-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 21 Mar 2019 17:42:43 +0100 Source: xmltooling Binary: libxmltooling8 libxmltooling-dev xmltooling-schemas libxmltooling-doc Architecture: source i386 all Version: 3.0.4-1~bpo9+1 Distribution: stretch-backports Urgency: high Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org> Changed-By: Etienne Dysli Metref <etienne.dysli-metref@switch.ch> Description: libxmltooling-dev - C++ XML parsing library with encryption support (development) libxmltooling-doc - C++ XML parsing library with encryption support (API docs) libxmltooling8 - C++ XML parsing library with encryption support (runtime) xmltooling-schemas - XML schemas for XMLTooling Closes: 859831 915820 924346 Changes: xmltooling (3.0.4-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. * [89e1b1e] Require Xerces-C 3.2 * [b93628c] Stay with OpenSSL 1.0. Since libcurl in stretch is built against OpenSSL 1.0, we have to use the same version. Revert "Enable building with OpenSSL 1.1" This reverts commit cb6df2ad67dccc66884bcd86ba8d9eebdac58813. . xmltooling (3.0.4-1) unstable; urgency=high . * [f185b26] New upstream security release: 3.0.4 DSA-4407-1, CVE-2019-9628: uncaught exception on malformed XML declaration. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker. https://shibboleth.net/community/advisories/secadv_20190311.txt https://issues.shibboleth.net/jira/browse/CPPXT-143 Thanks to Scott Cantor (Closes: #924346) . xmltooling (3.0.3-1) unstable; urgency=medium . [ Ferenc Wágner ] * [d7405e9] New upstream release: 3.0.3 * [58fafb7] Drop the patches, they are included in upstream 3.0.3 * [97b5311] Update Standards-Version to 4.3.0 (no changes required). . [ Pino Toscano ] * [36d1972] Declare zlib1g-dev build dependency (Closes: #915820) . xmltooling (3.0.2-2) unstable; urgency=medium . * [bc7d7bc] Update Standards-Version to 4.2.1 (no changes required) * [4ad9127] Cherry pick upstream patches fixing build with OpenSSL 1.1.1 * [b774ae2] The --enable-debug switch activates additional tracing code. It does not influence the optimization level. * Upload to unstable . xmltooling (3.0.2-1) experimental; urgency=medium . * [263b9d1] New upstream release: 3.0.2 * [6ffad35] All of our patches were included upstream * [dc188aa] Update Standards-Version to 4.1.5 (no changes required) * [1dbdaee] Switch to Debhelper compat level 11 * [8a38bae] Stop repeating the common part of the package descriptions * [ec0997b] Multiarch doesn't need Pre-Depends anymore * [e33065c] Rename library package according to the new soversion * [cb6df2a] Enable building with OpenSSL 1.1 (Closes: #859831) * [49b8ca9] Revert "Provide a GCC 7 build with strict enough shlibs" The GCC7 switchover is long done, this constraint isn't needed anymore. * [c5f26c9] Update debian/copyright * [5099fb1] Shibboleth SP 3 requires XML-Security 2 and log4shib 2 * [65857d6] We do not ship the libtool archive files. But upstream installs them now to support make uninstall. * [d5d3966] Clean up trailing whitespace in debian/changelog * [b4e7f10] Our headers include Boost headers Checksums-Sha1: 278405a15667b3a5d254d67f6399d8afc2b070d8 2743 xmltooling_3.0.4-1~bpo9+1.dsc 67304b55053bcdc7ca2f3591ba16f316d23517b2 53200 xmltooling_3.0.4-1~bpo9+1.debian.tar.xz 2c693048b92befeacfcec6ce4b109b55a2d1e8c0 79220 libxmltooling-dev_3.0.4-1~bpo9+1_i386.deb 1a9abec79711f12b88220f5348e1b3e6492f71d1 5367676 libxmltooling-doc_3.0.4-1~bpo9+1_all.deb 55569b5fed774f751e3df969ce41c16e1bf8b27b 9200520 libxmltooling8-dbgsym_3.0.4-1~bpo9+1_i386.deb dfe11256ed998b945e9ef0dd645452e2e1cf757a 607180 libxmltooling8_3.0.4-1~bpo9+1_i386.deb 0859d2425acfbcb8d9d9800daa4afdb6954a7009 20742 xmltooling-schemas_3.0.4-1~bpo9+1_all.deb 10e4d5df10d75fb807d2b2d3e41083f58273cca5 10333 xmltooling_3.0.4-1~bpo9+1_i386.buildinfo Checksums-Sha256: fd86648130c17b6fa3ebc843e1b2315219082c44c7614768276b6913146ee41e 2743 xmltooling_3.0.4-1~bpo9+1.dsc 449c856b58be7f2ed2dadd14b5f7aca5945379eb662758d6a1407e497c7dcc35 53200 xmltooling_3.0.4-1~bpo9+1.debian.tar.xz 8e0709d87c7b1ef70f46de0ef1827dc99af9e4855da490f1ca661bd0786f5a06 79220 libxmltooling-dev_3.0.4-1~bpo9+1_i386.deb bc3cdfda40c193372f545c78b8cf01b90e363af6ed59baafeb138c6eee73204b 5367676 libxmltooling-doc_3.0.4-1~bpo9+1_all.deb 73d4606b2c22fccbe6d1c06f3a3da39c8dd8251c68a2872b0b663f9ab5472b09 9200520 libxmltooling8-dbgsym_3.0.4-1~bpo9+1_i386.deb f7e4cdafa952a96420d28e3e64803855263c2a5763e6837974fe6f080674c581 607180 libxmltooling8_3.0.4-1~bpo9+1_i386.deb c8c26faae050bd9e15844c2741b0d8a2a6f8e559512519e6b7f9abf1741038f7 20742 xmltooling-schemas_3.0.4-1~bpo9+1_all.deb a1cf2b5c08a5421899d70e33f8b397099be88e5e3438831bc0e919f86dc270e1 10333 xmltooling_3.0.4-1~bpo9+1_i386.buildinfo Files: d94b7e0cf831dae7f8526664881add76 2743 libs optional xmltooling_3.0.4-1~bpo9+1.dsc 41495e6a81b0acc83e8f27d7569b8dc9 53200 libs optional xmltooling_3.0.4-1~bpo9+1.debian.tar.xz 045f9051736cf4b4865c43daf0f9a62e 79220 libdevel optional libxmltooling-dev_3.0.4-1~bpo9+1_i386.deb 710200203d380da9bfc01de188d64a21 5367676 doc optional libxmltooling-doc_3.0.4-1~bpo9+1_all.deb 4eeacd58c64c84e831f7f27cb8fabf35 9200520 debug optional libxmltooling8-dbgsym_3.0.4-1~bpo9+1_i386.deb f46510a50dc2a53b58aff99942089934 607180 libs optional libxmltooling8_3.0.4-1~bpo9+1_i386.deb ab54a1f64e5894bc786f7ab8c2bce85c 20742 text optional xmltooling-schemas_3.0.4-1~bpo9+1_all.deb 4ee87cf26ef33bd40166ac57a95e15fe 10333 libs optional xmltooling_3.0.4-1~bpo9+1_i386.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAlykwT0ACgkQOsj3Fkd+ 2yNciw//SjeYXirho88A+UF9QrcFBwH33nV+/bcB3G6W2ruLYSarzWot46/1dZpF OVidRiVT5jrQHekdmWsdCGjCLf6I8W0sKZGqf2lXWz8Nl/SluoBLBI0vEfvnniwp aF+ZJdgv2txDi9QVNhDfae7mvaRCy0lJd2r9GL0ut2oBkky/GI2pWHPBEF0QTfuF Pp7OUuhrZa2WX6wyQNocOvNcCeHeiBpcpHS4uMOhV0YjpKhHZ7NY9Zj4FKG9Nzmh ueqslmK77gNv9vnQxDUpfYQACrE5BRSy6vQGib0J9DlQGiPpoPENW3hJtYecwOwB jH1yURFeXzuqIMJdUJw4yGX6KBTPCLNISJxzT82l2B0Rhxl/R8BWYXWa4KH4Lt5n fkj0Uvt38V4ccTKv0bVlOeMEARGDIoFbqfIhm5JwSvOXjPHkYcmduyiOJhHKI17z zohwVvNW4EdFldsuLUH69/0UFXzSzfM1jlJAtb7fRq1R7AkUfKaVw86pKOndOJTT PsgzXVk2YvOlqYaVSVbSbNHHTBQgjTa4jHePH6CTeNByt5HtEwXvFwJaKBoi4wwN 6xiUlZPuarB16nF/RNA3pXwi4zD0KgucSVzwSPC4+TVsxToHEW58x0kgEQWeflob GEnTVPK6n6/4eql3rZPaOnCgSJEOpxG4/4Y3dJwjqxP2qFHduPw= =Oej6 -----END PGP SIGNATURE-----