diff --git a/security/libpki/Makefile b/security/libpki/Makefile index f09f9d9ef067..1fc399318268 100644 --- a/security/libpki/Makefile +++ b/security/libpki/Makefile @@ -1,63 +1,63 @@ PORTNAME= libpki DISTVERSIONPREFIX= v DISTVERSION= 0.9.2 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= security PATCH_SITES= https://github.com/openca/libpki/commit/ PATCHFILES= d7617046e9da97473a140c02582fa571f6359ae3.patch:-p1 \ 9c4865ad476a75c34d89e0bd663c280f544590c0.patch:-p1 MAINTAINER= bruno@ruomad.net COMMENT= OpenCA PKI library (libpki) and tools WWW= https://www.openca.org/projects/libpki LICENSE= APACHE20 LICENSE_FILE= ${WRKSRC}/COPYING USES= autoreconf gnome libtool ssl USE_GITHUB= yes GH_ACCOUNT= openca USE_GNOME= libxml2 USE_LDCONFIG= yes PATCH_STRIP= -p0 GNU_CONFIGURE= yes CONFIGURE_ARGS= --disable-dependency-tracking \ --disable-iphone INSTALL_TARGET= install-strip TEST_TARGET= check OPTIONS_DEFINE= DNS LDAP MYSQL PGSQL DNS_DESC= "Enable DNS support" LDAP_DESC= "Enable LDAP support" MYSQL_DESC= "Enable MySQL support" PGSQL_DESC= "Enable PostgreSQL support" DNS_CONFIGURE_ENABLE= dns LDAP_USES= ldap LDAP_CONFIGURE_ENABLE= ldap MYSQL_USES= mysql MYSQL_CONFIGURE_ENABLE= mysql PGSQL_USES= pgsql PGSQL_CONFIGURE_ENABLE= pg post-stage: ${MKDIR} ${STAGEDIR}${PREFIX}/share/libpki/etc; \ ${MKDIR} ${STAGEDIR}${PREFIX}/share/libpki/etc/libpki; \ ${MKDIR} ${STAGEDIR}${PREFIX}/share/libpki/etc/libpki/hsm.d; \ ${MKDIR} ${STAGEDIR}${PREFIX}/share/libpki/etc/libpki/profile.d; \ ${MKDIR} ${STAGEDIR}${PREFIX}/share/libpki/etc/libpki/store.d; \ ${MKDIR} ${STAGEDIR}${PREFIX}/share/libpki/etc/libpki/token.d; \ ${MV} ${STAGEDIR}${PREFIX}/etc/pki.conf ${STAGEDIR}${PREFIX}/share/libpki/etc/pki.conf.sample; \ cd ${STAGEDIR}${PREFIX}/etc/libpki; \ for f in $$(find * -type f); do \ ${MV} ${STAGEDIR}${PREFIX}/etc/libpki/$$f ${STAGEDIR}${PREFIX}/share/libpki/etc/libpki/$$f.sample; \ done; \ ${RM} -rf ${STAGEDIR}${PREFIX}/include/internal .include diff --git a/security/libpki/files/patch-src_pki__config.c b/security/libpki/files/patch-src_pki__config.c new file mode 100644 index 000000000000..776340729adf --- /dev/null +++ b/security/libpki/files/patch-src_pki__config.c @@ -0,0 +1,22 @@ +--- src/pki_config.c.orig 2024-08-12 07:36:06.493686000 +0200 ++++ src/pki_config.c 2024-08-12 07:40:19.265530000 +0200 +@@ -17,6 +17,7 @@ + + #define PKI_DEF_CONF_DIRS_SIZE 2 + #define LIBXML_MIN_VERSION 20600 ++#define LIBXML_212_VERSION 21200 + + #if LIBXML_VERSION < LIBXML_MIN_VERSION + #define xmlErrorPtr void * +@@ -30,7 +31,11 @@ + #endif + */ + ++#if LIBXML_VERSION >= LIBXML_212_VERSION ++void logXmlMessages( void *userData, const xmlError *error ) { ++#else + void logXmlMessages( void *userData, xmlErrorPtr error ) { ++#endif + #if LIBXML_VERSION >= LIBXML_MIN_VERSION + PKI_log_err( "XML I/O Error: %s", error->message); + #else diff --git a/security/libpki/files/patch-src_pki__x509.c b/security/libpki/files/patch-src_pki__x509.c new file mode 100644 index 000000000000..945c19397d39 --- /dev/null +++ b/security/libpki/files/patch-src_pki__x509.c @@ -0,0 +1,181 @@ +--- src/pki_x509.c 2024-08-14 14:45:55 +0000 ++++ ../libpki-0.9.2-patched/src/pki_x509.c 2024-08-14 15:08:49 +0000 +@@ -33,22 +33,75 @@ + { NULL, -1 } + }; + +-PKI_TBS_ASN1 * __datatype_get_asn1_ref(PKI_DATATYPE type, +- const void * v) { ++const ASN1_ITEM * _get_ossl_item(PKI_DATATYPE type) { ++ ++ const ASN1_ITEM * it = NULL; ++ ++ // Gets the ASN1_ITEM * needed to get the tbSigned ++ switch (type) { ++ ++ case PKI_DATATYPE_X509_CERT : { ++ it = ASN1_ITEM_rptr(X509_CINF); ++ } break; ++ ++ case PKI_DATATYPE_X509_CRL : { ++ it = ASN1_ITEM_rptr(X509_CRL_INFO); ++ } break; ++ ++ case PKI_DATATYPE_X509_REQ : { ++ it = ASN1_ITEM_rptr(X509_REQ_INFO); ++ } break; ++ ++ case PKI_DATATYPE_X509_OCSP_REQ : { ++ it = ASN1_ITEM_rptr(OCSP_REQINFO); ++ } break; ++ ++ case PKI_DATATYPE_X509_OCSP_RESP : { ++ it = ASN1_ITEM_rptr(OCSP_RESPDATA); ++ } break; ++ ++ case PKI_DATATYPE_X509_PRQP_REQ : { ++ it = ASN1_ITEM_rptr(PKI_PRQP_REQ); ++ } break; ++ ++ case PKI_DATATYPE_X509_PRQP_RESP : { ++ it = ASN1_ITEM_rptr(PKI_PRQP_RESP); ++ } break; ++ ++ case PKI_DATATYPE_X509_CMS : { ++ it = ASN1_ITEM_rptr(CMS_ContentInfo); ++ } break; ++ ++ case PKI_DATATYPE_X509_KEYPAIR: { ++ it = NULL; ++ } break; ++ ++ default: { ++ PKI_DEBUG("Datatype Not Supported (Type: %d)", type); ++ return NULL; ++ } ++ } ++ ++ // Return the Pointer ++ return it; ++ ++} ++ ++PKI_TBS_ASN1 * __datatype_get_asn1_ref(PKI_DATATYPE type, ++ const void * v) { + + PKI_TBS_ASN1 * ret = NULL; + const ASN1_ITEM * it = NULL; + const void * p = NULL; + ++ if ((it = _get_ossl_item(type)) == NULL) { ++ return NULL; ++ } ++ + // Gets the ASN1_ITEM * needed to get the tbSigned + switch (type) { + + case PKI_DATATYPE_X509_CERT : { +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- it = (ASN1_ITEM *) X509_CINF_it; +-#else +- it = &X509_CINF_it; +-#endif + #if OPENSSL_VERSION_NUMBER > 0x1010000fL + p = &(((LIBPKI_X509_CERT *)v)->cert_info); + #else +@@ -57,11 +110,6 @@ + } break; + + case PKI_DATATYPE_X509_CRL : { +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- it = (ASN1_ITEM *) X509_CRL_INFO_it; +-#else +- it = &X509_CRL_INFO_it; +-#endif + #if OPENSSL_VERSION_NUMBER > 0x1010000fL + p = &(((PKI_X509_CRL_VALUE *)v)->crl); + #else +@@ -70,11 +118,6 @@ + } break; + + case PKI_DATATYPE_X509_REQ : { +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- it = (ASN1_ITEM *) X509_REQ_INFO_it; +-#else +- it = &X509_REQ_INFO_it; +-#endif + #if OPENSSL_VERSION_NUMBER > 0x1010000fL + p = &(((LIBPKI_X509_REQ *)v)->req_info); + #else +@@ -83,11 +126,6 @@ + } break; + + case PKI_DATATYPE_X509_OCSP_REQ : { +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- it = (ASN1_ITEM *) OCSP_REQINFO_it; +-#else +- it = &OCSP_REQINFO_it; +-#endif + #if OPENSSL_VERSION_NUMBER > 0x1010000fL + p = &(((PKI_X509_OCSP_REQ_VALUE *)v)->tbsRequest); + #else +@@ -96,11 +134,6 @@ + } break; + + case PKI_DATATYPE_X509_OCSP_RESP : { +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- it = (ASN1_ITEM *) OCSP_RESPDATA_it; +-#else +- it = &OCSP_RESPDATA_it; +-#endif + #if OPENSSL_VERSION_NUMBER > 0x1010000fL + p = &(((PKI_OCSP_RESP *)v)->bs->tbsResponseData); + #else +@@ -109,29 +142,14 @@ + } break; + + case PKI_DATATYPE_X509_PRQP_REQ : { +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- it = (ASN1_ITEM *) PKI_PRQP_REQ_it; +-#else +- it = &PKI_PRQP_REQ_it; +-#endif + p = ((PKI_X509_PRQP_REQ_VALUE *)v)->requestData; + } break; + + case PKI_DATATYPE_X509_PRQP_RESP : { +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- it = (ASN1_ITEM *) PKI_PRQP_RESP_it; +-#else +- it = &PKI_PRQP_RESP_it; +-#endif + p = ((PKI_X509_PRQP_RESP_VALUE *)v)->respData; + } break; + + case PKI_DATATYPE_X509_CMS : { +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- it = (ASN1_ITEM *) CMS_ContentInfo_it; +-#else +- it = &CMS_ContentInfo_it; +-#endif + p = NULL; + } + +@@ -156,6 +174,7 @@ + + } + ++ + /*! \brief Returns the callbacks for a specific PKI_DATATYPE */ + + const PKI_X509_CALLBACKS *PKI_X509_CALLBACKS_get (PKI_DATATYPE type, +@@ -213,6 +232,9 @@ + // Internal Status + ret->status = -1; + ++ // Internal conversion pointer ++ ret->it = _get_ossl_item(type); ++ + // All Done + return ret; + }