packages/xalan-j2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!2 Update to 2.7.2

Browse Source 
From: @starlet-dx 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia
This commit is contained in:
openeuler-ci-bot 2023-08-22 08:35:35 +00:00 committed by Gitee
commit 2b3343e1b6
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
8 changed files with 62 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
serializer-2.7.1.pom → serializer-2.7.2.pom
View File

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
@ -13,14 +13,14 @@
<groupId>xalan</groupId>
<artifactId>serializer</artifactId>
<version>2.7.1</version>
<version>2.7.2</version>
<name>Xalan Java Serializer</name>
<description>
Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input
SAX events.
</description>
<url>http://xml.apache.org/xalan-j/</url>
<url>http://xml.apache.org/xalan-j/</url>
<dependencies>
<dependency>
@ -31,9 +31,9 @@
<dependency>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
<version>2.9.0</version>
<version>2.9.1</version>
<optional>true</optional>
</dependency>
</dependencies>
</project>
</project>

6
xalan-2.7.1.pom → xalan-2.7.2.pom
View File

@ -13,7 +13,7 @@
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<version>2.7.1</version>
<version>2.7.2</version>
<name>Xalan Java</name>
<description>
@ -28,12 +28,12 @@
<dependency>
<groupId>xalan</groupId>
<artifactId>serializer</artifactId>
<version>2.7.1</version>
<version>2.7.2</version>
</dependency>
<dependency>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
<version>2.9.0</version>
<version>2.9.1</version>
<optional>true</optional>
</dependency>
</dependencies>

BIN
xalan-j2-2.7.1.tar.gz
View File

Binary file not shown.

BIN
xalan-j2-2.7.2.tar.gz Normal file
View File

Binary file not shown.

148
xalan-j2-CVE-2014-0107.patch
View File

@ -1,148 +0,0 @@
diff --git a/src/org/apache/xalan/processor/TransformerFactoryImpl.java b/src/org/apache/xalan/processor/TransformerFactoryImpl.java
index 1298943..96a5e58 100644
--- a/src/org/apache/xalan/processor/TransformerFactoryImpl.java
+++ b/src/org/apache/xalan/processor/TransformerFactoryImpl.java
@@ -335,6 +335,10 @@ public class TransformerFactoryImpl extends SAXTransformerFactory
reader = XMLReaderFactory.createXMLReader();
}
+ if(m_isSecureProcessing)
+ {
+ reader.setFeature("http://xml.org/sax/features/external-general-entities",false);
+ }
// Need to set options!
reader.setContentHandler(handler);
reader.parse(isource);
diff --git a/src/org/apache/xalan/processor/XSLTElementProcessor.java b/src/org/apache/xalan/processor/XSLTElementProcessor.java
index b946743..17b7395 100644
--- a/src/org/apache/xalan/processor/XSLTElementProcessor.java
+++ b/src/org/apache/xalan/processor/XSLTElementProcessor.java
@@ -338,17 +338,31 @@ public class XSLTElementProcessor extends ElemTemplateElement
}
else
{
- // Can we switch the order here:
-
- boolean success = attrDef.setAttrValue(handler, attrUri, attrLocalName,
- attributes.getQName(i), attributes.getValue(i),
- target);
-
- // Now we only add the element if it passed a validation check
- if (success)
- processedDefs.add(attrDef);
- else
- errorDefs.add(attrDef);
+ //handle secure processing
+ if(handler.getStylesheetProcessor()==null)
+ System.out.println("stylesheet processor null");
+ if(attrDef.getName().compareTo("*")==0 && handler.getStylesheetProcessor().isSecureProcessing())
+ {
+ //foreign attributes are not allowed in secure processing mode
+ // Then barf, because this element does not allow this attribute.
+ handler.error(XSLTErrorResources.ER_ATTR_NOT_ALLOWED, new Object[]{attributes.getQName(i), rawName}, null);//"\""+attributes.getQName(i)+"\""
+ //+ " attribute is not allowed on the " + rawName
+ // + " element!", null);
+ }
+ else
+ {
+
+
+ boolean success = attrDef.setAttrValue(handler, attrUri, attrLocalName,
+ attributes.getQName(i), attributes.getValue(i),
+ target);
+
+ // Now we only add the element if it passed a validation check
+ if (success)
+ processedDefs.add(attrDef);
+ else
+ errorDefs.add(attrDef);
+ }
}
}
diff --git a/src/org/apache/xalan/transformer/TransformerImpl.java b/src/org/apache/xalan/transformer/TransformerImpl.java
index dd0d4d9..0906d24 100644
--- a/src/org/apache/xalan/transformer/TransformerImpl.java
+++ b/src/org/apache/xalan/transformer/TransformerImpl.java
@@ -438,7 +438,9 @@ public class TransformerImpl extends Transformer
try
{
if (sroot.getExtensions() != null)
- m_extensionsTable = new ExtensionsTable(sroot);
+ //only load extensions if secureProcessing is disabled
+ if(!sroot.isSecureProcessing())
+ m_extensionsTable = new ExtensionsTable(sroot);
}
catch (javax.xml.transform.TransformerException te)
{te.printStackTrace();}
diff --git a/src/org/apache/xpath/functions/FuncSystemProperty.java b/src/org/apache/xpath/functions/FuncSystemProperty.java
index 4bea356..78ac980 100644
--- a/src/org/apache/xpath/functions/FuncSystemProperty.java
+++ b/src/org/apache/xpath/functions/FuncSystemProperty.java
@@ -58,7 +58,7 @@ public class FuncSystemProperty extends FunctionOneArg
String fullName = m_arg0.execute(xctxt).str();
int indexOfNSSep = fullName.indexOf(':');
- String result;
+ String result = null;
String propName = "";
// List of properties where the name of the
@@ -98,14 +98,20 @@ public class FuncSystemProperty extends FunctionOneArg
try
{
- result = System.getProperty(propName);
-
- if (null == result)
- {
-
- // result = System.getenv(propName);
- return XString.EMPTYSTRING;
- }
+ //if secure procession is enabled only handle required properties do not not map any valid system property
+ if(!xctxt.isSecureProcessing())
+ {
+ result = System.getProperty(propName);
+ }
+ else
+ {
+ warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION,
+ new Object[]{ fullName }); //"SecurityException when trying to access XSL system property: "+fullName);
+ }
+ if (null == result)
+ {
+ return XString.EMPTYSTRING;
+ }
}
catch (SecurityException se)
{
@@ -120,14 +126,20 @@ public class FuncSystemProperty extends FunctionOneArg
{
try
{
- result = System.getProperty(fullName);
-
- if (null == result)
- {
-
- // result = System.getenv(fullName);
- return XString.EMPTYSTRING;
- }
+ //if secure procession is enabled only handle required properties do not not map any valid system property
+ if(!xctxt.isSecureProcessing())
+ {
+ result = System.getProperty(fullName);
+ }
+ else
+ {
+ warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION,
+ new Object[]{ fullName }); //"SecurityException when trying to access XSL system property: "+fullName);
+ }
+ if (null == result)
+ {
+ return XString.EMPTYSTRING;
+ }
}
catch (SecurityException se)
{

88
xalan-j2-MANIFEST.MF
View File

@ -5,48 +5,48 @@ Main-Class: org.apache.xalan.xslt.Process
Bundle-ManifestVersion: 2
Bundle-Name: %Bundle-Name.0
Bundle-SymbolicName: org.apache.xalan
Bundle-Version: 2.7.1
Bundle-Version: 2.7.2
Bundle-Vendor: %Bundle-Vendor.0
Export-Package: org.apache.regexp;version="2.7.1",
org.apache.xalan;version="2.7.1",
org.apache.xalan.client;version="2.7.1",
org.apache.xalan.extensions;version="2.7.1",
org.apache.xalan.lib;version="2.7.1",
org.apache.xalan.lib.sql;version="2.7.1",
org.apache.xalan.processor;version="2.7.1",
org.apache.xalan.res;version="2.7.1",
org.apache.xalan.serialize;version="2.7.1",
org.apache.xalan.templates;version="2.7.1",
org.apache.xalan.trace;version="2.7.1",
org.apache.xalan.transformer;version="2.7.1",
org.apache.xalan.xslt;version="2.7.1",
org.apache.xalan.xsltc;version="2.7.1",
org.apache.xalan.xsltc.cmdline;version="2.7.1",
org.apache.xalan.xsltc.cmdline.getopt;version="2.7.1",
org.apache.xalan.xsltc.compiler;version="2.7.1",
org.apache.xalan.xsltc.compiler.util;version="2.7.1",
org.apache.xalan.xsltc.dom;version="2.7.1",
org.apache.xalan.xsltc.runtime;version="2.7.1",
org.apache.xalan.xsltc.runtime.output;version="2.7.1",
org.apache.xalan.xsltc.trax;version="2.7.1",
org.apache.xalan.xsltc.util;version="2.7.1",
org.apache.xml.dtm;version="2.7.1",
org.apache.xml.dtm.ref;version="2.7.1",
org.apache.xml.dtm.ref.dom2dtm;version="2.7.1",
org.apache.xml.dtm.ref.sax2dtm;version="2.7.1",
org.apache.xml.res;version="2.7.1",
org.apache.xml.utils;version="2.7.1",
org.apache.xml.utils.res;version="2.7.1",
org.apache.xpath;version="2.7.1",
org.apache.xpath.axes;version="2.7.1",
org.apache.xpath.compiler;version="2.7.1",
org.apache.xpath.domapi;version="2.7.1",
org.apache.xpath.functions;version="2.7.1",
org.apache.xpath.jaxp;version="2.7.1",
org.apache.xpath.objects;version="2.7.1",
org.apache.xpath.operations;version="2.7.1",
org.apache.xpath.patterns;version="2.7.1",
org.apache.xpath.res;version="2.7.1"
Export-Package: org.apache.regexp;version="2.7.2",
org.apache.xalan;version="2.7.2",
org.apache.xalan.client;version="2.7.2",
org.apache.xalan.extensions;version="2.7.2",
org.apache.xalan.lib;version="2.7.2",
org.apache.xalan.lib.sql;version="2.7.2",
org.apache.xalan.processor;version="2.7.2",
org.apache.xalan.res;version="2.7.2",
org.apache.xalan.serialize;version="2.7.2",
org.apache.xalan.templates;version="2.7.2",
org.apache.xalan.trace;version="2.7.2",
org.apache.xalan.transformer;version="2.7.2",
org.apache.xalan.xslt;version="2.7.2",
org.apache.xalan.xsltc;version="2.7.2",
org.apache.xalan.xsltc.cmdline;version="2.7.2",
org.apache.xalan.xsltc.cmdline.getopt;version="2.7.2",
org.apache.xalan.xsltc.compiler;version="2.7.2",
org.apache.xalan.xsltc.compiler.util;version="2.7.2",
org.apache.xalan.xsltc.dom;version="2.7.2",
org.apache.xalan.xsltc.runtime;version="2.7.2",
org.apache.xalan.xsltc.runtime.output;version="2.7.2",
org.apache.xalan.xsltc.trax;version="2.7.2",
org.apache.xalan.xsltc.util;version="2.7.2",
org.apache.xml.dtm;version="2.7.2",
org.apache.xml.dtm.ref;version="2.7.2",
org.apache.xml.dtm.ref.dom2dtm;version="2.7.2",
org.apache.xml.dtm.ref.sax2dtm;version="2.7.2",
org.apache.xml.res;version="2.7.2",
org.apache.xml.utils;version="2.7.2",
org.apache.xml.utils.res;version="2.7.2",
org.apache.xpath;version="2.7.2",
org.apache.xpath.axes;version="2.7.2",
org.apache.xpath.compiler;version="2.7.2",
org.apache.xpath.domapi;version="2.7.2",
org.apache.xpath.functions;version="2.7.2",
org.apache.xpath.jaxp;version="2.7.2",
org.apache.xpath.objects;version="2.7.2",
org.apache.xpath.operations;version="2.7.2",
org.apache.xpath.patterns;version="2.7.2",
org.apache.xpath.res;version="2.7.2"
Require-Bundle: system.bundle, org.apache.xerces
Eclipse-BuddyPolicy: registered
@ -56,20 +56,20 @@ Specification-Title: Java API for XML Processing
Specification-Vendor: Sun Microsystems Inc.
Specification-Version: 1.3
Implementation-Title: org.apache.xalan
Implementation-Version: 2.7.1
Implementation-Version: 2.7.2
Implementation-Vendor: Apache Software Foundation
Implementation-URL: http://xml.apache.org/xalan-j/dist/
Name: org/apache/xml/
Comment: DTM implementation and utilities
Implementation-Title: org.apache.xml
Implementation-Version: 2.7.1
Implementation-Version: 2.7.2
Implementation-Vendor: Apache Software Foundation
Implementation-URL: http://xml.apache.org/xalan-j/dist/
Name: org/apache/xpath/
Comment: XPath engine
Implementation-Title: org.apache.xpath
Implementation-Version: 2.7.1
Implementation-Version: 2.7.2
Implementation-Vendor: Apache Software Foundation
Implementation-URL: http://xml.apache.org/xalan-j/dist/

10
xalan-j2.spec
View File

@ -1,9 +1,9 @@
%global cvs_version 2_7_1
%global cvs_version 2_7_2
%global xalan_data_dir %{buildroot}%{_datadir}/%{name}
Name: xalan-j2
Version: 2.7.1
Release: 39
Version: 2.7.2
Release: 1
Epoch: 0
Summary: Java XSLT processor
License: ASL 2.0 and W3C
@ -16,7 +16,6 @@ Source4: %{name}-MANIFEST.MF
Source5: %{name}-serializer-MANIFEST.MF
Source6: generate-tarball.sh
Patch0: %{name}-noxsltcdeps.patch
Patch1: %{name}-CVE-2014-0107.patch
BuildRequires: ant apache-parent bcel dos2unix glassfish-servlet-api java_cup
@ -131,5 +130,8 @@ mv %{_javadir}/jaxp_transform_impl.jar{.tmp,} || :
%changelog
* Tue Jul 11 2023 yaoxin <yao_xin001@hoperun.com> - 0:2.7.2-1
- Update to 2.7.2
* Tue Dec 3 2019 huyan <hu.huyan@huawei.com> - 0:2.7.1-39
- Package Initialization

4
xsltc-2.7.1.pom → xsltc-2.7.2.pom
View File

@ -2,12 +2,12 @@
<modelVersion>4.0.0</modelVersion>
<groupId>xalan</groupId>
<artifactId>xsltc</artifactId>
<version>2.7.1</version>
<version>2.7.2</version>
<dependencies>
<dependency>
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<version>2.7.1</version>
<version>2.7.2</version>
</dependency>
</dependencies>
</project>