diff --git a/CVE-2018-11798.patch b/CVE-2018-11798.patch deleted file mode 100644 index 65d7fdfa80bb0d6c763512d4ac3178d117808421..0000000000000000000000000000000000000000 --- a/CVE-2018-11798.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 54356a41474cccb0e2e2a7fc4b646812acadb7ec Mon Sep 17 00:00:00 2001 -From: jfarrell -Date: Thu, 4 Oct 2018 23:00:28 -0400 -Subject: [PATCH] Thrift-4647: Node.js Filesever webroot fixed path - -Updates the node.js fileserver to have a fixed based webroot which can -not be escaped by end users. ---- - lib/js/test/server_http.js | 2 +- - lib/js/test/server_https.js | 2 +- - lib/nodejs/lib/thrift/web_server.js | 10 +++++++++- - 3 files changed, 11 insertions(+), 3 deletions(-) - -diff --git a/lib/js/test/server_http.js b/lib/js/test/server_http.js -index e195e80..c516409 100644 ---- a/lib/js/test/server_http.js -+++ b/lib/js/test/server_http.js -@@ -36,7 +36,7 @@ var ThriftTestSvcOpt = { - }; - - var ThriftWebServerOptions = { -- files: ".", -+ files: __dirname, - services: { - "/service": ThriftTestSvcOpt - } -diff --git a/lib/js/test/server_https.js b/lib/js/test/server_https.js -index af1745b..9499b09 100644 ---- a/lib/js/test/server_https.js -+++ b/lib/js/test/server_https.js -@@ -40,7 +40,7 @@ var ThriftTestSvcOpt = { - }; - - var ThriftWebServerOptions = { -- files: ".", -+ files: __dirname, - tls: { - key: fs.readFileSync("../../../test/keys/server.key"), - cert: fs.readFileSync("../../../test/keys/server.crt") -diff --git a/lib/nodejs/lib/thrift/web_server.js b/lib/nodejs/lib/thrift/web_server.js -index 37159ea..47e8a9f 100644 ---- a/lib/nodejs/lib/thrift/web_server.js -+++ b/lib/nodejs/lib/thrift/web_server.js -@@ -414,7 +414,15 @@ exports.createWebServer = function(options) { - - //Locate the file requested and send it - var uri = url.parse(request.url).pathname; -- var filename = path.join(baseDir, uri); -+ var filename = path.resolve(path.join(baseDir, uri)); -+ -+ //Ensure the basedir path is not able to be escaped -+ if (filename.indexOf(baseDir) != 0) { -+ response.writeHead(400, "Invalid request path", {}); -+ response.end(); -+ return; -+ } -+ - fs.exists(filename, function(exists) { - if(!exists) { - response.writeHead(404); --- -2.23.0 - diff --git a/CVE-2018-1320.patch b/CVE-2018-1320.patch deleted file mode 100644 index 5021496d3fbac34212c63fe5c73d7c892ff893c9..0000000000000000000000000000000000000000 --- a/CVE-2018-1320.patch +++ /dev/null @@ -1,32 +0,0 @@ -From d973409661f820d80d72c0034d06a12348c8705e Mon Sep 17 00:00:00 2001 -From: "James E. King III" -Date: Mon, 5 Mar 2018 11:34:21 -0500 -Subject: [PATCH] THRIFT-4506: fix use of assert for correctness in Java SASL - negotiation Client: java - ---- - lib/java/src/org/apache/thrift/transport/TSaslTransport.java | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/lib/java/src/org/apache/thrift/transport/TSaslTransport.java b/lib/java/src/org/apache/thrift/transport/TSaslTransport.java -index a94d9a7760..bbd3f9a34a 100644 ---- a/lib/java/src/org/apache/thrift/transport/TSaslTransport.java -+++ b/lib/java/src/org/apache/thrift/transport/TSaslTransport.java -@@ -287,7 +287,7 @@ public void open() throws TTransportException { - if (message.status == NegotiationStatus.COMPLETE && - getRole() == SaslRole.CLIENT) { - LOGGER.debug("{}: All done!", getRole()); -- break; -+ continue; - } - - sendSaslMessage(sasl.isComplete() ? NegotiationStatus.COMPLETE : NegotiationStatus.OK, -@@ -295,8 +295,6 @@ public void open() throws TTransportException { - } - LOGGER.debug("{}: Main negotiation loop complete", getRole()); - -- assert sasl.isComplete(); -- - // If we're the client, and we're complete, but the server isn't - // complete yet, we need to wait for its response. This will occur - // with ANONYMOUS auth, for example, where we send an initial response diff --git a/CVE-2019-0205.patch b/CVE-2019-0205.patch deleted file mode 100644 index 74c1fc8a7a00c4381825df45e261d32044452d38..0000000000000000000000000000000000000000 --- a/CVE-2019-0205.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 2b70c1df2bb2c1667f30dff6d4b263459fabe91a Mon Sep 17 00:00:00 2001 -From: Jens Geyer -Date: Sat, 9 Feb 2019 11:50:03 +0100 -Subject: [PATCH] THRIFT-4784 Thrift should throw when skipping over unexpected - data Client: as3 Patch: Jens Geyer - ---- - lib/as3/src/org/apache/thrift/protocol/TProtocolUtil.as | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/as3/src/org/apache/thrift/protocol/TProtocolUtil.as b/lib/as3/src/org/apache/thrift/protocol/TProtocolUtil.as -index 513df954be..22877b75b2 100644 ---- a/lib/as3/src/org/apache/thrift/protocol/TProtocolUtil.as -+++ b/lib/as3/src/org/apache/thrift/protocol/TProtocolUtil.as -@@ -141,7 +141,7 @@ package org.apache.thrift.protocol { - break; - } - default: -- break; -+ throw new TProtocolError(TProtocolError.INVALID_DATA, "invalid data"); - } - } - } diff --git a/CVE-2019-0210.patch b/CVE-2019-0210.patch deleted file mode 100644 index 0a98b0ed07f67d3b2e4c54a8698a21a7c4b88794..0000000000000000000000000000000000000000 --- a/CVE-2019-0210.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 264a3f318ed3e9e51573f67f963c8509786bcec2 Mon Sep 17 00:00:00 2001 -From: Jens Geyer -Date: Sat, 23 Feb 2019 13:11:40 +0100 -Subject: [PATCH] additional test for TSimpleJSONProtocol - ---- - lib/go/thrift/json_protocol.go | 5 +---- - lib/go/thrift/simple_json_protocol.go | 4 ++-- - lib/go/thrift/simple_json_protocol_test.go | 22 ++++++++++++++++++++++ - 3 files changed, 25 insertions(+), 6 deletions(-) - -diff --git a/lib/go/thrift/json_protocol.go b/lib/go/thrift/json_protocol.go -index 7be685d43f..800ac22c7b 100644 ---- a/lib/go/thrift/json_protocol.go -+++ b/lib/go/thrift/json_protocol.go -@@ -31,10 +31,7 @@ const ( - // for references to _ParseContext see tsimplejson_protocol.go - - // JSON protocol implementation for thrift. --// --// This protocol produces/consumes a simple output format --// suitable for parsing by scripting languages. It should not be --// confused with the full-featured TJSONProtocol. -+// Utilizes Simple JSON protocol - // - type TJSONProtocol struct { - *TSimpleJSONProtocol -diff --git a/lib/go/thrift/simple_json_protocol.go b/lib/go/thrift/simple_json_protocol.go -index 2e8a71112a..f5e0c05d18 100644 ---- a/lib/go/thrift/simple_json_protocol.go -+++ b/lib/go/thrift/simple_json_protocol.go -@@ -59,7 +59,7 @@ func (p _ParseContext) String() string { - return "UNKNOWN-PARSE-CONTEXT" - } - --// JSON protocol implementation for thrift. -+// Simple JSON protocol implementation for thrift. - // - // This protocol produces/consumes a simple output format - // suitable for parsing by scripting languages. It should not be -@@ -1316,7 +1316,7 @@ func (p *TSimpleJSONProtocol) readNumeric() (Numeric, error) { - func (p *TSimpleJSONProtocol) safePeekContains(b []byte) bool { - for i := 0; i < len(b); i++ { - a, _ := p.reader.Peek(i + 1) -- if len(a) == 0 || a[i] != b[i] { -+ if len(a) < (i+1) || a[i] != b[i] { - return false - } - } -diff --git a/lib/go/thrift/simple_json_protocol_test.go b/lib/go/thrift/simple_json_protocol_test.go -index 7b98082a4e..0126da0a8e 100644 ---- a/lib/go/thrift/simple_json_protocol_test.go -+++ b/lib/go/thrift/simple_json_protocol_test.go -@@ -713,3 +713,25 @@ func TestWriteSimpleJSONProtocolMap(t *testing.T) { - } - trans.Close() - } -+ -+func TestWriteSimpleJSONProtocolSafePeek(t *testing.T) { -+ trans := NewTMemoryBuffer() -+ p := NewTSimpleJSONProtocol(trans) -+ trans.Write([]byte{'a', 'b'}) -+ trans.Flush(context.Background()) -+ -+ test1 := p.safePeekContains([]byte{'a', 'b'}) -+ if !test1 { -+ t.Fatalf("Should match at test 1") -+ } -+ -+ test2 := p.safePeekContains([]byte{'a', 'b', 'c', 'd'}) -+ if test2 { -+ t.Fatalf("Should not match at test 2") -+ } -+ -+ test3 := p.safePeekContains([]byte{'x', 'y'}) -+ if test3 { -+ t.Fatalf("Should not match at test 3") -+ } -+} diff --git a/THRIFT-4177.patch b/THRIFT-4177.patch deleted file mode 100644 index c0c331b28caa9de41834c4b42de97fab616c98f4..0000000000000000000000000000000000000000 --- a/THRIFT-4177.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff --git a/compiler/cpp/src/thrift/generate/t_java_generator.cc b/compiler/cpp/src/thrift/generate/t_java_generator.cc -index fb581e4..90dfa06 100644 ---- a/compiler/cpp/src/thrift/generate/t_java_generator.cc -+++ b/compiler/cpp/src/thrift/generate/t_java_generator.cc -@@ -4657,8 +4657,9 @@ void t_java_generator::generate_deep_copy_non_container(ofstream& out, - std::string dest_name, - t_type* type) { - (void)dest_name; -+ type = get_true_type(type); - if (type->is_base_type() || type->is_enum() || type->is_typedef()) { -- if (((t_base_type*)type)->is_binary()) { -+ if (type->is_binary()) { - out << "org.apache.thrift.TBaseHelper.copyBinary(" << source_name << ")"; - } else { - // everything else can be copied directly -diff --git a/compiler/cpp/src/thrift/parse/t_type.h b/compiler/cpp/src/thrift/parse/t_type.h -index 30f8c1f7..3a6d1e04 100644 ---- a/compiler/cpp/src/thrift/parse/t_type.h -+++ b/compiler/cpp/src/thrift/parse/t_type.h -@@ -47,6 +47,7 @@ public: - virtual bool is_void() const { return false; } - virtual bool is_base_type() const { return false; } - virtual bool is_string() const { return false; } -+ virtual bool is_binary() const { return false; } - virtual bool is_bool() const { return false; } - virtual bool is_typedef() const { return false; } - virtual bool is_enum() const { return false; } diff --git a/bootstrap.sh b/bootstrap.sh index 52ecda47b3ada21336bb7bb853e3c8d27c945bb6..1989437a04164d866ee299939a904a404a1c8510 100644 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -19,7 +19,10 @@ # under the License. # -./cleanup.sh +echo -n "make distclean... " +make -k distclean >/dev/null 2>&1 +echo "ok" + if test -d lib/php/src/ext/thrift_protocol ; then if phpize -v >/dev/null 2>/dev/null ; then (cd lib/php/src/ext/thrift_protocol && phpize) @@ -38,17 +41,24 @@ else exit 1 fi +format_version () { + printf "%03d%03d%03d%03d" $(echo $1 | tr '.' ' '); +} + # we require automake 1.13 or later # check must happen externally due to use of newer macro AUTOMAKE_VERSION=`automake --version | grep automake | egrep -o '([0-9]{1,}\.)+[0-9]{1,}'` -if [ "$AUTOMAKE_VERSION" \< "1.13" ]; then +if [ $(format_version $AUTOMAKE_VERSION) -lt $(format_version 1.13) ]; then echo >&2 "automake version $AUTOMAKE_VERSION is too old (need 1.13 or later)" exit 1 fi +set -e autoscan $LIBTOOLIZE --copy --automake aclocal -I ./aclocal autoheader +sed '/undef VERSION/d' config.hin > config.hin2 +mv config.hin2 config.hin autoconf automake --copy --add-missing --foreign diff --git a/fb303-0.10.0-buildxml.patch b/fb303-0.10.0-buildxml.patch deleted file mode 100644 index eb3825a1c96ba7d63e9051f66ec19f01e397395f..0000000000000000000000000000000000000000 --- a/fb303-0.10.0-buildxml.patch +++ /dev/null @@ -1,158 +0,0 @@ -diff --git a/contrib/fb303/java/build.xml b/contrib/fb303/java/build.xml -index 8f2fa51..d89f05e 100755 ---- a/contrib/fb303/java/build.xml -+++ b/contrib/fb303/java/build.xml -@@ -17,8 +17,7 @@ - specific language governing permissions and limitations - under the License. - --> -- -+ - - - -@@ -38,8 +37,8 @@ - - - -- -- -+ -+ - - - -@@ -50,7 +49,7 @@ - - - -- -+ - - - -@@ -72,13 +71,21 @@ - - - -- -+ - - -- -- -- -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - -+ - - - -@@ -99,97 +106,4 @@ - - - -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - diff --git a/fix-ppc64le-builds.patch b/fix-ppc64le-builds.patch deleted file mode 100644 index f56ad866cc8053b8c22a9454ce5126f2c5d7028e..0000000000000000000000000000000000000000 --- a/fix-ppc64le-builds.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/aclocal/ax_boost_base.m4 b/aclocal/ax_boost_base.m4 -index b496020..30ee0df 100644 ---- a/aclocal/ax_boost_base.m4 -+++ b/aclocal/ax_boost_base.m4 -@@ -92,7 +92,7 @@ if test "x$want_boost" = "xyes"; then - libsubdirs="lib" - ax_arch=`uname -m` - case $ax_arch in -- x86_64|ppc64|s390x|sparc64|aarch64) -+ x86_64|ppc64|ppc64le|s390x|sparc64|aarch64) - libsubdirs="lib64 lib lib64" - ;; - esac diff --git a/libfb303-0.10.0.pom b/libfb303-0.10.0.pom deleted file mode 100644 index c3fddde8a582f8331190152ea98171a44d5d66a4..0000000000000000000000000000000000000000 --- a/libfb303-0.10.0.pom +++ /dev/null @@ -1,104 +0,0 @@ - - - 4.0.0 - org.apache.thrift - libfb303 - 0.10.0 - pom - Apache Thrift - Thrift is a software framework for scalable cross-language services development. - http://thrift.apache.org - - - The Apache Software License, Version 2.0 - http://www.apache.org/licenses/LICENSE-2.0.txt - - - - - mcslee - Mark Slee - - - dreiss - David Reiss - - - aditya - Aditya Agarwal - - - marck - Marc Kwiatkowski - - - jwang - James Wang - - - cpiro - Chris Piro - - - bmaurer - Ben Maurer - - - kclark - Kevin Clark - - - jake - Jake Luciani - - - bryanduxbury - Bryan Duxbury - - - esteve - Esteve Fernandez - - - todd - Todd Lipcon - - - geechorama - Andrew McGeachie - - - molinaro - Anthony Molinaro - - - roger - Roger Meier - - - jfarrell - Jake Farrell - - - jensg - Jens Geyer - - - carl - Carl Yeksigian - - - - scm:git:https://git-wip-us.apache.org/repos/asf/thrift.git - scm:git:https://git-wip-us.apache.org/repos/asf/thrift.git - https://git-wip-us.apache.org/repos/asf?p=thrift.git - - - - org.apache.thrift - libthrift - 0.10.0 - - - diff --git a/libthrift-0.10.0.pom b/libthrift-0.14.0.pom similarity index 42% rename from libthrift-0.10.0.pom rename to libthrift-0.14.0.pom index 7c5f61da53e20ed128869cbeb7cf4d103a1692d0..31d44dec4dc4f3a92b191035915492e4fea5c2c1 100644 --- a/libthrift-0.10.0.pom +++ b/libthrift-0.14.0.pom @@ -4,8 +4,7 @@ 4.0.0 org.apache.thrift libthrift - 0.10.0 - pom + 0.14.0 Apache Thrift Thrift is a software framework for scalable cross-language services development. http://thrift.apache.org @@ -13,92 +12,39 @@ The Apache Software License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt + repo - mcslee - Mark Slee - - - dreiss - David Reiss - - - aditya - Aditya Agarwal - - - marck - Marc Kwiatkowski - - - jwang - James Wang - - - cpiro - Chris Piro - - - bmaurer - Ben Maurer - - - kclark - Kevin Clark - - - jake - Jake Luciani - - - bryanduxbury - Bryan Duxbury - - - esteve - Esteve Fernandez - - - todd - Todd Lipcon - - - geechorama - Andrew McGeachie - - - molinaro - Anthony Molinaro - - - roger - Roger Meier - - - jfarrell - Jake Farrell - - - jensg - Jens Geyer - - - carl - Carl Yeksigian + dev + Apache Thrift Developers + dev@thrift.apache.org - scm:git:https://git-wip-us.apache.org/repos/asf/thrift.git - scm:git:https://git-wip-us.apache.org/repos/asf/thrift.git - https://git-wip-us.apache.org/repos/asf?p=thrift.git + scm:git:https://github.com/apache/thrift.git + scm:git:git@github.com:apache/thrift.git + https://github.com/apache/thrift org.slf4j slf4j-api - 1.7.12 + 1.7.25 + compile + + + org.apache.httpcomponents + httpclient + 4.5.6 + compile + + + org.apache.httpcomponents + httpcore + 4.4.1 + compile javax.servlet @@ -107,14 +53,28 @@ provided - org.apache.httpcomponents - httpclient - 4.4.1 + javax.annotation + javax.annotation-api + 1.3.2 + compile - org.apache.httpcomponents - httpcore - 4.4.1 + junit + junit + 4.12 + test + + + org.mockito + mockito-all + 1.9.5 + test + + + org.slf4j + slf4j-log4j12 + 1.7.25 + test diff --git a/python3.patch b/python3.patch deleted file mode 100644 index c2908fd45c045995cc28b5b71252ec379bb867ae..0000000000000000000000000000000000000000 --- a/python3.patch +++ /dev/null @@ -1,72 +0,0 @@ -diff --git a/contrib/fb303/py/fb303_scripts/fb303_simple_mgmt.py b/contrib/fb303/py/fb303_scripts/fb303_simple_mgmt.py -index 4b1c257..df1c8cc 100644 ---- a/contrib/fb303/py/fb303_scripts/fb303_simple_mgmt.py -+++ b/contrib/fb303/py/fb303_scripts/fb303_simple_mgmt.py -@@ -57,24 +57,24 @@ def service_ctrl( - msg = fb_status_string(status) - if (len(status_details)): - msg += " - %s" % status_details -- print msg -+ print(msg) - - if (status == fb_status.ALIVE): - return 2 - else: - return 3 - except: -- print "Failed to get status" -+ print("Failed to get status") - return 3 - - # scalar commands - if command in ["version", "alive", "name"]: - try: - result = fb303_wrapper(command, port, trans_factory, prot_factory) -- print result -+ print(result) - return 0 - except: -- print "failed to get ", command -+ print("failed to get ", command) - return 3 - - # counters -@@ -82,10 +82,10 @@ def service_ctrl( - try: - counters = fb303_wrapper('counters', port, trans_factory, prot_factory) - for counter in counters: -- print "%s: %d" % (counter, counters[counter]) -+ print("%s: %d" % (counter, counters[counter])) - return 0 - except: -- print "failed to get counters" -+ print("failed to get counters") - return 3 - - # Only root should be able to run the following commands -@@ -96,19 +96,19 @@ def service_ctrl( - fb303_wrapper(command, port, trans_factory, prot_factory) - return 0 - except: -- print "failed to tell the service to ", command -+ print("failed to tell the service to ", command) - return 3 - else: - if command in ["stop", "reload"]: -- print "root privileges are required to stop or reload the service." -+ print("root privileges are required to stop or reload the service.") - return 4 - -- print "The following commands are available:" -+ print("The following commands are available:") - for command in ["counters", "name", "version", "alive", "status"]: -- print "\t%s" % command -- print "The following commands are available for users with root privileges:" -+ print("\t%s" % command) -+ print("The following commands are available for users with root privileges:") - for command in ["stop", "reload"]: -- print "\t%s" % command -+ print("\t%s" % command) - - return 0 - diff --git a/thrift-0.10.0-buildxml.patch b/thrift-0.10.0-buildxml.patch deleted file mode 100644 index 8931c036c25ddc04e564b4d2dacb1cea46e57738..0000000000000000000000000000000000000000 --- a/thrift-0.10.0-buildxml.patch +++ /dev/null @@ -1,235 +0,0 @@ -diff --git a/lib/java/build.xml b/lib/java/build.xml -index 40e5284..db1ce54 100644 ---- a/lib/java/build.xml -+++ b/lib/java/build.xml -@@ -17,8 +17,7 @@ - specific language governing permissions and limitations - under the License. - --> -- -+ - - Thrift Build File - -@@ -67,8 +66,15 @@ - - - -- -- -+ -+ -+ -+ -+ -+ -+ -+ -+ - - - -@@ -78,11 +84,14 @@ - - - -- -+ -+ -+ -+ - - - -- -+ - - - -@@ -295,120 +304,12 @@ - - - -- - - - -- -- -- - - -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -+ - - -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - -diff --git a/tutorial/java/build.xml b/tutorial/java/build.xml -index 7638d5b..c5ca703 100644 ---- a/tutorial/java/build.xml -+++ b/tutorial/java/build.xml -@@ -29,13 +29,33 @@ - - - -- -- -+ -+ -+ -+ -+ -+ -+ -+ -+ - - - -- - -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - - - -diff --git a/tutorial/js/build.xml b/tutorial/js/build.xml -index a9a9ad4..2fddf0c 100644 ---- a/tutorial/js/build.xml -+++ b/tutorial/js/build.xml -@@ -35,8 +35,16 @@ - - - -- -- -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - - - diff --git a/thrift-0.10.0.tar.gz b/thrift-0.14.0.tar.gz similarity index 30% rename from thrift-0.10.0.tar.gz rename to thrift-0.14.0.tar.gz index e30c99fcc8b5f698ae4041ef384be1ce4fed5231..ae1f3db2f579dda5d7df624bda8380835510c051 100644 Binary files a/thrift-0.10.0.tar.gz and b/thrift-0.14.0.tar.gz differ diff --git a/thrift-char.patch b/thrift-char.patch new file mode 100644 index 0000000000000000000000000000000000000000..3004d3678403e534ea6cb80863868ed1cc4bc1f0 --- /dev/null +++ b/thrift-char.patch @@ -0,0 +1,13 @@ +diff --git a/compiler/cpp/src/thrift/generate/t_delphi_generator.cc b/compiler/cpp/src/thrift/generate/t_delphi_generator.cc +index d3ad76a32..eac46a6c7 100644 +--- a/compiler/cpp/src/thrift/generate/t_delphi_generator.cc ++++ b/compiler/cpp/src/thrift/generate/t_delphi_generator.cc +@@ -1062,7 +1062,7 @@ std::string t_delphi_generator::make_pascal_string_literal(std::string value) { + } + + result << "'"; +- for (char const &c: value) { ++ for (signed char const c: value) { + if( (c >= 0) && (c < 32)) { // convert ctrl chars, but leave UTF-8 alone + result << "#" << (int)c; + } else if (c == '\'') { diff --git a/thrift.spec b/thrift.spec index f2edece6933ea0c6a0f6b1b116d8b3836058635b..0acecef14ccb52c9dbb84a6d24114dc705846d67 100644 --- a/thrift.spec +++ b/thrift.spec @@ -4,6 +4,12 @@ %global have_mongrel 0 %global have_jsx 0 %global want_d 0 +%global want_java 0 +%if 0%{?want_java} == 0 +%global java_configure --without-java +%else +%global java_configure --with-java +%endif %if 0%{?have_mongrel} == 0 %global ruby_configure --without-ruby %global with_ruby 0 @@ -28,30 +34,32 @@ %endif %global want_golang 0 %global golang_configure --without-go +%global want_lua 0 +%global lua_configure --without-lua Name: thrift -Version: 0.10.0 -Release: 3 +Version: 0.14.0 +Release: 1 Summary: Software framework for cross-language services development License: ASL 2.0 and BSD and zlib and MIT URL: https://thrift.apache.org/ Source0: https://archive.apache.org/dist/thrift/%{version}/thrift-%{version}.tar.gz Source1: https://repo1.maven.org/maven2/org/apache/thrift/libthrift/%{version}/libthrift-%{version}.pom Source2: https://raw.github.com/apache/thrift/%{version}/bootstrap.sh -Source3: https://repo1.maven.org/maven2/org/apache/thrift/libfb303/%{version}/libfb303-%{version}.pom -Patch0: thrift-%{version}-buildxml.patch -Patch1: fb303-%{version}-buildxml.patch +Patch0: thrift-char.patch Patch2: configure-java-prefix.patch -Patch3: fix-ppc64le-builds.patch -Patch4: THRIFT-4177.patch -Patch5: python3.patch -Patch6: CVE-2018-11798.patch -Patch7: CVE-2018-1320.patch -Patch8: CVE-2019-0205.patch -Patch9: CVE-2019-0210.patch +%if 0%{?want_java} > 0 +BuildRequires: ant >= 1.7 +%endif +BuildRequires: make autoconf automake bison boost-devel boost-static flex gcc-c++ glib2-devel +BuildRequires: libevent-devel libstdc++-devel libtool openssl-devel qt5-qtbase-devel texlive +BuildRequires: zlib-devel +Obsoletes: libthrift-java < %{version}-%{release} +Obsoletes: libthrift-javadoc < %{version}-%{release} +Obsoletes: fb303 < %{version}-%{release} +Obsoletes: python3-fb303 < %{version}-%{release} +Obsoletes: fb303-devel < %{version}-%{release} +Obsoletes: fb303-java < %{version}-%{release} -BuildRequires: ant >= 1.7 autoconf automake bison boost-devel flex flex-devel gcc-c++ -BuildRequires: glib2-devel libevent-devel libstdc++-devel libtool openssl-devel qt-devel -BuildRequires: texlive zlib-devel %if 0%{?want_golang} > 0 BuildRequires: golang Requires: golang @@ -83,7 +91,7 @@ The thrift-qt package contains GLib bindings for thrift. %package -n python3-thrift Summary: Python 3 support for thrift -BuildRequires: python3-devel +BuildRequires: python3-devel python3-setuptools Requires: thrift%{?_isa} = %{version}-%{release} python3 Obsoletes: python-thrift < 0.10.0-1%{?dist} Obsoletes: python2-thrift < 0.10.0-14%{?dist} @@ -99,6 +107,9 @@ Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $ Requires: perl(Bit::Vector) perl(Encode) perl(HTTP::Request) perl(IO::Select) Requires: perl(IO::Socket::INET) perl(IO::String) perl(LWP::UserAgent) perl(POSIX) Requires: perl(base) perl(constant) perl(strict) perl(utf8) perl(warnings) +Provides: perl(Thrift::Exception) +Provides: perl(Thrift::MessageType) +Provides: perl(Thrift::Type) BuildArch: noarch %description -n perl-thrift The perl-thrift package contains Perl bindings for thrift. @@ -120,6 +131,7 @@ BuildRequires: php-devel %description -n php-thrift The php-thrift package contains PHP bindings for thrift. %endif +%if 0%{?want_java} > 0 %package -n libthrift-javadoc Summary: API documentation for java-thrift @@ -141,6 +153,7 @@ Requires: mvn(org.apache.httpcomponents:httpcore) BuildArch: noarch %description -n libthrift-java The libthrift-java package contains Java bindings for thrift. +%endif %if 0%{?want_ruby} > 0 %package -n ruby-thrift @@ -160,51 +173,19 @@ BuildRequires: erlang erlang-rebar The erlang-thrift package contains Erlang bindings for thrift. %endif -%package -n fb303 -Summary: Basic interface for Thrift services -Requires: thrift%{?_isa} = %{version}-%{release} -%description -n fb303 -fb303 is the shared root of all Thrift services; it provides a -standard interface to monitoring, dynamic options and configuration, -uptime reports, activity, etc. - -%package -n fb303-devel -Summary: Development files for fb303 -Requires: fb303%{?_isa} = %{version}-%{release} -%description -n fb303-devel -The fb303-devel package contains header files for fb303 - -%package -n python3-fb303 -Summary: Python 3 bindings for fb303 -Requires: fb303%{?_isa} = %{version}-%{release} -BuildRequires: python3-devel -Obsoletes: python-fb303 < 0.10.0-1%{?dist} -Obsoletes: python2-fb303 < 0.10.0-14%{?dist} -%description -n python3-fb303 -The python3-fb303 package contains Python bindings for fb303. - -%package -n fb303-java -Summary: Java bindings for fb303 -Requires: java-headless >= 1:1.6.0 javapackages-tools mvn(org.slf4j:slf4j-api) -Requires: mvn(commons-lang:commons-lang) mvn(org.apache.httpcomponents:httpclient) -Requires: mvn(org.apache.httpcomponents:httpcore) -BuildArch: noarch -%description -n fb303-java -The fb303-java package contains Java bindings for fb303. - %prep %autosetup -p1 %{?!el5:sed -i -e 's/^AC_PROG_LIBTOOL/LT_INIT/g' configure.ac} find . -name \*.cpp -or -name \*.cc -or -name \*.h | xargs -r chmod 644 cp -p %{SOURCE2} bootstrap.sh echo 'libthrift_c_glib_la_LIBADD = $(GLIB_LIBS) $(GOBJECT_LIBS) -L../cpp/.libs ' >> lib/c_glib/Makefile.am -echo 'libthriftqt_la_LIBADD = $(QT_LIBS) -lthrift -L.libs' >> lib/cpp/Makefile.am +echo 'libthriftqt5_la_LIBADD = $(QT_LIBS) -lthrift -L.libs' >> lib/cpp/Makefile.am echo 'libthriftz_la_LIBADD = $(ZLIB_LIBS) -lthrift -L.libs' >> lib/cpp/Makefile.am -echo 'EXTRA_libthriftqt_la_DEPENDENCIES = libthrift.la' >> lib/cpp/Makefile.am +echo 'EXTRA_libthriftqt5_la_DEPENDENCIES = libthrift.la' >> lib/cpp/Makefile.am echo 'EXTRA_libthriftz_la_DEPENDENCIES = libthrift.la' >> lib/cpp/Makefile.am -sed -i 's|libfb303_so_LDFLAGS = $(SHARED_LDFLAGS)|libfb303_so_LDFLAGS = $(SHARED_LDFLAGS) -lthrift -L../../../lib/cpp/.libs -Wl,--as-needed|g' contrib/fb303/cpp/Makefile.am sed -i 's|ANT_VALID=.*|ANT_VALID=1|' aclocal/ax_javac_and_java.m4 -sed -i 's|ANT_VALID=.*|ANT_VALID=1|' contrib/fb303/aclocal/ax_javac_and_java.m4 +shopt -s globstar +sed -i -E 's@^(#!.*/env) *python *$@\1 python3@' **/*.py %build export PY_PREFIX=%{_prefix} @@ -219,46 +200,26 @@ export GOBJECT_CFLAGS=$(pkg-config --cflags gobject-2.0) find %{_builddir} -name rebar -exec rm -f '{}' \; find . -name Makefile\* -exec sed -i -e 's/[.][/]rebar/rebar/g' {} \; sed -i 's|-Dinstall.javadoc.path=$(DESTDIR)$(docdir)/java|-Dinstall.javadoc.path=$(DESTDIR)%{_javadocdir}/thrift|' lib/java/Makefile.* -sed -i 's|${thrift.artifactid}-${version}|${thrift.artifactid}|' lib/java/build.xml sed -i 's|$(INSTALL) $$p|$(INSTALL) --mode 644 $$p|g' lib/erl/Makefile.am -sed -i 's|$(thrift_home)/bin/thrift|../../../compiler/cpp/thrift|g' \ - contrib/fb303/cpp/Makefile.am \ - contrib/fb303/py/Makefile.am -sed -i 's|$(prefix)/lib$|%{_libdir}|g' contrib/fb303/cpp/Makefile.am -sed -i 's|$(thrift_home)/include/thrift|../../../lib/cpp/src|g' \ - contrib/fb303/cpp/Makefile.am -echo "all: - ant -install: build/libfb303.jar - mkdir -p %{buildroot}%{_javadir} - /usr/bin/install -c -m 644 build/libfb303.jar %{buildroot}%{_javadir} -" > contrib/fb303/java/Makefile sh ./bootstrap.sh export PYTHON=%{_bindir}/python3 -%configure --disable-dependency-tracking --disable-static --with-boost=/usr %{ruby_configure} %{erlang_configure} %{golang_configure} %{php_configure} --with-py3 --docdir=%{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/thrift-%{version}} +%configure --disable-dependency-tracking --disable-static --with-boost=/usr \ + --docdir=%{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/thrift-%{version}} \ + %{java_configure} %{ruby_configure} %{erlang_configure} %{golang_configure} %{php_configure} %{lua_configure} sed -i -e 's/ -shared / -Wl,--as-needed\0/g' libtool -make %{?_smp_mflags} -( - cd contrib/fb303 - sed -i '/^[.][/]configure.*/d' bootstrap.sh - sh bootstrap.sh - %configure --disable-static --with-java --without-php --with-py3 --libdir=%{_libdir} - make %{?_smp_mflags} - ( - cd java - ant dist - ) -) +%make_build %install %make_install find %{buildroot} -name '*.la' -exec rm -f {} ';' find %{buildroot} -name fastbinary.so | xargs -r chmod 755 find %{buildroot} -name \*.erl -or -name \*.hrl -or -name \*.app | xargs -r chmod 644 +%if 0%{?want_java} > 0 find %{buildroot}/%{_javadir} -name libthrift-javadoc.jar -exec rm -f '{}' \; mkdir -p %{buildroot}%{_mavenpomdir} install -pm 644 %{SOURCE1} %{buildroot}%{_mavenpomdir}/JPP-libthrift.pom %add_maven_depmap JPP-libthrift.pom libthrift.jar +%endif find %{buildroot} -name \*.jar -a \! -name \*thrift\* -exec rm -f '{}' \; find %{buildroot} -name \*.pod -exec rm -f '{}' \; find %{buildroot} -name .packlist -exec rm -f '{}' \; @@ -270,21 +231,8 @@ mkdir -p %{buildroot}/%{_datadir}/php/ mv %{buildroot}/%{php_extdir}/Thrift %{buildroot}/%{_datadir}/php/ %endif # want_php find %{buildroot} -name Thread.h -exec chmod a-x '{}' \; -( - cd contrib/fb303 - make DESTDIR=%{buildroot} install - ( - cd java - ant -Dinstall.path=%{buildroot}%{_javadir} -Dinstall.javadoc.path=%{buildroot}%{_javadocdir}/fb303 install - ) -) -install -pm 644 %{SOURCE3} %{buildroot}%{_mavenpomdir}/JPP-libfb303.pom -%add_maven_depmap JPP-libfb303.pom libfb303.jar -f "fb303" find %{buildroot} -name \*.py -exec grep -q /usr/bin/env {} \; -print | xargs -r chmod 755 - -%post -p /sbin/ldconfig - -%postun -p /sbin/ldconfig +%ldconfig_scriptlets %files %doc LICENSE NOTICE @@ -298,19 +246,17 @@ find %{buildroot} -name \*.py -exec grep -q /usr/bin/env {} \; -print | xargs -r %{_libdir}/libthrift_c_glib.so.* %files qt -%{_libdir}/libthriftqt.so -%{_libdir}/libthriftqt-%{version}.so +%{_libdir}/libthriftqt5.so +%{_libdir}/libthriftqt5-%{version}.so %files devel %{_includedir}/thrift -%exclude %{_includedir}/thrift/fb303 %{_libdir}/*.so %{_libdir}/*.so.0 %{_libdir}/*.so.0.0.0 %exclude %{_libdir}/lib*-%{version}.so -%exclude %{_libdir}/libfb303.so %{_libdir}/pkgconfig/thrift-z.pc -%{_libdir}/pkgconfig/thrift-qt.pc +%{_libdir}/pkgconfig/thrift-qt5.pc %{_libdir}/pkgconfig/thrift-nb.pc %{_libdir}/pkgconfig/thrift.pc %{_libdir}/pkgconfig/thrift_c_glib.pc @@ -339,6 +285,7 @@ find %{buildroot} -name \*.py -exec grep -q /usr/bin/env {} \; -print | xargs -r %{python3_sitearch}/thrift %{python3_sitearch}/thrift-%{version}-py%{python3_version}.egg-info %doc LICENSE NOTICE +%if 0%{?want_java} > 0 %files -n libthrift-javadoc %{_javadocdir}/thrift @@ -346,27 +293,13 @@ find %{buildroot} -name \*.py -exec grep -q /usr/bin/env {} \; -print | xargs -r %files -n libthrift-java -f .mfiles %doc LICENSE NOTICE - -%files -n fb303 -%{_datarootdir}/fb303 -%doc LICENSE NOTICE - -%files -n fb303-devel -%{_libdir}/libfb303.so -%{_includedir}/thrift/fb303 -%doc LICENSE NOTICE - -%files -n python3-fb303 -%{python3_sitelib}/fb303 -%{python3_sitelib}/fb303_scripts -%{python3_sitelib}/thrift_fb303-%{version}-py%{python3_version}.egg-info -%doc LICENSE NOTICE - -%files -n fb303-java -f .mfiles-fb303 -%doc LICENSE NOTICE +%endif %changelog -* Tue Nov 12 2020 wangxiao - 0.10.0-3 +* Tue Feb 23 2021 wangyue - 0.14.0-1 +- Update to 0.14.0 to fix CVE-2020-13949 and Drop fb303 package and switch to qt5 + +* Thu Nov 12 2020 wangxiao - 0.10.0-3 - Fix CVE-2019-0205 and CVE-2019-0210 * Thu Nov 05 2020 wangyue - 0.10.0-2