Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package snakeyaml for openSUSE:Factory checked in at 2022-09-07 11:06:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/snakeyaml (Old) and /work/SRC/openSUSE:Factory/.snakeyaml.new.2083 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "snakeyaml" Wed Sep 7 11:06:33 2022 rev:5 rq:1001658 version:1.31 Changes: -------- --- /work/SRC/openSUSE:Factory/snakeyaml/snakeyaml.changes 2021-05-19 17:50:04.761358705 +0200 +++ /work/SRC/openSUSE:Factory/.snakeyaml.new.2083/snakeyaml.changes 2022-09-07 11:06:52.144533480 +0200 @@ -1,0 +2,31 @@ +Wed Sep 7 07:30:01 UTC 2022 - Fridrich Strba <[email protected]> + +- Upgrade to upstream release 1.31 + * Fixes + + bsc#1202932 (CVE-2022-25857) + + bsc#1203149 (CVE-2022-38749) + + bsc#1203153 (CVE-2022-38751) + + bsc#1203154 (CVE-2022-38752) + + bsc#1203158 (CVE-2022-38750) + * Changes of 1.31 + + Fix #539: false positive CVE-2020-13936 (bsc#1183360) + + Fix #537: Improved RE for integers + + Improve restrictions against DoS attacks + + Fix #525: Restrict nested depth for collections to avoid DoS + attacks + + Fix #522: De-serializing key "on" fails with Exception + + Example with Lombok and ENV variable substitution was added + + reported issue with trailing TAB + + fixes for reading and writing comments + * Changes of 1.30 + + Migrate to new home: snakeyaml/snakeyaml + + fixes for reading and writing comments + + Fix #506: Improve parsing a number starting with 0x + * Changes of 1.29 + + fixes for reading and writing comments +- Modified patches: + * 0001-replace-bundled-base64coder-with-java.util.Base64.patch + * 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch + + rebase + +------------------------------------------------------------------- @@ -5,0 +37,29 @@ + * Changes of 1.28 + + Add possibility to construct enum with case sensitivity + + Fix #493: substitution default can contain special characters + + Add possibility to read and write comments + + Fix #485: Alias names are too permissive compared to libyaml + and future spec + * Changes of 1.27 + + Update #307: add example + + Add: build with CI on github + + Fix #481: Serialize anchors that are not used by any alias + + Fix #416: Improve dumping sequences + + Fix #480: Anchor allows non ASCII characters while dumping + + Fix #476: Make constructor of EnvScalarConstructor public + + Fix #474: Parse the value of byte and short after a narrowing + primitive conversion + + Fix yet another OWASP false positive. It complains that the + Spring controller makes SnakeYAML insecure even though + SnakeYAML does not use Spring controller and does not depend + on Spring (but the tests do). Bump spring.version from + 3.2.17.RELEASE to 5.2.4.RELEASE + + Migrated from hg to git + * Changes of 1.26 + + Fix #377: Allow configuration for preventing billion laughs + attack + + Add: parse ENV variables similar to how it works for + docker-compose + + Fix #468: Allow non ASCII characters in the anchor names + + Add: expose Event.ID in Event via a getter + + Fix #454: Add example for integer without time pattern @@ -16,0 +77,99 @@ + * Changes of 1.25 + + Fix #441: Restore the way to get anchor for a Node + + Fix #437: Introduce setting to keep !!str tag for String even + when it contains non-printable chars + + Update plugin versions + * Changes of 1.24 + + BaseConstructor: Factored out postponed mapping logic so + subclasses can effectively override constructMapping2ndStep() + and delegate to the postponed mapping logic + + Fix #431: Customize simple key length when dumping + + Fix #430: Wrap runtime exceptions into YAMLException. + + Fix: Null tag constructor not called when parsing top-level + null value. + + Fix #429: Provide "Automatic-Module-Name" entry in MANIFEST + + Fix #426: Fix NPE when duplicate keys are not allowed and the + key is null + + Apply pull request #41: Support java.sql classes without the + need to depend on java.sql module in java9+ + + Update: Java 7 is required. + + Fix #423: Date Serialization Fails for TimeZones on Daylight + Savings Time + * Changes of 1.23 + + Update: run tests under Java 11. This is the last release to + support Java 6. As of the next release Java 7 will be required. + + Fix #412: Restore the Boolean constructors for Events and + Nodes for binary compatibility of dependent projects + + Fix #411: System Property "java.runtime.name" is not required + to be defined + + Fix #409: Dumping Enum breaks when Enum value is Anonymous + inner class + * Changes of 1.21 + + Update: Scanner.peekToken() and Scanner.getToken() throw + exception instead of returning null + + Update: Enhance output of token IDs + + Update: Mark - expose buffer and pointer + + Update: Improvements in the Bitbucket pipeline + + Fix #397: Plain scalars with colons in flow sequences/mappings + are valid YAML. This change follows what happens with PyYAML + and libyaml (thanks to developers from the YAML community) + * Changes of 1.20 + + Fix #393: Improve reflective access operation to avoid warning + under Java 9 + + Hold #397: because of the inconsistent corner cases the ':' is + not yet allowed in a flow context + + Refactor nodes and events - use enum FlowStyle instead of + Boolean (minor backwards-incompatible change) + + Refactor ScalarToken, ScalarNode and ScalarEvent - use enum + ScalarStyle instead of Character (minor backwards-incompatible + change) + + Refactor Mark - remove unused code (minor + backwards-incompatible change) + + Fix #395 and #394: Introduce DuplicateKeyException and report + line number for duplicate keys when creating non-Javabeans + * Changes of 1.19 + + Apply pull request #22: Only use FIELD access for Android in + PropertyUtils + + Apply pull request #27: Add getAnnotations() and + getAnnotation() methods to Property. + + Apply pull request #26 and fix #383: Some configuration + properties of Representer were ignored. + + Fix issue #386:Fix order of duplicate keys indices to prevent + wrong removals. + + Update: major improvement when parsing JavaBeans. + + Fix issue #382 and #322: MethodProperty should check for + generic type in getters and setters. + + Fix issue #377: Add test for billion laughs attack. + + Fix issue #368: Relax final restriction on TypeDescription. + + Fix issue #375: Empty YAML file must return null instead of + throwing an exception when loading a JavaBean. + + Fix issue #374: Localization settings (e.g. fr_CA) convert + Number type floats to ints. + + Apply pull request #20: Provide access to node's anchor + + Fix issue #370: Remove redundant + "Bundle-RequiredExecutionEnvironment: J2SE-1.5" + + Fix issue #364: Serializing Calendar objects with certain + timezone offsets renders invalid YAML + * Changes of 1.18 + + Add: create Android artifact with android classifier + + Fix issue #358: Validate DumperOptions to prevent invalid YAML + to be dumped. + + Fix issue #355: Fix for emitter to split long plain string + scalars over multiple lines. + + Apply pull request #13: Let Mark implement Serializable so + that ParserException can be serialized + + Fix issue #337: Throw exception in case of duplicate keys when + LoaderOptions.allowDuplicateKeys is false. + + Fix issue #351: Keep same nodes order on merge (preprocess + keys for MappingNode and remove duplicates keeping the last + one). + + Fix issue #349: Ignore white spaces for base64 encoded scalar + + Fix issue #348: Not removing parent object when composed + object is an anchor + + Fix issue #323: Support "Miscellaneous Symbols and + Pictographs". This fix introduces minor backwards-incompatible + changes - some of the methods have been renamed. This fixes + also long standing issue with iOS emoji + + Fix issue #341: Fix NPE in BaseRepresenter.multiRepresenters + if it contains 'null' as a key + + Update plugin versions Old: ---- snakeyaml-1.28.tar.bz2 New: ---- snakeyaml-1.31.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ snakeyaml.spec ++++++ --- /var/tmp/diff_new_pack.ulySvS/_old 2022-09-07 11:06:52.620534691 +0200 +++ /var/tmp/diff_new_pack.ulySvS/_new 2022-09-07 11:06:52.624534701 +0200 @@ -1,7 +1,7 @@ # # spec file for package snakeyaml # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,16 +16,16 @@ # -%global vertag b28f0b4d87c6 +%global vertag 04401a88fa9b %bcond_with tests Name: snakeyaml -Version: 1.28 +Version: 1.31 Release: 0 Summary: YAML parser and emitter for the Java programming language License: Apache-2.0 Group: Development/Libraries/Java -URL: https://bitbucket.org/asomov/snakeyaml/ -Source0: https://bitbucket.org/asomov/snakeyaml/get/%{name}-%{version}.tar.bz2 +URL: https://bitbucket.org/%{name}/%{name} +Source0: https://bitbucket.org/%{name}/%{name}/get/%{name}-%{version}.tar.bz2 Source1: %{name}-build.xml # Upstream has forked gdata-java and base64 and refuses [1] to # consider replacing them by external dependencies. Bundled libraries @@ -76,7 +76,7 @@ This package contains %{summary}. %prep -%setup -q -n asomov-%{name}-%{vertag} +%setup -q -n %{name}-%{name}-%{vertag} cp %{SOURCE1} build.xml %patch0 -p1 %patch1 -p1 ++++++ 0001-replace-bundled-base64coder-with-java.util.Base64.patch ++++++ --- /var/tmp/diff_new_pack.ulySvS/_old 2022-09-07 11:06:52.644534752 +0200 +++ /var/tmp/diff_new_pack.ulySvS/_new 2022-09-07 11:06:52.644534752 +0200 @@ -1,39 +1,41 @@ -From 82e728f896dffcd88c7cb86e8d9cbebd1a04d29e Mon Sep 17 00:00:00 2001 +From c7ea35842ddebe7069024f284b543f1c10d00631 Mon Sep 17 00:00:00 2001 From: Fabio Valentini <[email protected]> Date: Tue, 10 Sep 2019 13:38:15 +0200 -Subject: [PATCH] replace bundled base64coder with java.util.Base64 +Subject: [PATCH 1/2] replace bundled base64coder with java.util.Base64 --- - pom.xml | 4 +- + pom.xml | 6 +- .../constructor/SafeConstructor.java | 4 +- .../external/biz/base64Coder/Base64Coder.java | 305 ------------------ .../representer/SafeRepresenter.java | 6 +- .../base64Coder/Base64CoderTest.java | 73 ----- .../issues/issue99/YamlBase64Test.java | 6 +- - 6 files changed, 10 insertions(+), 388 deletions(-) + 6 files changed, 10 insertions(+), 390 deletions(-) delete mode 100644 src/main/java/org/yaml/snakeyaml/external/biz/base64Coder/Base64Coder.java delete mode 100644 src/test/java/biz/source_code/base64Coder/Base64CoderTest.java diff --git a/pom.xml b/pom.xml -index 8112370..ae308c7 100644 +index cff065a7..102381e7 100644 --- a/pom.xml +++ b/pom.xml -@@ -10,8 +10,8 @@ +@@ -10,10 +10,8 @@ <project.scm.id>bitbucket</project.scm.id> <release.repo.url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</release.repo.url> <snapshot.repo.url>https://oss.sonatype.org/content/repositories/snapshots/</snapshot.repo.url> - <maven.compiler.source>7</maven.compiler.source> - <maven.compiler.target>7</maven.compiler.target> +- <maven.compiler.testSource>8</maven.compiler.testSource> +- <maven.compiler.testTarget>8</maven.compiler.testTarget> + <maven.compiler.source>8</maven.compiler.source> + <maven.compiler.target>8</maven.compiler.target> <maven.javadoc.failOnError>false</maven.javadoc.failOnError> <maven-bundle-plugin.version>3.5.0</maven-bundle-plugin.version> <maven-resources-plugin.version>3.0.2</maven-resources-plugin.version><!-- for Github CI --> diff --git a/src/main/java/org/yaml/snakeyaml/constructor/SafeConstructor.java b/src/main/java/org/yaml/snakeyaml/constructor/SafeConstructor.java -index bd022cc..217835d 100644 +index f38c4e9a..cb29cf39 100644 --- a/src/main/java/org/yaml/snakeyaml/constructor/SafeConstructor.java +++ b/src/main/java/org/yaml/snakeyaml/constructor/SafeConstructor.java -@@ -17,6 +17,7 @@ +@@ -17,6 +17,7 @@ package org.yaml.snakeyaml.constructor; import java.math.BigInteger; import java.util.ArrayList; @@ -41,7 +43,7 @@ import java.util.Calendar; import java.util.HashMap; import java.util.Iterator; -@@ -31,7 +32,6 @@ +@@ -31,7 +32,6 @@ import java.util.regex.Pattern; import org.yaml.snakeyaml.LoaderOptions; import org.yaml.snakeyaml.error.YAMLException; @@ -49,7 +51,7 @@ import org.yaml.snakeyaml.nodes.MappingNode; import org.yaml.snakeyaml.nodes.Node; import org.yaml.snakeyaml.nodes.NodeId; -@@ -348,7 +348,7 @@ +@@ -383,7 +383,7 @@ public class SafeConstructor extends BaseConstructor { // Ignore white spaces for base64 encoded scalar String noWhiteSpaces = constructScalar((ScalarNode) node).toString().replaceAll("\\s", ""); @@ -60,7 +62,7 @@ } diff --git a/src/main/java/org/yaml/snakeyaml/external/biz/base64Coder/Base64Coder.java b/src/main/java/org/yaml/snakeyaml/external/biz/base64Coder/Base64Coder.java deleted file mode 100644 -index 65923b6..0000000 +index 65923b65..00000000 --- a/src/main/java/org/yaml/snakeyaml/external/biz/base64Coder/Base64Coder.java +++ /dev/null @@ -1,305 +0,0 @@ @@ -370,10 +372,10 @@ - -} // end class Base64Coder diff --git a/src/main/java/org/yaml/snakeyaml/representer/SafeRepresenter.java b/src/main/java/org/yaml/snakeyaml/representer/SafeRepresenter.java -index 2cc15d9..e5ac480 100644 +index 810dbe97..cafc0be8 100644 --- a/src/main/java/org/yaml/snakeyaml/representer/SafeRepresenter.java +++ b/src/main/java/org/yaml/snakeyaml/representer/SafeRepresenter.java -@@ -19,6 +19,7 @@ +@@ -19,6 +19,7 @@ import java.io.UnsupportedEncodingException; import java.math.BigInteger; import java.util.ArrayList; import java.util.Arrays; @@ -381,7 +383,7 @@ import java.util.Calendar; import java.util.Date; import java.util.HashMap; -@@ -33,7 +34,6 @@ +@@ -33,7 +34,6 @@ import java.util.regex.Pattern; import org.yaml.snakeyaml.DumperOptions; import org.yaml.snakeyaml.error.YAMLException; @@ -389,7 +391,7 @@ import org.yaml.snakeyaml.nodes.Node; import org.yaml.snakeyaml.nodes.Tag; import org.yaml.snakeyaml.reader.StreamReader; -@@ -131,7 +131,7 @@ +@@ -131,7 +131,7 @@ class SafeRepresenter extends BaseRepresenter { if (!checkValue.equals(value)) { throw new YAMLException("invalid string value has occurred"); } @@ -398,7 +400,7 @@ } catch (UnsupportedEncodingException e) { throw new YAMLException(e); } -@@ -433,7 +433,7 @@ +@@ -433,7 +433,7 @@ class SafeRepresenter extends BaseRepresenter { protected class RepresentByteArray implements Represent { public Node representData(Object data) { @@ -409,12 +411,12 @@ } diff --git a/src/test/java/biz/source_code/base64Coder/Base64CoderTest.java b/src/test/java/biz/source_code/base64Coder/Base64CoderTest.java deleted file mode 100644 -index 60f6d84..0000000 +index e8e32da1..00000000 --- a/src/test/java/biz/source_code/base64Coder/Base64CoderTest.java +++ /dev/null @@ -1,73 +0,0 @@ -/** -- * Copyright (c) 2008, http://www.snakeyaml.org +- * Copyright (c) 2008, SnakeYAML - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. @@ -487,10 +489,10 @@ - } -} diff --git a/src/test/java/org/yaml/snakeyaml/issues/issue99/YamlBase64Test.java b/src/test/java/org/yaml/snakeyaml/issues/issue99/YamlBase64Test.java -index e425f25..a0c4f6a 100644 +index bae02d29..5f3e62ed 100644 --- a/src/test/java/org/yaml/snakeyaml/issues/issue99/YamlBase64Test.java +++ b/src/test/java/org/yaml/snakeyaml/issues/issue99/YamlBase64Test.java -@@ -18,6 +18,7 @@ +@@ -18,6 +18,7 @@ package org.yaml.snakeyaml.issues.issue99; import java.io.BufferedInputStream; import java.io.IOException; import java.io.InputStream; @@ -498,7 +500,7 @@ import java.util.Map; import junit.framework.TestCase; -@@ -27,7 +28,6 @@ +@@ -27,7 +28,6 @@ import org.yaml.snakeyaml.Yaml; import org.yaml.snakeyaml.YamlDocument; import org.yaml.snakeyaml.constructor.AbstractConstruct; import org.yaml.snakeyaml.constructor.Constructor; @@ -506,7 +508,7 @@ import org.yaml.snakeyaml.nodes.Node; import org.yaml.snakeyaml.nodes.ScalarNode; import org.yaml.snakeyaml.nodes.Tag; -@@ -50,7 +50,7 @@ +@@ -50,7 +50,7 @@ public class YamlBase64Test extends TestCase { all = all + lines[i].trim(); } // System.out.println(all); @@ -515,7 +517,7 @@ assertEquals(3737, decoded.length); checkBytes(decoded); } -@@ -122,7 +122,7 @@ +@@ -122,7 +122,7 @@ public class YamlBase64Test extends TestCase { public Object construct(Node node) { String contentWithNewLines = constructScalar((ScalarNode) node).toString(); String noNewLines = contentWithNewLines.replaceAll("\\s", ""); @@ -525,6 +527,6 @@ } } -- -2.21.0 +2.37.3 ++++++ 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch ++++++ --- /var/tmp/diff_new_pack.ulySvS/_old 2022-09-07 11:06:52.656534783 +0200 +++ /var/tmp/diff_new_pack.ulySvS/_new 2022-09-07 11:06:52.660534793 +0200 @@ -1,4 +1,4 @@ -From f06ff492f18d7c9cdf861a79293279e5ed55823f Mon Sep 17 00:00:00 2001 +From 4e09236b88488cfc222d8e3419e344092548117b Mon Sep 17 00:00:00 2001 From: Michal Srb <[email protected]> Date: Fri, 26 Apr 2013 07:32:04 +0200 Subject: [PATCH 2/2] Replace bundled gdata-java-client classes with @@ -16,7 +16,7 @@ diff --git a/src/main/java/org/yaml/snakeyaml/external/com/google/gdata/util/common/base/Escaper.java b/src/main/java/org/yaml/snakeyaml/external/com/google/gdata/util/common/base/Escaper.java deleted file mode 100644 -index c26e3cb..0000000 +index c26e3cb6..00000000 --- a/src/main/java/org/yaml/snakeyaml/external/com/google/gdata/util/common/base/Escaper.java +++ /dev/null @@ -1,97 +0,0 @@ @@ -119,7 +119,7 @@ -} diff --git a/src/main/java/org/yaml/snakeyaml/external/com/google/gdata/util/common/base/PercentEscaper.java b/src/main/java/org/yaml/snakeyaml/external/com/google/gdata/util/common/base/PercentEscaper.java deleted file mode 100644 -index 5e2f902..0000000 +index 5e2f902d..00000000 --- a/src/main/java/org/yaml/snakeyaml/external/com/google/gdata/util/common/base/PercentEscaper.java +++ /dev/null @@ -1,281 +0,0 @@ @@ -406,7 +406,7 @@ -} diff --git a/src/main/java/org/yaml/snakeyaml/external/com/google/gdata/util/common/base/UnicodeEscaper.java b/src/main/java/org/yaml/snakeyaml/external/com/google/gdata/util/common/base/UnicodeEscaper.java deleted file mode 100644 -index 5403185..0000000 +index 54031850..00000000 --- a/src/main/java/org/yaml/snakeyaml/external/com/google/gdata/util/common/base/UnicodeEscaper.java +++ /dev/null @@ -1,506 +0,0 @@ @@ -917,7 +917,7 @@ - }; -} diff --git a/src/main/java/org/yaml/snakeyaml/util/UriEncoder.java b/src/main/java/org/yaml/snakeyaml/util/UriEncoder.java -index 4cc18b4..b6a1992 100644 +index de7849d4..d6140bb4 100644 --- a/src/main/java/org/yaml/snakeyaml/util/UriEncoder.java +++ b/src/main/java/org/yaml/snakeyaml/util/UriEncoder.java @@ -23,27 +23,46 @@ import java.nio.charset.CharacterCodingException; @@ -977,6 +977,6 @@ /** -- -2.20.1 +2.37.3 ++++++ snakeyaml-1.28.tar.bz2 -> snakeyaml-1.31.tar.bz2 ++++++ ++++ 11817 lines of diff (skipped) ++++++ snakeyaml-build.xml ++++++ --- /var/tmp/diff_new_pack.ulySvS/_old 2022-09-07 11:06:53.088535880 +0200 +++ /var/tmp/diff_new_pack.ulySvS/_new 2022-09-07 11:06:53.092535891 +0200 @@ -12,10 +12,10 @@ <property name="project.description" value="YAML 1.1 parser and emitter for Java"/> <property name="project.groupId" value="org.yaml"/> <property name="project.artifactId" value="snakeyaml"/> - <property name="project.version" value="1.28"/> + <property name="project.version" value="1.31"/> <property name="bundle.version" value="${project.version}.0"/> - <property name="compiler.source" value="1.7"/> + <property name="compiler.source" value="1.8"/> <property name="compiler.target" value="${compiler.source}"/> <property name="build.finalName" value="${project.artifactId}-${project.version}"/>
