import CS xmlsec1-1.2.29-13.el9
This commit is contained in:
parent
452d334d41
commit
a98c4419b9
97
SOURCES/0001-resource-leaks.patch
Normal file
97
SOURCES/0001-resource-leaks.patch
Normal file
@ -0,0 +1,97 @@
|
|||||||
|
diff -up xmlsec1-1.2.29/src/c14n.c.orig xmlsec1-1.2.29/src/c14n.c
|
||||||
|
--- xmlsec1-1.2.29/src/c14n.c.orig 2024-05-10 13:47:12.698153446 +0200
|
||||||
|
+++ xmlsec1-1.2.29/src/c14n.c 2024-05-10 18:30:35.148285625 +0200
|
||||||
|
@@ -233,7 +233,10 @@ xmlSecTransformC14NPushXml(xmlSecTransfo
|
||||||
|
/* we are using a semi-hack here: we know that xmlSecPtrList keeps
|
||||||
|
* all pointers in the big array */
|
||||||
|
nsList = xmlSecTransformC14NGetNsList(transform);
|
||||||
|
- xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1);
|
||||||
|
+ if (! xmlSecPtrListCheckId(nsList, xmlSecStringListId)) {
|
||||||
|
+ xmlOutputBufferClose(buf);
|
||||||
|
+ xmlSecAssert2(0, -1);
|
||||||
|
+ };
|
||||||
|
|
||||||
|
ret = xmlSecTransformC14NExecute(transform->id, nodes, (xmlChar**)(nsList->data), buf);
|
||||||
|
if(ret < 0) {
|
||||||
|
@@ -297,7 +300,10 @@ xmlSecTransformC14NPopBin(xmlSecTransfor
|
||||||
|
/* we are using a semi-hack here: we know that xmlSecPtrList keeps
|
||||||
|
* all pointers in the big array */
|
||||||
|
nsList = xmlSecTransformC14NGetNsList(transform);
|
||||||
|
- xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1);
|
||||||
|
+ if (! xmlSecPtrListCheckId(nsList, xmlSecStringListId)) {
|
||||||
|
+ xmlOutputBufferClose(buf);
|
||||||
|
+ xmlSecAssert2(0, -1);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
ret = xmlSecTransformC14NExecute(transform->id, transform->inNodes, (xmlChar**)(nsList->data), buf);
|
||||||
|
if(ret < 0) {
|
||||||
|
@@ -737,4 +743,3 @@ xmlSecTransformId
|
||||||
|
xmlSecTransformRemoveXmlTagsC14NGetKlass(void) {
|
||||||
|
return(&xmlSecTransformRemoveXmlTagsC14NKlass);
|
||||||
|
}
|
||||||
|
-
|
||||||
|
diff -up xmlsec1-1.2.29/src/gcrypt/asymkeys.c.orig xmlsec1-1.2.29/src/gcrypt/asymkeys.c
|
||||||
|
--- xmlsec1-1.2.29/src/gcrypt/asymkeys.c.orig 2024-05-10 18:47:45.800368678 +0200
|
||||||
|
+++ xmlsec1-1.2.29/src/gcrypt/asymkeys.c 2024-05-13 09:11:08.784351577 +0200
|
||||||
|
@@ -186,6 +186,9 @@ xmlSecGCryptAsymKeyDataAdoptKey(xmlSecKe
|
||||||
|
pub_key = NULL; /* data owns it now */
|
||||||
|
priv_key = NULL; /* data owns it now */
|
||||||
|
|
||||||
|
+ /* Adopt functions assume ownership thus the caller would expect this to be released */
|
||||||
|
+ gcry_sexp_release(key_pair);
|
||||||
|
+
|
||||||
|
/* success */
|
||||||
|
res = 0;
|
||||||
|
|
||||||
|
diff -up xmlsec1-1.2.29/src/parser.c.orig xmlsec1-1.2.29/src/parser.c
|
||||||
|
--- xmlsec1-1.2.29/src/parser.c.orig 2024-05-10 13:46:59.217160842 +0200
|
||||||
|
+++ xmlsec1-1.2.29/src/parser.c 2024-05-10 17:28:22.848994008 +0200
|
||||||
|
@@ -368,7 +368,6 @@ xmlDocPtr
|
||||||
|
xmlSecParseFile(const char *filename) {
|
||||||
|
xmlParserCtxtPtr ctxt;
|
||||||
|
xmlDocPtr res = NULL;
|
||||||
|
- char *directory = NULL;
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
xmlSecAssert2(filename != NULL, NULL);
|
||||||
|
@@ -385,23 +384,15 @@ xmlSecParseFile(const char *filename) {
|
||||||
|
/* crashes on x64 xmlCtxtUseOptions (ctxt, XML_PARSE_HUGE); */
|
||||||
|
|
||||||
|
/* todo: set directories from current doc? */
|
||||||
|
- if ((ctxt->directory == NULL) && (directory == NULL)) {
|
||||||
|
- directory = xmlParserGetDirectory(filename);
|
||||||
|
- if(directory == NULL) {
|
||||||
|
+ if (ctxt->directory == NULL) {
|
||||||
|
+ ctxt->directory = xmlParserGetDirectory(filename);
|
||||||
|
+ if(ctxt->directory == NULL) {
|
||||||
|
xmlSecXmlError2("xmlParserGetDirectory", NULL,
|
||||||
|
"filename=%s", xmlSecErrorsSafeString(filename));
|
||||||
|
xmlFreeParserCtxt(ctxt);
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- if ((ctxt->directory == NULL) && (directory != NULL)) {
|
||||||
|
- ctxt->directory = (char *) xmlStrdup(BAD_CAST directory);
|
||||||
|
- if(ctxt->directory == NULL) {
|
||||||
|
- xmlSecStrdupError(BAD_CAST directory, NULL);
|
||||||
|
- xmlFreeParserCtxt(ctxt);
|
||||||
|
- return(NULL);
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
|
||||||
|
/* required for c14n! */
|
||||||
|
ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
|
||||||
|
@@ -559,7 +550,7 @@ xmlSecParseMemory(const xmlSecByte *buff
|
||||||
|
if(ctxt->myDoc != NULL) {
|
||||||
|
xmlFreeDoc(ctxt->myDoc);
|
||||||
|
ctxt->myDoc = NULL;
|
||||||
|
- }
|
||||||
|
+ }
|
||||||
|
xmlFreeParserCtxt(ctxt);
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
@@ -580,4 +571,3 @@ xmlSecParseMemory(const xmlSecByte *buff
|
||||||
|
xmlFreeParserCtxt(ctxt);
|
||||||
|
return(res);
|
||||||
|
}
|
||||||
|
-
|
@ -1,7 +1,7 @@
|
|||||||
Summary: Library providing support for "XML Signature" and "XML Encryption" standards
|
Summary: Library providing support for "XML Signature" and "XML Encryption" standards
|
||||||
Name: xmlsec1
|
Name: xmlsec1
|
||||||
Version: 1.2.29
|
Version: 1.2.29
|
||||||
Release: 9%{?dist}%{?extra_release}
|
Release: 13%{?dist}%{?extra_release}
|
||||||
License: MIT
|
License: MIT
|
||||||
Source0: https://www.aleksey.com/xmlsec/download/xmlsec1-%{version}.tar.gz
|
Source0: https://www.aleksey.com/xmlsec/download/xmlsec1-%{version}.tar.gz
|
||||||
URL: http://www.aleksey.com/xmlsec/
|
URL: http://www.aleksey.com/xmlsec/
|
||||||
@ -19,6 +19,7 @@ BuildRequires: autoconf
|
|||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: gettext-devel
|
BuildRequires: gettext-devel
|
||||||
BuildRequires: libtool
|
BuildRequires: libtool
|
||||||
|
Patch0: 0001-resource-leaks.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
XML Security Library is a C library based on LibXML2 and OpenSSL.
|
XML Security Library is a C library based on LibXML2 and OpenSSL.
|
||||||
@ -69,6 +70,7 @@ Libraries, includes, etc. for developing XML Security applications with GCrypt.
|
|||||||
%package gnutls
|
%package gnutls
|
||||||
Summary: GNUTls crypto plugin for XML Security Library
|
Summary: GNUTls crypto plugin for XML Security Library
|
||||||
Requires: xmlsec1%{?_isa} = %{version}-%{release}
|
Requires: xmlsec1%{?_isa} = %{version}-%{release}
|
||||||
|
Requires: xmlsec1-gcrypt%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
%description gnutls
|
%description gnutls
|
||||||
GNUTls plugin for XML Security Library provides GNUTls based crypto services
|
GNUTls plugin for XML Security Library provides GNUTls based crypto services
|
||||||
@ -101,7 +103,7 @@ Requires: xmlsec1-nss%{?_isa} = %{version}-%{release}
|
|||||||
Libraries, includes, etc. for developing XML Security applications with NSS.
|
Libraries, includes, etc. for developing XML Security applications with NSS.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%autosetup -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -vfi
|
autoreconf -vfi
|
||||||
@ -176,6 +178,22 @@ mv %{buildroot}%{_docdir}/xmlsec1/* __tmp_doc
|
|||||||
%{_libdir}/pkgconfig/xmlsec1-nss.pc
|
%{_libdir}/pkgconfig/xmlsec1-nss.pc
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon May 20 2024 Tomas Halman <thalman@redhat.com> - 1.2.29-12
|
||||||
|
- Fix adopt function the same way as in upstream
|
||||||
|
Related: RHEL-35381
|
||||||
|
|
||||||
|
* Fri May 17 2024 Tomas Halman <thalman@redhat.com> - 1.2.29-12
|
||||||
|
- Fix double free in xmlSecGCryptAsymKeyDataGenerate
|
||||||
|
Related: RHEL-35381
|
||||||
|
|
||||||
|
* Fri May 17 2024 Tomas Halman <thalman@redhat.com> - 1.2.29-11
|
||||||
|
- Add xmlsec1-gnutls dependency on xmlsec1-gcrypt
|
||||||
|
Related: RHEL-35381
|
||||||
|
|
||||||
|
* Mon May 13 2024 Tomas Halman <thalman@redhat.com> - 1.2.29-10
|
||||||
|
- Fix memory leaks found by SAST
|
||||||
|
Resolves: RHEL-35381
|
||||||
|
|
||||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.29-9
|
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.29-9
|
||||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
Related: rhbz#1991688
|
Related: rhbz#1991688
|
||||||
|
Loading…
Reference in New Issue
Block a user