From: Bartek Szady <bszx@bszx.eu>
Date: Sun, 30 Jan 2022 13:58:29 +0000 (+0100)
Subject: - updated to 2.4.0
X-Git-Url: http://git.pld-linux.org/gitweb.cgi?a=commitdiff_plain;h=54bd6416480ebcd7c342fa58720c3a84e478494e;p=packages%2Fxca.git

- updated to 2.4.0
---

diff --git a/oids.patch b/oids.patch
deleted file mode 100644
index 8d4c6c1..0000000
--- a/oids.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- xca-2.2.1/misc/oids.text.orig	2020-01-30 20:54:31.000000000 +0100
-+++ xca-2.2.1/misc/oids.text	2020-04-25 15:25:30.483255049 +0200
-@@ -2,12 +2,10 @@
- # OID  			short name      long name
- 1.3.6.1.4.1.311.20.2:	dom:		Domain Controller
- 1.3.6.1.4.1.311.21.1:	MsCaV:		Microsoft CA Version
--1.3.6.1.4.1.311.20.2.3:	msUPN:		Microsoft Universal Principal Name
- 1.3.6.1.4.1.311.10.3.4.1:msEFSFR:	Microsoft EFS File Recovery
- 1.3.6.1.5.5.8.2.2:	iKEIntermediate: IP security end entity
- 1.3.6.1.5.5.7.3.1:      serverAuth:	TLS Web Server Authentication
- 1.3.6.1.5.5.7.3.2:      clientAuth:	TLS Web Client Authentication
--1.3.6.1.4.1.311.20.2.2:	msSmartcardLogin: Microsoft Smartcardlogin
- 2.5.4.44:		generationQualifier: generationQualifier
- 2.5.4.45:		x500UniqueIdentifier: x500UniqueIdentifier
- 2.5.4.65:		pseudonym:	pseudonym
diff --git a/openssl-3.0.patch b/openssl-3.0.patch
new file mode 100644
index 0000000..a7d4785
--- /dev/null
+++ b/openssl-3.0.patch
@@ -0,0 +1,171 @@
+commit 802a8787cfffe5d944e74ffd9acb87a52f9e2362
+Author: Christian Hohnstaedt <christian@hohnstaedt.de>
+Date:   Wed May 12 08:41:34 2021 +0200
+
+    Adaptions to stay OpenSSL 3.0 alpha16 compatible
+
+diff --git a/lib/pkcs11.cpp b/lib/pkcs11.cpp
+index d64e25a1..251e2b15 100644
+--- a/lib/pkcs11.cpp	2022-01-30 10:07:55.038897422 +0100
++++ b/lib/pkcs11.cpp	2022-01-30 10:11:00.501057931 +0100
+@@ -840,8 +840,7 @@
+ 
+ 	switch (EVP_PKEY_type(keytype)) {
+ 	case EVP_PKEY_RSA:
+-		rsa = EVP_PKEY_get0_RSA(pub);
+-		rsa = RSAPublicKey_dup(rsa);
++		rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(pub));
+ 		openssl_error();
+ 		if (!rsa_meth) {
+ #if OPENSSL_VERSION_NUMBER >= 0x1010000L
+@@ -865,8 +864,7 @@
+ 		EVP_PKEY_assign_RSA(evp, rsa);
+ 		break;
+ 	case EVP_PKEY_DSA:
+-		dsa = EVP_PKEY_get0_DSA(pub);
+-		dsa = DSAparams_dup(dsa);
++		dsa = DSAparams_dup(EVP_PKEY_get0_DSA(pub));
+ 		openssl_error();
+ 		if (!dsa_meth) {
+ #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+@@ -889,8 +887,7 @@
+ 		break;
+ #if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+ 	case EVP_PKEY_EC:
+-		ec = EVP_PKEY_get0_EC_KEY(pub);
+-		ec = EC_KEY_dup(ec);
++		ec = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(pub));
+ 		openssl_error();
+ 		if (!ec_key_meth) {
+ 			ec_key_meth = setup_ec_key_meth();
+diff --git a/lib/pki_evp.cpp b/lib/pki_evp.cpp
+index 685ef4e3..288eea17 100644
+--- a/lib/pki_evp.cpp	2021-05-07 22:40:29.000000000 +0200
++++ b/lib/pki_evp.cpp	2022-01-30 10:15:45.332549957 +0100
+@@ -282,8 +282,8 @@
+ static void search_ec_oid(EVP_PKEY *pkey)
+ {
+ #ifndef OPENSSL_NO_EC
+-	EC_KEY *ec;
+ 	EC_GROUP *builtin;
++	const EC_KEY *ec;
+ 	const EC_GROUP *ec_group;
+ 
+ 	int keytype = EVP_PKEY_id(pkey);
+@@ -621,7 +621,7 @@
+ 
+ 	pki_openssl_error();
+ 	if (EVP_PKEY_type(getKeyType()) == EVP_PKEY_RSA) {
+-		RSA *rsa = EVP_PKEY_get0_RSA(tmpkey);
++		RSA *rsa = const_cast<RSA*>(EVP_PKEY_get0_RSA(tmpkey));
+ 		RSA_blinding_on(rsa, NULL);
+ 	}
+ 	myencKey.fill(0);
+@@ -930,7 +930,7 @@
+ 		EVP_MD_CTX_free(ctx);
+ #endif
+ 	if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA && EVP_PKEY_isPrivKey(pkey)) {
+-		RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++		const RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ 		if (RSA_check_key(rsa) != 1)
+ 			verify = false;
+ 	}
+diff --git a/lib/pki_key.cpp b/lib/pki_key.cpp
+index e959dc23..0315c3ae 100644
+--- a/lib/pki_key.cpp
++++ b/lib/pki_key.cpp
+@@ -197,7 +197,7 @@ QString pki_key::length() const
+ 
+ 	if (EVP_PKEY_id(key) == EVP_PKEY_DSA) {
+ 		const BIGNUM *p = NULL;
+-		DSA *dsa = EVP_PKEY_get0_DSA(key);
++		const DSA *dsa = EVP_PKEY_get0_DSA(key);
+ 		if (dsa)
+ 			DSA_get0_pqg(dsa, &p, NULL, NULL);
+ 		dsa_unset = p == NULL;
+@@ -299,7 +299,7 @@ QString pki_key::modulus() const
+ 	if (getKeyType() == EVP_PKEY_RSA) {
+ 		const BIGNUM *n = NULL;
+ 
+-		RSA *rsa = EVP_PKEY_get0_RSA(key);
++		const RSA *rsa = EVP_PKEY_get0_RSA(key);
+ 		RSA_get0_key(rsa, &n, NULL, NULL);
+ 		return BN2QString(n);
+ 	}
+@@ -310,7 +310,7 @@ QString pki_key::pubEx() const
+ {
+ 	if (getKeyType() == EVP_PKEY_RSA) {
+ 		const BIGNUM *e = NULL;
+-		RSA *rsa = EVP_PKEY_get0_RSA(key);
++		const RSA *rsa = EVP_PKEY_get0_RSA(key);
+ 		RSA_get0_key(rsa, NULL, &e, NULL);
+ 		return BN2QString(e);
+ 	}
+@@ -321,7 +321,7 @@ QString pki_key::subprime() const
+ {
+ 	if (getKeyType() == EVP_PKEY_DSA) {
+ 		const BIGNUM *q = NULL;
+-		DSA *dsa = EVP_PKEY_get0_DSA(key);
++		const DSA *dsa = EVP_PKEY_get0_DSA(key);
+ 		if (dsa)
+ 			DSA_get0_pqg(dsa, NULL, &q, NULL);
+ 		return BN2QString(q);
+@@ -333,7 +333,7 @@ QString pki_key::pubkey() const
+ {
+ 	if (getKeyType() == EVP_PKEY_DSA) {
+ 		const BIGNUM *pubkey = NULL;
+-		DSA *dsa = EVP_PKEY_get0_DSA(key);
++		const DSA *dsa = EVP_PKEY_get0_DSA(key);
+ 		if (dsa)
+ 			DSA_get0_key(dsa, &pubkey, NULL);
+ 		return BN2QString(pubkey);
+@@ -761,7 +761,7 @@ QByteArray pki_key::SSH2publicQByteArray(bool raw) const
+ 		txt = "ssh-rsa";
+ 		ssh_key_QBA2data(txt, &data);
+ 		{
+-			RSA *rsa = EVP_PKEY_get0_RSA(key);
++			const RSA *rsa = EVP_PKEY_get0_RSA(key);
+ 			const BIGNUM *n, *e;
+ 			RSA_get0_key(rsa, &n, &e, NULL);
+ 			ssh_key_bn2data(e, &data);
+@@ -772,7 +772,7 @@ QByteArray pki_key::SSH2publicQByteArray(bool raw) const
+ 		txt = "ssh-dss";
+ 		ssh_key_QBA2data(txt, &data);
+ 		{
+-			DSA *dsa = EVP_PKEY_get0_DSA(key);
++			const DSA *dsa = EVP_PKEY_get0_DSA(key);
+ 			const BIGNUM *p, *q, *g, *pubkey;
+ 			DSA_get0_pqg(dsa, &p, &q, &g);
+ 			DSA_get0_key(dsa, &pubkey, NULL);
+diff --git a/lib/pki_scard.cpp b/lib/pki_scard.cpp
+index 25a3ea47..c558a34c 100644
+--- a/lib/pki_scard.cpp
++++ b/lib/pki_scard.cpp
+@@ -290,10 +290,10 @@ void pki_scard::deleteFromToken()
+ pk11_attlist pki_scard::objectAttributesNoId(EVP_PKEY *pk, bool priv) const
+ {
+ 	QByteArray ba;
+-	RSA *rsa;
+-	DSA *dsa;
++	const RSA *rsa;
++	const DSA *dsa;
+ #ifndef OPENSSL_NO_EC
+-	EC_KEY *ec;
++	const EC_KEY *ec;
+ #endif
+ 	const BIGNUM *n = NULL;
+ 	const BIGNUM *e = NULL;
+@@ -398,10 +398,10 @@ int pki_scard::renameOnToken(const slotid &slot, const QString &name)
+ void pki_scard::store_token(const slotid &slot, EVP_PKEY *pkey)
+ {
+ 	QByteArray ba;
+-	RSA *rsa;
+-	DSA *dsa;
++	const RSA *rsa;
++	const DSA *dsa;
+ #ifndef OPENSSL_NO_EC
+-	EC_KEY *ec;
++	const EC_KEY *ec;
+ #endif
+ 	pk11_attlist pub_atts;
+ 	pk11_attlist priv_atts;
diff --git a/opt.patch b/opt.patch
new file mode 100644
index 0000000..9ca4509
--- /dev/null
+++ b/opt.patch
@@ -0,0 +1,21 @@
+diff -up xca-2.4.0/Local.mak.in._orig xca-2.4.0/Local.mak.in
+--- xca-2.4.0/Local.mak.in._orig	2021-05-07 22:40:29.000000000 +0200
++++ xca-2.4.0/Local.mak.in	2022-01-30 11:47:01.297908758 +0100
+@@ -7,7 +7,7 @@ export VERSION=@XCA_VERSION@
+ export HOST=@HOST@
+ 
+ CPPFLAGS+=-Wall -Wextra -DXCA_PREFIX=\"${xca_prefix}\" -DETC=\"@sysconfdir@\" -DDOCDIR=\"@docdir@\"
+-CFLAGS+=-O2 -ggdb -std=c++11 @CXXFLAGS@
++CFLAGS+=-std=c++11 @CXXFLAGS@
+ LIBS=@LIBS@
+ EXTRA_VERSION=@EXTRA_VERSION@
+ 
+@@ -19,7 +19,7 @@
+ HELPCOLL=@QT_HELPCOLL@
+ 
+ CC=@CXX@
+-STRIP=@STRIP@
++STRIP=:
+ WINDRES=@WINDRES@
+ DOCTOOL=@DOCTOOL@
+ MACDEPLOYQT=@MACDEPLOYQT@
diff --git a/xca.spec b/xca.spec
index 72ac583..d089922 100644
--- a/xca.spec
+++ b/xca.spec
@@ -1,14 +1,15 @@
 Summary:	A GUI for handling X509 certificates, RSA keys, PKCS#10 Requests
 Summary(pl.UTF-8):	GUI do obsÅugi certyfikatÃ³w X509, kluczy RSA, Å¼ÄdaÅ PKCS#10
 Name:		xca
-Version:	2.2.1
+Version:	2.4.0
 Release:	1
 Epoch:		1
 License:	BSD
 Group:		Applications/Communications
 Source0:	https://github.com/chris2511/xca/releases/download/RELEASE.%{version}/%{name}-%{version}.tar.gz
-# Source0-md5:	d9564be194d4e1e0b1139670f97a73d2
-Patch0:		oids.patch
+# Source0-md5:	c17d65a86134a69001d14c34729f46b5
+Patch0:		openssl-3.0.patch
+Patch1:		opt.patch
 URL:		https://hohnstaedt.de/xca/
 BuildRequires:	Qt5Sql-devel >= 5.14.0
 BuildRequires:	Qt5Widgets-devel >= 5.14.0
@@ -38,14 +39,28 @@ importowanie i eksportowanie kluczy i certyfikatÃ³w PEM DER PKCS8,
 podpisywanie i anulowanie PEM DER PKCS12 oraz wybÃ³r rozszerzeÅ x509v3.
 Pokazywane jest drzewo certyfikatÃ³w.
 
+%package -n bash-completion-xca
+Summary:	Bash completion for xca commands
+Summary(pl.UTF-8):	Bashowe uzupeÅnianie parametrÃ³w dla poleceÅ xca
+Group:		Applications/Shells
+Requires:	%{name} = %{version}-%{release}
+Requires:	bash-completion >= 2.0
+%{?noarchpackage}
+
+%description -n bash-completion-xca
+Bash completion for xca commands.
+
+%description -n bash-completion-xca -l pl.UTF-8
+Bashowe uzupeÅnianie parametrÃ³w dla poleceÅ xca.
+
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 %build
 
-%configure \
-	--disable-doc
+%configure
 
 %{__make} all
 
@@ -54,10 +69,10 @@ rm -rf $RPM_BUILD_ROOT
 install -d $RPM_BUILD_ROOT{%{_bindir},%{_datadir}/xca,%{_desktopdir},%{_mandir}/man1}
 
 %{__make} install \
-	destdir=$RPM_BUILD_ROOT
+	DESTDIR=$RPM_BUILD_ROOT
 
-%{__make} -C doc ENABLE_DOC="" install \
-	destdir=$RPM_BUILD_ROOT
+%{__make} -C doc install \
+	DESTDIR=$RPM_BUILD_ROOT
 
 gzip -dc doc/xca.1.gz >$RPM_BUILD_ROOT%{_mandir}/man1/xca.1
 %{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/xca.1.gz
@@ -80,4 +95,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/xca.1*
 %{_docdir}/xca
 %{_datadir}/mime/packages/xca.xml
+%{_iconsdir}/hicolor/*/*/*.png
 %{_pixmapsdir}/xca-32x32.xpm
+
+%files -n bash-completion-xca
+%defattr(644,root,root,755)
+%{bash_compdir}/xca