From bf087c6679e500c0acea269fe5f187f7064232f9 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 31 2019 12:38:19 +0000 Subject: import plexus-utils-3.0.9-9.el7 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..74d9652 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/plexus-utils-3.0.9.tar.gz diff --git a/.plexus-utils.metadata b/.plexus-utils.metadata new file mode 100644 index 0000000..7aa111a --- /dev/null +++ b/.plexus-utils.metadata @@ -0,0 +1 @@ +58512cfc415fe4301652b1d22eb6a8d6935e498f SOURCES/plexus-utils-3.0.9.tar.gz diff --git a/SOURCES/LICENSE-2.0.txt b/SOURCES/LICENSE-2.0.txt new file mode 100644 index 0000000..d645695 --- /dev/null +++ b/SOURCES/LICENSE-2.0.txt @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/SOURCES/plexus-utils-PLXUTILS-161.patch b/SOURCES/plexus-utils-PLXUTILS-161.patch new file mode 100644 index 0000000..c2dc769 --- /dev/null +++ b/SOURCES/plexus-utils-PLXUTILS-161.patch @@ -0,0 +1,536 @@ +From 6e823f2fcb904efccd8ae16d6aab8c1b34a09d5c Mon Sep 17 00:00:00 2001 +From: Kristian Rosenvold +Date: Tue, 8 Oct 2013 18:21:04 +0200 +Subject: [PATCH] [PLXUTILS-161] Commandline shell injection problems + +Patch by Charles Duffy, applied unmodified +--- + .../org/codehaus/plexus/util/cli/Commandline.java | 38 +++++++++++--- + .../plexus/util/cli/shell/BourneShell.java | 60 +++++++--------------- + .../org/codehaus/plexus/util/cli/shell/Shell.java | 35 ++++++++++--- + .../codehaus/plexus/util/cli/CommandlineTest.java | 37 +++++++------ + .../plexus/util/cli/shell/BourneShellTest.java | 19 ++++--- + 5 files changed, 107 insertions(+), 82 deletions(-) + +diff --git a/src/main/java/org/codehaus/plexus/util/cli/Commandline.java b/src/main/java/org/codehaus/plexus/util/cli/Commandline.java +index 5e0d5af..7346c7e 100644 +--- a/src/main/java/org/codehaus/plexus/util/cli/Commandline.java ++++ b/src/main/java/org/codehaus/plexus/util/cli/Commandline.java +@@ -139,6 +139,8 @@ public class Commandline + * Create a new command line object. + * Shell is autodetected from operating system + * ++ * Shell usage is only desirable when generating code for remote execution. ++ * + * @param toProcess + */ + public Commandline( String toProcess, Shell shell ) +@@ -167,6 +169,8 @@ public class Commandline + /** + * Create a new command line object. + * Shell is autodetected from operating system ++ * ++ * Shell usage is only desirable when generating code for remote execution. + */ + public Commandline( Shell shell ) + { +@@ -174,8 +178,7 @@ public class Commandline + } + + /** +- * Create a new command line object. +- * Shell is autodetected from operating system ++ * Create a new command line object, given a command following POSIX sh quoting rules + * + * @param toProcess + */ +@@ -203,7 +206,6 @@ public class Commandline + + /** + * Create a new command line object. +- * Shell is autodetected from operating system + */ + public Commandline() + { +@@ -253,7 +255,7 @@ public class Commandline + { + if ( realPos == -1 ) + { +- realPos = ( getExecutable() == null ? 0 : 1 ); ++ realPos = ( getLiteralExecutable() == null ? 0 : 1 ); + for ( int i = 0; i < position; i++ ) + { + Arg arg = (Arg) arguments.elementAt( i ); +@@ -404,6 +406,21 @@ public class Commandline + this.executable = executable; + } + ++ /** ++ * @return Executable to be run, as a literal string (no shell quoting/munging) ++ */ ++ public String getLiteralExecutable() ++ { ++ return executable; ++ } ++ ++ /** ++ * Return an executable name, quoted for shell use. ++ * ++ * Shell usage is only desirable when generating code for remote execution. ++ * ++ * @return Executable to be run, quoted for shell interpretation ++ */ + public String getExecutable() + { + String exec = shell.getExecutable(); +@@ -483,7 +500,7 @@ public class Commandline + public String[] getCommandline() + { + final String[] args = getArguments(); +- String executable = getExecutable(); ++ String executable = getLiteralExecutable(); + + if ( executable == null ) + { +@@ -497,6 +514,8 @@ public class Commandline + + /** + * Returns the shell, executable and all defined arguments. ++ * ++ * Shell usage is only desirable when generating code for remote execution. + */ + public String[] getShellCommandline() + { +@@ -633,7 +652,7 @@ public class Commandline + { + if ( workingDir == null ) + { +- process = Runtime.getRuntime().exec( getShellCommandline(), environment ); ++ process = Runtime.getRuntime().exec( getCommandline(), environment, workingDir ); + } + else + { +@@ -648,7 +667,7 @@ public class Commandline + + "\" does not specify a directory." ); + } + +- process = Runtime.getRuntime().exec( getShellCommandline(), environment, workingDir ); ++ process = Runtime.getRuntime().exec( getCommandline(), environment, workingDir ); + } + } + catch ( IOException ex ) +@@ -669,7 +688,7 @@ public class Commandline + shell.setWorkingDirectory( workingDir ); + } + +- if ( shell.getExecutable() == null ) ++ if ( shell.getOriginalExecutable() == null ) + { + shell.setExecutable( executable ); + } +@@ -684,6 +703,8 @@ public class Commandline + /** + * Allows to set the shell to be used in this command line. + * ++ * Shell usage is only desirable when generating code for remote execution. ++ * + * @param shell + * @since 1.2 + */ +@@ -695,6 +716,7 @@ public class Commandline + /** + * Get the shell to be used in this command line. + * ++ * Shell usage is only desirable when generating code for remote execution. + * @since 1.2 + */ + public Shell getShell() +diff --git a/src/main/java/org/codehaus/plexus/util/cli/shell/BourneShell.java b/src/main/java/org/codehaus/plexus/util/cli/shell/BourneShell.java +index e4b4cde..3c07fb6 100644 +--- a/src/main/java/org/codehaus/plexus/util/cli/shell/BourneShell.java ++++ b/src/main/java/org/codehaus/plexus/util/cli/shell/BourneShell.java +@@ -17,7 +17,6 @@ package org.codehaus.plexus.util.cli.shell; + */ + + import org.codehaus.plexus.util.Os; +-import org.codehaus.plexus.util.StringUtils; + + import java.util.ArrayList; + import java.util.List; +@@ -29,34 +28,18 @@ import java.util.List; + public class BourneShell + extends Shell + { +- private static final char[] BASH_QUOTING_TRIGGER_CHARS = { +- ' ', +- '$', +- ';', +- '&', +- '|', +- '<', +- '>', +- '*', +- '?', +- '(', +- ')', +- '[', +- ']', +- '{', +- '}', +- '`' }; + + public BourneShell() + { +- this( false ); ++ this(false); + } + + public BourneShell( boolean isLoginShell ) + { ++ setUnconditionalQuoting( true ); + setShellCommand( "/bin/sh" ); + setArgumentQuoteDelimiter( '\'' ); +- setExecutableQuoteDelimiter( '\"' ); ++ setExecutableQuoteDelimiter( '\'' ); + setSingleQuotedArgumentEscaped( true ); + setSingleQuotedExecutableEscaped( false ); + setQuotedExecutableEnabled( true ); +@@ -76,7 +59,7 @@ public class BourneShell + return super.getExecutable(); + } + +- return unifyQuotes( super.getExecutable()); ++ return quoteOneItem( super.getOriginalExecutable(), true ); + } + + public List getShellArgsList() +@@ -126,46 +109,41 @@ public class BourneShell + StringBuffer sb = new StringBuffer(); + sb.append( "cd " ); + +- sb.append( unifyQuotes( dir ) ); ++ sb.append( quoteOneItem( dir, false ) ); + sb.append( " && " ); + + return sb.toString(); + } + +- protected char[] getQuotingTriggerChars() +- { +- return BASH_QUOTING_TRIGGER_CHARS; +- } +- + /** + *

Unify quotes in a path for the Bourne Shell.

+ * + * 
+-     * BourneShell.unifyQuotes(null)                       = null
+-     * BourneShell.unifyQuotes("")                         = (empty)
+-     * BourneShell.unifyQuotes("/test/quotedpath'abc")     = /test/quotedpath\'abc
+-     * BourneShell.unifyQuotes("/test/quoted path'abc")    = "/test/quoted path'abc"
+-     * BourneShell.unifyQuotes("/test/quotedpath\"abc")    = "/test/quotedpath\"abc"
+-     * BourneShell.unifyQuotes("/test/quoted path\"abc")   = "/test/quoted path\"abc"
+-     * BourneShell.unifyQuotes("/test/quotedpath\"'abc")   = "/test/quotedpath\"'abc"
+-     * BourneShell.unifyQuotes("/test/quoted path\"'abc")  = "/test/quoted path\"'abc"
++     * BourneShell.quoteOneItem(null)                       = null
++     * BourneShell.quoteOneItem("")                         = ''
++     * BourneShell.quoteOneItem("/test/quotedpath'abc")     = '/test/quotedpath'"'"'abc'
++     * BourneShell.quoteOneItem("/test/quoted path'abc")    = '/test/quoted pat'"'"'habc'
++     * BourneShell.quoteOneItem("/test/quotedpath\"abc")    = '/test/quotedpath"abc'
++     * BourneShell.quoteOneItem("/test/quoted path\"abc")   = '/test/quoted path"abc'
++     * BourneShell.quoteOneItem("/test/quotedpath\"'abc")   = '/test/quotedpath"'"'"'abc'
++     * BourneShell.quoteOneItem("/test/quoted path\"'abc")  = '/test/quoted path"'"'"'abc'
+      *
+ * + * @param path not null path. + * @return the path unified correctly for the Bourne shell. + */ +- protected static String unifyQuotes( String path ) ++ protected String quoteOneItem( String path, boolean isExecutable ) + { + if ( path == null ) + { + return null; + } + +- if ( path.indexOf( " " ) == -1 && path.indexOf( "'" ) != -1 && path.indexOf( "\"" ) == -1 ) +- { +- return StringUtils.escape( path ); +- } ++ StringBuilder sb = new StringBuilder(); ++ sb.append( "'" ); ++ sb.append( path.replace( "'", "'\"'\"'" ) ); ++ sb.append( "'" ); + +- return StringUtils.quoteAndEscape( path, '\"', BASH_QUOTING_TRIGGER_CHARS ); ++ return sb.toString(); + } + } +diff --git a/src/main/java/org/codehaus/plexus/util/cli/shell/Shell.java b/src/main/java/org/codehaus/plexus/util/cli/shell/Shell.java +index 571b249..a42eae8 100644 +--- a/src/main/java/org/codehaus/plexus/util/cli/shell/Shell.java ++++ b/src/main/java/org/codehaus/plexus/util/cli/shell/Shell.java +@@ -48,6 +48,8 @@ public class Shell + + private boolean quotedArgumentsEnabled = true; + ++ private boolean unconditionallyQuote = false; ++ + private String executable; + + private String workingDir; +@@ -69,6 +71,16 @@ public class Shell + private String argumentEscapePattern = "\\%s"; + + /** ++ * Toggle unconditional quoting ++ * ++ * @param unconditionallyQuote ++ */ ++ public void setUnconditionalQuoting(boolean unconditionallyQuote) ++ { ++ this.unconditionallyQuote = unconditionallyQuote; ++ } ++ ++ /** + * Set the command to execute the shell (eg. COMMAND.COM, /bin/bash,...) + * + * @param shellCommand +@@ -129,6 +141,19 @@ public class Shell + return getRawCommandLine( executable, arguments ); + } + ++ protected String quoteOneItem(String inputString, boolean isExecutable) ++ { ++ char[] escapeChars = getEscapeChars( isSingleQuotedExecutableEscaped(), isDoubleQuotedExecutableEscaped() ); ++ return StringUtils.quoteAndEscape( ++ inputString, ++ isExecutable ? getExecutableQuoteDelimiter() : getArgumentQuoteDelimiter(), ++ escapeChars, ++ getQuotingTriggerChars(), ++ '\\', ++ unconditionallyQuote ++ ); ++ } ++ + protected List getRawCommandLine( String executable, String[] arguments ) + { + List commandLine = new ArrayList(); +@@ -144,9 +169,7 @@ public class Shell + + if ( isQuotedExecutableEnabled() ) + { +- char[] escapeChars = getEscapeChars( isSingleQuotedExecutableEscaped(), isDoubleQuotedExecutableEscaped() ); +- +- sb.append( StringUtils.quoteAndEscape( getExecutable(), getExecutableQuoteDelimiter(), escapeChars, getQuotingTriggerChars(), '\\', false ) ); ++ sb.append( quoteOneItem( getOriginalExecutable(), true ) ); + } + else + { +@@ -162,9 +185,7 @@ public class Shell + + if ( isQuotedArgumentsEnabled() ) + { +- char[] escapeChars = getEscapeChars( isSingleQuotedArgumentEscaped(), isDoubleQuotedArgumentEscaped() ); +- +- sb.append( StringUtils.quoteAndEscape( arguments[i], getArgumentQuoteDelimiter(), escapeChars, getQuotingTriggerChars(), getArgumentEscapePattern(), false ) ); ++ sb.append( quoteOneItem( arguments[i], false ) ); + } + else + { +@@ -278,7 +299,7 @@ public class Shell + commandLine.addAll( getShellArgsList() ); + } + +- commandLine.addAll( getCommandLine( getExecutable(), arguments ) ); ++ commandLine.addAll( getCommandLine( getOriginalExecutable(), arguments ) ); + + return commandLine; + +diff --git a/src/test/java/org/codehaus/plexus/util/cli/CommandlineTest.java b/src/test/java/org/codehaus/plexus/util/cli/CommandlineTest.java +index b22814b..42bbb7f 100644 +--- a/src/test/java/org/codehaus/plexus/util/cli/CommandlineTest.java ++++ b/src/test/java/org/codehaus/plexus/util/cli/CommandlineTest.java +@@ -16,6 +16,7 @@ package org.codehaus.plexus.util.cli; + * limitations under the License. + */ + ++import junit.framework.TestCase; + import org.codehaus.plexus.util.IOUtil; + import org.codehaus.plexus.util.Os; + import org.codehaus.plexus.util.StringUtils; +@@ -23,15 +24,7 @@ import org.codehaus.plexus.util.cli.shell.BourneShell; + import org.codehaus.plexus.util.cli.shell.CmdShell; + import org.codehaus.plexus.util.cli.shell.Shell; + +-import java.io.File; +-import java.io.FileWriter; +-import java.io.IOException; +-import java.io.InputStreamReader; +-import java.io.Reader; +-import java.io.StringWriter; +-import java.io.Writer; +- +-import junit.framework.TestCase; ++import java.io.*; + + public class CommandlineTest + extends TestCase +@@ -252,7 +245,7 @@ public class CommandlineTest + + assertEquals( "/bin/sh", shellCommandline[0] ); + assertEquals( "-c", shellCommandline[1] ); +- String expectedShellCmd = "/bin/echo \'hello world\'"; ++ String expectedShellCmd = "'/bin/echo' 'hello world'"; + if ( Os.isFamily( Os.FAMILY_WINDOWS ) ) + { + expectedShellCmd = "\\bin\\echo \'hello world\'"; +@@ -282,12 +275,12 @@ public class CommandlineTest + + assertEquals( "/bin/sh", shellCommandline[0] ); + assertEquals( "-c", shellCommandline[1] ); +- String expectedShellCmd = "cd \"" + root.getAbsolutePath() +- + "path with spaces\" && /bin/echo \'hello world\'"; ++ String expectedShellCmd = "cd '" + root.getAbsolutePath() ++ + "path with spaces' && '/bin/echo' 'hello world'"; + if ( Os.isFamily( Os.FAMILY_WINDOWS ) ) + { +- expectedShellCmd = "cd \"" + root.getAbsolutePath() +- + "path with spaces\" && \\bin\\echo \'hello world\'"; ++ expectedShellCmd = "cd '" + root.getAbsolutePath() ++ + "path with spaces' && '\\bin\\echo' 'hello world'"; + } + assertEquals( expectedShellCmd, shellCommandline[2] ); + } +@@ -311,7 +304,7 @@ public class CommandlineTest + + assertEquals( "/bin/sh", shellCommandline[0] ); + assertEquals( "-c", shellCommandline[1] ); +- String expectedShellCmd = "/bin/echo \'hello world\'"; ++ String expectedShellCmd = "'/bin/echo' ''\"'\"'hello world'\"'\"''"; + if ( Os.isFamily( Os.FAMILY_WINDOWS ) ) + { + expectedShellCmd = "\\bin\\echo \'hello world\'"; +@@ -341,7 +334,7 @@ public class CommandlineTest + } + else + { +- assertEquals( "/usr/bin a b", shellCommandline[2] ); ++ assertEquals( "'/usr/bin' 'a' 'b'", shellCommandline[2] ); + } + } + +@@ -388,6 +381,18 @@ public class CommandlineTest + } + + /** ++ * Test an executable with shell-expandable content in its path. ++ * ++ * @throws Exception ++ */ ++ public void testPathWithShellExpansionStrings() ++ throws Exception ++ { ++ File dir = new File( System.getProperty( "basedir" ), "target/test/dollar$test" ); ++ createAndCallScript( dir, "echo Quoted" ); ++ } ++ ++ /** + * Test an executable with a single quotation mark \" in its path only for non Windows box. + * + * @throws Exception +diff --git a/src/test/java/org/codehaus/plexus/util/cli/shell/BourneShellTest.java b/src/test/java/org/codehaus/plexus/util/cli/shell/BourneShellTest.java +index 2a987ed..0e06c63 100644 +--- a/src/test/java/org/codehaus/plexus/util/cli/shell/BourneShellTest.java ++++ b/src/test/java/org/codehaus/plexus/util/cli/shell/BourneShellTest.java +@@ -16,14 +16,13 @@ package org.codehaus.plexus.util.cli.shell; + * limitations under the License. + */ + ++import junit.framework.TestCase; + import org.codehaus.plexus.util.StringUtils; + import org.codehaus.plexus.util.cli.Commandline; + + import java.util.Arrays; + import java.util.List; + +-import junit.framework.TestCase; +- + public class BourneShellTest + extends TestCase + { +@@ -42,7 +41,7 @@ public class BourneShellTest + + String executable = StringUtils.join( sh.getShellCommandLine( new String[]{} ).iterator(), " " ); + +- assertEquals( "/bin/sh -c cd /usr/local/bin && chmod", executable ); ++ assertEquals( "/bin/sh -c cd '/usr/local/bin' && 'chmod'", executable ); + } + + public void testQuoteWorkingDirectoryAndExecutable_WDPathWithSingleQuotes() +@@ -54,7 +53,7 @@ public class BourneShellTest + + String executable = StringUtils.join( sh.getShellCommandLine( new String[]{} ).iterator(), " " ); + +- assertEquals( "/bin/sh -c cd \"/usr/local/\'something else\'\" && chmod", executable ); ++ assertEquals( "/bin/sh -c cd '/usr/local/'\"'\"'something else'\"'\"'' && 'chmod'", executable ); + } + + public void testQuoteWorkingDirectoryAndExecutable_WDPathWithSingleQuotes_BackslashFileSep() +@@ -66,7 +65,7 @@ public class BourneShellTest + + String executable = StringUtils.join( sh.getShellCommandLine( new String[]{} ).iterator(), " " ); + +- assertEquals( "/bin/sh -c cd \"\\usr\\local\\\'something else\'\" && chmod", executable ); ++ assertEquals( "/bin/sh -c cd '\\usr\\local\\\'\"'\"'something else'\"'\"'' && 'chmod'", executable ); + } + + public void testPreserveSingleQuotesOnArgument() +@@ -82,7 +81,7 @@ public class BourneShellTest + + String cli = StringUtils.join( shellCommandLine.iterator(), " " ); + System.out.println( cli ); +- assertTrue( cli.endsWith( args[0] ) ); ++ assertTrue( cli.endsWith("''\"'\"'some arg with spaces'\"'\"''")); + } + + public void testAddSingleQuotesOnArgumentWithSpaces() +@@ -114,7 +113,7 @@ public class BourneShellTest + + String cli = StringUtils.join( shellCommandLine.iterator(), " " ); + System.out.println( cli ); +- assertEquals("cd /usr/bin && chmod 'arg'\\''withquote'", shellCommandLine.get(shellCommandLine.size() - 1)); ++ assertEquals("cd '/usr/bin' && 'chmod' 'arg'\"'\"'withquote'", shellCommandLine.get(shellCommandLine.size() - 1)); + } + + public void testArgumentsWithsemicolon() +@@ -146,7 +145,7 @@ public class BourneShellTest + + assertEquals( "/bin/sh", lines[0] ); + assertEquals( "-c", lines[1] ); +- assertEquals( "chmod --password ';password'", lines[2] ); ++ assertEquals( "'chmod' '--password' ';password'", lines[2] ); + + commandline = new Commandline( newShell() ); + commandline.setExecutable( "chmod" ); +@@ -158,7 +157,7 @@ public class BourneShellTest + + assertEquals( "/bin/sh", lines[0] ); + assertEquals( "-c", lines[1] ); +- assertEquals( "chmod --password ';password'", lines[2] ); ++ assertEquals( "'chmod' '--password' ';password'", lines[2] ); + + commandline = new Commandline( new CmdShell() ); + commandline.getShell().setQuotedArgumentsEnabled( true ); +@@ -206,7 +205,7 @@ public class BourneShellTest + + assertEquals( "/bin/sh", lines[0] ); + assertEquals( "-c", lines[1] ); +- assertEquals( "chmod ' ' '|' '&&' '||' ';' ';;' '&' '()' '<' '<<' '>' '>>' '*' '?' '[' ']' '{' '}' '`'", ++ assertEquals( "'chmod' ' ' '|' '&&' '||' ';' ';;' '&' '()' '<' '<<' '>' '>>' '*' '?' '[' ']' '{' '}' '`'", + lines[2] ); + + } +-- +1.8.4.2 + diff --git a/SPECS/plexus-utils.spec b/SPECS/plexus-utils.spec new file mode 100644 index 0000000..4056cce --- /dev/null +++ b/SPECS/plexus-utils.spec @@ -0,0 +1,198 @@ +# Copyright (c) 2000-2007, JPackage Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the +# distribution. +# 3. Neither the name of the JPackage Project nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +%global parent plexus +%global subname utils + +Name: plexus-utils +Version: 3.0.9 +Release: 9%{?dist} +Summary: Plexus Common Utilities +# ASL 1.1: several files in src/main/java/org/codehaus/plexus/util/ +# xpp: src/main/java/org/codehaus/plexus/util/xml/pull directory +# ASL 2.0 and BSD: +# src/main/java/org/codehaus/plexus/util/cli/StreamConsumer +# src/main/java/org/codehaus/plexus/util/cli/StreamPumper +# src/main/java/org/codehaus/plexus/util/cli/Commandline +# Public domain: src/main/java/org/codehaus/plexus/util/TypeFormat.java +# rest is ASL 2.0 +License: ASL 1.1 and ASL 2.0 and xpp and BSD and Public Domain +Group: Development/Libraries +URL: http://plexus.codehaus.org/ +Source0: https://github.com/sonatype/%{name}/archive/%{name}-%{version}.tar.gz +Source1: http://apache.org/licenses/LICENSE-2.0.txt + +# Backported from upstream commit b38a1b3 +# Fixes upstream bug PLXUTILS-161, aka rhbz#958733 +Patch0: %{name}-PLXUTILS-161.patch + +BuildArch: noarch +BuildRequires: jpackage-utils >= 0:1.6 + +BuildRequires: maven-local +BuildRequires: maven-compiler-plugin +BuildRequires: maven-install-plugin +BuildRequires: maven-jar-plugin +BuildRequires: maven-javadoc-plugin +BuildRequires: maven-resources-plugin +BuildRequires: maven-surefire-plugin +BuildRequires: maven-doxia-sitetools +BuildRequires: maven-surefire-provider-junit +BuildRequires: mvn(org.apache.maven.plugins:maven-enforcer-plugin) + +%description +The Plexus project seeks to create end-to-end developer tools for +writing applications. At the core is the container, which can be +embedded or for a full scale application server. There are many +reusable components for hibernate, form processing, jndi, i18n, +velocity, etc. Plexus also includes an application server which +is like a J2EE application server, without all the baggage. + +%package javadoc +Summary: Javadoc for %{name} +Group: Documentation + +%description javadoc +Javadoc for %{name}. + +%prep +%setup -q -n %{name}-%{name}-%{version} +%patch0 -p1 +cp %{SOURCE1} . + +%mvn_file : %{parent}/%{subname} +%mvn_alias : "plexus:plexus-utils" + +%build +%mvn_build + +%install +%mvn_install + +%files -f .mfiles +%doc NOTICE.txt LICENSE-2.0.txt + +%files javadoc -f .mfiles-javadoc +%doc NOTICE.txt LICENSE-2.0.txt + +%changelog +* Mon Jan 27 2014 Mikolaj Izdebski - 3.0.9-9 +- Backport upstream patch for PLXUTILS-161 +- Resolves: rhbz#1009412 + +* Fri Dec 27 2013 Daniel Mach - 3.0.9-8 +- Mass rebuild 2013-12-27 + +* Thu Aug 22 2013 Michal Srb - 3.0.9-7 +- Migrate away from mvn-rpmbuild (Resolves: #997480) + +* Fri Jun 28 2013 Mikolaj Izdebski - 3.0.9-6 +- Rebuild to regenerate API documentation +- Resolves: CVE-2013-1571 + +* Thu Feb 14 2013 Fedora Release Engineering - 3.0.9-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Feb 06 2013 Java SIG - 3.0.9-4 +- Update for https://fedoraproject.org/wiki/Fedora_19_Maven_Rebuild +- Replace maven BuildRequires with maven-local + +* Mon Nov 26 2012 Stanislav Ochotnicky - 3.0.9-3 +- Add license from one Public Domain class + +* Fri Nov 23 2012 Stanislav Ochotnicky - 3.0.9-2 +- Fix license tag and ASL 2.0 license text + +* Wed Oct 10 2012 Alexander Kurtakov 3.0.9-1 +- Update to upstream 3.0.9. + +* Sat Jul 21 2012 Fedora Release Engineering - 3.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sat Jan 14 2012 Fedora Release Engineering - 3.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Sep 7 2011 Alexander Kurtakov 3.0-1 +- Update to upstream 3.0. + +* Mon Feb 28 2011 Stanislav Ochotnicky - 2.0.6-1 +- Update to 2.0.6 +- Remove obsolete patches +- Use maven 3 to build + +* Wed Feb 09 2011 Fedora Release Engineering - 2.0.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Dec 16 2010 Stanislav Ochotnicky - 2.0.5-2 +- Use versionless jars/javadocs +- Use new maven plugin names +- Add compatibility depmap + +* Wed May 5 2010 Mary Ellen Foster 2.0.5-1 +- Update to 2.0.5 + +* Fri Feb 12 2010 Mary Ellen Foster 2.0.1-1 +- Update to 2.0.1 +- Build with maven + +* Wed Aug 19 2009 Andrew Overholt 1.4.5-1.2 +- Update to 1.4.5 from JPackage and Deepak Bhole +- Remove gcj bits + +* Sun Jul 26 2009 Fedora Release Engineering - 0:1.2-4.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Feb 26 2009 Fedora Release Engineering - 0:1.2-3.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Wed Jul 9 2008 Tom "spot" Callaway - 0:1.2-2.2 +- fix license tag +- drop repotag + +* Thu Aug 23 2007 Ralph Apel - 0:1.4.5-1jpp +- Upgrade to 1.4.5 +- Now build with maven2 by default + +* Wed Mar 21 2007 Ralph Apel - 0:1.2-2jpp +- Fix build classpath +- Optionally build with maven2 +- Add gcj_support option + +* Mon Feb 20 2007 Deepak Bhole - 0:1.2-2jpp.1.fc7 +- Fix spec per Fedora guidelines + +* Fri Jun 16 2006 Ralph Apel - 0:1.2-1jpp +- Upgrade to 1.2 + +* Wed Jan 04 2006 Fernando Nasser - 0:1.0.4-2jpp +- First JPP 1.7 build + +* Mon Nov 07 2005 Ralph Apel - 0:1.0.4-1jpp +- First JPackage build