head	1.5;
access;
symbols
	pkgsrc-2018Q3:1.3.0.4
	pkgsrc-2018Q3-base:1.3
	pkgsrc-2018Q2:1.3.0.2
	pkgsrc-2018Q2-base:1.3
	pkgsrc-2018Q1:1.1.0.8
	pkgsrc-2018Q1-base:1.1
	pkgsrc-2017Q4:1.1.0.6
	pkgsrc-2017Q4-base:1.1
	pkgsrc-2017Q3:1.1.0.4
	pkgsrc-2017Q3-base:1.1;
locks; strict;
comment	@// @;


1.5
date	2018.12.29.19.03.39;	author wiz;	state dead;
branches;
next	1.4;
commitid	0rJs6Me1E3Xm9J5B;

1.4
date	2018.12.16.22.19.25;	author nia;	state Exp;
branches;
next	1.3;
commitid	JVn5YsRayln3E44B;

1.3
date	2018.04.30.06.50.58;	author ryoon;	state Exp;
branches;
next	1.2;
commitid	XG72rGh1t9hiUqAA;

1.2
date	2018.04.30.05.25.24;	author ryoon;	state Exp;
branches;
next	1.1;
commitid	D2tgEQOGDYBVqqAA;

1.1
date	2017.09.23.15.30.01;	author joerg;	state Exp;
branches;
next	;
commitid	s4NPfEhydkhlOk8A;


desc
@@


1.5
log
@xml-security: remove patches that are not in distinfo
@
text
@@


1.4
log
@xml-security-c: Update to 2.0.2. Patch from maya.

Changes:

2.0.0:

Bug

    [SANTUARIO-496] - DSA verification crashes OpenSSL on invalid combinations of key content

2.0.1:

Bug

    [SANTUARIO-491] - Default KeyInfo resolver doesn't check for empty element content.

2.0.0:

Bug

    [SANTUARIO-382] - Unconditionally enable large file support
    [SANTUARIO-418] - Invalid acceptance of unpadded RSA signatures
    [SANTUARIO-435] - Automake misses the subdir-objects option
    [SANTUARIO-437] - Cannot compile as C++11
    [SANTUARIO-447] - XSECCryptoX509::loadX509PEM() can read past unterminated buffer
    [SANTUARIO-449] - TXFMOutputFile can try to close unopened stream
    [SANTUARIO-470] - dsig/DSIGReference.cpp:931: bad type ?
    [SANTUARIO-471] - Patch for C++11 compile failures
    [SANTUARIO-473] - Build failure using NSS
    [SANTUARIO-474] - Better overflow checking
    [SANTUARIO-479] - xml-security-cpp compilation errors

Improvement

    [SANTUARIO-460] - Support for OpenSSL 1.1
    [SANTUARIO-461] - Internal key store should be deleted on any CryptoAcquireContext() error
    [SANTUARIO-472] - Conditional inclusion of XMKS code in library
    [SANTUARIO-476] - Change default behavior for inferring attribute IDness by name
@
text
@@


1.3
log
@Revert previous security/openssl is 1.0

Pointed by wiz@@, thank you.
@
text
@a0 15
$NetBSD: patch-xsec_tools_checksig_InteropResolver.cpp,v 1.1 2017/09/23 15:30:01 joerg Exp $

false is a bad pointer value.

--- xsec/tools/checksig/InteropResolver.cpp.orig	2017-09-23 12:23:36.663288313 +0000
+++ xsec/tools/checksig/InteropResolver.cpp
@@@@ -645,7 +645,7 @@@@ XSECCryptoKey * InteropResolver::resolve
 
 	}
 
-	return false;
+	return NULL;
 
 }
 
@


1.2
log
@Fix build with OpenSSL 1.1

* From Fedora's xml-security-c-1.7.3_openssl1.1.patch
* Use OpenSSL 1.1 with BUILDLINK_API_DEPENDS
@
text
@d5 1
a5 1
--- xsec/tools/checksig/InteropResolver.cpp.orig	2018-04-10 03:53:05.001719015 +0000
d7 1
a7 47
@@@@ -318,7 +318,7 @@@@ bool InteropResolver::checkMatch(DSIGKey
 				char * cserial = XMLString::transcode(serial);
 				char * xserial;
 
-				BIGNUM * bnserial = ASN1_INTEGER_to_BN(x->cert_info->serialNumber, NULL);
+				BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL);
 				xserial = BN_bn2dec(bnserial);
 				BN_free(bnserial);
 
@@@@ -360,8 +360,7 @@@@ bool InteropResolver::checkMatch(DSIGKey
 				if (xlen != 0) {
 
 					// Have a buffer with a number in it
-					STACK_OF(X509_EXTENSION) *exts;
-					exts = x->cert_info->extensions;
+					const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(x);
 
 					if (exts != NULL) {
 
@@@@ -379,8 +378,8 @@@@ bool InteropResolver::checkMatch(DSIGKey
 							memcpy(&octxski[2], xski, xlen);
 							
 							ext = sk_X509_EXTENSION_value(exts,extn);
-							ASN1_OCTET_STRING *skid = ext->value;
-							ASN1_OCTET_STRING * xskid = M_ASN1_OCTET_STRING_new();
+							ASN1_OCTET_STRING *skid = X509_EXTENSION_get_data(ext);
+							ASN1_OCTET_STRING * xskid = ASN1_OCTET_STRING_new();
 							ASN1_STRING_set(xskid, octxski, xlen+2);
 							
 							if (ASN1_OCTET_STRING_cmp(xskid, skid) == 0) {
@@@@ -602,12 +601,12 @@@@ XSECCryptoKey * InteropResolver::resolve
 		// Now check if the cert is in the CRL (code lifted from OpenSSL x509_vfy.c
 
         int idx;
-        X509_REVOKED rtmp;
+        X509_REVOKED *rtmp = X509_REVOKED_new();
 
         /* Look for serial number of certificate in CRL */
         
-		rtmp.serialNumber = X509_get_serialNumber(x);
-        idx = sk_X509_REVOKED_find(c->crl->revoked, &rtmp);
+		X509_REVOKED_set_serialNumber(rtmp, X509_get_serialNumber(x));
+        idx = sk_X509_REVOKED_find(X509_CRL_get_REVOKED(c), rtmp);
         
 		/* Not found: OK */
         
@@@@ -645,7 +644,7 @@@@ XSECCryptoKey * InteropResolver::resolve
@


1.1
log
@Do not use false as pointer.
@
text
@d1 1
a1 1
$NetBSD$
d5 1
a5 1
--- xsec/tools/checksig/InteropResolver.cpp.orig	2017-09-23 12:23:36.663288313 +0000
d7 47
a53 1
@@@@ -645,7 +645,7 @@@@ XSECCryptoKey * InteropResolver::resolve
@