Hello community, here is the log from the commit of package ant.13382 for openSUSE:Leap:15.2:Update checked in at 2020-07-20 18:30:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/ant.13382 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.ant.13382.new.3592 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ant.13382" Mon Jul 20 18:30:07 2020 rev:1 rq:821540 version:1.10.7 Changes: -------- New Changes file: --- /dev/null 2020-07-16 02:54:20.700682797 +0200 +++ /work/SRC/openSUSE:Leap:15.2:Update/.ant.13382.new.3592/ant-antlr.changes 2020-07-20 18:30:17.119816685 +0200 @@ -0,0 +1,775 @@ +------------------------------------------------------------------- +Fri May 15 14:56:26 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonza...@suse.com> + +- Security fix: [bsc#1171696, CVE-2020-1945] + * Insecure temporary file vulnerability +- Add patches: + * ant-CVE-2020-1945-1.patch ant-CVE-2020-1945-2.patch + * ant-CVE-2020-1945-3.patch ant-CVE-2020-1945-4.patch + * ant-CVE-2020-1945-5.patch + +------------------------------------------------------------------- +Tue Jan 14 07:03:37 UTC 2020 - Fridrich Strba <fst...@suse.com> + +- Use xml-commons-apis-bootstrap as jar in classpath instead of + the common xml-apis jar, since we are forcing build against + the bootstrap package + +------------------------------------------------------------------- +Fri Nov 8 11:15:20 UTC 2019 - Fridrich Strba <fst...@suse.com> + +- Upgrade to upstream version 1.10.7 +- Modified patches: + * apache-ant-bootstrap.patch + * apache-ant-no-test-jar.patch + * apache-ant-xml-apis.patch + * reproducible-build-manifest.patch + + rediff +- Fix ant-xz.jar to be non-empty and split it from the ant-antlr + package + +------------------------------------------------------------------- +Tue Oct 1 08:34:33 UTC 2019 - Fridrich Strba <fst...@suse.com> + +- Build against the new compatibility packages log4j12/log4j12-mini + +------------------------------------------------------------------- +Mon Sep 30 08:08:49 UTC 2019 - Fridrich Strba <fst...@suse.com> + +- Remove references to parent poms from all artifacts and do not + distribute the ant-parent, since we don't need it + +------------------------------------------------------------------- +Tue Apr 9 10:48:23 UTC 2019 - Fridrich Strba <fst...@suse.com> + +- Require directly xerces-j2 and not its virtual provide + jaxp_parser_impl + +------------------------------------------------------------------- +Mon Mar 18 17:30:12 UTC 2019 - Jan Engelhardt <jeng...@inai.de> + +- Make "if" statements in build recipe POSIX sh compatible. + +------------------------------------------------------------------- +Fri Feb 8 08:51:41 UTC 2019 - Fridrich Strba <fst...@suse.com> + +- Create an ant-junit5 package to build junit5 optional tasks + when they become resolved +- Add a simple pom file for ant-bootstrap.jar + +------------------------------------------------------------------- +Fri Feb 8 07:26:44 UTC 2019 - Fridrich Strba <fst...@suse.com> + +- Add compatibility links ant/ant*.jar for bootstrap build + +------------------------------------------------------------------- +Tue Feb 5 09:49:54 UTC 2019 - Fridrich Strba <fst...@suse.com> + +- BuildRequire hamcrest for ant-junit and ant-antlr, since junit4 + depends strictly on hamcrest-core only. + +------------------------------------------------------------------- +Fri Feb 1 16:19:10 UTC 2019 - Fridrich Strba <fst...@suse.com> + +- Build ant against xml-commons-apis-bootstrap and + xml-commons-resolver-bootstrap in order to break build cycle + +------------------------------------------------------------------- +Mon Dec 10 08:22:18 UTC 2018 - Fridrich Strba <fst...@suse.com> + +- Don't build against a particular xml-apis/xml-resolver provider, + but against the generic virtual provider. This allows easier + bootstrapping. +- Added patch: + * apache-ant-xml-apis.patch + + look for the xml-apis.jar and xml-resolver.jar when composing + classpath; they are symlinks provided by several packages. + +------------------------------------------------------------------- +Mon Nov 26 08:07:13 UTC 2018 - Fridrich Strba <fst...@suse.com> + +- Let ant-antlr provide ant-xz too, since it contains the + corresponding jar. + +------------------------------------------------------------------- +Wed Oct 31 10:20:23 UTC 2018 - Fridrich Strba <fst...@suse.com> + +- Add aliases to some maven artifacts so that packages out there + resolve then correctly + +------------------------------------------------------------------- +Fri Oct 26 09:54:04 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonza...@suse.com> + +- Update to 1.10.5 [bsc#1113136] + * Same version as in 1.9.13 but with additional features and + requires Java8 or higher. + * Dropped patch to build with java8+ already fixed in this version + - apache-ant-1.9.9-sourcetarget.patch + * Refreshed patch: + - apache-ant-class-path-in-manifest.patch + +------------------------------------------------------------------- +Sun Oct 21 08:08:23 UTC 2018 - antoine.belv...@opensuse.org + +- Add reproducible-build-manifest.patch: Use less detailed version + string for manifest's "Created-by" field (boo#1110024). + +------------------------------------------------------------------- +Wed Oct 17 19:40:22 UTC 2018 - Fridrich Strba <fst...@suse.com> + +- Require javapackages-local in order to generate correctly the + maven requires and provides +- Install maven artifacts + +------------------------------------------------------------------- +Fri Aug 24 20:20:20 UTC 2018 - Jason Sikes <jsi...@suse.de> + +- Update to 1.9.13 + * Fixes a regression in the "get" task where redirects + from a HTTP resource to a HTTPS resource started throwing + an exception. + Bugzilla Report 62499 + + * the new allowFilesToEscapeDest didn't work when set to false and + archive entries contained relative paths with so many ".." + segnments that the resulting path would go beyond the file system + root. + Bugzilla Report 62502, bsc#1100053, CVE-2018-10886 + +------------------------------------------------------------------- +Tue May 15 05:02:22 UTC 2018 - fst...@suse.com + +- Build with source and target 8 to prepare for a possible removal + of 1.6 compatibility +- Modified patch: + * apache-ant-1.9.9-sourcetarget.patch + - Build with source/target 8 + +------------------------------------------------------------------- +Fri Feb 23 10:24:31 UTC 2018 - ec...@opensuse.org + +- fix build error for Leap 42.3 + +------------------------------------------------------------------- +Thu Feb 22 11:43:31 UTC 2018 - tchva...@suse.com + +- Add patch to run scripts with python3 if applicable bsc#1082202: + * ant-python3.patch + +------------------------------------------------------------------- +Thu Feb 22 11:26:23 UTC 2018 - tchva...@suse.com + +- Update to 1.9.10: + * Various fixes for java10 + * Small fixes all around +- Remove merged patch reproducible.patch + +------------------------------------------------------------------- +Sat Oct 28 16:17:19 UTC 2017 - jeng...@inai.de + +- Simply use find -delete over xargs. +- Make description neutral. + +------------------------------------------------------------------- +Tue Oct 24 11:26:36 UTC 2017 - bwiedem...@suse.com + +- Add reproducible-build-date.patch to allow to have fixed build dates + to make other packages build more reproducibly + +------------------------------------------------------------------- +Wed Oct 4 09:07:19 UTC 2017 - fst...@suse.com + +- Remove dependency on java-1_5_0-gcj-compat-devel and build even + the bootstrap package with java source and target 1.6 + +------------------------------------------------------------------- +Fri Sep 29 07:06:59 UTC 2017 - fst...@suse.com + +- Don't condition the maven defines on release version, but on + _maven_repository being defined + +------------------------------------------------------------------- +Thu Sep 14 05:39:48 UTC 2017 - fst...@suse.com + +- Allow bootstrapping with something else then + java-1_5_0-gcj-compat, but still require + java-1_5_0-gcj-compat-devel +- Added patch: ++++ 578 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.2:Update/.ant.13382.new.3592/ant-antlr.changes New Changes file: ant-junit.changes: same change New Changes file: ant-junit5.changes: same change New Changes file: ant.changes: same change New: ---- ant-CVE-2020-1945-1.patch ant-CVE-2020-1945-2.patch ant-CVE-2020-1945-3.patch ant-CVE-2020-1945-4.patch ant-CVE-2020-1945-5.patch ant-antlr.changes ant-antlr.spec ant-bootstrap.pom.in ant-junit.changes ant-junit.spec ant-junit5.changes ant-junit5.spec ant-python3.patch ant.changes ant.keyring ant.spec apache-ant-1.10.7-src.tar.bz2 apache-ant-1.10.7-src.tar.bz2.asc apache-ant-1.8.ant.conf apache-ant-bootstrap.patch apache-ant-class-path-in-manifest.patch apache-ant-no-test-jar.patch apache-ant-xml-apis.patch pre_checkin.sh reproducible-build-date.patch reproducible-build-manifest.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ant-antlr.spec ++++++ ++++ 760 lines (skipped) ant-junit.spec: same change ant-junit5.spec: same change ant.spec: same change ++++++ ant-CVE-2020-1945-1.patch ++++++ ++++ 772 lines (skipped) ++++++ ant-CVE-2020-1945-2.patch ++++++ >From d591851ae3921172bb825b5a5344afa3de0e28ca Mon Sep 17 00:00:00 2001 From: Stefan Bodewig <bode...@apache.org> Date: Sun, 3 May 2020 17:24:03 +0200 Subject: [PATCH] make junitlauncher and friends use FileUtils.createTempFile --- .../AbstractJUnitResultFormatter.java | 5 +++-- .../confined/JUnitLauncherTask.java | 17 +++++++---------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/AbstractJUnitResultFormatter.java b/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/AbstractJUnitResultFormatter.java index 833ae0fe6d..dc9847d2a8 100644 --- a/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/AbstractJUnitResultFormatter.java +++ b/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/AbstractJUnitResultFormatter.java @@ -260,8 +260,9 @@ private void storeToFile(final byte[] data, final int offset, final int length) } private FileOutputStream createFileStore() throws IOException { - this.filePath = Files.createTempFile(null, this.tmpFileSuffix); - this.filePath.toFile().deleteOnExit(); + this.filePath = FileUtils.getFileUtils() + .createTempFile(null, this.tmpFileSuffix, null, true, true) + .toPath(); return new FileOutputStream(this.filePath.toFile()); } diff --git a/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/confined/JUnitLauncherTask.java b/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/confined/JUnitLauncherTask.java index 3e0e671579..0d16ed082a 100644 --- a/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/confined/JUnitLauncherTask.java +++ b/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/confined/JUnitLauncherTask.java @@ -28,6 +28,7 @@ import org.apache.tools.ant.types.CommandlineJava; import org.apache.tools.ant.types.Environment; import org.apache.tools.ant.types.Path; +import org.apache.tools.ant.util.FileUtils; import javax.xml.stream.XMLOutputFactory; import javax.xml.stream.XMLStreamWriter; @@ -224,8 +225,9 @@ private void launchViaReflection(final InVMLaunch launchDefinition) { } private java.nio.file.Path dumpProjectProperties() throws IOException { - final java.nio.file.Path propsPath = Files.createTempFile(null, "properties"); - propsPath.toFile().deleteOnExit(); + final java.nio.file.Path propsPath = FileUtils.getFileUtils() + .createTempFile(null, "properties", null, true, true) + .toPath(); final Hashtable<String, Object> props = this.getProject().getProperties(); final Properties projProperties = new Properties(); projProperties.putAll(props); @@ -364,14 +366,9 @@ private int executeForkedTest(final ForkDefinition forkDefinition, final Command } private java.nio.file.Path newLaunchDefinitionXml() { - final java.nio.file.Path xmlFilePath; - try { - xmlFilePath = Files.createTempFile(null, ".xml"); - } catch (IOException e) { - throw new BuildException("Failed to construct command line for test", e); - } - xmlFilePath.toFile().deleteOnExit(); - return xmlFilePath; + return FileUtils.getFileUtils() + .createTempFile(null, ".xml", null, true, true) + .toPath(); } private final class InVMLaunch implements LaunchDefinition { ++++++ ant-CVE-2020-1945-3.patch ++++++ >From 041b058c7bf10a94d56db3ca9dba38cf90ab9943 Mon Sep 17 00:00:00 2001 From: Stefan Bodewig <bode...@apache.org> Date: Tue, 5 May 2020 15:01:39 +0200 Subject: [PATCH] make junitlauncher use ant.tmpdir as well --- manual/Tasks/junitlauncher.html | 4 ++++ .../junitlauncher/AbstractJUnitResultFormatter.java | 10 ++++++---- .../junitlauncher/confined/JUnitLauncherTask.java | 4 ++-- 3 files changed, 12 insertions(+), 6 deletions(-) Index: apache-ant-1.10.7/manual/Tasks/junitlauncher.html =================================================================== --- apache-ant-1.10.7.orig/manual/Tasks/junitlauncher.html +++ apache-ant-1.10.7/manual/Tasks/junitlauncher.html @@ -43,6 +43,10 @@ case is nor does it execute the tests itself. </p> <p> + This task captures testoutput and configuration data inside of + the <a href="../running.html#tmpdir">temporary directory</a>. +</p> +<p> <strong>Note</strong>: This task depends on external libraries not included in the Apache Ant distribution. See <a href="../install.html#librarydependencies">Library Dependencies</a> for more information. Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/AbstractJUnitResultFormatter.java =================================================================== --- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/AbstractJUnitResultFormatter.java +++ apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/AbstractJUnitResultFormatter.java @@ -53,7 +53,7 @@ abstract class AbstractJUnitResultFormat @Override public void sysOutAvailable(final byte[] data) { if (this.sysOutStore == null) { - this.sysOutStore = new SysOutErrContentStore(true); + this.sysOutStore = new SysOutErrContentStore(context, true); } try { this.sysOutStore.store(data); @@ -65,7 +65,7 @@ abstract class AbstractJUnitResultFormat @Override public void sysErrAvailable(final byte[] data) { if (this.sysErrStore == null) { - this.sysErrStore = new SysOutErrContentStore(false); + this.sysErrStore = new SysOutErrContentStore(context, false); } try { this.sysErrStore.store(data); @@ -212,13 +212,15 @@ abstract class AbstractJUnitResultFormat } }; + private final TestExecutionContext context; private final String tmpFileSuffix; private ByteBuffer inMemoryStore = ByteBuffer.allocate(DEFAULT_CAPACITY_IN_BYTES); private boolean usingFileStore = false; private Path filePath; private FileOutputStream fileOutputStream; - private SysOutErrContentStore(final boolean isSysOut) { + private SysOutErrContentStore(final TestExecutionContext context, final boolean isSysOut) { + this.context = context; this.tmpFileSuffix = isSysOut ? ".sysout" : ".syserr"; } @@ -261,7 +263,7 @@ abstract class AbstractJUnitResultFormat private FileOutputStream createFileStore() throws IOException { this.filePath = FileUtils.getFileUtils() - .createTempFile(null, this.tmpFileSuffix, null, true, true) + .createTempFile(context.getProject().orElse(null), null, this.tmpFileSuffix, null, true, true) .toPath(); return new FileOutputStream(this.filePath.toFile()); } Index: apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/confined/JUnitLauncherTask.java =================================================================== --- apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/confined/JUnitLauncherTask.java +++ apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/confined/JUnitLauncherTask.java @@ -226,7 +226,7 @@ public class JUnitLauncherTask extends T private java.nio.file.Path dumpProjectProperties() throws IOException { final java.nio.file.Path propsPath = FileUtils.getFileUtils() - .createTempFile(null, "properties", null, true, true) + .createTempFile(getProject(), null, "properties", null, true, true) .toPath(); final Hashtable<String, Object> props = this.getProject().getProperties(); final Properties projProperties = new Properties(); @@ -367,7 +367,7 @@ public class JUnitLauncherTask extends T private java.nio.file.Path newLaunchDefinitionXml() { return FileUtils.getFileUtils() - .createTempFile(null, ".xml", null, true, true) + .createTempFile(getProject(), null, ".xml", null, true, true) .toPath(); } ++++++ ant-CVE-2020-1945-4.patch ++++++ >From a8645a151bc706259fb1789ef587d05482d98612 Mon Sep 17 00:00:00 2001 From: Stefan Bodewig <bode...@apache.org> Date: Tue, 5 May 2020 15:32:09 +0200 Subject: [PATCH] use nio.Files.createTempFile rather than File.createTempFile --- .../org/apache/tools/ant/util/FileUtils.java | 35 ++++++++++++++++++- .../apache/tools/ant/util/FileUtilsTest.java | 13 +++++++ 2 files changed, 47 insertions(+), 1 deletion(-) diff --git a/src/main/org/apache/tools/ant/util/FileUtils.java b/src/main/org/apache/tools/ant/util/FileUtils.java index 565d69b6f7..46671848c9 100644 --- a/src/main/org/apache/tools/ant/util/FileUtils.java +++ b/src/main/org/apache/tools/ant/util/FileUtils.java @@ -36,9 +36,14 @@ import java.nio.file.Path; import java.nio.file.Paths; import java.nio.file.StandardOpenOption; +import java.nio.file.attribute.FileAttribute; +import java.nio.file.attribute.PosixFileAttributeView; +import java.nio.file.attribute.PosixFilePermission; +import java.nio.file.attribute.PosixFilePermissions; import java.text.DecimalFormat; import java.util.ArrayList; import java.util.Arrays; +import java.util.EnumSet; import java.util.List; import java.util.Locale; import java.util.Optional; @@ -100,6 +105,13 @@ */ public static final long NTFS_FILE_TIMESTAMP_GRANULARITY = 1; + private static final FileAttribute[] TMPFILE_ATTRIBUTES = + new FileAttribute[] { + PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, + PosixFilePermission.OWNER_WRITE)) + }; + private static final FileAttribute[] NO_TMPFILE_ATTRIBUTES = new FileAttribute[0]; + /** * A one item cache for fromUri. * fromUri is called for each element when parsing ant build @@ -893,6 +905,10 @@ public String toVMSPath(File f) { * yield a different file name. * </p> * + * <p>If the filesystem where the temporary file is created + * supports POSIX permissions, the file will only be readable and + * writable by the current user.</p> + * * @param prefix file name prefix. * @param suffix * file extension; include the '.'. @@ -916,6 +932,10 @@ public File createTempFile(String prefix, String suffix, File parentDir) { * exist before this method was invoked, any subsequent invocation * of this method will yield a different file name.</p> * + * <p>If the filesystem where the temporary file is created + * supports POSIX permissions, the file will only be readable and + * writable by the current user.</p> + * * @param prefix file name prefix. * @param suffix file extension; include the '.'. * @param parentDir Directory to create the temporary file in; @@ -947,6 +967,10 @@ public File createTempFile(String prefix, String suffix, File parentDir, * exist before this method was invoked, any subsequent invocation * of this method will yield a different file name.</p> * + * <p>If the filesystem where the temporary file is created + * supports POSIX permissions, the file will only be readable and + * writable by the current user.</p> + * * @param project reference to the current Ant project. * @param prefix file name prefix. * @param suffix file extension; include the '.'. @@ -984,7 +1008,12 @@ public File createTempFile(final Project project, String prefix, String suffix, if (createFile) { try { - result = File.createTempFile(prefix, suffix, new File(parent)); + final Path parentPath = new File(parent).toPath(); + final PosixFileAttributeView parentPosixAttributes = + Files.getFileAttributeView(parentPath, PosixFileAttributeView.class); + result = Files.createTempFile(parentPath, prefix, suffix, + parentPosixAttributes != null ? TMPFILE_ATTRIBUTES : NO_TMPFILE_ATTRIBUTES) + .toFile(); } catch (IOException e) { throw new BuildException("Could not create tempfile in " + parent, e); @@ -1015,6 +1044,10 @@ public File createTempFile(final Project project, String prefix, String suffix, * yield a different file name. * </p> * + * <p>If the filesystem where the temporary file is created + * supports POSIX permissions, the file will only be readable and + * writable by the current user.</p> + * * @param prefix file name prefix. * @param suffix * file extension; include the '.'. diff --git a/src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java b/src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java index fc584563dc..d2ea122221 100644 --- a/src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java +++ b/src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java @@ -24,8 +24,11 @@ import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; +import java.nio.file.attribute.PosixFileAttributeView; +import java.nio.file.attribute.PosixFilePermission; import java.util.Locale; import java.util.Optional; +import java.util.Set; import org.apache.tools.ant.BuildException; import org.apache.tools.ant.MagicTestNames; @@ -40,7 +43,9 @@ import static org.apache.tools.ant.util.FileUtils.getFileUtils; import static org.apache.tools.ant.util.FileUtils.isCaseSensitiveFileSystem; import static org.apache.tools.ant.util.FileUtils.isContextRelativePath; +import static org.hamcrest.Matchers.containsInAnyOrder; import static org.hamcrest.Matchers.endsWith; +import static org.hamcrest.Matchers.hasSize; import static org.hamcrest.Matchers.startsWith; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; @@ -370,6 +375,14 @@ public void testCreateTempFile() throws IOException { assertTrue("File was created", tmp1.exists()); assertEquals((new File(tmploc, tmp1.getName())).getAbsolutePath(), tmp1.getAbsolutePath()); + final PosixFileAttributeView attributes = + Files.getFileAttributeView(tmp1.toPath(), PosixFileAttributeView.class); + if (attributes != null) { + final Set<PosixFilePermission> perm = attributes.readAttributes().permissions(); + assertThat(perm, + containsInAnyOrder(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE)); + assertThat(perm, hasSize(2)); + } tmp1.delete(); // null parent dir, project without magic property ++++++ ant-CVE-2020-1945-5.patch ++++++ >From 926f339ea30362bec8e53bf5924ce803938163b7 Mon Sep 17 00:00:00 2001 From: Stefan Bodewig <bode...@apache.org> Date: Sun, 10 May 2020 15:07:05 +0200 Subject: [PATCH] recommend using ant.tmpdir --- manual/running.html | 7 +++++++ 1 file changed, 7 insertions(+) Index: apache-ant-1.10.7/manual/running.html =================================================================== --- apache-ant-1.10.7.orig/manual/running.html +++ apache-ant-1.10.7/manual/running.html @@ -524,6 +524,16 @@ on the platform and the JVM implementati changed API of Ant 1.10.8.</p> +<p><b>Security Note:</b> Using the default temporary directory +specified by <code>java.io.tmpdir</code> can result in the leakage of +sensitive information or possibly allow an attacker to execute +arbitrary code. This is especially true in multi-user environments. It +is recommended that <code>ant.tmpdir</code> be set to a directory +owned by the user running Ant with 0700 permissions. Ant 1.10.8 and +later will try to make temporary files created by it only +readable/writable by the current user but may silently fail to do so +depending on the OS and filesystem.</p> + <h2 id="cygwin">Cygwin Users</h2> <p> Unix launch script that come with Ant works correctly with Cygwin. You ++++++ ant-bootstrap.pom.in ++++++ <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <url>http://ant.apache.org/</url> <groupId>org.apache.ant</groupId> <artifactId>ant-bootstrap</artifactId> <version>@VERSION@</version> </project> ++++++ ant-python3.patch ++++++ Index: apache-ant-1.9.10/src/script/runant.py =================================================================== --- apache-ant-1.9.10.orig/src/script/runant.py +++ apache-ant-1.9.10/src/script/runant.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/python3 # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. @@ -36,7 +36,7 @@ debug = 0 ####################################################################### # If ANT_HOME is not set default to script's parent directory -if os.environ.has_key('ANT_HOME'): +if 'ANT_HOME' in os.environ: ANT_HOME = os.environ['ANT_HOME'] else: ANT_HOME = os.path.dirname(os.path.dirname(os.path.abspath(sys.argv[0]))) @@ -46,17 +46,17 @@ ANT_LIB = os.path.join(ANT_HOME, 'lib') # set JAVACMD (check variables JAVACMD and JAVA_HOME) JAVACMD = None -if not os.environ.has_key('JAVACMD'): - if os.environ.has_key('JAVA_HOME'): +if 'JAVACMD' not in os.environ: + if 'JAVA_HOME' in os.environ: if not os.path.exists(os.environ['JAVA_HOME']): - print "Warning: JAVA_HOME is not defined correctly." + print("Warning: JAVA_HOME is not defined correctly.") else: JAVA_HOME = os.environ['JAVA_HOME'] while JAVA_HOME[0] == JAVA_HOME[-1] == "\"": JAVA_HOME = JAVA_HOME[1:-1] JAVACMD = os.path.join(JAVA_HOME, 'bin', 'java') else: - print "Warning: JAVA_HOME not set." + print("Warning: JAVA_HOME not set.") else: JAVACMD = os.environ['JAVACMD'] if not JAVACMD: @@ -64,28 +64,28 @@ if not JAVACMD: launcher_jar = os.path.join(ANT_LIB, 'ant-launcher.jar') if not os.path.exists(launcher_jar): - print 'Warning: Unable to locate ant-launcher.jar. Expected to find it in %s' % \ - ANT_LIB + print('Warning: Unable to locate ant-launcher.jar. Expected to find it in %s' % \ + ANT_LIB) # Build up standard classpath (LOCALCLASSPATH) LOCALCLASSPATH = launcher_jar -if os.environ.has_key('LOCALCLASSPATH'): +if 'LOCALCLASSPATH' in os.environ: LOCALCLASSPATH += os.pathsep + os.environ['LOCALCLASSPATH'] ANT_OPTS = "" -if os.environ.has_key('ANT_OPTS'): +if 'ANT_OPTS' in os.environ: ANT_OPTS = os.environ['ANT_OPTS'] OPTS = "" -if os.environ.has_key('JIKESPATH'): +if 'JIKESPATH' in os.environ: OPTS = '-Djikes.class.path=\"%s\"' % os.environ['JIKESPATH'] ANT_ARGS = "" -if os.environ.has_key('ANT_ARGS'): +if 'ANT_ARGS' in os.environ: ANT_ARGS = os.environ['ANT_ARGS'] CLASSPATH = "" -if os.environ.has_key('CLASSPATH'): +if 'CLASSPATH' in os.environ: CLASSPATH = "-lib " + os.environ['CLASSPATH'] while JAVACMD[0] == JAVACMD[-1] == "\"": @@ -98,7 +98,7 @@ cmdline = ('"%s" %s -classpath %s -Dant. CLASSPATH, string.join(sys.argv[1:], ' ')) if debug: - print '\n%s\n\n' % (cmdline) + print('\n%s\n\n' % (cmdline)) sys.stdout.flush() # Run the biniou! ++++++ ant.keyring ++++++ ++++ 1487 lines (skipped) ++++++ apache-ant-1.8.ant.conf ++++++ # ant.conf (Ant 1.8.x) # JPackage Project <http://www.jpackage.org/> # Validate --noconfig setting in case being invoked # from pre Ant 1.6.x environment if [ -z "$no_config" ] ; then no_config=true fi # Setup ant configuration if $no_config ; then # Disable RPM layout rpm_mode=false else # Use RPM layout rpm_mode=true # ANT_HOME for rpm layout ANT_HOME=/usr/share/ant fi ++++++ apache-ant-bootstrap.patch ++++++ --- apache-ant-1.10.7/bootstrap.sh 2019-09-01 08:14:10.000000000 +0200 +++ apache-ant-1.10.7/bootstrap.sh 2019-10-12 12:34:23.892369973 +0200 @@ -143,7 +143,7 @@ echo ... Compiling Ant Classes with ${JAVAC_RELEASE_VERSION} fi -"${JAVAC}" $BOOTJAVAC_OPTS -d ${CLASSDIR} ${JAVAC_RELEASE_VERSION} \ +"${JAVAC}" $BOOTJAVAC_OPTS -d ${CLASSDIR} -sourcepath src/main ${JAVAC_RELEASE_VERSION} \ ${TOOLS}/bzip2/*.java ${TOOLS}/tar/*.java ${TOOLS}/zip/*.java \ ${TOOLS}/ant/util/regexp/RegexpMatcher.java \ ${TOOLS}/ant/util/regexp/RegexpMatcherFactory.java \ ++++++ apache-ant-class-path-in-manifest.patch ++++++ Index: build.xml =================================================================== --- build.xml.orig +++ build.xml @@ -719,7 +719,7 @@ </metainf> <manifest> <attribute name="Main-Class" value="org.apache.tools.ant.Main"/> - <attribute name="Class-Path" value="ant.jar xalan.jar"/> + <!-- <attribute name="Class-Path" value="ant.jar xalan.jar"/> --> </manifest> </jar> ++++++ apache-ant-no-test-jar.patch ++++++ --- apache-ant-1.10.7/build.xml 2019-09-01 08:14:10.000000000 +0200 +++ apache-ant-1.10.7/build.xml 2019-10-12 12:30:11.014986025 +0200 @@ -976,7 +976,7 @@ Create the essential distribution that can run Apache Ant =================================================================== --> - <target name="dist-lite" depends="jars,test-jar,-ant-dist-warn-jdk9+" + <target name="dist-lite" depends="jars,-ant-dist-warn-jdk9+" description="--> creates a minimum distribution to run Apache Ant"> <mkdir dir="${dist.dir}"/> ++++++ apache-ant-xml-apis.patch ++++++ --- apache-ant-1.10.5/src/script/ant 2018-07-10 06:50:31.000000000 +0200 +++ apache-ant-1.10.5/src/script/ant 2018-12-10 09:12:59.451126724 +0100 @@ -206,7 +206,7 @@ # request optional jars and their dependencies via the OPT_JAR_LIST # variable if $rpm_mode && [ -x /usr/bin/build-classpath ]; then - LOCALCLASSPATH="$(/usr/bin/build-classpath ant ant-launcher jaxp_parser_impl xml-commons-apis)" + LOCALCLASSPATH="$(/usr/bin/build-classpath ant ant-launcher)" # If no optional jars have been specified then build the default list if [ -z "$OPT_JAR_LIST" ]; then ++++++ pre_checkin.sh ++++++ #!/bin/sh EDIT_WARNING="##### WARNING: please do not edit this auto generated spec file. Use the ant.spec! #####\n" sed "s/^%bcond_without bootstrap$/${EDIT_WARNING}%bcond_with bootstrap/; s/^%bcond_with antlr/%bcond_without antlr/; s/^\(Name:.*\)$/\1-antlr/; 0,/^Summary:.*/{s/^Summary:.*/Summary: Antlr Task for ant/}; " < ant.spec > ant-antlr.spec cp ant.changes ant-antlr.changes sed "s/^%bcond_without bootstrap$/${EDIT_WARNING}%bcond_with bootstrap/; s/^%bcond_with junit/%bcond_without junit/; s/^%bcond_without junit5/%bcond_with junit5/; s/^\(Name:.*\)$/\1-junit/; 0,/^Summary:.*/{s/^Summary:.*/Summary: Optional junit tasks for ant/}; " < ant.spec > ant-junit.spec cp ant.changes ant-junit.changes sed "s/^%bcond_without bootstrap$/${EDIT_WARNING}%bcond_with bootstrap/; s/^%bcond_with junit5/%bcond_without junit5/; s/^\(Name:.*\)$/\1-junit5/; 0,/^Summary:.*/{s/^Summary:.*/Summary: Optional junit tasks for ant/}; " < ant.spec > ant-junit5.spec cp ant.changes ant-junit5.changes ++++++ reproducible-build-date.patch ++++++ Author: Bernhard M. Wiedemann <bwiedemann suse.de> Date: 2017-10-24 have fixed build dates to make packages like rhino build more reproducibly that use their build.xml to insert build dates into output files Index: apache-ant-1.9.9/src/script/ant =================================================================== --- apache-ant-1.9.9.orig/src/script/ant +++ apache-ant-1.9.9/src/script/ant @@ -290,6 +290,9 @@ fi if $usejikes; then ANT_OPTS="$ANT_OPTS -Dbuild.compiler=jikes" fi +if test -n "$SOURCE_DATE_EPOCH" ; then + ANT_OPTS="$ANT_OPTS -Dant.tstamp.now=$SOURCE_DATE_EPOCH" +fi # For Cygwin, switch paths to appropriate format before running java # For PATHs convert to unix format first, then to windows format to ensure ++++++ reproducible-build-manifest.patch ++++++ Use Java major version for manifest's Created-by No need of detailed version such java.vm.version. Java's jar command uses java.version when it fills the manifest's "Created-by" field, let's make ant do the same. Using a detailed version makes that every Java release triggers a new publication for ant-based applications, only because a line in manifest has changed - not because the binary or dependencies have changed. Using a less detailed version reduces these publications. Using a less detailed version also prevents more subtle problems such as in boo#1110024: noarch packages differ depending on the builder architecture, when Java vm version contains an architecture information (which is the case for openSUSE, though it's probably not relevant). -- --- a/src/main/org/apache/tools/ant/taskdefs/Manifest.java +++ b/src/main/org/apache/tools/ant/taskdefs/Manifest.java @@ -760,10 +760,7 @@ defManifest); } Manifest defaultManifest = new Manifest(new InputStreamReader(in, JAR_CHARSET)); - String version = System.getProperty("java.runtime.version"); - if (version == null) { - version = System.getProperty("java.vm.version"); - } + String version = System.getProperty("java.version"); Attribute createdBy = new Attribute("Created-By", version + " (" + System.getProperty("java.vm.vendor") + ")"); defaultManifest.getMainSection().storeAttribute(createdBy);