This is an automated email from the git hooks/post-receive script. ebourg-guest pushed a commit to branch master in repository libspring-java.
commit 3b9ca83e520a7a441a62818bc70fd11bdd8c7b59 Author: Emmanuel Bourg <[email protected]> Date: Wed Nov 26 16:08:45 2014 +0100 Removed the patch for CVE-2013-4152 (fixed upstream) --- ...rocessExternalEntities-to-JAXB2Marshaller.patch | 116 --------------------- debian/patches/series | 1 - 2 files changed, 117 deletions(-) diff --git a/debian/patches/Add-processExternalEntities-to-JAXB2Marshaller.patch b/debian/patches/Add-processExternalEntities-to-JAXB2Marshaller.patch deleted file mode 100644 index 77afb93..0000000 --- a/debian/patches/Add-processExternalEntities-to-JAXB2Marshaller.patch +++ /dev/null @@ -1,116 +0,0 @@ -From: Markus Koschany <[email protected]> -Date: Thu, 5 Dec 2013 10:59:47 +0100 -Subject: Add 'processExternalEntities to JAXB2Marshaller - -Added 'processExternalEntities' property to the JAXB2Marshaller, which -indicates whether external XML entities are processed when -unmarshalling. - -Default is false, meaning that external entities are not resolved. -Processing of external entities will only be enabled/disabled when the -Source} passed to #unmarshal(Source) is a SAXSource or StreamSource. It -has no effect for DOMSource or StAXSource instances. - -Original patch by Arjen Poutsma. - -Bug: http://bugs.debian.org/720902 ---- - .../springframework/oxm/jaxb/Jaxb2Marshaller.java | 56 ++++++++++++++++++++++ - 1 file changed, 56 insertions(+) - -diff --git a/projects/org.springframework.oxm/src/main/java/org/springframework/oxm/jaxb/Jaxb2Marshaller.java b/projects/org.springframework.oxm/src/main/java/org/springframework/oxm/jaxb/Jaxb2Marshaller.java -index 890ce18..1b3412d 100644 ---- a/projects/org.springframework.oxm/src/main/java/org/springframework/oxm/jaxb/Jaxb2Marshaller.java -+++ b/projects/org.springframework.oxm/src/main/java/org/springframework/oxm/jaxb/Jaxb2Marshaller.java -@@ -61,7 +61,9 @@ import javax.xml.stream.XMLStreamReader; - import javax.xml.stream.XMLStreamWriter; - import javax.xml.transform.Result; - import javax.xml.transform.Source; -+import javax.xml.transform.dom.DOMSource; - import javax.xml.transform.sax.SAXSource; -+import javax.xml.transform.stream.StreamSource; - import javax.xml.validation.Schema; - import javax.xml.validation.SchemaFactory; - -@@ -158,6 +160,8 @@ public class Jaxb2Marshaller - - private boolean lazyInit = false; - -+ private boolean processExternalEntities = false; -+ - - /** - * Set multiple JAXB context paths. The given array of context paths is converted to a -@@ -301,6 +305,18 @@ public class Jaxb2Marshaller - this.lazyInit = lazyInit; - } - -+ /** -+ * Indicates whether external XML entities are processed when unmarshalling. -+ * <p>Default is {@code false}, meaning that external entities are not resolved. -+ * Note that processing of external entities will only be enabled/disabled when the -+ * {@code Source} passed to {@link #unmarshal(Source)} is a {@link SAXSource} or -+ * {@link StreamSource}. It has no effect for {@link DOMSource} or {@link StAXSource} -+ * instances. -+ */ -+ public void setProcessExternalEntities(boolean processExternalEntities) { -+ this.processExternalEntities = processExternalEntities; -+ } -+ - public void setBeanClassLoader(ClassLoader classLoader) { - this.beanClassLoader = classLoader; - } -@@ -569,6 +585,8 @@ public class Jaxb2Marshaller - } - - public Object unmarshal(Source source, MimeContainer mimeContainer) throws XmlMappingException { -+ source = processSource(source); -+ - try { - Unmarshaller unmarshaller = createUnmarshaller(); - if (this.mtomEnabled && mimeContainer != null) { -@@ -616,6 +634,44 @@ public class Jaxb2Marshaller - } - } - -+ private Source processSource(Source source) { -+ if (StaxUtils.isStaxSource(source) || source instanceof DOMSource) { -+ return source; -+ } -+ -+ XMLReader xmlReader = null; -+ InputSource inputSource = null; -+ -+ if (source instanceof SAXSource) { -+ SAXSource saxSource = (SAXSource) source; -+ xmlReader = saxSource.getXMLReader(); -+ inputSource = saxSource.getInputSource(); -+ } -+ else if (source instanceof StreamSource) { -+ StreamSource streamSource = (StreamSource) source; -+ if (streamSource.getInputStream() != null) { -+ inputSource = new InputSource(streamSource.getInputStream()); -+ } -+ else if (streamSource.getReader() != null) { -+ inputSource = new InputSource(streamSource.getReader()); -+ } -+ } -+ -+ try { -+ if (xmlReader == null) { -+ xmlReader = XMLReaderFactory.createXMLReader(); -+ } -+ xmlReader.setFeature("http://xml.org/sax/features/external-general-entities";, -+ this.processExternalEntities); -+ -+ return new SAXSource(xmlReader, inputSource); -+ } -+ catch (SAXException ex) { -+ logger.warn("Processing of external entities could not be disabled", ex); -+ return source; -+ } -+ } -+ - /** - * Template method that can be overridden by concrete JAXB marshallers for custom initialization behavior. - * Gets called after creation of JAXB <code>Marshaller</code>, and after the respective properties have been set. diff --git a/debian/patches/series b/debian/patches/series index 95f0a61..76d3302 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -9,5 +9,4 @@ 0009_hibernate_validator_41.diff 0010_velocity_17.diff 0011-java7-compat.patch -Add-processExternalEntities-to-JAXB2Marshaller.patch 0012_use_debian_asm4.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/libspring-java.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
