[GitHub] [xerces-c] johnjamesmccann commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()
johnjamesmccann commented on PR #47: URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1128824805 Hello Scott Cantor, Did this hot fix make it into the xerces code base? I think previously you alluded to the possibility of having this in the code base for a release in spring this year (although you never committed to that)? Did that happen or is this PR still in the review stage? Thanks and kind regards John -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[GitHub] [xerces-c] scantor commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()
scantor commented on PR #47: URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1128832049 No, and no, I have no expectation of any releases. If a security issue that actually affects my code comes up I would probably apply this and bumping to 3.3. This cannot be part of a patch to 3.2, as I said. This project needs active committers that have the time allocated to work on it. Until it gets some, it's going to stay moribund. If you need this fix, I would definitely suggest that you consider becoming one or find somebody else who is able to. If that happens, I am willing to help that person or persons get through the release process. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[jira] [Updated] (XERCESC-2236) Dependencies aren't loaded when using provided CMake config package
[
https://issues.apache.org/jira/browse/XERCESC-2236?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fred Hornsey updated XERCESC-2236:
--
Attachment: xercesc-2236-fix.patch
> Dependencies aren't loaded when using provided CMake config package
> ---
>
> Key: XERCESC-2236
> URL: https://issues.apache.org/jira/browse/XERCESC-2236
> Project: Xerces-C++
> Issue Type: Bug
> Components: Build
>Affects Versions: 3.2.3
> Environment: Ubuntu 18.04, CMake 3.22.2
>Reporter: Fred Hornsey
>Priority: Major
> Attachments: xercesc-2236-fix.patch
>
>
> We have a CMake config package for our libraries that tries to load Xerces
> support like so:
> {code:java}
> find_package(XercesC PATHS "${OPENDDS_XERCES3}" NO_DEFAULT_PATH)
> if (NOT XercesC_FOUND)
> find_package(XercesC)
> endif(){code}
> Where {{OPENDDS_XERCES3}} is the path to the Xerces our libraries were built
> with. This works on Windows and Linux when using system-provided package.
> When building and installing from source on Linux it seem this doesn't work.
> In this case it's trying to use the CMake package provided by Xerces instead
> of the one builtin to CMake.
> I've created an example to demonstrate this. Xerces is built and installed to
> a location on Linux using CMake. Then we create a {{{}CMakeLists.txt{}}}:
> {code:java}
> cmake_minimum_required(VERSION 3.12.0)
> project(xerces_cmake_config_pkg_test)
> find_package(XercesC PATHS "${THE_XERCES_ROOT}" NO_DEFAULT_PATH)
> add_executable(testexe test.cpp)
> target_link_libraries(testexe XercesC::XercesC)
> {code}
> {{test.cpp}} has to be created, but it doesn't matter what it contains
> because CMake doesn't get far enough to allow us to attempt to build. When
> configuring, setting {{THE_XERCES_ROOT}} to the installed Xerces, CMake gives
> these errors:
> {code:java}
> CMake Error at CMakeLists.txt:10 (add_executable):
> Target "testexe" links to target "ICU::uc" but the target was not found.
> Perhaps a find_package() call is missing for an IMPORTED target, or an
> ALIAS target is missing?
> CMake Error at CMakeLists.txt:10 (add_executable):
> Target "testexe" links to target "ICU::data" but the target was not found.
> Perhaps a find_package() call is missing for an IMPORTED target, or an
> ALIAS target is missing?
> CMake Error at CMakeLists.txt:10 (add_executable):
> Target "testexe" links to target "Threads::Threads" but the target was not
> found. Perhaps a find_package() call is missing for an IMPORTED target, or
> an ALIAS target is missing? {code}
>
> This seems to be caused by the packages being specified by Xerces during its
> configure ([like
> ICU|https://github.com/apache/xerces-c/blob/045bdf8ac7755e1ce2735d5ef3f6741ec4718df9/src/CMakeLists.txt#L1113])
> being referenced in the Config package, but not being loaded for the using
> {{find_package}} or equivalent. [CMake
> documenation|https://cmake.org/cmake/help/latest/manual/cmake-packages.7.html#creating-a-package-configuration-file]
> suggests that this should be done in somewhere in the [config
> file|https://github.com/apache/xerces-c/blob/master/src/xercesc/util/XercesVersion.hpp.in].
>
>
>
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
[jira] [Commented] (XERCESC-2236) Dependencies aren't loaded when using provided CMake config package
[
https://issues.apache.org/jira/browse/XERCESC-2236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17538414#comment-17538414
]
Fred Hornsey commented on XERCESC-2236:
---
I've attached a patch that seems to fix the issue, at least for the example I
gave. It changes the linked dependencies to {{PRIVATE}} so it doesn't matter if
{{find_package}} is called or not.
> Dependencies aren't loaded when using provided CMake config package
> ---
>
> Key: XERCESC-2236
> URL: https://issues.apache.org/jira/browse/XERCESC-2236
> Project: Xerces-C++
> Issue Type: Bug
> Components: Build
>Affects Versions: 3.2.3
> Environment: Ubuntu 18.04, CMake 3.22.2
>Reporter: Fred Hornsey
>Priority: Major
> Attachments: xercesc-2236-fix.patch
>
>
> We have a CMake config package for our libraries that tries to load Xerces
> support like so:
> {code:java}
> find_package(XercesC PATHS "${OPENDDS_XERCES3}" NO_DEFAULT_PATH)
> if (NOT XercesC_FOUND)
> find_package(XercesC)
> endif(){code}
> Where {{OPENDDS_XERCES3}} is the path to the Xerces our libraries were built
> with. This works on Windows and Linux when using system-provided package.
> When building and installing from source on Linux it seem this doesn't work.
> In this case it's trying to use the CMake package provided by Xerces instead
> of the one builtin to CMake.
> I've created an example to demonstrate this. Xerces is built and installed to
> a location on Linux using CMake. Then we create a {{{}CMakeLists.txt{}}}:
> {code:java}
> cmake_minimum_required(VERSION 3.12.0)
> project(xerces_cmake_config_pkg_test)
> find_package(XercesC PATHS "${THE_XERCES_ROOT}" NO_DEFAULT_PATH)
> add_executable(testexe test.cpp)
> target_link_libraries(testexe XercesC::XercesC)
> {code}
> {{test.cpp}} has to be created, but it doesn't matter what it contains
> because CMake doesn't get far enough to allow us to attempt to build. When
> configuring, setting {{THE_XERCES_ROOT}} to the installed Xerces, CMake gives
> these errors:
> {code:java}
> CMake Error at CMakeLists.txt:10 (add_executable):
> Target "testexe" links to target "ICU::uc" but the target was not found.
> Perhaps a find_package() call is missing for an IMPORTED target, or an
> ALIAS target is missing?
> CMake Error at CMakeLists.txt:10 (add_executable):
> Target "testexe" links to target "ICU::data" but the target was not found.
> Perhaps a find_package() call is missing for an IMPORTED target, or an
> ALIAS target is missing?
> CMake Error at CMakeLists.txt:10 (add_executable):
> Target "testexe" links to target "Threads::Threads" but the target was not
> found. Perhaps a find_package() call is missing for an IMPORTED target, or
> an ALIAS target is missing? {code}
>
> This seems to be caused by the packages being specified by Xerces during its
> configure ([like
> ICU|https://github.com/apache/xerces-c/blob/045bdf8ac7755e1ce2735d5ef3f6741ec4718df9/src/CMakeLists.txt#L1113])
> being referenced in the Config package, but not being loaded for the using
> {{find_package}} or equivalent. [CMake
> documenation|https://cmake.org/cmake/help/latest/manual/cmake-packages.7.html#creating-a-package-configuration-file]
> suggests that this should be done in somewhere in the [config
> file|https://github.com/apache/xerces-c/blob/master/src/xercesc/util/XercesVersion.hpp.in].
>
>
>
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
[GitHub] [xerces-c] iguessthislldo opened a new pull request, #49: Mark Xerces Dependencies as `PRIVATE` in CMake
iguessthislldo opened a new pull request, #49: URL: https://github.com/apache/xerces-c/pull/49 Fixes https://issues.apache.org/jira/browse/XERCESC-2236, where trying to use the generated CMake config package doesn't work because the dependencies are not loaded using `find_package` in the config package. This change assumes they're not necessary for users of the library and marks them as `PRIVATE` so they don't end up in the config package in the first place. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[jira] [Commented] (XERCESC-2236) Dependencies aren't loaded when using provided CMake config package
[
https://issues.apache.org/jira/browse/XERCESC-2236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17538502#comment-17538502
]
Fred Hornsey commented on XERCESC-2236:
---
I took that change, added a fix for a test, and created this PR:
https://github.com/apache/xerces-c/pull/49
> Dependencies aren't loaded when using provided CMake config package
> ---
>
> Key: XERCESC-2236
> URL: https://issues.apache.org/jira/browse/XERCESC-2236
> Project: Xerces-C++
> Issue Type: Bug
> Components: Build
>Affects Versions: 3.2.3
> Environment: Ubuntu 18.04, CMake 3.22.2
>Reporter: Fred Hornsey
>Priority: Major
> Attachments: xercesc-2236-fix.patch
>
>
> We have a CMake config package for our libraries that tries to load Xerces
> support like so:
> {code:java}
> find_package(XercesC PATHS "${OPENDDS_XERCES3}" NO_DEFAULT_PATH)
> if (NOT XercesC_FOUND)
> find_package(XercesC)
> endif(){code}
> Where {{OPENDDS_XERCES3}} is the path to the Xerces our libraries were built
> with. This works on Windows and Linux when using system-provided package.
> When building and installing from source on Linux it seem this doesn't work.
> In this case it's trying to use the CMake package provided by Xerces instead
> of the one builtin to CMake.
> I've created an example to demonstrate this. Xerces is built and installed to
> a location on Linux using CMake. Then we create a {{{}CMakeLists.txt{}}}:
> {code:java}
> cmake_minimum_required(VERSION 3.12.0)
> project(xerces_cmake_config_pkg_test)
> find_package(XercesC PATHS "${THE_XERCES_ROOT}" NO_DEFAULT_PATH)
> add_executable(testexe test.cpp)
> target_link_libraries(testexe XercesC::XercesC)
> {code}
> {{test.cpp}} has to be created, but it doesn't matter what it contains
> because CMake doesn't get far enough to allow us to attempt to build. When
> configuring, setting {{THE_XERCES_ROOT}} to the installed Xerces, CMake gives
> these errors:
> {code:java}
> CMake Error at CMakeLists.txt:10 (add_executable):
> Target "testexe" links to target "ICU::uc" but the target was not found.
> Perhaps a find_package() call is missing for an IMPORTED target, or an
> ALIAS target is missing?
> CMake Error at CMakeLists.txt:10 (add_executable):
> Target "testexe" links to target "ICU::data" but the target was not found.
> Perhaps a find_package() call is missing for an IMPORTED target, or an
> ALIAS target is missing?
> CMake Error at CMakeLists.txt:10 (add_executable):
> Target "testexe" links to target "Threads::Threads" but the target was not
> found. Perhaps a find_package() call is missing for an IMPORTED target, or
> an ALIAS target is missing? {code}
>
> This seems to be caused by the packages being specified by Xerces during its
> configure ([like
> ICU|https://github.com/apache/xerces-c/blob/045bdf8ac7755e1ce2735d5ef3f6741ec4718df9/src/CMakeLists.txt#L1113])
> being referenced in the Config package, but not being loaded for the using
> {{find_package}} or equivalent. [CMake
> documenation|https://cmake.org/cmake/help/latest/manual/cmake-packages.7.html#creating-a-package-configuration-file]
> suggests that this should be done in somewhere in the [config
> file|https://github.com/apache/xerces-c/blob/master/src/xercesc/util/XercesVersion.hpp.in].
>
>
>
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
