Accepted xmltooling 3.0.4-1~bpo9+1 (source i386 all) into stretch-backports->backports-policy, stretch-backports

To: debian-backports-changes@lists.debian.org
Subject: Accepted xmltooling 3.0.4-1~bpo9+1 (source i386 all) into stretch-backports->backports-policy, stretch-backports
From: Etienne Dysli Metref <etienne.dysli-metref@switch.ch>
Date: Mon, 08 Apr 2019 14:11:25 +0000
Message-id: <[🔎] E1hDUzd-000CWv-HX@fasolo.debian.org>
Mail-followup-to: debian-backports@lists.debian.org
Reply-to: debian-backports@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 21 Mar 2019 17:42:43 +0100
Source: xmltooling
Binary: libxmltooling8 libxmltooling-dev xmltooling-schemas libxmltooling-doc
Architecture: source i386 all
Version: 3.0.4-1~bpo9+1
Distribution: stretch-backports
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Etienne Dysli Metref <etienne.dysli-metref@switch.ch>
Description:
 libxmltooling-dev - C++ XML parsing library with encryption support (development)
 libxmltooling-doc - C++ XML parsing library with encryption support (API docs)
 libxmltooling8 - C++ XML parsing library with encryption support (runtime)
 xmltooling-schemas - XML schemas for XMLTooling
Closes: 859831 915820 924346
Changes:
 xmltooling (3.0.4-1~bpo9+1) stretch-backports; urgency=medium
 .
   * Rebuild for stretch-backports.
   * [89e1b1e] Require Xerces-C 3.2
   * [b93628c] Stay with OpenSSL 1.0.
     Since libcurl in stretch is built against OpenSSL 1.0, we have to use
     the same version.
     Revert "Enable building with OpenSSL 1.1"
     This reverts commit cb6df2ad67dccc66884bcd86ba8d9eebdac58813.
 .
 xmltooling (3.0.4-1) unstable; urgency=high
 .
   * [f185b26] New upstream security release: 3.0.4
     DSA-4407-1, CVE-2019-9628: uncaught exception on malformed XML
     declaration.
     Invalid data in the XML declaration causes an exception of a type
     that was not handled properly in the parser class and propagates an
     unexpected exception type.
     This generally manifests as a crash in the calling code, which in the
     Service Provider software's case is usually the shibd daemon process,
     but can be Apache in some cases. Note that the crash occurs prior to
     evaluation of a message's authenticity, so can be exploited by an
     untrusted attacker.
     https://shibboleth.net/community/advisories/secadv_20190311.txt
     https://issues.shibboleth.net/jira/browse/CPPXT-143
     Thanks to Scott Cantor (Closes: #924346)
 .
 xmltooling (3.0.3-1) unstable; urgency=medium
 .
   [ Ferenc Wágner ]
   * [d7405e9] New upstream release: 3.0.3
   * [58fafb7] Drop the patches, they are included in upstream 3.0.3
   * [97b5311] Update Standards-Version to 4.3.0 (no changes required).
 .
   [ Pino Toscano ]
   * [36d1972] Declare zlib1g-dev build dependency (Closes: #915820)
 .
 xmltooling (3.0.2-2) unstable; urgency=medium
 .
   * [bc7d7bc] Update Standards-Version to 4.2.1 (no changes required)
   * [4ad9127] Cherry pick upstream patches fixing build with OpenSSL 1.1.1
   * [b774ae2] The --enable-debug switch activates additional tracing code.
     It does not influence the optimization level.
   * Upload to unstable
 .
 xmltooling (3.0.2-1) experimental; urgency=medium
 .
   * [263b9d1] New upstream release: 3.0.2
   * [6ffad35] All of our patches were included upstream
   * [dc188aa] Update Standards-Version to 4.1.5 (no changes required)
   * [1dbdaee] Switch to Debhelper compat level 11
   * [8a38bae] Stop repeating the common part of the package descriptions
   * [ec0997b] Multiarch doesn't need Pre-Depends anymore
   * [e33065c] Rename library package according to the new soversion
   * [cb6df2a] Enable building with OpenSSL 1.1 (Closes: #859831)
   * [49b8ca9] Revert "Provide a GCC 7 build with strict enough shlibs"
     The GCC7 switchover is long done, this constraint isn't needed anymore.
   * [c5f26c9] Update debian/copyright
   * [5099fb1] Shibboleth SP 3 requires XML-Security 2 and log4shib 2
   * [65857d6] We do not ship the libtool archive files.
     But upstream installs them now to support make uninstall.
   * [d5d3966] Clean up trailing whitespace in debian/changelog
   * [b4e7f10] Our headers include Boost headers
Checksums-Sha1:
 278405a15667b3a5d254d67f6399d8afc2b070d8 2743 xmltooling_3.0.4-1~bpo9+1.dsc
 67304b55053bcdc7ca2f3591ba16f316d23517b2 53200 xmltooling_3.0.4-1~bpo9+1.debian.tar.xz
 2c693048b92befeacfcec6ce4b109b55a2d1e8c0 79220 libxmltooling-dev_3.0.4-1~bpo9+1_i386.deb
 1a9abec79711f12b88220f5348e1b3e6492f71d1 5367676 libxmltooling-doc_3.0.4-1~bpo9+1_all.deb
 55569b5fed774f751e3df969ce41c16e1bf8b27b 9200520 libxmltooling8-dbgsym_3.0.4-1~bpo9+1_i386.deb
 dfe11256ed998b945e9ef0dd645452e2e1cf757a 607180 libxmltooling8_3.0.4-1~bpo9+1_i386.deb
 0859d2425acfbcb8d9d9800daa4afdb6954a7009 20742 xmltooling-schemas_3.0.4-1~bpo9+1_all.deb
 10e4d5df10d75fb807d2b2d3e41083f58273cca5 10333 xmltooling_3.0.4-1~bpo9+1_i386.buildinfo
Checksums-Sha256:
 fd86648130c17b6fa3ebc843e1b2315219082c44c7614768276b6913146ee41e 2743 xmltooling_3.0.4-1~bpo9+1.dsc
 449c856b58be7f2ed2dadd14b5f7aca5945379eb662758d6a1407e497c7dcc35 53200 xmltooling_3.0.4-1~bpo9+1.debian.tar.xz
 8e0709d87c7b1ef70f46de0ef1827dc99af9e4855da490f1ca661bd0786f5a06 79220 libxmltooling-dev_3.0.4-1~bpo9+1_i386.deb
 bc3cdfda40c193372f545c78b8cf01b90e363af6ed59baafeb138c6eee73204b 5367676 libxmltooling-doc_3.0.4-1~bpo9+1_all.deb
 73d4606b2c22fccbe6d1c06f3a3da39c8dd8251c68a2872b0b663f9ab5472b09 9200520 libxmltooling8-dbgsym_3.0.4-1~bpo9+1_i386.deb
 f7e4cdafa952a96420d28e3e64803855263c2a5763e6837974fe6f080674c581 607180 libxmltooling8_3.0.4-1~bpo9+1_i386.deb
 c8c26faae050bd9e15844c2741b0d8a2a6f8e559512519e6b7f9abf1741038f7 20742 xmltooling-schemas_3.0.4-1~bpo9+1_all.deb
 a1cf2b5c08a5421899d70e33f8b397099be88e5e3438831bc0e919f86dc270e1 10333 xmltooling_3.0.4-1~bpo9+1_i386.buildinfo
Files:
 d94b7e0cf831dae7f8526664881add76 2743 libs optional xmltooling_3.0.4-1~bpo9+1.dsc
 41495e6a81b0acc83e8f27d7569b8dc9 53200 libs optional xmltooling_3.0.4-1~bpo9+1.debian.tar.xz
 045f9051736cf4b4865c43daf0f9a62e 79220 libdevel optional libxmltooling-dev_3.0.4-1~bpo9+1_i386.deb
 710200203d380da9bfc01de188d64a21 5367676 doc optional libxmltooling-doc_3.0.4-1~bpo9+1_all.deb
 4eeacd58c64c84e831f7f27cb8fabf35 9200520 debug optional libxmltooling8-dbgsym_3.0.4-1~bpo9+1_i386.deb
 f46510a50dc2a53b58aff99942089934 607180 libs optional libxmltooling8_3.0.4-1~bpo9+1_i386.deb
 ab54a1f64e5894bc786f7ab8c2bce85c 20742 text optional xmltooling-schemas_3.0.4-1~bpo9+1_all.deb
 4ee87cf26ef33bd40166ac57a95e15fe 10333 libs optional xmltooling_3.0.4-1~bpo9+1_i386.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAlykwT0ACgkQOsj3Fkd+
2yNciw//SjeYXirho88A+UF9QrcFBwH33nV+/bcB3G6W2ruLYSarzWot46/1dZpF
OVidRiVT5jrQHekdmWsdCGjCLf6I8W0sKZGqf2lXWz8Nl/SluoBLBI0vEfvnniwp
aF+ZJdgv2txDi9QVNhDfae7mvaRCy0lJd2r9GL0ut2oBkky/GI2pWHPBEF0QTfuF
Pp7OUuhrZa2WX6wyQNocOvNcCeHeiBpcpHS4uMOhV0YjpKhHZ7NY9Zj4FKG9Nzmh
ueqslmK77gNv9vnQxDUpfYQACrE5BRSy6vQGib0J9DlQGiPpoPENW3hJtYecwOwB
jH1yURFeXzuqIMJdUJw4yGX6KBTPCLNISJxzT82l2B0Rhxl/R8BWYXWa4KH4Lt5n
fkj0Uvt38V4ccTKv0bVlOeMEARGDIoFbqfIhm5JwSvOXjPHkYcmduyiOJhHKI17z
zohwVvNW4EdFldsuLUH69/0UFXzSzfM1jlJAtb7fRq1R7AkUfKaVw86pKOndOJTT
PsgzXVk2YvOlqYaVSVbSbNHHTBQgjTa4jHePH6CTeNByt5HtEwXvFwJaKBoi4wwN
6xiUlZPuarB16nF/RNA3pXwi4zD0KgucSVzwSPC4+TVsxToHEW58x0kgEQWeflob
GEnTVPK6n6/4eql3rZPaOnCgSJEOpxG4/4Y3dJwjqxP2qFHduPw=
=Oej6
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted shibboleth-sp 3.0.4+dfsg1-1~bpo9+1 (source i386 all) into stretch-backports->backports-policy, stretch-backports
Next by Date: Accepted debhelper 12.1.1~bpo9+1 (source) into stretch-backports->backports-policy, stretch-backports
Previous by thread: Accepted shibboleth-sp 3.0.4+dfsg1-1~bpo9+1 (source i386 all) into stretch-backports->backports-policy, stretch-backports
Next by thread: Accepted debhelper 12.1.1~bpo9+1 (source) into stretch-backports->backports-policy, stretch-backports
Index(es):
- Date
- Thread