Update to libdigidocpp 3.14.10

Trade all local patches for their rebases PRs. Old/current qdigidoc4 keeps working against new libdigidocpp.
2022-07-21 14:34:44 +00:00 · 2022-07-21 14:34:44 +00:00 · b7e9b666b8
commit b7e9b666b8
parent b74f154ad9
10 changed files with 23 additions and 195 deletions
--- a/security/libdigidocpp/Makefile
+++ b/security/libdigidocpp/Makefile
@ -1,8 +1,7 @@
 COMMENT =		library for creating DigiDoc signature files

-V =			3.14.8
+V =			3.14.10
 DISTNAME =		libdigidocpp-${V}
-REVISION =		2
 CATEGORIES =		security

 SHARED_LIBS =		digidocpp	0.0	# 0.0
@ -16,12 +15,23 @@ PERMIT_PACKAGE =	Yes
 HOMEPAGE =		https://www.id.ee/
 MASTER_SITES =		https://github.com/open-eid/libdigidocpp/releases/download/v${V}/

+DIST_SUBDIR =		libdigidocpp
+MASTER_SITES0 =		https://github.com/open-eid/libdigidocpp/
+# merged but after 3.14.10 release
+PATCHFILES +=		pkcs11-path-{pull/}473.patch:0
+# still pending (but approved)
+PATCHFILES +=		iconv-{pull/}470.patch:0
+PATCHFILES +=		libressl-{pull/}482.patch:0
+PATCHFILES +=		minizip--{pull/}485.patch:0
+
+PATCH_DIST_STRIP =	-p1
+
 # ${WRKSRC}/etc/schema/.../*.xsd.orig
 PATCHORIG =		.pat.orig

 MAINTAINER =		Klemens Nanni <kn@openbsd.org>

-# C++11
+# -std=gnu++17
 COMPILER =		base-clang ports-gcc

 WANTLIB +=		${COMPILER_LIBCXX} c crypto iconv m ssl xalan-c
--- a/security/libdigidocpp/distinfo
+++ b/security/libdigidocpp/distinfo
@ -1,2 +1,10 @@
-SHA256 (libdigidocpp-3.14.8.tar.gz) = U5i5IAyJF4359q6M6mQemEuG7+inPYIXqLy8GHv4dkg=
-SIZE (libdigidocpp-3.14.8.tar.gz) = 2666986
+SHA256 (libdigidocpp/iconv-470.patch) = YIu3H8XFJWCBFiqQG5bBNBthU9ckH//gq6g8545VzJ8=
+SHA256 (libdigidocpp/libdigidocpp-3.14.10.tar.gz) = n/+R4ho1Qcft3YSKE12oxZjbFHAsUDwoLFNuk5GXf5c=
+SHA256 (libdigidocpp/libressl-482.patch) = BQigiPPdBJAnAiUJPIdWGtbBs3gh9h1IMplrlMrz/gw=
+SHA256 (libdigidocpp/minizip--485.patch) = 4JE5m3IVBwCd6HQmLrp9N6GmGzvggwNpHSMEXMF0AdA=
+SHA256 (libdigidocpp/pkcs11-path-473.patch) = GdZIdn9fzQ7ajOYFjhqUPCqXIZpj7HCM0VARamzVieY=
+SIZE (libdigidocpp/iconv-470.patch) = 1406
+SIZE (libdigidocpp/libdigidocpp-3.14.10.tar.gz) = 2653851
+SIZE (libdigidocpp/libressl-482.patch) = 7492
+SIZE (libdigidocpp/minizip--485.patch) = 2006
+SIZE (libdigidocpp/pkcs11-path-473.patch) = 1360
--- a/security/libdigidocpp/patches/patch-CMakeLists_txt
+++ b/security/libdigidocpp/patches/patch-CMakeLists_txt
@ -1,23 +0,0 @@
- Use bundled zlib minizip instead of incompatible minizip-ng from ports
-  https://github.com/open-eid/libdigidocpp/pull/485
- Require iconv for libdigidocpp
-  https://github.com/open-eid/libdigidocpp/pull/470
-
-Index: CMakeLists.txt
--- CMakeLists.txt.orig
-+++ CMakeLists.txt
-@@ -51,11 +51,12 @@ find_package(Threads)
- find_package(XmlSecurityC REQUIRED)
- find_package(XSD 4.0 REQUIRED)
- find_package(ZLIB REQUIRED)
-find_package(MiniZip QUIET)
-+find_package(MiniZip 0...<2.0.0 QUIET)
- if(UNIX AND NOT APPLE)
-     find_package(PkgConfig)
-    pkg_check_modules(MINIZIP minizip IMPORTED_TARGET)
-+    pkg_check_modules(MINIZIP minizip IMPORTED_TARGET minizip<2.0.0)
- endif()
-+find_package(Iconv REQUIRED)
- find_package(SWIG)
- find_package(JNI)
- 
--- a/security/libdigidocpp/patches/patch-src_CMakeLists_txt
+++ b/security/libdigidocpp/patches/patch-src_CMakeLists_txt
@ -1,19 +0,0 @@
-Link digidocpp against iconv to unbreak src/digidoc-tool and tests/TSLTests
-build:
-
-	ld: error: undefined symbol: libiconv_open
-
-https://github.com/open-eid/libdigidocpp/pull/470
-
-Index: src/CMakeLists.txt
--- src/CMakeLists.txt.orig
-+++ src/CMakeLists.txt
-@@ -227,7 +227,7 @@ set_target_properties(digidocpp PROPERTIES
- 
- target_link_libraries(digidocpp
-     PRIVATE ${CMAKE_DL_LIBS} minizip
-    PUBLIC digidocpp_priv
-+    PUBLIC digidocpp_priv Iconv::Iconv
- )
- 
- if( BUILD_TOOLS )
--- a/security/libdigidocpp/patches/patch-src_crypto_Digest_cpp
+++ b/security/libdigidocpp/patches/patch-src_crypto_Digest_cpp
@ -1,32 +0,0 @@
-LibreSSL doesn't support sha3.
-
-Index: src/crypto/Digest.cpp
--- src/crypto/Digest.cpp.orig
-+++ src/crypto/Digest.cpp
-@@ -128,7 +128,7 @@ void Digest::reset(const string &uri)
-     case NID_sha256: result = EVP_DigestInit(d->ctx, EVP_sha256()); break;
-     case NID_sha384: result = EVP_DigestInit(d->ctx, EVP_sha384()); break;
-     case NID_sha512: result = EVP_DigestInit(d->ctx, EVP_sha512()); break;
-#if OPENSSL_VERSION_NUMBER > 0x10101000L
-+#if OPENSSL_VERSION_NUMBER > 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
-     case NID_sha3_224: result = EVP_DigestInit(d->ctx, EVP_sha3_224()); break;
-     case NID_sha3_256: result = EVP_DigestInit(d->ctx, EVP_sha3_256()); break;
-     case NID_sha3_384: result = EVP_DigestInit(d->ctx, EVP_sha3_384()); break;
-@@ -167,7 +167,7 @@ int Digest::toMethod(const string &uri)
-     if(uri == URI_SHA256 || uri == URI_RSA_SHA256 || uri == URI_RSA_PSS_SHA256 || uri == URI_ECDSA_SHA256) return NID_sha256;
-     if(uri == URI_SHA384 || uri == URI_RSA_SHA384 || uri == URI_RSA_PSS_SHA384 || uri == URI_ECDSA_SHA384) return NID_sha384;
-     if(uri == URI_SHA512 || uri == URI_RSA_SHA512 || uri == URI_RSA_PSS_SHA512 || uri == URI_ECDSA_SHA512) return NID_sha512;
-#if OPENSSL_VERSION_NUMBER > 0x10101000L
-+#if OPENSSL_VERSION_NUMBER > 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
-     if(uri == URI_SHA3_224 || uri == URI_RSA_PSS_SHA3_224) return NID_sha3_224;
-     if(uri == URI_SHA3_256 || uri == URI_RSA_PSS_SHA3_256) return NID_sha3_256;
-     if(uri == URI_SHA3_384 || uri == URI_RSA_PSS_SHA3_384) return NID_sha3_384;
-@@ -238,7 +238,7 @@ std::string Digest::toUri(int nid)
-     case NID_sha256: return URI_SHA256;
-     case NID_sha384: return URI_SHA384;
-     case NID_sha512: return URI_SHA512;
-#if OPENSSL_VERSION_NUMBER > 0x10101000L
-+#if OPENSSL_VERSION_NUMBER > 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
-     case NID_sha3_224: return URI_SHA3_224;
-     case NID_sha3_256: return URI_SHA3_256;
-     case NID_sha3_384: return URI_SHA3_384;
--- a/security/libdigidocpp/patches/patch-src_crypto_OpenSSLHelpers_h
+++ b/security/libdigidocpp/patches/patch-src_crypto_OpenSSLHelpers_h
@ -1,18 +0,0 @@
-LibreSSL doesn't have BIO_ADDR support, so this exception cannot be hit.
-
-Index: src/crypto/OpenSSLHelpers.h
--- src/crypto/OpenSSLHelpers.h.orig
-+++ src/crypto/OpenSSLHelpers.h
-@@ -118,10 +118,12 @@ class OpenSSLException : public Exception
-             while((error = ERR_get_error()) != 0)
-             {
-                 Exception e(ERR_lib_error_string(error), 0, ERR_error_string(error, nullptr));
-+#ifndef LIBRESSL_VERSION_NUMBER
-                 if(ERR_GET_LIB(error) == ERR_R_BIO_LIB &&
-                     ERR_GET_FUNC(error) == BIO_F_BIO_LOOKUP_EX &&
-                     ERR_GET_REASON(error) == ERR_R_SYS_LIB)
-                     e.setCode(ExceptionCode::HostNotFound);
-+#endif
-                 addCause(e);
-             }
-         }
--- a/security/libdigidocpp/patches/patch-src_crypto_TS_cpp
+++ b/security/libdigidocpp/patches/patch-src_crypto_TS_cpp
@ -1,55 +0,0 @@
-Provide OPENSSL_memdup() and TS accessors for LibreSSL
-
-"Upgrade openssl 1.1.1m and fix crash with new openssl version (#453)"
-https://github.com/open-eid/libdigidocpp/commit/42a8cfd
-
-Index: src/crypto/TS.cpp
--- src/crypto/TS.cpp.orig
-+++ src/crypto/TS.cpp
-@@ -40,7 +40,22 @@
- using namespace digidoc;
- using namespace std;
- 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if defined(LIBRESSL_VERSION_NUMBER)
-+void *OPENSSL_memdup(const void *data, size_t size)
-+{
-+	void *copy;
-+
-+	if (data == NULL || size >= INT_MAX)
-+		return NULL;
-+
-+	if ((copy = malloc(size)) == NULL)
-+		return NULL;
-+
-+	return memcpy(copy, data, size);
-+}
-+#endif
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- static void TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f)
- {
-     ctx->flags = unsigned(f);
-@@ -48,6 +63,7 @@ static void TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx
- 
- static void TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, unsigned char *hexstr, long len)
- {
-+    OPENSSL_free(ctx->imprint);
-     ctx->imprint = hexstr;
-     ctx->imprint_len = unsigned(len);
- }
-@@ -257,11 +273,10 @@ void TS::verify(const Digest &digest)
-     {
-         SCOPE(TS_VERIFY_CTX, ctx, TS_VERIFY_CTX_new());
-         TS_VERIFY_CTX_set_flags(ctx.get(), TS_VFY_IMPRINT|TS_VFY_VERSION|TS_VFY_SIGNATURE);
-        TS_VERIFY_CTX_set_imprint(ctx.get(), data.data(), long(data.size()));
-+        TS_VERIFY_CTX_set_imprint(ctx.get(),
-+            (unsigned char*)OPENSSL_memdup(data.data(), data.size()), long(data.size()));
-         TS_VERIFY_CTX_set_store(ctx.get(), store.release());
-        int err = TS_RESP_verify_token(ctx.get(), d.get());
-        TS_VERIFY_CTX_set_imprint(ctx.get(), nullptr, 0); //Avoid CRYPTO_free
-        if(err != 1)
-+        if(TS_RESP_verify_token(ctx.get(), d.get()) != 1)
-         {
-             unsigned long err = ERR_get_error();
-             if(ERR_GET_LIB(err) == ERR_LIB_TS && ERR_GET_REASON(err) == TS_R_CERTIFICATE_VERIFY_ERROR)
--- a/security/libdigidocpp/patches/patch-src_crypto_X509Cert_cpp
+++ b/security/libdigidocpp/patches/patch-src_crypto_X509Cert_cpp
@ -1,14 +0,0 @@
-Use old-style STACK_OF stuff for LibreSSL
-
-Index: src/crypto/X509Cert.cpp
--- src/crypto/X509Cert.cpp.orig
-+++ src/crypto/X509Cert.cpp
-@@ -86,7 +86,7 @@ DECLARE_ASN1_FUNCTIONS(QCStatement)
-  * QCStatements ::= SEQUENCE OF QCStatement
-  */
- using QCStatements = STACK_OF(QCStatement);
-#if OPENSSL_VERSION_NUMBER < 0x10010000L
-+#if OPENSSL_VERSION_NUMBER < 0x10010000L || defined(LIBRESSL_VERSION_NUMBER)
- #include <openssl/safestack.h>
- #define sk_QCStatement_num(st) sk_num((_STACK*)st)
- #define sk_QCStatement_value(st, i) (QCStatement*)sk_value((_STACK*)st, i)
--- a/security/libdigidocpp/patches/patch-src_crypto_X509Crypto_cpp
+++ b/security/libdigidocpp/patches/patch-src_crypto_X509Crypto_cpp
@ -1,14 +0,0 @@
-LibreSSL provides d2i_ESS_ISSUER_SERIAL()
-
-Index: src/crypto/X509Crypto.cpp
--- src/crypto/X509Crypto.cpp.orig
-+++ src/crypto/X509Crypto.cpp
-@@ -37,7 +37,7 @@
- using namespace digidoc;
- using namespace std;
- 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- /*-
-  * IssuerSerial ::= SEQUENCE {
-  *         issuer                   GeneralNames,
--- a/security/libdigidocpp/patches/patch-src_digidoc-tool_1_cmake
+++ b/security/libdigidocpp/patches/patch-src_digidoc-tool_1_cmake
@ -1,15 +0,0 @@
-Set correct OpenSC PKCS11 module path
-https://github.com/open-eid/libdigidocpp/pull/473
-
-Index: src/digidoc-tool.1.cmake
--- src/digidoc-tool.1.cmake.orig
-+++ src/digidoc-tool.1.cmake
-@@ -55,7 +55,7 @@ Command sign:
-     --postalCode=  - postalCode of production place
-     --country=     - country of production place
-     --role=        - option can occur multiple times. Signer role(s)
-    --pkcs11[=]    - default is /Library/OpenSC/lib/opensc-pkcs11.so. Path of PKCS11 driver.
-+    --pkcs11[=]    - default is ${PKCS11_MODULE}. Path of PKCS11 driver.
-     --pkcs12=      - pkcs12 signer certificate (use --pin for password)
-     --pin=         - default asks pin from prompt
-     --sha(224,256,384,512) - set default digest method (default sha256)