Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package ghc-crypton-x509-validation for 
openSUSE:Factory checked in at 2026-06-22 17:43:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ghc-crypton-x509-validation (Old)
 and      /work/SRC/openSUSE:Factory/.ghc-crypton-x509-validation.new.1956 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "ghc-crypton-x509-validation"

Mon Jun 22 17:43:53 2026 rev:5 rq:1361096 version:1.9.1

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/ghc-crypton-x509-validation/ghc-crypton-x509-validation.changes
  2026-06-10 16:00:01.845818259 +0200
+++ 
/work/SRC/openSUSE:Factory/.ghc-crypton-x509-validation.new.1956/ghc-crypton-x509-validation.changes
        2026-06-22 17:44:22.525168293 +0200
@@ -1,0 +2,12 @@
+Wed Jun  3 05:49:24 UTC 2026 - Peter Simons <[email protected]>
+
+- Update crypton-x509-validation to version 1.9.1 revision 1.
+  * Implementing the X509 name constrains extension. [CVE-2026-9648, 
bsc#1268157]
+  * Using "ram" instead of "memory".
+  * Depend on package `time-hourglass`, rather than `hourglass`. Date and
+    time-related types and classes are now those from the former package.
+    [#18](https://github.com/kazu-yamamoto/crypton-certificate/pull/18)
+  * Depend on package `crypton-asn1-types >= 0.4.1` rather than `asn1-types`.
+    ASN.1-related types and classes are now those from the former package.
+
+-------------------------------------------------------------------

Old:
----
  crypton-x509-validation-1.6.14.tar.gz

New:
----
  crypton-x509-validation-1.9.1.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ghc-crypton-x509-validation.spec ++++++
--- /var/tmp/diff_new_pack.YhNKZm/_old  2026-06-22 17:44:23.621206709 +0200
+++ /var/tmp/diff_new_pack.YhNKZm/_new  2026-06-22 17:44:23.625206849 +0200
@@ -20,7 +20,7 @@
 %global pkgver %{pkg_name}-%{version}
 %bcond_with tests
 Name:           ghc-%{pkg_name}
-Version:        1.6.14
+Version:        1.9.1
 Release:        0
 Summary:        X.509 Certificate and CRL validation
 License:        BSD-3-Clause
@@ -28,17 +28,19 @@
 Source0:        
https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz
 Source1:        
https://hackage.haskell.org/package/%{pkg_name}-%{version}/revision/1.cabal#/%{pkg_name}.cabal
 BuildRequires:  ghc-Cabal-devel
-BuildRequires:  ghc-asn1-encoding-devel
-BuildRequires:  ghc-asn1-encoding-prof
-BuildRequires:  ghc-asn1-types-devel
-BuildRequires:  ghc-asn1-types-prof
 BuildRequires:  ghc-base-devel
 BuildRequires:  ghc-base-prof
 BuildRequires:  ghc-bytestring-devel
 BuildRequires:  ghc-bytestring-prof
 BuildRequires:  ghc-containers-devel
 BuildRequires:  ghc-containers-prof
+BuildRequires:  ghc-crypton-asn1-encoding-devel
+BuildRequires:  ghc-crypton-asn1-encoding-prof
+BuildRequires:  ghc-crypton-asn1-types-devel
+BuildRequires:  ghc-crypton-asn1-types-prof
 BuildRequires:  ghc-crypton-devel
+BuildRequires:  ghc-crypton-pem-devel
+BuildRequires:  ghc-crypton-pem-prof
 BuildRequires:  ghc-crypton-prof
 BuildRequires:  ghc-crypton-x509-devel
 BuildRequires:  ghc-crypton-x509-prof
@@ -46,17 +48,15 @@
 BuildRequires:  ghc-crypton-x509-store-prof
 BuildRequires:  ghc-data-default-devel
 BuildRequires:  ghc-data-default-prof
-BuildRequires:  ghc-hourglass-devel
-BuildRequires:  ghc-hourglass-prof
 BuildRequires:  ghc-iproute-devel
 BuildRequires:  ghc-iproute-prof
-BuildRequires:  ghc-memory-devel
-BuildRequires:  ghc-memory-prof
 BuildRequires:  ghc-mtl-devel
 BuildRequires:  ghc-mtl-prof
-BuildRequires:  ghc-pem-devel
-BuildRequires:  ghc-pem-prof
+BuildRequires:  ghc-ram-devel
+BuildRequires:  ghc-ram-prof
 BuildRequires:  ghc-rpm-macros
+BuildRequires:  ghc-time-hourglass-devel
+BuildRequires:  ghc-time-hourglass-prof
 ExcludeArch:    %{ix86}
 %if %{with tests}
 BuildRequires:  ghc-tasty-devel
@@ -118,6 +118,7 @@
 %license LICENSE
 
 %files devel -f %{name}-devel.files
+%doc ChangeLog.md
 
 %files -n ghc-%{pkg_name}-doc -f ghc-%{pkg_name}-doc.files
 %license LICENSE

++++++ crypton-x509-validation-1.6.14.tar.gz -> 
crypton-x509-validation-1.9.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/crypton-x509-validation-1.6.14/ChangeLog.md 
new/crypton-x509-validation-1.9.1/ChangeLog.md
--- old/crypton-x509-validation-1.6.14/ChangeLog.md     1970-01-01 
01:00:00.000000000 +0100
+++ new/crypton-x509-validation-1.9.1/ChangeLog.md      2001-09-09 
03:46:40.000000000 +0200
@@ -0,0 +1,19 @@
+# ChangeLog for crypton-x509-validation
+
+## 1.9.1
+
+* Implementing the X509 name constrains extension.
+  [#30](https://github.com/kazu-yamamoto/crypton-certificate/pull/30)
+
+## 1.9.0
+
+* Using "ram" instead of "memory"
+  [#29](https://github.com/kazu-yamamoto/crypton-certificate/pull/29)
+
+## 1.8.0
+
+* Depend on package `time-hourglass`, rather than `hourglass`. Date and
+  time-related types and classes are now those from the former package.
+  [#18](https://github.com/kazu-yamamoto/crypton-certificate/pull/18)
+* Depend on package `crypton-asn1-types >= 0.4.1` rather than `asn1-types`.
+  ASN.1-related types and classes are now those from the former package.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/crypton-x509-validation-1.6.14/Data/X509/Validation.hs 
new/crypton-x509-validation-1.9.1/Data/X509/Validation.hs
--- old/crypton-x509-validation-1.6.14/Data/X509/Validation.hs  2001-09-09 
03:46:40.000000000 +0200
+++ new/crypton-x509-validation-1.9.1/Data/X509/Validation.hs   2001-09-09 
03:46:40.000000000 +0200
@@ -55,8 +55,8 @@
 import Data.X509.Validation.Fingerprint
 import Data.X509.Validation.Signature
 import Data.X509.Validation.Types
-import System.Hourglass
 import Text.Read (readMaybe)
+import Time.System
 
 -- | Possible reason of certificate and chain failure.
 --
@@ -65,7 +65,7 @@
 -- instead.
 data FailedReason
     = -- | certificate contains an unknown critical extension
-      UnknownCriticalExtension
+      UnknownCriticalExtension OID
     | -- | validity ends before checking time
       Expired
     | -- | validity starts after checking time
@@ -272,12 +272,21 @@
     -- ^ the return failed reasons (empty list is no failure)
 validatePure _ _ _ _ _ (CertificateChain []) = [EmptyChain]
 validatePure validationTime hooks checks store (fqhn, _) (CertificateChain 
(top : rchain)) =
-    hookFilterReason hooks (doLeafChecks |> doCheckChain 0 top rchain)
+    hookFilterReason
+        hooks
+        (doLeafChecks |> doCheckChain 0 top rchain |> doCheckNameConst top 
rchain)
   where
+    isExhaustive :: Bool
     isExhaustive = checkExhaustive checks
+
+    (|>) :: [FailedReason] -> [FailedReason] -> [FailedReason]
     a |> b = exhaustive isExhaustive a b
 
-    doLeafChecks = doNameCheck top ++ doV3Check topCert ++ doKeyUsageCheck 
topCert
+    doLeafChecks :: [FailedReason]
+    doLeafChecks =
+        doNameCheck top
+            ++ doV3Check topCert
+            ++ doKeyUsageCheck topCert
       where
         topCert = getCertificate top
 
@@ -300,9 +309,14 @@
                                         |> doCheckChain (level + 1) issuer 
remaining
                )
       where
+        cert :: Certificate
         cert = getCertificate current
     -- in a strict ordering check the next certificate has to be the issuer.
     -- otherwise we dynamically reorder the chain to have the necessary 
certificate
+    findIssuer
+        :: DistinguishedName
+        -> [SignedCertificate]
+        -> Maybe (SignedCertificate, [SignedCertificate])
     findIssuer issuerDN chain
         | checkStrictOrdering checks =
             case chain of
@@ -313,6 +327,7 @@
         | otherwise =
             (\x -> (x, filter (/= x) chain))
                 `fmap` find (matchSubjectIdentifier issuerDN . getCertificate) 
chain
+    matchSubjectIdentifier :: DistinguishedName -> Certificate -> Bool
     matchSubjectIdentifier = hookMatchSubjectIssuer hooks
 
     -- we check here that the certificate is allowed to be a certificate
@@ -342,16 +357,19 @@
                 | fromIntegral pl >= level -> True
                 | otherwise -> False
 
+    doNameCheck :: SignedCertificate -> [FailedReason]
     doNameCheck cert
         | not (checkFQHN checks) = []
         | otherwise = (hookValidateName hooks) fqhn (getCertificate cert)
 
+    doV3Check :: Certificate -> [FailedReason]
     doV3Check cert
         | checkLeafV3 checks = case certVersion cert of
             2 {- confusingly it means X509.V3 -} -> []
             _ -> [LeafNotV3]
         | otherwise = []
 
+    doKeyUsageCheck :: Certificate -> [FailedReason]
     doKeyUsageCheck cert =
         compareListIfExistAndNotNull
             mflags
@@ -377,20 +395,64 @@
             | intersect expected list == expected = []
             | otherwise = [err]
 
+    doCheckCertificate :: Certificate -> [FailedReason]
     doCheckCertificate cert =
         exhaustiveList
             (checkExhaustive checks)
             [ (checkTimeValidity checks, hookValidateTime hooks validationTime 
cert)
+            , (True, doCriticalExtensionSweep cert)
             ]
-    isSelfSigned :: Certificate -> Bool
-    isSelfSigned cert = certSubjectDN cert == certIssuerDN cert
-
     -- check signature of 'signedCert' against the 'signingCert'
+    checkSignature
+        :: SignedCertificate -> SignedCertificate -> [FailedReason]
     checkSignature signedCert signingCert =
         case verifySignedSignature signedCert (certPubKey $ getCertificate 
signingCert) of
             SignaturePass -> []
             SignatureFailed r -> [InvalidSignature r]
 
+    doCheckNameConst :: SignedCertificate -> [SignedCertificate] -> 
[FailedReason]
+    doCheckNameConst current0 chain0 = case loop current0 chain0 [] of
+        Left errs -> errs
+        Right ts -> checkNameConstraints ts
+      where
+        loop current chain acc = case findCertificate issuer store of
+            Just anchor -> Right $ getNameConstSpec (getCertificate anchor) 
True : spec : acc
+            Nothing
+                | null chain -> Left [] -- to pass the test
+                | otherwise -> case findIssuer issuer chain of
+                    Nothing -> Left [] -- to pass the test
+                    Just (issuer', remaining) -> loop issuer' remaining (spec 
: acc)
+          where
+            cert = getCertificate current
+            issuer = certIssuerDN cert
+            spec = getNameConstSpec cert (current0 /= current)
+
+isSelfSigned :: Certificate -> Bool
+isSelfSigned cert = certSubjectDN cert == certIssuerDN cert
+
+data NameConstSpec = NameConstSpec
+    { ncSANs :: [AltName]
+    , ncExt :: Maybe ExtNameConstraints
+    , ncSelfSigned :: Bool
+    , ncCA :: Bool
+    }
+
+getNameConstSpec :: Certificate -> Bool -> NameConstSpec
+getNameConstSpec cert ca =
+    NameConstSpec
+        { ncSANs = sans
+        , ncExt = extensionGet exts
+        , ncSelfSigned = isSelfSigned cert
+        , ncCA = ca
+        }
+  where
+    exts = certExtensions cert
+    subj = AltNameDN $ certSubjectDN cert
+    sans :: [AltName]
+    sans = case extensionGet exts of
+        Nothing -> [subj]
+        Just (ExtSubjectAltName alts) -> subj : alts
+
 -- | Validate that the current time is between validity bounds
 validateTime :: DateTime -> Certificate -> [FailedReason]
 validateTime currentTime cert
@@ -523,3 +585,91 @@
 exhaustiveList isExhaustive ((performCheck, c) : cs)
     | performCheck = exhaustive isExhaustive c (exhaustiveList isExhaustive cs)
     | otherwise = exhaustiveList isExhaustive cs
+
+checkNameConstraints :: [NameConstSpec] -> [FailedReason]
+checkNameConstraints xs0 = loop xs0
+  where
+    loop [] = []
+    loop [_] = []
+    loop [a, b] = check a b
+    loop (a : b : cs) =
+        check a b ++ case nextNameConstSpec a b of
+            Left errs -> errs
+            Right b' -> loop (b' : cs)
+
+    check ncs0 ncs1
+        | ncSelfSigned ncs1 = []
+        | otherwise = case ncExt ncs0 of
+            Nothing -> []
+            Just nc0 -> validateNamesInSubtrees (ncSANs ncs1) nc0
+
+nextNameConstSpec
+    :: NameConstSpec
+    -> NameConstSpec
+    -> Either [FailedReason] NameConstSpec
+nextNameConstSpec ncs0 ncs1
+    | not (ncCA ncs1) = Right ncs1
+    | otherwise = case stricter (ncExt ncs0) (ncExt ncs1) of
+        Left errs -> Left errs
+        Right mNC -> Right $ ncs1{ncExt = mNC}
+
+stricter
+    :: Maybe ExtNameConstraints -- issuer: should be looser
+    -> Maybe ExtNameConstraints -- should be stricter
+    -> Either [FailedReason] (Maybe ExtNameConstraints)
+stricter Nothing mnc = Right mnc
+stricter (Just x) Nothing = Left [InvalidName $ show x]
+stricter
+    (Just (ExtNameConstraints permitted0 excluded0))
+    (Just (ExtNameConstraints permitted1 excluded1))
+        | null errs =
+            Right $ Just $ ExtNameConstraints permitted1 (excluded1 ++ 
excluded0)
+        | otherwise = Left errs
+      where
+        errs = strictCheck permitted0 permitted1
+
+strictCheck :: [GeneralSubtree] -> [GeneralSubtree] -> [FailedReason]
+strictCheck permitted0 permitted1 = concatMap f permitted1
+  where
+    f (GeneralSubtree a _ _)
+        | any (\g -> (a `isIncludedIn` g) == Just True) permitted0 = []
+        | otherwise = [InvalidName $ show a]
+
+validateNamesInSubtrees :: [AltName] -> ExtNameConstraints -> [FailedReason]
+validateNamesInSubtrees altNames (ExtNameConstraints permitted excluded) =
+    concatMap inc altNames ++ concatMap exc altNames
+  where
+    inc a
+        | nsMatch a permitted = []
+        | otherwise = [InvalidName $ show a]
+    exc a
+        | nsNotMatch a excluded = []
+        | otherwise = [InvalidName $ show a]
+
+nsMatch :: AltName -> [GeneralSubtree] -> Bool
+nsMatch a gs = any (== Just True) rs || all isNothing rs
+  where
+    rs = map (a `isIncludedIn`) gs
+
+nsNotMatch :: AltName -> [GeneralSubtree] -> Bool
+nsNotMatch a gs = all (\g -> (a `isIncludedIn` g) /= Just True) gs
+
+isIncludedIn :: AltName -> GeneralSubtree -> Maybe Bool
+isIncludedIn (AltNameDN nm0) (GeneralSubtree (AltNameDN nm1) _ _) = Just (nm0 
== nm1)
+isIncludedIn (AltNameDNS nm0) (GeneralSubtree (AltNameDNS nm1) _ _) = Just 
(nm0 == nm1 || ('.' : nm1) `isSuffixOf` nm0)
+-- isIncludedIn (AltNameRFC822 _) (GeneralSubtree  (AltNameRFC822 _) _ _)= 
undefined
+-- isIncludedIn (AltNameURI _) (GeneralSubtree  (AltNameURI _) _ _)= undefined
+-- isIncludedIn (AltNameIP _) (GeneralSubtree (AltNameIP _) _ _)= undefined
+isIncludedIn _ _ = Nothing
+
+doCriticalExtensionSweep :: Certificate -> [FailedReason]
+doCriticalExtensionSweep cert = case mexts of
+    Nothing -> []
+    Just exts ->
+        [ UnknownCriticalExtension oid
+        | ExtensionRaw oid critical _ <- exts
+        , critical
+        , oid `notElem` recognizedOIDs
+        ]
+  where
+    Extensions mexts = certExtensions cert
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/crypton-x509-validation-1.6.14/Tests/Tests.hs 
new/crypton-x509-validation-1.9.1/Tests/Tests.hs
--- old/crypton-x509-validation-1.6.14/Tests/Tests.hs   2001-09-09 
03:46:40.000000000 +0200
+++ new/crypton-x509-validation-1.9.1/Tests/Tests.hs    2001-09-09 
03:46:40.000000000 +0200
@@ -20,7 +20,7 @@
 import qualified Data.ByteString as BS
 
 import Data.Hourglass
-import System.Hourglass
+import Time.System
 
 import Test.Tasty
 import Test.Tasty.HUnit
@@ -863,19 +863,73 @@
                     [NameMismatch "266.0.0.1"] -- 266 read in Word8 is 10
                 , testSubjectAltNameIP
                     res
-                    (BS.pack [0x20, 0x01, 0x0d, 0xb8, 0x85, 0xa3, 0, 0, 0, 0, 
0x8a, 0x2e, 0x03, 0x70, 0x73, 0x34])
+                    ( BS.pack
+                        [ 0x20
+                        , 0x01
+                        , 0x0d
+                        , 0xb8
+                        , 0x85
+                        , 0xa3
+                        , 0
+                        , 0
+                        , 0
+                        , 0
+                        , 0x8a
+                        , 0x2e
+                        , 0x03
+                        , 0x70
+                        , 0x73
+                        , 0x34
+                        ]
+                    )
                     "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
                     True
                     []
                 , testSubjectAltNameIP
                     res
-                    (BS.pack [0x20, 0x01, 0x0d, 0xb8, 0x85, 0xa3, 0, 0, 0, 0, 
0x8a, 0x2e, 0x03, 0x70, 0x73, 0x34])
+                    ( BS.pack
+                        [ 0x20
+                        , 0x01
+                        , 0x0d
+                        , 0xb8
+                        , 0x85
+                        , 0xa3
+                        , 0
+                        , 0
+                        , 0
+                        , 0
+                        , 0x8a
+                        , 0x2e
+                        , 0x03
+                        , 0x70
+                        , 0x73
+                        , 0x34
+                        ]
+                    )
                     "2001:0db8:85a3::8a2e:0370:7334"
                     True
                     []
                 , testSubjectAltNameIP
                     res
-                    (BS.pack [0x20, 0x01, 0x0d, 0xb8, 0x85, 0xa3, 0, 0, 0, 0, 
0x8a, 0x2e, 0x03, 0x70, 0x73, 0x34])
+                    ( BS.pack
+                        [ 0x20
+                        , 0x01
+                        , 0x0d
+                        , 0xb8
+                        , 0x85
+                        , 0xa3
+                        , 0
+                        , 0
+                        , 0
+                        , 0
+                        , 0x8a
+                        , 0x2e
+                        , 0x03
+                        , 0x70
+                        , 0x73
+                        , 0x34
+                        ]
+                    )
                     "2001:0db8:85a3:0:0:8a2e:0370:7334"
                     True
                     []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/crypton-x509-validation-1.6.14/crypton-x509-validation.cabal 
new/crypton-x509-validation-1.9.1/crypton-x509-validation.cabal
--- old/crypton-x509-validation-1.6.14/crypton-x509-validation.cabal    
2001-09-09 03:46:40.000000000 +0200
+++ new/crypton-x509-validation-1.9.1/crypton-x509-validation.cabal     
2001-09-09 03:46:40.000000000 +0200
@@ -1,63 +1,68 @@
-Name:                crypton-x509-validation
-version:             1.6.14
-Description:         X.509 Certificate and CRL validation. please see README
-License:             BSD3
-License-file:        LICENSE
-Copyright:           Vincent Hanquez <[email protected]>
-Author:              Vincent Hanquez <[email protected]>
-Maintainer:          Kazu Yamamoto <[email protected]>
-Synopsis:            X.509 Certificate and CRL validation
-Build-Type:          Simple
-Category:            Data
-stability:           experimental
-Homepage:            https://github.com/kazu-yamamoto/crypton-certificate
-Cabal-Version:       >= 1.10
+cabal-version:      >=1.10
+name:               crypton-x509-validation
+version:            1.9.1
+license:            BSD3
+license-file:       LICENSE
+copyright:          Vincent Hanquez <[email protected]>
+maintainer:         Kazu Yamamoto <[email protected]>
+author:             Vincent Hanquez <[email protected]>
+stability:          experimental
+homepage:           https://github.com/kazu-yamamoto/crypton-certificate
+synopsis:           X.509 Certificate and CRL validation
+description:        X.509 Certificate and CRL validation. please see README
+category:           Data
+build-type:         Simple
+extra-source-files: ChangeLog.md
 
-Library
-  Default-Language:  Haskell2010
-  Build-Depends:     base >= 3 && < 5
-                   , bytestring
-                   , memory
-                   , mtl
-                   , containers
-                   , hourglass
-                   , data-default
-                   , pem >= 0.1
-                   , asn1-types >= 0.3 && < 0.4
-                   , asn1-encoding >= 0.9 && < 0.10
-                   , crypton-x509 >= 1.7.5
-                   , crypton-x509-store >= 1.6
-                   , crypton >= 0.24
-                   , iproute >= 1.2.2
-  Exposed-modules:   Data.X509.Validation
-  Other-modules:     Data.X509.Validation.Signature
-                     Data.X509.Validation.Fingerprint
-                     Data.X509.Validation.Cache
-                     Data.X509.Validation.Types
-  ghc-options:       -Wall
+source-repository head
+    type:     git
+    location: https://github.com/kazu-yamamoto/crypton-certificate
+    subdir:   x509-validation
 
-Test-Suite test-x509-validation
-  Default-Language:  Haskell2010
-  type:              exitcode-stdio-1.0
-  hs-source-dirs:    Tests
-  Main-is:           Tests.hs
-  Other-modules:     Certificate
-  Build-Depends:     base >= 3 && < 5
-                   , bytestring
-                   , memory
-                   , data-default
-                   , tasty
-                   , tasty-hunit
-                   , hourglass
-                   , asn1-types
-                   , asn1-encoding
-                   , crypton-x509 >= 1.7.1
-                   , crypton-x509-store
-                   , crypton-x509-validation
-                   , crypton
-  ghc-options:       -Wall
+library
+    exposed-modules:  Data.X509.Validation
+    other-modules:
+        Data.X509.Validation.Signature
+        Data.X509.Validation.Fingerprint
+        Data.X509.Validation.Cache
+        Data.X509.Validation.Types
 
-source-repository head
-  type:     git
-  location: https://github.com/kazu-yamamoto/crypton-certificate
-  subdir:   x509-validation
+    default-language: Haskell2010
+    ghc-options:      -Wall
+    build-depends:
+        base >=3 && <5,
+        bytestring,
+        containers,
+        crypton >=1.1 && < 1.2,
+        crypton-asn1-types >=0.4.1 && <0.5,
+        crypton-asn1-encoding >=0.10.0 && <0.11,
+        crypton-pem >=0.2.4 && <0.4,
+        crypton-x509 >=1.9.0 && <1.10,
+        crypton-x509-store >=1.9.0 && <1.10,
+        data-default,
+        iproute >=1.2.2,
+        mtl,
+        ram,
+        time-hourglass
+
+test-suite test-x509-validation
+    type:             exitcode-stdio-1.0
+    main-is:          Tests.hs
+    hs-source-dirs:   Tests
+    other-modules:    Certificate
+    default-language: Haskell2010
+    ghc-options:      -Wall
+    build-depends:
+        base >=3 && <5,
+        bytestring,
+        crypton,
+        crypton-asn1-encoding,
+        crypton-asn1-types,
+        crypton-x509,
+        crypton-x509-store,
+        crypton-x509-validation,
+        data-default,
+        ram,
+        tasty,
+        tasty-hunit,
+        time-hourglass

++++++ crypton-x509-validation.cabal ++++++
--- /var/tmp/diff_new_pack.YhNKZm/_old  2026-06-22 17:44:23.745211055 +0200
+++ /var/tmp/diff_new_pack.YhNKZm/_new  2026-06-22 17:44:23.749211195 +0200
@@ -1,65 +1,70 @@
-Name:                crypton-x509-validation
-version:             1.6.14
+cabal-version:      >=1.10
+name:               crypton-x509-validation
+version:            1.9.1
 x-revision: 1
-Description:         X.509 Certificate and CRL validation. please see README
-License:             BSD3
-License-file:        LICENSE
-Copyright:           Vincent Hanquez <[email protected]>
-Author:              Vincent Hanquez <[email protected]>
-Maintainer:          Kazu Yamamoto <[email protected]>
-Synopsis:            X.509 Certificate and CRL validation
-Build-Type:          Simple
-Category:            Data
-stability:           experimental
-Homepage:            https://github.com/kazu-yamamoto/crypton-certificate
-Cabal-Version:       >= 1.10
+license:            BSD3
+license-file:       LICENSE
+copyright:          Vincent Hanquez <[email protected]>
+maintainer:         Kazu Yamamoto <[email protected]>
+author:             Vincent Hanquez <[email protected]>
+stability:          experimental
+homepage:           https://github.com/kazu-yamamoto/crypton-certificate
+synopsis:           X.509 Certificate and CRL validation
+description:        X.509 Certificate and CRL validation. please see README
+category:           Data
+build-type:         Simple
+extra-source-files: ChangeLog.md
 
-Library
-  Default-Language:  Haskell2010
-  Build-Depends:     base >= 3 && < 5
-                   , bytestring
-                   , memory
-                   , mtl
-                   , containers
-                   , hourglass
-                   , data-default
-                   , pem >= 0.1
-                   , asn1-types >= 0.3 && < 0.4
-                   , asn1-encoding >= 0.9 && < 0.10
-                   , crypton-x509 >= 1.7.5 && < 1.8
-                   , crypton-x509-store >= 1.6
-                   , crypton >= 0.24 && < 1.1
-                   , iproute >= 1.2.2
-  Exposed-modules:   Data.X509.Validation
-  Other-modules:     Data.X509.Validation.Signature
-                     Data.X509.Validation.Fingerprint
-                     Data.X509.Validation.Cache
-                     Data.X509.Validation.Types
-  ghc-options:       -Wall
+source-repository head
+    type:     git
+    location: https://github.com/kazu-yamamoto/crypton-certificate
+    subdir:   x509-validation
 
-Test-Suite test-x509-validation
-  Default-Language:  Haskell2010
-  type:              exitcode-stdio-1.0
-  hs-source-dirs:    Tests
-  Main-is:           Tests.hs
-  Other-modules:     Certificate
-  Build-Depends:     base >= 3 && < 5
-                   , bytestring
-                   , memory
-                   , data-default
-                   , tasty
-                   , tasty-hunit
-                   , hourglass
-                   , asn1-types
-                   , asn1-encoding
-                   , crypton-x509 >= 1.7.1
-                   , crypton-x509-store
-                   , crypton-x509-validation
-                   , crypton
-  ghc-options:       -Wall
+library
+    exposed-modules:  Data.X509.Validation
+    other-modules:
+        Data.X509.Validation.Signature
+        Data.X509.Validation.Fingerprint
+        Data.X509.Validation.Cache
+        Data.X509.Validation.Types
 
-source-repository head
-  type:     git
-  location: https://github.com/kazu-yamamoto/crypton-certificate
-  subdir:   x509-validation
+    default-language: Haskell2010
+    ghc-options:      -Wall
+    build-depends:
+        base >=3 && <5,
+        bytestring,
+        containers,
+        crypton >=1.1 && < 1.2,
+        crypton-asn1-types >=0.4.1 && <0.5,
+        crypton-asn1-encoding >=0.10.0 && <0.11,
+        crypton-pem >=0.2.4 && <0.4,
+        crypton-x509 >=1.9.1 && <1.10,
+        crypton-x509-store >=1.9.0 && <1.10,
+        data-default,
+        iproute >=1.2.2,
+        mtl,
+        ram,
+        time-hourglass
+
+test-suite test-x509-validation
+    type:             exitcode-stdio-1.0
+    main-is:          Tests.hs
+    hs-source-dirs:   Tests
+    other-modules:    Certificate
+    default-language: Haskell2010
+    ghc-options:      -Wall
+    build-depends:
+        base >=3 && <5,
+        bytestring,
+        crypton,
+        crypton-asn1-encoding,
+        crypton-asn1-types,
+        crypton-x509,
+        crypton-x509-store,
+        crypton-x509-validation,
+        data-default,
+        ram,
+        tasty,
+        tasty-hunit,
+        time-hourglass
 

Reply via email to