Commit graph

23 commits

Author SHA1 Message Date
ryoon
a1a1d3360a Remove required version 2018-04-30 06:52:06 +00:00
ryoon
9444e74415 Revert previous security/openssl is 1.0
Pointed by wiz@, thank you.
2018-04-30 06:50:58 +00:00
ryoon
1826aedfab Fix build with OpenSSL 1.1
* From Fedora's xml-security-c-1.7.3_openssl1.1.patch
* Use OpenSSL 1.1 with BUILDLINK_API_DEPENDS
2018-04-30 05:25:24 +00:00
joerg
7ae3f50e21 Do not use false as pointer. 2017-09-23 15:30:01 +00:00
abs
59ade816e7 Update USE_LANGUAGES from "c c++" to "c c++11" 2017-09-17 09:33:59 +00:00
ryoon
1018597813 Update to 1.7.3
Changelog:
Bug

    [SANTUARIO-378] - xml-security-c cannot initialise on a Windows system with mandatory user profiles
    [SANTUARIO-380] - Avoid use of PATH_MAX where possible
    [SANTUARIO-381] - Spelling error in xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp
    [SANTUARIO-384] - OpenSSLCryptoKeyEC::signBase64SignatureDSA fails most of time
    [SANTUARIO-400] - Buffer overwrite in WinCAPICryptoSymmetricKey::encrypt() (WinCAPICryptoSymmetricKey.cpp)
    [SANTUARIO-409] - Win32 unicode build breaks due to wchar_t * passed to GetProcAddress()
    [SANTUARIO-426] - xml-security-c-1.7.3 not getting build on AIX with xerces-c-3.1.2

Improvement

    [SANTUARIO-386] - Spec file patch to add RHEL7 support
2016-10-09 03:17:18 +00:00
jperkin
17661ff9a5 Bump PKGREVISION for security/openssl ABI bump. 2016-03-05 11:27:40 +00:00
agc
5293710fb4 Add SHA512 digests for distfiles for security category
Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 01:17:40 +00:00
tron
c64e9eb269 Recursive PKGREVISION bump for OpenSSL API version bump. 2014-02-12 23:18:26 +00:00
obache
05b9a5045c Update xml-security-c to 1.7.2.
Changes since 1.7.0
=====================================
* Fixes for CVE-2013-2153, CVE-2013-2154, CVE-2013-2155, CVE-2013-2156
* Reduced entity expansion limits when parsing

Changes since 1.6.1
=====================================
* [SANTUARIO-314] - AES-GCM support
* [SANTUARIO-315] - XML Encryption 1.1 OAEP enhancements

Changes since 1.6.0
=====================================
* [SANTUARIO-268] - TXFMXPathFilter->evaluateExpr crashes on Windows
* [SANTUARIO-270] - DSIGObject::load method crashes for ds:Object without Id attribute
* [SANTUARIO-271] - Bug when signing files with big RSA keys
* [SANTUARIO-272] - Memory bug inside XENCCipherImpl::deSerialise
* [SANTUARIO-274] - Function cleanURIEscapes always throws XSECException, when any escape sequence occurs
* [SANTUARIO-275] - Function isHexDigit doesn't recognize invalid escape sequences.
* [SANTUARIO-276] - Percent-encoded multibyte (UTF-8) sequences unrecognized
* [SANTUARIO-280] - RSA-OAEP handler only allows SHA-1 digests

Changes since 1.5.1
=====================================
* Fix for bug#43964, wrong namespace in encryption DigestMethod (SC)
* Fix for bug#48676, RetrievalMethod handler (SC)
* Fix for bug#45867, support for >1 CRL per KeyInfo (SC)
* Fix for bug#49148, buffer initialization issue (SC)
* Fix for bug#49255, vector index bug (SC)
* Fix for bug#49257, stylesheet append bug (SC)
* Fix for bug#49260, header guard in XPath transform header (SC)
* Fix for bug#49264, string release crash (SC)
* Fix for bug#44983, improper c14n of XSLT (SC)
* Fix for bug#49289, setters for Reference Type/Id (SC)
* Fix for bug#49371, skip comments in X509Certificate elements (SC)
* Fix for bug#49459, more header guards (SC)
* Fix for bug#49660, NSS verification of RSA broken (SC)
* Expose algorithm URI on Signature and Reference objects (SC)
* White/blacklisting of otherwise registered algorithms (SC)
* Add selected XML Signature 1.1 KeyInfo extensions (SC)
* Add elliptic curve keys and signatures via ECDSA (SC)
* Support debugging of Reference/SignedInfo data (SC)
* Clean up tests for SHA2 algorithms in OpenSSL (SC)
* Updated autoconf script, added NSS support, removed pre-automake material (SC)
* Add methods for Reference removal to DSIGSignature/DSIGSignedInfo classes (SC)

Changes between 1.5 and 1.5.1
=====================================
* Fix for bug#47353 in c14n of default namespaces (SC)
* Fix Sparc compilation bug (SC)
* Fix for CVE-2009-0217 (SC)

Changes between version 1.4 and 1.5
=====================================
* Make SHA-1 the implicit default DigestMethod for RSA-OAEP
  key transport, allowing for interop until broken impls are fixed (SC)
* Fix memory leak in OpenSSL RSA/DSA key cloning (SC)
* Expose KeyInfo extensions via DOM (SC)
* Fix c14n to omit standard xmlns:xml declarations (SC)
* Add partial support for Inclusive C14N 1.1 with regard to xml:id but not xml:base (SC)
* Finish port to Xerces 3.0 (SC)
* 64-bit API changes (SC)
* Add VC9 build files (SC)

Changes between version 1.3.1 and 1.4
=====================================
* Fix exclusive c14n namespace bug (rev. 526939) (BL)
* Add const specifiers and methods to various classes (SC)
* Add better extraction of openssl build settings using pkg-config (SC)
* Fix XSECnew macro to stop catching arbitrary errors and report
  crypto exceptions instead of turning them into allocation errors (SC)
* Add various missing files to dist target (SC)

Changes between version 1.3 and 1.3.1
=====================================

* Refactor NIX build to use automake and libtool
* Initial support for API changes in Xerces 3.0
* Fix bug in autconf that would stop proper detection of Xerces
  ability to set Id attributes
* Fix bug 40085 - incorrect OIDs on non SHA1 based RSA signatures.
* Update support for non SHA1 based RSA signatures
* Remove redundant code from SignedInfo that was preventing the
  library from loading signatures it did not have an algorithm hard
  wired for
* Fix bug in envelope transform when input nodeset is a document
  fragment rather than the entire document and the canonicalisation
  uses a namespace that was not defined directly in the fragment
* Fix bug in DSIGXPathFilterExpr where m_loaded was not initialised
  potentially causing an exception when an XPath expression was loaded
  reported by Ralf "Sabo" Saborowski.

Changes between version 1.2.1 and 1.3
=====================================

* Performance improvements in canonicalisation
* Implemented algorithm handlers for the digital signature classes,
  to provide algorithm extensibility
* Update signature classes to pass in requested algorithms as URIs
  rather than enums.  Enum based methods are now  deprecated.
* Fix memory leaks in OpenSSL wrapping code
* Provide ability for calling application to define whether
  references are interlocking.
* Provide some stability if the Apache keystore is corrupted under Windows.
* Initial import of beta NSS crypto support
* Complete implementation of XKMS message set
* Methods to allow loading of encrypted data without doing decrypt
  and to process a decrypt/encrypt operation without replacing the
  original nodes
* Provide  MS VC++ 2005 project files
* Fix bug when encrypting small input docs
* Implement checks for broken OpenSSL support under Solaris 10
* Add --with-xalan, --with-openssl, --with-xerces and
  --enable-warnerror flags in configure
* Configure now detects if Xalan is installed rather than having
  XALANCROOT being a pointer to the compile directory
- Reorder hashing in DSIGReference.cpp as per suggestion by Peter Gubis
- Update microsoft project files to reflect new version as per Scott Cantor
- Replace setAttribute with setAttributeNS calls
- Add methods to OpenSSL classes to extract OpenSSL objects
- Fix handling of libcrypto on Solaris platform
- Fix bug in Canoncicalisation courtesy of Scott Cantor

Changes between version 1.2 and 1.2.1
=====================================

* Fixed library versions in Windows builds (were being generated as 1.1)
* Added "No Xalan" builds for xklient under Windows VC6.0
* Added "No Xalan" builds for all projects in VC 7.0


Changes between version 1.1 and 1.2
===================================

* Started a changelog :>
* Remove MFC dependency and clean up memory debugging
* Remove dynamic_casts and RTTI requirement
* Implemented XKMS Message generation and processing
* Implemented command line XKMS tool for generating and dumping XKMS messages
* Support for DESTDIR as provided by ville.skytta@iki.fi in Bugzilla 28520
* Update to Apache licence 2.0.
* Add support for SHA224/256/384/512 (requires OpenSSL 0.9.8 Beta)
* Patch for Mac OS X compile - provided by Scott Cantor - cantor.2@osu.edu - See Bugzilla #34920
* Updates to compile against Xalan 1.9
* Backport to compile with Xerces 2.1
* Fix bug with NULL pointer when validating or signing empty reference lists - fix as suggested by Jesse Pelton <jsp@PKC.com> on 23 March 2005 on security-dev@xml
* Provided support for nominating namespace based Id attributes
* Change to allow apps to calculate and obtain signed info hash - from Eckehard.Hermann@softwareag.com - see email of 2 March 2005 on security-dev@xml
* Patch for long RSA keys provided by Michael Braunoeder - michael@mib.priv.at to security-dev@xml on 16 Nov 2005
* Memory leak in OpenSSLCryptoBase64 reported by Jesse Pelton fixed.
* Move to internal Base64 decoder in a number of methods to handle non-wrapping data
* Resize buffer in OpenSSLCryptoKeyRSA for larger RSA keys - as submitted by Vadim Ismailov <worndown@gmail.com> 3 December 2005
* Remove redundant m_keyType class variable from OpenSSLCryptoKeyRSA as reported by Jesse Pelton (jsp@pkc.com) on security-dev@xml
* Don't throw an exception when an RSA decrypt fails during sig validation - this is a failed validate, not an error
* Shutdown OpenSSL properly - as suggested by Jesse Pelton <jsp@PKC.com> in e-mail to security-dev@xml on 9 March 2005
* Changed scope of WinCapiCryptoKey::importKey() from private to public. It returns key now, instead of void.
* Fix problem in Windows CAPI where XSEC doesn't work if user doesn't have admin rights.
* Bug fix in Windows CAPI code for some W2K machines - reported by Andrzej Matejko 4/5/2004
* Fix build on non WINCAPI systems, as reported by Milan Tomic on 22/4/2004
* New constructor added to WinCapiX509
* Fixed Bug in encode() XSCryptCryptoBase64.
* Fix bug in XPathFilter transform when checking if an attribute is in the input node set.
* Fix bug in in UTF transcoder for counting of transcoded characters (count characters not bytes) reported by Milan Tomic
* Move function definitions in the Windows BinInput stream class to static to avoid conflicts with Xerces.  As suggested by Jesse Pelton <jsp@PKC.com> on 2 Feb 2005 in security-dev@xml
* Added complete KeyInfo handling for XENCEncryptedType
* Fix to stop re-use of derived key encrypting key when decrypting multiple elements in a document
* Fix to ignore encryption exceptions during a private key decrypt
* Add code to detect ASN.1 encoded DSA signatures and validate accordingly
2013-09-10 11:42:52 +00:00
rodent
76e83cbf5c Various MASTER_SITES-related fixes. 2013-04-06 14:09:32 +00:00
jperkin
becd113253 PKGREVISION bumps for the security/openssl 1.0.1d update. 2013-02-06 23:20:50 +00:00
asau
1a433eae91 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 18:16:19 +00:00
pettai
f62a56a836 Changes since 1.6.0:
* [SANTUARIO-268] - TXFMXPathFilter->evaluateExpr crashes on Windows
* [SANTUARIO-270] - DSIGObject::load method crashes for ds:Object without Id att
ribute
* [SANTUARIO-271] - Bug when signing files with big RSA keys
* [SANTUARIO-272] - Memory bug inside XENCCipherImpl::deSerialise
* [SANTUARIO-274] - Function cleanURIEscapes always throws XSECException, when a
ny escape sequence occurs
* [SANTUARIO-275] - Function isHexDigit doesn't recognize invalid escape sequenc
es.
* [SANTUARIO-276] - Percent-encoded multibyte (UTF-8) sequences unrecognized
* [SANTUARIO-280] - RSA-OAEP handler only allows SHA-1 digests
2011-07-28 23:33:31 +00:00
wiz
e2f84ad43f Reset maintainer for retired developers. 2011-02-28 14:52:37 +00:00
adam
017a4783d5 Changes 1.6.0:
* Fix: wrong namespace in encryption DigestMethod
* Fix: RetrievalMethod handler
* Fix: support for >1 CRL per KeyInfo
* Fix: buffer initialization issue
* Fix: vector index bug
* Fix: stylesheet append bug
* Fix: header guard in XPath transform header
* Fix: string release crash
* Fix: improper c14n of XSLT
* Fix: setters for Reference Type/Id
* Fix: skip comments in X509Certificate elements
* Fix: more header guards
* Fix: NSS verification of RSA broken
* Expose algorithm URI on Signature and Reference objects
* White/blacklisting of otherwise registered algorithms
* Add selected XML Signature 1.1 KeyInfo extensions
* Add elliptic curve keys and signatures via ECDSA
* Support debugging of Reference/SignedInfo data
* Clean up tests for SHA2 algorithms in OpenSSL
* Updated autoconf script, added NSS support, removed pre-automake material
* Add methods for Reference removal to DSIGSignature/DSIGSignedInfo classes
2011-02-23 09:02:07 +00:00
obache
880707dc5b Bump PKGREVISION from icu shlib major bump. 2010-12-17 07:36:08 +00:00
wiz
579796a3e5 Recursive PKGREVISION bump for jpeg update to 8. 2010-01-17 12:02:03 +00:00
obache
3b11655430 recursive bump for icu shlib version change except already done. 2009-08-12 02:31:18 +00:00
hasso
3d84da253a Update to 1.5.1. No detailed changelog, but from announcements:
1.5.1 release provides some bug fixes and a fix for the recently announced
HMAC vulnerability in the XML Signature specification (CVE-2009-0217).

1.5.0 release provides more bug fixes, partial support for Inclusive
Canonicalization 1.1, and support for the Xerces 3.x official release and
32/64-bit portability APIs.
2009-07-24 20:33:16 +00:00
joerg
f0bbd1517d Remove @dirrm entries from PLISTs 2009-06-14 18:13:25 +00:00
hasso
3c370e2a3e More license info to my packages. 2009-06-08 19:11:30 +00:00
hasso
62327be05f XML Security is an C++ implementation of the W3C digital signature
specification that makes it possible for programmers to create and
validate signed XML documents.
2009-05-10 12:23:36 +00:00