From 5378bac242e4098ab94a96e7a7a4342b993a92b3 Mon Sep 17 00:00:00 2001 From: Mikolaj Izdebski Date: Fri, 25 Aug 2023 06:04:40 +0200 Subject: [PATCH] Update to upstream version 2.3 --- .gitignore | 1 + 0001-Port-to-apache-commons-lang3.patch | 464 ------------------ ...late-is-a-reserved-keyword-in-javacc.patch | 50 ++ 0002-Force-use-of-JDK-log-chute.patch | 25 - 0003-CVE-2020-13936.patch | 77 --- generate-tarball.sh | 21 - sources | 3 +- velocity.spec | 75 +-- 8 files changed, 90 insertions(+), 626 deletions(-) delete mode 100644 0001-Port-to-apache-commons-lang3.patch create mode 100644 0001-Template-is-a-reserved-keyword-in-javacc.patch delete mode 100644 0002-Force-use-of-JDK-log-chute.patch delete mode 100644 0003-CVE-2020-13936.patch delete mode 100755 generate-tarball.sh diff --git a/.gitignore b/.gitignore index 788b806..b9f2555 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ velocity-1.6.3.tar.gz /velocity-1.6.4.tar.gz /velocity-1.7.tar.gz /velocity-1.7.pom +/velocity-2.3.tar.gz diff --git a/0001-Port-to-apache-commons-lang3.patch b/0001-Port-to-apache-commons-lang3.patch deleted file mode 100644 index 191611a..0000000 --- a/0001-Port-to-apache-commons-lang3.patch +++ /dev/null @@ -1,464 +0,0 @@ -From bf0462e3c293863947dde1c22a62c3d4a187a70c Mon Sep 17 00:00:00 2001 -From: Marian Koncek -Date: Thu, 31 Oct 2019 14:35:40 +0100 -Subject: [PATCH 1/2] Port to apache-commons-lang3 - ---- - pom.xml | 6 +++--- - .../velocity/app/event/implement/EscapeHtmlReference.java | 4 ++-- - .../app/event/implement/EscapeJavaScriptReference.java | 4 ++-- - .../velocity/app/event/implement/EscapeSqlReference.java | 5 +++-- - .../velocity/app/event/implement/EscapeXmlReference.java | 2 +- - src/java/org/apache/velocity/runtime/RuntimeInstance.java | 2 +- - .../org/apache/velocity/runtime/VelocimacroFactory.java | 2 +- - src/java/org/apache/velocity/runtime/directive/Block.java | 2 +- - .../org/apache/velocity/runtime/directive/RuntimeMacro.java | 2 +- - src/java/org/apache/velocity/runtime/parser/Parser.java | 2 +- - .../apache/velocity/runtime/parser/ParserTokenManager.java | 2 +- - .../apache/velocity/runtime/parser/node/ASTDirective.java | 2 +- - .../org/apache/velocity/runtime/parser/node/ASTMethod.java | 4 ++-- - .../velocity/runtime/parser/node/ASTStringLiteral.java | 2 +- - .../org/apache/velocity/runtime/parser/node/NodeUtils.java | 2 +- - .../velocity/runtime/parser/node/PropertyExecutor.java | 2 +- - .../velocity/runtime/parser/node/SetPropertyExecutor.java | 4 ++-- - .../org/apache/velocity/runtime/parser/node/SimpleNode.java | 4 ++-- - .../velocity/runtime/resource/ResourceManagerImpl.java | 4 ++-- - .../runtime/resource/loader/ClasspathResourceLoader.java | 2 +- - .../runtime/resource/loader/DataSourceResourceLoader.java | 2 +- - .../runtime/resource/loader/FileResourceLoader.java | 2 +- - .../velocity/runtime/resource/loader/JarResourceLoader.java | 2 +- - .../runtime/resource/loader/StringResourceLoader.java | 2 +- - .../velocity/runtime/resource/loader/URLResourceLoader.java | 2 +- - .../org/apache/velocity/util/introspection/ClassMap.java | 2 +- - .../org/apache/velocity/io/UnicodeInputStreamTestCase.java | 2 +- - src/test/org/apache/velocity/test/BaseTestCase.java | 2 +- - .../org/apache/velocity/test/MethodCacheKeyTestCase.java | 2 +- - 29 files changed, 39 insertions(+), 38 deletions(-) - -diff --git a/pom.xml b/pom.xml -index 77a8e383..eee15b34 100644 ---- a/pom.xml -+++ b/pom.xml -@@ -148,9 +148,9 @@ - 3.2.1 - - -- commons-lang -- commons-lang -- 2.4 -+ org.apache.commons -+ commons-lang3 -+ 3.9 - - - oro -diff --git a/src/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java b/src/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java -index 6d98b45c..e1469957 100644 ---- a/src/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java -+++ b/src/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java -@@ -19,7 +19,7 @@ package org.apache.velocity.app.event.implement; - * under the License. - */ - --import org.apache.commons.lang.StringEscapeUtils; -+import org.apache.commons.lang3.StringEscapeUtils; - - /** - * Escape all HTML entities. -@@ -39,7 +39,7 @@ public class EscapeHtmlReference extends EscapeReference - */ - protected String escape(Object text) - { -- return StringEscapeUtils.escapeHtml(text.toString()); -+ return StringEscapeUtils.escapeHtml4(text.toString()); - } - - /** -diff --git a/src/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java b/src/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java -index ea49ddbf..12f38f47 100644 ---- a/src/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java -+++ b/src/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java -@@ -19,7 +19,7 @@ package org.apache.velocity.app.event.implement; - * under the License. - */ - --import org.apache.commons.lang.StringEscapeUtils; -+import org.apache.commons.lang3.StringEscapeUtils; - - /** - * Escapes the characters in a String to be suitable for use in JavaScript. -@@ -39,7 +39,7 @@ public class EscapeJavaScriptReference extends EscapeReference - */ - protected String escape(Object text) - { -- return StringEscapeUtils.escapeJavaScript(text.toString()); -+ return StringEscapeUtils.escapeEcmaScript(text.toString()); - } - - /** -diff --git a/src/java/org/apache/velocity/app/event/implement/EscapeSqlReference.java b/src/java/org/apache/velocity/app/event/implement/EscapeSqlReference.java -index 585cb6c6..39e04f43 100644 ---- a/src/java/org/apache/velocity/app/event/implement/EscapeSqlReference.java -+++ b/src/java/org/apache/velocity/app/event/implement/EscapeSqlReference.java -@@ -19,7 +19,7 @@ package org.apache.velocity.app.event.implement; - * under the License. - */ - --import org.apache.commons.lang.StringEscapeUtils; -+import org.apache.commons.lang3.StringUtils; - - /** - * Escapes the characters in a String to be suitable to pass to an SQL query. -@@ -39,7 +39,8 @@ public class EscapeSqlReference extends EscapeReference - */ - protected String escape(Object text) - { -- return StringEscapeUtils.escapeSql(text.toString()); -+ // See https://commons.apache.org/proper/commons-lang/javadocs/api-2.6/org/apache/commons/lang/StringEscapeUtils.html#escapeSql(java.lang.String) -+ return StringUtils.replace(text.toString(), "'", "''"); - } - - /** -diff --git a/src/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java b/src/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java -index 3d5b40f0..fbb525cb 100644 ---- a/src/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java -+++ b/src/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java -@@ -19,7 +19,7 @@ package org.apache.velocity.app.event.implement; - * under the License. - */ - --import org.apache.commons.lang.StringEscapeUtils; -+import org.apache.commons.lang3.StringEscapeUtils; - - /** - * Escape all XML entities. -diff --git a/src/java/org/apache/velocity/runtime/RuntimeInstance.java b/src/java/org/apache/velocity/runtime/RuntimeInstance.java -index 670c083d..f877114d 100644 ---- a/src/java/org/apache/velocity/runtime/RuntimeInstance.java -+++ b/src/java/org/apache/velocity/runtime/RuntimeInstance.java -@@ -32,7 +32,7 @@ import java.util.Map; - import java.util.Properties; - - import org.apache.commons.collections.ExtendedProperties; --import org.apache.commons.lang.text.StrBuilder; -+import org.apache.commons.lang3.text.StrBuilder; - import org.apache.velocity.Template; - import org.apache.velocity.app.event.EventCartridge; - import org.apache.velocity.app.event.EventHandler; -diff --git a/src/java/org/apache/velocity/runtime/VelocimacroFactory.java b/src/java/org/apache/velocity/runtime/VelocimacroFactory.java -index 8756b66f..70e3d489 100644 ---- a/src/java/org/apache/velocity/runtime/VelocimacroFactory.java -+++ b/src/java/org/apache/velocity/runtime/VelocimacroFactory.java -@@ -26,7 +26,7 @@ import java.util.Map; - import java.util.Vector; - import java.util.ArrayList; - --import org.apache.commons.lang.StringUtils; -+import org.apache.commons.lang3.StringUtils; - import org.apache.velocity.Template; - import org.apache.velocity.exception.VelocityException; - import org.apache.velocity.runtime.directive.Directive; -diff --git a/src/java/org/apache/velocity/runtime/directive/Block.java b/src/java/org/apache/velocity/runtime/directive/Block.java -index f5fdfa85..b136543d 100755 ---- a/src/java/org/apache/velocity/runtime/directive/Block.java -+++ b/src/java/org/apache/velocity/runtime/directive/Block.java -@@ -23,7 +23,7 @@ import java.io.IOException; - import java.io.StringWriter; - import java.io.Writer; - --import org.apache.commons.lang.text.StrBuilder; -+import org.apache.commons.lang3.text.StrBuilder; - import org.apache.velocity.context.InternalContextAdapter; - import org.apache.velocity.exception.TemplateInitException; - import org.apache.velocity.runtime.Renderable; -diff --git a/src/java/org/apache/velocity/runtime/directive/RuntimeMacro.java b/src/java/org/apache/velocity/runtime/directive/RuntimeMacro.java -index 090b5522..d22ac4ed 100644 ---- a/src/java/org/apache/velocity/runtime/directive/RuntimeMacro.java -+++ b/src/java/org/apache/velocity/runtime/directive/RuntimeMacro.java -@@ -23,7 +23,7 @@ import java.io.IOException; - import java.io.Writer; - import java.util.List; - --import org.apache.commons.lang.text.StrBuilder; -+import org.apache.commons.lang3.text.StrBuilder; - import org.apache.velocity.context.InternalContextAdapter; - import org.apache.velocity.exception.MethodInvocationException; - import org.apache.velocity.exception.ParseErrorException; -diff --git a/src/java/org/apache/velocity/runtime/parser/Parser.java b/src/java/org/apache/velocity/runtime/parser/Parser.java -index 1253381f..b8e7112e 100644 ---- a/src/java/org/apache/velocity/runtime/parser/Parser.java -+++ b/src/java/org/apache/velocity/runtime/parser/Parser.java -@@ -10,7 +10,7 @@ import org.apache.velocity.runtime.directive.Directive; - import org.apache.velocity.runtime.directive.Macro; - import org.apache.velocity.runtime.directive.MacroParseException; - import org.apache.velocity.util.StringUtils; --import org.apache.commons.lang.text.StrBuilder; -+import org.apache.commons.lang3.text.StrBuilder; - import org.apache.velocity.runtime.RuntimeConstants; - - /** -diff --git a/src/java/org/apache/velocity/runtime/parser/ParserTokenManager.java b/src/java/org/apache/velocity/runtime/parser/ParserTokenManager.java -index ce00d99d..9563a1fb 100644 ---- a/src/java/org/apache/velocity/runtime/parser/ParserTokenManager.java -+++ b/src/java/org/apache/velocity/runtime/parser/ParserTokenManager.java -@@ -9,7 +9,7 @@ import org.apache.velocity.runtime.directive.Directive; - import org.apache.velocity.runtime.directive.Macro; - import org.apache.velocity.runtime.directive.MacroParseException; - import org.apache.velocity.util.StringUtils; --import org.apache.commons.lang.text.StrBuilder; -+import org.apache.commons.lang3.text.StrBuilder; - import org.apache.velocity.runtime.RuntimeConstants; - - /** Token Manager. */ -diff --git a/src/java/org/apache/velocity/runtime/parser/node/ASTDirective.java b/src/java/org/apache/velocity/runtime/parser/node/ASTDirective.java -index 74727729..8fc59737 100644 ---- a/src/java/org/apache/velocity/runtime/parser/node/ASTDirective.java -+++ b/src/java/org/apache/velocity/runtime/parser/node/ASTDirective.java -@@ -22,7 +22,7 @@ package org.apache.velocity.runtime.parser.node; - import java.io.IOException; - import java.io.Writer; - --import org.apache.commons.lang.builder.ToStringBuilder; -+import org.apache.commons.lang3.builder.ToStringBuilder; - import org.apache.velocity.context.InternalContextAdapter; - import org.apache.velocity.exception.MethodInvocationException; - import org.apache.velocity.exception.ParseErrorException; -diff --git a/src/java/org/apache/velocity/runtime/parser/node/ASTMethod.java b/src/java/org/apache/velocity/runtime/parser/node/ASTMethod.java -index 489429bb..df54dd93 100644 ---- a/src/java/org/apache/velocity/runtime/parser/node/ASTMethod.java -+++ b/src/java/org/apache/velocity/runtime/parser/node/ASTMethod.java -@@ -21,8 +21,8 @@ package org.apache.velocity.runtime.parser.node; - - import java.lang.reflect.InvocationTargetException; - --import org.apache.commons.lang.ArrayUtils; --import org.apache.commons.lang.StringUtils; -+import org.apache.commons.lang3.ArrayUtils; -+import org.apache.commons.lang3.StringUtils; - import org.apache.velocity.app.event.EventHandlerUtil; - import org.apache.velocity.context.InternalContextAdapter; - import org.apache.velocity.exception.MethodInvocationException; -diff --git a/src/java/org/apache/velocity/runtime/parser/node/ASTStringLiteral.java b/src/java/org/apache/velocity/runtime/parser/node/ASTStringLiteral.java -index 2267993c..82cca27a 100644 ---- a/src/java/org/apache/velocity/runtime/parser/node/ASTStringLiteral.java -+++ b/src/java/org/apache/velocity/runtime/parser/node/ASTStringLiteral.java -@@ -21,7 +21,7 @@ import java.io.IOException; - import java.io.StringReader; - import java.io.StringWriter; - --import org.apache.commons.lang.text.StrBuilder; -+import org.apache.commons.lang3.text.StrBuilder; - import org.apache.velocity.context.InternalContextAdapter; - import org.apache.velocity.exception.TemplateInitException; - import org.apache.velocity.exception.VelocityException; -diff --git a/src/java/org/apache/velocity/runtime/parser/node/NodeUtils.java b/src/java/org/apache/velocity/runtime/parser/node/NodeUtils.java -index 713a86ae..0ac03fbc 100644 ---- a/src/java/org/apache/velocity/runtime/parser/node/NodeUtils.java -+++ b/src/java/org/apache/velocity/runtime/parser/node/NodeUtils.java -@@ -19,7 +19,7 @@ package org.apache.velocity.runtime.parser.node; - * under the License. - */ - --import org.apache.commons.lang.text.StrBuilder; -+import org.apache.commons.lang3.text.StrBuilder; - import org.apache.velocity.context.Context; - import org.apache.velocity.exception.MethodInvocationException; - import org.apache.velocity.runtime.parser.ParserConstants; -diff --git a/src/java/org/apache/velocity/runtime/parser/node/PropertyExecutor.java b/src/java/org/apache/velocity/runtime/parser/node/PropertyExecutor.java -index 8c78228e..20d6c185 100644 ---- a/src/java/org/apache/velocity/runtime/parser/node/PropertyExecutor.java -+++ b/src/java/org/apache/velocity/runtime/parser/node/PropertyExecutor.java -@@ -21,7 +21,7 @@ package org.apache.velocity.runtime.parser.node; - - import java.lang.reflect.InvocationTargetException; - --import org.apache.commons.lang.StringUtils; -+import org.apache.commons.lang3.StringUtils; - import org.apache.velocity.exception.VelocityException; - import org.apache.velocity.runtime.RuntimeLogger; - import org.apache.velocity.runtime.log.Log; -diff --git a/src/java/org/apache/velocity/runtime/parser/node/SetPropertyExecutor.java b/src/java/org/apache/velocity/runtime/parser/node/SetPropertyExecutor.java -index 0078d023..80887fad 100644 ---- a/src/java/org/apache/velocity/runtime/parser/node/SetPropertyExecutor.java -+++ b/src/java/org/apache/velocity/runtime/parser/node/SetPropertyExecutor.java -@@ -21,8 +21,8 @@ package org.apache.velocity.runtime.parser.node; - - import java.lang.reflect.InvocationTargetException; - --import org.apache.commons.lang.StringUtils; --import org.apache.commons.lang.text.StrBuilder; -+import org.apache.commons.lang3.StringUtils; -+import org.apache.commons.lang3.text.StrBuilder; - import org.apache.velocity.exception.VelocityException; - import org.apache.velocity.runtime.log.Log; - import org.apache.velocity.util.introspection.Introspector; -diff --git a/src/java/org/apache/velocity/runtime/parser/node/SimpleNode.java b/src/java/org/apache/velocity/runtime/parser/node/SimpleNode.java -index 108846f8..6372830f 100644 ---- a/src/java/org/apache/velocity/runtime/parser/node/SimpleNode.java -+++ b/src/java/org/apache/velocity/runtime/parser/node/SimpleNode.java -@@ -22,8 +22,8 @@ package org.apache.velocity.runtime.parser.node; - import java.io.IOException; - import java.io.Writer; - --import org.apache.commons.lang.builder.ToStringBuilder; --import org.apache.commons.lang.text.StrBuilder; -+import org.apache.commons.lang3.builder.ToStringBuilder; -+import org.apache.commons.lang3.text.StrBuilder; - import org.apache.velocity.context.InternalContextAdapter; - import org.apache.velocity.exception.MethodInvocationException; - import org.apache.velocity.exception.ParseErrorException; -diff --git a/src/java/org/apache/velocity/runtime/resource/ResourceManagerImpl.java b/src/java/org/apache/velocity/runtime/resource/ResourceManagerImpl.java -index 778b42a9..a396e42f 100644 ---- a/src/java/org/apache/velocity/runtime/resource/ResourceManagerImpl.java -+++ b/src/java/org/apache/velocity/runtime/resource/ResourceManagerImpl.java -@@ -158,7 +158,7 @@ public class ResourceManagerImpl - - Object cacheObject = null; - -- if (org.apache.commons.lang.StringUtils.isNotEmpty(cacheClassName)) -+ if (org.apache.commons.lang3.StringUtils.isNotEmpty(cacheClassName)) - { - try - { -@@ -534,7 +534,7 @@ public class ResourceManagerImpl - * this strikes me as bad... - */ - -- if (!org.apache.commons.lang.StringUtils.equals(resource.getEncoding(), encoding)) -+ if (!org.apache.commons.lang3.StringUtils.equals(resource.getEncoding(), encoding)) - { - log.warn("Declared encoding for template '" + - resource.getName() + -diff --git a/src/java/org/apache/velocity/runtime/resource/loader/ClasspathResourceLoader.java b/src/java/org/apache/velocity/runtime/resource/loader/ClasspathResourceLoader.java -index 52d09a98..bf48aa45 100644 ---- a/src/java/org/apache/velocity/runtime/resource/loader/ClasspathResourceLoader.java -+++ b/src/java/org/apache/velocity/runtime/resource/loader/ClasspathResourceLoader.java -@@ -22,7 +22,7 @@ package org.apache.velocity.runtime.resource.loader; - import java.io.InputStream; - - import org.apache.commons.collections.ExtendedProperties; --import org.apache.commons.lang.StringUtils; -+import org.apache.commons.lang3.StringUtils; - import org.apache.velocity.exception.ResourceNotFoundException; - import org.apache.velocity.runtime.resource.Resource; - import org.apache.velocity.util.ClassUtils; -diff --git a/src/java/org/apache/velocity/runtime/resource/loader/DataSourceResourceLoader.java b/src/java/org/apache/velocity/runtime/resource/loader/DataSourceResourceLoader.java -index f85b6d62..38ec30dc 100644 ---- a/src/java/org/apache/velocity/runtime/resource/loader/DataSourceResourceLoader.java -+++ b/src/java/org/apache/velocity/runtime/resource/loader/DataSourceResourceLoader.java -@@ -218,7 +218,7 @@ public class DataSourceResourceLoader extends ResourceLoader - public synchronized InputStream getResourceStream(final String name) - throws ResourceNotFoundException - { -- if (org.apache.commons.lang.StringUtils.isEmpty(name)) -+ if (org.apache.commons.lang3.StringUtils.isEmpty(name)) - { - throw new ResourceNotFoundException("DataSourceResourceLoader: Template name was empty or null"); - } -diff --git a/src/java/org/apache/velocity/runtime/resource/loader/FileResourceLoader.java b/src/java/org/apache/velocity/runtime/resource/loader/FileResourceLoader.java -index 923274a7..8580caeb 100644 ---- a/src/java/org/apache/velocity/runtime/resource/loader/FileResourceLoader.java -+++ b/src/java/org/apache/velocity/runtime/resource/loader/FileResourceLoader.java -@@ -118,7 +118,7 @@ public class FileResourceLoader extends ResourceLoader - /* - * Make sure we have a valid templateName. - */ -- if (org.apache.commons.lang.StringUtils.isEmpty(templateName)) -+ if (org.apache.commons.lang3.StringUtils.isEmpty(templateName)) - { - /* - * If we don't get a properly formed templateName then -diff --git a/src/java/org/apache/velocity/runtime/resource/loader/JarResourceLoader.java b/src/java/org/apache/velocity/runtime/resource/loader/JarResourceLoader.java -index 054d890e..71d6c083 100644 ---- a/src/java/org/apache/velocity/runtime/resource/loader/JarResourceLoader.java -+++ b/src/java/org/apache/velocity/runtime/resource/loader/JarResourceLoader.java -@@ -195,7 +195,7 @@ public class JarResourceLoader extends ResourceLoader - { - InputStream results = null; - -- if (org.apache.commons.lang.StringUtils.isEmpty(source)) -+ if (org.apache.commons.lang3.StringUtils.isEmpty(source)) - { - throw new ResourceNotFoundException("Need to have a resource!"); - } -diff --git a/src/java/org/apache/velocity/runtime/resource/loader/StringResourceLoader.java b/src/java/org/apache/velocity/runtime/resource/loader/StringResourceLoader.java -index 245c10b8..86a08b9d 100644 ---- a/src/java/org/apache/velocity/runtime/resource/loader/StringResourceLoader.java -+++ b/src/java/org/apache/velocity/runtime/resource/loader/StringResourceLoader.java -@@ -26,7 +26,7 @@ import java.io.ByteArrayInputStream; - import java.io.InputStream; - import java.io.UnsupportedEncodingException; - import org.apache.commons.collections.ExtendedProperties; --import org.apache.commons.lang.StringUtils; -+import org.apache.commons.lang3.StringUtils; - import org.apache.velocity.exception.ResourceNotFoundException; - import org.apache.velocity.exception.VelocityException; - import org.apache.velocity.runtime.resource.Resource; -diff --git a/src/java/org/apache/velocity/runtime/resource/loader/URLResourceLoader.java b/src/java/org/apache/velocity/runtime/resource/loader/URLResourceLoader.java -index de066367..74ab86a6 100644 ---- a/src/java/org/apache/velocity/runtime/resource/loader/URLResourceLoader.java -+++ b/src/java/org/apache/velocity/runtime/resource/loader/URLResourceLoader.java -@@ -26,7 +26,7 @@ import java.net.URL; - import java.net.URLConnection; - import java.util.HashMap; - import org.apache.commons.collections.ExtendedProperties; --import org.apache.commons.lang.StringUtils; -+import org.apache.commons.lang3.StringUtils; - import org.apache.velocity.exception.VelocityException; - import org.apache.velocity.exception.ResourceNotFoundException; - import org.apache.velocity.runtime.resource.Resource; -diff --git a/src/java/org/apache/velocity/util/introspection/ClassMap.java b/src/java/org/apache/velocity/util/introspection/ClassMap.java -index 00512892..2e128b7e 100644 ---- a/src/java/org/apache/velocity/util/introspection/ClassMap.java -+++ b/src/java/org/apache/velocity/util/introspection/ClassMap.java -@@ -23,7 +23,7 @@ import java.lang.reflect.Method; - import java.lang.reflect.Modifier; - import java.util.HashMap; - import java.util.Map; --import org.apache.commons.lang.text.StrBuilder; -+import org.apache.commons.lang3.text.StrBuilder; - import org.apache.velocity.runtime.log.Log; - import org.apache.velocity.util.MapFactory; - -diff --git a/src/test/org/apache/velocity/io/UnicodeInputStreamTestCase.java b/src/test/org/apache/velocity/io/UnicodeInputStreamTestCase.java -index 02499985..4b0b254f 100644 ---- a/src/test/org/apache/velocity/io/UnicodeInputStreamTestCase.java -+++ b/src/test/org/apache/velocity/io/UnicodeInputStreamTestCase.java -@@ -27,7 +27,7 @@ import junit.framework.Test; - import junit.framework.TestCase; - import junit.framework.TestSuite; - --import org.apache.commons.lang.ArrayUtils; -+import org.apache.commons.lang3.ArrayUtils; - - - /** -diff --git a/src/test/org/apache/velocity/test/BaseTestCase.java b/src/test/org/apache/velocity/test/BaseTestCase.java -index 0ea00cbd..798a322b 100644 ---- a/src/test/org/apache/velocity/test/BaseTestCase.java -+++ b/src/test/org/apache/velocity/test/BaseTestCase.java -@@ -353,7 +353,7 @@ public abstract class BaseTestCase extends TestCase implements TemplateTestBase - buf.append(baseFile.getPath()); - } - -- if (org.apache.commons.lang.StringUtils.isNotEmpty(ext)) -+ if (org.apache.commons.lang3.StringUtils.isNotEmpty(ext)) - { - buf.append('.').append(ext); - } -diff --git a/src/test/org/apache/velocity/test/MethodCacheKeyTestCase.java b/src/test/org/apache/velocity/test/MethodCacheKeyTestCase.java -index 77dfc54e..4befc6ef 100644 ---- a/src/test/org/apache/velocity/test/MethodCacheKeyTestCase.java -+++ b/src/test/org/apache/velocity/test/MethodCacheKeyTestCase.java -@@ -21,7 +21,7 @@ package org.apache.velocity.test; - - import junit.framework.TestCase; - --import org.apache.commons.lang.ArrayUtils; -+import org.apache.commons.lang3.ArrayUtils; - import org.apache.velocity.runtime.parser.node.ASTMethod; - - /** --- -2.25.4 - diff --git a/0001-Template-is-a-reserved-keyword-in-javacc.patch b/0001-Template-is-a-reserved-keyword-in-javacc.patch new file mode 100644 index 0000000..6132246 --- /dev/null +++ b/0001-Template-is-a-reserved-keyword-in-javacc.patch @@ -0,0 +1,50 @@ +From 4275860ed4a69047f783f0c06004ba4f1256a994 Mon Sep 17 00:00:00 2001 +From: Mikolaj Izdebski +Date: Wed, 23 Aug 2023 08:49:53 +0200 +Subject: [PATCH] Template is a reserved keyword in javacc + +Forwarded: no +--- + velocity-engine-core/src/main/parser/Parser.jjt | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/velocity-engine-core/src/main/parser/Parser.jjt b/velocity-engine-core/src/main/parser/Parser.jjt +index 593d044b..f3bed948 100644 +--- a/velocity-engine-core/src/main/parser/Parser.jjt ++++ b/velocity-engine-core/src/main/parser/Parser.jjt +@@ -234,12 +234,12 @@ public class ${parser.basename}Parser implements Parser + * the new stream that we want parsed. + */ + @Override +- public SimpleNode parse( Reader reader, Template template ) ++ public SimpleNode parse( Reader reader, Template tmplate ) + throws ParseException + { + SimpleNode sn = null; + +- currentTemplate = template; ++ currentTemplate = tmplate; + + try + { +@@ -267,7 +267,7 @@ public class ${parser.basename}Parser implements Parser + * thrown by the Macro class when something is amiss in the + * Macro specification + */ +- log.error("{}: {}", template.getName(), mee.getMessage(), mee); ++ log.error("{}: {}", tmplate.getName(), mee.getMessage(), mee); + throw mee; + } + catch (ParseException pe) +@@ -282,7 +282,7 @@ public class ${parser.basename}Parser implements Parser + } + catch (Exception e) + { +- String msg = template.getName() + ": " + e.getMessage(); ++ String msg = tmplate.getName() + ": " + e.getMessage(); + log.error(msg, e); + throw new VelocityException(msg, e, getRuntimeServices().getLogContext().getStackTrace()); + } +-- +2.41.0 + diff --git a/0002-Force-use-of-JDK-log-chute.patch b/0002-Force-use-of-JDK-log-chute.patch deleted file mode 100644 index c3c2235..0000000 --- a/0002-Force-use-of-JDK-log-chute.patch +++ /dev/null @@ -1,25 +0,0 @@ -From b2eee6ccc6ef24e084567a0a38d21fa3765df6ad Mon Sep 17 00:00:00 2001 -From: Mikolaj Izdebski -Date: Fri, 15 May 2020 09:56:26 +0200 -Subject: [PATCH 2/2] Force use of JDK log chute - ---- - .../org/apache/velocity/runtime/defaults/velocity.properties | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/java/org/apache/velocity/runtime/defaults/velocity.properties b/src/java/org/apache/velocity/runtime/defaults/velocity.properties -index 750a59af..855118b9 100644 ---- a/src/java/org/apache/velocity/runtime/defaults/velocity.properties -+++ b/src/java/org/apache/velocity/runtime/defaults/velocity.properties -@@ -23,7 +23,7 @@ - # default LogChute to use: default: AvalonLogChute, Log4JLogChute, CommonsLogLogChute, ServletLogChute, JdkLogChute - # ---------------------------------------------------------------------------- - --runtime.log.logsystem.class = org.apache.velocity.runtime.log.AvalonLogChute,org.apache.velocity.runtime.log.Log4JLogChute,org.apache.velocity.runtime.log.CommonsLogLogChute,org.apache.velocity.runtime.log.ServletLogChute,org.apache.velocity.runtime.log.JdkLogChute -+runtime.log.logsystem.class = org.apache.velocity.runtime.log.JdkLogChute - - # --------------------------------------------------------------------------- - # This is the location of the Velocity Runtime log. --- -2.25.4 - diff --git a/0003-CVE-2020-13936.patch b/0003-CVE-2020-13936.patch deleted file mode 100644 index 5e9f9b3..0000000 --- a/0003-CVE-2020-13936.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 3be84770e7fbe6f000f0c002905e86fe1412d551 Mon Sep 17 00:00:00 2001 -From: Marian Koncek -Date: Thu, 11 Mar 2021 16:22:50 +0100 -Subject: [PATCH] CVE-2020-13936 - -From upstream patches: -https://github.com/apache/velocity-engine/commit/1ba60771d23dae7e6b3138ae6bee09cf6f9d2485 -https://github.com/apache/velocity-engine/commit/15909056fe51f5d39d49e101d706d3075876dde4 -https://github.com/apache/velocity-engine/commit/3f5d477bb4f4397bed2d2926c35dcef7de3aae3e - ---- - .../velocity/runtime/defaults/velocity.properties | 15 ++++++++++----- - .../introspection/SecureIntrospectorImpl.java | 9 +++++++++ - 2 files changed, 19 insertions(+), 5 deletions(-) - -diff --git a/src/java/org/apache/velocity/runtime/defaults/velocity.properties b/src/java/org/apache/velocity/runtime/defaults/velocity.properties -index 855118b..a8a9231 100644 ---- a/src/java/org/apache/velocity/runtime/defaults/velocity.properties -+++ b/src/java/org/apache/velocity/runtime/defaults/velocity.properties -@@ -245,15 +245,16 @@ runtime.introspector.uberspect = org.apache.velocity.util.introspection.Uberspec - # accessed. - # ---------------------------------------------------------------------------- - -+# Prohibit reflection - introspector.restrict.packages = java.lang.reflect - - # The two most dangerous classes -+# ClassLoader, Thread, and subclasses disabled by default in SecureIntrospectorImpl - --introspector.restrict.classes = java.lang.Class --introspector.restrict.classes = java.lang.ClassLoader -- --# Restrict these for extra safety -+# Restrict these system classes. Note that anything in this list is matched exactly. -+# (Subclasses must be explicitly named to be included). - -+introspector.restrict.classes = java.lang.Class - introspector.restrict.classes = java.lang.Compiler - introspector.restrict.classes = java.lang.InheritableThreadLocal - introspector.restrict.classes = java.lang.Package -@@ -262,8 +263,12 @@ introspector.restrict.classes = java.lang.Runtime - introspector.restrict.classes = java.lang.RuntimePermission - introspector.restrict.classes = java.lang.SecurityManager - introspector.restrict.classes = java.lang.System --introspector.restrict.classes = java.lang.Thread - introspector.restrict.classes = java.lang.ThreadGroup - introspector.restrict.classes = java.lang.ThreadLocal - -+# Restrict instance managers for common servlet containers (Tomcat, JBoss, Jetty) - -+introspector.restrict.classes = org.apache.catalina.core.DefaultInstanceManager -+introspector.restrict.classes = org.apache.tomcat.SimpleInstanceManager -+introspector.restrict.classes = org.wildfly.extension.undertow.deployment.UndertowJSPInstanceManager -+introspector.restrict.classes = org.eclipse.jetty.util.DecoratedObjectFactory -diff --git a/src/java/org/apache/velocity/util/introspection/SecureIntrospectorImpl.java b/src/java/org/apache/velocity/util/introspection/SecureIntrospectorImpl.java -index f317b1c..25fc84d 100644 ---- a/src/java/org/apache/velocity/util/introspection/SecureIntrospectorImpl.java -+++ b/src/java/org/apache/velocity/util/introspection/SecureIntrospectorImpl.java -@@ -121,6 +121,15 @@ public class SecureIntrospectorImpl extends Introspector implements SecureIntros - return true; - } - -+ /** -+ * Always disallow ClassLoader, Thread and subclasses -+ */ -+ if (ClassLoader.class.isAssignableFrom(clazz) || -+ Thread.class.isAssignableFrom(clazz)) -+ { -+ return false; -+ } -+ - /** - * check the classname (minus any array info) - * whether it matches disallowed classes or packages --- -2.29.2 - diff --git a/generate-tarball.sh b/generate-tarball.sh deleted file mode 100755 index 1457e3a..0000000 --- a/generate-tarball.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -set -e - -name=velocity -version="$(sed -n 's/Version:\s*//p' *.spec)" - -# RETRIEVE -wget "http://www.apache.org/dist/${name}/engine/${version}/${name}-${version}.tar.gz" -O "${name}-${version}.orig.tar.gz" - -rm -rf tarball-tmp -mkdir tarball-tmp -pushd tarball-tmp -tar xf "../${name}-${version}.orig.tar.gz" - -# CLEAN TARBALL -rm -r */*.jar -rm -r */lib - -tar -czf "../${name}-${version}.tar.gz" * -popd -rm -r tarball-tmp "${name}-${version}.orig.tar.gz" diff --git a/sources b/sources index acce6ea..2e08c21 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -SHA512 (velocity-1.7.tar.gz) = d305642aab3c837ad250deaa46b516561fb68f92d04fc205fd4f40eb774ba6286ed3b239ee6352bc4411bd11cb4d1d5b39ce9ab8467f0e1ffceed9f9fc5a228d -SHA512 (velocity-1.7.pom) = 04e8850d391dc16501caa7127fb0b62bb3681dc912d6275056dd57f12d7928db6a1232600e7b0025782a22713fcb134fe41e148ca7601af705f3283feb854cde +SHA512 (velocity-2.3.tar.gz) = 987f2991a96fa8fae43ff2f72d6a57b25b1cb7d98b7def7a1a6e9a308c8b5b86e394444c47ee0eca8b70d41b341759c7309404dc4b952dbc65fc3a5b92d46cdb diff --git a/velocity.spec b/velocity.spec index 7711b92..da94227 100644 --- a/velocity.spec +++ b/velocity.spec @@ -1,31 +1,31 @@ %bcond_with bootstrap Name: velocity -Version: 1.7 -Release: 41%{?dist} +Version: 2.3 +Release: 1%{?dist} Summary: Java-based template engine License: ASL 2.0 URL: http://velocity.apache.org/ BuildArch: noarch ExclusiveArch: %{java_arches} noarch -# ./generate-tarball.sh -Source0: %{name}-%{version}.tar.gz -Source1: http://repo1.maven.org/maven2/org/apache/%{name}/%{name}/%{version}/%{name}-%{version}.pom -# Remove bundled binaries which cannot be easily verified for licensing -Source2: generate-tarball.sh +Source0: https://github.com/apache/velocity-engine/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz -Patch1: 0001-Port-to-apache-commons-lang3.patch -Patch2: 0002-Force-use-of-JDK-log-chute.patch -Patch3: 0003-CVE-2020-13936.patch +Patch0: 0001-Template-is-a-reserved-keyword-in-javacc.patch %if %{with bootstrap} BuildRequires: javapackages-bootstrap %else BuildRequires: maven-local -BuildRequires: mvn(commons-collections:commons-collections) +BuildRequires: mvn(commons-io:commons-io) BuildRequires: mvn(org.apache.commons:commons-lang3) -BuildRequires: mvn(org.apache:apache:pom:) +BuildRequires: mvn(org.apache.felix:maven-bundle-plugin) +BuildRequires: mvn(org.apache.maven.plugins:maven-enforcer-plugin) +BuildRequires: mvn(org.apache.maven.plugins:maven-source-plugin) +BuildRequires: mvn(org.codehaus.mojo:extra-enforcer-rules) +BuildRequires: mvn(org.codehaus.mojo:javacc-maven-plugin) +BuildRequires: mvn(org.slf4j:slf4j-api) +BuildRequires: mvn(junit:junit) %endif %description @@ -56,48 +56,49 @@ Summary: Javadoc for %{name} Javadoc for %{name}. %prep -%setup -q -cp %{SOURCE1} ./pom.xml -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 +%setup -q -n velocity-engine-%{version} +%patch0 -p1 -find . -name '*.jar' ! -name 'test*.jar' -print -delete -find . -name '*.class' ! -name 'Foo.class' -print -delete +%mvn_alias : velocity:velocity +%mvn_alias : org.apache.velocity:velocity -# Disable unneeded features -rm -r src/java/org/apache/velocity/{anakia,texen,servlet,convert} -rm src/java/org/apache/velocity/runtime/log/{Avalon,Log4J}Log{Chute,System}.java -rm src/java/org/apache/velocity/runtime/log/{CommonsLog,Servlet}LogChute.java -rm src/java/org/apache/velocity/runtime/log/SimpleLog4JLogSystem.java -rm src/java/org/apache/velocity/runtime/log/VelocityFormatter.java -rm src/java/org/apache/velocity/app/event/implement/Escape{Html,JavaScript,Sql,Xml,}Reference.java +%pom_remove_parent +%pom_xpath_inject pom:project "org.apache.velocity" -%pom_remove_dep :oro -%pom_remove_dep :jdom -%pom_remove_dep :commons-logging -%pom_remove_dep :log4j -%pom_remove_dep :servlet-api -%pom_remove_dep :logkit -%pom_remove_dep :ant -%pom_remove_dep :werken-xpath +%pom_disable_module spring-velocity-support +%pom_disable_module velocity-custom-parser-example +%pom_disable_module velocity-engine-examples +%pom_disable_module velocity-engine-scripting -%mvn_alias : %{name}:%{name} +%pom_remove_plugin :maven-javadoc-plugin + +%pom_remove_plugin :templating-maven-plugin velocity-engine-core +sed 's/${project.version}/%{version}/' \ + velocity-engine-core/src/main/java-templates/org/apache/velocity/runtime/VelocityEngineVersion.java \ + >velocity-engine-core/src/main/java/org/apache/velocity/runtime/VelocityEngineVersion.java + +%pom_remove_plugin com.google.code.maven-replacer-plugin:replacer velocity-engine-core +%pom_remove_plugin :maven-shade-plugin velocity-engine-core + +%pom_xpath_remove "pom:dependency[pom:scope='test']" velocity-engine-core %build -%mvn_build -f +%mvn_build -f -- -Djavacc.visitor=false %install %mvn_install %files -f .mfiles -%doc README.txt +%doc README.md %license LICENSE NOTICE %files javadoc -f .mfiles-javadoc %license LICENSE NOTICE %changelog +* Fri Aug 25 2023 Mikolaj Izdebski - 2.3-1 +- Update to upstream version 2.3 + * Sat Jul 22 2023 Fedora Release Engineering - 1.7-41 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild