summaryrefslogtreecommitdiff
path: root/external/xmlsec/ExternalProject_xmlsec.mk
diff options
context:
space:
mode:
Diffstat (limited to 'external/xmlsec/ExternalProject_xmlsec.mk')
-rw-r--r--external/xmlsec/ExternalProject_xmlsec.mk46
1 files changed, 32 insertions, 14 deletions
diff --git a/external/xmlsec/ExternalProject_xmlsec.mk b/external/xmlsec/ExternalProject_xmlsec.mk
index 8fb0ef56fa09..06e737c3c952 100644
--- a/external/xmlsec/ExternalProject_xmlsec.mk
+++ b/external/xmlsec/ExternalProject_xmlsec.mk
@@ -9,14 +9,22 @@
$(eval $(call gb_ExternalProject_ExternalProject,xmlsec))
-$(eval $(call gb_ExternalProject_use_external,xmlsec,libxml2))
-
-$(eval $(call gb_ExternalProject_use_external,xmlsec,nss3))
+$(eval $(call gb_ExternalProject_use_externals,xmlsec,\
+ libxml2 \
+ $(if $(ENABLE_NSS),nss3,$(if $(ENABLE_OPENSSL),openssl)) \
+))
$(eval $(call gb_ExternalProject_register_targets,xmlsec,\
build \
))
+# note: it's possible to use XSLT in XML signatures - that appears to be a
+# really bad idea from a security point of view though, because it will run
+# an XSLT script supplied as untrusted input, and XSLT implementations
+# tend to have extension functions, and some of these trivially allow
+# running arbitrary code... so investigate the situation with libxslt
+# before enabling it here; hopefully nobody uses XSLT in practice anyway.
+
ifeq ($(OS),WNT)
$(eval $(call gb_ExternalProject_use_nmake,xmlsec,build))
@@ -25,7 +33,7 @@ $(call gb_ExternalProject_get_state_target,xmlsec,build) :
$(call gb_Trace_StartRange,xmlsec,EXTERNAL)
$(call gb_ExternalProject_run,build,\
cscript /e:javascript configure.js crypto=mscng xslt=no iconv=no static=no \
- lib=$(call gb_UnpackedTarball_get_dir,libxml2)/win32/bin.msvc \
+ lib=$(gb_UnpackedTarball_workdir)/libxml2/win32/bin.msvc \
$(if $(filter TRUE,$(ENABLE_DBGUTIL)),debug=yes cruntime=/MDd) \
cflags="$(SOLARINC) -I$(WORKDIR)/UnpackedTarball/libxml2/include -I$(WORKDIR)/UnpackedTarball/icu/source/i18n -I$(WORKDIR)/UnpackedTarball/icu/source/common" \
&& nmake \
@@ -38,20 +46,30 @@ $(call gb_ExternalProject_get_state_target,xmlsec,build) :
$(call gb_Trace_StartRange,xmlsec,EXTERNAL)
$(call gb_ExternalProject_run,build,\
$(if $(filter iOS MACOSX,$(OS_FOR_BUILD)),ACLOCAL="aclocal -I $(SRCDIR)/m4/mac") \
- $(if $(filter AIX,$(OS)),ACLOCAL="aclocal -I /opt/freeware/share/aclocal") \
autoreconf \
- && ./configure \
- --with-pic --disable-shared --disable-crypto-dl --without-libxslt --without-gnutls --without-gcrypt --disable-apps --disable-docs \
+ && $(gb_RUN_CONFIGURE) ./configure \
+ --with-pic --disable-shared --disable-crypto-dl --without-libxslt --without-gnutls --without-gcrypt --disable-apps --disable-docs --disable-pedantic \
$(if $(verbose),--disable-silent-rules,--enable-silent-rules) \
- CFLAGS="$(CFLAGS) $(if $(ENABLE_OPTIMIZED),$(gb_COMPILEROPTFLAGS),$(gb_COMPILERNOOPTFLAGS)) $(if $(debug),$(gb_DEBUGINFO_FLAGS)) $(gb_VISIBILITY_FLAGS)" \
- --without-openssl \
+ $(if $(filter -fsanitize=undefined,$(CC)),CC='$(CC) -fno-sanitize=function') \
+ CFLAGS="$(CFLAGS) $(call gb_ExternalProject_get_build_flags,xmlsec) $(gb_VISIBILITY_FLAGS)" \
$(if $(filter MACOSX,$(OS)),--prefix=/@.__________________________________________________OOO) \
- $(if $(SYSTEM_NSS),,$(if $(filter MACOSX,$(OS_FOR_BUILD)),--disable-pkgconfig)) \
- $(if $(SYSTEM_NSS),,NSPR_CFLAGS="-I$(call gb_UnpackedTarball_get_dir,nss)/dist/out/include" NSPR_LIBS="-L$(call gb_UnpackedTarball_get_dir,nss)/dist/out/lib -lnspr4") \
- $(if $(SYSTEM_NSS),,NSS_CFLAGS="-I$(call gb_UnpackedTarball_get_dir,nss)/dist/public/nss" NSS_LIBS="-L$(call gb_UnpackedTarball_get_dir,nss)/dist/out/lib -lsmime3 -lnss3 -lnssutil3") \
- $(if $(CROSS_COMPILING),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)) \
+ $(if $(ENABLE_NSS), \
+ --without-openssl \
+ $(if $(SYSTEM_NSS),, \
+ $(if $(filter MACOSX,$(OS_FOR_BUILD)),--disable-pkgconfig) \
+ NSPR_CFLAGS="-I$(gb_UnpackedTarball_workdir)/nss/dist/out/include" NSPR_LIBS="-L$(gb_UnpackedTarball_workdir)/nss/dist/out/lib -lnspr4" \
+ NSS_CFLAGS="-I$(gb_UnpackedTarball_workdir)/nss/dist/public/nss" NSS_LIBS="-L$(gb_UnpackedTarball_workdir)/nss/dist/out/lib -lsmime3 -lnss3 -lnssutil3" \
+ ), \
+ $(if $(ENABLE_OPENSSL), \
+ $(if $(SYSTEM_OPENSSL),, \
+ OPENSSL_CFLAGS="-I$(gb_UnpackedTarball_workdir)/openssl/include" \
+ OPENSSL_LIBS="-L$(gb_UnpackedTarball_workdir)/openssl -lcrypto -lssl" \
+ ), \
+ --without-openssl) \
+ ) \
+ $(gb_CONFIGURE_PLATFORMS) \
$(if $(SYSBASE),CFLAGS="-I$(SYSBASE)/usr/include" \
- LDFLAGS="-L$(SYSBASE)/usr/lib $(if $(filter-out LINUX FREEBSD,$(OS)),",-Wl$(COMMA)-z$(COMMA)origin -Wl$(COMMA)-rpath$(COMMA)\\"\$$\$$ORIGIN)) \
+ LDFLAGS="$(call gb_ExternalProject_get_link_flags,xmlsec) -L$(SYSBASE)/usr/lib $(if $(filter-out LINUX FREEBSD,$(OS)),",-Wl$(COMMA)-z$(COMMA)origin -Wl$(COMMA)-rpath$(COMMA)\\"\$$\$$ORIGIN)) \
&& $(MAKE) \
)
$(call gb_Trace_EndRange,xmlsec,EXTERNAL)
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-21 06:16:53 +0000