From e005f21dce0f6e619a3ec1fd616672214f6bb2b0 Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Thu, 1 Aug 2024 09:39:50 +0000 Subject: automatic import of bcel --- .gitignore | 1 + 0001-CVE-2022-42920.patch | 71 +++++++++++ bcel.spec | 312 ++++++++++++++++++++++++++++++++++++++++++++++ sources | 1 + 4 files changed, 385 insertions(+) create mode 100644 0001-CVE-2022-42920.patch create mode 100644 bcel.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore index e69de29..bbb0e51 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +/bcel-6.4.1-src.tar.gz diff --git a/0001-CVE-2022-42920.patch b/0001-CVE-2022-42920.patch new file mode 100644 index 0000000..4bbb9ee --- /dev/null +++ b/0001-CVE-2022-42920.patch @@ -0,0 +1,71 @@ +From 3a4e355796891149adfd9228633f179015293dbd Mon Sep 17 00:00:00 2001 +From: Richard Atkins +Date: Wed, 21 Sep 2022 23:18:58 +1000 +Subject: [PATCH] CVE-2022-42920 + +--- + .../org/apache/bcel/classfile/ConstantPool.java | 15 +++++++++++---- + .../org/apache/bcel/generic/ConstantPoolGen.java | 11 ++++++++++- + 2 files changed, 21 insertions(+), 5 deletions(-) + +diff --git a/src/main/java/org/apache/bcel/classfile/ConstantPool.java b/src/main/java/org/apache/bcel/classfile/ConstantPool.java +index f2c946a1..77ab0da4 100644 +--- a/src/main/java/org/apache/bcel/classfile/ConstantPool.java ++++ b/src/main/java/org/apache/bcel/classfile/ConstantPool.java +@@ -218,10 +218,17 @@ public class ConstantPool implements Cloneable, Node { + * @throws IOException + */ + public void dump( final DataOutputStream file ) throws IOException { +- file.writeShort(constant_pool.length); +- for (int i = 1; i < constant_pool.length; i++) { +- if (constant_pool[i] != null) { +- constant_pool[i].dump(file); ++ /* ++ * Constants over the size of the constant pool shall not be written out. ++ * This is a redundant measure as the ConstantPoolGen should have already ++ * reported an error back in the situation. ++ */ ++ final int size = Math.min(constant_pool.length, Const.MAX_CP_ENTRIES); ++ ++ file.writeShort(size); ++ for (int i = 1; i < size; i++) { ++ if (constant_pool[i] != null) { ++ constant_pool[i].dump(file); + } + } + } +diff --git a/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java b/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java +index fd0af47e..d3189ba4 100644 +--- a/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java ++++ b/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java +@@ -95,7 +95,7 @@ public class ConstantPoolGen { + public ConstantPoolGen(final Constant[] cs) { + final StringBuilder sb = new StringBuilder(DEFAULT_BUFFER_SIZE); + +- size = Math.max(DEFAULT_BUFFER_SIZE, cs.length + 64); ++ size = Math.min(Math.max(DEFAULT_BUFFER_SIZE, cs.length + 64), Const.MAX_CP_ENTRIES + 1); + constants = new Constant[size]; + + System.arraycopy(cs, 0, constants, 0, cs.length); +@@ -224,9 +224,18 @@ public class ConstantPoolGen { + /** Resize internal array of constants. + */ + protected void adjustSize() { ++ // 3 extra spaces are needed as some entries may take 3 slots ++ if (index + 3 >= Const.MAX_CP_ENTRIES + 1) { ++ throw new IllegalStateException("The number of constants " + (index + 3) ++ + " is over the size of the constant pool: " ++ + Const.MAX_CP_ENTRIES); ++ } ++ + if (index + 3 >= size) { + final Constant[] cs = constants; + size *= 2; ++ // the constant array shall not exceed the size of the constant pool ++ size = Math.min(size, Const.MAX_CP_ENTRIES + 1); + constants = new Constant[size]; + System.arraycopy(cs, 0, constants, 0, index); + } +-- +2.38.1 + diff --git a/bcel.spec b/bcel.spec new file mode 100644 index 0000000..50805e8 --- /dev/null +++ b/bcel.spec @@ -0,0 +1,312 @@ +Name: bcel +Version: 6.4.1 +Release: 9%{?dist} +Summary: Byte Code Engineering Library +License: ASL 2.0 +URL: http://commons.apache.org/proper/commons-bcel/ +BuildArch: noarch + +Source0: http://archive.apache.org/dist/commons/bcel/source/bcel-%{version}-src.tar.gz + +Patch1: 0001-CVE-2022-42920.patch + +BuildRequires: maven-local +BuildRequires: mvn(org.apache.commons:commons-parent:pom:) + +%description +The Byte Code Engineering Library (formerly known as JavaClass) is +intended to give users a convenient possibility to analyze, create, and +manipulate (binary) Java class files (those ending with .class). Classes +are represented by objects which contain all the symbolic information of +the given class: methods, fields and byte code instructions, in +particular. Such objects can be read from an existing file, be +transformed by a program (e.g. a class loader at run-time) and dumped to +a file again. An even more interesting application is the creation of +classes from scratch at run-time. The Byte Code Engineering Library +(BCEL) may be also useful if you want to learn about the Java Virtual +Machine (JVM) and the format of Java .class files. BCEL is already +being used successfully in several projects such as compilers, +optimizers, obsfuscators and analysis tools, the most popular probably +being the Xalan XSLT processor at Apache. + +%package javadoc +Summary: API documentation for %{name} + +%description javadoc +This package provides %{summary}. + +%prep +%setup -q -n %{name}-%{version}-src +%patch1 -p1 + +%pom_remove_plugin :maven-source-plugin + +%mvn_alias : bcel: apache: +%mvn_file : %{name} + +%build +%mvn_build -f + +%install +%mvn_install + +%files -f .mfiles +%doc RELEASE-NOTES.txt +%license LICENSE.txt NOTICE.txt + +%files javadoc -f .mfiles-javadoc +%license LICENSE.txt NOTICE.txt + +%changelog +* Thu Dec 01 2022 Mikolaj Izdebski - 6.4.1-9 +- Fix arbitrary bytecode produced via out-of-bounds writing +- Resolves: CVE-2022-42920 + +* Mon Aug 09 2021 Mohan Boddu - 6.4.1-8 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Mon Jun 28 2021 Mikolaj Izdebski - 6.4.1-7 +- Remove dependency on jna +- Resolves: rhbz#1976996 + +* Thu Apr 15 2021 Mohan Boddu - 0:6.4.1-6 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 0:6.4.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 0:6.4.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri Jul 10 2020 Jiri Vanek - 0:6.4.1-3 +- Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11 + +* Tue Jan 28 2020 Fedora Release Engineering - 0:6.4.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Tue Nov 05 2019 Mikolaj Izdebski - 6.4.1-2 +- Mass rebuild for javapackages-tools 201902 + +* Wed Oct 16 2019 Marian Koncek - 6.4.1-1 +- Update to upstream version 6.4.1 + +* Fri Oct 04 2019 Fabio Valentini - 0:6.4.1-1 +- Update to version 6.4.1. + +* Wed Jul 24 2019 Fedora Release Engineering - 0:6.3.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri May 24 2019 Mikolaj Izdebski - 6.3.1-2 +- Mass rebuild for javapackages-tools 201901 + +* Mon May 06 2019 Marian Koncek - 0:6.3.1-1 +- Update to upstream version 6.3.1 +- Fixes: RHBZ #1692150 + +* Tue Feb 05 2019 Marian Koncek - 0:6.3-1 +- Update to upstream version 6.3 +- Fixes: RHBZ #1670025 + +* Thu Jan 31 2019 Fedora Release Engineering - 0:6.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Thu Jul 12 2018 Fedora Release Engineering - 0:6.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Feb 07 2018 Fedora Release Engineering - 0:6.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sun Dec 10 2017 Michael Simacek - 0:6.2-1 +- Update to upstream version 6.2 + +* Fri Sep 22 2017 Mikolaj Izdebski - 0:6.1-2 +- Conditionally build without jna + +* Tue Sep 19 2017 Michael Simacek - 0:6.1-1 +- Update to upstream version 6.1 + +* Wed Jul 26 2017 Fedora Release Engineering - 0:6.0-0.7.20140406svn1592769 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 0:6.0-0.6.20140406svn1592769 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Feb 03 2016 Fedora Release Engineering - 0:6.0-0.5.20140406svn1592769 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 0:6.0-0.4.20140406svn1592769 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Aug 11 2014 Mikolaj Izdebski - 0:6.0-0.3.20140406svn1592769 +- Add alias for apache:bcel + +* Sat Jun 07 2014 Fedora Release Engineering - 0:6.0-0.2.20140406svn1592769 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue May 06 2014 Michael Simacek - 0:6.0-0.1.20140406svn1592769 +- Update to upstream snapshot compatible with Java 8 + +* Sat Aug 03 2013 Fedora Release Engineering - 0:5.2-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Fri Jun 14 2013 Mikolaj Izdebski - 0:5.2-16 +- Complete spec file rewrite +- Build with Maven instead of Ant +- Remove manual subpackage + +* Wed Feb 13 2013 Fedora Release Engineering - 0:5.2-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Nov 13 2012 Tom Callaway - 0:5.2-14 +- Package NOTICE.txt + +* Tue Aug 21 2012 Andy Grimm - 0:5.2-13 +- This package should not own _mavendepmapfragdir (RHBZ#850005) +- Build with maven, and clean up deprecated spec constructs +- Fix pom file (See http://jira.codehaus.org/browse/MEV-592) + +* Wed Jul 18 2012 Fedora Release Engineering - 0:5.2-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sun Jun 24 2012 Gerard Ryan - 0:5.2-11 +- Inject OSGI Manifest. + +* Wed Jan 11 2012 Ville Skyttä - 0:5.2-10 +- Specify explicit source encoding to fix build with Java 7. +- Install jar and javadocs unversioned. +- Crosslink with JDK javadocs. + +* Mon Feb 07 2011 Fedora Release Engineering - 0:5.2-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Jul 13 2010 Alexander Kurtakov 0:5.2-8 +- Use global. +- Drop gcj_support. +- Fix groups. +- Fix build. + +* Fri Jul 24 2009 Fedora Release Engineering - 0:5.2-7.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon Feb 23 2009 Fedora Release Engineering - 0:5.2-6.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Thu Dec 04 2008 Permaine Cheung 0:5.2-5.1 +- Do not install poms in /usr/share/maven2/default_poms + +* Wed Jul 9 2008 Tom "spot" Callaway - 0:5.2-5 +- drop repotag + +* Tue Feb 19 2008 Fedora Release Engineering - 0:5.2-4jpp.2 +- Autorebuild for GCC 4.3 + +* Tue Jan 22 2008 Permaine Cheung 0:5.2-3jpp.1 +- Merge with upstream + +* Mon Jan 07 2008 Permaine Cheung 0:5.2-2jpp.2 +- Fixed unowned directory (Bugzilla 246185) + +* Fri Nov 16 2007 Ralph Apel 0:5.2-3jpp +- Install poms unconditionally +- Add pom in ./maven2/default_poms +- Add org.apache.bcel:bcel depmap frag + +* Wed Sep 19 2007 Permaine Cheung 0:5.2-2jpp.1 +- Update to 5.2 in Fedora + +* Mon Sep 4 2007 Jason Corley 0:5.2-2jpp +- use official 5.2 release tarballs and location +- change vendor and distribution to macros +- add missing requires on and maven-plugin-test, maven-plugins-base, and + maven-plugin-xdoc +- macro bracket fixes +- remove demo subpackage (examples are not included in the distribution tarball) +- build in mock + +* Wed Jun 27 2007 Ralph Apel 0:5.2-1jpp +- Upgrade to 5.2 +- Drop bootstrap option: not necessary any more +- Add pom and depmap frags + +* Fri Feb 09 2007 Ralph Apel 0:5.1-10jpp +- Fix empty-%%post and empty-%%postun +- Fix no-cleaning-of-buildroot + +* Fri Feb 09 2007 Ralph Apel 0:5.1-9jpp +- Optionally build without maven +- Add bootstrap option + +* Thu Aug 10 2006 Matt Wringe 0:5.1-8jpp +- Add missing requires for Javadoc task + +* Sun Jul 23 2006 Matt Wringe 0:5.1-7jpp +- Add conditional native compilation +- Change spec file encoding from ISO-8859-1 to UTF-8 +- Add missing BR werken.xpath and ant-apache-regexp + +* Tue Apr 11 2006 Ralph Apel 0:5.1-6jpp +- First JPP-1.7 release +- Use tidyed sources from svn +- Add resources to build the manual +- Add examples to -demo subpackage +- Build with maven by default +- Add option to build with straight ant + +* Fri Nov 19 2004 David Walluck 0:5.1-5jpp +- rebuild to fix packager + +* Sat Nov 06 2004 David Walluck 0:5.1-4jpp +- rebuild with javac 1.4.2 + +* Sat Oct 16 2004 David Walluck 0:5.1-3jpp +- rebuild for JPackage 1.6 + +* Fri Aug 20 2004 Ralph Apel 0:5.1-2jpp +- Build with ant-1.6.2 + +* Sun May 11 2003 David Walluck 0:5.1-1jpp +- 5.1 +- update for JPackage 1.5 + +* Mon Mar 24 2003 Nicolas Mailhot - 5.0-6jpp +- For jpackage-utils 1.5 + +* Tue Feb 25 2003 Ville Skyttä - 5.0-5jpp +- Rebuild to get docdir right on modern distros. +- Fix License tag and source file perms. +- Built with IBM's 1.3.1SR3 (doesn't build with Sun's 1.4.1_01). + +* Tue Jun 11 2002 Henri Gomez 5.0-4jpp +- use sed instead of bash 2.x extension in link area to make spec compatible + with distro using bash 1.1x + +* Tue May 07 2002 Guillaume Rousse 5.0-3jpp +- vendor, distribution, group tags + +* Wed Jan 23 2002 Guillaume Rousse 5.0-2jpp +- section macro +- no dependencies for manual and javadoc package + +* Tue Jan 22 2002 Henri Gomez 5.0-1jpp +- bcel is now a jakarta apache project +- dependency on jakarta-regexp instead of gnu.regexp +- created manual package + +* Sat Dec 8 2001 Guillaume Rousse 4.4.1-2jpp +- javadoc into javadoc package +- Requires: and BuildRequires: gnu.regexp + +* Wed Nov 21 2001 Christian Zoffoli 4.4.1-1jpp +- removed packager tag +- new jpp extension +- 4.4.1 + +* Thu Oct 11 2001 Guillaume Rousse 4.4.0-2jpp +- first unified release +- used lower case for name +- used original tarball +- s/jPackage/JPackage + +* Mon Aug 27 2001 Guillaume Rousse 4.4.0-1mdk +- first Mandrake release diff --git a/sources b/sources new file mode 100644 index 0000000..cd0052f --- /dev/null +++ b/sources @@ -0,0 +1 @@ +25776e5a1f46c81e8a04102be70129b0 bcel-6.4.1-src.tar.gz -- cgit v1.2.3