[8u] RFR Backport 8219013: Update Apache Santuario (XML Signature) to version 2.1.3

[Hohensee, Paul]

Lgtm, except that I don't see a review request for the THIRD_PARTY_README change backport. Both patches should be pushed together.

Maintainers, this was a critical fix for 11.0.5, perhaps it also should be for 8u282.

Thanks,
Paul

On 8/31/20, 2:16 PM, "jdk8u-dev on behalf of Elliott Baron" <jdk8u-dev-retn at openjdk.java.net on behalf of ebaron at redhat.com> wrote:

    Hi,

    I'd like to request a review to backport 8219013 to 8u.

    Original fix:
    https://bugs.openjdk.java.net/browse/JDK-8219013
    http://hg.openjdk.java.net/jdk/jdk/rev/81de17a33575

    The original fix did not apply cleanly, but only required minor cosmetic
    changes. They are as follows:

    com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SKI:
    - Kept protocol as HTTPS in Javadoc compared to original fix. This was
    changed to HTTPS by "8068491: Update the protocol for references of
    docs.oracle.com to HTTPS.", which did not get propagated to JDK 9+.

    com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverDirectHTTP:
    - Javadoc to be changed already uses HTTPS due to 8068491.

    org/jcp/xml/dsig/internal/dom/XMLDSigRI:
    - Omitted indentation fix for line added by "7191662: JCE providers
    should be located via ServiceLoader", which is not in 8u.

    legal/santuario.md:
    - File doesn't exist. I'll update THIRD_PARTY_README accordingly with
    8229868: "Update Apache Santuario TPRM version".

    8u webrev:
    https://cr.openjdk.java.net/~ebaron/jdk8u/JDK-8219013/webrev.00/

    Testing: x86_64 build, jdk_tier1, jdk_security tests

    Thanks,
    Elliott