You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2019/03/25 17:51:52 UTC
svn commit: r1856215 - in /ofbiz:
ofbiz-framework/branches/release17.12/build.gradle
ofbiz-plugins/branches/release17.12/example/build.gradle
Author: jleroux
Date: Mon Mar 25 17:51:52 2019
New Revision: 1856215
URL: http://svn.apache.org/viewvc?rev=1856215&view=rev
Log:
Fixed: Update Tomcat to 9.0.16 due to CVE-2019-0199
(OFBIZ-10873)
The HTTP/2 implementation accepted streams with excessive numbers of
SETTINGS frames and also permitted clients to keep streams open without
reading/writing request/response data. By keeping streams open for
requests that utilised the Servlet API's blocking I/O, clients were able
to cause server-side threads to block eventually leading to thread
exhaustion and a DoS.
Modified:
ofbiz/ofbiz-framework/branches/release17.12/build.gradle
ofbiz/ofbiz-plugins/branches/release17.12/example/build.gradle
Modified: ofbiz/ofbiz-framework/branches/release17.12/build.gradle
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/build.gradle?rev=1856215&r1=1856214&r2=1856215&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/build.gradle (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/build.gradle Mon Mar 25 17:51:52 2019
@@ -140,10 +140,10 @@ dependencies {
compile 'org.apache.tika:tika-core:1.20'
compile 'org.apache.tika:tika-parsers:1.20'
compile 'org.apache.poi:poi:3.17'
- compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.10'
- compile 'org.apache.tomcat:tomcat-catalina:9.0.10'
- compile 'org.apache.tomcat:tomcat-jasper:9.0.10'
- compile 'org.apache.tomcat:tomcat-tribes:9.0.10'
+ compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.16'
+ compile 'org.apache.tomcat:tomcat-catalina:9.0.16'
+ compile 'org.apache.tomcat:tomcat-jasper:9.0.16'
+ compile 'org.apache.tomcat:tomcat-tribes:9.0.16'
compile 'org.apache.xmlgraphics:fop:2.2'
compile 'org.apache.xmlrpc:xmlrpc-client:3.1.3'
compile 'org.apache.xmlrpc:xmlrpc-server:3.1.3'
@@ -184,9 +184,9 @@ dependencies {
// libs needed for junitreport
junitReport 'junit:junit:4.12'
junitReport 'org.apache.ant:ant-junit:1.9.7'
-
+
// bug workaround - see OFBIZ-9873
- asciidoctor 'org.jruby:jruby-complete:9.2.4.0'
+ asciidoctor 'org.jruby:jruby-complete:9.2.4.0'
// local libs
getDirectoryInActiveComponentsIfExists('lib').each { libDir ->
@@ -237,9 +237,9 @@ sourceSets {
exclude excludedConfigFiles
// Below are necessary for unit tests run by Gradle and integration tests
exclude { FileTreeElement elem -> elem.getName().contains('Labels.xml') }
- exclude { FileTreeElement elem -> elem.getName().contains('.properties') &&
- !elem.getName().contains('start.properties') &&
- !elem.getName().contains('load-data.properties') &&
+ exclude { FileTreeElement elem -> elem.getName().contains('.properties') &&
+ !elem.getName().contains('start.properties') &&
+ !elem.getName().contains('load-data.properties') &&
!elem.getName().contains('debug.properties') &&
!elem.getName().contains('cache.properties') &&
!elem.getName().contains('test.properties') &&
@@ -440,7 +440,7 @@ task createTenant(group: ofbizServer, de
'db-IP': project.hasProperty('dbIp')? dbIp : '',
'db-User': project.hasProperty('dbUser')? dbUser : '',
'db-Password': project.hasProperty('dbPassword')? dbPassword : '']
-
+
generateFileFromTemplate(databaseTemplateFile, 'runtime/tmp',
filterTokens, 'tmpFilteredTenantData.xml')
}
@@ -551,13 +551,13 @@ task generatePluginDocumentation(group:
def asciidocFolder = new File("${component}/src/docs/asciidoc")
if (asciidocFolder.exists()) {
copy {
- from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg"
+ from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg"
into "${component}/src/docs/asciidoc/images"
}
sourceDir file("${component}/src/docs/asciidoc")
outputDir file("${buildDir}/asciidoc/plugins/${component.name}")
doLast { println "Documentation generated for plugin ${component.name}" }
-
+
} else {
println "No documentation found for plugin ${component.name}"
}
@@ -569,21 +569,21 @@ task generatePluginDocumentation(group:
}
}
-task generateAllPluginsDocumentation(group: docsGroup,
+task generateAllPluginsDocumentation(group: docsGroup,
description: 'Generate all plugins documentation.') {
-
+
dependsOn deleteAllPluginsDocumentation
file("${pluginsDir}").eachDir { plugin ->
iterateOverActiveComponents { component ->
if (component.name == plugin.name) {
if (subprojectExists(":plugins:${plugin.name}")) {
- // Note: the "-" between "component.name" and "Documentation" allows to differentiate from
- // the other inner task temporary created by the generatePluginDocumentation task
- def pluginAsciidoc = task "${component.name}-Documentation" (type: AsciidoctorTask) {
+ // Note: the "-" between "component.name" and "Documentation" allows to differentiate from
+ // the other inner task temporary created by the generatePluginDocumentation task
+ def pluginAsciidoc = task "${component.name}-Documentation" (type: AsciidoctorTask) {
def asciidocFolder = new File("${component}/src/docs/asciidoc")
if (asciidocFolder.exists()) {
copy {
- from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg"
+ from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg"
into "${component}/src/docs/asciidoc/images"
}
sourceDir file("${component}/src/docs/asciidoc")
@@ -592,7 +592,7 @@ task generateAllPluginsDocumentation(gro
}
mustRunAfter deleteAllPluginsDocumentation
}
-
+
dependsOn pluginAsciidoc
}
doLast { delete "${component}/src/docs/asciidoc/images/OFBiz-Logo.svg" }
@@ -700,7 +700,7 @@ task createPlugin(group: ofbizPlugin, de
['config', 'data/helpdata', 'dtd', 'documents', 'entitydef', 'lib', 'patches/test', 'patches/qa',
'patches/production', 'script', 'servicedef', 'src/main/java', 'src/test/java', 'testdef',
'widget', "webapp/${webappName}/error", "webapp/${webappName}/WEB-INF",
- "webapp/${webappName}/WEB-INF/actions"].each {
+ "webapp/${webappName}/WEB-INF/actions"].each {
mkdir pluginDir+'/'+it
}
@@ -725,7 +725,7 @@ task createPlugin(group: ofbizPlugin, de
[tempName:'Menus.xml', newName:"${pluginResourceName}Menus.xml", location:'widget'],
[tempName:'Forms.xml', newName:"${pluginResourceName}Forms.xml", location:'widget']
].each { tmpl ->
- generateFileFromTemplate(templateDir + '/' + tmpl.tempName,
+ generateFileFromTemplate(templateDir + '/' + tmpl.tempName,
pluginDir + '/' + tmpl.location, filterTokens, tmpl.newName)
}
@@ -860,7 +860,7 @@ task pullPlugin(group: ofbizPlugin, desc
// reverse the order of dependencies to install them before the plugin
def ofbizPluginArchives = new ArrayList(configurations.ofbizPlugins.files)
Collections.reverse(ofbizPluginArchives)
-
+
// Extract and install plugin and dependencies
ofbizPluginArchives.each { pluginArchive ->
ext.pluginId = dependencyId.tokenize(':').get(1)
@@ -888,7 +888,7 @@ task pullPluginSource(group: ofbizPlugin
}
}
-task pullAllPluginsSource(group: ofbizPlugin,
+task pullAllPluginsSource(group: ofbizPlugin,
description: 'Download and install all plugins from source control. Warning! deletes existing plugins') {
task deleteBeforePulling {
@@ -953,7 +953,7 @@ task cleanUploads(group: cleanupGroup, d
}
task cleanXtra(group: cleanupGroup, description: 'Clean extra generated files like .rej, .DS_Store, etc.') {
doLast {
- delete fileTree(dir: "${rootDir}",
+ delete fileTree(dir: "${rootDir}",
includes: ['**/.nbattrs', '**/*~','**/.#*', '**/.DS_Store', '**/*.rej', '**/*.orig'])
}
}
Modified: ofbiz/ofbiz-plugins/branches/release17.12/example/build.gradle
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-plugins/branches/release17.12/example/build.gradle?rev=1856215&r1=1856214&r2=1856215&view=diff
==============================================================================
--- ofbiz/ofbiz-plugins/branches/release17.12/example/build.gradle (original)
+++ ofbiz/ofbiz-plugins/branches/release17.12/example/build.gradle Mon Mar 25 17:51:52 2019
@@ -18,5 +18,5 @@
*/
dependencies {
- pluginLibsCompile 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.10'
+ pluginLibsCompile 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.16'
}
\ No newline at end of file