rpms
/
xmlsec1
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8s
Branches Tags
rpms:c8s
rpms:c10s
rpms:c9s
rpms:c9
rpms:c9-beta
rpms:c8-beta
rpms:c8
rpms:imports/c9/xmlsec1-1.2.29-9.el9
rpms:imports/c9-beta/xmlsec1-1.2.29-9.el9
rpms:imports/c8-beta/xmlsec1-1.2.25-4.el8
rpms:imports/c8/xmlsec1-1.2.25-4.el8
rpms:imports/c8s/xmlsec1-1.2.25-4.el8
...
pull from: rpms:c9-beta
Branches Tags
rpms:c10s
rpms:c8s
rpms:c9s
rpms:c9
rpms:c9-beta
rpms:c8-beta
rpms:c8
rpms:imports/c9/xmlsec1-1.2.29-9.el9
rpms:imports/c9-beta/xmlsec1-1.2.29-9.el9
rpms:imports/c8-beta/xmlsec1-1.2.25-4.el8
rpms:imports/c8/xmlsec1-1.2.25-4.el8
rpms:imports/c8s/xmlsec1-1.2.25-4.el8

No commits in common. "c8s" and "c9-beta" have entirely different histories.
c8s ... c9-beta

11 changed files with 48 additions and 203 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
/xmlsec1-1.2.25.tar.gz SOURCES/xmlsec1-1.2.29.tar.gz

1
.xmlsec1.metadata Normal file
View File

@ -0,0 +1 @@
dff1279c410817bf0fe5d3b7444fb72d5ad6b021 SOURCES/xmlsec1-1.2.29.tar.gz

88
0001-resource-leaks.patch
View File

@ -1,88 +0,0 @@
diff -up xmlsec1-1.2.25/src/c14n.c.orig xmlsec1-1.2.25/src/c14n.c
--- xmlsec1-1.2.25/src/c14n.c.orig 2017-09-12 15:21:09.000000000 +0200
+++ xmlsec1-1.2.25/src/c14n.c 2024-05-14 09:55:35.800202266 +0200
@@ -228,7 +228,10 @@ xmlSecTransformC14NPushXml(xmlSecTransfo
/* we are using a semi-hack here: we know that xmlSecPtrList keeps
* all pointers in the big array */
nsList = xmlSecTransformC14NGetNsList(transform);
- xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1);
+ if (! xmlSecPtrListCheckId(nsList, xmlSecStringListId)) {
+ xmlOutputBufferClose(buf);
+ xmlSecAssert2(0, -1);
+ };
ret = xmlSecTransformC14NExecute(transform->id, nodes, (xmlChar**)(nsList->data), buf);
if(ret < 0) {
@@ -292,7 +295,10 @@ xmlSecTransformC14NPopBin(xmlSecTransfor
/* we are using a semi-hack here: we know that xmlSecPtrList keeps
* all pointers in the big array */
nsList = xmlSecTransformC14NGetNsList(transform);
- xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1);
+ if (! xmlSecPtrListCheckId(nsList, xmlSecStringListId)) {
+ xmlOutputBufferClose(buf);
+ xmlSecAssert2(0, -1);
+ }
ret = xmlSecTransformC14NExecute(transform->id, transform->inNodes, (xmlChar**)(nsList->data), buf);
if(ret < 0) {
@@ -732,4 +738,3 @@ xmlSecTransformId
xmlSecTransformRemoveXmlTagsC14NGetKlass(void) {
return(&xmlSecTransformRemoveXmlTagsC14NKlass);
}
-
diff -up xmlsec1-1.2.25/src/gcrypt/asymkeys.c.orig xmlsec1-1.2.25/src/gcrypt/asymkeys.c
--- xmlsec1-1.2.25/src/gcrypt/asymkeys.c.orig 2017-09-12 15:21:09.000000000 +0200
+++ xmlsec1-1.2.25/src/gcrypt/asymkeys.c 2024-05-14 09:55:35.801202265 +0200
@@ -186,6 +186,9 @@ xmlSecGCryptAsymKeyDataAdoptKey(xmlSecKe
pub_key = NULL; /* data owns it now */
priv_key = NULL; /* data owns it now */
+ /* Adopt functions assume ownership thus the caller would expect this to be released */
+ gcry_sexp_release(key_pair);
+
/* success */
res = 0;
diff -up xmlsec1-1.2.25/src/parser.c.orig xmlsec1-1.2.25/src/parser.c
--- xmlsec1-1.2.25/src/parser.c.orig 2017-09-12 15:21:09.000000000 +0200
+++ xmlsec1-1.2.25/src/parser.c 2024-05-14 09:55:35.802202264 +0200
@@ -354,7 +354,6 @@ xmlDocPtr
xmlSecParseFile(const char *filename) {
xmlParserCtxtPtr ctxt;
xmlDocPtr res = NULL;
- char *directory = NULL;
int ret;
xmlSecAssert2(filename != NULL, NULL);
@@ -371,23 +370,15 @@ xmlSecParseFile(const char *filename) {
/* crashes on x64 xmlCtxtUseOptions (ctxt, XML_PARSE_HUGE); */
/* todo: set directories from current doc? */
- if ((ctxt->directory == NULL) && (directory == NULL)) {
- directory = xmlParserGetDirectory(filename);
- if(directory == NULL) {
+ if (ctxt->directory == NULL) {
+ ctxt->directory = xmlParserGetDirectory(filename);
+ if(ctxt->directory == NULL) {
xmlSecXmlError2("xmlParserGetDirectory", NULL,
"filename=%s", xmlSecErrorsSafeString(filename));
xmlFreeParserCtxt(ctxt);
return(NULL);
}
}
- if ((ctxt->directory == NULL) && (directory != NULL)) {
- ctxt->directory = (char *) xmlStrdup(BAD_CAST directory);
- if(ctxt->directory == NULL) {
- xmlSecStrdupError(BAD_CAST directory, NULL);
- xmlFreeParserCtxt(ctxt);
- return(NULL);
- }
- }
/* required for c14n! */
ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
@@ -547,4 +538,3 @@ xmlSecParseMemory(const xmlSecByte *buff
xmlFreeParserCtxt(ctxt);
return(res);
}
-

68
xmlsec1.spec → SPECS/xmlsec1.spec
View File

@ -1,10 +1,11 @@
Summary: Library providing support for "XML Signature" and "XML Encryption" standards Summary: Library providing support for "XML Signature" and "XML Encryption" standards
Name: xmlsec1 Name: xmlsec1
Version: 1.2.25 Version: 1.2.29
Release: 8%{?dist}%{?extra_release} Release: 9%{?dist}%{?extra_release}
License: MIT License: MIT
Source0: http://www.aleksey.com/xmlsec/download/xmlsec1-%{version}.tar.gz Source0: https://www.aleksey.com/xmlsec/download/xmlsec1-%{version}.tar.gz
URL: http://www.aleksey.com/xmlsec/ URL: http://www.aleksey.com/xmlsec/
BuildRequires: make
BuildRequires: pkgconfig(libxml-2.0) >= 2.8.0 BuildRequires: pkgconfig(libxml-2.0) >= 2.8.0
BuildRequires: pkgconfig(libxslt) >= 1.0.20 BuildRequires: pkgconfig(libxslt) >= 1.0.20
BuildRequires: pkgconfig(openssl) >= 1.0.0 BuildRequires: pkgconfig(openssl) >= 1.0.0
@ -18,8 +19,6 @@ BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: gettext-devel BuildRequires: gettext-devel
BuildRequires: libtool BuildRequires: libtool
Patch0: 0001-resource-leaks.patch
Patch1: xmlSecOpenSSLX509DataNodeRead-error.patch
%description %description
XML Security Library is a C library based on LibXML2 and OpenSSL. XML Security Library is a C library based on LibXML2 and OpenSSL.
@ -70,7 +69,6 @@ Libraries, includes, etc. for developing XML Security applications with GCrypt.
%package gnutls %package gnutls
Summary: GNUTls crypto plugin for XML Security Library Summary: GNUTls crypto plugin for XML Security Library
Requires: xmlsec1%{?_isa} = %{version}-%{release} Requires: xmlsec1%{?_isa} = %{version}-%{release}
Requires: xmlsec1-gcrypt%{?_isa} = %{version}-%{release}
%description gnutls %description gnutls
GNUTls plugin for XML Security Library provides GNUTls based crypto services GNUTls plugin for XML Security Library provides GNUTls based crypto services
@ -103,11 +101,11 @@ Requires: xmlsec1-nss%{?_isa} = %{version}-%{release}
Libraries, includes, etc. for developing XML Security applications with NSS. Libraries, includes, etc. for developing XML Security applications with NSS.
%prep %prep
%autosetup -p1 %setup -q
%build %build
autoreconf -vfi autoreconf -vfi
%configure --disable-static %configure --disable-static --disable-md5 --disable-sha1
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
%make_build V=1 %make_build V=1
@ -137,9 +135,7 @@ mv %{buildroot}%{_docdir}/xmlsec1/* __tmp_doc
%{_bindir}/xmlsec1-config %{_bindir}/xmlsec1-config
%dir %{_includedir}/xmlsec1 %dir %{_includedir}/xmlsec1
%dir %{_includedir}/xmlsec1/xmlsec %dir %{_includedir}/xmlsec1/xmlsec
%dir %{_includedir}/xmlsec1/xmlsec/private
%{_includedir}/xmlsec1/xmlsec/*.h %{_includedir}/xmlsec1/xmlsec/*.h
%{_includedir}/xmlsec1/xmlsec/private/*.h
%{_libdir}/libxmlsec1.so %{_libdir}/libxmlsec1.so
%{_libdir}/pkgconfig/xmlsec1.pc %{_libdir}/pkgconfig/xmlsec1.pc
%{_libdir}/xmlsec1Conf.sh %{_libdir}/xmlsec1Conf.sh
@ -180,21 +176,49 @@ mv %{buildroot}%{_docdir}/xmlsec1/* __tmp_doc
%{_libdir}/pkgconfig/xmlsec1-nss.pc %{_libdir}/pkgconfig/xmlsec1-nss.pc
%changelog %changelog
* Fri May 31 2024 Tomas Halman <thalman@redhat.com> - 1.2.25-8 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.29-9
- Add gating tests - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: RHEL-36185 Related: rhbz#1991688
* Mon May 20 2024 Tomas Halman <thalman@redhat.com> - 1.2.25-7 * Wed Jul 28 2021 Florian Weimer <fweimer@redhat.com> - 1.2.29-8
- Fix adopt function the same way as in upstream - Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097)
Related: RHEL-36185
* Fri May 17 2024 Tomas Halman <thalman@redhat.com> - 1.2.25-6 * Thu Jun 17 2021 Jakub Hrozek <jhrozek@redhat.com> - 1.2.29-7
- Add xmlsec1-gnutls dependency on xmlsec1-gcrypt - compile without sha1 and md5
Related: RHEL-36185 - Resolves: rhbz#1936682 - xmlsec1 implements and/or uses the deprecated
SHA-1 algorithm by default
* Mon May 13 2024 Tomas Halman <thalman@redhat.com> - 1.2.25-5 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.29-6
- Fix memory leaks found by SAST - Rebuilt for RHEL 9 BETA for openssl 3.0
Resolves: RHEL-36185 Related: rhbz#1971065
* Thu Jun 3 2021 Jakub Hrozek <jhrozek@redhat.com> - 1.2.29-5
- Rebuilt for OpenSSL3
- Related: rhbz#1962052 - lasso: Port to OpenSSL 3.0
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.29-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Thu Jan 28 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.29-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.29-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Caolán McNamara <caolanm@redhat.com> - 1.2.29-1
- New upstream release
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.27-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.27-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Oct 23 2018 Simo Sorce <simo@redhat.com> - 1.2.27-1
- New upstream release
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.25-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Apr 12 2018 John Dennis <jdennis@redhat.com> - 1.2.25-4 * Thu Apr 12 2018 John Dennis <jdennis@redhat.com> - 1.2.25-4
- Resolves: rhbz#1566748 - Resolves: rhbz#1566748

6
gating.yaml
View File

@ -1,6 +0,0 @@
--- !Policy
product_versions:
- rhel-8
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

1
sources
View File

@ -1 +0,0 @@
SHA512 (xmlsec1-1.2.25.tar.gz) = ac61547a1cbf9016d7f75be3dc5249d6bc8a526bc51715e53ede13f056c1c72c57433a6be200c886000a25826c3e473954ded3ae988f25d37ac4ef4d777c66a6

1
tests/.fmf/version
View File

@ -1 +0,0 @@
1

5
tests/provision.fmf
View File

@ -1,5 +0,0 @@
---
standard-inventory-qcow2:
qemu:
m: 3G
smp: 2

12
tests/scripts/run_tests.sh
View File

@ -1,12 +0,0 @@
#!/bin/bash
export GIT_SSL_NO_VERIFY=true
git clone https://github.com/latchset/federation_testing.git
cd federation_testing
if [ ! -d /tmp/artifacts ]; then
mkdir -p /tmp/artifacts
fi
./setup.sh
./test_xmlsec.sh

12
tests/tests.yml
View File

@ -1,12 +0,0 @@
- hosts: localhost
roles:
- role: standard-test-basic
tags:
- classic
tests:
- mod_auth_mellon:
dir: scripts
run: ./run_tests.sh
required_packages:
- git

55
xmlSecOpenSSLX509DataNodeRead-error.patch
View File

@ -1,55 +0,0 @@
Please see this bug report for full details:
https://github.com/lsh123/xmlsec/issues/164
commit e303e077fb3e13654ba711b2816ff1a94247338b
Author: lsh123 <aleksey@aleksey.com>
Date: Wed Apr 11 17:13:43 2018 -1000
Add missing return(-1). (#165)
Fixed issue #164. All other crypto libraries are ok.
diff --git a/src/openssl/x509.c b/src/openssl/x509.c
index 15fe70db..b98e62d1 100644
--- a/src/openssl/x509.c
+++ b/src/openssl/x509.c
@@ -870,6 +870,7 @@ xmlSecOpenSSLX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI
xmlSecInternalError2("xmlSecOpenSSLX509CertificateNodeRead",
xmlSecKeyDataGetName(data),
"node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
}
} else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
ret = xmlSecOpenSSLX509SubjectNameNodeRead(data, cur, keyInfoCtx);
@@ -877,6 +878,7 @@ xmlSecOpenSSLX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI
xmlSecInternalError2("xmlSecOpenSSLX509SubjectNameNodeRead",
xmlSecKeyDataGetName(data),
"node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
}
} else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
ret = xmlSecOpenSSLX509IssuerSerialNodeRead(data, cur, keyInfoCtx);
@@ -884,6 +886,7 @@ xmlSecOpenSSLX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI
xmlSecInternalError2("xmlSecOpenSSLX509IssuerSerialNodeRead",
xmlSecKeyDataGetName(data),
"node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
}
} else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
ret = xmlSecOpenSSLX509SKINodeRead(data, cur, keyInfoCtx);
@@ -891,6 +894,7 @@ xmlSecOpenSSLX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI
xmlSecInternalError2("xmlSecOpenSSLX509SKINodeRead",
xmlSecKeyDataGetName(data),
"node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
}
} else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
ret = xmlSecOpenSSLX509CRLNodeRead(data, cur, keyInfoCtx);
@@ -898,6 +902,7 @@ xmlSecOpenSSLX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI
xmlSecInternalError2("xmlSecOpenSSLX509CRLNodeRead",
xmlSecKeyDataGetName(data),
"node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
}
} else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) {
/* laxi schema validation: ignore unknown nodes */