This is an automated email from the git hooks/post-receive script.

apo pushed a commit to branch jessie
in repository jackson-databind.

commit 384df1fc06dcc90b9d4271f7faf05c34d00c19ae
Author: Markus Koschany <a...@debian.org>
Date:   Thu Oct 19 02:07:28 2017 +0200

    Fix FTBFS due to missing helper method.
    
    Work around the issue by just throwing the exception without it.
---
 debian/patches/CVE-2017-7525.patch   | 13 ++++++-------
 debian/patches/fix-using-bundle.diff |  8 ++++++++
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/debian/patches/CVE-2017-7525.patch 
b/debian/patches/CVE-2017-7525.patch
index 5c5531f..d864b43 100644
--- a/debian/patches/CVE-2017-7525.patch
+++ b/debian/patches/CVE-2017-7525.patch
@@ -6,13 +6,13 @@ Bug-Upstream: 
https://github.com/FasterXML/jackson-databind/issues/1599
 Bug-Debian: https://bugs.debian.org/870848
 Origin: 
https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1
 ---
- .../databind/deser/BeanDeserializerFactory.java    | 50 ++++++++++++++++++++++
- .../databind/interop/IllegalTypesCheckTest.java    | 40 +++++++++++++++++
- 2 files changed, 90 insertions(+)
+ .../databind/deser/BeanDeserializerFactory.java    | 49 ++++++++++++++++++++++
+ .../databind/interop/IllegalTypesCheckTest.java    | 40 ++++++++++++++++++
+ 2 files changed, 89 insertions(+)
  create mode 100644 
src/test/java/com/fasterxml/jackson/databind/interop/IllegalTypesCheckTest.java
 
 diff --git 
a/src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java
 
b/src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java
-index a10cc45..f45b1b4 100644
+index a10cc45..d092a39 100644
 --- 
a/src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java
 +++ 
b/src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java
 @@ -44,6 +44,36 @@ public class BeanDeserializerFactory
@@ -61,7 +61,7 @@ index a10cc45..f45b1b4 100644
          // Use generic bean introspection to build deserializer
          return buildBeanDeserializer(ctxt, type, beanDesc);
      }
-@@ -875,4 +907,22 @@ public class BeanDeserializerFactory
+@@ -875,4 +907,21 @@ public class BeanDeserializerFactory
          }
          return status;
      }
@@ -78,8 +78,7 @@ index a10cc45..f45b1b4 100644
 +        String full = type.getRawClass().getName();
 +
 +        if (_cfgIllegalClassNames.contains(full)) {
-+            ctxt.reportBadTypeDefinition(beanDesc,
-+                    "Illegal type (%s) to deserialize: prevented for security 
reasons", full);
++            throw new JsonMappingException("Illegal type (" + full + ") to 
deserialize: prevented for security reasons");
 +        }
 +    }
 +
diff --git a/debian/patches/fix-using-bundle.diff 
b/debian/patches/fix-using-bundle.diff
index acee1b0..aafd3e2 100644
--- a/debian/patches/fix-using-bundle.diff
+++ b/debian/patches/fix-using-bundle.diff
@@ -1,3 +1,11 @@
+From: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
+Date: Thu, 19 Oct 2017 01:52:47 +0200
+Subject: fix-using-bundle
+
+---
+ pom.xml | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
 diff --git a/pom.xml b/pom.xml
 index f801efc..b2019a2 100644
 --- a/pom.xml

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-java/jackson-databind.git

_______________________________________________
pkg-java-commits mailing list
pkg-java-comm...@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits

Reply via email to