Date: Fri, 30 Jun 2023 07:18:17 GMT From: Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 83ba0544367a - main - security/iddawc: Update to 1.1.8 Message-ID: <202306300718.35U7IHfp064817@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by sunpoet: URL: https://cgit.FreeBSD.org/ports/commit/?id=83ba0544367a7e14d321cbd8cc8f6902f16e285b commit 83ba0544367a7e14d321cbd8cc8f6902f16e285b Author: Po-Chuan Hsieh <sunpoet@FreeBSD.org> AuthorDate: 2023-06-30 07:02:11 +0000 Commit: Po-Chuan Hsieh <sunpoet@FreeBSD.org> CommitDate: 2023-06-30 07:02:11 +0000 security/iddawc: Update to 1.1.8 - Update WWW - Update version requirement of BUILD_DEPENDS - Use USES=pathfix to fix .pc installation - Use complete arguments/options - Update pkg-descr - Take maintainership Changes: https://github.com/babelouest/iddawc/releases --- security/iddawc/Makefile | 33 +++++++++++++++++++------------- security/iddawc/distinfo | 6 +++--- security/iddawc/files/patch-src-iddawc.c | 29 ++++++++++++++++++++++++++++ security/iddawc/pkg-descr | 31 ++++++++++++++++++++---------- security/iddawc/pkg-plist | 3 ++- 5 files changed, 75 insertions(+), 27 deletions(-) diff --git a/security/iddawc/Makefile b/security/iddawc/Makefile index 9ce0e8c5aafb..e804d6848735 100644 --- a/security/iddawc/Makefile +++ b/security/iddawc/Makefile @@ -1,34 +1,41 @@ PORTNAME= iddawc +PORTVERSION= 1.1.8 DISTVERSIONPREFIX= v -DISTVERSION= 1.1.7 CATEGORIES= security MAINTAINER= ports@FreeBSD.org COMMENT= OAuth2/OIDC Client and Relying Party library -WWW= https://github.com/babelouest/iddawc +WWW= https://babelouest.github.io/iddawc/ \ + https://github.com/babelouest/iddawc LICENSE= LGPL21 LICENSE_FILE= ${WRKSRC}/LICENSE -BUILD_DEPENDS= yder>1.4.14:devel/yder \ - orcania>2.2.1:devel/orcania \ - gnutls>0:security/gnutls +BUILD_DEPENDS= jansson>=2.11:devel/jansson \ + orcania>=2.3.2:devel/orcania \ + rhonabwy>=1.1.10:security/rhonabwy \ + ulfius>=2.7.12:www/ulfius \ + yder>=1.4.14:devel/yder LIB_DEPENDS= libcurl.so:ftp/curl \ - libjansson.so:devel/jansson \ libgnutls.so:security/gnutls \ - liborcania.so:devel/orcania \ - libyder.so:devel/yder \ + libjansson.so:devel/jansson \ libmicrohttpd.so:www/libmicrohttpd \ + liborcania.so:devel/orcania \ librhonabwy.so:security/rhonabwy \ - libulfius.so:www/ulfius + libulfius.so:www/ulfius \ + libyder.so:devel/yder -USES= cmake +USES= cmake pathfix + +CMAKE_OFF= BUILD_IDDAWC_DOCUMENTATION BUILD_IDDAWC_TESTING BUILD_RPM DOWNLOAD_DEPENDENCIES +CMAKE_ON= BUILD_IDWCC BUILD_STATIC INSTALL_HEADER SEARCH_ORCANIA_I SEARCH_RHONABWY_I SEARCH_ULFIUS_I SEARCH_YDER_I + +PLIST_SUB= PORTVERSION=${PORTVERSION} USE_GITHUB= yes GH_ACCOUNT= babelouest -CMAKE_ARGS= -DWITH_JOURNALD=off - -PLIST_SUB= DISTVERSION=${DISTVERSION} +post-install: + ${INSTALL_DATA} ${INSTALL_WRKSRC}/libiddawc.a ${STAGEDIR}${PREFIX}/lib/libiddawc.a .include <bsd.port.mk> diff --git a/security/iddawc/distinfo b/security/iddawc/distinfo index e9ecd625204f..1b99a83fccd6 100644 --- a/security/iddawc/distinfo +++ b/security/iddawc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1670088803 -SHA256 (babelouest-iddawc-v1.1.7_GH0.tar.gz) = 7dd6cc28cd3e25bce590aab7a4f7603c1e57ad882546a622af9e77f584845ab0 -SIZE (babelouest-iddawc-v1.1.7_GH0.tar.gz) = 1488869 +TIMESTAMP = 1686496690 +SHA256 (babelouest-iddawc-v1.1.8_GH0.tar.gz) = 1e075ffd64b26ab042b571473d4be6d6fcfc11f348b4833c79af52d70573dc59 +SIZE (babelouest-iddawc-v1.1.8_GH0.tar.gz) = 1463208 diff --git a/security/iddawc/files/patch-src-iddawc.c b/security/iddawc/files/patch-src-iddawc.c new file mode 100644 index 000000000000..8841b26e2c51 --- /dev/null +++ b/security/iddawc/files/patch-src-iddawc.c @@ -0,0 +1,29 @@ +--- src/iddawc.c.orig 2022-12-17 21:23:54 UTC ++++ src/iddawc.c +@@ -4972,7 +4972,7 @@ int i_verify_id_token(struct _i_session * i_session) { + if (alg != GNUTLS_DIG_UNKNOWN) { + hash_data.data = (unsigned char*)i_session->access_token; + hash_data.size = (unsigned int)o_strlen(i_session->access_token); +- if (gnutls_fingerprint(alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { ++ if (gnutls_fingerprint((gnutls_digest_algorithm_t) alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { + if (o_base64url_encode(hash, hash_len/2, hash_encoded, &hash_encoded_len)) { + if (o_strncmp((const char *)hash_encoded, json_string_value(json_object_get(i_session->id_token_payload, "at_hash")), hash_encoded_len) != 0) { + y_log_message(Y_LOG_LEVEL_DEBUG, "i_verify_id_token at - at_hash invalid"); +@@ -5000,7 +5000,7 @@ int i_verify_id_token(struct _i_session * i_session) { + if (alg != GNUTLS_DIG_UNKNOWN) { + hash_data.data = (unsigned char*)i_session->code; + hash_data.size = (unsigned int)o_strlen(i_session->code); +- if (gnutls_fingerprint(alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { ++ if (gnutls_fingerprint((gnutls_digest_algorithm_t) alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { + if (o_base64url_encode(hash, hash_len/2, hash_encoded, &hash_encoded_len)) { + if (o_strncmp((const char *)hash_encoded, json_string_value(json_object_get(i_session->id_token_payload, "c_hash")), hash_encoded_len) != 0) { + y_log_message(Y_LOG_LEVEL_DEBUG, "i_verify_id_token - c_hash invalid"); +@@ -5028,7 +5028,7 @@ int i_verify_id_token(struct _i_session * i_session) { + if (alg != GNUTLS_DIG_UNKNOWN) { + hash_data.data = (unsigned char*)i_session->state; + hash_data.size = (unsigned int)o_strlen(i_session->state); +- if (gnutls_fingerprint(alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { ++ if (gnutls_fingerprint((gnutls_digest_algorithm_t) alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { + if (o_base64url_encode(hash, hash_len/2, hash_encoded, &hash_encoded_len)) { + if (o_strncmp((const char *)hash_encoded, json_string_value(json_object_get(i_session->id_token_payload, "s_hash")), hash_encoded_len) != 0) { + y_log_message(Y_LOG_LEVEL_DEBUG, "i_verify_id_token - s_hash invalid"); diff --git a/security/iddawc/pkg-descr b/security/iddawc/pkg-descr index f64f0a718fed..01bcbdcd4420 100644 --- a/security/iddawc/pkg-descr +++ b/security/iddawc/pkg-descr @@ -1,12 +1,23 @@ -Handles the OAuth2 and OpenID Connect authentication process flow from the -client side. +Iddawc is a C library used to implement OAuth2/OIDC clients according to the +OAuth2 RFC and the OpenID Connect Specs. -* Generates requests based on input parameters -* Parses response -* Validates response values +It's based on Ulfius library for the HTTP requests and response management and +Rhonabwy library for the JOSE management. -Supported response_types: code, token, id_token, password, client_credentials, -refresh_token, device_code - -Supported client authentication methods: client_secret_basic, -client_secret_post, client_secret_jwt, private_key_jwt +Iddawc supports the following features: +- Loading openid-configuration endpoints and parsing the results +- Making auth requests using the given parameters (client_id, client_secret, + redirect_uri, etc.) and parsing the result +- Making token requests using the given parameters (code, client_id, + client_secret, redirect_uri, etc.) and parsing the result +- Making userinfo, token introspection, token revocation requests +- Parse responses, validate id_token +- Registering new clients using the register endpoint if any +- Sending signed and or encrypted requests in the auth and token endpoints +- Client TLS Authentication available +- Making Pushed Auth Requests +- Making Rich Auth Requests +- Adding claims to requests +- Sending DPoP proofs +- JWT Secured Authorization Response Mode +- End session and single-logout functionalities diff --git a/security/iddawc/pkg-plist b/security/iddawc/pkg-plist index 0910a635f6f2..b9afe21892ee 100644 --- a/security/iddawc/pkg-plist +++ b/security/iddawc/pkg-plist @@ -1,9 +1,10 @@ bin/idwcc include/iddawc-cfg.h include/iddawc.h +lib/libiddawc.a lib/libiddawc.so lib/libiddawc.so.1.1 -lib/libiddawc.so.%%DISTVERSION%% +lib/libiddawc.so.%%PORTVERSION%% libdata/pkgconfig/libiddawc.pc share/idwcc/webapp/callback.html share/idwcc/webapp/css/bootstrap.css
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202306300718.35U7IHfp064817>