You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ant.apache.org by bo...@apache.org on 2020/05/13 16:18:34 UTC

[ant] 01/02: Merge branch '1.9.x'

This is an automated email from the ASF dual-hosted git repository.

bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ant.git

commit dbceb60719e652a3201fc0ef969423d64bc074ee
Merge: 51353ac a395283
Author: Stefan Bodewig <bo...@apache.org>
AuthorDate: Wed May 13 18:13:18 2020 +0200

    Merge branch '1.9.x'

 manual/running.html | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --cc manual/running.html
index e31ec34,8a39268..9c31d12
--- a/manual/running.html
+++ b/manual/running.html
@@@ -525,41 -553,31 +525,41 @@@ on the platform and the JVM implementat
  
  <p><b>Security Note:</b> Using the default temporary directory
  specified by <code>java.io.tmpdir</code> can result in the leakage of
- sensitive information or possibly allow an attacker to execute
- arbitrary code. This is especially true in multi-user environments. It
- is recommended that <code>ant.tmpdir</code> be set to a directory
- owned by the user running Ant with 0700 permissions. Ant 1.10.8 and
- later will try to make temporary files created by it only
+ sensitive information or possibly allow an attacker to inject source
+ files into the build process. This is especially true in multi-user
 -is recommended that <code>ant.tmpdir</code> be set to a directory
 -owned by the user running Ant with 0700 permissions.</p>
 -
 -<h2><a name="cygwin">Cygwin Users</a></h2>
 -<p>The Unix launch script that come with Ant works correctly with Cygwin. You
 -should not have any problems launching Ant from the Cygwin shell. It is
 -important to note, however, that once Ant is running it is part of the JDK
 -which operates as a native Windows application. The JDK is not a Cygwin
 -executable, and it therefore has no knowledge of Cygwin paths, etc. In
 -particular when using the <code>&lt;exec&gt;</code> task, executable names such
 -as &quot;/bin/sh&quot; will not work, even though these work from the Cygwin
 -shell from which Ant was launched. You can use an executable name such as
 -&quot;sh&quot; and rely on that command being available in the Windows path.
 -</p>
++environments. It is recommended that <code>ant.tmpdir</code> be set to
++a directory owned by the user running Ant with 0700 permissions. Ant
++1.10.8 and later will try to make temporary files created by it only
 +readable/writable by the current user but may silently fail to do so
 +depending on the OS and filesystem.</p>
  
 -<h2><a name="os2">OS/2 Users</a></h2>
 -<p>The OS/2 launch script was developed to perform complex tasks. It has two parts:
 -<code>ant.cmd</code> which calls Ant and <code>antenv.cmd</code> which sets the environment for Ant.
 -Most often you will just call <code>ant.cmd</code> using the same command line options as described
 -above. The behaviour can be modified by a number of ways explained below.</p>
 +<h2 id="cygwin">Cygwin Users</h2>
 +<p>
 +Unix launch script that come with Ant works correctly with Cygwin. You
 +should not have any problems launching Ant from the Cygwin shell. It
 +is important to note, however, that once Ant is running it is part of
 +the JDK which operates as a native Windows application. The JDK is not
 +a Cygwin executable, and it therefore has no knowledge of Cygwin
 +paths, etc. In particular when using the <code>&lt;exec&gt;</code>
 +task, executable names such as <q>/bin/sh</q> will not work, even
 +though these work from the Cygwin shell from which Ant was
 +launched. You can use an executable name such as <q>sh</q> and rely on
 +that command being available in the Windows path.
 +
 +<h2 id="os2">OS/2 Users</h2>
 +<p>
 +The OS/2 launch script was developed to perform complex tasks. It has
 +two parts: <kbd>ant.cmd</kbd> which calls Ant
 +and <kbd>antenv.cmd</kbd> which sets the environment for Ant.  Most
 +often you will just call <kbd>ant.cmd</kbd> using the same command
 +line options as described above. The behaviour can be modified by a
 +number of ways explained below.
 +</p>
  
 -<p>Script <code>ant.cmd</code> first verifies whether the Ant environment is set correctly. The
 -requirements are:</p>
 +<p>
 +Script <kbd>ant.cmd</kbd> first verifies whether the Ant environment
 +is set correctly. The requirements are:
 +</p>
  <ol>
  <li>Environment variable <code>JAVA_HOME</code> is set.</li>
  <li>Environment variable <code>ANT_HOME</code> is set.</li>