Any attempt to run xmlsec1 command line tool fails, due to failure to load its backend at runtime, even if installed, ie: $ xmlsec1 --verify file.xml func=xmlSecCryptoDLLibraryCreate:file=dl.c:line=138:obj=unknown:subj=lt_dlopenext:error=7:io function failed:name="libxmlsec1-openssl"; errno=2 func=xmlSecCryptoDLGetLibraryFunctions:file=dl.c:line=469:obj=unknown:subj=xmlSecCryptoDLLibraryCreate:error=1:xmlsec library function failed:crypto=openssl func=xmlSecCryptoDLLoadLibrary:file=dl.c:line=428:obj=unknown:subj=xmlSecCryptoDLGetLibraryFunctions:error=1:xmlsec library function failed: Error: unable to load xmlsec-openssl library. Make sure that you have this it installed, check shared libraries path (LD_LIBRARY_PATH) environment variable or use "--crypto" option to specify different crypto engine. Error: initialization failed Just shipping the unversioned .so file in the backend package (for instance, libxmlsec1-openssl.so for lib64xmlsec1-openssl1) is enough to fix the issue. Automated dependencies should also get corrected, as shipping an unversioned .so file automatically triggers a dependency on devel(libxmlsec1(64bit)) package, unrequired here.
Thank you for the report. I do not currently have a Cauldron system, but for M9: $ urpmq --requires xmlsec1 ... libxml2.so.2()(64bit) libxml2.so.2(LIBXML2_2.4.30)(64bit) libxmlsec1.so.1()(64bit) libxslt.so.1()(64bit) libxslt.so.1(LIBXML2_1.0.11)(64bit) libxslt.so.1(LIBXML2_1.0.22)(64bit) lib64xmlsec1-openssl1 is part of the xmlsec1 SRPM. $ urpmq --whatrequires lib64xmlsec1-openssl1 lib64openscap-engine-sce25 lib64openscap25 lib64xmlsec1-devel Assigning to DavidG who mostly deals with this.
Assignee: bugsquad => geiger.david68210Source RPM: xmlsec1 => xmlsec1, l
Source RPM: xmlsec1, l => xmlsec1-1.2.37-1.mga9.src.rpm
Should be fixed first for cauldron in next xmlsec1-1.2.37-2.mga10 update! Please test it! Normally now xmlsec1 auto-require lib(64)xmlsec1-openssl1 and run without error like: "unable to load xmlsec-openssl library"
Assigning to QA, Packages in 9/Core/Updates_testing: ====================== xmlsec1-1.2.37-1.1.mga9 lib64xmlsec1-gcrypt1-1.2.37-1.1.mga9 lib64xmlsec1-nss1-1.2.37-1.1.mga9 lib64xmlsec1-gnutls1-1.2.37-1.1.mga9 lib64xmlsec1-openssl1-1.2.37-1.1.mga9 lib64xmlsec1_1-1.2.37-1.1.mga9 lib64xmlsec1-devel-1.2.37-1.1.mga9 libxmlsec1-gcrypt1-1.2.37-1.1.mga9 libxmlsec1-nss1-1.2.37-1.1.mga9 libxmlsec1-gnutls1-1.2.37-1.1.mga9 libxmlsec1-openssl1-1.2.37-1.1.mga9 libxmlsec1_1-1.2.37-1.1.mga9 libxmlsec1-devel-1.2.37-1.1.mga9 From SRPMS: xmlsec1-1.2.37-1.1.mga9.src.rpm
Assignee: geiger.david68210 => qa-bugsVersion: Cauldron => 9
Advisory from comment based on comment 3 and the changelog message added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"
CC: (none) => marja11Keywords: (none) => advisory
MGA9-64 Xfce on Acer Aspire 5253 No installation issues. Tried different files from the installation or from https://www.w3schools.com/xml/xml_examples.asp, but all give the same result: $ xmlsec1 --verify cd_catalog.xml Error: failed to find default node with name="Signature" Error: failed to load document "cd_catalog.xml" ERROR SignedInfo References (ok/all): 0/0 Manifests References (ok/all): 0/0 Error: failed to verify file "cd_catalog.xml" but at least the error from above does not occur, don't know what to think of it.
CC: (none) => herman.viaene
Mageia9, x86_64 Before updating: $ xmlsec1 --verify channels.xspf func=xmlSecCryptoDLLibraryCreate:file=dl.c:line=138:obj=unknown:subj=lt_dlopenext:error=7:io function failed:name="libxmlsec1-openssl"; errno=2 func=xmlSecCryptoDLGetLibraryFunctions:file=dl.c:line=469:obj=unknown:subj=xmlSecCryptoDLLibraryCreate:error=1:xmlsec library function failed:crypto=openssl func=xmlSecCryptoDLLoadLibrary:file=dl.c:line=428:obj=unknown:subj=xmlSecCryptoDLGetLibraryFunctions:error=1:xmlsec library function failed: Error: unable to load xmlsec-openssl library. Make sure that you have this it installed, check shared libraries path (LD_LIBRARY_PATH) environment variable or use "--crypto" option to specify different crypto engine. Error: initialization failed Note that that file passed the xmllint test a while ago. After update: Backing up Herman's result using the plant catalogue file. $ xmlsec1 --verify ~/Downloads/plant_catalog.xml Error: failed to find default node with name="Signature" Error: failed to load document "/home/lcl/Downloads/plant_catalog.xml" ERROR SignedInfo References (ok/all): 0/0 Manifests References (ok/all): 0/0 Error: failed to verify file "/home/lcl/Downloads/plant_catalog.xml"
CC: (none) => tarazed25
Whiteboard: (none) => feedback
Whiteboard: feedback => (none)Keywords: (none) => feedback
Keywords: feedback => NEEDHELP
In the first case, the cryptographic engine can't be loaded at runtime, and make the application crash. That's the actual issue. Ine the second case, the application works correctly, and just tells you it can't verify the signature, because the file is not signed. If you really want to test a signed file, you may use any of those SAML metadata file: https://metadata.federation.renater.fr/test/preview/ You will still have an error, tough, because the signature certificate is unknown, and other kind of technical subtleties. But that isn't worth the trouble, IMHO, because the crash has been fixed.
Comment 7 indicates that this version fixes the reported issue. Since the SSL error appears to be irrelevant let's send this on its way.
Keywords: NEEDHELP => (none)Whiteboard: (none) => MGA9-64-OK
Thanks, guys. Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2023-0120.html
Status: NEW => RESOLVEDResolution: (none) => FIXED