core.git: external/xmlsec

[Miklos Vajna (via logerrit)]

 external/xmlsec/UnpackedTarball_xmlsec.mk                                    | 
   2 
 external/xmlsec/old-nss.patch.1                                              | 
  15 ----
 external/xmlsec/xmlsec-nss-Ensure-NSS-algorithms-are-initialized-754.patch.1 | 
  33 ++++++++++
 3 files changed, 35 insertions(+), 15 deletions(-)

New commits:
commit f5a8d01d381925bba6a2560aacf5ca159fc0bdea
Author:     Miklos Vajna <vmik...@collabora.com>
AuthorDate: Fri Jan 19 08:21:45 2024 +0100
Commit:     Miklos Vajna <vmik...@collabora.com>
CommitDate: Fri Jan 19 09:17:36 2024 +0100

    xmlsec: replace revert with an upstream fix
    
    The problem in the new code was that previously xmlSecNssInit() didn't
    require an already initialized NSS, but 1.3.3 did.
    
    Backport upstream fix that restores the old behavior that NSS init is
    not needed, which allows no longer reverting the
    xmlSecNssUpdateAvailableCryptoTransforms() call that upstream added
    recently.
    
    Change-Id: Ie33ccbff0149e3c406d5574e889d90da4fdbbfb5
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162292
    Reviewed-by: Miklos Vajna <vmik...@collabora.com>
    Tested-by: Jenkins

diff --git a/external/xmlsec/UnpackedTarball_xmlsec.mk 
b/external/xmlsec/UnpackedTarball_xmlsec.mk
index 77d3386b27dc..51d4f013bc0a 100644
--- a/external/xmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/xmlsec/UnpackedTarball_xmlsec.mk
@@ -10,6 +10,8 @@
 xmlsec_patches :=
 # Remove this when Ubuntu 20.04 is EOL in 2025.
 xmlsec_patches += old-nss.patch.1
+# Backport of https://github.com/lsh123/xmlsec/pull/754
+xmlsec_patches += xmlsec-nss-Ensure-NSS-algorithms-are-initialized-754.patch.1
 
 $(eval $(call gb_UnpackedTarball_UnpackedTarball,xmlsec))
 
diff --git a/external/xmlsec/old-nss.patch.1 b/external/xmlsec/old-nss.patch.1
index 19ac8ffe6c5a..0da576b59920 100644
--- a/external/xmlsec/old-nss.patch.1
+++ b/external/xmlsec/old-nss.patch.1
@@ -65,18 +65,3 @@ index bb64c5f2..4c3dc4d3 100644
  #define XMLSEC_NO_RSA_OAEP 1
  #else  /* (NSS_VMAJOR < 3) || ((NSS_VMAJOR == 3) && (NSS_VMINOR < 59)) */
  #define XMLSEC_NO_MD5 1
-diff --git a/src/nss/crypto.c b/src/nss/crypto.c
-index 6455ec72..a6c46350 100644
---- a/src/nss/crypto.c
-+++ b/src/nss/crypto.c
-@@ -546,8 +546,10 @@ xmlSecNssInit (void)  {
-     /* set default errors callback for xmlsec to us */
-     xmlSecErrorsSetCallback(xmlSecNssErrorsDefaultCallback);
- 
-+#if 0
-     /* update the avaialble algos based on NSS configs */
-     xmlSecNssUpdateAvailableCryptoTransforms(xmlSecCryptoGetFunctions_nss());
-+#endif
- 
-     /* register our klasses */
-     
if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_nss())
 < 0) {
diff --git 
a/external/xmlsec/xmlsec-nss-Ensure-NSS-algorithms-are-initialized-754.patch.1 
b/external/xmlsec/xmlsec-nss-Ensure-NSS-algorithms-are-initialized-754.patch.1
new file mode 100644
index 000000000000..bf397bfb9178
--- /dev/null
+++ 
b/external/xmlsec/xmlsec-nss-Ensure-NSS-algorithms-are-initialized-754.patch.1
@@ -0,0 +1,33 @@
+From 356fdcfaf6e126835ac3bd7f410a3fa4d4a6877b Mon Sep 17 00:00:00 2001
+From: lsh123 <alek...@aleksey.com>
+Date: Sat, 13 Jan 2024 18:07:49 -0500
+Subject: [PATCH] (xmlsec-nss) Ensure NSS algorithms are initialized (#754)
+
+---
+ src/nss/crypto.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/nss/crypto.c b/src/nss/crypto.c
+index 6455ec72..7ba0c77a 100644
+--- a/src/nss/crypto.c
++++ b/src/nss/crypto.c
+@@ -361,8 +361,16 @@ xmlSecCryptoGetFunctions_nss(void) {
+ 
+ static void
+ xmlSecNssUpdateAvailableCryptoTransforms(xmlSecCryptoDLFunctionsPtr 
functions) {
++    SECStatus rv;
+     xmlSecAssert(functions != NULL);
+ 
++    /* in theory NSS should be already initialized but just in case */
++    rv = SECOID_Init();
++    if (rv != SECSuccess) {
++        xmlSecNssError("SECOID_Init", NULL);
++        return;
++    }
++
+     /******************************* AES ********************************/
+     /* cbc */
+     if (xmlSecNssCryptoCheckAlgorithm(SEC_OID_AES_128_CBC) == 0) {
+-- 
+2.35.3
+