diff -u tinyca-0.7.5/debian/changelog tinyca-0.7.5/debian/changelog --- tinyca-0.7.5/debian/changelog +++ tinyca-0.7.5/debian/changelog @@ -1,3 +1,14 @@ +tinyca (0.7.5-6) unstable; urgency=medium + + * Added support for the SHA2 family of digest algorithms. Thanks to + Bill Thorsteinson, Christian Simon, and Gaudenz Steinlin for patches + and integration work. Closes: #759481 + * Packaging cleanup: + - Updated project homepage + - Updated watch file + + -- Christoph Ulrich Scholler Sun, 13 Dec 2015 22:28:25 +0100 + tinyca (0.7.5-5) unstable; urgency=medium * Bug fix: "options set with radio buttons when creating a new diff -u tinyca-0.7.5/debian/control tinyca-0.7.5/debian/control --- tinyca-0.7.5/debian/control +++ tinyca-0.7.5/debian/control @@ -4,8 +4,8 @@ Maintainer: Christoph Ulrich Scholler Build-Depends-Indep: gettext Build-Depends: debhelper (>> 7.0.0) -Standards-Version: 3.9.5 -Homepage: http://tinyca.sm-zone.net/ +Standards-Version: 3.9.6 +Homepage: https://tinyca.alioth.debian.org/ Package: tinyca Architecture: all diff -u tinyca-0.7.5/debian/watch tinyca-0.7.5/debian/watch --- tinyca-0.7.5/debian/watch +++ tinyca-0.7.5/debian/watch @@ -1,3 +1,4 @@ -version=2 -http://tinyca.sm-zone.net/tinyca2-(.*)\.tar\.gz debian uupdate - +version=3 +opts=uversionmangle=s/-(alpha)/~$1/ \ +http://alioth.debian.org/frs/?group_id=100973 \ +(?:|.*/)tinyca(?:[_\-]v?|)(\d[^\s/]*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz) diff -u tinyca-0.7.5/lib/GUI.pm tinyca-0.7.5/lib/GUI.pm --- tinyca-0.7.5/lib/GUI.pm +++ tinyca-0.7.5/lib/GUI.pm @@ -29,14 +29,17 @@ # This hash maps our internal MD names to the displayed digest names. # Maybe it should live in a crypto-related file instead of a UI-related file? my %md_algorithms = ( - 'md5' => 'MD5', - 'sha1' => 'SHA1', - 'md2' => 'MD2', - 'mdc2' => 'MDC2', - 'md4' => 'MD4', + 'md5' => 'ins.MD5', +# duplicate 'sha1' => 'SHA1', +# n/a 'md2' => 'MD2', +# n/a 'mdc2' => 'MDC2', + 'md4' => 'ins.MD4', 'ripemd160' => 'RIPEMD-160', # 'sha' => 'SHA', 'sha1' => 'SHA-1', + 'sha256' => 'SHA-256', + 'sha384' => 'SHA-384', + 'sha512' => 'SHA-512', ); my %bit_lengths = ( @@ -1060,7 +1063,7 @@ $piter = $store->append($root); $store->set($piter, 0 => $t); - for my $l (qw(FINGERPRINTMD5 FINGERPRINTSHA1)) { + for my $l (qw(FINGERPRINTMD5 FINGERPRINTSHA1 FINGERPRINTSHA256 FINGERPRINTSHA384 FINGERPRINTSHA512)) { if(defined($parsed->{$l})) { $citer = $store->append($piter); $store->set($citer, diff -u tinyca-0.7.5/lib/OpenSSL.pm tinyca-0.7.5/lib/OpenSSL.pm --- tinyca-0.7.5/lib/OpenSSL.pm +++ tinyca-0.7.5/lib/OpenSSL.pm @@ -674,6 +674,47 @@ GUI::HELPERS::print_warning($t, $ext); } + $cmd = "$self->{'bin'} x509 -noout -fingerprint -sha256 -in $file"; + $ext = "$cmd\n\n"; + $pid = open3($wtfh, $rdfh, $rdfh, $cmd); + while(<$rdfh>){ + $ext .= $_; + ($k, $v) = split(/=/); + $tmp->{'FINGERPRINTSHA256'} = $v if($k =~ /SHA256 Fingerprint/i); + chomp($tmp->{'FINGERPRINTSHA256'}); + } + waitpid($pid, 0); + $ret = $? >> 8; + + $cmd = "$self->{'bin'} x509 -noout -fingerprint -sha384 -in $file"; + $ext = "$cmd\n\n"; + $pid = open3($wtfh, $rdfh, $rdfh, $cmd); + while(<$rdfh>){ + $ext .= $_; + ($k, $v) = split(/=/); + $tmp->{'FINGERPRINTSHA384'} = $v if($k =~ /SHA384 Fingerprint/i); + chomp($tmp->{'FINGERPRINTSHA384'}); + } + waitpid($pid, 0); + $ret = $? >> 8; + + $cmd = "$self->{'bin'} x509 -noout -fingerprint -sha512 -in $file"; + $ext = "$cmd\n\n"; + $pid = open3($wtfh, $rdfh, $rdfh, $cmd); + while(<$rdfh>){ + $ext .= $_; + ($k, $v) = split(/=/); + $tmp->{'FINGERPRINTSHA512'} = $v if($k =~ /SHA512 Fingerprint/i); + chomp($tmp->{'FINGERPRINTSHA512'}); + } + waitpid($pid, 0); + $ret = $? >> 8; + + if($ret) { + $t = _("Error reading fingerprint from Certificate"); + GUI::HELPERS::print_warning($t, $ext); + } + # get subject in openssl format $cmd = "$self->{'bin'} x509 -noout -subject -in $file"; $ext = "$cmd\n\n"; only in patch2: unchanged: --- tinyca-0.7.5.orig/lib/CA.pm +++ tinyca-0.7.5/lib/CA.pm @@ -349,7 +349,7 @@ $opts = {}; $opts->{'days'} = 3650; # set default to 10 years $opts->{'bits'} = 4096; - $opts->{'digest'} = 'sha1'; + $opts->{'digest'} = 'sha256'; if(defined($mode) && $mode eq "sub") { # create SubCA, use defaults $opts->{'parentca'} = $main->{'CA'}->{'actca'}; @@ -453,7 +453,7 @@ $opts = {}; $opts->{'days'} = 3650; # set default to 10 years $opts->{'bits'} = 4096; - $opts->{'digest'} = 'sha1'; + $opts->{'digest'} = 'sha256'; $main->show_ca_import_dialog($opts); return; @@ -1062,6 +1062,7 @@ 'outdir' => $self->{$ca}->{'dir'}."/newcerts/", 'keyfile' => $self->{$ca}->{'dir'}."/cacert.key", 'cacertfile' => $self->{$ca}->{'dir'}."/cacert.pem", + 'digest' => $opts->{'digest'}, 'pass' => $opts->{'passwd'}, 'days' => $opts->{'days'}, 'parentpw' => $opts->{'parentpw'}, only in patch2: unchanged: --- tinyca-0.7.5.orig/lib/CERT.pm +++ tinyca-0.7.5/lib/CERT.pm @@ -480,6 +480,9 @@ $out = ''; $out .= "Fingerprint (MD5): $opts->{'parsed'}->{'FINGERPRINTMD5'}\n"; $out .= "Fingerprint (SHA1): $opts->{'parsed'}->{'FINGERPRINTSHA1'}\n\n"; + $out .= "Fingerprint (SHA256): $opts->{'parsed'}->{'FINGERPRINTSHA256'}\n\n"; + $out .= "Fingerprint (SHA384): $opts->{'parsed'}->{'FINGERPRINTSHA384'}\n\n"; + $out .= "Fingerprint (SHA512): $opts->{'parsed'}->{'FINGERPRINTSHA512'}\n\n"; } else { $out = ''; } only in patch2: unchanged: --- tinyca-0.7.5.orig/lib/GUI/WORDS.pm +++ tinyca-0.7.5/lib/GUI/WORDS.pm @@ -70,6 +70,9 @@ 'STATUS' => _("Status"), 'FINGERPRINTMD5' => _("Fingerprint (MD5)"), 'FINGERPRINTSHA1' => _("Fingerprint (SHA1)"), + 'FINGERPRINTSHA256' => _("Fingerprint (SHA256)"), + 'FINGERPRINTSHA384' => _("Fingerprint (SHA384)"), + 'FINGERPRINTSHA512' => _("Fingerprint (SHA512)"), _("Not set") => 'none', _("Ask User") => 'user', _("critical") => 'critical', only in patch2: unchanged: --- tinyca-0.7.5.orig/lib/GUI/X509_infobox.pm +++ tinyca-0.7.5/lib/GUI/X509_infobox.pm @@ -90,6 +90,15 @@ 'center', 0, 0); $self->{'x509textbox'}->pack_start($self->{'certfingerprintsha1'}, 0, 0, 0); + + if(defined($self->{'certfingerprintsha256'})) { + $self->{'certfingerprintsha256'}->destroy(); + } + $self->{'certfingerprintsha256'} = GUI::HELPERS::create_label( + _("Fingerprint (SHA256)").": ".$parsed->{'FINGERPRINTSHA256'}, + 'center', 0, 0); + $self->{'x509textbox'}->pack_start($self->{'certfingerprintsha256'}, + 0, 0, 0); } if (($mode eq 'cert') || ($mode eq 'cacert')) { only in patch2: unchanged: --- tinyca-0.7.5.orig/lib/REQ.pm +++ tinyca-0.7.5/lib/REQ.pm @@ -59,7 +59,7 @@ GUI::HELPERS::print_error($t); } $opts->{'bits'} = 4096; - $opts->{'digest'} = 'sha1'; + $opts->{'digest'} = 'sha256'; $opts->{'algo'} = 'rsa'; if(defined($opts) && $opts eq "sign") { $opts->{'sign'} = 1; @@ -426,6 +426,12 @@ $opts->{'digest'} = "md5"; } elsif ($opts->{'digest'} =~ /^sha1/) { $opts->{'digest'} = "sha1"; + } elsif ($opts->{'digest'} =~ /^sha256/) { + $opts->{'digest'} = "sha256"; + } elsif ($opts->{'digest'} =~ /^sha384/) { + $opts->{'digest'} = "sha384"; + } elsif ($opts->{'digest'} =~ /^sha512/) { + $opts->{'digest'} = "sha512"; } elsif ($opts->{'digest'} =~ /^ripemd160/) { $opts->{'digest'} = "ripemd160"; } else { only in patch2: unchanged: --- tinyca-0.7.5.orig/templates/openssl.cnf +++ tinyca-0.7.5/templates/openssl.cnf @@ -15,7 +15,7 @@ x509_extensions = client_cert default_days = 365 default_crl_days= 30 -default_md = sha1 +default_md = sha256 preserve = no policy = policy_client @@ -33,7 +33,7 @@ x509_extensions = server_cert default_days = 365 default_crl_days= 30 -default_md = sha1 +default_md = sha256 preserve = no policy = policy_server @@ -51,7 +51,7 @@ x509_extensions = v3_ca default_days = 365 default_crl_days= 30 -default_md = sha1 +default_md = sha256 preserve = no policy = policy_ca