[8u] RFR: backport of 8231507: Update Apache Santuario (XML Signature) to version 2.1.4
Fedor
fedor.burdun at azul.com
Mon Jan 20 12:03:56 UTC 2020
On 17.01.2020 3:14, Elliott Baron wrote:
> Hi Fedor,
>
> On 2019-12-26 7:24 a.m., Fedor wrote:
>> Hi Elliott,
>>
>> The library itself looked to me as solid thing, so I decided to
>> downport it as one piece.
>> Moreover, it seems it is easier and more clear than to do this work
>> applying all patches that touched the library code.
>> For example, as far as I remember there was a lot of changes, updating
>> javadoc and fixing compilation warnings, and these changes were
>> updating not only the library code but a big chunk of irrelevant to us
>> Java classes in addition.
>> Because of that, all of potentially relevant patches should be updated
>> to not touch code outside the library (for example public api that may
>> break jdk8u compliance)
>>
>> Being more specific, what was done during backport of the library I
>> can describe in next steps:
>> 1) copied library files from jdk11/14 to jdk8 to appropriate packages:
>> - src/share/classes/org/jcp/xml/dsig/internal
>> - src/share/classes/com/sun/org/apache/xml/internal
>> 2) removed files that was removed due to update to 2.1.4 in jdk11
>> 3) fixed several compilation issues:
>> -
>> src/share/classes/com/sun/org/apache/xml/internal/security/utils/ClassLoaderUtils.java
>> left untouched
>> - updated Logger calls: Log.debug(...) =>
>> Log.log(logging.level.FINE,...)
>> - updated imports where it was required
>> - NodeSetData<?> => NodeSetData
>> - toNodeSet method
>> - PSSParameterSpec.TRAILER_FIELD_BC =>
>> PSSParameterSpec.DEFAULT.getTrailerField()
>> 4) fixed tests:
>> - removed usage of several crypto algorithms from
>> GenerationTests.java since they are not provided in jdk8
>>
>> If I didn't forget something that is all.
>> All modifications done over jdk11u version (steps 3,4) can be found in
>> this
>> (http://cr.openjdk.java.net/~fijiol/8231507/webrev.8u.00/compare/with-14.html)
>> diff.h
>>
>> Thanks,
>> Fedor
>>
>>
>> On 21.12.2019 2:41, Elliott Baron wrote:
>>> Hi Fedor,
>>>
>>> On 2019-12-10 1:35 p.m., Fedor wrote:
>>>> Hello everybody,
>>>>
>>>> May I have a request backport of JDK-8231507?
>>>>
>>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8231507
>>>> webrev: http://cr.openjdk.java.net/~fijiol/8231507/webrev.8u.00/
>>>> testing: jdk/test/com/sun/org/apache/xml/
>>>> jdk/test/javax/xml/crypto/dsig/
>>>>
>>>> The code of library taken from jdk14 sources wasn't applied cleanly
>>>> to jdk8u, so a sort of changes were done:
>>>>
>>>> The changes made after copying files from jdk14:
>>>> http://cr.openjdk.java.net/~fijiol/8231507/webrev.8u.00/compare/with-14.html
>>>> (raw diff:
>>>> http://cr.openjdk.java.net/~fijiol/8231507/webrev.8u.00/compare/with-14.diff)
>>>>
>>>>
>>>> Several files were deleted.
>>>> The rest was taken "as is" from jdk14.
>>>>
>>>
>>> This changeset appears to include parts of several dependent changes
>>> along with it. I recognize "8177334: Update xmldsig implementation to
>>> Apache Santuario 2.1.1" and some of its dependencies, since I've been
>>> working on a backport for this. If it's not possible to propose each
>>> of these additional changes for review individually, would you be
>>> able to list these dependencies that you have included in this
>>> changeset? It would also be helpful if you could provide an
>>> explanation for any modifications you had to make to these fixes to
>>> arrive at your 8u backport.
>>>
>>> (Note: I'm not an 8u reviewer, just interested in getting this
>>> backported as well)
>
> Given Andrew's comments in preferring an issue-by-issue backport of
> this, I plan to continue with my efforts to backport the Apache
> Santuario update to 2.1.1 (JDK-8046724), along with its dependencies.
> Some of these dependencies have arrived in 8u-dev recently [1][2][3]. I
> then plan to follow up by updating Santuario to 2.1.3 (JDK-8219013).
> This should allow for a cleaner backport of the update to 2.1.4. Just
> want to give you a heads up, so we don't duplicate efforts.
Ok
>
> Thanks,
> Elliott
>
> [1] https://bugs.openjdk.java.net/browse/JDK-8038431
> [2] https://bugs.openjdk.java.net/browse/JDK-8031191
> [3] https://bugs.openjdk.java.net/browse/JDK-8046044
More information about the jdk8u-dev
mailing list