author: Mikhail Teterin <mi@FreeBSD.org> 2008-05-01 04:28:31 +0000
committer: Mikhail Teterin <mi@FreeBSD.org> 2008-05-01 04:28:31 +0000
commit: ba1db238b74fe423e8e07c4c8c876d3da52bcad7 (patch)
tree: a2dbb43a66cd71ed49f161520baf8782384a3061 /security
parent: 58f6426af0f11d523448c1c4a05c46cd241e71ba (diff)
download: ports-ba1db238b74fe423e8e07c4c8c876d3da52bcad7.tar.gz
ports-ba1db238b74fe423e8e07c4c8c876d3da52bcad7.zip
5 files changed, 352 insertions, 50 deletions
diff --git a/security/sscep/Makefile b/security/sscep/Makefile
index 696fd24b306d..1af5614c3160 100644
--- a/security/sscep/Makefile
+++ b/security/sscep/Makefile
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=		sscep
-PORTVERSION=		20040325
+PORTVERSION=		20071227
 CATEGORIES=		security
 MASTER_SITES=		http://www.klake.org/~jt/sscep/
 DISTNAME=		${PORTNAME}
@@ -14,12 +14,9 @@ EXTRACT_SUFX=		.tgz
 
 MAINTAINER=		ports@FreeBSD.org
 COMMENT=		Simple scep client
-
-BROKEN=		Checksum mismatch
+MAKEFILE=		${FILESDIR}/BSDmakefile
+ALL_TARGET=		-j`${SYSCTL} -n hw.ncpu`
 
 USE_OPENSSL=		yes
 
-MAKE_ARGS+=	BINDIR="${PREFIX}/bin" \
-		CONFDIR="${PREFIX}/etc"
-
 .include <bsd.port.mk>
diff --git a/security/sscep/distinfo b/security/sscep/distinfo
index ba2686c0a9c0..ec1ad504a73f 100644
--- a/security/sscep/distinfo
+++ b/security/sscep/distinfo
@@ -1,3 +1,3 @@
-MD5 (sscep.tgz) = b509cdf0de952841471e77499aa6e4ca
-SHA256 (sscep.tgz) = 391dbe52adfec6a56f279fbe565d2f3fc9e7f2cc8c1d1a8a57cccb205c96aa5e
-SIZE (sscep.tgz) = 51300
+MD5 (sscep.tgz) = c5cc9940263d63a097ecdf0056d8532a
+SHA256 (sscep.tgz) = 0739bbade24054ff73102e0ef9d43ac7e51be9588ae4b6bd4c7e595a16bbfbcd
+SIZE (sscep.tgz) = 101742
diff --git a/security/sscep/files/BSDmakefile b/security/sscep/files/BSDmakefile
new file mode 100644
index 000000000000..1152a5a82efb
--- /dev/null
+++ b/security/sscep/files/BSDmakefile
@@ -0,0 +1,24 @@
+BINDIR = ${PREFIX}/bin
+MANDIR = ${PREFIX}/man/man8
+
+.if !empty(OPENSSLBASE) && ${OPENSSLBASE} != "/usr"
+CFLAGS+= -I${OPENSSLINC}
+LDADD+=	-L${OPENSSLLIB}
+.endif
+LDADD+= -lcrypto
+
+WARNS	= 3
+
+# Manual page appears to have been removed from the distribution.
+# This is being investigated...
+#MAN8	= sscep.8
+NO_MAN	= yes
+
+PROG	= sscep
+SRCS    = sscep.c init.c net.c sceputils.c pkcs7.c ias.c fileutils.c
+
+beforeinstall:
+	${BSD_INSTALL_SCRIPT} ${.CURDIR}/mkrequest ${BINDIR}/
+	${BSD_INSTALL_DATA} ${.CURDIR}/sscep.conf ${PREFIX}/etc/sscep.conf.sample
+
+.include <bsd.prog.mk>
diff --git a/security/sscep/files/patch-aa b/security/sscep/files/patch-aa
deleted file mode 100644
index b170727dab6b..000000000000
--- a/security/sscep/files/patch-aa
+++ /dev/null
@@ -1,41 +0,0 @@
-$FreeBSD$
-
---- Makefile.orig	Wed Jan 22 08:23:18 2003
-+++ Makefile	Tue Feb 15 13:32:02 2005
-@@ -2,22 +2,26 @@
- # $Id: Makefile,v 1.0 2003/01/12 13:17:37 jt Exp $
- #
- 
--BINDIR = /usr/local/bin
--MANDIR = /usr/local/man/man8
-+BINDIR  ?= /usr/local/bin
-+CONFDIR ?= /usr/local/etc
- 
--CC	= gcc
--CFLAGS	= -Wall -O 
-+CC      ?= gcc
-+CFLAGS  ?= -Wall -O
- 
--MAN	= sscep.8
--PROG	= sscep
-+PROG    = sscep
-+MKREQ   = mkrequest
- OBJS    = sscep.o init.o net.o sceputils.o pkcs7.o ias.o fileutils.o
-+CONF    = sscep.conf
-+
-+all: $(PROG)
- 
- $(PROG): $(OBJS)
--	$(CC) $(CFLAGS) -lcrypto -o $(PROG) $(OBJS) 
-+	$(CC) $(CFLAGS) -lcrypto -o $(PROG) $(OBJS)
- 
- clean:
--	rm -f $(PROG) $(OBJS) $(MAN) core
-+	rm -f $(PROG) $(OBJS) core
- 
- install:
--	./install-sh $(PROG) $(BINDIR)
--	./install-sh $(MAN) $(MANDIR)
-+	cp $(PROG) $(BINDIR)
-+	cp $(MKREQ) $(BINDIR)
-+	cp $(CONF) $(CONFDIR)/sscep.conf.sample
diff --git a/security/sscep/files/patch-warnings b/security/sscep/files/patch-warnings
new file mode 100644
index 000000000000..3ed2a280d721
--- /dev/null
+++ b/security/sscep/files/patch-warnings
@@ -0,0 +1,322 @@
+Fix a lot of warnings and (what seems to be) two errors...
+
+	-mi
+
+--- ias.h	2006-03-13 06:45:20.000000000 -0500
++++ ias.h	2008-04-29 10:03:02.000000000 -0400
+@@ -6,13 +6,6 @@
+  */
+ 
+-/* Macros */
+-
+-#define i2d_pkcs7_issuer_and_subject_bio(bp, ias) \
+-	ASN1_i2d_bio(i2d_pkcs7_issuer_and_subject, bp, (unsigned char *)ias)
+-#define i2d_PKCS7_ISSUER_AND_SERIAL_bio(bp, ias)  \
+-	ASN1_i2d_bio(i2d_PKCS7_ISSUER_AND_SERIAL, bp, (unsigned char *)ias)
+-
+ /* Routines */
+-int i2d_pkcs7_issuer_and_subject(pkcs7_issuer_and_subject *, unsigned char **);
++int i2d_pkcs7_issuer_and_subject(void *, unsigned char **);
+ pkcs7_issuer_and_subject *
+ d2i_pkcs7_issuer_and_subject(pkcs7_issuer_and_subject **, unsigned char **,
+--- net.c	2007-12-27 01:08:39.000000000 -0500
++++ net.c	2008-04-29 10:03:02.000000000 -0400
+@@ -151,13 +151,13 @@
+ 
+ /* URL-encode the input and return back encoded string */
+-char * url_encode(char *s, size_t n) {
++char * url_encode(const char *s, size_t n) {
+ 	char	*r;
+ 	size_t	len;
+-	int     i;
++	size_t	i;
+ 	char    ch[2];
+ 
+ 	/* Allocate 2 times bigger space than the original string */
+ 	len = 2 * n;
+-	r = (char *)malloc(len);	
++	r = malloc(len);	
+ 	if (r == NULL) {
+ 		return NULL;
+--- pkcs7.c	2006-03-13 06:45:21.000000000 -0500
++++ pkcs7.c	2008-04-29 10:03:02.000000000 -0400
+@@ -10,4 +10,18 @@
+ #include "ias.h"
+ 
++static int
++pkcs7_translator(void *p, unsigned char **out)
++{
++	return i2d_PKCS7_ISSUER_AND_SERIAL(p, out);
++}
++#define i2d_pkcs7_issuer_and_subject_bio(bp, ias) \
++	ASN1_i2d_bio(i2d_pkcs7_issuer_and_subject, bp, (unsigned char *)ias)
++#define i2d_PKCS7_ISSUER_AND_SERIAL_bio(bp, ias)  \
++	ASN1_i2d_bio(pkcs7_translator, bp, (unsigned char *)ias)
++
++static int add_attribute_string(STACK_OF(X509_ATTRIBUTE) *, int,
++    const char *);
++static int add_attribute_octet(STACK_OF(X509_ATTRIBUTE) *, int,
++    const char *, int);
+ /*
+  * Wrap data in PKCS#7 envelopes and base64-encode the result.
+@@ -64,5 +78,5 @@
+ 				exit (SCEP_PKISTATUS_P7);
+ 			}
+-			BIO_flush(databio);
++			(void)BIO_flush(databio);
+ 			BIO_set_flags(databio, BIO_FLAGS_MEM_RDONLY); 
+ 			break;
+@@ -90,5 +104,5 @@
+ 				exit (SCEP_PKISTATUS_P7);
+ 			}
+-			BIO_flush(databio);
++			(void)BIO_flush(databio);
+ 			BIO_set_flags(databio, BIO_FLAGS_MEM_RDONLY); 
+ 			break;
+@@ -100,5 +114,5 @@
+ 			/* Signer cert */
+ 			signercert = localcert;
+-			signercert = rsa;
++			signerkey = rsa;
+ 
+ 			/* Read data in memory bio */
+@@ -111,5 +125,5 @@
+ 				exit (SCEP_PKISTATUS_P7);
+ 			}
+-			BIO_flush(databio);
++			(void)BIO_flush(databio);
+ 			BIO_set_flags(databio, BIO_FLAGS_MEM_RDONLY); 
+ 			break;
+@@ -121,5 +135,5 @@
+ 			/* Signer cert */
+ 			signercert = localcert;
+-			signercert = rsa;
++			signerkey = rsa;
+ 
+ 			/* Read data in memory bio */
+@@ -132,5 +146,5 @@
+ 				exit (SCEP_PKISTATUS_P7);
+ 			}
+-			BIO_flush(databio);
++			(void)BIO_flush(databio);
+ 			BIO_set_flags(databio, BIO_FLAGS_MEM_RDONLY); 
+ 			break;
+@@ -195,5 +209,5 @@
+ 		exit (SCEP_PKISTATUS_P7);
+ 	}
+-	BIO_flush(memorybio);
++	(void)BIO_flush(memorybio);
+ 	BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY); 
+ 	len = BIO_get_mem_data(memorybio, &buffer);
+@@ -298,5 +312,5 @@
+ 	/* Copy PKCS#7 */
+ 	i2d_PKCS7_bio(outbio, s->request_p7);
+-	BIO_flush(outbio);
++	(void)BIO_flush(outbio);
+ 	BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY);
+ 	s->request_len = BIO_get_mem_data(memorybio, &s->request_payload);
+@@ -370,5 +384,5 @@
+ 		BIO_write(outbio, buffer, bytes);
+ 	}
+-	BIO_flush(outbio);
++	(void)BIO_flush(outbio);
+ 	if (v_flag)
+ 		printf("%s: PKCS#7 contains %d bytes of enveloped data\n",
+@@ -584,5 +598,5 @@
+ 		exit (SCEP_PKISTATUS_P7);
+ 	}
+-	BIO_flush(outbio);
++	(void)BIO_flush(outbio);
+ 
+ 	/* Write decrypted data */
+@@ -599,6 +613,6 @@
+ 
+ /* Add signed attributes */
+-int
+-add_attribute_string(STACK_OF(X509_ATTRIBUTE) *attrs, int nid, char *buffer) {
++static int
++add_attribute_string(STACK_OF(X509_ATTRIBUTE) *attrs, int nid, const char *buffer) {
+ 	ASN1_STRING     *asn1_string = NULL;
+ 	X509_ATTRIBUTE  *x509_a;
+@@ -623,6 +637,6 @@
+ 
+ }
+-int
+-add_attribute_octet(STACK_OF(X509_ATTRIBUTE) *attrs, int nid, char *buffer,
++static int
++add_attribute_octet(STACK_OF(X509_ATTRIBUTE) *attrs, int nid, const char *buffer,
+ 		int len) {
+ 	ASN1_STRING     *asn1_string = NULL;
+--- ias.c	2006-03-13 06:45:20.000000000 -0500
++++ ias.c	2008-04-29 10:03:02.000000000 -0400
+@@ -15,7 +15,8 @@
+ #include "ias.h"
+ 
+-int i2d_pkcs7_issuer_and_subject(pkcs7_issuer_and_subject *a,
++int i2d_pkcs7_issuer_and_subject(void *pv,
+ 	     unsigned char **pp) {
+ 
++	pkcs7_issuer_and_subject *a = pv;
+ 	M_ASN1_I2D_vars(a);
+ 	M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
+--- sceputils.c	2006-03-13 06:45:22.000000000 -0500
++++ sceputils.c	2008-04-29 10:03:02.000000000 -0400
+@@ -48,5 +48,5 @@
+  */
+ int new_selfsigned(struct scep *s) {
+-	unsigned char		 *ptr;
++	const unsigned char	 *ptr;
+ 	X509			 *cert;
+ 	X509_NAME		 *subject;
+@@ -99,5 +99,5 @@
+ 	}
+ 	/* Get serial no from transaction id */
+-	ptr = (unsigned char *)s->transaction_id;
++	ptr = (const unsigned char *)s->transaction_id;
+ 	if (!(serial = c2i_ASN1_INTEGER(NULL, &ptr, 32))) {
+ 		fprintf(stderr, "%s: error converting serial\n", pname);
+@@ -231,5 +231,5 @@
+ 	
+ 	/* Assign space for ASCII presentation of the digest */
+-	str = (unsigned char *)malloc(2 * MD5_DIGEST_LENGTH + 1);
++	str = malloc(2 * MD5_DIGEST_LENGTH + 1); /* XXX this is never freed */
+ 	ret = str;
+ 
+@@ -246,5 +246,5 @@
+ 	/* Copy as ASCII string and return: */
+ 	for (c = 0; c < MD5_DIGEST_LENGTH; c++, str += 2) {
+-		sprintf((char *)str, "%02X", md[c]);
++		sprintf(str, "%02X", md[c]);
+ 
+ 	}
+@@ -252,4 +252,2 @@
+ 	return(ret);
+ }
+-
+-
+--- sscep.h	2007-12-27 01:15:38.000000000 -0500
++++ sscep.h	2008-04-29 10:03:02.000000000 -0400
+@@ -139,7 +139,7 @@
+ 
+ /* Fingerprint, signing and encryption algorithms */
+-EVP_MD *fp_alg;
+-EVP_MD *sig_alg;
+-EVP_CIPHER *enc_alg;
++const EVP_MD *fp_alg;
++const EVP_MD *sig_alg;
++const EVP_CIPHER *enc_alg;
+ 
+ /* OpenSSL OID handles */
+@@ -188,5 +188,5 @@
+ 	/* SCEP message types */
+ 	int request_type;
+-	char *request_type_str;
++	const char *request_type_str;
+ 	int reply_type;
+ 	char *reply_type_str;
+@@ -199,5 +199,5 @@
+ 
+ 	/* SCEP transaction attributes */
+-	char *transaction_id;
++	const char *transaction_id;
+ 	unsigned char *sender_nonce;
+ 	int sender_nonce_len;
+@@ -237,7 +237,4 @@
+ int send_msg (struct http_reply *, char *, char *, int, int);
+ 
+-/* Catch SIGALRM */
+-void catchalarm (int);
+-
+ /* Get config file parameter */
+ char *get_string (char *);
+@@ -291,10 +288,4 @@
+ int pkcs7_unwrap(struct scep *);
+ 
+-/* Add signed string attribute */
+-int add_attribute_string(STACK_OF(X509_ATTRIBUTE) *, int, char *);
+-
+-/* Add signed octet attribute */
+-int add_attribute_octet(STACK_OF(X509_ATTRIBUTE) *, int, char *, int);
+-
+ /* Find signed attributes */
+ int get_signed_attribute(STACK_OF(X509_ATTRIBUTE) *, int, int, char **);
+@@ -302,5 +293,5 @@
+ 
+ /* URL-endcode */
+-char *url_encode (char *, size_t);
++char *url_encode (const char *, size_t);
+ 
+ /* End of Functions */
+--- cmd.h	2006-03-13 06:45:14.000000000 -0500
++++ cmd.h	2008-04-29 10:03:02.000000000 -0400
+@@ -45,5 +45,5 @@
+ 
+ /* CA identifier */
+-char *i_char;
++const char *i_char;
+ int i_flag;
+ 
+--- sscep.c	2007-12-27 01:08:39.000000000 -0500
++++ sscep.c	2008-04-29 10:03:15.000000000 -0400
+@@ -64,4 +64,10 @@
+ } /* handle_serial */
+ 
++static void
++catchalarm(int signo __unused) {
++	fprintf(stderr, "%s: connection timed out\n", pname);
++	exit (SCEP_PKISTATUS_TIMEOUT);
++}
++
+ int
+ main(int argc, char **argv) {
+@@ -349,11 +355,11 @@
+ 	/* Check algorithms */
+ 	if (!E_flag) {
+-		enc_alg = (EVP_CIPHER *)EVP_des_cbc();
++		enc_alg = EVP_des_cbc();
+ 	} else if (!strncmp(E_char, "blowfish", 8)) {
+-		enc_alg = (EVP_CIPHER *)EVP_bf_cbc();
++		enc_alg = EVP_bf_cbc();
+ 	} else if (!strncmp(E_char, "des", 3)) {
+-		enc_alg = (EVP_CIPHER *)EVP_des_cbc();
++		enc_alg = EVP_des_cbc();
+ 	} else if (!strncmp(E_char, "3des", 4)) {
+-		enc_alg = (EVP_CIPHER *)EVP_des_ede3_cbc();
++		enc_alg = EVP_des_ede3_cbc();
+ 	} else {
+ 		fprintf(stderr, "%s: unsupported algorithm: %s\n",
+@@ -362,9 +368,9 @@
+ 	}
+ 	if (!S_flag) {
+-		sig_alg = (EVP_MD *)EVP_md5();
++		sig_alg = EVP_md5();
+ 	} else if (!strncmp(S_char, "md5", 3)) {
+-		sig_alg = (EVP_MD *)EVP_md5();
++		sig_alg = EVP_md5();
+ 	} else if (!strncmp(S_char, "sha1", 4)) {
+-		sig_alg = (EVP_MD *)EVP_sha1();
++		sig_alg = EVP_sha1();
+ 	} else {
+ 		fprintf(stderr, "%s: unsupported algorithm: %s\n",
+@@ -374,9 +380,9 @@
+ 	/* Fingerprint algorithm */
+ 	if (!F_flag) {
+-		fp_alg = (EVP_MD *)EVP_md5();
++		fp_alg = EVP_md5();
+ 	} else if (!strncmp(F_char, "md5", 3)) {
+-		fp_alg = (EVP_MD *)EVP_md5();
++		fp_alg = EVP_md5();
+ 	} else if (!strncmp(F_char, "sha1", 4)) {
+-		fp_alg = (EVP_MD *)EVP_sha1();
++		fp_alg = EVP_sha1();
+ 	} else {
+ 		fprintf(stderr, "%s: unsupported algorithm: %s\n",
+@@ -778,8 +784,2 @@
+ 	exit(0);
+ }
+-
+-void
+-catchalarm(int signo) {
+-	fprintf(stderr, "%s: connection timed out\n", pname);
+-	exit (SCEP_PKISTATUS_TIMEOUT);
+-}
author	Mikhail Teterin <mi@FreeBSD.org>	2008-05-01 04:28:31 +0000
committer	Mikhail Teterin <mi@FreeBSD.org>	2008-05-01 04:28:31 +0000
commit	ba1db238b74fe423e8e07c4c8c876d3da52bcad7 (patch)
tree	a2dbb43a66cd71ed49f161520baf8782384a3061 /security
parent	58f6426af0f11d523448c1c4a05c46cd241e71ba (diff)
download	ports-ba1db238b74fe423e8e07c4c8c876d3da52bcad7.tar.gz ports-ba1db238b74fe423e8e07c4c8c876d3da52bcad7.zip