Hello community,
here is the log from the commit of package apache-commons-beanutils for
openSUSE:Factory checked in at 2014-07-10 14:55:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache-commons-beanutils (Old)
and /work/SRC/openSUSE:Factory/.apache-commons-beanutils.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache-commons-beanutils"
Changes:
--------
---
/work/SRC/openSUSE:Factory/apache-commons-beanutils/apache-commons-beanutils.changes
2012-04-12 09:18:12.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.apache-commons-beanutils.new/apache-commons-beanutils.changes
2014-07-10 14:55:44.000000000 +0200
@@ -1,0 +2,16 @@
+Tue Jul 8 11:35:52 UTC 2014 - [email protected]
+
+- Cleanup bit with spec-cleaner
+
+-------------------------------------------------------------------
+Mon Jul 7 08:04:04 UTC 2014 - [email protected]
+
+- update to 1.9.2
+- CVE-2014-3540:
+ 'class' property is exposed, potentially leading to RCE (bnc#885963)
+- for full changelog, see
+ *
http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.0/RELEASE-NOTES.txt
+ *
http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.1/RELEASE-NOTES.txt
+ *
http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt
+
+-------------------------------------------------------------------
Old:
----
commons-beanutils-1.8.3-src.tar.gz
New:
----
commons-beanutils-1.9.2-src.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache-commons-beanutils.spec ++++++
--- /var/tmp/diff_new_pack.YQsZkh/_old 2014-07-10 14:55:45.000000000 +0200
+++ /var/tmp/diff_new_pack.YQsZkh/_new 2014-07-10 14:55:45.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package apache-commons-beanutils
#
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -14,36 +14,31 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-# icecream 0
+
%define base_name beanutils
%define short_name commons-%{base_name}
-
Name: apache-commons-beanutils
-Version: 1.8.3
+Version: 1.9.2
Release: 0
-Summary: Jakarta Commons BeanUtils Package
+Summary: Utility methods for accessing and modifying the properties of
JavaBeans
License: Apache-2.0
Group: Development/Libraries/Java
+Url: http://commons.apache.org/beanutils
Source0: commons-beanutils-%{version}-src.tar.gz
-URL: http://commons.apache.org/beanutils
-
BuildRequires: ant
BuildRequires: commons-collections
BuildRequires: commons-logging
BuildRequires: java-devel >= 1.6.0
BuildRequires: xml-commons-apis
-
Requires: commons-collections >= 2.0
Requires: commons-logging >= 1.0
-
-BuildArch: noarch
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
-
Provides: %{short_name} = %{version}-%{release}
Obsoletes: %{short_name} < %{version}-%{release}
Provides: jakarta-%{short_name} = %{version}-%{release}
Obsoletes: jakarta-%{short_name} < %{version}-%{release}
+BuildRoot: %{_tmppath}/%{name}-%{version}-build
+BuildArch: noarch
%description
The scope of this package is to create a package of Java utility
@@ -51,9 +46,7 @@
JavaBeans. No dependencies outside of the JDK are required, so the use
of this package is very lightweight.
-
%package javadoc
-PreReq: coreutils
Summary: Javadoc for jakarta-commons-beanutils
Group: Development/Libraries/Java
@@ -66,11 +59,11 @@
This package contains the javadoc documentation for the Jakarta Commons
BeanUtils Package.
-
-
%prep
-%setup -n %{short_name}-%{version}-src
+%setup -q -n %{short_name}-%{version}-src
sed -i 's/\r//' *.txt
+# bug in ant build
+touch README.txt
%build
export CLASSPATH=%(build-classpath commons-collections commons-logging)
@@ -78,36 +71,27 @@
%install
# jars
-install -d -m 755 $RPM_BUILD_ROOT%{_javadir}
-install -m 644 dist/%{short_name}-%{version}.jar
$RPM_BUILD_ROOT%{_javadir}/%{name}.jar
-
-# main jar created from these, we install them just for safe measure
-install -m 644 dist/%{short_name}-bean-collections-%{version}.jar
$RPM_BUILD_ROOT%{_javadir}/%{name}-bean-collections.jar
-install -m 644 dist/%{short_name}-core-%{version}.jar
$RPM_BUILD_ROOT%{_javadir}/%{name}-core.jar
+install -d -m 755 %{buildroot}%{_javadir}
+install -m 644 dist/%{short_name}-%{version}.jar
%{buildroot}%{_javadir}/%{name}.jar
-pushd $RPM_BUILD_ROOT%{_javadir}
+pushd %{buildroot}%{_javadir}
for jar in *.jar; do
ln -sf ${jar} `echo $jar| sed "s|apache-||g"`
done
popd # come back from javadir
-install -d -m 755 $RPM_BUILD_ROOT%{_mavenpomdir}
-install -pm 644 pom.xml $RPM_BUILD_ROOT%{_mavenpomdir}/JPP-%{name}.pom
+install -d -m 755 %{buildroot}%{_mavenpomdir}
+install -pm 644 pom.xml %{buildroot}%{_mavenpomdir}/JPP-%{name}.pom
# javadoc
-install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}/%{name}
-cp -pr dist/docs/api/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
+install -d -m 755 %{buildroot}%{_javadocdir}/%{name}
+cp -pr dist/docs/api/* %{buildroot}%{_javadocdir}/%{name}
%files
%defattr(0644,root,root,0755)
-%doc *.txt
+%doc LICENSE.txt NOTICE.txt RELEASE-NOTES.txt
%{_javadir}/*
%{_mavenpomdir}/JPP-%{name}.pom
-# % {_mavendepmapfragdir}/%{name}
%files javadoc
%defattr(0644,root,root,0755)
++++++ commons-beanutils-1.8.3-src.tar.gz -> commons-beanutils-1.9.2-src.tar.gz
++++++
++++ 38147 lines of diff (skipped)
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
