Package: xmltooling / 1.6.0-4+deb9u2

Metadata

Package Version Patches format
xmltooling 1.6.0-4+deb9u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
Disable forcing of libtool silent.patch | (download)

configure.ac | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 disable forcing of libtool --silent

Debian build log analysis wants verbose logs.

Use pkg config for log4shib log4cpp.patch | (download)

configure.ac | 53 4 + 49 - 0 !
xmltooling/Makefile.am | 4 4 + 0 - 0 !
2 files changed, 8 insertions(+), 49 deletions(-)

 use pkg-config for log4shib/log4cpp


Fail configuration if dlopen is not found.patch | (download)

configure.ac | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fail configuration if dlopen() is not found


Discover xerces xmlsec openssl and curl via pkg conf.patch | (download)

configure.ac | 171 29 + 142 - 0 !
m4/ax_restore_flags.m4 | 52 52 + 0 - 0 !
m4/ax_save_flags.m4 | 71 71 + 0 - 0 !
xmltooling/Makefile.am | 12 6 + 6 - 0 !
xmltoolingtest/Makefile.am | 3 2 + 1 - 0 !
5 files changed, 160 insertions(+), 149 deletions(-)

 discover xerces, xmlsec, openssl and curl via pkg-config


Propagate requirements into our pkg config file.patch | (download)

Makefile.am | 6 0 + 6 - 0 !
configure.ac | 12 5 + 7 - 0 !
m4/ax_create_pkgconfig_info.m4 | 349 0 + 349 - 0 !
m4/ax_pkg_check_modules.m4 | 69 69 + 0 - 0 !
xmltooling.pc.in | 13 13 + 0 - 0 !
5 files changed, 87 insertions(+), 362 deletions(-)

 propagate requirements into our pkg-config file


Make pkgconfigdir configurable.patch | (download)

Makefile.am | 1 0 + 1 - 0 !
configure.ac | 1 1 + 0 - 0 !
2 files changed, 1 insertion(+), 1 deletion(-)

 make pkgconfigdir configurable


Print result of CURLINFO_TLS_SSL_PTR test.patch | (download)

configure.ac | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 print result of curlinfo_tls_ssl_ptr test


Make pkgxmldir configurable.patch | (download)

configure.ac | 6 6 + 0 - 0 !
schemas/Makefile.am | 2 0 + 2 - 0 !
xmltooling.pc.in | 2 2 + 0 - 0 !
3 files changed, 8 insertions(+), 2 deletions(-)

 make pkgxmldir configurable


Finish separating flags use _LIBADD.patch | (download)

configure.ac | 12 8 + 4 - 0 !
xmltooling.pc.in | 4 2 + 2 - 0 !
xmltooling/Makefile.am | 14 8 + 6 - 0 !
3 files changed, 18 insertions(+), 12 deletions(-)

 finish separating flags, use _libadd


Add more forgotten test result prints.patch | (download)

configure.ac | 8 5 + 3 - 0 !
1 file changed, 5 insertions(+), 3 deletions(-)

 add more forgotten test result prints


Remove .pl extension of cxxtestgen.patch | (download)

configure.ac | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 remove .pl extension of cxxtestgen


Don t install the test program but link correctly an.patch | (download)

xmltoolingtest/Makefile.am | 17 8 + 9 - 0 !
1 file changed, 8 insertions(+), 9 deletions(-)

 don't install the test program, but link correctly and run it


Test BUILD_UNITTEST in the main Makefile only.patch | (download)

Makefile.am | 6 5 + 1 - 0 !
xmltoolingtest/Makefile.am | 6 0 + 6 - 0 !
2 files changed, 5 insertions(+), 7 deletions(-)

 test build_unittest in the main makefile only


The .cpp dependencies are well known no need to decl.patch | (download)

xmltoolingtest/Makefile.am | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 the .cpp dependencies are well known, no need to declare them


Refactor test source generation.patch | (download)

xmltoolingtest/Makefile.am | 56 25 + 31 - 0 !
1 file changed, 25 insertions(+), 31 deletions(-)

 refactor test source generation


Factor out the Xerces library dependence.patch | (download)

xmltoolingtest/Makefile.am | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

 factor out the xerces library dependence


Two more tests don t build without xmlsec.patch | (download)

xmltoolingtest/Makefile.am | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 two more tests don't build without xmlsec


Only add found packages to the pkg config dependenci.patch | (download)

m4/ax_pkg_check_modules.m4 | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 only add found packages to the pkg-config dependencies


Add separate pkg config file for xmltooling lite.patch | (download)

Makefile.am | 2 1 + 1 - 0 !
configure.ac | 22 12 + 10 - 0 !
xmltooling-lite.pc.in | 13 13 + 0 - 0 !
xmltooling.pc.in | 4 2 + 2 - 0 !
4 files changed, 28 insertions(+), 13 deletions(-)

 add separate pkg-config file for xmltooling-lite


Enable skipping tests which require network access.patch | (download)

xmltoolingtest/SecurityHelperTest.h | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

 enable skipping tests which require network access


Enable the dot feature of Doxygen.patch | (download)

configure.ac | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 enable the dot feature of doxygen


Get new pthread checks from the Autoconf Archive.patch | (download)

configure.ac | 2 1 + 1 - 0 !
m4/acx_pthread.m4 | 283 0 + 283 - 0 !
m4/ax_pthread.m4 | 485 485 + 0 - 0 !
3 files changed, 486 insertions(+), 284 deletions(-)

 get new pthread checks from the autoconf archive

GCC wants -pthread, not -lpthread as returned by the old ACX_PTHREAD.

security/CVE 2018 0486 Block entity reference nodes during unmarsh.patch | (download)

xmltooling/io/AbstractXMLObjectUnmarshaller.cpp | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 cve-2018-0486 - block entity reference nodes during unmarshalling.

https://issues.shibboleth.net/jira/browse/CPPXT-127

security/Add disallowDoctype to parser configuration.patch | (download)

xmltooling/util/ParserPool.cpp | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 add disallowdoctype to parser configuration.


security/CVE 2018 0489 Fix additional data forgery flaws.patch | (download)

xmltooling/AbstractComplexElement.cpp | 16 15 + 1 - 0 !
xmltooling/AbstractSimpleElement.cpp | 22 14 + 8 - 0 !
xmltooling/io/AbstractXMLObjectUnmarshaller.cpp | 5 3 + 2 - 0 !
xmltooling/util/ParserPool.cpp | 2 2 + 0 - 0 !
4 files changed, 34 insertions(+), 11 deletions(-)

 cve-2018-0489 - fix additional data forgery flaws

These flaws allow for changes to an XML document that do not break a
digital signature but alter the user data passed through to applications
enabling impersonation attacks and exposure of protected information.

https://shibboleth.net/community/advisories/secadv_20180227.txt
https://issues.shibboleth.net/jira/browse/CPPXT-128

security/CVE 2019 9628 uncaught exception on malformed XML declara.patch | (download)

xmltooling/util/ParserPool.cpp | 18 16 + 2 - 0 !
1 file changed, 16 insertions(+), 2 deletions(-)

 cve-2019-9628 - uncaught exception on malformed xml declaration

Invalid data in the XML declaration causes an exception of a type
that was not handled properly in the parser class and propagates an
unexpected exception type.

This generally manifests as a crash in the calling code, which in the
Service Provider software's case is usually the shibd daemon process,
but can be Apache in some cases. Note that the crash occurs prior to
evaluation of a message's authenticity, so can be exploited by an
untrusted attacker.

https://shibboleth.net/community/advisories/secadv_20190311.txt
https://issues.shibboleth.net/jira/browse/CPPXT-143