Created attachment 248319 [details] patch against current ports tree The previous patch did build on FreeBSD 14.0 but the OCSP responder was segfaulting. This fixes the previous incorrect patch through backporting changes from upstream. OCSP responder (openca-ocspd) now works on FreeBSD 14.0. Attached a git formatted patch against current ports tree.
Hello, I'm copying bofh... as you handle this last time. Sorry if I'm bothering you. Thanks
Hi, You said that "backporting changes from upstream". Do you have the commit id or patch id? It's easier with that rather than manually patching.
I think it's better to update this port to 0.99-RC2. If you do not have any objection I would like to do that. That would be a better solution rather than cherry-picking commits. As I can see that all of your patches from last time can be actually replaced with 1 single line: PATCHFILES= d7617046e9da97473a140c02582fa571f6359ae3.patch:-p1 \ 9c4865ad476a75c34d89e0bd663c280f544590c0.patch:-p1 But if we update to latest snapshot we get all the commits in one go.
Hello, Thanks for the feedback. I suppose we could try to bump source to 0.9.9, but there has been a lot of changes since 0.9.2, especially support for OQS. I've been trying to have the code compile on FreeBSD 14.0 but I'm not there yet. Did you try it ? Anyway I could try to cook up a version of 0.9.9 with disabled OQS, it compiles with two trivial patches (as my previous patches have been integrated upstream), but I have to test that it runs OK, esp that the ocsp server builds and runs.
Well, I did manage to have a 0.9.9 version that builds... but openca-ocspd does not against this new version because of the changes (and I'm mostly interested in the ocspd server). I'll try to fix it but I'll have to ask upstream how to adapt openca-ocspd. In the meantime, I still think it would be good to fix the 0.9.2 version (as my previous patches are in deed incorrect). What do you think ?
(In reply to Bruno Damour from comment #5) Okiz. Then do one thing. Remove all current patches and change your current PATCHFILES to resemble like the following. Do a make makesum. PATCHFILES= d7617046e9da97473a140c02582fa571f6359ae3.patch:-p1 \ 9c4865ad476a75c34d89e0bd663c280f544590c0.patch:-p1 Then apply your current patch(Not the patch you have submitted here but the patch to the file). Just to let you know when you are backporting upstream patches this is the preferred method of doing. Then you can create the git diff and submit here. If it's troublesome skip it and let me know.
Created attachment 248607 [details] New patch (git diff) against ports tree Hello, I tried to do as requested, hope this works (sorry if I got it wrong). We're patching the previously patched file (pki_509.c), correct ? Is that what you meant ? Thanks
Noops. It fails to patch. I will use your previous patch.
Strange. It does apply (git apply) on my fresh (git pull) ports tree. Thanks
I think I was not clear enough with my comment. Your patch applies fine. But then if you cd and make patch it fails. :(
Created attachment 248627 [details] New patch (git diff) against ports tree Ok, maybe this one is better ?
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=08beae7b9617a07ffff47c118a5cfd5ae798fd4e commit 08beae7b9617a07ffff47c118a5cfd5ae798fd4e Author: Bruno Damour <bruno@ruomad.net> AuthorDate: 2024-02-20 11:52:22 +0000 Commit: Muhammad Moinur Rahman <bofh@FreeBSD.org> CommitDate: 2024-02-20 11:53:40 +0000 security/libpki: Runtime fix The previous patch did build on FreeBSD 14.0 but the OCSP responder was segfaulting. This fixes the previous incorrect patch through backporting changes from upstream. OCSP responder (openca-ocspd) now works on FreeBSD 14.0. PR: 276951 Approved by: submitter is maintainer security/libpki/Makefile | 5 +- security/libpki/distinfo | 4 +- security/libpki/files/patch-acinclude.m4 (gone) | 16 ---- security/libpki/files/patch-configure.ac (gone) | 34 -------- .../patch-src-drivers-engine-engine_hsm.c (gone) | 12 --- ...h-src-drivers-openssl-openssl_hsm_pkey.c (gone) | 59 -------------- .../files/patch-src-libpki-prqp-prqp_asn1.h (gone) | 53 ------------- .../files/patch-src-openssl-pki_ocsp_resp.c (gone) | 14 ---- .../files/patch-src-openssl-pki_x509_cert.c (gone) | 26 ------ .../files/patch-src-openssl-pki_x509_req.c (gone) | 14 ---- security/libpki/files/patch-src-pki_init.c (gone) | 13 --- security/libpki/files/patch-src-pki_x509.c (gone) | 92 ---------------------- 12 files changed, 6 insertions(+), 336 deletions(-)