download.lst | 4 ++--
external/xmlsec/old-nss.patch.1 | 20 ++++++++++++++++++--
xmlsecurity/Library_xsec_xmlsec.mk | 1 +
3 files changed, 21 insertions(+), 4 deletions(-)
New commits:
commit 8ce222753a43d46e94d351069ce19cc3e2db333c
Author: Miklos Vajna <vmik...@collabora.com>
AuthorDate: Fri Jan 12 08:30:53 2024 +0100
Commit: Miklos Vajna <vmik...@collabora.com>
CommitDate: Mon Jan 15 08:09:21 2024 +0100
Update libxmlsec to 1.3.3
Extend external/xmlsec/old-nss.patch.1, our bundled NSS in debug builds
has some assert failure in relatively new xmlsec code, just disable it
for now till it's clarified with upstream how to sort that out properly.
E.g. CppunitTest_filter_svg fails like this:
#1 0x00007ffff77503e5 in abort () at /lib64/libc.so.6
#2 0x00007ffff679ca90 in PR_Assert (s=0x7ffff44fbfe5 "oidmechhash
!= NULL", file=0x7ffff44fbfb6 "secoid.c", ln=2140) at
../../../../pr/src/io/prlog.c:571
#3 0x00007ffff44eaae0 in SECOID_FindOIDByMechanism (mechanism=307)
at secoid.c:2140
#4 0x00007ffff6660c65 in PK11_MechanismToAlgtag (type=307) at
pk11mech.c:1745
#5 0x00007fffe874e4ea in xmlSecNssCryptoCheckMechanism (type=307)
at crypto.c:68
#6 0x00007fffe874ec44 in xmlSecNssUpdateAvailableCryptoTransforms
(functions=0x7fffe87ffbc0 <functions>) at crypto.c:401
#7 0x00007fffe874f13d in xmlSecNssInit () at crypto.c:552
#8 0x00007fffe86b2c36 in initXmlSec() () at
/home/vmiklos/git/libreoffice/core/xmlsecurity/source/xmlsec/xmlsec_init.cxx:42
#9 0x00007fffdf3c54f2 in DocumentSignatureManager::init()
(this=0x7fffffff3970) at
/home/vmiklos/git/libreoffice/core/xmlsecurity/source/helper/documentsignaturemanager.cxx:79
#10 0x00007fffdf43e3da in (anonymous
namespace)::DocumentDigitalSignatures::ImplVerifySignatures(com::sun::star::uno::Reference<com::sun::star::embed::XStorage>
const&, com::sun::star::uno::Reference<com::sun::star::io::XInputStream>
const&, DocumentSignatureMode)
(this=0x1c07ac0, rxStorage=uno::Reference to (OStorage *)
0x1944e18, xSignStream=empty uno::Reference,
eMode=DocumentSignatureMode::Macros)
at
/home/vmiklos/git/libreoffice/core/xmlsecurity/source/component/documentdigitalsignatures.cxx:486
#11 0x00007fffdf43da17 in (anonymous
namespace)::DocumentDigitalSignatures::verifyScriptingContentSignatures(com::sun::star::uno::Reference<com::sun::star::embed::XStorage>
const&, com::sun::star::uno::Reference<com::sun::star::io::XInputStream>
const&) (this=0x1c07ac0, rxStorage=uno::Reference to (OStorage *) 0x1944e18,
xSignInStream=empty uno::Reference)
at
/home/vmiklos/git/libreoffice/core/xmlsecurity/source/component/documentdigitalsignatures.cxx:373
#12 0x00007fffe6fa06df in
SfxObjectShell::GetDocumentSignatureInformation(bool,
com::sun::star::uno::Reference<com::sun::star::security::XDocumentDigitalSignatures>
const&)
(this=0x188c280, bScriptingContent=true, xSigner=empty
uno::Reference) at
/home/vmiklos/git/libreoffice/core/sfx2/source/doc/objserv.cxx:1847
Change-Id: I36dee0d2b128a6931875572aa4acc9df940ab623
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161951
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmik...@collabora.com>
diff --git a/download.lst b/download.lst
index 8921f425cc67..0b20f2be83d0 100644
--- a/download.lst
+++ b/download.lst
@@ -419,8 +419,8 @@ LIBWEBP_TARBALL := libwebp-1.3.2.tar.gz
# three static lines
# so that git cherry-pick
# will not run into conflicts
-XMLSEC_SHA256SUM :=
4003c56b3d356d21b1db7775318540fad6bfedaf5f117e8f7c010811219be3cf
-XMLSEC_TARBALL := xmlsec1-1.3.2.tar.gz
+XMLSEC_SHA256SUM :=
ab5b9a9ffd6960f46f7466d9d91f174ec37e8c31989237ba6b9eacdd816464f2
+XMLSEC_TARBALL := xmlsec1-1.3.3.tar.gz
# three static lines
# so that git cherry-pick
# will not run into conflicts
diff --git a/external/xmlsec/old-nss.patch.1 b/external/xmlsec/old-nss.patch.1
index b46453586351..19ac8ffe6c5a 100644
--- a/external/xmlsec/old-nss.patch.1
+++ b/external/xmlsec/old-nss.patch.1
@@ -39,18 +39,19 @@ diff --git a/src/nss/crypto.c b/src/nss/crypto.c
index 429d209f..e0296bda 100644
--- a/src/nss/crypto.c
+++ b/src/nss/crypto.c
-@@ -131,9 +131,11 @@ xmlSecCryptoGetFunctions_nss(void) {
+@@ -162,10 +162,12 @@ xmlSecCryptoGetFunctions_nss(void) {
gXmlSecNssFunctions->transformAes192CbcGetKlass =
xmlSecNssTransformAes192CbcGetKlass;
gXmlSecNssFunctions->transformAes256CbcGetKlass =
xmlSecNssTransformAes256CbcGetKlass;
+#if 0
+ /* gcm */
gXmlSecNssFunctions->transformAes128GcmGetKlass =
xmlSecNssTransformAes128GcmGetKlass;
gXmlSecNssFunctions->transformAes192GcmGetKlass =
xmlSecNssTransformAes192GcmGetKlass;
gXmlSecNssFunctions->transformAes256GcmGetKlass =
xmlSecNssTransformAes256GcmGetKlass;
+#endif
+ /* kw: uses AES ECB */
gXmlSecNssFunctions->transformKWAes128GetKlass =
xmlSecNssTransformKWAes128GetKlass;
- gXmlSecNssFunctions->transformKWAes192GetKlass =
xmlSecNssTransformKWAes192GetKlass;
diff --git a/include/xmlsec/nss/crypto.h b/include/xmlsec/nss/crypto.h
index bb64c5f2..4c3dc4d3 100644
--- a/include/xmlsec/nss/crypto.h
@@ -64,3 +65,18 @@ index bb64c5f2..4c3dc4d3 100644
#define XMLSEC_NO_RSA_OAEP 1
#else /* (NSS_VMAJOR < 3) || ((NSS_VMAJOR == 3) && (NSS_VMINOR < 59)) */
#define XMLSEC_NO_MD5 1
+diff --git a/src/nss/crypto.c b/src/nss/crypto.c
+index 6455ec72..a6c46350 100644
+--- a/src/nss/crypto.c
++++ b/src/nss/crypto.c
+@@ -546,8 +546,10 @@ xmlSecNssInit (void) {
+ /* set default errors callback for xmlsec to us */
+ xmlSecErrorsSetCallback(xmlSecNssErrorsDefaultCallback);
+
++#if 0
+ /* update the avaialble algos based on NSS configs */
+ xmlSecNssUpdateAvailableCryptoTransforms(xmlSecCryptoGetFunctions_nss());
++#endif
+
+ /* register our klasses */
+
if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_nss())
< 0) {
diff --git a/xmlsecurity/Library_xsec_xmlsec.mk
b/xmlsecurity/Library_xsec_xmlsec.mk
index 615c3eba0032..4a616cf18deb 100644
--- a/xmlsecurity/Library_xsec_xmlsec.mk
+++ b/xmlsecurity/Library_xsec_xmlsec.mk
@@ -167,6 +167,7 @@ $(eval $(call gb_Library_use_externals,xsec_xmlsec,\
# nss3 after static libs to appease --as-needed linkers
$(eval $(call gb_Library_use_externals,xsec_xmlsec,\
nss3 \
+ nssutil3 \
))
else # ! $(ENABLE_NSS)
