Changelog:
Bug
[SANTUARIO-378] - xml-security-c cannot initialise on a Windows system with mandatory user profiles
[SANTUARIO-380] - Avoid use of PATH_MAX where possible
[SANTUARIO-381] - Spelling error in xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp
[SANTUARIO-384] - OpenSSLCryptoKeyEC::signBase64SignatureDSA fails most of time
[SANTUARIO-400] - Buffer overwrite in WinCAPICryptoSymmetricKey::encrypt() (WinCAPICryptoSymmetricKey.cpp)
[SANTUARIO-409] - Win32 unicode build breaks due to wchar_t * passed to GetProcAddress()
[SANTUARIO-426] - xml-security-c-1.7.3 not getting build on AIX with xerces-c-3.1.2
Improvement
[SANTUARIO-386] - Spec file patch to add RHEL7 support
Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
Changes since 1.7.0
=====================================
* Fixes for CVE-2013-2153, CVE-2013-2154, CVE-2013-2155, CVE-2013-2156
* Reduced entity expansion limits when parsing
Changes since 1.6.1
=====================================
* [SANTUARIO-314] - AES-GCM support
* [SANTUARIO-315] - XML Encryption 1.1 OAEP enhancements
Changes since 1.6.0
=====================================
* [SANTUARIO-268] - TXFMXPathFilter->evaluateExpr crashes on Windows
* [SANTUARIO-270] - DSIGObject::load method crashes for ds:Object without Id attribute
* [SANTUARIO-271] - Bug when signing files with big RSA keys
* [SANTUARIO-272] - Memory bug inside XENCCipherImpl::deSerialise
* [SANTUARIO-274] - Function cleanURIEscapes always throws XSECException, when any escape sequence occurs
* [SANTUARIO-275] - Function isHexDigit doesn't recognize invalid escape sequences.
* [SANTUARIO-276] - Percent-encoded multibyte (UTF-8) sequences unrecognized
* [SANTUARIO-280] - RSA-OAEP handler only allows SHA-1 digests
Changes since 1.5.1
=====================================
* Fix for bug#43964, wrong namespace in encryption DigestMethod (SC)
* Fix for bug#48676, RetrievalMethod handler (SC)
* Fix for bug#45867, support for >1 CRL per KeyInfo (SC)
* Fix for bug#49148, buffer initialization issue (SC)
* Fix for bug#49255, vector index bug (SC)
* Fix for bug#49257, stylesheet append bug (SC)
* Fix for bug#49260, header guard in XPath transform header (SC)
* Fix for bug#49264, string release crash (SC)
* Fix for bug#44983, improper c14n of XSLT (SC)
* Fix for bug#49289, setters for Reference Type/Id (SC)
* Fix for bug#49371, skip comments in X509Certificate elements (SC)
* Fix for bug#49459, more header guards (SC)
* Fix for bug#49660, NSS verification of RSA broken (SC)
* Expose algorithm URI on Signature and Reference objects (SC)
* White/blacklisting of otherwise registered algorithms (SC)
* Add selected XML Signature 1.1 KeyInfo extensions (SC)
* Add elliptic curve keys and signatures via ECDSA (SC)
* Support debugging of Reference/SignedInfo data (SC)
* Clean up tests for SHA2 algorithms in OpenSSL (SC)
* Updated autoconf script, added NSS support, removed pre-automake material (SC)
* Add methods for Reference removal to DSIGSignature/DSIGSignedInfo classes (SC)
Changes between 1.5 and 1.5.1
=====================================
* Fix for bug#47353 in c14n of default namespaces (SC)
* Fix Sparc compilation bug (SC)
* Fix for CVE-2009-0217 (SC)
Changes between version 1.4 and 1.5
=====================================
* Make SHA-1 the implicit default DigestMethod for RSA-OAEP
key transport, allowing for interop until broken impls are fixed (SC)
* Fix memory leak in OpenSSL RSA/DSA key cloning (SC)
* Expose KeyInfo extensions via DOM (SC)
* Fix c14n to omit standard xmlns:xml declarations (SC)
* Add partial support for Inclusive C14N 1.1 with regard to xml:id but not xml:base (SC)
* Finish port to Xerces 3.0 (SC)
* 64-bit API changes (SC)
* Add VC9 build files (SC)
Changes between version 1.3.1 and 1.4
=====================================
* Fix exclusive c14n namespace bug (rev. 526939) (BL)
* Add const specifiers and methods to various classes (SC)
* Add better extraction of openssl build settings using pkg-config (SC)
* Fix XSECnew macro to stop catching arbitrary errors and report
crypto exceptions instead of turning them into allocation errors (SC)
* Add various missing files to dist target (SC)
Changes between version 1.3 and 1.3.1
=====================================
* Refactor NIX build to use automake and libtool
* Initial support for API changes in Xerces 3.0
* Fix bug in autconf that would stop proper detection of Xerces
ability to set Id attributes
* Fix bug 40085 - incorrect OIDs on non SHA1 based RSA signatures.
* Update support for non SHA1 based RSA signatures
* Remove redundant code from SignedInfo that was preventing the
library from loading signatures it did not have an algorithm hard
wired for
* Fix bug in envelope transform when input nodeset is a document
fragment rather than the entire document and the canonicalisation
uses a namespace that was not defined directly in the fragment
* Fix bug in DSIGXPathFilterExpr where m_loaded was not initialised
potentially causing an exception when an XPath expression was loaded
reported by Ralf "Sabo" Saborowski.
Changes between version 1.2.1 and 1.3
=====================================
* Performance improvements in canonicalisation
* Implemented algorithm handlers for the digital signature classes,
to provide algorithm extensibility
* Update signature classes to pass in requested algorithms as URIs
rather than enums. Enum based methods are now deprecated.
* Fix memory leaks in OpenSSL wrapping code
* Provide ability for calling application to define whether
references are interlocking.
* Provide some stability if the Apache keystore is corrupted under Windows.
* Initial import of beta NSS crypto support
* Complete implementation of XKMS message set
* Methods to allow loading of encrypted data without doing decrypt
and to process a decrypt/encrypt operation without replacing the
original nodes
* Provide MS VC++ 2005 project files
* Fix bug when encrypting small input docs
* Implement checks for broken OpenSSL support under Solaris 10
* Add --with-xalan, --with-openssl, --with-xerces and
--enable-warnerror flags in configure
* Configure now detects if Xalan is installed rather than having
XALANCROOT being a pointer to the compile directory
- Reorder hashing in DSIGReference.cpp as per suggestion by Peter Gubis
- Update microsoft project files to reflect new version as per Scott Cantor
- Replace setAttribute with setAttributeNS calls
- Add methods to OpenSSL classes to extract OpenSSL objects
- Fix handling of libcrypto on Solaris platform
- Fix bug in Canoncicalisation courtesy of Scott Cantor
Changes between version 1.2 and 1.2.1
=====================================
* Fixed library versions in Windows builds (were being generated as 1.1)
* Added "No Xalan" builds for xklient under Windows VC6.0
* Added "No Xalan" builds for all projects in VC 7.0
Changes between version 1.1 and 1.2
===================================
* Started a changelog :>
* Remove MFC dependency and clean up memory debugging
* Remove dynamic_casts and RTTI requirement
* Implemented XKMS Message generation and processing
* Implemented command line XKMS tool for generating and dumping XKMS messages
* Support for DESTDIR as provided by ville.skytta@iki.fi in Bugzilla 28520
* Update to Apache licence 2.0.
* Add support for SHA224/256/384/512 (requires OpenSSL 0.9.8 Beta)
* Patch for Mac OS X compile - provided by Scott Cantor - cantor.2@osu.edu - See Bugzilla #34920
* Updates to compile against Xalan 1.9
* Backport to compile with Xerces 2.1
* Fix bug with NULL pointer when validating or signing empty reference lists - fix as suggested by Jesse Pelton <jsp@PKC.com> on 23 March 2005 on security-dev@xml
* Provided support for nominating namespace based Id attributes
* Change to allow apps to calculate and obtain signed info hash - from Eckehard.Hermann@softwareag.com - see email of 2 March 2005 on security-dev@xml
* Patch for long RSA keys provided by Michael Braunoeder - michael@mib.priv.at to security-dev@xml on 16 Nov 2005
* Memory leak in OpenSSLCryptoBase64 reported by Jesse Pelton fixed.
* Move to internal Base64 decoder in a number of methods to handle non-wrapping data
* Resize buffer in OpenSSLCryptoKeyRSA for larger RSA keys - as submitted by Vadim Ismailov <worndown@gmail.com> 3 December 2005
* Remove redundant m_keyType class variable from OpenSSLCryptoKeyRSA as reported by Jesse Pelton (jsp@pkc.com) on security-dev@xml
* Don't throw an exception when an RSA decrypt fails during sig validation - this is a failed validate, not an error
* Shutdown OpenSSL properly - as suggested by Jesse Pelton <jsp@PKC.com> in e-mail to security-dev@xml on 9 March 2005
* Changed scope of WinCapiCryptoKey::importKey() from private to public. It returns key now, instead of void.
* Fix problem in Windows CAPI where XSEC doesn't work if user doesn't have admin rights.
* Bug fix in Windows CAPI code for some W2K machines - reported by Andrzej Matejko 4/5/2004
* Fix build on non WINCAPI systems, as reported by Milan Tomic on 22/4/2004
* New constructor added to WinCapiX509
* Fixed Bug in encode() XSCryptCryptoBase64.
* Fix bug in XPathFilter transform when checking if an attribute is in the input node set.
* Fix bug in in UTF transcoder for counting of transcoded characters (count characters not bytes) reported by Milan Tomic
* Move function definitions in the Windows BinInput stream class to static to avoid conflicts with Xerces. As suggested by Jesse Pelton <jsp@PKC.com> on 2 Feb 2005 in security-dev@xml
* Added complete KeyInfo handling for XENCEncryptedType
* Fix to stop re-use of derived key encrypting key when decrypting multiple elements in a document
* Fix to ignore encryption exceptions during a private key decrypt
* Add code to detect ASN.1 encoded DSA signatures and validate accordingly
1.5.1 release provides some bug fixes and a fix for the recently announced
HMAC vulnerability in the XML Signature specification (CVE-2009-0217).
1.5.0 release provides more bug fixes, partial support for Inclusive
Canonicalization 1.1, and support for the Xerces 3.x official release and
32/64-bit portability APIs.
