d3449cb0af
- Update to 1.3.1:
* core xmlsec and all xmlsec-crypto libraries:
+ (ABI breaking change) Added support for the KeyInfoReference Element.
+ (ABI breaking change) Switched xmlSecSize to use size_t by default.
Use "--enable-size-t=no" configure option ("size_t=no" on Windows)
to restore the old behaviour (note that support for xmlSecSize
being different from size_t will be removed in the future).
+ (API breaking change) Changed the key search to strict mode: only
keys referenced by KeyInfo are used. To restore the old "lax" mode,
set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx
or use '--lax-key-search' option for XMLSec command line utility.
+ (API breaking change) The KeyName element content is now trimmed
before key search is performed.
+ (API breaking change) Disabled FTP support by default.
Use "--enable-ftp" configure option to restore it. Also added
"--enable-http" and "--enable-files" configure options to control
support for loading files over HTTP or locally.
+ (API/ABI breaking change) Disabled MD5 digest method by default.
Use "--enable-md5" configure options to re-enable MD5.
+ (ABI breaking change) Added "failureReason" file to xmlSecDSigCtx
and xmlEncCtx to provide more granular operation failure reason.
+ (ABI breaking change) Removed deprecated functions.
+ Added support for loading keys through ossl-store interface.
Also see '--privkey-openssl-store' and '--pubkey-openssl-store '
command line options for XMLSec utility.
+ Added ability to control transforms binary chunk size to improve
performance (see '--transform-binary-chunk-size' command line option
for XMLSec utility).
+ Fixed all potentially unsafe integer conversions and all the
other warnings.
+ Added XML Signature 1.1 interop (2012) and XML Encryption 1.1
interop (2012) tests.
* xmlsec-openssl library:
+ Added support for SHA3 digests.
+ Added support for ECDSA-SHA3 signatures.
+ Added support for RSA PSS signatures (withtout parameters).
+ Added support for ConcatKDF key and PBKDF2 derivation algorithms.
+ (ABI breaking change) Added support for ECDH-ES Key Agreement
algorithm.
+ (ABI breaking change) Added support for DH-ES Key Agreement
algorithm with explicit KDF.
+ Added support for MGF1 algorithm to RSA OAEP key transport.
+ Added support for X509Digest element and ability to lookup keys
using other X509Data elements.
+ Added support for DEREncodedKeyValue element.
+ Automatically set key name from PKCS12 key name.
+ Removed support for OpenSSL 1.0.0 and LibreSSL before 2.7.0.
* xmlsec-nss library:
+ Added support for RSA PSS signatures (withtout parameters).
+ Added support for RSA OAEP key transport including MGF1 algorithms.
+ Added support for AES GCM ciphers.
+ Added support for PBKDF2 derivation algorithm.
+ Added support for X509Digest element and ability to lookup keys
using other X509Data elements.
+ Added support for DEREncodedKeyValue element.
+ Automatically set key name from PKCS12 key name.
* xmlsec-gnutls library:
+ (API/ABI breaking change) Removed dependency on xmlsec-gcrypt
and libgcrypt libraries (including API functions) to enable
support for different GnuTLS backends.
+ Bumped minimal GnuTLS version to 3.6.13.
+ Added support for SHA3 digests.
+ Added support for ECDSA signatures.
+ Added support for DSA-SHA256 signatures.
+ Added support for RSA PSS signatures (withtout parameters).
+ Added support for RSA PKCS 1.5 key transport.
+ Added support for AES GCM ciphers.
+ Added support for PBKDF2 derivation algorithm.
+ Added support for X509Digest element and ability to lookup keys
using other X509Data elements.
+ Added support for DEREncodedKeyValue element.
+ Automatically set key name from PKCS12 key name.
* xmlsec-mscng library:
+ Added support for RSA PSS signatures (withtout parameters).
+ Added support for MGF1 algorithm to RSA OAEP key transport.
+ (ABI breaking change) Added support for ECDH-ES Key Agreement algorithm.
+ Added support for ConcatKDF key and PBKDF2 derivation algorithms.
+ Added support for X509Digest element for keys and certificates
lookup from the system stores (only SHA1 is supported).
+ Added support for DEREncodedKeyValue element.
+ Automatically set key name from PKCS12 key name.
* xmlsec-gcrypt library:
+ In maintenance mode starting from this release.
+ Added support for SHA3 digests.
+ Added support for ECDSA signatures.
+ Added support for RSA PSS signatures (withtout parameters).
+ Added support for RSA PKCS 1.5 key transport.
+ Added support for RSA OAEP key transport including MGF1 algorithms.
* xmlsec command line utility:
+ (API breaking change) The XMLSec command line utility is using 'strict' key
search mode by default. To restore the old 'lax' key search mode,
use the new '--lax-key-search' option.
+ (API breaking change) The XMLSec command line utility is no longer
prints detailed errors by default. To restore the detailed errors,
use the new '--verbose' option.
+ Added '--transform-binary-chunk-size' option to control transforms
binary chunk size (increasing the chunk size should improve
performance at the expense of memory usage.
+ Added support for loading keys through ossl-store interface.
Also see '--privkey-openssl-store' and '--pubkey-openssl-store'
command line options for XMLSec utility.
+ Added '--enabled-key-info-reference-uris' option to control processing of
the the KeyInfoReference Element.
+ Added '--pbkdf2-key' option for loading PBKDF2 keys.
+ Added '--concatkdf-key' option for loading ConcatKDF keys.
+ Added '--hmac-min-out-len' option to control the min accepted HMAC Output length.
+ Added '--pubkey-openssl-engine' option to load public keys from OpenSSL engine.
+ Added '--crl-pem' and '--crl-der' options to load CRLs.
+ Added '--verify-keys' option to verify key's certificate before
loading into Keys Manager (only supported for OpenSSL currently).
+ Enabled templatized output filenames to facilitate batch operations on
multiple input files.
OBS-URL: https://build.opensuse.org/request/show/1102129
OBS-URL: https://build.opensuse.org/package/show/LibreOffice:Factory/xmlsec1?expand=0&rev=50
|
||
|---|---|---|
| .gitattributes | ||
| .gitignore | ||
| xmlsec1-1.3.1.tar.gz | ||
| xmlsec1-1.3.1.tar.gz.sig | ||
| xmlsec1-rpmlintrc | ||
| xmlsec1.changes | ||
| xmlsec1.keyring | ||
| xmlsec1.spec | ||