Hello community,
here is the log from the commit of package libksba for openSUSE:Factory checked in at 2016-05-19 12:03:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libksba (Old)
and /work/SRC/openSUSE:Factory/.libksba.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libksba"
Changes:
--------
--- /work/SRC/openSUSE:Factory/libksba/libksba.changes 2015-04-15 17:42:56.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.libksba.new/libksba.changes 2016-05-19 12:03:05.000000000 +0200
@@ -1,0 +2,11 @@
+Tue May 10 11:25:34 UTC 2016 - astieger@suse.com
+
+- libksba 1.3.4:
+ * Fixed two OOB read access bugs which could be used to force a DoS.
+ boo#979261 CVE-2016-4574, CVE-2016-4579
+ * Fixed a crash due to faulty curve OID lookup code.
+ * Synced the list of supported curves with those of Libgcrypt.
+ * New configure option --enable-build-timestamp; a build timestamp is
+ not anymore used by default.
+
+-------------------------------------------------------------------
Old:
----
libksba-1.3.3.tar.bz2
libksba-1.3.3.tar.bz2.sig
New:
----
libksba-1.3.4.tar.bz2
libksba-1.3.4.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libksba.spec ++++++
--- /var/tmp/diff_new_pack.m4Lhoq/_old 2016-05-19 12:03:06.000000000 +0200
+++ /var/tmp/diff_new_pack.m4Lhoq/_new 2016-05-19 12:03:06.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package libksba
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%define soname 8
Name: libksba
-Version: 1.3.3
+Version: 1.3.4
Release: 0
Summary: A X.509 Library
License: (LGPL-3.0+ or GPL-2.0+) and GPL-3.0+ and MIT
@@ -27,6 +27,7 @@
Source: ftp://ftp.gnupg.org/gcrypt/libksba/%{name}-%{version}.tar.bz2
Source2: ftp://ftp.gnupg.org/gcrypt/libksba/%{name}-%{version}.tar.bz2.sig
Source3: libksba.keyring
+Source4: libksba.changes
BuildRequires: libgpg-error-devel >= 1.8
# FIXME: use proper Requires(pre/post/preun/...)
PreReq: %{install_info_prereq}
@@ -64,18 +65,22 @@
%setup -q -n libksba-%{version}
%build
-%configure --disable-static --with-pic
+build_timestamp=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE4})
+%configure \
+ --disable-static \
+ --with-pic \
+ --enable-build-timestamp="${build_timestamp}"
+
make %{?_smp_mflags}
%check
make %{?_smp_mflags} check
%install
-make DESTDIR=%{buildroot} install %{?_smp_mflags}
+make %{?_smp_mflags} DESTDIR=%{buildroot} install
find %{buildroot} -type f -name "*.la" -delete -print
%post -n %{name}%{soname} -p /sbin/ldconfig
-
%postun -n %{name}%{soname} -p /sbin/ldconfig
%files -n %{name}%{soname}
@@ -94,7 +99,7 @@
%{_bindir}/*
%{_libdir}/libksba*.so
%{_includedir}/*
-%doc %{_infodir}/ksba*
+%{_infodir}/ksba*
%{_datadir}/aclocal/*
%changelog
++++++ libksba-1.3.3.tar.bz2 -> libksba-1.3.4.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/ChangeLog new/libksba-1.3.4/ChangeLog
--- old/libksba-1.3.3/ChangeLog 2015-04-10 17:46:14.000000000 +0200
+++ new/libksba-1.3.4/ChangeLog 2016-05-03 18:26:25.000000000 +0200
@@ -1,3 +1,46 @@
+2016-05-03 Werner Koch
+
+ Release 1.3.4.
+ * configure.ac: Set LT version to C19/A11/R5.
+
+ Update config.{guess,sub} to 2016-04-02 and 2016-03-30.
+ * build-aux/config.guess: Update.
+ * build-aux/config.sub: Update.
+
+ Create an SWDB file during "make distcheck"
+ * Makefile.am (distcheck-hook): New.
+
+ Fix an undefined return value in ksba_cert_get_digest_algo.
+ * src/cert.c (ksba_cert_get_digest_algo): Set ALGO in the error case.
+ * tests/cert-basic.c (one_file): Take care of printf which does not
+ handle NULL for %s
+
+ Fix an OOB read access in _ksba_dn_to_str.
+ * src/dn.c (append_utf8_value): Use a straightforward check to fix an
+ off-by-one.
+
+ Fix possible read access beyond the buffer.
+ * src/ber-help.c (_ksba_ber_parse_tl): Add extra sanity check.
+ * src/cert.c (ksba_cert_get_cert_policies): Check TLV given length
+ against buffer length.
+ (ksba_cert_get_ext_key_usages): Ditto.
+ * src/ocsp.c (parse_asntime_into_isotime): Ditto.
+
+2015-10-28 Werner Koch
+
+ Add more curves to the name->OID table.
+ * src/keyinfo.c (curve_names): Add more curves.
+
+ Fix lookup of ECC OIDs by name.
+ * src/keyinfo.c (get_ecc_curve_oid): Fix obviously never tested table
+ lookup.
+
+2015-08-25 Werner Koch
+
+ Add configure option --enable-build-timestamp.
+ * configure.ac (BUILD_TIMESTAMP): Set to "<none>" by default. Add
+ ac_define_unquoted.
+
2015-04-10 Werner Koch
Release 1.3.3.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/Makefile.am new/libksba-1.3.4/Makefile.am
--- old/libksba-1.3.3/Makefile.am 2015-01-28 15:34:06.000000000 +0100
+++ new/libksba-1.3.4/Makefile.am 2016-05-03 18:12:09.000000000 +0200
@@ -41,6 +41,20 @@
dist-hook: gen-ChangeLog
+distcheck-hook:
+ set -e; ( \
+ pref="#+macro: $$(echo $(PACKAGE_NAME)|tr '-' '_')_" ;\
+ reldate="$$(date -u +%Y-%m-%d)" ;\
+ echo "$${pref}ver $(PACKAGE_VERSION)" ;\
+ echo "$${pref}date $${reldate}" ;\
+ list='$(DIST_ARCHIVES)'; for i in $$list; do \
+ case "$$i" in *.tar.bz2) \
+ echo "$${pref}size $$(wc -c <$$i|awk '{print int($$1/1024)}')k" ;\
+ echo "$${pref}sha1 $$(sha1sum <$$i|cut -d' ' -f1)" ;\
+ echo "$${pref}sha2 $$(sha256sum <$$i|cut -d' ' -f1)" ;;\
+ esac;\
+ done ) | tee $(distdir).swdb
+
gen_start_date = 2011-12-01T00:00:00
.PHONY: gen-ChangeLog
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/Makefile.in new/libksba-1.3.4/Makefile.in
--- old/libksba-1.3.3/Makefile.in 2015-04-10 17:45:25.000000000 +0200
+++ new/libksba-1.3.4/Makefile.in 2016-05-03 18:26:00.000000000 +0200
@@ -680,6 +680,7 @@
test -d $(distdir)/_build || exit 0; \
dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+ && $(MAKE) $(AM_MAKEFLAGS) distcheck-hook \
&& am__cwd=`pwd` \
&& $(am__cd) $(distdir)/_build \
&& ../configure \
@@ -864,6 +865,20 @@
dist-hook: gen-ChangeLog
+
+distcheck-hook:
+ set -e; ( \
+ pref="#+macro: $$(echo $(PACKAGE_NAME)|tr '-' '_')_" ;\
+ reldate="$$(date -u +%Y-%m-%d)" ;\
+ echo "$${pref}ver $(PACKAGE_VERSION)" ;\
+ echo "$${pref}date $${reldate}" ;\
+ list='$(DIST_ARCHIVES)'; for i in $$list; do \
+ case "$$i" in *.tar.bz2) \
+ echo "$${pref}size $$(wc -c <$$i|awk '{print int($$1/1024)}')k" ;\
+ echo "$${pref}sha1 $$(sha1sum <$$i|cut -d' ' -f1)" ;\
+ echo "$${pref}sha2 $$(sha256sum <$$i|cut -d' ' -f1)" ;;\
+ esac;\
+ done ) | tee $(distdir).swdb
.PHONY: gen-ChangeLog
gen-ChangeLog:
if test -d $(top_srcdir)/.git; then \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/NEWS new/libksba-1.3.4/NEWS
--- old/libksba-1.3.3/NEWS 2015-04-10 17:41:29.000000000 +0200
+++ new/libksba-1.3.4/NEWS 2016-05-03 18:22:29.000000000 +0200
@@ -1,3 +1,16 @@
+Noteworthy changes in version 1.3.4 (2016-05-03) [C19/A11/R4]
+------------------------------------------------
+
+ * Fixed two OOB read access bugs which could be used to force a DoS.
+
+ * Fixed a crash due to faulty curve OID lookup code.
+
+ * Synced the list of supported curves with those of Libgcrypt.
+
+ * New configure option --enable-build-timestamp; a build timestamp is
+ not anymore used by default.
+
+
Noteworthy changes in version 1.3.3 (2015-04-10) [C19/A11/R4]
------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/build-aux/config.guess new/libksba-1.3.4/build-aux/config.guess
--- old/libksba-1.3.3/build-aux/config.guess 2015-01-28 15:36:10.000000000 +0100
+++ new/libksba-1.3.4/build-aux/config.guess 2016-05-03 18:22:28.000000000 +0200
@@ -1,8 +1,8 @@
#! /bin/sh
# Attempt to guess a canonical system name.
-# Copyright 1992-2015 Free Software Foundation, Inc.
+# Copyright 1992-2016 Free Software Foundation, Inc.
-timestamp='2015-01-01'
+timestamp='2016-04-02'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -27,7 +27,7 @@
# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
#
# You can get the latest version of this script from:
-# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess...
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
#
# Please send patches to .
@@ -50,7 +50,7 @@
GNU config.guess ($timestamp)
Originally written by Per Bothner.
-Copyright 1992-2015 Free Software Foundation, Inc.
+Copyright 1992-2016 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -168,20 +168,27 @@
# Note: NetBSD doesn't particularly care about the vendor
# portion of the name. We always set it to "unknown".
sysctl="sysctl -n hw.machine_arch"
- UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
- /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+ UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
+ /sbin/$sysctl 2>/dev/null || \
+ /usr/sbin/$sysctl 2>/dev/null || \
+ echo unknown)`
case "${UNAME_MACHINE_ARCH}" in
armeb) machine=armeb-unknown ;;
arm*) machine=arm-unknown ;;
sh3el) machine=shl-unknown ;;
sh3eb) machine=sh-unknown ;;
sh5el) machine=sh5le-unknown ;;
+ earmv*)
+ arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
+ endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'`
+ machine=${arch}${endian}-unknown
+ ;;
*) machine=${UNAME_MACHINE_ARCH}-unknown ;;
esac
# The Operating System including object format, if it has switched
# to ELF recently, or will in the future.
case "${UNAME_MACHINE_ARCH}" in
- arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+ arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax)
eval $set_cc_for_build
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ELF__
@@ -197,6 +204,13 @@
os=netbsd
;;
esac
+ # Determine ABI tags.
+ case "${UNAME_MACHINE_ARCH}" in
+ earm*)
+ expr='s/^earmv[0-9]/-eabi/;s/eb$//'
+ abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"`
+ ;;
+ esac
# The OS release
# Debian GNU/NetBSD machines have a different userland, and
# thus, need a distinct triplet. However, they do not need
@@ -207,13 +221,13 @@
release='-gnu'
;;
*)
- release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+ release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2`
;;
esac
# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
# contains redundant information, the shorter form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
- echo "${machine}-${os}${release}"
+ echo "${machine}-${os}${release}${abi}"
exit ;;
*:Bitrig:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
@@ -223,6 +237,10 @@
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
exit ;;
+ *:LibertyBSD:*:*)
+ UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'`
+ echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE}
+ exit ;;
*:ekkoBSD:*:*)
echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
exit ;;
@@ -235,6 +253,9 @@
*:MirBSD:*:*)
echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
exit ;;
+ *:Sortix:*:*)
+ echo ${UNAME_MACHINE}-unknown-sortix
+ exit ;;
alpha:OSF1:*:*)
case $UNAME_RELEASE in
*4.0)
@@ -251,42 +272,42 @@
ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
case "$ALPHA_CPU_TYPE" in
"EV4 (21064)")
- UNAME_MACHINE="alpha" ;;
+ UNAME_MACHINE=alpha ;;
"EV4.5 (21064)")
- UNAME_MACHINE="alpha" ;;
+ UNAME_MACHINE=alpha ;;
"LCA4 (21066/21068)")
- UNAME_MACHINE="alpha" ;;
+ UNAME_MACHINE=alpha ;;
"EV5 (21164)")
- UNAME_MACHINE="alphaev5" ;;
+ UNAME_MACHINE=alphaev5 ;;
"EV5.6 (21164A)")
- UNAME_MACHINE="alphaev56" ;;
+ UNAME_MACHINE=alphaev56 ;;
"EV5.6 (21164PC)")
- UNAME_MACHINE="alphapca56" ;;
+ UNAME_MACHINE=alphapca56 ;;
"EV5.7 (21164PC)")
- UNAME_MACHINE="alphapca57" ;;
+ UNAME_MACHINE=alphapca57 ;;
"EV6 (21264)")
- UNAME_MACHINE="alphaev6" ;;
+ UNAME_MACHINE=alphaev6 ;;
"EV6.7 (21264A)")
- UNAME_MACHINE="alphaev67" ;;
+ UNAME_MACHINE=alphaev67 ;;
"EV6.8CB (21264C)")
- UNAME_MACHINE="alphaev68" ;;
+ UNAME_MACHINE=alphaev68 ;;
"EV6.8AL (21264B)")
- UNAME_MACHINE="alphaev68" ;;
+ UNAME_MACHINE=alphaev68 ;;
"EV6.8CX (21264D)")
- UNAME_MACHINE="alphaev68" ;;
+ UNAME_MACHINE=alphaev68 ;;
"EV6.9A (21264/EV69A)")
- UNAME_MACHINE="alphaev69" ;;
+ UNAME_MACHINE=alphaev69 ;;
"EV7 (21364)")
- UNAME_MACHINE="alphaev7" ;;
+ UNAME_MACHINE=alphaev7 ;;
"EV7.9 (21364A)")
- UNAME_MACHINE="alphaev79" ;;
+ UNAME_MACHINE=alphaev79 ;;
esac
# A Pn.n version is a patched version.
# A Vn.n version is a released version.
# A Tn.n version is a released field test version.
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
- echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
exitcode=$?
trap '' 0
@@ -359,16 +380,16 @@
exit ;;
i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
eval $set_cc_for_build
- SUN_ARCH="i386"
+ SUN_ARCH=i386
# If there is a compiler, see if it is configured for 64-bit objects.
# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
# This test works for both compilers.
- if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
- (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
- SUN_ARCH="x86_64"
+ SUN_ARCH=x86_64
fi
fi
echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
@@ -393,7 +414,7 @@
exit ;;
sun*:*:4.2BSD:*)
UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
- test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+ test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3
case "`/bin/arch`" in
sun3)
echo m68k-sun-sunos${UNAME_RELEASE}
@@ -618,13 +639,13 @@
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
case "${sc_cpu_version}" in
- 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
- 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+ 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
+ 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
532) # CPU_PA_RISC2_0
case "${sc_kernel_bits}" in
- 32) HP_ARCH="hppa2.0n" ;;
- 64) HP_ARCH="hppa2.0w" ;;
- '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
+ 32) HP_ARCH=hppa2.0n ;;
+ 64) HP_ARCH=hppa2.0w ;;
+ '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20
esac ;;
esac
fi
@@ -663,11 +684,11 @@
exit (0);
}
EOF
- (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+ (CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
test -z "$HP_ARCH" && HP_ARCH=hppa
fi ;;
esac
- if [ ${HP_ARCH} = "hppa2.0w" ]
+ if [ ${HP_ARCH} = hppa2.0w ]
then
eval $set_cc_for_build
@@ -680,12 +701,12 @@
# $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
# => hppa64-hp-hpux11.23
- if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+ if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) |
grep -q __LP64__
then
- HP_ARCH="hppa2.0w"
+ HP_ARCH=hppa2.0w
else
- HP_ARCH="hppa64"
+ HP_ARCH=hppa64
fi
fi
echo ${HP_ARCH}-hp-hpux${HPUX_REV}
@@ -790,14 +811,14 @@
echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
- FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
- FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
+ FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit ;;
5000:UNIX_System_V:4.*:*)
- FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
- FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+ FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit ;;
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
@@ -879,7 +900,7 @@
exit ;;
*:GNU/*:*:*)
# other systems with GNU libc and userland
- echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
+ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
exit ;;
i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix
@@ -902,7 +923,7 @@
EV68*) UNAME_MACHINE=alphaev68 ;;
esac
objdump --private-headers /bin/sh | grep -q ld.so.1
- if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
+ if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
arc:Linux:*:* | arceb:Linux:*:*)
@@ -933,6 +954,9 @@
crisv32:Linux:*:*)
echo ${UNAME_MACHINE}-axis-linux-${LIBC}
exit ;;
+ e2k:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ exit ;;
frv:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
@@ -945,6 +969,9 @@
ia64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
+ k1om:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ exit ;;
m32r*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
@@ -1021,7 +1048,7 @@
echo ${UNAME_MACHINE}-dec-linux-${LIBC}
exit ;;
x86_64:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo ${UNAME_MACHINE}-pc-linux-${LIBC}
exit ;;
xtensa*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
@@ -1100,7 +1127,7 @@
# uname -m prints for DJGPP always 'pc', but it prints nothing about
# the processor, so we play safe by assuming i586.
# Note: whatever this is, it MUST be the same as what config.sub
- # prints for the "djgpp" host, or else GDB configury will decide that
+ # prints for the "djgpp" host, or else GDB configure will decide that
# this is a cross-build.
echo i586-pc-msdosdjgpp
exit ;;
@@ -1249,6 +1276,9 @@
SX-8R:SUPER-UX:*:*)
echo sx8r-nec-superux${UNAME_RELEASE}
exit ;;
+ SX-ACE:SUPER-UX:*:*)
+ echo sxace-nec-superux${UNAME_RELEASE}
+ exit ;;
Power*:Rhapsody:*:*)
echo powerpc-apple-rhapsody${UNAME_RELEASE}
exit ;;
@@ -1262,9 +1292,9 @@
UNAME_PROCESSOR=powerpc
fi
if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
- if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
- (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
case $UNAME_PROCESSOR in
@@ -1286,7 +1316,7 @@
exit ;;
*:procnto*:*:* | *:QNX:[0123456789]*:*)
UNAME_PROCESSOR=`uname -p`
- if test "$UNAME_PROCESSOR" = "x86"; then
+ if test "$UNAME_PROCESSOR" = x86; then
UNAME_PROCESSOR=i386
UNAME_MACHINE=pc
fi
@@ -1317,7 +1347,7 @@
# "uname -m" is not consistent, so use $cputype instead. 386
# is converted to i386 for consistency with other x86
# operating systems.
- if test "$cputype" = "386"; then
+ if test "$cputype" = 386; then
UNAME_MACHINE=i386
else
UNAME_MACHINE="$cputype"
@@ -1359,7 +1389,7 @@
echo i386-pc-xenix
exit ;;
i*86:skyos:*:*)
- echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'`
exit ;;
i*86:rdos:*:*)
echo ${UNAME_MACHINE}-pc-rdos
@@ -1370,6 +1400,9 @@
x86_64:VMkernel:*:*)
echo ${UNAME_MACHINE}-unknown-esx
exit ;;
+ amd64:Isilon\ OneFS:*:*)
+ echo x86_64-unknown-onefs
+ exit ;;
esac
cat >&2 <http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess...
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
and
- http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;h...
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
If the version you run ($0) is already up to date, please
send the following data and any information you think might be
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/build-aux/config.sub new/libksba-1.3.4/build-aux/config.sub
--- old/libksba-1.3.3/build-aux/config.sub 2015-01-28 15:36:13.000000000 +0100
+++ new/libksba-1.3.4/build-aux/config.sub 2016-05-03 18:22:28.000000000 +0200
@@ -1,8 +1,8 @@
#! /bin/sh
# Configuration validation subroutine script.
-# Copyright 1992-2015 Free Software Foundation, Inc.
+# Copyright 1992-2016 Free Software Foundation, Inc.
-timestamp='2015-01-01'
+timestamp='2016-03-30'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -33,7 +33,7 @@
# Otherwise, we print the canonical config type on stdout and succeed.
# You can get the latest version of this script from:
-# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;h...
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
# This file is supposed to be the same for all GNU packages
# and recognize all the CPU types, system types and aliases
@@ -53,8 +53,7 @@
me=`echo "$0" | sed -e 's,.*/,,'`
usage="\
-Usage: $0 [OPTION] CPU-MFR-OPSYS
- $0 [OPTION] ALIAS
+Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS
Canonicalize a configuration name.
@@ -68,7 +67,7 @@
version="\
GNU config.sub ($timestamp)
-Copyright 1992-2015 Free Software Foundation, Inc.
+Copyright 1992-2016 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -117,7 +116,7 @@
case $maybe_os in
nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
- knetbsd*-gnu* | netbsd*-gnu* | \
+ knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
kopensolaris*-gnu* | \
storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
@@ -255,11 +254,12 @@
| arc | arceb \
| arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
| avr | avr32 \
+ | ba \
| be32 | be64 \
| bfin \
| c4x | c8051 | clipper \
| d10v | d30v | dlx | dsp16xx \
- | epiphany \
+ | e2k | epiphany \
| fido | fr30 | frv | ft32 \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| hexagon \
@@ -305,7 +305,7 @@
| riscv32 | riscv64 \
| rl78 | rx \
| score \
- | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
@@ -376,12 +376,13 @@
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* | avr32-* \
+ | ba-* \
| be32-* | be64-* \
| bfin-* | bs2000-* \
| c[123]* | c30-* | [cjt]90-* | c4x-* \
| c8051-* | clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
- | elxsi-* \
+ | e2k-* | elxsi-* \
| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
@@ -428,12 +429,13 @@
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
| pyramid-* \
+ | riscv32-* | riscv64-* \
| rl78-* | romp-* | rs6000-* | rx-* \
| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
| sparclite-* \
- | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
+ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \
| tahoe-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
| tile*-* \
@@ -518,6 +520,9 @@
basic_machine=i386-pc
os=-aros
;;
+ asmjs)
+ basic_machine=asmjs-unknown
+ ;;
aux)
basic_machine=m68k-apple
os=-aux
@@ -1373,11 +1378,11 @@
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
| -sym* | -kopensolaris* | -plan9* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
- | -aos* | -aros* \
+ | -aos* | -aros* | -cloudabi* | -sortix* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
- | -bitrig* | -openbsd* | -solidbsd* \
+ | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \
| -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
@@ -1393,7 +1398,8 @@
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
- | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*)
+ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
+ | -onefs* | -tirtos*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
@@ -1525,6 +1531,8 @@
;;
-nacl*)
;;
+ -ios)
+ ;;
-none)
;;
*)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/config.h.in new/libksba-1.3.4/config.h.in
--- old/libksba-1.3.3/config.h.in 2015-04-10 17:46:12.000000000 +0200
+++ new/libksba-1.3.4/config.h.in 2016-05-03 18:26:23.000000000 +0200
@@ -14,6 +14,9 @@
/* GIT commit id revision used to build this package */
#undef BUILD_REVISION
+/* The time this package was configured for a build */
+#undef BUILD_TIMESTAMP
+
/* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP
systems. This function is required for `alloca.c' support on those systems.
*/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/configure new/libksba-1.3.4/configure
--- old/libksba-1.3.3/configure 2015-04-10 17:45:26.000000000 +0200
+++ new/libksba-1.3.4/configure 2016-05-03 18:26:01.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libksba 1.3.3.
+# Generated by GNU Autoconf 2.69 for libksba 1.3.4.
#
# Report bugs to http://bugs.gnupg.org.
#
@@ -590,8 +590,8 @@
# Identity of this package.
PACKAGE_NAME='libksba'
PACKAGE_TARNAME='libksba'
-PACKAGE_VERSION='1.3.3'
-PACKAGE_STRING='libksba 1.3.3'
+PACKAGE_VERSION='1.3.4'
+PACKAGE_STRING='libksba 1.3.4'
PACKAGE_BUGREPORT='http://bugs.gnupg.org'
PACKAGE_URL=''
@@ -636,8 +636,8 @@
am__EXEEXT_TRUE
LTLIBOBJS
LIBOBJS
-BUILD_FILEVERSION
BUILD_TIMESTAMP
+BUILD_FILEVERSION
BUILD_REVISION
CROSS_COMPILING_FALSE
CROSS_COMPILING_TRUE
@@ -801,6 +801,7 @@
with_libgpg_error_prefix
with_gpg_error_prefix
enable_valgrind_tests
+enable_build_timestamp
'
ac_precious_vars='build_alias
host_alias
@@ -1354,7 +1355,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures libksba 1.3.3 to adapt to many kinds of systems.
+\`configure' configures libksba 1.3.4 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1424,7 +1425,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of libksba 1.3.3:";;
+ short | recursive ) echo "Configuration of libksba 1.3.4:";;
esac
cat <<\_ACEOF
@@ -1451,6 +1452,9 @@
enable/disable use of linker version script.
(default is system dependent)
--enable-valgrind-tests run self tests under valgrind
+ --enable-build-timestamp
+ set an explicit build timestamp for reproducibility.
+ (default is the current time in ISO-8601 format)
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
@@ -1548,7 +1552,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-libksba configure 1.3.3
+libksba configure 1.3.4
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2154,7 +2158,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by libksba $as_me 1.3.3, which was
+It was created by libksba $as_me 1.3.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2510,7 +2514,7 @@
# Please remember to document interface changes in the NEWS file.
LIBKSBA_LT_CURRENT=19
LIBKSBA_LT_AGE=11
-LIBKSBA_LT_REVISION=4
+LIBKSBA_LT_REVISION=5
#-------------------
# If the API is changed in an incompatible way: increment the next counter.
KSBA_CONFIG_API_VERSION=1
@@ -3038,7 +3042,7 @@
# Define the identity of the package.
PACKAGE='libksba'
- VERSION='1.3.3'
+ VERSION='1.3.4'
cat >>confdefs.h <<_ACEOF
@@ -14895,14 +14899,12 @@
# Generate extended version information for W32.
if test "$have_w32_system" = yes; then
- BUILD_TIMESTAMP=`date --iso-8601=minutes`
BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'`
- BUILD_FILEVERSION="${BUILD_FILEVERSION}46190"
+ BUILD_FILEVERSION="${BUILD_FILEVERSION}14994"
fi
-
-BUILD_REVISION="b46ea28"
+BUILD_REVISION="3a92e8c"
cat >>confdefs.h <<_ACEOF
@@ -14910,6 +14912,24 @@
_ACEOF
+# Check whether --enable-build-timestamp was given.
+if test "${enable_build_timestamp+set}" = set; then :
+ enableval=$enable_build_timestamp; if test "$enableval" = "yes"; then
+ BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date`
+ else
+ BUILD_TIMESTAMP="$enableval"
+ fi
+else
+ BUILD_TIMESTAMP="<none>"
+fi
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define BUILD_TIMESTAMP "$BUILD_TIMESTAMP"
+_ACEOF
+
+
ac_config_files="$ac_config_files Makefile m4/Makefile gl/Makefile src/Makefile src/ksba-config src/versioninfo.rc tests/Makefile doc/Makefile"
@@ -15467,7 +15487,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by libksba $as_me 1.3.3, which was
+This file was extended by libksba $as_me 1.3.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -15533,7 +15553,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-libksba config.status 1.3.3
+libksba config.status 1.3.4
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
@@ -17529,7 +17549,7 @@
echo "
Libksba v${VERSION} has been configured as follows:
- Revision: b46ea28 (46190)
+ Revision: 3a92e8c (14994)
Platform: $host
"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/configure.ac new/libksba-1.3.4/configure.ac
--- old/libksba-1.3.3/configure.ac 2015-04-10 17:39:54.000000000 +0200
+++ new/libksba-1.3.4/configure.ac 2016-05-03 18:22:29.000000000 +0200
@@ -30,7 +30,7 @@
m4_define([mym4_package],[libksba])
m4_define([mym4_major], [1])
m4_define([mym4_minor], [3])
-m4_define([mym4_micro], [3])
+m4_define([mym4_micro], [4])
# Below is m4 magic to extract and compute the git revision number,
# the decimalized short revision number, a beta version string and a
@@ -52,7 +52,7 @@
# Please remember to document interface changes in the NEWS file.
LIBKSBA_LT_CURRENT=19
LIBKSBA_LT_AGE=11
-LIBKSBA_LT_REVISION=4
+LIBKSBA_LT_REVISION=5
#-------------------
# If the API is changed in an incompatible way: increment the next counter.
KSBA_CONFIG_API_VERSION=1
@@ -380,20 +380,32 @@
# Generate extended version information for W32.
if test "$have_w32_system" = yes; then
- BUILD_TIMESTAMP=`date --iso-8601=minutes`
changequote(,)dnl
BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'`
changequote([,])dnl
BUILD_FILEVERSION="${BUILD_FILEVERSION}mym4_revision_dec"
fi
AC_SUBST(BUILD_REVISION)
-AC_SUBST(BUILD_TIMESTAMP)
AC_SUBST(BUILD_FILEVERSION)
BUILD_REVISION="mym4_revision"
AC_SUBST(BUILD_REVISION)
AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION",
[GIT commit id revision used to build this package])
+AC_ARG_ENABLE([build-timestamp],
+ AC_HELP_STRING([--enable-build-timestamp],
+ [set an explicit build timestamp for reproducibility.
+ (default is the current time in ISO-8601 format)]),
+ [if test "$enableval" = "yes"; then
+ BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date`
+ else
+ BUILD_TIMESTAMP="$enableval"
+ fi],
+ [BUILD_TIMESTAMP="<none>"])
+AC_SUBST(BUILD_TIMESTAMP)
+AC_DEFINE_UNQUOTED(BUILD_TIMESTAMP, "$BUILD_TIMESTAMP",
+ [The time this package was configured for a build])
+
AC_CONFIG_FILES([
Makefile
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/doc/ksba.info new/libksba-1.3.4/doc/ksba.info
--- old/libksba-1.3.3/doc/ksba.info 2015-04-10 17:46:14.000000000 +0200
+++ new/libksba-1.3.4/doc/ksba.info 2016-05-03 18:26:25.000000000 +0200
@@ -8,8 +8,8 @@
This file documents the KSBA library to access X.509 and CMS data
structures.
- This is edition 1.3.3, last updated 15 March 2013, of 'The KSBA
-Reference Manual', for Version 1.3.3.
+ This is edition 1.3.4, last updated 15 March 2013, of 'The KSBA
+Reference Manual', for Version 1.3.4.
Copyright (C) 2002, 2003, 2004 g10 Code GmbH
@@ -25,8 +25,8 @@
Main Menu
*********
-This is edition 1.3.3, last updated 15 March 2013, of 'The KSBA
-Reference Manual', for Version 1.3.3 of the KSBA library.
+This is edition 1.3.4, last updated 15 March 2013, of 'The KSBA
+Reference Manual', for Version 1.3.4 of the KSBA library.
Copyright (C) 2002, 2003, 2004 g10 Code GmbH
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/doc/stamp-vti new/libksba-1.3.4/doc/stamp-vti
--- old/libksba-1.3.3/doc/stamp-vti 2015-04-10 17:46:13.000000000 +0200
+++ new/libksba-1.3.4/doc/stamp-vti 2016-05-03 18:26:24.000000000 +0200
@@ -1,4 +1,4 @@
@set UPDATED 15 March 2013
@set UPDATED-MONTH March 2013
-@set EDITION 1.3.3
-@set VERSION 1.3.3
+@set EDITION 1.3.4
+@set VERSION 1.3.4
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/doc/version.texi new/libksba-1.3.4/doc/version.texi
--- old/libksba-1.3.3/doc/version.texi 2015-04-10 17:46:13.000000000 +0200
+++ new/libksba-1.3.4/doc/version.texi 2016-05-03 18:26:24.000000000 +0200
@@ -1,4 +1,4 @@
@set UPDATED 15 March 2013
@set UPDATED-MONTH March 2013
-@set EDITION 1.3.3
-@set VERSION 1.3.3
+@set EDITION 1.3.4
+@set VERSION 1.3.4
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/src/ber-help.c new/libksba-1.3.4/src/ber-help.c
--- old/libksba-1.3.3/src/ber-help.c 2013-03-15 20:26:38.000000000 +0100
+++ new/libksba-1.3.4/src/ber-help.c 2016-05-03 18:12:09.000000000 +0200
@@ -285,9 +285,15 @@
ti->buf[ti->nhdr++] = c;
len |= c & 0xff;
}
+ /* Sanity check for the length: This is done so that we can take
+ * the value for malloc plus some additional bytes without
+ * risking an overflow. */
+ if (len > (1 << 30))
+ return gpg_error (GPG_ERR_BAD_BER);
ti->length = len;
}
+
/* Without this kludge some example certs can't be parsed */
if (ti->class == CLASS_UNIVERSAL && !ti->tag)
ti->length = 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/src/cert.c new/libksba-1.3.4/src/cert.c
--- old/libksba-1.3.3/src/cert.c 2014-04-15 21:37:19.000000000 +0200
+++ new/libksba-1.3.4/src/cert.c 2016-05-03 18:12:09.000000000 +0200
@@ -464,7 +464,10 @@
n = _ksba_asn_find_node (cert->root, "Certificate.signatureAlgorithm");
if (!n || n->off == -1)
- err = gpg_error (GPG_ERR_UNKNOWN_ALGORITHM);
+ {
+ algo = NULL;
+ err = gpg_error (GPG_ERR_UNKNOWN_ALGORITHM);
+ }
else
err = _ksba_parse_algorithm_identifier (cert->image + n->off,
n->nhdr + n->len, &nread, &algo);
@@ -1335,9 +1338,15 @@
err = gpg_error (GPG_ERR_NOT_DER_ENCODED);
goto leave;
}
+ if (ti.length > derlen)
+ {
+ err = gpg_error (GPG_ERR_BAD_BER);
+ goto leave;
+ }
if (!ti.length)
{
- err = gpg_error (GPG_ERR_INV_CERT_OBJ); /* no empty inner SEQ */
+ /* We do not accept an empty inner SEQ */
+ err = gpg_error (GPG_ERR_INV_CERT_OBJ);
goto leave;
}
if (ti.nhdr+ti.length > seqlen)
@@ -1356,6 +1365,11 @@
err = gpg_error (GPG_ERR_INV_CERT_OBJ);
goto leave;
}
+ if (ti.length > derlen)
+ {
+ err = gpg_error (GPG_ERR_BAD_BER);
+ goto leave;
+ }
if (ti.nhdr+ti.length > seqseqlen)
{
err = gpg_error (GPG_ERR_BAD_BER);
@@ -1458,6 +1472,16 @@
err = gpg_error (GPG_ERR_INV_CERT_OBJ);
goto leave;
}
+ if (ti.ndef)
+ {
+ err = gpg_error (GPG_ERR_NOT_DER_ENCODED);
+ goto leave;
+ }
+ if (ti.length > derlen)
+ {
+ err = gpg_error (GPG_ERR_BAD_BER);
+ goto leave;
+ }
suboid = ksba_oid_to_str (der, ti.length);
if (!suboid)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/src/dn.c new/libksba-1.3.4/src/dn.c
--- old/libksba-1.3.3/src/dn.c 2015-04-08 18:37:07.000000000 +0200
+++ new/libksba-1.3.4/src/dn.c 2016-05-03 18:12:09.000000000 +0200
@@ -332,11 +332,8 @@
}
else
{
- if (n+nmore > length)
- nmore = length - n; /* Oops, encoding to short */
-
tmp[0] = *s++; n++;
- for (i=1; i <= nmore; i++)
+ for (i=1; n < length && i <= nmore; i++)
{
if ( (*s & 0xc0) != 0x80)
break; /* Invalid encoding - let the next cycle detect this. */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/src/keyinfo.c new/libksba-1.3.4/src/keyinfo.c
--- old/libksba-1.3.3/src/keyinfo.c 2013-03-15 20:26:38.000000000 +0100
+++ new/libksba-1.3.4/src/keyinfo.c 2015-10-28 11:41:48.000000000 +0100
@@ -230,19 +230,30 @@
const char *name;
} curve_names[] =
{
+ { "1.3.6.1.4.1.3029.1.5.1", "Curve25519" },
+ { "1.3.6.1.4.1.11591.15.1", "Ed25519" },
+
{ "1.2.840.10045.3.1.1", "NIST P-192" },
+ { "1.2.840.10045.3.1.1", "nistp192" },
{ "1.2.840.10045.3.1.1", "prime192v1" },
{ "1.2.840.10045.3.1.1", "secp192r1" },
- { "1.3.132.0.33", "secp224r1" },
+ { "1.3.132.0.33", "NIST P-224" },
+ { "1.3.132.0.33", "nistp224" },
+ { "1.3.132.0.33", "secp224r1" },
- { "1.2.840.10045.3.1.7", "NIST P-256", },
+ { "1.2.840.10045.3.1.7", "NIST P-256" },
+ { "1.2.840.10045.3.1.7", "nistp256" },
{ "1.2.840.10045.3.1.7", "prime256v1" },
{ "1.2.840.10045.3.1.7", "secp256r1" },
- { "1.3.132.0.34", "secp384r1" },
-
- { "1.3.132.0.35", "secp521r1" },
+ { "1.3.132.0.34", "NIST P-384" },
+ { "1.3.132.0.34", "nistp384" },
+ { "1.3.132.0.34", "secp384r1" },
+
+ { "1.3.132.0.35", "NIST P-521" },
+ { "1.3.132.0.35", "nistp521" },
+ { "1.3.132.0.35", "secp521r1" },
{ "1.3.36.3.3.2.8.1.1.1" , "brainpoolP160r1" },
{ "1.3.36.3.3.2.8.1.1.3" , "brainpoolP192r1" },
@@ -252,6 +263,15 @@
{ "1.3.36.3.3.2.8.1.1.11", "brainpoolP384r1" },
{ "1.3.36.3.3.2.8.1.1.13", "brainpoolP512r1" },
+
+ { "1.2.643.2.2.35.1", "GOST2001-CryptoPro-A" },
+ { "1.2.643.2.2.35.2", "GOST2001-CryptoPro-B" },
+ { "1.2.643.2.2.35.3", "GOST2001-CryptoPro-C" },
+ { "1.2.643.7.1.2.1.2.1", "GOST2012-tc26-A" },
+ { "1.2.643.7.1.2.1.2.2", "GOST2012-tc26-B" },
+
+ { "1.3.132.0.10", "secp256k1" },
+
{ NULL, NULL}
};
@@ -322,10 +342,10 @@
if (buflen == strlen (curve_names[i].name)
&& !memcmp (buf, curve_names[i].name, buflen))
break;
- if (curve_names[i].oid)
+ if (!curve_names[i].oid)
return NULL; /* Not found. */
- buf = curve_names[i].name;
- buflen = strlen (curve_names[i].name);
+ buf = curve_names[i].oid;
+ buflen = strlen (curve_names[i].oid);
}
if (_ksba_oid_from_buf (buf, buflen, &der_oid, r_oidlen))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/src/name.c new/libksba-1.3.4/src/name.c
--- old/libksba-1.3.3/src/name.c 2013-03-15 20:26:38.000000000 +0100
+++ new/libksba-1.3.4/src/name.c 2016-05-03 18:12:09.000000000 +0200
@@ -113,7 +113,7 @@
*r_name = NULL;
- /* count and check for encoding errors - we won;t do this again
+ /* Count and check for encoding errors - we won't do this again
during the second pass */
der = image;
derlen = imagelen;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/src/ocsp.c new/libksba-1.3.4/src/ocsp.c
--- old/libksba-1.3.3/src/ocsp.c 2013-03-15 20:26:38.000000000 +0100
+++ new/libksba-1.3.4/src/ocsp.c 2016-05-03 18:12:09.000000000 +0200
@@ -231,6 +231,8 @@
&& (ti.tag == TYPE_UTC_TIME || ti.tag == TYPE_GENERALIZED_TIME)
&& !ti.is_constructed) )
err = gpg_error (GPG_ERR_INV_OBJ);
+ else if (ti.length > *len)
+ err = gpg_error (GPG_ERR_INV_BER);
else if (!(err = _ksba_asntime_to_iso (*buf, ti.length,
ti.tag == TYPE_UTC_TIME, isotime)))
parse_skip (buf, len, &ti);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libksba-1.3.3/tests/cert-basic.c new/libksba-1.3.4/tests/cert-basic.c
--- old/libksba-1.3.3/tests/cert-basic.c 2014-07-22 09:25:33.000000000 +0200
+++ new/libksba-1.3.4/tests/cert-basic.c 2016-05-03 18:12:09.000000000 +0200
@@ -448,7 +448,8 @@
oid = ksba_cert_get_digest_algo (cert);
s = get_oid_desc (oid);
- printf (" hash algo.: %s%s%s%s\n", oid, s?" (":"",s?s:"",s?")":"");
+ printf (" hash algo.: %s%s%s%s\n",
+ oid?oid:"(null)", s?" (":"",s?s:"",s?")":"");
/* Under Windows the _ksba_keyinfo_from_sexp are not exported. */
#ifndef __WIN32