package init

xmlrpc-client-addosgimanifest.patch

@@ -0,0 +1,20 @@
+--- pom.xml.sav	2010-02-06 17:44:57.000000000 +0200
++++ pom.xml	2010-09-29 09:27:06.194857352 +0300
+@@ -48,6 +48,17 @@
+               <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
+               <Implementation-Vendor>Apache Software Foundation</Implementation-Vendor>
+               <Implementation-Version>${project.version}</Implementation-Version>
++              <Bundle-ManifestVersion>2</Bundle-ManifestVersion>
++              <Bundle-Name>%Bundle-Name</Bundle-Name>
++              <Bundle-Localization>plugin</Bundle-Localization>
++              <Bundle-SymbolicName>org.apache.xmlrpc</Bundle-SymbolicName>
++              <Bundle-Version>${project.version}</Bundle-Version>
++              <Require-Bundle>org.apache.xmlrpc.common</Require-Bundle>
++	      <Export-Package>org.apache.xmlrpc, org.apache.xmlrpc.client, org.apache.xmlrpc.client.util</Export-Package>
++	      <Import-Package>javax.xml.namespace, javax.xml.parsers, org.apache.commons.httpclient, org.apache.commons.httpclient.auth, org.apache.commons.httpclient.methods, org.apache.commons.httpclient.params, org.apache.commons.logging, org.apache.ws.commons.serialize, org.apache.ws.commons.util, org.w3c.dom, org.xml.sax, org.xml.sax.helpers</Import-Package>
++	      <Bundle-RequiredExecutionEnvironment>J2SE-1.4, CDC-1.0/Foundation-1.0, J2SE-1.3</Bundle-RequiredExecutionEnvironment>
++	      <Eclipse-BuddyPolicy>dependent</Eclipse-BuddyPolicy>
++	      <Bundle-Vendor>%Bundle-Vendor.0</Bundle-Vendor>
+             </manifestEntries>
+           </archive>
+         </configuration>

xmlrpc-common-addosgimanifest.patch

@@ -0,0 +1,19 @@
+--- pom.xml.sav	2010-02-06 17:44:50.000000000 +0200
++++ pom.xml	2010-09-29 09:30:38.857857644 +0300
+@@ -48,6 +48,16 @@
+               <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
+               <Implementation-Vendor>Apache Software Foundation</Implementation-Vendor>
+               <Implementation-Version>${project.version}</Implementation-Version>
++              <Bundle-ManifestVersion>2</Bundle-ManifestVersion>
++              <Bundle-Name>%Bundle-Name</Bundle-Name>
++              <Bundle-Localization>plugin</Bundle-Localization>
++              <Bundle-SymbolicName>org.apache.xmlrpc.common</Bundle-SymbolicName>
++              <Bundle-Version>${project.version}</Bundle-Version>
++              <Export-Package>org.apache.xmlrpc, org.apache.xmlrpc.common, org.apache.xmlrpc.jaxb, org.apache.xmlrpc.parser, org.apache.xmlrpc.serializer, org.apache.xmlrpc.util</Export-Package>
++              <Import-Package>javax.xml.namespace, javax.xml.parsers, org.apache.commons.httpclient, org.apache.commons.httpclient.auth, org.apache.commons.httpclient.methods, org.apache.commons.httpclient.params, org.apache.commons.logging, org.apache.ws.commons.serialize, org.apache.ws.commons.util, org.w3c.dom, org.xml.sax, org.xml.sax.helpers</Import-Package>
++              <Bundle-RequiredExecutionEnvironment>J2SE-1.4, CDC-1.0/Foundation-1.0, J2SE-1.3</Bundle-RequiredExecutionEnvironment>
++              <Eclipse-BuddyPolicy>dependent</Eclipse-BuddyPolicy>
++              <Bundle-Vendor>%Bundle-Vendor.0</Bundle-Vendor>
+             </manifestEntries>
+           </archive>
+         </configuration>

xmlrpc-disallow-deserialization-of-ex-serializable-tags.patch

@@ -0,0 +1,35 @@
+From 495d6136d9de5c0bbddadffe11b0841c6aafcb34 Mon Sep 17 00:00:00 2001
+From: Michael Simacek <msimacek@redhat.com>
+Date: Fri, 18 May 2018 15:22:49 +0200
+Subject: [PATCH 1/2] Disallow deserialization of <ex:serializable> tags
+
+Can be reenabled by setting JVM property
+org.apache.xmlrpc.allowInsecureDeserialization to 1.
+
+- Resolves CVE-2016-5003
+---
+ .../java/org/apache/xmlrpc/parser/SerializableParser.java | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java b/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
+index 18f25ac..c8bb7ed 100644
+--- a/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
++++ b/common/src/main/java/org/apache/xmlrpc/parser/SerializableParser.java
+@@ -29,6 +29,14 @@ import org.apache.xmlrpc.XmlRpcException;
+  */
+ public class SerializableParser extends ByteArrayParser {
+ 	public Object getResult() throws XmlRpcException {
++                if (!"1".equals(System.getProperty("org.apache.xmlrpc.allowInsecureDeserialization"))) {
++                    throw new UnsupportedOperationException(
++                            "Deserialization of ex:serializable objects is vulnerable to " +
++                            "remote execution attacks and is disabled by default. " +
++                            "If you are sure the source data is trusted, you can enable " +
++                            "it by setting org.apache.xmlrpc.allowInsecureDeserialization " +
++                            "JVM property to 1");
++                }
+ 		try {
+ 			byte[] res = (byte[]) super.getResult();
+ 			ByteArrayInputStream bais = new ByteArrayInputStream(res);
+-- 
+2.17.0
+

xmlrpc-disallow-loading-external-dtd.patch

@@ -0,0 +1,30 @@
+From 338ab231b228bd36afda4ab31db724c6669579b2 Mon Sep 17 00:00:00 2001
+From: Michael Simacek <msimacek@redhat.com>
+Date: Tue, 22 May 2018 10:53:28 +0200
+Subject: [PATCH 2/2] Disallow loading external DTD
+
+---
+ .../src/main/java/org/apache/xmlrpc/util/SAXParsers.java   | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java b/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
+index b1034e7..49ef5de 100644
+--- a/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
++++ b/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
+@@ -48,6 +48,13 @@ public class SAXParsers {
+         } catch (org.xml.sax.SAXException e) {
+             // Ignore it
+ 		}
++        try {
++            spf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
++        } catch (javax.xml.parsers.ParserConfigurationException e) {
++            // Ignore it
++        } catch (org.xml.sax.SAXException e) {
++            // Ignore it
++        }
+ 	}
+ 
+ 	/** Creates a new instance of {@link XMLReader}.
+-- 
+2.17.0
+

xmlrpc-javax-methods.patch

@@ -0,0 +1,264 @@
+From d6834da0b1556bb133a534d31bb94d08f38fa195 Mon Sep 17 00:00:00 2001
+From: Mikolaj Izdebski <mizdebsk@redhat.com>
+Date: Mon, 16 Jun 2014 10:03:35 +0200
+Subject: [PATCH] Use servlet 3.1.0 API
+
+---
+ dist/pom.xml                                       |  2 +-
+ pom.xml                                            |  4 +-
+ server/pom.xml                                     |  8 +++-
+ .../xmlrpc/webserver/HttpServletRequestImpl.java   | 54 ++++++++++++++++++++++
+ .../xmlrpc/webserver/HttpServletResponseImpl.java  | 26 ++++++++++-
+ .../xmlrpc/webserver/ServletOutputStreamImpl.java  |  5 ++
+ 6 files changed, 94 insertions(+), 5 deletions(-)
+
+diff --git a/dist/pom.xml b/dist/pom.xml
+index 67aded6..c18c2eb 100644
+--- a/dist/pom.xml
++++ b/dist/pom.xml
+@@ -59,7 +59,7 @@
+   <dependencies>
+     <dependency>
+       <groupId>javax.servlet</groupId>
+-      <artifactId>servlet-api</artifactId>
++      <artifactId>javax.servlet-api</artifactId>
+     </dependency>
+     <dependency>
+     	<groupId>org.apache.xmlrpc</groupId>
+diff --git a/pom.xml b/pom.xml
+index 3933da5..70c508e 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -344,8 +344,8 @@
+       </dependency>
+       <dependency>
+         <groupId>javax.servlet</groupId>
+-        <artifactId>servlet-api</artifactId>
+-        <version>2.4</version>
++        <artifactId>javax.servlet-api</artifactId>
++        <version>3.1.0</version>
+         <scope>provided</scope>
+       </dependency>
+       <dependency>
+diff --git a/server/pom.xml b/server/pom.xml
+index 0d09544..01288c8 100644
+--- a/server/pom.xml
++++ b/server/pom.xml
+@@ -67,6 +67,12 @@
+     <dependency>
+       <groupId>commons-logging</groupId>
+       <artifactId>commons-logging</artifactId>
++      <exclusions>
++	<exclusion>
++          <groupId>javax.servlet</groupId>
++          <artifactId>servlet-api</artifactId>
++	</exclusion>
++      </exclusions>
+     </dependency>
+     <dependency>
+       <groupId>org.apache.xmlrpc</groupId>
+@@ -81,7 +87,7 @@
+     </dependency>
+     <dependency>
+       <groupId>javax.servlet</groupId>
+-      <artifactId>servlet-api</artifactId>
++      <artifactId>javax.servlet-api</artifactId>
+     </dependency>
+     <dependency>
+       <groupId>commons-httpclient</groupId>
+diff --git a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
+index 3dc7e43..19b14a2 100644
+--- a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
++++ b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletRequestImpl.java
+@@ -31,6 +31,7 @@ import java.net.URLDecoder;
+ import java.security.Principal;
+ import java.util.ArrayList;
+ import java.util.Collections;
++import java.util.Collection;
+ import java.util.Enumeration;
+ import java.util.HashMap;
+ import java.util.Iterator;
+@@ -39,10 +40,20 @@ import java.util.Locale;
+ import java.util.Map;
+ import java.util.StringTokenizer;
+ 
++import javax.servlet.ReadListener;
+ import javax.servlet.RequestDispatcher;
++import javax.servlet.ServletException;
+ import javax.servlet.ServletInputStream;
++import javax.servlet.DispatcherType;
++import javax.servlet.AsyncContext;
++import javax.servlet.ServletContext;
++import javax.servlet.ServletRequest;
++import javax.servlet.ServletResponse;
+ import javax.servlet.http.Cookie;
++import javax.servlet.http.HttpUpgradeHandler;
++import javax.servlet.http.Part;
+ import javax.servlet.http.HttpServletRequest;
++import javax.servlet.http.HttpServletResponse;
+ import javax.servlet.http.HttpSession;
+ 
+ import org.apache.xmlrpc.common.XmlRpcStreamConfig;
+@@ -66,6 +77,7 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+ 	private String queryString;
+ 	private String httpVersion;
+ 	private final Map headers = new HashMap();
++	private final Map parts = new HashMap();
+ 	private final Map attributes = new HashMap();
+ 	private Map parameters;
+ 	private String characterEncoding;
+@@ -97,6 +109,18 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+ 				}
+ 				return c;
+ 			}
++
++			public boolean isFinished() {
++				return contentBytesRemaining == 0;
++			}
++
++			public boolean isReady() {
++				return true;
++			}
++
++			public void setReadListener(ReadListener arg0) {
++				throw new IllegalStateException("Not implemented.");
++			}
+ 		};
+ 	}
+ 
+@@ -227,6 +251,12 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+ 		return Collections.enumeration(list);
+ 	}
+ 
++	public Part getPart(String name) { throw new IllegalStateException("Not implemented"); }
++
++	public Collection getParts() { throw new IllegalStateException("Not implemented"); }
++
++	public boolean authenticate (HttpServletResponse response) { throw new IllegalStateException("Not implemented"); }
++
+ 	public int getIntHeader(String pHeader) {
+ 		String s = getHeader(pHeader);
+ 		return s == null ? -1 : Integer.parseInt(s);
+@@ -242,6 +272,10 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+ 
+ 	public String getRemoteUser() { throw new IllegalStateException("Not implemented"); }
+ 
++	public void login(String username, String password) { throw new IllegalStateException("Not implemented"); }
++
++	public void logout() { throw new IllegalStateException("Not implemented"); }
++
+ 	public String getRequestURI() { return uri; }
+ 
+ 	public StringBuffer getRequestURL() {
+@@ -280,6 +314,20 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+ 		return sb;
+ 	}
+ 
++	public AsyncContext getAsyncContext() { throw new IllegalStateException("Not implemented"); }
++
++	public boolean isAsyncSupported() { return false; }
++
++	public boolean isAsyncStarted() { return false; }
++
++	public ServletContext getServletContext() { throw new IllegalStateException("Not implemented"); }
++
++	public AsyncContext startAsync(ServletRequest req, ServletResponse resp) { throw new IllegalStateException("Not implemented"); }
++
++	public AsyncContext startAsync() { throw new IllegalStateException("Not implemented"); }
++
++	public DispatcherType getDispatcherType() { throw new IllegalStateException("Not implemented"); }
++
+ 	public String getRequestedSessionId() { throw new IllegalStateException("Not implemented"); }
+ 
+ 	public String getServletPath() { return uri; }
+@@ -544,4 +592,10 @@ public class HttpServletRequestImpl implements HttpServletRequest {
+ 	}
+ 
+ 	protected String getHttpVersion() { return httpVersion; }
++
++	public long getContentLengthLong() { throw new IllegalStateException("Not implemented."); }
++
++	public String changeSessionId() { throw new IllegalStateException("Not implemented."); }
++
++	public HttpUpgradeHandler upgrade(Class arg0) { throw new IllegalStateException("Not implemented."); }
+ }
+diff --git a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
+index 6ba7018..5319dcf 100644
+--- a/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
++++ b/server/src/main/java/org/apache/xmlrpc/webserver/HttpServletResponseImpl.java
+@@ -29,6 +29,8 @@ import java.util.Iterator;
+ import java.util.List;
+ import java.util.Locale;
+ import java.util.Map;
++import java.util.Collection;
++import java.util.Collections;
+ import java.util.StringTokenizer;
+ 
+ import javax.servlet.ServletOutputStream;
+@@ -84,7 +86,7 @@ public class HttpServletResponseImpl implements HttpServletResponse {
+ 		}
+ 	}
+ 
+-	private String getHeader(String pHeader) {
++	public String getHeader(String pHeader) {
+ 		String key = pHeader.toLowerCase();
+ 		Object o = headers.get(key);
+ 		if (o == null) {
+@@ -101,6 +103,26 @@ public class HttpServletResponseImpl implements HttpServletResponse {
+ 		}
+ 	}
+ 
++	public Collection getHeaderNames() {
++		return headers.keySet();
++	}
++
++	public Collection getHeaders(String pHeader) {
++		String key = pHeader.toLowerCase();
++		Object o = headers.get(key);
++		List list;
++		if (o instanceof List) {
++		list = (List) o;
++		} else {
++			list = Collections.singletonList(o);
++		}
++		return list;
++	}
++
++	public int getStatus() {
++		return status;
++	}
++
+ 	public void addIntHeader(String pHeader, int pValue) {
+ 		addHeader(pHeader, Integer.toString(pValue));
+ 	}
+@@ -465,4 +487,6 @@ public class HttpServletResponseImpl implements HttpServletResponse {
+ 		sb.append("\r\n");
+ 		return sb.toString();
+ 	}
++
++	public void setContentLengthLong(long arg0) { throw new IllegalStateException("Not implemented."); }
+ }
+diff --git a/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java b/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java
+index c2a53b1..86dbbb4 100644
+--- a/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java
++++ b/server/src/main/java/org/apache/xmlrpc/webserver/ServletOutputStreamImpl.java
+@@ -22,6 +22,7 @@ import java.io.IOException;
+ import java.io.OutputStream;
+ 
+ import javax.servlet.ServletOutputStream;
++import javax.servlet.WriteListener;
+ 
+ 
+ /** Default implementation of a servlet output stream.
+@@ -99,4 +100,8 @@ class ServletOutputStreamImpl extends ServletOutputStream {
+ 	boolean isCommitted() {
+ 		return committed;
+ 	}
++
++	public boolean isReady() { return true; }
++
++	public void setWriteListener(WriteListener arg0) { throw new IllegalStateException("Not implemented."); }
+ }
+-- 
+1.9.3
+

xmlrpc-server-addosgimanifest.patch

@@ -0,0 +1,15 @@
+--- pom.xml	2014-07-07 11:24:52.668887604 -0400
++++ pom.xml.sav	2014-07-07 11:25:06.174916380 -0400
+@@ -48,6 +48,12 @@
+               <Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
+               <Implementation-Vendor>Apache Software Foundation</Implementation-Vendor>
+               <Implementation-Version>${project.version}</Implementation-Version>
++	      <Bundle-ManifestVersion>1</Bundle-ManifestVersion>
++              <Bundle-Name>%Bundle-Name</Bundle-Name>
++              <Bundle-SymbolicName>org.apache.xmlrpc.server</Bundle-SymbolicName>
++	      <Bundle-Version>${project.version}</Bundle-Version>
++	      <Require-Bundle>org.apache.xmlrpc.common</Require-Bundle>
++	      <Export-Package>org.apache.xmlrpc.server,org.apache.xmlrpc.webserver</Export-Package>
+             </manifestEntries>
+           </archive>
+         </configuration>

xmlrpc.spec

@@ -0,0 +1,97 @@
+Name:                xmlrpc
+Version:             3.1.3
+Release:             1
+Epoch:               1
+Summary:             Java XML-RPC implementation
+License:             ASL 2.0
+URL:                 http://ws.apache.org/xmlrpc/
+Source0:             http://archive.apache.org/dist/ws/xmlrpc/sources/apache-xmlrpc-%{version}-src.tar.bz2
+Patch0:              %{name}-client-addosgimanifest.patch
+Patch1:              %{name}-common-addosgimanifest.patch
+Patch2:              %{name}-javax-methods.patch
+Patch3:              %{name}-server-addosgimanifest.patch
+Patch4:              %{name}-disallow-deserialization-of-ex-serializable-tags.patch
+Patch5:              %{name}-disallow-loading-external-dtd.patch
+BuildRequires:       maven-local mvn(org.apache:apache:pom:)
+BuildRequires:       mvn(commons-httpclient:commons-httpclient) mvn(commons-logging:commons-logging)
+BuildRequires:       mvn(javax.servlet:servlet-api) mvn(org.apache.ws.commons.util:ws-commons-util)
+BuildArch:           noarch
+
+%description
+Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol
+that uses XML over HTTP to implement remote procedure calls.
+Apache XML-RPC was previously known as Helma XML-RPC. If you have code
+using the Helma library, all you should have to do is change the import
+statements in your code from helma.xmlrpc.* to org.apache.xmlrpc.*.
+
+%package javadoc
+Summary:             Javadoc for %{name}
+
+%description javadoc
+Javadoc for %{name}.
+
+%package common
+Summary:             Common classes for XML-RPC client and server implementations
+Obsoletes:           %{name} < 3.1.3
+Obsoletes:           %{name}3-common < 3.1.3-13
+Provides:            %{name}3-common = 3.1.3-13
+
+%description common
+%{summary}.
+
+%package client
+Summary:             XML-RPC client implementation
+Obsoletes:           %{name}3-client < 3.1.3-13
+Provides:            %{name}3-client = 3.1.3-13
+
+%description client
+%{summary}.
+
+%package server
+Summary:             XML-RPC server implementation
+Obsoletes:           %{name}3-server < 3.1.3-13
+Provides:            %{name}3-server = 3.1.3-13
+
+%description server
+%{summary}.
+
+%prep
+%setup -q -n apache-%{name}-%{version}-src
+%patch2 -p1
+pushd client
+%patch0 -b .sav
+popd
+pushd common
+%patch1 -b .sav
+popd
+pushd server
+%patch3 -b .sav
+popd
+%patch4 -p1
+%patch5 -p1
+sed -i 's/\r//' LICENSE.txt
+%pom_disable_module dist
+%pom_remove_dep jaxme:jaxmeapi common
+%pom_add_dep junit:junit:3.8.1:test
+%mvn_file :{*} @1
+%mvn_package :*-common %{name}
+
+%build
+%mvn_build -s -- -Dmaven.test.failure.ignore=true
+
+%install
+%mvn_install
+
+%files common -f .mfiles-%{name}
+%license LICENSE.txt NOTICE.txt
+
+%files client -f .mfiles-%{name}-client
+
+%files server -f .mfiles-%{name}-server
+
+%files javadoc -f .mfiles-javadoc
+%license LICENSE.txt NOTICE.txt
+
+%changelog
+* Wed Aug 12 2020 leiju <leiju4@huawei.com> - 3.1.3-1
+- Package init

xmlrpc.yaml

@@ -0,0 +1,4 @@
+version_control: NA
+src_repo: NA
+tag_prefix: NA
+seperator: NA