rpms
/
jakarta-commons-httpclient
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import jakarta-commons-httpclient-3.1-28.module+el8+2468+c564cec5

Browse Source
c8-stream-10.6 imports/c8-stream-10.6/jakarta-commons-httpclient-3.1-28.module+el8+2468+c564cec5
CentOS Sources 6 years ago committed by MSVSphere Packaging Team
commit 8fcd9b1881
10 changed files with 1185 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape View File

@ -0,0 +1 @@
SOURCES/commons-httpclient-3.1-src.tar.gz

1
.jakarta-commons-httpclient.metadata
Unescape View File

@ -0,0 +1 @@
5c604f102e0716597b3d2659ac3e77f80a02f22d SOURCES/commons-httpclient-3.1-src.tar.gz

254
SOURCES/commons-httpclient-3.1.pom
Unescape View File

@ -0,0 +1,254 @@
<?xml version="1.0" encoding="UTF-8"?><project>
<modelVersion>4.0.0</modelVersion>
<groupId>commons-httpclient</groupId>
<artifactId>commons-httpclient</artifactId>
<name>HttpClient</name>
<version>3.1</version>
<description>The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.</description>
<url>http://jakarta.apache.org/httpcomponents/httpclient-3.x/</url>
<issueManagement>
<url>http://issues.apache.org/jira/browse/HTTPCLIENT</url>
</issueManagement>
<ciManagement>
<notifiers>
<notifier>
<configuration>
<address>httpcomponents-dev@jakarta.apache.org</address>
</configuration>
</notifier>
</notifiers>
</ciManagement>
<inceptionYear>2001</inceptionYear>
<mailingLists>
<mailingList>
<name>HttpComponents Developer List</name>
<subscribe>httpcomponents-dev-subscribe@jakarta.apache.org</subscribe>
<unsubscribe>httpcomponents-dev-unsubscribe@jakarta.apache.org</unsubscribe>
<archive>http://mail-archives.apache.org/mod_mbox/jakarta-httpcomponents-dev/</archive>
</mailingList>
<mailingList>
<name>HttpClient User List</name>
<subscribe>httpclient-user-subscribe@jakarta.apache.org</subscribe>
<unsubscribe>httpclient-user-unsubscribe@jakarta.apache.org</unsubscribe>
<archive>http://mail-archives.apache.org/mod_mbox/jakarta-httpclient-user/</archive>
</mailingList>
</mailingLists>
<developers>
<developer>
<id>mbecke</id>
<name>Michael Becke</name>
<email>mbecke -at- apache.org</email>
<organization></organization>
<roles>
<role>Release Prime</role>
<role>Java Developer</role>
</roles>
</developer>
<developer>
<id>jsdever</id>
<name>Jeff Dever</name>
<email>jsdever -at- apache.org</email>
<organization>Independent consultant</organization>
<roles>
<role>2.0 Release Prime</role>
<role>Java Developer</role>
</roles>
</developer>
<developer>
<id>dion</id>
<name>dIon Gillard</name>
<email>dion -at- apache.org</email>
<organization>Multitask Consulting</organization>
<roles>
<role>Java Developer</role>
</roles>
</developer>
<developer>
<id>oglueck</id>
<name>Ortwin Glueck</name>
<email>oglueck -at- apache.org</email>
<url>http://www.odi.ch/</url>
<organization></organization>
<roles>
<role>Java Developer</role>
</roles>
</developer>
<developer>
<id>jericho</id>
<name>Sung-Gu</name>
<email>jericho -at- apache.org</email>
<organization></organization>
<roles>
<role>Java Developer</role>
</roles>
</developer>
<developer>
<id>olegk</id>
<name>Oleg Kalnichevski</name>
<email>olegk -at- apache.org</email>
<roles>
<role>Java Developer</role>
</roles>
</developer>
<developer>
<id>sullis</id>
<name>Sean C. Sullivan</name>
<email>sullis -at- apache.org</email>
<organization>Independent consultant</organization>
<roles>
<role>Java Developer</role>
</roles>
</developer>
<developer>
<id>adrian</id>
<name>Adrian Sutton</name>
<email>adrian.sutton -at- ephox.com</email>
<organization>Intencha</organization>
<roles>
<role>Java Developer</role>
</roles>
</developer>
<developer>
<id>rwaldhoff</id>
<name>Rodney Waldhoff</name>
<email>rwaldhoff -at- apache</email>
<organization>Britannica</organization>
<roles>
<role>Java Developer</role>
</roles>
</developer>
</developers>
<contributors>
<contributor>
<name>Armando Anton</name>
<email>armando.anton -at- newknow.com</email>
</contributor>
<contributor>
<name>Sebastian Bazley</name>
<email>sebb -at- apache.org</email>
</contributor>
<contributor>
<name>Ola Berg</name>
<email></email>
</contributor>
<contributor>
<name>Sam Berlin</name>
<email>sberlin -at- limepeer.com</email>
</contributor>
<contributor>
<name>Mike Bowler</name>
<email></email>
</contributor>
<contributor>
<name>Samit Jain</name>
<email>jain.samit -at- gmail.com</email>
</contributor>
<contributor>
<name>Eric Johnson</name>
<email>eric -at- tibco.com</email>
</contributor>
<contributor>
<name>Christian Kohlschuetter</name>
<email>ck -at- newsclub.de</email>
</contributor>
<contributor>
<name>Ryan Lubke</name>
<email>Ryan.Lubke -at- Sun.COM</email>
</contributor>
<contributor>
<name>Sam Maloney</name>
<email>sam.maloney -at- filogix.com</email>
</contributor>
<contributor>
<name>Rob Di Marco</name>
<email>rdimarco -at- hmsonline.com</email>
</contributor>
<contributor>
<name>Juergen Pill</name>
<email>Juergen.Pill -at- softwareag.com</email>
</contributor>
<contributor>
<name>Mohammad Rezaei</name>
<email>mohammad.rezaei -at- gs.com</email>
</contributor>
<contributor>
<name>Roland Weber</name>
<email>rolandw -at- apache.org</email>
</contributor>
<contributor>
<name>Laura Werner</name>
<email>laura -at- lwerner.org</email>
</contributor>
<contributor>
<name>Mikael Wilstrom</name>
<email>mikael.wikstrom -at- it.su.se</email>
</contributor>
</contributors>
<licenses>
<license>
<name>Apache License</name>
<url>http://www.apache.org/licenses/LICENSE-2.0</url>
</license>
</licenses>
<scm>
<connection>scm:svn:http://svn.apache.org/repos/asf/jakarta/httpcomponents/oac.hc3x/trunk</connection>
<url>http://svn.apache.org/repos/asf/jakarta/httpcomponents/oac.hc3x/trunk</url>
</scm>
<organization>
<name>Apache Software Foundation</name>
<url>http://jakarta.apache.org/</url>
</organization>
<build>
<sourceDirectory>src/java</sourceDirectory>
<testSourceDirectory>src/test</testSourceDirectory>
<resources>
<resource>
<directory>src/resources</directory>
</resource>
</resources>
<testResources>
<testResource>
<directory>src/test</directory>
<includes>
<include>**/*.keystore</include>
</includes>
</testResource>
</testResources>
<plugins>
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<includes>
<include>**/TestAll.java</include>
</includes>
</configuration>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.0.4</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.2</version>
</dependency>
</dependencies>
<distributionManagement>
<site>
<id>default</id>
<name>Default Site</name>
<url>scp://people.apache.org//www/jakarta.apache.org/httpcomponents/httpclient-3.x/</url>
</site>
<status>converted</status>
</distributionManagement>
</project>

373
SOURCES/jakarta-commons-httpclient-CVE-2012-5783.patch
Unescape View File

@ -0,0 +1,373 @@
Index: oac.hc3x/trunk/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
===================================================================
diff -u -N -r608014 -r1422573
--- oac.hc3x/trunk/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java (.../SSLProtocolSocketFactory.java) (revision 608014)
+++ oac.hc3x/trunk/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java (.../SSLProtocolSocketFactory.java) (revision 1422573)
@@ -31,10 +31,25 @@
package org.apache.commons.httpclient.protocol;
import java.io.IOException;
+import java.io.InputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateParsingException;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Locale;
+import java.util.StringTokenizer;
+import java.util.regex.Pattern;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.commons.httpclient.ConnectTimeoutException;
@@ -55,6 +70,11 @@
*/
private static final SSLProtocolSocketFactory factory = new SSLProtocolSocketFactory();
+ // This is a a sorted list, if you insert new elements do it orderdered.
+ private final static String[] BAD_COUNTRY_2LDS =
+ {"ac", "co", "com", "ed", "edu", "go", "gouv", "gov", "info",
+ "lg", "ne", "net", "or", "org"};
+
/**
* Gets an singleton instance of the SSLProtocolSocketFactory.
* @return a SSLProtocolSocketFactory
@@ -79,12 +99,14 @@
InetAddress clientHost,
int clientPort)
throws IOException, UnknownHostException {
- return SSLSocketFactory.getDefault().createSocket(
+ Socket sslSocket = SSLSocketFactory.getDefault().createSocket(
host,
port,
clientHost,
clientPort
);
+ verifyHostName(host, (SSLSocket) sslSocket);
+ return sslSocket;
}
/**
@@ -124,16 +146,19 @@
}
int timeout = params.getConnectionTimeout();
if (timeout == 0) {
- return createSocket(host, port, localAddress, localPort);
+ Socket sslSocket = createSocket(host, port, localAddress, localPort);
+ verifyHostName(host, (SSLSocket) sslSocket);
+ return sslSocket;
} else {
// To be eventually deprecated when migrated to Java 1.4 or above
- Socket socket = ReflectionSocketFactory.createSocket(
+ Socket sslSocket = ReflectionSocketFactory.createSocket(
"javax.net.ssl.SSLSocketFactory", host, port, localAddress, localPort, timeout);
- if (socket == null) {
- socket = ControllerThreadSocketFactory.createSocket(
+ if (sslSocket == null) {
+ sslSocket = ControllerThreadSocketFactory.createSocket(
this, host, port, localAddress, localPort, timeout);
}
- return socket;
+ verifyHostName(host, (SSLSocket) sslSocket);
+ return sslSocket;
}
}
@@ -142,10 +167,12 @@
*/
public Socket createSocket(String host, int port)
throws IOException, UnknownHostException {
- return SSLSocketFactory.getDefault().createSocket(
+ Socket sslSocket = SSLSocketFactory.getDefault().createSocket(
host,
port
);
+ verifyHostName(host, (SSLSocket) sslSocket);
+ return sslSocket;
}
/**
@@ -157,15 +184,273 @@
int port,
boolean autoClose)
throws IOException, UnknownHostException {
- return ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket(
+ Socket sslSocket = ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket(
socket,
host,
port,
autoClose
);
+ verifyHostName(host, (SSLSocket) sslSocket);
+ return sslSocket;
}
+
+
+
/**
+ * Verifies that the given hostname in certicifate is the hostname we are trying to connect to
+ * http://www.cvedetails.com/cve/CVE-2012-5783/
+ * @param host
+ * @param ssl
+ * @throws IOException
+ */
+
+ private static void verifyHostName(String host, SSLSocket ssl)
+ throws IOException {
+ if (host == null) {
+ throw new IllegalArgumentException("host to verify was null");
+ }
+
+ SSLSession session = ssl.getSession();
+ if (session == null) {
+ // In our experience this only happens under IBM 1.4.x when
+ // spurious (unrelated) certificates show up in the server's chain.
+ // Hopefully this will unearth the real problem:
+ InputStream in = ssl.getInputStream();
+ in.available();
+ /*
+ If you're looking at the 2 lines of code above because you're
+ running into a problem, you probably have two options:
+
+ #1. Clean up the certificate chain that your server
+ is presenting (e.g. edit "/etc/apache2/server.crt" or
+ wherever it is your server's certificate chain is
+ defined).
+
+ OR
+
+ #2. Upgrade to an IBM 1.5.x or greater JVM, or switch to a
+ non-IBM JVM.
+ */
+
+ // If ssl.getInputStream().available() didn't cause an exception,
+ // maybe at least now the session is available?
+ session = ssl.getSession();
+ if (session == null) {
+ // If it's still null, probably a startHandshake() will
+ // unearth the real problem.
+ ssl.startHandshake();
+
+ // Okay, if we still haven't managed to cause an exception,
+ // might as well go for the NPE. Or maybe we're okay now?
+ session = ssl.getSession();
+ }
+ }
+
+ Certificate[] certs = session.getPeerCertificates();
+ verifyHostName(host.trim().toLowerCase(Locale.US), (X509Certificate) certs[0]);
+ }
+ /**
+ * Extract the names from the certificate and tests host matches one of them
+ * @param host
+ * @param cert
+ * @throws SSLException
+ */
+
+ private static void verifyHostName(final String host, X509Certificate cert)
+ throws SSLException {
+ // I'm okay with being case-insensitive when comparing the host we used
+ // to establish the socket to the hostname in the certificate.
+ // Don't trim the CN, though.
+
+ String cn = getCN(cert);
+ String[] subjectAlts = getDNSSubjectAlts(cert);
+ verifyHostName(host, cn.toLowerCase(Locale.US), subjectAlts);
+
+ }
+
+ /**
+ * Extract all alternative names from a certificate.
+ * @param cert
+ * @return
+ */
+ private static String[] getDNSSubjectAlts(X509Certificate cert) {
+ LinkedList subjectAltList = new LinkedList();
+ Collection c = null;
+ try {
+ c = cert.getSubjectAlternativeNames();
+ } catch (CertificateParsingException cpe) {
+ // Should probably log.debug() this?
+ cpe.printStackTrace();
+ }
+ if (c != null) {
+ Iterator it = c.iterator();
+ while (it.hasNext()) {
+ List list = (List) it.next();
+ int type = ((Integer) list.get(0)).intValue();
+ // If type is 2, then we've got a dNSName
+ if (type == 2) {
+ String s = (String) list.get(1);
+ subjectAltList.add(s);
+ }
+ }
+ }
+ if (!subjectAltList.isEmpty()) {
+ String[] subjectAlts = new String[subjectAltList.size()];
+ subjectAltList.toArray(subjectAlts);
+ return subjectAlts;
+ } else {
+ return new String[0];
+ }
+
+ }
+ /**
+ * Verifies
+ * @param host
+ * @param cn
+ * @param subjectAlts
+ * @throws SSLException
+ */
+
+ private static void verifyHostName(final String host, String cn, String[] subjectAlts)throws SSLException{
+ StringBuffer cnTested = new StringBuffer();
+
+ for (int i = 0; i < subjectAlts.length; i++){
+ String name = subjectAlts[i];
+ if (name != null) {
+ name = name.toLowerCase();
+ if (verifyHostName(host, name)){
+ return;
+ }
+ cnTested.append("/").append(name);
+ }
+ }
+ if (cn != null && verifyHostName(host, cn)){
+ return;
+ }
+ cnTested.append("/").append(cn);
+ throw new SSLException("hostname in certificate didn't match: <"
+ + host + "> != <" + cnTested + ">");
+
+ }
+
+ private static boolean verifyHostName(final String host, final String cn){
+ if (doWildCard(cn) && !isIPAddress(host)) {
+ return matchesWildCard(cn, host);
+ }
+ return host.equalsIgnoreCase(cn);
+ }
+ private static boolean doWildCard(String cn) {
+ // Contains a wildcard
+ // wildcard in the first block
+ // not an ipaddress (ip addres must explicitily be equal)
+ // not using 2nd level common tld : ex: not for *.co.uk
+ String parts[] = cn.split("\\.");
+ return parts.length >= 3 &&
+ parts[0].endsWith("*") &&
+ acceptableCountryWildcard(cn) &&
+ !isIPAddress(cn);
+ }
+
+
+ private static final Pattern IPV4_PATTERN =
+ Pattern.compile("^(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}$");
+
+ private static final Pattern IPV6_STD_PATTERN =
+ Pattern.compile("^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$");
+
+ private static final Pattern IPV6_HEX_COMPRESSED_PATTERN =
+ Pattern.compile("^((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)::((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)$");
+
+
+ private static boolean isIPAddress(final String hostname) {
+ return hostname != null
+ && (
+ IPV4_PATTERN.matcher(hostname).matches()
+ || IPV6_STD_PATTERN.matcher(hostname).matches()
+ || IPV6_HEX_COMPRESSED_PATTERN.matcher(hostname).matches()
+ );
+
+ }
+
+ private static boolean acceptableCountryWildcard(final String cn) {
+ // The CN better have at least two dots if it wants wildcard action,
+ // but can't be [*.co.uk] or [*.co.jp] or [*.org.uk], etc...
+ // The [*.co.uk] problem is an interesting one. Should we just
+ // hope that CA's would never foolishly allow such a
+ // certificate to happen?
+
+ String[] parts = cn.split("\\.");
+ // Only checks for 3 levels, with country code of 2 letters.
+ if (parts.length > 3 || parts[parts.length - 1].length() != 2) {
+ return true;
+ }
+ String countryCode = parts[parts.length - 2];
+ return Arrays.binarySearch(BAD_COUNTRY_2LDS, countryCode) < 0;
+ }
+
+ private static boolean matchesWildCard(final String cn,
+ final String hostName) {
+ String parts[] = cn.split("\\.");
+ boolean match = false;
+ String firstpart = parts[0];
+ if (firstpart.length() > 1) {
+ // server
+ // e.g. server
+ String prefix = firstpart.substring(0, firstpart.length() - 1);
+ // skipwildcard part from cn
+ String suffix = cn.substring(firstpart.length());
+ // skip wildcard part from host
+ String hostSuffix = hostName.substring(prefix.length());
+ match = hostName.startsWith(prefix) && hostSuffix.endsWith(suffix);
+ } else {
+ match = hostName.endsWith(cn.substring(1));
+ }
+ if (match) {
+ // I f we're in strict mode ,
+ // [ .foo.com] is not allowed to match [a.b.foo.com]
+ match = countDots(hostName) == countDots(cn);
+ }
+ return match;
+ }
+
+ private static int countDots(final String data) {
+ int dots = 0;
+ for (int i = 0; i < data.length(); i++) {
+ if (data.charAt(i) == '.') {
+ dots += 1;
+ }
+ }
+ return dots;
+ }
+
+ private static String getCN(X509Certificate cert) {
+ // Note: toString() seems to do a better job than getName()
+ //
+ // For example, getName() gives me this:
+ // 1.2.840.113549.1.9.1=#16166a756c6975736461766965734063756362632e636f6d
+ //
+ // whereas toString() gives me this:
+ // EMAILADDRESS=juliusdavies@cucbc.com
+ String subjectPrincipal = cert.getSubjectX500Principal().toString();
+
+ return getCN(subjectPrincipal);
+
+ }
+ private static String getCN(String subjectPrincipal) {
+ StringTokenizer st = new StringTokenizer(subjectPrincipal, ",");
+ while(st.hasMoreTokens()) {
+ String tok = st.nextToken().trim();
+ if (tok.length() > 3) {
+ if (tok.substring(0, 3).equalsIgnoreCase("CN=")) {
+ return tok.substring(3);
+ }
+ }
+ }
+ return null;
+ }
+
+ /**
* All instances of SSLProtocolSocketFactory are the same.
*/
public boolean equals(Object obj) {

80
SOURCES/jakarta-commons-httpclient-CVE-2014-3577.patch
Unescape View File

@ -0,0 +1,80 @@
diff --git a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
index fa0acc7..e6ce513 100644
--- a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
+++ b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
@@ -44,9 +44,15 @@ import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
-import java.util.StringTokenizer;
+import java.util.NoSuchElementException;
import java.util.regex.Pattern;
+import javax.naming.InvalidNameException;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
@@ -424,28 +430,39 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory {
return dots;
}
- private static String getCN(X509Certificate cert) {
- // Note: toString() seems to do a better job than getName()
- //
- // For example, getName() gives me this:
- // 1.2.840.113549.1.9.1=#16166a756c6975736461766965734063756362632e636f6d
- //
- // whereas toString() gives me this:
- // EMAILADDRESS=juliusdavies@cucbc.com
- String subjectPrincipal = cert.getSubjectX500Principal().toString();
-
- return getCN(subjectPrincipal);
-
+ private static String getCN(final X509Certificate cert) {
+ final String subjectPrincipal = cert.getSubjectX500Principal().toString();
+ try {
+ return extractCN(subjectPrincipal);
+ } catch (SSLException ex) {
+ return null;
+ }
}
- private static String getCN(String subjectPrincipal) {
- StringTokenizer st = new StringTokenizer(subjectPrincipal, ",");
- while(st.hasMoreTokens()) {
- String tok = st.nextToken().trim();
- if (tok.length() > 3) {
- if (tok.substring(0, 3).equalsIgnoreCase("CN=")) {
- return tok.substring(3);
+
+ private static String extractCN(final String subjectPrincipal) throws SSLException {
+ if (subjectPrincipal == null) {
+ return null;
+ }
+ try {
+ final LdapName subjectDN = new LdapName(subjectPrincipal);
+ final List<Rdn> rdns = subjectDN.getRdns();
+ for (int i = rdns.size() - 1; i >= 0; i--) {
+ final Rdn rds = rdns.get(i);
+ final Attributes attributes = rds.toAttributes();
+ final Attribute cn = attributes.get("cn");
+ if (cn != null) {
+ try {
+ final Object value = cn.get();
+ if (value != null) {
+ return value.toString();
+ }
+ } catch (NoSuchElementException ignore) {
+ } catch (NamingException ignore) {
+ }
}
}
+ } catch (InvalidNameException e) {
+ throw new SSLException(subjectPrincipal + " is not a valid X500 distinguished name");
}
return null;
}

23
SOURCES/jakarta-commons-httpclient-CVE-2015-5262.patch
Unescape View File

@ -0,0 +1,23 @@
diff --git a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
index e6ce513..b7550a2 100644
--- a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
+++ b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
@@ -152,7 +152,9 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory {
}
int timeout = params.getConnectionTimeout();
if (timeout == 0) {
- Socket sslSocket = createSocket(host, port, localAddress, localPort);
+ Socket sslSocket = SSLSocketFactory.getDefault().createSocket(
+ host, port, localAddress, localPort);
+ sslSocket.setSoTimeout(params.getSoTimeout());
verifyHostName(host, (SSLSocket) sslSocket);
return sslSocket;
} else {
@@ -163,6 +165,7 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory {
sslSocket = ControllerThreadSocketFactory.createSocket(
this, host, port, localAddress, localPort, timeout);
}
+ sslSocket.setSoTimeout(params.getSoTimeout());
verifyHostName(host, (SSLSocket) sslSocket);
return sslSocket;
}

31
SOURCES/jakarta-commons-httpclient-addosgimanifest.patch
Unescape View File

@ -0,0 +1,31 @@
--- MANIFEST.MF 2007-09-06 12:31:02.000000000 -0400
+++ MANIFEST.MF 2007-09-06 12:30:45.000000000 -0400
@@ -3,4 +3,27 @@
Specification-Version: 1.0
Implementation-Vendor: Apache Software Foundation
Implementation-Version: @version@
-
+Bundle-ManifestVersion: 2
+Bundle-Name: %bundleName
+Bundle-SymbolicName: org.apache.commons.httpclient
+Bundle-Version: 3.1.0.v20080605-1935
+Import-Package: javax.crypto;resolution:=optional,
+ javax.crypto.spec;resolution:=optional,
+ javax.net;resolution:=optional,
+ javax.net.ssl;resolution:=optional,
+ org.apache.commons.codec;version="[1.2.0,2.0.0)",
+ org.apache.commons.codec.binary;version="[1.2.0,2.0.0)",
+ org.apache.commons.codec.net;version="[1.2.0,2.0.0)",
+ org.apache.commons.logging;version="[1.0.4,2.0.0)"
+Export-Package: org.apache.commons.httpclient;version="3.1.0",
+ org.apache.commons.httpclient.auth;version="3.1.0",
+ org.apache.commons.httpclient.cookie;version="3.1.0",
+ org.apache.commons.httpclient.methods;version="3.1.0",
+ org.apache.commons.httpclient.methods.multipart;version="3.1.0",
+ org.apache.commons.httpclient.params;version="3.1.0",
+ org.apache.commons.httpclient.protocol;version="3.1.0",
+ org.apache.commons.httpclient.util;version="3.1.0"
+Bundle-Vendor: %bundleProvider
+Bundle-Localization: plugin
+Bundle-RequiredExecutionEnvironment: CDC-1.0/Foundation-1.0,
+ J2SE-1.2

20
SOURCES/jakarta-commons-httpclient-disablecryptotests.patch
Unescape View File

@ -0,0 +1,20 @@
--- ./src/test/org/apache/commons/httpclient/params/TestParamsAll.java.sav 2006-07-20 18:42:17.000000000 -0400
+++ ./src/test/org/apache/commons/httpclient/params/TestParamsAll.java 2006-07-20 18:42:26.000000000 -0400
@@ -43,7 +43,6 @@
public static Test suite() {
TestSuite suite = new TestSuite();
suite.addTest(TestHttpParams.suite());
- suite.addTest(TestSSLTunnelParams.suite());
return suite;
}
--- ./src/test/org/apache/commons/httpclient/TestAll.java.sav 2006-07-20 18:42:56.000000000 -0400
+++ ./src/test/org/apache/commons/httpclient/TestAll.java 2006-07-20 18:43:01.000000000 -0400
@@ -100,7 +100,6 @@
// Non compliant behaviour
suite.addTest(TestNoncompliant.suite());
// Proxy
- suite.addTest(TestProxy.suite());
suite.addTest(TestProxyWithRedirect.suite());
return suite;
}

34
SOURCES/jakarta-commons-httpclient-encoding.patch
Unescape View File

@ -0,0 +1,34 @@
--- build.xml 2007-08-18 05:02:14.000000000 -0400
+++ build.xml 2012-01-23 09:52:50.405796336 -0500
@@ -179,6 +179,7 @@
description="Compile shareable components">
<javac srcdir ="${source.home}/java"
destdir ="${build.home}/classes"
+ encoding ="ISO-8859-1"
debug ="${compile.debug}"
deprecation ="${compile.deprecation}"
optimize ="${compile.optimize}">
@@ -186,6 +187,7 @@
</javac>
<javac srcdir ="${source.home}/examples"
destdir ="${build.home}/examples"
+ encoding ="ISO-8859-1"
debug ="${compile.debug}"
deprecation ="${compile.deprecation}"
optimize ="${compile.optimize}">
@@ -197,6 +199,7 @@
description="Compile unit test cases">
<javac srcdir ="${test.home}"
destdir ="${build.home}/tests"
+ encoding ="ISO-8859-1"
debug ="${compile.debug}"
deprecation ="${compile.deprecation}"
optimize ="${compile.optimize}">
@@ -244,6 +244,7 @@
<mkdir dir="${dist.home}/docs/api"/>
<javadoc sourcepath ="${source.home}/java"
destdir ="${dist.home}/docs/api"
+ encoding ="ISO-8859-1"
packagenames ="org.apache.commons.*"
author ="true"
protected ="true"

368
SPECS/jakarta-commons-httpclient.spec
Unescape View File

@ -0,0 +1,368 @@
%global short_name httpclient
Name: jakarta-commons-httpclient
Version: 3.1
Release: 28%{?dist}
Summary: Jakarta Commons HTTPClient implements the client side of HTTP standards
License: ASL 2.0 and (ASL 2.0 or LGPLv2+)
URL: http://jakarta.apache.org/commons/httpclient/
Epoch: 1
Source0: http://archive.apache.org/dist/httpcomponents/commons-httpclient/source/commons-httpclient-3.1-src.tar.gz
Source1: http://repo.maven.apache.org/maven2/commons-httpclient/commons-httpclient/%{version}/commons-httpclient-%{version}.pom
Patch0: %{name}-disablecryptotests.patch
# Add OSGi MANIFEST.MF bits
Patch1: %{name}-addosgimanifest.patch
Patch2: %{name}-encoding.patch
# CVE-2012-5783: missing connection hostname check against X.509 certificate name
# https://fisheye6.atlassian.com/changelog/httpcomponents?cs=1422573
Patch3: %{name}-CVE-2012-5783.patch
Patch4: %{name}-CVE-2014-3577.patch
Patch5: %{name}-CVE-2015-5262.patch
BuildArch: noarch
# FIXME: we need BR maven-local, because we're using macros like mvn_install
# this should be changed to "javapackages-local" when javapackages-tools 4.0.0 is out
BuildRequires: maven-local
BuildRequires: ant
BuildRequires: apache-commons-codec
BuildRequires: apache-commons-logging >= 0:1.0.3
BuildRequires: apache-commons-logging-javadoc
BuildRequires: java-javadoc
BuildRequires: junit
Requires: java-headless
Requires: apache-commons-logging >= 0:1.0.3
Requires: apache-commons-codec
%description
The Hyper-Text Transfer Protocol (HTTP) is perhaps the most significant
protocol used on the Internet today. Web services, network-enabled
appliances and the growth of network computing continue to expand the
role of the HTTP protocol beyond user-driven web browsers, and increase
the number of applications that may require HTTP support.
Although the java.net package provides basic support for accessing
resources via HTTP, it doesn't provide the full flexibility or
functionality needed by many applications. The Jakarta Commons HTTP
Client component seeks to fill this void by providing an efficient,
up-to-date, and feature-rich package implementing the client side of the
most recent HTTP standards and recommendations.
Designed for extension while providing robust support for the base HTTP
protocol, the HTTP Client component may be of interest to anyone
building HTTP-aware client applications such as web browsers, web
service clients, or systems that leverage or extend the HTTP protocol
for distributed communication.
%package javadoc
Summary: Javadoc for %{name}
%description javadoc
%{summary}.
%package demo
Summary: Demos for %{name}
Requires: %{name} = %{epoch}:%{version}-%{release}
%description demo
%{summary}.
%package manual
Summary: Manual for %{name}
Requires: %{name}-javadoc = %{epoch}:%{version}-%{release}
%description manual
%{summary}.
%prep
%setup -q -n commons-httpclient-%{version}
mkdir lib # duh
build-jar-repository -p lib commons-codec commons-logging junit
rm -rf docs/apidocs docs/*.patch docs/*.orig docs/*.rej
%patch0
pushd src/conf
%{__sed} -i 's/\r//' MANIFEST.MF
%patch1
popd
%patch2
%patch3 -p2
%patch4 -p1
%patch5 -p1
# Use javax classes, not com.sun ones
# assume no filename contains spaces
pushd src
for j in $(find . -name "*.java" -exec grep -l 'com\.sun\.net\.ssl' {} \;); do
sed -e 's|com\.sun\.net\.ssl|javax.net.ssl|' $j > tempf
cp tempf $j
done
rm tempf
popd
%mvn_alias : apache:commons-httpclient
%mvn_file ":{*}" jakarta-@1 "@1" commons-%{short_name}3
%build
ant \
-Dbuild.sysclasspath=first \
-Djavadoc.j2sdk.link=%{_javadocdir}/java \
-Djavadoc.logging.link=%{_javadocdir}/jakarta-commons-logging \
-Dtest.failonerror=false \
-Djavac.encoding=UTF-8 \
dist test
%install
%mvn_artifact %{SOURCE1} dist/commons-httpclient.jar
%mvn_install -J dist/docs/api
# demo
mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name}
cp -pr src/examples src/contrib $RPM_BUILD_ROOT%{_datadir}/%{name}
# manual and docs
rm -Rf dist/docs/{api,BUILDING.txt,TESTING.txt}
ln -s %{_javadocdir}/%{name} dist/docs/apidocs
%files -f .mfiles
%doc LICENSE NOTICE
%doc README RELEASE_NOTES
%files javadoc -f .mfiles-javadoc
%doc LICENSE NOTICE
%files demo
%{_datadir}/%{name}
%files manual
%doc dist/docs/*
%changelog
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:3.1-28
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:3.1-27
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Thu Feb 23 2017 Mikolaj Izdebski <mizdebsk@redhat.com> - 1:3.1-26
- Use build-jar-repository for locating dependencies
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:3.1-25
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:3.1-24
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Fri Sep 11 2015 Mikolaj Izdebski <mizdebsk@redhat.com> - 1:3.1-23
- Respect configured SO_TIMEOUT during SSL handshake
- Resolves: CVE-2015-5262
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:3.1-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Tue Oct 14 2014 Mikolaj Izdebski <mizdebsk@redhat.com> - 1:3.1-21
- Remove legacy Obsoletes/Provides
* Mon Aug 18 2014 Michal Srb <msrb@redhat.com> - 1:3.1-20
- Fix MITM security vulnerability
- Resolves: CVE-2014-3577
* Mon Aug 11 2014 Mikolaj Izdebski <mizdebsk@redhat.com> - 1:3.1-19
- Add alias for apache:commons-httpclient
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:3.1-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 21 2014 Michal Srb <msrb@redhat.com> - 1:3.1-17
- Adapt to current guidelines
* Wed May 21 2014 Michal Srb <msrb@redhat.com> - 1:3.1-16
- Migrate to mfiles
* Tue Mar 04 2014 Stanislav Ochotnicky <sochotnicky@redhat.com> - 1:3.1-15
- Use Requires: java-headless rebuild (#1067528)
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:3.1-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:3.1-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Mon Jan 21 2013 Mikolaj Izdebski <mizdebsk@redhat.com> - 1:3.1-12
- Add missing connection hostname check against X.509 certificate name
- Resolves: CVE-2012-5783
* Thu Nov 1 2012 Mikolaj Izdebski <mizdebsk@redhat.com> - 1:3.1-11
- Add maven POM
* Thu Sep 20 2012 Mikolaj Izdebski <mizdebsk@redhat.com> - 1:3.1-10
- Fix license tag
* Thu Sep 20 2012 Mikolaj Izdebski <mizdebsk@redhat.com> - 1:3.1-9
- Install LICENSE and NOTICE files
- Add missing R: java, jpackage-utils
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:3.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sun Jan 22 2012 Andy Grimm <agrimm@gmail.com> - 1:3.1-7
- Fix character encoding
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:3.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Jun 28 2011 Stanislav Ochotnicky <sochotnicky@redhat.com> - 1:3.1-5
- Fix symlinks in javadir
* Tue Jun 28 2011 Alexander Kurtakov <akurtako@redhat.com> 1:3.1-4
- Fix FTBFS.
- Adapt to current guidelines.
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Nov 10 2010 Alexander Kurtakov <akurtako@redhat.com> 1:3.1-2
- Add missing requires on commons-codec.
* Fri Jul 16 2010 Alexander Kurtakov <akurtako@redhat.com> 1:3.1-1
- Drop gcj_support.
- Fix FTBFS.
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:3.1-0.5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:3.1-0.4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Thu Jul 24 2008 Andrew Overholt <overholt@redhat.com> 1:3.1-0.3
- Update OSGi MANIFEST.MF
* Wed Jul 9 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1:3.1-0.2
- drop repotag
- fix license tag
* Fri Apr 04 2008 Deepak Bhole <dbhole@redhat.com> - 0:3.1-0jpp.1
- Update to 3.1
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1:3.0.1-2jpp.2
- Autorebuild for GCC 4.3
* Thu Sep 06 2007 Andrew Overholt <overholt@redhat.com> 1:3.0.1-1jpp.2
- Add OSGi MANIFEST.MF information.
* Fri Mar 16 2007 Permaine Cheung <pcheung@redhat.com> - 1:3.0.1-1jpp.1
- Merge with upstream and more rpmlint cleanup.
* Thu Feb 15 2007 Fernando Nasser <fnasser@redhat.com> - 1:3.0.1-1jpp
- Upgrade to 3.0.1
* Fri Jan 26 2007 Permaine Cheung <pcheung@redhat.com> - 1:3.0-8jpp
- Added versions for provides and obsoletes and rpmlint cleanup.
* Thu Aug 10 2006 Deepak Bhole <dbhole@redhat.com> - 1:3.0-7jpp.1
- Added missing requirements.
- Added missing postun section for javadoc.
* Sat Jul 22 2006 Jakub Jelinek <jakub@redhat.com> - 1:3.0-6jpp_2fc
- Rebuilt
* Thu Jul 20 2006 Deepak Bhole <dbhole@redhat.com> - 1:3.0-6jpp_1fc
- Added conditional native compilation.
- Disable certain ssl related tests that are known to fail with libgcj.
* Thu Apr 06 2006 Fernando Nasser <fnasser@redhat.com> - 1:3.0-5jpp
- Improve backwards compatibility and force removal of older versioned
packages
* Thu Apr 06 2006 Fernando Nasser <fnasser@redhat.com> - 1:3.0-4jpp
- Remove duplicate release definition
- Require simply a jaxp 1.3
* Thu Apr 06 2006 Fernando Nasser <fnasser@redhat.com> - 1:3.0-3jpp
- BR xml-commons-jaxp-1.3-apis
* Thu Apr 06 2006 Ralph Apel <r.apel@r-apel.de> - 1:3.0-2jpp
- Fix tarball typo
- assure javax classes are used instead of com.sun. ones
* Wed Apr 05 2006 Ralph Apel <r.apel@r-apel.de> - 1:3.0-1jpp
- 3.0 final, drop main version in name
* Thu Oct 20 2005 Jason Corley <jason.corley@gmail.com> - 1:3.0-0.rc4.1jpp
- 3.0rc4
* Thu May 05 2005 Fernando Nasser <fnasser@redhat.com> - 1:3.0-0.rc2.1jpp
- Update to 3.0 rc2.
* Thu Nov 4 2004 Ville Skyttä <ville.skytta at iki.fi> - 1:2.0.2-1jpp
- Update to 2.0.2.
- Fix Group tag in -manual.
* Sun Aug 23 2004 Randy Watler <rwatler at finali.com> - 0:2.0-2jpp
- Rebuild with ant-1.6.2
* Mon Feb 16 2004 Kaj J. Niemi <kajtzu@fi.basen.net> - 0:2.0-1jpp
- 2.0 final
* Thu Jan 22 2004 David Walluck <david@anti-microsoft.org> 0:2.0-0.rc3.1jpp
- 2.0-rc3
- bump epoch
* Tue Oct 14 2003 Ville Skyttä <ville.skytta at iki.fi> - 0:2.0-3.rc2.1jpp
- Update to 2.0rc2.
- Manual subpackage.
- Crosslink with local J2SE javadocs.
- Own unversioned javadoc dir symlink.
* Fri Aug 15 2003 Ville Skyttä <ville.skytta at iki.fi> - 0:2.0-3.rc1.1jpp
- Update to 2.0rc1.
- Include "jakarta-"-less jar symlinks for consistency with other packages.
- Exclude example and contrib sources from main package, they're in -demo.
* Wed Jul 9 2003 Ville Skyttä <ville.skytta at iki.fi> - 0:2.0-2.beta2.1jpp
- Update to 2.0 beta 2.
- Demo subpackage.
- Crosslink with local commons-logging javadocs.
* Wed Jun 4 2003 Ville Skyttä <ville.skytta at iki.fi> - 0:2.0-2.beta1.1jpp
- Update to 2.0 beta 1.
- Non-versioned javadoc symlinking.
* Fri Apr 4 2003 Ville Skyttä <ville.skytta at iki.fi> - 0:2.0-1.alpha3.2jpp
- Rebuild for JPackage 1.5.
* Wed Feb 26 2003 Ville Skyttä <ville.skytta at iki.fi> - 2.0-1.alpha3.1jpp
- Update to 2.0 alpha 3.
- Fix Group tags.
- Run standalone unit tests during build.
* Thu Sep 12 2002 Ville Skyttä <ville.skytta at iki.fi> 2.0-0.cvs20020909.1jpp
- Tune the rpm release number tag so rpm2html doesn't barf on it.
* Mon Sep 9 2002 Ville Skyttä <ville.skytta at iki.fi> 2.0-0.20020909alpha1.1jpp
- 2.0alpha1 snapshot 20020909.
- Use sed instead of bash extensions when symlinking jars during build.
- Add distribution tag.
- Require commons-logging instead of log4j.
* Sat Jan 19 2002 Guillaume Rousse <guillomovitch@users.sourceforge.net> 1.0-4jpp
- renamed to jakarta-commons-httpclient
- additional sources in individual archives
- versioned dir for javadoc
- no dependencies for javadoc package
- dropped j2ee package
- adapted to new jsse package
- section macro
* Fri Dec 7 2001 Guillaume Rousse <guillomovitch@users.sourceforge.net> 1.0-3jpp
- javadoc into javadoc package
* Sat Nov 3 2001 Guillaume Rousse <guillomovitch@users.sourceforge.net> 1.0-2jpp
- fixed jsse subpackage
* Fri Nov 2 2001 Guillaume Rousse <guillomovitch@users.sourceforge.net> 1.0-1jpp
- first JPackage release
Write Preview
Loading…
Cancel
Save