Re: Regarding in-memory validation using Xerces C 2.8

2011-10-16 Thread Cantor, Scott
On 10/16/11 6:45 AM, neetha patil neethapa...@gmail.com wrote: Does Xerces C 2.8 support this method? If so can u please brief it out? What method? The API docs are public, and the samples in the project already show parsing in various contexts. -- Scott

Re: Introduction to icXML

2012-09-04 Thread Cantor, Scott
On 9/1/12 11:51 AM, Rob Cameron r...@international-characters.com wrote: On thing that is not quite clear to me, though, is the best organization for keeping our code in a common framework with existing Xerces code.We presently have some source subdirectories for our own newly created files,

Re: Xerces-C / Patch Release Request

2013-04-10 Thread Cantor, Scott
On 4/10/13 10:46 AM, Boris Kolpackov bo...@codesynthesis.com wrote: I was hoping to find time and make a release around June or July. It would also be a good idea to spend some time and try to fix some new bugs that have been uncovered since the 3.1.0 release. Not sure if you would like to wait

Re: Xerces-C / Patch Release Request

2013-04-11 Thread Cantor, Scott
On 4/11/13 5:03 AM, Boris Kolpackov bo...@codesynthesis.com wrote: I would suggest as a way of perhaps reducing time commitment than actually producing binaries for other than Windows is not a great use of time. Yes, I was also thinking along those lines, especially for platforms like HPUX,

Re: Xerces-C / Patch Release Request

2013-04-11 Thread Cantor, Scott
On 4/11/13 12:35 PM, shath...@e-z.net shath...@e-z.net wrote: Besides windows builds with VS 2003, 2005, 2008, 2010, 2012 - I also perform builds on FreeBSD, PCBSD, and GNU Linux. I DO NOT build packages for Debian and RedHat package managers. I DO build debug and release builds of Xerces-C from

Re: Xerces-C / Patch Release Request

2013-04-11 Thread Cantor, Scott
On 4/11/13 12:59 PM, shath...@e-z.net shath...@e-z.net wrote: I can check with Debian and Ubuntu integration teams to see what support there is to create (.deb) packages for their distributions. I can't speak for Ubuntu, but there are official shibboleth packages for Debian (that I don't

Re: building xerces-C++ in Linux

2013-11-11 Thread Cantor, Scott
On 11/11/13, 9:20 PM, Shazni Nazeer mshazninaz...@yahoo.com wrote: I'm new to Apache as well as to xerces. I took an SVN checkout of the trunk directory into my Ubuntu as well as to a Windows machine. You should use the distribution provided on the web site, not a checkout. I could

Re: Next release (was RE: [jira] [Resolved] (XERCESC-2043))

2015-02-17 Thread Cantor, Scott
On 2/17/15, 3:01 PM, Boris Kolpackov bo...@codesynthesis.com wrote: See it from my POV: I have a ton of users that are pretty happy with 3.1.1. Now comes Scott and wants to cut a half-tested release just to satisfy his immediate needs. Once you do this I will start getting emails from my users

Re: Next release (was RE: [jira] [Resolved] (XERCESC-2043))

2015-02-17 Thread Cantor, Scott
On 2/17/15, 4:00 PM, Boris Kolpackov bo...@codesynthesis.com wrote: As far as docs go, I obviously need specifics. You will have to go through the website docs and figure what needs updating. If something specific is unclear, ask and I will try to help. But don't expect me to provide a

Re: Next release (was RE: [jira] [Resolved] (XERCESC-2043))

2015-02-17 Thread Cantor, Scott
On 2/17/15, 4:41 PM, Cantor, Scott canto...@osu.edu wrote: Is this the document mentioned earlier? http://svn.apache.org/viewvc/xerces/c/admin/release-procedure.txt If you could at least skim it for any errors, that would be a big help. Never mind, I missed the note at the top, from you

Re: Next release (was RE: [jira] [Resolved] (XERCESC-2043))

2015-02-17 Thread Cantor, Scott
On 2/17/15, 9:01 AM, Boris Kolpackov bo...@codesynthesis.com wrote: What about other platforms?! If this class is defined in a public header (i.e., a header that is installed) and the function is virtual, then this is an ABI change. It's a struct, in an impl/ header marked as do not use, and the

Re: Next release (was RE: [jira] [Resolved] (XERCESC-2043))

2015-02-17 Thread Cantor, Scott
On 2/17/15, 9:10 AM, Boris Kolpackov bo...@codesynthesis.com wrote: I've reviewed all the resolved issues against the trunk, and backported 15-20 or so to the branch. Once I have access I'll commit. Before you do this have someone review your back-ports to double check there are no ABI

Re: Next release (was RE: [jira] [Resolved] (XERCESC-2043))

2015-02-17 Thread Cantor, Scott
On 2/17/15, 9:07 AM, Boris Kolpackov bo...@codesynthesis.com wrote: I definitely don't have the cycles for a beta and it wouldn't fit my timeline anway. Then you shouldn't be making the release. No, I shouldn't, but I didn't see any real alternative either. If somebody else is going to, I

Re: Next release (was RE: [jira] [Resolved] (XERCESC-2043))

2015-02-16 Thread Cantor, Scott
On 2/16/15, 2:51 PM, Cantor, Scott canto...@osu.edu wrote: The fix on trunk changes the ABI by adding a length field to the string pool entries. I probably can come up with one that doesn't by just doing the length checking, at the cost of some efficiency. Correction, it's not an ABI change

Re: Next release (was RE: [jira] [Resolved] (XERCESC-2043))

2015-02-16 Thread Cantor, Scott
I've reviewed all the resolved issues against the trunk, and backported 15-20 or so to the branch. Once I have access I'll commit. I don't have access to Jira either of course. I watched everything I backported for now, I can at least note it in a comment, but I can't alter the fix versions

Re: Next release (was RE: [jira] [Resolved] (XERCESC-2043))

2015-02-16 Thread Cantor, Scott
On 2/16/15, 11:52 AM, Boris Kolpackov bo...@codesynthesis.com wrote: Unless you are prepared to do a good amount of testing (I can help somewhat but you will have to take the lead, e.g., package a beta, announce it, etc, etc), I would strongly suggest that you do the bug-fix release (i.e.,

Next release (was RE: [jira] [Resolved] (XERCESC-2043))

2015-02-13 Thread Cantor, Scott
We need a 3.1.2 release very badly. I'm willing to contribute heavily to that process. Correcting myself, I see that the fix I need was applied to trunk and is part of, I guess, what would be 3.2, not 3.1.2. I'm not sure if either branch is active at this point, but if not, I probably have

RE: Next release (was RE: [jira] [Resolved] (XERCESC-2043))

2015-02-15 Thread Cantor, Scott
Its not very active these days. I don't think we have an official policy on Committers from other areas having access. I think it would be great so will grant you access if no one objects over the weekend. I'll stand by. FWIW, I've done very little testing of trunk other than building it, so

Final Xerces-C 3.1.2 RC posted

2015-03-18 Thread Cantor, Scott
A hopefully-final distribution set is now posted [1]. No code changes have occurred since the second beta posting last week, but various distribution tweaks and changes to the doc/ content for generation of the web site have been made. I believe this is now ready for the PMC to conduct a vote

Re: [VOTE] release of 3.1.2

2015-03-18 Thread Cantor, Scott
My committer's +1 -- Scott On 3/18/15, 11:28 AM, Gareth Reakes gar...@reakes.com wrote: Hey guys, Here is my +1.

Re: Final Xerces-C 3.1.2 RC posted

2015-03-18 Thread Cantor, Scott
On 3/18/15, 4:30 PM, Denis Excoffier xer...@denis-excoffier.org wrote: When i compare the first RC and the second RC (current), i observe some improvement in the doc/ and samples/ folders, but also that - config.guess has timestamp='2013-05-16' (RC2) instead of timestamp='2014-11-04' (RC1) -

Are we ready to vote on the 3.1.2 release?

2015-03-16 Thread Cantor, Scott
I haven't seen any concerns, so are we ready to vote on this? -- Scott

Xerces-C Security Advisory [CVE-2015-0252]

2015-03-19 Thread Cantor, Scott
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 CVE-2015-0252: Apache Xerces-C XML Parser Crashes on Malformed Input Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Xerces-C XML Parser library versions prior to V3.1.2 Description: The Xerces-C XML parser

RE: [VOTE] release of 3.1.2

2015-03-19 Thread Cantor, Scott
Thanks again Scott. Ok, unfortunately I'm deep into the bowels of my software release at the moment, and OpenSSL just screwed me royally by adding to the 1.0.2 ABI in 1.0.2a, so that's costing me a nice chunk of today. I may get to the release late afternoon or tonight, hopefully, and if not

Status of cleanup after release

2015-03-20 Thread Cantor, Scott
I believe I've corrected the few bugs I noticed with the web site, and all of the web site content is now checked into the branch, including the security advisory. A blocker task is recorded noting that a trunk release should copy that content over as part of prepping it. I have added a note

Re: Xerces-C 3.1.2 beta-3 available, call for testing

2015-03-09 Thread Cantor, Scott
On 3/9/15, 3:54 PM, Denis Excoffier xer...@denis-excoffier.org wrote: Would it be feasible to also include the documentation (the doc folder, like under xerces-c-3.1.1)? I didn't recall the old source distribution including the API docs, but I see it's there, I just didn't run doxygen. I'll

Xerces 3.1.2 Release Candidate available

2015-03-10 Thread Cantor, Scott
I have prepared a hopefully-final distribution for testing [1] as a release candidate. The filenames are identical to the eventual release. I fixed the distribution last night to include all missing content that was present in the 3.1.1 distribution, including the HTML site and API docs. If

RE: Xerces 3.1.2 Release Candidate available

2015-03-11 Thread Cantor, Scott
Not missing ones i guess but extra ones. I suppose the following files should not be present in the gz and bz2 distributions: m4/._libtool.m4 m4/._ltoptions.m4 m4/._ltsugar.m4 m4/._lt~obsolete.m4 I hadn't actually found where they came from. Might be a Mac thing. Probably not worth

RE: Xerces 3.1.2 Release Candidate available

2015-03-11 Thread Cantor, Scott
Does automake support it? I guess I can add that and rebuild another RC if it's important enough. (For context, the only reason I added bz2 was that I package this for some SUSE platforms, and they're probably going to start warning me at the build service about not having bz2 sources.) --

Re: Xerces-C 3.1.2 beta-2 available, call for testing

2015-03-06 Thread Cantor, Scott
In case it matters, this is what I'm using with configure: configure: Report: configure: File Manager: POSIX configure: Mutex Manager: POSIX configure: Transcoder: icu configure: NetAccessor: socket configure: Message Loader: inmemory Any of those different in your build that's giving

Re: Xerces-C 3.1.2 beta-2 available, call for testing

2015-03-06 Thread Cantor, Scott
On 3/6/15, 9:34 AM, Gareth Reakes gar...@reakes.com wrote: On OSX compiles fine but test run produces this attached failure diff. Somewhat surprisingly, on my OS X laptop, my test run has identical output to what's checked in, no diff. But I did that out of subversion, not the tarball, so I'll

Re: Xerces-C 3.1.2 beta-2 available, call for testing

2015-03-06 Thread Cantor, Scott
On 3/6/15, 4:17 AM, Gareth Reakes gar...@reakes.com wrote: On OSX compiles fine but test run produces this attached failure diff. Compared to 3.1.1 you mean? How do the tests get run as a unit? Do you know which test is giving that different result? -- Scott

Re: Xerces-C 3.1.2 beta-2 available, call for testing

2015-03-06 Thread Cantor, Scott
On 3/6/15, 9:34 AM, Gareth Reakes gar...@reakes.com wrote: No, compared to the committed test output file - scripts/sanityTest_ExpectedResult.log Ok, I'll look at when that was committed. make check So it runs them as part of the test build? Ok, I didn't notice that, will review that. --

Re: Xerces-C 3.1.2 beta-2 available, call for testing

2015-03-06 Thread Cantor, Scott
On 3/6/15, 10:08 AM, Gareth Reakes gar...@reakes.com wrote: Do you have the file in your checkout? /xerces-c-3.1.2/samples/data/long.xml No, it's not in the dist target, so that's the problem. I'll add it and republish a third beta today. One of the things I'm trying to clean up is the dist.

Xerces-C 3.1.2 beta-3 available, call for testing

2015-03-06 Thread Cantor, Scott
A third beta with the missing test file added is now available [1]. The test output now matches the output checked in as a baseline. -- Scott [1] https://people.apache.org/~scantor/

Re: Xerces-C 3.1.2 beta-3 available, call for testing

2015-03-06 Thread Cantor, Scott
On 3/6/15, 11:07 AM, Gareth Reakes gar...@reakes.com wrote: Great. So looks like tests all pass with expected results. Yes, at least in this case. Anybody building elsewhere, it would be good to run that same check of course. -- Scott

Re: Xerces-C 3.1.2 beta-3 available, call for testing

2015-03-06 Thread Cantor, Scott
On 3/6/15, 10:58 AM, Gareth Reakes gar...@reakes.com wrote: Are you still getting that seg fault Scott? Which test? No, should have clarified that sorry, I just didn't know how the tests were run or that you had a real script to run them. I was running them by hand without knowing what

Re: Xerces 3.1.2 Release Candidate available

2015-03-12 Thread Cantor, Scott
On 3/11/15, 1:41 PM, Cantor, Scott canto...@osu.edu wrote: By the way, could we please also get a xerces-c-3.1.2.tar.xz distribution, in addition to or instead the bz2 distribution? Does automake support it? I guess I can add that and rebuild another RC if it's important enough. I saw

Xerces-C 3.1.2 beta-2 available, call for testing

2015-03-05 Thread Cantor, Scott
I've uploaded a second beta of Xerces-C 3.1.2 [2] containing a couple of small fixes (VS2012 solution file fix, a backport of an XMLString binToText bug reported yesterday) and a tweak to the automake settings so I can generate a ZIP distribution from make dist. Just want to keep the test

Tarball of 3.1.2 beta

2015-03-02 Thread Cantor, Scott
Irrespective of what the PMC would like me to do with this to get it formally out there, a beta-1 tarball of the 3.1.2 Xerces-C release is signed and uploaded to http://people.apache.org/~scantor/ -- Scott - To unsubscribe,

Re: Tarball of 3.1.2 beta

2015-03-02 Thread Cantor, Scott
On 3/2/15, 4:29 PM, Gareth Reakes gar...@reakes.com wrote: On 2 Mar 2015, at 21:27, Cantor, Scott canto...@osu.edu wrote: Irrespective of what the PMC would like me to do with this to get it formally out there, a beta-1 tarball of the 3.1.2 Xerces-C release is signed and uploaded to http

Re: Tarball of 3.1.2 beta

2015-03-02 Thread Cantor, Scott
On 3/2/15, 9:39 PM, Cantor, Scott canto...@osu.edu wrote: Incidentally, I don't know how the ZIPped sources were prepared in the past, maybe just manually. But I marked the Windows project files with Windows line endings, so it should be possible to directly build for Windows from

Xerces-C 3.1.2 beta-1 available, call for testing

2015-03-03 Thread Cantor, Scott
A pre-release source distribution of Xerces-C V3.1.2 is available [1], signed by me, and this is an official call for testers and feedback. The list of bug fixes in this release can be found in Jira [1], and the PMC would like to start the release process next week, so please test any

Re: xerces-c-3.1.2b1

2015-03-04 Thread Cantor, Scott
On 3/4/15, 10:42 PM, Denis Excoffier xer...@denis-excoffier.org wrote: Hi, Compiled successfully and somewhat tested on Cygwin 32 bits (1.7.35), Solaris 10, Linux 32 bits Ubuntu, and Darwin Yosemite (10.10.2). It seems that you forgot the following one: Is there a bug filed on it? If so I

Re: Xerces-C 3.1.2 beta-1 available, call for testing

2015-03-04 Thread Cantor, Scott
On 3/4/15, 8:18 AM, Alberto Massari albertomass...@tiscali.it wrote: first of all, thank you for taking care of the release; I compiled the source on Windows using VC9, VC11 and VC12; I have noticed that the solution file for VC12 is missing the correct version, so it is opened by VC11. I

Re: [VOTE] release of 3.1.2

2015-03-18 Thread Cantor, Scott
On 3/18/15, 4:02 PM, Alberto Massari albertomass...@tiscali.it wrote: Here's my +1 too. And also my thanks to Scott for the time spent in arranging this release. You're welcome. Just following up to say that I'll be doing the actual formal release tomorrow (various timing/scheduling factors

Re: [VOTE] release of 3.1.2

2015-03-18 Thread Cantor, Scott
On 3/18/15, 5:04 PM, Michael Glavassevich mrgla...@ca.ibm.com wrote: Got to give folks time to vote. Normally suggested that these run for 72 hours [1] before tallying them up. It's only been 6 hours on this one. I will await the PMC's decision. I was operating based on off-line discussion. --

Re: Xerces support on Solaris 11 (built on Solaris 10)

2015-06-16 Thread Cantor, Scott
On 6/16/15, 3:54 AM, thosaratu...@gmail.com on behalf of Atul Thosar thosaratu...@gmail.com on behalf of atultho...@gmail.com wrote: From archives/google, I believe Xerces should work on Solaris 11 platform. But has anyone actually tried/ran it on Solaris 11? A supported version, yes. One

Re: Xerces support on Solaris 11 (built on Solaris 10)

2015-06-16 Thread Cantor, Scott
On 6/16/15, 1:05 PM, thosaratu...@gmail.com on behalf of Atul Thosar thosaratu...@gmail.com on behalf of atultho...@gmail.com wrote: Btw Could you please help me to understand in what sense 2.8 is insecure? In the sense that it has security bugs that are fixed, such as [1]. There are

RE: Error messages / ABI

2016-06-06 Thread Cantor, Scott
> Unless the decorated name of the enum includes the number of values, it > should not change, and the ABI stays the same. > It may require that the developer handle the new error code, but I doubt > that it happens very often. So, I think a 3.1.4 release is ok. I was more concerned about all the

Xerces-C 3.1.4 release candidate for testing

2016-06-14 Thread Cantor, Scott
I have prepared a release candidate for 3.1.4 that fixes some outstanding bugs. My ETA for release is around the end of the month. I haven't checked over the generated HTML pages in the tarballs yet, so I probably will do a second RC before calling for a vote maybe around the end of next week,

RE: How DOM can be serialized to JSON

2016-06-14 Thread Cantor, Scott
> How DOM presentation of XML document can be serialized into string in > JSON format and opposite? Well, a) that's not a well-defined mapping, and b) there's no code in Xerces to do that if that's what you're asking. If there's any library using Xerces under it that does this, I wouldn't know

Error messages / ABI

2016-06-04 Thread Cantor, Scott
Question to the rest of the remaining developers: is it an ABI change to add error messages/codes? I'm not familiar enough with the error handling machinery to know what's entailed in adding one, though I know there's an enum, and an XML file that's used to produce all the source code with the

Call for vote

2016-06-22 Thread Cantor, Scott
I've done a bit of minor cleanup (removing .svn detritus) and posted new artifacts with signatures: https://dist.apache.org/repos/dist/dev/xerces/c/3/sources/ I would like to call for a vote by the PMC to release V3.1.4. This is my +1 -- Scott

RE: Call for vote

2016-06-22 Thread Cantor, Scott
> Couldn't you find a more recent config.guess? See for example the one in > gcc-6.1.0.tar.bz2, dated 2016-01-01. I built it on Red Hat 7. I assume autoreconf pulls in whatever is there. -- Scott - To unsubscribe, e-mail:

Release candidate of Xerces-C 3.1.3 for evaluation

2016-02-01 Thread Cantor, Scott
I've built a release candidate of xerces-c-3.1.3 for testing. This is a bug fix release to address some reported issues and I am targeting late February for the PMC to approve the release. I noted there's a dev/ tree in the dist.apache.org svn repository, though I haven't located a URL that

CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input

2016-02-25 Thread Cantor, Scott
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Xerces-C XML Parser library versions prior to V3.1.3 Description: The Xerces-C XML parser

RE: file structure for installed xerces-c 3.1.2

2016-01-21 Thread Cantor, Scott
> I would like to ask which is the file structure for xerces-c_3_1.dll that has > been successful built after following steps described here > > https://xerces.apache.org/xerces-c/build-3.html The solutions for MSVC at least build to the Build directory (with subsequent nesting based on what

Prepping a 3.1.3 release

2016-01-20 Thread Cantor, Scott
I'm starting to work on a bug fix release and while I'll review Jira and some notes I have saved up, this is just a general heads up in case anything pressing and small can be identified to fix. Timeline for this is probably mid-Feb or so. -- Scott

Xerces-C 3.1.3 released

2016-02-17 Thread Cantor, Scott
I have (finally) gotten the updated release posted [1]. The web site should be updated now; if any site errors are spotted, report them and I'll get them fixed. -- Scott [1] http://xerces.apache.org/xerces-c/download.cgi

RE: support for MSVC 2015?

2016-05-02 Thread Cantor, Scott
> Did someone manage to get xerces build with MSVC 2015? Yes, I checked in solution files that are mostly working the other day. -- Scott - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands,

Re: Xerces-C 2.7.0 Source Code needed

2016-07-13 Thread Cantor, Scott
On 7/13/16, 10:11 AM, "Gobbur, Pratima" wrote: > I need the source code for 2.7.0 to check if there was any customisation on > our side. http://svn.apache.org/viewvc/xerces/c/tags/Xerces-C_2_7_0/ -- Scott

RE: Call for vote

2016-06-28 Thread Cantor, Scott
With several +1 votes and no objections, the vote has passed and I will finalize the release tomorrow morning. Thanks, -- Scott > -Original Message- > From: Cantor, Scott > Sent: Wednesday, June 22, 2016 12:32 PM > To: c-dev@xerces.apache.org > Subject: Call for vote

RE: [patch] Allow building with ICU using VC12 and VC14

2016-06-30 Thread Cantor, Scott
> Attached is a diff against 3.1.4 to enable building with VC12 and VC14 > with the ICU configurations. I assume that's already in Jira. If not, it's not going to ever get remembered and applied. -- Scott - To unsubscribe,

RE: Xerces-C 3.1.4 released

2016-06-30 Thread Cantor, Scott
> FYI, the downloads on http://apache.org/dist/xerces/c/3/sources/ > are missing the signatures and checksums for xerces-c-3.1.4.tar.xz. > Would it be possible to add them? Forgot it existed. I'll try and get to it when I can. -- Scott

CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD

2016-06-29 Thread Cantor, Scott
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Xerces-C XML Parser library versions prior to V3.1.4 Description: The Xerces-C XML parser

Xerces-C 3.1.4 released

2016-06-29 Thread Cantor, Scott
A patch release of the Xerces-C XML parser is now available and is propagating to the mirrors. It includes a small number of important bug fixes, including a fix for CVE-2016-4463. https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510=12336069 Of special note, applications

RE: 3.1.2 NuGet package

2016-08-15 Thread Cantor, Scott
> We are now wondering if Xerces-C++ devs are happy for us to upload this > package to www.nuget.org and, if so, whether there are any specific > guidelines we should follow or clauses to be aware of in order to do this > (aside from clearly indicating the obvious bits, regarding who is the true >

RE: 3.1.2 NuGet package

2016-08-16 Thread Cantor, Scott
> Our intention is to specifically use this platform to deliver the Xerces-C++ > 3.1.2 NuGet package that we have put together so that users of DNV GL - > Energy software products can have access to it in a public and easily > accessible repository. We would clearly indicate that the package has

RE: XERCESC-2066 (Exception handling mistake in DTDScanner)

2016-10-21 Thread Cantor, Scott
> Does somebody know when it will be fixed in official patch? Months ago? http://svn.apache.org/viewvc?view=revision=1747619 Red Hat still hasn't backported it to my knowledge. -- Scott - To unsubscribe, e-mail:

RE: XERCESC-2066 (Exception handling mistake in DTDScanner)

2016-10-21 Thread Cantor, Scott
> > Does somebody know when it will be fixed in official patch? > > Months ago? > > http://svn.apache.org/viewvc?view=revision=1747619 Meant to link to advisory. http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt > -- Scott

RE: XERCESC-2066 (Exception handling mistake in DTDScanner)

2016-10-21 Thread Cantor, Scott
> Hi Scott, > I checked Xerces 3.1.4 sources( > src/xercesc/validators/DTD/DTDScanner.cpp) > > The fix is missing in them. > const XMLCh nextCh = fReaderMgr->peekNextChar(); > calls without try catch . The fix I intended to aply is in 3.1.4 and I just verified that. -- Scott

RE: Porting XERCESC-2052 fix to 3.1 branch

2016-10-20 Thread Cantor, Scott
> I had a transcoding problem with Xerces-C and noticed that it has > already been described > https://issues.apache.org/jira/browse/XERCESC-2052 and fixed for more > than a year but not in the 3.1 branch. > So I took the liberty to port the fix and would be happy if it could be > released in a

RE: Porting XERCESC-2052 fix to 3.1 branch

2016-10-21 Thread Cantor, Scott
> So just for the record, the error is really a regression, it worked in > 3.1.1 and the fix in trunk was this commit: That's even stronger evidence that I have no business touching that code, I'm afraid. So I would have to say that somebody who does know it needs to own it and take care of

Re: Integrating CMake support for xerces

2017-04-23 Thread Cantor, Scott
On 4/22/17, 2:59 PM, "Roger Leigh" wrote: > There are two choices for merging it: > - to the 3.1 branch > - to the trunk, for releasing as 3.2 Or a third branch, but I think you already did that via git anyway and that's simpler in practice so we can dismiss that one. >

Beta of 3.2.0 available

2017-07-31 Thread Cantor, Scott
I don't think we have a server at the ASF I can make these available with, so just doing what I can I guess. https://shibboleth.net/downloads/prerelease/xerces-c/ They're signed with my published key. These are directly from a make dist of trunk. I have not generated or reviewed the site doc

RE: Remaining Xerces 3.2.0 issues and Xalan

2017-08-14 Thread Cantor, Scott
> Are there any known remaining issues for the 3.2.0 release? Nothing known; I didn't have the time I had hoped to get some testing done with my application, which I really should do before I ask for a vote but I won't hold things up much longer either way. > I've tested with various Visual

RE: Porting XERCESC-2052 fix to 3.1 branch

2017-07-17 Thread Cantor, Scott
Don't know if the OP (cc'd) is still around but since I'm trying to get us moving toward a 3.2 release, I wanted to clarify this... > So just for the record, the error is really a regression, it worked in > 3.1.1 and the fix in trunk was this commit: I don't see how this "worked" in 3.1.1, the

RE: Can we assume C99?

2017-07-06 Thread Cantor, Scott
Are you using C++11 in the cmake CI builds on Linux? Just curious...it seems to be detecting cstdint there but my autoconf test didn't due to that flag not being enabled. I don't think we have an autoconf check for it, so there's nothing to enable it if the compiler supports it. -- Scott

RE: Can we assume C99?

2017-07-06 Thread Cantor, Scott
> I wrote the Autoconf AC_PROG_CXX support for C++11 back in 2013 > (http://www.spinics.net/lists/ac/msg11596.html) but it appears not to > have made it into a stable release yet. It might be possible to take a > copy of the macro from Autoconf CVS. (This was before I discovered > CMake!) Seems

Re: Can we assume C99?

2017-07-07 Thread Cantor, Scott
On 7/7/17, 3:45 AM, "Boris Kolpackov" wrote: > Perhaps we should do something like this for Xerces-C++, especially if > we plan to start migrating to C++11. In fact, this will be a great aid > to gradual migration since we can just start using new features if they > are

Release candidate forthcoming

2017-07-27 Thread Cantor, Scott
We have one main enhancement patch outstanding but no CLA on file for it and no response from the original submitter, so I'm going to start prepping for a release by getting a 3.2 release candidate out the door. If there are any other issues open people intend to work on or have an actual fix

Re: Upporting status

2017-06-29 Thread Cantor, Scott
On 6/29/17, 3:25 PM, "Roger Leigh" wrote: > It's "scripts/sanityTest.pl", a Perl script which runs all the tests, > concatenates their output, and then diffs it with the expected output. > It fails if the output differs or the tests fail prematurely. Well, I've run that

Re: Upporting status

2017-06-29 Thread Cantor, Scott
On 6/29/17, 3:46 PM, "Roger Leigh" wrote: > Actually, just run "make check" which builds the tests and runs them foryou. Not for me unfortunately. export

Re: Upporting status

2017-06-29 Thread Cantor, Scott
Ack, never mind, PEBKAC, they're running now. -- Scott On 6/29/17, 3:49 PM, "Cantor, Scott" <canto...@osu.edu> wrote: On 6/29/17, 3:46 PM, "Roger Leigh" <rle...@codelibre.net> wrote: > Actually, just run "make check" which builds the tests an

Re: Upporting status

2017-06-29 Thread Cantor, Scott
On 6/29/17, 3:31 PM, "Roger Leigh" wrote: > This is because the unit test is comparing the tool help output line by > line and it's simply due to an extra line being added to the help > output. It's not a fault of the change, it's just that the test data > needs

Re: Upporting status

2017-06-29 Thread Cantor, Scott
On 6/29/17, 3:02 PM, "Roger Leigh" wrote: > The recent trunk changes broke a few of the unit tests. I don't understand how, other than the ones that are for some reason depending on the output of the parameter options for the DOMCount sample. That seems like an odd test,

RE: Upporting status

2017-07-03 Thread Cantor, Scott
> You might find https://issues.apache.org/jira/browse/XERCESC-2104 of > interest. This replaces sanityTest.pl with separate automake checks. > You can still run "make check", but it now shows you each individual > test being run and stores the logs in separate files. This makes it > much

RE: Upporting status

2017-07-03 Thread Cantor, Scott
Roger, is that separate fork updated with the master copy? It looks like maybe it's missing the bug fixes I checked in Friday after you let me know they were failing. That would certainly explain it. The link issue was just a dangling reference to 3_1 in the ICU build from the version change,

Can we assume C99?

2017-07-06 Thread Cantor, Scott
I don't know what the baseline has been for the code base, is C99 a reasonable requirement? I need SIZE_MAX to fix some bounds checking errors, just need to know if I need to waste time on an autoconf test for it. -- Scott -

Re: Can we assume C99?

2017-07-06 Thread Cantor, Scott
On 7/6/17, 5:54 PM, "Roger Leigh" wrote: > Interesting, I'll certainly take a look. I'm afraid I'm away until next > Wednesday, so I won't be able to do anything until then. If you want to check it, this is what I had to use on the autoconf side: #if

RE: Can we assume C99?

2017-07-06 Thread Cantor, Scott
> Visual Studio had somewhat lacking C99 support, so it might be problematic > for older versions. It's not missing SIZE_MAX though, AFAIK, so Windows isn't really much of a concern there. > Could we not use std::numeric_limits instead? It should work everywhere, > and should be better

Re: Integrating CMake support for xerces

2017-04-25 Thread Cantor, Scott
On 4/25/17, 3:17 PM, "Roger Leigh" wrote: > Switching to git would be wonderful. We could also enable CI testing > with e.g. Travis or some other CI service on github at that time to > enable testing of all PRs, if that would be accceptable. Or does the > Apache

Re: Integrating CMake support for xerces

2017-04-25 Thread Cantor, Scott
On 4/25/17, 8:30 PM, "Cantor, Scott" <canto...@osu.edu> wrote: > So far there is very little divergence, just a few small API additions that > are unique to the trunk. So I don't foresee anything > terribly risky about releasing this after some addition

Re: Integrating CMake support for xerces

2017-04-26 Thread Cantor, Scott
On 4/26/17, 4:04 AM, "Roger Leigh" wrote: > Agreed that just moving up to C++98 standard types in and of itself > would be greatly beneficial. There should be no portability barrier to > achieving that. No, definitely not. I've been using the STL and Boost for years now

RE: Integrating CMake support for xerces

2017-04-25 Thread Cantor, Scott
> Since we are sharing plans, we (as in Code Synthesis) are planning > to package Xerces-C++ for build2[1] in the near future (but no > definite time-frame). While I haven't looked into this closely > yet, the options we consider range between just packaging it as > is to pretty much forking it.

RE: Integrating CMake support for xerces

2017-04-24 Thread Cantor, Scott
> I can certainly rebase the cmake-3.1 branch onto trunk if that would > make sense. However, looking at the differences between the 3.1 branch > and the trunk, it looks like the trunk might need a fair amount of 3.1 > work applying. Is it a bit out of date? Yes. > OK. If there's anything I

3.2.0 RC1 posted

2017-08-07 Thread Cantor, Scott
A release candidate is posted: https://shibboleth.net/downloads/prerelease/xerces-c/ This includes all the fixes from weekend bug finding, a rebuild of the web site in doc/ and the generated API docfiles. I would like to call for a vote probably around the end of this week. -- Scott

Re: Second 3.2.0 beta available

2017-08-04 Thread Cantor, Scott
Adding missing refs: [1] https://shibboleth.net/downloads/prerelease/xerces-c/ [2] https://issues.apache.org/jira/projects/XERCESC/issues/XERCESC-2108 On 8/4/17, 10:50 AM, "Cantor, Scott" <canto...@osu.edu> wrote: I've updated the beta [1] with the distribution fixes, and one c

Second 3.2.0 beta available

2017-08-04 Thread Cantor, Scott
I've updated the beta [1] with the distribution fixes, and one code addition [2]. I'll let this one sit for a few days or so for testing and publish a release candidate next week. I have not tested Solaris yet, but I will test x86 at least today. I no longer can test Sparc. Expect a call for

  1   2   >