diff --git a/batik-policy.patch b/batik-policy.patch deleted file mode 100644 index 3881e00..0000000 --- a/batik-policy.patch +++ /dev/null @@ -1,34 +0,0 @@ -diff -uNr batik-1.8-clean/resources/org/apache/batik/apps/rasterizer/resources/rasterizer.bin.policy batik-1.8/resources/org/apache/batik/apps/rasterizer/resources/rasterizer.bin.policy ---- batik-1.8-clean/resources/org/apache/batik/apps/rasterizer/resources/rasterizer.bin.policy 2007-09-07 14:05:13.000000000 -0400 -+++ batik-1.8/resources/org/apache/batik/apps/rasterizer/resources/rasterizer.bin.policy 2007-09-12 13:36:24.000000000 -0400 -@@ -30,6 +30,11 @@ - permission java.security.AllPermission; - }; - -+//new stuff -+grant codeBase "${app.jar.base}/batik-all.jar" { -+ permission java.security.AllPermission; -+}; -+ - grant codeBase "${app.jar.base}/lib/batik-ext.jar" { - permission java.security.AllPermission; - }; -diff -uNr batik-1.8-clean/resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.bin.policy batik-1.8/resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.bin.policy ---- batik-1.8-clean/resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.bin.policy 2007-09-07 14:05:13.000000000 -0400 -+++ batik-1.8/resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.bin.policy 2007-09-12 13:36:49.000000000 -0400 -@@ -34,6 +34,10 @@ - permission java.security.AllPermission; - }; - -+grant codeBase "${app.jar.base}/batik-all.jar" { -+ permission java.security.AllPermission; -+}; -+ - grant codeBase "${app.jar.base}/lib/batik-ext.jar" { - permission java.security.AllPermission; - }; -@@ -104,4 +108,3 @@ - grant { - permission java.io.FilePermission "lib/batik-svg-dom.jar", "read"; - }; -- diff --git a/batik-security.policy b/batik-security.policy new file mode 100644 index 0000000..8ea4929 --- /dev/null +++ b/batik-security.policy @@ -0,0 +1,15 @@ +grant codeBase "file:/usr/share/java/batik-all.jar" { permission java.security.AllPermission; }; +grant codeBase "file:/usr/share/java/batik-squiggle.jar" { permission java.security.AllPermission; }; +grant codeBase "file:/usr/share/java/batik-rasterizer.jar" { permission java.security.AllPermission; }; +grant codeBase "file:/usr/share/java/xml-commons-apis.jar" { permission java.security.AllPermission; }; +grant codeBase "file:/usr/share/java/xml-commons-apis-ext.jar" { permission java.security.AllPermission; }; +grant codeBase "file:/usr/share/java/xmlgraphics-commons.jar" { permission java.security.AllPermission; }; + +grant codeBase "file:/usr/share/java/rhino.jar" { + permission java.lang.RuntimePermission "createClassLoader"; + permission java.net.SocketPermission "*", "listen, connect, resolve, accept"; + permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.util.PropertyPermission "org.mozilla.javascript.JavaAdapter", "read"; + permission java.util.PropertyPermission "org.mozilla.javascript.JavaAdapterClassName", "read"; + permission java.io.FilePermission "<>", "read"; +}; diff --git a/batik.spec b/batik.spec index d38e5b9..17bb475 100644 --- a/batik.spec +++ b/batik.spec @@ -1,6 +1,6 @@ Name: batik Version: 1.8 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Scalable Vector Graphics for Java License: ASL 2.0 and W3C URL: http://xml.apache.org/batik/ @@ -23,9 +23,10 @@ Source7: %{name}-repack.sh # Source8: %{name}-1.7-orbit-manifests.tar.gz +Source9: %{name}-security.policy + Patch0: %{name}-manifests.patch -Patch1: %{name}-policy.patch # remove dependency on bundled rhino from pom Patch2: %{name}-script-remove-js.patch @@ -150,7 +151,6 @@ find -name '*.class' -exec rm -f '{}' \; find -name '*.jar' -exec rm -f '{}' \; #%patch0 -p1 -%patch1 -p1 rm -f `find -name readOnly.png` rm -f `find -name properties` mkdir orbit @@ -158,6 +158,9 @@ pushd orbit tar xzf %{SOURCE8} popd +cp -p %{SOURCE9} resources/org/apache/batik/apps/rasterizer/resources/rasterizer.policy.ref +cp -p %{SOURCE9} resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.policy.ref + # create poms from templates for module in anim awt-util bridge codec css dom ext extension gui-util \ gvt parser script svg-dom svggen swing transcoder util xml \ @@ -326,6 +329,10 @@ chmod +x $RPM_BUILD_ROOT%{_datadir}/%{name}/contrib/charts/convert.sh %changelog +* Fri Nov 27 2015 Mikolaj Izdebski - 1.8-3 +- Use custom security policy files +- Resolves: rhbz#1277998 + * Wed Jun 17 2015 Fedora Release Engineering - 1.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild