xml-security-c (1.6.1-1~bpo60+1) squeeze-backports; urgency=high

  * Backport to stable.
  * Weaken dependency on libssl-dev to allow building against the squeeze
    OpenSSL version.

 -- Russ Allbery <rra@debian.org>  Thu, 27 Oct 2011 17:18:12 -0700

xml-security-c (1.6.1-1) unstable; urgency=high

  * Urgency high for security fix.
  * New upstream release.
    - DSIGObject::load method crashes for ds:Object without Id attribute
    - Buffer overflow when signing or verifying files with big asymmetric
      keys (Closes: #632973, CVE-2011-2516)
    - Memory bug inside XENCCipherImpl::deSerialise
    - Function cleanURIEscapes always throws XSECException, when any
      escape sequence occurs
    - Function isHexDigit doesn't recognize invalid escape sequences
    - Percent-encoded multibyte (UTF-8) sequences unrecognized
    - RSA-OAEP handler only allows SHA-1 digests
  * Update debian/watch for the new organization of Apache downloads.

 -- Russ Allbery <rra@debian.org>  Thu, 07 Jul 2011 09:10:33 -0700

xml-security-c (1.6.0-2) unstable; urgency=low

  * Force build dependency on libssl-dev 1.0 or later for consistent build
    results.  If some Shibboleth-related libraries are built against
    earlier versions of libssl, it produces linking failures when building
    the Shibboleth SP package.
  * Stop running autoreconf during the build.  Upstream now ships
    sufficiently new generated files, and we no longer patch configure.
    Remove the associated build dependencies and extra clean files.
  * Update standards version to 3.9.2 (no changes required).

 -- Russ Allbery <rra@debian.org>  Thu, 07 Apr 2011 14:29:28 -0700

xml-security-c (1.6.0-1) unstable; urgency=low

  * New upstream releaes.
    - Expose algorithm URI on Signature and Reference objects
    - White/blacklisting of otherwise registered algorithms
    - Allow selected XML Signature 1.1 KeyInfo extensions
    - Add elliptic curve keys and signatures via ECDSA
    - Support debugging of Reference/SignedInfo data
    - Add methods for Reference removal to DSIGSignature and
      DSIGSignedInfo classes
    - Lots of various bug fixes
  * Add build dependency on pkg-config, which upstream now uses to find
    the SSL libraries.
  * Remove --with-xerces from the configure flags, since "yes" is
    interpreted as a path to libraries and headers.
  * Remove unnecessary --with-openssl from configure flags.
  * Update to debhelper compatibility level V8.
    - Use the autotools-dev debhelper module for config.{sub,guess}.
    - Use debhelper rule minimization.
    - Move files to clean into a separate clean control file.
  * Use autoreconf instead of running the tools separately.
  * Update package home page for new upstream location.
  * Update package long description for the new official upstream name.
  * Update debian/copyright to the current DEP-5 specification.
  * Install the upstream NOTICE.txt file.
  * Change to Debian source format 3.0 (quilt).  Force a single Debian
    patch for simplicity since the packaging is maintained in Git using
    branches, and include a patch header explaining why.
  * debian/watch fixes for upstream distribution and versioning.
    - Mangle a tilde into upstream rc version numbers.
    - Update the upstream distribution URL.
    - Avoid matching signature and checksum files.
  * Update standards version to 3.9.1 (no changes required).

 -- Russ Allbery <rra@debian.org>  Sun, 06 Mar 2011 20:29:13 -0800

xml-security-c (1.5.1-3) unstable; urgency=low

  * Force source format 1.0 for now since it makes backporting easier.
  * Add ${misc:Depends} to all package dependencies.
  * Update debhelper compatibility level to V7.
    - Use dh_prep instead of dh_clean -k.
  * Update standards version to 3.8.4 (no changes required).

 -- Russ Allbery <rra@debian.org>  Wed, 12 May 2010 20:59:25 -0700

xml-security-c (1.5.1-2) unstable; urgency=low

  * Fix the dependencies of libxml-security-c-dev to depend on Xerces-C
    3.x and stop depending on Xalan, reflecting the changes to the library
    build.

 -- Russ Allbery <rra@debian.org>  Thu, 06 Aug 2009 08:32:16 -0700

xml-security-c (1.5.1-1) unstable; urgency=low

  * New upstream release.
    - Rename library package for upstream SONAME bump.
  * Upstream now ships an older version of libtool, so run libtoolize and
    aclocal before the build.  Add build dependencies on automake and
    libtool.
  * Build against Xerces-C 3.0.
  * Stop building against Xalan.  The Xalan packages for Debian have been
    orphaned, the current Xalan release does not support Xerces-C 3.0, and
    porting it is not trivial.

 -- Russ Allbery <rra@debian.org>  Wed, 05 Aug 2009 14:11:52 -0700

xml-security-c (1.4.0-4) unstable; urgency=high

  * CVE-2009-0217: Apply upstream patch to sanity-check the HMAC
    truncation length.  Closes a vulnerability that could allow an
    attacker to spoof HMAC-based signatures and bypass authentication.
  * Remove duplicate section for libxml-security-c14.
  * Update standards version to 3.8.2 (no changes required).

 -- Russ Allbery <rra@debian.org>  Fri, 24 Jul 2009 15:02:55 -0700

xml-security-c (1.4.0-3) unstable; urgency=low

  * Drop the suggests of libxml-security-c-doc since upstream no longer
    includes the documentation.

 -- Russ Allbery <rra@debian.org>  Tue, 26 Aug 2008 16:38:08 -0700

xml-security-c (1.4.0-2) unstable; urgency=low

  [ Ferenc Wagner ]
  * Add dependencies to libxml-security-c-dev for the packages whose
    header files are included by XML-Security-C headers.

  [ Russ Allbery ]
  * Include the SONAME portion of the library filename in the *.install
    file for libxml-security-c14 so that the build will fail if the
    library name unexpectedly changes.
  * Rewrite debian/copyright in the new proposed format.
  * Reference the Apache 2.0 license in common-licenses instead of
    including a copy.
  * Update standards version to 3.8.0.
  * Update watch format to 3 (no changes required).

 -- Russ Allbery <rra@debian.org>  Wed, 18 Jun 2008 18:22:49 -0700

xml-security-c (1.4.0-1) unstable; urgency=low

  * New upstream release.
    - Drop the libxml-security-c-doc package.  Upstream no longer includes
      the API documentation in their source package and it's not useful
      enough to generate ourselves at build time.
    - Bump library SONAME.
  * Maintainer is now the Debian Shib Team.  Move myself to Uploaders.
  * Build against libxerces-c2-dev.  (Closes: #479195)
  * Remove all modified files on debian/rules clean.
  * Stop using quilt and instead apply the patches directly.
  * Move Homepage to a regular control field.
  * Add Vcs-Git and Vcs-Browser control fields.
  * Update standards version to 3.7.3 (no changes required).

 -- Russ Allbery <rra@debian.org>  Sun, 11 May 2008 20:16:30 -0700

xml-security-c (1.3.1-1) unstable; urgency=low

  * New upstream release.
    - Performance improvements in canonicalisation.
    - Update signature classes to pass in requested algorithms as URIs
      rather than enums.  Enum based methods are now deprecated.
    - Fix memory leaks in OpenSSL wrapping code.
    - Provide ability for calling application to define whether references
      are interlocking.
    - Complete implementation of XKMS message set
    - Methods to allow loading of encrypted data without doing decrypt 
      and to process a decrypt/encrypt operation without replacing the
      original nodes.
    - Various bug fixes.
  * Add patch from Cyril Brulebois to recognize kFreeBSD and GNU Hurd
    systems.  (Closes: #414210)
  * Remove Quanah from maintainers at his request.
  * Update debhelper compatibility level to V5.

 -- Russ Allbery <rra@debian.org>  Wed, 16 May 2007 20:59:11 -0700

xml-security-c (1.2.1-3) unstable; urgency=low

  * Fix compilation with g++ 4.1.  (Closes: #375348)

 -- Russ Allbery <rra@debian.org>  Mon, 26 Jun 2006 20:44:57 -0700

xml-security-c (1.2.1-2) unstable; urgency=low

  * Initial upload to Debian.  (Closes: #368551)
  * Include Xalan support.
  * Only include the major library version in the SONAME, not the minor
    library version.  The minor version corresponds to patch releases,
    which shouldn't break the ABI.
  * Package library documentation as libxml-security-c-doc.
  * Minor improvements to package descriptions.  Add homepage links.
  * Pre-create the library directory in debian/rules rather than via a
    patch.
  * Switch to quilt as the patch system.
  * Update config.guess and config.sub.
  * Change priority to extra.
  * General cleanup of debian/rules.
    - Remove commented-out and unused code.
    - Add build-arch and build-indep targets, just in case.
    - Run make distclean, not clean, and check its error status.
    - Always pass the host type into configure.
  * Include NOTICE text in debian/copyright rather than installing NOTICE,
    and include an explicit copyright statement and a license for the
    Debian packaging modifications.
  * Don't install CHANGELOG.txt twice or KEYS at all.
  * Remove unnecessary dh_installdirs invocation.
  * Install whole directories rather than wildcards in *.install files.
  * Remove commented-out samples from debian/watch.
  * Update to standards version 3.7.2 (no changes required).
  * Add myself as uploader.

 -- Russ Allbery <rra@debian.org>  Tue, 30 May 2006 17:49:15 -0700

xml-security-c (1.2.1-1) stable; urgency=low

  * Initial Release.

 -- Quanah Gibson-Mount <quanah@stanford.edu>  Thu, 30 Mar 2006 17:09:41 -0800

