packages/xalan-j2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Package init

Browse Source
This commit is contained in:
dogsheng 2019-12-14 21:52:10 +08:00
parent 59b651786d
commit e93eb73b3e
12 changed files with 494 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
README.en.md
View File

@ -1,36 +0,0 @@
# xalan-j2
#### Description
{**When you're done, you can delete the content in this README and update the file with details for others getting started with your repository**}
#### Software Architecture
Software architecture description
#### Installation
1. xxxx
2. xxxx
3. xxxx
#### Instructions
1. xxxx
2. xxxx
3. xxxx
#### Contribution
1. Fork the repository
2. Create Feat_xxx branch
3. Commit your code
4. Create Pull Request
#### Gitee Feature
1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md
2. Gitee blog [blog.gitee.com](https://blog.gitee.com)
3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore)
4. The most valuable open source project [GVP](https://gitee.com/gvp)
5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help)
6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

39
README.md
View File

@ -1,39 +0,0 @@
# xalan-j2
#### 介绍
{**以下是码云平台说明,您可以替换此简介**
码云是 OSCHINA 推出的基于 Git 的代码托管平台(同时支持 SVN。专为开发者提供稳定、高效、安全的云端软件开发协作平台
无论是个人、团队、或是企业,都能够用码云实现代码托管、项目管理、协作开发。企业项目请看 [https://gitee.com/enterprises](https://gitee.com/enterprises)}
#### 软件架构
软件架构说明
#### 安装教程
1. xxxx
2. xxxx
3. xxxx
#### 使用说明
1. xxxx
2. xxxx
3. xxxx
#### 参与贡献
1. Fork 本仓库
2. 新建 Feat_xxx 分支
3. 提交代码
4. 新建 Pull Request
#### 码云特技
1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md
2. 码云官方博客 [blog.gitee.com](https://blog.gitee.com)
3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解码云上的优秀开源项目
4. [GVP](https://gitee.com/gvp) 全称是码云最有价值开源项目,是码云综合评定出的优秀开源项目
5. 码云官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help)
6. 码云封面人物是一档用来展示码云会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

22
generate-tarball.sh Normal file
View File

@ -0,0 +1,22 @@
#!/bin/bash
set -e
name=xalan-j2
version="$(sed -n 's/Version:\s*//p' *.spec)"
# RETRIEVE
wget "http://archive.apache.org/dist/xml/xalan-j/xalan-j_${version//./_}-src.tar.gz" -O "${name}-${version}.orig.tar.gz"
rm -rf tarball-tmp
mkdir tarball-tmp
cd tarball-tmp
tar xf "../${name}-${version}.orig.tar.gz"
# CLEAN TARBALL
find -name '*.jar' -delete
find -name '*.class' -delete
rm */src/*.tar.gz
tar cf "../${name}-${version}.tar.gz" *
cd ..
rm -r tarball-tmp "${name}-${version}.orig.tar.gz"

39
serializer-2.7.1.pom Normal file
View File

@ -0,0 +1,39 @@
<?xml version="1.0" encoding="UTF-8"?>
<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.apache</groupId>
<artifactId>apache</artifactId>
<version>4</version>
</parent>
<groupId>xalan</groupId>
<artifactId>serializer</artifactId>
<version>2.7.1</version>
<name>Xalan Java Serializer</name>
<description>
Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input
SAX events.
</description>
<url>http://xml.apache.org/xalan-j/</url>
<dependencies>
<dependency>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
<version>1.3.04</version>
</dependency>
<dependency>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
<version>2.9.0</version>
<optional>true</optional>
</dependency>
</dependencies>
</project>

41
xalan-2.7.1.pom Normal file
View File

@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?>
<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.apache</groupId>
<artifactId>apache</artifactId>
<version>4</version>
</parent>
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<version>2.7.1</version>
<name>Xalan Java</name>
<description>
Xalan-Java is an XSLT processor for transforming XML documents into HTML,
text, or other XML document types. It implements XSL Transformations (XSLT)
Version 1.0 and XML Path Language (XPath) Version 1.0 and can be used from
the command line, in an applet or a servlet, or as a module in other program.
</description>
<url>http://xml.apache.org/xalan-j/</url>
<dependencies>
<dependency>
<groupId>xalan</groupId>
<artifactId>serializer</artifactId>
<version>2.7.1</version>
</dependency>
<dependency>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
<version>2.9.0</version>
<optional>true</optional>
</dependency>
</dependencies>
</project>

BIN
xalan-j2-2.7.1.tar.gz Normal file
View File

Binary file not shown.

148
xalan-j2-CVE-2014-0107.patch Normal file
View File

@ -0,0 +1,148 @@
diff --git a/src/org/apache/xalan/processor/TransformerFactoryImpl.java b/src/org/apache/xalan/processor/TransformerFactoryImpl.java
index 1298943..96a5e58 100644
--- a/src/org/apache/xalan/processor/TransformerFactoryImpl.java
+++ b/src/org/apache/xalan/processor/TransformerFactoryImpl.java
@@ -335,6 +335,10 @@ public class TransformerFactoryImpl extends SAXTransformerFactory
reader = XMLReaderFactory.createXMLReader();
}
+ if(m_isSecureProcessing)
+ {
+ reader.setFeature("http://xml.org/sax/features/external-general-entities",false);
+ }
// Need to set options!
reader.setContentHandler(handler);
reader.parse(isource);
diff --git a/src/org/apache/xalan/processor/XSLTElementProcessor.java b/src/org/apache/xalan/processor/XSLTElementProcessor.java
index b946743..17b7395 100644
--- a/src/org/apache/xalan/processor/XSLTElementProcessor.java
+++ b/src/org/apache/xalan/processor/XSLTElementProcessor.java
@@ -338,17 +338,31 @@ public class XSLTElementProcessor extends ElemTemplateElement
}
else
{
- // Can we switch the order here:
-
- boolean success = attrDef.setAttrValue(handler, attrUri, attrLocalName,
- attributes.getQName(i), attributes.getValue(i),
- target);
-
- // Now we only add the element if it passed a validation check
- if (success)
- processedDefs.add(attrDef);
- else
- errorDefs.add(attrDef);
+ //handle secure processing
+ if(handler.getStylesheetProcessor()==null)
+ System.out.println("stylesheet processor null");
+ if(attrDef.getName().compareTo("*")==0 && handler.getStylesheetProcessor().isSecureProcessing())
+ {
+ //foreign attributes are not allowed in secure processing mode
+ // Then barf, because this element does not allow this attribute.
+ handler.error(XSLTErrorResources.ER_ATTR_NOT_ALLOWED, new Object[]{attributes.getQName(i), rawName}, null);//"\""+attributes.getQName(i)+"\""
+ //+ " attribute is not allowed on the " + rawName
+ // + " element!", null);
+ }
+ else
+ {
+
+
+ boolean success = attrDef.setAttrValue(handler, attrUri, attrLocalName,
+ attributes.getQName(i), attributes.getValue(i),
+ target);
+
+ // Now we only add the element if it passed a validation check
+ if (success)
+ processedDefs.add(attrDef);
+ else
+ errorDefs.add(attrDef);
+ }
}
}
diff --git a/src/org/apache/xalan/transformer/TransformerImpl.java b/src/org/apache/xalan/transformer/TransformerImpl.java
index dd0d4d9..0906d24 100644
--- a/src/org/apache/xalan/transformer/TransformerImpl.java
+++ b/src/org/apache/xalan/transformer/TransformerImpl.java
@@ -438,7 +438,9 @@ public class TransformerImpl extends Transformer
try
{
if (sroot.getExtensions() != null)
- m_extensionsTable = new ExtensionsTable(sroot);
+ //only load extensions if secureProcessing is disabled
+ if(!sroot.isSecureProcessing())
+ m_extensionsTable = new ExtensionsTable(sroot);
}
catch (javax.xml.transform.TransformerException te)
{te.printStackTrace();}
diff --git a/src/org/apache/xpath/functions/FuncSystemProperty.java b/src/org/apache/xpath/functions/FuncSystemProperty.java
index 4bea356..78ac980 100644
--- a/src/org/apache/xpath/functions/FuncSystemProperty.java
+++ b/src/org/apache/xpath/functions/FuncSystemProperty.java
@@ -58,7 +58,7 @@ public class FuncSystemProperty extends FunctionOneArg
String fullName = m_arg0.execute(xctxt).str();
int indexOfNSSep = fullName.indexOf(':');
- String result;
+ String result = null;
String propName = "";
// List of properties where the name of the
@@ -98,14 +98,20 @@ public class FuncSystemProperty extends FunctionOneArg
try
{
- result = System.getProperty(propName);
-
- if (null == result)
- {
-
- // result = System.getenv(propName);
- return XString.EMPTYSTRING;
- }
+ //if secure procession is enabled only handle required properties do not not map any valid system property
+ if(!xctxt.isSecureProcessing())
+ {
+ result = System.getProperty(propName);
+ }
+ else
+ {
+ warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION,
+ new Object[]{ fullName }); //"SecurityException when trying to access XSL system property: "+fullName);
+ }
+ if (null == result)
+ {
+ return XString.EMPTYSTRING;
+ }
}
catch (SecurityException se)
{
@@ -120,14 +126,20 @@ public class FuncSystemProperty extends FunctionOneArg
{
try
{
- result = System.getProperty(fullName);
-
- if (null == result)
- {
-
- // result = System.getenv(fullName);
- return XString.EMPTYSTRING;
- }
+ //if secure procession is enabled only handle required properties do not not map any valid system property
+ if(!xctxt.isSecureProcessing())
+ {
+ result = System.getProperty(fullName);
+ }
+ else
+ {
+ warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION,
+ new Object[]{ fullName }); //"SecurityException when trying to access XSL system property: "+fullName);
+ }
+ if (null == result)
+ {
+ return XString.EMPTYSTRING;
+ }
}
catch (SecurityException se)
{

75
xalan-j2-MANIFEST.MF Normal file
View File

@ -0,0 +1,75 @@
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.8.2
Created-By: 1.7.0_b147-icedtea (Oracle Corporation)
Main-Class: org.apache.xalan.xslt.Process
Bundle-ManifestVersion: 2
Bundle-Name: %Bundle-Name.0
Bundle-SymbolicName: org.apache.xalan
Bundle-Version: 2.7.1
Bundle-Vendor: %Bundle-Vendor.0
Export-Package: org.apache.regexp;version="2.7.1",
org.apache.xalan;version="2.7.1",
org.apache.xalan.client;version="2.7.1",
org.apache.xalan.extensions;version="2.7.1",
org.apache.xalan.lib;version="2.7.1",
org.apache.xalan.lib.sql;version="2.7.1",
org.apache.xalan.processor;version="2.7.1",
org.apache.xalan.res;version="2.7.1",
org.apache.xalan.serialize;version="2.7.1",
org.apache.xalan.templates;version="2.7.1",
org.apache.xalan.trace;version="2.7.1",
org.apache.xalan.transformer;version="2.7.1",
org.apache.xalan.xslt;version="2.7.1",
org.apache.xalan.xsltc;version="2.7.1",
org.apache.xalan.xsltc.cmdline;version="2.7.1",
org.apache.xalan.xsltc.cmdline.getopt;version="2.7.1",
org.apache.xalan.xsltc.compiler;version="2.7.1",
org.apache.xalan.xsltc.compiler.util;version="2.7.1",
org.apache.xalan.xsltc.dom;version="2.7.1",
org.apache.xalan.xsltc.runtime;version="2.7.1",
org.apache.xalan.xsltc.runtime.output;version="2.7.1",
org.apache.xalan.xsltc.trax;version="2.7.1",
org.apache.xalan.xsltc.util;version="2.7.1",
org.apache.xml.dtm;version="2.7.1",
org.apache.xml.dtm.ref;version="2.7.1",
org.apache.xml.dtm.ref.dom2dtm;version="2.7.1",
org.apache.xml.dtm.ref.sax2dtm;version="2.7.1",
org.apache.xml.res;version="2.7.1",
org.apache.xml.utils;version="2.7.1",
org.apache.xml.utils.res;version="2.7.1",
org.apache.xpath;version="2.7.1",
org.apache.xpath.axes;version="2.7.1",
org.apache.xpath.compiler;version="2.7.1",
org.apache.xpath.domapi;version="2.7.1",
org.apache.xpath.functions;version="2.7.1",
org.apache.xpath.jaxp;version="2.7.1",
org.apache.xpath.objects;version="2.7.1",
org.apache.xpath.operations;version="2.7.1",
org.apache.xpath.patterns;version="2.7.1",
org.apache.xpath.res;version="2.7.1"
Require-Bundle: system.bundle, org.apache.xerces
Eclipse-BuddyPolicy: registered
Name: org/apache/xalan/
Comment: Main Xalan engine implementing TrAX/JAXP
Specification-Title: Java API for XML Processing
Specification-Vendor: Sun Microsystems Inc.
Specification-Version: 1.3
Implementation-Title: org.apache.xalan
Implementation-Version: 2.7.1
Implementation-Vendor: Apache Software Foundation
Implementation-URL: http://xml.apache.org/xalan-j/dist/
Name: org/apache/xml/
Comment: DTM implementation and utilities
Implementation-Title: org.apache.xml
Implementation-Version: 2.7.1
Implementation-Vendor: Apache Software Foundation
Implementation-URL: http://xml.apache.org/xalan-j/dist/
Name: org/apache/xpath/
Comment: XPath engine
Implementation-Title: org.apache.xpath
Implementation-Version: 2.7.1
Implementation-Vendor: Apache Software Foundation
Implementation-URL: http://xml.apache.org/xalan-j/dist/

11
xalan-j2-noxsltcdeps.patch Normal file
View File

@ -0,0 +1,11 @@
--- a/build.xml 2007-11-22 23:44:01.000000000 +0200
+++ b/build.xml 2010-04-07 13:32:31.878542610 +0300
@@ -683,7 +683,7 @@ $Id: build.xml 563656 2007-08-07 21:12:1
<!-- =================================================================== -->
<!-- Creates one big xalan jar (Xalan interpretive + XSLTC + support jars) -->
<!-- =================================================================== -->
- <target name="jar" depends="xalan-interpretive.compile,xsltc.compile,xsltc.copy-deps-jars"
+ <target name="jar" depends="xalan-interpretive.compile,xsltc.compile"
description="Jar up everything (Xalan, XSLTC and XSLTC dependencies)" >
<!-- Copy over the manifest, with filtering (for version number) -->

10
xalan-j2-serializer-MANIFEST.MF Normal file
View File

@ -0,0 +1,10 @@
Manifest-Version: 1.0
Bundle-RequiredExecutionEnvironment: J2SE-1.2
Bundle-SymbolicName: org.apache.xml.serializer
Bundle-ManifestVersion: 2
Bundle-Name: %Bundle-Name.0
Bundle-Localization: plugin
Bundle-Version: 2.7.1.v200806030322
Bundle-Vendor: %Bundle-Vendor.0
Export-Package: org.apache.xml.serializer,org.apache.xml.serializer.do
m3

135
xalan-j2.spec Normal file
View File

@ -0,0 +1,135 @@
%global cvs_version 2_7_1
%global xalan_data_dir %{buildroot}%{_datadir}/%{name}
Name: xalan-j2
Version: 2.7.1
Release: 39
Epoch: 0
Summary: Java XSLT processor
License: ASL 2.0 and W3C
URL: http://xalan.apache.org/
Source0: %{name}-%{version}.tar.gz
Source1: http://repo1.maven.org/maven2/xalan/xalan/%{version}/xalan-%{version}.pom
Source2: http://repo1.maven.org/maven2/xalan/serializer/%{version}/serializer-%{version}.pom
Source3: xsltc-%{version}.pom
Source4: %{name}-MANIFEST.MF
Source5: %{name}-serializer-MANIFEST.MF
Source6: generate-tarball.sh
Patch0: %{name}-noxsltcdeps.patch
Patch1: %{name}-CVE-2014-0107.patch
BuildRequires: ant apache-parent bcel dos2unix glassfish-servlet-api java_cup
BuildRequires: javapackages-local regexp sed xerces-j2 >= 0:2.7.1
BuildRequires: xml-commons-apis >= 0:1.3
Requires: glassfish-servlet-api xerces-j2
BuildArch: noarch
Provides: jaxp_transform_impl
Provides: xalan-j2-demo
Provides: xalan-j2-javadoc
Provides: xalan-j2-manual
Obsoletes: xalan-j2-demo
Obsoletes: xalan-j2-javadoc
Obsoletes: xalan-j2-manual
%description
Xalan is an XSLT processor for transforming XML documents into HTML,
text, or other XML document types. It implements the W3C Recommendations
for XSL Transformations (XSLT) and the XML Path Language (XPath). It can
be used from the command line, in an applet or a servlet, or as a module
in other program.
%package xsltc
Summary: Java XSLT compiler
License: ASL 2.0
Requires: bcel java_cup regexp xerces-j2
%description xsltc
The XSLT Compiler is a Java-based tool for compiling XSLT stylesheets
into lightweight and portable Java byte codes called translets.
%prep
%autosetup -n xalan-j_%{cvs_version} -p1
find . -name '*.jar' -exec rm -f {} \;
find . -name '*.class' -exec rm -f {} \;
sed -i '/<!-- Expand jaxp sources/,/<delete file="${xml-commons-srcs.tar}"/d' build.xml
sed -i '/class-path/I d' `find -iname '*manifest*'`
dos2unix KEYS LICENSE.txt NOTICE.txt xdocs/style/resources/script.js \
xdocs/sources/xsltc/README* `find -name '*.sh'`
%mvn_file :xalan %{name} jaxp_transform_impl
%mvn_file :serializer %{name}-serializer
%mvn_file :xsltc xsltc
%mvn_package :xsltc xsltc
%build
pushd lib
ln -sf `build-classpath bcel` BCEL.jar
ln -sf `build-classpath regexp` regexp.jar
ln -sf `build-classpath java_cup-runtime` runtime.jar
ln -sf `build-classpath xerces-j2` xercesImpl.jar
ln -sf `build-classpath xml-commons-apis` xml-apis.jar
popd
pushd tools
ln -sf `build-classpath ant` ant.jar
ln -sf `build-classpath java_cup` java_cup.jar
popd
export CLASSPATH=`build-classpath glassfish-servlet-api`
ant \
-Djava.awt.headless=true \
-Dapi.j2se=%{_javadocdir}/java \
-Dbuild.xalan-interpretive.jar=build/xalan-interpretive.jar \
xalan-interpretive.jar\
xsltc.unbundledjar \
docs \
javadocs \
samples \
servlet
jar ufm build/serializer.jar %{SOURCE5}
jar ufm build/xalan-interpretive.jar %{SOURCE4}
%mvn_artifact %{SOURCE1} build/xalan-interpretive.jar
%mvn_artifact %{SOURCE2} build/serializer.jar
%mvn_artifact %{SOURCE3} build/xsltc.jar
%install
%mvn_install -J build/docs/apidocs
sed -i 's/[0-9a-f]\{8\}-[0-9a-f]\{4\}-[0-9a-f]\{4\}-[0-9a-f]\{4\}-[0-9a-f]\{12\}/f2f42549-cfab-4d71-be48-5e9f9a41e5f5/g' `find %{_buildrootdir} -name xalan-j2.xml`
install -D -p -m 644 build/xalansamples.jar %{xalan_data_dir}/%{name}-samples.jar
install -D -p -m 644 build/xalanservlet.war %{xalan_data_dir}/%{name}-servlet.war
cp -pr samples %{xalan_data_dir}
pushd build/docs
ln -sf %{_javadocdir}/%{name} apidocs
popd
%post
mv %{_javadir}/jaxp_transform_impl.jar{,.tmp} || :
update-alternatives --remove jaxp_transform_impl %{_javadir}/%{name}.jar &>/dev/null || :
mv %{_javadir}/jaxp_transform_impl.jar{.tmp,} || :
%files -f .mfiles
%doc KEYS build/docs/* readme.html
%doc %{_javadocdir}/%{name}
%license LICENSE.txt NOTICE.txt
%{_datadir}/%{name}
%files xsltc -f .mfiles-xsltc
%license LICENSE.txt NOTICE.txt
%changelog
* Tue Dec 3 2019 huyan <hu.huyan@huawei.com> - 0:2.7.1-39
- Package Initialization

13
xsltc-2.7.1.pom Normal file
View File

@ -0,0 +1,13 @@
<project>
<modelVersion>4.0.0</modelVersion>
<groupId>xalan</groupId>
<artifactId>xsltc</artifactId>
<version>2.7.1</version>
<dependencies>
<dependency>
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<version>2.7.1</version>
</dependency>
</dependencies>
</project>