[xmlsec] status update

Aleksey Sanin aleksey at aleksey.com
Sat Sep 18 19:43:10 PDT 2004

Several issues were discussed in the mailing list last week and
I made promises to take a look at them over weekend. This is
a status update after I took a look :)

1) Crasher with xmlParseInNodeContext() function
Yes, I also can reproduce it with latest and greatest LibXML2
from CVS. The crash happens deep inside LibXML2 dictionaries code.
Unfortunately, it goes beyond my current knowledge of LibXML2
internals and we need to ask Daniel to look at this. However,
I was able to find a workaround that solves this issue. If you
use XML_PARSE_NODICT flag in xmlParseInNodeContext() function

     ret = xmlParseInNodeContext(xmlDocGetRootElement(doc),
				buffer, xmlStrlen(buffer),
	        		XML_PARSE_NODICT, &encNode);

then everything works just fine. I think this is an acceptable
workaround for now.

2) Tomas's patch for xmlSecReplaceNodeBuffer()
This is a great hack! It solves the problem for 90% of the users.
But it does miss few things (entities resolutions, ID attributes, etc.)
that xmlParseInNodeContext() function handles correctly. After
careful thinking I decided to use xmlParseInNodeContext() instead.

3) Bug #142358 (http://bugzilla.gnome.org/show_bug.cgi?id=142358)
 From the above, it should be clear that I decided to use
xmlParseInNodeContext() function and bump LibXML2 requirement to 2.6.12.
The fix is checked in CVS.

4) OO patch to xmlsec
I did look at the OO patch to xmlsec

In addition to the problems with removed Copyright statements :)
this patch has a couple more issues I need to think about. However, most
of the changes looks good and do make sense. OO guys said that they
would like to merge changes back to xmlsec. We will see how this will


More information about the xmlsec mailing list