You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Sean Mullan <Se...@Sun.COM> on 2008/03/10 19:57:05 UTC
Java XMLSec 1.4.2 Release
Hi all,
It has been almost a year since 1.4.1 was released, and many bugs and
rfes have been fixed and integrated since then. Therefore, I would like
to make a 1.4.2 release available soon, and have at least one or two
beta candidate releases before doing that.
Please let me know if you are ok with this plan:
[ ] +1
[ ] 0
[ ] -1
If -1, please explain why (such as I really need a fix for bug xxxx).
FYI, here are the bugs and rfes that have been fixed since 1.4.1:
Fixed rfe 42653: Add support for C14N 1.1 to Java implementation.
Fixed bug 44205: XMLX509Certificate.getX509Certificate() results in
certificate parsing error.
Fixed Bug 44177: when using xslt transformation there is problem
with xalan newline.
Small refactor for ElementProxy to get rid of the state, it was an
old vestige that where taking space and obfuscating the code.
Fixed bug 40897: String comparisons using '==' causes validation
errors with some parsers.
Fixed bug 43056: Library does not allow specify provider for
private key operations.
Fixed bug 44102: XMLCipher loadEncryptedKey error.
Fixed bug 43239: "No installed provider supports this key" when
checking a RSA signature against a DSA key before RSA key.
Fixed bug 42597: Unnecessary namespace declarations on Signature
children.
Fixed bug 42061: Method to disable XMLUtils.addReturnToElement.
Fixed bug 42865: Problem with empty BaseURI in ResolverLocalFilesystem.
Fixed bug 43230: Inclusive C14n doesn't always handle xml:space &
xml:lang attributes correctly
Fixed bug 38668: Add XMLCipher.encryptData method that takes
serialized data as parameter.
Fixed bug 42866: Error when removing encrypted content in 1.4.1.
Fixed bug 42820: ClassLoader issue causing NoSuchAlgorithmException
loading Provider Implementation.
Thanks,
Sean
RE: Java XMLSec 1.4.2 Release
Posted by "Lopez Cantero, Sergio" <SL...@sadiel.es>.
Oops, maybe Issue is not the correct Word, I'm not used to mailing lists
(nor English speaker either).
I meant the: "Problems c14ning openoffice math xml" & "Problem with
xmlencryption and CDATA elements"
Mails.
Thanks again.
-----Mensaje original-----
De: Sean.Mullan@Sun.COM [mailto:Sean.Mullan@Sun.COM]
Enviado el: martes, 11 de marzo de 2008 21:23
Para: security-dev@xml.apache.org
Asunto: Re: Java XMLSec 1.4.2 Release
Lopez Cantero, Sergio wrote:
> +1
>
> And please, would you mind looking at my opened issues?
Which issues are those? Can you reply with the bugzilla URL or issue #.
Thanks,
Sean
Re: Java XMLSec 1.4.2 Release
Posted by Sean Mullan <Se...@Sun.COM>.
Lopez Cantero, Sergio wrote:
> +1
>
> And please, would you mind looking at my opened issues?
Which issues are those? Can you reply with the bugzilla URL or issue #.
Thanks,
Sean
RE: Java XMLSec 1.4.2 Release
Posted by "Lopez Cantero, Sergio" <SL...@sadiel.es>.
+1
And please, would you mind looking at my opened issues?
Thanks
-----Mensaje original-----
De: Sean.Mullan@Sun.COM [mailto:Sean.Mullan@Sun.COM]
Enviado el: lunes, 10 de marzo de 2008 19:57
Para: security-dev@xml.apache.org
Asunto: Java XMLSec 1.4.2 Release
Hi all,
It has been almost a year since 1.4.1 was released, and many bugs and
rfes have been fixed and integrated since then. Therefore, I would like
to make a 1.4.2 release available soon, and have at least one or two
beta candidate releases before doing that.
Please let me know if you are ok with this plan:
[ ] +1
[ ] 0
[ ] -1
If -1, please explain why (such as I really need a fix for bug xxxx).
FYI, here are the bugs and rfes that have been fixed since 1.4.1:
Fixed rfe 42653: Add support for C14N 1.1 to Java implementation.
Fixed bug 44205: XMLX509Certificate.getX509Certificate() results in
certificate parsing error.
Fixed Bug 44177: when using xslt transformation there is problem
with xalan newline.
Small refactor for ElementProxy to get rid of the state, it was an
old vestige that where taking space and obfuscating the code.
Fixed bug 40897: String comparisons using '==' causes validation
errors with some parsers.
Fixed bug 43056: Library does not allow specify provider for
private key operations.
Fixed bug 44102: XMLCipher loadEncryptedKey error.
Fixed bug 43239: "No installed provider supports this key" when
checking a RSA signature against a DSA key before RSA key.
Fixed bug 42597: Unnecessary namespace declarations on Signature
children.
Fixed bug 42061: Method to disable XMLUtils.addReturnToElement.
Fixed bug 42865: Problem with empty BaseURI in
ResolverLocalFilesystem.
Fixed bug 43230: Inclusive C14n doesn't always handle xml:space &
xml:lang attributes correctly
Fixed bug 38668: Add XMLCipher.encryptData method that takes
serialized data as parameter.
Fixed bug 42866: Error when removing encrypted content in 1.4.1.
Fixed bug 42820: ClassLoader issue causing NoSuchAlgorithmException
loading Provider Implementation.
Thanks,
Sean
Re: Java XMLSec 1.4.2 Release
Posted by Raul Benito <ra...@apache.org>.
I took the last one.
But also we need to define the way of selecting the behavior. I
suppose that in the config.xml will be good.
Anyway even without this thing we can cut 1.4.2
On Wed, Mar 12, 2008 at 7:30 AM, Vishal Mahajan <vm...@amberpoint.com> wrote:
> Regarding 40897 (String comparisons using '==' causes validation errors
> with some parsers):
>
> There are a few additional minor changes required to complete the fix.
> ElementCheckerImpl.FullChecker needs to override the
> isNamespaceElement() method (see attached diff). Plus there's at least
> one another instance in ElementProxy.length() method where
> ElementChecker needs to be employed.
>
> Apart from this it would be a +1 from me.
>
> Thanks,
> Vishal
>
>
>
> on 03/11/2008 12:27 AM Sean Mullan wrote:
>
> > Hi all,
> >
> > It has been almost a year since 1.4.1 was released, and many bugs and
> > rfes have been fixed and integrated since then. Therefore, I would
> > like to make a 1.4.2 release available soon, and have at least one or
> > two beta candidate releases before doing that.
> >
> > Please let me know if you are ok with this plan:
> >
> > [ ] +1
> > [ ] 0
> > [ ] -1
> >
> > If -1, please explain why (such as I really need a fix for bug xxxx).
> >
> > FYI, here are the bugs and rfes that have been fixed since 1.4.1:
> >
> > Fixed rfe 42653: Add support for C14N 1.1 to Java implementation.
> > Fixed bug 44205: XMLX509Certificate.getX509Certificate() results
> > in certificate parsing error.
> > Fixed Bug 44177: when using xslt transformation there is problem
> > with xalan newline.
> > Small refactor for ElementProxy to get rid of the state, it was an
> > old vestige that where taking space and obfuscating the code.
> > Fixed bug 40897: String comparisons using '==' causes validation
> > errors with some parsers.
> > Fixed bug 43056: Library does not allow specify provider for
> > private key operations.
> > Fixed bug 44102: XMLCipher loadEncryptedKey error.
> > Fixed bug 43239: "No installed provider supports this key" when
> > checking a RSA signature against a DSA key before RSA key.
> > Fixed bug 42597: Unnecessary namespace declarations on Signature
> > children.
> > Fixed bug 42061: Method to disable XMLUtils.addReturnToElement.
> > Fixed bug 42865: Problem with empty BaseURI in
> > ResolverLocalFilesystem.
> > Fixed bug 43230: Inclusive C14n doesn't always handle xml:space &
> > xml:lang attributes correctly
> > Fixed bug 38668: Add XMLCipher.encryptData method that takes
> > serialized data as parameter.
> > Fixed bug 42866: Error when removing encrypted content in 1.4.1.
> > Fixed bug 42820: ClassLoader issue causing
> > NoSuchAlgorithmException loading Provider Implementation.
> >
> >
> > Thanks,
> > Sean
>
>
> --- ElementCheckerImpl.java.bak 2008-03-11 12:50:49.931625000 +0530
> +++ ElementCheckerImpl.java 2008-03-12 12:28:05.701413700 +0530
> @@ -48,7 +48,17 @@
> namespaceSHOULDBE +":"+ localnameSHOULDBE};
> throw new XMLSecurityException("xml.WrongElement", exArgs);
> }
> - }
> + }
> +
> + public boolean isNamespaceElement(Node el, String type, String ns) {
> + if ((el == null) ||
> + (ns != null && !ns.equals(el.getNamespaceURI())) ||
> + !el.getLocalName().equals(type)){
> + return false;
> + }
> +
> + return true;
> + }
> }
>
> /** An empty checker if schema checking is used */
>
>
--
http://r-bg.com
Re: Java XMLSec 1.4.2 Release
Posted by Vishal Mahajan <vm...@amberpoint.com>.
Regarding 40897 (String comparisons using '==' causes validation errors
with some parsers):
There are a few additional minor changes required to complete the fix.
ElementCheckerImpl.FullChecker needs to override the
isNamespaceElement() method (see attached diff). Plus there's at least
one another instance in ElementProxy.length() method where
ElementChecker needs to be employed.
Apart from this it would be a +1 from me.
Thanks,
Vishal
on 03/11/2008 12:27 AM Sean Mullan wrote:
> Hi all,
>
> It has been almost a year since 1.4.1 was released, and many bugs and
> rfes have been fixed and integrated since then. Therefore, I would
> like to make a 1.4.2 release available soon, and have at least one or
> two beta candidate releases before doing that.
>
> Please let me know if you are ok with this plan:
>
> [ ] +1
> [ ] 0
> [ ] -1
>
> If -1, please explain why (such as I really need a fix for bug xxxx).
>
> FYI, here are the bugs and rfes that have been fixed since 1.4.1:
>
> Fixed rfe 42653: Add support for C14N 1.1 to Java implementation.
> Fixed bug 44205: XMLX509Certificate.getX509Certificate() results
> in certificate parsing error.
> Fixed Bug 44177: when using xslt transformation there is problem
> with xalan newline.
> Small refactor for ElementProxy to get rid of the state, it was an
> old vestige that where taking space and obfuscating the code.
> Fixed bug 40897: String comparisons using '==' causes validation
> errors with some parsers.
> Fixed bug 43056: Library does not allow specify provider for
> private key operations.
> Fixed bug 44102: XMLCipher loadEncryptedKey error.
> Fixed bug 43239: "No installed provider supports this key" when
> checking a RSA signature against a DSA key before RSA key.
> Fixed bug 42597: Unnecessary namespace declarations on Signature
> children.
> Fixed bug 42061: Method to disable XMLUtils.addReturnToElement.
> Fixed bug 42865: Problem with empty BaseURI in
> ResolverLocalFilesystem.
> Fixed bug 43230: Inclusive C14n doesn't always handle xml:space &
> xml:lang attributes correctly
> Fixed bug 38668: Add XMLCipher.encryptData method that takes
> serialized data as parameter.
> Fixed bug 42866: Error when removing encrypted content in 1.4.1.
> Fixed bug 42820: ClassLoader issue causing
> NoSuchAlgorithmException loading Provider Implementation.
>
>
> Thanks,
> Sean
Re: Java XMLSec 1.4.2 Release
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
+1 - but can we add the verbage we need to add for the crypto policy?
Cheers,
Berin
Sean Mullan wrote:
> Hi all,
>
> It has been almost a year since 1.4.1 was released, and many bugs and
> rfes have been fixed and integrated since then. Therefore, I would like
> to make a 1.4.2 release available soon, and have at least one or two
> beta candidate releases before doing that.
>
> Please let me know if you are ok with this plan:
>
> [ ] +1
> [ ] 0
> [ ] -1
>
> If -1, please explain why (such as I really need a fix for bug xxxx).
>
> FYI, here are the bugs and rfes that have been fixed since 1.4.1:
>
> Fixed rfe 42653: Add support for C14N 1.1 to Java implementation.
> Fixed bug 44205: XMLX509Certificate.getX509Certificate() results in
> certificate parsing error.
> Fixed Bug 44177: when using xslt transformation there is problem
> with xalan newline.
> Small refactor for ElementProxy to get rid of the state, it was an
> old vestige that where taking space and obfuscating the code.
> Fixed bug 40897: String comparisons using '==' causes validation
> errors with some parsers.
> Fixed bug 43056: Library does not allow specify provider for private
> key operations.
> Fixed bug 44102: XMLCipher loadEncryptedKey error.
> Fixed bug 43239: "No installed provider supports this key" when
> checking a RSA signature against a DSA key before RSA key.
> Fixed bug 42597: Unnecessary namespace declarations on Signature
> children.
> Fixed bug 42061: Method to disable XMLUtils.addReturnToElement.
> Fixed bug 42865: Problem with empty BaseURI in ResolverLocalFilesystem.
> Fixed bug 43230: Inclusive C14n doesn't always handle xml:space &
> xml:lang attributes correctly
> Fixed bug 38668: Add XMLCipher.encryptData method that takes
> serialized data as parameter.
> Fixed bug 42866: Error when removing encrypted content in 1.4.1.
> Fixed bug 42820: ClassLoader issue causing NoSuchAlgorithmException
> loading Provider Implementation.
>
>
> Thanks,
> Sean
>
>