[libreoffice] 01/01: system-xmlsec.diff is upstream
Rene Engelhard
rene at moszumanska.debian.org
Tue Jul 4 17:31:04 UTC 2017
This is an automated email from the git hooks/post-receive script.
rene pushed a commit to branch debian-experimental-5.4
in repository libreoffice.
commit 18302f4319ce3df2028af5cbe3932d94fd622639
Author: Rene Engelhard <rene at rene-engelhard.de>
Date: Tue Jul 4 19:30:26 2017 +0200
system-xmlsec.diff is upstream
---
changelog | 2 +-
patches/series | 1 -
patches/system-xmlsec.diff | 350 ---------------------------------------------
3 files changed, 1 insertion(+), 352 deletions(-)
diff --git a/changelog b/changelog
index 6bdfa1a..7cb385c 100644
--- a/changelog
+++ b/changelog
@@ -1,4 +1,4 @@
-libreoffice (1:5.4.0~rc2~git20170703-1) UNRELEASED; urgency=medium
+libreoffice (1:5.4.0~rc2~git20170704-1) UNRELEASED; urgency=medium
* New upstream snapshot
diff --git a/patches/series b/patches/series
index 2b0640e..3fec93c 100644
--- a/patches/series
+++ b/patches/series
@@ -27,7 +27,6 @@ rsc-no-error-about-unknown-switch.diff
debian-branding.diff
no-packagekit-per-default.diff
system-officeotron-and-odfvalidator.diff
-system-xmlsec.diff
no-openssl.diff
disable-sc_subsequent_filters_test-with-internal-cppunit.diff
cppunit-optional.diff
diff --git a/patches/system-xmlsec.diff b/patches/system-xmlsec.diff
deleted file mode 100644
index b11455f..0000000
--- a/patches/system-xmlsec.diff
+++ /dev/null
@@ -1,350 +0,0 @@
-From 9752eccdd06f6695ec4f173ea93cada65063d1f0 Mon Sep 17 00:00:00 2001
-From: Miklos Vajna <vmiklos at collabora.co.uk>
-Date: Tue, 20 Jun 2017 21:47:38 +0200
-Subject: xmlsecurity nss: adopt the private key of the signing certificate
- explicitly
-
-xmlsec1-customkeymanage.patch.1 of our bundled xmlsec extends
-xmlSecNssKeyDataX509VerifyAndExtractKey(), so that it calls
-xmlSecNssPKIAdoptKey() for the private key of the signing certificate.
-Make this explicit in xmlsecurity/ code, so we don't depend on the
-patched xmlSecNssKeyDataX509VerifyAndExtractKey().
-
-This is harmless for the patched xmlsec, but it prevents this error:
-
-warn:xmlsecurity.xmlsec:26221:1:xmlsecurity/source/xmlsec/errorcallback.cxx:48: keys.c:1246: xmlSecKeysMngrGetKey() '' 'xmlSecKeysMngrFindKey' 1 ' '
-warn:xmlsecurity.xmlsec:26221:1:xmlsecurity/source/xmlsec/errorcallback.cxx:48: xmldsig.c:790: xmlSecDSigCtxProcessKeyInfoNode() '' '' 45 'details=NULL'
-warn:xmlsecurity.xmlsec:26221:1:xmlsecurity/source/xmlsec/errorcallback.cxx:48: xmldsig.c:503: xmlSecDSigCtxProcessSignatureNode() '' 'xmlSecDSigCtxProcessKeyInfoNode' 1 ' '
-warn:xmlsecurity.xmlsec:26221:1:xmlsecurity/source/xmlsec/errorcallback.cxx:48: xmldsig.c:286: xmlSecDSigCtxSign() '' 'xmlSecDSigCtxSignatureProcessNode' 1 ' '
-
-when xmlsec is not patched.
-
-(This is needed, but not enough to build against system xmlsec.)
-
-Change-Id: I5d68a8be7aefcb529566213f9b9c2985eab6a80a
-Reviewed-on: https://gerrit.libreoffice.org/39023
-Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
-Tested-by: Jenkins <ci at libreoffice.org>
-
-diff --git a/xmlsecurity/inc/xmlsec-wrapper.h b/xmlsecurity/inc/xmlsec-wrapper.h
-index 3d5c24b..4a8a655 100644
---- a/xmlsecurity/inc/xmlsec-wrapper.h
-+++ b/xmlsecurity/inc/xmlsec-wrapper.h
-@@ -40,6 +40,9 @@
- #include "xmlsec/xmlenc.h"
- #include "xmlsec/xmlsec.h"
- #include "xmlsec/xmltree.h"
-+#ifdef XMLSEC_CRYPTO_NSS
-+#include "xmlsec/nss/pkikeys.h"
-+#endif
-
- #endif
-
-diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
-index 959e62c..a5b2901 100644
---- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
-+++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
-@@ -474,6 +474,9 @@ Reference< XCertificate > SecurityEnvironment_NssImpl::getCertificate( const OUS
- }
-
- Sequence< Reference < XCertificate > > SecurityEnvironment_NssImpl::buildCertificatePath( const Reference< XCertificate >& begin ) {
-+ // Remember the signing certificate.
-+ m_xSigningCertificate = begin;
-+
- const X509Certificate_NssImpl* xcert ;
- const CERTCertificate* cert ;
- CERTCertList* certChain ;
-@@ -881,19 +884,8 @@ X509Certificate_NssImpl* NssPrivKeyToXCert( SECKEYPrivateKey* priKey )
- return xcert ;
- }
-
--
--/* Native methods */
- xmlSecKeysMngrPtr SecurityEnvironment_NssImpl::createKeysManager() {
-
-- unsigned int i ;
-- CERTCertDBHandle* handler = nullptr ;
-- PK11SymKey* symKey = nullptr ;
-- SECKEYPublicKey* pubKey = nullptr ;
-- SECKEYPrivateKey* priKey = nullptr ;
-- xmlSecKeysMngrPtr pKeysMngr = nullptr ;
--
-- handler = m_pHandler;
--
- /*-
- * The following lines is based on the private version of xmlSec-NSS
- * crypto engine
-@@ -905,14 +897,15 @@ xmlSecKeysMngrPtr SecurityEnvironment_NssImpl::createKeysManager() {
- for (CIT_SLOTS islots = m_Slots.begin();islots != m_Slots.end(); ++islots, ++count)
- slots[count] = *islots;
-
-- pKeysMngr = xmlSecNssAppliedKeysMngrCreate(slots, cSlots, handler ) ;
-+ xmlSecKeysMngrPtr pKeysMngr = xmlSecNssAppliedKeysMngrCreate(slots, cSlots, m_pHandler ) ;
- if( pKeysMngr == nullptr )
- throw RuntimeException() ;
-
- /*-
- * Adopt symmetric key into keys manager
- */
-- for( i = 0 ; ( symKey = this->getSymKey( i ) ) != nullptr ; i ++ ) {
-+ PK11SymKey* symKey = nullptr ;
-+ for( unsigned int i = 0 ; ( symKey = this->getSymKey( i ) ) != nullptr ; i ++ ) {
- if( xmlSecNssAppliedKeysMngrSymKeyLoad( pKeysMngr, symKey ) < 0 ) {
- throw RuntimeException() ;
- }
-@@ -921,7 +914,8 @@ xmlSecKeysMngrPtr SecurityEnvironment_NssImpl::createKeysManager() {
- /*-
- * Adopt asymmetric public key into keys manager
- */
-- for( i = 0 ; ( pubKey = this->getPubKey( i ) ) != nullptr ; i ++ ) {
-+ SECKEYPublicKey* pubKey = nullptr ;
-+ for( unsigned int i = 0 ; ( pubKey = this->getPubKey( i ) ) != nullptr ; i ++ ) {
- if( xmlSecNssAppliedKeysMngrPubKeyLoad( pKeysMngr, pubKey ) < 0 ) {
- throw RuntimeException() ;
- }
-@@ -930,11 +924,26 @@ xmlSecKeysMngrPtr SecurityEnvironment_NssImpl::createKeysManager() {
- /*-
- * Adopt asymmetric private key into keys manager
- */
-- for( i = 0 ; ( priKey = this->getPriKey( i ) ) != nullptr ; i ++ ) {
-+ SECKEYPrivateKey* priKey = nullptr ;
-+ for( unsigned int i = 0 ; ( priKey = this->getPriKey( i ) ) != nullptr ; i ++ ) {
- if( xmlSecNssAppliedKeysMngrPriKeyLoad( pKeysMngr, priKey ) < 0 ) {
- throw RuntimeException() ;
- }
- }
-+
-+ // Adopt the private key of the signing certificate, if it has any.
-+ if (auto pCertificate = dynamic_cast<X509Certificate_NssImpl*>(m_xSigningCertificate.get()))
-+ {
-+ if (auto pCERTCertificate = const_cast<CERTCertificate*>(pCertificate->getNssCert()))
-+ {
-+ SECKEYPrivateKey* pPrivateKey = PK11_FindPrivateKeyFromCert(pCERTCertificate->slot, pCERTCertificate, nullptr);
-+ xmlSecKeyDataPtr pKeyData = xmlSecNssPKIAdoptKey(pPrivateKey, nullptr);
-+ xmlSecKeyPtr pKey = xmlSecKeyCreate();
-+ xmlSecKeySetValue(pKey, pKeyData);
-+ xmlSecNssAppDefaultKeysMngrAdoptKey(pKeysMngr, pKey);
-+ }
-+ }
-+
- return pKeysMngr ;
- }
- void SecurityEnvironment_NssImpl::destroyKeysManager(xmlSecKeysMngrPtr pKeysMngr) {
-diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx
-index 5b0e892..46aba7b 100644
---- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx
-+++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx
-@@ -54,6 +54,8 @@ private:
-
- std::list< PK11SlotInfo* > m_Slots;
- typedef std::list< PK11SlotInfo* >::const_iterator CIT_SLOTS;
-+ /// The last used certificate which has the private key for signing.
-+ css::uno::Reference<css::security::XCertificate> m_xSigningCertificate;
-
- osl::Mutex m_mutex;
-
---
-cgit v0.10.2
-
-From ab50f0b08b22af1e60a0b6ce5e7e8e7d1f665216 Mon Sep 17 00:00:00 2001
-From: Miklos Vajna <vmiklos at collabora.co.uk>
-Date: Wed, 21 Jun 2017 21:59:11 +0200
-Subject: xmlsecurity: implement support for building against system-xmlsec
-
-The only remaining difference is that in the system-xmlsec case we work
-with the default key manager, not with the one that's only added by our
-xmlsec patches.
-
-This works for me for the uses I know of (see
-<https://lists.freedesktop.org/archives/libreoffice/2017-February/076947.html>
-for the motivation): signing and verifying of different signatures (bad
-signature, good with non-trusted CA, good with trusted CA) with
-software-based certificates all behave as expected.
-
-Change-Id: If3f3e2b8373ab7397db3f98070a5a2ce51fa7c06
-Reviewed-on: https://gerrit.libreoffice.org/39075
-Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
-Tested-by: Jenkins <ci at libreoffice.org>
-
-diff --git a/Repository.mk b/Repository.mk
-index 1b133d4..611240f 100644
---- a/Repository.mk
-+++ b/Repository.mk
-@@ -917,7 +917,6 @@ $(eval $(call gb_Helper_register_packages_for_install,ooo,\
- wizards_basicsrvtools \
- wizards_basicsrvtutorials \
- wizards_basicusr \
-- xmlsec \
- $(if $(ENABLE_HEADLESS),, \
- chart2_opengl_shader \
- ) \
-diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk
-index b821955..67c07834 100644
---- a/RepositoryExternal.mk
-+++ b/RepositoryExternal.mk
-@@ -921,6 +921,34 @@ endef
- endif # SYSTEM_LIBXSLT
-
-
-+ifneq ($(SYSTEM_XMLSEC),)
-+
-+define gb_LinkTarget__use_xmlsec
-+$(call gb_LinkTarget_add_defs,$(1),\
-+ -DSYSTEM_XMLSEC \
-+)
-+$(call gb_LinkTarget_set_include,$(1),\
-+ $$(INCLUDE) \
-+ $(XMLSEC_CFLAGS) \
-+)
-+$(call gb_LinkTarget_add_libs,$(1),$(XMLSEC_LIBS))
-+
-+endef
-+
-+gb_ExternalProject__use_xmlsec:=
-+
-+else # !SYSTEM_XMLSEC
-+
-+$(eval $(call gb_Helper_register_packages_for_install,ooo,\
-+ xmlsec \
-+))
-+
-+define gb_LinkTarget__use_xmlsec
-+
-+endef
-+
-+endif # SYSTEM_XMLSEC
-+
- ifneq ($(SYSTEM_LIBLANGTAG),)
-
- define gb_LinkTarget__use_liblangtag
-diff --git a/config_host.mk.in b/config_host.mk.in
-index 5bce0b3..2643035 100644
---- a/config_host.mk.in
-+++ b/config_host.mk.in
-@@ -557,6 +557,7 @@ export SYSTEM_VISIO=@SYSTEM_VISIO@
- export SYSTEM_WPD=@SYSTEM_WPD@
- export SYSTEM_WPG=@SYSTEM_WPG@
- export SYSTEM_WPS=@SYSTEM_WPS@
-+export SYSTEM_XMLSEC=@SYSTEM_XMLSEC@
- export SYSTEM_ZLIB=@SYSTEM_ZLIB@
- export SYSTEM_ZMF=@SYSTEM_ZMF@
- export TARFILE_LOCATION=@TARFILE_LOCATION@
-@@ -611,6 +612,8 @@ export XCODE_ARCHS=@XCODE_ARCHS@
- export XCODEBUILD_SDK=@XCODEBUILD_SDK@
- export XINERAMA_LINK=@XINERAMA_LINK@
- export XMLLINT=@XMLLINT@
-+export XMLSEC_CFLAGS=$(gb_SPACE)@XMLSEC_CFLAGS@
-+export XMLSEC_LIBS=$(gb_SPACE)@XMLSEC_LIBS@
- export XRANDR_CFLAGS=$(gb_SPACE)@XRANDR_CFLAGS@
- export XRANDR_LIBS=$(gb_SPACE)@XRANDR_LIBS@
- export XRENDER_CFLAGS=$(gb_SPACE)@XRENDER_CFLAGS@
-diff --git a/configure.ac b/configure.ac
-index 10abbcc..60c4a91 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -7683,6 +7683,11 @@ dnl Check for system expat
- dnl ===================================================================
- libo_CHECK_SYSTEM_MODULE([expat], [EXPAT], [expat])
-
-+dnl ===================================================================
-+dnl Check for system xmlsec
-+dnl ===================================================================
-+libo_CHECK_SYSTEM_MODULE([xmlsec], [XMLSEC], [xmlsec1-nss >= 1.2.24])
-+
- AC_MSG_CHECKING([whether to enable Embedded OpenType support])
- if test "$_os" != "WINNT" -a "$_os" != "Darwin" -a "$enable_eot" = "yes"; then
- ENABLE_EOT="TRUE"
-diff --git a/external/Module_external.mk b/external/Module_external.mk
-index 2de9c09..2f537353 100644
---- a/external/Module_external.mk
-+++ b/external/Module_external.mk
-@@ -14,7 +14,7 @@ $(eval $(call gb_Module_add_moduledir,external,msc-externals))
- endif
-
- $(eval $(call gb_Module_add_moduledirs,external,\
-- $(if $(filter-out IOS,$(OS)),libxmlsec) \
-+ $(if $(filter-out IOS,$(OS)),$(call gb_Helper_optional,XMLSEC,libxmlsec)) \
- $(call gb_Helper_optional,ABW,libabw) \
- $(call gb_Helper_optional,APACHE_COMMONS,apache-commons) \
- $(call gb_Helper_optional,APR,apr) \
-diff --git a/xmlsecurity/Library_xsec_xmlsec.mk b/xmlsecurity/Library_xsec_xmlsec.mk
-index d35bc84..41f6d81 100644
---- a/xmlsecurity/Library_xsec_xmlsec.mk
-+++ b/xmlsecurity/Library_xsec_xmlsec.mk
-@@ -46,12 +46,16 @@ $(eval $(call gb_Library_use_libraries,xsec_xmlsec,\
- xo \
- ))
-
-+ifeq ($(SYSTEM_XMLSEC),)
- $(eval $(call gb_Library_use_packages,xsec_xmlsec,\
- xmlsec \
- ))
-+endif
-+
- $(eval $(call gb_Library_use_externals,xsec_xmlsec,\
- boost_headers \
- libxml2 \
-+ xmlsec \
- nss3 \
- ))
- ifneq ($(filter-out WNT MACOSX ANDROID IOS,$(OS)),)
-@@ -128,12 +132,16 @@ $(eval $(call gb_Library_add_libs,xsec_xmlsec,\
- $(call gb_UnpackedTarball_get_dir,xmlsec)/src/.libs/libxmlsec1.a \
- ))
- else
-+
-+ifeq ($(SYSTEM_XMLSEC),)
- $(eval $(call gb_Library_add_libs,xsec_xmlsec,\
- $(call gb_UnpackedTarball_get_dir,xmlsec)/src/nss/.libs/libxmlsec1-nss.a \
- $(call gb_UnpackedTarball_get_dir,xmlsec)/src/.libs/libxmlsec1.a \
- ))
- endif
-
-+endif
-+
- $(eval $(call gb_Library_use_externals,xsec_xmlsec,\
- plc4 \
- ))
-diff --git a/xmlsecurity/inc/xmlsec-wrapper.h b/xmlsecurity/inc/xmlsec-wrapper.h
-index 4a8a655..6047d51 100644
---- a/xmlsecurity/inc/xmlsec-wrapper.h
-+++ b/xmlsecurity/inc/xmlsec-wrapper.h
-@@ -25,7 +25,7 @@
- #include <sal/types.h>
-
- // Cf. xmlsec's configure.in (but which isn't used for MSVC):
--#if !defined _MSC_VER && SAL_TYPES_SIZEOFPOINTER != 4
-+#if !defined _MSC_VER && SAL_TYPES_SIZEOFPOINTER != 4 && !defined SYSTEM_XMLSEC
- #define XMLSEC_NO_SIZE_T
- #endif
-
-diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
-index a5b2901..5273c1c 100644
---- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
-+++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
-@@ -897,6 +897,7 @@ xmlSecKeysMngrPtr SecurityEnvironment_NssImpl::createKeysManager() {
- for (CIT_SLOTS islots = m_Slots.begin();islots != m_Slots.end(); ++islots, ++count)
- slots[count] = *islots;
-
-+#ifndef SYSTEM_XMLSEC
- xmlSecKeysMngrPtr pKeysMngr = xmlSecNssAppliedKeysMngrCreate(slots, cSlots, m_pHandler ) ;
- if( pKeysMngr == nullptr )
- throw RuntimeException() ;
-@@ -930,6 +931,14 @@ xmlSecKeysMngrPtr SecurityEnvironment_NssImpl::createKeysManager() {
- throw RuntimeException() ;
- }
- }
-+#else // SYSTEM_XMLSEC
-+ xmlSecKeysMngrPtr pKeysMngr = xmlSecKeysMngrCreate();
-+ if (!pKeysMngr)
-+ throw RuntimeException();
-+
-+ if (xmlSecNssAppDefaultKeysMngrInit(pKeysMngr) < 0)
-+ throw RuntimeException();
-+#endif // SYSTEM_XMLSEC
-
- // Adopt the private key of the signing certificate, if it has any.
- if (auto pCertificate = dynamic_cast<X509Certificate_NssImpl*>(m_xSigningCertificate.get()))
---
-cgit v0.10.2
-
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openoffice/libreoffice.git
More information about the Pkg-openoffice-commits
mailing list