packages/fop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:e74fccc28d763c9cfc4daeac46b2aedcf06e82b7
Branches Tags
packages:main
..
compare: packages:efef3f454bd67fbb6204a863380c840b1518efa5
Branches Tags
packages:main

No commits in common. "e74fccc28d763c9cfc4daeac46b2aedcf06e82b7" and "efef3f454bd67fbb6204a863380c840b1518efa5" have entirely different histories.
e74fccc28d ... efef3f454b

4 changed files with 3 additions and 99 deletions
Show Stats Expand all files Collapse all files

20
Remove-the-mif-parameter-in-the-help-message.patch
View File

@ -1,20 +0,0 @@
diff -Nur a/fop-core/src/main/java/org/apache/fop/cli/CommandLineOptions.java b/fop-core/src/main/java/org/apache/fop/cli/CommandLineOptions.java
--- a/fop-core/src/main/java/org/apache/fop/cli/CommandLineOptions.java 2017-04-03 19:23:57.000000000 +0800
+++ b/fop-core/src/main/java/org/apache/fop/cli/CommandLineOptions.java 2023-09-16 09:21:10.478347745 +0800
@@ -1183,7 +1183,7 @@
public static void printUsage(PrintStream out) {
out.println(
"\nUSAGE\nfop [options] [-fo|-xml] infile [-xsl file] "
- + "[-awt|-pdf|-mif|-rtf|-tiff|-png|-pcl|-ps|-txt|-at [mime]|-print] <outfile>\n"
+ + "[-awt|-pdf|-rtf|-tiff|-png|-pcl|-ps|-txt|-at [mime]|-print] <outfile>\n"
+ " [OPTIONS] \n"
+ " -version print FOP version and exit\n"
+ " -x dump configuration settings \n"
@@ -1274,7 +1274,6 @@
+ " fop -xml foo.xml -xsl foo.xsl -pdf foo.pdf\n"
+ " fop -xml foo.xml -xsl foo.xsl -foout foo.fo\n"
+ " fop -xml - -xsl foo.xsl -pdf -\n"
- + " fop foo.fo -mif foo.mif\n"
+ " fop foo.fo -rtf foo.rtf\n"
+ " fop foo.fo -print\n"
+ " fop foo.fo -awt\n");

27
Update-to-newer-batik.patch
View File

@ -1,27 +0,0 @@
From d5b0798c2b6bd1aa8c65e5c744beb5d5096d1e54 Mon Sep 17 00:00:00 2001
From: Simon Steiner <ssteiner@apache.org>
Date: Tue, 15 Jan 2019 14:18:05 +0000
Subject: [PATCH] Update to newer batik
git-svn-id: https://svn.apache.org/repos/asf/xmlgraphics/fop/trunk@1851362 13f79535-47bb-0310-9956-ffa450edef68
Origin:
https://github.com/apache/xmlgraphics-fop/commit/d5b0798c2b6bd1aa8c65e5c744beb5d5096d1e54
---
.../java/org/apache/fop/svg/SVGUtilities.java | 2 +-
fop/lib/batik-all-1.11.0-SNAPSHOT.jar | Bin 4292764 -> 4288813 bytes
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/fop-core/src/main/java/org/apache/fop/svg/SVGUtilities.java b/fop-core/src/main/java/org/apache/fop/svg/SVGUtilities.java
index d75aa209988..31d39d96efc 100644
--- a/fop-core/src/main/java/org/apache/fop/svg/SVGUtilities.java
+++ b/fop-core/src/main/java/org/apache/fop/svg/SVGUtilities.java
@@ -29,7 +29,7 @@
import org.w3c.dom.Element;
import org.apache.batik.anim.dom.SVGDOMImplementation;
-import org.apache.batik.util.XMLConstants;
+import org.apache.batik.constants.XMLConstants;
/**
* Some utilities for creating svg DOM documents and elements.

29
backport-CVE-2024-28168.patch
View File

@ -1,29 +0,0 @@
From d96ba9a11710d02716b6f4f6107ebfa9ccec7134 Mon Sep 17 00:00:00 2001
From: Simon Steiner <ssteiner@apache.org>
Date: Tue, 5 Mar 2024 11:28:18 +0000
Subject: [PATCH] FOP-3168: Add secure processing for XSL input
---
fop-core/src/main/java/org/apache/fop/cli/InputHandler.java | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java b/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java
index 6d99bbe40f5..fb72762e91b 100644
--- a/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java
+++ b/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java
@@ -26,6 +26,7 @@
import java.lang.reflect.InvocationTargetException;
import java.util.Vector;
+import javax.xml.XMLConstants;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParserFactory;
import javax.xml.transform.ErrorListener;
@@ -265,6 +266,7 @@ protected void transformTo(Result result) throws FOPException {
try {
// Setup XSLT
TransformerFactory factory = TransformerFactory.newInstance();
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer transformer;
Source xsltSource = createXSLTSource();

26
fop.spec
View File

@ -1,10 +1,10 @@
Name: fop
Version: 2.2
Release: 9
Release: 4
Summary: Formatter for printing XSL-driven XML Files
License: BSD and Apache-2.0 and MIT and Apache-1.1
License: ASL 2.0 and ASL 1.1
URL: https://xmlgraphics.apache.org/fop
Source0: https://archive.apache.org/dist/xmlgraphics/fop/source/%{name}-%{version}-src.tar.gz
Source0: https://www.apache.org/dist/xmlgraphics/%{name}/source/%{name}-%{version}-src.tar.gz
Source1: https://www.apache.org/licenses/LICENSE-1.1.txt
Source2: batik-pdf-MANIFEST.MF
Source3: %{name}.script
@ -14,11 +14,6 @@ Patch0001: Disable-javadoc-doclint.patch
Patch0002: Port-to-QDox-2.0.patch
Patch0003: Allow-javascript-in-javadoc.patch
Patch0004: Non-free-colour-profile-was-removed.patch
Patch0005: Update-to-newer-batik.patch
Patch0006: Remove-the-mif-parameter-in-the-help-message.patch
Patch3000: backport-CVE-2024-28168.patch
BuildRequires: ant apache-commons-io apache-commons-logging avalon-framework
BuildRequires: batik fontbox javapackages-local junit qdox servlet
BuildRequires: xmlunit xmlgraphics-commons >= 1.5
@ -87,20 +82,5 @@ install -D -p -m 644 %{SOURCE4} %{buildroot}%{_mavenpomdir}/JPP-%{name}.pom
%changelog
* Thu Oct 10 2024 yaoxin <yao_xin001@hoperun.com> - 2.2-9
- Fix CVE-2024-28168
* Sat Sep 16 2023 liyanan <thistleslyn@163.com> - 2.2-8
- Remove the mif parameter in the help message
* Fri Sep 08 2023 yaoxin <yao_xin001@hoperun.com> - 2.2-7
- Fix build failure caused by batik upgrade to 1.17
* Mon Nov 21 2022 xu_ping <xuping33@h-partners.com> - 2.2-6
- Modify invalid source
* Mon Jan 18 2021 caodongxia <caodongxia@huawei.com> - 2.2-5
- Modify license information.
* Tue Dec 10 2019 huyan <hu.huyan@huawei.com> - 2.2-4
- Package Initialization