Package: xmltooling | Debian Sources

Package: xmltooling / 1.6.0-4+deb9u2

Metadata

Package	Version	Patches format
xmltooling	1.6.0-4+deb9u2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
Disable forcing of libtool silent.patch \| (download)	configure.ac \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	disable forcing of libtool --silent Debian build log analysis wants verbose logs.
Use pkg config for log4shib log4cpp.patch \| (download)	configure.ac \| 53 4 + 49 - 0 ! xmltooling/Makefile.am \| 4 4 + 0 - 0 ! 2 files changed, 8 insertions(+), 49 deletions(-)	use pkg-config for log4shib/log4cpp
Fail configuration if dlopen is not found.patch \| (download)	configure.ac \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	fail configuration if dlopen() is not found
Discover xerces xmlsec openssl and curl via pkg conf.patch \| (download)	configure.ac \| 171 29 + 142 - 0 ! m4/ax_restore_flags.m4 \| 52 52 + 0 - 0 ! m4/ax_save_flags.m4 \| 71 71 + 0 - 0 ! xmltooling/Makefile.am \| 12 6 + 6 - 0 ! xmltoolingtest/Makefile.am \| 3 2 + 1 - 0 ! 5 files changed, 160 insertions(+), 149 deletions(-)	discover xerces, xmlsec, openssl and curl via pkg-config
Propagate requirements into our pkg config file.patch \| (download)	Makefile.am \| 6 0 + 6 - 0 ! configure.ac \| 12 5 + 7 - 0 ! m4/ax_create_pkgconfig_info.m4 \| 349 0 + 349 - 0 ! m4/ax_pkg_check_modules.m4 \| 69 69 + 0 - 0 ! xmltooling.pc.in \| 13 13 + 0 - 0 ! 5 files changed, 87 insertions(+), 362 deletions(-)	propagate requirements into our pkg-config file
Make pkgconfigdir configurable.patch \| (download)	Makefile.am \| 1 0 + 1 - 0 ! configure.ac \| 1 1 + 0 - 0 ! 2 files changed, 1 insertion(+), 1 deletion(-)	make pkgconfigdir configurable
Print result of CURLINFO_TLS_SSL_PTR test.patch \| (download)	configure.ac \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	print result of curlinfo_tls_ssl_ptr test
Make pkgxmldir configurable.patch \| (download)	configure.ac \| 6 6 + 0 - 0 ! schemas/Makefile.am \| 2 0 + 2 - 0 ! xmltooling.pc.in \| 2 2 + 0 - 0 ! 3 files changed, 8 insertions(+), 2 deletions(-)	make pkgxmldir configurable
Finish separating flags use _LIBADD.patch \| (download)	configure.ac \| 12 8 + 4 - 0 ! xmltooling.pc.in \| 4 2 + 2 - 0 ! xmltooling/Makefile.am \| 14 8 + 6 - 0 ! 3 files changed, 18 insertions(+), 12 deletions(-)	finish separating flags, use _libadd
Add more forgotten test result prints.patch \| (download)	configure.ac \| 8 5 + 3 - 0 ! 1 file changed, 5 insertions(+), 3 deletions(-)	add more forgotten test result prints
Remove .pl extension of cxxtestgen.patch \| (download)	configure.ac \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	remove .pl extension of cxxtestgen
Don t install the test program but link correctly an.patch \| (download)	xmltoolingtest/Makefile.am \| 17 8 + 9 - 0 ! 1 file changed, 8 insertions(+), 9 deletions(-)	don't install the test program, but link correctly and run it
Test BUILD_UNITTEST in the main Makefile only.patch \| (download)	Makefile.am \| 6 5 + 1 - 0 ! xmltoolingtest/Makefile.am \| 6 0 + 6 - 0 ! 2 files changed, 5 insertions(+), 7 deletions(-)	test build_unittest in the main makefile only
The .cpp dependencies are well known no need to decl.patch \| (download)	xmltoolingtest/Makefile.am \| 1 0 + 1 - 0 ! 1 file changed, 1 deletion(-)	the .cpp dependencies are well known, no need to declare them
Refactor test source generation.patch \| (download)	xmltoolingtest/Makefile.am \| 56 25 + 31 - 0 ! 1 file changed, 25 insertions(+), 31 deletions(-)	refactor test source generation
Factor out the Xerces library dependence.patch \| (download)	xmltoolingtest/Makefile.am \| 5 3 + 2 - 0 ! 1 file changed, 3 insertions(+), 2 deletions(-)	factor out the xerces library dependence
Two more tests don t build without xmlsec.patch \| (download)	xmltoolingtest/Makefile.am \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	two more tests don't build without xmlsec
Only add found packages to the pkg config dependenci.patch \| (download)	m4/ax_pkg_check_modules.m4 \| 8 4 + 4 - 0 ! 1 file changed, 4 insertions(+), 4 deletions(-)	only add found packages to the pkg-config dependencies
Add separate pkg config file for xmltooling lite.patch \| (download)	Makefile.am \| 2 1 + 1 - 0 ! configure.ac \| 22 12 + 10 - 0 ! xmltooling-lite.pc.in \| 13 13 + 0 - 0 ! xmltooling.pc.in \| 4 2 + 2 - 0 ! 4 files changed, 28 insertions(+), 13 deletions(-)	add separate pkg-config file for xmltooling-lite
Enable skipping tests which require network access.patch \| (download)	xmltoolingtest/SecurityHelperTest.h \| 9 9 + 0 - 0 ! 1 file changed, 9 insertions(+)	enable skipping tests which require network access
Enable the dot feature of Doxygen.patch \| (download)	configure.ac \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	enable the dot feature of doxygen
Get new pthread checks from the Autoconf Archive.patch \| (download)	configure.ac \| 2 1 + 1 - 0 ! m4/acx_pthread.m4 \| 283 0 + 283 - 0 ! m4/ax_pthread.m4 \| 485 485 + 0 - 0 ! 3 files changed, 486 insertions(+), 284 deletions(-)	get new pthread checks from the autoconf archive GCC wants -pthread, not -lpthread as returned by the old ACX_PTHREAD.
security/CVE 2018 0486 Block entity reference nodes during unmarsh.patch \| (download)	xmltooling/io/AbstractXMLObjectUnmarshaller.cpp \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	cve-2018-0486 - block entity reference nodes during unmarshalling. https://issues.shibboleth.net/jira/browse/CPPXT-127
security/Add disallowDoctype to parser configuration.patch \| (download)	xmltooling/util/ParserPool.cpp \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	add disallowdoctype to parser configuration.
security/CVE 2018 0489 Fix additional data forgery flaws.patch \| (download)	xmltooling/AbstractComplexElement.cpp \| 16 15 + 1 - 0 ! xmltooling/AbstractSimpleElement.cpp \| 22 14 + 8 - 0 ! xmltooling/io/AbstractXMLObjectUnmarshaller.cpp \| 5 3 + 2 - 0 ! xmltooling/util/ParserPool.cpp \| 2 2 + 0 - 0 ! 4 files changed, 34 insertions(+), 11 deletions(-)	cve-2018-0489 - fix additional data forgery flaws These flaws allow for changes to an XML document that do not break a digital signature but alter the user data passed through to applications enabling impersonation attacks and exposure of protected information. https://shibboleth.net/community/advisories/secadv_20180227.txt https://issues.shibboleth.net/jira/browse/CPPXT-128
security/CVE 2019 9628 uncaught exception on malformed XML declara.patch \| (download)	xmltooling/util/ParserPool.cpp \| 18 16 + 2 - 0 ! 1 file changed, 16 insertions(+), 2 deletions(-)	cve-2019-9628 - uncaught exception on malformed xml declaration Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker. https://shibboleth.net/community/advisories/secadv_20190311.txt https://issues.shibboleth.net/jira/browse/CPPXT-143

Patch	File delta	Description
Disable forcing of libtool silent.patch \| (download)	configure.ac \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	disable forcing of libtool --silent Debian build log analysis wants verbose logs.
Use pkg config for log4shib log4cpp.patch \| (download)	configure.ac \| 53 4 + 49 - 0 ! xmltooling/Makefile.am \| 4 4 + 0 - 0 ! 2 files changed, 8 insertions(+), 49 deletions(-)	use pkg-config for log4shib/log4cpp
Fail configuration if dlopen is not found.patch \| (download)	configure.ac \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	fail configuration if dlopen() is not found
Discover xerces xmlsec openssl and curl via pkg conf.patch \| (download)	configure.ac \| 171 29 + 142 - 0 ! m4/ax_restore_flags.m4 \| 52 52 + 0 - 0 ! m4/ax_save_flags.m4 \| 71 71 + 0 - 0 ! xmltooling/Makefile.am \| 12 6 + 6 - 0 ! xmltoolingtest/Makefile.am \| 3 2 + 1 - 0 ! 5 files changed, 160 insertions(+), 149 deletions(-)	discover xerces, xmlsec, openssl and curl via pkg-config
Propagate requirements into our pkg config file.patch \| (download)	Makefile.am \| 6 0 + 6 - 0 ! configure.ac \| 12 5 + 7 - 0 ! m4/ax_create_pkgconfig_info.m4 \| 349 0 + 349 - 0 ! m4/ax_pkg_check_modules.m4 \| 69 69 + 0 - 0 ! xmltooling.pc.in \| 13 13 + 0 - 0 ! 5 files changed, 87 insertions(+), 362 deletions(-)	propagate requirements into our pkg-config file
Make pkgconfigdir configurable.patch \| (download)	Makefile.am \| 1 0 + 1 - 0 ! configure.ac \| 1 1 + 0 - 0 ! 2 files changed, 1 insertion(+), 1 deletion(-)	make pkgconfigdir configurable
Print result of CURLINFO_TLS_SSL_PTR test.patch \| (download)	configure.ac \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	print result of curlinfo_tls_ssl_ptr test
Make pkgxmldir configurable.patch \| (download)	configure.ac \| 6 6 + 0 - 0 ! schemas/Makefile.am \| 2 0 + 2 - 0 ! xmltooling.pc.in \| 2 2 + 0 - 0 ! 3 files changed, 8 insertions(+), 2 deletions(-)	make pkgxmldir configurable
Finish separating flags use _LIBADD.patch \| (download)	configure.ac \| 12 8 + 4 - 0 ! xmltooling.pc.in \| 4 2 + 2 - 0 ! xmltooling/Makefile.am \| 14 8 + 6 - 0 ! 3 files changed, 18 insertions(+), 12 deletions(-)	finish separating flags, use _libadd
Add more forgotten test result prints.patch \| (download)	configure.ac \| 8 5 + 3 - 0 ! 1 file changed, 5 insertions(+), 3 deletions(-)	add more forgotten test result prints
Remove .pl extension of cxxtestgen.patch \| (download)	configure.ac \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	remove .pl extension of cxxtestgen
Don t install the test program but link correctly an.patch \| (download)	xmltoolingtest/Makefile.am \| 17 8 + 9 - 0 ! 1 file changed, 8 insertions(+), 9 deletions(-)	don't install the test program, but link correctly and run it
Test BUILD_UNITTEST in the main Makefile only.patch \| (download)	Makefile.am \| 6 5 + 1 - 0 ! xmltoolingtest/Makefile.am \| 6 0 + 6 - 0 ! 2 files changed, 5 insertions(+), 7 deletions(-)	test build_unittest in the main makefile only
The .cpp dependencies are well known no need to decl.patch \| (download)	xmltoolingtest/Makefile.am \| 1 0 + 1 - 0 ! 1 file changed, 1 deletion(-)	the .cpp dependencies are well known, no need to declare them
Refactor test source generation.patch \| (download)	xmltoolingtest/Makefile.am \| 56 25 + 31 - 0 ! 1 file changed, 25 insertions(+), 31 deletions(-)	refactor test source generation
Factor out the Xerces library dependence.patch \| (download)	xmltoolingtest/Makefile.am \| 5 3 + 2 - 0 ! 1 file changed, 3 insertions(+), 2 deletions(-)	factor out the xerces library dependence
Two more tests don t build without xmlsec.patch \| (download)	xmltoolingtest/Makefile.am \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	two more tests don't build without xmlsec
Only add found packages to the pkg config dependenci.patch \| (download)	m4/ax_pkg_check_modules.m4 \| 8 4 + 4 - 0 ! 1 file changed, 4 insertions(+), 4 deletions(-)	only add found packages to the pkg-config dependencies
Add separate pkg config file for xmltooling lite.patch \| (download)	Makefile.am \| 2 1 + 1 - 0 ! configure.ac \| 22 12 + 10 - 0 ! xmltooling-lite.pc.in \| 13 13 + 0 - 0 ! xmltooling.pc.in \| 4 2 + 2 - 0 ! 4 files changed, 28 insertions(+), 13 deletions(-)	add separate pkg-config file for xmltooling-lite
Enable skipping tests which require network access.patch \| (download)	xmltoolingtest/SecurityHelperTest.h \| 9 9 + 0 - 0 ! 1 file changed, 9 insertions(+)	enable skipping tests which require network access
Enable the dot feature of Doxygen.patch \| (download)	configure.ac \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	enable the dot feature of doxygen
Get new pthread checks from the Autoconf Archive.patch \| (download)	configure.ac \| 2 1 + 1 - 0 ! m4/acx_pthread.m4 \| 283 0 + 283 - 0 ! m4/ax_pthread.m4 \| 485 485 + 0 - 0 ! 3 files changed, 486 insertions(+), 284 deletions(-)	get new pthread checks from the autoconf archive GCC wants -pthread, not -lpthread as returned by the old ACX_PTHREAD.
security/CVE 2018 0486 Block entity reference nodes during unmarsh.patch \| (download)	xmltooling/io/AbstractXMLObjectUnmarshaller.cpp \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	cve-2018-0486 - block entity reference nodes during unmarshalling. https://issues.shibboleth.net/jira/browse/CPPXT-127
security/Add disallowDoctype to parser configuration.patch \| (download)	xmltooling/util/ParserPool.cpp \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	add disallowdoctype to parser configuration.
security/CVE 2018 0489 Fix additional data forgery flaws.patch \| (download)	xmltooling/AbstractComplexElement.cpp \| 16 15 + 1 - 0 ! xmltooling/AbstractSimpleElement.cpp \| 22 14 + 8 - 0 ! xmltooling/io/AbstractXMLObjectUnmarshaller.cpp \| 5 3 + 2 - 0 ! xmltooling/util/ParserPool.cpp \| 2 2 + 0 - 0 ! 4 files changed, 34 insertions(+), 11 deletions(-)	cve-2018-0489 - fix additional data forgery flaws These flaws allow for changes to an XML document that do not break a digital signature but alter the user data passed through to applications enabling impersonation attacks and exposure of protected information. https://shibboleth.net/community/advisories/secadv_20180227.txt https://issues.shibboleth.net/jira/browse/CPPXT-128
security/CVE 2019 9628 uncaught exception on malformed XML declara.patch \| (download)	xmltooling/util/ParserPool.cpp \| 18 16 + 2 - 0 ! 1 file changed, 16 insertions(+), 2 deletions(-)	cve-2019-9628 - uncaught exception on malformed xml declaration Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker. https://shibboleth.net/community/advisories/secadv_20190311.txt https://issues.shibboleth.net/jira/browse/CPPXT-143