commit ghc-x509-validation for openSUSE:Factory

h_root Sat, 05 Nov 2016 13:27:24 -0700

Hello community,

here is the log from the commit of package ghc-x509-validation for 
openSUSE:Factory checked in at 2016-11-05 21:27:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ghc-x509-validation (Old)
 and      /work/SRC/openSUSE:Factory/.ghc-x509-validation.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "ghc-x509-validation"

Changes:
--------
--- /work/SRC/openSUSE:Factory/ghc-x509-validation/ghc-x509-validation.changes  
2016-10-22 13:21:03.000000000 +0200
+++ 
/work/SRC/openSUSE:Factory/.ghc-x509-validation.new/ghc-x509-validation.changes 
    2016-11-05 21:27:11.000000000 +0100
@@ -1,0 +2,5 @@
+Tue Oct 11 08:49:23 UTC 2016 - [email protected]
+
+- Update to version 1.6.5 with cabal2obs.
+
+-------------------------------------------------------------------

Old:
----
  x509-validation-1.6.4.tar.gz

New:
----
  x509-validation-1.6.5.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ghc-x509-validation.spec ++++++
--- /var/tmp/diff_new_pack.hVXOUz/_old  2016-11-05 21:27:12.000000000 +0100
+++ /var/tmp/diff_new_pack.hVXOUz/_new  2016-11-05 21:27:12.000000000 +0100
@@ -18,7 +18,7 @@
 
 %global pkg_name x509-validation
 Name:           ghc-%{pkg_name}
-Version:        1.6.4
+Version:        1.6.5
 Release:        0
 Summary:        X.509 Certificate and CRL validation
 License:        BSD-3-Clause

++++++ x509-validation-1.6.4.tar.gz -> x509-validation-1.6.5.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/x509-validation-1.6.4/Data/X509/Validation.hs 
new/x509-validation-1.6.5/Data/X509/Validation.hs
--- old/x509-validation-1.6.4/Data/X509/Validation.hs   2015-09-08 
07:55:29.000000000 +0200
+++ new/x509-validation-1.6.5/Data/X509/Validation.hs   2016-10-03 
09:36:01.000000000 +0200
@@ -33,6 +33,7 @@
 import Control.Monad (when)
 import Data.Default.Class
 import Data.ASN1.Types
+import Data.Char (toLower)
 import Data.X509
 import Data.X509.CertificateStore
 import Data.X509.Validation.Signature
@@ -330,11 +331,11 @@
 validateCertificateName :: HostName -> Certificate -> [FailedReason]
 validateCertificateName fqhn cert
     | not $ null altNames =
-        findMatch [] $ map (matchDomain . splitDot) altNames
+        findMatch [] $ map matchDomain altNames
     | otherwise =
         case commonName of
             Nothing -> [NoCommonName]
-            Just cn -> findMatch [] $ [matchDomain $ splitDot $ cn]
+            Just cn -> findMatch [] $ [matchDomain cn]
   where (commonName, altNames) = getNames cert
 
         findMatch :: [FailedReason] -> [[FailedReason]] -> [FailedReason]
@@ -342,14 +343,19 @@
         findMatch _   ([]:_)  = []
         findMatch acc (_ :xs) = findMatch acc xs
 
-        matchDomain :: [String] -> [FailedReason]
-        matchDomain l
-            | length (filter (== "") l) > 0 = [InvalidName (intercalate "." l)]
-            | head l == "*"                 = wildcardMatch (reverse $ drop 1 
l)
-            | l == splitDot fqhn            = [] -- success: we got a match
-            | otherwise                     = [NameMismatch fqhn]
+        matchDomain :: String -> [FailedReason]
+        matchDomain name = case splitDot name of
+            l | any (== "") l       -> [InvalidName name]
+              | head l == "*"       -> wildcardMatch (drop 1 l)
+              | l == splitDot fqhn  -> [] -- success: we got a match
+              | otherwise           -> [NameMismatch fqhn]
 
-        -- only 1 wildcard is valid, and if multiples are present
+        -- A wildcard matches a single domain name component.
+        --
+        -- e.g. *.server.com will match www.server.com but not www.m.server.com
+        --
+        -- Only 1 wildcard is valid and only for the left-most component. If
+        -- used at other positions or if multiples are present
         -- they won't have a wildcard meaning but will be match as normal star
         -- character to the fqhn and inevitably will fail.
         --
@@ -357,15 +363,15 @@
         --
         -- Also '*' is not accepted as a valid wildcard
         wildcardMatch l
-            | null l                                         = 
[InvalidWildcard] -- '*' is always invalid
-            | l == take (length l) (reverse $ splitDot fqhn) = [] -- success: 
we got a match
-            | otherwise                                      = [NameMismatch 
fqhn]
+            | null l                      = [InvalidWildcard] -- '*' is always 
invalid
+            | l == drop 1 (splitDot fqhn) = [] -- success: we got a match
+            | otherwise                   = [NameMismatch fqhn]
 
         splitDot :: String -> [String]
         splitDot [] = [""]
         splitDot x  =
             let (y, z) = break (== '.') x in
-            y : (if z == "" then [] else splitDot $ drop 1 z)
+            map toLower y : (if z == "" then [] else splitDot $ drop 1 z)
 
 
 -- | return true if the 'subject' certificate's issuer match
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/x509-validation-1.6.4/x509-validation.cabal 
new/x509-validation-1.6.5/x509-validation.cabal
--- old/x509-validation-1.6.4/x509-validation.cabal     2016-09-15 
22:56:34.000000000 +0200
+++ new/x509-validation-1.6.5/x509-validation.cabal     2016-10-03 
09:47:58.000000000 +0200
@@ -1,5 +1,5 @@
 Name:                x509-validation
-Version:             1.6.4
+Version:             1.6.5
 Description:         X.509 Certificate and CRL validation
 License:             BSD3
 License-file:        LICENSE

commit ghc-x509-validation for openSUSE:Factory

Reply via email to