Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-java/struts
diff options
context:
space:
mode:
authorPatrice Clement <monsieurp@gentoo.org>2015-07-17 16:18:11 +0000
committerPatrice Clement <monsieurp@gentoo.org>2015-07-17 16:18:11 +0000
commitc15973dce4e49977f63c79c61d2a7b258ec4bb52 (patch)
tree220007f9cc52168d54aa447908511711035b1866 /dev-java/struts
parentia64 stable wrt bug #552884 (diff)
downloadgentoo-2-c15973dce4e49977f63c79c61d2a7b258ec4bb52.tar.gz
gentoo-2-c15973dce4e49977f63c79c61d2a7b258ec4bb52.tar.bz2
gentoo-2-c15973dce4e49977f63c79c61d2a7b258ec4bb52.zip
Tree-clean struts v1. Fix bug 555202.
Signed-off-by: Patrice Clement <monsieurp@gentoo.org> (Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 93491BB8)
Diffstat (limited to 'dev-java/struts')
-rw-r--r--dev-java/struts/ChangeLog8
-rw-r--r--dev-java/struts/files/struts-CVE-2008-2025.patch328
-rw-r--r--dev-java/struts/struts-1.2.9-r3.ebuild84
3 files changed, 6 insertions, 414 deletions
diff --git a/dev-java/struts/ChangeLog b/dev-java/struts/ChangeLog
index f364a17efaf2..848e3084a7e4 100644
--- a/dev-java/struts/ChangeLog
+++ b/dev-java/struts/ChangeLog
@@ -1,6 +1,10 @@
# ChangeLog for dev-java/struts
-# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-java/struts/ChangeLog,v 1.51 2014/06/17 19:36:52 mrueg Exp $
+# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/dev-java/struts/ChangeLog,v 1.52 2015/07/17 16:18:11 monsieurp Exp $
+
+ 17 Jul 2015; Patrice Clement <monsieurp@gentoo.org>
+ -files/struts-CVE-2008-2025.patch, -struts-1.2.9-r3.ebuild:
+ Tree-clean struts v1. Fix bug 555202.
17 Jun 2014; Manuel Rüger <mrueg@gentoo.org> -struts-1.2.9-r2.ebuild:
NM: Cleanup superseded ebuilds.
diff --git a/dev-java/struts/files/struts-CVE-2008-2025.patch b/dev-java/struts/files/struts-CVE-2008-2025.patch
deleted file mode 100644
index 4b0d7ebd7222..000000000000
--- a/dev-java/struts/files/struts-CVE-2008-2025.patch
+++ /dev/null
@@ -1,328 +0,0 @@
-diff --git a/src/share/org/apache/struts/taglib/html/BaseHandlerTag.java b/src/share/org/apache/struts/taglib/html/BaseHandlerTag.java
-index 403ff97..386ccf3 100644
---- a/src/share/org/apache/struts/taglib/html/BaseHandlerTag.java
-+++ b/src/share/org/apache/struts/taglib/html/BaseHandlerTag.java
-@@ -35,6 +35,7 @@ import org.apache.struts.taglib.TagUtils;
- import org.apache.struts.taglib.logic.IterateTag;
- import org.apache.struts.util.MessageResources;
- import org.apache.struts.util.RequestUtils;
-+import org.apache.struts.util.ResponseUtils;
-
- /**
- * Base class for tags that render form elements capable of including JavaScript
-@@ -898,10 +899,12 @@ public abstract class BaseHandlerTag extends BodyTagSupport {
- */
- protected void prepareAttribute(StringBuffer handlers, String name, Object value) {
- if (value != null) {
-+ if (name.indexOf('"') >= 0)
-+ throw new IllegalArgumentException("quote character in attribute name");
- handlers.append(" ");
- handlers.append(name);
- handlers.append("=\"");
-- handlers.append(value);
-+ handlers.append(ResponseUtils.filterIfQuote(value.toString()));
- handlers.append("\"");
- }
- }
-diff --git a/src/share/org/apache/struts/taglib/html/FormTag.java b/src/share/org/apache/struts/taglib/html/FormTag.java
-index e8eb9b4..ba2d782 100644
---- a/src/share/org/apache/struts/taglib/html/FormTag.java
-+++ b/src/share/org/apache/struts/taglib/html/FormTag.java
-@@ -37,6 +37,7 @@ import org.apache.struts.config.ModuleConfig;
- import org.apache.struts.taglib.TagUtils;
- import org.apache.struts.util.MessageResources;
- import org.apache.struts.util.RequestUtils;
-+import org.apache.struts.util.ResponseUtils;
-
- /**
- * Custom tag that represents an input form, associated with a bean whose
-@@ -547,10 +548,10 @@ public class FormTag extends TagSupport {
-
- results.append(" action=\"");
- results.append(
-- response.encodeURL(
-+ ResponseUtils.filterIfQuote(response.encodeURL(
- TagUtils.getInstance().getActionMappingURL(
- this.action,
-- this.pageContext)));
-+ this.pageContext))));
-
- results.append("\"");
- }
-@@ -580,7 +581,7 @@ public class FormTag extends TagSupport {
- results.append("<div><input type=\"hidden\" name=\"");
- results.append(Constants.TOKEN_KEY);
- results.append("\" value=\"");
-- results.append(token);
-+ results.append(ResponseUtils.filterIfQuote(token));
- if (this.isXhtml()) {
- results.append("\" />");
- } else {
-@@ -598,10 +599,12 @@ public class FormTag extends TagSupport {
- */
- protected void renderAttribute(StringBuffer results, String attribute, String value) {
- if (value != null) {
-+ if (attribute.indexOf('"') >= 0)
-+ throw new IllegalArgumentException("quote character in attribute name");
- results.append(" ");
- results.append(attribute);
- results.append("=\"");
-- results.append(value);
-+ results.append(ResponseUtils.filterIfQuote(value));
- results.append("\"");
- }
- }
-diff --git a/src/share/org/apache/struts/taglib/html/HtmlTag.java b/src/share/org/apache/struts/taglib/html/HtmlTag.java
-index fb64875..d4da38d 100644
---- a/src/share/org/apache/struts/taglib/html/HtmlTag.java
-+++ b/src/share/org/apache/struts/taglib/html/HtmlTag.java
-@@ -29,6 +29,7 @@ import javax.servlet.jsp.tagext.TagSupport;
- import org.apache.struts.Globals;
- import org.apache.struts.taglib.TagUtils;
- import org.apache.struts.util.MessageResources;
-+import org.apache.struts.util.ResponseUtils;
-
- /**
- * Renders an HTML <html> element with appropriate language attributes if
-@@ -151,20 +152,20 @@ public class HtmlTag extends TagSupport {
-
- if ((this.lang || this.locale || this.xhtml) && validLanguage) {
- sb.append(" lang=\"");
-- sb.append(language);
-+ sb.append(ResponseUtils.filterIfQuote(language));
- if (validCountry) {
- sb.append("-");
-- sb.append(country);
-+ sb.append(ResponseUtils.filterIfQuote(country));
- }
- sb.append("\"");
- }
-
- if (this.xhtml && validLanguage) {
- sb.append(" xml:lang=\"");
-- sb.append(language);
-+ sb.append(ResponseUtils.filterIfQuote(language));
- if (validCountry) {
- sb.append("-");
-- sb.append(country);
-+ sb.append(ResponseUtils.filterIfQuote(country));
- }
- sb.append("\"");
- }
-diff --git a/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java b/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java
-index 77d7dba..5da8317 100644
---- a/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java
-+++ b/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java
-@@ -45,6 +45,7 @@ import org.apache.struts.Globals;
- import org.apache.struts.action.ActionMapping;
- import org.apache.struts.config.ModuleConfig;
- import org.apache.struts.taglib.TagUtils;
-+import org.apache.struts.util.ResponseUtils;
- import org.apache.struts.util.MessageResources;
- import org.apache.struts.validator.Resources;
- import org.apache.struts.validator.ValidatorPlugIn;
-@@ -850,7 +851,7 @@ public class JavascriptValidatorTag extends BodyTagSupport {
- }
-
- if (this.src != null) {
-- start.append(" src=\"" + src + "\"");
-+ start.append(" src=\"" + ResponseUtils.filterIfQuote(src) + "\"");
- }
-
- start.append("> \n");
-diff --git a/src/share/org/apache/struts/taglib/html/OptionTag.java b/src/share/org/apache/struts/taglib/html/OptionTag.java
-index 4df5c95..e9e4b2e 100644
---- a/src/share/org/apache/struts/taglib/html/OptionTag.java
-+++ b/src/share/org/apache/struts/taglib/html/OptionTag.java
-@@ -26,6 +26,7 @@ import javax.servlet.jsp.tagext.BodyTagSupport;
- import org.apache.struts.Globals;
- import org.apache.struts.taglib.TagUtils;
- import org.apache.struts.util.MessageResources;
-+import org.apache.struts.util.ResponseUtils;
-
- /**
- * Tag for select options. The body of this tag is presented to the user
-@@ -235,7 +236,7 @@ public class OptionTag extends BodyTagSupport {
- protected String renderOptionElement() throws JspException {
- StringBuffer results = new StringBuffer("<option value=\"");
-
-- results.append(this.value);
-+ results.append(ResponseUtils.filterIfQuote(this.value));
- results.append("\"");
- if (disabled) {
- results.append(" disabled=\"disabled\"");
-@@ -245,17 +246,17 @@ public class OptionTag extends BodyTagSupport {
- }
- if (style != null) {
- results.append(" style=\"");
-- results.append(style);
-+ results.append(ResponseUtils.filterIfQuote(style));
- results.append("\"");
- }
- if (styleId != null) {
- results.append(" id=\"");
-- results.append(styleId);
-+ results.append(ResponseUtils.filterIfQuote(styleId));
- results.append("\"");
- }
- if (styleClass != null) {
- results.append(" class=\"");
-- results.append(styleClass);
-+ results.append(ResponseUtils.filterIfQuote(styleClass));
- results.append("\"");
- }
- results.append(">");
-diff --git a/src/share/org/apache/struts/taglib/html/OptionsCollectionTag.java b/src/share/org/apache/struts/taglib/html/OptionsCollectionTag.java
-index 9999259..e5ecb66 100644
---- a/src/share/org/apache/struts/taglib/html/OptionsCollectionTag.java
-+++ b/src/share/org/apache/struts/taglib/html/OptionsCollectionTag.java
-@@ -30,6 +30,7 @@ import javax.servlet.jsp.tagext.TagSupport;
-
- import org.apache.commons.beanutils.PropertyUtils;
- import org.apache.struts.util.IteratorAdapter;
-+import org.apache.struts.util.ResponseUtils;
- import org.apache.struts.taglib.TagUtils;
- import org.apache.struts.util.MessageResources;
-
-@@ -291,7 +292,7 @@ public class OptionsCollectionTag extends TagSupport {
- if (filter) {
- sb.append(TagUtils.getInstance().filter(value));
- } else {
-- sb.append(value);
-+ sb.append(ResponseUtils.filterIfQuote(value));
- }
- sb.append("\"");
- if (matched) {
-@@ -299,12 +300,12 @@ public class OptionsCollectionTag extends TagSupport {
- }
- if (style != null) {
- sb.append(" style=\"");
-- sb.append(style);
-+ sb.append(ResponseUtils.filterIfQuote(style));
- sb.append("\"");
- }
- if (styleClass != null) {
- sb.append(" class=\"");
-- sb.append(styleClass);
-+ sb.append(ResponseUtils.filterIfQuote(styleClass));
- sb.append("\"");
- }
-
-@@ -313,7 +314,7 @@ public class OptionsCollectionTag extends TagSupport {
- if (filter) {
- sb.append(TagUtils.getInstance().filter(label));
- } else {
-- sb.append(label);
-+ sb.append(ResponseUtils.filterIfQuote(label));
- }
-
- sb.append("</option>\r\n");
-diff --git a/src/share/org/apache/struts/taglib/html/OptionsTag.java b/src/share/org/apache/struts/taglib/html/OptionsTag.java
-index 90d716a..dbc14cf 100644
---- a/src/share/org/apache/struts/taglib/html/OptionsTag.java
-+++ b/src/share/org/apache/struts/taglib/html/OptionsTag.java
-@@ -32,6 +32,7 @@ import org.apache.commons.beanutils.PropertyUtils;
- import org.apache.struts.util.IteratorAdapter;
- import org.apache.struts.taglib.TagUtils;
- import org.apache.struts.util.MessageResources;
-+import org.apache.struts.util.ResponseUtils;
-
- /**
- * Tag for creating multiple &lt;select&gt; options from a collection. The
-@@ -313,7 +314,7 @@ public class OptionsTag extends TagSupport {
- if (filter) {
- sb.append(TagUtils.getInstance().filter(value));
- } else {
-- sb.append(value);
-+ sb.append(ResponseUtils.filterIfQuote(value));
- }
- sb.append("\"");
- if (matched) {
-@@ -321,12 +322,12 @@ public class OptionsTag extends TagSupport {
- }
- if (style != null) {
- sb.append(" style=\"");
-- sb.append(style);
-+ sb.append(ResponseUtils.filterIfQuote(style));
- sb.append("\"");
- }
- if (styleClass != null) {
- sb.append(" class=\"");
-- sb.append(styleClass);
-+ sb.append(ResponseUtils.filterIfQuote(styleClass));
- sb.append("\"");
- }
-
-@@ -335,7 +336,7 @@ public class OptionsTag extends TagSupport {
- if (filter) {
- sb.append(TagUtils.getInstance().filter(label));
- } else {
-- sb.append(label);
-+ sb.append(ResponseUtils.filterIfQuote(label));
- }
-
- sb.append("</option>\r\n");
-diff --git a/src/share/org/apache/struts/taglib/html/RewriteTag.java b/src/share/org/apache/struts/taglib/html/RewriteTag.java
-index 804e50c..63a2f03 100644
---- a/src/share/org/apache/struts/taglib/html/RewriteTag.java
-+++ b/src/share/org/apache/struts/taglib/html/RewriteTag.java
-@@ -24,6 +24,7 @@ import java.util.Map;
- import javax.servlet.jsp.JspException;
-
- import org.apache.struts.taglib.TagUtils;
-+import org.apache.struts.util.ResponseUtils;
-
- /**
- * Generate a URL-encoded URI as a string.
-@@ -72,7 +73,8 @@ public class RewriteTag extends LinkTag {
- (messages.getMessage("rewrite.url", e.toString()));
- }
-
-- TagUtils.getInstance().write(pageContext, url);
-+ TagUtils.getInstance().write(pageContext,
-+ ResponseUtils.filterIfQuote(url));
-
- return (SKIP_BODY);
-
-diff --git a/src/share/org/apache/struts/util/ResponseUtils.java b/src/share/org/apache/struts/util/ResponseUtils.java
-index 4588bb2..fe7e517 100644
---- a/src/share/org/apache/struts/util/ResponseUtils.java
-+++ b/src/share/org/apache/struts/util/ResponseUtils.java
-@@ -137,6 +137,37 @@ public class ResponseUtils {
- }
-
-
-+ /**
-+ * Replace double-quote characters in the input string with
-+ * proper HTML encoding.
-+ *
-+ * No other HTML-encoding is performed. As a result, the return value
-+ * can only be safely used in (X)HTML attributes surrounded by
-+ * double-quote characters (<code>"</code>).
-+ *
-+ * <p>Note that you should not use this function in new code.
-+ * It is only intended for old code which needs to be
-+ * backwards-compatible with incompletely-quoted attributes.
-+ *
-+ * @return a fresh string object if quoting is needed,
-+ * otherwise the input string
-+ */
-+ public static String filterIfQuote(String value) {
-+ if (value == null)
-+ return null;
-+ if (value.indexOf('"') >= 0) {
-+ StringBuffer sb = new StringBuffer(value.length() + 2);
-+ for (int i = 0; i < value.length(); ++i) {
-+ final char ch = value.charAt(i);
-+ if (ch == '"')
-+ sb.append("&quot;");
-+ else
-+ sb.append(ch);
-+ }
-+ return sb.toString();
-+ }
-+ return value;
-+ }
-
-
- /**
diff --git a/dev-java/struts/struts-1.2.9-r3.ebuild b/dev-java/struts/struts-1.2.9-r3.ebuild
deleted file mode 100644
index 6bad19cced58..000000000000
--- a/dev-java/struts/struts-1.2.9-r3.ebuild
+++ /dev/null
@@ -1,84 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-java/struts/struts-1.2.9-r3.ebuild,v 1.5 2011/12/19 11:01:26 sera Exp $
-
-EAPI="2"
-JAVA_PKG_IUSE="doc examples source"
-WANT_ANT_TASKS="ant-trax"
-
-inherit java-pkg-2 java-ant-2
-
-MY_P="${P}-src"
-DESCRIPTION="A powerful Model View Controller Framework for JSP/Servlets"
-SRC_URI="mirror://apache/struts/source/${MY_P}.tar.gz"
-HOMEPAGE="http://struts.apache.org/index.html"
-LICENSE="Apache-2.0"
-SLOT="1.2"
-COMMON_DEPS="
- >=dev-java/antlr-2.7.7:0[java]
- dev-java/commons-beanutils:1.7
- >=dev-java/commons-collections-2.1:0
- >=dev-java/commons-digester-1.5:0
- >=dev-java/commons-fileupload-1.0:0
- >=dev-java/commons-logging-1.0.4:0
- >=dev-java/commons-validator-1.1.4:0
- dev-java/jakarta-oro:2.0
- java-virtuals/servlet-api:2.3"
-RDEPEND=">=virtual/jre-1.4
- ${COMMON_DEPS}"
-DEPEND=">=virtual/jdk-1.4
- ${COMMON_DEPS}"
-IUSE=""
-KEYWORDS="amd64 ppc x86 ~x86-fbsd"
-
-S="${WORKDIR}/${MY_P}"
-
-src_prepare() {
- epatch "${FILESDIR}/${PN}-CVE-2008-2025.patch"
-
- java_prepare
-}
-
-java_prepare() {
- # the build.xml expects this directory to exist
- mkdir "${S}/lib"
- cd "${S}/lib"
-
- # No property exists for this
- java-pkg_jar-from commons-collections
-}
-
-src_compile() {
- local antflags="compile.library"
-
- # In the order the build process asks for these
- # They are copied in the build.xml to ${S}/target/library/
- antflags="${antflags} -Dcommons-beanutils.jar=$(java-pkg_getjar commons-beanutils-1.7 commons-beanutils.jar)"
- antflags="${antflags} -Dcommons-digester.jar=$(java-pkg_getjars commons-digester)"
- antflags="${antflags} -Dcommons-fileupload.jar=$(java-pkg_getjars commons-fileupload)"
- antflags="${antflags} -Dcommons-logging.jar=$(java-pkg_getjar commons-logging commons-logging.jar)"
- antflags="${antflags} -Dcommons-validator.jar=$(java-pkg_getjars commons-validator)"
- antflags="${antflags} -Djakarta-oro.jar=$(java-pkg_getjars jakarta-oro-2.0)"
-
- # Needed to compile
- antflags="${antflags} -Dservlet.jar=$(java-pkg_getjars servlet-api-2.3)"
- antflags="${antflags} -Dantlr.jar=$(java-pkg_getjars antlr)"
-
- # only needed for contrib stuff which we don't currently build
-# antflags="${antflags} -Dstruts-legacy.jar=$(java-pkg_getjars struts-legacy)"
-
- eant ${antflags} $(use_doc compile.javadoc)
-}
-
-src_install() {
- java-pkg_dojar target/library/${PN}.jar
-
- #install the tld files
- insinto /usr/share/${PN}-${SLOT}/lib
- doins target/library/*.tld
-
- dodoc README STATUS.txt || die
- use doc && java-pkg_dohtml -r target/documentation/
- use examples && java-pkg_doexamples src/example*
- use source && java-pkg_dosrc src/share/*
-}