From nobody Sun Sep 29 20:18:18 2024 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XGwWH0tlSz5X8qy; Sun, 29 Sep 2024 20:18:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XGwWH03Glz4PvT; Sun, 29 Sep 2024 20:18:19 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1727641099; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4XIrF/y+j/mlZSjplXOHP3l4vn0GkKbKDQS9qPBLdtM=; b=j6z0LjD+kEGfVrUuAydCCWnAIEyyDWKMkUr+VncUSJRMQpNXFjhjL8+QS9MbmzQNC8T6Pi y11esZMzEKfLEO5XwREnpH/ibBuYG+IjZ+C+dr5tZSQq8OoPwarEjBgHAwd5Kn+jsAM6Ou WXBN7HuhOXWlLkBgt1P+Y8DwE1MGW9UAUc3deco6n6TpVWyVU8kdkCy5cWicuDA+BqEL8O +lV4qTdP75ny9DMHXCzzZxEUZH6/EllKSdSe+97/mJPp5ReiB8JwF5Ne9OqjojhqIBaEVh oBTNOnK2N/5H30GsYXD8Vt5PEkqU6geQPwsBV/VbrGtM+YoVyhnIJzG99LR51Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1727641099; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4XIrF/y+j/mlZSjplXOHP3l4vn0GkKbKDQS9qPBLdtM=; b=jLxS9BV2UZAB3w/WbtiZLBN9Tk9lZ+A+4YiFsNfy5j/DsLPgYOpyQ6um8ML93Bjf8QRv+n cuiYD1cbYAqLnBK7WcTsbOrqltgZtVMsKxg9Kew2SOrEZe0T/j3yJeZGI2lnwzljI32SpG xuVM8aWgaNx+/FCsZjLDqkzFuCzqxgsdY91O6czp9Rz9t5II7xKjQdx4WaayAJB/fv38Kx cdBeRtDEq4jFbdux1Pc2SokBHsNAevwgHmjC1XJq2cpLk0MOQDntI4ccyWzX+c62aIBpN/ qrdgJP5KGfb5zVEAiWdfhrTXJaHTSuyDBUCNwesVFDf4yaum+cQHIg+wJcd28g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1727641099; a=rsa-sha256; cv=none; b=egb4LG/fHHHcBpFAacO0Wl1aGVLbtSsp9G6155eA0zCtlMq0fK0Dw+wz8NYEE8qKzgrBpp XX8pIzzcQS1flMA+fUXqo/Q86P9SaJEiKUOfBySm7QB4GeNs8iQbvmE1HPQinWLzwp13YR 1o1MMXiBnYudBJE+E5hs55X1tEOb0qLg5q3vEiUeBph5+OQxPX4WXhYDDv9IEYfvLO45N3 vKA7P9dos50Bi+jzCYhutvqQUQBqb9C0PiWJoF+Pxf7SBTjLVg16fMWEmqoZBdkjfnvhw5 nTmWtzE2Emrelx0kohuD3RDiIYshiiQxuUSidzuFwQzKEZXvXacuhwnzlA0Acg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XGwWG6mLKzNgW; Sun, 29 Sep 2024 20:18:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 48TKIIEw022488; Sun, 29 Sep 2024 20:18:18 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 48TKIIIo022485; Sun, 29 Sep 2024 20:18:18 GMT (envelope-from git) Date: Sun, 29 Sep 2024 20:18:18 GMT Message-Id: <202409292018.48TKIIIo022485@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Joe Marcus Clarke Subject: git: 9a9cfc4efa56 - main - net-im/libpurple: use the SSL_PeerCertificateChain function, instead of SSL_PeerCertificate List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-all@freebsd.org Sender: owner-dev-commits-ports-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: marcus X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9a9cfc4efa5690823dd0f0fafa5fd07d061e7e0c Auto-Submitted: auto-generated The branch main has been updated by marcus: URL: https://cgit.FreeBSD.org/ports/commit/?id=9a9cfc4efa5690823dd0f0fafa5fd07d061e7e0c commit 9a9cfc4efa5690823dd0f0fafa5fd07d061e7e0c Author: Rodrigo Osorio AuthorDate: 2024-09-29 20:15:59 +0000 Commit: Joe Marcus Clarke CommitDate: 2024-09-29 20:15:59 +0000 net-im/libpurple: use the SSL_PeerCertificateChain function, instead of SSL_PeerCertificate The ssl_nss_get_peer_certificates function in libpurple 2.x.y assumes that all intermediate certificates from the peer's presented chain can be found in the NSS certificate DB. This is not the case in NSS 3.103. This patch is required in order to add a new port for *MS teams* support in pidgin. This patch replaces a call to ssl_nss_get_peer_certificates by SSL_PeerCertificateChain who retrieves the certificates presented by the SSL peer.SSL_PeerCertificateChain has been in NSS since version 3.15.4 released in 2014. Additional references: https://bugzilla.mozilla.org/show_bug.cgi?id=1913047 PR: 281761 --- net-im/libpurple/Makefile | 2 +- .../files/patch-libpurple_plugins_ssl_ssl-nss.c | 54 ++++++++++++++++++++++ 2 files changed, 55 insertions(+), 1 deletion(-) diff --git a/net-im/libpurple/Makefile b/net-im/libpurple/Makefile index 77470608fceb..6d50b3182468 100644 --- a/net-im/libpurple/Makefile +++ b/net-im/libpurple/Makefile @@ -1,6 +1,6 @@ PORTNAME?= libpurple PORTVERSION= 2.14.13 -PORTREVISION?= 0 +PORTREVISION?= 1 CATEGORIES?= net-im MASTER_SITES= SF/pidgin/Pidgin/${PORTVERSION} DISTNAME= pidgin-${PORTVERSION} diff --git a/net-im/libpurple/files/patch-libpurple_plugins_ssl_ssl-nss.c b/net-im/libpurple/files/patch-libpurple_plugins_ssl_ssl-nss.c new file mode 100644 index 000000000000..a9e5703cbbc5 --- /dev/null +++ b/net-im/libpurple/files/patch-libpurple_plugins_ssl_ssl-nss.c @@ -0,0 +1,54 @@ +--- libpurple/plugins/ssl/ssl-nss.c ++++ libpurple/plugins/ssl/ssl-nss.c +@@ -282,39 +282,32 @@ x509_import_from_nss(CERTCertificate* ce + static GList * + ssl_nss_get_peer_certificates(PRFileDesc *socket, PurpleSslConnection * gsc) + { ++ CERTCertList *peerChain; ++ CERTCertListNode *cursor; + CERTCertificate *curcert; +- CERTCertificate *issuerCert; + PurpleCertificate * newcrt; + + /* List of Certificate instances to return */ + GList * peer_certs = NULL; +- int count; +- int64 now = PR_Now(); + +- curcert = SSL_PeerCertificate(socket); +- if (curcert == NULL) { +- purple_debug_error("nss", "could not DupCertificate\n"); ++ peerChain = SSL_PeerCertificateChain(socket); ++ if (peerChain == NULL) { ++ purple_debug_error("nss", "no peer certificates\n"); + return NULL; + } + +- for (count = 0 ; count < CERT_MAX_CERT_CHAIN ; count++) { ++ for (cursor = CERT_LIST_HEAD(peerChain); !CERT_LIST_END(cursor, peerChain); cursor = CERT_LIST_NEXT(cursor)) { ++ curcert = cursor->cert; ++ if (!curcert) { ++ purple_debug_error("nss", "cursor->cert == NULL\n"); ++ break; ++ } + purple_debug_info("nss", "subject=%s issuer=%s\n", curcert->subjectName, + curcert->issuerName ? curcert->issuerName : "(null)"); + newcrt = x509_import_from_nss(curcert); + peer_certs = g_list_append(peer_certs, newcrt); +- +- if (curcert->isRoot) { +- break; +- } +- issuerCert = CERT_FindCertIssuer(curcert, now, certUsageSSLServer); +- if (!issuerCert) { +- purple_debug_error("nss", "partial certificate chain\n"); +- break; +- } +- CERT_DestroyCertificate(curcert); +- curcert = issuerCert; + } +- CERT_DestroyCertificate(curcert); ++ CERT_DestroyCertList(peerChain); + + return peer_certs; + }