Return-Path: X-Original-To: apmail-incubator-ooo-issues-archive@minotaur.apache.org Delivered-To: apmail-incubator-ooo-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2E7CB9F1D for ; Sun, 18 Mar 2012 04:46:21 +0000 (UTC) Received: (qmail 13328 invoked by uid 500); 18 Mar 2012 04:46:20 -0000 Delivered-To: apmail-incubator-ooo-issues-archive@incubator.apache.org Received: (qmail 13218 invoked by uid 500); 18 Mar 2012 04:46:19 -0000 Mailing-List: contact ooo-issues-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ooo-issues@incubator.apache.org Delivered-To: mailing list ooo-issues@incubator.apache.org Received: (qmail 13200 invoked by uid 99); 18 Mar 2012 04:46:19 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 18 Mar 2012 04:46:19 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.123] (HELO sif.zones.apache.org) (140.211.11.123) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 18 Mar 2012 04:46:18 +0000 Received: by sif.zones.apache.org (Postfix, from userid 80) id E585D4921; Sun, 18 Mar 2012 04:45:57 +0000 (UTC) From: bugzilla@apache.org To: ooo-issues@incubator.apache.org Subject: DO NOT REPLY [Bug 119085] New: Incorrect manifest:start-key-generation-name IRI Date: Sun, 18 Mar 2012 04:45:45 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: security X-Bugzilla-Component: www X-Bugzilla-Keywords: X-Bugzilla-Severity: major X-Bugzilla-Who: orcmid@apache.org X-Bugzilla-Status: CONFIRMED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: issues@security.openoffice.org X-Bugzilla-Target-Milestone: milestone 1 X-Bugzilla-Changed-Fields: Message-ID: X-Bugzilla-URL: https://issues.apache.org/ooo/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/ooo/show_bug.cgi?id=119085 Bug #: 119085 Issue Type: DEFECT Summary: Incorrect manifest:start-key-generation-name IRI Classification: Code Product: security Version: AOO340-dev Platform: PC OS/Version: Windows, all Status: CONFIRMED Severity: major Priority: P3 Component: www AssignedTo: issues@security.openoffice.org ReportedBy: orcmid@apache.org CC: ooo-issues@incubator.apache.org When a package is encrypted (via Save with Password) Save As ... option, using the enhanced encryption allowed with ODF 1.2, an incorrect URI is used to express the manifest:start-key-generation-name for use of SHA256 digests. According to OASIS Standard ODF 1.2 Part 3 section 4.8.6, the allowed values for digest IRIs are those specified in section 5.7 of [xmlenc-core] at (http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/). The IRI specified for SHA256 there in section 5.7.2 is . AOO340-dev r1293550 build uses the incorrect (and nonexistent) W3C IRI, http://www.w3.org/2000/09/xmldsig#sha256 This is a bug in the specification of section 4.8.6, where the incorrect value is given. This is reported at http://tools.oasis-open.org/issues/browse/OFFICE-3708 See http://tools.oasis-open.org/version-control/browse/wsvn/oic/Advisories/00006-SHA256_URIs/trunk/description.html for an Interoperability Advisory on this defect in ODF 1.2. -- Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.