From 10c8cb820e4bfec3478d22413ef3f7942495c3ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Mon, 19 Feb 2024 15:41:14 +0100 Subject: [PATCH] Sync from SUSE:ALP:Source:Standard:1.0 jdom revision 2cc4ed19563040e6a4514bcc168cdc3f --- .gitattributes | 23 ++++ CVE-2021-33813.patch | 42 ++++++++ jdom-1.1-OSGiManifest.patch | 19 ++++ jdom-1.1.3.pom | 75 +++++++++++++ jdom-1.1.3.tar.gz | 3 + jdom-crosslink.patch | 11 ++ jdom.changes | 203 ++++++++++++++++++++++++++++++++++++ jdom.spec | 103 ++++++++++++++++++ no-jaxen.patch | 11 ++ 9 files changed, 490 insertions(+) create mode 100644 .gitattributes create mode 100644 CVE-2021-33813.patch create mode 100644 jdom-1.1-OSGiManifest.patch create mode 100644 jdom-1.1.3.pom create mode 100644 jdom-1.1.3.tar.gz create mode 100644 jdom-crosslink.patch create mode 100644 jdom.changes create mode 100644 jdom.spec create mode 100644 no-jaxen.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/CVE-2021-33813.patch b/CVE-2021-33813.patch new file mode 100644 index 0000000..f850266 --- /dev/null +++ b/CVE-2021-33813.patch @@ -0,0 +1,42 @@ +--- libjdom1-java-1.1.3.orig/src/java/org/jdom/input/SAXBuilder.java ++++ libjdom1-java-1.1.3/src/java/org/jdom/input/SAXBuilder.java +@@ -442,6 +442,11 @@ public class SAXBuilder { + public void setFeature(String name, boolean value) { + // Save the specified feature for later. + features.put(name, value ? Boolean.TRUE : Boolean.FALSE); ++ if (name.equals("http://xml.org/sax/features/external-general-entities")) { ++ // See issue https://github.com/hunterhacker/jdom/issues/189 ++ // And PR https://github.com/hunterhacker/jdom/pull/188 ++ setExpandEntities(value); ++ } + } + + /** +@@ -766,13 +771,6 @@ public class SAXBuilder { + internalSetFeature(parser, name, value.booleanValue(), name); + } + +- // Set any user-specified properties on the parser. +- iter = properties.keySet().iterator(); +- while (iter.hasNext()) { +- String name = (String)iter.next(); +- internalSetProperty(parser, name, properties.get(name), name); +- } +- + if (coreFeatures) { + // Set validation. + try { +@@ -810,6 +808,13 @@ public class SAXBuilder { + } + catch (SAXNotRecognizedException e) { /* Ignore... */ } + catch (SAXNotSupportedException e) { /* Ignore... */ } ++ ++ // Set any user-specified properties on the parser. ++ iter = properties.keySet().iterator(); ++ while (iter.hasNext()) { ++ String name = (String)iter.next(); ++ internalSetProperty(parser, name, properties.get(name), name); ++ } + } + + /** diff --git a/jdom-1.1-OSGiManifest.patch b/jdom-1.1-OSGiManifest.patch new file mode 100644 index 0000000..135e640 --- /dev/null +++ b/jdom-1.1-OSGiManifest.patch @@ -0,0 +1,19 @@ +--- ./package/META-INF/MANIFEST.MF 2008-07-21 16:00:59.000000000 -0400 ++++ ./package/META-INF/MANIFEST.MF 2008-07-21 16:02:20.000000000 -0400 +@@ -1,4 +1,16 @@ + Manifest-Version: 1.0 ++Bundle-RequiredExecutionEnvironment: J2SE-1.4 ++Bundle-SymbolicName: org.jdom ++Bundle-ManifestVersion: 2 ++Bundle-Name: %Bundle-Name.0 ++Bundle-Localization: plugin ++Bundle-Version: 1.1.3 ++Bundle-Vendor: %Bundle-Vendor.0 ++Export-Package: org.jdom;version="1.1.3",org.jdom.adapters;version="1. ++ 1.2",org.jdom.filter;version="1.1.3",org.jdom.input;version="1.1.3",o ++ rg.jdom.output;version="1.1.3",org.jdom.transform;version="1.1.3",org ++ .jdom.xpath;version="1.1.3" ++Require-Bundle: org.apache.xerces;resolution:=optional + + Name: org/jdom/ + Specification-Title: JDOM Classes diff --git a/jdom-1.1.3.pom b/jdom-1.1.3.pom new file mode 100644 index 0000000..74b7e28 --- /dev/null +++ b/jdom-1.1.3.pom @@ -0,0 +1,75 @@ + + 4.0.0 + org.jdom + jdom + jar + + JDOM + 1.1.3 + + + A complete, Java-based solution for accessing, manipulating, + and outputting XML data + + http://www.jdom.org + + + JDOM + http://www.jdom.org + + + + + JDOM-interest Mailing List + jdom-interest@jdom.org + http://jdom.markmail.org/ + + + + + + Similar to Apache License but with the acknowledgment clause removed + https://raw.github.com/hunterhacker/jdom/master/LICENSE.txt + repo + + + + + git@github.com:/hunterhacker/jdom + scm:git:git@github.com:hunterhacker/jdom + scm:git:git@github.com:hunterhacker/jdom + + + + + hunterhacker + Jason Hunter + jhunter@servlets.com + + + rolfl + Rolf Lear + jdom@tuis.net + + + + + + jaxen + jaxen + 1.1.3 + true + + + xerces + xercesImpl + 2.10.0 + true + + + + + + 1.2 + + \ No newline at end of file diff --git a/jdom-1.1.3.tar.gz b/jdom-1.1.3.tar.gz new file mode 100644 index 0000000..68b25b9 --- /dev/null +++ b/jdom-1.1.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d471718c4ac7a1a2f10715b93cb3fcd2ecbab60384b73ad1c089712e47bd8d1f +size 4233403 diff --git a/jdom-crosslink.patch b/jdom-crosslink.patch new file mode 100644 index 0000000..028ff80 --- /dev/null +++ b/jdom-crosslink.patch @@ -0,0 +1,11 @@ +--- build.xml.orig 2010-02-05 12:37:26.594658382 +0000 ++++ build.xml 2010-02-05 12:38:09.201658171 +0000 +@@ -277,7 +277,7 @@ + bottom="Copyright © ${year} Jason Hunter, Brett McLaughlin. All Rights Reserved."> + + +- ++ + + + diff --git a/jdom.changes b/jdom.changes new file mode 100644 index 0000000..28c9f89 --- /dev/null +++ b/jdom.changes @@ -0,0 +1,203 @@ +------------------------------------------------------------------- +Thu Aug 24 10:16:57 UTC 2023 - Fridrich Strba + +- Build only the jdom package and drop xom, jaxen and xom into + separate standalone packages +- Removed patches: + * jdom-1.1-build.xml.patch + * jdom-1.1-xom-get-jaxen.patch + + not needed with the current package +- Added patches: + * CVE-2021-33813.patch + + fix CVE-2021-33813: An XXE issue in SAXBuilder in JDOM + through 2.0.6 allows attackers to cause a denial of service + via a crafted HTTP request. + * jdom-crosslink.patch + + do not link to javadocs on web + * no-jaxen.patch + + do not fail to generate javadoc when jaxen is not present +- Modified patch: + * jdom-1.1-OSGiManifest.patch + + rediff + +------------------------------------------------------------------- +Wed Mar 30 09:52:00 UTC 2022 - Fridrich Strba + +- Build against the standalone JavaEE modules unconditionally + +------------------------------------------------------------------- +Fri Mar 18 19:12:10 UTC 2022 - Fridrich Strba + +- Modified patch: + * jdom-1.1-build.xml.patch + + Build with source/target levels 8 + +------------------------------------------------------------------- +Thu Mar 17 15:50:20 UTC 2022 - Fridrich Strba + +- Build against standalone jaxb-api on distributions that have + JDK without the JavaEE modules + +------------------------------------------------------------------- +Wed Mar 2 06:26:31 UTC 2022 - Fridrich Strba + +- Alias the xom artifact to the new com.io7m.xom groupId + +------------------------------------------------------------------- +Fri May 14 15:39:29 UTC 2021 - Ferdinand Thiessen + +- Update jaxen to version 1.1.6 + * Bug fixes + +------------------------------------------------------------------- +Tue Apr 6 09:10:12 UTC 2021 - Andreas Schwab + +- Increase java stack size to avoid overflow + +------------------------------------------------------------------- +Tue Nov 12 08:02:50 UTC 2019 - Fridrich Strba + +- Add correct requires for the packages so that they pull all + required artifacts +- Clean up the packaging a bit + +------------------------------------------------------------------- +Tue Mar 26 16:48:35 UTC 2019 - Fridrich Strba + +- Upgrade the jdom component to 1.1.3 +- Modified patch: + * jdom-1.1-build.xml.patch + + Remove unneeded hunk +- Added patch: + * jdom-1.1-OSGiManifest.patch + + Make jdom an OSGi bundle + +------------------------------------------------------------------- +Tue Nov 20 10:58:51 UTC 2018 - Fridrich Strba + +- Removed patch: + * include-glibj.jar.patch + + The build works since ages without glibj being present, so + removing any trace of it + +------------------------------------------------------------------- +Tue Nov 20 09:32:18 UTC 2018 - Fridrich Strba + +- Add maven pom files for the distributed jars +- Speed-up build by filtering out the failing files beforehand + and then building all with one javac invocation + +------------------------------------------------------------------- +Fri Sep 29 06:37:03 UTC 2017 - fstrba@suse.com + +- Fix build with jdk9: specify java source and target level 1.6 +- Modified patch: + * jdom-1.1-build.xml.patch + + specify java source and target level 1.6 +- Add more BuildRequires, in order to build more java files in + stage 1 + +------------------------------------------------------------------- +Thu Sep 14 14:39:55 UTC 2017 - fstrba@suse.com + +- Build with javac whose syntax is compatible with OpenJDK + +------------------------------------------------------------------- +Fri May 19 16:55:11 UTC 2017 - tchvatal@suse.com + +- Expand the buildignore lines for newer jdk + +------------------------------------------------------------------- +Tue Mar 31 10:15:26 UTC 2015 - tchvatal@suse.com + +- Provide and obsolete jaxen-bootstrap to avoid file conflict + +------------------------------------------------------------------- +Tue Mar 24 12:34:14 UTC 2015 - tchvatal@suse.com + +- Fix namespace clash with javapackages-tools on variables + +------------------------------------------------------------------- +Tue Mar 24 11:17:50 UTC 2015 - tchvatal@suse.com + +- Cleanup with spec-cleaner and add debug output + +------------------------------------------------------------------- +Fri Jun 15 12:39:47 UTC 2012 - mvyskocil@suse.cz + +- ignore jdk7 as well + +------------------------------------------------------------------- +Mon Jun 4 08:41:52 UTC 2012 - coolo@suse.com + +- remove stray character from xom summary to fix UTF-8 parsing + +------------------------------------------------------------------- +Thu Mar 17 14:48:00 UTC 2011 - mvyskocil@suse.cz + +- move to gcj back - the java.lang.StackOverflow is nothing nice + +------------------------------------------------------------------- +Fri Mar 11 12:48:25 UTC 2011 - mvyskocil@suse.cz + +- build using openjdk, split BR one per-line + +------------------------------------------------------------------- +Fri Mar 11 12:46:55 UTC 2011 - mvyskocil@suse.cz + +- build using openjdk, write one BuildRequire per line, + no authors in description + +------------------------------------------------------------------- +Wed May 20 11:44:18 CEST 2009 - mvyskocil@suse.cz + +- 'fixed bnc#501764: removed clover.license from source tarball' + +------------------------------------------------------------------- +Mon May 18 15:36:12 CEST 2009 - mvyskocil@suse.cz + +- Removed documentation of ConcurrentReaderHashMap (bnc#504663) + * dom4j-1.6.1/docs/clover/org/dom4j/tree/ConcurrentReaderHashMap.html + * dom4j-1.6.1/docs/xref/org/dom4j/tree/ConcurrentReaderHashMap.html + +------------------------------------------------------------------- +Thu May 14 15:09:13 CEST 2009 - mvyskocil@suse.cz + +- fixed version tag for jaxen and xom + +------------------------------------------------------------------- +Tue Jan 20 14:52:53 CET 2009 - mvyskocil@suse.cz + +- update jdom to 1.1 fixed bnc#467366 +- updated jaxen to 1.1.1 (do not use an included jaxen) +- cleaned build requires +- Obsoleted java150 patch + +------------------------------------------------------------------- +Fri Nov 21 16:38:31 CET 2008 - ro@suse.de + +- update check-build.sh + +------------------------------------------------------------------- +Wed Jan 23 15:58:46 CET 2008 - mvyskocil@suse.cz + +- fixed beta build + +------------------------------------------------------------------- +Thu Mar 29 12:15:04 CEST 2007 - dbornkessel@suse.de + +- added unzip to build requires + +------------------------------------------------------------------- +Mon Jan 15 12:55:41 CET 2007 - dbornkessel@suse.de + +- removed xml-commons-apis build req. (Bug #232127) + +------------------------------------------------------------------- +Thu Sep 28 10:05:09 CEST 2006 - dbornkessel@suse.de + +- first versions +- fixes necessary to compile with Java 1.5.0 + - set source="1.4" and target="1.4" for ant "javac" tasks + - set source="1.4" for ant "javadoc" tasks + diff --git a/jdom.spec b/jdom.spec new file mode 100644 index 0000000..a6bfa78 --- /dev/null +++ b/jdom.spec @@ -0,0 +1,103 @@ +# +# spec file for package jdom +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: jdom +Version: 1.1.3 +Release: 0 +Summary: Java alternative to DOM and SAX +License: Saxpath +URL: http://www.jdom.org/ +Source0: http://jdom.org/dist/binary/archive/jdom-%{version}.tar.gz +Source1: https://repo1.maven.org/maven2/org/jdom/jdom/%{version}/jdom-%{version}.pom +Patch0: %{name}-crosslink.patch +Patch1: %{name}-1.1-OSGiManifest.patch +Patch2: no-jaxen.patch +Patch10: CVE-2021-33813.patch +BuildRequires: ant +BuildRequires: fdupes +BuildRequires: java-devel >= 1.8 +BuildRequires: javapackages-local >= 6 +BuildArch: noarch + +%description +JDOM is, quite simply, a Java representation of an XML document. JDOM +provides a way to represent that document for easy and efficient +reading, manipulation, and writing. It has a straightforward API, is a +lightweight and fast, and is optimized for the Java programmer. It's an +alternative to DOM and SAX, although it integrates well with both DOM +and SAX. + +%package javadoc +Summary: Javadoc for %{name} + +%description javadoc +Javadoc for %{name}. + +%package demo +Summary: Demos for %{name} +Requires: %{name} = %{version}-%{release} + +%description demo +Demonstrations and samples for %{name}. + +%prep +%setup -q -n %{name} +%patch0 +%patch1 +%patch2 -p1 +%patch10 -p1 +# remove all binary libs +find . -name "*.jar" -exec rm -f {} \; +find . -name "*.class" -exec rm -f {} \; + +%build +%{ant} -Dcompile.source=1.8 -Dcompile.target=1.8 -Dj2se.apidoc=%{_javadocdir}/java package javadoc-link + +%install +# jar +install -dm 0755 %{buildroot}%{_javadir} +install -pm 0644 build/%{name}-*-snap.jar %{buildroot}%{_javadir}/%{name}.jar + +# pom +install -dm 0755 %{buildroot}%{_mavenpomdir} +%{mvn_install_pom} %{SOURCE1} %{buildroot}%{_mavenpomdir}/%{name}.pom +%add_maven_depmap %{name}.pom %{name}.jar -a jdom:jdom,org.jdom:jdom-legacy + +# javadoc +install -dm 0755 %{buildroot}%{_javadocdir} +cp -r build/apidocs %{buildroot}%{_javadocdir}/%{name} +%fdupes -s %{buildroot}%{_javadocdir} + +# demo +install -dm 0755 %{buildroot}%{_datadir}/%{name} +cp -pr samples %{buildroot}%{_datadir}/%{name} +%fdupes -s %{buildroot}%{_datadir}/%{name} + +%files -f .mfiles +%license LICENSE.txt +%doc CHANGES.txt COMMITTERS.txt README.txt TODO.txt + +%files javadoc +%{_javadocdir}/%{name} +%license LICENSE.txt + +%files demo +%{_datadir}/%{name} +%license LICENSE.txt + +%changelog diff --git a/no-jaxen.patch b/no-jaxen.patch new file mode 100644 index 0000000..7a1ec2e --- /dev/null +++ b/no-jaxen.patch @@ -0,0 +1,11 @@ +diff -urEbwB jdom/build.xml jdom.new/build.xml +--- jdom/build.xml 2012-02-26 00:30:45.000000000 +0100 ++++ jdom.new/build.xml 2023-08-23 19:35:51.544436993 +0200 +@@ -254,6 +255,7 @@ + use="true" + splitindex="true" + noindex="false" ++ failonerror="false" + windowtitle="${Name} v${version}" + doctitle="${Name} v${version}<br>API Specification" + header="<b>${Name}<br><font size='-1'>${version}</font></b>"