Linux repositories inspector

xmltooling-schemas - XMLTooling schemas and catalog

The XMLTooling library contains generic XML parsing and processing classes based on the Xerces-C DOM. It adds more powerful facilities for declaring element- and type-specific API and implementation classes, as well as signing and encryption support.
This package contains the XML schema files used by the XMLTooling library.
3.0.4
Debian iconDebian 10.0
Debian iconDebian 9.0
OpenSUSE iconOpenSUSE Tumbleweed
Ubuntu iconUbuntu 19.04
3.0.2
Ubuntu iconUbuntu 18.10
1.6.4
Debian iconDebian 9.0
OpenSUSE iconOpenSUSE Leap 15.0
OpenSUSE iconOpenSUSE Leap 15.1
Ubuntu iconUbuntu 18.04 LTS
1.6.0
Debian iconDebian 9.0
Ubuntu iconUbuntu 17.10
1.5.6
OpenSUSE iconOpenSUSE Leap 42.3
Ubuntu iconUbuntu 16.04 LTS
DistributionVersionSincePackageInstalledPackager
Debian iconDebian 10.0 buster/maindeb3.0.4-117.03.201920.1 kiB70 kiB
Debian iconDebian 9.0 stretch/maindeb1.6.0-4+deb9u114.03.201819 kiB69 kiB
Debian iconDebian 9.0 stretch-backports/maindeb3.0.4-1~bpo9+109.04.201920.3 kiB70 kiB
Debian iconDebian 9.0 stretch-backports/maindeb1.6.4-1~bpo9+107.03.201819.3 kiB69 kiB
Debian iconDebian 9.0 stretch-proposed-updates/maindeb1.6.0-4+deb9u229.03.201919.3 kiB69 kiB
OpenSUSE iconOpenSUSE Leap 15.0 ossrpm1.6.4-lp150.1.417.01.201918.7 kiB35.1 kiBhttps://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 15.1 ossrpm1.6.4-lp151.2.523.01.201918.7 kiB35.1 kiBhttps://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 ossrpm1.5.6-4.117.01.201911.2 kiB35.1 kiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm1.5.6-9.121.01.201912 kiB35.1 kiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm1.5.6-6.121.01.201911.6 kiB35.1 kiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Tumbleweed ossrpm3.0.4-1.124.03.201922.5 kiB35.1 kiBhttps://bugs.opensuse.org
Ubuntu iconUbuntu 17.10 artful/universedeb1.6.0-510.11.201715.2 kiB68 kiB
Ubuntu iconUbuntu 18.04 LTS bionic/universedeb1.6.4-1ubuntu207.03.201814.7 kiB69 kiB
Ubuntu iconUbuntu 18.04 LTS bionic-security/universedeb1.6.4-1ubuntu2.126.03.201914.2 kiB69 kiB
Ubuntu iconUbuntu 18.04 LTS bionic-updates/universedeb1.6.4-1ubuntu2.126.03.201914.2 kiB69 kiB
Ubuntu iconUbuntu 18.10 cosmic/universedeb3.0.2-1ubuntu114.01.201915 kiB69 kiB
Ubuntu iconUbuntu 18.10 cosmic-security/universedeb3.0.2-1ubuntu1.126.03.201914.6 kiB70 kiB
Ubuntu iconUbuntu 18.10 cosmic-updates/universedeb3.0.2-1ubuntu1.126.03.201914.6 kiB70 kiB
Ubuntu iconUbuntu 19.04 disco/universedeb3.0.4-118.03.201914.4 kiB70 kiB
Ubuntu iconUbuntu 16.04 LTS xenial/universedeb1.5.6-210.11.201714.3 kiB67 kiB
Ubuntu iconUbuntu 16.04 LTS xenial-security/universedeb1.5.6-2ubuntu0.326.03.201914.8 kiB67 kiB
Ubuntu iconUbuntu 16.04 LTS xenial-updates/universedeb1.5.6-2ubuntu0.326.03.201914.8 kiB67 kiB

Latest updates

Debian 9.0 icon

Debian 9.0 stretch-backports/main: Updated from 1.6.4-1~bpo9+1 to 3.0.4-1~bpo9+1

09.04.2019 16:45
  • Rebuild for stretch-backports.
  • [89e1b1e] Require Xerces-C 3.2
  • [b93628c] Stay with OpenSSL 1.0.
    Since libcurl in stretch is built against OpenSSL 1.0, we have to use the same version.
    Revert "Enable building with OpenSSL 1.1"
    This reverts commit cb6df2ad67dccc66884bcd86ba8d9eebdac58813.
Debian 9.0 icon

Debian 9.0 stretch-proposed-updates/main: Version 1.6.0-4+deb9u2 introduced

29.03.2019 00:10
  • [2f0c065] New patch fixing CVE-2019-9628: uncaught exception on malformed XML declaration.
    Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
    https://shibboleth.net/community/advisories/secadv_20190311.txt https://issues.shibboleth.net/jira/browse/CPPXT-143 Thanks to Scott Cantor (Closes: #924346)
Ubuntu 16.04 LTS icon

Ubuntu 16.04 LTS xenial-updates/universe: Updated from 1.5.6-2ubuntu0.2 to 1.5.6-2ubuntu0.3

26.03.2019 11:35
  • SECURITY UPDATE: uncaught exception on malformed XML declaration Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
Ubuntu 18.04 LTS icon

Ubuntu 18.04 LTS bionic-updates/universe: Version 1.6.4-1ubuntu2.1 introduced

26.03.2019 11:00
  • SECURITY UPDATE: uncaught exception on malformed XML declaration Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
Ubuntu 18.10 icon

Ubuntu 18.10 cosmic-updates/universe: Version 3.0.2-1ubuntu1.1 introduced

26.03.2019 10:55
  • SECURITY UPDATE: uncaught exception on malformed XML declaration Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
Ubuntu 18.10 icon

Ubuntu 18.10 cosmic-security/universe: Version 3.0.2-1ubuntu1.1 introduced

26.03.2019 10:00
  • SECURITY UPDATE: uncaught exception on malformed XML declaration Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
Ubuntu 18.04 LTS icon

Ubuntu 18.04 LTS bionic-security/universe: Version 1.6.4-1ubuntu2.1 introduced

26.03.2019 09:55
  • SECURITY UPDATE: uncaught exception on malformed XML declaration Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
Ubuntu 16.04 LTS icon

Ubuntu 16.04 LTS xenial-security/universe: Updated from 1.5.6-2ubuntu0.2 to 1.5.6-2ubuntu0.3

26.03.2019 09:45
  • SECURITY UPDATE: uncaught exception on malformed XML declaration Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed oss: Updated from 3.0.3-1.2 to 3.0.4-1.1

24.03.2019 20:40
  • update to 3.0.4
    • [CPPXT-143] - Crash due to uncaught DOMException
      bsc#1129537 [CVE-2019-9628]
    • [CPPXT-144] - CURL SOAP Transport: unset Expect Header
Ubuntu 19.04 icon

Ubuntu 19.04 disco/universe: Updated from 3.0.3-1 to 3.0.4-1

18.03.2019 20:13
  • [f185b26] New upstream security release: 3.0.4
    DSA-4407-1, CVE-2019-9628: uncaught exception on malformed XML declaration.
    Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
    https://shibboleth.net/community/advisories/secadv_20190311.txt https://issues.shibboleth.net/jira/browse/CPPXT-143 Thanks to Scott Cantor (Closes: #924346)
Debian 10.0 icon

Debian 10.0 buster/main: Updated from 3.0.3-1 to 3.0.4-1

17.03.2019 04:57
  • [f185b26] New upstream security release: 3.0.4
    DSA-4407-1, CVE-2019-9628: uncaught exception on malformed XML declaration.
    Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
    This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker.
    https://shibboleth.net/community/advisories/secadv_20190311.txt https://issues.shibboleth.net/jira/browse/CPPXT-143 Thanks to Scott Cantor (Closes: #924346)
OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed oss: Updated from 3.0.3-1.1 to 3.0.3-1.2

15.03.2019 14:49
  • update to 3.0.3
    • [CPPXT-136] - Likely issues with empty element content in KeyInfo handling code
    • [CPPXT-138] - xmltooling does not build with OpenSSL-1.1.1
    • [CPPXT-139] - DataSealer needs to catch both Santuario exception types
    • [CPPXT-137] - OpenSSL 1.1.1 work
OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed oss: Updated from 3.0.2-1.2 to 3.0.3-1.1

15.02.2019 12:58
  • update to 3.0.3
    • [CPPXT-136] - Likely issues with empty element content in KeyInfo handling code
    • [CPPXT-138] - xmltooling does not build with OpenSSL-1.1.1
    • [CPPXT-139] - DataSealer needs to catch both Santuario exception types
    • [CPPXT-137] - OpenSSL 1.1.1 work
OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed oss: Updated from 3.0.2-1.1 to 3.0.2-1.2

03.02.2019 10:26
  • update to 3.0.2
    • [CPPXT-135] - Lite half of library has unintentional zlib dependency
    • [CPPXT-134] - Reloadable configuration deleting backing file on a 304
    • [CPPXT-33] - Credential::getCredentialContext method misspelled
    • [CPPXT-81] - Use of LIBS in place of LDFLAGS in configure tests break custom builds
    • [CPPXT-111] - Build flags leak into pkg-config files
    • [CPPXT-114] - ExplicitKeyTrustEngine doesn't handle EC in the OpenSSL case
    • [CPPXT-116] - Apache 2.4 / Shibboleth Deadlock
    • [CPPXT-127] - DTD-defined entities can be added to XML without breaking signature
    • [CPPXT-133] - Eliminate uses of getTextContent in DOM helpers
    • [CPPXT-110] - OpenSSL 1.1 compatibility
    • [CPPXT-123] - Updates and next releases of Xerces and Santuario
    • [CPPXT-126] - TODO and cleanup tasks for V3
    • [CPPXT-118] - Address any deprecated CURL options
    • [CPPXT-120] - Set disallow-doctype property on DOMLSParser
    • [CPPXT-122] - Replace DateTime class with Xerces version
    • [CPPXT-125] - Consider making
      AbractPKIXTrustEngine::checkEntityNames virtual
    • [CPPXT-130] - auto_ptr cleanup
    • [CPPXT-132] - Slow down dependent on curl version
  • update soname for libxmltooling library from 7 to 8
  • require libxerces-c-devel >= 3.2 and libxml-security-c-devel >= 2.0.0
  • add Buildrequires: zlib-devel
  • remove upstream patches supporting building with openssl 1.1 that are no longer needed
    • 0023-CPPXT-110-OpenSSL-1.1-removes-BIO_s_file_internal.patch
    • 0011-CPPXT-110-Clean-up-some-collateral-damage-from-previ.patch
    • 0005-CPPXT-110-OpenSSL-1.1-removes-BIO_s_file_internal.patch
    • 0026-CPPXT-110-OpenSSL-1.1-library-names-have-changes.patch
    • 0027-Commit-a-xmltoolingtest.vcxproj.user.patch
    • 0010-CPPXT-110-Start-to-add-tests-to-exercise-XSEC-paths-.patch
    • 0003-CPPXT-110-OpenSSL-1.1-makes-DSA-opaque.patch
    • 0002-CPPXT-110-Add-new-OpenSSL-support-files-to-Unix-buil.patch
    • 0012-CPPXT-110-Add-test-path-for-RSA-loadXXXBigNums.patch
    • 0009-CPPXT-110-Start-to-add-tests-to-exercise-XSEC-paths-.patch
    • 0020-CPPXT-110-Add-new-OpenSSL-support-files-to-Unix-buil.patch
    • 0024-CPPXT-110-OpenSSL-1.1-internalizes-locking.patch
    • 0006-CPPXT-110-OpenSSL-1.1-internalizes-locking.patch
    • 0028-CPPXT-110-OpenSSL-1.1-OpenSSL1.1-changes-to-newly-in.patch
    • 0025-CPPXT-110-OpenSSL-1.1-Fix-some-signatures-and-names.patch
    • 0016-CPPXT-110-Round-trip-verify-test-for-OpenSSLCryptoKe.patch
    • 0021-CPPXT-110-OpenSSL-1.1-makes-DSA-opaque.patch
    • 0007-Unwind-previous.patch
    • 0013-CPPXT-110-Used-Named-curves-for-EC-testing.patch
    • 0030-CPPXT-110-OpenSSL-1.1-New-build-mechanisms.patch
    • 0031-Missed-file-for-OpenSSL1.1-support.patch
    • 0029-CPPXT-110-OpenSSL-1.1-Cleanup-tests.patch
    • 0022-CPPXT-110-OpenSSL-1.1-makes-EVP_PKEY-opaque.patch
    • 0017-CPPXT-110-Inverted-parameters-to-TSM_ASSERT-in-DSA-t.patch
    • 0008-CPPXT-110-Checkin-prototypical-vcxproj.user-file-for.patch
    • 0019-CPPXT-110-OpenSSL-1.1-makes-X509_STORE_CTX-and-X509_.patch
    • 0001-CPPXT-110-OpenSSL-1.1-makes-X509_STORE_CTX-and-X509_.patch
    • 0018-CPPXT-110-Test-for-OpenSSL-part-of-ExplicitKeyTrustE.patch
    • 0004-CPPXT-110-OpenSSL-1.1-makes-EVP_PKEY-opaque.patch
    • 0015-CPPXT-110-test-for-code-changes-to-OpenSSLCryptoKeyE.patch
    • 0014-CPPXT-110-test-for-code-changes-to-OpenSSLCryptoKeyD.patch
  • introduce libxmltooling-lite subpackage
OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed oss: Version 3.0.2-1.1 reintroduced

23.01.2019 18:34
  • update to 3.0.2
    • [CPPXT-135] - Lite half of library has unintentional zlib dependency
    • [CPPXT-134] - Reloadable configuration deleting backing file on a 304
    • [CPPXT-33] - Credential::getCredentialContext method misspelled
    • [CPPXT-81] - Use of LIBS in place of LDFLAGS in configure tests break custom builds
    • [CPPXT-111] - Build flags leak into pkg-config files
    • [CPPXT-114] - ExplicitKeyTrustEngine doesn't handle EC in the OpenSSL case
    • [CPPXT-116] - Apache 2.4 / Shibboleth Deadlock
    • [CPPXT-127] - DTD-defined entities can be added to XML without breaking signature
    • [CPPXT-133] - Eliminate uses of getTextContent in DOM helpers
    • [CPPXT-110] - OpenSSL 1.1 compatibility
    • [CPPXT-123] - Updates and next releases of Xerces and Santuario
    • [CPPXT-126] - TODO and cleanup tasks for V3
    • [CPPXT-118] - Address any deprecated CURL options
    • [CPPXT-120] - Set disallow-doctype property on DOMLSParser
    • [CPPXT-122] - Replace DateTime class with Xerces version
    • [CPPXT-125] - Consider making
      AbractPKIXTrustEngine::checkEntityNames virtual
    • [CPPXT-130] - auto_ptr cleanup
    • [CPPXT-132] - Slow down dependent on curl version
  • update soname for libxmltooling library from 7 to 8
  • require libxerces-c-devel >= 3.2 and libxml-security-c-devel >= 2.0.0
  • add Buildrequires: zlib-devel
  • remove upstream patches supporting building with openssl 1.1 that are no longer needed
    • 0023-CPPXT-110-OpenSSL-1.1-removes-BIO_s_file_internal.patch
    • 0011-CPPXT-110-Clean-up-some-collateral-damage-from-previ.patch
    • 0005-CPPXT-110-OpenSSL-1.1-removes-BIO_s_file_internal.patch
    • 0026-CPPXT-110-OpenSSL-1.1-library-names-have-changes.patch
    • 0027-Commit-a-xmltoolingtest.vcxproj.user.patch
    • 0010-CPPXT-110-Start-to-add-tests-to-exercise-XSEC-paths-.patch
    • 0003-CPPXT-110-OpenSSL-1.1-makes-DSA-opaque.patch
    • 0002-CPPXT-110-Add-new-OpenSSL-support-files-to-Unix-buil.patch
    • 0012-CPPXT-110-Add-test-path-for-RSA-loadXXXBigNums.patch
    • 0009-CPPXT-110-Start-to-add-tests-to-exercise-XSEC-paths-.patch
    • 0020-CPPXT-110-Add-new-OpenSSL-support-files-to-Unix-buil.patch
    • 0024-CPPXT-110-OpenSSL-1.1-internalizes-locking.patch
    • 0006-CPPXT-110-OpenSSL-1.1-internalizes-locking.patch
    • 0028-CPPXT-110-OpenSSL-1.1-OpenSSL1.1-changes-to-newly-in.patch
    • 0025-CPPXT-110-OpenSSL-1.1-Fix-some-signatures-and-names.patch
    • 0016-CPPXT-110-Round-trip-verify-test-for-OpenSSLCryptoKe.patch
    • 0021-CPPXT-110-OpenSSL-1.1-makes-DSA-opaque.patch
    • 0007-Unwind-previous.patch
    • 0013-CPPXT-110-Used-Named-curves-for-EC-testing.patch
    • 0030-CPPXT-110-OpenSSL-1.1-New-build-mechanisms.patch
    • 0031-Missed-file-for-OpenSSL1.1-support.patch
    • 0029-CPPXT-110-OpenSSL-1.1-Cleanup-tests.patch
    • 0022-CPPXT-110-OpenSSL-1.1-makes-EVP_PKEY-opaque.patch
    • 0017-CPPXT-110-Inverted-parameters-to-TSM_ASSERT-in-DSA-t.patch
    • 0008-CPPXT-110-Checkin-prototypical-vcxproj.user-file-for.patch
    • 0019-CPPXT-110-OpenSSL-1.1-makes-X509_STORE_CTX-and-X509_.patch
    • 0001-CPPXT-110-OpenSSL-1.1-makes-X509_STORE_CTX-and-X509_.patch
    • 0018-CPPXT-110-Test-for-OpenSSL-part-of-ExplicitKeyTrustE.patch
    • 0004-CPPXT-110-OpenSSL-1.1-makes-EVP_PKEY-opaque.patch
    • 0015-CPPXT-110-test-for-code-changes-to-OpenSSLCryptoKeyE.patch
    • 0014-CPPXT-110-test-for-code-changes-to-OpenSSLCryptoKeyD.patch
  • introduce libxmltooling-lite subpackage
OpenSUSE Leap 15.1 icon

OpenSUSE Leap 15.1 oss: Version 1.6.4-lp151.2.5 introduced

23.01.2019 10:12
  • update to 1.6.4
    • [CPPXT-128] - Additional nodes can be added to XML without breaking signature [bsc#1083247] [CVE-2018-0489]
OpenSUSE Leap 42.3 icon

OpenSUSE Leap 42.3 update/oss: Updated from 1.5.6-6.1 to 1.5.6-9.1

21.01.2019 08:14
  • add xmltooling-1.5.6-CVE-2018-0489.patch to fix a security bug when xmltooling 1.6.4 mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.
    bsc#1083247 [CVE-2018-0489]
OpenSUSE Leap 42.3 icon

OpenSUSE Leap 42.3 update/oss: Version 1.5.6-6.1 introduced

21.01.2019 08:14
  • add xmltooling-1.5.6-CVE-2018-0486.patch to fix a security bug when xmltooling mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD
    bsc#1075975, [CVE-2018-0486]
OpenSUSE Leap 15.0 icon

OpenSUSE Leap 15.0 oss: Version 1.6.4-lp150.1.4 introduced

17.01.2019 18:54
  • update to 1.6.4
    • [CPPXT-128] - Additional nodes can be added to XML without breaking signature [bsc#1083247] [CVE-2018-0489]
OpenSUSE Leap 42.3 icon

OpenSUSE Leap 42.3 oss: Version 1.5.6-4.1 introduced

17.01.2019 18:43

Related packages

xmltooling - XML signing and encryption library
⇧ Top