11 changed files with 6 additions and 146 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-/xmlsec1-1.2.25.tar.gz
+SOURCES/xmlsec1-1.2.25.tar.gz
--- a/.xmlsec1.metadata
+++ b/.xmlsec1.metadata
@ -0,0 +1 @@
 0ef1117b8d11da475fd8d842a1341c675e627ab9 SOURCES/xmlsec1-1.2.25.tar.gz
--- a/0001-resource-leaks.patch
+++ b/0001-resource-leaks.patch
@ -1,88 +0,0 @@
 diff -up xmlsec1-1.2.25/src/c14n.c.orig xmlsec1-1.2.25/src/c14n.c
 --- xmlsec1-1.2.25/src/c14n.c.orig	2017-09-12 15:21:09.000000000 +0200
 +++ xmlsec1-1.2.25/src/c14n.c	2024-05-14 09:55:35.800202266 +0200
@@ -228,7 +228,10 @@ xmlSecTransformC14NPushXml(xmlSecTransfo
     /* we are using a semi-hack here: we know that xmlSecPtrList keeps
      * all pointers in the big array */
     nsList = xmlSecTransformC14NGetNsList(transform);
 -    xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1);
 +    if (! xmlSecPtrListCheckId(nsList, xmlSecStringListId)) {
 +        xmlOutputBufferClose(buf);
 +        xmlSecAssert2(0, -1);
 +    };
     ret = xmlSecTransformC14NExecute(transform->id, nodes, (xmlChar**)(nsList->data), buf);
     if(ret < 0) {
@@ -292,7 +295,10 @@ xmlSecTransformC14NPopBin(xmlSecTransfor
         /* we are using a semi-hack here: we know that xmlSecPtrList keeps
          * all pointers in the big array */
         nsList = xmlSecTransformC14NGetNsList(transform);
 -        xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1);
 +        if (! xmlSecPtrListCheckId(nsList, xmlSecStringListId)) {
 +            xmlOutputBufferClose(buf);
 +            xmlSecAssert2(0, -1);
 +        }
         ret = xmlSecTransformC14NExecute(transform->id, transform->inNodes, (xmlChar**)(nsList->data), buf);
         if(ret < 0) {
@@ -732,4 +738,3 @@ xmlSecTransformId
 xmlSecTransformRemoveXmlTagsC14NGetKlass(void) {
     return(&xmlSecTransformRemoveXmlTagsC14NKlass);
 }
 -
 diff -up xmlsec1-1.2.25/src/gcrypt/asymkeys.c.orig xmlsec1-1.2.25/src/gcrypt/asymkeys.c
 --- xmlsec1-1.2.25/src/gcrypt/asymkeys.c.orig	2017-09-12 15:21:09.000000000 +0200
 +++ xmlsec1-1.2.25/src/gcrypt/asymkeys.c	2024-05-14 09:55:35.801202265 +0200
@@ -186,6 +186,9 @@ xmlSecGCryptAsymKeyDataAdoptKey(xmlSecKe
     pub_key = NULL; /* data owns it now */
     priv_key = NULL; /* data owns it now */
 +    /* Adopt functions assume ownership thus the caller would expect this to be released */
 +    gcry_sexp_release(key_pair);
 +
     /* success */
     res = 0;
 diff -up xmlsec1-1.2.25/src/parser.c.orig xmlsec1-1.2.25/src/parser.c
 --- xmlsec1-1.2.25/src/parser.c.orig	2017-09-12 15:21:09.000000000 +0200
 +++ xmlsec1-1.2.25/src/parser.c	2024-05-14 09:55:35.802202264 +0200
@@ -354,7 +354,6 @@ xmlDocPtr
 xmlSecParseFile(const char *filename) {
     xmlParserCtxtPtr ctxt;
     xmlDocPtr res = NULL;
 -    char *directory = NULL;
     int ret;
     xmlSecAssert2(filename != NULL, NULL);
@@ -371,23 +370,15 @@ xmlSecParseFile(const char *filename) {
     /* crashes on x64 xmlCtxtUseOptions (ctxt, XML_PARSE_HUGE); */
     /* todo: set directories from current doc? */
 -    if ((ctxt->directory == NULL) && (directory == NULL)) {
 -        directory = xmlParserGetDirectory(filename);
 -        if(directory == NULL) {
 +    if (ctxt->directory == NULL) {
 +        ctxt->directory = xmlParserGetDirectory(filename);
 +        if(ctxt->directory == NULL) {
             xmlSecXmlError2("xmlParserGetDirectory", NULL,
                             "filename=%s", xmlSecErrorsSafeString(filename));
             xmlFreeParserCtxt(ctxt);
             return(NULL);
         }
     }
 -    if ((ctxt->directory == NULL) && (directory != NULL)) {
 -        ctxt->directory = (char *) xmlStrdup(BAD_CAST directory);
 -        if(ctxt->directory == NULL) {
 -            xmlSecStrdupError(BAD_CAST directory, NULL);
 -            xmlFreeParserCtxt(ctxt);
 -            return(NULL);
 -        }
 -    }
     /* required for c14n! */
     ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
@@ -547,4 +538,3 @@ xmlSecParseMemory(const xmlSecByte *buff
     xmlFreeParserCtxt(ctxt);
     return(res);
 }
 -
--- a/SOURCES/xmlSecOpenSSLX509DataNodeRead-error.patch
+++ b/SOURCES/xmlSecOpenSSLX509DataNodeRead-error.patch
--- a/SPECS/xmlsec1.spec
+++ b/SPECS/xmlsec1.spec
@ -1,7 +1,7 @@
 Summary: Library providing support for "XML Signature" and "XML Encryption" standards
 Name: xmlsec1
 Version: 1.2.25
-Release: 8%{?dist}%{?extra_release}
+Release: 4%{?dist}%{?extra_release}
 License: MIT
 Source0: http://www.aleksey.com/xmlsec/download/xmlsec1-%{version}.tar.gz
 URL: http://www.aleksey.com/xmlsec/
@ -18,7 +18,7 @@ BuildRequires: autoconf
 BuildRequires: automake
 BuildRequires: gettext-devel
 BuildRequires: libtool
-Patch0: 0001-resource-leaks.patch
+
 Patch1: xmlSecOpenSSLX509DataNodeRead-error.patch
 %description
@ -70,7 +70,6 @@ Libraries, includes, etc. for developing XML Security applications with GCrypt.
 %package gnutls
 Summary: GNUTls crypto plugin for XML Security Library
 Requires: xmlsec1%{?_isa} = %{version}-%{release}
 Requires: xmlsec1-gcrypt%{?_isa} = %{version}-%{release}
 %description gnutls
 GNUTls plugin for XML Security Library provides GNUTls based crypto services
@ -103,7 +102,8 @@ Requires: xmlsec1-nss%{?_isa} = %{version}-%{release}
 Libraries, includes, etc. for developing XML Security applications with NSS.
 %prep
-%autosetup -p1
+%setup -q
 %patch1 -p1
 %build
 autoreconf -vfi
@ -180,22 +180,6 @@ mv %{buildroot}%{_docdir}/xmlsec1/* __tmp_doc
 %{_libdir}/pkgconfig/xmlsec1-nss.pc
 %changelog
 * Fri May 31 2024 Tomas Halman <thalman@redhat.com> - 1.2.25-8
 - Add gating tests
  Related: RHEL-36185
 * Mon May 20 2024 Tomas Halman <thalman@redhat.com> - 1.2.25-7
 - Fix adopt function the same way as in upstream
  Related: RHEL-36185
 * Fri May 17 2024 Tomas Halman <thalman@redhat.com> - 1.2.25-6
 - Add xmlsec1-gnutls dependency on xmlsec1-gcrypt
  Related: RHEL-36185
 * Mon May 13 2024 Tomas Halman <thalman@redhat.com> - 1.2.25-5
 - Fix memory leaks found by SAST
  Resolves: RHEL-36185
 * Thu Apr 12 2018 John Dennis <jdennis@redhat.com> - 1.2.25-4
 - Resolves: rhbz#1566748
  xmlSecOpenSSLX509DataNodeRead fails to return error
--- a/gating.yaml
+++ b/gating.yaml
@ -1,6 +0,0 @@
 --- !Policy
 product_versions:
  - rhel-8
 decision_context: osci_compose_gate
 rules:
  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
--- a/1
+++ b/1
@ -1 +0,0 @@
 SHA512 (xmlsec1-1.2.25.tar.gz) = ac61547a1cbf9016d7f75be3dc5249d6bc8a526bc51715e53ede13f056c1c72c57433a6be200c886000a25826c3e473954ded3ae988f25d37ac4ef4d777c66a6
--- a/tests/.fmf/version
+++ b/tests/.fmf/version
@ -1 +0,0 @@
 1
--- a/tests/provision.fmf
+++ b/tests/provision.fmf
@ -1,5 +0,0 @@
 ---
 standard-inventory-qcow2:
  qemu:
    m: 3G
    smp: 2
--- a/tests/scripts/run_tests.sh
+++ b/tests/scripts/run_tests.sh
@ -1,12 +0,0 @@
 #!/bin/bash
 export GIT_SSL_NO_VERIFY=true
 git clone https://github.com/latchset/federation_testing.git
 cd federation_testing
 if [ ! -d /tmp/artifacts ]; then
    mkdir -p /tmp/artifacts
 fi
 ./setup.sh
 ./test_xmlsec.sh
--- a/tests/tests.yml
+++ b/tests/tests.yml
@ -1,12 +0,0 @@
 - hosts: localhost
  roles:
  - role: standard-test-basic
    tags:
    - classic
    tests:
    - mod_auth_mellon:
        dir: scripts
        run: ./run_tests.sh
    required_packages:
    - git
`@ -1 +1 @@`
	`/xmlsec1-1.2.25.tar.gz`	`SOURCES/xmlsec1-1.2.25.tar.gz`
		`@ -0,0 +1 @@`
							`0ef1117b8d11da475fd8d842a1341c675e627ab9 SOURCES/xmlsec1-1.2.25.tar.gz`
		`@ -1 +0,0 @@`
			`SHA512 (xmlsec1-1.2.25.tar.gz) = ac61547a1cbf9016d7f75be3dc5249d6bc8a526bc51715e53ede13f056c1c72c57433a6be200c886000a25826c3e473954ded3ae988f25d37ac4ef4d777c66a6`