diff --git a/serializer-2.7.1.pom b/serializer-2.7.2.pom
similarity index 79%
rename from serializer-2.7.1.pom
rename to serializer-2.7.2.pom
index 79b0027d93263a0a156ef56c692c342be66c7994..677fc1ae04390ac52b11b36b5839c3f42df3ea63 100644
--- a/serializer-2.7.1.pom
+++ b/serializer-2.7.2.pom
@@ -1,7 +1,7 @@
-
4.0.0
@@ -13,14 +13,14 @@
xalan
serializer
- 2.7.1
+ 2.7.2
Xalan Java Serializer
Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input
SAX events.
- http://xml.apache.org/xalan-j/
+ http://xml.apache.org/xalan-j/
@@ -31,9 +31,9 @@
xerces
xercesImpl
- 2.9.0
+ 2.9.1
true
-
\ No newline at end of file
+
diff --git a/xalan-2.7.1.pom b/xalan-2.7.2.pom
similarity index 93%
rename from xalan-2.7.1.pom
rename to xalan-2.7.2.pom
index b4a56e9a1b1c250c2df06def568c245eec7876e4..758958d110f3a6f8e19633f3b34f4dc4f7657925 100644
--- a/xalan-2.7.1.pom
+++ b/xalan-2.7.2.pom
@@ -13,7 +13,7 @@
xalan
xalan
- 2.7.1
+ 2.7.2
Xalan Java
@@ -28,12 +28,12 @@
xalan
serializer
- 2.7.1
+ 2.7.2
xerces
xercesImpl
- 2.9.0
+ 2.9.1
true
diff --git a/xalan-j2-2.7.1.tar.gz b/xalan-j2-2.7.1.tar.gz
deleted file mode 100644
index 9b0a3b0ea289bd0f42707d05a74478d755f39935..0000000000000000000000000000000000000000
Binary files a/xalan-j2-2.7.1.tar.gz and /dev/null differ
diff --git a/xalan-j2-2.7.2.tar.gz b/xalan-j2-2.7.2.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..ef31085aef7a2d8b5cad8703a75429ac1215e349
Binary files /dev/null and b/xalan-j2-2.7.2.tar.gz differ
diff --git a/xalan-j2-CVE-2014-0107.patch b/xalan-j2-CVE-2014-0107.patch
deleted file mode 100644
index 3358f601a1d8048b0a86de44c407a6a4b034e343..0000000000000000000000000000000000000000
--- a/xalan-j2-CVE-2014-0107.patch
+++ /dev/null
@@ -1,148 +0,0 @@
-diff --git a/src/org/apache/xalan/processor/TransformerFactoryImpl.java b/src/org/apache/xalan/processor/TransformerFactoryImpl.java
-index 1298943..96a5e58 100644
---- a/src/org/apache/xalan/processor/TransformerFactoryImpl.java
-+++ b/src/org/apache/xalan/processor/TransformerFactoryImpl.java
-@@ -335,6 +335,10 @@ public class TransformerFactoryImpl extends SAXTransformerFactory
- reader = XMLReaderFactory.createXMLReader();
- }
-
-+ if(m_isSecureProcessing)
-+ {
-+ reader.setFeature("http://xml.org/sax/features/external-general-entities",false);
-+ }
- // Need to set options!
- reader.setContentHandler(handler);
- reader.parse(isource);
-diff --git a/src/org/apache/xalan/processor/XSLTElementProcessor.java b/src/org/apache/xalan/processor/XSLTElementProcessor.java
-index b946743..17b7395 100644
---- a/src/org/apache/xalan/processor/XSLTElementProcessor.java
-+++ b/src/org/apache/xalan/processor/XSLTElementProcessor.java
-@@ -338,17 +338,31 @@ public class XSLTElementProcessor extends ElemTemplateElement
- }
- else
- {
-- // Can we switch the order here:
--
-- boolean success = attrDef.setAttrValue(handler, attrUri, attrLocalName,
-- attributes.getQName(i), attributes.getValue(i),
-- target);
--
-- // Now we only add the element if it passed a validation check
-- if (success)
-- processedDefs.add(attrDef);
-- else
-- errorDefs.add(attrDef);
-+ //handle secure processing
-+ if(handler.getStylesheetProcessor()==null)
-+ System.out.println("stylesheet processor null");
-+ if(attrDef.getName().compareTo("*")==0 && handler.getStylesheetProcessor().isSecureProcessing())
-+ {
-+ //foreign attributes are not allowed in secure processing mode
-+ // Then barf, because this element does not allow this attribute.
-+ handler.error(XSLTErrorResources.ER_ATTR_NOT_ALLOWED, new Object[]{attributes.getQName(i), rawName}, null);//"\""+attributes.getQName(i)+"\""
-+ //+ " attribute is not allowed on the " + rawName
-+ // + " element!", null);
-+ }
-+ else
-+ {
-+
-+
-+ boolean success = attrDef.setAttrValue(handler, attrUri, attrLocalName,
-+ attributes.getQName(i), attributes.getValue(i),
-+ target);
-+
-+ // Now we only add the element if it passed a validation check
-+ if (success)
-+ processedDefs.add(attrDef);
-+ else
-+ errorDefs.add(attrDef);
-+ }
- }
- }
-
-diff --git a/src/org/apache/xalan/transformer/TransformerImpl.java b/src/org/apache/xalan/transformer/TransformerImpl.java
-index dd0d4d9..0906d24 100644
---- a/src/org/apache/xalan/transformer/TransformerImpl.java
-+++ b/src/org/apache/xalan/transformer/TransformerImpl.java
-@@ -438,7 +438,9 @@ public class TransformerImpl extends Transformer
- try
- {
- if (sroot.getExtensions() != null)
-- m_extensionsTable = new ExtensionsTable(sroot);
-+ //only load extensions if secureProcessing is disabled
-+ if(!sroot.isSecureProcessing())
-+ m_extensionsTable = new ExtensionsTable(sroot);
- }
- catch (javax.xml.transform.TransformerException te)
- {te.printStackTrace();}
-diff --git a/src/org/apache/xpath/functions/FuncSystemProperty.java b/src/org/apache/xpath/functions/FuncSystemProperty.java
-index 4bea356..78ac980 100644
---- a/src/org/apache/xpath/functions/FuncSystemProperty.java
-+++ b/src/org/apache/xpath/functions/FuncSystemProperty.java
-@@ -58,7 +58,7 @@ public class FuncSystemProperty extends FunctionOneArg
-
- String fullName = m_arg0.execute(xctxt).str();
- int indexOfNSSep = fullName.indexOf(':');
-- String result;
-+ String result = null;
- String propName = "";
-
- // List of properties where the name of the
-@@ -98,14 +98,20 @@ public class FuncSystemProperty extends FunctionOneArg
-
- try
- {
-- result = System.getProperty(propName);
--
-- if (null == result)
-- {
--
-- // result = System.getenv(propName);
-- return XString.EMPTYSTRING;
-- }
-+ //if secure procession is enabled only handle required properties do not not map any valid system property
-+ if(!xctxt.isSecureProcessing())
-+ {
-+ result = System.getProperty(propName);
-+ }
-+ else
-+ {
-+ warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION,
-+ new Object[]{ fullName }); //"SecurityException when trying to access XSL system property: "+fullName);
-+ }
-+ if (null == result)
-+ {
-+ return XString.EMPTYSTRING;
-+ }
- }
- catch (SecurityException se)
- {
-@@ -120,14 +126,20 @@ public class FuncSystemProperty extends FunctionOneArg
- {
- try
- {
-- result = System.getProperty(fullName);
--
-- if (null == result)
-- {
--
-- // result = System.getenv(fullName);
-- return XString.EMPTYSTRING;
-- }
-+ //if secure procession is enabled only handle required properties do not not map any valid system property
-+ if(!xctxt.isSecureProcessing())
-+ {
-+ result = System.getProperty(fullName);
-+ }
-+ else
-+ {
-+ warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION,
-+ new Object[]{ fullName }); //"SecurityException when trying to access XSL system property: "+fullName);
-+ }
-+ if (null == result)
-+ {
-+ return XString.EMPTYSTRING;
-+ }
- }
- catch (SecurityException se)
- {
diff --git a/xalan-j2-MANIFEST.MF b/xalan-j2-MANIFEST.MF
index f5d77cf588738c3dce4f864fb934ec18a4e09f18..2947cce8e674704793a1b4b8ece49ddd5a76b718 100644
--- a/xalan-j2-MANIFEST.MF
+++ b/xalan-j2-MANIFEST.MF
@@ -5,48 +5,48 @@ Main-Class: org.apache.xalan.xslt.Process
Bundle-ManifestVersion: 2
Bundle-Name: %Bundle-Name.0
Bundle-SymbolicName: org.apache.xalan
-Bundle-Version: 2.7.1
+Bundle-Version: 2.7.2
Bundle-Vendor: %Bundle-Vendor.0
-Export-Package: org.apache.regexp;version="2.7.1",
- org.apache.xalan;version="2.7.1",
- org.apache.xalan.client;version="2.7.1",
- org.apache.xalan.extensions;version="2.7.1",
- org.apache.xalan.lib;version="2.7.1",
- org.apache.xalan.lib.sql;version="2.7.1",
- org.apache.xalan.processor;version="2.7.1",
- org.apache.xalan.res;version="2.7.1",
- org.apache.xalan.serialize;version="2.7.1",
- org.apache.xalan.templates;version="2.7.1",
- org.apache.xalan.trace;version="2.7.1",
- org.apache.xalan.transformer;version="2.7.1",
- org.apache.xalan.xslt;version="2.7.1",
- org.apache.xalan.xsltc;version="2.7.1",
- org.apache.xalan.xsltc.cmdline;version="2.7.1",
- org.apache.xalan.xsltc.cmdline.getopt;version="2.7.1",
- org.apache.xalan.xsltc.compiler;version="2.7.1",
- org.apache.xalan.xsltc.compiler.util;version="2.7.1",
- org.apache.xalan.xsltc.dom;version="2.7.1",
- org.apache.xalan.xsltc.runtime;version="2.7.1",
- org.apache.xalan.xsltc.runtime.output;version="2.7.1",
- org.apache.xalan.xsltc.trax;version="2.7.1",
- org.apache.xalan.xsltc.util;version="2.7.1",
- org.apache.xml.dtm;version="2.7.1",
- org.apache.xml.dtm.ref;version="2.7.1",
- org.apache.xml.dtm.ref.dom2dtm;version="2.7.1",
- org.apache.xml.dtm.ref.sax2dtm;version="2.7.1",
- org.apache.xml.res;version="2.7.1",
- org.apache.xml.utils;version="2.7.1",
- org.apache.xml.utils.res;version="2.7.1",
- org.apache.xpath;version="2.7.1",
- org.apache.xpath.axes;version="2.7.1",
- org.apache.xpath.compiler;version="2.7.1",
- org.apache.xpath.domapi;version="2.7.1",
- org.apache.xpath.functions;version="2.7.1",
- org.apache.xpath.jaxp;version="2.7.1",
- org.apache.xpath.objects;version="2.7.1",
- org.apache.xpath.operations;version="2.7.1",
- org.apache.xpath.patterns;version="2.7.1",
- org.apache.xpath.res;version="2.7.1"
+Export-Package: org.apache.regexp;version="2.7.2",
+ org.apache.xalan;version="2.7.2",
+ org.apache.xalan.client;version="2.7.2",
+ org.apache.xalan.extensions;version="2.7.2",
+ org.apache.xalan.lib;version="2.7.2",
+ org.apache.xalan.lib.sql;version="2.7.2",
+ org.apache.xalan.processor;version="2.7.2",
+ org.apache.xalan.res;version="2.7.2",
+ org.apache.xalan.serialize;version="2.7.2",
+ org.apache.xalan.templates;version="2.7.2",
+ org.apache.xalan.trace;version="2.7.2",
+ org.apache.xalan.transformer;version="2.7.2",
+ org.apache.xalan.xslt;version="2.7.2",
+ org.apache.xalan.xsltc;version="2.7.2",
+ org.apache.xalan.xsltc.cmdline;version="2.7.2",
+ org.apache.xalan.xsltc.cmdline.getopt;version="2.7.2",
+ org.apache.xalan.xsltc.compiler;version="2.7.2",
+ org.apache.xalan.xsltc.compiler.util;version="2.7.2",
+ org.apache.xalan.xsltc.dom;version="2.7.2",
+ org.apache.xalan.xsltc.runtime;version="2.7.2",
+ org.apache.xalan.xsltc.runtime.output;version="2.7.2",
+ org.apache.xalan.xsltc.trax;version="2.7.2",
+ org.apache.xalan.xsltc.util;version="2.7.2",
+ org.apache.xml.dtm;version="2.7.2",
+ org.apache.xml.dtm.ref;version="2.7.2",
+ org.apache.xml.dtm.ref.dom2dtm;version="2.7.2",
+ org.apache.xml.dtm.ref.sax2dtm;version="2.7.2",
+ org.apache.xml.res;version="2.7.2",
+ org.apache.xml.utils;version="2.7.2",
+ org.apache.xml.utils.res;version="2.7.2",
+ org.apache.xpath;version="2.7.2",
+ org.apache.xpath.axes;version="2.7.2",
+ org.apache.xpath.compiler;version="2.7.2",
+ org.apache.xpath.domapi;version="2.7.2",
+ org.apache.xpath.functions;version="2.7.2",
+ org.apache.xpath.jaxp;version="2.7.2",
+ org.apache.xpath.objects;version="2.7.2",
+ org.apache.xpath.operations;version="2.7.2",
+ org.apache.xpath.patterns;version="2.7.2",
+ org.apache.xpath.res;version="2.7.2"
Require-Bundle: system.bundle, org.apache.xerces
Eclipse-BuddyPolicy: registered
@@ -56,20 +56,20 @@ Specification-Title: Java API for XML Processing
Specification-Vendor: Sun Microsystems Inc.
Specification-Version: 1.3
Implementation-Title: org.apache.xalan
-Implementation-Version: 2.7.1
+Implementation-Version: 2.7.2
Implementation-Vendor: Apache Software Foundation
Implementation-URL: http://xml.apache.org/xalan-j/dist/
Name: org/apache/xml/
Comment: DTM implementation and utilities
Implementation-Title: org.apache.xml
-Implementation-Version: 2.7.1
+Implementation-Version: 2.7.2
Implementation-Vendor: Apache Software Foundation
Implementation-URL: http://xml.apache.org/xalan-j/dist/
Name: org/apache/xpath/
Comment: XPath engine
Implementation-Title: org.apache.xpath
-Implementation-Version: 2.7.1
+Implementation-Version: 2.7.2
Implementation-Vendor: Apache Software Foundation
Implementation-URL: http://xml.apache.org/xalan-j/dist/
diff --git a/xalan-j2.spec b/xalan-j2.spec
index 9bbb9cccedeeab2a876215934295826a16039899..481a315aabf694cb07065441a7e1f8fa64a3f276 100644
--- a/xalan-j2.spec
+++ b/xalan-j2.spec
@@ -1,9 +1,9 @@
-%global cvs_version 2_7_1
+%global cvs_version 2_7_2
%global xalan_data_dir %{buildroot}%{_datadir}/%{name}
Name: xalan-j2
-Version: 2.7.1
-Release: 39
+Version: 2.7.2
+Release: 1
Epoch: 0
Summary: Java XSLT processor
License: ASL 2.0 and W3C
@@ -16,7 +16,6 @@ Source4: %{name}-MANIFEST.MF
Source5: %{name}-serializer-MANIFEST.MF
Source6: generate-tarball.sh
Patch0: %{name}-noxsltcdeps.patch
-Patch1: %{name}-CVE-2014-0107.patch
BuildRequires: ant apache-parent bcel dos2unix glassfish-servlet-api java_cup
@@ -131,5 +130,8 @@ mv %{_javadir}/jaxp_transform_impl.jar{.tmp,} || :
%changelog
+* Tue Jul 11 2023 yaoxin - 0:2.7.2-1
+- Update to 2.7.2
+
* Tue Dec 3 2019 huyan - 0:2.7.1-39
- Package Initialization
diff --git a/xsltc-2.7.1.pom b/xsltc-2.7.2.pom
similarity index 81%
rename from xsltc-2.7.1.pom
rename to xsltc-2.7.2.pom
index b32dbd036a899377df7d2698cddbc17509741ea6..ea34be482025c776f84effd09a39ae06bcda39b1 100644
--- a/xsltc-2.7.1.pom
+++ b/xsltc-2.7.2.pom
@@ -2,12 +2,12 @@
4.0.0
xalan
xsltc
- 2.7.1
+ 2.7.2
xalan
xalan
- 2.7.1
+ 2.7.2