From 0d3d7cd476d1eb66547c3de5ffdced00da4ab646 Mon Sep 17 00:00:00 2001
From: sthen <sthen@openbsd.org>
Date: Sat, 6 Sep 2025 20:04:40 +0000
Subject: [PATCH] update to xca-2.9.0

patched to workaround use of EVP_PKEY_add1_attr_by_NID for CSP attributes,
which seems to be ok in light testing
---
 security/xca/Makefile                         |  3 +--
 security/xca/distinfo                         |  4 ++--
 security/xca/patches/patch-lib_func_base_cpp  |  2 +-
 security/xca/patches/patch-lib_pki_pkcs12_cpp | 22 +++++++++++++++++++
 security/xca/patches/patch-lib_pki_x509_cpp   | 19 ++++++++++++++++
 security/xca/patches/patch-lib_pki_x509_h     | 12 ++++++++++
 .../xca/patches/patch-widgets_CertDetail_cpp  | 14 ++++++++++++
 .../xca/patches/patch-widgets_NewX509_cpp     |  2 +-
 security/xca/pkg/PLIST                        | 18 ++++++++++++---
 9 files changed, 87 insertions(+), 9 deletions(-)
 create mode 100644 security/xca/patches/patch-lib_pki_pkcs12_cpp
 create mode 100644 security/xca/patches/patch-lib_pki_x509_cpp
 create mode 100644 security/xca/patches/patch-lib_pki_x509_h
 create mode 100644 security/xca/patches/patch-widgets_CertDetail_cpp

diff --git a/security/xca/Makefile b/security/xca/Makefile
index 72aeb680939..26a39eb2f0b 100644
--- a/security/xca/Makefile
+++ b/security/xca/Makefile
@@ -1,9 +1,8 @@
 COMMENT=	create and manage certificates, CSRs, keys, etc
 
-V=		2.7.0
+V=		2.9.0
 DISTNAME=	xca-$V
 CATEGORIES=	security x11
-REVISION=	0
 
 HOMEPAGE=	https://hohnstaedt.de/xca/
 
diff --git a/security/xca/distinfo b/security/xca/distinfo
index a8f58eb2d84..7b6598109aa 100644
--- a/security/xca/distinfo
+++ b/security/xca/distinfo
@@ -1,2 +1,2 @@
-SHA256 (xca-2.7.0.tar.gz) = Ff9vvkwASsKtGIhas1rmlANkqCRtX+hWKkExL+RewV4=
-SIZE (xca-2.7.0.tar.gz) = 1888329
+SHA256 (xca-2.9.0.tar.gz) = yKlW9vBmA1a3JcsG71g137NlJgQ6T4wc/nZ0u3vdbFw=
+SIZE (xca-2.9.0.tar.gz) = 1954022
diff --git a/security/xca/patches/patch-lib_func_base_cpp b/security/xca/patches/patch-lib_func_base_cpp
index 61f5a25cac0..46a67a450a1 100644
--- a/security/xca/patches/patch-lib_func_base_cpp
+++ b/security/xca/patches/patch-lib_func_base_cpp
@@ -1,7 +1,7 @@
 Index: lib/func_base.cpp
 --- lib/func_base.cpp.orig
 +++ lib/func_base.cpp
-@@ -94,7 +94,7 @@ ASN1_STRING *QStringToAsn1(const QString s, int nid)
+@@ -95,7 +95,7 @@ ASN1_STRING *QStringToAsn1(const QString s, int nid)
  	unsigned long global_mask = ASN1_STRING_get_default_mask();
  	unsigned long mask = DIRSTRING_TYPE & global_mask;
  	ASN1_STRING *out = NULL;
diff --git a/security/xca/patches/patch-lib_pki_pkcs12_cpp b/security/xca/patches/patch-lib_pki_pkcs12_cpp
new file mode 100644
index 00000000000..2926e361255
--- /dev/null
+++ b/security/xca/patches/patch-lib_pki_pkcs12_cpp
@@ -0,0 +1,22 @@
+EVP_PKEY_add1_attr_by_NID is removed and won't be coming back:
+https://github.com/openbsd/src/commit/05034cf3497dd09a4fdbdecb13152ebab1c2bed4
+
+Index: lib/pki_pkcs12.cpp
+--- lib/pki_pkcs12.cpp.orig
++++ lib/pki_pkcs12.cpp
+@@ -159,6 +159,7 @@ void pki_pkcs12::writePKCS12(XFile &file, encAlgo &enc
+ 		keyAlgoNid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ 
+ 	EVP_PKEY *pkey = key->decryptKey();
++#ifndef LIBRESSL_VERSION_NUMBER
+ 	for (const QString &line : key->getComment().split('\n')) {
+ 		QStringList kv = line.split(":");
+ 		qDebug() << line << kv;
+@@ -168,6 +169,7 @@ void pki_pkcs12::writePKCS12(XFile &file, encAlgo &enc
+ 		EVP_PKEY_add1_attr_by_NID(pkey, NID_ms_csp_name,
+ 			MBSTRING_ASC, (const unsigned char*)csp.constData(), csp.size());
+ 	}
++#endif
+ 
+ 	pkcs12 = PKCS12_create(pass.data(), getIntName().toUtf8().data(),
+ 				pkey, cert->getCert(), certstack,
diff --git a/security/xca/patches/patch-lib_pki_x509_cpp b/security/xca/patches/patch-lib_pki_x509_cpp
new file mode 100644
index 00000000000..24540f0c8a9
--- /dev/null
+++ b/security/xca/patches/patch-lib_pki_x509_cpp
@@ -0,0 +1,19 @@
+Index: lib/pki_x509.cpp
+--- lib/pki_x509.cpp.orig
++++ lib/pki_x509.cpp
+@@ -1227,11 +1227,12 @@ QList<int> pki_x509::ossl_verify() const
+ 	return errors;
+ }
+ 
+-QList<X509_PURPOSE *> pki_x509::purposes() const
++QList<const X509_PURPOSE *> pki_x509::purposes() const
+ {
+-	QList<X509_PURPOSE *> purposes;
++	QList<const X509_PURPOSE *> purposes;
+ 	for (int i = 0; i< X509_PURPOSE_get_count(); i++) {
+-		X509_PURPOSE *purp = X509_PURPOSE_get0(i);
++		const X509_PURPOSE *purp;
++		purp = X509_PURPOSE_get0(i);
+ 		int id = X509_PURPOSE_get_id(purp);
+ 		if (id == X509_PURPOSE_ANY)
+ 			continue;
diff --git a/security/xca/patches/patch-lib_pki_x509_h b/security/xca/patches/patch-lib_pki_x509_h
new file mode 100644
index 00000000000..455f25236e0
--- /dev/null
+++ b/security/xca/patches/patch-lib_pki_x509_h
@@ -0,0 +1,12 @@
+Index: lib/pki_x509.h
+--- lib/pki_x509.h.orig
++++ lib/pki_x509.h
+@@ -169,7 +169,7 @@ class pki_x509 : public pki_x509super
+ 		bool importTaKey(const QByteArray &takey);
+ 		QList<int> ossl_verify() const;
+ 		bool check_ca() const;
+-		QList<X509_PURPOSE *> purposes() const;
++		QList<const X509_PURPOSE *> purposes() const;
+ 		int name_constraint_check(pki_x509 *issuer) const;
+ };
+ 
diff --git a/security/xca/patches/patch-widgets_CertDetail_cpp b/security/xca/patches/patch-widgets_CertDetail_cpp
new file mode 100644
index 00000000000..95be4f668f1
--- /dev/null
+++ b/security/xca/patches/patch-widgets_CertDetail_cpp
@@ -0,0 +1,14 @@
+Index: widgets/CertDetail.cpp
+--- widgets/CertDetail.cpp.orig
++++ widgets/CertDetail.cpp
+@@ -129,8 +129,8 @@ void CertDetail::setCert(pki_x509 *cert)
+ 		html = "<ul>\n" + html + "</ul>\n";
+ 
+ 	validation->setHtml(html);
+-	QList<X509_PURPOSE*> purposes = cert->purposes();
+-	for (X509_PURPOSE *purp : purposes) {
++	QList<const X509_PURPOSE*> purposes = cert->purposes();
++	for (const X509_PURPOSE *purp : purposes) {
+ 		QString purpname = X509_PURPOSE_get0_name(purp);
+ 		int id = X509_PURPOSE_get_id(purp);
+ 		qDebug() << "Purpose: " << purpname << " (" << id << ")";
diff --git a/security/xca/patches/patch-widgets_NewX509_cpp b/security/xca/patches/patch-widgets_NewX509_cpp
index 8bc5339daaa..8baad6ca214 100644
--- a/security/xca/patches/patch-widgets_NewX509_cpp
+++ b/security/xca/patches/patch-widgets_NewX509_cpp
@@ -3,7 +3,7 @@ const for ASN1_STRING_TABLE
 Index: widgets/NewX509.cpp
 --- widgets/NewX509.cpp.orig
 +++ widgets/NewX509.cpp
-@@ -327,7 +327,7 @@ void NewX509::setupExtDNwidget(const QString &s, QLine
+@@ -332,7 +332,7 @@ void NewX509::setupExtDNwidget(const QString &s, QLine
  
  void NewX509::setupLineEditByNid(int nid, QLineEdit *l)
  {
diff --git a/security/xca/pkg/PLIST b/security/xca/pkg/PLIST
index c16fd5ec4b1..6114b69d83b 100644
--- a/security/xca/pkg/PLIST
+++ b/security/xca/pkg/PLIST
@@ -1,7 +1,7 @@
 @ask-update xca-<2 .xdb format changes in XCA 2.x. Upgrade is automatic, but backup your old files.
 @bin bin/xca
 @man man/man1/xca.1
-share/applications/xca.desktop
+share/applications/de.hohnstaedt.xca.desktop
 share/bash-completion/completions/xca
 share/doc/xca/
 share/doc/xca/_sources/
@@ -12,6 +12,12 @@ share/doc/xca/_sources/changelog.rst.txt
 share/doc/xca/_sources/commandline.rst.txt
 share/doc/xca/_sources/common-actions.rst.txt
 share/doc/xca/_sources/database.rst.txt
+share/doc/xca/_sources/export-key-clp.rst.txt
+share/doc/xca/_sources/export-key.rst.txt
+share/doc/xca/_sources/export-request.rst.txt
+share/doc/xca/_sources/export-revocation.rst.txt
+share/doc/xca/_sources/export-x509-clp.rst.txt
+share/doc/xca/_sources/export-x509.rst.txt
 share/doc/xca/_sources/index.rst.txt
 share/doc/xca/_sources/introduction.rst.txt
 share/doc/xca/_sources/miscellaneous.rst.txt
@@ -45,6 +51,12 @@ share/doc/xca/changelog.html
 share/doc/xca/commandline.html
 share/doc/xca/common-actions.html
 share/doc/xca/database.html
+share/doc/xca/export-key-clp.html
+share/doc/xca/export-key.html
+share/doc/xca/export-request.html
+share/doc/xca/export-revocation.html
+share/doc/xca/export-x509-clp.html
+share/doc/xca/export-x509.html
 share/doc/xca/genindex.html
 share/doc/xca/index.html
 share/doc/xca/introduction.html
@@ -81,8 +93,6 @@ share/icons/hicolor/64x64/mimetypes/x-xca-template.png
 share/metainfo/
 share/metainfo/de.hohnstaedt.xca.metainfo.xml
 share/mime/packages/xca.xml
-share/pixmaps/
-share/pixmaps/xca-32x32.xpm
 share/xca/
 share/xca/CA.xca
 share/xca/TLS_client.xca
@@ -112,6 +122,7 @@ share/xca/i18n/
 share/xca/i18n/xca.qm
 share/xca/i18n/xca_bg.qm
 share/xca/i18n/xca_de.qm
+share/xca/i18n/xca_en.qm
 share/xca/i18n/xca_es.qm
 share/xca/i18n/xca_fa.qm
 share/xca/i18n/xca_fr.qm
@@ -119,6 +130,7 @@ share/xca/i18n/xca_hr.qm
 share/xca/i18n/xca_id.qm
 share/xca/i18n/xca_it.qm
 share/xca/i18n/xca_ja.qm
+share/xca/i18n/xca_ko.qm
 share/xca/i18n/xca_nl.qm
 share/xca/i18n/xca_pl.qm
 share/xca/i18n/xca_pt_BR.qm