RE: Porting XERCESC-2052 fix to 3.1 branch

2017-07-17 Thread Cantor, Scott
Don't know if the OP (cc'd) is still around but since I'm trying to get us 
moving toward a 3.2 release, I wanted to clarify this...

> So just for the record, the error is really a regression, it worked in
> 3.1.1 and the fix in trunk was this commit:

I don't see how this "worked" in 3.1.1, the patch in question:

> http://svn.apache.org/viewvc?view=revision=1701594

Was applied only to trunk, not to 3.1.0/3.1.1, and the test case is only on 
trunk. It couldn't have been working on 3.1.1 or the "fix" is something else.

I was concerned that one of the security fixes to 3.1.2 and up broke something, 
and had filed this away to follow up before a 3.2.0, but this seems to be 
something else entirely, just a fix that didn't ever get done on the branch, 
and therefore can be closed out once we release trunk.

-- Scott


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org



RE: Porting XERCESC-2052 fix to 3.1 branch

2016-10-21 Thread Cantor, Scott
> So just for the record, the error is really a regression, it worked in
> 3.1.1 and the fix in trunk was this commit:

That's even stronger evidence that I have no business touching that code, I'm 
afraid. So I would have to say that somebody who does know it needs to own it 
and take care of applying those fixes to the branch.

-- Scott


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org



RE: Porting XERCESC-2052 fix to 3.1 branch

2016-10-20 Thread Cantor, Scott
> I had a transcoding problem with Xerces-C and noticed that it has
> already been described
> https://issues.apache.org/jira/browse/XERCESC-2052 and fixed for more
> than a year but not in the 3.1 branch.
> So I took the liberty to port the fix and would be happy if it could be
> released in a (hopefully soon) upcoming 3.1.5 or if 3.2 is just around
> corner, this would be even better.

I ported a number of patches from trunk back to the branch when I first jumped 
in to get security work done on the branch and put 3.1.2 out. This seems to 
have been filed against 3.1.2, so I don't think I ever saw that one, it 
probably wasn't brought to my attention and the bug entry doesn't have the fix 
outlined either. And I am generally terrified of touching transcoding code 
since I don't understand any of it, so that all explains why it wasn't 
backported.

The major problem is that I have no way to test fixes to code I don't 
understand. That's the biggest problem, paralysis out of fear of breaking 
something.

If somebody vouches for the fix, I don't have a problem applying it, but I 
can't possibly know whether the fix is safe beyond just taking somebody's word 
for it.

Either way, I'd advise attaching the patch to the bug, and I'll reopen it for 
now just to track that it hasn't been backported.

-- Scott


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org