Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xmlsec1 for openSUSE:Factory checked in at 2022-12-07 17:33:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xmlsec1 (Old) and /work/SRC/openSUSE:Factory/.xmlsec1.new.1835 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xmlsec1" Wed Dec 7 17:33:30 2022 rev:21 rq:1040153 version:1.2.37 Changes: -------- --- /work/SRC/openSUSE:Factory/xmlsec1/xmlsec1.changes 2022-11-06 12:41:40.557193189 +0100 +++ /work/SRC/openSUSE:Factory/.xmlsec1.new.1835/xmlsec1.changes 2022-12-07 17:33:49.220163070 +0100 @@ -1,0 +2,6 @@ +Sat Dec 3 17:03:47 UTC 2022 - Dirk Müller <dmuel...@suse.com> + +- update to 1.2.37: + Fixed two regressions from 1.2.36 release + +------------------------------------------------------------------- Old: ---- xmlsec1-1.2.36.tar.gz xmlsec1-1.2.36.tar.gz.sig New: ---- xmlsec1-1.2.37.tar.gz xmlsec1-1.2.37.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xmlsec1.spec ++++++ --- /var/tmp/diff_new_pack.f5HfbP/_old 2022-12-07 17:33:50.088167823 +0100 +++ /var/tmp/diff_new_pack.f5HfbP/_new 2022-12-07 17:33:50.092167845 +0100 @@ -23,7 +23,7 @@ %global libgnutls libxmlsec1-gnutls1 %global libnss libxmlsec1-nss1 Name: xmlsec1 -Version: 1.2.36 +Version: 1.2.37 Release: 0 Summary: Library providing support for "XML Signature" and "XML Encryption" standards License: MIT ++++++ xmlsec1-1.2.36.tar.gz -> xmlsec1-1.2.37.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/configure new/xmlsec1-1.2.37/configure --- old/xmlsec1-1.2.36/configure 2022-10-29 04:12:49.000000000 +0200 +++ new/xmlsec1-1.2.37/configure 2022-11-28 22:40:56.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for xmlsec1 1.2.36. +# Generated by GNU Autoconf 2.69 for xmlsec1 1.2.37. # # Report bugs to <http://www.aleksey.com/xmlsec>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='xmlsec1' PACKAGE_TARNAME='xmlsec1' -PACKAGE_VERSION='1.2.36' -PACKAGE_STRING='xmlsec1 1.2.36' +PACKAGE_VERSION='1.2.37' +PACKAGE_STRING='xmlsec1 1.2.37' PACKAGE_BUGREPORT='http://www.aleksey.com/xmlsec' PACKAGE_URL='' @@ -1588,7 +1588,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures xmlsec1 1.2.36 to adapt to many kinds of systems. +\`configure' configures xmlsec1 1.2.37 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1659,7 +1659,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of xmlsec1 1.2.36:";; + short | recursive ) echo "Configuration of xmlsec1 1.2.37:";; esac cat <<\_ACEOF @@ -1862,7 +1862,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -xmlsec1 configure 1.2.36 +xmlsec1 configure 1.2.37 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2414,7 +2414,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by xmlsec1 $as_me 1.2.36, which was +It was created by xmlsec1 $as_me 1.2.37, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2766,7 +2766,7 @@ XMLSEC_PACKAGE=xmlsec1 XMLSEC_VERSION_MAJOR=1 XMLSEC_VERSION_MINOR=2 -XMLSEC_VERSION_SUBMINOR=36 +XMLSEC_VERSION_SUBMINOR=37 XMLSEC_VERSION="$XMLSEC_VERSION_MAJOR.$XMLSEC_VERSION_MINOR.$XMLSEC_VERSION_SUBMINOR" XMLSEC_VERSION_INFO=`echo $XMLSEC_VERSION | awk -F. '{ printf "%d:%d:%d", $1+$2, $3, $2 }'` XMLSEC_VERSION_SAFE=`echo $XMLSEC_VERSION | sed 's/\./_/g'` @@ -3374,7 +3374,7 @@ # Define the identity of the package. PACKAGE='xmlsec1' - VERSION='1.2.36' + VERSION='1.2.37' cat >>confdefs.h <<_ACEOF @@ -18832,7 +18832,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by xmlsec1 $as_me 1.2.36, which was +This file was extended by xmlsec1 $as_me 1.2.37, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -18898,7 +18898,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -xmlsec1 config.status 1.2.36 +xmlsec1 config.status 1.2.37 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/configure.ac new/xmlsec1-1.2.37/configure.ac --- old/xmlsec1-1.2.36/configure.ac 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/configure.ac 2022-11-28 22:40:24.000000000 +0100 @@ -1,10 +1,10 @@ dnl Process this file with autoconf to produce a configure script. -AC_INIT([xmlsec1],[1.2.36],[http://www.aleksey.com/xmlsec]) +AC_INIT([xmlsec1],[1.2.37],[http://www.aleksey.com/xmlsec]) XMLSEC_PACKAGE=xmlsec1 XMLSEC_VERSION_MAJOR=1 XMLSEC_VERSION_MINOR=2 -XMLSEC_VERSION_SUBMINOR=36 +XMLSEC_VERSION_SUBMINOR=37 XMLSEC_VERSION="$XMLSEC_VERSION_MAJOR.$XMLSEC_VERSION_MINOR.$XMLSEC_VERSION_SUBMINOR" XMLSEC_VERSION_INFO=`echo $XMLSEC_VERSION | awk -F. '{ printf "%d:%d:%d", $1+$2, $3, $2 }'` XMLSEC_VERSION_SAFE=`echo $XMLSEC_VERSION | sed 's/\./_/g'` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/docs/api/xmlsec-version.html new/xmlsec1-1.2.37/docs/api/xmlsec-version.html --- old/xmlsec1-1.2.36/docs/api/xmlsec-version.html 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/docs/api/xmlsec-version.html 2022-11-28 22:40:24.000000000 +0100 @@ -78,7 +78,7 @@ <a name="xmlsec-version.other_details"></a><h2>Types and Values</h2> <div class="refsect2"> <a name="XMLSEC-VERSION:CAPS"></a><h3>XMLSEC_VERSION</h3> -<pre class="programlisting">#define XMLSEC_VERSION "1.2.36" +<pre class="programlisting">#define XMLSEC_VERSION "1.2.37" </pre> <p>The library version string in the format "$major_number.$minor_number.$sub_minor_number".</p> @@ -100,14 +100,14 @@ <hr> <div class="refsect2"> <a name="XMLSEC-VERSION-SUBMINOR:CAPS"></a><h3>XMLSEC_VERSION_SUBMINOR</h3> -<pre class="programlisting">#define XMLSEC_VERSION_SUBMINOR 36 +<pre class="programlisting">#define XMLSEC_VERSION_SUBMINOR 37 </pre> <p>The library sub-minor version number.</p> </div> <hr> <div class="refsect2"> <a name="XMLSEC-VERSION-INFO:CAPS"></a><h3>XMLSEC_VERSION_INFO</h3> -<pre class="programlisting">#define XMLSEC_VERSION_INFO "3:36:2" +<pre class="programlisting">#define XMLSEC_VERSION_INFO "3:37:2" </pre> <p>The library version info string in the format "$major_number+$minor_number:$sub_minor_number:$minor_number".</p> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/docs/download.html new/xmlsec1-1.2.37/docs/download.html --- old/xmlsec1-1.2.36/docs/download.html 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/docs/download.html 2022-11-28 22:40:24.000000000 +0100 @@ -48,10 +48,10 @@ <h1>Download</h1> </div> <h2>Stable releases.</h2> -<p>The latest stable XML Security Library version is <b>1.2.36</b>:</p> +<p>The latest stable XML Security Library version is <b>1.2.37</b>:</p> <ul> <li> -<a href="http://www.aleksey.com/xmlsec/download/xmlsec1-1.2.36.tar.gz";>Sources for latest version</a>.</li> +<a href="http://www.aleksey.com/xmlsec/download/xmlsec1-1.2.37.tar.gz";>Sources for latest version</a>.</li> <li> <a href="http://www.zlatkovic.com/projects/libxml/index.html";>Windows binaries</a> for XMLSec Library (as well as LibXML2, LibXSLT and OpenSSL) from <a href="mailto:i...@zlatkovic.com";>Igor Zlatkovic</a>.</li> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/docs/index.html new/xmlsec1-1.2.37/docs/index.html --- old/xmlsec1-1.2.36/docs/index.html 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/docs/index.html 2022-11-28 22:40:24.000000000 +0100 @@ -67,6 +67,14 @@ see the Copyright file in the distribution for details.<br><br></p> <p><b>News</b></p> <ul> +<li>November 30 2022<br> + The <a href="download.html">XML Security Library 1.2.37</a> release includes the following changes: + <ul> + <li>Fixed two regressions from 1.2.36 release: <a href="https://github.com/lsh123/xmlsec/issues/437";>issue #437</a> + and <a href="https://github.com/lsh123/xmlsec/issues/449";>issue #449</a>.</li> + </ul> +</li> +<br> <li>October 31 2022<br> The <a href="download.html">XML Security Library 1.2.36</a> release includes the following changes: <ul> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/docs/news.html new/xmlsec1-1.2.37/docs/news.html --- old/xmlsec1-1.2.36/docs/news.html 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/docs/news.html 2022-11-28 22:40:24.000000000 +0100 @@ -48,6 +48,14 @@ <h1>XML Security Library News</h1> </div> <ul> + <li>November 30 2022<br> + The <a href="download.html">XML Security Library 1.2.37</a> release includes the following changes: + <ul> + <li>Fixed two regressions from 1.2.36 release: <a href="https://github.com/lsh123/xmlsec/issues/437";>issue #437</a> + and <a href="https://github.com/lsh123/xmlsec/issues/449";>issue #449</a>.</li> + </ul> + </li> + <br> <li>October 31 2022<br> The <a href="download.html">XML Security Library 1.2.36</a> release includes the following changes: <ul> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/include/xmlsec/version.h new/xmlsec1-1.2.37/include/xmlsec/version.h --- old/xmlsec1-1.2.36/include/xmlsec/version.h 2022-10-29 04:13:40.000000000 +0200 +++ new/xmlsec1-1.2.37/include/xmlsec/version.h 2022-11-28 22:41:44.000000000 +0100 @@ -26,7 +26,7 @@ * The library version string in the format * "$major_number.$minor_number.$sub_minor_number". */ -#define XMLSEC_VERSION "1.2.36" +#define XMLSEC_VERSION "1.2.37" /** * XMLSEC_VERSION_MAJOR: @@ -47,7 +47,7 @@ * * The library sub-minor version number. */ -#define XMLSEC_VERSION_SUBMINOR 36 +#define XMLSEC_VERSION_SUBMINOR 37 /** * XMLSEC_VERSION_INFO: @@ -55,7 +55,7 @@ * The library version info string in the format * "$major_number+$minor_number:$sub_minor_number:$minor_number". */ -#define XMLSEC_VERSION_INFO "3:36:2" +#define XMLSEC_VERSION_INFO "3:37:2" #ifdef __cplusplus diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/man/xmlsec1-config.1 new/xmlsec1-1.2.37/man/xmlsec1-config.1 --- old/xmlsec1-1.2.36/man/xmlsec1-config.1 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/man/xmlsec1-config.1 2022-11-28 22:40:24.000000000 +0100 @@ -1,5 +1,5 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.49.1. -.TH XMLSEC1-CONFIG "1" "October 2022" "xmlsec1-config 1.2.36" "User Commands" +.TH XMLSEC1-CONFIG "1" "November 2022" "xmlsec1-config 1.2.37" "User Commands" .SH NAME xmlsec1-config \- detail installed version of xmlsec library .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/man/xmlsec1.1 new/xmlsec1-1.2.37/man/xmlsec1.1 --- old/xmlsec1-1.2.36/man/xmlsec1.1 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/man/xmlsec1.1 2022-11-28 22:40:24.000000000 +0100 @@ -1,5 +1,5 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.49.1. -.TH XMLSEC1 "1" "October 2022" "xmlsec1 1.2.36 (openssl)" "User Commands" +.TH XMLSEC1 "1" "November 2022" "xmlsec1 1.2.37 (openssl)" "User Commands" .SH NAME xmlsec1 \- sign, verify, encrypt and decrypt XML documents .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/scripts/build_docs.sh new/xmlsec1-1.2.37/scripts/build_docs.sh --- old/xmlsec1-1.2.36/scripts/build_docs.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/xmlsec1-1.2.37/scripts/build_docs.sh 2022-11-28 22:40:24.000000000 +0100 @@ -0,0 +1,18 @@ +#!/bin/sh + +# config +configure_options="" +configure_options="$configure_options --enable-static-linking --enable-crypto-dl=no" +configure_options="$configure_options --enable-manpages-build --enable-docs-build" +configure_options="$configure_options --enable-md5 --enable-ripemd160" +cur_pwd=`pwd` +today=`date +%F-%H-%M-%S` + +echo "============= Building xmlsec" +make distclean +./autogen.sh $configure_options +make + +echo "============== Cleanup" +cd "$cur_pwd" + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/scripts/build_release.sh new/xmlsec1-1.2.37/scripts/build_release.sh --- old/xmlsec1-1.2.36/scripts/build_release.sh 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/scripts/build_release.sh 2022-11-28 22:40:24.000000000 +0100 @@ -17,6 +17,7 @@ sig_file="xmlsec1-$version.sig" rc_tar_file="xmlsec1-$version-$rc.tar.gz" rc_sig_file="xmlsec1-$version-$rc.sig" +git_1_2_x_branch="xmlsec-1_2_x" git_release_branch=`echo "xmlsec-$version" | sed 's/\./_/g'` git_version_tag=`echo $version | sed 's/\./_/g'` @@ -36,6 +37,9 @@ if [ x"$rc" != x ]; then echo "============== Switching to release branch '$git_release_branch' for RC build '$rc'" git checkout $git_release_branch +else + echo "============== Switching to 1.2.x branch '$git_1_2_x_branch'" + git checkout $git_1_2_x_branch fi find . -name ".git" | xargs rm -r diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/scripts/check-return.pl new/xmlsec1-1.2.37/scripts/check-return.pl --- old/xmlsec1-1.2.36/scripts/check-return.pl 1970-01-01 01:00:00.000000000 +0100 +++ new/xmlsec1-1.2.37/scripts/check-return.pl 2022-11-28 22:40:23.000000000 +0100 @@ -0,0 +1,23 @@ +#!/bin/perl +# +# Usage: +# egrep -r -A8 -n 'xmlSec.*Error[0-9]?\(' ./src/ | sed 's/ //g' | perl ./scripts/check-return.pl +# + +my $has_return = 0; +my $where = ""; +foreach my $line ( <STDIN> ) { + chomp( $line ); + if($line eq "--" || $line eq '}' || $line eq 'continue' || $line eq 'break') { + if(not $has_return) { + print("FOUND MISSING RETURN: $where\n"); + } + $has_return = 0; + $where = ""; + } elsif($line =~ /.*Error.*/ && $where eq "") { + # print("Found error: $line\n"); + $where = $line + } elsif($line =~ /.*goto.*/ || $line =~ /.*return.*/ || $line =~ /.*ignoreerror.*/) { + $has_return = 1; + } +} \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/src/dl.c new/xmlsec1-1.2.37/src/dl.c --- old/xmlsec1-1.2.36/src/dl.c 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/src/dl.c 2022-11-28 22:40:24.000000000 +0100 @@ -223,6 +223,7 @@ ret = lt_dlclose(lib->handle); if(ret != 0) { xmlSecIOError("lt_dlclose", NULL, NULL); + /* ignore error */ } } #endif /* XMLSEC_DL_LIBLTDL */ @@ -234,6 +235,7 @@ res = FreeLibrary(lib->handle); if(!res) { xmlSecIOError("FreeLibrary", NULL, NULL); + /* ignore error */ } } #endif /* defined(XMLSEC_WINDOWS) && defined(XMLSEC_DL_WIN32)*/ @@ -395,6 +397,7 @@ ret = lt_dlexit (); if(ret != 0) { xmlSecIOError("lt_dlexit", NULL, NULL); + /* ignore error */ } #else /* XMLSEC_DL_LIBLTDL */ UNREFERENCED_PARAMETER(ret); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/src/gcrypt/signatures.c new/xmlsec1-1.2.37/src/gcrypt/signatures.c --- old/xmlsec1-1.2.36/src/gcrypt/signatures.c 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/src/gcrypt/signatures.c 2022-11-28 22:40:24.000000000 +0100 @@ -388,16 +388,16 @@ } /* check result */ - if(ret == 1) { - transform->status = xmlSecTransformStatusOk; - } else { + if(ret != 1) { xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, xmlSecTransformGetName(transform), - "ctx->verify: signature does not verify"); + "ctx->verify: signature verification failed"); transform->status = xmlSecTransformStatusFail; + return(0); } - /* done */ + /* success */ + transform->status = xmlSecTransformStatusOk; return(0); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/src/gnutls/x509vfy.c new/xmlsec1-1.2.37/src/gnutls/x509vfy.c --- old/xmlsec1-1.2.36/src/gnutls/x509vfy.c 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/src/gnutls/x509vfy.c 2022-11-28 22:40:23.000000000 +0100 @@ -406,12 +406,12 @@ } if(err != GNUTLS_E_SUCCESS) { xmlSecGnuTLSError("gnutls_x509_crt_list_verify", err, NULL); - /* don't stop, continue! */ + /* ignore error, don't stop, continue! */ continue; } else if(verify != 0) { xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, NULL, "gnutls_x509_crt_list_verify: verification failed: status=%u", verify); - /* don't stop, continue! */ + /* ignore error, don't stop, continue! */ continue; } @@ -420,7 +420,7 @@ ret = xmlSecGnuTLSX509CheckTime(cert_list, cert_list_cur_size, verification_time); if(ret != 1) { xmlSecInternalError("xmlSecGnuTLSX509CheckTime", NULL); - /* don't stop, continue! */ + /* ignore error, don't stop, continue! */ continue; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/src/keyinfo.c new/xmlsec1-1.2.37/src/keyinfo.c --- old/xmlsec1-1.2.36/src/keyinfo.c 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/src/keyinfo.c 2022-11-28 22:40:23.000000000 +0100 @@ -1053,9 +1053,10 @@ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_UNKNOWN_HREF) != 0) { xmlSecInvalidNodeAttributeError(node, xmlSecAttrType, xmlSecKeyDataKlassGetName(id), "retrieval type is unknown"); - } else { - res = 0; + goto done; } + + res = 0; goto done; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/src/mscng/certkeys.c new/xmlsec1-1.2.37/src/mscng/certkeys.c --- old/xmlsec1-1.2.36/src/mscng/certkeys.c 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/src/mscng/certkeys.c 2022-11-28 22:40:23.000000000 +0100 @@ -304,6 +304,7 @@ status = NCryptFreeObject(ctx->privkey); if(status != STATUS_SUCCESS) { xmlSecMSCngNtError("BCryptDestroyKey", NULL, status); + /* ignore error */ } } @@ -311,6 +312,7 @@ status = BCryptDestroyKey(ctx->pubkey); if(status != STATUS_SUCCESS) { xmlSecMSCngNtError("BCryptDestroyKey", NULL, status); + /* ignore error */ } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/src/mscng/x509.c new/xmlsec1-1.2.37/src/mscng/x509.c --- old/xmlsec1-1.2.36/src/mscng/x509.c 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/src/mscng/x509.c 2022-11-28 22:40:24.000000000 +0100 @@ -134,12 +134,14 @@ if(ctx->cert != NULL) { if(!CertFreeCertificateContext(ctx->cert)) { xmlSecMSCngLastError("CertFreeCertificateContext", NULL); + /* ignore error */ } } if(ctx->hMemStore != 0) { if(!CertCloseStore(ctx->hMemStore, 0)) { xmlSecMSCngLastError("CertCloseStore", NULL); + /* ignore error */ } } @@ -820,6 +822,7 @@ xmlSecAssert(output != NULL); xmlSecNotImplementedError(NULL); + /* ignore error */ } static void @@ -828,6 +831,7 @@ xmlSecAssert(output != NULL); xmlSecNotImplementedError(NULL); + /* ignore error */ } static xmlSecKeyDataKlass xmlSecMSCngKeyDataX509Klass = { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/src/mscng/x509vfy.c new/xmlsec1-1.2.37/src/mscng/x509vfy.c --- old/xmlsec1-1.2.36/src/mscng/x509vfy.c 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/src/mscng/x509vfy.c 2022-11-28 22:40:24.000000000 +0100 @@ -65,6 +65,7 @@ ret = CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_CHECK_FLAG); if(ret == FALSE) { xmlSecMSCngLastError("CertCloseStore", xmlSecKeyDataStoreGetName(store)); + /* ignore error */ } } @@ -72,6 +73,7 @@ ret = CertCloseStore(ctx->trustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); if(ret == FALSE) { xmlSecMSCngLastError("CertCloseStore", xmlSecKeyDataStoreGetName(store)); + /* ignore error */ } } @@ -79,6 +81,7 @@ ret = CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_CHECK_FLAG); if(ret == FALSE) { xmlSecMSCngLastError("CertCloseStore", xmlSecKeyDataStoreGetName(store)); + /* ignore error */ } } @@ -86,7 +89,8 @@ ret = CertCloseStore(ctx->untrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); if(ret == FALSE) { xmlSecMSCngLastError("CertCloseStore", xmlSecKeyDataStoreGetName(store)); - } + /* ignore error */ + } } memset(ctx, 0, sizeof(xmlSecMSCngX509StoreCtx)); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/src/mscrypto/signatures.c new/xmlsec1-1.2.37/src/mscrypto/signatures.c --- old/xmlsec1-1.2.36/src/mscrypto/signatures.c 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/src/mscrypto/signatures.c 2022-11-28 22:40:24.000000000 +0100 @@ -408,7 +408,7 @@ dwError = GetLastError(); if (NTE_BAD_SIGNATURE == HRESULT_FROM_WIN32(dwError)) { xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, xmlSecTransformGetName(transform), - "CryptVerifySignature: signature does not verify"); + "CryptVerifySignature: signature verification failed"); transform->status = xmlSecTransformStatusFail; goto done; } else { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/src/nss/signatures.c new/xmlsec1-1.2.37/src/nss/signatures.c --- old/xmlsec1-1.2.36/src/nss/signatures.c 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/src/nss/signatures.c 2022-11-28 22:40:24.000000000 +0100 @@ -459,7 +459,7 @@ if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) { xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, xmlSecTransformGetName(transform), - "VFY_EndWithSignature: signature does not verify"); + "VFY_EndWithSignature: signature verification failed"); transform->status = xmlSecTransformStatusFail; } else { xmlSecNssError("VFY_EndWithSignature", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/src/openssl/evp_signatures.c new/xmlsec1-1.2.37/src/openssl/evp_signatures.c --- old/xmlsec1-1.2.36/src/openssl/evp_signatures.c 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/src/openssl/evp_signatures.c 2022-11-28 22:40:24.000000000 +0100 @@ -452,7 +452,7 @@ } else if(ret != 1) { xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, xmlSecTransformGetName(transform), - "EVP_VerifyFinal: signature does not verify"); + "EVP_VerifyFinal: signature verification failed"); transform->status = xmlSecTransformStatusFail; return(0); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/src/openssl/kt_rsa.c new/xmlsec1-1.2.37/src/openssl/kt_rsa.c --- old/xmlsec1-1.2.36/src/openssl/kt_rsa.c 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/src/openssl/kt_rsa.c 2022-11-28 22:40:24.000000000 +0100 @@ -526,6 +526,7 @@ if(ret < 0) { xmlSecInternalError("xmlSecOpenSSLRsaPkcs1ProcessImpl", xmlSecTransformGetName(transform)); + return(-1); } ret = xmlSecBufferSetSize(out, outSize); @@ -811,6 +812,7 @@ ctx->pKeyCtx = EVP_PKEY_CTX_new_from_pkey(xmlSecOpenSSLGetLibCtx(), pKey, NULL); if (ctx->pKeyCtx == NULL) { xmlSecOpenSSLError("EVP_PKEY_CTX_new_from_pkey", NULL); + return (-1); } if (encrypt != 0) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/src/openssl/signatures.c new/xmlsec1-1.2.37/src/openssl/signatures.c --- old/xmlsec1-1.2.36/src/openssl/signatures.c 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/src/openssl/signatures.c 2022-11-28 22:40:24.000000000 +0100 @@ -501,7 +501,7 @@ } else { xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, xmlSecTransformGetName(transform), - "ctx->verifyCallback: signature does not verify"); + "ctx->verifyCallback: signature verification failed"); transform->status = xmlSecTransformStatusFail; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/src/openssl/x509vfy.c new/xmlsec1-1.2.37/src/openssl/x509vfy.c --- old/xmlsec1-1.2.36/src/openssl/x509vfy.c 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/src/openssl/x509vfy.c 2022-11-28 22:40:24.000000000 +0100 @@ -250,7 +250,6 @@ xmlSecAssert2(ctx != NULL, NULL); xmlSecAssert2(ctx->xst != NULL, NULL); - /* dup certs */ certs2 = sk_X509_dup(certs); if(certs2 == NULL) { xmlSecOpenSSLError("sk_X509_dup", @@ -391,6 +390,7 @@ xmlSecKeyDataStoreGetName(store), "X509_verify_cert: subject=%s; issuer=%s; err=%d; msg=%s", subject, issuer, err, xmlSecErrorsSafeString(err_msg)); + /* ignore error */ } } } @@ -410,27 +410,30 @@ xmlSecKeyDataStoreGetName(store), "subject=%s; issuer=%s; err=%d; msg=%s", subject, issuer, err, xmlSecErrorsSafeString(err_msg)); - break; + goto done; + case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: xmlSecOtherError5(XMLSEC_ERRORS_R_CERT_NOT_YET_VALID, xmlSecKeyDataStoreGetName(store), "subject=%s; issuer=%s; err=%d; msg=%s", subject, issuer, err, xmlSecErrorsSafeString(err_msg)); - break; + goto done; + case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: xmlSecOtherError5(XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, xmlSecKeyDataStoreGetName(store), "subject=%s; issuer=%s; err=%d; msg=%s", subject, issuer, err, xmlSecErrorsSafeString(err_msg)); - break; + goto done; + default: xmlSecOtherError5(XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, xmlSecKeyDataStoreGetName(store), "subject=%s; issuer=%s; err=%d; msg=%s", subject, issuer, err, xmlSecErrorsSafeString(err_msg)); - break; + goto done; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/src/xmldsig.c new/xmlsec1-1.2.37/src/xmldsig.c --- old/xmlsec1-1.2.36/src/xmldsig.c 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/src/xmldsig.c 2022-11-28 22:40:24.000000000 +0100 @@ -655,6 +655,7 @@ if(dsigCtx->preSignMemBufMethod == NULL) { xmlSecInternalError("xmlSecTransformCtxCreateAndAppend", xmlSecTransformKlassGetName(xmlSecTransformMemBufId)); + return(-1); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/src/xmlenc.c new/xmlsec1-1.2.37/src/xmlenc.c --- old/xmlsec1-1.2.36/src/xmlenc.c 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/src/xmlenc.c 2022-11-28 22:40:24.000000000 +0100 @@ -95,6 +95,17 @@ xmlFree(encCtx); } +static void +xmlSecEncCtxSetDefaults(xmlSecEncCtxPtr encCtx) { + xmlSecAssert(encCtx != NULL); + + encCtx->keyInfoReadCtx.mode = xmlSecKeyInfoModeRead; + + /* it's not wise to write private key :) */ + encCtx->keyInfoWriteCtx.mode = xmlSecKeyInfoModeWrite; + encCtx->keyInfoWriteCtx.keyReq.keyType = xmlSecKeyDataTypePublic; +} + /** * xmlSecEncCtxInitialize: * @encCtx: the pointer to <enc:EncryptedData/> processing context. @@ -120,16 +131,12 @@ xmlSecInternalError("xmlSecKeyInfoCtxInitialize", NULL); return(-1); } - encCtx->keyInfoReadCtx.mode = xmlSecKeyInfoModeRead; ret = xmlSecKeyInfoCtxInitialize(&(encCtx->keyInfoWriteCtx), keysMngr); if(ret < 0) { xmlSecInternalError("xmlSecKeyInfoCtxInitialize", NULL); return(-1); } - encCtx->keyInfoWriteCtx.mode = xmlSecKeyInfoModeWrite; - /* it's not wise to write private key :) */ - encCtx->keyInfoWriteCtx.keyReq.keyType = xmlSecKeyDataTypePublic; /* initializes transforms encCtx */ ret = xmlSecTransformCtxInitialize(&(encCtx->transformCtx)); @@ -138,6 +145,7 @@ return(-1); } + xmlSecEncCtxSetDefaults(encCtx); return(0); } @@ -222,6 +230,8 @@ encCtx->encDataNode = encCtx->encMethodNode = encCtx->keyInfoNode = encCtx->cipherValueNode = NULL; + + xmlSecEncCtxSetDefaults(encCtx); } /** diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/src/xmlsec.c new/xmlsec1-1.2.37/src/xmlsec.c --- old/xmlsec1-1.2.36/src/xmlsec.c 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/src/xmlsec.c 2022-11-28 22:40:24.000000000 +0100 @@ -130,7 +130,7 @@ */ int xmlSecShutdown(void) { - int res = 0; + int res = -1; xmlSecTransformIdsShutdown(); xmlSecKeyDataIdsShutdown(); @@ -138,10 +138,17 @@ #ifndef XMLSEC_NO_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLShutdown() < 0) { xmlSecInternalError("xmlSecCryptoDLShutdown", NULL); - res = -1; + goto done; } #endif /* XMLSEC_NO_CRYPTO_DYNAMIC_LOADING */ + /* success */ + res = 0; + +#ifndef XMLSEC_NO_CRYPTO_DYNAMIC_LOADING +done: +#endif /* XMLSEC_NO_CRYPTO_DYNAMIC_LOADING */ + xmlSecIOShutdown(); xmlSecErrorsShutdown(); return(res); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/src/xmltree.c new/xmlsec1-1.2.37/src/xmltree.c --- old/xmlsec1-1.2.36/src/xmltree.c 2022-10-29 04:12:11.000000000 +0200 +++ new/xmlsec1-1.2.37/src/xmltree.c 2022-11-28 22:40:24.000000000 +0100 @@ -768,6 +768,7 @@ xmlAddID(NULL, doc, name, attr); } else if(tmp != attr) { xmlSecInvalidStringDataError("id", name, "unique id (id already defined)", NULL); + /* ignore error */ } xmlFree(name); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/tests/aleksey-xmlenc-01/enc-two-enc-keys.data new/xmlsec1-1.2.37/tests/aleksey-xmlenc-01/enc-two-enc-keys.data --- old/xmlsec1-1.2.36/tests/aleksey-xmlenc-01/enc-two-enc-keys.data 1970-01-01 01:00:00.000000000 +0100 +++ new/xmlsec1-1.2.37/tests/aleksey-xmlenc-01/enc-two-enc-keys.data 2022-11-28 22:40:24.000000000 +0100 @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE test [ +<!ATTLIST Test Id ID #IMPLIED> +]> +<Test Id="Test"> +test +</Test> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/tests/aleksey-xmlenc-01/enc-two-enc-keys.tmpl new/xmlsec1-1.2.37/tests/aleksey-xmlenc-01/enc-two-enc-keys.tmpl --- old/xmlsec1-1.2.36/tests/aleksey-xmlenc-01/enc-two-enc-keys.tmpl 1970-01-01 01:00:00.000000000 +0100 +++ new/xmlsec1-1.2.37/tests/aleksey-xmlenc-01/enc-two-enc-keys.tmpl 2022-11-28 22:40:24.000000000 +0100 @@ -0,0 +1,32 @@ +<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Element";> +<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> +<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> +<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#";> +<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";> </EncryptionMethod> +<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> +<KeyName>key1</KeyName> +<X509Data> +<X509Certificate/> +</X509Data> +</KeyInfo> +<CipherData> +<CipherValue/> +</CipherData> +</EncryptedKey> +<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#";> +<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";> </EncryptionMethod> +<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> +<KeyName>key2</KeyName> +<X509Data> +<X509Certificate/> +</X509Data> +</KeyInfo> +<CipherData> +<CipherValue/> +</CipherData> +</EncryptedKey> +</KeyInfo> +<CipherData> +<CipherValue/> +</CipherData> +</EncryptedData> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/tests/aleksey-xmlenc-01/enc-two-enc-keys.xml new/xmlsec1-1.2.37/tests/aleksey-xmlenc-01/enc-two-enc-keys.xml --- old/xmlsec1-1.2.36/tests/aleksey-xmlenc-01/enc-two-enc-keys.xml 1970-01-01 01:00:00.000000000 +0100 +++ new/xmlsec1-1.2.37/tests/aleksey-xmlenc-01/enc-two-enc-keys.xml 2022-11-28 22:40:24.000000000 +0100 @@ -0,0 +1,82 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE test [ +<!ATTLIST Test Id ID #IMPLIED> +]> +<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Element";> +<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> +<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> +<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#";> +<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";> </EncryptionMethod> +<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> +<KeyName>key1</KeyName> +<X509Data> +<X509Certificate>MIID9zCCA2CgAwIBAgIJAK+ii7kzrdqsMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEQMA4G +A1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3 +DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMCAXDTE0MDUyMzE3NTA1OVoYDzIxMTQw +NDI5MTc1MDU5WjCBrjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx +PTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtz +ZXkuY29tL3htbHNlYykxEDAOBgNVBAsTB1Jvb3QgQ0ExFjAUBgNVBAMTDUFsZWtz +ZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtY4MCNj/qrOzVuex1BD/PuCYTDDOLLVj +tpKXQteQPqy0kgMwuQgRwdNnICIHQbnFKL40XoyACJVWKM7b0LkvWJNeyVzXPqEE +9ZPmNxWGUjVcr7powT7v8V7S2QflUnr8ZvR4XWwkZJ9EYKNhenijgJ5yYDrXCWdv +C+fnjBjv2LcCAwEAAaOCARcwggETMB0GA1UdDgQWBBQGtaSsp6p1ROoVnE/fBYNP +ah7+CzCB4wYDVR0jBIHbMIHYgBQGtaSsp6p1ROoVnE/fBYNPah7+C6GBtKSBsTCB +rjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhN +TCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNl +YykxEDAOBgNVBAsTB1Jvb3QgQ0ExFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf +BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIJAK+ii7kzrdqsMAwGA1Ud +EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEARpb86RP/ck55X+NunXeIX81i763b +j7Z1VJwFbA/QfupzxnqJ2IP/lxC8YxJ3Bp2IJMI7rC9r0poa41ZxI5rGHip97Dpg +sxPF9lkRUmKBBQjkICOq1w/4d2DRInBoqXttD+0WsqDfNDVK+7kSE07ytn3RzHCj +j0gv0PdxmuCsR/E= +</X509Certificate> +</X509Data> +</KeyInfo> +<CipherData> +<CipherValue>OWIZitDwtQp3dvJ2NP2bgQaaiW+Z0vwyh8ajaw7nuwlqQugrbugy9upogbKMpOrz +XFLfdzfQ5EfRBr2MaPvMkft2wBWfYOS437RNrKdd/MZxZjSPoFRAMBz4F6cVjDx5 +L3/I/3usuqoyYLNtjQTxcIt+sdtNMZnAyVxz/08vEGg=</CipherValue> +</CipherData> +</EncryptedKey> +<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#";> +<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";> </EncryptionMethod> +<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> +<KeyName>key2</KeyName> +<X509Data> +<X509Certificate>MIIDzzCCAzigAwIBAgIJAK+ii7kzrdqtMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEQMA4G +A1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3 +DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMCAXDTE0MDUyMzE3NTIzOFoYDzIxMTQw +NDI5MTc1MjM4WjCBnDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx +PTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtz +ZXkuY29tL3htbHNlYykxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG +9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC +QQCyuvKJ2CuUPD33ghPt4Q8MilesHxVbbpyKfmabrYVpDGVDmOKKp337qJUZZ95K +fwlXbR2j0zyKWJmvRxUx+PsTAgMBAAGjggFFMIIBQTAMBgNVHRMEBTADAQH/MCwG +CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV +HQ4EFgQU/uTsUyTwlZXHELXhRLVdOWVa434wgeMGA1UdIwSB2zCB2IAUBrWkrKeq +dUTqFZxP3wWDT2oe/guhgbSkgbEwga4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD +YWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFyeSAoaHR0cDov +L3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMRAwDgYDVQQLEwdSb290IENBMRYwFAYD +VQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3Nl +eS5jb22CCQCvoou5M63arDANBgkqhkiG9w0BAQUFAAOBgQBuTAW63AgWqqUDPGi8 +BiXbdKHhFP4J8qgkdv5WMa6SpSWVgNgOYXkK/BSg1aSmQtGv8/8UvBRPoJnO4y0N +jWUFf1ubOgUNmedYNLq7YbTp8yTGWeogCyM2xdWELMP8BMgQL0sP+MDAFMKO3itY +mEWnCEsP15HKSTms54RNj7oJ+A== +</X509Certificate> +</X509Data> +</KeyInfo> +<CipherData> +<CipherValue>fDxlxg+iGPUl78ourojHao8/BcxY+A2IQXVghY/OqeQUUD9eT55jrGxgw5UEADoq +ZD8I/KolksaZ1414NyOIIw==</CipherValue> +</CipherData> +</EncryptedKey> +</KeyInfo> +<CipherData> +<CipherValue>ORyr/Fi6TMsMMfEWeDy9iPGl43zoKJLbTTukFwOqtfBi0nSdsMkGkmpQAs3a1PsG</CipherValue> +</CipherData> +</EncryptedData> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/tests/keys/README.md new/xmlsec1-1.2.37/tests/keys/README.md --- old/xmlsec1-1.2.36/tests/keys/README.md 2022-10-29 04:12:12.000000000 +0200 +++ new/xmlsec1-1.2.37/tests/keys/README.md 2022-11-28 22:40:24.000000000 +0100 @@ -226,6 +226,14 @@ password is `secret123`): ``` +cat cakey.pem cacert.pem > allcakey.pem +openssl pkcs12 -export -in allcakey.pem -name CARsaKey -out cakey.p12 +rm allcakey.pem + +cat ca2key.pem ca2cert.pem cacert.pem > allca2key.pem +openssl pkcs12 -export -in allca2key.pem -name CA2RsaKey -out ca2key.p12 +rm allca2key.pem + cat dsakey.pem dsacert.pem ca2cert.pem cacert.pem > alldsa.pem openssl pkcs12 -export -in alldsa.pem -name TestDsaKey -out dsakey.p12 Binary files old/xmlsec1-1.2.36/tests/keys/ca2key.p12 and new/xmlsec1-1.2.37/tests/keys/ca2key.p12 differ Binary files old/xmlsec1-1.2.36/tests/keys/cakey.p12 and new/xmlsec1-1.2.37/tests/keys/cakey.p12 differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/tests/testEnc.sh new/xmlsec1-1.2.37/tests/testEnc.sh --- old/xmlsec1-1.2.36/tests/testEnc.sh 2022-10-29 04:12:12.000000000 +0200 +++ new/xmlsec1-1.2.37/tests/testEnc.sh 2022-11-28 22:40:24.000000000 +0100 @@ -29,6 +29,22 @@ # ########################################################################## +# same file is encrypted with two keys, test both +execEncTest $res_success \ + "" \ + "aleksey-xmlenc-01/enc-two-enc-keys" \ + "aes256-cbc rsa-1_5" \ + "$priv_key_option:key1 $topfolder/keys/cakey.$priv_key_format --pwd secret123" \ + "--session-key aes-256 --xml-data $topfolder/aleksey-xmlenc-01/enc-two-enc-keys.data --pubkey-cert-$cert_format:key1 $topfolder/keys/cacert.$cert_format --pubkey-cert-$cert_format:key2 $topfolder/keys/ca2cert.$cert_format" \ + "$priv_key_option:key1 $topfolder/keys/cakey.$priv_key_format --pwd secret123" + +execEncTest $res_success \ + "" \ + "aleksey-xmlenc-01/enc-two-enc-keys" \ + "aes256-cbc rsa-1_5" \ + "$priv_key_option:key2 $topfolder/keys/ca2key.$priv_key_format --pwd secret123" \ + "--session-key aes-256 --xml-data $topfolder/aleksey-xmlenc-01/enc-two-enc-keys.data --pubkey-cert-$cert_format:key1 $topfolder/keys/cacert.$cert_format --pubkey-cert-$cert_format:key2 $topfolder/keys/ca2cert.$cert_format" \ + "$priv_key_option:key2 $topfolder/keys/ca2key.$priv_key_format --pwd secret123" execEncTest $res_success \ "" \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/xmlsec1-config new/xmlsec1-1.2.37/xmlsec1-config --- old/xmlsec1-1.2.36/xmlsec1-config 2022-10-29 04:13:41.000000000 +0200 +++ new/xmlsec1-1.2.37/xmlsec1-config 2022-11-28 22:41:45.000000000 +0100 @@ -95,7 +95,7 @@ ;; --version) - echo 1.2.36 + echo 1.2.37 exit 0 ;; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/xmlsec1-gcrypt.pc new/xmlsec1-1.2.37/xmlsec1-gcrypt.pc --- old/xmlsec1-1.2.36/xmlsec1-gcrypt.pc 2022-10-29 04:13:40.000000000 +0200 +++ new/xmlsec1-1.2.37/xmlsec1-gcrypt.pc 2022-11-28 22:41:44.000000000 +0100 @@ -4,7 +4,7 @@ includedir=${prefix}/include Name: xmlsec1-gcrypt -Version: 1.2.36 +Version: 1.2.37 Description: XML Security Library implements XML Signature and XML Encryption standards Requires: libxml-2.0 >= 2.8.0 libxslt >= 1.0.20 Cflags: -D__XMLSEC_FUNCTION__=__func__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1 -I${prefix}/include/xmlsec1 -I/home/aleksey/local/include -DXMLSEC_CRYPTO_GCRYPT=1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/xmlsec1-gnutls.pc new/xmlsec1-1.2.37/xmlsec1-gnutls.pc --- old/xmlsec1-1.2.36/xmlsec1-gnutls.pc 2022-10-29 04:13:40.000000000 +0200 +++ new/xmlsec1-1.2.37/xmlsec1-gnutls.pc 2022-11-28 22:41:44.000000000 +0100 @@ -4,7 +4,7 @@ includedir=${prefix}/include Name: xmlsec1-gnutls -Version: 1.2.36 +Version: 1.2.37 Description: XML Security Library implements XML Signature and XML Encryption standards Requires: libxml-2.0 >= 2.8.0 libxslt >= 1.0.20 Cflags: -D__XMLSEC_FUNCTION__=__func__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1 -I${prefix}/include/xmlsec1 -I/usr/include/p11-kit-1 -DXMLSEC_CRYPTO_GNUTLS=1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/xmlsec1-openssl.pc new/xmlsec1-1.2.37/xmlsec1-openssl.pc --- old/xmlsec1-1.2.36/xmlsec1-openssl.pc 2022-10-29 04:13:40.000000000 +0200 +++ new/xmlsec1-1.2.37/xmlsec1-openssl.pc 2022-11-28 22:41:44.000000000 +0100 @@ -4,7 +4,7 @@ includedir=${prefix}/include Name: xmlsec1-openssl -Version: 1.2.36 +Version: 1.2.37 Description: XML Security Library implements XML Signature and XML Encryption standards Requires: libxml-2.0 >= 2.8.0 libxslt >= 1.0.20 Cflags: -D__XMLSEC_FUNCTION__=__func__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1 -I${prefix}/include/xmlsec1 -DXMLSEC_CRYPTO_OPENSSL=1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/xmlsec1.pc new/xmlsec1-1.2.37/xmlsec1.pc --- old/xmlsec1-1.2.36/xmlsec1.pc 2022-10-29 04:13:40.000000000 +0200 +++ new/xmlsec1-1.2.37/xmlsec1.pc 2022-11-28 22:41:44.000000000 +0100 @@ -4,7 +4,7 @@ includedir=${prefix}/include Name: xmlsec1 -Version: 1.2.36 +Version: 1.2.37 Description: XML Security Library implements XML Signature and XML Encryption standards Requires: libxml-2.0 >= 2.8.0 libxslt >= 1.0.20 Cflags: -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 -D__XMLSEC_FUNCTION__=__func__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1 -I${prefix}/include/xmlsec1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/xmlsec1.spec new/xmlsec1-1.2.37/xmlsec1.spec --- old/xmlsec1-1.2.36/xmlsec1.spec 2022-10-29 04:13:41.000000000 +0200 +++ new/xmlsec1-1.2.37/xmlsec1.spec 2022-11-28 22:41:44.000000000 +0100 @@ -1,6 +1,6 @@ Summary: Library providing support for "XML Signature" and "XML Encryption" standards Name: xmlsec1 -Version: 1.2.36 +Version: 1.2.37 Release: 1 License: MIT Group: Development/Libraries diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlsec1-1.2.36/xmlsec1Conf.sh new/xmlsec1-1.2.37/xmlsec1Conf.sh --- old/xmlsec1-1.2.36/xmlsec1Conf.sh 2022-10-29 04:13:41.000000000 +0200 +++ new/xmlsec1-1.2.37/xmlsec1Conf.sh 2022-11-28 22:41:44.000000000 +0100 @@ -9,5 +9,5 @@ XMLSEC_LIBDIR="${exec_prefix}/lib" XMLSEC_INCLUDEDIR=" -D__XMLSEC_FUNCTION__=__func__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1 -I${prefix}/include/xmlsec1 -I/usr/include/libxml2 -I/usr/include/libxml2 -DXMLSEC_CRYPTO_OPENSSL=1" XMLSEC_LIBS="-L${exec_prefix}/lib -lxmlsec1-openssl -lxmlsec1 -lltdl -lxml2 -lxslt -lxml2 -lssl -lcrypto" -MODULE_VERSION="xmlsec-1.2.36-openssl" +MODULE_VERSION="xmlsec-1.2.37-openssl"
