Linux repositories inspector

libxmltooling8 - C++ XML parsing library with encryption support (runtime)

The XMLTooling library contains generic XML parsing and processing classes based on the Xerces-C DOM. It adds more powerful facilities for declaring element- and type-specific API and implementation classes, as well as signing and encryption support.
This package contains the files necessary for running applications that use the XMLTooling library.
3.0.4
Debian iconDebian 10.0
Debian iconDebian 9.0
OpenSUSE iconOpenSUSE Tumbleweed
Ubuntu iconUbuntu 19.04
Ubuntu iconUbuntu 19.10
3.0.2
Ubuntu iconUbuntu 18.10
DistributionVersionSincePackageInstalledPackager
Debian iconDebian 10.0 buster/maindeb3.0.4-1Mar 17604 kiB4.28 MiB
Debian iconDebian 9.0 stretch-backports/maindeb3.0.4-1~bpo9+1Apr 09565 kiB4.13 MiB
OpenSUSE iconOpenSUSE Tumbleweed ossrpm3.0.4-1.410:48468 kiB2.42 MiBhttps://bugs.opensuse.org
Ubuntu iconUbuntu 18.10 cosmic/universedeb3.0.2-1ubuntu1Jan 14593 kiB4.21 MiB
Ubuntu iconUbuntu 18.10 cosmic-security/universedeb3.0.2-1ubuntu1.1Mar 26590 kiB4.21 MiB
Ubuntu iconUbuntu 18.10 cosmic-updates/universedeb3.0.2-1ubuntu1.1Mar 26590 kiB4.21 MiB
Ubuntu iconUbuntu 19.04 disco/universedeb3.0.4-1Mar 18597 kiB4.23 MiB
Ubuntu iconUbuntu 19.10 eoan/universedeb3.0.4-1Jun 17597 kiB4.23 MiB

Latest updates

OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed oss: Updated from 3.0.4-1.3 to 3.0.4-1.4

10:48
  • update to 3.0.4
    • [CPPXT-143] - Crash due to uncaught DOMException
      bsc#1129537 [CVE-2019-9628]
    • [CPPXT-144] - CURL SOAP Transport: unset Expect Header
Debian 9.0 icon

Debian 9.0 stretch-backports/main: Version 3.0.4-1~bpo9+1 reintroduced

16:58
  • Rebuild for stretch-backports.
  • [89e1b1e] Require Xerces-C 3.2
  • [b93628c] Stay with OpenSSL 1.0.
    Since libcurl in stretch is built against OpenSSL 1.0, we have to use the same version.
    Revert "Enable building with OpenSSL 1.1"
    This reverts commit cb6df2ad67dccc66884bcd86ba8d9eebdac58813.
Debian 9.0 icon

Debian 9.0 stretch-backports/main: Version 3.0.4-1~bpo9+1 removed

10:58
Ubuntu 19.10 icon

Ubuntu 19.10 eoan/universe: Version 3.0.4-1 reintroduced

Jun 20
  • [f185b26] New upstream security release: 3.0.4
    DSA-4407-1, CVE-2019-9628: uncaught exception on malformed XML declaration.
    Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
    https://shibboleth.net/community/advisories/secadv_20190311.txt https://issues.shibboleth.net/jira/browse/CPPXT-143 Thanks to Scott Cantor (Closes: #924346)
Ubuntu 19.10 icon

Ubuntu 19.10 eoan/universe: Version 3.0.4-1 removed

Jun 20
OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed oss: Updated from 3.0.4-1.1 to 3.0.4-1.3

Jun 17
  • update to 3.0.4
    • [CPPXT-143] - Crash due to uncaught DOMException
      bsc#1129537 [CVE-2019-9628]
    • [CPPXT-144] - CURL SOAP Transport: unset Expect Header
Ubuntu 19.10 icon

Ubuntu 19.10 eoan/universe: Version 3.0.4-1 introduced

Jun 17
  • [f185b26] New upstream security release: 3.0.4
    DSA-4407-1, CVE-2019-9628: uncaught exception on malformed XML declaration.
    Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
    https://shibboleth.net/community/advisories/secadv_20190311.txt https://issues.shibboleth.net/jira/browse/CPPXT-143 Thanks to Scott Cantor (Closes: #924346)
Debian 9.0 icon

Debian 9.0 stretch-backports/main: Version 3.0.4-1~bpo9+1 introduced

Apr 09
  • Rebuild for stretch-backports.
  • [89e1b1e] Require Xerces-C 3.2
  • [b93628c] Stay with OpenSSL 1.0.
    Since libcurl in stretch is built against OpenSSL 1.0, we have to use the same version.
    Revert "Enable building with OpenSSL 1.1"
    This reverts commit cb6df2ad67dccc66884bcd86ba8d9eebdac58813.
Ubuntu 18.10 icon

Ubuntu 18.10 cosmic-updates/universe: Version 3.0.2-1ubuntu1.1 introduced

Mar 26
  • SECURITY UPDATE: uncaught exception on malformed XML declaration Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
Ubuntu 18.10 icon

Ubuntu 18.10 cosmic-security/universe: Version 3.0.2-1ubuntu1.1 introduced

Mar 26
  • SECURITY UPDATE: uncaught exception on malformed XML declaration Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed oss: Updated from 3.0.3-1.2 to 3.0.4-1.1

Mar 24
  • update to 3.0.4
    • [CPPXT-143] - Crash due to uncaught DOMException
      bsc#1129537 [CVE-2019-9628]
    • [CPPXT-144] - CURL SOAP Transport: unset Expect Header
Ubuntu 19.04 icon

Ubuntu 19.04 disco/universe: Updated from 3.0.3-1 to 3.0.4-1

Mar 18
  • [f185b26] New upstream security release: 3.0.4
    DSA-4407-1, CVE-2019-9628: uncaught exception on malformed XML declaration.
    Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
    https://shibboleth.net/community/advisories/secadv_20190311.txt https://issues.shibboleth.net/jira/browse/CPPXT-143 Thanks to Scott Cantor (Closes: #924346)
Debian 10.0 icon

Debian 10.0 buster/main: Updated from 3.0.3-1 to 3.0.4-1

Mar 17
  • [f185b26] New upstream security release: 3.0.4
    DSA-4407-1, CVE-2019-9628: uncaught exception on malformed XML declaration.
    Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
    https://shibboleth.net/community/advisories/secadv_20190311.txt https://issues.shibboleth.net/jira/browse/CPPXT-143 Thanks to Scott Cantor (Closes: #924346)
OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed oss: Updated from 3.0.3-1.1 to 3.0.3-1.2

Mar 15
  • update to 3.0.3
    • [CPPXT-136] - Likely issues with empty element content in KeyInfo handling code
    • [CPPXT-138] - xmltooling does not build with OpenSSL-1.1.1
    • [CPPXT-139] - DataSealer needs to catch both Santuario exception types
    • [CPPXT-137] - OpenSSL 1.1.1 work
OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed oss: Updated from 3.0.2-1.2 to 3.0.3-1.1

Feb 15
  • update to 3.0.3
    • [CPPXT-136] - Likely issues with empty element content in KeyInfo handling code
    • [CPPXT-138] - xmltooling does not build with OpenSSL-1.1.1
    • [CPPXT-139] - DataSealer needs to catch both Santuario exception types
    • [CPPXT-137] - OpenSSL 1.1.1 work
OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed oss: Updated from 3.0.2-1.1 to 3.0.2-1.2

Feb 03
  • update to 3.0.2
    • [CPPXT-135] - Lite half of library has unintentional zlib dependency
    • [CPPXT-134] - Reloadable configuration deleting backing file on a 304
    • [CPPXT-33] - Credential::getCredentialContext method misspelled
    • [CPPXT-81] - Use of LIBS in place of LDFLAGS in configure tests break custom builds
    • [CPPXT-111] - Build flags leak into pkg-config files
    • [CPPXT-114] - ExplicitKeyTrustEngine doesn't handle EC in the OpenSSL case
    • [CPPXT-116] - Apache 2.4 / Shibboleth Deadlock
    • [CPPXT-127] - DTD-defined entities can be added to XML without breaking signature
    • [CPPXT-133] - Eliminate uses of getTextContent in DOM helpers
    • [CPPXT-110] - OpenSSL 1.1 compatibility
    • [CPPXT-123] - Updates and next releases of Xerces and Santuario
    • [CPPXT-126] - TODO and cleanup tasks for V3
    • [CPPXT-118] - Address any deprecated CURL options
    • [CPPXT-120] - Set disallow-doctype property on DOMLSParser
    • [CPPXT-122] - Replace DateTime class with Xerces version
    • [CPPXT-125] - Consider making
      AbractPKIXTrustEngine::checkEntityNames virtual
    • [CPPXT-130] - auto_ptr cleanup
    • [CPPXT-132] - Slow down dependent on curl version
  • update soname for libxmltooling library from 7 to 8
  • require libxerces-c-devel >= 3.2 and libxml-security-c-devel >= 2.0.0
  • add Buildrequires: zlib-devel
  • remove upstream patches supporting building with openssl 1.1 that are no longer needed
    • 0023-CPPXT-110-OpenSSL-1.1-removes-BIO_s_file_internal.patch
    • 0011-CPPXT-110-Clean-up-some-collateral-damage-from-previ.patch
    • 0005-CPPXT-110-OpenSSL-1.1-removes-BIO_s_file_internal.patch
    • 0026-CPPXT-110-OpenSSL-1.1-library-names-have-changes.patch
    • 0027-Commit-a-xmltoolingtest.vcxproj.user.patch
    • 0010-CPPXT-110-Start-to-add-tests-to-exercise-XSEC-paths-.patch
    • 0003-CPPXT-110-OpenSSL-1.1-makes-DSA-opaque.patch
    • 0002-CPPXT-110-Add-new-OpenSSL-support-files-to-Unix-buil.patch
    • 0012-CPPXT-110-Add-test-path-for-RSA-loadXXXBigNums.patch
    • 0009-CPPXT-110-Start-to-add-tests-to-exercise-XSEC-paths-.patch
    • 0020-CPPXT-110-Add-new-OpenSSL-support-files-to-Unix-buil.patch
    • 0024-CPPXT-110-OpenSSL-1.1-internalizes-locking.patch
    • 0006-CPPXT-110-OpenSSL-1.1-internalizes-locking.patch
    • 0028-CPPXT-110-OpenSSL-1.1-OpenSSL1.1-changes-to-newly-in.patch
    • 0025-CPPXT-110-OpenSSL-1.1-Fix-some-signatures-and-names.patch
    • 0016-CPPXT-110-Round-trip-verify-test-for-OpenSSLCryptoKe.patch
    • 0021-CPPXT-110-OpenSSL-1.1-makes-DSA-opaque.patch
    • 0007-Unwind-previous.patch
    • 0013-CPPXT-110-Used-Named-curves-for-EC-testing.patch
    • 0030-CPPXT-110-OpenSSL-1.1-New-build-mechanisms.patch
    • 0031-Missed-file-for-OpenSSL1.1-support.patch
    • 0029-CPPXT-110-OpenSSL-1.1-Cleanup-tests.patch
    • 0022-CPPXT-110-OpenSSL-1.1-makes-EVP_PKEY-opaque.patch
    • 0017-CPPXT-110-Inverted-parameters-to-TSM_ASSERT-in-DSA-t.patch
    • 0008-CPPXT-110-Checkin-prototypical-vcxproj.user-file-for.patch
    • 0019-CPPXT-110-OpenSSL-1.1-makes-X509_STORE_CTX-and-X509_.patch
    • 0001-CPPXT-110-OpenSSL-1.1-makes-X509_STORE_CTX-and-X509_.patch
    • 0018-CPPXT-110-Test-for-OpenSSL-part-of-ExplicitKeyTrustE.patch
    • 0004-CPPXT-110-OpenSSL-1.1-makes-EVP_PKEY-opaque.patch
    • 0015-CPPXT-110-test-for-code-changes-to-OpenSSLCryptoKeyE.patch
    • 0014-CPPXT-110-test-for-code-changes-to-OpenSSLCryptoKeyD.patch
  • introduce libxmltooling-lite subpackage
OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed oss: Version 3.0.2-1.1 introduced

Jan 17
  • update to 3.0.2
    • [CPPXT-135] - Lite half of library has unintentional zlib dependency
    • [CPPXT-134] - Reloadable configuration deleting backing file on a 304
    • [CPPXT-33] - Credential::getCredentialContext method misspelled
    • [CPPXT-81] - Use of LIBS in place of LDFLAGS in configure tests break custom builds
    • [CPPXT-111] - Build flags leak into pkg-config files
    • [CPPXT-114] - ExplicitKeyTrustEngine doesn't handle EC in the OpenSSL case
    • [CPPXT-116] - Apache 2.4 / Shibboleth Deadlock
    • [CPPXT-127] - DTD-defined entities can be added to XML without breaking signature
    • [CPPXT-133] - Eliminate uses of getTextContent in DOM helpers
    • [CPPXT-110] - OpenSSL 1.1 compatibility
    • [CPPXT-123] - Updates and next releases of Xerces and Santuario
    • [CPPXT-126] - TODO and cleanup tasks for V3
    • [CPPXT-118] - Address any deprecated CURL options
    • [CPPXT-120] - Set disallow-doctype property on DOMLSParser
    • [CPPXT-122] - Replace DateTime class with Xerces version
    • [CPPXT-125] - Consider making
      AbractPKIXTrustEngine::checkEntityNames virtual
    • [CPPXT-130] - auto_ptr cleanup
    • [CPPXT-132] - Slow down dependent on curl version
  • update soname for libxmltooling library from 7 to 8
  • require libxerces-c-devel >= 3.2 and libxml-security-c-devel >= 2.0.0
  • add Buildrequires: zlib-devel
  • remove upstream patches supporting building with openssl 1.1 that are no longer needed
    • 0023-CPPXT-110-OpenSSL-1.1-removes-BIO_s_file_internal.patch
    • 0011-CPPXT-110-Clean-up-some-collateral-damage-from-previ.patch
    • 0005-CPPXT-110-OpenSSL-1.1-removes-BIO_s_file_internal.patch
    • 0026-CPPXT-110-OpenSSL-1.1-library-names-have-changes.patch
    • 0027-Commit-a-xmltoolingtest.vcxproj.user.patch
    • 0010-CPPXT-110-Start-to-add-tests-to-exercise-XSEC-paths-.patch
    • 0003-CPPXT-110-OpenSSL-1.1-makes-DSA-opaque.patch
    • 0002-CPPXT-110-Add-new-OpenSSL-support-files-to-Unix-buil.patch
    • 0012-CPPXT-110-Add-test-path-for-RSA-loadXXXBigNums.patch
    • 0009-CPPXT-110-Start-to-add-tests-to-exercise-XSEC-paths-.patch
    • 0020-CPPXT-110-Add-new-OpenSSL-support-files-to-Unix-buil.patch
    • 0024-CPPXT-110-OpenSSL-1.1-internalizes-locking.patch
    • 0006-CPPXT-110-OpenSSL-1.1-internalizes-locking.patch
    • 0028-CPPXT-110-OpenSSL-1.1-OpenSSL1.1-changes-to-newly-in.patch
    • 0025-CPPXT-110-OpenSSL-1.1-Fix-some-signatures-and-names.patch
    • 0016-CPPXT-110-Round-trip-verify-test-for-OpenSSLCryptoKe.patch
    • 0021-CPPXT-110-OpenSSL-1.1-makes-DSA-opaque.patch
    • 0007-Unwind-previous.patch
    • 0013-CPPXT-110-Used-Named-curves-for-EC-testing.patch
    • 0030-CPPXT-110-OpenSSL-1.1-New-build-mechanisms.patch
    • 0031-Missed-file-for-OpenSSL1.1-support.patch
    • 0029-CPPXT-110-OpenSSL-1.1-Cleanup-tests.patch
    • 0022-CPPXT-110-OpenSSL-1.1-makes-EVP_PKEY-opaque.patch
    • 0017-CPPXT-110-Inverted-parameters-to-TSM_ASSERT-in-DSA-t.patch
    • 0008-CPPXT-110-Checkin-prototypical-vcxproj.user-file-for.patch
    • 0019-CPPXT-110-OpenSSL-1.1-makes-X509_STORE_CTX-and-X509_.patch
    • 0001-CPPXT-110-OpenSSL-1.1-makes-X509_STORE_CTX-and-X509_.patch
    • 0018-CPPXT-110-Test-for-OpenSSL-part-of-ExplicitKeyTrustE.patch
    • 0004-CPPXT-110-OpenSSL-1.1-makes-EVP_PKEY-opaque.patch
    • 0015-CPPXT-110-test-for-code-changes-to-OpenSSLCryptoKeyE.patch
    • 0014-CPPXT-110-test-for-code-changes-to-OpenSSLCryptoKeyD.patch
  • introduce libxmltooling-lite subpackage
Ubuntu 19.04 icon

Ubuntu 19.04 disco/universe: Version 3.0.3-1 introduced

Jan 14
Ferenc Wágner
  • [d7405e9] New upstream release: 3.0.3
  • [58fafb7] Drop the patches, they are included in upstream 3.0.3
  • [97b5311] Update Standards-Version to 4.3.0 (no changes required).
Pino Toscano
  • [36d1972] Declare zlib1g-dev build dependency (Closes: #915820)
Ubuntu 18.10 icon

Ubuntu 18.10 cosmic/universe: Version 3.0.2-1ubuntu1 introduced

Jan 14
  • debian/patches/openssl-1.1.1-compat.patch: Fix build failure with openssl 1.1.1.
Debian 10.0 icon

Debian 10.0 buster/main: Version 3.0.3-1 introduced

Jan 12
Ferenc Wágner
  • [d7405e9] New upstream release: 3.0.3
  • [58fafb7] Drop the patches, they are included in upstream 3.0.3
  • [97b5311] Update Standards-Version to 4.3.0 (no changes required).
Pino Toscano
  • [36d1972] Declare zlib1g-dev build dependency (Closes: #915820)

Related packages

libxmltooling8-debuginfo - Debug information for package libxmltooling8
⇧ Top