Add P100->102: Fixes CVE-2021-33813
This commit is contained in:
parent
81b422c382
commit
0f87153540
36
07f316957b59d305f04c7bdb26292852bcbc2eb5.patch
Normal file
36
07f316957b59d305f04c7bdb26292852bcbc2eb5.patch
Normal file
@ -0,0 +1,36 @@
|
||||
From 07f316957b59d305f04c7bdb26292852bcbc2eb5 Mon Sep 17 00:00:00 2001
|
||||
From: Rolf Lear <rolf@tuis.net>
|
||||
Date: Thu, 1 Jul 2021 23:56:47 -0400
|
||||
Subject: [PATCH] Update test case to ensure DTD handling is OK again. Related
|
||||
#188. Related #189
|
||||
|
||||
---
|
||||
test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java b/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java
|
||||
index a69380ba..a35a1b90 100644
|
||||
--- a/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java
|
||||
+++ b/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java
|
||||
@@ -101,6 +101,7 @@ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
|
||||
import org.jdom2.DefaultJDOMFactory;
|
||||
import org.jdom2.Document;
|
||||
import org.jdom2.EntityRef;
|
||||
+import org.jdom2.JDOMConstants;
|
||||
import org.jdom2.JDOMException;
|
||||
import org.jdom2.JDOMFactory;
|
||||
import org.jdom2.UncheckedJDOMFactory;
|
||||
@@ -609,11 +610,12 @@ public void testSetExternalFeature() {
|
||||
XMLReader reader = sb.createParser();
|
||||
assertNotNull(reader);
|
||||
assertTrue(reader.getFeature(feature));
|
||||
+ assertNull(reader.getProperty(JDOMConstants.SAX_PROPERTY_DECLARATION_HANDLER));
|
||||
sb.setFeature(feature, false);
|
||||
reader = sb.createParser();
|
||||
assertNotNull(reader);
|
||||
assertFalse(reader.getFeature(feature));
|
||||
-
|
||||
+ assertNotNull(reader.getProperty(JDOMConstants.SAX_PROPERTY_DECLARATION_HANDLER));
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
fail("Could not create parser: " + e.getMessage());
|
69
bd3ab78370098491911d7fe9d7a43b97144a234e.patch
Normal file
69
bd3ab78370098491911d7fe9d7a43b97144a234e.patch
Normal file
@ -0,0 +1,69 @@
|
||||
From bd3ab78370098491911d7fe9d7a43b97144a234e Mon Sep 17 00:00:00 2001
|
||||
From: Esti <esther.burs@gmail.com>
|
||||
Date: Thu, 18 Feb 2021 16:40:01 +0200
|
||||
Subject: [PATCH] fix setFeature bug and add test case
|
||||
|
||||
---
|
||||
core/src/java/org/jdom2/input/SAXBuilder.java | 10 ++++------
|
||||
.../test/cases/input/TestSAXBuilder.java | 20 +++++++++++++++++++
|
||||
2 files changed, 24 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/core/src/java/org/jdom2/input/SAXBuilder.java b/core/src/java/org/jdom2/input/SAXBuilder.java
|
||||
index d7105ec6..a1462334 100644
|
||||
--- a/core/src/java/org/jdom2/input/SAXBuilder.java
|
||||
+++ b/core/src/java/org/jdom2/input/SAXBuilder.java
|
||||
@@ -971,11 +971,6 @@ protected void configureParser(final XMLReader parser, final SAXHandler contentH
|
||||
}
|
||||
}
|
||||
|
||||
- // Set any user-specified features on the parser.
|
||||
- for (final Map.Entry<String, Boolean> me : features.entrySet()) {
|
||||
- internalSetFeature(parser, me.getKey(), me.getValue().booleanValue(), me.getKey());
|
||||
- }
|
||||
-
|
||||
// Set any user-specified properties on the parser.
|
||||
for (final Map.Entry<String, Object> me : properties.entrySet()) {
|
||||
internalSetProperty(parser, me.getKey(), me.getValue(), me.getKey());
|
||||
@@ -1007,7 +1002,10 @@ protected void configureParser(final XMLReader parser, final SAXHandler contentH
|
||||
// No lexical reporting available
|
||||
}
|
||||
}
|
||||
-
|
||||
+ // Set any user-specified features on the parser.
|
||||
+ for (final Map.Entry<String, Boolean> me : features.entrySet()) {
|
||||
+ internalSetFeature(parser, me.getKey(), me.getValue().booleanValue(), me.getKey());
|
||||
+ }
|
||||
}
|
||||
|
||||
/**
|
||||
diff --git a/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java b/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java
|
||||
index 4ef34834..a69380ba 100644
|
||||
--- a/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java
|
||||
+++ b/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java
|
||||
@@ -600,6 +600,26 @@ public void testSetFeature() {
|
||||
}
|
||||
}
|
||||
|
||||
+ @Test
|
||||
+ public void testSetExternalFeature() {
|
||||
+ String feature = "http://xml.org/sax/features/external-general-entities";
|
||||
+ MySAXBuilder sb = new MySAXBuilder();
|
||||
+ try {
|
||||
+ sb.setFeature(feature, true);
|
||||
+ XMLReader reader = sb.createParser();
|
||||
+ assertNotNull(reader);
|
||||
+ assertTrue(reader.getFeature(feature));
|
||||
+ sb.setFeature(feature, false);
|
||||
+ reader = sb.createParser();
|
||||
+ assertNotNull(reader);
|
||||
+ assertFalse(reader.getFeature(feature));
|
||||
+
|
||||
+ } catch (Exception e) {
|
||||
+ e.printStackTrace();
|
||||
+ fail("Could not create parser: " + e.getMessage());
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
@Test
|
||||
public void testSetProperty() {
|
||||
LexicalHandler lh = new LexicalHandler() {
|
34
dd4f3c2fc7893edd914954c73eb577f925a7d361.patch
Normal file
34
dd4f3c2fc7893edd914954c73eb577f925a7d361.patch
Normal file
@ -0,0 +1,34 @@
|
||||
From dd4f3c2fc7893edd914954c73eb577f925a7d361 Mon Sep 17 00:00:00 2001
|
||||
From: Rolf Lear <rolf@tuis.net>
|
||||
Date: Thu, 1 Jul 2021 23:42:05 -0400
|
||||
Subject: [PATCH] Addresses #189 - synchronizes external entity expansion
|
||||
setting
|
||||
|
||||
---
|
||||
core/src/java/org/jdom2/input/SAXBuilder.java | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/core/src/java/org/jdom2/input/SAXBuilder.java b/core/src/java/org/jdom2/input/SAXBuilder.java
|
||||
index a1462334..514b026d 100644
|
||||
--- a/core/src/java/org/jdom2/input/SAXBuilder.java
|
||||
+++ b/core/src/java/org/jdom2/input/SAXBuilder.java
|
||||
@@ -82,6 +82,7 @@ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
|
||||
import org.jdom2.DocType;
|
||||
import org.jdom2.Document;
|
||||
import org.jdom2.EntityRef;
|
||||
+import org.jdom2.JDOMConstants;
|
||||
import org.jdom2.JDOMException;
|
||||
import org.jdom2.JDOMFactory;
|
||||
import org.jdom2.Verifier;
|
||||
@@ -797,6 +798,11 @@ public void setFastReconfigure(final boolean fastReconfigure) {
|
||||
public void setFeature(final String name, final boolean value) {
|
||||
// Save the specified feature for later.
|
||||
features.put(name, value ? Boolean.TRUE : Boolean.FALSE);
|
||||
+ if (JDOMConstants.SAX_FEATURE_EXTERNAL_ENT.equals(name)) {
|
||||
+ // See issue https://github.com/hunterhacker/jdom/issues/189
|
||||
+ // And PR https://github.com/hunterhacker/jdom/pull/188
|
||||
+ setExpandEntities(value);
|
||||
+ }
|
||||
engine = null;
|
||||
}
|
||||
|
13
jdom2.spec
13
jdom2.spec
@ -17,6 +17,15 @@ Source4: generate-tarball.sh
|
||||
# Process contrib and junit pom files
|
||||
Patch0: 0001-Adapt-build.patch
|
||||
|
||||
#
|
||||
# Security patches
|
||||
# P100 -> ...
|
||||
#
|
||||
# CVE-2021-33813
|
||||
Patch100: bd3ab78370098491911d7fe9d7a43b97144a234e.patch
|
||||
Patch101: dd4f3c2fc7893edd914954c73eb577f925a7d361.patch
|
||||
Patch102: 07f316957b59d305f04c7bdb26292852bcbc2eb5.patch
|
||||
|
||||
BuildRequires: javapackages-local
|
||||
%if %{with bootstrap}
|
||||
BuildRequires: javapackages-bootstrap
|
||||
@ -49,6 +58,10 @@ This package contains javadoc for %{name}.
|
||||
|
||||
%patch0 -p1
|
||||
|
||||
%patch100 -p1
|
||||
%patch101 -p1
|
||||
%patch102 -p1
|
||||
|
||||
sed -i 's/\r//' LICENSE.txt README.txt
|
||||
|
||||
# Unable to run coverage: use log4j12 but switch to log4j 2.x
|
||||
|
Loading…
Reference in New Issue
Block a user