Accepting request 1102129 from home:polslinux:branches:LibreOffice:Factory

- Update to 1.3.1:
  * core xmlsec and all xmlsec-crypto libraries:
    + (ABI breaking change) Added support for the KeyInfoReference Element.
    + (ABI breaking change) Switched xmlSecSize to use size_t by default.
      Use "--enable-size-t=no" configure option ("size_t=no" on Windows)
      to restore the old behaviour (note that support for xmlSecSize
      being different from size_t will be removed in the future).
    + (API breaking change) Changed the key search to strict mode: only
      keys referenced by KeyInfo are used. To restore the old "lax" mode,
      set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx
      or use '--lax-key-search' option for XMLSec command line utility.
    + (API breaking change) The KeyName element content is now trimmed
      before key search is performed.
    + (API breaking change) Disabled FTP support by default.
      Use "--enable-ftp" configure option to restore it. Also added
      "--enable-http" and "--enable-files" configure options to control
      support for loading files over HTTP or locally.
    + (API/ABI breaking change) Disabled MD5 digest method by default.
      Use "--enable-md5" configure options to re-enable MD5.
    + (ABI breaking change) Added "failureReason" file to xmlSecDSigCtx
      and xmlEncCtx to provide more granular operation failure reason.
    + (ABI breaking change) Removed deprecated functions.
    + Added support for loading keys through ossl-store interface.
      Also see '--privkey-openssl-store' and '--pubkey-openssl-store '
      command line options for XMLSec utility.
    + Added ability to control transforms binary chunk size to improve
      performance (see '--transform-binary-chunk-size' command line option
      for XMLSec utility).
    + Fixed all potentially unsafe integer conversions and all the
      other warnings.
    + Added XML Signature 1.1 interop (2012) and XML Encryption 1.1
      interop (2012) tests.
  * xmlsec-openssl library:
    + Added support for SHA3 digests.
    + Added support for ECDSA-SHA3 signatures.
    + Added support for RSA PSS signatures (withtout parameters).
    + Added support for ConcatKDF key and PBKDF2 derivation algorithms.
    + (ABI breaking change) Added support for ECDH-ES Key Agreement
      algorithm.
    + (ABI breaking change) Added support for DH-ES Key Agreement
      algorithm with explicit KDF.
    + Added support for MGF1 algorithm to RSA OAEP key transport.
    + Added support for X509Digest element and ability to lookup keys
      using other X509Data elements.
    + Added support for DEREncodedKeyValue element.
    + Automatically set key name from PKCS12 key name.
    + Removed support for OpenSSL 1.0.0 and LibreSSL before 2.7.0.
  * xmlsec-nss library:
    + Added support for RSA PSS signatures (withtout parameters).
    + Added support for RSA OAEP key transport including MGF1 algorithms.
    + Added support for AES GCM ciphers.
    + Added support for PBKDF2 derivation algorithm.
    + Added support for X509Digest element and ability to lookup keys
      using other X509Data elements.
    + Added support for DEREncodedKeyValue element.
    + Automatically set key name from PKCS12 key name.
  * xmlsec-gnutls library:
    + (API/ABI breaking change) Removed dependency on xmlsec-gcrypt
      and libgcrypt libraries (including API functions) to enable
      support for different GnuTLS backends.
    + Bumped minimal GnuTLS version to 3.6.13.
    + Added support for SHA3 digests.
    + Added support for ECDSA signatures.
    + Added support for DSA-SHA256 signatures.
    + Added support for RSA PSS signatures (withtout parameters).
    + Added support for RSA PKCS 1.5 key transport.
    + Added support for AES GCM ciphers.
    + Added support for PBKDF2 derivation algorithm.
    + Added support for X509Digest element and ability to lookup keys
      using other X509Data elements.
    + Added support for DEREncodedKeyValue element.
    + Automatically set key name from PKCS12 key name.
  * xmlsec-mscng library:
    + Added support for RSA PSS signatures (withtout parameters).
    + Added support for MGF1 algorithm to RSA OAEP key transport.
    + (ABI breaking change) Added support for ECDH-ES Key Agreement algorithm.
    + Added support for ConcatKDF key and PBKDF2 derivation algorithms.
    + Added support for X509Digest element for keys and certificates
      lookup from the system stores (only SHA1 is supported).
    + Added support for DEREncodedKeyValue element.
    + Automatically set key name from PKCS12 key name.
  * xmlsec-gcrypt library:
    + In maintenance mode starting from this release.
    + Added support for SHA3 digests.
    + Added support for ECDSA signatures.
    + Added support for RSA PSS signatures (withtout parameters).
    + Added support for RSA PKCS 1.5 key transport.
    + Added support for RSA OAEP key transport including MGF1 algorithms.
  * xmlsec command line utility:
    + (API breaking change) The XMLSec command line utility is using 'strict' key
      search mode by default. To restore the old 'lax' key search mode,
      use the new '--lax-key-search' option.
    + (API breaking change) The XMLSec command line utility is no longer
      prints detailed errors by default. To restore the detailed errors,
      use the new '--verbose' option.
    + Added '--transform-binary-chunk-size' option to control transforms
      binary chunk size (increasing the chunk size should improve
      performance at the expense of memory usage.
    + Added support for loading keys through ossl-store interface.
      Also see '--privkey-openssl-store' and '--pubkey-openssl-store'
      command line options for XMLSec utility.
    + Added '--enabled-key-info-reference-uris' option to control processing of
      the the KeyInfoReference Element.
    + Added '--pbkdf2-key' option for loading PBKDF2 keys.
    + Added '--concatkdf-key' option for loading ConcatKDF keys.
    + Added '--hmac-min-out-len' option to control the min accepted HMAC Output length.
    + Added '--pubkey-openssl-engine' option to load public keys from OpenSSL engine.
    + Added '--crl-pem' and '--crl-der' options to load CRLs.
    + Added '--verify-keys' option to verify key's certificate before
      loading into Keys Manager (only supported for OpenSSL currently).
    + Enabled templatized output filenames to facilitate batch operations on
      multiple input files.

OBS-URL: https://build.opensuse.org/request/show/1102129
OBS-URL: https://build.opensuse.org/package/show/LibreOffice:Factory/xmlsec1?expand=0&rev=50

xmlsec1-1.3.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:10f48384d4fd1afc05fea545b74fbf7c152582f0a895c189f164d55270400c63
+size 2432943

xmlsec1.changes

@@ -1,3 +1,119 @@
+-------------------------------------------------------------------
+Thu Aug  3 07:40:48 UTC 2023 - Paolo Stivanin <info@paolostivanin.com>
+
+- Update to 1.3.1:
+  * core xmlsec and all xmlsec-crypto libraries:
+    + (ABI breaking change) Added support for the KeyInfoReference Element.
+    + (ABI breaking change) Switched xmlSecSize to use size_t by default.
+      Use "--enable-size-t=no" configure option ("size_t=no" on Windows)
+      to restore the old behaviour (note that support for xmlSecSize
+      being different from size_t will be removed in the future).
+    + (API breaking change) Changed the key search to strict mode: only
+      keys referenced by KeyInfo are used. To restore the old "lax" mode,
+      set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx
+      or use '--lax-key-search' option for XMLSec command line utility.
+    + (API breaking change) The KeyName element content is now trimmed
+      before key search is performed.
+    + (API breaking change) Disabled FTP support by default.
+      Use "--enable-ftp" configure option to restore it. Also added
+      "--enable-http" and "--enable-files" configure options to control
+      support for loading files over HTTP or locally.
+    + (API/ABI breaking change) Disabled MD5 digest method by default.
+      Use "--enable-md5" configure options to re-enable MD5.
+    + (ABI breaking change) Added "failureReason" file to xmlSecDSigCtx
+      and xmlEncCtx to provide more granular operation failure reason.
+    + (ABI breaking change) Removed deprecated functions.
+    + Added support for loading keys through ossl-store interface.
+      Also see '--privkey-openssl-store' and '--pubkey-openssl-store '
+      command line options for XMLSec utility.
+    + Added ability to control transforms binary chunk size to improve
+      performance (see '--transform-binary-chunk-size' command line option
+      for XMLSec utility).
+    + Fixed all potentially unsafe integer conversions and all the
+      other warnings.
+    + Added XML Signature 1.1 interop (2012) and XML Encryption 1.1
+      interop (2012) tests.
+  * xmlsec-openssl library:
+    + Added support for SHA3 digests.
+    + Added support for ECDSA-SHA3 signatures.
+    + Added support for RSA PSS signatures (withtout parameters).
+    + Added support for ConcatKDF key and PBKDF2 derivation algorithms.
+    + (ABI breaking change) Added support for ECDH-ES Key Agreement
+      algorithm.
+    + (ABI breaking change) Added support for DH-ES Key Agreement
+      algorithm with explicit KDF.
+    + Added support for MGF1 algorithm to RSA OAEP key transport.
+    + Added support for X509Digest element and ability to lookup keys
+      using other X509Data elements.
+    + Added support for DEREncodedKeyValue element.
+    + Automatically set key name from PKCS12 key name.
+    + Removed support for OpenSSL 1.0.0 and LibreSSL before 2.7.0.
+  * xmlsec-nss library:
+    + Added support for RSA PSS signatures (withtout parameters).
+    + Added support for RSA OAEP key transport including MGF1 algorithms.
+    + Added support for AES GCM ciphers.
+    + Added support for PBKDF2 derivation algorithm.
+    + Added support for X509Digest element and ability to lookup keys
+      using other X509Data elements.
+    + Added support for DEREncodedKeyValue element.
+    + Automatically set key name from PKCS12 key name.
+  * xmlsec-gnutls library:
+    + (API/ABI breaking change) Removed dependency on xmlsec-gcrypt
+      and libgcrypt libraries (including API functions) to enable
+      support for different GnuTLS backends.
+    + Bumped minimal GnuTLS version to 3.6.13.
+    + Added support for SHA3 digests.
+    + Added support for ECDSA signatures.
+    + Added support for DSA-SHA256 signatures.
+    + Added support for RSA PSS signatures (withtout parameters).
+    + Added support for RSA PKCS 1.5 key transport.
+    + Added support for AES GCM ciphers.
+    + Added support for PBKDF2 derivation algorithm.
+    + Added support for X509Digest element and ability to lookup keys
+      using other X509Data elements.
+    + Added support for DEREncodedKeyValue element.
+    + Automatically set key name from PKCS12 key name.
+  * xmlsec-mscng library:
+    + Added support for RSA PSS signatures (withtout parameters).
+    + Added support for MGF1 algorithm to RSA OAEP key transport.
+    + (ABI breaking change) Added support for ECDH-ES Key Agreement algorithm.
+    + Added support for ConcatKDF key and PBKDF2 derivation algorithms.
+    + Added support for X509Digest element for keys and certificates
+      lookup from the system stores (only SHA1 is supported).
+    + Added support for DEREncodedKeyValue element.
+    + Automatically set key name from PKCS12 key name.
+  * xmlsec-gcrypt library:
+    + In maintenance mode starting from this release.
+    + Added support for SHA3 digests.
+    + Added support for ECDSA signatures.
+    + Added support for RSA PSS signatures (withtout parameters).
+    + Added support for RSA PKCS 1.5 key transport.
+    + Added support for RSA OAEP key transport including MGF1 algorithms.
+  * xmlsec command line utility:
+    + (API breaking change) The XMLSec command line utility is using 'strict' key
+      search mode by default. To restore the old 'lax' key search mode,
+      use the new '--lax-key-search' option.
+    + (API breaking change) The XMLSec command line utility is no longer
+      prints detailed errors by default. To restore the detailed errors,
+      use the new '--verbose' option.
+    + Added '--transform-binary-chunk-size' option to control transforms
+      binary chunk size (increasing the chunk size should improve
+      performance at the expense of memory usage.
+    + Added support for loading keys through ossl-store interface.
+      Also see '--privkey-openssl-store' and '--pubkey-openssl-store'
+      command line options for XMLSec utility.
+    + Added '--enabled-key-info-reference-uris' option to control processing of
+      the the KeyInfoReference Element.
+    + Added '--pbkdf2-key' option for loading PBKDF2 keys.
+    + Added '--concatkdf-key' option for loading ConcatKDF keys.
+    + Added '--hmac-min-out-len' option to control the min accepted HMAC Output length.
+    + Added '--pubkey-openssl-engine' option to load public keys from OpenSSL engine.
+    + Added '--crl-pem' and '--crl-der' options to load CRLs.
+    + Added '--verify-keys' option to verify key's certificate before
+      loading into Keys Manager (only supported for OpenSSL currently).
+    + Enabled templatized output filenames to facilitate batch operations on
+      multiple input files.
+
 -------------------------------------------------------------------
 Wed Feb  1 09:23:37 UTC 2023 - Dirk Müller <dmueller@suse.com>
 

xmlsec1.spec

@@ -23,7 +23,7 @@
 %global libgnutls  libxmlsec1-gnutls1
 %global libnss     libxmlsec1-nss1
 Name:           xmlsec1
-Version:        1.2.37
+Version:        1.3.1
 Release:        0
 Summary:        Library providing support for "XML Signature" and "XML Encryption" standards
 License:        MIT
@@ -37,12 +37,12 @@ BuildRequires:  libtool
 # Needed certutil for tests
 BuildRequires:  mozilla-nss-tools
 BuildRequires:  pkgconfig
-BuildRequires:  pkgconfig(gnutls)
+BuildRequires:  pkgconfig(gnutls) >= 3.6.13
 BuildRequires:  pkgconfig(libxml-2.0)
 BuildRequires:  pkgconfig(libxslt)
 BuildRequires:  pkgconfig(nspr)
-BuildRequires:  pkgconfig(nss)
-BuildRequires:  pkgconfig(openssl)
+BuildRequires:  pkgconfig(nss) >= 3.35
+BuildRequires:  pkgconfig(openssl) >= 1.1.0
 Recommends:     %{libopenssl}
 
 %description
@@ -95,7 +95,7 @@ Summary:        Libraries, includes for XML Signatures/Encryption
 Requires:       %{libname} = %{version}
 Requires:       libxml2-devel >= 2.6.0
 Requires:       libxslt-devel >= 1.1.0
-Requires:       openssl-devel >= 0.9.6
+Requires:       openssl-devel >= 1.1.0
 Requires:       pkgconfig(zlib)
 
 %description devel
@@ -123,7 +123,7 @@ Summary:        GNUTls crypto plugin for XML Security Library
 Requires:       %{libgnutls} = %{version}
 Requires:       %{name}-devel = %{version}
 Requires:       %{name}-openssl-devel = %{version}
-Requires:       gnutls-devel >= 1.0.20
+Requires:       gnutls-devel >= 3.6.13
 Requires:       libgcrypt-devel >= 1.2.0
 
 %description gnutls-devel
@@ -134,7 +134,7 @@ Summary:        NSS crypto plugin for XML Security Library
 Requires:       %{libnss} = %{version}
 Requires:       %{name}-devel = %{version}
 Requires:       mozilla-nspr-devel
-Requires:       mozilla-nss-devel >= 3.2
+Requires:       mozilla-nss-devel >= 3.35
 
 %description nss-devel
 Libraries, includes, etc. for developing XML Security applications with NSS.
@@ -144,8 +144,8 @@ Libraries, includes, etc. for developing XML Security applications with NSS.
 
 %build
 # Allow for deprecations
-export CFLAGS="-Wno-error=deprecated-declarations"
-export CXXFLAGS="-Wno-error=deprecated-declarations"
+export CFLAGS="-Wno-error=deprecated-declarations -Wno-error=redundant-decls"
+export CXXFLAGS="-Wno-error=deprecated-declarations -Wno-error=redundant-decls"
 %configure \
     --disable-static \
     --disable-silent-rules \