diff --git a/xmlSecOpenSSLX509DataNodeRead-error.patch b/xmlSecOpenSSLX509DataNodeRead-error.patch new file mode 100644 index 0000000..16abbbf --- /dev/null +++ b/xmlSecOpenSSLX509DataNodeRead-error.patch @@ -0,0 +1,55 @@ +Please see this bug report for full details: +https://github.com/lsh123/xmlsec/issues/164 + +commit e303e077fb3e13654ba711b2816ff1a94247338b +Author: lsh123 +Date: Wed Apr 11 17:13:43 2018 -1000 + + Add missing return(-1). (#165) + + Fixed issue #164. All other crypto libraries are ok. + +diff --git a/src/openssl/x509.c b/src/openssl/x509.c +index 15fe70db..b98e62d1 100644 +--- a/src/openssl/x509.c ++++ b/src/openssl/x509.c +@@ -870,6 +870,7 @@ xmlSecOpenSSLX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI + xmlSecInternalError2("xmlSecOpenSSLX509CertificateNodeRead", + xmlSecKeyDataGetName(data), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); ++ return(-1); + } + } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) { + ret = xmlSecOpenSSLX509SubjectNameNodeRead(data, cur, keyInfoCtx); +@@ -877,6 +878,7 @@ xmlSecOpenSSLX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI + xmlSecInternalError2("xmlSecOpenSSLX509SubjectNameNodeRead", + xmlSecKeyDataGetName(data), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); ++ return(-1); + } + } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) { + ret = xmlSecOpenSSLX509IssuerSerialNodeRead(data, cur, keyInfoCtx); +@@ -884,6 +886,7 @@ xmlSecOpenSSLX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI + xmlSecInternalError2("xmlSecOpenSSLX509IssuerSerialNodeRead", + xmlSecKeyDataGetName(data), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); ++ return(-1); + } + } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) { + ret = xmlSecOpenSSLX509SKINodeRead(data, cur, keyInfoCtx); +@@ -891,6 +894,7 @@ xmlSecOpenSSLX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI + xmlSecInternalError2("xmlSecOpenSSLX509SKINodeRead", + xmlSecKeyDataGetName(data), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); ++ return(-1); + } + } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) { + ret = xmlSecOpenSSLX509CRLNodeRead(data, cur, keyInfoCtx); +@@ -898,6 +902,7 @@ xmlSecOpenSSLX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI + xmlSecInternalError2("xmlSecOpenSSLX509CRLNodeRead", + xmlSecKeyDataGetName(data), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); ++ return(-1); + } + } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) { + /* laxi schema validation: ignore unknown nodes */ diff --git a/xmlsec1.spec b/xmlsec1.spec index c97820e..9d32888 100644 --- a/xmlsec1.spec +++ b/xmlsec1.spec @@ -1,7 +1,7 @@ Summary: Library providing support for "XML Signature" and "XML Encryption" standards Name: xmlsec1 Version: 1.2.25 -Release: 3%{?dist}%{?extra_release} +Release: 4%{?dist}%{?extra_release} License: MIT Source0: http://www.aleksey.com/xmlsec/download/xmlsec1-%{version}.tar.gz URL: http://www.aleksey.com/xmlsec/ @@ -19,6 +19,8 @@ BuildRequires: automake BuildRequires: gettext-devel BuildRequires: libtool +Patch1: xmlSecOpenSSLX509DataNodeRead-error.patch + %description XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security @@ -101,6 +103,7 @@ Libraries, includes, etc. for developing XML Security applications with NSS. %prep %setup -q +%patch1 -p1 %build autoreconf -vfi @@ -177,6 +180,10 @@ mv %{buildroot}%{_docdir}/xmlsec1/* __tmp_doc %{_libdir}/pkgconfig/xmlsec1-nss.pc %changelog +* Thu Apr 12 2018 John Dennis - 1.2.25-4 +- Resolves: rhbz#1566748 + xmlSecOpenSSLX509DataNodeRead fails to return error + * Fri Feb 09 2018 Fedora Release Engineering - 1.2.25-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild