+2016-05-03 Werner Koch <wk@gnupg.org>
+
+ Release 1.3.4.
+ * configure.ac: Set LT version to C19/A11/R5.
+
+ Update config.{guess,sub} to 2016-04-02 and 2016-03-30.
+ * build-aux/config.guess: Update.
+ * build-aux/config.sub: Update.
+
+ Create an SWDB file during "make distcheck"
+ * Makefile.am (distcheck-hook): New.
+
+ Fix an undefined return value in ksba_cert_get_digest_algo.
+ * src/cert.c (ksba_cert_get_digest_algo): Set ALGO in the error case.
+ * tests/cert-basic.c (one_file): Take care of printf which does not
+ handle NULL for %s
+
+ Fix an OOB read access in _ksba_dn_to_str.
+ * src/dn.c (append_utf8_value): Use a straightforward check to fix an
+ off-by-one.
+
+ Fix possible read access beyond the buffer.
+ * src/ber-help.c (_ksba_ber_parse_tl): Add extra sanity check.
+ * src/cert.c (ksba_cert_get_cert_policies): Check TLV given length
+ against buffer length.
+ (ksba_cert_get_ext_key_usages): Ditto.
+ * src/ocsp.c (parse_asntime_into_isotime): Ditto.
+
+2015-10-28 Werner Koch <wk@gnupg.org>
+
+ Add more curves to the name->OID table.
+ * src/keyinfo.c (curve_names): Add more curves.
+
+ Fix lookup of ECC OIDs by name.
+ * src/keyinfo.c (get_ecc_curve_oid): Fix obviously never tested table
+ lookup.
+
+2015-08-25 Werner Koch <wk@gnupg.org>
+
+ Add configure option --enable-build-timestamp.
+ * configure.ac (BUILD_TIMESTAMP): Set to "<none>" by default. Add
+ ac_define_unquoted.
+
2015-04-10 Werner Koch <wk@gnupg.org>
Release 1.3.3.
dist-hook: gen-ChangeLog
+distcheck-hook:
+ set -e; ( \
+ pref="#+macro: $$(echo $(PACKAGE_NAME)|tr '-' '_')_" ;\
+ reldate="$$(date -u +%Y-%m-%d)" ;\
+ echo "$${pref}ver $(PACKAGE_VERSION)" ;\
+ echo "$${pref}date $${reldate}" ;\
+ list='$(DIST_ARCHIVES)'; for i in $$list; do \
+ case "$$i" in *.tar.bz2) \
+ echo "$${pref}size $$(wc -c <$$i|awk '{print int($$1/1024)}')k" ;\
+ echo "$${pref}sha1 $$(sha1sum <$$i|cut -d' ' -f1)" ;\
+ echo "$${pref}sha2 $$(sha256sum <$$i|cut -d' ' -f1)" ;;\
+ esac;\
+ done ) | tee $(distdir).swdb
+
gen_start_date = 2011-12-01T00:00:00
.PHONY: gen-ChangeLog
test -d $(distdir)/_build || exit 0; \
dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+ && $(MAKE) $(AM_MAKEFLAGS) distcheck-hook \
&& am__cwd=`pwd` \
&& $(am__cd) $(distdir)/_build \
&& ../configure \
dist-hook: gen-ChangeLog
+
+distcheck-hook:
+ set -e; ( \
+ pref="#+macro: $$(echo $(PACKAGE_NAME)|tr '-' '_')_" ;\
+ reldate="$$(date -u +%Y-%m-%d)" ;\
+ echo "$${pref}ver $(PACKAGE_VERSION)" ;\
+ echo "$${pref}date $${reldate}" ;\
+ list='$(DIST_ARCHIVES)'; for i in $$list; do \
+ case "$$i" in *.tar.bz2) \
+ echo "$${pref}size $$(wc -c <$$i|awk '{print int($$1/1024)}')k" ;\
+ echo "$${pref}sha1 $$(sha1sum <$$i|cut -d' ' -f1)" ;\
+ echo "$${pref}sha2 $$(sha256sum <$$i|cut -d' ' -f1)" ;;\
+ esac;\
+ done ) | tee $(distdir).swdb
.PHONY: gen-ChangeLog
gen-ChangeLog:
if test -d $(top_srcdir)/.git; then \
+Noteworthy changes in version 1.3.4 (2016-05-03) [C19/A11/R4]
+------------------------------------------------
+
+ * Fixed two OOB read access bugs which could be used to force a DoS.
+
+ * Fixed a crash due to faulty curve OID lookup code.
+
+ * Synced the list of supported curves with those of Libgcrypt.
+
+ * New configure option --enable-build-timestamp; a build timestamp is
+ not anymore used by default.
+
+
Noteworthy changes in version 1.3.3 (2015-04-10) [C19/A11/R4]
------------------------------------------------
#! /bin/sh
# Attempt to guess a canonical system name.
-# Copyright 1992-2015 Free Software Foundation, Inc.
+# Copyright 1992-2016 Free Software Foundation, Inc.
-timestamp='2015-01-01'
+timestamp='2016-04-02'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
#
# You can get the latest version of this script from:
-# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
#
# Please send patches to <config-patches@gnu.org>.
GNU config.guess ($timestamp)
Originally written by Per Bothner.
-Copyright 1992-2015 Free Software Foundation, Inc.
+Copyright 1992-2016 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
# Note: NetBSD doesn't particularly care about the vendor
# portion of the name. We always set it to "unknown".
sysctl="sysctl -n hw.machine_arch"
- UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
- /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+ UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
+ /sbin/$sysctl 2>/dev/null || \
+ /usr/sbin/$sysctl 2>/dev/null || \
+ echo unknown)`
case "${UNAME_MACHINE_ARCH}" in
armeb) machine=armeb-unknown ;;
arm*) machine=arm-unknown ;;
sh3el) machine=shl-unknown ;;
sh3eb) machine=sh-unknown ;;
sh5el) machine=sh5le-unknown ;;
+ earmv*)
+ arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
+ endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'`
+ machine=${arch}${endian}-unknown
+ ;;
*) machine=${UNAME_MACHINE_ARCH}-unknown ;;
esac
# The Operating System including object format, if it has switched
# to ELF recently, or will in the future.
case "${UNAME_MACHINE_ARCH}" in
- arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+ arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax)
eval $set_cc_for_build
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ELF__
os=netbsd
;;
esac
+ # Determine ABI tags.
+ case "${UNAME_MACHINE_ARCH}" in
+ earm*)
+ expr='s/^earmv[0-9]/-eabi/;s/eb$//'
+ abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"`
+ ;;
+ esac
# The OS release
# Debian GNU/NetBSD machines have a different userland, and
# thus, need a distinct triplet. However, they do not need
release='-gnu'
;;
*)
- release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+ release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2`
;;
esac
# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
# contains redundant information, the shorter form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
- echo "${machine}-${os}${release}"
+ echo "${machine}-${os}${release}${abi}"
exit ;;
*:Bitrig:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
exit ;;
+ *:LibertyBSD:*:*)
+ UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'`
+ echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE}
+ exit ;;
*:ekkoBSD:*:*)
echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
exit ;;
*:MirBSD:*:*)
echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
exit ;;
+ *:Sortix:*:*)
+ echo ${UNAME_MACHINE}-unknown-sortix
+ exit ;;
alpha:OSF1:*:*)
case $UNAME_RELEASE in
*4.0)
ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
case "$ALPHA_CPU_TYPE" in
"EV4 (21064)")
- UNAME_MACHINE="alpha" ;;
+ UNAME_MACHINE=alpha ;;
"EV4.5 (21064)")
- UNAME_MACHINE="alpha" ;;
+ UNAME_MACHINE=alpha ;;
"LCA4 (21066/21068)")
- UNAME_MACHINE="alpha" ;;
+ UNAME_MACHINE=alpha ;;
"EV5 (21164)")
- UNAME_MACHINE="alphaev5" ;;
+ UNAME_MACHINE=alphaev5 ;;
"EV5.6 (21164A)")
- UNAME_MACHINE="alphaev56" ;;
+ UNAME_MACHINE=alphaev56 ;;
"EV5.6 (21164PC)")
- UNAME_MACHINE="alphapca56" ;;
+ UNAME_MACHINE=alphapca56 ;;
"EV5.7 (21164PC)")
- UNAME_MACHINE="alphapca57" ;;
+ UNAME_MACHINE=alphapca57 ;;
"EV6 (21264)")
- UNAME_MACHINE="alphaev6" ;;
+ UNAME_MACHINE=alphaev6 ;;
"EV6.7 (21264A)")
- UNAME_MACHINE="alphaev67" ;;
+ UNAME_MACHINE=alphaev67 ;;
"EV6.8CB (21264C)")
- UNAME_MACHINE="alphaev68" ;;
+ UNAME_MACHINE=alphaev68 ;;
"EV6.8AL (21264B)")
- UNAME_MACHINE="alphaev68" ;;
+ UNAME_MACHINE=alphaev68 ;;
"EV6.8CX (21264D)")
- UNAME_MACHINE="alphaev68" ;;
+ UNAME_MACHINE=alphaev68 ;;
"EV6.9A (21264/EV69A)")
- UNAME_MACHINE="alphaev69" ;;
+ UNAME_MACHINE=alphaev69 ;;
"EV7 (21364)")
- UNAME_MACHINE="alphaev7" ;;
+ UNAME_MACHINE=alphaev7 ;;
"EV7.9 (21364A)")
- UNAME_MACHINE="alphaev79" ;;
+ UNAME_MACHINE=alphaev79 ;;
esac
# A Pn.n version is a patched version.
# A Vn.n version is a released version.
# A Tn.n version is a released field test version.
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
- echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
exitcode=$?
trap '' 0
exit ;;
i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
eval $set_cc_for_build
- SUN_ARCH="i386"
+ SUN_ARCH=i386
# If there is a compiler, see if it is configured for 64-bit objects.
# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
# This test works for both compilers.
- if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
- (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
- SUN_ARCH="x86_64"
+ SUN_ARCH=x86_64
fi
fi
echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;;
sun*:*:4.2BSD:*)
UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
- test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+ test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3
case "`/bin/arch`" in
sun3)
echo m68k-sun-sunos${UNAME_RELEASE}
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
case "${sc_cpu_version}" in
- 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
- 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+ 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
+ 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
532) # CPU_PA_RISC2_0
case "${sc_kernel_bits}" in
- 32) HP_ARCH="hppa2.0n" ;;
- 64) HP_ARCH="hppa2.0w" ;;
- '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
+ 32) HP_ARCH=hppa2.0n ;;
+ 64) HP_ARCH=hppa2.0w ;;
+ '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20
esac ;;
esac
fi
exit (0);
}
EOF
- (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+ (CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
test -z "$HP_ARCH" && HP_ARCH=hppa
fi ;;
esac
- if [ ${HP_ARCH} = "hppa2.0w" ]
+ if [ ${HP_ARCH} = hppa2.0w ]
then
eval $set_cc_for_build
# $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
# => hppa64-hp-hpux11.23
- if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+ if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) |
grep -q __LP64__
then
- HP_ARCH="hppa2.0w"
+ HP_ARCH=hppa2.0w
else
- HP_ARCH="hppa64"
+ HP_ARCH=hppa64
fi
fi
echo ${HP_ARCH}-hp-hpux${HPUX_REV}
echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
- FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
- FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
+ FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit ;;
5000:UNIX_System_V:4.*:*)
- FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
- FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+ FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit ;;
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
exit ;;
*:GNU/*:*:*)
# other systems with GNU libc and userland
- echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
+ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
exit ;;
i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix
EV68*) UNAME_MACHINE=alphaev68 ;;
esac
objdump --private-headers /bin/sh | grep -q ld.so.1
- if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
+ if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
arc:Linux:*:* | arceb:Linux:*:*)
crisv32:Linux:*:*)
echo ${UNAME_MACHINE}-axis-linux-${LIBC}
exit ;;
+ e2k:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ exit ;;
frv:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
ia64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
+ k1om:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ exit ;;
m32r*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
echo ${UNAME_MACHINE}-dec-linux-${LIBC}
exit ;;
x86_64:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ echo ${UNAME_MACHINE}-pc-linux-${LIBC}
exit ;;
xtensa*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
# uname -m prints for DJGPP always 'pc', but it prints nothing about
# the processor, so we play safe by assuming i586.
# Note: whatever this is, it MUST be the same as what config.sub
- # prints for the "djgpp" host, or else GDB configury will decide that
+ # prints for the "djgpp" host, or else GDB configure will decide that
# this is a cross-build.
echo i586-pc-msdosdjgpp
exit ;;
SX-8R:SUPER-UX:*:*)
echo sx8r-nec-superux${UNAME_RELEASE}
exit ;;
+ SX-ACE:SUPER-UX:*:*)
+ echo sxace-nec-superux${UNAME_RELEASE}
+ exit ;;
Power*:Rhapsody:*:*)
echo powerpc-apple-rhapsody${UNAME_RELEASE}
exit ;;
UNAME_PROCESSOR=powerpc
fi
if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
- if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
- (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
case $UNAME_PROCESSOR in
exit ;;
*:procnto*:*:* | *:QNX:[0123456789]*:*)
UNAME_PROCESSOR=`uname -p`
- if test "$UNAME_PROCESSOR" = "x86"; then
+ if test "$UNAME_PROCESSOR" = x86; then
UNAME_PROCESSOR=i386
UNAME_MACHINE=pc
fi
# "uname -m" is not consistent, so use $cputype instead. 386
# is converted to i386 for consistency with other x86
# operating systems.
- if test "$cputype" = "386"; then
+ if test "$cputype" = 386; then
UNAME_MACHINE=i386
else
UNAME_MACHINE="$cputype"
echo i386-pc-xenix
exit ;;
i*86:skyos:*:*)
- echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'`
exit ;;
i*86:rdos:*:*)
echo ${UNAME_MACHINE}-pc-rdos
x86_64:VMkernel:*:*)
echo ${UNAME_MACHINE}-unknown-esx
exit ;;
+ amd64:Isilon\ OneFS:*:*)
+ echo x86_64-unknown-onefs
+ exit ;;
esac
cat >&2 <<EOF
the operating system you are using. It is advised that you
download the most up to date version of the config scripts from
- http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
and
- http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
If the version you run ($0) is already up to date, please
send the following data and any information you think might be
#! /bin/sh
# Configuration validation subroutine script.
-# Copyright 1992-2015 Free Software Foundation, Inc.
+# Copyright 1992-2016 Free Software Foundation, Inc.
-timestamp='2015-01-01'
+timestamp='2016-03-30'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# Otherwise, we print the canonical config type on stdout and succeed.
# You can get the latest version of this script from:
-# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
# This file is supposed to be the same for all GNU packages
# and recognize all the CPU types, system types and aliases
me=`echo "$0" | sed -e 's,.*/,,'`
usage="\
-Usage: $0 [OPTION] CPU-MFR-OPSYS
- $0 [OPTION] ALIAS
+Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS
Canonicalize a configuration name.
version="\
GNU config.sub ($timestamp)
-Copyright 1992-2015 Free Software Foundation, Inc.
+Copyright 1992-2016 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
case $maybe_os in
nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
- knetbsd*-gnu* | netbsd*-gnu* | \
+ knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
kopensolaris*-gnu* | \
storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
| arc | arceb \
| arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
| avr | avr32 \
+ | ba \
| be32 | be64 \
| bfin \
| c4x | c8051 | clipper \
| d10v | d30v | dlx | dsp16xx \
- | epiphany \
+ | e2k | epiphany \
| fido | fr30 | frv | ft32 \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| hexagon \
| riscv32 | riscv64 \
| rl78 | rx \
| score \
- | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* | avr32-* \
+ | ba-* \
| be32-* | be64-* \
| bfin-* | bs2000-* \
| c[123]* | c30-* | [cjt]90-* | c4x-* \
| c8051-* | clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
- | elxsi-* \
+ | e2k-* | elxsi-* \
| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
| pyramid-* \
+ | riscv32-* | riscv64-* \
| rl78-* | romp-* | rs6000-* | rx-* \
| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
| sparclite-* \
- | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
+ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \
| tahoe-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
| tile*-* \
basic_machine=i386-pc
os=-aros
;;
+ asmjs)
+ basic_machine=asmjs-unknown
+ ;;
aux)
basic_machine=m68k-apple
os=-aux
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
| -sym* | -kopensolaris* | -plan9* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
- | -aos* | -aros* \
+ | -aos* | -aros* | -cloudabi* | -sortix* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
- | -bitrig* | -openbsd* | -solidbsd* \
+ | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \
| -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
- | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*)
+ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
+ | -onefs* | -tirtos*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
;;
-nacl*)
;;
+ -ios)
+ ;;
-none)
;;
*)
/* GIT commit id revision used to build this package */
#undef BUILD_REVISION
+/* The time this package was configured for a build */
+#undef BUILD_TIMESTAMP
+
/* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP
systems. This function is required for `alloca.c' support on those systems.
*/
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libksba 1.3.3.
+# Generated by GNU Autoconf 2.69 for libksba 1.3.4.
#
# Report bugs to <http://bugs.gnupg.org>.
#
# Identity of this package.
PACKAGE_NAME='libksba'
PACKAGE_TARNAME='libksba'
-PACKAGE_VERSION='1.3.3'
-PACKAGE_STRING='libksba 1.3.3'
+PACKAGE_VERSION='1.3.4'
+PACKAGE_STRING='libksba 1.3.4'
PACKAGE_BUGREPORT='http://bugs.gnupg.org'
PACKAGE_URL=''
am__EXEEXT_TRUE
LTLIBOBJS
LIBOBJS
-BUILD_FILEVERSION
BUILD_TIMESTAMP
+BUILD_FILEVERSION
BUILD_REVISION
CROSS_COMPILING_FALSE
CROSS_COMPILING_TRUE
with_libgpg_error_prefix
with_gpg_error_prefix
enable_valgrind_tests
+enable_build_timestamp
'
ac_precious_vars='build_alias
host_alias
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures libksba 1.3.3 to adapt to many kinds of systems.
+\`configure' configures libksba 1.3.4 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of libksba 1.3.3:";;
+ short | recursive ) echo "Configuration of libksba 1.3.4:";;
esac
cat <<\_ACEOF
enable/disable use of linker version script.
(default is system dependent)
--enable-valgrind-tests run self tests under valgrind
+ --enable-build-timestamp
+ set an explicit build timestamp for reproducibility.
+ (default is the current time in ISO-8601 format)
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-libksba configure 1.3.3
+libksba configure 1.3.4
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by libksba $as_me 1.3.3, which was
+It was created by libksba $as_me 1.3.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
# Please remember to document interface changes in the NEWS file.
LIBKSBA_LT_CURRENT=19
LIBKSBA_LT_AGE=11
-LIBKSBA_LT_REVISION=4
+LIBKSBA_LT_REVISION=5
#-------------------
# If the API is changed in an incompatible way: increment the next counter.
KSBA_CONFIG_API_VERSION=1
# Define the identity of the package.
PACKAGE='libksba'
- VERSION='1.3.3'
+ VERSION='1.3.4'
cat >>confdefs.h <<_ACEOF
# Generate extended version information for W32.
if test "$have_w32_system" = yes; then
- BUILD_TIMESTAMP=`date --iso-8601=minutes`
BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'`
- BUILD_FILEVERSION="${BUILD_FILEVERSION}46190"
+ BUILD_FILEVERSION="${BUILD_FILEVERSION}14994"
fi
-
-BUILD_REVISION="b46ea28"
+BUILD_REVISION="3a92e8c"
cat >>confdefs.h <<_ACEOF
_ACEOF
+# Check whether --enable-build-timestamp was given.
+if test "${enable_build_timestamp+set}" = set; then :
+ enableval=$enable_build_timestamp; if test "$enableval" = "yes"; then
+ BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date`
+ else
+ BUILD_TIMESTAMP="$enableval"
+ fi
+else
+ BUILD_TIMESTAMP="<none>"
+fi
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define BUILD_TIMESTAMP "$BUILD_TIMESTAMP"
+_ACEOF
+
+
ac_config_files="$ac_config_files Makefile m4/Makefile gl/Makefile src/Makefile src/ksba-config src/versioninfo.rc tests/Makefile doc/Makefile"
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by libksba $as_me 1.3.3, which was
+This file was extended by libksba $as_me 1.3.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-libksba config.status 1.3.3
+libksba config.status 1.3.4
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
echo "
Libksba v${VERSION} has been configured as follows:
- Revision: b46ea28 (46190)
+ Revision: 3a92e8c (14994)
Platform: $host
"
m4_define([mym4_package],[libksba])
m4_define([mym4_major], [1])
m4_define([mym4_minor], [3])
-m4_define([mym4_micro], [3])
+m4_define([mym4_micro], [4])
# Below is m4 magic to extract and compute the git revision number,
# the decimalized short revision number, a beta version string and a
# Please remember to document interface changes in the NEWS file.
LIBKSBA_LT_CURRENT=19
LIBKSBA_LT_AGE=11
-LIBKSBA_LT_REVISION=4
+LIBKSBA_LT_REVISION=5
#-------------------
# If the API is changed in an incompatible way: increment the next counter.
KSBA_CONFIG_API_VERSION=1
# Generate extended version information for W32.
if test "$have_w32_system" = yes; then
- BUILD_TIMESTAMP=`date --iso-8601=minutes`
changequote(,)dnl
BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'`
changequote([,])dnl
BUILD_FILEVERSION="${BUILD_FILEVERSION}mym4_revision_dec"
fi
AC_SUBST(BUILD_REVISION)
-AC_SUBST(BUILD_TIMESTAMP)
AC_SUBST(BUILD_FILEVERSION)
BUILD_REVISION="mym4_revision"
AC_SUBST(BUILD_REVISION)
AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION",
[GIT commit id revision used to build this package])
+AC_ARG_ENABLE([build-timestamp],
+ AC_HELP_STRING([--enable-build-timestamp],
+ [set an explicit build timestamp for reproducibility.
+ (default is the current time in ISO-8601 format)]),
+ [if test "$enableval" = "yes"; then
+ BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date`
+ else
+ BUILD_TIMESTAMP="$enableval"
+ fi],
+ [BUILD_TIMESTAMP="<none>"])
+AC_SUBST(BUILD_TIMESTAMP)
+AC_DEFINE_UNQUOTED(BUILD_TIMESTAMP, "$BUILD_TIMESTAMP",
+ [The time this package was configured for a build])
+
AC_CONFIG_FILES([
Makefile
This file documents the KSBA library to access X.509 and CMS data
structures.
- This is edition 1.3.3, last updated 15 March 2013, of 'The KSBA
-Reference Manual', for Version 1.3.3.
+ This is edition 1.3.4, last updated 15 March 2013, of 'The KSBA
+Reference Manual', for Version 1.3.4.
Copyright (C) 2002, 2003, 2004 g10 Code GmbH
Main Menu
*********
-This is edition 1.3.3, last updated 15 March 2013, of 'The KSBA
-Reference Manual', for Version 1.3.3 of the KSBA library.
+This is edition 1.3.4, last updated 15 March 2013, of 'The KSBA
+Reference Manual', for Version 1.3.4 of the KSBA library.
Copyright (C) 2002, 2003, 2004 g10 Code GmbH
@set UPDATED 15 March 2013
@set UPDATED-MONTH March 2013
-@set EDITION 1.3.3
-@set VERSION 1.3.3
+@set EDITION 1.3.4
+@set VERSION 1.3.4
@set UPDATED 15 March 2013
@set UPDATED-MONTH March 2013
-@set EDITION 1.3.3
-@set VERSION 1.3.3
+@set EDITION 1.3.4
+@set VERSION 1.3.4
ti->buf[ti->nhdr++] = c;
len |= c & 0xff;
}
+ /* Sanity check for the length: This is done so that we can take
+ * the value for malloc plus some additional bytes without
+ * risking an overflow. */
+ if (len > (1 << 30))
+ return gpg_error (GPG_ERR_BAD_BER);
ti->length = len;
}
+
/* Without this kludge some example certs can't be parsed */
if (ti->class == CLASS_UNIVERSAL && !ti->tag)
ti->length = 0;
n = _ksba_asn_find_node (cert->root, "Certificate.signatureAlgorithm");
if (!n || n->off == -1)
- err = gpg_error (GPG_ERR_UNKNOWN_ALGORITHM);
+ {
+ algo = NULL;
+ err = gpg_error (GPG_ERR_UNKNOWN_ALGORITHM);
+ }
else
err = _ksba_parse_algorithm_identifier (cert->image + n->off,
n->nhdr + n->len, &nread, &algo);
err = gpg_error (GPG_ERR_NOT_DER_ENCODED);
goto leave;
}
+ if (ti.length > derlen)
+ {
+ err = gpg_error (GPG_ERR_BAD_BER);
+ goto leave;
+ }
if (!ti.length)
{
- err = gpg_error (GPG_ERR_INV_CERT_OBJ); /* no empty inner SEQ */
+ /* We do not accept an empty inner SEQ */
+ err = gpg_error (GPG_ERR_INV_CERT_OBJ);
goto leave;
}
if (ti.nhdr+ti.length > seqlen)
err = gpg_error (GPG_ERR_INV_CERT_OBJ);
goto leave;
}
+ if (ti.length > derlen)
+ {
+ err = gpg_error (GPG_ERR_BAD_BER);
+ goto leave;
+ }
if (ti.nhdr+ti.length > seqseqlen)
{
err = gpg_error (GPG_ERR_BAD_BER);
err = gpg_error (GPG_ERR_INV_CERT_OBJ);
goto leave;
}
+ if (ti.ndef)
+ {
+ err = gpg_error (GPG_ERR_NOT_DER_ENCODED);
+ goto leave;
+ }
+ if (ti.length > derlen)
+ {
+ err = gpg_error (GPG_ERR_BAD_BER);
+ goto leave;
+ }
suboid = ksba_oid_to_str (der, ti.length);
if (!suboid)
}
else
{
- if (n+nmore > length)
- nmore = length - n; /* Oops, encoding to short */
-
tmp[0] = *s++; n++;
- for (i=1; i <= nmore; i++)
+ for (i=1; n < length && i <= nmore; i++)
{
if ( (*s & 0xc0) != 0x80)
break; /* Invalid encoding - let the next cycle detect this. */
const char *name;
} curve_names[] =
{
+ { "1.3.6.1.4.1.3029.1.5.1", "Curve25519" },
+ { "1.3.6.1.4.1.11591.15.1", "Ed25519" },
+
{ "1.2.840.10045.3.1.1", "NIST P-192" },
+ { "1.2.840.10045.3.1.1", "nistp192" },
{ "1.2.840.10045.3.1.1", "prime192v1" },
{ "1.2.840.10045.3.1.1", "secp192r1" },
- { "1.3.132.0.33", "secp224r1" },
+ { "1.3.132.0.33", "NIST P-224" },
+ { "1.3.132.0.33", "nistp224" },
+ { "1.3.132.0.33", "secp224r1" },
- { "1.2.840.10045.3.1.7", "NIST P-256", },
+ { "1.2.840.10045.3.1.7", "NIST P-256" },
+ { "1.2.840.10045.3.1.7", "nistp256" },
{ "1.2.840.10045.3.1.7", "prime256v1" },
{ "1.2.840.10045.3.1.7", "secp256r1" },
- { "1.3.132.0.34", "secp384r1" },
+ { "1.3.132.0.34", "NIST P-384" },
+ { "1.3.132.0.34", "nistp384" },
+ { "1.3.132.0.34", "secp384r1" },
- { "1.3.132.0.35", "secp521r1" },
+ { "1.3.132.0.35", "NIST P-521" },
+ { "1.3.132.0.35", "nistp521" },
+ { "1.3.132.0.35", "secp521r1" },
{ "1.3.36.3.3.2.8.1.1.1" , "brainpoolP160r1" },
{ "1.3.36.3.3.2.8.1.1.3" , "brainpoolP192r1" },
{ "1.3.36.3.3.2.8.1.1.11", "brainpoolP384r1" },
{ "1.3.36.3.3.2.8.1.1.13", "brainpoolP512r1" },
+
+ { "1.2.643.2.2.35.1", "GOST2001-CryptoPro-A" },
+ { "1.2.643.2.2.35.2", "GOST2001-CryptoPro-B" },
+ { "1.2.643.2.2.35.3", "GOST2001-CryptoPro-C" },
+ { "1.2.643.7.1.2.1.2.1", "GOST2012-tc26-A" },
+ { "1.2.643.7.1.2.1.2.2", "GOST2012-tc26-B" },
+
+ { "1.3.132.0.10", "secp256k1" },
+
{ NULL, NULL}
};
if (buflen == strlen (curve_names[i].name)
&& !memcmp (buf, curve_names[i].name, buflen))
break;
- if (curve_names[i].oid)
+ if (!curve_names[i].oid)
return NULL; /* Not found. */
- buf = curve_names[i].name;
- buflen = strlen (curve_names[i].name);
+ buf = curve_names[i].oid;
+ buflen = strlen (curve_names[i].oid);
}
if (_ksba_oid_from_buf (buf, buflen, &der_oid, r_oidlen))
*r_name = NULL;
- /* count and check for encoding errors - we won;t do this again
+ /* Count and check for encoding errors - we won't do this again
during the second pass */
der = image;
derlen = imagelen;
&& (ti.tag == TYPE_UTC_TIME || ti.tag == TYPE_GENERALIZED_TIME)
&& !ti.is_constructed) )
err = gpg_error (GPG_ERR_INV_OBJ);
+ else if (ti.length > *len)
+ err = gpg_error (GPG_ERR_INV_BER);
else if (!(err = _ksba_asntime_to_iso (*buf, ti.length,
ti.tag == TYPE_UTC_TIME, isotime)))
parse_skip (buf, len, &ti);
oid = ksba_cert_get_digest_algo (cert);
s = get_oid_desc (oid);
- printf (" hash algo.: %s%s%s%s\n", oid, s?" (":"",s?s:"",s?")":"");
+ printf (" hash algo.: %s%s%s%s\n",
+ oid?oid:"(null)", s?" (":"",s?s:"",s?")":"");
/* Under Windows the _ksba_keyinfo_from_sexp are not exported. */
#ifndef __WIN32