Hello community,
here is the log from the commit of package apache-commons-beanutils for
openSUSE:Factory checked in at 2019-08-22 10:58:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache-commons-beanutils (Old)
and /work/SRC/openSUSE:Factory/.apache-commons-beanutils.new.22127 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache-commons-beanutils"
Thu Aug 22 10:58:46 2019 rev:12 rq:725217 version:1.9.4
Changes:
--------
---
/work/SRC/openSUSE:Factory/apache-commons-beanutils/apache-commons-beanutils.changes
2018-10-31 13:22:03.655022650 +0100
+++
/work/SRC/openSUSE:Factory/.apache-commons-beanutils.new.22127/apache-commons-beanutils.changes
2019-08-22 10:58:58.209646760 +0200
@@ -1,0 +2,11 @@
+Wed Aug 21 14:56:26 UTC 2019 - Pedro Monreal Gonzalez
<[email protected]>
+
+- Update to 1.9.4
+ * BEANUTILS-520: BeanUtils mitigate CVE-2014-0114
+- Security fix: [bsc#1146657, CVE-2019-10086]
+ * PropertyUtilsBean (and consequently BeanUtilsBean) now disallows class
+ level property access by default, thus protecting against CVE-2014-0114.
+- Fix build version in build.xml
+ * Added apache-commons-beanutils-fix-build-version.patch
+
+-------------------------------------------------------------------
Old:
----
commons-beanutils-1.9.3-src.tar.gz
commons-beanutils-1.9.3-src.tar.gz.asc
New:
----
apache-commons-beanutils-fix-build-version.patch
commons-beanutils-1.9.4-src.tar.gz
commons-beanutils-1.9.4-src.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache-commons-beanutils.spec ++++++
--- /var/tmp/diff_new_pack.agqgt9/_old 2019-08-22 10:59:01.093646373 +0200
+++ /var/tmp/diff_new_pack.agqgt9/_new 2019-08-22 10:59:01.093646373 +0200
@@ -1,7 +1,7 @@
#
# spec file for package apache-commons-beanutils
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
%define base_name beanutils
%define short_name commons-%{base_name}
Name: apache-commons-beanutils
-Version: 1.9.3
+Version: 1.9.4
Release: 0
Summary: Utility methods for accessing and modifying the properties of
JavaBeans
License: Apache-2.0
@@ -28,6 +28,7 @@
Source0:
http://www.apache.org/dist/commons/%{base_name}/source/%{short_name}-%{version}-src.tar.gz
Source1:
http://www.apache.org/dist/commons/%{base_name}/source/%{short_name}-%{version}-src.tar.gz.asc
Patch0: jdk9.patch
+Patch1: apache-commons-beanutils-fix-build-version.patch
BuildRequires: ant
BuildRequires: commons-collections
BuildRequires: commons-logging
@@ -65,6 +66,7 @@
%prep
%setup -q -n %{short_name}-%{version}-src
%patch0 -p1
+%patch1 -p1
sed -i 's/\r//' *.txt
# bug in ant build
touch README.txt
@@ -76,7 +78,7 @@
%install
# jars
install -d -m 755 %{buildroot}%{_javadir}
-install -m 644 dist/%{short_name}-%{version}-SNAPSHOT.jar
%{buildroot}%{_javadir}/%{name}-%{version}.jar
+install -m 644 dist/%{short_name}-%{version}.jar
%{buildroot}%{_javadir}/%{name}-%{version}.jar
pushd %{buildroot}%{_javadir}
ln -s %{name}-%{version}.jar %{name}.jar
++++++ apache-commons-beanutils-fix-build-version.patch ++++++
Index: commons-beanutils-1.9.4-src/build.xml
===================================================================
--- commons-beanutils-1.9.4-src.orig/build.xml
+++ commons-beanutils-1.9.4-src/build.xml
@@ -43,7 +43,7 @@
<property name="component.title" value="Bean Introspection
Utilities"/>
<!-- The current version number of this component -->
- <property name="component.version" value="1.9.3-SNAPSHOT"/>
+ <property name="component.version" value="1.9.4"/>
<!-- The base directory for compilation targets -->
<property name="build.home" value="target"/>
++++++ commons-beanutils-1.9.3-src.tar.gz -> commons-beanutils-1.9.4-src.tar.gz
++++++
++++ 3963 lines of diff (skipped)
