xmlsec: replace revert with an upstream fix

The problem in the new code was that previously xmlSecNssInit() didn't require an already initialized NSS, but 1.3.3 did. Backport upstream fix that restores the old behavior that NSS init is not needed, which allows no longer reverting the xmlSecNssUpdateAvailableCryptoTransforms() call that upstream added recently. Change-Id: Ie33ccbff0149e3c406d5574e889d90da4fdbbfb5 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162292 Reviewed-by: Miklos Vajna <[email protected]> Tested-by: Jenkins
LibreOffice · Jan 19, 2024 · f5a8d01 · f5a8d01
1 parent 3f50503
commit f5a8d01
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 15 deletions.
diff --git a/external/xmlsec/UnpackedTarball_xmlsec.mk b/external/xmlsec/UnpackedTarball_xmlsec.mk
@@ -10,6 +10,8 @@
 xmlsec_patches :=
 # Remove this when Ubuntu 20.04 is EOL in 2025.
 xmlsec_patches += old-nss.patch.1
+# Backport of https://github.com/lsh123/xmlsec/pull/754
+xmlsec_patches += xmlsec-nss-Ensure-NSS-algorithms-are-initialized-754.patch.1
 
 $(eval $(call gb_UnpackedTarball_UnpackedTarball,xmlsec))
 

diff --git a/external/xmlsec/old-nss.patch.1 b/external/xmlsec/old-nss.patch.1
@@ -65,18 +65,3 @@ index bb64c5f2..4c3dc4d3 100644
  #define XMLSEC_NO_RSA_OAEP 1
  #else  /* (NSS_VMAJOR < 3) || ((NSS_VMAJOR == 3) && (NSS_VMINOR < 59)) */
  #define XMLSEC_NO_MD5 1
-diff --git a/src/nss/crypto.c b/src/nss/crypto.c
-index 6455ec72..a6c46350 100644
---- a/src/nss/crypto.c
-+++ b/src/nss/crypto.c
-@@ -546,8 +546,10 @@ xmlSecNssInit (void)  {
-     /* set default errors callback for xmlsec to us */
-     xmlSecErrorsSetCallback(xmlSecNssErrorsDefaultCallback);
-
-+#if 0
-     /* update the avaialble algos based on NSS configs */
-     xmlSecNssUpdateAvailableCryptoTransforms(xmlSecCryptoGetFunctions_nss());
-+#endif
-
-     /* register our klasses */
-     if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_nss()) < 0) {
diff --git a/external/xmlsec/xmlsec-nss-Ensure-NSS-algorithms-are-initialized-754.patch.1 b/external/xmlsec/xmlsec-nss-Ensure-NSS-algorithms-are-initialized-754.patch.1
@@ -0,0 +1,33 @@
+From 356fdcfaf6e126835ac3bd7f410a3fa4d4a6877b Mon Sep 17 00:00:00 2001
+From: lsh123 <[email protected]>
+Date: Sat, 13 Jan 2024 18:07:49 -0500
+Subject: [PATCH] (xmlsec-nss) Ensure NSS algorithms are initialized (#754)
+
+---
+ src/nss/crypto.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/nss/crypto.c b/src/nss/crypto.c
+index 6455ec72..7ba0c77a 100644
+--- a/src/nss/crypto.c
++++ b/src/nss/crypto.c
+@@ -361,8 +361,16 @@ xmlSecCryptoGetFunctions_nss(void) {
+
+ static void
+ xmlSecNssUpdateAvailableCryptoTransforms(xmlSecCryptoDLFunctionsPtr functions) {
++    SECStatus rv;
+     xmlSecAssert(functions != NULL);
+
++    /* in theory NSS should be already initialized but just in case */
++    rv = SECOID_Init();
++    if (rv != SECSuccess) {
++        xmlSecNssError("SECOID_Init", NULL);
++        return;
++    }
++
+     /******************************* AES ********************************/
+     /* cbc */
+     if (xmlSecNssCryptoCheckAlgorithm(SEC_OID_AES_128_CBC) == 0) {
+-- 
+2.35.3
+