Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xstream for openSUSE:Factory checked in at 2021-06-04 22:44:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xstream (Old) and /work/SRC/openSUSE:Factory/.xstream.new.1898 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xstream" Fri Jun 4 22:44:32 2021 rev:6 rq:897529 version:1.4.17 Changes: -------- --- /work/SRC/openSUSE:Factory/xstream/xstream.changes 2021-06-01 10:40:57.945170984 +0200 +++ /work/SRC/openSUSE:Factory/.xstream.new.1898/xstream.changes 2021-06-04 22:44:50.607240274 +0200 @@ -40 +40 @@ -Mon Jan 18 10:14:56 UTC 2021 - Fridrich Strba <fst...@suse.com> +Tue Mar 9 16:16:01 UTC 2021 - Johannes Renner <jren...@suse.com> @@ -44,0 +45,7 @@ +- Upgrade to 1.4.14 + * fixes bsc#1180994, CVE-2020-26217 +- Update xstream to 1.4.15~susemanager + Removed: + * xstream_1_4_10-jdk11.patch + * xstream_1_4_10-buildsh-sle12.patch + * build.sh @@ -47 +54 @@ -Mon Jan 18 09:58:41 UTC 2021 - Fridrich Strba <fst...@suse.com> +Tue Mar 5 15:43:30 UTC 2019 - Frantisek Kobzik <fkob...@suse.com> @@ -49,3 +56,6 @@ -- Upgrade to 1.4.14 - * fixes bsc#1180994, CVE-2020-26217 -- Remove patches: +- Update xstream to 1.4.10 + Added: + * xstream_1_4_10-jdk11.patch + * xstream_1_4_10-buildsh-sle12.patch + * xstream-XSTREAM_1_4_10.tar.gz + Removed: @@ -53,2 +63,11 @@ - * xstream-1.4.9-javadoc.patch - + integrated in upstream sources + * xstream-XSTREAM_1_4_9.tar.gz + * xstream-XSTREAM_1_4_9-jdk11.patch + +- Major changes: +- New XStream artifact with -java7 appended as version suffix for a library explicitly without the Java 8 stuff (lambda expression support, converters for java.time.* package). +- Fix PrimitiveTypePermission to reject type void to prevent CVE-2017-7957 with an initialized security framework. +- Improve performance by minimizing call stack of mapper chain. +- XSTR-774: Add converters for types of java.time, java.time.chrono, and java.time.temporal packages (converters for LocalDate, LocalDateTime, LocalTime, OffsetDateTime, and ZonedDateTime by Matej Cimbora). +- JavaBeanConverter does not respect ignored unknown elements. +- Add XStream.setupDefaultSecurity to initialize security framework with defaults of XStream 1.5.x. +- Emit error warning if security framework has not been initialized and the XStream instance is vulnerable to known exploits. @@ -57 +76,46 @@ -Tue Jun 4 08:18:44 UTC 2019 - Fridrich Strba <fst...@suse.com> +Tue Feb 5 17:29:18 UTC 2019 - michele.bolo...@suse.com + +- Feat: modify patch to be compatible with JDK 11 building + Added: + * xstream-XSTREAM_1_4_9-jdk11.patch + Removed: + * xstream-XSTREAM_1_4_9-jdk9.patch + +------------------------------------------------------------------- +Tue Dec 11 15:27:00 UTC 2018 - m...@suse.com + +- fixes for SLE 15 compatibility + +------------------------------------------------------------------- +Fri Dec 1 13:22:06 UTC 2017 - m...@suse.com + +- fix possible Denial of Service when unmarshalling void. + (CVE-2017-7957, bsc#1070731) + Added: + * 0001-Prevent-deserialization-of-void.patch + +------------------------------------------------------------------- +Tue Nov 7 14:04:11 UTC 2017 - jgonza...@suse.com + +- Fix build for JDK9 +- Disable javadoc generation (broken for SLE15 and Tumbleweed) +- Add: + * xstream-XSTREAM_1_4_9-jdk9.patch +- Changed: + * build.sh + +------------------------------------------------------------------- +Tue Apr 5 21:17:09 UTC 2016 - m...@suse.com + +- Require building on Java 8, otherwise the LambdaMapper class is skipped +(issue 30) + +------------------------------------------------------------------- +Tue Mar 29 12:50:05 UTC 2016 - m...@suse.com + +- Upgrade to version 1.4.9, which fixes CVE-2016-3674 (bsc#972950) + +------------------------------------------------------------------- +Tue Nov 10 07:25:59 UTC 2015 - m...@suse.com + +- Initial version @@ -59 +122,0 @@ -- Initial packaging of xstream 1.4.9 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------
