Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package c3p0 for openSUSE:Factory checked in at 2026-03-04 21:04:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/c3p0 (Old) and /work/SRC/openSUSE:Factory/.c3p0.new.561 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "c3p0" Wed Mar 4 21:04:16 2026 rev:9 rq:1336263 version:0.12.0 Changes: -------- --- /work/SRC/openSUSE:Factory/c3p0/c3p0.changes 2025-09-29 16:34:24.595910236 +0200 +++ /work/SRC/openSUSE:Factory/.c3p0.new.561/c3p0.changes 2026-03-04 21:04:23.158371642 +0100 @@ -1,0 +2,219 @@ +Wed Mar 4 04:24:41 UTC 2026 - Fridrich Strba <[email protected]> + +- Upgrade to upstream version 0.12.0 + * Changes of version 0.12.0 + + Replace com.mchange.v2.naming.permitNonlocalJndiNames with + more configurable com.mchange.v2.naming.nameGuardClassName. + By default, it is null, and the same "apparently local" + restriction previously enforced by + com.mchange.v2.naming.permitNonlocalJndiNames is enforced. But + users can supply custom com.mchange.v2.naming.NameGuard + instances to control what names are permissible, and four + implementations of NameGuard are provided. + + Documentation updates. + + Disable by default reflective instantiation of + javax.naming.spi.ObjectFactory instances unless their + classname is included on a whitelist. Define properties-style + config parameter com.mchange.v2.naming.objectFactoryWhitelist + where the comma-separated whitelist can be provided. By + default this parameter contains the two ObjectFactory classes + c3p0 includes in references it creates. + + Change the format of userOverridesAsString, which is just a + String representation of Map<String,Map<String,String>>. Use a + CSV-inspired format, and the mchange-commons-java fastcsv + utility, rather than dangerous Java Object serialization of + the Map of Maps. + + Disable by default support for resolving references serialized + with their own InitialContext custom environment. Define + properties-style config parametercom.mchange.v2.naming + .acceptDeserializedInitialContextEnvironment, defaulting to + false, to manage this dangerous functionality. + + Disable by default JNDI lookups of nonlocal names + (conservatively, names that do not seem to be local). For now + only String names beginning with "java:" or Name objects whose + first component starts with "java:" are considered to be local. + Define properties-style config parameter com.mchange.v2.naming + .permitNonlocalJndiNames, defaulting to false, to manage this + dangerous functionality. + + Disable by default support for loading of + javax.naming.spi.ObjectFactory from remote locations via + Reference.factoryClassLocation. Define properties-style config + parameter com.mchange.v2.naming + .supportReferenceRemoteFactoryClassLocation, defaulting to + false, to manage this dangerous functionality. + * Fix rare issue in Statement caching (GooGooStatementCache), + make sure any Statement we remove is checked into the cache in + order to ensure we don't see internal inconsistencies when + Statements we mean to cull fail to be removed by + removeStatement(...) because they are checked out. + * Changes of version 0.11.2 + * Expose utilities `overwriteJavaBeanProperties` and + `overwriteC3P0PrefixedProperties` in the `DataSources` class, + and refactor existing functions to use those. + * Changes of version 0.11.1 + + in BasicResourcePool, forceKillAcquires() accidentally failed + to surrender its lock, leading to deadlocks following a full + round of acquisition failures. + * Changes of version 0.11.0 + + Additional testing. + * Changes of version 0.11.0-pre2 + + Define new property cancelAutomaticallyClosedStatements, + which, if true, ensures that Statement.cancel() will be called + prior to Statement.close() when c3p0 automatically close()es + statements because a client has neglected to, a Connection + with open Statements has exceeded its + unreturnedConnectionTimeout, or the Statement cache is + expiring a PreparedStatement. + * Changes of version 0.11.0-pre1 + + Rewrite BasicResourcePool and GooGooStatementCache in terms of + ReentrantLock and Condition.{await/signalAll} rather than + native monitors and wait()/notifyAll(), because wait() pins + loom virtual threads. + + Double check after termination of BasicResourcePool + .awaitAvailable(...) that following notification/termination a + resource (Connection) remains available. + + Prevent fragility under non-bootstrap/non-system CLASSLOADERs + under Java 8, where references to java.sql.ShardingKey not + available under Java 8 provoke NoClassDefFoundError. Bifurcate + Connection proxies, generate version without sharding key + methods under JVMs where ShardingKey is unavailable, full JDBC + 4.3 Connection API proxies where ShardingKey is present. + * Changes of version 0.10.2 + + Prevent freeze due to re-waiting if a non-Exception Throwable + occurs while acquiring a PreparedStatement to cache. + * Changes of version 0.10.1 + + Implement more and "louder" (log ugly stack traces) validation + of config properties. + + Modify former InUseLock (now InternalUseLock) and + NewProxyConnection to use ReentrantLock rather than native + monitors, to prevent pinning when clients run on loom virtual + threads. + + Implement config parameter markSessionBoundaries, so that + users can disable JDBC 4.3 beginRequest / endRequest session + boundary marking when JDBC drivers so undesirable things with + those hints. + + Implement more careful examination of begin/endRequest + methods, to take into account the case where those methods + exist on the JDBC driver Connection implementation, but not in + the Connection interface of a pre-Java-9 JVM. We still support + begin/endRequest in this case, but reflectively. + * Changes of version 0.10.0 + + A bit more testing + * Changes of version 0.10.0-pre7 + + Improve performance of begin/endRequest support + + Implement c3p0-loom + UninstrumentedVirtualThreadPerTaskTaskRunnerFactory + + Change mind. Eliminate naggingly prescriptive equals/hashCode + pseudorequirements from plugin interfaces, because our + canonicalization strategy is by key, doesn't actually rely + upon those implementations. + + Guard collection of MBeanAttributeInfo against items that + would have no getter or setter to prevent ugly + IntrospectionExceptions. + + Let C3P0PooledConnectionPool manager test introspected + authentication that appears perhaps incomplete, and revert to + NULL_AUTH (no-arg DataSource.getConnection()) if the test + fails. + * Changes of version 0.10.0-pre6 + + Lots of documentation work. + + Implement attemptResurrectOnCheckin config parameter. + + Add guard to automaticTestTable preventing use of weird or + potentially malicious table names. + * Pick up com.mchange.v2.c3p0.impl.DefaultConnectionTester + .isValidTimeout as default value of new + connectionIsValidTimeout property, so that users upgrading + from previous version still capture the setting from the old + config, even as their ConnectionTester now falls back to null. + * Changes of version 0.10.0-pre5 + + Lots of documenting, condensing, clean-up, etc. + + Define connectionIsValidTimeout as an ordinary bean-style + config parameter. Previously users had to set a universal + property (in c3p0.properties or System properties) to set this + timeout. + + Use simplified isValid(...) based timeout by default, use + traditional ConnectionTester logic only when users specify or + force a ConnectionTester + * Changes of version 0.10.0-pre4 + + Define (in a separate, Java 21, project) a loom + virtual-threads based TaskRunnerFactory, + VirtualThreadPerTaskExecutorTaskRunnerFactory. + + DefineFixedThreadPoolExecutorTaskRunnerFactory, a simple + example that replaces c3p0's traditional Thread pool with an + unshared ThreadPoolExecutor of size numHelperThreads. + + Define AbstractExecutorTaskRunnerFactory, which users can + extend to use or share java.util.concurrent.Executor instances + rather than c3p0's traditional hand-rolled Thread pool. + + Define TaskRunnerFactory, and config param + TaskRunnerFactoryClassName. Users can provide implementations + of TaskRunnerFactory with a public no-arg constructor to take + full control of threading, thread-pooling, etc. + + Support SOURCE_DATE_EPOCH for deterministic builds. (Here and + in mchange-commons-java.) + + Eliminate support for traditional reflective proxies. + + Fix bad anchor in docs. + + Relicense to allow users to opt for LGPL-2.1 or later, rather + than LGPL-2.1-only. (Here and in mchange-commons-java.) + + Update to mchange-commons-java 0.3.0 + * Changes of version 0.10.0-pre3 + + Have build fail if we try to build with an unexpected JVM + version. We want to use a consistent JVM version (currently + 11) and target version (currently 7) when we build c3p0. + + Remove vestiges of unsupported BasicResourcePool.AcquireTask + + Disable very slow handholding function intended to help with + misspellings / misspecifications of resource + "/c3p0-config.xml" + + Let PooledDataSource implement AutoCloseable. This + necessitates targeting Java 7, rather than Java 6, classfiles. + + Bring documentation of acquireRetryAttempts into sync with + c3p0's actual behavior. + + Include license files in published source jar. (Here and in + mchange-commons-java.) + * Changes of version 0.10.0-pre2 + + Add "Automatic-Module-Name" entry to jar manifest for + interoperability with Project Jigsaw / Java 9 modules + + Try context ClassLoader if library ClassLoader fails to load a + named, necessary driver class. + + Let statement cache fail not-quietly if drivers provide + PreparedStatements without a proper equals implementation. + + Be slightly less negative in the docs about + unreturnedConnectionTimeout. + + Implement more robustly accurate checkoutTimeout. + + Add support for JDBC 4.3 beginRequest and endRequest methods. + + Consider ourselves to be a wrapper for a thing if the thing we + wrap itself declares itself as the wrapper of that thing. + + Fix rare ConcurrentModificationException in + GooGooStatementCache when Connections are closed. + * Changes of version 0.10.0-pre1 + + Fix doc comments no longer acceptable under persnicketty JDK + 11 + + Build with JDK 11 JVM (still emitting JDK 1.6 compatible + sources) + + Get tests working under new mill build + + Reorganize to switch build from ant to mill + + Update to mchange-commons-java 0.2.20 +- Build it from the *-sources.jar distributed to maven central, + since the project changed to mill tool for build +- Removed patches: + * c3p0-javadoc.patch + * c3p0-mchange-commons-0.4.0.patch + + not needed with this version +- Build using Java >= 11 (since the APIs of this version are needed + in some files), but still produce Java 1.8 bytecode, to make it + usable for older versions that don't need the files using these + APIs. +- Remove RHEL conditions, since the build.xml file we created is + simple and does not need ant features from contrib. + +------------------------------------------------------------------- +Tue Mar 3 14:40:24 UTC 2026 - Fridrich Strba <[email protected]> + +- Bumped the minimal mchange-commons requirement to 0.4.0 because + of bsc#1258913, CVE-2026-27727 +- Added patch: + * c3p0-mchange-commons-0.4.0.patch + + Supply config to IndirectingSerializableExtension subclass in + order to support 'com.mchange.v2.naming + .supportReferenceRemoteFactoryClassLocation' + + Track mchange-commons-java change in package of IndentedWriter + +------------------------------------------------------------------- Old: ---- c3p0-0.9.5.5.src.tgz c3p0-javadoc.patch New: ---- c3p0-0.12.0-sources.jar c3p0-0.12.0.pom c3p0-build.xml ----------(Old B)---------- Old:- Removed patches: * c3p0-javadoc.patch * c3p0-mchange-commons-0.4.0.patch ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ c3p0.spec ++++++ --- /var/tmp/diff_new_pack.Q6Fv2W/_old 2026-03-04 21:04:23.966405028 +0100 +++ /var/tmp/diff_new_pack.Q6Fv2W/_new 2026-03-04 21:04:23.970405194 +0100 @@ -1,7 +1,7 @@ # # spec file for package c3p0 # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # Copyright (c) 2000-2008, JPackage Project # # All modifications and additions to the file contributed by third parties @@ -17,33 +17,23 @@ # -%define mchange_commons_min_version 0.2.15 Name: c3p0 -Version: 0.9.5.5 +Version: 0.12.0 Release: 0 Summary: JDBC DataSources/Resource Pools License: LGPL-2.0-or-later Group: Development/Libraries/Java URL: https://www.mchange.com/projects/c3p0/ -Source0: http://downloads.sourceforge.net/sourceforge/c3p0/c3p0-%{version}.src.tgz -Patch1: %{name}-javadoc.patch +Source0: https://repo1.maven.org/maven2/com/mchange/%{name}/%{version}/%{name}-%{version}-sources.jar +Source1: https://repo1.maven.org/maven2/com/mchange/%{name}/%{version}/%{name}-%{version}.pom +Source100: %{name}-build.xml BuildRequires: ant BuildRequires: fdupes -BuildRequires: java-devel >= 1.8 +BuildRequires: java-devel >= 11 BuildRequires: javapackages-local >= 6 -BuildRequires: junit -BuildRequires: mchange-commons >= %{mchange_commons_min_version} +BuildRequires: mchange-commons >= 0.4.0 +BuildRequires: unzip BuildArch: noarch -%if !0%{?rhel} -BuildRequires: ant-nodeps -%endif -%if 0%{?rhel} >= 9 -BuildRequires: xmvn-tools -%endif -%if 0%{?rhel} -Requires(post): chkconfig -Requires(postun): chkconfig -%endif %description c3p0 is a library for augmenting traditional (DriverManager-based) @@ -59,46 +49,34 @@ Javadoc documentation for c3p0. %prep -%setup -q -n %{name}-%{version}.src -%patch -P 1 -p1 -%{mvn_file} :c3p0 %{name}/%{name} %{name} +%setup -q -T -c +mkdir -p src/main/java +unzip %{SOURCE0} -d src/main/java +cp %{SOURCE100} build.xml %build -export CLASSPATH= -export OPT_JAR_LIST="ant/ant-nodeps" -ant \ - -Dmchange-commons-java.jar.file=%{_javadir}/mchange-commons/mchange-commons-java.jar \ - -Djunit.jar.file=$(build-classpath junit) -Djvm.target.version=8 \ - jar javadoc - -sed -i "s/@c3p0.version.maven@/%{version}/g" src/maven/pom.xml -sed -i "s/@mchange-commons-java.version.maven@/%{mchange_commons_min_version}/g" \ - src/maven/pom.xml -%{mvn_artifact} src/maven/pom.xml build/%{name}-%{version}.jar +mkdir -p lib +build-jar-repository -s lib mchange-commons +ant jar javadoc %install -%if 0%{?rhel} -%mvn_install -%else # jars install -d -m 0755 %{buildroot}%{_javadir} -install -p -m 0644 build/%{name}-%{version}.jar \ +install -p -m 0644 target/%{name}-%{version}.jar \ %{buildroot}%{_javadir}/%{name}.jar # poms install -d -m 0755 %{buildroot}%{_mavenpomdir} -%{mvn_install_pom} src/maven/pom.xml %{buildroot}%{_mavenpomdir}/%{name}.pom +%{mvn_install_pom} %{SOURCE1} %{buildroot}%{_mavenpomdir}/%{name}.pom %add_maven_depmap %{name}.pom %{name}.jar -a c3p0:c3p0 -%endif # javadoc mkdir -p %{buildroot}%{_javadocdir}/%{name} -cp -pr build/apidocs/* %{buildroot}%{_javadocdir}/%{name} +cp -pr target/site/apidocs/* %{buildroot}%{_javadocdir}/%{name} %fdupes -s %{buildroot}%{_javadocdir}/%{name} %files -f .mfiles -%license src/dist-static/LICENSE -%doc src/doc/index.html +%license src/main/java/LICENSE* %files javadoc %{_javadocdir}/%{name} ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.Q6Fv2W/_old 2026-03-04 21:04:24.018407177 +0100 +++ /var/tmp/diff_new_pack.Q6Fv2W/_new 2026-03-04 21:04:24.022407342 +0100 @@ -1,6 +1,6 @@ -mtime: 1757057847 -commit: 6fe7e30ebfcabfa718becaf245ba637243d6503942e12e320184a6510fe0392c +mtime: 1772601473 +commit: 4a46c7164fec6b02e96a35a00d859e74035d7343d65e8830434140447e45b789 url: https://src.opensuse.org/java-packages/c3p0.git -revision: 6fe7e30ebfcabfa718becaf245ba637243d6503942e12e320184a6510fe0392c +revision: 4a46c7164fec6b02e96a35a00d859e74035d7343d65e8830434140447e45b789 projectscmsync: https://src.opensuse.org/java-packages/_ObsPrj ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-03-04 06:18:24.000000000 +0100 @@ -0,0 +1 @@ +.osc ++++++ c3p0-0.12.0.pom ++++++ <?xml version="1.0" encoding="UTF-8"?> <project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"; xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <modelVersion>4.0.0</modelVersion> <name>c3p0</name> <groupId>com.mchange</groupId> <artifactId>c3p0</artifactId> <packaging>jar</packaging> <description>A mature JDBC3+ Connection pooling library</description> <version>0.12.0</version> <url>https://www.mchange.com/projects/c3p0</url> <licenses> <license> <name>LGPL-2.1-or-later</name> <url>https://spdx.org/licenses/LGPL-2.1-or-later.html</url> <distribution>repo</distribution> </license> <license> <name>EPL-1.0</name> <url>https://spdx.org/licenses/EPL-1.0.html</url> <distribution>repo</distribution> </license> </licenses> <scm> <connection>scm:git:git://github.com/swaldman/c3p0.git</connection> <developerConnection>scm:git:ssh://[email protected]:swaldman/c3p0.git</developerConnection> <url>https://github.com/swaldman/c3p0</url> </scm> <developers> <developer> <id>swaldman</id> <name>Steve Waldman</name> <url>https://github.com/swaldman</url> </developer> </developers> <dependencies> <dependency> <groupId>com.mchange</groupId> <artifactId>mchange-commons-java</artifactId> <version>0.4.0</version> </dependency> </dependencies> </project> ++++++ c3p0-build.xml ++++++ <?xml version="1.0" encoding="UTF-8"?> <project name="c3p0" default="package" basedir="."> <!-- ====================================================================== --> <!-- Build environment properties --> <!-- ====================================================================== --> <property file="build.properties"/> <property name="project.artifactId" value="c3p0"/> <property name="project.version" value="0.12.0"/> <property name="compiler.release" value="8"/> <property name="compiler.source" value="1.${compiler.release}"/> <property name="compiler.target" value="${compiler.source}"/> <property name="build.finalName" value="${project.artifactId}-${project.version}"/> <property name="build.dir" value="target"/> <property name="build.outputDir" value="${build.dir}/classes"/> <property name="build.srcDir" value="src/main/java"/> <property name="reporting.outputDirectory" value="${build.dir}/site"/> <!-- ====================================================================== --> <!-- Defining classpaths --> <!-- ====================================================================== --> <path id="build.classpath"> <fileset dir="lib"> <include name="**/*.jar"/> </fileset> </path> <!-- ====================================================================== --> <!-- Cleaning up target --> <!-- ====================================================================== --> <target name="clean" description="Clean the output directory"> <delete dir="${build.dir}"/> </target> <!-- ====================================================================== --> <!-- Compilation target --> <!-- ====================================================================== --> <target name="compile" description="Compile the code"> <mkdir dir="${build.outputDir}"/> <javac destdir="${build.outputDir}" nowarn="false" debug="true" optimize="false" deprecation="true" target="${compiler.target}" verbose="false" fork="false" source="${compiler.source}"> <src> <pathelement location="${build.srcDir}"/> </src> <classpath refid="build.classpath"/> </javac> <copy todir="${build.outputDir}"> <fileset dir="${build.srcDir}"> <exclude name="**/*~"/> <exclude name="**/*.java"/> </fileset> </copy> </target> <!-- ====================================================================== --> <!-- Javadoc target --> <!-- ====================================================================== --> <target name="javadoc" description="Generates the Javadoc of the application"> <javadoc sourcepath="${build.srcDir}" packagenames="*" destdir="${reporting.outputDirectory}/apidocs" access="protected" source="${compiler.source}" verbose="false" version="true" use="true" author="true" splitindex="false" nodeprecated="false" nodeprecatedlist="false" notree="false" noindex="false" nohelp="false" nonavbar="false" serialwarn="false" encoding="utf-8" linksource="false" breakiterator="false"> <classpath refid="build.classpath"/> </javadoc> </target> <!-- ====================================================================== --> <!-- Package target --> <!-- ====================================================================== --> <target name="package" depends="compile" description="Package the application"> <jar jarfile="${build.dir}/${build.finalName}.jar" compress="true" index="false" basedir="${build.outputDir}" excludes="**/package.html"> <manifest> <attribute name="Automatic-Module-Name" value="com.mchange.v2.c3p0"/> </manifest> </jar> </target> <!-- ====================================================================== --> <!-- A dummy target for the package named after the type it creates --> <!-- ====================================================================== --> <target name="jar" depends="package" description="Builds the jar for the application"/> </project>
