Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1518708109116130"
MIME-Version: 1.0
Date: Thu, 15 Feb 2018 15:21:49 +0000
From: "Thomas Klausner" <wiz@netbsd.org>
Subject: CVS commit: pkgsrc/security/liboauth
To: pkgsrc-changes@NetBSD.org
Reply-To: wiz@netbsd.org
Message-Id: <20180215152149.86333FB40@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1518708109116130
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	wiz
Date:		Thu Feb 15 15:21:49 UTC 2018

Modified Files:
	pkgsrc/security/liboauth: Makefile distinfo
Added Files:
	pkgsrc/security/liboauth/patches: patch-src_hash.c

Log Message:
liboauth: update to 1.0.3nb7.

Support building with openssl-1.1.


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/security/liboauth/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/security/liboauth/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/security/liboauth/patches/patch-src_hash.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1518708109116130
Content-Disposition: inline
Content-Length: 6091
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/security/liboauth/Makefile
diff -u pkgsrc/security/liboauth/Makefile:1.15 pkgsrc/security/liboauth/Makefile:1.16
--- pkgsrc/security/liboauth/Makefile:1.15	Mon Jan  1 21:18:10 2018
+++ pkgsrc/security/liboauth/Makefile	Thu Feb 15 15:21:49 2018
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.15 2018/01/01 21:18:10 adam Exp $
+# $NetBSD: Makefile,v 1.16 2018/02/15 15:21:49 wiz Exp $
 
 DISTNAME=	liboauth-1.0.3
-PKGREVISION=	6
+PKGREVISION=	7
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=liboauth/}
 

Index: pkgsrc/security/liboauth/distinfo
diff -u pkgsrc/security/liboauth/distinfo:1.4 pkgsrc/security/liboauth/distinfo:1.5
--- pkgsrc/security/liboauth/distinfo:1.4	Wed Nov  4 01:17:49 2015
+++ pkgsrc/security/liboauth/distinfo	Thu Feb 15 15:21:49 2018
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.4 2015/11/04 01:17:49 agc Exp $
+$NetBSD: distinfo,v 1.5 2018/02/15 15:21:49 wiz Exp $
 
 SHA1 (liboauth-1.0.3.tar.gz) = 791dbb4166b5d2c843c8ff48ac17284cc0884af2
 RMD160 (liboauth-1.0.3.tar.gz) = c9f3182e51b48ebae27f577ccb077d8263c52f9a
 SHA512 (liboauth-1.0.3.tar.gz) = 5a13818dbb3e0df76f7a3fde451eff4f90c9bebfe2076a294921af0c07c2b0789f717f0f862ac6961562d4227e016dc198ddd7efb9c7ac599c3bfbcdb2ac33fa
 Size (liboauth-1.0.3.tar.gz) = 504950 bytes
 SHA1 (patch-aa) = 49b16044446c4531dc1a0b78c5f6ac2b6c659423
+SHA1 (patch-src_hash.c) = c2614a47bf6d3583b7b68a9430406393d81b6902

Added files:

Index: pkgsrc/security/liboauth/patches/patch-src_hash.c
diff -u /dev/null pkgsrc/security/liboauth/patches/patch-src_hash.c:1.1
--- /dev/null	Thu Feb 15 15:21:49 2018
+++ pkgsrc/security/liboauth/patches/patch-src_hash.c	Thu Feb 15 15:21:49 2018
@@ -0,0 +1,141 @@
+$NetBSD: patch-src_hash.c,v 1.1 2018/02/15 15:21:49 wiz Exp $
+
+Support OpenSSL-1.1.
+Based on patch by Hristo Venev in https://github.com/x42/liboauth/issues/9
+
+--- src/hash.c.orig	2013-10-04 13:02:50.000000000 +0000
++++ src/hash.c
+@@ -362,6 +362,11 @@ looser:
+ #include "oauth.h" // base64 encode fn's.
+ #include <openssl/hmac.h>
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000
++#define EVP_MD_CTX_new EVP_MD_CTX_create
++#define EVP_MD_CTX_free EVP_MD_CTX_destroy
++#endif
++
+ char *oauth_sign_hmac_sha1 (const char *m, const char *k) {
+   return(oauth_sign_hmac_sha1_raw (m, strlen(m), k, strlen(k)));
+ }
+@@ -386,7 +391,7 @@ char *oauth_sign_rsa_sha1 (const char *m
+   unsigned char *sig = NULL;
+   unsigned char *passphrase = NULL;
+   unsigned int len=0;
+-  EVP_MD_CTX md_ctx;
++  EVP_MD_CTX *md_ctx;
+ 
+   EVP_PKEY *pkey;
+   BIO *in;
+@@ -399,24 +404,31 @@ char *oauth_sign_rsa_sha1 (const char *m
+     return xstrdup("liboauth/OpenSSL: can not read private key");
+   }
+ 
++  md_ctx = EVP_MD_CTX_new();
++  if (md_ctx == NULL) {
++    return xstrdup("liboauth/OpenSSL: failed to allocate EVP_MD_CTX");
++  }
++
+   len = EVP_PKEY_size(pkey);
+   sig = (unsigned char*)xmalloc((len+1)*sizeof(char));
+ 
+-  EVP_SignInit(&md_ctx, EVP_sha1());
+-  EVP_SignUpdate(&md_ctx, m, strlen(m));
+-  if (EVP_SignFinal (&md_ctx, sig, &len, pkey)) {
++  EVP_SignInit(md_ctx, EVP_sha1());
++  EVP_SignUpdate(md_ctx, m, strlen(m));
++  if (EVP_SignFinal (md_ctx, sig, &len, pkey)) {
+     char *tmp;
+     sig[len] = '\0';
+     tmp = oauth_encode_base64(len,sig);
+     OPENSSL_free(sig);
+     EVP_PKEY_free(pkey);
++    EVP_MD_CTX_free(md_ctx);
+     return tmp;
+   }
++  EVP_MD_CTX_free(md_ctx);
+   return xstrdup("liboauth/OpenSSL: rsa-sha1 signing failed");
+ }
+ 
+ int oauth_verify_rsa_sha1 (const char *m, const char *c, const char *s) {
+-  EVP_MD_CTX md_ctx;
++  EVP_MD_CTX *md_ctx;
+   EVP_PKEY *pkey;
+   BIO *in;
+   X509 *cert = NULL;
+@@ -437,13 +449,17 @@ int oauth_verify_rsa_sha1 (const char *m
+     return -2;
+   }
+ 
++  md_ctx = EVP_MD_CTX_new();
++  if (md_ctx == NULL) {
++    return -2;
++  }
+   b64d= (unsigned char*) xmalloc(sizeof(char)*strlen(s));
+   slen = oauth_decode_base64(b64d, s);
+ 
+-  EVP_VerifyInit(&md_ctx, EVP_sha1());
+-  EVP_VerifyUpdate(&md_ctx, m, strlen(m));
+-  err = EVP_VerifyFinal(&md_ctx, b64d, slen, pkey);
+-  EVP_MD_CTX_cleanup(&md_ctx);
++  EVP_VerifyInit(md_ctx, EVP_sha1());
++  EVP_VerifyUpdate(md_ctx, m, strlen(m));
++  err = EVP_VerifyFinal(md_ctx, b64d, slen, pkey);
++  EVP_MD_CTX_free(md_ctx);
+   EVP_PKEY_free(pkey);
+   xfree(b64d);
+   return (err);
+@@ -455,35 +471,42 @@ int oauth_verify_rsa_sha1 (const char *m
+  */
+ char *oauth_body_hash_file(char *filename) {
+   unsigned char fb[BUFSIZ];
+-  EVP_MD_CTX ctx;
++  EVP_MD_CTX *ctx;
+   size_t len=0;
+   unsigned char *md;
+   FILE *F= fopen(filename, "r");
+   if (!F) return NULL;
+ 
+-  EVP_MD_CTX_init(&ctx);
+-  EVP_DigestInit(&ctx,EVP_sha1());
++  ctx = EVP_MD_CTX_new();
++  if (ctx == NULL) {
++    return xstrdup("liboauth/OpenSSL: failed to allocate EVP_MD_CTX");
++  }
++  EVP_DigestInit(ctx,EVP_sha1());
+   while (!feof(F) && (len=fread(fb,sizeof(char),BUFSIZ, F))>0) {
+-    EVP_DigestUpdate(&ctx, fb, len);
++    EVP_DigestUpdate(ctx, fb, len);
+   }
+   fclose(F);
+   len=0;
+   md=(unsigned char*) xcalloc(EVP_MD_size(EVP_sha1()),sizeof(unsigned char));
+-  EVP_DigestFinal(&ctx, md,(unsigned int*) &len);
+-  EVP_MD_CTX_cleanup(&ctx);
++  EVP_DigestFinal(ctx, md,(unsigned int*) &len);
++  EVP_MD_CTX_free(ctx);
+   return oauth_body_hash_encode(len, md);
+ }
+ 
+ char *oauth_body_hash_data(size_t length, const char *data) {
+-  EVP_MD_CTX ctx;
++  EVP_MD_CTX *ctx;
+   size_t len=0;
+   unsigned char *md;
+   md=(unsigned char*) xcalloc(EVP_MD_size(EVP_sha1()),sizeof(unsigned char));
+-  EVP_MD_CTX_init(&ctx);
+-  EVP_DigestInit(&ctx,EVP_sha1());
+-  EVP_DigestUpdate(&ctx, data, length);
+-  EVP_DigestFinal(&ctx, md,(unsigned int*) &len);
+-  EVP_MD_CTX_cleanup(&ctx);
++  ctx = EVP_MD_CTX_new();
++  if (ctx == NULL) {
++    return xstrdup("liboauth/OpenSSL: failed to allocate EVP_MD_CTX");
++  }
++  EVP_MD_CTX_init(ctx);
++  EVP_DigestInit(ctx,EVP_sha1());
++  EVP_DigestUpdate(ctx, data, length);
++  EVP_DigestFinal(ctx, md,(unsigned int*) &len);
++  EVP_MD_CTX_free(ctx);
+   return oauth_body_hash_encode(len, md);
+ }
+ 


--_----------=_1518708109116130--