From nobody Fri Jun 30 07:18:17 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QsmrB0RZFz4kp2w; Fri, 30 Jun 2023 07:18:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Qsmr96fTRz3kNb; Fri, 30 Jun 2023 07:18:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1688109497; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KUaj/y5VxVRwXV2pWbxHocVrq5Z86XX2V7tOi/4niN8=; b=qVUn7jj8huZsGcnCgUPEGxSbNg0v9gDiO7qWC16At3HQr9c/lvD2NnapC2QFyNDimp7Dyl O9cVIvjInNj2HNChDTjdjH/1hfuZ0vDOiHM7ttTgj44Tmj0d0daenxW8G9G2Ah6uS323c2 ImHMCuwztldPcMqD5KXp3KM1BfrkVdrn8N9X03gs1Px5ojwX05tLVOEXH9Z+SCLiQohjLa d0gI54QkIGPZ2uyGoSgTL+qJbDnXivIwQQE6aUm40xUHsa9OgwhCfFKACVcD8eUIMt2756 eR2NaCN5UCtLoLCr8JD+RuNubYKa7ie3s3zbD8MWtNyAUvRf6M7PH6UvV0iAIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1688109497; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KUaj/y5VxVRwXV2pWbxHocVrq5Z86XX2V7tOi/4niN8=; b=ypdiJQk+kSYFFGiSTkSomKyfZN+8lIQPMB1A9q18maZTsdd0Cr/t5nS4JSbN88mXKVrrU0 h7PszIrhDymwIPThGPfyVEctKghbAVbObspXW8ICZKCu36SxN3Z1qVLjkq9z8KEoeDTNNu G1lgf2YVfC6qyo6JspK3CzZs1m4noYLrCuHMFbUOZU9xRoi7kaJhn91kh+kyDa/wl+yNFZ EJKSoOMkEfXdjZ2rWGQpGFmhAPSkCdcJRLG9UUy4rzYCljoXJwYrTkrO7g21UAQ6pvZFBA qFhBi6U5lEEr+4eiO5298mg+bI/oAh1GKj7uQaAO1KJyBd1yegRR99VAt3f0Aw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1688109497; a=rsa-sha256; cv=none; b=OMFKcCOsupuKkVctp1gbX6P0CbJ1ozmDXtPiOwtjwfBxTN0mEKGSP9FlAAzznzjUwyRxfg D8yZRVcZZ9moZEPIhyoXbn7YMvVi7v/88AW6yIMh1n7/G5FrSH3Qa9mUJkV3FsEF2Ommq9 3w2fhm0GevJb3nwjXeUxaAvfKpUeBhfdP6Vg1/j/giObLAP6u1g8WEr7G+jc7OJI1+GU4Z m9pRuIHzNAkHw7o7uZT+4pQCb9EDcv7yvCf/yg1mONLRg3msH/ElaoKj6x6RvZJbUAgmxX vvG//m7js1AKdI3YHXvtJNHEBWHRzDjcBP47LJwISe7+Zwc+1zMojdDtV7PDuw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Qsmr95l3WzpkM; Fri, 30 Jun 2023 07:18:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 35U7IH3U064818; Fri, 30 Jun 2023 07:18:17 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 35U7IHfp064817; Fri, 30 Jun 2023 07:18:17 GMT (envelope-from git) Date: Fri, 30 Jun 2023 07:18:17 GMT Message-Id: <202306300718.35U7IHfp064817@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Po-Chuan Hsieh Subject: git: 83ba0544367a - main - security/iddawc: Update to 1.1.8 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: sunpoet X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 83ba0544367a7e14d321cbd8cc8f6902f16e285b Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by sunpoet: URL: https://cgit.FreeBSD.org/ports/commit/?id=83ba0544367a7e14d321cbd8cc8f6902f16e285b commit 83ba0544367a7e14d321cbd8cc8f6902f16e285b Author: Po-Chuan Hsieh AuthorDate: 2023-06-30 07:02:11 +0000 Commit: Po-Chuan Hsieh CommitDate: 2023-06-30 07:02:11 +0000 security/iddawc: Update to 1.1.8 - Update WWW - Update version requirement of BUILD_DEPENDS - Use USES=pathfix to fix .pc installation - Use complete arguments/options - Update pkg-descr - Take maintainership Changes: https://github.com/babelouest/iddawc/releases --- security/iddawc/Makefile | 33 +++++++++++++++++++------------- security/iddawc/distinfo | 6 +++--- security/iddawc/files/patch-src-iddawc.c | 29 ++++++++++++++++++++++++++++ security/iddawc/pkg-descr | 31 ++++++++++++++++++++---------- security/iddawc/pkg-plist | 3 ++- 5 files changed, 75 insertions(+), 27 deletions(-) diff --git a/security/iddawc/Makefile b/security/iddawc/Makefile index 9ce0e8c5aafb..e804d6848735 100644 --- a/security/iddawc/Makefile +++ b/security/iddawc/Makefile @@ -1,34 +1,41 @@ PORTNAME= iddawc +PORTVERSION= 1.1.8 DISTVERSIONPREFIX= v -DISTVERSION= 1.1.7 CATEGORIES= security MAINTAINER= ports@FreeBSD.org COMMENT= OAuth2/OIDC Client and Relying Party library -WWW= https://github.com/babelouest/iddawc +WWW= https://babelouest.github.io/iddawc/ \ + https://github.com/babelouest/iddawc LICENSE= LGPL21 LICENSE_FILE= ${WRKSRC}/LICENSE -BUILD_DEPENDS= yder>1.4.14:devel/yder \ - orcania>2.2.1:devel/orcania \ - gnutls>0:security/gnutls +BUILD_DEPENDS= jansson>=2.11:devel/jansson \ + orcania>=2.3.2:devel/orcania \ + rhonabwy>=1.1.10:security/rhonabwy \ + ulfius>=2.7.12:www/ulfius \ + yder>=1.4.14:devel/yder LIB_DEPENDS= libcurl.so:ftp/curl \ - libjansson.so:devel/jansson \ libgnutls.so:security/gnutls \ - liborcania.so:devel/orcania \ - libyder.so:devel/yder \ + libjansson.so:devel/jansson \ libmicrohttpd.so:www/libmicrohttpd \ + liborcania.so:devel/orcania \ librhonabwy.so:security/rhonabwy \ - libulfius.so:www/ulfius + libulfius.so:www/ulfius \ + libyder.so:devel/yder -USES= cmake +USES= cmake pathfix + +CMAKE_OFF= BUILD_IDDAWC_DOCUMENTATION BUILD_IDDAWC_TESTING BUILD_RPM DOWNLOAD_DEPENDENCIES +CMAKE_ON= BUILD_IDWCC BUILD_STATIC INSTALL_HEADER SEARCH_ORCANIA_I SEARCH_RHONABWY_I SEARCH_ULFIUS_I SEARCH_YDER_I + +PLIST_SUB= PORTVERSION=${PORTVERSION} USE_GITHUB= yes GH_ACCOUNT= babelouest -CMAKE_ARGS= -DWITH_JOURNALD=off - -PLIST_SUB= DISTVERSION=${DISTVERSION} +post-install: + ${INSTALL_DATA} ${INSTALL_WRKSRC}/libiddawc.a ${STAGEDIR}${PREFIX}/lib/libiddawc.a .include diff --git a/security/iddawc/distinfo b/security/iddawc/distinfo index e9ecd625204f..1b99a83fccd6 100644 --- a/security/iddawc/distinfo +++ b/security/iddawc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1670088803 -SHA256 (babelouest-iddawc-v1.1.7_GH0.tar.gz) = 7dd6cc28cd3e25bce590aab7a4f7603c1e57ad882546a622af9e77f584845ab0 -SIZE (babelouest-iddawc-v1.1.7_GH0.tar.gz) = 1488869 +TIMESTAMP = 1686496690 +SHA256 (babelouest-iddawc-v1.1.8_GH0.tar.gz) = 1e075ffd64b26ab042b571473d4be6d6fcfc11f348b4833c79af52d70573dc59 +SIZE (babelouest-iddawc-v1.1.8_GH0.tar.gz) = 1463208 diff --git a/security/iddawc/files/patch-src-iddawc.c b/security/iddawc/files/patch-src-iddawc.c new file mode 100644 index 000000000000..8841b26e2c51 --- /dev/null +++ b/security/iddawc/files/patch-src-iddawc.c @@ -0,0 +1,29 @@ +--- src/iddawc.c.orig 2022-12-17 21:23:54 UTC ++++ src/iddawc.c +@@ -4972,7 +4972,7 @@ int i_verify_id_token(struct _i_session * i_session) { + if (alg != GNUTLS_DIG_UNKNOWN) { + hash_data.data = (unsigned char*)i_session->access_token; + hash_data.size = (unsigned int)o_strlen(i_session->access_token); +- if (gnutls_fingerprint(alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { ++ if (gnutls_fingerprint((gnutls_digest_algorithm_t) alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { + if (o_base64url_encode(hash, hash_len/2, hash_encoded, &hash_encoded_len)) { + if (o_strncmp((const char *)hash_encoded, json_string_value(json_object_get(i_session->id_token_payload, "at_hash")), hash_encoded_len) != 0) { + y_log_message(Y_LOG_LEVEL_DEBUG, "i_verify_id_token at - at_hash invalid"); +@@ -5000,7 +5000,7 @@ int i_verify_id_token(struct _i_session * i_session) { + if (alg != GNUTLS_DIG_UNKNOWN) { + hash_data.data = (unsigned char*)i_session->code; + hash_data.size = (unsigned int)o_strlen(i_session->code); +- if (gnutls_fingerprint(alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { ++ if (gnutls_fingerprint((gnutls_digest_algorithm_t) alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { + if (o_base64url_encode(hash, hash_len/2, hash_encoded, &hash_encoded_len)) { + if (o_strncmp((const char *)hash_encoded, json_string_value(json_object_get(i_session->id_token_payload, "c_hash")), hash_encoded_len) != 0) { + y_log_message(Y_LOG_LEVEL_DEBUG, "i_verify_id_token - c_hash invalid"); +@@ -5028,7 +5028,7 @@ int i_verify_id_token(struct _i_session * i_session) { + if (alg != GNUTLS_DIG_UNKNOWN) { + hash_data.data = (unsigned char*)i_session->state; + hash_data.size = (unsigned int)o_strlen(i_session->state); +- if (gnutls_fingerprint(alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { ++ if (gnutls_fingerprint((gnutls_digest_algorithm_t) alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { + if (o_base64url_encode(hash, hash_len/2, hash_encoded, &hash_encoded_len)) { + if (o_strncmp((const char *)hash_encoded, json_string_value(json_object_get(i_session->id_token_payload, "s_hash")), hash_encoded_len) != 0) { + y_log_message(Y_LOG_LEVEL_DEBUG, "i_verify_id_token - s_hash invalid"); diff --git a/security/iddawc/pkg-descr b/security/iddawc/pkg-descr index f64f0a718fed..01bcbdcd4420 100644 --- a/security/iddawc/pkg-descr +++ b/security/iddawc/pkg-descr @@ -1,12 +1,23 @@ -Handles the OAuth2 and OpenID Connect authentication process flow from the -client side. +Iddawc is a C library used to implement OAuth2/OIDC clients according to the +OAuth2 RFC and the OpenID Connect Specs. -* Generates requests based on input parameters -* Parses response -* Validates response values +It's based on Ulfius library for the HTTP requests and response management and +Rhonabwy library for the JOSE management. -Supported response_types: code, token, id_token, password, client_credentials, -refresh_token, device_code - -Supported client authentication methods: client_secret_basic, -client_secret_post, client_secret_jwt, private_key_jwt +Iddawc supports the following features: +- Loading openid-configuration endpoints and parsing the results +- Making auth requests using the given parameters (client_id, client_secret, + redirect_uri, etc.) and parsing the result +- Making token requests using the given parameters (code, client_id, + client_secret, redirect_uri, etc.) and parsing the result +- Making userinfo, token introspection, token revocation requests +- Parse responses, validate id_token +- Registering new clients using the register endpoint if any +- Sending signed and or encrypted requests in the auth and token endpoints +- Client TLS Authentication available +- Making Pushed Auth Requests +- Making Rich Auth Requests +- Adding claims to requests +- Sending DPoP proofs +- JWT Secured Authorization Response Mode +- End session and single-logout functionalities diff --git a/security/iddawc/pkg-plist b/security/iddawc/pkg-plist index 0910a635f6f2..b9afe21892ee 100644 --- a/security/iddawc/pkg-plist +++ b/security/iddawc/pkg-plist @@ -1,9 +1,10 @@ bin/idwcc include/iddawc-cfg.h include/iddawc.h +lib/libiddawc.a lib/libiddawc.so lib/libiddawc.so.1.1 -lib/libiddawc.so.%%DISTVERSION%% +lib/libiddawc.so.%%PORTVERSION%% libdata/pkgconfig/libiddawc.pc share/idwcc/webapp/callback.html share/idwcc/webapp/css/bootstrap.css