diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d73517b --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/commons-httpclient-3.1-src.tar.gz diff --git a/.jakarta-commons-httpclient.metadata b/.jakarta-commons-httpclient.metadata new file mode 100644 index 0000000..c94ccb0 --- /dev/null +++ b/.jakarta-commons-httpclient.metadata @@ -0,0 +1 @@ +5c604f102e0716597b3d2659ac3e77f80a02f22d SOURCES/commons-httpclient-3.1-src.tar.gz diff --git a/SOURCES/commons-httpclient-3.1.pom b/SOURCES/commons-httpclient-3.1.pom new file mode 100644 index 0000000..595a1b0 --- /dev/null +++ b/SOURCES/commons-httpclient-3.1.pom @@ -0,0 +1,254 @@ + + 4.0.0 + commons-httpclient + commons-httpclient + HttpClient + 3.1 + The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily. + http://jakarta.apache.org/httpcomponents/httpclient-3.x/ + + http://issues.apache.org/jira/browse/HTTPCLIENT + + + + + +
httpcomponents-dev@jakarta.apache.org
+
+
+
+
+ 2001 + + + HttpComponents Developer List + httpcomponents-dev-subscribe@jakarta.apache.org + httpcomponents-dev-unsubscribe@jakarta.apache.org + http://mail-archives.apache.org/mod_mbox/jakarta-httpcomponents-dev/ + + + HttpClient User List + httpclient-user-subscribe@jakarta.apache.org + httpclient-user-unsubscribe@jakarta.apache.org + http://mail-archives.apache.org/mod_mbox/jakarta-httpclient-user/ + + + + + mbecke + Michael Becke + mbecke -at- apache.org + + + Release Prime + Java Developer + + + + jsdever + Jeff Dever + jsdever -at- apache.org + Independent consultant + + 2.0 Release Prime + Java Developer + + + + dion + dIon Gillard + dion -at- apache.org + Multitask Consulting + + Java Developer + + + + oglueck + Ortwin Glueck + oglueck -at- apache.org + http://www.odi.ch/ + + + Java Developer + + + + jericho + Sung-Gu + jericho -at- apache.org + + + Java Developer + + + + olegk + Oleg Kalnichevski + olegk -at- apache.org + + Java Developer + + + + sullis + Sean C. Sullivan + sullis -at- apache.org + Independent consultant + + Java Developer + + + + adrian + Adrian Sutton + adrian.sutton -at- ephox.com + Intencha + + Java Developer + + + + rwaldhoff + Rodney Waldhoff + rwaldhoff -at- apache + Britannica + + Java Developer + + + + + + Armando Anton + armando.anton -at- newknow.com + + + Sebastian Bazley + sebb -at- apache.org + + + Ola Berg + + + + Sam Berlin + sberlin -at- limepeer.com + + + Mike Bowler + + + + Samit Jain + jain.samit -at- gmail.com + + + Eric Johnson + eric -at- tibco.com + + + Christian Kohlschuetter + ck -at- newsclub.de + + + Ryan Lubke + Ryan.Lubke -at- Sun.COM + + + Sam Maloney + sam.maloney -at- filogix.com + + + Rob Di Marco + rdimarco -at- hmsonline.com + + + Juergen Pill + Juergen.Pill -at- softwareag.com + + + Mohammad Rezaei + mohammad.rezaei -at- gs.com + + + Roland Weber + rolandw -at- apache.org + + + Laura Werner + laura -at- lwerner.org + + + Mikael Wilstrom + mikael.wikstrom -at- it.su.se + + + + + Apache License + http://www.apache.org/licenses/LICENSE-2.0 + + + + scm:svn:http://svn.apache.org/repos/asf/jakarta/httpcomponents/oac.hc3x/trunk + http://svn.apache.org/repos/asf/jakarta/httpcomponents/oac.hc3x/trunk + + + Apache Software Foundation + http://jakarta.apache.org/ + + + src/java + src/test + + + src/resources + + + + + src/test + + **/*.keystore + + + + + + maven-surefire-plugin + + + **/TestAll.java + + + + + + + + junit + junit + 3.8.1 + test + + + commons-logging + commons-logging + 1.0.4 + + + commons-codec + commons-codec + 1.2 + + + + + default + Default Site + scp://people.apache.org//www/jakarta.apache.org/httpcomponents/httpclient-3.x/ + + converted + +
\ No newline at end of file diff --git a/SOURCES/jakarta-commons-httpclient-CVE-2012-5783.patch b/SOURCES/jakarta-commons-httpclient-CVE-2012-5783.patch new file mode 100644 index 0000000..9fe040b --- /dev/null +++ b/SOURCES/jakarta-commons-httpclient-CVE-2012-5783.patch @@ -0,0 +1,373 @@ +Index: oac.hc3x/trunk/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java +=================================================================== +diff -u -N -r608014 -r1422573 +--- oac.hc3x/trunk/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java (.../SSLProtocolSocketFactory.java) (revision 608014) ++++ oac.hc3x/trunk/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java (.../SSLProtocolSocketFactory.java) (revision 1422573) +@@ -31,10 +31,25 @@ + package org.apache.commons.httpclient.protocol; + + import java.io.IOException; ++import java.io.InputStream; + import java.net.InetAddress; + import java.net.Socket; + import java.net.UnknownHostException; ++import java.security.cert.Certificate; ++import java.security.cert.CertificateParsingException; ++import java.security.cert.X509Certificate; ++import java.util.Arrays; ++import java.util.Collection; ++import java.util.Iterator; ++import java.util.LinkedList; ++import java.util.List; ++import java.util.Locale; ++import java.util.StringTokenizer; ++import java.util.regex.Pattern; + ++import javax.net.ssl.SSLException; ++import javax.net.ssl.SSLSession; ++import javax.net.ssl.SSLSocket; + import javax.net.ssl.SSLSocketFactory; + + import org.apache.commons.httpclient.ConnectTimeoutException; +@@ -55,6 +70,11 @@ + */ + private static final SSLProtocolSocketFactory factory = new SSLProtocolSocketFactory(); + ++ // This is a a sorted list, if you insert new elements do it orderdered. ++ private final static String[] BAD_COUNTRY_2LDS = ++ {"ac", "co", "com", "ed", "edu", "go", "gouv", "gov", "info", ++ "lg", "ne", "net", "or", "org"}; ++ + /** + * Gets an singleton instance of the SSLProtocolSocketFactory. + * @return a SSLProtocolSocketFactory +@@ -79,12 +99,14 @@ + InetAddress clientHost, + int clientPort) + throws IOException, UnknownHostException { +- return SSLSocketFactory.getDefault().createSocket( ++ Socket sslSocket = SSLSocketFactory.getDefault().createSocket( + host, + port, + clientHost, + clientPort + ); ++ verifyHostName(host, (SSLSocket) sslSocket); ++ return sslSocket; + } + + /** +@@ -124,16 +146,19 @@ + } + int timeout = params.getConnectionTimeout(); + if (timeout == 0) { +- return createSocket(host, port, localAddress, localPort); ++ Socket sslSocket = createSocket(host, port, localAddress, localPort); ++ verifyHostName(host, (SSLSocket) sslSocket); ++ return sslSocket; + } else { + // To be eventually deprecated when migrated to Java 1.4 or above +- Socket socket = ReflectionSocketFactory.createSocket( ++ Socket sslSocket = ReflectionSocketFactory.createSocket( + "javax.net.ssl.SSLSocketFactory", host, port, localAddress, localPort, timeout); +- if (socket == null) { +- socket = ControllerThreadSocketFactory.createSocket( ++ if (sslSocket == null) { ++ sslSocket = ControllerThreadSocketFactory.createSocket( + this, host, port, localAddress, localPort, timeout); + } +- return socket; ++ verifyHostName(host, (SSLSocket) sslSocket); ++ return sslSocket; + } + } + +@@ -142,10 +167,12 @@ + */ + public Socket createSocket(String host, int port) + throws IOException, UnknownHostException { +- return SSLSocketFactory.getDefault().createSocket( ++ Socket sslSocket = SSLSocketFactory.getDefault().createSocket( + host, + port + ); ++ verifyHostName(host, (SSLSocket) sslSocket); ++ return sslSocket; + } + + /** +@@ -157,15 +184,273 @@ + int port, + boolean autoClose) + throws IOException, UnknownHostException { +- return ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket( ++ Socket sslSocket = ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket( + socket, + host, + port, + autoClose + ); ++ verifyHostName(host, (SSLSocket) sslSocket); ++ return sslSocket; + } ++ + ++ ++ + /** ++ * Verifies that the given hostname in certicifate is the hostname we are trying to connect to ++ * http://www.cvedetails.com/cve/CVE-2012-5783/ ++ * @param host ++ * @param ssl ++ * @throws IOException ++ */ ++ ++ private static void verifyHostName(String host, SSLSocket ssl) ++ throws IOException { ++ if (host == null) { ++ throw new IllegalArgumentException("host to verify was null"); ++ } ++ ++ SSLSession session = ssl.getSession(); ++ if (session == null) { ++ // In our experience this only happens under IBM 1.4.x when ++ // spurious (unrelated) certificates show up in the server's chain. ++ // Hopefully this will unearth the real problem: ++ InputStream in = ssl.getInputStream(); ++ in.available(); ++ /* ++ If you're looking at the 2 lines of code above because you're ++ running into a problem, you probably have two options: ++ ++ #1. Clean up the certificate chain that your server ++ is presenting (e.g. edit "/etc/apache2/server.crt" or ++ wherever it is your server's certificate chain is ++ defined). ++ ++ OR ++ ++ #2. Upgrade to an IBM 1.5.x or greater JVM, or switch to a ++ non-IBM JVM. ++ */ ++ ++ // If ssl.getInputStream().available() didn't cause an exception, ++ // maybe at least now the session is available? ++ session = ssl.getSession(); ++ if (session == null) { ++ // If it's still null, probably a startHandshake() will ++ // unearth the real problem. ++ ssl.startHandshake(); ++ ++ // Okay, if we still haven't managed to cause an exception, ++ // might as well go for the NPE. Or maybe we're okay now? ++ session = ssl.getSession(); ++ } ++ } ++ ++ Certificate[] certs = session.getPeerCertificates(); ++ verifyHostName(host.trim().toLowerCase(Locale.US), (X509Certificate) certs[0]); ++ } ++ /** ++ * Extract the names from the certificate and tests host matches one of them ++ * @param host ++ * @param cert ++ * @throws SSLException ++ */ ++ ++ private static void verifyHostName(final String host, X509Certificate cert) ++ throws SSLException { ++ // I'm okay with being case-insensitive when comparing the host we used ++ // to establish the socket to the hostname in the certificate. ++ // Don't trim the CN, though. ++ ++ String cn = getCN(cert); ++ String[] subjectAlts = getDNSSubjectAlts(cert); ++ verifyHostName(host, cn.toLowerCase(Locale.US), subjectAlts); ++ ++ } ++ ++ /** ++ * Extract all alternative names from a certificate. ++ * @param cert ++ * @return ++ */ ++ private static String[] getDNSSubjectAlts(X509Certificate cert) { ++ LinkedList subjectAltList = new LinkedList(); ++ Collection c = null; ++ try { ++ c = cert.getSubjectAlternativeNames(); ++ } catch (CertificateParsingException cpe) { ++ // Should probably log.debug() this? ++ cpe.printStackTrace(); ++ } ++ if (c != null) { ++ Iterator it = c.iterator(); ++ while (it.hasNext()) { ++ List list = (List) it.next(); ++ int type = ((Integer) list.get(0)).intValue(); ++ // If type is 2, then we've got a dNSName ++ if (type == 2) { ++ String s = (String) list.get(1); ++ subjectAltList.add(s); ++ } ++ } ++ } ++ if (!subjectAltList.isEmpty()) { ++ String[] subjectAlts = new String[subjectAltList.size()]; ++ subjectAltList.toArray(subjectAlts); ++ return subjectAlts; ++ } else { ++ return new String[0]; ++ } ++ ++ } ++ /** ++ * Verifies ++ * @param host ++ * @param cn ++ * @param subjectAlts ++ * @throws SSLException ++ */ ++ ++ private static void verifyHostName(final String host, String cn, String[] subjectAlts)throws SSLException{ ++ StringBuffer cnTested = new StringBuffer(); ++ ++ for (int i = 0; i < subjectAlts.length; i++){ ++ String name = subjectAlts[i]; ++ if (name != null) { ++ name = name.toLowerCase(); ++ if (verifyHostName(host, name)){ ++ return; ++ } ++ cnTested.append("/").append(name); ++ } ++ } ++ if (cn != null && verifyHostName(host, cn)){ ++ return; ++ } ++ cnTested.append("/").append(cn); ++ throw new SSLException("hostname in certificate didn't match: <" ++ + host + "> != <" + cnTested + ">"); ++ ++ } ++ ++ private static boolean verifyHostName(final String host, final String cn){ ++ if (doWildCard(cn) && !isIPAddress(host)) { ++ return matchesWildCard(cn, host); ++ } ++ return host.equalsIgnoreCase(cn); ++ } ++ private static boolean doWildCard(String cn) { ++ // Contains a wildcard ++ // wildcard in the first block ++ // not an ipaddress (ip addres must explicitily be equal) ++ // not using 2nd level common tld : ex: not for *.co.uk ++ String parts[] = cn.split("\\."); ++ return parts.length >= 3 && ++ parts[0].endsWith("*") && ++ acceptableCountryWildcard(cn) && ++ !isIPAddress(cn); ++ } ++ ++ ++ private static final Pattern IPV4_PATTERN = ++ Pattern.compile("^(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}$"); ++ ++ private static final Pattern IPV6_STD_PATTERN = ++ Pattern.compile("^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$"); ++ ++ private static final Pattern IPV6_HEX_COMPRESSED_PATTERN = ++ Pattern.compile("^((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)::((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)$"); ++ ++ ++ private static boolean isIPAddress(final String hostname) { ++ return hostname != null ++ && ( ++ IPV4_PATTERN.matcher(hostname).matches() ++ || IPV6_STD_PATTERN.matcher(hostname).matches() ++ || IPV6_HEX_COMPRESSED_PATTERN.matcher(hostname).matches() ++ ); ++ ++ } ++ ++ private static boolean acceptableCountryWildcard(final String cn) { ++ // The CN better have at least two dots if it wants wildcard action, ++ // but can't be [*.co.uk] or [*.co.jp] or [*.org.uk], etc... ++ // The [*.co.uk] problem is an interesting one. Should we just ++ // hope that CA's would never foolishly allow such a ++ // certificate to happen? ++ ++ String[] parts = cn.split("\\."); ++ // Only checks for 3 levels, with country code of 2 letters. ++ if (parts.length > 3 || parts[parts.length - 1].length() != 2) { ++ return true; ++ } ++ String countryCode = parts[parts.length - 2]; ++ return Arrays.binarySearch(BAD_COUNTRY_2LDS, countryCode) < 0; ++ } ++ ++ private static boolean matchesWildCard(final String cn, ++ final String hostName) { ++ String parts[] = cn.split("\\."); ++ boolean match = false; ++ String firstpart = parts[0]; ++ if (firstpart.length() > 1) { ++ // server∗ ++ // e.g. server ++ String prefix = firstpart.substring(0, firstpart.length() - 1); ++ // skipwildcard part from cn ++ String suffix = cn.substring(firstpart.length()); ++ // skip wildcard part from host ++ String hostSuffix = hostName.substring(prefix.length()); ++ match = hostName.startsWith(prefix) && hostSuffix.endsWith(suffix); ++ } else { ++ match = hostName.endsWith(cn.substring(1)); ++ } ++ if (match) { ++ // I f we're in strict mode , ++ // [ ∗.foo.com] is not allowed to match [a.b.foo.com] ++ match = countDots(hostName) == countDots(cn); ++ } ++ return match; ++ } ++ ++ private static int countDots(final String data) { ++ int dots = 0; ++ for (int i = 0; i < data.length(); i++) { ++ if (data.charAt(i) == '.') { ++ dots += 1; ++ } ++ } ++ return dots; ++ } ++ ++ private static String getCN(X509Certificate cert) { ++ // Note: toString() seems to do a better job than getName() ++ // ++ // For example, getName() gives me this: ++ // 1.2.840.113549.1.9.1=#16166a756c6975736461766965734063756362632e636f6d ++ // ++ // whereas toString() gives me this: ++ // EMAILADDRESS=juliusdavies@cucbc.com ++ String subjectPrincipal = cert.getSubjectX500Principal().toString(); ++ ++ return getCN(subjectPrincipal); ++ ++ } ++ private static String getCN(String subjectPrincipal) { ++ StringTokenizer st = new StringTokenizer(subjectPrincipal, ","); ++ while(st.hasMoreTokens()) { ++ String tok = st.nextToken().trim(); ++ if (tok.length() > 3) { ++ if (tok.substring(0, 3).equalsIgnoreCase("CN=")) { ++ return tok.substring(3); ++ } ++ } ++ } ++ return null; ++ } ++ ++ /** + * All instances of SSLProtocolSocketFactory are the same. + */ + public boolean equals(Object obj) { diff --git a/SOURCES/jakarta-commons-httpclient-CVE-2014-3577.patch b/SOURCES/jakarta-commons-httpclient-CVE-2014-3577.patch new file mode 100644 index 0000000..59548c3 --- /dev/null +++ b/SOURCES/jakarta-commons-httpclient-CVE-2014-3577.patch @@ -0,0 +1,80 @@ +diff --git a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java +index fa0acc7..e6ce513 100644 +--- a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java ++++ b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java +@@ -44,9 +44,15 @@ import java.util.Iterator; + import java.util.LinkedList; + import java.util.List; + import java.util.Locale; +-import java.util.StringTokenizer; ++import java.util.NoSuchElementException; + import java.util.regex.Pattern; + ++import javax.naming.InvalidNameException; ++import javax.naming.NamingException; ++import javax.naming.directory.Attribute; ++import javax.naming.directory.Attributes; ++import javax.naming.ldap.LdapName; ++import javax.naming.ldap.Rdn; + import javax.net.ssl.SSLException; + import javax.net.ssl.SSLSession; + import javax.net.ssl.SSLSocket; +@@ -424,28 +430,39 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory { + return dots; + } + +- private static String getCN(X509Certificate cert) { +- // Note: toString() seems to do a better job than getName() +- // +- // For example, getName() gives me this: +- // 1.2.840.113549.1.9.1=#16166a756c6975736461766965734063756362632e636f6d +- // +- // whereas toString() gives me this: +- // EMAILADDRESS=juliusdavies@cucbc.com +- String subjectPrincipal = cert.getSubjectX500Principal().toString(); +- +- return getCN(subjectPrincipal); +- ++ private static String getCN(final X509Certificate cert) { ++ final String subjectPrincipal = cert.getSubjectX500Principal().toString(); ++ try { ++ return extractCN(subjectPrincipal); ++ } catch (SSLException ex) { ++ return null; ++ } + } +- private static String getCN(String subjectPrincipal) { +- StringTokenizer st = new StringTokenizer(subjectPrincipal, ","); +- while(st.hasMoreTokens()) { +- String tok = st.nextToken().trim(); +- if (tok.length() > 3) { +- if (tok.substring(0, 3).equalsIgnoreCase("CN=")) { +- return tok.substring(3); ++ ++ private static String extractCN(final String subjectPrincipal) throws SSLException { ++ if (subjectPrincipal == null) { ++ return null; ++ } ++ try { ++ final LdapName subjectDN = new LdapName(subjectPrincipal); ++ final List rdns = subjectDN.getRdns(); ++ for (int i = rdns.size() - 1; i >= 0; i--) { ++ final Rdn rds = rdns.get(i); ++ final Attributes attributes = rds.toAttributes(); ++ final Attribute cn = attributes.get("cn"); ++ if (cn != null) { ++ try { ++ final Object value = cn.get(); ++ if (value != null) { ++ return value.toString(); ++ } ++ } catch (NoSuchElementException ignore) { ++ } catch (NamingException ignore) { ++ } + } + } ++ } catch (InvalidNameException e) { ++ throw new SSLException(subjectPrincipal + " is not a valid X500 distinguished name"); + } + return null; + } diff --git a/SOURCES/jakarta-commons-httpclient-CVE-2015-5262.patch b/SOURCES/jakarta-commons-httpclient-CVE-2015-5262.patch new file mode 100644 index 0000000..2b7f482 --- /dev/null +++ b/SOURCES/jakarta-commons-httpclient-CVE-2015-5262.patch @@ -0,0 +1,23 @@ +diff --git a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java +index e6ce513..b7550a2 100644 +--- a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java ++++ b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java +@@ -152,7 +152,9 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory { + } + int timeout = params.getConnectionTimeout(); + if (timeout == 0) { +- Socket sslSocket = createSocket(host, port, localAddress, localPort); ++ Socket sslSocket = SSLSocketFactory.getDefault().createSocket( ++ host, port, localAddress, localPort); ++ sslSocket.setSoTimeout(params.getSoTimeout()); + verifyHostName(host, (SSLSocket) sslSocket); + return sslSocket; + } else { +@@ -163,6 +165,7 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory { + sslSocket = ControllerThreadSocketFactory.createSocket( + this, host, port, localAddress, localPort, timeout); + } ++ sslSocket.setSoTimeout(params.getSoTimeout()); + verifyHostName(host, (SSLSocket) sslSocket); + return sslSocket; + } diff --git a/SOURCES/jakarta-commons-httpclient-addosgimanifest.patch b/SOURCES/jakarta-commons-httpclient-addosgimanifest.patch new file mode 100644 index 0000000..94b41f0 --- /dev/null +++ b/SOURCES/jakarta-commons-httpclient-addosgimanifest.patch @@ -0,0 +1,31 @@ +--- MANIFEST.MF 2007-09-06 12:31:02.000000000 -0400 ++++ MANIFEST.MF 2007-09-06 12:30:45.000000000 -0400 +@@ -3,4 +3,27 @@ + Specification-Version: 1.0 + Implementation-Vendor: Apache Software Foundation + Implementation-Version: @version@ +- ++Bundle-ManifestVersion: 2 ++Bundle-Name: %bundleName ++Bundle-SymbolicName: org.apache.commons.httpclient ++Bundle-Version: 3.1.0.v20080605-1935 ++Import-Package: javax.crypto;resolution:=optional, ++ javax.crypto.spec;resolution:=optional, ++ javax.net;resolution:=optional, ++ javax.net.ssl;resolution:=optional, ++ org.apache.commons.codec;version="[1.2.0,2.0.0)", ++ org.apache.commons.codec.binary;version="[1.2.0,2.0.0)", ++ org.apache.commons.codec.net;version="[1.2.0,2.0.0)", ++ org.apache.commons.logging;version="[1.0.4,2.0.0)" ++Export-Package: org.apache.commons.httpclient;version="3.1.0", ++ org.apache.commons.httpclient.auth;version="3.1.0", ++ org.apache.commons.httpclient.cookie;version="3.1.0", ++ org.apache.commons.httpclient.methods;version="3.1.0", ++ org.apache.commons.httpclient.methods.multipart;version="3.1.0", ++ org.apache.commons.httpclient.params;version="3.1.0", ++ org.apache.commons.httpclient.protocol;version="3.1.0", ++ org.apache.commons.httpclient.util;version="3.1.0" ++Bundle-Vendor: %bundleProvider ++Bundle-Localization: plugin ++Bundle-RequiredExecutionEnvironment: CDC-1.0/Foundation-1.0, ++ J2SE-1.2 diff --git a/SOURCES/jakarta-commons-httpclient-disablecryptotests.patch b/SOURCES/jakarta-commons-httpclient-disablecryptotests.patch new file mode 100644 index 0000000..f6b7238 --- /dev/null +++ b/SOURCES/jakarta-commons-httpclient-disablecryptotests.patch @@ -0,0 +1,20 @@ +--- ./src/test/org/apache/commons/httpclient/params/TestParamsAll.java.sav 2006-07-20 18:42:17.000000000 -0400 ++++ ./src/test/org/apache/commons/httpclient/params/TestParamsAll.java 2006-07-20 18:42:26.000000000 -0400 +@@ -43,7 +43,6 @@ + public static Test suite() { + TestSuite suite = new TestSuite(); + suite.addTest(TestHttpParams.suite()); +- suite.addTest(TestSSLTunnelParams.suite()); + return suite; + } + +--- ./src/test/org/apache/commons/httpclient/TestAll.java.sav 2006-07-20 18:42:56.000000000 -0400 ++++ ./src/test/org/apache/commons/httpclient/TestAll.java 2006-07-20 18:43:01.000000000 -0400 +@@ -100,7 +100,6 @@ + // Non compliant behaviour + suite.addTest(TestNoncompliant.suite()); + // Proxy +- suite.addTest(TestProxy.suite()); + suite.addTest(TestProxyWithRedirect.suite()); + return suite; + } diff --git a/SOURCES/jakarta-commons-httpclient-encoding.patch b/SOURCES/jakarta-commons-httpclient-encoding.patch new file mode 100644 index 0000000..33fbdf2 --- /dev/null +++ b/SOURCES/jakarta-commons-httpclient-encoding.patch @@ -0,0 +1,34 @@ +--- build.xml 2007-08-18 05:02:14.000000000 -0400 ++++ build.xml 2012-01-23 09:52:50.405796336 -0500 +@@ -179,6 +179,7 @@ + description="Compile shareable components"> + +@@ -186,6 +187,7 @@ + + +@@ -197,6 +199,7 @@ + description="Compile unit test cases"> + +@@ -244,6 +244,7 @@ + + = 0:1.0.3 +BuildRequires: apache-commons-logging-javadoc +BuildRequires: java-javadoc +BuildRequires: junit + +Requires: java-headless +Requires: apache-commons-logging >= 0:1.0.3 +Requires: apache-commons-codec + +%description +The Hyper-Text Transfer Protocol (HTTP) is perhaps the most significant +protocol used on the Internet today. Web services, network-enabled +appliances and the growth of network computing continue to expand the +role of the HTTP protocol beyond user-driven web browsers, and increase +the number of applications that may require HTTP support. +Although the java.net package provides basic support for accessing +resources via HTTP, it doesn't provide the full flexibility or +functionality needed by many applications. The Jakarta Commons HTTP +Client component seeks to fill this void by providing an efficient, +up-to-date, and feature-rich package implementing the client side of the +most recent HTTP standards and recommendations. +Designed for extension while providing robust support for the base HTTP +protocol, the HTTP Client component may be of interest to anyone +building HTTP-aware client applications such as web browsers, web +service clients, or systems that leverage or extend the HTTP protocol +for distributed communication. + +%package javadoc +Summary: Javadoc for %{name} + +%description javadoc +%{summary}. + +%package demo +Summary: Demos for %{name} +Requires: %{name} = %{epoch}:%{version}-%{release} + +%description demo +%{summary}. + +%package manual +Summary: Manual for %{name} +Requires: %{name}-javadoc = %{epoch}:%{version}-%{release} + +%description manual +%{summary}. + + +%prep +%setup -q -n commons-httpclient-%{version} +mkdir lib # duh +build-jar-repository -p lib commons-codec commons-logging junit +rm -rf docs/apidocs docs/*.patch docs/*.orig docs/*.rej + +%patch0 + +pushd src/conf +%{__sed} -i 's/\r//' MANIFEST.MF +%patch1 +popd + +%patch2 +%patch3 -p2 +%patch4 -p1 +%patch5 -p1 + +# Use javax classes, not com.sun ones +# assume no filename contains spaces +pushd src + for j in $(find . -name "*.java" -exec grep -l 'com\.sun\.net\.ssl' {} \;); do + sed -e 's|com\.sun\.net\.ssl|javax.net.ssl|' $j > tempf + cp tempf $j + done + rm tempf +popd + +%mvn_alias : apache:commons-httpclient +%mvn_file ":{*}" jakarta-@1 "@1" commons-%{short_name}3 + +%build +ant \ + -Dbuild.sysclasspath=first \ + -Djavadoc.j2sdk.link=%{_javadocdir}/java \ + -Djavadoc.logging.link=%{_javadocdir}/jakarta-commons-logging \ + -Dtest.failonerror=false \ + -Djavac.encoding=UTF-8 \ + dist test + +%install +%mvn_artifact %{SOURCE1} dist/commons-httpclient.jar +%mvn_install -J dist/docs/api + +# demo +mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name} +cp -pr src/examples src/contrib $RPM_BUILD_ROOT%{_datadir}/%{name} + +# manual and docs +rm -Rf dist/docs/{api,BUILDING.txt,TESTING.txt} +ln -s %{_javadocdir}/%{name} dist/docs/apidocs + + +%files -f .mfiles +%doc LICENSE NOTICE +%doc README RELEASE_NOTES + +%files javadoc -f .mfiles-javadoc +%doc LICENSE NOTICE + +%files demo +%{_datadir}/%{name} + +%files manual +%doc dist/docs/* + + +%changelog +* Wed Feb 07 2018 Fedora Release Engineering - 1:3.1-28 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1:3.1-27 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Thu Feb 23 2017 Mikolaj Izdebski - 1:3.1-26 +- Use build-jar-repository for locating dependencies + +* Fri Feb 10 2017 Fedora Release Engineering - 1:3.1-25 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Feb 04 2016 Fedora Release Engineering - 1:3.1-24 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Sep 11 2015 Mikolaj Izdebski - 1:3.1-23 +- Respect configured SO_TIMEOUT during SSL handshake +- Resolves: CVE-2015-5262 + +* Wed Jun 17 2015 Fedora Release Engineering - 1:3.1-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue Oct 14 2014 Mikolaj Izdebski - 1:3.1-21 +- Remove legacy Obsoletes/Provides + +* Mon Aug 18 2014 Michal Srb - 1:3.1-20 +- Fix MITM security vulnerability +- Resolves: CVE-2014-3577 + +* Mon Aug 11 2014 Mikolaj Izdebski - 1:3.1-19 +- Add alias for apache:commons-httpclient + +* Sat Jun 07 2014 Fedora Release Engineering - 1:3.1-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed May 21 2014 Michal Srb - 1:3.1-17 +- Adapt to current guidelines + +* Wed May 21 2014 Michal Srb - 1:3.1-16 +- Migrate to mfiles + +* Tue Mar 04 2014 Stanislav Ochotnicky - 1:3.1-15 +- Use Requires: java-headless rebuild (#1067528) + +* Sat Aug 03 2013 Fedora Release Engineering - 1:3.1-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Feb 14 2013 Fedora Release Engineering - 1:3.1-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Jan 21 2013 Mikolaj Izdebski - 1:3.1-12 +- Add missing connection hostname check against X.509 certificate name +- Resolves: CVE-2012-5783 + +* Thu Nov 1 2012 Mikolaj Izdebski - 1:3.1-11 +- Add maven POM + +* Thu Sep 20 2012 Mikolaj Izdebski - 1:3.1-10 +- Fix license tag + +* Thu Sep 20 2012 Mikolaj Izdebski - 1:3.1-9 +- Install LICENSE and NOTICE files +- Add missing R: java, jpackage-utils + +* Thu Jul 19 2012 Fedora Release Engineering - 1:3.1-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sun Jan 22 2012 Andy Grimm - 1:3.1-7 +- Fix character encoding + +* Fri Jan 13 2012 Fedora Release Engineering - 1:3.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Jun 28 2011 Stanislav Ochotnicky - 1:3.1-5 +- Fix symlinks in javadir + +* Tue Jun 28 2011 Alexander Kurtakov 1:3.1-4 +- Fix FTBFS. +- Adapt to current guidelines. + +* Wed Feb 09 2011 Fedora Release Engineering - 1:3.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Nov 10 2010 Alexander Kurtakov 1:3.1-2 +- Add missing requires on commons-codec. + +* Fri Jul 16 2010 Alexander Kurtakov 1:3.1-1 +- Drop gcj_support. +- Fix FTBFS. + +* Fri Jul 24 2009 Fedora Release Engineering - 1:3.1-0.5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering - 1:3.1-0.4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Thu Jul 24 2008 Andrew Overholt 1:3.1-0.3 +- Update OSGi MANIFEST.MF + +* Wed Jul 9 2008 Tom "spot" Callaway - 1:3.1-0.2 +- drop repotag +- fix license tag + +* Fri Apr 04 2008 Deepak Bhole - 0:3.1-0jpp.1 +- Update to 3.1 + +* Tue Feb 19 2008 Fedora Release Engineering - 1:3.0.1-2jpp.2 +- Autorebuild for GCC 4.3 + +* Thu Sep 06 2007 Andrew Overholt 1:3.0.1-1jpp.2 +- Add OSGi MANIFEST.MF information. + +* Fri Mar 16 2007 Permaine Cheung - 1:3.0.1-1jpp.1 +- Merge with upstream and more rpmlint cleanup. + +* Thu Feb 15 2007 Fernando Nasser - 1:3.0.1-1jpp +- Upgrade to 3.0.1 + +* Fri Jan 26 2007 Permaine Cheung - 1:3.0-8jpp +- Added versions for provides and obsoletes and rpmlint cleanup. + +* Thu Aug 10 2006 Deepak Bhole - 1:3.0-7jpp.1 +- Added missing requirements. +- Added missing postun section for javadoc. + +* Sat Jul 22 2006 Jakub Jelinek - 1:3.0-6jpp_2fc +- Rebuilt + +* Thu Jul 20 2006 Deepak Bhole - 1:3.0-6jpp_1fc +- Added conditional native compilation. +- Disable certain ssl related tests that are known to fail with libgcj. + +* Thu Apr 06 2006 Fernando Nasser - 1:3.0-5jpp +- Improve backwards compatibility and force removal of older versioned + packages + +* Thu Apr 06 2006 Fernando Nasser - 1:3.0-4jpp +- Remove duplicate release definition +- Require simply a jaxp 1.3 + +* Thu Apr 06 2006 Fernando Nasser - 1:3.0-3jpp +- BR xml-commons-jaxp-1.3-apis + +* Thu Apr 06 2006 Ralph Apel - 1:3.0-2jpp +- Fix tarball typo +- assure javax classes are used instead of com.sun. ones + +* Wed Apr 05 2006 Ralph Apel - 1:3.0-1jpp +- 3.0 final, drop main version in name + +* Thu Oct 20 2005 Jason Corley - 1:3.0-0.rc4.1jpp +- 3.0rc4 + +* Thu May 05 2005 Fernando Nasser - 1:3.0-0.rc2.1jpp +- Update to 3.0 rc2. + +* Thu Nov 4 2004 Ville Skyttä - 1:2.0.2-1jpp +- Update to 2.0.2. +- Fix Group tag in -manual. + +* Sun Aug 23 2004 Randy Watler - 0:2.0-2jpp +- Rebuild with ant-1.6.2 + +* Mon Feb 16 2004 Kaj J. Niemi - 0:2.0-1jpp +- 2.0 final + +* Thu Jan 22 2004 David Walluck 0:2.0-0.rc3.1jpp +- 2.0-rc3 +- bump epoch + +* Tue Oct 14 2003 Ville Skyttä - 0:2.0-3.rc2.1jpp +- Update to 2.0rc2. +- Manual subpackage. +- Crosslink with local J2SE javadocs. +- Own unversioned javadoc dir symlink. + +* Fri Aug 15 2003 Ville Skyttä - 0:2.0-3.rc1.1jpp +- Update to 2.0rc1. +- Include "jakarta-"-less jar symlinks for consistency with other packages. +- Exclude example and contrib sources from main package, they're in -demo. + +* Wed Jul 9 2003 Ville Skyttä - 0:2.0-2.beta2.1jpp +- Update to 2.0 beta 2. +- Demo subpackage. +- Crosslink with local commons-logging javadocs. + +* Wed Jun 4 2003 Ville Skyttä - 0:2.0-2.beta1.1jpp +- Update to 2.0 beta 1. +- Non-versioned javadoc symlinking. + +* Fri Apr 4 2003 Ville Skyttä - 0:2.0-1.alpha3.2jpp +- Rebuild for JPackage 1.5. + +* Wed Feb 26 2003 Ville Skyttä - 2.0-1.alpha3.1jpp +- Update to 2.0 alpha 3. +- Fix Group tags. +- Run standalone unit tests during build. + +* Thu Sep 12 2002 Ville Skyttä 2.0-0.cvs20020909.1jpp +- Tune the rpm release number tag so rpm2html doesn't barf on it. + +* Mon Sep 9 2002 Ville Skyttä 2.0-0.20020909alpha1.1jpp +- 2.0alpha1 snapshot 20020909. +- Use sed instead of bash extensions when symlinking jars during build. +- Add distribution tag. +- Require commons-logging instead of log4j. + +* Sat Jan 19 2002 Guillaume Rousse 1.0-4jpp +- renamed to jakarta-commons-httpclient +- additional sources in individual archives +- versioned dir for javadoc +- no dependencies for javadoc package +- dropped j2ee package +- adapted to new jsse package +- section macro + +* Fri Dec 7 2001 Guillaume Rousse 1.0-3jpp +- javadoc into javadoc package + +* Sat Nov 3 2001 Guillaume Rousse 1.0-2jpp +- fixed jsse subpackage + +* Fri Nov 2 2001 Guillaume Rousse 1.0-1jpp +- first JPackage release