Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xmlgraphics-batik for
openSUSE:Factory checked in at 2022-09-25 15:34:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xmlgraphics-batik (Old)
and /work/SRC/openSUSE:Factory/.xmlgraphics-batik.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xmlgraphics-batik"
Sun Sep 25 15:34:22 2022 rev:26 rq:1005577 version:1.15
Changes:
--------
--- /work/SRC/openSUSE:Factory/xmlgraphics-batik/xmlgraphics-batik.changes
2022-03-28 16:59:58.116921075 +0200
+++
/work/SRC/openSUSE:Factory/.xmlgraphics-batik.new.2275/xmlgraphics-batik.changes
2022-09-25 15:34:29.639506012 +0200
@@ -1,0 +2,16 @@
+Fri Sep 23 07:28:24 UTC 2022 - Fridrich Strba <[email protected]>
+
+- Upgrade to version 1.15
+ * BATIK-1260: Java 11 module error
+ * BATIK-1321: Remove Xerces
+ * BATIK-1299: Batik-all jar has all classes so should not pull
+ other jars also
+ * BATIK-1329: Remove xalan
+ * BATIK-1331, bsc#1203674, CVE-2022-38398: Jar url should be
+ blocked by DefaultExternalResourceSecurity
+ * BATIK-1333, bsc#1203673, CVE-2022-38648: Block external resource
+ before calling fop
+ * BATIK-1335, bsc#1203672, CVE-2022-40146: Jar url should be
+ blocked by DefaultScriptSecurity
+
+-------------------------------------------------------------------
Old:
----
batik-src-1.14.tar.gz
New:
----
batik-src-1.15.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xmlgraphics-batik.spec ++++++
--- /var/tmp/diff_new_pack.sf7KbE/_old 2022-09-25 15:34:30.215507399 +0200
+++ /var/tmp/diff_new_pack.sf7KbE/_new 2022-09-25 15:34:30.219507409 +0200
@@ -20,7 +20,7 @@
%define _buildshell /bin/bash
%global classpath
xmlgraphics-batik:rhino:xml-commons-apis:xml-commons-apis-ext:xmlgraphics-commons
Name: xmlgraphics-batik
-Version: 1.14
+Version: 1.15
Release: 0
Summary: Scalable Vector Graphics for Java
License: Apache-2.0
@@ -36,12 +36,10 @@
BuildRequires: javapackages-local
BuildRequires: jython
BuildRequires: rhino >= 1.6
-BuildRequires: xalan-j2
BuildRequires: xml-commons-apis >= 1.3.03
BuildRequires: xmlgraphics-commons
Requires: %{name}-css = %{version}-%{release}
Requires: mvn(org.apache.xmlgraphics:xmlgraphics-commons)
-Requires: mvn(xalan:xalan)
Requires: mvn(xml-apis:xml-apis)
Requires: mvn(xml-apis:xml-apis-ext)
Obsoletes: batik < %{version}-%{release}
@@ -180,7 +178,7 @@
%pom_disable_module batik-test-old
-build-jar-repository -s lib js xml-apis xml-commons-apis-ext xalan-j2
xmlgraphics-commons jython
+build-jar-repository -s lib js xml-apis xml-commons-apis-ext
xmlgraphics-commons jython
%build
export CLASSPATH=
++++++ batik-build.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/common.xml new/common.xml
--- old/common.xml 2022-03-20 08:24:34.241529287 +0100
+++ new/common.xml 2022-09-23 09:24:39.005967614 +0200
@@ -3,7 +3,7 @@
<project name="common" basedir=".">
<property file="build.properties"/>
- <property name="project.version" value="1.14"/>
+ <property name="project.version" value="1.15"/>
<property name="project.groupId" value="org.apache.xmlgraphics"/>
<property name="project.organization.name" value="Apache Software
Foundation"/>
<property name="project.organization.url" value="http://www.apache.org/"/>
++++++ batik-src-1.14.tar.gz -> batik-src-1.15.tar.gz ++++++
/work/SRC/openSUSE:Factory/xmlgraphics-batik/batik-src-1.14.tar.gz
/work/SRC/openSUSE:Factory/.xmlgraphics-batik.new.2275/batik-src-1.15.tar.gz
differ: char 15, line 1
