Hello community,
here is the log from the commit of package ant.13382 for
openSUSE:Leap:15.2:Update checked in at 2020-07-20 18:30:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2:Update/ant.13382 (Old)
and /work/SRC/openSUSE:Leap:15.2:Update/.ant.13382.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ant.13382"
Mon Jul 20 18:30:07 2020 rev:1 rq:821540 version:1.10.7
Changes:
--------
New Changes file:
--- /dev/null 2020-07-16 02:54:20.700682797 +0200
+++ /work/SRC/openSUSE:Leap:15.2:Update/.ant.13382.new.3592/ant-antlr.changes
2020-07-20 18:30:17.119816685 +0200
@@ -0,0 +1,775 @@
+-------------------------------------------------------------------
+Fri May 15 14:56:26 UTC 2020 - Pedro Monreal Gonzalez
<pmonrealgonza...@suse.com>
+
+- Security fix: [bsc#1171696, CVE-2020-1945]
+ * Insecure temporary file vulnerability
+- Add patches:
+ * ant-CVE-2020-1945-1.patch ant-CVE-2020-1945-2.patch
+ * ant-CVE-2020-1945-3.patch ant-CVE-2020-1945-4.patch
+ * ant-CVE-2020-1945-5.patch
+
+-------------------------------------------------------------------
+Tue Jan 14 07:03:37 UTC 2020 - Fridrich Strba <fst...@suse.com>
+
+- Use xml-commons-apis-bootstrap as jar in classpath instead of
+ the common xml-apis jar, since we are forcing build against
+ the bootstrap package
+
+-------------------------------------------------------------------
+Fri Nov 8 11:15:20 UTC 2019 - Fridrich Strba <fst...@suse.com>
+
+- Upgrade to upstream version 1.10.7
+- Modified patches:
+ * apache-ant-bootstrap.patch
+ * apache-ant-no-test-jar.patch
+ * apache-ant-xml-apis.patch
+ * reproducible-build-manifest.patch
+ + rediff
+- Fix ant-xz.jar to be non-empty and split it from the ant-antlr
+ package
+
+-------------------------------------------------------------------
+Tue Oct 1 08:34:33 UTC 2019 - Fridrich Strba <fst...@suse.com>
+
+- Build against the new compatibility packages log4j12/log4j12-mini
+
+-------------------------------------------------------------------
+Mon Sep 30 08:08:49 UTC 2019 - Fridrich Strba <fst...@suse.com>
+
+- Remove references to parent poms from all artifacts and do not
+ distribute the ant-parent, since we don't need it
+
+-------------------------------------------------------------------
+Tue Apr 9 10:48:23 UTC 2019 - Fridrich Strba <fst...@suse.com>
+
+- Require directly xerces-j2 and not its virtual provide
+ jaxp_parser_impl
+
+-------------------------------------------------------------------
+Mon Mar 18 17:30:12 UTC 2019 - Jan Engelhardt <jeng...@inai.de>
+
+- Make "if" statements in build recipe POSIX sh compatible.
+
+-------------------------------------------------------------------
+Fri Feb 8 08:51:41 UTC 2019 - Fridrich Strba <fst...@suse.com>
+
+- Create an ant-junit5 package to build junit5 optional tasks
+ when they become resolved
+- Add a simple pom file for ant-bootstrap.jar
+
+-------------------------------------------------------------------
+Fri Feb 8 07:26:44 UTC 2019 - Fridrich Strba <fst...@suse.com>
+
+- Add compatibility links ant/ant*.jar for bootstrap build
+
+-------------------------------------------------------------------
+Tue Feb 5 09:49:54 UTC 2019 - Fridrich Strba <fst...@suse.com>
+
+- BuildRequire hamcrest for ant-junit and ant-antlr, since junit4
+ depends strictly on hamcrest-core only.
+
+-------------------------------------------------------------------
+Fri Feb 1 16:19:10 UTC 2019 - Fridrich Strba <fst...@suse.com>
+
+- Build ant against xml-commons-apis-bootstrap and
+ xml-commons-resolver-bootstrap in order to break build cycle
+
+-------------------------------------------------------------------
+Mon Dec 10 08:22:18 UTC 2018 - Fridrich Strba <fst...@suse.com>
+
+- Don't build against a particular xml-apis/xml-resolver provider,
+ but against the generic virtual provider. This allows easier
+ bootstrapping.
+- Added patch:
+ * apache-ant-xml-apis.patch
+ + look for the xml-apis.jar and xml-resolver.jar when composing
+ classpath; they are symlinks provided by several packages.
+
+-------------------------------------------------------------------
+Mon Nov 26 08:07:13 UTC 2018 - Fridrich Strba <fst...@suse.com>
+
+- Let ant-antlr provide ant-xz too, since it contains the
+ corresponding jar.
+
+-------------------------------------------------------------------
+Wed Oct 31 10:20:23 UTC 2018 - Fridrich Strba <fst...@suse.com>
+
+- Add aliases to some maven artifacts so that packages out there
+ resolve then correctly
+
+-------------------------------------------------------------------
+Fri Oct 26 09:54:04 UTC 2018 - Pedro Monreal Gonzalez
<pmonrealgonza...@suse.com>
+
+- Update to 1.10.5 [bsc#1113136]
+ * Same version as in 1.9.13 but with additional features and
+ requires Java8 or higher.
+ * Dropped patch to build with java8+ already fixed in this version
+ - apache-ant-1.9.9-sourcetarget.patch
+ * Refreshed patch:
+ - apache-ant-class-path-in-manifest.patch
+
+-------------------------------------------------------------------
+Sun Oct 21 08:08:23 UTC 2018 - antoine.belv...@opensuse.org
+
+- Add reproducible-build-manifest.patch: Use less detailed version
+ string for manifest's "Created-by" field (boo#1110024).
+
+-------------------------------------------------------------------
+Wed Oct 17 19:40:22 UTC 2018 - Fridrich Strba <fst...@suse.com>
+
+- Require javapackages-local in order to generate correctly the
+ maven requires and provides
+- Install maven artifacts
+
+-------------------------------------------------------------------
+Fri Aug 24 20:20:20 UTC 2018 - Jason Sikes <jsi...@suse.de>
+
+- Update to 1.9.13
+ * Fixes a regression in the "get" task where redirects
+ from a HTTP resource to a HTTPS resource started throwing
+ an exception.
+ Bugzilla Report 62499
+
+ * the new allowFilesToEscapeDest didn't work when set to false and
+ archive entries contained relative paths with so many ".."
+ segnments that the resulting path would go beyond the file system
+ root.
+ Bugzilla Report 62502, bsc#1100053, CVE-2018-10886
+
+-------------------------------------------------------------------
+Tue May 15 05:02:22 UTC 2018 - fst...@suse.com
+
+- Build with source and target 8 to prepare for a possible removal
+ of 1.6 compatibility
+- Modified patch:
+ * apache-ant-1.9.9-sourcetarget.patch
+ - Build with source/target 8
+
+-------------------------------------------------------------------
+Fri Feb 23 10:24:31 UTC 2018 - ec...@opensuse.org
+
+- fix build error for Leap 42.3
+
+-------------------------------------------------------------------
+Thu Feb 22 11:43:31 UTC 2018 - tchva...@suse.com
+
+- Add patch to run scripts with python3 if applicable bsc#1082202:
+ * ant-python3.patch
+
+-------------------------------------------------------------------
+Thu Feb 22 11:26:23 UTC 2018 - tchva...@suse.com
+
+- Update to 1.9.10:
+ * Various fixes for java10
+ * Small fixes all around
+- Remove merged patch reproducible.patch
+
+-------------------------------------------------------------------
+Sat Oct 28 16:17:19 UTC 2017 - jeng...@inai.de
+
+- Simply use find -delete over xargs.
+- Make description neutral.
+
+-------------------------------------------------------------------
+Tue Oct 24 11:26:36 UTC 2017 - bwiedem...@suse.com
+
+- Add reproducible-build-date.patch to allow to have fixed build dates
+ to make other packages build more reproducibly
+
+-------------------------------------------------------------------
+Wed Oct 4 09:07:19 UTC 2017 - fst...@suse.com
+
+- Remove dependency on java-1_5_0-gcj-compat-devel and build even
+ the bootstrap package with java source and target 1.6
+
+-------------------------------------------------------------------
+Fri Sep 29 07:06:59 UTC 2017 - fst...@suse.com
+
+- Don't condition the maven defines on release version, but on
+ _maven_repository being defined
+
+-------------------------------------------------------------------
+Thu Sep 14 05:39:48 UTC 2017 - fst...@suse.com
+
+- Allow bootstrapping with something else then
+ java-1_5_0-gcj-compat, but still require
+ java-1_5_0-gcj-compat-devel
+- Added patch:
++++ 578 more lines (skipped)
++++ between /dev/null
++++ and
/work/SRC/openSUSE:Leap:15.2:Update/.ant.13382.new.3592/ant-antlr.changes
New Changes file:
ant-junit.changes: same change
New Changes file:
ant-junit5.changes: same change
New Changes file:
ant.changes: same change
New:
----
ant-CVE-2020-1945-1.patch
ant-CVE-2020-1945-2.patch
ant-CVE-2020-1945-3.patch
ant-CVE-2020-1945-4.patch
ant-CVE-2020-1945-5.patch
ant-antlr.changes
ant-antlr.spec
ant-bootstrap.pom.in
ant-junit.changes
ant-junit.spec
ant-junit5.changes
ant-junit5.spec
ant-python3.patch
ant.changes
ant.keyring
ant.spec
apache-ant-1.10.7-src.tar.bz2
apache-ant-1.10.7-src.tar.bz2.asc
apache-ant-1.8.ant.conf
apache-ant-bootstrap.patch
apache-ant-class-path-in-manifest.patch
apache-ant-no-test-jar.patch
apache-ant-xml-apis.patch
pre_checkin.sh
reproducible-build-date.patch
reproducible-build-manifest.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ant-antlr.spec ++++++
++++ 760 lines (skipped)
ant-junit.spec: same change
ant-junit5.spec: same change
ant.spec: same change
++++++ ant-CVE-2020-1945-1.patch ++++++
++++ 772 lines (skipped)
++++++ ant-CVE-2020-1945-2.patch ++++++
>From d591851ae3921172bb825b5a5344afa3de0e28ca Mon Sep 17 00:00:00 2001
From: Stefan Bodewig <bode...@apache.org>
Date: Sun, 3 May 2020 17:24:03 +0200
Subject: [PATCH] make junitlauncher and friends use FileUtils.createTempFile
---
.../AbstractJUnitResultFormatter.java | 5 +++--
.../confined/JUnitLauncherTask.java | 17 +++++++----------
2 files changed, 10 insertions(+), 12 deletions(-)
diff --git
a/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/AbstractJUnitResultFormatter.java
b/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/AbstractJUnitResultFormatter.java
index 833ae0fe6d..dc9847d2a8 100644
---
a/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/AbstractJUnitResultFormatter.java
+++
b/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/AbstractJUnitResultFormatter.java
@@ -260,8 +260,9 @@ private void storeToFile(final byte[] data, final int
offset, final int length)
}
private FileOutputStream createFileStore() throws IOException {
- this.filePath = Files.createTempFile(null, this.tmpFileSuffix);
- this.filePath.toFile().deleteOnExit();
+ this.filePath = FileUtils.getFileUtils()
+ .createTempFile(null, this.tmpFileSuffix, null, true, true)
+ .toPath();
return new FileOutputStream(this.filePath.toFile());
}
diff --git
a/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/confined/JUnitLauncherTask.java
b/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/confined/JUnitLauncherTask.java
index 3e0e671579..0d16ed082a 100644
---
a/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/confined/JUnitLauncherTask.java
+++
b/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/confined/JUnitLauncherTask.java
@@ -28,6 +28,7 @@
import org.apache.tools.ant.types.CommandlineJava;
import org.apache.tools.ant.types.Environment;
import org.apache.tools.ant.types.Path;
+import org.apache.tools.ant.util.FileUtils;
import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamWriter;
@@ -224,8 +225,9 @@ private void launchViaReflection(final InVMLaunch
launchDefinition) {
}
private java.nio.file.Path dumpProjectProperties() throws IOException {
- final java.nio.file.Path propsPath = Files.createTempFile(null,
"properties");
- propsPath.toFile().deleteOnExit();
+ final java.nio.file.Path propsPath = FileUtils.getFileUtils()
+ .createTempFile(null, "properties", null, true, true)
+ .toPath();
final Hashtable<String, Object> props =
this.getProject().getProperties();
final Properties projProperties = new Properties();
projProperties.putAll(props);
@@ -364,14 +366,9 @@ private int executeForkedTest(final ForkDefinition
forkDefinition, final Command
}
private java.nio.file.Path newLaunchDefinitionXml() {
- final java.nio.file.Path xmlFilePath;
- try {
- xmlFilePath = Files.createTempFile(null, ".xml");
- } catch (IOException e) {
- throw new BuildException("Failed to construct command line for
test", e);
- }
- xmlFilePath.toFile().deleteOnExit();
- return xmlFilePath;
+ return FileUtils.getFileUtils()
+ .createTempFile(null, ".xml", null, true, true)
+ .toPath();
}
private final class InVMLaunch implements LaunchDefinition {
++++++ ant-CVE-2020-1945-3.patch ++++++
>From 041b058c7bf10a94d56db3ca9dba38cf90ab9943 Mon Sep 17 00:00:00 2001
From: Stefan Bodewig <bode...@apache.org>
Date: Tue, 5 May 2020 15:01:39 +0200
Subject: [PATCH] make junitlauncher use ant.tmpdir as well
---
manual/Tasks/junitlauncher.html | 4 ++++
.../junitlauncher/AbstractJUnitResultFormatter.java | 10 ++++++----
.../junitlauncher/confined/JUnitLauncherTask.java | 4 ++--
3 files changed, 12 insertions(+), 6 deletions(-)
Index: apache-ant-1.10.7/manual/Tasks/junitlauncher.html
===================================================================
--- apache-ant-1.10.7.orig/manual/Tasks/junitlauncher.html
+++ apache-ant-1.10.7/manual/Tasks/junitlauncher.html
@@ -43,6 +43,10 @@
case is nor does it execute the tests itself.
</p>
<p>
+ This task captures testoutput and configuration data inside of
+ the <a href="../running.html#tmpdir">temporary directory</a>.
+</p>
+<p>
<strong>Note</strong>: This task depends on external libraries not
included in the Apache Ant
distribution. See <a href="../install.html#librarydependencies">Library
Dependencies</a> for
more information.
Index:
apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/AbstractJUnitResultFormatter.java
===================================================================
---
apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/AbstractJUnitResultFormatter.java
+++
apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/AbstractJUnitResultFormatter.java
@@ -53,7 +53,7 @@ abstract class AbstractJUnitResultFormat
@Override
public void sysOutAvailable(final byte[] data) {
if (this.sysOutStore == null) {
- this.sysOutStore = new SysOutErrContentStore(true);
+ this.sysOutStore = new SysOutErrContentStore(context, true);
}
try {
this.sysOutStore.store(data);
@@ -65,7 +65,7 @@ abstract class AbstractJUnitResultFormat
@Override
public void sysErrAvailable(final byte[] data) {
if (this.sysErrStore == null) {
- this.sysErrStore = new SysOutErrContentStore(false);
+ this.sysErrStore = new SysOutErrContentStore(context, false);
}
try {
this.sysErrStore.store(data);
@@ -212,13 +212,15 @@ abstract class AbstractJUnitResultFormat
}
};
+ private final TestExecutionContext context;
private final String tmpFileSuffix;
private ByteBuffer inMemoryStore =
ByteBuffer.allocate(DEFAULT_CAPACITY_IN_BYTES);
private boolean usingFileStore = false;
private Path filePath;
private FileOutputStream fileOutputStream;
- private SysOutErrContentStore(final boolean isSysOut) {
+ private SysOutErrContentStore(final TestExecutionContext context,
final boolean isSysOut) {
+ this.context = context;
this.tmpFileSuffix = isSysOut ? ".sysout" : ".syserr";
}
@@ -261,7 +263,7 @@ abstract class AbstractJUnitResultFormat
private FileOutputStream createFileStore() throws IOException {
this.filePath = FileUtils.getFileUtils()
- .createTempFile(null, this.tmpFileSuffix, null, true, true)
+ .createTempFile(context.getProject().orElse(null), null,
this.tmpFileSuffix, null, true, true)
.toPath();
return new FileOutputStream(this.filePath.toFile());
}
Index:
apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/confined/JUnitLauncherTask.java
===================================================================
---
apache-ant-1.10.7.orig/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/confined/JUnitLauncherTask.java
+++
apache-ant-1.10.7/src/main/org/apache/tools/ant/taskdefs/optional/junitlauncher/confined/JUnitLauncherTask.java
@@ -226,7 +226,7 @@ public class JUnitLauncherTask extends T
private java.nio.file.Path dumpProjectProperties() throws IOException {
final java.nio.file.Path propsPath = FileUtils.getFileUtils()
- .createTempFile(null, "properties", null, true, true)
+ .createTempFile(getProject(), null, "properties", null, true, true)
.toPath();
final Hashtable<String, Object> props =
this.getProject().getProperties();
final Properties projProperties = new Properties();
@@ -367,7 +367,7 @@ public class JUnitLauncherTask extends T
private java.nio.file.Path newLaunchDefinitionXml() {
return FileUtils.getFileUtils()
- .createTempFile(null, ".xml", null, true, true)
+ .createTempFile(getProject(), null, ".xml", null, true, true)
.toPath();
}
++++++ ant-CVE-2020-1945-4.patch ++++++
>From a8645a151bc706259fb1789ef587d05482d98612 Mon Sep 17 00:00:00 2001
From: Stefan Bodewig <bode...@apache.org>
Date: Tue, 5 May 2020 15:32:09 +0200
Subject: [PATCH] use nio.Files.createTempFile rather than File.createTempFile
---
.../org/apache/tools/ant/util/FileUtils.java | 35 ++++++++++++++++++-
.../apache/tools/ant/util/FileUtilsTest.java | 13 +++++++
2 files changed, 47 insertions(+), 1 deletion(-)
diff --git a/src/main/org/apache/tools/ant/util/FileUtils.java
b/src/main/org/apache/tools/ant/util/FileUtils.java
index 565d69b6f7..46671848c9 100644
--- a/src/main/org/apache/tools/ant/util/FileUtils.java
+++ b/src/main/org/apache/tools/ant/util/FileUtils.java
@@ -36,9 +36,14 @@
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
+import java.nio.file.attribute.FileAttribute;
+import java.nio.file.attribute.PosixFileAttributeView;
+import java.nio.file.attribute.PosixFilePermission;
+import java.nio.file.attribute.PosixFilePermissions;
import java.text.DecimalFormat;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.EnumSet;
import java.util.List;
import java.util.Locale;
import java.util.Optional;
@@ -100,6 +105,13 @@
*/
public static final long NTFS_FILE_TIMESTAMP_GRANULARITY = 1;
+ private static final FileAttribute[] TMPFILE_ATTRIBUTES =
+ new FileAttribute[] {
+
PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ,
+ PosixFilePermission.OWNER_WRITE))
+ };
+ private static final FileAttribute[] NO_TMPFILE_ATTRIBUTES = new
FileAttribute[0];
+
/**
* A one item cache for fromUri.
* fromUri is called for each element when parsing ant build
@@ -893,6 +905,10 @@ public String toVMSPath(File f) {
* yield a different file name.
* </p>
*
+ * <p>If the filesystem where the temporary file is created
+ * supports POSIX permissions, the file will only be readable and
+ * writable by the current user.</p>
+ *
* @param prefix file name prefix.
* @param suffix
* file extension; include the '.'.
@@ -916,6 +932,10 @@ public File createTempFile(String prefix, String suffix,
File parentDir) {
* exist before this method was invoked, any subsequent invocation
* of this method will yield a different file name.</p>
*
+ * <p>If the filesystem where the temporary file is created
+ * supports POSIX permissions, the file will only be readable and
+ * writable by the current user.</p>
+ *
* @param prefix file name prefix.
* @param suffix file extension; include the '.'.
* @param parentDir Directory to create the temporary file in;
@@ -947,6 +967,10 @@ public File createTempFile(String prefix, String suffix,
File parentDir,
* exist before this method was invoked, any subsequent invocation
* of this method will yield a different file name.</p>
*
+ * <p>If the filesystem where the temporary file is created
+ * supports POSIX permissions, the file will only be readable and
+ * writable by the current user.</p>
+ *
* @param project reference to the current Ant project.
* @param prefix file name prefix.
* @param suffix file extension; include the '.'.
@@ -984,7 +1008,12 @@ public File createTempFile(final Project project, String
prefix, String suffix,
if (createFile) {
try {
- result = File.createTempFile(prefix, suffix, new File(parent));
+ final Path parentPath = new File(parent).toPath();
+ final PosixFileAttributeView parentPosixAttributes =
+ Files.getFileAttributeView(parentPath,
PosixFileAttributeView.class);
+ result = Files.createTempFile(parentPath, prefix, suffix,
+ parentPosixAttributes != null ? TMPFILE_ATTRIBUTES :
NO_TMPFILE_ATTRIBUTES)
+ .toFile();
} catch (IOException e) {
throw new BuildException("Could not create tempfile in "
+ parent, e);
@@ -1015,6 +1044,10 @@ public File createTempFile(final Project project, String
prefix, String suffix,
* yield a different file name.
* </p>
*
+ * <p>If the filesystem where the temporary file is created
+ * supports POSIX permissions, the file will only be readable and
+ * writable by the current user.</p>
+ *
* @param prefix file name prefix.
* @param suffix
* file extension; include the '.'.
diff --git a/src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java
b/src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java
index fc584563dc..d2ea122221 100644
--- a/src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java
+++ b/src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java
@@ -24,8 +24,11 @@
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
+import java.nio.file.attribute.PosixFileAttributeView;
+import java.nio.file.attribute.PosixFilePermission;
import java.util.Locale;
import java.util.Optional;
+import java.util.Set;
import org.apache.tools.ant.BuildException;
import org.apache.tools.ant.MagicTestNames;
@@ -40,7 +43,9 @@
import static org.apache.tools.ant.util.FileUtils.getFileUtils;
import static org.apache.tools.ant.util.FileUtils.isCaseSensitiveFileSystem;
import static org.apache.tools.ant.util.FileUtils.isContextRelativePath;
+import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.endsWith;
+import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.startsWith;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
@@ -370,6 +375,14 @@ public void testCreateTempFile() throws IOException {
assertTrue("File was created", tmp1.exists());
assertEquals((new File(tmploc, tmp1.getName())).getAbsolutePath(),
tmp1.getAbsolutePath());
+ final PosixFileAttributeView attributes =
+ Files.getFileAttributeView(tmp1.toPath(),
PosixFileAttributeView.class);
+ if (attributes != null) {
+ final Set<PosixFilePermission> perm =
attributes.readAttributes().permissions();
+ assertThat(perm,
+ containsInAnyOrder(PosixFilePermission.OWNER_READ,
PosixFilePermission.OWNER_WRITE));
+ assertThat(perm, hasSize(2));
+ }
tmp1.delete();
// null parent dir, project without magic property
++++++ ant-CVE-2020-1945-5.patch ++++++
>From 926f339ea30362bec8e53bf5924ce803938163b7 Mon Sep 17 00:00:00 2001
From: Stefan Bodewig <bode...@apache.org>
Date: Sun, 10 May 2020 15:07:05 +0200
Subject: [PATCH] recommend using ant.tmpdir
---
manual/running.html | 7 +++++++
1 file changed, 7 insertions(+)
Index: apache-ant-1.10.7/manual/running.html
===================================================================
--- apache-ant-1.10.7.orig/manual/running.html
+++ apache-ant-1.10.7/manual/running.html
@@ -524,6 +524,16 @@ on the platform and the JVM implementati
changed API of Ant 1.10.8.</p>
+<p><b>Security Note:</b> Using the default temporary directory
+specified by <code>java.io.tmpdir</code> can result in the leakage of
+sensitive information or possibly allow an attacker to execute
+arbitrary code. This is especially true in multi-user environments. It
+is recommended that <code>ant.tmpdir</code> be set to a directory
+owned by the user running Ant with 0700 permissions. Ant 1.10.8 and
+later will try to make temporary files created by it only
+readable/writable by the current user but may silently fail to do so
+depending on the OS and filesystem.</p>
+
<h2 id="cygwin">Cygwin Users</h2>
<p>
Unix launch script that come with Ant works correctly with Cygwin. You
++++++ ant-bootstrap.pom.in ++++++
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd";>
<modelVersion>4.0.0</modelVersion>
<url>http://ant.apache.org/</url>
<groupId>org.apache.ant</groupId>
<artifactId>ant-bootstrap</artifactId>
<version>@VERSION@</version>
</project>
++++++ ant-python3.patch ++++++
Index: apache-ant-1.9.10/src/script/runant.py
===================================================================
--- apache-ant-1.9.10.orig/src/script/runant.py
+++ apache-ant-1.9.10/src/script/runant.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
@@ -36,7 +36,7 @@ debug = 0
#######################################################################
# If ANT_HOME is not set default to script's parent directory
-if os.environ.has_key('ANT_HOME'):
+if 'ANT_HOME' in os.environ:
ANT_HOME = os.environ['ANT_HOME']
else:
ANT_HOME = os.path.dirname(os.path.dirname(os.path.abspath(sys.argv[0])))
@@ -46,17 +46,17 @@ ANT_LIB = os.path.join(ANT_HOME, 'lib')
# set JAVACMD (check variables JAVACMD and JAVA_HOME)
JAVACMD = None
-if not os.environ.has_key('JAVACMD'):
- if os.environ.has_key('JAVA_HOME'):
+if 'JAVACMD' not in os.environ:
+ if 'JAVA_HOME' in os.environ:
if not os.path.exists(os.environ['JAVA_HOME']):
- print "Warning: JAVA_HOME is not defined correctly."
+ print("Warning: JAVA_HOME is not defined correctly.")
else:
JAVA_HOME = os.environ['JAVA_HOME']
while JAVA_HOME[0] == JAVA_HOME[-1] == "\"":
JAVA_HOME = JAVA_HOME[1:-1]
JAVACMD = os.path.join(JAVA_HOME, 'bin', 'java')
else:
- print "Warning: JAVA_HOME not set."
+ print("Warning: JAVA_HOME not set.")
else:
JAVACMD = os.environ['JAVACMD']
if not JAVACMD:
@@ -64,28 +64,28 @@ if not JAVACMD:
launcher_jar = os.path.join(ANT_LIB, 'ant-launcher.jar')
if not os.path.exists(launcher_jar):
- print 'Warning: Unable to locate ant-launcher.jar. Expected to find it in
%s' % \
- ANT_LIB
+ print('Warning: Unable to locate ant-launcher.jar. Expected to find it in
%s' % \
+ ANT_LIB)
# Build up standard classpath (LOCALCLASSPATH)
LOCALCLASSPATH = launcher_jar
-if os.environ.has_key('LOCALCLASSPATH'):
+if 'LOCALCLASSPATH' in os.environ:
LOCALCLASSPATH += os.pathsep + os.environ['LOCALCLASSPATH']
ANT_OPTS = ""
-if os.environ.has_key('ANT_OPTS'):
+if 'ANT_OPTS' in os.environ:
ANT_OPTS = os.environ['ANT_OPTS']
OPTS = ""
-if os.environ.has_key('JIKESPATH'):
+if 'JIKESPATH' in os.environ:
OPTS = '-Djikes.class.path=\"%s\"' % os.environ['JIKESPATH']
ANT_ARGS = ""
-if os.environ.has_key('ANT_ARGS'):
+if 'ANT_ARGS' in os.environ:
ANT_ARGS = os.environ['ANT_ARGS']
CLASSPATH = ""
-if os.environ.has_key('CLASSPATH'):
+if 'CLASSPATH' in os.environ:
CLASSPATH = "-lib " + os.environ['CLASSPATH']
while JAVACMD[0] == JAVACMD[-1] == "\"":
@@ -98,7 +98,7 @@ cmdline = ('"%s" %s -classpath %s -Dant.
CLASSPATH, string.join(sys.argv[1:], ' '))
if debug:
- print '\n%s\n\n' % (cmdline)
+ print('\n%s\n\n' % (cmdline))
sys.stdout.flush()
# Run the biniou!
++++++ ant.keyring ++++++
++++ 1487 lines (skipped)
++++++ apache-ant-1.8.ant.conf ++++++
# ant.conf (Ant 1.8.x)
# JPackage Project <http://www.jpackage.org/>
# Validate --noconfig setting in case being invoked
# from pre Ant 1.6.x environment
if [ -z "$no_config" ] ; then
no_config=true
fi
# Setup ant configuration
if $no_config ; then
# Disable RPM layout
rpm_mode=false
else
# Use RPM layout
rpm_mode=true
# ANT_HOME for rpm layout
ANT_HOME=/usr/share/ant
fi
++++++ apache-ant-bootstrap.patch ++++++
--- apache-ant-1.10.7/bootstrap.sh 2019-09-01 08:14:10.000000000 +0200
+++ apache-ant-1.10.7/bootstrap.sh 2019-10-12 12:34:23.892369973 +0200
@@ -143,7 +143,7 @@
echo ... Compiling Ant Classes with ${JAVAC_RELEASE_VERSION}
fi
-"${JAVAC}" $BOOTJAVAC_OPTS -d ${CLASSDIR} ${JAVAC_RELEASE_VERSION} \
+"${JAVAC}" $BOOTJAVAC_OPTS -d ${CLASSDIR} -sourcepath src/main
${JAVAC_RELEASE_VERSION} \
${TOOLS}/bzip2/*.java ${TOOLS}/tar/*.java ${TOOLS}/zip/*.java \
${TOOLS}/ant/util/regexp/RegexpMatcher.java \
${TOOLS}/ant/util/regexp/RegexpMatcherFactory.java \
++++++ apache-ant-class-path-in-manifest.patch ++++++
Index: build.xml
===================================================================
--- build.xml.orig
+++ build.xml
@@ -719,7 +719,7 @@
</metainf>
<manifest>
<attribute name="Main-Class" value="org.apache.tools.ant.Main"/>
- <attribute name="Class-Path" value="ant.jar xalan.jar"/>
+ <!-- <attribute name="Class-Path" value="ant.jar xalan.jar"/> -->
</manifest>
</jar>
++++++ apache-ant-no-test-jar.patch ++++++
--- apache-ant-1.10.7/build.xml 2019-09-01 08:14:10.000000000 +0200
+++ apache-ant-1.10.7/build.xml 2019-10-12 12:30:11.014986025 +0200
@@ -976,7 +976,7 @@
Create the essential distribution that can run Apache Ant
===================================================================
-->
- <target name="dist-lite" depends="jars,test-jar,-ant-dist-warn-jdk9+"
+ <target name="dist-lite" depends="jars,-ant-dist-warn-jdk9+"
description="--> creates a minimum distribution to run Apache Ant">
<mkdir dir="${dist.dir}"/>
++++++ apache-ant-xml-apis.patch ++++++
--- apache-ant-1.10.5/src/script/ant 2018-07-10 06:50:31.000000000 +0200
+++ apache-ant-1.10.5/src/script/ant 2018-12-10 09:12:59.451126724 +0100
@@ -206,7 +206,7 @@
# request optional jars and their dependencies via the OPT_JAR_LIST
# variable
if $rpm_mode && [ -x /usr/bin/build-classpath ]; then
- LOCALCLASSPATH="$(/usr/bin/build-classpath ant ant-launcher jaxp_parser_impl
xml-commons-apis)"
+ LOCALCLASSPATH="$(/usr/bin/build-classpath ant ant-launcher)"
# If no optional jars have been specified then build the default list
if [ -z "$OPT_JAR_LIST" ]; then
++++++ pre_checkin.sh ++++++
#!/bin/sh
EDIT_WARNING="##### WARNING: please do not edit this auto generated spec file.
Use the ant.spec! #####\n"
sed "s/^%bcond_without bootstrap$/${EDIT_WARNING}%bcond_with bootstrap/;
s/^%bcond_with antlr/%bcond_without antlr/;
s/^\(Name:.*\)$/\1-antlr/;
0,/^Summary:.*/{s/^Summary:.*/Summary: Antlr Task for ant/};
" < ant.spec > ant-antlr.spec
cp ant.changes ant-antlr.changes
sed "s/^%bcond_without bootstrap$/${EDIT_WARNING}%bcond_with bootstrap/;
s/^%bcond_with junit/%bcond_without junit/;
s/^%bcond_without junit5/%bcond_with junit5/;
s/^\(Name:.*\)$/\1-junit/;
0,/^Summary:.*/{s/^Summary:.*/Summary: Optional junit tasks for
ant/};
" < ant.spec > ant-junit.spec
cp ant.changes ant-junit.changes
sed "s/^%bcond_without bootstrap$/${EDIT_WARNING}%bcond_with bootstrap/;
s/^%bcond_with junit5/%bcond_without junit5/;
s/^\(Name:.*\)$/\1-junit5/;
0,/^Summary:.*/{s/^Summary:.*/Summary: Optional junit tasks for
ant/};
" < ant.spec > ant-junit5.spec
cp ant.changes ant-junit5.changes
++++++ reproducible-build-date.patch ++++++
Author: Bernhard M. Wiedemann <bwiedemann suse.de>
Date: 2017-10-24
have fixed build dates
to make packages like rhino build more reproducibly
that use their build.xml to insert build dates into output files
Index: apache-ant-1.9.9/src/script/ant
===================================================================
--- apache-ant-1.9.9.orig/src/script/ant
+++ apache-ant-1.9.9/src/script/ant
@@ -290,6 +290,9 @@ fi
if $usejikes; then
ANT_OPTS="$ANT_OPTS -Dbuild.compiler=jikes"
fi
+if test -n "$SOURCE_DATE_EPOCH" ; then
+ ANT_OPTS="$ANT_OPTS -Dant.tstamp.now=$SOURCE_DATE_EPOCH"
+fi
# For Cygwin, switch paths to appropriate format before running java
# For PATHs convert to unix format first, then to windows format to ensure
++++++ reproducible-build-manifest.patch ++++++
Use Java major version for manifest's Created-by
No need of detailed version such java.vm.version. Java's jar command
uses java.version when it fills the manifest's "Created-by" field,
let's make ant do the same.
Using a detailed version makes that every Java release triggers a
new publication for ant-based applications, only because a line in
manifest has changed - not because the binary or dependencies have
changed. Using a less detailed version reduces these publications.
Using a less detailed version also prevents more subtle problems
such as in boo#1110024: noarch packages differ depending on the
builder architecture, when Java vm version contains an architecture
information (which is the case for openSUSE, though it's probably
not relevant).
--
--- a/src/main/org/apache/tools/ant/taskdefs/Manifest.java
+++ b/src/main/org/apache/tools/ant/taskdefs/Manifest.java
@@ -760,10 +760,7 @@
defManifest);
}
Manifest defaultManifest = new Manifest(new InputStreamReader(in,
JAR_CHARSET));
- String version = System.getProperty("java.runtime.version");
- if (version == null) {
- version = System.getProperty("java.vm.version");
- }
+ String version = System.getProperty("java.version");
Attribute createdBy = new Attribute("Created-By", version
+ " (" + System.getProperty("java.vm.vendor") + ")");
defaultManifest.getMainSection().storeAttribute(createdBy);
