Trying to build LibreOffice 6.2.3.2 fails with the errors below. ``` CC libxmlsec1_nss_la-kw_aes.lo digests.c: In function ‘xmlSecNssDigestInitialize’: digests.c:142:43: error: ‘SEC_OID_SHA224’ undeclared (first use in this function); did you mean ‘SEC_OID_SHA384’? ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA224); ^~~~~~~~~~~~~~ SEC_OID_SHA384 digests.c:142:43: note: each undeclared identifier is reported only once for each function it appears in make[5]: *** [Makefile:648: libxmlsec1_nss_la-digests.lo] Error 1 make[5]: *** Waiting for unfinished jobs.... signatures.c: In function ‘xmlSecNssSignatureInitialize’: signatures.c:195:27: error: ‘SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST’ undeclared (first use in this function); did you mean ‘SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST’? ctx->alg = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST; ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST signatures.c:195:27: note: each undeclared identifier is reported only once for each function it appears in signatures.c: In function ‘xmlSecNssSignatureAlgorithmEncoded’: signatures.c:408:10: error: ‘SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST’ undeclared (first use in this function); did you mean ‘SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST’? case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST: ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST make[5]: *** [Makefile:669: libxmlsec1_nss_la-signatures.lo] Error 1 make[4]: *** [Makefile:685: all-recursive] Error 1 make[3]: *** [Makefile:739: all-recursive] Error 1 make[2]: *** [Makefile:557: all] Error 2 ```
What build flags do you use?
(In reply to Miklos Vajna from comment #1) > What build flags do you use? ``` --with-lang=de \ --with-help \ --with-jdk-home=/usr/local/java \ --with-ant-home=/package/mariux64/ant \ --without-doxygen \ --without-junit \ --disable-dconf \ --disable-epm \ --disable-odk \ --enable-release-build \ --enable-python=internal \ --with-system-apr \ --with-system-cairo \ --with-system-curl \ --with-system-expat \ --with-system-harfbuzz \ --with-system-icu \ --with-system-jpeg \ --with-system-lcms2 \ --with-system-libatomic_ops \ --with-system-libpng \ --with-system-libxml \ --with-system-neon \ --with-system-nss \ --with-system-odbc \ --with-system-openldap \ --with-system-openssl \ --with-system-poppler \ --with-system-postgresql \ --with-system-serf \ --with-system-zlib ```
You ask for a --with-system-nss, but then fail to supply a new enough nss. Just don't use that switch if your nss is too old. I guess there is nothing to fix here. OK to close?
(In reply to Miklos Vajna from comment #3) > You ask for a --with-system-nss, but then fail to supply a new enough nss. > Just don't use that switch if your nss is too old. I guess there is nothing > to fix here. OK to close? Shouldn’t some configure script check, what system NSS version is provided?
That's a good idea; care to send a patch? Setting as new, since the above confirms that at least in your environment configure passes. configure.ac:9284 has the current nss version requirement; can you check the mentioned symbols were introduced in what nss version and increase it please? Thanks.
Hello Paul, you can find information on how to submit a patch to gerrit here -> https://wiki.documentfoundation.org/Development/gerrit/SubmitPatch Thanks in advance
I installed NSS 3.43 (and NSPR 4.21), and still hit this error. $ nss-config --version 3.43.0 $ grep -R SEC_OID_SHA224 /usr/include/nss/ /usr/include/nss/secoidt.h: SEC_OID_SHA224 = 309, $ grep -R SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST /usr/include/nss/ /usr/include/nss/secoidt.h: SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST = 315,
Perhaps it's a missing include in libxmlsec? You would have to sort this out at <https://github.com/lsh123/xmlsec/>. What's your Linux distribution? I only have /usr/include/nss3, not /usr/include/nss.
Building xmlsec directly, it looks like `nss.h` from the xulrunner installation is used for some reason. ``` $ ./autogen.sh $ ./configure $ make V=1 […] Making all in nss make[3]: Entering directory '/dev/shm/xmlsec/src/nss' /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -DPACKAGE=\"xmlsec1\" -I../../include -I../../include -D__XMLSEC_FUNCTION__=__func__ -DXMLSEC_NO_SIZE_T -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1 -I/usr/include/xulrunner-1.9.2.16 -I/usr/include/xulrunner-1.9.2.16 -DXMLSEC_CRYPTO_NSS=1 -I/usr/include/libxml2 -I/usr/include/libxml2 -g -O2 -MT libxmlsec1_nss_la-digests.lo -MD -MP -MF .deps/libxmlsec1_nss_la-digests.Tpo -c -o libxmlsec1_nss_la-digests.lo `test -f 'digests.c' || echo './'`digests.c libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -DPACKAGE=\"xmlsec1\" -I../../include -I../../include -D__XMLSEC_FUNCTION__=__func__ -DXMLSEC_NO_SIZE_T -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1 -I/usr/include/xulrunner-1.9.2.16 -I/usr/include/xulrunner-1.9.2.16 -DXMLSEC_CRYPTO_NSS=1 -I/usr/include/libxml2 -I/usr/include/libxml2 -g -O2 -MT libxmlsec1_nss_la-digests.lo -MD -MP -MF .deps/libxmlsec1_nss_la-digests.Tpo -c digests.c -fPIC -DPIC -o .libs/libxmlsec1_nss_la-digests.o digests.c: In function 'xmlSecNssDigestInitialize': digests.c:142:43: error: 'SEC_OID_SHA224' undeclared (first use in this function); did you mean 'SEC_OID_SHA384'? ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA224); ^~~~~~~~~~~~~~ SEC_OID_SHA384 digests.c:142:43: note: each undeclared identifier is reported only once for each function it appears in make[3]: *** [Makefile:648: libxmlsec1_nss_la-digests.lo] Error 1 ```
xmlsec prefers xulrunner-nss and xulrunner-nspr over the system versions [1]. ``` dnl Priority 3: Guess with pkg_config dnl dnl Mozilla's NSS/NSPR are distributed under different names in different distribution, dnl we are going to try all options: dnl seamonkey-nspr and seamonkey-nss dnl mozilla-nspr and mozilla-nss dnl xulrunner-nspr and xulrunner-nss dnl nspr and nss if test "z$NSPR_FOUND" = "zno" -a "z$PKGCONFIG_FOUND" = "zyes" -a "z$with_mozilla_ver" = "z" -a "z$with_seamonkey_ver" ; then if test "z$NSPR_FOUND" = "zno" ; then PKG_CHECK_MODULES(NSPR, seamonkey-nspr >= $NSPR_MIN_VERSION, [NSPR_FOUND=yes NSPR_PACKAGE=seamonkey-nspr], [NSPR_FOUND=no]) fi if test "z$NSPR_FOUND" = "zno" ; then PKG_CHECK_MODULES(NSPR, mozilla-nspr >= $MOZILLA_MIN_VERSION, [NSPR_FOUND=yes NSPR_PACKAGE=mozilla-nspr], [NSPR_FOUND=no]) fi if test "z$NSPR_FOUND" = "zno" ; then PKG_CHECK_MODULES(NSPR, xulrunner-nspr >= $NSPR_MIN_VERSION, [NSPR_FOUND=yes NSPR_PACKAGE=xulrunner-nspr], [NSPR_FOUND=no]) fi if test "z$NSPR_FOUND" = "zno" ; then PKG_CHECK_MODULES(NSPR, nspr >= $NSPR_MIN_VERSION, [NSPR_FOUND=yes NSPR_PACKAGE=nspr], [NSPR_FOUND=no]) fi fi if test "z$NSS_FOUND" = "zno" -a "z$PKGCONFIG_FOUND" = "zyes" -a "z$with_mozilla_ver" = "z" -a "z$with_seamonkey_ver" ; then if test "z$NSS_FOUND" = "zno" ; then PKG_CHECK_MODULES(NSS, seamonkey-nss >= $SEAMONKEY_MIN_VERSION, [NSS_FOUND=yes NSS_PACKAGE=seamonkey-nss], [NSS_FOUND=no]) fi if test "z$NSS_FOUND" = "zno" ; then PKG_CHECK_MODULES(NSS, mozilla-nss >= $MOZILLA_MIN_VERSION, [NSS_FOUND=yes NSS_PACKAGE=mozilla-nss], [NSS_FOUND=no]) fi if test "z$NSS_FOUND" = "zno" ; then PKG_CHECK_MODULES(NSS, xulrunner-nss >= $NSS_MIN_VERSION, [NSS_FOUND=yes NSS_PACKAGE=xulrunner-nss], [NSS_FOUND=no]) fi if test "z$NSS_FOUND" = "zno" ; then PKG_CHECK_MODULES(NSS, nss >= $NSS_MIN_VERSION, [NSS_FOUND=yes NSS_PACKAGE=nss], [NSS_FOUND=no]) fi fi ``` [1]: https://github.com/lsh123/xmlsec/blob/f23c4266502363fafe72baa09bafed163a938dc0/configure.ac#L944-L995
It is indeed a xmlsec problem. The merge/pull request *build: Increase minimal version numbers for NSPR/NSS* [1] is a start to fix the minimal required versions, so that the old headers are not picked up. Was xmlsec versions updated in LibreOffice 6.2? [1]: https://github.com/lsh123/xmlsec/pull/263
master has 1.2.28, libreoffice-6-2 has 1.2.27. If updating to libxmlsec-1.2.28 in libreoffice-6-2 fixes this bug (or backporting other libxmlsec changes from master), then it's possible to do so.
Now we've been using xmlsec1-1.3.1.tar.gz since https://cgit.freedesktop.org/libreoffice/core/commit/?id=bfd479abf0d1d8ce36c3b0dcc6c824216f88a95b so since 7.6 branch. Is it better now?
Sorry, I have no spare cycles to look into this. (By the way, we have Nextcloud and Collabora Online(?) support contract.) If nobody has time to look into this, I guess it’s fixed in newer 7.x versions.
Thank you for the feedback. Let's put this one to WFM then and if someone reproduces the pb, don't hesitate to reopen this tracker or rather send a message on dev mailing list or IRC since it's a build pb.