From d3449cb0afb1e03a7e8e1adbcd82678be2e3d2831fdec233e6cbb64084eec266 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Sun, 6 Aug 2023 07:15:43 +0000 Subject: [PATCH 1/4] Accepting request 1102129 from home:polslinux:branches:LibreOffice:Factory - Update to 1.3.1: * core xmlsec and all xmlsec-crypto libraries: + (ABI breaking change) Added support for the KeyInfoReference Element. + (ABI breaking change) Switched xmlSecSize to use size_t by default. Use "--enable-size-t=no" configure option ("size_t=no" on Windows) to restore the old behaviour (note that support for xmlSecSize being different from size_t will be removed in the future). + (API breaking change) Changed the key search to strict mode: only keys referenced by KeyInfo are used. To restore the old "lax" mode, set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx or use '--lax-key-search' option for XMLSec command line utility. + (API breaking change) The KeyName element content is now trimmed before key search is performed. + (API breaking change) Disabled FTP support by default. Use "--enable-ftp" configure option to restore it. Also added "--enable-http" and "--enable-files" configure options to control support for loading files over HTTP or locally. + (API/ABI breaking change) Disabled MD5 digest method by default. Use "--enable-md5" configure options to re-enable MD5. + (ABI breaking change) Added "failureReason" file to xmlSecDSigCtx and xmlEncCtx to provide more granular operation failure reason. + (ABI breaking change) Removed deprecated functions. + Added support for loading keys through ossl-store interface. Also see '--privkey-openssl-store' and '--pubkey-openssl-store ' command line options for XMLSec utility. + Added ability to control transforms binary chunk size to improve performance (see '--transform-binary-chunk-size' command line option for XMLSec utility). + Fixed all potentially unsafe integer conversions and all the other warnings. + Added XML Signature 1.1 interop (2012) and XML Encryption 1.1 interop (2012) tests. * xmlsec-openssl library: + Added support for SHA3 digests. + Added support for ECDSA-SHA3 signatures. + Added support for RSA PSS signatures (withtout parameters). + Added support for ConcatKDF key and PBKDF2 derivation algorithms. + (ABI breaking change) Added support for ECDH-ES Key Agreement algorithm. + (ABI breaking change) Added support for DH-ES Key Agreement algorithm with explicit KDF. + Added support for MGF1 algorithm to RSA OAEP key transport. + Added support for X509Digest element and ability to lookup keys using other X509Data elements. + Added support for DEREncodedKeyValue element. + Automatically set key name from PKCS12 key name. + Removed support for OpenSSL 1.0.0 and LibreSSL before 2.7.0. * xmlsec-nss library: + Added support for RSA PSS signatures (withtout parameters). + Added support for RSA OAEP key transport including MGF1 algorithms. + Added support for AES GCM ciphers. + Added support for PBKDF2 derivation algorithm. + Added support for X509Digest element and ability to lookup keys using other X509Data elements. + Added support for DEREncodedKeyValue element. + Automatically set key name from PKCS12 key name. * xmlsec-gnutls library: + (API/ABI breaking change) Removed dependency on xmlsec-gcrypt and libgcrypt libraries (including API functions) to enable support for different GnuTLS backends. + Bumped minimal GnuTLS version to 3.6.13. + Added support for SHA3 digests. + Added support for ECDSA signatures. + Added support for DSA-SHA256 signatures. + Added support for RSA PSS signatures (withtout parameters). + Added support for RSA PKCS 1.5 key transport. + Added support for AES GCM ciphers. + Added support for PBKDF2 derivation algorithm. + Added support for X509Digest element and ability to lookup keys using other X509Data elements. + Added support for DEREncodedKeyValue element. + Automatically set key name from PKCS12 key name. * xmlsec-mscng library: + Added support for RSA PSS signatures (withtout parameters). + Added support for MGF1 algorithm to RSA OAEP key transport. + (ABI breaking change) Added support for ECDH-ES Key Agreement algorithm. + Added support for ConcatKDF key and PBKDF2 derivation algorithms. + Added support for X509Digest element for keys and certificates lookup from the system stores (only SHA1 is supported). + Added support for DEREncodedKeyValue element. + Automatically set key name from PKCS12 key name. * xmlsec-gcrypt library: + In maintenance mode starting from this release. + Added support for SHA3 digests. + Added support for ECDSA signatures. + Added support for RSA PSS signatures (withtout parameters). + Added support for RSA PKCS 1.5 key transport. + Added support for RSA OAEP key transport including MGF1 algorithms. * xmlsec command line utility: + (API breaking change) The XMLSec command line utility is using 'strict' key search mode by default. To restore the old 'lax' key search mode, use the new '--lax-key-search' option. + (API breaking change) The XMLSec command line utility is no longer prints detailed errors by default. To restore the detailed errors, use the new '--verbose' option. + Added '--transform-binary-chunk-size' option to control transforms binary chunk size (increasing the chunk size should improve performance at the expense of memory usage. + Added support for loading keys through ossl-store interface. Also see '--privkey-openssl-store' and '--pubkey-openssl-store' command line options for XMLSec utility. + Added '--enabled-key-info-reference-uris' option to control processing of the the KeyInfoReference Element. + Added '--pbkdf2-key' option for loading PBKDF2 keys. + Added '--concatkdf-key' option for loading ConcatKDF keys. + Added '--hmac-min-out-len' option to control the min accepted HMAC Output length. + Added '--pubkey-openssl-engine' option to load public keys from OpenSSL engine. + Added '--crl-pem' and '--crl-der' options to load CRLs. + Added '--verify-keys' option to verify key's certificate before loading into Keys Manager (only supported for OpenSSL currently). + Enabled templatized output filenames to facilitate batch operations on multiple input files. OBS-URL: https://build.opensuse.org/request/show/1102129 OBS-URL: https://build.opensuse.org/package/show/LibreOffice:Factory/xmlsec1?expand=0&rev=50 --- xmlsec1-1.2.37.tar.gz | 3 - xmlsec1-1.2.37.tar.gz.sig | Bin 566 -> 0 bytes xmlsec1-1.3.1.tar.gz | 3 + xmlsec1-1.3.1.tar.gz.sig | Bin 0 -> 566 bytes xmlsec1.changes | 116 ++++++++++++++++++++++++++++++++++++++ xmlsec1.spec | 18 +++--- 6 files changed, 128 insertions(+), 12 deletions(-) delete mode 100644 xmlsec1-1.2.37.tar.gz delete mode 100644 xmlsec1-1.2.37.tar.gz.sig create mode 100644 xmlsec1-1.3.1.tar.gz create mode 100644 xmlsec1-1.3.1.tar.gz.sig diff --git a/xmlsec1-1.2.37.tar.gz b/xmlsec1-1.2.37.tar.gz deleted file mode 100644 index d0b24c5..0000000 --- a/xmlsec1-1.2.37.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5f8dfbcb6d1e56bddd0b5ec2e00a3d0ca5342a9f57c24dffde5c796b2be2871c -size 2009175 diff --git a/xmlsec1-1.2.37.tar.gz.sig b/xmlsec1-1.2.37.tar.gz.sig deleted file mode 100644 index b5b7037ddd82d8f2c7db3046f2a56fd83f6dfe700171c4d67278a5c236482bb5..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 566 zcmV-60?GY}0y6{v0SW*e79j)x{nn@7xEzS{OPlcKKF#l*9fF<(0%L_MApi;q5avG3 z@17lko^a(4`vhjB!-bIgQJdL2x1r}fgVds1FpA9X#7)dETPQy*KnoLq#N50X0VfUs zixE-b-Vlx$Vos#YV0->A@r4}q9{0hPY^K~AF6&nbf@-HM^D|Q=@FErix0HHHyOWL! zHye3tX%a!`gQ?g@hofEuFJE$q4F6#fnD*Q z4k{>IcrOh&QU@76lyqz|3cWZGc~Q71W~J8hv_y=P``L3X1<7ync6983>nvtFR|=6v z&|GkN|K!;GcN~-5i6YvYsWl9L6X_`~jlI+_<=aWzg+Gb1($^0rdH!?<5Zh_9#rlg) z0^7P&Po?5pUU5&M%m;=SC9C^XBcesGed}Xm1`<~e!Fh?H7DxI0E3Nn=ix*H+>f!pC ztDmgKOcq*Dg!cRnV+p7iD8vzoN1E-bYECb)t{TUjV6}!_o`frm4|ksRgFKBtJLU~j zR+n2(u9w_Ma0eBp*fAR8kf?352uN!;8CkGTsYZn)w%z0xS=BIs{~p)-SC;@zwy>3` zzC8*|oad(%pfP`1+CHttR;)pH%a%XAnyZIvc?d5p_Wt`BiF>vboa|(IH5hJQ-@9dv zJ~&R3BJ2AUb)qbLtvqD?N2roA^bZtXl$oP2Pn|NC1lWY3m)&TsRQDvnyhzq)GL=b1 Eb1`2DUjP6A diff --git a/xmlsec1-1.3.1.tar.gz b/xmlsec1-1.3.1.tar.gz new file mode 100644 index 0000000..d2fafdc --- /dev/null +++ b/xmlsec1-1.3.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:10f48384d4fd1afc05fea545b74fbf7c152582f0a895c189f164d55270400c63 +size 2432943 diff --git a/xmlsec1-1.3.1.tar.gz.sig b/xmlsec1-1.3.1.tar.gz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..f338a731042ca9682cc049ba9d530a7945fb8b8c99659f3ed578a9456f0914f2 GIT binary patch literal 566 zcmV-60?GY}0y6{v0SW*e79j)x{nn@7xEzS{OPlcKKF#l*9fF<(0%U(K3IGZT5avG3 z@17lko|d8y|9q+3mWvF`BckS9nkMhVIS{r;odFNswBD)=P$?2>Y@Z7%R>rnt6$8w8 z0P|2>H7cj#GN6MVN0}QX?CuLO;4H=yeg!p`8A-@{MUjj$jTT^AGwqHR8_j#91hAf? z*MXukR*xZyhhgC7mN~4-D0gg}<8{S+7_a zFAN_(ERn5+vDfv~0X*{{5wI&HgRK|}?F(hr^YBrYy?*~lBywh{><4P6rj5uNvA<7$ zh4*{mz+dBFr><5sP2V3nF?pY<9RX#ak4h|XJiRsV?dU4%GOGyy(f?HF1AG+sUO4Ym E(*Pp|t^fc4 literal 0 HcmV?d00001 diff --git a/xmlsec1.changes b/xmlsec1.changes index d0299c0..c147a59 100644 --- a/xmlsec1.changes +++ b/xmlsec1.changes @@ -1,3 +1,119 @@ +------------------------------------------------------------------- +Thu Aug 3 07:40:48 UTC 2023 - Paolo Stivanin + +- Update to 1.3.1: + * core xmlsec and all xmlsec-crypto libraries: + + (ABI breaking change) Added support for the KeyInfoReference Element. + + (ABI breaking change) Switched xmlSecSize to use size_t by default. + Use "--enable-size-t=no" configure option ("size_t=no" on Windows) + to restore the old behaviour (note that support for xmlSecSize + being different from size_t will be removed in the future). + + (API breaking change) Changed the key search to strict mode: only + keys referenced by KeyInfo are used. To restore the old "lax" mode, + set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx + or use '--lax-key-search' option for XMLSec command line utility. + + (API breaking change) The KeyName element content is now trimmed + before key search is performed. + + (API breaking change) Disabled FTP support by default. + Use "--enable-ftp" configure option to restore it. Also added + "--enable-http" and "--enable-files" configure options to control + support for loading files over HTTP or locally. + + (API/ABI breaking change) Disabled MD5 digest method by default. + Use "--enable-md5" configure options to re-enable MD5. + + (ABI breaking change) Added "failureReason" file to xmlSecDSigCtx + and xmlEncCtx to provide more granular operation failure reason. + + (ABI breaking change) Removed deprecated functions. + + Added support for loading keys through ossl-store interface. + Also see '--privkey-openssl-store' and '--pubkey-openssl-store ' + command line options for XMLSec utility. + + Added ability to control transforms binary chunk size to improve + performance (see '--transform-binary-chunk-size' command line option + for XMLSec utility). + + Fixed all potentially unsafe integer conversions and all the + other warnings. + + Added XML Signature 1.1 interop (2012) and XML Encryption 1.1 + interop (2012) tests. + * xmlsec-openssl library: + + Added support for SHA3 digests. + + Added support for ECDSA-SHA3 signatures. + + Added support for RSA PSS signatures (withtout parameters). + + Added support for ConcatKDF key and PBKDF2 derivation algorithms. + + (ABI breaking change) Added support for ECDH-ES Key Agreement + algorithm. + + (ABI breaking change) Added support for DH-ES Key Agreement + algorithm with explicit KDF. + + Added support for MGF1 algorithm to RSA OAEP key transport. + + Added support for X509Digest element and ability to lookup keys + using other X509Data elements. + + Added support for DEREncodedKeyValue element. + + Automatically set key name from PKCS12 key name. + + Removed support for OpenSSL 1.0.0 and LibreSSL before 2.7.0. + * xmlsec-nss library: + + Added support for RSA PSS signatures (withtout parameters). + + Added support for RSA OAEP key transport including MGF1 algorithms. + + Added support for AES GCM ciphers. + + Added support for PBKDF2 derivation algorithm. + + Added support for X509Digest element and ability to lookup keys + using other X509Data elements. + + Added support for DEREncodedKeyValue element. + + Automatically set key name from PKCS12 key name. + * xmlsec-gnutls library: + + (API/ABI breaking change) Removed dependency on xmlsec-gcrypt + and libgcrypt libraries (including API functions) to enable + support for different GnuTLS backends. + + Bumped minimal GnuTLS version to 3.6.13. + + Added support for SHA3 digests. + + Added support for ECDSA signatures. + + Added support for DSA-SHA256 signatures. + + Added support for RSA PSS signatures (withtout parameters). + + Added support for RSA PKCS 1.5 key transport. + + Added support for AES GCM ciphers. + + Added support for PBKDF2 derivation algorithm. + + Added support for X509Digest element and ability to lookup keys + using other X509Data elements. + + Added support for DEREncodedKeyValue element. + + Automatically set key name from PKCS12 key name. + * xmlsec-mscng library: + + Added support for RSA PSS signatures (withtout parameters). + + Added support for MGF1 algorithm to RSA OAEP key transport. + + (ABI breaking change) Added support for ECDH-ES Key Agreement algorithm. + + Added support for ConcatKDF key and PBKDF2 derivation algorithms. + + Added support for X509Digest element for keys and certificates + lookup from the system stores (only SHA1 is supported). + + Added support for DEREncodedKeyValue element. + + Automatically set key name from PKCS12 key name. + * xmlsec-gcrypt library: + + In maintenance mode starting from this release. + + Added support for SHA3 digests. + + Added support for ECDSA signatures. + + Added support for RSA PSS signatures (withtout parameters). + + Added support for RSA PKCS 1.5 key transport. + + Added support for RSA OAEP key transport including MGF1 algorithms. + * xmlsec command line utility: + + (API breaking change) The XMLSec command line utility is using 'strict' key + search mode by default. To restore the old 'lax' key search mode, + use the new '--lax-key-search' option. + + (API breaking change) The XMLSec command line utility is no longer + prints detailed errors by default. To restore the detailed errors, + use the new '--verbose' option. + + Added '--transform-binary-chunk-size' option to control transforms + binary chunk size (increasing the chunk size should improve + performance at the expense of memory usage. + + Added support for loading keys through ossl-store interface. + Also see '--privkey-openssl-store' and '--pubkey-openssl-store' + command line options for XMLSec utility. + + Added '--enabled-key-info-reference-uris' option to control processing of + the the KeyInfoReference Element. + + Added '--pbkdf2-key' option for loading PBKDF2 keys. + + Added '--concatkdf-key' option for loading ConcatKDF keys. + + Added '--hmac-min-out-len' option to control the min accepted HMAC Output length. + + Added '--pubkey-openssl-engine' option to load public keys from OpenSSL engine. + + Added '--crl-pem' and '--crl-der' options to load CRLs. + + Added '--verify-keys' option to verify key's certificate before + loading into Keys Manager (only supported for OpenSSL currently). + + Enabled templatized output filenames to facilitate batch operations on + multiple input files. + ------------------------------------------------------------------- Wed Feb 1 09:23:37 UTC 2023 - Dirk Müller diff --git a/xmlsec1.spec b/xmlsec1.spec index 1a4885e..2cfbf9a 100644 --- a/xmlsec1.spec +++ b/xmlsec1.spec @@ -23,7 +23,7 @@ %global libgnutls libxmlsec1-gnutls1 %global libnss libxmlsec1-nss1 Name: xmlsec1 -Version: 1.2.37 +Version: 1.3.1 Release: 0 Summary: Library providing support for "XML Signature" and "XML Encryption" standards License: MIT @@ -37,12 +37,12 @@ BuildRequires: libtool # Needed certutil for tests BuildRequires: mozilla-nss-tools BuildRequires: pkgconfig -BuildRequires: pkgconfig(gnutls) +BuildRequires: pkgconfig(gnutls) >= 3.6.13 BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(libxslt) BuildRequires: pkgconfig(nspr) -BuildRequires: pkgconfig(nss) -BuildRequires: pkgconfig(openssl) +BuildRequires: pkgconfig(nss) >= 3.35 +BuildRequires: pkgconfig(openssl) >= 1.1.0 Recommends: %{libopenssl} %description @@ -95,7 +95,7 @@ Summary: Libraries, includes for XML Signatures/Encryption Requires: %{libname} = %{version} Requires: libxml2-devel >= 2.6.0 Requires: libxslt-devel >= 1.1.0 -Requires: openssl-devel >= 0.9.6 +Requires: openssl-devel >= 1.1.0 Requires: pkgconfig(zlib) %description devel @@ -123,7 +123,7 @@ Summary: GNUTls crypto plugin for XML Security Library Requires: %{libgnutls} = %{version} Requires: %{name}-devel = %{version} Requires: %{name}-openssl-devel = %{version} -Requires: gnutls-devel >= 1.0.20 +Requires: gnutls-devel >= 3.6.13 Requires: libgcrypt-devel >= 1.2.0 %description gnutls-devel @@ -134,7 +134,7 @@ Summary: NSS crypto plugin for XML Security Library Requires: %{libnss} = %{version} Requires: %{name}-devel = %{version} Requires: mozilla-nspr-devel -Requires: mozilla-nss-devel >= 3.2 +Requires: mozilla-nss-devel >= 3.35 %description nss-devel Libraries, includes, etc. for developing XML Security applications with NSS. @@ -144,8 +144,8 @@ Libraries, includes, etc. for developing XML Security applications with NSS. %build # Allow for deprecations -export CFLAGS="-Wno-error=deprecated-declarations" -export CXXFLAGS="-Wno-error=deprecated-declarations" +export CFLAGS="-Wno-error=deprecated-declarations -Wno-error=redundant-decls" +export CXXFLAGS="-Wno-error=deprecated-declarations -Wno-error=redundant-decls" %configure \ --disable-static \ --disable-silent-rules \ From 15cee3140787e3a212d7822e4b36177e26624d0f430104bdd567443e5ea7199b Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Mon, 7 Aug 2023 20:23:57 +0000 Subject: [PATCH 2/4] OBS-URL: https://build.opensuse.org/package/show/LibreOffice:Factory/xmlsec1?expand=0&rev=51 --- xmlsec1-ui_null.patch | 20 ++++++++++++++++++++ xmlsec1.spec | 7 +++++-- 2 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 xmlsec1-ui_null.patch diff --git a/xmlsec1-ui_null.patch b/xmlsec1-ui_null.patch new file mode 100644 index 0000000..b0acdf1 --- /dev/null +++ b/xmlsec1-ui_null.patch @@ -0,0 +1,20 @@ +--- xmlsec1-1.2.33/src/openssl/app.c 2022-01-28 07:47:11.922603482 +0100 ++++ xmlsec1-1.2.33/src/openssl/app.c 2022-01-28 08:18:12.786240295 +0100 +@@ -437,7 +437,7 @@ + } + } + +- if(ENGINE_ctrl_cmd(engine, "SET_USER_INTERFACE", 0, (void *)UI_null(), 0, 1) < 0) { ++ if(ENGINE_ctrl_cmd(engine, "SET_USER_INTERFACE", 0, (void *)0, 0, 1) < 0) { + xmlSecOpenSSLError("ENGINE_ctrl_cmd_string(SET_USER_INTERFACE)", NULL); + goto done; + } +@@ -453,7 +453,7 @@ + + /* load private key */ + pKey = ENGINE_load_private_key(engine, engineKeyId, +- (UI_METHOD *)UI_null(), ++ (UI_METHOD *)0, + NULL); + if(pKey == NULL) { + xmlSecOpenSSLError("ENGINE_load_private_key", NULL); diff --git a/xmlsec1.spec b/xmlsec1.spec index 2cfbf9a..e4d9186 100644 --- a/xmlsec1.spec +++ b/xmlsec1.spec @@ -32,6 +32,7 @@ Source0: https://www.aleksey.com/xmlsec/download/xmlsec1-%{version}.tar.g Source1: https://www.aleksey.com/xmlsec/download/xmlsec1-%{version}.sig#/xmlsec1-%{version}.tar.gz.sig Source2: %{name}.keyring Source99: xmlsec1-rpmlintrc +Patch0: xmlsec1-ui_null.patch BuildRequires: libgcrypt-devel BuildRequires: libtool # Needed certutil for tests @@ -140,7 +141,10 @@ Requires: mozilla-nss-devel >= 3.35 Libraries, includes, etc. for developing XML Security applications with NSS. %prep -%autosetup -p1 +%setup -q +%if 0%{?suse_version} < 1500 +%patch0 -p1 +%endif %build # Allow for deprecations @@ -149,7 +153,6 @@ export CXXFLAGS="-Wno-error=deprecated-declarations -Wno-error=redundant-decls" %configure \ --disable-static \ --disable-silent-rules \ - --enable-werror \ --disable-md5 %make_build From db62c8ccfafa78e45c1ce6595dd186418962230dfb43f5f51696fbcfd65ac8ce Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Tue, 8 Aug 2023 15:36:09 +0000 Subject: [PATCH 3/4] OBS-URL: https://build.opensuse.org/package/show/LibreOffice:Factory/xmlsec1?expand=0&rev=52 --- xmlsec1-1.2.37.tar.gz | 3 + xmlsec1-1.2.37.tar.gz.sig | Bin 0 -> 566 bytes xmlsec1-1.3.1.tar.gz | 3 - xmlsec1-1.3.1.tar.gz.sig | Bin 566 -> 0 bytes xmlsec1.changes | 116 -------------------------------------- xmlsec1.spec | 18 +++--- 6 files changed, 12 insertions(+), 128 deletions(-) create mode 100644 xmlsec1-1.2.37.tar.gz create mode 100644 xmlsec1-1.2.37.tar.gz.sig delete mode 100644 xmlsec1-1.3.1.tar.gz delete mode 100644 xmlsec1-1.3.1.tar.gz.sig diff --git a/xmlsec1-1.2.37.tar.gz b/xmlsec1-1.2.37.tar.gz new file mode 100644 index 0000000..d0b24c5 --- /dev/null +++ b/xmlsec1-1.2.37.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5f8dfbcb6d1e56bddd0b5ec2e00a3d0ca5342a9f57c24dffde5c796b2be2871c +size 2009175 diff --git a/xmlsec1-1.2.37.tar.gz.sig b/xmlsec1-1.2.37.tar.gz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..b5b7037ddd82d8f2c7db3046f2a56fd83f6dfe700171c4d67278a5c236482bb5 GIT binary patch literal 566 zcmV-60?GY}0y6{v0SW*e79j)x{nn@7xEzS{OPlcKKF#l*9fF<(0%L_MApi;q5avG3 z@17lko^a(4`vhjB!-bIgQJdL2x1r}fgVds1FpA9X#7)dETPQy*KnoLq#N50X0VfUs zixE-b-Vlx$Vos#YV0->A@r4}q9{0hPY^K~AF6&nbf@-HM^D|Q=@FErix0HHHyOWL! zHye3tX%a!`gQ?g@hofEuFJE$q4F6#fnD*Q z4k{>IcrOh&QU@76lyqz|3cWZGc~Q71W~J8hv_y=P``L3X1<7ync6983>nvtFR|=6v z&|GkN|K!;GcN~-5i6YvYsWl9L6X_`~jlI+_<=aWzg+Gb1($^0rdH!?<5Zh_9#rlg) z0^7P&Po?5pUU5&M%m;=SC9C^XBcesGed}Xm1`<~e!Fh?H7DxI0E3Nn=ix*H+>f!pC ztDmgKOcq*Dg!cRnV+p7iD8vzoN1E-bYECb)t{TUjV6}!_o`frm4|ksRgFKBtJLU~j zR+n2(u9w_Ma0eBp*fAR8kf?352uN!;8CkGTsYZn)w%z0xS=BIs{~p)-SC;@zwy>3` zzC8*|oad(%pfP`1+CHttR;)pH%a%XAnyZIvc?d5p_Wt`BiF>vboa|(IH5hJQ-@9dv zJ~&R3BJ2AUb)qbLtvqD?N2roA^bZtXl$oP2Pn|NC1lWY3m)&TsRQDvnyhzq)GL=b1 Eb1`2DUjP6A literal 0 HcmV?d00001 diff --git a/xmlsec1-1.3.1.tar.gz b/xmlsec1-1.3.1.tar.gz deleted file mode 100644 index d2fafdc..0000000 --- a/xmlsec1-1.3.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:10f48384d4fd1afc05fea545b74fbf7c152582f0a895c189f164d55270400c63 -size 2432943 diff --git a/xmlsec1-1.3.1.tar.gz.sig b/xmlsec1-1.3.1.tar.gz.sig deleted file mode 100644 index f338a731042ca9682cc049ba9d530a7945fb8b8c99659f3ed578a9456f0914f2..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 566 zcmV-60?GY}0y6{v0SW*e79j)x{nn@7xEzS{OPlcKKF#l*9fF<(0%U(K3IGZT5avG3 z@17lko|d8y|9q+3mWvF`BckS9nkMhVIS{r;odFNswBD)=P$?2>Y@Z7%R>rnt6$8w8 z0P|2>H7cj#GN6MVN0}QX?CuLO;4H=yeg!p`8A-@{MUjj$jTT^AGwqHR8_j#91hAf? z*MXukR*xZyhhgC7mN~4-D0gg}<8{S+7_a zFAN_(ERn5+vDfv~0X*{{5wI&HgRK|}?F(hr^YBrYy?*~lBywh{><4P6rj5uNvA<7$ zh4*{mz+dBFr><5sP2V3nF?pY<9RX#ak4h|XJiRsV?dU4%GOGyy(f?HF1AG+sUO4Ym E(*Pp|t^fc4 diff --git a/xmlsec1.changes b/xmlsec1.changes index c147a59..d0299c0 100644 --- a/xmlsec1.changes +++ b/xmlsec1.changes @@ -1,119 +1,3 @@ -------------------------------------------------------------------- -Thu Aug 3 07:40:48 UTC 2023 - Paolo Stivanin - -- Update to 1.3.1: - * core xmlsec and all xmlsec-crypto libraries: - + (ABI breaking change) Added support for the KeyInfoReference Element. - + (ABI breaking change) Switched xmlSecSize to use size_t by default. - Use "--enable-size-t=no" configure option ("size_t=no" on Windows) - to restore the old behaviour (note that support for xmlSecSize - being different from size_t will be removed in the future). - + (API breaking change) Changed the key search to strict mode: only - keys referenced by KeyInfo are used. To restore the old "lax" mode, - set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx - or use '--lax-key-search' option for XMLSec command line utility. - + (API breaking change) The KeyName element content is now trimmed - before key search is performed. - + (API breaking change) Disabled FTP support by default. - Use "--enable-ftp" configure option to restore it. Also added - "--enable-http" and "--enable-files" configure options to control - support for loading files over HTTP or locally. - + (API/ABI breaking change) Disabled MD5 digest method by default. - Use "--enable-md5" configure options to re-enable MD5. - + (ABI breaking change) Added "failureReason" file to xmlSecDSigCtx - and xmlEncCtx to provide more granular operation failure reason. - + (ABI breaking change) Removed deprecated functions. - + Added support for loading keys through ossl-store interface. - Also see '--privkey-openssl-store' and '--pubkey-openssl-store ' - command line options for XMLSec utility. - + Added ability to control transforms binary chunk size to improve - performance (see '--transform-binary-chunk-size' command line option - for XMLSec utility). - + Fixed all potentially unsafe integer conversions and all the - other warnings. - + Added XML Signature 1.1 interop (2012) and XML Encryption 1.1 - interop (2012) tests. - * xmlsec-openssl library: - + Added support for SHA3 digests. - + Added support for ECDSA-SHA3 signatures. - + Added support for RSA PSS signatures (withtout parameters). - + Added support for ConcatKDF key and PBKDF2 derivation algorithms. - + (ABI breaking change) Added support for ECDH-ES Key Agreement - algorithm. - + (ABI breaking change) Added support for DH-ES Key Agreement - algorithm with explicit KDF. - + Added support for MGF1 algorithm to RSA OAEP key transport. - + Added support for X509Digest element and ability to lookup keys - using other X509Data elements. - + Added support for DEREncodedKeyValue element. - + Automatically set key name from PKCS12 key name. - + Removed support for OpenSSL 1.0.0 and LibreSSL before 2.7.0. - * xmlsec-nss library: - + Added support for RSA PSS signatures (withtout parameters). - + Added support for RSA OAEP key transport including MGF1 algorithms. - + Added support for AES GCM ciphers. - + Added support for PBKDF2 derivation algorithm. - + Added support for X509Digest element and ability to lookup keys - using other X509Data elements. - + Added support for DEREncodedKeyValue element. - + Automatically set key name from PKCS12 key name. - * xmlsec-gnutls library: - + (API/ABI breaking change) Removed dependency on xmlsec-gcrypt - and libgcrypt libraries (including API functions) to enable - support for different GnuTLS backends. - + Bumped minimal GnuTLS version to 3.6.13. - + Added support for SHA3 digests. - + Added support for ECDSA signatures. - + Added support for DSA-SHA256 signatures. - + Added support for RSA PSS signatures (withtout parameters). - + Added support for RSA PKCS 1.5 key transport. - + Added support for AES GCM ciphers. - + Added support for PBKDF2 derivation algorithm. - + Added support for X509Digest element and ability to lookup keys - using other X509Data elements. - + Added support for DEREncodedKeyValue element. - + Automatically set key name from PKCS12 key name. - * xmlsec-mscng library: - + Added support for RSA PSS signatures (withtout parameters). - + Added support for MGF1 algorithm to RSA OAEP key transport. - + (ABI breaking change) Added support for ECDH-ES Key Agreement algorithm. - + Added support for ConcatKDF key and PBKDF2 derivation algorithms. - + Added support for X509Digest element for keys and certificates - lookup from the system stores (only SHA1 is supported). - + Added support for DEREncodedKeyValue element. - + Automatically set key name from PKCS12 key name. - * xmlsec-gcrypt library: - + In maintenance mode starting from this release. - + Added support for SHA3 digests. - + Added support for ECDSA signatures. - + Added support for RSA PSS signatures (withtout parameters). - + Added support for RSA PKCS 1.5 key transport. - + Added support for RSA OAEP key transport including MGF1 algorithms. - * xmlsec command line utility: - + (API breaking change) The XMLSec command line utility is using 'strict' key - search mode by default. To restore the old 'lax' key search mode, - use the new '--lax-key-search' option. - + (API breaking change) The XMLSec command line utility is no longer - prints detailed errors by default. To restore the detailed errors, - use the new '--verbose' option. - + Added '--transform-binary-chunk-size' option to control transforms - binary chunk size (increasing the chunk size should improve - performance at the expense of memory usage. - + Added support for loading keys through ossl-store interface. - Also see '--privkey-openssl-store' and '--pubkey-openssl-store' - command line options for XMLSec utility. - + Added '--enabled-key-info-reference-uris' option to control processing of - the the KeyInfoReference Element. - + Added '--pbkdf2-key' option for loading PBKDF2 keys. - + Added '--concatkdf-key' option for loading ConcatKDF keys. - + Added '--hmac-min-out-len' option to control the min accepted HMAC Output length. - + Added '--pubkey-openssl-engine' option to load public keys from OpenSSL engine. - + Added '--crl-pem' and '--crl-der' options to load CRLs. - + Added '--verify-keys' option to verify key's certificate before - loading into Keys Manager (only supported for OpenSSL currently). - + Enabled templatized output filenames to facilitate batch operations on - multiple input files. - ------------------------------------------------------------------- Wed Feb 1 09:23:37 UTC 2023 - Dirk Müller diff --git a/xmlsec1.spec b/xmlsec1.spec index e4d9186..1de104f 100644 --- a/xmlsec1.spec +++ b/xmlsec1.spec @@ -23,7 +23,7 @@ %global libgnutls libxmlsec1-gnutls1 %global libnss libxmlsec1-nss1 Name: xmlsec1 -Version: 1.3.1 +Version: 1.2.37 Release: 0 Summary: Library providing support for "XML Signature" and "XML Encryption" standards License: MIT @@ -38,12 +38,12 @@ BuildRequires: libtool # Needed certutil for tests BuildRequires: mozilla-nss-tools BuildRequires: pkgconfig -BuildRequires: pkgconfig(gnutls) >= 3.6.13 +BuildRequires: pkgconfig(gnutls) BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(libxslt) BuildRequires: pkgconfig(nspr) -BuildRequires: pkgconfig(nss) >= 3.35 -BuildRequires: pkgconfig(openssl) >= 1.1.0 +BuildRequires: pkgconfig(nss) +BuildRequires: pkgconfig(openssl) Recommends: %{libopenssl} %description @@ -96,7 +96,7 @@ Summary: Libraries, includes for XML Signatures/Encryption Requires: %{libname} = %{version} Requires: libxml2-devel >= 2.6.0 Requires: libxslt-devel >= 1.1.0 -Requires: openssl-devel >= 1.1.0 +Requires: openssl-devel >= 0.9.6 Requires: pkgconfig(zlib) %description devel @@ -124,7 +124,7 @@ Summary: GNUTls crypto plugin for XML Security Library Requires: %{libgnutls} = %{version} Requires: %{name}-devel = %{version} Requires: %{name}-openssl-devel = %{version} -Requires: gnutls-devel >= 3.6.13 +Requires: gnutls-devel >= 1.0.20 Requires: libgcrypt-devel >= 1.2.0 %description gnutls-devel @@ -135,7 +135,7 @@ Summary: NSS crypto plugin for XML Security Library Requires: %{libnss} = %{version} Requires: %{name}-devel = %{version} Requires: mozilla-nspr-devel -Requires: mozilla-nss-devel >= 3.35 +Requires: mozilla-nss-devel >= 3.2 %description nss-devel Libraries, includes, etc. for developing XML Security applications with NSS. @@ -148,8 +148,8 @@ Libraries, includes, etc. for developing XML Security applications with NSS. %build # Allow for deprecations -export CFLAGS="-Wno-error=deprecated-declarations -Wno-error=redundant-decls" -export CXXFLAGS="-Wno-error=deprecated-declarations -Wno-error=redundant-decls" +export CFLAGS="-Wno-error=deprecated-declarations -std=c99" +export CXXFLAGS="-Wno-error=deprecated-declarations" %configure \ --disable-static \ --disable-silent-rules \ From 21c5940c2b8a9dff4939eab09c5edf206d4cf4be53a101e076821acb4110f806 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Tue, 8 Aug 2023 15:43:32 +0000 Subject: [PATCH 4/4] OBS-URL: https://build.opensuse.org/package/show/LibreOffice:Factory/xmlsec1?expand=0&rev=53 --- xmlsec1.changes | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/xmlsec1.changes b/xmlsec1.changes index d0299c0..9f2196c 100644 --- a/xmlsec1.changes +++ b/xmlsec1.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue Aug 8 15:41:15 UTC 2023 - Fridrich Strba + +- Added patch: + * xmlsec1-ui_null.patch + + fix build with older versions of openssl that don't have + UI_null() method + ------------------------------------------------------------------- Wed Feb 1 09:23:37 UTC 2023 - Dirk Müller