<pre style='margin:0'>
Leonardo Brondani Schenkel (lbschenkel) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/e552d6542810cd9aa79f1b4b0a29401a5adaa61e">https://github.com/macports/macports-ports/commit/e552d6542810cd9aa79f1b4b0a29401a5adaa61e</a></p>
<pre style="white-space: pre; background: #F8F8F8"><span style='display:block; white-space:pre;color:#808000;'>commit e552d6542810cd9aa79f1b4b0a29401a5adaa61e
</span>Author: Leonardo Brondani Schenkel <lbschenkel@macports.org>
AuthorDate: Mon Aug 13 14:24:17 2018 +0200
<span style='display:block; white-space:pre;color:#404040;'> yubico-piv-tool: update to 1.6.0
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> Drop LibreSSL patches, they have been incorporated upstream.
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> Fixes: https://www.yubico.com/support/security-advisories/ysa-2018-03/
</span><span style='display:block; white-space:pre;color:#404040;'> See: https://github.com/Yubico/yubico-piv-tool/pull/135
</span>---
security/yubico-piv-tool/Portfile | 10 +-
security/yubico-piv-tool/files/patch-libressl.diff | 132 ---------------------
2 files changed, 4 insertions(+), 138 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/security/yubico-piv-tool/Portfile b/security/yubico-piv-tool/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 066b2b3..320d2a3 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/security/yubico-piv-tool/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/security/yubico-piv-tool/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -3,7 +3,7 @@
</span> PortSystem 1.0
PortGroup github 1.0
<span style='display:block; white-space:pre;background:#ffe0e0;'>-github.setup Yubico yubico-piv-tool 1.5.0 yubico-piv-tool-
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+github.setup Yubico yubico-piv-tool 1.6.0 yubico-piv-tool-
</span> categories security
platforms darwin
license BSD
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -18,15 +18,13 @@ long_description \
</span> A shared library and a command-line tool is included.
homepage https://developers.yubico.com/yubico-piv-tool
<span style='display:block; white-space:pre;background:#ffe0e0;'>-checksums rmd160 f8fa09980d0f30016daf3a8a906a598844f229f0 \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sha256 e4dcfa3110bb28a0ddbfb313716a9eae8f70fdcb0c4e2c0c37ba98dfd4359136
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+checksums rmd160 84e9f69658128c8088f03bc839f0ce9bfe2959d8 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sha256 52c82ed08c6f640727ed459df4344d23f2525beaddfb455619caa341b18d3663 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ size 182647
</span>
depends_build port:check port:gengetopt port:help2man port:pkgconfig
depends_lib path:lib/libssl.dylib:openssl
<span style='display:block; white-space:pre;background:#ffe0e0;'>-patchfiles patch-libressl.diff
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-patch.pre_args -p1
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span> use_autoreconf yes
post-destroot {
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/security/yubico-piv-tool/files/patch-libressl.diff b/security/yubico-piv-tool/files/patch-libressl.diff
</span>deleted file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 8d35229..0000000
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/security/yubico-piv-tool/files/patch-libressl.diff
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,132 +0,0 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-diff --git a/tool/openssl-compat.c b/tool/openssl-compat.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-index a51af90..bb37dfc 100644
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/tool/openssl-compat.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/tool/openssl-compat.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -8,7 +8,7 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include "openssl-compat.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#if OPENSSL_VERSION_NUMBER < 0x10100000L
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include <string.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include <openssl/engine.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -80,4 +80,4 @@ void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- *pdigest = sig->digest;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#endif /* OPENSSL_VERSION_NUMBER */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* OPENSSL_VERSION_NUMBER || LIBRESSL_VERSION_NUMBER */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-diff --git a/tool/openssl-compat.h b/tool/openssl-compat.h
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-index 3700bea..bd1967b 100644
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/tool/openssl-compat.h
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/tool/openssl-compat.h
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -13,7 +13,7 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #ifndef _WINDOWS
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include <openssl/opensslv.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#if OPENSSL_VERSION_NUMBER < 0x10100000L
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include <openssl/rsa.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include <openssl/dsa.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -33,5 +33,5 @@ void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ASN1_OCTET_STRING **pdigest);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #endif /* _WINDOWS */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#endif /* OPENSSL_VERSION_NUMBER */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* OPENSSL_VERSION_NUMBER || LIBRESSL_VERSION_NUMBER */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #endif /* LIBCRYPTO_COMPAT_H */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-index 89daa79..c8b3b84 100644
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/tool/yubico-piv-tool.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/tool/yubico-piv-tool.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -124,7 +124,7 @@ static bool sign_data(ykpiv_state *state, const unsigned char *in, size_t len, u
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- return false;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if !((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- static int ec_key_ex_data_idx = -1;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- struct internal_key {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -688,7 +688,7 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- goto request_out;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#if OPENSSL_VERSION_NUMBER < 0x10100000L
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- memcpy(digest, oid, oid_len);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- /* XXX: this should probably use X509_REQ_digest() but that's buggy */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if(!ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ_INFO), md, req->req_info,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -751,7 +751,7 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- EVP_PKEY_free(public_key);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if(req) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#if OPENSSL_VERSION_NUMBER < 0x10100000L
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if(req->sig_alg->parameter) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- req->sig_alg->parameter = NULL;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -884,7 +884,7 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if(nid == 0) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- goto selfsign_out;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#if OPENSSL_VERSION_NUMBER < 0x10100000L
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if(YKPIV_IS_RSA(algorithm)) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- signinput = digest;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- len = oid_len + md_len;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -941,7 +941,7 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- fclose(output_file);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if(x509) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#if OPENSSL_VERSION_NUMBER < 0x10100000L
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if(x509->sig_alg->parameter) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- x509->sig_alg->parameter = NULL;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- x509->cert_info->signature->parameter = NULL;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-diff --git a/ykcs11/openssl_utils.c b/ykcs11/openssl_utils.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-index 68fb29a..5a7f85d 100644
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/ykcs11/openssl_utils.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/ykcs11/openssl_utils.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -165,7 +165,7 @@ CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- X509_set_notBefore(cert, tm);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- X509_set_notAfter(cert, tm);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#if OPENSSL_VERSION_NUMBER < 10100000L
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- // Manually set the signature algorithms.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- // OpenSSL 1.0.1i complains about empty DER fields
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- // 8 => md5WithRsaEncryption
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-diff --git a/ykcs11/tests/ykcs11_tests.c b/ykcs11/tests/ykcs11_tests.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-index 9fb51da..257c938 100644
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/ykcs11/tests/ykcs11_tests.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/ykcs11/tests/ykcs11_tests.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -274,7 +274,7 @@ static void test_login() {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if !((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- static int bogus_sign(int dtype, const unsigned char *m, unsigned int m_length,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- unsigned char *sigret, unsigned int *siglen, const RSA *rsa) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sigret = malloc(1);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -385,7 +385,7 @@ static void test_import_and_sign_all_10() {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- X509_set_notBefore(cert, tm);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- X509_set_notAfter(cert, tm);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#if OPENSSL_VERSION_NUMBER < 0x10100000L
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- cert->sig_alg->algorithm = OBJ_nid2obj(8);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -583,7 +583,7 @@ static void test_import_and_sign_all_10_RSA() {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- X509_set_notBefore(cert, tm);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- X509_set_notAfter(cert, tm);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#if OPENSSL_VERSION_NUMBER < 0x10100000L
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- /* putting bogus data to signature to make some checks happy */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- cert->sig_alg->algorithm = OBJ_nid2obj(8);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
</span></pre><pre style='margin:0'>
</pre>