pool/xmlsec1
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d3449cb0af
xmlsec1/xmlsec1.spec
Fridrich Strba d3449cb0af Accepting request 1102129 from home:polslinux:branches:LibreOffice:Factory 
- Update to 1.3.1:
  * core xmlsec and all xmlsec-crypto libraries:
    + (ABI breaking change) Added support for the KeyInfoReference Element.
    + (ABI breaking change) Switched xmlSecSize to use size_t by default.
      Use "--enable-size-t=no" configure option ("size_t=no" on Windows)
      to restore the old behaviour (note that support for xmlSecSize
      being different from size_t will be removed in the future).
    + (API breaking change) Changed the key search to strict mode: only
      keys referenced by KeyInfo are used. To restore the old "lax" mode,
      set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx
      or use '--lax-key-search' option for XMLSec command line utility.
    + (API breaking change) The KeyName element content is now trimmed
      before key search is performed.
    + (API breaking change) Disabled FTP support by default.
      Use "--enable-ftp" configure option to restore it. Also added
      "--enable-http" and "--enable-files" configure options to control
      support for loading files over HTTP or locally.
    + (API/ABI breaking change) Disabled MD5 digest method by default.
      Use "--enable-md5" configure options to re-enable MD5.
    + (ABI breaking change) Added "failureReason" file to xmlSecDSigCtx
      and xmlEncCtx to provide more granular operation failure reason.
    + (ABI breaking change) Removed deprecated functions.
    + Added support for loading keys through ossl-store interface.
      Also see '--privkey-openssl-store' and '--pubkey-openssl-store '
      command line options for XMLSec utility.
    + Added ability to control transforms binary chunk size to improve
      performance (see '--transform-binary-chunk-size' command line option
      for XMLSec utility).
    + Fixed all potentially unsafe integer conversions and all the
      other warnings.
    + Added XML Signature 1.1 interop (2012) and XML Encryption 1.1
      interop (2012) tests.
  * xmlsec-openssl library:
    + Added support for SHA3 digests.
    + Added support for ECDSA-SHA3 signatures.
    + Added support for RSA PSS signatures (withtout parameters).
    + Added support for ConcatKDF key and PBKDF2 derivation algorithms.
    + (ABI breaking change) Added support for ECDH-ES Key Agreement
      algorithm.
    + (ABI breaking change) Added support for DH-ES Key Agreement
      algorithm with explicit KDF.
    + Added support for MGF1 algorithm to RSA OAEP key transport.
    + Added support for X509Digest element and ability to lookup keys
      using other X509Data elements.
    + Added support for DEREncodedKeyValue element.
    + Automatically set key name from PKCS12 key name.
    + Removed support for OpenSSL 1.0.0 and LibreSSL before 2.7.0.
  * xmlsec-nss library:
    + Added support for RSA PSS signatures (withtout parameters).
    + Added support for RSA OAEP key transport including MGF1 algorithms.
    + Added support for AES GCM ciphers.
    + Added support for PBKDF2 derivation algorithm.
    + Added support for X509Digest element and ability to lookup keys
      using other X509Data elements.
    + Added support for DEREncodedKeyValue element.
    + Automatically set key name from PKCS12 key name.
  * xmlsec-gnutls library:
    + (API/ABI breaking change) Removed dependency on xmlsec-gcrypt
      and libgcrypt libraries (including API functions) to enable
      support for different GnuTLS backends.
    + Bumped minimal GnuTLS version to 3.6.13.
    + Added support for SHA3 digests.
    + Added support for ECDSA signatures.
    + Added support for DSA-SHA256 signatures.
    + Added support for RSA PSS signatures (withtout parameters).
    + Added support for RSA PKCS 1.5 key transport.
    + Added support for AES GCM ciphers.
    + Added support for PBKDF2 derivation algorithm.
    + Added support for X509Digest element and ability to lookup keys
      using other X509Data elements.
    + Added support for DEREncodedKeyValue element.
    + Automatically set key name from PKCS12 key name.
  * xmlsec-mscng library:
    + Added support for RSA PSS signatures (withtout parameters).
    + Added support for MGF1 algorithm to RSA OAEP key transport.
    + (ABI breaking change) Added support for ECDH-ES Key Agreement algorithm.
    + Added support for ConcatKDF key and PBKDF2 derivation algorithms.
    + Added support for X509Digest element for keys and certificates
      lookup from the system stores (only SHA1 is supported).
    + Added support for DEREncodedKeyValue element.
    + Automatically set key name from PKCS12 key name.
  * xmlsec-gcrypt library:
    + In maintenance mode starting from this release.
    + Added support for SHA3 digests.
    + Added support for ECDSA signatures.
    + Added support for RSA PSS signatures (withtout parameters).
    + Added support for RSA PKCS 1.5 key transport.
    + Added support for RSA OAEP key transport including MGF1 algorithms.
  * xmlsec command line utility:
    + (API breaking change) The XMLSec command line utility is using 'strict' key
      search mode by default. To restore the old 'lax' key search mode,
      use the new '--lax-key-search' option.
    + (API breaking change) The XMLSec command line utility is no longer
      prints detailed errors by default. To restore the detailed errors,
      use the new '--verbose' option.
    + Added '--transform-binary-chunk-size' option to control transforms
      binary chunk size (increasing the chunk size should improve
      performance at the expense of memory usage.
    + Added support for loading keys through ossl-store interface.
      Also see '--privkey-openssl-store' and '--pubkey-openssl-store'
      command line options for XMLSec utility.
    + Added '--enabled-key-info-reference-uris' option to control processing of
      the the KeyInfoReference Element.
    + Added '--pbkdf2-key' option for loading PBKDF2 keys.
    + Added '--concatkdf-key' option for loading ConcatKDF keys.
    + Added '--hmac-min-out-len' option to control the min accepted HMAC Output length.
    + Added '--pubkey-openssl-engine' option to load public keys from OpenSSL engine.
    + Added '--crl-pem' and '--crl-der' options to load CRLs.
    + Added '--verify-keys' option to verify key's certificate before
      loading into Keys Manager (only supported for OpenSSL currently).
    + Enabled templatized output filenames to facilitate batch operations on
      multiple input files.

OBS-URL: https://build.opensuse.org/request/show/1102129
OBS-URL: https://build.opensuse.org/package/show/LibreOffice:Factory/xmlsec1?expand=0&rev=50
2023-08-06 07:15:43 +00:00

246 lines
7.5 KiB
RPMSpec
Raw Blame History

#
# spec file for package xmlsec1
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%{!?make_build:%global make_build make %{?_smp_mflags}}
%global libname libxmlsec1-1
%global libopenssl libxmlsec1-openssl1
%global libgcrypt libxmlsec1-gcrypt1
%global libgnutls libxmlsec1-gnutls1
%global libnss libxmlsec1-nss1
Name: xmlsec1
Version: 1.3.1
Release: 0
Summary: Library providing support for "XML Signature" and "XML Encryption" standards
License: MIT
URL: https://www.aleksey.com/xmlsec/
Source0: https://www.aleksey.com/xmlsec/download/xmlsec1-%{version}.tar.gz
Source1: https://www.aleksey.com/xmlsec/download/xmlsec1-%{version}.sig#/xmlsec1-%{version}.tar.gz.sig
Source2: %{name}.keyring
Source99: xmlsec1-rpmlintrc
BuildRequires: libgcrypt-devel
BuildRequires: libtool
# Needed certutil for tests
BuildRequires: mozilla-nss-tools
BuildRequires: pkgconfig
BuildRequires: pkgconfig(gnutls) >= 3.6.13
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(libxslt)
BuildRequires: pkgconfig(nspr)
BuildRequires: pkgconfig(nss) >= 3.35
BuildRequires: pkgconfig(openssl) >= 1.1.0
Recommends: %{libopenssl}
%description
XML Security Library is a C library based on LibXML2 and OpenSSL.
The library was created with a goal to support major XML security
standards "XML Digital Signature" and "XML Encryption".
%package -n %{libname}
Summary: Library providing support for "XML Signature" and "XML Encryption" standards
%description -n %{libname}
XML Security Library is a C library based on LibXML2 and OpenSSL.
The library was created with a goal to support major XML security
standards "XML Digital Signature" and "XML Encryption".
%package -n %{libgcrypt}
Summary: GCrypt crypto plugin for XML Security Library
Requires: %{libname} = %{version}
%description -n %{libgcrypt}
GCrypt plugin for XML Security Library provides GCrypt based crypto services
for the xmlsec library.
%package -n %{libgnutls}
Summary: GNUTls crypto plugin for XML Security Library
Requires: %{libname} = %{version}
%description -n %{libgnutls}
GNUTls plugin for XML Security Library provides GNUTls based crypto services
for the xmlsec library.
%package -n %{libnss}
Summary: NSS crypto plugin for XML Security Library
Requires: %{libname} = %{version}
%description -n %{libnss}
NSS plugin for XML Security Library provides NSS based crypto services
for the xmlsec library.
%package -n %{libopenssl}
Summary: OpenSSL crypto plugin for XML Security Library
Requires: %{libname} = %{version}
%description -n %{libopenssl}
OpenSSL plugin for XML Security Library provides OpenSSL based crypto services
for the xmlsec library.
%package devel
Summary: Libraries, includes for XML Signatures/Encryption
Requires: %{libname} = %{version}
Requires: libxml2-devel >= 2.6.0
Requires: libxslt-devel >= 1.1.0
Requires: openssl-devel >= 1.1.0
Requires: pkgconfig(zlib)
%description devel
Libraries, includes, etc. you can use to develop applications with XML Digital
Signatures and XML Encryption support.
%package openssl-devel
Summary: OpenSSL crypto plugin for XML Security Library
Requires: %{libopenssl} = %{version}
Requires: %{name}-devel = %{version}
%description openssl-devel
Libraries, includes, etc. for developing XML Security applications with OpenSSL
%package gcrypt-devel
Summary: GCrypt crypto plugin for XML Security Library
Requires: %{libgcrypt} = %{version}
Requires: %{name}-devel = %{version}
%description gcrypt-devel
Libraries, includes, etc. for developing XML Security applications with GCrypt.
%package gnutls-devel
Summary: GNUTls crypto plugin for XML Security Library
Requires: %{libgnutls} = %{version}
Requires: %{name}-devel = %{version}
Requires: %{name}-openssl-devel = %{version}
Requires: gnutls-devel >= 3.6.13
Requires: libgcrypt-devel >= 1.2.0
%description gnutls-devel
Libraries, includes, etc. for developing XML Security applications with GNUTls.
%package nss-devel
Summary: NSS crypto plugin for XML Security Library
Requires: %{libnss} = %{version}
Requires: %{name}-devel = %{version}
Requires: mozilla-nspr-devel
Requires: mozilla-nss-devel >= 3.35
%description nss-devel
Libraries, includes, etc. for developing XML Security applications with NSS.
%prep
%autosetup -p1
%build
# Allow for deprecations
export CFLAGS="-Wno-error=deprecated-declarations -Wno-error=redundant-decls"
export CXXFLAGS="-Wno-error=deprecated-declarations -Wno-error=redundant-decls"
%configure \
--disable-static \
--disable-silent-rules \
--enable-werror \
--disable-md5
%make_build
%install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
# move installed docs to include them in -devel package via %%doc magic
rm -rf __tmp_doc ; mkdir __tmp_doc
mv %{buildroot}%{_datadir}/doc/xmlsec1/* __tmp_doc
rmdir %{buildroot}%{_datadir}/doc/xmlsec1
%check
# Relax the crypto policies for the test-suite
export GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
%make_build -j1 check check-keys check-dsig check-enc
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
%post -n %{libgcrypt} -p /sbin/ldconfig
%postun -n %{libgcrypt} -p /sbin/ldconfig
%post -n %{libgnutls} -p /sbin/ldconfig
%postun -n %{libgnutls} -p /sbin/ldconfig
%post -n %{libnss} -p /sbin/ldconfig
%postun -n %{libnss} -p /sbin/ldconfig
%post -n %{libopenssl} -p /sbin/ldconfig
%postun -n %{libopenssl} -p /sbin/ldconfig
%files
%license COPYING
%doc README.md ChangeLog
%{_mandir}/man1/xmlsec1.1%{?ext_man}
%{_bindir}/xmlsec1
%files -n %{libname}
%license COPYING
%{_libdir}/libxmlsec1.so.*
%files -n %{libgcrypt}
%license COPYING
%{_libdir}/libxmlsec1-gcrypt.so.*
%{_libdir}/libxmlsec1-gcrypt.so
%files -n %{libgnutls}
%license COPYING
%{_libdir}/libxmlsec1-gnutls.so.*
%{_libdir}/libxmlsec1-gnutls.so
%files -n %{libnss}
%license COPYING
%{_libdir}/libxmlsec1-nss.so.*
%{_libdir}/libxmlsec1-nss.so
%files -n %{libopenssl}
%license COPYING
%{_libdir}/libxmlsec1-openssl.so.*
%{_libdir}/libxmlsec1-openssl.so
%files devel
%license COPYING
%doc AUTHORS ChangeLog NEWS
%doc HACKING __tmp_doc/*
%{_bindir}/xmlsec1-config
%dir %{_includedir}/xmlsec1
%dir %{_includedir}/xmlsec1/xmlsec
%{_includedir}/xmlsec1/xmlsec/*.h
%{_libdir}/libxmlsec1.so
%{_libdir}/pkgconfig/xmlsec1.pc
%{_libdir}/xmlsec1Conf.sh
%{_datadir}/aclocal/xmlsec1.m4
%{_mandir}/man1/xmlsec1-config.1%{?ext_man}
%files openssl-devel
%license COPYING
%{_includedir}/xmlsec1/xmlsec/openssl/
%{_libdir}/pkgconfig/xmlsec1-openssl.pc
%files gcrypt-devel
%license COPYING
%{_includedir}/xmlsec1/xmlsec/gcrypt/
%{_libdir}/pkgconfig/xmlsec1-gcrypt.pc
%files gnutls-devel
%license COPYING
%{_includedir}/xmlsec1/xmlsec/gnutls/
%{_libdir}/pkgconfig/xmlsec1-gnutls.pc
%files nss-devel
%license COPYING
%{_includedir}/xmlsec1/xmlsec/nss/
%{_libdir}/pkgconfig/xmlsec1-nss.pc
%changelog
Reference in New Issue View Git Blame Copy Permalink