Hello community, here is the log from the commit of package libksba for openSUSE:Factory checked in at 2016-05-19 12:03:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libksba (Old) and /work/SRC/openSUSE:Factory/.libksba.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libksba" Changes: -------- --- /work/SRC/openSUSE:Factory/libksba/libksba.changes 2015-04-15 17:42:56.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libksba.new/libksba.changes 2016-05-19 12:03:05.000000000 +0200 @@ -1,0 +2,11 @@ +Tue May 10 11:25:34 UTC 2016 - astie...@suse.com + +- libksba 1.3.4: + * Fixed two OOB read access bugs which could be used to force a DoS. + boo#979261 CVE-2016-4574, CVE-2016-4579 + * Fixed a crash due to faulty curve OID lookup code. + * Synced the list of supported curves with those of Libgcrypt. + * New configure option --enable-build-timestamp; a build timestamp is + not anymore used by default. + +------------------------------------------------------------------- Old: ---- libksba-1.3.3.tar.bz2 libksba-1.3.3.tar.bz2.sig New: ---- libksba-1.3.4.tar.bz2 libksba-1.3.4.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libksba.spec ++++++ --- /var/tmp/diff_new_pack.m4Lhoq/_old 2016-05-19 12:03:06.000000000 +0200 +++ /var/tmp/diff_new_pack.m4Lhoq/_new 2016-05-19 12:03:06.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package libksba # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %define soname 8 Name: libksba -Version: 1.3.3 +Version: 1.3.4 Release: 0 Summary: A X.509 Library License: (LGPL-3.0+ or GPL-2.0+) and GPL-3.0+ and MIT @@ -27,6 +27,7 @@ Source: ftp://ftp.gnupg.org/gcrypt/libksba/%{name}-%{version}.tar.bz2 Source2: ftp://ftp.gnupg.org/gcrypt/libksba/%{name}-%{version}.tar.bz2.sig Source3: libksba.keyring +Source4: libksba.changes BuildRequires: libgpg-error-devel >= 1.8 # FIXME: use proper Requires(pre/post/preun/...) PreReq: %{install_info_prereq} @@ -64,18 +65,22 @@ %setup -q -n libksba-%{version} %build -%configure --disable-static --with-pic +build_timestamp=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE4}) +%configure \ + --disable-static \ + --with-pic \ + --enable-build-timestamp="${build_timestamp}" + make %{?_smp_mflags} %check make %{?_smp_mflags} check %install -make DESTDIR=%{buildroot} install %{?_smp_mflags} +make %{?_smp_mflags} DESTDIR=%{buildroot} install find %{buildroot} -type f -name "*.la" -delete -print %post -n %{name}%{soname} -p /sbin/ldconfig - %postun -n %{name}%{soname} -p /sbin/ldconfig %files -n %{name}%{soname} @@ -94,7 +99,7 @@ %{_bindir}/* %{_libdir}/libksba*.so %{_includedir}/* -%doc %{_infodir}/ksba* +%{_infodir}/ksba* %{_datadir}/aclocal/* %changelog ++++++ libksba-1.3.3.tar.bz2 -> libksba-1.3.4.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/ChangeLog new/libksba-1.3.4/ChangeLog --- old/libksba-1.3.3/ChangeLog 2015-04-10 17:46:14.000000000 +0200 +++ new/libksba-1.3.4/ChangeLog 2016-05-03 18:26:25.000000000 +0200 @@ -1,3 +1,46 @@ +2016-05-03 Werner Koch <w...@gnupg.org> + + Release 1.3.4. + * configure.ac: Set LT version to C19/A11/R5. + + Update config.{guess,sub} to 2016-04-02 and 2016-03-30. + * build-aux/config.guess: Update. + * build-aux/config.sub: Update. + + Create an SWDB file during "make distcheck" + * Makefile.am (distcheck-hook): New. + + Fix an undefined return value in ksba_cert_get_digest_algo. + * src/cert.c (ksba_cert_get_digest_algo): Set ALGO in the error case. + * tests/cert-basic.c (one_file): Take care of printf which does not + handle NULL for %s + + Fix an OOB read access in _ksba_dn_to_str. + * src/dn.c (append_utf8_value): Use a straightforward check to fix an + off-by-one. + + Fix possible read access beyond the buffer. + * src/ber-help.c (_ksba_ber_parse_tl): Add extra sanity check. + * src/cert.c (ksba_cert_get_cert_policies): Check TLV given length + against buffer length. + (ksba_cert_get_ext_key_usages): Ditto. + * src/ocsp.c (parse_asntime_into_isotime): Ditto. + +2015-10-28 Werner Koch <w...@gnupg.org> + + Add more curves to the name->OID table. + * src/keyinfo.c (curve_names): Add more curves. + + Fix lookup of ECC OIDs by name. + * src/keyinfo.c (get_ecc_curve_oid): Fix obviously never tested table + lookup. + +2015-08-25 Werner Koch <w...@gnupg.org> + + Add configure option --enable-build-timestamp. + * configure.ac (BUILD_TIMESTAMP): Set to "<none>" by default. Add + ac_define_unquoted. + 2015-04-10 Werner Koch <w...@gnupg.org> Release 1.3.3. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/Makefile.am new/libksba-1.3.4/Makefile.am --- old/libksba-1.3.3/Makefile.am 2015-01-28 15:34:06.000000000 +0100 +++ new/libksba-1.3.4/Makefile.am 2016-05-03 18:12:09.000000000 +0200 @@ -41,6 +41,20 @@ dist-hook: gen-ChangeLog +distcheck-hook: + set -e; ( \ + pref="#+macro: $$(echo $(PACKAGE_NAME)|tr '-' '_')_" ;\ + reldate="$$(date -u +%Y-%m-%d)" ;\ + echo "$${pref}ver $(PACKAGE_VERSION)" ;\ + echo "$${pref}date $${reldate}" ;\ + list='$(DIST_ARCHIVES)'; for i in $$list; do \ + case "$$i" in *.tar.bz2) \ + echo "$${pref}size $$(wc -c <$$i|awk '{print int($$1/1024)}')k" ;\ + echo "$${pref}sha1 $$(sha1sum <$$i|cut -d' ' -f1)" ;\ + echo "$${pref}sha2 $$(sha256sum <$$i|cut -d' ' -f1)" ;;\ + esac;\ + done ) | tee $(distdir).swdb + gen_start_date = 2011-12-01T00:00:00 .PHONY: gen-ChangeLog diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/Makefile.in new/libksba-1.3.4/Makefile.in --- old/libksba-1.3.3/Makefile.in 2015-04-10 17:45:25.000000000 +0200 +++ new/libksba-1.3.4/Makefile.in 2016-05-03 18:26:00.000000000 +0200 @@ -680,6 +680,7 @@ test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ + && $(MAKE) $(AM_MAKEFLAGS) distcheck-hook \ && am__cwd=`pwd` \ && $(am__cd) $(distdir)/_build \ && ../configure \ @@ -864,6 +865,20 @@ dist-hook: gen-ChangeLog + +distcheck-hook: + set -e; ( \ + pref="#+macro: $$(echo $(PACKAGE_NAME)|tr '-' '_')_" ;\ + reldate="$$(date -u +%Y-%m-%d)" ;\ + echo "$${pref}ver $(PACKAGE_VERSION)" ;\ + echo "$${pref}date $${reldate}" ;\ + list='$(DIST_ARCHIVES)'; for i in $$list; do \ + case "$$i" in *.tar.bz2) \ + echo "$${pref}size $$(wc -c <$$i|awk '{print int($$1/1024)}')k" ;\ + echo "$${pref}sha1 $$(sha1sum <$$i|cut -d' ' -f1)" ;\ + echo "$${pref}sha2 $$(sha256sum <$$i|cut -d' ' -f1)" ;;\ + esac;\ + done ) | tee $(distdir).swdb .PHONY: gen-ChangeLog gen-ChangeLog: if test -d $(top_srcdir)/.git; then \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/NEWS new/libksba-1.3.4/NEWS --- old/libksba-1.3.3/NEWS 2015-04-10 17:41:29.000000000 +0200 +++ new/libksba-1.3.4/NEWS 2016-05-03 18:22:29.000000000 +0200 @@ -1,3 +1,16 @@ +Noteworthy changes in version 1.3.4 (2016-05-03) [C19/A11/R4] +------------------------------------------------ + + * Fixed two OOB read access bugs which could be used to force a DoS. + + * Fixed a crash due to faulty curve OID lookup code. + + * Synced the list of supported curves with those of Libgcrypt. + + * New configure option --enable-build-timestamp; a build timestamp is + not anymore used by default. + + Noteworthy changes in version 1.3.3 (2015-04-10) [C19/A11/R4] ------------------------------------------------ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/build-aux/config.guess new/libksba-1.3.4/build-aux/config.guess --- old/libksba-1.3.3/build-aux/config.guess 2015-01-28 15:36:10.000000000 +0100 +++ new/libksba-1.3.4/build-aux/config.guess 2016-05-03 18:22:28.000000000 +0200 @@ -1,8 +1,8 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2015 Free Software Foundation, Inc. +# Copyright 1992-2016 Free Software Foundation, Inc. -timestamp='2015-01-01' +timestamp='2016-04-02' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -27,7 +27,7 @@ # Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess # # Please send patches to <config-patc...@gnu.org>. @@ -50,7 +50,7 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2015 Free Software Foundation, Inc. +Copyright 1992-2016 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -168,20 +168,27 @@ # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" - UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ - /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ + /sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || \ + echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; + earmv*) + arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'` + endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'` + machine=${arch}${endian}-unknown + ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in - arm*|i386|m68k|ns32k|sh3*|sparc|vax) + arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ @@ -197,6 +204,13 @@ os=netbsd ;; esac + # Determine ABI tags. + case "${UNAME_MACHINE_ARCH}" in + earm*) + expr='s/^earmv[0-9]/-eabi/;s/eb$//' + abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"` + ;; + esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need @@ -207,13 +221,13 @@ release='-gnu' ;; *) - release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}" + echo "${machine}-${os}${release}${abi}" exit ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` @@ -223,6 +237,10 @@ UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} exit ;; + *:LibertyBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE} + exit ;; *:ekkoBSD:*:*) echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} exit ;; @@ -235,6 +253,9 @@ *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} exit ;; + *:Sortix:*:*) + echo ${UNAME_MACHINE}-unknown-sortix + exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) @@ -251,42 +272,42 @@ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "EV4.5 (21064)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "LCA4 (21066/21068)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "EV5 (21164)") - UNAME_MACHINE="alphaev5" ;; + UNAME_MACHINE=alphaev5 ;; "EV5.6 (21164A)") - UNAME_MACHINE="alphaev56" ;; + UNAME_MACHINE=alphaev56 ;; "EV5.6 (21164PC)") - UNAME_MACHINE="alphapca56" ;; + UNAME_MACHINE=alphapca56 ;; "EV5.7 (21164PC)") - UNAME_MACHINE="alphapca57" ;; + UNAME_MACHINE=alphapca57 ;; "EV6 (21264)") - UNAME_MACHINE="alphaev6" ;; + UNAME_MACHINE=alphaev6 ;; "EV6.7 (21264A)") - UNAME_MACHINE="alphaev67" ;; + UNAME_MACHINE=alphaev67 ;; "EV6.8CB (21264C)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.8AL (21264B)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.8CX (21264D)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.9A (21264/EV69A)") - UNAME_MACHINE="alphaev69" ;; + UNAME_MACHINE=alphaev69 ;; "EV7 (21364)") - UNAME_MACHINE="alphaev7" ;; + UNAME_MACHINE=alphaev7 ;; "EV7.9 (21364A)") - UNAME_MACHINE="alphaev79" ;; + UNAME_MACHINE=alphaev79 ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` # Reset EXIT trap before exiting to avoid spurious non-zero exit code. exitcode=$? trap '' 0 @@ -359,16 +380,16 @@ exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) eval $set_cc_for_build - SUN_ARCH="i386" + SUN_ARCH=i386 # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then - SUN_ARCH="x86_64" + SUN_ARCH=x86_64 fi fi echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` @@ -393,7 +414,7 @@ exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` - test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} @@ -618,13 +639,13 @@ sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in - 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 - 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 + 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in - 32) HP_ARCH="hppa2.0n" ;; - 64) HP_ARCH="hppa2.0w" ;; - '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + 32) HP_ARCH=hppa2.0n ;; + 64) HP_ARCH=hppa2.0w ;; + '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 esac ;; esac fi @@ -663,11 +684,11 @@ exit (0); } EOF - (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + (CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac - if [ ${HP_ARCH} = "hppa2.0w" ] + if [ ${HP_ARCH} = hppa2.0w ] then eval $set_cc_for_build @@ -680,12 +701,12 @@ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 - if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | grep -q __LP64__ then - HP_ARCH="hppa2.0w" + HP_ARCH=hppa2.0w else - HP_ARCH="hppa64" + HP_ARCH=hppa64 fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} @@ -790,14 +811,14 @@ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) - FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) @@ -879,7 +900,7 @@ exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix @@ -902,7 +923,7 @@ EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="gnulibc1" ; fi + if test "$?" = 0 ; then LIBC=gnulibc1 ; fi echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arc:Linux:*:* | arceb:Linux:*:*) @@ -933,6 +954,9 @@ crisv32:Linux:*:*) echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; + e2k:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; frv:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; @@ -945,6 +969,9 @@ ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; + k1om:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; m32r*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; @@ -1021,7 +1048,7 @@ echo ${UNAME_MACHINE}-dec-linux-${LIBC} exit ;; x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} @@ -1100,7 +1127,7 @@ # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub - # prints for the "djgpp" host, or else GDB configury will decide that + # prints for the "djgpp" host, or else GDB configure will decide that # this is a cross-build. echo i586-pc-msdosdjgpp exit ;; @@ -1249,6 +1276,9 @@ SX-8R:SUPER-UX:*:*) echo sx8r-nec-superux${UNAME_RELEASE} exit ;; + SX-ACE:SUPER-UX:*:*) + echo sxace-nec-superux${UNAME_RELEASE} + exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; @@ -1262,9 +1292,9 @@ UNAME_PROCESSOR=powerpc fi if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then case $UNAME_PROCESSOR in @@ -1286,7 +1316,7 @@ exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` - if test "$UNAME_PROCESSOR" = "x86"; then + if test "$UNAME_PROCESSOR" = x86; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi @@ -1317,7 +1347,7 @@ # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. - if test "$cputype" = "386"; then + if test "$cputype" = 386; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" @@ -1359,7 +1389,7 @@ echo i386-pc-xenix exit ;; i*86:skyos:*:*) - echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'` exit ;; i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos @@ -1370,6 +1400,9 @@ x86_64:VMkernel:*:*) echo ${UNAME_MACHINE}-unknown-esx exit ;; + amd64:Isilon\ OneFS:*:*) + echo x86_64-unknown-onefs + exit ;; esac cat >&2 <<EOF @@ -1379,9 +1412,9 @@ the operating system you are using. It is advised that you download the most up to date version of the config scripts from - http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess and - http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub If the version you run ($0) is already up to date, please send the following data and any information you think might be diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/build-aux/config.sub new/libksba-1.3.4/build-aux/config.sub --- old/libksba-1.3.3/build-aux/config.sub 2015-01-28 15:36:13.000000000 +0100 +++ new/libksba-1.3.4/build-aux/config.sub 2016-05-03 18:22:28.000000000 +0200 @@ -1,8 +1,8 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright 1992-2015 Free Software Foundation, Inc. +# Copyright 1992-2016 Free Software Foundation, Inc. -timestamp='2015-01-01' +timestamp='2016-03-30' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -33,7 +33,7 @@ # Otherwise, we print the canonical config type on stdout and succeed. # You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases @@ -53,8 +53,7 @@ me=`echo "$0" | sed -e 's,.*/,,'` usage="\ -Usage: $0 [OPTION] CPU-MFR-OPSYS - $0 [OPTION] ALIAS +Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS Canonicalize a configuration name. @@ -68,7 +67,7 @@ version="\ GNU config.sub ($timestamp) -Copyright 1992-2015 Free Software Foundation, Inc. +Copyright 1992-2016 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -117,7 +116,7 @@ case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ - knetbsd*-gnu* | netbsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os @@ -255,11 +254,12 @@ | arc | arceb \ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ | avr | avr32 \ + | ba \ | be32 | be64 \ | bfin \ | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ - | epiphany \ + | e2k | epiphany \ | fido | fr30 | frv | ft32 \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ @@ -305,7 +305,7 @@ | riscv32 | riscv64 \ | rl78 | rx \ | score \ - | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ @@ -376,12 +376,13 @@ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ + | ba-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ - | elxsi-* \ + | e2k-* | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ @@ -428,12 +429,13 @@ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ | pyramid-* \ + | riscv32-* | riscv64-* \ | rl78-* | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \ | tahoe-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tile*-* \ @@ -518,6 +520,9 @@ basic_machine=i386-pc os=-aros ;; + asmjs) + basic_machine=asmjs-unknown + ;; aux) basic_machine=m68k-apple os=-aux @@ -1373,11 +1378,11 @@ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* | -aros* \ + | -aos* | -aros* | -cloudabi* | -sortix* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ - | -bitrig* | -openbsd* | -solidbsd* \ + | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ @@ -1393,7 +1398,8 @@ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \ + | -onefs* | -tirtos*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1525,6 +1531,8 @@ ;; -nacl*) ;; + -ios) + ;; -none) ;; *) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/config.h.in new/libksba-1.3.4/config.h.in --- old/libksba-1.3.3/config.h.in 2015-04-10 17:46:12.000000000 +0200 +++ new/libksba-1.3.4/config.h.in 2016-05-03 18:26:23.000000000 +0200 @@ -14,6 +14,9 @@ /* GIT commit id revision used to build this package */ #undef BUILD_REVISION +/* The time this package was configured for a build */ +#undef BUILD_TIMESTAMP + /* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP systems. This function is required for `alloca.c' support on those systems. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/configure new/libksba-1.3.4/configure --- old/libksba-1.3.3/configure 2015-04-10 17:45:26.000000000 +0200 +++ new/libksba-1.3.4/configure 2016-05-03 18:26:01.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libksba 1.3.3. +# Generated by GNU Autoconf 2.69 for libksba 1.3.4. # # Report bugs to <http://bugs.gnupg.org>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='libksba' PACKAGE_TARNAME='libksba' -PACKAGE_VERSION='1.3.3' -PACKAGE_STRING='libksba 1.3.3' +PACKAGE_VERSION='1.3.4' +PACKAGE_STRING='libksba 1.3.4' PACKAGE_BUGREPORT='http://bugs.gnupg.org' PACKAGE_URL='' @@ -636,8 +636,8 @@ am__EXEEXT_TRUE LTLIBOBJS LIBOBJS -BUILD_FILEVERSION BUILD_TIMESTAMP +BUILD_FILEVERSION BUILD_REVISION CROSS_COMPILING_FALSE CROSS_COMPILING_TRUE @@ -801,6 +801,7 @@ with_libgpg_error_prefix with_gpg_error_prefix enable_valgrind_tests +enable_build_timestamp ' ac_precious_vars='build_alias host_alias @@ -1354,7 +1355,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libksba 1.3.3 to adapt to many kinds of systems. +\`configure' configures libksba 1.3.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1424,7 +1425,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libksba 1.3.3:";; + short | recursive ) echo "Configuration of libksba 1.3.4:";; esac cat <<\_ACEOF @@ -1451,6 +1452,9 @@ enable/disable use of linker version script. (default is system dependent) --enable-valgrind-tests run self tests under valgrind + --enable-build-timestamp + set an explicit build timestamp for reproducibility. + (default is the current time in ISO-8601 format) Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -1548,7 +1552,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libksba configure 1.3.3 +libksba configure 1.3.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2154,7 +2158,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libksba $as_me 1.3.3, which was +It was created by libksba $as_me 1.3.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2510,7 +2514,7 @@ # Please remember to document interface changes in the NEWS file. LIBKSBA_LT_CURRENT=19 LIBKSBA_LT_AGE=11 -LIBKSBA_LT_REVISION=4 +LIBKSBA_LT_REVISION=5 #------------------- # If the API is changed in an incompatible way: increment the next counter. KSBA_CONFIG_API_VERSION=1 @@ -3038,7 +3042,7 @@ # Define the identity of the package. PACKAGE='libksba' - VERSION='1.3.3' + VERSION='1.3.4' cat >>confdefs.h <<_ACEOF @@ -14895,14 +14899,12 @@ # Generate extended version information for W32. if test "$have_w32_system" = yes; then - BUILD_TIMESTAMP=`date --iso-8601=minutes` BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'` - BUILD_FILEVERSION="${BUILD_FILEVERSION}46190" + BUILD_FILEVERSION="${BUILD_FILEVERSION}14994" fi - -BUILD_REVISION="b46ea28" +BUILD_REVISION="3a92e8c" cat >>confdefs.h <<_ACEOF @@ -14910,6 +14912,24 @@ _ACEOF +# Check whether --enable-build-timestamp was given. +if test "${enable_build_timestamp+set}" = set; then : + enableval=$enable_build_timestamp; if test "$enableval" = "yes"; then + BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date` + else + BUILD_TIMESTAMP="$enableval" + fi +else + BUILD_TIMESTAMP="<none>" +fi + + + +cat >>confdefs.h <<_ACEOF +#define BUILD_TIMESTAMP "$BUILD_TIMESTAMP" +_ACEOF + + ac_config_files="$ac_config_files Makefile m4/Makefile gl/Makefile src/Makefile src/ksba-config src/versioninfo.rc tests/Makefile doc/Makefile" @@ -15467,7 +15487,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libksba $as_me 1.3.3, which was +This file was extended by libksba $as_me 1.3.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -15533,7 +15553,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libksba config.status 1.3.3 +libksba config.status 1.3.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -17529,7 +17549,7 @@ echo " Libksba v${VERSION} has been configured as follows: - Revision: b46ea28 (46190) + Revision: 3a92e8c (14994) Platform: $host " diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/configure.ac new/libksba-1.3.4/configure.ac --- old/libksba-1.3.3/configure.ac 2015-04-10 17:39:54.000000000 +0200 +++ new/libksba-1.3.4/configure.ac 2016-05-03 18:22:29.000000000 +0200 @@ -30,7 +30,7 @@ m4_define([mym4_package],[libksba]) m4_define([mym4_major], [1]) m4_define([mym4_minor], [3]) -m4_define([mym4_micro], [3]) +m4_define([mym4_micro], [4]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a @@ -52,7 +52,7 @@ # Please remember to document interface changes in the NEWS file. LIBKSBA_LT_CURRENT=19 LIBKSBA_LT_AGE=11 -LIBKSBA_LT_REVISION=4 +LIBKSBA_LT_REVISION=5 #------------------- # If the API is changed in an incompatible way: increment the next counter. KSBA_CONFIG_API_VERSION=1 @@ -380,20 +380,32 @@ # Generate extended version information for W32. if test "$have_w32_system" = yes; then - BUILD_TIMESTAMP=`date --iso-8601=minutes` changequote(,)dnl BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'` changequote([,])dnl BUILD_FILEVERSION="${BUILD_FILEVERSION}mym4_revision_dec" fi AC_SUBST(BUILD_REVISION) -AC_SUBST(BUILD_TIMESTAMP) AC_SUBST(BUILD_FILEVERSION) BUILD_REVISION="mym4_revision" AC_SUBST(BUILD_REVISION) AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION", [GIT commit id revision used to build this package]) +AC_ARG_ENABLE([build-timestamp], + AC_HELP_STRING([--enable-build-timestamp], + [set an explicit build timestamp for reproducibility. + (default is the current time in ISO-8601 format)]), + [if test "$enableval" = "yes"; then + BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date` + else + BUILD_TIMESTAMP="$enableval" + fi], + [BUILD_TIMESTAMP="<none>"]) +AC_SUBST(BUILD_TIMESTAMP) +AC_DEFINE_UNQUOTED(BUILD_TIMESTAMP, "$BUILD_TIMESTAMP", + [The time this package was configured for a build]) + AC_CONFIG_FILES([ Makefile diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/doc/ksba.info new/libksba-1.3.4/doc/ksba.info --- old/libksba-1.3.3/doc/ksba.info 2015-04-10 17:46:14.000000000 +0200 +++ new/libksba-1.3.4/doc/ksba.info 2016-05-03 18:26:25.000000000 +0200 @@ -8,8 +8,8 @@ This file documents the KSBA library to access X.509 and CMS data structures. - This is edition 1.3.3, last updated 15 March 2013, of 'The KSBA -Reference Manual', for Version 1.3.3. + This is edition 1.3.4, last updated 15 March 2013, of 'The KSBA +Reference Manual', for Version 1.3.4. Copyright (C) 2002, 2003, 2004 g10 Code GmbH @@ -25,8 +25,8 @@ Main Menu ********* -This is edition 1.3.3, last updated 15 March 2013, of 'The KSBA -Reference Manual', for Version 1.3.3 of the KSBA library. +This is edition 1.3.4, last updated 15 March 2013, of 'The KSBA +Reference Manual', for Version 1.3.4 of the KSBA library. Copyright (C) 2002, 2003, 2004 g10 Code GmbH diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/doc/stamp-vti new/libksba-1.3.4/doc/stamp-vti --- old/libksba-1.3.3/doc/stamp-vti 2015-04-10 17:46:13.000000000 +0200 +++ new/libksba-1.3.4/doc/stamp-vti 2016-05-03 18:26:24.000000000 +0200 @@ -1,4 +1,4 @@ @set UPDATED 15 March 2013 @set UPDATED-MONTH March 2013 -@set EDITION 1.3.3 -@set VERSION 1.3.3 +@set EDITION 1.3.4 +@set VERSION 1.3.4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/doc/version.texi new/libksba-1.3.4/doc/version.texi --- old/libksba-1.3.3/doc/version.texi 2015-04-10 17:46:13.000000000 +0200 +++ new/libksba-1.3.4/doc/version.texi 2016-05-03 18:26:24.000000000 +0200 @@ -1,4 +1,4 @@ @set UPDATED 15 March 2013 @set UPDATED-MONTH March 2013 -@set EDITION 1.3.3 -@set VERSION 1.3.3 +@set EDITION 1.3.4 +@set VERSION 1.3.4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/src/ber-help.c new/libksba-1.3.4/src/ber-help.c --- old/libksba-1.3.3/src/ber-help.c 2013-03-15 20:26:38.000000000 +0100 +++ new/libksba-1.3.4/src/ber-help.c 2016-05-03 18:12:09.000000000 +0200 @@ -285,9 +285,15 @@ ti->buf[ti->nhdr++] = c; len |= c & 0xff; } + /* Sanity check for the length: This is done so that we can take + * the value for malloc plus some additional bytes without + * risking an overflow. */ + if (len > (1 << 30)) + return gpg_error (GPG_ERR_BAD_BER); ti->length = len; } + /* Without this kludge some example certs can't be parsed */ if (ti->class == CLASS_UNIVERSAL && !ti->tag) ti->length = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/src/cert.c new/libksba-1.3.4/src/cert.c --- old/libksba-1.3.3/src/cert.c 2014-04-15 21:37:19.000000000 +0200 +++ new/libksba-1.3.4/src/cert.c 2016-05-03 18:12:09.000000000 +0200 @@ -464,7 +464,10 @@ n = _ksba_asn_find_node (cert->root, "Certificate.signatureAlgorithm"); if (!n || n->off == -1) - err = gpg_error (GPG_ERR_UNKNOWN_ALGORITHM); + { + algo = NULL; + err = gpg_error (GPG_ERR_UNKNOWN_ALGORITHM); + } else err = _ksba_parse_algorithm_identifier (cert->image + n->off, n->nhdr + n->len, &nread, &algo); @@ -1335,9 +1338,15 @@ err = gpg_error (GPG_ERR_NOT_DER_ENCODED); goto leave; } + if (ti.length > derlen) + { + err = gpg_error (GPG_ERR_BAD_BER); + goto leave; + } if (!ti.length) { - err = gpg_error (GPG_ERR_INV_CERT_OBJ); /* no empty inner SEQ */ + /* We do not accept an empty inner SEQ */ + err = gpg_error (GPG_ERR_INV_CERT_OBJ); goto leave; } if (ti.nhdr+ti.length > seqlen) @@ -1356,6 +1365,11 @@ err = gpg_error (GPG_ERR_INV_CERT_OBJ); goto leave; } + if (ti.length > derlen) + { + err = gpg_error (GPG_ERR_BAD_BER); + goto leave; + } if (ti.nhdr+ti.length > seqseqlen) { err = gpg_error (GPG_ERR_BAD_BER); @@ -1458,6 +1472,16 @@ err = gpg_error (GPG_ERR_INV_CERT_OBJ); goto leave; } + if (ti.ndef) + { + err = gpg_error (GPG_ERR_NOT_DER_ENCODED); + goto leave; + } + if (ti.length > derlen) + { + err = gpg_error (GPG_ERR_BAD_BER); + goto leave; + } suboid = ksba_oid_to_str (der, ti.length); if (!suboid) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/src/dn.c new/libksba-1.3.4/src/dn.c --- old/libksba-1.3.3/src/dn.c 2015-04-08 18:37:07.000000000 +0200 +++ new/libksba-1.3.4/src/dn.c 2016-05-03 18:12:09.000000000 +0200 @@ -332,11 +332,8 @@ } else { - if (n+nmore > length) - nmore = length - n; /* Oops, encoding to short */ - tmp[0] = *s++; n++; - for (i=1; i <= nmore; i++) + for (i=1; n < length && i <= nmore; i++) { if ( (*s & 0xc0) != 0x80) break; /* Invalid encoding - let the next cycle detect this. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/src/keyinfo.c new/libksba-1.3.4/src/keyinfo.c --- old/libksba-1.3.3/src/keyinfo.c 2013-03-15 20:26:38.000000000 +0100 +++ new/libksba-1.3.4/src/keyinfo.c 2015-10-28 11:41:48.000000000 +0100 @@ -230,19 +230,30 @@ const char *name; } curve_names[] = { + { "1.3.6.1.4.1.3029.1.5.1", "Curve25519" }, + { "1.3.6.1.4.1.11591.15.1", "Ed25519" }, + { "1.2.840.10045.3.1.1", "NIST P-192" }, + { "1.2.840.10045.3.1.1", "nistp192" }, { "1.2.840.10045.3.1.1", "prime192v1" }, { "1.2.840.10045.3.1.1", "secp192r1" }, - { "1.3.132.0.33", "secp224r1" }, + { "1.3.132.0.33", "NIST P-224" }, + { "1.3.132.0.33", "nistp224" }, + { "1.3.132.0.33", "secp224r1" }, - { "1.2.840.10045.3.1.7", "NIST P-256", }, + { "1.2.840.10045.3.1.7", "NIST P-256" }, + { "1.2.840.10045.3.1.7", "nistp256" }, { "1.2.840.10045.3.1.7", "prime256v1" }, { "1.2.840.10045.3.1.7", "secp256r1" }, - { "1.3.132.0.34", "secp384r1" }, - - { "1.3.132.0.35", "secp521r1" }, + { "1.3.132.0.34", "NIST P-384" }, + { "1.3.132.0.34", "nistp384" }, + { "1.3.132.0.34", "secp384r1" }, + + { "1.3.132.0.35", "NIST P-521" }, + { "1.3.132.0.35", "nistp521" }, + { "1.3.132.0.35", "secp521r1" }, { "1.3.36.3.3.2.8.1.1.1" , "brainpoolP160r1" }, { "1.3.36.3.3.2.8.1.1.3" , "brainpoolP192r1" }, @@ -252,6 +263,15 @@ { "1.3.36.3.3.2.8.1.1.11", "brainpoolP384r1" }, { "1.3.36.3.3.2.8.1.1.13", "brainpoolP512r1" }, + + { "1.2.643.2.2.35.1", "GOST2001-CryptoPro-A" }, + { "1.2.643.2.2.35.2", "GOST2001-CryptoPro-B" }, + { "1.2.643.2.2.35.3", "GOST2001-CryptoPro-C" }, + { "1.2.643.7.1.2.1.2.1", "GOST2012-tc26-A" }, + { "1.2.643.7.1.2.1.2.2", "GOST2012-tc26-B" }, + + { "1.3.132.0.10", "secp256k1" }, + { NULL, NULL} }; @@ -322,10 +342,10 @@ if (buflen == strlen (curve_names[i].name) && !memcmp (buf, curve_names[i].name, buflen)) break; - if (curve_names[i].oid) + if (!curve_names[i].oid) return NULL; /* Not found. */ - buf = curve_names[i].name; - buflen = strlen (curve_names[i].name); + buf = curve_names[i].oid; + buflen = strlen (curve_names[i].oid); } if (_ksba_oid_from_buf (buf, buflen, &der_oid, r_oidlen)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/src/name.c new/libksba-1.3.4/src/name.c --- old/libksba-1.3.3/src/name.c 2013-03-15 20:26:38.000000000 +0100 +++ new/libksba-1.3.4/src/name.c 2016-05-03 18:12:09.000000000 +0200 @@ -113,7 +113,7 @@ *r_name = NULL; - /* count and check for encoding errors - we won;t do this again + /* Count and check for encoding errors - we won't do this again during the second pass */ der = image; derlen = imagelen; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/src/ocsp.c new/libksba-1.3.4/src/ocsp.c --- old/libksba-1.3.3/src/ocsp.c 2013-03-15 20:26:38.000000000 +0100 +++ new/libksba-1.3.4/src/ocsp.c 2016-05-03 18:12:09.000000000 +0200 @@ -231,6 +231,8 @@ && (ti.tag == TYPE_UTC_TIME || ti.tag == TYPE_GENERALIZED_TIME) && !ti.is_constructed) ) err = gpg_error (GPG_ERR_INV_OBJ); + else if (ti.length > *len) + err = gpg_error (GPG_ERR_INV_BER); else if (!(err = _ksba_asntime_to_iso (*buf, ti.length, ti.tag == TYPE_UTC_TIME, isotime))) parse_skip (buf, len, &ti); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/tests/cert-basic.c new/libksba-1.3.4/tests/cert-basic.c --- old/libksba-1.3.3/tests/cert-basic.c 2014-07-22 09:25:33.000000000 +0200 +++ new/libksba-1.3.4/tests/cert-basic.c 2016-05-03 18:12:09.000000000 +0200 @@ -448,7 +448,8 @@ oid = ksba_cert_get_digest_algo (cert); s = get_oid_desc (oid); - printf (" hash algo.: %s%s%s%s\n", oid, s?" (":"",s?s:"",s?")":""); + printf (" hash algo.: %s%s%s%s\n", + oid?oid:"(null)", s?" (":"",s?s:"",s?")":""); /* Under Windows the _ksba_keyinfo_from_sexp are not exported. */ #ifndef __WIN32