You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Clément MATHIEU (JIRA)" <ji...@apache.org> on 2016/01/25 22:49:39 UTC

[jira] [Comment Edited] (MSHARED-309) MavenArchiveConfiguration does not properly handle line breaks in Manifest attributes

    [ https://issues.apache.org/jira/browse/MSHARED-309?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15116148#comment-15116148 ] 

Clément MATHIEU edited comment on MSHARED-309 at 1/25/16 9:49 PM:
------------------------------------------------------------------

Hi [~michael-o],

It has been a while since I filled the issue. IIRC It was pretty clear that lot of moving parts were involved, implying no easy & idiot-proof solution. But I have forgotten almost everything about it. 

I believe that it would be good to at least emit a warning if we detect that an invalid, or suspicious, Manifest file will be produced. But if it possible to detect a such case, it should not be much harder to reformat the value according to the Manifest syntax.

If you think the effort does not worth the reward, I'm not against closing the issue as "won't fix". I got burned once by this issue and it took some time to nail down the cause. I filled this bug because it seemed very likely that someone else will get burned (it only requires an XML formatter and a maximum line length). But if nobody else complain, let's say I am the only idiot here :)





was (Author: clement@unportant.info):
Hi [~michael-o],

It has been a while since I filled the issue. IIRC It was pretty clear that lot of moving parts were involved, implying no easy & idiot-proof solution. But I have forgotten almost everything about it. 

I believe that it would be good to at least emit a warning if we detect that an invalid, or suspicious, Manifest file will be produced. But if it possible to detect a such case, it should not be much harder to reformat the value according to the Manifest syntax.

If you think the effort does not worth the reward, I'm not against closing the issue as "won't fix". I got burned once by this issue and it took some time to nail down the cause. I filled this bug because it seems very likely that someone else will get burned (it only requires an XML formatter and a maximum line length). But if nobody else complain, let's say I am the only idiot here :)




> MavenArchiveConfiguration does not properly handle line breaks in Manifest attributes
> -------------------------------------------------------------------------------------
>
>                 Key: MSHARED-309
>                 URL: https://issues.apache.org/jira/browse/MSHARED-309
>             Project: Maven Shared Components
>          Issue Type: Bug
>          Components: maven-archiver
>    Affects Versions: maven-archiver-2.5
>            Reporter: Clément MATHIEU
>              Labels: close-pending
>
> Due to character escaping issue it is very easy to an create invalid Manifest.
> The JAR specification defines a line as follows:
> {noformat}
>   header:                       name : value
>   name:                         alphanum *headerchar
>   value:                          SPACE *otherchar newline *continuation
>   continuation:              SPACE *otherchar newline
> {noformat}
> An header can be spread over several lines as long as the continuation starts with a space. This feature is especially used to break long lines since they cannot be longer that 72 chars.
> The maven-jar-plugin relies on maven-archive to configure the zip archive. More specifically, MavenArchiveConfiguration.manifestEntries is used to store the Manifest configuration. However, the names and values are stored as is by the plexus converter (raw textContent value). 
> Lets take the following pom file:
> {noformat}
> <configuration>
> 	<archive>
> 		<manifestEntries>
> 			<Implementation-Title>foo
> bar
> 			</Implementation-Title>
> 		</manifestEntries>
> 	</archive>
> </configuration>
> {noformat}
> The following name/value will be stored in a manifestEntries:
> {noformat}
> "Implementation-Title" -> "foo\nbar"
> {noformat}
> To create the Manifest file we use the Manifest class from plexus-archive which itself extends the Manifest file from the JDK. Neither of theses two classes protect line breaks properly leading to a corrupted Manifest. This can also occur if you use tab indentation and your IDE split long line etc.
> I had like to provide a patch to fix this issue, but I'm not sure if we want to process the textContent to remove the line breaks and trim each line in maven-archiver or if the line breaks should be handled more generically by plexus-archiver.
> We could also detect that a line break is present in the String and fail the build since this is most likely unexpected.
> Any feedback is welcome before I spend time writing a patch !



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)