23 21:43:07.988983030 +0100
+++
/work/SRC/openSUSE:Factory/.ghc-crypton-x509-system.new.2375/ghc-crypton-x509-system.changes
2026-06-10 15:59:55.885571265 +0200
@@ -1,0 +2,8 @@
+Wed Jan 7 05:08:59 UTC 2026 - Peter Simons <[email protected]>
+
+- Update crypton-x509-system to version 1.6.8.
+ Upstream added a new change log file in this release. With no
+ previous version to compare against, the automatic updater cannot
+ reliable determine the relevante entries for this release.
+
+-------------------------------------------------------------------
Old:
----
crypton-x509-system-1.6.7.tar.gz
New:
----
crypton-x509-system-1.6.8.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ghc-crypton-x509-system.spec ++++++
--- /var/tmp/diff_new_pack.Uoku6S/_old 2026-06-10 15:59:58.521680506 +0200
+++ /var/tmp/diff_new_pack.Uoku6S/_new 2026-06-10 15:59:58.521680506 +0200
@@ -1,7 +1,7 @@
#
# spec file for package ghc-crypton-x509-system
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2026 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
%global pkg_name crypton-x509-system
%global pkgver %{pkg_name}-%{version}
Name: ghc-%{pkg_name}
-Version: 1.6.7
+Version: 1.6.8
Release: 0
Summary: Handle per-operating-system X.509 accessors and storage
License: BSD-3-Clause
@@ -99,6 +99,7 @@
%license LICENSE
%files devel -f %{name}-devel.files
+%doc ChangeLog.md
%files -n ghc-%{pkg_name}-doc -f ghc-%{pkg_name}-doc.files
%license LICENSE
++++++ crypton-x509-system-1.6.7.tar.gz -> crypton-x509-system-1.6.8.tar.gz
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/crypton-x509-system-1.6.7/ChangeLog.md
new/crypton-x509-system-1.6.8/ChangeLog.md
--- old/crypton-x509-system-1.6.7/ChangeLog.md 1970-01-01 01:00:00.000000000
+0100
+++ new/crypton-x509-system-1.6.8/ChangeLog.md 2001-09-09 03:46:40.000000000
+0200
@@ -0,0 +1,8 @@
+# ChangeLog for crypton-x509-system
+
+## 1.6.8
+
+* Prefer OpenSSL env vars: SSL_CERT_FILE and SSL_CERT_DIR
+ [#26](https://github.com/kazu-yamamoto/crypton-certificate/pull/26)
+* Unix defaultSystemPaths: add new Fedora default cert filepath
+ [#19](https://github.com/kazu-yamamoto/crypton-certificate/pull/19)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/crypton-x509-system-1.6.7/Setup.hs
new/crypton-x509-system-1.6.8/Setup.hs
--- old/crypton-x509-system-1.6.7/Setup.hs 2001-09-09 03:46:40.000000000
+0200
+++ new/crypton-x509-system-1.6.8/Setup.hs 2001-09-09 03:46:40.000000000
+0200
@@ -1,2 +1,3 @@
import Distribution.Simple
+
main = defaultMain
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/crypton-x509-system-1.6.7/System/X509/Common.hs
new/crypton-x509-system-1.6.8/System/X509/Common.hs
--- old/crypton-x509-system-1.6.7/System/X509/Common.hs 1970-01-01
01:00:00.000000000 +0100
+++ new/crypton-x509-system-1.6.8/System/X509/Common.hs 2001-09-09
03:46:40.000000000 +0200
@@ -0,0 +1,26 @@
+module System.X509.Common (
+ maybeSSLCertEnvOr,
+)
+where
+
+import Data.Foldable (asum)
+import Data.Maybe (catMaybes, fromMaybe)
+import Data.Monoid (mconcat)
+import Data.X509.CertificateStore
+import System.Environment (lookupEnv)
+
+getOpenSslEnvs :: IO (Maybe String)
+getOpenSslEnvs =
+ asum
+ <$> traverse
+ lookupEnv
+ [ "SSL_CERT_FILE"
+ , "SSL_CERT_DIR"
+ ]
+
+maybeSSLCertEnvOr :: IO CertificateStore -> IO CertificateStore
+maybeSSLCertEnvOr defaultStore = do
+ overrideCertPaths <- getOpenSslEnvs
+ case overrideCertPaths of
+ Nothing -> defaultStore
+ Just certPath -> fromMaybe mempty <$> (readCertificateStore certPath)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/crypton-x509-system-1.6.7/System/X509/MacOS.hs
new/crypton-x509-system-1.6.8/System/X509/MacOS.hs
--- old/crypton-x509-system-1.6.7/System/X509/MacOS.hs 2001-09-09
03:46:40.000000000 +0200
+++ new/crypton-x509-system-1.6.8/System/X509/MacOS.hs 2001-09-09
03:46:40.000000000 +0200
@@ -1,15 +1,16 @@
-module System.X509.MacOS
- ( getSystemCertificateStore
- ) where
+module System.X509.MacOS (
+ getSystemCertificateStore,
+) where
-import Data.PEM (pemParseLBS, PEM(..))
-import System.Process
-import qualified Data.ByteString.Lazy as LBS
import Control.Applicative
+import qualified Data.ByteString.Lazy as LBS
import Data.Either
+import Data.PEM (PEM (..), pemParseLBS)
+import System.Process
import Data.X509
import Data.X509.CertificateStore
+import System.X509.Common (maybeSSLCertEnvOr)
rootCAKeyChain :: FilePath
rootCAKeyChain = "/System/Library/Keychains/SystemRootCertificates.keychain"
@@ -19,11 +20,20 @@
listInKeyChains :: [FilePath] -> IO [SignedCertificate]
listInKeyChains keyChains = do
- (_, Just hout, _, ph) <- createProcess (proc "security"
("find-certificate" : "-pa" : keyChains)) { std_out = CreatePipe }
+ (_, Just hout, _, ph) <-
+ createProcess
+ (proc "security" ("find-certificate" : "-pa" : keyChains))
+ { std_out = CreatePipe
+ }
pems <- either error id . pemParseLBS <$> LBS.hGetContents hout
- let targets = rights $ map (decodeSignedCertificate . pemContent) $ filter
((=="CERTIFICATE") . pemName) pems
+ let targets =
+ rights $
+ map (decodeSignedCertificate . pemContent) $
+ filter ((== "CERTIFICATE") . pemName) pems
_ <- targets `seq` waitForProcess ph
return targets
getSystemCertificateStore :: IO CertificateStore
-getSystemCertificateStore = makeCertificateStore <$> listInKeyChains
[rootCAKeyChain, systemKeyChain]
+getSystemCertificateStore =
+ maybeSSLCertEnvOr
+ (makeCertificateStore <$> listInKeyChains [rootCAKeyChain,
systemKeyChain])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/crypton-x509-system-1.6.7/System/X509/Unix.hs
new/crypton-x509-system-1.6.8/System/X509/Unix.hs
--- old/crypton-x509-system-1.6.7/System/X509/Unix.hs 2001-09-09
03:46:40.000000000 +0200
+++ new/crypton-x509-system-1.6.8/System/X509/Unix.hs 2001-09-09
03:46:40.000000000 +0200
@@ -11,13 +11,13 @@
-- the path can be dynamically override using the environment variable
-- defined by envPathOverride in the module, which by
-- default is SYSTEM_CERTIFICATE_PATH
---
-module System.X509.Unix
- ( getSystemCertificateStore
- ) where
+module System.X509.Unix (
+ getSystemCertificateStore,
+) where
-import System.Environment (getEnv)
import Data.X509.CertificateStore
+import System.Environment (getEnv)
+import System.X509.Common (maybeSSLCertEnvOr)
import Control.Applicative ((<$>))
import qualified Control.Exception as E
@@ -27,20 +27,23 @@
defaultSystemPaths :: [FilePath]
defaultSystemPaths =
- [ "/etc/ssl/certs/" -- linux
- , "/system/etc/security/cacerts/" -- android
- , "/usr/local/share/certs/" -- freebsd
- , "/etc/ssl/cert.pem" -- openbsd
+ [ "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" -- fedora
+ , "/etc/ssl/certs/" -- linux
+ , "/system/etc/security/cacerts/" -- android
+ , "/usr/local/share/certs/" -- freebsd
+ , "/etc/ssl/cert.pem" -- openbsd
]
envPathOverride :: String
envPathOverride = "SYSTEM_CERTIFICATE_PATH"
getSystemCertificateStore :: IO CertificateStore
-getSystemCertificateStore = mconcat . catMaybes <$> (getSystemPaths >>= mapM
readCertificateStore)
+getSystemCertificateStore =
+ maybeSSLCertEnvOr
+ (mconcat . catMaybes <$> (getSystemPaths >>= mapM
readCertificateStore))
getSystemPaths :: IO [FilePath]
-getSystemPaths = E.catch ((:[]) <$> getEnv envPathOverride) inDefault
- where
- inDefault :: E.IOException -> IO [FilePath]
- inDefault _ = return defaultSystemPaths
+getSystemPaths = E.catch ((: []) <$> getEnv envPathOverride) inDefault
+ where
+ inDefault :: E.IOException -> IO [FilePath]
+ inDefault _ = return defaultSystemPaths
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/crypton-x509-system-1.6.7/System/X509/Win32.hs
new/crypton-x509-system-1.6.8/System/X509/Win32.hs
--- old/crypton-x509-system-1.6.7/System/X509/Win32.hs 2001-09-09
03:46:40.000000000 +0200
+++ new/crypton-x509-system-1.6.8/System/X509/Win32.hs 2001-09-09
03:46:40.000000000 +0200
@@ -1,25 +1,27 @@
+{-# LANGUAGE CPP #-}
{-# LANGUAGE ForeignFunctionInterface #-}
{-# LANGUAGE ScopedTypeVariables #-}
-{-# LANGUAGE CPP #-}
-module System.X509.Win32
- ( getSystemCertificateStore
- ) where
+module System.X509.Win32 (
+ getSystemCertificateStore,
+) where
+
+import Data.Word
import Foreign.Ptr
import Foreign.Storable
-import Data.Word
-import Control.Monad (when)
import Control.Applicative
import Control.Exception (catch)
+import Control.Monad (when)
import qualified Data.ByteString.Internal as B
+import Data.ASN1.Error
import Data.X509
import Data.X509.CertificateStore
-import Data.ASN1.Error
import System.Win32.Types
+import System.X509.Common (maybeSSLCertEnvOr)
type HCertStore = Ptr Word8
type PCCERT_Context = Ptr Word8
@@ -30,7 +32,8 @@
c_CertCloseStore :: HCertStore -> DWORD -> IO ()
foreign import stdcall unsafe "CertEnumCertificatesInStore"
- c_CertEnumCertificatesInStore :: HCertStore -> PCCERT_Context -> IO
PCCERT_Context
+ c_CertEnumCertificatesInStore
+ :: HCertStore -> PCCERT_Context -> IO PCCERT_Context
certOpenSystemStore :: IO HCertStore
certOpenSystemStore = withTString "ROOT" $ \cstr ->
@@ -38,32 +41,35 @@
certFromContext :: PCCERT_Context -> IO (Either String SignedCertificate)
certFromContext cctx = do
- ty <- peek (castPtr cctx :: Ptr DWORD)
- p <- peek (castPtr (cctx `plusPtr` pbCertEncodedPos) :: Ptr (Ptr BYTE))
+ ty <- peek (castPtr cctx :: Ptr DWORD)
+ p <- peek (castPtr (cctx `plusPtr` pbCertEncodedPos) :: Ptr (Ptr BYTE))
len <- peek (castPtr (cctx `plusPtr` cbCertEncodedPos) :: Ptr DWORD)
process ty p len
- where process 1 p len = do
- b <- B.create (fromIntegral len) $ \dst -> B.memcpy dst p
(fromIntegral len)
- return $ decodeSignedObject b
- process ty _ _ =
- return $ Left ("windows certificate store: not supported type: "
++ show ty)
- pbCertEncodedPos = alignment (undefined :: Ptr (Ptr BYTE))
- cbCertEncodedPos = pbCertEncodedPos + sizeOf (undefined :: Ptr (Ptr
BYTE))
+ where
+ process 1 p len = do
+ b <- B.create (fromIntegral len) $ \dst -> B.memcpy dst p
(fromIntegral len)
+ return $ decodeSignedObject b
+ process ty _ _ =
+ return $ Left ("windows certificate store: not supported type: " ++
show ty)
+ pbCertEncodedPos = alignment (undefined :: Ptr (Ptr BYTE))
+ cbCertEncodedPos = pbCertEncodedPos + sizeOf (undefined :: Ptr (Ptr BYTE))
getSystemCertificateStore :: IO CertificateStore
-getSystemCertificateStore = do
+getSystemCertificateStore = maybeSSLCertEnvOr $ do
store <- certOpenSystemStore
when (store == nullPtr) $ error "no store"
certs <- loop store nullPtr
c_CertCloseStore store 0
return (makeCertificateStore certs)
- where loop st ptr = do
- r <- c_CertEnumCertificatesInStore st ptr
- if r == nullPtr
- then return []
- else do
+ where
+ loop st ptr = do
+ r <- c_CertEnumCertificatesInStore st ptr
+ if r == nullPtr
+ then return []
+ else
+ do
ecert <- certFromContext r
case ecert of
- Left _ -> loop st r
+ Left _ -> loop st r
Right cert -> (cert :) <$> (loop st r)
`catch` \(_ :: ASN1Error) -> loop st r
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/crypton-x509-system-1.6.7/System/X509.hs
new/crypton-x509-system-1.6.8/System/X509.hs
--- old/crypton-x509-system-1.6.7/System/X509.hs 2001-09-09
03:46:40.000000000 +0200
+++ new/crypton-x509-system-1.6.8/System/X509.hs 2001-09-09
03:46:40.000000000 +0200
@@ -1,14 +1,14 @@
{-# LANGUAGE CPP #-}
+
-- |
-- Module : System.X509
-- License : BSD-style
-- Maintainer : Vincent Hanquez <[email protected]>
-- Stability : experimental
-- Portability : good
---
-module System.X509
- ( getSystemCertificateStore
- ) where
+module System.X509 (
+ getSystemCertificateStore,
+) where
#if defined(WINDOWS)
import System.X509.Win32
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/crypton-x509-system-1.6.7/crypton-x509-system.cabal
new/crypton-x509-system-1.6.8/crypton-x509-system.cabal
--- old/crypton-x509-system-1.6.7/crypton-x509-system.cabal 2001-09-09
03:46:40.000000000 +0200
+++ new/crypton-x509-system-1.6.8/crypton-x509-system.cabal 2001-09-09
03:46:40.000000000 +0200
@@ -1,43 +1,54 @@
-Name: crypton-x509-system
-version: 1.6.7
-Synopsis: Handle per-operating-system X.509 accessors and storage
-Description: System X.509 handling for accessing operating system
dependents store and other storage methods
-License: BSD3
-License-file: LICENSE
-Copyright: Vincent Hanquez <[email protected]>
-Author: Vincent Hanquez <[email protected]>
-Maintainer: Kazu Yamamoto <[email protected]>
-Build-Type: Simple
-Category: Data
-stability: experimental
-Homepage: https://github.com/kazu-yamamoto/crypton-certificate
-Cabal-Version: >= 1.10
-
-Library
- Default-Language: Haskell2010
- Build-Depends: base >= 3 && < 5
- , bytestring
- , mtl
- , containers
- , directory
- , filepath
- , process
- , pem >= 0.1 && < 0.3
- , crypton-x509 >= 1.6
- , crypton-x509-store >= 1.6.2
- Exposed-modules: System.X509
- System.X509.Unix
- System.X509.MacOS
- ghc-options: -Wall
- if os(windows)
- cpp-options: -DWINDOWS
- Build-Depends: Win32, asn1-encoding
- extra-libraries: Crypt32
- Exposed-modules: System.X509.Win32
- if os(OSX)
- cpp-options: -DMACOSX
+cabal-version: >=1.10
+name: crypton-x509-system
+version: 1.6.8
+license: BSD3
+license-file: LICENSE
+copyright: Vincent Hanquez <[email protected]>
+maintainer: Kazu Yamamoto <[email protected]>
+author: Vincent Hanquez <[email protected]>
+stability: experimental
+homepage: https://github.com/kazu-yamamoto/crypton-certificate
+synopsis: Handle per-operating-system X.509 accessors and storage
+description:
+ System X.509 handling for accessing operating system dependents store and
other storage methods
+
+category: Data
+build-type: Simple
+extra-source-files: ChangeLog.md
source-repository head
- type: git
- location: https://github.com/kazu-yamamoto/crypton-certificate
- subdir: x509-system
+ type: git
+ location: https://github.com/kazu-yamamoto/crypton-certificate
+ subdir: x509-system
+
+library
+ exposed-modules:
+ System.X509
+ System.X509.Common
+ System.X509.Unix
+ System.X509.MacOS
+
+ default-language: Haskell2010
+ ghc-options: -Wall
+ build-depends:
+ base >=3 && <5,
+ bytestring,
+ mtl,
+ containers,
+ directory,
+ filepath,
+ process,
+ pem >=0.1 && <0.3,
+ crypton-x509 >=1.6,
+ crypton-x509-store >=1.6.2
+
+ if os(windows)
+ exposed-modules: System.X509.Win32
+ cpp-options: -DWINDOWS
+ extra-libraries: Crypt32
+ build-depends:
+ Win32,
+ asn1-encoding
+
+ if os(osx)
+ cpp-options: -DMACOSX
