OFBiz › OFBiz - Commits

svn commit: r1856213 - in /ofbiz/ofbiz-framework/branches/release18.12: ./ build.gradle

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

jleroux@apache.org

svn commit: r1856213 - in /ofbiz/ofbiz-framework/branches/release18.12: ./ build.gradle

Author: jleroux
Date: Mon Mar 25 17:50:09 2019
New Revision: 1856213

URL: http://svn.apache.org/viewvc?rev=1856213&view=rev
Log:
"Applied fix from trunk for revision: 1856212 "
------------------------------------------------------------------------
r1856212 | jleroux | 2019-03-25 18:47:52 +0100 (lun. 25 mars 2019) | 9 lignes

Fixed: Update Tomcat to 9.0.16 due to CVE-2019-0199
(OFBIZ-10873)

The HTTP/2 implementation accepted streams with excessive numbers of
SETTINGS frames and also permitted clients to keep streams open without
reading/writing request/response data. By keeping streams open for
requests that utilised the Servlet API's blocking I/O, clients were able
to cause server-side threads to block eventually leading to thread
exhaustion and a DoS.
------------------------------------------------------------------------

Modified:
ofbiz/ofbiz-framework/branches/release18.12/ (props changed)
ofbiz/ofbiz-framework/branches/release18.12/build.gradle

Propchange: ofbiz/ofbiz-framework/branches/release18.12/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Mar 25 17:50:09 2019
@@ -10,4 +10,4 @@
/ofbiz/branches/json-integration-refactoring:1634077-1635900
/ofbiz/branches/multitenant20100310:921280-927264
/ofbiz/branches/release13.07:1547657
-/ofbiz/ofbiz-framework/trunk:1849931,1850015,1850023,1850530,1850647,1850685,1850694,1850711,1850914,1850918,1850921,1850948,1850953,1851006,1851013,1851068,1851074,1851130,1851158,1851200,1851224,1851247,1851254,1851315,1851319,1851350,1851353,1851433,1851500,1851805,1851885,1851998,1852503,1852587,1852818,1852882,1853070,1853109,1853691,1853745,1853750,1854306,1854457,1854683,1855078,1855083,1855287,1855371,1855403,1855488,1855492,1855497,1855501,1855898
+/ofbiz/ofbiz-framework/trunk:1849931,1850015,1850023,1850530,1850647,1850685,1850694,1850711,1850914,1850918,1850921,1850948,1850953,1851006,1851013,1851068,1851074,1851130,1851158,1851200,1851224,1851247,1851254,1851315,1851319,1851350,1851353,1851433,1851500,1851805,1851885,1851998,1852503,1852587,1852818,1852882,1853070,1853109,1853691,1853745,1853750,1854306,1854457,1854683,1855078,1855083,1855287,1855371,1855403,1855488,1855492,1855497,1855501,1855898,1856212

Modified: ofbiz/ofbiz-framework/branches/release18.12/build.gradle
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release18.12/build.gradle?rev=1856213&r1=1856212&r2=1856213&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release18.12/build.gradle (original)
+++ ofbiz/ofbiz-framework/branches/release18.12/build.gradle Mon Mar 25 17:50:09 2019
@@ -152,10 +152,10 @@ dependencies {
compile 'org.apache.sshd:sshd-core:1.7.0'
compile 'org.apache.tika:tika-core:1.20'
compile 'org.apache.tika:tika-parsers:1.20'
- compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.13'
- compile 'org.apache.tomcat:tomcat-catalina:9.0.13'
- compile 'org.apache.tomcat:tomcat-jasper:9.0.13'
- compile 'org.apache.tomcat:tomcat-tribes:9.0.13'
+ compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.16'
+ compile 'org.apache.tomcat:tomcat-catalina:9.0.16'
+ compile 'org.apache.tomcat:tomcat-jasper:9.0.16'
+ compile 'org.apache.tomcat:tomcat-tribes:9.0.16'
compile 'org.apache.xmlgraphics:fop:2.3'
compile 'org.apache.xmlrpc:xmlrpc-client:3.1.3'
compile 'org.apache.xmlrpc:xmlrpc-server:3.1.3'
@@ -198,9 +198,9 @@ dependencies {
// libs needed for junitreport
junitReport 'junit:junit:4.12'
junitReport 'org.apache.ant:ant-junit:1.10.5'
-
+
// bug workaround - see OFBIZ-9873
- asciidoctor 'org.jruby:jruby-complete:9.2.4.0'
+ asciidoctor 'org.jruby:jruby-complete:9.2.4.0'

// local libs
getDirectoryInActiveComponentsIfExists('lib').each { libDir ->
@@ -251,9 +251,9 @@ sourceSets {
exclude excludedConfigFiles
// Below are necessary for unit tests run by Gradle and integration tests
exclude { FileTreeElement elem -> elem.getName().contains('Labels.xml') }
- exclude { FileTreeElement elem -> elem.getName().contains('.properties') &&
- !elem.getName().contains('start.properties') &&
- !elem.getName().contains('load-data.properties') &&
+ exclude { FileTreeElement elem -> elem.getName().contains('.properties') &&
+ !elem.getName().contains('start.properties') &&
+ !elem.getName().contains('load-data.properties') &&
!elem.getName().contains('debug.properties') &&
!elem.getName().contains('cache.properties') &&
!elem.getName().contains('test.properties') &&
@@ -452,7 +452,7 @@ task createTenant(group: ofbizServer, de
'db-IP': project.hasProperty('dbIp')? dbIp : '',
'db-User': project.hasProperty('dbUser')? dbUser : '',
'db-Password': project.hasProperty('dbPassword')? dbPassword : '']
-
+
generateFileFromTemplate(databaseTemplateFile, 'runtime/tmp',
filterTokens, 'tmpFilteredTenantData.xml')
}
@@ -563,13 +563,13 @@ task generatePluginDocumentation(group:
def asciidocFolder = new File("${component}/src/docs/asciidoc")
if (asciidocFolder.exists()) {
copy {
- from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg"
+ from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg"
into "${component}/src/docs/asciidoc/images"
}
sourceDir file("${component}/src/docs/asciidoc")
outputDir file("${buildDir}/asciidoc/plugins/${component.name}")
doLast { println "Documentation generated for plugin ${component.name}" }
-
+
} else {
println "No documentation found for plugin ${component.name}"
}
@@ -581,21 +581,21 @@ task generatePluginDocumentation(group:
}
}

-task generateAllPluginsDocumentation(group: docsGroup,
+task generateAllPluginsDocumentation(group: docsGroup,
description: 'Generate all plugins documentation.') {
-
+
dependsOn deleteAllPluginsDocumentation
file("${pluginsDir}").eachDir { plugin ->
iterateOverActiveComponents { component ->
if (component.name == plugin.name) {
if (subprojectExists(":plugins:${plugin.name}")) {
- // Note: the "-" between "component.name" and "Documentation" allows to differentiate from
- // the other inner task temporary created by the generatePluginDocumentation task
- def pluginAsciidoc = task "${component.name}-Documentation" (type: AsciidoctorTask) {
+ // Note: the "-" between "component.name" and "Documentation" allows to differentiate from
+ // the other inner task temporary created by the generatePluginDocumentation task
+ def pluginAsciidoc = task "${component.name}-Documentation" (type: AsciidoctorTask) {
def asciidocFolder = new File("${component}/src/docs/asciidoc")
if (asciidocFolder.exists()) {
copy {
- from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg"
+ from "${rootDir}/docs/asciidoc/images/OFBiz-Logo.svg"
into "${component}/src/docs/asciidoc/images"
}
sourceDir file("${component}/src/docs/asciidoc")
@@ -604,7 +604,7 @@ task generateAllPluginsDocumentation(gro
}
mustRunAfter deleteAllPluginsDocumentation
}
-
+
dependsOn pluginAsciidoc
}
doLast { delete "${component}/src/docs/asciidoc/images/OFBiz-Logo.svg" }
@@ -712,7 +712,7 @@ task createPlugin(group: ofbizPlugin, de
['config', 'data/helpdata', 'dtd', 'documents', 'entitydef', 'lib', 'patches/test', 'patches/qa',
'patches/production', 'script', 'servicedef', 'src/main/java', 'src/test/java', 'testdef',
'widget', "webapp/${webappName}/error", "webapp/${webappName}/WEB-INF",
- "webapp/${webappName}/WEB-INF/actions"].each {
+ "webapp/${webappName}/WEB-INF/actions"].each {
mkdir pluginDir+'/'+it
}

@@ -737,7 +737,7 @@ task createPlugin(group: ofbizPlugin, de
[tempName:'Menus.xml', newName:"${pluginResourceName}Menus.xml", location:'widget'],
[tempName:'Forms.xml', newName:"${pluginResourceName}Forms.xml", location:'widget']
].each { tmpl ->
- generateFileFromTemplate(templateDir + '/' + tmpl.tempName,
+ generateFileFromTemplate(templateDir + '/' + tmpl.tempName,
pluginDir + '/' + tmpl.location, filterTokens, tmpl.newName)
}

@@ -872,7 +872,7 @@ task pullPlugin(group: ofbizPlugin, desc
// reverse the order of dependencies to install them before the plugin
def ofbizPluginArchives = new ArrayList(configurations.ofbizPlugins.files)
Collections.reverse(ofbizPluginArchives)
-
+
// Extract and install plugin and dependencies
ofbizPluginArchives.each { pluginArchive ->
ext.pluginId = dependencyId.tokenize(':').get(1)
@@ -900,7 +900,7 @@ task pullPluginSource(group: ofbizPlugin
}
}

-task pullAllPluginsSource(group: ofbizPlugin,
+task pullAllPluginsSource(group: ofbizPlugin,
description: 'Download and install all plugins from source control. Warning! deletes existing plugins') {

task deleteBeforePulling {
@@ -965,7 +965,7 @@ task cleanUploads(group: cleanupGroup, d
}
task cleanXtra(group: cleanupGroup, description: 'Clean extra generated files like .rej, .DS_Store, etc.') {
doLast {
- delete fileTree(dir: "${rootDir}",
+ delete fileTree(dir: "${rootDir}",
includes: ['**/.nbattrs', '**/*~','**/.#*', '**/.DS_Store', '**/*.rej', '**/*.orig'])
}
}