diff --git a/.gitignore b/.gitignore index 0187a6e..0942aff 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/apache-ant-1.10.5-src.tar.bz2 +SOURCES/apache-ant-1.9.4-src.tar.bz2 diff --git a/0001-Fix-arbitrary-file-write-vulnerability.patch b/0001-Fix-arbitrary-file-write-vulnerability.patch new file mode 100644 index 0000000..8b1b719 --- /dev/null +++ b/0001-Fix-arbitrary-file-write-vulnerability.patch @@ -0,0 +1,235 @@ +From 89a75b024e45f687b1152fbb89ea47f7cbad75ce Mon Sep 17 00:00:00 2001 +From: Michael Simacek +Date: Tue, 26 Jun 2018 15:17:33 +0200 +Subject: [PATCH] Fix arbitrary file write vulnerability + +--- + WHATSNEW | 18 +++++++ + manual/Tasks/unzip.html | 12 ++++- + .../org/apache/tools/ant/taskdefs/Expand.java | 37 ++++++++++++-- + src/tests/antunit/taskdefs/unzip-test.xml | 46 ++++++++++++++++++ + .../taskdefs/zip/direscape-absolute.zip | Bin 0 -> 332 bytes + src/tests/antunit/taskdefs/zip/direscape.zip | Bin 0 -> 332 bytes + 6 files changed, 109 insertions(+), 4 deletions(-) + create mode 100644 src/tests/antunit/taskdefs/zip/direscape-absolute.zip + create mode 100644 src/tests/antunit/taskdefs/zip/direscape.zip + +diff --git a/WHATSNEW b/WHATSNEW +index 1e9b3398b..1ff99fc98 100644 +--- a/WHATSNEW ++++ b/WHATSNEW +@@ -1,3 +1,21 @@ ++Backported changes ++================== ++ ++Changes that could break older environments: ++------------------------------------------- ++ ++ * , and will no longer extract entries whose ++ names would make the created files be placed outside of the ++ destination directory anymore by default. A new attribute ++ allowFilesToEscapeDest can be used to override the behavior. ++ Another special case is when stripAbsolutePathSpec is false (which ++ no longer is the default) and the entry's name starts with a ++ (back)slash and allowFilesToEscapeDest hasn't been specified ++ explicitly, in this case the file may be created outside of the ++ dest directory as well. ++ In addition stripAbsolutePathSpec is now true by default. ++ Based on a recommendation by the Snyk Security Research Team. ++ + Changes from Ant 1.9.3 TO Ant 1.9.4 + =================================== + +diff --git a/manual/Tasks/unzip.html b/manual/Tasks/unzip.html +index 02df7acf9..a5fc40fd3 100644 +--- a/manual/Tasks/unzip.html ++++ b/manual/Tasks/unzip.html +@@ -125,7 +125,8 @@ archive.

+ Note that this changes the entry's name before applying + include/exclude patterns and before using the nested mappers (if + any). since Ant 1.8.0 +- No, defaults to false ++ No, defaults to true since 1.9.12 ++ (used to defaukt to false prior to that) + + + scanForUnicodeExtraFields +@@ -137,6 +138,15 @@ archive.

+ zip task page + No, defaults to true + ++ ++ allowFilesToEscapeDest ++ Whether to allow the extracted file or directory ++ to be outside of the dest directory. ++ since Ant 1.9.12 ++ No, defaults to false unless ++ stripAbsolutePathSpec is true and the entry's name starts with a leading ++ path spec. ++ + +

Examples

+
+diff --git a/src/main/org/apache/tools/ant/taskdefs/Expand.java b/src/main/org/apache/tools/ant/taskdefs/Expand.java
+index 8722e2402..ac5287cb8 100644
+--- a/src/main/org/apache/tools/ant/taskdefs/Expand.java
++++ b/src/main/org/apache/tools/ant/taskdefs/Expand.java
+@@ -67,8 +67,9 @@ public class Expand extends Task {
+     private Union resources = new Union();
+     private boolean resourcesSpecified = false;
+     private boolean failOnEmptyArchive = false;
+-    private boolean stripAbsolutePathSpec = false;
++    private boolean stripAbsolutePathSpec = true;
+     private boolean scanForUnicodeExtraFields = true;
++    private Boolean allowFilesToEscapeDest = null;
+ 
+     public static final String NATIVE_ENCODING = "native-encoding";
+ 
+@@ -240,14 +241,17 @@ public class Expand extends Task {
+                                boolean isDirectory, FileNameMapper mapper)
+                                throws IOException {
+ 
+-        if (stripAbsolutePathSpec && entryName.length() > 0
++        final boolean entryNameStartsWithPathSpec = entryName.length() > 0
+             && (entryName.charAt(0) == File.separatorChar
+                 || entryName.charAt(0) == '/'
+-                || entryName.charAt(0) == '\\')) {
++                || entryName.charAt(0) == '\\');
++        if (stripAbsolutePathSpec && entryNameStartsWithPathSpec) {
+             log("stripped absolute path spec from " + entryName,
+                 Project.MSG_VERBOSE);
+             entryName = entryName.substring(1);
+         }
++        boolean allowedOutsideOfDest = Boolean.TRUE == getAllowFilesToEscapeDest()
++            || null == getAllowFilesToEscapeDest() && !stripAbsolutePathSpec && entryNameStartsWithPathSpec;
+ 
+         if (patternsets != null && patternsets.size() > 0) {
+             String name = entryName.replace('/', File.separatorChar)
+@@ -313,6 +317,12 @@ public class Expand extends Task {
+             mappedNames = new String[] {entryName};
+         }
+         File f = fileUtils.resolveFile(dir, mappedNames[0]);
++        if (!allowedOutsideOfDest && !fileUtils.isLeadingPath(dir, f)) {
++            log("skipping " + entryName + " as its target " + f + " is outside of "
++                + dir + ".", Project.MSG_VERBOSE);
++                return;
++        }
++
+         try {
+             if (!overwrite && f.exists()
+                 && f.lastModified() >= entryDate.getTime()) {
+@@ -508,4 +518,25 @@ public class Expand extends Task {
+         return scanForUnicodeExtraFields;
+     }
+ 
++    /**
++     * Whether to allow the extracted file or directory to be outside of the dest directory.
++     *
++     * @param b the flag
++     * @since Ant 1.9.12
++     */
++    public void setAllowFilesToEscapeDest(boolean b) {
++        allowFilesToEscapeDest = b;
++    }
++
++    /**
++     * Whether to allow the extracted file or directory to be outside of the dest directory.
++     *
++     * @return {@code null} if the flag hasn't been set explicitly,
++     * otherwise the value set by the user.
++     * @since Ant 1.9.12
++     */
++    public Boolean getAllowFilesToEscapeDest() {
++        return allowFilesToEscapeDest;
++    }
++
+ }
+diff --git a/src/tests/antunit/taskdefs/unzip-test.xml b/src/tests/antunit/taskdefs/unzip-test.xml
+index b2c2105dd..bdf5f61e1 100644
+--- a/src/tests/antunit/taskdefs/unzip-test.xml
++++ b/src/tests/antunit/taskdefs/unzip-test.xml
+@@ -24,6 +24,10 @@
+     
+   
+ 
++  
++    
++  
++
+   
+     
+@@ -67,4 +71,46 @@
+     
+     
+   
++
++  
++    
++    
++    
++    
++  
++
++  
++    
++    
++    
++    
++  
++
++  
++    
++    
++    
++    
++    
++    
++  
++
++  
++    
++    
++  
++
++  
++    
++    
++  
+ 
+diff --git a/src/tests/antunit/taskdefs/zip/direscape-absolute.zip b/src/tests/antunit/taskdefs/zip/direscape-absolute.zip
+new file mode 100644
+index 000000000..0bae4aaf1
+--- /dev/null
++++ b/src/tests/antunit/taskdefs/zip/direscape-absolute.zip
+@@ -0,0 +1,5 @@
++PK
++L
/tmp/testdir/UT	7lZnZuxPK
++L/tmp/testdir/aUT	7lZJlZuxPK
++L
A/tmp/testdir/UT7lZuxPK
++LG/tmp/testdir/aUT7lZuxPK
+\ No newline at end of file
+diff --git a/src/tests/antunit/taskdefs/zip/direscape.zip b/src/tests/antunit/taskdefs/zip/direscape.zip
+new file mode 100644
+index 000000000..63cefd2d8
+--- /dev/null
++++ b/src/tests/antunit/taskdefs/zip/direscape.zip
+@@ -0,0 +1,5 @@
++PK
++L
../testinput/UT	7lZnZuxPK
++L../testinput/aUT	7lZJlZuxPK
++L
A../testinput/UT7lZuxPK
++LG../testinput/aUT7lZuxPK
+\ No newline at end of file
+-- 
+2.17.1
+
diff --git a/ant.spec b/ant.spec
index 4f9de6b..963a601 100644
--- a/ant.spec
+++ b/ant.spec
@@ -31,76 +31,51 @@
 %bcond_without tests
 %bcond_without javadoc
 
-# Disabled for now, asi it doesn't work (tests fail) and nobody needs it
-%bcond_with junit5
-
 %global ant_home %{_datadir}/ant
+%global major_version 1.8
 
 Name:           ant
-Version:        1.10.5
-Release:        1%{?dist}
+Version:        1.9.4
+Release:        2%{?dist}
 Epoch:          0
-Summary:        Java build tool
+Summary:        Build tool for java
 Summary(it):    Tool per la compilazione di programmi java
 Summary(fr):    Outil de compilation pour java
 License:        ASL 2.0
-URL:            https://ant.apache.org/
-Source0:        https://www.apache.org/dist/ant/source/apache-ant-%{version}-src.tar.bz2
-Source2:        apache-ant-1.8.ant.conf
-# manpage
-Source3:        ant.asciidoc
+URL:            http://ant.apache.org/
+Source0:        http://archive.apache.org/dist/ant/source/apache-ant-%{version}-src.tar.bz2
+Source2:        apache-ant-%{major_version}.ant.conf
 
-BuildRequires:  javapackages-local
-BuildRequires:  java-devel >= 1:1.8.0
-BuildRequires:  ant >= 1.10.2
+Patch1:         0001-Fix-arbitrary-file-write-vulnerability.patch
+
+# Fix some places where copies of classes are included in the wrong jarfiles
+Patch4:         apache-ant-class-path-in-manifest.patch
+
+BuildRequires:  jpackage-utils >= 0:1.7.5
+BuildRequires:  java-devel >= 0:1.5.0
+BuildRequires:  ant
+BuildRequires:  ant-apache-xalan2
 BuildRequires:  ant-junit
+BuildRequires:  junit
+BuildRequires:  xalan-j2
+BuildRequires:  xerces-j2
+BuildRequires:  xml-commons-apis
 
-BuildRequires:  asciidoc
-BuildRequires:  xmlto
+Requires:       jpackage-utils >= 0:1.7.5
+Requires:       java-devel >= 0:1.5.0
+Requires:       perl
+Requires:       python
+Requires:       xerces-j2
+Requires:       xml-commons-apis
 
-BuildRequires:  mvn(antlr:antlr)
-BuildRequires:  mvn(bcel:bcel)
-BuildRequires:  mvn(bsf:bsf)
-BuildRequires:  mvn(com.jcraft:jsch)
-BuildRequires:  mvn(commons-logging:commons-logging-api)
-BuildRequires:  mvn(commons-net:commons-net)
-BuildRequires:  mvn(javax.mail:mail)
-BuildRequires:  mvn(jdepend:jdepend)
-BuildRequires:  mvn(junit:junit)
-BuildRequires:  mvn(log4j:log4j:1.2.13)
-BuildRequires:  mvn(org.tukaani:xz)
-BuildRequires:  mvn(oro:oro)
-BuildRequires:  mvn(regexp:regexp)
-BuildRequires:  mvn(xalan:xalan)
-BuildRequires:  mvn(xml-resolver:xml-resolver)
-BuildRequires:  mvn(org.hamcrest:hamcrest-core)
-BuildRequires:  mvn(org.hamcrest:hamcrest-library)
-
-%if %{with junit5}
-BuildRequires:  junit5
-%endif
-
-# Theoretically Ant might be usable with just JRE, but typical Ant
-# workflow requires full JDK, so we recommend it here.
-%{?fedora:Recommends}%{!?fedora:Requires}: java-devel >= 1:1.8.0
-
-Requires:       %{name}-lib = %{epoch}:%{version}-%{release}
-# Require full javapackages-tools since the ant script uses
-# /usr/share/java-utils/java-functions
-Requires:       javapackages-tools
+Obsoletes:      %{name}-scripts < %{epoch}:%{version}-%{release}
+Provides:       %{name}-scripts = %{epoch}:%{version}-%{release}
 
 BuildArch:      noarch
 
 %description
-Apache Ant is a Java library and command-line tool whose mission is to
-drive processes described in build files as targets and extension
-points dependent upon each other.  The main known usage of Ant is the
-build of Java applications.  Ant supplies a number of built-in tasks
-allowing to compile, assemble, test and run Java applications.  Ant
-can also be used effectively to build non Java applications, for
-instance C or C++ applications.  More generally, Ant can be used to
-pilot any type of process which can be described in terms of targets
-and tasks.
+Ant is a platform-independent build tool for java. It's used by apache
+jakarta and xml projects.
 
 %description -l fr
 Ant est un outil de compilation multi-plateformes pour java. Il est
@@ -112,12 +87,6 @@ compilazione di programmi java.
 Allo stato attuale viene utilizzato dai progetti apache jakarta ed
 apache xml.
 
-%package lib
-Summary:        Core part of %{name}
-
-%description lib
-Core part of Apache Ant that can be used as a library.
-
 %package jmf
 Summary:        Optional jmf tasks for %{name}
 Requires:       %{name} = %{epoch}:%{version}-%{release}
@@ -141,6 +110,8 @@ Taches swing optionelles pour %{name}.
 %package antlr
 Summary:        Optional antlr tasks for %{name}
 Requires:       %{name} = %{epoch}:%{version}-%{release}
+Requires:       antlr
+BuildRequires:  antlr
 
 %description antlr
 Optional antlr tasks for %{name}.
@@ -151,6 +122,8 @@ Taches antlr optionelles pour %{name}.
 %package apache-bsf
 Summary:        Optional apache bsf tasks for %{name}
 Requires:       %{name} = %{epoch}:%{version}-%{release}
+Requires:       bsf
+BuildRequires:  bsf
 
 %description apache-bsf
 Optional apache bsf tasks for %{name}.
@@ -161,6 +134,8 @@ Taches apache bsf optionelles pour %{name}.
 %package apache-resolver
 Summary:        Optional apache resolver tasks for %{name}
 Requires:       %{name} = %{epoch}:%{version}-%{release}
+Requires:       xml-commons-resolver
+BuildRequires:  xml-commons-resolver
 
 %description apache-resolver
 Optional apache resolver tasks for %{name}.
@@ -171,6 +146,8 @@ Taches apache resolver optionelles pour %{name}.
 %package commons-logging
 Summary:        Optional commons logging tasks for %{name}
 Requires:       %{name} = %{epoch}:%{version}-%{release}
+Requires:       apache-commons-logging
+BuildRequires:  apache-commons-logging
 
 %description commons-logging
 Optional commons logging tasks for %{name}.
@@ -181,6 +158,8 @@ Taches commons logging optionelles pour %{name}.
 %package commons-net
 Summary:        Optional commons net tasks for %{name}
 Requires:       %{name} = %{epoch}:%{version}-%{release}
+Requires:       apache-commons-net
+BuildRequires:  apache-commons-net
 
 %description commons-net
 Optional commons net tasks for %{name}.
@@ -193,6 +172,8 @@ Taches commons net optionelles pour %{name}.
 %package jai
 Summary:        Optional jai tasks for %{name}
 Requires:       %{name} = %{epoch}:%{version}-%{release}
+Requires:       jai
+BuildRequires:  jai
 
 %description jai
 Optional jai tasks for %{name}.
@@ -204,6 +185,8 @@ Taches jai optionelles pour %{name}.
 %package apache-bcel
 Summary:        Optional apache bcel tasks for %{name}
 Requires:       %{name} = %{epoch}:%{version}-%{release}
+Requires:       bcel
+BuildRequires:  bcel
 
 %description apache-bcel
 Optional apache bcel tasks for %{name}.
@@ -214,6 +197,8 @@ Taches apache bcel optionelles pour %{name}.
 %package apache-log4j
 Summary:        Optional apache log4j tasks for %{name}
 Requires:       %{name} = %{epoch}:%{version}-%{release}
+Requires:       log4j
+BuildRequires:  log4j
 
 %description apache-log4j
 Optional apache log4j tasks for %{name}.
@@ -224,6 +209,8 @@ Taches apache log4j optionelles pour %{name}.
 %package apache-oro
 Summary:        Optional apache oro tasks for %{name}
 Requires:       %{name} = %{epoch}:%{version}-%{release}
+Requires:       jakarta-oro
+BuildRequires:  jakarta-oro
 
 %description apache-oro
 Optional apache oro tasks for %{name}.
@@ -234,6 +221,8 @@ Taches apache oro optionelles pour %{name}.
 %package apache-regexp
 Summary:        Optional apache regexp tasks for %{name}
 Requires:       %{name} = %{epoch}:%{version}-%{release}
+Requires:       regexp
+BuildRequires:  regexp
 
 %description apache-regexp
 Optional apache regexp tasks for %{name}.
@@ -244,6 +233,9 @@ Taches apache regexp optionelles pour %{name}.
 %package apache-xalan2
 Summary:        Optional apache xalan2 tasks for %{name}
 Requires:       %{name} = %{epoch}:%{version}-%{release}
+Requires:       regexp
+BuildRequires:  regexp
+Requires:       xalan-j2
 
 %description apache-xalan2
 Optional apache xalan2 tasks for %{name}.
@@ -254,6 +246,8 @@ Taches apache xalan2 optionelles pour %{name}.
 %package javamail
 Summary:        Optional javamail tasks for %{name}
 Requires:       %{name} = %{epoch}:%{version}-%{release}
+Requires:       javamail >= 0:1.2-5jpp
+BuildRequires:  javamail >= 0:1.2-5jpp
 
 %description javamail
 Optional javamail tasks for %{name}.
@@ -264,6 +258,8 @@ Taches javamail optionelles pour %{name}.
 %package jdepend
 Summary:        Optional jdepend tasks for %{name}
 Requires:       %{name} = %{epoch}:%{version}-%{release}
+Requires:       jdepend
+BuildRequires:  jdepend
 
 %description jdepend
 Optional jdepend tasks for %{name}.
@@ -274,6 +270,8 @@ Taches jdepend optionelles pour %{name}.
 %package jsch
 Summary:        Optional jsch tasks for %{name}
 Requires:       %{name} = %{epoch}:%{version}-%{release}
+Requires:       jsch
+BuildRequires:  jsch
 
 %description jsch
 Optional jsch tasks for %{name}.
@@ -284,6 +282,8 @@ Taches jsch optionelles pour %{name}.
 %package junit
 Summary:        Optional junit tasks for %{name}
 Requires:       %{name} = %{epoch}:%{version}-%{release}
+Requires:       junit
+Requires:       xalan-j2
 
 %description junit
 Optional junit tasks for %{name}.
@@ -291,34 +291,18 @@ Optional junit tasks for %{name}.
 %description junit -l fr
 Taches junit optionelles pour %{name}.
 
-%if %{with junit5}
-%package junit5
-Summary:        Optional junit5 tasks for %{name}
-Requires:       %{name} = %{epoch}:%{version}-%{release}
-
-%description junit5
-Optional junit5 tasks for %{name}.
-
-%description junit5 -l fr
-Taches junit5 optionelles pour %{name}.
-%endif
-
 %package testutil
 Summary:        Test utility classes for %{name}
 Requires:       %{name} = %{epoch}:%{version}-%{release}
+Requires:       junit
 
 %description testutil
 Test utility tasks for %{name}.
 
-%package xz
-Summary:        Optional xz tasks for %{name}
-Requires:       %{name} = %{epoch}:%{version}-%{release}
-
-%description xz
-Optional xz tasks for %{name}.
-
 %package manual
 Summary:        Manual for %{name}
+# tutorial-tasks-filesets-properties.zip contains ASL 1.1 files
+License:        ASL 2.0 and ASL 1.1
 
 %description manual
 Documentation for %{name}.
@@ -342,12 +326,16 @@ Javadoc pour %{name}.
 
 %prep
 %setup -q -n apache-ant-%{version}
+#Fixup version
+find -name build.xml -o -name pom.xml | xargs sed -i -e s/-SNAPSHOT//
+
+%patch1 -p1
 
 # Fix class-path-in-manifest rpmlint warning
-%pom_xpath_remove 'attribute[@name="Class-Path"]' build.xml
+%patch4
 
 # clean jar files
-find . -name "*.jar" | xargs -t rm
+find . -name "*.jar" | %{_bindir}/xargs -t rm
 
 # failing testcases. TODO see why
 rm src/tests/junit/org/apache/tools/ant/types/selectors/SignedSelectorTest.java \
@@ -357,22 +345,7 @@ rm src/tests/junit/org/apache/tools/ant/types/selectors/SignedSelectorTest.java
    src/tests/junit/org/apache/tools/mail/MailMessageTest.java
 
 #install jars
-build-jar-repository -s -p lib/optional antlr bcel javamail/mailapi jdepend junit log4j-1 oro regexp bsf commons-logging commons-net jsch xalan-j2 xml-commons-resolver xalan-j2-serializer hamcrest/core hamcrest/library xz-java
-%if %{with junit5}
-build-jar-repository -s -p lib/optional junit5 opentest4j
-%endif
-
-# fix hardcoded paths in ant script and conf
-cp -p %{SOURCE2} %{name}.conf
-sed -e 's:/etc/ant.conf:%{_sysconfdir}/ant.conf:g' \
-    -e 's:/etc/ant.d:%{_sysconfdir}/ant.d:g' \
-    -e 's:/usr/share/ant:%{_datadir}/ant:g' \
-    -e 's:/usr/bin/build-classpath:%{_bindir}/build-classpath:g' \
-    -e 's:/usr/share/java-utils/java-functions:%{_javadir}-utils/java-functions:g' \
-    -i src/script/ant %{name}.conf
-
-# Remove unnecessary JARs from the classpath
-sed -i 's/jaxp_parser_impl//;s/xml-commons-apis//' src/script/ant
+build-jar-repository -s -p lib/optional antlr bcel javamail/mailapi jdepend junit log4j oro regexp bsf commons-logging commons-net jsch xalan-j2 xml-commons-resolver xalan-j2-serializer xerces-j2 xml-commons-apis
 
 # Fix file-not-utf8 rpmlint warning
 iconv KEYS -f iso-8859-1 -t utf-8 -o KEYS.utf8
@@ -380,40 +353,25 @@ mv KEYS.utf8 KEYS
 iconv LICENSE -f iso-8859-1 -t utf-8 -o LICENSE.utf8
 mv LICENSE.utf8 LICENSE
 
-# We want a hard dep on antlr
-%pom_xpath_remove pom:optional src/etc/poms/ant-antlr/pom.xml
-
-%if %{without junit5}
-%pom_xpath_inject 'target[@name="javadocs"]/javadoc/packageset' '' build.xml
-%endif
-
 %build
 %{ant} jars test-jar
 
 %if %with javadoc
+export CLASSPATH=$(build-classpath antlr bcel javamail/mailapi jdepend junit log4j oro regexp bsf commons-logging commons-net jsch xalan-j2 xml-commons-resolver xerces-j2 xml-commons-apis)
 %{ant} javadocs
 %endif
 
-# typeset the manpage
-mkdir man
-asciidoc -b docbook -d manpage -o man/%{name}.xml %{SOURCE3}
-xmlto man man/%{name}.xml -o man
-
 #remove empty jai and netrexx jars. Due to missing dependencies they contain only manifests.
 rm -fr build/lib/ant-jai.jar build/lib/ant-netrexx.jar
-%if %{without junit5}
-rm -f build/lib/ant-junitlauncher.jar
-%endif
 # -----------------------------------------------------------------------------
 
 %install
 # ANT_HOME and subdirs
 mkdir -p $RPM_BUILD_ROOT%{ant_home}/{lib,etc,bin}
 
-%mvn_alias :ant org.apache.ant:ant-nodeps apache:ant ant:ant
-%mvn_alias :ant-launcher ant:ant-launcher
-
-%mvn_file ':{ant,ant-bootstrap,ant-launcher}' %{name}/@1 @1
+# jars
+install -d -m 755 $RPM_BUILD_ROOT%{_javadir}/%{name}
+install -d -m 755 $RPM_BUILD_ROOT%{_mavenpomdir}
 
 for jar in build/lib/*.jar
 do
@@ -421,30 +379,33 @@ do
   jar tf ${jar} | egrep -q *.class
 
   jarname=$(basename $jar .jar)
+  pomname="JPP.%{name}-${jarname}.pom"
 
+  #instal jar
+  install -m 644 ${jar} $RPM_BUILD_ROOT%{_javadir}/%{name}/${jarname}.jar
   # jar aliases
   ln -sf ../../java/%{name}/${jarname}.jar $RPM_BUILD_ROOT%{ant_home}/lib/${jarname}.jar
 
-  pom=src/etc/poms/${jarname}/pom.xml
+  #bootstrap does not have a pom
+  [ $jarname == ant-bootstrap ] && continue
 
-  # bootstrap does not have a pom, generate one
-  [ $jarname == ant-bootstrap ] && pom='org.apache.ant:ant-bootstrap:%{version}'
+  # add backward compatibility for nodeps jar that is now part of main
+  # jar
+  alias=
+  [ $jarname == ant ] && alias=org.apache.ant:ant-nodeps
 
-  %mvn_artifact ${pom} ${jar}
+  #install pom
+  install -p -m 644 src/etc/poms/${jarname}/pom.xml $RPM_BUILD_ROOT%{_mavenpomdir}/${pomname}
+  %add_maven_depmap ${pomname} %{name}/${jarname}.jar -a "${alias}" -f ${jarname/ant-/}
 done
 
-# ant-parent pom
-%mvn_artifact src/etc/poms/pom.xml
+for mod in ant ant-bootstrap ant-launcher; do
+    ln -sf %{name}/${mod}.jar $RPM_BUILD_ROOT%{_javadir}
+done
 
-%mvn_package :ant lib
-%mvn_package :ant-launcher lib
-%mvn_package :ant-bootstrap lib
-%mvn_package :ant-parent lib
-%mvn_package :ant-junit4 junit
-# catchall rule for the rest
-%mvn_package ':ant-{*}' @1
-
-%mvn_install
+#ant-parent pom
+install -p -m 644 src/etc/poms/pom.xml $RPM_BUILD_ROOT%{_mavenpomdir}/JPP-%{name}-parent.pom
+%add_maven_depmap JPP-%{name}-parent.pom
 
 # scripts: remove dos and os/2 scripts
 rm -f src/script/*.bat
@@ -455,40 +416,35 @@ cp -p src/etc/*.xsl $RPM_BUILD_ROOT%{ant_home}/etc
 
 # install everything else
 mkdir -p $RPM_BUILD_ROOT%{_bindir}
-cp -p src/script/ant $RPM_BUILD_ROOT%{_bindir}/
+cp -p src/script/* $RPM_BUILD_ROOT%{_bindir}
 ln -sf %{_bindir}/ant $RPM_BUILD_ROOT%{ant_home}/bin/
-cp -p src/script/antRun $RPM_BUILD_ROOT%{ant_home}/bin/
+ln -sf %{_bindir}/antRun $RPM_BUILD_ROOT%{ant_home}/bin/
 
 # default ant.conf
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
-cp -p %{name}.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.conf
+cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.conf
 
 # OPT_JAR_LIST fragments
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d
 echo "ant/ant-jmf" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/jmf
 echo "ant/ant-swing" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/swing
 echo "antlr ant/ant-antlr" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/antlr
-echo "rhino bsf ant/ant-apache-bsf" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/apache-bsf
+echo "bsf ant/ant-apache-bsf" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/apache-bsf
 echo "xml-commons-resolver ant/ant-apache-resolver" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/apache-resolver
 echo "apache-commons-logging ant/ant-commons-logging" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/commons-logging
 echo "apache-commons-net ant/ant-commons-net" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/commons-net
 #echo "jai ant/ant-jai" > $RPM_BUILD_ROOT%%{_sysconfdir}/%%{name}.d/jai
 echo "bcel ant/ant-apache-bcel" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/apache-bcel
-echo "log4j12 ant/ant-apache-log4j" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/apache-log4j
+echo "log4j ant/ant-apache-log4j" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/apache-log4j
 echo "oro ant/ant-apache-oro" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/apache-oro
 echo "regexp ant/ant-apache-regexp" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/apache-regexp
 echo "xalan-j2 xalan-j2-serializer ant/ant-apache-xalan2" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/apache-xalan2
 echo "javamail jaf ant/ant-javamail" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/javamail
 echo "jdepend ant/ant-jdepend" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/jdepend
 echo "jsch ant/ant-jsch" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/jsch
-echo "junit hamcrest/core ant/ant-junit" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/junit
-echo "junit hamcrest/core ant/ant-junit4" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/junit4
+echo "junit ant/ant-junit" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/junit
+echo "junit ant/ant-junit4" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/junit4
 echo "testutil ant/ant-testutil" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/testutil
-echo "xz-java ant/ant-xz" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/xz
-
-%if %{with junit5}
-echo "junit5 hamcrest/core junit opentest4j ant/ant-junitlauncher" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/junitlauncher
-%endif
 
 %if %with javadoc
 # javadoc
@@ -499,24 +455,29 @@ cp -pr build/javadocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
 # fix link between manual and javadoc
 (cd manual; ln -sf %{_javadocdir}/%{name} api)
 
-# manpage
-install -d -m 755 %{buildroot}%{_mandir}/man1/
-install -p -m 644 man/%{name}.1 %{buildroot}%{_mandir}/man1/%{name}.1
-
 %if %with tests
 %check
-LC_ALL=en_US.utf8 %{ant} test
+%{ant} test
 %endif
 
-%files
-%doc KEYS README WHATSNEW
-%license LICENSE NOTICE
+%files -f .mfiles
+%files -f .mfiles-ant
+%files -f .mfiles-launcher
+%doc KEYS LICENSE NOTICE README WHATSNEW
 %config(noreplace) %{_sysconfdir}/%{name}.conf
 %attr(0755,root,root) %{_bindir}/ant
+%attr(0755,root,root) %{_bindir}/antRun
+%attr(0755,root,root) %{_bindir}/*.pl
+%attr(0755,root,root) %{_bindir}/*.py*
+%{_javadir}/%{name}.jar
+%{_javadir}/%{name}-launcher.jar
+%{_javadir}/%{name}-bootstrap.jar
+%dir %{_javadir}/%{name}
+%{_javadir}/%{name}/%{name}-bootstrap.jar
+%dir %{ant_home}
 %dir %{ant_home}/bin
 %{ant_home}/bin/ant
-%attr(0755,root,root) %{ant_home}/bin/antRun
-%{_mandir}/man1/%{name}.*
+%{ant_home}/bin/antRun
 %dir %{ant_home}/etc
 %{ant_home}/etc/ant-update.xsl
 %{ant_home}/etc/changelog.xsl
@@ -524,16 +485,14 @@ LC_ALL=en_US.utf8 %{ant} test
 %{ant_home}/etc/mmetrics-frames.xsl
 %{ant_home}/etc/log.xsl
 %{ant_home}/etc/tagdiff.xsl
+%{ant_home}/etc/junit-frames-xalan1.xsl
 %{ant_home}/etc/common2master.xsl
 %{ant_home}/etc/printFailingTests.xsl
-%dir %{_sysconfdir}/%{name}.d
-
-%files lib -f .mfiles-lib
-%dir %{ant_home}
 %dir %{ant_home}/lib
 %{ant_home}/lib/%{name}.jar
 %{ant_home}/lib/%{name}-launcher.jar
 %{ant_home}/lib/%{name}-bootstrap.jar
+%dir %{_sysconfdir}/%{name}.d
 
 %files jmf -f .mfiles-jmf
 %{ant_home}/lib/%{name}-jmf.jar
@@ -556,6 +515,7 @@ LC_ALL=en_US.utf8 %{ant} test
 %config(noreplace) %{_sysconfdir}/%{name}.d/apache-resolver
 
 %files commons-logging -f .mfiles-commons-logging
+%defattr(-,root,root,-)
 %{ant_home}/lib/%{name}-commons-logging.jar
 %config(noreplace) %{_sysconfdir}/%{name}.d/commons-logging
 
@@ -606,164 +566,44 @@ LC_ALL=en_US.utf8 %{ant} test
 %config(noreplace) %{_sysconfdir}/%{name}.d/jsch
 
 %files junit -f .mfiles-junit
+%files junit -f .mfiles-junit4
 %{ant_home}/lib/%{name}-junit.jar
 %{ant_home}/lib/%{name}-junit4.jar
 %config(noreplace) %{_sysconfdir}/%{name}.d/junit
 %config(noreplace) %{_sysconfdir}/%{name}.d/junit4
 %{ant_home}/etc/junit-frames.xsl
 %{ant_home}/etc/junit-noframes.xsl
-%{ant_home}/etc/junit-frames-xalan1.xsl
-%{ant_home}/etc/junit-frames-saxon.xsl
-%{ant_home}/etc/junit-noframes-saxon.xsl
-
-%if %{with junit5}
-%files junit5 -f .mfiles-junitlauncher
-%{ant_home}/lib/%{name}-junitlauncher.jar
-%config(noreplace) %{_sysconfdir}/%{name}.d/junitlauncher
-%endif
 
 %files testutil -f .mfiles-testutil
 %{ant_home}/lib/%{name}-testutil.jar
 %config(noreplace) %{_sysconfdir}/%{name}.d/testutil
 
-%files xz -f .mfiles-xz
-%{ant_home}/lib/%{name}-xz.jar
-%config(noreplace) %{_sysconfdir}/%{name}.d/xz
-
 %files manual
-%license LICENSE NOTICE
+%doc LICENSE NOTICE
 %doc manual/*
 
 %if %with javadoc
 %files javadoc
-%license LICENSE NOTICE
+%doc LICENSE NOTICE
 %{_javadocdir}/%{name}
 %endif
 
 # -----------------------------------------------------------------------------
 
 %changelog
-* Thu Aug 02 2018 Michael Simacek  - 0:1.10.5-1
-- Update to upstream version 1.10.5
-
-* Thu Aug 02 2018 Michael Simacek  - 0:1.10.4-4
-- Add a manpage
-- Avoid installing antRun auxiliary script in bindir, keep it in ant_home
-
-* Mon Jul 30 2018 Severin Gehwolf  - 0:1.10.4-3
-- Require javapackages-tools for ant script.
-
-* Thu Jul 12 2018 Fedora Release Engineering  - 0:1.10.4-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Tue Jun 26 2018 Michael Simacek  - 0:1.10.4-1
-- Update to upstream version 1.10.4
+* Tue Jun 26 2018 Michael Simacek  - 0:1.9.4-2
+- Backport fix for arbitrary file write vulnerability
 - Resolves: rhbz#1584407
 
-* Wed Apr 18 2018 Mikolaj Izdebski  - 0:1.10.3-2
-- Remove legacy Obsoletes/Provides
+* Fri Jun 22 2018 Mikolaj Izdebski  - 0:1.9.4-1
+- Update to upstream version 1.9.4
 
-* Wed Mar 28 2018 Michael Simacek  - 0:1.10.3-1
-- Update to upstream version 1.10.3
+* Tue Jan 21 2014 Stanislav Ochotnicky  - 0:1.9.2-9
+- Fix license of manual subpackage
+- Resolves: rhbz#1055629
 
-* Wed Feb  7 2018 Mikolaj Izdebski  - 0:1.10.2-1
-- Update to upstream version 1.10.2
-
-* Wed Feb 07 2018 Fedora Release Engineering  - 0:1.10.1-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Mon Sep 04 2017 Michael Simacek  - 0:1.10.1-8
-- Fix directory ownership
-
-* Wed Jul 26 2017 Fedora Release Engineering  - 0:1.10.1-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Tue Mar 28 2017 Michael Simacek  - 0:1.10.1-6
-- Fix requires
-- Use JDK's jaxp instead of xerces
-
-* Tue Mar 21 2017 Michael Simacek  - 0:1.10.1-5
-- Install with XMvn
-
-* Wed Mar  1 2017 Mikolaj Izdebski  - 0:1.10.1-4
-- Fix hardcoded paths in ant script and conf
-- Fix requires on xz-java
-
-* Thu Feb 23 2017 Mikolaj Izdebski  - 0:1.10.1-3
-- Don't hardcode path to xargs
-
-* Thu Feb 16 2017 Mikolaj Izdebski  - 0:1.10.1-2
-- Conditionalize weak dependencies
-
-* Wed Feb 15 2017 Michael Simacek  - 0:1.10.1-1
-- Update to upstream version 1.10.1
-
-* Fri Feb 10 2017 Michael Simacek  - 0:1.10.0-3
-- Use log4j12
-
-* Fri Feb 10 2017 Fedora Release Engineering  - 0:1.10.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Mon Jan 02 2017 Michael Simacek  - 0:1.10.0-1
-- Update to upstream version 1.10.0
-
-* Mon Dec 12 2016 Mikolaj Izdebski  - 0:1.9.7-1
-- Update to upstream version 1.9.7
-
-* Wed Feb 03 2016 Fedora Release Engineering  - 0:1.9.6-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Fri Jul 10 2015 Mikolaj Izdebski  - 0:1.9.6-2
-- Recommend java-devel instead of requiring it
-
-* Thu Jul 02 2015 Michael Simacek  - 0:1.9.6-1
-- Update to upstream version 1.9.6
-
-* Tue Jun 16 2015 Fedora Release Engineering  - 0:1.9.5-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Thu Jun 04 2015 Michael Simacek  - 0:1.9.5-1
-- Update to upstream version 1.9.5
-
-* Fri Apr 03 2015 Michael Simacek  - 0:1.9.4-11
-- Move launcher to lib subpackage
-
-* Wed Apr  1 2015 Mikolaj Izdebski  - 0:1.9.4-10
-- Update description
-
-* Tue Mar 31 2015 Michael Simacek  - 0:1.9.4-9
-- Split library part into subpackage (rhbz#1119283)
-
-* Wed Mar 11 2015 Mikolaj Izdebski  - 0:1.9.4-8
-- Add alias for ant:ant-launcher
-
-* Wed Feb  4 2015 Mikolaj Izdebski  - 0:1.9.4-7
-- Add hamcrest to ant-junit classpath
-
-* Mon Jan 26 2015 Michael Simacek  - 0:1.9.4-6
-- Add hamcrest into classpath
-
-* Tue Jan 13 2015 Mat Booth  - 0:1.9.4-5
-- Resolves: rhbz#1180568 - Add rhino to classpath for bsf plug-in
-
-* Mon Aug 11 2014 Mikolaj Izdebski  - 0:1.9.4-4
-- Add aliases for ant:ant and apache:ant
-
-* Sat Jun 07 2014 Fedora Release Engineering  - 0:1.9.4-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
-* Tue May 6 2014 Alexander Kurtakov  0:1.9.4-2
-- Reenable tests.
-
-* Tue May 6 2014 Alexander Kurtakov  0:1.9.4-1
-- Update to upstream 1.9.4.
-- Disable tests as they use new junit tas attribute added in this release.
-
-* Fri Feb 21 2014 Mikolaj Izdebski  - 0:1.9.3-2
-- Skip installation perl and python scripts
-
-* Thu Jan  2 2014 Mikolaj Izdebski  - 0:1.9.3-1
-- Update to upstream version 1.9.3
+* Fri Dec 27 2013 Daniel Mach  - 01.9.2-8
+- Mass rebuild 2013-12-27
 
 * Thu Sep 12 2013 Mikolaj Izdebski  - 0:1.9.2-7
 - Install Maven depmaps in appropriate subpackages
@@ -773,6 +613,9 @@ LC_ALL=en_US.utf8 %{ant} test
 - Fix antRun script
 - Resolves: rhbz#675949
 
+* Fri Aug 09 2013 Michal Srb  - 0:1.9.1-6
+- Add missing BR/R: xerces-j2, xml-commons-apis
+
 * Thu Aug 08 2013 Michal Srb  - 0:1.9.2-5
 - xerces-j2 and xml-commons-apis should be in classpath (Resolves: rhbz#994556)
 
@@ -848,7 +691,7 @@ LC_ALL=en_US.utf8 %{ant} test
 
 * Tue Feb 07 2012 Tomas Radej  - 0:1.8.2-8
 - Removed checking for classpath duplicates
-- Added ant-junit4.jar into %%files and ant.d
+- Added ant-junit4.jar into %files and ant.d
 
 * Thu Jan 12 2012 Fedora Release Engineering  - 0:1.8.2-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
@@ -974,7 +817,7 @@ LC_ALL=en_US.utf8 %{ant} test
 - remove Conflicts
 - mark files in %%{_sysconfdir} as %%config(noreplace)
 
-* Tue Jul 03 2007 Ralph Apel  - 0:1.7.0-2.jpp5
+* Thu Jul 03 2007 Ralph Apel  - 0:1.7.0-2.jpp5
 - Add poms and depmap frags
 - (B)R jpackage-utils >= 0:1.7.5
 - BR java-devel = 0:1.5.0
@@ -1012,7 +855,7 @@ LC_ALL=en_US.utf8 %{ant} test
 * Mon Sep 06 2004 Fernando Nasser  - 0:1.6.2-2jpp
 - Fix to backward compatibility symbolic links.
 
-* Tue Aug 17 2004 Fernando Nasser  - 0:1.6.2-1jpp
+* Wed Aug 17 2004 Fernando Nasser  - 0:1.6.2-1jpp
 - Update to Ant 1.6.2
 
 * Thu Aug 05 2004 Fernando Nasser  - 0:1.6.1-2jpp
@@ -1306,7 +1149,7 @@ LC_ALL=en_US.utf8 %{ant} test
 - changed name to jakarta-ant
 - changed group to Development/Java
 
-* Thu Jan 04 2001 Guillaume Rousse  1.2-2mdk
+* Wed Jan 04 2001 Guillaume Rousse  1.2-2mdk
 - new spec file
 - discarded ugly non-free Sun jaxp library from sources, and used pretty open-source xerces instead
 
diff --git a/apache-ant-class-path-in-manifest.patch b/apache-ant-class-path-in-manifest.patch
new file mode 100644
index 0000000..7fa97e9
--- /dev/null
+++ b/apache-ant-class-path-in-manifest.patch
@@ -0,0 +1,13 @@
+--- build.xml.orig	2012-02-29 13:29:12.000000000 +0200
++++ build.xml	2012-02-29 13:31:36.787937053 +0200
+@@ -728,10 +728,6 @@
+         
+         
+       
+-      
+-        
+-      
+     
+ 
+     
diff --git a/sources b/sources
index 646a731..680fe0a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (apache-ant-1.10.5-src.tar.bz2) = 082dad03db4fb09b36560bd5e1fbd53f456eecad06d95140569661b6509861bb9b87b87843ef2f30a5de18c549dd993209aa17b47ac77d450f573309a272950e
+SHA1 (apache-ant-1.9.4-src.tar.bz2) = cdefb110fd7dcf87d8697af4369fb476c4c36324