Update xml-security-c to 1.7.2.

Changes since 1.7.0
=====================================
* Fixes for CVE-2013-2153, CVE-2013-2154, CVE-2013-2155, CVE-2013-2156
* Reduced entity expansion limits when parsing

Changes since 1.6.1
=====================================
* [SANTUARIO-314] - AES-GCM support
* [SANTUARIO-315] - XML Encryption 1.1 OAEP enhancements

Changes since 1.6.0
=====================================
* [SANTUARIO-268] - TXFMXPathFilter->evaluateExpr crashes on Windows
* [SANTUARIO-270] - DSIGObject::load method crashes for ds:Object without Id attribute
* [SANTUARIO-271] - Bug when signing files with big RSA keys
* [SANTUARIO-272] - Memory bug inside XENCCipherImpl::deSerialise
* [SANTUARIO-274] - Function cleanURIEscapes always throws XSECException, when any escape sequence occurs
* [SANTUARIO-275] - Function isHexDigit doesn't recognize invalid escape sequences.
* [SANTUARIO-276] - Percent-encoded multibyte (UTF-8) sequences unrecognized
* [SANTUARIO-280] - RSA-OAEP handler only allows SHA-1 digests

Changes since 1.5.1
=====================================
* Fix for bug#43964, wrong namespace in encryption DigestMethod (SC)
* Fix for bug#48676, RetrievalMethod handler (SC)
* Fix for bug#45867, support for >1 CRL per KeyInfo (SC)
* Fix for bug#49148, buffer initialization issue (SC)
* Fix for bug#49255, vector index bug (SC)
* Fix for bug#49257, stylesheet append bug (SC)
* Fix for bug#49260, header guard in XPath transform header (SC)
* Fix for bug#49264, string release crash (SC)
* Fix for bug#44983, improper c14n of XSLT (SC)
* Fix for bug#49289, setters for Reference Type/Id (SC)
* Fix for bug#49371, skip comments in X509Certificate elements (SC)
* Fix for bug#49459, more header guards (SC)
* Fix for bug#49660, NSS verification of RSA broken (SC)
* Expose algorithm URI on Signature and Reference objects (SC)
* White/blacklisting of otherwise registered algorithms (SC)
* Add selected XML Signature 1.1 KeyInfo extensions (SC)
* Add elliptic curve keys and signatures via ECDSA (SC)
* Support debugging of Reference/SignedInfo data (SC)
* Clean up tests for SHA2 algorithms in OpenSSL (SC)
* Updated autoconf script, added NSS support, removed pre-automake material (SC)
* Add methods for Reference removal to DSIGSignature/DSIGSignedInfo classes (SC)

Changes between 1.5 and 1.5.1
=====================================
* Fix for bug#47353 in c14n of default namespaces (SC)
* Fix Sparc compilation bug (SC)
* Fix for CVE-2009-0217 (SC)

Changes between version 1.4 and 1.5
=====================================
* Make SHA-1 the implicit default DigestMethod for RSA-OAEP
  key transport, allowing for interop until broken impls are fixed (SC)
* Fix memory leak in OpenSSL RSA/DSA key cloning (SC)
* Expose KeyInfo extensions via DOM (SC)
* Fix c14n to omit standard xmlns:xml declarations (SC)
* Add partial support for Inclusive C14N 1.1 with regard to xml:id but not xml:base (SC)
* Finish port to Xerces 3.0 (SC)
* 64-bit API changes (SC)
* Add VC9 build files (SC)

Changes between version 1.3.1 and 1.4
=====================================
* Fix exclusive c14n namespace bug (rev. 526939) (BL)
* Add const specifiers and methods to various classes (SC)
* Add better extraction of openssl build settings using pkg-config (SC)
* Fix XSECnew macro to stop catching arbitrary errors and report
  crypto exceptions instead of turning them into allocation errors (SC)
* Add various missing files to dist target (SC)

Changes between version 1.3 and 1.3.1
=====================================

* Refactor NIX build to use automake and libtool
* Initial support for API changes in Xerces 3.0
* Fix bug in autconf that would stop proper detection of Xerces
  ability to set Id attributes
* Fix bug 40085 - incorrect OIDs on non SHA1 based RSA signatures.
* Update support for non SHA1 based RSA signatures
* Remove redundant code from SignedInfo that was preventing the
  library from loading signatures it did not have an algorithm hard
  wired for
* Fix bug in envelope transform when input nodeset is a document
  fragment rather than the entire document and the canonicalisation
  uses a namespace that was not defined directly in the fragment
* Fix bug in DSIGXPathFilterExpr where m_loaded was not initialised
  potentially causing an exception when an XPath expression was loaded
  reported by Ralf "Sabo" Saborowski.

Changes between version 1.2.1 and 1.3
=====================================

* Performance improvements in canonicalisation
* Implemented algorithm handlers for the digital signature classes,
  to provide algorithm extensibility
* Update signature classes to pass in requested algorithms as URIs
  rather than enums.  Enum based methods are now  deprecated.
* Fix memory leaks in OpenSSL wrapping code
* Provide ability for calling application to define whether
  references are interlocking.
* Provide some stability if the Apache keystore is corrupted under Windows.
* Initial import of beta NSS crypto support
* Complete implementation of XKMS message set
* Methods to allow loading of encrypted data without doing decrypt
  and to process a decrypt/encrypt operation without replacing the
  original nodes
* Provide  MS VC++ 2005 project files
* Fix bug when encrypting small input docs
* Implement checks for broken OpenSSL support under Solaris 10
* Add --with-xalan, --with-openssl, --with-xerces and
  --enable-warnerror flags in configure
* Configure now detects if Xalan is installed rather than having
  XALANCROOT being a pointer to the compile directory
- Reorder hashing in DSIGReference.cpp as per suggestion by Peter Gubis
- Update microsoft project files to reflect new version as per Scott Cantor
- Replace setAttribute with setAttributeNS calls
- Add methods to OpenSSL classes to extract OpenSSL objects
- Fix handling of libcrypto on Solaris platform
- Fix bug in Canoncicalisation courtesy of Scott Cantor

Changes between version 1.2 and 1.2.1
=====================================

* Fixed library versions in Windows builds (were being generated as 1.1)
* Added "No Xalan" builds for xklient under Windows VC6.0
* Added "No Xalan" builds for all projects in VC 7.0


Changes between version 1.1 and 1.2
===================================

* Started a changelog :>
* Remove MFC dependency and clean up memory debugging
* Remove dynamic_casts and RTTI requirement
* Implemented XKMS Message generation and processing
* Implemented command line XKMS tool for generating and dumping XKMS messages
* Support for DESTDIR as provided by ville.skytta@iki.fi in Bugzilla 28520
* Update to Apache licence 2.0.
* Add support for SHA224/256/384/512 (requires OpenSSL 0.9.8 Beta)
* Patch for Mac OS X compile - provided by Scott Cantor - cantor.2@osu.edu - See Bugzilla #34920
* Updates to compile against Xalan 1.9
* Backport to compile with Xerces 2.1
* Fix bug with NULL pointer when validating or signing empty reference lists - fix as suggested by Jesse Pelton <jsp@PKC.com> on 23 March 2005 on security-dev@xml
* Provided support for nominating namespace based Id attributes
* Change to allow apps to calculate and obtain signed info hash - from Eckehard.Hermann@softwareag.com - see email of 2 March 2005 on security-dev@xml
* Patch for long RSA keys provided by Michael Braunoeder - michael@mib.priv.at to security-dev@xml on 16 Nov 2005
* Memory leak in OpenSSLCryptoBase64 reported by Jesse Pelton fixed.
* Move to internal Base64 decoder in a number of methods to handle non-wrapping data
* Resize buffer in OpenSSLCryptoKeyRSA for larger RSA keys - as submitted by Vadim Ismailov <worndown@gmail.com> 3 December 2005
* Remove redundant m_keyType class variable from OpenSSLCryptoKeyRSA as reported by Jesse Pelton (jsp@pkc.com) on security-dev@xml
* Don't throw an exception when an RSA decrypt fails during sig validation - this is a failed validate, not an error
* Shutdown OpenSSL properly - as suggested by Jesse Pelton <jsp@PKC.com> in e-mail to security-dev@xml on 9 March 2005
* Changed scope of WinCapiCryptoKey::importKey() from private to public. It returns key now, instead of void.
* Fix problem in Windows CAPI where XSEC doesn't work if user doesn't have admin rights.
* Bug fix in Windows CAPI code for some W2K machines - reported by Andrzej Matejko 4/5/2004
* Fix build on non WINCAPI systems, as reported by Milan Tomic on 22/4/2004
* New constructor added to WinCapiX509
* Fixed Bug in encode() XSCryptCryptoBase64.
* Fix bug in XPathFilter transform when checking if an attribute is in the input node set.
* Fix bug in in UTF transcoder for counting of transcoded characters (count characters not bytes) reported by Milan Tomic
* Move function definitions in the Windows BinInput stream class to static to avoid conflicts with Xerces.  As suggested by Jesse Pelton <jsp@PKC.com> on 2 Feb 2005 in security-dev@xml
* Added complete KeyInfo handling for XENCEncryptedType
* Fix to stop re-use of derived key encrypting key when decrypting multiple elements in a document
* Fix to ignore encryption exceptions during a private key decrypt
* Add code to detect ASN.1 encoded DSA signatures and validate accordingly

3 files changed, 8 insertions, 9 deletions

diff --git a/security/xml-security-c/Makefile b/security/xml-security-c/Makefile
index d6bd0bc8fc3..a76e353cbdd 100644
--- a/security/xml-security-c/Makefile
+++ b/security/xml-security-c/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.12 2013/04/06 14:09:34 rodent Exp $
+# $NetBSD: Makefile,v 1.13 2013/09/10 11:42:52 obache Exp $
 
-DISTNAME=	xml-security-c-1.6.1
-PKGREVISION=	1
+DISTNAME=	xml-security-c-1.7.2
 CATEGORIES=	security devel
 MASTER_SITES=	${MASTER_SITE_APACHE:=/santuario/c-library/}
 
diff --git a/security/xml-security-c/buildlink3.mk b/security/xml-security-c/buildlink3.mk
index 5ed2c26ebab..f760e46c1e7 100644
--- a/security/xml-security-c/buildlink3.mk
+++ b/security/xml-security-c/buildlink3.mk
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.6 2013/02/06 23:21:03 jperkin Exp $
+# $NetBSD: buildlink3.mk,v 1.7 2013/09/10 11:42:52 obache Exp $
 
 BUILDLINK_TREE+=	xml-security-c
 
@@ -6,7 +6,7 @@ BUILDLINK_TREE+=	xml-security-c
 XML_SECURITY_C_BUILDLINK3_MK:=
 
 BUILDLINK_API_DEPENDS.xml-security-c+=	xml-security-c>=1.4.0
-BUILDLINK_ABI_DEPENDS.xml-security-c+=	xml-security-c>=1.6.1nb1
+BUILDLINK_ABI_DEPENDS.xml-security-c+=	xml-security-c>=1.7.0
 BUILDLINK_PKGSRCDIR.xml-security-c?=	../../security/xml-security-c
 
 .include "../../security/openssl/buildlink3.mk"
diff --git a/security/xml-security-c/distinfo b/security/xml-security-c/distinfo
index 4d8b4145f81..72471ca4051 100644
--- a/security/xml-security-c/distinfo
+++ b/security/xml-security-c/distinfo
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.4 2011/07/28 23:33:31 pettai Exp $
+$NetBSD: distinfo,v 1.5 2013/09/10 11:42:52 obache Exp $
 
-SHA1 (xml-security-c-1.6.1.tar.gz) = 239304659752eb214f3516b6c457c99f0e6467c7
-RMD160 (xml-security-c-1.6.1.tar.gz) = 02c2e21a8ed2b3eab56b2b0635bc6513116c32b2
-Size (xml-security-c-1.6.1.tar.gz) = 864366 bytes
+SHA1 (xml-security-c-1.7.2.tar.gz) = fee59d5347ff0666802c8e5aa729e0304ee492bc
+RMD160 (xml-security-c-1.7.2.tar.gz) = 305ade41811df9ea10e5f474a7172400daabc774
+Size (xml-security-c-1.7.2.tar.gz) = 875465 bytes
 SHA1 (patch-xsec_Makefile.in) = f610c63b888f8f744a5de5b47975eb7dc4aee55b