Linux repositories inspector

libxmltooling-doc - C++ XML parsing library with encryption support (API docs)

The XMLTooling library contains generic XML parsing and processing classes based on the Xerces-C DOM. It adds more powerful facilities for declaring element- and type-specific API and implementation classes to add value around the DOM, as well as signing and encryption support.
This package contains the XMLTooling library API documentation generated by Doxygen.
3.0.4
Debian iconDebian 10.0
Debian iconDebian 9.0
Ubuntu iconUbuntu 19.04
3.0.2
Ubuntu iconUbuntu 18.10
1.6.4
Debian iconDebian 9.0
Ubuntu iconUbuntu 18.04 LTS
1.6.0
Debian iconDebian 9.0
Ubuntu iconUbuntu 17.10
1.5.6
Ubuntu iconUbuntu 16.04 LTS
DistributionVersionSincePackageInstalledPackager
Debian iconDebian 10.0 buster/maindeb3.0.4-117.03.20195.35 MiB12.3 MiB
Debian iconDebian 9.0 stretch/maindeb1.6.0-4+deb9u114.03.20185.09 MiB11.8 MiB
Debian iconDebian 9.0 stretch-backports/maindeb3.0.4-1~bpo9+109.04.20195.12 MiB11.9 MiB
Debian iconDebian 9.0 stretch-backports/maindeb1.6.4-1~bpo9+107.03.20185.1 MiB11.8 MiB
Debian iconDebian 9.0 stretch-proposed-updates/maindeb1.6.0-4+deb9u229.03.20195.09 MiB11.8 MiB
Ubuntu iconUbuntu 17.10 artful/universedeb1.6.0-510.11.20175.33 MiB12.2 MiB
Ubuntu iconUbuntu 18.04 LTS bionic/universedeb1.6.4-1ubuntu207.03.20185.31 MiB12.2 MiB
Ubuntu iconUbuntu 18.04 LTS bionic-security/universedeb1.6.4-1ubuntu2.126.03.20195.31 MiB12.2 MiB
Ubuntu iconUbuntu 18.04 LTS bionic-updates/universedeb1.6.4-1ubuntu2.126.03.20195.31 MiB12.2 MiB
Ubuntu iconUbuntu 18.10 cosmic/universedeb3.0.2-1ubuntu114.01.20195.34 MiB12.3 MiB
Ubuntu iconUbuntu 18.10 cosmic-security/universedeb3.0.2-1ubuntu1.126.03.20195.34 MiB12.3 MiB
Ubuntu iconUbuntu 18.10 cosmic-updates/universedeb3.0.2-1ubuntu1.126.03.20195.34 MiB12.3 MiB
Ubuntu iconUbuntu 19.04 disco/universedeb3.0.4-118.03.20195.34 MiB12.3 MiB
Ubuntu iconUbuntu 16.04 LTS xenial/universedeb1.5.6-210.11.2017427 kiB6.02 MiB
Ubuntu iconUbuntu 16.04 LTS xenial-security/universedeb1.5.6-2ubuntu0.326.03.2019427 kiB6.03 MiB
Ubuntu iconUbuntu 16.04 LTS xenial-updates/universedeb1.5.6-2ubuntu0.326.03.2019427 kiB6.03 MiB

Latest updates

Debian 9.0 icon

Debian 9.0 stretch-backports/main: Updated from 1.6.4-1~bpo9+1 to 3.0.4-1~bpo9+1

09.04.2019 16:45
  • Rebuild for stretch-backports.
  • [89e1b1e] Require Xerces-C 3.2
  • [b93628c] Stay with OpenSSL 1.0.
    Since libcurl in stretch is built against OpenSSL 1.0, we have to use the same version.
    Revert "Enable building with OpenSSL 1.1"
    This reverts commit cb6df2ad67dccc66884bcd86ba8d9eebdac58813.
Debian 9.0 icon

Debian 9.0 stretch-proposed-updates/main: Version 1.6.0-4+deb9u2 introduced

29.03.2019 00:10
  • [2f0c065] New patch fixing CVE-2019-9628: uncaught exception on malformed XML declaration.
    Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
    https://shibboleth.net/community/advisories/secadv_20190311.txt https://issues.shibboleth.net/jira/browse/CPPXT-143 Thanks to Scott Cantor (Closes: #924346)
Ubuntu 16.04 LTS icon

Ubuntu 16.04 LTS xenial-updates/universe: Updated from 1.5.6-2ubuntu0.2 to 1.5.6-2ubuntu0.3

26.03.2019 11:35
  • SECURITY UPDATE: uncaught exception on malformed XML declaration Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
Ubuntu 18.04 LTS icon

Ubuntu 18.04 LTS bionic-updates/universe: Version 1.6.4-1ubuntu2.1 introduced

26.03.2019 11:00
  • SECURITY UPDATE: uncaught exception on malformed XML declaration Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
Ubuntu 18.10 icon

Ubuntu 18.10 cosmic-updates/universe: Version 3.0.2-1ubuntu1.1 introduced

26.03.2019 10:55
  • SECURITY UPDATE: uncaught exception on malformed XML declaration Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
Ubuntu 18.10 icon

Ubuntu 18.10 cosmic-security/universe: Version 3.0.2-1ubuntu1.1 introduced

26.03.2019 10:00
  • SECURITY UPDATE: uncaught exception on malformed XML declaration Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
Ubuntu 18.04 LTS icon

Ubuntu 18.04 LTS bionic-security/universe: Version 1.6.4-1ubuntu2.1 introduced

26.03.2019 09:55
  • SECURITY UPDATE: uncaught exception on malformed XML declaration Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
Ubuntu 16.04 LTS icon

Ubuntu 16.04 LTS xenial-security/universe: Updated from 1.5.6-2ubuntu0.2 to 1.5.6-2ubuntu0.3

26.03.2019 09:45
  • SECURITY UPDATE: uncaught exception on malformed XML declaration Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
Ubuntu 19.04 icon

Ubuntu 19.04 disco/universe: Updated from 3.0.3-1 to 3.0.4-1

18.03.2019 20:12
  • [f185b26] New upstream security release: 3.0.4
    DSA-4407-1, CVE-2019-9628: uncaught exception on malformed XML declaration.
    Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
    https://shibboleth.net/community/advisories/secadv_20190311.txt https://issues.shibboleth.net/jira/browse/CPPXT-143 Thanks to Scott Cantor (Closes: #924346)
Debian 10.0 icon

Debian 10.0 buster/main: Updated from 3.0.3-1 to 3.0.4-1

17.03.2019 04:57
  • [f185b26] New upstream security release: 3.0.4
    DSA-4407-1, CVE-2019-9628: uncaught exception on malformed XML declaration.
    Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
    https://shibboleth.net/community/advisories/secadv_20190311.txt https://issues.shibboleth.net/jira/browse/CPPXT-143 Thanks to Scott Cantor (Closes: #924346)
Ubuntu 19.04 icon

Ubuntu 19.04 disco/universe: Version 3.0.3-1 introduced

14.01.2019 13:08
Ferenc Wágner
  • [d7405e9] New upstream release: 3.0.3
  • [58fafb7] Drop the patches, they are included in upstream 3.0.3
  • [97b5311] Update Standards-Version to 4.3.0 (no changes required).
Pino Toscano
  • [36d1972] Declare zlib1g-dev build dependency (Closes: #915820)
Ubuntu 18.10 icon

Ubuntu 18.10 cosmic/universe: Version 3.0.2-1ubuntu1 introduced

14.01.2019 03:12
  • debian/patches/openssl-1.1.1-compat.patch: Fix build failure with openssl 1.1.1.
Debian 10.0 icon

Debian 10.0 buster/main: Updated from 1.6.4-1 to 3.0.3-1

12.01.2019 14:15
Ferenc Wágner
  • [d7405e9] New upstream release: 3.0.3
  • [58fafb7] Drop the patches, they are included in upstream 3.0.3
  • [97b5311] Update Standards-Version to 4.3.0 (no changes required).
Pino Toscano
  • [36d1972] Declare zlib1g-dev build dependency (Closes: #915820)
Ubuntu 16.04 LTS icon

Ubuntu 16.04 LTS xenial-updates/universe: Updated from 1.5.6-2ubuntu0.1 to 1.5.6-2ubuntu0.2

12.06.2018 08:27
  • SECURITY UPDATE: Upstream patch to fix CVE-2018-0489 (LP: #1752306)
    • d/p/Add-disallowDoctype-to-parser-configuration.patch: Generic protection against data forgery. Irrelevant under Xerces 3.1, but is a pre-req for the CVE-2018-0489 patch.
    • d/p/CVE-2018-0489-Fix-additional-data-forgery-flaws.patch: New patches fixing CVE-2018-0489: additional data forgery flaws. These flaws allow for changes to an XML document that do not break a digital signature but alter the user data passed through to applications enabling impersonation attacks and exposure of protected information.
Ubuntu 16.04 LTS icon

Ubuntu 16.04 LTS xenial-security/universe: Updated from 1.5.6-2ubuntu0.1 to 1.5.6-2ubuntu0.2

12.06.2018 08:26
  • SECURITY UPDATE: Upstream patch to fix CVE-2018-0489 (LP: #1752306)
    • d/p/Add-disallowDoctype-to-parser-configuration.patch: Generic protection against data forgery. Irrelevant under Xerces 3.1, but is a pre-req for the CVE-2018-0489 patch.
    • d/p/CVE-2018-0489-Fix-additional-data-forgery-flaws.patch: New patches fixing CVE-2018-0489: additional data forgery flaws. These flaws allow for changes to an XML document that do not break a digital signature but alter the user data passed through to applications enabling impersonation attacks and exposure of protected information.
Debian 9.0 icon

Debian 9.0 stretch-proposed-updates/main: Version 1.6.0-4+deb9u1 removed

14.03.2018 02:47
Debian 9.0 icon

Debian 9.0 stretch/main: Updated from 1.6.0-4 to 1.6.0-4+deb9u1

14.03.2018 02:46
Russ Allbery
  • [4e7dec2] Remove myself from Uploaders
Ferenc Wágner
  • [2e5cad6] New patch fixing CVE-2018-0486: vulnerability to forged user attribute data.
    The Service Provider software relies on a generic XML parser to process SAML responses and there are limitations in older versions of the parser that make it impossible to fully disable Document Type Definition (DTD) processing.
    Through addition/manipulation of a DTD, it's possible to make changes to an XML document that do not break a digital signature but are mishandled by the SP and its libraries. These manipulations can alter the user data passed through to applications behind the SP and result in impersonation attacks and exposure of protected information. While the use of XML Encryption can serve as a mitigation for this bug, it may still be possible to construct attacks in such cases, and the SP does not provide a means to enforce its use.
    https://shibboleth.net/community/advisories/secadv_20180112.txt CPPXT-127 - Block entity reference nodes during unmarshalling. https://issues.shibboleth.net/jira/browse/CPPXT-127
  • [91c50ae] New patches fixing CVE-2018-0489: additional data forgery flaws. These flaws allow for changes to an XML document that do not break a digital signature but alter the user data passed through to applications enabling impersonation attacks and exposure of protected information. https://shibboleth.net/community/advisories/secadv_20180227.txt https://issues.shibboleth.net/jira/browse/CPPXT-128
    The Add-disallowDoctype-to-parser-configuration.patch is not effective under Xerces 3.1 in stretch, but provides more generic protection under Xerces 3.2 against issues like CVE-2018-0486. It's included here for completeness and to avoid a conflict applying the CVE-2018-0489 patch.
Debian 10.0 icon

Debian 10.0 buster/main: Updated from 1.6.3-1 to 1.6.4-1

07.03.2018 04:29
Debian 9.0 icon

Debian 9.0 stretch-proposed-updates/main: Version 1.6.0-4+deb9u1 introduced

07.03.2018 04:26
Russ Allbery
  • [4e7dec2] Remove myself from Uploaders
Ferenc Wágner
  • [2e5cad6] New patch fixing CVE-2018-0486: vulnerability to forged user attribute data.
    The Service Provider software relies on a generic XML parser to process SAML responses and there are limitations in older versions of the parser that make it impossible to fully disable Document Type Definition (DTD) processing.
    Through addition/manipulation of a DTD, it's possible to make changes to an XML document that do not break a digital signature but are mishandled by the SP and its libraries. These manipulations can alter the user data passed through to applications behind the SP and result in impersonation attacks and exposure of protected information. While the use of XML Encryption can serve as a mitigation for this bug, it may still be possible to construct attacks in such cases, and the SP does not provide a means to enforce its use.
    https://shibboleth.net/community/advisories/secadv_20180112.txt CPPXT-127 - Block entity reference nodes during unmarshalling. https://issues.shibboleth.net/jira/browse/CPPXT-127
  • [91c50ae] New patches fixing CVE-2018-0489: additional data forgery flaws. These flaws allow for changes to an XML document that do not break a digital signature but alter the user data passed through to applications enabling impersonation attacks and exposure of protected information. https://shibboleth.net/community/advisories/secadv_20180227.txt https://issues.shibboleth.net/jira/browse/CPPXT-128
    The Add-disallowDoctype-to-parser-configuration.patch is not effective under Xerces 3.1 in stretch, but provides more generic protection under Xerces 3.2 against issues like CVE-2018-0486. It's included here for completeness and to avoid a conflict applying the CVE-2018-0489 patch.
Debian 9.0 icon

Debian 9.0 stretch-backports/main: Updated from 1.6.3-1~bpo9+1 to 1.6.4-1~bpo9+1

07.03.2018 04:26
  • Rebuild for stretch-backports.
⇧ Top