diff --git a/xmlsec1-1.2.37.tar.gz b/xmlsec1-1.2.37.tar.gz new file mode 100644 index 0000000..d0b24c5 --- /dev/null +++ b/xmlsec1-1.2.37.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5f8dfbcb6d1e56bddd0b5ec2e00a3d0ca5342a9f57c24dffde5c796b2be2871c +size 2009175 diff --git a/xmlsec1-1.2.37.tar.gz.sig b/xmlsec1-1.2.37.tar.gz.sig new file mode 100644 index 0000000..b5b7037 Binary files /dev/null and b/xmlsec1-1.2.37.tar.gz.sig differ diff --git a/xmlsec1-1.3.1.tar.gz b/xmlsec1-1.3.1.tar.gz deleted file mode 100644 index d2fafdc..0000000 --- a/xmlsec1-1.3.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:10f48384d4fd1afc05fea545b74fbf7c152582f0a895c189f164d55270400c63 -size 2432943 diff --git a/xmlsec1-1.3.1.tar.gz.sig b/xmlsec1-1.3.1.tar.gz.sig deleted file mode 100644 index f338a73..0000000 Binary files a/xmlsec1-1.3.1.tar.gz.sig and /dev/null differ diff --git a/xmlsec1.changes b/xmlsec1.changes index c147a59..d0299c0 100644 --- a/xmlsec1.changes +++ b/xmlsec1.changes @@ -1,119 +1,3 @@ -------------------------------------------------------------------- -Thu Aug 3 07:40:48 UTC 2023 - Paolo Stivanin - -- Update to 1.3.1: - * core xmlsec and all xmlsec-crypto libraries: - + (ABI breaking change) Added support for the KeyInfoReference Element. - + (ABI breaking change) Switched xmlSecSize to use size_t by default. - Use "--enable-size-t=no" configure option ("size_t=no" on Windows) - to restore the old behaviour (note that support for xmlSecSize - being different from size_t will be removed in the future). - + (API breaking change) Changed the key search to strict mode: only - keys referenced by KeyInfo are used. To restore the old "lax" mode, - set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx - or use '--lax-key-search' option for XMLSec command line utility. - + (API breaking change) The KeyName element content is now trimmed - before key search is performed. - + (API breaking change) Disabled FTP support by default. - Use "--enable-ftp" configure option to restore it. Also added - "--enable-http" and "--enable-files" configure options to control - support for loading files over HTTP or locally. - + (API/ABI breaking change) Disabled MD5 digest method by default. - Use "--enable-md5" configure options to re-enable MD5. - + (ABI breaking change) Added "failureReason" file to xmlSecDSigCtx - and xmlEncCtx to provide more granular operation failure reason. - + (ABI breaking change) Removed deprecated functions. - + Added support for loading keys through ossl-store interface. - Also see '--privkey-openssl-store' and '--pubkey-openssl-store ' - command line options for XMLSec utility. - + Added ability to control transforms binary chunk size to improve - performance (see '--transform-binary-chunk-size' command line option - for XMLSec utility). - + Fixed all potentially unsafe integer conversions and all the - other warnings. - + Added XML Signature 1.1 interop (2012) and XML Encryption 1.1 - interop (2012) tests. - * xmlsec-openssl library: - + Added support for SHA3 digests. - + Added support for ECDSA-SHA3 signatures. - + Added support for RSA PSS signatures (withtout parameters). - + Added support for ConcatKDF key and PBKDF2 derivation algorithms. - + (ABI breaking change) Added support for ECDH-ES Key Agreement - algorithm. - + (ABI breaking change) Added support for DH-ES Key Agreement - algorithm with explicit KDF. - + Added support for MGF1 algorithm to RSA OAEP key transport. - + Added support for X509Digest element and ability to lookup keys - using other X509Data elements. - + Added support for DEREncodedKeyValue element. - + Automatically set key name from PKCS12 key name. - + Removed support for OpenSSL 1.0.0 and LibreSSL before 2.7.0. - * xmlsec-nss library: - + Added support for RSA PSS signatures (withtout parameters). - + Added support for RSA OAEP key transport including MGF1 algorithms. - + Added support for AES GCM ciphers. - + Added support for PBKDF2 derivation algorithm. - + Added support for X509Digest element and ability to lookup keys - using other X509Data elements. - + Added support for DEREncodedKeyValue element. - + Automatically set key name from PKCS12 key name. - * xmlsec-gnutls library: - + (API/ABI breaking change) Removed dependency on xmlsec-gcrypt - and libgcrypt libraries (including API functions) to enable - support for different GnuTLS backends. - + Bumped minimal GnuTLS version to 3.6.13. - + Added support for SHA3 digests. - + Added support for ECDSA signatures. - + Added support for DSA-SHA256 signatures. - + Added support for RSA PSS signatures (withtout parameters). - + Added support for RSA PKCS 1.5 key transport. - + Added support for AES GCM ciphers. - + Added support for PBKDF2 derivation algorithm. - + Added support for X509Digest element and ability to lookup keys - using other X509Data elements. - + Added support for DEREncodedKeyValue element. - + Automatically set key name from PKCS12 key name. - * xmlsec-mscng library: - + Added support for RSA PSS signatures (withtout parameters). - + Added support for MGF1 algorithm to RSA OAEP key transport. - + (ABI breaking change) Added support for ECDH-ES Key Agreement algorithm. - + Added support for ConcatKDF key and PBKDF2 derivation algorithms. - + Added support for X509Digest element for keys and certificates - lookup from the system stores (only SHA1 is supported). - + Added support for DEREncodedKeyValue element. - + Automatically set key name from PKCS12 key name. - * xmlsec-gcrypt library: - + In maintenance mode starting from this release. - + Added support for SHA3 digests. - + Added support for ECDSA signatures. - + Added support for RSA PSS signatures (withtout parameters). - + Added support for RSA PKCS 1.5 key transport. - + Added support for RSA OAEP key transport including MGF1 algorithms. - * xmlsec command line utility: - + (API breaking change) The XMLSec command line utility is using 'strict' key - search mode by default. To restore the old 'lax' key search mode, - use the new '--lax-key-search' option. - + (API breaking change) The XMLSec command line utility is no longer - prints detailed errors by default. To restore the detailed errors, - use the new '--verbose' option. - + Added '--transform-binary-chunk-size' option to control transforms - binary chunk size (increasing the chunk size should improve - performance at the expense of memory usage. - + Added support for loading keys through ossl-store interface. - Also see '--privkey-openssl-store' and '--pubkey-openssl-store' - command line options for XMLSec utility. - + Added '--enabled-key-info-reference-uris' option to control processing of - the the KeyInfoReference Element. - + Added '--pbkdf2-key' option for loading PBKDF2 keys. - + Added '--concatkdf-key' option for loading ConcatKDF keys. - + Added '--hmac-min-out-len' option to control the min accepted HMAC Output length. - + Added '--pubkey-openssl-engine' option to load public keys from OpenSSL engine. - + Added '--crl-pem' and '--crl-der' options to load CRLs. - + Added '--verify-keys' option to verify key's certificate before - loading into Keys Manager (only supported for OpenSSL currently). - + Enabled templatized output filenames to facilitate batch operations on - multiple input files. - ------------------------------------------------------------------- Wed Feb 1 09:23:37 UTC 2023 - Dirk Müller diff --git a/xmlsec1.spec b/xmlsec1.spec index e4d9186..1de104f 100644 --- a/xmlsec1.spec +++ b/xmlsec1.spec @@ -23,7 +23,7 @@ %global libgnutls libxmlsec1-gnutls1 %global libnss libxmlsec1-nss1 Name: xmlsec1 -Version: 1.3.1 +Version: 1.2.37 Release: 0 Summary: Library providing support for "XML Signature" and "XML Encryption" standards License: MIT @@ -38,12 +38,12 @@ BuildRequires: libtool # Needed certutil for tests BuildRequires: mozilla-nss-tools BuildRequires: pkgconfig -BuildRequires: pkgconfig(gnutls) >= 3.6.13 +BuildRequires: pkgconfig(gnutls) BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(libxslt) BuildRequires: pkgconfig(nspr) -BuildRequires: pkgconfig(nss) >= 3.35 -BuildRequires: pkgconfig(openssl) >= 1.1.0 +BuildRequires: pkgconfig(nss) +BuildRequires: pkgconfig(openssl) Recommends: %{libopenssl} %description @@ -96,7 +96,7 @@ Summary: Libraries, includes for XML Signatures/Encryption Requires: %{libname} = %{version} Requires: libxml2-devel >= 2.6.0 Requires: libxslt-devel >= 1.1.0 -Requires: openssl-devel >= 1.1.0 +Requires: openssl-devel >= 0.9.6 Requires: pkgconfig(zlib) %description devel @@ -124,7 +124,7 @@ Summary: GNUTls crypto plugin for XML Security Library Requires: %{libgnutls} = %{version} Requires: %{name}-devel = %{version} Requires: %{name}-openssl-devel = %{version} -Requires: gnutls-devel >= 3.6.13 +Requires: gnutls-devel >= 1.0.20 Requires: libgcrypt-devel >= 1.2.0 %description gnutls-devel @@ -135,7 +135,7 @@ Summary: NSS crypto plugin for XML Security Library Requires: %{libnss} = %{version} Requires: %{name}-devel = %{version} Requires: mozilla-nspr-devel -Requires: mozilla-nss-devel >= 3.35 +Requires: mozilla-nss-devel >= 3.2 %description nss-devel Libraries, includes, etc. for developing XML Security applications with NSS. @@ -148,8 +148,8 @@ Libraries, includes, etc. for developing XML Security applications with NSS. %build # Allow for deprecations -export CFLAGS="-Wno-error=deprecated-declarations -Wno-error=redundant-decls" -export CXXFLAGS="-Wno-error=deprecated-declarations -Wno-error=redundant-decls" +export CFLAGS="-Wno-error=deprecated-declarations -std=c99" +export CXXFLAGS="-Wno-error=deprecated-declarations" %configure \ --disable-static \ --disable-silent-rules \