xml-security-c_1.6.1-1~bpo60+1_i386.changes is NEW
(new) libxml-security-c-dev_1.6.1-1~bpo60+1_i386.deb extra libdevel
C++ library for XML Digital Signatures (development)
Apache XML Security for C++ is a library for the XML Digital Security
specification. It provides processing and handling of XML Key Management
Specifications (XKMS) messages.
.
This package contains the Apache XML Security for C++ development files.
(new) libxml-security-c16_1.6.1-1~bpo60+1_i386.deb extra libs
C++ library for XML Digital Signatures (runtime)
Apache XML Security for C++ is a library for the XML Digital Security
specification. It provides processing and handling of XML Key Management
Specifications (XKMS) messages.
.
This package contains the files necessary for running applications that
use the Apache XML Security for C++ library.
(new) xml-security-c_1.6.1-1~bpo60+1.debian.tar.gz extra libs
(new) xml-security-c_1.6.1-1~bpo60+1.dsc extra libs
(new) xml-security-c_1.6.1.orig.tar.gz extra libs
Changes: xml-security-c (1.6.1-1~bpo60+1) squeeze-backports; urgency=high
.
* Backport to stable.
* Weaken dependency on libssl-dev to allow building against the squeeze
OpenSSL version.
.
xml-security-c (1.6.1-1) unstable; urgency=high
.
* Urgency high for security fix.
* New upstream release.
- DSIGObject::load method crashes for ds:Object without Id attribute
- Buffer overflow when signing or verifying files with big asymmetric
keys (Closes: #632973, CVE-2011-2516)
- Memory bug inside XENCCipherImpl::deSerialise
- Function cleanURIEscapes always throws XSECException, when any
escape sequence occurs
- Function isHexDigit doesn't recognize invalid escape sequences
- Percent-encoded multibyte (UTF-8) sequences unrecognized
- RSA-OAEP handler only allows SHA-1 digests
* Update debian/watch for the new organization of Apache downloads.
.
xml-security-c (1.6.0-2) unstable; urgency=low
.
* Force build dependency on libssl-dev 1.0 or later for consistent build
results. If some Shibboleth-related libraries are built against
earlier versions of libssl, it produces linking failures when building
the Shibboleth SP package.
* Stop running autoreconf during the build. Upstream now ships
sufficiently new generated files, and we no longer patch configure.
Remove the associated build dependencies and extra clean files.
* Update standards version to 3.9.2 (no changes required).
.
xml-security-c (1.6.0-1) unstable; urgency=low
.
* New upstream releaes.
- Expose algorithm URI on Signature and Reference objects
- White/blacklisting of otherwise registered algorithms
- Allow selected XML Signature 1.1 KeyInfo extensions
- Add elliptic curve keys and signatures via ECDSA
- Support debugging of Reference/SignedInfo data
- Add methods for Reference removal to DSIGSignature and
DSIGSignedInfo classes
- Lots of various bug fixes
* Add build dependency on pkg-config, which upstream now uses to find
the SSL libraries.
* Remove --with-xerces from the configure flags, since "yes" is
interpreted as a path to libraries and headers.
* Remove unnecessary --with-openssl from configure flags.
* Update to debhelper compatibility level V8.
- Use the autotools-dev debhelper module for config.{sub,guess}.
- Use debhelper rule minimization.
- Move files to clean into a separate clean control file.
* Use autoreconf instead of running the tools separately.
* Update package home page for new upstream location.
* Update package long description for the new official upstream name.
* Update debian/copyright to the current DEP-5 specification.
* Install the upstream NOTICE.txt file.
* Change to Debian source format 3.0 (quilt). Force a single Debian
patch for simplicity since the packaging is maintained in Git using
branches, and include a patch header explaining why.
* debian/watch fixes for upstream distribution and versioning.
- Mangle a tilde into upstream rc version numbers.
- Update the upstream distribution URL.
- Avoid matching signature and checksum files.
* Update standards version to 3.9.1 (no changes required).
Override entries for your package:
Announcing to debian-backports-changes@lists.debian.org
Your package contains new components which requires manual editing of
the override file. It is ok otherwise, so please be patient. New
packages are usually added to the override file about once a week.
You may have gotten the distribution wrong. You'll get warnings above
if files already exist in other distributions.
ist in other distributions.
Reply to: