[SCM] Debian packaging for XML-Security-C annotated tag, debian/1.6.1-5+deb7u1_bpo60+1, created. debian/1.6.1-5+deb7u1_bpo60+1

Russ Allbery rra at debian.org
Tue Jun 18 18:04:04 UTC 2013


The annotated tag, debian/1.6.1-5+deb7u1_bpo60+1 has been created
        at  0ffc3fc488d829aabf7d89cb59a06be326eb982d (tag)
   tagging  112cb3461ddd1848ce983d0719e5a5566bec7768 (commit)
  replaces  debian/1.6.1-5+deb7u1
 tagged by  Russ Allbery
        on  Tue Jun 18 11:03:32 2013 -0700

- Shortlog ------------------------------------------------------------
Debian release 1.6.1-5+deb7u1~bpo60+1

Format: 1.8
Date: Tue, 18 Jun 2013 10:39:10 -0700
Source: xml-security-c
Binary: libxml-security-c16 libxml-security-c-dev
Architecture: source i386
Version: 1.6.1-5+deb7u1~bpo60+1
Distribution: squeeze-backports
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Russ Allbery <rra at debian.org>
Description:
 libxml-security-c-dev - C++ library for XML Digital Signatures (development)
 libxml-security-c16 - C++ library for XML Digital Signatures (runtime)
Closes: 656658
Changes:
 xml-security-c (1.6.1-5+deb7u1~bpo60+1) squeeze-backports; urgency=high
 .
   * Backport to oldstable.
   * Revert the change to use multiarch and force a non-multiarch libdir.
   * Relax versioned dependency on libssl-dev to build on squeeze.
 .
 xml-security-c (1.6.1-5+deb7u1) stable-security; urgency=high
 .
   * Apply upstream patch to fix a spoofing vulnerability that allows an
     attacker to reuse existing signatures with arbitrary content.
     (CVE-2013-2153)
   * Apply upstream patch to fix a stack overflow in the processing of
     malformed XPointer expressions in the XML Signature Reference
     processing code.  (CVE-2013-2154)
   * Apply upstream patch to fix processing of the output length of an
     HMAC-based XML Signature that could cause a denial of service when
     processing specially chosen input.  (CVE-2013-2155)
   * Apply upstream patch to fix a heap overflow in the processing of the
     PrefixList attribute optionally used in conjunction with Exclusive
     Canonicalization, potentially allowing arbitrary code execution.
     (CVE-2013-2156)
 .
 xml-security-c (1.6.1-5) unstable; urgency=low
 .
   * Revert changes to add symbols file.  Due to churn in weak symbols for
     inlined functions, it doesn't appear maintainanable with existing
     tools, and for this library the shlibs behavior seems sufficient.
   * Minor update to the format of the debian/copyright file.
 .
 xml-security-c (1.6.1-4) unstable; urgency=low
 .
   * Update symbols files for all non-i386 architectures currently built by
     the buildds except mipsel (which will hopefully be the same as mips).
   * Build-Depend on pkg-kde-tools and use its symbolhelper plugin so that
     the package can use the output of pkgkde-symbolshelper.
 .
 xml-security-c (1.6.1-3) unstable; urgency=low
 .
   * Also enable bindnow hardening build flags and use the correct syntax
     to add additional hardening flags.
   * Add symbols file constructed with pkgkde-symbolshelper.  Add a
     README.source file with a pointer to the documentation.
 .
 xml-security-c (1.6.1-2) unstable; urgency=low
 .
   * Update to debhelper compatibility level V9.
     - Enable hardening build flags.  (Closes: #656658)
     - Enable multiarch support.
Checksums-Sha1:
 960a84ee63c4b7ccdf098fc9de6552e9885be85b 1743 xml-security-c_1.6.1-5+deb7u1~bpo60+1.dsc
 58855d31c6aabc112165e2f35116589e84b3d9f9 12203 xml-security-c_1.6.1-5+deb7u1~bpo60+1.debian.tar.gz
 09ea23c1d08e42ca3143ae7eb81591e3fc1b712d 384304 libxml-security-c16_1.6.1-5+deb7u1~bpo60+1_i386.deb
 5e90bf5b17d1dd65f972f360b3dc3d3203be160f 151282 libxml-security-c-dev_1.6.1-5+deb7u1~bpo60+1_i386.deb
Checksums-Sha256:
 4bb24c43352f89c08e1aa00a5653fa071b533302d79695a2fdc6580ae6131486 1743 xml-security-c_1.6.1-5+deb7u1~bpo60+1.dsc
 ee43548db383216aa01a2703c63c0e247be4ede97d267de4d007747c36b7e0b5 12203 xml-security-c_1.6.1-5+deb7u1~bpo60+1.debian.tar.gz
 7d37fd65ecc0c4f847786f1805e8b56d2e2f7756c1c577a9ae632d0755cfeda0 384304 libxml-security-c16_1.6.1-5+deb7u1~bpo60+1_i386.deb
 49b5db1a76369d219e8c09885815c5647cb0281b594ff802446b1482c7ef4a76 151282 libxml-security-c-dev_1.6.1-5+deb7u1~bpo60+1_i386.deb
Files:
 4dd12b52976d3b57a182ced695922a5b 1743 libs extra xml-security-c_1.6.1-5+deb7u1~bpo60+1.dsc
 015223ec5a23f87d2a47a2535b46d21c 12203 libs extra xml-security-c_1.6.1-5+deb7u1~bpo60+1.debian.tar.gz
 977abbbceff52e69802988ea4f4de7ab 384304 libs extra libxml-security-c16_1.6.1-5+deb7u1~bpo60+1_i386.deb
 bc244e9a8d0dfb14883cf54e45161ac0 151282 libdevel extra libxml-security-c-dev_1.6.1-5+deb7u1~bpo60+1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAABCAAGBQJRwKECAAoJEH2AMVxXNt51Y4MH/1BWNsGBdJbPW384Q3TH9Ywx
VoUwS+uXYfmF0FMKzMjc7K/FsTLTo5Hsd5hDjpPAzd7fGdW0MVnOFGdm1sa2AHN3
/y0v3BN2VMfP2GTKOVTC9vDzX9xJKyfD88JvwCJIecVTjxc6SfhwssMIl+uC3gXi
GZbvhYQLbrvM8643AucQZdVrP06d2hhVweqsT50QWSCdQM+gDuFFrpkfE4M2dAwj
lEJZnjQ23VXa391BSaeSX1kbeK1ut4xZzXyDAkzMmmGW6v+rcN7IEpZjSgxHX4Gt
Hg4ImjVlgatSur2qY08u+Ctve6xcCKC6euthqTTEZYd9OYqAxJBK2lymsxK29vg=
=/Pls
-----END PGP SIGNATURE-----

Russ Allbery (2):
      Start backport and revert multiarch changes
      Relax versioned dependency on libssl-dev to build on squeeze

-----------------------------------------------------------------------

-- 
Debian packaging for XML-Security-C



More information about the Pkg-shibboleth-devel mailing list