Hello community, here is the log from the commit of package ghc-x509 for openSUSE:Factory checked in at 2018-05-30 12:15:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghc-x509 (Old) and /work/SRC/openSUSE:Factory/.ghc-x509.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-x509" Wed May 30 12:15:52 2018 rev:10 rq:607925 version:1.7.3 Changes: -------- --- /work/SRC/openSUSE:Factory/ghc-x509/ghc-x509.changes 2017-08-31 21:01:48.230396550 +0200 +++ /work/SRC/openSUSE:Factory/.ghc-x509.new/ghc-x509.changes 2018-05-30 12:27:55.372985115 +0200 @@ -1,0 +2,6 @@ +Mon May 14 17:02:11 UTC 2018 - psim...@suse.com + +- Update x509 to version 1.7.3 revision 1. + Upstream does not provide a changelog. + +------------------------------------------------------------------- Old: ---- x509-1.7.1.tar.gz New: ---- x509-1.7.3.tar.gz x509.cabal ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghc-x509.spec ++++++ --- /var/tmp/diff_new_pack.EjlWny/_old 2018-05-30 12:27:56.188956369 +0200 +++ /var/tmp/diff_new_pack.EjlWny/_new 2018-05-30 12:27:56.192956228 +0200 @@ -1,7 +1,7 @@ # # spec file for package ghc-x509 # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,13 +19,14 @@ %global pkg_name x509 %bcond_with tests Name: ghc-%{pkg_name} -Version: 1.7.1 +Version: 1.7.3 Release: 0 Summary: X509 reader and writer License: BSD-3-Clause -Group: Development/Languages/Other -Url: https://hackage.haskell.org/package/%{pkg_name} +Group: Development/Libraries/Haskell +URL: https://hackage.haskell.org/package/%{pkg_name} Source0: https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz +Source1: https://hackage.haskell.org/package/%{pkg_name}-%{version}/revision/1.cabal#/%{pkg_name}.cabal BuildRequires: ghc-Cabal-devel BuildRequires: ghc-asn1-encoding-devel BuildRequires: ghc-asn1-parse-devel @@ -38,7 +39,6 @@ BuildRequires: ghc-mtl-devel BuildRequires: ghc-pem-devel BuildRequires: ghc-rpm-macros -BuildRoot: %{_tmppath}/%{name}-%{version}-build %if %{with tests} BuildRequires: ghc-tasty-devel BuildRequires: ghc-tasty-quickcheck-devel @@ -49,7 +49,7 @@ %package devel Summary: Haskell %{pkg_name} library development files -Group: Development/Libraries/Other +Group: Development/Libraries/Haskell Requires: %{name} = %{version}-%{release} Requires: ghc-compiler = %{ghc_version} Requires(post): ghc-compiler = %{ghc_version} @@ -60,6 +60,7 @@ %prep %setup -q -n %{pkg_name}-%{version} +cp -p %{SOURCE1} %{pkg_name}.cabal %build %ghc_lib_build @@ -77,10 +78,8 @@ %ghc_pkg_recache %files -f %{name}.files -%defattr(-,root,root,-) -%doc LICENSE +%license LICENSE %files devel -f %{name}-devel.files -%defattr(-,root,root,-) %changelog ++++++ x509-1.7.1.tar.gz -> x509-1.7.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/x509-1.7.1/Data/X509/AlgorithmIdentifier.hs new/x509-1.7.3/Data/X509/AlgorithmIdentifier.hs --- old/x509-1.7.1/Data/X509/AlgorithmIdentifier.hs 2017-06-26 18:12:09.000000000 +0200 +++ new/x509-1.7.3/Data/X509/AlgorithmIdentifier.hs 2017-07-31 22:20:34.000000000 +0200 @@ -95,6 +95,8 @@ Right (oidSig oid, xs) fromASN1 (Start Sequence:OID [1,2,840,113549,1,1,10]:Start Sequence:Start _:Start Sequence:OID hash1:End Sequence:End _:Start _:Start Sequence:OID [1,2,840,113549,1,1,8]:Start Sequence:OID _hash2:End Sequence:End Sequence:End _:Start _: IntVal _iv: End _: End Sequence : End Sequence:xs) = Right (oidSig hash1, xs) + fromASN1 (Start Sequence:OID [1,2,840,113549,1,1,10]:Start Sequence:Start _:Start Sequence:OID hash1:Null:End Sequence:End _:Start _:Start Sequence:OID [1,2,840,113549,1,1,8]:Start Sequence:OID _hash2:Null:End Sequence:End Sequence:End _:Start _: IntVal _iv: End _: End Sequence : End Sequence:xs) = + Right (oidSig hash1, xs) fromASN1 _ = Left "fromASN1: X509.SignatureALG: unknown format" toASN1 signatureAlg@(SignatureALG hashAlg PubKeyALG_RSAPSS) = \xs -> Start Sequence:OID [1,2,840,113549,1,1,10]:Start Sequence:Start (Container Context 0):Start Sequence:OID (sigOID signatureAlg):End Sequence:End (Container Context 0):Start (Container Context 1): Start Sequence:OID [1,2,840,113549,1,1,8]:Start Sequence:OID (sigOID signatureAlg):End Sequence:End Sequence:End (Container Context 1):Start (Container Context 2):IntVal (saltLen hashAlg):End (Container Context 2):End Sequence:End Sequence:xs diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/x509-1.7.1/Data/X509/Cert.hs new/x509-1.7.3/Data/X509/Cert.hs --- old/x509-1.7.1/Data/X509/Cert.hs 2017-06-26 18:12:09.000000000 +0200 +++ new/x509-1.7.3/Data/X509/Cert.hs 2017-07-31 22:17:01.000000000 +0200 @@ -53,7 +53,7 @@ parseCertHeaderVersion :: ParseASN1 Int parseCertHeaderVersion = - maybe 1 id <$> onNextContainerMaybe (Container Context 0) (getNext >>= getVer) + maybe 0 id <$> onNextContainerMaybe (Container Context 0) (getNext >>= getVer) where getVer (IntVal v) = return $ fromIntegral v getVer _ = throwParseError "unexpected type for version" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/x509-1.7.1/Data/X509/DistinguishedName.hs new/x509-1.7.3/Data/X509/DistinguishedName.hs --- old/x509-1.7.1/Data/X509/DistinguishedName.hs 2017-06-26 18:12:09.000000000 +0200 +++ new/x509-1.7.3/Data/X509/DistinguishedName.hs 2018-03-01 10:55:41.000000000 +0100 @@ -6,6 +6,8 @@ -- Portability : unknown -- -- X.509 Distinguished names types and functions + +{-# LANGUAGE CPP #-} module Data.X509.DistinguishedName ( DistinguishedName(..) , DistinguishedNameInner(..) @@ -16,7 +18,11 @@ ) where import Control.Applicative -import Data.Monoid +#if MIN_VERSION_base(4,9,0) +import Data.Semigroup +#else +import Data.Monoid +#endif import Data.ASN1.Types import Data.X509.Internal @@ -49,9 +55,16 @@ newtype DistinguishedNameInner = DistinguishedNameInner DistinguishedName deriving (Show,Eq) +#if MIN_VERSION_base(4,9,0) +instance Semigroup DistinguishedName where + DistinguishedName l1 <> DistinguishedName l2 = DistinguishedName (l1++l2) +#endif + instance Monoid DistinguishedName where mempty = DistinguishedName [] +#if !(MIN_VERSION_base(4,11,0)) mappend (DistinguishedName l1) (DistinguishedName l2) = DistinguishedName (l1++l2) +#endif instance ASN1Object DistinguishedName where toASN1 dn = \xs -> encodeDN dn ++ xs diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/x509-1.7.1/Data/X509/EC.hs new/x509-1.7.3/Data/X509/EC.hs --- old/x509-1.7.1/Data/X509/EC.hs 1970-01-01 01:00:00.000000000 +0100 +++ new/x509-1.7.3/Data/X509/EC.hs 2017-07-31 22:17:24.000000000 +0200 @@ -0,0 +1,126 @@ +-- | +-- Module : Data.X509.EC +-- License : BSD-style +-- Maintainer : Vincent Hanquez <vinc...@snarc.org> +-- Stability : experimental +-- Portability : unknown +-- +-- Utilities related to Elliptic Curve certificates and keys. +-- +module Data.X509.EC + ( + unserializePoint + , ecPubKeyCurve + , ecPubKeyCurveName + , ecPrivKeyCurve + , ecPrivKeyCurveName + , lookupCurveNameByOID + ) where + +import Data.ASN1.OID +import Data.List (find) + +import Data.X509.OID +import Data.X509.PublicKey +import Data.X509.PrivateKey + +import qualified Crypto.PubKey.ECC.Prim as ECC +import qualified Crypto.PubKey.ECC.Types as ECC +import Crypto.Number.Serialize (os2ip) + +import qualified Data.ByteString as B + +-- | Read an EC point from a serialized format and make sure the point is +-- valid for the specified curve. +unserializePoint :: ECC.Curve -> SerializedPoint -> Maybe ECC.Point +unserializePoint curve (SerializedPoint bs) = + case B.uncons bs of + Nothing -> Nothing + Just (ptFormat, input) -> + case ptFormat of + 4 -> if B.length input /= 2 * bytes + then Nothing + else + let (x, y) = B.splitAt bytes input + p = ECC.Point (os2ip x) (os2ip y) + in if ECC.isPointValid curve p + then Just p + else Nothing + -- 2 and 3 for compressed format. + _ -> Nothing + where bits = ECC.curveSizeBits curve + bytes = (bits + 7) `div` 8 + +-- | Return the curve associated to an EC Public Key. This does not check +-- if a curve in explicit format is valid: if the input is not trusted one +-- should consider 'ecPubKeyCurveName' instead. +ecPubKeyCurve :: PubKeyEC -> Maybe ECC.Curve +ecPubKeyCurve (PubKeyEC_Named name _) = Just $ ECC.getCurveByName name +ecPubKeyCurve pub@PubKeyEC_Prime{} = + fmap buildCurve $ + unserializePoint (buildCurve undefined) (pubkeyEC_generator pub) + where + prime = pubkeyEC_prime pub + buildCurve g = + let cc = ECC.CurveCommon + { ECC.ecc_a = pubkeyEC_a pub + , ECC.ecc_b = pubkeyEC_b pub + , ECC.ecc_g = g + , ECC.ecc_n = pubkeyEC_order pub + , ECC.ecc_h = pubkeyEC_cofactor pub + } + in ECC.CurveFP (ECC.CurvePrime prime cc) + +-- | Return the name of a standard curve associated to an EC Public Key +ecPubKeyCurveName :: PubKeyEC -> Maybe ECC.CurveName +ecPubKeyCurveName (PubKeyEC_Named name _) = Just name +ecPubKeyCurveName pub@PubKeyEC_Prime{} = + find matchPrimeCurve $ enumFrom $ toEnum 0 + where + matchPrimeCurve c = + case ECC.getCurveByName c of + ECC.CurveFP (ECC.CurvePrime p cc) -> + ECC.ecc_a cc == pubkeyEC_a pub && + ECC.ecc_b cc == pubkeyEC_b pub && + ECC.ecc_n cc == pubkeyEC_order pub && + p == pubkeyEC_prime pub + _ -> False + +-- | Return the EC curve associated to an EC Private Key. This does not check +-- if a curve in explicit format is valid: if the input is not trusted one +-- should consider 'ecPrivKeyCurveName' instead. +ecPrivKeyCurve :: PrivKeyEC -> Maybe ECC.Curve +ecPrivKeyCurve (PrivKeyEC_Named name _) = Just $ ECC.getCurveByName name +ecPrivKeyCurve priv@PrivKeyEC_Prime{} = + fmap buildCurve $ + unserializePoint (buildCurve undefined) (privkeyEC_generator priv) + where + prime = privkeyEC_prime priv + buildCurve g = + let cc = ECC.CurveCommon + { ECC.ecc_a = privkeyEC_a priv + , ECC.ecc_b = privkeyEC_b priv + , ECC.ecc_g = g + , ECC.ecc_n = privkeyEC_order priv + , ECC.ecc_h = privkeyEC_cofactor priv + } + in ECC.CurveFP (ECC.CurvePrime prime cc) + +-- | Return the name of a standard curve associated to an EC Private Key +ecPrivKeyCurveName :: PrivKeyEC -> Maybe ECC.CurveName +ecPrivKeyCurveName (PrivKeyEC_Named name _) = Just name +ecPrivKeyCurveName priv@PrivKeyEC_Prime{} = + find matchPrimeCurve $ enumFrom $ toEnum 0 + where + matchPrimeCurve c = + case ECC.getCurveByName c of + ECC.CurveFP (ECC.CurvePrime p cc) -> + ECC.ecc_a cc == privkeyEC_a priv && + ECC.ecc_b cc == privkeyEC_b priv && + ECC.ecc_n cc == privkeyEC_order priv && + p == privkeyEC_prime priv + _ -> False + +-- | Return the curve name associated to an OID +lookupCurveNameByOID :: OID -> Maybe ECC.CurveName +lookupCurveNameByOID = lookupByOID curvesOIDTable diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/x509-1.7.1/Data/X509/PrivateKey.hs new/x509-1.7.3/Data/X509/PrivateKey.hs --- old/x509-1.7.1/Data/X509/PrivateKey.hs 2017-06-26 18:12:09.000000000 +0200 +++ new/x509-1.7.3/Data/X509/PrivateKey.hs 2017-07-31 22:17:24.000000000 +0200 @@ -5,25 +5,50 @@ -- Stability : experimental -- Portability : unknown -- --- Public key handling in X.509 infrastructure +-- Private key handling in X.509 infrastructure -- module Data.X509.PrivateKey ( PrivKey(..) + , PrivKeyEC(..) , privkeyToAlg ) where import Data.X509.AlgorithmIdentifier +import Data.X509.PublicKey (SerializedPoint(..)) import qualified Crypto.PubKey.RSA as RSA import qualified Crypto.PubKey.DSA as DSA +import qualified Crypto.PubKey.ECC.Types as ECC + +-- | Elliptic Curve Private Key +-- +-- TODO: missing support for binary curve. +data PrivKeyEC = + PrivKeyEC_Prime + { privkeyEC_priv :: Integer + , privkeyEC_a :: Integer + , privkeyEC_b :: Integer + , privkeyEC_prime :: Integer + , privkeyEC_generator :: SerializedPoint + , privkeyEC_order :: Integer + , privkeyEC_cofactor :: Integer + , privkeyEC_seed :: Integer + } + | PrivKeyEC_Named + { privkeyEC_name :: ECC.CurveName + , privkeyEC_priv :: Integer + } + deriving (Show,Eq) -- | Private key types known and used in X.509 data PrivKey = PrivKeyRSA RSA.PrivateKey -- ^ RSA private key | PrivKeyDSA DSA.PrivateKey -- ^ DSA private key + | PrivKeyEC PrivKeyEC -- ^ EC private key deriving (Show,Eq) --- | Convert a Public key to the Public Key Algorithm type +-- | Convert a Private key to the Public Key Algorithm type privkeyToAlg :: PrivKey -> PubKeyALG privkeyToAlg (PrivKeyRSA _) = PubKeyALG_RSA privkeyToAlg (PrivKeyDSA _) = PubKeyALG_DSA +privkeyToAlg (PrivKeyEC _) = PubKeyALG_EC diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/x509-1.7.1/Data/X509.hs new/x509-1.7.3/Data/X509.hs --- old/x509-1.7.1/Data/X509.hs 2017-06-26 18:12:09.000000000 +0200 +++ new/x509-1.7.3/Data/X509.hs 2017-07-31 22:17:24.000000000 +0200 @@ -19,6 +19,7 @@ , PubKeyEC(..) , SerializedPoint(..) , PrivKey(..) + , PrivKeyEC(..) , pubkeyToAlg , privkeyToAlg , module Data.X509.AlgorithmIdentifier diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/x509-1.7.1/x509.cabal new/x509-1.7.3/x509.cabal --- old/x509-1.7.1/x509.cabal 2017-07-22 08:36:57.000000000 +0200 +++ new/x509-1.7.3/x509.cabal 2018-03-01 14:21:06.000000000 +0100 @@ -1,5 +1,5 @@ Name: x509 -version: 1.7.1 +version: 1.7.3 Description: X509 reader and writer License: BSD3 License-file: LICENSE @@ -21,12 +21,13 @@ , mtl , containers , hourglass - , pem >= 0.1 && < 0.3 + , pem >= 0.1 , asn1-types >= 0.3.1 && < 0.4 , asn1-encoding >= 0.9 && < 0.10 , asn1-parse >= 0.9.3 && < 0.10 - , cryptonite + , cryptonite >= 0.8 Exposed-modules: Data.X509 + Data.X509.EC Other-modules: Data.X509.Internal Data.X509.CertificateChain Data.X509.AlgorithmIdentifier ++++++ x509.cabal ++++++ Name: x509 version: 1.7.3 x-revision: 1 Description: X509 reader and writer License: BSD3 License-file: LICENSE Copyright: Vincent Hanquez <vinc...@snarc.org> Author: Vincent Hanquez <vinc...@snarc.org> Maintainer: Vincent Hanquez <vinc...@snarc.org> Synopsis: X509 reader and writer Build-Type: Simple Category: Data stability: experimental Homepage: http://github.com/vincenthz/hs-certificate Cabal-Version: >= 1.10 Library -- Could not find module 'Data.Proxy' build-depends: base >=4.7 Default-Language: Haskell2010 Build-Depends: base >= 3 && < 5 , bytestring , memory , mtl , containers , hourglass , pem >= 0.1 , asn1-types >= 0.3.1 && < 0.4 , asn1-encoding >= 0.9 && < 0.10 , asn1-parse >= 0.9.3 && < 0.10 , cryptonite >= 0.8 Exposed-modules: Data.X509 Data.X509.EC Other-modules: Data.X509.Internal Data.X509.CertificateChain Data.X509.AlgorithmIdentifier Data.X509.DistinguishedName Data.X509.Cert Data.X509.PublicKey Data.X509.PrivateKey Data.X509.Ext Data.X509.ExtensionRaw Data.X509.CRL Data.X509.OID Data.X509.Signed ghc-options: -Wall Test-Suite test-x509 Default-Language: Haskell2010 type: exitcode-stdio-1.0 hs-source-dirs: Tests Main-is: Tests.hs Build-Depends: base >= 3 && < 5 , bytestring , mtl , tasty , tasty-quickcheck , hourglass , asn1-types , x509 , cryptonite ghc-options: -Wall -fno-warn-orphans -fno-warn-missing-signatures source-repository head type: git location: git://github.com/vincenthz/hs-certificate subdir: x509