.gitignore

@@ -1 +1 @@
-SOURCES/xmlsec1-1.2.25.tar.gz
+SOURCES/xmlsec1-1.2.29.tar.gz

.xmlsec1.metadata

@@ -1 +1 @@
-0ef1117b8d11da475fd8d842a1341c675e627ab9 SOURCES/xmlsec1-1.2.25.tar.gz
+dff1279c410817bf0fe5d3b7444fb72d5ad6b021 SOURCES/xmlsec1-1.2.29.tar.gz

SOURCES/0001-resource-leaks.patch

@@ -1,88 +0,0 @@
-diff -up xmlsec1-1.2.25/src/c14n.c.orig xmlsec1-1.2.25/src/c14n.c
---- xmlsec1-1.2.25/src/c14n.c.orig	2017-09-12 15:21:09.000000000 +0200
-+++ xmlsec1-1.2.25/src/c14n.c	2024-05-14 09:55:35.800202266 +0200
-@@ -228,7 +228,10 @@ xmlSecTransformC14NPushXml(xmlSecTransfo
-     /* we are using a semi-hack here: we know that xmlSecPtrList keeps
-      * all pointers in the big array */
-     nsList = xmlSecTransformC14NGetNsList(transform);
--    xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1);
-+    if (! xmlSecPtrListCheckId(nsList, xmlSecStringListId)) {
-+        xmlOutputBufferClose(buf);
-+        xmlSecAssert2(0, -1);
-+    };
- 
-     ret = xmlSecTransformC14NExecute(transform->id, nodes, (xmlChar**)(nsList->data), buf);
-     if(ret < 0) {
-@@ -292,7 +295,10 @@ xmlSecTransformC14NPopBin(xmlSecTransfor
-         /* we are using a semi-hack here: we know that xmlSecPtrList keeps
-          * all pointers in the big array */
-         nsList = xmlSecTransformC14NGetNsList(transform);
--        xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1);
-+        if (! xmlSecPtrListCheckId(nsList, xmlSecStringListId)) {
-+            xmlOutputBufferClose(buf);
-+            xmlSecAssert2(0, -1);
-+        }
- 
-         ret = xmlSecTransformC14NExecute(transform->id, transform->inNodes, (xmlChar**)(nsList->data), buf);
-         if(ret < 0) {
-@@ -732,4 +738,3 @@ xmlSecTransformId
- xmlSecTransformRemoveXmlTagsC14NGetKlass(void) {
-     return(&xmlSecTransformRemoveXmlTagsC14NKlass);
- }
--
-diff -up xmlsec1-1.2.25/src/gcrypt/asymkeys.c.orig xmlsec1-1.2.25/src/gcrypt/asymkeys.c
---- xmlsec1-1.2.25/src/gcrypt/asymkeys.c.orig	2017-09-12 15:21:09.000000000 +0200
-+++ xmlsec1-1.2.25/src/gcrypt/asymkeys.c	2024-05-14 09:55:35.801202265 +0200
-@@ -186,6 +186,9 @@ xmlSecGCryptAsymKeyDataAdoptKey(xmlSecKe
-     pub_key = NULL; /* data owns it now */
-     priv_key = NULL; /* data owns it now */
- 
-+    /* Adopt functions assume ownership thus the caller would expect this to be released */
-+    gcry_sexp_release(key_pair);
-+
-     /* success */
-     res = 0;
- 
-diff -up xmlsec1-1.2.25/src/parser.c.orig xmlsec1-1.2.25/src/parser.c
---- xmlsec1-1.2.25/src/parser.c.orig	2017-09-12 15:21:09.000000000 +0200
-+++ xmlsec1-1.2.25/src/parser.c	2024-05-14 09:55:35.802202264 +0200
-@@ -354,7 +354,6 @@ xmlDocPtr
- xmlSecParseFile(const char *filename) {
-     xmlParserCtxtPtr ctxt;
-     xmlDocPtr res = NULL;
--    char *directory = NULL;
-     int ret;
- 
-     xmlSecAssert2(filename != NULL, NULL);
-@@ -371,23 +370,15 @@ xmlSecParseFile(const char *filename) {
-     /* crashes on x64 xmlCtxtUseOptions (ctxt, XML_PARSE_HUGE); */
- 
-     /* todo: set directories from current doc? */
--    if ((ctxt->directory == NULL) && (directory == NULL)) {
--        directory = xmlParserGetDirectory(filename);
--        if(directory == NULL) {
-+    if (ctxt->directory == NULL) {
-+        ctxt->directory = xmlParserGetDirectory(filename);
-+        if(ctxt->directory == NULL) {
-             xmlSecXmlError2("xmlParserGetDirectory", NULL,
-                             "filename=%s", xmlSecErrorsSafeString(filename));
-             xmlFreeParserCtxt(ctxt);
-             return(NULL);
-         }
-     }
--    if ((ctxt->directory == NULL) && (directory != NULL)) {
--        ctxt->directory = (char *) xmlStrdup(BAD_CAST directory);
--        if(ctxt->directory == NULL) {
--            xmlSecStrdupError(BAD_CAST directory, NULL);
--            xmlFreeParserCtxt(ctxt);
--            return(NULL);
--        }
--    }
- 
-     /* required for c14n! */
-     ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
-@@ -547,4 +538,3 @@ xmlSecParseMemory(const xmlSecByte *buff
-     xmlFreeParserCtxt(ctxt);
-     return(res);
- }
--

SOURCES/xmlSecOpenSSLX509DataNodeRead-error.patch

@@ -1,55 +0,0 @@
-Please see this bug report for full details:
-https://github.com/lsh123/xmlsec/issues/164
-
-commit e303e077fb3e13654ba711b2816ff1a94247338b
-Author: lsh123 <aleksey@aleksey.com>
-Date:   Wed Apr 11 17:13:43 2018 -1000
-
-    Add missing return(-1). (#165)
-    
-    Fixed issue #164. All other crypto libraries are ok.
-
-diff --git a/src/openssl/x509.c b/src/openssl/x509.c
-index 15fe70db..b98e62d1 100644
---- a/src/openssl/x509.c
-+++ b/src/openssl/x509.c
-@@ -870,6 +870,7 @@ xmlSecOpenSSLX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI
-                 xmlSecInternalError2("xmlSecOpenSSLX509CertificateNodeRead",
-                                      xmlSecKeyDataGetName(data),
-                                      "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
-+                return(-1);
-             }
-         } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
-             ret = xmlSecOpenSSLX509SubjectNameNodeRead(data, cur, keyInfoCtx);
-@@ -877,6 +878,7 @@ xmlSecOpenSSLX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI
-                 xmlSecInternalError2("xmlSecOpenSSLX509SubjectNameNodeRead",
-                                      xmlSecKeyDataGetName(data),
-                                      "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
-+                return(-1);
-             }
-         } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
-             ret = xmlSecOpenSSLX509IssuerSerialNodeRead(data, cur, keyInfoCtx);
-@@ -884,6 +886,7 @@ xmlSecOpenSSLX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI
-                 xmlSecInternalError2("xmlSecOpenSSLX509IssuerSerialNodeRead",
-                                      xmlSecKeyDataGetName(data),
-                                      "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
-+                return(-1);
-             }
-         } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
-             ret = xmlSecOpenSSLX509SKINodeRead(data, cur, keyInfoCtx);
-@@ -891,6 +894,7 @@ xmlSecOpenSSLX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI
-                 xmlSecInternalError2("xmlSecOpenSSLX509SKINodeRead",
-                                      xmlSecKeyDataGetName(data),
-                                      "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
-+                return(-1);
-             }
-         } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
-             ret = xmlSecOpenSSLX509CRLNodeRead(data, cur, keyInfoCtx);
-@@ -898,6 +902,7 @@ xmlSecOpenSSLX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI
-                 xmlSecInternalError2("xmlSecOpenSSLX509CRLNodeRead",
-                                      xmlSecKeyDataGetName(data),
-                                      "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
-+                return(-1);
-             }
-         } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) {
-             /* laxi schema validation: ignore unknown nodes */

SPECS/xmlsec1.spec

@@ -1,10 +1,11 @@
 Summary: Library providing support for "XML Signature" and "XML Encryption" standards
 Name: xmlsec1
-Version: 1.2.25
-Release: 8%{?dist}%{?extra_release}
+Version: 1.2.29
+Release: 9%{?dist}%{?extra_release}
 License: MIT
-Source0: http://www.aleksey.com/xmlsec/download/xmlsec1-%{version}.tar.gz
+Source0: https://www.aleksey.com/xmlsec/download/xmlsec1-%{version}.tar.gz
 URL: http://www.aleksey.com/xmlsec/
+BuildRequires: make
 BuildRequires: pkgconfig(libxml-2.0) >= 2.8.0
 BuildRequires: pkgconfig(libxslt) >= 1.0.20
 BuildRequires: pkgconfig(openssl) >= 1.0.0
@@ -18,8 +19,6 @@ BuildRequires: autoconf
 BuildRequires: automake
 BuildRequires: gettext-devel
 BuildRequires: libtool
-Patch0: 0001-resource-leaks.patch
-Patch1: xmlSecOpenSSLX509DataNodeRead-error.patch
 
 %description
 XML Security Library is a C library based on LibXML2  and OpenSSL.
@@ -70,7 +69,6 @@ Libraries, includes, etc. for developing XML Security applications with GCrypt.
 %package gnutls
 Summary: GNUTls crypto plugin for XML Security Library
 Requires: xmlsec1%{?_isa} = %{version}-%{release}
-Requires: xmlsec1-gcrypt%{?_isa} = %{version}-%{release}
 
 %description gnutls
 GNUTls plugin for XML Security Library provides GNUTls based crypto services
@@ -103,11 +101,11 @@ Requires: xmlsec1-nss%{?_isa} = %{version}-%{release}
 Libraries, includes, etc. for developing XML Security applications with NSS.
 
 %prep
-%autosetup -p1
+%setup -q
 
 %build
 autoreconf -vfi
-%configure --disable-static
+%configure --disable-static --disable-md5 --disable-sha1
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
 sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 %make_build V=1
@@ -137,9 +135,7 @@ mv %{buildroot}%{_docdir}/xmlsec1/* __tmp_doc
 %{_bindir}/xmlsec1-config
 %dir %{_includedir}/xmlsec1
 %dir %{_includedir}/xmlsec1/xmlsec
-%dir %{_includedir}/xmlsec1/xmlsec/private
 %{_includedir}/xmlsec1/xmlsec/*.h
-%{_includedir}/xmlsec1/xmlsec/private/*.h
 %{_libdir}/libxmlsec1.so
 %{_libdir}/pkgconfig/xmlsec1.pc
 %{_libdir}/xmlsec1Conf.sh
@@ -180,21 +176,49 @@ mv %{buildroot}%{_docdir}/xmlsec1/* __tmp_doc
 %{_libdir}/pkgconfig/xmlsec1-nss.pc
 
 %changelog
-* Fri May 31 2024 Tomas Halman <thalman@redhat.com> - 1.2.25-8
-- Add gating tests
-  Related: RHEL-36185
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.29-9
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
 
-* Mon May 20 2024 Tomas Halman <thalman@redhat.com> - 1.2.25-7
-- Fix adopt function the same way as in upstream
-  Related: RHEL-36185
+* Wed Jul 28 2021 Florian Weimer <fweimer@redhat.com> - 1.2.29-8
+- Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097)
 
-* Fri May 17 2024 Tomas Halman <thalman@redhat.com> - 1.2.25-6
-- Add xmlsec1-gnutls dependency on xmlsec1-gcrypt
-  Related: RHEL-36185
+* Thu Jun 17 2021 Jakub Hrozek <jhrozek@redhat.com> - 1.2.29-7
+- compile without sha1 and md5
+- Resolves: rhbz#1936682 - xmlsec1 implements and/or uses the deprecated
+                           SHA-1 algorithm by default
 
-* Mon May 13 2024 Tomas Halman <thalman@redhat.com> - 1.2.25-5
-- Fix memory leaks found by SAST
-  Resolves: RHEL-36185
+* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.29-6
+- Rebuilt for RHEL 9 BETA for openssl 3.0
+  Related: rhbz#1971065
+
+* Thu Jun  3 2021 Jakub Hrozek <jhrozek@redhat.com> - 1.2.29-5
+- Rebuilt for OpenSSL3
+- Related: rhbz#1962052 - lasso: Port to OpenSSL 3.0
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.29-4
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Thu Jan 28 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.29-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.29-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jan 29 2020 Caolán McNamara <caolanm@redhat.com> - 1.2.29-1
+- New upstream release
+
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.27-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.27-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Tue Oct 23 2018 Simo Sorce <simo@redhat.com> - 1.2.27-1
+- New upstream release
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.25-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
 * Thu Apr 12 2018 John Dennis <jdennis@redhat.com> - 1.2.25-4
 - Resolves: rhbz#1566748