Package: ant / 1.9.9-1+deb9u1

Metadata

Package Version Patches format
ant 1.9.9-1+deb9u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0009 reproducible timestamp task.patch | (download)

src/main/org/apache/tools/ant/taskdefs/Tstamp.java | 39 39 + 0 - 0 !
1 file changed, 39 insertions(+)

 add support for the source_date_epoch variable in the tstamp task
0010 reproducible javadoc task.patch | (download)

src/main/org/apache/tools/ant/taskdefs/Javadoc.java | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 improves the reproducibility of the javadoc task for the debian
 builds by setting the locale to 'en' and the encoding to UTF-8 if none was
 specified and SOURCE_DATE_EPOCH is set.
0011 reproducible propertyfile task.patch | (download)

src/main/org/apache/tools/ant/util/DateUtils.java | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 improves the reproducibility of the propertyfile task for the debian
 builds by using the date specified by the SOURCE_DATE_EPOCH variable in the header
 of the .properties file generated
CVE 2018 10886/unzip and friends could monitor where they write mor.patch | (download)

src/main/org/apache/tools/ant/taskdefs/Expand.java | 35 33 + 2 - 0 !
1 file changed, 33 insertions(+), 2 deletions(-)

 unzip and friends could monitor where they write more closely
CVE 2018 10886/forgot to update the manual.patch | (download)

manual/Tasks/unzip.html | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

 forgot to update the manual
CVE 2018 10886/and forgot two words oh my.patch | (download)

manual/Tasks/unzip.html | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 and forgot two words, oh my
CVE 2018 10886/change stripAbsolutePathSpec s default credit Snyk.patch | (download)

manual/Tasks/unzip.html | 3 2 + 1 - 0 !
src/main/org/apache/tools/ant/taskdefs/Expand.java | 2 1 + 1 - 0 !
2 files changed, 3 insertions(+), 2 deletions(-)

 change stripabsolutepathspec's default, credit snyk
CVE 2018 10886/add additional isLeadingPath method that resolves sy.patch | (download)

src/main/org/apache/tools/ant/util/FileUtils.java | 30 30 + 0 - 0 !
src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java | 31 31 + 0 - 0 !
2 files changed, 61 insertions(+)

 add additional isleadingpath method that resolves symlinks
CVE 2018 10886/take symlinks into account when expanding archives a.patch | (download)

src/main/org/apache/tools/ant/taskdefs/Expand.java | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 take symlinks into account when expanding archives and checking
 entries
CVE 2018 10886/debian update version information.patch | (download)

manual/Tasks/unzip.html | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 adjust versions to debian version for the cve-2018-10886 changes
 For the documentation of the new default for stripAbsolutePathSpec and the
 the new option allowFilesToEscapeDest document the Debian introducing
 version instead of the upstream one.