Hello community,
here is the log from the commit of package ghc-x509 for openSUSE:Factory
checked in at 2018-05-30 12:15:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ghc-x509 (Old)
and /work/SRC/openSUSE:Factory/.ghc-x509.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-x509"
Wed May 30 12:15:52 2018 rev:10 rq:607925 version:1.7.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/ghc-x509/ghc-x509.changes 2017-08-31
21:01:48.230396550 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-x509.new/ghc-x509.changes 2018-05-30
12:27:55.372985115 +0200
@@ -1,0 +2,6 @@
+Mon May 14 17:02:11 UTC 2018 - psim...@suse.com
+
+- Update x509 to version 1.7.3 revision 1.
+ Upstream does not provide a changelog.
+
+-------------------------------------------------------------------
Old:
----
x509-1.7.1.tar.gz
New:
----
x509-1.7.3.tar.gz
x509.cabal
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ghc-x509.spec ++++++
--- /var/tmp/diff_new_pack.EjlWny/_old 2018-05-30 12:27:56.188956369 +0200
+++ /var/tmp/diff_new_pack.EjlWny/_new 2018-05-30 12:27:56.192956228 +0200
@@ -1,7 +1,7 @@
#
# spec file for package ghc-x509
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,13 +19,14 @@
%global pkg_name x509
%bcond_with tests
Name: ghc-%{pkg_name}
-Version: 1.7.1
+Version: 1.7.3
Release: 0
Summary: X509 reader and writer
License: BSD-3-Clause
-Group: Development/Languages/Other
-Url: https://hackage.haskell.org/package/%{pkg_name}
+Group: Development/Libraries/Haskell
+URL: https://hackage.haskell.org/package/%{pkg_name}
Source0:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz
+Source1:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/revision/1.cabal#/%{pkg_name}.cabal
BuildRequires: ghc-Cabal-devel
BuildRequires: ghc-asn1-encoding-devel
BuildRequires: ghc-asn1-parse-devel
@@ -38,7 +39,6 @@
BuildRequires: ghc-mtl-devel
BuildRequires: ghc-pem-devel
BuildRequires: ghc-rpm-macros
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if %{with tests}
BuildRequires: ghc-tasty-devel
BuildRequires: ghc-tasty-quickcheck-devel
@@ -49,7 +49,7 @@
%package devel
Summary: Haskell %{pkg_name} library development files
-Group: Development/Libraries/Other
+Group: Development/Libraries/Haskell
Requires: %{name} = %{version}-%{release}
Requires: ghc-compiler = %{ghc_version}
Requires(post): ghc-compiler = %{ghc_version}
@@ -60,6 +60,7 @@
%prep
%setup -q -n %{pkg_name}-%{version}
+cp -p %{SOURCE1} %{pkg_name}.cabal
%build
%ghc_lib_build
@@ -77,10 +78,8 @@
%ghc_pkg_recache
%files -f %{name}.files
-%defattr(-,root,root,-)
-%doc LICENSE
+%license LICENSE
%files devel -f %{name}-devel.files
-%defattr(-,root,root,-)
%changelog
++++++ x509-1.7.1.tar.gz -> x509-1.7.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/x509-1.7.1/Data/X509/AlgorithmIdentifier.hs
new/x509-1.7.3/Data/X509/AlgorithmIdentifier.hs
--- old/x509-1.7.1/Data/X509/AlgorithmIdentifier.hs 2017-06-26
18:12:09.000000000 +0200
+++ new/x509-1.7.3/Data/X509/AlgorithmIdentifier.hs 2017-07-31
22:20:34.000000000 +0200
@@ -95,6 +95,8 @@
Right (oidSig oid, xs)
fromASN1 (Start Sequence:OID [1,2,840,113549,1,1,10]:Start Sequence:Start
_:Start Sequence:OID hash1:End Sequence:End _:Start _:Start Sequence:OID
[1,2,840,113549,1,1,8]:Start Sequence:OID _hash2:End Sequence:End Sequence:End
_:Start _: IntVal _iv: End _: End Sequence : End Sequence:xs) =
Right (oidSig hash1, xs)
+ fromASN1 (Start Sequence:OID [1,2,840,113549,1,1,10]:Start Sequence:Start
_:Start Sequence:OID hash1:Null:End Sequence:End _:Start _:Start Sequence:OID
[1,2,840,113549,1,1,8]:Start Sequence:OID _hash2:Null:End Sequence:End
Sequence:End _:Start _: IntVal _iv: End _: End Sequence : End Sequence:xs) =
+ Right (oidSig hash1, xs)
fromASN1 _ =
Left "fromASN1: X509.SignatureALG: unknown format"
toASN1 signatureAlg@(SignatureALG hashAlg PubKeyALG_RSAPSS) = \xs -> Start
Sequence:OID [1,2,840,113549,1,1,10]:Start Sequence:Start (Container Context
0):Start Sequence:OID (sigOID signatureAlg):End Sequence:End (Container Context
0):Start (Container Context 1): Start Sequence:OID [1,2,840,113549,1,1,8]:Start
Sequence:OID (sigOID signatureAlg):End Sequence:End Sequence:End (Container
Context 1):Start (Container Context 2):IntVal (saltLen hashAlg):End (Container
Context 2):End Sequence:End Sequence:xs
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/x509-1.7.1/Data/X509/Cert.hs
new/x509-1.7.3/Data/X509/Cert.hs
--- old/x509-1.7.1/Data/X509/Cert.hs 2017-06-26 18:12:09.000000000 +0200
+++ new/x509-1.7.3/Data/X509/Cert.hs 2017-07-31 22:17:01.000000000 +0200
@@ -53,7 +53,7 @@
parseCertHeaderVersion :: ParseASN1 Int
parseCertHeaderVersion =
- maybe 1 id <$> onNextContainerMaybe (Container Context 0) (getNext >>=
getVer)
+ maybe 0 id <$> onNextContainerMaybe (Container Context 0) (getNext >>=
getVer)
where getVer (IntVal v) = return $ fromIntegral v
getVer _ = throwParseError "unexpected type for version"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/x509-1.7.1/Data/X509/DistinguishedName.hs
new/x509-1.7.3/Data/X509/DistinguishedName.hs
--- old/x509-1.7.1/Data/X509/DistinguishedName.hs 2017-06-26
18:12:09.000000000 +0200
+++ new/x509-1.7.3/Data/X509/DistinguishedName.hs 2018-03-01
10:55:41.000000000 +0100
@@ -6,6 +6,8 @@
-- Portability : unknown
--
-- X.509 Distinguished names types and functions
+
+{-# LANGUAGE CPP #-}
module Data.X509.DistinguishedName
( DistinguishedName(..)
, DistinguishedNameInner(..)
@@ -16,7 +18,11 @@
) where
import Control.Applicative
-import Data.Monoid
+#if MIN_VERSION_base(4,9,0)
+import Data.Semigroup
+#else
+import Data.Monoid
+#endif
import Data.ASN1.Types
import Data.X509.Internal
@@ -49,9 +55,16 @@
newtype DistinguishedNameInner = DistinguishedNameInner DistinguishedName
deriving (Show,Eq)
+#if MIN_VERSION_base(4,9,0)
+instance Semigroup DistinguishedName where
+ DistinguishedName l1 <> DistinguishedName l2 = DistinguishedName (l1++l2)
+#endif
+
instance Monoid DistinguishedName where
mempty = DistinguishedName []
+#if !(MIN_VERSION_base(4,11,0))
mappend (DistinguishedName l1) (DistinguishedName l2) = DistinguishedName
(l1++l2)
+#endif
instance ASN1Object DistinguishedName where
toASN1 dn = \xs -> encodeDN dn ++ xs
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/x509-1.7.1/Data/X509/EC.hs
new/x509-1.7.3/Data/X509/EC.hs
--- old/x509-1.7.1/Data/X509/EC.hs 1970-01-01 01:00:00.000000000 +0100
+++ new/x509-1.7.3/Data/X509/EC.hs 2017-07-31 22:17:24.000000000 +0200
@@ -0,0 +1,126 @@
+-- |
+-- Module : Data.X509.EC
+-- License : BSD-style
+-- Maintainer : Vincent Hanquez <vinc...@snarc.org>
+-- Stability : experimental
+-- Portability : unknown
+--
+-- Utilities related to Elliptic Curve certificates and keys.
+--
+module Data.X509.EC
+ (
+ unserializePoint
+ , ecPubKeyCurve
+ , ecPubKeyCurveName
+ , ecPrivKeyCurve
+ , ecPrivKeyCurveName
+ , lookupCurveNameByOID
+ ) where
+
+import Data.ASN1.OID
+import Data.List (find)
+
+import Data.X509.OID
+import Data.X509.PublicKey
+import Data.X509.PrivateKey
+
+import qualified Crypto.PubKey.ECC.Prim as ECC
+import qualified Crypto.PubKey.ECC.Types as ECC
+import Crypto.Number.Serialize (os2ip)
+
+import qualified Data.ByteString as B
+
+-- | Read an EC point from a serialized format and make sure the point is
+-- valid for the specified curve.
+unserializePoint :: ECC.Curve -> SerializedPoint -> Maybe ECC.Point
+unserializePoint curve (SerializedPoint bs) =
+ case B.uncons bs of
+ Nothing -> Nothing
+ Just (ptFormat, input) ->
+ case ptFormat of
+ 4 -> if B.length input /= 2 * bytes
+ then Nothing
+ else
+ let (x, y) = B.splitAt bytes input
+ p = ECC.Point (os2ip x) (os2ip y)
+ in if ECC.isPointValid curve p
+ then Just p
+ else Nothing
+ -- 2 and 3 for compressed format.
+ _ -> Nothing
+ where bits = ECC.curveSizeBits curve
+ bytes = (bits + 7) `div` 8
+
+-- | Return the curve associated to an EC Public Key. This does not check
+-- if a curve in explicit format is valid: if the input is not trusted one
+-- should consider 'ecPubKeyCurveName' instead.
+ecPubKeyCurve :: PubKeyEC -> Maybe ECC.Curve
+ecPubKeyCurve (PubKeyEC_Named name _) = Just $ ECC.getCurveByName name
+ecPubKeyCurve pub@PubKeyEC_Prime{} =
+ fmap buildCurve $
+ unserializePoint (buildCurve undefined) (pubkeyEC_generator pub)
+ where
+ prime = pubkeyEC_prime pub
+ buildCurve g =
+ let cc = ECC.CurveCommon
+ { ECC.ecc_a = pubkeyEC_a pub
+ , ECC.ecc_b = pubkeyEC_b pub
+ , ECC.ecc_g = g
+ , ECC.ecc_n = pubkeyEC_order pub
+ , ECC.ecc_h = pubkeyEC_cofactor pub
+ }
+ in ECC.CurveFP (ECC.CurvePrime prime cc)
+
+-- | Return the name of a standard curve associated to an EC Public Key
+ecPubKeyCurveName :: PubKeyEC -> Maybe ECC.CurveName
+ecPubKeyCurveName (PubKeyEC_Named name _) = Just name
+ecPubKeyCurveName pub@PubKeyEC_Prime{} =
+ find matchPrimeCurve $ enumFrom $ toEnum 0
+ where
+ matchPrimeCurve c =
+ case ECC.getCurveByName c of
+ ECC.CurveFP (ECC.CurvePrime p cc) ->
+ ECC.ecc_a cc == pubkeyEC_a pub &&
+ ECC.ecc_b cc == pubkeyEC_b pub &&
+ ECC.ecc_n cc == pubkeyEC_order pub &&
+ p == pubkeyEC_prime pub
+ _ -> False
+
+-- | Return the EC curve associated to an EC Private Key. This does not check
+-- if a curve in explicit format is valid: if the input is not trusted one
+-- should consider 'ecPrivKeyCurveName' instead.
+ecPrivKeyCurve :: PrivKeyEC -> Maybe ECC.Curve
+ecPrivKeyCurve (PrivKeyEC_Named name _) = Just $ ECC.getCurveByName name
+ecPrivKeyCurve priv@PrivKeyEC_Prime{} =
+ fmap buildCurve $
+ unserializePoint (buildCurve undefined) (privkeyEC_generator priv)
+ where
+ prime = privkeyEC_prime priv
+ buildCurve g =
+ let cc = ECC.CurveCommon
+ { ECC.ecc_a = privkeyEC_a priv
+ , ECC.ecc_b = privkeyEC_b priv
+ , ECC.ecc_g = g
+ , ECC.ecc_n = privkeyEC_order priv
+ , ECC.ecc_h = privkeyEC_cofactor priv
+ }
+ in ECC.CurveFP (ECC.CurvePrime prime cc)
+
+-- | Return the name of a standard curve associated to an EC Private Key
+ecPrivKeyCurveName :: PrivKeyEC -> Maybe ECC.CurveName
+ecPrivKeyCurveName (PrivKeyEC_Named name _) = Just name
+ecPrivKeyCurveName priv@PrivKeyEC_Prime{} =
+ find matchPrimeCurve $ enumFrom $ toEnum 0
+ where
+ matchPrimeCurve c =
+ case ECC.getCurveByName c of
+ ECC.CurveFP (ECC.CurvePrime p cc) ->
+ ECC.ecc_a cc == privkeyEC_a priv &&
+ ECC.ecc_b cc == privkeyEC_b priv &&
+ ECC.ecc_n cc == privkeyEC_order priv &&
+ p == privkeyEC_prime priv
+ _ -> False
+
+-- | Return the curve name associated to an OID
+lookupCurveNameByOID :: OID -> Maybe ECC.CurveName
+lookupCurveNameByOID = lookupByOID curvesOIDTable
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/x509-1.7.1/Data/X509/PrivateKey.hs
new/x509-1.7.3/Data/X509/PrivateKey.hs
--- old/x509-1.7.1/Data/X509/PrivateKey.hs 2017-06-26 18:12:09.000000000
+0200
+++ new/x509-1.7.3/Data/X509/PrivateKey.hs 2017-07-31 22:17:24.000000000
+0200
@@ -5,25 +5,50 @@
-- Stability : experimental
-- Portability : unknown
--
--- Public key handling in X.509 infrastructure
+-- Private key handling in X.509 infrastructure
--
module Data.X509.PrivateKey
( PrivKey(..)
+ , PrivKeyEC(..)
, privkeyToAlg
) where
import Data.X509.AlgorithmIdentifier
+import Data.X509.PublicKey (SerializedPoint(..))
import qualified Crypto.PubKey.RSA as RSA
import qualified Crypto.PubKey.DSA as DSA
+import qualified Crypto.PubKey.ECC.Types as ECC
+
+-- | Elliptic Curve Private Key
+--
+-- TODO: missing support for binary curve.
+data PrivKeyEC =
+ PrivKeyEC_Prime
+ { privkeyEC_priv :: Integer
+ , privkeyEC_a :: Integer
+ , privkeyEC_b :: Integer
+ , privkeyEC_prime :: Integer
+ , privkeyEC_generator :: SerializedPoint
+ , privkeyEC_order :: Integer
+ , privkeyEC_cofactor :: Integer
+ , privkeyEC_seed :: Integer
+ }
+ | PrivKeyEC_Named
+ { privkeyEC_name :: ECC.CurveName
+ , privkeyEC_priv :: Integer
+ }
+ deriving (Show,Eq)
-- | Private key types known and used in X.509
data PrivKey =
PrivKeyRSA RSA.PrivateKey -- ^ RSA private key
| PrivKeyDSA DSA.PrivateKey -- ^ DSA private key
+ | PrivKeyEC PrivKeyEC -- ^ EC private key
deriving (Show,Eq)
--- | Convert a Public key to the Public Key Algorithm type
+-- | Convert a Private key to the Public Key Algorithm type
privkeyToAlg :: PrivKey -> PubKeyALG
privkeyToAlg (PrivKeyRSA _) = PubKeyALG_RSA
privkeyToAlg (PrivKeyDSA _) = PubKeyALG_DSA
+privkeyToAlg (PrivKeyEC _) = PubKeyALG_EC
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/x509-1.7.1/Data/X509.hs new/x509-1.7.3/Data/X509.hs
--- old/x509-1.7.1/Data/X509.hs 2017-06-26 18:12:09.000000000 +0200
+++ new/x509-1.7.3/Data/X509.hs 2017-07-31 22:17:24.000000000 +0200
@@ -19,6 +19,7 @@
, PubKeyEC(..)
, SerializedPoint(..)
, PrivKey(..)
+ , PrivKeyEC(..)
, pubkeyToAlg
, privkeyToAlg
, module Data.X509.AlgorithmIdentifier
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/x509-1.7.1/x509.cabal new/x509-1.7.3/x509.cabal
--- old/x509-1.7.1/x509.cabal 2017-07-22 08:36:57.000000000 +0200
+++ new/x509-1.7.3/x509.cabal 2018-03-01 14:21:06.000000000 +0100
@@ -1,5 +1,5 @@
Name: x509
-version: 1.7.1
+version: 1.7.3
Description: X509 reader and writer
License: BSD3
License-file: LICENSE
@@ -21,12 +21,13 @@
, mtl
, containers
, hourglass
- , pem >= 0.1 && < 0.3
+ , pem >= 0.1
, asn1-types >= 0.3.1 && < 0.4
, asn1-encoding >= 0.9 && < 0.10
, asn1-parse >= 0.9.3 && < 0.10
- , cryptonite
+ , cryptonite >= 0.8
Exposed-modules: Data.X509
+ Data.X509.EC
Other-modules: Data.X509.Internal
Data.X509.CertificateChain
Data.X509.AlgorithmIdentifier
++++++ x509.cabal ++++++
Name: x509
version: 1.7.3
x-revision: 1
Description: X509 reader and writer
License: BSD3
License-file: LICENSE
Copyright: Vincent Hanquez <vinc...@snarc.org>
Author: Vincent Hanquez <vinc...@snarc.org>
Maintainer: Vincent Hanquez <vinc...@snarc.org>
Synopsis: X509 reader and writer
Build-Type: Simple
Category: Data
stability: experimental
Homepage: http://github.com/vincenthz/hs-certificate
Cabal-Version: >= 1.10
Library
-- Could not find module 'Data.Proxy'
build-depends: base >=4.7
Default-Language: Haskell2010
Build-Depends: base >= 3 && < 5
, bytestring
, memory
, mtl
, containers
, hourglass
, pem >= 0.1
, asn1-types >= 0.3.1 && < 0.4
, asn1-encoding >= 0.9 && < 0.10
, asn1-parse >= 0.9.3 && < 0.10
, cryptonite >= 0.8
Exposed-modules: Data.X509
Data.X509.EC
Other-modules: Data.X509.Internal
Data.X509.CertificateChain
Data.X509.AlgorithmIdentifier
Data.X509.DistinguishedName
Data.X509.Cert
Data.X509.PublicKey
Data.X509.PrivateKey
Data.X509.Ext
Data.X509.ExtensionRaw
Data.X509.CRL
Data.X509.OID
Data.X509.Signed
ghc-options: -Wall
Test-Suite test-x509
Default-Language: Haskell2010
type: exitcode-stdio-1.0
hs-source-dirs: Tests
Main-is: Tests.hs
Build-Depends: base >= 3 && < 5
, bytestring
, mtl
, tasty
, tasty-quickcheck
, hourglass
, asn1-types
, x509
, cryptonite
ghc-options: -Wall -fno-warn-orphans -fno-warn-missing-signatures
source-repository head
type: git
location: git://github.com/vincenthz/hs-certificate
subdir: x509
