xml-security-c_1.6.1-1~bpo60+1_i386.changes is NEW

To: Russ Allbery <rra@debian.org>
Subject: xml-security-c_1.6.1-1~bpo60+1_i386.changes is NEW
From: Backports Debian FTP Masters <ftpmaster@backports.debian.org>
Date: Fri, 28 Oct 2011 00:32:05 +0000
Message-id: <[🔎] E1RJaMf-0004ca-Gv@morricone.debian.org>
Mail-followup-to: debian-backports@lists.debian.org
Reply-to: debian-backports@lists.debian.org

(new) libxml-security-c-dev_1.6.1-1~bpo60+1_i386.deb extra libdevel
C++ library for XML Digital Signatures (development)
 Apache XML Security for C++ is a library for the XML Digital Security
 specification.  It provides processing and handling of XML Key Management
 Specifications (XKMS) messages.
 .
 This package contains the Apache XML Security for C++ development files.
(new) libxml-security-c16_1.6.1-1~bpo60+1_i386.deb extra libs
C++ library for XML Digital Signatures (runtime)
 Apache XML Security for C++ is a library for the XML Digital Security
 specification.  It provides processing and handling of XML Key Management
 Specifications (XKMS) messages.
 .
 This package contains the files necessary for running applications that
 use the Apache XML Security for C++ library.
(new) xml-security-c_1.6.1-1~bpo60+1.debian.tar.gz extra libs
(new) xml-security-c_1.6.1-1~bpo60+1.dsc extra libs
(new) xml-security-c_1.6.1.orig.tar.gz extra libs
Changes: xml-security-c (1.6.1-1~bpo60+1) squeeze-backports; urgency=high
 .
  * Backport to stable.
  * Weaken dependency on libssl-dev to allow building against the squeeze
    OpenSSL version.
 .
xml-security-c (1.6.1-1) unstable; urgency=high
 .
  * Urgency high for security fix.
  * New upstream release.
    - DSIGObject::load method crashes for ds:Object without Id attribute
    - Buffer overflow when signing or verifying files with big asymmetric
      keys (Closes: #632973, CVE-2011-2516)
    - Memory bug inside XENCCipherImpl::deSerialise
    - Function cleanURIEscapes always throws XSECException, when any
      escape sequence occurs
    - Function isHexDigit doesn't recognize invalid escape sequences
    - Percent-encoded multibyte (UTF-8) sequences unrecognized
    - RSA-OAEP handler only allows SHA-1 digests
  * Update debian/watch for the new organization of Apache downloads.
 .
xml-security-c (1.6.0-2) unstable; urgency=low
 .
  * Force build dependency on libssl-dev 1.0 or later for consistent build
    results.  If some Shibboleth-related libraries are built against
    earlier versions of libssl, it produces linking failures when building
    the Shibboleth SP package.
  * Stop running autoreconf during the build.  Upstream now ships
    sufficiently new generated files, and we no longer patch configure.
    Remove the associated build dependencies and extra clean files.
  * Update standards version to 3.9.2 (no changes required).
 .
xml-security-c (1.6.0-1) unstable; urgency=low
 .
  * New upstream releaes.
    - Expose algorithm URI on Signature and Reference objects
    - White/blacklisting of otherwise registered algorithms
    - Allow selected XML Signature 1.1 KeyInfo extensions
    - Add elliptic curve keys and signatures via ECDSA
    - Support debugging of Reference/SignedInfo data
    - Add methods for Reference removal to DSIGSignature and
      DSIGSignedInfo classes
    - Lots of various bug fixes
  * Add build dependency on pkg-config, which upstream now uses to find
    the SSL libraries.
  * Remove --with-xerces from the configure flags, since "yes" is
    interpreted as a path to libraries and headers.
  * Remove unnecessary --with-openssl from configure flags.
  * Update to debhelper compatibility level V8.
    - Use the autotools-dev debhelper module for config.{sub,guess}.
    - Use debhelper rule minimization.
    - Move files to clean into a separate clean control file.
  * Use autoreconf instead of running the tools separately.
  * Update package home page for new upstream location.
  * Update package long description for the new official upstream name.
  * Update debian/copyright to the current DEP-5 specification.
  * Install the upstream NOTICE.txt file.
  * Change to Debian source format 3.0 (quilt).  Force a single Debian
    patch for simplicity since the packaging is maintained in Git using
    branches, and include a patch header explaining why.
  * debian/watch fixes for upstream distribution and versioning.
    - Mangle a tilde into upstream rc version numbers.
    - Update the upstream distribution URL.
    - Avoid matching signature and checksum files.
  * Update standards version to 3.9.1 (no changes required).


Override entries for your package:

Announcing to debian-backports-changes@lists.debian.org


Your package contains new components which requires manual editing of
the override file.  It is ok otherwise, so please be patient.  New
packages are usually added to the override file about once a week.

You may have gotten the distribution wrong.  You'll get warnings above
if files already exist in other distributions.
ist in other distributions.

Reply to:

Prev by Date: Processing of xml-security-c_1.6.1-1~bpo60+1_i386.changes
Next by Date: Accepted xml-security-c 1.6.1-1~bpo60+1 (source i386)
Previous by thread: Processing of xml-security-c_1.6.1-1~bpo60+1_i386.changes
Next by thread: Accepted xml-security-c 1.6.1-1~bpo60+1 (source i386)
Index(es):
- Date
- Thread