Hello community, here is the log from the commit of package gwenhywfar for openSUSE:Factory checked in at 2016-10-18 10:43:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gwenhywfar (Old) and /work/SRC/openSUSE:Factory/.gwenhywfar.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gwenhywfar" Changes: -------- --- /work/SRC/openSUSE:Factory/gwenhywfar/gwenhywfar.changes 2016-09-12 13:27:42.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.gwenhywfar.new/gwenhywfar.changes 2016-10-18 10:43:08.000000000 +0200 @@ -1,0 +2,6 @@ +Fri Oct 14 19:02:52 UTC 2016 - [email protected] + +- Update to 4.16.0 + + Fix issues handling certificates + +------------------------------------------------------------------- Old: ---- gwenhywfar-4.15.5beta.tar.gz New: ---- gwenhywfar-4.16.0beta.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gwenhywfar.spec ++++++ --- /var/tmp/diff_new_pack.phjBUM/_old 2016-10-18 10:43:10.000000000 +0200 +++ /var/tmp/diff_new_pack.phjBUM/_new 2016-10-18 10:43:10.000000000 +0200 @@ -17,9 +17,9 @@ %define libversion 60 -%define devversion 4.15 +%define devversion 4.16 Name: gwenhywfar -Version: 4.15.5beta +Version: 4.16.0beta Release: 0 Summary: Multiplatform helper library for other libraries License: GPL-2.0+ and LGPL-2.1+ @@ -33,6 +33,7 @@ BuildRequires: libgcrypt-devel >= 1.2.0 BuildRequires: libopenssl-devel BuildRequires: libqt4-devel +#BuildRequires: qt-devel %if 0%{?fedora} == 15 BuildRequires: fox-devel >= 1.6 %else ++++++ gwenhywfar-4.15.5beta.tar.gz -> gwenhywfar-4.16.0beta.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gwenhywfar-4.15.5beta/ChangeLog new/gwenhywfar-4.16.0beta/ChangeLog --- old/gwenhywfar-4.15.5beta/ChangeLog 2016-07-14 22:48:20.000000000 +0200 +++ new/gwenhywfar-4.16.0beta/ChangeLog 2016-10-12 18:57:44.000000000 +0200 @@ -1,4 +1,64 @@ ------------------------------------------------------------------ +2016-10-12 18:55:46 +0200 Martin Preuss +Prepared release 4.16.0beta. + +------------------------------------------------------------------ +2016-10-12 18:51:33 +0200 Martin Preuss +gct-tool: Added command "showpasswords" +This command lists the passwords stored in a GWEN_PASSWD_STORE (which is used +by AqFinance to store passwords). + +------------------------------------------------------------------ +2016-10-12 18:50:32 +0200 Martin Preuss +Added function GWEN_PasswordStore_GetTokenList(). +This functions returns a list of tokens stored in a GWEN_PASSWD_STORE. + +------------------------------------------------------------------ +2016-10-07 21:03:35 +0200 Martin Preuss +Prepared 4.15.6beta. + +------------------------------------------------------------------ +2016-10-07 21:03:17 +0200 Martin Preuss +Improved readability slightly. + +------------------------------------------------------------------ +2016-08-27 21:13:19 +0200 Martin Preuss +Test... + +------------------------------------------------------------------ +2016-08-27 00:34:20 +0200 Martin Preuss +Test... + +------------------------------------------------------------------ +2016-07-28 00:05:46 +0200 Martin Preuss +Fixed a typo. + +------------------------------------------------------------------ +2016-07-27 23:36:23 +0200 Martin Preuss +Work on certificate handling for GNUTLS. +- we no longer maintain our own certificate files +- we now optionally try to find system-wide installed certificate + files in /etc/ssl/certs and in /usr/share/ca-certificates on non-win32 + systems. There is currently no solution for the case when both approaches + fail. There is of course gnutls_certificate_set_x509_system_trust(), but + that is only available since 3.0.20 and doesn not always work as expected + (according to https://www.happyassassin.net/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/) + Also, this doesn't work for precompiled and packaged binaries like those + of AqFinance, since the function uses those certificate files/dirs set at + compile-time of gnutls, and since the build system isn't necessarily the + target system, this approach might not always work. +- removed configure option --enable-builtin-certs +- added configure option --enable-system-certs + +------------------------------------------------------------------ +2016-07-27 23:30:00 +0200 Martin Preuss +Added some stuff to TOD file to remember later... + +------------------------------------------------------------------ +2016-07-26 17:02:45 +0200 Martin Preuss +Fixed a problem in as-scrub-include.m4 (patch by Thomas Baumgart from KMyMoney). + +------------------------------------------------------------------ 2016-07-14 22:01:52 +0200 Martin Preuss Prepared release 4.15.5beta. @@ -488,83 +548,3 @@ 2014-07-08 12:43:31 +0000 martin Fixed version string creation. git-svn-id: https://devel.aqbanking.de/svn/gwenhywfar/trunk@2336 70169cfe-8b10-0410-8925-dcb4b91034d8 - ------------------------------------------------------------------- -2014-07-08 12:43:27 +0000 martin -Added .gitignore entries. -git-svn-id: https://devel.aqbanking.de/svn/gwenhywfar/trunk@2335 70169cfe-8b10-0410-8925-dcb4b91034d8 - ------------------------------------------------------------------- -2014-07-08 12:32:53 +0000 martin -Added CMake package configuration files -May not work on Mac OSX or Windows because library extensision .so is -hard coded. - -From: Christian Dávid <[email protected]> - -git-svn-id: https://devel.aqbanking.de/svn/gwenhywfar/trunk@2334 70169cfe-8b10-0410-8925-dcb4b91034d8 - ------------------------------------------------------------------- -2014-07-04 12:33:12 +0000 martin -Export a function which I need in AqRadBase. -git-svn-id: https://devel.aqbanking.de/svn/gwenhywfar/trunk@2333 70169cfe-8b10-0410-8925-dcb4b91034d8 - ------------------------------------------------------------------- -2014-07-03 11:40:36 +0000 martin -Fixed my latest changes. -git-svn-id: https://devel.aqbanking.de/svn/gwenhywfar/trunk@2332 70169cfe-8b10-0410-8925-dcb4b91034d8 - ------------------------------------------------------------------- -2014-07-03 11:40:29 +0000 martin -Removed work-in-progress from normal compiling. -git-svn-id: https://devel.aqbanking.de/svn/gwenhywfar/trunk@2331 70169cfe-8b10-0410-8925-dcb4b91034d8 - ------------------------------------------------------------------- -2014-07-03 11:40:23 +0000 martin -Added built files to EXTRA_DIST. -git-svn-id: https://devel.aqbanking.de/svn/gwenhywfar/trunk@2330 70169cfe-8b10-0410-8925-dcb4b91034d8 - ------------------------------------------------------------------- -2014-07-03 11:32:47 +0000 martin -Fix 3rsa test. -From: Elias Oltmanns <[email protected]> - -git-svn-id: https://devel.aqbanking.de/svn/gwenhywfar/trunk@2329 70169cfe-8b10-0410-8925-dcb4b91034d8 - ------------------------------------------------------------------- -2014-07-03 11:32:40 +0000 martin -Only generate RSA keys whose modulus length in bits is a multiple of 8 -According to the documentation of Libgcrypt, the length in bits -specified when generating key pairs should always be a multiple of 8. -Hence, the usage of GWEN_Crypt_KeyRsa_GeneratePair2() is deprecated. - -From: Elias Oltmanns <[email protected]> - -git-svn-id: https://devel.aqbanking.de/svn/gwenhywfar/trunk@2328 70169cfe-8b10-0410-8925-dcb4b91034d8 - ------------------------------------------------------------------- -2014-07-03 11:32:32 +0000 martin -Be careful about sign issues when cropping buffers. -From: Elias Oltmanns <[email protected]> - -git-svn-id: https://devel.aqbanking.de/svn/gwenhywfar/trunk@2327 70169cfe-8b10-0410-8925-dcb4b91034d8 - ------------------------------------------------------------------- -2014-07-03 11:32:25 +0000 martin -Fix potential overrun in GWEN_Buffer_RemoveRoom() -Also reported and a similar patch provided by -G. Paul Ziemba <[email protected]>. - -From: Elias Oltmanns <[email protected]> - -git-svn-id: https://devel.aqbanking.de/svn/gwenhywfar/trunk@2326 70169cfe-8b10-0410-8925-dcb4b91034d8 - ------------------------------------------------------------------- -2014-07-03 11:32:19 +0000 martin -Rely on GWEN_Buffer_AllocRoom() to get things right -Checks for overflow and provision for an extra null character are -taken care of in one place and the caller should rely on that. - -From: Elias Oltmanns <[email protected]> - -git-svn-id: https://devel.aqbanking.de/svn/gwenhywfar/trunk@2325 70169cfe-8b10-0410-8925-dcb4b91034d8 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gwenhywfar-4.15.5beta/TODO new/gwenhywfar-4.16.0beta/TODO --- old/gwenhywfar-4.15.5beta/TODO 2014-07-23 22:28:23.000000000 +0200 +++ new/gwenhywfar-4.16.0beta/TODO 2016-10-07 20:46:38.000000000 +0200 @@ -17,3 +17,20 @@ C++: genfull -g cppdepn - Show callgraph for s specific function: gengraph -f FUNCTION_NAME -o OUTFILENAME --output-type=png + + + + +# read openssl certs +d = opendir("/etc/ssl/certs"); +gnutls_certificate_allocate_credentials(&ca_list); +while ((dent = readdir(d)) != NULL) { + sprintf(ca_file, "/etc/ssl/certs/%s", dent->d_name); + stat(ca_file, &s); + if (!S_ISREG(s.st_mode)) continue; + gnutls_certificate_set_x509_trust_file(ca_list, ca_file, + GNUTLS_X509_FMT_PEM); +} +closedir(d); + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gwenhywfar-4.15.5beta/config.h.in new/gwenhywfar-4.16.0beta/config.h.in --- old/gwenhywfar-4.15.5beta/config.h.in 2016-07-14 22:00:17.000000000 +0200 +++ new/gwenhywfar-4.16.0beta/config.h.in 2016-10-12 18:56:11.000000000 +0200 @@ -75,8 +75,8 @@ /* if memory debugging is wanted */ #undef GWEN_MEMORY_DEBUG -/* whether builtin trusted certificates should be set */ -#undef GWEN_TLS_USE_BUILTIN_CERTIFICATES +/* whether system-wide trusted certificates should be set */ +#undef GWEN_TLS_USE_SYSTEM_CERTIFICATES /* Define to 1 if you have the `alarm' function. */ #undef HAVE_ALARM diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gwenhywfar-4.15.5beta/configure new/gwenhywfar-4.16.0beta/configure --- old/gwenhywfar-4.15.5beta/configure 2016-07-14 21:59:53.000000000 +0200 +++ new/gwenhywfar-4.16.0beta/configure 2016-10-12 18:55:46.000000000 +0200 @@ -925,7 +925,7 @@ enable_binreloc enable_binreloc_threads enable_gwen_subproject -enable_builtin_certs +enable_system_certs enable_network_checks enable_local_install with_plugin_searchdir @@ -1638,7 +1638,7 @@ --enable-binreloc-threads compile binary relocation with threads support (default=yes) --enable-gwen-subproject make gwen only a subproject (default=no) - --enable-builtin-certs use built-in certificates (default=no) + --enable-system-certs use system-wide certificates (default=no) --disable-network-checks disables checks that assume available network during build (default=enabled) --enable-local-install allow local installation mode (default=no) --enable-variadic-macros enable variadic macros (default=yes) @@ -2888,8 +2888,8 @@ # versions # GWENHYWFAR_VERSION_MAJOR=4 -GWENHYWFAR_VERSION_MINOR=15 -GWENHYWFAR_VERSION_PATCHLEVEL=5 +GWENHYWFAR_VERSION_MINOR=16 +GWENHYWFAR_VERSION_PATCHLEVEL=0 GWENHYWFAR_VERSION_BUILD=0 GWENHYWFAR_VERSION_TAG="beta" @@ -2899,9 +2899,9 @@ # # SO version for Gwenhywfar # -GWENHYWFAR_SO_CURRENT="75" -GWENHYWFAR_SO_AGE="15" -GWENHYWFAR_SO_REVISION="5" +GWENHYWFAR_SO_CURRENT="76" +GWENHYWFAR_SO_AGE="16" +GWENHYWFAR_SO_REVISION="0" GWENHYWFAR_SO_EFFECTIVE="`echo \$(($GWENHYWFAR_SO_CURRENT-$GWENHYWFAR_SO_AGE))`" @@ -19844,21 +19844,21 @@ # check whether accompanying certificates should be used # -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether builtin trusted certificates should be set" >&5 -$as_echo_n "checking whether builtin trusted certificates should be set... " >&6; } -# Check whether --enable-builtin-certs was given. -if test "${enable_builtin_certs+set}" = set; then : - enableval=$enable_builtin_certs; enable_builtin_certs="$enableval" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether system-wide trusted certificates should be set" >&5 +$as_echo_n "checking whether system-wide trusted certificates should be set... " >&6; } +# Check whether --enable-system-certs was given. +if test "${enable_system_certs+set}" = set; then : + enableval=$enable_system_certs; enable_system_certs="$enableval" else - enable_builtin_certs="no" + enable_system_certs="no" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_builtin_certs" >&5 -$as_echo "$enable_builtin_certs" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_system_certs" >&5 +$as_echo "$enable_system_certs" >&6; } -if test "$enable_builtin_certs" != "no"; then +if test "$enable_system_certs" != "no"; then -$as_echo "#define GWEN_TLS_USE_BUILTIN_CERTIFICATES 1" >>confdefs.h +$as_echo "#define GWEN_TLS_USE_SYSTEM_CERTIFICATES 1" >>confdefs.h fi @@ -21806,7 +21806,7 @@ INCLUDE_DIRS=`echo $INCLUDE_DIRS | sed -e 's/.*<...> search starts here://' | sed -e 's/End of search list.*//'` for dir in $INCLUDE_DIRS; do - GIVEN_CFLAGS=$(echo $GIVEN_CFLAGS | sed -e "s;-I$dir ;;" | sed -e "s;-I$dir$;;") + GIVEN_CFLAGS=$(echo $GIVEN_CFLAGS | sed -e 's;-I$dir ;;' | sed -e 's;-I$dir$;;') done fox_includes=$GIVEN_CFLAGS @@ -22247,7 +22247,7 @@ INCLUDE_DIRS=`echo $INCLUDE_DIRS | sed -e 's/.*<...> search starts here://' | sed -e 's/End of search list.*//'` for dir in $INCLUDE_DIRS; do - GIVEN_CFLAGS=$(echo $GIVEN_CFLAGS | sed -e "s;-I$dir ;;" | sed -e "s;-I$dir$;;") + GIVEN_CFLAGS=$(echo $GIVEN_CFLAGS | sed -e 's;-I$dir ;;' | sed -e 's;-I$dir$;;') done qt4_includes=$GIVEN_CFLAGS @@ -23580,7 +23580,7 @@ INCLUDE_DIRS=`echo $INCLUDE_DIRS | sed -e 's/.*<...> search starts here://' | sed -e 's/End of search list.*//'` for dir in $INCLUDE_DIRS; do - GIVEN_CFLAGS=$(echo $GIVEN_CFLAGS | sed -e "s;-I$dir ;;" | sed -e "s;-I$dir$;;") + GIVEN_CFLAGS=$(echo $GIVEN_CFLAGS | sed -e 's;-I$dir ;;' | sed -e 's;-I$dir$;;') done ssl_includes=$GIVEN_CFLAGS @@ -23590,7 +23590,7 @@ INCLUDE_DIRS=`echo $INCLUDE_DIRS | sed -e 's/.*<...> search starts here://' | sed -e 's/End of search list.*//'` for dir in $INCLUDE_DIRS; do - GIVEN_CFLAGS=$(echo $GIVEN_CFLAGS | sed -e "s;-I$dir ;;" | sed -e "s;-I$dir$;;") + GIVEN_CFLAGS=$(echo $GIVEN_CFLAGS | sed -e 's;-I$dir ;;' | sed -e 's;-I$dir$;;') done gwenhywfar_includes=$GIVEN_CFLAGS @@ -23600,7 +23600,7 @@ INCLUDE_DIRS=`echo $INCLUDE_DIRS | sed -e 's/.*<...> search starts here://' | sed -e 's/End of search list.*//'` for dir in $INCLUDE_DIRS; do - GIVEN_CFLAGS=$(echo $GIVEN_CFLAGS | sed -e "s;-I$dir ;;" | sed -e "s;-I$dir$;;") + GIVEN_CFLAGS=$(echo $GIVEN_CFLAGS | sed -e 's;-I$dir ;;' | sed -e 's;-I$dir$;;') done all_includes=$GIVEN_CFLAGS @@ -26954,6 +26954,7 @@ echo "Symbol Visibility : $visibility_supported" echo "OpenSSL Support for gct-tool : $ssl_available" echo "GUI Support : $gwenhywfar_guis" +echo "Use system-wide certificates : $enable_system_certs" if test "$HAVE_GNUTLS_TRANSPORT_SET_ERRNO" = "yes"; then echo "GNUTLS : 1.6.1 or higher" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gwenhywfar-4.15.5beta/configure.ac new/gwenhywfar-4.16.0beta/configure.ac --- old/gwenhywfar-4.15.5beta/configure.ac 2016-07-14 21:59:33.000000000 +0200 +++ new/gwenhywfar-4.16.0beta/configure.ac 2016-10-12 18:55:27.000000000 +0200 @@ -28,8 +28,8 @@ # versions # GWENHYWFAR_VERSION_MAJOR=4 -GWENHYWFAR_VERSION_MINOR=15 -GWENHYWFAR_VERSION_PATCHLEVEL=5 +GWENHYWFAR_VERSION_MINOR=16 +GWENHYWFAR_VERSION_PATCHLEVEL=0 GWENHYWFAR_VERSION_BUILD=0 dnl "stable", "rcX", "betaX", "cvs" GWENHYWFAR_VERSION_TAG="beta" @@ -40,9 +40,9 @@ # # SO version for Gwenhywfar # -GWENHYWFAR_SO_CURRENT="75" -GWENHYWFAR_SO_AGE="15" -GWENHYWFAR_SO_REVISION="5" +GWENHYWFAR_SO_CURRENT="76" +GWENHYWFAR_SO_AGE="16" +GWENHYWFAR_SO_REVISION="0" GWENHYWFAR_SO_EFFECTIVE="`echo \$(($GWENHYWFAR_SO_CURRENT-$GWENHYWFAR_SO_AGE))`" @@ -320,15 +320,15 @@ # check whether accompanying certificates should be used # -AC_MSG_CHECKING(whether builtin trusted certificates should be set) -AC_ARG_ENABLE(builtin-certs, - [ --enable-builtin-certs use built-in certificates (default=no)], - enable_builtin_certs="$enableval", - enable_builtin_certs="no") -AC_MSG_RESULT($enable_builtin_certs) +AC_MSG_CHECKING(whether system-wide trusted certificates should be set) +AC_ARG_ENABLE(system-certs, + [ --enable-system-certs use system-wide certificates (default=no)], + enable_system_certs="$enableval", + enable_system_certs="no") +AC_MSG_RESULT($enable_system_certs) -if test "$enable_builtin_certs" != "no"; then - AC_DEFINE(GWEN_TLS_USE_BUILTIN_CERTIFICATES, 1, [whether builtin trusted certificates should be set]) +if test "$enable_system_certs" != "no"; then + AC_DEFINE(GWEN_TLS_USE_SYSTEM_CERTIFICATES, 1, [whether system-wide trusted certificates should be set]) fi @@ -1515,6 +1515,7 @@ echo "Symbol Visibility : $visibility_supported" echo "OpenSSL Support for gct-tool : $ssl_available" echo "GUI Support : $gwenhywfar_guis" +echo "Use system-wide certificates : $enable_system_certs" if test "$HAVE_GNUTLS_TRANSPORT_SET_ERRNO" = "yes"; then echo "GNUTLS : 1.6.1 or higher" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gwenhywfar-4.15.5beta/gwenhywfar.spec new/gwenhywfar-4.16.0beta/gwenhywfar.spec --- old/gwenhywfar-4.15.5beta/gwenhywfar.spec 2016-07-14 22:00:10.000000000 +0200 +++ new/gwenhywfar-4.16.0beta/gwenhywfar.spec 2016-10-12 18:56:05.000000000 +0200 @@ -3,7 +3,7 @@ %define name gwenhywfar -%define version 4.15.5beta +%define version 4.16.0beta %define rpm_cxxflags \"-O2 -march=i486 -mcpu=i586\" %define rpm_cflags \"-O2 -march=i486 -mcpu=i586\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gwenhywfar-4.15.5beta/m4/as-scrub-include.m4 new/gwenhywfar-4.16.0beta/m4/as-scrub-include.m4 --- old/gwenhywfar-4.15.5beta/m4/as-scrub-include.m4 2016-05-23 22:32:58.000000000 +0200 +++ new/gwenhywfar-4.16.0beta/m4/as-scrub-include.m4 2016-07-26 16:57:21.000000000 +0200 @@ -26,7 +26,7 @@ dnl line INCLUDE_DIRS=`echo $INCLUDE_DIRS | sed -e 's/.*<...> search starts here://' | sed -e 's/End of search list.*//'` for dir in $INCLUDE_DIRS; do - GIVEN_CFLAGS=$(echo $GIVEN_CFLAGS | sed -e "s;-I$dir ;;" | sed -e "s;-I$dir$;;") + GIVEN_CFLAGS=$(echo $GIVEN_CFLAGS | sed -e 's;-I$dir ;;' | sed -e 's;-I$dir$;;') done [$1]=$GIVEN_CFLAGS ]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gwenhywfar-4.15.5beta/src/gui/passwdstore.c new/gwenhywfar-4.16.0beta/src/gui/passwdstore.c --- old/gwenhywfar-4.15.5beta/src/gui/passwdstore.c 2014-10-12 15:12:22.000000000 +0200 +++ new/gwenhywfar-4.16.0beta/src/gui/passwdstore.c 2016-10-10 19:40:42.000000000 +0200 @@ -723,4 +723,81 @@ +int GWEN_PasswordStore_GetTokenList(GWEN_PASSWD_STORE *sto, GWEN_STRINGLIST *sl) { + int rv; + GWEN_FSLOCK *lck; + GWEN_FSLOCK_RESULT rs; + int pwErrors; + GWEN_DB_NODE *dbVar; + + /* make sure path exists */ + rv=GWEN_Directory_GetPath(sto->fileName, GWEN_PATH_FLAGS_VARIABLE); + if (rv<0) { + DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv); + return rv; + } + + /* lock file */ + lck=GWEN_FSLock_new(sto->fileName, GWEN_FSLock_TypeFile); + rs=GWEN_FSLock_Lock(lck, 60*1000, 0); + if (rs!=GWEN_FSLock_ResultOk) { + DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rs); + return GWEN_ERROR_IO; + } + + /* read and decode file */ + rv=GWEN_PasswordStore_ReadFile(sto); + if (rv<0) { + DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv); + GWEN_FSLock_Unlock(lck); + GWEN_FSLock_free(lck); + return rv; + } + + /* unlock file */ + GWEN_FSLock_Unlock(lck); + GWEN_FSLock_free(lck); + + + /* read list of tokens from the file */ + pwErrors=0; + dbVar=GWEN_DB_GetFirstVar(sto->dbPasswords); + while(dbVar) { + const char *s; + + s=GWEN_DB_VariableName(dbVar); + if (s && *s) { + GWEN_BUFFER *buf; + int rv; + + buf=GWEN_Buffer_new(0, 256, 0, 1); + rv=GWEN_Text_UnescapeToBufferTolerant(s, buf); + if (rv<0) { + DBG_ERROR(GWEN_LOGDOMAIN, "Error unescaping token name (%d), ignoring", rv); + pwErrors++; + } + else { + GWEN_StringList_AppendString(sl, GWEN_Buffer_GetStart(buf), 0, 0); + } + GWEN_Buffer_free(buf); + } + else + pwErrors++; + + dbVar=GWEN_DB_GetNextVar(dbVar); + } + + /* release passwords */ + GWEN_PasswordStore_SafeFreeDb(sto); + + if (pwErrors) { + DBG_ERROR(GWEN_LOGDOMAIN, "Got %d errors.", pwErrors); + return GWEN_ERROR_GENERIC; + } + + return 0; +} + + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gwenhywfar-4.15.5beta/src/gui/passwdstore.h new/gwenhywfar-4.16.0beta/src/gui/passwdstore.h --- old/gwenhywfar-4.15.5beta/src/gui/passwdstore.h 2014-07-23 22:28:23.000000000 +0200 +++ new/gwenhywfar-4.16.0beta/src/gui/passwdstore.h 2016-10-10 21:44:02.000000000 +0200 @@ -27,6 +27,7 @@ #include <gwenhywfar/gwenhywfarapi.h> +#include <gwenhywfar/stringlist.h> #ifdef __cplusplus @@ -51,6 +52,8 @@ GWENHYWFAR_API int GWEN_PasswordStore_GetPassword(GWEN_PASSWD_STORE *sto, const char *token, char *buffer, int minLen, int maxLen); +GWENHYWFAR_API +int GWEN_PasswordStore_GetTokenList(GWEN_PASSWD_STORE *sto, GWEN_STRINGLIST *sl); #ifdef __cplusplus diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gwenhywfar-4.15.5beta/src/ressource.rc new/gwenhywfar-4.16.0beta/src/ressource.rc --- old/gwenhywfar-4.15.5beta/src/ressource.rc 2016-07-14 22:00:10.000000000 +0200 +++ new/gwenhywfar-4.16.0beta/src/ressource.rc 2016-10-12 18:56:05.000000000 +0200 @@ -43,8 +43,8 @@ // Version VS_VERSION_INFO VERSIONINFO - FILEVERSION 4, 15, 5, 0 - PRODUCTVERSION 4, 15, 5, 0 + FILEVERSION 4, 16, 0, 0 + PRODUCTVERSION 4, 16, 0, 0 FILEFLAGSMASK 0x3fL FILEFLAGS 0x0L FILEOS 0x40004L // Windows NT @@ -58,14 +58,14 @@ //VALUE "Comments", "\0" VALUE "CompanyName", " Aquamaniac\0" VALUE "FileDescription", "Multi purpose library\0" - VALUE "FileVersion", "v4.15.5beta\0" + VALUE "FileVersion", "v4.16.0beta\0" VALUE "InternalName", "Gwenhywfar\0" VALUE "LegalCopyright", "Copyright � 2003 by Martin Preuss\0" VALUE "LegalTrademarks", "Aquamaniac\0" VALUE "OriginalFilename", "GWENHYWFAR32.DLL\0" //VALUE "PrivateBuild", "\0" VALUE "ProductName", "Gwenhywfar\0" - VALUE "ProductVersion", "v4.15.5beta-0\0" + VALUE "ProductVersion", "v4.16.0beta-0\0" VALUE "Author", "Martin Preuss\0" VALUE "Email", "[email protected]\0" VALUE "Homepage", "http://gwenhywfar.sf.net/\0"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gwenhywfar-4.15.5beta/src/sio/syncio_tls.c new/gwenhywfar-4.16.0beta/src/sio/syncio_tls.c --- old/gwenhywfar-4.15.5beta/src/sio/syncio_tls.c 2016-07-13 23:49:41.000000000 +0200 +++ new/gwenhywfar-4.16.0beta/src/sio/syncio_tls.c 2016-10-07 21:02:32.000000000 +0200 @@ -264,7 +264,8 @@ -#if 0 +#if GWEN_TLS_USE_SYSTEM_CERTIFICATES +# ifndef OS_WIN32 static int GWEN_SyncIo_Tls_AddCaCertFolder(GWEN_SYNCIO *sio, const char *folder) { GWEN_SYNCIO_TLS *xio; int rv; @@ -302,8 +303,7 @@ s, rv, gnutls_strerror(rv)); } else { - DBG_INFO(GWEN_LOGDOMAIN, - "Added %d trusted certs from [%s]", rv, s); + DBG_INFO(GWEN_LOGDOMAIN, "Added %d trusted certs from [%s]", rv, s); successfullTustFileCount++; } } @@ -320,6 +320,7 @@ return successfullTustFileCount; } +# endif #endif @@ -408,7 +409,7 @@ /* find default trust file if none is selected */ if (lflags & GWEN_SYNCIO_TLS_FLAGS_ADD_TRUSTED_CAS) { -#if GWEN_TLS_USE_BUILTIN_CERTIFICATES +#if GWEN_TLS_USE_SYSTEM_CERTIFICATES /* disable setting of default trust file as discussed on aqbanking-users. * The rationale is that without this file being set gnutls should behave * correctly on each system. @@ -418,8 +419,7 @@ */ int trustFileSet=0; -# if 0 -# ifndef OS_WIN32 +# ifndef OS_WIN32 /* try to find OpenSSL certificates */ if (trustFileSet==0) { GWEN_STRINGLIST *paths; @@ -429,9 +429,7 @@ GWEN_StringList_AppendString(paths, "/etc/ssl/certs", 0, 0); nbuf=GWEN_Buffer_new(0, 256, 0, 1); - rv=GWEN_Directory_FindFileInPaths(paths, - "ca-certificates.crt", - nbuf); + rv=GWEN_Directory_FindFileInPaths(paths, "ca-certificates.crt", nbuf); GWEN_StringList_free(paths); if (rv==0) { DBG_INFO(GWEN_LOGDOMAIN, @@ -454,10 +452,10 @@ } GWEN_Buffer_free(nbuf); } -# endif +# endif -# ifndef OS_WIN32 +# ifndef OS_WIN32 /* try to find ca-certificates (at least available on Debian systems) */ if (trustFileSet==0) { rv=GWEN_Directory_GetPath("/usr/share/ca-certificates", GWEN_PATH_FLAGS_NAMEMUSTEXIST); @@ -472,45 +470,17 @@ } } -# endif # endif if (trustFileSet==0) { - GWEN_STRINGLIST *paths; - /* try to find our trust file */ - paths=GWEN_PathManager_GetPaths(GWEN_PM_LIBNAME, GWEN_PM_DATADIR); - if (paths) { - GWEN_BUFFER *nbuf; - - nbuf=GWEN_Buffer_new(0, 256, 0, 1); - rv=GWEN_Directory_FindFileInPaths(paths, - "ca-bundle.crt", - nbuf); - GWEN_StringList_free(paths); - if (rv==0) { - DBG_INFO(GWEN_LOGDOMAIN, - "Using default ca-bundle from [%s]", - GWEN_Buffer_GetStart(nbuf)); - rv=gnutls_certificate_set_x509_trust_file(xio->credentials, - GWEN_Buffer_GetStart(nbuf), - GNUTLS_X509_FMT_PEM); - if (rv<=0) { - DBG_ERROR(GWEN_LOGDOMAIN, - "gnutls_certificate_set_x509_trust_file(%s): %d (%s)", - GWEN_Buffer_GetStart(nbuf), rv, gnutls_strerror(rv)); - } - else { - DBG_INFO(GWEN_LOGDOMAIN, - "Added %d trusted certs", rv); - trustFileSet=1; - } - } - GWEN_Buffer_free(nbuf); - } + /* TODO: use gnutls_certificate_set_x509_system_trust() */ + trustFileSet=1; } + + if (trustFileSet==0) { DBG_WARN(GWEN_LOGDOMAIN, "No default bundle file found"); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gwenhywfar-4.15.5beta/src/version.h new/gwenhywfar-4.16.0beta/src/version.h --- old/gwenhywfar-4.15.5beta/src/version.h 2016-07-14 22:00:10.000000000 +0200 +++ new/gwenhywfar-4.16.0beta/src/version.h 2016-10-12 18:56:05.000000000 +0200 @@ -31,12 +31,12 @@ #define GWEN_VERSION_MAJOR 4 #define GWENHYWFAR_VERSION_MAJOR 4 -#define GWENHYWFAR_VERSION_MINOR 15 -#define GWENHYWFAR_VERSION_PATCHLEVEL 5 +#define GWENHYWFAR_VERSION_MINOR 16 +#define GWENHYWFAR_VERSION_PATCHLEVEL 0 #define GWENHYWFAR_VERSION_BUILD 0 #define GWENHYWFAR_VERSION_TAG "beta" -#define GWENHYWFAR_VERSION_FULL_STRING "4.15.5beta-0" -#define GWENHYWFAR_VERSION_STRING "4.15.5" +#define GWENHYWFAR_VERSION_FULL_STRING "4.16.0beta-0" +#define GWENHYWFAR_VERSION_STRING "4.16.0" #define GWENHYWFAR_SO_EFFECTIVE 60 #define GWENHYWFAR_SO_EFFECTIVE_STR "60" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gwenhywfar-4.15.5beta/tools/gcttool/Makefile.am new/gwenhywfar-4.16.0beta/tools/gcttool/Makefile.am --- old/gwenhywfar-4.15.5beta/tools/gcttool/Makefile.am 2014-07-23 22:28:23.000000000 +0200 +++ new/gwenhywfar-4.16.0beta/tools/gcttool/Makefile.am 2016-10-10 21:51:13.000000000 +0200 @@ -19,6 +19,7 @@ setkey.c \ hashtree.c \ checktree.c \ + showpasswords.c \ main.c gct_tool_LDADD=$(top_builddir)/src/$(gwenhywfar_internal_libname) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gwenhywfar-4.15.5beta/tools/gcttool/Makefile.in new/gwenhywfar-4.16.0beta/tools/gcttool/Makefile.in --- old/gwenhywfar-4.15.5beta/tools/gcttool/Makefile.in 2016-07-14 21:59:52.000000000 +0200 +++ new/gwenhywfar-4.16.0beta/tools/gcttool/Makefile.in 2016-10-12 18:55:44.000000000 +0200 @@ -128,7 +128,7 @@ create.$(OBJEXT) genkey.$(OBJEXT) showkey.$(OBJEXT) \ showuser.$(OBJEXT) update.$(OBJEXT) setsignseq.$(OBJEXT) \ setkey.$(OBJEXT) hashtree.$(OBJEXT) checktree.$(OBJEXT) \ - main.$(OBJEXT) + showpasswords.$(OBJEXT) main.$(OBJEXT) gct_tool_OBJECTS = $(am_gct_tool_OBJECTS) am__DEPENDENCIES_1 = @IS_WINDOWS_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) @@ -476,6 +476,7 @@ setkey.c \ hashtree.c \ checktree.c \ + showpasswords.c \ main.c gct_tool_LDADD = $(top_builddir)/src/$(gwenhywfar_internal_libname) \ @@ -600,6 +601,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/setkey.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/setsignseq.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/showkey.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/showpasswords.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/showuser.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/update.Po@am__quote@ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gwenhywfar-4.15.5beta/tools/gcttool/globals.h new/gwenhywfar-4.16.0beta/tools/gcttool/globals.h --- old/gwenhywfar-4.15.5beta/tools/gcttool/globals.h 2014-07-23 22:28:23.000000000 +0200 +++ new/gwenhywfar-4.16.0beta/tools/gcttool/globals.h 2016-10-10 21:51:59.000000000 +0200 @@ -1,7 +1,4 @@ /*************************************************************************** - $RCSfile$ - ------------------- - cvs : $Id: globals.h 923 2005-11-19 03:35:10Z aquamaniac $ begin : Mon Mar 01 2004 copyright : (C) 2004 by Martin Preuss email : [email protected] @@ -57,6 +54,8 @@ int checkTree(GWEN_DB_NODE *dbArgs, int argc, char **argv); +int showPasswords(GWEN_DB_NODE *dbArgs, int argc, char **argv); + #endif /* GCTTOOL_GLOBALS_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gwenhywfar-4.15.5beta/tools/gcttool/main.c new/gwenhywfar-4.16.0beta/tools/gcttool/main.c --- old/gwenhywfar-4.15.5beta/tools/gcttool/main.c 2014-07-23 22:28:23.000000000 +0200 +++ new/gwenhywfar-4.16.0beta/tools/gcttool/main.c 2016-10-10 21:53:30.000000000 +0200 @@ -224,6 +224,9 @@ I18N(" update:\n" " Update Crypt Token to newer version (e.g. OpenHBCI key" "files)\n\n")); + GWEN_Buffer_AppendString(ubuf, + I18N(" showpasswords:\n" + " Display passwords store in a GWEN_PASSWD_STORE file\n\n")); fprintf(stderr, "%s\n", GWEN_Buffer_GetStart(ubuf)); GWEN_Buffer_free(ubuf); @@ -273,6 +276,9 @@ else if (strcasecmp(cmd, "checkTree")==0) { rv=checkTree(db, argc, argv); } + else if (strcasecmp(cmd, "showpasswords")==0) { + rv=showPasswords(db, argc, argv); + } else { fprintf(stderr, "ERROR: Unknown command \"%s\".\n", cmd); rv=1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gwenhywfar-4.15.5beta/tools/gcttool/showpasswords.c new/gwenhywfar-4.16.0beta/tools/gcttool/showpasswords.c --- old/gwenhywfar-4.15.5beta/tools/gcttool/showpasswords.c 1970-01-01 01:00:00.000000000 +0100 +++ new/gwenhywfar-4.16.0beta/tools/gcttool/showpasswords.c 2016-10-10 21:55:33.000000000 +0200 @@ -0,0 +1,125 @@ +/*************************************************************************** + begin : Mon Oct 10 2016 + copyright : (C) 2016 by Martin Preuss + email : [email protected] + + *************************************************************************** + * Please see toplevel file COPYING for license details * + ***************************************************************************/ + +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif + +#include "globals.h" + +#include <gwenhywfar/debug.h> +//#include <gwenhywfar/ct.h> +//#include <gwenhywfar/ctplugin.h> +//#include <gwenhywfar/text.h> +#include <gwenhywfar/passwdstore.h> + + + + +/* + * Show passwords from a GWEN_PASSWD_STORE file. + */ + + +int showPasswords(GWEN_DB_NODE *dbArgs, int argc, char **argv) { + GWEN_DB_NODE *db; + const char *file; + GWEN_PASSWD_STORE *sto; + GWEN_STRINGLIST *sl; + GWEN_STRINGLISTENTRY *se; + int rv; + const GWEN_ARGS args[]={ + { + GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ + GWEN_ArgsType_Char, /* type */ + "file", /* name */ + 1, /* minnum */ + 1, /* maxnum */ + "f", /* short option */ + "file", /* long option */ + "Specify the password file", /* short description */ + "Specify the password file" /* long description */ + }, + { + GWEN_ARGS_FLAGS_HELP | GWEN_ARGS_FLAGS_LAST, /* flags */ + GWEN_ArgsType_Int, /* type */ + "help", /* name */ + 0, /* minnum */ + 0, /* maxnum */ + "h", /* short option */ + "help", /* long option */ + "Show this help screen", /* short description */ + "Show this help screen" /* long description */ + } + }; + + db=GWEN_DB_GetGroup(dbArgs, GWEN_DB_FLAGS_DEFAULT, "local"); + rv=GWEN_Args_Check(argc, argv, 1, + GWEN_ARGS_MODE_ALLOW_FREEPARAM, + args, + db); + if (rv==GWEN_ARGS_RESULT_ERROR) { + fprintf(stderr, "ERROR: Could not parse arguments\n"); + return 1; + } + else if (rv==GWEN_ARGS_RESULT_HELP) { + GWEN_BUFFER *ubuf; + + ubuf=GWEN_Buffer_new(0, 1024, 0, 1); + if (GWEN_Args_Usage(args, ubuf, GWEN_ArgsOutType_Txt)) { + fprintf(stderr, "ERROR: Could not create help string\n"); + return 1; + } + fprintf(stderr, "%s\n", GWEN_Buffer_GetStart(ubuf)); + GWEN_Buffer_free(ubuf); + return 0; + } + + file=GWEN_DB_GetCharValue(db, "file", 0, NULL); + assert(file); + + sto=GWEN_PasswordStore_new(file); + sl=GWEN_StringList_new(); + + rv=GWEN_PasswordStore_GetTokenList(sto, sl); + if (rv<0) { + fprintf(stderr, "ERROR: Could not get token list: %d\n", rv); + GWEN_PasswordStore_free(sto); + return 3; + } + + se=GWEN_StringList_FirstEntry(sl); + while(se) { + const char *s; + + s=GWEN_StringListEntry_Data(se); + if (s && *s) { + char passwd[512]; + + rv=GWEN_PasswordStore_GetPassword(sto, s, passwd, 1, sizeof(passwd)-1); + if (rv<0) { + fprintf(stderr, "ERROR: Could not get password for token \"%s\": %d\n", s, rv); + GWEN_PasswordStore_free(sto); + return 3; + } + passwd[sizeof(passwd)-1]=0; + fprintf(stdout, "\"%s\" -> \"%s\"\n", s, passwd); + memset(passwd, 0, sizeof(passwd)); + } + se=GWEN_StringListEntry_Next(se); + } + GWEN_StringList_free(sl); + + GWEN_PasswordStore_free(sto); + + return 0; +} + + +
