diff --git a/xmlsec1-1.2.37.tar.gz b/xmlsec1-1.2.37.tar.gz deleted file mode 100644 index d0b24c5..0000000 --- a/xmlsec1-1.2.37.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5f8dfbcb6d1e56bddd0b5ec2e00a3d0ca5342a9f57c24dffde5c796b2be2871c -size 2009175 diff --git a/xmlsec1-1.2.37.tar.gz.sig b/xmlsec1-1.2.37.tar.gz.sig deleted file mode 100644 index b5b7037..0000000 Binary files a/xmlsec1-1.2.37.tar.gz.sig and /dev/null differ diff --git a/xmlsec1-1.3.1.tar.gz b/xmlsec1-1.3.1.tar.gz new file mode 100644 index 0000000..d2fafdc --- /dev/null +++ b/xmlsec1-1.3.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:10f48384d4fd1afc05fea545b74fbf7c152582f0a895c189f164d55270400c63 +size 2432943 diff --git a/xmlsec1-1.3.1.tar.gz.sig b/xmlsec1-1.3.1.tar.gz.sig new file mode 100644 index 0000000..f338a73 Binary files /dev/null and b/xmlsec1-1.3.1.tar.gz.sig differ diff --git a/xmlsec1.changes b/xmlsec1.changes index d0299c0..c147a59 100644 --- a/xmlsec1.changes +++ b/xmlsec1.changes @@ -1,3 +1,119 @@ +------------------------------------------------------------------- +Thu Aug 3 07:40:48 UTC 2023 - Paolo Stivanin + +- Update to 1.3.1: + * core xmlsec and all xmlsec-crypto libraries: + + (ABI breaking change) Added support for the KeyInfoReference Element. + + (ABI breaking change) Switched xmlSecSize to use size_t by default. + Use "--enable-size-t=no" configure option ("size_t=no" on Windows) + to restore the old behaviour (note that support for xmlSecSize + being different from size_t will be removed in the future). + + (API breaking change) Changed the key search to strict mode: only + keys referenced by KeyInfo are used. To restore the old "lax" mode, + set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx + or use '--lax-key-search' option for XMLSec command line utility. + + (API breaking change) The KeyName element content is now trimmed + before key search is performed. + + (API breaking change) Disabled FTP support by default. + Use "--enable-ftp" configure option to restore it. Also added + "--enable-http" and "--enable-files" configure options to control + support for loading files over HTTP or locally. + + (API/ABI breaking change) Disabled MD5 digest method by default. + Use "--enable-md5" configure options to re-enable MD5. + + (ABI breaking change) Added "failureReason" file to xmlSecDSigCtx + and xmlEncCtx to provide more granular operation failure reason. + + (ABI breaking change) Removed deprecated functions. + + Added support for loading keys through ossl-store interface. + Also see '--privkey-openssl-store' and '--pubkey-openssl-store ' + command line options for XMLSec utility. + + Added ability to control transforms binary chunk size to improve + performance (see '--transform-binary-chunk-size' command line option + for XMLSec utility). + + Fixed all potentially unsafe integer conversions and all the + other warnings. + + Added XML Signature 1.1 interop (2012) and XML Encryption 1.1 + interop (2012) tests. + * xmlsec-openssl library: + + Added support for SHA3 digests. + + Added support for ECDSA-SHA3 signatures. + + Added support for RSA PSS signatures (withtout parameters). + + Added support for ConcatKDF key and PBKDF2 derivation algorithms. + + (ABI breaking change) Added support for ECDH-ES Key Agreement + algorithm. + + (ABI breaking change) Added support for DH-ES Key Agreement + algorithm with explicit KDF. + + Added support for MGF1 algorithm to RSA OAEP key transport. + + Added support for X509Digest element and ability to lookup keys + using other X509Data elements. + + Added support for DEREncodedKeyValue element. + + Automatically set key name from PKCS12 key name. + + Removed support for OpenSSL 1.0.0 and LibreSSL before 2.7.0. + * xmlsec-nss library: + + Added support for RSA PSS signatures (withtout parameters). + + Added support for RSA OAEP key transport including MGF1 algorithms. + + Added support for AES GCM ciphers. + + Added support for PBKDF2 derivation algorithm. + + Added support for X509Digest element and ability to lookup keys + using other X509Data elements. + + Added support for DEREncodedKeyValue element. + + Automatically set key name from PKCS12 key name. + * xmlsec-gnutls library: + + (API/ABI breaking change) Removed dependency on xmlsec-gcrypt + and libgcrypt libraries (including API functions) to enable + support for different GnuTLS backends. + + Bumped minimal GnuTLS version to 3.6.13. + + Added support for SHA3 digests. + + Added support for ECDSA signatures. + + Added support for DSA-SHA256 signatures. + + Added support for RSA PSS signatures (withtout parameters). + + Added support for RSA PKCS 1.5 key transport. + + Added support for AES GCM ciphers. + + Added support for PBKDF2 derivation algorithm. + + Added support for X509Digest element and ability to lookup keys + using other X509Data elements. + + Added support for DEREncodedKeyValue element. + + Automatically set key name from PKCS12 key name. + * xmlsec-mscng library: + + Added support for RSA PSS signatures (withtout parameters). + + Added support for MGF1 algorithm to RSA OAEP key transport. + + (ABI breaking change) Added support for ECDH-ES Key Agreement algorithm. + + Added support for ConcatKDF key and PBKDF2 derivation algorithms. + + Added support for X509Digest element for keys and certificates + lookup from the system stores (only SHA1 is supported). + + Added support for DEREncodedKeyValue element. + + Automatically set key name from PKCS12 key name. + * xmlsec-gcrypt library: + + In maintenance mode starting from this release. + + Added support for SHA3 digests. + + Added support for ECDSA signatures. + + Added support for RSA PSS signatures (withtout parameters). + + Added support for RSA PKCS 1.5 key transport. + + Added support for RSA OAEP key transport including MGF1 algorithms. + * xmlsec command line utility: + + (API breaking change) The XMLSec command line utility is using 'strict' key + search mode by default. To restore the old 'lax' key search mode, + use the new '--lax-key-search' option. + + (API breaking change) The XMLSec command line utility is no longer + prints detailed errors by default. To restore the detailed errors, + use the new '--verbose' option. + + Added '--transform-binary-chunk-size' option to control transforms + binary chunk size (increasing the chunk size should improve + performance at the expense of memory usage. + + Added support for loading keys through ossl-store interface. + Also see '--privkey-openssl-store' and '--pubkey-openssl-store' + command line options for XMLSec utility. + + Added '--enabled-key-info-reference-uris' option to control processing of + the the KeyInfoReference Element. + + Added '--pbkdf2-key' option for loading PBKDF2 keys. + + Added '--concatkdf-key' option for loading ConcatKDF keys. + + Added '--hmac-min-out-len' option to control the min accepted HMAC Output length. + + Added '--pubkey-openssl-engine' option to load public keys from OpenSSL engine. + + Added '--crl-pem' and '--crl-der' options to load CRLs. + + Added '--verify-keys' option to verify key's certificate before + loading into Keys Manager (only supported for OpenSSL currently). + + Enabled templatized output filenames to facilitate batch operations on + multiple input files. + ------------------------------------------------------------------- Wed Feb 1 09:23:37 UTC 2023 - Dirk Müller diff --git a/xmlsec1.spec b/xmlsec1.spec index 1a4885e..2cfbf9a 100644 --- a/xmlsec1.spec +++ b/xmlsec1.spec @@ -23,7 +23,7 @@ %global libgnutls libxmlsec1-gnutls1 %global libnss libxmlsec1-nss1 Name: xmlsec1 -Version: 1.2.37 +Version: 1.3.1 Release: 0 Summary: Library providing support for "XML Signature" and "XML Encryption" standards License: MIT @@ -37,12 +37,12 @@ BuildRequires: libtool # Needed certutil for tests BuildRequires: mozilla-nss-tools BuildRequires: pkgconfig -BuildRequires: pkgconfig(gnutls) +BuildRequires: pkgconfig(gnutls) >= 3.6.13 BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(libxslt) BuildRequires: pkgconfig(nspr) -BuildRequires: pkgconfig(nss) -BuildRequires: pkgconfig(openssl) +BuildRequires: pkgconfig(nss) >= 3.35 +BuildRequires: pkgconfig(openssl) >= 1.1.0 Recommends: %{libopenssl} %description @@ -95,7 +95,7 @@ Summary: Libraries, includes for XML Signatures/Encryption Requires: %{libname} = %{version} Requires: libxml2-devel >= 2.6.0 Requires: libxslt-devel >= 1.1.0 -Requires: openssl-devel >= 0.9.6 +Requires: openssl-devel >= 1.1.0 Requires: pkgconfig(zlib) %description devel @@ -123,7 +123,7 @@ Summary: GNUTls crypto plugin for XML Security Library Requires: %{libgnutls} = %{version} Requires: %{name}-devel = %{version} Requires: %{name}-openssl-devel = %{version} -Requires: gnutls-devel >= 1.0.20 +Requires: gnutls-devel >= 3.6.13 Requires: libgcrypt-devel >= 1.2.0 %description gnutls-devel @@ -134,7 +134,7 @@ Summary: NSS crypto plugin for XML Security Library Requires: %{libnss} = %{version} Requires: %{name}-devel = %{version} Requires: mozilla-nspr-devel -Requires: mozilla-nss-devel >= 3.2 +Requires: mozilla-nss-devel >= 3.35 %description nss-devel Libraries, includes, etc. for developing XML Security applications with NSS. @@ -144,8 +144,8 @@ Libraries, includes, etc. for developing XML Security applications with NSS. %build # Allow for deprecations -export CFLAGS="-Wno-error=deprecated-declarations" -export CXXFLAGS="-Wno-error=deprecated-declarations" +export CFLAGS="-Wno-error=deprecated-declarations -Wno-error=redundant-decls" +export CXXFLAGS="-Wno-error=deprecated-declarations -Wno-error=redundant-decls" %configure \ --disable-static \ --disable-silent-rules \