| Age | Commit message (Collapse) | Author |
|---|
|
xsec_xmlsec.dll is linked to libxmlsec-mscng.dll, which is
linked to Win32 bcrypt.dll, which doesn't have BCryptKeyDerivation on
Windows 7.
Use GetProcAddress() to retrieve BCryptKeyDerivation at runtime; the
function is not used by LibreOffice.
(regression from commit 26bf26272bf525b59b4a4ce18b3ce14c1febfd7b
and (due to revert) commit bfd479abf0d1d8ce36c3b0dcc6c824216f88a95b)
Change-Id: I0c0c94ee0cdfd48ae7506d9dfb51fcaf8289d460
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163709
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
The problem in the new code was that previously xmlSecNssInit() didn't
require an already initialized NSS, but 1.3.3 did.
Backport upstream fix that restores the old behavior that NSS init is
not needed, which allows no longer reverting the
xmlSecNssUpdateAvailableCryptoTransforms() call that upstream added
recently.
Change-Id: Ie33ccbff0149e3c406d5574e889d90da4fdbbfb5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162292
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Jenkins
|
|
Extend external/xmlsec/old-nss.patch.1, our bundled NSS in debug builds
has some assert failure in relatively new xmlsec code, just disable it
for now till it's clarified with upstream how to sort that out properly.
E.g. CppunitTest_filter_svg fails like this:
#1 0x00007ffff77503e5 in abort () at /lib64/libc.so.6
#2 0x00007ffff679ca90 in PR_Assert (s=0x7ffff44fbfe5 "oidmechhash != NULL", file=0x7ffff44fbfb6 "secoid.c", ln=2140) at ../../../../pr/src/io/prlog.c:571
#3 0x00007ffff44eaae0 in SECOID_FindOIDByMechanism (mechanism=307) at secoid.c:2140
#4 0x00007ffff6660c65 in PK11_MechanismToAlgtag (type=307) at pk11mech.c:1745
#5 0x00007fffe874e4ea in xmlSecNssCryptoCheckMechanism (type=307) at crypto.c:68
#6 0x00007fffe874ec44 in xmlSecNssUpdateAvailableCryptoTransforms (functions=0x7fffe87ffbc0 <functions>) at crypto.c:401
#7 0x00007fffe874f13d in xmlSecNssInit () at crypto.c:552
#8 0x00007fffe86b2c36 in initXmlSec() () at /home/vmiklos/git/libreoffice/core/xmlsecurity/source/xmlsec/xmlsec_init.cxx:42
#9 0x00007fffdf3c54f2 in DocumentSignatureManager::init() (this=0x7fffffff3970) at /home/vmiklos/git/libreoffice/core/xmlsecurity/source/helper/documentsignaturemanager.cxx:79
#10 0x00007fffdf43e3da in (anonymous namespace)::DocumentDigitalSignatures::ImplVerifySignatures(com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&, com::sun::star::uno::Reference<com::sun::star::io::XInputStream> const&, DocumentSignatureMode)
(this=0x1c07ac0, rxStorage=uno::Reference to (OStorage *) 0x1944e18, xSignStream=empty uno::Reference, eMode=DocumentSignatureMode::Macros)
at /home/vmiklos/git/libreoffice/core/xmlsecurity/source/component/documentdigitalsignatures.cxx:486
#11 0x00007fffdf43da17 in (anonymous namespace)::DocumentDigitalSignatures::verifyScriptingContentSignatures(com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&, com::sun::star::uno::Reference<com::sun::star::io::XInputStream> const&) (this=0x1c07ac0, rxStorage=uno::Reference to (OStorage *) 0x1944e18, xSignInStream=empty uno::Reference)
at /home/vmiklos/git/libreoffice/core/xmlsecurity/source/component/documentdigitalsignatures.cxx:373
#12 0x00007fffe6fa06df in SfxObjectShell::GetDocumentSignatureInformation(bool, com::sun::star::uno::Reference<com::sun::star::security::XDocumentDigitalSignatures> const&)
(this=0x188c280, bScriptingContent=true, xSigner=empty uno::Reference) at /home/vmiklos/git/libreoffice/core/sfx2/source/doc/objserv.cxx:1847
Change-Id: I36dee0d2b128a6931875572aa4acc9df940ab623
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161951
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
...after
<https://github.com/llvm/llvm-project/commit/279a4d0d67c874e80c171666822f2fabdd6fa926>
"-fsanitize=function: support C".
This includes reverts of 16af9e81863a80116f808ee3cfa4a1bab7c67ac5 "update clang
asan suppressions" and 151a43f3d00f6523079c53d6c2d064f80b9a55d6 ""update clang
asan suppressions".
Change-Id: I49740f5f3a784af1d62b830b47bfdfa27fe3e471
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/156935
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
This time try to do it in a way that doesn't re-introduce tdf#155034,
i.e. patch out code that would use NSS symbols which are in the RHEL7
baseline, but are not in Ubuntu 18.04. This is all code like RSA OAEP or
AES GCM which is relatively new, so not really required for our
signature needs.
It also helps that this release has a lowered baseline for NSS.
Change-Id: I5a8df6d98462e8173a5508e014bd2d515da2dc9d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/152747
Tested-by: Justin Luth <jluth@mail.com>
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
This reverts commit 4a828dde104551c1c3d935ed8b43ebc546fa77c3.
Reason for revert: Caolan merged a better fix with aa87fe2562e7a55a18a1c757a49babfe74377bcd
Change-Id: I3ae713555fc62782675dbc48ad51a36ff41bfcf5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151016
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
like...
symkeys.c:621:30: error: no newline at end of file [-Werror,-Wnewline-eof]
#endif /* XMLSEC_NO_PBKDF2 */
^
1 error generated.
make[5]: *** [Makefile:765: libxmlsec1_openssl_la-symkeys.lo] Error 1
Change-Id: I1dcd0cb6b350f412c30fb5a8d3aa4976cd0afde5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150980
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
ever since
commit 26bf26272bf525b59b4a4ce18b3ce14c1febfd7b
Author: Miklos Vajna <vmiklos@collabora.com>
Date: Mon Apr 24 14:27:47 2023 +0200
Update libxmlsec to 1.3.0
failures reported to https://github.com/lsh123/xmlsec/discussions/623
Change-Id: I2952f0eda036f6ff69710b8a103bbfc846ed87d8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150966
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
As discussed in the mailing list thread starting at
<https://lists.freedesktop.org/archives/libreoffice/2023-January/089808.html>
"Plan to remove dead C++ UNO bridge implementations (bridges/source/cpp_uno/*)",
the bridge implementation at bridges/source/cpp_uno/gcc3_aix_powerpc is
apparently dead and should thus be removed. However, that was the only bridge
implementation for AIX, which implies that support for the AIX platform as a
whole is dead and should thus be removed.
Change-Id: I96de3f7f97d4fd770ff78256f0ea435383688be9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146057
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
- remove the fix-size_max-412.patch.1 and
remove-unnecessary-macro-417.patch.1 backports
- drop old-nss.patch.1, which is now upstream
Change-Id: I4b668d4949d8831cffbe87ac6b16a20ba8698128
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/142395
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
this was changed upstream for
https://github.com/lsh123/xmlsec/issues/308
and the hope is that only the test suite requires newer NSS
Change-Id: Ibb4128ed98476f129470fac1f9b8cde181bb7bb2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141962
Reviewed-by: Jean-Baptiste Faure <jbfaure@libreoffice.org>
Tested-by: Miklos Vajna <vmiklos@collabora.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
- backport 2 patches to fix the build
- replace calls to the now deprecated xmlSecBase64Decode()
Change-Id: Ib3254002fff5e49bb6dd4eb1bf62e7d2ee7be83e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141865
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Jenkins
|
|
This is basically ea68de2968c0dbcd8e7549435e829db06795c16d but
for LDFLAGS. A number of external libs cannot use this because
their libtool mishandles -fuse-ld.
Change-Id: Idee379eb0a3afb475b536519ee3de064b4e218f4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133639
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
A number of them didn't use it at all, others had it hand-written
in various ways.
Change-Id: Iaf86325f9cdc032926bac917dc3eef4e34661544
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132818
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
No idea why we just provided the platform flags when cross-
compiling. In the curious case, where the host platform is
detected as x86_64-pc-mingw32 per default and we actually
want to override it with x86_64-pc-cygwin, we don't do a
cross compile, but must override the host platform.
But there is additional special handling needed for the omitted
cross-platform build in the special case of --host=i686-pc-cygwin
and --build=x86_64-pc-cygwin, where we deliberatly ignore cross
building; Windows is already a slow build, so try to keep this
optimization (AMD64 can execute x86 binaries).
There is the theoretical case, where the externals config.guess
would have detected something else and that "magically" even
worked, while the LO detected triplet would fail, but this
should be fixed in the external in any way.
Change-Id: Ib7a9719e0e406fe90334b7611dc3f01b51692bfa
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129153
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
|
|
Change-Id: I8d5ac40ec0c0b0a9fb3fb369578ff1f14b512254
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120387
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Tested-by: Jenkins
|
|
- configure with:
- --host=wasm64-local-emscripten
- had to make a few externals optional, so adding:
- --disable-nss
- --disable-cmis
- --disable-curl
Change-Id: I48d1c73d2675ad2e2beaf2c341578199efbd24ee
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111130
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
- align with most of the rest of config_host
- rename DISABLE_OPENSSL to ENABLE_OPENSSL
- make this configurable
Change-Id: Ic3b41fcdda38db66134939f12265e0da24833d60
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114564
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
And drop the 2 upstreamed patches.
Change-Id: Ia821023d9cc06df5e9e7aef82c070ad1c98b67e4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/114894
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Duplicate ds:X509Certificate elements cause:
warn:xmlsecurity.comp:9604:3820:xmlsecurity/source/helper/xmlsignaturehelper.cxx:658: X509Data do not form a chain: certificate in cycle:
(regression from 5af5ea893bcb8a8eb472ac11133da10e5a604e66)
Change-Id: I3d319a2f74dbec17b73f1c7bb8f4efe4e335f0ac
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113746
Tested-by: Mike Kaganski <mike.kaganski@collabora.com>
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Apply 21bbcb04b62352331a15a0b8463ebb27a9b858bc from upstream
locally.
Change-Id: Icb1ca245ebb6453040fbce6da54d13086970b0e8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110846
Tested-by: Miklos Vajna <vmiklos@collabora.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Change-Id: Ib6beab0aa9bf72af83520020eeca6e20a9ecc3df
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/98096
Tested-by: Jenkins
Reviewed-by: Tor Lillqvist <tml@collabora.com>
|
|
Change-Id: If08dde33dbf19afc9ce82bfa42412a642187a56f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/95848
Tested-by: Jenkins
Reviewed-by: Tor Lillqvist <tml@collabora.com>
|
|
SSE2 has been pretty much a requirement for running Windows since
about 2018, so there should be ~nobody needing this.
https://lists.freedesktop.org/archives/libreoffice/2020-May/085029.html
Change-Id: I579eb92c18e42c57aa1421b889cfa7997b84915f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93558
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
See instructions in solenv/gbuild/Trace.mk . This generates a file than
can be viewed e.g. in the Chromium tracing view.
Change-Id: I5f90647c58ca729375525b6daed2d4918adc8188
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/88754
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>
|
|
...which was at maximum set to GCC's -finline-limit=0 -fno-inline
(solenv/gbuild/platform/com_GCC_defs.mk). Those options were set for debug
builds "since forever", but that looks very much like cargo cult: -fno-inline
"is the default when not optimizing" anyway
(<https://gcc.gnu.org/onlinedocs/gcc-7.4.0/gcc/Optimize-Options.html>), and it
is unclear to me how -finline-limit=0 should have any impact beyond -fno-inline
(and maybe was present for ancient compilers that only supported -finline-limit
but not -fno-inline?).
Change-Id: Id6752d03b1b7ec8763defabc5720d4dd08790874
Reviewed-on: https://gerrit.libreoffice.org/66836
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I8900e399df970056c8ac781c05e9eff6a43c31c7
Reviewed-on: https://gerrit.libreoffice.org/64195
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
This was patching the nmake build system for nss purposes, but we use
nss on Linux/macOS only, and there we use the autotools build system, so
this patch had no effect at the end.
Change-Id: I0f0c3e0d045818ad3e456dd49017ae328ef6e053
Reviewed-on: https://gerrit.libreoffice.org/63385
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Change-Id: I386ead3e61a3162c1c4605d2f65ad23a6487389f
Reviewed-on: https://gerrit.libreoffice.org/63046
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
This gets rid of the horrible hack in gbuild.mk to accomodate the
case-incorrect iOS platform makefiles that cannot be renamed without
upsetting git on file systems that sadly lack the case sensitivity
feature.
Keep the macro defined to IOS though.
Change-Id: I1022bfef4900da00e75fc1ccce786b20f8673234
Reviewed-on: https://gerrit.libreoffice.org/62705
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Reviewed-by: Tor Lillqvist <tml@collabora.com>
Tested-by: Tor Lillqvist <tml@collabora.com>
|
|
Allows dropping 3 upstreamed patches.
Change-Id: I0dd739817b507eb5993ad18e8c4a128e0be7254a
Reviewed-on: https://gerrit.libreoffice.org/62526
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Change-Id: I2d40b1512420b5601c0ea6db42f319caf7c4170f
Reviewed-on: https://gerrit.libreoffice.org/61634
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Commit 2d1e4290a92a9ac153fa73edbaa050941ee0040b (Merge Gentoo patches
from old build and downstream repositories., 2011-03-13) mentions this
was necessary for libxml-2.7.8, but xmlsec already depends on 2.8.0 and
the same "extern block starts before the include list" pattern is there
in every other xmlsec header, so the patch was incomplete anyway.
Change-Id: I33fadcb3e5583266a37cf7f240b27b2df1544040
Reviewed-on: https://gerrit.libreoffice.org/60782
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Change-Id: Ib24c800216492ce4b090522831d21e80888185d1
Reviewed-on: https://gerrit.libreoffice.org/60414
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Change-Id: I5d3b16e09e585607a4261f8435d032d0d2ae4bd9
Reviewed-on: https://gerrit.libreoffice.org/59146
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Only the mscng one is used.
Change-Id: Ic8716cd465b2631da56f47d36811731be205fc3e
Reviewed-on: https://gerrit.libreoffice.org/58446
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
It is provided by the mscng backend.
Change-Id: I1b7e6baf4ba37f7990d1dd685e8d867834e8212d
Reviewed-on: https://gerrit.libreoffice.org/56271
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins
|
|
Change-Id: I95e720c9ee5774d87bb4eb8388f8a302ffed8a9b
Reviewed-on: https://gerrit.libreoffice.org/56222
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins
|
|
Allows dropping the xmlsec1-ecdsa-assert.patch.1 backport.
Also fix the generated test certs + generator script to avoid expired
certs for a while (.db files generated with Firefox 57.0).
Change-Id: I8cba9a01633a3952c845e15e23b18d44544cdb59
Reviewed-on: https://gerrit.libreoffice.org/56123
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
This was added in commit ebd1b95bb5f9235d1dba1b840fd746c9b53320d2
(INTEGRATION: CWS xmlsec08 (1.1.2); FILE ADDED; 2005-03-10) without any
real commit message to explain why this is necessary.
system-xmlsec (not containing this patch) works fine for our XML signing
purposes with software certificates, and just recently I learned that
even hardware-based certificates work fine without this patch, so it can
go away.
I assume this was a refactor to allow some new feature as a next step,
but that feature was never implemented.
Change-Id: I31639230483cd34b14b35fd41b4fcd8284476138
Reviewed-on: https://gerrit.libreoffice.org/55296
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
Change-Id: Id977be090e09eefcb4196078682694443718c2fd
Reviewed-on: https://gerrit.libreoffice.org/54103
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
... instead of hard-coding some subset of the variables everywhere.
Change-Id: I5eac5663563ee9d6cb7b57f5f6e9d55560587276
Reviewed-on: https://gerrit.libreoffice.org/44167
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Michael Stahl <mstahl@redhat.com>
|
|
Part of the configure is upstreamed, drop those 3 hunks.
Change-Id: I5f2ad217aaba050969cb655091f33fe61970a512
|
|
Change-Id: I9774dbec91b397d291d8f7f9bf96bbb75fc2baad
Reviewed-on: https://gerrit.libreoffice.org/42298
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Michael Stahl <mstahl@redhat.com>
|
