Bug #106375: erreur de test avec libxml 2.14 et xmlsec1 (1.3.7) - Lasso - Redmine Entr’ouvert

Actions

Copy link

Bug #106375

open

erreur de test avec libxml 2.14 et xmlsec1 (1.3.7)

Added by Frédéric Péters 9 months ago. Updated 6 months ago.

Status:

En cours

Priority:

Normal

Assignee:

Benjamin Dauvergne

Category:

Target version:

Start date:

27 May 2025

Due date:

% Done:

Estimated time:

Patch proposed:

Planning:

Description

via https://bugs.debian.org/1106675

I didn't investigate yet, maybe more a xmlsec1 issue ...

[...]
tools.c: In function 'lasso_get_public_key_from_pem_file':
tools.c:312:35: error: implicit declaration of function 
'xmlSecCryptoAppKeyLoad'; did you mean 'xmlSecCryptoAppKeyLoadEx'? 
[-Wimplicit-function-declaration]
  312 |                         pub_key = xmlSecCryptoAppKeyLoad(file,
      |                                   ^~~~~~~~~~~~~~~~~~~~~~
      |                                   xmlSecCryptoAppKeyLoadEx
tools.c:312:33: error: assignment to 'xmlSecKeyPtr' {aka 'struct 
_xmlSecKey *'} from 'int' makes pointer from integer without a cast 
[-Wint-conversion]
  312 |                         pub_key = xmlSecCryptoAppKeyLoad(file,
      |                                 ^
tools.c: In function 'lasso_get_public_key_from_private_key_file':
tools.c:381:16: error: returning 'int' from a function with return type 
'xmlSecKeyPtr' {aka 'struct _xmlSecKey *'} makes pointer from integer 
without a cast [-Wint-conversion]
  381 |         return xmlSecCryptoAppKeyLoad(private_key_file,
      |                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  382 |                         xmlSecKeyDataFormatPem, NULL, NULL, NULL);
      |                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools.c: In function 'lasso_xml_parse_memory_with_error':
tools.c:2220:9: warning: 'recovery' is deprecated 
[-Wdeprecated-declarations]
 2220 |         ctxt->recovery = 0;
      |         ^~~~
In file included from /usr/include/libxml2/libxml/tree.h:17,
                 from xml.h:37,
                 from private.h:31,
                 from tools.c:37:
/usr/include/libxml2/libxml/parser.h:377:9: note: declared here
  377 |     int recovery XML_DEPRECATED_MEMBER;
      |         ^~~~~~~~
tools.c:2235:17: warning: 'lastError' is deprecated 
[-Wdeprecated-declarations]
 2235 |                 xmlCopyError(&ctxt->lastError, error);
      |                 ^~~~~~~~~~~~
/usr/include/libxml2/libxml/parser.h:439:14: note: declared here
  439 |     xmlError lastError XML_DEPRECATED_MEMBER;
      |              ^~~~~~~~~
tools.c: In function 'xmlDetectSAX2':
tools.c:2291:17: warning: 'sax2' is deprecated [-Wdeprecated-declarations]
 2291 |                 ctxt->sax2 = 1;
      |                 ^~~~
/usr/include/libxml2/libxml/parser.h:401:9: note: declared here
  401 |     int sax2 XML_DEPRECATED_MEMBER;
      |         ^~~~
tools.c:2296:9: warning: 'str_xml' is deprecated [-Wdeprecated-declarations]
 2296 |         ctxt->str_xml = xmlDictLookup(ctxt->dict, BAD_CAST 
"xml", 3);
      |         ^~~~
/usr/include/libxml2/libxml/parser.h:392:20: note: declared here
  392 |     const xmlChar *str_xml XML_DEPRECATED_MEMBER;
      |                    ^~~~~~~
tools.c:2297:9: warning: 'str_xmlns' is deprecated 
[-Wdeprecated-declarations]
 2297 |         ctxt->str_xmlns = xmlDictLookup(ctxt->dict, BAD_CAST 
"xmlns", 5);
      |         ^~~~
/usr/include/libxml2/libxml/parser.h:393:20: note: declared here
  393 |     const xmlChar *str_xmlns XML_DEPRECATED_MEMBER;
      |                    ^~~~~~~~~
tools.c:2298:9: warning: 'str_xml_ns' is deprecated 
[-Wdeprecated-declarations]
 2298 |         ctxt->str_xml_ns = xmlDictLookup(ctxt->dict, 
XML_XML_NAMESPACE, 36);
      |         ^~~~
/usr/include/libxml2/libxml/parser.h:394:20: note: declared here
  394 |     const xmlChar *str_xml_ns XML_DEPRECATED_MEMBER;
      |                    ^~~~~~~~~~
tools.c:2299:9: warning: 'str_xml' is deprecated [-Wdeprecated-declarations]
 2299 |         if ((ctxt->str_xml==NULL) || (ctxt->str_xmlns==NULL) ||
      |         ^~
/usr/include/libxml2/libxml/parser.h:392:20: note: declared here
  392 |     const xmlChar *str_xml XML_DEPRECATED_MEMBER;
      |                    ^~~~~~~
tools.c:2299:9: warning: 'str_xmlns' is deprecated 
[-Wdeprecated-declarations]
 2299 |         if ((ctxt->str_xml==NULL) || (ctxt->str_xmlns==NULL) ||
      |         ^~
/usr/include/libxml2/libxml/parser.h:393:20: note: declared here
  393 |     const xmlChar *str_xmlns XML_DEPRECATED_MEMBER;
      |                    ^~~~~~~~~
tools.c:2300:25: warning: 'str_xml_ns' is deprecated 
[-Wdeprecated-declarations]
 2300 |                         (ctxt->str_xml_ns == NULL)) {
      |                         ^
/usr/include/libxml2/libxml/parser.h:394:20: note: declared here
  394 |     const xmlChar *str_xml_ns XML_DEPRECATED_MEMBER;
      |                    ^~~~~~~~~~
In file included from private.h:36:
tools.c: In function 'lasso_base64_decode':
tools.c:2553:50: warning: dereferencing type-punned pointer will break 
strict-aliasing rules [-Wstrict-aliasing]
 2553 |                 lasso_transfer_string(*buffer, *((char**)&out));
      |                                                 ~^~~~~~~~~~~~~
../utils.h:501:34: note: in definition of macro 'lasso_transfer_full'
  501 |                 (dest) = (void*)(src); \
      |                                  ^~~
tools.c:2553:17: note: in expansion of macro 'lasso_transfer_string'
 2553 |                 lasso_transfer_string(*buffer, *((char**)&out));
      |                 ^~~~~~~~~~~~~~~~~~~~~
tools.c:2553:50: warning: dereferencing type-punned pointer will break 
strict-aliasing rules [-Wstrict-aliasing]
 2553 |                 lasso_transfer_string(*buffer, *((char**)&out));
      |                                                 ~^~~~~~~~~~~~~
../utils.h:502:18: note: in definition of macro 'lasso_transfer_full'
  502 |                 (src) = NULL; \
      |                  ^~~
tools.c:2553:17: note: in expansion of macro 'lasso_transfer_string'
 2553 |                 lasso_transfer_string(*buffer, *((char**)&out));
      |                 ^~~~~~~~~~~~~~~~~~~~~
make[6]: *** [Makefile:796: tools.lo] Error 1
make[6]: Leaving directory '/<<PKGBUILDDIR>>/lasso/xml'

Actions

Copy link

Updated by Frédéric Péters 9 months ago

Subject changed from erreur de build avec libxml 2.14 to erreur de build avec libxml 2.14 et xmlsec1 (1.3.7)

Actions

Copy link

Updated by Frédéric Péters 8 months ago

Status changed from Nouveau to Fermé

Ok c'est noté le bug debian que ça sera corrigé via #85339.

Actions

Copy link

Updated by Frédéric Péters 8 months ago

Subject changed from erreur de build avec libxml 2.14 et xmlsec1 (1.3.7) to erreur de test avec libxml 2.14 et xmlsec1 (1.3.7)
Status changed from Fermé to Nouveau

Mais il resterait un test qui ne passe pas :

test01 (__main__.IdentityTestCase.test01)
Identity newFromDump & dump. ... ok
test01 (__main__.AttributeAuthorityTestCase.test01)
Attribute request and response test between sp5 and idp6 ... ok

======================================================================
FAIL: test08 (__main__.LoginTestCase.test08)
Verify KeyEncryptionMethod support
----------------------------------------------------------------------
Traceback (most recent call last):
  File
"/home/packages/tmp/lasso-2.8.2/bindings/python/tests/./profiles_tests.py", line
343, in test08
    assert 'xmlenc#rsa-1_5' in run()
           ^^^^^^^^^^^^^^^^^^^^^^^^^
AssertionError

----------------------------------------------------------------------
Ran 18 tests in 0.027s

FAILED (failures=1)
FAIL profiles_tests.py (exit status: 1)

Actions

Copy link

Updated by Yann Weber 8 months ago

Je ne reproduis pas en sid/experimental avec libxml2-dev 2.14.3+dfsg-0exp2 et libxmlsec1-dev 1.3.7-1 .

J'ai l'impression qu'il faudrait que je recompile des paquets, par exemple libxmlsec1-dev=1.3.7-1 et python3-lxml sont linké avec libxml 2.12

Peut être aussi que je fais fausse route dans mes tentatives de reproductions ?

Actions

Copy link

Updated by Frédéric Péters 8 months ago

Aucune idée (mais bien noter que c'est #106375#note-3 qui resterait, pas l'erreur de build de la description du ticket), cf https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106675#17

Actions

Copy link

Updated by Benjamin Dauvergne 8 months ago

Ici il faudrait éclaircir la valeur présente dans les métdonnées XmlEnc de chiffrement pour l'algo (dans le retour de run()) si ce n'est pas rsa-1_5 (je crois que c'est un algo interdits dans les versions récentes d'OpenSSL mais dans la mesure où on demande explicitement cet algo à xmlsec je ne sais pas trop ce qui se passe).

Actions

Copy link

Updated by Benjamin Dauvergne 6 months ago

J'ai compris le bug, rsa-pkcs1 ne doit effectivement pas être disponible mais dans le cas d'un chiffrement d'assertion, l'échec de chiffrement est ignoré:

# lasso/xml/saml-2.0/samlp2_response.c
static xmlNode*
get_xmlNode(LassoNode *node, gboolean lasso_dump)
{
        LassoSamlp2Response *response = LASSO_SAMLP2_RESPONSE(node);
        GList *assertions = NULL;
        GList *Assertion_save = NULL;
        LassoNode *encrypted_element = NULL;
        xmlNode *result = NULL;

        /* Encrypt Assertions for messages but not for dumps */
        if (lasso_dump == FALSE) {
                Assertion_save = response->Assertion;
                response->Assertion = NULL;
                lasso_foreach (assertions, Assertion_save) {
                        encrypted_element = lasso_assertion_encrypt(assertions->data, NULL);
                        if (encrypted_element != NULL) {
                                lasso_list_add_new_gobject(response->EncryptedAssertion, encrypted_element);
                        } else {
                                lasso_list_add_gobject(response->Assertion, assertions->data);
                        }
                }
        }

Ce qui fait qu'on a pas d'erreur propre renvoyée. Il faudrait revoir le fonctionnement de toute la chaîne autour de get_xmlNode pour permettre de renvoyer NULL et pouvoir échouer ici.

Actions

Copy link