- Update to 1.3.1:
* core xmlsec and all xmlsec-crypto libraries:
+ (ABI breaking change) Added support for the KeyInfoReference Element.
+ (ABI breaking change) Switched xmlSecSize to use size_t by default.
Use "--enable-size-t=no" configure option ("size_t=no" on Windows)
to restore the old behaviour (note that support for xmlSecSize
being different from size_t will be removed in the future).
+ (API breaking change) Changed the key search to strict mode: only
keys referenced by KeyInfo are used. To restore the old "lax" mode,
set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx
or use '--lax-key-search' option for XMLSec command line utility.
+ (API breaking change) The KeyName element content is now trimmed
before key search is performed.
+ (API breaking change) Disabled FTP support by default.
Use "--enable-ftp" configure option to restore it. Also added
"--enable-http" and "--enable-files" configure options to control
support for loading files over HTTP or locally.
+ (API/ABI breaking change) Disabled MD5 digest method by default.
Use "--enable-md5" configure options to re-enable MD5.
+ (ABI breaking change) Added "failureReason" file to xmlSecDSigCtx
and xmlEncCtx to provide more granular operation failure reason.
+ (ABI breaking change) Removed deprecated functions.
+ Added support for loading keys through ossl-store interface.
Also see '--privkey-openssl-store' and '--pubkey-openssl-store '
command line options for XMLSec utility.
+ Added ability to control transforms binary chunk size to improve
performance (see '--transform-binary-chunk-size' command line option
for XMLSec utility).
+ Fixed all potentially unsafe integer conversions and all the
other warnings.
+ Added XML Signature 1.1 interop (2012) and XML Encryption 1.1
interop (2012) tests.
* xmlsec-openssl library:
+ Added support for SHA3 digests.
+ Added support for ECDSA-SHA3 signatures.
+ Added support for RSA PSS signatures (withtout parameters).
+ Added support for ConcatKDF key and PBKDF2 derivation algorithms.
+ (ABI breaking change) Added support for ECDH-ES Key Agreement
algorithm.
+ (ABI breaking change) Added support for DH-ES Key Agreement
algorithm with explicit KDF.
+ Added support for MGF1 algorithm to RSA OAEP key transport.
+ Added support for X509Digest element and ability to lookup keys
using other X509Data elements.
+ Added support for DEREncodedKeyValue element.
+ Automatically set key name from PKCS12 key name.
+ Removed support for OpenSSL 1.0.0 and LibreSSL before 2.7.0.
* xmlsec-nss library:
+ Added support for RSA PSS signatures (withtout parameters).
+ Added support for RSA OAEP key transport including MGF1 algorithms.
+ Added support for AES GCM ciphers.
+ Added support for PBKDF2 derivation algorithm.
+ Added support for X509Digest element and ability to lookup keys
using other X509Data elements.
+ Added support for DEREncodedKeyValue element.
+ Automatically set key name from PKCS12 key name.
* xmlsec-gnutls library:
+ (API/ABI breaking change) Removed dependency on xmlsec-gcrypt
and libgcrypt libraries (including API functions) to enable
support for different GnuTLS backends.
+ Bumped minimal GnuTLS version to 3.6.13.
+ Added support for SHA3 digests.
+ Added support for ECDSA signatures.
+ Added support for DSA-SHA256 signatures.
+ Added support for RSA PSS signatures (withtout parameters).
+ Added support for RSA PKCS 1.5 key transport.
+ Added support for AES GCM ciphers.
+ Added support for PBKDF2 derivation algorithm.
+ Added support for X509Digest element and ability to lookup keys
using other X509Data elements.
+ Added support for DEREncodedKeyValue element.
+ Automatically set key name from PKCS12 key name.
* xmlsec-mscng library:
+ Added support for RSA PSS signatures (withtout parameters).
+ Added support for MGF1 algorithm to RSA OAEP key transport.
+ (ABI breaking change) Added support for ECDH-ES Key Agreement algorithm.
+ Added support for ConcatKDF key and PBKDF2 derivation algorithms.
+ Added support for X509Digest element for keys and certificates
lookup from the system stores (only SHA1 is supported).
+ Added support for DEREncodedKeyValue element.
+ Automatically set key name from PKCS12 key name.
* xmlsec-gcrypt library:
+ In maintenance mode starting from this release.
+ Added support for SHA3 digests.
+ Added support for ECDSA signatures.
+ Added support for RSA PSS signatures (withtout parameters).
+ Added support for RSA PKCS 1.5 key transport.
+ Added support for RSA OAEP key transport including MGF1 algorithms.
* xmlsec command line utility:
+ (API breaking change) The XMLSec command line utility is using 'strict' key
search mode by default. To restore the old 'lax' key search mode,
use the new '--lax-key-search' option.
+ (API breaking change) The XMLSec command line utility is no longer
prints detailed errors by default. To restore the detailed errors,
use the new '--verbose' option.
+ Added '--transform-binary-chunk-size' option to control transforms
binary chunk size (increasing the chunk size should improve
performance at the expense of memory usage.
+ Added support for loading keys through ossl-store interface.
Also see '--privkey-openssl-store' and '--pubkey-openssl-store'
command line options for XMLSec utility.
+ Added '--enabled-key-info-reference-uris' option to control processing of
the the KeyInfoReference Element.
+ Added '--pbkdf2-key' option for loading PBKDF2 keys.
+ Added '--concatkdf-key' option for loading ConcatKDF keys.
+ Added '--hmac-min-out-len' option to control the min accepted HMAC Output length.
+ Added '--pubkey-openssl-engine' option to load public keys from OpenSSL engine.
+ Added '--crl-pem' and '--crl-der' options to load CRLs.
+ Added '--verify-keys' option to verify key's certificate before
loading into Keys Manager (only supported for OpenSSL currently).
+ Enabled templatized output filenames to facilitate batch operations on
multiple input files.
OBS-URL: https://build.opensuse.org/request/show/1102129
OBS-URL: https://build.opensuse.org/package/show/LibreOffice:Factory/xmlsec1?expand=0&rev=50
- Update to 1.2.36:
* Retired the XMLSec mailing list "xmlsec@aleksey.com" and the
XMLSec Online Signature Verifier.
- Update to 1.2.35:
* Migration to OpenSSL 3.0 API (based on PR by @snargit). Note
that OpenSSL engines are disabled by default when XMLSec
library is compiled against OpenSSL 3.0. To re-enable OpenSSL
engines, use "--enable-openssl3-engines" configure flag (there
will be a lot of deprecation warnings).
* The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now
deprecated and will be removed in the future versions of
XMLSec Library.
* Refactored all the integer casts to ensure cast-safety. Fixed
all warnings and enabled "-Werror" and "-pedantic" flags on
CI builds.
* Added configure flag to use size_t for xmlSecSize (currently
disabled by default for backward compatibility).
* Moved all CI builds to GitHub actions.
OBS-URL: https://build.opensuse.org/request/show/1033572
OBS-URL: https://build.opensuse.org/package/show/LibreOffice:Factory/xmlsec1?expand=0&rev=44
* Added AES-GCM support for OpenSSL and MSCNG (snargit).
* Added DSA-SHA256 and ECDSA-SHA384 support for NSS (vmiklos).
* Added RSA-OAEP support for MSCNG (vmiklos).
* Continuous build integration in Travis and Appveyor.
* Several other small fixes (more details).
OBS-URL: https://build.opensuse.org/package/show/LibreOffice:Factory/xmlsec1?expand=0&rev=23
