svn commit: r1856213 - in /ofbiz/ofbiz-framework/branches/release18.12: ./ build.gradle

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1856213 - in /ofbiz/ofbiz-framework/branches/release18.12: ./ build.gradle

jleroux@apache.org
Author: jleroux
Date: Mon Mar 25 17:50:09 2019
New Revision: 1856213

URL: http://svn.apache.org/viewvc?rev=1856213&view=rev
Log:
"Applied fix from trunk for revision: 1856212  "
------------------------------------------------------------------------
r1856212 | jleroux | 2019-03-25 18:47:52 +0100 (lun. 25 mars 2019) | 9 lignes

Fixed: Update Tomcat to 9.0.16 due to CVE-2019-0199
(OFBIZ-10873)

The HTTP/2 implementation accepted streams with excessive numbers of
SETTINGS frames and also permitted clients to keep streams open without
reading/writing request/response data. By keeping streams open for
requests that utilised the Servlet API's blocking I/O, clients were able
to cause server-side threads to block eventually leading to thread
exhaustion and a DoS.
------------------------------------------------------------------------

Modified:
    ofbiz/ofbiz-framework/branches/release18.12/   (props changed)
    ofbiz/ofbiz-framework/branches/release18.12/build.gradle

Propchange: ofbiz/ofbiz-framework/branches/release18.12/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Mar 25 17:50:09 2019
@@ -10,4 +10,4 @@
 /ofbiz/branches/json-integration-refactoring:1634077-1635900
 /ofbiz/branches/multitenant20100310:921280-927264
 /ofbiz/branches/release13.07:1547657
-/ofbiz/ofbiz-framework/trunk:1849931,1850015,1850023,1850530,1850647,1850685,1850694,1850711,1850914,1850918,1850921,1850948,1850953,1851006,1851013,1851068,1851074,1851130,1851158,1851200,1851224,1851247,1851254,1851315,1851319,1851350,1851353,1851433,1851500,1851805,1851885,1851998,1852503,1852587,1852818,1852882,1853070,1853109,1853691,1853745,1853750,1854306,1854457,1854683,1855078,1855083,1855287,1855371,1855403,1855488,1855492,1855497,1855501,1855898
+/ofbiz/ofbiz-framework/trunk:1849931,1850015,1850023,1850530,1850647,1850685,1850694,1850711,1850914,1850918,1850921,1850948,1850953,1851006,1851013,1851068,1851074,1851130,1851158,1851200,1851224,1851247,1851254,1851315,1851319,1851350,1851353,1851433,1851500,1851805,1851885,1851998,1852503,1852587,1852818,1852882,1853070,1853109,1853691,1853745,1853750,1854306,1854457,1854683,1855078,1855083,1855287,1855371,1855403,1855488,1855492,1855497,1855501,1855898,1856212

Modified: ofbiz/ofbiz-framework/branches/release18.12/build.gradle
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release18.12/build.gradle?rev=1856213&r1=1856212&r2=1856213&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release18.12/build.gradle (original)
+++ ofbiz/ofbiz-framework/branches/release18.12/build.gradle Mon Mar 25 17:50:09 2019
@@ -152,10 +152,10 @@ dependencies {
     compile 'org.apache.sshd:sshd-core:1.7.0'
     compile 'org.apache.tika:tika-core:1.20'
     compile 'org.apache.tika:tika-parsers:1.20'
-    compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.13'
-    compile 'org.apache.tomcat:tomcat-catalina:9.0.13'
-    compile 'org.apache.tomcat:tomcat-jasper:9.0.13'
-    compile 'org.apache.tomcat:tomcat-tribes:9.0.13'
+    compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.16'
+    compile 'org.apache.tomcat:tomcat-catalina:9.0.16'
+    compile 'org.apache.tomcat:tomcat-jasper:9.0.16'
+    compile 'org.apache.tomcat:tomcat-tribes:9.0.16'
     compile 'org.apache.xmlgraphics:fop:2.3'
     compile 'org.apache.xmlrpc:xmlrpc-client:3.1.3'
     compile 'org.apache.xmlrpc:xmlrpc-server:3.1.3'
@@ -198,9 +198,9 @@ dependencies {
     // libs needed for junitreport
     junitReport 'junit:junit:4.12'
     junitReport 'org.apache.ant:ant-junit:1.10.5'
-    
+
     // bug workaround - see OFBIZ-9873
-    asciidoctor 'org.jruby:jruby-complete:9.2.4.0'
+    asciidoctor 'org.jruby:jruby-complete:9.2.4.0'
 
     // local libs
     getDirectoryInActiveComponentsIfExists('lib').each { libDir ->
@@ -251,9 +251,9 @@ sourceSets {
             exclude excludedConfigFiles
             // Below are necessary for unit tests run by Gradle and integration tests
             exclude { FileTreeElement elem -> elem.getName().contains('Labels.xml') }
-            exclude { FileTreeElement elem -> elem.getName().contains('.properties') &&
-                !elem.getName().contains('start.properties') &&
-                !elem.getName().contains('load-data.properties') &&
+            exclude { FileTreeElement elem -> elem.getName().contains('.properties') &&
+                !elem.getName().contains('start.properties') &&
+                !elem.getName().contains('load-data.properties') &&
                 !elem.getName().contains('debug.properties') &&
                 !elem.getName().contains('cache.properties') &&
                 !elem.getName().contains('test.properties') &&
@@ -452,7 +452,7 @@ task createTenant(group: ofbizServer, de
                 'db-IP': project.hasProperty('dbIp')? dbIp : '',
                 'db-User': project.hasProperty('dbUser')? dbUser : '',
                 'db-Password': project.hasProperty('dbPassword')? dbPassword : '']
-    
+
             generateFileFromTemplate(databaseTemplateFile, 'runtime/tmp',
                 filterTokens, 'tmpFilteredTenantData.xml')
         }
@@ -563,13 +563,13 @@ task generatePluginDocumentation(group:
                 def asciidocFolder = new File("${component}/src/docs/asciidoc")
                 if (asciidocFolder.exists()) {
                     copy {
-                        from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg"
+                        from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg"
                         into "${component}/src/docs/asciidoc/images"
                     }
                     sourceDir file("${component}/src/docs/asciidoc")
                     outputDir file("${buildDir}/asciidoc/plugins/${component.name}")
                     doLast { println "Documentation generated for plugin ${component.name}" }
-                    
+
                 } else {
                       println "No documentation found for plugin ${component.name}"
                   }
@@ -581,21 +581,21 @@ task generatePluginDocumentation(group:
     }
 }
 
-task generateAllPluginsDocumentation(group: docsGroup,
+task generateAllPluginsDocumentation(group: docsGroup,
         description: 'Generate all plugins documentation.') {
-        
+
     dependsOn deleteAllPluginsDocumentation
     file("${pluginsDir}").eachDir { plugin ->
         iterateOverActiveComponents { component ->
             if (component.name == plugin.name) {
                 if (subprojectExists(":plugins:${plugin.name}")) {
-                    // Note: the "-" between "component.name" and "Documentation" allows to differentiate from
-                    // the other inner task temporary created by the generatePluginDocumentation task
-                    def pluginAsciidoc = task "${component.name}-Documentation" (type: AsciidoctorTask) {
+                    // Note: the "-" between "component.name" and "Documentation" allows to differentiate from
+                    // the other inner task temporary created by the generatePluginDocumentation task
+                    def pluginAsciidoc = task "${component.name}-Documentation" (type: AsciidoctorTask) {
                         def asciidocFolder = new File("${component}/src/docs/asciidoc")
                         if (asciidocFolder.exists()) {
                             copy {
-                                from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg"
+                                from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg"
                                 into "${component}/src/docs/asciidoc/images"
                             }
                             sourceDir file("${component}/src/docs/asciidoc")
@@ -604,7 +604,7 @@ task generateAllPluginsDocumentation(gro
                         }
                     mustRunAfter deleteAllPluginsDocumentation
                     }
-                    
+
                     dependsOn pluginAsciidoc
                 }
                 doLast { delete "${component}/src/docs/asciidoc/images/OFBiz-Logo.svg" }
@@ -712,7 +712,7 @@ task createPlugin(group: ofbizPlugin, de
         ['config', 'data/helpdata', 'dtd', 'documents', 'entitydef', 'lib', 'patches/test', 'patches/qa',
                 'patches/production', 'script', 'servicedef', 'src/main/java', 'src/test/java', 'testdef',
                 'widget', "webapp/${webappName}/error", "webapp/${webappName}/WEB-INF",
-                "webapp/${webappName}/WEB-INF/actions"].each {
+                "webapp/${webappName}/WEB-INF/actions"].each {
             mkdir pluginDir+'/'+it
         }
 
@@ -737,7 +737,7 @@ task createPlugin(group: ofbizPlugin, de
             [tempName:'Menus.xml', newName:"${pluginResourceName}Menus.xml", location:'widget'],
             [tempName:'Forms.xml', newName:"${pluginResourceName}Forms.xml", location:'widget']
         ].each { tmpl ->
-            generateFileFromTemplate(templateDir + '/' + tmpl.tempName,
+            generateFileFromTemplate(templateDir + '/' + tmpl.tempName,
                 pluginDir + '/' + tmpl.location, filterTokens, tmpl.newName)
         }
 
@@ -872,7 +872,7 @@ task pullPlugin(group: ofbizPlugin, desc
         // reverse the order of dependencies to install them before the plugin
         def ofbizPluginArchives = new ArrayList(configurations.ofbizPlugins.files)
         Collections.reverse(ofbizPluginArchives)
-    
+
         // Extract and install plugin and dependencies
         ofbizPluginArchives.each { pluginArchive ->
             ext.pluginId = dependencyId.tokenize(':').get(1)
@@ -900,7 +900,7 @@ task pullPluginSource(group: ofbizPlugin
     }
 }
 
-task pullAllPluginsSource(group: ofbizPlugin,
+task pullAllPluginsSource(group: ofbizPlugin,
         description: 'Download and install all plugins from source control. Warning! deletes existing plugins') {
 
     task deleteBeforePulling {
@@ -965,7 +965,7 @@ task cleanUploads(group: cleanupGroup, d
 }
 task cleanXtra(group: cleanupGroup, description: 'Clean extra generated files like .rej, .DS_Store, etc.') {
     doLast {
-        delete fileTree(dir: "${rootDir}",
+        delete fileTree(dir: "${rootDir}",
             includes: ['**/.nbattrs', '**/*~','**/.#*', '**/.DS_Store', '**/*.rej', '**/*.orig'])
     }
 }