Development #85339: lasso 2.8.2 regression build failure against libxmlsec1 1.3.3 - Lasso - Redmine Entr’ouvert

Development #85339

lasso 2.8.2 regression build failure against libxmlsec1 1.3.3

Ajouté par Rui Chen il y a 4 mois. Mis à jour il y a 11 jours.

Statut:

Résolu (à déployer)

Priorité:

Normal

Assigné à:

Benjamin Dauvergne

Catégorie:

Version cible:

Début:

05 janvier 2024

Echéance:

% réalisé:

Temps estimé:

Patch proposed:

Non

Planning:

Non

Description

Happy new year!

This is Rui, a homebrew maintainer, while we are trying to upgrade
libxmlsec1 from 1.3.2 to 1.3.3, we ran into some build failure:

```
libtool: link: clang -dynamiclib -o .libs/liblasso.3.dylib
.libs/lasso.o .libs/errors.o .libs/registry.o .libs/utils.o
.libs/logging.o .libs/key.o
-Wl,-force_load,../lasso/xml/ecp/.libs/liblasso-xml-ecp.a
-Wl,-force_load,../lasso/xml/.libs/liblasso-xml.a
-Wl,-force_load,../lasso/xml/saml-2.0/.libs/liblasso-xml-saml2.a
-Wl,-force_load,../lasso/xml/soap-1.1/.libs/liblasso-xml-soap11.a
-Wl,-force_load,../lasso/xml/dsig/.libs/liblasso-xml-dsig.a
-Wl,-force_load,../lasso/id-ff/.libs/liblasso-id-ff.a
-Wl,-force_load,../lasso/saml-2.0/.libs/liblasso-saml-20.a
-L/opt/homebrew/Cellar/lasso/2.8.2_2/lib -lz
-L/opt/homebrew/Cellar/glib/2.78.3/lib -L/opt/homebrew/opt/gettext/lib
-L/opt/homebrew/Cellar/libxml2/2.12.3/lib
-L/opt/homebrew/Cellar/openssl@3/3.2.0_1/lib
-L/opt/homebrew/Cellar/libxmlsec1/1.3.3/lib
-L/opt/homebrew/opt/openssl@3/lib -lgobject-2.0 -lglib-2.0 -lintl
-lxmlsec1-openssl -lxmlsec1 -lxslt -lxml2 -lssl -lcrypto
-install_name /opt/homebrew/Cellar/lasso/2.8.2_2/lib/liblasso.3.dylib
-compatibility_version 19 -current_version 19.2
-Wl,-exported_symbols_list,.libs/liblasso-symbols.expsym
ld: Undefined symbols:
_xmlSecCryptoAppKeyLoad, referenced from:
_lasso_get_public_key_from_pem_file in liblasso-xml.a²(tools.o)
clang: error: linker command failed with exit code 1 (use -v to see invocation)
```

This is due to the fact that `xmlSecCryptoAppKeyLoad` is now removed
in the 1.3.3 release. See this commit for details,
https://github.com/lsh123/xmlsec/commit/114f580409e076bbe7b352eb74008d818c6e3e93

Let me know if I need to provide more info.

Révisions associées

Révision 46caef81 (diff)
Ajouté par Benjamin Dauvergne il y a 11 jours

xml: fix uninitialized local variable (#85339)

Révision 1ca8e869 (diff)
Ajouté par Benjamin Dauvergne il y a 11 jours

misc: mute warning about implicit declaration of lasso_get_default_signature_method (#85339)

Révision 66c9f50f (diff)
Ajouté par Benjamin Dauvergne il y a 11 jours

xmlsec: replace xmlSecCryptoAppKeyLoad by xmlSecCryptoAppKeyLoadEx (#85339)

xmlSecCryptoAppKeyLoad was removed from libxmlsec1 in version >= 1.3.3:

(xmlsec-core) Removed previously deprecated functions, defines, etc.

xmlSecCryptoAppKeyLoadEx was introduced in libxmlsec in version 1.3.0.

Révision 21c224cf (diff)
Ajouté par Benjamin Dauvergne il y a 11 jours

xmlsec: use XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH when writing encrypted keys (#85339)

For compatibility with libxmlsec1>=1.3.0, as we do not use KeyName to
reference the wrapping key:

(API breaking change) Changed the key search to strict mode: only keys referenced by KeyInfo are used. To restore the old "lax" mode, set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx or use '--lax-key-search' option for XMLSec command line utility.

Révision 3768f1be (diff)
Ajouté par Benjamin Dauvergne il y a 11 jours

xmlsec: re-enable KeyValue nodes when reading KeyInfo descriptors (#85339)

KeyValue has been disabled in libxmlsec >= 1.3.3, as it can be a security
liability in other settings than SAML:

(xmlsec-core) Disabled KeyValue and DEREncodedKeyValue XML nodes by default. Use the '--enabled-key-data' option for the xmlsec command line utility or update the 'keyInfoCtx->enabledKeyData' parameter if you need to re-enable these nodes (also see question 3.5 in the FAQ).

Révision 49e0ea80 (diff)
Ajouté par Benjamin Dauvergne il y a 11 jours

Fix undefined macro in #if conditional (#85339)