Accepted xml-security-c 1.6.1-1~bpo60+1 (source i386)

To: debian-backports-changes@lists.debian.org
Subject: Accepted xml-security-c 1.6.1-1~bpo60+1 (source i386)
From: Russ Allbery <rra@debian.org>
Date: Fri, 28 Oct 2011 07:47:14 +0000
Message-id: <[🔎] E1RJh9m-00049M-1I@morricone.debian.org>
Mail-followup-to: debian-backports@lists.debian.org
Reply-to: debian-backports@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 27 Oct 2011 17:18:12 -0700
Source: xml-security-c
Binary: libxml-security-c16 libxml-security-c-dev
Architecture: source i386
Version: 1.6.1-1~bpo60+1
Distribution: squeeze-backports
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Russ Allbery <rra@debian.org>
Description: 
 libxml-security-c-dev - C++ library for XML Digital Signatures (development)
 libxml-security-c16 - C++ library for XML Digital Signatures (runtime)
Closes: 632973
Changes: 
 xml-security-c (1.6.1-1~bpo60+1) squeeze-backports; urgency=high
 .
   * Backport to stable.
   * Weaken dependency on libssl-dev to allow building against the squeeze
     OpenSSL version.
 .
 xml-security-c (1.6.1-1) unstable; urgency=high
 .
   * Urgency high for security fix.
   * New upstream release.
     - DSIGObject::load method crashes for ds:Object without Id attribute
     - Buffer overflow when signing or verifying files with big asymmetric
       keys (Closes: #632973, CVE-2011-2516)
     - Memory bug inside XENCCipherImpl::deSerialise
     - Function cleanURIEscapes always throws XSECException, when any
       escape sequence occurs
     - Function isHexDigit doesn't recognize invalid escape sequences
     - Percent-encoded multibyte (UTF-8) sequences unrecognized
     - RSA-OAEP handler only allows SHA-1 digests
   * Update debian/watch for the new organization of Apache downloads.
 .
 xml-security-c (1.6.0-2) unstable; urgency=low
 .
   * Force build dependency on libssl-dev 1.0 or later for consistent build
     results.  If some Shibboleth-related libraries are built against
     earlier versions of libssl, it produces linking failures when building
     the Shibboleth SP package.
   * Stop running autoreconf during the build.  Upstream now ships
     sufficiently new generated files, and we no longer patch configure.
     Remove the associated build dependencies and extra clean files.
   * Update standards version to 3.9.2 (no changes required).
 .
 xml-security-c (1.6.0-1) unstable; urgency=low
 .
   * New upstream releaes.
     - Expose algorithm URI on Signature and Reference objects
     - White/blacklisting of otherwise registered algorithms
     - Allow selected XML Signature 1.1 KeyInfo extensions
     - Add elliptic curve keys and signatures via ECDSA
     - Support debugging of Reference/SignedInfo data
     - Add methods for Reference removal to DSIGSignature and
       DSIGSignedInfo classes
     - Lots of various bug fixes
   * Add build dependency on pkg-config, which upstream now uses to find
     the SSL libraries.
   * Remove --with-xerces from the configure flags, since "yes" is
     interpreted as a path to libraries and headers.
   * Remove unnecessary --with-openssl from configure flags.
   * Update to debhelper compatibility level V8.
     - Use the autotools-dev debhelper module for config.{sub,guess}.
     - Use debhelper rule minimization.
     - Move files to clean into a separate clean control file.
   * Use autoreconf instead of running the tools separately.
   * Update package home page for new upstream location.
   * Update package long description for the new official upstream name.
   * Update debian/copyright to the current DEP-5 specification.
   * Install the upstream NOTICE.txt file.
   * Change to Debian source format 3.0 (quilt).  Force a single Debian
     patch for simplicity since the packaging is maintained in Git using
     branches, and include a patch header explaining why.
   * debian/watch fixes for upstream distribution and versioning.
     - Mangle a tilde into upstream rc version numbers.
     - Update the upstream distribution URL.
     - Avoid matching signature and checksum files.
   * Update standards version to 3.9.1 (no changes required).
Checksums-Sha1: 
 3ea2fdc7cee89ef6796d4444df92a616b24824c5 1712 xml-security-c_1.6.1-1~bpo60+1.dsc
 239304659752eb214f3516b6c457c99f0e6467c7 864366 xml-security-c_1.6.1.orig.tar.gz
 6165b59749a01705c4873def88eb229228d1062b 7347 xml-security-c_1.6.1-1~bpo60+1.debian.tar.gz
 a37260cf35ddeb34f930ee511cfc8ecfca577e5c 382694 libxml-security-c16_1.6.1-1~bpo60+1_i386.deb
 66a3e79060c3d4585c0fd89121c73a2a5dfc67b2 150484 libxml-security-c-dev_1.6.1-1~bpo60+1_i386.deb
Checksums-Sha256: 
 c5c3f63b2046276aa3a70cf463e2c7b80456b6c7daa10002fc9629624771050f 1712 xml-security-c_1.6.1-1~bpo60+1.dsc
 73931a55d6925a82416ea48f8d6f1b8ed591368e1dfc30574fe43904b7c62fcd 864366 xml-security-c_1.6.1.orig.tar.gz
 2e38ea43a95b58b40d2133817820e37d37aebc9af6ca1e35284ef75e43533cf8 7347 xml-security-c_1.6.1-1~bpo60+1.debian.tar.gz
 52a39d3f438e5f36ac7d3aa8d87bc3cc0703bae77ceec22fa42cb333ea443b48 382694 libxml-security-c16_1.6.1-1~bpo60+1_i386.deb
 c32724d26b0b2572b3cdb3d71eb4fa2069e6bf8fd7b370f16325903b666a1ebb 150484 libxml-security-c-dev_1.6.1-1~bpo60+1_i386.deb
Files: 
 f6c00ae592e93c9ca16e379d68a9cec9 1712 libs extra xml-security-c_1.6.1-1~bpo60+1.dsc
 808316c80a7453b6d50a0bceb7ebe9bc 864366 libs extra xml-security-c_1.6.1.orig.tar.gz
 0e2086a069f2c1ffa6a09bd62fc493c2 7347 libs extra xml-security-c_1.6.1-1~bpo60+1.debian.tar.gz
 65accd97a6bfdf707e322c6180c1c44f 382694 libs extra libxml-security-c16_1.6.1-1~bpo60+1_i386.deb
 6f00b93ebbeb763729981ef76e560336 150484 libdevel extra libxml-security-c-dev_1.6.1-1~bpo60+1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBCAAGBQJOqfZjAAoJEH2AMVxXNt51KzEH/1JXDp2g4rGlxLVYu79KRrY/
XZV/WSbYRdDy9hNvrM7ylJeJPAs1DTmNdcLAgU004Riivnv40q3EoyH4f2tQyTBN
EzdPulBbox94gkscHHWUA9rMI0YFNGeQYP4DFIDez91oGEVCrV5LSKSz+AZot7T5
FopwWM8D3ALlgqfKMaeZvSwJ4LrnGrtm/bs8Z7FGnc9yspaaNwNAnuPbvpK5DGB2
eNmmkdgNiVPKny/L+9k+eGxhbjzrHxRWNOuE+uutEczOVoeu22erDxXQw/un5PQp
Qf+O6CzYWoCk0E/FMFVPVvFULytBENLWbSjamnZkmXEHcJ2pC36zuP7oSM2HD28=
=j2Oz
-----END PGP SIGNATURE-----


Accepted:
libxml-security-c-dev_1.6.1-1~bpo60+1_i386.deb
  to main/x/xml-security-c/libxml-security-c-dev_1.6.1-1~bpo60+1_i386.deb
libxml-security-c16_1.6.1-1~bpo60+1_i386.deb
  to main/x/xml-security-c/libxml-security-c16_1.6.1-1~bpo60+1_i386.deb
xml-security-c_1.6.1-1~bpo60+1.debian.tar.gz
  to main/x/xml-security-c/xml-security-c_1.6.1-1~bpo60+1.debian.tar.gz
xml-security-c_1.6.1-1~bpo60+1.dsc
  to main/x/xml-security-c/xml-security-c_1.6.1-1~bpo60+1.dsc
xml-security-c_1.6.1.orig.tar.gz
  to main/x/xml-security-c/xml-security-c_1.6.1.orig.tar.gz

Reply to:

Prev by Date: xml-security-c_1.6.1-1~bpo60+1_i386.changes is NEW
Next by Date: Accepted openafs 1.6.0-1~bpo60+1 (source i386 all)
Previous by thread: xml-security-c_1.6.1-1~bpo60+1_i386.changes is NEW
Next by thread: Accepted openafs 1.6.0-1~bpo60+1 (source i386 all)
Index(es):
- Date
- Thread