packages/groovy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:157fcc34af9f1f705eeef489c889076a2802bc9a
Branches Tags
packages:main
...
compare: packages:15e6f0eaf40431ea3bd5f1b23d8d2550416e96ca
Branches Tags
packages:main

10 Commits
157fcc34af ... 15e6f0eaf4

Author SHA1 Message Date
openeuler-ci-bot
15e6f0eaf4
!45 Recognize parameter separator for grape define command 
From: @wang--ge 
Reviewed-by: @cherry530 
Signed-off-by: @cherry530
 2024-03-20 06:24:17 +00:00
wang--ge
aff86dc73e Recognize parameter separator for grape define command 2024-03-20 11:27:24 +08:00
openeuler-ci-bot
8ce39ce192
!34 [sync] PR-33: compatible adapter for version 1.8 
From: @openeuler-sync-bot 
Reviewed-by: @cherry530 
Signed-off-by: @cherry530
 2024-02-06 12:02:15 +00:00
wang--ge
a8fa7f77a9 compatible adapter for version 1.8 
(cherry picked from commit c8e88e7d0b894bfda2bf5853e920419fbd4b9af2)
 2024-02-06 17:26:19 +08:00
openeuler-ci-bot
0f2309638e
!25 fix spec changelog date 
From: @leeffo 
Reviewed-by: @luo-haibo 
Signed-off-by: @luo-haibo
 2022-08-15 00:50:15 +00:00
loong_C
df0271a02c fix spec changelog date 2022-05-20 15:18:46 +08:00
openeuler-ci-bot
0085c38973
!19 [sync] PR-17: Rebuild for fix log4j1.x cves 
From: @openeuler-sync-bot 
Reviewed-by: @wangchong1995924 
Signed-off-by: @wangchong1995924
 2022-03-01 06:05:52 +00:00
wk333
2866c49a5e Rebuild for fix log4j1.x cves 
(cherry picked from commit 5f9f921043fc2c3ef47cb5ece44593c4089c1b45)
 2022-02-28 17:12:59 +08:00
openeuler-ci-bot
d9315fc7ff !6 [sync] PR-5: fix CVE-2020-17521 
From: @openeuler-sync-bot
Reviewed-by: 
Signed-off-by:
 2021-02-23 17:16:32 +08:00
wang_yue111
eca895dba7 fix CVE-2020-17521 
(cherry picked from commit b40edce7f096b8b1063daae7ffbd6bfdb9d19c7d)
 2021-02-20 10:32:19 +08:00
4 changed files with 230 additions and 3 deletions
Show Stats Expand all files Collapse all files

89
0008-compatible-for-version-1.8.patch Normal file
View File

@ -0,0 +1,89 @@
From bfe732cf53ad19c9a8e6db3af595e728cf2bacfa Mon Sep 17 00:00:00 2001
From: wang--ge <wang__ge@126.com>
Date: Mon, 5 Feb 2024 09:56:34 +0800
Subject: [PATCH] compatible for version 1.8
---
src/bin/startGroovy | 45 +++++++++++++++++++++++++++++++--------------
1 file changed, 31 insertions(+), 14 deletions(-)
diff --git a/src/bin/startGroovy b/src/bin/startGroovy
index 36d6edd..9fcccc4 100644
--- a/src/bin/startGroovy
+++ b/src/bin/startGroovy
@@ -28,7 +28,6 @@
## $Revision$
## $Date$
##
-
PROGNAME=`basename "$0"`
#DIRNAME=`dirname "$0"`
@@ -150,7 +149,6 @@ fi
if [ -z "$GROOVY_CONF" ] ; then
GROOVY_CONF="$GROOVY_HOME/conf/groovy-starter.conf"
fi
-STARTER_CLASSPATH="$GROOVY_HOME/lib/@GROOVYJAR@"
# Create the final classpath. Setting a classpath using the -cp or -classpath option means not to use the
# global classpath. Groovy behaves then the same as the java interpreter
@@ -162,6 +160,11 @@ else
CP=.
fi
+STARTER_CLASSPATH="$GROOVY_HOME/lib/@GROOVYJAR@"
+if [ ${GROOVY_VERSION} == "1.8" ];then
+ STARTER_CLASSPATH="/usr/share/java/groovy-1.8.jar:$CP"
+fi
+
# Determine the Java command to use to start the JVM.
if [ -z "$JAVACMD" ] ; then
if [ -n "$JAVA_HOME" ] ; then
@@ -283,18 +286,32 @@ startGroovy ( ) {
if $useprofiler ; then
runProfiler
else
- eval exec "\"\$JAVACMD\"" $JAVA_OPTS \
- -classpath "\"\$STARTER_CLASSPATH\"" \
- -Dscript.name="\"\$SCRIPT_PATH\"" \
- -Dprogram.name="\"\$PROGNAME\"" \
- -Dgroovy.starter.conf="\"\$GROOVY_CONF\"" \
- -Dgroovy.home="\"\$GROOVY_HOME\"" \
- -Dtools.jar="\"\$TOOLS_JAR\"" \
- $STARTER_MAIN_CLASS \
- --main $CLASS \
- --conf "\"\$GROOVY_CONF\"" \
- --classpath "\"\$CP\"" \
- "\"\$@\""
+ if [ ${GROOVY_VERSION} == "1.8" ];then
+ eval exec "\"\$JAVACMD\"" $JAVA_OPTS \
+ -classpath "\"\$STARTER_CLASSPATH\"" \
+ -Dscript.name="\"\$SCRIPT_PATH\"" \
+ -Dprogram.name="\"\$PROGNAME\"" \
+ -Dgroovy.starter.conf="\"\$GROOVY_CONF\"" \
+ -Dgroovy.home="\"\$GROOVY_HOME\"" \
+ -Dtools.jar="\"\$TOOLS_JAR\"" \
+ $STARTER_MAIN_CLASS \
+ --main $CLASS \
+ --conf "\"\$GROOVY_CONF\"" \
+ "\"\$@\""
+ else
+ eval exec "\"\$JAVACMD\"" $JAVA_OPTS \
+ -classpath "\"\$STARTER_CLASSPATH\"" \
+ -Dscript.name="\"\$SCRIPT_PATH\"" \
+ -Dprogram.name="\"\$PROGNAME\"" \
+ -Dgroovy.starter.conf="\"\$GROOVY_CONF\"" \
+ -Dgroovy.home="\"\$GROOVY_HOME\"" \
+ -Dtools.jar="\"\$TOOLS_JAR\"" \
+ $STARTER_MAIN_CLASS \
+ --main $CLASS \
+ --conf "\"\$GROOVY_CONF\"" \
+ --classpath "\"\$CP\"" \
+ "\"\$@\""
+ fi
fi
}
--
2.33.0

39
0009-add-parameter-check-for-grape-define.patch Normal file
View File

@ -0,0 +1,39 @@
From 696538030dcf6ba670cb1dd8f9d762d860aac01c Mon Sep 17 00:00:00 2001
From: wang--ge <wang__ge@126.com>
Date: Thu, 14 Mar 2024 11:19:28 +0800
Subject: [PATCH] asd
---
.../org/codehaus/groovy/tools/GrapeMain.groovy | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/src/main/org/codehaus/groovy/tools/GrapeMain.groovy b/src/main/org/codehaus/groovy/tools/GrapeMain.groovy
index 0a1843d..528e8ed 100644
--- a/src/main/org/codehaus/groovy/tools/GrapeMain.groovy
+++ b/src/main/org/codehaus/groovy/tools/GrapeMain.groovy
@@ -348,10 +348,18 @@ if (cmd.hasOption('v')) {
return
}
-
-cmd.getOptionValues('D')?.each {String prop ->
- def (k, v) = prop.split ('=', 2) as List // array multiple assignment quirk
- System.setProperty(k, v ?: "")
+if (cmd.hasOption('D')) {
+ cmd.getOptionValues('D')?.each {String prop ->
+ while (prop.startsWith("=")) {
+ prop = prop.substring(1, prop.length());
+ }
+ def (k, v) = prop.split ('=', 2) as List // array multiple assignment quirk
+ if (k.isEmpty() || v.isEmpty()) {
+ println "one system property's name or value is emply, skip."
+ } else {
+ System.setProperty(k, v ?: "")
+ }
+ }
}
String[] arg = cmd.args
--
2.33.0

81
CVE-2020-17521.patch Normal file
View File

@ -0,0 +1,81 @@
From 24a2441ad715cda26c9cae9febb36cdb51983092 Mon Sep 17 00:00:00 2001
From: Paul King <paulk@asert.com.au>
Date: Fri, 5 Feb 2021 10:15:52 +0800
Subject: [PATCH] use newer api for creating temp dir
---
.../runtime/DefaultGroovyStaticMethods.java | 48 ++++++-------------
1 file changed, 14 insertions(+), 34 deletions(-)
diff --git a/src/main/org/codehaus/groovy/runtime/DefaultGroovyStaticMethods.java b/src/main/org/codehaus/groovy/runtime/DefaultGroovyStaticMethods.java
index 9e4ce31..61414b2 100644
--- a/src/main/org/codehaus/groovy/runtime/DefaultGroovyStaticMethods.java
+++ b/src/main/org/codehaus/groovy/runtime/DefaultGroovyStaticMethods.java
@@ -24,6 +24,8 @@ import java.io.File;
import java.io.IOException;
import java.text.ParseException;
import java.text.SimpleDateFormat;
+import java.nio.file.Files;
+import java.nio.file.Path;
import java.util.Date;
import java.util.ResourceBundle;
import java.util.Locale;
@@ -261,43 +263,21 @@ public class DefaultGroovyStaticMethods {
}
public static File createTempDir(File self) throws IOException {
- return createTempDir(self, "groovy-generated-", "-tmpdir");
+ return createTempDir(self, "groovy-generated-", "tmpdir-");
+ }
+
+ public static File createTempDir(File self, final String prefix) throws IOException {
+ return createTempDirNio(prefix);
}
public static File createTempDir(File self, final String prefix, final String suffix) throws IOException {
- final int MAXTRIES = 3;
- int accessDeniedCounter = 0;
- File tempFile=null;
- for (int i=0; i<MAXTRIES; i++) {
- try {
- tempFile = File.createTempFile(prefix, suffix);
- tempFile.delete();
- tempFile.mkdirs();
- break;
- } catch (IOException ioe) {
- if (ioe.getMessage().startsWith("Access is denied")) {
- accessDeniedCounter++;
- try { Thread.sleep(100); } catch (InterruptedException e) {}
- }
- if (i==MAXTRIES-1) {
- if (accessDeniedCounter==MAXTRIES) {
- String msg =
- "Access is denied.\nWe tried " +
- + accessDeniedCounter+
- " times to create a temporary directory"+
- " and failed each time. If you are on Windows"+
- " you are possibly victim to"+
- " http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6325169. "+
- " this is no bug in Groovy.";
- throw new IOException(msg);
- } else {
- throw ioe;
- }
- }
- continue;
- }
- }
- return tempFile;
+ // more secure Files api doesn't support suffix, so just append it to the prefix
+ return createTempDirNio(prefix + suffix);
+ }
+
+ private static File createTempDirNio(String prefix) throws IOException {
+ Path tempPath = Files.createTempDirectory(prefix);
+ return tempPath.toFile();
}
/**
--
2.23.0

24
groovy.spec
View File

@ -1,8 +1,8 @@
Name: groovy
Version: 2.4.8
Release: 8
Release: 13
Summary: Dynamic language for the Java Platform
License: ASL 2.0 and BSD and EPL and Public Domain and CC-BY
License: ASL 2.0 and BSD and EPL-1.0 and Public Domain and ANTLR-PD and MIT
URL: http://groovy-lang.org
Source0: https://dl.bintray.com/groovy/maven/apache-groovy-src-%{version}.zip
Source1: groovy-script.sh
@ -17,6 +17,9 @@ Patch3: 0004-Remove-android-support.patch
Patch4: 0005-Update-to-QDox-2.0.patch
Patch5: 0006-Disable-artifactory-publish.patch
Patch6: 0007-Fix-missing-extension-definitions.patch
Patch7: CVE-2020-17521.patch
Patch8: 0008-compatible-for-version-1.8.patch
Patch9: 0009-add-parameter-check-for-grape-define.patch
BuildRequires: gradle-local >= 2.1-0.9 javapackages-local java-devel >= 1.8 ant antlr-tool ant-antlr
BuildRequires: aqute-bnd gpars multiverse apache-parent testng jline apache-commons-cli apache-commons-beanutils
@ -189,5 +192,20 @@ EOF
%doc LICENSE NOTICE README.adoc
%changelog
* Thu Dec 7 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.4.8-8
* Wed Mar 13 2024 Ge Wang <wang__ge@126.com> - 2.4.8-13
- Add parameter check for grape define
* Mon Feb 05 2024 Ge Wang <wang__ge@126.com> - 2.4.8-12
- Compatible adapter for version 1.8
* Fri May 20 2022 loong_C <loong_c@yeah.net> - 2.4.8-11
- fix spec changelog date
* Fri Feb 25 2022 wangkai <wangkai385@huawei.com> - 2.4.8-10
- Rebuild for fix log4j1.x cves
* Thu Feb 04 2021 wangyue <wangyue92@huawei.com> 2.4.8-9
- fix CVE-2020-17521
* Tue Dec 17 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.4.8-8
- Package init