openbsd/ports
1
0
Fork 0
mirror of https://github.com/openbsd/ports.git synced 2026-06-17 23:13:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update fort to 1.6.3, ok claudio

Browse Source 
https://github.com/NICMx/FORT-validator/releases/tag/1.6.3
https://github.com/NICMx/FORT-validator/releases/tag/1.6.2
This commit is contained in:
tb
2024-08-23 06:06:55 +00:00
parent ed4dbf52ea
commit b9f72b27e4
5 changed files with 3 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files
net/fort/Makefile
+1 -2
View File
@@ -1,8 +1,7 @@
COMMENT = RPKI "relying party" software
V = 1.6.1
V = 1.6.3
DISTNAME = fort-$V
REVISION = 0
CATEGORIES = net
net/fort/distinfo
+2 -2
View File
@@ -1,2 +1,2 @@
SHA256 (fort-1.6.1.tar.gz) = zjcZY87ZsDvBJUuX77lfLJ6zzfKVRuhWa1CDjgBHG3U=
SIZE (fort-1.6.1.tar.gz) = 547724
SHA256 (fort-1.6.3.tar.gz) = m31hcvHgz1cwJAyakXz8myqKl5DQUvOQR2Mak1VA0LM=
SIZE (fort-1.6.3.tar.gz) = 507804
net/fort/patches/patch-src_algorithm_c
-38
View File
@@ -1,38 +0,0 @@
Use X509_ALGOR_get0() instead of reaching into X509_ALGOR.
https://github.com/NICMx/FORT-validator/pull/107
Index: src/algorithm.c
--- src/algorithm.c.orig
+++ src/algorithm.c
@@ -61,22 +61,27 @@ validate_certificate_public_key_algorithm(X509_ALGOR *
int
validate_certificate_public_key_algorithm_bgpsec(X509_ALGOR *pa)
{
+ const ASN1_OBJECT *obj;
+ int parameter_type;
+ const void *parameter;
int nid;
- nid = OBJ_obj2nid(pa->algorithm);
+ X509_ALGOR_get0(&obj, &parameter_type, &parameter, pa);
+ nid = OBJ_obj2nid(obj);
+
/* Validate algorithm and parameters (RFC 8608#section-3.1.1) */
if (nid != NID_X9_62_id_ecPublicKey)
return pr_val_err("Certificate's public key format is NID '%s', not id-ecPublicKey.",
OBJ_nid2sn(nid));
- if (pa->parameter == NULL)
+ if (parameter == NULL)
return pr_val_err("Certificate's public key algorithm MUST have parameters");
- if (pa->parameter->type != V_ASN1_OBJECT)
+ if (parameter_type != V_ASN1_OBJECT)
return pr_val_err("Certificate's public key parameter type isn't valid");
- nid = OBJ_obj2nid((ASN1_OBJECT *)pa->parameter->value.object);
+ nid = OBJ_obj2nid(parameter);
if (nid != NID_X9_62_prime256v1)
return pr_val_err("Certificate's public key format is NID '%s', not secp256r1 (a.k.a prime256v1).",
OBJ_nid2sn(nid));
net/fort/patches/patch-src_object_certificate_c
-18
View File
@@ -1,18 +0,0 @@
Do not reach into X509_ALGOR.
https://github.com/NICMx/FORT-validator/pull/107
Index: src/object/certificate.c
--- src/object/certificate.c.orig
+++ src/object/certificate.c
@@ -160,7 +160,10 @@ validate_serial_number(X509 *cert)
static int
validate_signature_algorithm(X509 *cert)
{
- int nid = OBJ_obj2nid(X509_get0_tbs_sigalg(cert)->algorithm);
+ const ASN1_OBJECT *obj;
+ int nid;
+ X509_ALGOR_get0(&obj, NULL, NULL, X509_get0_tbs_sigalg(cert));
+ nid = OBJ_obj2nid(obj);
return validate_certificate_signature_algorithm(nid, "Certificate");
}
net/fort/patches/patch-src_rtr_pdu_stream_c
-16
View File
@@ -1,16 +0,0 @@
https://github.com/NICMx/FORT-validator/commit/917e7248c89beac0704757510626a3ed2de54208.diff
Index: src/rtr/pdu_stream.c
--- src/rtr/pdu_stream.c.orig
+++ src/rtr/pdu_stream.c
@@ -274,7 +274,9 @@ validate_rtr_version(struct pdu_stream *stream, struct
unsupported:
return err_pdu_send_unsupported_proto_version(
- stream->fd, stream->rtr_version, request,
+ stream->fd,
+ (stream->rtr_version != -1) ? stream->rtr_version : RTR_V1,
+ request,
"The maximum supported RTR version is 1."
);