Creating Liferay Security Binary Patches

How to build binary patches for older Liferay version from source code

Dominik Marks
Dominik Marks
4 Minute Read

Introduction

There is a security problem around that affects several Liferay version from 6.1.x to 7.2.0. Usually Liferay only provides fixes for the latest Community Edition. This time the issues CVE-2020-7961 is rather critical, so Liferay decided to offer source code patches even for pretty old versions too.

Thank you guys!

We already see attacks to our Liferay servers as well as to Liferay installations we provide on customer order.  As upgrading to the latest Liferay version is not always an immediate option we had a look at how to create appropriate binary patches for the Liferay installations. The goal was to create real patches for the installations and not to create completely new Liferay versions. Those binary patches should be appliable to existing installations and it should be possible to integrate them into new installations, e.g. by creating updated Docker images.

The following will show how we at CONVOTIS reacted to the situation and how we created those patches. All patches have been created on a Windows 10, 64-bit system and have been applied to normal "Liferay with Tomcat" bundles.

Please note that the patches should be applied to the latest minor version of that branch only. Older versions should be updated to the latest minor version first.

Liferay 6.2.5 GA 6

An graphical overview of the changes can be found on GitHub. The following software is required:

The following commands need to be executed:

git clone --depth 1 --no-tags --branch 6.2.5-cumulative https://github.com/community-security-team/liferay-portal.git

cd liferay-portal

# set JAVA_HOME to a 1.7 JDK

set JAVA_HOME=C:\PROGRA~2\Java\jdk1.7.0_80

set ANT_OPTS="-Xmx1024m"

ant -buildfile build-dist.xml unzip-tomcat

ant all

# A message appears: Task cannot continue because ECJ is not installed. ECJ was automatically installed. Please rerun your task.

ant all

The above took about 45 mins. After that you can find a bundled Liferay in the bundles directory. To create a binary patch we looked at the provided source code patches and extracted all files or libraries which contain changes. The following files need to be extracted to create the "binary patch".

  • bundles\tomcat-7.0.42\webapps\ROOT\WEB-INF\lib
    • commons-codec.jar
    • commons-collection.jar
    • commons-collection4.jar
    • commons-compress.jar
    • commons-exec.jar
    • commons-fileupload.jar
    • commons-io.jar
    • fontbox.jar
    • groovy.jar
    • httpclient.jar
    • httpcore.jar
    • isoparser.jar
    • jabsorb.jar
    • java-libpst.jar
    • jempbox.jar
    • jhighlight.jar
    • jmatio.jar
    • jodd.jar
    • metadata-extractor.jar
    • pdfbox.jar
    • poi-ooxml-schemas.jar
    • poi-ooxml.jar
    • poi-scratchpad.jar
    • poi.jar
    • rometools.jar
    • tika-core.jar
    • tika-parsers.jar
    • vorbis-java-core.jar
    • vorbis-java-tika.jar
    • xmpcore.jar
    • xz.jar
    • portal-impl.jar
    • util-taglib.jar
    • util-java.jar
  • bundles\tomcat-7.0.42\lib\ext
    • portal-service.jar
  • bundles\tomcat-7.0.42\webapps\ROOT\WEB-INF
    • liferay-portlet.xml
    • portlet-custom.xml
  • bundles\tomcat-7.0.42\webapps\ROOT\html
    • portlet\workflow_definitions\edit_workflow_definition.jsp
    • portlet\workflow_definitions\init.jsp 
    • portlet\workflow_definitions\toolbar.jsp
    • portlet\workflow_definitions\workflow_definition_action.jsp 
    • taglib\portlet\runtime\error.jsp
    • portlet\users_admin\user\password.jsp
    • taglib\aui\input\page.jsp 
    • taglib\ui\input_field\page.jsp 
    • common\themes\layout_friendly_url_redirect.jsp
    • portlet\amazon_rankings\configuration.jsp
    • portlet\document_library\edit_folder.jsp 
    • portlet\dynamic_data_lists\edit_record_set.jsp 
    • portlet\shopping\edit_order.jsp 
    • taglib\ui\navigation\page.jsp 
    • js\liferay\look_and_feel.js
    • portlet\portlet_css\view.jsp 
  • bundles\tomcat-7.0.42\webapps\ROOT\WEB-INF\tld
    • liferay-ui.tld

To apply the patch to an existing Liferay installation just copy the above files into the installation and overwrite all files found. After that clear the following directories inside the Liferay installation:

  • bundles\tomcat-7.0.42\temp
  • bundles\tomcat-7.0.42\work

Note: We had some issues with the blog portlet in 6.2.5 after applying the patch. There was a NullPointerException in [BlogsEntryLocalServiceImpl:1485] Pinging Google at http://blogsearch.google.com/ping....

Setting this portal.properties solved the problem for us:
blogs.ping.google.enabled=false

Liferay 7.0.6 GA 7

An graphical overview of the changes can be found on GitHub. The following software is required:

Some problems occured when trying to compile Liferay 7.0.6 from source. Therefore we made the following modifications to be able to compile it successfully.

  • Downloading a patched Apache Ivy failed. So we downloaded it manually and put it into the following local directory (%USERPROFILE\.liferay\mirrors\cdn.lfrs.sl\repository.liferay.com\nexus\content\repositories\liferay-public-snapshots\com\liferay\org.apache.ivy\2.4.0.LIFERAY-PATCHED-1-SNAPSHOT)

  • Compiling the additional themes failed. So we deleted the frontend-theme-xxxx directories from the sources. They are not part of a normal Liferay bundle, so we don't need them here.

  • Compiling took much time at first. So we excluded the directories above from virus scanning by the Windows Defender.

  • Probably because of a known bug LPS-107951 the exported package versions from the portal-kernel.jar mismatched the versions in the source code. So we had to patch one file afterwards. Inside the  com.liferay.blogs.service.jar we had to update the following lines in the MANIFEST.MF file:

    com.liferay.portal.kernel.util;version="[7.41,8)"
    com.liferay.blogs.kernel.service;version="[1.0,2)

The following commands are being executed:

git clone --depth 1 --no-tags --branch 7.0.6-cumulative https://github.com/community-security-team/liferay-portal.git

cd liferay-portal

# set JAVA_HOME to a JDK 1.8, 64-bit

set JAVA_HOME=C:\PROGRA~1\Java\jdk1.8.0_231

set ANT_OPTS="-Xmx4096m"

ant -buildfile build-dist.xml unzip-tomcat

ant all

The above took about 60 mins. After that you can find a bundled Liferay in the bundles directory. To create a binary patch we looked at the provided source code patches and extracted all files or libraries which contain changes. The following files need to be extracted to create the "binary patch".

  • bundles\osgi\marketplace\override (copy them from bundles\osgi\modules, bundles\osgi\static or bundles\osgi\portal)
    • com.liferay.blogs.service.jar
    • com.liferay.blogs.web.jar
    • com.liferay.dynamic.data.lists.form.web.jar
    • com.liferay.dynamic.data.mapping.form.renderer.jar
    • com.liferay.dynamic.data.mapping.data.provider.impl.jar
    • com.liferay.dynamic.data.mapping.data.provider.web.jar
    • com.liferay.configuration.admin.web.jar
    • com.liferay.marketplace.api.jar
    • com.liferay.marketplace.app.manager.web.jar
    • com.liferay.marketplace.deployer.jar
    • com.liferay.marketplace.service.jar
    • com.liferay.marketplace.store.web.jar
    • com.liferay.portal.workflow.definition.web.jar
    • com.liferay.portal.workflow.kaleo.definition.impl.jar
    • com.liferay.portal.workflow.lang.jar
    • com.liferay.portal.template.freemarker.jar
    • com.liferay.portal.template.soy.jar
    • com.liferay.portal.template.velocity.jar
    • com.liferay.portal.template.xsl.jar
    • com.liferay.portal.workflow.api.jar
  • bundles\tomcat-8.0.32\webapps\ROOT\WEB-INF\lib
    • portal-impl.jar
  • bundles\tomcat-8.0.32\webapps\ROOT\html
    • taglib\ui\discussion\page.jsp
  • bundles\tomcat-8.0.32\lib\ext
    • portal-kernel.jar
  • bundles\tomcat-8.0.32\webapps\ROOT\WEB-INF\lib
    • commons-compress.jar
    • tika-core.jar
    • tika-parsers.jar
    • pdfbox.jar

To apply the patch to an existing Liferay installation just copy the above files into the installation and overwrite all files found. After that clear the following directories inside the Liferay installation:

  • bundles\osgi\state
  • bundles\tomcat-8.0.32\temp
  • bundles\tomcat-8.0.32\work
  • bundles\work

Liferay 7.1.3 GA 4

An graphical overview of the changes can be found on GitHub. The following software is required:

Compiling took much time at first. So we excluded the directories above from virus scanning by the Windows Defender.

The following commands are being executed:

git clone --depth 1 --no-tags --branch 7.1.3-cumulative https://github.com/community-security-team/liferay-portal.git

cd liferay-portal

# set JAVA_HOME to a JDK 1.8, 64-bit

set JAVA_HOME=C:\PROGRA~1\Java\jdk1.8.0_231

set ANT_OPTS="-Xmx4096m"

ant -buildfile build-dist.xml unzip-tomcat

ant all

The above took about 80 mins. After that you can find a bundled Liferay in the bundles directory. To create a binary patch we looked at the provided source code patches and extracted all files or libraries which contain changes. The following files need to be extracted to create the "binary patch". Some changes were made to third party modules which are not part of a normal Liferay bundle. We did not include those changes in the "binary patch" below.

  • bundles\tomcat-9.0.17\webapps\ROOT\WEB-INF\lib
    • commons-beanutils.jar
    • jackson-annotations.jar
    • jackson-core.jar
    • jackson-databind.jar
    • tika-core.jar
    • tika-parsers.jar
    • portal-impl.jar
  • bundles\tomcat-9.0.17\lib\ext
    • portal-kernel.jar
  • bundles\osgi\marketplace\override (copy them from bundles\osgi\modules, bundles\osgi\static or bundles\osgi\portal)
    • com.liferay.asset.taglib.jar
    • com.liferay.blogs.service.jar
    • com.liferay.blogs.web.jar
    • com.liferay.calendar.web.jar
    • com.liferay.configuration.admin.web.jar
    • com.liferay.document.library.service.jar
    • com.liferay.document.library.web.jar
    • com.liferay.dynamic.data.mapping.form.builder.jar
    • com.liferay.exportimport.web.jar
    • com.liferay.fragment.web.jar
    • com.liferay.frontend.editor.alloyeditor.web.jar
    • com.liferay.frontend.js.lodash.web.jar
    • com.liferay.hello.world.web.jar
    • com.liferay.item.selector.taglib.jar
    • com.liferay.item.selector.web.jar
    • com.liferay.journal.taglib.jar
    • com.liferay.layout.type.controller.asset.display.jar
    • com.liferay.login.web.jar
    • com.liferay.map.openstreetmap.jar
    • com.liferay.message.boards.web.jar
    • com.liferay.notifications.web.jar
    • com.liferay.oauth2.provider.rest.jar
    • com.liferay.petra.json.web.service.client.jar
    • com.liferay.portal.odata.impl.jar
    • com.liferay.portal.search.elasticsearch6.impl.jar
    • com.liferay.portal.search.web.jar
    • com.liferay.portal.security.sso.cas.impl.jar
    • com.liferay.portal.security.sso.google.impl.jar
    • com.liferay.portal.settings.authentication.ldap.web.jar
    • com.liferay.portal.settings.lang.jar
    • com.liferay.portal.settings.web.jar
    • com.liferay.portal.store.s3.jar
    • com.liferay.portal.template.freemarker.jar
    • com.liferay.portal.template.velocity.jar
    • com.liferay.portal.template.xsl.jar
    • com.liferay.portal.vulcan.api.jar
    • com.liferay.portal.vulcan.impl.jar
    • com.liferay.portal.workflow.api.jar
    • com.liferay.portal.workflow.kaleo.api.jar
    • com.liferay.portal.workflow.kaleo.definition.impl.jar
    • com.liferay.portal.workflow.kaleo.runtime.integration.impl.jar
    • com.liferay.portal.workflow.kaleo.service.jar
    • com.liferay.portal.workflow.lang.jar
    • com.liferay.portal.workflow.web.jar
    • com.liferay.site.navigation.menu.web.jar
    • com.liferay.site.browser.web.jar
    • com.liferay.site.item.selector.web.jar
    • com.liferay.users.admin.web.jar
  • bundles\osgi\static
    • com.liferay.portal.osgi.web.wab.extender.jar
    • org.apache.aries.cdi.extender.jar
    • org.apache.aries.cdi.extension.http.jar
  • bundles\tomcat-9.0.17\webapps\ROOT\html
    • common\themes\top_js.jspf
    • taglib\ui\breadcrumb\page.jsp

To apply the patch to an existing Liferay installation just copy the above files into the installation and overwrite all files found. After that clear the following directories inside the Liferay installation:

  • bundles\osgi\state
  • bundles\tomcat-9.0.17\temp
  • bundles\tomcat-9.0.17\work
  • bundles\work

Conclusion

Security is important. So consider creating patches for your older Liferay installations or plan an upgrade to a newer version.

After applying the patches you still have to check your customizations to Liferay. If you wrote JSP hooks or EXT plugins you have to carefully compare your changes with the ones from the patch. Otherwise you will probably revert some of the security fixes which will lead to an insecure Liferay again. Additionally check your configurations, too. Especially check custom configurations for Velocity or the Freemarker Engine. There are new default values which may have to be merged into your configuration. Otherwise you will actually revert some security fixes.

Disclaimer: I do not gurantee that creating the patches will work for you. I do not take any responsibility if the patches do not work, for any data loss or for a non-working or destroyed Liferay installation. Create backups first!

Page Comments
thumbnail
Fredi B
5 Years Ago - Edited

Regarding your guide to patch 7.1.3 GA4 I can't find the JARs below... They are not in /bundles/osgi/modules nor in /bundles/osgi/static:

 

com.liferay.portal.odata.impl.jar com.liferay.portal.search.elasticsearch6.impl.jar com.liferay.portal.search.web.jar com.liferay.portal.security.sso.cas.impl.jar com.liferay.portal.security.sso.google.impl.jar com.liferay.portal.settings.authentication.ldap.web.jar com.liferay.portal.settings.lang.jar com.liferay.portal.settings.web.jar com.liferay.portal.store.s3.jar com.liferay.portal.template.freemarker.jar com.liferay.portal.template.velocity.jar com.liferay.portal.template.xsl.jar com.liferay.portal.vulcan.api.jar com.liferay.portal.vulcan.impl.jar com.liferay.portal.workflow.api.jar com.liferay.portal.workflow.kaleo.api.jar com.liferay.portal.workflow.kaleo.definition.impl.jar com.liferay.portal.workflow.kaleo.runtime.integration.impl.jar com.liferay.portal.workflow.kaleo.service.jar com.liferay.portal.workflow.lang.jar com.liferay.portal.workflow.web.jar

 

Please sign in to reply.
thumbnail
Dominik Marks Fredi B
5 Years Ago - Edited

Thanks Fredi for your feedback. The above files can be found in bundles\osgi\portal. I missed that in my blog post.

Please sign in to reply.
thumbnail
Dominik Marks
5 Years Ago - Edited

If you have problems creating the above patches manually, we've now uploaded the binary patches here. Use them at your own risk!

 

Patch for Liferay 6.2.5: https://nextcloud.convotis.com/s/DGyxWCpgFErSnX2

Patch for Liferay 7.0.6: https://nextcloud.convotis.com/s/Z6N5tNcCTJbD8iF

Patch for Liferay 7.1.3: https://nextcloud.convotis.com/s/tNAaDKHgLdD2x5j

Please sign in to reply.
尚志 岸根 Dominik Marks
5 Years Ago - Edited

Thank you for your efforts. By the way, after applying the patch for Liferay 7.1.3, the version number on the top page will be 7.1.2. Is it just my environment?

Please sign in to reply.
thumbnail
Dominik Marks 尚志 岸根
5 Years Ago - Edited

As far as i know the patch does not update the version. So you won't see any changes in the the version number.

Please sign in to reply.
Ali Mroué Dominik Marks
5 Years Ago - Edited

I patched my server 7.0.1 ga7, while server starting  i saw the message : 

2020-05-04 12:33:49.897 INFO  [localhost-startStop-1][StartupAction:118] There are no patches installed

 

Howcan i verify if patch has been well applied. 

Thank you in advance

Please sign in to reply.
Ali Mroué Ali Mroué
5 Years Ago - Edited

I must keep files in osgi/override is it correct? I do not need to dispatch files in it to the other directory (bundles\osgi\modules, bundles\osgi\static or bundles\osgi\portal) ?

Please sign in to reply.
thumbnail
Dominik Marks Ali Mroué
5 Years Ago - Edited

The message above is meant for DXP customers who can apply patches / hot fixes to their DXP installation.

 

The patch for the community edition does not print any message and it does not increase the version number. You cannot directly verify if the patch is applied. If you copied the files in the correct locations the patch is applied.

Please sign in to reply.
尚志 岸根 Dominik Marks
5 Years Ago - Edited

Thank you for your reply. I suspect "tomcat-9.0.17\lib\ext\portal-kernel.jar" is probably older than the latest version. It's just an imagination, but if you look at  https://github.com/liferay/liferay-portal/compare/7.1.3-ga4...community-security-team:7.1.3-cumulative The version specification for "com.liferay.portal.kernel" in gradle is "default". Isn't that the cause? It looks like the version number reverts from 7.1.3 to 7.1.2.

Please sign in to reply.
尚志 岸根 尚志 岸根
5 Years Ago - Edited

https://github.com/community-security-team/liferay-portal/tree/7.1.3-cumulative

 

I tried building the above URL source. Luckily the build was successful. The version notation is 7.1.2. I think the security team has made a patch for 7.1.2.

Please sign in to reply.
thumbnail
Nader Jafari Dominik Marks
5 Years Ago - Edited

Hi

I have same problem , here is my liferay starting message after applying patch :

Starting Liferay Community Edition Portal 7.1.2 CE GA3 (Judson / Build 7102 / January 7, 2019)

is it Okay?

Please sign in to reply.
thumbnail
Dominik Marks Nader Jafari
5 Years Ago - Edited

According to the source code inside the 7.1.3-ga4 tag the release info is wrong. The security patch is based on the source code at the 7.1.3-ga4 tag in github.

 

see https://github.com/liferay/liferay-portal/blob/7.1.3-ga4/portal-kernel/src/com/liferay/portal/kernel/util/ReleaseInfo.java#L297

Please sign in to reply.
尚志 岸根 Dominik Marks
5 Years Ago - Edited

Thank you for very accurate information.

https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.1.3%20GA4/

However, in ReleaseInfo.java downloaded from the above URL, the following is written at the same place.

private static final String _VENDOR = "Liferay, Inc.";

private static final String _VERSION = "7.1.2";

private static final String _VERSION_DISPLAY_NAME = "7.1.3 CE GA4";

The display at startup is also as follows.

HELLO WORLD Welcome to Liferay Community Edition Portal 7.1.3 CE GA4 (Judson / Build 7102 / May 14, 2019).

The display after applying the patch is as follows. ,

HELLO WORLD Welcome to Liferay Community Edition Portal 7.1.2 CE GA3 (Judson / Build 7102 / January 7, 2019)

Of the files downloaded above, only ReleaseInfo.java has an update time of 17:16:04, and most other files are 17:11:42. This file may have been modified a little. I'm glad I found that the patch worked fine. Thank you for providing such valuable information.

Please sign in to reply.
Javier Sanz García
5 Years Ago - Edited

Hi, Thank you for the post.

 

I am trying to generate a path for Liferay CE 7.1.3  with the last cumulative changes.

 

With the next characteristics:

 

- Windows

- Java JDK 1.8, 64-bit (C:\Program Files\Java\jdk1.8.0_251)

- Ant 1.10.7

 

But I am getting the next error in the compilation:

 

[exec] > Task :apps:adaptive-media:adaptive-media-image-service:jar      [exec]      [exec] FAILURE: Build failed with an exception.      [exec]      [exec] * What went wrong:      [exec] Execution failed for task ':downloadNode1'.      [exec] > Redirection detected from http to https. Protocol switch unsafe, not allowed.      [exec]      [exec] * Try:      [exec] Run with --info or --debug option to get more log output. Run with --scan to get full insights.      [exec]      [exec] * Exception is:      [exec] org.gradle.api.tasks.TaskExecutionException: Execution failed for task ':downloadNode1'.      [exec]     at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeActions(ExecuteActionsTaskExecuter.java:110)      [exec]     at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.execute(ExecuteActionsTaskExecuter.java:77)      [exec]     at org.gradle.api.internal.tasks.execution.OutputDirectoryCreatingTaskExecuter.execute(OutputDirectoryCreatingTaskExecuter.java:51)      [exec]     at org.gradle.api.internal.tasks.execution.SkipUpToDateTaskExecuter.execute(SkipUpToDateTaskExecuter.java:59)      [exec]     at org.gradle.api.internal.tasks.execution.ResolveTaskOutputCachingStateExecuter.execute(ResolveTaskOutputCachingStateExecuter.java:54)      [exec]     at org.gradle.api.internal.tasks.execution.ValidatingTaskExecuter.execute(ValidatingTaskExecuter.java:59)      [exec]     at org.gradle.api.internal.tasks.execution.SkipEmptySourceFilesTaskExecuter.execute(SkipEmptySourceFilesTaskExecuter.java:101)      [exec]     at org.gradle.api.internal.tasks.execution.FinalizeInputFilePropertiesTaskExecuter.execute(FinalizeInputFilePropertiesTaskExecuter.java:44)      [exec]     at org.gradle.api.internal.tasks.execution.CleanupStaleOutputsExecuter.execute(CleanupStaleOutputsExecuter.java:91)      [exec]     at org.gradle.api.internal.tasks.execution.ResolveTaskArtifactStateTaskExecuter.execute(ResolveTaskArtifactStateTaskExecuter.java:62)      [exec]     at org.gradle.api.internal.tasks.execution.SkipTaskWithNoActionsExecuter.execute(SkipTaskWithNoActionsExecuter.java:59)      [exec]     at org.gradle.api.internal.tasks.execution.SkipOnlyIfTaskExecuter.execute(SkipOnlyIfTaskExecuter.java:54)      [exec]     at org.gradle.api.internal.tasks.execution.ExecuteAtMostOnceTaskExecuter.execute(ExecuteAtMostOnceTaskExecuter.java:43)      [exec]     at org.gradle.api.internal.tasks.execution.CatchExceptionTaskExecuter.execute(CatchExceptionTaskExecuter.java:34)      [exec]     at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.run(EventFiringTaskExecuter.java:51)      [exec]     at org.gradle.internal.operations.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:300)      [exec]     at org.gradle.internal.operations.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:292)      [exec]     at org.gradle.internal.operations.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:174)      [exec]     at org.gradle.internal.operations.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:90)      [exec]     at org.gradle.internal.operations.DelegatingBuildOperationExecutor.run(DelegatingBuildOperationExecutor.java:31)      [exec]     at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter.execute(EventFiringTaskExecuter.java:46)      [exec]     at org.gradle.execution.taskgraph.LocalTaskInfoExecutor.execute(LocalTaskInfoExecutor.java:42)      [exec]     at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareWorkItemExecutor.execute(DefaultTaskExecutionGraph.java:277)      [exec]     at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareWorkItemExecutor.execute(DefaultTaskExecutionGraph.java:262)      [exec]     at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$ExecutorWorker$1.execute(DefaultTaskPlanExecutor.java:135)      [exec]     at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$ExecutorWorker$1.execute(DefaultTaskPlanExecutor.java:130)      [exec]     at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$ExecutorWorker.execute(DefaultTaskPlanExecutor.java:200)      [exec]     at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$ExecutorWorker.executeWithWork(DefaultTaskPlanExecutor.java:191)      [exec]     at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$ExecutorWorker.run(DefaultTaskPlanExecutor.java:130)      [exec]     at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor.process(DefaultTaskPlanExecutor.java:74)      [exec]     at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph.execute(DefaultTaskExecutionGraph.java:143)      [exec]     at org.gradle.execution.SelectedTaskExecutionAction.execute(SelectedTaskExecutionAction.java:40)      [exec]     at org.gradle.execution.DefaultBuildExecuter.execute(DefaultBuildExecuter.java:40)      [exec]     at org.gradle.execution.DefaultBuildExecuter.access$000(DefaultBuildExecuter.java:24)      [exec]     at org.gradle.execution.DefaultBuildExecuter$1.proceed(DefaultBuildExecuter.java:46)      [exec]     at org.gradle.execution.DryRunBuildExecutionAction.execute(DryRunBuildExecutionAction.java:49)      [exec]     at org.gradle.execution.DefaultBuildExecuter.execute(DefaultBuildExecuter.java:40)      [exec]     at org.gradle.execution.DefaultBuildExecuter.execute(DefaultBuildExecuter.java:33)      [exec]     at org.gradle.initialization.DefaultGradleLauncher$ExecuteTasks.run(DefaultGradleLauncher.java:355)      [exec]     at org.gradle.internal.operations.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:300)      [exec]     at org.gradle.internal.operations.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:292)      [exec]     at org.gradle.internal.operations.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:174)      [exec]     at org.gradle.internal.operations.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:90)      [exec]     at org.gradle.internal.operations.DelegatingBuildOperationExecutor.run(DelegatingBuildOperationExecutor.java:31)      [exec]     at org.gradle.initialization.DefaultGradleLauncher.runTasks(DefaultGradleLauncher.java:219)      [exec]     at org.gradle.initialization.DefaultGradleLauncher.doBuildStages(DefaultGradleLauncher.java:149)      [exec]     at org.gradle.initialization.DefaultGradleLauncher.executeTasks(DefaultGradleLauncher.java:124)      [exec]     at org.gradle.internal.invocation.GradleBuildController$1.call(GradleBuildController.java:77)      [exec]     at org.gradle.internal.invocation.GradleBuildController$1.call(GradleBuildController.java:74)      [exec]     at org.gradle.internal.work.DefaultWorkerLeaseService.withLocks(DefaultWorkerLeaseService.java:154)      [exec]     at org.gradle.internal.work.StopShieldingWorkerLeaseService.withLocks(StopShieldingWorkerLeaseService.java:38)      [exec]     at org.gradle.internal.invocation.GradleBuildController.doBuild(GradleBuildController.java:96)      [exec]     at org.gradle.internal.invocation.GradleBuildController.run(GradleBuildController.java:74)      [exec]     at org.gradle.tooling.internal.provider.ExecuteBuildActionRunner.run(ExecuteBuildActionRunner.java:28)      [exec]     at org.gradle.launcher.exec.ChainingBuildActionRunner.run(ChainingBuildActionRunner.java:35)      [exec]     at org.gradle.tooling.internal.provider.ValidatingBuildActionRunner.run(ValidatingBuildActionRunner.java:32)      [exec]     at org.gradle.launcher.exec.RunAsBuildOperationBuildActionRunner$3.run(RunAsBuildOperationBuildActionRunner.java:50)      [exec]     at org.gradle.internal.operations.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:300)      [exec]     at org.gradle.internal.operations.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:292)      [exec]     at org.gradle.internal.operations.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:174)      [exec]     at org.gradle.internal.operations.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:90)      [exec]     at org.gradle.internal.operations.DelegatingBuildOperationExecutor.run(DelegatingBuildOperationExecutor.java:31)      [exec]     at org.gradle.launcher.exec.RunAsBuildOperationBuildActionRunner.run(RunAsBuildOperationBuildActionRunner.java:45)      [exec]     at org.gradle.tooling.internal.provider.SubscribableBuildActionRunner.run(SubscribableBuildActionRunner.java:51)      [exec]     at org.gradle.launcher.exec.InProcessBuildActionExecuter$1.transform(InProcessBuildActionExecuter.java:47)      [exec]     at org.gradle.launcher.exec.InProcessBuildActionExecuter$1.transform(InProcessBuildActionExecuter.java:44)      [exec]     at org.gradle.composite.internal.DefaultRootBuildState.run(DefaultRootBuildState.java:79)      [exec]     at org.gradle.launcher.exec.InProcessBuildActionExecuter.execute(InProcessBuildActionExecuter.java:30)      [exec]     at org.gradle.launcher.exec.BuildTreeScopeBuildActionExecuter.execute(BuildTreeScopeBuildActionExecuter.java:39)      [exec]     at org.gradle.launcher.exec.BuildTreeScopeBuildActionExecuter.execute(BuildTreeScopeBuildActionExecuter.java:25)      [exec]     at org.gradle.tooling.internal.provider.ContinuousBuildActionExecuter.execute(ContinuousBuildActionExecuter.java:80)      [exec]     at org.gradle.tooling.internal.provider.ContinuousBuildActionExecuter.execute(ContinuousBuildActionExecuter.java:53)      [exec]     at org.gradle.tooling.internal.provider.ServicesSetupBuildActionExecuter.execute(ServicesSetupBuildActionExecuter.java:62)      [exec]     at org.gradle.tooling.internal.provider.ServicesSetupBuildActionExecuter.execute(ServicesSetupBuildActionExecuter.java:34)      [exec]     at org.gradle.tooling.internal.provider.GradleThreadBuildActionExecuter.execute(GradleThreadBuildActionExecuter.java:36)      [exec]     at org.gradle.tooling.internal.provider.GradleThreadBuildActionExecuter.execute(GradleThreadBuildActionExecuter.java:25)      [exec]     at org.gradle.tooling.internal.provider.ParallelismConfigurationBuildActionExecuter.execute(ParallelismConfigurationBuildActionExecuter.java:43)      [exec]     at org.gradle.tooling.internal.provider.ParallelismConfigurationBuildActionExecuter.execute(ParallelismConfigurationBuildActionExecuter.java:29)      [exec] > Task :core:portal-bootstrap:compileJava      [exec] 203 actionable tasks: 154 executed, 49 up-to-date      [exec]     at org.gradle.tooling.internal.provider.StartParamsValidatingActionExecuter.execute(StartParamsValidatingActionExecuter.java:59)      [exec]     at org.gradle.tooling.internal.provider.StartParamsValidatingActionExecuter.execute(StartParamsValidatingActionExecuter.java:31)      [exec]     at org.gradle.tooling.internal.provider.SessionFailureReportingActionExecuter.execute(SessionFailureReportingActionExecuter.java:59)      [exec]     at org.gradle.tooling.internal.provider.SessionFailureReportingActionExecuter.execute(SessionFailureReportingActionExecuter.java:44)      [exec]     at org.gradle.tooling.internal.provider.SetupLoggingActionExecuter.execute(SetupLoggingActionExecuter.java:46)      [exec]     at org.gradle.tooling.internal.provider.SetupLoggingActionExecuter.execute(SetupLoggingActionExecuter.java:30)      [exec]     at org.gradle.launcher.cli.RunBuildAction.run(RunBuildAction.java:52)      [exec]     at org.gradle.internal.Actions$RunnableActionAdapter.execute(Actions.java:207)      [exec]     at org.gradle.launcher.cli.CommandLineActionFactory$ParseAndBuildAction.execute(CommandLineActionFactory.java:402)      [exec]     at org.gradle.launcher.cli.CommandLineActionFactory$ParseAndBuildAction.execute(CommandLineActionFactory.java:375)      [exec]     at org.gradle.launcher.cli.ExceptionReportingAction.execute(ExceptionReportingAction.java:37)      [exec]     at org.gradle.launcher.cli.ExceptionReportingAction.execute(ExceptionReportingAction.java:23)      [exec]     at org.gradle.launcher.cli.CommandLineActionFactory$WithLogging.execute(CommandLineActionFactory.java:368)      [exec]     at org.gradle.launcher.cli.CommandLineActionFactory$WithLogging.execute(CommandLineActionFactory.java:298)      [exec]     at org.gradle.launcher.Main.doAction(Main.java:36)      [exec]     at org.gradle.launcher.bootstrap.EntryPoint.run(EntryPoint.java:45)      [exec]     at org.gradle.launcher.bootstrap.ProcessBootstrap.runNoExit(ProcessBootstrap.java:60)      [exec]     at org.gradle.launcher.bootstrap.ProcessBootstrap.run(ProcessBootstrap.java:37)      [exec]     at org.gradle.launcher.GradleMain.main(GradleMain.java:23)      [exec]     at org.gradle.wrapper.BootstrapMainStarter.start(BootstrapMainStarter.java:31)      [exec]     at org.gradle.wrapper.WrapperExecutor.execute(WrapperExecutor.java:108)      [exec]     at org.gradle.wrapper.GradleWrapperMain.main(GradleWrapperMain.java:61)      [exec] Caused by: : Redirection detected from http to https. Protocol switch unsafe, not allowed.      [exec]     at org.apache.tools.ant.taskdefs.Get$GetThread.redirectionAllowed(Get.java:694)      [exec]     at org.apache.tools.ant.taskdefs.Get$GetThread.openConnection(Get.java:748)      [exec]     at org.apache.tools.ant.taskdefs.Get$GetThread.get(Get.java:652)      [exec]     at org.apache.tools.ant.taskdefs.Get$GetThread.run(Get.java:642)      [exec]      [exec]      [exec] * Get more help at https://help.gradle.org      [exec]      [exec] BUILD FAILED in 1m 59s      [exec]

BUILD FAILED C:\Devel\patch\liferay-portal\build.xml:117: The following error occurred while executing this line: C:\Devel\patch\liferay-portal\build.xml:414: The following error occurred while executing this line: C:\Devel\patch\liferay-portal\build-common.xml:899: C:\Devel\patch\liferay-portal\build-common.xml:901: exec returned: 1

Total time: 21 minutes 10 seconds

 

Any help appreciate,

 

Regards

 

Please sign in to reply.
thumbnail
Dominik Marks Javier Sanz García
5 Years Ago - Edited

I don't know what exactly goes wrong here. Somehow there is a http link somewhere in the code to download node.js or some node modules. I did not have that problem when creating the binary patches.

 

If you want to download a binary patch for Liferay 7.1.3 including the June 2020 patches you can find it here: https://nextcloud.convotis.com/s/JSnQtJTB5e23psj

Please sign in to reply.
Javier Sanz García Dominik Marks
5 Years Ago - Edited

The problem was my Windows SO is not downloading some files because a filename too long over /apps/adaptive-media/ and when I was compiling the whole project fails in that point.

 

Really appreciated Dominik

Please sign in to reply.
George Oakley
5 Years Ago - Edited

Hi ,

 

I'm trying to build 7.1.3-cumulative branch with August fixes but i getting an error:

     [exec] Could not resolve all files for configuration ':apps:powwow:powwow-portlet:ivyCopyIvyDependencies'.      [exec] > Could not find com.liferay:com.liferay.portal.dao.orm.custom.sql.api:1.0.0-20180412.172333-1.      [exec]   Searched in the following locations:      [exec]     - file:/D:/wf-liferay-security/liferay-portal/.m2/com/liferay/com.liferay.portal.dao.orm.custom.sql.api/1.0.0-SNAPSHOT/com.liferay.portal.dao.orm.custom.sql.api-1.0.0-20180412.172333-1.pom      [exec]     - file:/D:/wf-liferay-security/liferay-portal/.m2/com/liferay/com.liferay.portal.dao.orm.custom.sql.api/1.0.0-SNAPSHOT/com.liferay.portal.dao.orm.custom.sql.api-1.0.0-20180412.172333-1.jar      [exec]     - https://repository-cdn.liferay.com/nexus/content/groups/public/com/liferay/com.liferay.portal.dao.orm.custom.sql.api/1.0.0-SNAPSHOT/com.liferay.portal.dao.orm.custom.sql.api-1.0.0-20180412.172333-1.pom      [exec]     - https://repository-cdn.liferay.com/nexus/content/groups/public/com/liferay/com.liferay.portal.dao.orm.custom.sql.api/1.0.0-SNAPSHOT/com.liferay.portal.dao.orm.custom.sql.api-1.0.0-20180412.172333-1.jar      [exec]   Required by:      [exec]       project :apps:powwow:powwow-portlet      

Do you have any idea what is wrong? 2 months ago I was building previous versions without any problems. 

- java version "1.8.0_261" - Apache Ant(TM) version 1.10.8 compiled on May 10 2020

 

Please sign in to reply.
thumbnail
Dominik Marks George Oakley
5 Years Ago - Edited

Hey George,

 

I had the same problems when trying to build the latest patches.

 

For me I just deleted the above module from the sources (and some others which had the same problem, too). 

 

The powwow-portlet does not contain any changes in the security patches.

Please sign in to reply.
George Oakley Dominik Marks
4 Years Ago - Edited

This is probably due to unavailable dependencies (e.g. snapshot) in the maven repository. I used the option: build.exclude.dirs in build.properties to exclude/avoid problematic projects.

Please sign in to reply.

Related Assets...

No Results Found

More Blog Entries...

Ben Turner
October 21, 2025
Michael Wall
October 14, 2025
YOGESH CHANDRA
October 08, 2025