2023-08-06 09:15:43 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 3 07:40:48 UTC 2023 - Paolo Stivanin <info@paolostivanin.com>
|
|
|
|
|
|
|
|
|
|
- Update to 1.3.1:
|
|
|
|
|
* core xmlsec and all xmlsec-crypto libraries:
|
|
|
|
|
+ (ABI breaking change) Added support for the KeyInfoReference Element.
|
|
|
|
|
+ (ABI breaking change) Switched xmlSecSize to use size_t by default.
|
|
|
|
|
Use "--enable-size-t=no" configure option ("size_t=no" on Windows)
|
|
|
|
|
to restore the old behaviour (note that support for xmlSecSize
|
|
|
|
|
being different from size_t will be removed in the future).
|
|
|
|
|
+ (API breaking change) Changed the key search to strict mode: only
|
|
|
|
|
keys referenced by KeyInfo are used. To restore the old "lax" mode,
|
|
|
|
|
set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx
|
|
|
|
|
or use '--lax-key-search' option for XMLSec command line utility.
|
|
|
|
|
+ (API breaking change) The KeyName element content is now trimmed
|
|
|
|
|
before key search is performed.
|
|
|
|
|
+ (API breaking change) Disabled FTP support by default.
|
|
|
|
|
Use "--enable-ftp" configure option to restore it. Also added
|
|
|
|
|
"--enable-http" and "--enable-files" configure options to control
|
|
|
|
|
support for loading files over HTTP or locally.
|
|
|
|
|
+ (API/ABI breaking change) Disabled MD5 digest method by default.
|
|
|
|
|
Use "--enable-md5" configure options to re-enable MD5.
|
|
|
|
|
+ (ABI breaking change) Added "failureReason" file to xmlSecDSigCtx
|
|
|
|
|
and xmlEncCtx to provide more granular operation failure reason.
|
|
|
|
|
+ (ABI breaking change) Removed deprecated functions.
|
|
|
|
|
+ Added support for loading keys through ossl-store interface.
|
|
|
|
|
Also see '--privkey-openssl-store' and '--pubkey-openssl-store '
|
|
|
|
|
command line options for XMLSec utility.
|
|
|
|
|
+ Added ability to control transforms binary chunk size to improve
|
|
|
|
|
performance (see '--transform-binary-chunk-size' command line option
|
|
|
|
|
for XMLSec utility).
|
|
|
|
|
+ Fixed all potentially unsafe integer conversions and all the
|
|
|
|
|
other warnings.
|
|
|
|
|
+ Added XML Signature 1.1 interop (2012) and XML Encryption 1.1
|
|
|
|
|
interop (2012) tests.
|
|
|
|
|
* xmlsec-openssl library:
|
|
|
|
|
+ Added support for SHA3 digests.
|
|
|
|
|
+ Added support for ECDSA-SHA3 signatures.
|
|
|
|
|
+ Added support for RSA PSS signatures (withtout parameters).
|
|
|
|
|
+ Added support for ConcatKDF key and PBKDF2 derivation algorithms.
|
|
|
|
|
+ (ABI breaking change) Added support for ECDH-ES Key Agreement
|
|
|
|
|
algorithm.
|
|
|
|
|
+ (ABI breaking change) Added support for DH-ES Key Agreement
|
|
|
|
|
algorithm with explicit KDF.
|
|
|
|
|
+ Added support for MGF1 algorithm to RSA OAEP key transport.
|
|
|
|
|
+ Added support for X509Digest element and ability to lookup keys
|
|
|
|
|
using other X509Data elements.
|
|
|
|
|
+ Added support for DEREncodedKeyValue element.
|
|
|
|
|
+ Automatically set key name from PKCS12 key name.
|
|
|
|
|
+ Removed support for OpenSSL 1.0.0 and LibreSSL before 2.7.0.
|
|
|
|
|
* xmlsec-nss library:
|
|
|
|
|
+ Added support for RSA PSS signatures (withtout parameters).
|
|
|
|
|
+ Added support for RSA OAEP key transport including MGF1 algorithms.
|
|
|
|
|
+ Added support for AES GCM ciphers.
|
|
|
|
|
+ Added support for PBKDF2 derivation algorithm.
|
|
|
|
|
+ Added support for X509Digest element and ability to lookup keys
|
|
|
|
|
using other X509Data elements.
|
|
|
|
|
+ Added support for DEREncodedKeyValue element.
|
|
|
|
|
+ Automatically set key name from PKCS12 key name.
|
|
|
|
|
* xmlsec-gnutls library:
|
|
|
|
|
+ (API/ABI breaking change) Removed dependency on xmlsec-gcrypt
|
|
|
|
|
and libgcrypt libraries (including API functions) to enable
|
|
|
|
|
support for different GnuTLS backends.
|
|
|
|
|
+ Bumped minimal GnuTLS version to 3.6.13.
|
|
|
|
|
+ Added support for SHA3 digests.
|
|
|
|
|
+ Added support for ECDSA signatures.
|
|
|
|
|
+ Added support for DSA-SHA256 signatures.
|
|
|
|
|
+ Added support for RSA PSS signatures (withtout parameters).
|
|
|
|
|
+ Added support for RSA PKCS 1.5 key transport.
|
|
|
|
|
+ Added support for AES GCM ciphers.
|
|
|
|
|
+ Added support for PBKDF2 derivation algorithm.
|
|
|
|
|
+ Added support for X509Digest element and ability to lookup keys
|
|
|
|
|
using other X509Data elements.
|
|
|
|
|
+ Added support for DEREncodedKeyValue element.
|
|
|
|
|
+ Automatically set key name from PKCS12 key name.
|
|
|
|
|
* xmlsec-mscng library:
|
|
|
|
|
+ Added support for RSA PSS signatures (withtout parameters).
|
|
|
|
|
+ Added support for MGF1 algorithm to RSA OAEP key transport.
|
|
|
|
|
+ (ABI breaking change) Added support for ECDH-ES Key Agreement algorithm.
|
|
|
|
|
+ Added support for ConcatKDF key and PBKDF2 derivation algorithms.
|
|
|
|
|
+ Added support for X509Digest element for keys and certificates
|
|
|
|
|
lookup from the system stores (only SHA1 is supported).
|
|
|
|
|
+ Added support for DEREncodedKeyValue element.
|
|
|
|
|
+ Automatically set key name from PKCS12 key name.
|
|
|
|
|
* xmlsec-gcrypt library:
|
|
|
|
|
+ In maintenance mode starting from this release.
|
|
|
|
|
+ Added support for SHA3 digests.
|
|
|
|
|
+ Added support for ECDSA signatures.
|
|
|
|
|
+ Added support for RSA PSS signatures (withtout parameters).
|
|
|
|
|
+ Added support for RSA PKCS 1.5 key transport.
|
|
|
|
|
+ Added support for RSA OAEP key transport including MGF1 algorithms.
|
|
|
|
|
* xmlsec command line utility:
|
|
|
|
|
+ (API breaking change) The XMLSec command line utility is using 'strict' key
|
|
|
|
|
search mode by default. To restore the old 'lax' key search mode,
|
|
|
|
|
use the new '--lax-key-search' option.
|
|
|
|
|
+ (API breaking change) The XMLSec command line utility is no longer
|
|
|
|
|
prints detailed errors by default. To restore the detailed errors,
|
|
|
|
|
use the new '--verbose' option.
|
|
|
|
|
+ Added '--transform-binary-chunk-size' option to control transforms
|
|
|
|
|
binary chunk size (increasing the chunk size should improve
|
|
|
|
|
performance at the expense of memory usage.
|
|
|
|
|
+ Added support for loading keys through ossl-store interface.
|
|
|
|
|
Also see '--privkey-openssl-store' and '--pubkey-openssl-store'
|
|
|
|
|
command line options for XMLSec utility.
|
|
|
|
|
+ Added '--enabled-key-info-reference-uris' option to control processing of
|
|
|
|
|
the the KeyInfoReference Element.
|
|
|
|
|
+ Added '--pbkdf2-key' option for loading PBKDF2 keys.
|
|
|
|
|
+ Added '--concatkdf-key' option for loading ConcatKDF keys.
|
|
|
|
|
+ Added '--hmac-min-out-len' option to control the min accepted HMAC Output length.
|
|
|
|
|
+ Added '--pubkey-openssl-engine' option to load public keys from OpenSSL engine.
|
|
|
|
|
+ Added '--crl-pem' and '--crl-der' options to load CRLs.
|
|
|
|
|
+ Added '--verify-keys' option to verify key's certificate before
|
|
|
|
|
loading into Keys Manager (only supported for OpenSSL currently).
|
|
|
|
|
+ Enabled templatized output filenames to facilitate batch operations on
|
|
|
|
|
multiple input files.
|
|
|
|
|
|
2023-02-22 07:20:21 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Feb 1 09:23:37 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
|
|
- switch to pkgconfig(zlib) to allow alternative providers as well
|
|
|
|
|
|
2022-12-05 08:31:20 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Dec 3 17:03:47 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
|
|
- update to 1.2.37:
|
|
|
|
|
Fixed two regressions from 1.2.36 release
|
|
|
|
|
|
2022-11-05 09:14:06 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Nov 4 15:33:42 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to 1.2.36:
|
|
|
|
|
* Retired the XMLSec mailing list "xmlsec@aleksey.com" and the
|
|
|
|
|
XMLSec Online Signature Verifier.
|
|
|
|
|
|
|
|
|
|
- Update to 1.2.35:
|
|
|
|
|
* Migration to OpenSSL 3.0 API (based on PR by @snargit). Note
|
|
|
|
|
that OpenSSL engines are disabled by default when XMLSec
|
|
|
|
|
library is compiled against OpenSSL 3.0. To re-enable OpenSSL
|
|
|
|
|
engines, use "--enable-openssl3-engines" configure flag (there
|
|
|
|
|
will be a lot of deprecation warnings).
|
|
|
|
|
* The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now
|
|
|
|
|
deprecated and will be removed in the future versions of
|
|
|
|
|
XMLSec Library.
|
|
|
|
|
* Refactored all the integer casts to ensure cast-safety. Fixed
|
|
|
|
|
all warnings and enabled "-Werror" and "-pedantic" flags on
|
|
|
|
|
CI builds.
|
|
|
|
|
* Added configure flag to use size_t for xmlSecSize (currently
|
|
|
|
|
disabled by default for backward compatibility).
|
|
|
|
|
* Moved all CI builds to GitHub actions.
|
|
|
|
|
|
2022-09-08 10:30:06 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Sep 8 07:25:33 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
|
|
|
|
|
|
|
|
|
|
- Add export CFLAGS/CXXFLAGS="-Wno-error=deprecated-declarations"
|
|
|
|
|
inbefore configure. We pass --enable-werror to configure, and
|
|
|
|
|
that leads to warnings about deprecations failing build. As
|
|
|
|
|
deprecations is mainly a consern for upstream, stop failing on
|
|
|
|
|
those.
|
|
|
|
|
|
2022-05-23 12:31:40 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon May 23 09:49:35 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
|
|
- update to 1.2.34:
|
|
|
|
|
* Support for OpenSSL compiled with OPENSSL_NO_ERR.
|
|
|
|
|
* Full support for LibreSSL 3.5.0 and above
|
|
|
|
|
* Several other small fixes
|
|
|
|
|
|
2021-11-29 11:36:39 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Nov 28 18:53:47 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
|
|
- update to 1.2.33:
|
|
|
|
|
* Fix decrypting session key for two recipients
|
|
|
|
|
* Added --privkey-openssl-engine option to enhance openssl engine support
|
|
|
|
|
|
2021-05-18 07:09:21 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun May 9 19:54:21 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
|
|
|
|
|
|
|
|
|
|
- update to 1.2.32:
|
|
|
|
|
+ Remove MD5 for NSS 3.59 and above
|
|
|
|
|
+ Fix PKCS12_parse return code handling
|
|
|
|
|
+ Fix OpenSSL lookup
|
|
|
|
|
+ xmlSecX509DataGetNodeContent(): don't return 0 for non-empty
|
|
|
|
|
elements - fix for LibreOffice
|
|
|
|
|
- add upstream signing key and validate source signature
|
|
|
|
|
- put license text into all subpackages
|
|
|
|
|
- treat all compiler warnings as errors
|
|
|
|
|
|
2021-02-18 12:23:21 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Feb 17 12:17:06 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
|
|
|
|
|
|
- Relax the crypto policies for the test-suite. This allows the
|
|
|
|
|
tests using certificates with small key lengths to pass.
|
|
|
|
|
|
2020-12-18 10:57:31 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Dec 17 09:16:49 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
|
|
|
|
|
|
- Update to version 1.2.31:
|
|
|
|
|
+ Unload error strings in OpenSSL shutdown.
|
|
|
|
|
+ Make userData available when executing preExecCallback
|
|
|
|
|
function.
|
|
|
|
|
+ Add an option to use secure memset.
|
|
|
|
|
- Pass --disable-md5 to configure: The cryptographic strength of
|
|
|
|
|
the MD5 algorithm is sufficiently doubtful that its use is
|
|
|
|
|
discouraged at this time. It is not listed as an algorithm in
|
|
|
|
|
[XMLDSIG-CORE1]
|
|
|
|
|
https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1
|
|
|
|
|
|
2020-06-18 14:30:50 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 18 12:10:34 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to 1.2.30:
|
|
|
|
|
* Enabled XML_PARSE_HUGE for all xml parsers.
|
|
|
|
|
* Various build and tests fixes and improvements.
|
|
|
|
|
* Move remaining private header files away from xmlsec/include/ folder.
|
|
|
|
|
|
2018-12-07 12:02:13 +01:00
|
|
|
-------------------------------------------------------------------
|
2019-04-25 11:20:24 +02:00
|
|
|
Thu Apr 25 09:13:57 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to 1.2.28:
|
|
|
|
|
* Added BoringSSL support (chenbd).
|
|
|
|
|
* Added gnutls-3.6.x support (alonbl).
|
|
|
|
|
* Added DSA and ECDSA key size getter for MSCNG (vmiklos).
|
|
|
|
|
* Added --enable-mans configuration option (alonbl).
|
|
|
|
|
* Added coninuous build integration for MacOSX (vmiklos).
|
|
|
|
|
* Several other small fixes (more details).
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2018-12-07 12:02:13 +01:00
|
|
|
Fri Dec 7 11:01:44 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
|
|
|
|
|
|
|
|
|
- Make sure to recommend at least one backend when you install
|
|
|
|
|
just xmlsec1
|
|
|
|
|
|
2018-10-31 14:23:23 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Oct 31 13:21:31 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
|
|
|
|
|
|
|
|
|
- Drop the gnutls backend as based on the tests it is quite borked:
|
|
|
|
|
* We still have nss and openssl backend for people to use
|
|
|
|
|
|
2018-10-31 13:05:19 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Oct 31 12:00:28 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
|
|
|
|
|
|
|
|
|
- Version update to 1.2.27:
|
|
|
|
|
* Added AES-GCM support for OpenSSL and MSCNG (snargit).
|
|
|
|
|
* Added DSA-SHA256 and ECDSA-SHA384 support for NSS (vmiklos).
|
|
|
|
|
* Added RSA-OAEP support for MSCNG (vmiklos).
|
|
|
|
|
* Continuous build integration in Travis and Appveyor.
|
|
|
|
|
* Several other small fixes (more details).
|
|
|
|
|
|
2018-08-16 12:22:25 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 16 10:22:09 UTC 2018 - tchvatal@suse.com
|
|
|
|
|
|
|
|
|
|
- Add rplintrc to avoid bogus errors:
|
|
|
|
|
* xmlsec1-rpmlintrc
|
|
|
|
|
|
2018-08-16 12:18:26 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Aug 14 18:51:27 UTC 2018 - kallan@suse.com
|
|
|
|
|
|
|
|
|
|
- Fixed (bsc#1104876). Added: Requires: %{libname} = %{version} to each module
|
|
|
|
|
in the spec file. This will ensure that when one of the modules is installed
|
|
|
|
|
the corresponding version of libxmlsec1-1 will also be installed/upgraded.
|
|
|
|
|
|
2018-06-05 22:14:06 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jun 5 20:10:17 UTC 2018 - vmiklos@collabora.co.uk
|
|
|
|
|
|
|
|
|
|
- Version update to 1.2.26:
|
|
|
|
|
* Added xmlsec-mscng module based on Microsoft Cryptography API: Next
|
|
|
|
|
Generation
|
|
|
|
|
* Added support for GOST 2012 and fixed CryptoPro CSP provider for GOST R
|
|
|
|
|
34.10-2001 in xmlsec-mscrypto
|
|
|
|
|
* Added LibreSSL 2.7 support
|
|
|
|
|
* Upgraded documentation build process to support the latest gtk-doc
|
|
|
|
|
|
2017-11-30 10:58:12 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Nov 30 09:53:35 UTC 2017 - tchvatal@suse.com
|
|
|
|
|
|
|
|
|
|
- Version update to 1.2.25:
|
|
|
|
|
* Various small fixes
|
|
|
|
|
* Coverity cleanups
|
|
|
|
|
* Removed support for old openssl
|
|
|
|
|
|
2017-04-21 10:49:24 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Apr 20 14:48:11 UTC 2017 - vmiklos@collabora.co.uk
|
|
|
|
|
|
|
|
|
|
- Version update to 1.2.24:
|
|
|
|
|
* Added ECDSA-SHA1, ECDSA-SHA256, ECDSA-SHA512 support
|
|
|
|
|
for xmlsec-nss.
|
|
|
|
|
|
|
|
|
|
* Fixed XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS
|
|
|
|
|
handling.
|
|
|
|
|
|
|
|
|
|
* Disabled external entities loading by xmlsec utility app by
|
|
|
|
|
default to prevent XXE attacks.
|
|
|
|
|
|
|
|
|
|
* Improved OpenSSL version and features detection.
|
|
|
|
|
|
|
|
|
|
* Cleaned up, simplified, and standardized internal error
|
|
|
|
|
reporting.
|
|
|
|
|
|
|
|
|
|
* Fixed a few Coverity-discovered bugs.
|
|
|
|
|
|
|
|
|
|
* Marked as deprecated all the functions in xmlsec/soap.h file
|
|
|
|
|
and a couple other functions no longer required by xmlsec.
|
|
|
|
|
These functions will be removed in the future releases.
|
|
|
|
|
|
|
|
|
|
* Several other small fixes (see commit log for more details).
|
|
|
|
|
|
2017-03-24 16:14:33 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Mar 23 12:19:26 UTC 2017 - pmonrealgonzalez@suse.com
|
|
|
|
|
|
|
|
|
|
- Fixed dependencies with libraries (bsc#1012246):
|
|
|
|
|
* libxmlsec1-openssl.so
|
|
|
|
|
* libxmlsec1-gcrypt.so
|
|
|
|
|
* libxmlsec1-gnutls.so
|
|
|
|
|
* libxmlsec1-nss.so
|
|
|
|
|
|
2016-11-28 10:31:46 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Nov 28 09:29:03 UTC 2016 - tchvatal@suse.com
|
|
|
|
|
|
|
|
|
|
- Version update to 1.2.23:
|
|
|
|
|
* Full support for OpenSSL 1.1.0
|
|
|
|
|
* Several other small fixes
|
|
|
|
|
|
2016-05-25 12:56:13 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed May 25 10:49:08 UTC 2016 - tchvatal@suse.com
|
|
|
|
|
|
2016-06-17 12:34:19 +02:00
|
|
|
- Version update to 1.2.22 (fate#320861):
|
2016-05-25 12:56:13 +02:00
|
|
|
* see the ChangeLog for most detailed output
|
|
|
|
|
* openssl 1.1 support
|
|
|
|
|
* Few features from libreoffice for integrated
|
|
|
|
|
* Run the testsuite
|
|
|
|
|
|
2015-09-03 14:54:20 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Sep 3 12:39:49 UTC 2015 - astieger@suse.com
|
|
|
|
|
|
|
|
|
|
- update to 1.2.20:
|
|
|
|
|
* fix a number of miscellaneous bugs
|
|
|
|
|
* update expired or soon-to-be-expired certificates in test suite
|
|
|
|
|
|
2014-01-07 14:11:31 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 7 13:10:28 UTC 2014 - mvyskocil@suse.com
|
|
|
|
|
|
|
|
|
|
- Initial packaging of xmlsec1 for SUSE
|
|
|
|
|
|
