[
https://issues.apache.org/jira/browse/OFBIZ-5744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17848827#comment-17848827
]
Jacques Le Roux commented on OFBIZ-5744:
----------------------------------------
With the 2 attached necessary patches applied here is what I get w/o any
changes:
{noformat}
> Task :compileJava
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\container\BirtContainer.java:26:
error: cannot find symbol
import org.eclipse.birt.report.IBirtConstants;
^
symbol: class IBirtConstants
location: package org.eclipse.birt.report
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\BirtViewerServlet.java:28:
error: package org.eclipse.birt.report.context does not exist
import org.eclipse.birt.report.context.BirtContext;
^
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\BirtViewerServlet.java:29:
error: package org.eclipse.birt.report.context does not exist
import org.eclipse.birt.report.context.IContext;
^
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\BirtViewerServlet.java:30:
error: package org.eclipse.birt.report.service does not exist
import org.eclipse.birt.report.service.BirtReportServiceFactory;
^
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\BirtViewerServlet.java:31:
error: package org.eclipse.birt.report.service does not exist
import org.eclipse.birt.report.service.ReportEngineService;
^
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\BirtViewerServlet.java:32:
error: package org.eclipse.birt.report.servlet does not exist
import org.eclipse.birt.report.servlet.ViewerServlet;
^
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\BirtViewerServlet.java:33:
error: package org.eclipse.birt.report.utility does not exist
import org.eclipse.birt.report.utility.ParameterAccessor;
^
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\BirtViewerServlet.java:38:
error: cannot find symbol
public class BirtViewerServlet extends ViewerServlet {
^
symbol: class ViewerServlet
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\BirtViewerServlet.java:43:
error: cannot find symbol
protected IContext __getContext(HttpServletRequest request,
HttpServletResponse response) throws BirtException {
^
symbol: class IContext
location: class BirtViewerServlet
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\OfbizBirtEngineServlet.java:30:
error: package org.eclipse.birt.report.context does not exist
import org.eclipse.birt.report.context.BirtContext;
^
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\OfbizBirtEngineServlet.java:31:
error: package org.eclipse.birt.report.context does not exist
import org.eclipse.birt.report.context.IContext;
^
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\OfbizBirtEngineServlet.java:32:
error: package org.eclipse.birt.report.service does not exist
import org.eclipse.birt.report.service.BirtReportServiceFactory;
^
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\OfbizBirtEngineServlet.java:33:
error: package org.eclipse.birt.report.service does not exist
import org.eclipse.birt.report.service.ReportEngineService;
^
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\OfbizBirtEngineServlet.java:34:
error: package org.eclipse.birt.report.utility does not exist
import org.eclipse.birt.report.utility.ParameterAccessor;
^
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\OfbizBirtEngineServlet.java:37:
error: package org.eclipse.birt.report.servlet does not exist
public class OfbizBirtEngineServlet extends
org.eclipse.birt.report.servlet.BirtEngineServlet {
^
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\OfbizBirtEngineServlet.java:40:
error: cannot find symbol
protected IContext __getContext(HttpServletRequest request,
HttpServletResponse response) throws BirtException {
^
symbol: class IContext
location: class OfbizBirtEngineServlet
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\ViewerServletRequest.java:27:
error: package org.eclipse.birt.report.utility does not exist
import org.eclipse.birt.report.utility.DataUtil;
^
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\ViewerServletRequest.java:28:
error: package org.eclipse.birt.report.utility does not exist
import org.eclipse.birt.report.utility.ParameterAccessor;
^
C:\projectsASF\Git\ofbiz-framework\framework\common\src\main\java\org\apache\ofbiz\common\authentication\AuthHelper.java:132:
warning: [removal] AccessController in java.security has been deprecated and
marked for removal
return AccessController.doPrivileged(
^
C:\projectsASF\Git\ofbiz-framework\framework\testtools\src\main\java\org\apache\ofbiz\testtools\GroovyScriptTestCase.java:29:
warning: [deprecation] GroovyTestCase in groovy.util has been deprecated
public class GroovyScriptTestCase extends GroovyTestCase {
^
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\container\BirtContainer.java:68:
error: cannot find symbol
System.setProperty(IBirtConstants.SYS_PROP_WORKING_PATH,
config.getTempDir());
^
symbol: variable IBirtConstants
location: class BirtContainer
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\BirtViewerServlet.java:42:
error: method does not override or implement a method from a supertype
@Override
^
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\BirtViewerServlet.java:44:
error: cannot find symbol
BirtReportServiceFactory.getReportService().setContext(getServletContext(),
null);
^
symbol: variable BirtReportServiceFactory
location: class BirtViewerServlet
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\BirtViewerServlet.java:44:
error: cannot find symbol
BirtReportServiceFactory.getReportService().setContext(getServletContext(),
null);
^
symbol: method getServletContext()
location: class BirtViewerServlet
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\BirtViewerServlet.java:47:
error: cannot find symbol
Map<String, Object> appContext =
UtilGenerics.cast(ReportEngineService.getInstance().getEngineConfig().getAppContext());
^
symbol: variable ReportEngineService
location: class BirtViewerServlet
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\BirtViewerServlet.java:53:
error: cannot find symbol
return new BirtContext(new
ViewerServletRequest(ParameterAccessor.getParameter(request,
ParameterAccessor.PARAM_REPORT), request), response);
^
symbol: class BirtContext
location: class BirtViewerServlet
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\BirtViewerServlet.java:53:
error: cannot find symbol
return new BirtContext(new
ViewerServletRequest(ParameterAccessor.getParameter(request,
ParameterAccessor.PARAM_REPORT), request), response);
^
symbol: variable ParameterAccessor
location: class BirtViewerServlet
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\BirtViewerServlet.java:53:
error: cannot find symbol
return new BirtContext(new
ViewerServletRequest(ParameterAccessor.getParameter(request,
ParameterAccessor.PARAM_REPORT), request), response);
^
symbol: variable ParameterAccessor
location: class BirtViewerServlet
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\OfbizBirtEngineServlet.java:39:
error: method does not override or implement a method from a supertype
@Override
^
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\OfbizBirtEngineServlet.java:41:
error: cannot find symbol
BirtReportServiceFactory.getReportService().setContext(getServletContext(),
null);
^
symbol: variable BirtReportServiceFactory
location: class OfbizBirtEngineServlet
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\OfbizBirtEngineServlet.java:41:
error: cannot find symbol
BirtReportServiceFactory.getReportService().setContext(getServletContext(),
null);
^
symbol: method getServletContext()
location: class OfbizBirtEngineServlet
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\OfbizBirtEngineServlet.java:44:
error: cannot find symbol
Map<String, Object> appContext =
UtilGenerics.cast(ReportEngineService.getInstance().getEngineConfig().getAppContext());
^
symbol: variable ReportEngineService
location: class OfbizBirtEngineServlet
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\OfbizBirtEngineServlet.java:50:
error: cannot find symbol
return new BirtContext(new
ViewerServletRequest(ParameterAccessor.getParameter(request,
ParameterAccessor.PARAM_REPORT), request), response);
^
symbol: class BirtContext
location: class OfbizBirtEngineServlet
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\OfbizBirtEngineServlet.java:50:
error: cannot find symbol
return new BirtContext(new
ViewerServletRequest(ParameterAccessor.getParameter(request,
ParameterAccessor.PARAM_REPORT), request), response);
^
symbol: variable ParameterAccessor
location: class OfbizBirtEngineServlet
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\OfbizBirtEngineServlet.java:50:
error: cannot find symbol
return new BirtContext(new
ViewerServletRequest(ParameterAccessor.getParameter(request,
ParameterAccessor.PARAM_REPORT), request), response);
^
symbol: variable ParameterAccessor
location: class OfbizBirtEngineServlet
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\ViewerServletRequest.java:42:
error: package ParameterAccessor does not exist
if (ParameterAccessor.PARAM_REPORT.equals(name)) {
^
C:\projectsASF\Git\ofbiz-framework\plugins\birt\src\main\java\org\apache\ofbiz\birt\report\servlet\ViewerServletRequest.java:43:
error: cannot find symbol
String reportParam = DataUtil.trimString(originalReportParam);
^
symbol: variable DataUtil
location: class ViewerServletRequest
35 errors
{noformat}
I'll dig that... Slowly I guess...
> We need to upgrade Birt which uses Axis 1.4 because of CVE-2014-3596
> --------------------------------------------------------------------
>
> Key: OFBIZ-5744
> URL: https://issues.apache.org/jira/browse/OFBIZ-5744
> Project: OFBiz
> Issue Type: Bug
> Components: birt
> Affects Versions: 11.04.06, 12.04.05, 14.12.01, 18.12.13
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
> Labels: CVE
> Attachments: OFBIZ-5744-birt-plugin.patch, OFBIZ-5744-framework.patch
>
>
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3596
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
