Bug 7545 - Dslib update because of DataBox CA certificate change
Summary: Dslib update because of DataBox CA certificate change
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 2
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL: https://labs.nic.cz/page/969/datovka/
Whiteboard:
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2012-09-22 15:55 CEST by Tomas Kindl
Modified: 2012-10-11 12:13 CEST (History)
2 users (show)

See Also:
Source RPM: dslib-2.0.2-1.1.mga2.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Tomas Kindl 2012-09-22 15:55:44 CEST 
I have uploaded a updated package for Mageia 2.

Formerly packaged version 2.0 sometimes corrupted database when importing
additional account, leading to data loss.
I tested this update extensively for last 14 days w/o any problems.


Suggested advisory:
========================

Updated datovka's dslib library package because DataBox website and SOAP interface switched certificate authority.

As DataBox is official delivery medium for receiving all government communication by citizens in Czech Republic, DataBox CA certificates are
hardwired into dslib library so common user cannot change them. Change of
DataBox CA therefore requires update to dslib library.

This change was backported so that current version of dslib/datovka can be preserved. Main 'datovka' package needn't rebuild.


Has been tested by me on i586/x86_64 extensively for last month and it works as it should.

References:
https://labs.nic.cz/page/708/verze-datovky/

========================

Updated packages in {core/updates_testing:
========================
dslib-2.0.2-1.1.mga2

Source RPM: 
dslib-2.0.2-1.1.mga2.src.rpm
Comment 1 Manuel Hiebel 2012-09-23 20:48:42 CEST 
can you provide a little testing procedure (if possible) ?
Comment 2 Tomas Kindl 2012-09-25 19:36:01 CEST 
Actually I don't think that it is possible (unless you want CZ databox or at least its testing variant :) ).
Otherwise procedure would be:

- add new test account (you can get it by sending this -> http://www.datoveschranky.info/assets/o-datovych-schrankach/zadost_zrizeni_testovaci_ds.zfo <- form which can be filled by 602XML Filler by SW602 - proprietary crap bundled with WINE available for download here: http://www.602.cz/602xml_filler/download)

- try to receive new messages
- program doesn't fail due to old certificate


I can (try to) get one testing databox account for you...
Comment 3 claire robinson 2012-09-29 21:43:42 CEST 
I think last time we had to push this without testing beyond that it installs and updates OK so it should be OK to do so again, if you make a most excellent promise that you checked it well on both i586 and x86_64 Tomas.

IIUC it requires a CZ government storage account to test fully, is that correct?
Comment 4 claire robinson 2012-10-09 13:24:58 CEST 
Validating

See comment 0 for advisory and srpm

Could sysadmin please push from core/updates_testing to core/updates

Thanks!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 Thomas Backlund 2012-10-11 12:13:34 CEST 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0207

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.