Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package c3p0 for openSUSE:Factory checked in at 2021-04-21 20:59:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/c3p0 (Old) and /work/SRC/openSUSE:Factory/.c3p0.new.12324 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "c3p0" Wed Apr 21 20:59:23 2021 rev:2 rq:886654 version:0.9.5.5 Changes: -------- --- /work/SRC/openSUSE:Factory/c3p0/c3p0.changes 2019-07-11 13:16:23.882805108 +0200 +++ /work/SRC/openSUSE:Factory/.c3p0.new.12324/c3p0.changes 2021-04-21 20:59:39.538225872 +0200 @@ -1,0 +2,16 @@ +Fri Apr 16 20:10:24 UTC 2021 - Ferdinand Thiessen <[email protected]> + +- Update to 0.9.5.5 + * Fixed CVE-2018-20433, version 0.9.5.2 allowed XXE in + extractXmlConfigFromInputStream during initialization. + * Properly implement the JDBC 4.1 abort method. + * Make XML parsing much more restrictove by default, but allow + users to revert to the old, permissive behavior by setting config + property 'com.mchange.v2.c3p0.cfg.xml.usePermissiveParser' to true + * Address situation where a throwable during forceKillAcquires() left + the force_kill_acquires flag set to true, making it impossible for + the pool to restart acquisition attempts on recovery. + * Upgrade dependency to mchange-commons-java 0.2.15, which + includes support for log4j2 + +------------------------------------------------------------------- Old: ---- c3p0-0.9.5.2.src.tgz New: ---- c3p0-0.9.5.5.src.tgz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ c3p0.spec ++++++ --- /var/tmp/diff_new_pack.QSrHAe/_old 2021-04-21 20:59:39.946226514 +0200 +++ /var/tmp/diff_new_pack.QSrHAe/_new 2021-04-21 20:59:39.950226521 +0200 @@ -1,7 +1,7 @@ # # spec file for package c3p0 # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # Copyright (c) 2000-2008, JPackage Project # # All modifications and additions to the file contributed by third parties @@ -17,15 +17,17 @@ # -%define mchange_commons_version 0.2.11 +%define mchange_commons_min_version 0.2.15 +%define mchange_commons_version %(rpm -q --qf '%%{VERSION}' mchange-commons) + Name: c3p0 -Version: 0.9.5.2 +Version: 0.9.5.5 Release: 0 Summary: JDBC DataSources/Resource Pools License: LGPL-2.0-or-later Group: Development/Libraries/Java -URL: http://sourceforge.net/projects/c3p0/ -Source0: http://downloads.sourceforge.net/sourceforge/c3p0/c3p0-0.9.5.2.src.tgz +URL: https://www.mchange.com/projects/c3p0/ +Source0: http://downloads.sourceforge.net/sourceforge/c3p0/c3p0-%{version}.src.tgz Patch1: %{name}-javadoc.patch BuildRequires: ant BuildRequires: ant-nodeps @@ -33,7 +35,7 @@ BuildRequires: java-devel >= 1.8 BuildRequires: javapackages-local BuildRequires: junit -BuildRequires: mchange-commons = %{mchange_commons_version} +BuildRequires: mchange-commons >= %{mchange_commons_min_version} Requires: mchange-commons = %{mchange_commons_version} Requires(post): update-alternatives Requires(postun): update-alternatives ++++++ c3p0-0.9.5.2.src.tgz -> c3p0-0.9.5.5.src.tgz ++++++ ++++ 3757 lines of diff (skipped)
