From ed851dedc3302c274dcb9f5620f04231ded3b355 Mon Sep 17 00:00:00 2001
From: Thomas Zander <riggs@FreeBSD.org>
Date: Sat, 1 Sep 2018 07:35:29 +0000
Subject: [PATCH] Fix memleak, update MAINTAINER

Details:
- Fix a memory leak in ZXID caused by using system hexdump() function
  instead of the one included in ZXID.
- Set MAINTAINER'ship to admins@perceptyx.com

PR:		230978
Submitted by:	amontalban@gmail.com (new maintainer)
MFH:		2018Q3
---
 security/zxid/Makefile             |  3 +-
 security/zxid/files/patch-errmac.h | 21 +++++++++
 security/zxid/files/patch-zxsig.c  | 69 ++++++++++++++++++++++++++++++
 security/zxid/files/patch-zxutil.c | 21 +++++++++
 4 files changed, 113 insertions(+), 1 deletion(-)
 create mode 100644 security/zxid/files/patch-errmac.h
 create mode 100644 security/zxid/files/patch-zxsig.c
 create mode 100644 security/zxid/files/patch-zxutil.c

diff --git a/security/zxid/Makefile b/security/zxid/Makefile
index bab0b64e8757..46ebd9dcaa9b 100644
--- a/security/zxid/Makefile
+++ b/security/zxid/Makefile
@@ -3,10 +3,11 @@
 
 PORTNAME=	zxid
 PORTVERSION=	1.42
+PORTREVISION=	1
 CATEGORIES=	security www
 MASTER_SITES=	http://zxid.org/
 
-MAINTAINER=	ports@FreeBSD.org
+MAINTAINER=	admins@perceptyx.com
 COMMENT=	Open Source IdM for the Masses - SAML SSO
 
 LICENSE=	E2ETA
diff --git a/security/zxid/files/patch-errmac.h b/security/zxid/files/patch-errmac.h
new file mode 100644
index 000000000000..84ac00cd99c4
--- /dev/null
+++ b/security/zxid/files/patch-errmac.h
@@ -0,0 +1,21 @@
+--- errmac.h.orig	2016-02-29 00:16:50 UTC
++++ errmac.h
+@@ -483,9 +483,17 @@ extern FILE* errmac_debug_log;    /* Def
+ #define DD_XML_BLOB(cf, lk, len, xml) /* Documentative */
+ 
+ int hexdmp(const char* msg, const void* p, int len, int max);
++#if __FreeBSD__
++int hexdump_zxid(const char* msg, const void* p, const void* lim, int max);
++#else 
+ int hexdump(const char* msg, const void* p, const void* lim, int max);
++#endif
+ 
++#if __FreeBSD__
++#define HEXDUMP(msg, p, lim, max) if ((errmac_debug&ERRMAC_DEBUG_MASK) > 1) hexdump_zxid((msg), (p), (lim), (max))
++#else 
+ #define HEXDUMP(msg, p, lim, max) if ((errmac_debug&ERRMAC_DEBUG_MASK) > 1) hexdump((msg), (p), (lim), (max))
++#endif
+ #define DHEXDUMP(msg, p, lim, max) /* Disabled hex dump */
+ 
+ #define DUMP_CORE() ASSERT(0)
+
diff --git a/security/zxid/files/patch-zxsig.c b/security/zxid/files/patch-zxsig.c
new file mode 100644
index 000000000000..613bc7239d83
--- /dev/null
+++ b/security/zxid/files/patch-zxsig.c
@@ -0,0 +1,69 @@
+--- zxsig.c.orig	2016-02-29 00:16:50 UTC
++++ zxsig.c
+@@ -887,8 +887,13 @@ int zx_report_openssl_err(const char* lo
+ #endif
+ 
+   D("%s: len=%d data(%.*s)", lk, len, len, data);
++#if __FreeBSD__
++  D("%s: data above %d", lk, hexdump_zxid("data: ", data, data+len, 4096));
++  D("%s: digest above %d", lk, hexdump_zxid("digest: ", mdbuf, mdbuf+mdlen, 64));
++#else
+   D("%s: data above %d", lk, hexdump("data: ", data, data+len, 4096));
+   D("%s: digest above %d", lk, hexdump("digest: ", mdbuf, mdbuf+mdlen, 64));
++#endif
+ 
+   if (!priv_key) {
+     ERR(priv_key_missing_msg, geteuid(), getegid());
+@@ -906,7 +911,11 @@ int zx_report_openssl_err(const char* lo
+     if (RSA_sign(EVP_MD_type(evp_digest), mdbuf, mdlen, (unsigned char*)*sig, (unsigned int*)&len, rsa)) {
+       DD("data = %s, SHA1 sig = %s, siglen = %d", data, *sig, len);
+       D("RSA siglen = %d", len);
++#if __FreeBSD__
++      D("%s: sig above %d", lk, hexdump_zxid("sig: ", *sig, *sig+len, 1024));
++#else
+       D("%s: sig above %d", lk, hexdump("sig: ", *sig, *sig+len, 1024));
++#endif
+       return len;
+     }
+ #else
+@@ -1042,9 +1051,15 @@ int zxsig_verify_data(int len, char* dat
+   else if (!strcmp(mdalg, "SHA512")) { SHA512((unsigned char*)data, len, mdbuf); nid = NID_sha512; }
+   else { SHA1((unsigned char*)data, len, mdbuf); nid = NID_sha1; }
+ #endif
++#if __FreeBSD__
++  D("%s: vfy data len=%d above %d", lk, len, hexdump_zxid("data: ", data, data+len, 8192));
++  D("%s: vfy sig above %d",  lk, hexdump_zxid("sig: ",  sig,  sig+siglen, 8192));
++  D("%s: vfy md above %d", lk, hexdump_zxid("md: ", mdbuf, mdbuf+64, 64));
++#else
+   D("%s: vfy data len=%d above %d", lk, len, hexdump("data: ", data, data+len, 8192));
+   D("%s: vfy sig above %d",  lk, hexdump("sig: ",  sig,  sig+siglen, 8192));
+   D("%s: vfy md above %d", lk, hexdump("md: ", mdbuf, mdbuf+64, 64));
++#endif
+   
+   evp_pubk = X509_get_pubkey(cert);
+   if (!evp_pubk) {
+@@ -1080,7 +1095,11 @@ int zxsig_verify_data(int len, char* dat
+     if (!verdict) {
+       ERR("RSA signature verify in %s data failed. Perhaps you have bad or no certificate(%p) len=%d data=%p siglen=%d sig=%p", lk, cert, len, data, siglen, sig);
+       zx_report_openssl_err(lk);
++#if __FreeBSD__
++      D("RSA_vfy(%s) bad sig above %d",  lk, hexdump_zxid("sig: ",  sig,  sig+siglen, 4096));
++#else
+       D("RSA_vfy(%s) bad sig above %d",  lk, hexdump("sig: ",  sig,  sig+siglen, 4096));
++#endif
+       return ZXSIG_VFY_FAIL;
+     } else {
+       D("RSA verify OK %d", verdict);
+@@ -1115,7 +1134,11 @@ int zxsig_verify_data(int len, char* dat
+     if (!verdict) {
+       ERR("DSA signature verify in %s data failed. Perhaps you have bad or no certificate(%p) len=%d data=%p siglen=%d sig=%p", lk, cert, len, data, siglen, sig);
+       zx_report_openssl_err(lk);
++#if __FreeBSD__
++      D("DSA_vfy(%s) sig above %d",  lk, hexdump_zxid("sig: ",  sig,  sig+siglen, 4096));
++#else
+       D("DSA_vfy(%s) sig above %d",  lk, hexdump("sig: ",  sig,  sig+siglen, 4096));
++#endif
+       return ZXSIG_VFY_FAIL;
+     } else {
+       D("DSA verify OK %d", verdict);
+
diff --git a/security/zxid/files/patch-zxutil.c b/security/zxid/files/patch-zxutil.c
new file mode 100644
index 000000000000..26f9fc4b4759
--- /dev/null
+++ b/security/zxid/files/patch-zxutil.c
@@ -0,0 +1,21 @@
+--- zxutil.c.orig	2018-08-06 01:37:42 UTC
++++ zxutil.c
+@@ -681,7 +681,7 @@ linkrest:
+ /*() Output a hexdump to stderr. Used for debugging purposes. */
+ 
+ /* Called by: */
+-int hexdump(const char* msg, const void* data, const void* lim, int max)
++int hexdump_zxid(const char* msg, const void* data, const void* lim, int max)
+ {
+   int i;
+   const char* p = (const char*)data;
+@@ -720,7 +720,7 @@ int hexdump(const char* msg, const void*
+ 
+ /* Called by:  zx_get_symkey, zx_raw_cipher2 x4, zxbus_verify_receipt x2, zxsig_validate x19 */
+ int hexdmp(const char* msg, const void* p, int len, int max) {
+-  return hexdump(msg, p, p+len, max);
++  return hexdump_zxid(msg, p, p+len, max);
+ }
+ 
+ /*
+