incubator-ooo-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 119085] New: Incorrect manifest:start-key-generation-name IRI
Date Sun, 18 Mar 2012 04:45:45 GMT
https://issues.apache.org/ooo/show_bug.cgi?id=119085

             Bug #: 119085
        Issue Type: DEFECT
           Summary: Incorrect manifest:start-key-generation-name IRI
    Classification: Code
           Product: security
           Version: AOO340-dev
          Platform: PC
        OS/Version: Windows, all
            Status: CONFIRMED
          Severity: major
          Priority: P3
         Component: www
        AssignedTo: issues@security.openoffice.org
        ReportedBy: orcmid@apache.org
                CC: ooo-issues@incubator.apache.org


When a package is encrypted (via Save with Password) Save As ... option, using
the enhanced encryption allowed with ODF 1.2, an incorrect URI is used to
express the manifest:start-key-generation-name for use of SHA256 digests.

According to OASIS Standard ODF 1.2 Part 3 section 4.8.6, the allowed values
for digest IRIs are those specified in section 5.7 of [xmlenc-core] at
(http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/).  The IRI specified for
SHA256 there in section 5.7.2 is <http://www.w3.org/2001/04/xmlenc#sha256>.

AOO340-dev r1293550 build uses the incorrect (and nonexistent) W3C IRI,
http://www.w3.org/2000/09/xmldsig#sha256

This is a bug in the specification of section 4.8.6, where the incorrect value
is given.  This is reported at
http://tools.oasis-open.org/issues/browse/OFFICE-3708

See
http://tools.oasis-open.org/version-control/browse/wsvn/oic/Advisories/00006-SHA256_URIs/trunk/description.html
for an Interoperability Advisory on this defect in ODF 1.2.

-- 
Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Mime
View raw message