summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2021-03-20 23:55:47 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2021-03-20 23:55:47 +0000
commite6c476f0d430d7d6f8084e2e52b21e362ca0119d (patch)
treec58fa900b6cbc9a991fcbe40a5147899b41f3107
parentAdding upstream version 1.2.31. (diff)
downloadxmlsec1-debian.tar.xz
xmlsec1-debian.zip
Adding debian version 1.2.31-1.debian/1.2.31-1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/README.Debian37
-rw-r--r--debian/changelog342
-rw-r--r--debian/compat1
-rw-r--r--debian/control149
-rw-r--r--debian/copyright29
-rw-r--r--debian/libxmlsec1-dev.install6
-rw-r--r--debian/libxmlsec1-dev.manpages1
-rw-r--r--debian/libxmlsec1-doc.install1
-rw-r--r--debian/libxmlsec1-doc.links1
-rw-r--r--debian/libxmlsec1-gcrypt.install1
-rw-r--r--debian/libxmlsec1-gcrypt.lintian-overrides2
-rw-r--r--debian/libxmlsec1-gnutls.install1
-rw-r--r--debian/libxmlsec1-gnutls.lintian-overrides2
-rw-r--r--debian/libxmlsec1-nss.install1
-rw-r--r--debian/libxmlsec1-nss.lintian-overrides2
-rw-r--r--debian/libxmlsec1-openssl.install1
-rw-r--r--debian/libxmlsec1-openssl.lintian-overrides2
-rw-r--r--debian/libxmlsec1.install1
-rw-r--r--debian/libxmlsec1.lintian-overrides2
-rw-r--r--debian/patches/no-url-map-using-tests.diff346
-rw-r--r--debian/patches/series2
-rw-r--r--debian/patches/skip-failing-tests.patch33
-rwxr-xr-xdebian/rules44
-rw-r--r--debian/source/format1
-rw-r--r--debian/watch3
-rw-r--r--debian/xmlsec1.install1
-rw-r--r--debian/xmlsec1.manpages1
27 files changed, 1013 insertions, 0 deletions
diff --git a/debian/README.Debian b/debian/README.Debian
new file mode 100644
index 0000000..6b754ae
--- /dev/null
+++ b/debian/README.Debian
@@ -0,0 +1,37 @@
+xmlsec and libxmlsec for Debian
+-------------------------------
+
+The upstream documentation is included with the libxmlsec1-dev package and
+located at /usr/share/doc/libxmlsec1-dev.
+
+When developing with the xmlsec library, you have a choice of openssl,
+gnutls, or nss crypto engines. By using "pkg-config xmlsec1-<engine>" or
+"xmlsec1-config --crypto=<engine>", you can get the necessary compiler
+command-line switches for enabling a certain engine.
+
+If you want to license your application that uses the xmlsec library under
+the GNU GPL, or want your library that uses the xmlsec library to be GPL-
+compatible, I suggest using the gnutls engine. Use of the nss crypto engine
+may also be compatible with the GPL, but see bugs #207024 and #207026.
+Regarding openssl, there is a bit of controversy about whether it can be
+considered part of the OS and therefore make use of a loophole in the GPL.
+(See the xmlsec FAQ in the documentation.) More specifically, debian-legal
+takes a hard line and does not allow GPL'd packages that link to openssl to
+exist in main. In the future, support for PGP key types may be added, which
+would become another reason to go with the gnutls engine.
+
+Note that the library has a dynamic crypto engine loading feature, but I
+have not yet enabled it.
+
+Note that a number of the examples included with the -dev package will
+not compile successfully under the gnutls engine (due to lack of features
+compared to openssl), and will fail under both the gnutls and nss engines
+(due to lack of pem file support, etc.).
+
+Upstream has promised that they will increment the number in the library name
+(for example, xmlsec1 -> xmlsec2) whenever a binary incompatibility is
+introduced, and that it will always match the soname number. For this
+reason I chose to omit the soname number from package names.
+
+
+ -- John V. Belmonte <jbelmonte@debian.org>
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..dc899eb
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,342 @@
+xmlsec1 (1.2.31-1) unstable; urgency=medium
+
+ * New upstream version 1.2.31
+
+ -- Rene Engelhard <rene@debian.org> Fri, 27 Nov 2020 19:07:53 +0100
+
+xmlsec1 (1.2.30-1) unstable; urgency=medium
+
+ * "New" upstream version 1.2.30
+
+ -- Rene Engelhard <rene@debian.org> Sun, 27 Sep 2020 11:07:29 +0200
+
+xmlsec1 (1.2.28-2) unstable; urgency=medium
+
+ * upload to unstable
+
+ -- Rene Engelhard <rene@debian.org> Sat, 29 Jun 2019 10:22:36 +0200
+
+xmlsec1 (1.2.28-1) experimental; urgency=medium
+
+ * New upstream version 1.2.28
+
+ -- Rene Engelhard <rene@debian.org> Sun, 09 Jun 2019 15:02:50 +0200
+
+xmlsec1 (1.2.27-2) unstable; urgency=medium
+
+ * upload to unstable
+
+ * add Depends: ${misc:Depends} to libxmlsec1-doc, thanks lintian
+
+ -- Rene Engelhard <rene@debian.org> Sun, 18 Nov 2018 11:01:38 +0000
+
+xmlsec1 (1.2.27-1) experimental; urgency=medium
+
+ * New upstream version 1.2.27
+
+ * debian/patches/skip-online-tests.diff: remove ..
+ * no-url-map-using-tests.diff: ... in favour of this. Remove tests
+ which need url map stuff because they a) need to be online and b)
+ require non-free files
+
+ -- Rene Engelhard <rene@debian.org> Tue, 30 Oct 2018 21:14:15 +0000
+
+xmlsec1 (1.2.26-3) unstable; urgency=medium
+
+ * upload to unstable
+
+ -- Rene Engelhard <rene@debian.org> Wed, 27 Jun 2018 17:41:20 +0000
+
+xmlsec1 (1.2.26-2) experimental; urgency=medium
+
+ * fix libxmlsec1-doc
+
+ -- Rene Engelhard <rene@debian.org> Fri, 08 Jun 2018 14:03:06 +0200
+
+xmlsec1 (1.2.26-1) experimental; urgency=medium
+
+ * New upstream version 1.2.26
+
+ * add Breaks: libreoffice-core (<< 1:6.0.5~rc2~)
+ * add new Build-Depends(-Indep) for the docs
+ * build a new libxmlsec1-doc package
+
+ -- Rene Engelhard <rene@debian.org> Fri, 08 Jun 2018 08:35:05 +0200
+
+xmlsec1 (1.2.25-2) unstable; urgency=medium
+
+ * Team upload.
+ * d/control:
+ + Add Vcs-* fields.
+ + Run wrap-and-sort.
+ + Bump Standards-Version to 4.1.4, no changes needed.
+ + Drop duplicated Section field.
+ + Use HTTPS in the Homepage field.
+ * d/watch: Use HTTPS.
+ * d/rules: Rewrite using the dh sequencer.
+ * d/README.Debian: Fix spelling errors.
+ * Add lintian overrides for package-name-doesnt-match-sonames, as upstream
+ promised to change package name whenever breaking ABI.
+ * Bump debhelper compat level to 11.
+
+ -- Mattia Rizzolo <mattia@debian.org> Sat, 26 May 2018 15:53:54 +0200
+
+xmlsec1 (1.2.25-1) unstable; urgency=medium
+
+ * New upstream version 1.2.25
+ * update libxml2-dev and libssl-dev (build-)deps according to
+ configure.ac/*.pc
+ * explicitly --enable-soap (now disabled per default)
+
+ -- Rene Engelhard <rene@debian.org> Mon, 18 Sep 2017 18:40:26 +0200
+
+xmlsec1 (1.2.24-4) unstable; urgency=medium
+
+ * apply patch from Helmut Grohne to
+ Configure with multiarch --libdir (closes: #869544)
+ * add Multi-Arch: same to the library packages
+
+ -- Rene Engelhard <rene@debian.org> Mon, 24 Jul 2017 22:34:08 +0000
+
+xmlsec1 (1.2.24-3) unstable; urgency=medium
+
+ * upload to unstable
+
+ -- Rene Engelhard <rene@debian.org> Sat, 01 Jul 2017 10:09:31 +0200
+
+xmlsec1 (1.2.24-2) experimental; urgency=medium
+
+ * merge from Ubuntu:
+ - Enable test suite execution during package build (closes: #774631)
+
+ -- Rene Engelhard <rene@debian.org> Sun, 25 Jun 2017 21:15:16 +0200
+
+xmlsec1 (1.2.24-1) unstable; urgency=medium
+
+ * New upstream release (closes: #865539)
+ * move Maintainer: to Debian XML/SGML Group; keep John in Uploaders:
+ and add me
+
+ -- Rene Engelhard <rene@debian.org> Thu, 22 Jun 2017 18:54:56 +0200
+
+xmlsec1 (1.2.23-0.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * New upstream release, builds against OpenSSL 1.1.0 (Closes: #828606).
+ * Drop patches (examples_encrypt3.patch + examples_rootcert.patch) both
+ applied upstream.
+
+ -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Thu, 15 Dec 2016 21:09:18 +0100
+
+xmlsec1 (1.2.20-2) unstable; urgency=low
+
+ * Add upstream patches to fix examples.
+
+ -- John V. Belmonte <jbelmonte@debian.org> Mon, 07 Jul 2014 21:09:35 -0700
+
+xmlsec1 (1.2.20-1) unstable; urgency=low
+
+ * New upstream release
+ * Upgrade libgnutls and libgcrypt dependencies (Closes: #753151)
+ * Use dh-autoreconf
+ * Debian standards 3.9.5
+
+ -- John V. Belmonte <jbelmonte@debian.org> Fri, 04 Jul 2014 14:15:39 -0700
+
+xmlsec1 (1.2.18-2) unstable; urgency=low
+
+ * Add upstream patch which fixes version check utility function (Bug #675513)
+
+ -- John V. Belmonte <jbelmonte@debian.org> Thu, 26 Jul 2012 21:15:41 -0400
+
+xmlsec1 (1.2.18-1) unstable; urgency=low
+
+ * New upstream release (including CVE-2011-1425, Closes: #604828)
+ * Incorporate NMU for la file removal and hardened build flags
+ * Fix example linker flags (Closes: #647453)
+ * Add build-arch and build-indep targets to rules
+ * Add misc-depends entry to binaries
+ * Confirm Debian standards 3.9.3
+ * Switch to dpkg-source 3.0 (quilt) format
+
+ -- John V. Belmonte <jbelmonte@debian.org> Sun, 22 Apr 2012 10:32:43 -0400
+
+xmlsec1 (1.2.14-1.3) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Enable hardened build flags (Bug #656655)
+
+ -- Moritz Muehlenhoff <jmm@debian.org> Fri, 06 Apr 2012 21:31:59 +0200
+
+xmlsec1 (1.2.14-1.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Empty dependency_libs in libtool la file. Closes: #610239
+ http://wiki.debian.org/ReleaseGoals/LAFileRemoval
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 23 Apr 2011 08:53:37 +0200
+
+xmlsec1 (1.2.14-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Apply patch from upstream addressing arbitrary file overwrite
+ (CVE-2011-1425, closes: #620560).
+
+ -- Thijs Kinkhorst <thijs@debian.org> Sat, 09 Apr 2011 17:40:24 +0200
+
+xmlsec1 (1.2.14-1) unstable; urgency=low
+
+ * New upstream release, fixes CVE-2009-3736 (Closes: #559831)
+ * debian/rules: dh_prep instead of dh_clean
+
+ -- John V. Belmonte <jbelmonte@debian.org> Tue, 08 Dec 2009 21:47:36 -0500
+
+xmlsec1 (1.2.12-1) unstable; urgency=low
+
+ * New upstream release, fixes CVE-2009-0217 (Closes: #532751, #529918)
+ * Update debian/watch
+ * Upgrade to latest debhelper version
+ * In debian/control:
+ * add Homepage
+ * remove use of ${Source-Version}
+ * In debian/rules:
+ * fix distclean call
+ * $(CURDIR) instead of $(PWD)
+ * remove xulrunner hack since upstream now supports it in configure
+ * strip RPATH's caused by bug in upstream's libtool version
+ * Confirm Debian standards 3.8.3
+
+ -- John V. Belmonte <jbelmonte@debian.org> Sat, 05 Sep 2009 18:21:58 -0400
+
+xmlsec1 (1.2.9-5) unstable; urgency=low
+
+ * Remove shlibs.local (Closes: #379445)
+ * Add minimum versions to Build-Depends and -dev Depends
+
+ -- John V. Belmonte <jbelmonte@debian.org> Sun, 30 Jul 2006 22:27:01 -0400
+
+xmlsec1 (1.2.9-4) unstable; urgency=low
+
+ * Fix gnutls dependency in shlibs.local (Closes: #379390)
+
+ -- John V. Belmonte <jbelmonte@debian.org> Sun, 23 Jul 2006 10:46:53 -0400
+
+xmlsec1 (1.2.9-3) unstable; urgency=low
+
+ * Adjust gnutls dependency (Closes: #335771)
+ * Adjust libxml2 min version
+
+ -- John V. Belmonte <jbelmonte@debian.org> Mon, 26 Jun 2006 20:48:41 -0400
+
+xmlsec1 (1.2.9-2) unstable; urgency=low
+
+ * Add engine libraries to depends of dev package
+ * Switch to mozilla libs provided by xulrunner package (Closes: #364382)
+ * Confirm Debian standards 3.7.2
+
+ -- John V. Belmonte <jbelmonte@debian.org> Thu, 08 Jun 2006 21:52:55 -0400
+
+xmlsec1 (1.2.9-1) unstable; urgency=low
+
+ * New upstream release (Closes: #319807)
+ * Upgrade to Debian standards 3.6.2
+
+ -- John V. Belmonte <jbelmonte@debian.org> Sat, 17 Sep 2005 09:36:11 -0400
+
+xmlsec1 (1.2.6-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- John V. Belmonte <jbelmonte@debian.org> Thu, 26 Aug 2004 15:07:52 -0400
+
+xmlsec1 (1.2.4-3) unstable; urgency=low
+
+ * Adjust gnutls dependency (Closes: #263626)
+ * Add debian/watch
+
+ -- John V. Belmonte <jbelmonte@debian.org> Thu, 5 Aug 2004 12:09:42 -0400
+
+xmlsec1 (1.2.4-2) unstable; urgency=low
+
+ * Change maintainer address
+ * Adjust libxslt dependency (Closes: #261831)
+
+ -- John V. Belmonte <jbelmonte@debian.org> Mon, 2 Aug 2004 10:05:04 -0400
+
+xmlsec1 (1.2.4-1) unstable; urgency=low
+
+ * New upstream release (Closes: #228531)
+ * Add binary for nss crypto engine
+ * Upgrade gnutls dependency to gnutls10
+
+ -- John V. Belmonte <jvb@prairienet.org> Tue, 27 Jan 2004 12:49:49 -0500
+
+xmlsec1 (1.1.1-2) unstable; urgency=low
+
+ * Upgrade to Debian standards 3.6.1
+ * In debian/rules:
+ * remove unused "nostrip" logic
+ * replace use of $CURDIR with `pwd`
+ * remove unused debhelper calls
+ * convert from dh_movefiles to dh_install
+ * omit makefiles and SGML files from HTML docs
+
+ -- John V. Belmonte <jvb@prairienet.org> Mon, 13 Oct 2003 15:43:41 -0400
+
+xmlsec1 (1.1.1-1) unstable; urgency=low
+
+ * New upstream release
+ * Add soname number to build/-dev depends for libgnutls
+ * Add version to build/-dev depends for libssl since no
+ libssl<soname_number>-dev is available
+ * In README.Debian, clarify restriction on use of openssl crypto engine
+ by GPL'd official Debian packages
+ * In README.Debian, more about the yet unpackaged nss crypto engine
+
+ -- John V. Belmonte <jvb@prairienet.org> Sun, 24 Aug 2003 06:39:56 -0400
+
+xmlsec1 (1.1.0-1) unstable; urgency=low
+
+ * New upstream release
+ * Add pkg-config files (Closes: #203376)
+ * Downplay xmlsec1-config in README.Debian, package descriptions
+ * Remove some upstream workarounds from debian/rules
+
+ -- John V. Belmonte <jvb@prairienet.org> Mon, 11 Aug 2003 10:05:06 -0400
+
+xmlsec1 (1.0.4-2) unstable; urgency=low
+
+ * No change, except this time my sponsor won't accidentally mutilate the
+ package before uploading :-)
+
+ -- John V. Belmonte <jvb@prairienet.org> Fri, 18 Jul 2003 01:11:45 -0400
+
+xmlsec1 (1.0.4-1) unstable; urgency=low
+
+ * New upstream release
+ * Update README.Debian regarding nss engine support
+ * Fix typo in libxmlsec1 description
+ * Remove some upstream workarounds from debian/rules
+
+ -- John V. Belmonte <jvb@prairienet.org> Tue, 15 Jul 2003 21:23:11 -0400
+
+xmlsec1 (1.0.3-1) unstable; urgency=low
+
+ * New upstream release (Closes: #194270)
+ * change source name for xmlsec1 series
+ * change dev package section to libdevel
+
+ -- John V. Belmonte <jvb@prairienet.org> Tue, 17 Jun 2003 23:19:17 -0400
+
+xmlsec (0.0.14-1) unstable; urgency=low
+
+ * New upstream release
+ * upgrade to Debian standards 3.5.9
+
+ -- John V. Belmonte <jvb@prairienet.org> Fri, 28 Mar 2003 14:21:10 -0500
+
+xmlsec (0.0.12-1) unstable; urgency=low
+
+ * Initial Release (Closes: #152605)
+
+ -- John V. Belmonte <jvb@prairienet.org> Tue, 11 Feb 2003 14:58:00 -0500
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..b4de394
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+11
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..edf4a53
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,149 @@
+Source: xmlsec1
+Section: text
+Priority: optional
+Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
+Uploaders:
+ John V. Belmonte <jbelmonte@debian.org>,
+ Rene Engelhard <rene@debian.org>,
+Build-Depends:
+ chrpath,
+ debhelper (>= 11),
+ help2man,
+ libgcrypt20-dev,
+ libgnutls28-dev,
+ libnss3-dev,
+ libssl-dev (>= 1.0.0),
+ libxml2-dev (>= 2.8.0),
+ libxslt1-dev (>= 1.0.20),
+ pkg-config,
+Build-Depends-Indep:
+ gtk-doc-tools,
+ man2html-base,
+ xsltproc,
+Standards-Version: 4.1.4
+Homepage: https://www.aleksey.com/xmlsec/
+Vcs-Browser: https://salsa.debian.org/xml-sgml-team/xmlsec1
+Vcs-Git: https://salsa.debian.org/xml-sgml-team/xmlsec1.git
+
+Package: libxmlsec1-dev
+Section: libdevel
+Architecture: any
+Depends:
+ libc6-dev,
+ libgcrypt20-dev,
+ libgnutls28-dev,
+ libnss3-dev,
+ libssl-dev (>= 1.0.0),
+ libxml2-dev (>= 2.8.0),
+ libxmlsec1 (= ${binary:Version}),
+ libxmlsec1-gcrypt (= ${binary:Version}),
+ libxmlsec1-gnutls (= ${binary:Version}),
+ libxmlsec1-nss (= ${binary:Version}),
+ libxmlsec1-openssl (= ${binary:Version}),
+ libxslt1-dev (>= 1.0.20),
+ ${misc:Depends},
+Description: Development files for the XML security library
+ The XML Security Library is a C library that implements these XML standards:
+ .
+ * XML Signature
+ * XML Encryption
+ .
+ This package provides development files including documentation, examples,
+ headers, static libraries, and configuration support.
+
+Package: libxmlsec1
+Section: libs
+Architecture: any
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Multi-Arch: same
+Breaks: libreoffice-core (<< 1:6.0.5~rc2~)
+Description: XML security library
+ The XML Security Library implements standards related to secure handling
+ of XML data.
+ .
+ This package provides dynamic libraries for use by applications.
+ Specifically, it provides all XML security library functionality
+ except for the cryptography engine.
+
+Package: libxmlsec1-openssl
+Section: libs
+Architecture: any
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Multi-Arch: same
+Description: Openssl engine for the XML security library
+ The XML Security Library implements standards related to secure handling
+ of XML data.
+ .
+ This package provides dynamic libraries for use by applications.
+ Specifically, it provides the openssl implementation of the XML security
+ library cryptography functions.
+
+Package: libxmlsec1-gnutls
+Section: libs
+Architecture: any
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Multi-Arch: same
+Description: Gnutls engine for the XML security library
+ The XML Security Library implements standards related to secure handling
+ of XML data.
+ .
+ This package provides dynamic libraries for use by applications.
+ Specifically, it provides the gnutls implementation of the XML security
+ library cryptography functions.
+
+Package: libxmlsec1-nss
+Section: libs
+Architecture: any
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Multi-Arch: same
+Description: Nss engine for the XML security library
+ The XML Security Library implements standards related to secure handling
+ of XML data.
+ .
+ This package provides dynamic libraries for use by applications.
+ Specifically, it provides the nss implementation of the XML security
+ library cryptography functions.
+
+Package: libxmlsec1-gcrypt
+Section: libs
+Architecture: any
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Multi-Arch: same
+Description: Gcrypt engine for the XML security library
+ The XML Security Library implements standards related to secure handling
+ of XML data.
+ .
+ This package provides dynamic libraries for use by applications.
+ Specifically, it provides the gcrypt implementation of the XML security
+ library cryptography functions.
+
+Package: xmlsec1
+Architecture: any
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: XML security command line processor
+ Xmlsec is a command line tool for signature and encryption transformations
+ of XML data. It is part of the XML Security Library.
+
+Package: libxmlsec1-doc
+Architecture: all
+Depends: ${misc:Depends}
+Replaces: libxmlsec1-dev (<< 1.2.26-2)
+Breaks: libxmlsec1-dev (<< 1.2.26-2)
+Description: XML security library -- documentation
+ The XML Security Library implements standards related to secure handling
+ of XML data.
+ .
+ This package contains the documentation for xmlsec1. E.g. the API docs.
+
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..3113e47
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,29 @@
+This package was debianized by John V. Belmonte <jbelmonte@debian.org> on
+Tue, 11 Feb 2003 14:58:00 -0500.
+
+It was downloaded from ftp://ftp.aleksey.com/pub/xmlsec/releases/
+
+Upstream Author: Aleksey Sanin <aleksey@aleksey.com>
+
+Copyright (C) 2002 Aleksey Sanin. All Rights Reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is fur-
+nished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FIT-
+NESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+DANIEL VEILLARD BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CON-
+NECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of Aleksey Sanin shall not
+be used in advertising or otherwise to promote the sale, use or other deal-
+ings in this Software without prior written authorization from him.
diff --git a/debian/libxmlsec1-dev.install b/debian/libxmlsec1-dev.install
new file mode 100644
index 0000000..ab74013
--- /dev/null
+++ b/debian/libxmlsec1-dev.install
@@ -0,0 +1,6 @@
+usr/bin/xmlsec1-config
+usr/include/*
+usr/lib/*/lib*.a
+usr/lib/*/lib*.la
+usr/lib/*/lib*.so
+usr/lib/*/pkgconfig/*
diff --git a/debian/libxmlsec1-dev.manpages b/debian/libxmlsec1-dev.manpages
new file mode 100644
index 0000000..9dbb1c7
--- /dev/null
+++ b/debian/libxmlsec1-dev.manpages
@@ -0,0 +1 @@
+man/xmlsec1-config.1
diff --git a/debian/libxmlsec1-doc.install b/debian/libxmlsec1-doc.install
new file mode 100644
index 0000000..9f5d84a
--- /dev/null
+++ b/debian/libxmlsec1-doc.install
@@ -0,0 +1 @@
+usr/share/doc/libxmlsec1-dev/html/api
diff --git a/debian/libxmlsec1-doc.links b/debian/libxmlsec1-doc.links
new file mode 100644
index 0000000..9e1a64d
--- /dev/null
+++ b/debian/libxmlsec1-doc.links
@@ -0,0 +1 @@
+usr/share/doc/libxmlsec1-dev/html usr/share/doc/libxmlsec1-doc/html
diff --git a/debian/libxmlsec1-gcrypt.install b/debian/libxmlsec1-gcrypt.install
new file mode 100644
index 0000000..ad9ea41
--- /dev/null
+++ b/debian/libxmlsec1-gcrypt.install
@@ -0,0 +1 @@
+usr/lib/*/libxmlsec1-gcrypt.so.*
diff --git a/debian/libxmlsec1-gcrypt.lintian-overrides b/debian/libxmlsec1-gcrypt.lintian-overrides
new file mode 100644
index 0000000..d54cfec
--- /dev/null
+++ b/debian/libxmlsec1-gcrypt.lintian-overrides
@@ -0,0 +1,2 @@
+# upstream promised to change package name whenever bumping the soname
+package-name-doesnt-match-sonames libxmlsec1-gcrypt1
diff --git a/debian/libxmlsec1-gnutls.install b/debian/libxmlsec1-gnutls.install
new file mode 100644
index 0000000..f5dfd95
--- /dev/null
+++ b/debian/libxmlsec1-gnutls.install
@@ -0,0 +1 @@
+usr/lib/*/libxmlsec1-gnutls.so.*
diff --git a/debian/libxmlsec1-gnutls.lintian-overrides b/debian/libxmlsec1-gnutls.lintian-overrides
new file mode 100644
index 0000000..564b39a
--- /dev/null
+++ b/debian/libxmlsec1-gnutls.lintian-overrides
@@ -0,0 +1,2 @@
+# upstream promised to change package name whenever bumping the soname
+package-name-doesnt-match-sonames libxmlsec1-gnutls1
diff --git a/debian/libxmlsec1-nss.install b/debian/libxmlsec1-nss.install
new file mode 100644
index 0000000..10cbca9
--- /dev/null
+++ b/debian/libxmlsec1-nss.install
@@ -0,0 +1 @@
+usr/lib/*/libxmlsec1-nss.so.*
diff --git a/debian/libxmlsec1-nss.lintian-overrides b/debian/libxmlsec1-nss.lintian-overrides
new file mode 100644
index 0000000..6508922
--- /dev/null
+++ b/debian/libxmlsec1-nss.lintian-overrides
@@ -0,0 +1,2 @@
+# upstream promised to change package name whenever bumping the soname
+package-name-doesnt-match-sonames libxmlsec1-nss1
diff --git a/debian/libxmlsec1-openssl.install b/debian/libxmlsec1-openssl.install
new file mode 100644
index 0000000..6d5eaed
--- /dev/null
+++ b/debian/libxmlsec1-openssl.install
@@ -0,0 +1 @@
+usr/lib/*/libxmlsec1-openssl.so.*
diff --git a/debian/libxmlsec1-openssl.lintian-overrides b/debian/libxmlsec1-openssl.lintian-overrides
new file mode 100644
index 0000000..aa3db2d
--- /dev/null
+++ b/debian/libxmlsec1-openssl.lintian-overrides
@@ -0,0 +1,2 @@
+# upstream promised to change package name whenever bumping the soname
+package-name-doesnt-match-sonames libxmlsec1-openssl1
diff --git a/debian/libxmlsec1.install b/debian/libxmlsec1.install
new file mode 100644
index 0000000..2c0694e
--- /dev/null
+++ b/debian/libxmlsec1.install
@@ -0,0 +1 @@
+usr/lib/*/libxmlsec1.so.*
diff --git a/debian/libxmlsec1.lintian-overrides b/debian/libxmlsec1.lintian-overrides
new file mode 100644
index 0000000..e92ba96
--- /dev/null
+++ b/debian/libxmlsec1.lintian-overrides
@@ -0,0 +1,2 @@
+# upstream promised to change package name whenever bumping the soname
+package-name-doesnt-match-sonames libxmlsec1-1
diff --git a/debian/patches/no-url-map-using-tests.diff b/debian/patches/no-url-map-using-tests.diff
new file mode 100644
index 0000000..6433a79
--- /dev/null
+++ b/debian/patches/no-url-map-using-tests.diff
@@ -0,0 +1,346 @@
+diff --git a/tests/testDSig.sh b/tests/testDSig.sh
+index dd7db69..26b82ec 100755
+--- a/tests/testDSig.sh
++++ b/tests/testDSig.sh
+@@ -124,15 +124,6 @@ execDSigTest $res_success \
+ # aleksey-xmldsig-01
+ #
+ ##########################################################################
+-execDSigTest $res_success \
+- "" \
+- "aleksey-xmldsig-01/signature-two-keynames" \
+- "sha1 rsa-sha1" \
+- "rsa x509" \
+- "$priv_key_option:key2 $topfolder/keys/rsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2018" \
+- "$priv_key_option:key2 $topfolder/keys/rsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2018" \
+- "$priv_key_option:key2 $topfolder/keys/rsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2018"
+-
+ execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-dsa-x509chain" \
+@@ -534,143 +525,6 @@ execDSigTest $res_success \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret123" \
+ " "
+
+-execDSigTest $res_success \
+- "" \
+- "merlin-xmldsig-twenty-three/signature-external-b64-dsa" \
+- "base64 sha1 dsa-sha1" \
+- "dsa" \
+- " $url_map_xml_stylesheet_b64_2005" \
+- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_b64_2005" \
+- " $url_map_xml_stylesheet_b64_2005"
+-
+-execDSigTest $res_success \
+- "" \
+- "merlin-xmldsig-twenty-three/signature-external-dsa" \
+- "sha1 dsa-sha1" \
+- "dsa" \
+- "$url_map_xml_stylesheet_2005" \
+- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005" \
+- " $url_map_xml_stylesheet_2005"
+-
+-execDSigTest $res_success \
+- "" \
+- "merlin-xmldsig-twenty-three/signature-keyname" \
+- "sha1 dsa-sha1" \
+- "dsa x509" \
+- "--pubkey-cert-$cert_format:Lugh $topfolder/merlin-xmldsig-twenty-three/certs/lugh-cert.$cert_format $url_map_xml_stylesheet_2005" \
+- "$priv_key_option:test-dsa $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005" \
+- "$priv_key_option:test-dsa $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005"
+-
+-execDSigTest $res_success \
+- "" \
+- "merlin-xmldsig-twenty-three/signature-x509-crt" \
+- "sha1 dsa-sha1" \
+- "dsa x509" \
+- "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --verification-time 2005-01-01+10:00:00 $url_map_xml_stylesheet_2005" \
+- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005"\
+- "--trusted-$cert_format $topfolder/keys/cacert.$cert_format $url_map_xml_stylesheet_2005"
+-
+-execDSigTest $res_success \
+- "" \
+- "merlin-xmldsig-twenty-three/signature-x509-sn" \
+- "sha1 dsa-sha1" \
+- "dsa x509" \
+- "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/badb.$cert_format --verification-time 2005-01-01+10:00:00 $url_map_xml_stylesheet_2005" \
+- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005"\
+- "--trusted-$cert_format $topfolder/keys/cacert.$cert_format $url_map_xml_stylesheet_2005"
+-
+-execDSigTest $res_success \
+- "" \
+- "merlin-xmldsig-twenty-three/signature-x509-is" \
+- "sha1 dsa-sha1" \
+- "dsa x509" \
+- "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/macha.$cert_format --verification-time 2005-01-01+10:00:00 $url_map_xml_stylesheet_2005" \
+- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005"\
+- "--trusted-$cert_format $topfolder/keys/cacert.$cert_format $url_map_xml_stylesheet_2005"
+-
+-execDSigTest $res_success \
+- "" \
+- "merlin-xmldsig-twenty-three/signature-x509-ski" \
+- "sha1 dsa-sha1" \
+- "dsa x509" \
+- "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/nemain.$cert_format --verification-time 2005-01-01+10:00:00 $url_map_xml_stylesheet_2005" \
+- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005"\
+- "--trusted-$cert_format $topfolder/keys/cacert.$cert_format $url_map_xml_stylesheet_2005"
+-
+-execDSigTest $res_success \
+- "" \
+- "merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt" \
+- "sha1 dsa-sha1" \
+- "dsa x509" \
+- "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/nemain.$cert_format --verification-time 2005-01-01+10:00:00 $url_map_xml_stylesheet_2005" \
+- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005"\
+- "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --trusted-$cert_format $topfolder/keys/ca2cert.$cert_format $url_map_xml_stylesheet_2005"
+-
+-execDSigTest $res_success \
+- "" \
+- "merlin-xmldsig-twenty-three/signature" \
+- "base64 xpath xslt enveloped-signature c14n-with-comments sha1 dsa-sha1" \
+- "dsa x509" \
+- "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/merlin.$cert_format --verification-time 2005-01-01+10:00:00 $url_map_xml_stylesheet_2005 $url_map_xml_stylesheet_b64_2005" \
+- "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005 $url_map_xml_stylesheet_b64_2005" \
+- "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format $url_map_xml_stylesheet_2005 $url_map_xml_stylesheet_b64_2005"
+-
+-
+-##########################################################################
+-#
+-# merlin-xmlenc-five
+-#
+-# While the main operation is signature (and this is why we have these
+-# tests here instead of testEnc.sh), these tests check the encryption
+-# key transport/wrapper algorightms
+-#
+-##########################################################################
+-execDSigTest $res_success \
+- "" \
+- "merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes" \
+- "ripemd160 hmac-ripemd160 kw-tripledes" \
+- "hmac des" \
+- "--keys-file $topfolder/merlin-xmlenc-five/keys.xml $url_map_xml_stylesheet_2005" \
+- "--session-key hmac-192 --keys-file $topfolder/merlin-xmlenc-five/keys.xml $url_map_xml_stylesheet_2005" \
+- "--keys-file $topfolder/merlin-xmlenc-five/keys.xml $url_map_xml_stylesheet_2005"
+-
+-execDSigTest $res_success \
+- "" \
+- "merlin-xmlenc-five/encsig-sha256-hmac-sha256-kw-aes128" \
+- "sha256 hmac-sha256 kw-aes128" \
+- "hmac aes" \
+- "--keys-file $topfolder/merlin-xmlenc-five/keys.xml $url_map_xml_stylesheet_2005"
+-
+-execDSigTest $res_success \
+- "" \
+- "merlin-xmlenc-five/encsig-sha384-hmac-sha384-kw-aes192" \
+- "sha384 hmac-sha384 kw-aes192" \
+- "hmac aes" \
+- "--keys-file $topfolder/merlin-xmlenc-five/keys.xml $url_map_xml_stylesheet_2005"
+-
+-execDSigTest $res_success \
+- "" \
+- "merlin-xmlenc-five/encsig-sha512-hmac-sha512-kw-aes256" \
+- "sha512 hmac-sha512 kw-aes256" \
+- "hmac aes" \
+- "--keys-file $topfolder/merlin-xmlenc-five/keys.xml $url_map_xml_stylesheet_2005"
+-
+-execDSigTest $res_success \
+- "" \
+- "merlin-xmlenc-five/encsig-hmac-sha256-rsa-1_5" \
+- "sha1 hmac-sha256 rsa-1_5" \
+- "hmac rsa" \
+- "$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret $url_map_xml_stylesheet_2005"
+-
+-execDSigTest $res_success \
+- "" \
+- "merlin-xmlenc-five/encsig-hmac-sha256-rsa-oaep-mgf1p" \
+- "sha1 hmac-sha256 rsa-oaep-mgf1p" \
+- "hmac rsa" \
+- "$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret $url_map_xml_stylesheet_2005"
+-
+-
+-
+ ##########################################################################
+ #
+ # merlin-exc-c14n-one
+@@ -730,20 +584,6 @@ execDSigTest $res_success \
+ #
+ ##########################################################################
+
+-execDSigTest $res_success \
+- "phaos-xmldsig-three" \
+- "signature-big" \
+- "base64 xslt xpath sha1 rsa-sha1" \
+- "rsa x509" \
+- "--pubkey-cert-$cert_format certs/rsa-cert.$cert_format $url_map_rfc3161"
+-
+-execDSigTest $res_success \
+- "phaos-xmldsig-three" \
+- "signature-dsa-detached" \
+- "sha1 dsa-sha1" \
+- "dsa x509" \
+- "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+-
+ execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-dsa-enveloped" \
+@@ -758,13 +598,6 @@ execDSigTest $res_success \
+ "dsa x509" \
+ "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00"
+
+-execDSigTest $res_success \
+- "phaos-xmldsig-three" \
+- "signature-dsa-manifest" \
+- "sha1 dsa-sha1" \
+- "dsa x509" \
+- "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+-
+ execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-hmac-md5-c14n-enveloping" \
+@@ -772,27 +605,6 @@ execDSigTest $res_success \
+ "hmac" \
+ "--hmackey certs/hmackey.bin"
+
+-execDSigTest $res_success \
+- "phaos-xmldsig-three" \
+- "signature-hmac-sha1-40-c14n-comments-detached" \
+- "c14n-with-comments sha1 hmac-sha1" \
+- "hmac" \
+- "--hmackey certs/hmackey.bin $url_map_rfc3161"
+-
+-execDSigTest $res_success \
+- "phaos-xmldsig-three" \
+- "signature-hmac-sha1-40-exclusive-c14n-comments-detached" \
+- "exc-c14n-with-comments sha1 hmac-sha1" \
+- "hmac" \
+- "--hmackey certs/hmackey.bin $url_map_rfc3161"
+-
+-execDSigTest $res_success \
+- "phaos-xmldsig-three" \
+- "signature-hmac-sha1-exclusive-c14n-comments-detached" \
+- "exc-c14n-with-comments sha1 hmac-sha1" \
+- "hmac" \
+- "--hmackey certs/hmackey.bin $url_map_rfc3161"
+-
+ execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-hmac-sha1-exclusive-c14n-enveloped" \
+@@ -800,41 +612,6 @@ execDSigTest $res_success \
+ "hmac" \
+ "--hmackey certs/hmackey.bin"
+
+-execDSigTest $res_success \
+- "phaos-xmldsig-three" \
+- "signature-rsa-detached-b64-transform" \
+- "base64 sha1 rsa-sha1" \
+- "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+-
+-execDSigTest $res_success \
+- "phaos-xmldsig-three" \
+- "signature-rsa-detached" \
+- "sha1 rsa-sha1" \
+- "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+-
+-execDSigTest $res_success \
+- "phaos-xmldsig-three" \
+- "signature-rsa-detached-xpath-transform" \
+- "xpath sha1 rsa-sha1" \
+- "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+-
+-execDSigTest $res_success \
+- "phaos-xmldsig-three" \
+- "signature-rsa-detached-xslt-transform-retrieval-method" \
+- "xslt sha1 rsa-sha1" \
+- "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+-
+-execDSigTest $res_success \
+- "phaos-xmldsig-three" \
+- "signature-rsa-detached-xslt-transform" \
+- "xslt sha1 rsa-sha1" \
+- "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+-
+ execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-enveloped" \
+@@ -849,48 +626,6 @@ execDSigTest $res_success \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00"
+
+-execDSigTest $res_success \
+- "phaos-xmldsig-three" \
+- "signature-rsa-manifest-x509-data-cert-chain" \
+- "sha1 rsa-sha1" \
+- "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+-
+-execDSigTest $res_success \
+- "phaos-xmldsig-three" \
+- "signature-rsa-manifest-x509-data-cert" \
+- "sha1 rsa-sha1" \
+- "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+-
+-execDSigTest $res_success \
+- "phaos-xmldsig-three" \
+- "signature-rsa-manifest-x509-data-issuer-serial" \
+- "sha1 rsa-sha1" \
+- "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+-
+-execDSigTest $res_success \
+- "phaos-xmldsig-three" \
+- "signature-rsa-manifest-x509-data-ski" \
+- "sha1 rsa-sha1" \
+- "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+-
+-execDSigTest $res_success \
+- "phaos-xmldsig-three" \
+- "signature-rsa-manifest-x509-data-subject-name" \
+- "sha1 rsa-sha1" \
+- "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+-
+-execDSigTest $res_success \
+- "phaos-xmldsig-three" \
+- "signature-rsa-manifest" \
+- "sha1 rsa-sha1" \
+- "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+-
+ execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-xpath-transform-enveloped" \
+@@ -935,13 +670,6 @@ execDSigTest $res_success \
+ ##########################################################################
+ ##########################################################################
+ echo "--------- Negative Testing ----------"
+-execDSigTest $res_fail \
+- "" \
+- "merlin-xmldsig-twenty-three/signature-x509-crt-crl" \
+- "sha1 rsa-sha1" \
+- "rsa x509" \
+- "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format $url_map_xml_stylesheet_2018"
+-
+ execDSigTest $res_fail \
+ "" \
+ "aleksey-xmldsig-01/enveloping-expired-cert" \
+@@ -956,13 +684,6 @@ execDSigTest $res_fail \
+ "hmac" \
+ "--enabled-reference-uris empty --hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd"
+
+-execDSigTest $res_fail \
+- "phaos-xmldsig-three" \
+- "signature-rsa-detached-xslt-transform-bad-retrieval-method" \
+- "xslt sha1 rsa-sha1" \
+- "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format $url_map_rfc3161"
+-
+ execDSigTest $res_fail \
+ "phaos-xmldsig-three" \
+ "signature-rsa-enveloped-bad-digest-val" \
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..da100cd
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,2 @@
+skip-failing-tests.patch
+no-url-map-using-tests.diff
diff --git a/debian/patches/skip-failing-tests.patch b/debian/patches/skip-failing-tests.patch
new file mode 100644
index 0000000..0d2be68
--- /dev/null
+++ b/debian/patches/skip-failing-tests.patch
@@ -0,0 +1,33 @@
+Description: Skip failing tests due to disabled lib plugins
+ Some tests require of dynamic loading of crypto libraries
+ in xmlsec1 apps - we disable this in the build, so only test
+ with the default openssl lib.
+Author: James Page <james.page@ubuntu.com>
+Forwarded: not-needed
+
+diff --git a/tests/testDSig.sh b/tests/testDSig.sh
+index 5ef44a4..c90f4dd 100755
+--- a/tests/testDSig.sh
++++ b/tests/testDSig.sh
+@@ -842,7 +842,7 @@ execDSigTest $res_success \
+ # test dynamic signature
+ #
+ ##########################################################################
+-if [ -n "$XMLSEC_TEST_NAME" -a "$XMLSEC_TEST_NAME" = "dsig-dynamic" ]; then
++if [ -n "$XMLSEC_TEST_NAME" -a "$XMLSEC_TEST_NAME" = "dsig-dynamic" -a "$crypto" = 'openssl' ]; then
+ echo "Dynamic signature template"
+ printf " Create new signature "
+ echo "$VALGRIND $xmlsec_app sign-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile" >> $logfile
+diff --git a/tests/testEnc.sh b/tests/testEnc.sh
+index 9970e33..f9ab2da 100755
+--- a/tests/testEnc.sh
++++ b/tests/testEnc.sh
+@@ -366,7 +366,7 @@ execEncTest $res_success \
+ # test dynamicencryption
+ #
+ ##########################################################################
+-if [ -n "$XMLSEC_TEST_NAME" -a "$XMLSEC_TEST_NAME" = "enc-dynamic" ]; then
++if [ -n "$XMLSEC_TEST_NAME" -a "$XMLSEC_TEST_NAME" = "enc-dynamic" -a $crypto = 'openssl']; then
+ echo "Dynamic encryption template"
+ printf " Encrypt template "
+ echo "$VALGRIND $xmlsec_app encrypt-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile" >> $logfile
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..9f93221
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,44 @@
+#!/usr/bin/make -f
+
+export OFFLINE=1
+
+%:
+ dh $@
+
+override_dh_clean:
+ dh_clean config.log config.cache config.status
+ if [ -d docs.bak ]; then rm -rf docs; mv docs.bak docs; fi
+
+override_dh_auto_configure:
+ if [ ! -d docs.bak ]; then cp -ra docs docs.bak; fi
+ dh_auto_configure -- \
+ --with-html-dir=\$${prefix}/share/doc/libxmlsec1-dev/html \
+ --disable-crypto-dl \
+ --disable-apps-crypto-dl \
+ --enable-soap
+
+override_dh_auto_test:
+ifeq (,$(findstring nocheck, $(DEB_BUILD_OPTIONS)))
+ $(MAKE) check | tee /tmp/tests.log
+ grep -q Fail /tmp/tests.log && (echo "Failures executing unit tests, exiting build"; exit 1) \
+ || echo "Unit tests completed successfully"
+endif
+
+ touch build-stamp
+
+override_dh_install:
+ find debian/tmp/usr/lib -name "*.la" -exec \
+ sed -i -e "s,^dependency_libs=.*,dependency_libs=''," {} +
+ dh_install
+
+override_dh_installexamples:
+ dh_installexamples examples/*
+
+override_dh_installdocs:
+ dh_installdocs -X.sgml --all README debian/README.Debian
+
+override_dh_compress:
+ dh_compress -Xexamples/
+
+override_dh_makeshlibs:
+ dh_makeshlibs -V
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..a7a374c
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,3 @@
+version=2
+https://www.aleksey.com/xmlsec/download/xmlsec1-([\d\.]+)\.tar\.gz \
+ debian uupdate
diff --git a/debian/xmlsec1.install b/debian/xmlsec1.install
new file mode 100644
index 0000000..cfe97f6
--- /dev/null
+++ b/debian/xmlsec1.install
@@ -0,0 +1 @@
+usr/bin/xmlsec1
diff --git a/debian/xmlsec1.manpages b/debian/xmlsec1.manpages
new file mode 100644
index 0000000..5f08ccc
--- /dev/null
+++ b/debian/xmlsec1.manpages
@@ -0,0 +1 @@
+man/xmlsec1.1