diff -Nru xml-security-c-1.6.1/debian/changelog xml-security-c-1.6.1/debian/changelog --- xml-security-c-1.6.1/debian/changelog 2011-08-20 22:09:02.000000000 +0200 +++ xml-security-c-1.6.1/debian/changelog 2013-09-25 10:28:03.000000000 +0200 @@ -1,3 +1,29 @@ +xml-security-c (1.6.1-1ubuntu0.1) precise; urgency=low + + * SECURITY UPDATE: Apache Santuario XML Security for C++ contains heap + overflow while processing InclusiveNamespace PrefixLista (LP: 1192874). + - Apply upstream patch to fix a spoofing vulnerability that allows an + attacker to reuse existing signatures with arbitrary content. + (CVE-2013-2153) + - Apply upstream patch to fix a stack overflow in the processing of + malformed XPointer expressions in the XML Signature Reference + processing code. (CVE-2013-2154) + - Apply upstream patch to fix processing of the output length of an + HMAC-based XML Signature that could cause a denial of service when + processing specially chosen input. (CVE-2013-2155) + - Apply upstream patch to fix a heap overflow in the processing of the + PrefixList attribute optionally used in conjunction with Exclusive + Canonicalization, potentially allowing arbitrary code execution. + (CVE-2013-2156) + * SECURITY UPDATE: The attempted fix to address CVE-2013-2154 introduced the + possibility of a heap overflow, possibly leading to arbitrary code + execution, in the processing of malformed XPointer expressions in the XML + Signature Reference processing code (LP: 1199969). + - Apply upstream patch to fix that heap overflow. (Closes: #714241, + CVE-2013-2210) + + -- Christian Biamont Wed, 25 Sep 2013 10:27:27 +0200 + xml-security-c (1.6.1-1build1) oneiric; urgency=low * No-change rebuild for libssl0.9.8 -> libssl1.0.0 transition. diff -Nru xml-security-c-1.6.1/debian/control xml-security-c-1.6.1/debian/control --- xml-security-c-1.6.1/debian/control 2011-07-07 18:10:43.000000000 +0200 +++ xml-security-c-1.6.1/debian/control 2013-09-25 10:28:56.000000000 +0200 @@ -1,11 +1,12 @@ Source: xml-security-c Section: libs Priority: extra -Maintainer: Debian Shib Team +MAintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian Shib Team Uploaders: Russ Allbery Build-Depends: debhelper (>= 8), autotools-dev (>= 20100122.1~), libssl-dev (>= 1.0), libxerces-c-dev, pkg-config -Standards-Version: 3.9.2 +Standards-Version: 3.9.3 Homepage: http://santuario.apache.org/cindex.html Vcs-Git: git://git.debian.org/git/pkg-shibboleth/xml-security-c.git Vcs-Browser: http://git.debian.org/?p=pkg-shibboleth/xml-security-c.git diff -Nru xml-security-c-1.6.1/debian/copyright xml-security-c-1.6.1/debian/copyright --- xml-security-c-1.6.1/debian/copyright 2011-07-07 18:10:43.000000000 +0200 +++ xml-security-c-1.6.1/debian/copyright 2013-09-25 10:28:20.000000000 +0200 @@ -1,4 +1,4 @@ -Format-Specification: +Format: http://svn.debian.org/wsvn/dep/web/deps/dep5.mdwn?op=file&rev=166 Source: http://santuario.apache.org/cindex.html Upstream-Name: Apache XML Security for C++ diff -Nru xml-security-c-1.6.1/debian/patches/debian-changes xml-security-c-1.6.1/debian/patches/debian-changes --- xml-security-c-1.6.1/debian/patches/debian-changes 1970-01-01 01:00:00.000000000 +0100 +++ xml-security-c-1.6.1/debian/patches/debian-changes 2013-09-25 10:29:22.000000000 +0200 @@ -0,0 +1,484 @@ +Subject: Collected Debian patches for xml-security-c +Author: Russ Allbery + +The packaging for xml-security-c is maintained in Git using multiple +branches for fixes, which makes it complex to separate the changes easily +into individual patches. They are therefore all included in a single +Debian patch. + +For full commit history and separated commits, see the packaging Git +repository. +--- xml-security-c-1.6.1.orig/xsec/canon/XSECC14n20010315.cpp ++++ xml-security-c-1.6.1/xsec/canon/XSECC14n20010315.cpp +@@ -240,6 +240,8 @@ void XSECC14n20010315::setExclusive(char + + } + ++ ArrayJanitor j_nsBuf(nsBuf); ++ + int i, j; + + i = 0; +@@ -247,21 +249,22 @@ void XSECC14n20010315::setExclusive(char + while (xmlnsList[i] != '\0') { + + while (xmlnsList[i] == ' ' || +- xmlnsList[i] == '\0' || + xmlnsList[i] == '\t' || + xmlnsList[i] == '\r' || +- xmlnsList[i] == '\n') ++ xmlnsList[i] == '\n') { + + ++i; // Skip white space ++ } + + j = 0; + while (!(xmlnsList[i] == ' ' || + xmlnsList[i] == '\0' || + xmlnsList[i] == '\t' || + xmlnsList[i] == '\r' || +- xmlnsList[i] == '\n')) ++ xmlnsList[i] == '\n')) { + + nsBuf[j++] = xmlnsList[i++]; // Copy name ++ } + + // Terminate the string + nsBuf[j] = '\0'; +@@ -281,8 +284,6 @@ void XSECC14n20010315::setExclusive(char + + } + +- delete[] nsBuf; +- + } + + +--- xml-security-c-1.6.1.orig/xsec/utils/XSECSOAPRequestorSimple.cpp ++++ xml-security-c-1.6.1/xsec/utils/XSECSOAPRequestorSimple.cpp +@@ -218,31 +218,31 @@ char * XSECSOAPRequestorSimple::wrapAndS + + DOMDocument * XSECSOAPRequestorSimple::parseAndUnwrap(const char * buf, unsigned int len) { + +- XercesDOMParser * parser = new XercesDOMParser; +- Janitor j_parser(parser); +- +- parser->setDoNamespaces(true); +- parser->setCreateEntityReferenceNodes(true); +- parser->setDoSchema(true); ++ XercesDOMParser parser; ++ parser.setDoNamespaces(true); ++ parser.setLoadExternalDTD(false); ++ ++ SecurityManager securityManager; ++ securityManager.setEntityExpansionLimit(XSEC_ENTITY_EXPANSION_LIMIT); ++ parser.setSecurityManager(&securityManager); + + // Create an input source + +- MemBufInputSource* memIS = new MemBufInputSource ((const XMLByte*) buf, len, "XSECMem"); +- Janitor j_memIS(memIS); ++ MemBufInputSource memIS((const XMLByte*) buf, len, "XSECMem"); + +- parser->parse(*memIS); +- xsecsize_t errorCount = parser->getErrorCount(); ++ parser.parse(memIS); ++ xsecsize_t errorCount = parser.getErrorCount(); + if (errorCount > 0) + throw XSECException(XSECException::HTTPURIInputStreamError, + "Error parsing response message"); + + if (m_envelopeType == ENVELOPE_NONE) { + +- return parser->adoptDocument(); ++ return parser.adoptDocument(); + + } + +- DOMDocument * responseDoc = parser->getDocument(); ++ DOMDocument * responseDoc = parser.getDocument(); + + // Must be a SOAP message of some kind - so lets remove the wrapper. + // First create a new document for the Response message +--- xml-security-c-1.6.1.orig/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp ++++ xml-security-c-1.6.1/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp +@@ -60,6 +60,15 @@ bool compareBase64StringToRaw(const char + // Compare at most maxCompare bits (if maxCompare > 0) + // Note - whilst the other parameters are bytes, maxCompare is bits + ++ // The div function below takes signed int, so make sure the value ++ // is safe to cast. ++ if ((int) maxCompare < 0) { ++ ++ throw XSECException(XSECException::CryptoProviderError, ++ "Comparison length was unsafe"); ++ ++ } ++ + unsigned char outputStr[MAXB64BUFSIZE]; + unsigned int outputLen = 0; + +@@ -126,7 +135,7 @@ bool compareBase64StringToRaw(const char + + char mask = 0x01; + if (maxCompare != 0) { +- for (j = 0 ; j < (unsigned int) d.rem; ++i) { ++ for (j = 0 ; j < (unsigned int) d.rem; ++j) { + + if ((raw[i] & mask) != (outputStr[i] & mask)) + return false; +@@ -516,7 +525,7 @@ unsigned int DSIGAlgorithmHandlerDefault + // Signature already created, so just translate to base 64 and enter string + + // FIX: CVE-2009-0217 +- if (outputLength > 0 && (outputLength < 80 || outputLength < hashLen / 2)) { ++ if (outputLength > 0 && (outputLength > hashLen || outputLength < 80 || outputLength < hashLen / 2)) { + throw XSECException(XSECException::AlgorithmMapperError, + "HMACOutputLength set to unsafe value."); + } +@@ -641,7 +650,7 @@ bool DSIGAlgorithmHandlerDefault::verify + // Already done - just compare calculated value with read value + + // FIX: CVE-2009-0217 +- if (outputLength > 0 && (outputLength < 80 || outputLength < hashLen / 2)) { ++ if (outputLength > 0 && (outputLength > hashLen || outputLength < 80 || outputLength < hashLen / 2)) { + throw XSECException(XSECException::AlgorithmMapperError, + "HMACOutputLength set to unsafe value."); + } +--- xml-security-c-1.6.1.orig/xsec/dsig/DSIGReference.cpp ++++ xml-security-c-1.6.1/xsec/dsig/DSIGReference.cpp +@@ -516,26 +516,29 @@ TXFMBase * DSIGReference::getURIBaseTXFM + } + + else if (URI[9] == XERCES_CPP_NAMESPACE_QUALIFIER chOpenParen && +- URI[10] == XERCES_CPP_NAMESPACE_QUALIFIER chLatin_i && +- URI[11] == XERCES_CPP_NAMESPACE_QUALIFIER chLatin_d && +- URI[12] == XERCES_CPP_NAMESPACE_QUALIFIER chOpenParen && +- URI[13] == XERCES_CPP_NAMESPACE_QUALIFIER chSingleQuote) { ++ URI[10] == XERCES_CPP_NAMESPACE_QUALIFIER chLatin_i && ++ URI[11] == XERCES_CPP_NAMESPACE_QUALIFIER chLatin_d && ++ URI[12] == XERCES_CPP_NAMESPACE_QUALIFIER chOpenParen && ++ URI[13] == XERCES_CPP_NAMESPACE_QUALIFIER chSingleQuote) { + + xsecsize_t len = XMLString::stringLen(&URI[14]); + +- XMLCh tmp[512]; +- +- if (len > 511) +- len = 511; ++ XMLCh* tmp = new XMLCh[len + 1]; ++ ArrayJanitor j_tmp(tmp); + + xsecsize_t j = 14, i = 0; + + // Have an ID +- while (URI[j] != '\'') { ++ while (i < len && URI[j] != '\'') { + tmp[i++] = URI[j++]; + } ++ + tmp[i] = XERCES_CPP_NAMESPACE_QUALIFIER chNull; + ++ if (URI[j] != '\'') { ++ throw XSECException(XSECException::UnsupportedXpointerExpr); ++ } ++ + to->setInput(doc, tmp); + + } +@@ -630,9 +633,14 @@ void DSIGReference::load(void) { + // Now check for Transforms + tmpElt = mp_referenceNode->getFirstChild(); + +- while (tmpElt != 0 && (tmpElt->getNodeType() != DOMNode::ELEMENT_NODE)) ++ while (tmpElt != 0 && (tmpElt->getNodeType() != DOMNode::ELEMENT_NODE)) { ++ if (tmpElt->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) { ++ throw XSECException(XSECException::ExpectedDSIGChildNotFound, ++ "EntityReference nodes in are unsupported."); ++ } + // Skip text and comments + tmpElt = tmpElt->getNextSibling(); ++ } + + if (tmpElt == 0) { + +@@ -651,13 +659,19 @@ void DSIGReference::load(void) { + + // Find next node + tmpElt = tmpElt->getNextSibling(); +- while (tmpElt != 0 && (tmpElt->getNodeType() != DOMNode::ELEMENT_NODE)) ++ while (tmpElt != 0 && (tmpElt->getNodeType() != DOMNode::ELEMENT_NODE)) { ++ if (tmpElt->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) { ++ throw XSECException(XSECException::ExpectedDSIGChildNotFound, ++ "EntityReference nodes in are unsupported."); ++ } + tmpElt = tmpElt->getNextSibling(); ++ } + + + } /* if tmpElt node type = transforms */ +- else ++ else { + mp_transformList = NULL; ++ } + + + if (tmpElt == NULL || !strEquals(getDSIGLocalName(tmpElt), "DigestMethod")) { +@@ -692,8 +706,14 @@ void DSIGReference::load(void) { + + tmpElt = tmpElt->getNextSibling(); + +- while (tmpElt != 0 && !(strEquals(getDSIGLocalName(tmpElt), "DigestValue"))) ++ while (tmpElt != 0 && ++ (tmpElt->getNodeType() != DOMNode::ELEMENT_NODE || !strEquals(getDSIGLocalName(tmpElt), "DigestValue"))) { ++ if (tmpElt->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) { ++ throw XSECException(XSECException::ExpectedDSIGChildNotFound, ++ "EntityReference nodes in are unsupported."); ++ } + tmpElt = tmpElt->getNextSibling(); ++ } + + if (tmpElt == 0) { + +@@ -731,8 +751,13 @@ void DSIGReference::load(void) { + + // Find Manifest child + manifestNode = manifestNode->getFirstChild(); +- while (manifestNode != 0 && manifestNode->getNodeType() != DOMNode::ELEMENT_NODE) ++ while (manifestNode != 0 && manifestNode->getNodeType() != DOMNode::ELEMENT_NODE) { ++ if (manifestNode->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) { ++ throw XSECException(XSECException::ExpectedDSIGChildNotFound, ++ "EntityReference nodes in are unsupported."); ++ } + manifestNode = manifestNode->getNextSibling(); ++ } + + if (manifestNode == 0 || !strEquals(getDSIGLocalName(manifestNode), "Manifest")) + throw XSECException(XSECException::ExpectedDSIGChildNotFound, +@@ -743,8 +768,14 @@ void DSIGReference::load(void) { + // Now have the manifest node, find the first reference and load! + referenceNode = manifestNode->getFirstChild(); + +- while (referenceNode != 0 && !strEquals(getDSIGLocalName(referenceNode), "Reference")) ++ while (referenceNode != 0 && ++ (referenceNode->getNodeType() != DOMNode::ELEMENT_NODE || !strEquals(getDSIGLocalName(referenceNode), "Reference"))) { ++ if (referenceNode->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) { ++ throw XSECException(XSECException::ExpectedDSIGChildNotFound, ++ "EntityReference nodes in are unsupported."); ++ } + referenceNode = referenceNode->getNextSibling(); ++ } + + if (referenceNode == 0) + throw XSECException(XSECException::ExpectedDSIGChildNotFound, +@@ -797,8 +828,13 @@ DSIGReferenceList *DSIGReference::loadRe + // Find next element Node + tmpRef = tmpRef->getNextSibling(); + +- while (tmpRef != 0 && tmpRef->getNodeType() != DOMNode::ELEMENT_NODE) ++ while (tmpRef != 0 && tmpRef->getNodeType() != DOMNode::ELEMENT_NODE) { ++ if (tmpRef->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) { ++ throw XSECException(XSECException::ExpectedDSIGChildNotFound, ++ "EntityReference nodes in are unsupported."); ++ } + tmpRef = tmpRef->getNextSibling(); ++ } + + } + +--- xml-security-c-1.6.1.orig/xsec/dsig/DSIGSignedInfo.cpp ++++ xml-security-c-1.6.1/xsec/dsig/DSIGSignedInfo.cpp +@@ -299,9 +299,14 @@ void DSIGSignedInfo::load(void) { + + // Check for CanonicalizationMethod + +- while (tmpSI != 0 && (tmpSI->getNodeType() != DOMNode::ELEMENT_NODE)) ++ while (tmpSI != 0 && (tmpSI->getNodeType() != DOMNode::ELEMENT_NODE)) { ++ if (tmpSI->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) { ++ throw XSECException(XSECException::ExpectedDSIGChildNotFound, ++ "EntityReference nodes in are unsupported."); ++ } + // Skip text and comments + tmpSI = tmpSI->getNextSibling(); ++ } + + if (tmpSI == 0 || !strEquals(getDSIGLocalName(tmpSI), "CanonicalizationMethod")) { + +@@ -362,17 +367,23 @@ void DSIGSignedInfo::load(void) { + + } + +- else ++ else { + + throw XSECException(XSECException::UnknownCanonicalization); ++ } + + // Now load the SignatureMethod + + tmpSI = tmpSI->getNextSibling(); + +- while (tmpSI != 0 && (tmpSI->getNodeType() != DOMNode::ELEMENT_NODE)) ++ while (tmpSI != 0 && (tmpSI->getNodeType() != DOMNode::ELEMENT_NODE)) { ++ if (tmpSI->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) { ++ throw XSECException(XSECException::ExpectedDSIGChildNotFound, ++ "EntityReference nodes in are unsupported."); ++ } + // Skip text and comments + tmpSI = tmpSI->getNextSibling(); ++ } + + if (tmpSI == 0 || !strEquals(getDSIGLocalName(tmpSI), "SignatureMethod")) { + +@@ -406,10 +417,14 @@ void DSIGSignedInfo::load(void) { + * longer know at this point if this is an HMAC, we need to check. */ + + DOMNode *tmpSOV = tmpSI->getFirstChild(); +- while (tmpSOV != NULL && +- tmpSOV->getNodeType() != DOMNode::ELEMENT_NODE && +- !strEquals(getDSIGLocalName(tmpSOV), "HMACOutputLength")) ++ while (tmpSOV != NULL && ++ (tmpSOV->getNodeType() != DOMNode::ELEMENT_NODE || !strEquals(getDSIGLocalName(tmpSOV), "HMACOutputLength"))) { ++ if (tmpSOV->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) { ++ throw XSECException(XSECException::ExpectedDSIGChildNotFound, ++ "EntityReference nodes in are unsupported."); ++ } + tmpSOV = tmpSOV->getNextSibling(); ++ } + + if (tmpSOV != NULL) { + +@@ -433,9 +448,14 @@ void DSIGSignedInfo::load(void) { + + // Run through the rest of the elements until done + +- while (tmpSI != 0 && (tmpSI->getNodeType() != DOMNode::ELEMENT_NODE)) ++ while (tmpSI != 0 && (tmpSI->getNodeType() != DOMNode::ELEMENT_NODE)) { ++ if (tmpSI->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) { ++ throw XSECException(XSECException::ExpectedDSIGChildNotFound, ++ "EntityReference nodes in are unsupported."); ++ } + // Skip text and comments + tmpSI = tmpSI->getNextSibling(); ++ } + + if (tmpSI != NULL) { + +--- xml-security-c-1.6.1.orig/xsec/framework/XSECDefs.hpp ++++ xml-security-c-1.6.1/xsec/framework/XSECDefs.hpp +@@ -69,6 +69,9 @@ + typedef unsigned int xsecsize_t; + #endif + ++// Pending API change, compile in a limit for Xerces SecurityManager entity expansion ++#define XSEC_ENTITY_EXPANSION_LIMIT 1000 ++ + + // -------------------------------------------------------------------------------- + // Namespace Handling +--- xml-security-c-1.6.1.orig/xsec/xenc/impl/XENCCipherImpl.cpp ++++ xml-security-c-1.6.1/xsec/xenc/impl/XENCCipherImpl.cpp +@@ -263,8 +263,9 @@ DOMDocumentFragment * XENCCipherImpl::de + sb.sbXMLChAppendCh(chCloseAngle); + + char* prefix = transcodeToUTF8(sb.rawXMLChBuffer()); +- + sbt = prefix; ++ XSEC_RELEASE_XMLCH(prefix); ++ + const char * crcb = content.rawCharBuffer(); + int offset = 0; + if (crcb[0] == '<' && crcb[1] == '?') { +@@ -279,9 +280,6 @@ DOMDocumentFragment * XENCCipherImpl::de + + sbt.sbStrcatIn(&crcb[offset]); + +- // Now transform the content to UTF-8 +- //sb.sbXMLChCat8(content.rawCharBuffer()); +- + // Terminate the string + sb.sbXMLChIn(DSIGConstants::s_unicodeStrEmpty); + sb.sbXMLChAppendCh(chOpenAngle); +@@ -293,37 +291,24 @@ DOMDocumentFragment * XENCCipherImpl::de + sbt.sbStrcatIn(trailer); + XSEC_RELEASE_XMLCH(trailer); + +- // Now we need to parse the document +- XercesDOMParser* parser = NULL; +- MemBufInputSource* memIS = NULL; +- try { +- parser = new XercesDOMParser; +- +- parser->setDoNamespaces(true); +- parser->setCreateEntityReferenceNodes(true); +- parser->setDoSchema(false); +- +- // Create an input source +- xsecsize_t bytes = XMLString::stringLen(sbt.rawCharBuffer()); +- memIS = new MemBufInputSource((const XMLByte*) sbt.rawBuffer(), bytes, "XSECMem"); +- } +- catch (...) { +- delete memIS; +- delete parser; +- XSEC_RELEASE_XMLCH(prefix); +- throw; +- } +- +- XSEC_RELEASE_XMLCH(prefix); +- Janitor j_parser(parser); +- Janitor j_memIS(memIS); ++ // Create an input source ++ xsecsize_t bytes = XMLString::stringLen(sbt.rawCharBuffer()); ++ MemBufInputSource memIS((const XMLByte*) sbt.rawBuffer(), bytes, "XSECMem"); ++ ++ XercesDOMParser parser; ++ parser.setDoNamespaces(true); ++ parser.setLoadExternalDTD(false); ++ ++ SecurityManager securityManager; ++ securityManager.setEntityExpansionLimit(XSEC_ENTITY_EXPANSION_LIMIT); ++ parser.setSecurityManager(&securityManager); + +- parser->parse(*memIS); +- xsecsize_t errorCount = parser->getErrorCount(); ++ parser.parse(memIS); ++ xsecsize_t errorCount = parser.getErrorCount(); + if (errorCount > 0) + throw XSECException(XSECException::CipherError, "Errors occured during de-serialisation of decrypted element content"); + +- DOMDocument * doc = parser->getDocument(); ++ DOMDocument * doc = parser.getDocument(); + + // Create a DocumentFragment to hold the children of the parsed doc element + DOMDocument *ctxDocument = ctx->getOwnerDocument(); +--- xml-security-c-1.6.1.orig/xsec/transformers/TXFMParser.cpp ++++ xml-security-c-1.6.1/xsec/transformers/TXFMParser.cpp +@@ -114,8 +114,11 @@ void TXFMParser::setInput(TXFMBase *newI + XercesDOMParser parser; + + parser.setDoNamespaces(true); +- parser.setCreateEntityReferenceNodes(true); +- parser.setDoSchema(true); ++ parser.setLoadExternalDTD(false); ++ ++ SecurityManager securityManager; ++ securityManager.setEntityExpansionLimit(XSEC_ENTITY_EXPANSION_LIMIT); ++ parser.setSecurityManager(&securityManager); + + parser.parse(is); + xsecsize_t errorCount = parser.getErrorCount(); +--- xml-security-c-1.6.1.orig/xsec/transformers/TXFMXSL.cpp ++++ xml-security-c-1.6.1/xsec/transformers/TXFMXSL.cpp +@@ -187,8 +187,12 @@ void TXFMXSL::evaluateStyleSheet(const s + + parser->setDoNamespaces(true); + parser->setCreateEntityReferenceNodes(true); ++ parser->setLoadExternalDTD(false); + parser->setDoSchema(true); + ++ SecurityManager securityManager; ++ parser->setSecurityManager(&securityManager); ++ + // Create an input source + + MemBufInputSource* memIS = new MemBufInputSource ((const XMLByte*) txoh.buffer.rawBuffer(), txoh.offset, "XSECMem"); diff -Nru xml-security-c-1.6.1/debian/patches/series xml-security-c-1.6.1/debian/patches/series --- xml-security-c-1.6.1/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ xml-security-c-1.6.1/debian/patches/series 2013-09-25 10:28:08.000000000 +0200 @@ -0,0 +1 @@ +debian-changes