diff options
| -rw-r--r-- | download.lst | 4 | ||||
| -rw-r--r-- | external/xmlsec/UnpackedTarball_xmlsec.mk | 6 | ||||
| -rw-r--r-- | external/xmlsec/mscng-fixes.patch.1 | 70 | ||||
| -rw-r--r-- | external/xmlsec/xmlsec1-macos.patch.1 | 41 | ||||
| -rw-r--r-- | external/xmlsec/xmlsec1-vc.patch.1 | 73 |
5 files changed, 2 insertions, 192 deletions
diff --git a/download.lst b/download.lst index 46afd8e9cd89..ac10b6cb3e00 100644 --- a/download.lst +++ b/download.lst @@ -154,8 +154,8 @@ export LIBNUMBERTEXT_SHA256SUM := e1c9086b4cecb6b25f180316f30740dfabe6a4dbaf70dd export LIBNUMBERTEXT_TARBALL := libnumbertext-1.0.5.tar.xz export LIBTOMMATH_SHA256SUM := 083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304f7281f8f7347483 export LIBTOMMATH_TARBALL := ltm-1.0.zip -export XMLSEC_SHA256SUM := 8d8276c9c720ca42a3b0023df8b7ae41a2d6c5f9aa8d20ed1672d84cc8982d50 -export XMLSEC_TARBALL := xmlsec1-1.2.26.tar.gz +export XMLSEC_SHA256SUM := 97d756bad8e92588e6997d2227797eaa900d05e34a426829b149f65d87118eb6 +export XMLSEC_TARBALL := xmlsec1-1.2.27.tar.gz export LIBXML_SHA256SUM := 0b74e51595654f958148759cfef0993114ddccccbb6f31aee018f3558e8e2732 export LIBXML_VERSION_MICRO := 8 export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.gz diff --git a/external/xmlsec/UnpackedTarball_xmlsec.mk b/external/xmlsec/UnpackedTarball_xmlsec.mk index 53af3b1f1e8c..12d32a05bb1a 100644 --- a/external/xmlsec/UnpackedTarball_xmlsec.mk +++ b/external/xmlsec/UnpackedTarball_xmlsec.mk @@ -9,12 +9,6 @@ xmlsec_patches := xmlsec_patches += xmlsec1-configure.patch.1 -# Backport of <https://github.com/lsh123/xmlsec/pull/223>. -xmlsec_patches += xmlsec1-vc.patch.1 -# Backport of <https://github.com/lsh123/xmlsec/pull/192>. -xmlsec_patches += mscng-fixes.patch.1 -# Backport of <https://github.com/lsh123/xmlsec/pull/197>. -xmlsec_patches += xmlsec1-macos.patch.1 $(eval $(call gb_UnpackedTarball_UnpackedTarball,xmlsec)) diff --git a/external/xmlsec/mscng-fixes.patch.1 b/external/xmlsec/mscng-fixes.patch.1 deleted file mode 100644 index c93a0812210c..000000000000 --- a/external/xmlsec/mscng-fixes.patch.1 +++ /dev/null @@ -1,70 +0,0 @@ -From c97803e20287c189e37b5a737e84ed02b510949f Mon Sep 17 00:00:00 2001 -Subject: [PATCH] mscng: fix use-after-free, implement adoption of private key - as part of key extraction (#192) - ---- - src/mscng/signatures.c | 18 +++++++++++++----- - src/mscng/x509.c | 8 ++++++-- - src/xmltree.c | 2 +- - 3 files changed, 20 insertions(+), 8 deletions(-) - -diff --git a/src/mscng/signatures.c b/src/mscng/signatures.c -index 365c484a..a7e0fbb7 100644 ---- a/src/mscng/signatures.c -+++ b/src/mscng/signatures.c -@@ -258,20 +258,28 @@ static void xmlSecMSCngSignatureFinalize(xmlSecTransformPtr transform) { - xmlSecKeyDataDestroy(ctx->data); - } - -- if(ctx->pbHash != NULL) { -- xmlFree(ctx->pbHash); -- } -+ // MSDN documents at -+ // https://msdn.microsoft.com/en-us/library/windows/desktop/aa376217(v=vs.85).aspx -+ // that the order of cleanup should be: -+ // - algo handle -+ // - hash handle -+ // - hash object pointer -+ // - hash pointer - - if(ctx->hHashAlg != 0) { - BCryptCloseAlgorithmProvider(ctx->hHashAlg, 0); - } - -+ if(ctx->hHash != 0) { -+ BCryptDestroyHash(ctx->hHash); -+ } -+ - if(ctx->pbHashObject != NULL) { - xmlFree(ctx->pbHashObject); - } - -- if(ctx->hHash != 0) { -- BCryptDestroyHash(ctx->hHash); -+ if(ctx->pbHash != NULL) { -+ xmlFree(ctx->pbHash); - } - - memset(ctx, 0, sizeof(xmlSecMSCngSignatureCtx)); -diff --git a/src/mscng/x509.c b/src/mscng/x509.c -index 492193af..3ab62c5c 100644 ---- a/src/mscng/x509.c -+++ b/src/mscng/x509.c -@@ -785,8 +785,12 @@ xmlSecMSCngKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, - } - - if((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) { -- xmlSecNotImplementedError(NULL); -- return(-1); -+ keyValue = xmlSecMSCngCertAdopt(certCopy, xmlSecKeyDataTypePrivate); -+ if(keyValue == NULL) { -+ xmlSecInternalError("xmlSecMSCngCertAdopt", -+ xmlSecKeyDataGetName(data)); -+ return(-1); -+ } - } else if((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic) != 0) { - keyValue = xmlSecMSCngCertAdopt(certCopy, xmlSecKeyDataTypePublic); - if(keyValue == NULL) { --- -2.16.4 - diff --git a/external/xmlsec/xmlsec1-macos.patch.1 b/external/xmlsec/xmlsec1-macos.patch.1 deleted file mode 100644 index 1740fef65f5f..000000000000 --- a/external/xmlsec/xmlsec1-macos.patch.1 +++ /dev/null @@ -1,41 +0,0 @@ -From 9626654fa60825b5dc09a35bdfba6cb53d45e618 Mon Sep 17 00:00:00 2001 -From: Miklos Vajna <vmiklos@vmiklos.hu> -Date: Mon, 25 Jun 2018 19:49:54 +0200 -Subject: [PATCH] configure: macOS improvement (#197) - -* configure: fix shared library suffix on macOS - -See <https://lists.gnu.org/archive/html/libtool/2010-04/msg00020.html>, -shrext_cmds is a command to be evaluated. Linux uses .so for both -loadable and shared libraries (in terms of libtool), so the problem is -not visible there, but on macOS this caused configure to literally look -for - -libnspr4`test .$module = .yes && echo .so || echo .dylib` - -for the nss backend, while nss provides libnspr4.dylib. ---- - configure.ac | 5 ++++- - src/xmldsig.c | 10 +++++----- - src/xmlenc.c | 4 ++-- - 3 files changed, 11 insertions(+), 8 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 2eb3f444..2adc625d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -175,7 +175,10 @@ dnl ========================================================================== - dnl Hack for autoconf version mismatch - dnl ========================================================================== - if test "z$shrext" = "z" ; then -- shrext=$shrext_cmds -+ AC_MSG_CHECKING(for shared library suffix) -+ module=no -+ eval shrext=$shrext_cmds -+ AC_MSG_RESULT($shrext) - fi - - dnl ========================================================================== --- -2.16.4 - diff --git a/external/xmlsec/xmlsec1-vc.patch.1 b/external/xmlsec/xmlsec1-vc.patch.1 deleted file mode 100644 index 5c8bcd6db19a..000000000000 --- a/external/xmlsec/xmlsec1-vc.patch.1 +++ /dev/null @@ -1,73 +0,0 @@ -From a2077431caf7950b1174cbc03e36bfb2916a9dc1 Mon Sep 17 00:00:00 2001 -From: Miklos Vajna <vmiklos@collabora.co.uk> -Date: Sat, 22 Sep 2018 16:03:18 +0200 -Subject: [PATCH] win32: allow custom compiler flags (#223) - -Use-case is e.g. wanting to build the code with -arch:SSE. And this improves -consistency, autotools allows custom compiler flags as well. ---- - win32/Makefile.msvc | 2 +- - win32/configure.js | 6 ++++++ - 2 files changed, 7 insertions(+), 1 deletion(-) - -diff --git a/win32/Makefile.msvc b/win32/Makefile.msvc -index 7eb02efc..9c9673bf 100644 ---- a/win32/Makefile.msvc -+++ b/win32/Makefile.msvc -@@ -347,7 +347,7 @@ - # - # The compiler and its options. - # --CFLAGS = /nologo /D "WIN32" /D "_WINDOWS" /D inline=__inline -+CFLAGS = $(CFLAGS) /nologo /D "WIN32" /D "_WINDOWS" /D inline=__inline - # C4130: '!=': logical operation on address of string constant: - # this generates a false warning inside macros - CFLAGS = $(CFLAGS) /D "_MBCS" /D "_REENTRANT" /W4 /wd4130 -diff --git a/win32/configure.js b/win32/configure.js -index 9773617c..854a46af 100644 ---- a/win32/configure.js -+++ b/win32/configure.js -@@ -57,6 +57,7 @@ var buildUnicode = 1; - var buildDebug = 0; - var buildWerror = 0; - var buildCc = "cl.exe"; -+var buildCflags = ""; - var buildStatic = 1; - var buildWithDLSupport = 1; - var buildPrefix = "."; -@@ -116,6 +117,7 @@ function usage() - txt += " debug: Build unoptimised debug executables (" + (buildDebug? "yes" : "no") + ")\n"; - txt += " werror: Build with warnings as errors(" + (buildWerror? "yes" : "no") + ")\n"; - txt += " cc: Build with the specified compiler(" + buildCc + ")\n"; -+ txt += " cflags: Build with the specified compiler flags('" + buildCflags + "')\n"; - txt += " static: Link libxmlsec statically to xmlsec (" + (buildStatic? "yes" : "no") + ")\n"; - txt += " with-dl: Enable dynamic loading of xmlsec-crypto libraries (" + (buildWithDLSupport? "yes" : "no") + ")\n"; - txt += " prefix: Base directory for the installation (" + buildPrefix + ")\n"; -@@ -181,6 +183,7 @@ function discoverVersion() - vf.WriteLine("DEBUG=" + (buildDebug? "1" : "0")); - vf.WriteLine("WERROR=" + (buildWerror? "1" : "0")); - vf.WriteLine("CC=" + buildCc); -+ vf.WriteLine("CFLAGS=" + buildCflags); - vf.WriteLine("STATIC=" + (buildStatic? "1" : "0")); - vf.WriteLine("WITH_DL=" + (buildWithDLSupport ? "1" : "0")); - vf.WriteLine("PREFIX=" + buildPrefix); -@@ -317,6 +320,8 @@ for (i = 0; (i < WScript.Arguments.length) && (error == 0); i++) { - buildWerror = strToBool(arg.substring(opt.length + 1, arg.length)); - else if (opt == "cc") - buildCc = arg.substring(opt.length + 1, arg.length); -+ else if (opt == "cflags") -+ buildCflags = arg.substring(opt.length + 1, arg.length); - else if (opt == "static") - buildStatic = strToBool(arg.substring(opt.length + 1, arg.length)); - else if (opt == "with-dl") -@@ -444,6 +449,7 @@ txtOut += " Unicode: " + boolToStr(buildUnicode) + "\n"; - txtOut += " Debug symbols: " + boolToStr(buildDebug) + "\n"; - txtOut += "Warnings as errors: " + boolToStr(buildWerror) + "\n"; - txtOut += " C compiler: " + buildCc + "\n"; -+txtOut += " C compiler flags: " + buildCflags + "\n"; - txtOut += " Static xmlsec: " + boolToStr(buildStatic) + "\n"; - txtOut += " Enable DL support: " + boolToStr(buildWithDLSupport) + "\n"; - txtOut += " Install prefix: " + buildPrefix + "\n"; --- -2.16.3 - |