external: upgrade libxmlsec to 1.2.27

Allows dropping 3 upstreamed patches. Change-Id: I0dd739817b507eb5993ad18e8c4a128e0be7254a Reviewed-on: https://gerrit.libreoffice.org/62526 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>

external: upgrade libxmlsec to 1.2.27
Allows dropping 3 upstreamed patches. Change-Id: I0dd739817b507eb5993ad18e8c4a128e0be7254a Reviewed-on: https://gerrit.libreoffice.org/62526 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
9630a2df · Miklos Vajna · 9ebcc7c9 · 9630a2df · 9630a2df · 9ebcc7c9
Kaydet (Commit) 9630a2df authored Eki 29, 2018 tarafından Miklos Vajna
5 changed files
--- a/download.lst
+++ b/download.lst
@@ -154,8 +154,8 @@ export LIBNUMBERTEXT_SHA256SUM := e1c9086b4cecb6b25f180316f30740dfabe6a4dbaf70dd
 export LIBNUMBERTEXT_TARBALL := libnumbertext-1.0.5.tar.xz
 export LIBTOMMATH_SHA256SUM := 083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304f7281f8f7347483
 export LIBTOMMATH_TARBALL := ltm-1.0.zip
-export XMLSEC_SHA256SUM := 8d8276c9c720ca42a3b0023df8b7ae41a2d6c5f9aa8d20ed1672d84cc8982d50
-export XMLSEC_TARBALL := xmlsec1-1.2.26.tar.gz
+export XMLSEC_SHA256SUM := 97d756bad8e92588e6997d2227797eaa900d05e34a426829b149f65d87118eb6
+export XMLSEC_TARBALL := xmlsec1-1.2.27.tar.gz
 export LIBXML_SHA256SUM := 0b74e51595654f958148759cfef0993114ddccccbb6f31aee018f3558e8e2732
 export LIBXML_VERSION_MICRO := 8
 export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.gz

--- a/external/xmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/xmlsec/UnpackedTarball_xmlsec.mk
@@ -9,12 +9,6 @@

 xmlsec_patches :=
 xmlsec_patches += xmlsec1-configure.patch.1
-# Backport of <https://github.com/lsh123/xmlsec/pull/223>.
-xmlsec_patches += xmlsec1-vc.patch.1
-# Backport of <https://github.com/lsh123/xmlsec/pull/192>.
-xmlsec_patches += mscng-fixes.patch.1
-# Backport of <https://github.com/lsh123/xmlsec/pull/197>.
-xmlsec_patches += xmlsec1-macos.patch.1

 $(eval $(call gb_UnpackedTarball_UnpackedTarball,xmlsec))


--- a/external/xmlsec/mscng-fixes.patch.1
+++ b/external/xmlsec/mscng-fixes.patch.1
-From c97803e20287c189e37b5a737e84ed02b510949f Mon Sep 17 00:00:00 2001
-Subject: [PATCH] mscng: fix use-after-free, implement adoption of private key
- as part of key extraction (#192)
-
---
- src/mscng/signatures.c | 18 +++++++++++++-----
- src/mscng/x509.c       |  8 ++++++--
- src/xmltree.c          |  2 +-
- 3 files changed, 20 insertions(+), 8 deletions(-)
-
-diff --git a/src/mscng/signatures.c b/src/mscng/signatures.c
-index 365c484a..a7e0fbb7 100644
--- a/src/mscng/signatures.c
-+++ b/src/mscng/signatures.c
-@@ -258,20 +258,28 @@ static void xmlSecMSCngSignatureFinalize(xmlSecTransformPtr transform) {
-         xmlSecKeyDataDestroy(ctx->data);
-     }
- 
-    if(ctx->pbHash != NULL) {
-        xmlFree(ctx->pbHash);
-    }
-+    // MSDN documents at
-+    // https://msdn.microsoft.com/en-us/library/windows/desktop/aa376217(v=vs.85).aspx
-+    // that the order of cleanup should be:
-+    // - algo handle
-+    // - hash handle
-+    // - hash object pointer
-+    // - hash pointer
- 
-     if(ctx->hHashAlg != 0) {
-         BCryptCloseAlgorithmProvider(ctx->hHashAlg, 0);
-     }
- 
-+    if(ctx->hHash != 0) {
-+        BCryptDestroyHash(ctx->hHash);
-+    }
-+
-     if(ctx->pbHashObject != NULL) {
-         xmlFree(ctx->pbHashObject);
-     }
- 
-    if(ctx->hHash != 0) {
-        BCryptDestroyHash(ctx->hHash);
-+    if(ctx->pbHash != NULL) {
-+        xmlFree(ctx->pbHash);
-     }
- 
-     memset(ctx, 0, sizeof(xmlSecMSCngSignatureCtx));
-diff --git a/src/mscng/x509.c b/src/mscng/x509.c
-index 492193af..3ab62c5c 100644
--- a/src/mscng/x509.c
-+++ b/src/mscng/x509.c
-@@ -785,8 +785,12 @@ xmlSecMSCngKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
-         }
- 
-         if((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) {
-            xmlSecNotImplementedError(NULL);
-            return(-1);
-+            keyValue = xmlSecMSCngCertAdopt(certCopy, xmlSecKeyDataTypePrivate);
-+            if(keyValue == NULL) {
-+                xmlSecInternalError("xmlSecMSCngCertAdopt",
-+                    xmlSecKeyDataGetName(data));
-+                return(-1);
-+            }
-         } else if((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic) != 0) {
-             keyValue = xmlSecMSCngCertAdopt(certCopy, xmlSecKeyDataTypePublic);
-             if(keyValue == NULL) {
-- 
-2.16.4
-
--- a/external/xmlsec/xmlsec1-macos.patch.1
+++ b/external/xmlsec/xmlsec1-macos.patch.1
-From 9626654fa60825b5dc09a35bdfba6cb53d45e618 Mon Sep 17 00:00:00 2001
-From: Miklos Vajna <vmiklos@vmiklos.hu>
-Date: Mon, 25 Jun 2018 19:49:54 +0200
-Subject: [PATCH] configure: macOS improvement (#197)
-
-* configure: fix shared library suffix on macOS
-
-See <https://lists.gnu.org/archive/html/libtool/2010-04/msg00020.html>,
-shrext_cmds is a command to be evaluated. Linux uses .so for both
-loadable and shared libraries (in terms of libtool), so the problem is
-not visible there, but on macOS this caused configure to literally look
-for
-
-libnspr4`test .$module = .yes && echo .so || echo .dylib`
-
-for the nss backend, while nss provides libnspr4.dylib.
---
- configure.ac  |  5 ++++-
- src/xmldsig.c | 10 +++++-----
- src/xmlenc.c  |  4 ++--
- 3 files changed, 11 insertions(+), 8 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 2eb3f444..2adc625d 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -175,7 +175,10 @@ dnl ==========================================================================
- dnl Hack for autoconf version mismatch
- dnl ==========================================================================
- if test "z$shrext" = "z" ; then
-    shrext=$shrext_cmds
-+    AC_MSG_CHECKING(for shared library suffix)
-+    module=no
-+    eval shrext=$shrext_cmds
-+    AC_MSG_RESULT($shrext)
- fi
- 
- dnl ==========================================================================
-- 
-2.16.4
-
--- a/external/xmlsec/xmlsec1-vc.patch.1
+++ b/external/xmlsec/xmlsec1-vc.patch.1
-From a2077431caf7950b1174cbc03e36bfb2916a9dc1 Mon Sep 17 00:00:00 2001
-From: Miklos Vajna <vmiklos@collabora.co.uk>
-Date: Sat, 22 Sep 2018 16:03:18 +0200
-Subject: [PATCH] win32: allow custom compiler flags (#223)
-
-Use-case is e.g. wanting to build the code with -arch:SSE. And this improves
-consistency, autotools allows custom compiler flags as well.
---
- win32/Makefile.msvc | 2 +-
- win32/configure.js  | 6 ++++++
- 2 files changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/win32/Makefile.msvc b/win32/Makefile.msvc
-index 7eb02efc..9c9673bf 100644
--- a/win32/Makefile.msvc
-+++ b/win32/Makefile.msvc
-@@ -347,7 +347,7 @@
- #
- # The compiler and its options.
- #
-CFLAGS 			= /nologo /D "WIN32" /D "_WINDOWS" /D inline=__inline
-+CFLAGS 			= $(CFLAGS) /nologo /D "WIN32" /D "_WINDOWS" /D inline=__inline
- # C4130: '!=': logical operation on address of string constant:
- #     this generates a false warning inside macros
- CFLAGS 			= $(CFLAGS) /D "_MBCS" /D "_REENTRANT"  /W4 /wd4130
-diff --git a/win32/configure.js b/win32/configure.js
-index 9773617c..854a46af 100644
--- a/win32/configure.js
-+++ b/win32/configure.js
-@@ -57,6 +57,7 @@ var buildUnicode = 1;
- var buildDebug = 0;
- var buildWerror = 0;
- var buildCc = "cl.exe";
-+var buildCflags = "";
- var buildStatic = 1;
- var buildWithDLSupport = 1;
- var buildPrefix = ".";
-@@ -116,6 +117,7 @@ function usage()
- 	txt += "  debug:      Build unoptimised debug executables (" + (buildDebug? "yes" : "no")  + ")\n";
- 	txt += "  werror:     Build with warnings as errors(" + (buildWerror? "yes" : "no")  + ")\n";
- 	txt += "  cc:         Build with the specified compiler(" + buildCc  + ")\n";
-+	txt += "  cflags:     Build with the specified compiler flags('" + buildCflags  + "')\n";
- 	txt += "  static:     Link libxmlsec statically to xmlsec (" + (buildStatic? "yes" : "no")  + ")\n";
- 	txt += "  with-dl:    Enable dynamic loading of xmlsec-crypto libraries (" + (buildWithDLSupport? "yes" : "no")  + ")\n";
- 	txt += "  prefix:     Base directory for the installation (" + buildPrefix + ")\n";
-@@ -181,6 +183,7 @@ function discoverVersion()
- 	vf.WriteLine("DEBUG=" + (buildDebug? "1" : "0"));
- 	vf.WriteLine("WERROR=" + (buildWerror? "1" : "0"));
- 	vf.WriteLine("CC=" + buildCc);
-+	vf.WriteLine("CFLAGS=" + buildCflags);
- 	vf.WriteLine("STATIC=" + (buildStatic? "1" : "0"));
- 	vf.WriteLine("WITH_DL=" + (buildWithDLSupport ? "1" : "0"));
- 	vf.WriteLine("PREFIX=" + buildPrefix);
-@@ -317,6 +320,8 @@ for (i = 0; (i < WScript.Arguments.length) && (error == 0); i++) {
- 			buildWerror = strToBool(arg.substring(opt.length + 1, arg.length));
- 		else if (opt == "cc")
- 			buildCc = arg.substring(opt.length + 1, arg.length);
-+		else if (opt == "cflags")
-+			buildCflags = arg.substring(opt.length + 1, arg.length);
- 		else if (opt == "static")
- 			buildStatic = strToBool(arg.substring(opt.length + 1, arg.length));
- 		else if (opt == "with-dl")
-@@ -444,6 +449,7 @@ txtOut += "           Unicode: " + boolToStr(buildUnicode) + "\n";
- txtOut += "     Debug symbols: " + boolToStr(buildDebug) + "\n";
- txtOut += "Warnings as errors: " + boolToStr(buildWerror) + "\n";
- txtOut += "        C compiler: " + buildCc + "\n";
-+txtOut += "  C compiler flags: " + buildCflags + "\n";
- txtOut += "     Static xmlsec: " + boolToStr(buildStatic) + "\n";
- txtOut += " Enable DL support: " + boolToStr(buildWithDLSupport) + "\n";
- txtOut += "    Install prefix: " + buildPrefix + "\n";
-- 
-2.16.3
-