[gentoo-commits] repo/gentoo:master commit in: dev-java/dom4j/files/, dev-java/dom4j/

Sat, 17 Jul 2021 05:09:22 -0700 

commit:     fdefd7b25414d9e57612fb8b43c28e7e6e65ce4d
Author:     Volkmar W. Pogatzki <gentoo <AT> pogatzki <DOT> net>
AuthorDate: Mon May 17 13:24:31 2021 +0000
Commit:     Miroslav Šulc <fordfrog <AT> gentoo <DOT> org>
CommitDate: Sat Jul 17 12:09:03 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fdefd7b2

dev-java/dom4j: bump to 2.1.3 (CVE-2020-10683)

Bug: https://bugs.gentoo.org/719318
rewritten with java-pkg-simple.eclass
introducing "jaxen" USE flag

Package-Manager: Portage-3.0.18, Repoman-3.0.2
Signed-off-by: Volkmar W. Pogatzki <gentoo <AT> pogatzki.net>
Closes: https://github.com/gentoo/gentoo/pull/21319
Signed-off-by: Miroslav Šulc <fordfrog <AT> gentoo.org>

 dev-java/dom4j/Manifest                            |  2 +
 dev-java/dom4j/dom4j-2.1.3.ebuild                  | 75 ++++++++++++++++++++++
 .../dom4j-2.1.3-xpp3-add-removeAttribute.patch     | 47 ++++++++++++++
 dev-java/dom4j/metadata.xml                        |  3 +
 4 files changed, 127 insertions(+)

diff --git a/dev-java/dom4j/Manifest b/dev-java/dom4j/Manifest
index a5c57e59200..8913db1a98e 100644
--- a/dev-java/dom4j/Manifest
+++ b/dev-java/dom4j/Manifest
@@ -1,2 +1,4 @@
 DIST dom4j-1.6.1-java5.patch.bz2 2900 BLAKE2B 
cdd7dc901f5292af3ef7f0ea200c3d22bbc8c0adc27606da3c8fbadc44625b114c995321723dca331f0b23d5248e1f9177f0def2f4138eebcbd4aaac0495d4dd
 SHA512 
38da606d77b62976366cd089e5194a922e348ec396e7b9af4dceb0a536c47f66e0900cfa59c91df04aade6076630077a8f88c713b9c20224d69316109b293a96
 DIST dom4j-1.6.1.tar.gz 9687211 BLAKE2B 
3daa3729ea071aa87c7c1e1e2b91f1635109774dd2bd564a85265a0286f1369373084b945409d9d5213d66a7e14224033d42c58d80125b7982eef8961eb29248
 SHA512 
95c5a7105a81734f77b4bf27f8bb0af116bf43d8ad5297a0902a6687a54109a87dffe2953cf430d14947cdaa590aa0fdf083b46a91d1d98d48431cfae4459d94
+DIST dom4j-2.1.3.tar.gz 565918 BLAKE2B 
d6f8c9ae22f84086491ca7e60e5498edda727b219b4fe019da8f62a441dc3cea86ecf0554e32f8e717e21234b8ef8e2905946ab3722462f1fa748ad7e68e9e20
 SHA512 
8c4d7b4f2dd1b3f806e0d5103101998a094c31e9a4912539dcee32f24b35452c7f0d72c5f4cf55f8a8c9a416fee7284f9bca43ae56b0e66104b2b54fdb49ad96
+DIST jaxen-1.2.0.jar 232455 BLAKE2B 
6bd16e8ac34f3af1b9d61218dc6a29862178516cfbb98c6834bf6db846b537e44b48db6ff578b3d67d32c3e2b142e44440a2fdcc6dc06a6ea427b04e6bf1f370
 SHA512 
cad582fc12d0741e9e6fd7e0cf80a50feb04f5ef42043df96f8a5b78476c77695d8b43836d2241f76b35676ea759921edd25eaeb2c04ec916eb138aa2901ce5f

diff --git a/dev-java/dom4j/dom4j-2.1.3.ebuild 
b/dev-java/dom4j/dom4j-2.1.3.ebuild
new file mode 100644
index 00000000000..46f4b495689
--- /dev/null
+++ b/dev-java/dom4j/dom4j-2.1.3.ebuild
@@ -0,0 +1,75 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# Skeleton command:
+# java-ebuilder --generate-ebuild --workdir . --pom dom4j-2.1.3.pom 
--download-uri 
https://github.com/dom4j/dom4j/archive/refs/tags/version-2.1.3.tar.gz --slot 1 
--keywords "~amd64 ~arm ~arm64 ~ppc64 ~x86" --ebuild dom4j-2.1.3.ebuild
+
+EAPI=7
+
+JAVA_PKG_IUSE="doc source test"
+MAVEN_ID="org.dom4j:dom4j:2.1.3"
+JAVA_TESTING_FRAMEWORKS="testng"
+
+inherit java-pkg-2 java-pkg-simple
+
+DESCRIPTION="flexible XML framework for Java"
+HOMEPAGE="https://dom4j.github.io/";
+SRC_URI="https://github.com/${PN}/${PN}/archive/refs/tags/version-${PV}.tar.gz 
-> ${P}.tar.gz
+       https://repo1.maven.org/maven2/jaxen/jaxen/1.2.0/jaxen-1.2.0.jar";
+
+LICENSE="dom4j"
+SLOT="1"
+KEYWORDS="~amd64 ~x86"
+IUSE="jaxen"
+
+CDEPEND="
+       dev-java/jaxb-api:2
+       dev-java/xpp2:0
+       dev-java/xpp3:0
+       dev-java/xsdlib:0
+       jaxen? ( dev-java/jaxen:1.2[dom4j] )
+"
+DEPEND="${CDEPEND}
+       >=virtual/jdk-1.8:*
+       test? ( dev-java/xerces:2 )
+"
+
+# Runtime dependencies
+# POM: ${P}.pom
+# javax.xml.bind:jaxb-api:2.2.12 -> !!!groupId-not-found!!!
+# javax.xml.stream:stax-api:1.0-2 -> java-virtuals/stax-api:0
+# jaxen:jaxen:1.1.6 -> >=dev-java/jaxen-1.2.0:1.2
+# net.java.dev.msv:xsdlib:2013.6.1 -> >=dev-java/xsdlib-20090415:0
+# pull-parser:pull-parser:2 -> >=dev-java/xpp2-2.1.10:0
+# xpp3:xpp3:1.1.4c -> >=dev-java/xpp3-1.1.4c:0
+
+RDEPEND="${CDEPEND}
+       >=virtual/jre-1.8:*
+"
+
+PATCHES=(
+       # XmlStartTag.java:31: error: ProxyXmlStartTag is not abstract and does 
not override abstract method removeAttributeByRawName
+       # patch from https://github.com/dom4j/dom4j/pull/22
+       "${FILESDIR}"/dom4j-2.1.3-xpp3-add-removeAttribute.patch
+)
+
+S="${WORKDIR}/${PN}-version-${PV}"
+
+# dom4j has a cyclic dependency on jaxen[dom4j].
+# The downloaded jaxen-1.2.0.jar is provided for compilation only.
+# No prebuilt software is actually installed onto the system.
+JAVA_GENTOO_CLASSPATH_EXTRA="${DISTDIR}/jaxen-1.2.0.jar"
+JAVA_GENTOO_CLASSPATH="jaxb-api-2,xpp2,xpp3,xsdlib"
+JAVA_SRC_DIR="src/main/java"
+
+JAVA_TEST_GENTOO_CLASSPATH="testng,xerces-2"
+JAVA_TEST_SRC_DIR="src/test/java"
+JAVA_TEST_RESOURCE_DIRS="xml"
+
+src_prepare() {
+       default
+
+       if use jaxen; then
+               JAVA_GENTOO_CLASSPATH+=" jaxen-1.2"
+       fi
+}

diff --git a/dev-java/dom4j/files/dom4j-2.1.3-xpp3-add-removeAttribute.patch 
b/dev-java/dom4j/files/dom4j-2.1.3-xpp3-add-removeAttribute.patch
new file mode 100644
index 00000000000..a58a06dfcd6
--- /dev/null
+++ b/dev-java/dom4j/files/dom4j-2.1.3-xpp3-add-removeAttribute.patch
@@ -0,0 +1,47 @@
+diff --git a/src/main/java/org/dom4j/xpp/ProxyXmlStartTag.java 
b/src/main/java/org/dom4j/xpp/ProxyXmlStartTag.java
+index 08b88fc..aa27c10 100644
+--- a/src/main/java/org/dom4j/xpp/ProxyXmlStartTag.java
++++ b/src/main/java/org/dom4j/xpp/ProxyXmlStartTag.java
+@@ -211,7 +211,7 @@ public class ProxyXmlStartTag implements XmlStartTag {
+      * @throws XmlPullParserException
+      *             DOCUMENT ME!
+      */
+-    public void removeAtttributes() throws XmlPullParserException {
++    public void removeAttributes() throws XmlPullParserException {
+         if (element != null) {
+             element.setAttributes(new ArrayList());
+ 
+@@ -221,6 +221,33 @@ public class ProxyXmlStartTag implements XmlStartTag {
+         }
+     }
+ 
++    public boolean removeAttributeByName(String namespaceURI, String 
localName) throws XmlPullParserException {
++        if (element != null) {
++            for (Iterator<Attribute> iter = element.attributeIterator(); 
iter.hasNext();) {
++                Attribute attribute = iter.next();
++
++                if (namespaceURI.equals(attribute.getNamespaceURI())
++                        && localName.equals(attribute.getName())) {
++                    return element.remove(attribute);
++                }
++            }
++        }
++        return false;
++    }
++
++    public boolean removeAttributeByRawName(String rawName) throws 
XmlPullParserException {
++        if (element != null) {
++            for (Iterator<Attribute> iter = element.attributeIterator(); 
iter.hasNext();) {
++                Attribute attribute = iter.next();
++
++                if (rawName.equals(attribute.getQualifiedName())) {
++                    return element.remove(attribute);
++                }
++            }
++        }
++        return false;
++    }
++
+     public String getLocalName() {
+         return element.getName();
+     }

diff --git a/dev-java/dom4j/metadata.xml b/dev-java/dom4j/metadata.xml
index 2d873897cf3..cdff47537f0 100644
--- a/dev-java/dom4j/metadata.xml
+++ b/dev-java/dom4j/metadata.xml
@@ -5,6 +5,9 @@
                <email>[email protected]</email>
                <name>Java</name>
        </maintainer>
+       <use>
+               <flag name="jaxen">Includes org.jaxen.dom4j package</flag>
+       </use>
        <longdescription>
                Easy to use, open source library for working with XML, XPath and
                XSLT on the Java platform using the Java Collections Framework

Reply via email to