Compare commits
No commits in common. "c8-beta" and "c8s" have entirely different histories.
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/xmlsec1-1.2.25.tar.gz
|
/xmlsec1-1.2.25.tar.gz
|
||||||
|
@ -1 +0,0 @@
|
|||||||
0ef1117b8d11da475fd8d842a1341c675e627ab9 SOURCES/xmlsec1-1.2.25.tar.gz
|
|
88
0001-resource-leaks.patch
Normal file
88
0001-resource-leaks.patch
Normal file
@ -0,0 +1,88 @@
|
|||||||
|
diff -up xmlsec1-1.2.25/src/c14n.c.orig xmlsec1-1.2.25/src/c14n.c
|
||||||
|
--- xmlsec1-1.2.25/src/c14n.c.orig 2017-09-12 15:21:09.000000000 +0200
|
||||||
|
+++ xmlsec1-1.2.25/src/c14n.c 2024-05-14 09:55:35.800202266 +0200
|
||||||
|
@@ -228,7 +228,10 @@ xmlSecTransformC14NPushXml(xmlSecTransfo
|
||||||
|
/* we are using a semi-hack here: we know that xmlSecPtrList keeps
|
||||||
|
* all pointers in the big array */
|
||||||
|
nsList = xmlSecTransformC14NGetNsList(transform);
|
||||||
|
- xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1);
|
||||||
|
+ if (! xmlSecPtrListCheckId(nsList, xmlSecStringListId)) {
|
||||||
|
+ xmlOutputBufferClose(buf);
|
||||||
|
+ xmlSecAssert2(0, -1);
|
||||||
|
+ };
|
||||||
|
|
||||||
|
ret = xmlSecTransformC14NExecute(transform->id, nodes, (xmlChar**)(nsList->data), buf);
|
||||||
|
if(ret < 0) {
|
||||||
|
@@ -292,7 +295,10 @@ xmlSecTransformC14NPopBin(xmlSecTransfor
|
||||||
|
/* we are using a semi-hack here: we know that xmlSecPtrList keeps
|
||||||
|
* all pointers in the big array */
|
||||||
|
nsList = xmlSecTransformC14NGetNsList(transform);
|
||||||
|
- xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1);
|
||||||
|
+ if (! xmlSecPtrListCheckId(nsList, xmlSecStringListId)) {
|
||||||
|
+ xmlOutputBufferClose(buf);
|
||||||
|
+ xmlSecAssert2(0, -1);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
ret = xmlSecTransformC14NExecute(transform->id, transform->inNodes, (xmlChar**)(nsList->data), buf);
|
||||||
|
if(ret < 0) {
|
||||||
|
@@ -732,4 +738,3 @@ xmlSecTransformId
|
||||||
|
xmlSecTransformRemoveXmlTagsC14NGetKlass(void) {
|
||||||
|
return(&xmlSecTransformRemoveXmlTagsC14NKlass);
|
||||||
|
}
|
||||||
|
-
|
||||||
|
diff -up xmlsec1-1.2.25/src/gcrypt/asymkeys.c.orig xmlsec1-1.2.25/src/gcrypt/asymkeys.c
|
||||||
|
--- xmlsec1-1.2.25/src/gcrypt/asymkeys.c.orig 2017-09-12 15:21:09.000000000 +0200
|
||||||
|
+++ xmlsec1-1.2.25/src/gcrypt/asymkeys.c 2024-05-14 09:55:35.801202265 +0200
|
||||||
|
@@ -186,6 +186,9 @@ xmlSecGCryptAsymKeyDataAdoptKey(xmlSecKe
|
||||||
|
pub_key = NULL; /* data owns it now */
|
||||||
|
priv_key = NULL; /* data owns it now */
|
||||||
|
|
||||||
|
+ /* Adopt functions assume ownership thus the caller would expect this to be released */
|
||||||
|
+ gcry_sexp_release(key_pair);
|
||||||
|
+
|
||||||
|
/* success */
|
||||||
|
res = 0;
|
||||||
|
|
||||||
|
diff -up xmlsec1-1.2.25/src/parser.c.orig xmlsec1-1.2.25/src/parser.c
|
||||||
|
--- xmlsec1-1.2.25/src/parser.c.orig 2017-09-12 15:21:09.000000000 +0200
|
||||||
|
+++ xmlsec1-1.2.25/src/parser.c 2024-05-14 09:55:35.802202264 +0200
|
||||||
|
@@ -354,7 +354,6 @@ xmlDocPtr
|
||||||
|
xmlSecParseFile(const char *filename) {
|
||||||
|
xmlParserCtxtPtr ctxt;
|
||||||
|
xmlDocPtr res = NULL;
|
||||||
|
- char *directory = NULL;
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
xmlSecAssert2(filename != NULL, NULL);
|
||||||
|
@@ -371,23 +370,15 @@ xmlSecParseFile(const char *filename) {
|
||||||
|
/* crashes on x64 xmlCtxtUseOptions (ctxt, XML_PARSE_HUGE); */
|
||||||
|
|
||||||
|
/* todo: set directories from current doc? */
|
||||||
|
- if ((ctxt->directory == NULL) && (directory == NULL)) {
|
||||||
|
- directory = xmlParserGetDirectory(filename);
|
||||||
|
- if(directory == NULL) {
|
||||||
|
+ if (ctxt->directory == NULL) {
|
||||||
|
+ ctxt->directory = xmlParserGetDirectory(filename);
|
||||||
|
+ if(ctxt->directory == NULL) {
|
||||||
|
xmlSecXmlError2("xmlParserGetDirectory", NULL,
|
||||||
|
"filename=%s", xmlSecErrorsSafeString(filename));
|
||||||
|
xmlFreeParserCtxt(ctxt);
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- if ((ctxt->directory == NULL) && (directory != NULL)) {
|
||||||
|
- ctxt->directory = (char *) xmlStrdup(BAD_CAST directory);
|
||||||
|
- if(ctxt->directory == NULL) {
|
||||||
|
- xmlSecStrdupError(BAD_CAST directory, NULL);
|
||||||
|
- xmlFreeParserCtxt(ctxt);
|
||||||
|
- return(NULL);
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
|
||||||
|
/* required for c14n! */
|
||||||
|
ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
|
||||||
|
@@ -547,4 +538,3 @@ xmlSecParseMemory(const xmlSecByte *buff
|
||||||
|
xmlFreeParserCtxt(ctxt);
|
||||||
|
return(res);
|
||||||
|
}
|
||||||
|
-
|
6
gating.yaml
Normal file
6
gating.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-8
|
||||||
|
decision_context: osci_compose_gate
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
1
sources
Normal file
1
sources
Normal file
@ -0,0 +1 @@
|
|||||||
|
SHA512 (xmlsec1-1.2.25.tar.gz) = ac61547a1cbf9016d7f75be3dc5249d6bc8a526bc51715e53ede13f056c1c72c57433a6be200c886000a25826c3e473954ded3ae988f25d37ac4ef4d777c66a6
|
1
tests/.fmf/version
Normal file
1
tests/.fmf/version
Normal file
@ -0,0 +1 @@
|
|||||||
|
1
|
5
tests/provision.fmf
Normal file
5
tests/provision.fmf
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
standard-inventory-qcow2:
|
||||||
|
qemu:
|
||||||
|
m: 3G
|
||||||
|
smp: 2
|
12
tests/scripts/run_tests.sh
Normal file
12
tests/scripts/run_tests.sh
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
export GIT_SSL_NO_VERIFY=true
|
||||||
|
git clone https://github.com/latchset/federation_testing.git
|
||||||
|
|
||||||
|
cd federation_testing
|
||||||
|
if [ ! -d /tmp/artifacts ]; then
|
||||||
|
mkdir -p /tmp/artifacts
|
||||||
|
fi
|
||||||
|
|
||||||
|
./setup.sh
|
||||||
|
./test_xmlsec.sh
|
12
tests/tests.yml
Normal file
12
tests/tests.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
- hosts: localhost
|
||||||
|
roles:
|
||||||
|
- role: standard-test-basic
|
||||||
|
tags:
|
||||||
|
- classic
|
||||||
|
tests:
|
||||||
|
- mod_auth_mellon:
|
||||||
|
dir: scripts
|
||||||
|
run: ./run_tests.sh
|
||||||
|
required_packages:
|
||||||
|
- git
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
Summary: Library providing support for "XML Signature" and "XML Encryption" standards
|
Summary: Library providing support for "XML Signature" and "XML Encryption" standards
|
||||||
Name: xmlsec1
|
Name: xmlsec1
|
||||||
Version: 1.2.25
|
Version: 1.2.25
|
||||||
Release: 4%{?dist}%{?extra_release}
|
Release: 8%{?dist}%{?extra_release}
|
||||||
License: MIT
|
License: MIT
|
||||||
Source0: http://www.aleksey.com/xmlsec/download/xmlsec1-%{version}.tar.gz
|
Source0: http://www.aleksey.com/xmlsec/download/xmlsec1-%{version}.tar.gz
|
||||||
URL: http://www.aleksey.com/xmlsec/
|
URL: http://www.aleksey.com/xmlsec/
|
||||||
@ -18,7 +18,7 @@ BuildRequires: autoconf
|
|||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: gettext-devel
|
BuildRequires: gettext-devel
|
||||||
BuildRequires: libtool
|
BuildRequires: libtool
|
||||||
|
Patch0: 0001-resource-leaks.patch
|
||||||
Patch1: xmlSecOpenSSLX509DataNodeRead-error.patch
|
Patch1: xmlSecOpenSSLX509DataNodeRead-error.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -70,6 +70,7 @@ Libraries, includes, etc. for developing XML Security applications with GCrypt.
|
|||||||
%package gnutls
|
%package gnutls
|
||||||
Summary: GNUTls crypto plugin for XML Security Library
|
Summary: GNUTls crypto plugin for XML Security Library
|
||||||
Requires: xmlsec1%{?_isa} = %{version}-%{release}
|
Requires: xmlsec1%{?_isa} = %{version}-%{release}
|
||||||
|
Requires: xmlsec1-gcrypt%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
%description gnutls
|
%description gnutls
|
||||||
GNUTls plugin for XML Security Library provides GNUTls based crypto services
|
GNUTls plugin for XML Security Library provides GNUTls based crypto services
|
||||||
@ -102,8 +103,7 @@ Requires: xmlsec1-nss%{?_isa} = %{version}-%{release}
|
|||||||
Libraries, includes, etc. for developing XML Security applications with NSS.
|
Libraries, includes, etc. for developing XML Security applications with NSS.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%autosetup -p1
|
||||||
%patch1 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -vfi
|
autoreconf -vfi
|
||||||
@ -180,6 +180,22 @@ mv %{buildroot}%{_docdir}/xmlsec1/* __tmp_doc
|
|||||||
%{_libdir}/pkgconfig/xmlsec1-nss.pc
|
%{_libdir}/pkgconfig/xmlsec1-nss.pc
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri May 31 2024 Tomas Halman <thalman@redhat.com> - 1.2.25-8
|
||||||
|
- Add gating tests
|
||||||
|
Related: RHEL-36185
|
||||||
|
|
||||||
|
* Mon May 20 2024 Tomas Halman <thalman@redhat.com> - 1.2.25-7
|
||||||
|
- Fix adopt function the same way as in upstream
|
||||||
|
Related: RHEL-36185
|
||||||
|
|
||||||
|
* Fri May 17 2024 Tomas Halman <thalman@redhat.com> - 1.2.25-6
|
||||||
|
- Add xmlsec1-gnutls dependency on xmlsec1-gcrypt
|
||||||
|
Related: RHEL-36185
|
||||||
|
|
||||||
|
* Mon May 13 2024 Tomas Halman <thalman@redhat.com> - 1.2.25-5
|
||||||
|
- Fix memory leaks found by SAST
|
||||||
|
Resolves: RHEL-36185
|
||||||
|
|
||||||
* Thu Apr 12 2018 John Dennis <jdennis@redhat.com> - 1.2.25-4
|
* Thu Apr 12 2018 John Dennis <jdennis@redhat.com> - 1.2.25-4
|
||||||
- Resolves: rhbz#1566748
|
- Resolves: rhbz#1566748
|
||||||
xmlSecOpenSSLX509DataNodeRead fails to return error
|
xmlSecOpenSSLX509DataNodeRead fails to return error
|
Loading…
Reference in New Issue
Block a user