From fontduroy at gmail.com Thu Feb 8 13:24:29 2024 From: fontduroy at gmail.com (Stephen Lewis) Date: Thu Feb 8 13:15:20 2024 Subject: [xsde-users] Building XSD/e for Apple M2 Message-ID: Hello, I'm evaluating your software for use by our company but having difficulties building for Apple M2. Have you had success in building on an M2 Mac? I've downloaded the xsde-3.2.0+dep package and unarchived it. I'm trying to use "make" in the base directory but getting an error that boost/filesystem can't be found: fatal error: 'boost/filesystem/fstream.hpp' file not found Maybe I just need to update a path somewhere? Any help would be greatly appreciated. We have legacy XML that would benefit greatly from being parsed into its respective C++ classes. Regards, Stephen Lewis From SYegnaram at cls-bank.com Thu Feb 8 16:48:56 2024 From: SYegnaram at cls-bank.com (Yegnaram, Shrikant) Date: Fri Feb 9 05:07:35 2024 Subject: [xsde-users] Codesynthesis XSDE security vulnerabilities database Message-ID: Hi Team Do you have plans to publish any known vulnerabilities of the Codesynthesis XSDE product into CVE - CVE (mitre.org) NVD - Home (nist.gov) We are looking to create a known list of vulnerabilities for our third party products using the above websites database. Thanks, Shrikant Yegnaram Confidential Information ************************************************************************************************************************************************************************ WARNING: This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mails are not encrypted and cannot be guaranteed to be secure or error-free, as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of this e-mail transmission. If verification is required, please request a hard copy version. CLS is committed to protecting and safeguarding your personal data. Our privacy notice (https://www.cls-group.com/privacy) provides you with information about how we process and protect your personal data. We aim to ensure direct marketing is reasonable, proportionate and of relevance to you. However, if you no longer want to receive direct marketing from us please email dpo@cls-services.com From boris at codesynthesis.com Fri Feb 9 05:56:05 2024 From: boris at codesynthesis.com (Boris Kolpackov) Date: Fri Feb 9 05:46:36 2024 Subject: [xsde-users] Building XSD/e for Apple M2 In-Reply-To: References: Message-ID: Stephen Lewis writes: > Have you had success in building on an M2 Mac? It required a few tweaks but I was able to build it on M1 so I think M2 should also work. The fixed up version is here: https://codesynthesis.com/~boris/tmp/xsde/xsde-3.3.0.a13+dep.tar.bz2 The command line used to build it: make CXX="clang++ -std=c++03" LIBS="-framework CoreServices" Note that you will also need to build/get Xerces-C++. Previously discussed here: https://codesynthesis.com/pipermail/xsde-users/2022-August/000918.html https://codesynthesis.com/pipermail/xsde-users/2020-February/thread.html From boris at codesynthesis.com Mon Feb 12 07:29:26 2024 From: boris at codesynthesis.com (Boris Kolpackov) Date: Mon Feb 12 07:19:57 2024 Subject: [xsde-users] Codesynthesis XSDE security vulnerabilities database In-Reply-To: References: Message-ID: Yegnaram, Shrikant writes: > Do you have plans to publish any known vulnerabilities of the > Codesynthesis XSDE product into > > CVE - CVE (mitre.org) > NVD - Home (nist.gov) We will try to create CVE numbers for any security vulnerabilities (so far there hasn't been any known) and submit them to mitre.org. Note that libxsde includes a copy of Expat which does get CVEs from time to time (and which we backport to libxsde). However, we will not be duplicating these as our own. So I would suggest that you subscribe to any vulnerabilities in Expat. From SYegnaram at cls-bank.com Tue Feb 13 15:19:01 2024 From: SYegnaram at cls-bank.com (Yegnaram, Shrikant) Date: Wed Feb 14 08:22:55 2024 Subject: [EXT] Re: [xsde-users] Codesynthesis XSDE security vulnerabilities database In-Reply-To: References: Message-ID: Thank you Boris. We will look for vulnerabilities in Expat product in the meanwhile. Can you also share the version of expat that CXSDE uses. Can you also notify here if and when you happen to publish any vulnerabilites to mitre.org. Thanks, Shrikant Yegnaram Confidential Information -----Original Message----- From: Boris Kolpackov +ADw-boris+AEA-codesynthesis.com+AD4 Sent: Monday, February 12, 2024 7:29 AM To: Yegnaram, Shrikant +ADw-SYegnaram+AEA-cls-bank.com+AD4 Cc: xsde-users+AEA-codesynthesis.com Subject: +AFs-EXT+AF0 Re: +AFs-xsde-users+AF0 Codesynthesis XSDE security vulnerabilities database +ADw-div align+AD0-left+AD4APA-table class+AD0-MsoNormalTable border+AD0-0 cellspacing+AD0-0 cellpadding+AD0-0 align+AD0-left+AD4APA-tr+AD4APA-td width+AD0-100+ACU style+AD0'width:100+ACUAOw-border-top:solid +ACM-E32719 3.0pt+ADs-border-left:none+ADs-border-bottom:solid +ACM-E32719 3.0pt+ADs-border-right:none+ADs-padding:0in 0in 0in 0in+ADs-background:+ACM-E1E73C+ADs'+AD4APA-p class+AD0-MsoNormal align+AD0-left style+AD0'text-align:left'+AD4APA-b+AD4APA-span style+AD0'font-family:+ACI-Arial+ACI,sans-serif+ADs-color:+ACM-CF4520'+AD4-Be careful with this message: +ADw-/span+AD4APA-/b+AD4APA-span style+AD0'font-family:+ACI-Arial+ACI,sans-serif+ADs-color:+ACM-C00000'+AD4APA-/span+AD4APA-span style+AD0'font-family:+ACI-Arial+ACI,sans-serif+ADs-color:+ACM-002855'+AD4-it has been sent from an +ADw-b+AD4-external+ADw-/b+AD4 email address. +ADw-br+AD4-Do not open attachments or click links from unknown senders or unexpected email.+ADw-/span+AD4APA-/p+AD4APA-/td+AD4APA-/tr+AD4APA-/table+AD4APA-/div+AD4 Yegnaram, Shrikant +ADw-SYegnaram+AEA-cls-bank.com+AD4 writes: +AD4 Do you have plans to publish any known vulnerabilities of the +AD4 Codesynthesis XSDE product into +AD4 +AD4 CVE - CVE (mitre.org)+ADw-https://cve.mitre.org/+AD4 +AD4 NVD - Home (nist.gov)+ADw-https://nvd.nist.gov/+AD4 We will try to create CVE numbers for any security vulnerabilities (so far there hasn't been any known) and submit them to mitre.org. Note that libxsde includes a copy of Expat which does get CVEs from time to time (and which we backport to libxsde). However, we will not be duplicating these as our own. So I would suggest that you subscribe to any vulnerabilities in Expat. +ACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAq WARNING: This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mails are not encrypted and cannot be guaranteed to be secure or error-free, as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of this e-mail transmission. If verification is required, please request a hard copy version. CLS is committed to protecting and safeguarding your personal data. Our privacy notice (https://www.cls-group.com/privacy) provides you with information about how we process and protect your personal data. We aim to ensure direct marketing is reasonable, proportionate and of relevance to you. However, if you no longer want to receive direct marketing from us please email dpo+AEA-cls-services.com From boris at codesynthesis.com Thu Feb 22 04:05:57 2024 From: boris at codesynthesis.com (Boris Kolpackov) Date: Thu Feb 22 03:56:24 2024 Subject: [EXT] Re: [xsde-users] Codesynthesis XSDE security vulnerabilities database In-Reply-To: References: Message-ID: Yegnaram, Shrikant writes: > Can you also share the version of expat that CXSDE uses. It is version 2.1 with a number of bug fixes backported from later versions. The "upstream" (with regards to libxsde) for this works lives here: https://github.com/boris-kolpackov/libexpat/tree/2.1 To preempts the question why not upgrade to the latest expat, the reason is that later versions started sacrificing portability in the name of security (like depending on platform-specific date/time functions for hash seeds) which we cannot afford in XSD/e. > Can you also notify here if and when you happen to publish > any vulnerabilites to mitre.org. Yes, will do.