[jira] [Commented] (XERCESC-2257) symbol not found in flat namespace (_xercesc_messages_3_2_dat)

[Boris Kolpackov (Jira)]

    [ 
https://issues.apache.org/jira/browse/XERCESC-2257?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17898834#comment-17898834
 ] 

Boris Kolpackov commented on XERCESC-2257:
------------------------------------------

> If you honestly think there are not a significant nunber of unfound issues at 
> this point

I am 100% certain there are. But so is the case with most C/C++ code bases, 
actively or not actively maintained. Again, take Expat as an example: every 
release it fixes some CVEs. I think that's a pretty strong evidence that in the 
future releases there will be more "unfound issues". It does not matter whether 
the "code base seeing analysis and getting attention", you are pretty much 
guaranteed Expat is vulnerable at any given point in time.

> Do I think it's safe for much of anything? No, I don't.

I asked you a specific question and you give a wishy-washy answer like this? 
There is a large number of applications that use Xerces-C++ only for parsing 
trusted input. What is the safety implication of this?

> All my statements are in all cases my own, and I will make that clear in the 
> future.

Thank you, that would be appreciated. Also please let me know when you wish to 
stop being a release manager so that we have some transition period for me to 
take over.

> symbol not found in flat namespace (_xercesc_messages_3_2_dat)
> --------------------------------------------------------------
>
>                 Key: XERCESC-2257
>                 URL: https://issues.apache.org/jira/browse/XERCESC-2257
>             Project: Xerces-C++
>          Issue Type: Bug
>    Affects Versions: 3.3.0
>            Reporter: Ryan Carsten Schmidt
>            Priority: Major
>
> Software linking with libxerces-c-3.3.dylib fails to work:
>  
> {noformat}
> dyld[5155]: symbol not found in flat namespace (_xercesc_messages_3_2_dat)
> {noformat}
>  
> This was reported to MacPorts here: [https://trac.macports.org/ticket/71304]
> This is a regression; 3.2.4 didn't have this problem.
> Surely for version 3.3.x on these lines {{3_2}} should be changed to 
> {{{}3_3{}}}?
> [https://github.com/apache/xerces-c/blob/v3.3.0/src/xercesc/util/MsgLoaders/ICU/ICUMsgLoader.cpp#L54-L55]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org