packages/jakarta-commons-httpclient
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Package init

Browse Source 
Signed-off-by: eulerstorage <eulerstorage@huawei.com>
This commit is contained in:
eulerstorage 2019-12-17 16:27:35 +08:00
parent d3010025c2
commit 6998da6d81
9 changed files with 904 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
commons-httpclient-3.1-src.tar.gz Normal file
View File

Binary file not shown.

254
commons-httpclient-3.1.pom Normal file
View File

@ -0,0 +1,254 @@
<?xml version="1.0" encoding="UTF-8"?><project>
<modelVersion>4.0.0</modelVersion>
<groupId>commons-httpclient</groupId>
<artifactId>commons-httpclient</artifactId>
<name>HttpClient</name>
<version>3.1</version>
<description>The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.</description>
<url>http://jakarta.apache.org/httpcomponents/httpclient-3.x/</url>
<issueManagement>
<url>http://issues.apache.org/jira/browse/HTTPCLIENT</url>
</issueManagement>
<ciManagement>
<notifiers>
<notifier>
<configuration>
<address>httpcomponents-dev@jakarta.apache.org</address>
</configuration>
</notifier>
</notifiers>
</ciManagement>
<inceptionYear>2001</inceptionYear>
<mailingLists>
<mailingList>
<name>HttpComponents Developer List</name>
<subscribe>httpcomponents-dev-subscribe@jakarta.apache.org</subscribe>
<unsubscribe>httpcomponents-dev-unsubscribe@jakarta.apache.org</unsubscribe>
<archive>http://mail-archives.apache.org/mod_mbox/jakarta-httpcomponents-dev/</archive>
</mailingList>
<mailingList>
<name>HttpClient User List</name>
<subscribe>httpclient-user-subscribe@jakarta.apache.org</subscribe>
<unsubscribe>httpclient-user-unsubscribe@jakarta.apache.org</unsubscribe>
<archive>http://mail-archives.apache.org/mod_mbox/jakarta-httpclient-user/</archive>
</mailingList>
</mailingLists>
<developers>
<developer>
<id>mbecke</id>
<name>Michael Becke</name>
<email>mbecke -at- apache.org</email>
<organization></organization>
<roles>
<role>Release Prime</role>
<role>Java Developer</role>
</roles>
</developer>
<developer>
<id>jsdever</id>
<name>Jeff Dever</name>
<email>jsdever -at- apache.org</email>
<organization>Independent consultant</organization>
<roles>
<role>2.0 Release Prime</role>
<role>Java Developer</role>
</roles>
</developer>
<developer>
<id>dion</id>
<name>dIon Gillard</name>
<email>dion -at- apache.org</email>
<organization>Multitask Consulting</organization>
<roles>
<role>Java Developer</role>
</roles>
</developer>
<developer>
<id>oglueck</id>
<name>Ortwin Glueck</name>
<email>oglueck -at- apache.org</email>
<url>http://www.odi.ch/</url>
<organization></organization>
<roles>
<role>Java Developer</role>
</roles>
</developer>
<developer>
<id>jericho</id>
<name>Sung-Gu</name>
<email>jericho -at- apache.org</email>
<organization></organization>
<roles>
<role>Java Developer</role>
</roles>
</developer>
<developer>
<id>olegk</id>
<name>Oleg Kalnichevski</name>
<email>olegk -at- apache.org</email>
<roles>
<role>Java Developer</role>
</roles>
</developer>
<developer>
<id>sullis</id>
<name>Sean C. Sullivan</name>
<email>sullis -at- apache.org</email>
<organization>Independent consultant</organization>
<roles>
<role>Java Developer</role>
</roles>
</developer>
<developer>
<id>adrian</id>
<name>Adrian Sutton</name>
<email>adrian.sutton -at- ephox.com</email>
<organization>Intencha</organization>
<roles>
<role>Java Developer</role>
</roles>
</developer>
<developer>
<id>rwaldhoff</id>
<name>Rodney Waldhoff</name>
<email>rwaldhoff -at- apache</email>
<organization>Britannica</organization>
<roles>
<role>Java Developer</role>
</roles>
</developer>
</developers>
<contributors>
<contributor>
<name>Armando Anton</name>
<email>armando.anton -at- newknow.com</email>
</contributor>
<contributor>
<name>Sebastian Bazley</name>
<email>sebb -at- apache.org</email>
</contributor>
<contributor>
<name>Ola Berg</name>
<email></email>
</contributor>
<contributor>
<name>Sam Berlin</name>
<email>sberlin -at- limepeer.com</email>
</contributor>
<contributor>
<name>Mike Bowler</name>
<email></email>
</contributor>
<contributor>
<name>Samit Jain</name>
<email>jain.samit -at- gmail.com</email>
</contributor>
<contributor>
<name>Eric Johnson</name>
<email>eric -at- tibco.com</email>
</contributor>
<contributor>
<name>Christian Kohlschuetter</name>
<email>ck -at- newsclub.de</email>
</contributor>
<contributor>
<name>Ryan Lubke</name>
<email>Ryan.Lubke -at- Sun.COM</email>
</contributor>
<contributor>
<name>Sam Maloney</name>
<email>sam.maloney -at- filogix.com</email>
</contributor>
<contributor>
<name>Rob Di Marco</name>
<email>rdimarco -at- hmsonline.com</email>
</contributor>
<contributor>
<name>Juergen Pill</name>
<email>Juergen.Pill -at- softwareag.com</email>
</contributor>
<contributor>
<name>Mohammad Rezaei</name>
<email>mohammad.rezaei -at- gs.com</email>
</contributor>
<contributor>
<name>Roland Weber</name>
<email>rolandw -at- apache.org</email>
</contributor>
<contributor>
<name>Laura Werner</name>
<email>laura -at- lwerner.org</email>
</contributor>
<contributor>
<name>Mikael Wilstrom</name>
<email>mikael.wikstrom -at- it.su.se</email>
</contributor>
</contributors>
<licenses>
<license>
<name>Apache License</name>
<url>http://www.apache.org/licenses/LICENSE-2.0</url>
</license>
</licenses>
<scm>
<connection>scm:svn:http://svn.apache.org/repos/asf/jakarta/httpcomponents/oac.hc3x/trunk</connection>
<url>http://svn.apache.org/repos/asf/jakarta/httpcomponents/oac.hc3x/trunk</url>
</scm>
<organization>
<name>Apache Software Foundation</name>
<url>http://jakarta.apache.org/</url>
</organization>
<build>
<sourceDirectory>src/java</sourceDirectory>
<testSourceDirectory>src/test</testSourceDirectory>
<resources>
<resource>
<directory>src/resources</directory>
</resource>
</resources>
<testResources>
<testResource>
<directory>src/test</directory>
<includes>
<include>**/*.keystore</include>
</includes>
</testResource>
</testResources>
<plugins>
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<includes>
<include>**/TestAll.java</include>
</includes>
</configuration>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.0.4</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.2</version>
</dependency>
</dependencies>
<distributionManagement>
<site>
<id>default</id>
<name>Default Site</name>
<url>scp://people.apache.org//www/jakarta.apache.org/httpcomponents/httpclient-3.x/</url>
</site>
<status>converted</status>
</distributionManagement>
</project>

373
jakarta-commons-httpclient-CVE-2012-5783.patch Normal file
View File

@ -0,0 +1,373 @@
Index: oac.hc3x/trunk/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
===================================================================
diff -u -N -r608014 -r1422573
--- oac.hc3x/trunk/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java (.../SSLProtocolSocketFactory.java) (revision 608014)
+++ oac.hc3x/trunk/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java (.../SSLProtocolSocketFactory.java) (revision 1422573)
@@ -31,10 +31,25 @@
package org.apache.commons.httpclient.protocol;
import java.io.IOException;
+import java.io.InputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateParsingException;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Locale;
+import java.util.StringTokenizer;
+import java.util.regex.Pattern;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.commons.httpclient.ConnectTimeoutException;
@@ -55,6 +70,11 @@
*/
private static final SSLProtocolSocketFactory factory = new SSLProtocolSocketFactory();
+ // This is a a sorted list, if you insert new elements do it orderdered.
+ private final static String[] BAD_COUNTRY_2LDS =
+ {"ac", "co", "com", "ed", "edu", "go", "gouv", "gov", "info",
+ "lg", "ne", "net", "or", "org"};
+
/**
* Gets an singleton instance of the SSLProtocolSocketFactory.
* @return a SSLProtocolSocketFactory
@@ -79,12 +99,14 @@
InetAddress clientHost,
int clientPort)
throws IOException, UnknownHostException {
- return SSLSocketFactory.getDefault().createSocket(
+ Socket sslSocket = SSLSocketFactory.getDefault().createSocket(
host,
port,
clientHost,
clientPort
);
+ verifyHostName(host, (SSLSocket) sslSocket);
+ return sslSocket;
}
/**
@@ -124,16 +146,19 @@
}
int timeout = params.getConnectionTimeout();
if (timeout == 0) {
- return createSocket(host, port, localAddress, localPort);
+ Socket sslSocket = createSocket(host, port, localAddress, localPort);
+ verifyHostName(host, (SSLSocket) sslSocket);
+ return sslSocket;
} else {
// To be eventually deprecated when migrated to Java 1.4 or above
- Socket socket = ReflectionSocketFactory.createSocket(
+ Socket sslSocket = ReflectionSocketFactory.createSocket(
"javax.net.ssl.SSLSocketFactory", host, port, localAddress, localPort, timeout);
- if (socket == null) {
- socket = ControllerThreadSocketFactory.createSocket(
+ if (sslSocket == null) {
+ sslSocket = ControllerThreadSocketFactory.createSocket(
this, host, port, localAddress, localPort, timeout);
}
- return socket;
+ verifyHostName(host, (SSLSocket) sslSocket);
+ return sslSocket;
}
}
@@ -142,10 +167,12 @@
*/
public Socket createSocket(String host, int port)
throws IOException, UnknownHostException {
- return SSLSocketFactory.getDefault().createSocket(
+ Socket sslSocket = SSLSocketFactory.getDefault().createSocket(
host,
port
);
+ verifyHostName(host, (SSLSocket) sslSocket);
+ return sslSocket;
}
/**
@@ -157,15 +184,273 @@
int port,
boolean autoClose)
throws IOException, UnknownHostException {
- return ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket(
+ Socket sslSocket = ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket(
socket,
host,
port,
autoClose
);
+ verifyHostName(host, (SSLSocket) sslSocket);
+ return sslSocket;
}
+
+
+
/**
+ * Verifies that the given hostname in certicifate is the hostname we are trying to connect to
+ * http://www.cvedetails.com/cve/CVE-2012-5783/
+ * @param host
+ * @param ssl
+ * @throws IOException
+ */
+
+ private static void verifyHostName(String host, SSLSocket ssl)
+ throws IOException {
+ if (host == null) {
+ throw new IllegalArgumentException("host to verify was null");
+ }
+
+ SSLSession session = ssl.getSession();
+ if (session == null) {
+ // In our experience this only happens under IBM 1.4.x when
+ // spurious (unrelated) certificates show up in the server's chain.
+ // Hopefully this will unearth the real problem:
+ InputStream in = ssl.getInputStream();
+ in.available();
+ /*
+ If you're looking at the 2 lines of code above because you're
+ running into a problem, you probably have two options:
+
+ #1. Clean up the certificate chain that your server
+ is presenting (e.g. edit "/etc/apache2/server.crt" or
+ wherever it is your server's certificate chain is
+ defined).
+
+ OR
+
+ #2. Upgrade to an IBM 1.5.x or greater JVM, or switch to a
+ non-IBM JVM.
+ */
+
+ // If ssl.getInputStream().available() didn't cause an exception,
+ // maybe at least now the session is available?
+ session = ssl.getSession();
+ if (session == null) {
+ // If it's still null, probably a startHandshake() will
+ // unearth the real problem.
+ ssl.startHandshake();
+
+ // Okay, if we still haven't managed to cause an exception,
+ // might as well go for the NPE. Or maybe we're okay now?
+ session = ssl.getSession();
+ }
+ }
+
+ Certificate[] certs = session.getPeerCertificates();
+ verifyHostName(host.trim().toLowerCase(Locale.US), (X509Certificate) certs[0]);
+ }
+ /**
+ * Extract the names from the certificate and tests host matches one of them
+ * @param host
+ * @param cert
+ * @throws SSLException
+ */
+
+ private static void verifyHostName(final String host, X509Certificate cert)
+ throws SSLException {
+ // I'm okay with being case-insensitive when comparing the host we used
+ // to establish the socket to the hostname in the certificate.
+ // Don't trim the CN, though.
+
+ String cn = getCN(cert);
+ String[] subjectAlts = getDNSSubjectAlts(cert);
+ verifyHostName(host, cn.toLowerCase(Locale.US), subjectAlts);
+
+ }
+
+ /**
+ * Extract all alternative names from a certificate.
+ * @param cert
+ * @return
+ */
+ private static String[] getDNSSubjectAlts(X509Certificate cert) {
+ LinkedList subjectAltList = new LinkedList();
+ Collection c = null;
+ try {
+ c = cert.getSubjectAlternativeNames();
+ } catch (CertificateParsingException cpe) {
+ // Should probably log.debug() this?
+ cpe.printStackTrace();
+ }
+ if (c != null) {
+ Iterator it = c.iterator();
+ while (it.hasNext()) {
+ List list = (List) it.next();
+ int type = ((Integer) list.get(0)).intValue();
+ // If type is 2, then we've got a dNSName
+ if (type == 2) {
+ String s = (String) list.get(1);
+ subjectAltList.add(s);
+ }
+ }
+ }
+ if (!subjectAltList.isEmpty()) {
+ String[] subjectAlts = new String[subjectAltList.size()];
+ subjectAltList.toArray(subjectAlts);
+ return subjectAlts;
+ } else {
+ return new String[0];
+ }
+
+ }
+ /**
+ * Verifies
+ * @param host
+ * @param cn
+ * @param subjectAlts
+ * @throws SSLException
+ */
+
+ private static void verifyHostName(final String host, String cn, String[] subjectAlts)throws SSLException{
+ StringBuffer cnTested = new StringBuffer();
+
+ for (int i = 0; i < subjectAlts.length; i++){
+ String name = subjectAlts[i];
+ if (name != null) {
+ name = name.toLowerCase();
+ if (verifyHostName(host, name)){
+ return;
+ }
+ cnTested.append("/").append(name);
+ }
+ }
+ if (cn != null && verifyHostName(host, cn)){
+ return;
+ }
+ cnTested.append("/").append(cn);
+ throw new SSLException("hostname in certificate didn't match: <"
+ + host + "> != <" + cnTested + ">");
+
+ }
+
+ private static boolean verifyHostName(final String host, final String cn){
+ if (doWildCard(cn) && !isIPAddress(host)) {
+ return matchesWildCard(cn, host);
+ }
+ return host.equalsIgnoreCase(cn);
+ }
+ private static boolean doWildCard(String cn) {
+ // Contains a wildcard
+ // wildcard in the first block
+ // not an ipaddress (ip addres must explicitily be equal)
+ // not using 2nd level common tld : ex: not for *.co.uk
+ String parts[] = cn.split("\\.");
+ return parts.length >= 3 &&
+ parts[0].endsWith("*") &&
+ acceptableCountryWildcard(cn) &&
+ !isIPAddress(cn);
+ }
+
+
+ private static final Pattern IPV4_PATTERN =
+ Pattern.compile("^(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}$");
+
+ private static final Pattern IPV6_STD_PATTERN =
+ Pattern.compile("^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$");
+
+ private static final Pattern IPV6_HEX_COMPRESSED_PATTERN =
+ Pattern.compile("^((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)::((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)$");
+
+
+ private static boolean isIPAddress(final String hostname) {
+ return hostname != null
+ && (
+ IPV4_PATTERN.matcher(hostname).matches()
+ || IPV6_STD_PATTERN.matcher(hostname).matches()
+ || IPV6_HEX_COMPRESSED_PATTERN.matcher(hostname).matches()
+ );
+
+ }
+
+ private static boolean acceptableCountryWildcard(final String cn) {
+ // The CN better have at least two dots if it wants wildcard action,
+ // but can't be [*.co.uk] or [*.co.jp] or [*.org.uk], etc...
+ // The [*.co.uk] problem is an interesting one. Should we just
+ // hope that CA's would never foolishly allow such a
+ // certificate to happen?
+
+ String[] parts = cn.split("\\.");
+ // Only checks for 3 levels, with country code of 2 letters.
+ if (parts.length > 3 || parts[parts.length - 1].length() != 2) {
+ return true;
+ }
+ String countryCode = parts[parts.length - 2];
+ return Arrays.binarySearch(BAD_COUNTRY_2LDS, countryCode) < 0;
+ }
+
+ private static boolean matchesWildCard(final String cn,
+ final String hostName) {
+ String parts[] = cn.split("\\.");
+ boolean match = false;
+ String firstpart = parts[0];
+ if (firstpart.length() > 1) {
+ // server
+ // e.g. server
+ String prefix = firstpart.substring(0, firstpart.length() - 1);
+ // skipwildcard part from cn
+ String suffix = cn.substring(firstpart.length());
+ // skip wildcard part from host
+ String hostSuffix = hostName.substring(prefix.length());
+ match = hostName.startsWith(prefix) && hostSuffix.endsWith(suffix);
+ } else {
+ match = hostName.endsWith(cn.substring(1));
+ }
+ if (match) {
+ // I f we're in strict mode ,
+ // [ .foo.com] is not allowed to match [a.b.foo.com]
+ match = countDots(hostName) == countDots(cn);
+ }
+ return match;
+ }
+
+ private static int countDots(final String data) {
+ int dots = 0;
+ for (int i = 0; i < data.length(); i++) {
+ if (data.charAt(i) == '.') {
+ dots += 1;
+ }
+ }
+ return dots;
+ }
+
+ private static String getCN(X509Certificate cert) {
+ // Note: toString() seems to do a better job than getName()
+ //
+ // For example, getName() gives me this:
+ // 1.2.840.113549.1.9.1=#16166a756c6975736461766965734063756362632e636f6d
+ //
+ // whereas toString() gives me this:
+ // EMAILADDRESS=juliusdavies@cucbc.com
+ String subjectPrincipal = cert.getSubjectX500Principal().toString();
+
+ return getCN(subjectPrincipal);
+
+ }
+ private static String getCN(String subjectPrincipal) {
+ StringTokenizer st = new StringTokenizer(subjectPrincipal, ",");
+ while(st.hasMoreTokens()) {
+ String tok = st.nextToken().trim();
+ if (tok.length() > 3) {
+ if (tok.substring(0, 3).equalsIgnoreCase("CN=")) {
+ return tok.substring(3);
+ }
+ }
+ }
+ return null;
+ }
+
+ /**
* All instances of SSLProtocolSocketFactory are the same.
*/
public boolean equals(Object obj) {

80
jakarta-commons-httpclient-CVE-2014-3577.patch Normal file
View File

@ -0,0 +1,80 @@
diff --git a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
index fa0acc7..e6ce513 100644
--- a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
+++ b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
@@ -44,9 +44,15 @@ import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
-import java.util.StringTokenizer;
+import java.util.NoSuchElementException;
import java.util.regex.Pattern;
+import javax.naming.InvalidNameException;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
@@ -424,28 +430,39 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory {
return dots;
}
- private static String getCN(X509Certificate cert) {
- // Note: toString() seems to do a better job than getName()
- //
- // For example, getName() gives me this:
- // 1.2.840.113549.1.9.1=#16166a756c6975736461766965734063756362632e636f6d
- //
- // whereas toString() gives me this:
- // EMAILADDRESS=juliusdavies@cucbc.com
- String subjectPrincipal = cert.getSubjectX500Principal().toString();
-
- return getCN(subjectPrincipal);
-
+ private static String getCN(final X509Certificate cert) {
+ final String subjectPrincipal = cert.getSubjectX500Principal().toString();
+ try {
+ return extractCN(subjectPrincipal);
+ } catch (SSLException ex) {
+ return null;
+ }
}
- private static String getCN(String subjectPrincipal) {
- StringTokenizer st = new StringTokenizer(subjectPrincipal, ",");
- while(st.hasMoreTokens()) {
- String tok = st.nextToken().trim();
- if (tok.length() > 3) {
- if (tok.substring(0, 3).equalsIgnoreCase("CN=")) {
- return tok.substring(3);
+
+ private static String extractCN(final String subjectPrincipal) throws SSLException {
+ if (subjectPrincipal == null) {
+ return null;
+ }
+ try {
+ final LdapName subjectDN = new LdapName(subjectPrincipal);
+ final List<Rdn> rdns = subjectDN.getRdns();
+ for (int i = rdns.size() - 1; i >= 0; i--) {
+ final Rdn rds = rdns.get(i);
+ final Attributes attributes = rds.toAttributes();
+ final Attribute cn = attributes.get("cn");
+ if (cn != null) {
+ try {
+ final Object value = cn.get();
+ if (value != null) {
+ return value.toString();
+ }
+ } catch (NoSuchElementException ignore) {
+ } catch (NamingException ignore) {
+ }
}
}
+ } catch (InvalidNameException e) {
+ throw new SSLException(subjectPrincipal + " is not a valid X500 distinguished name");
}
return null;
}

23
jakarta-commons-httpclient-CVE-2015-5262.patch Normal file
View File

@ -0,0 +1,23 @@
diff --git a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
index e6ce513..b7550a2 100644
--- a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
+++ b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
@@ -152,7 +152,9 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory {
}
int timeout = params.getConnectionTimeout();
if (timeout == 0) {
- Socket sslSocket = createSocket(host, port, localAddress, localPort);
+ Socket sslSocket = SSLSocketFactory.getDefault().createSocket(
+ host, port, localAddress, localPort);
+ sslSocket.setSoTimeout(params.getSoTimeout());
verifyHostName(host, (SSLSocket) sslSocket);
return sslSocket;
} else {
@@ -163,6 +165,7 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory {
sslSocket = ControllerThreadSocketFactory.createSocket(
this, host, port, localAddress, localPort, timeout);
}
+ sslSocket.setSoTimeout(params.getSoTimeout());
verifyHostName(host, (SSLSocket) sslSocket);
return sslSocket;
}

31
jakarta-commons-httpclient-addosgimanifest.patch Normal file
View File

@ -0,0 +1,31 @@
--- MANIFEST.MF 2007-09-06 12:31:02.000000000 -0400
+++ MANIFEST.MF 2007-09-06 12:30:45.000000000 -0400
@@ -3,4 +3,27 @@
Specification-Version: 1.0
Implementation-Vendor: Apache Software Foundation
Implementation-Version: @version@
-
+Bundle-ManifestVersion: 2
+Bundle-Name: %bundleName
+Bundle-SymbolicName: org.apache.commons.httpclient
+Bundle-Version: 3.1.0.v20080605-1935
+Import-Package: javax.crypto;resolution:=optional,
+ javax.crypto.spec;resolution:=optional,
+ javax.net;resolution:=optional,
+ javax.net.ssl;resolution:=optional,
+ org.apache.commons.codec;version="[1.2.0,2.0.0)",
+ org.apache.commons.codec.binary;version="[1.2.0,2.0.0)",
+ org.apache.commons.codec.net;version="[1.2.0,2.0.0)",
+ org.apache.commons.logging;version="[1.0.4,2.0.0)"
+Export-Package: org.apache.commons.httpclient;version="3.1.0",
+ org.apache.commons.httpclient.auth;version="3.1.0",
+ org.apache.commons.httpclient.cookie;version="3.1.0",
+ org.apache.commons.httpclient.methods;version="3.1.0",
+ org.apache.commons.httpclient.methods.multipart;version="3.1.0",
+ org.apache.commons.httpclient.params;version="3.1.0",
+ org.apache.commons.httpclient.protocol;version="3.1.0",
+ org.apache.commons.httpclient.util;version="3.1.0"
+Bundle-Vendor: %bundleProvider
+Bundle-Localization: plugin
+Bundle-RequiredExecutionEnvironment: CDC-1.0/Foundation-1.0,
+ J2SE-1.2

20
jakarta-commons-httpclient-disablecryptotests.patch Normal file
View File

@ -0,0 +1,20 @@
--- ./src/test/org/apache/commons/httpclient/params/TestParamsAll.java.sav 2006-07-20 18:42:17.000000000 -0400
+++ ./src/test/org/apache/commons/httpclient/params/TestParamsAll.java 2006-07-20 18:42:26.000000000 -0400
@@ -43,7 +43,6 @@
public static Test suite() {
TestSuite suite = new TestSuite();
suite.addTest(TestHttpParams.suite());
- suite.addTest(TestSSLTunnelParams.suite());
return suite;
}
--- ./src/test/org/apache/commons/httpclient/TestAll.java.sav 2006-07-20 18:42:56.000000000 -0400
+++ ./src/test/org/apache/commons/httpclient/TestAll.java 2006-07-20 18:43:01.000000000 -0400
@@ -100,7 +100,6 @@
// Non compliant behaviour
suite.addTest(TestNoncompliant.suite());
// Proxy
- suite.addTest(TestProxy.suite());
suite.addTest(TestProxyWithRedirect.suite());
return suite;
}

34
jakarta-commons-httpclient-encoding.patch Normal file
View File

@ -0,0 +1,34 @@
--- build.xml 2007-08-18 05:02:14.000000000 -0400
+++ build.xml 2012-01-23 09:52:50.405796336 -0500
@@ -179,6 +179,7 @@
description="Compile shareable components">
<javac srcdir ="${source.home}/java"
destdir ="${build.home}/classes"
+ encoding ="ISO-8859-1"
debug ="${compile.debug}"
deprecation ="${compile.deprecation}"
optimize ="${compile.optimize}">
@@ -186,6 +187,7 @@
</javac>
<javac srcdir ="${source.home}/examples"
destdir ="${build.home}/examples"
+ encoding ="ISO-8859-1"
debug ="${compile.debug}"
deprecation ="${compile.deprecation}"
optimize ="${compile.optimize}">
@@ -197,6 +199,7 @@
description="Compile unit test cases">
<javac srcdir ="${test.home}"
destdir ="${build.home}/tests"
+ encoding ="ISO-8859-1"
debug ="${compile.debug}"
deprecation ="${compile.deprecation}"
optimize ="${compile.optimize}">
@@ -244,6 +244,7 @@
<mkdir dir="${dist.home}/docs/api"/>
<javadoc sourcepath ="${source.home}/java"
destdir ="${dist.home}/docs/api"
+ encoding ="ISO-8859-1"
packagenames ="org.apache.commons.*"
author ="true"
protected ="true"

89
jakarta-commons-httpclient.spec Normal file
View File

@ -0,0 +1,89 @@
Name: jakarta-commons-httpclient
Version: 3.1
Release: 30
Epoch: 1
Summary: Implement the client side of HTTP standards
License: ASL 2.0 and (ASL 2.0 or LGPLv2+)
URL: http://jakarta.apache.org/commons/httpclient/
Source0: http://archive.apache.org/dist/httpcomponents/commons-httpclient/source/commons-httpclient-3.1-src.tar.gz
Source1: http://repo.maven.apache.org/maven2/commons-httpclient/commons-httpclient/%{version}/commons-httpclient-%{version}.pom
Patch0: %{name}-disablecryptotests.patch
Patch1: %{name}-addosgimanifest.patch
Patch2: %{name}-encoding.patch
Patch3: %{name}-CVE-2012-5783.patch
Patch4: %{name}-CVE-2014-3577.patch
Patch5: %{name}-CVE-2015-5262.patch
BuildArch: noarch
BuildRequires: maven-local, ant, apache-commons-codec, apache-commons-logging >= 0:1.0.3
BuildRequires: apache-commons-logging-javadoc, java-javadoc, junit
Requires: java-headless, apache-commons-logging >= 0:1.0.3, apache-commons-codec
Provides: %{name}-javadoc%{?_isa} %{name}-javadoc
Obsoletes: %{name}-javadoc
Provides: %{name}-demo%{?_isa} %{name}-demo
Obsoletes: %{name}-demo
Provides: %{name}-manual%{?_isa} %{name}-manual
Obsoletes: %{name}-manual
%description
The Hyper-Text Transfer Protocol (HTTP) is perhaps the most significant protocol used on the Internet today.
Web services, network-enabled appliances and the growth of network computing continue to expand the role of
the HTTP protocol beyond user-driven web browsers, while increasing the number of applications that require
HTTP support.
Designed for extension while providing robust support for the base HTTP protocol, the HttpComponents may be
of interest to anyone building HTTP-aware client and server applications such as web browsers, web spiders,
HTTP proxies, web service transport libraries, or systems that leverage or extend the HTTP protocol for
distributed communication.
%prep
%setup -q -n commons-httpclient-%{version}
install -d lib
build-jar-repository -p lib commons-codec commons-logging junit
rm -rf docs/apidocs docs/*.patch docs/*.orig docs/*.rej
%patch0
cd src/conf
%{__sed} -i 's/\r//' MANIFEST.MF
%patch1
cd -
%patch2
%patch3 -p2
%patch4 -p1
%patch5 -p1
cd src
for j in $(find . -name "*.java" -exec grep -l 'com\.sun\.net\.ssl' {} \;); do
sed -e 's|com\.sun\.net\.ssl|javax.net.ssl|' $j > tempf
cp tempf $j
done
rm tempf
cd -
%mvn_alias : apache:commons-httpclient
%mvn_file ":{*}" jakarta-@1 "@1" commons-httpclient3
%build
ant -Dbuild.sysclasspath=first -Djavadoc.j2sdk.link=%{_javadocdir}/java -Djavadoc.logging.link=%{_javadocdir}/jakarta-commons-logging \
-Dtest.failonerror=false -Djavac.encoding=UTF-8 dist test
%install
%mvn_artifact %{SOURCE1} dist/commons-httpclient.jar
%mvn_install -J dist/docs/api
install -d $RPM_BUILD_ROOT%{_datadir}/%{name}
cp -pr src/examples src/contrib $RPM_BUILD_ROOT%{_datadir}/%{name}
rm -Rf dist/docs/{api,BUILDING.txt,TESTING.txt}
ln -s %{_javadocdir}/%{name} dist/docs/apidocs
%files -f .mfiles
%doc NOTICE README RELEASE_NOTES dist/docs/*
%license LICENSE
%{_javadocdir}/%{name}/*
%{_datadir}/%{name}
%changelog
* Mon Dec 9 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:3.1-30
- Package init