Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xstream for openSUSE:Factory checked in at 2021-01-18 14:39:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xstream (Old) and /work/SRC/openSUSE:Factory/.xstream.new.28504 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xstream" Mon Jan 18 14:39:11 2021 rev:2 rq:864027 version:1.4.15 Changes: -------- --- /work/SRC/openSUSE:Factory/xstream/xstream.changes 2019-06-05 11:39:59.603072060 +0200 +++ /work/SRC/openSUSE:Factory/.xstream.new.28504/xstream.changes 2021-01-18 14:46:13.998057302 +0100 @@ -1,0 +2,17 @@ +Mon Jan 18 10:14:56 UTC 2021 - Fridrich Strba <[email protected]> + +- Upgrade to 1.4.15 + * fixes bsc#1180146, CVE-2020-26258 and bsc#1180145, + CVE-2020-26259 + +------------------------------------------------------------------- +Mon Jan 18 09:58:41 UTC 2021 - Fridrich Strba <[email protected]> + +- Upgrade to 1.4.14 + * fixes bsc#1180994, CVE-2020-26217 +- Remove patches: + * 0001-Prevent-deserialization-of-void.patch + * xstream-1.4.9-javadoc.patch + + integrated in upstream sources + +------------------------------------------------------------------- @@ -4 +21 @@ -- Initial packaging of jettison 1.4.9 +- Initial packaging of xstream 1.4.9 Old: ---- 0001-Prevent-deserialization-of-void.patch xstream-1.4.9-javadoc.patch xstream-distribution-1.4.9-src.zip New: ---- xstream-distribution-1.4.15-src.zip ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xstream.spec ++++++ --- /var/tmp/diff_new_pack.RtoyNZ/_old 2021-01-18 14:46:14.574058170 +0100 +++ /var/tmp/diff_new_pack.RtoyNZ/_new 2021-01-18 14:46:14.578058177 +0100 @@ -1,7 +1,7 @@ # # spec file for package xstream # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # Copyright (c) 2000-2007, JPackage Project # # All modifications and additions to the file contributed by third parties @@ -19,40 +19,34 @@ %bcond_with hibernate Name: xstream -Version: 1.4.9 +Version: 1.4.15 Release: 0 Summary: Java XML serialization library License: BSD-3-Clause Group: Development/Libraries/Java -URL: http://x-stream.github.io/ -Source0: http://repo1.maven.org/maven2/com/thoughtworks/%{name}/%{name}-distribution/%{version}/%{name}-distribution-%{version}-src.zip -# Fixes deserialization of void -# https://bugzilla.redhat.com/show_bug.cgi?id=1441542 -# backport of https://github.com/x-stream/xstream/commit/b3570be2f39234e61f99f9a20640756ea71b1b40 -Patch0: 0001-Prevent-deserialization-of-void.patch -Patch1: xstream-1.4.9-javadoc.patch +URL: https://x-stream.github.io/ +Source0: https://repo1.maven.org/maven2/com/thoughtworks/%{name}/%{name}-distribution/%{version}/%{name}-distribution-%{version}-src.zip BuildRequires: fdupes +BuildRequires: java-devel >= 1.8 BuildRequires: maven-local +BuildRequires: unzip BuildRequires: mvn(cglib:cglib) BuildRequires: mvn(dom4j:dom4j) -BuildRequires: mvn(javassist:javassist) BuildRequires: mvn(joda-time:joda-time) -BuildRequires: mvn(net.sf.kxml:kxml2) BuildRequires: mvn(net.sf.kxml:kxml2-min) BuildRequires: mvn(org.apache.felix:maven-bundle-plugin) +BuildRequires: mvn(org.apache.maven.plugins:maven-antrun-plugin) BuildRequires: mvn(org.apache.maven.plugins:maven-enforcer-plugin) BuildRequires: mvn(org.codehaus.jettison:jettison) BuildRequires: mvn(org.codehaus.mojo:build-helper-maven-plugin) BuildRequires: mvn(org.codehaus.woodstox:woodstox-core-asl) BuildRequires: mvn(org.jdom:jdom) BuildRequires: mvn(org.jdom:jdom2) -BuildRequires: mvn(org.slf4j:slf4j-simple) BuildRequires: mvn(stax:stax) BuildRequires: mvn(stax:stax-api) BuildRequires: mvn(xom:xom) BuildRequires: mvn(xpp3:xpp3) BuildRequires: mvn(xpp3:xpp3_min) -BuildRequires: unzip BuildArch: noarch %if %{with hibernate} BuildRequires: mvn(org.hibernate:hibernate-core) @@ -89,6 +83,7 @@ %if %{with hibernate} %package hibernate Summary: The hibernate module for %{name} +Group: Development/Libraries/Java Requires: %{name} = %{version}-%{release} %description hibernate @@ -97,6 +92,7 @@ %package benchmark Summary: The benchmark module for %{name} +Group: Development/Libraries/Java Requires: %{name} = %{version}-%{release} %description benchmark @@ -104,6 +100,7 @@ %package parent Summary: Parent POM for %{name} +Group: Development/Libraries/Java Requires: %{name} = %{version}-%{release} %description parent @@ -114,11 +111,6 @@ find . -name "*.class" -print -delete find . -name "*.jar" -print -delete -%patch0 -p1 -%patch1 -p1 - -# Remove org.apache.maven.wagon:wagon-webdav -%pom_xpath_remove "pom:project/pom:build/pom:extensions" # Require org.codehaus.xsite:xsite-maven-plugin %pom_disable_module xstream-distribution @@ -128,7 +120,6 @@ %pom_disable_module xstream-jmh %pom_remove_plugin :xsite-maven-plugin -%pom_remove_plugin :jxr-maven-plugin # Unwanted %pom_remove_plugin :maven-source-plugin %pom_remove_plugin :maven-dependency-plugin @@ -146,6 +137,7 @@ # provided by JDK %pom_remove_dep javax.activation:activation xstream +%pom_remove_dep javax.xml.bind:jaxb-api xstream %pom_xpath_set "pom:project/pom:dependencies/pom:dependency[pom:groupId = 'cglib' ]/pom:artifactId" cglib xstream-hibernate %pom_xpath_inject "pom:project/pom:dependencies/pom:dependency[pom:groupId = 'junit' ]" "<scope>test</scope>" xstream-hibernate @@ -164,7 +156,8 @@ %build # test skipped for unavailable test deps (com.megginson.sax:xml-writer) -%{mvn_build} -f -s -- -Dsource=1.6 +%{mvn_build} -f -s -- \ + -Dversion.java.source=8 -Dversion.java.target=8 %install %mvn_install
