security/iddawc: Update to 1.1.8

- Update WWW - Update version requirement of BUILD_DEPENDS - Use USES=pathfix to fix .pc installation - Use complete arguments/options - Update pkg-descr - Take maintainership Changes: https://github.com/babelouest/iddawc/releases
2023-06-30 15:02:11 +08:00 · 2023-06-30 15:02:11 +08:00 · 83ba054436
parent 7e55bfd508
commit 83ba054436
5 changed files with 75 additions and 27 deletions
--- a/security/iddawc/Makefile
+++ b/security/iddawc/Makefile
@ -1,34 +1,41 @@
 PORTNAME=	iddawc
+PORTVERSION=	1.1.8
 DISTVERSIONPREFIX=	v
-DISTVERSION=	1.1.7
 CATEGORIES=	security

 MAINTAINER=	ports@FreeBSD.org
 COMMENT=	OAuth2/OIDC Client and Relying Party library
-WWW=		https://github.com/babelouest/iddawc
+WWW=		https://babelouest.github.io/iddawc/ \
+		https://github.com/babelouest/iddawc

 LICENSE=	LGPL21
 LICENSE_FILE=	${WRKSRC}/LICENSE

-BUILD_DEPENDS=	yder>1.4.14:devel/yder \
-		orcania>2.2.1:devel/orcania \
-		gnutls>0:security/gnutls
+BUILD_DEPENDS=	jansson>=2.11:devel/jansson \
+		orcania>=2.3.2:devel/orcania \
+		rhonabwy>=1.1.10:security/rhonabwy \
+		ulfius>=2.7.12:www/ulfius \
+		yder>=1.4.14:devel/yder
 LIB_DEPENDS=	libcurl.so:ftp/curl \
-		libjansson.so:devel/jansson \
 		libgnutls.so:security/gnutls \
-		liborcania.so:devel/orcania \
-		libyder.so:devel/yder \
+		libjansson.so:devel/jansson \
 		libmicrohttpd.so:www/libmicrohttpd \
+		liborcania.so:devel/orcania \
 		librhonabwy.so:security/rhonabwy \
-		libulfius.so:www/ulfius
+		libulfius.so:www/ulfius \
+		libyder.so:devel/yder

-USES=		cmake
+USES=		cmake pathfix
+
+CMAKE_OFF=	BUILD_IDDAWC_DOCUMENTATION BUILD_IDDAWC_TESTING BUILD_RPM DOWNLOAD_DEPENDENCIES
+CMAKE_ON=	BUILD_IDWCC BUILD_STATIC INSTALL_HEADER SEARCH_ORCANIA_I SEARCH_RHONABWY_I SEARCH_ULFIUS_I SEARCH_YDER_I
+
+PLIST_SUB=	PORTVERSION=${PORTVERSION}

 USE_GITHUB=	yes
 GH_ACCOUNT=	babelouest

-CMAKE_ARGS=	-DWITH_JOURNALD=off
-
-PLIST_SUB=	DISTVERSION=${DISTVERSION}
+post-install:
+	${INSTALL_DATA} ${INSTALL_WRKSRC}/libiddawc.a ${STAGEDIR}${PREFIX}/lib/libiddawc.a

 .include <bsd.port.mk>
--- a/security/iddawc/distinfo
+++ b/security/iddawc/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1670088803
-SHA256 (babelouest-iddawc-v1.1.7_GH0.tar.gz) = 7dd6cc28cd3e25bce590aab7a4f7603c1e57ad882546a622af9e77f584845ab0
-SIZE (babelouest-iddawc-v1.1.7_GH0.tar.gz) = 1488869
+TIMESTAMP = 1686496690
+SHA256 (babelouest-iddawc-v1.1.8_GH0.tar.gz) = 1e075ffd64b26ab042b571473d4be6d6fcfc11f348b4833c79af52d70573dc59
+SIZE (babelouest-iddawc-v1.1.8_GH0.tar.gz) = 1463208
--- a/security/iddawc/files/patch-src-iddawc.c
+++ b/security/iddawc/files/patch-src-iddawc.c
@ -0,0 +1,29 @@
+--- src/iddawc.c.orig	2022-12-17 21:23:54 UTC
+++ src/iddawc.c
+@@ -4972,7 +4972,7 @@ int i_verify_id_token(struct _i_session * i_session) {
+                 if (alg != GNUTLS_DIG_UNKNOWN) {
+                   hash_data.data = (unsigned char*)i_session->access_token;
+                   hash_data.size = (unsigned int)o_strlen(i_session->access_token);
+-                  if (gnutls_fingerprint(alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) {
+                  if (gnutls_fingerprint((gnutls_digest_algorithm_t) alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) {
+                     if (o_base64url_encode(hash, hash_len/2, hash_encoded, &hash_encoded_len)) {
+                       if (o_strncmp((const char *)hash_encoded, json_string_value(json_object_get(i_session->id_token_payload, "at_hash")), hash_encoded_len) != 0) {
+                         y_log_message(Y_LOG_LEVEL_DEBUG, "i_verify_id_token at - at_hash invalid");
+@@ -5000,7 +5000,7 @@ int i_verify_id_token(struct _i_session * i_session) {
+                 if (alg != GNUTLS_DIG_UNKNOWN) {
+                   hash_data.data = (unsigned char*)i_session->code;
+                   hash_data.size = (unsigned int)o_strlen(i_session->code);
+-                  if (gnutls_fingerprint(alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) {
+                  if (gnutls_fingerprint((gnutls_digest_algorithm_t) alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) {
+                     if (o_base64url_encode(hash, hash_len/2, hash_encoded, &hash_encoded_len)) {
+                       if (o_strncmp((const char *)hash_encoded, json_string_value(json_object_get(i_session->id_token_payload, "c_hash")), hash_encoded_len) != 0) {
+                         y_log_message(Y_LOG_LEVEL_DEBUG, "i_verify_id_token - c_hash invalid");
+@@ -5028,7 +5028,7 @@ int i_verify_id_token(struct _i_session * i_session) {
+                 if (alg != GNUTLS_DIG_UNKNOWN) {
+                   hash_data.data = (unsigned char*)i_session->state;
+                   hash_data.size = (unsigned int)o_strlen(i_session->state);
+-                  if (gnutls_fingerprint(alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) {
+                  if (gnutls_fingerprint((gnutls_digest_algorithm_t) alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) {
+                     if (o_base64url_encode(hash, hash_len/2, hash_encoded, &hash_encoded_len)) {
+                       if (o_strncmp((const char *)hash_encoded, json_string_value(json_object_get(i_session->id_token_payload, "s_hash")), hash_encoded_len) != 0) {
+                         y_log_message(Y_LOG_LEVEL_DEBUG, "i_verify_id_token - s_hash invalid");
--- a/security/iddawc/pkg-descr
+++ b/security/iddawc/pkg-descr
@ -1,12 +1,23 @@
-Handles the OAuth2 and OpenID Connect authentication process flow from the
-client side.
+Iddawc is a C library used to implement OAuth2/OIDC clients according to the
+OAuth2 RFC and the OpenID Connect Specs.

-* Generates requests based on input parameters
-* Parses response
-* Validates response values
+It's based on Ulfius library for the HTTP requests and response management and
+Rhonabwy library for the JOSE management.

-Supported response_types: code, token, id_token, password, client_credentials,
-refresh_token, device_code
-
-Supported client authentication methods: client_secret_basic,
-client_secret_post, client_secret_jwt, private_key_jwt
+Iddawc supports the following features:
+- Loading openid-configuration endpoints and parsing the results
+- Making auth requests using the given parameters (client_id, client_secret,
+  redirect_uri, etc.) and parsing the result
+- Making token requests using the given parameters (code, client_id,
+  client_secret, redirect_uri, etc.) and parsing the result
+- Making userinfo, token introspection, token revocation requests
+- Parse responses, validate id_token
+- Registering new clients using the register endpoint if any
+- Sending signed and or encrypted requests in the auth and token endpoints
+- Client TLS Authentication available
+- Making Pushed Auth Requests
+- Making Rich Auth Requests
+- Adding claims to requests
+- Sending DPoP proofs
+- JWT Secured Authorization Response Mode
+- End session and single-logout functionalities
--- a/security/iddawc/pkg-plist
+++ b/security/iddawc/pkg-plist
@ -1,9 +1,10 @@
 bin/idwcc
 include/iddawc-cfg.h
 include/iddawc.h
+lib/libiddawc.a
 lib/libiddawc.so
 lib/libiddawc.so.1.1
-lib/libiddawc.so.%%DISTVERSION%%
+lib/libiddawc.so.%%PORTVERSION%%
 libdata/pkgconfig/libiddawc.pc
 share/idwcc/webapp/callback.html
 share/idwcc/webapp/css/bootstrap.css