Update version number and libs

* OpenSSL 3.5.4
* LibXML2 2.15.1
* xmlsec1 1.3.9

IB-8679, IB-8681, #686

Signed-off-by: Raul Metsma <[email protected]>
Co-authored-by: Ander Punnar <[email protected]>

Author: 2 people

.github/workflows/build.yml

@@ -93,7 +93,7 @@ jobs:
       uses: actions/cache@v4
       with:
         path: ${{ github.workspace }}/vcpkg_cache
-        key: vcpkg-${{ matrix.target }}-${{ hashFiles('.github/workflows/*', 'vcpkg.json', 'vcpkg-ports/**', 'CMakeLists.txt', '**/CMakeLists.txt', 'CMakePresets.json') }}
+        key: vcpkg-${{ matrix.target }}-${{ hashFiles('vcpkg.json', 'vcpkg-ports/**') }}
     - name: Prepare vcpkg
       uses: lukka/run-vcpkg@v11
       with:
@@ -139,20 +139,30 @@ jobs:
         name: fedora_${{ matrix.container }}
         path: build/libdigidocpp*.rpm
   ubuntu:
-    name: Build on Ubuntu ${{ matrix.container }} ${{ matrix.arch }}
+    name: Build on ${{ matrix.dist }} ${{ matrix.ver }} ${{ matrix.arch }}
     runs-on: ubuntu-24.04${{ matrix.arch == 'arm64' && '-arm' || '' }}
-    container: ubuntu:${{ matrix.container }}
+    container: ${{ matrix.dist }}:${{ matrix.ver }}
     strategy:
       matrix:
-        container: ['22.04', '24.04', '25.04', '25.10']
-        arch: ['amd64', 'arm64']
+        dist: [ubuntu]
+        ver: ['22.04', '24.04', '25.04', '25.10']
+        arch: [amd64, arm64]
+        java: [17]
+        include: [
+          { dist: debian, ver: 'bookworm', arch: amd64, java: 17 },
+          { dist: debian, ver: 'trixie', arch: amd64, java: 21 },
+        ]
     env:
       DEBIAN_FRONTEND: noninteractive
       DEBFULLNAME: github-actions
       DEBEMAIL: [email protected]
     steps:
     - name: Install dependencies
-      run: apt update -qq && apt install --no-install-recommends -y lsb-release build-essential devscripts debhelper lintian pkg-config ${UBUNTU_DEPS} doxygen swig openjdk-17-jdk-headless libpython3-dev python3-setuptools libboost-test-dev
+      run: |
+        echo 'path-exclude=/usr/share/man/*'      >  /etc/dpkg/dpkg.cfg.d/99-nodocs
+        echo 'path-exclude=/usr/share/doc/*'      >> /etc/dpkg/dpkg.cfg.d/99-nodocs
+        echo 'path-exclude=/usr/share/doc-base/*' >> /etc/dpkg/dpkg.cfg.d/99-nodocs
+        apt update -qq && apt install --no-install-recommends -y lsb-release build-essential devscripts debhelper lintian pkg-config ${UBUNTU_DEPS} doxygen swig openjdk-${{ matrix.java }}-jdk-headless libpython3-dev python3-setuptools libboost-test-dev
     - name: Checkout
       uses: actions/checkout@v5
     - name: Setup changelog
@@ -162,14 +172,14 @@ jobs:
         dch --distribution $(lsb_release -cs) -v ${VERSIONEX} "Release ${VERSIONEX}."
     - name: Build packages
       run: |
-        JAVA_HOME=/usr/lib/jvm/java-17-openjdk-${{ matrix.arch }} dpkg-buildpackage -us -uc
+        JAVA_HOME=/usr/lib/jvm/java-${{ matrix.java }}-openjdk-${{ matrix.arch }} dpkg-buildpackage -us -uc
         mv ../libdigidocpp*.* .
     - name: Lintian
       run: lintian *.deb;
     - name: Archive artifacts
       uses: actions/upload-artifact@v4
       with:
-        name: ubuntu_${{ matrix.container }}_${{ matrix.arch }}
+        name: ${{ matrix.dist }}_${{ matrix.ver }}_${{ matrix.arch }}
         path: libdigidocpp*.*
   windows:
     name: Build on Windows
@@ -195,7 +205,7 @@ jobs:
       uses: actions/cache@v4
       with:
         path: ${{ github.workspace }}/vcpkg_cache
-        key: vcpkg-${{ matrix.toolset }}-${{ matrix.platform }}-${{ hashFiles('.github/workflows/*', 'vcpkg.json', 'vcpkg-ports/**', 'CMakeLists.txt', '**/CMakeLists.txt', 'CMakePresets.json') }}
+        key: vcpkg-${{ matrix.toolset }}-${{ matrix.platform }}-${{ hashFiles('vcpkg.json', 'vcpkg-ports/**') }}
     - name: Prepare vcpkg
       uses: lukka/run-vcpkg@v11
       with:
@@ -298,7 +308,7 @@ jobs:
     - name: Install dependencies
       run: sudo apt update -qq && sudo apt install --no-install-recommends -y ${UBUNTU_DEPS}
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
       with:
         languages: cpp
         queries: +security-and-quality
@@ -311,12 +321,12 @@ jobs:
           -DBUILD_TOOLS=NO
         cmake --build build
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4
       with:
         upload: False
         output: sarif-results
     - name: Filter results
-      uses: advanced-security/filter-sarif@develop
+      uses: advanced-security/filter-sarif@v1
       with:
         patterns: |
           -src/json.hpp
@@ -326,6 +336,6 @@ jobs:
         input: sarif-results/cpp.sarif
         output: sarif-results/cpp.sarif
     - name: Upload results
-      uses: github/codeql-action/upload-sarif@v3
+      uses: github/codeql-action/upload-sarif@v4
       with:
         sarif_file: sarif-results/cpp.sarif

CMakeLists.txt

@@ -5,7 +5,10 @@ endif()
 if(POLICY CMP0177)
     cmake_policy(SET CMP0177 NEW)
 endif()
-project(libdigidocpp VERSION 4.3.0)
+project(libdigidocpp VERSION 4.4.0
+    DESCRIPTION "C++ library for digital signatures and validation of digitally signed documents"
+    HOMEPAGE_URL https://github.com/open-eid/libdigidocpp
+)
 set(CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/cmake/modules)
 list(APPEND CMAKE_PREFIX_PATH ${CMAKE_INSTALL_PREFIX})
 
@@ -35,7 +38,7 @@ set( BUILD_TOOLS YES CACHE BOOL "Build digidoc-tool" )
 set( BUILD_SHARED_LIBS YES CACHE BOOL "Build library as SHARED or STATIC" )
 set( SIGNCERT "" CACHE STRING "Common name of certificate to used sign binaries, empty skip signing" )
 set( CROSSSIGNCERT "" CACHE STRING "Common name of certificate to used cross sign binaries, empty skip signing" )
-set(CMAKE_CXX_STANDARD 20)
+set(CMAKE_CXX_STANDARD 23)
 set(CMAKE_CXX_STANDARD_REQUIRED YES)
 set(CMAKE_C_VISIBILITY_PRESET hidden)
 set(CMAKE_CXX_VISIBILITY_PRESET hidden)

examples/android/app/build.gradle

@@ -3,11 +3,11 @@ apply plugin: 'com.android.application'
 def libsPath = '/Library/libdigidocpp'
 
 android {
-    compileSdk 35
+    compileSdk = 36
     defaultConfig {
         applicationId "ee.ria.libdigidocpp"
-        minSdk 30
-        targetSdk 35
+        minSdk = 33
+        targetSdk = 36
         versionCode 1
         versionName "1.0"
         if (System.getenv("BUILD_NUMBER")) {
@@ -26,7 +26,7 @@ android {
         targetCompatibility JavaVersion.VERSION_17
         sourceCompatibility JavaVersion.VERSION_17
     }
-    sourceSets.main.java.srcDirs += [libsPath + '.androidarm/include']
+    sourceSets.main.java.srcDirs += [libsPath + '.androidarm64/include']
     namespace 'ee.ria.libdigidocpp'
 }
 

examples/android/build.gradle

@@ -5,7 +5,7 @@ buildscript {
         mavenCentral()
     }
     dependencies {
-        classpath 'com.android.tools.build:gradle:8.12.2'
+        classpath 'com.android.tools.build:gradle:8.13.0'
     }
 }
 

prepare_osx_build_environment.sh

@@ -1,8 +1,8 @@
 #!/bin/sh
 set -e
 
-OPENSSL_DIR=openssl-3.5.2
-XMLSEC_DIR=xmlsec1-1.3.7
+OPENSSL_DIR=openssl-3.5.4
+XMLSEC_DIR=xmlsec1-1.3.9
 ARGS="$@"
 
 case "$@" in
@@ -58,8 +58,6 @@ function xmlsec {
     tar xf ${XMLSEC_DIR}.tar.gz
     cd ${XMLSEC_DIR}
     patch -Np1 -i ../vcpkg-ports/xmlsec/xmlsec1-1.3.5.legacy.patch
-    patch -Np1 -i ../vcpkg-ports/xmlsec/xmlsec1-1.3.7.rsapss.patch
-    patch -Np1 -i ../vcpkg-ports/xmlsec/xmlsec1-1.3.7.ecdsa-sig.patch
     case "${ARGS}" in
     *iphone*) CONFIGURE="--host=aarch64-apple-darwin --enable-static --disable-shared --without-libxslt" ;;
     *) CONFIGURE="--disable-static --enable-shared" ;;

src/CMakeLists.txt

@@ -68,7 +68,7 @@ add_library(digidocpp_util STATIC
 
 target_link_libraries(digidocpp_util PUBLIC digidocpp_ver PRIVATE $<$<OR:$<PLATFORM_ID:Darwin>,$<PLATFORM_ID:iOS>>:-framework\ CoreFoundation>)
 
-add_library(digidocpp_priv STATIC
+add_library(digidocpp_tsl STATIC
     crypto/Connect.cpp
     crypto/Digest.cpp
     crypto/TSL.cpp
@@ -77,14 +77,14 @@ add_library(digidocpp_priv STATIC
     XMLDocument.h
 )
 
-set_target_properties(digidocpp_util digidocpp_priv PROPERTIES
+set_target_properties(digidocpp_util digidocpp_tsl PROPERTIES
     COMPILE_DEFINITIONS digidocpp_EXPORTS
     POSITION_INDEPENDENT_CODE YES
 )
 
-target_include_directories(digidocpp_priv PUBLIC ${CMAKE_CURRENT_SOURCE_DIR})
+target_include_directories(digidocpp_tsl PUBLIC ${CMAKE_CURRENT_SOURCE_DIR})
 
-target_link_libraries(digidocpp_priv
+target_link_libraries(digidocpp_tsl
     digidocpp_util
     ZLIB::ZLIB
     LibXml2::LibXml2
@@ -153,11 +153,11 @@ target_include_directories(digidocpp PUBLIC
     $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}>
     $<INSTALL_INTERFACE:include>
 )
-target_link_libraries(digidocpp PRIVATE ${CMAKE_DL_LIBS} minizip digidocpp_priv)
+target_link_libraries(digidocpp PRIVATE ${CMAKE_DL_LIBS} minizip digidocpp_tsl)
 
 if( BUILD_TOOLS )
     add_executable(digidoc-tool digidoc-tool.cpp)
-    target_link_libraries(digidoc-tool digidocpp digidocpp_priv Threads::Threads)
+    target_link_libraries(digidoc-tool digidocpp digidocpp_tsl Threads::Threads)
     target_link_options(digidoc-tool PRIVATE
         $<$<PLATFORM_ID:Windows>: /MANIFEST:NO /MANIFEST:EMBED /MANIFESTINPUT:${CMAKE_CURRENT_SOURCE_DIR}/digidoc-tool.manifest>
     )
@@ -382,7 +382,7 @@ if( FRAMEWORK )
     )
 else()
     if(NOT ${BUILD_SHARED_LIBS})
-        install( TARGETS minizip digidocpp_priv digidocpp_util DESTINATION ${CMAKE_INSTALL_LIBDIR} )
+        install( TARGETS minizip digidocpp_tsl digidocpp_util DESTINATION ${CMAKE_INSTALL_LIBDIR} )
     endif()
     if( BUILD_TOOLS )
         install( TARGETS digidoc-tool DESTINATION ${CMAKE_INSTALL_BINDIR} )

src/XMLDocument.h

@@ -303,8 +303,8 @@ struct XMLDocument: public unique_free_d<xmlFreeDoc>, public XMLNode
             d = {};
     }
 
-    XMLDocument(std::string_view path, const XMLName &n = {}) noexcept
-        : XMLDocument(path.empty() ? nullptr : xmlParseFile(path.data()), n)
+    XMLDocument(const std::string &path, const XMLName &n = {}) noexcept
+        : XMLDocument(path.empty() ? nullptr : xmlParseFile(path.c_str()), n)
     {}
 
     static XMLDocument openStream(std::istream &is, const XMLName &name = {}, bool hugeFile = false)
@@ -314,27 +314,26 @@ struct XMLDocument: public unique_free_d<xmlFreeDoc>, public XMLNode
             is->read(buffer, len);
             return is->good() || is->eof() ? int(is->gcount()) : -1;
         }, nullptr, &is, XML_CHAR_ENCODING_NONE));
-#if VERSION_CHECK(XMLSEC_VERSION_MAJOR, XMLSEC_VERSION_MINOR, XMLSEC_VERSION_SUBMINOR) >= VERSION_CHECK(1, 3, 0)
-        ctxt->options |= xmlSecParserGetDefaultOptions() & ~XML_PARSE_HUGE;
-#else
         ctxt->options |= XML_PARSE_NOENT|XML_PARSE_DTDLOAD|XML_PARSE_DTDATTR|XML_PARSE_NONET|XML_PARSE_NODICT;
-#endif
+#if LIBXML_VERSION >= 21300
+        ctxt->options |= XML_PARSE_NO_XXE;
+#else
         ctxt->loadsubset |= XML_DETECT_IDS|XML_COMPLETE_ATTRS;
+#endif
         if(hugeFile)
         {
             ctxt->options |= XML_PARSE_HUGE;
 #if LIBXML_VERSION < 21300
             if(ctxt->sax)
-                ctxt->sax->entityDecl = 0;
+                ctxt->sax->entityDecl = nullptr;
 #endif
         }
         auto result = xmlParseDocument(ctxt.get());
         if(result != 0 || !ctxt->wellFormed)
         {
             if(const xmlError *lastError = xmlCtxtGetLastError(ctxt.get()))
                 THROW("%s", lastError->message);
-            else
-                THROW("Failed to parse XML document from stream");
+            THROW("Failed to parse XML document from stream");
         }
         return {ctxt->myDoc, name};
     }

test/CMakeLists.txt

@@ -7,7 +7,7 @@ add_definitions(
 )
 add_executable(unittests libdigidocpp_boost.cpp)
 add_executable(TSLTests TSLTests.cpp)
-target_link_libraries(unittests digidocpp digidocpp_priv Boost::unit_test_framework)
+target_link_libraries(unittests digidocpp digidocpp_tsl Boost::unit_test_framework)
 target_link_libraries(TSLTests digidocpp digidocpp_util Boost::unit_test_framework)
 if(WIN32)
     string(REPLACE "/EHsc" "/EHa" CMAKE_CXX_FLAGS ${CMAKE_CXX_FLAGS})

vcpkg-ports/libxml2/cxx-for-icu.diff

@@ -0,0 +1,13 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index b952d7bf..6d43569b 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -8,7 +8,7 @@ if(${VERSION} MATCHES [[([0-9]+)\.([0-9]+)\.([0-9]+)]])
+     set(LIBXML_MICRO_VERSION ${CMAKE_MATCH_3})
+ endif()
+ 
+-project(libxml2 VERSION ${VERSION} LANGUAGES C)
++project(libxml2 VERSION ${VERSION} LANGUAGES C CXX)
+ 
+ set(CMAKE_C_STANDARD 11)
+ 

vcpkg-ports/libxml2/disable-xml2-config.diff

@@ -0,0 +1,12 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 3850f6b..8beb11e 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -669,7 +669,6 @@ if(1)
+     set(prefix "\$(cd \"\$(dirname \"\$0\")\"; pwd -P)/..")
+ endif()
+ configure_file(xml2-config.in xml2-config @ONLY)
+-install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/xml2-config DESTINATION ${CMAKE_INSTALL_BINDIR} COMPONENT development)
+ 
+ set(XML_INCLUDEDIR "-I${CMAKE_INSTALL_FULL_INCLUDEDIR}/libxml2")
+ set(XML_LIBDIR "-L${CMAKE_INSTALL_FULL_LIBDIR}")