Bug 16747

Summary: DSlib needs update due to change of CA certificate by ISDS provider
Product: Mageia Reporter: Tomas Kindl <supp>
Component: RPM PackagesAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: advisory mga5-64-ok
Source RPM: dslib-3.0-8.mga5.src.rpm CVE:
Status comment:

Description Tomas Kindl 2015-09-13 16:57:24 CEST
I have uploaded a updated package for Mageia 5(+Cauldron).

Formerly packaged version 3.0 is unusable due to change of CA certificate used by service provider asi of Sep 13th. CA change is user unfriendly and beyond capabilities of common users (by design to prevent casual users from changing them). 

Added new CA certificate, tested on both i586/x86_64, working again.

Suggested advisory:
========================

Updated dslib packages to fix 'datovka' app and make it work again.

As of 2015/09/13, ISDS (databox provider) changed CA certificate making Datovka app inoperable. Therefore patched dslib library was released which mitigates this problem.

References:
https://www.datoveschranky.info/-/upozorneni-na-prechod-na-sha-256-k-13-9-2015


========================

Updated packages in {core/updates_testing:
========================
dslib-3.0-8.2.mga5

Source RPM: 
dslib-3.0-8.2.mga5.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-09-15 15:37:15 CEST
Reposting my comment from the dev list:

Is this list of CA certs supposed to be different than the system ones? If not, you should actually remove the all_trusted.pem file and link it to /etc/pki/tls/certs/ca-bundle.crt.

Whiteboard: (none) => feedback

Comment 2 Tomas Kindl 2015-09-15 19:28:56 CEST
Very different - those CA certs are not included in standard CA bundle.

Sole CA provider for DataBox system is http://www.postsignum.cz/
Comment 3 David Walser 2015-09-15 20:37:56 CEST
OK, thanks for the answer.

Whiteboard: feedback => (none)

Comment 4 claire robinson 2015-09-18 18:26:22 CEST
Tested the package updates cleanly. Tomas states in comment 1 that this resolves the issue both arches but we have no way to independently verify this.

Validating. Advisory uplaoded.

Please push to 5 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: (none) => advisory mga5-64-ok
CC: (none) => sysadmin-bugs

Comment 5 Mageia Robot 2015-09-19 20:59:08 CEST
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGAA-2015-0131.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED