Accepted xml-security-c 1.6.1-1~bpo60+1 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 27 Oct 2011 17:18:12 -0700
Source: xml-security-c
Binary: libxml-security-c16 libxml-security-c-dev
Architecture: source i386
Version: 1.6.1-1~bpo60+1
Distribution: squeeze-backports
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Russ Allbery <rra@debian.org>
Description:
libxml-security-c-dev - C++ library for XML Digital Signatures (development)
libxml-security-c16 - C++ library for XML Digital Signatures (runtime)
Closes: 632973
Changes:
xml-security-c (1.6.1-1~bpo60+1) squeeze-backports; urgency=high
.
* Backport to stable.
* Weaken dependency on libssl-dev to allow building against the squeeze
OpenSSL version.
.
xml-security-c (1.6.1-1) unstable; urgency=high
.
* Urgency high for security fix.
* New upstream release.
- DSIGObject::load method crashes for ds:Object without Id attribute
- Buffer overflow when signing or verifying files with big asymmetric
keys (Closes: #632973, CVE-2011-2516)
- Memory bug inside XENCCipherImpl::deSerialise
- Function cleanURIEscapes always throws XSECException, when any
escape sequence occurs
- Function isHexDigit doesn't recognize invalid escape sequences
- Percent-encoded multibyte (UTF-8) sequences unrecognized
- RSA-OAEP handler only allows SHA-1 digests
* Update debian/watch for the new organization of Apache downloads.
.
xml-security-c (1.6.0-2) unstable; urgency=low
.
* Force build dependency on libssl-dev 1.0 or later for consistent build
results. If some Shibboleth-related libraries are built against
earlier versions of libssl, it produces linking failures when building
the Shibboleth SP package.
* Stop running autoreconf during the build. Upstream now ships
sufficiently new generated files, and we no longer patch configure.
Remove the associated build dependencies and extra clean files.
* Update standards version to 3.9.2 (no changes required).
.
xml-security-c (1.6.0-1) unstable; urgency=low
.
* New upstream releaes.
- Expose algorithm URI on Signature and Reference objects
- White/blacklisting of otherwise registered algorithms
- Allow selected XML Signature 1.1 KeyInfo extensions
- Add elliptic curve keys and signatures via ECDSA
- Support debugging of Reference/SignedInfo data
- Add methods for Reference removal to DSIGSignature and
DSIGSignedInfo classes
- Lots of various bug fixes
* Add build dependency on pkg-config, which upstream now uses to find
the SSL libraries.
* Remove --with-xerces from the configure flags, since "yes" is
interpreted as a path to libraries and headers.
* Remove unnecessary --with-openssl from configure flags.
* Update to debhelper compatibility level V8.
- Use the autotools-dev debhelper module for config.{sub,guess}.
- Use debhelper rule minimization.
- Move files to clean into a separate clean control file.
* Use autoreconf instead of running the tools separately.
* Update package home page for new upstream location.
* Update package long description for the new official upstream name.
* Update debian/copyright to the current DEP-5 specification.
* Install the upstream NOTICE.txt file.
* Change to Debian source format 3.0 (quilt). Force a single Debian
patch for simplicity since the packaging is maintained in Git using
branches, and include a patch header explaining why.
* debian/watch fixes for upstream distribution and versioning.
- Mangle a tilde into upstream rc version numbers.
- Update the upstream distribution URL.
- Avoid matching signature and checksum files.
* Update standards version to 3.9.1 (no changes required).
Checksums-Sha1:
3ea2fdc7cee89ef6796d4444df92a616b24824c5 1712 xml-security-c_1.6.1-1~bpo60+1.dsc
239304659752eb214f3516b6c457c99f0e6467c7 864366 xml-security-c_1.6.1.orig.tar.gz
6165b59749a01705c4873def88eb229228d1062b 7347 xml-security-c_1.6.1-1~bpo60+1.debian.tar.gz
a37260cf35ddeb34f930ee511cfc8ecfca577e5c 382694 libxml-security-c16_1.6.1-1~bpo60+1_i386.deb
66a3e79060c3d4585c0fd89121c73a2a5dfc67b2 150484 libxml-security-c-dev_1.6.1-1~bpo60+1_i386.deb
Checksums-Sha256:
c5c3f63b2046276aa3a70cf463e2c7b80456b6c7daa10002fc9629624771050f 1712 xml-security-c_1.6.1-1~bpo60+1.dsc
73931a55d6925a82416ea48f8d6f1b8ed591368e1dfc30574fe43904b7c62fcd 864366 xml-security-c_1.6.1.orig.tar.gz
2e38ea43a95b58b40d2133817820e37d37aebc9af6ca1e35284ef75e43533cf8 7347 xml-security-c_1.6.1-1~bpo60+1.debian.tar.gz
52a39d3f438e5f36ac7d3aa8d87bc3cc0703bae77ceec22fa42cb333ea443b48 382694 libxml-security-c16_1.6.1-1~bpo60+1_i386.deb
c32724d26b0b2572b3cdb3d71eb4fa2069e6bf8fd7b370f16325903b666a1ebb 150484 libxml-security-c-dev_1.6.1-1~bpo60+1_i386.deb
Files:
f6c00ae592e93c9ca16e379d68a9cec9 1712 libs extra xml-security-c_1.6.1-1~bpo60+1.dsc
808316c80a7453b6d50a0bceb7ebe9bc 864366 libs extra xml-security-c_1.6.1.orig.tar.gz
0e2086a069f2c1ffa6a09bd62fc493c2 7347 libs extra xml-security-c_1.6.1-1~bpo60+1.debian.tar.gz
65accd97a6bfdf707e322c6180c1c44f 382694 libs extra libxml-security-c16_1.6.1-1~bpo60+1_i386.deb
6f00b93ebbeb763729981ef76e560336 150484 libdevel extra libxml-security-c-dev_1.6.1-1~bpo60+1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBCAAGBQJOqfZjAAoJEH2AMVxXNt51KzEH/1JXDp2g4rGlxLVYu79KRrY/
XZV/WSbYRdDy9hNvrM7ylJeJPAs1DTmNdcLAgU004Riivnv40q3EoyH4f2tQyTBN
EzdPulBbox94gkscHHWUA9rMI0YFNGeQYP4DFIDez91oGEVCrV5LSKSz+AZot7T5
FopwWM8D3ALlgqfKMaeZvSwJ4LrnGrtm/bs8Z7FGnc9yspaaNwNAnuPbvpK5DGB2
eNmmkdgNiVPKny/L+9k+eGxhbjzrHxRWNOuE+uutEczOVoeu22erDxXQw/un5PQp
Qf+O6CzYWoCk0E/FMFVPVvFULytBENLWbSjamnZkmXEHcJ2pC36zuP7oSM2HD28=
=j2Oz
-----END PGP SIGNATURE-----
Accepted:
libxml-security-c-dev_1.6.1-1~bpo60+1_i386.deb
to main/x/xml-security-c/libxml-security-c-dev_1.6.1-1~bpo60+1_i386.deb
libxml-security-c16_1.6.1-1~bpo60+1_i386.deb
to main/x/xml-security-c/libxml-security-c16_1.6.1-1~bpo60+1_i386.deb
xml-security-c_1.6.1-1~bpo60+1.debian.tar.gz
to main/x/xml-security-c/xml-security-c_1.6.1-1~bpo60+1.debian.tar.gz
xml-security-c_1.6.1-1~bpo60+1.dsc
to main/x/xml-security-c/xml-security-c_1.6.1-1~bpo60+1.dsc
xml-security-c_1.6.1.orig.tar.gz
to main/x/xml-security-c/xml-security-c_1.6.1.orig.tar.gz
Reply to: