Bug#360766: marked as done (tinyca: insufficient version checks prohibit various functions)

Debian Bug Tracking System Sat, 03 Jun 2006 00:43:35 -0700

Your message dated Sat, 3 Jun 2006 09:04:33 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Bugs closed in version 0.7.2-2
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

Package: tinyca
Version: 0.7.2-1
Severity: important
Tags: patch

Hi,

some of the version checks in tinyca2 prohibit the use of various
functions in conjunction with openssl 0.9.8.

Affected functions:
- revocation of certificates
- giving resasons for certificate revocation

The attached patch solves the problem by
- making the version checks stricter
  (i.e. "." in perl regexes matches any character.
   to exactly match a period you need to write "\.")
- reverting the logic for some version checks
  (i.e. instead of "if (version = x || version = y) { action ... }",
   do "if (version != z) { action ... }")
   This makes tinyca more resilient against version changes in
   openssl provided the new versions have the same features
   and bugs fixed as the first correct one.
   This was the case for the 0.9.7 to 0.9.8 transition.

Please apply

Thanks for writing and packaging TinyCA2
Peter


-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-k7
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages tinyca depends on:
ii  libgtk2-perl                  1:1.104-1  Perl interface to the 2.x series o
ii  liblocale-gettext-perl        1.05-1     Using libc functions for internati
ii  openssl                       0.9.8a-7   Secure Socket Layer (SSL) binary a

Versions of packages tinyca recommends:
ii  zip                           2.31-3     Archiver for .zip files

-- no debconf information

--- lib/GUI.pm
+++ lib/GUI.pm  2006-04-03 12:04:59.000000000 +0200
@@ -1369,7 +1369,8 @@
          gettext("CA Password:"), \$opts->{'passwd'}, $table, 0, 0);
    $entry->grab_focus();
 
-   if($self->{'OpenSSL'}->{'version'} =~ /0.9.7/) {
+   # OpenSSL < 0.9.7 was not able to handle revocation reasons
+   if($self->{'OpenSSL'}->{'version'} !~ /^0\.9\.[0-6][a-z]?$/) {
       $label = GUI::HELPERS::create_label(
             gettext("Revocation Reason:"), 'left', 0, 0);
    
@@ -2187,8 +2188,8 @@
       }
    }
 
-   if(($self->{'OpenSSL'}->{'version'} =~ /0.9.7/) ||
-      ($self->{'OpenSSL'}->{'version'} =~ /0.9.8/)) {
+   # OpenSSL < 0.9.7 was not able to dynamically handle mailadresses in DNs
+   if($self->{'OpenSSL'}->{'version'} !~ /^0\.9\.[0-6][a-z]?$/) {
       $radiobox = Gtk2::HBox->new(0, 0);
       $key1 = Gtk2::RadioButton->new(undef, gettext("Yes"));
       $key1->set_active(1);
--- lib/OpenSSL.pm
+++ lib/OpenSSL.pm      2006-04-03 11:56:45.000000000 +0200
@@ -41,18 +41,16 @@
    my $v = <TEST>;
    close(TEST);
 
-   if($v =~ /0.9.6/) {
-      $self->{'version'} = "0.9.6";
-   } elsif ($v =~ /0.9.7/) {
-      $self->{'version'} = "0.9.7";
-   } elsif ($v =~ /0.9.8/) {
-      $self->{'version'} = "0.9.8";
+   # set version (format: e.g. 0.9.7 or 0.9.7a)
+   if($v =~ /\b(0\.9\.[678][a-z]?)\b/) {
+      $self->{'version'} = $1;
    }
 
-   if($v =~ /0.9.7f/ || $v =~ /0.9.7g/ || $v =~ /0.9.7h/)  {
-      $self->{'broken'} = 0;
-   } else {
+   # CRL & ??? output was broken before openssl 0.9.7f   
+   if($v =~ /\b0\.9\.[0-6][a-z]?\b/ || $v =~ /\b0\.9\.7[a-e]?\b/)  {
       $self->{'broken'} = 1;
+   } else {
+      $self->{'broken'} = 0;
    }
 
    bless($self, $class);
--- lib/CA.pm
+++ lib/CA.pm   2006-04-03 12:11:29.000000000 +0200
@@ -177,7 +177,8 @@
    }
    close(INDEX);
 
-   if($oldca && ($main->{'OpenSSL'}->{'version'} eq "0.9.7") && 
+   # offer CA conversion for old CAs and openssl >= 0.9.7
+   if($oldca && ($main->{'OpenSSL'}->{'version'} =~ /^0\.9\.[78][a-z]?$/) && 
          !$opts->{'noconv'} && !$opts->{'doconv'}) {
       GUI::HELPERS::set_status($main, gettext("  Convert CA"));
       while(Gtk2->events_pending) {
@@ -215,7 +216,7 @@
       close(INDEX);
       close(BAK);
 
-      $t = gettext("This CA is converted for openssl 0.9.7x now.");
+      $t = gettext("This CA is converted for openssl 0.9.7 or higher now.");
       $t .= "\n";
       $t .= gettext("You will find a backup copy of the index file at: ");
       $t .= $bak;

--- End Message ---

--- Begin Message ---

These bugs were fixed in 0.7.2-2, which was superseded by 0.7.3-1 before
it was uploaded.  The relevant changelog entry is shown belown.

tinyca (0.7.2-2) unstable; urgency=medium

  * Fixed openssl version checks again (Closes: #360555, #360766).  Thanks
    to Peter Marschall for the patch.
  * Fixed broken quit behavior (Closes: #360767).  Thanks to Peter
    Marschall for the patch.
  * Fixed "undef" warnings due to undefined MD5 fingerprints (Closes: #360768).
    Thanks to Peter Marschall for the patch.

 -- Christoph Ulrich Scholler <[EMAIL PROTECTED]>  Fri, 12 May 2006 18:14:03 
-0500

--- End Message ---

Bug#360766: marked as done (tinyca: insufficient version checks prohibit various functions)

Reply via email to