Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xstream for openSUSE:Factory checked in at 2023-03-17 17:05:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xstream (Old) and /work/SRC/openSUSE:Factory/.xstream.new.31432 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xstream" Fri Mar 17 17:05:10 2023 rev:12 rq:1072631 version:1.4.20 Changes: -------- --- /work/SRC/openSUSE:Factory/xstream/xstream.changes 2022-05-24 20:33:51.835053110 +0200 +++ /work/SRC/openSUSE:Factory/.xstream.new.31432/xstream.changes 2023-03-17 17:05:28.562064040 +0100 @@ -1,0 +2,41 @@ +Fri Mar 17 13:04:00 UTC 2023 - Fridrich Strba <[email protected]> + +- Upgrade to 1.4.20 + * Security fixes + + This maintenance release addresses the security + vulnerabilities CVE-2022-40151 (bsc#1203520) and + CVE-2022-41966 (bsc#1206729), causing a Denial of Service by + raising a stack overflow. It also provides new converters for + Optional and Atomic types. + * Major changes + + #308: Add converter for AtomicBoolean, AtomicInteger, + AtomicLong, and AtomicReference of package + java.util.concurrent.atomic. + + #293: Add converter for Optional, OptionalDouble, OptionalInt, + and OptionalLong of package java.util. + * Minor changes + + #287: Close stream opened from provided URL. + + #284: Fix disabling check against hash code attack with + XStream.setCollectionUpdateLimit(0). + * Stream compatibility + + The atomic types with new converters of package + java.util.concurrent.atomic, that have been written with + previous versions of XStream, can still be deserialized. + + The Optional types with new converters of package java.util, + that have been written with previous versions of XStream, + can still be deserialized. + + The WildcardTypePermission allows by default no longer + anonymous class types. + * API changes + + Added c.t.x.converters.extended.AtomicBooleanConverter. + + Added c.t.x.converters.extended.AtomicIntegerConverter. + + Added c.t.x.converters.extended.AtomicLongConverter. + + Added c.t.x.converters.extended.AtomicReferenceConverter. + + Added c.t.x.converters.extended.OptionalConverter. + + Added c.t.x.converters.extended.OptionalDoubleConverter. + + Added c.t.x.converters.extended.OptionalIntConverter. + + Added c.t.x.converters.extended.OptionalLongConverter. + + Added c.t.x.security.WildcardTypePermission + .WildcardTypePermission(boolean,String[]). + +------------------------------------------------------------------- Old: ---- xstream-distribution-1.4.19-src.zip New: ---- xstream-distribution-1.4.20-src.zip ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xstream.spec ++++++ --- /var/tmp/diff_new_pack.HOTey6/_old 2023-03-17 17:05:29.286067855 +0100 +++ /var/tmp/diff_new_pack.HOTey6/_new 2023-03-17 17:05:29.290067877 +0100 @@ -1,7 +1,7 @@ # # spec file for package xstream # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # Copyright (c) 2000-2007, JPackage Project # # All modifications and additions to the file contributed by third parties @@ -19,7 +19,7 @@ %bcond_with hibernate Name: xstream -Version: 1.4.19 +Version: 1.4.20 Release: 0 Summary: Java XML serialization library License: BSD-3-Clause
