update to xca-2.9.0

patched to workaround use of EVP_PKEY_add1_attr_by_NID for CSP attributes, which seems to be ok in light testing
2026-06-17 23:13:55 +02:00 · 2025-09-06 20:04:40 +00:00
parent 8ba0db2939
commit 0d3d7cd476
9 changed files with 87 additions and 9 deletions
@@ -1,9 +1,8 @@
 COMMENT=	create and manage certificates, CSRs, keys, etc

-V=		2.7.0
+V=		2.9.0
 DISTNAME=	xca-$V
 CATEGORIES=	security x11
-REVISION=	0

 HOMEPAGE=	https://hohnstaedt.de/xca/

@@ -1,2 +1,2 @@
-SHA256 (xca-2.7.0.tar.gz) = Ff9vvkwASsKtGIhas1rmlANkqCRtX+hWKkExL+RewV4=
-SIZE (xca-2.7.0.tar.gz) = 1888329
+SHA256 (xca-2.9.0.tar.gz) = yKlW9vBmA1a3JcsG71g137NlJgQ6T4wc/nZ0u3vdbFw=
+SIZE (xca-2.9.0.tar.gz) = 1954022
@@ -1,7 +1,7 @@
 Index: lib/func_base.cpp
 --- lib/func_base.cpp.orig
 +++ lib/func_base.cpp
-@@ -94,7 +94,7 @@ ASN1_STRING *QStringToAsn1(const QString s, int nid)
+@@ -95,7 +95,7 @@ ASN1_STRING *QStringToAsn1(const QString s, int nid)
 	unsigned long global_mask = ASN1_STRING_get_default_mask();
 	unsigned long mask = DIRSTRING_TYPE & global_mask;
 	ASN1_STRING *out = NULL;
@@ -0,0 +1,22 @@
+EVP_PKEY_add1_attr_by_NID is removed and won't be coming back:
+https://github.com/openbsd/src/commit/05034cf3497dd09a4fdbdecb13152ebab1c2bed4
+
+Index: lib/pki_pkcs12.cpp
+--- lib/pki_pkcs12.cpp.orig
+++ lib/pki_pkcs12.cpp
+@@ -159,6 +159,7 @@ void pki_pkcs12::writePKCS12(XFile &file, encAlgo &enc
+ 		keyAlgoNid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ 
+ 	EVP_PKEY *pkey = key->decryptKey();
+#ifndef LIBRESSL_VERSION_NUMBER
+ 	for (const QString &line : key->getComment().split('\n')) {
+ 		QStringList kv = line.split(":");
+ 		qDebug() << line << kv;
+@@ -168,6 +169,7 @@ void pki_pkcs12::writePKCS12(XFile &file, encAlgo &enc
+ 		EVP_PKEY_add1_attr_by_NID(pkey, NID_ms_csp_name,
+ 			MBSTRING_ASC, (const unsigned char*)csp.constData(), csp.size());
+ 	}
+#endif
+ 
+ 	pkcs12 = PKCS12_create(pass.data(), getIntName().toUtf8().data(),
+ 				pkey, cert->getCert(), certstack,
@@ -0,0 +1,19 @@
+Index: lib/pki_x509.cpp
+--- lib/pki_x509.cpp.orig
+++ lib/pki_x509.cpp
+@@ -1227,11 +1227,12 @@ QList<int> pki_x509::ossl_verify() const
+ 	return errors;
+ }
+ 
+-QList<X509_PURPOSE *> pki_x509::purposes() const
+QList<const X509_PURPOSE *> pki_x509::purposes() const
+ {
+-	QList<X509_PURPOSE *> purposes;
+	QList<const X509_PURPOSE *> purposes;
+ 	for (int i = 0; i< X509_PURPOSE_get_count(); i++) {
+-		X509_PURPOSE *purp = X509_PURPOSE_get0(i);
+		const X509_PURPOSE *purp;
+		purp = X509_PURPOSE_get0(i);
+ 		int id = X509_PURPOSE_get_id(purp);
+ 		if (id == X509_PURPOSE_ANY)
+ 			continue;
@@ -0,0 +1,12 @@
+Index: lib/pki_x509.h
+--- lib/pki_x509.h.orig
+++ lib/pki_x509.h
+@@ -169,7 +169,7 @@ class pki_x509 : public pki_x509super
+ 		bool importTaKey(const QByteArray &takey);
+ 		QList<int> ossl_verify() const;
+ 		bool check_ca() const;
+-		QList<X509_PURPOSE *> purposes() const;
+		QList<const X509_PURPOSE *> purposes() const;
+ 		int name_constraint_check(pki_x509 *issuer) const;
+ };
+ 
@@ -0,0 +1,14 @@
+Index: widgets/CertDetail.cpp
+--- widgets/CertDetail.cpp.orig
+++ widgets/CertDetail.cpp
+@@ -129,8 +129,8 @@ void CertDetail::setCert(pki_x509 *cert)
+ 		html = "<ul>\n" + html + "</ul>\n";
+ 
+ 	validation->setHtml(html);
+-	QList<X509_PURPOSE*> purposes = cert->purposes();
+-	for (X509_PURPOSE *purp : purposes) {
+	QList<const X509_PURPOSE*> purposes = cert->purposes();
+	for (const X509_PURPOSE *purp : purposes) {
+ 		QString purpname = X509_PURPOSE_get0_name(purp);
+ 		int id = X509_PURPOSE_get_id(purp);
+ 		qDebug() << "Purpose: " << purpname << " (" << id << ")";
@@ -3,7 +3,7 @@ const for ASN1_STRING_TABLE
 Index: widgets/NewX509.cpp
 --- widgets/NewX509.cpp.orig
 +++ widgets/NewX509.cpp
-@@ -327,7 +327,7 @@ void NewX509::setupExtDNwidget(const QString &s, QLine
+@@ -332,7 +332,7 @@ void NewX509::setupExtDNwidget(const QString &s, QLine
 
 void NewX509::setupLineEditByNid(int nid, QLineEdit *l)
 {
@@ -1,7 +1,7 @@
@ask-update xca-<2 .xdb format changes in XCA 2.x. Upgrade is automatic, but backup your old files.
@bin bin/xca
@man man/man1/xca.1
-share/applications/xca.desktop
+share/applications/de.hohnstaedt.xca.desktop
 share/bash-completion/completions/xca
 share/doc/xca/
 share/doc/xca/_sources/
@@ -12,6 +12,12 @@ share/doc/xca/_sources/changelog.rst.txt
 share/doc/xca/_sources/commandline.rst.txt
 share/doc/xca/_sources/common-actions.rst.txt
 share/doc/xca/_sources/database.rst.txt
+share/doc/xca/_sources/export-key-clp.rst.txt
+share/doc/xca/_sources/export-key.rst.txt
+share/doc/xca/_sources/export-request.rst.txt
+share/doc/xca/_sources/export-revocation.rst.txt
+share/doc/xca/_sources/export-x509-clp.rst.txt
+share/doc/xca/_sources/export-x509.rst.txt
 share/doc/xca/_sources/index.rst.txt
 share/doc/xca/_sources/introduction.rst.txt
 share/doc/xca/_sources/miscellaneous.rst.txt
@@ -45,6 +51,12 @@ share/doc/xca/changelog.html
 share/doc/xca/commandline.html
 share/doc/xca/common-actions.html
 share/doc/xca/database.html
+share/doc/xca/export-key-clp.html
+share/doc/xca/export-key.html
+share/doc/xca/export-request.html
+share/doc/xca/export-revocation.html
+share/doc/xca/export-x509-clp.html
+share/doc/xca/export-x509.html
 share/doc/xca/genindex.html
 share/doc/xca/index.html
 share/doc/xca/introduction.html
@@ -81,8 +93,6 @@ share/icons/hicolor/64x64/mimetypes/x-xca-template.png
 share/metainfo/
 share/metainfo/de.hohnstaedt.xca.metainfo.xml
 share/mime/packages/xca.xml
-share/pixmaps/
-share/pixmaps/xca-32x32.xpm
 share/xca/
 share/xca/CA.xca
 share/xca/TLS_client.xca
@@ -112,6 +122,7 @@ share/xca/i18n/
 share/xca/i18n/xca.qm
 share/xca/i18n/xca_bg.qm
 share/xca/i18n/xca_de.qm
+share/xca/i18n/xca_en.qm
 share/xca/i18n/xca_es.qm
 share/xca/i18n/xca_fa.qm
 share/xca/i18n/xca_fr.qm
@@ -119,6 +130,7 @@ share/xca/i18n/xca_hr.qm
 share/xca/i18n/xca_id.qm
 share/xca/i18n/xca_it.qm
 share/xca/i18n/xca_ja.qm
+share/xca/i18n/xca_ko.qm
 share/xca/i18n/xca_nl.qm
 share/xca/i18n/xca_pl.qm
 share/xca/i18n/xca_pt_BR.qm